From 5295beb4141617ac0a3b78c0ad1f242229b1a281 Mon Sep 17 00:00:00 2001 From: Lucas Machado Date: Wed, 28 Feb 2024 15:01:03 -0300 Subject: [PATCH] [release-v2.7] 5th Batch Charts Release for Rancher v2.7.11 (#3528) Signed-off-by: Alexandre Lamarre Co-authored-by: Alexandre Lamarre Co-authored-by: Josh Meranda Co-authored-by: rancherbot --- .../prometheus-federator-3.0.1+up0.3.3.tgz | Bin 0 -> 20594 bytes .../rancher-logging-crd-102.0.2+up3.17.10.tgz | Bin 0 -> 83284 bytes .../rancher-logging-102.0.2+up3.17.10.tgz | Bin 0 -> 14324 bytes ...ancher-monitoring-crd-102.0.3+up40.1.2.tgz | Bin 0 -> 387151 bytes .../rancher-monitoring-102.0.3+up40.1.2.tgz | Bin 0 -> 405742 bytes ...ncher-project-monitoring-3.0.1+up0.3.3.tgz | Bin 0 -> 124820 bytes .../rancher-pushprox-102.0.2.tgz | Bin 0 -> 9606 bytes .../3.0.1+up0.3.3/Chart.yaml | 20 + .../3.0.1+up0.3.3/README.md | 120 + .../3.0.1+up0.3.3/app-README.md | 27 + .../charts/helmProjectOperator/Chart.yaml | 15 + .../charts/helmProjectOperator/README.md | 77 + .../charts/helmProjectOperator/app-readme.md | 20 + .../charts/helmProjectOperator/questions.yaml | 43 + .../helmProjectOperator/templates/NOTES.txt | 2 + .../templates/_helpers.tpl | 66 + .../templates/cleanup.yaml | 82 + .../templates/clusterrole.yaml | 57 + .../templates/configmap.yaml | 14 + .../templates/deployment.yaml | 126 + .../helmProjectOperator/templates/psp.yaml | 68 + .../helmProjectOperator/templates/rbac.yaml | 32 + .../system-namespaces-configmap.yaml | 62 + .../templates/validate-psp-install.yaml | 7 + .../charts/helmProjectOperator/values.yaml | 228 + .../3.0.1+up0.3.3/questions.yaml | 43 + .../3.0.1+up0.3.3/templates/NOTES.txt | 3 + .../3.0.1+up0.3.3/templates/_helpers.tpl | 66 + .../3.0.1+up0.3.3/values.yaml | 94 + .../102.0.2+up3.17.10/Chart.yaml | 10 + .../102.0.2+up3.17.10/README.md | 2 + ...xtensions.banzaicloud.io_eventtailers.yaml | 2123 +++ ...extensions.banzaicloud.io_hosttailers.yaml | 2305 +++ .../logging.banzaicloud.io_clusterflows.yaml | 2056 +++ ...logging.banzaicloud.io_clusteroutputs.yaml | 11820 ++++++++++++++++ .../logging.banzaicloud.io_flows.yaml | 2048 +++ .../logging.banzaicloud.io_loggings.yaml | 9771 +++++++++++++ .../logging.banzaicloud.io_outputs.yaml | 11808 +++++++++++++++ .../102.0.2+up3.17.10/.helmignore | 22 + .../102.0.2+up3.17.10/Chart.yaml | 25 + .../102.0.2+up3.17.10/README.md | 132 + .../102.0.2+up3.17.10/app-readme.md | 45 + .../102.0.2+up3.17.10/templates/NOTES.txt | 0 .../templates/_generic_logging.yaml | 121 + .../102.0.2+up3.17.10/templates/_helpers.tpl | 179 + .../templates/clusterrole.yaml | 318 + .../templates/clusterrolebinding.yaml | 18 + .../102.0.2+up3.17.10/templates/crds.yaml | 6 + .../templates/deployment.yaml | 77 + .../templates/loggings/aks/logging.yaml | 18 + .../templates/loggings/eks/logging.yaml | 19 + .../templates/loggings/gke/logging.yaml | 18 + .../templates/loggings/k3s/configmap.yaml | 57 + .../templates/loggings/k3s/daemonset.yaml | 110 + .../loggings/k3s/logging-k3s-openrc.yaml | 19 + .../loggings/kube-audit/logging.yaml | 25 + .../templates/loggings/rke/configmap.yaml | 29 + .../templates/loggings/rke/daemonset.yaml | 122 + .../templates/loggings/rke2/configmap.yaml | 69 + .../templates/loggings/rke2/daemonset.yaml | 116 + .../templates/loggings/root/logging.yaml | 82 + .../102.0.2+up3.17.10/templates/psp.yaml | 34 + .../102.0.2+up3.17.10/templates/service.yaml | 20 + .../templates/serviceMonitor.yaml | 30 + .../templates/serviceaccount.yaml | 14 + .../templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 20 + .../templates/validate-install.yaml | 5 + .../templates/validate-psp-install.yaml | 7 + .../102.0.2+up3.17.10/values.yaml | 240 + .../102.0.3+up40.1.2/Chart.yaml | 10 + .../102.0.3+up40.1.2/README.md | 24 + .../crd-manifest/crd-alertmanagerconfigs.yaml | 4475 ++++++ .../crd-manifest/crd-alertmanagers.yaml | 6779 +++++++++ .../crd-manifest/crd-podmonitors.yaml | 663 + .../crd-manifest/crd-probes.yaml | 704 + .../crd-manifest/crd-prometheuses.yaml | 8801 ++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 98 + .../crd-manifest/crd-servicemonitors.yaml | 684 + .../crd-manifest/crd-thanosrulers.yaml | 6431 +++++++++ .../102.0.3+up40.1.2/files/crd-manifest.tgz | Bin 0 -> 191669 bytes .../102.0.3+up40.1.2/templates/_helpers.tpl | 50 + .../102.0.3+up40.1.2/templates/jobs.yaml | 152 + .../102.0.3+up40.1.2/templates/manifest.yaml | 8 + .../102.0.3+up40.1.2/templates/rbac.yaml | 76 + .../templates/validate-psp-install.yaml | 7 + .../102.0.3+up40.1.2/values.yaml | 17 + .../102.0.3+up40.1.2/.helmignore | 28 + .../102.0.3+up40.1.2/CHANGELOG.md | 47 + .../102.0.3+up40.1.2/CONTRIBUTING.md | 12 + .../102.0.3+up40.1.2/Chart.yaml | 128 + .../102.0.3+up40.1.2/README.md | 739 + .../102.0.3+up40.1.2/app-README.md | 46 + .../charts/grafana/.helmignore | 23 + .../charts/grafana/Chart.yaml | 29 + .../102.0.3+up40.1.2/charts/grafana/README.md | 574 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 214 + .../charts/grafana/templates/_pod.tpl | 895 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 24 + .../configmap-dashboard-provider.yaml | 29 + .../charts/grafana/templates/configmap.yaml | 117 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 50 + .../grafana/templates/extra-manifests.yaml | 4 + .../grafana/templates/headless-service.yaml | 22 + .../charts/grafana/templates/hpa.yaml | 21 + .../templates/image-renderer-deployment.yaml | 123 + .../image-renderer-network-policy.yaml | 73 + .../templates/image-renderer-service.yaml | 33 + .../charts/grafana/templates/ingress.yaml | 78 + .../grafana/templates/networkpolicy.yaml | 52 + .../grafana/templates/nginx-config.yaml | 94 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 45 + .../charts/grafana/templates/pvc.yaml | 35 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 25 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 26 + .../charts/grafana/templates/service.yaml | 55 + .../grafana/templates/serviceaccount.yaml | 14 + .../grafana/templates/servicemonitor.yaml | 58 + .../charts/grafana/templates/statefulset.yaml | 56 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 51 + .../charts/grafana/values.yaml | 1088 ++ .../charts/hardenedKubelet/.helmignore | 23 + .../charts/hardenedKubelet/Chart.yaml | 14 + .../charts/hardenedKubelet/README.md | 82 + .../hardenedKubelet/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/hardenedKubelet/values.yaml | 146 + .../charts/hardenedNodeExporter/.helmignore | 23 + .../charts/hardenedNodeExporter/Chart.yaml | 14 + .../charts/hardenedNodeExporter/README.md | 82 + .../templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/hardenedNodeExporter/values.yaml | 146 + .../charts/k3sServer/.helmignore | 23 + .../charts/k3sServer/Chart.yaml | 14 + .../charts/k3sServer/README.md | 82 + .../charts/k3sServer/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../k3sServer/templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../k3sServer/templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/k3sServer/values.yaml | 146 + .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 28 + .../charts/kube-state-metrics/README.md | 68 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 111 + .../templates/clusterrolebinding.yaml | 20 + .../templates/deployment.yaml | 172 + .../templates/kubeconfig-secret.yaml | 12 + .../kube-state-metrics/templates/pdb.yaml | 18 + .../templates/podsecuritypolicy.yaml | 39 + .../templates/psp-clusterrole.yaml | 19 + .../templates/psp-clusterrolebinding.yaml | 16 + .../kube-state-metrics/templates/role.yaml | 193 + .../templates/rolebinding.yaml | 24 + .../kube-state-metrics/templates/service.yaml | 41 + .../templates/serviceaccount.yaml | 15 + .../templates/servicemonitor.yaml | 86 + .../templates/stsdiscovery-role.yaml | 26 + .../templates/stsdiscovery-rolebinding.yaml | 17 + .../charts/kube-state-metrics/values.yaml | 271 + .../kubeAdmControllerManager/.helmignore | 23 + .../kubeAdmControllerManager/Chart.yaml | 14 + .../charts/kubeAdmControllerManager/README.md | 82 + .../templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../kubeAdmControllerManager/values.yaml | 146 + .../charts/kubeAdmEtcd/.helmignore | 23 + .../charts/kubeAdmEtcd/Chart.yaml | 14 + .../charts/kubeAdmEtcd/README.md | 82 + .../charts/kubeAdmEtcd/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../kubeAdmEtcd/templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/kubeAdmEtcd/values.yaml | 146 + .../charts/kubeAdmProxy/.helmignore | 23 + .../charts/kubeAdmProxy/Chart.yaml | 14 + .../charts/kubeAdmProxy/README.md | 82 + .../kubeAdmProxy/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/kubeAdmProxy/values.yaml | 146 + .../charts/kubeAdmScheduler/.helmignore | 23 + .../charts/kubeAdmScheduler/Chart.yaml | 14 + .../charts/kubeAdmScheduler/README.md | 82 + .../kubeAdmScheduler/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/kubeAdmScheduler/values.yaml | 146 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 27 + .../charts/prometheus-adapter/README.md | 138 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 113 + .../templates/certmanager.yaml | 76 + .../cluster-role-binding-auth-delegator.yaml | 20 + .../cluster-role-binding-resource-reader.yaml | 20 + .../cluster-role-resource-reader.yaml | 24 + .../templates/configmap.yaml | 97 + .../templates/custom-metrics-apiservice.yaml | 32 + ...stom-metrics-cluster-role-binding-hpa.yaml | 24 + .../custom-metrics-cluster-role.yaml | 17 + .../templates/deployment.yaml | 147 + .../external-metrics-apiservice.yaml | 32 + ...rnal-metrics-cluster-role-binding-hpa.yaml | 20 + .../external-metrics-cluster-role.yaml | 21 + .../prometheus-adapter/templates/pdb.yaml | 23 + .../prometheus-adapter/templates/psp.yaml | 66 + .../resource-metrics-apiservice.yaml | 32 + ...resource-metrics-cluster-role-binding.yaml | 20 + .../resource-metrics-cluster-role.yaml | 23 + .../templates/role-binding-auth-reader.yaml | 21 + .../prometheus-adapter/templates/secret.yaml | 17 + .../prometheus-adapter/templates/service.yaml | 27 + .../templates/serviceaccount.yaml | 18 + .../charts/prometheus-adapter/values.yaml | 217 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 25 + .../charts/prometheus-node-exporter/README.md | 77 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 136 + .../templates/daemonset.yaml | 234 + .../templates/endpoints.yaml | 17 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 50 + .../templates/service.yaml | 22 + .../templates/serviceaccount.yaml | 14 + .../templates/servicemonitor.yaml | 61 + .../prometheus-node-exporter/values.yaml | 252 + .../charts/rke2ControllerManager/.helmignore | 23 + .../charts/rke2ControllerManager/Chart.yaml | 14 + .../charts/rke2ControllerManager/README.md | 82 + .../templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rke2ControllerManager/values.yaml | 146 + .../charts/rke2Etcd/.helmignore | 23 + .../charts/rke2Etcd/Chart.yaml | 14 + .../charts/rke2Etcd/README.md | 82 + .../charts/rke2Etcd/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../rke2Etcd/templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../rke2Etcd/templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rke2Etcd/values.yaml | 146 + .../charts/rke2IngressNginx/.helmignore | 23 + .../charts/rke2IngressNginx/Chart.yaml | 14 + .../charts/rke2IngressNginx/README.md | 82 + .../rke2IngressNginx/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rke2IngressNginx/values.yaml | 146 + .../charts/rke2Proxy/.helmignore | 23 + .../charts/rke2Proxy/Chart.yaml | 14 + .../charts/rke2Proxy/README.md | 82 + .../charts/rke2Proxy/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../rke2Proxy/templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../rke2Proxy/templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rke2Proxy/values.yaml | 146 + .../charts/rke2Scheduler/.helmignore | 23 + .../charts/rke2Scheduler/Chart.yaml | 14 + .../charts/rke2Scheduler/README.md | 82 + .../rke2Scheduler/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rke2Scheduler/values.yaml | 146 + .../charts/rkeControllerManager/.helmignore | 23 + .../charts/rkeControllerManager/Chart.yaml | 14 + .../charts/rkeControllerManager/README.md | 82 + .../templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rkeControllerManager/values.yaml | 146 + .../charts/rkeEtcd/.helmignore | 23 + .../charts/rkeEtcd/Chart.yaml | 14 + .../102.0.3+up40.1.2/charts/rkeEtcd/README.md | 82 + .../charts/rkeEtcd/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../rkeEtcd/templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../rkeEtcd/templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rkeEtcd/values.yaml | 146 + .../charts/rkeIngressNginx/.helmignore | 23 + .../charts/rkeIngressNginx/Chart.yaml | 14 + .../charts/rkeIngressNginx/README.md | 82 + .../rkeIngressNginx/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rkeIngressNginx/values.yaml | 146 + .../charts/rkeProxy/.helmignore | 23 + .../charts/rkeProxy/Chart.yaml | 14 + .../charts/rkeProxy/README.md | 82 + .../charts/rkeProxy/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../rkeProxy/templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../rkeProxy/templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rkeProxy/values.yaml | 146 + .../charts/rkeScheduler/.helmignore | 23 + .../charts/rkeScheduler/Chart.yaml | 14 + .../charts/rkeScheduler/README.md | 82 + .../rkeScheduler/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + .../charts/rkeScheduler/values.yaml | 146 + .../charts/windowsExporter/.helmignore | 23 + .../charts/windowsExporter/Chart.yaml | 15 + .../charts/windowsExporter/README.md | 17 + .../scripts/check-wins-version.ps1 | 20 + .../windowsExporter/scripts/proxy-entry.ps1 | 11 + .../charts/windowsExporter/scripts/run.ps1 | 78 + .../windowsExporter/templates/_helpers.tpl | 113 + .../windowsExporter/templates/configmap.yaml | 10 + .../windowsExporter/templates/daemonset.yaml | 77 + .../templates/prometheusrule.yaml | 13 + .../windowsExporter/templates/rbac.yaml | 81 + .../windowsExporter/templates/service.yaml | 15 + .../templates/servicemonitor.yaml | 41 + .../charts/windowsExporter/values.yaml | 52 + .../files/ingress-nginx/nginx.json | 1445 ++ .../request-handling-performance.json | 963 ++ .../cluster/rancher-cluster-nodes.json | 793 ++ .../rancher/cluster/rancher-cluster.json | 776 + .../rancher/home/rancher-default-home.json | 1290 ++ .../files/rancher/k8s/rancher-etcd-nodes.json | 687 + .../files/rancher/k8s/rancher-etcd.json | 669 + .../k8s/rancher-k8s-components-nodes.json | 527 + .../rancher/k8s/rancher-k8s-components.json | 519 + .../rancher/nodes/rancher-node-detail.json | 805 ++ .../files/rancher/nodes/rancher-node.json | 792 ++ .../performance/performance-debugging.json | 1707 +++ .../rancher/pods/rancher-pod-containers.json | 636 + .../files/rancher/pods/rancher-pod.json | 636 + .../workloads/rancher-workload-pods.json | 652 + .../rancher/workloads/rancher-workload.json | 652 + .../delete-workloads-with-old-labels.sh | 14 + .../102.0.3+up40.1.2/templates/NOTES.txt | 4 + .../102.0.3+up40.1.2/templates/_helpers.tpl | 384 + .../templates/alertmanager/alertmanager.yaml | 170 + .../templates/alertmanager/extrasecret.yaml | 20 + .../templates/alertmanager/ingress.yaml | 77 + .../alertmanager/ingressperreplica.yaml | 67 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../templates/alertmanager/psp.yaml | 45 + .../templates/alertmanager/secret.yaml | 33 + .../templates/alertmanager/service.yaml | 53 + .../alertmanager/serviceaccount.yaml | 20 + .../alertmanager/servicemonitor.yaml | 55 + .../alertmanager/serviceperreplica.yaml | 49 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 49 + .../kube-api-server/servicemonitor.yaml | 52 + .../kube-controller-manager/endpoints.yaml | 22 + .../kube-controller-manager/service.yaml | 29 + .../servicemonitor.yaml | 60 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 62 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 66 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 54 + .../exporters/kube-scheduler/endpoints.yaml | 22 + .../exporters/kube-scheduler/service.yaml | 29 + .../kube-scheduler/servicemonitor.yaml | 60 + .../kube-state-metrics/validate.yaml | 7 + .../exporters/kubelet/servicemonitor.yaml | 229 + .../exporters/node-exporter/validate.yaml | 3 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 63 + .../alertmanager-overview.yaml | 616 + .../grafana/dashboards-1.14/apiserver.yaml | 1772 +++ .../dashboards-1.14/cluster-total.yaml | 1882 +++ .../dashboards-1.14/controller-manager.yaml | 1196 ++ .../grafana/dashboards-1.14/etcd.yaml | 1229 ++ .../dashboards-1.14/grafana-overview.yaml | 635 + .../grafana/dashboards-1.14/k8s-coredns.yaml | 1530 ++ .../k8s-resources-cluster.yaml | 3088 ++++ .../k8s-resources-namespace.yaml | 2797 ++++ .../dashboards-1.14/k8s-resources-node.yaml | 1026 ++ .../dashboards-1.14/k8s-resources-pod.yaml | 2469 ++++ .../k8s-resources-workload.yaml | 2024 +++ .../k8s-resources-workloads-namespace.yaml | 2189 +++ .../grafana/dashboards-1.14/kubelet.yaml | 2256 +++ .../dashboards-1.14/namespace-by-pod.yaml | 1464 ++ .../namespace-by-workload.yaml | 1736 +++ .../node-cluster-rsrc-use.yaml | 1063 ++ .../dashboards-1.14/node-rsrc-use.yaml | 1089 ++ .../grafana/dashboards-1.14/nodes-darwin.yaml | 1073 ++ .../grafana/dashboards-1.14/nodes.yaml | 1066 ++ .../persistentvolumesusage.yaml | 587 + .../grafana/dashboards-1.14/pod-total.yaml | 1228 ++ .../prometheus-remote-write.yaml | 1674 +++ .../grafana/dashboards-1.14/prometheus.yaml | 1235 ++ .../grafana/dashboards-1.14/proxy.yaml | 1276 ++ .../grafana/dashboards-1.14/scheduler.yaml | 1118 ++ .../dashboards-1.14/workload-total.yaml | 1438 ++ .../templates/grafana/namespaces.yaml | 13 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 69 + .../job-patch/job-patchWebhook.yaml | 70 + .../admission-webhooks/job-patch/psp.yaml | 47 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 17 + .../mutatingWebhookConfiguration.yaml | 42 + .../validatingWebhookConfiguration.yaml | 41 + .../prometheus-operator/certmanager.yaml | 57 + .../prometheus-operator/clusterrole.yaml | 81 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 164 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 45 + .../prometheus-operator/service.yaml | 58 + .../prometheus-operator/serviceaccount.yaml | 16 + .../prometheus-operator/servicemonitor.yaml | 54 + .../templates/prometheus/_rules.tpl | 36 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 43 + .../prometheus/additionalScrapeConfigs.yaml | 20 + .../templates/prometheus/clusterrole.yaml | 30 + .../prometheus/clusterrolebinding.yaml | 18 + .../templates/prometheus/csi-secret.yaml | 12 + .../templates/prometheus/extrasecret.yaml | 20 + .../templates/prometheus/ingress.yaml | 77 + .../prometheus/ingressThanosSidecar.yaml | 76 + .../prometheus/ingressperreplica.yaml | 67 + .../templates/prometheus/nginx-config.yaml | 68 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 388 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../templates/prometheus/psp.yaml | 56 + .../rules-1.14/alertmanager.rules.yaml | 217 + .../rules-1.14/config-reloaders.yaml | 46 + .../templates/prometheus/rules-1.14/etcd.yaml | 296 + .../prometheus/rules-1.14/general.rules.yaml | 98 + .../prometheus/rules-1.14/k8s.rules.yaml | 173 + .../kube-apiserver-availability.rules.yaml | 136 + .../kube-apiserver-burnrate.rules.yaml | 328 + .../kube-apiserver-histogram.rules.yaml | 37 + .../rules-1.14/kube-apiserver-slos.yaml | 115 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 107 + .../prometheus/rules-1.14/kubelet.rules.yaml | 41 + .../rules-1.14/kubernetes-apps.yaml | 375 + .../rules-1.14/kubernetes-resources.yaml | 193 + .../rules-1.14/kubernetes-storage.yaml | 160 + .../kubernetes-system-apiserver.yaml | 128 + .../kubernetes-system-controller-manager.yaml | 47 + .../kubernetes-system-kube-proxy.yaml | 46 + .../rules-1.14/kubernetes-system-kubelet.yaml | 253 + .../kubernetes-system-scheduler.yaml | 46 + .../rules-1.14/kubernetes-system.yaml | 65 + .../rules-1.14/node-exporter.rules.yaml | 89 + .../prometheus/rules-1.14/node-exporter.yaml | 398 + .../prometheus/rules-1.14/node-network.yaml | 44 + .../prometheus/rules-1.14/node.rules.yaml | 55 + .../rules-1.14/prometheus-operator.yaml | 148 + .../prometheus/rules-1.14/prometheus.yaml | 448 + .../templates/prometheus/service.yaml | 64 + .../prometheus/serviceThanosSidecar.yaml | 39 + .../serviceThanosSidecarExternal.yaml | 46 + .../templates/prometheus/serviceaccount.yaml | 20 + .../templates/prometheus/servicemonitor.yaml | 52 + .../servicemonitorThanosSidecar.yaml | 51 + .../templates/prometheus/servicemonitors.yaml | 38 + .../prometheus/serviceperreplica.yaml | 49 + .../rancher-monitoring/clusterrole.yaml | 134 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../addons/ingress-nginx-dashboard.yaml | 18 + .../rancher/cluster-dashboards.yaml | 17 + .../dashboards/rancher/default-dashboard.yaml | 17 + .../dashboards/rancher/k8s-dashboards.yaml | 31 + .../dashboards/rancher/nodes-dashboards.yaml | 17 + .../rancher/performance-dashboards.yaml | 18 + .../dashboards/rancher/pods-dashboards.yaml | 17 + .../rancher/workload-dashboards.yaml | 17 + .../exporters/ingress-nginx/service.yaml | 27 + .../ingress-nginx/servicemonitor.yaml | 49 + .../exporters/rancher/servicemonitor.yaml | 58 + .../rancher-monitoring/hardened.yaml | 128 + .../rancher-monitoring/upgrade/configmap.yaml | 13 + .../rancher-monitoring/upgrade/job.yaml | 46 + .../rancher-monitoring/upgrade/rbac.yaml | 131 + .../templates/thanos-ruler/extrasecret.yaml | 20 + .../templates/thanos-ruler/ingress.yaml | 77 + .../thanos-ruler/podDisruptionBudget.yaml | 21 + .../templates/thanos-ruler/ruler.yaml | 168 + .../templates/thanos-ruler/service.yaml | 53 + .../thanos-ruler/serviceaccount.yaml | 20 + .../thanos-ruler/servicemonitor.yaml | 56 + .../templates/validate-install-crd.yaml | 21 + .../templates/validate-psp-install.yaml | 7 + .../102.0.3+up40.1.2/values.yaml | 4190 ++++++ .../3.0.1+up0.3.3/Chart.yaml | 32 + .../3.0.1+up0.3.3/README.md | 29 + .../3.0.1+up0.3.3/app-README.md | 10 + .../3.0.1+up0.3.3/charts/grafana/.helmignore | 23 + .../3.0.1+up0.3.3/charts/grafana/Chart.yaml | 30 + .../3.0.1+up0.3.3/charts/grafana/README.md | 571 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 214 + .../charts/grafana/templates/_pod.tpl | 885 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 24 + .../configmap-dashboard-provider.yaml | 29 + .../charts/grafana/templates/configmap.yaml | 117 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 50 + .../grafana/templates/headless-service.yaml | 22 + .../charts/grafana/templates/hpa.yaml | 21 + .../templates/image-renderer-deployment.yaml | 123 + .../image-renderer-network-policy.yaml | 73 + .../templates/image-renderer-service.yaml | 33 + .../charts/grafana/templates/ingress.yaml | 78 + .../grafana/templates/networkpolicy.yaml | 52 + .../grafana/templates/nginx-config.yaml | 94 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 45 + .../charts/grafana/templates/pvc.yaml | 35 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 25 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 26 + .../charts/grafana/templates/service.yaml | 55 + .../grafana/templates/serviceaccount.yaml | 14 + .../grafana/templates/servicemonitor.yaml | 58 + .../charts/grafana/templates/statefulset.yaml | 56 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 51 + .../3.0.1+up0.3.3/charts/grafana/values.yaml | 1062 ++ .../federate/federate-scrape-config.yaml | 13 + .../rancher/pods/rancher-pod-containers.json | 636 + .../files/rancher/pods/rancher-pod.json | 636 + .../workloads/rancher-workload-pods.json | 652 + .../rancher/workloads/rancher-workload.json | 652 + .../3.0.1+up0.3.3/questions.yaml | 128 + .../3.0.1+up0.3.3/templates/NOTES.txt | 4 + .../3.0.1+up0.3.3/templates/_helpers.tpl | 252 + .../templates/alertmanager/alertmanager.yaml | 165 + .../templates/alertmanager/extrasecret.yaml | 20 + .../templates/alertmanager/ingress.yaml | 77 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../templates/alertmanager/psp.yaml | 45 + .../templates/alertmanager/secret.yaml | 33 + .../templates/alertmanager/service.yaml | 53 + .../alertmanager/serviceaccount.yaml | 20 + .../alertmanager/servicemonitor.yaml | 55 + .../templates/dashboard-roles.yaml | 179 + .../templates/dashboard-values-configmap.yaml | 61 + .../dashboards/rancher/pods-dashboards.yaml | 17 + .../rancher/workload-dashboards.yaml | 17 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 46 + .../alertmanager-overview.yaml | 616 + .../dashboards-1.14/cluster-total.yaml | 1646 +++ .../dashboards-1.14/grafana-overview.yaml | 635 + .../k8s-resources-namespace.yaml | 2770 ++++ .../dashboards-1.14/k8s-resources-node.yaml | 963 ++ .../dashboards-1.14/k8s-resources-pod.yaml | 2442 ++++ .../k8s-resources-project.yaml | 2480 ++++ .../k8s-resources-workload.yaml | 1997 +++ .../k8s-resources-workloads-namespace.yaml | 2162 +++ .../dashboards-1.14/namespace-by-pod.yaml | 1438 ++ .../namespace-by-workload.yaml | 1710 +++ .../persistentvolumesusage.yaml | 561 + .../grafana/dashboards-1.14/pod-total.yaml | 1202 ++ .../prometheus-remote-write.yaml | 1674 +++ .../grafana/dashboards-1.14/prometheus.yaml | 1235 ++ .../dashboards-1.14/workload-total.yaml | 1412 ++ .../templates/prometheus/_rules.tpl | 8 + .../templates/prometheus/clusterrole.yaml | 25 + .../prometheus/clusterrolebinding.yaml | 18 + .../templates/prometheus/extrasecret.yaml | 20 + .../templates/prometheus/federate.yaml | 10 + .../templates/prometheus/ingress.yaml | 77 + .../templates/prometheus/nginx-config.yaml | 68 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/prometheus.yaml | 319 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../templates/prometheus/psp.yaml | 52 + .../rules-1.14/alertmanager.rules.yaml | 217 + .../prometheus/rules-1.14/general.rules.yaml | 98 + .../rules-1.14/kubernetes-apps.yaml | 375 + .../rules-1.14/kubernetes-storage.yaml | 160 + .../prometheus/rules-1.14/prometheus.yaml | 448 + .../templates/prometheus/service.yaml | 56 + .../templates/prometheus/serviceaccount.yaml | 20 + .../templates/prometheus/servicemonitor.yaml | 52 + .../rancher-monitoring/hardened.yaml | 129 + .../templates/validate-install-crd.yaml | 21 + .../templates/validate-psp-install.yaml | 7 + .../3.0.1+up0.3.3/values.yaml | 1551 ++ charts/rancher-pushprox/102.0.2/.helmignore | 23 + charts/rancher-pushprox/102.0.2/Chart.yaml | 14 + charts/rancher-pushprox/102.0.2/README.md | 82 + .../102.0.2/templates/_helpers.tpl | 131 + .../templates/pushprox-clients-rbac.yaml | 85 + .../102.0.2/templates/pushprox-clients.yaml | 153 + .../templates/pushprox-proxy-rbac.yaml | 68 + .../102.0.2/templates/pushprox-proxy.yaml | 53 + .../templates/pushprox-servicemonitor.yaml | 45 + .../templates/validate-install-crd.yaml | 14 + .../templates/validate-psp-install.yaml | 7 + charts/rancher-pushprox/102.0.2/values.yaml | 146 + index.yaml | 269 +- .../generated-changes/patch/Chart.yaml.patch | 2 +- .../generated-changes/patch/values.yaml.patch | 4 +- packages/rancher-logging/package.yaml | 2 +- .../generated-changes/patch/Chart.yaml.patch | 2 +- .../prometheus-federator/package.yaml | 2 +- .../generated-changes/exclude/Chart.lock | 12 - .../generated-changes/patch/Chart.yaml.patch | 2 +- .../generated-changes/patch/values.yaml.patch | 2 +- .../rancher-monitoring/package.yaml | 2 +- .../templates/crd-template/values.yaml | 2 +- .../generated-changes/patch/Chart.yaml.patch | 2 +- .../rancher-project-monitoring/package.yaml | 2 +- .../rancher-pushprox/charts/Chart.yaml | 2 +- .../rancher-pushprox/package.yaml | 2 +- regsync.yaml | 3 + release.yaml | 18 +- 734 files changed, 203639 insertions(+), 31 deletions(-) create mode 100644 assets/prometheus-federator/prometheus-federator-3.0.1+up0.3.3.tgz create mode 100644 assets/rancher-logging-crd/rancher-logging-crd-102.0.2+up3.17.10.tgz create mode 100644 assets/rancher-logging/rancher-logging-102.0.2+up3.17.10.tgz create mode 100644 assets/rancher-monitoring-crd/rancher-monitoring-crd-102.0.3+up40.1.2.tgz create mode 100644 assets/rancher-monitoring/rancher-monitoring-102.0.3+up40.1.2.tgz create mode 100644 assets/rancher-project-monitoring/rancher-project-monitoring-3.0.1+up0.3.3.tgz create mode 100644 assets/rancher-pushprox/rancher-pushprox-102.0.2.tgz create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/Chart.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/README.md create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/app-README.md create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/Chart.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/README.md create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/app-readme.md create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/questions.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/NOTES.txt create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/_helpers.tpl create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/cleanup.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/clusterrole.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/configmap.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/deployment.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/psp.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/rbac.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/system-namespaces-configmap.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/validate-psp-install.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/values.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/questions.yaml create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/templates/NOTES.txt create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/templates/_helpers.tpl create mode 100644 charts/prometheus-federator/3.0.1+up0.3.3/values.yaml create mode 100644 charts/rancher-logging-crd/102.0.2+up3.17.10/Chart.yaml create mode 100644 charts/rancher-logging-crd/102.0.2+up3.17.10/README.md create mode 100644 charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging-extensions.banzaicloud.io_eventtailers.yaml create mode 100644 charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging-extensions.banzaicloud.io_hosttailers.yaml create mode 100644 charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100644 charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100644 charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_flows.yaml create mode 100644 charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_loggings.yaml create mode 100644 charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_outputs.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/.helmignore create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/Chart.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/README.md create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/app-readme.md create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/NOTES.txt create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/_generic_logging.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/_helpers.tpl create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/clusterrole.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/crds.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/deployment.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/aks/logging.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/eks/logging.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/gke/logging.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/configmap.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/daemonset.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/kube-audit/logging.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke/configmap.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke/daemonset.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke2/configmap.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke2/daemonset.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/root/logging.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/psp.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/service.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/serviceMonitor.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/serviceaccount.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/userroles.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/validate-install-crd.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/validate-install.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/templates/validate-psp-install.yaml create mode 100644 charts/rancher-logging/102.0.2+up3.17.10/values.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/Chart.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/README.md create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-alertmanagerconfigs.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-alertmanagers.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-podmonitors.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-probes.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-prometheuses.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-prometheusrules.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-servicemonitors.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-thanosrulers.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/files/crd-manifest.tgz create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/templates/jobs.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/templates/manifest.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/templates/rbac.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring-crd/102.0.3+up40.1.2/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/CHANGELOG.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/CONTRIBUTING.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/app-README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/dashboards/custom-dashboard.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/_pod.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/clusterrole.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/configmap.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/deployment.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/extra-manifests.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/headless-service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/hpa.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/image-renderer-deployment.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/image-renderer-network-policy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/image-renderer-service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/ingress.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/networkpolicy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/nginx-config.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/poddisruptionbudget.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/pvc.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/rolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/secret-env.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/secret.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/statefulset.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/tests/test-configmap.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/tests/test-role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/templates/tests/test.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/grafana/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedKubelet/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/hardenedNodeExporter/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/k3sServer/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/kubeconfig-secret.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/pdb.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/rolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kube-state-metrics/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmControllerManager/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmEtcd/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmProxy/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/kubeAdmScheduler/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/certmanager.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/configmap.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/deployment.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/pdb.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/psp.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/secret.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/templates/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-adapter/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/psp.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/templates/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/prometheus-node-exporter/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2ControllerManager/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Etcd/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2IngressNginx/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Proxy/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rke2Scheduler/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeControllerManager/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeEtcd/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeIngressNginx/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeProxy/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/rkeScheduler/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/.helmignore create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/Chart.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/README.md create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/scripts/check-wins-version.ps1 create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/scripts/proxy-entry.ps1 create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/scripts/run.ps1 create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/templates/configmap.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/templates/daemonset.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/templates/prometheusrule.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/templates/rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/templates/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/templates/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/charts/windowsExporter/values.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/ingress-nginx/nginx.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/ingress-nginx/request-handling-performance.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/cluster/rancher-cluster-nodes.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/cluster/rancher-cluster.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/home/rancher-default-home.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/k8s/rancher-etcd-nodes.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/k8s/rancher-etcd.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/k8s/rancher-k8s-components-nodes.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/k8s/rancher-k8s-components.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/nodes/rancher-node-detail.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/nodes/rancher-node.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/performance/performance-debugging.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/pods/rancher-pod-containers.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/pods/rancher-pod.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/workloads/rancher-workload-pods.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/rancher/workloads/rancher-workload.json create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/files/upgrade/scripts/delete-workloads-with-old-labels.sh create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/alertmanager.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/extrasecret.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/ingress.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/ingressperreplica.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/podDisruptionBudget.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/psp-role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/psp-rolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/psp.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/secret.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/alertmanager/serviceperreplica.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/core-dns/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/core-dns/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-controller-manager/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-dns/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-dns/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-etcd/endpoints.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-etcd/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-proxy/endpoints.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-proxy/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-scheduler/endpoints.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-scheduler/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kube-state-metrics/validate.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/kubelet/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/exporters/node-exporter/validate.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/configmap-dashboards.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/configmaps-datasources.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/alertmanager-overview.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/grafana-overview.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/nodes-darwin.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/nodes.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/grafana/namespaces.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/certmanager.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/clusterrole.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/deployment.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/psp-clusterrole.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/psp.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus-operator/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/_rules.tpl create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/additionalPrometheusRules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/additionalScrapeConfigs.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/clusterrole.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/csi-secret.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/extrasecret.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/ingress.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/ingressThanosSidecar.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/ingressperreplica.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/nginx-config.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/podDisruptionBudget.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/podmonitors.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/prometheus.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/psp-clusterrole.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/psp.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/config-reloaders.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/etcd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/general.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/node-network.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/node.rules.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/serviceThanosSidecar.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/serviceThanosSidecarExternal.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/servicemonitorThanosSidecar.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/servicemonitors.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/prometheus/serviceperreplica.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/clusterrole.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/config-role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/dashboard-role.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/dashboards/rancher/performance-dashboards.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/exporters/rancher/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/hardened.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/upgrade/configmap.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/upgrade/job.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/rancher-monitoring/upgrade/rbac.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/thanos-ruler/extrasecret.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/thanos-ruler/ingress.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/thanos-ruler/podDisruptionBudget.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/thanos-ruler/ruler.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/thanos-ruler/service.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/thanos-ruler/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/thanos-ruler/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/templates/validate-psp-install.yaml create mode 100644 charts/rancher-monitoring/102.0.3+up40.1.2/values.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/Chart.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/README.md create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/app-README.md create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/.helmignore create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/Chart.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/README.md create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/dashboards/custom-dashboard.json create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/NOTES.txt create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/_helpers.tpl create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/_pod.tpl create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/clusterrole.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/configmap.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/deployment.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/headless-service.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/hpa.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/image-renderer-deployment.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/image-renderer-network-policy.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/image-renderer-service.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/ingress.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/networkpolicy.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/nginx-config.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/poddisruptionbudget.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/pvc.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/role.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/rolebinding.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/secret-env.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/secret.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/service.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/serviceaccount.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/servicemonitor.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/statefulset.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/tests/test-configmap.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/tests/test-role.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/templates/tests/test.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/charts/grafana/values.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/files/federate/federate-scrape-config.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/files/rancher/pods/rancher-pod-containers.json create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/files/rancher/pods/rancher-pod.json create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/files/rancher/workloads/rancher-workload-pods.json create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/files/rancher/workloads/rancher-workload.json create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/questions.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/NOTES.txt create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/_helpers.tpl create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/alertmanager.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/extrasecret.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/ingress.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/podDisruptionBudget.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/psp-role.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/psp-rolebinding.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/psp.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/secret.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/service.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/serviceaccount.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/alertmanager/servicemonitor.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/dashboard-roles.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/dashboard-values-configmap.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/dashboards/rancher/pods-dashboards.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/dashboards/rancher/workload-dashboards.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/configmap-dashboards.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/configmaps-datasources.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/alertmanager-overview.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/grafana-overview.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/k8s-resources-project.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/_rules.tpl create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/clusterrole.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/clusterrolebinding.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/extrasecret.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/federate.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/ingress.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/nginx-config.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/podDisruptionBudget.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/prometheus.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/psp-clusterrole.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/psp.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/rules-1.14/general.rules.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/service.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/serviceaccount.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/prometheus/servicemonitor.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/rancher-monitoring/hardened.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/validate-install-crd.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/templates/validate-psp-install.yaml create mode 100644 charts/rancher-project-monitoring/3.0.1+up0.3.3/values.yaml create mode 100644 charts/rancher-pushprox/102.0.2/.helmignore create mode 100644 charts/rancher-pushprox/102.0.2/Chart.yaml create mode 100644 charts/rancher-pushprox/102.0.2/README.md create mode 100644 charts/rancher-pushprox/102.0.2/templates/_helpers.tpl create mode 100644 charts/rancher-pushprox/102.0.2/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-pushprox/102.0.2/templates/pushprox-clients.yaml create mode 100644 charts/rancher-pushprox/102.0.2/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-pushprox/102.0.2/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-pushprox/102.0.2/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-pushprox/102.0.2/templates/validate-install-crd.yaml create mode 100644 charts/rancher-pushprox/102.0.2/templates/validate-psp-install.yaml create mode 100644 charts/rancher-pushprox/102.0.2/values.yaml delete mode 100644 packages/rancher-monitoring/rancher-monitoring/generated-changes/exclude/Chart.lock diff --git a/assets/prometheus-federator/prometheus-federator-3.0.1+up0.3.3.tgz b/assets/prometheus-federator/prometheus-federator-3.0.1+up0.3.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2ae465ce5dca0f2547c2c154a3e77ba5f04994cc GIT binary patch literal 20594 zcmV)>K!d*@iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POv1ciXtRD313vKLw6F`yb2Or0qD#bSpEnmz#K6cV-f=IMe?3 z%I+FLBqX7x2o?b4sBzXh@6We9pX9gjJOBt@bg`2rGy6oVoyZgk0uS)qZ>1Cqrsu3u z@swpuQZ3}svpJPISBHZhJbL`(_|fAhCtsib z&RltX@;h?;QQp4gQz=d5?~XtCUG2sFMn1GCgr=H{LX9FqQmSb#W=Tr5&RN36QOcy| zQ_ivxk+ewXO!nTEaaHDY6&G~DM�D)PNMRlSd0R}&U5nN(a9Bl6(8Z^=n=@+3Kq zkI6UWBzgFI^YuaRqvlPjq$wK_ycjP;!L^XQn8j+PG+XpOC)9}Kyr|wD-tZz5H>&rp zlF0?vD&FyKDV98ADxNLnh|F2OsDDgKDgMq{+|{uej$@?k{F(*Jp!oF)&WjFqg&Sdnt3Mo~;sQDj`h4Q2(G zxR{qEj+d~4PI8t-gy2hi?uiJItQ5-Z&1yuZJZGb$qvQyHp^o~V$e2ncFY&d#hl!^! zBdtp{Iy#c{CYfoo6R7gPL*pjVSI8=}J$m=;*geyYHf1UmGV>}gdLA7QXAho&SIZJaY8Cg=v4Pj73 z3o>D(G+34qUT8s9qLM_jMVV90R1!sdy(mteiDJrUl?3h-MYCK?Xl|L5&YAf}NU2Kv zLWm_rBQmAAVsH`JfL-A$HseYg5;Pd#v$(<^>4fEmF0njo(sc9dMF#h#d8IUy7ny$= z$G&uT`RkR;?RPn$sh{P!o1K;wa~ID7?n~aiw+q?ZBUdF$`E*4}k&%E!*EhUk)0+Gl zE-DLVplMjKNYzm)ijFTHyS*%!ENv>D1y|zcolF9{8=#M$9VreQC<;Na% zrBa>yLERT(-S{Y=x%k8a4z_kHuyy3_qp3FkH0C^B9JUOUaj1vshZJI*RPBz|WUeo?qd# zM&!-k%x@&NBErB9V8+6!52C0?3NWa{8dw9vutHVR5SBUBgyuPsOo>XSOp#PFYN*j< zMN~Bb`GTmqxFJmrEuk&(_HVcGzd4&{E_%lSl{l z$P1y_$V{rrGqYP6SFl2$yRUvYf9NQUB8tOa&)JI5Tr!%ih^z|oCzdZrJ+RsJ1uf`| z8S2VpL38qh-&bM|wJ2Djk#=<8X=eE&oZwOa4SRc*Gq@EKVZSKHGH@s0AZj8C!e}}t zb~8iLex+%8ZRZbrld&=vs|73IF$PEXTK-Ew(SRVs=L6OfquA^W0B{&|+nd zzKs1%_90qnv7nl#G|yKNX{}}y!Lsenv5`mLXLDN24EQ-9Rw;O)i9K=knwT=|jNH%y ze*xaMZs{y)QNEz{9|9RJ60h}vfvsv0yWRL&~1(mnygz@%4VfLTU_P(RL@oFM_iv-F%zdBModoTqd0LSz=e zmm*VmfYUk4Dua%qNOmKbaOP$e&)88RG8QYAv(&uY6GU_Q3a$zXTpkC0Epmpk4GLYA zGDlj^;eKKWuHKPmd-j=z64Mb35z``zwSSeLRDCHV(AUgJN7rmMfD6PUU;2{_rZmEzhl6LXtK9Dm<5Ohmy$1e&Svafr8K9gbk;JYc`40a z7WwLx5c+$bGsKTTl8Xq**rb}(kHMcm8X`9OG-}L!KfU^&7tW7fynKCrmFTznL*B7P z|2uy8^>Iu8`}+8c{qNI!-n}DVC1~$8(kFTUp3JEt6UGX{3#DnEvn(Oc<}AG?Tq~k9 z)s-?LmaK|`7c+y3hA5>vCvohpa^&4RujG+IuU*C8J0OX9@r-Gs@F)`JWMFMs-@*i6 z;U8{_gXlM6UHSEYw&4FSbC#D(szjIfHwA6M|3}9s9sK|L^o#xHlYI7^92vcP7aK{_ z$VUU@aKBi=^B1S%4M_a{J>1BrB>4+k3DGX&RHa^vi+`+?ywFoJ_&0SlxYq!z$U5Jn zJ@Qwy&6BIDEQQoj^zPl!LFBGljS3Y8nq^*~1_=p-FEH_gKPMWF;ew z-UxY}3z`|_%4%`7+z8^SP%IoVIyf@Z3;_(k#vm{Tqa%Es7#6xL22m|@!L#Nj|U`qMoT*3IoF)2#HgEAdrtnywfzd? z^q4%nM+K*qD+YINys3ZJL6daKmiHaN-jgL?j6ffq@|@{a$-Z3}Oi$-*L|{AMuJgAg zEi%vn3^OunmH7^qgTz}qRW+URw=6^PJf=C58dYw2XmyDNqlLL~q9si=IXMOOj^v`4 zF{R0qQ$m-N=SH`7udjDuEpx2*!kyTVRXh9%%@O3*NTo$e9v{P3zPN(PlR-RafDli@ z(Lr=(L||C8<+!9~;i!696+2@Epvt1kH4pfFt(7Xm3zCY(gcmGBAlkFP(`v0KU}i~3 zi^%xj{X+3Jym8xIjf3VN3WW+>N^p1IiGw5a3~WreIy^My1X&*tp$hG9lU03?NKPj# zPj=jQcto;kypZ_CLaS%D^q2~|AB>8Ty3 zhc^$*V6-e-sEtUG#go;@h<_f!S4=K>%K9GyDYHmf^ARiQ_1y2>ZG(63w!y}Tiro=P zDs?QTqa8(5lujeqm|dQ!cMzVlXa!HUB-vZ?k4k7*=bTBd>8yR5gIsWD3o}x&Scn3A z7z%zRTKpGX=!yd0U=u52|&q-B6v*tvAR*!Ota%z9R<*7Yn2M(n4DwW50*QAdKR(0#(&X zFdQ|?ib7W!VQ;xIXNUBhhR_ei3qrkq4HKPH<=vIufY^4~_@SP?daja#gD7e`z*tRs zyem3`4djJpMYd`7Z@TWTdRy#ourGilj_@oWCQpu7aTK`0JpK%wmgmS|-%0}Tk!Kbl z!F>RmhGVo%h+2ycU4>q+iB&2}mXQV1lBf0%PCV$6h(vpaqO)lw}OOL!W_cQzh7@j$F`v)>=DTk&`Z(*vKSp*1+osaaaF z5(OjdZOTgRcmFI~aI_WDrQn%S(9y$4n0GM(6Ju{#3K2Ty{osY(S5-PE6#deF783>c zRN4zT$U?X%)G#3zh4*zI29i+kej@_rebEUDqZ8KcVI$(k{Jt*0gDV0SE-i?Jdqkzp zA1al!WP#z7rcx*sPDhb_wq%9TY+o=9=ml{CoS|nPjS|TE-J9Kw7fK*Zhh$Rebz9|y z)|-M!by(A3BSx4D20(c3D#fG=Ja7xLBV|-mjLAU~Q9RH{&g!$f&l8rA2?Mzk&Su1nT1K;U z_>ge@K-Dx70b3JE^Wv#6AUE?;OdGTT>S|7!vv9*EF-Pa@k?vvHxGn(O!pUNrq4q3* z+9-;~<8cIWJZO9wK`4YZ1`WEKG=K-9*R4h1q%k}daiO(-IDQZ`gdTz@CSzy(31$Aq zA6F$y8yE2SxHy$@I7pyd)L&r$)eu$h_;4w*`#mVDoZa6)wn4GeD18QNgUc;oRHqjQNZ z$UZNuM4D1%Lj(c;CXDb|Atav5b-3D!i3Jyo93%sRWpo1x5)Nq# z4$2U%@2sL?h09DBS_+YLhTMW%qK^=-*$YEox|=bZNj5XLd*0Tw6}%Qj>KO)Sz*DPy z1ys8Mn=4OMoC*m|4iCrL;3Rko5uxEYJO16UMQ#Uet66nPn)~)Y}VD z8=Zso6hj!nIhrd$3WjvW-T{jm+Y!c1?~qvMwAYY~ zUFZ*D<%`at`Buw{jq3w%c0vp1g6Xvcm?P=7rVvF(D7T9>$_Z%a?cb9qYKV;-(QhF# zNb_re*sshQVG@JbDV51Vq8OFw+^=Zt!fh=UI718YMIVf91do6k{pI1ImBiuTwO}jR zLM)M~*CEG3Hdr_8x1FsE;RFrY;a?AQ?2)c{EY7^aH{0v2QLel2eGjcJehxPes;NcW zO`{f7o{yW3X08du9{0O#H|Q~&rc>tCj2FL(sT2ZoPUWYY42aMdg`r!>QOUE*pUII8 zFSX&SEiib&#U1ht+Q_AdO}HVxCNmLQDKaC#xkCQ zm}%#+o{4#7Q!=H&2A)-zDN^ZJOk+C$lhRO<{g*F)`hn*;%Z7)fQWeZ8rOtPq&JA62 zB5qUrc2o!e?WSB*Mu{?0p7WUzOJv3i3QCQm>&V4t*7xkJc{8T8msZ?bEbTIy^&}TY z2%i$o7wjpDY+Pab%hc{ORiaSjX1;3Bu5Nt1HSasK0F|ODGV1TGt55FA_(3nAHvdo%MU-3hEY1)+;F z56^Q0r>Lq8(HtbEQkwT@aQ0N1&REUy;Jo21XSD3IAo$nww!J8jHD7z{TOo*oBs-qg z$Y_JStT}E`0bxPJ>tAP`$P?HH!7hl|I~=k$Sdl5h3e6?US8kt-Z0pDa**6f+@ijTW zW;ve=kr|M&A~n!s65UvcUVxskhc0|cr8EbW@aP7RbF&N3&TSlDu;EiP!I~&7spL$N zl1ZEvSQgA7Cz-HR)jQ#g#{QpCbdr#lMPPc;-fwtlrFYmp6bJ228JXZ2`stp%LTo2v zvl&S<6>E&rwjkq;DOqE(58}ghA#NZ7XV5}EHE;*Q(S)BbhKSY&2ku@QYKXSEIwZ&& z1)Wp!8=ieP9v&PdBzg#IR}8Q#w2t@%K6`c8f*MHK4ebkI7kDV!hB7oP90HGVmT%Q7gZ zi+hm5N}LH(w5QyA@aT;4LLq^D<9J$-*avw>Qwq#Rikt<$$DR}+>2gPp&`ufCO3w@U z?>~>^gr-M(!GJLgI3)XuF&haxb;+i@z^reGcAJQ*_MDiRn1wont45uO=x3i`^#;Ldo#G+mw~U}^Jqo~I4dMr~&SF~@Kn z9A)J)!9lbbuT2CWZycjNQ^RCj=4@80V`#zM<}I_pXqk4MwFs0dC*KChM?0v8=0qf} zsOF6EFmu&K)7ppt2RIc{GF6HqbCSq7C=4;KQ!i0$QdL>zocWupB4aXdMP}5d2}>(H zWo&Xqq-{^ZP{3GwJQ(VMYR$(i@{llYRC}Y${RQw`)J7Tf_VEG~Uy_T|F~m3HO^J+S zd^H){7zJlRal|yBqZ?yedPA)yxtL%blC7f;$vzr;YAcfqJ9Pv{2k>{lx$X7=8Bt7r z6yn+|!g#uVq9q*Rte@K^HMi9cuX}j_Z{`2?lQ*Zf*@K4WuZhs}o^uAKFA#~1aAq&s zpa|vhu;~Rr@K_t0xy{FlWL&aT=d0QxIPTx{2`{KzIb!B#uA=BHplP+?$P@dI9{$wt zy9OCs&n06d<5M8-nxwhmj8mgDq9og;pbf0cg}4S6lQ|6|Bh78$%pId24g_T$SaYvKXA}25m0u4jqAvy$}(SdR~J}= zCpNeMI0Fz9S?Rea9)<|SUK#^Ar)4(SAeI`^4njr7H08NMSz{Q26}`1&pPH>1cD%M^ zpJiMRQDS?=XcohU`d^K#H{5AM4-OKqC2ro+TE2tD*Q!;UrGbS5)a6#@I?6dfL>?pH=*%bu8kgKr*d~z%x^7e6uTg$#xT)D@ z4HlY4poo}&q2H><@JgE)@w%fS6~YVy=U+9P;SlnbGxPGQ$jwF~zX!}O!X0Y71B9`e znGzDA5cP61+lH$Po-3V?z2j?ZqsfGk1(nzJ%Dg*o(5wX4Pu^o8%Q-DrHW-nCmK7U# zqo%Cww=x3_O*OlgV61|uwj zP3WnGL&K_S0ANiJIirOQwrIX}K?}5f@+kyHN@U@1z`>R)5!z^cv5@n0;toh_PPBtG zsu3I5Y?u6QMoptEf2jU{cYYK^L#{D(dONPORX_|&n|D3!Gm)6JHw8>&GRR`I03N5B zyr#jynzo3p%I?LriDQUUFb8+IRv*AWL~?jaJ}PhXyvXt3R_Ifgw@+5hIN~651)S(T zvZj%Cy3Db4%+UYVXWVku{thp6r05313ND@lFGH*BZUo5=VCPa#1@qM4!Lj3$-c9Hf zB=f5|l523dRp4!G&>eyq+ysYU_6KU!J=M*nfa<>miFW`n`Yda&0J08HiAAww1q%IC zZIxg^^eTjAgigeg4SPx2THx9uQ9#(B;>qC_Nzd!2ZsIn;aSKF1^Md2~%9|$kJ%kTK z`F|Ki4LfvqLk`#14eGHmx&VeEbJexXeT$kxjt2~6CR8*1cuaJHL`st+FXZ@rg??Z()!jqdLdwV_@BkZ4FQ|i*7_u$ z%?w4NWNcpT!v4pH_V22kNt&_op<$=?QsHj0{t@dqwYqyTW1yM@=8Os%wU* z$_yBSVd5~3NB0hbq9_P)4=ZO`3k(k+UbV&uHr5^8z@mf$+NdrFv0R9y`QDDr@RGzZ zA-%a97kzxvi4pZ77ZTU&X5TZt4&O6!7(||<-}KN08aIV{UWYomt?$Y!MUQF#kriAj zje+49LX{P)f*|yf1UW;40H}+=beaByR0C{16duP zm&3NegRvgp8pariSKq;CgZJGN)y%^vEQc)F8F+bNVF{j?#)D$XyUO>>(|Y#P=qab!?$t1#L91mx@1hF zgutLeV3)L7AUQ9$k7F{>LcnrOCKOK~0P<<*1yT&0+d2sNGm6sKl{CUq)Ds4k65ZRr zfjtk)ZGT7Nf_&riyHIwht0a6kej3D-s=x`Aizcvqhbw zjaUzsRR?b`i7S_nS2V)Ojo7lrFxtrbxO3QlE7}E!l6@$KvXlgB!z%@{7SjCi3Z}#{ z2}aAV9@X|-DPGKSXEAWm-a}L&7QEmKns1hJi-=aIroUDBKz@d&6}- z0Oreg#by?dc;?3 zsuECZ9p|{u07m@{IL&>AFl4st1~%l+-Vu5^d%T`wzX&@Sa7MwXhJqS8!ch1KLOw@FAbVpG>k5To8`h%jtdZ$X~%?$5_Q z`yw`4&xm{j$aHHk>DHjocjIo}_jrSMo$U9;0W?Ai`s9J3S7oiY)CGuw1+lF2O#7mT ztQFl5#ErzjM;Eo&*S{dx2m&Q>M(AqsB2}O%@o8HRvN;Snzh(jR4N~!1Gj}3PO*d8` zzFLQi$7E-hy$f&bj9=%BWOiTt`36Z3tS`1u6`BbanOld#oHj# z_GO?s_`sYU>a*7x+S+35DD^&VRaX}!8XNa(Bd4|B^h6tVtuMnKV{uSuj!#>!_to5G zEubXid+@Rn_I5$boE?JBG`9xQEbMC%WRQ$q{BvRprH{#e0W1@=EqfzSOs;%e6hNEq zqlYc1gpU9xIXEbUJ~*%u!YS3Ppy0b(x5qnJwAJ_)e5T%j9pajAi?G3rT$^ja#nw~? z_LrPGuW1o>9~mY_v}k88Gz$bm_^1;*Fot;TN;f+bZ^_Gc3USv3Wf!6i(5MmvMKuQ~WIrtzvNh@&Jz>1XG2ngH;0lIdlTCpxhy9s+z)heqj8FQL%qX)t zPr0GA*2_#)PgWB(>VKXe62oz22DTnCwfhKI;+ zv~{=7U_IeGOrb5)qZskuAV>VS6(nv$eMVvSSkNsc<0>_$lsI87NF;4AuBnjQnU@p% zYE>b$xVrmcCJDJ>7BI-idgExfdARozLZT!`ZqE*vEm`&@5+84NV;lOUlzORaTuee003KsKwCL02v5?W0KKp zBivkEL9;;OphT1rPwoKAM#&dTQ=4UA`XgJ{fYqFeW(ejwA3w!shx(7c_~W_~jOzn{03{*LX4_i)#r$LN2;-nP7OSb8h_x7{{0%`!l%2ZIP`&90397-=pYCQ>ktFlJ?JsSV<$ROREI)IJ>+^h|Ot{Oo1kRa9}07YSY>d z4xqXpsQgpO)Z9f2pbNAE3SYj@Wd>XI79HAXIyGBmjy5l1jCrsD2R@6*ZX0MYt&m$) z)`4k0ARg5iJ|$e&jg3mlmRwZI)$Puj{{sOz;6s6+$BQC-vDHrx!3XPx z!P;DPN)lB{q#URdOw`$fe7xOBW#03;?Oi^+E9%7e?(Pt^Hbu<~VVUHj zOEm;*H(w}>2r!;j5(M^EJ;d4!162X{+u8n zq@qyJLncToH|XhUjHrPD<2F`oTec?A&!s4Q4YExqT8l8$(xCygKZPLxs*= zHU`@h0bj-9brAUNbXzwiM^J4~6hIJ5D*!>kUJR_`>Qc4I*;!^C3Liqxs2k*H7#J=q z#j=E4ZrKZOZE*=k!RGjU!Ft!bHDgq>*ejSM*bV7lCE80NqpESkm8L}owSzvlwBP;o z>VM5-%MX6X7X9z^@srb*{`chc@$nb^?^AsIRvXpIb!{J!wS)+ITLOs~kpU2-0bEk4 zuNyL0^3d>k-$8+i)GJ7<91tFClA(xs6G8% zz|%C?Z2=A5yk!FRrfo0Z!4+4}X1%-M(&yW?cdH%z(5kx(iJdu!$CgRk1VHD^1Oqh< z(!YJxZH!8c-|4k7T=Yyt>8YXP8I zKK@>C^uQwwazmI%y%s2*uDMySg%Sj-ehm1qjO*Y)XI$?J9rI)dI5wvBUke>O=YKtL zmYm(xz=3KWI|2uSZX9sx%sGrV{+9yB&UqtnJ~zv6e0t?SYx?WixFhVZb~mwbi~M(T za@>;t9zJ|>^7R+_?^As0xB#e6o>EP75ms4CnZ$5)-|fHmwv4MXrz^;K7_I5d+4mfn zU42Wx2j6{rlAJtAj^pD8y|;VCY~b5BS`b{s#$?JHKNy{Xco~`1I=*{Xaea`b+=6Px9IG zPA(gfGZnI*s3g&zw-i$HUuQr47^7na^2T`1%ni?3nj5XtNq?^FZ%LJM0fu02(?OX2 znoiE`SX#76ST3b=HUgu!l^QRy5g82NN~ucxiC7CnAcheVR^}LywFPtF-rip1{ynWQ zK!3fGx&1CDG{vdx?YYLmtsprA?q(d3&mWM=K8ovv$45lVibePyWy9UvYU`IcD=rjB zX-CGj%3(q%4NY|;)2%KnWyfy3-oNh5_g7f|M%Z)r^Y!ml<5xSBk1~8M9JFC!!D>rY zo&~ZBdH24a#ubDhuShAvcvV&3@QO`GWET^(b)NM()b?muQn>&*=3@@4SelAO`LRb` zsZ{5FQ1^w{wzsoAm!A-lMGdP%gdqi&83Qg5D zYzVp%VzU*l=BGR|BgQaXTuQ#An#Ix*k)z1&3jBOo<@ps(Yee4s&HP4Uf&$pU4q(Q@ zsSl#4Stof!vTCtd^^`^i2X!-RAc%zjnCSuF32%hLhf(lW)4q{hYgRM^JnVh`xjB<8 zYR(z3-MnF)Mb0M^1i_cR^;m6+i56rolyV&)Cm#ga z#BFf&)R03@FTUksO4y>*tHWj)W$UAFymezlz8`JlUB2&#eWwdI>u~~lP+AkWGfM$P zfZ3bFvoWE;Wv;+0Y$g-db?Yf044HgB?>eZiVS!es0J!99^M2?%*JuXiYt9Ez$3zS`UC zl+?J@Qw5Z|HO^-6awABvCTfB(?Q?{@rb zO`b=C12uj*>dpPf&DWYjA=y?Qzz@G~CQmoOW7tKu;02oOF&uEo*-f&WgmIrVYbRT@ zwhz?=m`v^CATTX&)h94FYsZedITL^e>r+pH8d%Ll3d<+fWKPfmNH%hCpKj93p780> zb>c+3Vv(o~jZGG2U=dEo>SV-HX503qPV#{FteI{!exQ-DnPjT5$fA7()s)w(68OX50&f@`lEFEC zLzaQur#^mlsd6wv)PDwoT}!=H45S908D=Osih0-o)zDhkSEVEGLXuar->Rn-s;q2<8E~4-Eao=)gZmXnU4w)z;^PE)TB6l5jaZvCO`cZtUT2R^7R@$$FP=bIuUvm>Di$j*u(4Tx&r~G%f zWy1k#n~U6`X;o>yVKpDMePcq_3#CFu4MJNe&n+}+7{$CT$6%UEjC4G{&XjD5pcC9o zTU9iyrC{gaMhtoK4YONq`(@wEg)QATHzI24&O-pT-s4~oM7X57E2P&?Th!Pt1R)!f zYhGj{EY)F&5h~jF-ce&t5qLprHPi_De)Q&L$;zCkRE@|<6aiJoe!rzqTno7xk&Q+E zBSJKtjmQ#xDg?|CNN`8wV){bpOUV=~G%Ejf2n}*%4EyQE;`qe9I`K}~>;tyin1i=# zu3aCq{kxbTv^^ZmrwubNjbfdZ?#+jVe>dSNN$%%D-UWm*##DcEvn71@%S(SrWnM6B? zb|AOSDxR^ULS!t)fCVm!qiAn0GM5^>)eQMs};iMAsBNv(Ucdc32u9}Hz78} zq9Yg}rbQNO|00-7{U^d>&)^YTjmY4dtp?E^Azt_zk-_;tDw^ZfrB#sOU%bSoQqZP-TS@$vCb++It|YD7+skB=8{!S&5+KXTIZ$Rdio zoz6w=nZwWCYCi#>SeLH0%DFFWSIb^|B&8*?7S8;8Gbu{P^tKv-k5hF^>`s<57D<*?$khu&o+BC=FL?dflgj=GFO{$rj z5B%{XTe5saj-v>o*DF{_fX01DtmZ67Q?tX}ljP(-&}zSyiUBFV8&2({Fm1pps}^-J z3nijmaBHV2+zGqvq}mvUyAxI{_FVR*T*gY|D)4~kH7f;KgH+WJMvY6L4CHuTb(9nBlTI9kY`YG zl55O@svtt&MwT07aK&=ty5cQ)_s%={$)G=?z~4L|iFxykX;K>6ALnFXjj-Rs3|m#` z2ETs9`i*?~SSza=!5?yWy1=@oDkB%R<@&EC|lP~ojKFMd#86%>1?_%4clnjso z|6=v`U!2!^K;rlB;YL0so0?{{LT3D9rR0U4lEJ^JqrtrfU`5vX9_^98Vz4H;s>)JG z9Yycn9UVmOYF)}X&k4;kZ?yo441_(1`2FLHEE4ElN z`AjTIBaIKfIY~|)#m57ZJPRbh(hB z>Yb>&EEp}!jS~%_R41pHW(!TZlqOG330+d2gE`B-zTSoP%(31KcVt6e?GPxmQIT6C zH5Vy)d<LT#069x(da@&fL%(q*0ElI7f z8t<}=?sfzPJR{k(-Y}bNO$PryAcJ29?i4soyA23y{BLT|I3<0XPX1_}L1aP|PhC91 zj`PF2adxyUTlj5VNbzLVEFf&XSfuwMSFNPC=5WvbJ_LR6?%g)%7;&*XLP@2L#dNf* zoQfi91beg7L-j7ggBH2q(Uv@WOa4&_4J(~9$u*s|Z*#B?Jl&Ja9T!`zzh?J7qMy1`K?GH9GdoZ%O^)dYB>YW}E_!H`E zF=!DAe@`jTSr#c9a^WV8lL+^wc4OXmf6V8@VElUr<9oxI5Y-5l3Bz7q+R~G`q^)qL8_Zb_+hk4U1bDI%&Qy6MrY7+u$^>nj*BT2Pp z4Pzv=4~M*eKU#a6rn7KIgIFc!(HR8K;xo0s2gI)WStEYXA{zylVsbR$#gUpfuElBN z&+mf22w~}5kO2rW5be<4?%ilR>-`qGEHPnHdH(G6`SV}?bpGQ{znooO z{PLIcS63G=Uwj*^xfzB}-oI~-aq<1tw_iQ@@8Uu8veBU${ieU#clOg63#(m{INxC% zEQ9%zI4(pyXEb9{kyw0-E$8A?3ozpngLicd`dFWm>N#5Y=QKw$o|w^ zX=l>yq*q1af_(MPujTzcrgvySe|C9c0Y6HhuRs&#eM=zQ7x3*@`*4)Ldbjn~_vDtm zrE;c*Pq)73j>D#vCUN$FJRtG(q-Xf~hs-$~{9(`Fd`jNDAz!_lx1Ri8-;%H1tv&tk z$>074g}jT-fDSvau6bEPCq62#&A;I>IO@*+JtC~d#emn^NR^&lAN9=JHpkpF_dyp5 z=nUmW#k#*udH0$-^H^7Z`>F3+?wv^!iDTdBu|1_s6s>D`Wew}A6Av4dJ@k>TWqI|p zHM2W;*rQAKymy_;xjBtH@ZYrqZkSuW;p@0CmZOhVHSvpe4d{Q}oVXEN5gzW3!F8|x z>+1FSPrn!veRX;E?EKrdjRrYcV}>7xgSH?2<@KwdUpzZ|eg3?rh8t*=r-Da@3Ldwp zAd;(dv*j)u#7Ypf$ig0_E;|Iy0UCC{de;WZ`y@$P1m;5Q10tQ zZh|0Ml6Qb1Q8{D4KTZuj5JjdsbQ^9Vr+svv6hny8S@;UxP1%bvC(kpVON2Q+3ST`qgk#2LpXTz<~7S~Jh1jnjrBD`wAReO;mo_+ z5<)NIE-MJ{-?o7D_MZ>2|AALkikxk+0dA}Rd3^k^W&e9}@}>UMr}@~!Xb51-A1@~~ zO>8n&-%q~$gu4kGHMNKiH_=MZh2;Ol&QsUFN9T>RFoxyaKGf3KC^h(@cEbJ;ht{&! z6s>RwxPJY0Ura4xn~ygD8${H=T3O}T@`9GUj^2%1LP8_N5q|HeCH+^Aro5mz|0fn2 z>AL}Ay&^)EOit|J4-OtgaU6fntq!Xu{)ToM6D>c-M)&UHj6wO0m^{e2a$ljT#b@8( zu=3+?XoE3z_BXM?JIMxLKL7JSA0Yp^6w|F9;H~vPzi!Kaj~{=D|NbE5fQ0FlPxbT}mxp9QuNi^HjkMJSlNC#{q!LS4Yg?0}m7ZyX>_pJ9IBWw+F|N<` zEWv*4LSoKhqjCv!`OJlF%wy{a+4t4?p+>Zo4By`@jOkgIPmldzcQ=gm>+p8Fb+{r9 zfTkmI8%Lr2ZA({7a_iL3ThipKK_STYpsj*aYlisTC;!XmcOOLmYmDB;0Jg;coSr`J z#Q%T&=u7yN3N6q12WjWrD0BV zW=L~0-2;9gF=EzY~pX*c*t@iSD; zRMU-j-<8Ky9$-@l;`Z*Bc@YeMRpwDu@eQAup;$+ zQjgQz_rMj)+gCDQ|7QE(uI~v;A9r8qwh1tL{X5%( zbYETw?VnxSLdTW2SqJ{cZ0x}>llr^h1sNO;$UZGg7Few}7hl}8bH2FY(61*~%vr_v z3r6;HR_r>&@v!^I4vmETgLio54y*e0!Z?J}=JD^njGc#Hk4U?m<6R#KHgGKxx+V|7 znnIM^aqJMzJMGTBC$x3co^+FK_&W`JHz@QqtLjeAT>YTgxnVzSa!~B7D^PHD^Ffny!>&KR{ZsC- ztE}aCcrPzzv8|Z5o803ct3@Bc_0IUV7FhkB4fBQ?Ks`g4%YE0d_;(1^x{A7c*) z;rbQ0_VU>Dr}d_HXYc?zg7-cQM(f0jzz(M)GY3OS9?Wt{};=vElmt zZPqq(H?$&5S~mrOKgYd+KLm;jE}QBJs%I}=K0k*5szzWIu#fMhSd7}y=bYu)D>iLk zx4&FcJs)8}a3M0_d%=y~l>K_nZ2rE!5za0QRUx5cK6Ly9gEAPJweYs)wxPOcj!sEB zr^Sr9N`>YCLe{gjXxBF93_}W``!fukkQa=DQC%^)Y|R>biPIFS=#sLMrBIkuY`fIC zCgEtxhGbXQT0E%qiMDVin}b7H*J-6I$=vk$lw_-dE_iC&p<;leD+HSK?Bk!#UOhj5 zaq;4hzr4JBeev?e)h}0nI{W3}<0rrT>FnxH-OX(nLhfQ@R&)CB@e@@o+D9Je@t3n7 ze?GtZ<>g<_U%k3`etwr(thY)x-r3! z>JOACM$8;+;aP)!Rc6Bl|5`uy_y3e?m)!5)?NI;ebIRcz9IUo+0cx163u&9)rQAg(+#Mu^Q80@ z-<%7jZ8w1C#f!^l%?p;dKFxL8a^;XICxBgTq4Yy;rGHGP!y5}DGUdRd0h*6rb3k62kk!}+S+){{wiqSk(1=)adNzK zAvCDzR!4r4HxKY6Kloe2aM8Mlz16HR&ntJIlcECU!wi)<2^L1>%-ruHL1EwDJg5|d zi|$Em=@;GEjR+gldp2D0|NnQ62$~4Z^xd{?SaC#17oG0E@UW+W>uAvI5)<81UiQ!3 zpWl9oE&dIC?l1qtS>H(k*dqTwd~$Nqmj54p{iXiXC;8kz%fnIp4-XFeA3?+i&dmhg zwgEKBHS(#pw&;Lnucg?ZBet%c>f^V%HM{?pV*vZLxOVF{b7!}m+gdHI^LRbiwtaSw zm|fZ_7D=( zNVT@}BUe2X%D3yv*;E_FlR^pSm=|W#q1_y*3e9utA3=R`K{F`Mv<8kr^D^^&CTXFg zJp_eHMaeRfiJQVKdBK%(wWH0F{wyZ8^K0EwEcslb(*60rjlQYNRmJNvg0}Gg$H$Lb z{Qvai=?p*r0iL z9nm&uct3X;vknkH{E*PG9cQ$8wBEVw^oqgYuoI*6ArId>qIICwgc>3oK7MQ^__Y75 zMDag8j`i0A*?UByxl24!!{Gy zLGS!1Wd(kvoMl~cfWe?!5WtIAs^6MB_&|sZ`f3Q=qZ-6VG!Xo1x9xtmgAcI$b^+mS z3L)j#5e>r#sCA0x7gO&4^w0hEKWM5>HH%AC#lzdd-1{&)Q3xSjv|^^=o_U-Z9E z@!7L{f2L8?+s}o#u1Yf4MC1o#5SUp8WMKX`9Fk*bA+mRun3BCf#NKauQ_n6hEXz^J zpQs{(X3WV^C)#8%^dn9w&&lBRoDogsjA`Ek%=hP?(Q?N3_R3c6ANLgd9zz>9Eyy^l7K>F-9d~&`^Kwp4#u(&&aNu5UlW;M(ye?3@KekD= zPRRO(XWxy72L}m>9>Q`IV^GD0rt{7;pS?P40Rq|yR$445MDEu{b#t3b%s{Xpp%7S` z#>42QVDf&$)K#ttmw}{b%L-zEi&+PmPzAlR?QX!l$+K5r0H9%oTe#SmI&O~d zTh?AZ32fhfqP}td5kXD0o+<$KG$F74aQ3VZQWHj~QhZiGSN;ZAy2}oX?dB|LQ7_am zAV2r51KFI38DFvjj+K~NRp2QSbmuCl$2arGc4%39|JEEcI-^D$f?MCXzI{LV=3}sk zcuG@q(u@+J{VHPjMX?US{ayG7#GrwHs%~Tf?hc#G z!i}cEryS23C1ax>E>99LQ@AMi@l*4o1s>uZmfVNldRn+qR<0NxG-@0}mQX+;N@u_s zZycjNQ*edZFh)$Y0Rn@^=8bKbTJM_egP){gaWr(mSO-dvQU4i5XI(Tix7yCjMG6fm zDcN_}j*g{aNK%{w$(&6~N8lNACdkcPKsV=>6KV||4l0Aga(jX7{Lhx0>nX1+0jHWCO+@9JmCt;N|sRIpT-JiA#G7o)X0uJg3rZPcP;oO%0AFGNd*<0D?UyZgAKK z6hC+mI0hj+24vq04?`Fwc*h3-CfK~KFe3Y&&WEIMVAzI^eYEl*926J=I=Wk&T#+O4 zlVSVPSD`D|O~6{$@}*&7<~*% zI|E+&Wl6Hnl37B26vb>VWHC(0RefH2NyaYo?-wBV2X0cSnZ{taer2^l+ges|I&o$F zIEAZvGqyb8s87Ed*Q{g4^}Lz@=h*bb&~fHx!7=qXk5k8m-IY#W^ zY7-{_fvB$W=wcYgLDikHYY^=E1w%YNXa44XD07c6Lxasw z4^(SDW|4;k6K+RQO#Wi%h6^aMPk>AZY0e}UDZq{DVB>nNv15EU8CwmRy`|>p#PH|l zZS5WJXp)P`(Sq{gsBgp}*}s`H$%0P8uFbF$RCNGn_nX^R_m*K4lOKh+_GGJ0R5t89 z>u6RLAWHWG|Q zgAg+N_9ax+x>v>}OSQr9!X4Z-`#RwTl`Ds4wedWP&TOlY4z4R_Lz0Y;3mt=bYQ6Fq=(0m=XfOvMh0+VQ=<$}LY@s+|Z9`3s>{G+QKy)Rd2nmD1 zx(U>suvH`Am9{7S>yAmQ5M~%S|B8iJ5j1eBirj3Zt!ZH}zX*4z@eWX@XJ$%BenQmC z&1@UZFyT21x4!pRklxcKYt(#dF|P{y15=A}j&ZGQDq(2&t!S z_E}+=YsQLI&Xo?SmI6xO+S!`o6l}?)M=!VCS`fMvJR=!XTB3Xmx^zZ0eQMz#St=F_ zR+!}g0IcOVXHW;Fd!81wu=4lR49ulf#h@p0F*6W`37~n|LeA5PJ0NWVxu*zeR4z6! z*e?0qjGEDD@*y_cyR#x>>7h>U7*N{?)Mivq`wZA-p-t%yISTR03Ol>Bgh*-%@oCw6)4YBwN*sf_o+X0B9?5} zOS85Gk^<#|Z0y6WUJa`Yx`|r@=N5>7rUM7^l~?!oJ%kTK0e=`pEoWbQLk?>i(6Nd1 zxPPn(+ML@37{VCs$9iGNrfsrJQ?jndL1AwpGCuY8 zv_RDd0jf1du(9qC1!fu?(3U(9604$_?*X@j#-d(U7$zk8jvO3Z0BNL!u6v#IlN3XM z>QgQxuD8b;=(&j~xE5fJyV5j86N?fHMkJ$36o)?Jry;iU+BogDzAKRwJ;Fcad2y*U zfhurd08QsCy>|974hC__9w?ZG266O83P^*p0x}>Co>nf3r(`Z}44FOjlE}+!8&5W|9n+YM)U-#t;yJdEOS$dsMclouA3;8Y}4mz-7iGiVXZ+ow?YxN;0*`#`4UXsKwUDX zQAA(`lq>9zRtqGf{XtWAgU{TG90*vh$%Ntw1VDnV7F;zb@iTbcA)Zz94#mjW^+V2> zN+q8#5_Cc)-@u-`lEVfMz9Vr#zVT+$b|ma~>9})QSNTEp%NjI|EFVQ@%EQ~s;)ToJwy69+|@|*!z&={rA&fdva2t(!walq42=S=EZ-2dhy^eBg65s! zi$+KQdz-RS?-Kb@+l1B&NBQ5J2IM@*P-0kXwOJZAgdH1&wspV-t1rtP4 zv}>VAS{G*(1sY2cw5yVV72dsn>r#-R-prXTA;rkp2K$d|bsQodY=Utqc!8SF!kUR` zxWbzA8hCbWK7E?k&SkwF>$uMVMgtC5&3%S2bhaC-W9Xl&g&z10dwhvwzX&@S@c+Q5 z5I$gt(~{*YXWgRK<@1^1s*=bvSwqTgBoJCk0EOK0KUdtBcX$DqA+N+az8dtwK)gw* z9qhd=WbC%IMnQ9yU%Lc=B#JJkE$pzze=CMfd9EF5xqOtd3+8ZG<(TEqK%30uFgpsq zR*q=uw)H9%1xDBq8WI#34xE*+jNL*78#RUU zlXe;{n%=)3@BVyTH=i|X&xm{j$aHHk>DHjocjGAfLo14I+;mx!{XU0!!#Cf%jl(*S z-mCKdO?bKky@F5MS_8QOjV9;UEZ|gi;qgw$n&tO3lC414vknMEej3hdlanKXX8{LkZwX?^!G(Zd#0 z!bgC_9vl=x9~^+kP!uWEtf1hxGW)rMVONcB!8hpbxFHU?7_3d!)Y@nPuB4_!yl=E( z>m4*|x36S6ObmZ*`jSA=3ib%%+a2#!Ojl(BtJ>@!yCpAyR&4aG*hy=H{pdqeZDR~P zWbZTd50pT#0-1vm(%Y6>)S5AkU_9Pp3-^9laBo5YMS?oBi`Otp276oPJmrS&Ss!Ts zjBTyeLt?mv%)n6L0^bQ7WCwkO3mo$MQ3Iqshp7knVcD-F~nmdXY8-~#}g{FKefOYY%m8=tTb0ADGD$rx}`Te*KA#O zkD2!_Yrg&L8I-^6&t3CBX<5eRuq@c_IiOqezfVt(+x7oXAD%w>lK=TBK5O$oU)TA~ z)&YUquhk#Po8IT{9s)fi!U%*bQAtOTK)E45gD(WsB@vRG$w9zA6g(IUt6IxA(NV5&_<24OIltGuZU}k$tvAHPpPoN67ggI=|MTIZj-os*p2R z&7ketq+}wE#7C4iLSDd7-F#J*+Gx#bC4o^leU+-#MvMUDT$i<9vg^Er^gD=Z^01Q5 z-8EyHC|#x3K9US(c1TK_#3BlVEHFi<;~Dfc_y8KVsDT0FHdd^#mTD6HTng|G0fpFf zqO}NvY#bWoxjjKWhb&CFb-z7LmnIyi+Bd>(NdGF) zL;%6^jT^2sEix)Im3(e4`rG~7RsL(H=Ir*4t@7VVyZ+DVm-;`S=;QZu6vbpoB{yVo zMAj0_h&WO2%z*~B;mrW;`a7H{A0*}EPxQDp zD)}VDdY>F0`oO;jP%w2j_vJsgG zVHiswS6cF729+GK^=jQ>%Yq_EL<}LZb9g`vkF$0G z^-YV%YU{XI)pBX|F1=^%VE_cKU+T30@HEBEdM!jClIgCnU>VoJq0G466%x>$ybTB& z+w`x6gq`!p1;moGn;H<17ri4OAfnCzqE48=AhUldAncqs1LAY@(J!AbpD&*;pWoW& R{|f*B|NoIx7eWAf0RW$(>J|V1 literal 0 HcmV?d00001 diff --git a/assets/rancher-logging-crd/rancher-logging-crd-102.0.2+up3.17.10.tgz b/assets/rancher-logging-crd/rancher-logging-crd-102.0.2+up3.17.10.tgz new file mode 100644 index 0000000000000000000000000000000000000000..bc979ab1c0acbf2a9953b683ced860526e7e4296 GIT binary patch literal 83284 zcmcedV~{58m*%@{+v>7y+v;MMZQHi1%eHM>UAAr8c(&g8@9ylx&PL39+521OiG1?T z$T-ir&M&V+5DAI;&v-W@Vvo zW90rz(Uw=j*vk6H#pmxt9QJw&=y#2te1kpD)K}HUjryOSF*;<8#?zV+w{ED(Bj@^0 znb5UVlKpVN#y^IxmUP~Ga!PSJR*Zn4P*-Hjn02jK6~liM$ES@(n$)WYb|YFe?KwCr zp4^?gS{7g4|87RoCG{WwUbebj764CocXvQfN{w#k+u2aXa!pT%*W=sc;dl+5ZfCdG z?OVkKlkBriX|(ZM#rUfCX3mBwu#A*(+M!fB`*eM!UNTgZhYo`!7|-$9IdJ2lH2h&k zWl2)O>;$C^kzTxtZ`4cYluD+!mQC5=^#PodxsX1iIhPMp3}&78Uj z0Q8z2>9)~2#CJcuDpTlnef_*%C4*Bf8*@pN(g`a1NMQDr$O{hEqL zGv1qr{p;lY`0@6KxOSJ<*IvglJzWm(lg@B&-My{8GL%W57w-p}4b7;@+R*rfTg2USOf!`&@gF&@y5GlAJVA9}>Q?PpP3wVcvuc{4fN4a9`m8 z6qz20>=fzc>Or65`~Fd{4}!fm?YoP^kZfJfo>m#`mTbH!xkE&3j|5_t2(w}f6mYW74N1(U$Lu3Zs*n(5QJE_1?~spQH0q;y%GGLNlyu-)zWpv zWW#as#Rjp1$tcj}Jo4xPnor-vf6cO8fsWaK(nI%xL5_OOT{Hj=^qhk0o%~dRf9Jce z+Waxaird?f{0>*L{Tf{&O-EblA!Y|j ztv#u8D`kGJBfa5PXK2&ww{>R_F!L1e&ZaPM&APm!ei`W!;^^XHZT*HiOjN*8w19?Fm^gP zurZ$+Wjj!>g&t+%wG3K+v|; z>ah;6Q0a%z_wasM;odmNo@?>0M?Ty@HoshD+Ebw!h9Gsb$9CojS9wqfAIHUD*tx=J zS_t1dB6Qa4RapqXLG*?kjG_b~frq&k$0cyqn^FdU@d8i3clf7eAe}!2?`bh=0|;dLM8;`Lo||!&g(!h!iX2;s_th~}{^LR2MhG(nH@DuSUzzwHi%W((J=42^!m<#SfJ zPa2n1%MwHDTElvlcWE~mlIzN@?-o6iyjh*UJDqh_6v5pd-|;l)g-+>4e-U`OL@Dz37)=ZZ7GdTXYfnaYrv{>XZ3dOpm$!6D64egXoEB5VECX zc6tsYQ;A}(ajv`SLmSUofncB@RXx?1fOjDQtc$H7!jlH%okXMyhCmEwLL|%+Nt|S` z>$h&>{SC`4pA`u~<+aO`=}o7`?2(U6#<{yb_K%*rZj2Hjp&SO6?N?nnZb*0jO#tv| zvqLiQG2Vn-)ya>`=>YdSY`^Bu$W<33VGv;G3LX~?p1@Ux-;Hb#48zv6xIakYgW>W6 zsc#_jToEMRk~diIBh$IE2o845&M=wrQE zTtg9?0pjDa<$=xg2PF`9cGdOFa8bTzfmz`8@??UMyMaJ-iGmlcs1Xsm|g6on8E7b zZZYi*@Xu)GIj%4S$+y-<@q(-pdf<=UqDF-Ss?#%zbTP}76I64S`4qmzpB-b8m-&Qy5H8wAB@XtO6E4R7;#d02-diPKv^9HmFZC%U zwp$4dqW*#LoE*zTl1KjY#w*kQvnCA!!+WU~Y}+h@f8Sb+m04jSeSO_kO0(5|%Sj!+ zKS*JjfMweOi29`uRmSc7W;=RW?XJZ?K*g#LY$VPw>_^|<>0#_Y-}NKxuHu+clf|$c zy#Ce(G+UFZD&o7IdJJ(qJcJ@I{i}SW{xpC!ZrRk|ZE*9>|kK%&~sj8w^T+k1aO!g4ShoLH0@_J5a<9v#7sa%eK_ zB;;^z?!Yd{n}N=%1j)o@t>m+{%pIdDwveuQg@DG)@YpHhk7tOOjo<;g4`&jR_EV^` zAA#+Ww_2*PV@tf&*?9g8&LnT!wKTC-+bft z2a7}%cPrNUsk@ASjKGezCk2JLVuwcV(zs`yQts8G8z9D2EuUxB)ylshM3jeSrin2p`wNhlx9DCbd?1%9_cC=YkH;1*$; z!^0YqoD*6C&UqTT^H<`r!&1JSpv-6f<|Ku_%m>Qz|NWW|3gx%fY2y;VAhSQ%5)*w! zOPL+!_(9guI8RN#V{&g;oTuNXL6sclrbi_KigLu9r{p4Xa&HHPv7!fJL@K9cPRRLt zp3CdZYf_GjR2czS%##&7o4LPK`F+*jep+Q>Mj#2iS8r9NY57n001GZ)eiCk;*suKv zu_t8la~c@_``(%XO0-YX7Oz{45WXkjKT6+IfJo$quc|42B^ej=RacZ=M0NWY+ouQS z56#{-LuGR4da}YKd|M&o8ZI)cX5c`?43Oq;?5}h4nfK-{+6Xb|81(5%ix>$V#I3m83G-M*RQ3X^St@7D(()aTb? z0h<0PJFhK+^;}rtgXNNpuuxPhZ&yZG$0|c>+qUlIm;WhXB% z#O>3XH#C2=?iRPx=AR)tP)KPsXlcZ5c%oJP+j-*HWz<{I+o!y9m)F7TlJSBk$mD!VBvtxD zJ&0O0d_U&s3Y1q>wlphV^P9h3N8E2qbYTh;Hk8gb43*0*-6x%1p91G|1)obXl5s`C zIbs=GarDptXpMre3UG*S#-;--c2`ofT|wY#*TblG!371yIewWA7;jI@C@AKP2Y^8j zbr(dz64GsleIJE22&Wx$h~3?i_iZrQqsoF>@Kij??LL7B(?Q)3q9RjzBJBSC(JzXi z+OmtwXP)phQxMXcctHV7X+i)f{~g>j_)hMW?@Ad0*SV=@ziFl=?(Hwj6+f5rK=rdz zqc_)p+e!M`GSCLeKn*rMjWL=5YC#Dxy*Ng!JT*GYhF>gqY;Q5}kWLeOS0=#2Q2)qvQ95dN!(CPb>iuane}kcpTn{W;to zdtPNA(+TaAE)u?zDNSG17_@hE%XIjuSLYkV73GH~_EHMn0XTDjH2` zp>XWzg|cXXM`KZFRpYs6pG@^i8{~$v;Psq5CCMqo<*Fp0Hu%!usz1BoiZ-0XD%54B zpPM`;wkf62U|D27&_)`RSCYob!CB|bF|PfWi#CcIq0^Vh0c+!I1c9b~wZGGxcCEQo zV~vcVR1-5qVvdH=RctLgzOplftbxWo70h!y7YMj<%((``YmTco!c-_s1$maXmF+iu zTDHeS(3pB0`(LTgljf3NtzBbF)DrjhYXGz9;(U$VueleAfGf?@$dK}^o>&OJ6gcv- zJ&O5Jc2nADr_%_0j^-7|S)B*NbZO8W5&iP_`(|rOyh~X+6Q^sXLhpCvwZ-3$XBS~ zHC{A{3No*E#&=ou^~dht$BBiLuJw{*)kIz#60-Nb2Kxgut_kNZBW;49!eHX@;arCO z!(lVJ12s&^IR3oB6Ki#Ir|!RW#S%HpnK|pEuaYG^ubO(y>CJG9!xgw5{?f)Ef z{PP0LeR^>yFDpeHeSsM#CWgHl&QkwL4Bb;oEpP^n6rOmN5XfWRA5RmQ5m9iCd?74> zwft@f%e|<7%;|I(A|>~bIPodY zBO6qQi;4Q#DY}#OiMytswU7i#*j3`O3cMV%q$vsga$N{~a?I1z|ZIG@L zta>3G4ZAsI9{zFYpO3{2Y?#xz-CYv5M2EsJ7OwS+(WT9D?bubXam%4MD;}0ore4!j z`{(g8*f_2<0F;#GE{D)ahYE7acEfY+`<_V9!SfnsQQ4fRYpzKn>moKwX4Uwy+ze7@ ztL#yUJHj;-8_NERJ#dLq>@#@4Pp>Xc6daG+4!6&Pk&#fR**7XPQkUZ+EZ~f~iKS%~!ejjJ}+%%e{T>2o*s#Yy+)b@|HC->ON@?n^~vpY_; zS4}KSER5XAf8gcFTWe=$=f~4x#Zym8O3FLH+x>NuonF`Hac}W_d0V^Nv=E3w&yP$fdP<(VcOT3gNyDn`Ey!tLu6#6DT!-)l!{m5x|%QBblaQ9`<{mQ`L%`N z;?ePz@}8%9Gf}b>AI@=;i4qkz9nV&d8PJ;n*xjp2m!IgQC{(*BpHtU2aJ;-9KYB1T z;|B!W_Nq6RZ5h?0?`hBz85!o^C!918F}plp#J}>Nw6AjS1B#+Pi!SRv3wDOTF1HZ) z9Sol_`^^5}8SXl$z!Z=4uw>>bz)7#wb=+wrTSM^OTJ22O)?dPqm9u)z?out)u970D zp^df>YysZx_P26MY@R8v$HF7e85nOw2KL(~OE{hcyYI{uK{eMWr)TECK3e9~gjj(u z-zSTkC*`Z8H#=ApM<(9r@?6HioYq}MzS0)ly@lrUb?5|-huV|X+IDluiV$l`XAIYB zGu+)=zI*{I0ZSY46L=(u=oSt7S5~u-o`P|m=Sw7A2wbJzpxXhUhJ0pC62vS6(fs7T zVLn0X&p^Pq8NkuhZqF!KiDPT{ZEB4wweo=yO@x?#Lg?nJ}xmc0^M7szGd_roA2;? z6kK~LYfH=ZpGLdHpKk$BdDZ-8-G{)cH-VI?dZ__)Zt|!9N#|4gGxM0?U!9L6ri!Y$ z%7^wMRKX&|HXtXd-uDn#Xs=IU_N~dwQi1eLp5(dl6HsWx+%wqlMoxV7#FEH#Lz411 z$#3U;D6|sdN1J=s7!*uG8L#<%g;OFH5nco@5`iEboUf2^7N{zHrCXD$tpbK(O@xno zbpiVXT+_xXp?ulLno`uxM$Vy85v_mC@`sStbZ_6^x59E~RGZ@hIAfY|B5V^$2?*R7 zW53OU?WmF*(?d$%u{1=>6FQPe1f2)XI{nIS)fgnXXrNqWNR?uj4U+RJi71SICje~# za(W^1;CyZWW4BmHixLPJCxl*SV>Y5B>sjUJ$wKQ-Gy41l98+{~KuCM(WJiDXGy3%i zoW_xK727NJN)%Qqwa%f?m#&U|9@IviAT@xKI&Ib-r;fHo8m9vwu%-3MJN)tyLA~w zD58QX3aVXLD>c-lxbK)KsS#?@cN9s2l8UIHG)SB?{5yciDN3sF3mAR&qcjMv<5f`e zl0(Xe==_!##{=-y5C{$wf^&`RX{JyM7A8&* zx<8^nwx8m;njDd)m-AKeUtw2Yo>0a(kau%t;tWD?cB|{ppZ2 z1}E0%=h1QU10CNI%>LPJIadcv38&IQYD}@Af_|1 z?Jr3nDJtiB{Dw0nA7)Aa0a%^4NXKOH5HL=5Fwub41Ew zP-0Oi;FRq|()|BQu`Z-O0Z#e(W)L7iEMfqG9?^9abCa;?;HTm`E%HvS} zCavQ8y#i4CE_xcZ;|ZaCeJ|D}Nr=VUE)#7wl2xKpxgn z<$cO*@4E%e@67&2B83G1z3s;*^10i#2*|ztTV~6>eP{MJ*7(lsgTkEe*#Dv)ND^a` z{NLO8&g}01BIiF4gbzI)C-_%U$(&?Z#I?5Vv>ElJN`)1)$plNyol~Ha#^;CrX=1It z0fpF)%MOng69+Ip05qtg;X|NP!H78s=CJ?Fk2yFT>g#o%#1_aaeN}T%+1nzxGeTI~eb@<~WnY7W!j6fvP16n7ri$>qXh1)>oYiBv&dAS2+o3cOg?X=JEG)_)!Z$sjw09IjtP#3a(rmx zq#UHn9Ajn6st;M`57!ao0>L*6bkrRXN%we$cWnGrKGbHw4~1C;c9OE-=6l&nX%4#fdb&h=LXL9>#*#-rZ_%?W1wOYnk1bFO?bSkf9| z`myy~3cVmeD6^4#u|oc2cLkY2#*(}jAods6w`|}4G|7hh(dtDIDt9bG@+<|3S7jO@s$Qw;@5M+0CwQ3gqqRsD#LK*JSY(2jBU&)Sq!4=E~@ z>#v?&8XYnYw~3NVL#3IErG%!vKvqOjYy(Q-H-cpZ4IZav3gKv2#1COuq{zs_H@>A( za+wlZ;QOhRRF6qD34E6vqKu@ePA&GNJump-cG*zT^BY3^Fd<)4ygtE^7K8PwihkV z3G%)sdDPn%vD!4rg!*RiOwJjVp@@k3$5R_|dnC#fv7YlSCzlKu*x$@lGVXyn^HKMo zw(N?&jJt@*r)VpHuj`ztmHnr;^mi0(zNH(xUo<;M%TKMouQtrkDfY)&AN-@PkCj?R z$wFvq=31H3CTWtmQ?vUY$NY(}xB05ZizfJN8|ravDj&-!Xq4(nlI(Bx26gR{6UFE@ zz9CYioWfcys^AA)x#-PGA>?9hhnQ+rh1rj;_o-dl`E2M;=`WOV#zn2b~+r&hMK(^f;=cA5&1rHI-^ozmHlrd9!t7BVv2L z#4Yh(XRZzc>*c>XEQ{!|%U!w4Sf;mg$BpzSy9Rjxe7rwfo%{`1y*sfr_4 zSJxcbPTaYI%b!S&rI26h2S5ceR`}O=$h$bmmoI(@wjF^t0xj<#(YMF_5IvjMv~C&( zJX}JboN++Bu84;tNLNGlcXOR9H-Psny$TMaUCZDohwec7(B+_D(&=mZNLZC`n8Bxm zv^y^85p$0OgJ9DgDA7XSjzmUCC*r}ff(1dwWc3Dbl9jfjaK;^G_j;ulv;WK&GAilI zCbxt4(+TXFkO%f19zR$f9L#)M@MlI;BI2~-9?V5yLkd4DAePw(nc8GGy{IFI zs)`0R`p0wE8bkI}XdHZ84@VagzeF>l&n%-}e0%LiVNsArCV|qO+P7V(P&za;c1QMa z{M-DARRhUy*9sS2lY814wDX4BncTlWa`cBc=}VXd&WyguDa?cSA@QzNCAEB}w+5~v zQIHb0Ee-z^OJQvKr_V0^vYfGNrpw_L6#uqeq~#p(c9O5iMD342WlHgG;Xo$bJRZqd zoeW*?Jth*!f9TOPJn~xbtUc_+R?YizdQ@MPz0le^D2TmR+^uqeu_r36+DAVKNme8w=F+PY=IAcMs4r;!$^CsG zyuAMHtm5mjY7Go|y4QUHk220UlO?kx%6{yZX%_b#F@IQ%Ywz$(86(ql#thYGf}t*Q zU49z6Sp-8d7@XO1-UO(WoN`=bN1nbgM36cPt-x4OFi_ zfuSs>cb%X&s1KN={LoP$-1cz;oR7zP`er9g6!Ykk2gM8&PNBfX9v9`b=OZ{w%16da z)6w91PNX(cyok&RjRnZ2>o5RYJC3$hs#rVpkse^H+UE8aEX^tx4As&n z=y{H{;8!u3%7v5RAK~86wa1_VXO(!5TzL4zHl{_p?N@G1w*riKJP}yM7DwO4#@5my z?e!#S8ArxvrbAm9q%^q~NqSIJ-v+uL&No;k7)ysnOLSzLSIfV_@;8ebkHCa7Sqfuj z6CMWc0@{Afdz>g$Ytib^1Q(LqGcIe?+Shvi@+g@z3&XB5dGjFhw>+E-u9}qssX;9c z!|?tYl3RSx)-C=ZHk$>^B>X{A2x*Vxpsl?3f&hb|yT0G4K~{~xourRHr?ur0jYZml zgPFZXY#nlN__)x5aSONB5x5e=5S~)EzmqyEs#ME)CXFVR z`M6BN(EWV77PCh0_7~5&kUrY9olMRI6xObP{26t$M;AH8Pm4b2N4Q(4hQpo^2iB(-q(7QG}X1vwGWKV_K1Xb|U^f z%T&?hi*A@rK0+5r`tx4dcdnD3@!9Z-Dak2pjc$tE|#hNPeLoub46dHhGM}M`J)iLeTHir=?u(2#z_kRwr>J(F=rUuWJf^ z^I0@!(5b74JL2|ojJN^xLRKGfuZa*Fbrr!?PR-&7E;ERv7OcnV@Agc4HNspRm~ld> zKV&^~oED`McZ0s_ub^dAO6l~;qQ^yZEb``GGKM-f%ULTAs+u!!m4pPpOPxZuFq*ZS zrB40kChTUFF~arA5_Zgr;707q(Z7vyYR&JR4wNQnfz1VV0!8Az)b z4}wV{HG)sM^jWN2W

y%Bdgi=1>8)t+J_oZlR3g&>dzIdNkV%Fz$+$aC0tuMDV;O z^Si}!M5Gf)!dEDNi$s@$OQ7jcOxPFCsC1d=EH0B`29VfciFlV54p_zB)S(dbgeWOo z5&zEJbaKW~L!^lU+qXyua7*33$R~N%3w}wyPFsN9#Z|_tqbS^v?z00x<5{zFy=|{F zMje{lK<*w|@)W>OE)V8qy)b+-!z96Ga9zd+l&wMG3Li22zKvn`)z0lh){3r6p$ixj z1zWU8-~p*N^$Lc9R^%Fmb1Wr2G}R7jg(35TrA(|H1DHb=8|JAVi-KB7-7_9qeb8zT z;$|R&t)aP_&`e@Z0;X2bCsDHfZP|6b2zxRR`_(tnG3+E!w*{vsK^_XFXoTG;m7;{* zp~`0kg2@5!0aTI0ST2Fq5O{<3e<12^!P_-Oo>8oHQ`eV;)prLj;AioI*GF!rC^SAM z{i;IWevq+uLJ`9IW>)iF!F28RdAM#w^*i5`u6jM0h}wd#(Oi%-X+BNL2V=S$gBw&^ z+e0hy``5AhmEJ1y3pW3z5rV}6)gMH(QZH1NGCH+dgftjTAd2|G9a`50Z{wE7_V*VS z88bvW#Q@kHM}uVM*v}O$Wb-yi_CygER8#zLWuyK{VtulB<=YLP9f#laM?9~FJtL>> zlOvx}GL1WvEd4ezDY?Zbar6>1=n^yd5F_RlC+3HFn2Ffvf~2SA3dGE14)eR`3+&68 zxZRCd^;6)lhCJh{<3m55Mq5`*l~=Q(FIh??@#+BX>e!QAiO1Ku-8k;6Tt&*(ne`U+ z@SHrq&f6j|=K%9lB6fbqgjzty6_gA+E#S370rLYge@k0`= zbYl`lrU+qqw-^-r@a?*lKw!mj{-=?y;TqO$HB+~;|?g!WyIqJD_oyZ_PLd?o+y&8V zVbHmVb27M9_?@|@+Qf>|VxmYiCti88ina2u%X@_8Es8uF)FElNT_?g)4VIi zd>D=QWo)Oy921?OE7`G;TT10l!20^2+4A3&L5gb&j^d%;WlXGMlSy(t#Z3ogOTS9d z`q9IMjDJ_berW^$hT)s4)P3&Xx7%*^;z-m}Vg#&Lt^z#0}Er8Hyi{(aSQ z(y1G+SE0+u!tgTrHs4-&4_MVr(Pmiwy`A=|N@_B2xMy_KF;`J@H$|RW=YRy1wl&rQ zM-OQDAC*rac>u#(m#HMdGzk$tWZlE-N7QrUk->pmRi_0z&3Bn-vYD2F_Sqa4JkI>N zKQq1}^f6{OERW7b%f>16Gdpp=v zxt4M~ef>Hr#PO=et)t?_YH7k2(NFA}Y>)TTF3c^KHAAp79wW)4m%5x=`%FE8_`-z5 zgRdSGg&%YL!dpDzlz9qzyhWUjEyYO1ya`bpgYj_lZ|kgDA?mhFnibM15OYol^{OiG zk(7C1XNnqZ&0XDT~erHXG>`+m)&|Zdhe=Jr17S- zXqfs#@c)*GLmx0+>I9Gt2+Z3s2`QNJF0h3uGAV*Jv&9=NBxIg8Vtt$9r#C23T5l0!JB z5!`$)@CeO7nqrZrTU|(pDnpuK=~5!#cObqtm8Q_dwvfJWD`jriuIcMIT@qbx2Oc{1 ziVCoFhMt2;!{Tcx#%X0ETych%y`{3<5V#64cn6Rnc0B8*D6+?h=O>>g0rI%&*cRGv zAJ4M_@BplF7!VnZb1yK5w{Q^0wYC1eP8kQz##ZFk1S71JO%RWU{~%L6ZJT~}OPpSP z9U)s)d&7-sWnlmLG)j}Kck|Iqu_S|eShP3&Zr#!FV%VO-eg)4uHq_S#0NH5o+ZG-1N6_22G7McL>#YA4edtBd;>O` zBo%kmgd=IzuWuz<52waaBdEOyGlNW%+PQSEtHs5al)}?D-;C73zGX1UA+-I7cTQ{8 z-8mU8DC1PD;RzNY&*x;=dLMwMMmVl@6Kn!S{IUjgxZTK^{(ovw)}e6%>!W{{pX-(J z=37A@LDl-`Sq<-WPVaFX-r>y2#HGtK-P{~Sna*pVc_oNJQ@P2AY$`PWQF118MJl~H zh^){^eH}<(Qc1QZ+1SFh7le^She*4kDh__xO+UxnC8BF9itk)hQ_$ys&){h967IVW zj#!<9sG$8Ro6B`pgt*LYcUm?z%zUV}8hV&0B&^+aNlEe?jVg7R!QLl5WA`0H`ck5{KTt%L+yb7u+DwVYSBr>ceR1|GB=^X> zVff_+3xUnxI}Yu^=w?Bn=*+@(H*SEFPZasjHj(uS!%oRySkVVv5+P!M1HhzWOh%ZQMKg?&u#@~X&VesFg5h$xpl4F?}{Y5bI zRBr>#XH3{4#(3AsNr;zX0UB`|YKa(edw}wBmQY#{!b~lcW~~-S5syFehyuZ2AI_;M z?20@;;iIz~zaN@F^O?84!0w%63yU5-%^XVh$!ogdBMAPFlBOU08PhU^gq^EXHsHo+r`QO6MRV4NVL7;ImN zC|8k4@|0>cp%@KTK4h&UX2$tW2!=(0Op-p6V{SN;7GW%N#$cLEz$9sWa-;G& zQ9Oqz*#-@=2{LDsF-h+NW-E?AnHU!dR#rUF)M*qbi&zf;-1>K|_%FmK^?4IW%Aiyh zkdTydJ5>gsY*5Ji{$iX6_)L75#P)nCimlK$oUyy=ws!$nwy2Y&(9tA}c<^ z=-k6cI1F#htws5~wR=w4ko1*qIni$P@ti)y@!7-;TI>d0q9!ib*NjXfrazY~e-7LJ zoOAqn*C2pUHM$vjGndaC2E-Kz$#Kn$`7wq|P@M_~`M4jETa9vVX#b^EhZp?nH1y

%Ss^-tIU4!)uy#zS# ziwe!t(PQ+UxCM2WQM%Csp#^zw&N>Qe18mR~Z$SKcxL`ktDH{8x0(sKLr>IG?*O zZ{Z)iN{)Lz+W7tuo3wEydHl5Y{NbVb@wBU7wRXuy zxl~2TM%`717;1JVQ7IcPXq`S-YD#BY$OdZ?S;bTQ5?gHd>(oP6r4m%^_k5Ylns^UG zAuaETb*c4En&8Mn5RPLnp(L$7h)l;;YX{Ptgr-yDOjOcX3L`0F^Xc^(NlS#s^yKko z8uX)wf`c37(!C#qX*0YTV^Fp5F^@#5&YTuKMzf^(eOSNh-e;n65b3sd>_zj3AKfq|o>YLY69 zy%Umh&E?EIw+aDFb82!>O!Z_R!EcO|J6RLwP2O9~e+HCZ=>JiTKG$SRHFp1|8aswe zM1him?@GAA-G_`{$=(MD)_i~EFUdRrX#QMK4Ezf-YmX>=L9bnWy`TvK&&Z%#&R}#A zx_^)QTEb*VF~A(1f7MK5$oLp^B9_zTI3{8I^A%@AbmAWyT{RyaJw1Jo_hb3z^*3+c z^40D9I(lr`*8abIbe%q*ljk+{4?U|d)pJU!+Hy3+*dsr22zK!1#xqEho zg3S<@uZua8j@8{;-EK>GORm`dcdh`KDjJ=YwmeR8AW78hN&=zgMDc z;~D*@Pi_{aiz|W_tgd!#^Si%k*E#r%xyR);82giLXwT<2Yc{lf7rs`fNU6|d@V*`i zIY%qs9p#5pl6<8ZZw5i|T7tFp3S{%r=~2$#8r{5+{vJBEHap0;=o-7gejD%US^b*3 zzxa1e&h!2+*nIU5Z0-cQc7FaBY<6&!m3?Y*jlFb!)d$QE;8a;Qd-sVnnb5a`(SCdO zUfs%}57rT`eZ61pucwt$zD{Ux+ZYjSPLlB%;6@+@9T7}d1=?MA;uNYU5&or636#$_ zv0*D-8ZSp`J_wnxcC=h?kmh35h-5D`Cy50mYV zmoUnMsHy~DY{G0koO!4^DblAXPgD6AP%brf{!M8@Y}5W8x;=zW7O=7jt@SP)?c!6z zjC{e&+s!$`TM@F>#2CeS_%A$iM&;hA~kU`9Nc)f_FB=5 z2(sQ$FLtGwgqpy*P|vt*56n}fnSfKcsnLM@u2~mm2poVM4#kgks?l{<@yJnnc{bEp z)x9$YWQ%@EjHj8&muu49gE8Nq)Cza~!fvkSaZMFo%KNq{vN$<}R_i-4r@4p9Fl&^< z8E`Y8uqse!FnMR30H4z(nEl^j!GPqI38eHeD4rJhUT2m0CeQY!D+A2j)IUo@zfvZqpQ7wN9j|K;*?=UJ!TQg=YWl;c>P@uMt$NX zG^WZ&qP!3>yuz2Sti=cjY;*_m*y|^vYk?5)M~V&`M~ZIq^unYQx1|^HL*YeEB*Eqm zy3c21NgStUdn6Rdv_S}iCc#E3A;EThcC(NxDYRDKY~-CaT|SqJtMpGw1k+Zecp)E! zAef?H`PS;}svzqJ+Sy1L>8Dw^`@04xfEOPE#UfC8GI$ZxaxH5?UCS#Sh7Fm-35S&) ztQEa63w=jS?$E<^!)|N0DDMDhGLFcC89r+`3>2-UmKnlvsoOGB9e#deQJ~?*yD;jX z7$d3iDqc5Qe3eoX>cwx$i|r#Nc?cr7s2zHsRA2B*+=X8!DKR#q}<77By<*oyR%V2fHFJ=HU%y|2M z-ba*$X=x)dd6OnHl@7@XV$kUtX!Zm$n=YCdd(lHK9a0{`PFbMiWom(~8||ClI*{HY z)1W4gtH7Jw;7o*W;DX6m1EYJZtfRk9%`*a7^i_hT)ud_2<5e@@w)sbxn=FddBTmQY zBj3I#a75S>Zs3hGrP$H7^6v+{L&8(SnwS=+KEzCEUQey{CDJo}%Mj6_*#q`{3QPBR zD9h%U9GK%8oQ86B`$Mx?h3I|LfkUYWQgiuXu;TGYHwNy6q4(~_W(#-tjp>kZk=}9h zzjxm42~xt{``-494?#H+xBFE~JY&{VrT*kae zW?332Ga~aXI3E7+=h>$HW|@_H+&r#6Q^5xnYFa+67$4UHVYZR~I9)`vFs5NXcM;T5 z3-aZ_!{>(|)H|vg#~hjPbRDqqur~m6`Pn@o;-YI5F7!X>dh38VmY{p|;_d`@4el<% z3GVK;xVwZvaAzU7ySux)yF0-pxRbX@?)`r9-uq*hVTNV8d%Nn?sXE=G!D3QLZQZW? zai2&rSzC-8K8WJ?Jl<6tKITsl+#IG$UR3iTE-P^n-Uyka!ARqSajEnjL$a8J{KcL? zFxzB=2Tw_f**N1MZ2j=|qn8|$&bhJv0w~KU5tB_Er2txGDmKzSvt~_56Yqsk;9XSr z(upghmr%2GsU$lyI>eZlMHf?m9a7R@X91XWYvN%pva)^dR2N~FmMmfwyQnVJS^4Nj zxt5FMsACn_I?1OZL#{tHR%t-D50mDJ0dOb^@G- z&8-pTX2QE+PtJlc2{9^^a@9a%vcvRY3s`v|CZ~6?Bls`}&6`1?t$2oN`O%|Z$gj1V zx~tMG&&XD|NlWZ`WL+JIucCl8`tZdff~WR65pJ`T@QWLJpx+OnMQQgvE^UCbNlIf4 zO83%wrE^&ddz3U%E3lNDg+r3jo|`p|(RWAJ8YaRp%L++Ud^P|@Kzz!o?7DHBWPJd+ zf1-vE8hM05z?J*4ke#ROk>0;ebb(=6w{vFaBx(6HS%&qHD3%{}Ce&0umj$%Cr1FD% z)(^R*?_|CpPZk04WLtkcnWC?G^6@nm>JYgV|01~~|9@T17U?9-%M=q?Y`>U;S#R zgeec{AJ3_C)nJ(~dHoLweEJEnnP6s_G#xw2s5zY@vz9|}s)Q)43l#!fDeu*jl}+{% zJf%%kLh|5(gx>T*-al!4!}Nm6*4F@#1H8_IU`i&7$*A3HGMh7XgBqc&mO!&^{zoRYHdm zdnh)z-}JbWq1_JSsyjR`Gyw!xpp-W;--{(usy+3OdJXgSmF5uauqhzh5l*M2QXiYO z#)a!;k*!EtV95PHd-QmOMl!kpK5<@{K2XIB)(+yZ(tb-k)Fw=UxBZm@^qCYjK;ix{lD zUZ-%qBK86_KWBANI_{=*6eR2g*rum-rYKmwPE+i*Jx-4)NGnYl4G|oJ!be#R=uGl# zbInrl)lQ8MmZ0jYm3b%Ml@qVjZ;opDq)N-#Wm~%Za~VcLVM9kQ3r5#ed-MQpN2YF_ z1Q&COY|}bKQhb&-lK4Q$DPwi7-JDK&_TXTQ7!Tq04hP$FMC(2K88t_3Nhu7qvteA~ z1zcnlU&m@S)NxIH97A5R{V>D?Q?b+wAYy`;Nr;0!`+;S5sr1j>1dLtcnUPgoR^D1S zXd_Z)TJ9lwFXj_1x-Ap_W?e5GZ@iiS4$tt zI$%lW5b|))5jRbPfNjh&z3M@bUS?3d(p3LjP_I)99yU8sCNV~lT2(~VL7WnF_>+Z)NAzM=>2dBdoNvgNS5DGpaa z3cpQ%Q=xMA9?ST?PrxTnooxO?)+*QUGB#vWw~kgBi=TL~FsDg_{G z`|2&0WBvWYx}Zc6l15z8n_?jC@3+B^l#4*5*8c6dKB_ZDKuIH7S067i+xbq%PRN<+ zk=p&e^B8GP@gq%6byO{wcH1QrHc^gdN?k$JIK?vgk>nmmLM}T<YA$^M|`1Di7=P4D@EbK@DC)(`-8v~O%Spi5iyQsEknx=gqyH;GuTAOLFXzI zaJS4@m(RYyZbcqzJstd@`5;Y10yQw zKHP;mpbIepyZbD|2WZifFK#j-L}#kqwlJXA`ZlEfAos@Tl}m7r%g~(I>{8KM)b=&) zLxqGa-WarbsBeerb1LDD%Jos(fLdjbsx)4AdxZQLM1FH{WHjay34MNZVYf^;9Zh9^ zGa$biWYpoO6s*d+MflCVf;uSUTD9gha+PWfW4dKfF+QoFm4DX5_`0B6`y}<$aZY&( z~5fgL~GL&Vkhg4AY8W zG|S>!Q%|5WMG?$gSG>0jdK+_ntEr&+5t*9lN2>{27j;4^ZA*Dt&o-q7$HlOo$RhlB zO)vOGQ*JxJqHF-UFIre3XSTEY%Ma0|_VsrG?3cPstGYA=#0L%%b0<0oFFstmPfxj7 zq#0d>c_u@7H{2FaJ{^jm*ZmE@;OFz<_olHS8e#3bVn_4!d2PG;X-~6kw_lL~_XKVR z2@PLwc)LB1UAG?=@MC)RYOt5*_egmMgEjR6n=D|&`ru+Qkn+;xU=pK%%@YvZEdDs} z|F~!t`r&k9ga%XlS>SApYf_B`IcGVR%^kUP%27sdfn_ApkVIepS88a3?$n;by8eRT zG^3qG<$D`lXYD{wPbqUAY#KDemuGFw%a?)l(}j9#isgl&t|+?%p%B z&)n1vCRhgyW(M9&C|P#c;JQF2FSysXvzwkhR>FbGq`IcB7XGlX_H@DlG%qKAK*5a_ zVH!@$+k0gxs-qLHS-b!`HT7R&g-Ct5tXJ^VIK{K5zFoZNH9HjNu|7^Bu$4n*r_b=w7L1XZ8$}*Y-eqKH1JoCI=py1@HWYRkiLYd{ z>@~8jFNM5*Mws-e4*)R^Bb;5mW)vzR%PK|@kR~{qizDbl>q}m`G6=w-7D2NR+&Z9I z(a;vY9aB@rzX4M-P08>aksVW$FDw$=x(NS~R+6iqgNEo?-X+FF-A^+o=PbEo4z z9+{`{rMgfU@W&_xvUqvG3D7sv(AUBdE@6^Xn+vnZ`G@xHru@Vc#=;y6j4&0kgaJcB zbMzQq5F6Y^`;T4jql8d#%22F>)vWx-3^ye@G5rF{`L1rd^GpyW_cbtCd9Ufl9^==<^Hs(bIiM!_T23>nzh8knPkk z<)745h`Hd)mV9u87|P?Lqjt9BU*D5|xR0~%u2fq$F|SMTe8D7ecTt6M0uVx1*zNk5 zX#?HVx6YAPP89f}m5ZIMn$kOAd`So2&NA=e)`eEUO*N>U90g}89AC+XS$NcO?fdwMWyis{C>s<&{#}@#$r37P2pnt-?nuuxcT^d0t~ zC;24t31N58F^yLq{`2^g2D(Oojw+1dzp ze-V3=iW-1wN@N%gm&ckk5s3TnZcr`)X$`b>WCE};KaZAiS z5!s7=oo&e>dfh%c4wqqG_o>HQMiaS%e8N?+Cs~pf5~NkbANxM0UAL%^8)1-qn2N&H z*h1Ey&&P$X0LlX$c+NGR_T9F7vvr!}ydm(x zqtI~RYZ;<|Jp*Go4wayQMg84`8muK|9th;Sh~{-7R49y+`- z9cld16p)rPG<%X-N+OQKp5--veNLlGxhzR{Oa-hyE-pIvT#;S8ZvFtU^!ofPGuaE& zPGIFXa2m*qfhePL;h%EPzY2+rW`74o1y@DgGI*aXU-Pfb^RK3aMDc!6u+Baf;ma01 zi3P^V8Xr1A4St)HX-Glj7~D-(L;C8$A*xE_nJgb|b_QsL9vGw=kLe-BLAnsA8Xu_|k8AOnBSlQ2bi^gV@~~C=R#|O* ztbgO-iDNEqY=OYW?hf*bv!Kvv%E-%pO_on(FF1B5z4U6hmSkv&xgB>AjI(d%1jiw| z8ZGn+xdt~bU>$6dg;SJg2=G3Ky*|AcnX#jRvGY9xEozYLPXbQ$lqa{iC}4s5!e`A@ z6{@yz)RV?gA6H*(t<-LQs8cp^NPB{Q2nz)K68{3`a;YByU02|vFJL|k$Ru9V5-ePh*rDDOE zx&{WEuajAw4ap#mRJ*a_no|f!9MKP+{AEsm!=^x_)dZy%r3d#u#Id zg0w3KOd9c<-aWdp2gx;v=;D1${m@i{^AV1uCL)aJSeooFo+|`68@+s!8P-cd;wMzB zapRS!Bnnf*_+yO8MgGB2tBp?Y{QxI~v=+ov%Zca-4%_t)pRsU7IgelVUZO{_XI5Nq zKR-bHZ5R(ex9@j{3Sk1eS59(KgrQe_HrYe6M>hm6R zJ4VDh1ld-oL_gW@phPfLRSUs!eq;73suVAJ#Ko~+W0^Wa{TsGk&FGOTH>NupD{puk zY_EtTHqB4vb*KS7#dUEBM{Krf#q|LS*6_AuyX{Fw*6)1Flq~6Y;OfQpHe8e3t zdQgRT4%p<`XN#;&m%)@U$+eCHD(t!AX%M1KxF4-PHWD;$M{_xdOQN_TEUDC?jKw(u z=~9vmbE+rSzvCv-6K{^fCzF}eKbJN#TpKy7WMhqM$3CT|++ote_W|*XlL6{-{F|N@ z_7&@DiW$U%8L6Cg)^#9~IsRq>IbruPMTQa^w0OypZglKuwZMlmA(+owcRdbK%dCZd zhw6~^0rH@k?AATZZqFGfGJYLzj1xFipC-4Go?c3-MX1AACd`&+ta0;6D$JJvdbKMO4w+W6+ad~tJC z+@mJTXZv|`iY7Nz?BJM4is9cBzCwVd0Y9<*{s&mWA7Fbg9<{@fm)|Td=%-tr8Mv}} zFka`rL!{gHv13Y0f3(Tts83a<|4TYuV@#b`ydd8!e0Gc7Nu&>=7*$V?lwsO%UZ6EV zxy`2Exy>ZU@YxbP*$UUXL+8e_yE&7x<|?&~aE_WX!*C9<(RpY{O!edT-xv;1q*lhOwH9|g46))Qn2MTDt^IqsZu9;o5lE&#Yfe5v-i>}97B z$|hi0Z3wLwe*kH4``hQyloKF@<$s=i`Kske#wJAgPeB2zjlc$E=H`nw`(+-0t*_~Q za_H9k$XkegIuUust3tm>(COM-L)kIc&9_q}a;&x3b#$wZkp?lG_k`8QBtllc*#&^T zv}~vYUpiwd5C+o&CWROc2f}r}!`Y`oT4B%>FEt*CB{lmt$^KL~I{w0r>Lv$MtIkQ- z<-wAMKUN?0MZWF8ZC?km6*vIOcBWI=Gm>!Dv5`ljR@ra9erqH`Jt+ z$v2LMyeLY5|3zC8?RKLJ0goU+LjnPs;2%Jn_o-~8WnyOszsqH;EDYq`x_#SHKEap% zQWq1eyrp=OhD)A5&()(zbB9#W2{+^-Q(}Lymp#vgV|oKSMBajB{jm}-Qcf6L8NiJg zB{ahWcT5JeGECv|;!Df)XQkr$p?1owcHR6?o>J92lbKmTAz*!PDKJ<)X5`(y{B z31e$a)(uye(b5tEWFT47oBRw>c6)8~z$7Wu`UFSRP@TMcf+} z4vZo2l%yW4Rx-wmz<)y=eT$ELYAn2-W?Jt4FdeyU3c(@x2->VH$8r(fsxSuZMus8`hwm&E@ zEN+O7+X5@g^)t||I-CnbqgG}Z!%U_hI?Mz0(L}5eEp)ZM@N#(H#I9tTNlZibmwv#+ zkgGnt+P9=mfh4Pt24lKp1vv=Lipm?1kb#5v$47-ldVX7d4Gr-#W`1fxE-RIVM&Nu- zGwU7I`32!dXgA&e2s7oK69m*6UIX~{l#295(y92Gw0hzv=(OO}+j{+qc zX%{jmKpGgB9nM(nfFjjNV=zS4y4oxt-HsDX z2JHz2l(LUfYX#!3dBM-%?Cx13?MG-Q=JEhgOJun|BOWmvt^Y)KiVf>qsL>%ke|^#weLQHlD0-<2DoD6jlF;8yCV(?_IM485cQ~8fPI5pXbvVnBfi4|G z&)s`1^?~#FU4Zc%inEi!DE^@mZvQZ73Nj?2hpa*5c7m{f=MNE2?Q>NdE{rPuf2Dgr zY6Jgw_&qRjf_DLHQS-D-`sya|nU5Bn`Skkw&SoesAla+T%xt6$>3O@Lr6pL(sc{30 zXDu3^n-(6^(l&puN93{TUVvK$eT5!3%ZAyRlfl$B6btR9^6pP6-BV+?6`;;tD zg)lS=OcYU5B-jk>>WWfog5k$%wkqtsm9I_Z zaU`})nR|Fev~MrqxkTF6jlp@KN>lq<1q}vl5u`7_66xE9#No#6Z=V74RsO?{Y|~&d z|4gDVQ0@CSWlAmrgYpcDjQ-aCty(cw1C$ck7Z=vY+)q%7T>_;<_Bp~LzqJ?Q%X%lc zh^uK!;2x{Yh6-QM^1r($i_BB*C-PL>RX#*ce#n!V!cO^|*XEO}LOMCZ96zu5t8K)Z z@ZrL6h4wNbXl*&cL96(W@+p8#v%1zBnI+LS9e1#pi2qpf0X5E7?0F^D zcZ7EPlt8|5rzhVXpz63^G&4*1dcs<}iI)=%n@WUGX7O>!PxBzSih>M{Ek%1|-V25F z_YYo^KvOHELFqzu)`nmcGL=&>WYz}3&XPMu4Z?yS6y(FEF{T#(`MQA4(2^DoEKb59 zYlM#j$7^giq-tvBnU)5@fQ;}4R!+3iMNA(2v2E<(G00)ieyZ%rx3!P=cUfIyAv;El zfCpS=^`)Q+j_)0CuJW0~ zi}5Eka30=5N%o*w{qygv?p`zZ$R9(;CAtJ^68=ZRDO^240q|Zt8==9{ph${}9x*R! zG*Q^`Uk08G+H@jzzm7z9im$V_i>+X%#w9pjCFQY46L9Ly&MVjUTWuBCs*9lbTc@wL zK`pSIAv62tF@E#q=y=2NYlLOn$V>x|?sLSrsv>{dYbishL8qnN;AHfI#`D*Bh7{(v ztdpSN$rT%}J71LAUpHT~I5HyZUYZmhFTWRaiIVh+tAC?mzYIS&|D)P3SygX1e>h|k z*!(RKN-g8@-gLccf9d$uVurc0c9n(vaHa45X(0{jNS47pLSSWS)9&oALg>qJs;vQi zcP;it?FZ}SYNMY2eT#mYQ8Un1gv)U0Bz1I*GOB%loNY9RAiu>2%p(&wTi?HRu2ya` z9nV(;I(fLqqgGJmQ;hXLD>PK2^yo=d3w2MTUOEQx(^D5zET;@mwNtlf#5Gm7h|MV@ z(?3|Zh#Ckyy>)?*yf$}ixS_Jn2Qa%G$jJ6+!!Rl@OQrBGlK)n>{H>ochjWoKN@9AH zOYZ(x+uC!wy%&Mxo*`%XHz^>>*238y$W5rU14^3A{fD=6G?w`4T(%0gD|fBz)z*e) zx>9>!P`@Bsg5)TZqsEU%>BpiLx;Z_uQO`y8J_@n+_6<GxAc@=r(J4k^-?AV@CuhUxeJ@1taR!baC3Qe(}K8Q6HEj8^^oc#w5I2y@~Atj4`! z+k7NcKL2WGFlRpZS=qUmNZLGYAQ0A^nFtLTA@-1^{W z;R30UB!L!XB|t3~SOoE#Mf#Xq;ctaA;bOPMdBS1AkNu#9VS7Y65Vea2FXRM^=q$C3 z@HsqA{-?ok@!R;)czF@B2F~9apcR=`sQD0cn1|2Dg9KFCG2PyV?e|E83v%v!=H!eN z<5@o5yj>2$@gLwb92Ti4d+lCJi|Pzh{x2)cKv)l4J+Snu{Mpz`4}*0?fLB5c|47k# z_!SP|IoDY$v^6mO|0Puk*1oK47zIaD>JIv7cv>l)^J?s zid)E}Y{g-LZ03eg2~2pY-vxnrjz+2*)n^a#Dno6Jt1tX{uw?YYhbK+zeh0EY6;wt@ zzu*_;Ui(!yKNaT@{815|1!DU$RucqYFGMnT2;KvjdH(obTypVF6gx~9ZjJl ziLEd`{7iJe79gZSDU~dqjhOwMYya@|lad-m+QtMpD_HEr428apT)?MnKQS`*OUbMV{>?UgL;`(Y9uDttXs!ZZn-(;CBjuMdaCExUiN!AS0_aWBs z9WQH`)RC177MMca!nf7>^K2JcTG3tPG~e%0${J4etFes*;-|Vi6<82##X85jt-0H} zd{oX8X#A3h1$8WiaqO0Bt#4nRAHQ$`z_FuB1}YN5R=0=%M>rb^o&!IZm%uxdNN#Z6z2Hd)O4J1w#4MpS-Xk$K$>)CV@eW zkuy@KhO<&}Py=woA{B8^;PX&|FQ@t_c#BBOED^)^CKqk}QOA0@%^NSglIoqn3cQ7A z+uv%J59Qd!SPvnB+Q&gRv(Kt9KP#^3YN{UK-C|2IfWhR{(9!gV5eAS;yxnB`OdUab z3+?8gA~6L{JJ1?}95LMNVP-oW)1i?~6Emq08!XdfGe*&ysf#UpoSp^)8}xQ93>nAL zWAMfx;4(B1Oz{w6JWjM76|^>eM%huFum6W~ojI*; zj?kExSz-@9y2l}pJ3pdQnx4dX$*6|aKzSP;quZL)dRq&JU>HvjA3Ef04&QPgZ*)4&w)G+3NL{vHikVO78NW9MP?#N; zOa|Mc(v_rfUJ)uF#O!cZV56v{bUKRup+5S{R~4mX1DbWJ3d zbc6&|(Fa~QX)pBjxD*>`($%qoSi9B1dS_?9xC>ttabns0UuP)(FP%Vr&Y?^SNisOz zfl4|zy78#tO1i?D!}D4T`dR-k0^e6^szL&LJ2TOn&rXdDP+q)f@9#{ztE~htRudS7JC=88bW;WlEy|+pfT{f79844d=v<<%6hzQsu`=0>+kcUbO`wL8Ii zM}sbgu>%zu#)1CP`LodSYPP@j&4N9nT3i^+)5q!DA{j-)oP*)aQ&{se^l-=N%-aY& z9T%AL-wXse<;FWBgB`fU;HematjOiJ6)8*{N8Uq}r8Q9xo_TfL0Laxz@T)By9Wer* zq53O>9nfXTJJtoVpctwSBcp0E`1_S?2NCXzgfcAExYc0MXq!xLNUeZX<5dzH-6HoD z*fHPwYQsA?t1WWw2jN#}QzUXQc#!C_8mApJ`i3pPZNA`)ij=D3FyQ@E^e#vWfr@g! z7{WW?M#1VleS_`X8V8@QxFxFBlxl*9nKEVx43O78meWQD?hEbjgoM>hZMyH>2gu)K z7gOE_K7rTjB&tvtyZ>Auf%U(YV zYW#>!l4ztXRVvceQlmNs_~R=Mz$$B7Q~AeLyYPV(?`Zs=T!+`F<}o z0DT?Y#vB79A`gQ_8Z+bcCm85+ySPG_+Zvu?&QuJlZG6Bh0~WFlLL3ap`!s} zV&CQg$B`z6Vxaf+|Adw}m8=E2&zPfQom=x(EX)C|36lkM@RJQDM-I{3JjNe0q8uUA z8PFS=&M)VNF59j)!YpJN>?&mE-|v}4hmI=8_e=$<6Wpe$s6H@bn7&4uMrK@v2gqyn zr{Mz^VE;2j(yhH($zk@A3y0Z24O!)@qZl--R%Qw6iU28UDJ)EC5`+e6ELcVCN1t$b z0SiqoL&>a#{|i+%0a9Q!Q3JxTnqbvRt$Z#?QcUSdi$%}7b_oV>_62SM(n$XcRR|{F z*yr$VZuxIoCmbn(Z&~vKeYRW`I?%wsQ#>fB1+ggOPOhS?@c^u*v7Rk`gB)MrJu-^kDl-3^1z_O6YN+Ip`9 zG-A5EDyQDPm7A*|GDa#0meW=a@9T)(;Bj9$e(~NrxB>sE&@9J>r+7uRS%bly3=TcW z2UE{4=Hqn>it0|ovl2$ZXT)PdBOp$3=l+LE(B7)~V@Jt=$sO_`YS=QlTa;KRQ7)-E zHW~vjN8t|mwrt;#-3`hZvT*MKSbB0d;@73e>TwRhW6vNv|6FqL%tm@rYYXxPo1H6k z24iE%_*Kzhky$0n5DI7EPRbyA(erLJvd#MXfoP9=e zWMy8@bV)%lmEs$z1P{dK&r>6-(!>e}-&=5suG6)hiMGQhsN1~3DisXgD+G(*PPE7u ztYgpFcfr1ruk7GkMfGc~JBg5Yb%q);6=! zW5ghHx{tAYh8ovex`_!?w4Ir`34O|gfR$_#Tt@N(OH`1g56$KfICfqowiFuP!SF(t+3u81DkMrdQQ#1Pd*v>ge>5)0Uay&B4gN>cn8G5 z_CCam%+1n+Tk$5hLg?f0*jTduTwgNum5&d~S5qd1@KZTu&dHkzSVHz zML;*`j25%6Cf^pRI*%7grPdX*TW%AM7D_*8%bePH1I8#zgJx8j1dnIgZ^wXGjv0LUJ4IX1z0!%uA*+oV;2$Gk72_IZXt#>7{0FS@e{z`Mf7*I~)0{ zQ*NB~M2A|oxUG&#-5eRXQLl)XgY5F#B6E2l#~5?CEN}o z9M@4q`XWUgwz(ZPB3;&GuxB5RiL#}cp@W{zvO*nYd7J&EogMESQwFR#-qrlQeQ$;)m^_*;cRYG8{PRZw z4OQ@@y>RZz(7kZlXu46qo#tFE=4iUqOH}FQ%c1P-6(urqKRe#|RD2^^vd$_^$_x)x zQ~n9vDfx#lCPgnsA%1guoOLbilZWdmK1{|CzGk!O8GY*EGau63Tx4N*>yQID+%0QZ z^FF6>+xRO$ZH%>6>!md@?~xmhwCHnZGxC$c*s}h|4ASu; zq&z$IuxQxY%997l$TR)*oaD=gqTpEB$=C$``uWK5Tg^ceWqv`jI=;VW5PL2fX|jz= zs=rw|dV!Zsmjz|~I$FsBH)u$VxC3IF)ubz(^3$C(aGa{vflHbz0fuI@C@`ZZY5m7$ zv#VTE?evLKfc)|#)iS`Vk8XC+rE#= z+eYRaXHBDgJojI&%~+)PQQn;I(P~L%Y%~EVJL-JRSA|HM^ne{2pRBs5mvm|&_|b9d zot296lV$ooztFg+BWcM-+#KPs25lvL^1q-B5fppcT`N};g^G^s+IRl*21^P-`Mo(L zRkS@TtZ7kaYMfgshK{w?|^H zPrT*xa_Bf$%AdbsLEPf^@YATu-=$@fjgXWy_5GIsp*?M!MYA+{&nKf}@Uk?S{N^Ok zb{d7byi~kaZVFy7#@OPG%<8vZ6%!TFlHVs3KBgOFq&$E+K?mxD{hv;lZT2Xu&doKG ze@*FC%z7hbp4GN=80~n#+D8+K;=gvT-14g~gmP3YPRq2@4xjWWnw43cy$o3 zuiIJwoIY7!IvG(&xFosS{vbvkx;B^;qM(DxkjM>M{yv?BQWQs)HmpPaeSIJ55s}2Y zIcviN3zCQfFbiURsD{6rY|LP1=!6V@g8hHSwdOlc@*Z{2_d={lM1;Vne`8y$V+V#W z9q4`Ed!DXn3`ssn%l`U;%=xQdFnmBN9=2{TUy1@#J{4q)@l=kp6rdx=*?dGC`BZj< zL8+nnzH(6FDnDo&z~wVzD(-H zK@ML8e&y6)G`h~h=M9i2u*uEQzjV4r>cV>T2XvtXX%Ucoda*X#)2_2&7cg)tii-(2 z1GuygUuy0ZjYo6%qQhIiQaWhunMY-DyoYnVBjPMRn)hh#WnD679bjC2H^tIBrsPIZ zX9uvo%;Q7=K~k5)-%=MIg~H4ylf?2~8<5oH>xwOzQk@oU2meVWvTO~UdVfRrv0#4qD8Dtm>BJKsvL3_sBPObFI7f-s~bs379hC9wf#79?pDaf%HIMu@CX z?5R)a4hBe~?uNyWMz{h7My z{+2ChH)bksqk41W37@a*JR=)tA~F4{-fIW;O~yO%F=)0SRi{qf#ySngRA&v0WNmeM zF_A^Iu>q*GvN+ht$&0?WnrT#BaXw&ctE&oKC3eGh5-9(wnq^7PzZ;fy!scx<3kp(K z@c)u-EE9VPruo_?lEpU;O(ddpiys{09fc7Uq9$_GjS8^j_9+L#+mkxD>4Q9FLoszF zUrIhGuL=v4H!Fy5Q}~TD0wnh7!Yt1`+vxEkT$(W(w`h^bzORt5{)26OXo86c)Z+N} zKF5YeCUz1$Ujb|hA##iXiHoBqTiW*>qRakV^`a@ zJ2vQO*Bu*|`SrpWD{@P3+#U9idnJKynVMz%+Hb+BT)W#1V(~aSYS<0p-v}S;lwZB# zr@GY=?kUvz0&`^;vv%ZzOQ_={ljH{NbS7~xi`i84@Ou2e1LQarHdbRD2Il|}133Nd zB~I!{nEWIUUh*6$_6Y(te(rbd!~fK`HIl?z+{Lgiq>bpk!Dr8D3{?x3rrc}_lj94v zV>H(=Tf{SquQ}X#x7(A&WY^vL`FLDt^C0RPyqrUwKJo+pkMvoYoNt2*-4O>c%~xO2 z{P1DBxL`Y?H&+-$Di8h_#eCUWi(F$!S$-O|N+vg__gQ*D^J!|K%+@&;u&9Z%;}{CJ z!08pHuDAsZdSd5vB*1A1BfT@9&qt={g`C4=04_d3;<)u$Asi_}BUj)vQT{BbPihRvF;uHw!F^bbU{6Te?6dz>;uGYADl>q|6Y!L3v>$iHqal1>Iqa17I;f3QaPUwgW7S;))JsF0?0j>T1 zM&bZt4{`Nvz0Oata~fiWR9$M@>0rz^o~~j5(9>5;ee8eW;z_d|$6l4N-ii^N>V9v9 zjI9R2xVf$y{sv{In|7tt-~fEv7$19?I zTNUl&WeCri_~=4c8&kkax$o@q377{^p2@T~>R+geTY z48HoDK|WQ>Iksvx*1SP6*5D1DnHy=(7G&AJ$T> zzJEk}OPJrC*R+vccXSL`)0W#7<;9Ch{V@vwIUQoAS9$T_BgQ5_+%2P$;^h~CFhdoFN&no%VXcg$%c{S795LWnnA@F+A=l97ZypU-eAQi(r!$ z(NGOyn>=H!M5aeO%L*DaGEqKx#Q4AhiT}E?2%EG1V6&Cr((m9s zK4mENBOQ#uJQrZWJDuEI_r%0J3Aa=}y@xCSlDChQ0kLQ9%(;6I0^lAs#zr3b_MKG07+dwo!R-Be}yM7 zLx{?4yIM6`O7oT0PFG4#IOhZb+D33-uUi^=vrUsx8`7FBZQ~j!*|!0}iah7MAq2Qi z9cUl@rlyoep)L3{t&E^zPP#VMKGZ9hT ziOLhtZP*#mi`XhkZ^SAczwGP2Q^1F=9ZVoNfB&fcSZ;7mP4IlPqpBRu%z*5W32C39 z=)`sapGwI92|c8D`L(b-Z?no%WdB)jVKW}MD+18HCU2JZvkaoMb7upuS+aL0239O+H>wtu`r&swGM;r zl{w+d?CBU;_;tr#pFW=`R_S#~)paR=J*ps=L1~hn;;r6NsG1DR3#eCU!W~}r)x5n9 zm+UrYmHfyIE=X8aI0#s^u$N2KaQ%ksk~W@&patVRDo#@9;!uKu+3GFK9s~N%1c%>P*RZC+2l8(&)a1q9#BLOS^~L8a@`%{|#P2 zsK4-u|AR#boaA>gG&gZXF_2OABtJ-C|!(^ zhki!}^8|LKBAoWBW{jZIP*g6)jDJq^>qZ;Uv4TxT4$DUW3&$)x5RK3~QAcmPQ=}m- z*<^mVIUl!%-RLpvojbKx*sWHxo0L+=IAoow&pREf&y7Na#Qn7?s8{iQ(=$b_9vir< zlO3~aEv}2N8i3Pb;uwE;0hZjXR+%GM1H-k+LVc`;5ry{QC(xrwJr7oeH*`=Zp$xu^ zV~pZu;|HS*>P-Iff!HkdLL`@e4`mn}=4BO5*VL>-bAZ_SeDj1dD-mN{Q$5{K8;oSZ zRHzhxkYLbOR5zH$d!;s2@L`Ijqhih___*lUadB@d9`xkgEORlhrd;(6cpGUO=Z~-+ z)ZZsxEiv)3-Wa;WHa;CMxN)bD${_ckY4Mu#PJq#aTF zRP;TP2Gc}(Dk=H1Nvlts3h9AqGL2RFuOf^Nxf?!@7EB$p9YI%05v&tm6YVwFa#q^khciIUPhP=2&og7ElEP9S8(-TD5T+X} zl>>lF;oQ-ACnrp)y3F#uVD$Q;{v;F`ulHo~>NH1X0f zgwoz0Eni+t%Z_?3=R_S|qR{5>FWJiuCY_S`18jYN^gFyMqW+XG<-RToDDb{tiUrm(>TX)CxEb@93Sj%sS-{s2*6q zY-V@G<11R)`pGSQs085D%@?9>^Pn_cW?MkHxCIrgpF|v;J{Y_;et)c|AAHj!c&L>= zeg~9}Tlk-*iHj1oC#(+ak9SvjALgLxE`^|o8Hxc~|4a7wagxvggp+?=+>XBYd=DO) z#hvsW9Vbpt>ijB_cT-PiU1b-os9^!dYhAgPmvd2v_OpjF<=un+`U}@=+TIn`jaz)4 z^^MPQ744Gn+sIkf;J3#K?7j)^m72zcca&cRU5(5GspnljZBPrpp0X5(+(Z{ST!>PM ze{3Fis<%GnJ|}&}{gr3!O}BRbbx}eA3Tz#F;p_Vn^<4M#D?f1KHl~YazI^@;{!Gm} zQKleCqrukq@^@?<@bY$VV4x@S7NP2D{d|zXYCMyw^KhbXr#+8TWzgmORx~Au|LfuI zbSdW714>rc``L}c*PCPWtgr9(Ri9p7Z}^@i8G zyomV0zh0rTvQiM3v5LNgop6S^{&a4VqH+4EO=I-+{a{Xk%IOQ6V4!DH!BdrC&h6)t zESv5z2`?V>w#7l2Uq4q1IahV&8V#!wvkfX?*8B*2+(ozAeea4isy?kysVhqS zs{h)kf81&NX=O8bLG0^L*iHP7B1&KM6JlpEz)McC?MV)_7Z$Q-!^=Vff#e3^qP?~= z-@AEP`Y*d*3R`6ihnpF@j=mTHie4*Cv+}<<34W|1+5q+;GRkwFOuuGD1{esGLbC?H zwzJrF&AgOwY+IEL%DhIL=x98Bh}_n(d%x7-yhSm;T@#M2(wDP2TDW~U&ngOfz5bb% z>HJ0=@V0DU*`p4qF`uY25!l^`3HEt;EShS0oIgKMS#hI#I<61DgXeS_GL(aP9&6fq ze;s;=dH1}?kEyhfU=yTd#^3Cr9FB4s*yORGDYg2nj6VFM#MhDaFimF zMb+yUp#284P`J82#BRFyG$@0VQ+`v^&l-|k6VK^~C1{}}SK~iudNlwoX3{>r?W6fJ zP|<@`iOE3Pxg~nu)rtQ-{{La_ouVTRyS3epZQHhO+wR!5ZQJT}Y}*|>9UC3n_Fw(! zUwiGf4))nT%E(BKI!e`h&+ECLYrc%kwiRn)>I}H>eAh{^9<+?7lc0HMNS|QbgXHhx z$ECBv%hV7fSQCHsV#~9MX513riahhy52Arr48=TWuPXT?CfvP8@(Z2)&`j2yoErv) zO(i%ifb(Wug@DbX_^!f@(6$>{X2v;l$)VJiEL_Ys>N`A%I;R;_q)S4KJS81&ib0gO zVsoHV*}Qd&Al^@ry2j0q0W!|-Z|E(*FUB`2*W*)bMt6rSb!&@ib~*(B#?S^873F>y zqpxK`x|Q;tNz9`3?!D%iU4vW%$ZZ_BI^q|};}x_eeP*_xWMeDNZ7E{Tt#~KSZ^PNl zY&i<1R*t{NcW{Y6(TtYMUR9OUF?QCovF9Ct97+sbTD6xdcZhX09RiQ4G`Zf8a@rEr z$F4hdu^l+6e}o!fre@ zFvk92`S;WWa1LrxI%o(x_MNA;oHnT`jq%6a9?2P#9ywx8&xOxYysEZKNqe0X-~&~M z%?lcpi3pzioMNF0wA^C-#J}Z5h9`0rv-mnOAMG6b{V_zvXl8ongzV@f))>K{lHfFu};k3)&Rt6wHig( z*lF>M?>hP|)DYCBFnaDpDUnM&j#2n^1N=tpR^PL39A+x_b5+T&) zau+$|4aehda~&^(n;FF+vA4n}II9(A7=9jLG3YZF)G3$A_$&6N^XUUfg=}J;$ zObaR?$}-Zwfw5kSK}qblM65r;O4zob9!KpS6#;8N^%SHqQD>fMg9Jk2lVbE4_MQzOY*>yM@-Ca8BdwePmhh2 zqk(fGw9wuB^Me$B_YYGxyt{E6I_SzhzIrqOA8Hn0zDhyS9t^&M#`XB19n_|i{O^T z#$DfRxcwPQwhqwULw-~t6fI5rsu~NO5~>x<0eT@~8b3?YigsjUD`ZU( zG72>D;H6b+OT^V0O2n0#;msq|+mif4*adOp1lQ=2n2fA^h7Ymx>Q~*$&10T}S?Bw9 z6ragPvXS6#X8(#wBdowA2|%rpBnfs>UMa_v8QEOQL{e>5$kyRY(uS3$jrPdGv`OPd zS{U}@T;XYWr!E1eoK5~X1o84YdvMtdWmo)UoGs9Vu)Gp$g1FEvhlZ`(M==*X-VvoNxi{xo&g)EHYrr+a9HaV8YIky*hizQOH0gum@ zLwQ=rV?TtiGgheQZjtvYEmlB5XiSl29MwUW#0w;OsfyMDpys9OK9tdUh7M&iKEO7V z$B;BFxfO&_)x9Rgy;3CQb0m$5B-M|_t(qhcf1V(ba50gTE0It+l0+twL<*3ITaaDq z38$dv3CZrUL|CNzf{zJ|MeaziezU^W0CvsQB#?r(6CK6c&R6@VU#Kolv^Mf*HG)0!!tKUnpdfr13*Ar36 z5mXL{j$a0M2O04{I#OpHIL~w&m~1#&J=|7nQ@A%!Gx*Qd;2NZ{uH8}ib2!NFuI{wj zvSz=2in$jznt}L%`2uvLvlA$!3SMqrq*R5+c7S2#)h97#*|!^9|FMhx&kO`Qm}VB= zNTh)kRVZ|X3ejddr|Hu{h5-Bgksx6r{XnUB2kbmILSa0xEsLz3Y#}-|gR^OOl6pXm z9Ey^LV&|OJaS<4jEBVhE{+e3?gmmx7eyY7#KmH!S0*|)29FI=#+CzKhiwj zkd6u_)>Ch1sE=e4$kUoVX_|2sYI!foz3s(^%F^h|{@O@qZacsX->gMj_Ays1%=Vb2 zBsy}F6|CCm05;Nab;>+9m!TYcSpgY6q;y^vEoq5(=ggTavpPYBK zbhV{*8l(;>^f;hnMQC+mXbFu<<`blG2~bp5>^Q9n9uEX3G8Z@tN z3MbRVHG@#k6eqj~#kB#Tf9*!mZ^P3spqd5e(;+5(ff(vuluzxgbEiABY%}9;J}Z!N zU|+nonDjc%bnCsb6_Y%gxS0o4mpI?IUXVt9rQX4}eFvPoU=QI2;CccXy4925lv_v4 z|AA-NjxI-3QyXyg7MgDd(5mn2;X>tR!dxFN{1(De`_G3lRqh2Q&a}%2ZiYxC1X@9v z0-OvV^ARC0ccg!(1;+D)h&e6iO?=(KIqOcGlh~8^ZtV;VDu9Kw(I3}XEQ^8K{%uTS zx2xU>N?#Rbwc|qIVHurV%YQlktJanP>B;$Te|j#6RWcxaoxG6qVV#foIm5LuM}J69 z$30k-6TrPZ-YDcTyaK}Oy!G|%yyfgEn$6=5Zwbi9!MeTw=iZyd7q3KGgNi_~?DT*V%Emk+)vt9ul8S-rVMzP3N>vPJ{08jkMoO0Si5rIW3D`Ix?`n>sU81^uRO zoyf#d`~LV22kpV*oztQR=@w2khy#{&BK+-JA3U&1i3+Np z$^q`PeghFKh+h7E#-A#jAjsu+)n0_apJ$BrJD+f~sr;SHPu+Y=-%wL7h^$KOv<5 zak$W-L?>Ytv=dP8Adbc;b?r{-2)p{sam^o zglDHj&$WxVea_9A3;Dr$?V`Y_kVTh}6$R?9O@K{@f=@pM*&if*86~|Jtf%YJf&cHm z4WMx}Al6YA5V;;Twi^FuFt*7mhL0NTe1YMw!TxU&{SG+m(OWPGCc^Mpl>7gbN2gGC z9fV36#J#k}D}1h7Xwn+rx(LeeF`xXklC__f4cI&!3R++A(<2ok#nBvWJKe7Ksx_2} z?l)KJdw?p@pZd85!_Bgq(+w7?3ULN)QoM22mhwO&f5k*fQ%p-P;R6F1&{J{a5D_f{9b(7{gYszF- zAcE8tRKmBJR{QT!a~>(R_AFRV0`)g@NPbd~4p!XKAD$?#xjvVdIHM>J-pz^b!rh`F zjfF%vM-5d}i%tCj)xePhQi9!U2@XklFSU{?}d~_p(7V z?j+B}H?bY|+z|7Ouq_}!KUf6G8oqhkB%OF1nLs15i;=Deh0J&M-;$!b*z3L5z0~4y zGHXtGv0A}zOvY|#-zYD(<|gR-``0_sP@0#&TaR`ii#Ca|NJ@syZE9|?vTf77h9d+d zS@3Y-L-n1cZ)&3CB`6kx%hUtzh3e1)?~&xom?gNPW79FM z5_#o?r5?NLrwv0((G?YNBkTx9APQAaI6%l{%emvn;Ov1V2NdR;5k`dVIkm3j--tWl zf84VXbZH@J74ai|h>B0xKB)ka)XEYwS48-V{li@kB^vAhAkwgD1jJ+_C_IQrdr_<+ zRp-=V1n04hK|)#E~O{T%4Z-EiX~Gvxr6bIOg#ysU;Q{NlaLQ%~n}5&}fcS7O&Df zk?00Vnbe`fHw8MbHCj0l;H?+sIflyfCR^b@sk$!m43vMXq8%H~WFMy5-cqv78U(V4 zztVfpBuhM}0*#NXCZ=Ox>WK=IW2{p~2f{NKGq5F%8cY_hfXiUa1zl$_tyi(>30c+u zMVE>jm|Aj2Dr#6fVpAj$xjz_5DjsDLYF8v4Z33T#&yt$)jc=(1J;~yf8;wK|bPwSlqoh zyAFknYi~stULXei1dQSt^t)EkoLL8aCcDb7kBne0ybD0v$#B| zCNL7IcraO}9tuf6znKUX5%>A6Y<&u4y{NMD%QYf28afX#qtQ#3FYr#84sx z5A48jTykQBfM^2q1z(!Qi&wys7v-g)fK-n#{RbOu1$Xf)<*dnCwdR6F&6S{i9(w<>oEeT?tfH9VQA##o&M{bSb=U9ApcORuqu)7tsnW+Zju=i&a14lGJ3^g)d^! zhUVl11k;eTTABq!ZJW}igL7r4ha4~()T?iwLJc*BU-}ae*l;Iy-AbrpEmG?bmYbF< z7P4B*BJ0Eoe&(Fm!WE?9r%X+ok9Fz$BLe;GkR@$|roS+! zc|d+#U6rZ_UEX}-geW0x`wssS$byl}_~mh4THYco-a@5ONPB3;ONVU87le)Pt<2g z+FLVd$k5Fo)e=-#;a4B~l1l-b45-0*jzR$0_@%5QIt*9z!9$5!)2BUs2e|}}u;00^0w#**CJL1%fkqQC5X~@n8WKCg zIN>g@Z@V*~mDJe2w_>p7PPpL=H~V6ySdpj9D;x!rr-;VcPmg+0NVAVPeHdV%Gu-2ojIlDZ3Iw~p0XT1MqgMGD+Dc{hpp)AA;S)Z)E)8GXw*A+`V)H_; zq*`lZ4ws_vNe9yZE*Vy8@Ie<-h3o^2^hJwHYhpPj-vD-+m?s&yTw?`q6{v(|=*! z5an8fMuaIAykmxKzqdPrZGqRLcA7(j!uabW^QXS&v5dIzPJ*3RwdVC)j}a0L^Gmsg zglZ98vhWFixKE9)S0KwG+o_8*c6akFU*oC6iIxvXb6H+ugOH+Bub{Van<8#xFXRN- zmhbx`o-}5EM&M{owqF6T`|aJ`@WU)$TOgZ36~J3b){%R3w=2jtNKLl5mT5tcdZq~+!9SaDBfeAvBIr1Jj^y~_b>5D&2thcr4y=K>lLZu(BPy=PlOtF zMSNczH{GTn8&6NOwqFoR!@$I5t;7@H>tYEt$Gf}Jv3gRv1MdFxPB&wKAg=A&w>-}# z38M~ZBhsN;@h64whHDpGQ*xP0mV=a!*(lGY6r+jq_{LT@stU($IxwlRPwfE2XcMTNnm$iLX*MCIqCp@3X zwH~rQk;tGqvttge51@zol1GwguATUuPB>!)v;$ug@Q3p{| zfZ{^MoSKszR9V50ErUc|No{zGcPwBPbSYL|J&I7a3l(sjg;e*vU0RsH^4G%M;&&yJ zYG>;|qH2^-|8(?*m9G^K@S*l2{{nDf*5gz2qGjbh($XwC4C^xSYCj5F!gXCSO}iD! zUIv~YZWL+%T%Sb_7=yeWKvd(v!x&r|q+soK-m@djZO`_+|$&B-%wSWLdF;`Yf_pZ=&=)lQV5Bt$V__lx)ibb5LM@5>X$CSrf zUL^g}G^9|Opzswyb+Uk*GG9fI6vG!zlIWgn^PGvDrzE|{B5g&`k0tl4)S-3gAi3r?Bg-1T zmtb)T>tz^aN@mX(l}ct`|&^!u@cjcngj!7c@@dIDb*A53er2(uu#e=+EgZk4lZil zJ{cB~Svkd{24W<+0jSPY1LQ*%_T}f8sTLVN<3WOiUHDO*Y*ac)e6kT%IWn9IsjO!z zR6aJSEOb6eeA21uTxQ6ro?PaBDk=89AHHGc<&o^?tV`Z$ye>zc;Mq2n@&sqN_7N&J z^H3nO1W5Wb1AmH)Mfez3+C*+|DF*T9MhLN|%cDi2gh(5dnAzqfDMpqQa(iIYLQZ@2kGH7Zfz zf#7izrJyeFfj@)tY?eIwDToUrbHxuqfk%>BLSx&p#_Z;5Ay>(m8e9JMO?-o7A->Lq zmPd;c+K>Ph9?Y}fDH21Y+?uKjm##}TziNLXAd>@B|K0vd$O@GPBAmz;9h(8I6@HnN zJ7+z5!2)ms7QYfPfw7-em%-v3O478yQ5kCQ^WfX_w#CRqCV_bqQj4}4LLqL3S^oF} z76!6wq_zjp-wN5KLoc%GZ@Ssw`Mde4DlxM>z8k2#}A1nOpAN3|hHZPe32T zO=jgm<8a#KEVeMs9O|eHcsJj4)mhh<=unzx^{C<8oK#Rp^hdRu$G7t!{Y-NNknTl% zujc=_mvEsqs15(Hn*z|^T2JdV$v0N)x&P2#^g_QNozFo5yq^w^*`?P!Jmw_2tc)4l zqYm5(fu0Rw0%&G0P~J4w#p%LUwq3Y`RdXQ?I6FIGoMRA*aeU(BYdh%0-FV0M~OSF1r}^QHR=MA;eAg%K9!DumHyp!K=_0e~A)wBTE*X{@{KgGGaNB#iFiTojEo`D?3f9xm0BucuDvrth z(O5+6FQ9#U4ufiLbtxXsaQvoT{^8Po-mBW-7lOWR>`wlkOeSz544C57yd7xAuu3@) zeQ+iRP89~tfaV#WMFi{n9zCJ?R%wP_U8}~gquQ&Vm%a-Y@ywS>?_l%ifP28I`&RBp ze%-C*g`2H|nD3BA)@#{?l^^8! z{=)FkMgA`yUOhr+Vq0wdoIVcl>mwcxk{}yF+BJ%ftvaqQ34>qH5cjN%RzQB)HSm{b z7Rx8|ifdp-^$y;3Zwbf^@IScVcGtW!c$owOhjOIuXH65sx!kwjGn^YogKd2r;@%Sw zTzNyWIREfmSb1YvUU^fo&{i>?KW(YEOqHvI zKUS^iBS`jQ1&Q{!sZ&&I4^>nl0puGJ>r~K>&^Y^v-4}~W2E=<(!KZN!r$*{K;O^n?ZLl% z`{T*~)UWZ!=UK1+Ti*49Kar5%Q>Xt|Z_s>4=f60yhV&baacxT|HjVw;iwz9qCkMG0 zTpoN;C3l38Ukvs!mxB{<;IZrgf$0;G^g?|`7a5_3HIVKIDZB`_X?eIc7Xyb zio`+e)pxm8NJ~rLA+oCxKEEx0q#)t~;iNM{V^_}o(BwTFOxw10@Yr1>~aOIa+1T4 zM>kEwUx4K^Rk9*LjuGeWesD^he4zG9%n7>WNd%3M&>%qBH|n87Obsq@1ECf7_V ziD@+^&LI$1yGAN1>T`ofpSfBgYwI9-9e+mC!Y?_K)6|WMie-C%f~g+s3j}`{HrD|4Gk7W9b%;y zPlY{j_7afJt&4F0CBX(jwJ>yT(>Q*cmm{WdMU;L2RWmE==plkTTX86En@43>;>(&M zc>I0BUbW5Pf{4_r-5T=bvUAv`=KLE0oFhwibW?m7GNlcC6~pv#ikspS`c|#l6N_du zC3ZHave6A!?an9P?ek0={Oihh@$aY)88dN^RHx96tdciSkKpHGuiF*lm2esSM`|)A z32T~nTN7R%dLPV<-yDyGCYzL=rn9Gtu)^R~_KmTja0>CB%g%Okt}?UA!=ByWAam?h z&kTp5k$KQ!;i+dLkT;z`P{fX&8I@e{Tj^zS_duLW>cHRN*1;jF>h!qpFNVQ{1*EQv~CW;S1I3K^a?F~acY6;FQHetP>{(JhxFcezjcOLeDYf#W~~!9#{7Y(5l?e zg_jH)WuNVL>`NTc)|IND+M<2=ankIevJrpJY+S6@;Coj+)zYf7K!Z@|9J9&8 z@!0W^XR@m&#V;Ysi>?JW6NN*hmFHmEHh?i?a-WIPYM#>(1tpQGuSP9rdF9={8M8@rpmyg9KvvyUlm(#P(jth}^;|LG? zVpnH3Ra#s@iXILw1gHutLi?LT86-D4q=5b?dh}z8c2s*hT2(?>#8}g%pD@0Ewzqxr z5E_6O#LV;A8jv15u(K6~sYvZ$^t#}BQUt#Z0V5#+uABBD7^El2t$Cv&O;$(d&wLYzZ4&O)^A}v)`-)uX*d5B2cs=)_eYbv_eYwZjiOA z)X-eBc09Iu8|GiP4LN|uSM-cDpoC&;2=6NPMKaN7C4JsPAb6BR$7D0v+c^krMlHTTozpV0% zc*!nhB~=feqZcI>>-VMfmd&!$GYq>HbnQtCpPq`|Wczg4(EIFrRH$+i0rmUVRG2et z$`UHJsN@-$&5+p4HO@RyPi(sN`X{w5iIpD9ZI;$A&wJ0smJ2+a$tj2igZ+Q>#X&{W^ zFszrKCOUW`As|ufYI9*=rYVF*-LX4u4O8HmrHh`_JPAm#?YTr;?XU|UPgN|Ry>sT% zts&gf6P#6kjlREB`peQ=)kBq(4H-6<=+WS9jxmxna z&YkxG*p5uVLNBloiq;$1aN_=LG)~M5q5)|e(A)P1%fzyHhet=>uu9ozXngNs(euJ2 z;k*M~Z$2G-5@#5Ck~R-ZF^g_-qS^|Dql8SEy7cHdB@RFPUeuM|aJAQWaB?e)6G6sn zjvTDM832CN69l;B{bdIB@cOJ-FVZODWj*EU1vcBMIK+`tq?bJl^zuPKC~13=t=9tPfvbG>4k+A~AX9>0)blxxg3Ixt+P}RZUOT)6jvvwo z^88aNE^$W&gEwuq;lGB)vA2>=I1=XZ#AH-%~GMwB)AZ-grpD+;avHb7H7JY&WY}c+A5P@R%w;Eg|O9D7D zL~iH6oN^{dk~J|zj>dM$Hw((Z{zJf<;wQuG$Hc3|>v$T3b7Bg2uY7?ySeU0lrLr`K@pIr19mt|B>}h z#v14ZKQ^fpzA|E(UmfsSZ*myU-HLw;?(&9s@Wt!EfaZRb&{<5EGwwSOtr3r_W{2wv zM?cl_UgsL15fQ3JI-h2>uVz+%dE=;dvHO7_5xDW(UC=IXDp7ax{-Kf2o70Bl2NHW4 z9BMto5vkHExF0L@P+*9Rp`Av|8Q zO8KYp6Frv0=v?Qa6TJcF9hcgdvYg8YpyTBXpQQP2qsQR+Zu!{x?n|6f?~j1FZt=+h z$A-Af!14;C6uTSM=#tgwrqx{LEMmKo1KZ9v+h`ZeyFf|-W5pPPeLIt2l0lq8z75lD zH<<8i)Lmx*qZ4zU^X$|GnFuwWs%!U}i-&ZEJF&e{0ql=y%#>$DglSBqFMQfOmn;Rx z>+ZP^-MXannw`aAH-6)nJE`3!9u>|PIo|z9$Q23qc+d#A+Q1I>?8|DlXbUgG{?AP9 z7UL9b@K&$cRKT(YxBxNruB#5WNfw&*#J7~XQAOs<-Bi$=)xOQnwGm!88;w_o3+YyA zj>9Fi!<&iNWP4iHpWR6pZx$K)VmgmU*F(O-I^Y@*^Q*kWLu4Oo+lLq@m|mpX^0zBE zFmvW+BG`7vUkUJ83=+XJgpJzsX@YL1Lk6oYhmX~292KEtJ{MN2;~vAV=by_B$;%aL zHzcAF-nNK#R~Yf`&EQBO&kc>D%u99>xQV7CbE4*QAHgTanJ4vLzu8%RX83!Q=-RxG zfF9<+%fsvBQ=h1+R8oOWa!>bW$~A@gw)nN7Tyf}bO?AU-r;Y~;#MhoV9fOj)IgDFY zpW^@cF^ z)8})YbCt?6njs=$f+bd3{<&~$k+QC@FYBw{l06KBW$iQBK8bhzo4f2poQUUojQhgL zkOuuaQk!OcFueMa#Gqh$G&-;3h(YFq;5PY%_#<`#>of)NRDURy65m3ChX#7?2LXF& zHd}!prR-2%?ZcR><_K%Kjaudq*cx?AT4n7NXEWwoezy*we&YDBD!c0P6Miql6T zFs|9YH}zV3lBn_E-s*2c7!}+EnT7D0(p-;-tp`6!WY}ep9vJ1jh=;_o!}(wh{@Ri4 zHUL@@zEcyR{r%0b@DDdU?~JFXh!I+D`nYaI_&LQOehCA(@Q=+NNUj3OqSOD1SMU!UOsC$3 zDqwfYr1y9&yLzN|p48y8We(mlgG;Wzs2||VZV$8EFjS?Ugv5GKDw@3Wr8{vd1{Vn_ z5VE!9q3Z|6$V-A`+WsPzaCXKw9st4sj$Pfp(Pw;vk$-Gh-7a6a2(d4{tmeqIoVw-5 z+)ier8OQ42&iO52U+q`b`F<+5G?XgPU^aYc)zSf=DAjhN&TMi;qbL+fwJP__2_64` z11yMBdy+(#$Nl2u&YKMA2HOhFmHzk>LIecRiL$oyFK@M~0be94tU`res>0Wld|VGO zKDF$pM$tHWCR6qE>L4>z%LAnu@Z+w&yhK9~eZG#6L#(vu<(}gG^{oZ-XrvnU|u|0jD)R z5{lYl>QJVoh>J}4zcK0fjg&zsfQ+qekpgeVmlmIGBkUrOwMjSs1R`$Z^&TqpN#UVWDXMq~{_EIa^@e%s>nFi1ci;!qD?y}_~;3N-82%(2e z!`s@G0w9G7&)9vokr@T{YI4;$75HOO;PLPS=)9NuDAZ7uJX?i|?5RmG_iB#(n_dGI zU$|qk`?bmc04lmiU)3o82`T8!N6AK!64cMQDg<)+T5-72rv#=)+W8k5?|N)YxjXLe zgeOOZ&2w&t5BogYC!hHOUHreQ7ytiVPCWmH$HTlug<_N!SV%Y*x0uglmioe7|1G2Y0^06x*lRtBP4f3ha$Xe{DTUwew5)W zi!>4C#F}D7u1rkj1)jqoLry0aB)k7RnfN|*S^jS_!LD|0BAxNiOt^fDgGN)KIh)oQ zmT=i)4H#_UuV?>DKK%8%8zXNC;cCD0q3tRVtQK8RA4x)no_B|RxlIy}aB=)Ie#&%E zOer4fA|j!n22mmyHP68QmtN6Vbw$@&zzIlG`Wa;Tlv&KrjD?n$d6e~OsV$GjATK;u z*ql49iN3C_(1F94;XzYg8ddTZr1U!GxV)#zKiIw+E{om`rRA@pH6`aWG;6|tE)X& zU*$#qx(OQ`J0C5LLJ-R{H4C)q#!{x+WqOyue{c*Qfi_c$vj+t$kgGR4{-3mNDT3SY zv`6wn4$X|B7$lqvRuWKf@wc&TeW+k7!A%@1{t!uED-#efGJRaf%gTC;0ugb!9J&NO90NR0m52dwnPugl#1|L_cK_{i+pGMod4 zMAl;o=X(g}{ShY&s-#QpN0RpcLNqpl{z){7)^M`auJgH-1+q~LcBXY+nC(M`^Gnn5 zOOvE#(}AM6jj22x8Y~Hem)$V;Bje2P3U<^+C-qbc!J>8>eB@#ortiMz9G^iZBG`0l zr$mV!kgeGsr6&Ogt=7Vih|zP2A0DAGH1GCp7_ZZZ3=PW^Ews@K%QuuKg4ABWjKM?v zg3z6%Ci=sihBpn0<%0HGkDculJdrt5?&9{;P?0%Dj*g51g063I0h#|t(mAy;qBgI| z93fODGh=z3TdopReTjIC3z@leHZ}?xidq>GbB!Eb=ugVk<&rf0%g7WbYb!t%4gZUs zDEd>ZQWBwBlDeimvAl`c+&UXO87Wz5OW~Spt7I6ADzC*P=rAbdn7~Y54%%^wbJ9LhQ_Ov-edJ08v)izxmHq!TZN~$N^c$;kP{PL z6Y{Sim$r=Q+2J9VLvBZ=Tn7?QnD&h6M!@gG!w)L(YY>V8q0uM2)&vYp4orCOwQW}8 zjpD4>j!byu(K*xKWhoYtY=!_o#>fEg1RNWE0(g~CcxZj=9Q*cZ&68&)Bw&{_LwZ4D zonj#FZp2kD{3#A(fY;(#v%@I{qV0;2EJ$anI)tOdW7$ zJ)N>CndTJOjbX6*{8oS_*3m!*-r@XkRqQy#rIE=^atm9luvOs|M~OSI@$*2|JZ=-r z;E_5g$B4AHg{UgHQ2zsbRRZ6%Fz%aPjOo*CRLJW^FUtu0xgZCEgp^BzUbvH4!Khs| zcm92>jT*@xa?Pf1p&Uus334nE?K`nU9{3V%y>=MSow7|`RT^ps0KeoUheLQ%S^;>p zXJjbpyLQ@8!>PCzW{bi9b=z;aAjb2d>bzGTy;+A>?D-&OT`E>vvD&lC!uv0B=a-{2(dy z_n9+vlUfTv_MdJV42~)4Yp*pRdRvNri4<87_)X?6XmbsN^85W zK9QA09ANk;mBj4s4Eg=RRz-(ecOP!$lLR1AYZD`){L|vELG|TSL~pW<9u~%-l4kEd zoQTq}^csvF4yXHsQq=Xv9%(ENKD^6f?SR9p4KhvZ##zmAXC91cm$j}0_1&-JR%Bhw zKHn>O9gjH4@z2fPDs~vum#))fdjqj6D7CXDFU@(Fm|nJMd&9Ha$MX{TwjG3C2MpT? zKOAZ4CF2_corGRF>6aV)Hrmo2{-OdpYkJAw{}mNT>H|>0YZrl{uU^dp?!Qoh(Chyj z6%c*^P{CY$EX*9nzfgf>tsKZza4qg{tkT8I!)mo*YJUPx2sA9qEj(oR&_P%>bdy4d zSrf-Nhrf{rqUOQ4w>?ZYen_Q>z~on$>NHgo-V$)vl?kPGsn%=1ee#nhp|!=E4f6x)BSNRs~2lhGQIp# z{f6@bV-Mx#ZaKPKBSt3Wc?wm|Ui*&6I=$Vx5ydK|Kz0{jLqSd21>=Ay{)}ch@Quaj zv4O0tt1D4pA6(O)og<3_>n;XD?cD%ibdRzgYmZ#mF9+W*7#l?F#T{wKaPrXB#GJ?s zP0q>Srw}Y-{9hEmzzGJEZxUqI#m%fIE&UR-=|?Q~m|y6%)h3SL ze!_|o=6KM_KW>(Z#Uk3rJUXOT(=y-^cXII~H~%C}br==`0R?Wyd|B|!|O)ZFEo$ljtW14!{e+{l(;U+vzdC2g1<8K6Au}Ci_ zds~bAkCTEX?=@-5bvd- zgf;+kD>kGD;Xmir#vw|Y{SgF?dw)rYsq{ht%LJ`zOBuq>2BYhYvFHCgxPnW2DU)l* zDsXdqR%@dP2#09v!V#xE3|YHq1$z+OHZ%@mE4mFTje4zUseBo{uJCA8Z8g%Fb65~; zm!WTT-vv~_M=gkGmX5!nE|p6IHON0W9;?#kBt#EStF)DUsOv;EFD$ zZDmh=yZ%JlP%wi7Do1YA&)M@Dzahmr0a?ZI3x&T?Y&o0Aq&TI_i*_AC}{?7m~q!CUjvZN=OPyg-Z;-z=8`f8Jbhz`DqKjsodG}wYrE|x1MvBIblW`;^Jpr?|gCy|eY>fh6Tw+T`b%RsL6`yu6<*l5>lRv1!zdY0MY zcs}{TwMwdE`>;nD7xVC=cjY8bICcVmxL*`$*yV?(#QIoK%X4yagzQ&Gp%i$R(kC`uzwzQkf(ADmQ=;Pc1X&CN$c8H|NJeD99JHhDP0yq|jx_6j8D*+ZU7}z-omC$W$ zEB&bjWP?xMf6Jq6A)6@~|BGTkuq=kuk)}#EHYz2ei?Xj?+moW^$``7JQxMIl4#$E1 zc09@>QSs{8;zvwud!QkNsJUT&kk~iK_s0bZIPH_J3Oq@j+Ck*|u08_iHFYP=g_6+& zMx&vAIz>t8W!r7p&cY@K#UQFnp+)fVeC@JWyk!JOt7*4?-sV~t8pJ2pJk;Ctt8x)T zXOKVhB6Ee?{@^+jPRvD~IJOSCYxuHGK(D$sgVP=q{-Lc#*Yfn^+K`TqhMg>}oY-t|_;7$+Ck;tg2|;zHlBa+PPJp#! zr_h;FYM{*SU-!HI1m&}E{!26RWhHy)9ING8#{~DA^{>5PO%t&}W!Ef9qL)xb3(zJtRYQLh z^h1)7^xOKkX@HLu1Fd`NsZG{Ln$_7;gi5hy^UdQ-jgg4*QFA-SbuPp?0%3~Pn&H2z z2AFg9;hS^zLIw#29TsYeCj=}}3=G=|D$3+g8GQi4U*yP z*XA)^%=Q6=%(kaAmvws2E9-M9Vn~gfGd&HfQqa?$khO|&l*f`^DymWf2}zrr(q&iy zX+M4;z%39tRf$xHhMS7IG49X=zO6Kw2wyVcj;b=accOQRhekoyQxMk_-C0l|c=m}6 zx)Jb5j~@}gIum=&ZBZgPp-(t>b)mSX3fhs_O z)+T+8Rve==TNFes##|QBQ@Afw#$QC;7q5yGnixfxpsFeqyz+r+IRy3pR0{yQZ5qS# zEd?C^t6bm>lyj)0%U3}k-OlUB8nrGxxQXSIwoT>PNRcu3^)JNn!Zh+)k(u=I08l*X z|4}ILu2P(b{ePHy$0$jgrd@Q}w%yaVZQHhcdfK*a+qP{?+dXaDwsq=x-fyq{?X}O@ zKh8Qo&X2q+t0J?iR@I$XL`GZ@+2_l6+nDh~PI5np^?%C_i)jZDd0n@gB;xb&YX5Hu zVh$b^aC0KVZa^zeUwSg#6SP;5yqW}3`V90Qtt6O`N+IQC!vPC|6(YryW?d0A0ErkeqV-(3NhNx+(G@1L(FGQG(}>k}q~DO%ejK>|P1+>Jg9`wnB`cqCKjdTnqhdm_fkn|quX%`W!=-_RIqo41 zo1Rgb=pBd2yU>-!ab5rX1^gJu?B)K8K@!#HufD@Se3Ac$WHH7!U|N{}o-F2YjnsTX z#Z;c#w<1Mo@li>TaET5R_7en|D8#^=K3ggvxlxrk3`shK0yqnJ*a2kYM#ws$Jb{cE zMK;OFpJ&P{;TO}-Olf3V3@2vEJpuEhcoxwR8}$5i5jpEs!ZhsgPC*vNJFN1TsEaky zY$PGGrtj1y>w_=~WRD8-L?LL@L^8uOjm=2d@Ypya|M|;86}v9oqzEtQIpQ@z`Iimq zKTnco!Q@jgPHSeSl5EpWjB>9}F&6VA@B*G*&wDd8;U@Aw-DIrL%-zFpRavY8{F56X zPdKQ7Er}ILa!{45`+`nMR(vQUvyJXa0WLtB@&m{!mTdB$(A2!Yh3(FOb(*Kl-oFOc^#S&?n;0rv+Js7krw)(*u zL+#%oR~1`4g& z(ttvGeI_n0ttcNL zF6oxwDR6Z9nDu{XrNGSp(n`Zj^z2O_p1?tCI=Ink$(RlP763B+8-aQQ_$n(dPY$6H z$a%SW6Ot62T7hg;y?Z2v{~?vqd+OoXoq$9F(@f>;i!d}N34slk$6ZNhHM~1a5@en_ z62?iS?kW@OhL~rE&WiiDV3DzxD8eMCwm0ZWQVT4XgqKm5>7LR!%>{&Up(y+&P=AdL zo#+fo31n4;vvAAz%^glCOya}>s z;4^3>>j?dT1e~9%o_)84m6W7uk$%AZ6_;1>@REn9r;qlnU0fdU$o7^Ykh@(i$ z8C1pGsF+yJM9cs7AkjV!j&nPXj%nOp~VKFjeyf}32X#^CJwfKI5jwAY4lCweiEnM z@Me`^iL1ML2%U~hX%=hsOPb!_EFk*Zsmt z$**q7G-r3jT~(Mv186dMGdQu62+C%K0S_!d|@ZrA}bBrFrnLMBvGXh>G-m_PLeRHJMj$ zN1X<(v!tvYY{Mhy~M1Ox5Jqe1UhmSdmxbR)bYq9wlGC$qB%$i<*PQ8xo zP;<4YhToXc40~W#zd&veD(KDDcZXgVCa}~H)z*EI7wji50XYwSe_astzCWHV>hrx{ z9J8x`KhA7>KgBL@et)c2_IABFf5vWidpxe1@dMa{+dgeyd%1gywfvR87_Yw{&&~J; zFutQi?f}!j%m(+aYLBL9F~Q(3k`=C`GAmW<40mPrU16f^zFi{Bu4>HdDSh^N*WBZW z#qL~gI~%hA)hf8Jg1fl&=mTB*)26Oui5R(=xm490>R+zX4$)z6&OAwD(QkNblKPIk z3(IMkfESh!(IU8>KyDjAEqfPLy-+Vlanon@on+c95vs2oP-F+dnCwHB_W%J6tZ&e> z!$>2#g)&sZ1rqYI_o$OLauqaQ4$Sul$if({dSOLzn|%q9M~AR+0pD5tW-qT&=2$85 z!4O*;!!XqVe8VoTrf(Xe_xA$TB5?_olomslWb{g5@RZTtkYQ0Vw_(A2C5LGj^^Ppw z^-vbLqWQ#N`WMKa9M0!OF4KP$TiEEYul1Gmx{Ec6Vqwi6>s7>dttVWMy}$)SKuMm0k&47 z(^y#D<`2>PhaX~I4_6CR9R+B%UpEAQG=+r}^joj8)le9_Pc39fdnJbq^B1EDlrKmz z9fV_t)CW6@*#~B`j@*K9bHiNI&tvhijrVa62~f{KZq9bWrK&&N!7amh?JO}%y)iW+ z)XqLSf2V&5HznS-RRYYT*krT%y{GUqhU}6g1i2`hIY9Uq-!`6`rT4g>1(DG3=cA_h|KFBD`j> zloBcOlpB0E(%=B3f+_5lpm2U~K9BohY^_%lq9nUQI<2bNsz^JL$y6q@ZyK3C%(5+Z zTEVR(<}z%`g@?-WxlDdvdj!*cG1Q-%;7xz1FQ=9;*PdZimpGrOB1FzF`ADqJh!5QB z@#DbKa)lD&?F$8N;Q80uh|mhp-rRt|bJ; zL%v0e@MgVWDN~qtTaV1!D$!S}J$7oY*8BblJkAKGNnOZ-Bs4byjbmX1m&kx5CSo;% z3}cM`0f_VaVJc(Jt}bRZnHG8NReD3A)9x3x{P_G`O?}sXQA@XaeAiY@%bKN4e45q8 zPP~5~+nz_%nW1vf749HKD#|xjH0mpQl&lb8Ov8{{q;!z17Gd0FEmvMVO3{v*UX)5y z3aWgNWE4^589SNG0ekwBJ@hB_<1cjbL?mk}(YYZEIH%iPf4UwTiqpMF(2kdz8z#CQ zX@;9$>!&=ZXHM0{IecE(9*m~$wNCiX&7WeZ#&$rA;GHQ1&@3-bQ6A}4zfnyPfet2c z{%Ifw6EMW%$R=^ZP#ht^ahfEu8xOD&Oj;c$4iP^(vc!Jq${G97l`;@@WbGm8{yj{p zV;v*spQtHO)<-{AzUwT?;83EKGiy{J5tXDQr%il z26qq}`N3H@0>oLk@1He0ATWKROq4HC&hYopsU&#zkOlk%;K3}Ipv0dA)0IP|6pdHH z<7t(kTrlpk_sGXNwCSS}g|eM!_*_QtfG?yW_&jLUlHQ?uYaiK)Gd|)nr#G}I2_ydO z%D8ADFsk2ywqM9uj||YtxgkxIW{y1pe@9JtwIxT&b$z0b7K0!?`dc(!vwhy$^@WYk z*Ejn0_L{1Epm^3WWA=`4LJzDfEiX*4gHa*}&OY>g6t=%#OGv=5&b4PpE4OJv zwAP!nv+cRwlrd;=gOlNG=Ko72u-AY6zbXMA@h=^Y`JJ_jDnsu{x}c1EhWbb8?95P2 z3OJ60p9nx>ariGHCZi&#;X}Kxzym)Lma`-U4Lg%?*mt>S7v{`+U{wd(=Uo~ z>smM+se_?xNjx9#g}N>uyN5OnZe|aJ89p6La(WVpOBil01}v*Px(V17FIcy&#VLj? zpRk+$Igf9Hy^)I3h6XuEA!M(YBV`n8A&|!X66Pt>p!P+~!N}8^-)nqk3 zXv-;uOH`WpLwIzeiTec8{sHvyVaVqjIckV!$a1>q5l70$&1NL&pN7!-D+$su*5}!J zl8pzfy=Y21v8Ek%GnE+Eu~ZS`29wT5i z$zCsc&F@MQbqGs94VtQFa%p1S&A!YXf(Z|=ta(>(J@XZtQ_NSpvFLH1%G15U=sidk z?cY6>7~U-tqW#Fo7OG}Dkz&SY1ZFw{p?g^{zyGRanF56`M+7%4M82(^g!lQ3!8%n* z({&OKCpn|$f{K!|?|GNa6i9AEsh)Cs{)*wy)%cng02_y*vpq|KcEkE@?#pQ|JLv%W z>tUn{G?P%dbnAPl1=j9}mNT>Bs?A+;r$~A$Tt4@{YA}@mwiD2PkgcpSP%x<+tm{6>yX3B(os9D*bkqfjm0I> zT_Qbt!7N`$fN70# zlIro1{jGd_U%kywPvGl-lpGXq`ZciJ<@pi#I(&KD0ODT|NXO%lOQQ)oH0!S1s8=r%7o;cb`rq z^hxAhU%@STN@S`84pur6$kzb#W%{pS$pa^-tAe6*lohlTd>T9D>0#g8W1-tJ+Ug{{ zTBia%IKT$YZhi#Ti+I6nA!n}$yUeWa$G~Byvv;>*B2f=d4xAk`Z*fQ5?t{?*m=o%f zqo<<6gjvx?w(7nlwB{)Dd#V`myvJQod{XwwGi_~eNGL+wf+T~w$^`CTsuS!60HaAI zNS0pxE(kR3608`E8Dq7;>L_k5k6k)!QpB%{F6hmj)(6-arAonaRLphrsR;8IQ!NF; zruEj@#zHHd!rdX5;%*6zlU9uo!he*Ev(S?!0+z?o(Pc(vv+Wggl|+3AG25LF&o2z2 zDfhIMx8muk0h%Om+_AV&KNATAFCr$BkO~>M)|q>U4L_~Dq%Fs%%Twq7N8CTQyt4W4 zxG%r%Qk{9*5q}3O7^ozZ=S9JY#ymGIU0vO2kBbwZV(Q?_kn^!P!6_nRRF9 z;i7~7%1BAyI{M^4@4y$~ML;HJA*C)83h`o-E8v<8W|`uIb<& zsZ)|dgt9C(bxwQdebppWOB5@~UMk35$oU+`HoK6uO@skfMDQ47(nOR9MnS9J`0{XN z$F(?M*QEUU5vxQLu+|qnpr%j8Y7J6Ug7-sdK8Ge~q3OqeFdq;?F<-x#1Labh$M;`o zvd&Y!9C04|S5d%T$t?^h(FpoCtB85fC}5dW5zCquwfc=qC}Wu)0GCBQpp23^C}N%R zf~tsRKu28dwhsmr0J{GSIHl$I_5{q?dy5qSOd=>{nhV|C(4pS#+*3&pYFtFVcBE?Q zki6)XGl=Ar;W+iG@7C<;;L`?HUsk_c{r?x#lG|Pr4+$B3DAV3lAbXp(oSV30{=diD zi6FX?@?;iiy?gDSU|$*~Fwb2cw_jxiWw0&KQnzClLJqX)i}^wc%4eDt(R7_I)0Fe% zgKQ6L{^n4k+|G{qYt7gQ{7>30D-&MV^1r}8$NnM5junb^iE6X5)FD4VSWL=QrHNl#uK zt{Kx8^_7-vfMRmC@ZP(U0yN!4YNou1$6ixTDdk8L$0wnffm+-ShFUDCm@x{bkaUES zM==EiXsm#KDSoZ+KXQOf+wSWb0LlN{F^U=M0E*SozuJxoUJV$DHPI;bvgAY0@B)%@ zp3A0WXRG@D%6@nUw4}k=qvyY%*L#aJt0%kK@#NKxz^B}_(eJqqwann4F}b?D18qO7 zDD;5(CMsEJt|E%(3h&Im2y9QLS<(Xly(Rw}^q%|+y|({A@9ckvUPH(KGxVmnTvelP z#O!Z}odf$SHd$Id-y|(-%}EZ=Hw%co7NmL@F}J zMw=}rB?!^pO@0;6jye_b?9vwl_TZl>%lZQY5E5s8Y1G(e@V^(G;Z_6e>8O|_mc6Il zasW_k2!Pr^0Mu%5NdKPsU!Yd~e?YC%e}~$tf1uVd{YY&+*eXaPytt0*r)5njY`4$7 z%lp*Y^)r^*oW=kWP8>geBTW7gkBrr)((#dD3o}z3tUIJc$U`4Fk?^lFvS3#XUiwgk zGE%uyUbEhOJ#je$8%|7ZD&nzz5eJ4i+)3iszf0g`dtY9BXIH}{5pO0GXEGN}_xD*W zJGT3pT*7tv|C-e@#j*coR*#6yl@h3V9eL-xM&e?a`jdP;%Zm)Y+ z?(-#18Q6*PScfXDU_hJPiw~pnl`*cb{CZBCcekwah28#x%J&nrAzVl0%L4%@xwk~9 z%+rmo9+3*r{bzs&%=9-tU{2c?vBK;5cYi)r#*i^-&AjP{PLjm#qryARVs_-TuQtnit4H z8tzAX@e;tGmERPQw4wY*Wbw~;1z5fSn;c--`ebb={g*#=F-lV^VJT8`RX+S@_{W#~v#V_sH;kr-tP{^!x|gbh&Dy?`40)6S_S|Pq z&nQl5ZGni`1-4eR;=siZ{f*@l$kaxM&M8R`pvfz_%yxzOXW-lNzXVXv?ugov8!D47 zfC4HjVW11(Ehw9QL35{y+cdnVps(GE1cLN`CjDZG;vd*WG`N*$aG}(q%@XJmXLkaK z3fF$nbo_0&t-v~4Ul99EJbY@R;RzCRvqbGh-rh{UtC2bG;Ja_L5iSBb@5b1%P;pGa zpGU+g?}Kwy^{iAY3ZmP!7A}`-o`eF!foHz%0Io_r0ztg@YryQ(Fm?zuwIRU>a(KJ6 za;PWMKDc>kSDulp`CQ7O;RQ8=bxkYS@0#7AgTO6^CHU2$mn^vshiczZ|6jCi{^A&s3R0hqoxE_ zrw8Rv-+(myTjrS03YTHHs^8__;@bE2 zg3P1lnd?&YFKu;%3pu}FCdBjB`%QpJiK3YOfhKpG{ADheZsPf> z4kynq>%ehJ$yLro3KEo+^f4#-;jsb4oWOxrOs5gr$jtK4bFVfI>`4bsxI zQFpq*)S>H({iOU!FV2J?amXW-f@sf!Gu{<<EjgmESYb;0|&;(mpQbP1PCZzF3yBed$T}4S0kx2)BjCT^C~DC z(kHSWCwC*W=dFu4cWrGqUjFKGwm8D5U5nI+o!Yw6;X(WYq@P~>;lT9?W~>_JP`{Y& zm|ZS2Q5`%(LuWxI-iLHygTp_To!_-Z-D1$qqRUNwQ@`8y*YNjagFGehO>DIPbN{rw zcZZbTbWny*W#v6?z0?Y4&xTgWnD58UqUI4Fv34emRej^ZLHK=rA!8K8B@FzbBdGqjl2hq<9B&4g0(E{;)$$lE+4= zd?|Ii%?&9-GjlI98C-q7=EN3jhyVroR5{!$dsL=%&1jz5&Ey2aNEce518kIF_1*)37KwIy7Gebu?bWHr}V9?*gyZoxk{ z@Rp_v$$H$5u|)5@W%+Y+_+ICd1uAi%zy+ZUx-k6D4~1~D@^$VldK$idcB7wh+3d(K zF7P(l{^I=1(^=UBrMRgc;4loBohEDUr zSQtsd0+$=ELaN~u$eyOZn7plWt3+6{;g`!XL_#eghl+7)nyE6~2=DM{RxPN;H10Y^ zU2cvTjL}wQHAQV4)owpfOLaLaG%H74fg{n3fu&7ygW^Yf+|*2Rq2fiCIoCqGFf?-B z#Mk3Qb?F*&5KZ%LMZ zt%XF*iB5OR*K9YzjUcNvC|wV2y2|134Lv4fX{p?)Rlg^d1ecrWO$T4d-MPwJpV?Sa zpy0-q(%Z5LwsGZH`{Y}dX&_Q1t=Th!J#T-1Zo*8~^>(79z4Z+>`dp&M5bb`IUMb}{ zB`eER+j|pvyf`)B05X;+JwJwuN@R-Yj!Wq$73@bYu_7s|kG^k58V_E`y=u*u6Z@gh z1=<}KZVRc>-Tt)JOpD#jG!yCdnv(Mx_Ivwj&%Y8U^e6zkFRVo{%k`qZ3^p|` zYP)YVCnA?wRe?CZjXUL4XvJO{+(C|Qe1oZlO6N~c9rxGi%0!3*%ewNODG+c(7tM&N zT=590%&B@AWgtGmnhK3$)o!!dJn5|{(f_>U8?@XxH{E!c{c)^0h$ZR`a7%8S1|=;m zpnaU<&W%Q#^(tM0@i(*@wUF`{FAG&i?`sg;-?Q2${<*=zfnBC6KaX+AO;;fNV$IR3 z(Si?jv+&H6qYT>#quxy{n?HAuz0K~<>7c7R{ESb*1H-beREN2 z=!^-d9MR>b?4E3zKRbM5uP{@$@6f%Iq!ht%EuBgaVA8YVbgu}-hijg_R89lyeUXZl z=-xuB4U{edLf5=@axJLuLteD$W6%JEo%chSZQu zar)CYKS8%kll?v&gZ6ayq*&TxR5jrZiSEm1LZJ>YM9-F!wOd|Ue4-(buO{#zR+rFo ziG%PJ3Cd(9LRj>PW+s4cFvs-Izflq;_VLfW<2aL<(IwQ%a?r9!a~363JAIe|ZQwS4 zC2Fho5b>409^W^f3GJhuPEHP+65g5l4bph#UmV6`6w@ju`})y6-hB_|68k{PUU*k# zcoT*OR8`!{1*ITEXiE7KSsnFe6{QU#!&Id5*(qyl%1~TqM@hJY8#z2{M_KKPFnqi- zla6jDlNQHmp83gkYh8T{Ia=qACc#LnI)%BxiPvIkc5&nLNQAg zX)SGibhnTuz1W^xVrID6L+)jd$V5FH&}6F1t=gSDh?HmKbj0SOk_YuRusauJ!4#{p z>*`{0C{P^8?AU|1$=Zc4QFJ}m@G)vi5|Z`3AdC2Aclh~QU1ZG#TPWX*W6vMs)r@2rj*HD&h1^0KSIfTsS{yfhtsIF`o8Kt> zt)Xq^=P6rYeB;jPO;X@#_99=I;w76m?HU9`nd7Z$kgdQ|(>h>0KG)m(rOOfh8?VYG5Jy< zS$$u7{c*C37Qx+~BQhcjDtuOfsh-(CZewmiQ?zxiwyUW`Rc%pX*v1-Ip$`yzrpti+ zHXpMdFNAZD?91%{yE_tHpS>DRT!wnpMVl}w)10~^3^H!#64?oFtQhuk5iho`p8L5r zgYu|H5gX>}vSBC-@HqmR&aE5C+N91Ih|De@``i=q$G4L)kyl2cU5x}EjvV>rIkZit z7wDpqP5@G(&H^gA%h<3-tfp0&P}U!df+>JG@Vx8NUC*=?swZjMmBkFwvNZlHX+?YN z)Zd#JorvIc!>>ZaWMJeY?ia)GB7x}pDrws$7-`BR^{z~fWem$@$OrIOJNVDcfo zO5O&2ebrtZ2`0ZTt(*rlGKOMiT}=FC^&8I8cTbL~Es?@8*q)%OL{3$v(W&cY zOPs`*ZH;ykf=-SF{1(h8D!+)%X6xyL>*>zlYY}}hgfOv0xcfnn&e3N)Y_v=?7jqH% zsGo{wVV+!fu&M_M42=4wx%`J|m@Ci;n)czjj5YXP?dU9?qSch2q7|^JT{KBW_)N3E zQsMTErnvN$6+=J0#D5bHih1JPLDu~1nZ17h2y|tp=$5tFiwRwrw>5y;B1U>dhp`h& z(sbgAe@`10X&WJqtjmaox`{=2EQ{9j%M>&g_hd6_J0N~Th>kMlQMAz4?>}AV+kDb+ z+jh2Q5n34u61xRBI=#HJ>>Z!e&*KF(Mj~w}BhuB@273qF?5@8Ke1EL&VOU_Z4u$a) z+|F8cMMXktf)M?($gdP*Bi=i=J8WXGHy}GQ^5GgPOJ!G(*6RlzPC5{rG|oQ?5xz+b#g+o)pdBzUG495tIMM&C3MP9h{S@}c-j8c`(&(6vUMMj(cD*b5G5Oi?+)vUsqgFm z`xFY1b{C)0T?TWR?hProG^j4x3~n&2)en9K1(22AYP|D{ z?ku-pZ{MX9``-NM#%{qiePCd!tT2MJggBPsY%q#9qfC-P9N7_f1b>Ke#O}ep!60S7 z;}mbk7Lj)$9PETF6^6%RExGfy#1-i9hKsK6HX^i9Ud%mi@6%~$h%5G>(Zxp;p_vsF zW^0`b=%T#?$7SdI}JUx@nJ3oeO)tlH*1FDmXSg}k18m~ z(ma3ECEe;ASC60LgurdC2B@hsXVuG*G2MJ(w5HJ?5Ch~Wicg~64Kqw2bemN$Hkt$} zX`I7qD!9k+r@%@vUuOkh3G_ix2kEJT_G8CZk8=p(Ys&3IUI5~cID_6GthhnX`iU*q z_Z&n`$xOJ&*~Th2yD58K+QgAAT!&>E8*bH5Bj0QHk!C0nFD=19GO^BVvf%OU|18dwFywWa>I0dl~Go6A2O`grur-9gnKpG9| zCJ*j(NKzdi!4s%2Vlf5@pz$F|AUl9ENdQborVCB4su$T_XST+RloZ7gHm{%39u96hN~JSm?I^RM zDQw{(J4|=sS&mtrsFG`1!EVFk4UQZ_`n=fJu8E4)#WW^q_wd@@sE~--ZW8b!)Jrko zZs*V%z)6?#uV0RqDJ*N-XP;%!A$&B{i|obPjEW!=#dFT9D^ws|7Ay|VC$s}6J5nHzNem^=-r zYX6QB?N)qP;i}@LZhe3{Lsd&;p^=J<28kJF`q*4!qjs`oez?PTVutA$E@Rci#o01A z#vy6h9Ouehv(zowxb7%hxTQD#?qc~WSBan{&KWbj`jh*DUrfb{Cg!W)-xzmn8C`Ek zy-*x%vebtD2WDVBpV5_JRVYw!SNO*l2igOjC!%AqjKu-$+fYTc9jPN-wj5zeB)8ro^_c|EtEkGM;L<2ICS67M&|{0^ddpkjEYma1liL|os?xSDPCY7e$xSeA zd(;Ir50`T4KVDTN&)?$Q)0MwHr@^=;qhp>p^w!SAbzvVf77F;5IG`&5kt?~4*T*$g z8R<%CA4-xHh;svxynTx5gooo&fwx8k3156%xi?3#gX85~N%=l`agP89HCooK6w|1e zIA&!MpCb*Wqv-ia^wlZ&vl_!Hfu0t&!|yw}I)GvIj;~^pvFX z@ueSKNmSZqJfvOdfaCgR@$kfKmI1L1qXt=pmHk2!aUwqC>l37PuD{k8(cX9s9+UKI zVa8VOE;ZP}b+s&auGZbImJ5-CXtZPN;+#8t;c`zZA8H|_&x+`hAar8mktImn``{H` z-mJz8$(4`OMG313nYIrLAu9%hbAj`VK5$G7!5E)6?TwC#zQrjz5oZH-f4gFRuG*;0 zwyWLu{X-$H`L1!`XkTxZd#T2^gnBhcZHd`NxUO2xA|;f>7~o?R5p8_h&wYoUkJVn z-^FQh1`f}1i`72Q*ZDE{zwcW=2NkMon!aLt-CYdYsLTv%igM(FGxU;6-drIfwHzRx zw$**Ty(bpM>7>dt&zk?r0I1ek-k*IKOhz&6wp(4V^T)Za-`@8}Q`5e_-y`2I``6zu zBikQe_xxYCzTK}MvA$mSq1#=ru`|Bk1ijy~w@0AY-gwvf zn+eU@?KoF>Wie&?GvD()=x^Jpz2DZp3|p*Ar$ZU(J)t!M@qf=+*DLmNB3g~~ktY{X z7tY-sVOpc((9+;vJ z*V;)U{1vIwU7Llj3@WBV@^!0oJNA@p7(=c*(>wVA)y7C3oZ+xx?e^p6(ZezxArij1E52F7?b(*ejUS&$`3w_A0ZF=TEs5W(_MElq8 z*A?q6e9f64Nl?Xo08y!(iFTG5C?{Yh_1|ejRr#)J>rHzDQ8JDg1~a}eerk|4)H4s` zH8u{bzD*l{MTswu1xjzX$F9`lFZO4SqeYjHdh6A%4{M}4x>I)n$s12nuKY7j@On&lNpICZ31FaxdtJs^W z6fd>iBw3^%YBZ-cI;#;35I5;l8_QxfA@YKbx43RO6 z18+9Xci7mGt6FE`EaWo$XQv(p$H=cfY6cKcq+lU0&=&Z=BKhTQ`;%NCUVq*=90)RY z>D!~lN5QsUzfct~%kM&kh8~b7vyr~wB0cA6Y}>zlpjO^eT47rP2Ug}%^-zXaQe}VX zK*tpR&BYu!1VJCU&IJcGYh#D_NO6q&;zZ26yp7Eg#)87JqN4G>2U_;HkSbwmiV zv#lTYJLCc^9bo^yv7otTdGfxHzu{rYU6Cm`iK`J*6=Oi!%}+w$ZE&N0dB5LIFnV;+ zVz5jMvQst};nBPvCt;=pz+CX_0yOVXh|xBGCW>dn1eaFH=NfW@QRYbluKd%kPzbR% z15%|6kpi(3mB@$~fHqS9TKBXz$^IT8*O4eetLzgz4a#7uJ8u(gshLvj|0^CQs?S~{ z+!O9J>8IszEKrZt+L%AU3J=k!a9=aqjj+Ch5lK0SA~c)2$@lVGq|I2B5zJL7h??#t zcBdmq(7`m~&&f$a7rXW5+Ut~?MS8Q7qRVHRl(La}nmY<+B92+!c*iig_q z2f~I!x0uMrv%yrR%0MU;0iI;2I9-lLjGTOM-Z_vYnNr;nESKvlm!gWTxE>Ta3{6vb z*iH)G-){d9Ulk#Xu4?9Iwz~|$+aAUD5UxWOl+W9;opJU$iTWo_Z-eYbXvnPfTkJ`; zI$?Zzk;zMTS_V@^Oyot;Q9ClUJxiy4q~@uN;^nch4iZWQlVIP^xE-jB?s6sn+@i3+ zTv8Q6Kwx7yBfzCgU)ka`Nc#%bWC)PHwJ+l^ISIs~XjW3_P#XX<{&-GBh+XJ1^4j~L z#@dKN3s|%eGP1Y(sa3CLYYVGH##;AxLe6tA{8)RY)zbV7+Vc~CFi4G$4eis*nI@3K z%2-C4nKHMt(toV9t+Y9*dTzE7c9gyMT-ZS-M;Swj$;7R#pSgd0$Zo0vn3VSZ2zxDm0e z{!u?&Kd4?f6Cv5O%(JheEl~ka66wmvl8h$&&jRoBd%(uTfej~Hl!Fb+guK{tBZO42BtKOno{-;Ta6yPJ{O{Tp#*g54`VH&ClH`)ZyD}2>n!*Z{}k><5M z0|UCTEN+3jA4Z5{St7s_%}&nO1qV*k4=-quc)9`JGi z4j3MMCS#qohDfi+*&l4&+d--h_UXpJ;ssgf5nXo!;yqqxZ(G=+%&Tdp{Hpy5P&FK0 zr0SP8<*&YU!9VPJGkN_$N3$Zz8nnZszCJ|!uxPBhfz>PYg<8#_#e7h$qI+N>hpY)LplWSsoC!wP& zFgBAb0uiy}^UV)^_VWft@T6YCr5pPv_A@w|*oZA_KR`pkr1Ln|nF5q%iGN&giAdU& z&Th{2pK7ZhVM35NOPFwhYkMuuX(*qSoziNyPb-8_zeR=P^1MYt(*oHNjc-B*p?wq> zQZwcL8>YnF&Hu;Wr(EqKfRw^a6E0*E-=z)>>7rw(>6a@X6nEHhyy;$8t&Ps{g--X9 z*8OF1*45cyb~L#g@vXZBI9@+HjRok|nz|?N%Ww6+Wc&G>18E|K+A9umAJExA%V!!| zjQJWvv!=l@0bu%|tPgwGDrZIp`uqUk;egY8d=@^%$;-@!~D4i>oDv(7St#s}1$y1$*^C{u@_ohKTj* z5dz`n#oJ9n(qx33;%BL%qH0xAExayL8KJqE#&mlM$i=e=Z0uD*+p>tU=}au1keWzR zXGdI1z>NoDeCe92qDI?LZxP05gjuvBXvy-|geJK>s3x!`748*Pa^G|I#bXIcL9x9B z?&`KX(g|q3#c)#3qEnbF$iQ>IFZ3AL-J-{DflkmSmx9?KRLU7ukQ6K0#TrwPWNAT2 z6*cw;>Z&QG;N}Fn79qDh2K@ESj;QDjE=PUROL7e^3C)d!mS(`%4KDCR#Foc5KVlPg zrrGmjGQX@P*>V$zok`Q8OaAd*pJ#hHOKlqVxaN^FgprrC}Dd!M!S@5-R1inXUD|+$SDv z7XG34;H^W!OIti?{Sgs5Z8H4tIv$|Z?6GT~`GQRQgH5#Rp>dPs%1&K`_nY7AgMLn< zME2O|gnHdGGUugia4J|0UrrM6;6w&$mbLH7?MH;=fyA#v#MjSEFK!+~1mEX{LE|-3 z{o^RbVH)ffBtlr<(-tP(*=Hni=yB$8U(U;d8o~~Q4xd6z@6pvNjg%iQFyAgY&(LcP z1=CDx77zTj`?=rjAAa-X^Q`6rG{NV4AA+@WB4Jiux@6CN&PI~YIs`6{DL!a4_hgDA zP6VT4#>`Vk*;buNg0won4ia3W+Hu{KFNRcvikB6SYWtrB4g)K|&Ql=@H(-h*i~!M4 z!_(XaE7QmD3Dal*nz~om>$80W!K`3Woaa>C05tq^O;3Pd?hYto{gWE12C+&F1vxSh zW;UXkO2s&i>9oQEql0Q=>HbnHqoZH17lM≫;wi_O*cQf2x+qwgZR=qamK^VyomB zJyQW6!%e3Kq>cwoPLLvn9ClyjaLEZ+sj=!IYUrhLIwy|*JDqZvT_=@#F>P1$)G9a+ z59^a`$Ri2WveC3AQVUE*bgBmuZEW3Dkf)4%8}f^UHQ+xt9WcloFWtWyg%v;R23uK$ z=fy54csjQ5XjrH=F%N7AKi*#{4=kVz#;Z*v*n+i+G;P|f*&{s^`_<615day<~K} zl8UlVt)2r3I0ZtJeABvfqRn{8e!s4#jeGakBvy@8rBa}Iu?0!V(`bDPF@$A5>_u~^ zC~k@ma4~B|#Nx(Onl%}aa&u|2oi4py*VJt+EJy8YQ68>*4UPr>)|zZNzsgq?X_hT zBMxqi)a1?$d<_Uf08RL#9vFy7L9X!dL2NnI zO+8&gEh(KE zDbCcXMsyw%Xn!D*mnySy5ZgQa50!qv+gTZ{Q3LJge93T@jull;vegPAk{TvB_#QU= z!JHHM3?N{jy1R+(d59Rl+i9|(|9K2L6Vm^aIE7YdR(nSKTBu5lv|IVRx{^6RN3Xlz z*nVd)%~rqQoXXGX8e;|`GX+9UhhkT~ac#77TBO`b|;qf`~=B1djmOY;O~8slWr9eS#KK1X@2Qu*j@D z;e&NyCMH&dM+ip17#1b*ubpKj0<4-5+OtU8lEIz4xBdgr@EIhWnA`Nn*7b&{oMdNq z4coM345B~Rlrj;k>SzFg2W}rsaR)JXzeutAPJ=Y>q`w3aeE7f2)q`V;kcAUbxD9ux zh5xVK&N8U3rfbu65QP_Fo)#H^M3Qq)YQzM zq3Z0-W>;})OZQs$y{_)YTdlykv0E#NQcO>}b46^Q#PK6tE_Y9QQq>a8@uItzKlzUO z*oj>F{pVAkWgxVtaLq-Qu*=p(!g%D;f$CPot0Gxx1fO;4Ehqk-2Bnwr0pDQlG!qQ5 z0Kuq3)1li(1lrNB{D2Xpds8U6!q2H5O&C&Nl?hYxu$gnBN8aNlFJffObBF?%C3iR? z#osYy(HfG|Nba!pnX^e)Lz6>EZf{7OS^yWIoT7od_^r`4T&zrL#k&Pi(!IfeIn24U zH3tukI+!El5z=$p?i5ZBY9D5#4k2*UE$Sozyz%9l&9=)=5Z={BXpgU_ZFpt*PJDZcXCIB> z9oZv4xHV+OxmEyHrlvTHdIb?Ae{PwW^Tl#mpPmLCUl$@u(YkV8*SA$e8Bon<4^g#l**BeZb0KlED(ovpm$JlKO`chZV_nHq&Qq$)$s&aplMoGGbp z@RKSR=5-~uPcuvI>B+ej4V*nV24tfEAZAg%s~o8}>_j@UM8`?y!sVCfLhpW`?3BQ3 zt~g}4F8}$!DAJkzYvjGl($L37WF$RgN9?J?ZzfJ%fm@Ac64dZ}Ik-b%ihmO`#_+oA zk~*|9y-gI|X9etRcNPl31?DMfK?k@C2{30mK!1}RY%`US%K1gXZX{KSM_Ry2GWi+& zNV%C8Y>>{8LGSt8^7J{Ro-ps0?1FzFibwqM0Yj-BMhoA*HgQ^P1=8PSVPVsm{wdzO z3aRaRzNc5uF4~&5mpiloc})6K{GTvua=)tyX2`o0&@zg`Nc1)Kp74*riQIM%G>T|i zMM9w@gFcyh_+F@9Aws(>b zFhlpTOkEGJ1IfY~A|Qh5V1)(a7na9k4S@jtZBWf^>QY&D<@ul{FN5X^_mXTnzjZ-M z-8&3G2WH!!0`DCU`Ncol2_B(or{Zh1+YrDY8E&8U3)-~rT`XeZ0<;rwiXzm~yj&Te z)SLPSlzLWZme~ir;3b1b`yvSNL&WlRH#Jkm!3B11_nfy< znQ$t#B@MJz4XU6Ct@9)gYeljQ1>GXu`CdYd+HU8Yxo$OKB6^|q?wG>~8TLCOr?abe zmT<<=j~!luUw_QVMph>4!(ThC-}psgdqi=(u$GcX`eI;B-+x%AjLhQjnZAdgzDJ*o z=@$x#;CR^p?J*Z5SCxUPhUbJl>a3DwhEj_(b)stW$hT&VmU)6xpP+W+=GD zR6XE9fk$}FaV3tKp#yu1gxs=4)^J=MUT7QX(_-~|CKhM?2+(Q+j5#6jB~enE5pbUf zgBwE-{TMf`fc^@YF>1&bxJkG)a5Y#b|7r|wO?>uOzfa>u3)d-kjrVz>M5TiGb z%SJwo1}_EhsN&(>npq({J}a+|HobIy*gvaKDp;{(25G0>bL1H&4X~ZMjx!aVe3tD_ z0$D2;ka-q8H5^l&fLvS(LX9hb4^O(dG&q-3C0bJ-*)Q9`1>6mYH#7(knA!5TmPe)y z_tH-#NJip_7eD@vP+v=wjw7WVtRzhw{t2ii4!~iEb*!C#rsZIWf5r-`IS_qP#x7;qUoA!ef4SZ_k-OQZFW|L$gfiu8p7$5wpVu?7z&WYLfq4O2C@?P|`p(e=IhO(s+9u&aolhg8 z6TOk4y^VwdoJj>W{I_AnRa_H$324gS!!>9mh)=&1E_0N|0=Bs)i^P3Zo&L< z4t~b~_#Sv-C%B7vVngm2P-N${g^QR0Prd6j+A>=`1*rA141sH2R@j0rB1#wXbC540 zhV2$g<=F}BOqlCkU9=ODgA^?!jZ~3<_Br~aFy^xAYdlY2jF1S{9sSCt&;>ecn;9;ftE+5$x-%UeAt_`^4?x92J9mZwY~Y92aAEvu;Hd`u22o`xbiacW}J z(MrVpZCt`r?B26obAPeF;6!K$U(p@F9yDF*P?*j9+Cr%l_&#|yS7v`oU z=$^wG3;4<-?$vpav_O5-vQ8s4>_IdBJ7WUW@M1*yUhgGQFM`n4w)H!DEPlwwzGhXi`-jNrZ|9$aT2*R;9BXgl>gUA4H)@3TJ0m?}RWYB?8 z3M6?G25~Uhx+w9eaB*V5biJ-vA+7O+^ca0V^>{~I*O)e`b~zPA6clzYrmbsEf3_Z> zo%6AtzJh_V!_UB!$z-Rfxnd}wRrxfgCa8s7H~_RNU1vf$7YwR)5MtQsAz|}pf)eBO z!js2p=R~Sx<(I%STBzvty42)jhU4EKj`Q`=8PxFi#179uDe$x0a{(PmjINDgw3WIz zk4lk?A#s|GnAVy=xbKwRy#>YV@K9g=s~hDvU7-RLq}3#v@*wznMiEOsrfA-B$n-*l(c2dZDKA@O)<5T(flR@6}Cw|`#NOvE~-^WPOh>-kj zFatC)6&eK${}`F>OBs%O)qMb69fHu}9gec^A@`0pS?-krUsZ_VY+$!}uWIbf_iq>O zv}k1_UGjjz{F~&zSF-6UmP6FL=jLYxtfAZ!{H~!~HTPR<;#ol+E*E@7hIP%EM;4OH zcPP3ZV-ltF7Rz@))0ED4kTlJo=2m~Scvk>T=Y53%o!A~Kk|fCkI#mBvgjXp}=Oe-| z2p)uT;VEd?)Hr{e9ZUi;WsP#knv2g9(CAp%o^R%U534Ebk%O^85Y0n~=Ma?omWpd7 z+-eh3ZWsGDc4;tYQ>iFl>-Dp~m#@Ks_1H+WWpBiC>fWBlNUvhK(9&XR*RMmQD>(Wb z_-bTf8AnhmFBDfqI;vBQOzqRKnWU;uV$_m4&lL~%(RR{7PrZ$HFyO1_c&K9 zF0X;e!|7{2MC|G~A+CgI!41_);Q#!e9UFmNZP6(;+77Ow zZgzeVgv;PTk%S8+1fn`DrDTBnIv-ihLJ;Ji5g6j)e{;C|x{FaPY4!tW5!E==uiSg4 z`wH*y&0blSM71_A6`ShEz*45rw5_ubH6&avhD#36ku}2<(-4sFkRmpnS<<-vq&DIe z_P+PZzrL|bAD7r?X5~RtKTJH%T6DE%H6{n}c5iKh1k0R{vvpw`lxK@fhjofL&AVhE zPDqoX|H;w5+@EB;KhvPgQ~IwSFg!vwia*erM)6nCrV%HBHiSdXMgfIGr2!s*B7T8E zAOoJ-0QLWYWEg(iSAPh9nQa$ZEkgzhu|W`P3{g{^ae%M$X_Of==*xaux-aMYf?HOy zsus$(v(Ee_)A9$5>0;~1v3-6n&X(dC75mvC+3uNH*BjSfqTs#3JxS)n{`xq+gb&LM zj<ZN85xk96Xt8m#4Ln>eItXJ_!nt$>n%SA(P|6CJQnuL$DispzUe3|TyX4N4XZLXxB6>u-FCY@NDJ5R$ zn{@ImG6U_^{EI*1o4kzjZhy@!uGc>yPVuMJ6s}^o&mQiAkBbzrZBM|NM&)7Dl*e?B z^iMg=?^#ab^cV&Ma-$7oSzm3)SL}pga0B61l{a9~8j4;*Bsh%j$z=m@<`fXL5eIV{ z=d5RjBMpQgIiNoIlta2L7s)mZAjAy2g!cyM1Q=_ocM2y0OCY6?QVMgc=R4nje#-Hx zxBKyY7VKgwbVMpN543KxY%#DdKkRhM`7m96h|MY`5z+#~yZnGiMlLje?q~e*`$V-c zXg0ramuH9w28iribzl%Qo6@q!nbxU^kmOJdfeh()U3P(>;!KpwPMwko=pXn4^Msw> z{z1@)N&^|{dS^uM_CHa(cbg*xEoG+6DgO1E_nQDAXw#L%1C-!^xF5mg>}3hsFX$Ge zY5fx8xPbTE!d(r^;O___WrLXN<^>}vNoNI5t_h%43MtZ#K@9LiL@3fw-ULmJRe)vr zlGl%h&Ys-3m^ovLg*~Ad8$ZM58f7l1l=`)@Xk*b-@E<4FYaSyT1K8^kG_5Qq*K%c! zE@kAXq2}m$*a%7M(Hz7+r1=`uSnS~S+msB#ymJ#_x>{amnM+oMa%P$n`J59|k+e>H zVy`rU<1HTv%B$ZAW}+N0>d+qI;>g?8GQ)T7 z=yX(<`Kg|7nlP9Wr-^Xsz5)AWEW4=QNpPoo^!U5zO#y%1CfuHG~$^q6Y8i z)m+Ea(Fb~<&@P|h9l*WYGRGcE_plhppesP@JAW@<`?)4gp3nI=VgV89N7Mr;SbB=MX{ouo+Pt^tPh|p7Y?;K-_Z=MV026SE3lj0*t0@>qoBL6-RO$GUrK-a2$ zUc-4|*g^;DIkA$XwRba~L2-(Gz?l+ZH7vvA`)i`$F*Kme>Zio3N9J@9O)MxvAS z_TCrvu%IZA`x`n+{l3LO8sC4v$oTc05)nC(o#0cVKXKVsg{Np93hm0(s`GAoz=>C5(9 z=rkDj4(Jpuil8=pNu^Zd#w2hi>%RgCq!Kvu)Y>VSAYLX}-auItS)P<}&fq?Q2Q6^D zwLDt3mh8cO2o4NffshEYykKY#8~%|8D($kww5}F$DY>E6dj{17nN&Uw;37YNv)igf zMN$1In)Atsw=VCuFo_z8J^KRV2#_=ZS^~dK)3NQAW7JI-@h`y^6pH`Uvq%*S6K!=? zs{~lh=8sC-#{IOKqWb{9>eW6P@VnV+l3_5f!Clf(9~0u zVi?fO-rZsB@sx0dO~v22TY#l-FZ*4r7o-y)_Y@HY+UKuFX@ZiF^m~F*98J8U$1>Cr1nJXW zw4je*n7yAvJGq7B@Bf3LKot}(Mha9{OCb|hABzbO7~_YS3xVcNF?uv};IR(!J&Ehy z);gNBh))Wj%>3(unkbv94vRxj`8}bvjNK(Qz@FTHh99ak!Q`RIP*#I-Bjg^OtLK%) zd4#FnKk9cK0-vD6Q*f-69_lbfTF%+OE!AR%^XP213oqmJS z(g)7+=n5OSJ&X}JH3fN7a6p;}pRG4qhrF5VWjQ`eIN@J7%R-JC0=K%ZC;$HhoE&MM zYXAQQPL8p316}FF+Ejk9l$CxaQrvffL1&SF?PkE~%D?APCt$noLP*f1r7}?7b@ATdwDD{qo%h*+i6{ zI6cg#oi9m*pn+VO0GksN7=MBs*}H@7BYo=j%_ zROJRgX_(tfzmyRPYBz4Q8Jq%{1S)n^<~OqOeKWJBZ6i~)_Y5fEP=ONeHwG7f$v^Vm zsL_vyNM$PrH+1XYevtE$u$Iqen;#CI^K#5T8SfzoMVZ{lW;^_oip@5Da1h=Dl-5lg z-UC&W%H&2BF8Feg#C2&QQCSzNQd#cDt#|y|va9OuD~ZrtWNT{kcm2XG2d50^!+aI8 zfch!)sjz7N9ptaL7|&vDEq$j)v?59Ige2uytRW24zg@8R^zF6f*V3pU;{IanXvzPO zd^k*dcG>S0Xq;`nP^^TIf~k}~L(;J$_(HO|N9z!#wn`b3esD)>GdrdFz@6F(&*n~@ zP5R-EgbhfUAfLO|GU1yFKfs$H5?lJ_t#w`&?XN-sKev7xx$fh$Wn7O$IvwvzrE%MT z=se*rM3l;sT>)1eX||j9OE)^CO~+gPQKo?(%ci%qPO!?|vNAw$nPsfw&_ zr_lf&NmD=bgif%ZY}3c29pIca3s^WYhSo#vs?d|Sb=!-t3iKe-p^Cac>~|d>pS3OL z{AoCRP@%Z8=n=q;mQ`pmN&2ZLS8~1FyM8_}+70qO8_|+LgbYW^7e?rz%1KLJ?Q;o7XU!VxFIEGE5z8;^o8x0xSZzWuZO zZx)r9@)QY*`2G3oJa8vN#jBnxl0DwAgoPJgXJXn^|Dh)Bxj775iRExM-~AJfh}pqy zhBCnWELO&!yK1X>Qof|&pK?@$!0@3od!yh!9qX@p`zZ4uhZRk#l$w;(fi{qet>9B! zRx!47s)Gp@YHW(tZQ(d?+7gYa{d>}48dAdJX^cz^O9Z8Oc)ka1-ArNLdSl}fcX$2pT z?ht)h!1FcXWasJd0THh+mm9HZS`kVFHF4|zHKvGiLea)ol(^-TcE1<+S&?5%e|+;1 zMNO2mM&mh!*@i8ohpWGiBmT0vHAK!Qn?`f=e-0`+a#@M&!f-pDSKNsyb)(q{E4ppD zfbwI}U^R#dq+sPCo+LmoMDh3X%z=rYKMdAjOI?Oe5u|K<@i|U9*R^o_;}ZZQ3Z)9y zbO5rrQ_e}Axqf;$K1x)esjo`@Z?3+&Rnrw?rE0L%1zX7~(HDp;rM>^mV`I;7%?GQi ze2j`q1F1_A($X0$r~Zdn{G?f$>{%2`Tu?3T)aqm&R@PP$2WE#Ej!p{jjB%Y_ZD@_) zw;<$3Itp(^x9|VDG2B4MnW9-DX<`#iV9V=VMK#(9cY;uc1}o~EYMj0f)$n3E&O)#8B=xo(W)$=PEqD)i&a2*`caJ_p^hk!A<_}7q{;{l z4p3-sgP(10vkV@!-WfSl{?4ZiNA~U>wx%V32urny7ybmQpujBrLqbjI7@-gb2gaoP z2roOpww$4thc)#O3H=R*oToXjl^uRQ-^d5eQUh$ zBGXVlNvdH+gHKM-(uR%jIe6{2MT!)ax7ya`l^&6pysKft&R zb|kp{?h<-g|D^q9GG*)u&{PSTI9Se*vI976b*#eq7M~(rwxK?IG7FiTFY2$QBK@qR zQ_31!ZH}6gxP^k1C%WFh#bna6;T5tp`91_bQj9DbIes~lgi5<2xGAQYsN4U;vMtQ# ziAVxGnE91{tm;cf-mrxw>w&*u>rP+g6=974Auq8#s zKe`B2U#W=c8uQ(vKC9Pl$y%I{E+-mld)QnHANt|JEd4tyXvK(!TgsLSFzGv=i%(V7 zp6k6|F7>~wTnF-Z;TP&yXMcxsNOwk(PWQTB?4ndQIRTdUO-^VS613C7ncwgdAY+0B zJn#!bvxSZYo&uKl@%NINp!#|yLk%~iWl`u6)dkq=kCVH6EX>50KvmCyXl#i1Z}Ur% zLOI`aUvJf3R+-wQn4V=>{f@4aa^$7F8~?DWSn~PQ9?RvAkXv zXpc=R1x~37Q=SUs5Vt1kiZjx^TbHSuoB<~4Olta6Y6)&ECIE3F!)<%X-F4K+T$B!d zyht1j#b7EfIf@nV>czh!3<3j1DM99IPCF-Ti6U7ERP=$XxC1vpu0ksTocRqe0Wv0- zzyrUa%`jkLTOWu+8Fl&0LqZ~sqoshVYuMVo|JP$+P`k8aT9|om75MqB&5YV zP~hC=+O5J62kEgX{~+0s7G4xvsI)|xu?zn&3=&nX8n8vmv<#KH5zK&{5nb)4=v$x5 zw%M;ryU=XIqMUiV)|x-`^7gcA!6Yn!s10z_EjpzGL~Y*i5)~IsktrP@YQtxXf-7N( zhzz6Qjn>rUUr#_;cL+ub)ounN_cnR*K){83tcQ*LSLu?Hn*MDU#+Wk-yCH=>K8XMg zl0G!u@$tTF7OY&?CT4Rrkyo#cWO(w!HKgdE+;uKt6~|?8sMIlxl|$jOg{U7zX_(0v zO7qO06(S7FFjlXaW!0;S>cM?SkIzqUe}*U(X0*9KtykTExTBUU(qUo0E<2A#QIi-P7H#xWm zhyP;#j7*I+LW|Hxog=;i@@;*$DM_M0wB!-!v~d5E+X0t>pj=O6XDS*&nA+^Z4FzKL zZ;bVVv=8@vU&!(ahzgkriWC2v??}Dw=E+wwATEXI6W%`yJe+3MDYa^9_=D_B}SxtK4d+&)j>4Bi-|Kb{p46+h&vo`hMwAnuXBL)b{fNly$-brnbKIY$;iqg4o02H+rL>72taju#1<$@}@vFa5}o#CX1-kwV~5cpcaXcpbh09iw{@>S)X@>UuR%2=q5y z={E1M$xHEHrfj+LPXQ!3ILsG~FEsH49^_&OS>A*yPmS#Iw5+zv*@*`x1dZh5xJol1YrBH@Z#2Y-$Lw zW2NV52@At&1pk5xouo+ zEl#d8CDCH(Wg(Hn9a;0jZ1q?Q%)Ay5W5{T35*Y86n9(|_+$wiv&nWHQ`v@;Aje{85 z29`6L23OTHN`5IvY-re#uBwk@0oXnrHgItyrdEoRNAek?sosc~ZeUh^EkVA8n!YNB zxrM^Rk6zBL#`!p7L*5uk+Td_HMB{9x(|0zMtbolQJiVWWNc%ZfpGpWufVU@b`95xS zt92EoaSm3-T&9ltR25Yj0_C{7mP}A4yZWMu5ieZ63A4dSMuI_ok)#GBt$vFWt{g@a z@z1vmLWn{CnjCt_45lR{bjIc24pRCx=XzBkebGz6=5VZZELg|f-HNY``V)F`!D9tD zNQN4MiO!2dU4heQq$mbF$&*!h95%j_?e|3(;;o?Bj*5dgpb8Di!l`lrJfOqda7ccB zmI1`RH3}nz61x%`wiPzV=nB24p~#dF%&4JUS4xSWWo*qDNS91W$4H*o;mR@Y)lf{A zOfl~MZQ)>^*tjf%t>*!xXWc@i`dixzr|asyEF<7l9`p4eZs7YaYV_UqAb&1LyX?b! zeK!ySFOM|6rYPb^FTgx%pCRo(5JFOsQAG-M%(goVThILG#yCx6j&#*SfL)itP(lCs z2aCYL4l8?BAcd_s+1;OI)?I$LWu@m6@8a@Dy(#egzN+wkK5qd3CS__uKcy7RLuyK% zn1NIBt~9fCPx^2*wy)qv5>xVWc5v5pW^w?6A^UIga;1S0~Zop;moE#C7^BC za@#YN7-31t2TISn0Z;6l?-@w$B8Y1#w{ve~%77Bx*orUGq~LEdrG45Y%PqG?{?vf3 zQ5N5;dLW;0sJf&~ol=0cSet^CIw8lG&L!QjXT5E(-1Rx;KJB)n!0zW8ni9XnRQhEI zh^DM%-X*EGn6jRoou-i5_e3oEk|eI_4xCi*$46YRpequX_FLG9;Xfoa#uAZVB_Kar z1FH3$Eg1w(=aeX{vujRw8PutM&oS$a#YVzny#t(8aarAvS{ zwWMz(v1Jh1ekDVf0)6Nm9>!0*Z*fc)>P*>jcON)Ayg3FcSUy zeq6&Tc%@lk6#^?B`*9j*l_HnGorlvv*;apk%M4LIe>fx6%gX)W%tfLyq^qx+#`ee2l%H`6F(?)D*p-p z{%(51^a)NycH<(pLTzB{5jC#Q9;Dy)DzNKQ6z$ zyZ?yT8Hk;iS z@GLDD9*KyF&dvChHd$Va*An6EX|>(i3nLUEA5Y%+w0ivUtyq+#tJ!w=KfHD|0iCs^nU2xc@q_?#UV1)06T1 zlH3RSD04o=HiT?YPQq+G)+xNgDQNkENy_$5d+m21e*a`3f$OcD?H~cnV}1t$2`UnC zz|biQSrrTFc?%C6tWo5Kon4B98rj8bh2W?wxko}`4Z;Acr&@L=@e+7 zA$uYBpe6lo1!ujRrpCoAOyct^pKJ!JuLPMzlQHto2Bqqy${&(0iw{C9uF02y_V7cD zrE5)%V@pd#PSnDPW5x5@zSwG$rYd!H;~44K%Nq3h9cLMr84h+p$u*g}!C=&Wi{^2P z>%_)_4+Sq~$kTz;>2ejPe)HNVk~(L}LQjp4DVmK#Z5d9eWwhA-`y*ZXCJe*(aN^?T zRG(zb3AGrxSz0L9IiG(RK<9bTEkvwlOl}ryuuqwddFWW^xjutpv4aM@Ea>3GCM(eA z?(xQA``q%;M>C;VBrmaa?H5|k;iO`HxMY%QsXNow+^zH;K-%^gB2@a`;hWnGe!;6_Ah z2CMEY_C<^2SlLG!a*4Pbl~U!iDLS~On#q*jQJwWpe?^uko2ZvhIi=grq8b|`c3JfT zJrucJe}vi^3Q5_NJw6@ACYzemQ0C~0FQPYxB`Qy^S<{g{Wzaqql&yhTwy1E=`nK!c z6OcmK&-#$h`nW9TA3VF(_b!#rmyg7vAR+t=5g_&`jI8k-AGuK0oqE;+!*Cc?0c;|;hL-jM$Aima;ZYQoB{ zuBAWepJ4i{MCNJuY*h{aq)vMDu(^Jhw}q8V!E)b0A-eX|UTIF-(0(H1x*{d!CQ4q` z?gI_XJxzialdI^~zOEnoveHQFNp=b;Meur9jH1Y&Yftqv3Civq3|n{p8#ILD=HpgL zhk%bDt__&w$6?2{#cXSk4AFx_$ru{4PEh zUS!t`Zcprsu|8gY3jM=BMwuJh;GkSz zzbhd5jYRQ*(ZmrG^4OQE1j!*55gJ|~z0T_^nvBjSW|Ru>;pq1BxxTr{%cj8Kf7x1% zNSHLYVNo@*ib=c_9+oYi4m(Dq$szGM7}QGqcq`*6TQ>D_zZ^`MUsnTGNxPnVoTB)9TlN<)h$Lwl2c= z^+T}P3Q9hBr%DZBnX6eu0m}p&M<3c|%F?7pj4zRb9*09W9&T%|wu*;XT)VG6uF2*dFiy-X&(Sn0npqZkZOy2c_uiLNq z<|tj)$YwT&fjWX@4b#}_UnMr#`$JGqDmZh?6)|D@`ef8g+I2PEl5awJPOo}qt{h@E zm8@1J%E`Y*AGC~1w=B?%YjZ1@*cUKxGWNg{{1fy@o?PFwh(Nw*@gsuokxHTsq`&1= zv3xkTLc=Z*eDt@A)N3;B`dH)@S1f?$2iv2Ji;_Z=b0#RkcG!55_1~>Xr?b_}W71qC zXofyu_HWK)JR1WIT&a|mm)+6blrRy&+xuJ;LK9*J@~?zMiNUBPx%YMVvU~-|^b|V> ztz~UC0|?#6=<#l5n6MQE<(0MeL4X6kONW%*9UwlPOFxFI#hwi$`lLoRo-Zp_{(9BHaToNcTr-1=uh?|I*U|3DYsUmJ8#OF+6|dyYtnr|BaniWz zdsxEShWA2WcX;$`IV-H=bt^sR)%T$>v*b~zy{oC-xCxD)&4K>=s%*VCz5GK*$LsA? zrSIcOt61|io;&b|_-Du2%lFpSkH5}V?_TdN#_rC9KHYDe{t8BRKU-VzetlVeigpNV zO`JoH0?ypCwqjm+^EmJ;IO3I-ie^1MEBxnE2bRe|B>hTMt0>)(hsI*}Nzwhzoe@x3 j(}h3n&7=I>kQnIf>}-0tI0FFzd3}}l*?!vpyrpRjmt literal 0 HcmV?d00001 diff --git a/assets/rancher-logging/rancher-logging-102.0.2+up3.17.10.tgz b/assets/rancher-logging/rancher-logging-102.0.2+up3.17.10.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a1d7046ebfb41cde20f363f7bde624d925b61837 GIT binary patch literal 14324 zcmVDc zVQyr3R8em|NM&qo0PMYMbK^GBFuGqK{fa(va$-9p%JOaU>g?>6GndWO&c$UrNo~#M zu^|$Y5R(K0fbuBgoZtQyZX|e}?K( z<|pL>vA^uyxvg^N{v;2IV=9m!H0Hw&fR6+U>BRGq5Fz#m?W0uC9*Ma?VK{^myYze( zJd2R6d>74gy+@pL5HzW?|4X-ascoL#{FGdj_!W)f6ZOQ9& zgnKj0IHBy@$ZQEAx#61P|pujE-)L1^rk->jIcn1T3~ii z3ccO;o|?|?dkgx?aEKAdhM=Y4t*s&Ei6o51ttTiAYm23%=hG;mF^)yn!}^j57Yw5) z$N#_^JoN^99h8ut?7P{ZgOcQ@a*+UYpOHkUm(OV!Vqb7TaR6fy3e05798yl=2~5dk z8qUF|@t90fhDITV=Vvdt2dDG~GaSHZ4&SRW=m0#I!(dqq-Y1wLL7CSfzHDkLM8b#t zzAxn^_YC3Ggy9?u-Vf=7s{gBz<+DlW8qaSi3;3|p%jnUAh{i-vrhjnkr;Lbsr+zpx z0uA=|y*+RL+cdFsSa<%H<^K$YDdwA902a&t!QuYVQCa>U4GtgW|3f@m@B)uf8Vb-O z4`a$KclKz;^jmN-B^(F`1phjD`=&RhEJ8wHHP5gt@B;fGVi;zK5jnLu2nr(%iJTAt zkXTTd)0Bb0Q4%77x!371oP@+j&uJ>9#Gun55t?AR5;2@mE@#F(n+N@fFh&^;dXAv% zm67cL2sFth1VEC8;VBJ?KOe&D@jEI`8Rj?^oeqv?L-_DZXGX&`!rb}$t;9&b=-`in zp%XSyD`XFPIF|kEg%|~x^{^BiPG!4UZ>@#d2$l3gUh8ZIP9zwU<8K+@b zd6_Lcg}0rpEjXnC_$e1Of)I^x$U9qGorDH&)Q=&2`lHiv7jpGtOAd)#Se1-}lxz7` z6=+*q9iL$&@N?C~8Rj%)a`79ZkYhPU`h|uIumwM3NO_9Fa1IRnG>UK>Kum=kah_nG zjOP#-w#sTNp)4qb7|k#U$xcYJlTTyr6Pj`b+MiP5W5tDHDx1N~)4Yd5PJzS{RgO9M zQxyC9UnV%PGzJ<2j%S3?IKr{ua6`ltLL%201v^9K3GmdP%I4pam`F{*gV$rpoe)sC zL2;ocPPH`Fy%h?%F%3g{qnEWUx#-IxDEKwy>U$&`h_R13M{NE?^`GI0s@`MpQx?u) z#E_!RSguvy{d|6XK%M>taRW3d0-TVlHSTZ(zx8l9L1_*^kC zWwMGS1>qn}qf=Ri@JsG?eUO)x;iLnQey9$fcn>%_06Px!qQlf2;1M^tkQs~<1{dYZ)yQZBs3FB>Va~ZP!cIrY?sN0? zIgJJWC}2v%fJ-{{LOjD^rYZswf{{@wjD(c}ipEl^3PfVefMX#@JmFH%Ye{MbL9t>? z;~t|_C`qd&W=aAnGWHa>2?=0-Z*R~0pWWHOJEcJhum91D#Fi92i%B35zgC1$$~W%G zu4GvDGh+A}Zr?0%rRLP+*a9i;Pxw0;pHV8z+^}zd zbK;bd842+OzvMm&k={|5-br-?1@GfkX{4=bCl;kI+*~l-f^sZx?I`Ms_)^(}^ zv9q=O>1@H7*83_t3;d*Y)vZ==I$Q8kbrb?TN+*)*Q;uOArZ^V85fPx2HV$Hngysdn zAF7PzpSuYb$j^Hr$oe?E)EVeM&Fb zdXMsRW_wX{Q-AW{b*u-O`#467&?mC8RQqmd8U_%OYX!KW15&}XuM9~3#5AF?!v;A+ zB??`|JYCO}GA5y+`B`1wodv!!J@wq5qIjYip{o~dDUn_frgXS@Mh&Zezfff$umxa> zwC+5?fyAl?hTe7nuxo63D_QE4;W7C*gswmQ_rKM5j^9Xyu2z)jeULUOD(<~xIHYpF zG&C|}!S3!?5=A7Ka~k(_HIQ-CtiK?{)X*4fl@h&u2Fhu(1y zg$apq@2Jyp)&o5W&dmlzGf3k)QX(G6IdrKsmmzdXJf>aqKElzZmYkPrvonP5(cAC4 z8vK4Ed@dMCevAXmxKEkXVePl;1KwCG(>E@0JRz~%lo-L;T>=$dH$laXUnY(8k?PS& z8d&Ne`KQz>wAs&y-WvQ9cOrHh34I~QQW?M%Wb>i4hm()l$4Q>=F&g5MDlf^!Xqbe^ zY=GR|oD#m-+nNnst0u7UgVvy5e#Cw%)PkC=iClpOHD!S&dTS<^V>4Bq&s^21 z0wSy*Ic4p_9A~OCpd<Utd` z)@3cB8b+$iywY60RC*m}%Io=aE+|72{F72ijNTTK8ICdMr;Lv5X4g;7rO?k9M(?8c z5BCrE)El*TM&Sz_qWL-YX&mq&9O!QeW<)9F`t9JzNX*QLpqnk5j9k{!Z>;65z`i6- zQgMMus8Rb~i-qUYG`_w(C%@-Y!+d#*J{I4<#nI*W>G<-EktF7A8VVxSmCILQ%BR`; z^J|h^zM=8t@{QDG%=<;Sch;LUb$s10VcJiZ#X#*;0pkbxX9i|yD8(lD@(rChv@>rm z|B2@{Z!Z{$O0Q25Q=2Viri2&o;obWSIDdHo7eBl{haca)d3k;g|9bx;{PW%WpW){p zPA=51le3rb;{EG)|B#%2uICtx36>jN8fzs_?_0n}F^m{S*LESxbuk7$l6rg^~J2_zOc4sc*B(aHp>6~4|E#8`jGwd-*j`+A1TeRWI);ExG4cGFV( zwh7}?%FLiRQ2L}l#s0NY#I8^xl@}C5*o%Uz&Q@mIEH)==DU?QdOc{oV24p+J}g#+ydvq za71S~Ynf_eb%5h`5T&9_VodKX^wIzK5Kr^?Urun08SyWz#9P}Zyu|-II5;Ye z|Nh?L@zLY>Kg9FtQ&0O#Fmx+!Upw+53A@nyMt#sq7N~Mf;vkREiLgKc5=bf^ zPI%3yPvD*D2o&#~eGPvo%~hKpJD)xo6}uKeRj3Od+yaRMxdk|s)p>$_V|$Rg*t=FO zmUdE^C%U|){`4txVb`FPL3u6fpJnwVl7IYRw_g7g9 zw~$(RZIKM3SJ*Gu@`aZ}Rb9}3p(s?;jSYE^UGO*#R&7o1PHNlCHZH5TT>44IQa!Yo zXtSpcI7)cp*=<>=gfVDkpAAIoG#D;uZh2eT*gH-Q9h9KW`Hl$?Kx+QqBaVX;-^ZLk z*KAxV*b0}1UgiC=&X8=wZECzv3bq2s9Hs0U%SC~y_=ii;ZWMBU$aZ;NWrNqIwB7VA zEL+$JE-qQz94;(d+A!MAmbR^xfoRwDY+P!#y;5qe1nd?BJr_)F05Z6xAzB5^jOJw| z^Bs6Q6f;1ZLa;c{St(;#z3+J z(K4VF5N%pcwtX7=NWivj*D=TJM=+MUJkFS?=(~qD4S~98gpixMX&Dz(UL=I z6@<%G9mE?3F}QE_$MrTl2-oX_6+xheDxTUG?4~|=<0LL+^^Oxp;lC!3Yt$v z=O~75e37bE?daloX3OAs_7h@v5HQ=;X?`qQbMk|=CX*-$ zafD+X%;Q2&LIs`CNKt0nZrZmcc|L*%gB^v#4%}wJ3EKhj1?)Ju{6pKEEIxdS7!E47 ze~yK*MJxOCRjsMY?YsHD1jGF{7@9D7#BgRD2PbL5Y1EV)K2uOFrx_IA&oB$oys0S@ zy9A#;S={sCl60{l)y$awfsx5n=XfC!^lxeoH7os!8Ea{&qSae!kVD@HLmnld51 zkwvmD7%tz|O{g)py|QTS7%pwg=OyOuEimrXO^I!kB(foIiM6VN*5|gfeW}j^`|lKo z31(c<^KNY{%m3Ls9+d3=$FlgN{r3SLEz?LeRF1hZ39*$;!p9=3WNS`=jF#l zrEpBKGT{O>ad*m_*vW)O> zq1)@$$)5ghCyS4@ZH&_}oWpM^3RN~Lpd?XU@H#(Z4PBKNvJKfC4kN6c%bZ3Sa^Jb` zxLJ6m@Kqs8+K;SUtJ})Qis8k(b6Hj`RtffZyw2+}m|RN@#DpT*U`X|jM&*TUPC5lk3~ z#TdF@^WN9ITY{$BU4`MA{??3mYO;K@IitM|*{sP%JCA@Ru}M}{!L}(01&M1s7Ed~q zso+(UNE|!?1QCjLQWl+IcEgAeICh#VkOWQ087Mnp*vao-P{(Uquv`3tP7NPrGl&}p*gSm{mLtU*oE%%VRh?Li+rw=yi)OfRl(&< z1S!C_v;A&e|Gga-6^Tg^-7a*!mYBV^?f{iSo#VAa`_DB3^`i3JWLmg!mcXrjYJ}tp zKw~GB6#_YZ$S4(r##Pzs!m&oHyzQ?dq_Rqe&s=9_Q!KA!h5d?qxv}*1LC)1#gNEfY zi`(#7hQuuh%wojm##qp83KP}kyCyhvXIXKV1bHR1P}?a`L2P;VY?OP^gm`Q13XQ{? zhpwv~iB5A$^t{Rjc=4!aZP(3mN7O7D$H((b`{v z7a7?TVfwOkpJO(|3SYhnEKQ>f|CSPl1L$UnL*R%%vpIA|GNisX8WNsWzAHYBns*%+ zDSdHO_OV$Rn`0h@Q7@zu?^jOal_*fi6WJ{5D9~O=CmTYj!X;U$I?kA^%@p+*H1frX zH7SRL3yF$3RwGf7>^zIjo*}|$%JY~oNNB(_L$r>lZlkChz?ywNoSvMWzdX}vvq~*4 zJl7$es86rd;VSMYh9~%=`gSJ&DpdR5?Z5w3Wmf&|!|R`4zWQZn`|p1hB*I*vDEZsJ zgHMNlz`uh}`+p3b|L=JJ4n7_K0pI>zmYy<|K@$WGnDX2 zjPm<0OoTZ{6IDcEc0nS1`A4GBIvy5`yw>uE=i7FZKi7NBey1jaJ@%0bGuip;8K3~?cES;m;D=8fAj)3>| zn+4L*=tpw?*~}@OJ~~&%tt>Mls4}{ltglMRB?U2A8~s&INAa=@la&f9inOk9!AR7; zv`%YLJt=H7YDLN`1r5F@0#vjD(5>@m|^g_w?xK;L-p05Kl=)vJvuKLtCfU>lLy-Q~{KVDP`n$ zwV(5@ztaX=oAY7L(K@3cF64bErJ2z9!m2Mrh|@4M86ivaAu`XF5=kr#u{uc;B}AR@ zW6mWjrSPhE*&!0V12DsEWZx?-Ui}&15Su?ISg3#H4nh5qnDcFWkS2kxaHC$X-n=^F zlVS0BP{DDKP!bD`N#>|AKWX6p)lV4xI4`1EL1>k>XE6VK9^S-bM)}irY)T1B4?Qb8N_O!$<9JE|9?EG~^F4 zJq(6Dz#j#UxjA)i5yD>rKI%ZvXyFh&C_)c9WFu3ygu}0NbpLJpl(K-t?uu8%MEMp= zxO}twO%>W2ld$c~D~whTVk~YbyC(6Zu{9D;80Hnk?}3OV-1NDJHR7BGHgsGSA)7=k z4TCpE69j=hLW0*kosD zsx5_H)wF76AlyH_8#h&rB$vDL5s3rC8eceih4)7HE0?gJzQnF<94{v_F@xtsatd(AhM(?3?U_1yI^kW`(OWe=`bNS+st zDAq}9>mXJ>&17-Fr3tFl1}qxlGdxzOBO4jDfV>@ms&Q>CoI7rU+QRwIf(_jRvuytF z@9&rMKL!Vn_TLA2O7p+&B9P3R#njQmUnNLPpTJk6xzO2do;nZR`$tGe(3M=%-&K5L z;!EKxTL24P*$S5WP|eRxk^iozdH(0Nrn^dkCG-FA>EY9||L1UT?{WS=#N#gRC`ov} zj=#vpzkdC0Ug|2V`!XM*Xi@|IaM*=sLg0cCDSj68(R$SKj~c5B4AJe-HC4 z&N4Qmj;@`+?yo|9$CTXq=b2FG_mp9k4;5n3)1DihP9p2oZXn7UWDi~QOlL10#%qo< zD`!1A2X?7-|0h>;ckG&J?=$`MDM#Ls-T~&qc=j91*z4b%1}mq2s#{mOl2+!0zKN>@ zu^b}YCUXZ}7qVYJEj%_SKPyM&xGXv;N8(yc>U^}n{Fgl~iymF8@t37+*!+`3BE$n0+Pjm}Z}!Q${b(1@g@`F97?8M^BHl?|PfT zFJF<+v~SKIQJvAo`wy?*o&I={ccgkMg&Cl%#08oZ3xFngzTOqTI=-jkwe;@Vdal1* z>Lp#ixjg^Z`Nhk(FD`$4_xj?Q@ef*^$>YniOrQ=$-vU&lc?|-~lGSSAA-5?gU!t@8qMX`3BBxID@>*52i z>6BHE&-}c9l$GG-H$m$T3N|-4BkAXrxsKcwEmBS{l)KqENM*tMsDpmir=|XvCBoi= z{&zg6(f^(vKk9!E@q9`8Un%}jvD`VX3qR~OXo0<7Y06?020b*HFg%f>r&|m_tW>p9 zv71>TmIeYY)I{rWSQ^Av8@Q$}5$9=Sc3*`6fNgcmD}3c$7`Wc|h-0N>br)^jx;sh& z^C{XtI_7EQ#A>WXS%9|G)n&`kitCWl4bfX1zLwdOmW8b?J$cD11)|lTSloEmCM>#d z6BgdN2@CJt%(1D2U(IUFVwOCSe5);0{d~*Q$HMQIn%0EWOw?a2IX2Y{YquPt zXInGhOW$g&arGUNy@-%MB{A-iptgm^&$W%L9vifJjMI8CRqM1<7h1H=w6`H_m04F| z7T@mYi)^@9;&dx;t86i)Tn~ByZn7bk>@8xJMNOAEu$)Dgt#PF^w1-;g79O`=x>;|H z48Y3CPwVu>9Pk8C%Hb^>9Fd3Ist(%kt8;THa<}OW3MUQNo+Ys+eVS7vS0vMVX@rIR z!PQz^DV=gP&}CZcaV}jce_Foe@xk>&6o&NXl#v+;@dUr*J_?N=X>7K}W3ER+^Hv(- zA)KZ02|tPTaVL6>Iipk^U981Zw&LVhVb)hSszTG(G_hCoh3>4W6m-OQFPG5z#E>Wv z^B07f!w`ICQroS}d(7PXk9k_||E+#3=MYVB%={G$0n7aVgQHUZ-~Pei;L-p8AWtj* ze?ICIBZ82t4cQzSc;Bd=hn8BC+ zw2}YWO$}>?fi02$`+LU+CHcSqX#ahnr=9$FuDMx3uxGV0`QF-ro89kWP&mV5lMtT$ zF6{8vfK;%H+|$C78yIWvBk~#-q^>jTdg|t$)fc7J$djLCAJWN%KF;1<(8>t)>${iV zm*Z8VpR+qHGE>*KPh%em*sigx?c{HrgZ68`uhc&m#73^pFI(jDWwicou?oy}q671u z-A9a|GvgoE@c-ne#rn^#@x8|X4UV5y@;{FbpFXbt5Am#XquHjy_SiLk@UXpVfL)tq zQue;EKwheAquk|tozS~#V4Wt3eyZ_80+Fx~cUQa@D%(^RadII9)W3E@qh5SpY9IQt zjb1R)|K`3`mC}p7V3Y?d;pp=FbnJu%txm}ZN0*~?JjU!&-K1V5XgRL1?s`LIb=Z|d z@?Q~kwee-RrTo9w_@Bdrql)}LK6;e@5Am!i|CI$Wmkuy|=3Z-^e<<9coXuY?g(}x6 z>(^(LitI|!O~(kaYy7!FgNjWrjR;z)6L4=)I2EkFgy5UDku6Q@MQun3i37qGM!2{P z-w?Tymso(7Sz>DesPnK0jZ2>wM(mW7pSA%!06ZOOh|Lhb@HnT&7?kp8E)3Ub#U~oK zOftP^&+Reb#g=PXU`e3L0?umNY%SwhNA3_lRl`~~5T?WOw8z#_MfK84EhvHt6kfW) zRl{d+Cks(ExT>a+KT!nNh9imAT@JsX0HSgiHXb)r$FE;{xKM>C_Z1~nZs_j8L1l>d z8xwR_eQKwNfICT@*-z|w=Fv_n?@w#Pvzpp6JS8jH5q^4uxzUKsJH)Z@!oKgO#LG&^8eHo@- zniJ+fDfPXr{&yD#&{F@;Ugi9^4|ARc6(Esl4liC05iQ7#`e6GyxnoZYQsoRT) z3-{?YYNFwT%Rfb&D z?wT{;OHEe4`|AE>Ihz_fb02P}1=HtG;DBl()IGYQ8k*dQQ>p>>y}PG2q#8fwtpC@# zcosfw_WzWwoB5}oCHw!UgTw0iZwHU}KRw9PD*sP%fRp*1ZQ9=CDd6`P{n=JjN*v3H zhTEA{?uNtxz2Psls?Y_`#0E)y_(ZB!*&?aixFNCjLl})IVRTGF{Xqh9)M-`yRWX53 zK7loaxLTLH`PEO+ys)SwG;Emjr)M|F>)*+#Hx8=nmw8at;)^=#>j*cAu=uze{GPkR z7h$1aMzbp@J=ynJs^$q$7rt+TeFa*k?KtjPkKO3nsZC;7mUP{r8k1Eg7RDRu^D0eu`Rk8uuUUd%*ZL!E__;w zXc5rH(M&@@LK5Rk?TRlVTKu>i)eGNxnT)v_4TD zWngO{-I#w4g&g$S>HXRwqH4CE;^iFm&BAUl(0$HT^bS{BZ+aOmn>zLLu}gJa85CGEfc3)tEzin>;~6?Z@=l5ubaH`}j0J&Gw&!uXWf%&9m(MhlAr%{Kw#U zZ}0K^rw4gHeJUS0x6r?`5mUE>S(Y0`gZ9FBs;pdg#!w*!qwacr*`iZO3%$(qxu|4g z#MT|dmaSg8#IBxLi+xbaC|PLAueHX%O}S8}^mjCtt<{_Svr_sUiYM67v?3A@op9+0 zeH_B^(b2)tQX~Ey;4X9>6uiie;lJo0`1I+~-e3PT%YWnO-@qEMO#bg34a)NW`0z3R z<3XN9p8onQj%HamPQ$Qp_S^areIv3}2VOl7Q!X%jecEw?WHO;Y6(X^z2A*$=Y9z9s zdf!~L_f04hjtia@O=}9aeCtH{AU46`RF#yUb91twJ`IO(@%*&o?(I#XVq_yq5_LkG zQTPe%w-}w$seDx!B<2Feetk&aqu~6{e3r`pw=^b_eeSRfER+Aod*$n=jNhP$hnM{sgv~ZvU{h{fwQ?tHV+VAKLB|LyF+o^tnZ>BAhyG>rooK7)Yx!ui0lupcvl zh(8J(ODW4svZFs6pfH)DLI33p$11Q4v#tqEx--llC|?C+BOF7FS0TOG2%z^$yxk4d z-H~}?gFWs7q^T>)0|?%8l%Np_i6EGJC#SE?V#}S9WDHZp|B2_e&Fw5$(%UiR{-=ai zp@>|%9C$X;rS6x;>Z{8q@D=_@xKIa>8khx)w()OS5!JN-pIW4v1lh z25W1?m0gS^S{0P zUw<30Z2y0FSlRy{9zN#(Jjk=PQoN=uO&M%Y5kF7IWAYKYPRdWaw4Orc)|o(C#ksWr z)hOixVk#8NtNlG!tqtLu{x=f)Zyc1r$!CzWSKs=w_wAc{TFn21CwG$p%jW-a_57dx zgU9~JwN3@VrK=m%X7l0kFi|3y~X0>OA;;R`R`3}7?DX# z8QxeMOYQ&r$0hsU;o;Gv{qI4ZEjUF&U>0)_6!gHu%@oHlN=c~n&;IOuFaj3-K%z;>b%46#|C|DPQX-pAn_ zXsl{Vlpw(jLK0)IG?SXgz=6yA)>GTuhH*#qu*Iy{olTr zPWtkH_9vgk{T$E;`BLJINr-u8*W))yXV)8{>&~txqNKC?|97_FC&UO%IlO-Hl6Sm> z(Og#fh{@U?o+@}HVfA(43{wdG@vzI3?-oEsrV1sQep8xyD$A_i!p9crW z`+JY`{~?~v7MOiLSZ5hLm#bQ*^P&9Vm+h$#2_N?R6C$SRNX2?M8~=XU?Y0ANQH&-y z03XMKp^*HJ1AB!p_%uprjALO^$O09Ho+q<`4M+nT+x6S)bhfrYg#TZ_hMmsU)zt{` zY3D1Ds}?YvP(VQd4o*ET)Us_c&qLmNYVj@_hkP0pfTfAlfbA>0Rj-1t^jxB*P< zMuXIsGOyFQaFhm01s4n@91vure!o7c1Du3(9!YxASi;Oxf;6;3?>$0yGNmZx+NOZv z!w)!&^2TMiJwDyBYXC%QJk2niGOTuEoCwT2ogU;Z!od6PTP@kY#{x-}irXwiLl?)E zfi25j(4sv=QA$CPKba0mRNfT0isn7@;;PCD7D}(D3g=~48N4lJwdwrGFZ9j8kWG9j zy!&N)tMGdVI9BYe+$&rGOAtd57MRJONPv%G7~u>y4j@RCInIoWZcH)4k1=Uth17oP z2ROt+tLyH#J3L=y0aGV0u7}m7A;S@!Nm7SlfmT*9aX_3?pCDn?l$5b~7WIFCpFC(uMR1PWWSbZ+Dr-Oi)V#2baoay~mr*jLn/n|GA+S zzzfWMM%3Y!4HaJ)4DR;ac5b1!`U7j#QWe*$S9v7jS1N_u$?(2v(P7Cb+6tvp&cR6# zUtIBOGWD6SD~4E4r+MT*Oc zCW);T;;+Z=s5oVq<5;YXy+T~BN$+QvF%saGkZ!?N(90hk14@!s6|e3_Y70jqZo{@# zK;A)I)^3meMiI}##@b_EqPRX%@4*qj$%0H}`>o*KLVg6GpgQgW#*|q_|9z(CpS`$0 z#N9~3);zB7HdLW0_MllX0jO%dQ}JkZ6|V$K+fJo6h&xuwRy_VTO?jl zCxZ8l1vQ~T&z=_AGw*h+dhQvD8s&Ba6ipbR>g?pNa$Dr?oV-$hByGZHFFW) z9K{nF=+u%`Sj8ajtL?A}V^m8_Wv`ORzT6AqP9%1FRxyaXVcpBo-aN(6i?<0Z*VDlj z`lgn8297J+O?PsSHo7`l%PA59T_*P}YO9)3>#zY4@rETexpbVtmILwcAeTBovs% z%10Q^p8$e?oxFXc+;7@=$P?_7F){6Hqn09Z$YDcQ@m{I;9t-1Nusse6gM7wU@m5+05uyQN^~Er??K=R-WR`@vXi4GkCp}C30+wm6kHbEnKNEqqRKQi?Ch9 z60NZm;TEq@gChU3p z-u|6Ap$^*yc32HthaGO=>Q@p)B$#s==NBaRm;$hhOsK=QfgRdnTVaRIaf12xbmmJ1 z%R|18Ie#ma)(X%Z+XORCxWKWG4G)8^2$52ED;2LkoM9CFEVc0Wv5!~rjxEAAvn_ho zpXhNx8Jgg$#n^K4d*j-A3s?Jte~|S|s*A8SsMUI_7h|g{`m$mTw%u-bP5bZd{UsEX zS){kjG=?d?k&vyS zeT;9Xv*M&BydiCdm&s#dh4Z`?Ry{lIJQF|e?RT-n0V}D!cbr$*PWo~ z*}&UB`nJGOLo}>~sM;ON@Y&*zf=^Z>yPG5VS&WU6hhItx_ zC$PI~5;W6AUEAG-ZOU}&#F$||&CJqj@G6wB!@2Xs@SJ23{4v44z=3Qa!Ay=IpcqKp zOG4yZ46vR`*(}rXVvT9CSL$R7K{Fp383Pe8MO>4^`hCKAR#5qKJ?)2jM+F}4?sonL zuM1hL#>e#pP(06lM`MD+K>OitP&NKtmOVW`bz;@3!$M*hqnV`TIOlQQI}LugsIyh9 z$7)(x(#<8K+o@E?qBb2@p(6)dW$exf0t8pe-(Wyp!8V@ZSdvpV5TQ6lVK@gr#3+U| z$ve3tnTQB&rwp;p9R5N3GweAYfMCSvHI9J`B(Ne_DS(fs{!|lpoH8M$u7aV3n)1l1 zCSoe!hO%qeHVE59h^r^1E<6D&d~e5-l*(vjG6XnGumCPn|2j)pR+v4pZabgGa*8Mv z?J^+eq$6-LVko$U9&1Z4_d1;)6B&pnf}dxRH!tQIBhJkCx`$>f8YlqzFNmXLf>mS87=Ih9+C#@-Z*uNU1eNEryDjvILeG-#~pY)vAh;B%BuuoC_2O zhy`4)5m|h3PpyZJ8#-V6)VkNO&RLOZ5~I`+Z`QlUv)^jzj^j+AnnT~@`k5`I`jtt# z(J$NK6a$V0VHpFJP_hl=sMR-l_Ch7TeK2jqtB~HTtN-{c;Mw5@&gplTVxC~$-+>;S z6cCf_j#L!)_LXx4)zyv`G5T6(4ma|L>bj$vWD}@J2BUnrjYKB2Ih%<_rYU=UZlg!s zb)n{QQ!aJ%VNjc-j~)Y^iI14+%l3VR#}8Bd5Q<=E+_6cjWS z5bM({bcBcsdNQFoel{0L3>f)SryEjWsaLWsHToNy6P3wOo&>9Ne~!1RL=+93fl?jV zAlp{?HLhXQJ8`J$tBH-`a&1#1oR9DFO-8=3WLl0|T%6rT_Q9MNprqlsicbtmF&XDH zDro2d;ewG-s`Z_aD*pPFrYuHb;DOXqDGPKncD(eupht0v;YvqB2Ikt%E5)g5fYmgU z#U8@-0BTafJ>ZJq+AKzfGXw8Dj13qgsY=2 z3PEP@<0y?qY6~jduJk>)4i+B3g`8Ugvq(-awT@Rh$I=+Cd?cWch2J+{`x(XLXu&N^ z7*3$~68`t!TYo>-hA6lNKNZjmy3e}M8}DC%8fGOyR8z|7ElECxtIVDyt|Unq7AcEy z(125}#?KWxW%B#!=y51u23py5sE*>QmGx+v<~`IK6T!R*(s?=I5EXK z2(Mb@2~a67Z-|LxtHGnwc|BIzsfze9JivWMMmPXvA#l)pQnsn&TKx!viam08+o!Q$ zG=wBXF}ACSinn5zbIo6b^AxMy-IW>JXAXH|fC4wjc{-w0=&_5CKP55N1W_Q$BcOP* i+U3t}ntFU5pU3C%d3^5i`M&`G0RR8+w6FUBZ~*{Igi6x@ literal 0 HcmV?d00001 diff --git a/assets/rancher-monitoring-crd/rancher-monitoring-crd-102.0.3+up40.1.2.tgz b/assets/rancher-monitoring-crd/rancher-monitoring-crd-102.0.3+up40.1.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4e5d784009e3b10be91aee4ca85d8fbd3ed38348 GIT binary patch literal 387151 zcma&NV{~L~(>5Gi9ox2TCllMYZEIp%6Wg9(GO?|RZQIG4xvqP?@ALfmzI(6LmEK41 zLTBx>`lzaX5=23v0{uNcseotJy}&bm(Ba5xfyc)RaWHMlktSOHWctuo0Ydz1~#GlQwFq-4(rw_Zkd zIHXJ`5MDs6rsNN~zA?UCzKNGxvm6Z!7MV^(Z6|yEs1Y^vYbRmCDZgpck(t7|3L{}h z$%6$$yoZ!&=N)2qkK_puUcU}`0s;2Vi_1%fkB-m1Z47^IkGH*J40!_o>!XoffpY?0 z&zpfHf&6#2&JGl%^17$F56Euodgn(lMq?dAF|MTVI8fjk+u`zIz-rXQBBPHW#He`6 z$oRyqYF1gYmYB$H;p{1rBWAWJVaCKLxbY$;-LwqcTxpU0%~R0G0NN2jfgdRKbp{*` z!v4gJv#+>G5Ob?x=I&tupd6*B&ZUsjevAtKd+O5L*GALKDROIJ_R6n z1*e8FOB00MMsZrg^ica^Adjr1$qJAS@8SwErXY>!jjB+gXVS$*IXuLJpkRZ{G!%Fv z!$l(t0YcEJi6P<412fsBAXLZ{05wqr4t8PI$xCh0aQ4|QfHe8dsh8-#l=He?KzF2>&K zMHNa0Ep9&(yt8PC2x)a*I4Lm$-6v{JkzJLy9aW+z$xe3Ta#NP#q zNOqcPw>Qh32;g%8iXI+0vEc@yEZ%b&B0QX_Rg%ba4b6)0RRsFHW63;~@v1K+V(1Al zam3W6q*ZrOj-f5!8S$+Qbuc9sw?9^EueO#7dp;juZq@simJbCkeLj}Su`k*r5(q!# z$_a^9=+PU{zhmPq-inCGCVQGVqnM(a>yq{)7ft{&6b31?@^EC%PhQVCSVb>4c{DYN zy*P30{F-}apD@TM6Z8puniH7CNQxwA6abk>p&)<*Oo+Erf2m32suF$scXGxoB-Uh@ zN)-gqNnxwSciY=NIWBlT#Yh z8~CE{4&FHXF8Q_H;&Bf%lauONLuTTFtCQ5&Nl4c!8Ivb+X)hhmDYnn4)Gm1fapfQW zGwV~-49~cDN9r~vZH@dL(3FTc?a@$D4NH8YiAR&)LNvpZ(@zPmz?98~Fo?>t3cu^y zhGZwyu8EGYLWL*qvPK@5o{`<)pdVgNEWGC{e|$#8@y{bzq#sQ%J!N!iS)*Aw${9NueU{yV#FD-yaZ3x2b?yd4ATs)5wy8 zeD8lJ^FWPpaOirwBP0bVn#5m)L)=b?uo4^75C48M;}+ps6+4jc1Cf*zetg873lG6z zCJHQ}StU;$yfLsm!exZt-?qR*4ryr3oDv!ccllaC%6q$?fOb(`Y3aP3tk(wH85PP1NQFos`jyYI1G~CO7yhKd%Q}alS(Latkv_#FxdKM5Z z-DRnnWb2YiSpnybWr9WgrVl^85#GSZRqew8MeYAleTN~eMX5pcmXSKranz_ky}blw zi`ZQVNa*X9@Ck{oDWHgojZpFS|7bL9%i>Y(rE8dKY7%%`f%>q$?Ve&*5nWEpbGM-N zctgaM;IUxQPRZi2P@bAPAXeiRuhq*37RmZyyHtjD5Gvj%NH$?qhOx_-wNG$P>TiDV z^u9Pr?)BbY1d~iOBXe+Cy~)lNG$C@gYDSkR+lsK+z4>AV{k`yM360W?p6A)>^In1G zoXL)&m7}M_g2j92fXM4U3-4B>iHqmYnpoCBPu;u*HT{)ns{%2bK4!&ul!x%2ndf8q zIQpnd>0H?uwg?Bo5?+{y>7!=p((Z#o{{%tXU;dvTuIEs($Fu5chg{N$!(|dBt6D^K z5O+wv4_VJI?`G@CCMYjgQwpom(%4QMtSYa$h#3F^U?3OARIhuywv~2xy-`;q8AWMwG3Mh_Y@ueyz%4l4t;X-{ljx_J4p18rN2KTW&t=^Iw+i|$T2EPpritQE2KTbtf!w+U>1f>kAyB9Cib zmI3LIcOqFPAtQd0U?x+}f^Ot%DogrDK^RYq3GHq)i>42KnPPT^XgB>*{>LQyI1K1h zmE@UAipv!jmmzt6DZKZLi&x#bne&jmo&dS@gR|($p7c`MH!bH-$`9*5BvG+q{LQN4H`7?7vA>c=NPSFDvOx=$G8!Sg_pGG0U+I*ku{w`MoNyWFD zLvaS5{&19+{wxces><|7wTsQ3?-(dC$_@}XQm#EDJ7YN63#;cc!#Gi_v(&$VOk*W( z)1Q+%RYNlR&?GV=ZjyP?fE}xYRH*UI^)n3!aqb!dr=!CYctvYls;oV%F>GbSXFoA- zzxmg}oGzX|P_~Mai(n*2%Ji!VQF}F;u48G}()4Fs_Kjb0$WkVhB#?aTtE^T@98C)I zT&ZD0)Raolx-Oia0V1$ZH#+N-W60NjP zZ{pWKFG2_>@-C&S-CkNIijtDcY?m3hdd^{#tCT#azN0rvEptXv@rXkHyhqt>{eEB@zZ81KMj3~F#!L#| zzCiYUa}r^N!?6zWMKTj|Kj6$t<$31097Wjai7(Znkvifb)g=CY1t;2AhNQ`pjZD(e zP&jxEEg&8RhmLoE#fTn^K3_=Uu=M8xo9Ll9Yks`6EGu_6Z(2BWQHe@{;8+1IHz9zR zP}Ew!Z^DQWx6=CM&3nqf@1vWO%j;ps1oQi;hs4l_|C__}$0hKSKR*JmMf17h zRDL|<&HaN)xhVd{x#}gt@#X_+>XOsc6Kt>0^=qyxBAio)&vlg0h;iNHZ&5l#bcCpzrS=^73xkW$I+O?4=uEp!v$5LxcECPP)oVBB;c|-Y_>3_`MG@tdMs@QjI+#PubrM8e zxN91)<}f8z9Gpp%>ZY?lscuUPm}W#&I3OP;_avQ|gx|sdM5U}FgDeHc$m7A`e;C@D zSTn=H44Vpc`Cu@+G7>52&7LRh%A38#NOk8;$IZX$6SD|)jCoD0+gq2K)}d5k4zPEc zlu?*yqhXy|*uoN0RvmdGnT&zwiNQfCkxgqaG{kEkj0w+7+wN&y`yp{|OE(3dBuAtu zRf3}(OT&CjLd~J zh9)M2=mUEvkhcx1846JN7k@HJ>CZqC;$-I*&CS@)>fh||p9Y^>#~5)KQ~m^e?;vMi zY!p$Uq#eqKrRn4w^#m?WZ}N-@a*uIA32933nU&|cd*l0d62o^$?>)NMr11G>rl?92 z5-=Sk`g?6ZOD)51{0|UxH9L8FFj{m}<|w@~jBk|12?ssco);UN z1b$pT76`SrHYaE?5h|Q=2!L<0dVtf{no}9uR_CGn{@jpx4krX>2^uw%UU0h3YBo?? zzj_iUm4f}YaJR@Z6#-UO4>{dzS>$36iRSlu$2w*Dc`SNQKS$i?b68T-B-Y-7i(~i@ zliw&#;ZAA(7Kptj>{Oa(Q)fUDBdFTlO|U1LB&=?d)UWCxFobN>dKlq3!Z4 z#4689(F1h0gRnu-c8!>k63uRX4kpg(8Z2Cc&ZOafu+o~)KgPI1^&E_0#&g1%5a*FmX9=HYgx5?vjn{xM=jD>%|AK=`@JiVrwSZjS)?7B+Xpyb|tLoS`0FiUK@W<<_7pE0nhG{ zg*Jr;6Q^bF(G2eX>JAHy)VB!i#UvHx8WBh&`+4ewn^!6i^StR z0<|~WaBBwrD_2u3n&OY2?^BCIe%wO1< znG~}@nhf^>bdx1q1+5}T)=Bf(l?Df?+52IW^v%k10cgu>v=2>#cayZv);1@tg%Nf z@zEQTm}QXw><3yK8B$jG$>k({c9f-3PZt!hc)NNW#LvGnZ*UqF$JsC^Y3a0Q2Lf2T z>bidtAJ3a8-<@lAO9SeeZOI8OOh+VK*uy*(I-OEBA{FtZ!Bmr8 zz_rb~O~jjE2V-hk24=4l+k)7NHvl*U^w{#%m0!Nd{Y>HaL%C%8u{@)~Lbhmij>Pv(>(nX9 zY{pn@52j#f_(-Nd8Vb8~COxxIjN(T%s#VE4Z!ud&oop}dw?wrJP-F;FnGG;f8Gj|A z-hdEIuQ5o;bTzPvIIEuyV#ZFRr~nq+=XPK{THeDoM)KwO`sA4SEpoWuH9^>!&Oe(9 z@;3#+T-6kW!S?g{^oyC8Toz*KcBvl;xfsO7S76jUa8N4Z?Sr;+ScZ@!bp^CA1jnRR z&QUZ)giTMX1?ZeubUrNMjk=iSAJPB`o@usKkhaT2emA`R&d*M7K`aYpW(!D{j-%UHF@4qo=N`D@Fc`Zi8_g zRC(XshJ<3d!sgumM%`^?mD?4$E33pAjYkT>2Y$IE zDj0>&k|mNT*DJ+?trVEQpaW2J`j?%neot2ZS4a1gliQW=Jt&Xo=9ev> z&sW#mAAX0(BEG3uqkHSp#*P_$88KlwTQ?pad7_VYvP7+vP_G~N7R*0^wLPl%#WB&iE?q+-bDtA#G0Gu=#SdLS72+das4RDgqGy1Mv}Xt zxV%f1h&R{c;{nfdvdTo8G2p%w_0j`!;fHd9o-H4I{n2VxFIAKNM-L0d<=yQut{J>DHxHFwuJpJ;I((D_Kht#C z7VR7}Mo&yc%{xV-Elots-`2=93FPmB7xI1#CWZ6MB_;*s;daE#F+7)=p{|Azcs&Fv zv+==0E2~VrmPM{ayT)aB3n!*;LBz=UTOaELD=#Q{#1?mM7xbOhiRO=K6V9+@tb)?J zhYmeM;4RkRt^Mhm{f0zBIzAgWNAKS;6V}8_4bom`19NmUO=<&%z|IzTL`nRW0byr7 z?*LxMa&Ie#{rVEW$nj3W7be1Up(wW3+cJ2x0MN3-<7T0GJB*%r3*CtiJ{XUnCr~1Foog zpyToP+b)xwI>V2z|CNN{(axfh)SzXEjcl4Bm4@dM*tlEPHB>R{TgiJF!aa_qU05xb zO?5y;pkW-&w5%H~JK51}4LCiLs@dl2)0mQ_kyUlou^PGWRIyKNNIVz%Nx|G)(e&8} z!f!9E{p*35sGcZud2aDRBg^ebHlNz4YFCE=uU|`nsBJsMKT|?f^Ht5KK4wx{++QfNY3QT02RczPT(9iT}W)VLrs_FJWW*g0|X9~gQ zxWCoGFqn%%VYjmaVGWALW9^qm9~_W(D_f7XC_rjqn@g>_xHL?U6`lcVl;>c1CVgLLf*A#B_WIIX zaOOthPAPK}DR=mmhm*ghFmYN>#T_o27LH-4AC?Hi94o~6JV!NUP{l1WV)eWohn!ki74(7_-8=i&2Ix6Xf~6Svnwg1O+ZiS-R;7m3#(~2ETtf zZ}lSe7}krK%SW4tn8J-^6#DMns)VR`sYmQDJ1AT|ki9zWM_Ta9D-vA5yES!Mu44&@ z?&S&H3F0Hw39)Ffiyiqn>HhZOq3@9SpY+rtckn2m;TwyMj75gFA%VQ80dmEy6)ofy+qbi3H z#BZ~}iI$-5z6J^Vz@eI9WA9EmnlWp|PTNVGN}o7O+ma|TpoI=}!TTB_R1;y8HT?{r z3XZZ3-7i_EY0zj3RM84a=B{{OGLA|}nzqFH90A3Bfn#|$p3*ZidSbzEISC2nlv2Qr z2%|9dvz^@ehes2cQrf=6h}kskxm`NkM#C;T$*<`XMg1~?sp~YfR$>Z23@k_3dZS?; zJ-GWHg?`NW`e*6gO3jJ1M--56rU3+>mjkZ?A(yLpk&Pb-$pX^IR&q=%Z<{jm_&qaO zOZS}_^IY^5_E!;nC2mAEslW{m+XYcO)|~BnA}1{=$n7Red0{`TelWjWCYxXlJI*Jo z4uBV;K^KxxUv+w!l6ZUBWE$fSiSZRPcJoIxV&+q|sQPn1{944g@o~l4Wc1aaim49ym@dY; z?+S{SwUd~Nos^Hc0Ch*=2D%{pjR)2ie06<6NP0IEb;zf=^Hq{LS5v0dxAfX7q8Q=9 zb-bDRBmY42PiEH6pxj|oEM~NwG*lOvN%%>c2VQ`wNLH85upwNRNCxl`@1sZOb8E$+ z#iK7;=uUIUB7|&{orZFMU>CYf24cu5s{74?@N%o#q1lQpGgF1m zu|i3?Hnnqtxh$P`Y12pw^xX`x^G~XFL$jgNZ69f9fsK*udg=|gtHCV5|JQ>glF+zn zdMa3j>XGHR2ltG$32I~|;7t!|ixM?fc$=~bev5KGI57^>u7LX+qe-2E#u1FV3cVSQ zjmTYev?I1BfevNtFES0JdTX&PSup%9m6cHqVGsH+J=nG($vEb~Rb`%GaMz1VYvgPE zb!`O@>dYaeoY430eg>mdnD2y^E7sqqHcMl@2X;`-a8=mzO(Gybm6p-H36eom;JS$ddy1^7C|>vj$QOZUDfcc651w zcXWw17C=9)u4|0(#oi8rLR5}S7m|kj)qUGl3Tj!e_#s(R<2oV}Q^~z4ACJzpNtxeH zyZU}N4}1J+9Ab#O6M5D&JSL^!fyF~X^Z3eXerS^A>@))&bfn{uOeEXbk&_bu3p3}b+5BfbK*r#poy*uAnPvKxN8 zs@GuyjF{rwG0){DE%wZpoA3M|{9xnw>At|N{bvm7nnS;jF}C}-e5aPQ&Nr5H!?oaI zLveN%y{?*pv)PWj!?!RYV;#3JOX0ULhrVtAkGkCA2!SCG_f7HofWG(@Pl3ycOD~3o z(I6%jWU&w~lO8Ff6N*(UutC@Zse!KrV{gp;Rqt=+m)%0F99Baza!7l*RLbAAE}a*` zc}-<*q9t}VU+l&ip+Wi{V`n?2qZ^y`XJYi`w#IoOND!3z9GKkOos@4O+z{!NP6+_s z&O2`xiLE*zO>&nSTNgXJbH$)ihqb6h>oB1@?7p{41O|~2cSNE-;Wt;Gs6j}yf70|M zApA3k5P@3&(o$B3{*=W!w;oQ z9loFzcZ7@~gW?IQBl#-|VaN!Y9kTrcVVi^#V5hi_22AZKjML2f(j_A(@CsFBA1#p! zsc+Qs!w2U}#Kj=v9uye|Kp-Q-V`IJD(j6C~YIwcI_w5#@YD42i73g2~i}>8*^1{a@ zO_)Wps3DKCJ5KM(8|^TR2ZHi$gLPd#958YOR>ThD+$Y%HZz-&g(+QckX-Ny@Yfh`4 z#INgKEnbT`q>Dud+mlq)X`FRTRFa+450hOl$zvI5W~~a-#)mgKSbZ9!HjZLG#c_b` z8+du`xtZh~Q%ids&s|FsfqAEwRnUid#>X(nG^C{N)BwzecCu&yqF9CfVd!bbK#H0Z`v(M%fqwH>=~Nb0hQO z#y`;^mjI?qnpG_ql_krQZklk_VtUkTI(Zdg?Ijgb*zmp5hFu-)cr8)7nsII^dj^M`Zmz#s7?U+wG%GkFxmix|epDGB*XGOV1W|~FlxNl| zNuKKnywR%OYL^wI?mkc!FES@{Wo|<*Dvd!}@eRxeL5=a_9F4YJ)g^n6mScHQB`&u| zE@?a(5YVTX@)FrhoXsZA*1jpQNa*u$AbMmwEZW!A$Yh#qBTu#+I-9ZMCkZ-Ze?6Gu za_m9Aj+}NS&hk zG|`tVdk3YRYge!vVRklg+edx5}K z1ot-SCR79R#=Jy$o^y1xdomNuFUm25-&|~Z%VgX>rQ3I6FMgT~F1QTr@32-+Jx;0l z=*>M>Q3f{QCGtb4M)b$F_>xk`b|!~~_NtKoXwhrOVwv*@H_({DVj`>TL^myANEg!Z zmdY$A+}-dU+x7PA^!PxFl&xvW77b}OLe;V6o2m@{x~;7*(@=#j?Q|mv<+<# z%2k$2n_SBv(4J$6izg)KNMtbMsjY~nDl_7E$Zcd*rJs6zd(Vb7K zEOH76(05#exefBGghoZK%-M1DFT2|1fPvc~HJ&xibzE<6FDpU?y@ zARd^g5z3#Ch=qi2%u~Nz!mgNKYsFQn_Sh*mHFf!2bV6lGaDp2~vBat3@j%*@a=o!t zF|0vY%^GdA({?q$&j29(7^DjHjkCR#d7Tv=g0e&M=RJy-T!V`E57Eov!^2lABCS?nGvm@H$^RFX zFT%GUrNvW@$Bnf94DP?4ZSZ)!D|Yy`d6bQ5ZWB_LijjT&?{|J4EK7x0E-kCIRt~2L zh|IKz2Nc*UG*#me&Vvf`y#WdHeZ7fnapeg63&TgY1nxn85v5O*q&I~oTfo1}2oCqB zFf^*|DIrc|i_lDq+n0$PAhFdvi&bL5nHE33e{?563Bi*w1l8g}2x*{-0@^7eg#H0w z%3y#R8GzFHzA(gW{KytIp#QAc-%N6$$doH;K&ZCC1-7dH23Ae=xu$K}4Ulj#;uXKA z+rBP^gZBqA`;1`rW@J4nZ$Ax#_{YzGR_xcZ#mCIE(4GpTC$NgsDKcj}R#{4H;{qf< z%8>eA;4h0cWD9VPag2wr^g;W^8|p!(1X0d>@4tM8-!T?DtA6JtY1A#7E%8kHnlW7L zjQV>%eNiCl2uySk`TX#$Nr!5QS1nQ}bT`_$*LbWaezf*2s#B4|#i;Z-SkAEp&|q=m z4033UQIqVW^vn44JyA7ZR>xQ`A{gvMA9!0SI%@}Ps;F*IW5#_}3-gHF+tRW~wF9Ap z?Pdo;l<}607m^^EG8IvmNc(KkgwvV7E$|g#)v#Q(jZ~LW%rf*@1O+;tZ7JV=PV~oDr`=74Y2-1)6C0#NsqftFS=RZg`AoVh^Sha= zIrBwW6#D{(+_ZA|+3HkFo0&-n{w#eOaT!pcX`Oj>8YEK}ANH3DDr8510=)75+;ep? z7t$LMlsfi_JB#|7SNMczkM6pA7)2t5ie>^yag#h-?SqhMP+}JW&}VQ%RZig3 zl#bQmbx?2>EFEGFpvJ7-<1wxAdhfMAWx*R7w?kROEgWodmCUqIW26o%3S`oV&`|dxE7(i6Y-u~KZ0I1PS>(z&pOhXqIeE%!Wg)5kwFfDhp$j@!-0 z-5tH@&H_E1m!MU;lZI+|UO4k})H`3>NuyaWjt1eeWVyQ8m-@W9hC1FJ-*Ewx3)6w9 zxPU02SSSZk+FpWwK%hcEp+!jWX^qWrt}==YlW~zfo6Tc#F34{E1huhxHl%KY5#B&! zvnsk{eQG{tM}jUQbK@ibZxlnonyN$yn_<>FQrOFV8e9Vetxs|)CVZ-KEtI7 zwGQzXGa1UvOX4%UcQd3THaSfTlA!Yak5p=J7!p+C=+dO}sdJc#@G==@PH4_FVEi>H}wjxn-AW{rCGEF8jG__6czNg^!2uBSYvT zz^RRC`<h_S7wHwe1dU&Ii3?RwsmrMWZ@&P5Xc?0iV(gNMM3pX5i zC-$QJ1xT%H{=-Qc4*qhIPOtyXNp4QS1wCCUYxThYiC{HT*z;cQE6D$vlZ;lj{sHeHBFe!wxU9sIS8Iv+L6T}6a?W{lG098yE$y2maLV0t?+mAG=5WrIKN->vi9}UL`gN{hKAZIav{7Xp#Nz^F=`w#F;zCM?< z*+7W@(}_Y@&qd0v5B7ChJM@pPH;_)!9Y`COGSFIfpmpNo-VNM80J$cx!2>u@it5WE%s*CI*+Tmda=v1`jQIhHd%UInRVn(=Y)RS| z!QdW0hW7-KtP=z*`xlJk;~w9utb0muld{_bGqV1k23l@}bN}`bkUt}dhKc?6(){iJ z@YgVLK2`Vi>3{s-_Qn#PLH!lOprEAem&?|-$%VoB)YvF5tDx@w6JHDo+C z%=^*V#n<8C_$s-lrARDsMBI~9CCH(q1uVpp;by4ra8LVD-$b#vvG93)tCj?#Q$|?W z52;|dR!476P8NiVQ(38wjci^t8=D&?>V4_cX4HA}du9eQ76od@rMcTVwZ}9zN>%n< zn7!A62X~3>?`Edbw2^gZq5G)Oz_7ZQ#wH)zjNM3cFjZ;3o)4Ps2R*56z-)`%xF2q_ zW~O`FDr8V?JU5#$nO@8hO#M8J>B_W?qY056Y+gf(a$F$buefbc#T@@-pLz$cwO9jXR?Gk5KNjX&jD ztt&*N&k&EhZ^y@jhJoVkT9S0d_#K-0_(#!uFRw}}7P_pIiN{In!_NW>K?{_1H78jx zWtogp&Z9YJ`~;Gjj?;&79==kwqPrys`o=@_X5c7?9GIT{k?VmGRVfCK-Q8bFd8qTC zl;Al)(!iA9V|DFHThG`Tndp2rQ{P^}A}L9{U~I#Fai@t$T%t;l4ziBcPI+R@t*cfs zQwYm*AVxk*!VZ)6T8)ckCxyn+PfF{h#Ol$#=rA{>yvV7xN~g8yxV5{qt8#zm&+lQ- zVC>qSg#9t+MgH5<<)x~;@!M-U{;94uJPfQ`xcy$f$qi#IgzMAYST`@%)6I68{4d_8 zovQ&KgEa}fu5%~Dg=jO#!3x+))_~Ioqw4&d3}QeA6mG53$Jr=fhXQDIxv_6#p04V! zRc%OWb61y=#WLYfFN>JVp94-7&l*dMqJ7YKW}*l`)9)BUQZwkWyp)}db5bV6buz%3 zeP43!JxzG4mqOS`gU*fG;Vq3;lYYB#(P1d}*Q5e1>MuVk-PtRS=qvVI=5xMKJ-jEs z#MRbp231^?mONrw`rmi{u)6TXUQwreR3CYtzqV6dQx-rd(a7P~PDwc}ojGoN;4_h5 zK>(PZSiT0v6lXAtt-wBpvV$E}(Mo!|5XBLWwkswKTXS6n^~T2lg%ag6ns5kmVud6< z1BWCDablr{o!P=QHjR1AR3J;c&4yoxT_=+_DfmYFJ2b{5eoy zK+e|-391cB0kc6r?jOZFAW4=(@OaNMpkZDx%YzH48=`*zvl@`!XRttKh+i0J>G$4v zc%UIphiK5hLOCA{Mg;xeh|u!>y0@{02_@nIh7sAo5kTae?P=ZFvU~pj>_dIU1@cw8 z<^wmFV_l@40gDtSP&2Y#e6_4Z`u>wr;9|b&-1dCnf4*V}p3on_Uy%R_@uk~n_}LrJ zpwk5^wnN%m;VbDAC16A}0*n8UzpEnWvyNl`vwyg*qGWSpUgYC44&d|MgF1xt1cRG=bLM%Un zmk*!3#nkTZMsC$jTI?DtQ%LK^U)btu;1WyX>&<}l0U!LF9|+%S&jgQ?*b0d##32t# zqOsyBy3q;c`S(WjLj+`UeX^$~k#>veGz~4+^DA=au#1$gpLiNay^vgzht_%E?DDa@ zM!Tn5)%V=@2L$4u%vbT7e_a*heur(uZQ)qoaQ1eS1b+6EFH%UjsfRuMx|^CHC(D{+O{6yrYIt8KvQfi zR4(->`Mc690oFyr`eU@CQYP8}Ks<8mKK?O~jLs(YBu;S|WEsn6ro%!ym+-6p2^wA{ z?Hw1tR$&2mrwzZ~2k42!#Nse#I{9@;hax;4(aj$|{ghF$c14(1`(Z4M31AicJ53K4 zWR^v?LwP?r9_5bT^6Ynf%2(yZZNHzt(x4J@q2gjK3JaT`<`T5BV5IEHvjO=lL*}Q~ zV~E)P{pc_M2;TebClx3P(*yh45)1qqK-4IJl;`sdf2qb}x8o7Axlnvrkc97o`a0E* z`$zWysLkR4+~F|~sLdM)W8z}u9`qkzrs_YLU;vfp6S29V5&n(9 z&Kl;+5wMcT=6{=6B;nWp+syLU59|NTEMK~fhS8guINNx*znJA1uC%dBnT#xXiOGqY zCbm!M%f8X&A`>^TR^j6&<1E&^vsih`2%KLUu@$!AxC5 z>m&Ve6K>|48L2)rPH$DzeujCY_D}Faoo|b$+3~p|iwR1-_VTnb-gEH`@K%sJ7exBD z3f|_GR|X|~%&N3|`A33hX~n(z&-Y4R_Dn1Tk_Qu!+-bhHU#$so=C=|xojbTiRNgB0xqD0XB4n${J*0%-NqQezgGgxr zN%lejNqJC^4Dv9u?Kco#Zcl|OM>nG3lKJofCnsN0FC2+ zVUTi&0~**sem;dx}9Ez5dT@Ue&6{3s5zxc2SsL2%b8r?Ezm^g{5fyLU_rD0+J8O~s0 zf01Wb5zxPW(EsmLg#;1qOV?aP9i~`Fr5??We$iKWDZpN|5cG*P@r#1%H!Le=1* zL?a^D6d`~>)oRJ|Y4sTGUSvbo65$FVQ8UtpJqCt-w`Rr4#^hr7tmaIf=?frHO^X|| zIw^W>rpDdm^^wUs_NpWs#snD&B^HK~_@Y8d{{aulJ*1rWp57Vw+;4nlS^~(da5%f9 z_YRRw3N>kiW^blAF!3V`U-@(69`>z3t=dII`_Ri`%?I%s z%x!K+lE&4XRY_EE59{DsVrmg)+)W|ErQsZwE{un6;|ZC503sN(NN!T47id35x|MMi z**GjCz`piVN{Q3$q@s0>3~b;GMaaMuGTJn#J02&9+^MHMQhuJ;+c$8)ol@kb^wG}K zG$m^dXcSO&&wN{|;k+K<$Q$;D*ECm&&-bYeBD=V8+Oxw^y- z|KYG1?d@CL1>%7Zbb#n_UI5|#vw1sU&c0EsjM~OCGc3O_hh-SsZs6QbF#Zx?>kkmJ)NYz7`UAwFxUE zr)xF4Is?lx?<`q1{%G&yjv+_7VfwX#R>G;e7dc2em(f`?i>1DYR8Eybxm7>&;*cns zJUs5iWY?eAGv9wC;Uhjx$u@;T+r&+9jdPmVnV)DeXCa(C{;kXG#5Bv&w->2nyp>u7hOh)t4B z*~N|I0^dyaRpZdkj3><|UM$`qR!~_JTSwUBRm&wS@h6QoJ4cYlINXw2mRnoGsqS zy41Z3X)E3hHP7H>cDiE*OX125BRI?3exvOCdRFFv8gHr*aIoyA%7Oy{T!0hfn#}gT z1%AtA&15u`n}!mL(1s!Y+i0{;Ie*hO{hM}= zEia0eq0_E~103~FsX#-*_k z!K!N4!t$9!tp)_m(l}5Sq6J!Iu>d=p7ROevrhzb1%%z`Jtel1gkhV_o={>6Dx>z%4 z9LUCS$oy(su(-R&yi)$%%HTL$Top3Kn$X;AO`&3nE0YyPRcQ6gJRN{n90~gqBM~d& zfiwrM4yr^YL9jUJY&!%2?s(jx-Vm36ICgGNEhebGNE-`bh8Z+dR->?w|K#k&Cy%A; z?rXCiwZI5VQa$I(qF9CiWfavksQ7X^C)d>%@|Dsi>0Yh6El>U=DL?(=}_+ z5)bj8!@umQ&@ydz!+I*}kD?rL#C)1CjNjiXjLSN>e$(PghN`wR#!gJ`CDIZ#A400e zs@cXkpkCudP|g|K#kRzg4o=fwEn2*x0q6Y`6ArJ#w-{)4#U_a^abd1Twbk88!eY%N zuU=GaoCzEfe=O&+tcDvr{u;UBuQbMneAk|J=wW0V8Ur?0f|k+LotNnN{^L3xmkqf= zbi7fg^9b^mJ~;wlDQY6YsN9Pa{dln(-v87I2K}ShtCQgt>Dd_q>tR^Hzd!q3-{~(>q3q66|cFgFUuw+qP}nw#_}ZZQHhO+x8xN z?ws>}=lLUw5<6Yk;p5+*`C zUUc(}T(VZ7Ii5|Xh~#n#bEb7)q9|TlFp-g= zD^dvh?5>UOg0FVDTKADI^DF2g+07RI8MHxlOt+2!tETRQ8{vUYQ1KBUieLlD>n$hwufhGmF!)TBo)t3od*72_UA>DTgmepqHwV)+^6@hsdN4GST3p`#>3+!HV?^kb3jgF-&&zF@&UJa$iB& zGBY#M8b5kzoY zbcN!4qB%fDNA@?+V>Q8KF}6h5lrW_q%qyyK#2q6<=g~rsB#y&6}L)vrYW~N*J0i(WtUL< ze!(>+Le-l#Te^p_h69bA;umJZnVx-Z_g1s|KXIgV(_mqZrqHAV!qZ;k04PbWu@w{7 zg3XRi?%RznuM8P5p7X?!yPa>FJVzTj9@ujBVrqXjB)B1vrBMOADvBFZw1ls!`Fc5z zhh2Yqw&U;Oacjv_TbfI}K%J`Li@EUEm(b3Ci*m%ZlB7_=&{{E0w072#w@chN4iogs zC+NLvGy0%CRg7QDN^vmwW>`HL?)rj`odQ>)h$-M8WWp@-#+La6R(ZZ^^dNgHKZ)#Y z7Gk6(FLQN(#j;^8X827-u3pUyF(v8lGUqB5=mD~x$CN4*kL}@U(jZ;9YywUHHvubi zMPXusvcV+a_3Z5YEFC+QJjyVHBIiCt_HfU=Mg_(ETi(iPP3KJYk|0}T289H5iizPb zvkR-g*b1=rsJ}=z2gAzqA7Zr+Z@VPa31%+95dfzQgdgnw3jT~A_Wx!iuO-Dz2<)Bw z6qEPJ8SYVkeSLjD{q{`t2i7G|#=UKUBrPbE#!bJh>5K->g1pauA|s8F?a2Axr(EDmb~h*a{DZm8<6%buh{_dA0&9p@sMiacG^*kew z);mfdwb@@CvX4ynb-7;Uu?&{j3fr_Lxa1$~g>$#ct}-tZ=Rhhy%5+I(2h*D4V!^yc zW2$<3D4N(Iin6;Rqbjojd(+DW6i*Hl2qlJ z`e2G=lZVVnW@n`LIM(3_#b#5fuM{`=>b`V-l+43s$Z!?mom~Ro`eR4nTkNtB27183KV%4!^|oP z+WlvW?p(r&8-jG6MgCQTJ;P&DALe|qv%?cS(iHK=6nB$WF{OCsAR&rGE%4#>?#}Iz zFA=r~$v~efs1}Cxu`PhsI>6e5KGol9=oUxN|JS1Qsp{%Iu&hsf0k=$|mPWqRdDPYy z1oX0~v6fAOcw|tU@5@;b*pqk?w5CeAw&vP&ot2{3^s~>%T#;N|yEcN| z;~vzK{kVd5u*3uXk_$(QW(dM~}@<)1JAf_0cS=`;o zWP(!p9$I+-?4G@eyQxAQ$2V#fd6X(qD)RnXoiLuUWOph(vg=;Bf}>r=@%A~n`9*p+ zdR}cR^#|Tqx^D^J9xaK(X`kmklUjMghJ$X3R50v>2d4n3aZ>Wnh2B$E#?*-~bkC^d zi^>cr&&ZUPdQ}|Mq3LxyJ?eqqjRqz3Ej!g%r~%-;0ejiWAbqR`?RpM+A&5~t;~*OY z=)1>;`V6kdrVc!lh65%=hOh{IDG6NzZeV@npXcqj3_)yZwANUU#C8V)7%;c^M)nBn z`$*KNbfx|fg2ks{ZC)o9C&%54c=S!pIZ;msbA?ogUe%RG>h9`~8Pp@@e}m4V>I4I= z$FiLZ`^tuVPbL~H7Q;HFEmxiuP}N~hDg#0?uT~N#U)3m;p@I6K6lw^{Ui9|~hI0!m ztI0c5_YbTEyk277zDwR@mz?bv4wlDu4Yj^#ZEwhsw7|9QO{?xPN6C++{&1W^@2_rw zS~Jl%cgOmT394Lx?`v#6tIijV-$;0|i?}Z>D6))PH=oZp?hh1lzP5|NW|I(b+5t}% z9&9yz&%Ci3U(_Y1-rExxQ#4t$a{pY}y>i;!J8#w0c08*tVjWdF-KY<) zhX|e{1e{qd$rN{A2M?--{>t{Q4O(g&kZsJg4IVcl{3JGZqz%G_ll_sR2Cf_81fZ_B z1(1TKW~dwLL#za>8$$i%fB;Bc#hQgbO(yT+9IG-6e@=z4>_S|&!KtFPpO`Q%i?lQg zSGyckv2}M4u5ixRpw6FABzV%Z>Wyp>1zx)rta^&pyk&b7ZaCexl(BdXZG|uK8CH8w zZSjEX%v(l+P2*~f5GmSFKvpANhl-Ya)adu(llP7_H4C$O5Q7;<)a2mTbsbAXw4SL2Ebp7++E+=3E(JuorAP(o3dhP4}<);53 z_|Mo!pt|IK)f%AxTdZ49|5?Bu5dUu(Q~FnT^_=`V0{yR_rr$wK{?dVQ67Y-=D}cs` zRnx@k;i%TqWNRzq33*rXvUMPZGR$k)vUTx~s9RDTh+ap?)&g4NtZP)I`cMmmoBFj` zfz?ErCRkUQN_8L>EPXX+SG(qApB0nkAnDIPxoD#evq@b)o-4NsdKcB!-RXBZ!m*%i3Yl!|NpegE1|1m|O z4*EaSfG@vKF&WEFC^($94}mb66@7kGwF#lNZf*t=+5pJ^b`;&tFDCV>Aa2rUCcLyW z&VfTDTBt+yi-`kKgV0Mc>`TqJXuI<9=Kb#JfyvDd)3~}?yEtL}@n&10n?AC7{qBio8L zw0T>67%o!lqqV1ZAv_1wkgJ4hBzur$b~ zwDxxkF^V+DVdzu+B_h?c-+le;lX|`5-!xP3(zJp_Z_4Ve_pwD5*e-NcQz7`&*qDk! zE5~D{kyxS9hU~Vf1*fmSQQYh*gpsRoF3=3LT;agZ-^>V5p+e+u`J2;rA%$0_ny0y4 zV3`c5?N?sgfY>7Yz59?Dxrjz)rY1HEmpPv_!+eo$Aa5}}ih?squW%Z-Euu^iTpKPN zjt>X{0Tl+JQQ2QndLgr?Jj@UOL>hV7L3uE2Z36Bjmc+;`t3vrWB=Sd!FjR|2rBh-^ zjQzfX+mJ3GT}$(XAW1*Ks30sZovoD{66Ug$(XlcGBAqgM4dS6|`0Z}> zcgKM_((O^>hbMSt(9Dvzum2+9Wi*WQ-)03Qt2xeQNni2M|G4)&UK}^3hMti_>$nst zCpciX4-g3jA-y9ZXdc`aSWO7-(pM#g>{2tmbDnXCao1z6K|VNJ5T9UgONXCV*)_i zjxaA7;*`d(Uj46jtJG_FVKp=( z07u!Y5Bra>Bxi)U=wtg{z3xi6Fx|F8|1W4Aoq&C$puPy;+~4{t{4=if?@_bU*1n0a zHTT%~XS3Ze_14qsrXK6fT$7LbOIy|J=@K=Q`TxHvNo3{kt*@F-gR`Y-4(cRNXIoKs zr-4QNC`;^4j|k!5c2B2|S+LdfSDhG~9_~5VePZFkXWsO^*K`4i;Hn8`{_Z5VVE2(FT#+cy3w`2Tg$Leyn$(!s z%}HjJm>m>BcfxUyrb}q#nL&Ozm}3mcvjk~_rEjq=RA~eJOyr!&FoG=Nzx(zaekKxI4m?oI$@ zJN?E!)6L%&PV%PULMEM9fO71ZMaGvfFy=$|$z8Nq0>cQSLZSOS4OAUr(vG{9^f|rK zicyc^(@?`V$r?1%>ykDN8a`zHKNlc;NIi6}IC==Nq3DptPo*_qM<)%_;Lr4eU#WG<}uyp8|GKTHCfBjzm_ejBL}3>xFM@7nGXe=hUN(_fSDAbAX=mgb8n4GF;=nXPxzLf?`eqY*TN?`<9RzIJ z$d{Cw-x3}a1hIW-s=Ng3;C%cBQMl^obG($(!k zCqd!Dp(;muGQub5_D}`EurivBC$C510u?hdhuPiaxACoc9WCY;ExIL5azDM% zRjU?xrqW#(l&vFVG0!piDJ9cN@{Y6hm`9XTZs(_2DQ63wl0fs=GX2^r)9d5a#N!>k zhgsn5@Lrl(Iit2pu*q5|Gn!K4o3!BRL&eP~E>j@9LOe$kUMBaetfjdN8lOgv@{$gk z$ZyOm)#%cO2ze;vDImiHv<&MvQom-Uzc7hAlyZ}MwaL9x&eqEe$3KRqGnvhaivLCk zFYPA;7m|SAWZtF+IbsUgMsV_J%+aK4eq22(B{FEwf-Y*YZYR!M(C>m0xKX(ms~KZQ z|FkM43dDfG4gM^)}kUgZd>J=Kvy0c(RhOtq>t9=wp zrNxyHmQ6R=-iRI_Fk!T$JuQh+ZB)Nw;$_^~g-Hl$o`?_&C>TB|ms%X!>!j+{9SbhY zaI_A^WtkpmcF#pSS;89UTgQc-qGrf%$Ym60#SL7w;vn}CbF?hAlXa-a3|usNEW{yi z66WFlgtNnjyE6&@2adopq%{pw>B*mh^6~wkJb{^5#+qg?+#rNaLn0l05j&Ov(Kv%x zd#y{fkOQ*aH~py7d}gsj2kQ^9f<`zd<$Rd*zo>iVH0?JcfjgFg31u7>Qr8l@OBdX@ zjHI{dd!u~YII1!m$^AAE)u`rtvl%7l!;}*7%V>KUSQGF}6tz}(uB>5o=}$-;8=Pa;9RGehRg*HOBhW6)@g1y-jT);mTL-!R{SKup=2ta`xsv&QS( z7+PNrE>DLA?Rd3X&wJK>=}e&VDV_%m4=pXv?&-2UYF65v#d-&s%~qBI82ZMWxGjYS zEmssU4^!HS1Z9(ChsO+SVU7jGi4-I7&@&7<7dyU>sYm`edYCHe{&mea>co|lQn!pFwJ!s0n0W_YyY|Wny6TjHd(9h-c1G~} zfxip7+l@Cd0)2<*jrRWAH|R%`*0%wbqTGERR1=`?_`k5t8C@4Rsny({`8sHo*fhSG z-^9CzsE6>`4#8tuh((&p$6KS1&wG@GkQ5WIxdcXMVD~22STx!Yl}o_ z=ci#X<5?Xb@NDP0XfxV_(AdmNS^}hAoqn|@wF~gr%yFX-Q_qHBFd2M3wFB$Y(L&vC zutAEe6JooYz(zc74!RbntqeUpRj~pfqsgqFk!n^Rjhg=ut>#?=h&Xi~-o(7(EV$vR z&@Ic)djGgQ!ZqGi#W=A<#rSdfxH`JJyla1T3wsLhS**^)xS9eO; zlyw}2y$4Hl%Gy$0F01Tkovyc9#k*#kJ|p8#&tx-JsYSK*)RIeg$R=?i&tk?e1k7uF zQA4D_Ch;W8lj(BCnGT$4jH9%)YZ!5*e1+80nZ(Hs-CYyJnx`Z2W zJx$}faeYk}+M30FETu2LfHD38LGS$2j2~x;XzU}^c8|YRol}|3go4LihRAhyS9W+B zaWFLitzfk*KA#Y)3(MuHBjXO zEP-UgDf3X_Ax)a2R38CcDz8^%Xt$-}5Mln{Qtl&9UAcfyo4so81#NkrU&!UrYh zMj|h$?d!qhk)6iZd3PmL(C2NihcfQGscBtX`boD;2 z{TVZzU<{Hk5qCpLzF^|H5m_d;sWD_fD3`R3QjSXAbjul(+acA)TwJ|w2U)kT^TyQ! zD@HH=dH>wb3lrG*uFZeDJI%Ip-7)d=?rCi7{<;W7^Xuj0^N?}d={B_Rw)ydF{ffxy zdKPYIe2{Spv%#Ruif3fmGt>|LhNp;shgN0fue?f)lx9VqVn{V@ty}sCD~QVLBnr0< zn(Ux{wq)q~JxDKQ19?Ro|J$i@4KVXpZpH(^tAU=w?? z`P4tXqLy9K{WouhB`bwFmz@q5)f8Ik#Ees9Eg-qaVYGa8zypmlf>1c!Bn{NT)t)eH zc^;v~EU2+%urHHB17BtHRM8-xJQI3;_T7!DbBlo4gj|+LBr)YIS=+906k0(NJ|zJR z*$fcvBo$mL*=1M0_RfWAL6O4#F>ypA>Ub=OAg3;UI9efX8S_W1Rs|x^H*d`T{)W1g2%q1?$gS8zD zgkQ{jb5gc~)jvE;ZlOkKAZP_r!O1%UslqI|87?(GLh~M&BB$I10)}L_9b?ZaNv4j%NxSSW|nvIEdeOgOF zU^`&(J_(u7e0u(iwhH`L!b#-gWkLylo&n-S;HXt42FOcD9OcEl!6p1in-bB??LzY! zaw6`xhF=;J&AeXN$+8ND#48Py7m;RPQO8oKGJ055ZPVj9OcxX|h7geubCh@~M1|R{ zoZ0^Jx>9kJ1oBV4)ZWs>D21tk@E=SgOpb?YLv%_)!-+?t>a^?j#CpQ;@~N5NcDmwk zzvu4|4%^KOtdU;Gk?XAl&Fc+Wy^_@1@7fqku5i-&>iVRk8@}^weTgetN<@7K`TLXc zhwa>c4gm3+1b{Y8l9^=_Gfb%so}tP9evdC42o8*Ax$E$NNH8IoFl2voJzzNWAT0vY!R)3_#>CYf#j{`ssLzf7S=$Y zCX;T7k>RVD@u>O~#l*$LQZh3x*c@UsUO;vhWSN?+DLVfH6BTRy88QxJ9JmzE8(vYu zK?Cf|i3R!0A)2uE0fik~!QC8tP zWw`Q3dyHYwBXqz=xbOn(OZ%})IPJ}-G~x!+O#T+#m&P( z&ZXz$vWZIBppuAdhsaIT@Urs%NDN3UJbG8Pk}%ddXd4OFLA&1)_1QiiywQQ9qZlTbA*V7lG zKJ~G_!gN&=)Jw|dP5B=b5$-aGmLyU1f=)$sWYQ6glem^z>W*-Vj+z-U&nS1r_{vN= zL7JjmzsH8Md5}N1m8Gk#>5OFBvWF&Qbvh!_D@X~`qqs{^Ufc%Vc*-J+bZd#_G(b(D z&)!A>j_&y9QIQTV(YzYVGZWcDidj|-`>;l#9>DeT>poz zN|TKGtg+X@HD{Jw8k;sMb7IYs0y>S<;bi`IQTDMTlkL-KP53?X@y zKma|M#lU_BosioMph?7|-%;ytLy6m5W63zz>$1ib)S zaJ~ikyVWgahmw@2ixN{q!8^VnkI3>>CubDmD%*xyonu(uIdapP0G8rj$Am@@KV@N@ zu_-~zD08fl{gc;`ju!ND^|L#8agd+nUA!8I4cBvDgfDF1^>Kzt>#dFco-)J9auUkw zr76R#@!JwT=l5vqISjMmC0}>~yGUrv#jJ!NC&AhSdqB=oW0oP79PAD8x#D?1wk_L}(jx1nlQ1CioCKd68#sdjC8ajZycVp*vCwdv z(vh_0?`)j(ug;FMG*+MegQP1`HxP68#`uu0pPHM76cte#9<{isjJCF9n`w7rYw3P> zcgO)R$20D00V!r&z2pkbMwNX%i~21QD2M&7w*rzu#p(^76QvYKwvXwihF6^Wqop8E zQxzwiGvuc4FLmVajlKBSWSPpj^Kfl?{Ho5VK#3qc=%`54zB|0VXt`saIQ8YgnwKC0 zff%AcI!vqYGN596Tf= zi1Bd74uhZs(Q7XjmJa6=GjM;FvG-uv2?z`TS-{O8oAtB5GPL|(H)d*%8l^o%Tlrit z9oPj7y>2fb7>g7YnBw#_69B(ZHfnWo&~;T|Cr1L-R}yYX?f5{d={?1k93iwl&wFdw zA1pZ4dG6Zih;yjX4IgJUILdr)1!q)2dYE>!Lg(GFtr`Gr(LJW&Os(?_%a#KS3XN{V zq5@8>!~|P$(#wu=po)xijAdt8-eeYvZ4NfE$ug|f!T#ZAf486UWXm+q_s?}b-Zv$F zIA3IdZ&qDf*ZNJ-?P{u9jcW)!v_BYh_E}&RQvEZ~i zxZgKMd;O&=e3|n@0k9qZ$($Z75!M=11DUNs5V38YLM>maWN&k5VJz2HPbG5#v0%O1 zb5ui~^W3n6R|nOUEP*wzxEUqCE{9DMq;?UQZy&cGGpF$JoPiaYh#&CFuq;av$^ z=4ji}4+<6g(2qtXZw!l{X%@ay%zUO9cudo==_mUpoc|+q+zE{fRv72Vx@{USB{92s(6~b}%@;?0vc^|R=YxMsl|MP|SD!r%b zRPD3SP${Q7(O}6;bi2L!c^r8kP?==B5?WeftVsPfp(`&}FE%|jYqD~Fdmq=86qxGG zeVe5}QYoX*Cb?9EggilUarDQep+K`yv+K7u=CO14hneeR^ZdMZ*7WCTb~o3TE!6Mx z=E}~DuN}|V&(+oQ{Tj`Vx3k^zOV0Osv9*B0?q6xHY_Cb}PrCTg)sreC+`8gQ-V^dP}Tv|B@HMXi2x0ev~A)0}FLPgR>-c-DtABndm@D^8=Wo@Ys z$1;SWJpC6}8)3uIMp>08(lv5uP_tl-SAc?73;s`>rFGN^*H07R!`<@Lqr&EJOsWcC z^zdHPl=c*M&FSBrDZWjOC|}|Fs`B=ot|Y-mxWbuG-d^pOUgJclB$5ULJ)hUjtDOXK|t5ylwd~GY7PQ} z@~bKF1O)-rBq-{F3T%VmmI{t4lxKHbT`1R|ZjVI5 z$-tVvEoem@dU4#f5P3V9{d$q`bpg>GM9rM*^4D8Q4;;|yGeZ}()~MhA9PyF%KX?= z*vPlHrPu%HW39#3#>_aoaKP>o7QHn`UPW>myIOhU?QRn>9~R*qg zIWk%Wy3J{r0!hV;ueCA7cx>+0r?yYUeD-GgzF$qqlSqj^c<1eBj zE?7iEq$+GRVtVUxbZ&=-b!T0}*y;~YwOjI@^|P?H`bIV&wpL5?H z1TS0~_QkA^|ItoA$Rd}E5bqlzTFBU?6RP|kI5WkIxbV*+8kpE~c4D*216e<*LORhW zVq7kWjBP!30wEdNtQ^z*Eds~WL4*rMO8piKv&n1XmHw3XOUW5ykm=r9O2 zpUTrfAXSuKi#o_Sj&B(9SB$Bp)&>&i#w#(6FzwNtJ(ZA@yjyR2N{R7C*a3tFk70t$ zav&s>k!rbRF1CYL$bdz<#B6f9g_}`{J8o_=?OPAWe6gNqH@cu(yd@hx5gWWM2Lzj_ z6*F<~r1Fkckt{Noa(XMu_q~$_BDHW?M#O}z&$)tG{KolV$&G~(!*$cy3+5jb>|;wK%=;zSWl zdD?0`@NY)F7R_ zs7M)E%5nxfu5wF{n-&a9&h`;(x*?ubh!$Knnft00&ITp!e>OSTnTu@4sCb6k z&nJzTwL!peJ;avxo`^#A_eb58Zs^Y6)U!>5WN-xSZ45Xe7XlVX^&aGe4xZ8=bB@qR zVN1(0l6Ww4wf^z2k6xeZ$-~2OlGgR1k z51(1aGBdvFpR^heL^tLZ_!^$5F_2?hZyAMBh#ar7TZnkUZQoco$s)M~P zJkn$a78s$Uhi5NhGxe%I{P?gN;{4(*u$gKZ*}Rmw1m1H`e%p;i9FF!s3+)vw+4<=< zL&#$+rHfU?ajf~<=0J+*s?nKzqCNWZ@Xreq4>O8g*1&75Ip`!E)Mt>E2~DB}!+2}rzI8YuDA&u*f zkk^p`4f7vE2J=?C<(e z!H%*%p@#m>&bY*ZtL0F0k^!X}hz5&wE-buNh|i=-oiK)?MJYFx6t@qd)Jt{gQ^8^s z6c&9Y+ZTk<1#*pAg;*)xFJmUV3+4}{w3Rs!oWD}`L8P#>m%3OmLu6DFSj&KnXJYDe zu@t_UmM|}mtQn-;^Ud7mu^5Zx9es%k#qf{+5@!*(0STkLE`KC>fk^NI5;|uQ$lHIg z0}@(uVqr1wz>~On2Z-eF5y(AGIsU5<%Io<@l2k0u_~lnA_P;iM<%Lya2;^_zNnH=W zT;SPSx$a+WIG$ez{~i1*@&2C&FkYl7<%u`)Ej>uf2%1FmNWbv{4O(Ds!#{*wE@WSM zAi|q5WAr|-ebk3uvDw3+;~N*o{>xTQ!g{?QOHLDQ$G3ahftOell0gjJNQVI}@glgC z2K83iD2l=JRQ3c7EGU5-hmls|_*(R&VO41`atZ})>L^k2)fO$dXehh<6o9n$nI9H@ zh0fFF=MDB!6aP?xOq-PtGgVoGPm=vO6rdO0{>3~(fwhy^6r6Eq9F+U}b zN%$j*a5ZzsI+>;bW&R`lj&|d7$LV&2Rf4QjU+G`!Gvy9q=GBSOM+<_=+_4)q(=c7h zslcPtI`q%o=ep-alW9%gpBn0l9&Hn3ob0QL=6(dhE% zKAR{3TIA)gVpYgLt;T_AB7EknKQ7y0Q5UL_L4tfe#8l$Z4Uo@xxnHZflRmVJnyD;|ZT`3I-DoS~)uS$dKb%xP~ohUMYPbr!TVjfc->(?D@ z!xl_awe0fa4Gs&&)*Evd3e@MWo<)5r)Go5!bygd0V!QK1D{8SEq>k9_Ww@#YYoeaj zSvE-U;AqHG^fsl4$wNO9P4V2VVm5$Km;*X)anJ@*0;U^$@2_J0`i%sQWxnsB8Kr+S zB#Gn7PX?$h6ws-tE{vBES$)ImUrwyDM+U|zkEf^kqITG6QJM{h@3F0LyNX?bQs=^x zZRL#{A{SdKCtG<3&k6JW6%FoRkL(2uUu@wo6%!B@!&hm-}RF>U#fHe0wbD z`UUKdfZK#zPMp%`5k!id$if6t>!$3_Qz&JiO^eF6s)EsEAt;h&WEtjSZ|=zI!L7B- zEjqIMzrdCG3v!xqmYHa3OqsN{!)9a>q>Qck4B!<0={(HEvyNV#ulECV{+SjQ*TW#di{E|8eLtgBVyC^(-n6W;>wFHtsj%V?9THJswGb!pgHYq5QQ%+JB} z>HII8?dCn-=v(BEJPjK2e=0lx=k1B}*Ss=4oTI#BI2VcolU0IoC+u-h|A94CcCHJ)q3v`<^U_68!g?j z0j3zyjUXwYMftkP*;RyEhFT~}WIJ-nx?w%I^l+Q=T`xlXaWy6h-L~20u^RN>a~K3@ zYxe@_YgxTnym$RK`*09wzk@x9&osf5<70+>3jBY;&4oVDnCd>|6O8XpZx(qs6KRid z{(2mH;Fvd})(augwye1fh;b=DcJKR^&13_Iz_eKzxZsIUhPrx-zRG*f)P(C<7b9Zml@v8I~9OAWZ?(9 z$w-h+2D`LWa3akm}&qm8r=nXg5}w3f&a@BC!}4z*y}24B-@GT-^J|AYoam z3jsV=nXgnHm1O`yHdMMg;M;C@3QoI+qGQ=9wH%mcj8NCPbPT>RL>oR?FW+VHh(z=% z_}ZD>VKJd|rKTe@abh`glt5Vd6ZwFdU3P0xmDXcy^0QX56n!j_G{+JAHO$w?^e3E6QKp_K>Q^M6a;5z`O#M$~Fo%wE#tBIm)_7|xpJnz_l@_bZ#pg7f7^YAP8OX?$T4P8oS#sj zk;;*QZ_u{i9#|KFJsUTm?RD}rfdh#V-$@FK6zC%U zYN>XN{PPWrd-puhd1KIdo6qj@w>WFqXZSR%_&5R-DYRfxYfmG?cqcN20#MUds@7rF z&QwT@;nin1I$dQ&UAbv_8J5IU+v11AAxDUP;=}_>`kD%0_sfEa%q$e=A=H+lb`Z;^ zv_fX!ST6W|1#uZ>*7!~YGBdibRrQd{Uc3L$UT{UtMXx3fE=||q&Ws?Fv6(ZC6cbk} znPFaz3UpaWiWt|N=7HX(Y2p-SYxp2uVfA`EmZ$5lO({F9&pF;a<>b_sMw_pXI+#hT zA1b30Z07qcON<>(=V(69vM~Eamd&Zc2dm?v{SntQB2d_+O^i%GHg^Z0EmPRiLEK!s z?zK)`1SB{l(K!3dqEu~fvQ3CAiI~6c0`E976Uln7KhGuHn^b6~}z)U&XYdqFqG?x}GntigZl+qV|D{YaR`8%<=M)UP>paYs-;=QlhOw#0m z%eZQ`3DNn$cUoyLVj#mEJ#A*b{Iq$xy*-ms!iY+U6$wW$qn{QjP#~m&77CC4UpLZ$ zBAys#M2w4&WTCj9{9K2EK?d{B*P3r(iTGcIh#wEd!0=9Dh=0W_RiT2)n`>+k7I3i% zJ^wVfd}JV?H+l?AV#5D6}5bA2U+i=h1``ahad`cJku z`&Bdo8+hUu3v?HW6D)%B!0xJ_ zbIWs9gc}I_tbfwm#At2nM|s!V-ZUwFJdXXU zjD0PO>0JEG$Xw7jMzgS20l==te4tA6a4QAr@nY8W#l@B*I3 zw;#;mM7&8Mi;JL7M->iM<(cMXmzgM5K6d2C}|Si{+T7pjFixG z?v%o%D8wwtM$18>@$)tp=GFa?^Pq<>X(B9ro%B#;p%~rr?JzE`VmrMNQ?1spkPb*+ zXb91UcnMS<_nnU{}%&+9y*q>aV9Z5BJs>$Z}lOaDB~-p*uk>DxO>HV1m2N< z>O&82Z6RABdBjB9Cy(qlk_T?+(ljgVko3S+V~mJJ8W^|#|FQQE-I=v*8>k)Iwr!_k zRBYR}ZKq<}wrx9CY^P$|TJ=8T`~JZiV|DJ{Y@D+(o98jNeLq;?BddRM4hIlvY!Mze zR~n6CMXfdkeAdEYm|#CMHal^1#~haKD#}-?F&M{x_`a@R1OPMN|2KwiTKE5Ycq!Wj z>=X9=8(FW*Ux)AJ<>ci0eT-zy+STg)B;|cQ)>uqxf1Z^s+OJ>uQ=oADJ7=F1_CiFY z?z07Q<*c{U)m4BV`_17Erk3Y~-T~~(%ZVKJgJ{~YX%b|YYhE}3OLHe~di+s~$W)?6 zsI}7A?CKIx<~Pvaq;b2Y*kwA8!TE}p137;pu;m#rkt(thLb+Z7hB!L!e4D>oyhOw2 zhL3{kPCRyRfHzn1u6vs}U@_q_?8&2X3TC#6Rw~QWzu6Wo($o4^_Yj1;pr9XY&=yy8 zX-gd4KbtH6i5x0zOp-h!Q zTj2E9O9?d)KMJzyKZWqUg1OmuhloZh*_AIa<8%7#8A8i>)tTe4T&mxM`uV^txk8@l zR#U29F|oSatFEuwM2>iflb`?&8SeKiZI>#8qlAu{z9Cx_x*-O(XJig{16y7I!>HCn zAz4CBF%{3QpW#clhEH2PDOev{40o2I^&aW1=`C`1^{F{Wq5B5$*^nxVe4eC!t1YJ2 zP#K@KU^Z}csHJQxH^;tspx8up^D)^CeHuln@uR^mDn#?Tk=>07cL8;CCYF=bb{V^T za_ID?c22wWK04ye*#QBK)Jw(~4PMAL|EGWBOosY`U|+G5;Qa`=;_zVl2{-?c_DxLp zXrBI7VqG%I-%wldqP21Kj$G&uJ)|*8Gi^H&yK)Lzh@#>X%~szeyP)0)&yoM@y8@DJ=6f^9&&Xw$gPl{Y&EoLfR3 z#^=627d7xFzMQMn;!qP`zf&R@Q) zGPGxW0XULdlLD%F>=w0O{nZdwYzSscEmf}~A zS%AwDEFomd#EvFP-bp&OugsZrs*o&diHt#J?NE5t&6kF6NO(@Qj^x}NM!gT&bU)5YUuJ!NAox8%7{#WGzoYA8?Hqs!+7eI8UA|V4+xM7~_ZBD)s z;RXi{Q{3Hxd{2G^{_11HNgo|xp7P@B!e`Uhj*>Me$oYSAC{WJ6Q2P5J#9P>TyU5{3 zbXad;tTI#Anky1R(#^N>H556n(zaP(pk$*{LUN~HvjpUvH#>r^t9C}h3t=Gk+WKS~ zNv5K#b=kA8#FDzXwFcEE@C=Sm37;D33-K~h<}4<0S*50d9{HocMR-u1 zW!EkMqUMin*Z#N!Zh^BW<9JX_yMmoI(mL`BVt22Or%u`}vBz#zWGnPVhK+o;ZukTA zL)ZoQGpgVKk8K9e>t)vzQt`SjiPHuYmg5Xe=Rh;1#p0;HNej2Pi2(OA=p65spl6q% zn*HaTL%i8V_(*na?8`G3_fA~wOVPpCsfWP-9&1ki_oNKz?b03R^Lgs=Z!$L4<Qa^(eO_v2BKjm0;uTrh zv7FenqAm6TqlSRYmJ@`*XYm_GN1ZDQNx~E@aheWnve*zM3FC00WyGM(T}S=E_4X2) z|GqNcc8ow{epaZyN2lrXxd$FDyK~e>Ojgse#}4B`CRHB3=-`JQro%%^sYKJ34U?AB zJfmQ6#7gftLGI-EP0j#bbMv`axzu9xWKzhst@73GfuJ`$V}}>wGj+>Qp!T=;(+L@I z4$`G(wxImErd&e|C8T?zOT}Zq9A|!F;d2R?YvRo%^g#AmAl}+dJAact5~ZTIXY?N6 zJ21;qD2p#)>ltxH#>GJfY5|W%@WG-yTGBchCq4ryS`vP^7|aj>H$YPF94(Z3f{_zI z$vHvD$u%cTl3{Jq1uQ#<$SD*c4cdM7m4oT z3}B(Y&rjYBy1VNxzpYwXxTIvRwS0|rBoNFJJm32B>=m>J8OzdAg(E5Q$omI19&c-F zWO}+H>#n1l(y1bYs7$B*>(@njX$>Orba844fHP0PImAyB5~!UnnLAp41jReucmze0 zLv*(z2qDd7cJcv(;gTzQ%vr!?cdYupW(0BJ)02~e`f)?O$funBxTwPuTW!erI!m0j z4P`KX=RQ(@EJ-;2CwMt4MB%_c-|OLl8YBlMaMmibp{mD@*qu${T5G*6Ey3JnK!YG9 z+O`B@iIy(wAMGhkEY$yh83zH*{=-54;h_I;(0@4SKOFQQ4*CxV{fC48!$JSyp#N~t ze>mtr9P}R!`VR;FhlBpZLI2^P|Icxd3h*dUfcsT%E#lvGzr2e-nK-i@M~kkr_RQ1k}z#o$}VTulvd0g+@eBc5Q}~{WI~soxG5f3i@Oz zf6>t@IfBedOBM@ws^Y8UnJF+eX*(JRc%Yn~#14}V@OXsW8}Yql*g$>Z%nm2)z~`r< ztu?RhKB7OR;mLr(*XrV{7{m8<-H*ffSOlgXomws25GUaVTR{7I%bu=_%}*_}8nMVR zZ?FMlsJ@U%lp}Iro7Kot*iv9!j2vV`+24D6pm#a(pEV}mqa@oRrS8jqjp$;LK9ZQ#{Wkls&YH^E4SYGl zX3k?Ot-W{~DefuLkQB&n-gD2(Lz(l*cCCsjj#aY8<{KWoxKSlQ3-776Hd->0w1v%h zV@fU1uC=pNJICZt^%YU@hJ^QwSJ3e&B-~*VA7e+r1fv42D%d|hB^D-jGV7m?sIu>tPk(k>x%?K zfSu?0|Lo4eTvNPuuiNp$*Pn2B?2ZAjJ!`7fRc;9#pI9r`rB;r|lv5@quc4t9n`TfJ z;l1RVfph64?TFm#)1d*h>QX7U=el1--5EOT^%#xe-)CcGLmc#vzhv2Kp( zoelxV0)b2;YG!e&Iab+>2eECYt2oYR2pFrzhXm4G?k;9$|n=sD=T{}!{()xmUCL2Z}6=!f^p3*}6Jr5rso30v6dU|0e z$c)6LIl-g$o24Z@4{KoHT&;PxX$0-4t+E3Qt~H1zg~j5-Gckh^sS-^;;(3Nm3y{3J zxk#woSr;?j5XhUCP&3VFOI7EtZZ2B%=+OLk6z7r3Q~}z|T_)cd5>9X0>0<8L)+FH) zNcH&!f}wBw4qwUfiIT5TLv8=kT_v32{Er+s{v0tiDk^Z@vx05>>oOz2hXKYf660@8)B`GPyrm@? zv7Q<@ZHC~N|FNK-V8nO(jO1P%`=Zz;HjLnAinma%|Gka6=FON$K~WGb(nVMBDq3Sd zu@^$>tI|q=jCbvLgy#WtsfxX*mUXKYj8;}m6*FJyHiQ#beL+2nH~HWlZ{)Lpij5D=+# zC@SqQixKKNBz%X}YeH8CGJ(M&vZlE=!g92rzGxk+P_$V`1Ga4J%P*8WH+`zi_pXCn64MIaa8A5iA`09#0RAd3?h4F^ zUVyK%di_2I86<332gc@oMvZl4~;Zs$L);%w@lj)W@=KW zH}9v!B4M~kNCIM>$ZZhMqhFT^7Euqk-F7j)Qy(WE7KhLcp*c7R$vkaRxwNTFx8}Vf z=Y6s7uYj4^2cf${Z{fzHE9L>0AH70*zQFOArhcCU=CWploxo_TA zYMPAMi55EF*uZrH(;V2&MLqW=+vJ*pbiBsMYxsTky1CrK4OH-(hBxQ76&D$y54rf0 z@uqu%>4sSb{Wqepx9hUidYi+fj;ruebzVwXg7HQ*nIz?bYi8BiaO?Ls^lN;-{AW?) z4p{&Co@Nc(tdw--J!tQj?_sl$)t9DsKaMN_9UgJAZS2`EudafI_>E4EHnlaVz2^}t zUc}tUm>hj4!bv^t3})NvD?zU40IWLxn2P;pmu@f!SXKE)^tHe`%{j57Kms9uc0#Px ztFhFLHyFBEjk#QK*62xol|USZtVB3n8oSOIW*tgI=OE7G`o|d~s{OHX5KZeg6%!%! zsm+2sJI9IjY#pspt;P9L4B?GlOc9vDN_JXJ*{JV)o2xlkZ`oY!T|LPv#UkZH4b6my zjTXEnek*5#-0t9+zxM4QU$@Xc-xJ^}Zn189n-fHLySHb5ydTfy&(OQWahZ2Aet`Mj z_`n9nvrAnM2rbr;&XIe}-A@g4Ka0(@R*Ixtc>_IXXSDYH5)ji|@2=mypO;^H9>iCS zrNqB-YTphhT)Wf!^7Z}pobWCR^X91i*-ksQ1q7bhz&7eGeQ^qFjGpc2F{id-*arOt zVL#JtG8aDmy6|V9CZKtKHGt0)vGqzOn8&#!@Fns}TRIB#bolmx{K`j{xv{qQUX6>- z-kAUPh>$by^e|K`mjCj@KOce;mNZS5)ZE$kd;D-M{OK4au+!+)AA8HQzTE%5|8PzH z@f;<9PAhSV&s*Zjwe<`K87JQ3;I>KH2%ii)q_~Wm_w#i+a83J#mY=cX)U&F@C&JvZ z{vMM1_m1OY!gdLfHUeRp&DX2zG1V2s1QoXgkwX|UKBifM&^nMHAImN_cjc3}vuPiu zT(IgPJ^u37)WAbxVU*sh1Va0&_t&(x3bpleIyyny^1IYuuFF6z^;RM=+lwI@=K+#uG=o8pSh02uSzDFTu|~&_K(bFVuy}4E zUc&k*eEPg@%v<^X5h&=Ny-)j)r#ZLsY&-qd>*&}}?E07Dhj_GRW@b&4y zmd9&1DLYMijd{1jW{&Ol6Ebi;BDF)lIZmSpmi73ZwNXxDc!m-S)(wf0xTOH9YDhxy zY8N&QG#tAa6nZT9Ji#fYMIE48`lb~7jJOekQTRQEE8YGm)RfbzGtj#*UkT$dZ^3|J zUx}{oUQpQQ!F2wQ^ZhEN`Ly1#A6NAA?~NPn*W>rXAJKSeYqg@A_0OESt*}PncO32N zl5X-cQ21l+b;tju!-`m0&lN(sF@c6#V6%@QQr{AWoCXV~CP>y47ya4md=Tu)CA>Fa*I7v=ro|scm zPrVHya$Qub`MaT)B#ro`0veG~Y>_+$#>6pMk}f|KCDQ$2{P%P(bSS2x2I zkaZf48uMxUMaD`6wmsM|%7RKa-yEhztoGdt7}N_K9PcorPJjk(U|Cm>EUsV%x=T=( zpTq-tx=Y=wWh(}WS{h7vtda5~3ZI&7^=uyU;k7|brKG+GqN}G^G$#u?-Fk=gd09Js zs$PHV>21XGICO*b-ltj`zaKcc0L($LaYY*n~6$>Bjv=YX?M zc-;|G8DEY38Pv;gc(fQd%}ZQf=Kt9KN#KC`I0cG3G=uw`Po?=kyC@=szVtMM8CIM8 zT?Qd$qnnEV-C1cm@tDbORXj+ZeB2R>PLQYL?`H_HDm}Xu1k+$9J5woa7q(5kspE43 z7esiiVXKl!czlSX=pi^po>@ENTYLF*^83Yx@&I4IhAFMbhD`^RCxAl#pelgT9zvAc z1y_6jYbfow2cu{+`}dH&O4BF!W&Z@U0w32Myj;P#RRC43;*7e?o6%BgPX)_!K^*Qu zc%RqLkzk^%1!+t58O>zyEA=kqh&pa&TisC)>7w!jq?w8BD}j8vYCZ{W&@Y4w0GGO1 z7trkmH(2)a$<(!{oFh_cNq=PZxe4mo&6aj| z)2zX*OdFe(r3;}q6uiS;R({nLBg^>rS&j50So;jFnwn@n>ih6J>eP@ty~okwZhLpv z{&F;~EBVwLQs>ld=()$>t#P3B99O!fTU7PhKy2sPp`o*A zF0W&`d~{^I@DT&zg}K04fW*EBw-CDFCbY=>jvRdiD~a`eSPIi%_?4!~ltgAj@oOC1 zdGTl)!vYw6%a^9nK@)$`>pqub^y!Ul1h&Wt-Vhi^Ki7Z_45<2Wj#b{f&w-RL?2B;G zOQ^~_%y|lCYiV(a?URhtB6YtF-U^o=h2UZ?oItxbrqG$%T7gmhzfi+EhsLU1j&S&h ze%T(g;}cgUH9&Y{elya5G{B3YS;M3$@ogpnwfi);g9EwYPjs?z1focCDduBYUR+%5 zFX!3&=|8wDloph_Zr4NMJy#Gs){a7UKZWBDZ>6^=Ld+?BNb zKf(>L1!k6_{6+tIrgVJ2Sh7bz0Q>zK7FGB*Fu@@J*ZgX+4TJ_&4X}Er0V0`o`pdvU zaC69iC-1ZW$?~qey&^+Id||~5&AR$8Af^Pw>4Dp>Q8S!n!fzN|T+4}X?`QR@yg_*Z zjh{zE?Y@xi`pA6xanljq3|Hj^ab9#Z4l=ixyNdKQ8q5 zzxm?Ab>PY$VO4edVV;BlLR`KeVH~Apo8!oZX%Hvy)ynJfW2CrucAgiTp3?N~&~dI_ z9%uq)#Ccq`lHUpoBlvz}K6v2!#CX>G{kgI}Ss3L&~W%-a|P8{Xr8I8MU*EngK(T&!)_ z@AlBHMyVrsK%XT&HY#$aBCevo#E$Rc?5YNH>bOVU`Gvq+$^3|L(6wv%~wcoIB)r8fJ!9diw{5m$= zf=b6cbmv1KsjLW6v$91)j0ZkcS=XPwqL{Y-0pVHt@qnAy;qBX;|04%EJBsaQ5zTH- zr0a{{)n@BVd*MEpA*hpA1l-|IlA{sSyhu4|CnggKpQ-rpER z5ijY=Y+^igZ4agQyk2swRyu#Y20p@5=u63FQ??b;T8`+B_8KSz zqZ<6OF2fTsmftO{^F;X%xDSO?6rYJG7y)v`w4!$ReWSnEl#t>>9>JxuWhP4un@Mm%ebM zX8VZwhXx7|NHNkdg0@%zz^WK(lnP~agM;-3t`J@SPz4A^@yg6!48)ds(_H3CjHK0F z-Fu>BJ2q#pq-%jI8Pk~GoA44#dk=Yh1h7LBw4x98S zb;-IFdosGIKJ>Uy`+st^BS=N~U+-NObg{w>!c}vTbq4lhb5;{t9grpLLQTyELJJ~~ zZK@~?hSk-kc2MKh=gx(Fcx1S)9Ft{{?&F^))>Cgu56fl?nC;E9-lCMKDcOy;9CTKQ z2~KN07p`$5AfZH&$>AH*Eb_Q~UZ=D8_1U(iS(8e!!VLC{KLyT1wJ*~aqgEPAWOGk{ z?m!<#T}Z*#X;%7z`vsw0UhMWkKpae<{ft`T`w^)w=}53?-{|3$%u3 zl#;t8BFO*DuGew$=~N4THh=ln&}-yX(Z3`nwQj)h$^h$N%~2GB5$CTZ=Okp#!3Kbed#VJW=|1 z9(8104{9aU$$$!yKs#5yVhP_<;aug{{7Q+oZhSbiM_2uolHSAmQs{Ii#xg>d{hy^K z{w)Y~x0b-$QjibVul62#W|f>9>*TQ!7;Cx}IG`hQP4XDG#JXTeka8}D9C2ui5Gg$4 zqaLL8*ftlAixi0@?3qr#HDup7a{f4LDEr6^y@AYTJQbFR{%iKsNk*^meqGrwwW5i` zIZ7HTe#v6ikBrh3k!QbDEUQcU&8U@2@jofTAV7=lY-;-a2ge(yzX5=@6mlF z0S~>{3x8f5>L_isDE*1yB+3Au(4t!=$>tkc*ZA9cXGl)a2yMqY+r-_*ZPR3Xvjr4> zaZILNYVzq^Al??XfHf~g5-_6xP~#;fuTq~bA6geAd;?mhX4##wC+y8mJUGsEvB%|S zB}GjXxM<~D_T&SwWO3^&5ck5d@$C2!7){IW4Cva9wL(FPmJORt{KR!+2HySbnjFNe zTFEi!&;k&^Pb$v4=@QDZW0+C?*B!JL)}w+H=EbjaZF^>2aq{6ukA4ov5BxnrzsbwB zn?NehFp{KF$>Yyrg?YV=NzV0|Ir|%hvczKA;I8fzlin(`HTMu zTp7277@0WKBtpVX0g1SnLdQfjiBtp#NnE0Ji1Co1dd+YCE?*k#exQnta#R5t%%tp< z$|F??iP>;PvW(Bqan^uS>?iwA;;;9>L*ZF^+UN6&Gy)adX0JB=G9C#IJEDb1?X7eb zus=~%(&20ea)etruRN)!DK(msiizN}(VRt{x)-`;o9t}yk1ggIXztZ3NXA;w-^NUn zA*8piItFIew;;cz_;id~EvdKL3n#_M=G`Dh0&H|0uPR|!G*e^tydKc*U)~CtN7om# zw;TRe{H?;SX<}ccTa*RlE=0~61kLTK0;YJ$Em9oR29dwNdpqm-TgYrLXYCWKl6`*O z-znNFIN&0HSkr%2ai*_EGfPg4A~H~f6nNC7rbJ?8Eff@-i$p8TfPt}h4OOPNJh82^ zg_+a=D{?b2*sqDH|B@)n4x+QfZRjXMW@g$1tqpf1{X56Kt>EkScxsvI7rb6t02sG$ z(Tc#(qQONkdrmK%^0JOHZq+~g7uJN*q;LG|iH z9q^5Rr-PU}OFhudk*5oaOi?syUJC|;%;il})S3E9xC?#Ie!^?` z2e!yAp(()*5*A^78qNGKYkSvYYtMZq5lB_gYLWasO zeUDC-)+=4(mWh1be^6sl3X39@k#|yKQMefT-&`dWY9cV#H<%X{CXcY_^i2^amlA`g zESj}v&a*n2Yr?-?`4ErJFt+AOFwnW#hs!Dy9-WgijX}J8*G4xuoK`zmqY(~#qM^hi z+UY2wWO5(F8$wb270n|}Jj4=Z$d&~H1LFH>Q$U#x6&r)KX*1dmvYPLq!|1 zawNB>VOdH(MOvO*^*lwx!lE2Nm0LSDEyu2pHse@g;>-ctl4ZHTX>kB$!6XuqhCN5a ztW!MVtl4Rbx}>DSv?NJN>V>L7I%Bh#Wx*FdO|px%#bpU2lmd>l!N#SHh|M%|K5_oa zXb!9}!D)U#cn+*_sH6~4sSKe;_U7g)TkVmnW3NelCgWJ!gJvdc?Y`scxERAtrVT9Zeb{) zYseINK`|dz>@M9$w|md=_XA6*Wht(fMq@fk4ndja`Zy=^r@T~lsVH$l!Our?|2n^x zVj``3Ca!xT>`RgBF8{deCJ$cM=ILN1fYIBMRX4j*OY?C%^uMX2}AIE4j3QyTFPfotYgT69)#o47;axtDIo8){Q6-N*LoYbRINyy~dfa-qGWdh_HOxW7 zbAfW?ds@pKuHAlZCs$NW=))qLhBWy2hGcu$YO@PurpsR z`pQI{I(`3u{0)|}|BZFo)b&c{Hg(Tz|_Eg~CNEyt-X#7i)n!AN0!c zH&>ZYTQm*L(zP=MRyfK^mPa#|2Y-}QB-j&-L3xkJR$}`$4s)>XR`@h~IrrGI#KuZE zss$7`p{a8%AP;%7kuYSSSa2t!5TaGzi8EWdRKK(D-zc?G<8OyJ{kzk8&P8n_Kvk(N zG?V(96x1I)GTO~1$Hc&yKDRqOPI%QmH7{h9T~g?>X2qb?iU&)j2(^F62_lcwg%}r} z0x7+6Sr;zVN-CrzUrK-3X~51yD=B*CUn>5Y+W&a>Md7Da!qzkJ>$hX560fbrU=I=3 zvW=OZhXrLp#=5L6SP%BXPShghymo;~zDgg17;f{h4v%?}%i0X|9%0Dsn|OmCxpHJ} zDP!hWu6Bj1vJ!I@HUKz!@SELoyL}wEK(M-1E^$3=Myr%=bvTtyB~&n3%q&*_Hzk`e zT=t9CwYc=|UBU4~3qK_}U`1!mTf~ya0owKy<|FvQ1E)(DNMXPrKw;;`<6h*7&YWhC z8j^`f(^@q55$qlnHe#^+iM_e)H_HAU?(jA;Ej*Em zVLOR>SF1>I5*=C4tmkiW)$F*&khi{RTGn1kBcn$-LX;#95*}4-b~xsZ)i7b}j(qQG z%)>BZw8WUW9}Vdv>uMKMnONF|2HX>$(MWEiXZzE$;oN_N386j}7nd1mpYQ>kE~Z#V z|0e{xyEBWmNJ2`=na&raJ$csI232$vUE~NZ!f!b$R5T((wHow_-|KId6Le=1- znJ$}=qH#2B%C3~0NM-y}#FhH8_N@GEk<>SMSV6zz?lIt}rF0#~n*1^=AIwg}Ec0sx z0R=wFQpm8@QiP!i}hYjFRR89#!ar4h-2*= zf^1p)?HzOqhmS_L(1|?0XSEL7y6MTmug9h*RaBQ?ryVKDjZb{#D%Ey_0*FJLX(3{r zHBP!|5Uk?Ib}0W}i$!2?6L*!(F1OTDiOL^52*{xg_XOjJ;GPt}v~(&gSmaH(i-P2S zIltWtf6nIg7ckautK{0Rdjx}bKF0g#l~die{u-$b92!zzF=`ymOA+}g=t&57%NoxW zv}U&e&#a!80@FonGnryV@JdGBw!W5{FV*T}6zK-x)b|x3F40G*u_mXp!&rf(9G4HE zd4{#19;R9D#I3wFuD7n$nHgxp)ts&ZG#)W;n@fxqVFPMww=pZHOlg!sM^ks+MRVu- zAM+NlR#Y2N_P&P<=^4;+U=U~rgxmz>*NxX-Q;A2}R%$jgIy+Fuf1;WHJXAUq{CtiP zp@!mJG98l5ylrrlURPsT@oHBa)Gg#swJyr%67NLjT8v4)kI z&!VR0`y*r+YpFHHR{>mASu^{Rh0k!v`gdSZ7f4~Cggrw_+S@?bS%wi@rnPpAd#Jlv z%db>e)I(Aiti)*j#zF|6_`MLx=Jds36ueO18$aL)v6d6*3K(``3Bhs0}0%Xi8RUd1ia1P^ZwK`Z%5~Q^%>Mu@sPy z_hhW@v`{H;IFYU7@roTudI2Q8%*&Ill3F9l0*!=oCe*$pCb_U`nAY2z$U4kSI@1IU z?~<5*le7>=s1ir`-6qddt^~-)TTAMkjFrE7WNXEpsS-47y-Ymef9Jv{@`;#=gM^d& zn0Vofck$`h%Vx%Wm%gBvby-viwPJF#8V7W7Ta*QFK#Q(f02is*ha@$r=-LteWgQF) z&+(KSU?}dkrD-eaHHE>5J)aXOjJxUJvckc86Vf+Av|Bl0p6pCLU-{O;g8b)6(PJAwOoi_t4OqsAUwk8sWF zAdKBEp8p2YWi0l5sAIT^--N#h`m^r`7*-cn1S}^miVl4H*BxqC4=swm*DKvsp9JYg+taCcyuUcx=5v^IsN>c`^hw97?3i(A#1F~{v-xD?o zwKrQi1MWItyPaMm8DY$9b%)jk8nrrIc2ZAQAVFQwsneCx2S381)L%WpfJ_N3G|?~d zcI3X9J``cZ8VeOOmk%}%*UDqo_{VtQ)UZqv!|yM1Y7`?^vV_s!4$mm%^ZJ-NnZ2GW zj7~s#jCa0#;fBTWJHjTSk6)gMs?O^`R zVDu3h zo7I>3r}Ght1JVlRk7K0+m|9u+eEm3XWVdDRk{;L^E(@#tR+y}4IBq8$J@-TgLf5ty zWmSmUX6GReerV5C>{*- zDgZ^$Ut*h^e7+JVd*9X-U@JzT7ejEvL@#sEK|>OgEp}A}x}X6HYVLbeIfnQ<^x;3# zyg^z{26^Hy(-R?%8UBc!`5$=HrT{u@+CR0^wjlHJ#+IJXu!rpLq_iH6|4NHT|PX-x017rcZ53X4u;WX`hrImfMvzNfo!BCrfxX}+;wr{8S^n5**a=oYn zTD5zo{0^4>PCJ^Ra}rl4Kglj*ZSJ10gWiUWN5j%MKe$U{S{(R?GXgoSO?<)WEvP65 zW+zqZ!2>S7cP+(cSxtXq>I4J7jn%^#g`2D(pEd^1`s zUJjLXCb|g&E`SZfW6fcsW#zU7HpoVr-jc+7l0v7~M^G}0ZEH;inwoX8DDB;QS38PU z?{l|Ub=(Yk=HK*%*qV9%lpRCPYOfv4=(?&|yQ<5{kgL}NZfNLu3faAd%nqHYO};={ z^ngXrzG-mr#pWy*LhaT%(^C}X83*?K8yH=07^q-)c3!3XaQjdh)3&2py|?@Ehvr*W z<+GUmLrwqnK!t&FV^^iubJPCou=tcbb!a2D)Hq$3{_RK|9}Y1y-`+Q>q>JIg?j=!J z3*S`CiR7L)`L%5y>OrW-%mBm`M>T#D{E7EB6Csau3afzu*LK$pp=FfT8#PnE0Z#zS zC3annWiwW=sCr(ma@;dcXlxtlD`_8tB=BTR(vR}_=;rPL#CSbwK-{vF`8yD6i+LV1 zLNl53>Lf?|G<6^bb~9vWnrm7p^p2pwHEIa1MGI4%Un6##g>_X}cbyF`1R92fMRPv6H;Wy~U?tAX5b5b>GzM#X6E{hC ztXd9cm`w=fch(m&Hu(JnSMQTJ?97~}wcyuf%&`*Uo7FSlEDu2i+sj*R!Af5v(M`mL zGdBXaAsD|th)0u&RCcz9f6A3^V+z0wEkBq1m(<%5b+<@UVLcJm3=(9p^3=-TW5JG_ zDBRsR;2>Qij?6GS8ynp)OwDrV!N}bVT&9VV@atK2S{kJv|I06X_pR0z#@LeveehK8 zmBb}0vBm?knwz&4>4qG&w$>tR>WQAdR?30+bZikkBbfNava*vNf6QkHiTK|jd(-0$ z+J%Vc(c`k8+iU&;StTWq0B~;T)z8qXpWo5#N709l#>9lAt!_WW_FF4H2%qr7`uvpt z_9MY-!j=TM0!5Wc-HG_@u8ug4}W=8M{dSMa39j`Jo)F7>-GR z3dUtAeA{HZd(UrmtV2HXL)i)#BpNtLr^jy0VREX({rqB$Mexg&@`e`u%ApxWBJGSt zB4BXv+IaKPcRX*?NhrrZM;H&{UjWK+`YN_m~Nqc#I>|AYzjVxw|s& z30RB-VOQR=3?mT_SlMTUm8L01 zzPD>MAs~79o`(T^{PHkXDw&hESWoo(;PoTQU7)weIm;e^D?0 zyJl1C*QR|BNPpJlFSau66fG@`Y4^>H_KJgl|hvH<|G}<#&K-ZE&M5DGwVdl^mZ_1UM{Z+xhHhwVtq> zb!j)@^IQ~Int72*ImypQ0P&hi*}cAVd8SmMkP1hxn18a#&Z>0i!D=q$vS_de`y?^i zKrnlTQX~lm4H-Z8dOW`-^ZE&>zyI7D)e^{0997cfjy`ZDp}0>)XJB@-y=|e35SS=? z^!YzrP1)xKr)R?qLz}q2Uk7KdrO+H#*Y=k7prJNsNjLmOz<|O-A$)XKIfue}^VI@g z-zZw9b<5%wU<-*e=%|T>_u^_({g9IdV-JIKQsp}&=h|GWvqreI5r&#%_ve;g-_DRa zOHw`!qISUjrEvYLf+Q}FH#gCm7CNW%pf>kGDH~SP6>R$RByOT1ey%9wn9TTb2FpKT z-i8U~XIML*m*O%=BvdaR$~MRajc=6GCbO3=rpc4RWRPx>fcI|>{s@c#1+RTNGe1=@ zrD7&@MREC5+TDZ6E|4mEJ<`OH^wb`{PhWDC_Kk>YNjKNd@E9iTJ7PkTy1ssvUCyU) z((w^*fl8kwdzl{eW)i39kD^rRQ6iO4nO7(M*6Hqqw3b4$V*uz|_1to3`A8bJAaFlz zYHfJ<1ne}4!!ge&x@zXCdVugN`r`tLa zbst$Lhg|&g^R=cbcAHI>-f8@U3tD$}7U{7$l{z1le4qT@i4P}zPd-ymc2rJ|saNE! zRsWEKTZ2jKGgg=to2Z(B>wEjG4cmG43=kdn(#Q*;3Sto-lK*b=e%~_tfp90XS(P)g z@1Kpwxt5x{iXWsvROS^6Hqq-5yP=vrjW+LIvv}Jx*`S)QHo$p477G^5mHNBh=$2^w z)y7(1m}@{^lE2kt;v{X*$oLE+>OIN0-?iqXa|62D)3tR`yOK@zUArRhzO#HAZcTCH zF$e+^d^gOu<=XRMCMB>8C>DJYX*8OP(d#q18LBiO`mTtGJHThV2KgtdF~cx{ZF@$0 z4XPwCfV0ikUN3RoJjRjs&Hr*~BQhSmLuV{G zM?-Y{3mJU^VHq$?QgL==FXYK;wSmphzuu*e$++8{S-YT5Kk`+Kl%&)E&FI5v40b6^ zh9n86F}ZOtPKtkAYE)5%1UhB;ob6LKmyPJgbTNolcx%m=7!;mg*~Z4$1b5OIADz>g zTH1ujD7qAuG^zl~BC4PZ8X4XTF&@62{M!yU@3Nk6^@#_t-fQdMG;6@J*+zBO`epWF{vy0{@59`2GU8<9lW*Rs ze155Z>mS&wDLy8eiSuGzvDQ7!v?nGDt?P{1q5XdQu)MMR7vi4p* zYVY;Mrb6ISM`dZsC#ej4CxN22(nNdoc>(91DL}#p(U~2xBaANsW-6oTHYoi>% z)`v|gb7cHX9;|UDbhrY${V3#~Tl4%_$8mnM4%Wx7S@!hl&l`JCsyJg$WQ1sz+?3lc zRNA3no}dvu<$mKzN+|gLLG|=q?(H0R7M*nGmiF7Kw;LmV)Y3sMxDd;U*4jNl2a@J2 z5?y9xjVof@S^4VkCi}ll;F()qJtRdww-Zy4-oJdVS_ik3iFWW}; z202~u%_SS<+e`w_&B1C04OUt-KqrlE&rpXVP-YvLs-#AasGja`W=?NIh27^?gM{$dZfc_N$(Q z^#&#OqbTJ|4}WyKJ>mD`E`$>@s8Wxs-UA^F5k->hem>s+?U;s>dXSyNsXDU>f%@or zJ8CjlzE6~v031Nn_lucq?Ct5Gg@BNu{gL$Bc8kae0v8lB6b90#gH7VDb+;c)0$~M9 zaE%121*uSSler=%g%}KwmmIan&ZrWQQmnOB(SZwpT3{1&S&Q&uq*3$f|5cpt+vu3O zca|z*abIlRzsi1;=;1UQ5pfhShd51SsaFjxJrNZNSR*=WK@%9lxaCQ7*6syR(N02b za~y3uqH73((1(QdrvPY69p>F!LKF*z2BdVy0E2mm;N-ZzyD&0y9kSoRy&-7J6LJQS_{G6&Xq>i`OrtA!81C z?fZSR5NWs7U1OjhSGq`QLM)7;s$e#s7lGo$g#U<{G>94+=HsLu3Sn9gjP zGb2?wYn?2GIYKwBf~Fp%WFRtH_}2J7lerCKZ(75Z2aj=7Pf^3j_R^X#0ly8PvVRm1 zKEz3f&UMh8+587Pa3RDxJVIsycPRPJVLk&zQwS?TVkdleTWBv@D^(c6qHvKw+ zKOwnG(2d%iZ%1^lNetzf>qBA^U2-F2Wk?n|rip?^ImTES!hu|N0}HCn zxE?8q*k1u3*34xuommFqLvM(J1?{cRRI&PZR#B4tsqOR3%|Ma%*|M%e(Ppn>@vhVV>`wmHHmZ>)K zg=PDG8C{bE71mZF1E6DJX9PkwP^zfvp$>CW)7i^yJByNBZq$s@cdOx>T4pq5;_MoTwvLbI|hPnLH}bb7gb<~yPS zx7ZF&HMEp@sg6#y(W&-nIMpuEspi(^ZtxomIOVs}4fR{RtT`Qux9zkqM-mT7GQu3% zdKDen-h%AL*xv;k2rXncHkA zkSy0UVP4#=x>Xlzgn2oBq6pOVw&H2b(>=(bW`0z%WGf2){6^1P50+L}fNRkuRdyM3e;5kTN33e$wtk=hD0~p2TfeV#Fl4 z_HCGF1cxx<{E5@XJ)Y`71Pj;7Ni4E(4ShO(GXeoI)M2yYdcy4^q@r7A$I zs!dU@^K@nVJIF1G{R?k_0Sw>b6n(R!P*jUT72=T@a0QYWEfZM^ie!An0XzU}r!iG1 za*RJtlXV%xGtAQ~wi0r4T9MJOH|Uxt`pe1I4NA?FQnI|rHV-IsRWlb#X0KawQEGP? zm`@!D`wDC=DlCLJu1t8B<#*(cN);Y487^j}{EjOTwO#a$xcN3>vl4{RAHd|A??iXL zwFK9dh10=SMa~>5L)dHvWV1dSEt&U;9~#HDH7yDz^XKHhj{o|be@;&RaD4oi^U3f2 z_M79sPT?QFKKaARKka|~=H%q~_%DBc^T(U3SAXLt|NKi{u5R(a{(1Zt_UdnuL{3ir z@E=j#Ye;-NFD61xaO$4}R$T-UJ3+ggm->>bm{=vHKfqQWB4P)@Tbn(2a0xp$e&xeO zrvwRs%j_kOOkuQ7Hxm~Mwpt5G<%XojG`1Olf8hXN><#({{Y$yrCyQ~#QeLhG0BOMU z?u^_6NUZ_CwJ{a=nBR$O;LB-pi&|1Ool}sToIKmdkBuLE#c0SDh^A-=gb*py^KA)X zpBm<0bfHF^)w;NpkmL=B2@k$}BpL*O|AW2OGLF|76}lzk@5bmGv6b*=yJ;g;3ITei zfs>g--K;DEE{`;&7}z|o>{+#rK)r?Z7g72HvuLLL25-7vXFLJud(c#2nX7Gc1DL+= zp>lkw^d=X%dB#iCoS3SE_ZGDuz)?&o`lkLKk_oP>nXFAgkWp&YOI3ohVMc)Rua}~j zgL}UcH&um*zI7OLp2eR=3t(L>LYbRDw5{XQeR@j8mAN)Lug&&$*_IvA-<`sH0HibHi?03;ZZR0*bUq&kO4BO%5c}Z zKAEvOMym857flNkYm*0)vWyjwy22{Fehiygi95Y3|C*EU6na?u{WA0Cgq}3gLX{~9 z%~**Ds_g7`(lzR_BIzcl;hbFzs8d`R zw-5A#P;ymaE~BIAMMn9G94p4iE4!ufFV}uK8O@Ng86+mE3Q;+NfH~Ya|1v?8vSi0K>efN+oJ360G5RX_c>9>-HF-u4Ii6Uj2-BA(kB03P7L29wWHl)%)j$ zt=1VW;)6II|KOO*9k;7K(=<;fG}GJe>iZX=5P|BXHe#@D>T;;Iu#uL~2AxrY8-T55 zEKQvfGhjox&#{cM{*SBgUz`#?WmEfKUXqrKy#@-gz~K5S*8?^@48bupdui%6AJ6{ZIPFk@|s%+92i)H=w(!&-T-mNUzr{nVK>@KcPlUSYF5gwAPh? zXe*xLQGq^7_OlI}Fx6cR7ffiu@?fO0O@qxvfuymPEX>I{02uGDb5Z=d+WIzn5R2s#dMCIoU8Pw-4wm}B z6qr?>ZODqNg5I(zxz+-Q8?%5bnG*o#XDKQ3g8Rdc^qbZ9VH#W^<#J9`ndnP#E!o71 zL!r&z#ZV1e&{~-Ab^WC!#gMLb8XP=Ud(O>~YzJ|}*hQYyq7W=>0LkVpNI==fgbSgW zz&LbrmN2EL++cB6Uf5u045jt=RjAY{g{t3l^l!sZ1m%S;O-m88*v%;qTckD5Ua&&dQJHw3X~t-z7h|%4%MO+yNR=8ZMYm#r zi>QRTm-Ou$8vGF792SCmBholWUaMwX{c@dkfmuBY>{|Fhl)qsGREl;PTe75gyPKG6 z>2*?-n1L=$;B%8FF}{$9P(s@Vy4Ye8Rc+He>N?sV)Pnq}-ZiY=1Z-3xK@oMSY-3!r zpy%Y*4FSgp!<9ylnK;K*#h;o5v7k}S$74Lzr1e3N%(}HylQ9(MMYNK?mc%94(rvD! z-q2EH8IxF<9ku_sZP0)(fl@2z^E$1}Kb5MIcNR(CZdN{{3SlH|KmwS(Y&fF*W}L^c z?pKv%b&+pyDqlKV2F*QDG#7eMTH(p*EW=#FDmx6uO|yHtQE;lG7YUeYHCBViU3c&u zn+Gb{yKPwD0)&e~&{N#gt&?|gbqOz99cTgnVQ;o*PpEA(rni0#3k1vNeq(SP8n)(s z{WBD&Fy5uA;<#k`OVK1@q*JJcNArz|L@SnDrjs?5#RlyWr&aHx3A?$0kuMDndEPeyCB#BqG|@7^PcZ!de$T(ox0-CICbQ_dxi%4+itZ z-OffvFzgp4>dS%RIrTK3;5w#G}1zi^ibGE3`}TIoi%^eL9Y@ z+KmLZs14qwR^mZv#sKGiBjSShW;D6Ir!rNL%TEiA#mP<^-8-(w5_hcfv?)cMR2Blo zs=`!tcjJhbg;>#oCt#i8bI0?us!AtV2Y=k50?`448#Aq-VoS&*BE`KRe5ECG3Pnuk zQ5pTVS>Kqm3$|uOt2#d{<1nEb`w8u6Sjb*?v+{UZSBxzOA1A0a1ztl}%T{_`Kt4lq zr+WL|v&?Trw2dk+qf%2ldNOc#@kNgL+gw>2lu4gBPNi6{ja_+la@rhOq}s+5lXpx( zxQ9*a&`W2_@I#$8#9xfQW!hbBFx)8u=A4l4RIGsGuU6 zQS<3)qvq3WpSb2zWfBb6dg=rnCy30AXsjNHHvDy&uP^819ZSR=lgRjAyM;mWF@MX8#}>Ipc84(KYV*8U-GSBz$jZVm zitMD0uJ)F%blbq|fK<7Rykx=YQ@zezQ8Y6Fv+BZ}V z0qgFo_geS`JdmCAqBfBxd=pGX^p2{g(G^KCs-_{N##&=_yLkIDUTGc>??JZA9%kLU z1`$n>;Ph2A8YSs#YZtj?n|MnHF%fE}n4%?%p_z>WFat=2K@Xd4=;p*0Rp7&IeZ@X- zZ2+x5u9Sk?5QNq&3FO%6X%q2-C%c#`u-P@+V;ZVuZ)8i|vP}T7Im`%<@;f~mKnfcHPhBH{4&SR!K|=U}_W zaCpc?9@vk%FI8AiwfJ0-%bW;lW_O1pU^P+lt8r;O8V!1w!gJ@Q%W^g zcGJX*z(cjr;Ufn@=ru%ye;Czuhc(@n+_1wab*$)GbDjUz!UY_l{~4gDa;c`|f+(IZ zGUn2-c01>D(PVXxv?BEPlHbvcVd4kPtExC+z9oOga|IM7w2k-9 z^7r6J5OeZPTzL?OB423<-DJq;q98m^vNFZ0EkGXZDKRH!hbi4@1J|$Gooj=;DraG= z^`I+p2BL^C?1C#Z!-pMxB)^Ce4JNQUo(Cen6?|mgo1@e$w39TIrf>L6GV)?c^PFW4 zz!qBUdizX^f+kD!(NUr~LB@(BMV3MpWJQxD&nxJYyn;y!)R9?>UgjU8Y!56sbYyA{ zneAB@?ZIPTmm+!-%Hji<{Pz2GH3h>4U~2FZhPpWLtbfz?7eOMItICwh^Es0er+3E8 z3tqa-D!)@x1Z64iNh-)a1OKR&Mj+-$#ULR&qlXC8M6A|Qthll%w`Nc54Xl)vUa0Hl z3TI{BEI|6r3sO+IV1=eb@^Up}Ud)=qV#g0I$#PWHWND0I_kt>fyt5P`>JVZi=R%su z)9R0=Ab?)^@6Fv<=7sWxX2lh2!Ri0uhqv({`bYIUeXDsdWR~9ZG@Qe)$gw7L;u}eX zLOQ6zk6-1wzvto=>z%hR*!=B+Rh*n5_kT)K5uE_iR|^9QYSSeI-o6@a(-m(rVRSh7-lS6j`bWdtb=@ z!l4Awa^$X4{`gyw$M6{R{HN*G8#VPQZGu2y-Z+!~ejEHr+O(=csL$e_ZNA&P6N zRE4wx%-EbP)y(a33PpNJHhb5M;cpa^Y!{65QVkW8R2|jka5VnTnvr@@Ajis*pLS)* zhc4?k2Rx=YIB4^1%c5a^G(whRspz+6^jI*=nKiemMJli#FrW$^?k4ZJjio2D%=7+5 zixSOfK@}@P=D4POR==aUhkHiMpRhJ%N@##(7-%6f`MnYI@&=W;kk!Ok7->KMwLwAf zZ9T`5B>`}&sNHXR^xb!tFNaQ(e#Z)e@bBhSMR-~PPM80^bX71waI7ZB(Asa5!BezI zSZy+W$<=Kfy!zH_&7<|l7q5uUJN<_T5d7 zZGFK4i`K}$-u<=_CAl~FaYj$M;p^w*Rjx|OYOv?lXF_{8Qfncv5K2%zxB7{f@IVu0 z+f3=Dedyib{aBQ}v~3d&X&Db=FI`hvfVvgGIjdJJD|CLy_uZYBa~o%TYS6VR6m$EK zU&*du6Z9?Q?!a#<*j;j#vb!^t(kG|Tg_tCw<~XS$kDolAl54)=8I>7kzgG|d_Bp>v zT*#^;;EF$gOpb+w9wjs<8M9gRhQn-7D+uUpABydfgPXtC=^)YN2%mSZRM)(8^|E$W z1=Ny1zIZhy-x*cLT+7JS^!W9jh9^Gc#6}(6JuCz<`n>-RXzBXfK8Igo!u7w_1*H%Ou-N#VmS`!6r_4?=M$Q9}ztk(nfAMty!GwEj-X%U4(LUcI=udG+!+ z`J?#)cZKIExe>Lw*rV`Ni3$cUw(8p{GGRjVx;_Q~OVXTN=Det?m-%JCBony_#nx1f zwR*veQ7M8lto*TiPaGNvLWI+1zk+KGnbDl@v4-=c2OH z5FxP^f+-<5ogPgglJsbLWCgK|o6FKm)K=iEI^)7~H#gptkZ*0yjbCEpb2m|^0en=K zCh7P>h__%tl$qOEgY~`OcPz(=+@F8i?nE!Kb2zOU_|8|WHL@Rg8VB^kAh?@8Bx1Ef zu;FEeIuQqtSaFX1#t`PL!KDv#R|I*U_a506f3=UdG}P*6lPTv9T>!NP_|>3_U@cwFzzu0YCqru{~dP3@vRnk1vlZ}gk{KW@;V4<)*8zKM3 zjN!q8@(;z*0a9XZ^6yU zWCA9oMEq~(m*r3B1020^U zW5NZ6LoQ=&GjjOVvCM)h3i9fFyYJioR3S2F6)=55~&d+mU| zxqmUp$_xf&ea`-5*@Ox9aFzMTk70BHiTxKId4y`e2hZgyQ9O>}!lMmto0H4y7uT0f zzsQd9(-8sGUIn?&FVc6J!e|a7t0qgjz9@_3ORfMLDqcX@deh0lz(P>Q8$r09Xzxa? zX}tK;#TB8Yp1s0U;n-6$sKv(w+YrD zo1g>1oL}ZzE1`jyvu6DBDaqNr=@Yl_lm9ekMZf{he*ZkWI^9++R%UDmoc{RUHD0qFt(W0#WiKgJAli%OW@Lq=xzg*_^p_kN zC+874E|Rs^zjyE)n5@iQaRvK%gUj){%7O89>A+4v*wyhCE%SV}K5qZ7;BVwLR}h*L zDmMrZb7iXjfaG?il}^6?k*2A9j(70fNK(=(zmW>e8^S297yG!_tPNcF&5J97C3b)N z(C#s@NLLZ%kSoB`@Dz|M>di>sPN~-Y~kwW05SDJl{F)G5*x{ov+}s z<*`n?yydRT$=h$P8=kr?k6gb6rR}NPS9Qwgy)*DY_D%;Dv!SHwNr93Oa{7?AInRK} zFXWEWBgfeYd5(rVqQZj3-obTIGa43La}p`^-}*n%WFq!yG~Q$F zj4acuB67DnhXGdT54Xp{5-Ykk#UE2~pWjoNdg}E>r8(e648dYH6CLVzurBFRE88g} zGhQf+-h(*1!qv6?u9CcVN@_NuS%&$FV;9SbND7+Sid$IE)JymL{2XnM=U;vG6_zSa zS;ALsA_SlM;>nXK`F|I0d?EdW&;+D%M6ALd!GgGi)hYSk*WbRaYhjwddI=l+T)juC z>70_6PWYW`>!ZaoSQjD}1)=jf?m%F}Tv^Uw0Y~^^X=_00J(lqR{w6 z)C94C!B&1oDxQpCAnpr zNqkXigeJEZiyN6@m>#yA!I#K8+2$tD9m)xyJ5dndvgmm{Nqp`mCtDWflO9X0fYur6;e# zg2X~AcNo*Ed6=6784G4kAVCtZ#*W0vC>n#RO*D@18@g6lA4ALCPb`Z@dp?46)N!Gnl;1!hMm9z@g;pfBgGis{1{AU0R;vA2lc2`x!_ z5KTww4oKF6$oi!4mZUw1u16}5t!GFEi0NCy+Nl<4$o1ZCO%2}34XrLIla938k`w~U zywuEdO5T_YZ{X&kS_W1kD~l>kb?2KC8w|`An?bYzOR~OA2M^m^iSd`Pd3E>&F|-oX zkUC6WpK`kmuD>*_`ciyV|6zfCk)!*-;egnN1_efvjR_sZHgG>$fp~{?vaecbswx$z zA<0J$P)MSAG$=n-+&0B<2Mjx87H&Qrx$*a@qGS!A7gv`9tqIPXJ@y3WiBHy|aETTL zw>a&~dRX5N5r3jJ`rVbMt*(8eugcm(6@6{E3t9+cR<1AK8o)W4qK)wYM)QCQ8PE>| zq_^946>+%z$TbviMQcoaudxXm0-Qd_;%zj~1s2g(r&w2ZK+!p3ZYz*Fo!A-acnAl{ zj=R;>CC>dYw3cLJk_`Gq9YnJXh+-b-E-3=tHWTqz>vL(71YhF9_N z-ID?3_OR_-G;?l;ve(pJIZ6I#vji188>;*eCt|CzplN1*himtNre%0lP%UFtQ#n{r z9#rg;>|Mjqw*4$J9hMktT^Y1WK1wq07R@MkNy*mBoDWTf*{0q`292zvaMAY9YP00k{?| zV3U=tXZVT1@eLW^PFJgqn)zmLfw>lwD`b`dwR3H&V55w@Tu1d}e8mmGl4hq&4fHb{ zBY|nME>8`y>58p{+?-Yf^&babY;|u8wG)uXlTu2S7un_mOXk)5#a5DaTXR7x^jWl! zRWjIM`Eg#Mg{#xr9HW0_`5n2V(i>yn)pi!HQ+~&l@MipUHJWd}9dtAZ=0Wbn*qd+f zFv!+IUK#~ZDA??D?{}{2tG|ZO8m1r+P!cq| z|3C+KH}x-AIi;_EzlioX+}-lAxKIWV$I#q?HfB?Gt=qh8{+QCjUt7?0^<%Rv{}Qok z2(uAMbqrMdgag&CO}Rm5wIKd%NM9qO)G+=ml4xv{8o0QlxBeKV7H(sd+8CuaMyU;< zIYz0CQEFq9+8Cu4)5a*ZF-q+KQEI5Pb;PPg4$fdG)`4pON^xqY%=1N(h%zs3#4U>m zKxx?$wkQA$VB5A3V@m+*!#25x4Pm2Y%C#E5!ydD*x&XX+%F^l&kz34glR}SnN-l_G z314%4e*h#9{EoZMR)CCEVhhExxv7$uyJekgrPwHkdvqDaAz`bs*%I24{cQZvu?!!_ zf8+F~5j6x;Tn%AZN9mdye6WY$Q|$ekOW5q!ED?FSi{WaEMlCXdJ1pA7l9osYvU_R9 zQ(kPUh%i&uo#Oc#wlEi}UUNd%Ybj{5WXkDzxYA$U49rNCfSi>Jo}*F#l(m$YZHN>F zEuweO_7L4&Wk0Du5=jw7wnAs( z79TgDZ>PE2tHvjuJ|jy}N;Q2s%%@Zc@&w*Qlakf13z9La3i9Nftax5((ItwYqq2PY zY``&$S61THlwJj8jTNbkmV#U-)({8#4J+2Q0yoUnHGHe&g?Ipt6))pQO6<`BOXP!L zQ9elM@1>Y+ia0nW^K27G>HnA?w;*17`@LO^u||09c_~I#Sx8ZOK?xdTfv2s8Y&{A| z!W7)0FYA)!x!*?#bb?FtU?4e!+5o!3hb8_>wKSDh8Ex#TS~JQ}KL(weePE zR`7LJ&5m~v?<_HMOS;|>>X_asqJJUm_L_1(^F6Nm!14l1u}OUquc@Tf^e1AqqUr>l zFoY(7Tgc#7>U&YrteyoY_GRDAS+JbuUf*dG=^P#>;y$;vVzAzCb61iGlhM~Sxn+5Z zb=_fd(oIfR2AsUAfX&ht?Led~nx+v%$KslyShep=m1+Q}uYNehe-xVjCBI8pj4Y~Y z?mLJ(FTCE?Fzj+VrvmtU<@W^)aGGhh;@8J4dQ@wp%r=K86&+LF7>`cx173C-yl3Ss z4sGm6&eA3idq-2D$k&-jZpljqLi;aK_*l-;!<3O5i;(>b6d{u{zn=Xml^|Qu#enSy zk5@(qIGgwraH&HTnQol6UoFM`q!5!*u?hFazC{iAmTe#qFnY-5g@*1|2r%-(?^@V+ z_w~!~RLE}Rh}CDTNX`E^M5U+`2p8%NH(psycd8h?qh8HX;u^}(j;@I}0i8dbd9 z1fXUaE<@U{t~#uXT+UIeNLfn69g~u$Op%H|)tk^uGUwTcnBB3G*e72}Y>>Wq1PWt= zLBcOv43efR9>|aWC|G1f9WX6d_5Rgfs=I1rDxn#>{5DD}GtV{^vupFCgP|W#L;C7C z{JGjZBo}GFqhPGz(A0>WU60W6`(D}$TCjT>e`lNL-O5a@dQ5hgc!zj#bxHn+r1q~R zAw_}W=S#7oJid%<`^9$Ao!G%#Rdk3Ulk4l(;7KX-a7kX1_-^=bl~IaJVgIv= zjBZeI2In2Z^HdLksRn+Wc_J9BPOJ1A3^tlEawa?73 zu7(&6oOkSvWd*ZqGfVI{s+34L4Fw3nUH~gseT}7XjqN`=5O(4RhH_NLEo@icJVE`e z!?|^NZs%t2!Qj3cRL`$|WxJlA^?(iV6WLrdv)ESbGzC}d{+nVPP>{;m@R}W z?Q~>Qh5e8bm3D??Pwkj3b=XonLGMCG2KuEp1KsA92j(*>?|fh`c5k+MIFH;<*Ud3M zX!iJkoN+fB+)FbiQ+zuIJh)ta`Qd@gZ$JNQW`!T7D#@<3NQPE`3TJdjW@^VLbwp)l zA1W7nK-g_u-gR`g^#CMFZ;o|O-gE@ngI>ni9^gvGHsoT)Z0DGH4Piw#bDSe64!Mir zzKx)H;2Rm+URlh;a+ilB0mLN$L}w=t0n_y6ByZ;#M^Nm@L=I*bN06-y0fTaiqZwUX zZb3L}I3n}lV95k=nWh8tOY6*0zjQOa{J{`o`XEEbQT^qqRzCsP0Z-?9kzK3+W4z}B?JIA9(i zriochg$&@n)%m-)x+IBYkU2~!!_=NI0p*aSCG9~Q)r@9p`u2!Ox&wrH{FX|ue%QZ58} zZ2t6E-<2EThxfLY=@OC~s@YT>YgX-s2qSYUtYL1#-g8xKk*k)=!sS1(#CWIH`mX)n zn_|{H0`414$?@(Q{)4f@nm!Pa(K)DzGrVA zRmBVF-^tfh1=!#ln$rau8IG^7zJ7C}cM4dKE?>4i(5|$FA9%ZeT4QSp2Hn0}Z$7{@ z93XSk-d~~8R2?_xRU5DZg99u!jrMLSHBpeh__j)%5>-)k4)}rGNUYh+j zp?fyl{!FtRAQ)(H_V3vYGu!i&WIShNp3wz_H05ZJ(~RjNW3pJmUh2pr^YdUW#bZ&; z?&WXLMa(jq z-}*18NR3B7kQ6tP=1Sj*wx>G`_8KTnDpJ*`&2U2++SVerhfA(9MinC~daLj709SI- znYGRjek#O|(6S_;LU3hQ0zD;Q+XxVyNpY`W8w!#MnvyFiR;*aEQdQ0m)LZFVivcto z?tqEtD09K>qHh|Er~{I!oZ){d5UpXFu0w`)tF))=j%9k!Pgmj}Jj>`*$i*4UC*NJ8 z3jYI}ooR|^f5P*1*1L{}*lzF5k-)*(*NJ<>pH1rr?vmT*Vhv#FQ#66 znq|AM{XUDbY} zuczb(EqC6$zD9}B1~Aou(x-;Jhpe@nn2duIiLyK6)I{FeD1@6VX}<7>VNfDPmT6hI zT&J|C&1r??iv^QDl{xHm2rN;NslgJo9^K9B>$VW>xx>REYQm%kZK}}?Q!1|RhklpO zAz`A*Itu}sMhneYv46n%ud4hzCCe+AUhAp}11A<#E|}lr^ss?nH+94pmft#Pz*ii? z_{Z(lc@WI-IK1!yGaZi;-ciV}8MIMvZAAQz7|t%3;PH6ihl;0(hUnZCPdug+Sxbrl z@2;PPd^}8|83a?Y3;=kVlGu8@5D@{e%$CwE^X5il8`;jkHrv^%G7vGIe|w%2K|bN@ zC6m`BFZ?M}?qRT&%UZxjDntPp;7nR3yTc9W+s%l?s~>(ceF~AqY_%>nr{s^Ka*jexxBi&mQxI$Y{O*ZEJnII7{SaU5K+HQ)jXSVMc~Nx$!+|(cQ}PWY0)nHdpgaTkg8DfT_K`)%&o3Gy@89a1YFqU)r*&ZdgU7}%~Q3cx9n8Eu&z2ngiM*7x_SzJsHvcMDEFx@ zQ4_4cb@}p_S50o&<~nfq2JT&J{nyvrVXgkb>-K@J+8wUhNX8$&UO(om^#QUcBIhmc zvK)RYQ>_tX z{5Rdr>+2_MUVrUVnuMZ zANhu}5~?uWkuAgGDQR%{Bh`A?XDf2ZAVj4sS)I#L5v;H1Q$nF|qh!h-1Z{3&xY0Gc zG`Z(c>B2Rxp6a#r8!p4g*nfm4V3q6nQ+3&P{yicVxZ{sKe^3Q2%GTa#-YswR!byfj z9cM88sd>#_Ic`iaNwQKE+n4$~Td@q{LkQ24tV{u&hUK;_D3qy?VnrHNPERo_tfTe_ zS8C0Y3C+_9PE_-9>z8V%6*Av32;A&A z)J<7N6f`4wxtigIuHGkWkt)oxMQN)lbh+ZWUW$z=%zDzX#n2jJQ&YH#THg>7h7b8- zP4!_5jP+feR%BTh%{PQ5MU4Z)NSUWhW>Dc2JKV(&j7$R}{EX>m*G%f}vvf*K#&X6A zRuQi-o~p-s#@EddqpuBY{!0SKhd1~@XfZ}?FmfGqu#ghW_u3e2L6B1R)#eeva2Uq1Wl^Dmx#cK-C~)2Cm2M$R8@*mWyaLFH%Xdw;7v zxKE`0suJZSy`Q2uS1Kk=&J;*?>q;)12qPDE{&sgh{o;4iC$_Xo*E6uW>b*8igk(bL zul(5FVUH%0$)no9@mx!>?0vy?FE|rdB7K8Y;m3@t;?J!= zyynIRv(8FMvqry>Juig>yr=q`D-$)Zc)lnzD&3bJ5kzNrUZ?Bp`^rYbXc`kULw8S* zO0s0DDmX)|S$=VK`TghDjh|a`K;3_19#YQqp=b`6hGGsfL49#|YYEQY^5|^3TSgj4 zogi>CG_Aiumr;M?s!rMOg5lSCMQ(1&DM7=7vUt*<_ef9>#UkhbsAyM}D>7QJE#sM% zG-Pg33r{Q9PsyOPe3?7+FlVMule1^4R^N71*{YlUs6)EgvdF-$^{jy2yp4Lhm}^i? zw6%!8dv$$7?5DegK%936RH0r1Jz~3 z4Y*BE+M1HfoV=hbmc5`ocxQ)P06o)cq9->dYSlF8^JY86(ki3@ z^;z&zbf_14KvHCQ3AoP^p1YE~Ze5!p0n_e^#mWcr;pc`tHoV~~*iqtG#< zb}1hoOzQ%?^%ZNfnIHDB=#w_NiUVsfGqN!N^I`f(z1M>jQAfrjgpnv}(!O+$$S zc`0tsJpHP%XMD=(m(K<%<m>L z>+9#hbA(q~HAx-garV(iK1mgv)3q^(1t!Qo<~WWKXWhYt(r5dXxr>!GI(7|6GM96A za{)hBrFoAFywT~ek;j=IXIciSOsQGsc3pP~ht=y)K|tq1QdJ-hx|Z3sC?jirPtvZk`AWcga**dB84aJN*JX8$TJf)eBkV3@7sOwpaZPhGS)6r|*x-Wcvx zjvwk;olx)xEsLd){2$&#faWy1ZxH1Qb$aIPczQ_11fw|6oY62yH&qnM5e6F|x{Mp! z?~wISC3Of0i1nUFV`Et(B3U0Sj&-Lf*67H}5u|j#`HPK9eVAaI=y03(h}4*P)KE0) zgJQQ9Ly!wCszp1iXR~I_Li1lUDw*_$Hh)bOPf!p}sMcU;j`d%HQ?VZs9G3xC-e0Mtzcl)H*HqGj!R}hY87O4VWKl_#K%0A`L)>Nr` zA>%7>-n5bK@eWRyHA2=>lXnMfUrDwrDAzZqYP@(nZM=B)o4@hm>HXFNT|A{?GPG+y z5ZAF?8MzL&k?V|Hr)xx?Jl6@!h9I}zh+CHX6H~giuw`u*CMT0B+XMWo+`y>8M83q9pSF~)Y1tsya!=+gBe}a zAsuuy#6S7)6WcCMoJe6_1w_8y z3%!O8a-?0?RE5{Z5`lk6#4X;>7SsOo)jTPu!HvBvyrGEbYJ&~5^?ju@?TuAV- z#*OAr_46cI3ZaY_2Cd9T%6hIuP7;x2+z)w!1p(0Ak1y^yk}3dez-a1sY}{A9GR|cn znOgU_mrNIzj1)Dkx(={e-xPomb{`-_^xXCHlg7v{&BKIRx0&$+*s!7*tGadBj||+X zd*#f=5m{tnMl-v0ZQnv^J!@JNOyE~bidlLhm9WzrC@-FJBTgKLbNB$gsB$Xoc$jk5} zORAPD;a5;6TwR1_^t$91)8xZ41Z!3jN@1sh~guvLqVa0pE#0h(!^#=%T4?0|_ z8(7tVF~4IFh;H+hH3y^%%5!BUA&B68Ur6eSy|Jw-4gsu^rPBs4Jf8mg`TI}=DszTI1y^9=b60^&`jvMC?&(R1`K+t649Dd z`5#XXGLed{DcEcVA()wW2uzcfjf;E6Ao?ny1;c#8;pe2n?9}7?UxBLWvEzeY_!YK} zA>LF6-709tq-4rvKx8`=_m-7f{HqiM10q|ob2fYya~04k=g2&`V|t2`HJj1n z=myjEZK3~*>lc@oBx72$Ql}>9Se+6Yw)o$(EF)B5PPa;g3>V+1HMqaf$v-Y8|NkHV zX8v(L`Q49y`*olCWm~jAAf^t#H4^s(iMwrkQS_x)UkH+^GArsl60V5Wk_zU>Sc51{ zYB!bHL|OyFJ0nl^enx zxwr4(pm%IhQH7AhbGcL4hmeLZt(r)>dWbk;?>ZSwy3XX0AwwYXD8LVc100D2JOt)5 z66kY(Jm5iqk+I;MAG1ruwg&*{jD_eNIOp*&oezT#ycMyJH2% zp#?u2Uhs!wC5J%`-WfM|WKaKI>}eMq;o(Ta|I)lE>Jun?g&!s|YN`s8;S^<>DhH5 z%Vf*p{o(?OtPP11j0o%*qa6cnjCLHuiJUe@JC4zgTWySX^bU1oPwh5FJG$)?<4tkV zj;vo6CvgIw32g+SZ_YE|V198gj=PN_U!aX5-^f#)Hi~?s$hXx-k#qTmcXpBDMBejmg09fX9AoBLa~8JK^w&0ihK zRP!<`n0`oG-wuH*{!U?x>K*V%jCm5OsDSVzCAR%bvUva8 z?^<1p^rrS~hl-tDHJ>Jhq`87%`x?DfkGNS}tfRLgx2Z-zZa_IS?@aZN6Jv;D>MLH? zPgWtsYj2HC1BcqtSsS_BS-$g-H4@d%r4g@0YU>{kt!xN^Gq0+^mzaWp?N=~X#a7U> zLExs7hF`3pv~tg>xG^==>~j#faPjtKpX=KjSJN)+*V`RaKDwICCG{B3Y>^C%fI1~q zvp9?gqB*ez*Kvh$GA%fk>GpUz0+3`(9Oqx1o36gZO00L25p8J5g ziCN2+f~mKnfT#DK9PC>3)R@RTy`^*Hoxs$b+US@q77~i9Ddvh?=33k^a{%@2@gqpy zs$;pxCy;~YmpSp<4f;5(`Wx=dxu5b+d7~TH1#+|Gwu4xAA7eDr5+(ww#nXZ<0(PGj zlM6=Hn$P)0^&#_A_krV|RMWnjSQ6?VTnN4>(;-y718{9Y(>5C0wv!XvwoYiJ96%RWc)UB#pz@xixkXR!WBV3&LkGsacV%5orsUI#6#gxr51X$K zZu2FvxddDtx+?J=f9{ya39$RAm_D!ZHb^JaAI*q0zqw9*p{Q1`ELK%Uq&+j@Vorm) zcgVC)r~Cb^EJ7UdJkYY@$tk%?jp_11?flFHp5le@|8e_zu6XSv#7YuVDxs@0v+UQT2G4& zx+ep*!Lx(f-zww92PlZe$W|4`JkG4e|A`BX0y4PPIbWG&^E$RA#m5b)$i5*jLuAc0 zVK&Xe9lef7YT+8IDH4i2`OI@nHv;M03oYlh3j}LK;=;PdbOsYV6aamuVl@g5YHAee zuhw!RnQ6$X=-vBwMlKozD;n5Lat4rxG1XGvmZ6ym25yDhL`!xEuxo80ZTP#>yZt_s zH&5oOiy_Sw8?G(8-65K-K6U(hN`t7ZN@R^-tmu7(7j>9ooNL@>hQ;0a8is$Z2z+b^ zMOTPUWL?x?+-jpvPy>>9-qxtu382RVnHi=rZGZ^Y!!H|l&3vuO7dqqk+AWu*wS-rU0wh{VoR z7Ea!a+z=ei7<&X1e_9*W%>zQOPQgWc1_!XUJwPR7XROU01cyOzYrr}CNzSFyT& zc32zCji98v&$W$j04$ibhF3w(r|+i!H()Yf$@_qpcb}h8SiPR^L!B4|d7Fi3)Dg~d z#!m>$q#Gz^H+u=+yAHaGlUjP8j}v3V2h`hk9|^B~9t+pbUFiFETTU8Z?lw>gpjgx$ zG)Cfff&6l2*af0*LX77Q62lkHd)kxpiZAI*o7ZhTMVfMkGT;uQ!xv3P*p~{8FYL#f zGk7>*v~|W};*LVc7Y|3kfdv_vX*Uq|YN06GTYX0mgF|q}LY|5I{6H$5Zr|sVP`-dN z!WrlqZ1EES>FFn?Zd)db z3*jh1opoqCx=ckv$Zlk??G;EqI%YoxxWro~PjqW9ps=VBkI2AbtSC1O|5+9=SxN+4 z(x|B2;lVKB!4+^+(jdbpq!$xJ59eoz$yHz$Gh?tE5YiQB^5boPSg?_h-@AluP+wSW z4|U7|OwMJq_i{weRMm{1{r-#>x*`0G$X#>yp)}mrY_P#Jo9>rnUwe06smX{KNzbm^ znCkOd{QUBqTT0AZ4J%krC@>XP#!0J>gKF)SME<$lsFw4Tr!l!qoHRYN9Uz;mi8*lxay(+wujd7B zm@~~Lb8c_BHMT3cyy1}c@il4nEgb_H&j^YcVL`ZW(=(Duz%C8e&dD!nC zGhY3Ic%nDN_r{=YJx2z(kGW^yc^)}3QDfoo_m&c*I#Z)^oUrDx@6g(2=_smmSK}7e zohmb0lSX8})yM7%hrdx&i7IMe&UN)Cr$*nzb37gtRmhSG{s1U!^+>TML$P|h#9anH zpd4cs1I<&o@DZ^1N*n*i!f6x!WfVj=wIN9>G0p%b!%#OsHzI-sg$m?Y@y86ud9(th z*EHkq>0aaRO4V0p+cMWbW;E1GqATH-r9fa_(%lKquH5B|XY&|RSa+=084LiDV}`@7 z+YdT`tv2E8m+)@qlHIjGDX_yYJ%~|yS&$R>Qm3?2qeN{WpWh z$OdQa1R^i+L0Fkmt@v=&>hmnmo_hNqzsNX0m9+i4A?>p?C-&qyaKMs1ko7&9vA46^ zsHO5dtmWNaa-}l$EH`e=^rbTOY8YM9O3NA?#ILl^FU@dt6|qm%#4 z)?2S&m|djd!e0^MZn_MGaby@^S91suAN-72xe(#N^IsyweE_jY9{)Ilbyrw?1Ol55 zu@B+_z+e!{ItBt2U=ml;dR-(4YaQTK>flt1Y=w{PxxunmigW-a9+T$5{!B^CaWU}sxphDmpLL!n98p}cw)aq0kD4f1OR9?&z#0n{;M#Dwa$R*i`{njBD z)?lMBc12G-EtD_-9T9`z6O+r$%DD#E3@o(4m8WDFq88i>D6v`R3*+Ww%)Z8w@qtqH z!b(9!r$^OI{+iZ9MM3%I z5aaNx7*y-=dGA!Z-dxtL8~Pskrq3j2XG77X>VOddalF$cz39Y8%wZHrPV-<4L@FB$ z{5YK_n${MjU_-%+f^m8Qkbxg^q57=J->}!bet=H52V7eEyEiFD4;X_w@GKa`1Ka>S zS{M{GBYhV&PHt#dC$0JA8 zD!2D3GGT*CEYi7R!BHde9r5CV$4+fU2MoKuAG}Udx<>^J{}fUBXuPgyyzbTNiqft= zny*O>|SW1OuirICM1LZ zS1_%Eg9cZz9Kb6bbpu1oQYxJ6OUgzPmb?x`zfl{YSB6NiuR-K zKMG;yyazSkjkW)ST)w$_Roij@$FCtHl(F-J#k|@~lz3b6`lAcPy1)}c49D=O19H0@ zt6G_>89z@8KcmCs1jmJ^pBGMRJug@3XLp(@JsY6`}P0D zF2y<2&58;&8umwqQiU-P+;M%;z6YG3%I&v3jfpaI5}PqvWVa6hfS6(?i-7@9f+N`Y zB)!V@&su%~-^Qd3STs_HZ zmsD$4fj$+p;ck)wF$L!Vi__m6qdhEX1W`+%h)kdvaUiJvr1-hrllFuWw4gX3EQxc0zktm~#U z`z{&}@R>s4^pJj7FL4GKi=G|Ri{5JgzwT1`A9hMWUcW)f(SoRLRz_*T|LZM5xVccm z!0M_OCx1bJ9V*E}>*5clmv%^vj;-B}$IziI~oV^_a>oW(fF>zz;GN;n^!K#%gt(wkwO47Vho;Bpp=E%lVKYr)6qwdlRf z^yE(o_pwLEP{xoTeQ8%u`5WwHD32tAdbJ67rxd$Q?U`LP78Cim)`VyGx)9pK8+oUQ zt z?!Z?a>BbK!N$0_ZR7$cMgCVGM4>7nRfyQo`n{II~OXBrW3WJjLFksszTyP+5nXrBL zKQsu9fBoB?mJZilOdW{z8v)Z(n5P|#L!>NmF$*%?$@R;^t)VUnGX!4BnI_EoHs{Tf zzEMjfpqeD0_j}EPSGGP6YgnI8VtQgB)mnX4N_d8H)|>8=&a3_$x-`pA{E&}Itw+jAC-*=Zdo2}5$uFo~D8op<}<-KT3{T&c%nKgINHk%IMVcZ*g zj$Alh56tM$3Yr*nvGcxsM+Fk@i4N45QWuRhEjgNr5jl6=9Tis0gxXU>m{u+~w62B& zi?#GGmgy7WRco2i+93JX5N44@{N#GH0O&c@a!A{V>d96E@V>2ug1LodWs4Mv#UM5I z>S`tz`O1c26isUJ7RA5h5EAyF3m!4Ff|6!faKp1Kd9c32Z4otruMo8mGXZ9yz^HMz zg+#-i5j>@Bh()W)Oz8ffR{~eluunV*`e>;NlBEOc@({02<|Zw&dW$$f~NGN21waVLopI zlxW`;-qkc@;ELBJQO3L>S&b1SZS_c=K< zwT!Bg4)z0&jWVLykC2RuW{B)G=`v9a-kPP(?306JsH2yeW*5fI@vnQh6f?cmMwnBQ z=h9{sT!(D5hx)+^uk1^aqdU?2oBG%KYsoXr&h<|XCLlr!rs1cpQ zz)n}zqCHwNn`u0%#XJjpgfdewZsgGu?mB1?ru`Zn0yQ!jQ=ZqZp$ILB0&W za@(ugWTmd0Gnn%tFtpQ4M=i6{Ktpx)GP9(^ZQNZ>3f!elP4cd>XM9qG^@z|gLAuiUG&Dmnaf{SXR~MX^@{cPa!0sbBp`R8mPwQS~PQBiOWR;S|ze+^) zGEDN+#A4k6vzCd46f!~)js|gA%=4>2_Jum`%3F%^9|Zek{DA!2uee@;fK}!&3Ej3g z`c%p_ph!NU%_? z?D^s-l96lWAwWEp)FHW$F4ConB)j^k5i3+H8S988A8}%^Au3fTc;(;@76_{*Y{;xa zpL1w2NrPDt?p8p6HaDNOLF#-;6f>WGavBmTb{MS-g%*(YxU9c)^_#P2h6ZD$8e82KHmctbq}& zYrG=e{?=q=BtU{v;uzd4yg*eF6HLrnIcv(JPg{nE!|F0}!6!pu3)ZX1kafw2ohp1J zhuDPnvllu;0aidrRt(3&R(?Td{XIz_x!QLq024aFt=;#AV~(q%jAovp1pRN}0#Ja! zG09bcASr-D^W`;70)@H`*bjoIQxA-?5XjA{v*Bw9Rs>Wv_G-)q#L~fdffjS^$EC9B zG2R*99ej8T`Ug$th)-I#2ntUi{NrSox;EmR=Rbck5X^b!1@-bshr6!IgoPgtK1Vo{ zHgNuT3zJ6KiB1DWhjV1wWtd!pv`R%m?rE;cpe8M9>kaEEAxr9YnP)v@AN%fi!6Fo!jjlrn(^K9D(%ir2nY8c>B~rrY;@Dn)rPblq>{M#~_b zVS?Lt)k0NK$pcoF*CDul+{I{hInP~Kf5+3nRnp0=nMW0Z(4KO>E3_iD-Q^YbHoAj? zJjZDR;K4quB4*T6kvhMmjyOTp=2}F1WD&~XFr;IyTWL85>Hyvl0tk~T98QefFm**Y zR|VsL;sBz#JG+0bl4$PF()s2$zO#pdKLTeD_?LP*C4`?i1#rqu3J`aV3J?)^KW{yq zeN3z4om_DSFin_(L&Xmz*A1)Tbk0PDh+W+4xGZ>8ATsK3y@GstKY23SLZ z)f=9b@Q_x)2@KtJ$pImWSxKB0PrpiID$X5sKz;V%sDiM-S7eWp;;iM;UfJPpO1 z0WhAG0C|1!VOQzseg)S4cRk=`A)e(UP}7BzOG|e2gO26(evDdiHMZY18Af+oc%{fj zrY;%vNtNlDJE~~LQ}>NVqOKU;PK5t<=Pu5ON|MiYtQcQhyMEvB*Qnm--RlTOHep`S zLme0bs6Ufoc}@f!D)@lTXQ*C zXHgU)a2z5fV{N9z$0DNj@~CxNA@wKm;+W~; zJNO4k;F}EMpHQ%s!udb6Fsl3mYcBP4E0z!>^w+cJYpvl6S7y5j&X@AqENQhlzS3%| zm+T12qxnIlu8c`Y+S9^EuHHRcTEpPjvEzkINtrjCMMM6@jv)M(I}7Y~0AZslh55sE z!$7u~oa2H~8lR?ZN&C3F$sQQ;#Ba~eZLDZ6fIq`k2WN?3-6E7Q0+ z`WNT(<*Hc0P(C|1cZOJn0c~wYz~*$A&g8H+s7G32tAd1Yx1;CUAwRq>HmOxRtqo|_@UI4}#sfv;Z zZ&jWo1Xon-_q*R8>UQKw<`ScVYTmQ4f@(b5f@(OMg=7gGkN*^_00lJymqP_L+n);m z#y;d+aww#AJ5EXXb5BBUB}e;u{URCwL!i+kee^cP@9|H7Qg4)NJL))N9 zIO5gfMcIB0zjYsJ=XF6EK^E2M*1S;F$^b>Qr-7NouQPMD22#XI&_^(fLfu*xD&4{S zNuL+`RO>93_a=$yMO-

svMM$rRJW;L$hOAjE?$K>xlE7cvkX)`)h;S`p`ko6m5^ zy1{Xj5?~AoHH1$`hK&;PJ)ze%(E?r$)U8xWNB7QJ?9E*1grfs#a7%U_6?gL-j`>oYLgTbt;559D(qvkmIugK&Kte)E)8bGb7LckqEg;NG2Da<>kb zdwP2lMODir=Zi;G8~Dl8{%#0Sy&U+WPtfyyr{9%o-VOVvln*}@&!1|3|9RE7{#WNy zNU;fWn1o*jZ!Z^1w4eYYd}xSpsVgDOcW97+eIF*!IM5+I9~?u7*0dtO!g52+`};V-L}x^lws}ay^npZc?H0w!dcTr!;=v@y zdhtV~e>6$hnXnlBwXhh*e9{3_>{;Y5fv2s(RvTO$yiYa8)v4(x)r7>W{VP+~Kf|(_ zOAX-#sO^__C70|-&{CWf!1O?4s&-f3zL11K{A4IVHe9lD;aRKP?61hNh}-YGdb{fQ z29+_4suEB!b=-aG_<2md|CPk19~9-JQORJ#(g8-~y`@b5nfDt6|FZz_nn$(WmC{^C z|L??){qMy8F^pkSMZu$i&iE0|MwMio|J7Wh>k{D z8MXh^x}6cMc(I{CE}%X9wNb&vQ&yS*ZLDVJEG^D;Gt+76&0_=S6I=&&4YY*u%vD{4 z7|sYVlI^W4*4K|>10R;gc*LU7h)Sj%lEyG1kE}}w_WMylVq=qOpN7;&4J(aj1&01- z#7=2=E0d*R0R{X26kk7@|FDFtwO!PI{ydMdb;UdCO0``7J3yb$SL^5Lego+k+AEfR z#Q41gl;kk;GUtvov_$%Yo!#9vzAm_1<4pZDB%V;e*QICOzcP!E)X8SGZ!$~SsEXQ; zep815Z%M%1N;|y};7|WPCZR}T4=`kf(IS|)6RDe1gYV5uNE9un1Lz53I$4~>d6@fa zbou2u93g4XT!+PNwX|gU)J?bl+t{FRX76Tv$m8d@cA+J|@gRf#eOYdLBAf@tB0HU9 zoy|9U@H%<~%K#eLHs7LbMSsGuLI~ax2|n2z*Z8XoEHODn3a8?^I%(zpnHSBfOBzfH zS_v(*DecoSjSN{7e{@Y-MQQ+PR5LK<5DT!k2VB(>FW%bObV{yrA;vJTpVC!?^uZx= zB8#0aR7(V9H6^74c^)EKgoQBo!TLs*l_+W=R_T?)B87 z3U`81K-Pmq4s{Aekp$Nkao|#36BdN#%M_X#1Ar_(YxPy`UbH}F}B+sT|kX1c@>x(83SF>J; zd5vgqLQ&N{Qg=7tJ_^j{{1*9X_th6o1&shtc%(XP7K2S}d4ZZ~K%+n1LI@%?9VY34 zZJ#Cp92xZiJ%yDCJOEW&8iXC5IDlK5Y)|ZR59G*k(hkZ?jO99{k$u17$t&XsI>4so zKEZV0$rRB#RQK^Rqjsq{!~KvV)Q=GpA--d24X0$Em5wAx%A)ly}@{n85`lG9)Wz=a`wzk*$-4$EDoP4tKhStAkn#1B07oJM_fiX1(8 zXy-9P+$K7oYq#jRV@)x|V=Ju)mZTUa5?$f4s!^~r48m#_3cEQCghmX^E9T4R3Jlx^3IlC47YL zHt_ZZNa_t@F;zymej1=gaL4+ml5b5@{t<)qq@Lup zyJbyJKL~@UvDlLguY-?+kv&reuktosOZy4zJERV8Y8N3yM}b25#@2|>D!CsH0iB`H zxD3A=<%N2*x(D zP-?%hjho1vIxY_E+ zr3vyKmj)lo_TSjXB}rm^PV?^kr0T8%DX+FH^rfwcKK?|Pof&%CY}xF%S950oifMH{ z7$t=~WvfE7Z5>f9hoHnDNsVdX`Z|_+Wr}I*Ic@%AsNWh#M<@~XR?U=&tX1wR3CW7c z^Br(|WJ=Vir9F=9-L=YsXBu~S{ki!f)b@d%Yz6<15K%Uwy`yx8*GugcBk+nmJExS~eh6Iu) zFZh`?_C4RxPnIZ}`-bY;>E4QE<#pRM*W5C|XQHP~;VcRm&bV@opoF{oe$VBneg1Gj zrX5UUw5VnO9S6OkwQ&y-w5I~5RX<@kvx(f1&}%h|MgmT3P&g&RSvdbC&t7FVcQcx` z+4k$1x;Cj<+r3&6@w{BI5MDxp%S_o});t!~Ja=W!%@!wwqZwmq8b-Veqp2{yW|ir# zX-SR1za}{WO2E|@&2q1pNii`#BWmG*Lt0kYP%Y~ZHmQ4)HTve8-?I&jzKAlrc{f_O zd!&2~l6U99|M{q9AQYnjsDNrLtWrDOM(__+fX;hzfZX}ncqtZS&9iTX;rIlJ= zU955flP}*!U%`K&Dy^_;H#`qbstOJnD=N$aw3eeh*CnR1C?bg z_;n_19N4yoQ)0hlLS}ZK6MJ7f3e=T*tCN$GnVGron7@wiwrh}c+Hj=?>r$noMvjSM z%fY>HzeI!#0rk*+8Y?vZ;^Ufv=Q-TsWph3g>Lw2@PeK|2N4lRRZYl@HIhHI}VE_*R z!y1uBT16-}v4bgr?1aYjoXVMy}nlvmW)GARf0=5S)#mQw{E(Lc4 zHvgM|yzao^iHjuqz!#c~P@<4QnDPRN!akJ)a?-*kx2`gBA+*MmTKm&c` zn%^?w`H2m|1J`De#;pW=gJ2sn63K@a^mVN8D~iEJh7KY?UHK z&p--kQ4WwVYdDm{8%Fv=ax7?-g ztA!9f_bq;8jeud=UPjx9IF6%rdBvPWP0S=tfmG<#3Z4l47ESLxF+Y%QL?OF`o56iNYn+JWCeezj zci?j72ZV|;0{Xgw2Ew-#;5w|CP<1)Kcat31b&FA3>#`3Rr$3@mJk^{}6#mTLglj*t zlwTTpQLpIlSpk|=B*QZMOH>H@AD^g*dBidfzDi3=@5zOhh_b-5BK|^6YW-<@Zf9jw zlD|7w%DwZ)Q=Zs?%UlZT=eR6B$P|};0ffc@TWZ}w2# z+mO_D6BBeq^6pkc?$WFtVgArRoMvYe%Gm*G@yhDSj({UYorwxR4BpN(iC!CC2GB}$ zc#0DT{OF87lBE()Rz4h4&`c)Sn&pnkjtzMnzR3nN4m8ozqzA!u z*m42{1H(}bMVQ$Fz}=}CrhMV$yZ-IpqBe?P&P?vjNrP|RSOKQBX#x9 z^p5X3G+Sp=mp371a``}Pn!{f&ub~#3PmeFd*dI5;i41c5Eq>miV=ugjtPgd?wV@q&N;bUm;oRSkD)K`-~)%=lc5^9SB}V@ z%&AKBo`5q4izCUPV(?KGB%E$;d zmehJKsF8U8MJ*22)by&*Hx5vESz1d0e}7%WI$& zNx}|*{+qQgibPsKYV93_o5O;%cH8_ZDzAnQE4FGG(zWcz(J{`QM#zu6!yue)s78EvqY>v5_Y3O@lTWePCKA#WEb+yhDJ_QzI1i}qlpeMd5d^JirpaM zHB^#`uemQ8mcZsuz)kZo%Q6Bhl(K+o74#HfjJtS7xiGA&IMP3p3)9yVA!(1o++l%Y zy()cqXT{3M>&_Y!-xrD+T0yU)UkDd{%ToY{K}^7a{;@2#iy)QP$TK_|#V=AU$FrkdWCi54GK4#m1XOvz8HU(nBS!JO`Y76@bvbjlKfe+74nuCUAL&)#+hXiI zj9l^C_}v5IW6lmHe-|FjTO3b9kh+7`ZU?E97*$k;#dqMkk7dCO?KX`j;DjS^=XK&y1#Thb?OV#U43hAKR{UBIT2wMFMG!Tv>KiRdSBxU! zOof@)SbjWNB!yAvw!;g_Ue~FaCaJz^e!wBQA=#2}c`RVWTv!DF&K=@jCL>Lt%8m$` zwXI-6YM7sUNA3xeW^9hrhhpL^@@E;$%+e-vH>%;3LG)&&lP=wdX9yX&7LsjP(8^u1 zW5b787;S0c>fE0%th==<+fQ}@L1Q*fI|;b7NtCvA1W`)w&1(AHbi9aJV<@D8r7Dto z%aKAN(LbQ%#E@U)d#@<_6@;PQCV81UTv+bmI6KJb?lK^Wx{H`Ic)~!*Z)e9Q0(Tqh zPulM?_n0Nuh)XmquO){ru4oqeE8Vz0ZCTjoo>WUjwaK%J1=lk2f}=hXe4&Wtyxj>} z$pXQ`YnwC<4EQ^_eERoDjem=$9aqVlOq^e&)Fu?Z^*|T5rnuLZA_mLK@3SxIhz2(K%+jJv~8x?9%$gt6}+~hp*--2t~hvS3-P@a*6Z=y533Jb zjJVjp>MlH>8Q>+&sGY!?OSXo;+>6a_mb*U=<^0mqEx0Aq@**3?8**y8ynw01nM&Sv zpva+62)3xdVRWsQUh6j2%j4?ejWsRJk7+C#`5F0#pKYEWfb9G@0ys+xTlPjL1z)SG zBUnY28IB+VFw%eMxR>j)dOv$J;=5d>uQ`^Ca|h3H6-%i}t^5=JY0)aq-)YT)PnuK4 z!ld(h2@%~S-HIPdI89R<70sev;*o$!`Wo>a{FY&9PY(@TeN2V5lb=zmXO>Rm$4va7lhI#HnEs8k{nWD$&L3>5(`dC3sHC;l7*_s z?g^VeCP1+;{D6Cr%7HM<)#Y@nOl@zwFtp2HV=8ex<<>5(Tyn87XP2{RKIHbo@RwwQq_Vi!Qf%0d7^5=D4-lH*Z7hK52039JQF7a`Qh7 z)?k?DMcmE3unnzZCoRT|`$@*`R(;tiNxM;B!a=+q#yoBOe_sCSF=`}kkwTzS_l~|9 z@R!Wq=*G_8@Z)Sr^uL?C6T)8??E08Rg*?yR5b&(d-fZ2!n7cnm|5!!Kjk2@gZ2dE0 z?TGzP_fJD=%TH~)c9-uZtU-6W35XC=O8~NhShh0nAA?riDui}HsMs~g*?>A`y!GU2 z6L2RBV4aW?&#v7W8sV;S=jhvV+@#;wLirzmACkz8Fkq~ImC9(;uF&U>$vP4AGC`qF zwo$g;!Y*pJo!ILjrizJ{N_3qB*L8?!0gK0YeF$r7wie!TxeJSw;`Ji-7BDD@Is#OU zS)w8yZ*u{w5yDBV8$vdP0WCK*jLaO-$HigJCzEW*T zS)YF_6!rIH=d3z>0?!j``$lUZHGiXF~nSR9qB{TQbDu(^`Z>);T#93#~3(z z3sGOKu7|)>y-qO2WQn~REAV%R$)Sc0{RQ?!NuTe8qH)2P8~Zlw{XT(A(s>h|xJva> zT=dafupS&@x*dV+W`w$vA&1B8YgR+6HeZ}ZX}g9P^>O)Q?*F?;GGZ= zcjC3L^5~3PqH@VTw7#k!SSdBn->hPY8U{EDSd-yE2jrO0I>uU!LmDa#m<70cb~bzy z$7UxHE2HrZGS$I9qA*4T>$-Gg-myuxJlsk`ugx`)O?AQq3@iG;1 zg*pB{M=v5$yVoG`S|?n#wAw_5GyKri)&2ZGJmS z1vf|u{<|Q9Y69dJ%0L?y3$dyy%Hli(I3jmSE)~U2jsQ{uq=+2vc-}cfe4o3i?y{n5 z4pgEHpE)^K4nyTR$Fs2qAcNOocG_>>EL;IGlGdip{tWyCGFEm zw;-A9A}>CS)%LMGM8GDsdsWw@U~p8oWko)M+kHtE(T4N-JU!UyeGHO93P=Ngt?5}2nlRe{n8%KVLiO4nWOjIbVB zQu_IX`hfNcx|!$q7v)~9djaLzJa+L}Mr0EB{l2s7@Qv;V$Bl$x17RX@i-4lrSn=VJ zEOY+M10~E2&+Ar)K&U-5j^*tGl630P?Dz`#?P9?o(SBwBS*5L%05q_)Io}tc%(nMC z$uSI*an{HR$KINNptVnTU};o`_T9}#LIV*;OmVmX7aas9dkW5L8TGeSec?CC- z>CCX?J=2_b6e}U=efrI&^h_auQshV~N0Q)UPkueq78 z1)GCAqzPn2xt8w%EMixl(TFzQt(M)!fv|<}ZH#^*9gGSN{F`OS1#L$rDZ)J#qk$ z^|n`OBOJ^K395A*QrtuL+7p_bMy;?YkEzo0Jd$o(K21pn5n%%!&SezLqu1j&K#KV# zea#O=*~6Dn%<4nO-17ifeVt`8c$3Q=_t8s8`LP9_phZCrCgc*IY$KTHyh7rKP#0OS zpcb>H>oKeG-qf2RQ=4j_a0wJv@EWd(ADYm!dKh3Onc(#-KWOq0OQw;Bh~ho0)oN8` zOYw3;)}G7B8&@J-7~jw|ys3VbjfcBpl>GyvHS`hK-UHn@;F?pdrhFpXeByOWvXIA> z4=ItcC;M#v@9)FyF7ft_RJLOG>UD|ro*5TZa-KvzSlyxLzst|N=aH#6a*bdxFvv=V zuw33=gWMl27hs2WkMOIls7*eEoxNH?ETjJqZ}${rS+fO-x@_CF%`V%vZM&+=wv8^^ zwr$%syR1|D-*?B|2XP+H!&Nh#-xF`K!K!h$}-R#3j{|Pynk^?4g5&7EBo6lKQEpW}QW1MysPw3mvEIkfiNe zHDJZo9D)GZ;oSBqA{lJP=aU>aereE&7rVuordzFx2Eb`#9H0uQt6-FK5J{)>einV|UgIeu3Rcn*- z(6pzYH|@avOm}bVA#knf1-4l=+q47P<<6R|C{iK|kjDjeYL_*NXkhXo5CEPyX)6%-X z>Aen^a07v{g&8&iTJ$bwC5(a#qVqSoVlkj(?S%9ux+X6>?9x{s-;(%!n-tMcJ7(Yn zxtv`Xs@!0B>j@Y6yt}Nvo5}*tuvvK$=g zGC6BZ)&r_rX_X9-@d5}KtpN-uO{i;~W#S0Z!y6mf?}tyF#r!6p3Itl=GPjET2L(AB zn1MTD69ZBmo~)?m5?8MMfKY4j5~KJ4%XN%G>IAmsQ`P|nkNX2F$|bF_${a$v10_9R zscvyTN9CLBS)w@>aFt>63=#4LmfS=kT+mv}b`G&X&dJ)mh`UYv%sjW1s*GCxKnK`d z9*NOrBJ}Q2@EV`(dOOG8OjXFr%l=(bOsXWrhQ0#i+JRws zriSsB6qvp7!dH1JaO#wvkPO{*tI*y@7o-`H&T zfhgfjWjsA z^r9do)9~jfK-`8FjNAjCu8fW$NSzJfwbbOVzR1LFZG-4!z&oigK9dww#l(fAs3VFz3 zl4oJFyx&PdZ09zr7@M*D)@KY;`Sc_bEh_7N*0?`{BO~{F*Vb5LBLlynuc_*jFwzHR zkZ$7)Si0oYVXCBbBIs?7hI!A=Jh786_wTjJL39X`nuqYouV8@S_7^{L-9fac+#U{x zX0%jHcEF1%DD37StBA(pMLCSBJqmgzTAC(PMKj-J$acqlvgY?l^s3PY!5;{kB0eOGWX;$RaQQNzKN($kyr+{kp{&-;( zq|L!v%yM~IH7nvlVi?NiQIBZmn0GfoTL$z~v`B3!Bo2+h4J_uLKTqSXQ~?WD%2bt& z^+M94zI@$*i*ZrG2{-K6ENGH=(4^pQ&NNAz&x`659yCe6&?IeR>f{~0ej?n4$g4Z#rtN+PM+C=oVq=06=F}b&58t zf3GmgJN&QEYxiO7vZVQKM_)!2CF=~~?2kyaBgeBoL>Yv=3a>qI7lB5dSQrIliphE3 zr{V^8cJ<6`7?a0yjJb!F8Y=0tl@A?G^qa4@d?W)|JB^-#Dzn56MfFQva?I4Pb5v8} z1Xj~1j-yB_2m&pHegyh37dZnGN-Yx*gChI-YjV^bAu9j1U9P8vFHtH1`|EsrC+R72 z1X+;O&(M_A^n8&=2NKAj2W&hI8=S$EMgM%{2lSozwWB-JE;@N+a`}B$`o-nJ_OIxw)6p}kZiNmTvdAZ)-SVhX3SK_h=sxdEpeI4GR z1vjxIj8Ws0!@t%)qzmGVaUIokn!hTN_f%XE$*RRiBGD8*gn+mL#m$ zf~rLH0t$^W%|I$OXU6?rj9C}_*$A;pj}d7e`B{rIgL93;Q&51a34$yPsmAn;eBu%y z(t1>=H@SWZ575bnCy=TyDUy)9&5>#fm?xpuet-PE@fC@zI%a|3c>aQQe;S&~r{&5jHg;O)Xt5YpYlxxx_MZGzdhC`yjy*MH|(njfstz%mioDuSv zNK`V@-LKKyJ2u7YJEe9{%Z(lo`LxMgS@za$%pUfPUR_p_e3zVp7pd5`dr%F_dbW}h z?tW(PHFp@Zd|oOe&qyWz(D5m}N>sbOOrP`hYImGLKsURSBN$Ycg%JS4qQX3hW0t;L zA0Vnaw71)V@V@O{wJ*=1S=ibAm70S6UY4Igq9rRmEmTy73y92BzX+Qk{dDnnE3?Pi zUG?~obZvH(jktl5H4M3iU^;&ku!%{Cm%8F{*6~e+H{&9}PeYEJST36{^_F_jlb^X^7=lOu1 zNm_4jCXCyvY|)f~mf#y%BNm7&pW0rZK#T)qfIZ zP{hdS92Qa4(SxqQIHnpG6=n*}hGJlr@0a%ELzpz6=*{a^ZjWVD z!rRgJAx0%$Wkr3Jxus9W8YlP6Imc+4tQlWE39`&dSLdwd^a66egeqlvpKN$pZaw)i=C~>~@Hq6yJxz z+AyAN+Jdzh1Csh-aAoSb(|05fS0#FdZv!KH@d@qx>FVfg{dnW#a-+12lfCrQG_xz2 zV5Co`q!LtzdL%d$_9Z99Q~;s*Mz*IZ`AEt0V6{468*Mu!fsD40Un3YQL(A!PO)@_} zAZeUeX_IDOEbMUW9kf_KO$@UyTMnYMJm2o)Ys>9P^R=O1Gg-fGcBy-SOCzwrXbG<5 zU;X{g6{pxfX}z#aeI$O5>A7SvGL}uOddP-X82_n)?|I}}=&U&bv-%dCHt(Pm@Z1kwT7&oGi!(u2J&VbfR^TTZP2 zDt#(}8g%@pS1U*#yC(C1wbg*Dbnu_)BI?ny-$O%ywS6`VGq#zs&%A3DLSB$AdbZ@i$GIpVO_)Trc|M@m9Ms#PDNmq>ORp=9_P8vact5Y_Je4WH%ApNF-; z$1Vf7I}mq6F!4tTWV^kK;{aX|y&L`5i97C@Ir z5|ByF^VjrK5Rp?aaO`y;HeG`8M0Y0%u|e(5Zwn5XHS<_lYjeltqK&YLde>sQ(>~AS z8cK@S0oq9O2mTz9r%2HuCHM?2T%mpj^UEzUjJtI%S^}PP;Yhtf6IhHj4ibi4KKViu zK~IwiK9pv!a;MQvH? zkuFsrE{+!X$j_b4W^=+Zt`}j72UwN6PWw>Y4e zI;o1R+6NOA)n{Av%Of!_vPf$B)b9o5=m*++PbIv=cepfu%Uzg1@4f*ecr)5oF?S4d zdcej5JoE5ii^<#7OK6zm7^K=?nNMsZ8fsZ@HyN6XA*qF~11jO4-dw#9=)Uxxm>p)G z18_GNj^TL1*FvG=%GI8LJZ>d|%0l3n?4IUixpk{Np1E%5#!oeJ+e$D`I*qngmzwh!uKJ($ zXj44$I9mvcz1pnhD*>T8du1f~9afTKir6h#ND@u9<`&92#aVP(KaG<-ttc#4$S?}a zDM-2rD|;lz2g=eEz(e%q4x*vFZt=eONks8WX1T2##4%lrL)vGHUdwC`Pl38)>3Ck| z!*O|>D>+d^>G^k_?1!sMMWf-uc#SQ5#t0_{KbnT4ZJW3IQy`gwGzLgeh^DCm9-$F` z=UWswK#;U9C>jW=+K_g$>1JqCPjwSSAby#HI0LUUUeHwpRL0%pLR6gqsD?rphpq0) zroc4ko}9|bJ<~gBskrga29#xzi6=e(#v(@l>WV9)}9IjYWZ%0UA1y&K(*7ZADbS^%I%hPv**-e z;wP0{HJy~z1SqNQLrr|vaae?_74_Md8U)o*U=uPcUP5)e1Ke`V?7?uWscXz$gIe%C zaV>5WTWt}^#$#4`NR7PaIY){UG7zKI8#p+ZRLB0;jaxtHo@2^ww|<+eiU{m>IEU+5 zIVQRidI~cRF-F>Zw-cR?BQ=n$>JwXE4xFayEa4S&-dXABLJujyedhXSCrUVZ2mI!> zI_U*C2$|Xn86E7Qqnd4%8bfVTy=e@#q^(?4q?f1ElBcEJy9Fz)$9k$%oRaC{!O7{G zx7y7UhvnVP<$#w|5BmL5Iov5l*NnzRF|*Orz=6dJrruFAIQPMO=}qJMvF^;gz8g;) zu}Az~wWLo+QQeeNu||ffv~~;W!h?JqRjPbk)By^8y{y>Z;PQb}0isGQzt%Q_vR1z+ zh|FngjTEbpI`}2IY^UFDBEDyRQ?8Slk1&e?rcHbdlm!>ZBrT}*UJSih3uR}uI!Xm0 zs6|P_MCIogNELr`9{nnRSrU*t`ZL)>)-W>n)X7R%Fq0d6x8Epn&~E(sybxe3qc==D)V@u^ zrJJy*I`W5uy>#mYl51htY4SEAEC!-GjP_kMs8VaiUg)y2+xyvbL<1TN63nBt9?6YO{Zb?J54rW+((t|2CV@3^7ZA*87gYqvnIDC~y3YS~Hgua91I3`r85Ictjah9q3##zbu{@X} zIFTWu5Tf5Au@O5mMnxGHCa~cg;Q*ZLvjWiBZ*pFd#)|w2p0+1hnSv-u)+qjHM?l zUs-rv<#W50KE0Z;=DAszgd=w0#XYwv^;4cer-KXJ+Q5hKaKGmvasE>CQ;OUoWEuum(P#<2$0Pq zQ@cD=SoG77J1vX+aUA1rn4m@RMgmVRm#`}WGGHw(`i9F0k^pBDt0vdys5QDg{fw*n zU2))%c;_`-do3f?0tQP3Q-sVF2-#pJ1X%xp$rdYOm=RLy@>B_9RP@Cvg@6((mHDJB ztT5lWr7_t(c26c(TBYe?_jOcCq!IDFj+<(k5iou!VGMe;3)M7TxxAt%iZHas*G^a$ zrm}4Q=x+8|)tdFQcZLP?_d$gg|NYzZ&olhDBN(3Qo$lZ7IN3#IS2HS-^)$=}wu#I^ z&~Mpo8px+-zXV8SdVV@)`tv9GMqZf5n0RFEbIO1*@Q;_4cL;?D_S0#~b?o11V*9^2 zRPil?5^^iJLl)U{F6=Xe?)IrlG5i?!*#wGG4kNm*?jh0M3%KP9Ca#kyh?kI3OPR)G zLBlAGf89eiW1Fl<%XraOsFIUGDNbxvcIgj1GX+E+A4aq|zb7VHIlk7~>Ujb!v?mPv zywC`8lOH=uDS_B{I_1nCsn!H@v+X&jprot-)+w|NEb6aXs*<^u2EgXYoz08ZVf#vr zYoHIYFN+_UFNBoI5Iot@}OvR=we^k3)psSAopNDVdmr&By zT7b&2Lm#(H522~w5S45h*N^#T3M~Zl+PZN4gQm8=#wV5oGk|WV%SL_2dXe6i5yAX- zi|1i4Al<&B%pPI(u>QugZ+I# zfC?}V%BjI=6W*w4>{zN+vg|SpgG-`2JS_vTiknAvP&PIc8iIe^Hc-vK+;-C>BX257-t&5!^y)%I7T}(CYzMk-(dMJ$mf$o!ZgW)&>93*{1->VR>Mm zX^T>%{foKi=J@|Sy3fgx=9db5TYHrX|6)A_?UEx6`LWwm=JMeJKT-QPv62YQ;rR%3 z`vuhT-Yr6^!VXDdl=qI)Y&!!Lq3)iQjS zp!=bb&QL#o-`#)QzwIv#y>sA`?0E8GN(5Mq+gSE~mb~2tKxSUQs*wI0@et!;;DkDar>+^OuXR^Nw^c(r)G6N1xm z_(fLB1e=rqqhVJ&m<-4HB(sxjdi(HWkLMkKJONx{%7(^R3L1~Ms#HbH|L?5Z&ir4j zn}tx64+r=2;LpkTTTMa1pY4%d_fKAV4vtJ5y~5* zc!y#|Gqtm>D!>;g>X0wADMc970rn_VUfLy|;#DRHh?0dzj#C>7DU7Pyyw`d4wuL5o#{3*Px@cF#SqaW=9Jc|YQ+11s_S-)8Eo3NCXJULG+-Gs}_NI!lb7^N&`% zbpJ)UoBix6#g#!5{PIWHH1lp<|CWvLJO0OVYoTT^RvH+*XP=I_LD?*d@@+&slQ|D= zcZ^<#m1YdI+^N zrYtVAw&K0#`@`nHAYyjf?s^B~i0BZa=cVG?Fba-#1^$GWnSZPh5975m!*j`l&)E(sD^Mv#rS0VZm+&S# zqJ17qo~7(tRNl=mcWK7{m++pD^5=ufF)3_01{cKa`e{Q$$<#e%gQ6W#jiUMnrh~Zj zQyO>QC)u7OSL`BQ;+*EcY&Y|%7_UI8vCtrh4h?-<26kD^pI_{ORxkjj8+>10iZP zxs`Nu+vka@Q^Tk7j((O119MPxOUbH@A6pEWt88vH{1x_D|3Buo!tOg5l}*J8DO<4c z3PNrirkM)!!)j9XwxSHFHnR2mjop)I!yjY6f1XMO$B6kP_ZSVRiYTBWpAD!c2hEi{ zE{gw`^@M%4n+*5^^zW11ptpR_n}g=wn6j@%&R50@{iIj5Sp_KYXN&+98zq*4YKy3=L(?ai|8s_{2RAIc zn3L?R(jTYbm{{3Z*(aD^3S_?*&kuaI{ABZ9HREjzro@WD@Jom`ESqGRA-THqO26 z-8hJ%vTSQ*aKdX=S0>});&ny%Dh?HPOazk!OBgqyyRr>t+S#{Rn@Z~dzm;pDy>y?} z%#j6?!aaiSnE5ZguHY7D=V-HvZUqSx&)gp`q?oZ5XvOlEkX;m}(055Zw@G7&b(U_% zEQVCYJDjR3lnqLTr^^eBX1t?(>_PWJ zy;92R2R`xz%TF?1+*&g@aX3`N9`ggPX8%XHoe@0iF9e}tXPh-ye?r>HLXcfHiKsoP z>ahAKJ+oWm`#SOGi-~!`IgUXH-7M9NPtW@qNHNM#_OTC95`hFq1b3ZH*u6@_cg)eQ zLU33#!J;fLyQXmNt@i~-O1apNAT(iHSyB7$&@}hs=_l2aM0BsmhmjqjarF1=Q+v!6 z%r(3-&F`zEZM(`b{>T;fLU|R@Wgv3)7WKm7#L9f=j5&EcR3?w70RCOd12O`L3aa}~ zCRHq+xoJW{zeDzAq3%Hz;LO;nM5|xB5(;a)8EDOVI$=DX7niqP_tu5hi`TFgM{8-T z**lmHEy7#N;8@{a&o8W_x{F4^1Zok_XcQvvY$^|eu_7)4DcVW}?unK*L?RXv(xk?t z5B5|{b{Sm2dz_x5Od8xqV8n_!0e6iwQAj|4VKRQ91;lmQ7sV6*OKwZ+kuluO8~o1FBBAbda;P;L1rN+BM5L`bh4UhGA)>U{eN;>KlA@C zw`Y*d)|!WdOpoS2ZEpLmZ4tTXFef=kF}E{nOGr&P3VIL-k48B1ap*x}0(cWcJ-68ut?<+?0n7`{7#U9x@*;*s}@a>V+5<(EJ zyiS-Vp%(scmI_mKl|Aoc?lMv8Ek19=&80Yw1|*SRu%B;RA0mMvhR6SaZ5wH7Uw3h4 zBfj>w;c5)puzpyBj`IZ=nG9BG*g8Y6hh2#_uxaW_IKf3D;i+u8TEQ!dE9zBFC4mJ< z^S;Ps(q7i!1^_>GVS%~P00J2-G)8lwoYjz|m=RV|U9}vZeoa@6%+sBwJ zw9?jVUR-JM!RaiwnO)_j(W0U|RCk+3`GqzCX=HR(;FU8%T#UmDZ)6VHE7i#Ppl>>x zLW63%Zo#>9Fzg2_WSi&k^rka!#si<=rkGuy42CD^;thB>`HoC6luYqZw{7icFwgcf z_DVQWfKL^um_)4?sE1Ahm`PU>lMO>Use?=ZRULtlR&Z@IU~3b2YVC_bLkZIs>VP%x zbZrGR#PLjny%uDS4@7`YbOq-dRMXjqkg@vBs&`OWFJvKV5CI}D7 zGzMv?hnP`%sGy|}&OE7PVqflhGiM8@DZ3HrZ3it{ynL*x$UcUDF`pbt?nsP&8>xn5 z(X_504q{W(&6PiC%?FKYpd_Y-$qyz?03)Abj|z+|l7HnO0e{F(K5fn`&P?Pr2o)ZQ zB8KaeAT6-OW|Ek2DU%Iz@q=qMY#G&4H`Pc{oSO!qDZWud&feQ0e&Z0|d1XVhgnY_K*K>j`e%r7wF zdH|cv(@zRWCGeSqW}99qjdl~u1J9Tf!t7^{`GD%Dfd(u~CmRR&g40t+z=y4`3Nt;8 zvYC=PrcwxJqCy2Mwx$i8?t45ugZWyysqD9)Y7EmLjafQ5RgXm!JR`EQ1|fzrr1#wG z-YeSz)ECufX3f%~@<-K}1340|grKUGT&5V&O0p*$?3)e6gY!uO`e^FW{$tn>-M*pb)cr=}5f*$!fjbAv+YaH& zQw12@Y$bWKh~{PEUQqD^dpJ{R$TWR)&TyLH|DUJ~6_47xTS$0={{c;TM3ad)&P=C64 zi>b$Bi71Q_W2XW^`IU|NR85|;Y%K9j3Q!mNzEOKL4hD%)VkeGtDc@Kt@(>JprDd(- zC%KzOWG745x(^ATl-^SL=rJq1;(DvGT6^7}o5NFTr#DTGg`qs#?TPqQ)Y!hQ*OLa` zz93q~Tg;;v$@iD}EL5#@rw+&B42joVGgzOoh(U{Jl z3g`-P#wDa>z~OHpMdBh(@t`8m63upV(Tr!oN3q-=i~WzT{x{41=jZiK@qgsD*YH1J z`+Wq%V*7_*KZH)%|Kql={>`ty%zj8V{_Ku5z|fD+=KBfwS!nk|xO46{knMgRs~P`M z-T%`YJVu!Ds*g3_2SwEIyLLSkr~x z=XQ<=9VjuUEPOXPnGkE(gbna0CBz_-ga*d|`;GmRi2``UzIngy9^e-e>0@Jk-MK#B z<^JG*a|Gglx!)g+fj`I2$jQdU`o5fG*3_Jw@XaN{^VKr-Fn+(;e*klSQzDIyjivta zD0u|vtBKC6*=xjl@|9tC{0*LpchYG*E^G-1^*)pW)zuezS3y7#fht+0WIDL81CgT% z{)|_w`Q)r8?Gl6mGI@@zOq8QkB%(?i&Xyqbp-8AgJ5t)Eh2R^OY!RjE@>Pa=?6Z7% zsIV~536G_9sL+KA)x@CNY=0Vv8)(dKz5_|%PAM7OP)@)SeXq&V>*eVMBe$FGmpAzD) zM9qRF_CdMiY^-pk$yq2R(}YqeaCIyl6}@F3Xm23do4@^_O=f)_rh!roHazs$&XX@Q zQJY_tJtT8Ko=={=OCB900NhoobmgZ!d~wiU0vS8RY1=#1x-0>w#Ei6_=Fl2B+6DuP+8Mj$@K-x|GU?_WJM^5B{JAKX&E3cto40H``upd3u|{?hK)r@4b0awD}mNmyZ!pH^ZLdZ0LP zc%KrDz()f)TS?EK#cCn61CjQQ`I~z7w=z4DwP+=g6q>IKi$W6vh{O z1e1h37?+HBvx=jqau0|aM_lDb2b<5IYQ}9KepPOV&F-iH!yu7a#;U(0du>9>@1cQ^ z<%BjiLs74aHsct%4=FrGU#{2EaFD4n;~u)0eRLwzLhy?EgFV@+xp9A6h_QESu!=MZ zIe4a(Vzc8=t*esGGne+z6))~~=}ACl;K#F60+>49;~nkVMsFp3r`;0U?4Nf*Ch1Dn zgVq^!16Xr2u!2s{nqv-$flygN@DoNx3zJ;R z4OPDve0A-cVpKokrhaXQa$2~@pGS}+!2(s?!p4^(kPuQDNXUa#%J}a7hAG z(Qz)IGh@}!Wra@C_DC@Ft(dan>5V~xY;)`e7LoL~5{pPoT6{KW$4TE1OfjuAMuXti zvy4y&)Rr?SI|!%I1oKdo%a2QB!-SE(J?$5vA1XOlp11?Gf_81Au;=l1v~SP*!!NV@ zO$4+u1epb3h}BCkPaQi?2U-sF31%O-Uh5og-3M$oJ;AhUkFkgi>Nmm+WMV7?1S;-om2$@Zmu6D|7$Rv8bZk-(R#FsPQZ)Y( zATeNft@hI2?H4gw%rLEF;7j2$2t1rdqAK!+6%gs0lBN>oZkLzU{A7C<*>2jO>5Tj+ zc;LD08;Hkq7m@rd;(fMgM0vfD7Cw0vHbE4BPxk72+B>mL%R{F-@ zwpit#fxhMOhfb-&Z&MuLB!7POVJh=OKg%ExU_!RAuse*N zJBtBGzY+_y$7Sn~0S*s#G&KWr#U}@)Ke${`&L^+g0tBVfmmJc0dV|5}{la0`CK;if3eBb*i(N3mXc5c>bMG=M8STSz^Fx+#o zMz<89gSrN){}%c>uyZ%2{OR*F8^ps?{z8lrHLHZ!wkbI5~s*mK^ zSzXdU>}qCLD+1a6hC`mrk2{F6PE;lo)q=5F_3BPOfiYbw?j;G;hh-v9Wx4{bVCW_q zs7)Z{G)nVpZu$ulO;8*VO4Ur#w9TkNPi$#O$#13b!xm4m=S=xALc6VWRbcH(vgEC| z(>%=m7kidr7!p*3j_R=ScIVIXlG61+{`^Fp=s{=$@L3wzxB_%}px%p(e%dSS-1bh0 zK~AVvzgR7s$&~n4vZNc1qc;3pX(8>46<903%-;;N0_;;#a@d=HN)`4te+?4MnuMsu zB^H)5ZJI{6C|BjZZDurPB|7X!5FmYs!5|X0)-ozj!@%hQEdu~*3dCvSU*J#)v;Y3< za-|-ow3sH7B9&l1#sX0v&L4t{vvLGtBi=0Ps+GxB;>OruEodW(yvpRY<;$B+=!{5~ zMc3<@U)KpaCQ?D!H583B>M$<2uwFUjp&+__9an_MTJ;z>hM|6S6^Rv{bvth{6w8^B z^U}LDTHnmdCmLv_^)7_=i4msLya1jiJ9m&Fr;rNySfF9r4>(8W;md!vRWXbWOIm#& zHthig2<37IDAyTAdnw@Suy0LE$7~CAB;Si@bP{($P6vj0HpO`IQ9 z{e%HcdJ`pA&9eJ5=Ns~GXTAM1_ye&!@Nl6?3+m+SvHy!-e^78U{iD8be(-j^*~imh z=8yJX`S*$++x=gmn|D#{ij+lNM_-2J#j7mgT(9V~<45y>#2EzrYR~=f=Ki_iL4>*p7didnip}E?{gQjeTXIz0p~^rFeJ+Jaux(WOE0tbW5wk zT^dvbf|V)8DDFU9GB7jh18zUVkyX-k>Kdg?DaH4L6GpYd^K$%NStQFE*W#T1pV@pEl2f$_ahL z9|WX`489ertuF3iAv(E8q*ArzMdIRr3#1wYW+|xkzhBRGz9Z1IrgXdrE%Ou{f*UN6 znfq1WqWl)kc^6><+_+&#Z$7baFC#NWw46C)#*P~uY!{+xOmS7d-qSqfr*8Naa^{S& zgA1#zku)E)l-{a=2m0HRKVG?br1$dibm!oUUyb)u96JV~Vaudy6~g>J(M5s8ZJgAnPFL|$_Hs`dU6aSS z(_(1PID@}GJLYw5wq)i&bI@NIb5@8;pX&a=_KCeh%NSJ48SqDzM7 z=Q;f~jY#6>XsrI;d|>h7QpwTQ^NH1l`-l^;CFkRgcfA{S)olXDZ};q_w)%ZfpKyY+ z+V_d%r>j3jH|9%#436SQY*KxF)IcmVuL^rm)i3Tv1MaRwYA}a4f_yf?V zY9UO;C}XN8*JtyU!)jqsvyOr&8~XwTX#oWYu$3m-|KR$%J;D7R%#)@|th8LwlT4l8 z(H1!{iU%YsJqg>w`uhqX<7_qGFe;^Ds0USzc}O=VDZw6^3(v@;Jfz?&f;etU*a6>OfLuFccH;}7h33tz(aKHc)X z*m<(#tB6SfEZ=GM?Q}(y^O#5x8sxQMNU&1wMQJly7aYbRgn2UbbG)xZPWtL|bO~xg z*-tHuF@qb(pQ52fSgMPzZ#<@Q`gIf3WcE$-Faq+wtu|r3`Db8H+|m23nPH9=-KA?55KD@LGxS`L3>N$Nx1tz3gA%p5{_lb0 z{s@|h%ZO6;D0wgnyET)!g=iJ$I!V-}8yYP^Tl`vq5zjuiLLn zp_1$d{szLYHp0bmU$}QhQ`e?s89qU>KU0v347U(`C|UUPV`5ofaKv>4q38&vZ4W0I z7j^^&Pk2#jND4QDa-(f_58c#`*GEu;gyA_iPSf`kHNR`MG8-zOK zO+AL7{<=~R*vSvMfOmu562c+{Z;H=`%Z(PnURGRZ!X>cSjH`-n9e40A-2XK3w5cq% zGO!XJ!cjx@K-c=$Nf(TnxI@mGJ`7#hhy_I$Qj#@9zo9^Kuc21*6wvnu+GsnP@V63D z9q19tJk)QK59vB11aBqe@QjBfIxY29Et?YV-<3(i(rTnKV-^Pp9X#WJM>H1(RHqIz z->`K2)d44u4w)SQX0``{>!j(Pyc0uE%x{rvpCHur`-0yO>SUd@Wi4t3Mu;~IfPh9J^D}$QtFzq zOrO`uQsTr$G*V6ZUSyR@joJ%^NBMfwU*z*o#yxIDnCS-==(qfzp(ni3>u*2eogMS` zmwREyjX>81i)_M9f5k=?LF$2TFe`8Kf26S9+7XZkVrK39)KY$5)7apte~5tGarJQ_ zp5PMPtqw>L^DKy}wkZOB#<34;m`L?5#;swl-ojjA#$~=br_Zo|(k!klwm5itlvxT| z2_i8xl^WC_D7NoTRzfYicf9uOMDn{#KO?lT+3Pf<-83QZ5Aj*^vEr zEA`Egl{mXY?3z`43)-Bfc_npp#46o{rMOt`0;a>&1x6$2 z`MJyO$8)htyVp?(?FJWxEQ^<#y-4L_(fj%M^dY>-(EgUr+aD~1j$?Lj{kMugbujYr7&yWfI*JsCHT=zHmdui6IP6r99XX)oZQD@DphoOrR zpyOhQdN^91&dRqD-G6IDsA@t45}~QA?c{s`Pf6yt7|%7-%LdVa9L>HH4JZyvuk*$t zeFF6>&ZAarNjPoCQ(b-j(u>O@8`KeK@$6BWX2r$9GnM-3gQ7rkwH2d463iG;*kyzw zF-MUAm%T%g5JPmfC#*;dvb7RpPSy34fq-4VL_r?ysCeTV<%kreAbXBmkQF4#X>t1T z^OckcM@hbBf9iyN3r&t-fZ-Ir77g*2%5=4sdj*4qG^)asN^8WEG7+j_5QO~t`Kn1p zDfQHwXYZNWdHYQtTphynJKf=tSy@t630*`xxw!H1TDpu&sxNkj&*Q$E_;J;4rD4HS z%~UvNhg2gy;cxQpE2oy@oJw*nZP0We!fYebJJgOY)Mq!UUO1>x0zL$QV=~3O^0zYP zr?s;oI-AeTQ1p;vd!xL#W;&ssR#}ZLWAyeec7QP@L{ipyx-n?)p~%|KYWonGUEHoQ zEQ!d0@KMG}=@MY#pkFrkIi3F(}7hn-SO2X8nG+@}S^pEuCyJ z>|#z(F_Y3#xgp%bF~2i7nr@wiC>A)k6LFgi7{u}4gyfR5g%7zxM77)n6fV0u7hxqT z$yt{0ERFB?MQC4}UR=i~1CwKaR4ym4Ldnd)%q(u$Nyd(ChXA}q-|l#kd=pw3J@ zYzBCFL0Xtph1ty45=VOCpKLQFc4ca=>@1r-<2Clg4}?mTu!Z`Th@D<;8uoMuC{_I1 z2<7{dx9YhAEDJKe)(&~>Zna*tQ7sA$1hoz{FW+&ZtzQ&eadNsdBFBe=|9$KH_WXyJ zZ!PDy#^>*i7fzdxPTP+xcAu1~ou9NDIbLj^mS0H-s&5%Jx^pxn)}L+%bJ?;PSNRPY zS)b2Vp&_^nOZAe&Y8B<3HU0pVwl?K${{w?Se7_pevcPIRL1ea?p(B{-EaR)AuF?&) zY&Wg+cffyB@~oO9V6ub%l8XLPTv(y^ryDFzGrl@)3D6fygwgWIp;je(0v>6!8LbRR{Q(|Te#T1ifx-A-?eB2iTskpM%0k}K=|?t5@A0FqTC2$rP8 znH2L!EC~eha&g~q@9$PwW?}l2uR>tQ+VR>mKm4xIuVrN+oM5!nq20J#XcrOLsI3lF z&9(C_bZPM=*O;*H((30dp$>kukGuP`-r`?Bn5LOrA{BQUNXSH7`Ta({ z+=c~adO(QqdaXch4`CQ^LGDD9C>1Ku!M`ko5FLuC|qi*C(q=n?7(+N7H&(lh;WXXRH0_C-R{LMGa zQSmcrEaU?m>`BQWlaKa!w>rjj1Mc*sWcpCmPIm8|frYQT4SQsfhud7rK-1WIUIP~f zopUi$@VEkIT38%7V~K{nx9Euj-9qv-C3oO$xBc9*0mt!(qFynjbvqJi{R)H5uD3Eh zhpK^|!CcNtz;VpRwT=Rfc{-H6yg( z-yvU|kXtU&38{Gc*GDUgCLQ$sm^Hix`MEZBm@i*(je83KI7t6_Bz4&8=}|KpMj4E& z4i>tji!S>+#>H7b4JOd7B-T%B(cf5|5I8Y)XUUwziN~j_5$J-e2`b5HJq~gN%>0@z zSc|iU0Q#aR3>w8w5NmNkQuxXY%ql9TkG3!ND@IFJhRa-iMHNp_V?`y+p|C$}N`sU! zH{Ugj7$wKPa;<$F>ies=54jmGs8aW`jIRb-OD(S)TM!wC9wP!Sp~k{&2|G6wbo{mU z^f5|Q?nT;Oq;)@gk=FaIClYCuGKOiGYJVZF5I{56l&YtUZ&FDAJb%r%D&=POt zEsOIhpjJt=d12F)uybjg#vnq zVNWay)*D5?VZZY*~@>8nL(6u6TsTecd`*>Y4;_kg;Ts7EqePOiYaXjik{E@uCVA8;qo(Eb&Un3&jLv zbW9SjXOf*QTmtB#h6Rq(?~!YUSjCA-?IWY3;{XY6Uq-i?~qo;QvC1nOSb zgG{VX_3PC3oJNOj_71kdvv;sPZ2k5Qw%%_&kz3!z^jy-ChLhgLd5lQ>wr`XJENRZP zbr{j2V8TP-po8rF)!TXp2K|H@?N+H2fy)T2uXp6(Xzj_PB zAek$OY5kF<43!nmxp)iJ`d^V3gQE^kZa5RtIW-0vT!-Y;)GyAiZn>hAAJ>7!ZIg~= zXyg*!>c99OPD5cdy9leyV83wJqIYxHpEi8@dSjgk9AY$enA!Hb|RLFn0fjbDlGW z-jX=7dV6i1D@}_&;({j1OWTuv)G>~0D8I9*pr4+Qgq3=XUo*lHvG>jnJbUl#-u=;d z_TJgOcXsR9duM}F-Lt37XYZYDKEE;E6z83#qmlujGQG86oT6tVDK9%R5yM*FXnq$( zj%G{`RAH@i8D}~0@L%Nzp-FR$8mJ7h*VAr?2_>Pr)5f8rmnk%RXn{g$mq#;R;f!mj!K!hZ05Jj>@R5%=*dzpr=}#mYNY zhL9u4=6b)k=&^Ue_hGqLQfZ%I`gj~~aOPEHSb>Yzum{cEiPpEKz(Rtf*b!Z_>I|IN z5jGO9QNJ&_9>P&;wCsUZx`)3#Caw~EZ2(wFOZ;%>Qnyf)8ZJA)>iRq}mHH>M2UUul z%U-naMSIU0?nOI1dr+l4sM6-M2UXgGDs?}5k+v6UT{HS`Aky}rN}-AFxz3*J^sM2Y z>%j9_gDQb9;qyaPdf2f38^J1}$LzO+t26@OCqUmh(=?@;j>rPJXuVQbUQ$*#iPV<5 zQhntc+MnJ?OtQ&T53yg&7^1ZZmmG#jPW7muN*TJ5>(K?dqDuoaiieD-jyc3V%{0!1 zX60R2Ahf3QH+fGMK*vI7>w#GXrxUjy?aJ_Y+XJkN0gp`*`2J!S3UI_v~pO?+edwj5qBe z#rE#yy?eQ94fpP4c=nKDWDhB3+w395{@X!{fro5_7yN(J?Xmv3BDxaR^WE(j?A^b@ zAIgXLq~=s7t7|6G*Nmna7x5SAUv0kW!iw{DRcnml4W2THmAa=KuH@&{V$ttsBhiWV zw4e#s@mWZx_60YM?GoZz+Q9`UQ?Qb#6)jU&!26zI6@HSIvM8(?*Be`2Pq4qjI6gW3 z_!UiVlmur%;j0P32sHM;8$15o4AJ5G%{41LStGB_>li7rU`v)@* zigZn+5d(?Q#2~>8qVOV85F%FImfgQ(<@K0*ql?Wqd#4-rh**jQT4SOYLT%iX4AG9- zGJK?BoLGLb~k;ozjW7=1$gD{fj`aLsAfIw9n1HsH=n zWi`*NPQvb3xyJV&ezv$6yHD;7zfW9zX8Qz7^R2j|n!V*YkGGPqU{9(7&pG3FhPzVo z$Cv+ZSgre{iUzW&OR2bJsR#Yr~ z%IKmpuRipicTgdE68KMCo8L12r(u?7A6Z^xv_Ax;wJc}Chz`{ZQDCkE2+W9ziXr5k zX#=q!?)9m=`nTa8&a=kgiz%s;)fEDEqG|aCsnOc$$Z`A#ZE#Cc(gLrBfd+XQFpP?f zCM-}%sufTYbvZgr(TXqc{us3%*QTXco@FzV;?s5c)@zQ6wQ z@OE_61la2oxHX1-FV(w|LR#rHB2YVvxx$%?8~F2ka0O8!RG>SC}J&~Z+OKKa%(yBKT+y+uqCx{H`8 z^cS)8&|k#*d+HqOFS4Dd{egDxquNEPPq|F1tQye0+v!L62ADnc*6X2$j=Zuht8(BF zI5}`fvx*J4(+r!T8nTZ5)EC{~ob*t35|;?fWi(krmy`>o$^DAk zOm6m3mo(9XY9LJ6@I7FaESPoXI7H0vh|b^y?q9B>gefE%jza{2tJI!9>etogme^gTRqo}}AdIm#U9vO%}b zaIuGB0)l-4pE7dGX)WPhiU6(HSb5m0cNQVkIVKu94^oUVtp;sZJk&W|6DhK_bNP^y z>(lddk}<7WsU|kDR80sS_66LtEF)BrN~Ek*i7bb>do#cA?{xa}$@G8y_z(M!=hJ`x z@gHA=P+!RyPeBZ-hjUuNB9Ax@&>o7Pd4W(eRb^lld6sWMpNH6{06q&uWr@gGKqxar zYUp`wV`Q6c1{WIGYnXvPoS{T`9>V+Zi&on!GM>=0kB0te<`35Pr(1jN{BMmj$7~n& z@VTsylnJSs`%cHe%_(hHBr=qP^dcAJLv2$2Xgm2ZBWJCTb@U4O8$SxEe+1uUnzEGK zub8L_QK2)G<%M3`9VJH}4h}vXZ<9b^+wGV-_*Z+ud}g|P0n%=1va-k;uvA4Rk*sOh zM#q*pI6XUh&ds4im%@B)Q{i3KiM7~I&~W?VxDuYV3CY4%ovP!dz@ic0rt|(+{OS+vV|!#^J%A07Sun~Se+F3|RYZAE6x(RB1J zK-(piQ$d$(>OVI1*HY?Pw=O-v?H%#%Y3doT`*Yo2qHpcXZh>nLgNakgHGXQ~qi7DgAW+X?^^G9OXRA zxMGPEsZmex|2Y?x?qqr^S(S>UbgjreW4DT|87)cy5kNV&Qt zP|OT<%=wzkGnw3W=>TrxNB{fzCmin=f1my1_^);gj=uSH@#*VNH=oWvT^{ql9{=^L zkrR=XW|t*f@D5knma70-lLDGI>9b@@t^kP=Yxq!+X67eDr5)Su;Ct|jd18nZ-2zT0 zet-2Ah?63OplMrQPMJ@1NhvcnP)VtiSV-YeLNw78&075%{aG6o+wk8BnO9xs$W@{P zM6dF$smXzDOlV!5qqRCS@&*uJ`e619Z>LSC7VP(uKU$l=3uuf(zh%Phx#0Zq=fP@0Yn`hWLmKRvTujJ2sm=e+K5{h>m2UR(wPfm@)X@6Di-SXpUK;CuHY6?3 z=>v#(=;CnGJRgcusQ1M5bS{W2-5PiYjk4Xl_*Nms6dWpHFB*Qk)juw)`9^c)nx6_U zd21Lr1eBEc7m$JWA|kCy#MD!|q?#=U0_k&BE}2m!l2vF{za;YVFobbGtC{*`54t8p z&<4Trfj|gdrHnCo2Ul!c7U8FnpXanNl>dJWdj=xl zT8GlhDNrj8;BN=BEdkr-Z3v6qU9Gus0e40}i&V=_8q(W`xZ+L3rcS0ML2IHr2QZTq zU=e9%h*K<|l`N4Z{HlcaF>v<1&^#kY>|>Hu=8wl=m+iNX+1)*#z5L_sc~hJ7e*>>| z&X;kzAu`dlfPQ+t{u!MdQe%fjoa^EJ6@ENs^XU(j1dR8=x?P)LS$ zFIu{0T<8oi2fL9aPs8GT zA6NM!Nk3W#eLna1FPWqZk(n5W$`S!tU-&ea%no+ZgC6(rP4*FjC zE6i8q!z_FzOVNFQ)Mbx%-6&10%LMPtjlFKpCzM&Rfq6kE2ZUmQ7T^DurerhlugI-I}aqmMT)nbegd{ zu-ozPglb*#IozdE(Isq*7?z@u?5>#BTr8CpX6Z&8q>FaHlrz$9{j1+ zY!6N_)P!b4RfP*7$uL|N?Qm;)gL0YmmAI=zLNK1Ukm-zE%bbxrnN^0}uM4wKStjpc zvfos5mcg;^>k;eDfc|-JIyP3cw81j2Q}8pHKZB>sv@QB|lph3nffOt6A<_Tq^VjHx zo8x!hT*I=Fmorx64fTg&s9m97Y2!KAF1gU=p(fZt|aUzxXYIe}sWH>)+C_2ubj#D78 zOPTScN0n*I>5kWYF7BMI=pC0J!+>!66`8)JcIjl6W~^F-NyF@8AyuzJ%Z1`8#Kv02 zg6j|a3@WlY!2rb8I*Y*l`^dT~3R!BmR4(n+4gF|?N{%65A3nIEcYRwcBw>pMOEi&! zuwun>R?@6JC{-mZLe(oPASYIx&uP(XA&L||Eh#UZ+sqrFj2wI`uB6l#T!Gbl0PPP> zvU|E#2Yrg;`2u6V>TnJBh7Y$0(R@#@eJ7zw^PzaUUNyF?#7Q*AH=M;VKBG@n!Y2Fc za*gT!mI!N^Rg^Mes@EO-UNL3*0hQjTYgukIBNuc{Xr`o_I~SYsb!JvOz+AZ?bE#Kb zV%cotwxDcy>iYV0d)hG;NbyvpC|SZ%CK3nMKy|$!eG9P*3v6!u6Y)AAjdv2xKm>7| zixhB%RPBPVNdf$thGwWyM}-vAQuY#irC5pXU5Fan50^cjvbEmQmLh@+5shMYF$gzF) zk>+xyDZ~l$R(xJxmm_wtZ?6JkEOG}szS>9G5&Z0l1lbeuGsWI=QGLW3*fBT5V4$AC zOPFf=QCqX2fy81A;M#%-Xa%hh&NeYRAqeN**g1gLMoCFU+FQSKb7WBckS43<{_KV5 z!-VLtiyI94NN?s_Z~}1Uw+_7mcz3;FFNbc|nzZvUhpY@i_-&Q%LSK>_ym|Ro96L0L z8~e?=*ciKc`Bxl!)hp7r#%`ovd+Z>Neyy<&T&*gWBr-29LpA!gu@Uek3s2`nu5-$? zy+h_~_lzFgMmutWUOnt#yg?>3TS=vZ>#?;ao39b>HEZgtqo0Oc_xt zS!JnN3p7Q+S!DaP!3Tjp4QH-lAe#MZN$zENI|H0Z#DO%E8oZY&s9sHMxXT@L?#x?M z_YYMQb;8k!9d4jg5TFQ0W<~>!3?~2=c=)*@2XEa%_Zst$&4~{1+kQXMi+;;RYHu(i zC+G|WtB2GfKX`&@$zG8k1o0Cj)0%Vw-MY-bIMTU7t))Lf&OOr}b;sHKj{Y`25a{u} z0J<<^of@-hy9c*2-Ht#Kv$NqC70i*{iAgq`<=}aV(M3=E9gahzs8vv3*xFe&W`+B0 zwYHKtf!($dEgquR{q@jjV?3wjntXl!I;1PM)LS9lFg>LLv;qW~tT!!)UfcR{mAPPi zQw((0aO!k8ut=>{qWgl1+80UK5-yM$*LVJ^E_HojZexFu5__#NL$n5P{#U|!XdAs8 zZ3_ZdoZ;KSU*HmF8nhlC7}{q^YMcw;dwj`Ru8F^k zeH=G{6WZo*g5Yg3-#A~5W3nih!#<=w!#%)2hJ8re{=P?M?3porcGbg|xuU1O3ifru zl1O#!>x=7?_KU!mR;)zdv-vxrslCby>1%AhlJb@uIRu3z*Q;tiOJv>vQi7&t)CMHRu}$;<+LTY=Rrg-`)+&Ez^-7c9;7F4Z$lUudtfUZ zuA8eS-kf`2ikqu~*5-pIW^Fa2c}33VZ}l4_H8LoNt>la5@weJ+U@mi3->Dp$K8fx0 zu&H7-?sd5$G%HpV<52=V8zxa-0?!#)NdXa;^EF_fNCD&qCz%PXI8n38#`I1-PYir* z!6*Q&Ei$^Ck!xhHO%7prqpa{!so8kQL_%OWP1;N}L|F}-BV@80crF;=37@-=f@@js3_NnE9Nw&!HYal- zOE($Y`yld&;F(1nNmeYmCGuX>cIZAmbDy5syBz!UOnCO`nZ3_GJ(KLyGsli^pPso- z&wRA>%(ki(sbRG>s7`!0n|KsduD*C}1WQ6SOJ99q%mBf-EwKj1U`Yy@Zj208t#%-G z^xDGTgpgx_scw5LjlHtgzZ`pI4W7NS*8A+0HL_RM#*S~VtnHPx$5Yl;bU-sZy#CwC zM!k_nb_V!eQCY*v7>$x*ovF{8HAe2RIPZrUx#l^~D1;7BqUjQ_jnP;5x041Kdq=PM zX@$V+d8Og=SK09M%;@^XlBGoD({8s)F;iB41Uu^ z6I4?eDk)iRONpDUq9QRWCD&e<8pd^*$efW%2$nFVXt|z|*V}{d6Iobz z8PAlwL!iv|z`1Z4#DF~!PND6;rUV7^HIK11+tL^jcPczE%8$Y`+E zvbz_wA=HP59=XGgrx7nNS~bQ3ogUdPjtz&rU^$HNVS6^PWhBmAQT%5Hm1+97E?Ar> zwmeZ}fuc=9@xyD2`5Ida5-%LV1UA4KTsAw+*sJzbdsGX^YvDgLtRRMQH!9?M0LMxK zx}fPbhi&yla?>bzg{(^o+a}PbJsEy*_bxcTSUkI$|g z){X_S1`K|Wy%8nsT;s=;b`H*u8nUI%R2Jm+-xPT@8YF;83F?ozl!G-tA$-PW?k8v(=oP#O8PhQ9B?Ds$h{)$$!0?-KL~*@-__LWZ z0Gv(#Z1q$4>4ObD{;=^|6lZ}>VGQ14`*11K>w+aSTt4-|dWaw-4l+fC5h_R>VQCnJ zo3krj-l|6JVz`Y33LOXfv_(z7J0(Ypy0+7VXemi1#qxMYeh}nD_cH=@cQfAQ0Dr(uI^C z$D4AR0>ymeg@aoiv(j{-S!rfsmVC~FHL|^j>IVVUCymxRL0^*1xDY%GM(3wveA4g)v$HUNaHeTPL0AtH_h_g9& z!Pq_;e$Fhzt1pgfRvA+gJXr0USjBq8I)a^H^OEq!-!Z03qxdMzg#NCU?L&3XZ!j{N zm$jdaE4RFrKoV{*^gxfWi%X_!d_yaT3~O_K2%Lt`G8x<&3l!NoMZ0lI+H(I!Vuq(3 zN96F~#Bh@fnGQGIRD~O_)>koz+^N8p#0G=C5|Tq74Y)tc3s>}RcOA3vOX)PpKj46- z@VV)W5Xv?_5m%o0L|%M08;7nx-D5Zqs)A$prhc!B44yr6sx8R zTBwy#Jb(v~BV~Uvvzsux{WsX5cJojQn0vn1(uj^a&&F}gJwHBPA4f+#6?Nf$L%yZV zGFHMu*=*vNjbAk{lfa#iMTaK!4TLiu1iO#u(P>u*F)2E8;o4t}=oH7~Vj{?iSmP4D zZjedCu8ZiATN@HnKHDgp6u=?dX+#lS`dQkdpY`Cb*up034WHR~)C1 z>hc`XK&|TyF@l|}a>b{j`Xv_F)GL*!**3q>2H=eBwM{GEa96i^&fKMcVtDJxikZZjzn3^<49@(X@DjwB-6u%{aMzX^W!-6@-s`b6QeZ?J% zo}Am)r1$fC*|5UB_3)+-q31k-ta5L~=C1AKST3azix+N@CN5AG-; z*VP*`4*{zqL9i?kQbDlJnre@l83`wCc4R35A z%efK>#>H{HcC)C3e9YE^jsaG+#m43f%m_sz3k)Ss7%@^(uh_aP=^3t&uo(NCCb#zx zbdt!tpqkIQnLteM&7mDNbS;RVZJyoZ7_R`Su|}<}S`U@bO3R#To`BbfF9^hkMAB7` z{$z8Q+_e{qc2GQA#H%rBJL`;WK4us6y(Bz0S~L~f7rRdY93JoGM(zC8iW!6C`xVcc z6lCGuAxI)-;`g!!Kta59xv+;xO*Yie=w1y+Gi%mhLlZ-;_snRzX%4 z(Lu?5=iiA4DaPk0EoD(y4{d(DId6zSDDSXXg-ZyC+%UM(L6AR-R)F$jbC_{jVk4jY z=qsk_F?p{xFctjuR-8dNWCmH+v9)vdw#VM~AbZ=R{p@WI^4qmNe1Yt-c1K-VyAh(+ zjKJ{?BK6uXx9|CaTro&BL?(Uqv7o|eqHieAswhRoG4tA41*j&fbrUkm8|sO)mBELg z#U--=8c;j2DA^sCz2P6t$HpsFHY8eUdoQ!%%a!Xcp#@Eh-i#&Lqv+k0MAKAPPDDEV z7q~ikMAy3C@yC{u7;zQHW5#6OY`q%}<7+>$L4DnCMRQm3c?My%pPfRoHlH?sd5ckY z_{+IiGJ2FpOzqFY z@9QjF*=89`$dUszZR`L%baTm5kOlQ%(_+55zlmFr+ne#n(D-}rb`X9 z|9cJqRnbIEc!P$k359-n%1R(5>nt5M$;N3DaR3m(DMtW8MAA<;Y(ytOL}ZVFeAdk;I<|p~gqeu! zl5E0JgkUG)`y7C$h=8Hke8v$NJ_9fnn@>D!#fVPH7R1E>jK$`&gMf~Mx!8PSVJ}8a zegh(-2L@wQmjjR)qhK*MpPd$a7&c?`iH6Y_wJ>eSjb2!dQGG^0aP(Jh=8vDMG>DU#lU-Wfm zT1n`4p(MfP!+TfG7i)RLGp5!`Lm)y-mpP)GKthC&nsAY1Rf-S+&^cDyc>IOjffVZ( z9SyobAb)uk=fvnrfq>`~e+!<(Bt(pub<}Ae7Ti;;&Jshh)(p}uwpO2JN1Yp zz1h3%Jl)Q2hYdtpa0`AEivV$QdG6qn-01_UfxlxZQOSzs6ggS&%y=^jb7=rN!$-DV zv(j|wF5VI;?pUeej%g|Q&%s+J9D&c{0yA5K7Z^h7L5Lx6S5DV1sj?DLeLI7qgSRfZ zc3B09%=1ccy?zGq`+Qy*1=&EGTXu+p2K>=prEKg%Dts>4! z_=dl|ukKo(w$KXeO>&u%S7+BZ!A-T-kO(k?@qe|!TyLyddM*|gfi=*hPo-rd#ropN zsJYRiR5gbS8FvFgw49OCP)%%tv1&GVa%RlHQ<}5vl&bEGp2yr)2n3m$ZF$(n4krP& zHuuaXWM8;47+$UOg)vH&u{%sk4J;fLzOO60(fv$4&OO!0LJW(qT`Y}gd9uOd8kv#k zgQ#q#D%3_bns=yfntO~1V3aDKqT4(j)Mv*krVV#@DL+F~k`jwdK+nL%N~TNB?iiuv zoa>STmI>}F_-uy^Ka5S)=pF}D6w_;6-qS_eS+ypYDPOFI^%5T!I2H$_K@wq&Gg9Zz zBJ9~;kh(6=PPJ_ImaSF8_iG)_kP|oXd6zLK%Oy2p3wlYYW=mO`ACFWb3%i%#Z$0)~ zGSKq{UE3Na&QYrxaDE`I>%25&zW^}Z!(ET01>CzwA%o$Fu=YNIV(gq|mEb>Btgagv zsLIlQ&KpKXJ5Acl_z9tzUdd{?!U*};7^R%rm|{YmJOltX5QP|hiE*yAdPNJvl}kRH zN(bg>D|UP4gX6GDEzj1VREgAHvf|8wFc#+FDa#9~!Mp&HZGotRQppi$@YK~R96AY3 zn2)6{4%O)voR#Viu%j`AHgMo0s4<*(z5%jo?0}}G?Q)ot6)kC^S;>{=i3*3*Qy0i) zsRIoPKz}luyprW(x(n)G;cvkD3#@IVrVyJD{uIgJpJO6;l+%2qNj>B!j!pc2ilpyf zA>n&$vUf8pX-GYaN%U?9s}J-znB?7+!adMuIKew2eS4t)R#rn~>h=)DyZobvr)`fw ztB6jSc$##H$4`}biZqEaDH0=+A4WJ!ror@qD7`Dx08^Ej>J%k@^%99kV+R! zPwq@U9_TTYnmmwrJkWDjTJliR@j#a$^n+l+@!+y)95}QClz({!j4Np9bLsedin#Yr;VJec(UwIJKg+Nbf3dj;2WQf z?lrn1d~}ZwN;MssX1YU)>9};uF{!1oX{Do5N_R-Hi<#S~G}2uSmr=X3W3~E-VML~l zZYPAsOmQ$}bTb(=qSJwN(auEBh;Acm-j7kI9$TB<-P<`X>2q|#XDgjE&YActCwoR7 zzStzs9TGf;h1;m)PM5kl7@hHe#LiKRHj>QZk~t$H{vMpj`Djtn;INL4lSVAbjeCWp zDoe1U1Xhwa7XF|kTrLPD^}%rTX36Ku)tdYLMNHE~S2VNTVn}rSJxxtUzKG%PDR7!* znS_G=S8*3-yJ$sGuH12M+)*yv&(?kWAlGf{aBOd*W4EsMedL{>%_KV6?oXFAxwY)e zUFP}E4iT-yimo$q?(+*XS}xt~VB-|KzGDQQPak3KKGo`t=3iXZStStZHPEA5sGlmS z>BRbKV2F78iDgu_)@6|Pp}Oh}q;T2XoJv_g_~<@eKnT;5uD-F_vi$%pKJ z9RVJeGH6HWTvi%PATU*nyCGPrF*ht3Rr<1&b9Teyie$8=+IriE{F#5>L;l-5w&VrY z55*OV@wA}{_ll%cv#I&uV>=1W%x+4<=*^IJUYvFptrdy|O7-hvv_adME9Y#K4qG_^ z{DW|P{#mSF&Xl6d@r!2Pb1Su~aw?`JqbYz<*uO@t8y6`c6o}=JLe@0cRh>jd&CmNUW!fQLRwK_jdJ!x-!u$4dx{lRW1P3pzR!1w zf9%_dNAWn9?kElt^al5;Uqd`1RfNkui*pYxQpxL(E{b9CE(4&4w(_I$K|s#MlxU(^2N4Yb-o*Rff7?w1(PQbOthH3RQlS-1~rY!YO`l>~5* z>{pn$HU2 zrFM_HyA)FM1d^_(SOc6L0Q$MHY<$t9KX!ewqjxt3m&4jlVcq=d!B!7p>#TO|oRrHR z2HcJqY`x%iRWS{kZ`~cC<+6fn_n!0ba_DMe!Q+Sb_Wo^f1{PE)pz0|PgpYRhW^>wM zy{S1&Tqy{!T40%D3YS24fwBj(L~#J9C`_Zp52~ziU$e&@5FHaMF(G^l=g`x!ISCn0 zG&y3k<*fOF9kk)*nXyIIP8c<#CVG11TCr>ax$hvZAmJM>W2ta6tv`f%b|OW>Gaf?F z0++^u^2~*CVn(U+bYyb5?9+3D9*s6_xnb4p3lmD)G?xWp_hNhzLuq^4343-NZrLUT zcI-eUB`w%24g-@!b!fBO5(x3Ec0Nt0&11q>Jiv%%nZ!&cXayVu# zUte9G+SlG*<7-}u+on!lWNUV9{zt`1&PrqEr>agFEUSzW#1DNZHG4%) z(H7~HjphLg1pn*F8=kQVIc25Be;HQw4O^QZn#d9s;Huv)zo3POa6UYoPR+tiae7mo zsp%Johvf9_xuJX2lb}A#hmu$b-D`kYG^24TdvcXn* zbZCo_U3Z+_Kf9OZEf>qFQ8}j;>f#xIQ$9nC$_Q`E&9|?=1ufCCyGpS|mD%GrYoNYQ zAlW=7mcQcZUmvypgDg;+7`fWlHud^`#VjXh4bqk+iL2#kD98oS$0nHJ9bPp6zTs zzcaRD&jRwC$n1>YJ3-1OAP1&{Amt33xmnHZWfvd9`}( zZd2=ErxjJCC|SZ%NHqtnF@Iazr-o^|w6z8)Nn}3f0u#(;j@%s2ysIO)5cO2BgegVK zzOB`gFrliFZF+*fb$A!ILf%_o0oS`+*n81FIqO1-{mpC7?d8BeWDv#qRwjKXu(jB4 z>((TvxAwNzUf?R8vV@klOCklyq%7t%x$RqXB`si|CaGi?W;y2~C3H!-u!Z9;WlGL3 zLzC-2nVDR^!AygQxw*DL;~R6r;JShsB5QRN|x~FCLs!TB!X_pntc_7uMwO|+6@`39` z$hQS1WnrKVfLtmK#cv^BN06&Gr(b^g<-gmE86)7}FR2Zq?CBN}*X|%{)dg>x_a<0g zgDNt8k($n4uKxHhxdT=k=(G~t#^2>?Lezxh6SA6+bVBYYq(_SySa4+j4ss?o1m)Z9 zx0(?sws4F~?&f{-!F`*NlMD)+s zVPWl3Sq0TAOPzgt*yc6u5O-r!+oDl`%RnOU(JKQp(k{8drV+R}A{LeqR zB>dxbosfTg-}rah`1h*u@4WGE)%?9W{_Amf-u~cH1`%~O*3rRYG;8Ym;vX%fy0BxW zz2K11Zd7Ru^=9dW2w#g?J;Oo;E>gSKX6!zo!{TeG4#HUMh(X+lc+7}syok>dD`IDy zh|%>78aVEO@q8Y23?jTH!*vVxH2Le&WK{iuu~a!!cVMfkK%m#5dILk%1VRq=K%IeK zv5LUMaxn=}tDbQ74XDJwoz$+bhooGRaN6ZH&v}NnIVGAdCy>7j8uZ^z8oSriGY&!F zPUV$`o2re`*14U=PQ0N@%q7Dl&pt2S0>0mo`Z=8F**8?aWJ-rJKnL?Z$*`W&nNhpF zy*8_MLm?d4=AMbYZXCeT*|q&%)bR`NGHiSLe9BcXX~M-a+D~%RY~RY!!9Nf#yc6VR z)eB;aS>&ypRh#s^nJsIRPpcx4IpSSF7HVI=f>1Iq83i!Td%Aa-#7trDGTFOK8qZjl zNsEU>I!oGoq}N5_*-A?R=~=X}Z>0UnN&81L>fT$tNAQPOc@nWOPTsWj)~!1{8!))r zU@QW8CHgFw_J|tIHz5|N1IlY;c1A1Fsb zOIeB3vN@06d$BR#cMa^`pdyA30{K7yfTre*yqLXs{@~>w1%d!LCLlJU3J9!-Q%l_0 zc<_iyM$>Oa77P??-^n6@!ixw*U@Y{qViWw;eaSV8GRg@#TF^`}qa{?rbF<@F%L;)e z!_yoJ98%T%L1){7%mLBXN86L^VVIiQrHh-#ygAi_19F5d4;3k;)W;9rUOVlxk43QH zSZnG4K4s)ZF|-E3Id7~_U=6-vD|*L_=?eaXUI&5gSCVU-6}T4~NJIc_1YQGQ0z;91 zI{NP9>c@8{7iS?D41~XCZswKp!JCa4v_Ovr+$4Ui9h>ULZ*~QEotqEb`d7N5*}xjG zk4aW3e)rJxKMd{RrDAW3rvm>7L5<1GL6Z-lVx2FVu0l|yWqPQZJ!~&wuNt#u$$S7A(~ zFgO_2u8TZWN3$J>5Lq{KsA7`6D(I?^*(i5;_ESZ(wrIy+_4aFDZk3BOuif)3O=yYN zC>A)%#dA`_eR_LLsPL?(rUYec9nn(rq{?VX%sE}kve&UT9AWIq^qM77q;dA&&E{L1 zV5kKvxlF<55dyB>I4DOJc+S$STsXet4|U9a5sym-NMHP8Y zj^MTaappNoIh37acPLGiMq}HyZQHhO+qRwD*!GQW+qtoA+mmqHPM)mrCnSMXqc8MQRo7JuWA|& zd`ASqF@~UdZ)ygfV;T*TVBEglk3=-N`H6{4hrGivPU!f=X3nO zJ|F1=S4B*n#?j6Esu|CSpzF4QcM)>#bklrBXGW9t{Gx=t@@%eQTWCzU27guj#e-CUPqnD}W+~?JTt3g{Tg}sB^xXN=9 z$YanLtey~3OlVcrsgUhY4F(5ic*+dSmA2JFHW zbMc0wuX+&MkeW^=39^t~^C$@6B@jD{QT1P^@9|QyJLjr92=sw}@A(Z6c^8x)TLHT3 z|Ga7S{8{&G;(x3P_MxsVXHX*%vHkrOV>LFL(PQ4SN|c%K1(zVYG4@nI8o_oTD?J*R zmXW8ut#?MRe|?!U^931a^alPEX}=k`07rL( zA$9YqG|JJV-|S(J&MriT;1ZVu^}!U;%%aFRiKnt658V4^~OKPZ@`|LFkW z4y(7+GVkb$`*;nd`PyczShrw9M1e;%+`z@{bhP|#Qw^L<#E!PZ zs;a<^OP^J2ahrz8DLA0+AZ~Ju_%8|gW3$sdj{NcA(|Zn7mpf@PY0Zv?xPxT@#Ew6< znLhvmN%VAfa!G2iC!bI4 zk0rV5_oO24hH+b?n@r)3%ET;_fm7fp1Y3PYCI%vI2s;BXt61O~BIp|5+*jEB zT&1lzBOPk7MQ?&lazRLQ`OBe>&P0v-b)2pZuUf()_50jSW*s+z?(H}I0b2`agxM+h+!g^jPet=) zHFBpg6(`V*7z@$9XT3zqw=9$fpHQvZx8zDu%^QXwIb^z|YAMb0sm3q^H8EaZ@Zg`N znr?4*!PK=oIRD3RzYGXHH+qY#eJ~Rk@fAI8n~_h{RNDOCSAYeI!|?mxMVPzxOGyg_ zb`br^Fz|W`G!Cs0B}Q z-th8L!4nClnr|{c+n`8kHKa`adK7H19AnpPx5+S;2`t-?C>bq~^_wt@JeXDlM3$YM zBX}eA_iKK7hSVI0uGU$O0e=!8cacX~6O<#_t?l+un|n$dWG`lO25=S)?=njjHKD)8 z8&|#d;@HT% zw{MFzMuKFigi*6>N5fmp%3oUR3Wd=6{N2>ex=+jQ%vit+)5U z)jZ|zh=i!JCWnj9y~c$<=OTqA5;N8HL_+p zZyi;wJ@MFk7VmGKY=miPn+R?qH=iVf@tXVW^~n$K6}+hLIc~<7F+(X#B3)j+jZt=q zG|~u<9Kbp{G2xZMMTtUBneZ1mH}yUsfN>t z6du>MQWRs^h^J;U)WMf~xBz-%ZR$@(9|2f4pAF@g5-Q|-e4h8$qG|v1v@Vub_(T3I z`FXtjJcx#ylQ>M;o&4jXOssj|r5%vI&Gz@y@xC8VoBdsv9Zilu?^maK_M-hceH~@I z{_L=OH8C4k9>wyb(@mXcZXRU7h&A=>F!fwyy_KbF5e~Ro*>$BTM3bei#rIUUZ z<)8oX^XfkGow*il>-xsXtZ)W!`<4YCo_EP=c5hl|^lL}Q%SXl%pkwQU4OUaFmbBwLf<+KMFa* z#0S3HGRXZGKJALX1Bx)`w|vsh&+g{;Ue|YE_BZ*&iT|a}cmGxN*xnAKKmY0D8lyXZ z@!nN>E4~Qo8mT!xdwHIV`}hj}%(#DgCfeBG&2;~c>Pyhs=o!CaW&Bm0wrc#c7aMAB zsn_CCt+L1F3ZwNix~kqfB!O9)l6z{OmB=T+*wgtlSo$wgp$wJNG_r0FzzuZ*xhh&) z@N!O5B=vAuB}3L~cAZ$0QNymyjQUIdTi<6^X~UypKl9oekSRE6Piv0!!2mrGl#N4e zg|QWe_|g|)WSwR5H}WadkZD>K*iFq}e0>}{8GD~> z=-tK`iqT~oghQbNGJ#Ter=qr(dBg(nn2OnX+(l)#?@O}1RDR2}$#XNQqK4AA`l^F< zhV{RM(Qe=vIfcpn2}B78epdXsGZ2E~qf36vn}c>`AUmNBurWZM=14irYJ#6VBs0kZp6 zJT(aaMinoO)o)6U-vy2Fs1Ik;YII0v*TbHl8tJ zk1>m_e;w`aAw3|XVbu|d+o9d2p~=#V8Jp`X~5 zWZB1f_WS1Y%h|*>sD%1f9v*wM9^Hjjqbh$Zm7G|zbtv%hgpNykJtZmQmlmAq>1Y|` z`c6T+3batM3k||@BXExT)=8NjGNNSnseWI*g|S*JZG2xSGQs&Xoo@? z1QQt^ZD}Vn*1b!%IAkB@bYB{nB5G)uINn~x@`%ys;qS_4g>+LpvxPIoe`I9+$}q%G z8&>y1>$ghZ4FdqLW0(v zRD**UlnDR&4gxo6pjYgMV)iuKT&FhH&w5_Jn?OV`L+;m zHozS2oR?b7j#B1&Sg+(X@O`q5#tnykb@yxOE!f1hJo&SwI?T#ew*l+hVS0i)w+=A4 ze|wNOr)@hYePM@+5mCF}Fj=Hl-|-${iX8x?9+fl`g0o+e7**p1kF&lD;+@SK2dXs+ zbe%QZZ1Zyy+sWmq9#D= zKGNnbTW8)3FjqGxuceB_U>{EL$1gqswD*hinJK*H!i zIgH_OE!?)YKM|I?IF-6s#zwuVYbaGQxGXJcJB(ztWv`mLr*)B3FS)pgLUHhP=>*>l0Q0%27H)CIKj9;R?KZv>-r_<-CV2Pi{F43$j}^;?%1cRHMTHkwpL17 zimVZ0o?>(a!~fMzbDfYM+^<(}U^!A#(rpx7lhWM#%-(Al7L0}Q_YunYuK&SmDR8Dl z?6q3o-_}_1F^o#YruOT72Lr+o} z@=k*E(nCXvbu6Ql6Fm=>J%SQHfNFB)ofzHnr_#QSrNCA@u&K8(jo~|vGZ}8b37m41 z*5w1PE-&FbYy-DKY>BomIZbPoUE;xcWLwROvDAs8j78Z>=y8YhwwkJ_v z;Nyel>YJkdE#N3-@y=~U*s4cILgKJVqAIu&!-@LDJ-`P1mjJRXA_d~Gq< z*IGPe^Pp~6f%kiO?+2#y!CfzCKMt({H=`t+fhvK0V(OBEtJLq zF@ugnLqe7!KqxR1rNve~ow^*51qvDH)v3hxzO7(8h8)WoB++#O&;)e9@VoqPkI9li z`fZ5GXKG^Tdq=XW;=#TVhfSS4v}ky6xuqiG7xV}r>^r%(Ii!}oMF^X6N0<*S1-&G} zNA{`)9K=^2Oj3)1tcH{vZh%OZOT!Q|fKt&b&T*OCM6Dahl>Bh)q z`cAT%LatFq!v=_9y4jQrrHByBbH?KR@@hmX@hm~Fh$jsr$XoB=MoD%}mZx^GF>m%X zobB*Q5{0a^_wn=%exuSbC@sqV05&Na6}<$2XL+Moxo*X5p->2JLCLf@ty%(n#8F%z z?y(w`e`k@(NSQF(#=SD8HPk_AU+n3#q9_xeJVE*$CUNd8x}e6~NJmRXHt(%$=)@hD z1XRqaV~hwMob$*@;t>-cx0Jb$ktqwGV-i+g0XCnHmid(K!`>sUwC(bM{v&#YJ*={j zWKd@0)L5wLgh$({&Up30swWJiPLrqC-=}sau)bstvvE*=#o*X@zBJVCM zEKz^a)#G%$lBALH!nM4V&VzYfTt)7y>7i9tXZp5caHn3QXT7chPRz4@@N?YY%9CUQ z5ih8U1jgJR@`|uT3cM3Zg>0Oh_YiJ$0T((JYIGLEQCWCkYBd^jQ-J+{pu!#5t*EFK zq59GqkTD^?|EgKM9ld-2T2C^H1;s>PNw=gdNARMvo*`g~v7y zQNm@EZx1ptKZ2d5_d%^RP+jGuRk;Bkog?8=amT`|7Mn;L2PMOoB({AwjZ*A=Vk@_WN#WMPvP zQfNKi@S2x}N-rBS&2|3Ph;x5+>W%DD+c&@yQX%h4b*?t#o2X$ATKWw0hb$} zseuTwD^%U0&Wq_6mV*(rqtpOXTwL`i69b2cYcqKR2${6@+PqEcw_M_h>Z+%ez$W}b z^AU9TmP6nSZ1(2ZPUjgwwx#~@0b4p`69@5%W!wskmAwKYk2OZyD|iNX&thDb0z3tN zodghqhS4BPVH`@p&*H5*Kn;VI6icuZ2?B|6R&QoYdD+iRJsUT*|JKkZt=eEuQF^g9 z@{>OasEFZ&352e_+NjrmK&zhYFD)@N)n?ZeOgim4f@;5sz)CRU)~PHgqglQ9RvarJHl*KL^^RU)EfaonW4@{?h=jLfTEJWPLdWjt4qk&*Un3~8 z6UeUx1THn633r8p1RB^sGB^NhNC39u^$}PLd?(lNHr&53f=Yu0%`_E6MjP6y#HZIF z-kiLH7R|40RhBo_dNB^>B00();NMAiz35*!_i7^&%UFczm(j?eCPM$CrnB9@6%Dwt z#anbvq8$X;zuBB;JI8%P#Xh8jP7^B;TATL{gciqIbBQd&J|ieA(5)qMV^mBSG;4PZ z!Plun40nnzi%Wd&v9c15d=qJ_kKdvaovzGL?PEiQ!PqTUL14>DT)2^bF*tH$Fm@Qe(qj5T6wV&KxuoLoEzAa& zc{|Mt@=mO0_foCxyuLzkzDU^R%~qc}tRGxvP(&T5eL&7O@x6_Gg} zmB^|e&6t@l8=K2Ex}gQm3yO-hT9o>sKmOP4Y+mW8KQGt&$HQ6g&q3b**M#$wR~WXk z@Y*(~tSRSsrVps5D?)A;=*CIkoNzBQWql?uaBi$}DR{g543Vod7#FMmc2uYg#vMf6 zxWdB}I^S$ZPG^yd-cWp$S-i~Jf*0sN576hqaEc#8e{>|=fZ?2aPlXRy40x4A?F3KI zjP|)atYXl3OIj03Up7vwCF#d$p3lyDZvzi^$?Gw5nm~`BJC6WCsBE^p;TmFW)$V@> z#kya;d{km0NhcudaeqZTPXO>~{=9t3(LY&ENQp_0T|~MsHjsy18m%&qbSVQ(-WV{U zsR^QkXKBqSz+--0-4QJyEOZ=Q{uQXrqHGw>P8$_N4&V!)N@deXo`v1__yy5?Ky4bK z^9!V{R`D|W1-!sDXmIMP@!-1K@kx`Ki!YgJRJJR$ww*Wjcxuf~N^V((+$l+@qTX_BKggo^hM9WW%Q5CEH;Lp!dt@MScDid8=1 zqc5UkEVIFrnPM&`bPVw5@rO+x-p?o;!3TAzdkn7o(>HpEo;p&~s;ni=#gwFDEK+U76WdIlQKiY0I-!zMItpRP*?Pu3qof);FjxYEF3O(L8ZAe zbU{kS+3GkuZ>+cTdZ|uWt<|RaPcC)I%B&a4dwa1EDqKL|wbr4RvC8R&17J>u?u(sXJ{o38P*{SC^$BgCGa{RB! z!;ygMbQA%}l-3|lIof&DWtq2ARfgz6$nzxYZGdc-$p4K20ygvBcxcVTkOIK=KVsIm`itpIN&?% zn@6$M>dvJV5@jsRChl)rX9^Jk{1tyOsDyeNuSeg{glL-Lpd}bD!6pg@qC|-b| zDYNkDdbx8D_>7rflJ5#4?)>#1_c2kof<$tgxoKAFYE5 z8&lYNRGWc2QPl}(jMoV`rS!=uGSMH=BJ+{=O9W>nAW7(O09?mF>xQPoN+zMAN~@hX zoUnjmy^UxC2;0H5{$^^j*wh$mABz#*sq6AXz?(&_Ozt&Wr6rhm2ZhJ9<^NVKluIru z63?Jdq>VP^&@>vvAY^o!i`qa9y9x3O8VsxE8pHsK3(WU&VtVyPBy8mq3KFpWd2nS9brRw*O)NNaE^2ThEtR!|iBg!ez{LnZV5fT!aq_sRKcF zb{`JnSq?U)$y9MsAs=NJ#;AGM(_tgH)xidLD_xYFvcWhYr!+Z@OY9Vk$G2w<3OS%N z#deNul&`7v>X_>qsKo>IqOnDE*pC&UcWaKMR-bNN(;aJh=e#2^GZa($*u4`S(~%G* z&+!u1t{Ne!ZW(+0bA9xk13QfOUup2duGlTgA;1Hh~ z%3FhV%vZcRW@KM7IS9_raMiA0Gp4vko45QHL#FRfyLKXl6-@iBeIuLK=HKIqgVB5- zlePM}Ya`u%Jd{OUQYCl%vi-zR2P8TIKpec=9YkKH+pq_{boeIEMXDVs_1PuBws;kN z>86Wg`iW0@26cq;aKRo**LZcQIhN+LK&Jl9F6}$60CyQh2WmY}o9pZXg+vR@DeGLs z{&9Emgrn!iwt(d47)SF(KF{T3F4i9e>ThA~W#oc`&138K10JTlyh^I&&|`WiIi)i! zWiAgDA6^$LJVT{lv=o%?7V{q(is$P%Ftal_lr93s4?90%$y@dtTxho@^iDga-!*(G zJkh+lSDt1fL!9URtI2jD&2cke&Ncbk2NF=e3kb1eHrUT|cWgjRjDd$nx~YOt7_|NF z3Nk3K%DqnR23D*JuEWOM-K7WK((<+*a_eVr@=zcm!Pty>_FXt|o=zu&c4bbr--O|E zp~VV1viUhSe$;NdBrXJH;HTJadjD zQe-?TMyqV95D8N3$*~&`IsVy8nH7v%uRuSFe$HKQW6?2Y2@&bFaG63nXC!z%26V=o z_#o)zx6P}&%(RjqEzc@$c%1C-9`2HJB)1xot+nFlws3wry^Jb6d(Gni@qO-5^jPft z?esajbgu_+sO50^o2#av$ekfFM1?n`d+qa6lqih4BBqa>qg%18E9!hy2EWww~kR-+I!7kSX&d-(5L3BTSEyqypscZA}Kquh+Yg@Q?~GR zqc&!cDNeE*)#{){gDt+Yr}-Ef7e8%oYx}oL+Ps;wE84sobNjcZyq&hA17^q(ZC=+P zIpT*0MNNc?@fSgqT| zUO?!=@gAzXFW;2K)MAYzP6c-uJbzmcl%vPu&O}XGQHbx`!P;B$#K(>awYyGeOF{PO zPt<;Q8`fBK6g(ahq3d9%r?EK0Q^{lakZ4yc%{5TH&pUIL=a>5LQ>M*}ISBaD9R2zH zdQT1}j>he>5t66wvM!LBTjV96P3L^=V}$6OYgnE4jJ{3!c=fR$75@3q$OE+EjD*+6 z_h@JizJaR^^TLZX+VN=#N!aKSq_SjRRmd7ST$g9ci@1Me?UEN|8Yh|PEMJS+I{M5T zq0e(pj{PTN7^3i_^I?;V4>8h@Dq|a4;qo+|>Z$jF@Nl2y!#YC06>w{aX5+RTWbaoJ zQBKw$DV2&+WTho#UBsUfC!9a7O(c=nZV~U;Mx8~a2<|fH4Lr3i!jq(0(Or({fa?lHG}YX&6$z# zrkL%AJ6K^O(Zw=%C8@$)Y4D?WjBM`_zfN?Sf2Q9(cJDSJn#T#}NyA4Ye#fU~tev2t zsj71ju`YOMk5k{$mzB9;H12K1>DR$lb=a?BWp5WnhY zoEZ!2jrd21V>K7;IjbWTZ%~vI{YOR6LLN7e6)_wXS5J05x;zIj~gm~@D~Ut!R?_GaLdOr=c0lQ z7*9ghJ)-eSl&ThimtFZtPEKx`GdU2Q-gAl-Q1`dV0gW3$^?eu-M8j23b+=G__vge< zA~DwVfol*f5g+Ti@j`a-3SA3wOKe&D*DjMo7tv4yO<)6PUbk-J(*L@t++C6}$BdM9_sbyaJHQsuTkiMwNok^nblBZEs71N~F0hx0EIN%horOnGq6*dM#3Q&uFeX83u8%4Ih-)MCU4FW&v8f4F8Ca<4)T8Nq z-}L&U!x#E%^e(n$y);ZMc;~{M+)_K4aB;y+lME2xs_v27IBo4bxC|KyJUkP%8Mrh; z3{?Z|Q6jJ7Tr*W);0xN19>x&w13kjlb-rasWAzkm2N3S0aH`Mn7Nn14J4iUEdWoXU zR>>&$o0K%TCS?1K%VMC_V17h^6UvRfAKMy21Lp8JVzXgzo?cI%-`+oFq;=sT2l|>s zPM1(OSdDu#=lRcbg}aWoNCA3idr)Je!r@a9xl!}JZm0m;aZSP{C8Nr~6kAIRZvS(M zg1+BvZhgJ%^@FSt4oBHZ!ic3fPMJ~?T@}}TMu#H>c*#ByOMLpGg+Mi2Mm6Q)No7j- z4od-K?a(?Zuv#v!RxfzE;DBB{3W=f8;rwSTm~t;c-4}B;u5`6oBUUhGkajiSZ2YP{ zOu`N=2Ih@RMOML8IlX5y5ZufRTPSc%E&bg>EzReu*$cYMINUF|(SnT!`ypLr!pejC zwH<>8AI96LmdRBN^a2Q7iLh&TgzH}aSX>=)y3<6l6k}DHj^{Mm{M7i4JII@9KJ*P~ zty~%cR|f-4D^luTZ|@Bi&}$&}%q zO$6~{N3S|0OWk*NpI2E52?i18=V+r3pLMiLsYO=pmeF&3&IYIFd(r$n|Nj0Mv$`Yp z3vu}k5Q-c6w>E%*_z?ViVKRI=5}8=K5+>MicjvWRhlbN=68nZ-*w9it+}Bl0hoT=j5wxIaecA=|uZis55R7@*C~Fs+T|OJJAk`wfsYi8O|yAjo9ObY2^- zQLM_K&+MaQ70=V<#XT`jNf)l(SGbsMOFFIgVzLsj@$h1?5!2IN7Lz(Pu`1&YJ2MQe z_i#WAcMIGD!szm?4raCPcT*k5FBTN~138Qqxwt&Xm8zyzV;-BNzChCO0QQG|>{x8|)-Yi3C^?lzmj-_e zB$J_#s4hNm0BHrmNszUEH%;{iX$A@#%EqHr_mXrCdHLC%_*9;@KBUXU7%AGto$!q- zi-@LjO_OX_;;uDx`=&#ePo;l6k>#8sP4UYjf~FBIh_;Xe8+W!K$=TlJ9HkLv>j2Yg zMOEJ!_+rS39rAWeg1zpHtcLMHv{|7X^lLet?803r;dT(H;_-C9R`m^Oukrp*{mad4 z;)YrwM{eGidj3d7ZEi?Q~~!(5z+`OAfe`5Z|HHX^nGfI{ZX)7K7v zC~yEsrzC()^9VCzy=s9S#@3e^~kI z!CXOWQ0EIN0L?U4#kv2+FU-y5^?9;t?mrSJ2JVxT(PnVAPUDaD9NP~3ZlRh_L=3Sa zHEo|2?~>4c=C`!1`^0>#DnsOMMQ(1tmNFe0H)LZ+SX!5`7pkjMj|=i_v|tWvdv1B5 zL$f*&AMB?h+BN3B1!=p9F7&XkQ=2fB6TL{s!#8$6pc0=@FVLAkI;q9R^GhWP%$~0r zUFBON4JgNo>F8j-(%UUSg8g=At$$f>rjtvL<13?X#EFw}qi%!#5V?}SW~wL`rL)1! zal4_EpVZZ5#VC)dXeNkEAas=49>ct!NrWwsvKt9MLO<$%ayFnbu16=;SLV_nKZjq` zTpmS&VA;w4K&B_d{nVHqcX0^$lRkgoV97$B2K5}eqT^_2e~Ro?W;%U8Um?Q^PUeO2 zw(KeZfktBA+;tyb;8HX-wyY=>geNX0ORdJu7?Z421vO-qialjp!!Tz2N#5f4L}J^A{-+Pyz!WT~xzl)qlTp`?*TeL4idaoYRR1$UEw6BOBj{W)MIuYwc54y6 z&gA0g>gPKD9DRwwpMxNPtCH~XN#r|)qSlD7$*R47U#&D*rXplp?gD6fAxjTF$P(1B z4I%O*29DSq==i<0MmmtP&1>4}u&K;svFu^W)Cg8P*W(`l#0ddk-|-bT+xn@2ILWQX z{aQc3a5V+?Q9tlq^@0%PFE0no{;oglE{ds&LQMzu2CHSiM3yW?)x*RNGnLMgY5Rc` zTZ8g8Y#?zFdZ zk~Y?~`n9NDMlkOCy{2B)Kj`1VdF?0rcn!7TuqIvS7lkzeHh?_ z7?i-SL#!)@ZEVbczp9b8Z3dytwEspg*zv-a$ee+9yt7xu8qwp)LIdH-|7c4e#rGw? zqe7m!_VhiybEpdoS`fX`Yl9Ez80H)V$nuSMW?aJ-9~3Aeh?Imkre1@kn7GA-NPUD3L*Q=x<{^5 zsuHs{)S-{scx`%{v+8;&bv#)^#$<_7^Pt+>=@#u z7ikvu%bxxFcrJPvwiJtH=2i|PRnNXk&|G{n+OYJ8l+Rv?_4)vf#fpg3uhEs%N_F8$ zWIj=`>P)_N6!(|5eEMKH+j*%>eG3p_`>NY`h%QqbaLKS(Ai|XDV`_@EgrAxJ9pl!Q zq5Fr6E*$03q`wxCU+=#mLv*zw##i0x4(e`S1go%v3nM+$yuft}74}8YykmO+<)@); z?@otVF`>{ny=&!GIpJXcHJJYika?h27Y5_&06W}o&~$&jAgqkYo|Quxx%+Pam1lvB z_|n9V3fBYG@Wta&5{zO{Bi6Ih`GHgT6#d4G0 zQ!M@0<^*KAJc-N;e*ZGL);e65wAxY1im6aC>?_I~-8jM=3ccna^~@YA#M{fu$|kSP9{&S}F$*?)*In+RhkS7lt282nbqzI;F7ebdt7hWRP7&P`@FQ{`= zJ#=R#JJ}RckFqn8#sDMLDXgF~iE$Bqo*qeU;}vD zw?hoXY}$EPP5Ff^rL2X+8KXND`j#cmy0hVm;m<=|VY=t`Q0;`*lM-J;OVECm2!+IK zPc^KKG*F@XW+Ov?HrXts0zDhklCvxcCs-Z3S|UWN?q#wr@kN8lIO=0x<1s&>E8(DO z5;#E7)hEY0pvY8~=&c>E!cyV7&{Kv2zRQDueVt|!g_R33D@_?S8iK_lC^P1v!?2E^ za}J4KQfXcf=UNG+^Amp~EtgoP)Sf;(iJYHp!*q!#goC%5K2 z!-aurwX{ZZAW#Xj6)xuRJ0G#IRxQhGXA^YGx@CpAyf6P18mDOVb~~?w6NooK4K5`O z1EiPBkFd%~X*Zi{{P|Otpbgy+Y(NIt9Zawc_S%eZrz&X*04 zxp%=E7i}T4notbh|5$t-VZsYxBLTIO&;;HOD{)lu1v3x8=xeRX{X`VozRfPK9sJ@X zY)xjmnCQlhG+Zz(EzDDP8fxkRoCt1>sc~PZUx z2X}I)=UP&6u9BZhlGi3c_xtqnKRFyX*amUyF4HyJzFdg*cgmuZm;-Wk^>nUERE%VqW-yI`f|5VT4)bQBKUSUsDVZ*C3ZQR1EI9jXOrQ0j_abgxm z-vJ0c1VCZ-#e)>v$6e9w_kGQwve>gOr$1_D_3J`7d=IhM55_nyifH3y^)vuy&Ja%i z6*zx1G7mW+#3A9nURFo<{4}(nA73WZ#;{8>X(6HJ(U@5{!1iTIQ|szNR-rVaqCl!o zikJ;=0TiXJ-7nf01zx|(sCQnRYS*6VZh2mizGr8XR;Z6In1H`0YO#XOBztZ>zT94H zfw_UIG@bII28W&q&h#zxeqnGq@I%Xhla6Vuf#E7iAU$4<k2CZaiL7j)yb zXLLx?lCZY{=n;h;GqJtE^fR7%52JA)Up_B1>uGQ8+l&}@HBANVcHSzV6w~xQ+%p>BNd;sr8|4ISnlM-}};mL;2Y= zMZJw0+|P5kKAE^aKHj$r*W1IaKgZ_=%J-f9@5tBw_W``Pcz8I!@6Z0m#iTj^ zVv)X|(bDj4SO2_o%b3CWo-gb~% zC4Q#q+e(Bgvnd-=L0q5}zGMD+iY@zT4%$#2Y=*T^a%LpIG)N{^2^ihA$v^y}fBVKU zO4vpJMktyI8Ad6Z8KrFh_grZNql8VY;)+men!*;h-YPP>krgFNpxM8KgLUKhjb_qg z_#bO8AtWFLc1s8?gaVkuVoQRNG{D6mTU$7+;h?HqGgdEfT)X-gP!|ok=U2E0O5;C~ zvn9ECOeB&b(xp#eDWLuvunQgVF%?oZNu?>EK&(im)tI!fC3mxQM%p6W_~V}7DcGxxeM>e>ugiIAIy<7BB_ zOa=s<=;$nER=VOLYc1ESo3)1E&SY84;%zjbqiadOM)5m2|LHnYv2&2aLM;WeWT1fR zk|Cp55Oobwy(1HSeTyGTOn=2&b|#R?P_q$Y-baGgvG*TQ zr>2RIK?d8S83?uclA1;brOVX4HPXM1&W>W33hG&OD{=O~x#K?e8cz4?wXGI`BrEFO zy$q|{d~^+;9$$f}wQ;=f0A?F!HxMT>jkR1y`K4&4V>DcMaw-o43VYu7FuoE;9_deQ z#gt4GVIO*;+h9{yHnhUHntK%RoYYza#JJ(~mwZiP_l*KhQ0N$jl6RKa8ye zTLz*5Pa)!0#K7CKj>+?tKCGCwI&Aak-nK;UBuU3Zz>Ig2(0qiK5g^jLOg@C9UzBlT zx^6qs*z|sm&fuBM*zbqVkqaCC#3WB5L;JcLHJw~(I*Os919LTWvcsTHc_^-0+4;oH zNVZoC!d=VMojmpKTq~2FoWVN5JuY5ZgZ8Ft9}&i-gGTrC#M^$duA5zUzAbxilzy?_ zaap+D-6IFA+qTi1)^(gG(z!6QYl+G^4cSK`u#h7yJyr+~5J-qcztndclmBk}|5+vQ zy#qiQK?@AgZ-F40QD;fQ{}N0X3*j@+syY9vGOp~jGGQ77ZTCniPFXYGh+0eeny)Ir zR}_AK=kU=dhBxB5aYu>a#aYKn41X$Z`t;3s2BLNfU-WG8-M*P>nvWkhlyrzRPeVV| z20s7pCIL|w`}CPmPcLmv-12d3Jd-;&qO;~01G>*dnLR69@TyuO_aDCh(k7Z8RqpxW z^OfiA%$8=f=*TO@p=Ze9N&=J|AOR)MN1p^LL>VGqc>@%yhSE06djK_!<8rt-$~DHS z7U!N2#P7x-F};h~(?oo3YC-Jq1NBwj1tq%0C+AFg_n%){a=tBAq1jGaA?wk8*EUba zDs=eiw1U{mKZe=nj%d)K4;)kb;`k6@(ZF3fV<%g+5Sx2SGGkB6eF%a6!hZ0RV%vxD zpog5jY@iFrfa`L{8FdO;OW7iQ#ZFB!M;QeQ0YLAYSgNbXSzY~72Op4oABe$O>JQyI z+aPyHck$3kV`^o8(TnM?68!qiRB!osXUKn-Yk1P{$#nfuUu{>?R+zrxHa%id=5;WJMMZG=vW6jff+ecugEe{qiBqNEkCkGghx2EUwR^r$_{kyqw;AJtzWJQlem|I|&xdWNG zdGQZdQbWT_N;EIQB^&Jx7w3kT0O^E5oU8n{3(#selQA=10BIIu2xFGbNwRP3Qk2aJ z2e|;wKy=^^S>GnJINO1q=G355S~v+{F)09vIXOIKDdv>q_6)OJz-nS7&NQ7IfHpP| z*bxdja!1oagN+WOcgdND!mPl znX;0uqbxAK2Dg}{2UaU#dhNZQV$r1B%emEHq}ETDG5+B3G(%a$DK)4 zODXdR;2i*C?5q-(3Bc3eo1L{I&)G8D-{SoQ6qT9DnVI({*( z)wU;0`af=?OlsERkVrcGY zk5U*CP{rdf^YAS7+K>0{w`Z7i1)YSuvlkQ>>tMe06GczJaA< zS{wd#J&zhhX?{Sx+BcDoZcx82);JaYbuwV$&}AC0CFBk}8c7d*W~XIe?)eEayNE6u zGzOdUj{6wn(i8ZJ`wlVu3xO z=D72h9p3=^IidaRRlS;375t=YlSacZ2w2A!=S)HZ>ZMEfi2X%df`=kMpOfl!z^RWqY_fqF1q~$1 zGmsE-+NGs)xC!7kx&7Jz!N;5OHL9Gng5*8^CzdaZ&yR<93k-8%>3WQ&p{~pzgbBk< z+>FdS@2EUKrjLctCK|J-NKccw;;JH~J!V;1W@F9{3SR*N+|5}2i)WS)lfT6J9m^*vCskOes#HGL~Y)1gqV41erjbDxY=&5c>dpiwQr zLNSaF#~+3sg1T*y zfEke9KLKGls5mEl84lODMHvT5&|DmNbB0P+u_}b-tP7Lt8PomRQDea_Nxm^X{?G9TBEoTQ@e^(B7}YzET=fXYM8O zP|MwEML)GwRb;m2WsUzGM5eth;_%T$ZOwl3g)isMf3;HfdsUWwXclUim>Q)&n#)<{ z6{hK|F_ApetIfbh0yGc6f8M>nEunm=O6RQ1*2WB-3N>Xa+!{mk0W7bD*~p371te)- zw6HccFP*b%8?``yXBv=rC|XFiQ8`y*1s5Q>)DsYyphR@45{awqgSMAep3Wy~k2>2b z0c2a`hnjtHDZPL7jd~|apgPsP*0etVUaS-ZAAw;1-cd{>KV97#s|8t~8UBkdN0?74 z=O20%dKOLn?Abmj9NO*wu=S2XqAbC>=-9SxuCZ;~wryjLZQHhIjcwbu?Kfw?bAR32 z5tWr$>gcY@i0ZF1vo>;aJVq`c^wb1gbL!l6B!h*_xYwe2TRB0j}7hBM|e-Xz}re9~!y9cZRDRo7|X>> zUqGgrQ%fGA_yBvP>>eqmp~>SGc*Kn0Iz!$+cvu~Mx##-dXpq{DnJB5zxM1g^27kMm z0<5+n@cCi{{NV6#`Mqy7&RQ}|93kz*8GQ+A$bmS-BQrcbp*-Zb1S0uwmUfWX)O{}x zE$Hd7v=d%bLfk~(>X?14Sljlf{!n!K5U6$nXUdR#Iy}D7?BuQ9^#=NDL@*F9AR+J_uT~q2h)G zMC_0uqs4+-aL0qaxav`0BP#!h2;lp=lbF_iwt7x9 zBhbE+5t3B2^j)s7yR0vDf2nE9G*ufdhSl)?a@HraExjA7-mZ;7S@mY-uvS8T} zTeUrkl`V$mKwZrtv=o(BA!+Uc6cOOEBW4)Zey+bu0$*;*OwQ~xo{?>jfHHt$be5~B zNk+5jyg05L#X=T=rjSKo9lOgQKPw&qg(rqQ*1Mf|oa+-mGhMJgcZxph>&rwU3t-_Y5xsTd+zjd9AhXpGt!CHRy?& z(;l*LpRbVbd{}pkI?q_I7q#b1PUoruW{PH_xJNIZ&lF(JkyD1<@m{k>+DpzqU!8eR zT1%hgKAv=*UfW8@U?;c;6a(G8hg5OJ)SX;x5KMxrxi`vLhc}lYUmGKxX6^lw6w4M&FV$GL! z&?i9#xqXiB`ZwA-b;l|Iv0;UteOcVN3R}wiB0@jkfZO-tkt-J|pHK7g z>Qf8c(}iz^H(yWA^i)f_V>QmX@Y*ev+jPBrk0EDwkInb;pXi+wQa4^Ux{=p9@@kr#=ME!S8M!_xGhZ4f@;Cib6)OOHuWEqc&&!X` zeWza^;h%{VVQFhNu5q+P=|l4LQF7|Z(=2h&pSeS#@CpLQj^Rq8C+yPSOV8&H^z-KI z>}>dlm)Ga>2))Pab0}5s>#mai`}HkV@ALYxaR%S-`PJ?8(IC}UloS=MhpX$Ql@(#$zL0`Muv$FBK4ix zuH(;T;+XNh#KE&ypuNNxmk34>&Po>%zMrFz#y3c|n&RD(l~*ufBrNlXoT~614mCvV zP?W=gc&i&XQ%rPV*jQj)x#{1=2s92vfK8wGXXp2m@{%g~s_}K`qW;QzNJA9`Z^N!y zb0@;=i7#Pf>aVZhU6nTw7d~VD4i7^Sv{}vm&leCE>p!1Em!bn&x@xRu@()ipT;H!* znnR^DQ~{CIEEwl)hd>e2E#34u))H$4RCTM~Z^*`yLp&Cip%yKB`@<|%;alw+BVdXx zB$b>=>8U~4I=Y{)Zz>ljx2q#n)-a1Y)dNjP6Eu36LlYjanM4|{*%H1wsm zfP>(({D(ajaJN(!Sl0%gL_7Z^uFTZbSTXsgPMSV%IT138<*~s~C9G9^1=a$P8F-9Q zD&;siFIX#0sVYmvS%d`{HYhp6IYSx7M_DtApu=Pzpi)jd$VDIf;Q4P`aLi$6x`ObA zZ+W|Kc$kOl&3L5GLZ!<0o-{*jcJv-IVwxdu9(C`FewC0CbTcUIs4lOToq;f&(s1S; zr*qCaL!G~457KCNM~ebc1ZY(u&bdQDiO7t0L>p-hP8r|x38boXML6vq8;Hjj5PjR0u&z8w<;Wn0+%Wg$x9tZW}P7CaJb^&53l zJHCay4Hw`o@$cJ1{y=zVXQu_R`=Ws5lpJ};Q+68>3c&dwpeHbw{rr)z+h6EMC7vHI zzqSzLo==Of0T5q^DPg`@{O1(34+v=Z&`#3fX&cDJF8Jf&=FrHA!>F)B|Cd2?+xr@r z=YJ~`8a+_U!frXOO}6BTkEBh~_DSWC=*SNlW`(DCPIwwB`y^4h=L3AAP8!d3he_@d z(M(^*H?Khh0`pudQ(1YU^w@uLyVL*SBX88&Twshmi#PwA6&7RG$6n2Szq~$H()WBi zHvN1_9t_m~xEQR8S^R8hkJg&}bTU4;8xYv7{;d0LHvHIB<&S)mt1WXct$wf5cjIs9 zdC@jUSFb5roh1%huHLqpkzho76*|~4UxUW%c453+vb5woEP@UPBI6z@n|`K*$v}3P z{FP++Xjh8V_@1_`)cy)NBNK8AB26>RG-b9y~AhZJQ*ZX-dURxrYjt5fB8 zkzFzpNy^hOa|twW(VWYBcq>J!Y^QB5nf5i>`+ zmwt2W`Hlu>Et6ZO1hS6@jxAaC5-)qc)o;dgt$2*98jAIqzi#y_Z^p(WBV^$qW$CgM zlAH=r9|{4t!AF-=<@YfuWuw-smZHyA(wpo-pb3LW{dt8>VP@)1hEYSxKoEj{KULkV z#ax#5Q$xNYIrqIqe`(wE|1+Way7#S$V9qql<@FnSYuQEn5iZknOW1NC<=bK^=fhSX zN`kIF$qlj65Z=xKvOu-jzCvt4lGeIx(@?^eO4Pw3^$7!0PCqK@#P@@ZF=yM32jQT+ zXn7j^QO1kC;-G|45tm7{f=MyE2G!?LnVb$gaMN?j4&o!^`KfZ19sVn?J3DZ96Nq0@ z2*43Y6{c=5n3_z~VK`H>twvc*g>q$snRmulq;GnsbRa5Dd!4Rm(W-yxk#uVnv$7AFcv=u4ZdVRg4r11=QGdzX8X)`-nV#mBQ&pB z!kIOAc-Slbd0`o(gEOlH>9pigr|d`3O6cdDHDN<7zg*VNr}Q;vvVD2{*J%VQI=}*@ z^GkLir(EKRZTMu}W6sO^_@QKB{p4nwaL@m`yMWY8n;U+ZxVbWrd8W{Mti36R-3TN! z0qd4+T7Eb(Fr;!h^PO(^MPK*diKM07o&OT^4LiAu6XR6}Q}OnNZ;r`DpSt>TSFuJi z#}1Aq_Dy%MIf6pP9fgY6X{vSEqwN8fflbe|}A- zRu!XKcrsBSkHC+U`}@S+o?K}n-_K`g;nUp8Q_symzmx5r)a@R%?VjSFPVV>j)0fV1 zZqvWI$o#_NXciQY{eBb5aNvZXsU`*$<3ed6!c2@O0k&mHv|%um0R#Jgzuqvk3WVP> z_E4wd2;2fQ)b~7!g!%Xd63UFUq(I(_Giw@+`R1-=|%sz@CE$aN$bkLqG8@BYpc8pG*!<) zYYC(o4d+efh#Gak|JV+8Ggh;{ha>hA@BYH>Ky>s0Pm>Th4 z=?UWnn?*u{+(lA_xe3&b$SzC~yHGFYQ%Qg2bSWo&ud5CZZ zx`eYw>=>$sc2ZY2D3U${Q?(g zGv83(K`dv%fDGS0#P0j0^&^RP8&>f~9*(Ifzo+}fIp6w(JxtUV zh^1xsQBle*rO3rw;Z$~LA&?OUh#XdB7Wo54)R_do1$^bmUb6&Mvo5K#tBbEg08{}B zwTE@((Wud)#*aBL5hYYmF(nNJ6W#t)CpPRgIrrPi+TqX7vDruL!dULk=ck>|c`7!r zQ<9(zyu1xXhzy=R?ykoa3U&xVSQXR~NQ+{4Q%aF|n+%k4^)OsH4Uz@y=q*f&l{ahi z&H9Wm8`h{*n*Vlg-X>Qq6k!Z?vvlJ~7w1CkGTU9~%8ZSOq!Ts81HEX|(Vp4D%r`qv zF!bc8j$dv>QJxqCRre|-RWP(vs_K=gyJxuRP@hwSjfp2?`$DS!JoX!pGH z3+eNDho4lB08g&shn3GL9U>cE-iWGYYIT5D&bGycf#&Dc@}ZshMD=2c7Nt!q81wde z*Os2P6Nv{kw~#mux}e z7mwj2hS2+PT=&P-4#xb-M>RMUi7N*}s`_pnsku8~>Y$OGn(^WTK?KB!GZ~Fr_&C}2 z_3u;ObZW%uWr+B}*#N{pNu#*9`dUmPUKhmQwaam)nOyWl09 z8Afd9sOQ;ntrx#uKrKxkd>u_|UfjR6MNTZyw=Sf?Muu8{Z?kljDVvP5cTYq}&TH+5 zChIuPS$&7sir%_i0O+h%MSs{<*Z-yAhhR`3zgaFJ-cOvt`+1XkTpR|-_zM%1;P7Bm zloF^GY2u}JJ;!XNZoMGjsIG)Nx8)~`>#zi&7ExPQfQdse?Q}LXhlY}#*y%f6^k<@e zbnbXcLhJ&DD^((k14FEFNStNa;DU3)Qx{o_?8o2829QRB{M_RO|9yInN& z2t@uD{|ipcVvNu^GQ~(*{WimJlm~n)gOSnXDh5*vs9h8$w$bo#TKz1>e;I?RbrdFa z594r@P1KI(B!=>$w6&10kB>#}ixG(7bBOzd?H>s31=Ky2jInXv$Xjj1J%a$L0AOI) zq6NZX;9=)fS+{@bw%fAhO3zNLg>WiW1Pwo)itdVhfs05?kINlP&(8uM8(= zEFoRGg^p$I{F+(;MIk`AXfk^)mDc;}Q5Fl|&ST9@bwyRVt(d7e>LRcyy&uy(J0!+| z`3v*TM7!l_4hB3|&1orsT4%C4$jXG#ERbDW)#GNu;KC25SCcPJj6y(k2pf*{}@C)W8!nPekB+>7ZSP5U*>T{Of++z zh{vI95NjQ-k`WQTJI~B2#sf-=)+4mIyYG<>61P#@tQ`b#8LXoJ{J6=VBP2C}^+zEr zI!Yl7w>^kWl+YE$uyvSX5G<85p>&D?s{Z?R)Lbb8K`LlnBWerjx#e&zt;)1|@&nD7 zGVvE^ZtuuHiWQ#q@a)_Cwf{^iX>Pb^PA^d#l&>~dd18+0AiVgn?JOC`U#!`Qd+Pny zY9qVa-2Gw=j_-89s~y9BJp9$-cpzOeFhOY2?-xf#_lb7e9nN&9xb(&FEOtjky;Gjg zCiuHza@Z4=8S%gHKe9-f<~#PE=v`8!Xh>%$Km=LVU~rXO&KQSF;c2T)2L~b2fL>3p zcHS7GtqhNi#46gVr?NT)DCCRLKn zAs<{X&pao>4ZtQutDZD^?`NQ0q*YhZFE1K#afeQ_L)L8(@6c~4aiZXwMw@STz9H%`#&Nb~)b1oKPm0qiMs z3+?kA$toRJx+r#S?C5usK4H&R!COVRY{k(B!8Z!pg2AYqyzbqiuQcQlc3y;={Baej*Xs zE@PQ!r?}F^61D75Jta+pyAohbN*sApN~H2FPN~Cw!#iKVY}F$q5q$BB*RH_xv{jt6 z#M>_*fqgeq?zjO#g`5rlod-gU1zamQd~-pL#=1!IUh~DG3`h?GSu45d2b=HeI(*xp z3o?@BLj@6z*`^!r`as%D{QmlbLJ$n0!y>ng>2DGjzZL_gBbX?|eR=5cK|@EE&>MD~ahJ{I&P5O7_B9RTPZHQeg?t}nN28z?amD(g60e(^= zhikudH1i3;7z}K8dlQITn5upD<55!lb?bWC=sh0pJ%-Bdb2G)DB(;r|savR!fe8gw z1lz4Z|3H)yypziUHLzVmhwKTH$f8=O?7O^`nmxfg~ZU1D^{^3&6tR9Oqf^0K=edjLiiB5c`!;!0abYP468N*aEG0Thv(}&l781u zPEJni=i@bUM9=%}E%pC}balU8KK>$IfGaw&l2kOlZk{)GHgwm-n7PX}YymeV&=o05 zRSCkY!l%E;vaU^f_yKly&sL6X&*#JAT{z2%8xQd4((XF*L7;tk&%G)10B^c9SuS%; z8#zR3(m$mjz|hR?Pe|{e)>yvwd>X&NY3lOVa~6j1Jvo*wActLKv-g!145r~^#J#EN z79Uh-A~NXyl8nETRGNpv0QN6u8w+Q-rMW(VFl!}QOVyaU1gZhSi2n-8nj@xzeG4SQ zzS&9ocm=lLH9B*%i&Dti%Z}0^&sQ~HBiACV(gv+~AYWCirgrSUk2soZ`WwnX=+>3k z2Cc?|?_so&Ni5?u$IGE;G;4hfp&2uhg#I{L4DZ5}VvQG(mIycvJLxJ@tNIyDQ2yfP zGBMs7voKPzZ)rz)D^ppB@12L2NR>y(#yCRPEFWf0(zP3Wwoa+x@TIPJHrc+=r)z;t zyGQEj_>;MIG8!VI7&S_t?h>nOM?ddn=dy5F#viSdEWlAz!KyYZv9FhrlOBII7)pGt6vl_)qkBM2E z3H!qHLm-jX5~yR!q@$2@XCNih(%&CcKg#OsjS6CwV!D4TvDg89462_-mFhC1T@C1J zb9HoxUo6<8rnW+TUM4Z85KmzXt>N}S7LiRas6u6Mrb-y(;@by2a3nWl@7(p)ti2TCM|ogA0B;;YBFS>VWs_J%wmzm1vI z661U86JE?496Bu_>*WIv<@y|*Rs3EJ``o`C8r?`L`-7iaDi1K^g)xREyhl+iS^Q=f zQVftwwoxm)B&y1q6#hK%BF?bykbKVs3h=r-4lrb>Kq-Kdj5b|}uHt}r-=#Pj?Hott z>0i%C?jU=%gVglzrbA6wlJvWdnH^FbGZHQ} zhN2L(Z;7%lO&^aiZ^l4(2@8pJ=nmbVjei1Am-3IbvT;F9<%Fj}*^yCZ<>3^?)JsmD zFD+2x)*`NG%ClIFsr-`6vXCU&-l^Q+b3d3Gb%H&KUmFyQnY(~r6USJk)ykrVNX?6a z7BC*e?A>e%`l`j+%;&C%Wdd-NK$mixR!1-@v@($GX=b&owE2img9WG{{7B0SQzyLy zU<@G55cJIfyIXuT$-0A^q9v{ z9I%$cmdk*Jmf&H+SY|&CQ^)-Xu!T%B6vh6UOu1p&Ae(Z-(yn;OXi3e|ue6C>!y>?8 zKQNQ*kWmb;pO$!$MVqC7B(mhvC5BrTjuT+B4(x2^3DFP43|~_-wT1)(jJ0NzKlE-z z{IT|ekpyBS9&+2j%LFAAg4+bV2%gPv<8lKSq#e0&*l3LGR`E{-=I51@oN0!}^2Kn_ zbND?AvBTHzF7EH@?e(*JY-pZiY_7*bDmQ>}!U~5bw7rw{YaW;O)=ouT(LatHH|bGt z({MY1Tj+Mi&Ja|vST>^GK2;^C0%-zw#&VJ6>BiZ2`@u6_0OPA1IhQ`WNs8>^^!fo4 zDO!xRsKqKlCPhc+t;D~!z5YSM%=XCy5I(?^ocMt-#)-kAnC3|V{}Ij+3gBqQSqk8M z1+WOdoQCli#qeSEIxx(IZ_CT5%w?vPShEdD>@8H<*EZoGt3Oj~<`MyGfq5f|Bc-Jb z)=xm=ygxJ+W=b7yMaG+Q3S+OOAnbg4~zRcid^ z!-caE6hSHzo6>47TmTw$VzXUD>w@-gm=tHSY9FO3 zm11ZvERb6}0cT5A40I8(AFaGk#Z0dpX;C%OT_J(K#q0u+F6!W8H<6AdEqCUnmp&kB zd@G`E8h^-&!;dptUBu~QSI{_0yErrE5sXrGCZ28y^ye#A2!tD*RSvL}; z@0STyYdPaBxoF2;LDY1!ntaKi9x_t@?M62H!SQ4F;vOpI#8sK9hREI7{M%$-ovYm& zE?Wp4DO&*l&0{&ghX09W`!1e|Wp^8WR$e?7>KP>koHLB`2mGdRXe<)~uK#`Y6px3Y zguq?sJ)+~z``A2dtgfOo5Ai0jdh#IFV-ML0`jR=|j`~p!oCk@4W^~o{Mwah*R{YCa z#CPNB+p%+e9K<7WT6tq2>SHojTL~wj_hsa0-jn%f+XoDxrjz*+6Zslo*k-_BowA!` zg+^S(!-W(XyI-|o7y3*q$2_Ks=FZLHpb{gno^9V3!zwcO6VDleSp(*SC0Z=X-?ZUr z7|Ms{vNqva&k>t+LC?G_1I0W`0oshSGs1!nq37;qp59PD{(CIPO^HmKStk-pv>Ki=`87KMMORpH@ zLF8%%*`>z@ERKr_$IS&%M*>s>2!|<}5(S`OStRohE#v<37fi3m|Fu>&SF^D}*FwdT zS8?1GwO-7-WYC2L!77*JK%jpTuU2a3apf+`XQg2->Nx5hYPB+W)@*id19~ZsY3G^0 zFuAs>&;^|eAh^-7bMm@0CKBvS3!lAq=h@T_0?Uk=C1^y%vgH&Um=ZG&O%}5XvW+EF z5&9rwKa~zuMUy$XzJe->*DM^qg6n13F zyo_OWk&x#SzYcKj1CS##fC9m66Qq-37m~v&51q04$3^5%;%R*2EZ!*Cc%g+-gmK)! z>+R2XPvN@lqU|)p`FLRs_xbqUFY`xK$73;B?0?7>hRczH8lKD1^Dpzo(@n19;ojR) z>#*()ue6Uzol$J%q>~LIgyobGvbkJAjOBzRu7_<_Q+2Ml?L5Lj#NdirAVJ|-$3413-Hx?xrn4m>fJ4^0UX%*p&0T3p)}P(MP} zl0qg=VC;dJ#A*rCJQ#k_!Q91MY)QhwYd>BH(lVs^B<|dQqz=Be6lqnk5Vt?C)7j0DZYi?{6il}4Ok~;iAR6Sk@?v*FTZAN~=UOxt4 zn9NwzVn4=dtrSv5A<%Okyp;-SM2ZOVq(zAu26W%1C{XFPH;+&jEn6+THzXq+iM%~F zM`UC_N)H6TvnVKXi1Z7((_7QEn30WDF9RG)AuY3`x#~%oUfiR#lbum_C#fuw&a75H z7Md?bY`KR~8(Bm~v3aWW|e zNRA9kF?__QcUaj>A7buJ^Y&Obw;J$2)ibJ(>-OIG?X~dZKn6_qX5be9r}Hjv@f$vJ z_GYISe_VI?vA(|@o_3ShJZA6LV;7Bnv2uZ}xF`2TK$a`u7s!MM4NpsdFe z@kOC7_5CKVyVC+ro(Oo;z;AoF({4!DZVW#u$G}d6bEO*IeBJhJ091QYm9P5h!{Cua z*(t#0&dU_?%I`v>Ye@`pEb2qA+WIM0%{TX2>`1npmQkJDbKUzDke!Sc2Z?^u{%;bM zvHl-YWfYaMI*h?mAI)HC_~V(eTBrGTN70%>l~Tfb$w5w&0Kbgdo>Ii9jYP!r|S7SSf0#sa`VigXf~Xcdpl(?%J9{{n+E5(3P>g(gZU0s>6mvYQDFF$x9olB>BsLH|c0IvHd{GLVY~ z^_M}WIr;#EmCXO>%GSA^1FmYZAb~HU!1&v!VB;t&{Q+nyXJs!d(YH6# zY3|Es0R`sY0CfFp2?dt7yaYCq5ojdSS6`xU9K`}UB8fJIL9G#$OfxKrW<(lUpCID? zD-gxTCeySGtB)C08PD+z|8I}ovheobnJgq@{a>>8E5(n9$yi(cPIOuLQ*3?7uDa4J z{(s~Da&?&aYBGJj_znU=o>cB@?@+m4M$gW4)%$sE0OCl#?d`+W9u0@m+*Z4Jj%gv_ zzR!SkKjfk!Uf>HOt}R$m43&oIxAEV?z3)9at;#pjpSmdJ$y4`-NIFYD??M6L!Br(0 zOBJ-k`UFUwrS0??1M$iAsdAPJJNQrM>N)og797ljx`Ot0li3@d_~Y)(1{UQlElcG< z01l#778k&NET$7C8xyJYfLDXEAn!1P+pLiB;_7*CvMA;>%SA&^Z#xQ&ONSSC@io{TXl_(#76KL!8BFKK4r| z$m7M7g_sLh3er`N6v>r&MuRbWzQUeQe8Sjs$nYnZe%mG0UAnW7hlu~fB0|p|L^bW< z)E14Th;KWrAu35K_ezV{nzWg{>EIx=W>|1@FjzbHYi> zvL(S-7qung0A(-XTRdo)C3X(hAm$e`!Di{UQ!&M->>|Gg)_=coif1+!dL4X8>@9Crc^q}g2apH z7w>;3J!f8csV4B3v_HS=#iB0bNEM(u-NvcCXRjZM3|FhcCp~uRgI-g4MCnGLu27mP z@PSg0zWrR-Ze|RQ=qZZ8Qc(aQ+s!x7b6$2u20AWH62&ec!`f)S+Xc?5lZ1$hFK0y# zt6H6C{M%N--e~a|z%{c{mAmwTWfdh0)Kwtu8-1)Rwc3bupo*6y?*X*uqTpZ2G>a*O znx#ZqLAn8I@$Sv?F!pI>Btj<~>P91}X(U~lyKe+P)Y|?!th8pNY|#B8SBwG?Ec?kopc9MMC#1J=oxbR= zPzzWwb1sz)hy7{XW>!f~Ukqcha~Wz7W*N2a>3GjUm9o-9R?NsCI|Nm|lSQZFVQ~Kx z!yH7I7!N~i2j$e^p)m4jTUfndnHHJ42ZjlWDz0zAd2q+2IYn1uM*7j~PUmsB$h?1T zl9TTg)C)w?kgP_R7+ulf?bO@_;D7*mPv~>bmDrlxY-9R0HzoV*EM)H~-w~mq<}*<7 z8Hwg@;QhG0zK)O9BF(AO`6=4dh@)(;Ry_Mm z)7D5h1W4#@C44WT*)SbK)W^pqH6(FlI~S6oF`<&==9F~LmcGAV>VO39sT!4M_Qr2w zv*(Z@?CG`5lL?r#JDR;VLJl)1Kd-|rDsE3-wsY}<&9tCuN{wquG;{#Fpr9T{Lm5S8 z9$O`@akc5?+Zv-bkpOvJysSsW<3Q0o1d5nJ^5T;Uz(p)``3@{2rZ1eB()~RuP%7&F z#gm7O$v9Ts4t7?Oi_&BodpGyf2-Iwd*Bv>b>$H&69r>E z8Y$8zhbjHl&GY$BJP_ea7B2w%YP`xvI$O*`e`HO@5QTkb8z@BjTP8q1xPzDc>p&7N z$lbc_aZ|DAWtYrx;&mHz7arEdp=hPw>5_^M7PZrDCWuA3>&w57uq#C?moy}yE8H%bSHb!P0ioaPV;xDG}G0J-cJCQ!PyVf~sr zY3Gslo8NL_-&~@07x;vV0^iQ|w>LX{A2&bj?5}S&P%&&bz{zZ?M`#H44$_!2;bicX zfA&DB#j;H>YtsVN2sc|37D!Xi_Zz-v5>C)lCG5LSOoEyV`art!5xBG^K1y~XoP+mr zcg#WB2B{Vo7x9$~xCD}kV2Xq&mIhBo-d$M(hpr9=iK>9Z=Qm|sLuuO{`|Dtq*|sl8 zI98&`{7*0MfwnTTef*E$@+BV*mAvhm#*!J{kGGk}1sqG&s6{B%0U!}wBuJHKQJce^ zT1sn#Lyt!+R8=WgHhH^J`}=tmvC0+f579>AQf5;ks?pwcaa zCp_mOnhP&UcDQURedG~rJrt@HsqGVdPL;v?4AkPg4z zz$v^V;PgEh{;O(ixW6ts(dWa5thWI|XEX?o@hKSy|HoMU`Vp8@LC-48S!8Ss*GZrtS`LJ0vT>t)-|De~lns zS)GC+5Z*&5#7%>o*~DecSV>PZ&}J$440%bf4I7!shFoQP`C z+TnW`ZR7aW>ps4S;S`=hc?Tc9*KuL>3P3e;+7x{C#3*SJJY!gOLBo>qVU*&bgW@Ghu^6`X*r(Ix)Y^{gvKrThPV^JrCHspvQ(yH^1F~Q3WYa|UEAdhh}h(I z*e;4uJqUwJ%I{CAFT5g!aAb){WlpP*G~f|3(MLUU&LRNm3wGOmA4l5Qzk zwJG6a8b`ZB4WTF*6?6ML>op$5gX1(2Na9MS8BECh!3} z=}tuh;2X#@l+6%*vG#|f{LZ+bhenRq<{N}B=+&{}RA@WiS{|{?>_)srK@?=bCt#A? z8yPkN+fXE?$mmh_e)HeS`H<$HvOJiY0+~7Sh7JYQ(#@p}JA_q9Yl>1JOPT69?&jSB zHgbxg!FIt=aB^@lEwG%ym@6ku1fdM=4vj9rgqm?fSS#MqSVWcbU&nY6BvdCZ{Rj1! z_(O3>?USbd+Bgy#Dk1j7Jbb)QNBgL-@t9d$GjOODr-+*N6wS=oYL8$HiRQTTLR#ny z1(m9R7(!jj#Dvh~sR4nRZ3Poz!-Twh4o*;MMrK%pa41hH*%T0TON*?%sKznA@ZEAR zEryThk$FHC4V2}@Yc0mAql5o(LEAxU7Eom-K{o-gq(yY1Q~fBSm!d0V+RC9#9VbD> zu9?OIMs>}L=j zL$I(px2*mLdY&Tg)C*hJi)V{3yyKGI)JC-wxSX{x>V9MUvK0pMnfaGhl^*UIU*}wKXSNs_8D(uzB6_cJ} z5cG>;&Q?N*g&iVib%rztS*U-k269g0_5wc=LEN7DTphf!uUhJV>TM`HVlbr3K+GmS z-m*joyqH7>KFr-KVxr*li1WsN?b16(IE_}% z&XXcS`=Q8fO!M^$^!RCoriF9zJJsCAdN_p@CQ_J!I?{1TJu?9b%6fkjLHm?|#=h36 zhLQ;;;Vk4(IWR+BuG|IYvWh!?sO)%B8j!%z!%RUZ7P1*yfpls9PIou=%SIQIm>^~6 z5$GiVE4+m%j%cgZ1_Mwbrot+63++g1*dOk{H6>VvQ_pmTRs$PWWlm(_6 zi}}HAE%V*}*-WU++5Tu<<~l%G^jRVRMMO}NqG%u%^L1eY*!QR7%lfU{)2Z${9?u}y z9vZtPM(~%XZv3m$sU)2qHn_l{32~az8uHCmrVCNEvdjgUKWx;mm&U=xM1oRuDYmkV zu)z&O&dK;g>8m?wV}w@gIqnt_p1yRri%-OnOt-2&@Lm5bs%|%QwbH~6Pe_QecP~9K z#N^I(Wapy6x!e+r%biDJZsa8pKNPb#$GE-xnatXV!KbC68$vmidD$((7%M2~auR@QYsH5( z@QUuSO}s6&la5s?En5C!q_R&MWr5Cu#c?tfn8@vZ{%MrHst7@%_Pic~2z#!%&KRA{ z552?f5%R8q5DHCde_+2CUKkER5LJwvf1esDg`2Il0su%1PWq^?RM&rDs!}I-s4&M? zi|QlYYPfHsM1RIORx;u<-R8+%$uE3{OzniO^N!9yD`I?e=FYDLG6Igl2MzQ^mPoQ@K;Z=1vO8a^+cyo#0gS4(|zS({kAsaD4jM6Bv z9Pkb5p@L$$j7sL_i)>^#C}x0o4_cv=%YU!Z$Tj*@5z3Zb7@^>*_IxP{TtNh>1i_Y6 zTfAddtANsT66!$2;1wBg)QOIflX}@aJhH=-UX(3=d)+f_Ms5zZe(DSsnx0)NE#~&v z=uk(35tfY_!c+w_xAa)eN*9uC#=^$d+Vg2{pS`}w7XdI6ElII)MXknFlYMs}Gm_ek zyz70W29i0W`hqx!RZ$>M{-mu0^w;c$7#gM^m^1;5e2OjVZ{(5u8#@{JLqqbZtCS2I zxlcb_I2@)JPGBOH=n|)CLdt|>e%4NX;TeFPC;|yPTMZX{<<&9mB#N=~Dyr=*Ul6vCmXPytJdkS~wh3Y_zXx+yCS$k4KFD{+acAznt*L`6K{+#rA9G73qoY*iduoekTGA3%;Vr zo(1J?hwx*n1`KY&mb_U+^Rj7MQGw7I%#uPwrtPV5f!hczwf=k_IYs&6@(lgPO-ifn zSCr}~+kiPd(X zH@rBcJO1kI&aV=SCTc&J(+&1dI8hqdej2uAOJjggdHoujWBI7 z@BWkT)7T6xAC9B6KSc?u#(faa_>j`f8@_(F4#x|Py{v<^*a-eKurOf+3qxhDmp$S` zSzYt;8w@i3x=Er^&LVbkAO1`F{Tub1jYdqfBLM1+&3J2~cfN$J9G>HCz_fvS(*_*@ z4q`$|w%K`4EaOEGRxB?z{@AGK4a0(0G~@rU zc-tim^WIU+_{39Q!~fNUj$l}9vki+sd`#K@SAK;-JT)Tz@NM>6hATejuyo2}O zK;10AWxcPjgP9ET|E!|^@8P%ar2Q+~mw7GbmcUQERa7JLR<4^f-mu>JO(g$ZdCT@NhcK{gNzgI9|9OO3`!#Q<>dWv zd~V?TrsMedxW6u(9nSFm?A_Way^i$Y`uIFXe#G+O;Ns$aKYm5p)zasFNyqxWg{xFz zKj`(~d<*A%WkDRCo?h&Lm%70B)kbH|>@{(J^ps#zf5Or6=-x$8BA0_w;Gk()K7!#7 z*9PWMs8BS^rX$MnA#pduUDHZ8Us|Y1y98l?Oul0)6Ll9zMpkJeJtYYBD-x>Ej+Aw2 zA^3$QTSTe4eOurh8!TTQDr^kJ)QkgRMfTyQv*&Wuopd=Kzqq0o#)>DX1Xet8m__`% zVBu}LJF56ffTfFLJ?;O5y_**v3U(%^7j+q{BntIkhzN)QQ6~;(jDQI1Lg;O|yVG5j zb@`(?&qw7M30-~25=SS%{}iy*O487OU&5ioI7g(`HH_TKa*OOydQA!mfZg_AI9h?6 zF&K1znKPnm4R{cC)IR8P7EK?ae&x0Dc!~iS+CL^_;T6vQ#d9i8CbadlE!_?vrsd-1lct=0UfxeF`RR3Wc)joMlX{M!GLXz%Xv8h;SCSae z|CxkkW~D3DZ!FZ5GUMn;6yPe!Cwb==CnzNvAPsSaLA32YDtyrcvCKLlZ{ICWuVY$g z4q_O?RAeKyM^v(Zes~^117f;03eMiYdT8RoD~UgVpnek$jx~Z;b=;uLPOYt>`~S$g$Kc4Ku2I0TZQC{`$;8IQwrxz3iEZ1qZEIpD6Wg|L z&%EFJ-CK35PW92=r&IaSovi(=wLYyzQ{qH_x7xUG2@XM7OyD)v)YxDQwKhBwWlfSScu9Bbp1~2iby%>=&19;s+%N5cc**xS8!g3)>vA$6qW@#P#>^A{qiAhL z`e_j=pm0@DIC+DtM?vU51-y^jEbcrKrK0EtuBNt=xb3A+)76T$`sBg7j2f8HJzo;79%UNh&}d-isHF{BhlsR;re6iQtejMrUdh;N|n>VJ#) z8f?8DHrySfyUpGov`@`KZIV@X=i)hsjr{GS^KSQIyJ#Aby+(&-&zHOqUW0$WEGD zYOIRK_=Tc7>CJJa!pYUw{zR3Qa4LAn6to72;WUX(b7Y`~VcxAjalqWe5gzbjfLd~w zGj=H!%#@Zhc&=w(A?!7fFoUo0NQdJ9|F~>rPPxn5aH&^1tq*recWMd7W-Mg`yV1H{ za0=RORDH;g6OthZgdQMzQY3dvlsI(CdcoCKhxP+X;bj;?S#OBg_d1BH%o4ERe!C=^ z;7Yq7E<$GK6*KkmQluGk`d#iuQEHlsy?=_`8P3uoY+v6>2WyGqzviddSJiI5^V=bY z3-%ry6MWg3SEvNslv~e6RuQ(pP^H@H4~YnMDJKjNq8S*?D18_j(Q2he@zzX(y*ND4 z--LH2Sazy3JgT(NdQce{f6Re;NZmXCR4$wrD)`+1O;lbkV_8jE>l*09V?+yC6#!nS zl4L!5O!qbN=CYDvQIw1~`K6)@Q>`*7$lKffhigWrd)(I?BarUG8nnM3HhbVVk_x8a z)0cFjg)fRV3+hu)^0cgQlMmDn_PAfR@uRiaW-9xJ&w@KjnCr%fjkAIr=PK+o(h^5zE@r?lceSkHgnk$T@b1VNeDjkdl>} zfuxt2Q3{#jk{`u3v9d0KVpqM{V3rLU*4SdzsmxqW^`9IRuX!iEWywA6*YV{GcNc}@ zZ^Q+fa3`2JMsa^T;`$yl^0t?^4;IJalpKqfCLSsHQ6AgDEy9W?1hQ@jEMn1!5#uO( z*#yd)`DFykRx9M%#%FNuLPGp3KH{7G=K9t~rEbT#Wwjazg+O^jEDh;4EBa}v>*DWN zT$7w{P3+|bCXRR6t9>LLhtzo!kqMC&&Pz&g;i@Bo=53Q(H_xQV>$+n| zYS$?*C69`s`nNqfTcgU@(a@sCn~S_zu6o_3%!gax9eNTAhFabTei}V@k6=h2O(&r8 z#O)x-n@A0jZa_qRezYctN;37yIS;PS^J5_7z=*nTYz$rk%nUS_H>IEbIfPg*GYAVRJNj&Hu& zLa?vBExy{EoIH+B$bn8t(!9);%@j%k%b79_`;lwDuJq9M#R}}zpXRTInf~_4$=RM- z4x3!HRs75_&br&+`($P9a4i~p_$tz+-&@G&kBrk>NkYNCkcCB{7_8xvSOW%9eAxwj zRnf?nM?9d>^Z5w9lz1?9(b!EBUNVg}S)%;!kw~VJ+sxUET2^TNGK=Y+mrUuWB4}=0N9Z0#Tb2+hjP#pY z7%kZx`=v|J`47xJc0oBw$Nwz7qrq3(T*PSHD-pS_%3T?J6GgQ8E~-PZ@MM}61}T!U z{{dX&R@2GJOJ4mLs(XtEf|kAu>h}{_YbD@wKCB_Cb)pqo{fX9k1*MvME?tq|pfR{W zMZ?^nj6H$ktwC}oX~cFHxT`-2ve`u-dUnf?cVV`znylXhehG^bWP)j+vf8z%wLv8> zbLwbN6k!_h2XHU#@Tnu1{%Sfrg0GnSsfa`=s@f+WB}8c3{*a+cjM zq1a3X)i1SUz50XZ6Q&HzG$3Q;$6JK5|8`PDzm9?BcRzcI)^q+w6%{JYB|`Cd0j{2% zxQAguYe`fp59?2qZ!8_Wm&<1$>^E3aoz+rJ9CfzMG^MdHCg9|LxpJ(+N~%cRKIbCn zrfPH-@fry6Kg-BqR1M83^uI?r(p0&U#UQIjKlk-@c!d;P#gH*a{+<}-J@px;C0h+# zUred`vPA!>pclBOTIosZDF_Frt#C#2=np1hu&=tuF&2seYyT#;M7aL4>&|-%9*4p> zYSKHmS<>lW*ToGdkkU`a)~@HFwmPVSKbl+#NUSeAX!^ToW#21bPiNnsXhT6p*jUg! z0}I&+T<#7w4k{mYVoE`kR=^$POABT2jU&mpmYH8d5^Q3t9NiWlINt!XRAh*y5{DWE z<>MHSo`~%?%!*#-=L;>Hmeu7SSOwUqa9Zt!40WXD88fg#u{&aZsLcze#7;!J-o0sC zQ=8cxGRhXp%{Ez>?o?Ohmn)+~1@<0LQFp-x7nJz+dP(!KE18oH1h|MJ#pKRP7$f#i zF(Zz1b@DM+F{L9fn2S=-Eerm_pbIw+(zoE;+=@+4H!|A~7 ze7+|TtMcy375LqcAggo>^j~>JBlU_5&#hL%vad}hB!b`8b=lm-aa|TDO0m#Kzij!D zo1rRO9vbEuKaH!QcR@Z*&`4ws>WC!-l-LKfck*X6RToCfx$u5r8eT;%)4&HMi2go1 z`&x1|;#X0QN4qmhxRbZCgzODOpmPZzOSt&v#dDXU1;}K$Oqf3OBokY=aI%|FUl^NK zBQT!f0sfh#uH%|+e~)bGL$0HC>DXB5viZ-*P14ppgL#Sk8%_d}IZfgUn;P26%EH~q zL98SZ2^x0lFJ!sr&R%D94O64~jxWbuj6Y#+Vtyh1eRyMOJRgGChadtE3ynNpV@_`< z+L}rZ&B7AW5tTnE`h*!CVkXo7xM_YV>RH|?Zr!8P(pgPO`F#Fr~E{=sjIC!oK*YRH==*<+v8-2WFSV%s@O4nNEmE3GlgTkmgS9Pg@c~CK!;0IyO zCr%-{X@j7q-csS>dPdj8coI7SQwt`9Ls$9G!XjT#P9us$ItF{37e82>gmjWF$BBX( z^G)Evu#$@jd&kiQ=khv{lhX@dIj%;nS5E-av$Xd;6n;7-qRgu@StajH>&0zO7cFVi zB*)yARHchMX)ThsA^{{%MsF&v<)>p<|-%lwa_7R2w6Y1 zb)8k9s=zDt$E$~`XjuS8xwns9XEk|YSfAMto(Ad zm^X`&TOGwxR6riZ2{F|p0)PI{X%JjTeksvw2pqY%buOGru%Vq47fpOr2BxSf^5XrDdjlqtqz68wjc10QhAlB`c}0ngP|+tXFi(^b-w-N_e2O!xOcwxn2p zFlC<|<9$e5 zTqS>>9eaO52P!S5Ok*QY-P2cLwyKZMIJ(JnAJ07)-=@ohZA=2j)vLH2y%*&^?HMgy zdHz!@CBxm)uH}~#`Sjj&;M~R~eP6G;%jcra9f3)vTRQ3Pu3{{=7v>J{GSZrvt^j|h zH$sUUpf-(k;Yo?_y9}I28$*;wghgIbS~RyBUCnrlLKxOqXrg*0yO$=C7?`SNBAVvZ z;#LCww5xB?U6f?oGnT`d^|xa56}-QVH_)wLiTq57f1ktDk5Co1h%9{-zQmRF-zC&u^D za6d9V-JJ){Ep{XVNYJM@@&2*2ebtzyO-%FfWpriNy4PG4r0`s$U#3%2sLI-$@W{*O z{mLQTl%>pBS7k*##m9MK!9->Xfeu{@M(ytC_4TH+f(z7#jRGXDxSNU4u4*K?Pw}1O z@ktz(IY3>YLUF(#0B85+#=4l(GFUpDJt+O-@;SBh`OtsHgM9&%b;5-8n+*6Xw1)iK zAPte~iZ*3$BCdp0rj0!Mg{?=b$F7@ z)+KIppYfrg2*T;`UMg}-NZaec-5_O;-`AjZrJY`PkZM*jfqKPCJ^h4BDyrtqQ>Ci> z>s4^Xdt@W;7fGf^T&vw2#B$-)20D}X7EWghc2d_Zn$@i3`Me z-#y$TMygCBeI-bK8v@CE?>XS*@_A9|cfhDKQX1gI4+&4C*h`ecNGP3(?IIKp_{74P z8IhR7!JcC2{4`kYN@FsGRJo`nIz`*y4)U3)(vOk(CfAAyFMW!OVm%kywr6rd;tlrl z0Desy{8=Z*YdFW+mlEV1|S24l=Ye!vyYkmG0|aUSfls-A?@<-;uswU?GOi ze=%JUmb@vX^CxWDjduR6S$^+g^l?&D20=%4dtcMnHgXN z-pgd|ol^_WnM5{nv2{LwNp&K$$)c{7y(|;;`#MhIJE{m4ihdY7X*uWg?RwK9@@m46T;i(Ob2Xy`PBQo|r)1)rD)*Le_cdgt^lDe^i@ zX{(Q>(dvTQLRKv+)cLfUc+GxXe{AVPO^Z3HK1Y3qr|rvxV`sr1U=__$9P_v13z*1> zAX6B3XaNZ~Z#fhnP% z;c+#Xk%q!*T6%^+`F+O618zORA|42;)|gA;v?0((B5? z`ZrUMZ^VjD9>eEF>5k8!`_oty=jF%3Pp=4QOW~yPxv3bImv67IthqfOW1nKLu{^u* z(7klv^-CcPlMaVcRH<3quHU$KSxQss=vRv_x7yj_U_PuoIuNNH51plW%hLC-#8pLe zP+mPvSce@pT2nS@(+Tbj*F^bWwEHZ|jO{MDHrO{b>;hw|tYHbksegk}oTrSdDpMEq zPqcop^m)@#7o5E1V4cjQuYO-L)ga2l3xcHvqA5ty>1eSLu@MpG=cW8Lb+~`rvY8Xz z-%w>)R$?5E)^`fCS(}cr4=|FHHTNyVAyWkFRPr^plleT&tn_%Z-xwp$FRWH(0}KgU zRh^8hZY-!W$l@e8lsC-dOSuQ>O5n5H-5#K6E?DQQti&cSj!Tacwo(d-=}4v+RZyTx#negs_&4sscU`PKUK<#h64C1s@dMBm8&2uM0iKn8=KZx{ub zTLFswoE&6EO zXerqf*BHxZ5qh&voR3>cMbu-**zw15v^-5=bW`!&AAuk$kF2saps`SiSe ze!U;n=zT2fMaO)78o@-n0qo<5A~YY7I_(c_XtbLs?9W#43$2dW`M`D5Oe;c|vU$(NJ(@rNwy3 zp1srAiw57hi^nhbRkV;V`l+WYts!ag)$g5MYxRk;AMq05{ zxlrCK!(LxZOSKeCC;@(+Ek4sFdD$Ox@@?>$m?cGSqezIK&Bl?Eg}}9m?=@tj4Ns86 zxfKz{pL!^b2Bl2`MjmYlz#jd(xZ9cI@DARSY10CO!(>P7Wvuv?d??*-1B5bcZfz{p zj6#Fj0OWD{yYfsy??xN_<~7|CCw_?9`*FyYPo_&ygq(Nk0Kd1}>(Gh#+rSkd(_gOp z>-9lxIi==v>Ic6!eMI5*1uTfrb39PX}2C@c0hS z>*vVwUNE#UXdhVVebc>RGap~_I33Uw*9ADJDw}me)E_raG{$mUjMw)%FX$S`9>&j`{QQad7*vbf@opLR0uTGyk8y%d z_nU{=oeHJK;9g^mT2PlGhUf@Qw`MW~q|?()=*&oroUF-KFAfYrqw)u$h2)yMk26nl+%F-`yD3A(-Q6$(ogoo!jXxsYNZopEFvKu?8H;uxW}{ z`?V}o8iJ5^STr(qQ1k^?IWzDt1Aigs6U)Qo$l+B7JNtnGG-D682@@2vO7f>M!w0BD z9%+~n*DzdKDi=i4x03vdluzGP)q;pKP8Em5@;EFy;iX?i({=hSl}sd{)MdG}rR#j% zW^*blDNScY-T3^lbA_^7zWht|fW$6hO(7WXfl+BybVsFhs@6rz^4U8DZ?a1pw zleJ{92N(v4NoDdN!;ffjTaHrUGU#$a81afi%j(8_bdowR>yE}6fq6YmG`cI7u94&^ zwmP${U;|t#?bLOBnp^+H8HM>$JHDZr$8JDF&wHLU)&4-!v`S*!>NunXgU^KxEPZrn z*)Bt|Li={n_%2e*%dvpOyG=QlUQyDYW01%8p5x;=5q$E z%rhNvF77J)R1*IJLpljgIP zv)BxUsUL%uY3(glOm-z)BqWbSJ~EBLBZK1?l&B&GvKQSji%kQwj3EwQUN7iY&7Ne(>Q;mvlS1 zy~wDJ8jT>e`ChMW>85~+)>mD(`3XJsd{QVa7z6XxUU2X?gZmLSJG!*}95UfYOzn)> z6aUMk3uf+5Qfd>K8`F$SOHzkr<*(WMv>&(AvU%@F*YRjeTX7GQ zWKt<*IyV_q?CtQ+(Ue3?{kuNZ++omcm8r)atrc$v;>YKzrh%B>4Po^PZm_)W9OSM? zTam4}`Oyx8kh|YmyrJt;?$uQqD#Re#>Cab`Z-S5`PW|bNip5SS7Np_Sy@dW$&^v*^V-lV3;AX@vGdH+nvqwY($NR1GKN9_@?*!=1XxBY zeI$Li4_ zf*g43yY~KfsI{m6lOJnSiPDp)Glmy%Eo8Xw`f|9$ID;E&^W(q6J8*Lt900?7hJv4t zNtZml%D|r+S6-!Sac(ED+7Ie6GorQ+b@10_!JWhEI7n7g8+brp_5Yg2pI4t~NfSKd zMP~IPi>8rGg-D&LRku6miDmnov)^B^n#aOi$H;alRw+)_aFw2ICkWb1tRkgh#+oIj zr?7(34MWb?u=aRxS_Ey^FqH-iV?UTTnp4d|(t01}8h?}3TfciRpQV>I(fPYoy7lNf z^^G?#9GB<1OjkLPxO!dsVg->KFin{g@tVn-N8I`!P(Yf<+U1$aW|%|@QleEL4ElP1 zcVl%{`I!?W2O}-xmwWqSHmegA##+%XRg$OI)$wa*R-T3q`e0WTqZSm6aBhMt(ssGn z2#g$dN&d$Q2c8}>#WBchtwm_`g^t({%Q5r$rN~P2J0cN2(S>zO0S!(qsW%u`1X^=V zV0w?)U@$H{t_UCrQMC9-xWi?H;?g6tc|qBh@@I=X-M^~Qz4BU%gj_Bzui(}RB~H%%kvF=4@`0h`csL=8 zN3veI-Dt$Ev@q0*S}w~N@N=ZGZp48e;is5AI_;84F~;n4u5LN7PFggWk+*zgv7^G{ zp=Pon0$gL`|G37q|GGwkCE$e4MQRYGcpckxS=)F%+xmha5t8LmSJ3oad|Q7k@k_IS zj+77j$vT$BGXKA>u>{~6xhEHnPTcN z1W*MmCqskz{O&-_(*CGKk*VJQLLwz{w|BuLWi25X-rC2H8xMwd><{9LQToAlVGU(K z#!gkW_3Lo~%oqEpkbHQO>{zv0h`Uw7uGs{Xih7P=0uykp=m{OX;O_Uxay;hg+A zMB64%zf|TUbuNd3&KHT=Y)rP8NkfkP>v*NGJ7nNT)zq6s>xga0Mfpb{ghzJbu7m7P z5cHpMQgtZXm77EmkOR$MD?Hfu1eFzJ*a9C>7|`@i=x5RROoMLnncl;I_KPZ6yQw&g zWntACQsOh@?QHn2@0=WmWSl&VcY@Gp&!J)njRtdD(mZj5aslW%4)~ zEmy=~nuU=+1VF7c|$X=25XG2(8;bOau1jE(f z$uECSQYe&6+~t6fMK>#%Bu)FP0rTyqJKG>bLEv6g7eG_OCrp>0W5#Q|snLNOKRRL| z;rSy8>o>x;Jxv7=V2-}_(2JAdku#bDag`l^?=;AVEHsp7|0&)dzsCY@ zy906H9(zEPd2_I)riNsyu^5{krT}s6_T29uWFBiF%0_u)7{IurvKx-3%?_7ZUx%j& zxjZ}1{cg9eA$r%jL{cn`cQ!R!Pk<)$l7G!1R10CqD7Mp`+_nm=FQ(5bI#rdP&S5>o zs#xzaBq5q%Ei2VdoK|_(3=?YUVbYlAbX!y@X>rxot*N=*isQ=Qin;zpsa9@sI@a(P zHO2sQKP$joyL~!(g?r<=bkzL(4{AL5FKXnhf(~ltk+NIFaIz^}RtePxphgH(_#W49 zAtwV$F5Yjfw~6m*zleMw$PfAdiy8-l(@`Ifc)Z3RwDxyV=xFf34g0^dRW9{Mt+qh^ zMUD5pkf8w7I6eye_#f0523a|D)+4#t$(&N4=hphBTJ{$;Uj0Rl?D)I1@zSA~y~lOz zF8ZA?LGatLqbMbI?=fd31Eqq0M2ffe%MVtkzSA8PCh z1vFpPxvJ6A7HglUsQO;Srx?Q@$$IjpR=QP>XK?~Svk!>fQGrTlY);@i-iA2TljAqT zE<_%_0~?Lm3?>BtP@^kYQ+m>E@&Q$mhJ?(1(!OTA3-R1L zl7)9D8^1_;NXyB84`U+#-Qwj%0O-U$z||gX0+LCWl#-oXj}9+p2@Df5gb}j2J@71w zlvoH;G)(Q(JFf?wjRX0FP>l1~$XKi?1P4<52B9XB+&N29ku1`+A6u(Dnvrd^uudP! zUkJ}3=9K00EyO*QUCVvJxo*!yMZk!;m6Y|274q>tH}l1;BVtw@ZTwFV&E?w zAP)xK57zM(@)=Ju?qB^EHtH||U?W4`W?8?{e_$hdV`~BKBKBX{_>jrV1HN7y z&h@+lH8CwWmQHiK`+iHP_T};rbC*)XxEae?Zy<5onGK$Xs)r8i>1SY@TPMj5nSsBo z**@ycZuaw-K1@hjJ`_%2`r^x0eCEH;Tc+bf# z+StKbMZ}lY@02h>fNXrp3kZjvP35-G+e)JgADG(Y*Isi-b`II?P`!5=siVl_RIuN@d4t7>wd8j-S7F8rHBz{EGb?xv_=I;k=vlpL z?8%}~V>9JOjRLdQ!qeb`XIP_E7gg=^2kYX$vT+F@8xddI`rs;?s(^k-AxB?^(9dQH zr1zi?9cCp?rZ6;6VmoyUhdGZ|LmHxhudsUI*q8OM9W{-6tr|#ew|`jUVs+TM&`vF? zHCfO9lZ}f*(*Kc-5^N6;j?b>)E`biKFu%7>aqC?uzrB5Tm*ot^kSZQ6)P^fJ6#JU@ z(H%9-s(eOHaPNe@o46x!L6>Yz1#8dal!+@h#U4)^&1cCK4y$G2!q*{KQUEc35QFhz zPC!2E_ZU6D_40@A<|w!cl#)Zb9tI|~Mz5H~*Jy$Jadzg~2h$bMNo76Hf#EWG8()o; z7d0>=hC-pNl@YKDh@+py1DBC(>2|{T|B{ls$NK>cpp9Cj%nN2(%UYWMp^c%Hao3s1 z#9@{VO#s^HAus!nHZJ{#Hm)sYL;t0XErM6;RUvuFTQsUaNRqd{Gu7RTev8`kIt>`r ztPehHgx*3UtE~>(4%~|_&nGqJa9$TobztEUk|MSI89DKJTc})T*J{qMFF(n~I=V>v zGs)OBWZT$61sxC7|Lq@bJl^@e8VaC|K^Q>`e`%u?jibh;41hLPs#RNUk^*R>8xjz~ zG?a3!76!FIy-tHnPo9}U430poKZCj-tZ1SPLZXbwDl|oqCdPa{7(MjbpF7SbcydRlEy2McfR{d zrj7q-BiR~c`-dZ@a%eW|bC$z@Y2&aymGKnsGPRh7u91DZHv`PoqP!ogfRzURDaWoH77h7218I9_KH^}TBl5d zo|9;FcO4{J+0Tbm<9Dc1*AQ&;fX*EfPTgfWI=`lqA)}RE9 z{xsV>OE~lbBxIGXJS0nc`-a*vc9;b@$2YNGv_RAMoo1SVRCG-6vx|diO%7uJ0m)yZ zGksppaaY$Wv{YuVmh9SUbD>`|6LPsA!ceVXY#b_cQ-EXD! z{5&JHjg|LE@3ty5ulY;k=3MmEYp9;CNix z3`I=&*}R7-HJ2!Yf2a5DNcZ9p z3DCkQo*H!p!pvsJbXVZRI)vjitU8Xd(5HzBzCs0_Zx_;1nhVvl*Ju1`B>#$KktQrB zl-2)z4*&JyEH^5eY5xc4j5X@uI~i`((lPy`6j2E^Y^bqosHfBaWTVmT zXW(3i+9qx`$`NmV3QGu3Q1!C_k?tVc<2JvBLo;eh(4enNPk%7=PC9B8brhv>IDcVdLBC3eWnq&_Tqa}6 zgct%NR++i1^yDBqvsR}*Edp|WK`y>Dm+BySUlwu34m|aXWt0$a9-w1)<#KDR^DoS8 zi1GCG+4hBau*s$E=3@VS8+a2QT(P@J89;3IH^M;dm&0G!$b%-eX~(fIPxT^C#ob;I z0sxCY@L|Xa|7~x3@>Fg72to0H?|C(xYk4a7U%`M8fQ<)m2Qb6^cvd*i*pVvHdL&Q& z_J6m6^U?ntPjR71Aw=rs{B)v9^0g;hn+YB9EQn+|CqjCHWy|N4WKwj8R#&?K48F?O&*EKZ+1*cRm3BHqcQ zk<>-Z+$f9?uXDqV>-9zg#aNjO_t(N#q?$xMY@1Vx&ATPK^8rJ@2IEp!LKhJPM0Kef zy0{=nK9p;PLxzb=1bCwl=?3Ie_fLYDUz3UXw655-jWN_U`qoznpfg3ifnskNvns9* zDkJ5TXUSZIlr@QPXNPfon$fETqEoEYUP)%(DH=5#q5Fv{N8N#WyRV zl67vY!?48RkPEN;{zgt84v1z}A83*!#?$gI+BtB;@+j#C~l!kXR$B+nt&H_`0U-q!3x!|M7#kUpb3d z5G1`E+f*__$Vx+j)QWUxI|RwouG4l-o=c;!v-^{go-5i8FDf=y+qK zw9U(MH$(eLg*6eE*~Utc=!XeZUQ)bqBAu3zvOQ-wvWq1rg7_lDUBDx8tR;#Q3bL7Qv*6d zO!LRkz-n@>=5=gD^Esd=;Dx7t`**LtyBZB}xLdB#lx-oht}(zi61zDIo6~E>P0tE# zPq5dtP<)8Nn9?UO>&Y{oVZ+yH$C}-l{qTXFgK1bLsj|bf81lR$x~n&dqMW#3C#hCz zN?mI&xu&fGtFIQ7HQxFmKsKjXlp^c#O<9K5pzTIkXOZF3{p}{5l*KJ&tDrp&JmU!x z%CBd?fYj0d2Z7Q5(8kGIJ+D%drpe~HEt+x{_e6amPh@nX*LRCwjGw=k?vn-mF&WMA zC!;ON+WMQ~MAwigY~ATa$3%o}Ehh7l1ty7bmB!n9_}qOy5q=HU$uP*MvY*){$(}r^ z?Re2K_XbAd)#(I$C(I3VmG!_dS!-lV^p6Pe8Vy&y0W@ktq-IG3D5hK}lX^70TZPKa z-|6QFc9ea{kqIA}kvC`sk z&@%5kHSNvB=4t^!W2dTY?s)j*$`_na9BU?`v26gEF=28|AL%>^Ee#Jecg zoxE>MKDhKsi}NY>J1zsN$8>y{wAWeBIxtYl&M|V~)@tl%afGnF^wZm#^>CYHZIqW= zjfjtMi#*%|o(m8xF&w$8X@M$ZCHLPz$Bj4mybq=Bw|Xt%zp{ic%3w*g@I+|xV7tu#93G<^= zgSP=_wrcgeb|1JnvOo5ff>iwiqnSE&AkX*HeGN zg&d(xVYh>z0S=U9rC44~t_6Uzlt%Zaf zF`V>Jg+#(gvP6YBxgSn>o4nYPxxvRAe=LKVfK5>9kzbOZ{SNWTTEBnR!nh>_%By5j zqVlSl?waQ$MEjY&2m@oeVIP+hmwcoL_l8LNMp6~=t(#Mgh}X`VQf?)mmKQzO9|mC! z;wP4CqhdvBr+$Iw_ec`8goOk7lD zYvNnh#2*r^QZL}$J3%58_Vn2s-%Of-G$kyaZhSkv9?G7(;k8s9*!ASO3k%ei@-^Wh;N_!6Cqmy!l8&kQ7$!q>Tu;VnV#ODC1&2WEh~E# zRpA2}eGeZBtm*QiHhv1Po<_t^r5uA=ku3bjI-2;PXyT z?lJ;u6=owR$3&Ome9kv5z#wcSb8@Y~eZ+PtA%NMPMLX$I0(2E|-m zcmWG6sZ65Bz0f33RctyH+%}PGY0Xh|76YuBXax`D)^XeAhvZf6bq;ZssdjL*asJnt zNlDghDZ+)ftLLS04$#nbig0Pi6k8Su;9)75i!k85e1XkC-OBa0!Q)8?Xk>F85Nb0A zrv4~oj`edObY$zTD59iIC?DmNZr03_u1xJC5&kquEEadXWB0IuG(&3nRw700trj^c zMaf25NRkT`h#IqpbYJz!2efsG5AuaBU;R2_#Ib1+<0k|J^{b~(Hb=^!5PVE>wQtimnLuQr#nZ1(B)C&kx2fyi zRfXTCcN%M!FFftH4L1PCTDy(QQ?Q9zyE2ZL_x59yKT{eZ44bd02jbw3n$x?|JZ;N5 zkIaUIh3I>&cU~e4Ws~ZKDa;<)R*_#_TDQodJtE6?uav1p(5-HBkC2d^Ba^?#Z$8NV zJOuGsCongEgMsF|U-kUHXDQ%o^)oFG2w^JR65%!zX;Nx`SN&fz)Bd%4#u?RZ`s46x3 zZ)#hXI0x2QOD-Vu-Co~(9<4u}<$K1)(rcE45wZggPW9Vf-5Rt%D%_+=8;#DS_8gO3 zo-O1v7Xw|~x|4+kvnk}oa83==&}Kk9@61@=N%ud2Y+Zw+HpZELucHp`5Ib6;b*^}K z-jwsYyJCtnJQ&XCKg32Omhg$1K22F@Jmy~e<7R{kwxP_?5>cYuUPEvwz>YE?^%olj z%ubdXpF$f$I9{G&8YX0mE--c+js!~d4IF-`FMI2CLs5t z=lNnZ@R3Gu_6T%qo7k1O9Y;^<75KdnjWpr_h32{?s$?hzAN&zDZ9>u`e=H#$rrnVB zsZJwB`@xv8B6MgKwE82y)inJ4Qa|J7_m%!ysqE4m*SMgcJom9Svc_#Ob2AL1>o2fZCuGxB0!!_Zfok4S;f77(A|7Hr62!NrGX)r|N8m5 z)9osuD?G3lH}*FY&5wbn>r(b0GFvEb$g5Gsr92V$>d_lBA9ccl1P@xdcGHUH+@|kM zI0+qNF%VbM4+>s%{MG!2gje5f<$UmfycBQqw>g*wKU?s?f(y#Nv2{ZP8Yl zG%Ng8w68$;Kg_Q-PKrAMO58SkoUXR4uC|Jv><+$kv%DSJJyk#hi;`^y7_6H22}xK2 zRn4|76#MqN63SP@Y0dRPn)sKM_lN9@c8VIS24y65Ng2I74Xg=svkbHN#$itZbtrr-5S(`H(!#(VaQP9aF*HeCY}&q6fCBu2{gq54#J*UJ z8F`=yMenT|LY?@tGJk^68G0p~k!(~D^X1Ov1KA)m?CXPvbbKK@>5-jov}hj0U9g7| zAEFFo$;D^B7dLjI&tjQfaKZyg~aa7SYPy@^wCO*Ld_4BYQJ5HMT?nMUdac zj7Rb0N}$(lkA0f2Ev;gEcnB(3f??l9HTjP%8>h+ME$GtxW&27QBNOU{bhSD~NwkR} zM+>*DCUCLqP#?_Q$j-Q^&*=(8ZPDGU2aWDTnXWkazfFYt%E;}aZtT*xd8(p3bmcoH zB7QzewG3&;0UB7?JoOHt(t>U>Mu5BT&r+PP>^BF*td;ldTxEWhT_-;k`zbNK1Al@z zgv}HZx6qfCZX*AwU5th<;FnUZAu^{>mZm5hek*jf$zxfo8w@i*jrqvfc+4&P7R!X3 zO~@2z=Z);s^JGzYME?5qMfk6WkY40OPQsnTULe6IF2&^rWc7|^--jN3Pf^efg_0oF z?_E-X1IG}p?6{65W%F&9RX=e~YbWQW4q~J7AQExR-BI+*6FsSs5`l0o{~r8FH>~qi z1{~9lx8JYxkztxp(urNJt)6Bi;&qesTs!D?{BHEAdERF*m zz&zq-cAkr`M7vG#FPYk7b1G~zM@DohwJSAi;Iu0emjnXZ!Y3XA+dS~<4F(q4P#9F| zcn>)rzn6@hw;=_yi4TACK-IjT?iSrOpStyQ`rDA^>?nn^(`F}tBQ5}%Fn@{E^3cKU z$K$;%;+=D@i%fhM6>gM5iI6Cdn@Z!vvG%bE1Mhhcw8hz%8 zHsLWb^51W9RY&!^9I)&>B|yh*=x#eao{;jYK9*i?*R(?sVHaMtDm(N$1=o(_v0mYy zvt!mh`*z66*0Kjqq+Y6Ow6(@@oem3AYeU|*T1<##Hf5w`6A%J7m5LztkJU-VEk#|dyjxpL^rzMJ^T-TZLI);&)IW-m}Sjpan&!b5U zt;NvfN&{}Nn4VNwEb60Jta##t+U#O#c>a3_iqml47-`W_SF3H!fk`ZSGu%y)qoxg{ z*&S?}FiV)-uYg&>xIV@<(%S~t4EDabtC-FIJ|~Bg5p?jm z-yh{#e%uxeNow_~%6vehr3G;)wInPCmFUD~b!3>)GxcB#8A{6;B-*lC|9x0T>?G{f zi0L8?VZwwGcY5$}oW5IrYKH+qaHcIQ3q@E6Z7e2@aWP4lP*{IttI&m+*0&cg$y0Iy zwSNFbmXsHmmqte$$7~gZSz5qz$5ypQX$ofxi8RX0e>`<%Cp$9vHVj67;n@2&ba+1w zId&UDGW>X*Fu=fX6&o?i?9irfAB;Bng&s6I_U}I8oJ~G7G|N6P26Dm)j-6G2jU}Go zz*omGJAs}(5+i#gdZySnT(lpsw0nwaS)jE&gZ~H@5e;rChuan`i~v`DnMWa;L05xS_RPfy`?XQ z%yTJ4pOcJzwH&IEFgW*j63d=bH+lW?FF1F2ByH~3n`&$B`sH76?(HZ`+nKxOe*L)v zJNl*O9k(FU2( zVl7n@+>f0-*?z5Sj7F&bD*P^#>VgAoY4EHmtpP1Jx?)+Vie6)DEqKm&F9I+%W$sFq z`EVNv#T&autrQl;L>~4vRJ2*28Gjj;Kmtc4iu=dPuZ(8##7s8;6c{KZe#30QkYO3% z5-&ej>~Xw9CJ9|Um=B(n~6 zf=)b)hfYJCcPO>QI%q+V{h+vGb$*L~TOSBO{8j*7=(*0cTD1$o?#!?ukR;{32Ay1( zIj|Rz^o-?Tc}bB)&s|6ZnAeprf_6Quj8>y}cwATO3yEiN+QubD2FliBZH5i`>f&Wc zR_uwlLfUCMOoif`;HBDZYY?Nl^}`BtK?i9{8^m}*N!T-~HY#hzypnxK5dVO`?e-Y@?nwc`z`tOA1#+4P4*Vtk$ zAq~cziHaoG*%^bE9E?rI*p_29X z-TtD1T)|P@OHSTBhERQz=uz0(QGTN%JO98Ew|51#&3i4(=xSQ>N?gs~x;Ok@E_~T* zt{E&`N6?t+d@9EpCNV&deG#kQOa-b7V?0U#vL+Ip6L`VMT0+4Pt(9vXMG8PSxXDBq&Xy=%7IXz2*s%(V?~lfk&LHV}564ubuGueCvsOr4tpCMyj{xWQ zxnApXv>ph-H2h=b+ao|W|yu8=Gx~s>t06_la>npb5kR zd_m?FefXAx5Bi1zOC9wZ_54FnwzTIX3R`8u-lHLteM(eUH}>QIkzm|?WPnF9GY0-> zir$@PnQTQ$J-w@)7lv3$|EYl)8e^mp->Ge%V#Nf5lut~*#3#S8!B@k(8JFx!mh+*;7{fb?Py6{Acc6)EDu($9cxCXh04=mu zMw;CqDthgTuDxJfuE^1mZ8XHF2ysX78xD;d<<_S*PN0H(PaZgO|ljPBQj zK@niVnmfjj$z9of3SAZ_GJx7_69rUTLOue{-juJ>1gK|6iMh8bneSXV!3+P+bvoQk|dQd1gwe-wPQJkOxOaKBI*cj9k8d5e{X50(cPh-i5pyKemL! zwS7P}wH-pMFbQDgf`PBf&+dTeb*l|rzJGB>_?*q{Pw;5iOaqNCVAU%uWa%2s0SSZY z`x-|Y)F1z>m#p9W%k0laK82rtG)BrFw|LTtfaHWK*gQL9+cCqwWc5-^~G9yg=`RT$YuoP#PmL$K;+v8T2_VD4WuN66syxY z`9Y9#LD&bb;NIe%23lhp%QVcwRvXh(*-jF|_54oA=64pIBNMeRHj>a=$!+ga=&*qa z+PO>K*pQMdtxJb={3}b0+;%E7$Us|umXlUAyf7VA>=!QIzX;<#sz1hs0NE5;ouApv zB)x%L0b6Z6+8n}Bw`XS#t=AMoe6SF|X%!;O6?0u-!=kcXwI+b>2RLXoCvRk3(gG?$ zab<<|@rYD{cgbmvXV9~jyM8664lecvp#r+TLWKj<8zn4)Q?jV#4HG0QTGg-`u(EHF z?OHdZ$Ubq+7RSB_KM1Jar=`|2 zH0c@NjNnBenj*2``)F$(fAsqVc8R2>YQCv+(DkZ;yBeXE#J2UT(0b)J0}i&}B}TBGu#cc;7!PJwbR70T3qGo0 zqIuu(_IQVOu%YtWIiEBto9%4{qHuqsBM{*fq0y41H--;s(q`=txD4lyiXM$gDIHv* zIXERvwQtQa!^=)Xa`5Yh&e+N}cCKq*qBR!SgrzaA z3CwfyyPk+*#8g2mwbp_M7AZVY<`;8w2=kji!3p&rk2O!%<99m}(aGT5I87N8C48=&HGk=SxqeEhFNIxIfw6X3v91}pgRhlZ8-Q?b}rE%-W?`%5hBVeQA zft=Fq(GPUIyuiF+V|v4C0+v_V^14ZIiAjNWLM2MJ{udHk%lAhgSH9-9>g|GcJ>qMo zzk{=n@lrd!gzK|0vPZM#bv~;oL}hI%rq2ACCxUcUnUkKML~jYiE$?x{uwmA)YHaVW zDn6W8^5X2dKE~=|5q;g*jqTg=A%1eJi$&;lV+N<3@K_+EZ+nta(H6&)IxX8H_ley8 zTwYViem7Xdl1DmgY!BCIqmory*py{g+M`*+M9(nr$JMS%XJ=3eMq$}?P%4eis;LP2 zC=&OYps?*tq9b4AL_jH;+OGbTjK&-LV@&KuAf_*F$K=wuqvyP|ES*D+i5IS<+AL#Q z`522;_lHk~`h?vaHPn7!3Ogr4YmuTzx|3#p=IA9zNBKt3l4riqE(x3*t zweKWU0>p8W*RraNg|NyA9*nV_W#66seTDk`)j`X%MXSTEiFu*AGGR+*l>z9(doHFUTs9+o$#nF-Kn z)>LT5dCTQ!_=i7Cyi(gBg;b64%V7Ia1eei@W?F8>lI2PGZs@FPXwzC2X(PqKb@G6w zb$8+q%_T$q{aR_^o8>NKm?RWT9bCr>jb zJgi2$v22eXdb;Kp*vtfqJz+m)Ew~xEE=dZM8g~@WSq-RUjHPjvY??HY*0&|NNw&Mlgu2C~!;Ey5N$4K4J*FWTj!1Wz?UCMX zW&%*M)0rmHeP(;?!JyN+(`=8_ZZ(q@zt!1hq_DAD^UeD9!OJNzZg!+w z+i-+B_v}6!X%DkKCTeC=*BkBpvpw#k%uPPQshxt7mA76$p-AVTM4*xWLW7-z5<#c+ z8*-h6lC_ZJ{zHinr?vsy9*?C_+|M>`OpPxJs#Lh3h8jfGn|` z86-pq*$^(WqRp{H0076jTo1pId!S?KG)DiNSSoMyf#gKbEiLx){R>x-WHfuXpQk$rHm)GjioeIC-P8&Y=a(1e4R`y1 zYvAu#PE@vLB}GaWyfaRX!dx0Co#7(eu2`)>TE|-^#VxBF@G-3f|0(EY!WpN=@ zumVF!Juorsw^!1QO{#1~5^Sqb4A9mUZ){dUCd;xFyxBZ~_uk*%mNjk7p3sWVV1WYE!g-meIIR-yO4!5SKUeG4r@bbl-67db$#<`=u7iha+>lsc z2IK!ag}FOez4cryF;XH}+03TWGLd5^5+u}IOHry_fJ4T5AV?$U3*!x=pfd8`l!GSkO$zk`h@0rn2}l}X5cZ3|{OvCfsys#(EqF)1~$aa1^1 z@617u6ZJInl$V7VW?%bg8p-@*i^h4Gk!XWxO{OYTQP+}psKTlpS_RNTl}pj}ZwGbR zv5GaCy4#eW*pj3y6!uh-rWi=gnwqm)Mrgg@O--Se37#w1Y-5Ta#-=uC9*3$Z8fsSv z+(z0Nu?8C##^n+h7dW*Jh=&qki8E2=FB0_GpAoxWqn>KW>mwfYU5XbPf5E_?zuhV#z* zSO_JPeM#HqFlTF8)2v}NR}Iestzrpyv`iqI!46a?p!$14@u`3ZvQQl2Jj)`=^^yIWKx1VgABozL_skrIn_@d5Ry94f_JHHRE*yWT^w~+Nvo8q<`tRWBVi0WyiEtnQ?u zCPBSly6V(a)d^{;=_#tywvpIIVUyBRC+9RxO-oHpN$sVXCNFq29d$RwG#Tc@q@qsV z*l8)K$?2yPbF@h;_0-F`N=M7_wA1ZxCBqy^IUPXje8p7q0 zP|{rti*E*f-q~Jr|9%nEG;3N~7_b-;o$jaU(8x70{C5hRrbQv4q5r!y$JstoQIaWl zni+SJ3HOsV-`>k~+q)dQ$7so|?R}r<6EvAb=ezKlnr1hKd|79n`)mwpC3bY3lM9z$ zSkQW9y@TE@wy;weo=YEL)}LzRM*T0Yx~vk2^ol^V8}+YNHuTKcYG8`!{lqpZJNpvF zedw+_2QFOuhtn!!2cHbn286KYYzQ`XTQ*++Gbt=7W>=*})}mP0#3bQq5S4aO1JNP!1wLu#jgU!Gn@vszBHJ7zquxp;yB%`;~-rFwZPyhQ4^4}JzEibTtDDF^-r43cM=Om{Mo9Pce zw2@G+?7G&3UQcQ7&FO>a?NDl=RJSi$8Z^LcJ7+C)n9d1c9|ZULC$WDeQ;M#pZ<=|} z?$o+1shHJ_=1`2n{55IcxX7VGfmm(bBz-R4UZ!l<#Fi{ng^DPRtQ=oMBQ%y6IP3M? zkEXukp!)f`IU^;_)?64qq8ci23ytdv`-Ag%7`xd35W!%Aklt@`@>uO`XKKMy4#j|E z-6(R@BgjXlBnqR(*3fZ>B*5bw#PWy-Kk}G;YEQ86@Kihsv!Cltm3VzL9%3u^TWci^ zgPteCp0EX}PO({9NGl4gNyeUJPeaVuQ?03*V!Vat$84AQ$FY-m5Q}qduVNITx2RY5 z8rCCHmNQ{QJ^zVyYGdpIzVo4VsyA6|Y}^@iA_9Yi(@Nv2aVE>EU>F_OgKq>w%wRMW zak zA1fci?m|aJ^d9JI1cp5I+QEY}Y8slYF`nOi3DUHN?{!15@*M5D*@944^QvIv&(8IG z#+FN#HGd(kvc_(Be(VUG`}NQEUw;`o)R=USUmd%;{bF$NsFjrLI$(JSMQ;eqc}`vh zlOB;-W1%Qo6g?oyZhw)(MpNr-{{t!f>kP#TBoP;^=P4i@L z$55ZxLIuN0gEVs>eiCn@7n|r6tBjFMmuv7(jenHXYz21=Z_l1LEI~#ZQW+Xq$wIC+ zS5?hu{z3}X)Ib6D7MKtoQ2-D^_zlFp1*nlJdgV>l@(yz%;hRBer;@oMw3J3NTJc*Z z+^qMJdmzaBDv~78ThKTD8_s#xNV0_7Z8LkA>6~23Jb;`|7(`;U6~wRkO(t8>Ao!d$ ztS-3-+WEl?qVx=k$I6|UkTsFsaBA;-i7Blk5_2RT zBRe8JFCx8rQA$Qcm+6oIF(DUXE5{+_9*kx|?3>+?oYyej5}mO5$#pFv`3s4e3yHSc zl-VcdDNGN&NZjYg$Vzyee1z$l2(kF=$vFs)&j!IhMD{@fh9x{QJ=dT+p0C*^O-Fy- zd&SBwjgcTbhK(%)fL90gbPzisQ5ZE~ld6?6*^O5RvgN-n!$<*#y1 z;H*G|%B47N@SFCM+DAuWb{pkpV(cGta!y2BKr9{lH9#OoGlsqyVM<8oO5d-hzky>n zCBk$PNMM{q_wJBhOUfnsaCO7(l5WrOYkYXC21CwPHG^~sJbA!`GQdZmK>)jDn)c*e zVQUzD9AE?g@ovq;w?ff|t0kw4g8lzr$~UsH7VRI$#X;U!(c4x(sk9aeea*YtfUYzk zq!ob*Ic@-1_LW?Vbq%do;1DyarKP~DLM~`w%TkO}&Fh_K-OSC8oo?Hk!1&q)vK+qR zi-H+lS7Y{1td=(9v;(^JU;wTn1yc&cOkZ>H5}(H+mFxp8tAd@u*U9IzpQKY@JJ^Ad(v*%hiMyozm>}=p<^tYeQ$;VNM zdL_@uNBHk&=D(klkK`jEm*kT8|JDB?AIVH_vRPVaH=mvLiFl@!UVRl740>^C90v}7 zpM=tanG6_=^^!mP-}YS%mN!HS1L4^TEa8;gfz7X^H)vNphloo(*^|#_&&DgeOVI~& z%O#ZAH7h-Nb~^7ZT`%#ovox}7>e_d!hFMdwflrRp14|0d#paG~q6ERR)D^#V)xWBm zWh{4jUU-kW?I?pE8>e8rnUjm=_*j8S)a1=!iFE5DF{W01;DFmtjlq1J`I}NpW63z4 zRr>SK_O?ow?gl53{G;y1dp=M)K&31}8C_p)3CDNq9_<~XMo0vL#!=!~gi&PcQL1j8 zXXH}m&N55TG&>HmX0%b{hoe5d_~8hA4NlZH#VWhxgiu2fdo3zf>q7*=LzwYW`4yNM8S*Hl4513H_e@aW5&oFn2Z@Db^C1f}G_Igg&1r3vFS z{|;n9`y44{%?ubrh%PlZ0q>{Qv>f^cV(;9Q6}&jJ5x3TazhG;6%b-1irgq-FFk2o# zQ_XAMcY$Ikf}3lq`p5LtT##^~TjP9#d49J|ADyA4CpXQ>4XDdr18H&d8|XzLG1kFNw?Zl@L5|TF|H;!;-Q5*&u2Mz0*c~I z3k2j0T8?P0s5d8gp9VH9v%Q}>W_qUO2HGlS3!aS=J*5xUDo3B6d`@QM>8ZwYf!7EQ z(HBji-fp=0a6quIFX{0VgFEvT;MRz6_;!@^)2VAd6bLe_@ z#hb~A{YMu_cRD|MRGutk&d!(6$ZK;c3!bIL+8n*vdC%j~Yk5cR7;ZbD-st)-!5ivN z;)(vj;THB`v#icYt(N7)L~;ek{I7+SOEWJdlbg{+^W)GHuy+Oe|HX#|ZXetCf{ z#;mk>dI1Xm^L?Q^b3sv<`Nlu`!#Gd8So)0CXE(rOIGXnQVKe%#ux$Z>T4R70Rf$2B zvx42S!rcT9yERCSLKk`+ic5hwG;oi`?KKAKvY@NcOAR+)O9}F7DOuLh9L!cJcs23`7)slJAi!0|W$BvGfZS$>67zUQI37xn@O0YL>TwiX$*dVDsm`{tq$YmNJr~-a#H={payZ-s9GM3G@xb zU%n*lmem_lNu_{v0Ewqc@s%h;e&(f(kpi6&R%g|#Bcop(f!#*-$n!&506epO*isc! z^~vW?o;`WCqtcH8^;P{#_+Mv-xBtCZ4p>G4UUsvl-c3m~)d#%@pMmB4^V80fPdeYL;_|Im~PDvn9s|V4njH#YA{z8~uICrwnP28_J#8I%&MAbIP;HBla zaQ(a+dnbY1fD?f?oT-1z0ZL&K$5QQ9$tsIS~+{r^T0xt$lW;I?;6Pd8AWjQD0wJ~#! zu}VzMHE-Xrk%W*4s*N{H8t8v-CTwa5Hj^v1$y-+6a(4IRPS$#hXPSD>Ob53o&~yC> zwq74u^7Y%7Z=aL%JU1kuRczT7rXk>*(2BojwF1U^!?lFg^8Ab8OBmS~Sz(M!4|{8boGuqe=(;crE*?VS+D5C1R}F16zF)Bh(a4lru%GH$&sk$Pttuw+ zL2PTJxkIi8gl$D-+Z5)g-=QB&PubL^)%fn(F77~1%Oo+?M0?TJ`r^A*sUV_ZvMwZ6 z42#}+iBRehEh3uCyAB;zf3M`ACKL;jr+4aAK~=-EzZNpP(Q8lCgNEMhtyGZn@2<#8 zu5RM>0ZluVUV<{UIp$jC&^oQF^x@pM>_a70*ur7=X5X@#uGZ$AVz}IeUM^(*kI6kL znF&jE9VvRz-)?-~8j_Y>8DGDRFHSZ9)9my{w&aeY%?^6*%*i#co|9KXwdjCtwmuVv zX=Y{`_;-eBI5krYL9A@T9(jctN+h26h<#}OaCAnFJ}i~~k7$p0Qr(})V*TS)cb|->*7W`unZvR#nLu%Ix_)_7@@8#XJpZjEneDQnZ* z+ddN99mSf)=uYoV(exJ5=zc~5Poh$+9SHs6W%@qZHz4K>%43m>mzKbLC7*JxZh{-- zy1R1Z#3$z^{YeV)>aSO3TBpCzrUfZaEVE|j_B3d92&5^{pW2#fxg<%@aZhgxH~RO` zG8<(apgXSs0`wMSU$Beu)%jeXlzzbQqA;^45hz>C|w4jzWOl# zIpoUw?s=>idH)vcr@=&+HLMq#c(taQkdm@38eRolM#Q4LMlc9*brs8L1_}LyykzL* z%Aeb0yC?<%x()(+4IL+QLtP0rpv(cu;}B2K=OWx|^p^61E_lJ4jg}8i=e@3-3bx_i z)M&EE<0Kxx;Leg3ijfojwRX<%h{7PnBeU!MktzSRA`>x2{7D?Wd&TlY*F(xW6#Q}& z!9^n$81o)EH?#;~>oX3;HYAb=pfuCgXWy{PLxKpuCV`8UIHmXn?lyS*5j)3yFLB1I z^)fA0ML+uGRo`Ozf>mqs<&~4LyQ>+rBfzv3+ENW-x~UmE^DRxmcG!<2MRbOf-clnnMO0k_h!4#M$j^h6Q@Bk?cG%tP?w$T_ zU-f<;(;fja8wn0kC~~rtwZ_f5k4vn{U=yCSiq&)c^ry19F-8ZIeaC{0R))6r9a|3V ztogNT+ZQG{D1p(oS!3WUSYC}dFu2uNtLB&A+tiX(`z`CKLuqze?o3-n9g z#$VWPi@}AjX_aP4vQKZx0`AvXBL<6TSF(blW}{nxsgR-Ys+7BHX!tZIt@l!&WR?0i z3*I<_6Ltr(1`BDK+Qm|k%oH;KrtYQ6&%2=Ph)pVMY}TQx$My8-)2CP~=YRdL|3zd? zD9KsI%k2k)fDytUpFNwC|2lvD4TL{djUo%#tj$;T13kcjiYR*gA6IYRbX5oXZ-Un7 zwzJnEAw13h_`@IOlK1o3-gE+YkyBSU^k)>$Yo5%xR!P3nT@Ue6?;& zrl!W;f@cke1S9E`ku+vvqyDIAbz;OoSnwGs_zfdV^;Ip~sw+Z?;jlrNrtT9?qQgbS znx8QaDQchW-6eQ>OCmIBiCulgit?HSQay=@<$%x+Ec@AKtQpJ63rA*bkaAVae*y}G z9m&F2H>|RvjL>Z}Og&eD&HvRxNUWBrdByYz*)67DaHX*mN)PQh<1Q{+W4=OMYQ+v@ zEO8Pxpdr0By`oJqZZGZ|^5;$U9P@0-iMd1R1?4H$wC0!~3{%gUDTQUnf-p;3-)J4t zP~#2B6H@qB)4(guYdoLW#M1bN?{RZEyO~Z za|s#M&Ds((n$(x~XDY{TW@vEpK`Voo5w<)qvE$Nk<+posWgG*%+4OoTn9q!ThMNHP zL0K}6M_|l2rm*LWWv~XHx37I7XD+-iP+3|B4f7KqPT|P$FlQVO%$ITO$(?be@@O1W zTB*l8d^q}zB8{65mv2a_pJ25d&VJgNriA+69TAz6*M=zL<)RBEi?%`FDai1;Pt!Z8 z&(;hFV(lISDxLtgOSVR$93%N=d8vf%;Y!!*wI;ZRAEa!3%;fRunmZoc)RA=3;mpo~ zJ+m*^q=#OjXD7~Lu4iz;AnK(gg8It|TlyZQ^n9jxnk7MTa`M6@+}Qx43(>H8Ni%lp zTNqfiW+kfw^#pA&q|JF-Q<0lmM;WVukgyL8tMysDxVj*D&2L$)$jM(>AUe`yg^zmv zlgtzFrSw2$c-)d^;a$0I+PF$wVoXJK7M8ijH%P|>Qn-gWUl`f7Z?=DW)6M^VJjD~6#pdi=QTgwXj24BhG~v2P zTCyLO(KSd=VQu3ds4FV%jzH)JN)@jC&}1iy@~ZzzVF5r7UHct(TH#HlH8U3=gmwpK z%dg(qvVRnHSFVA=FK3Wb5G&Ep4abH2=Q92ZFx6{5nNjxUWNONhs zQ}kqeThlUJ(wwB0yD7Y<1U2+t1qH+(DOi6GGf-l0m2S68^A*6XRZmIu-Q-` zSynV-`nIK*+AU*EFfXTX6oD4HRy<94dbzUhk4WouSa_~(~;-!5Yo%x-W+v@q8& zEM~&$QW3d4>&4|A-9C%x?siOSN@@`1GRbyMwzuH2XDZjo($(NgNQLi4=YWN4jXV1Y z%S|&-6A-VK$)}j8h~U^y9l^1W8!;k(_%cS)_3qq=V!#-ni2qW$r>E1dMjVCeXuGT&G;qmc&evE-1ox;#I%h{g@6PXM)ZRo}|%&}Gt zh*g~_%6FcYcD|F`k~qIO3QQpQwocKPdkRIJDC8<0nFYHdiODjNg`h~mOKw`xYr?}+ zqsR&Va-LOf3e7N2m#mca=FEZ7ulL}ZC&s%sb^|&)v~|ryQ*0hl=5jk1OJ?sz|4=%2 z8JJJKiqWpvT2fdD@m!hkE)%!pmewl1VlrLK%K0rtY^6O&!JXb0uZ}F``nj~NjW0sr1VEX^(i8Dw0LWO29GXbr^c`Re9!Mr&@)Xr znI*KTDH6)%k-iiI$n(nHRqF`UD5SrL(jS;b3l%na)2b?X2AxenQ-x!8Xmjl~!f%yE zaw*I+L8#`&xCvr&nFZpg?fl%=-(xbtmD|bA6a*QiR=rd$C>v%4DE|f_$|bn>ow%u7 zMf9D^D0q>68*Kq=cL=R8foMC|XZZHCiq*4K%kydX=93h1_7rX6T+N2MrL}r=kN5eS zR}$Kbh8tbZVne76;BsW&dWf%`mB#S9Y?GOiEj+1AJWc~q1u{TpuIp{5>yrgrVx-FW zb79}6)WkLW$JWp7Y1XxDSL1>kb#G?{Rd#m=;TrW=k$fX)JZBdJ>J*p8?E~{5lw7)+ z%jjr&QBYoz6U7*LWlY zM~4~$uxwKSCUWTobevyaC|`{?{mbwR!NnI+to%Y--3`@zKtLnCTb{SHKn{SD9|ig1 z>H@*?)w-G8F>vW3Gw*1Poh09mOdY>v3OGz-418#Yhvsv10|oO;AY?DLB%)Cpj2yxM zSmwFwOs1tsu!ifSRiWmHyK96tZe4|N_iN;Z*x^$v0AmV!ir{|R;m! zwN(Fb`ToTj;d3^(KLtTrFqRE8a)rV5F4qGP9y{1~hUOqly-ybIkAKz+*Khu1_Ghon z!C!vV9H-U~B=iO`Z}J(IQ*CeJV`;II6uotD;gdSJJN5u@546uLdwOGs5a9~v8vh3ibFBvA0nux zT2LiT_`3emnqo*-l}8tk%~gfDlG{Ptuy!f3P85QJja0IE0}@cNG2udJCNK^i!7`>4 ztvA?9(RAL!#Vp(KmV(GvQqcnNnqfE6HiMI*WKqi-CR|Q}<_6axA&}T`06ZBRx(YEH z(li6?a=1&H1CD&{G=P{H!=46RY6+V+a4ZWgkT_S@55g5QMfY;}u9_|6#VF$;6C4yJ zYiLdzIw>Uk_5a7-cgIuN|Nkour9veoaYaJeNmC`8jEpp-F6UghIOklaGl-T7DH^1$ zA!#Tr4GpxHijszgh6XAv6(zsNwazfkxej&TpZoXi`lE53>v~=9`Fg+h6BIyZ5uq;F zfQf{_P)pVnXaWcu#_~x-1`J1@N5=>&qQo->+z^T`Ry-0L6O}O_HM}^P;A=Rugy;aB zk4fV~W-84YNZBNdN_R4isJAfVpC$~i#m1s3SyQ^#5+w++crcD#jtMXrST8ovd=|d2 z#fMzFMH=PVK@g8CjLO8%Gn6qB(hFg-!45lY8l+MM2`fd@iUB@}T!c86(9>61=VkHD z;XrV%2%VZEuK{M8@MU4v1)kNz#q3)61C;y?OaixFSVsZpn89FJ%T3He>D5R8F@rV9 z2>YCo85Lg$g-}BBlF`LRB~g{UP#)z)*&o!PFz2w5~r{BbItYM{XfG0CiHEtSX^qUJ>;C4W>B=U}#UGFK8^ z&>V!pfH*i1GOqnoTLxm~OE9Pv+~;K|F#iZt6;_j&#EmafJ_EUU8A&oA0W*7%;fUln zsd)^A?Gj{JS+gSWp|llQGPt>i63rmAQ>enj0s|O$E}6jES$jBPFOxb@5cVJPWTWf}C9ePoM`9++ z0%6l8`VE=m(C|xqy}DrF6ohw)OmRi|ueC>WxEqZxtfv^TJccid5UJlVhi=3MIlKtm z9$_eGJ!Qh8xq%d4k~#1}8eWd*B{tvK(2;H-!j~v;z+3v@S|mR6w8<^wzwLfbvsu_-V>L0C0hr zFqa{snO*|94%4;KuNeYx^VUew3j|mQ%ZSKG7dR>i8Iuf?#r0>9MNNvq&ANn`g0)%n zBi0^H1gq9(AuNpfQKE{|Gr(h-n-=HsM{rzjin4@gdbLOeB2plLS#%6{A3a?WX$5=9 zi_53cAV^>+69xSh9t6bjFhL$Im{OcH0B{kkxG0wgG8jTwYGN56n2beuPees8YK+{w zfhfU&*bI;`$^`ORG(4&g=0(U7k7nCYG{*FJE^e2C1998AP@ks8SjmNi*`f##ds5=T zr5U1do;^Y>crO5?g@%J1Iv3032YE0KPG%_9JbhtbsBJ42U0jMX5LgJfkN}uU*j#Ev z`8hUbOPz%r?#mu(E$@~h+)N4Yz~%51n|NU0A`|+If#Ln22#rC zCoj@BCb9||jS8yj_y$v}2_?3ka61|fWREse;PE0|F(e#3H9<{W;3epyvK2Zmn0$tl zGennfIK+@_MIVy6P1u#028QB2qo}q) zT!<3}aj|d@GOYuhIueE-!)e3oFH$~b8a7po;Tq!wa|{3!_XgmnvYT7R38g&V&K zJ?pRL^H=j}vU`6upQf(AnveMPAJ=>YnFO+HJ;DSXksvbBh(^H!lnsAPnXjD!0Z)jA zgh3pf@!QR2gDh0`wFhAaRklwY5hCU_4C_bS&m*HXSFm`A<-#NefGD1V(j)?G*c>Pf zM)=gmfrta;^Kfp;jaFdQU+#v?<%Fc&6=PH`U)T$#%Qd3>&TvN{cO4E;t|fne_c z#OaDhvr^?kve)1ddz*S{5zxZ)BA{g{M!^4SkgNFh8?t$TM!aVNo)U=P3?O7fGBg{M z3@F_2LIN?(kk5leat;ZeAoG?GD_doPqhcEg$QlWwt0lr$ie54v2Y?`#@$dflzq>y? z$voKxI|M(OsZXvTF{AMg5vwvteoq#G9AUyd9z=$V33dkN=c7|BP$YU0JOMMy;qhV6 zYynuAi1828D#Bq2(X0(G9)g9$GTC@7X>4yB5lIZBIZDVUD3kq9@DrIH$CD(fW$iY= z7RO&CY8Qb45CfRShd2=cD)^D%v()5B4D5>w(}^Ho!pKWS?UPjw!K}M>vr*v}s|V5| zy{I7(@$yaBP*7e`f?*UDN%5!}F(H+zH5R?B-E65V%`(J$0FBHZ#Jo4v3Ca`!eE0-3 z#31Q~)-E6vilA=k0Eh@R0!)!4i-%^40l>&WQhL!t@k`dliC>feK18qPz&`M~!K(FB zgHjN^@FKLtlwdh_=&&KwI}fzPRDoaQoV8*Y1k)~-EfoqyNU3?*_`>UcAS`Y$%q9U2 zv3*Xg24E7%fMr=lqCLd5Stphu;D+$fzwEG3TN&3Sdf6fn*A3xe@Bbr{gm=FcQ$*Ou zVa#@ohr?sJ$TGG=*cL%pk6`j)F5tuh5DqcAE!YA?Bk|^uwo;*MMn;NFw2zo@gd;YC zzpbeP50aFa=*AaL2eZOrjz>ZKECzQ3@}M9Jwkq+932}n3`Z+X803pIl#xn}PTDY!d zi&G>oS?rJaB^@F}{AqI0P#1w^)k00c`_)fFo$alSOZ*`6~urki?#?=gl6&KFpvS^i604;2XnF&5gPP=vN&L%u|rqP7!DTUa4Yj0Xv1ILtMyjr~Tkz#~9}v^NxiWfN`x zq~6q8D?VX}wPAoYvA66#6;rl`~1%eG=LxUf}7%mR>tmH-8JO~ot#1xoPVOAi-;o!p?01+=pq$`f{ zYfONk1S8=99Rb22%s+}sBUsE4mr5mMk=|nws5FGh<{(U%OQzfsYogVKl^A@9rLM(i zn89a>1CZL=06dTr1o2Qh0E^EIfF#ze`MtH{Wrk$Y6JWB4^`hl~DgfX~QpBPTu^7of zghNE03VtL20nnMBM4XL$7LO}2G>aNo3qJh5zHZcu=<5mJX>K;d5e|bM4%4OQ@N)ru zl#qd>o={LoWkUFota62i!*m%21AAP25XfM3bPxb^6abhGv3Tg_=17+H^)YG&fE|oi zT)=2!Wp|kYFiTjzLpTA_Y*zqRK&Zdyz9P*NT!@F~gkx#W2rn4m!c0Dc2eKf9&t*hN zTu%SwBuGD88PIHeBTzeJ1&@m#wpc(XOd}^uYUCj4Hxq`J(@g{?ub?IZG#jE3xpZs> zKL~C%^Z6geITS*+@wr&>Hpx>df^gW{Bcf%{ga1u2z`IGGgzO@`|>;U2}Ma`vYJE1f~Ve@1WVL`xFmii8&K|<#Q9p;9%reu4| zO^*%r1+uWHu=20O^%jBffpDUJ9HFOp!|aiO9gEB7K*D0r4L&1n4O7%w06V;tAa^9G zpGYJuqY1O2nNlL{-@O_nevFd6w4qH@nwIfr?4@jw!^6}q>WfqG3dssZZm?RrI-LT^ zIAcSix|X1dIr)%eC0kH70X>C8SD?M1>@HwJhr&#_bkNKYYXX%dBJqBLTtM4Q+ZgbI znJ@$7F!1bmK?wlzImsq*gd=DO=88Af2J{gQ)*>3n0vHgPMNe>;2wW?WqO<)|Y!CSD z=5ID#CecL?e_rHB6*Vt;*b1FhQq&R$8#`mbhfrmRV;SdaX#deQjXm*C4lJdu+X@Q- z6@6av8PGu2Z|rmUHwH|yJwdu=g0H9+%TzGW6Jj?TB+)>U!XIv6|Al$z4TKA05H%nV z0C8qQ<1;`>ek0uaYYf=hd3f5{SbN*qjszTtFTkS0voYX}2+hS36dpmM0#Pqk&^AMy z2?HQYh>w94mIPUV6AR`E(90ytel!NcB0{lIs)V&V2<92$k{MZJ;4cCSGhfSWtC>T6shP z=V)CYq;poOQ!kyn;zgbVo87Vv_$&E%0}WMho5+-t9J+w1H5k8=2@#B_pw1;rfD%WV ziJ(y?o_5x@u6D*udTUq|#Gs~?6#psgM-_m10w91K$^$!WU0kK{_7q8%|cVp%!CeeiE361MuZUO zfv}E%L3rU`4&f4i1O~&bAd%u8q9sEJ5E^kqzAO4aVRmk_gt7hM=I)K* zGGYGWRx3JaLnH!j8W|a3CMEq4RA#0#3;r<3^k77Qf`j!<`ix>*6))#c zylsL~K;=*Tcod@pLs&s#q4&5|@^uS1G-+)YNQELR(wIsmY?9A|05^ikfLWo!8r6Xa zx;#5H{vcEL1B2rNo?x z$3GhaEGV346HLAjj3&&ASRG)-n30sx=^A0NlC~ltfM%<0YVa)TY!9BrYG5hFyE>5% zGVtMZ`yFOJ@!_Z5IqVp#1FVQ2MoO*yhkH(hh z-}~)3FbqCRR9wN^>5Wgv1VIjrq$d4lCm^<}sav#&=LPd4+I|o0H(&zH#X@tW!3|;$ z!(0OO2b0`9P^A-Q&j9Ik&PeT=rO*x3JgY%H1HhBGG03s3YVEZw^?lfyGT@PA9*S~BrB5gsOy>hIxizeUl9XEoPU zBlNIq_BYW%ZmFR_(#8|taH63qBnGo9kroF6wr*ZCCRmTRn}CfQ9^E3rBFPJeSuKux zq`qsL+h06^Q&Q1E z!5|?x#(&Z_C!xc@zvPZWdybEWG|!RjjwtDZMXQ7BD2=Fe!G$AB2BseVJSnrF`v+$} z9F+Z|j3451sZ@+h(dQseI?}0sG zBLM1cUeFK_!Q+<&t|U~JB+o>IMLLzlT}rLkqyLxE>VKz6zqMPHO_w2&4Skp#b0=Fu z!Xz`%xWpm@D6BG|@k;ySCpz89w#6G0;qbx{jx0qw#9wI;K|}o3Fp0EzZRCGz?|ET+ zuK^5Db9+#-L@ZERW!!?2{U8FrTZ1k5zqR#Reo9KI${;v4CHAI8RT)~Xf8a}A2A)H{ zKo~O6i4$@h5Hnhd?4>`=Mab5)n3Hf2^ta|eA$Hk-fusA!O zsID#9Rl*WFB~dnlvJB!YB6cwrfY5j#gGAiI@k}MsH8nNGZI7nIh7H4^is=vyW;P@O z;7<)TGcyLJSi4FJ=?4IihDqgk#VWi-*o24@<{ARdUhZx}EKK58iG+#zx#$`Z45u+* zD-wPuYU=}e!BTM{SO^aQ0|W6Dh_PXqOL7LX;0PQPOkzNyYm5O)seg-^Q*gU5S@Q-D zv&6n5I7zTB7y=A96aoUd82Y2+ToSU1FbCqIB0mjep{>F{BwSrwNMaG9-|LK|0JSIX zAtE+23Bf>Mf{=maI4_X087MgU#J=evpo&ieQ9wq>ct8e%L1s$`FvTxKG}uT8XpKR5 zN|pmD*Yd`hm@7yDXH`5xihNJB)(!v$AbcJf!GQlRl`LNW0V~CWkC4X zF`p&!4Ozw$t9=Logd~my6oDj;i%1|*FiexSe+3Q25rPSdM^Vq4f1WOH$R3{>vMkarL)ftMFd9NZMC0su&%)}iRt609K^k%pSX86x^g z>?T=|Jz50O!K7Hfy~$?lVRD36VK{+gAp=dIIT;ssQW8~LWCJ;oEaVCVS(#{35_)B# zC=igP2*ENDl_)Ta2*olH6%nAF0vjNv%gzAtOH}V6PZ4w_G?1iaqA4PEOOdQ)A}dJ> zZy;&QL|1}TP8H7(kU>mu)U6g_kxFyDH@w6(c#+&t!68MYBeiTwcnAjbB4nP%fGcs} z$+&nxR0ifE3_eegrrP3@6Th&Ikzg};wE>c(@HCaV+r*Jb{SYQzmHmK_6^Tg}943iA z<%XBc_)D^(FHuMJmo3nbV(ilQN*#+5AedkTXAa)^;Y8-LWTg-N8;dZAd7|IAlh6*99LEb&^drOtuU!m zBzA@);vtktc5E50E+BF~$ciN?Hpm1Ga+J8VV2BCIEN7vYJvuWUgm@Xwfq6U#ub>EV zm|Oq}lobXP5c4W(hndL$w})RX2F(m4yV9zm^$CwgeV5l-Y;j zbN3Goi|nYNsEjEXN|^;^nZQ1QR$~~FSL-Y?O;}<`>xxXXB*_wENQynODp!&$F{E`x zHk!Y|{n&^mC3mDuB&Atmu(^_nqI64)sC7jq(h@8&lzp0wX;SiW%50I6Y>5GA6y$5s z>;IM|Mnt?JPfanajO>OE(JUO&G$YK9rVxAB@FJW!0;3GV5i5eIr)O-eC(G;z>dO#n z8=n_wG#r3fG=z>XcC_6b85@ZT=|UTTs6`87lLA|h>^lbUpDZ10(a}mq&DghEU>1tW zg32s1VCRyTpllQ&FAJl37%&qi3M`@Q6ynP0XVAw97}MB%LxPww6JjEq2txru^hX&F zHeqWBY6h4*PUCYp5R1o%_=hEP!T3={k`=wgCsa^<7PpWIWH6cK$3Q`~aIT@y9E0A4 zSYbdI$dMRh-_+G&;hGMI!CXXQ#!pih$ck{6X=?y@9%PFcyZGBJ=wyS5^ddwA-0qI> zd2Bw9IICoyN`lpqHIf9o(@>x<$xIT}ugoNenl`@JAdd%eSR(;{eZRqTjSR->>rXQ^ z8ZmvazMnDnk3j}w4d#;n8EjynuRqPj)xq1tZaQo*cN&Y&48{L9SAQC0H=QC81B0;x zWNfIIUI4RrMhM3UpVE;4k3%^Q1;5DQZr#2X9{s`+TCyn!0H!3M?EW9xxGhuvq#~y@ z*S>#6`;*<>^1tFjk%2fKnk%D?nLu4@+PqBsNC$b6u?2~y{;ye<|BYBRyvzngs(%C3 z{=RL)O6@m9so_dn6R~O(J4e(|6b7pO{}iW2z&u;iXb7Lh^F~4; z3IQk$Yzd7hU}XRs+7_tT5-{sSV{(5sgbn1=VN{K8!5Sl96)nKaqC<4S4-}Ue!A*E* zZ;b(KfCJHBHjJJhSV9j%!?32gb}drAilq3n;2`ZaLxgc&E_B=Eg0g8v|KvUpYS5e zj0h5t8T=rag)0RZWmHOJL;xIw2l6PdpvGMkT~*{K(T`B1h>L7IP6Sp$3n7{#G7hlF zMxbt5LKt+i{PJ*9RR5(ByB$4au!4|01Yl5)8$eH|K+#r-eZt%V2uAoEuCc9bJ|!Lk zm|<_?CM8n8<^c={9*{SNsL>#mR+PK{z%Zlh5G6Y=&TTBzD4+ zBu1Q)qTUfu#Pkm0)xYqv+iVb)%zX6)ZGc!j9Ey#D9>i>r0}6(phA^2R*8q3I03c1u zDMZw-M9)PI$PkW#NbE~%7bg#5fh>u>Q}IgY*y8{a&LXj5aJ*mfRS8fq8I1>Np%9CX zlxAx?5hk&`UZZZ1(1nCGD7|%dxp@1!f3GM#|@G&QV{(E5L{(_MGe*i+p z36QL3|Cb=hm|&0$%Mp8AV06ItCVmU!QojpiT5PxJ1S8=_Jj964g^XZ{v2T<*912BX zfq;~|OuQhb`|%LW$cx=ag$>W~wmw{Gb|Vq7+63a!OlS~0*o2_oa%S|Khlh!?Ge z0g;`213v|62!laXb3+0F8;Bh&ASp94!Ef&WKZ`!aMiA-%IeO^R;@b+lgYPPlg~JJu zSoHOu7{-4CHsg1LZ~bG#^!q`)^u$oSL=%9-VYmp=lGRla)&)2P;#vhAq60`6#Nohn zhzkh#lW-AAB*}sq|HSD2MH2hZBZz;6gg*H%mhW#Q68(3|_qPW3RKzYvrWgp(PpM2VcIXHq z82~QC;=-5{P$ZTG6Q!{DWI=uaE>=ml%uYapU>3<85W>qH2*MKU(f*Z#{_}DWm&>qY zfdLH3o>uV%EqDd6XMjNfg#E{a4s+4J0WYr!m?wqLk`BpBB)${;SCCPPGlkagRh-eu z1kNDx4gj<0Xcr)^Sp7KS38}&ApdkGQ4>k&b0PkR!7V075JV7|K()7s3uNf za`uTQK*_8_(^I|;y5;dD!nBp1Q_ zBk&*oxVMQA9Gm@Ja9}t8ge32Tbmd24LTpp!mIjV>{2t+6!gvcCVe=W1g3ua4E4IS_ zfPcR=Zm5=^=IDtg<}{t%MXB;t6WLr;uyZ8Rq*CarxdbhVgc}sL`W?lpC>5t7v2!Q} zo|sx%SV%?MX^5sHoh?X5+G!%2O1dAC0@98w*;6gdmioO=J5s$1O=O@uNz6bebIYZS zC#Ae|8FR6l%{G^wM=qJJXpZ@B%^sH_XIwNJTp~>>nc|Iez@<)CbNS&?GQTDBKk=;a z--AlhQY;c#5ul`JbW_aKrk>P6DJ%PTkk~s_$AB1jAuJj8CPkwBE@r@DNvN2|rJf^UuIuAj4;2+kG0cz`1x(xyUD$=Z|(UhIe z-K&8URdBn7INX1IrxLFJ2>$*5Nf7SVc=5PmwKYj&9L78_F%1czf{=l6U%~#f_HY7d z90OOb7CK5R=W5yh{E$@&5Bpyx-yw2<9_EmJzyxF*lyb zsVZ><8Xh9X0I^r`qZPCKVJU4md_9#SX`t{_{*As8j9v@I2bT^S?0Oo)rZhUl!AjT> z1Y<>Ra1rrC)VL#!bKruu2bR4lq#$0c3Rl!X1_KG_N^Pd-L5|Kl+CL(lJOBciFo%P1 z2yc#PHzd-;B2Q2~5#r#g5r>FR@Pc^662X=q4*@_Ho@gY^RzL=ZV%;Zw#Q{(-7zQJJ z4o;be0NTV)+UQvsfk-azO7nDxlXwxI`FRNBHn z;MV%I#s)(m)9Ksj%|9>bWwQ;y43!!p)hB4`(t?P*N zpa5a3TgG4|eZdHuiza@MNV7ScP%|%ac_5G9fJcgp=PjX)ON2p=eMZJ_zH z2@C^a1}aB;LMY1yn>f70CdV7$fee7fX9hqVEGmb5A7CSNF0NSPl?4Q~ZJ00%or?&f z7L!3!>kH%rL4wl=3mOv+G96+wkO-7>H0BbL&EJyD-E0sQKc)26Qz%Q2)<{$Y1Zg~> z^9KU>EIPztU}cS%7?*2`6B3FbCdLIo=(B8ygEk+PfeAAO1L8pf;sVF6;IU@<*R&0R z)3W(wAuJ;v#9_iL>`=lcwc+eE(YvPS3()5ULokQHk_4C_k4BiwF@OeyWAHm?l+SAI zViuv$bk9Zm*~BRPnU%_C)6uzTVV{2QgkpzdFc?N^HeB>5A@LS5z3}(-yy=t5s4>fG z@H@V<8{FhH{cIC!rr{Ifqc8o0Yus!jY+yP!`xbt}iD0e}!jK`G&dg${*(Mkq9yIvlwPEI~+xK$T)YV?I;N;-p zW5$g6RS|FUWr5a$>WeSFE*Sj1=tV)^_fLCG#@1I{Rh#jv{QJk(TNiwMxwTL&+ z^PYp>i#~o_zU}Quoy7$;zx=!IsI8J;c(=B)e$&$gg*CL;*R}&vZoKhx^BrEm`rI|^ z*No}|^)Fsro-x0==EeKku@RrjuD%$Xs${-YtEP6rvR=-rpUU1iKHXHFl3^F&>w)8j(q^EpXq_8jhP2J;9vuiKjE4u7Z*6(I~!WXL{PPUQBTzgfu zsYScgttpKSd!o1cYFQ7z!mV+ulCye5D>^?hIQJ#5>`U#8vgA)`FJHLtH*j$;Eb<(* zC9i+dI_>@iR}#!K^n$qnrDcf?-e(Cn3$COpJMW$+} z4c$EIZF({722Y~jY@hkd%G#<2^H)Gn*%7;ZFPr!pntggL_;jI~_n^-niEG*h<-9Ok zuujqV&feH#oz6v=XKAfUzLDQ0KKJ-oYsZ170lh1y{hmhe*b0;lECDuU@9`URY09B9 zD~)c_tvQUm7-bWMQC4GrlxM}?JfPydbV56$>oGa`unoe)XyNw<6y=+ZWQgv@SbK*>0Ca&;xRIXF? zKHO`}=eU&Z>->~$A0%wOa~gK@;TQJU@>(}7gipU|m@`OK?UTN)OHx0lky~db8t&F! zI;j1KbL}_xzP(|@+oI8R-ox(#-$owESo37LXSq*k-C2#)MAbq)g^4+<-|h|TdBe7H zM)`w?&p)4c_t|P0e`w5)z$cs3psaS0=kzzJfNHY_&StT@ukDp$4*g1`Cm*aXU-#0- zZH@o81_b5eGDL&xz!7G^=`HT!HY-FfcAPD{VU_Wqv68M{vEJ?gh$anQ0~ z#|{S-Ii{Xpe)*nhxW9c0G&nk5JMBWskn@hZ8)q$K^|F}Kn}LMh{oD)szKmWOrAbxv?pe{A-mj0W!FwwQ`2Eu;oyuX$q!zY-d#H`zgHdfZJFlI!UL|iUM{+? zb*t-*!+{_68f)!8<7&Uc=kV?oQ|!Lg{}@~EYbn2(b=p<+>KujXI@SC7_~@A5ANkVJ z=-~L_`QLBUrXJfi{F;m1phZZp=>GeA*?Q-l9bZ3DIc0xgg8H+S#tM7fXXunxx0w*3 zz4H2|KeVK=KC4F;Hvr`_pAzZ>MMTySP+r- zamI^Mh2b026F}wMRk04mn?mPiaIX0)Tl&WL_%d5-NJrxoqaLEyX_+!96e8bF_|!SKL?>2L>|Rqn|#i)+C6g{#m?_9*Y z>t^jdhpo8P)%0+W;_u_Xt}2`oS?QktsPpmqBl3ryOws$XZm@P`|Gq2I%Jb4kyMJ`f z-I7x_p=-tzs|!}4Pb%Eb4LQxpTd?@S+?2|Qz_j`-=G#|AT_&!jr|)oC6kTJqHG*9- z(RY-=u(WJ#?zQz}mQRjoH|fotsX*n5>Zn;`f?&JHB~RO$zWmvCIEv=PL7(34PsFsFhj7ECo)<{dgbq_bGoqYZI=8C{G zdw4n@ZXTXiqk48b-_XFOUOuaPywA{s?S>eI4eE1OFY+Y&sQKXz?^c&{{7sSWxBnt22?4(vl>&ws49%-R~?#j-eKIrHQI|d zZ>xV)S|6+V^YQ%mbqRi*KHKa+boz44wg*2n4m_#Pp_kQ_<}<1_*M0WP_?FajS(&fx z>DNo2*XAXdyfg7ky00}qVsymMvU`i`5Vx=2+~5Bi)p5a?+4VuCXXJ0h78a%3!PlRe z_fgr@`OI{UOm$@N7G(I|LkpK4TYULTRPFgLRyA|`7be8dyO-gsso4i4O{r|vr1HVtLzaE4<(%LUpBQe%xr$!Z_eKg zPnABoIE$60xpvLQ9Ue}593Cenr=-RwrO$@$e0jLcDL$lXre9%A`x2M^A5-QI-fgX> zcb9(k$?KFHU){ti#PM3(+ylMRS5*Zq%3U{k&2!-5V7+Z^xBjxakT5AEAnbKsq3{K!(BRgd1nTA+c7VlytnH4rBkDd9v$&ktefWYx?4)d+H+jP zmtEB~51j81lQdw_ZmXsHuU_kr-Th|Io!4tR^qW-LNmIkWQYTI&$yqHpZOnpGw_=Zs z4(WdKpoa6C&V>UQ9lE)7*VfIs7PmHB{b9uBdC~r-;!3}7jIO+L??ToLkJ4ptV%XiE z+}QNoF)3ldwE+%pDv?uG3@Ef<+bP?-q})1kj^{c$(YWWX%Qf;&eQh3vp5nIOpklqg z;>NYp#s}hN+9nP(F??p&KPJgxuG592q)lmkjrSXDa%b(HI^nJ5Du=*)jd>xzdYHPe zJFqopjP)+K;?rGcr$8t+Fqyt5@SD}|mxtd+2Pa#4K-`%1 z>2uz#@bQ~>DQ$$M%hGYfUE3$>^zl&fHdJt%<9gb9e6CTwhKblV{-I0ZTLPlpHfEvv&EctrNj#hNQ&Ju0N+luU_3J z;Kju!c?0*_Z1Uqoc~7A)?lepF!uRyWW%&aW`LWgtR{8^ru8vQ37y(S*71T3q3+=Ls z_2k~Zou9eX_8D?TsZ!s6mEns-2K{V$M(>oPuY>kh9KLliKc73`hTXBpAJo>&p+D#l zQ92`c?!x`Ery?`+!IIYt^md#$nm2criqp0YY58huse7t7xyPBdq(tfu6oE^>zo(F=rH77NdMU*W@JyZ3Pftwc2?Ax zQ{2;P>&;zP9B*6qWUhyBcr0R#hDGe8(LAk}tZ(<2C*JJ}att{1x!p$Nv82 zn0o(Zn!26u(G9;$y?%7LhQ0Q(VlTt!2d8qPBi}uldF0LcX;)OEr(IKVT<+R0*v$9f z#gdq5g{rfS%4=8IB^)z5mA1U1^SR}foyQkXQS9%`+?2F!eRNFt>c9dwj^Bh7%e}MR zR?BrUKa)DeI=p6IQQFo%A(m>xe<&^L(=A&`Ck)QNm7Ur5P}`YVX96AiKLY!hO?`T3 z+Nb+*1uzt$x9oUk1Z_=KpLdzOL*2GTervn?iB8O(jvgE>ALQBqCueKp{qV;gD!g8s;4cZzUfV9Hh7@HSU#_H_kF;&uUZ0b>|LULt zTFk|FTx)I}?(@a|l-59-gKx9XCzu?WcUNuM>k-cmKX)s;P^GQ&9`Nnb{&jrn_o2&H zcbavA_RP6>(qX`@TXcSu=`XE|Kalg^n4TB+exGnnOV?@WuF2}ZkhQyRK8<_DPaL-T z^ylpXtKAvvOVSTc>2T%t(Rkx!RRAw%@onZbRorT>ClrIm8-L_sZ5;-Ijcq7%)P5t5y@9AHKmo_Sf07) z*VCeefCGScd}W^p@ZC+YtB{>m;>wb*eDv9xYnrM;3=KY zuCu5<^k&1U$1}^>2AR*&q93*!dWN~kI{WzXPTO7Do(|i7uCwW`a}P!ur4N}leV#|b zIEH1|HSUDz=|S{bEy(`$W0m}(+hay*IwPd(+@sS)N!ZA#~EQ;I%&t9=sd)8+)>5EOB1&B$h5Oh%T_5zaGASnAvMy=2E3j*C&s8Khk;XMux}xtnjK;yFXNY?IwRu`-M|k+>EUi z>nbLLgOj{2jt{ccwVpUculRlK*R0epZ`Y17^S9IZeADNR$Lq>P`&>1;jt5G1gSBHXeE*?rI%nqBu8&l*^6m#}$?ux63I?*m5A&&3z+dGonL$+ygo2Q8hoV^vqz_2d26 zz37dP;;HeTV>2&*PrHA~y7Xj+AdQ_jQu-X~6>a+I>%=nNh2bv;>xF(uTiE&ijxEop z*Zx#ITbg|qxj^mL(opr73>pP-c|N-}Hf zHY-5|CM_%0Sm|mn!yLU0;)aDUSyuFWv_})vdaqr=< zekgSGR%l>Z)wGSdR<=m>*#&!-M;-U+x8=Bhf}&qB%=VkJ4$6X+7r(!L_d%9@Dm&}& zi$z7x1{FA-+IULa=*VH3uj+Kw9a-mXu4wPOZj)77nWO)?ZJodOZV0i~H{ot7C^OwA<^$1IwzQ%5us@XNa>+3U^soCc};8pe}uvJB$ z7Fmdo$ltj;fRK6-MoTgcG& zQIkS+yr!gWcyf5%RI7=n;GJvflP_s(b9r&@yr-tYuD~~$j%!ba_|qOQHuKBKm_7df ziU;Ysy8G)2O&v-{40E6D&+avB%DSBs4zt?_J^C?p$fg^P+ea+-bF!N|a*M$*2i=q1 ze{OsmXuDv2n6vftRYR&JD$^=tCoJ^X}TVbnYnmM(i+bxF{P&`Jn$xKiZ2~6%siW@+3n2Rv7UiSE56Lnc%P%wFH&o{ zTyJ%B^FE0Fp*!bHVecKCyDUc^EmY_@^Q)FYR!5t(tr$u;nQzLG?`SG!M zS;3qRGluG}3L9sBVOvPzn+Qw$?avJz;mM&BpbEG$bDG(Z*+NQ`C~Dm&QI@-@Qg@b*Y67a({W{z{~sVN+unL z?p0mq7!Q3Mc>CRf1CI_FI!|QpsebUZZm$Ef>6GsJ;-lUN_tj?y?JA%DA+4(Y2A}I+ zFAp=xu<_%w3U@9Ub^crJ=+6FwuDu%j-SGJR=Od~Ezjaw+ZuiP~h$pQiZ;EoP^PUY) zKkI_d+lxLAIWm`HYFDtwYu}!#RlVn&|B}h|c`zT?dwlcAkv_=DyOT!`x5@a><<9+& zGc_~LWKEy9`9lva`u8BbrGydNCjvk0u1c-}^<-}mn>E?16RaMT(2 z<6>M#m~M7lZibC*|Kmf=o?CYre@RZEkFt5?hmPINUAjNG`Quy;N3ZUdbE$4lYJSAj zsgu6-80z)7&CpZ9wo|UfjM+4;I+a)T#IEnPZd1~x>sJO{9{6RgtNvrPu%g9Drw8wj zE8q0PD$lx45ckM)==k(gl{sfOY`*Q@;!`}5DG{v6ob*AsLvW*`%CG6mK z*S>##)97B44Ycofsx7Fio3TP~Mt$wN#l>fbRTm7)+*)+EApUMaL}k!}Upb?{zbZI2 z{DI<{%Np;Tm%rQRQ0%|X`Agl)e6@{1YJGO*-d|hl)AQQaRQMqL~A( zrcvHXj@3~+nZK5#!hJ26i+3`C8tYGs%j&NT7;C|t*750;Gl>gz zYuT;v$PLB9BV9Kh%apfZ#`iVDUTh<$yKRwN#v%(jAM0)H?#LT-X^Y-)9>R zK1n=z3y(0{ohg*Fk*607d}Q)KKK2seGc$NJ&_OZQez;s#z2gR}-s*MUkHc-`(eGF~ zj#_j?2mK>Wu1nz&qfgepN<+8zD&M<>lQGKRk)Ogf9Yv?Dr+m95GVUquujo2t`wF)8 z*i6%^Mb6gAas5BenZNk^1eH0VdHb(0hGiUqo(uqUiyr&cAntiC69?<66xlyDNLG34 zdaw5F$h~CkCXQ7>j^OY{q&%)+6yUX8mpSXs3WAXL;QP0K=+`v3u=g@A0 z*Pgf!%Mibw8~Wa=|1q}yo@IvlmxNEp&JCt*n|5XRxZ}!idbNE#e$3?KtFqr~?6N-t z4bYnaf}F@izYl$5*_R&pO*$94E+p9CaK7U#UI?_xth=Scm?NiZVRr^g=Z&?4>0y?)eb)@s4pv`bt z?|u5`$7gx&oX|g_;I8iQDYi#Emm#m1Z$=F*JGxF$$LYanoqn}-mnSH>hbk4niF{LK zIN12j9m6{o&rVFAw9DOjhaFg)T9@PPNg>9<=6mX!qNI{(%b%uPkmG zW_D}vkVuF#aJ;R%Cw#El?la?W?YMsM z$|U`CPp#~vYX@0RH$IJaUR)UxbMSQ7!V7+t%B)AVrQX0Pb!*4f2?Ot4>JP28yOlCK zToqcTz=$2T$1>`H+v*4>uTSvpjh74O#roZKd;4nKwCG`8gSdlU>PD!g?CRMs`uV-^ zW&U=+%G}(OU9IN3goeH~v(8+)VMA2MH0`OWho0_U=ybI6ro-9Uo=-2uJ?i=KP-f|d z4hI$lD5kiitU2X>sPIO=BZu@}<>xAR`<2}achFM1Gw0%{ySm_xLqWZVm4%$GIeJ1< z^QFeOnyMEXDmROtT6bO%$Cq&?19?D{Y# zechSajJ-GS_j|q2ebU?Q5yy^QGdB)1R~<4e>y&li%_l~qReGJB$G4r_BkaBsxVv8X8G*4V}R4zNo&Jw*HVC)V-z28q0z2etRyRqrxC@9D#Hv>w6Z5!#r` z>u&}|J*z<8Tx-8+ML2BSZtvG{2is`fZ9&(6B=@cEg_2&!y`(eMJ8lUy21@t7XlD!AyQ7HuFY~lI~zgB1-PR$v4 z#8<0h@PYU3gAa6jSA4Hc$==J$d!sK_%S8p;u$HSH)ixj*`2c z+h*ohk9{@$*^$8q#>gpOT4>r06-SCv+m-AcCikv5H78PS8%BFh&yu}!+LY`a+k33i z@Y`pPKYu#EX409&F^;OkZ)+(pZtoCDFstFWf9yH=Z3Qp*z?il(gQHU091iO7e%;$P zHndfPOf58(7q_?3(TIAmV8?aMF3aapYV;ok+Y)SF++coU%buWXV`l^FwSD*LX+S&T& zX3w^HHLEtRHOclU?T~DxWS5=gOS4c5`2lTe$KGm}WC@`ljhdWY?wAMx>RM=$T9 z#l=4C2TpSo_9bugP5-oXGqd~F#V;?_hV6@-czm~FpMAcoqt3lrEEjVl_23DuGyU4W zUu7y6u8?iB?cj-eP@mBa{b2;I^N%&ZsuXkMUK?BvJ(D;pc^t@9df;(iqw}Vf@;xoT zwe4xSv(Rs@}+W*wlO#QMxA@*asRX;PTQ(;%#9qmm>XINTRUo$Kb6^>fs8lmY)!yppqp2!{ z&>Cw$*5}*fLhL&l0>@|8(B6ukUw^WE^^$ zaC*?^!P?rpN8dyG2m0IaCV5TJb#}5}XS=GWk-^sq-!JAX+V+VYGws*P#WbC$iEb2K5hti7vS>FL|GuhSnm?Lz$D(T%k{ z_i#qen6GL5qG%`UOL>9XobJ;LN1V^-*{)B{p^Tf~P6Y7>Z0_r`S9x^*+hy_*X7Ne*N+~zSM2&n0fPOeSD}?P+xaED+p2PdaKP()l`+_`5)RQ&yTvT)aJty zlREY&=0Rn@zPX8ysvqV0e4LaM<8>bFH}d@R@v{dbYCk*a4^Tf;-)_TYHFyEdKP10P z{7zl-w$;;q_!n6KM`Ku{jt)#}zthk|<3d78P?@)_(&JqIfqQqBCC_F)-5!Zd?|V=o ze2=o<=moW}Y9JSr*?phquHM%3i@bh&f4OwIphX%shE0StTd> z*!US+^Un?$c~Rx6*^P=yuJxrOdGS6kZR2>Kx24R0+f1QPzL9+;^l)MMCSRii%YwWs z$E@qj+?D5bFY|eib(`GO4otf^s=B@F{PT;-<-?zRPYKJCyP4J_YnT7@`}e;1X_c@% zCLioESI2$8YCZn2-K$OVeyuanTu@h5X_7ntXYtki;tSa;N2gVvI2ajNwD?fvxe(W< z`*S9bdNX&Yqy4M4uOA*6dx}@Jzj|C>^~n=@9LeuC<;CX0jG(Ihs#AwL?bj-K8vg!Z zzo}ODa;$E#t#_#=dKtg^xV&&sQTli!lJ)j*)&o`Fo#U9-v-g_K=;K~F6qJvdId4Mv zwh3=%t4!Wn#L2OJ8`gg2`89QbU46GTKaEs>DqJ+1aA>7h#n{s)=XcDAT)$D%tms)q zL`sNe@2<;z^3VHxGUY!yu&iUn<*RM?W(7Sw%&D^+ImdE-EMv#Jb`y8zYAD^GywSjm zetOo75U(izqwV1f$`xI!rr&* zO)X-hFRd!<-Cd}#URoulu$t{y!oc3W+@^b*9J!@Ys}!=k74|k~T`26`UEQXGT=E9R zw!25)k@MDEWX@IE@m(3cp+Dqao0(s`%4IDv=PE5MvY}mR6NR4<@?c6g-NN37+h9ab z$t~}nYF2hXt+4lP#lqg7&VG+Llh`d+wd1$^<84=bvCcS?_$#Wn;qcq%+pMp1xc2sJ z;uH7cobVksv@0rdHu7D%uCm%B+1k_<`%ZtHM=0E0(bjYv?aGyoFZ$Z#^6I+vyc*wS z??;19%wKUa156^+Z7!df-|^*We!SNjMpt;!xXBxSTzivy;rYmy!`|-tc;v||>jGNo zj9d-(Za++K^cy?Q_j14F_cLzW&N{1j!u8#+t=IDpC`NR=_#^aDo8li1I}h6r$$@Hq zMQ#t9lvnz2^PpqPVk@VXgUq|WFG@0=zAf2(%2GaSNjW}7Pc zT#p)AlOxCfl4K+xAUUNKfot-jo>g&g&y0FsJ za|WHh74GpW{Pp>%$EeSJQVMM3 zZU(W(*!1mGf4 zFD{jfaw)f#`_{8>)SP8(gSv%&KGEonb+-v&gl$lV3L`pZ;=+idg&cFhw&k{J+c4U5 zdX_lOZd2konzAsWV@6dNLBG>ZOc>Eoso55Kl3kt|bys!wD=pt0CkN)8ak*x$xKg zoptTCeN1eyZJ}`o?b&uUczl#8^|Ibn8Le z2dZ=XJhn(TR!*5^=}y1KK?O8Mm2uWgfK zV{aE$%B82iu%y%Rk&|!Ms^h(ifLk zZ`po4{fgo0Ih9l1R9A#J=4*Za_0S;lMnYLAXtTa%@|K9>C)YeQy|&pqXMd-qDdz4@ zOAih?WL9P4m20*~^TIEKQkG}hUY~ZRMRCrmp?v+(apyCQA?u^=PqOvo|{yHzav%0Ulwg(jNGvd6@4O7*k15-Pc4;{5<>sG^qB|GQ- zDk$4S`!VXkmii+D;nTBo=W!C+KRTwJyCvmu&kL8i=k7en`Z!Nz_9C`*)%f6tZK9p3r*y5yr565#I#&z!|=Xh?8L8q?nU!J7jAD-kE3vYRqw>WuLgx!QcdwJ-rv-quIag7#59nhiwv=%9RVp>j71+Q+e7ZcN60XmeF5 zNozp8!@!!xIBtW zMPKYBr~gj59sA+&HrekK)B9;&iJ5`k@F+=@Kl8S)T%b~VKh3tgmINBg%i+eIj^~E= zbKcg+MZPeh{l-JQHW=+g4yk?O)wcD?U;OcNlup07gS)+7hqTuyU+le5r>>3JWcH3F z@}@slCO=rLle0BrPL<=5Ktmn5*bcqbfjO4X=3mt`wdk;?t<8%zW|K`V&Jkx};hS9* zxqa2K?~KFwj>?XH?Po>>8YU{8oTRUE)X}}5AR`(Gg}^EA3M)$H1b?j9+|!${ll|o` zTk*oTsFQp3=dXzQ{`mCGXtf2B-9}Z#OANJKbi+Fr<@9^sR)>dj|HIlJx(Wc&FfAfTrCyw*Ik=72CFL z+qRPx+qP}nwv!dxwv$uu`+a+#ebe)F^)r3bS5q~=o=)uRNEurZtC>|&L%?0NyB6>U zK{BnV$Qn3lu^E}3Rd%K58sw^%ubdER>`u(|WDFtgnS83ll#j?RWMVwaI+gU}z>Lt#Qv}V06tXe_ssqbU{ z2r*Mr_u@t~F%Y--N00R_E~y|^!j-Ni3u%td>BW*GM^NC)lLyN*=C;f+r7&PinE;%f z+887(@|=1sotgMlujcjCoDn%gO48AhXnUD!0rPQc$MU#5aDjFEw1}AqJDSdz^$+jIGs7@ooZEM`h3)%= z|Mk_MGuP+)QXfGLa(9`3x7kllo1b2b|FkC0^z-#$FN+`1^`F-d!l|g3+cA5P~qWzz}c+%2wtVT%{__ow3@Rji3;v% zJ)B!~o!mm3Ekw8$+}(Vx@z`TLA*Via1cNrwL#z}l&CdkCRJLLZlW7E4Mv}XzDD6Qi zT6fLJj`moD40I6-UZc9>WeUoZy83JR&q`lUO)tZ>{$E9erq#N6B`Y-J2=p&8d)=bCg63t7TbXjf^;WkHD9oK7YJNG@1Fn*x%JX3GXjejscXlfm0+n92c3(a_Y24WB%~Z0ZH3bYS%xp@ z-;)Wdmw4tG6s){Q?`otS!Ka91i8&XVY+tk}(T~ZHFw;$+MN6=X%J1?BGik=-7A2!h zyu6?$nkqWjCdb>bRq(WHQ7j~}lBSrAnmPo%m{tjHWLJuMvdVhwIPJIk7b~TT;QPKG z>Gyg$F*Gasky`|$4TBHXEEI06p)tbj_bJfO6QQ2Xp!o@oov}x0i?(9@FR|ylZluR^q7D z*KuaGU>DuvSSZg+>=3Q-sMe6zcyVPpKeh_d>~08ine8GVY-km9)i=?UPO^;Gx3~~A z>fXH@aX0l>+e3Z&cIInd;O`C&-n8G$FrrB_QLeKdvfCIP@>7iJBlm1VnkwEBu#M~t zqyBuF+|deKZ4k>*(cNXY?|xb0CjJj(!TQTSK#Q1}UF(qRi3HYve}8|kuJ2p$`}tNy zkKgv|{q^=(7n{f9_fP{YF8<(i8YQ$!dB9 z=B6s$f5kY{@>?%gXaA`_ZsSuZRDByk!l&p^~lWtNCw9<7w6jV;xc z$@4LOk4#@`K}r7~Fv5`>aDhUbTGMCOEkRNKOQf!|s~CZn;jDm$l$H_gmVU~T7k<(eWt$*G4wfw#vx_tg_ zCRJ=Utc7XLGJxE`)JJTT1HmaE@~jmW$-b?x#qK7wA%9vNB!5|* z$KtQ2CA?wvnWC`|Zdi6|&hP8C@c!)8+>9sJ;NQW7P~RdTttKU^B^cnhCVxrleq^9d zv8d9qQu`%exeiQPGmTz^Yz1Fmq*^Db&$l$JWymRtLEcNJt(Zmzkg`tknLXpT-f9^z z%i^rtXTeD|G{3>ee*G^RaTrgn37h9B^72xfqpa%4U`v-8UAdBADE3sTqBCBUOe5(= zdhQb_+L#|nT8VlDh2df(VICSK`}nj(l}-NYg&GaNJ?RjhfHrS4h>iE6YQDCHqI+Iq zpR2F4n!wY9dD&#IoBSNrs0qSrm^>4%d?fQ@9DwKN`0k0j{Dx&4@A*@_oJTmXKKAlq;kj0!rb>k|E z?jhMx?#I7K)yy>tnzUlP!2al#a$i-1d->XyBg{JuZFVj~RXy3_iR(t*W&(X4L*T-x z^=cX16um1Ul9B6-vLTd+Dcm)%S#<9X_V)xGoM_N1A8l>bGL}JW{=IOi*)>RBjlm)_ zT1$LL3^EsMyNqISBO|&=Q&*X%r6D%3%zM#cpqXX=IGDKtthAc`(s*lV&O=HL5_+BR zM3YwUDe4(%V>q0NWHD)4*nL!YRIogVCS5>FM+ai1?s4->J?k9(tNk+$)xR zpCKx8lbN+vcRA4HsI4O$1&#-9&bNA=dNMEm>J@FKK|VXh<}b@MYnjtj)3TZUhi#d$0&^ss0AmNSBkYETf4CK0E)lQV6cI+3xAf-N zsjfx8g69^YMv1uUnBKn#Sllv`ycU^4*xWxw~6se~@ z%F=`@D|Vc^?X8&S>7H_%r%L1(0!O!u)w&gzs9`@TP|T|&lC{)C40w#g&d}69_~&*N zE6^g$v&YqSGW_Kh+$XQ5ppxl{r66n?Fx|Ga=|(7<%z|?JTVv?U&TM4t|K)e(;ER^D zc65}JFM8O*t)|!5j8`uH$+E$=t!nN=4@i`1E6r?usce;mtDV#o6gA@a{3zNL)ywu= z5RU(jjtDe9bikVyzXmOX!!OJNmqmAFYjHF{3vAa(4%f~pe^BlGIZYM244!fjQcA{l zW!E4iM5#sANZ^!JkQ>g4pyU~Bf zJ0Gxx#ycM%011Kz<&v)lga_q9I3Iv?Ch#*REQS@}@tL*18iaN%^SSmyo=GjRMAS#gTm}d$~bqO3wDk z7t9>(SPEcH*P8FX%o2YAn6~4Iy$Cjt)G2z8bjr1sqEtrHUNuRwauZj$O*;39RPrt; z=)LnW7^72HO4t&aYG?RmTss-D;t3T`4X!{oUx!H`lU3o3BmWJc!uiDIlQgV+|FC?P z2xSFdv70^5k11sl+cjMC>hYYvDqgc6EoAwl^0!9Y*fjNgy-hGnmN=-8b$nVKjio_x za+a={Q4q(Q%lBDkZrW4;^B@s}=kQV08}BLwJQG7T8etQ5d(w9}>S<+TP)Mf;r2c#i z*yaNOl!b5e!P+@c3i%&_|5mj5gtP{PR}L{BAO_@;-wzysa0K+92?#)9dq4P{2@sIh z0)%4y3n{W@<>JhDn5*A_J?GJRwl9!n29^@I8CE%S?j%Q1cr=cN+DBQ5F=`Sx+Hzlo zpX6u93p%v(*Msj9HzU`;GVAH>P~cb-5J$v$PC&X!!fDf2*?1`+R6>B zHy6^EhCQg!a7D;u8d_=ug<_){Uz;KW^B?(Z2`;c68PL$HvfjE9yoQsQN&i9_K?&ki z2E5h#?2#PB@DZHpM=*;<0mtr)qWRH|VgV96@QY;4`((e#Y60tOsH4Y zLsrWQRF~Yh9nm-ew(M*5k5tH(V=FD^{gGQ~*j)H^hz$}Ad^F9yBD1POvK<+$acW0< zIKOM<>ef*t_2+Zv9<9WTFZ1ks+Z$*VvqP?&xhSiULpKGZ=O__Q)EIz`QQ6?u-L?B0 z;wRvZebLU?c{jW#BXK)aqRm<&m%ZyrgZo9tDAw)eEggU8BG;q#d7V>#%i}@Z{9in} zZALUD>W|fy%~8d7W34<`u`0?!qV3*F%(tJuT#TRM+`f39j%!$>{gXR z@imj@Glv{{aAO~rQT+AtT?oWVSB|AWhY9bSMR!5FWgue}t=gOlK?Hre%=MkszjU(n zRn6;fE+PCjl$TJYlGQfn-max(ob)HJhLsVIamm%HO_fBG=c$5NQ}8T1n5UPC)~#P`Y+0(++O0|i55VOuQc8xrZ?Rv98q|ijhKZ7~V6D?fD*-86oCx_blHlqQjs7|x) zjDH|BM-x9K(y>c^!y;^+3AP@ zx3`I{yWq6Zv1zGA0_#L}YWK7klo=fg$J3EDjANq)Ki`S;$!G`*?w0B70Zr2gy%>X< z9C%i!jC-2%`}Fg4g|D@k(UrAe*7;0USbn(T@Rs(aps6J|MGG;ytJ1Q6?f9c{*|eUSzzDj2h5OJx3NQUW__P=dLz?zv({ zo_oSGR?hvq;APGgl@l7E1%`dStq+z5HzaVXUpw>#;!r|R)E~QD74Cd!7aBhTXZvt! zz>LBc1NdW}-PaxUdEIxIf^g%ow^fvM$@!GsYi~#~m&*<%z?pOqRNX*0x0^uSpy-fs zbIgc%?NZK&!5zuJqv@Zt!`8^Cav-Wo~_HgYFp?XV^GvJmSk&y~=VZB_h zxZpiZwwmF?;V+<6ObsK0hyb!x zP=kmXU=1T{pwxc^bI4IuDYtV@m+3}^W<#;J!Jaok&!)BD88W^Zwj`R?dfDHlY4pZ3 zQEpw)tpW+C1OJ4uoJAluw@vCq&1yqNx)trWylJdwLeqOBhL~4349$K?-x^m|L1%!) z$qAKhNnmH9URpJ+0=PM7ps8q>Z7J4efk%Kd3O6yJY;NBIr~*Kn56Q|Xsicl4^F&o( zaQoi?Ylv4g!uEgxKrtSou?%1Ukgati01%W13>2saNd*p3gQtKMB<`ULiz-Mm%!7ih z0B{9d!OCNiV!a+L$5o!lA6=v^2iD_HR>&rRBKLNIISdmGrU}E#HRdAv!DLDe0E7&kql^tBn zs;q(Z<@4M)@92qZoI$f03`^WOmv{iju_0Zx7? z;WBD)W*|IIb!H%m|1cJSY7A~J!eeqhdRG5E#~~-^rE*_^4Y*vd8w=yi1(aW^Lgpvw^k#K_bfW2lbZpM9d=7S+mzBBtHCcv(G2Ib>)gu}!hNm1 z&1?&iIehsx5Bh%G!-rvCFAZKlQv52~F_MrDa3H-t>CL1UiwyoQ&DKMB_=kjtR50oA zH4yBRceNX<=n(V4W$OdN@XdE%wQRI(>$2$IN3VXqI&F|ImH$4Z{F$LZg!8)&&9*j$OJ>CnoLn17I{wDdv%d97WoBkV^}y<@f~YI zIT9%mr6DvUr8Td{vr><2c4azL;f|W8ZklXw`Zb*4O}J91SqW8$UVF5G{`rpq9pjiaxxn@3zy>^TE2 zpD-E*zFh^D?u;MOZI@86?D};+a4$K$Mc35D$DU^qVe%S@N>NWO4S$zRlk$9#_44h% zC=I*>M{z9s9$6_??<7+v}VM-xQHSya>lOBgOS`! zu8qrT=6c5GI=mD84HxnOSA>UtxHK269LFYR5xy24&%zL^tWC6*otk;%{1j6?AH<>- zVD%uN6s^@7Swo1LsV!hX+lKL|N1cOWMr%5pVe^}e{nf;rhs9g03C`2WWf>}i@>rZw z{z!39QwWAEjzwEf$;sJeXoS`DF@ld1g}Ux2AwuTAvn>aq?zdn zcAN}=?o3|9BEmnsmQq@Hsa`76uW91!lh7%~!;rO}cJ+KvVj8Ve6Ny=+M@KE(^4RyQ z(-r6GrS{2{LYPF%Ys6Cwq)~22IeTz1tI#RMPPurT2YU>YKAd&CrF?OVzTrUBIMb>j zc8bQr6;<4yL<7muA|%4LIAu=>x#$Q65Pyl(O$2KGREca2Xlw(7$PFXFD9$;oir9#k z;*i}%T6 zM7$kyfgwidIR;EhFR=pzG{Fs1LP~r^>Z>rTnE;;6e5AUUtp_vb8 z&$zUI#U1Mkxg!;2y17ro9j*JR>B^9`lPWsrk$RuSPFf;l-w4(FY5O{(wp`sqlj{A^ zUfk1VXxXrzIk(dzTsX+<*D0(XV*T<>Y7|^2{|xJTR31T~@t)6-2}q&oRzIyVso0W* ziQ>GEp(HjlD(CJBkq=XED8t1_*>VxJ1)WuJPXzg>9nQc@ZA@$bCp6@()w7AO8i}?l ztv)#qJE91yJ`h$dq%g6jRk(9L^5W2B5j3xxA$Io46sM4^6C+?n>JXd}+*F4uU=-9+cvL-YfMN@VKZs^>?AsFX=+JxYGrDoTWKSuZU z;H@NoNcS}ovUjV--|GoDgmaBv>#b5JAEv(STT7PIr~8GVOrxj!XgaP^>DBE}bF|SB zieOrwKgrE442D9xafx>02$XIi=r4h3{Q+%$9w>pKQziH-jrNbGew`60%?gO@b+JTB zq?)=#|GpNPz4?K+DCqTL6R6Ui{_n-M@SpKuB9C?^U=@3X9$%nJ_Igc&CS#yVcObG? z#phC)#A4K=gG_XOfS`GUI&ZF`rPQcKsFjL6R}r+@@IzLARRp88tE`%KiN4KbTiGO=0)+G|$H zvl0Q2OX&>qgkfn%T@d{MSE&$)B_)|?D5#a!--zv1*(ZypW$-yeEi~HdsadR%P&t|J z3%$_YAHgJR!s2F0-N%|Hg$TeeQlbsdEyw9jv=+v%Xb=0}Ed~63eSN=E_eYodzfSdB zZ>2x)rO(bAAD#;zoc7-|n|*1JySQKLO$}nL73Qb#QPuDj(^^WEW!8~;!%C#XY*Sc- z>1^!tC&7S%l`2;s>lB2A45lq7Ambt7p<9ZsbIhuBU5rQ8mBJ@GQk&7|I|eUp68}pp zS?e2Oj|vERAhXPF@E#^;V~ON-1ydXQhq<%Jxat?Q)FYa)$K2x^D-!>qM8e9vW{gE` z>(oTzL+Yicvw76GMH%t^omTNV38HYzCl{kHY;SLf)1BPa6|{l#QV#+wt;7^1fMX_I z3kcPOWhM-<_tX51M(#_W8l%)h?YM;y+ThJ=B#931CNudYl~C!K>ZO?v(OY6E-CT@g z=#J0l)BRf9FZlPvn|iZ;vO1P5LS@`jUANz2&x%fmTDG~9R79q1M>+wmN-kc6W+B0b z*-P)C(&9lhC2^`Rwu1Rh<=8x$B6~0c3%fnZ%=JT|eDDkNpf&^NZ}==UAPBi>Y9Kp& znfgdi44kO2&2sIQF;R&wl4+_{H)pWNUw^gCN&GX`;<`=mvSt3qmq7oPQ)nprXWrEz z2{!wjQkauI>+B1$ zqzkIyr_W{GMcQPJhR5vQAkuN72c-$K5v)MmS|8?;?{ui^%< z3JBB`lDQXBrrlkxbF->9T=c#+&G>40q;JCY_LX_(PuF}jye?kpZm8hWX-tM&5%Amm zd2k7NysB{&w}9OsOS<&u?pZ;V#c+{(u7kXtJo8Pz3rys~=w7U$iW^gj6PbgrfnPg; z@kK2tohD65Y<$;p)+Pb9T|%AqIj!K1D1{?4uU!KE?f#NmSiLn-Haes6iL5 z`SMQ{%^M!K%+R3oA_=z=b|QdZOrhVRo6Yi-q`kSYW>YA^IbR zuh`IPRPM&KsdmaPa}&6HS-EI&$xmdlg&r}jF5^c8A=Vfrz`pG4 zIT1>5=7~+(xD%g2G-OA=TP3m7B)o>Kn_>E{)QU36SnH5cERZHD5LSEb%qm2wmY@8c zNbA1wc9|TSQe~wuRLVsZ-9yroQl{pMTJVl_aMA^jmE5hw{?a!$J~#0_=)t(gKHj?A zR%^cE%&u5H-EP^Ri7T#JLfOpo2=EN{2_C;=_yLl!F*PBEpBBi79 z&`n0RhnX={_N$COZv`S|eX-T4mhFy;%rDY!Fc4erCc6PT;cV`cKd1NodgXlTbO_J$ zxt8J~%8{X4dKOfHwTI!xv-B(BAYU(Nc!OBC%I2gvtKkcQ^ zqe#lH8?Xh+j6!jLyYKS_j+T(UOwuXWt23s`@O~_>?4Xt*;;?;Tztyvw` zDYtO24C4f|4Q!UNp8IDnjL2nOe@u1dr)Isj4OKKXHEBan+PG?+jAD&_$;)bdP4_X< zea~1;u7MjDnG0LDr;1B4o`GlOWZ63rI*C+x&lTRZ8j!Do-YC`B)Oz9HZoWhGL)4xF zm;`rH%9irVjySBPdgt0a-u%-#y4|nO_sb^rG(9_p@Qoodq4t40IqV~3KRbqSmvHG| zhoF65#%Z#^_5p?#P#xlI9Js=rBV@-d0}m!G9pXqFIHRw(b}+*!LWKK4P8coml3Z^~ z&{5ax1F!iZZzE^V)~o=8n7Q=_immJOF)wJbn}7zO$P+jDZ%}C1#ZTcC9NuN>U4Me_ zB`V%26!oFAb9?i-+`dkp&zGzBtemYO7Qx!^f~%1`+c^j9T0N*jSN95dRgBoP-SlOQ zj_WJ+wGd}j_1zoMizqWOn0UieIUF}?v8{h?sN}ujjpFxL080GmfeUl#dJhFLssg!g zk9f7gQ_U%~movq<>wlr?L9aD?p2PcH^+bbI*t>06uR0W3yQOxFHf6o*4sA=jARlgG zTV=J`z5MYjI80HqYm+iLiaKO$`=e1leTlWi_H+VX$ryYOPvs{U@(!a{wvDFziExxn z-UsjVdPCth@^bE_FuA!ZJ5%w#IVd45J&Y@m`}LplD9@ZC_LusZV9@VVJ3IRR9zVCg zt!=NDoAJCm-S+L>&s6U5>6J6eqsoQr!ccOLflEblNx^9{8R`it8YxbldrCPuYrixe zUT*loZO=aX6icq*#%J(h{|+QN*)L5tOaz^5{Jzxe|2kjUo~Z(-oQWxvKrwF+0XkM? z5V#pz#izzd#N2U+GZw3f-J&Sx>r@Zhx_T$b5Eh-O%PWJ+&Yr&DXs@St1{{pr7im1u z_%ZD(7yEmASmP>DCbuqD#1zNr7-9^l;gC&P%0@rrst%NquQ&DOk_zECPj1e$k94XL zs{9j;1f6VQWQq?!<|Yik0~CgzAJJXI#$~_wv>{c24RJ)L)X>Z+&SyQ9dx#AuIxRTT ztz3t^ZgD^jCz_Zjm{iCrSum{sG?uXaIm$Vcpwv~G2x=u-9R0lfEBx1{ghm+3H1e&h z++{bS9b=`axg&NzJgu^xQ;AdUW(!=7-&5VeQbynXWYuKoaK^)jpxG(;=aBxELKb21 z$6sa!@%MT!E9iBF|HsLpzVCMmk-o2s$Nz_#*W(wK`qBEc?)9@T{{ON%8_RStX~U;sAn`tABv4#un%7ZaYE^wlmAk^} zdhGC2IPvVYpb)g7WLKFoN$&bZ_E(Xf)dSr#mMJ9DR731x)jbiUsv;5_V(Q`=ZboTFS84KH-}x-H#K`lsE3k1cBQD;P$y5$SmIdLlfKLt{YB|(;g65K{FT9 zH7HxsiN?`90oliHtQF-^*2>BYu7RLeTxtfa$7=4CB{j;d9CKj}TAo}^ou_q>ek`rK z1V@NAqMO=m0y9Q*^kY6SJ4>JhQVq zhr6Z&Wv7D1If{$mvcvLp*DJi}scCA?V>Ee?T*8f2hV}gTRw~W3wenLYmYcIx?GHhr zx{2g45m#2v!Nr!9@6c68j*jz%73B1MM5{n?2fl6dBbAR!`Dts62U6WWGrP)5Wn0^h zP9C;QCiRBDeGeE`PJ&5_iJ|y0O9OkbigR4)Mw&!zF|ns>ncZ@2J{&YL>};`P0GoDm z>F9<6(;y2}f(3Zmg%FOGF->dN=4_Sv6PtuXY69v44@CuAbz=&3Nr1S$ehUPhB60XO zh`Aac9fLG8@jTqpbcQ|NkOCk%o;=X`lWyI*F`fURPA(TS>&=sdpZT*Jw-i1@R0KHuml-SR;jG2Ycm(n@htR> zDOitsR&;o;de2*6GYKLSl~@k18VCtT63{yOB&>a`uUVp&SmsDC-#xG1Vd3RRK-&(j zWz#Nl3neuSTK+a8(!&zvVaaR9OpPh~#^Wl#d#Nd#-W+G|+?6_FGDvEC!eeF>nz^C% zB3QbKMc@M&TK^0<4s9Ofi9OD?Qm1?Hki(&F7}2ib(!NXwOch+W=vs8Byes}mxt7{0j&Khg8L%nbq2}bsFZ4Ys zDf@-gHLCj7sUnBqpU?3=oE~)nQ>yyNJ6PEvY+|z!ano3BHunPN(xodrV$oxVZ_qH? zRt+0Cd(11ly#-;sS@3r72r6TGti<(qwbQhitq^G#kW647|1CS1K^C_O7+lfzDm~C% zfLUi4jh)zZF5FFW*(hSL?@h{ZG(fCxE8=KRvU%K)1Cqs8d*DyM$oI+q)HpI%C~AL7 z8r6pXBe7%asL5@2?p3*qUquI;%iT}NEmX+yvi}1!GW8P`N&2wa++2@7#^U1kb^X{Jk(ZxAD~ea`aSctBL`FD3&?PAJ ztWh2AP28CchMOT>(h`2{P25@K-kB?qF*RZvuWe>eLB-(dh+W>zd4Jk6nx}fK zT1%6)D|7d&M=z$QDth%kWtzWuW~Ef|CAoy5SYy{H9z`9C)LV%DxKSkXp3_50@|g6f zGHB&BZ)sZGh=>gZ0#DTMf_jHrntt<Zg`9-hF-XRD5a?Z`xR%jTJ57X_8%LY8ZnwG$$p9@H{SQC+3QoDpVCFlI|N& zKI~Pjr4#R{DnF6A@-)bPxr7wHmY&U8o43f6dDF>s7+8oL5zuy7k z*crG-h;?`94m!lcy|o7Vj|@YGjeQLm8@T6#*z>5{=X*Enzu$rQUkmG&{s}_tE98~O zE1!~Q-CPR@L8`XDU3VypW2_zD<&l}TOAQ2C5U2&+s2bM9Y|b{vyti}L7)scXZ`ukt zq^F9*r+>_8<8fni=?s!Fl%WTo{_)LMa={h*JijMK?}S93NxT!vRg%poj_^_K96`s4 z^^-NsK<{{J-a-`XFyi_%*lreH>q%0g zVHcr_X<&lIxl+~;SG1imV`@`r87$G`CW;-+=L%+L#o)*J+nsEF+k1s+Ds-v!L~}EU zdS40H!~1Kub1pFh7g1C@%1yZgX%WocNfx=726XS!os>*KwUppIZdDG$Gm>i4<;A>| z&YDGDRz?#V3pMzR_xuNHd#lrlAX2BI!kw95?HJ4R+TO*>c$Wj~zqO6SbtS16d0@T= z;vv~FeCDEEoY5B-!Nf~;I)-|B=!%tOPSvOftIWGE3451Me|4-ruE_=!5sR6T`x(i? z1_idflk))m@by}U>sE>y>&R=l#ai|h{}#)#-Y|SUd6HH-FsB0~yp1Y;NXGNO26NkB zUP5zD;kLMVThNOogP`2kf2G1VFp!s_Q`Z3l*>3`|n)ZEsO}a=F3f>)2dowQqS?&2V zsVQ5nh^r!89K?YvT`==onyRDuoG|d?B4EZspo~O<>Dv$nfn{7GhAs%if9`>NzFrvPL?4j#$c`K)N87$6_uA6JY!_DFwPK3I?KcIUK+XvopF`8CYGI zyN@`-=8+7|@|rF9khCk!_e9b5N^K?2S#fdHB7JqB{p~cxTQT}0L|r+?BSaY~nrj_K zcy#-@DPyu7^<$yAUa!Wf#A&L%Z0|)J{8xiuA$na_DtK1U?-q1~YZq;UAqrjy}%{Yvptydul?_MlRo~+N_5$mBi4>Q0{a( z5?pJ_g`AypuuGGJ7AQsxbL|pms;xq>*(J9;549ZozE? zB)2e$7TuC!4AijvIa+!(9+XsEWi4F|=PTk(L;Z;#ML6}Af|M;DzPc-NIPz~63rZ{_4g2-pk5i}NeH@* z!)a%llc_6^li5}v<_oyNZm?S!SZduB%0!+}ijivVV7Y>Y1u_vt0erYE7M> z7+|)~B?ajcfJisE8;_=F(Y61SvVIT?Z|{mGWZt`%xEUd*x5gHBIi$?u_$llX{S&!U z(1%TOGUZr9#xsv^b-Ny#33z;L;yeDJb#b%fp<1RI4)0bLu{a)`*_4wixkSA70JcT= zUY~CIn?vZmhwP=W0ls?i{Hjx_e&gVBiNL-)$x3l=aFxwlLnEohY}ST*OC_=j&lIYM6U+dbe0$k+H%bkK9=|So|EWWkBZk{$N65$h`g?(x z8I^@T&-0iPm+mcnUaoiN5=0DNF|U$19~|uYrh2*lBd+E3sLFUBd6ghAy4X&!-q9YS zwvqGJEd~-;nM+v5k?N>wjJpWyy23Kp#Cu|~nsgNdAQe5^>bfw;k}uqq2NaKKhG+@* z{|#eh(EqC-f&L?Wa0!=upa_?~+)#x|IZZOT|H?Rzvk>?}FwKm`^Zf&Z8E4rA8)pfV zd4&Hf^9b?_tScP(E5lkq02 zn`Nb>*)wNb(B&kXMP^EIri&N1PFdZ_(I+k(x47%k>S=`z_~nw2f07w5OoEv-4NAfd zD9-p_fB*CRh1|Wm{dMAb|5)q0`W;*Ty4ywQ<@C`1KBR|){QT_ux_juFdOYo040`RW zXXx$jn<_!^ikd<94*Dk-#h zO=b|^LgXNBe>*MsPLN?pq`4UWhI$w_9gNzPsl{FdrfFIs%SoHrkTzM9Dy||iTGdG! zXn(#D-b}jGt1a?Nbq;5+Jz&e6iV511blFOpgdDpzb($2a)_O&YuPmqQC%9jzW&Q<# zo(9rcik%#F$T*m}DYr*@bNwBtj@-*wMz7%`I@IZ4B2f&)$~2z5BC9MEqN%B=M6?bF z(F>To!5y)l&ZVAZPSeS(!S2*qWIXI+bb8GCNfc>ZrH;%CSI>btsN0{go#ELPJe!-@mJ*@zw)JzjphDsNrXoU}hGCs=Yq?jbZek`oPtwb@|wD1H}v1WPgaj){n*W zm~g~SWAw``CB2@GJH575GR{>yQ=j1#b@}-?xbh$M!RnAbf2FJcxz=h7hD6;>uJ%sr9td#CO{C;Pbi#Mvwb8vF3MBmIQeJKzwLQndSI_JCn(sha zH`8Ozo&cs}j%*=8YCT~xxe?eow5t97y9~l?R3AZ$=oZ?0)81&L?$Ao zW2jBB+SrF)J@O&$Be*&zVze(#?*MHu^I-wcCn^^7KuF&RaC z07F2$zr-jOr-l@<4TnV>s#BQ9Nqc?RC;8>Ux^sY|H7sks(57JT4aq+(A=_r=4Mt#CHb zr$Cgb88>eHJXEdY&nrX)n&E2DrPdReBFrTo+TSr}5VWgQQ6LF7#;GUvr$1L}pwLS5 zWYi9Yj-MGZ-dq=64y; zEaF($0*!k(qlOw0*`5W;(~UlH6P6!6e?+qoE9{wZTBg01Qy3V?O81DQ5(h!*sZLk0 zd32c<>p_@lXCk@1Ymd#kEb<#16f+V6cE_v+s#tzm(~gd;y95ElRb!}! z6of6@vjPN1@O4f}f6wH3xTql;BD4+zeSnI2j66VM86Xz~3qkh%~vVrT3deT2`gHOoPm{QdX^0-^Kpd5u~1OIe8Ppmye z7`}Am3gQMusfSEyfhe~sEq=Hg#AjrI+kg$Kj+Tt9DxT4U3aMPw_|<2b`B&|b?s15; zUdA*CxbL|Xq7djXtLPCR2!pX!L{C^^68oR`iaUjlz`!9#oarHJP5K&aZycdoLBpRb z?}9$`a<3;ONfYK&?aXs#u4~Bz=rnQ7h^Y*cHe1UIsAQ@hp2VfnW1G;+ao4i_^&5p(L-q|e~$ zF)1yDrhXu&4b$8w)^M7H$0oX|4_1)YLfM6`!KoJ?UBXk{2Ma~eHYgqn&EKp3MWMlV z63rrvgp&F>8xOS!NNo;z_D)b0D6vYG7O zwK>xEK0+Ij4Q1@B?gci-i4jxk(_3a?h=$J4+L6{n)zF$oG1TJ)T1~2n3(d%RL?ez? zIt_xUM4M*X%iqwYpdA9bw&WipRN#wBW(H{~$MOhStb=iPn;U6S>$c-iCJ1u~ZYA0r z;5cC{e^B8G`S>nyaZ+Oh=bw zIHd%U>rqPvO2BOc-IYnsmNdj3MJt$w5ZH9cVKy|{AI?EH%W6kMc8~> zpgP;Y3)ZAx>sjg{goKDKcSjYM1SwLvQhQ{ZN>_um_!a3S;Cb8gbU(5tC(~`J`dj8Z z?E!A?-GJ=xjeC9naAJ|3>7yr5s?(s4*(^$vF zGqHY+V!wM5qCpR#@H0mDSf0V(Us$-e&K4m_YlFNV&K=x~vsdpyYf5|3Do}T?p4ntL zqBZeCoe43gY#~Z}j(2X{czA^rGC{|_BSbqiDw@z@-d8BvP`p0lecz%n)wWVq3Xt`` z0$)+`T~cEgi3VMB8KN52vW|1DvU#|l4>Wpj=@1EYYUj6nNpL?Yr&JI`8UNjOB(lNO zpufbB_y2|DAs1meLX;;OQkhjC43JsDFq4cD($-X@s6wv47moI2(63@ams6wM?fcDI z#ThFpOsv+JsXrOev?_Ce&cQy15GDWQ@P*u^Z!5Hreo5SZSY{*XvDcuN9v}k}qJ>S^ zj^FxH1ShiZ?_^G7i9AA*EW^Yzq)#X;cAcqWHS1@8LI}fYzWp0|;$HqB2b3-GC`z(F zugb?zcO&h#ZvAF2(~=7|Cfb<^$1dJ&{DeIK4c{e(oYQxYny>>$edgH!D!rS6>2OnGyhTNG{{U(~ibPpKlX}Ou%m(1yrjH5Z6 zgFC;t#B`M+YL7DPLzunnCu23QT{y-by!B&0jtS1-Kr)osCUmjS&|B)m)`ku2%MX2j zz+xLVFhHyaGL(VS*YAVy6pLarJhQfl7TxWn`%|^=O@rG1&fURZoLmP7o8~qj8K@f+ z)Y*+F=7G4-76+=MNLvVJLG2xc7i?Dd(aU_^USy=&oCzKFLY23OBvt)r{a}45Pq=x| z!cF87heGRqi)Xx@rusg(p+{`=Ss|)pgf}Fv88F_7&YIxL51JxjoubEj{*ILHG5G&c zX;0C)FyXeKW83~>n=7_$+qUhj*tS<}+qP}nPLKZ2?$P_)%^Ef9t^2CS<*=lqL3iiz z>5xg>>;|Ei!j%M-eHVZP_LD3xH-_Eg8F{Rn(DX2L&A#aWTpw$Yb)DS1tg`t~-XF3; zTru)=TXx_4hPpYY4FRs#l`q@GB?avi<4iKChOD;zAf`fAiPl~M4@nysCdgL0;_C1F zvVVX-6k(jAqfupbvMZ&%a63EjSw94Z%G@yQhT!EdK)%6wu9#eHWmyh}33y?m(Hgf0 z2=Nu4Dcp#CW2;gsm%Js$IX%lQo3wg*gU9Y=U#*%%Bl?b+`cdnChXL@|Mwr#EVwHw$ z$fL|#${YmXe+DzA3%>EUoA>-;ZqYu=HI(NMvdn-MoEeHXdt`e&U)ieqMf-6=;YV>O zb@CnJ@y*ugjzjs5K|$>*xArp~B&k!Gs4N?o!yTrnS1f}0QDe-2zP+9Hwt*Xbnpr4u z|5({oHw5!CKc##>OtV#;{)mCMSde8#cY_cnV~WzCTkA#n2*jLK@2CgsGZP*(@SDJr z@iBI0&&%9vpGpZU&AAlsZj705r^m|;UIdxDL;!jdqD@o^X{_t@kTjJ^1uK8*uHvwN zFZ6Z6TmmXQ)e+)A12iFwWr#urFUv5&%bdni*Vu-S{{8ZuyN+#sK9s{Zt8;)ojftVP zU-$goi6>Kbk5)Z;fT4%_Ud*fwyTx_DT_YK&^fw}a?pOg<9cpZoCqoi0aXb?k`c~1AnJe(Oyc9gnxH0- zrNHUsAhSgrf>CwhN--?h0EYS4^p z3(O$FxBnZ;A$9){(3&Xp4}{ZY+CX9ZK8%)QJO>FB?Y4?K$TWq=bz*qVDp!SAiN}}` zzoME}NP~2#T8kgV0jV>WZPX(Z-^Ngg*L9Bqb-dg`uNdVXTJy+iU|U^WG7J2-h(8l& zNoIX=nR{f{|70+wb5fYO_#QvWB&z|6cdq?M`}RspGe&k3qEOeKaJ!7^ zUmzSd8Z5Xn5S$?hlE#O{+40HUhX8&6=!x0~QXu|=}_5q z>Q|lJHRtSf9}pJLhsyg-8UEYd9v|55AGmx4n)M1g8S^FZ0=C}(b885~CYFVVuSrnh z66D5WiuEQHRwtFeiRP#ww6$#)dsoDePfrc6E!A!%p0Uui-TZFYSHZMhK^yprmZs_f zRx5*yAn>-sXvJfD1*>IPDG`QW(x*W;G|oLjA&~1-uch{PK{_hhp!poEY9gcqIvV8| zg8Pz{Kgo)VR9K<`>RI;80`qmudk@=)`4WhI_TD_@uLw2>F7Y)jg!qC~80?Uh%$G4y z{8L$4!8K_18ues_syQ-aU@e86jrWC#4}L~LHkS!iE_5+z+KI40B*;+8!Iq)~N0ou3 z7Pv|abeinZJ4h8zI$<+N>=yz7!%~#F^?_5NteoEa4I@?x*Se$nTi#d&1od=L_8W%$ z`B79$Msqf?lCm3Bi>zCVQD)nz@e>9!qL4?ei~?f3ojiXmAIoCnZWadcNri3AXBc)aYB77N+teg~2dm?o11cKet5^0I(W`T> zYyII_EHrk^Ahy;YCTgo!!O4y(bYm#+@;l#PDKNKcAA&YTM+J5w$Uf zyl90R!#$D`-X6(MG3v|LkQ*-5Z83umgr#PBP$8KD8{Hn|Uon3jU3MMtar~{^v843A z4j+yyIc^zxJA9sR1cmCMJvhFzOe42qWy+E+TnC%j8KSB|k#NnX1kAcK-1u2aC;EHp zp=^Uij5)DU8IYWO5cR8R7p>>y#TsWXa2lT1Wrm4YXZqt)W!6jx?<%HmE#r(?9d}l)db2 zxaP(fMqA5arO_xg+ALL3Q+Rs`s9=Fgrj?jFktc}b1EGchLL>>nlGYnkZDQ@ zs?97c9Tt;t^*sL3jQV<@{#*0f6HUA&gMOA1@@G%N?~J(kY-Ohog$T1}0S;-3{gPkD zP4q9iin`@=aa^C5(-cPjl2wgr|!<9g(sa)m->gON@-kgzmRje z1gXj+-7k{{$xSq^(a(z=<_V>Z%6rLukg>8BG}6>PNl1u+;>063ejO9nET^gIO)?tM z#+-Hk2CqRWTbQX56!;^lHGl-!)sFZ=x8TiUoV!flACVPyEqUq|wFbyY-A?mN8z=6> zg=*-$A2W9%@i}<>+u%S0DQ6{B;xtF#FeBGW_((!E@mCo%an9ajCDM9BVkm6B#r(04 zT}gtk`~@??URgSt6OH1Q@4;~2D&WSxoc5f~eN8xV{Jc!+;mixp_g(Yd-U&9kB`~gTD|X_yx%9?5CCqpq$-cVP;=ZQB>9D!yat2G9>5J7TzB{^Vi1MCdP`S&<}6 zm4n%dDR*6ffm9A(la+|&#TknHcVeJ<{a$;C+h8G`-5nzLqcnQ6eHKncZ2vkHataUyzXr#kzBO=6o)%JOe3NZrgHg zR*SXk&_D0#q>q0~bt})+tsb7;&z99WY=%MG#Yk29`wQ~EBQMENGgYRkWv)x-g>319 zrkfW+zwn5ENKAzDG5B=<=pe3xh>!2_{+cEBGY+Zfel&7EA?An1CNJ!>oQw_K+$a?C zr08}(gwKP}`+N}6$SF|;jx(DKu6hAr-6mm*n31YTsD!;rP-+hJSP>L`IQ%i1B(-~h z{cS`PLq3kszrqsIs_2JWST!9u+tpOgQC+5&JeFuDK5LlmK|T(sR`^$J72|PwS_tiF z!dye#U1-dY;5$vHqjhR_pj<<>cH2B&lC0x__Gun;v=NMik z$N=Uw`oLuB;~W>%adv^i6LMN#u!|sCt|@G(4A4S0npjEsy8Sc@jG9qW4SXPpxbPba zPC=IOPDRT?)Mu}G2=RWVy&!~rO_Ult!u{eA=9v+OWtIl=R>41$V_|BZ{W!hO{`CN=(=eD?-B`@wVF*%co{UWZAL*Kz!&CZyf+KRbkga&^9p9R~jCq|+Fx z4Ho{tg>iG)a~%AC&3apZLU!IImpXqwB)=aQSC((<^A?2p|6a)DeQN-|Ni)a0UnIRo zwV1bYb2mg>f~d3SHZpj$yv>;vdy1d%HvzUnm8T|5@jEx1e~VXBIh&7JGA7tjwfK{Q zH~1;0(QpoS*;{$BGvd)6VvIwk5 z&gqKALt5rdtbFVukL0b1WC^-rSTj1%slGABlU>Tr$K{fgbI4oMw7Po?o1M@#r8Bp;=E)(Iv#EQIz~hz`k*gZ* zu}E{(Kv09qoia{mH2=C4Vhaa>P}#|Z_=tJ}^8prRVM+EhuYCYL;n(KsMyNPv^KuRG-Zh-YyE-g3gcmk zwX454HX~^l4L9cI3anvVF(buwcRLjTOkE>TAON=V3NbuS+n;n&EjFT|!_WdTA65CX z^O#k?$Ui6mgB+am3>n2+q@Sco8$O#9{ebpE>u773@g9lUS*()GgYc_QtV0@{SHYVP zOy#BG_+O^&*7P%w42R1S%@j$a^`Y+_dmM6(La5w&zeWqa`vy9;PAQ9R=gXi7-BW%f zF+*96^qKNZB4CTChoIw92vcGE0(03c)97PAnq#c_UAiqOe3;wDIXR*sG)n5;PvVXW zCRelVrE}(|+1naD59VYwwUCDkHMBYqH2sA%$MkI*f91%W8E(_ft+&LwNcsZ(tkScZ z?#eT{YAjXT!LiH=NaPEuiW52M8L?}uYikWok+~)qt*3l=Du*5?45Ii6O41BXsAS1O zQgXVn@#cO54)^TZdo7O_Fo37-T#Yee)tSCPUH4ku)kzLCT=x2ikCv>abF*byluWWb zYtiAaHiprAaj{apm^Hna-3*ItsQRU7hB#Nw<>@Dk^;ky>gK^`3>+jhl4=d|}5 zftObl)}6Lf_;(uu{&HSYh>K9&sUryQKXcAu_FTLz$%T>yP;Nf~GSO>k=nK-_b<`lv zMNrPVT}R)OIzqX^mj|r=tU*wY#UOS_;&yz3s*JO}bfjX>a-iv=0%r1RMJoX_Ax3gG zq$HFO&ov;K2c8P}-{7viBzto6Q@Az1N(I}K&E81y4l*6#FTdYf9R_NlD7>gPT zD8D^Q<<5!(5s_I)N03BF4tFLN=L@qh(Jkb9r7B|cu7*#?n}4M_h(uGxVI|KTdA!Xb zetM8VZM4NcSiO-%Zv3N>L=9F^JoPZegj6dZ-xI;$un=?yKFZya11{BZRF$bl5@fJ18omz)bF z4iNhYLeWM2<-ur3RnZ11v;oj>lztCew>jUp1? zgrIJ8lqEfSyINOG4g=vF7_jaXykEwfV41Y7cCZC8D)E$ic-)!_f35WD*}#_vpd^nZ zzu@5|MqRPeIT=$^6ed_#|FJQqZM6UU=!~OSHBS?WI$}v|yK! zG<$tr;Y`zQ0ZVc-?7rQ7%v4&^U>TZ1@b>bSH!>b6ox~vN;XNhxTw&ZjF3*mDUtC1B zc^>Xs91D$Pc-;!^6( z_(VHN^32j|(2C4lY*iP*9u#=0YtB`1=}O$y!T#Z!fY0CY5}OR4hpTfy&s$so!51aa zmu{ENZQ-uib`8xj(?PnUZ8krk&w)q_%KfO zR=TSTZ?SZ-S=a$;M*R`*X-{6!2Wp6}NFO{)~0Br%$|xjYT5 zl4~@BBt4-%P~#{&56YU4$4R6(vNyMTJC6P{zA^6w+W0m8H4)envHsq34P>gjk>oF# zkmJz{hvno9Bs5-`yadLzLKAELJACO2T`RjFS%d6fiZZ(pl#GbJsjSLp&n5X)#5?Q_ z##}KT|j}~sB>{MuE1EY z;pRLnt*wW1>-ac-bTHj{oqoO{>nUQov>i(g-gbahLs>an6=Z(6s963`|iY1Zv;B}HC=uAc>a0sT^*(b+!L{X_pcE=}bzKKeKV zZPt~E7FsDH%OzNlT_`7~KyF=uW?gZ5-FsJ_p|7(s=c$<>&NvO+x_89obdR_;E#{D!i(0+XYU8! zdHnv{yhV8~{^zL)&9;P58CK&@Rm-23FszZ;fqYU`DmK9klDr?Gw6|*Vh+ZuI4UJg7q77BHZ5usEDMkSC97JEg_8b3kQcQ^?mq34#!jY=B`0JzN zayt?2qj-l6H3JghRf*C$B;aODlr=X$pX3%c{5h!)^+|inf|#z@1$4@CzWPrgVj61u zj%`!tYNvKizItg;Kz-bWUM7$Zs5*S_F}QZ4I&%@YgK|ftHZaXu+_^);`cjHU7Zb+L7CEQUneZC33~?J5$KN@xUcmvSO_?LAL7`D2%718h86ZCMHXek#^<&b#;Q z`Sy4$Jx!qn3LadpG>u{P_R_~S&}D;uZ2ttk&WW1ipVw8YEd)!YEEgU`>NV^+3g)e

-zr#p?dYmJTA(%8Tk%f1}d5`YwxfHDQ<7&f;Mw&0u9w86joZl zWRYhljc=@qOqsQe+DA#DuY)`YwT0U%GB#p;&JEIXWcVtAGA4bWiRtq(N@=|3MD-In z$*QznutvXMUD8Y)$}M%pwZERQEsqjir(%+zc1mnXGoGP|G9>j7nR9!N8uNIEu$g$u z%Rx6Pmr%;Ey9ngYLoPpPy8#MloZc+sCyXF;+lo*Sro#kW4o#DpQ;|8rl%fp{M^UDd zz=HxN%#+nkDRao2jl#omBD*PLEe{oIK5sF5V{E&VgThzy^%RWb_@y%4m8o=mASrmE~?$K;skNO zfIM=4jX$fZnhs9zJ2ul_q zW}$h@1{0nYgPxj&`R-GL&Licd_argf$CiUK$m2QP=nJgaZ4~<~xNBe44h8A^uekX! zA-kfrPCQ~j@~LFt>CtCo+utP5f!v!qt7!Bhv;@`N0u(D=hsU}}HmM~9r&kdlW#GJX z$JyqXZGQ%-741oRm@K6I{bKL2v3_Bj1pE6+HN}~yd8IBb>0N??gn-W5Q~vl)-lW0*{!5_MsOGXr&b>Rn3U*Gv( zu5=b4wJJ>I-<-LwBc+iC>L=&XR9qsvF-@dUclviNKBg(YRh9^2hx-Z#O=*J(H7TuM z1UP2r#()@swu!c;H7=NMQ-KJn?qx)`#Vh;eEHJ$AF}H3ej5CC6IhTWA>#&K-LBoiA z@)Racc;O?4?N^DJI*mX}fTc zRLf~rsReVwE`%AbKY~e#)fw9ci>Y766O_Ice(ZsP>$pFU??LgCZF^17D=gE;d}LYG zrB5i{NMn{GLASOm7e0&Rxi{%$xo9rEMxu+K@JW(Uyo8eROrUauRUVdg{a5oal5M1lpN0H~uV zECa-!B2{y4*LIZjx*HN3EU49N3u#LoMx0SaO-wD#i&e)ybfCC;U>t%(g>NjBtz?7DaG|spBaduB>vAIJ zeYn#isco+qW!?d&?sGT|Bnl6PMMVGc9w!&kIDv6vd;I_Oj(EPwFDD4uYaWTh!_4El zASgj#;;6XCf4=9I_y2gHxk~YT6DKgKmf8P>fA}XN@&23OJ&R1qdH40Ol=c5so&T2% z`u{YM=U$FMsnU%2{*RJ^vP_1E`j>R-wH5jvG9A*s`s)HBmq62Y1e`JpkQw%__Z2Ol z%!&#HXq8?X$;ZXDdaUvYoj>d;iq5Wr8gcZwEgOLauI5nz3P$6KCXoqNHwY&2=3Ir* z%G&`9%2;Z&s>sq*NEu~9mlkHULWxBSHYWP65EU@JL)xb$UqXdpQ&Wa28qub-(3>XeLnR^=L}xgl#ZNu<98xIjOwNLt(OSe{JD}r znCP((`p^C&pov#XH(Q3d{953;oxzNk#~tn+m`8nm$j`9{l#&L?k=s@~X4s2Xz}I;a zufdQ2p4(WT>EdE*H}t!vIPBUzn_G6!wUWLdvCr`{+Rm;D<@H5ZX}q|_)f=1|v|xCM zv4%c`N2^xC_olpNQ9bPgd_`Yz70&?b4!cx%bDD;Ocn5GQ85WVmf-}GPL^ei0W3@F; zu#m8fe5(!WqKZZ0g1NZbF&w3$=%DY&--GMTE~Lw0po!l#Qv$X}NDUPETz3gcc3J9+h z(|ivzcx>R*79j7v-1H&vpqHlK2j{oH0iz)iVPE@HCg~H{Fr@MSJ_cwl6)k9JE=*KG z*!?2v5l^gBMh3>Ik3V1i7rhSKR8$htE3sF2{zzY=(HAI_Z0C=e0LpInK9AMVY{&H) zv~xGiieKR`O{vAm59WB#oq?X^j$C+(j^xJT=e{3$S8l_-4V z$R%FLGCcOFB~uksu9q{CvRaX#Z>IbO;{Gbk?~0abbY9=~=W;~6-r6kclkPW(J(|e5 zFNWg*3dqfLE3Fl=>j4YLKsJX=ZfctPFhS-yR`5SNS>j*(Ky@#_ukKUh|56MCmf;z9 z2%A>;;INUG?2VZY3)r0{=E17=7G#_&f9*peFPoJI9Pu2Q;3_Vz zYPoIOW*@bDE66sDIS;LwR@ww?>2q2l%jrMgtUVb1Mz~&+`F&BCO@GzIsRU~r?M&9G z2P(98A}UN$h+CWX1IXqW%SV4B7a+Dz$(K~_-USzpXpBT|D@LYIo7_*mpdpm^`~PX=Z0arQ#Mr96&!O(a0=ldD z&btiuaI;TDfw_4m)zaVpRn{A?S^IvN z5G*tzgtBWjr0Cm;?`h8lHZ5mBQF_3EQQeF*Cn;Gh;I2fvtYsv})TF6r@8^bcdKNoM zJf!6obZ_AGs-+kWl2vw8h0&fAE3A)2C`*Ao{(k!el*7b`KHcaJk)fP7DG>Mfj1`^8Tg6M%!@3#ff|VU;SePvEg@On?tdhf zmDy~=YL6HMH$-~FzFGHI{`*r#v!4O~<^1Z*cmhkSVUA3*a@}O7k&^xb=&SHLQtkzoh z0LN#RiZw0Pk34f`)aG?mq|(zJltnr(IWY?<5?`W;wYm;QsZ85tO$}BSWkY(@g_gt@ zl-GlNTReB7Ytoi?s(IVt-(@c*WLc3FR%2MFbv7;nZuiVU!QeUWvyHDAD7vQHx*a4c zsS`FidSK8hB=@3kESa6ZD7rB%D`}dhKw*9Ts>oW_?JEuyG7^C;Qpqa!GTME{E3x1K zRk(T!VVK%!p#jY%jHrspxs44Nk*XPn)V-DW<-qMhMih$h8Tv`HtdMo%=;kqB=vR^v zWMZ*8XGRz?IAMjjKv{E@5aM&o+W|%j$0l@knxNxL2!2Ljkdw6*y~dMN6ZYEu`s&*`|C%$Y`0eHVWzKt6h)2O5bi`Vg0GSGUw>2}7Y8Cqy!`{Yo zMahC>>Dvu3Iot+!MyXlio6QNL4WKIPy;^NwFQc#Vk(J!%3B$}V=DkH+tcv0;)Mo(* zk{Rhx951ZYN2rzXAqV6;Bf*5@}3pgc+WAP9RPy z+&?o|fZuh{zR>W8vf>_5VdJR^(24X`z-cr?KYq7@z5-CbJ#&)!0Jx=1Ei7mO>@=_0 zJf8>WJqm(Q7vuPI_NBlIBNQz z93FxVzmT`>R=Ie(c99)dbhNY>x!6X1S~6{Ts}$d=_(B9~VCD z&;99VdwF*Gorp}un<91DY=-&8Y8^zhLQ;wi{jDf4=2 zCsnevg*93h?vV}#u?vE|%xFFRuG=}(*Y*x{? z{=;~ZiL)g%-Vg?_E9UEpzB|ysoOOH3SH(r@XpWR9$Qsej2ua|8J2eoz3U1fQO8P4e z>LPeJI1^~5fOPQmkH?VO`@nixerhT23;EZ$X7p$GGm0a#JlQ}NUbMypK+4tg&<%l$ zt9XB+sfBg~XUpH_ySwfTfo^FbiB z*(5Ss^$J1xS*NWuPv6jg5Ps=vPUB|aR)&FYCEbk73(jL;r-z#jdw+Vnt37M>)EQJ9 z$~4QED|W-yLI>JZCySe=3f$p!(1`~zS52Fx_lPgKyM@_!Lt{122@9A>&lg8|aQfT> z7!IQ%_l%|vRG%e3W&xNt=%+#-YxR0Gb>jmDZWe1UmuxY5f^Q`dhdwD0PM3P;Glt2A z0?{|9^`q`-#)xuXd=g}yvQx!Gl5DcGAn)2?{5?nqXJlh;z7!*c(U&2j9IBF|$^@S7 zBbd2acy^kNlclFSaivJiJjK{lbOv|RY3i-~Igry6HfLDh8Tw-%y35}QI3=ejXZ3|y zVv9qE>j1d>L)i-)uqPJne$p#0?*}Q!$XsT*{RXMU9^xeeSi|Siz~ujzk$PXQgf4Hu zSJ$Z4rhoKps@v816X^S_d;68}oW7vwUu*r-CW(Jr0ys+pwBe0*oKd(;0N}lDUS{Qa z;R9c2AoId3D$|3tCx@BcNn-A9=Rx?%vr1WecWuL2gq#KtTDP!!Fj@C(ZP2xyr zm9)0x?d^7Jfe;6qK;dlv3T>0N;i= zXZ*`+gYZ#^mw$f$jS$>0_-mNI%d@;lw9%FXe--cC+l+Ff2_OKs&JVKx>#nttup9Wn zx?ZK=&};oG44ipRx9Ux|ER2?vRV{x;MPT2UyCwE*NH#CbCY!fI-))=&v_2$u9vm|V zYC=M{FshXgNg0+^RK~_1cVp8ALOplELr%(T&gr42-w5 zqNOjH-EWsA0>P{x5sU4r{ct*&MxG0Gz)&^Bt1!X3;u=bz$7%l|L1pe!oz}>+PpKZnzzW< z5aNp0l9v?Rw$dia=M#c9IDCC7u-WCtP0CI~xxVmn%+jXAaaIzhOQ34ZJKuf?#3h)nDQ3K$ESHCcCplH#?Ce>uX>H`8VE$a-t)-om5V@i+l$!G`U zZFvi-mpvh(FAIp^xDv);*#ZS2y%FAcedVn)U}!pbE+^=rC-dF+`qE!5xT*c_39YSV z_|OMyZ!(1c$bH_0o|dJgDXy(Q7K^}jVxKdZnT$>Hq07S}$hlMur(W^|7ts0avvf1a zz~!W+!0X7S4aR4icK=L*a0J(OW#IMn#~r|5B+)ix`B|1T7Wg(Zi0rHkS~=+^Z#lyi-NIVb-t{naj8^qAr_z?L*>yR;}Xef?kp|;*$z!z(CPO@)#czQz`6+ z1G6oPfLVi=V@A_B2xKf=$jYs3MJym*Gn!NtTn+deE9?K|!HQ89RC?Ks$CAMHrdvLl zLaAf(HN3|uaQ7)R>&m9pDa2@huJZ8%RhP!`lQidDRlTGa{xoJpxQ+i@~Xj;Pg0 zrchdZ1b80vNgY?hSZ;a5|2b%1Ip!V)JUlFfUG?9q-KB8ISS|w62Hn}S8fMqlVMtor zu;#!Ff$Iq$(YxPYAOO+u;H6wRY!}1f`O(doBrx8l1M@{hX}(fw>aTcizv3H&c!i)m ziCIi{;>r~+38sbBN)`DvuRV+|B~QCJSoMyYUSF=u5sClct&b%_r75SKQE7Pix_>4^ z33M2Eogt}*(%CpGVe9eT%C4O5tJ$FZ+Dv2AEd4a%twr{M@zW?fa@%#*FMHv(8}&xG zf0~ALUK&&#WUqiTefsi1dVKgP7Ya7laBcxT3%%Bi9nYLgUt;K!d4mYqxgg7n%By>5 z6*UkM2RO$*)5SDm*K1i)wt$W{rk=0q&RWPs8zJ0(BEqYR1VgPl05o;ma(`cv8`_NA zOnycZaOr$J|%nNGhi-j5No8X@9{BH@njJ(DLVJmr?odJX-jCGTZ|ywT4#jlGo%lj-n7az!*e$V=&#af95u)d8r|T5( z<*|A&+90ZfGt4-~A_?4l$jgYaaMo|C}l(GzG^8A22UB{Ea;|yeuD(N}7j;pIlMDI;_x0M6*_V-}YSqy!i zEJJH~$59-kCSA@GuuwP!y=ta_Ahg`?)o6!iM3zuKO11hhb8cl^Sl(w`7ku)f?Znw_ z_|6f*sn;KuvlQ-p{Nj=B-e(o{fZtFfOrhrmwfAg{LZhRL!6*j|Sk`b*zMk+WE z_SK*UD@*PnHACdS39?|u68$yMP}miOwvRg_v9}<)tKPlkx^RSo@~5iRH9w&AG4KJr^ueDAS+p6F`lKpKhZ~;3S2AUpmZ( zEJlPdfwVDs4(?6fT*$IrvU8<{bU{!B#pPLTh|mC$I}w`sr7Kr(u{dpGHZmEQivo{+ z{4I@>BJxXu^qSjsi$GVxDY+q(i_YgzAmUozD#~{FR)P7V!O31jFNNk zBa|A|#pYS7x zQrH6nSEHs-jZG!g^p$JK3njbP(1E&|fiEsA6vh70;cJ`qJUobTENspb27ojmNNEK@41UC>T3iNw+%ar^<{;0&$19O1f)O=1xOh#Qba?JFLB_7}!y# zJJin02h&E;k5D2jc9F>Q&3=aO=G7U!+UU@beNg|C&-u0WrCFuw)s!IdDs!euFbZ`` zKo_Whp54K*&Cyu}u3t0^it*|D%~%6I<@}J98)>w(6uIJ5gpL>wd?b^Jh+&3`!Qmf( zf6+@I+^{-p|H4|>*x%?Fi;rVGjT=!L07XE$zh|80q2;QPO)!EO<>+iT_aovo?Pb1pDB3TR5RiZ;vDH(iwZ%6P{R4v*a^(xn8Uc66y81#6kQ=WhH`2t0HB<2!6kn~E| zv_CTO3`P0-CRu99=38H4=>3-8SMQys6-Y>W1^9(S<`*HB&n<1^l;#hgc9C~Ey#0fx zED@2tHVfyYc&@~Pp$=I$zvK>zgeJd1xM6>l@$%aaeiOr$#>3H758ueu0lxQDW8O+T zD&NnQ8RqS!VIJp|(|~n92H;yzOjX;*OKv=I#o2j~M)866J<@*^L=o)uV~nnrteE$_ zt>i>%rNVNc1xtNNPFpGbqL7_&4*SGMwJ|zT8TK zY6(4fzb%|pMz}*(GRJ* zHh0ubqWrqoDnlR+5PHu*6A^0z98!m2bh5UR?V1}U%S<1}MUa#<_?sNekJz4 zkNZxGBoI5Icm-7zV*VCXDngxO`a+r}@cM+vZNKVMG1!&n|E49UNDDNnpNJor5>d zJg~p!*`dXDD6gFG#@l2{ma$LySU2nm60F@6qJO|={mGxoC5qqHC!?VmCg$zFQr}5g}d!Qse}ps zTLCOOyNL*}}8KS!w^wY@F;sv4LI#eF<>m8{f8JdCPIPm`w8E!NS<}@+7Ny>Wt-4vo9Hx(5zUa>@x zRo|zXo~wGDgO!LL@Qz7(8Z~Q?W$o7W&Nu8xhfb4h*ZYQSuqARiX<+`hgI%$fXR zWa|ijYt>CA%0a-SfdeaC|Y^Jt)D;fYd1KIPT;ugJ4SQ^H+s>h8h- z>s1N5Vfm@>@lI?{s#nh~yHMfG9?G7)-P(&u3x&8GePxnL1$)m%61Lo9AkYc)7hS-^ zx_{WxFjeH9u_oH(DDa)~+rx3dXOk=|O5{v$PN2@we*P2xm+G!YdcWIa>SED{kQ zByowBaQ!h*jrz~RW5Fz_qabxlx#$8Es4+Q5#XH&(LZgAIBsuS|gWN&8=pRmGGRLRT zBcWM*nwN_~SjY-?t?td*MSN0R4kXKIcsm(tkfGt_64A{1GDJK0ujpeDGh8*LWRrfD z!zs#M>+Wfr&M=6?nipEsWjbrLq4X8>UnVTm0pvC=dd5a{k3gal0(z#!rer%?MN@6E z`4))b02^Ir(@Gd-#Z=qj8=tUv~f@kmS+1obDLqZT3J zF&+EKZ+3P)u(i!C^-{vm=3yyks~ll@YmI)pdP=rBhbE_{os1X)%nQpKs#+K(A76YU zOVV8mZswWFXc2&jHMJ_RfWGw(k%R811*!mzYK_P$KmL;Hs8nf_ODh?FJr%T~giRS4 z9G1lY|8T9)$K3A=o@YCCH@Kw|dgCY{I1uvSCnHlbOpaDHT!CfH=}@x`R=LBM3Kq1yo#YPUT$PPf99V%F0*9D(7)?- z(?Tlr&bFPYwzHy0!-NQ9;JnvzbFonT4j%9lm6SUM+vbiq0C68(_rn)xWRqiNJN&!c zfS|J>I5tY|bB>Mu&1~sDItxX&B-V5ZZ#GtTLYcC3gobK$D-2{1T#3}kz%<*eTx(HX z;xu?z;$jf{;?#;s&xxRoeP;wKrJ9mONHaqVWn2KrZEV1RnSwRY*(Y6_ z^r3cl3}DoATp82vk1b`?I_jfvFmAi?fh5 zCT=%5aGW3`=utUfnjkGrmXM+JOW&iFrSVGFxML(+_aD$$l)@rUW#F06SQILT9)^Mr zg&Ggc6%OV>g~Ru^o64m>at4=LdolvHlUZOf}8HsHa zHmN*ya!u3JveeX))Lxls@`OjrQTIzslW9IoDeB~fomPUHTz)#SMw`S+PraI}bhaEX zJKg=QWSS!-r^98W$yA5RO$SRzlPTV-)O2E*=>a9C)5wqNO0@8!j&QLelynEf@|$6wcedBuzhA~Q%~VSZ zLl#q_)8jN98@VQi|4xb1v?v5L^naHYI6FiuN^<2+bK_2O;eNL6+k3fgdxv9x8?Cst zz3&raf~Jz_VxOLBXm(@7mks8*pN%oCz>cm9a_Q;|3)-x0bkIA+mUha8=gLQzji(yD zQU4d0T~!HWdPOMOh5A=36rCAg4Ga;ZpV&raZ(X9i58YK4a0@s7=CsoI!6(zS2_a0) zhG=8AW%CQ*CWR@*{HnCbT6E3esP@;^i{Zk$#)k>9WR}lH_!Cre^NvY*jK;z-{cmW; zp(AA7h_$vtVBt*`C304TuDwm|9MLAC1#xY}9j7|BiY_VA^178*gckLNdRdNp9mXR> zgLwotQ{X|`klNuNFN9y;#GXHBsMKO?qfe-H)}74ps$HL&}V zz2U4f{lfl5kGfOE63;zq(U&WKuKUV1mr30g8YcOV4Ez-+GP<#O$-w$rJbeeRLf3DW zpN7{pNkQzb)?lV;HyBi-6TriA2JaEN6s-ai2u#)bHU>*ICBjlrsjeEaWbb)elZ@U} zd*5~`fBL`gp#E){+VTSXhvEvQc-qi}droqy*j)eMLpure%-%Oz(CZ-`yf}Rly%kCY zN_Fd^wLwG7wsY1>hv}RE{y_+ze-`UkGAZeL`l6Zd*_GO~C9UQSqd9<4n7<~i8?SOe zD5%yuCrR&%x0Wf(HL)cNl_3zNk(uMy&4PoB!Xn9^*rOO_=pE_ReGT!5q`jFiqn`iBIIw#IuU_G!dazp(>N1lT`(MugAyzON3Ax;w*J2iDSFJA^qHT$SsU-6= zLf9Io4`+Vf*AX9lA@D~<*ZZv0cQn7JYt1MZ1#1-M-8EgpA>pOg39t|;XLTXA!$SO} zmz3z@mYVJl29)rJ1+kEYdV8Qk415;)_Xnd$Qg7xbBCS$hw^`^~$r2TH60+owcfeKCA(k*k998 z^QTApJrYBG<-MZ^{I3+vHdrfRehEt8hGnMSZ)G9Tu$UGU=7!e=BY$*Z^%+~OSf>7) zw9*C=;QcZ7cA@P*+W-3RA^wS3PWY>1VzCdj2d`Q!)XoE@hg9@}z?c{0Rj{BG6(I!S zqD9doB27)Sx3P)MRcXV>8*#0-rY+cvTtRHG`vfG_8}aHR%UU%mU7~U&kiFNh8SAq3 zaDKgPy^cj~9^SYR6J|X}*6oIEyCwi8M=;Wf*)fkzv%&>um082V$l=K_|Yg`^W{Cj^gCYU z8Ew$JZh%{*Ff~+K`ixT4ve=5AjuWH_?$So_tSx9`0rR#8??cC?*G!v8qY6}Ccs5;Sg#7N)PMdy$V4FrI}ACAb3T~H)ZU7r#r1$FUe^f1x|xe|GRIh`_y!f2;JLft7Zr@rMODq9j_A&*ndGP#b$)~H13 zPOD%^kE|qBtvpV>%9Ki#3BI`W>XgT-OPNrSlHSbg;98U^Z8;L_PadQ4B)#S&y)#rw zwMkb+l0Y$`&Sa;4B;_28R+t=GIg(s6GTqCcu=vTCA(7gU#Hx@)KX}UM6Kg=Gr?n)m z^J7$eJWj30^eT^7?)&8W4tLK6$v#A7M*@c>yfVFxquZXpvTd4;{<`-StGg(pL3S55 zwqt<1I%ubZ+6hJ2XaS>EuZ5GfRBdh`;xodAhn;y=!7hZjX=}Tsu4M|ZGEo|p+q6N@ zTpeKNw5kkGY0U#h==V<#nY=_H82xQOnZ zAw8FrL-g_bhTSEdp3~R(@(#X5&ejcsunz7#a6%clN1*uvyJcGTVs8NfnnXPL~Dy|GgA%gt8v(AI8-|uB_^9k!5OaMMBT`4tLSPE<(u`n2_TRkX7Hv zwOprYvxZ=!F)ghGUKe6X3k&%%E;Zlpz3WD9{@K~Ky#b8Ry}~PpulcfI#@5xG{Ud9H zP3P^1?z|YFD@nnm#1!7wyn2c6BLFD-NXxolGx&A#yZMizVk9eCsaP|i;1>k-1)EGquoaKAZK0c&3eBeH4}q`kZMVhZ_KY5~8J<2sn)O zl)w02_Pd%aS432X!m~4&!a2DEpI=FD(64v_*{pi7XTO_28%NC-RiDf)7XV>wW_tGQ ze9@b_p5hm?G_h=>t8UgXYFcgKC&%T16$Ka7_Kt3&0>NIXYkupH)#`?2EO#|@c#gU4 z)`LGbF2T53kV|!XD#0acY7!BC-o{9bt5t6}@b**VFdx7C4UE-Tp_Av8{@oV`d!v%usoYzioppfP3&4F? zLztx5Taj>>2pM-nB@~Nbut`*&d|8kSWPAxRB0Z0wmK@mU(LJ*=VO-|lfi7s@Bc*7V zA!7v5mA*|N`l&4~$9{plMt5W@Ud(JZvvuJw*@oUSXg#5&op&zGk_XsS-!&h)Bs^5X z%`uhzZF*`BNEk%e1m9qs-|oss=VWR};h~i~FJ`%L3X0^a1pzXHb}sr> z)Qb~5PXmjV*}hucWjfP(18pUAB|e3Xc(NqOY0&mT|bT zwc2Q-K<|j`TG#9-55STx!%pkvG=h22EBn%G(e24)btUqC0Imms9Xg&JFg7`}|IsBW zo-a-w^-iut&MsEaByD>o3ZA9q+MK-E`<{14Z^RwBW4P?VdZY8df@r8eh$s3Vj<>MK zoxSRe)@rYum`W~To8Q)0c0?QYoXp8zL?xQ%sP$G*l4 z|MNqsJ9j}*nDNGc^!xEU@p9!~wElGicMM0@UO#O{{}q-kpipZL@G@30VRc@xTUNM} z;BmJmsafb!&qH!iArB3lqj7(Yp}H#Qdi0P)T^o8y-$UGeD);-}3h_St#JB*!Jfa|< z5At(}Ydk(jmeFEew95S23~G(n<|fo1u^e9vI>$^anO#SqR@SJODl+Ra=(roAe=_Vs zB=Gz=$?vN}`Fs4lz*r7q@KKs+jQ>CkZkgz>iCL8IyZ5bI=!U_K3)_U=%mvIrhVdSu zb&JIeHCh*!E?AD;GBevkU79ougb58O40vT)7;>$SxU>}VZAXDHnr$%M7k}Wt$4`vj z&y!`F-7sY%8qF4(CbfzzX+f(@pOD>*j{xW?{5VpCQ6cgWq1HDBKk4NSLZ_c9VB7r-7CNyApLl*kTRg-5u6C z>0`5Ogj5wR*~z$x2&<|&509YrGaAfbZ*{61I$C)@7_t#g+&B9p(hB6s41e`U1J2<6 zYC!$$jpkAf`DzY5&wC!JH23+wq1L~$An%Eqb2<(>p#?r)0eG`uvN}C={wmYEWG9Ez4r&!$jm^rO6zaeiYm5hi)*HO z?cjSq+BMzMhT8zmB_p)1u{*sIhRJ&*j7CZa%MXWi8rQnVwsp%ewj@F_zgL+HVYa@9_w}dvLtxU>8K#e!`HLrID`o@DPTlgJC0U{v)SjH>z zZ1L>r!OI+K&9+lY$|c4jY|cN!CT$*%A3O@JHN35gG-LX;sVZnJ$|od4G%cIqM|TZZ zETM$zY()#nh-gS#IZ<`quZe?K!qZv`QLqtBQMSv2&!stlz=YkgbS!u}uK4u3uK7pQ zpW4X@Im0(kC253E=Lc_}ndYmHby^V$)XHn2U#HA@T*v9wA~5GanJ}N^B`;`GY(x6p zHO>UIBv#$>Mu5&vZfS%1rbFtL8#K?~?0_4K^d92SBCQurEMQ5paFcMXPOn4USluE7S`v}5Of4T8}>)Bp)nC*Vg zb{uSgrdjE&XvrPLAOgsg1$ocw=j2r-Tg(ViJ3kYqX+|d7x)zPnpqT$ZkR8n0HYX^>l%%zPn8ldpV5?_XZfk%+FITo}-^^rCW6B_x?xi5f<<|bXmcSkpLQ<~z)03RtK9Ma9}!RW1V{-U7SVkZ81 zut9lB+675Uy&wtJ1Q}?0jNhaP=Bt^%)y{p{l&&f-wDC#&MfkIwrcOh!^WeHFK@D)!fArY`fY6ru}raE zvh?+aYC%fMwotqd#IT8FdCg#ubMM+y&GSFI5XwHRA$nud)6>D=|=CqV(&xOFcAOL$Hxgy8o9u@_sE5jML=8caVXg;QAB{G znKnQB4Ldy)i10B99IV74#Sd_|z~isjF&=t|Ggfa_X|;3u)vvDm9@7`B-jJ`Zordkj z3qyVc7`8Zv3JU$Fp&U=os*sJIeMI)c@y{f6G%cXltxYwuG^GEo#Pi+Tmb3KznW z95CHXE|Of_`~i$NW2Qa94S4eI)y2!#uNGzgtBtsuD=}{+n{ySq853Y%5`jokz*6c! zAdd{Vo76@xAtsj7;yL+7qB|e_U^av)gbG_P4TT7S>$kLOivrhLHH^)CPt%i6uSIl@ zlipM#Iz`l61BwrQ4UkX6lv8e-knXU**4=mdt9{-3JZ3!tV=4g|4~rq4@E zWv~cOTFIIP{`BXvxUq{42K$Z$yJ`(B?K`#_T3Pe4i~NQK4r*YuRU6F22hXcf2L_iK z!Lxq;wN1s)3uTN9udeUuFsrC0d-uexR*u=-lRMGe@M=B3<7zWEG0-P^Q1Z#I;C~`x zvw@C_JU8LjR%3e4&nIx)cglqwMC{R=ayAk-$u$=nED}oz z`QCfq$S2VLK1;hl>E67@a;E8chwCAoT&@L_aT=V}s49li%K9Ck)`2#(WQsK%c1|X$ z%5=MUTeIp~(d;G|6*=k$zj*!N9sys=HdtV4D$}||F+4y&=V|KA&10}xI6`Tt+Pebd39^uGyKqg&2iig0+C|M~mhFUU*Y zKxrN~fCV-q(Hak(K;&Bigz{#l>{kAWZ{AhlA*NQ8M)j^N^zc$=+Flw|6u`QzzX4 zzSfjCBv5-!OfCnceqaSj|6DI5? zijMVku{cE$A{rtUZOob1pFd=uir2K3hzhTjSm?VT0OFym8lg!|*gsK!2s1*%n-AKm zpp0D00|PrP&8__Qz*`xgfxFo>pDLJt8T%J*0@(+>lJR+jiy5CO*Yo8n2ny=0YhTEj z1Me$TR@OmLU;@P{H*!498J`Efm+?99cE%_5j>aeLrp6~0;lroj71)INaQa51qGVjT zMN3!_XiZpqLS#W+8=;Jci!P-oT7|?@nBjF_rgvJOZDIhz+Pwx+Jb`S7{(wR`Ci2bn zQU%?^_0p(^E75kx^dNmSVlI!**WK~pu8yRgc4lJgn%OVdq6c!fVJ0r_X-@j~;Dg`= z-26fXq6lAwTv|&NZ3ck8od`Ut}jX6@LSeMa`vZCk-7n08;$%YxhLS4(i4^8bt{@H z@5pt-##!PNVioj#)Ci%`ti06O)SukdTj+= z7&5gqP(V+%VDLR@tt*kUt9Ds%xw)R~^dI^%CSN&|J%*=9T(n`p_b*u`Ip`(&cG0>M zpwS4}hS>V-9vIQ}>bHM-(~bW_yu=f`SLf`Ts`kG_GFlXJ7x}`9{jiR%NrDM$JCOm< zv9K!wsT-(OxPEApgDBF2BNvq=08PE^?{vrj;n6nC9Doqp9fK{u_+ZQ7S=3!`S?YnD z^xzAE^S2j~y|4~X$D2||c%e++pUuU#m#+|SBbmUu2?Y``&O_DOT-;T6w8<~7M(fA=Dp~iwuaw%4 ziT<1}0Z|!i7y<#W{pi@w83h}1uqmNM*We2*SVCRLI>xx;~YADbwYnrhj?pF7>i#5T$ zoW4*5dU{*+H0A9PWKgp{GTX3{!he3H*KGt#Yv|#UXk|_@1T$exDT!FkdU<mNB zyL~2gNj3}* z2tJ2|5hMDCuVW+~?=E~ebDr3K_^_v1q@2RI^0BL6q)<&#LHcS&0@;-Cp%)xX2_7Yc z4?WEyDL9)FKJ@g9Br%bsf%LSD1hT*A@S%5UUYSVZekd_v5q$qPtTTc`7%9qtja{Ni%j>thcPx%fm+qMqWs`#X~#P$EQ#Zb zv%my_Z*hvgI#4Oeb)*`A^?fZFz(L`swUD_UiA6M9$B@{B_dsdKw?E)Lb-kT>9sL zRhK}-F3=(8rMsk@5OZ4kBe41u6*~&v+8@EAYuKszE1xbqB}xcFW-obS38Q_xU$~%H zS&N1?Tap{s*meT`g$ICfZ_qy&U(TERR56w;=WRIwNCV#YSL6;rY7O|U&8fiG!a-aE zUrw_dw36I%ETFL=OdPyqH0BFLS2QF-h@9#5wuEp@J@@bb$KKy}xounf;&}e{ ztH5%**4XEaG~+ahPksAq*Ti<(xwW0So=JM|ucya`NJv74B2)m>SUo-O{kyR7K#(E< zP|`SdL;TS?8gdhl8~gFIwF@=jtk%V)7)P%`Ot|;uL&+cj^dIDvl5v90sMsx;em5rH zh^>S_+f5s(A{pqJ22N%Ub+d{DxIEO9Vqo*Uv}e^i0@W5$U)0hcm_-W_HhAOpx}X_A z--D(K%j~wz4Pg3yfXeZeP@9~U=9wT>b7EWv?<{IRfTNgF^iBOeCKFt{nXFAgkWp&Y zOHqNcVMd_k-ylUc2lu`cH-$q)-#LsWEz(b;1+aFDP?aVSZRhxOpPot(K3P;WA9ij& zNg-!X(I$SY*-*E%+OzKQ=Dp@YLVMA0y~CMp5w2@I8Mbdd#5c}LWA3|bn;FO!ngkQC zyP>xVWPnUu8SYxwM>8_lkt+SiMbQGq+T_9Hq#zPfSBS&w*I_d&wo$wCKTGt3&>q%) zzs&p@!jBtip~4h|CM4I1Fz<$C|ER(OiA`M_Z;zUg_0N8N0LZZZL zv1Af#7I=*_Dg(6(InHj?tKh7I?wz9Sv59N;m#vxGBbS_2i+;fkySK9f3p=}=bd7o} zP`)j3JZD!2)CtOr+XwoAFuHP>%i7WOyufsY9tlFwOS`4@U#`P)vNl8VW{?X@fHB{Odw<PprK;qGUB7wVG3 zN&)Co*i!`eO}&3^$ZB0+nI6RP@GqXZ+;h9CGmXo9f(y0nu6}$T3lVT9wGo4LQ8Qc50y*1BR4ZAEi^RG`nC{A9x>Om$bo1v4y38I4r7X|N@enzXJZ3v==a%!IZo zt7HuL4)DSt&5II|4^#jIik@3o8myztoq(b~sdhrNS~@af0F3wFN+$o!ZG9U(sEg$z zykXRqu2L+Z1WSEn3d}0cwrE9##J6OMu9d*y$1LcTED?b7lN?p0q~Wk5^``qiOoK0^ zT+WfGGIc4gIhj~-D7N{#7^*=FS~C;AuD-OyI;3lzM+dK~J(uQ4wu87~?5xacQ3w_` zf@JdsB%oqz!iBV%z&LbDk`W;=-|FJ7RN7!@9ZDPSt6G5-E_H!0PIP(XDub26XvWzs zDP2y2x(#kZLLjo?0D5I?=qki)FqAEExgd28_X_8*NB-t_Gef37bk-mYEVr zoU7|UO9y7E-OJ&#YNn7Dy%!G};GkF$iE}LRppfj>*pPT!5m7$QD1}Af0)6A0OD6c>oubFAg8JKL6Rnpy{8NI19 z{L_BS!t((A;Pn1L=$;B%8FDZY?|P(s@Vy4X?@Rc%u|>N?pU)PnqR?;2Kb z0ybPoP(ocQ+Xz)G=o$LAhJa&)VW-jSOq@qn#h;o5v7k}S$5TAjsP#dR%(}HylQER$ zMYNK?lEgXK(rvD!+R&U81>w3fyVm~Gwm}2F1WK)FpVz4~|2S2p>@1SL+pK(sg@%!| z0SRFCvf+sKn`s`yx?e8K>Z080seIvW8Ex)KqPb9mQVLIrXNArsblG7rZd}~qt$z|=Gh4C)AisPK9FC~+Nkxro&9xk^g5=|~C&nIil2cvo7erFRS7!HdP_63BbptpV*LGe@3jP^+#0cz9%XMU!alj}g&R$n_s zwBH)(H;hVFPE1C+b5s}^(}u}v{TY{OQj9k18Zia>?0@9q>e8_4M(gnB)ovuPMQ!z6Y9$^m%^2Xk?^s&!-VA5AcbMk_a`~~Ox;WWsqkE6) zv7{ZVGH*&zkDY};5LcM0?rs{bzAlQQ~kv%WEJ7wpW6Qg!~aOv8j~>?dtU(}nC+H=W1Jx?*fO_%uPS zDexM)O14t-0`i$AcdEAU9Vxn-!kp4HW=*Lvy%9WRK?k7#rcBpd#^%-5H5^p<37 zL%3%AFF&ktsbt^pFfCHqzPTbi^BUCpY5I8vT65jzHQQxnCcuEFD4Hg~X3fclvMOyJ zOdMz>H8&N~$dyaFaHa8V$QQUUd7gL<3|AHs%Stqp)iZDm9nn?b*8VHxQij{fBKhP@fXds%k-6VsM*wtEN zNyFKmm?Q>kj;i@YGTG09pA33jCrPGd?Y3%*>lY1n5uT9({k`vLQJY8;z6quxc}KZv^hHt~RnrhsQ?0S8UA%db zt~3vb_dq*l53}xFgGi=`^z=Czjgs`WwF}*nZMvlcnFuvgOwp3np_z>WFat=&K@Xd4 z=;qWdslbQd`igz%wE?vLv{DLw(;&2FNg&5gO&d!eJle-pp_^T^1E#?(dm~%wmTV)K zm%B~ley~z3>Dm@JgmZ3o1NspcbjU99N2s;g%kmVxVN(6yO9-_cxGzniT{8nIcJ$9I zIOB~KJX%+s2PqO0z1uV$u)>1l(Z$a~xg#veBEeSGY%9VSfS;2k6$q)@z&lE}J@@sn zI7Qor*dKL^mk4P-Z8uH22s~5^9X@gpgkC{J_{ULQ_gK?i$xU}yOC2k`R$S-5m2d$E z=zj(%s+5Z;qZ2|INPf0mBdrawG z8@PVe?pzz(<(!47)`PCZ8Hgg%VHZ@G89wgl6Zu7oXfT1*2|SSSt>`23-W;W7p`EO$ zG<`>BoS^4RT$ZHp0JgNnuD8!vN}MgVj}9Zn2?`=l1X?m7(F$ivS~}>H(!r!f>d35F zFY`}Pwg;9RIx#he%=WB{_UL0@mm+!{%i;r={Pz2GH3h>4U~2Rw40Unf+3=?AFM@77Z6)vi>S%CDr=SX6{AX3pmWwn}-AZE>RvEv7qWI1s)SsJ6*zn}_2 zZ!JZLI)oU>IpZes)cw&E1W+sgqq!TaQi@<`R$8$ZJ^g?A%bRo%{ge8gzSX>AyvXlp z9?#(y=#e7yI5d(3g>+DbpRmexcSrL9lL3!6C&31zt4Tm=77)!zDb?ZTVOjqXP-%&3>%yy;Dl{HTYB6UtUq&YLWM1roWLgJFJN)+4RcKVo$5Widt z@`J>i3tV_04 z0>InCOX*cOJoJj#uk_&ODF)nhmK{VnS(7r7uFXpHUA<5Bgd9Bg2A}=sFTr(Uk>VRS zh8M-WWJN9z`5<|J;ZOu{&#RRZWF5UZ!ey9sC8-X_5(e_mSQrq4t5u!|zeZ&}3yq)C zG)$WlGN^E6jN%##;gD8<8Jm+Onz>zGp~xV~X78FY{EcFg?Shd(sLJ5~^ce>bNp!P5$Gy7cdruYv)B zqnjK<>#$KqPthVHwaN4a6}M^d>N~GBkJcZbzeMKOM9rn!P8c&3_LF5bAmD*e-;0dY z&WW6g+e0AR_cuMZ^#uzoS|k4k_uH0L=+5BB89n8OuAiZorKmWm!Jb>6iS6M;tp&Z* zP=ex_)lY(i2bwV3X38M#WABFG$CB)&ZJTIJ%eWtV=^Aqh>Q?&Zbgx)e=>1S0x;roD zHqQ9epldl4bNf(O$#$>_>K5{M;CBvo7oFu~b0%{9T z&wE#@Z(h23Q9G+5YRMm;znr2Uj4ETUWzE&p_|=|H51q zho57@!uEu?W}4#hPUnfiO16g3o=%-LxWj|2vBpSow-h(y?uG{;`PhvDnEopkuqO1T81-6TlLZGD|YYLA3UJ; zoJdR~F{|}FO15SNTXfgf8ZZ&R(kP)5JW(@zxLOk~cH7oyba7iXA@#_dG!OM;(_$ch z_JJQ+C~VJ0%)c=s`d~r%2f6e>*1a;^4QVl~BlSv>_cy_Z3X$%J^^2MP)fJ;`P;sPC zG5hA)+NYaLaLviYfeS-DX2xs5px<{})}|h7nX`60{dTc!h4Oi_ST9*Hp;KYdtcqe= z*Lg735xmgAzub6A)|_r=K^7rH;F6XL58T6t3^7G$nuh$>>c8sj++Mup?3zfH zqYZ9bqRZ>&*OyJd$e!`j2?5kW1-Z{J(s!A{XpSSRW=p)jsO0hm6@U$uE}-nZ>E&SP zLQuvVfvB43;6|-!Jpa?h6~dL8J!z_N94HyoW4zXxS%XJt-aBA?mco6E?zrLe4L?@I z@{Z*meylJ})3d>Ttg!#;BZT4~c+`|5M>YPv4tknE9I1pWeI1Yqq2HGQ4s2l1fCPy>Mwp zCOIyJTDPXZx}P_CIbOLOm{6CF>;!~eoo>-G&%5>U z`+o(0L$9cS(41JgL3o%7Q}qWVw=1P|()Bx>=lq$zgXcz);z9WhIWTVsqqJV^M{>J1 zaN#%4uaGXW`ybz&gCzHxFTXhtF8;^OI~iUHT zki+JSFoe9mHPYp@F*f!ykBznIZJIG9Z#@4cNcY}layrvP|2urN2JttKhXtt~hrb;~ z(Wig!>*_>ZcD;Y|CwX5(LFnK$51b#WVrwwJHfeDfy?Ar|?$yP&FJHmD>FAb#MN%$l zxp&-S`l;Qv5qXW*XfogOS^LrGPW z0wp2%^geBKfdQkR$sMIeu4g0WIU4SWiVGG82iGOdXk2jNLozT=^z&9`QRhc9AFkNH zV*Esi6vUYJuKQVc)tUpa_*0)=7Gq3)G-@^Q~}#T1g=skGHO*UTnc`&r8O!I=-9Yjglq zK&!uReA}_@zeKY{gOk#!_Z>&)i}MV(XZGd{OD0*lM`lgei%qBf6+H3W73%F5G#n8f zzwBH|N|v;DA}g&^sp(QW;Eeu~(&~?C(m(X5uJZwjZ0cb<=a(;xglRL;gxO>$VV9xZ zop$dxdVcw0?}N#>ykmR_NJsOPRs@atTRVxgUmN+f&fYbgy;d2ZzB3q>h@H|p@Cb(e zAkOdBI)b0p(cAx)jG!{OYcn{Sy-*nr)<5)?AHZ|$3&xP47Ov(v7>rilS-Nj7VtcbU zC*e%}t^X5ECSsq~#(P~mqbSs>u+p#2VSp9-!|iopi4|U(;*UAIEAKGR1NHin(j4?g zjKN|y6CLVzbY0S=Qnqt~W>g9ty$5l2($}@au9C8LN-8#@ScdtEXBR6G%Ooyr#VuXW zG)VXS{9M}}&!0Yhs!J8;B%`Y~5u~5``pJ_i`hOR%Lm~YL;S8j5jaa371PkI57N_Wc zUw{9mu7zp-8YFD+bJZSk(>X;iyzo2U)`#UXS{I^Z65;t=??7O~R9Mbn0Y~U!X=^~L zJyy^N{wQ|tUOqUg;0jyGxKD z2+?t!kqM>tnjRu^m~9CLQxn7nl51WNISdI-zQ#AN996vx20*4}Jh)&`GCL4psvGlz zjp~BdP{K1T2PR{AYbN#@C)8POMo8KBe5@UWXRMMof<}P02Gg&q39dK>UazQ zt8a!I!1d6SPfiiR*%IB7?IgV@wT33Q7K;~Zu#L)rbuCUM<|oe@va!#Ny#5Y>g7&WnmUOjSH#8cC=#i*!guG)fIvbMY|K+VxOi4-qlSIS*>+kz;3{W>;@3FUt+6gU5dJs)d>W)a(gUE)Y@Rp=Kh;BeCPpxN&28ii9!`iDBY0UNB zZcPo|%MEpxlu1Y0Z%HJBGA}jroTAs}!W+1Gu#$lVD=O*IRQJ9)b%TM~Vlx_Tz>=(Q z)4{_wS7Q1lY+fCHK@6?LG^7qw(5KvPgX=F1tG<+8)qhx^U*hOKayX!FLxTbn$)NapcT7h_vb+WHoXeyTq)R5#82go>5JQ|cAD{h-&xC4eAGYdDLPTcs1R8g`9(2J|f zfz|}?%^rJ#_rzywQMl9=1;04$i+Wf;4iSHnHTwOPr=6~Sr>@G{LzR4O_zNnTF)P=X zZw=s_Owq=80He7_g$(FN0@B-Uw~9F2e&`yCw`yxldare3HUv0-ri-`XvShl5wm8*w zWd{_UL*}*usnd&{;hu+ZknFf$U0vke4?}B7HYVB7u(KqxC0XIYa+Ye}sg=1h;^iHu zQWA}zNcc)1HXm9B6g9kx4>wN+l-tv7@1mJ=JCuW__R350*EUN~v5TR~5Aq_moCQrW z`;A_^k2EdAtAZ*S(@o`IL3vQIPjqk%L)#9s$aGj@taWA3DupaDr&jD4s$7LEG1j^= zjOG#Ck2^Gz+>wJw#w;=~Vh`KRICGp)hVcdn;>pQ$dNO2n9KMWE+bTJq{0Aas z#&W&cRloVbPAVb2wgLDSEnt(*)-(LX=nR zYPj5fKj>&6od>xWV{g8_#~@n^d2K`lZFgstTvyWERfCt(usVy8GWMAOHUN@uNq7 z{qyTT-dw%>8-4uGzn0bNR{z&OAN`fQ{97WC$B+N;>wz6@=moTt6UHZcNuMFfljBfy zv(tUpxvsDN8bWKBf`C9tQ0)FA9o+rYzi8!@zW)6z+TU<@%ctT(89-cz<_@$mo2qNw z=4JE89LsQRLDSVw&9eM+#HwkSjYO(rpxS2~sCI424SK5u@n=K&nh>R?A*aZ3`*31h78rlDpp!HeBUYsquU4G5e|y zz+2`dcYjFSVuqVYHQFh(rwq{L#2IFnc=@1Wfw`n$@0Qhg+mq88aC-vWddGu`p#fqDla-L%At z+`=#a$GOsfGjrP29Rq-nlA$6!Zb02mbH7)OPki|mTC$3Z>5E}LCCShecvG8{tbQ#~ zL9meM$vIllvQnZ;5@@aj@TX#kyADhPk?i zZb4U$Nabh@!H$(-C~S2!fVe< zDYD9fvnmKm&=?CmZ8c=;QOGhP;0}FJmn<*CK1!eyU7~vfA?m^pvMcg4mivoNNKC}% zWI=@-RMu6$(A=DYmJ3}QZ&ekNt_wFi!9l#W#LO+}dq=QmddC|5OT%ujF%2`{N3IW~ zl)4lfR~PXbbL^%+W2+SwkF^s9;Vg0s8T?9hFLGSev*5+P9J)CrDRCL}oi>rq;c>+7 zN?R*N*ZXbmN|azS`W9!mq|9|)cbJ@fTjG@gCwCRFN#3FziIml*X$_)dam}#HWo4e9D-FJdL3$Vd27|_-`2}av3g3`9Dz(k)U1$Qg>CqHoU0pYLcR2GfbYo zO6z2KwO3{8=MeJ4eMjOfYfc<4*gqB~pMJ*&H-(F;lKyk=3r`n(S~f6}zH|J@v&(;_ zWo^4+-qJ_GI~rRf|0tnw^Q4EKFU1fvY(y`={9^`SY>&AsML3&Y5)Mz)EcH~tOk38C z6L@DGe!Y(rD?s%9C3aKf@5z;CuB<62r(@LPVMqpsR)K+05MoRR7o(0;bbkldsfE!s zH*5l@r}r=#pW&Zii|2%MGEc%(y0HynK{Ja z^>rn>DMgf1+Yd5K& z?$lxQ;7i`AdAGO{-0A62JKHw@NDbcEf!!ZK2qK2U3S zS1>u4dgnCsL$7OHsV_&hfPIkR#otnM5;PMj%Ol=W^)Z*l?^sn>?O99;^2eSP>gYO6 zdY7B#CCrT3&9Ng`AVpkxc9~7c<`*Ec*ja!;T$YwfQa?eTk$ji0k2a00JG~G?%%oBR4%xJQIbtJ#$ zI5An@nx}rm8Hu(%#F%esWTRt>$ApNqvPoAa0^w-r@xxHhpgaz3hHxw*rwo}Nmvu*^PD-zn zg&-@fVS~L#UV?hx;&FsOM%-Ad(V1I`3TMxEuK_Tp@zAoKj%AjE?>FDwYv6IsOZ9EU_d@=Y1-OOPfE!$FEM|nhi z=uWIP=SRGLT|aK2G-UxwM|mEba}O^7OE??JtN2N5xXpT0-glTi$vkH8B?azKg%W4X z7Mz0#E!@FxjJ0_bcbcZ2S~i>@TaaJP<1{_&u&?eX5z6U+H5&KboC zD7te*t}X*?M!*8fu|(~f{--I^SgjY>7iV_z@fprfYr~GE5`rs4g*?SOx7kGF4pz(J zPw}b5`6r`gd!H{epSjS0g#+Q?5%}u;g)SY5?O%3=2N7Is0)0cj&yS{UY9sz`-=!C! z&*k)=!JLs599>nWiG#*xtazauwVY zG}CS>s0`XoS$r=uV}jaJPkpr(A8%ftmx`Pm+SYNrhDb6!+)i~xQ6#B{8Y5{(1(8eB zxc*)iH~cwW?--mG=6RPny`qxbNOoFrCt$aB7SlsKqOM0lRKpmE{hsd zZVBzYh8Tl1dG4d=b)9G3C=ec^$70ll&RH-(e3y-<7(pu9y8Kr*&=P*d6`!?Lw~U_> zSEZ6)P`@c)v3O8*9MhsS_sg+P{cRv|E34S^h0?Eo-h1N#3ve64jUv;!(mzS8VAQkr zb3d9-CvIT^g@3J81nY>A+zT;Gl|^;w>mQJ^$6tJKE~O1FO1>8N!bE4Qu!!qk2jQMt z_N}0g8bL>cw5dO5c2=+J$=+5)N?C>=rEC%B)E#*mg5TaA7qt6Z+)wmpmfXEA9cJ7w zwd{9bW5Z2l#=zz`prL`%z(B6=t&{4-@KY3{ZmVRZf_kXEvitK-u~uow=b>$`pOyMH zwf9IV@Fi0~5eS?QG4f#5h@;?MZ+Cw209DuH*;-pVmK~5PK9!&KB;=&dOw<(DB)f7m zvx5AbE^e4(3poSkAro9I7cC4qtmZY|%yupXw>}*dV%4lug{WDS88L+HqO~h$Lp?ym z^#CCurV{%QxV1`xQ?9DBoA64XCn6L&!wmzJO&%lLZR`j5d|&Vf zrlFOG!31>06u6}>#(Ym1>gIGb;JsZY*mu`VF;=MYCO9C^?BZ4LUL<7T#@X~`dgwEW zYmVl;0K4`U)jveWd;^~ODMA7z*W`yA=xK+k)W1wxGk@rfY-pr_un**9C;%7mSle?r zQJVZ;W*_8Y7%6Ky_KHh{SuRZ+QMBxw81%kPL#;sUCa=4>f7YT?4G0c{y9k}+7Fs5J zhhX#=gaA7G4D&4g`m*j6uud;E&$lMYO)64)(?WTNmc@fWr?hC@S?H;$|MbIOlWGeL zZ=lw*^M75W>a2!YxOak-8D0TY83~wXu@_Vs3C{0S840!(198sp79%byC(cMM3^ZME zkQwX=BkWQdmUX)i`JL-%qveV2ILZ9j-gi8OBSBQis!#Z2Ai*WlCOSaA!ryo?pOYvj z=jU-rulJv!-}&mkqV?7XHLF&>+Gtn%SrkShtY1KyU<|fT|K4K+`{3d*GP<;mbe*dW zw0h!+#$ARh`tyqgSJjk2Qa{x)N})COyL}%XYbZL*eDJ$`NMGyQerjy)IyHVT+?B)FvVm{ zLKz$*x~kXtlB&Z0f*B)6SFJ;_9Om4etv#pgkM7hA*)|KXNUZ^;`6+G5MN3h7iQs^Zp{N`(QV_X5Ladu4DIu!%FM73$ zF5bvbynqBQ43``EkjT;nbtJBSvuuh#LI$(n=~=DLZqpH4aQu*z54c8epmXk61>|u_xn0SGNi7NEC^_rFa@R zFFduKjw-e4z%~p=T|v=JLrd}&dD5=hlyD&826~)WS|uaqwigUjjiF|X&6M_DfR9xw z)!B!GcJszIY>jI5mWn%1J=v*9)N>w8Uyf-ZT`gHoBRBVuJStj+-rnl#k6Y5b~DeEg$bfws98HbXa*Rr`1lNiB{05L}IG4gc;4 zQlcCf*qeoz+j?nA11^=_`Tg>I|m=j>%LCM67=)J$p z31CIyd_v?Inf@)yb}DX?9Akaj|9w1&Y5K;a*EL}n(;jzuE11eYt@m8PXoxoTJ^uRo z`np_cSo;<9`glhD{asin$PIA&IhkS1_kDimR2+D}y38;PcpQ7rI5!M1+ zAtyUC%q`e=(%Hi(eeK%ZUvP8z{mp7Mk}=Q0-YJJt6&=g*X*K(q#(U?m?*Modoa7HXge{5u(< zr+>7#@FFME?PKQyKXRiM^KOV7(6Wqv65{jKO5mL=p_1D#KmfS_KaRVgjra+Jk zo&yw>CPs%1pXBtKzS_!R1ToYm1v`HJM&sblc2{yS;C!#&cujE~@UQLbWmS3!&xorV z-3>eeS-FN=xOMk;H`tQJ7Be%mwt5v;naMUg4`JKNPsh~E5C*vHzIBm9u6}c#5g*DI zV9WupB+dy_R5IS#(+>f3f%D|uW~4y7Fv0A@%bz$en%DO$D^*{5jNZ}=l(Tc3qgxM! zwfL+SeYmJ1ZIzb;xVGz^#e>MVnDeQnLozVh{;m%BJA;&+)-0D)xR`&iar=~8Kies$ z&F$V$;xCWIi$l2E8G)~!*{uTBx*+U}>%_lqXRdM01b4~7uDo7_(67jqP$9OyA%It` z=SyeZ4u7`eS4e28x1wc?pY4I60v3Xn0s&&Ox~i_)#pj;l(dV6z_cxiah2}bPtE1)g zK?|e+#QSY-ILK>lMmzBKCPmx3&@0+>Tzu(o;4ciK){@-lSi4CD>Z7f7R%toaXaB%4 z&t2}q-9EP>VK%nZ>>LQUJ=+SYI}w~#0a$}*gl7@>$QBVpke`;w^nR-`7V)RkCr(2} z_GT;TJE(i1NjP4+X@ir^aU$Y(Ny~}YS;Z)oqhM1OL>usisv;tf-LTLLy8aSEhu$Lwi7yFD z{012MmD8wQ1~@kPU={`d`J?I7q#7j?|W;Lg~;?Jry;z`bkX(IkH7eInBE;P zCV21dTo?rQKZ;UQf*Z73Zeo43d%I|VwT*?Ob16eB`(&Q+raxMJ`#*bgj{gGITQbe@vytN z^YNFe1S|7d&YNMC;$nt57l**Jb;l9{?vvn^#ND8vBA1gK1>e)|r-{y%Hgu!-$Cv0_4%>}$bs*aF12GZ@cI`s|; zYn~5a+nx`290A8;E1z{f-JUeUp0*qQWc8*!EYA4567{UkdG*MCFM5;=xWPN#BlgnR z3UZe+vP~De+h_?cqVUq<2%fN++`-hW>jOv3J;{lBSh;prz*g(&)OZq`hAlfyQhH}b zeCWaRFeb*syu4(mVgN zw874BR(cT2$N-o_%69!+Z;~u8bfkCh6wxCW77LkMKUrt0hFp!m*F9&v?7b%Vf9$@5 zI5Y}9ww}(}RjwQae1&#Ub_2v@HCPY?)?1gps{9H5$c~3T3|rDZMm6TsY81z!gTssN zT?7Md?=~3nIg&8|*$i4vtFwqJBkT1I|G8dz z7bN8WxPCwB2>5)R089ip{`Noqc>fxB{bKywA3YEf{CXQ2rsNlPfN_w}V_NB6 zwEd=s;{yYOH*AE3mjVaW3bC?S0JFL1FhoLGX(#cWoZSL066*L;9b|ipv5!vTRsRx7 z)KFYj!U&&KNgo6Cy2Op|<7ILJxng%0)|Om<-#>*89CtU|vzej|1PC_ylXASa>jj#P zAY@ug)CTaZ0K3w=n9Ou;?r!-L6U!5iOKVLV$@)VyeKUvkU&hVQEv8D>2(!|$f$>wq z{uA~Ivg(SY9vaWBQ+SQK9GgN@zh*zg#^^5h9J;#+_~Qg+OR4`x_wxEH_@BSqeyC3h zNPZrRD(Vx*WtFbTdXnT1UI5uS-OFUm8>uW^IxU8V66J-W7M-DFL9k!%aFgP&{x8o5 zmXa(MS)wc!^`dO1cVPz8uf50k1-Zcai~mU%VRF7KTXL-(ks>03Tm8E%1>>jZ!?2zUOxT8P`^BCEHD37+x`JA%;&B<(jVh z*|K~nX7xuo0WnK+PkLGfSDg?9Z|5k>xvH<{loGj8A{#i49APN)Gkma>QZrL8NhmSH zKUyexidXo}PJ z=wuvI({5LINvJxfXE2h`-R&$ha4tuCSx)J#JZ$32TiuvQQ-l#}y&E1zkzHL4Yv=|Q zG&rc+(fO^v+IcmFbUB&I%3>O`JV_C76`f=<<5>2{ix7;Z&bb0z~f(dg^KN<1)szYl;YNq`Z9-sQkP`0x-tk&Mh}xXvqXP?~NDfOu4ic_8P# zc;wE%4?yoDkodqFSkaqU!CPE_tj~Y6hO8`yUL!ES9<-*MltNy|;R&`@7-RTvLrD4X zq~8p)Im!J*W(=4&*Zh|nRJU7D@-84VSL|Z5a81t;at4^q>tA(W(W-1*;OdzsjAfDL zU8*(DX&!PZ8GKk%8tb{L^5#ot=@}y9+ddC(YeXqwh4hwJZsBlO9jrnfDc6NFj<#H& z-P=dEWSB{X8~hJ0lXN(@y^AQk73dZVpzU_Rm!1I8={%BO*xo3&ZjO!*7j!nOk$gx% zBI<}+Q_$HFAh?$JeAFWfQxn4`4)zu!W^OxaIxpR`*FP!Ana<$*YKkM@bs=`E#?9J& z21$*fN>S6{HrflJ?QQ}jD`RMVf~;cu9zyCL$1rmD+0U4DcCj-96B~39m^s|TAKn{- z+zqtaha^h-nZA?JGK=sJqSN(Q_w3)JlEYgOc7c>^T}*smFX$w&NJ6foQxSFH8-6dR zDf|9$2AOYyeUU*-Ead}nC&?|=O}6vXd&h^M$Jq+WqS<<69s^pN;KZ@CQyN;!a`d%F zpu_hiz%7|6JwLkAM=TS3uPz65J8qyvtFFQ`JQBB*9K77f#+tC`1jF~?CYuHK`+X@j z&pkXw7rTnKFA7Uu4ZEB=K)00MCrYK}a4H2%+~YCN?aT(VKAy3dxW{ATo=y1ProEe3 zj2z=JVcY*b;vP&)d$r!um6@vG8jyy0JZKF_v-fn10H?5kn6VZbin=j_t`a?mqT*1T~2vC zrrBInx5qz=3rOL`si|xyFX!OZI$_7XppIJI5o0k~Ze!o#fopW8t*kH+%MzJw4j;E& zHib<)ME2gBeg~mMLbT^i;LzQb7MrOW+lj;PFOcY3_$X94s2l7Od{Vnucf66PUJeP~ z_@#JWyI6NP1UECqTMh}{k6YGbd8?)PQbP<$E06+cJFp@L1=s^4V<*PAo;VW2(m0a+ zN!31%Xy1~_junX{My}N){x$&BzxV$br3(tnh_uJ1p6T^}rMU7cLX!FmL5dIH_zFfa!X zOw~9CN!?~qQI~-aDP?RUGR&ZVy7t?;&EMs3x8l)xd#nZG$R^4HjXrVu)Z;p}^=eBx zYFn!$gzSa5TMy)(6I3UVDpoan>kC|oN3V_I6hI@km$Y%acC`B+Guctb_R5eOwCt}5 z5$bHAf>;^#4`gM82VZD;G{!U*TZ9kFQ^E~v3tOERsydn3*KS;pIvpR*#0#!@u{2j0 zZZ-h;ssh_{XDE=d7VT2u@qs+zT1{N|h@rA(u=Usc!_c9TBTG=sBG1lTQvWuQ9d&3xhxnQFhU|3Kk^T}WHf8L^NZGD9m6^YM1uPO6xbysTw2vOPdlAFWHS zZJRQcZpt%ZT(xPOMrMImJ2nWHPU?6xnw>$oEse8O1A2rF6>C1i1zmnBhE?}2!tX%3 zwN(JZ`W}W8mS^a4U}`ZF$#f*{1?Y#c!RyfrVG_^Gk7|fP#|52M`-*f?&xj16N~xEL zdzU5X;+Rs4&dN`>0l)C7dZU!}7b-!kG`5by za#KAhNgxa<1jV-fF1q=}J>;mP7uBVc=vxsTW}kmsokYB;sv{U@B0jFRxKr=)gEJQ* z{&qyHzGG{}J?8$$ZY6@*kxm!D{obZxv?RWTY_ytnxuSM%B zZu-0nyY_nwFb7qRK=wHVwWsA2Aa}sWNe!hT-}}|IL%#px+6v>q&soePrQ(41$0_E;mnA<`tBlm_ z0GHsvaceKV)V)j7K*9Cd&o8UhfHMbA{CznrO~zU+N@&haoYlC7fymA1o>ty~-F$`N zulvVItS=CI_jQ)^_#>-odd&a9{Jf4w0y&Bl$hNjS>|q-j0V$Q?I-b67L?%-Ee7?@I zKRey>6lTZ;x zZ!0*@SN0VKe1V=P58X7y&#-A~iam|sDkh%>TpSV6EHnzjEWa%(KZ)h1+!d$lV|g#F zf_chOe~Kv&W&8+!bgj+<>H~bl<8B@G)$lOeOFkg9SQz$K3DpU+E(aD-mMv$G5#cyu z$6W$JY_I&=7VEBVqp~96!g+%%{W0BV*GqdlyT2YdH{uFBme6yNRXtP8m_TAFC|6m` z?-(>;B)XJHG8*(eYF760t#=ybTiUNG{imP7OBug$r{*?WPjzbubi~8Hmy%I8@oFI) z;T4zIwdnNi@?+C*hslq~Okx8pK3)m zjnfR3tQJ(pHEOC$oqZrCg6C<<@Cr`NM59@SF;Qn*$kWJD&?zlED zeCR~o^P>pZZVkdz-rCr51vwmyUR`FZ(;+*BAdZ?_;m-eDtOkt?A}%y4h+R7tx& z9^dj?r~*7S=QPw{G{<2RW%EHpl>eEv%{QS?rm1}6HAp?+!8+gnU#$UL0OEb*OS<24 zZHBwa=J17W{ZF--s%sTuIkJs@bDlffnVOlcsHg5+u3evRR=Lui1KCKL9*e?nP>(Tc zcDl%~HrZGHI}{ygT@5y6mk#1i1@@~EY<}c6+XmI*HL_T3gL8&nGSRfgPAwK2&E561 zSWDuqRU|6wP&JCXo_{sN3@I-y>KXN2;m!&>w!v+tD$89w9Pa4HoUyX*hEfOV7q@?B zLsUP1wtCy4T?PPw^Q%LNwu5o~T$j$Wd=3q}9!MS>dEVzn96G*zJ}a}TfhryAFq?9J z81lj7ZI+Nu_$t(L8sEpU&`d~vEHY-AwE|L z=>sfKZWt13zfVrv;c9#J!2dZ-Q=(DZx9@pfaS#;D_iu=+2;loBJbsEOB~F~Q-=wGh zELQI^Q6m?n)vywdM9szJ!Jye3X@(Nd@QN)bBZEYClE7P0=IuXY+l)juVhuS+r6Uzt z)UE)ywA+CyYx&L>DU0>lo&jNmI4+dSm@+1jrc9m*BBwixxuaxdFyU?$gn?m;XG%Y@ zM%te_vT3>o%sorBx!Ht|@8ph|h0=OvE5fJFCRI25(g`sK`Msd#xJ{hjImQ%h!YR-U zi!6#;6`IMPdh4$Ex3_It^@t)qfsh=i9KqEG2bEA*wzGN{ng+#ffaDrOKi{KV?c5SN z>S(nx!^;fZ>!JN^=frF@`3ZHs{4|e#$xUR4e&rAsJSygS!LvFK%PFk~Wcf0rlp-Dh zkj6bxEmi{rfK7TKV)lvvxWOJk!)*q|^D)+3?ax49*Yk`VN_B$FH&>Y-*yA+{V%2-7 zCEM9*KIkdJ7pwShD}AA)ovXxRS6CQsaA7==g7{+j2qp@UOXa3qE6kynRPC;4>OAq3 z_>#%-rcx72CC8mhPNNrG8m@TcJl1rPM56Z*(D(=0lVdHf_|a&17hEJpNT2TlN(HYI zJ_?na$YY-Un6Br2j(PNdEg9EDk@AiM^O@1k`yO&uUR+6>U3~GNE$2Ru*>uUy_Lkrz zE$c1%Gc0*HTwwjW_6s`&X&w`csV=2vKLWw!Nx>RrWsma6o&KlS9`?}@g_3Wt zIdfOgFGgfh_#t6VKWJWfxi^Df=)Y}3Un@?;h zVzr6oWERWBAb~Y0msEFsf-!3para15SO&1Sy*8H&mhHjK=Vnj zQ^4B;*iVg9v;*waWG;w1^xmgC&F$ObOSbYMj%UzmXc$(20zY~Tk`&y&eCVc$1x8*SX;V> zv7+fYeY7Kb!ZA51H&r{~m%Lu6yYcPXz-VrM>O&#V>$c39EVM$Qo#IZ36pJAOYp8$i zD)Jrq1g{42u=pe=O zlUW@81ed-N`3SZE%J!TWLWC&3-?fl9ZuFt*|Kgf${I_`|Ukd{t!a_Jv5DSNJ*}+w& z#yM=E@5O*bo$l#2kA-`mz~-*l0F#y!RMfuQ&F_NEn>=rUqWxEtnk~5H8_r>|*Pr~u z=0nn>`w?Q}7UAj;5$l}87UAv!4a+*aDs-sfqV{(3@SXL9dvtHyqG%i^!ztoUw{sXwd|4M>@LM{w*4p6C$s59lCg&k4zaxM9Jig-_6N{#x2u^}1za?zTs*gUE-I31 zC#&NA3hfo2EM}nO>U`k>vQ{*-)P74yW(Noq@uJoMPQ~D}1N;cDE(I+)FBn~!Hf|p` z=9W5Uy;VPD>^0GA1Xqj{dsiAW)v+mBKt`lqMA3>Gjv_jOO0X7% zDh5X`Q$3_8O;5CcGF)bB98m_*H2(=CDf73*)ly(H_^5F4tRfFghJY%+6D|u(p3Ls% z5S0PxB7n~t^^76{KxDwk;8;jX7Z^f$vp{?ArFUoRtW~zv z@?R=h{U?E(jX#!vGJ_`$6%j*J7R>-EHk*Loe)~D6Iyn1vj@tx8;W-2oNx@WPLF8X3 zBq9~)^w4D)NKnloL4*VEC|HmEt$duE<&Nur)U1nqNFmBCje@zgh9nNk2#XmOW6`{+ z%~4PNbgLD=aDK9f(f4z^#K`;cM{QpRz|WB@JB-E?9FP7U1uG&kh=x5@?f=%p{! zv;NX(BS6#*Q==aVNw5y9#5Jms(ydKGNoZC3 z8CO9m29;c4@WMf$M-sT`#0E=R+)E6ZcKE$~nWOPZ44IpGN_;kF=-%j?#914+(1D418CD|0E}+Nx)p)|gn)TDc?<_Kz^OHfcS;N!{W`ByRD|9kZJ_mOd- z!1r-&!_e>Hq^4oO>tjw+ap3DChjD&@FW@6*-#2JJ;qR?wP3Y)X%;O`k!VDnzNdWWn zv&;VOS1{#;)+52mmvhZck4CuDX|qG7Th4aT|Nos|rs@CB{8G0mS*AR5jm2bDkkT?z0-1Y1kb0dtl!&W!uWG9?+wPf?CK?X(Sa| zIE6h|v&?gcK(KM>;D;&T)D_V)3p6?>p`cEmmviq=9V?84M5#_74f~7e$S4i#3rgC; z@|s8tN~UOepnip$RUcfPW(7re5pbn>mt^T?L!Bve6qTmdhm77dI*0Ax=>Hb#1bd4m zIJGd*C&XKhv*Q@CGYC9$eky-Z>4__c1FnOD9R0)hv<^7jQUKdL(c`7asED4K3);$c zGOuCy)XTkl*rH!4MyKfMGZvQB<*wHG>;Y>t52nW*c|Og@G2F;%6LGb$*~W*!ng(qZ zmK}&MbrO_&905CVo;h!>H|}|Nwrvnguo>3nm#11+gii&WIHWj>PI5Y# z){3a;DqH1fO>5NERl4{=e?%?P%=B{qe}E~%|3APqa;6h>%^ytU7&Zt)b!POhwr_RO zySUEe{pIu-zPTWL%yL0swkM-emoX@tNoQV|zmQ%)m^Xob1p~^$%?KT66-ZjX!Y*zl9RKbMTBW30b6H>RyjwDbqf$zdF<`4~b#D77eX7NFO?Z)>k&M(p3Nl zeY==l+#!<;r*>$3kfvUWN$i^1Tw0(ui-I=(`Ee>@NDihWYpTe zu!s4ehjW~SEhTAfzA3Y1Q^YsO6Xlq|Pcz4Y-PHc9OC~68bAn8tl;j1iOZ3_y0AUwv z{Ap52BDz73+)9nmMA>fNYuB19U)CRe7E8*aFGtL25pu{Yn|+>lDfkG&7&^Nnhi)W|C=v!(%fu0^ zLntpj8=UD5KIFpbN$w)pUP|-9jcFffJ+S>?%XknBjVyF4ri>!wheOOudI zJPxK^%QXo3`HYIaqw^L9!!oX`)wikbIfj6&TdPu%O0IYbv49eA$-O3dSOlS;wOuR) zfTjc=c^^$5^4`RpLauYkL>dNqnJFditYT}|zxZ;P2iL;FSHZ(`Vy8#d!1xB1d)^9} zi>5$5hAoguS|}&aL8I%*TM6ddb1*A<3x{@XyxtsRUG84qvR3edm*v(vwCr84upV@} zzi_RtHood=b%iS(*rkoUEz?`A7K7aNgST!2SsGyyR1e9{e`}Z0=%85GXd z#Q3Wu6>qhL9)T&KLq0Pl?jY&T^C+VEMG9izD*Bgqq$U^&mteEyaJ?4to`vA1C){*c z`Uk|(zF{|l5tH0SaNtX*nI_h|9hSLR8krRC8WH%HDL`o#W4D|vfJZ({DTo}M!g_fQ z_2FRgI;KUHx=G#;|B5QVSetx}AGCWRxe6BSIxLXUo@yoXpq9*7>nP2HDg4$`e>qx5 zJ`twXL}cBCfXM1^|5^q5=MoP(rK2&aa^33r9h5#@8JD=LOt}v4*cJ;*UNJHwvMSvXbBA0pXA>_Gk%_zFUS1{Wj1XhyUHL^9e!JggrMX zS%zy<>ve1whD|o_InYx~xsDpn*o5+nM=+Uh8WX6L1DUD|#<-;Bb+EZwHh=W|66t2C zT0Rt)8EU&f-n>M2U|^5uM5^zf0eC`am9|qG)sI9Ns4k9T2@L6&?W%Af-dS`}r4Sx* zEvR(mMriUIwB2lgqT)Mq3I#PTYwF{b~2gxj*LD3G)zA@gxjd=N~5MZ=8CQoZ$ zuyrKFvx_!&9iyaq>!c`H10;dCG$?GLW_3BTKBdS@<&U&-06~PE)Fslc3T)&>x{Ac8 z0QUtLSq9nzp&~9hl*oP%{<&&mP^`FBYLEoB<$t8IC5~m03N(%d3FlAY+c9+so{%RY z9_4N;xJ@GSE#vn5W_$jY2z8If_C+n#&;&+UAMi@9)1-?Y1C%$5m$Sb>q0q2Hzg+f~ zXHaM=KF5P?^3cSSTtqEk0@&~F5f1O<4@>U`HzrOz>^}Z#+VBPEF*=j7H!TTrI=l<3 zKJq#3>WvyDIfSJSqh`F8l`pKdq&%t*exdESsdt|6L6BMW5Fo!L?TVVd?9WU!V07L- zuob~#n${#5gv8FRW9~AH9XUD6uAhsS!EN;b|J!MKSJJi`sTI*h2 zaiw1{Z9{gkH-*e&c%AkThHe0UAZH-&q=uzfaW*!#z*xsad0S(N;Yho31!9MC1!Ajm z1)p=oN69`2t)A>2QOqrh=2iB=_WY|}y|aA@BDRuY2* zq76yQc&QIQc*o}>|NNMW-Zp6WYog3%p9bM!+2zg?b*%>*xx32enTk((+JG5Y&3saS zK+;Z8pI`_Tlj|a<6t{0@ookyUBt%krs5=& zP=&t^kkp5`*Uw4LRw@J5Y-uLF8ag8Ajq3E*$Of$AsXbjR*Jra{_C@WhuEL@h}t{1XTRs&2XEE#8M-q?0;YevM?cgZv7mvlOe!M>h7rhnkh_cKyw!xO6x2V^xfUX*m=N2Phx1SxI zfQ&xKtJ!CdG?pPyU}c0?mKZ`p=VXQ_;vU5cdts3(Dw3dHH9%pfA%$hTRSl6U4rjMv z#6{oM)CEjvgl(@Jr03mZ)k7$RI-Ff`8o-lnGr8U3G(z0TuHj%bBs58h+G$nxiH)lj zBmBmT+Z-I&d}=OMw@n~#ww<%l>4H+bKQ&BryVcg?z;4KMQPkEv=R{bSEC?n0WJN9t zn3J^r_7m7Mh=j;XSSD^k!E@pl9iEZ4PD~0Td4mh{Re`?Nl)()ERY0o0;QxQG(^_`$ zkn2(k?&rAuV5{XH|DR=AG>O}axOzYwgrSr;W$MrE^a15AF+Jp{qiD)%(e&sShxA(l ze0GmzX3>a@GZEX@9U~#Ra1+xeF$BZ=-pK#lbu*y&07OSTgwXCQ|CjVgVOSQ&q??Xdk62Wildqm)XFsHOYTyW=u=42uQhZ{W9wv(h1cJl z_8IHyepCE-Z%DZ0_tURS?D1|{^v4Hzql*WV3ERo`>Ai=m*=2V$16Di5?IH_F;g|N@8 zaA<>C6e0^894+cus`v3OW8Lp2{~h*9so1_$^$A5GYeV>1v#ngomn3coar3fj zc*|@sm)sD;$H;gGA0M^^{r53T*qCfWJI)iUJI)iUoc)36fPId9WDpBDn%zu-h6&E0^5^p{GuSBE5g2brZ2qWt@c;N$Vuyh ziNq=Ut(i6(%*rE*z9Q;KB(V{d9Az|g-^*j~K12-_3@nq3l4R16>0i7Nk|)PnssPo$ zM}cAiNJ(FRwcZp{uX+g2x@Gm3ZovC_XZVrycNfC-xU7G8t+7cdTp=uTCd#$K|Y`MMhXl>r5~G=PKG3R;*6k%Du**DYA`f>zia7 zrJ)o!mOhOcG191~;G!)k$;L{+VfFGALA=fi( z*;2VVLZXWN?x2;ZvURexM2wR>5Hvmc4iV|%{*54YFu(s8zJyyxb9t};UI^x<=nZxp z(Uwk>GSVo}a%7kbOpHlLb(fbk(g;kf(P2%3Z0IKqCkafFY=}QRT7qmy40bUx-e@~A zo~f9$6cu|3d6*P$30cB56d9j*`@hG~^}+u(r{<3HitvHjmEt^99B z?_2+yUu8}Ec4bY0y<^g3BT3x6E}D45Pu#*NWrfMN?xDZNoL< zhEih{UM)gM$_*i_I*y{nwj!%KiZxdPBF&gdv}2_(NR!7R&5-R$lf_RSkf%&4;{H<- z55Q#x{~ychs4XsglQQc67Drt6rpeZP35l#)1Vz-CS;x9Xjur6!L3pJ-?NbIBMG8RwM z7P-uT4GJR&2`sa@!5S_TLSu~d^lS`fA798mS3();8Q23VH|Ra_Xn|k(P)cX#D$6fa zis3S%3j}xgyec;zN9HnyVCgR9j%66ID}DzLsRmyd{_cwm*S_J&X~IVGp4sNijwxF0e}k4Nz#w{=ZRk0MR!q$u<;!yO$V*L6lobmcWw5qDjS!>iuY zxycZ}IYcjB(=dk^Ng!!(QqIxW=_aR|a7jI?cKjX`<@XNJsx18EI;u=ld(ROCJI?19 zm8IG|+}zZz!=$(bHq1x}7VsIiOe&rRRRb{4iSe z+xG`Ne6zYHokJkDqnH_>Ls&aqHD#%~%Fgh~htyd9M5LH5aO>Kn`Ty-T3|VYfH^G5Z zmj7+r!TE{?_)ZC$2nbls( zq7jDB42u=|xO$-<%KfYQM32F?0yKnO4+fkAajuNd;B-trcLew0JYp~Xj!z$qx||v7 zkaJI+KLO2gIPao^q?*Ief^WU*A*;ecp*}(T$@w+Z;TU_$K5ovv8~;~K_6^rkLGlts z31^ituV!PZE9A3f+}UevD%W4?F42D{k{s;&^6U&|l1n-XwY7efW!QGOzoK=Xl|Zg> z==9~&ORP#}Rx7JCf8b1wnV|<J5t=$gs07=0R! z9A80ouW(oFSiuQ5ST3(hb(7S>)N86vFE7}%JZ1ll8ub-6bD@D>I*pJAT8EHYA zy8=Jjec!gfTjB$~XY}feBXuY?txSVEcqOHp>%e%U_C#G(S$*Q{9ef%p!yqH&#>l$@ zkA0goq{}C6BSgIG{6#*%kvrXUvJxWR_Tpl(@o%Vt-Q=aXx#fHMOb%2^Lj9m~` zeWUehYrzK^GzlhlChav7rwBpH8 zRc^O@jyj=RkaNDEbKegLMWq!{BjYaLO9S1A5OPha1_ zTk#UQ&Du>j$FdqBL_)3n2&H1jBgjfN)F~C2_(DL4!(I49zbfVrtcZsy);4w%1_(2!3 zxQT4i@_~wumVj*H)Jwv6_aVMUK5o($6z=Ftb9s_`q(;i{!cTrJP$%?yG_n1Y*EZx6 zRN!3QeKs4Hg};o$fC7vq>{SY-(IXIuC~ht>626QX=F}4Aax?jsq~dfidH!92&iQ7=>>p#;X^`_RzqdHU6X)PMX14fcirKvtAn}z zr^={%H8GTJ$F?-)Rp*fQ)u~QB@b2#Bi)w4g-SmiploPvS+;T$R#6&YkA%nz|-41>G z!~fMf@+!30ZqAR|&)x7_hh_e-!N&DOQ4UntYo#1^(&BHkNp&EM6f^ukORgfO!?OpN z>5LIi;ij5e%Gx*>EDdGt8VmkHdo!hkrJCg8nx%93`cJUL<`2oF4h^S5)Rh(j^%E9^t2|Me+VQErei_mnI?t^{gZ6)>knkXnB} zP$A?^1{_0jQm>q^JcQ@Fy zYFDxdx|p1qEeM7XC`vT#{l57C*>dBQov9pt_;6#ZD)^N*O)lp`b|Boy`#3nY&=QRn zsWxY2ARjD&J!&IdChEQLV&CU)r-e9LWlCgVMI~7rcI9mEH9a4w=A|@8oJGis`!`Vz z-J!QHK00E@GU?br6kbV*JEQ5}&8>}T*9F4x5m?O~phB&WuThtm4b+l^N?tD&_^5Ay zvG#9<2z^sXLERA@?b)9*K<2_Jge9Whs;)kFK~>dMoX%O9Dz?=`z2XuNd!L-DM6Y3M ziSqd)*ehxZJ7Il&W1f2vwSK_X`GxoOHsa#v)}u|`@i>Mk>TK2gBj{CEI zd6>Cp*q}*I-ytz$sHFB>4~30Xw!0u&)J`1x>K4swvFOx(#S57M+76N(k~uRRgm9yB zdn{se4PR`ZrQf_3I;-I_C#@+lAAY#!7{j}=)g1jaAE9ICjKnlO$@0v%$9p%g@b%B4 z0v9#b479)hMpEpH0fY1Skl0+dS$bby;VoydOJXD}u7=xnu^ejZ2T3a3)u^wrLvhXO%ejRM~4qWP}HY1bDZ^|XUb zHw@=UYqWI61(?rly*u#|**EMJDVgy$B!)V#{I-PW=Q&1BLH}=&8Xi2CwPzm61~U~m zPf?dd#re2&)j6A(;5_62zwfirsJ7c3y>7qtJcNQ+;P?6wa|M7JbXo2CO-^?CcWXg* z%Ew4oc920)--;~9V9CX<+_Pl8iRgo>;qO?siR`2sx&2V;Mp6$MdKoRd>_piac-4}X z|FnZdVZQ~xi_>1pPBuc2Pt;YW^lZPbN01-x)qOhS zBGE$bk1Kde@F58QQ-$2T?6ZBMH|(k`+KinvN3iI)c9UIMX|hIv84uS@OCyRt)q%`G zs+_{SOPj+ok0u_cx^lACRwS$MxjcaGeu%fqQs*_p%&uj?T%iBNRc?!e_cNtphNJ(6 zT1Vkdj80nlslq=YGO(gTARy7Il+ilur-b(~^8l^K7$pIbtZHfdxE(RN!Z7dL0`crP zE357I_TqDrlT+DYPL^kYT%}$3SK;Cq#o1v_wmD9=*eU48cYc;Uv0d2T(YsxYhx3fQ zXOcYBIp}Bnu6>BeVNUiwZIoQ9L;3)zE?VUTAD#2HR4OOxu)O5duiwbh>m@5dg3vHE zi_p30&2N3(*o*)QtNHIHe;gv&bRzHE&3P7o*N0$Bz7O&uzQpXVey`{I$;m_4WSV1~ zNq@+n3Q@Us(KmN9E_O{rmqIfSWjpg<`caJ$Pp>M%<7Q)&F^`8klf<8+i^+- z24BxdM;`uu@4tTjfQPnMYVU48!uDKoJ&G8kPAde$} zHW7rXQa7$lb28N7HYl*(SiFUVM4b$2#B2Eb023 z0kZo-D2PG9Fa1YTk^I4ZNJ}@}A)D=|8@Za(v9f)4WQ;;w=X&M;^C?K_w!SL)OX%%5 zfY%m7AN_-#Y2WMLf*lVDduq)3C0CRRq^=s^Qp-N zxwjw>l267v6P#WdO_va+g)r0m#TG^=!29;F*Yi1g3JLl7Dd_ikaXHzPl=t5MNhqFT zxZk&P`#YxK7Yhb(x+|$Guw%X1l4-|w2)Y3n&fq&*g_}-K3jkHd8H+oJ^W ztaX7$=Hu8DPh8TnY(>XaoCvBNzj!Y>&U6il+D!;J!M1rXEtXsC|yqVO!S_d%d3fZSt~ z5(}ags6L?Td}oBLMt7f4h4tNZY#20L9)jL^9~dr!PXdqBOTG3Z3@VN}Tv^S~N!6$` zoGw5Z_876%H|Pm1>du#$<_gWAWizDKvV9zlIJ_go3lxUf2TI9m=6t8SJxYHpAYZ}& zyEtsk3Q?(;nC+G|**N?EJnVTB249~xS8~Jim6`_Madqv|4h7@m%q9@xtebF=Gnxc2zp~VIOO<2wqqaYW-kZ$k_5Cp`4)hkewNAoBtv1c;J?qR?V>7Fx3kUz%w}Ulu9QJ)Me{Ava$F!( zgIdtov}e|W6WOLCwb~Zq5P|X`fIPj5lBRX+5?PapA%!nGsiYGL^F$LA zY3ioxI{gG(>^_qtublG`_cvJimJVS|IYjU2z;;Ado~p(xISW2)wn$e+*u+&SWpixm zy%ugS(!X1HmYl9d2;;Wy(-WeAP9OSbY#HCdqYiw%ARs8i#4-s`<=F{$%3qqj|1wSM3BF`YO8T zOLV>X#0n7@aEdty@yqpmgc6Bz2xh#Rco{=1@kvROt~K`)1LAm#RC79VzFBP>v?@E% zGZY?nadj+ENjnu5u>jShI9r;9=oB+)FN@{2Sd((?3>RaAdl88~RI3CDM0pf#k>2D~ zq$K0tr7bKYbY!&{EpoP5yUNDyKmk+iJ;wYtf6|-4kLS2197T(h$%`|@ z>AXEmfnGe?k9ytIU@d3O{cdwzwOx|#8*hGdnb@1CNbAbe28WavDj9rk#N zGzSgGzXx8x+wNM8X#^+^H=by6q6rf+?fCUxbYWuBg|a%Q?E{X)>mAkcP7=bqyWV{s zQt1i^V=-vnIIS)U49w77KWh>iV)a_E72F#nhtR9*5NB8kDI>{zmG%S(+#Sao5<_Cb zDY6e(OwiUi1(9Z7nfNu>(@!`#`y!F+jMd2v-n!7A?$M+qMu;|X2`hK;o*mz2!BlqT z+pDDBNd7KfUN7v6x@N;d0A+~$l|}&d$6u3gDOx_PvoK9;`PWGpLpCL9_I zd6}ilgQ9ju2ICpY=8{)Ur1is?&y6w{#V&)?KNY02PooBY5Q}`eQ<}0&WV|Q z*_wPngC+iH7Ax1`!HulO-g2`O;hW0!9!+hpg1x2$iwz^)0&=lADh`8_Fa$V>uj65N zgIThF;?ugJlf6dSW2a{8=-FFbd2+_vI7mGr=ccD7E_7FEXWYoFPqM!Q+;Q07wDS6q z9TLmdm*^UHP^p_si+Rq;u_CHs!((Sso-J#i`o%M)vRt^~qIL}jCOak~aSzi=wiCJN6x$TCP|e7)*F z;N2^=kER`M>cpm`jPXftqWoGz+shrVCTY9|@VuBxep_ zWXj1GuM`IlS$a;j!`AX5TcW`lu|1CIzSMcyhrXtCu;B zA%bl^5a}@OKXCW-GkQL*ti3$w13S&Bw!*E?9XlD>^yR{9a4=$Y%3b5?8Ue$+Eb(sZ zhi&Q+H|s-TI!rcq4Kh}gWw09YH!k6M`{(ZJl6}Y7XVhpBBnd~MCXw{~?W2&i--DgB z@5|Dy82UPXCxE>}IrzDf4tJZh&+p!twC}rjKYn+Eo3!6Uke6t0!P4C}YUY{uf3|xF z@)(@+;BNbj2fgo*Eqer5L45S=zOl97y-eV@0qYUd5>7P)7(uXBD5m;ijqH}35KlX6 z4*q*i-Pa4`T;)X~2mUyd=96X-mD5PZ;l!TAy2pd-)TZN(#l8=sYZQ_j2Y>YGPa>w`;0h1@F*5Y=8W=|^P^X(Dxm-qg0ejtp4^!LOTnP)4 zVNN?++s>>r)-Izm4jvvW(QHo9P78d=K_@}#=FuBPT47UAmU7jk6eG}&^$6)_HL=L) zg;#(>J3!Hua}hp08B&KtEAE`k8<*69R}yTd3$2vc5{o z=#{lvi)fPO5=V1x55-a2Yatod8|1N~Aulp{t^A>8`gP!|9TN5U&vm47OBK6WQHRe7 z=Ah_F7GkM`cssG}H0@NZWCzi2%y1Tz=HabU_q%7H5UuFmWg^AZm4e=wK767Ed5dNz z1_E9o?8pLdikkKo=goM#&t&XB*!RxGVBd5pLl$=-ii zW7-o*9St>ePGKPAfVPP|v@ooisfH^0MGWXcB^BDx47agVTfZqSk=D@Bp7rk01<-Ft z`^RiQ1C90yDvr>!4O|v(i_BC_P24j#)X?5cz0+&P*2Q$OD$X)2f&94#YOOh6EwrcC zxn=PSn6Rd!9pF)^{=3E=KoKSH8$2g50gHBlx7sWu#f)kvF5Fx%hT@FU7l6Q!AaZ;d zk4G1!P`JrH>Y#8EjE`~+D@_JQsUCPKKSoxwl0s3@jSTsSyaUH5<>a9ELZGo)!>nP` z-}71|T$STNj`j!xM6Y~W=il2`KIlS0`)$O7;x1?}LICF@=r?9V8+aQ5zD}F{yGbh} zTzk?ahR`bLu(VQ2iZ%4c@9%s6a(u5z$;clwYTf9tdV(4ZA`h(7P`Vneqyqg@H}NO! z#WtP5Qo+@CF#iY~9!L^>JB-ur>8~1GCB&_i7C@`?AN^K7A7Ue3Fsp#S3jo+SRUEn^ z1Irx9Ka7zsJq}`BL(Bz0$MJ?@Kwc{~l49{Mx#oC|yPbePcknkfN1aVxmegb=!gQLO zXC+94%FwJP21!ozYM5wClcj|hXbQ@%bgUzVp~8YTH$FRsRsyCniGBP$l&q1iYJjvd zBSl&M^eBW*`sSviLq}q({mg@b1GD>^RI}3L;%xk|&-WfP4)04C=8p3R;1YSwap7Qi z?=vm_fCRg#%u@*Ku5jBC<`&*>5+;rw z5gw&}fhMQ-eUzknN_toKhQYH-UdnCx;fg+TtgrquM6wC8-GZ1db-q zef(?sxSv3KC4QB?bq?@cZA*U6S0;1g>r^Msk3Yv-@5<2Hh$nwc0~!LpaU4vw#U(S! z?jV+~7o8u#m}X>dc5HA4rU@{O?B*7yZjm#~pXxTRQ4DhLtPPqS2zA2@|MQaH>+R=m z^;a1DI?B@6P^Rqi`?#q|$YY~?d9+#b;x5dX!uJ>ESvQrGbXzFoi?$Wp%*c5$YdH+> z+c?`!;qw}VyolQWpB4bqS$*(1oPsw{XB^-)t&+TeM@F$A0wC3ICY^>X_#mAtlX|3H z@QGy0Bbom1^3`z>&00V_Q!(KL)bu}{Z_`LNLLAlN_iqcX|J2>(5>8Z$-|tvei#rg{ z96A1)M6&JTs}{ebS@*J*O1aFwT}N=L7JKcc|KG9yy`lRQ8&T7x#`mDG>NR(~yPS>m z^rj{Aoy2#Kh9dp>r+_*FO}4iY?gGktY3ib7O6Obu1~o15J{xf~2Q}KWg&4*%A<;Eh zh+85Xk5~>v%~m6_?5OY6|KscXYH#xUn~-q!=jZYCQ*e4eY!;!H&-3=@{=L8d=O=Er z_v7Q?>d4aX?nhGjSo5v!^;57hDUUP&56|aa^0xVg_|47vkvv;t^2hN^Lcwu=VNp** z#IzVAzuwTUVjkBAs}CkHQLA8y$DD%iJ7%xK&FR*t(p=GFSWPlq_+NEjKY9Z9s)QMP zq7^Oo5F9xs%GH!#xosW^liVniV?8N8fUoK%XtABGB zmXBCNF-^w~Uy?}ErtqOCrXfQo$qZkGj`sreh4s)fgwmCIewg!kR**~0N zHX0J57ZIS%l~G7z-eusHVt@6oObdx|TcVtRzZ($lyNP3&l~pIM>r>%+&p2^gEC1@& zYI@Vifb90Fk5>6iY26D^GJ!dUquNJ7k@nPNGN_B@GjR{fCKO`GpwZ35JN}VX4ghPE zS7lD>%q?X9UF7X?628`!%2?l9uv?s(gusV=*Qn2GJCTi~W9@!g~;-hI(HT7pk@kXRl-re>)>y71<7pe?2f_LC9kAsfGptoB}T&U`6xwDL@RCv`wndSH{GyI?C#1(0CsF7*z-;^v_-0T)7F;%xIT z7r{Rng+*uN!%^#rg_$3)onBe1DOO0o#Utv(CQi(@mfoZXKp^GJnpMSelWa#Hr>l8@|TnDpi%O2<%FIk2GT za~7Mi>j^%!TcNofbr4u&iYpL}7nJWYC?>snESWOMV>49c21S-!WfzepZ?LxOH8t&P zm+K1mEUw?#;}}B(PcA{&YgW1hxoD(#+lab>+yQL9q>a-Z$sgi5>!>l@g85>d=BuF0 z5g=C?-0cH0pny^03&@C6x(%q-NHJ(cOpzf*abDs@HZf+nnS9>xT%-BR-6 zC=3z-D^HQsD#>)l)Tq)*5Y@^9jBv4%X<=^3Ksr6C1A0?dLp*K-ENx#L{a}V!%bq^u zlu(|Be-SkzQ_f=PXhX}M?OTj8)`fG;Ypro%dCa^NG^3UDP0Le*q197f^4lpY%;Z^! z)Q`FrPYvSZ#(Ogkf%h<;{w$)1`nJ0Dlz{nAPvjPpZGPp2 zL3BBh@tn7W)m{HieZ+3UvdURNN?8lRBPOgH<|Wg-Bt~6e1lf#a2s0?`sVBDM2PTz> zCpgPN-9X5AwOup^(T0H@(9L0HnlH@V1LZJONSXJtN|Qo0DRk6&g&_^+?~nocaFHsF z)N1Dgjk`~?Jcee3@Y(7ep) zS;$MsU)4ec?Xn$)ZA?O2)!CBV(;Lt<3kYcY|w=Y1dqg z4VF07-5q$o5uHzx9Yq~e_?0k$1zsu8-r}Hl?!E)N`~~r+LLzb29_5_#kdNp+8G1S& zMCXlZ{3XDlZwm~)@D$F^5`S7aIFv;DE|eV$CZjR+60L}ik(q0n4>S1efEb?B#bB}- zR9{xNbclivOjusQZAV1vvaV1X5EyZB4AgS)n&f#*3cjF8Pa0 zs>g{XiffTx4ZgqxiKOs?8>V0eg!3^=FGy&ctj%%A1LSUM%G<*A>c&O5zNY7^+#D5z z3vW1#4!=8!;Q_Sw0_=E5kA8YsrsWwK$Em$-`oR|_VsN4p>Z*2*Aph|i$fa+9sTd9H zyVpb6T##pUGP?Q+>B}L7_M@6@axU8fGo%j%XT9R+@#3KUlc$_jsd~+>^qsfBdL{*C zSUuf&5W|+bZmhQr=2q@Lg{N^$fRz?%b?<Ta z35u+cSJ;aA>t9C8IKdH$&YZVB?3lSr6DVhz5SL~{DXUr&dg-!v`{LUru;!L^Ynzis=OEnXz&(I$BE<;EbxJLq)3fH-=*34 z@Z%g~4z`OYUmO;x_T|@BAi5THzq61oA_{}Si{M&>ICPGpfO(q@JLf7eKz8F?D+jJ~ zZ#9Xd$C!%Z#>&UM8C>Q@#hmWC``LyVi8v)*J+d&w2GuXgoJ4) zc|fmD5t1TR@fyl0`wSWW4tRTiBN=D&R1BGL5_@}11(CJ7$hyL`Rc8jZe2cO>R_GVv zA+HqtxEj^FLld!T!BK@0z)7-9WL#8HJ|wYBWL&l2=p`M7++$RY%FEUVPy$>gGCs(f z4MVONlISs_M&(75y!CpfMwKBKlDM7zpYs2jLTn`cPu#;yIt;n@h@)b61`PRYOoh_J ze}?$bWpe*}nt#@lG(|-~>xQw^CQ?4hD$#$uP=|q^%LIzV$BptUpE|ttI>Gn@38o1y zkKY~R7SgsUsi4{bmGsZUiFge4U}hif>A|+4p&H55c?_0&GrS$Z5GHE-k}PS$um^;b zL|c_OUA4D86sQs0G;l0X`xT8mGD>{}YB`hQ(pcplv>0U%g0ms-g;ORi`h)?7vkXsA z*h)o)-N(u+#oAzrkTO!3OYmXr&mmE3F*F+gP~ThZ6oX>xrCUIzCltBCqlhEZ%CrVJ zeF}y2NCss&s%5x2`2J^@f*P{>@C1W)F;N7j4zeS8s0GNIbt1sLh15-|+5N216lt^y(WX5R zttHgO+4!@U!)OpC*=r&*kIwt3wGo!A$<)dj27H!iEK>A2y+@PPUdg|l;O3I8NME;| ztY-@W2}eH3M>#d@F7jZ&X%p2A_=lSxDjB{6iZ0I?mDohC4S;G7L@E`nCKH|i%15I$ z{?Vv$y1YYz?-J72ASvifAR(TQV;qMODXRYaeLCv@ORH@M=Ybz=6)Zu|K7AoSm9CY+ z3Zi2Aro;=ibIp|8{p$EHiLn+#e}13Jd{wf>CCePZep~S%I5ZVxUL*S&dEtQMvPk+aUH03zsq`j?qpyOIUErAeBCKzM zDIkFp`=&leCT-9?_~~-a25RkFF9ed-Z5EmbXBu1UpV{sCPSBR6o*gx8Crqo>n$F`( z)%B4n=~w@5{};ZNld*AqGj$5kFz+1mDaQf~BgB{qD6UOeR^Wt>0!0!-67Nll&YLged-@X7H6PF(sXt=N{vvdPUw?m%5M z%2*}_dw}mQWWtzKN{!t@P_M}W@+5rOMWv1N>}K35UP4F57kwqJR=sau7*ccE*BSEq zDCH}YFAb6gf!CJ%J7t@Ae(So%hpuo8LmW!9BV(Y6T$&*K?Xaeud>uBK=Y4c){}mPe zICyOg9gTc?`$-8JH)^KdVxlO0K%y{5X@c8t`|tNX_glDVhF*HL&8i`F+QP1Z_@!wA zFooG(_%_beJCMAqElblFt-i7$3lLq!y4G7f9cf4SObs3`4}o*KXV= zDIa>YuBBKVoN#dM~b0mr{cc#{>~$Vb(=?49rc?U%&h6}EPpgo7n0MI&ArxMyb+ zo#RTq(p9|0ZEvFmHv4C3vgQR_3bxTsk2^)}2g5tV)ohcD)=hcUt8PdNDV(!bC3dJR z$6YWLnzW1<`yLhP|y+#SWok=Evh@}JN-F@#{{8D0el5J!KP zxMLv(DhMGYdjLLiMFK&;XLP7e4%@f64{(6Ps!$Zk<{D21!}Le_E<=`Ve@pXnAJbAf z`XU99U&GN{4u=cgky8}l^{+hBjTt;~f8$Ul|624+eZuz9wEVnsQbTK0-m3b;pt*=VqMhD0qF zR2hy;;s`q0{PJ0xsT?P={vi^e;4T_aGSqvxGxmsm@pp@LhpZI@n#Vj`;ci-Gvt%Sj z*{dzHJcP=WA4v{bL4JW=jcvWcBW@W!(Web{AanLD=VzJ@_}Pg?JP09t`%>zyK&-cv z-Iy}I1G;pYKL>+UnA_r4p9}6+hKRkHm%i0?%X4VEW?z^41Wjuu6NG*+Ly()N8epYN zyry(##l(G>!JzXB@wwk7_VS=meXZ+-rB``CC~Vu+Zi*bR&^Mea(DO>|&$|}L)6{;% zTeob3$oQb>vJk@=hky&DZk+ZIhm7TE@b^}p*m79l9h3j6cFe`56(0FPEW#T@fjLft zfSY<@O)j{KZ4ZR_Gwo?@_ICk7=LKlT-}2|@#t7kfo0qJbda1KaPw+Esn|FZ_fpSZE zwbtERq}|1A7m7>|#swJTArt=zO)kP{2h+*R^lWte2Djy|W8x^#f?uykF*Hm!n@7AX zZ(kRY%#HjpDEpK2{Ka4X4dj0q+}V0+wj@z*Y4yam>Y7_EUlEr|S3EJfsh%KEz!KCNIR9 zmNyN8;osity=Z;qARK-q-?4?CMA1~yFWVs8Z@Zo#`Yh97WI&3>( z#qm6XTZ5C@%A3FO;ESBm5em7Uk2R&$_o@#!igC-laVW35pK-glMHsK|{U>{qAE#L> zv(}fVZkMOs&rLSJ2KYYQD(9Q#?V-rv4!^Rv^{Wp?HtU^cVY--)@o?&$L6hqVz&6SQ z9H#CIAY5+9noPG{C*}M`%6^HmB(l8+CJM0)%jnMcz~6wZKCIXLhUTnwm__tYWR?-WxfRRB%9o^0;3KGb#c(02rl>YPJGNo zv{cbpWVk8cRo*m#juaruDu^tjSqXaDv-p>gxhJ(F>>U)O_XhXA>WQJGZAb@?%A{w0 zkfcjn)HH~PKe`U~8cdDJjmEL7+1q&9n6Fo%m(No>FGYWJF0821h)zM456h0m^)+u_ zxNPoEU-olKcA?*K)FEAy`%kOg7BiT`_Q%=2qU!*gJvsNHOCB1IkNK9?&0V?Mjoo8b zhU9(M3u|w99I~vD5tpsO{D`s|rzoj(No*xi)vL(9m03)G;-M}fh#VNithGfXg5@n+ z=_c6+*FrAJX1IHL_WI!VEI3c5|3KgfH|-Fnqg`}zPuhoE0mIdgxW?kQ;@T`V7OF*3 z54fR`&V!XJrgC&K9s*wWl_u25IloseA_{`$g{nSVC<^M{W(#2`tq8h!9f z&JV$4dm&DF2f0^*@I%Qn?H#+DKz&A8~+?lQ^B{l5Kv zVF3ElQ)tUOrX`lufUU-)3xb-M1Lwo{oSq9$6$noQ>JxU)z2P(}+yZ_Ys^2iao;~l6 z()qsTeVb(8Y{tnHZv0}W&ARJyr+bR+?|6PDSnGcu68raQLPn&<=887A5Yg88EYuTP z+J~&QHWo+&5l4Wsy@>^Hb5K*UpAVbWQ+aX(^4CF6DEb*uxU_u4?913sSrWv-rHOMc zQX=(8W(+q(*&Lx!4?@HSO`C}|hhoSbEh&JWzpC*nkevK-a^>RcrlDS6q@QimvR@f$ zG{JS5&}q|1ql(E!*&Hcr6-FV11&KZY^mMZgdCYk|GRvGreH8rJHhJ${N1e}H66zkY zQeYkXYea6O)|_HEdgg;f`~ZvE^>w@Td=1D-JUxEdW*d4Dm#R6L8Gb&HBd@JQfg%RA zeEAh(<6@cD7t;dAK5y-kQ;DzpkN;DcG528fB@qIy}p{S2Mr7+IK zRIY2`Wbl8zSC0KEtZ4luu8=u{wLDppxve+26`*;Tv7bq-v#^pfKJMc73KHNAtIs)R z6W(AT^ZqyMI!a_;XqIQ?l1F5Znb;$1ey}#`tgl;1#ggVUXU8-(IyK8aOI7t_*U$6V z9^X^Ci^Q6LOrub-!ONhjjvx*H(#d%(Kws)JF(r-mk zd^0H=Rs54#Nh^8@f0|XIwy1qsOJJ-tIQ8d%)9UmDsk`SUaaq=$z+Hg56Yu)4 zPmdJv60_NGb`wh~7A|6yS-7$U$@>Kl>(p};klo$O_j|gYwYZulY{LY_BSdae-p@n< zuM)w;js?ae_Mfc*oN5G>4HMrcFb%RIJcRJAN`&*0kteH;nh6>^R`AXuJN&$&&pK_p zCXZBQ4oHu1)F8iLf}RvRyoVh)A8}IRYU6fH4#Y?_&=OG=S|}PrP&b+!2vCeI0MB;j7U5s+y{lCnv6$9Kje~l!fZNI> zR`*Ossl;x2R+Q7)H|1L>!g$w58kWh^;m(d=FaP_g|IPLH7X!p-)@#5-5q}3Ln63j< zMqnNv1Vy*earq%xLdx7-CA}}7p=^ob?1euD3qOBU;N~9#@K2){@-z65_Q8~|Ugyt3 zWbbK!-PFSX(cd--bq}ZIWCl#7pmiyVZGq{y+C0zXn-?tUu4i>*I%>Y%wq}k^kw9j8_*%Q3V-8oitj$q@Ikk(fJ@3N`BbF8hYc7wKCY_O+vndM! z*y!z+=U?VxvD9G6^Aa$|5i{=gRZ9~Z9RD+$VL81|xXB(rAbVsWez zAvw?VbKQaw6Dib_q*kB1uUX`k{c$JbBMX0xaKhJiZjOgu$3Sl{w*_Dm47%HrGC6|4 z6Yc8^B6J-A1;fsp-PbVe&iw=WE_HzQREB-B9gX-8aJY62rGYzZA-Q%cnp_Rf7F#pY zv}E<-p}C@&Y&Xu|ATgAdKA=j`Jf9#-=QaaF!DNyHvB`~vVz(}H_~6ojLP&xGQgU}c zv|p%*nNB5Y`!z!qBp%+-_(bV)PACL}KZZEOY&I60#>DGQ*V+2O1M#@vLWD{(IG&m1a@f4!m{I$)rx#oUi5TLQoHmN1!ncK8PrLjK35m=Ux!vGIgy=d(n z%-UE=GOY#8Zd3EIq70`$x&`zu(U)W|q+oS$k!AzUjQyfG9RsX^EUYe-1iUH-%ac;6 zLHN{?tU1?90s000^x`p1y3;LJRMn8;D$2jT?b+oelcR(@l8EGo-{huDOUEhiu92zz>c}+>Ta{3XOQbV{e+>-9IuxwTqV3Dx{%hQ)}L`Rqd{YD z`vt0rDS^4%cqkW30U9DVe!ialrK+Li5zEjhpR-z-P7ybCN)TfDa2?pp&}+;VGPPfj zILgn89mG-N7)?2qvcN)V%RB4<6U~3gwVU0KjpT62!{d7dh56UwF#&!$dhHXQjwXNxS3V6K0B%6}o&O0?hQdz2R;!wi1eeunxY`#E& zAKT8n3yH@mT!j-Co3i1`6WWke%96$fEG<$U&z+x{_3hH|=b@}`$~hAO1^wvh?fHH) z>NZa}QhBOkhgSqTFu15(bTt&JuH}+Z`^H{0)1x`nhNnjKu1)FG0RN9e; zn!yafuHxrC6PZX}erNdqV%x5CKIh3hj@9G;!dEq`=iDS#0x2{(o8=mks!w2Z@0AG9 z`}sZ-h4(7rv5>^v@VyLhX_Xb5UBZ!wj#HlF8L4OgotR!86+-e++iXg14!l&sHh4Q` z~>M>oW(FK1X& z!LdPeRI!&UCab~H5DDc&EF+n0tzbpUH4UvyY+<#4DqTXxQmg_=LCUwBJ8Gc9o`luJ z;U)=Qp@aTp2?&6sSD~kYsxi9$zu>mkea1GR2I($C?)4?}ni&e|SFeKaW5nCZ zt?-s*$fVuWPYQubQ#7}?Pase>ezz0-U$Ol^CfnCmF7$Q$j(~T4{7&HR&CK&PX8g_| zPH~)r6?U!=x#~-+6QYr&chH+=W!!yR?OasJpN`s zI9o&m1Ic=36E5fxz6acKCl#ZE)cUu@vkkcB`{D!xJY3_h)^aQoyk%tUn4vvAmfgto0vF%1~^8(uRmmW{~wLH3j{Z7TLaVjSwx?fcB5HpLbl3y&z0`g2Q z;^A3D&m?o_z168gGTr~dwLJw_;s%SNpV-a{C$??dnK)UoZQFKMGI27olZkEHw(U%; zTjzgjSM7V=zOTEh-}jSrCR7o6CUqTU9@l@6?LO$W18n7SoSh51KdPCqHe~gB} zff~S-)?nx~&x!Hm65Umd^j~qGYDI&Rza8wlv5!Xt(y3Q$G-E6Ds!8ytj@Wu|2w8W0 znce96k$^V(M(+IMP_GX3+v2Tw0TKICBN&j{xZnn9>_!$I`=Zy@iHnb?4(ZBqr@?jX z(zsdjNTZrs8o*`}brK1#5oocIJ+$wzvIT zbRMPJj|qAhmi4QPQm}SKox=IkP6`O2m~4F-nBoX>T8F z5M}jee>kem`FRdVqDT+rS>MKoQbd@+Z}uaNKM+rda34HyQDLK+15*++qm-d^nslO`mcJkqh`Z#fs6Pri zyw1(4G#iYI@jo$k>Dv%;E~YJs&*lHxzz(<@?ISAs5pcl7Rk~_lc>M&JSjoe#B{=~NiBJ5s$r*UsqrvO>B=M5}60si>5{`PU zG_a2HXdF5BSygfw{Q5AoZ}W=D&JB_XD-@Prtu`-4v%l;XkS=$9$cGUWj?EX+gGR1B zFiqg^{~^t9NTwe^_S@f%Nvh@A@u7NC3G`!ddW)?;cphn=4kR0i-FsTcfx^v6MA+7^ zKR7*>!x-V=CkI5qlTaBc)B%9QXG|w`WknSu0a*j!gn#aSaoV;ui+~Sj;DaFfFd1y; zKG4P9vGB3;(78)Svs6=5Cd8q~Cv}$J*ey#hcwgvkwLF5#EKtrnPAnpzanxqJJ+YpO zUE8+}1o;qLOXIZt{YK}AhR2Q@cNmpe zGw)$yDLl|LIdl^&>&eP~)2FS_OVCV-7?U!PbInWe&HJKO2!Z?k|9tj;PnT~_h5rmT zrj;Ob$^Xf03YADd5J6FFL1=7k&%K;F&P{~>o*l?GB5U&{qp%Po!OZ| z?%v$_zPr1;5en%3Uij(%a=AMZ@_bG7hv?_!&G*Yy5MgL=%n*dC8|FCcGo^LX~ zS041yzP_}8e~K4`!3Nk|2K`n|m*3&`hySn`1*Xg>*d?vO;NOQ*@w)mV?kb6?qX4qi zs^U@@}Cxkdtrtx@Z|LcH$ajQOzK+4;7LXf|0T=9n=764o=BR zzHfG97a<$>`?4$Jkq6R{VPi)r^Jxp@%U2Pe2dR#jJ}FGO3ed$A8x4C00lT2<-BH0i z2#HaN^A!AB(lkifNpPziP}rWTo+{dFMIkH&UZpHwND6Mu1X*k6=Zo5`N}we7raAQ2 z$~>hLdL9?H%+BzcA*!mp-C8kiDt1);@7<^!(ns{xxsMEZFZ8sm{}fxZF%@k-uAypY zq!0fOFva4O3|74AHWL4e%SCCBl88nMf_wq(Ps6bGinb~!hABAit_1|_#oVxz3?#-W z&Z$n@*}6mrs17fi?xIoFLOLa`E+uTlV3=mPGOmi-*^d|re>0i**wxqTi>a(^kCy0L*r$s zxzw&X6&A;+ZBzdxz@UlZK|LNTm$nqiClCwFx_LR>U;^h*TqtZzfl^$>wZrSjIYKPY zLT`~B3Z3J@L#9o*8r%D*QZfK?r`6JWFWXP3}lUH;m=>Ifa? zciH7q$R*|RadCPJ81~K3Dni^yCE_hhM-9m+e0tn8SC;4V`F6a@Y#8LjoS~bWqHr)w z)Ge`9oGyqR+2Ycn@ozL8>||t*SZ-zTA~QS>IgC(LG|lp4uquHri^aB%Alb|qADr_Y z;4{EQB6;IJ=aL=|UDR-9Hwf{aQ=x=ZkMG@XV@^c2YraY+7&{raJI#2v4ivdJwIi2aais^vH6QKC zu=LM;)>5QnNH1`aZe+`q8!ToB%%wj-$QJ3i3!o-b_vU6S1j-%lbZc~Mo*^ z^v=4`(K%IhGnxT*AhtIn{{H%d&(DHRO)V~(hCjNuL9@I!Vn#(BU|~PHoMU z-}Q9$(vpJ9Te6{<9Ez2!QavGYnQ*|6zik4>jc7Ut2XZ057#3?qU60lqdus1!Af#px z90HFso9pt#QcqlmV3#<;t!2`c)U8mWZ9uZi_z@^F|aIJ z=&b1Q-uAsgI|3u=lWu>alSEa3+&Xx29`e>5Yn4t~t9`J&S~`hass+fdHBQ$ZLbls< zP{bH|RI7eU(D(Ql8n0oUA;x=@qmbH6vn!N8?O>AEx?%L8jS#3wz>HSiw01EMn7Rk1 zKrh~+W_&)%lp8a(mD#hDnP=l3?nCNRL~W381GO=6M?!b)^HMx275Q47xrwL2{qlj7 zNCYUeXP{`cW4>heVCIXIi%bt#WyEs@@ZJbEaI?!yDELI%6?!&@bYN>CG%9%^Lh7C< z8bu)l1(~vYs7!v!TI*$yO9o49p;HViv0ynzUx>-F>EhsZrf}3(%CZ`i=go8`V#9R} z9QSc)LkTt6Z(|wKhyAJ)$)%q|5SNv45J(StlHv`h##R>Cs0=!NE^1`TZfLIGXfz8y zC|1oWuMr6TWCdA&@BXnSf8C@^@@Jcd0R76CMWoFOLrJzJI(?c@P$Kc3-t}0X`zdZo z4T5se3dv8Tv1wCe8NWvlS(tPYiDV?4cVs(hlINRkYBZCz?H5BO4?{8}Ju-$$tr1hH zM2UgPtDAc2c=zo%Wvsc>S9vP|Dk1iXcBo2(;!( z58@o9V^qNpT-EnrZA)|sl@^+Wv?8|<^_h2+S!AU5R2`b2^@CrRLdvhV18U&kq_&~BxolH%mjyl$16 z4pBZ>gwF>3PH7@{RaH#yHT)GA?+!BaGaaIstjO$*54QSKp-boFs4Pm~jYeC+jBEqq zl$E>k3tfIvj;!Ec#`uoEA-oVn(NpG`Js6qCy5&l`VYpnjb*cB!mp+xZ)0hV3WHFa) z4Z)5`jEwcX)^KXT{ND{Xz2wQ>07q1<8diA*PL9xPPQxf!mqnCeEBAzRH*tc9UZ<{R zyi*OHoZWt(XT-3Th)R-RkXrv@D<0_%`%O}cQ9XEwFljqRDAoW_Ce9Z5==Oo9jE}6n=ktH6XL9nxFKs%YBy?2kGe=M@ACQ=ygwRSLIw>%6@ z)2H*FoI@Ohv6o79tA1s{(_L97sy`hOzHG?Z9&nWvta?rPm!Tw-X-4@IHE!&kO!h{< zaodu{sY&Xed_F%oUi>{NTfd40 zrNWa%a$Y6!)}VlQ7#)i3Mc_}+H`u+B)JZ!C)`CNeUC}e$NK``aN>R zXR(P*X>@jA$VMhSNP{BfYB9DXD`Q>_-z>st^qaXmWHC`b40OYZ&-$O7hVgKvP2vBy z_&=E1KA~L6*+V`I)G|z^iRVb0!p}eOf33BJ{C~*WFF`R3G^R$q_P+`C7ct-eZFdt} zu2gUF@idrKuH?M)za97gRBt}Sa;eZ9g&chuSCp)>M^V0}(N`SJhmeI6_iK9eqhtnK zZV=*@pyV@8+^(5e-1*mX^5Kr3bFdUpIp{B@vsS%!I5Td4K1xvZXKzOuNp18}J{Q-n zb}6!!e=N~Cl7Tn?!8}JXHn7Ax%#@Mz>2AN23tF|zVwI|`>Io?ULc+9Q_Kq0uRsn^s zW0uzijxOVO7@?HKY6B6eni+XH~2~rrBP>yiVa-8mQd?r{Vx3&8ka~1U$$yA8@B(Y)KjThmuB9gHI(Q z)LQCecXz9MU=BqJL|oXvwp(~L(+DraN#gNnhTpA?tG9%`SBr76J*tli0ioIG27nO( zFMxHobIhWcjD%|RA-h1?e%){KJfthZ)T?7lDE5=~f->=O!3kuUqDsF?BnpO0sbG)J)ogs#}$!CNy|l* zg{tkr*r?w;WW*fdC`}=|TgYN#KHt#%ulv?>0D^cGcfUp679geOLoV&N*d%}1@pE3; zq-TAUsEQ_MRMinuYWGE7ts|ouNer!6MqFBCDV}!VEuOQ z8}Y-BK3hqR@;r0&n7d5nIxkaD5&@KbZW)oako2n&kcxn3 zTH}~2HcVOqMaU{s9dG?2{VY0{ov42@sOal|EsVwus43H>GN7=W$HLI*#k?BzYaU>Ewn1n4#LHtZk&_pM_7UonTkfD)WXE5yIRqoi zX>E%`uTlI-w464!pD97uKPpOxx6ary*3)+9jfd69t(+_mDTrU3qM!q$(rtHuHar4X0Ug@1fl4bLUVepuAWE?q61jtC_PH=HJ>Wt34eEP4#Q4?jqZ|Loy%LYAUdvJ3l?A&@!?nb_&{qpf;X; zU`2e!5(tz0e4SAiO2Lhel1A*(0-SXqt+VWkdjN~4_tbqaPo&htuCEKX`o2TU|1w2_ zv1crCC*$Wqy1VP61@oa%Hu|zjZ24mx3_OeI)VQW5c);g`_Z^}?Aqm_mV_{Gp=BNCWd@FS~uMI z!u*=@(I24t9mM)$sKZ@og<*ex%AmcCA~PJ!P@2>WZ%&1d^rBL(u=aBEk)3EJdM8|aV2b0aBjuUOqSrT z>T7PUG2#2HYknA@_A4bGMu@e|d(9xg&B9IV^N5U|(JaOqJHcXC;p+7fiNPa{UrcN@ zy?V5b+k%}Se&8z34wDbryg^JFk{a!jaw8FP!4-ymTf>3p;k8{234jlgdeIC;M^mmX zR#pf(qT}#GluHYwubPXyy!u;!F!@uogyZhqCm)7gU0eokDU2Bj|JZj{oC~%Jz|Pve zC#pJ?s_x$RukxA&(wXCv(e4kK&S;8WE#hk5HE`tV`yXfo!9Bp_3jkwHi`euX0guiFq!%`A5K4$31@+!rD;3YprzrBRpwuthpJAbWq= z5|)Y3hP1a~>Q1OMfrFThiq|3uXCu>f%8To5#at+fpIICd}mw5#@hXISyiY)Kq8$K!Zq{;ZGUv2fmd5B0&Za-J;`lAI&CT&f| zS(kVE`i}(ENzKff!T7K?JL)DtXLLG}G_}nQ$7A8YX@jW|sXT1SMWQF_JBwE+7wQLE zXOGPX;4_}+`y7-Dry}0Nu36$hA?u?WFtf`ANlj|a@-WhPnzklnHO|_o#Yc`A`uLS+ z+N%X+=?m?oH^ySC)#k-{xN|DzoH$~slLzed8H_v~=Ao$wHFDba=k>tdfQ=tOuHe%i zS`B+)p0Gx616(0`cfCGI z)rSBHgv82SFPBYE?A=K_UFjC`g2=g$YJL*r-5HlAstZIOYE@=U8dPbqrYk^}}LcEGmfZqz`+bGqJSC9Y&Cz{>F5?|G{T` zEKFM)f{QwV!!%Z|!`$q~E1QwUm%w&L$tz?Of3CkLDI3w;(b=Y~63^U1?|F2Y4yXI- zX1F3vFB|uco+h>$81XFj(q?4-j$Kw0QijXx|2p z(=-JXOq1_Q#mnt}KHgm{Xc=}6u(76=YquJMwa+Ns1I<2SxkxC6&6!*hF2d1{2Roc( z3Oj1lHo$4bJM11bXF4=`)O^x>r+SnGsS1Z6d_h$)E4@;?xe=7Fp^=^44kGYc9Knlf z_=2q~hp9>~2|q5?zZJMN8EPu&)}jg6~LYd-(v z1xm+;RgeBFexS&kEKokbJu?A?ZzH;i<$Ce#bEJE@>nNnNPYzNfJ==AcC#8v%At(5m zEG%e*(!O_B5($cr0h5wp_CvCM2=h0xOw5YCmFHeNctC8bmw{Eno zXej7`Jf=c-rp9DWLIey+(m$&c-x$v(ktB>U!F7}e!{7A<(3oyCBGTA0B z9K(~2?u%OIa8Rm*q1@PF!xXR^Db=&`ODwfr3*3-0`E`uT{m*X1y{tLV2*#~n^rpII zrVs(+SD!MjK4-T?8v^30#x0?lz7){$>irG7aOSliKQ@wRftJVjZI;_ct!1opmfsET z;EsR6$ktvT_m!V#_D#udDZoj{lYDP2l3aO0e<6pup7BDl7&gvcjjxE$YpnCmBw`oj zi|Il_Ka64o7hPGEiU-Sf2?qE{QOj<6>RtXkX*Rs<)pNQg%vS9k6VJ-!P z6Xi$>(OVthh!b0ib@BEQc_76v0NZLb@b1WYin-x@v}a&c-m{rT3d?p*6{87WQQ62Q zZ-MF^NlUS4Hr@^26b9A87&9W_*Cp4P9o31JzN0<~LIWsO(Gk9B5~i11hRvNQ7SwrW zX+ORqj4%8WxY4LBE-2F%kecOM^y07(F&m+Z@}Fkf^44KBe~ks)2>JK)d>Y>Y~s;928`c+(u8lJ2_tSbwAcCR^@ zn#pnZ*_KzjA2{dhiJMlo@VauWOgGO`4W;Rt^mofu8q|ii-xpTLPAjUTFBS2ugB1Ma zb!4|_aUwVtfGR-~J*H|RNtXwR{}8AC0-HsK&}hw{EVzIwc1K3CDT-#r7hLDEJvVum z3}25qUhK(qgZuhWa8Z#qJv--V8}q%0ko0KVmw?EtZaiq+L>r9)r?$%3&y#OTgULT1 zZeN~?`lIMF*5m9)8NB4tb=Bw;e$I{Zm}?&DpILKe z3-%PoE&f(LWXx}H>3O92E2B@R^M0?-YJ#>3e5lQ8g85&F6w{N^k{lagdhzWUY)M$4 z7=1EJ>D^&>6n2qwPyxxP{7Y2h|Ge+ZERfNB^PeQt|M9(vBT!{; z;1pzm0Og4K{UCi=yR}fLfmy?fvqCU=QW#_Z&Nn=`7K?>;ijAH%xAqTPgA!6!eoK#) z>#nxu*NR%+!!>0j`Anu)q95@ww(A&g%93Ut6a2t#{wkC)6QeY|K~@w{WT^La-MGiN z(X_Z{YDrV=4w6Cxb6ywl^v*yNiHq={*AS)bdr9}~N)Yk3^*ZtH8IDk~7)O855yYum zi4|{$hN~$c=_xN-9k*uWZcl6Za*=%|)>xLUwLUoiHZnL5-SZfvrCl6rd_Jw@3AiIMZ!%{$ zJ0dQ}$7siJ6KeV{FWCmV<1!58LM9NWcYaHLF*X~xdtYisu? zAZ>jNygpzLysR@m!V-i_iw+TnX5zA%@l{QY;V0SAlN^(p^05_i+WND6@Be)mF|@(D zG;b}IL~Zk1^o{_FLe95uzA^w*t{P38+g(H>)r2tNFT8ew>2c)&rbpoDCJ(L6vP33W zADfbXH$AI~+0_cNQMau$3%$yHH2Ww4@uK!)%Hje{7TcM4y|;GZ&ohu2k78c2zv;}O zl!q0lm)*Uo2$WNwbe*-i`zDr-MgTr-3Dp=Qe*Cl=m;+v&1w+*F?~`3ixm}e}IyA?~ z^rH@TdMk+^fDSx#D&6a<5xDdwY251#A<;6Dq~N{jMnRsv#7z<5Sa3WtaZsHPA)P!3 zC#YV;D}|;o_2_WgvkerR$RJbXD?@53kIrNP;ihYHPS3qxwow?Q`EQ_`dlq$Zj9;EgF@_}K~G1#l1Z*fHI4 z{V!Ebe+K-jlHb;$l?_nIUO5Wq3LSs^9i^*Ce*9~`DTKxGr^ZBQt%o+#$xg=u=RD5n z3Yy86(`dyF%K3!X48KT$8pp?fFZ)D3zlj{VT3=u5Kvt(P!Esg`XazH$;C<`_cID9w z_0M92+^Cq)WF?kaTz+}2H@&JM`L&RP^5W7oXA3vkZMkDHir+3_jCX^uhh-hpBB!_z z1eV9vwPcu`XF*0YBm@~9WVB{c`i!^54d_F9OP_HY@fb8xx z6mtU{OS>EL_~QaaFl;ww-oV*?2)Be-uEESigIrj%dfdGcUrZyEuh(Ool~hODkzMQH zN3@14IMm?V{?jSi;?-}cfm%bqVP2C5WP9`M(d>Q6G3&Q_-K5q&&Fse=jjihiz}48@ z=eU$`5u6*gfhQm2i{aBqtMZ1Ry4K=E-zpPI(TzASYs&peUFixD;4|7Td)p*zM8R-3 z(516gUa-izCQ@DVtD$86*0`iVw$3I)>wRz?=E>3cin*jfR#mz9iUpva8BP0`5LK)| zU+p0A4NY%HTXCp!D(*&E!B!iAu@rPCgRKs((_gBoe&)aM#zk8hiq){AqF0Ot<&#$XRA7&*g~hByOX#~;XLVGo8hX)JF;6Jh-ajE174EvP zSccw_72Knrb4C|1Zx9Z+B(q9D#>rk@tW3{Wd#3u~EWa_yRApG+C)HFgcWR1ov_>Vh z`o1f@2;cwE70?+m?0kmz^*zv?%XtxHEe4;P`t^ywWzVr6kZvb^Ej?v1R&n3BHx1+H z-!Oz|mE({1QS_9hP8jjwM=4g7LMgPy&xm@P8#qp^+L6>0=VW`ZK+#2MFR;2Hbvod< z?@?LN#Pmlyh14BQfk*Jg9*mw{X|lJ0Cd~ff87%#^CDIskZ6l$XDAT-+UVqEp&J`2; z_O$-0@Hg`@o?^lAWsN|+6-swg8nhur!k3OEhlVpp4Z}_fMy-2jzWTzYV;X*m)3@v4 zY1QqK7&Io|#lr}pSR7^;Bfcsl8{i86g;*1Ge=*@ZeH>~G5^i`t25OX*+K>2IfL87x%e9-6maJu=FEZVAp?}wC1qIV6I;IcNOQArch{)}oyc2e zCQ%f&(|+>DMW-D4HZ79_RqHBLCDVR;J$CzV=L!E484uXs{z$zDz%%x8p13D193Y|2 zvExAtcPn#`1b6vC%uGg08=kmwj2j8%^miuvVkg{(djcUa!0GEU={ zRJ7{MEOZMw1;Z={BKN3Vg0Y$@yHT#9N=_h%`ot2a5MZG9&2!GrIGNmZOTUpsJ|d)h zN%IicixkA}iXX(&x-PUM=2;@spYpcsz;jWO(8l$XMeu7c_~)OT;J%n_#xc^u{d4A1 zShM}iG!-0g@fxc!kxnm^u+9WR%`J(38*UIt;+Skss6fKfKF~bvsg(38Tu^) zE(ENlY1w8<(mR(F{n)^9u|?`}T0}GI4x9(k?_Lvpk)>HjZp#s#hdKX<_6jRz~IT$xCugdLi+^w8C(^w8D(F-6f!@mxw0tYL>( zP6Yy}l6Y_dlXGfjuW#eDr!l9&vG-@6`!59oC}Q`<-xAIzu4In(xec+5THzH2x`-D? zN_F4pMo=+d2e5||Zc&OBnT+~uTdmoSp1~15c@k~NDm?j?B(nV zkg(}W*r5?$YgakQJfBgjlK(B+59n+{KmNHfuc__P9dfR|G;>X=pX)QhW%GL#ORJ-ZDgil%TD8_w^4zO#H;z84HW z8;lCZKk+$Z*2{5u61>l&>qu`$TlS>pRl*6q2>neJmUz?rmpRCGl$!hjzVNr)rTM?Q z*%P|p1)*n2vEX(|HQ;Yan+bO%E(79nNIa8fmRgBCuRF?4NQX*wOVl->OmFPp(7M5_ zQMxLQltQGMY8fh79pQcwwUz*fz>nF*%*(>73VV5YW1$$`C;!5GsqtWPKRUK!N1wiYD4U+ z8~rB~8#|P&$9xfa$jwDk6>3u)OKUGLDeOZtv;53kz|!Fuh;dET$19YSB7f_v=FUkB zx9hx)P@&W(MFSd(v{T8N@A|t!#<*yJ%zgvuf$V%08F`t-9<5YvFAcz*?}n2euDXj5 z;EyGIF&M^+n0Qq+#fIT><3Y}jBiV?l6xbiK2F_(MW%;f7=k}U8LQ99RVb|Jz?&;kT z*fo-8jMNbsV2KQ!ZqYGah!MT3D0`~m4m{;U0kUWkbj|LB@#js|sON|n3>h#i!(|#G zTL30EMK1AZ+XH#Q!H^tw@SI+QZh+_HTiMyJg3Azq zbB9iVN)ObAS!R98W>tnIs&YO{%2C+%Dh9=W3mT8w81P(^7MJsUgDs>=wuLQ(M0dI5 zrs^s%9d%Rmxy&~=S6^0`LJO3`OS_kTxfUcTR@JRi4feQ7W^TS9_D+^aj^cN>}p2Dv#OlPKHY)D<7_ z-;e&^QttOIty*={#j!d6W)HZ4`Z?sG@pwYwd^P+=1bpWv&QB z;qjzw=a#(d2(uhAM{2WxtR{Zc8 z<4B7^hnkSemR5XxG5OACW-hdtvAL4dkMJK9ziMv2zZfo&0(TMNg4sY<+0m~gtPz`o zCMG>ZdDJR)m9Cil2kooufP1P_v-X27EK~+KKgIWFmfq`-=Vj>*Y2cF8i;;LG04wz)6hGx{6cI3y8I;WI{M4DtJn$_IJ*JmjtRtM)B1p!L0$=QAq1%1haCh?T~fEO+;NMR&11`Lx

o?KlI0Z4UnW zx;TURd4nC0_4)a4#vMVi`_=Jo?*e6oNZ+rO|0qE4^T9w;QG7X5Ps6s4Pu_~J1l%(- z<<>Lu4?xEm>Nj;=1PZ{*=*z6O(PTsKmC%*t7b2(t*gH13)8zv(DpMDl=hf__nDNWi ziH406Ri^wvD{^mElzoANLHjoDqbe@a?(`;f@}kD&katc*;_o?U%Aqh9W#ifOoOTYb z7ZSkWZTu2urG{%8faA~}tIJn`!oSl9WW51`b}lbE z+6~7I=`d|B5L3Ag6179s^e|6xG$gz372aXhH}+n-_QU&-=Ki=4rbP#Vy6%fAq|mLZ zho9&y6P&@rxGePeDPfunB(0+@ai|(5e;UNQ0Jvhf3mD}&g zQI^M9sIvB}&PEB}O=hMM0Wg~GnIP2sW#>)y->8myzG-g!E$%e4 zTm&uNkMG|y6;p%N+V{7gteTU=L=b&4-ptpq!={>P`Xp7Q=MJVhg1{_*;59%`=Lg}#mX}b@rjdoEJRri^CA*#tp|I$^J zm%2)D=paMR{{=RgN~Vlz)B*h_$0r6TV&7$^7MXk&*>UOYPzi{bL(}QZV#oPfjXOGF zh2sACD#(Srevc$t2p4?I$&S-;kXbByEPS86YN)yE$4Yj{KgAOrB3$Ck`}ci<{xNK>Ed@=3fGWBt{ON8 z*RH$QH(LYw$o^17n^}N8Katd&My;lfHIkPpxSssL0*L~}wQ&wHC#V1urcf=korU<)U* zec9^^h#J_c2;VG9d4U`g>o> zjUPKBDe5q6qzX&1*^skyXQDd2tFl!^h{}`A_}qI6nPkwzl(4!bnPPNmh=XxV8ilw} zU^e;a{A5ZB^O8SnmaqtR{af?0>sXChA1!UY^!;oz2INRF#oR4p`Z&G~vvAX$k~!3Y z+D|HYIasU!;UqCiXi>#45P+TZz-?djVA<&*B$tQt9cpiwN{rykQf7LR=rkkNbptnh zwi^;sZvNS$;+coaKwwM2(=MP10$p;7Hgzd;r+xl;yo32q@}F++3jcKhraxH+C@|X_ zefd;|<6fc!&cc&4<{~y$jzuZ`Zj|S%zfKbuGU6ZB7*I?NkXZnebDQ(#p9*tVLg(`% z9sIHwHmo9l+U8cKUPCz%IGLHO4+E9x4G-*v!!=tB`HgrH76vbi{(PW)r)MgETY3ET zHd{Tlx=w>3LHTnrg+RmZBNQ5|c~v?li`7P2JXs3W0o6qiK&5sOJ=2#aD}mj>VyhKR zyr#!e-KIr5F?nCjEscHUPxDYM5(^-}I=_%z7I-YxZV=!dP{PngRZn9KE$VdyE)G?^pju&tq`m1J!(ZYMdB!8CVHh{;w5s6>&LEN9@fY~-$ zT7{VXRH|jm_|rFUmdo&NmO=#O6^=u9Lp=9=@sMU2o^{}%Z_rnt#AMMNRIPuXJ=sRt z`Ad*P`#s9gLy4j{LZ!XID&nkr55`)^bsgd#-G~2J1;>amh^OV`V#8yEXPjqgtFb*x zu~e0f=^rE87PdEL4R#Aq3_0odQR z;XvIGYqoOpBuhX0LGGjpJ`TQfUsG-&Yii!<+<5Fj!?gNcU;_2R@dCl$SKUn>ojD!G zpa`)2Cj?eMxvTjx`f05?*yQlFca;kLpj3n*m&mxLP^cB6CtPt;m*9Lu8nO}Qqu_T+b2v;bUY-Zv@sf@1}v&Db8!w@m`e`n1w5= z5iQ~&)uei3+=+})-8$%sET}V`NIz-A);kpOiys`@vfL1GqfU&@Wo$)w7``F!hAZsc zVsYHGMd=##*lRXJwCp#ci>t^G^8V612bL^KGzB~0V>T zL1QGrYm;Q#nYzlOPIt|@vEw(3nzHD>BIt0>P0N8-9;kLhCm@q!(6Ufo+dJ1 zEazw}7G1fktAP8m={rY%m#KnZOXr@bx1n5!1x2)&=y7b>@2Z&1DyWJAL;8AVyIT>+ zlKe>p+(^`#)I&uLF19j^C^zD%BIr+6ilxdZB#$<;>1?l%{jWOsN=0t|x`DVKP|(pw zqm!1siF-J^;3z_xho^Bmr}}1J-86G({u?(`+H(%Aqt!5EPQi*Iwa(HQ_aRh~8kan; z%BVsjtaeIN;LB!T#re~GDcWxshnpN%Xdcj@%jL?I?j)_h&p07L zDLHW?Wrp#W`r@q2sUb%c5?BHcfWTo?=cs3|4vExT}GZ z@>Wa_NL+(QY9pvvyHN4U0ro*CNA7{zJfXBB@<6qcKu%CK8y|V86+x~ggC+Tc4pmO%f z)}M;KrKT#qbNHB!#$hz7GOzZ~TYbhNLl8R``pP z%}HnwM_i8)kKM$TS7Sk%UyFbhv1YA0%-C4R1}ammKrNuAChLNda9V(M=t^D0?jbJ< zs5d38AJy<`^8h`DgrYs5aWCQdQO%B@F_Fz7_}c^`Su1ZOKN9fb)<)V$t%-S{Oqz(4 zWSQOTBB`MwJb2^_(e$h6higdkB&2(`rL-Ay7j`bCWOuV6CVVvme0z2h9r<69Fy=<( zak|-$TpNkSEU>85hB>>Vz&U#ghr@mI*)nyd)fe81i9? z)`erxHmE^SMURmE;=Qs-QoA;%gjn|Np zJPPK-h!)t07TA2!4p;;*YDWG|ZeOqnB=eV8#1rh8cpsa1A9od7G)q*A!&NefxGj4$ zL`f;{oyVkw*O{s{e7s^yBB91^VAHMHh zFXa8UuUVX9rn~|&ljypSp~7atWZCsZ?Mxa0UyttZagyQg_eUud zhUPP=ql7b!FLmKXhPl&AX~0Lwaa(@x_shsHMLQifg;HW@55uRg9J`cMfF5!?`7O;& zjz%-sv+Onxtio29-?+z#ZiYfvV$-bV;|J(mT^89zS`D*X(%MY&p#K-WA-9qjJ1r)J zyv^-_MwOwONG_2kC*E+-_%7i448H-s@8n_!4?SU#ej%$mh2`cn#2$SkqK5WkADoXi zSaaiKqlcQ>z@Wj+>fh|Pe3KJ_5WR|EA5$4sj}y((RwYkWTMcm9#4mh9nrukhJcUJ53A3O}#&=MUVtCvA6s5qwcU-%C1=)jP<$ z`+_ACdhmaP!Q32}_rcXhp%GVWy{Sp;ZW4C}IIbmUJMES(1&dGOQAp9vXhSG}r;fAM zRT4e-P$}!d6!+@atRxMZO4l`;0z0w35C)KqaXbo*OJJC*OoqsrP%9zQYRX2@eU!!q`{HkOk4e|&<`;VDQpo~&2!gE!fKqy z3|!-N4#wWgu#s0C>XqhkM+-6y$}ySuleHeIIIBN?O@FvsYZ_Q@AXyIVzp-&3XW@Ik z{dDHjoKC=NELK#+=FjqbwFQ@gZI8#OtS|3=(U898+UFb`CJVLr1|w||IEIJV z)NNc{k*|%m&{4ezx;9=)RSI|fg?E+ad(Lx-4#TqbYGshRK|)Ye!v2X0NtD$kQ4Nb| zt#+uYjkEWD|BmhS{{aL*`@hp`S;<=t8gEm`#%8BU*j(2w)==9nw2G4eww^O=?iti< zf|@i=5xD&R#f0z~o4J3%qYg50SaUA8rx5oGQTQWHpAspKUoVAgv3Fn$Z&-U(nMGqLgD7@T9>!F zQM(v!qk#h82u$15^!pd&WYP3?nh-4|DWq7Q&d85~oC)7A+pcM^7C>CQIgG+}%QHjS zF8zh``9etjg+u3ofw~usPI@c3>$^<_sRep^a$k~ZL)KhrdJ}CNeC3FdUrvQ#me9G3 z<)nsY0uXTMzi|2ei#YD1`ePFVphglYD>ilY#>@h81#DFZv^j>Oe$6HxtydHicgq}r z!a<Y;U3ZQ9$=eBehP@mSi(71TP{vk||zB;zLU(~Tk||WI z<*fyxaC@N#Ai^##nQrPET0Ue*o3lgUG<=rH;MUkek)2bt8>ggg_is36eA;P94j;}8 zHMx-a@T1$JaPVs5iowdA3Uo<)U=S)HYk(1y`?IugMQ`_)F-yOcPLli$4rmIWn?8$G z*~Tlu<%w6K<1>6X=Kge-p+G1Kj@_H)%_bo&lxVF5HeqULQ-4mrXo)CROck_LDAtQrk~B=-m!&E)*C*v>7H8-vOrPth>^l2^@?q}lAghZgw5FJG`qQjpp#6lORD*t zn+c>q4~KRV$XXCT8=l?M6srJfYK>Z5wHYd*wU%qDc?MP=z90}El89Gpv?rUx zR!s%(-bzylhtwczI<|Vwqwevjdyq%nqkTQ<9^}`nd-w*~WA%=vvvv@o7DnLs2NLDl zF0=3Xg1lppYKTPo)%%hPBZxr4bXtz ziDkuZx$F)92rnD2RNIhfrLA9P#g{7wE~6#QjNFVZ*^}_ywM5fY*N#QH`Y+%*xkuBw z-|_qAk{EH7Mq|cg-t4>^594cJsX=|+ZzWS#@_7bfwXeNGvbL`_eR+dXc6f7c4H_<3 z5Q7^N2PYSxwbi zJ`JrlvWJ`oFa09NwO>mXp5>ZrS0aG6YB1|oOGiA@i9q?n$2B#HXQ4?Ar2jh(1*(#f zn((!&Qf(G@>S}{qV^2d35+Q!}G-JfWs<%$W_SHg9pGA*V5g^STbES;nX63phDNsVA zU!JoHP{|rghgGt1(nMMTi0G6P3PL2}Pj}gf&H@pM5F`1l+gEaI0~uLnA`v9nE=Lh7 zJCP1^pgcuF8H(*|9D?CBP^M!0N-tY60w~!jaWPQFV*A>IL8q0u*uGNBUW}UjR*8(B zG8m&k4wTFoRTg9W+H0|g%Vum}$z?P~Elj)QMsHb-Q7{uqaP)U>=m(illH-1cxl^KJ z6xetfb2dyP-kNM8mXC$o$p`?k?rdcWp4Bi zjx9Noth}`flMIv~Nd!7jsHC$bNh0X9!X>^$NwOA_T*xF5;@Em(+t)*B6o=WSt*P-v zL6wS^$#&OPX6)Ac9W{^>R_7{!(&Wgx&NBCHL(R-*QsRJkQW7FY%sT0`4>Rs5>_+d;iS@X8A4pF0+|pt%zklH?lJsWp zw)1p5!44~kwB)w@L!@{CLDp!;{r8XgB2J;>Vb)2;jT5^xTMNjB*AtHMF(wNa_zDT zGPz#Yg6qu_h~MY)+9+pFa(2s#CyFnpw8~aovrN|&dqPV-g$W8!3uo&*#c7prR^lH1 z_P#o|K5bPiY&OYdO1^t_bsgPQ>xRSvGZ_EZD9p{qnx*GrVJomkAo^5VCUWdAj)a;U zDN5CIaL70h1krLvUc`E06O2`}xsx-a2EL$cR=l99JEP}5w-o|Gre<3X+t}eGz}Duz zvI*H2t__A4>wII3iWTe@lTsrKM}>#=&Te!+QBN~Z1zCu3_O*|uk<3rFXk3sPi8hGZ zW~xGOR3mxE`lh+dr~pQ&@+rFE>7YJ4Rxxd;yG!{Qnv#^*WC9=q6|0!8IJ;$pR&%Z^ z3bjmdU%_TOr1)WMsz&oTR7EjRoA#bA($0!CYnk)KW>_xqae-s&fCMNJmpBt;{vtu2 z{fO9gfqJSXvo~y`0^6@OI73d{z~^1YoUE4Auq}X+QO%aJGXFeLnJn#Ig1zRiB&1%7au36JJFw&K! zeVqqNMmtT~^Y{s&gexxxtf)EK2TwK2tnI(`TR*nkyc^d-i*HsTd64OOoAa4H?B zqpjHOnGcS`F15VafKVlJ>tw~5Max*2i|1@zN)74-plqv%ItY~<3k|+-y$Xj;f@9`m zv5P}@x&>#I`VH)83Ze}h_ylZ>=bdjASv7hORc{%`LnG+FxXC6D5Vzgz$$*2LBur!IO;UBUS1lLvd>2_d_Ioe}aVX zvB}>Z!qOm zIP3{Pv z4Dp~;(~)VWd!(3-OSc@8TAG?xIx3}fj}*I|m!bJfA+ooIlmdjpi?|nyeCt^csNZ7V76(YC5sD8Wt*;Q$g)o7Z*QSGj6 z;KPM=9Udn5l370K!A}s$?K3vyanKiz;eTB_4jm!ON-m8S0t;`WC=s&;;5u&V=7>5G zEr@R;?lIM))!>pMte{)DAhak~G>CHC=`cP3G#W?XA_eZH4XGRcBSZKVGKAo)wj@tW zWm5xMtR7g4oK?jJ?2Oo!{az4E3dEf;Vqo)<<8V%xe&K#Gqi#g8#B+~Q^!Xy3>#nfP zRZ_QwiYfjJ1A7IMjAm>>FtA~Z$M4`#==#m_Woxv27_XBLh-Pi!E=Pp zWvxL40#&uV9V$yT#=}xjr7tTvXV*NfNk(g`t+##1pZWU^^55pEEibTtD6UY7r43cM z=Om|^P0a`I+em0;c3l}lZ-%t@;uOG zXKKMy4#j|Er4>195#%FV5`|G~YiPJb65xIg;&{ZpZ~2gYYEQ86@K`*Gv!CltnRt8* z9%3u^TW2MWgPtYA9(_3x`wB=s_WRSJa-f0St>|9pl0BmD+~URV3Qydt|Cwe$$o{2TV6@A zW4s!0Dwd2Wz7%}HGb(hk0ZXY7;c~l2-5`b3 zJcFbwDmGBg4hs6Yv21d_8_xOUc@0<50$NcdrKsJ;z~h) z)dJfbQ*Z*^M%o_83fTcvMPV8>eh_7a`g1&>wG0+Ysq^1_92 zVn(U6bQE&A?2~h&7L7J;xnVWr3lmD)I9Ehs_fl*TLuq@v343-NZrLUTcI-%H6)o8; z=L#6+W?HdA(tHZ_UT5zOL%}z`dH~IwZIaTa@ z-D_jm5-*T2n0G9zvx>9IsQI~SQUEw;( z0t^KE>)C5wunBp=Dvf^`QuPhnn16(oC2WDKe!cvHmcE4Z@$qzO7H*2uo9aSMzc@Z7 zFW#IRyjML5>cey>OD&;$1?68IOLK7yFV0BDDo`T~hFESIJ6^O}_Ll2T8#1w6i!U$e zKq7r>1~1$@;Uu7lSMunSW{^G$k{amWn#Z+GK+w|0^WSUc`ySck$02vJ!B%>7Xp7-p zx18NQxs%lm7t5&;Ij6SN#Su4s z{58-2e6RfTaW+^!fP+L|ct(T+0AQwQNnqY>Ln@d?R8aF&7XZjCB zbU%DtE6XaTM^KR~cwvBqd_F|Nm2|>Udy)bCaYo2RS}wz!d9$d6bi+1}WM}947b83N zEFjHE%+C0ir#T7WGirpzM8WKm>Xj1{oj7K*FS_iCG1+V+4NE{eGn#`0Ok36)X0-qb z`ccFjGYj%4Vm{LPM-g-Ii;p7aqlmdX#YeK!T#q8=uZHHNh?v$qxrdOsBa-b%n{lbi zy2S2N%;Z9`tghJA4KKfE6<yr7yPEgFd1NWq*NH2vaK^iT2?_=%|Y4aJSa?JKGB97U(y|K})5fNWlHkuz~sVMAz!M^QJbz zPAjTNS+R`ekZKOK#=N(-PYly^X?qP)lF9X)3rsMZIdpS0^R|iL!m6i&WlSkr^=++| zgb7twY}*p_t*du&BjlYeEa0Hah4qW}@mUvA>^-kN-phe~C?JaSjm-K^U~948G*6Q? zy|Lb2>%dh!XBn+5NFoI(q%7w&yXjkVC2hezO>)UF%yP~}PUwlEyFWK2N4w!z_(LI=i*@(0pOSy7o-mxD zy_L&1?3N{MtbO!T%sprGx|>8yffe@rbVsZ1RheQe(mpG;=8;sJ)`DH&lLxLBA>Wpm zl!bvdP~=i+XnqU%I)c1={o<>yzWNWFF=H4U{F2)+${w&-aqSkOR$cJ6d2fR4HK-!f zXSo6Pj_y+NIoHV6Vf9^4Jl8uhUGTWelXL~qfj4dO!#iH|6=Jxf9L23bDu#aIw9+&3YDu0w?T#G`viYBWa7p;5 znSf3JhTRd`>W{`s^!Z+~zpqZM_w*3p&42z%=K<{zy}b#cQ?d%+>2 z-H6f{>do>A5xy6*dV-A#T%>ld&e(lGhuPOqAB3^BBL?e6q}Pl{t{3rH){5A>PQ>Vb z20N~L0RUiU&sNcX)H-VTzJ<@036Lt|e zEEkgywdx6H-zt^(*R#gdbx6u3iKks&@ii|{H>X6?;yQO7U5%dqW%`H-t#(Ts~_vYq5Qe7=>VgFg^1ybI&rrS^44feP<4XU1Y7xT9YeHwK?TiOyjYzRhL>H_6)Gk?qk!$ zX<0InqqiAJNDGV&v%w-0Q!767fNbgobUu)tbRLW#*jGwG2{G6WH7LGsn&9{P7f7gH z9Fm|8pT4Aem7LNI!ArKTuPtt8MK0>92{iSvBS1-0{R>B7#BgMfLi%tba{N46#V|?5 z#YtAOq)R~5@Y|qvZ&VP&3k&%`0Dz|Ej69n?dwTHlk1B!ybxeS5LKhHN5hs?ovvKf< zDn|2fMG*}YYx`soLE%L#L|`=Zs%8_sbysoCl9X~nP8PIK%t#5f@YL*d*3v@Yk>P0$ z1rDite$d&rMdko$o1^Vf_Bf7B?bgNNF%PGDbVN?@$zw$-DfQ{W+iR!&>U|k)IM$jv z6rVEuq8wU-=$yCKC$a{AVJmvejOq&ZgI)uHg)7Mw&I-&6K_wz6Z3I>W-vUFC|8esD z*}H$dJ-c`nD}#aMubG>9t$griFoRanqX9FCA8W^^y78M`0b1wg1781H*R&W|1NJ^E zYQ=94J^#a{Jv>+Jed3{tf5b|S$-Vi$kCD4iH4jjg}^3{8m)w=g=4W6rrrKGi7-!#oDael4ll?{rz zwv_#vv9#;ivu-zRqkOYK+cFc%4fUJjJ@UBh66_cFKW$f_CU(=6aFxwhdx5$RV1i-Q*;KT4WQQ6kDiZS!tAJ zcC>26lNhu?4FuL9lIh!;|I^?fB^6u38N<`F=Lt(F$J!-7X<5obE;m=D(aK&(p>zcl zU~hp5;SmJ@F@zQ&?kzy|3^A~MuH+r~4e*;$X{VIAB6KaSWQ3(6-Kh7Gd!V26)j&V? zc6@jEhVK((bXYE$(Zfh*?d+Xvx}Yv}%v zIraC}zI{yN_EDMLsmrGSj z1c(W3*SFfKr<{Y{hU@z_QcrH7KECNi!s6do1%kvT>4}93QbwQH5`BD^x5RaRhz95n z)B1dT)AONL(4*U(dp;WldmoL?6EG~{k?|SI&Gvl5HfcKgMe7wOyJ#yxHVj)ep*>MO z9mGz^6GjafrFw`;vYM)Em5ClY*zmY9&k5Ltls9$hw$ytTxv(Kpe!QUB$%yWM!!}dY z`|$Z@S21Lwr4ipXHGb0_Quk;t z%x0ndNUZ&1M$U++3uxPkrOH7dM>B>w8F5PJvyEE|*mqI}m`(x-9467NGi2tHa){nv z-LSi)({p@*4{wF7mfg9`i|LVi>N~O8$cFqCD(_RV6_>q zS~?26EaaRPE&{!uYF_U=>qld0rbyZAj{!PJ};Qnbq!|!!Yb*y+crSA9*n?M zq+m*6x%mq&UgGo6C7H1IbX^u~f+3k-O@EPsk*uhdj>W}0G-?_cJwqM_D-1LVbS1iG z?X%Sj(OOfeB40lF^2xL3Mm9#PK2>beu`}k|&t~L9FGMqwXXFF?|4aM-ugC}Tfsjjb zNy7h||B(-5Y8Kf}Ew-A^CT${~8Ku`8g*hY2;y7>s{3HZ9XEI_iHdFrcf4X-eJXaGb zEQDt#Fojcc2R6Soy+OO;88mk_gFX3b`mEoPEJYj4EtiIdyP2LmJDs(rZl?I#`+!2l+RxR4wMU9XMM2({)un42b)}mC+JSR{I#93wunr8b!R*Y&zemrW^ ziyx1`*Wg8M8y(m5LGSL6g_k=PC9BLPg5V)?Y^$>;Rc@`%);d5da-*@6CAdkdofV0@ zi4bvDR6*}_bT&y5(3crGL&R6$BQo=dO39IZ?%gv-6Z&cX9ms<2IkJ`&vtTSCx-{Gb zyq`wX^5_?7^XZSQ;Kjtn$~Y7L+=lc}NZ<<3g+KIOjUcEp4tNf z4-PrsV4Oc}(?@S;X~|8{NbGfliAI@u2h;v?60AaOr1trLOXBejFOM_4=awlaGHLvO zR32;4v=cl3?WCFQDfp}%k?2zUnT>}A`5W((%D@JnsN#CMnR6r4= zfSFE=+yJf0Z1!V6(Nkt)opSWm$ya1bo}L;k7kG?d6GPF&u;^%c12a&g6qp@RknIED zw}gjQZ##-{slY}1nPkw064s*GlXGz?^R@%dr5lkYjU<0!8X0u0WH~u;e>6QiPdmEd z;dMVeS;(B7Eg&R*b14g+rN!DDz1?{);L$62NA4IdJD^_g{4c>98V=%#`G?0X;8UK} zS*g{roFS21!8T*HA|QLu$&~z63Ryizsn>i;HLR?67*V4M7gL5 z6Q5&P6W}?bjO)LNUz=d!lI4Wv7R&L$sBx@`({AaIMp&aksK}&+p#5fu_Q`Myk%064 zAb%A5;&=affwAm`;Jq-@5dWSK+#%67iBXi-&GXJIWRp)}o6wp$gE^qW+B;1nvJz?y z+g9r0$~((>&V=R}Eke1}$hui;)oARAwM(_2&35w!+r4sf9gLmW12rBXmTfW%X!_); z?*HeD4$DZy%Wmh?Iw^^!`luJ-OR$`Ob=p|+$yZOleDdtX%=ybxGyA|6|K;@ADd|mq z--2jo##GB1e=b~>sjPAv_iHz?7p$2XR;4z4eeL)ymb+AAVmo0tV^> z48^w&)&`I*s}&ekmujel1JqKw{rX=f_!rBe>=ZF7AFwP z`yV#eMDqRbE!Tf=6hk@w50c-1aBlx_UjIN&{{!Xo-*+zm;Pxft@b8(wA2s^ynY$m8 z@b=8xk5(1gCubiws2_Fr$=4sw$v;d?i{#<==HTxud%^V6&@0o1v&fSioE3N#+QnX+n%;+CQx!y&so7h4Fd6CO|uo6 z4Q)gTdtXWwH@dpD8C$i_mYIKI@#Z)5PBEPB+)UT}%=%QZlw_%ex;96z_xJ7P#^;@F zd%+8a8M$zRT~)Y*B2%!^8(EV(if#m;DKm1-%je{kYo26tubR)qVcL53X?BF zLF7S@BKmzS<7mX>T#`E@A+uY<`=E`ESHyzdHEcQxF_UYfxACAF2pp1F$GD{A5is+Q zst$JSUvX#}+-M0OQ3s5HBDPpZh#vm;*xx!6p?dHd(05EruY0|7(-(<5>sD;QBm1t}Q4Wlm!^ zgl2=W_@}+LA(9w)L6U+m$UYUrj@=tBQNOCKyLln2j9C{BJ`!CW#k95sbweY@M(Bk(1w6!d)4Bgz2TwPEGMHNOd=J2GyfbQy*E>iz6v$d!k#`3)D*WasuNHcvy%_)N1_ zxb)SE8bV6eb)k6~@nRE)@&>^m>fX26q8Zc}A><`P$9w+V<^K+1AfRg}unXvvkz49Y zuyIBXNInel1PzkHzeaBh1_eQEM~SdPPIS_U1=hSr&MYkg*k+Go;Z~`I zb`7N&H$V4=n;sHGxJ@DlD{)A}2e?__{zu#x_dUcJD_4uO>^bx3>#MfK^aU$d$rQv%BxyUXY96E+v^P3YHC81>^!3 z!h`Hk-E1_Hn%(>XlsBuUJ;4ol^6u5y%ZpdDb^e=`yqjt{treSc9pj7%gM)@tynd~Pk%0pJH+T17@`&HpJiqj0%?;2k|$z0~FrX#(18X94SEUI#{UPW^W z@kkZyc$`ZG=uGo97oQC^NNFE{BFo%e-0t&&P4xHp;~fMC`$ga?TSs$}~4LSOk{h@;!Lp$VZU= zK1;nniEkdToM|%N{&Gk|mrDtWoVL>HpeTma%Gn(t+ksYe%`~f;>N%Md!uGrPwq)W; z)9fbd6?v2oe)aOf0S;e>Hke{+bJLnYF+4z@@-%*8zbytAUeGellH{J=k_G&2EL(-a ztfefW&SLKpV0Lyayej4FS{gpiNgKS>CRuB9XU?@JIB|C%(^%WjmQ$C4WVXHvF!i8% zhxgFM^7G6kGwl+geTl%QPoF-;@?F3G{qG4he$QFP*V_+90V9Ned-iNb{`c9%8wh_a zwIXw=SN5ysffnFMktTEfud8q0Hib~yZ-Un7m$MZj93SSt|L%7)@{(7OoX2g+0vD0# zf`f(BghEj$5R>A%?Fw@RH584)gaE!=X`4K5u(#lu#vDN;opPYE0&!7))OKI8VjxU- zLJEGv$U=Qx$+~Rn;$k>#6s9djhl6NvQ8E1yB=`-ZdyThPlso3dkm zQ(8fJis{;J6NF)!F*BvG5@HnQnpQVPN3;}q2Kgn**Al}b|F`H}TGLIKw>3D{>P8AolR9F|@2(i$4K|+y-CToP+mHI3?MA#8p+`QLj1?vH}+%d4@ zwdKm+?#Y$$>fp_`{Zzq1W*joy1hDtYlJR-~#*Eh(_I$pGmIV#gwN2#gfe!^LN9!Od zFahEijyxRZjMqK$WxV#}&UmHrXuQ%mHC{s=KD=6I%(?k+`j(`Iz3>d+=*Tw*dwSNq#cmmj_{sR)_A(C&WmrCgFubW2M z-w`$()4g=k7}YfUvod$wyQw2-r@fk(x@PVLm-ImHR?Pav1Ifv74?fWE7(_iM1YxD8 zm3fiF7@6W}mITGg$qS!w=K_e%g=W=)X6!VyFtBpP)~t$@ICa60F6V7UMQ+Ql zWvl{1!rp6EnZ0;%bx!h%-?B=PlfT50)NR?dUeAA$c>=za9;ghDJJKwIBi9TYXNglB zQc=ByWoGaV(lLP)Ze(3qpO@=)0qyEC9cw#{7geNUOQV8RLD@+x?Q(FK?tY=sjmxD! z8aX;A6o1T)-tyeZHrS2B*AFbIvera!l`ADP9xcRRu3+0x#RBQ5)mYHGAyZQWC3Izr zI^UDlTF9JT*7Jg^)zxUDf7i%D_=OWAD7V$NKj#2FES`~EZvGg z=mts^z9ZUbCyELRl1t$LKwEG3ou)ECe6$s_2Ox%akIt4~y|ZQiDC(xWEDegBw8|Gm z=kFMiV_5r#Epk*s+>6iVG~V(!y9 z)KtbChKR#!*E{wpypd`Oa!_Ru!F7|8an%x=8P1{vi60aybH zOvjv$n-mf(2#e0azyn#z0ka-nAnZW@6YRY(@qICc%Z38UvZNV{*4=6@&sY=8%jpY6 zpsTkNPg9=muMO%dDX%H~`P!^oPc5ykiz{M;InA(`39HtM$i<`;mv?mgY(RH+*Qh?p z7GYv#?%LOG(K~M{H^|a7EKNv-Z?47x3&$E)_5r4wW}qe@UM-S$F;Nl0Yd>`auYKHz z1M){GVdCT2JDxD=}daLi;wXGZu%i;{L3u%xjLC^(3a8 z)vDz_JU*Vyjxq3~Q5b5ynErtn*tUiT;MN%>~V7>Z)Qw7n=u^x%|ovC9^kIds7;B8JJIlBKE%6T2fdD30#@*E)%!p zmR4$b#$>#hmGfJ!WD>dot&6F^$Kp<0TfUrT zH>f4~<(z@s6y(_+9a%s4n$aO!Aey2f5JKk6thWP%V``ay(S@3DR-5)xvLY8CCOr7| zk>nx({1^7d$T(4F)DV|U=Z(o6aVz1^4bw%cXbF0zEhn>p&RIo5xjfRAVgPwwxwGmV zfd+-l7g72HvuL5>25(xH1<#=LJ!q=1%^q#8p{DP9=pA1xgXB`!XQEK;iSYxxb5;AH zIErmX-`3xUWP&Tdl8q?{GD@9#scKL*>tES7E=i|=JXDQ_DDcTHkH5clZ)_vAL-sWpTN$4ONu6H`~ z4WTZ8%aeWQA-?uj8q4ppO=e5B@T4;FI1EG;$N-u8M%<0APv&fakt+Si#lQl^+UCLJ ztY8{aSD3HYk6|-wd26upM?t<*=wa>m%PgJ~dfG}0RkkHGV>u?q1dRc!TBr$`pSsw< ze!$Q!vswpD8o+#1F|)u>z^0OGq696~N@}oK(2{0cN4ghQG`lgcg0l{WHzC=njcX3K zt)1JWSCy=n{em0yZ)XKnZgo51TJ>0wd?V;^&MpSjDK4$s2gX4tx%4%c(b4pxpnOeE z6l3I-LuvfwDlR9Z8M0~ziAmofN?;MNfEo`u+im52vjUxiJoRYR`Ex%yR1kpWnhG$H z%OIfR?DAZNYP@Z!h+l|KzK~)W7TRh~sNn+wdVAjTyru&3j<)9XTDjYks`qw zZnjp%`nB%P5jsmY6~g^(<6e8eHYAXiox@m~&8XFl2ZPXbhhyZLoXL%m9m;oEgoxn!Q<{y{eznBm{ zV>9=!C`bp!u>mcY7+mjjJpkch3W1?H3e&8UgZtAT&BV={f13U=XmjwVpA5&T%mWF% zLF^l0K)3JD_S2=zuS%B9Y#W}RP$MQx=xU&})}@4KE1u&~fiYL?pDt{|_II^ZFr%7@ z!AND71}mgS(AZ5D*5m}tgsv~EmJ;X=(84IpGeOvUuAl@8t}Sd0#VB(xpqNh@Oc?B! zPOKOJ^Zi0d{e?$;7d?pW@(I0_+_kPUBtU?reqaggF3&e)&6TD%Y(}n(z!AnQ;7$qx z#rauIYN2^N?8v<7zYoh03MuCcqUy{r#j;{kCk_oEe-}Zu)q+ZC!`IE1Run_J%6xG0 z*zZ}`Be@;K4Re>q=BUr|iqSXf5yK?P zYbvloSjDhGa-G3WQ8KUO4HG^m!El4?m=H)@H~{X93tfen4N0;U6-(CSaIa|&IP#6x z0EWyMZa3({NZ4G%w#Ny{GBi@d;$;47NGw@S@*1S^ zhL{dH1Cvd%M!FldqSsBvf7XQ8!di66n!{d81CR;LE9MFsVE=Gf=vp9Rx0ig_B5i2) zl4;dMWguc!x#_bMUr0hIp}R)9*isTz z-DPOhRkA;5tK^S=*OGc0u;D|368ciPi*ZAOo|7+H0*)1iy+)6jI44fUpV()|j#!#9U(MkSB60g9P?s6p!LRYdVScSdWQTtCrgI4(xXtjbquZcJR zcvVGown^W;oP0(VmXUM;31Iee;fU^=X&%F7Tt3U{Ol)u|Uj`_H=AI;&OEW2>@CZ6D zFqhD0hrzsQaYr`_PIdAo0WtM+we`500ls64fnN6EH7;-g!bKtIDedX4lXrG`4lg?$ zXbJytoGsZC>aIC6sNa+Yf^7@GF**(nuQtAZ1I;O{cgc4gubBB#GDw)|40_>Fv9Xb8 zdc~`JTGC2y&>k`IqfZ7L<_0FdG&=BMs9#Qawe}m9&bfuGFVQ>TVfT{f+3fN|%`zns z(Os=shW#a+b>TCeWqM!&l&Ij5629SsgL&fNU=t%44vP{F1%#xaw|*JH&{Nfp_DP)q zY4rh@VWyXt>p<5wUz-r#Z;cEuN`w?so00Av6;{S{VX~+{Q;{acpjp?7DKO^nBWIWA zmQ&f_C9^1~{rJ`xETXz19Oc!7Y6+;9cpu5zegue(&8WsG@4 zS=jWqVFY%0)>LP!q&R6pl!W4Jd_ zqx!hsjEP5kxh)!l9K+Cb4fc^B5zAkr`|%Km~Twg3^xsEt>v0(o`H3WF9Ofc+P6+{4*s-5 z1)>88H+ES;#jYTei0C^>_}WP36q=YWk}~?;<$PlS7VNBwQFVS;rPYLL;S<`?u#vqP zruTR`SBz^1pC+ia1zro+$W~@uKt4lo6NA2YtcY6?-9=TDP^p=lJsF8zd?_%0n=5C7 zvgs2ic_quz+LhO*llIIK)i$PBb;}fld$_a?vvsZwKlEwC`ise2W_zeDf;+>4Ij7`1 zl`7x_q}%7T-kXwz#&4@rwM*U%ztA$7d3Z*Ls=+ogj!TjA--^ zBpd#^%-81&@{VQlmQ_gjU%fA>FtYD!%8OL8Z&^fOUV~mgZ9mUQYpzFLi!N)s0JeCF zfoTJ5%8K1`S*NXojRUPUQd6a^T)E;)-x|+_e1QwI$`j9lrOHZEU8{DodIpZ6dvq1} zy?+SqiqWj8RA_t+p4QvxsYPVZ^dhofiV^u-gIwF!J!JEc9oq8-Qv&hk+{%V7G@Hg7 z3U6O>0h(d0S&(yRX~O6u(JEW@1iNBSJ=kdzT^(&-8D1mV0r9zvkLTlG_k6r_d9qt4 z1UYm1=K92p-4oKPGU&cHMj)4Kt~GPvV*X@+pD#}=P!wL4CV*KEfV!{()9; z$0O0K+n1IQ61y(3mNcC0sZC;V=BS2FB!m4`(34S*W0GWA*6vnsaeUF%E~0Z*ke_Q- zZHN*4T=;C790|?76whstuQl?fsC{GQ5U}pPdT)eZs0Xr_UbGFQUA_sHA{nFnGKL~4 zM%A>0)KqJ%xz66cOjnvm#Cwn(vxnXHu1O?AB)EJYMyn-#W9=e0Y?E&3AT~nHHdAz9 zF*LK)0A>Wp;i8A_Yb{E%+EL3TKGg?75hbw^Ez`y@F8N zk$7pYmy)TsQp5WnWs`9F2W*kGk8`kHV>mqIB99zLGZr7#<2RoxaxRFh?CS1u1neMj zc+OVZxMoH|>=>Wja9Oo>@ZN^%JxBvF(YqJI0V^zInnQ3e4$x&|=f$?2yx7)@ZQHhO z+qP}n)-SegCsW`2XJ#{1xB6D~vX|#H2foi2Z8LXaCLM~k%C*%@CE4=aL?U)D%i2Hu zkhNTQUV7OD9iyu_clb6a3;yePavd=Is*u<`PADNeLgKH(@>;K}^V*|OP_YUl87X0x zpExA?J)rMhq)6(z<>+jrk&#AyA~>@)SiUs4)#!0bA^x?mRCG8L{_;B=ha*GrAL%l5 z0K{B47~kl@S*T4c`KB`!*1SRWa>J1JYSj}{m{#RgyTj&nKM zF1Dc_s&d6LlY&+XRx6=%GqQwcSrw41Qqe#u=Cyi8k^sJWMCjI0v-z_E*#7Fvv24ZP zb&Wc_O7zaJ7ggw#;4cBU`yG`Z{4Xd+LEW+zNNB=`mV|km(C+w5`vf$XSRE}O9)Oaf z>@2=iCk6<69oMwWfX{P&7neR9+vJ&b7y=RCCEXgpW%Sj*K#$Pt}+#h1@E$rv0u&E|?*S zZC<=Ixo4PPbRB=)@eJ^S+jzFlay?+Q+f3YvIe8Go^uBq^zKu$Yrx6ZNn z!Y)XBYGo&RY&cK}ljb&i1*_10P2b1731&ie`;UGC5A?S@L5%R^Ux~8NA5#RR@(k^? z6m6$tMO!*qTy6D=@}iR3O>XVw!fpSjXV^lE7UPY6qC(v{jb_uC@6}j>?ZjiitFgt5 z;cqB)aJLg8(FLL*DMn*sLfMb_CSw29*J~>Ks!)}=xvFLpy7mu&uX~oR$ZxwxnH~GB zvC5Gf55erd+R-o&SIi8lAQ9fmK1HqL_V&H^uwnnikjn#jG2jyZLDwMs)o;nLVv zu)&FD{i{3TVtTb-_lz}Bev+B(5CjQi&Tcg{!(5*G?4=cP{VQ!#hqH+SgNNP8qxiKG zpxL?#4b?8n&SZZ7P9D8M?{Yw|4AXvl-8KHG+Srg#M+@emb3jQuK4@)c)$I3)u02+# zG7Piwjq9biBT8clU3f~ya^o!7xJxdqJ((Y zueduE%{m*AU6my)*?Mc|xwVR+ZLm=KV28TP)=2Kw>YKfyRO|7c-HlvXtFCnAamg&q zkzL*rucj_3&+GOffqM53<)k%(3Ffo6f#{=w)a$%e#`)irJEoU~1P%O!DwpGj8ZH%_ zZMbm5qxb$nG(~G?YMtQ?ek9F$uXW(Q5D`T0i;3GrQua2V0;dmK08ue1Qp>3X8mFf# z3yGTd46G(v`uB|#Q2Xftxr4@gfIrR8ITB|AS~O)*AnLTqf)-4ZV2!?j*{8a3+*a3n z*R*&9{n(p#zoPKt;_=j|25Ww*_xHg{w6~cG)>LXjWyU*Bb|?kk$sjr2HYhC^)rWUB zr1kkn7hjlMgT8~;V7+M|W=os&$TPR<3xtHVgyP#>>UWxzlQ8ukI?Hl$)CdVx43-mi zq08IoZf}?Oo0X`hOErePq`GSicS@eQ@fPdp5u}hY3Tl97gReCT>0oeVDL({iYH?sT zY^~30WBXManj%2n8gxaoDotBXesL%+Jx@z70?6bDIqUhY;1wG?v6*UZgIq`At|vs> zmV+xV^K(2A0)9lulN&w(?M0}b4$Q3S5KANxe=atMP}P2lwn#t+QkFlxp2rR6-Za?z z($V$+8AmTTf~#gwT*fLfmH}=7-8!5J0n*CKhvA(Lr9D1uNsc}Hi0;pyG9}R65ziL# zSWvmca0LL&jVoM+c3lJDZc;7hA5GjD)tG@3W@&Yh7QeJk!}w$2>$vTL+Ur|t=!M;; zbcg#HNI9!OotO()6WVeL4X~xg1`2;U#jS2mPq#a()@fKgCHaG*Bhno1_C?%@u0#8w zEm+8gQz;cexQ5ND!jvMq^5#z{6F!Y)0VR)Kc_?J6v~^qKa$ zrK)Iy#Rrf2C6tcg{_dowQP6 z7rakKzn*t}p%DbKO*?0f>_D;egB%I-=?K+(!1}F}Ig5%Q##73Zj=jF^5I2lC+SL1I zTOKBq*pJ8yAaDo^mDIL-402-4OWxef=2g+aKcOjE5)eD9RLFK27?o8j_AG=AH!v+h zZ;Sh*8a>+N(bh2}h-v@#d9A2=T3?>+^r|ja8lWF1pTW-+xDNmCD$o4{y7C*CC9O*O zo+S`AuC=^|@KlYVc6QS@f%mWs1*E(P#xYN?I4)z*`bJ!JMzxuz>iL39O&*6@M_}E9 zd3>N>OnwzduwCPfvXJes?$`5G;`~N+ZmSN*pJcd9PF(}j)ibP(*FWibL3fBvUAuSh zsRUO253Hyq)$P9*B*6y+;}&}&zi#(B4g;)ZnyN)#5H)Sx&?TyxwfDgR zSV;(`o4w#hJMV@V`bx$q&V=fZP6o}$T!>Dqv3|LT12rom?(;@cOHj)`@>uEY-*SrgLQh^$kq*?VSauviCb!VKc7oyCw^PqNeijPaThu~>e*NXT3eAsY)&9lmoP(C z@N_LEToyc+(lIHF3!pc6GlGXV&#}djedB&Qilg z73!4njY;u#r-mT(@iquhm|;88(Amx-#*>h=|*#`^e&kFutWr;rhH zCgXiXU(yxHk&K(_uM&)xgh9875$dh4=$HyX7>A;xZ0I&QOyoyM1crQV4s9|x>t z@S|mhsb0pb&pjKioBM((bl=2!z5_!c1MjDH zQjCoy#!yP^WlLJ6&i$D`>XKFc^2oo1<191c{uwhPbg}aLS&&JmMU>JeCV4MkCrQ3P5*Kk1k-{bo zTT$>b-Rc?6Cn+~MNt|lY#BK$%bN;wow^xa<$Vv!{!A;cbL0=gLj!Q2Mx@-;lmMXN% z_Ca$miu_U*hqdquZYnX<)CH+sK+8zIEVr9i1nHAzb?<$ zo23|~->fiz)j3v4cp7 zX2*k7y=)K?c&BT@gRY?uKqeB<;c!F2DD*C~((tKmgXjpC5b-ttnP=cZ{~eJE9T1Zd zwld$xN&`)@@*qL#%7^w*-9%En>8W4+Q{bdwg)!jYhY&dOfgm3Vsb+o`W9Zp|!XCmB;Rku!2ol3`utq`wrk6#hO@C8mAl1lvY<&+zZFa1ti4 z0s)`5NBj?XS7r%LVnJzadBG0xC6M>)hq#OWv&JKmXQU}c&G`si`kSb z{~3=&6Co^s_pC{Tzt7dl%zXhhkd>UbP z;Bejk`?t43Gu4h#fGmV!i5I%Y*Apt{ihXg(YNA(3w0}8Id@|&J{ob!t+YjrVUcL<^JQgq zFKA1CuGpGu(O0XGtl7gN{4`oyJ(L~UqdXxXh1T+VN%{38+kIeIy9ukBZBKx0%lWC9 zPDkni}~%K5j%VLNTH>mv^KNh*6={14=?m9@M+F(7$fuv_e) z2qpX#K=E2hBXg`2pqc1>0A?Zz7XxuT7O~librWuZkP)&eM?w5Uq?4Qt{B-r;UCc`4 z-ZYkr$a7!SLYZA8N@Okj*_g5VYBZc@9OLVEY++_z2VZ5)qdZ|vvL#PfqtRi|D+7FL z98Nz93N-^tZ4Bf`Na*vqaZUVZD^6SRQMGxrI1ZcPT*&|N6wn<5L(~w_nyIh1jwEv$ zeymF90@1*%vPXnV#(lGsWmx?n92ib#C&)bfgZ_F$ zLO1nRn=dx{B*m#IkH2!2gu68~uM?(W%tgyM+sR~^W|*2Df#Nkvt;Q%7-BcSLns0fgz?hWAhoZq{xZ?A5S_-ty#m0K|!e{Bx3)#PhUsDlMk*!4YLe z>5jDxJQa@9#IiVV9}IZ9u`yR&zv(|!3N#Z(f~Ccb4SS7xbYERdP43+AKAza2*S9R& zxWBR^ujhkKXRHf>L&s0=-D1ybG0k}LpDSI!{H(RI+vhrM)1ELNm0J@XIoVVY57Ng! z(hctUe!)-L+8C#yAu<=zfn=F(ICrB z`sI4RZzCuz^W)=u-&{KP`}%I9;Gf-#W03vz{uuZ^Y%43Hpz!-VIk>!>Qu8}4Blsb| zc!vME9Gch#RP|ASaPodX{$g^@r|R~HfYJFs%QFHzQXK33B%ef4FW+!VNrGf%W z1{1#FUmVz$`^LG-US#i;EBuaeYxAb3Pe$rzWN|BwS$EaBWMkMQaH>4)0l${#XPx#PmyrVqukp*WQ{a|HUj}^X3(+_%AU5 z@0cYo|2L_Q|82L0ld-97@ER;5lA2givjkdxWgRSAXC5_DCp6EjJcf`# z_F8R-MpA)R!*uKsa0bOLvvF8`5pbRALc!fdXB~fqi6b>E3umm&j-r)m56RfSKqWy2 ze1^H!fSFVxRwB`0H_7CJZE|o*0MucSa9ATm=beom=o@ICWzXVe$llq%E`Kvsml0_j z@&?-j785r=^brKh0H29!{#Rw=dI$11Bz305XqhJ$(!#kyz(;H0|5h@%x8gUVMsWAQ5(%Au0!MLAIm6~*f ze^LU^?xFLlBNf(u2-=GC8FcjxfMX%w)3hE*##vrQGBhVBIW!FKxL8;j^hsa1n}`Lr=2llY7E9b(EZeFRv;L#Nn<>TDgE z@PV{WwHv?>PZnKbL0@oinUSyNaxSrCEiA9|a1Z~XWcgP6Vl$#@ED!KFBeg9$es(S0 zZ)N5{6WHz9#jx~W8jMeA=R2tsw;`JJb|R=LRNBBfTsZe3l$3>hw`P^AVsq7=d1Qn4 z5_hT?*MrH}j!%ONevw;vYtKA=T@t%#fL`|tA~#;)sWtn})Qqn=cLd`aJlr`0GDEQg zPU);8U#eMp`F}r}59U`|i@|mP2oT_;GHX5ab6?HC1dJOTgTrk-UEi|ME3p9e@8I(* ziP6aw6j&cWL+81vrqn;mh`w5gKVA%eMW-{KE@NfzI)F zke0~oW09T4$^%ZN;iWPN=psUJ2ENe?K3C+=6*pv@5(fOBK>%^Qy;+#RqW28sLlHkL za>hL5^teh-A6IE-omeT8X8ogGQZv)1wH9MnBYP0`2dL#gJ%TVho(DvtM_=&)BZRP4 zF;sot)Kvat3x*0)Hr(EDq>d;1aBx%>D&0F1nu52kr^Ul0dYlgpg1QP74kcz&-uXK^JwbDmHR0NhS|V;!e?FoWNnyhBR7jnRGMT|{5$PS7!Amut z53f*y1}>J%cJ=EQvJ)=R=4|OfPa~?Qd6Bjx*$$%J8KCE`n(4jyVRdr|6Kq z#ZZ$m%Z7mj17Y+}uGBZ+0s#9>pav8^hLqwi_6BXAFVNT&c))ANgEcb)NrK(jD|2-o zCT)3nkNz=tC>`3&UF)(}&G2ej*Z8rd2%bOdKL`jnHjRNsx3{?lulz`lvT!u~3&8+- zr>RsUyjzV|zA(GLEw3WMjQd9WFt9j zCDw$Jn04Ze>2x7A9cWG6ew>h+7lmr-N{*Dv926{f$A^_P zJqYe=Yu6>{q!9bEoK)+|dIF}xCE2{I3cRM0mrYBGGad5@0sdFh{I0EseqXWUoY(1* zn`t(L(}d6cRj29KOx_(5v+i8@n-Huds@@z>e4g6cuRDR0w!9zKroq>x6yr5rQXg)C z5av!2=9a@GuENH~*OaJjk}Ed)TQ086PH{3xyI2?T9cM5=50eoyzCT&kLKtI~^=Y~f z{7R(t35U4A)lgKxu2}yTvpCzKuEzAYW7;Pv@Gu#Wh#AEzRq6SR#Lg^ptUn+z0(Y7| z7Dx*l#Pb+c9Hp~;E6{$`UgTt8ClUI9Nyh6WO*Ny)_q^2aGl*~WNjEfF;aRrIV{|13 zCK7`Uzlpk{w!Jg}p&GA#i0@|{|%&2V>c11Euwsc4`!KC&} zor&X~&y!+D7Z)VTFk)SOSKt0{rM=P(k}YE#Y`x1;oksnKuw@To1Z` z)4(sQE%u7WNUsD{JS_|JL5Ns84C!|gTg5;!S)au=1>Z1r#`6p7Phj)AT8O}Vnx-sGX< z@dJUnq4tFK;|4(wmFWzPyk8L&XKn4CT-Rhw>tw*hp7R80U&z&28jdjf#%{}&`o|A* zX7ya&a~#&+Th1GjDRXTYc^8W*@4e^m zC2aQAe2mv^&qv@^1B8sMSicZWr55|ysF^@Ca*qC$(S+FGVf(oirk;*np+Q05m1;MV z`d)_UeOk?*y^wVql+KZLEImudt)18!2V8RHsp7i~jO>4ZJU1{Ipkx(BPg6m48M9Ao z3hD{vrn7uv7RO?#jRxrr%al1j5flXNaZfNyE=M$`M9v%q>)fY zgKLjZXdW=k+&-GaX@qO(Q&O89i@hfF1+3ABEUZ_c5A2Xdx&d>+4+~!&(F%h$`}Nsh_3X=06ht6 zy`(apvNw%PrI8?g_+>odSD+C}p*FdvSb8*|Hkdq7t1~8Kyc=2Ru_z} z8`IVjm$g~2;TO9-vuHnxKHpo5#s%(1DN&_J5G^HU))cn+^n&KWFRs2153$1YnV^@A zU$pim$zaVO{wdTH@rg?f1mK%7Kd=q`Wr<;=Ae#=}I_nw*&k1ANxp8Za3E}-J;3J_u zdg@vf2fy5zTKGL(QAufST3Y`-U0G>QeOJQcn{C{l`{4^)&0hF!qZ;(AEc^5*RyQ^= zOn*9+waCj~(_UvHePK|YeU1Ps8ASNH|2SR&`<9W)S!1Y+9zGLlu9Uwcf!zUJT@SUE z6}9wFOmW%7-q5eLHMibgM>1q2`wh<%0Y}YE2Yfl> z#?&jOEQ)6D$AEhVznIiZoAU*q8&5B^r$o+>nY>iUMoFI6kh3dUJC32Px6Z!g45qv* z)hh1%sg-EZ|8YxBh!2-|A)1j|0%CbCGaukOhG-9>QioTJb0EXZZbZoayJ2ir6(KzA z>HEq;0pcz62#%x%uJRMz{9$5mx+K}jE*}r}S0JNV`b2ssHzh-8>|=i{X^zM~i`J=y zPiXgHF=!jC*5yk6?~8?n`>rqhu|xxDb!sW+=`n-DzX|6x?^)*Qll+Tg_Qyk!YNwGn z74kU#8M~9iVCIUyO1W&a13c0AnRyIMY!j3Q7dC-z3DtA5ZD3ZQbw5^lvMbe|Dyc4* zM-LyEM-Kslq5gjy-wD$Y9Nz_8JI4sq{8(5h#ONUzFPr6I{jPK$xwHd}LmW|HdOj)A%Yxn%AgsHIrSVdc4p29P?zU*45FrWM+IIF7}7<5LlY^oqpfF1#b&=?b$(L^bx!V??q0Hzf`_)}y_t6Ywo=r+Hb7Lf7U>gQX z{cDn4$5d@$@5Ru7vC|Xj0Mpol!?X}XU{qItxHPGXOE0Ce5suhqZy^fOiyHNm*`BB z4ffN(2065BHI&--V9dhNrYZ*NsjGQTD_Ar}#J;F-yy&Txyjogg%n`I^x6&!JssE%r z!^=tJ-nWPy+895l{oJK|%qtb(VGpLVq@W7H;`*Z&gHw1bT_x+`=vDaVbVRH)wM%zO zTptFegG661SJ9P}vgy1!ZXP2*7h|Q8M`EA2%aA-Swdy%RQ_SbC)=Ki5faZ3dCo*oX z#TCcfZsZJB2&2M#URmU08Ouo#my{tW8ZGRyHaTBc)hg4aUkEs*2uk@y)R0)PNu+qK zw;b$Af(-GqQS5$NZ;U&SS!Wh^WKYlLsp4meC7~{3SES^LDiz8pA|Co| zIiUX}7hi8KeWb6aukxSIwJmIKCuXvdUPeoTA3VcrwBZ_zt+ffJBhcTQ<^gc66vzb1 z7-%fd!T6_Fp(rY;6~*KS6p5M4`+9<{yV)!zEra!e7|XIy3aFqYD8^Hl#>0up?izs% z-qpuUTceZ=*;l7HaA=5AlYvVhf4V0AX{oMFw#^4eh z)M@J{=mNL4-e=JLR5gIo)$@rip`vHrVE;vV!li(H)l%Z`vsuTSFzgsEY>YZds0z?U6a2QI}aaeGko|=XZ0@R=I>-YcS^&j z!G>yK#-IlH{w;%`$Ru4>{jJBbHtu@Tg@udnu^ng-AvW4p-%Fv9C8B!LoRD~kpL%_K zt68%1k$n3xUub)_qdQyq(S8i}<<2OuV!SsLUXJP9)v07$QiZ=IVp-e6^YjxE{^WIJ z8-Dq0z8u`NlRMjquDNT!pIWs-?Ir!WT<~OUE#nQ1c`tsXGxGO@Q5AfIRWd95$uiW$ z2Ex^^5-9k6-xN0-E>AP)J(QR5UZ91qW~zGv#XWtWwemF@lci1@iZtjpu6 z{Z;#Qe|Vcn^K<_?PO9tuxtOZs_j_0&kmd9HI!@F30?xTIi}+Fa7cxR1D{BjG!j5(B zP5Z zVB8RN<|m0vfnx+_(1_7!i(~N`PcGVsgv5}C!n$yMuQ^{s5)8;KPd7*Uhi4%fEmB3p zD?r&jgI~0IyiuA^$y6Sp67`LR3b%9< zJO+EMLCp1R4L;7li9p&ZdDC1JS5JqZLkzVTJvVI6XU}S36=FeTdd10;_?j4I!^!;q z!sv}PdP{kz>sl2jb2T}u@^gpavvsYVoK+^8>p$kuSgNK^c+@nYE?Sp=YlfMo*2u@* zAB!&oKzm_^h4!EjP%$+PBOxOda39E;?Bb+a|0{cdh7yFQA@6 z1x1;(TJ-M7`blYLI87=~aJN}DQJ2V6kd3j43(~K^a)5IJ)k#TkWac@A&D* zJn|s(-85sLM@R7lbB1mCy03YfhwBczrOiX6DEFEa!ECkloid`Epl=-29Exn0kP&y| z%k5~ate2ewv6|6y;vS`ASaJe8e;^o{)9i{8fF$=!twdOI1BDcj8(j|p=nl*oUvdlJ z=-8_zHU9P`!6(F*jovG%h_|E8F|`=!4*6xJho#J8i=07<=}Rs?!nhO3D8atNST>Ma zm&f{9TJf~tQFrFfQQ$Z+h#2N9gG%(v<}A=1K4{Yp(jDIu9o|$hudj=dc_s;4F4V?CpYghgQGqT1z@D(& z_FE?+Zb7h5N}Ru5e(k}=eP0&uQH)=M>?q#?ZU8OqD-zl*f*W)!?lv-cH@fPZjtQNcYmd6LCf~!Fh#MX|hi%!>dnxnuJxV1b`q7h?%$P!-X?J~GbZapiAD!xth3HpeM2ZOkP^4btWMF?J=J60ou&`I($;+~HAa}5MoT|saq;BC znIt(~lFMTHjZC8FcR%i9U z6D6#2Dy@AdQMY3+YuZv4MpdoLnjfSM*lawy%*b$~Jp=9Rn6EtIce>GDFW8&&92X!) z0}-)`)F{2ghDw39fPBLl-jLTph@o3e`R~P`hu~KJv z$nzBR;R+L|1Peq34?GU7&e)H9T9=MFoUyU|a@O6y{M&M5H=rA*oHUq{BanVSRP8F@lr%Gk*wKFw%2wj|zW2!p~2+ z(dE{O)1t@t^g?8AgPIdl(6Fyty4}ngSo=~|0oF<7b9&jg44Cihh&g&uF|SG zV6JU>kV;f6VEh|v$i7>#!K_m8Gy0~@#lRIek4>dD*|uArv{+WLd9eXW5Oh7xM9dS546~%B#B6bBwd1D#>CsXX07c z?U7asVRW$ZhHj>E`n^K$$71c*wP?8?PA73u4-}h5~yjp}lD!<;E@9b4y-DO|h zRo~R--KinFKm402CyY4G5l(1 zdefnOXr{Gx@CM1h_qJDCnlaiy2;-qSjVj{+B4_uZw{^aCuQ5pRXG1WhSEcb!_;sAj zS)rzw$gT}~^T-kl1Df&dtqe)3POd0uvQxQ_k=yR&cx0=s1Dq0kO zi;}3CKRbHf$9Xc+k2C2x*hN$2Wwuc3(=)r?N1t~j6?+BZxgi7^`W@D!!?TFpOV*({7e1wLK>ng+R|z3zfk0uInT{tqPM{;EqjlP(SNDHFW-x1a>9y0j4;9Eu&cCXP8czl68sl&RpW-Nl9Vlb zB+s5MuD)GG+i_BsZ>&}6x;YaExcxyp<>M{&R5Wx~eODp?TsS{QcQSaL%0xDMkL@A=g zHNaT81Bx+or7t><8GB-&9?vNApD4**rz%9l4h85AFYWAQ9}5rUKlbm7s>LjAfsG#{ zP^~;)-Vg6t@x!QyS6evAI)2l zHl1iou2tfPHQSrtBdlLu?WumZamiO@_q($-zYq^kpTu%q%^+91aCdr{Y@$Acl*K$%7L&>WVLk^&Of#qH#e@FZA@dImgl10gyaB)A{v@+qiWe<3R!) zucc32WVcm0mMA%N39JrkAArY)#p_^5~jJf9VsHryBr>&)On=NiV(L49||vO?5*p7lE5Y$H%cLc9X$<{LF4gsagoN zG}c%bDGjMkf~WdAI7ZG%-kl{_pO)9zpsCGPSIg)hCP<=Tk({j>8S&w=JpP|Yl&9%Y zpv<7B;6#To7_G#s@=KwvZyo(3Q?w}RV+W8oN%hNd&_ zV*XDx5SdzsV?FjU4M*EV?|MyRDlbP{3;X)`806KBK?PsI@276-Bes`H4MuS!rTC!l zXAl>Lg42Wlfn$l64a0oJT+-p%UNG(SU@nnepIeXSQm&64zqypym-vQKgq@z}P6K|E zHPT|;gu6Ky%Pv#Hdf|$h>^%W-umLZ`hG|x35v|cOK^rra&U#V9(3XOQo$U0;a+nBE zS=NW{zWw@C5hBOrqLZNj$%VnfSWS|RvbbqTxmjivG+9(nI=ESzsw!0(-G1E!H)vTz zZwai|0pOtAM;tyrq);Z(nf&GPK4U@0j_@DYWSHmdc>6ykA zUpB)i;<-8|E|zsb%-c{mjJ@%viU|qBMR0Bvw~ETT!*i*N(pefL=a^VT9j6?o zDr*7mkE>I?Joq8>mG6oBUD2WVizj}(Q4On0FOm3pM&CqeUuZp;a-<{c2nLUa)kTNs>!kQ_mm*6RQ>BPA&V^qs;ojVHs-u-jV9E! z9x>$5Qxqg8pg!89cGcd`ti?x;Gr_u88cZwfSc;#wjAk%%=k4Q1)AO>DrmUsc_}V&t zrQDg$YQ$#0=+BjvsBQY7RA(`rb~jZ5B4euqS%xpJgDR|Y{l3q9)#yHoEDOImnQrSG zgT9mqa9OyJ%ny*hUbonZ(6O}YajjRvz-CL2zfz^$zbU?Ux(x^64MIKu`geKVXzuH{ zcAI0;20hoiI$MP`u_HKGCmp)GFeY2viio&yoRom$V`x`xlMT!Eq#9z?Y3AJp@6zJg z>Y?vCX49XDcE;a6Y=@yA$I229ibr!tEv=B;L=A&7QsIn>?6{J1MRV*Am_iHH11{k< zS}@Un{D_NMmti+LD^i>P+AX0$`E4d&Yy7(nI`{Kg-bwrCoxybZb^28+d z$%zD8FFNZ3oNwvfKWgFk)0gDHffI_Fq8v_p-Cv8n_~F3AiG)s>vIL{xVS#N||r$I4IQG z+?u}P#>XwK&2cq_KyP1~tu?1i#aXZXA<L_c%7CZ43TDRF;;k(etUsvm@J{vEKyzmnAA!Lj`j@e)haZ3I< zA(AA4{Mo;O%_JG=aat?;(|++_<_nfF7{LDKHXA!{Rr}!d)!(8(V;H6X{vl!r(;yJX2n@rpdH|gE> zw`*1LE9!N6mU{qGK&-!S>t=*!26wJW;dsQL)*%;(Tm)eQxx^cYoCc-uBSUfubd)*u zuJX(SH@jInvNd)Z zThWmdq&i!r;Sz1@s>!7;($xlQ@_u3ttZIrAXx7`5X&f@42-|+`KojO!2ki<}+l(8H z+rJk-($zDUwREFYwD&t1`aOmr*pb50CiBRO!2GhS!cMoNii!niSKl*j4*h?m>-Fe9 zEw0b|VI+y4=jUNUP0#Q7crB0r{Q`j^FVFk?_|#8;!t2e|9#zrcJ}fCoOK@FAj4KcJ z`+GS0Ki1{k1MSV7q0~ZI8bUfqE+mKCTfLHs#ofE`(X}#hG?7OU7gy8Kd!6AxylAv} zoZ9$Kx*up?(f8mA`^bkCHLCV=}kobmI_IvVX@BI52;WurF|9e$r(A8|ss6lh9?1hnPj>B98>c=RY2Pqdlb z)W~|MGz?S!H&6|gRdu0rUXBHNfgp?&P*(m;WcAvVw7f`)QNqJ4MyCbq$Ef81pVYpb zQ2`#&kDMR8G&4!>KF+ZHENXy2#h8_Mx55pWaJpC z2xYPjx0uhqk2V`gOxXoEMwW>vCXwWsu?#ehdQUsfo3NS%|4?yu^;_PfVvWUn&HSw6 zE}1;0ZEl%phbeKzwaWGZKRL@{-zip4Gfd~Hl~xlQ!=+LA@=#no9ej;3)MEGTM8Z?X z)r=-&_02H%t~#oXXl$Z=Zp2vD_m__8&Q0*B_#z$&JaQ*)m?YEJC~Aa$uj}u6L%hK5 zC869=SU^v;qB`ZvsJeLm(7jfrN?x(JXXLC(}Wp{BA?Zu zwc1gAWWgF6CF(qpTEi7WEK+VBD_-sH{RI1cDMIyj?k>^TOg#~jAE;-^v6`Lj2I?Z) z;BlXhY$)Nn_K^t~n`NLDkX5-*OQo@gc5L$SOde7zmWZZ^w9uj!WeCI5q3B|{$u{%$ zvu zRlBP^;Vvo5P0`4jVKzD-LfWlPU%-bovtmqWPkV}&X$`2&6sAokJZG-Q)kz`X%VXC4 z`FO{ZfblcvxxV0lKt&R}XChz<(VQW8YA)Fgu5cT%v_qz$wn3HdkSjLLu0#GU+ab(j z`q+n(fek4KK{noSA+i1g(%W9R1!&_W8PED`T7DhYt=dSA<}C#IN2cjmQOWz7u?5$( zl*b0Hg#k7rsFwyaVOYWMCUxdraD-Hd!UT*;#GwJ!x+HBP(X1KW#3WJ_>)?Vg5PTzu`&d{4xZtUnDjNCg7TOub~=iVu%Y$3Q*kEiyT!m*Sr(%q%z_PrOw zP9npaEpCcJz$sS8Z%ksK-)8MV&!8QMOb?d8X$Iu9g#2<#)(+~Sj$a0O6gZ1X_`Epuai$2{rmTT0N^u4hpIn&`EX8)> zVMb)aEGt+AEeFS_>x;v85K>u^A^lL!IUKrv!j{W&j*;kT`M26}8mWP&60%cNKN3sk ziCL?6&N_=@x5BMr)@noBF}S9cv((D}ujA-kx^q@JvQbUaO*U=50;3;MHua+U&SEEav+%E<;R`GMQcy9!$%Y~W^# z5Uv%wTU2U>;Zp^~;N|a)m6B_PvHbgYu=n5uVC=H}bHE4Lu)lqMhyN;g{D=Rsl%WH1 zoU+cT9)0fwa3|Q--r1+(E8*ePZJiPSJ`GYQaQE23v>A#95ywW{KcJcfTPRKF&Qc+| zI?KHFVc&ng18RJp8|N}$H%*yalF=|^5=Dop5d)|eVm5Sy-A?MU6^IKKS$0YxgzE7} z%|Q@^Xq*rVf@2vM_}`<(C_VrJ%RD|{o)9#IAWq}ht3t$xR=p?M!jIW?ROT|{a;(Xw z1pX!x-CLV@kTw0py1BUDT6X^M{xB&Cv2_(>viFV0(#)vSZP=JgjZNa#$h6F7^*a4A zHtu4(Ds5tMXR%}6UVC|4(1!l}qh1%d04q*Nst{2X-icW!wWL%@ST-hU9dyZ~W087C z(P){}aTR~umDhC@dH^}HPfmiu}I7<@Y%ZqU^C{>BdmN+7n= zb6JVMoN~OJe@8iT?i@x@(pCXXtUht9gqJl5?iRGS;%6AM<48y7=1jn;40^C~XsG0NIKP1yq^4AKpDKz;ug892P6K4xOUl zqC*IN?Qf@pO43td2RXy(U+ji+RrnM?C*n~EG|o%~E#k5c;x^dcp12u%3)z;mrOF!} zE5x@M?=(Vw2D!(AM;(Ev>sl9V_4=xj*IjTVt6?<}u%yT*Qx)TYTrMxR-Rhn&uu`i0VVXUgPvx;K{QGC7SJo9x@R?k~TOB(muPb9>p|13Z`5X7` zUF~4ctY~?LCZr2HE}`!kar3YgNULDmI6f8OE^@%7^rtF%%<0VxOmTo_(SklGtAtin zoET`_|6RUECVOEd?G^A~E07fG{bP+e(wezOOtw4)YY!TQ zahB5dVIga1qPj^<%5yT@dvPv`YE8hb(a5V@kssttj*Qf*lQfTOY-57c!J$PeXhrF7 zcFq6~E=z5gS^&*0!rMqv5R@^&S)dEJU~eSV6!2%Ml}h{Y#-e^2pI{3)m?v<_RFt`weQ+#5f_ERGK% z?lzbWxfZdus(~W@c84j_swQ1_m7mBsN_-&Wi_Mbjo({dD?5H(wPH{J+HDp0ESMvj# zhy2I!vptZ_lB-+ldo)b;)whfbMjUqDr4-|l&_UZC_*VZW@0@nG$pgL%v1l6B?3^GF zV}bp1X|QA4moYZ(Uw%RjrlecWvJ%QrY$0(t5y%JkHmflCYY>+>Qhg$JZ4md&5#b=a z82q^a#a7!a`a~OR+PW+q4`EPb^e^|j_w%GBPrpB0&-7{uXXrEyx3pZ;j)>S)@li$)za^EbL7I*epotZ&X(;(+JQ zT$kf+&;dg?o_qv~c~2!J5*6c1<aW}mVUqr^FEf8pxfe1Sun%UG6W^%kKe&OiEd#s@r|9;*yZT-i!OJ%Q^*^2r2SdYT&(R_+d^V_7b|1#a z^idg>dY8uRbu6%4xSkzX1W_+Jts{gx)Ok*G!&|rr%>{i>#TzxhBB2MMN1~;B{i3K1kLEI2tZxIkUn9k4n`nZ%^+lz)Dox^JP)g$%~h4 zXkhA~Uiud=k+bqJ!O}6Y*)z{8ppAfK7X872tughJO6`yDJj5!eokTF7%73cBTm!rF z)DvoOMy!>96c8rB9u<^;6ky@p#fyf8j)wKf-B6NgcrOW;1&RR%h|;3NWr0c91%-S- zA~E;SLOxOc#6mt`VAy|}K_wzGp73*6G5637$cX=3Gwzhtq;TorkW(QeWP!^68O%;z z=>Hl{82!%G|IF+Ten=hv*Go!8K2C0TM@+%^7v%7@aN&G_>1LK3CA5fo)cBtyPy5z*wo@g!tRS`vh@8T>30yJ_<8dBO!A_MPvcR6bAZnZQzkp8LC*-nsDi~5mOn$WwFHo z2;aDL+K|K~blP@tg~=mI6Ggs=|5ri;!_{wc`sfm3@xuiXJHD4}cH4633~ zh4mVBc;0>(T4&a>uyEwMR={z=a1>`EY}1ucMdDey%Bbo#JNbgwCR@KBBo1>$^{>!$(v&Ws_;hXmHyyeK7w z>#{30A&Of>6H7DxqDVFTWy-usq(Qg@7Lkb`@pOo&Tc|CV?9s*PR|&3P zon`}9U-%iO;x8G$_wP$Nv_LBKL21)%U0ci@4M3TxG&{o+iifXi=;g}F7t%FlDy)IO zkcF#ytwo-o31sr86jB=%5!Bq)0N_eVZd>*V8Ee@14jAY9=&=6<;fjZhxKaQ=eLjay zqj<{aV)EW(g+9cZL!Hij%FK$9suT7aukjmo@`^!Qd@5w~ePYmzFNup^i!Pl26U<7j_0{bBWxaLA9x$eliR$_(jnRX!HJiWAe>D9b5DZ zL=|eZfxm4_iBm_}HeAd3zzGML1JmzuH=2>-A~_d*pa`QHk;_LLO10j)j*CTvaKA*m zY^qeXJCMGM*UN)VdB_7e&?lJb(?%n+vf*TG*Hdr^J=JmAr0W{zl-E3_-;kX zMzIv6^9j1pgp37fjDp(Mbgnq3m1h586GTMPYz&b+y3w%z#kK!Q3~$(9q~L0od3&Zd zjc{1pARfa4SV^olzhvU<)<59I^9J{uF%VcRcd)vdCJbxsI0n{R$u7XXp&`I8WMPq@ zlh0ei2;~{{`uo3~d$+@Bmq}EAVRi{qJ%@mf8 zkl~KLyaCwXjfFG!uEpmeknjudim`${E?m*AKi;c z?2>G#{bxaks`biP6m8)b)YHh)J^1=!<}YKh-(Pf6G@#)?F*Q&WGDFz!6e``v5p;$b zq`@9&y_SIRb%lq6f5Kb)8v*~ZSlCCR@-y?3Tgs4Im~zd*a^U35TQb0M@C23*N0vV! zij<=`0msDkUk`dVg`g-u6JNJx#f!fUKlt-wxma;DYAPBx7vgPYv%%=zQ!-7>Q(ROp ztQ06v^l=x>NAnAv9P8*;@w{Pg;MdDHZd^bBPRQZ%yYO+GdM6m99wEl4YSDxkqP*9@ zq;k2;AVS%mI_wMMk=Z~gUmwkP=ELI$IlRM_H=a>#1-D2&%`md&La(-?MAz``Awt{_ z9Ie-^tQDBlGYzFuSct!7PpL0_vNP_* z@T7b_JW}+{%_t39f@;>-{?RvaT%Bx^%-0IVgp{5>r7D;qP>HC@X=21RaIBsXCE_$`UIzI%;qj zb$?DOF7zyx-HRLC(5&Zj>iPYW+k$~I9%(kg(}inI){89~*U%|UL?Ndrb(1i+o1wM1 z;6_XTk@@3t{5);*=25!L7HvasnvOX|<6J>R(f5YDJ%8(14|sktnZfBjbSR}9^gm1` z@Z<05-99%Aj8Jau_s2s%@)v6`$(PqZ(0=_jNgy9TKhM9v@0z;?hWy`|#9wb1^l98D zhJC~z;(6bMa7VYd*|SAus|B$sm8>|X%}>9Q(9xpcu!6Uadpp7>e$gLjxirHFKMB^* z6lHt+L*E2rWI8qbTVHZ{f$&oftE3BvD@|`yK?#v3G2Kt9;AtZnXT2a+TomA;rvty0 zIF)3beFNdv3;TX++&&w$U(imy_`e_i;l~<61sG3QQoOS0`F$i1DYKnzBF{cN2+U77V zlX;*&$->W9#~>QEcsw>kmPeb{iJxCl0o4$3rqy>0oLQe&lW#5}7E2hmp>04jZS!9R zw8pX*GUnW=TRl$Z+;QhZMX#ovn`F@#Ik9Hp3%z% zvZM!~sL+VVj7n7Jaf-=<9s3sBre-)HDs?s9cTK_-H5I8b{TiVnEsU+1e6%ui@$3Hl zjpfPpv)0Y|H(Mi?5W+%9uQJ{km8JMC14WT<7hVt98QuhYZ(D1)R&*Vv#v8Og+VT}A z!hzuQS2>D)EhTZT zu^_F@wIx-=)8&$FM(A`Y_*Lg%O7ud~@ojK{xR?#cs5lv=cxYDP))vd{;U*Q4S}NF= zn5G|!1rjy_95NkF0s$4t*T0tIz%v(vtH1~pJ2Y?FI*8<=r4)dc3|llq;X(80CC;VN_mD@*tw69lG}6UfpG9?df& zH-5e?wp(!zyZrfB+=ZhB&?Hi#Tc)M0)&q@zsM<){!4jqn=JZt%$dp$!nF8RHxd`7E zMro{!JBSDMY4mt;28)(TSfo263E$=ltm{nEsZOZ%4#tgYO*}6Kv1ciz)&|Fu8PNPr zjz|R!iOk+qG@-F7E4?D-{-DCk3U3g{(@#2t8pzbawd6Up`#?bB_i#k8*!|MtE0ByC z%-Zmmdu#RkxPE&(&@JK`j}AX7LKLnAn2e6N2|NwUd&T_K?4G$w7bTkTcuE{*dVd8>ne3zB37a;~ZYPO@NwQLXmkb=# zlO9R8GA>_}4{o$1I?Z0>IXt+AngA`gIFU59{rRfX_RpMPYBf_c)GDDE=kRRd#GVFn zz>B}_ysa7}y!W{T2!T^QoB#Pi1FeW~Vm5RdrzgyL~dbiR~4K!r-5rb=ElXIWSk z7yDbQtvj?HN!pUGnp-#?_)lwgubTQ-uNNEZqFW-1*lBtFuU&&rFKAjx)^eX4SO6?~ zd=at&0eN?sW|747m8f=Ol9`T;)d{_I%NJz-3I>%Mm0`ns_5bc}@ej2jULFfUXe{QQLEfdE zm7J7ZW~`WKW^Mf0$9~`t)fGiS9O*muk8#{!$+VMHGx}7(uIeNVIp#cNx}!|;j%s;Q zT!+iWGVyd@&CGz?9eU99F;Sw)X%tbigdh6QI*9-Pd8SP^o@BtQJy;cgAZqoL49m`p znu;5v76&hS<@pCdAgL*&7kms9?u2)d(wDeE$cvX;ezuAh#Ni>Mp$57Ltp+1jr|hzE z09+?aeqswydj=Ril{VE}9P~k^$JJO7H00f$k8b+&oHsfcF}E_k1E@N*n3ubd3^JY= zMPZ;q@X9HNY%!iWiV-azambJMAvWiqoCkM5fKm2x^B%)Sq5vN4t=Ur!+?{Gx+#Q&q zcOx$n#G8d{Sm`o{MBb$GRdxsq5-tF68CV}Zc zhjHRgV_QTy`1!W+tXx)D&Qav`7S?c24!e-87Ut1N8NqkcZu`4-n@>WCwA$SpAF@cj z+iBl1{Fe(Xb2n`U&MsO1)Uzr#@=29&NRy-V&`xUxBv`nxHWrYyjjIy27nFc)G$k1% zUm=e>Ddb~}4DV1A{Eg|ZOeVT2X@%dNx09yW!L;7d9mnJ5R7|taAI}qM8gu%*0c4|x zM2pb?w?Az}6f9ZjVYY*9$N$jL!prBD)x;RqcO-60EFh~zQ8~tJn8gJom+Z3mT2NQj zHclH{%YbDVb3mM0g`jE#ORyh}k-(xPD3L4~!Fq;{4F$y<6lWBtLDC77xwYK+l;Dfg#L2b+U@`^5tOMKgS0VyOnpvm>tpSKH65XPrzPzqot*Ie2GWrF?`ca z-41tVa%r^bb{bVZD~2QeSrv1w^0tRE7k85&PKnYiJzNjOWtma-yVtj!7iX=TO#$uO zxtsz>gaSDn?=ExvTI!<}0@3c{k4~e*d?qG2Ebs39;*RdI{g~$I7nZ*-%o8rItVDvx zIa}6)Mr|W5$VLm_*Y~c?17lok9^I>OBV?S`{fX#EayZ2C)G;k*rNdV>DfbzkR9@rQ z1OZI44^_(?*&?wBm#3^V;8qaQxp?zU)J_2z+M^!oVo6v6FD8)UzM7s2W){0c|KfMa z1yw@}AttxH30K4yC&TxoRALt1Kx5R%bB?w@e*6wgd2g)NGJ0XJ(IRaox5d|t9RTb! z-FML8Jma3Inh06YHYpzyWZ#6n2B1()K5bwY%WB$=OS<}>;0%eKWW%VolW!%Ko?uyw z_2?yj4<0ClR^NHj>~sr>6r_>e*7n17u0++$ft zq}3`XW$(PJ$H&1DMM!<%6v=!37}A`&q?-reY&pR)i*FjXYOoWFW65NQb|g8G{nc}f zDmx>imuG}87DNl;KO`?)w2Q;$p|^cDaXY-It&Mp7fYe9Z%-LzUjcxAy3+pH-dF_&H z)gdFvLVthD&)KK*All)rDC=svT%BMcl>~U|fz@g)NXhEyb#7h!03&Jb>~QgH()eEE z43=DU_YR$toJ7DpCrob%a^|uyix+8W5MS6Uc@1}VYQ&@?i8wOK<3``sSaNe+puS8z z3vwPN0H{TK{P-* zdb55}-Ol{$`|YE&{EkNv`)R`u(YSzCm>%0p0#y>K_*-A=W&{*s zovjWVPbLkV?k|eeCer(VcN2a7U&9nILegMglZJJ_8h0eOuc~pz~Q&LBUbwhQ}$&>vC_ZK6C| z#?F1q3M~>oU$c9U-x%Ejz_77wAWg)tG0}878sFQ}RsOz-`3eeShy@BF5E>0l5POG$ zC7uMedVLb5pSSi9g1Uy5+tad=AxXKe^RTf?s!$D!QpCE0qKI|pf=pe%$FZKtxfHMc zR(dW7CVl2;lKF`Bt5Fjl+)UQ~BUnKPXmw!9J2L_(gJ%kb@$mAO5e~&rJ^T zER>`Zu@dhw-2d8f{l+B+{TW5I4(P)}{;%~;BC(QJRO_A3X;kZLh_`uYCB&qYP1FCR z+ecBYuklFoz1YRG+T;Geyk0l&&WUq%gPN(!$89v-yAZa^tv+>nbq@y?xe%{-d9E-=LeHc%i@dBHBz zd2XRE;}b;$w|GUOLo-w-yj~O7s`#g)S`%Di-wKtLG5q5yHi|KbZ6072*hyeaeGDzW${Ms4@k_T&my^>SM zU+hC|y)ubr01?D$P8CJx8B{v2{$vhnoTJ`*RAkmu@-54;RKYFhH zN)~TMoE6!A6wO74C0=7FG^iZZ&qiMe;pmaz`7>gxjR$V?H|Cz!#}Bq64nVj6PQfB1 zB#yu^zy5b*v%1f)N5KF2{Dad6gvCl(ztT)fJEAG`VPKR&U}dML*l!`#nl_^nK;Ppb zFDCOCjQUGa0_ci(g$usrHzj2lh*sg8MO+R%wHTbSQbil3v6Nm<>6efnSf9-z$wrv& zPdN6B=AK=A_R4^aAF4mXI2MW*(3)`GU^e;SP>|VJ%kSU(6FQp1dwW6m3r)Yflka<0 z&`=VacBt*x9|nt}gtd9K*Iqx4Cl3SI;=;bhxpH5L;Eiyi^OI_d?r+ zFxZW7oXxl9pGT*m5tonRJi4{Vy0|@T!bl06<2E}~RD1S+gs(@Np-f1Up|w>Xsrf4Z z=0CPUtNllo?cI&^P;nwrMVG9!g3$86j+8|38pPrHSk_4NpD$>@T6{p6y&3b7?$`Wg z4zKP&xL&U6yMMBZq_?ABBn*^jqeQguCW;sDCbDcjAskbBi(Ke#;|qX1j8OHc!f1*? zGqOt&22t}UhIx`D znku-<|DaqRevp^ zJAIJri-xaIa~NhGVzWZ`EDBOQt7iy0T$adY!2JibM>&a5=B$IYC)0I*F9BJsQ!cVN zV3iTik-+(K-3qSH5&6G|d1NyR)Iyzby{6cbIQAiiuOI zsK;#QXK6uiAbUj+wxE2AcR@C@rbyVRD|BCT{0XV3SQ3NR5I!Q_FBy=#O%X%Af>Txi z6YTtmn2p0pcbYXs*Fl?nl!6y5aJT_1v@``Yu;3mFIU!$C+LOdBSxx}PwwVCE&u8b6 z4ULX)JUxSWDX0jaH?m$|DV|`^1p%+t?IX?h1zX_}hBpfBEv9V)fqH>}Qdh;$Xk9W2 z_l8Dyyj;<*`iK%f8CL8(oas!Vq4&H~VFa9yByDfd64^ zfjRRN=-;YmaifJ2>APX7y7WEu%1ldr9=JJ?i<%8J2ruIKGx?c1H>Ux}*VHTrt%~FZ zn~eCdKkcF^rmIaV>4g!un|1AdKofaY-^K%Sr%YomO?!Y&NKBJWY&LLe+GQopH~o~q zU9g-`%k<1MbZX>aLG~;Fx+mqExJ5gX<%>u@g|eVJ z-b{-DymqiF9rQit4^QHyTmPD_FCqEhy)c ztx?U0f)Ri6R7}EcB-+JYwsBo0?~F`0A-57M7)@Qae!n^a=e#qVx_(?x#2vd!GwCS& zWvojTj#tG#U$J1Ei6OuDh+ufCaHzde811)lG+eSe3QgCb515{J8-{U^OyjJ5WyRN9 z+#qQ>8xyu`&fOVuizZ(2i{6m0xB;<%u8o^^krlFJKXgy@7=;ZZFsrYtc$pk06uQ&v)}(2P6$Kg<6~y^464(WLNW%I@Hc z6`IZd`!}3jsN}MV3lBgEOOE(o&w10NY~9CltI(F_9)Fosm923^(Y@j*#H>$;P-Kw~ zYPJueQ~|BBiSdf!3s~e{*0X00u8izG*ix3OO~mv2yp>I4+fQyLJH1|3aZ+JjeTKS- z?1{3s(gsal_$E3YHS1Xjk{DP_hiMJfM1HKNpoV)X*7(9x$gJ~Iz|x2Pmf)`ZM^J*E zfmCNAbmdrr4#}*Kd5y0602hieVE$6b7$ZO5{lSwAIrxf{z`%`cB3C6mPw{}Wo3ws> z=hMTagpp7%e8Hw^i*aF54TP^$N>)CAJLh2MFo)WImr_(S_83`U$}A;~I+Z1N1ccjw zpDfapF4#!j!x|q)k`Q)pdh)zoOQR1}OxsNtKg}+|%V>~!9-CkE>fq(2Iu6ag<{X5B+MdLA|(LUidp5($vmI75UK2Czw2iXu0sGz8sc4flL zT3AVv?ZJy?#LENl?50sv(7_(sZNhXTBCOV+=#(2Et7W4@#fA99Tw&vyz@O8p1Ha%E zR(A#XfzWq01W_wG))7t79^a*~&wueL_<@_*@6 zeR#4y6lCoJi};Ht_~2#q*C|`}+RGmG5yHbT#Ur87nN~K>ZQv{^O*; zSsOds`j~+;2}ROwUm?@iCO<3}ksU+j*`gw44~$k0KHt5f8pIBMY6}RsKkm!41$GF3 zdw`>r-H)SE7F1>#GdZVOGtyg`sS_giA~kxB+G0fv&XXTMJ?*w`ttnuoQm$W)AMvMT zZNO&CjjM1=v#r-HwzCIn-_>X(TbfCjZpL!#IBBHC%F@7cg1lTpRNkeI8NDGka!X4F zWRZiNqG#~9z-iNXW@)ptVZDMKL2f;7ME!IBkhOQvpr{Y*=Aj!BQrl~)eJ1REk%h9A zE)0%4lu~~y*UjJJ_DDI2eU>FjA3E}gmo$oMY#5|#Y0He@MX^psC92t|d{N}wYKQ-2 zYnYxi^ZY&zWo$Xz!1E@)hjtaWymo^z&p`OGta^C;2=(hq&dFL~WF4D~k*P^A3-YCN zNl3%iX2<$7`(7oxoL{QvyBZPW%=`B~@@6Fmubr5*VVFip|Me*yzgDF$Ft%7ZKNu=j z@|Tov=d48|@YIXguCbx<1f+Q}F{bk`q%Y+4XT#psAgQ%F9ayv{?pV&IG=2B2(I#}L z!yUfy079B#Y*+!uYWGIQqwP#&vwXOpNL-DjX=Ev)Kpwx~E2A|1v_(iuFOy7lC%12A zI=$_dsY5;D!Acdjs^$x3KxwM5N^1q&_y+509Oza zn`U~Sq&oyc+f6$v@GY4{KosU=B1tA6J~UN|xLyD2;SaykrX9s6(P4?G@Znjt%OTQQO`I$)(-|$KoJFD;9uH}Ou-{ipDn3DNGOKd^pP@>+-b1< zU0TT67j7t!Yd?8AFWl&-pQ$)FfL%ZO`EsMdW(p5*n(wu>FQF}|2Knog%WfHD$tZK> zQ|h5IQN!Idv2ds=b9#9)UoEKXXI3=b*?u z^4*c6;TbpuFlQe4`G_g7g-^CgsTJPkl5sMb8jj^N={k^ssVZ^Ww_;YiRc0 z!uB=eK)-kE*RuTsv3br<5Sp_G*?8;@6wfT@@N*{497;O#{$m|ZhI16hCuU-PR4`3? zsj_B&EP)cK^kA6A>mz4S0lX^XH!UB1Xs^LKzWd|s0*TO1e-U<<(3wc36KY2D zfL|+nH!Zn(WOS`T86v8}^yyc|A@~PY9K;uK_}PFsb*iyI!nnEhDc8`E?pm0#{3)uA zTzC$Qrh?}vRpFd_Uyo>X6Y&0v+-Xc~*CIZ`zs3(WynUK$i^MjnG3>Le3QX5^{`tub~wg$I~_EH%M1@&_WzMr+);4)PtW zR2|z~suWj_9qHU={>S?`UXEqQrn^@Ja2_8PUYgPugfp`#1V>ypg7> z1xM)ODdo@C1r!K1pNr#;f1x*o{4IN#wMqx~B6;)Y8h z5tEgCK-j|VeqAF^5=thJ=YgsCCVa`|+3a@54qht!^*8oM)z)?~xG}qWYrt1Nl^} zAGlmd<$9=t$cfr)zVs2iYkTvuC^~B%4hLZDW>(_%W89H> zsxzT3JYn-+;^c!~tcF39q-krEqWiRLvKHltt3#fFn zW^1&}X=*D;%%x$Lc5TC7L+qOb25G#O;S8Do5~1JQ!IGFJN5bP3=4f>{!@ccQIf)|W zujpYVju8jtv|LBR>n$O(!|UpL#Sz3~Cgvh;0+6B}AxG7lzMZGW0umW5i`&tgIhA@K z<+4dkZM?OJpr3oiVpiNFltr3255lUXMF(9w%G;TQ+@h?TQG=0Ktih_n%Kze*5@sbh zEvAj8pjEbdwKBrO2d8<(l>zq%LQ@UoHnD(o)@_C4htX6e046~EbY7ae$vuB@nYqXI zez9eR<>lmFOp*RQvn#CY4t@eId6w4n;Zf&&Wd@EMjlNO6#BztD2>}l0+Vl8tdbj6u z?Vd7?9=4?FcrFp4>x^~uY3p@)8{YijLHphnxVG~zK;+T-q@fQv}}WngP*_ABtsrmGI%ffTO368KbFy&WYa<4)Xq^#LLfn?wG@A>!!O!q z9q~=a-T5v;GXOkpEi3)Y+j|U292TQygCK2b?D6~@+fC>HFkoaFs9*%RH?Jy)XNJJg zuHNR<1`LD4B_oiF0Kp!#2oGp*9i`{ zVR|J4nAd^dG2Z$2PI~pIOdi7Aki=E{CM=AnQj$wP~1L6L@-j~mxG4Bd}zX!%j3iZVd+@1Ru+?T0| zLPXN$&3eglct-}qF>CRjbI5oNV0PQYWGG_mRXxPq=kxxWWiHxV$#ay$*&_Ue^^qX+ z=tzDBu`$qSCze__-ilHLwRg$8DrsYpStu!}%Ta;is}nR51Y|w^A1P(oxz~x>ehh*x z-;h=`m6erU>Ils5z}b-z;O(mz1Tp3RWESg-`I&5$=yBJ?!LRnT* z?Vg4s){f6YvTwx{$5p(YmKaWJZ``Xm9WqCP=umLz{Nh~c&|4_*cysCj32Ih2j6xA2Njo9J@lNeXQwzmMB$Ol38o|A}2?* z3H|CCJ7es7me-B^D+u~B!e!TnqeU?$3kRpevNFeJzu(jTwWcY=!_+Y6hmsFDP!xoH zT5s2=5Z^~lB10JR#WGY_efNWbJAV7wsP)dSEy7os@>HW{BA@yt~7Nziwf4R!gF{u9Le^E{r zZbaa(qzT!JrxLBv#|kto4c%%>g);1_XGS=)t5Q;AoiP|fu-)orSt;m~wUfXYS%+LJ zwzhjLyK5R|CDuj!*aNUjWYT-V0x|igq%FyGLfL%8=Gc=h{d!uIooKsMwEhyfNvO52 zGDN8H83p6vy4-|gM8)_lZP66J6-H$He$NeQMTXgCVw9`=sPR{PvY4zs|@N9}E~ zIwLJCr3=Rvlb^W9x4fO$mSE(SOoNNH&p#&QqFJJmgqt&`E>19}5g%d2@FQ zjg&>6XSAe%+T;~krTW?Zv6h7snWTkKDY(I345z-1e};PyW}Q(e(>d|~f($dL9)%ZC z(`bt6UAjqmR1pplEpy@m$$(?m_5+ujtnraS0u_QjIzwUy$0xthiWkS4% zz2(qN_pVK*d6W*kR_3AFWsmG^pB@^{+L@ zKY*-roSk2QM<+Hq9lpJ4x*aweyJrqrOE}nnVc8hNOdtl|T9w3eoXqBbs> zE$lVQAG$QTq;CEtRHS77n*eW!$hPmUMheqc1xX!R?o0`-M%;__%c*IZ+9CNAKk#&8?h9 z)0;kVUVHk#?G81Vh0QwK)yYgLCR&!}rZpF=dMy3o0d%HI%7>=!f6#_S0IyiT9DF7n zXQi2>O@314>Epucm<4>EbVXkwUZbqUK9;Kb^fgmKFdFP8>ZRgotLAKNnIr+};<0iU zV#Dt%5+|B*Ai;m()nj3BzSMAN;0w&pkckEzaj%F84sk$aCs;$-2<*uiYzUrXx9#dh z67@KH{8RMiQsJs{5K+jBi`st8Me~$fQXsq&-ugM}DDqrHJO$OMvbAV$JXL06aMnMc6%Da(qe*5sV4PQlY#gLEH74W704=@g;Io_ zj4G&onmcD_%#eL$6jNm@m+vxV#mWP{1}~>iHr2&^qw8@s71{Uu3|133zU)_wbp`kI zdy8V+!eg9&uC=!hAT;+%oD~?c9Hy9g*$?Jfr0mCjiH7p~8U5_~`(1D4X%8^72k1*7 zQmFw8FU|z~6hroV@c%;(QT`hj!VJBS;v(LJ>>(s!awb8%A!*zf_!rr1U}yy<$kg@)UK7sI815iwJ8VJV^t&qF{uI1wSPLh~ z4z!*M*2CGhNy5|Z8W^2Zo_gG5(Zo@ufMXm<=0&D^{B@bqc*MOR_=?&#k>@c%vrn}_ zrQOawdb^z{;4-v=n}%6rpTzmo6xAk{sL9$C@y2Qmy3^V)7VWp+^O)DBNeNsD%xcUc zUGaF+)4M)1WD-K2_l?$JKu=LDQ%tF(CS0wrMkz+)xhu@@I5S*`vm`_zZLp|rh6QCS zFAYLBFppCr85KNNDTfag{B5Kp$5=b;rSYajK8hAqt@j^)M>UzV1=GD3{@c~@h<04K z$^T!47@_b#3i12j&6<7|gl zS^=dk^a3-*AQk8fB)B&cf1Dy%CPAyfg;8Q4ur7;w6NXfClS!>YhivCK_YT|cuVdI9 zsf+xH7GNn31RH&}0X1#DjIuhJT-;l;nvZ0=|H-gy@+*TQ`fjH=I?$F;AF^TW#O>vs za--L)IWZ5w7aH!x$q-vf6}Vf#bpN*FtEkk#GPK_rdYK!_9t+w<=XH)oBudTyo#6&- zKD8zksPyHP;Lf|;l1VOIAo|%W29UUvb3UicU&qMdT_oad*m3r@5TaHrdc4P+$^Inb zUd-Y0CGWhtsmZk3%h)UNW`F_xE@YzuDOZVE0NJUQ(S9Fa3w%FB3kT61;E zJaxe}N^GIU8pp6% z4O|9CF zzLlu>5KS`nTQBiDY$O{}^RTbL>){R(j9F}ND$C;1re1a20V#P?<$2rq2v(mZO^Vkv zy%OvdeyWXztE9H%>~ziOjAsjd2bF0X4ABsx=R!QaD$Pq2QkUaNU0~V^RUH!psjw#$ zVMNnMmP0B*+qjzsv5#WzUS$Q(5R;&(ENtkq^oUDMSJ&|08*isY8IJ(*ei$Zw4Qv9l zDG6QLUyo*>^1Q}f!1;p>#pcGd>-BV;eyyNE4nXuA2Cji#r1J6Zt#w2Z0mjeEztPEa za!9C6qTv6*qd5gv!bRIUwr$(CZF9%AZ9D0(*7;AJ`!-g6Ykae6 zKF@K}gLIS$8AyD{T(eR5a18c-Eer|xL5gImJHpdlG+q+o(L-b1C$z0=9xb;8di$7D z2^lg{o(jyawIPKC+bu4NjF)|Pq5d3Hd$e49?y$IJFFS?b0O#vL^WEPMjuED!pnd2b zfiD|TaeQ6ojSfVL(gWw^24i84!V1KVTd})-CfNiSGe48`a`Wnp<}n0}L7Npd29hk% zcYa^j@5DxVKX3b0B6}{`H39ZQqBOS{yO?&qqcD^;yTYv_|J?W25qR8E?huPpurWY# zAv%$jGfzP)a0;MqWOQ8h%lc?H3j~lG3BuWXzTfxp1{kXF)Yw@kKmwz<8FZqdv(zNq zT$#9DQ5-32W%@M-cU8F3#V>aGe1)QZM)EW{X6+bFJBJz^39shE#Au8#wk2SIBA3I~ z|C}rwEkTgT>$CR9YqGPs?1$Oa8hwXlBy;Q)PANo#= zjE?%q{Mi2xuY(TdS`-BR?ml0PKBYyF0?|OeXN+pK=b4KgPcT=sok~EOSTIY`EBmO! zZoRg$L7KN*e5+bB9mu;Y#SYny_1V&_XY9(|GWi5FPuhgZXUB=hpzonoOarmg0Skmz z74Jk?OSvq=3T> z?Cpc)%(KwElr$%$EZM-=oqho`RQU~d`mNR@U9@FdwEW ztEyx?)=TEg)1=SykPo6B2T{-47^DH6py8i-t+;}H3!U6xj`*{GotpIiFG2v;}*4g~Q*6fX-X;X=yz~=>lT1Y2@VND47TGk~h+YPZXQL zXbxoM#s7=M9Z3JtTaRcC;(tiV$H*6Z|1rnf{|f$}`Qjx$f9H+tL54{e{9pJavWdy2 zy=uive0JZDVz{GZ9tto1GYS7k{{O5#!4UQ7^k><)TA@J7$w~(tA17kBDCT?UTD4GJ zVxsI6*@i=UHxa=>JWh7*^epY2BT^SyNai>1P2T=!ZS*4N-!!t+Flp*T1+)H^@#Cu?Val$5@o{h$8?{XC7oxV_$1Eehv-+yA^iot=%3?|i>MPv%s`^*${A z`Jr0B$NG7HJ9N6-zlll6&Hp~z3ET1w-d!o5t}|{C_~<>xr~CrR$xm;@M3k}xg^e1< zlHT4Oe5HVpQ;SeLNaLM5V-8nJ2=j|lo4#viE(J&-fR*_{YfGee&68E7OLQM5)oYC9 zMu(R8? zHPM=l%v)Xv5zAFQ_=(FLsLmGMWiDmc@_iN z08UD8v{r)K$_lrB{=x!`UjRD6K$o2^3zNnWHQTn%8?&%FHgW!}RfN>7MjeZ$fDnLd zbM_uU>NUXso(KC&YcM28Yy+xQnjW!$SF=rOQft2~lcFlBl?Ja+RB1m5=b_oHOAolf ztoOC5H&F4zQp2KZZ(eo(ViO$|`xdYN2s-7aZDcrwTbeemf`{q{-#|IfqZ8nwWfhcp z&=ZUE>r~An?UOgsU>=WCFL0=gwi6}@c^jtHRhKl(Gx|Ds4>J5Y_LN%qrYwJJ zj=p;ku<~&VBvZaY$9tII>OH&17++pl$@sZR<3<-xbJ@5zgT_QJqIFy7>fzSKh{_7^ zZg1t+T_B9T(VL&8yjdqHom$J)r^HSCQ1+z_Y_^mTX2L@%brJL-H$4wKj51Uzne9q% zRw37?TD83qS{-SWyLWA;mYE5+k3amo1NBzaG6hpfklfK^LL#_rKf$V( zKKnawj{XBU20Gr<;;4(*^r-|p?^KIBT^em}rO~WgY}H7MYwaq?q5dM0Vw}$v$qr(So%W;6;bv;0&T{P$k8z)@g*HWtXtna? zG**u&pQX?E=qyg_^Zc+z$Juc7pr2XJXt7_k>$~{6Jvy>eqy~UNM#ykHLAkzq_VEog z+e02XJtD2Gqvr+u=_T~Rq%qM}yM8&x^ zr&lJU*%W`IV6KWgmn@-!ldHs(ctHc&=t~{3ojD%vVIyen`6@IBVU#oPEtZ51(dFWd z)Ec{d`m0(mvg&EYvmZ_{tc%8eo(s!k>^`Lyr!b*-P6~}mLoX*{A90-WA_cU9Y)8Kb ziR&#l_f#k!%t5rKP0IA|Y-?>>^R)CGqHz<7F8Kj3xft5ArCl#i-cv!gbG^<{drd$_ zdt0cYqn;ntWzA~qj-#)YlOR&tr&NP4TGQuoa#ktxf(_n{8!-hig_EOP(Yu@^%tI1_ zn!!s0lhCB8@Cd0D*Q$xUnxiOkboH{_sx&rWSn>lj%(g5`w3c~SHDwJq^mnPIrn3Uf zHMAUL`FW!>y%qUB!!0%dL+#-X=1*8y={!{Ox?ZmLlAhgm54!vn5*O0rx7L#l;`rhJX95+C?faUMA0g8`L96N;&~ zRWB*Puivd%w9J?gsphRf8dWG$#Wm^VZ z-4u!pEf$o0L=>%j$Eu2O&r*SOOm&)ZlN1tq;rH|%!~1*Ui9n?{R$oZh@R^; zQ^q4kUf81B84RNetH@O=UkDcjCMG!S7KqAf>$H{|5o&gBI31Yqs(81!1iM0EL>SeI zjQ4q^?5$GYjNk(l-C8dx@U76r7$kq^85QpU0R+^v61K83ljzSF@A z*zRxx0KC9!#o?-%5Qop0d8rIY15qWl1LJm=_?IqS@b}H^r`%MVeYt6j*F*>t4@Nt5 zaf|8QTPhwr5)u0KlBG#sNSOKj#Gb)l5j>KLYxW)HS?LPJitiBNqy4hb)Yf8+oDKN) z>nTApXQexp#EQno&yhhwdFZaVR=He#?+WT2J1GfTc8?f-C}TDgp-v9Keg7@0>+8(Y z{8!-nxIIGk^RcL+l$JMc^L{zQw2c3*r@8J<_Mf8urJJ!vr~yuD zfI6O4{D`xLRs>eMui#mu@IMFx4@-WcIeG?x`hHMe@*jxj-6A(eihyiCs71w!|H$`rP%|LBB1aLNWX84aF!o_1 zF!W5jMRuAIVpO61o7|DGs2R{OOUiK zBd0M?nm3R%g1mWfmHSl#=z>FVm3vT{wO%BV@vjSzv@VYT&$(deg2Ou^qTm!{k#YW& z{|W-`7oap*1i>j+9w2f;Ae6-aL1i}b|252bfXE@~_X^w{|Ib&#|KR_*-$2s*LF9y^2Cdw_YWiOyhzy#n%aHVG%n5&8fkw z4YA36@1F3bX%Dh{BivwToM`A!-yd6WyqXgf?p5I8vM#EV=;94S(35K_P^RdNxIg3&jJ1GAkp)Y$>+G@B`|{*Z;bjLWY@za8dp zC%SWKp!Pn!r8;B6R#TW%9ub0I8MAQnAMZLv6a~PeR~l`(a4sxWMD3Q7s&^SsmSO}Y zbVR*>vM@EnaU0mgv3O37T!`DE=;T6-PH6RyM$x^a0n3(%YbLf@=pzzqIMlL@ z`<}i-%_uIeGu@;2269}h_b@@}=N$;1SBRZMg{l^K4N##ruDX8)?w54pEn4PXFxgEL5UKEU< zQ>WvC43BO}SI65QfFr?4Y=Y_VJ%SriZkZ=S)Lg@!W0HAe++y3yn=5r(t9jiTp)w=; zg5Ll@7p@ir#a4CfGX3y)lnTZNd_8ZkM3o{+hG*Cs*)IfxvWAXH3kTF_(eKhxr8kU= zqgy=P3v5>+n-LEmiSP*g;GC#&(XihNp(P(;RI)P{fm=$z?2(`!2{A_sEur@gC3zbr zqNzK*nKdPr6HQ&M0pL=q`_@)JPzN_LImW`Dx-}Su-ZnSW#R<2Gfp9D{vx$p5(T50f zT4Ce&E_ZxPy4oDg!%tFDDhZ@++NI5T-*8m;60GTU$-%pUV|Y4nvN-J<%0uv5buSGX zcn*L3w`vWu`o%C1mfU#)L73o+s4#f=dURKOX+>bqNZ%QouCt2w@LU{t-+=YK>%|fz z4W*yOrL!$c3E~aScYG;|Bm_fO#&HzT)NYA`z7E_xmYLc*erb0!?>l}2mD)vqJB`lW%^S@W!i1$))^}w8 zj6>Fh*s!Pnswo0wNW)TbV5_p01qmh04*yxp-e#4#-G{6xUQ3=T|#JNZK?jaq29^wg(h}kNQF<;oPO1_P=EhY^=6hwU?C-!w;wH7f%YyU zOud#|<6=ZC-Q6D+GMB7+-7>q4!oZ!#`};>FoJ}{j?u|y%$wJXHt}S&JW@J22X~cUa zO5u2P;>hWBMzxs1Y~7cj8Fgc0E8P4icdHD+`L-j;_Ra2WznLs6%fuTN85jug`ZBRQ`u_4e@8x+f@|O z0D_<}M&&|MKaczdTBa4>P8)pvcp|2)deZs&yqckW%>!by_1_4rYDcK4tPl@+5mj*G zmaU4LSqCp_T2KVhUNq|DKJ(0xXpEAiM!?*qr!_cj2fTI9E*Z7EWQPhNSpSj8rQ>Nc z^Wiz7FFQGTGX23b#7luRw1Gz9R+I|Rp`4d$Jp>Ge-L*N#mveCokpAz(Lh8E$s;C@n z$Z%{~d$7Hoe^6W_KasUFmvMc|fES$mrEle>d7JP7fiX?}xae?Su=ve8_|bT-V)gFx zf>!KWA;$P+IMO^*SkN@~Hun2$g&%>Gj;m95`?YMiy37`l^)H%0QCKqR7mb#$v`?W$ zdXLI$ZmtHKSFZ7C2&q(YbPAgB9~NPvcmMT>JQxUyZb!U8iZCF}0NS z%f%LTCu6ljn8e=AJ4GL%uy+ZjGa5jDF(iHGHngy=Bk2X@Gb`-i_hdFVxD1HN;v^&f zJd@W#yW?8fzYbx^m zF@CKb7tfz5nIiUS1SUUqwP^{@@8#n?5Uj&vaO^5~w=aQavFLL*x!z-D?eP-hDv|76^ zAiQq7U*ZF6I@|}h+MsZif3H=|Lkmutsp}4_=?EJ&KycYUc9z$}P zLJ?Pr8+7Aq#&iwr`{)w>IcE3ij(^sGO2#2vSN>a^fS$0W&)&$ltNFEGpjEA!f9HNm zAnq4*FuDDE3fhCmX}&?@YB`| z#!GO$GMRu63fzS7eri~jGNix2#Qdbr{fg(Zr?mSziJ36B074u_t2@P>LDgK4JJ6Ba zh*8AO-{RLzxtpLeBf`bV!CWZ<93=CN;!|1QQB1l>DZ~lmwxpq`#kLo=aox;o&;8 zkqYjqFC5S!`;=BKVxZ2*g^VK1zpHah+801Y$OP@`Aq^am;CBe&L1-bsZZXE zF<1y<*lg`MYtLhiO${Hpb0e?WKRvX%R@y)bvLN6!Za)#6>$G><^L);=zA6FRVs(^> zS_kgEo@G%~eCs<78M`eYV$ptK>@DWGBNoW^`MD2X={>Dh+Nwt?AiEk;TK?=4DCIh`1s4XJHM~Zt^vxqL{ z+E;mfyR3S{#!;Ik%{jD!VD}BWEj&8&En*npA#2@jJKyo%a;!Q7v@xKbyZU$XfX#e7 z3;mRnTm5D$c(}`}Q;U>d6~sBYoY-xEw@0X_hZj{9OW0vBQT_t5Q?3X=tVSb$OA z;&qdkZh;NQ-QEy`lR{704dzNlitJ>J))IUPMrzN;g|iheSC%j8DUxx;2JuFGT)Wyg zsE8!m9?y{(PvIRO%Y|4qEPvmt)bsN++q5X0m-~73b}9VxeUW-|a=WKp9>n*x_I-D; zxR{#S`}K5{!L5xQbW$$-qu6}J`2F-SzOy>KgO1ND__f%Z=x)vY8vD(Ai^*h)T~u{e zT0-2XEXUfY!vq@A>ma}wXir<8KX#Z}LY*x@Ur|8M<;I-jF|IlL+!(8qEjYJcUcw39 z_)pwnguYkYp_of|^57B{E`FkA1~Zw`3D2zR)^v1qzukM0T`^M-6jm3*ABj-vAMz4@ zoU;Q(Vd!lmUGRY^-yg{{NcfYJ7G*GDV6}-UPw3{xjWR~MOvIlKz`$z@%_zr;9EZdRroB;39N^rQ^zpudfH28eje-?Iqx5=j=~ zIXSUL+M}9QQc*@3PPs1_WmAChxxIdZSP^(r_~#x^0&|3ytsjz2$H`Q(Cwh{?3%G@V zVlhk6hzd(HynejiV+Op1f0xT|r6W{Sl;Ac?B`hq2fZ1l;92Vwx_zc+7GP2T2Zyr$= zTCB|(fa}W^#|pw{o(P>U!srBsR=QY?4`!HLkug)cJpV^60}EH;qZjSW82{R75R;HI zW=!vj-5Y@INr}t(C5#&SU%CM2NUu%kO*7ZIkLVQ(^T9Ix7KWQ76J&Br9yqpgwZelC z1J+@(bX>hz@d^j0m2cxLuQ~X?Hji&<6SC#n_ zT&Sg(4x22_P3lBTgmJ4`4Ei7y(ML|+b3p}P5)0}zF#(KG09sJ*i|yeF<@?W1o8_#C z#1Az2!^xrlCQl*r4=no2HFxdCa_C1QV{dW99hJH$&cr@>!o<;xjgQpzidtdFiUl;$ zR^#-%u2WQe1y(G9K`c4+=HgD;buJj~K1?8g_6XtU}kEOzrm`>4Ui(97` zl`99bN77#;wB=KG0t&kJ{|O#Rf5$|Nve$dVBs`M- z5-Ap`eWfg+7TQ(?bLvi#X+s1XlfKQiN?9*1`GZPL?RlRlq+1YoquCwN4{Eg9rgwC$ zhLCNeOV*dZH>NxMCh;N6D+bNSl4$wOS&eO8`e!t3Gj~fQulRL?2tX{+rN#Cq)lQdB z0=!#j#1%H|%kG~sB>wnT7}g4i0WySt9X@cho`VTugGPtoX;!H535WRAFbP|x=X19M zcw$EZh@KW&uETre-Jp+srNeDfA+9=^bw5X8BeEt4D-fi>KvrF23mF}}w#MsL$|-%@ z5TQTL+K}X8LwEBAx)p2NSoTT!otJSrQzaNM99nh80=rf5)kR$EEq3AaBB$YnR&8@&ZOt=E7}-sG#uFqTR?vrU2nGIo6E?v7eLQZ&f(Et7h;$* zdZpg?5W%~lxD0{VuXk>)T-@VV0~wZCL|8U$04~__%3ao&a-K&8o3*%sh&q=={Dwrq z62q65H7n1gP@owiUIXi7*?K>|=k!rh0{MWJF_-lT@v(7lcAml_nOfiy@EWZI(jYpw zCXE#<{EVt=dp44%dJP&MVjKG1ME<%S)%$f7nS>zx3mppMHNlizDvNOYak}`9iuhDC z)hy_Se0uFre6Z;f(M(ZEr@x^Ej=(I2p63?GI-#^{rR<(0h$^gpNzb&740Dxl3II}g z1b`xwqC7{9{6+k`awt`I$B`MVu{+8XpXSBlK}T@zq9`eZ(_dA0mEVCu&KD@uDHv`5`$>8K^@K61X zvpitOiECMF=fBt0X>#kLSHSzz2h!+#`MKW^SCvlscw=Yfkt<4|nU%LSeMpo7AX?DX zYj+wGASE?TYs|Ht3LigVf_#9;Ry+)-q~amwcWeC8(Z)$o`OcS4;;huuvuDAa-rGbKa*z@uBQo{jHCAWiC1joJTh zxKEyE$jiKj!ixaMKI?=bta0_%w4XBKL38Q+99JaZSbtX&wUQ zGZ#-2=ler?O#*1jIP??U1R1X;&nrMjJ}6w2IT4g&Y=8rxm*Vb$>;U1x7z4?J zncR)605$6l{WDYbq)8M<-B5Y@nY{JbsgLnT#y+yilCuUf;F&AGnL|A}tK+qbt-STM zFW_UW>eojorJ#&2P;*Sgd%FAyQ!xGZYm!=XeyM@_qjzcKI3Sv8v<2#$FrAVp(uUzE z)4=*sElXKUXKFXz$PDoJha5^awMQRswjLRifIY+V;DAyg$N$u@U;*lWr(O*Lujg60 z!FP}O;AKVil50|xcY-Z%dE$6kGG;cF#u=+1gJ*!v<_Uwl1Z}w`5IsXAM_yn%iUvsb zzF~XXclSfIE_mZxuRzmHAy?u3c~DU58HT@tLM&W;NlP5)eO|9g%lhmmaRCJE!Gg_R zlXe7E5_*cgmrkpZ9A)j$I5L}&&2~3_<|BsI%T`9b{+e{}m6jm8;&B(T7BTzl8BTSx zAIM-v0CsS*njmTp?%L|4t`RIdTBq@tX?ndo%PpqkEQW53rmTJXr>VJ9g%`f?s9DLq zlvqEDb^B4a6}L>KRd-(9aFUCwrY}+Of1#zmNx5DB5J>$~Pt|lTX?o|9uY!!DH=07% zkHerW-8mV3D1RL@Z=nY=V)tBPt{{M|pmLP){h4TROwE)^3_z_iQh=O`U?rlQYqUhm zL-+0<1ArMv11DO3kwGTmUz!gcg>-ONFW~2kzaU4<>PGKdh-#~Z5UQ&92XTn;g_T@v z5vV73n)U`;)+BZ4{KQodfzI5x2?CF3h+z6TKFy9c$VH3{7x{rlxrM0!yT)w-h;<2| zZ>Y*#Hf(l@gJSv|8ztpWf!}eeLONT8FKh%x(;l>P3&RfVw^jD@Lgyvs59aL{KhS!a zxO|YCOE0`~Y#VMR#zm+Ab_&d2^cc1K^%;Wr5fL(y@0|1eEefQy`Gg!!&thP^m^3v& zPD9)4%IjM?)a4}^G=FRg=XE}KJI^Z1UJ@>U`)LMTTw3m@HiQU2wN%;&DitzSu?{N4 z7`(}NH{2|byI}B{Kpl#~it&b!gw@h5FYSnBogopN;UMO+)f5Ga zMQ|gc+9zoSOH~g7L^J(d)kpnTW$;Pw-S?_oCdMmwN_RK`UMvnp*5=p}Zs8%}dLRnb z(%Qwfjc&boiLlb)XD9W-YN7(6Q-7S#DsWhPB@n?ChmI@a&>90)$w*2J>gTju#Q}c4 zrfPa!BX`WNr*u28<7U7CKs}??4i-Xoj5vGkJNr0j3PWEK^RnSs%Ax8EBM%17P4)H)Rvhd{4B zUIWgJd?E+_&JXZu&biOxH_={=S({P*AnE{L5UqT8;Gb21eeF)V1MzXzIAjON^p7pK z)eRIPfCNLU-WZJiyEBv5(bt34aN8hlglhuPV#0Z?{JcbpHf&q(TW+hHf%((a@dfXQ zm}66L3mNYlA(CD@M^Mjl+EeFJ((*n?{FwCQ7L@zdKURLbf;=MgHVAC<&V|H_5NcoO z6Sfv?FkK@kSN<|a`zPX)Z+3Q}!$5y#&l=pmxEkTw*#g9XDCyC$t4l)UB51?~&CSd& zN00XZ5Sgr;>kLUNNiy}|quzmcWrF$W!@ShXT@o5zTO+>w@lc-8JzGR}~(Re3<15!J4OdbSPM zL(>D+iCz5WR{Sc$?V86hXGuc+c=ZlPlKs}9Tn z%_+K7PUb9@;#uCW?riIu&GM*hK`!Mdk}$jf!jgFelh}`v1atRywD#@}ff!?b#<2(u zoRUG#_4tg(m3;FESPl!v2xpj&Y~V7wYJ4W0btw>VE0Q#TZqbvOBbmALO{DcV$gkSF zvnQ~H95oN&I$;sR8>uT-0I7wxpU*F6$lfOK|pkj(}Zj4~5TbxebT zY`WO=YvpkKdd*j~3V^WJ5J*z*40r-3tYczzTFu->QS8gt#4_ZrFfdgs$Ww_)sriW< zTDbqJQl<|&!g})T@5H;~T)gSu9-UG1>kheUVr`UeI`$B%qLHw0pevjC%%|o$Q^`ub z{xjqRJH&X?Fu-C0thcqlLBb@~V(@YHH27oc-Voh$y`FHjaZeiPSsW*M>al{L#kH0g`uynN3vj5sz#Gqk16j*UF@x0!)C z`gBdz3bYz&7P}{0YJWJ!bWlg3NM^hBTZ@n*XN%Kc7pt?<+qZJ9$}T?ReOR5#qFV7Q zqcr23vPE0>fV74lNswFs3EN)xLQ4X<;~Tfr)f^Gi%XduN01`my(8nEQwHuc`(-}vZ z=#%FYZ)_=~qIHior3yDi=BGF_IN1Q9Ds6l2u4oAhpF~;;1cHvZ&ZuBy+-^6Q{ zQPthRW|<=rGQ~#SLUFQ#;!S761vqcJ@Zx>%8BrNlI3$Tzj=Wmbf6{Pe%*R>+9HqwY zDSWy8wK$t?u25~rhxn3QKt@ZdGp2Zp&v!a9e4fsw0oY`FsQZQ&ZuW0g{ z@MOkuG#IJ6 zr)4y=!p~VZRye>0>D3G@KjiAT*b7w~)w8J70xUn)4}z7dl$rucwW_i>UTY?}$d~P? zIB_f7*(XG$yw zHNDm7uP&SUB2IGduEaCcO*b!pJ30)~Yjjw>Y|Hp$UfC5{a(Q&kPY7?Uh^KXo)AO{b zsWjdLtEe$52+~%qOM2#vDGP_n7S9noCd9@8GOk~RLs;eMpqoAUa>d@64(pkCMwl8E zECrF>t!!p(`NSgfGMRaHb-$UUfu?hUt%#h9b+R$?`Sqm@S8Z&6_`oqE_}q|ySBT7+>wlrZP}Q;-P-hU($inSmuyyB;VNgL5$eC6Sln;qYRt2qX=AgiM zPc*Yp&1fLOiqvzl1>|L;Gg;0{wupq=t?KcLg{j4k61J0aPdiG74Ff(VNK@i1Z=N6A zp>q=Gqnr14OcxyKz=qzIOMM2egm^e_`P0#V*XYV7r$WBOs~59mKozj-n{RMdd87jG z(q&yn&!PMk==+1;YVWdFTd52CY5a6fhw1$J*jeLXu%!W?ta6?jv}d{1!5t&* z3t)LSS@9Oxn!@-C_6m2uB&VYcL}veMuae0%mX@+0wtRdV3|Y>a27t=7S|T()+m2SQ z1>Si~2N}ZVFt-a%bCv|B%F>nk1c2x-DX-O4WXn^0!kU2zCTi)cOVnC_N71*vZKPHEm6k6 zNmZHC{yE(t&FX^_%4#eou4~(JYTQ@ysR6RayxD|a_d-}%gNnW>-PlRcLmtiMjd82M z^&FuE?w|mK3tH)diCHm=8>C0C>nx@@*zSeK93>Ivq7EHq1ZWL}`!<{83pa@(C&Iri zEjNE$EZM>hlCqw!w)h7y3-`B;SCds#U@d$WfB@m*fn$9~JJ9F9i`B}eUlGWcgFd%r z_Vl|BJwTbw$HqsglyJfZ z{_85G3GjtqZ4Fl_$>k5m8Tl~tp#hUL-c#b>mf6HvV*{+uu8On@QEPw@08k}Ot3cCX z1b>%c`!HUNa$vg~?Qs`;K^}9ds>vwA1jU-)&a$Ekj9Uw-mj1$xRY&jrLw5FoPT{Yt z`25_IV!E#?SL7wEBe-D7G44kb!M|Y1)6Y*Dz`qd4Tt&+2!7p{k^>eysvw=QGm!eLU zPi3%wr%stqrf4b`I~0Bx1v|3PToM%ni>w~{Mg7Rh7-3@iK9KszIW3u;6rYq7opgD+ zwldC6diO?~lK+Qd&&RaUO-^_bJ#Ta&GxZXhUv{P+<9KxwiGoLZF{2o;s^aSAdhS~C zlv87Nd$*8IUB)0T=4wxuPiEj_TIt%3^t(G{G3`Tktbq|#UUgeh&h`(|LHLyF34jJnI>Z0Zum zWLOx!Ii8Xd`)9Q}0&%Y4D~3($ABWhhaGmAHrFHOxpGND?h6O9?(wX&=)o{PRcvD>Y za;362&s93ljNxot!llU1io#+FV5gDFV})dLeeG?0gX~V4OJ>Jm|8%?0 zaG32=D?KZ0`d7&2`%!q0Ah*em=W%(kNCMoZjIDGT8^D`*KoenVY4bWm6b-=V2KwkesK`u zc92E>$b~F6(@?n}KTu-Z3v4~!fX;IC%Q5r9W&GFDa)TZaN|k!* z-_~7LwpL?e1k5@y#3u*DU>ckpE*xQFH5=;Q6tu-TY|ujI%M+Ub|JWW%eZ^EURY8z- zlQFKxyf^$t6l8D3J05{M^uB@8b!>Iilw)x!}B3<#Tx=20N!Do2_vQV<6%rNahDdJA1xSt0MpZ1o< zLdM|*8G3;ER^;~CR{5SopNq3#_%!5y4-96aE!K!5`btFBv&f)4k=M{?;1=sHnLAhV zXwutnRAYPe-_5o#06;*$zgs)xDqB_9hl5Ow>qOG$pQhoVfTR0&e(ji*flZ%00(G)r zrcSL;owE`7$7yLH5sulBg-+zPZ3*Qn&ICT z|J;!NI3xq^!7ifq5lVH|RU-UkUDxZg0{6`DVV}kvZKqE?GM@8u1JS#2bvJWGYNHCD5EiI{! zo!)L)YzFA^jVhR6s(84(LXlF|;W#`O%bSU1JqMCcUmk8!a@jQt(@6Z;6R~1sv7cAk(~coQ>d{FCgD?4g(k0 zH3A)Ki0FV#smn4?s)Z&?{I81^CkXK=V-5n>2G+J=ju|FBBcQ|u8l+vy(yYv&7H@#S z(?en8>n>slF}|*jUq6%V)7Yu&nKU?9Z0JQaN1ubTMi|>TU8-J*nhhj(WIV)#9rkk*B-yFDNX>i^^O&~&D8`@^I~lRbI$6} z!`4h470@9CFj|j?3k*J27fh85{ZOZ0m#zOD?-8op_!%DJ*35(1_euWd@Da-Xh;PkQ z-P2K)hMnLcvDvz6$x$V`GFtbrd4K(bB7$ zin@b>v|813wCUJg>04M!o`k<&t9j3hsdEHSffsxhqW^hv2tkB@W2M`eyBLX?qmI83 z?1EqhVagfAl)dxCB_lyf&f?A+pJn$SH3Pl>e)7;($ z!nq)cylu{S!%B^|jhp64mqjloZ$nXx*=siN`)jY)n&8nX%`^)^i*zI?pjJN_~b!tZO*Twh_PrQQc)-m~07w?ywJm5n~1s@znL zYZ$^$)fZ}5{YXh+EL(<|r^TyhC~W~Xh8ImanJ_sYJK3#PQKm3w^p=GAjl$zgYe7Y29^FFhg9e#l05@1h?R$mGIRqvT7)XN zRD~fsbydasE9VeOI3zOuLv^r$jL(Lar>uc4G83CFUh;;>lU-#J=+;lVgXQ0sy|1lG zG7(c{`co*Pv@TS2IVS$*9a?qP^=in9dud+kdMy&MBQ*l1m3Od++I6)K~cj zZQc)9P~tOMoMG;;`aT8WY|g(#LO?u6Ic~-~1{PR+dHbNg2fwmooWhF`wdIwtAwPPJ zCcPRPu&#(lhDEn^<~NG|XaM5EJC6yu3c{emo5@s2M-fRTds6HwY73v>2u!6~nhCr$ z#~>LQ7>0RPy4E^Yo;E+%&RV;X;u8&alLxi^RauHJY$v{BmKP#(Jrf+aaICeHLun&S z%A7j96JE$=C_h9dD~+vgJ@0eYl+{>LFl%ge1bY6yGqtZ|I~d) zeJWV`rcBR?HNEXu&knKIJf7Fo8>__0FY@GqyvhY*O_}!@S4Vvg2er+fTl$EXurPM< zgplT@_|?Dte#E+pJwb7);P<=FS&MTq_o98D-gJRw`Da-|&8&3NU3ftn=#oB?j#wMO zZF|aziSK>HBV1p-t8agOMm2$QncTVWh4fWbsXOADaT4*7xe?3u+USBblEd3!|0@wQ zQ$lf@K&(WMIEJ<591?mx&=KMIAgVV6fG0n4SG~~tX6jVse&*?nHYt4W*>wV53a&rF zmNtKPlKLv-VogAqFNq`BN>qM6;v-dSe$CJXq1bew2#n{7^$%J)!QLSb zsq2qfhpKLrSAxOBXxJz+Z84NU5eTnvYNFP@o}L8?hy;QdqgVGSs@+V9h!{0GJ|uuO3Q3enB&VT-2Ku;9GbrPnyuFaXuYbtU+F53^#-Galq1ydg%1$Tm z6}imYXbi=+;@Ssh-(uS<-r%H3&uz|ZU|UXrn^(?eJN*-3#ps{r()_aUb>x!4IR*0U z6#Ut7c#yWTJ{wnbyYGfM#)m|H2oe8?V|T(56XbmPkzT;v$vfHuzbWNSLr1px@?Hc3=M76Cf7e(_Mc-5gPfcH2SKc!5 zEjxl*r?Ui|9m&dHfVcZyyp#JGIW_j6u6P92hRRUHoDH(=*#7F;1e6OgL|y)^y@o~< zOkseLnLcR)kx`hDU2;;Smn!c<`OpJi3%x+Fo=@n_&f7rTDbl(4HlLb5E_QtB4;#_N zrQNuz3#gu+|Ce{t#qP^^GcGu21HFJx_=D*!{-q?a7{s$az-RybmtCz&(AAWzBh=!% zb6^Pv(3D{=^-UI0ZB(>GPvWvpXi>ZcgQw{49a0mfYjgLAhVh;8(Rw`vDQWVKA9VI| zV6}g=AZ-1005ya2tE@Y4HU1m3jFCje4(_&yj`gprRz1H~d)}^Uo1A`P5|B0hjN59u_5aW2+J=TnUkKKE%YiK7!%q7nD>UO5T+dZ=IzYAdx?kqQVl2b#nVo@=7RVj7=-s0 zWZk)t7=@dptEfaU7V2(7{V*dkK9r&rE|`YL1DGQG_%R)sw2~c>SwyN?j)F$yo9x{^ ztQQ}HL~zhBVQ3sDQ^ux`=~SmP5r_lKuWwrQBy3uHZ)cmlu0$wsOs`sME}1C4CW@sd z``!gnkH2I92(pqsQt=q~GnJ9%aaDfuD}^2_VfVjKh7sxavlsce1RXcwH7#Fu6?ieI z*&aU_O4bEgh;CtUzPl6Rin9CnLIs%WVVOWpwk+5KEVe@KE{#S! z@VG4g4@4fil=X5AMTs%d?`^54wFh%OFoEWPH8m`C(71DckN17B&a6@HDQnQLYU!KxgTBlj9;)9G zbw;sP77C!+yNto5!Hx_Mr-Q(0@&qnKNe#!}NJbkE*sTR^<~LLT0vGbzh>z-2P6Fnl zWgxp9BMG~ww2li+gq0O?aA+Urz@bg+dY`xSc*-yd8OLsu1(8p` zMbl8SH3cb$6tCLe!^^Mro>~y*EXQ+h7J}1k;qeLtn z92yCrj7W>fC31CWV9Jxt)Sg%|OabzIA`qfPh4J+2d$g6z0hUp8t^0A}!2GltN4#K! zHm1(RZYd3^aK7=d{uK6bj?^LSv7AV$^lVcK7C;&^vG~!;S%#%>Hnf9FRxufl-bsfP z8XB3@-a2o0;2}<+c(Yn7%Esn`_@rrg#%q6Bt~nwhB;y#*;WxG%3@EE~$QmRB@jr&1 zF%cN(Dc;my9w<%PW>LZ@w%|C{are@vA&}$$ybv=R0i4!F!l@+MpwBz(Xr2Pz{HS0# zi*%9%dbDw%HIZk(48|_C5(QOJ@qL@P)kJ6dx_&lvbjBY-X1mh$Kv~+kO#!EhJoF+T z_qWiJtevs+E%lal(dj(ij{RkMS2B%Qlr^gh&V4S$Sq1R#85ZOktA4cMiJzB$5SLWQ z?}nu>#UD0H*j*n@s~&}mb*oEwI~WWFiI~!B>;LFsPYIwoq%h0UcQ+L)i(n2sACC8? zKT~GF5sh4D+5i-)W91*Txb;%`QY+Ti2H{J zQuF{Mw9|hJ*sgr+;IX(xLup;KYe#10yY;*P=`b`%>pe?nwl3zi1GSZU3KLDgKnW!aWWfbGqXCBw+aVh++!tT`THTz3 zf0VNMN+D~?udBsy$C{3-1H;q~S`ORzyEAGl>l!ccqy88f(Y2(MLMFw# zmQuu7%(59DuUz zq~s=AZM?Bu@X+P&v-?Shm&wu>k$$|v`%KSGruDUqd#WNpxe_^CGHT>bA$w8j1hc`C zC$@Qq2;uA#mw2V(xDO!iIJEe?@ZD%$X|N!p9!sT25>wy31oO-5(MTyhI?rBn<_L`3 zbr z_}97sFeDxUXPnaiSME~HAJPj$ATajous4UteAzcEy}H;rz-_xNv)61nySu~lhi4mS zs3+8EtJwQ_BRRBj6PShe50^O1?mr%UCR2?8Vhz`RUD!u;&x}-A3<&9xbr7!682j0T zD%)`v#?#J0s1rG=i~0Ky0)9cizTU1zx~IM!8E>rPbAd6_-WYs%7%JF59=_B8@N^rs z6`48N!2H36I*eHVlDS+|PnJ+|4f*vjU`956WIF9YqeCpjNoN%v{{y4qfa{tvg`|5# z%8m*Jo1}(eC^pGEE-6VQO+_vj*}AD$eV6rHbHMhyP`Mz4Dc29eVldaHRABjZr?PzQ zxXF)vV9c_cKj?(5qcIeP?>!$Hu?|V`%CD6$TlWD-zlmeTL-TvSRo8rvUdJe&hlOW3 zO7r3DgbS<5PQbv_!BaS~Km6Kv7%k#D+kHV|!1bvnw))wQZ~mgI2sbTAVp(gY#+He! zu_FQtwLp!Scd`5Epm`tW7v5qFgWqJL!O>xJujN9R-#bL<>kN-+ZXz$HpJN#;Z7ojc zO(^k}{^p{w(^BFH(yma=z0;R4$>^_L8XPXPMr!s6UF9vxMT6SrHJzBr=Yb0;p^(RC z-Sbb`lViwocE!J&#wcemu2f|96aDy7lB`EsE7xE}BQ51r_Bz|5nigtskWAkmBf}oz z&6|bVN2DYl2meB0dHfmIO@uOJq0S&iTp$A`wqK$@TX79u(zR^UDgB<)8TNXm;&7qn z>n)%QtxD8`tCEUtt5bXIyz-8#EYsd{pq&Ya;JYAoLq+spx^xhd@mL^vmU=W^ zeQ;8V8f7ixr}^By4Q303gA#Ojzpwf}xykLtWM|lnoOW>?aP?mjahQ*fg7W)55e7+W zr2d3EtQ^<9MHmf%OJD|k3a=XXU8ummDTl0_mN#pYk!?-yem=Fi-Dj^R!4D}00^-L? zr#CcG9pRv%u+dTmJFoCD-0($gewPL(H>|{uFD)(U-_{N!nONkpCI3}$SR&ypQ;Nfd zgA}5G?z6P0>aDfZ_aIHhMImrl+!HdT=F`)teU17hqxx>)%sjBI|D#A&{_+-!e!~8T z42be)I;5B|+Ea57z>0yofiS00bV8Hy8=ex)lM>N<8!!>WCe}910y2Q+`qoAyV`Wf( zh^oS9LM%6SDXYRLjC{KMg_BW7YfQ!nG^?--U}MkL$atn0Xv`tT-|*M4xMg!? zKy|-t=cu?}^~;~|M$VlsUy&d97+Mo{!N?9+qQGmQ=E=Ovb`>yY3dQx`>3+(}UBB%W zvGgIroKm*=H4#mS>h|~I&#YzllR(~`oM6dawwj#a@%~VaG0j5ztIJD7*&DppPSe1!dhO; zhd61lNKk4HLBBQD$|b~%$cPFoYJxGscSxgCYfjS=wL?8b{)I_QSl(r9<9_0bmnemj z06#*~Q|u+s)`Tp!%MYlJp)*&6((X`WI~1J@4DgwZpu?7t?x8c9LC(s?rzwI`n|saY zSQR_ItTx0nsB54m_>3g}yGLKqG`cq#^}vO+_JtK%eCy@iX|o<}k8U)`HhgUDH#Ao7 z-~4%IxccpUNSm+2z-7G~H4zkH(L%$p5LQEOyB??`wW=6`V2}6>R$tk|4pBrvquG8h zo{~p1A^x2<$OXpfe&x4i7fzkFGUX7Awoa7G*yn9M`K7uMNFhnMQKas7ueBGJLY>L<@bt8Pg6hU1pu-!*t>Qq;YS(S0emEMRap zb?UJNDlE!wGN{xSd`JC%-UoA(i%sYn?qF*=}jgzuoW8vRZo*H)rQ6D)6C(U zhunY9@f#NuLHga-JVY^Vo3_UJl*B0(rRy!*biPeJBP~ec8!58HXg2i4{YY`I?eb)z zkCN^vzQkj4Qd7R(zX6aVFleVAQ&>e9Tm%S|lQC8bH?5fJU4l9oQg9bxrQ(?9p!B3aBqY9pw#5~Xp1f0rZ%g(H0 zJ{M6NQ#M9Z!k1E8QgXbm>n9(V3lI&Y6RY43U(9N?V~uW>nD=NSX`w>zV* zo7N{l&FKODz*}8-R(|;;)la7NFK8sy&x0UQtefA@kX(_B{W7+i&rw^jpU6DGwZ9wmfTD8cFP~ScqqZe{&9vP1;syL8PacRNNBU++chibm9jE@ z=w-qzvDkDDx8<6ew@7q3!Q}{(mt)6&>BDyE6pz$0{X*)pi4OUqMl7*qN?PyTjDr%# zp;n!K@~fj+r0RjxfQ1g3=!G8y4ysH8JvYOO|Ip^WxJvdU-<(>&R-DlFOd;kyTW4>t zZLw;sYtl~^pQf#8k1lC9hLt%9&eOHd=eKu+R|RBjnDL$5d18@^xPm7e11`vVe`(>n z?O5haiL~BQW_n-3BqLY^PZ=z4Dy>o@whqgr-CY%LLX2!24II^)AU{lmYwIMnS(SA! zYP|N4?$SI065cJ-nc)Sm%EIZ?gVGuaG0eN^3_R$U@N{!G*81-vint67eI@bx{WaJH z2f$3!CzEMJ>4E7gHxwmU)7}^~SXzrn=aa$BD4kwXP3jn{m(2RYZ56t!O@{G^PD_G$ zSQ_i=L=LN!qcKMWqKCX)xGELx98M&suti4`rc5OzXPTluvPzidM}x^6U#>*yDf39W z&!NLexmmJUtGn)7JjV{)WADB&F#JB}V|KSEzg#QHz$US=Ovp2gL`Gki%kG!G)%%ck z(Fpy?MkZi4&OIxIV4*MD)tyS*{taP4^; zu>+lF)uoW2pbY;zh%MJTj! z4Q^ZogZCOk0<3LNTB}aRTi=IB9{WKlLAjp;^lrDKB#+VR7X&}-LNlp9f}Ko0-Wo{i zEdmW29h@d^KZ5aDO^d52=Jd4LM(K>&H4A4s-z$)FSVl0Bai(mBBskR8%LfqFGa*b> zI?<1hpr*oF;mjzgZu1sRSe*m%5C?@^pwVb}+5jAwB~y99#l}^%WO})oxU67*-|5M6 zjCmK@=0kOIvgi26-4?{)QKuoGbj~T%O|*O($*8oEdo0~t>!4ADt-!U_(7;aqC%_&u zm41_b4$Ooxmgz9~v269GQftT6e4rBd5{X+aidbC=Z@lWPr;c=1eSf;w*j~+|@5&!V z@Rvz)C0YysK&Q;{A_d1Hz+eiqf;gN*XE2wW_YDPND*h8BoN7W=rj7Ea!eZnwVy~6j zumY&1GT8Y{hE2-ORSYP~z)^A$f@%Mas27`x;1~hxBD_vM7NH38z!#Z{Gt~}d0)|Z! z=%j~Z%jDKv`0e*A%=ZxP)L0?-u=?I6!K1_^b8=K5=V2y)rgtXm{#=6oIfeLJR({1j zJGhqTD8(BiBJBi32p*-zPJLrh9E(NKD5?=5W(TKqyc02%{EyOE6#pjEb_y@kA$fUW zyA-eIjP0wLsT=#)OlBp{kI^GkfrHRKBNPmB#MiV~|99AS!F{`=-oqu9y#`KN^huUg zoRlx?PXeAx6TIR&HS;oDEhHE8G>(&Gp#byHf`gnPF&Agc{Nu6B>h%@DElWcatwe|} z?46_|XBx%rHxy}b-s9|@D`&Io($y?_R!GDDiLcfC$>58^p0ZEP$Fhr<<-TLcSbqsE;Y`358 zYaCtJpB8Xy2NybHKg!VK{8BD$UlqN5bazz~rlLud&|ixO z`A(RZ=SPwdR_A~1Zri(1daWmA_HDkivD?A+i_soaJ)c)*`1?A;BI{6ELWD2J(=XwH zt0AUTR)~mDlgEALu7vnT0luH~m=!ELR5=ILuQ#vDI@|Hvh*AjQ|B8AmIjVNMXRNX6 za*#JDW(;mp2%g*^F-WorU(jkY4vl+25mn7jWQX$ZDBe0fN54F4J~T=cWF=a(ol^q? z;Oz}x6r{6=Gr`cX1ihB1GjJqrQg1j^Vli3cGF}M?6y_T&x=RIBGAU+rwf4i9r_JBV4>j^b)yiR* z{U6DCBTq`K*1! zHZC0JaUZ?IJ!yL-Hhn6TD_FJUWlUn(BrofRLl@$}XZ$D@L!PlYx_T-+>Pa&SxCmoY z@<5$l3-MHr`qACYl6icHzs>4dG*`D5lzg5aUj#9FJR`eB<78KYWS*+zOu?5Q(n=FrlRwUy96 zyKn`^Td_;8b>RWx9*@hbeEc~d%ap#jrxJmUj9g0G0F)eQOj ze9QZU<*^rLAq@?i^=IUNl60Hg(qYy{p?bmr!m|?g^%O?pOl4VMkom=%9N=7<)7R|| zi^l`Qzgv-A)t7NQT&K0`Ir5QTA#kknsIMW1(lo_$v_L7#>@G-x#WnqPpX#~wxYOAa z;pOJHkNHZJ$!k2d;<$#NnuZ}S^isL=WhaM$M|tQK8F_pjucMA;n( zj{gzj=d<|8Kbq9!n`&NW*?X=?YQs)yzpV}*2Dcmh9r}7%-6pwl%)eYg8A#y`_+@DJ z_ZsD_2x;S45q->ZJSSq^g|&^ne>Q^}0`oOvAKoN==!NBJ0E_-1E~rp*>p_I$;%Qk1 zE}D^kI60z6kX;sOg>d;U`p7B>{ljA6Dw8rR9oVI*Pe{VCCh0zaaBn_&jyxYyfLx%M zLQ%AqanJ#O&ndNo33RR|gjm^*Mb&$O7D(!OEWVO@yH#Yt8pr%sK93{IT3t?ETCQgf z^7y*;=v)vW+X=nQ6rAcrMJDf%3|TzcI87_PsWm)GcU)j38kVTcGK*=|MVh|E3eK9d zAbbP_DN-qQCnNa3tm-tP8W4zFDASki8N-R$r$f13KDLZM4x|JqV0o`|`t@_PTi#g8 zZ#OAIJ-9xLZK2XGWox(glU=%rBOmGO-O_3tC87b><$p=-j7xpHffu!6oT(W%P^sTo zK+XoGN)GM|n?%P2(njv-7L20!{;DJi%8l_%xVNPsE;s0B(>j0s%Vg2MLX4cK+ zp2_#FRpmRl+9!Dt)$3rzquJ3U!%T4uvhV`8=Be*vG3QNSYB1W#_6_It(@S{eKE?QT zjct90a5yO%Ry5$WyutKs8VRo09r3g4=B1^hkD;LL6R>pUmy?pM?3oB3qg_~R|M0P; z5n6uHPCN}Ki;tEcCy~w8+n_qV*JI9a>R^-fA2|!}YO1q1fR)3bnpVa_K1W1*cEkPX zV929Qi>0cu&)tD$M}^wF(tgd$A*ZqTQFfKR#(R+lazL<3(?P?p69`HaS~b<$>AG5~ zJ0U9y;ObP_gsQB5VlnB>GmE?(W7*pDn8iCqMztCMNUf$1%|?}(#$7M%njWPZgG8~! zb~dre&e6;$Gn%;mR9s7|qlq+pv>iJ*NS1^Y>DrFyxxDqgUmNm8ef@f#TC>}k>>RuC zA)ejWK9b;e$H$iq5#y^GRMz>|*?009HXgkBo?;R@528d9L<~Do;P7=@HP!uw(&MMX zAw!QicG0`%et(ZrO(iJ>psQG@OvtMWOE=2mJFFVou zlB^Auf9MB=I6&U}DiAKSmQ~QYt2@am=vIcZ)kEg+kgv=-xGE_%n#A;dQkL9^Jq?Q- z3ON{TRW6pbBQbRUlC*;Ha`MXFIt-19#!ON^cR=PZej}7^h*B{6@mMJukjuv|9Q!lb ze_&KeQPZe`*3+m8I%{`-+-5H96;Ai)VtONb4K{V@CTr!Bb3S$-D_ik>2gz_g{dZsha zb0a@Fe<7!oH%DFX`=KyYgObZw-ku)X({%AJlEp;)hW$D|JaL$S~fFT z7SArkeyWEuvbBS$)kNeFA{6eA;D2c1HQt=NEvU{L@C(LJMwa|MF@?_c@xVr@-e(+9 z4=3~UniT9Zz%-@3)=;`1>-!@rcMRV*RaF$hs`(T-a=lOsZGK${dy^v3>8t);ws?|t z=Z2`N*XQiq<-117H~$^`9f0BQnU zW?-phsyJ*{H)=I_yG0}u_ey+k`N1p}thoE3(~2;5rY4&>;3T!(8}{++_Ag`}2IaY|9#%IlJj`-Ud`^*_#Qwa4VgL zi@I4P zA9iYzETM(<3{aK43;7*Ng8%QUMKV~NIYvJ&$>Zi;Ba|I5ypZrY2x&K~EAB&S1 zysN{qrK9pyr0Yj|VT5;`--5gHM~Z5^B4;lW;g3^nd~DX?GFFL$id(4)>-*QnM%TLn zpn84kH=?+pm9AIFK>LlBdpWUvR?}^xNGE{7;Bj`@;&#L$O*AD0r^s)9orWa@35%s=?4;xoetifcq zd=g10jc*2u>VVs_;lz?N>PY~`f(i-8iICV$loDTB&Tx}sN}RUzKzpg7_3q7zp-`H= zfvvtQ3rm>LrXA~`Mu$Ntzn6)RdGt6Y^2VTpKh%{^sCyj-mN6Bq2JOI6N9d03K#zd+ z=h#a;;XE`EB8{Zc4|4NJ+PLFi7RwHbH4m-2ea8rZq6O&GJn9}oBnBwUZuGE=Xp|pz ztAA_ya*fe9&e!b~uo7V9V774^SlR9G;ilbCaSI&xX{Daq_a6j>wTADNas)qg_PG>i zf4(;ke$^zR#eDatz<53eVeMk!bnmzP0a5me-q2c$*=kbAZ<(6>J(_pe^fH<1GPvei z`|S{d0_7G++oB~#!D{{aa>7o&)^mo@Hk%@h+f2R(h7;tUWsv7ofn5W{@_^Xb+jo z)#(sz&!Sfc!BV!-*SX)HlW@#lWO&0c$5U#;{^LIA?E!H0#L;HmengUP`(=!qmcs_3IM>O3OdpyKXpuzr3C0x91`%GIE0B1W z^u4BZHx!Y!+`SRZplUX9X6|OU@W>hUb$yL$p9J;3ARHr?=tE$STTPGb{7O9Q@^lE2 z%up=lyBbdKQcCi2uJ_CDBud_r4?a zfxo1|vMSq{>bY0?S@6GlTXdQsj9+VPoad&sjIRWy->bVE!_I=fXLo>tqmFLRLMILV zlzD%aY^XX8e^wc@d16{GNi^DZoVn+^!^n&2X;BV9?9uTT^nHI4?17Pv{W};m9M|gh zZv@KcQ#qXk&Y%k7?zTF-_l0T}@5tf--#yJA!hIsP*;9CjLJ;(nD{Jxm03N6l%<-@to;g<6L{>MUCQL zJ>x3FOyU>(R|8bOfxm=aP1Jr~)5_Z}%m-N{iI(&cVE=Jyl@h9J_NtrN0fVtw#CxIfPitj>B*sJh(ESDb_(T1Vt>M6-uN;9>8hivtSm}Nz^k&ZBEPdGIB*Wx;} zAnu0#z?H%aUvl3yEj({ce(dD31L-NHJE2(wjGZYWpm$JegEfgp;Ku)8t#}3rT6MrS zFjr53bD32#TJ_Bp`N6oz;w-Gqz-Qxxh(F~|G-K4)U7@Be8LFr?p^vjYHt+;C;?FDW zEs#2a=T~K1udn015YP60KIsS3&B$tLh?B!zzqMJ`Mefx42(&zV@a7L6rl&XxdD(^1WfJwNag!7 zzq(j(lUx(iBn!XmTq}Z&*B-lnbI61EwUR5z2uqsUDNZBkAEkpBqtD2v;4RTAO{LrMHR?-Z$tV`qu}mAfe#aE;g)mA7JPq0<*P}X z1>wtGRJqqHAzQT2@&g4~Iy1Og8s!OpH*d@)vCVe$c%tPmYGoq9ya>r)zX?}r39yI{ zP%pR${K#H@UPMmyKE0qGjoNegeLZG}jVgy+Hy%HFV1UvZNw{YEOO8|6cO_{&;QESD z^W`Kpz_cD~Kqsb}!sp7{mV+r)ZX`V-{0mnkhrG(DRh_BOR_+fY8iuhF`eP=9yN1bhK`i1lH0Nma8>Bv_(F)W_2usB@<#pNShm1{3ncS zo_{c-eLpyn4CEBvEv^aPpkp&YB#T8xIDawMQ*MGxMULz^h_`UKR6z^9ZvI0;8f(2T z;1P(LN<43mWX%~1m2H!ffG8@r4WvRo8g4k!ljMrFN?pj2n5P>9r{amO)Hd}@J)kU3 zfC%`-E~21p9qiKKnfQm?l^TiTj50f6g=nreW$dlx_IG)n#A->}=mB0a6lZ{=P6|Lq zyy$snavucN=aFp}duBF09B zl)f0b)Z8x^x%~OH()$ns2uwUzKHRmtYD)z+v4Nd;El+k0WtErY8uMmDhAN^!{SJ&? zL&y`Gn4hEKtl6*}W0;>JVsE#4(&*X?sD|{nTDO0P`#24jO2JN;!Mc%GIib-U1CiRB z;0xVkvruztH>&Zp87%3aZ9O1vco9Uq>Fio7Y-w8=kH?E?=daclO6Z`J@q;kt{3sex4<~?EYy7 zKnq)Dp8F>L`T|9+&p$^--ppEke~qq2_7zlqe@xClOOs5I7?ThY5%+$--dA{O3xBB+ z26!8{Efal!_HPAW?-FImrKNYj-40@(E<=j3*(a<3rOZht^FA~#S!X-f242N|_C;w{ zq@&0Z*B3&E~p!=}Fh_odFn-t~d36@1*j`ajkz0fMWw^#4(1&8^*NCibDc@Q*0Y62Shy- z=N z=oGs1m}-HQ=_2QDYaTG*Y%5V%xvAXvR1Kb{dHf|h1d;mPY?b0mg-v*Hj#6LBqb25e zLUG@D4_rO9WSk?OaJI}bIbzSSesDsPUk(W6T<@IYHhIdw4C>}jHGX2D#CkR!F(#=l z_p~$Ii`6j00!n#c%N3cv;9p)ZiV*(Fw7p&1Ksl7;2`%S9~IshyItKm@E?s6VM z{wUs5Q%L6YTc6K3y4_RmZ6}bV?0bo%9_YROvU6b)XBfGPj5=~k*A~~hQx4VBSlJaH z?m&*9E7hJ{bV6j|bCsw{$2UOb3-~Ev{uw$I<1f+Pw-*+s;V_((DU zam`y(Kc<-W>e3tbZUt>oZ6Q9vWE7N8^p4ZA?c}m=-5dEtB*O?66E7>eWfF1qXx&oH zA{;`BG^i_raQ2m^#>8ge*}Qku>(IpuUG?iKKJSS?uVxdyrvX_DY47vNiz>ziuV-+b zsLHM1LpvpB zYx?wIXFL(WXXnJ!`Ii!}ujaxfN*+d8OAykYIoGTgBt;u6**juzQe(&NOrRW^1y--( zTEe;Kg}aJ1hLD)58gAf|BrjfRY)AOE0@VmU5m$E!EXY z9v_3^C;mPxR_09o3wcC1*7ZIr7XVQ)vCiXg?fCYFyZFLt!tROO3$j^k@k46}C639^ z2V08VUnu=Nt{&=~8$s5=;vGjf{P8y?*Tv#hy$!yH@}k&3Zhe~~TF{5Gk<#x@1TRhy zrbPyVjN3Ps&B3$V+j0q-WtiJ`~WZ4FfT6ji#MKL!p%_)o6`7yvt zL01->v-P0ABv*V#rb24k7&5c{CR;NxVw}QY6wO$3A`{p)_xwd|v(>x-$3>ANCL^SOmyvE*G{t|8Q^(mdgJ(Z|WD1G#cB;x-Wv;u*M)@Jz# ztMr$woLY&IE^89O~$NnI@k*KE5+vX2u@3CDlm?#=(K<8k`f zLAadudMU;*Jsj0X<3D!7gId{VCo)p&E-O;he@mWQDa2}v67Iio#)!xc$#&brK91A& zlJw}suR4wyn7LbsvvmhniA>6S&#l?vOjj3YtK(hfjt!?YJLe0dl3yXsyAL{$#kH`j zDPkpvOOalcYA7q#rf)DVDY102sQnJyuM^=0{`>tJSIw_nJF=tWNL)|xyy#&+<)tT> zufl$<73ydES0kojH5fL-UOm9O@P2dl`%QDdOOz@rMlv}D46FV$p>`>O`8=w6Vn>tF zQ*6W0VB5nT=pjZe=Nu1;=sbgK;>Y^yA{ZhGyCUChG$wy;MGr}FVc~${G&0R(|kOS+00&5QIOb)xhLZ?beh2J?>ckL zHsv89s29yn)n(j=#hwmgDAlV`j9=}~jq0-?iQ5}tc>$gSVf?gf$71j9RsBVtL(B&i zJN&#+QVW`E``O*e8pKrAV!Fs*MH5=~Af2wkKYe-}keCht7#*>{E*)OQgUFi{s^Xkf*u zmY48evvhN49!Ixez(X!ZoqdGalRsjsZYryU+0$?!ydo%=RpR$XW6h33Fe7fT6*ADg zsRe<`Qq$-ePj=vZI z@c~4vXFtXJ`AgZ6WSj^|M#nj4>cwbW`j^vh`-$CFDpMMIeWsO~iJfd>XzEjKIu%uG z%bXf-%qm3+Qq9c2Hp@5m?nu6SGQj=Yid~ur*{r76Lh+@_Z5RD0Nq*sRn}3;T6@0G> zwMr*cc?DWJDB}2-Ay^MuDu0#TnkfI#GCNskTE>bcDYV4p9+YQVwirz)%Gn31{WF%0 z;2rW13XMM3hs?3WFghqs^?lSQ*X1HcH|iPjk%nec-PUp&)X+-sA?D;bG0_pX2H)H) zr?cz8rr(Y|vvCMA^^~vWP?I&^raUR7J(F`y@L<~a3VPq#MovGsHfeF@Hyre)C_{*1 zpN9^Dv%AOzr~x^vF*67b!#2<~?6z{p{0Ih*F64=Hx@hIdqo|x9yPjH+4+);h0Jayp zi@rbMYGU-@seqM3%XoO(FTO?Mjik_vI?0uTIDB*X1x(*4m z!XwwK98)HNnLOp&OqD+p5W6|jku!>i_ZaEAT)ZeqGBlb!(m7vDc zVQyr3R8em|NM&qo0POwyb{jXAI110dKRpFLDc|uWsv;#>iOrs#Gj7{SG;KQ?$xio7 zpB@FQ0!c*0LIprcW-R~Kd6x5N=Sj}O-nbTv6n%}8$ZK^+MB$E&y*Kt%(z=*2naxGb zwUE4?4j#>@)cJzWtAF`0|Axci@T+_G;J?G+u=C%&;n(*L|7Gvq;a6XOb?@tg!+ZZS z+&df|?EecHexUK!{%e({@?VDUJyv&dzmb2mu7#$Wi&~Ag2%%E*2`%)j9p_vODqf$f z5xLqTgpiEXbk0Tu;DelsRu&9C5YozOL}pqyYBU&3IW#ZCe9%ZSXL`n3l@($>Z)>g> zgBh#lSz$U+Nxv@}r6r?taxBG9tk9eHEgB}N7IJXjj#(ByEHB8_9Fc7;TeiJLNI^BN z#56Cc))h0AXsboWYo%#bjmYv1$qHHic}{gP>up{zGbU%HZ`)g~WKAU&Did`k)QDX2 zx)hhHzbaQvMHdJhp1Z+|9x`QBIgFdLG8C42e)ee>t7-lnF1 z)zE^C2o}bRRtu%sytiG$!^6$zS>>4nnsEXUNV(UFXV`X5%NMvCX_kcJe=X+ zVz0LscPzy)fwR581s%Llxo(a$YYT4hDkj>x^k;jn)*e7!lF3%MAP zd&A-I8SkyD7meBLs#TiFObb!hZt>Yc*uWYYT*qOZt`7l4&q7DDS6igS^3v?%qpgry6$|xW{7U>-l3k0l0A9V2&tJ|IbK|8 z!$FfK$;jsi>XgZgp5gqLYsLum(vI6PJJnRPXG}|8sOA0*9#E!6HpeR04Yb@~X~c)+ z{E?`&6jjCKGg{MW-^x~0++h6PW_`1GqKk6Xz~{h)U9uHhplvT;-Y(dm1ET*6VIr)Y#O^*k(6vWwT^tdCvB) zhtJ+x*NoraW@+$Vuyh|b7-AV9P3ciRl}xGUQ(nL7?LDrr!6-@frP2Cf-+$Sl{~o9} z#j8O+`MSXXD}Y^|vyD#w9S;BcvtM=eo1J{`!C!aoZ+Gl#PkrT~Z+PbYN51yN-{Qbm zocFX6V_G@h$MT#@L)r2TNqV<-$y6bEg9AP?5Kw4E6uV%ORz$LjYF3i(ST!fu!!G$2 zxgAncH5&^mOSMaAU7B}Ic$mnxVu}=EKISzm$tBk_Qi`ITvl`!H&;-X;LHFA{^yNH8?S&&wlQaxjF;rI55lyA)huto3o^x_3D zUbeBMmpOLODkck2YgX${U(uhou3=~A)U0Aam0}4QIIF}|WX1UKa6CRN4(@%GH}!Pu zoGmVeEP;Dt#9PS2^-Gk&i6TDfnbRcCJuJ6N3myW&doywSepx6fd5?3e7+d3h%w)zIpI{**5ov`Ch)iwMPEaBmcXgRm;=|6acQ3|J~a=INV>7|LuQ$a3lZw z6#sU}V>Y2}r3oH8nF!gB1@f&O@?ypn;fhf5Uk{%>%_c(5sW$Y_P*GFiF)J!68M&a6 z8!8NxYs^Sv@OMdgtp!<#RuawTjUk;X-`d(CCkTa+Xp1}&^@LAbiLkx3vy+yVFlc_wLuY4aYq@l^MTq4(Mnub&ZINhhBM@ZnkVi9vi-?9joS1De z90L|H;$?5&Uoa^Rp%)Sg!|w^{K@3}oj1)-ilDsk^tgGaDxw6YovH(Hn@-7PPTYL zD`ocBiYbm^%6r58!>`E>DJ?u}K@=-m$zVx@Dzky-_Z0z&=>Gl|A(2oGK)&#!W^?~A zC@RisZBG%GYbDd&BRBtejf0+^^X3O8`DBrNZWTLa@`4xaVNr;-){i7BS*2Q++b^z!8^__CJ&ibRq+FSA4W-}0f z&;z$BdP)7d;JSYUuKNcYf$QF;;Ck?Rfh#=pHv-jreW2P{aYC}106z!o;OEyk`YkJ) zxqij_2VeIsn4$P*#d_~;c1;T=^w= zb9T-aQI&!|N;@fN^i{E^yl!88-$VyMfU)_OUohoFT?CYY%G?xS{v@Nw9x4OX-TB{* zx_Pl^m|-qUHUW_cuh(%Gj&V>7G>*O>d>6@cb_T;RS~7X2-x~jz4f@sb&Q?ciw;6@F zmqH=O4zk)x30FYk;alCj^~+zm0oQE7%64yaa+gA$v!LKNoa*_3`s7TkSKDoNXu}Tb zI8d2#+QE0hmDi$_4N3boEP@=pl*`iUq^(#4D7C0h81C82lc#D#{;@r<8!#wn zdBK&C+yC@1aKYplDovU8#TlUu|5l2&flpC&$(#s={A1eyg>s#*@AKDTBoyws1wtH{ z)ny~NKjF-tanRbrfr?tlr*zCZ$0J!~3VA(^b{u!a)&9rXneFSWp?Y?97WPF`Ib|9u z`T?QRnwgl-BeHaYpZh!;DaP#A+D(IM{@RY&!^h7)JtkVASKshS{Z8-X4Ii+d2ur;U z`9OWch;09gWWTG@{|GO`4WDc`2ej^h{%CKZ$ZBSj_t5>lcYF_h0Qte^03`;gpR@g6 zLw>q!t8ybi{ZJ6K=1urXpG7w!R40?#e_KlVeo+296u15XfO}(s>*ogCpA(ny31MK% z*+YKrtj6`C!cV>gP;f3VBY<|5bvPL}{=nni8s^+liBGJ}>c%q7kD_P;c1m3vlAk`J?C zTIV2tkW{(1T;*PVkW@Kbu5y?UZ51egXqF+FGHB$Iky4OaXi_s)IzR)%J#*_gQ)bnd zj1;scC6}zw)q)g~QO$5qoIHr=nOQi<4-{;G-x)C4GbK}g!D>RA2FwDi2~%P+;OLY0 z)QKT~2?!d8S9-qLY2jDZxd^mrI#(cA@n&7nc^gE&XLi32nfI)8dwUg{?jyX*lI}H^ zf5jcX{vNNr%NyM1YueMvgx6dz;t4gPeArV=h-5#vT(a_UYu+1nEM8BKrnT_JxB@Qf zw5^#a$iccOF#ZP)a8F(}=Cr%p6nAva79+B~3^N|xZ1*-ycH*dBRVjs&zVWvMPFn6n zi$+vpy7((hGM%7-3Ilk{tvopP4xC{}_8NxP?}_e>Qkl>L+lw)AeS>% zWB(RynjXU4@*QBObA#-!<7Xl?K~~(Z1Y3|8WB8sr*BzPbz2KE-@cGT%zq$L%J8^UO zm+yYeLOu3Z`C3E}-MURNL2@y`bE4t}RU@+Z@zKM9MGuyjyFm{(=wW#$ZqUOAMi0Z^ z3VOH~p@)0*e0Cyj+cObhpNWS_$<~hFjciO6D~WTQ zM~PD@m;wQoz4R73P$-VBJECDVXh{l58|FlZ`BrDi?`G!aLwmf7RpO0}+gsbXeNr9H zjjh`s)Yh#xl+H?=*cUG310u$_`%j1#yGGkhtlM7A>CI2DDWG2LUkGJK{ z4mq0BDKjV1D)^6Vk!P|aY!Sju4cv%00)(UgYQ`$`rqFacA{XF0y^mgyOa7@q_if8i zI$D|<&h24f{2XHpI%pt9lSS$PYQ9W(T_VS4M-Ge@^cZV@QdS$7>*wa1!?4!n(`tp> zgw(2etQgT;MROw*)5v)OyF@N|RS_*0Xh%V1F$2%s{*D|Qo6IO$IIT;<>j}g5eumC7 zS&BK~VKytq@OPIPNZcj02;>u|8{wba?Pg#qU%#>5#`Y@W4d?ZgAdl@h?!apsSm5hb zt~luz-D8e+47{ROj?g{xWfg5#X=nX-A6NxHqU%)QYhDAXZf^&*d&|A|k@B4#a*D{0 z*P6)-TIEYX62%p9_*kWF%*&!xcoKG%#D5%-?Sr8~CU!h{F1(c0h`c;`O2mXvEJCcU zW}>Z1bG)WQ*j0CSN$;VT?a=lALVWC~A}PSz99)=a(^LrHblz0VBP(7{nKIZl=^gty ziHIxt$3N}vW`q_t3K(OJ-*U;O?A3_eGVJi#?Gh9_is`EW)mM!uul(s>8RBpSq1q;G zrI@~xe|gLIwnV~BJ43o{jsNxDOOz`X*T+22v+y=PYeacw<_=T(XP7Z-sHGo&>Tb&a z+|KXb`NEebY=`N}>cU+c;1A$EO1{_&Fl~3;em5*iPsE#^m;=W)=njReXYdzv05)QM zK@tGyel%C;N0fso)64VkUpyI^yOH?(bA^~~7mDYt(xh!lsxclwPvEx5jlY$Z!8&n# zfDzeVcKt^>>_Z43U*u7x2dIxe$*u@)RTzTp&aR)|S6&2Rz_isOgjFJZ4h$Jmc*0%* z?Bc8P1;9zi@L+_YP``3s5i2Tf<18LlmAH)U7aZq@6-!o=%Neg28g#fwN)~gvAy#$X z0W5R#+Og7Hx0-nhI%%s456J+Wr(&jW^Qm+C*fHL|uR@O3}Z0GxTTxl_tbiS&>X(hT7ShmYfzgJ9mO3?gosmxxoZhst}FogEq}`FXKi0G9ugg-EG^2 zy`B?zutv9Ni&%OA_YryY5SqKUejK_RxK?Zxb@q zg+X~{pK`!4SQR)vACV3VRo)X*CokEBui#GZF;~FSuUvU)E4ULxhri>a$KtXM4^;v; z^5N0r#|+-N{-J1wV2xx21Qfiai#X_C(JC$GL^?n=uVZR~-lAb7PC>9zYZ2q(+#utf z=y=j)AS1UEqOs2xndvv1@QRsoLZ&F0#2<0RGx*}lJx=$(Gdpjni+_fXgs@kQ1Yrib z8&!yj)%C$eEjU|K78^#6iS@fzUrwd-Y+?9*n!eEvojOnc__l#4`l7u^0XCc#M zBY2&#DOXx9yoPgUhx`qrS*9`L;mZfrhS;E)vAoJZ77(s0u~3Q8nwZ2axNE2gisM9Y z?1$b6UUuv=*M)njkS7;RF8mIF{0{in8ND!k*Cnq5Zz(2ZnD6DoFTDWCU?CK7+;)f; zeM6kcVLw02@89vGy%1h<75A*nQsOzNU7{FUxAUgCi$w;pFI^neu-PiJW69)QX18J` zz}OHTD{OuZF)nmvTlY!GYz?e{LNd?@T91jQt*T>D@nT`#5zmD_mQ11iDCkfE7kToR zhmRuBjG+dpwgxS!Tg9Y`SDA2-PW&lPM5K>dW>rlU@(7UuRJBw>T;c%e5~7);gu}nJ0W|At+kVQIGsv1T|W;%RbGpCUnO6i+R63vLb%Hg%Z>J+ zQB9ZF`e~dttl*OcsCFYd9x9x~$RO2am!eRELevFov>G&Uyn{xR8EDM7USzgxhc*qB zbFUovP~9q46k^_d=w27fL$U)bl!w7+xoeQqs+rM_0Rq4cE03ix)DeZPbU9{vqaI~jYd&Y8OUKJjm}E7|Aw>=H_PLPE%w00=C@M(O zz#PEbZbNTDimtYniAc{;XsXWPKtQa*GIJD#uwirurpFAr%NofqsAie8G;H7`p78m& zttxxnth{N*)8cL0f$0mUz75|24o$Vb3jN_E;|J)H!9XO}aI14H$RKVw08S%*$~yiL zh+sO1U1YDypu=xJ>}j{+1<-Khh{Kdo?rjw#mUJ3E)9S;bu5)rMl;Y!xIk7v0^W57d z7yEwLG?567YEd_#h`X2OYzb@rApj?oTe);*M;!!leoRP4%XEVf7XsKaOZ|K4fP?|= zEV+^`+E(c9Ng? z8iM}dUw?m>Y^;T-qCTZ)&3`k))n%+SY?TL9902ztya9-{`lv40nL*#8)gy8^x7v{z zA9H;sQxgiK?bz6D3g1JNhx}uuZ zSugEFw2%LrY$rQ;^*7U^6w~dkczmz&M$8_K;=@h58n+-4VM4g^A`b56dfrryO**Cu ztxYyUHAK&(Xs0vC2XRZeVe#3$vqM-tk}@Z!j9DPdJsc4_78jPH8P*U;{w|?qNrav;Y5QUdV3w9BeM`RVnlY4N zkqn0ixx0U8i#kNUKk_H)JbqSsHj<}+ec+k85 z`1a)cm&YU{kC~>tQvVF`SHF**fV84=uFzVCD)8f-0D&?m!1eIylam)DgVp!cjDQVh zRH?r9-CF(UVY~O7Qryp}Ep(^9T=&Pf7{aAdibt>#y3t({ueGP$O({$ILVOh^OJ+(I+C(4SY9R1sM^8g8o1%du=Cv0x$-fiS(PAgt8vh6R%HraNN zxlOh$3~k@(S+2*ZUHlnoY1bpsPmDM>E5c2R#a)~4qP+^+WZMGkHrbBAXq#+D=ljl^ z8q3vxOFJ9kd~21|D|JEL3i(FJIDH)EjlK_NU)HeF3ZxRhv&iG@f>W!jXI1GcJgTTt z&x4KLX{7r~1!Ln%Ob7eJ{o!DEZ!p{+@OdM}1=#YbObd8nxKU}tGhSz*gUrk|5t*6l zg&8~(lZ@7`shvi5b|W;s-C89IOsq4o4=@LTm!InmR7!QEV)vo!!Awn9dvp{{+KJd- zXqbC{cz@6L{+&=-p~e!Qbr-xuhY1_riE!nPGSLEpmeJc~TC>ww#9N9v0)I2t5|MS9UN2ZnAXBXVRO zAU^jaD(raSH|WLF(~f{(Nxps*1Ne?rPkQ*7)4HXVk3Lm8Q~Y288Xc9cI(EI#7v7Wj zxHD^Vm+8u_$bp~#*?~R#)N;VrtA|OJg<}V~zWFs;bxnJ_^X8ef_7DOR5qKcaX=C7? z(PEYkY@Jo3`?|A}uEpJ5CQoc#x7#5FDJrpW)KKvT55Ef@UV(BSA& z|3GNpB5{CaD-m`k)<6-Mv?3U`q`+QzqVGx@bfr!sIuHTFDY|d4(xT`7YiCa>Cy!|D z!B2}R18E{K`DQ&);OLkh;m}2hNTFxkyjhD9d~^Fp<8ESnG~1g} zzCd`o-d)$AMgq}I;3;`@oL*eRi7pN0l=oVYiYv`(0uuaiiCt321J95|)*sZTPH9|4ND#IDoqI8T2`M$0eI3S<6&B(RQ8FlNqD1nK- z6^~Zi!Vx(bJ{bDJo^l2DheyYTS2qXG6fuZ##w|}9*?yrVzmL<&74eGb@D5n7?QfM~ zm0Di1f$c^Oc9<0pX1wwE(sdZUJY936)-D?!V@(2CZDhrn*}DJW4-%=;PJd0NG4VaNfWp!nGVXUPZH|{6`b8u-diUM2Kh1N9Q@sj7svKT%vSr360QlZ*N?hVh-iL96oM~n1393QCtPVR z$o$3AQ=EnyDjMB)G3t>p*lB?Ar}u%kPYr;j92od($2FH`Vu7W{jI0on3DukPeq4z$ zCggrBiq^Bq1KRL>Uhe2h;fx)V=+@#e-I!6y8Sg!TDj+Xoz@i;de(zQEnchzn6uf3{^a9oWjRZ1g7>H19=HVkefCS6mOC8o2>&Su8KMCWu#|CU5nv5Hl%1+Z|12XH^F-YJ|MP3zd zsNm?7t}!nE(97&upMO@&SUmIwD@9P5)26f7!uQg%UMmyh%8R~`(Tn7huF5+u-kWqT zDRMkJW;p(&2VN^}9t=6LeqTU5ZzW2YTd+mS&wr!cNjApW>REvIJM%X-e)04a_s8lo zl@~r5dNya^vuW5*!@!Q#T9sP-Aj4kLx4F#U*%k8819JV#!NsQBj!b69*y; zGgn8*ZdqoNWbLe*yk{o*BlMzqrH#uQ%_;gAhk`q*lMivc-QfM5k#wHde9q9-bm#r{ zIN4k&Dz7`<%64S{%gbui4!22g9 zYV%?0p0|~lV#ATGA4wvocCY%}D90>Ns&bh+Rbu+ov>m}4De$fQ7v|U-_NqZNqfDVy zkfltyjhg|yMPyt6Y%??OB2*d9={fS}QBR%=XlqbcI>T6SU-J6ucnZ0FbBFNYp8Ml- zMoPykrMiz92DUOx6@i!7L`cslf%tcCe>l5^?)sqY3|32$P1}k}h{u6g!j1TkVfNsk zU*4XpD|I!$n%yC{=e(-8Vuh$nMcjYqylyoppj)Z#bi(6ld^e7WnLs!J44LE(0T?RK z%b0zeiA$nvg+xPd!`b$-h3ccro`UX54ea#tdGcUVE)bNvqU1tU?VLTTD4)Nu&#`dJ zRCwi+sCi@oGPUC82>lcVQ|g&0F#z@nqvhWu*X;YcVB7zUiLDP=m7rhAer{P}l|)D~ z^~2$}Jf2e$3^aa-c&Yo#lc#Hr#h;+p6_U0t@j7vMR@KZbiDKYXG^5hyqDe3)#Ary% zb@`+-pt7QHd0}`4Ddt29q4DMN`1vW|w49*LEQu6D9R$0+MfH31$u}NF)2AOc|3}J4g6QFZNB)gOxBva5KIt}6q?78jwXFM$o+DUrj ziYSdiXj``H)-Z0hH@38DQl>l{;9(F-N4}+3wJ;lid+cOh%6scg1&B7#zmLg@kaJe<685TKjkdAD zDyEt1Iu$8VgGRbi3`@L_;dpLt7V1(&iNm@a$0b=M;9jrj22~W^BZEfb2_?Bz4 zQ()8md71OC_?%mZdvsAr#RP9Lw?fRD7J^OKfd(n|PH+gZ0|(#KIh%uI?Ql4J#(ing zv=G;682n{pq!TyX>uner<3gAg%`=y_1wyAc63DKNX>DWa;hk?PS{Mk4G+~aGdaGlQ zR)~@%auug91Fn{AD>2dAWX@=yg!t0G214zP2cl_vZ zF>67lEtRy^42Yq#ZBC|Ur!=FoTr(xE$X%DO=A9@vBC*SGFR?{AXjkm!gcuAwwGqJ8PX&9}GD}bL6(Sc~O8>cei1cWvxpaQHk|%sIN_n76ra{Es9R_6?D^0>vbyP2_W^)XuVM=0LMRb) z^2w$536cUAW9p;{l6KxPITA7zG1_~<3x>bU$R6!g#T7PU)MZf zp|iae<@*UiLo-D~g1|0Ql($rzYhYuXyyBn?L$5Phms#jEIjuOaL9Cp^gi+^gvF(=; zXC^SukMIRHVnnv#zoED{&%yPJNAM@Ak&Kp6wz7BF443&?4GhkL@Kvt=4ExWb{yQ6k z^-iJMqfjf^ra66edd@Cgbd{ZMHY@jIB?=$}lrt}DMKxCwj!{`2i|0bSJ@XZNvVkFZ ztq?WX0Q8A!%0HlN?5jtj*6fugGf|bw96^SUWfvQZP>mWsrmS2S;)41BLI#zBS~SIy zWh7#+MUAYqRc`4SX?Y0*9=e?JlI#zM!<^i`*vpSa*_~U$Y`Ku7)u;kAf*RsNON6FxcDwIv?i4d~X!2d2LlwBeV9ke;z`u;V3aD%}Ac-{#O&5rrMN`xW?mU zOH{IEwP0zbMIovYdGY8tBHccowSRQPrnV@y@Eo&fb<=8cYHeOlnT{kjIBnY^(k90J z{QzH|VI<49?G&3Oddj1k>kR>uCskJhX9@30CFYJb^g{jH4U=<@oX9RIxg=ULcE>Ek zsTbXLIl~=IF&=M_Ea@y*Vs3_u`!^R)8{_TN> zxR}KI6kj|*`wes0-o|esl+5^aRxKh?j*lrEGmz=<={ki3r-_(Zhmnbm7}0qiNatb! zSLl+B!z!(@<-_uVNzD~|i1#a!>sGwr+S#?kQMA*X|xo>v1oDNLmVo%OGvi-Erp zvS3f(Z^feI^FN!wD zhJqYQYIYep@|dSMBqsu?TEm?~ZXwKm)6(na3cBG}()?>c;Ipl`1 z#mjlqR%LF+bNm*Y-BN}qKroc9PSGc{v6JUDc=|?=Y48sM5U;t7)zz_u91Vaw&+RM$ zuYoY4s?vy^{)q}m&Q<3%M>v59(>{f0tHl}8x-%iCXJ{bs180|3=K+UqD_a@VStX{t zJ~NX{+&fx5%V{m@#ay&&Goh{=Cgj^?2@46y|(l1vlVW zG9R-tTA6_k7uMZkV91$t!PzBw>=z+w|MkhMrV`RyO#-uV2Hi$!Mz-So$fw#Mf~lPm zTEm|(MAR0lf#zYD;Kx)`Ck1zr%zY8@25z82cEGirDBl!=#bz zlBu}$`-!-M4>%7GWXUva%;Y6_QmzmCCA5FC6iPW}$uT){l1}Au+~-o6dymAz@+5;F zrUP4Q2UM0LEJjKDY}%`29j5!g&CmZQFpx^^CHR)iE)r&kXi2_Anrx|=JLvc9rp>VDn{$J z`M!SX`sgHupu2e<~ z;1Ajl6cf7Rv)1=vm>>a9&pk|pr zy%uajx653v_lrLkWhY%!BtQLA=mH3PtC%7)M$5|JFBi7q$0eILR{m&(CUMY@hz03M z5F6@!5OcfXgs}$)Y;V6TzAp9|-P_;0KiPXg+5RCbz8c?uaB%Od;o*bfpgEsLy$m8Z z%zP?#p6(wWW>5F;e`TkKYlu>uSyPZ6W`6~y>A>!44DtG(2i@rk&Y1gY)D(cTgB`R9Yk3B*#f48J{lQYDI20 zRDsOR2D#Twb!P*K2{4gdX)7i1r_1Z zGIW0!y88q{h7N~;8{If)2I^kn>*j8}6(36~7g_v>0O#F3@ZHU5)$rQAF_E7kwDzgs zg2uQ zgND0bzdiKisP4N`q*t}w(HQ&gW3m(PBI)dXy2Ej+3n~W%EoQ8@y`7wxGyfv#HALx{ zmh7d)*1W`&BdGph)yiNZ5^H*RWWb}AK+85u6TmD@k_N#!6StnR&X)H} zYCb~TBcw1(VUKKBAdhC!Kss2(bo;`kAv+kVo5(I+=JRVrcIo&iq#g>+&0s%rGXN)p zednCebxr7VOi0`kG*kK;N#_hw@~0Qrif!Q`F>gd|?qm`!%4{K_4Y${HYiDQ66g_PC zDHQZ6e*+96076CNGsB5kcm}$|Vs1O+JN|Veihab;VLyqng`>jly4|VR(zeIS7Ac!; zGBW34kHym-Ctr(q+AZhz9yrSj#U4x1fP zu30?bo1NLKcjjDL&#V#88TR+5+rxbC@M@UvUk&pE^FQtjS65$O-M@NpwRd>6e|U9ocy&0u<7bti zx`^$_hzs476nbm!n_yxek>vOdz;ozQpT58Xef2EPJL`Cb^i_3n{Lak7ByF(noGnWH zQ|ReWu%~`m37I=Pvxb8fsFo;Qr1!Et=jx&u-Me?t7Y`Ttq&R2ZQ2b&4&SpXx=C^oQUT`Hm$*R!sYo(cxvx1sOO%Ms$&cP9wR%kYgLNjRS zuSJ65a2~1A$2V?L)+%-{-@CuNJo&-J9wf-$BNA9*kWVhvO2#=(pK!}vZU0Vr7PtA& zuHjuk{e^z`(aAnKe(4|6o^x4AaUBb=j2s=KosS9;0#bf%Z~#M~}*1~JG=Tcm)4Kf^Cc(WT^uaATSM5jS18QR()?m)$)6 zKHer_|7W-7v}ss*X3phGUD9T=Lv5rmJov|(-fc6XGnX_@NOc9icxS+#Ug?=VANs00 z-^iP=VTH$;KvfO#tH9jY#*E0IyX>Q_!b~B*+npgMZgn$*$KciwI}zfT&5EY30oTPu#c0jCcKPQSe;^v;gMW8e>fenY{c9|LdU&RO>8~FxM##zIHm|jP;&r2mi5C*X^m!dO-OKm)mm*h;V18SqV}|JqcRCvCom3qS zvXXG}Srh@PPnXiWN55C?%8I>-H7x<@1HQ!kGfbjUIk}CyP)#xnw1VkTN>(w`7dbV2@&SQ2p>VB~(I;QnN1x8`s|~({^-Vb|O4AqOh zEXs0Eq%QXA7_eHm@mkHP`q@2b5u5D|hllsJ;&1_$M~B$y&LmY48~dInA8C6Lc!_ zG@m|_loL6W{R12AIc86M;Wbi3*!XU61C#>UAOSuLnOUNX;yPZCO3=~;3%1E#F^REb zR%nguaEAc_lwH{QG*l5d%_q5pc6~Hh>>O=f%^b3#;;hzL!K8NkWCmH{u6A}hE_=!q zu5*OKR*|Tx5(TYhLTUH0ppYRSBUHq(Mr_vL?j&si_3fF|@6-bnxL(fL;@vyR&e>v} z*Xyq*EdF?WD(Q3JTn7m$7}y@%;k%#yENy{5mK)CahEMq8amF82LJ*Q!Iaa}?P}xvV znk2*eOgM*xSMclk!>C0MK8jj20LmYXz^&4S2FU*-sX#x14)jI|dc!2#FbSVClYjxT zEQ4_D;)Pw$9QZ7|p95pC(ZhdlxPR}#5}^#G*DEG)uRc2(`4NfaS}KX1e@Y73L%%wy zY;MTH4Ow_6vhX?V=0|=GnrS(!WB(*Hg?MXv%v`o2IcJEHzU+4DLw&k#)6b)oNp}d5 zV``JcU|=|pKPAQ1dLBk{jo?b@9@sKvO+1re$vB}B-J2BIe zQQwmUM58Q|0Rw4&WvuZr=cJh1$&?VycNb`Zb-cBrge#lCLlvI_(Kt1M_xVCZc>Vb+=eiC$t+e8CWsmP z&<7aKNR}0%!skRDB8KD;1vkStPsUyqRa>$@|Igrd$u6!MDT*t#P*)dJ4k|t#l%hCi za*%)NOKcdPLH^~P+h1G_?yMhdqB6Z`STxXW+G;UTS7TmJ=K5^TRdF?LCRZ5HVgLWU z!izOgS0x*__}`00!+-R=nW(Ett5~6{t64i`x*AW^6<6ZHS6>aU=0CTrWmmPDs4EOp zvA`vn|C^|*29hCO$)-4Kc*7>@%BeTu&x+UWEA!XSEmgA#gm9UtD+rZ8QEia_21n@~vo5@b|po3qBjZz}yya&{FYTHxw<+ zAncxjDy7UW!UfJ4hp$wG-NOv>@?@otPr)K^VT(2SLzwBe{gvz z>>n?lp6)pZjF$@XCeH*Y0+E46SJMz?yC&cM^$BStCVP&OEgJ@kp`$P@OETe-T^gfli3^xXR8a!D@fqR)bfG(uxu z<7(l$ch0;atQEc-ZCZDm3=r1*H@ig$Jrl~SR}<%} z9zrT+gnb3Mt-bQ>V2IQqZ8ai$!_`vUhvfLlGs5aZm_2^{QvlR@uOnjAovip4nJm=DW{84R3$HmhWqOliFq~X~`71EhOPi0SMM< zkhe+QL8xF-+uJ2H<`U0**E#tw(E{MM?q(s#UGS2jGD2LsL@!p%OlOQjRxfkHX5fWr z$t72_RLX7Exh`{Ck}u_&j43wJpiSEV@-Mr4U`jS+weJTKsa)*k2YE=zp=Q*d8_cb( zDhKpOljlMoOQu{H?l?qyln)Z{HtdSw%(y_S!HOzONb0N--J!zr&BgpljF&kyY#wE= z+zyFG%7?xA`3y-rb?TE)OeYgwbG?X)w5S|s64Ey!pPi=pATv>w29=gs#V%MCtRbn^ zl8;;M!ZY9#FAAH-w81PY;sYT}X`F1K7ByTgNTH2T-SU#`4~K|6ruIip?q2NW$D-`c zE=hFOWpL7zo24k!0HSdCyxuG`>+(|`xV1qMd!+|U-1*uZC^p%NnQ;2yxu{Qs&u>I~>VtF*oLai1BE}MB`+9{UadGSsnn&ElJp903h&y z1so3)CCU%@jQOx#OzJ3b1X-0Aawox=05n}Y1p>v7n2Zj_1!6bXhlFg1R)BHnvl2Pt z_cpEf7JhCJoLHW)$tYqPF`djde%p>dob$RIk!_bH%6{MSrWzojfeWGv(I5>2UIp1u zXUWmWWH^!=Xw+>??o@H5@8nw~4i`LcHRezS(S+g`4DVpc>P47GPEPSEd)!ZJOtnMA z_$O9a%3)&u0NJN#aa_9$B7c1MqFypwm4;Q)(yd(?wFxo@3L#R&5GkKf((4| zCO9k!SrIG4eAmfARR*d%B0BeMB1NmTm_?;Rv|sf^~*WE8(MWsY)1gWiNV0 zYXSV~s*$!lPiOh<$B^sSGHs5(N>UQrih09)=4!Xg@vJS>{f+CHXtj+A?ielCF6j$K zo6!qrZx#2Jh15M+Qa;R+pDqvR=)v&8J)h$TJG>KS^r@#4vasjsqR8zy875YSxq1hI z^dLrL+f540`yIk?ndoRyh_*&#p1eWP0C7N$ztSt;`Tztnlv^oaW=9=#j5!}-aj#C% zBgXBH6GxD9A1^1Qib9?*TaEUmE3Q%nZQ)Y#MFX$T82DEC0(-Ir4)0r zXQo#*L-IH?7tye#J&2cn?Fkm5E?A@0z_wDE4N1o9sVf`oKq}|VjOvb3ZS`omk0GaB zKo3s^EyuJn=tGjD<8+t$Hfh_m_=|0^9fqi)VtXdtV$2VELhC6@bBsS`wJ>Zayl1%b zH=tw+3|_P#QnZ>8_R1!$)za|51+tta%iscmqqe<%mxgKgc2Myf#r5$5yKqkeOS?OF z&}M@)M9H4{Zpa0>OX9r?6~D;yy@MRqvIGn;^fg*L}N*Xzs5mh>Z#yz(&!`+eqS$` zeiE7o)m3P`!93C)y6-95jWX;eq2##x8iN4S{EM>)$ZOek}gx8Eb6;tvJ$ac0I zr(B8YWUf7Zx?`a7Cnak0VTzKO9rHIf8`=84TZ3D%7jnVm*gTIx6wJ)47!C1V4^Pee zZG>OC83&WC0dnVZ5Y{Cz)W;BjkdQD<-)Hq)XO=Zv_>K(P^)x36Dx;j*z&N}Qf22u0)ncMFL)yTWA@%Lb64HU{| zyTOcy_6hjt`BA7*(25u0&Mu4-r|FTR%9@JS%#So)Kz{|$ zN|3d+H9Ces?}ilJGK|8bqsJ$JvuRg@f$4rsYs(9|Eu9IapCgBuTAEv$h3tmmXB1w0 zL-wc)o@pgPXxxA|jaUre!_d~7i`u^*mPDBLSsLV({vd3^i;@vToO;R6I`%k`Q4FAq zjMilqM5BIEU1_P6M6kt(Y@f5mwoCo)lzL?Q$5zcpS)s43pd}lOON~olk-llJkU=*dDR#O7)~Ji>QgVL3uXH(qrYUG9C;);qNBR= z2~MZeyXhZ0+gnk-zXcI9IvI6$kk<-VDTe}`~mQNmD9d00GaBs~{_bJ)wH_nvw#bCm+XG`!kj&lO9>{7OFgh+(KK(aZ*FB3UR^Yf`}Txsi1IU zox2^{B~iompECz`|Jj-b)+PdK|CnW9TKng+R!Uxcc{Y_zk)P?J$-j8LUXt*}L7bmT z{>5wmxO@|{11S3c(VT&=48up)!Q2K>#~dQsoSSO5k3ro=B%8DO7?lGU{eWCMOL$i# z6C=-sCO@^x(B)=wtZ(wCj-TPtTmdM-AK(qoSMOj z+v9VHbun%)&5E8U<@*VOh+G(~EbG+Xs9@T@L!L8MsuaMjNr1EKql#QI2>y}OTIWYX zR(TY=08nt)_#T!2=$oCU_ae73@g^*0Bcd_vAfQgTHkg``e>)iB59^^!=_F`WiEV4{aR~meCm~!uJ(dn$;LcgQVf0 z9t$MYPw;1`2O)qVT)2 zPIxC)wPTn9&kfWDa5RBG_1CT6T7-1$_wb7?c0$G|)(AY+Q3TlpxF?B@spmpG615>o z5TW5wHcVUns`Bga{?1bRZ z8O<6|hOu$z$jUl>FL6cqeBNphEQz{cmj5n6b^>-cR*#1G>G5CeyRu{z(`a}*W>#Wj zox^(GOJQB{pJ0cs2KNpR9^8*ipC0?k{{<$$@`lfO{m^j`BZAm@PG7yOX(+W=i5#Ib zj=fpR%iLB!C4!U|oA$?AK#E}Alu=;CfBQ4p%lGbskCF9)c7e~(1{@uOqKuOloWiFG zh-_^IZ?|PfIc01Gq>L*u9qbSHhlAn0!Ek@T=ZzE>VCA4PEiyf0-W`cHJmYm1Q3x~F z1cpp?@Dj?zB%`%!YNyei-H3pP)7GY}twSBri|5m^X7Om>38fYKoMPy@3tnQs4qCW! z2c8DWGz~jG!}e`DrJ7yRMQ*jEg_wuMQ9Vd_MtV`?ULGXvkt+ku+t>4n*x z+de#~A~SL6R|rEzuKIIS4crMB@MFTbTqphLy0>Eh4d+76hdHGCHgfNa@4xx>;O~oZ^F?v~bokA8j~||kzyH@!_1%NKSg036-$IEw6E$O% zVz%YuXaD{8{r|rA^A}&8j{oy$vS^?FXPLj6i^1`5zF*{KzxfTu|6mwDyj@BzS)o1F zL$|H)BC`*=5+8Whvsp#Yx}B7AB=0VR%HfuJ@$Iv>N9#MwmorFsyB9OifX(nb$%v>C zAv*|}d#~y+j6r8P@VUp5c>|govhb0}Li7gwNTgwzI7C_l#E+FH5KAN?Se-?XXfd~A zF0OfU*ZxpJCIR?)P8(pe40E;o)=u4fqJftleSUlFb@En1IN~+0^cz(AZm9GdZqVgK z$hmWFoLTf2q$#l^gL|~+dU*YM`G|7U2_hZx=1uncHTlAJ@Vo`h{F^uV%68T@^Ua$C zpY9ObpK~hcn^k~HaA^E7ONaf@bw!(o)se3!t4oiFahTXwz)mQ19*3b?F%{pP_ix<3 zVctJ2mOc%Ms+_^2)8KX!5OmP@s`GqTRIV#^8X@fn6i%%O)7ek;Upjk6sS;d^DTBPM zXoAnAc3Jg1MXMy18`_f|!%YGrMb{@olDC*{CIoP;j*|P@6vdKD57T zFUW=_$_<&Af}4qWT;=_78>$pRi&8pexmM*kpVL>_xDv&A=EBnad4EQd=x@0X?LsTi zcaqY)g8i+15lot0wpWbW@<_}Zw~K++?d*_;$494NNbo2Q;{UNX%}1|UP95Msb+5kJ zK8LTzOkXmz1Xtj3bYY`mMiPt1Q5>p+q580SCTv)nY?$A>2T>C{t_;Ownoq^f)4lt{ z?CIY9gLs8F(W5?7K+6e;i6Pk#Xip1rNv(*{rkv7(NTwQ5m+qQ_%Xdio5RI}FX!g2Y zWEZq*@y(Rrj8NV?@u#5LeF_@GIX!o-giF>cUIk1lA(}BQ&Uc9t_^#lZl)?u28S}a% zbV_-xv{U7iqvK>sRT#6Ip#)94AC_}oKRiCNY+e${6Jpqy?_6mKp*4|uo9bw8!)plV ztjMIT3uLei3+0?UL1PERl+Qu1#v|Bsx76OgGIAd8hr{TKJBBNQsETT)^x)@~N%JN) zw`j0qa7G48Fi(n99h)q_yE%Vj;}=g)@p@S)q4G}xgURO%JY5aQnLRoEL`dP1jZ^x6 z$;Qd`fAR`k_oV^~hA#$70?RM zx3)&VNM9~&SFW~-LiRzpSPX($`#bC_qDBB-M(F8ceVD2QZXAX1%xeU$;F!U6;9$YC zFKYMDhAt8l@(YuK2uUg{4yduj!Xh5EBRpOzHm9#n`7aDyqoZJTc#*!r?NB7XOu_mz zX0RQ=+Z}XQ;vJyfb#>;t8bq+|W|Z(RZoeH_4Hyr6hr}eBY0B!qi)&UBKcI+rBHGUn z?)$KlsR!1^Zq9G_AluB*IXs7#oSlKm>i9cbNok+Uv;DN>^=!*mIX*k^jzX|v2GR1C zfucrKV!9xzF?BrRb-`Vr>34Y?HZ+}wWiR>l9zT>lyNpGEz5HV5mSLbXSsRsv|| zvYfL^XC$!`HT>-`jq5yXF@%k%YgT9{!Hj!L zlI1m2YLw$}*&jP`-ny=| z``nFN(1!ak+!y;1k+kMqRX4yAtrsz~LYy0|a$c1#=!D^F04sUZFm!G1HTinFEKs+U zHOns9IL9BEWOJceb}6|wKMKYTJ20~dG;Z|=AO2Cr=zFZT$H#PO=x_obd-3l% zo8GzaOX)u_NMsmnaGFr@Ht}ub+ZbHVljgYbtnOYkoB{8z<#z~2!?w zUuf0*1~fdHGAOX~8pF7*yLM%2Msar_$p!GK7Ntf_%%Y?B4fA7~jYt{}m@Z;|&bmbp za^D2)8(o?aUUSWvHF@y7I&CPzaCg0wUmphE7wG)>a`9 zaW6vi6os0-FkH#&H})}`MySZUW<71?d$bH8#S8{sy4l3W7}gNqnpj(9C0t*(1QpV| zW3(W5`(~_~N0BXe{pAn2DQKlcWP+5QeUw5ZMIU~T+(Mr7>ZM}pJ66qqz<@;^Qr88l z9>}nA!d`HD{l-I^!4RF^R?R9frH0m`s>mXmm3<}Qumh?@o*>p}V!7RL!=#D{*|rL) z4D1264OFB>*}mh1lX-gXcwJN}`_%0`;N9zKWeBO20i@!2t^b;#ljzR7?`5)yQdDf4 z*yMwqExUeqmYKX83-oP-|&z1KK8}gAj&_;^! z=gWe^?E0@uJnx>Hk{CA~V>j>3XO25|o$(wtxEVN$x4#t0Fdy|kn2|o)t6(O#{ucOb zxL{uZ@!&&Dq)0>wsRusQ73rTrPHC@y-XmvLBNAMG zp8Wmz$;r{PC(mCzd^(B^QE&(hNM|#`*_*G3sI~Z*vn9_3q(UjO%G~UkB&b!vYl0Kgf>2VhT1#4yN}zvx zz(r;SXx@pIW7aPWg5%cOUArI8&TRadv$G!^nx8XGGeC$bj}6-tL()?*C74UFV^cn6 zQRq&>lQ0k=e+926BIyg0rM_in%jq;o9rp-576e$Jpv){#+ zicQ+e@dmFrv-T&F;X%ASd76rTBL}om_LhP@hD4v_8JcfSM6Z-H^7^-G zJH2p}!mMWi?mXtM3aJLA+1P>N(~Qbu#x*N+E197nSt05R#LCK06F0s`>-M+H)&lvD zqqw7h1R5zCI;A@Jl0-aD6Umr8Q)YXORGn3a6n9nFuKfJI%2uhjk3~snt$F4nsu#5O z>387*T78X8j@wkUNX5$$+K$EUqGXAjJTbyCOvglTlR2Zc1%z}g>risHfp{`^F}{ZO z6^OnRULy!OXM~g0`_Tc>)PhV~Drv15c;`D;%w%eIO6F3onG#pzt_$e?P7~@Ib34rw z*eo4~GxV!P=L33lIvriO*13b2hqdP2&^V5?r(FeKRKpWGO5<%ak{Hr)!_;)ox`f*} z97K!V*gAjLB~5n0+s91Pm9`!`eT#Szn~S6^o%2~R+jzTl0X~c{*-Rg~dBT8TFmaPK z;F_cX@%2C=eFk<-s$s=izu8Zv;KE6nIe9G?7M(C!CiX9_tZ*Wu!2ql54NN;X(cph{ z;yVCsX5?TPx<>fvX_9CQqisWy`kCz;OscbSV48C6&NZ!?t=c*0p?~Y(Q}5n|VbkZ- z;IYNS-%2{6H6Zy<6 zi{FujTMijdS?h;DHAU{7?$ErruijOgp5rleIt%N8?Tp4zVmw6kS~Ar!%_m1N7%eZjf2Ut?c9}lZFwp@9 zIRtkOn5TPS@VXH5hH4&#!(HACG8G&po;aas0JKemy}?=L*TJ=YG`P4sG#GSA{NXZB zmPBd8_@>cvkn8CKdheY(W|g?achZDI;!Y4=K>CN>5SmBN*dhQbIREE&=St^ycfIpy ztf8<`;`R@|et@~3lu~>owJ3T(7W`MowG&s5QAf1-nZb>3>D_IiDqDZc$Xc4!3h|9yq$k} zC+ZDJ{aF>9h`l5+W(v9iHs6Un!NvtgqZjG|u#**<{>bM9uE>Y$&X>l)@ffBtuHDu8Wjn zP_|?Z(;WSa(Mo$4!pj&UcS&pQbG94IVp%{bsGa>r+kJExh z=nZ2+SS1Q0W?c@6twg6+Zs9RH-3Ci@LzSg=QG{V{((xi}`1-ZPtU+c_GWs*gQ8}DX ziv~7Wy$P^{@w9$Iw=etG-geB^n-(Lo{rWZZ_vTIV(T0HD8xG^~SzX3MtOQh&=lND5 z5DeU8FAIrGqVu13enOc3n%C1R1bg8X^M{3MeXblF_;Y^pszD{NvtX35$vKi=LsdOG z-XV`L&1)Luy8l4e(M}sXGCU-9Rs^)cw}St5&K4nXMij$67&jn!i6#A(X}8`)G|j(m zmK){D#g*rYD76Khi5nEmyK(Ey&A8x{sD{@yJ;#()PKJDe4o;TS2)nvVz-yaL7rAd| zm}XnwY``tpfm@yZTersKT^X1>@S1yuZe^V(4BSpoBz71!F-g7AeiCDE$N^D>;unJ( za?^*y2YfL6YdlMPwf-$Iy3xwJcPPAfKGc)TkE;3xR>?RY>e1rHy#DR-As;Pn)J@(l ztM}p^o-Uos&;!{CJ6?!dwN)>D$ZSA|k*$=M>>@YtHoAWpqw#(pNDNF{uv(iQN_LU( zIMcHzpvs& zDDlq1q78>#79jOWj@*Q<7a)B=LIB&^eGJ4Xxo_V;4o+TyjDxh|qu}Jtka4mLZblyg zDW^B06Bm7Tu&r?DXCcqaW}&sh+h`50Tm|BP5M-I2%Jt{A8M1T}=;R?MGf|abKa-&` zl@H=bwKc;-dz?bd=b{ez%zaRt)TE(|!eP~-CQ=BEw-uJ!@)9&_(B+huWPdmu=3No> z2iK>@cc3>HeVTgSOe!v3&OM)GpWh4BCrKA>UB~kOWA9)4;x@8HaX7E}6m?|J4rJ3; z8ZbQLIgewU#AiDRW5~>zJ;`ATsk*y@T2iEHFoW5j{r{`0s-)7byJ;FMy-19D)kRgS zR;~NOA+JC0!z2+!Pg6GbH1sk)%N$&@jOoc;xO<){35d%~zGTvlC@laf0>ZVsT|`Hx>q+aW@yT&D5u;7<2XbSBy#JPRr1A^(3mh^zh4V;%7Sb}4;Qzw!M9&fT5T zY66F+fVmLY$OZSDjc*;$1^4%NcS=848ZGnbw#z#2rZ@ub?~fZdCvXC!5)lXuqOmw? ziBHXHgZwd!^HMMsJ;fmj-OxV<=WkEdd&9=94Z|`doI)}^7R#9%q|l~sHl|0;h3*s; zbYpQOD7Y>`_6i(ie-IbpKr7w!KER~rLBj@U;bHR_BbjP?WE_IcspN{1vIIGrzh^=6x3qdNtJT}NL6_;B{wBV}gc7Xp z&fYMGm-A^H&L`8eAJaP>v2+zI9>Bc&RU}thd|3oBGVWC*(1UUaMzhs234JHiLG!aG zz4Og56+v83chVKQ3HFb-oE@d0J7PXUg(<=gZruuLKyAv+Q71e*)W%B?rE_hSYOa?oiCOeHR* zv9gRsGXvW*LhCLAVGaXqm@x2fRScU}Y?WSUTs?tf;LhV11w>C(q9@zcwgVS@Vm@Ch zTWC)~vaOTrpQx)_%YefL(QpjH7*BAJX6EOTDq~K0PH>)FHW8Sb2{1aJ%C5Kd7B>TNYbZ*&>Px7f>*-yy&sb+BuGx@{2Pb?9w_gx&$#6p3NN)@EL zZfXfZkZ8owf)C2fC}X*pnWap{#lMH~Rl+d=j|=9jBWM@=sI)tmA(@&vUwGCe@rGy3 zGU_NmtZ?!~$Ro(xWkma5DF5Y@r~eo8ahJ}-QRQlx-m&&RwG|cHtE&I<9H)vb?Ph4# zu891k-AL>)gNS_N>Ks3uOpu{MWVeJ2c~gOYH!)`ASXIC@)0uFir1bRl1b0s_WkM($CV7x9 zc;mA$FoLgG%poCL zF(Y&nuw9~P7M{y2g0bU=lOFfH_(R*;B5Hre{2@Nz873+#7{7bDLpbGu()dt*(|W4J zfl-Ty@=_5czkFdd7A3d^+Bk9wbju=?OCu7-J$8)MVV5do#obE%;N>k(A1+kJoGP=* z>Dot;kogL+=|Ep8jJ0p#-_jEqIp={Vbi}+$v&Yv#M{+ziMqn6!BMYQ!R~Ws!AY}su zsq7k;kJd%e=A3h1BV%)5ZhP4MnA;)|9&FtVz25|>4SAT&&#w< zUhc$hizumau!59%fGdTqq3EK^SycGH3cpPOg&{F4+||YzU5(&#YQ(S#mpJae8!V`XUrku0)sDJ!V!Yy388E%aYGwcX-(4 zYViQwpx9hEcH>&lk!{(06imoe`(9>J-> z4?@EwROc+ah8cpe<~5X~%cZQdhD>c%vWRb}R7*u(A4U-lCg1v@dzGjp{?{lb*k$@t zSs;cDr{43-1Tz#*kU80u1xX0~c-=IhD4T&HNtm%p2qVBea>E&AzYJ>tv`#$xc|YPH zQ*=QVPNADG@|)Ae)9TZ)ifF3HAGcacbA?Dhh>5OSabuWFWvCpxN#yW6S~DnjK!JbZQhcCqp2OsI5XZ+KS0W)A}fq+!*`7Vs#@+hs3 z%nhEIjF}rKj4)IACCA{Oz;VEDTgs(U3(R^U)soC}zbAFiJk>vnFL~<;BF-*wsHjB$ ze*=j-r9B$+$z)BFb1_p^XD)jZiv5ull#JBt3Y$|sWUBt5yqr;s^30l!t_#kMa)F7= zz94#{;+STNrbrqST~Vm}N?Nj>i%|uMk<}e2jwcD4UHV+c`#rqm6kIF=^8)#^Mwb54 z`EwM;C45fRk+X1gTe)mqM1@`QIoNBQgU6j_CMKVEJ`jN`1w+6M7jtxF`F;U8jRA<2c#m@sBFyA4I znP=aV2^W@1K2_>cWVOy~rhu{Px(ZJ*2~_ zvRx{_z3_U}E;Av3**Z_lS?=`{ty@<0ij`5PsKdD#=GUxc@XB-*ahsKd$n;fQ|I*f% z;UAjzv_K(CTkmOAjV;XzCh8AMs`K^@(>56Z`X9iB+3m>m!UL|%a=PU`qL>u)d3J>( zqo->W^MB$nDDDxn5^gb~&HqMQWQm7;%2(*NVyai@wrHl@Pla7QGNBTi>@BPMoECMk z_RGCobSE0kOFvD6X=ffxBhktjhtpgJ&4*?hPD5|K3oRafM> zaugCh zVSoaX^y0aXx-+l0_2R{r*1@qTWqZPNLh4nO`41XT{oNu zB->bAvfX+W!3j*R(yUR4rHWEQv-V!_d>t`pPfk(1f5TsMWagw?^XD|GZ`nU8Erm{r zn}?Hl9&!JRxyO{bwk4|hb@4ptFe2ufZu6)Ud6&HxX^cV#((g|P=VNcB-jgObgA;&f zvpKU&fiQ5>Y``!OssfQai(gD9--=@+Yte`l!aPCQR?z{{@&s!C#7QzoNpG~jcl1gX zEDpUBHTiGZd19dzhi4K$$O%$c|ojyo`rO}8YMX3kDHc5M}5H;{=D z%|yKkNtAsvP0TO`?|JuH5@^wWCJS^`XcLXlDKpH3%Dj@b+^Xiw+25dzyDA}F4*>wFsCs3l=TX_69~ zC-Qbu?af0X$R#2K#T`0{4jY-G3S}tyD{>pDz;5{^$KX9>9n@uZ#`!ombvMt6NLgzB zUdKIIIV_(6S5h7ke`+!i(ns3QMxoHYI0|bU-Qn?4euwyJwhfMU>Q58rL{Pj$I_r(A zf0MX0GIz+a^#Eng54&HuiuC=d>2MRq`MdBe)qbd|)duo1jliIP)E}xX2{Z8{c7I`| zV33QeX&8+DPDN%G5d{?n+-D}u{P2R?64;2$Ym7~~OYw;kfv|$tT?4U}^OouyoTR#J+268S4qEGL6T~CP@Yv8e3i~me zETe*Hbwm=w@ff>2Ajd-;pH)u}V~M1l8|i=wtWx7zhJEP9;t8!9X}h zU*5{IAP$~Nlga{ARxh(fXM&Z8~m*YC3Y$-!#`8X@;MRd`w~QUy8oF5)N}LS zhcrJCZFh0;o0iVAa;2q@zOLha#5IizRx|gh*;GtX=-JXSm4(~>zwPcfJ1^DSTy`cS z)o@h+uFUo%1$E)o4OumHeu5R{oEz#`_Z``zKIt_*QarqH+~+Tx@SUYt}r3Ej-8_+rYF zW{X9&)k)jxq-(EEDk`;q2q%D7ei7|{NsuT31Ga^bu|v1(_aqEh2!Ui-ic7|r(0L$XhMXZ?r66 zT+or(IP=<7Hw*&Fj)zA6u&$wyOC38IK@?d$uKV3VU-Loo#%9T_kY!O*@i;SJA{2x1wG4}7*@>9K?&PO4CU$g1(sa!ZnNfy{0&8Xw8K!cLc-1$Z z&dSPf3D@9FVc=0Im)~4+$~oDeIVZ}^S17g_yTyr~h*E;U!($eDNsR9`)qK*wh!G?zZ@a|j zv#(RC?&o~67(M@i2$_|a9G3in5k9H;&0D(r4*Q6&5D#bzWBP3}Tj}3v8++(eVwFf)^O@4<;7tXrN%~1jrl5AOx^FzObC?C?sZl{6)b3d8yo!s33r0Ut?nUJb;|^S+lpdAU z?TlQxL5$ghIJZJsHGM*QVKif{#GF!DOpyt8sCYdlW}DzS`A#)OR+G88;VhaH)KLTV zOrBfvX(>CBXVPSqrV%Ueq?8A30mo-qz|md;v9051spCj2qF~)K+7@zrz(S7nCdzqI ze@*wzN3p3dSahQZ!~yBR!0V))8oQ;9W!SdZ8aY?!Hm$0Vu7vaMk2&Xag<^M+Q{&?~_Jbs1)h*pHNJvaSV}ZrE3F9k2gkI94B#Zv1Bm3|0{ySR# znT6qSXAJCZ3S}(Q41PMhLO0T5@rBlq9bfrJAq4<{8P$IY5=d||#@y5KB>X8Pa?KPV zV`lQI%|hj-D0wVQJ&YII=*+O-o9jXMH1x7_GsLqcU5Mp(u~+C5G4}isvc-O2ZeSmn zo6d|e@>%VjkkgdE81Ta|x`gi4uDUxh0bYo>#CwUU3^{?6(n|&syg$uWzt=Lo$Ve4^ z&|lu~vfk+XNth%!0>X%DR)6PAcKQujrgp8FHiN8D)tIGg%j&n93XS&uR$cq>`6X0b zWu|0Xc1B%fH5o3Io>69IWTq(+L*dZsY93Z3WU@R`NtT&8f+ZT@UYNpjmG`pE04BVIs?F2(V+1UcTKat~Gei_z$+?e>Q#OS%EA(K_@N`o7KD3c-n zV7?-AGUZ8x`K2)q!{e7QiU%)${_gv||9g8Gy>zcW^uPPz(r7$D>)NVGip@xTA?@V`fYygWF&{OkMi?fk=Ez3!)3*gNgdhHjSy!3b{@C5K0G z=*^k6*hes6+B9LkW`=j}ZY5a81VFwCGdz)bF_E%_8=-Al;a!ff64ROOE9SV%^SyJ4 zjFCibe}De02x;7%tE{xgz4vvQo8aWNs#z3M7po&*~35PL5H9UnL%nagW7!;d1f zifgU{cqtnHgRLq9i1qr^-N4NKg1K|A(e1)$Kf)ERCA2Llz)GT1BeI-ree_ z^!#5;kxyxAmqh*&W0ar&z2RQ&{2z{n`|bH($MXVw*8GPo%?$Rh{tI? zN0!mA>q0_&)a5OO=f+3TPBn{S9FQ?^{*?5bg*rfim;3kD-CggSEej=>B47L`4OrZN z!TwF<8x)Yv=(M44|X_)g8}$pVC9#%{M*qk#a|j zZp3ddy^w(8*8m3|`UJY5uYO48mn@Nh{_6mI21(>&!s2wCZrY6^(;D#B9QhZe{B!|fLelYec7VetvZsl$BeEDO)Aqb0uGba%X5*BE zvBL8#ocbZYvcIPd-gvX3HbdhFI;KOJYsY#}_&F(<{afV}CW^Jy`IN#&`W&l)uJ#h1 z2c+opYmGB3hFWG}q*kuhg5-ep2^RlYxd5g84)eb*^TDUgo?qi*4M2TD_8%%gvar9Q z`O7jN=Oa?*(=;&kehOm`1<3oag5UGsx7zdgdw9tSpydL#kA1b5bhtK=kLf3fzo)El z>IK@76)u-J8!MiiGEy#zzAK&&&t$j|wykz1J|eZIAxAgkD!Wq0atg^bozY7Q&6C{x zjeGmit6ti-jVrQCv0ngnzsCw*KRiZHvQh>}zdi^F*hYWk4qVAxfg>}8_2lc`^#Jmlxs&9mqk6#u2K9poJBB3!1>GTL3h~i_B(yYwmNjY+=R@{DxPnx{Sz`- z_7kM@sTG?f4&92iAO?|R?> zCk1dQ*GhT%4(I6|^<~bEh7p#Y@9(!VRxW1S5`bHPXUP)GI^!>MeRNgim`MNRxSXA2 zCET^Rcpfa{dFlu;t1Qzv_&At<;^|R$ zwfvbXd}u3EVU{pY#c0I`c3=dXHRWFz|@|%53(UK{(;)BaOa7>cU|! zWI+|uy35+q7goEj%|4tF$*j|`qHyN;{dv$GjOf{`MSEyJ7O#siIp&L#r=o>GHqr8h ztzIwRd2o$q$GjE^_7S;_(CgVeVZ|Sgfso&N-%#N}dTr{eYKDzk3gr2Cj6cbEEu;4I zu1eMj0}6OaV(1bu*yAotECY2yz`>s8Wt$Tpi}i2mR-`mPRR>C{K_L}2{|rbx4_vU{ zXaB^rGd6qRbQ}v^>wUBJR^|hcLr`J&7Ertq^^~KC`{-`{9r4Z?Jo_rTQi)ReGy9d6 z)`hJp^Nto(J@5>xz)PHfZ4n|NynvYrEJE&1ckBH)E!|5y5hlZgZ;eQ8N6dH&=DtWL zFJ{XlYGjfw?vsdR4>AivYN<zE}MrKllyQHJfY(Ye2J!iSL%X~uUJYpSw7c^A)5qrso2VG$9z>;RT1TOez4cs+kZVg=;jp;c8pP43fmnde^iJfVG02xCJhft zFi9R>b`7!5HyD%(WYy-Wc9{2KDwWk-jkk>_m}e@dK8Z+zTZeOic7PUi)_6YH5F zACflLB?A)Pvb);nNGJzvE9F)dl5}^h1i`34$GzE<0Z=N`IilD60SmN9Xm(&=6lHio;m+T=yk(MtBE>SPk+qRLK4uePcC^5&2s!8O zu4-}a?;T4I5sXPE93R&;n2IBlia=G3(oJLymF$x@tbPW6%tOMybc$k3q($UqZtXP4 zEQw$~gIsdslBWJX^m}#^lkB7(k}VN`_y26mc6}g zo3-jqTG{64cjl7YWAG3)H>jk|%D2d14|ZxzVXD6;wDQF zIy={-(YlgR7u%S+9Txf+uv%Cm>qM$K;O^h8q0+1w{s^NC7R>@a148_q6q zfIQBdC3S^x&25T*cV@fP?}iY}m#0$+Wm(gVRLs9cgDzaKUxbsUaB|QqAj}t92E|LUwm{)IRfhafZ!4ZWco*Wo|zGOGMznMB9=<4QMNFipJ;@ zK>-`u+Nzj?WB$@|pA*8r=C`XJ5cAjB0o&{lt$3k1_7t76 zSBspooe~k`7kmI4j`7qip__E+@}$pwef$^O&W} z(GdB%*(z&aC!C$xRie*HbG=Pne6^poE=)&X4JPzG)2&zgEkHN=Z+rT0@(R>`ADNhN zg#+(>0vsH$O2kgu#^4>Y_I+d4jZi==haC^t$LIqaC}2R+B{3k)t+%6&`nVdzKgAcy z4Hh`uQLYdLEXX})z~%x`pU*nJ08Wj~f1zX^h=SruVd{$~Th<_U@!Ru`dJ z{p~l;2=}8`9^ag(44K20nzNi-I*T%Lnc1&2QOW~tQ|dkWrEJgMg4?ro9)c5V-fESGP75`c77vOa~oU-wwC7 z!g#B)vurnd2X*RwCgO0Zf9-p!mYv-ElisN`>u4Bs%rSj;`ALr!@Xg*JK-ibZ_CTenen-{NHde z8tj?zf5W~0K^yz=h^ z@<;$EXQhQcCvQ1xgrTgu%t8oL$m;2J25R@L5`6OeKu>2?yAQ3E__&-Qz4=XNGsbr- zZ;R~IWJcd#Vlg%Cg}}V1=<+D*tIH5dKevT9fYgd+gCwm$thlFbrc-o%Q*>ob*L9qZ zyW@`S4m!4N+qP{R9otS$Y^T$)ZQFKE&Y$P~uK%00N8RkbM~$i)tL9pBPNBkmJ$V_A zbw;5S*Trp1H;1N>#ddj8a$|t?dKXja^6|d zIa(;S;28?Wzuo7848QD(TgP#muCM3+X4v8im0gJ#|oti<_|;A=ln`? z!HF)~9ooA;Wiux__Y0CN{{1tJwPqFvM>JzFpRF}r)ZCZRz_rh2rY9j(=3Z-=&%7%z zzr(UV`;A4tMRBUEl0lKAOi{mDwv-mIB^`V&(!}&;)npo3!zWoRS9Uryst5mEJ)7G%wdj9Jn*ZXjM)14O2>6|ZJS7-9b{&-+D6jONLpPyiMXmjThk$F8FR13{GsZH?-Y zKoK~t%9|h$yHS6E{A$2VGkt+$itJ`;3V9>%o7lU#?!6!Y|E?)E2wLwZ4q)gx>>`tX zO}+P`L%4WF`kO>ug}baiE;5|Z8M&9yLy8hfLN1{cN`Vqc6(2yOM8aCBjV`e&Mv#06 zWy@dX->#ULl_aw z&{J!9cV%D(o8!YD5F3P?M_0hQqX0Q4!Cke|Ly|!@b5C zgrYo&J!Zo4l*72-XPZsKaPK{-i5XZCy-sI3`gIK)o8^fc3BOV2Oi?qt2K*L5T~thfdZqDniGJ2OAmR=%MG&oU-~d^vbF_$`3FOSj2y z{w0r=9Ws^$4GxYhFOmm)iPZWJLpl89_)9&Cxww740j~DUhw4L=M$c49Q?GCTX!xlW zE{2`tOkL9)sE2C`ZRXaK&`F;x(O8J^gc}sH)Ne*U?(fNnkxo1#viZ*#^(BO$_ zXgl~%Gq21L@CA#d?Bl^A zZs^8a9x+qMOp8m?H*L8V_uM!l&W!E=?>;mh_SFvzziaj9%SNfE-b~W)LGn4&0vh20&eACgC4f@qAK)nSs>c&^1fD@B1B4C#lS$nYFN8bYOPCx(D| z2KH8%@PTl^WPuB2Vc63M=CCwYN+SUY{MwW^_P5u*i;&FY-_;?2B-Z*Lu04~>zXulI zkZ1Eng6pZ+|KcB}tXDab&;Sh=4R=7(7F`YY(a>vmeldXGy2i(Rwd%U&iJ4fXLq4;u zDgQ*Q;RRr4_&MW5dQNstt!fS8yemdS<_e6RCn8jF_Rz-|on5d!)?AC9vtVAM#_76) z;o;;;>uvf_TvfnK=^Wp5gr4D{^_F^+A~@biPsCensUw*P-*jJ(z@Y9|$)jTFtpWIT@1n zy1?Qm53%@T4|~52k^~jDkZF*E@DC1pXY&_9fMZRm&!jT6K|*M$g&$bIc4VQ&0SH;& zGNPP#1kDufF?$7m;EGJM%|7NVq88|Op`jfio%t^@C;v?*d4`mOUubJKeNNLHElets zlO8ur&;Qwr0c9TO-Y?xEa35fxzlT}$j&A@T6)-9_E|nj}KZ`Zqwvwj7=+(LR0Hfyt zV4;voLl30*r8d!E5JuxDuX}oF>P6ZMA+|?2CiD|_md0dFFzSsZo#UN|lNvujNV2=w zGWMs0U~{5*ll%g`*4!{n>5`qTF6DkGs?uvwWPFC;iFe7l(#U!Vg17?k0Y)gMX$-V6vjTJ?anhEUhg`7(i_@_#>p)XA)U0|_M)ztKmi^CPPvqz*9* z{%8^$IiHP;k&Bln@y;7&i)!srnpf~PorrUD4|P)bT{#@-#;W_PU8+r3C^;u|WowI}FEj8jrGW}(xcen};!gk%mm66NPmmRNAP$ZT^TXa*hlMf! zbC1+SkPVe$0!w*jjM;pg)l=I12S>CiCQT%aKU;g~Z?Wh#T=uVOud0C3+eQWZ;8UcR z@8N@6Y$*&s5VddOAjTc3%=~mZ-M~mh*~DrVqKW}=STGu_s8{PZa1qj@oFyM5xezH# z$m$MOQ3!emDo%m+4Qfk3=N_4J{y*A&=nJVY`PEYrL?%k~B5)9cu-``7Fg5rcQ z26Nf(sPvOhWTZWs>bZy#X5B_2yPAnr;|J+~w*38g<-dDVYd3uN&t-6x)bXO&3Yt6x zk(-?+;Oao8d~O2`*+9pi`6VE0&m~ciH5%}t@FkU0%Nq$@53(ShuaGGxj4Yo#x)VCU z4X)OLI*F4ONGnn4vao!=QqQVI_h@Y>#8Vg3zgNI)WF`@2u25g8?ot`-k={$p)$BLhteS*z?wDb1Yd;J(B?j}hn+j3ZJf15|J z55mRvwwK#3i>0a|gMvP=xB1t~_mBDQoJD3tzN_PlCj52>Jk`D*Jbh1k5amJHBI_lS zuyD}}P)46-l=Lul`FV&eAwleE8_9tv*&zTI0M{nivu%p60C$1y1N`ImPSFO;JdNSo zG5C~3cHkR~>~jH23W3&a45}#*=Z^l7PRWrTz^?c}ksHbsL0lyzSjq@yeyyQDXgo>! zlWZ5EUlJDRnEM@OYB_0@HRVj|is3;+6-{k2+3zgmX_cw#?0U&vOuRAVT%O0@I{R_%q1#^rH{1JIFVN$AMWCoD`l% z`a3e@+d29xb3ky2z_vMB@%Iqw^pHmk4`L~eL^F}_`7u8;lH^tdq2#Ll!Hcn%9DG^I zAxyLXL$9*W10nG~7ZffW1ceSWw-A-y;k}U0U!qlgjB8(P( zcsGrIri&+Gdr_fm>`FFf8}D3j9!)E8FYi8=I3w14kCG}1MYWc375$e`GP?$mml_{I zuLY0#%Ck31!?? ztrhEuC#P^6dg+Rn;Y`Sj`?RL0o*&fH`RS$1m*}Eqs%z@&cejm>Ui>{VSn&y-!=Ai` zqCZ5`^= zMvAUTCObK`F056T>McUG zzxx(C$t};2d`5~({B1rLqTLYPe7^%hrL83Ks5rqrAIA6^`pQk3MJ12xqs+EAFL+fGhQrQ z^L={DuXhnteW(cyY(3@9Ttwt&=JL9NFF6FVo&77L^KA$FPDlAhW@_^PipI~;cPWqQ_N;myDH z&@=zT9wo^iKoYHG$7MYwn95CDH7>YRkrG08Uy+QRnd)^jNP(uUio*nnmSy@vW7lC2 z#?Uwr)1AdvI@yWS!&sZK+AubuWw!v`XSHI>Bes>T{Q}ow53k@R(J7e5Hz>9#gB5DF z5!6lhWz)@2~zlOIY0UwDdlMgi2r}^`w_f`J)*JrS z?t)>DwcLS&h-5t$9G}dk)@kk!57}h;-A!_#EJOsqfMj(nVeH~=y-UA=fKClZYe6wJ zJu{>U49>(D&c;1}I%JC8C{t4Y!}F2mw9eMdn#O(Vp~a6a=qZd3VGbmw)<^T|Z=X;C zDhl?K1})#Q6oJm!_e)rGi~8flLUL5Ma9vn6ZtTGwlf3>e^j-%$wWc;nCl1>XYJBjG97#???7w zr90BT9uJC0zTF)2;E#FVT5*d3n6S*Cul+E)a5bc)W6F6iga0npZh54L$c!Mb%{;~v zAX#cac&=f5W*oYRLwdX0j$^X)v2Xywjtu)@#&uOXWsvfe2doAy3xaOy4na$|CR41N z$Lv4&j61tHb%tF-%mVv7&f+IFAZbb}4SE z(WjM*!hy>%dlF~^CDgvk@ntkQK`D(iZTz@y3mrWQ6vxyaJ;`<#K@)11e9jh$n#T*m zvYEKMBv8Yly6hBVeZuA`v=P=*nn)Y6{mLr;z@-slrfM7>*wOcIZ2>iRlOAam*}7>S zBbc#JyK!zAB}zVe>snk+foH6X87&2tvydZ=!BG>2S`T*6Zya7Qr&_MsE zo;Jw%SNtF-{OVD=d66HJ0|G-3&WEZAuRG~Gtsx@9jgx0wUE6;3=3j`1@1>=$ra@%U zlr@xD{G!2^e_9ETqUV1-C^L4UOHF8Y?Mk1|P-b^@W2vaA&EY+SzYA~X>a7lF)&L8( z^fDG`*!p_-&QKkUv58@A-Z_Z#*LSkcrn-IdT;8|iZav$Hp2)u(ALc+>S6~hLF%zmix<>DdB4gO%! zsb)ZCUi~agiSLh7S#qW=t*%Ow!`p8wgGbFj$X|w4E@(&?RqdehOE8RQ(C3Z;zcYxC z08tAR-^_#J43ZB0qWOQ1Lb)DjPeG5jWMxvJKY~feSvqo260>1nhAUZOTVhLLxjHT2 z5y5;NTVqRK<4su$ogqwlg~+^BudW6oy6uuGNzC}w2p*V&{|6l0q;N|aZC2P~n$U^~ z;)0GKL+*@NEjDA3yUtN$euaya0lHEvi)b_pL;A_}S&+8YxOs94S_ zPAoyo>_3RFc4Fy7yX%9y85I5-#WgX!s#TVyvstPLmeP1QQ51>Ej?kM% z^#&*vmf9@k)rFT3UQv}bgQ*{F0bzxb_5iCr>I#Y|_oX0WjEwiQXLY5;X(?HjqbJYr zNnZMjYd(kj{mwz%sbzhi zpt!c&#RCRE4=4uvC|_EmM^W|66S?h(l_lBRt*P3kt{e4}I$PC)x<8lH5d?jZ?Y;!} zmNFnLMlh9G(5wZ6H0U|Z7FgEIgD?vczrXW~;3hJrG`MCTRZu8(VklTZO1Tu1FU{Qi zn{#|s8fMo$WU=Vw$?bu5tlPYf#OumE4K&hD{$ytYQ+WkFiLbuo&FE&fR| zkK&H7^Ym*PRM-8TUVC8&T0WPxav@%?lkJ*S!IFDiY`YZ#1^LR&bRUq2>yj z##`v~Ituz3_BlY3wU12v=ChBo;;B}a zrD(t~3*`Pw9vtLO(YiJUdDhDpM4+*|8|A^$-CJFq{@FszwHwsz57u2b_EZ%{H;T$L zvp5j?>;5$`9^6&7XICh{l{;O%!^fXjS$rNKz9Ls7oH<;QJyy)uLCGz zu$<@E?C_+~wgsN$m0W=`*#e^8{ari~YC&s9{#w(GneYD0mtb6vD^S`2e1uiJ`3}0h z99aR9FYN2|3T@WSwvf%<8b!YO4sy-5P$|4BqA?4SMtYOc7$!~(*_&u%J9@y|rHM=O zla}0=%TP26?4tQ{!ug5D^4T(n5m7{bBrfY%e)-WC<+gfh>;S9B)s=4x5g^J0B2V0> znu2&<2`ega+85BLpB$*Qm)+*S%RxOc!=_oT`>X^Mtw3->fbCdYuY5o-WEhN`BP>M& zCPpl+W#aFBe*GejA%aBT7~-eb$Cc_=BpHDivt8D^j-BNCM1x$S1aT*6V>~h_!P;~5 zyc)`a7cBYU`)kq$g}39Vdwx7T0<(Ki%+vGQ2fwxFKh2G>K-iYk*(Lds_y{sE?z3>} z7+!Ru>)r-1or#!PLT5Zu6b^es0dAS^6;|(=_2ul!=;%nGOvhVf2b*EJsos3Rt8VB# zd#@kE5AvtOYwoOqg_|Fvmdp*?06*P~v!HmZMa>y-^;*CQT~!TZvFCWGaYoCLM`<)D zk{EP6*yokAyac^qp?#@gep=kJqE~b&geH-0;T302m7Vm3z344vL^Y>P_z(y&GNgE^ zmxgDA31UlUh`H+Pb2ZbgkT_Wa?6e{us3nV2f9VQg0!{#iHRjUxS6@&p<;KKH44!y` zOuV4HR0aJ3esi%Gsbq7`4zDc47Gfj9I2p@$_m)M-V$L|%=zG?5+o%q%EO*p^bQ73; z8ZkvzR%&unu?eXJocM4!DVZpcL0-&bx{93Sl}}wt$mri|r)Z?a5`_Nmf7E2k!v_`G zO7n@C!(^AdU`>tDRM zn*ok4TB3bv4%J$YUaWf$d%s;)3#_4!%smdY>YYjd$&I&Ln@&8rv?Q)ckvDhEP=IEP zL_CKA-gaSgaP)9pg=jlUeWrm@O8!U*lV$??WpUFJpt4es`ggB#QjpEg+h{HgXu8|5 z<`cB_wO5UQ$rpgIHgDaH2BLHN{2GKcsCi3{{r~G9GMF~C zn*15VMIcj}MjX=(bLdZd&yV=l{?S`xsQtC+<2gWvHXRC4In$#4W6uOA8vKeUH}ulP zWCt8Ex-LN^{9UpIhk?GFLwr(wx7IVjxX-HhZbCf>%E5-Id~WQ=p3~3Vkieq)ABBdB z9dI?_pdVs{4ni%Ag3LqABR*UV)SX@9+@82FP|zW=B$p|&aK);NgGBo8BQpRcp^pEuqKGv z{N!H%xtytt#u>w#6D2orIyn+i$DwZcGt%7r{ubLGLQZ_pZM9npp_OO6K0UWIs>m93o9DdHtKA(tp+M>fUpjcsNdjNPWa6JipFXJ(>ZkmTQdO!bcysA}I-ugp!5 zWVjIqR;ijA=+J;;V$lC#{f*(=6SE7XT$x@dEGJRd00!UlcBdyf6OtYh*4F+4=h(RT zHUibJF>-ftRMnCAD1+Lv)7ns3|Rm*tB0rEaJ_Ij9+S>^MGJ&s=nb8(iM4L? zL+}Hc)l9o?r`SM~MU^O<6klTdTt!HhXmC-j381`2(fombiQCX$}rC zdS3^m=?uQ;(dbf#>lz!Q$5ZO(WNi9O<)pa$Y4*<*9l4|smCfn)+hgH@Z;$Mj-d74t zCA?Ib6lB!r;Z#ZX;MJs<38f!539g|6f6{mXmjZt=f|$ z+xQZpDel3=dgn8Dl4huJ9-9fS=y*XOjUyY4Oe^_jt|mJ10Q-b<-;rdl?58IcmA`kP zhCvv-N9oL;`AWnnHetz!NPw;nfiPD0vz&sEL%y>0XL3M^^0@`&OBzhM=A7s9iDKR# zw={ZgnBD7iBdwuA^z)B#F-K#l(@*K_d?hwF!$jip3PgUCZ%?O>+Toakg{?V8Ub9S% zM`|;%TFZEpc=${nW?(>c@gcg(sp6*$yK3E#LjTKWIqU*#)B}9N$N0BY<5#DCXH7@M z3?ny;910fY~p4!-^9 z^iEzvPAl$|**#d&`WE_YV;pxVlcX1!Sj4nWSKZc3H?>P`OV4RNVw3yt$vaL2AVv@w z#z->NBc|95>U+9DvJ1%CFA_@O*}Hnj)gHX4%ti_C&xA8~j5V!uHANci+V8b{q0=u{F`U`4C%$URl#>lRHC~r z=Qu&eXJ4Q%V$rE5_8XM=6ce@uzij>RM2F)EWhy~^3A-10vX4c~5R+8t6qCB%X>SO7 zSI+03BPm7>_6J{V@>GV2Ko4@pABYKggmoSUi>Pnd6!yaWF|T?ULR-h-syRA;R~iaA z8NGb?@(qMeqLAJ&63X?`l)e{c-6*{`R{xONz!parw4`+>7=G9wiwJO-ke7i#MI9P} zchRnPI2WO>aj1(!8mxw_QHmKAWHrdErOTjr)xT!qFczv;KV{eVY-Jr zeawOtQSiVd9Ngo&fBFwQlc(svr{pa5>h}XzJ^3Tvw@rTR`GEhEz9PrubC-}uoeEDXL~L) z4PAEZ9(CylPAO3xE}2FcfE4&JN&is_4ig-uyBEa(QZ;tTC!GnL(DD5 z$o!ap%@@m(ab)6g6jBhc=z7t-C`K^>j%%fRmJ-|zeS&(E$D-;0=xYqQzq zsBeHm<&vez_VB*;a1W)lZ(rp2N_q59o~%8`*a2}yL#*rp`i};HQ-slP+N&uOc;lh& z6heGt+#w7ZaD`-0(1w^z4adz5>(kK;!&X&;w7}DV$8m%FClvoKk8~bnXLhIhhstu> zjaksbylka_Ot_>(vlj-IODu+ZngtvVgs{*kpQ*Gr0)IhDLThp&l%YbiLN#;}qBQ^$ z7KL(Kh$13c=LSBL*^ssK$VWrg!1j0yPTo`hGO@I;Ijt!jS=*m_B}i?J1vg{P3=yu- z$n3ZI(A@2YIlRmtCS9pKCZ``gVg#l_xg8(v%VT+f56u}-T7OKTmb)^zyO0CFY%YKm0NCoIy_(0qEf)|GRPuOCC@Aj|5J zeXmJ#hzSa~Xrh|9Ay^9+{CcAqz9{x03GK9Qu3kY@p{`S5Ql2At#hw<&ZcaRZP z@rzPl{BGr5y}|c56skITgH6(C`Wd zfd(A>i1Q3atd_1~6)nw4;UWfx5MO#tgrpyu}48ufvOFQ z6kN6u2Ca6*$KCjv&GfyHkRJ!h^~VQ2f$%?QAugY_q1M2l-hOyuFTDk< z(Im0b%sI9FnJ_;WiczXQ0pidxdaLC+lOBOWnBFE?qo~v7ph~t|v;>q9zR4Xe>L^!1 z(m`0e22?)7&VaYPRW4eAtv`O;eM})HO^}U+5|IBb;q#jjH1~R_y&bpYBYv~2?)ib9YrTyxZ!#PC2zcT-;N!a?4>%%*cbci-Cw6dNq#Q)8-OWY39<}D}i|1t;^(T zYAmED^RgmLhHR>~?!OYwqlBa-=bdyY#x!FY2rt!oqk%$gAKiMvh?+y6pZm89ozU1W z?;vWAibczS$E@m;JMKr2HT4mrJosiQ9H?8rk&Ur0Vo%YZ$ z>olXbs2dGAxLgBfk(=+#2i;lO#p_tb=P2Z(Kj>L?VufEOD^tL0Ef1{jck)i;vSVPN zr#jI>*8TBCkgm}%sUe19<+58`s(|HnVuMxHO?&w|jW+H5T(6LjjJ+Av9T{WUpBBnx z@RQNBhID?OK<&z!C#b4&lA-rRU?>|88Jdiv7u1pe`&M?0h#K|Tr0Gkvo{a+|`lfS=Q`c3773pD|}xH$si( zjb8MRU_6{w(5Zzou>^)2f*hLi03e<-!lp;U@Up7sW$JD%neoHZq+)5q7rWb>H?9TbJ!0wQ1l>o$02JyoZ%-<*X zsbmx&{`U1=u6Z~LM=Bc3jdRS{k1e>`zh1=qR7o#@u|Kp1v4BmLp)Q^PjNTrH3rT6J zqw;-znKAa<{l(2%6D_U8U0K6@Qm*Qdr2dvpF!8c#hq)*fgP3a(`2(v%S;Vx@L2m#! zf&^sz#OzQ{;>d<2Xa21%0W|rwV-=5fJa}_5g1?Hm4x_=-9h~c=#TZ# zSsPdR*CYpP%L3}zpq^hTV|_WOpN&4(aZpxMXbDmBmADI>8G8d_cL(J!Q$9PQ=|caL zsYGdZQEA8_#Sqjb7+yd(-_4FKMClDqpmYcXSnvVN;K+PK#!GAUA~pq7K2f%ODX5br zU!1czqCz3HtGXX*iqaE96WIoaUvlH;L)FKa8An2&YCaN)ax(1>>=ZGJ%_C_{twOfS zYkhLNA+JxNeg%g~$V4fGasq;w(4vFsd~h_TUL`rHwHafS10(10vVi8dc$jun6i!Pu zgAP9$;zrtXpV0uj=%2|!^w&-llp_e742=DTuTWSUwepk+eab&0RHR7n9F^^`p+?9{ zEMYaOob9lx+VF}PiH&v4$Y=X|5Fkl>o1WhNX>9vxIMtuV^Ko3pTkgcM0YihzIP7D_ zv*=wcte*?s$_P9vIs9M*a4q$8y{f4FFJs4nIv7p%F}``w2#xnbo(bLk^w@}cmqGni zq+`K|da8Fs56Cs1%QKp%`?tGcKwUzkh(cm+b0h(l^?L`Ug_gry-aN~XBa6%!_s9%$o${8 zNUCj9Q?5BT2%GE2Zu}c82bYD*=W#gY`<)Q-I`s%2IAjVwsc&?q+N-9eNh|7y`hR!S zMU8|zNT$wV^J~Tm_6xqz;qFlO3-z5#lBWG(V+vliaMX0Xk^_(0XM{;}wh#LD1t!m? zgYhHQIxvDK1UL```#qnOgDCTrl^8PyuwkGIigi%YEAYpb%!^Rf?Sd}uRgwf2BH^m= z#}`Ti81vYm{~av}d8)$PsU!*`zWLrDt?0qQB5{4pojkwG6Cn_HLcU_O8OA({4dL__ zjX(Z6#wN&(t?i&#Bict@Vc-~PBhatz%gUrv88{}8?QE)S+l)}!VPLIpA8`ZJ{5+h7 z<_lw|jkjhC)K>Pfj$*KA5>n=QVDbJ4e>Okv-0tPJkG+9-Kw$ZsHaeG;A7K@H1NgD^ z)Fk$@^sSeI)MvG19cMS1%Y#JBV+^%f&Eu(h5+3xYp}_O&WdZDYOJLhLJ6M%5`69hS zo(w`vJDx^?SPepOQ3ezSK^m`6><=^Z%wPV3Z9MZhOWFfoSC&ZU2-r)}0fOCCNtjSP=BI-`_3{NOqcrgS#uAW?j-ABqFb}vu1y)+n)@MRoUe1qM)yC(-0zRDZ+ ze1q=5UH76{NVqg4T^^~!nKI>#qBJ~nC-e-(K>FSt5N zhIKBJhJab-Hlv^&X*XZ`hR4$`?@2&>P=#$buT0<4`oL2)XNgbDr^Pr?4F|xdv-HDK zTDnF#P-)n$=2XcbMj&Q{2RQ-Oj`2r565Prb=)tlq^|xt~3w1bvzGShasUw*|Agw_V z^<2II%7`Ci(sjYaXmc_aCZlb2T&h`dk<0{TwgPw z@^^KjowhUZC^~7S3iIdwU-q&vGyM;`4I|QZgj{4Vyh3RUevoZPjmmD^igu?(#*_6% zY$egze%-^*)>USQEw?xJ_-hF@c=)9X={rkt0ADXY?oSzx^W?X)dx5+6qn#+%Q`^n6 zz^^40bH%^rfUknPxh?j*p3BzJ8+&D6^gb@Ie)7pR3ycx;`rFZsG{3Wma1G+#ms)@M zWb5gTy>11onQ72d{`Bsd{VZu*g#s^QZDiaTX!T9n0h1^n%Ob0K`mL!9kNLw9|AS{t9ea zYVC70>i_0x)S+(XRcmY#Bsy<@Aks$tOLMx+L<8d?bnHNK*H9|9QwCcB(+*sFYN7^P zLkCOQk+;&+uJ>wG0#g_YDFLHOXw38B3lM~BosXK&$0!^8dO);clt~NZ#d359!hz>@ zEIZJWoF|M&jMz$naU0N*ea!;70QF6&cJ}(CjWPtf0N-{pn0{fZ5ot4|>4Z-ezDBrP zKBo3kC2UNYDvC{wSAI46S&||O+5M^;BHUUJ+FsDo5z-K|!Px(6}@DGEofL1}*D!m1*qn{+I z`OoPO74j*ZO}n_hc4E1i@#1&8L0RqtEGoNHF;$+Qp3K+LU7Obg_?HmTL^S_qW4Q03 z&Apc?@~0o_czmKPY ztQ3PBsZTAri5Jl7MDB17(18Q4Agsav(U1E6T8TlTP2BLm@ZXyvvO}?W z@+&VLcAwUkF}zPQH;zO7UK$-XBEOjVe|f$*nFZ!+!j3^=(Pmscno)`T(|r+~Dft-K zSF&&HiWAN(Qfi^+mGm1v8{EDy#i3M3h_;PoF~e1kC~&7*raFy1M!5paK}e0c@?ek3 zz#yCdh^hx;%Hgm|n3HLY4kHPLQVdNbGE8|PR7CDF*eM{@_1B8;$-6&Vr>cx6BA#W_ zAK7L`r(@6V6#6W!xtxCvh>$BKLM;gUHI&mHb2*c~LC}QTIWN2951mv2X?%BmKwr=m zG7-Pv7f-f)tPVXU268#i`y^JMIIV1jGVIqII@^~N#+M|jOEZsEgQUL0l7%zwX*uUx@b|J_I7U#yM2DemRY2h*UxIqitL*?94uQdPu zy2fM9>g}haJMXi;REoihM0Lk|2*InsS~@s;JE%E2#IRE*dDS-ZrxS~Y-Trh22BL+q z=Lo8uxk^y^Im36x)Oimk`((roK2iHabiN#4tlRmT&$RYzHTJfg-Q@V5uLlAj^|q01 z=OHk9gE=%KR4Feb zZ!hZOm7gxKMY%-#_-65^TYoe3xx{+6uL)zsEWg9CKj9=E|3g0mj3g3ZPkh08*xX*MKb@o`lJTCs zn7U5o7&E3Aj^Uy<8HuQfzT}=Bl_YD>#F}~;uM}syl0Ij$1o0ls82gNqzlR#(hZ<2@ z#6V6&kPTD=lDvXqv(_d6KAOV9K=LoGm!f; z&jYx4G6C_yRr|kQe}14f+`A2|+7K8xt!I(=FFBSmQb@-C`*xcVjg|4`?E|S`55HLj zu=mP$o~9P>=^*FuLxQS@+-zkGN?RF*Dk_$y&ICL2i^u3HPHxXFMna6JzrpV7gIqVv zE~-QEqruaA~fI0$d0KHRKdI>(ENI(IeO1^Im8paiaQ7c(ivpqxbER)Y}H&M&o+ zm5#rG?uc7q{n+w;A+t+}KO{Ks_kZ>MUT4fAND88bJ*DyBLbjjM5@SLh!RGLn`r>!u z)&0VDuQ3|C^l;~S_8qbbPUDs$I4m0i&!a9QY}+x22ck_+9qluHLS@Gdh=&S(M=d>< zj%&TT0{f3*?1vAoXAQ>(iRVE@Wbn`1l+M#>!j3WUCxf-iXyz?}MW>kU%G?ihSjHZ} z_Lm)o`A&eX*WcDzIuhBe>x+Qtop?_P1uj=l(?)(n^vKm)ZGZ*kAbrsLdmMK9mBirF zeM#x$glvL_rCxF`CHfzJ_ZJrBmi;{l*x76oC`4Un&wiS-Jr3*qSwog&4ZUtp&S5@J z!sHRT(vXeQfa}-FK)EuBh+UU*9k5(A&kT+gB*-I!L6^xS>9);n=z)F%EW|Ip)Bb#g z++?9!+{=p(SdaapbaX2M<>rDu-sq(|nD=NNndH5Y-2{cn;{3j6e>eI4C7jUOpNdP z!qH2D`V|}TS*CaOc|?=Itg4~DR>qsQ=ebG%U#IGb$|6l!#EN}HYgFr}tdIC=xK$lU%uxeb z^;Agnl1p>mv|)|Es5H8G!KHGM2Ao?kQk%~ViGMuGrH;)e@hVvqw)Ss)!-W5wn3p*R z$9}GN%Xnc6cZu>TmB#pN!&-mCTzx~Fu<2o_@_67}OZFmi(wyR4#|8#L;v)|!EiZ|* z&26QC1a=Yv3i*}W7xrq5sd^j+9>^hZD;h8&i>nf>N>bG>MMbB0s=%zT>5CC` z#WB0`A&sT2@*$4q0Qv7}I^SXl6AqYdr6w>!&P0vJJyp9u72GC2FONmKPZDddffl60 zs#|dwdU4HNxGCz!)DT~mi%V4PCESc_ez05&hM^;!ZmX$)jimYzuoCgN^*NzXR^Rip z*M-Hqk}Bk;N|$VF0;f@&H!Ak*6p$~;Q(mqROZyh%C-#SH-$Gbohhvo0cq_1J;*YH^&>7{0r ztj9ZF(r4QQb(?>N%+KO?B%vBF+@R}HrYL+jlz4kY>M%u8+(3ZDabVGBo(&*v>5lH= zo6&ANLNgCrU=t7L1jWcX7{$&u74l`GLvvGho1+G5?Z2xR!tW0n45EzLf(-D5NWeth zyEd9qx8jvMr58Xi_VHM9vnvNY`@?|7g(7tPq15JeP`e?r%+%5xyr7F3DOFXS4(NMPa!bsvU8 zNIpk-;|uL*8;QwZ>L(r*E|6zHb22<_2ReG;VOQ%|%%4inXg`z)KUeHG)j|WtJYCEo zK1h7%ijS9@ZyGh%io8u6FE<<-G}F9(VlP^VbdcJFFsW7!d4w=#a6}xD15{Sm zhTJP}Gj%HAppTgup>Nt>>Hyk=6sb5)xhNE$D#Jz(JhuQYWsuUz(W9O&!C&<>?*Yi` z?*uWh`=1sZIFBgEPsn=hu;C6H^S}SVyK~~naE;L|M+z~#ZX5D=UUw6GgiHK+^s3GK z7-o%8u3P>>4|P=jZ1E3XYq9+u7QFfW=zaxQRJ}w%d^O75CC}$^)oWjF1*^^z=0ARZ z*}001mE4$jRrVF))~e+3d%+J~PI`*K1ZQX}C>dKB-kf=gpl>QFshk`p@3@N)(|NFL zZ8}O#twdlyAh3OITFp(R*ZB{8F{DU2(L1Zdu(*t&CJdt$!q%RX2x1 zwT43?Z@!mh^sB`%CuZ)!c=0%c+lCh)VA$41W8a1xM}e-mJ!mYIs>3ih8i4Ol%^874 z=*I*HSGXdrF&O&|L6whcqQr<;arYDAKv^^WsV-5+R;qawXLD(s&LBYD3|nDlx;@dh zI|d5I!_*7{x?3S*V=mLewen!8?y^i%1V<0-G!5zA@5jgSN*MaNzOXWZMN;qK8L%BB`X-hJ51Ey z8o%zy)E}1#?64R)pz`AT-D)~S|Dh$C%9rDdsWx!{*o{PU;QFDB9%fs8Wvwa>dZ10y zTt2FWCZNAc&3eWPNeduY#rnMuu#^w=AU%)6(}ES7=~l(Yn9Cq-tHAuwyoiS$*qj-x z=A0nJ-%`GAg-oF8oZ$W5R5^b5n^Xg+M9|c+k;I^CF^h%XQKP}~bGls3FjIdYHamf_ zN0*=Nm-3efOXd)kYJ%}?Fk`j<_v-PsvnV`ruz1ykBE*1AGjgzV`r+F;3>GW0gQlDS zShSB{^Wn}Vg>+e!_&fm5YH14b@ua+3P+DH{b z#o){B7+<$g?RJB^rI3$zKmJ;S*=1^b;P=5Bs({-?DZlK$*s7ar{X#QyZ5wu2r$=*B zty*&TPV#M~{q7K~)5^}Jo15u=-f7D-z3A@!$B79r?)GCvh<=@%3mkfV#jtZIO8pf6 zppnULMe&@yON#x%jWbUJ%$>FZ3p`N#&w}_Mop5up-q3tYVh7Bo)ES_7>%U+Z?#Cht zylu>{ifk?HxaDzI>^8KVRMTRBur6_3^ri*0&b=Kmm@8ZIK0jH8wqv3_KZZ*2OAg0S zTrI2B&Mz?)sXk*fq641N6rVM$B&j0QHj4yX&vMl^=PSLnT;uV*jPaNW01>H~{#B1m zxyLn+qg)mNXmNpnvtckBRsNPTRiFx3Yh@n%$*|s3X(i$N3gEzw<;{rfxrm(Xd6;fy zS?UUKpa-)gb>+6B=EMLF{7d#cS>X@h%g5M^J#LS_!VHg9^J;}?nd`i?EP4JaIeFCv z_+1>@lsv0>O@jkOz5FMHJOK||QrD&ilf};sp37|sZ6A*SlwhmbFNTTcYOg#oI0yKb zXnVgnnP??Q_t+?Fn9o^>luRnloA;z+WPtIcW4AiIoCj@?Ls0U14uz7JxXHDxdg*q6 z?DU^g7g@hyf{Ve9YnSJNF&64V;Faq4t(TFk{Gad=bF{V8P3hIMG=c(EP}E@SROH|0 z1EC7S=^;c=Aw~z=adjimyu&CWRksz(H^F!fu5XVyEw^x&Q+9}m89lTrQ8|y*l<)d7 zQTM$h1vn@lSRZ^7@&f{(WU>F)FH*o5RI%0bo~vcujC&I7R0>V(td74|spK_{)8whe z&Q&Vj30Nx@B~LV|7M;uha7t8*4sc7XlC>ETAZ7kyX9M>szn67gk#r=(QOv)R&lih0 zatND59ZAN+S)VAQ4?zv`W|KK5KfnNYw-BD}*|QZ1I+)LTaS-({@h@88(ZDxoWTXUo z$wEgvBl&i9%*EEM+m52AVRHj84>?NmwZ##HeR-EwE&(xS7DTHzO}CT`2)q z#i$>WzpRxvC9f{$$MEmy;|4q)D}-CjdsoAs-y#-Jo| z9zxe63$4@n6TG58U?s4qE_&nP(OfT>vLe(uA9D*}vnGq_qc9|zc~2lCePjzP5%6>P zOfPy-v)R4+v}tuf#X+L4OvEaJD^#yjUJ!K(E&38SykK*nMUL1xiB4qy!C{!p^jeke zH=7WZ%C3d6R@q@qF5zI=^3CqQdK|*jASV$*VKdg>O!^QK6~AhP0{ApFZ+sS_%A&V_ zmQ7xJDjZ(YDNX{`Wm2(Ipo#{Pg+fRi4^l6M{_9cY^K1c#eog9<1o6hq(vxs!CZ708 zHSvLG61wVt?vcc6u)Hrh#rq>#-`+Rz`;2D}kL$T3cd=pWvJ6n#8Lzw;GxWk3pAzYd zriA#n{y*@71nB2X8m`;_W9%J(Bn#Sh!M1H<+O}=mwrykDnzn7*w!5d@)3$AE>-+cq zd-v|%jo6Af5f!H@GxB7ds*?}iCoLi-1n|@w-}D_*cAj}V0r}Sexj{rDJ%Fjnmr=(s z4Q7J>*VfL^RNm>MAm--I&-rB#_Ae&)q-dzbvkQZq+}ExXVSta(=(EbD4|X^W4VzG1 z_>v2n;TIgP*x(xkt#scXjtZD_eGPTPFd=NVk@PH-Y@+V7!(rg?yVOUHvid2gE{*A5 z8E2ZdJE7f~m$orY4rIUxRpI)4pXG8=<@o=AyqPq8?ui&pejr_h?@N^2WQG=&60-6se zg~Nie(wD#gUMK~bNXJ1Rdw~s3JOGqJw5wRuo?KcN$zN176-TuA7z<^J7|SxF&7v4d z2^X!*|H&g*;D=iL7mq;6^#6lLi17m(<&=ktKz{7!eEhl%QzjyW)ELt#AyC8T$o_i_ zOy1T*b#H<10b`Q*C>ev4*WsD)R*CQsaVA&b)AA&T=z7hiw~vIjzM<(zR%44wC`K=pfyMi|9Mb)0r;%A8bvg=8E(*K8TxECX106P zBHoMgMfXMU=e9cfc7l*GiU@))2L7QVber6=!;O00lf<-|M+j1n;5h*2-xo1@l{iP~ zfh$-{WHqHK#egzH%;Y7`;ZRg8X-7k1fK-X1`a>;gG2gU=6Sla z6UN<90P?l?S>b}>8KX^{yWKn>C0`LaA1=mqv}JCwcl$*Ei74ANsH}-5?tM{mo?1mR z|6*PQH`uI){>9~U2Hx3yg~7pbfB=YXRx|pA4sVI$Sn~NWOanKk1{^!n>(h#Kv;! zpFm@`r}%IG{_+&eDwFp21F8rLGRdX(iu&$$fmmZ7gOaUGwnPfs%RGnDpz$ZJ zhrz)fSK@tU=NnDa{#eV091v<9tEb>j6M0gZGi{nQZCkQ!YekHb$au^~WI1+l`gZAn z%qyxy1hvL3S)s+26k?4B*7^IJtrM3rfWE==OX1tAJ6P|S5al5Hh{v<~dKdKM;sO2m z)ea{!Uzdac%M&@}9f=TK?UK3|^A=fc&HKT0$BSNpZ$ZAxfJ%n3P^B(kyHJ}c#i70r zr|;jADDJu$q_4~4+1bV{K3(|B@F=cYF9g4|2;UOv<$5eAC-uKxXr;Z?E{&+Izvre;L*)CVmN) z>30{e4k_u8wD@%`766wC)NGO(-ljpIk@1|jAC^yDDQ1N z-(&k~Qe@#I^1_n{(LGc-@y|NC>RMHQEs#6-U7#K@F+^8Tkm@RWvPCg`D~;yx2`VF1 zpcHXMj}m!kRfN|-E~5g}GuT>_k&iHAq-XK(*S6ZTD?`D7OrU>Y_2l_Any9MrP}R_e za!81ps3^wuQH7k{V;$EXapKjRA84semI7_0}#OM5zNx{ zLdo&9qYzH5!R%0Uiy&CUbJ@>#xAAQC!pX|l1?a*jL4E7E#LPONB*28}?#+17coL+$ zR{g{4aL}`|vnV&Q8&@bz!e4(N#_|N}(C!7acWPIba#=mC6;iX;H9pu{z91Cr0wyZ_ zdJI&2)^{uT^qj5ho);lLW*sHxrrHDwJ(ygC95X_Yrt2FagQln>F6<*hk;M?1MkY5P zHgCme>W%dJH^kTm_O2 zV#8!?u`(2wAHe2{6E_XaOA;RTKK(Mx0@@s2hSJl$g?`r{mi!kB(o*c!F72yAS)lFQfmNWI_(anc zx3osCw;2|RL|BX{k-1Zl2u{5299Y{k=%2T=uoU=~D?eMvZBi2z;@ zL0`bV62YL}MGnYA?OGU0A4TL`yn!85MSv8P4NRW^MPea_h^Qdi!j7PdtyRgkdN*=c z?)j%9ktR70U5|RjcLm#*p71)j8{v(qZ!p@R0D_-FlmaD1VG6t!)^kTAxwV= zZ}n1@`IkK21evMD4do+(14w8i`dU_If5vb2W3|%tPHXh{hhJojd*qsn~umrG*q%P3^)=PQ*|18JED3;wdip!!Ol&Sw)l z@-z9vQ7A(GRmV-H<#=N*;LK*8iIYlmRR}kAUGHfpDl4-8F<#}v*E0Wk4buGbO~`_~ zcO98J8~F00nQwFs@B>k}A`H`W5!Rf#)1BlK-*Tb=&LBM{ySOr6bnkiycz(C&d03?A`952F)B5>5Z2l?s@m;ve6%g8T3-Emm0Uo=Q zdYQLF7pNsxAg#%%L+quXH%do^75l({*I^wBi2mW<+eD=2!4GrTFqx#-V}yfZ;Y&kJ zYm=KrzMLz}eQi20Ja;cNz{YnEp(6PX*eD(9chMU}tmQrQ#>+sxjD;?=pK5E6`VR7U zO&FscM0!~ud<%iF6txQyPX@gnZ`^ucWERcEA zvkn2%pG0Il@llQ~~z^C2vEhHTs!v4A{S8;Zc!T2ELk+4kyx$dsguyz_i* z?lXeS4Hw}evT8GX$3!yz`VlP|v$3VV67M_z>+46qnPDBX2A0e1$o$DJY-;g_JGp9P zNBlzi-VVZ=P_7JewM;1-F-amYs9z*eoK0a9>Yc`UH=+c| zJ2o~Qi9K9b?O5m^)^^_ZK8ekb2z;Hf+XR}(UZQjD;iGcG73z8^N2=#T)8ag9RjQ~F zHqoP0Y7+4n)MI1!G6ThU;v$RuAxkn&(%9KFI)B%Y-h2V!xFoF=7BbRzis!Flk2`;L z_TLkS1!v7EtiAx-)4lMWqQuBC1+kfUgV;BLsO?7y`ip(3z|nF2W-N^c8XZb{%zLDp zUOg^M{lNy9AE5_r(hDq4|Jj+BBjpz&-scn6};BxR` zW5yeIrHKGd`S=Be47Z%QJJR0M+vbZY`+we|3rMJ0s3>O#`sGgScHXUH`bH1l)7^8+ zoU*Yp#ifLF`{yRo!GFSEZ`%Xj;c}i2embwBsc+tkmnPm=mUwzS!``>bS6%)(m;GlI z=>G{PR^z^bc_MLSu}Piw8}bcQ{eCFo5lwz5-b73Kwv5OUwv(=vyZMGVg45i-za#Mdb!-uU7pUjUx$_ zHZWpeh4l;N?uuXFp1f!C3br4jEj2Fr>NaIbx(hm(C3+^?FgZN%?1nKZQs9p`Vj<~{ zZ930+7Q7&VjW|N!$vLqAWw#+@6j@Co=@shryVAa_ZaB_R7E7{j&m-RqXR{ST_>TJ$ zgiCtCy3=p|)R=kGq+eBaq%!heAm_1mD2~;Se=&3<{DpX~D>Yb^4Ap2dG2yH3jNzlT zjs=@)pJZ8YT^daevhI|xx!#$?X(CB0!!rpXQK%NhpmNk?aXI}`ZeqZYLw{FeBW z#Z$WUVa0i6=WUgjVn}hsMf#N8nwWmmYF+;@J^XbIM&vZl)^thRKEV?Mvub|nc{L58 zH~09{)9}5uv7**iXJKa1sd%PXqkyl?f~W301lE<>gT^s@16ZgP$n z*`gRDSIx&@#*LA@IoLa=?)Pa_9rTUa985mB_uQ%D*aZ4Fr=W_`+J#Rjh37UVfLWdm zzg-Las{0AoTBE8Sy~R%;30GPpD}z&Vmn@0_6xAp=!TG>KV6mz3r$r&vX%#xb$HrH# zUnS;XnNS=x?fC+>Ke#R~%7SVl*7HLB*aI^ZCf*_1<*WG!qCTF%xFTYO45vMonli-N zY~E6jmiK^-{o?FO0I+o#iD{q})dP4{l& zW`%B++nfAAu!NE zZMnWEdOgB}Pxe%oZFC<(Ma23~k{q}j83m~8oIwqNSJqKik9FZTIL)gtx>YMg6;HHa zC%MX#bU<(^!AwAKKv<2+aX?tqyj_bxMaJqYfehrVyW8nT7Pk@+dh&M8t9AyuydoKh z6@o+<@U@U_s{}DYJS%vbM%ktuT}5>A|9YUrP3?0mJ;M=HYQC`>BXi46K$)hz8OQq! zzC(r;d5J!y9cXa_c01rK;2XT;bZrd1V@2N7S8cA+pOh{OIRqVJ-;m;Ef^8nZXV~V| zm@5N4WUN8Ec?|sVEi&LkoC4j{h6CNALtC+^dGtn`i{Qm=@g1|;^~~+*Ehs&TySj3L6?|%QqWS>omS=~Wi-0+LWS3PFi_Qt4Y&e~C z*W^dx6E2!DjSuQ%44Jfge#_d=?}J-Bko6ZJFC%JIur6U~RW#cRss~mh5z%0Gh{ukF zi7L#*y6O%(@VWCb+TjQxAiIx5NS(qr7#}L3gpl*huJHr;(D8%%8G5o7lD{jt@y9Rg za}LkrqXe2F2AWREBIUCPS~T6;2wKz;LBbg}c^k5D5=x&nE5RKGCMbhMO`rltQ6=8M zMnM<$u@MY>qFCFN;UJZA5&#(xAQ~(+fxd#@PF3^nV)irq#a8KOfK9G?c2H3U@(2C| zc@-0{jWe*m*U=V*_G!fHtb)il@TI3S>qMWPX1D;e>FU26Thf z&-532(Qkl>CyC$&ZdV?gsy`=D8OS3O!Gpk6^8u)Q@zm7Y1?S@cA*?tUf$_Y7(K>B5 zn230Q*DTmcbusz12B@eMexXs)VvkM~^y-L9m2jq@I2maAUKD6L>X3<1C4&YBW;#(P z&G-0CKk&+s5v7fs0d$%@EM=QK2aSU#Jcf7I`sCbUJCbMgDDMn)rSRI*Nxh9R)Zw5v zAFKDnD>A;_~>PESyb2{+P+p+5Z0h)iL}pto77~d&1$Rcwd7{Q zW1S^iZfyCyv}nGx*u!&Ji96j<#z4!?P%@JNvF-6Hc?%lh@Z|K!Ze=Gwi6>qITeH>T z<;;$`uT*aAdTLkXzJz;2F-cY|CYIu}=Xw5Ddg^gRf3qs-4)J0l*T8i;m`nL6`RXs* z_)k_SC?^>wx!Fn)#ZpG8{5;XV`8IYY5qTh>VQz$P^ks662gK@ zI{D@8Y}<#T(&B*h8k55aWQV zaTF7XKPHEjk$cVoXYj$@zA<@o7Qn@=vJ(FshC0^9RCZlRJoX=OI924E>zuA>^ylEv z<=pKAiJ!P&K}DAK4*cG1I>>6+cA}Qo1*r4CkYTh=XDD_`YX_bz?P6?j@M}wkee7pusvnG`f4*a zvkU;6%dZ9P;#ZysYw^!Sc+!@t1_7q2Ca;#Uhemv z&P36W17d1o7|?rSds+KGSv$+-+7GOKB#KN~p*@CZA|gXi_BuT(Wplv6J`-``Ryq7^ zb)ib-icLC&*JUc{*p!Erolev`oPYE+-rq&PJ2gJ@+s)55M(Px-Q&pxEGn{DsHfXAC zf2a_c-NuP1#NsX+x@|1(YbShsH`Dr3YmP?$8x!I^mQmQcj(&X&W@ctH>6yu#hldcz zmAObOSJsQ!NPmYb;wfMq-<2zPkCn1|io$q$O=tc7i!xA=TL`b~8aUxp=a zJmb4x-m`aZ*}qipUde<}y>X83&p3a?Py*Om;S?sNR*KRG+w)!gda?>i^A9$Hl(4l(lw;sMvCo$ImPGyf`mH5|1U^*{l9~R1W$Gg8)uI|AFNa!k@nt@D@!f( zN|%Or|0e&a3&}6& z1(~N6L3T1l)BwqCMDOXVUHvy!kW2$2h3>s-k+c$REirYQYKAFDdh}Y3zmQN^Ozv+4 z5-WlK7ZMyH0U$v?{AWuF)X37sWR*hfirqlZ@*?AhqHcC}S1VFXpk=pJ4sAw>)FY*_Yo^n3ff9^0Gfd7XaaGlVWC*giZtu6cRKJ9m;QlGVKy z6g`WJ-(o+Hue_L4OfLFd@tHO3B4+kuGmmf=ha2)OW)_Sa+lfgTm zYpta!90XCQyORf#fvA1&mPl4PjFB*ZRX@jKkaB46DIK0w2@H!BMwC`XxTlh@6&Gsx zZ`3_hr3yHw^sLp=U4T+t_Kj5%C#mr{LWj&FPm&#%Xd^?E-z;GIrbiNz-4v=>6UnJ_ zmiMjXzjpTDXwLpX?UQCyuL5A z@i(xUajnQ-Me<319pwy9gh|nRxqR6rwG1fX6Gk=4!W`;|1_itc$J?8J)DENPaH&g*KDN6KN`N*>3^p3t@M zG+PEyWV<&ALnyQ|OdkGmbhrlNhAp*1Ea7`~cHs!_lezb4%-uIDllNdj}*F#xbP`s zluwol>P7qd_xq|JG6}v-T%Luro2slCI1`ZNyZ_GBWEG0%W~zLn(jeuTI$b={Vo5&% zJi+kgBcfu8$D`8c$8?LMa%Uu6c#9+8XU8o-o$o2#O-SEM@%k!kblm?eZJ3}eq2@s| zK>NUOSzvrHEYdBlSyVR7sG4W3;ou}?TVv*xG=5df56L-qOM)qrv_o(r2UW`>X z4XD)AEy~QJQ~@RCs+MS1%%l~jQIv2CNW1ALpSK(3G?S~fvabO4M{h1S1V(Z9zXroK%KTnYlt+OGMrD z1Wig1B-RTHPImT}#A$pKDG?QKw&OJ-)*A^aFrlW=rAe|`4P(#TQD^(z&r|jf9)5w_ zs^}sbK?j3Wlcy~ZZWAwR+&t^j8abNGZ(1Rtn@3$T)}~>wn9qW4H5C@(-}=8m zYQVs>BO$3#5ojGw;t>yAdW@$jIkaUFS^|ag-UyUeMOWdnVOu zQyvoQeH7+YnV%nsP*iWbwNF&tg`pJbv72~`ezNP$s z&{C#MFLbE?m`zCQD?3IWrUtP_zv!F5Oz&pC_c4Eb<=Cjh&8;Vz;at^Cd6$vF0XH1r zQnTJO4LhqKwi%fNb(V{X|kbCI{TXj8h@o!7AG zkf5~`%M9OaJKEU<2hAR738rP^v&Q*V*hSZCOcmH)csQ)S!?Q$%vs;a1aHJV`{-KvZ z?>FgSEyk5*S&vzs_oQk8wlK}$zH?>lcb|ZV-_TB1o*MqHmCq2ct4S-b^b(G8qo#w6 zUgpNE>fk{98`&Mt{=!6+z{Wy&BN}_KFra1Dy2CoZ!C;j-h^LhJ_F^m9Iq{-kagEK~5FJJ;RcT{J<*@;!yirTuVkeCiIiG@SYH*jH+?MiZHgT(#dC|_EEs(S= z{*b+oOY&hO)x0f5YZ4a5&8D7db5s z>b;g^1zlp_EPVGTNanD^dCDI>t^6rjFZr+{xgOz~2~+x3OlBv;gyTGgk&xs2lH#Ns zH>uQh_iG-tmDjY+r%F6;^xE#sf4Iwk-;X@bXmb43W_sVc?xN?Uoi3hqdoxB1Xq+cb z595@MW0a0yt0rMoQozNnAIh!kd7GlSlcEnlUj)UJPB*&++a&y@X{zy4_SWJQ>wK>gC?FuN!E&uY5ZBZ2uK^>*^ll(Yi{beUh9BI38@I za!1&EBQ}`by*GfH4@= zwcb(?7k--XRLA-BIxp_6;(uuO2;qI6P-8>oZ4DinNPj~n^Qem+G5sxjCSL)dW=MIL z+xswcGUef=BrDJ5UmhV|nrg`*scOwM-c+gU^fkQY=wD?ZP8DUhl!VG?oKjRfBvW;h z%a2gFQmm7s?c>Q1;-$wVQie=Aii(U`;&(Xsf1sV)M!>OiojMqxXH`3TsqnTF@$L6+ zOO~2yevQ`B_t2t~bkyZcj>(_taM)0CFa`=86Uf0exO{;I>H72@d)Zpi}d+~sTeM4YBGZprEAQMXZ@rP0z*h1z~;m7t;sQg7YygR)}}q$phXLP<({DEDD}KG^@a1v9aQ>i znE_GR^kb`}ImGQC<|#iK9xfm<{s^V@Y(}uBV0f9qQu1vyJ_MV);13sIXBtxLq9O-m zDaim3MqtB248uZ8>@>0xedu(`TabKcK~!83)Y1U2hV(L`q*6K<(75*MJ zasJ6%RWfY%f!|UPLp<`0A>)}ak1Ts)U;9bO+TYy`+vIl+xbwBJ2wTqbUV&@+s8{2V zJvy^O0n_!;U}B&H)y}F49uBHzQwsEdo36|M;bMv}-ou5a_6b{RvJQc;P7{EiqBPC} zIZ`Un!9mIe!k+|enAuWBi+ZxMhoo<=AqK)1h zwo3ix`F+y?jLo>%M1WsJPp#CsI#R>;D~Q70SjD=+@@kKX_pf8O%&{ogon#nhp=bY# z{Q8tzdGW4a+7EoQGPcp*X61^Ht)k@xR8EtOFCgo))}@8@T&iTfp&y`>1@gP)z__+Z z`T~7@UEh`o%gk_mglgA#4&Gk9<=6AENnUeb8oEz-f*qBk*VL>tT!_d8Y!IHWRAOYH zUpciPL?D960a~~$Ursj(p5>5h@aBNvi1p%GEz7qwWj7158KWp~Le$gdT5q#@GlO3_ ziA9Mmqv4XeqwKro>Nd2UO+)$)5uGJQ3fDNvwmDVK3`sHGz8iVIr5=b&!lY_?igccN zR!>c;xj_FwssS-tkS6HC6iPwOdb=H7Qo_QJw&l)7Lvx z;RoK{g8#!O)Y*6^;g${r)B}AQ8cze%)AF#PHfW;}105 zwLz>=QE6rDf^w0*e(m>w88FJE_OOhcCP8u+kHg`%`_vxIpOtUg8(aEIosrn)E!9mX zIz3tGP;^&%Z~28H{B9u-=-)BHf*ua>+xBHGWs2XV#YK3%)?v@E@?imXf2La;#P8qgX!HW3)^--*eYkaGE7FrUnYp9f=>J0q zQFuKK?dsoe$EzQxJZSe<=$cLBBPxG2m7`8y{n{Uqx)Ynt_<6C~+v(YlPO?uZ%ooMS z{N8Gci9&u~M0Es&z)DUY^` zXq0kzTJP~cdH0$#Ce`l@PPGaLrl|G{$JbdGZ`-)aefrp+wQuA3vFO|2IeW={d@r*& zvG{sOTKrDBzFWJqx`95oHwGFEGG637(P<-`jXjzn9{K109r|JsLi;TXf-O`BQoHrqn}lp&Kr;koh&|#OTI@;C>bX z#%t1|K5DIz0fPiJ!`*%#f8k^*U(Z7x(Mh*6O8y4>J}*Yl1SPU56L5%%laJg2jiZF& zI1JS~H{N7-liF!ws`B!FPxKY@iW>FB&Nl|FH+jR2YRp6D5`>M&osEq0!t15;-<(JmiO|U_IAoMmh*dL z=3W?W18@j#SypjVNsDei7(1O)ztb~h=HdmDe1?R|v&_>=(a#j_o1ys#e{u1t2%WLo z3#Wt-vj0o)_t~QX`47GNY^!B|B3;N3(TU;2bw1VtqsQEi26&DTE3j3fjqKwTI?JRW zi;P3NFm)|5P>#pXv&9UYpq1v<;H6f2bi$B|xc5v^2Eq5^5?@ zA(ohN$H;#k<*uNX<5Y`^E;J)m1{4dEOg5Ga>pF<@%KWP6yh%r+Lr*8eKpRby|K|hz8doUwFy++A%kP=@)(M!#qNGmyVA`rC? zdonx^8v^=BVU!z1wM@|~wtwHGhg}kzPc!QW+uW$K3;8GYoY5m;DFuJ-NNN&f0^>9} zd;t8sv1o6R7J^S9Z7V~<&F;#{%UT(VnW@WSJ`9lAi ztdIk2zC^{N>|EL@n4Z&cUR`xBvI5SWBeMD?(SlO;1h#~~LAtBi5ive%i#e`p(GEKt z#RAw1e1T;fT>7iV!5u=km!OcVr|Y$RRKwp}*O&EQ0kwvVRKjCKk$1cC{r!*uwA-6g zeT=5RAZ-CH4>LV~6qAGxOMd3?M0({iTe1E~Nnf%o2vJpsu#Jd1bq`EDIuVVay0WyO zI(R1?NfnVR0t;?WpgMp8hVz}pNza{Pa)ZV#CSPXV@O8ungfLw|xry3?DMbg`BxvJ8 zfZA^4Muujv-nAl;Z=Y%`L_I))<;7T7sQ_lHl+d3!cR~l)b%oV6O;7V<-34zl$8rof zxlIzDQsEhBvWgTUSwjl&zQ`Jk648wE227D4zgrkR@E+)hjI=BA-u7Iv-xC%b=s-%! z1?z@lfHUwGXfK5?@bEAv6QHrz#3W> zqf3%|_-=J;7v4#K+t6B~N-jIL8)pf9G9ZGKfj&#HGa_G%|APP(9Ju=m$kT`97?+n3 zxFdx>a1+pf2cUmvK>zVsfd0qjN{T?7K@TCu<)opkBtFIXVPyrvp7NSa|dkyqbb6ftEum zDrgnkgLb-=x815YUgE~Qf~7G`Oxy@K4>~$82PNL-c+g0pbH6kYCXV#bGFh~~{s`8i z(~Oy^-kjwHIXjnjtL!&G3&$xC3t1-IBA06~gZ@sO1ttTPrdPcKO0M2#5u9idpBRZ& zJh76#_R%G(0+o)fzl5Wn9XOc6R%HKjM1t_d`z^QVQgbLi48@2@Ih36|aJ+|~NqpxP zya8#rJi;^g;}h_+bH;kn^tuv2=Ao3T{*3BYm!?>^uY={YnMMg@WPt$wHr(0_n=G0tV_-avP{7}|$7`{(Q&`~B@r*O=H%7=4(@99jRCCs^ zDCid2eRaHce(jX0u%j9aE58KntJuguD{3Y4&I0v*u;Sy@>fV&;7%|!NVU7KB$`yB8 z&^cbSxblN6aD%ngWu)l0L~LI6TC5g3Q?EAqeS&+o6Uxd%4RUvrs)tXsyj*;b*}SZO zr=NgVkm2S~>aqZnobj{d-uBY8{Cynmv^ER+zLpC8A)CVCs3sS7MGc1He#qUV7BEGOg3#8*3hv$~*j{FWx($jT%G?gC4uNtuUo zNc-8hvzxM3Jt8f6BYa}gCLZ0&#HBGY%ZxL8a`=&0-@P%~5>ou9B(9_dcLh$Y={g(^$BKtd|nIaFJi^ApXxbSufY9qRV?7VbBm)nfUd(nW<)mSj9Q1m9^2 zz&~Kl;SN5k4hQS4=33+)OS0P@1K?yl7)+vIN+JfmIQ(sT{?JBjxU8*watz?Xgy$^G z24x?ulbIEP0Bm1X4s7p$XFoQ@Z)oR520yZ{rlNH#YyM?+X z$D$0IVUDIGF=)3IZS#dy1*{^XG`(|syd;yYuRbiOp23_bz1@i`FTMfM`@QCSF`#`<7#LV?l~ zFQS2&SXtU}e<4lF0dr$o{yU*EE15W=Z7~%sqAl37OBgz$O=Su4&fN#efx=$;FIQ`4 z$d31=cfYYB3z8P*ewG@?*`@RHoF0Me=2jiUg1_?_ql zB!&pQQN#KuiaMRKKOFV%vGZAzmOs4Jx}$*;`@i4~8`mLt&go6nZSg_%s|4zn**%qf zgh0)sqgeyj)UmnV7?ZU>UYnPu&QH>}Xp&Myd~t@$s0bnyvWmi9o2{KA6hvBL6&AOM ziKJ^fl&mMG2x}^_(4kaB06Qd+%M2~4#y}WZw;-tSs3edoS)*sy>&D~Y-PHhZsf5EB zlP?Ut(ga?|J6Ib$Gg?C-!v{!^J^+=QzK@WzFglIcJz@fsFGjK*j4l1DVzlL5%B5ZHbNp zh7ouO7zR;=at5#@NIV!3RS6gomx8(p5p;N0Vo)GywA&3z;&cfvI3t$=l%eu7PH$5>UG9ZAyasiKJk*Cg1PlP^05E`lPlP~ZAd>h zavSSjOPc`w0W_UUUq;AB7Cfj88Vzmx%Y7}k@^#-rAn)dZT`T|@k3iI;2p;GPbOt?v z5cufV1rAs54QQ^;kb7NNmEHneKZ^=tn8pXRN)rKGuc6F=Tt9^i3B;u#Nhqif6bJ^S zRSp6~3N#*K3JG+$t#<_r#q8&fFC;DR11vfT4LAsZ63~Z%e$iB9LH)wqW`AGOXgD4^ zb9m_Q0z7ODne^#GfzE?JO~}9leSzM9?#+^c?oTFK;qK*xuZD0L1Ge{hP3dK`K%u@Mi;iXUv%zW^@Wzt9MY z5~P6ynpj(G|0_}7bA#64_sb?K^gzHT_$KIK3hR=kl2w!9WvyY8pkdQovsO74ye&pn zv(~V*ODJBZ{;+)1)Gm067)X;exYFJH{c}>THJ3CzrP@JnHaOX?$Fud4a>FbXkXlV| zk*OI4OY+Cv!B|`khl93;#%VYqJ^l&v+=89oG?&pe^HnL9g)m)o`w=H}jcCtwn3+3& zm6;1;5k60Xm)zHkEXNznXV8*x@^V`u^upuP)ali#YC*$4i$lT?^xKp_X$%>}9tTlM z8{(-R7uLi;=lVaBA=dSzY2O%jil=o9Eu3nLnu+|}Ntw=lxZEOxuHMLpl%}K~%h0Q&S)!*UTc{Fi6E0RM#+)&Mk;Ij}Co)aqj%ymCT$3lW;@55w7@3O+Gh4 zYbF;G+7#)vIP>~74K{ktD=<=KF}C$^0gH8{NBUX;QS81K7Rff zlaO$W$=n>P&+2DL*keyWQi}_%4B=lxS#RaP%>7U&ekgDdujM~`!)}7J1myVIb zRUb%E~1tvIw z>8)B3rAd$XMF=(|(TOg@&vv7atVykRns$stJG%i-fEM>Xn^_SoP8{G_WBmX0tO+Lm z56>FMLJ}=&j{D6Gasy~k>Egj@o&95D@ex>TPczNFE1NsE$YW(;W^!NBOkG@uSO8=L z4j=%@1|)wGjx<%MHybX6a$}h}nexJndHjykJR_il(11GT>{stnx_C)tmHZ)ZZXik_ zBN5>~{dn8gTa8a^kHSM1G&-K@s<=3lHjC~}>oN^_KT~_!r+Kpa8Gw--=EbCzFJ%CI zac)`TOsOgO?~0|rYKGa;JI{x83Z2f@TGB)Zn(wU^e;M3=sA90vkYwvR) z`xr#^RQ-R@nU+leI`d&W<7)apl}ii{0k%6vW2w#aSMFUFU%jtQ8&@+wUe4am+c$h? zPYSa$v+pMqWnUCq2ThAfO%&x_k-$)(v1>`!MH|%qx+1xNXgUKzUxiI5C=^&RT=;jL z3Ai7+Z?C})LS1)mxSiIqWQ9Q^EF^PpKq9I`R_(;f2yAwRP1q~3~-7UDgyE|dw5L|*g1b24{?(S|0 zZo#!?_TJ}w=lf4pwYn*|AYqZT$!siE?@#YzyxK?6adPX&qk-3-b`(C`u3o>VcA@Dy zmJK_tAA>jJJ#Y}0T>HHzwq2%0Mj&n;Fn%0Z#Z$}{wU}3gu6eSV0jBKo06}?7W7Rdl zPo$LYBpu*ZZ$Tw`dTuG6%{YL__I+7OaR!@^^h68jTp}WRl#1YN#_*cO)9tKotlKyW z2#10@0&||&c4KfXudienZ*EQVY!v$Sl5br&rxCYe$HMZuEp0yOmd}5tm0Dz6W_g+m zD_z6?D(!9>ymgblm-w)E1vVc25o)8@rXX`#;eM4G)0APMy3F73 z^26I7cqzR%D5#HSp8H?ZO2mJrm87Wt4KKA}S@-{wS=OWJd|hYWjw`}f{c7Zh{JG`( zNSM%GP)o}CAx`A3!e1RV&Hw7CDZ2_j1Kx9{&7+7eeb$73+GRx=pMMCF-ZS?fXnAG6 z{1YguG2a12we3`=gmkrFS1FMea_s#XDE)yYN*$y1hy>dSBRZ#BV*dkuZ$|ShhT#^9 zQHF0EDdSAW;KI0LZMt)<#Odvoi@|%YVn1#usz!Bj@Xa4Eh#tQ}T#DV&LP)y74xi1L z#GX`URFlF#DyUFc4}WYbj5yJqBnz}rCce*N8(OntG?y1GBu4oG7BfsjQuwQI;viY* z0I5&+{!UeW%8w-rnDaA{jZuUZJC)!b_9+WgS;l1ocB~6k^r_L$B?HYYt?+I2Uq??5 zZrQo@w>a5Iv#9x5^oIoXHam}U9&r1@PKkYV7hB8|ZIfB<-@cF?yDoS>(LH`sPKOa5 z6b*&gE-J6JKir4>GlK&U&AB&3>@bv?4-=YUb(QHp6vu&b;8;1eGDTh>4STIo4lzZZ zGZ+LlwQDt%FGq;5gkEh-=@y9x9h)DCADe#yzNaCDG*lB0{8@Y+E|z>GHecEvY7cG* zJvKiPBi7iz5@yH|X6gNo$BCW8agFs+G%WbGV_v|`x@X7xBkdt!K|)@6XXLqU+)qS; zg89RF55uV?*ZJGQW!ttRe*GJCwpn^NDwK8&gub|H+PYn5 zw{f5WfVSWoCGX+(s*d~xuV}|0B#C0%sp8cy@kky*Ngr5@>i50{_yrLS7JnmTI<&di z>Fh4P(C^|o)6cNd{SjYbk=9MGneURA`v(|x#t7xPL1J3PY3jkP)A7%Kmwl6-l0|Td z-Oq3|8Bbe>Kr>zP z^T9sUr{jc6dhwo+e(-<{NK0g*Vgs! zC#jk`6q=9`&ClQw_wU&>`pSlT$U1c+Jmzmcmbwxl?ToX9sW10Vb`zo8UI=4tEvq4V zdt{aymbuzuF8Wq19K7XfnTih^Nt?l40g91W+kT_IvT_PlK!$$M|~9cTCKY(qQ%r>Z6l6%p2xQqE}?WE7{Ken4!r} zMzSv#e8>H>J>3+I9R+KTUKtu6{paoj6}Ivlfmr?_OPE}Y!_%eD{&+WV-AIQEq2Xx=;Y&AiVw1+BqI*!ZPNIthST z=bcs;CY4kK0L3&oj z5atA(_&b24jo@I53ql+~6+w`RrwC{$Q)>>Ok!Q|dv=CviAP+D$yuCph>Y!&%D=*0y zhzCay_&e0S!R2M0#bUB$w!PK3#O0oM^qQTSQKmSdi9Cp>HvIeYnC1kvXXOGCzMw%U z!VNcG6C-EgTLun3itW$54K=NZVx{5YM%Arl#XU!zj%D6omSKC_+T%m;H_A@VCVS3M z-0p<2Vnd6t-R`(G*GW(nI^%!tZI>)9;~<<_4ozl3)v_~TDIi_3(=*0K75%|Xh5pMP zjkL_Mj6y=4)GUzjo+@(Kl(0@$DzWF`bF56%lWK1GlB3E}ozxhRmcWD3a$pA+>rZ!D z<}W1NZS>rmYzi)owaXO3zgtJ($;!a`%#!o z?>H-@J{FNf1E=`s$)|{!z%^(58yv5cViOb3%0MktZUil8xpb(B$Sk5c)Ms+0Z5sTC zEf#9f>Jb)j+L>^(t!458rkxDlPl{hYM;Kp@YmUJqKFhtoXGZ(g!{#WS`Px+!C^UC0 zbi{a(O@1L!;aG2r7jY?i4omchSq)kdv}-p+J}_58QCWi}%(GiGI*~#$%6w%7jam_e zmbE2n)`TOaRDh4Etx9T~QX)4q(9D3@X`42m^j2G)lFurcmt`A&scM%+5S}9umAe!S zTY1kGRIHjH5{6&u8kTm30$yV^9;K>$BM4PiLPMg3oHsvbVp*T|HHt*5Vqx0KoHm|9 zqapw^DMGcZM`#nkXEpIwuD;bu|D!GLAJ9>NGM&0k#h| z0-l)g86q*Ax{Nt7fqM=-36j1EhQ3K92?5L*U_4C8^C$)=-D{NrEq@pfvTDVZ14Qd+ zwdS{SRD)05W}tB;Y0&s@6Sk1?D_qjFtpj^a zZ~vZY9e_)+?hq*`Ou7JMa{(P<0FcdvlJo)W2yCtbeU2en9M3@)fNYDV4Um($j6DI1R--0_td_TH+7kW;1`1Er#AXIe>96Ri4!ylTgjPUFpoS^S)g=8-Z5<82o zAjWYLd>3MXK?NKahsjQO1}(A-+Wwc)yF~)>QbD^we#lt6&ap4#>;I-m?F7BLf^E>k zf^D_1ESvyES^)NEk}c?Ztd{@2y<0Q(ke!O@>PG+b+cgb~wgO?YrxZ*rSQrbnnijxF z$l$;K8oX^Yzr79vD7@RPrhoVZlkwEGMrwGgOBuCUj(YpWxIE8ab-Q>g?}wp=$^ z1Pc54mh_jT4a8qhr_Loltxw@$6wXFWedqG1|Lj=e#x{fy(0)?i-VWgjD1v3ZDGs>3 z!uT%=dq3HRqUvi>8}ZYhUi#L$s#x+}DH@2$oacGtJojN&(Nae8Ysy(A#~5YCnn;-A z3r8ALR0JS0RI_{l097lp@0X9z=v}$rn!!R^=1a#=CgiKa zwek@}5;rJ3`4eh&>Ra-C&s{l=0xV?0(rvucG0>yw5Ou2qAy70X@(xO7-Y#a^IxBVK zxek{7ESS;%#^|f<)DYF7>~|LeghT(zmQ;3_EzEA{>9@MnM!B zK`YX%A^d7$3MiDuMZ?E23N0x($EsS`T3%HQkv(flHqlNy<}0j*DJ*2p{9eWD+;SC5 zk`sRusL1XNG}t$B4KzRXSFI(^TgePKW4BD}sV$H8W+U7dZ`-4P(vJ6&X+soj8ZP-zaNJ(j6crP15WTy7_ zmYwu}ZP|&-G6B|ec>BeK5uyP#F$q7{{A5Z7>gJR0y69tNHKVwB>R9sy&zUY?e8(6b zdBWz4d#4m)E$a0eAfmY}DXXs%n8(rd@oYwig~EU6Fu;cY(4~@iAG2%urv3>29pW2f zpG=gDN@?qnsM@X&{a>S#X8}IPFotU9Fst#+VKv25I7L5xT+uTZd}q>)a? zqpap%z)5w3V<$RN52t6_7sR1=-(5F+w!vop3t$!Iv-}UhG9me(k|C>aCYG?PysJ`J zj@wareG~rN!0H_4Nb9?r(8Yf^Qeq0<8fkn89Kq6s_EN-|G)EfPuE<|GcvYD>+(vbN z>8Ssz<%Kx$uldS9J9la+aqsRBY2(DiIqM%(3(op^`MmY$AgOsj%<`}I59o^-3JHH`yuXv-_IV1tvWAFqn&3t3lb~*$r?>mF97O1}CVW0nESvo(MsIkAQ z>0CGUj|MplG@rQOcG||!WC!&!k&IpI$m?vd^A&yS^#oWJ?Tv=SNyq;}Sw0IR z_a}d$EG>%vKT(!|%>SUQ{tHV{?5A~VHMBn{%NpT7QI-S6KPXEQKv@q?|ADe1G!T}) z{zn(DoAB>0o>&Bq85EwMAG*|+w$&s2_>WozZ<_$fddhPpEvnQp>>A(N2fwvcI>T58 zPL(UM*3DbY;>p|PSQ2o68;ncx@dTM^rGo+E8TJ2nMZB?S%qclk`b%VF5;{ke?&9u`YaAV-wN3If-@fPy$O&i4X&h1Ai01b< zyIR2^?{&WNks8MQC(63q{Rd?Q=Kh7UnEwl9&B`hMgR=bS(kD!4|3O*AG^2?9B7|7! z*+GeHl-fVfh5BanwH)=$+dS>Wv0!A88$vV^WiZF_jFTP0!MWrgxg)NJ{iXds{e!Yz zC`TQWnuaH)l!QFlQ{3B%?S(P=wJ1NAccu%8fl0k14bMwMsx|Enn7zc^bD8#QUYTZS{-{@s4oTJa zzaW+X-Ym=-T}`=3)uk}JtDKB{Vanig9Ozs#aO~mA>8G^S<2DJ>1t-4ytn;kJ_fZlT zm_$SQ>z`k|fts_DHFI5Crt|F+ER1$0v=JqG)pyi#+Gaj5;tl)t@Z37?#0BXv0U zb}Nb}(0{p#enyW6S=Zo&jWR|ct}T$-%hEC)(4nO$0lp^%MsGHb1nP29?(4Y1TyFK? zAAVqh?;$t%^Dae0!yxoC;53_AFQTJuPnaC`L0^3qO`&I=lG$JmUy_X|B+mslzu$14 zu=NjGhbo=TvpK#Rve+lrePHTA`Qi~SCvQLW{o*XcI8NxOipwCJ1_n2`RQ7as+TQ-N zAR$yF-0+-w9oaHOGbDk^w-R5wE3+zz?hx%U)>kIgHgvtqHw3=uyM8(%7W6<=-*uhN zo=`n8Wd3XI%iNEvSlywWE&SKtmdWK+pteL&<*%(+hKN4P!!47K9FlrNnZy*^-ok}) z614?FVOXZ(ub%Fd;IDa|q_yq}33~X@q@I=I*g*w~VqCF2*|K<(r_iH_3x_rlqNXlo zBo|NDh18^Izoi38P!%Zuuvch`hMZWw8(sz%Z3*fq^<4=Toyb=%73*%TQdUA z?dj3UF--{7@Nk30qZlnA4KxYN+b1AcL!Q2(wF*nxRI7i6Opqj!1~#Xj!u{SY38hU_-@4u?DB$uT;6 z4Pj~wat2G$3v zshl8CuKcw=Fq0Fh5J%8&~_H zRLK8tmI$W)X-e$@3g@b-rsn@tIBZ3|Q(bTC1fBO33uS8E%+w5_4&vim3BZg%{6?Z- zea8F5gQ0n+*n=fgr@l+htXm*~Q>0Zq6mFku7X6dJnXnP{{VRcUw?;F&v8zT2ryE2| z?QTI2S&pn9j~7>R-;+Y7o?UW+fM`PSPxt<$99ZOu9Ekv&BCMCclx5hwVOyp?CS>mL z@nQT!#Z1x9h9NGcV$Re~AuH?nUKv2-c>G)BsK@??$kBZGN8}Vg|08lz`2M%Z`AKY% zA+wp~5}~g<^1;uGOg+NUuPbLm!z4%~UEg$N9M~fxb0{QQlZm*ru>#oim z-Q|9vF5vmmD2NR9o8#K4(eH;L{OFM0->(;Y5HaGD*>_%(QkzGqgJzvWaxn2mb$i!a zubtmMs3>fe{OYZ?mWQ+E%93drEao|*0850*3_9liWZF7!efOAo{7ZDkmr+LG9 zwQ+Le|B>6R@$d_H&m3oGWoF+@D#$-6vO>{?`|W+klZZz;xDm;=J zLGVZHOaWp?-CSD5P8jQ_KC)OmAa)Ww@&AaOe!htcKE%3VAt(Qtf5cAJhf(s>CX2}n zOYq9Sa=Qys1>1_NIW@h_f-w`sa4XW!6@c2Yr=>0*y^*t7u8$aSQs-a*;8OlaRj>MN z5q6qer-$Jkng<}Vk-{mYcEcZn%UM)rZf4;1-#BaPWkFu=r;RBV^=hOAuf1S?r~{{q1lm#)OQC7YK@>%ry-W7 zlQSk!3^u3}MHAQ;LLx>L?S=5?n^k?fg!A)6Sgy4k82;@oOuau{ZUp}A2+`5|pt1$e zW`5hy@fq6sb(Ok$@rFx`d=WVDLnjs{>152anNv$Srl!w}CQz_@4jc7m(E;GuOfk;s z8j#scN8hO$p`?FJRt%eO8fP$ViyHmiFQt!eUA5qj5_Ae^gysL4fRi05e{~)mUO|BG zAp?FUY~UUaeg4Krh=lu-;ikVzzg1D)sMInh^)LdMRm&#vrGyv=m9E^Hc zmX?7@&@9yj^io9&{W%Wpzr^@kU(*2!L1zo!S2f{Nt`r}dppo>jyROlgsYi|;86-}l z^id$9_Vy387tWnQQCNQVXphj!EXyUf%0lAGogcDW@h`1guDzq-S7u@chRtYhrihu3 zS8`i%FRiqV{-f`i8~~PIndFOWWg&_J*DO|@h;N5(qZlS=yuM7zFDQn539cQE>am3t z@Ee+hHAgKM{2LzmBM`43gO>ipE0G_l*OEmCmZb~f5$`^Xo*hjvEvDb&7FM75iw=*b zIe#KZCbugj`j;fTH}Dvgs&0&=jFCxcjU5c)_K@B26WrPNS_wW*^58Oi_(`!Eyf)g6 z9{Yt$eNap8+#c#YRbo;ihlOqH5#riUliA*u!p%!I%WG?r2lL+INGD0oo_gOG_r(Ps_&I#vz ziuS$2kPq&EsWAK$Kl3sSNO+8QKw9!CHb7$Di3!wu1{XY^I{B%qRqd%2$qu+dC0JFoW@$`%EjZJg8b31+Zx!!SaNUaEo6>36V~edw?IITuH#AJw~ExhiM5 zq06Bc0i}z!)ke6@Q(;`Mb)oAJ;cL)FXvkCH{9)*=`;6qtiHprd-%c?rY@m=0#EVXA zHH2AH!HXUX(yRfou_}m~Lj3%M1y1o5B#LguBH67YzZ5HqUW%0?m8##5EW?#}{&(i_ zC!V2TzZ&FVnMb&J(>G&z`_u0|Acr~p@syp9yY-YcpOaYCX+BS}d>jq&;La?OufEi< z1MQ(O#k=QdgU0W-FM=&0_=`>O7myh+O<>KyME(N91!ux81?z?bF_SKXcYi>MdOrfr zOp5?vlrgXC*LP29XbFlm4Fbb6MHL)CFakvaC_N|=(LUWZr%Y>qo7FwE=fN557uW>A z?>S)|vH*V1si5HOOaIPM@YhTLXu{lekvOyKPairc-dPv1BPx}E>5-Szzy(;%9eD;R z4jZWl8wu1@V}Y8g?VblX&>R42s)Es=_drcmFnYO$QBXov2ozn{nhr@g3#o^4P!owZ z1vC$?HH453YT{eN5B{`vjikI7r5kneX?WJDRJ$YV`}yRXvLmS=sb46e)WdPbPWXl)LVl+<8ly z{rVb{ecYu(dL<= zEsLuC4oMX|LgjEDq0KW#1LwCT$qvvoiIRGz9zz^VXv%d$gx-~;!NZlPT_N=pND+6N zXRQTF%qV>4ErY;B0zP$fq({ts z;X%%^Vvk92-Ukbzq(@)3De38U{qe#HDH)sr2M(NJl*j?Hm;|O=2PkBhw_muauYu_m zc{66bCacaUMu>gy5r$UpHUNh~lnV_0I^AthBNZrCuAn}Ydnk5N;BbJhf(<`Ldn(#5 zF-oA2*b=04EH&T!(VQRtKC=TqO7-Lugtn^n?FY@}VI(lW=le_JS`L39D4{F^fTY6FuddPqT8J5Gy1NXr?z6 zCIPI3mn>d9jYbybH+T=Qh7dlcyZbU`IUCJJbB%HP>#bT_pw`7MmRx-L;qP5y1n(Y? zWf+=g@CJGAI&O;_*nKJc)7{^JAqQ1&B;E1T9?U@$s?_&)`)H4s?26TSDul=Y3 z=2SQ9^c#Oqd}T>iJ4ylKd5^+C-&Fi~%t}D?XQ?OI?-A5SQl@W3W}23>KkL}k6^*Svj}a$8zFBc1L%!%Za!lZ3LS5xiu_oH z?<&g9msAkp{t@Xt{aUc^8upAdBCHcwb3XUh5B{ihEmbl$+#FTO=^lMx0ZzIlbf1e) zzT>K5U~=x19T?N1MsF}N(@3$#OJ6DOSuyTe3b)FMSvCQuA%5TENZu zc94A&b9Lq#gvE`yv#TEtmvBc*r6S)*+V9$;p@U6iA;qhAi>t=_9WzoAV}<`k7%|=B zt3qNQDla_^!ADQa(fr&wFS3rBca7@!jVsbuV#`zBJ-%er6f6v8RGn@@I#rsF(&bXM zi?w|TdoWg+#^KYjvxUnx^fk0ii(0&4u0NPW6J;IBC(+S4EYSM>n~A@)=E2iP4F9VplKMRUcM1Z(}!mUj43Rz4*Ho^R~W!j zV*a$^k)&QTb)&fCd^mX<(aV|3VUbuX*56T@S1oExb1@26d>0=hg?TN)fm`Rvs*&8k z4>dr(tYc%<`<&ambdcwOE9)SMG*JA@s1TY3Ch}dROUY6tu4VW7AnPQkO=Lv8y+$Z0 zAz!&aIv}p{hvcubvF@{axQb$>3}{6*>1LUTOY63#6wQfv-j{LO3YMIS?<2UiijI#D zPNmukWSXJeqJ}rEE33XQwzh@D$BN!fMP2LXN8eprZp$H0*Ry!e!(KaKOS*pAT#li)R0;=VghMkrNhmB zs>KIyh3skQmJKJFXwdEn<|*q8Z{4oRn-#bC&An~?;f?scYfNj0c}LIo^yTzcvmd9& z0v{*-HO!>q9Wyrx0wwlj>)n@yol)CitW~97PYc>V!n)&|KM;jZxj%k<*1b9w9UxlP*LM%l20>o8F66*w>ycMY3+e0-$Uc49^nu|8aOGftPKqhI&IUmBiU-_<;Tvz z6U&{7tU;sUh1|qGv7#!)BiqkUNU-+-UMfl$jmF7o2o0MvI{eP_GQfV+F2zTBZsC*` ziY~oOrw5_X|s1V}1UKK{ZWMqM93ap@N)U@|Cyh^LN^$ zIkaSJ74e%~iU31L44@!wZ#pd>zVg$@4!Zy144typo$7X|lMy5)G8T%*(Ivq(8swEHxx79O#Q_R6_BD-&0*$ z=mRRayMi-*s{WuoNmyDPtIhg};U(&FSHztv`3~{!TiN2W1P+JAN6*lZ=|*c_RjMt< z4C>!GH4W!}LS20!zg2{-w&C#L;)6++N669_a?vQ-=;tUT7xsQ_=cJsPLY2aSW8#Ae zgTeWy1%YK?*3mc103XMd%1yi{%t|0Puap#6!#66a(}DsuBT>`qzGV;p3Ja=DO7m|y zscq?Qp??gu9EbKrgi)q_6-6>bL^Y8@4|x2|JpPk-u83&>w=X+v*k;?GK1N`GVgQ0X zQs_B6WfVJWpf(!)r|)4_6W2qLEgjo$--=C@HTn538Nr0a;O=j~5D>i^y|yl!KoeQsh# zcjZa!a#BX^k!;{wj7~K(7dcccI9Wh&|J^01d0NGR5!Q&e;r^>#a=!DwI+oO6P2b@(p8S4Ux0roka|AVDY^#SpcFV1%*5g15MGl&cAR zg;Zgqi2T!0vmQi2=g>4Mw z>lWAHLu%uBp@=^e%YNSPHb|0C*%H>h*yTK1W9_z4_{ONz0>jm%*2X9ye7r!&)oEMf zLS&X|Tcn;w;8xlY(BTBx8t>0k+m1N^6t1(6CNDc&ur1^O)aZPl)%TCA>Ks%$f_1xNffi`&`B9vf>kto`SX(+3RBgueIG<|>8gwM|W7 zEQ1j`d8IqT7}K4RjA0TcPwrnXF>k|zS1h<+OgaQD(N3AVovw}&=B3`wIF~x|NO8vV zt&85y9~^L-yi)q%pS|BOpNJeol7y{Y4I7TbOJBOu3>)flR;US8+v3{zqF~6C?;)@u zu_4n%(~+2kAZ~k1x=jo)O~!>_Y=HM$g$>ITM@)Gbj- z&y_Zty6)+0j9p)?UyMK8w3qDKEZam3+bX2+8&~-s-Bw%4p-$S?H+-84v5TXcB&fib zJP--&$BmW;v=g#=23DgsJgl$4mOEDwU9>Aa-tV z1)7@PQsp7fO5fhhxhvS{)aIYb!)eNSD1B$fL=)t;c>1LaZX%&kBF~X{1JArnvbJ3n zM{jKKKfomQP;^Am2fl8D+s&<9I z?eo{W!#&rb=UXy4HsvyBP||R(~*T zl`)rphim|w`+=>9D4>JxKM0j+n#8?}YZT=~5&m>NE@uYIYN23|53DFey@ zLux&JQfh4*NsEMdL>qQbMDGbQ78N`eRgm8X;vvV6lVr0+_$IDONDl0QOt2H=(-05x z`PI*k_wYmN1DNkkFxX?#;^l`ab>~=)oJ~(5!LC-sDf?iioK5LNThXpRcjl1q_tSnS z(ZaHOsx4DwO*cD<0RhN%N*ZF7>0{%t4P*u>d_iChS}e-GYq@C$VJ0;d!dP!R2@`57 zVoE52p#c%?_og_{DS`K~7dp9*lFg`+xUoR#9~1-*Uqsdh3fh+R0R8wW3>G|ktg-mW zlVjLHl4H0IZP6@@JLT~Gnmup(dz*F#iv7g{*6}67_>*?-CsO{`Z(&THWg9v7`R!6G zTSktW9yyek9?RMqmt#^)WKtGS*NCP`x8d>k{-KnnyOgN5o~(&l9}76XL1eMT62$v_ z#=h2b$R2_Zk94#inPd#(Fw`uUg0Pc$mbA-S;7Y>vWtx7s%xR>Gfsc)9RKbdbO8Fb- z*jcnM%4t!x!x*0B>o4j3tREOAvPN$P-&EtGwt{iAFy^kUhZhI4?yMghMlxkT5te+% z8^6w_;rd3S7}+RZT(QAq69Y|T7_v(08XhRN+P}RQV7wh-D{w_2$1LT2a*24-0N;y4 zOuu`xW@GJrC+UBUgQbh97ZZucw`F|y+6n9 zEHCLV=k~=f(Qv+)$T=&v>f6Fn&TaxGrD*d1gGqt>w@FdyCtuDWQ#A{cv2pp#iA2Ro z0b@LeDLM;r3L%al-l}4w9;xEHHdr$mx+h$Om_fZnzjUHhqg%5qJL}$UH=0aq)&*jy z`jG_q6^(MsIJR8rF6{gG&$Ymq^%vVaY#K+It80$3`VkO!vek`i?#}h^eMDO?yCv>9 zJH$iRhNh>-)s=eKK~emCd+odx`O*im<17#28AB{x}pBT!);SGCM8 zG`yQOb$yPN#2y06T&<69-NNG?hT$Z#cqj3~V@i0_v@tT6)BGkqh3ACK*HFo%rY0#a z?=CyublvjQ3XB}-*Ld)^c0V_53gBgC#3oat^n_0IZ>41D#O7}})(ojmSW(f10z$PS zlZ9k*!5e-o10KC`67QRiBKuiE`v-U)%Rx6Y;2ag}JDAMTu zrcSr8qwbhHOn*l6z7-i9Omy`bI|vJ6QRm@NZ*ykJi=<61Vl8u>K;OmS!WDS(Z?5~ugoq^WSU%5al#g_u3^*E>nmWS zvf)D2_uJMyAQ*{92`#>!x1;7lt?}#N;lIs_(aofBO$==*mF|h)AGgw~_#bZNE%9%+ z^4lA5E2L5%e1Yl0F`fFs{`jgfkLCU+a>n;g@(?kbW6uZtD~REKVxlMHH6%liqh(9z z_5bZw4u>}P=$#N@SsC2FR(e&)jI1fU3@nF5Z*J%8V}|c?Jy{}-|4jJWTj?XolN^(s z@J^i)QYiI3>GA5+D|`Kv9+7v!%g*WNJx?p_=&W<{vYB}LYb+^rW>~_Td4ZBQQv9d` z9Ft|W8H_R9WUH2syntsV8}{q%R1b~+m?)}`ZpvtgfgGf8iVoLDerHt3UJt6>@{)Qq`>l)NWZSr!+bv354ejm`iLoh z6VR8qDx>j%k-0XGBs#BAW8v4UGKTcrI zpv$H+raxuQRGYmvD6Z=+oV2f5JCX*jnP-fnF=L{!nNx^0Qka*jH?X!tC?*35P`B%yqNxf0VPzdw6U#&)PO(Yx(d z=alfoFiv#FBuCZrX+SHUb`T2jF5!l(?0BABPk@?=L}BBt5@z8AaAIdrhuC&iPqc zuobDuvsbHuU`!U)+B?7bkS24^DFh@Q%Qkcbp%-uKJ6}>b9W{ieCy!0nx-u63B2Cs` zG}7Mv(FIp!)FsBKH#I}y@T==f@%IuouJDu6-*TT$&Exz&x0bnAiuPH6$MPn%%o*}r zDe+j)HE1*!8PZktsMY`F@6toCKrM4c3#xRH1bi)~=`H}s+T0H%f>>A0GR?+`GIIFQ|4)v>U zT}N|fsoXXtPto7zuKTvMdg=C$xtpU!tXJYNk5jATq`MKxx_EkUI6#|J=1{#>^)mLD znyRI93LnE-r62vW=Fe1Td0oS6IHNOMWV^(}gE0~O7BFo=oJ4@UBvs-e^qu?koacC< zKoMbNplkuCtVc~3m2Hl1UxW>_?boo_f3?8HsL0c?dY4O|s3BH4mtj~z;ngZX3WZk! z_Ni=PWII2!ueUL~!TxEPl(4E{r-_kp^2Vre63++EOj{TK*EpM{qM^QIEh$vJZ&7{6 zLI9!1HR04H%01czscG=pzKB(Yq1{ec>Ip8CF05`9ZNjlvMZW~@M|Z(N>!{={q3%G| zYm$ZqW5cG0E;7bT6~I8HpA>r~|5HY0)iHSf;?s0GBtndn}y(cv-$HR_kPU4y%? zAv$ZpF=OeEMh$0;1Uz{bap!^@31}QOjG3f*@q6>Dm{pp+G|ZMZOhZalL%_>f zx@miXnL7w~ay2~maO0qN&Hd6O&}T+*$QwIIG!CTDcKy9h&LzX1d(iGvIwZ~m?B+dk zoN*HDIFdoyG_RucW{8;EmGed<%DDhiSVG$S!N%t_?L1mL0XP z0_YL`kMKVUa{yn;=+h5JHp~?GtwmFXFJe%j-=#gMyaR3*E~hK z*=A3pXrk;bGYmg|vlsC1)93kqL6B*M6Y@2xDI-d93vt4dBNKD)0@`))OT@a$U6lMT zqVeT`_5=(CEX-nkdL{f7WOBsB`ApEep6@fUWF8TX=k}*|&P$#4@gb*A$19zvngPft zHWE$e>Fl(UX?Rb-PdN(&_)~d<{c625c^73{R@bbol@ZE~^KC=HXkl7u zs+G~imz-?j*Y5mXwoA~X_)lIYe1HOgRiji#hc-q>jae&NAHZS6BaK0h^=eq$)soB+ z@OJZe^Jo1Oe-`fzO)swjrGip%5l=T@Ud?*pmf)A*PpGO?2LsQjCLs#^q>*kcGk>G3 zju>h`6rKiz*zQwVE~&j9td1NRuk84%D z-cPz{SsRrfJxXBcsJp8@77T||J)pRKO_4mtLwt|BiB}A>elw)fdz_>9?lENBhy-7D zW>u2)fEXp#y;9M3$QvmZhvZxs3(OPzs*tP=%#)M_m+9Pzw7dPduRV(88~6c(Jt1hL z-3_b*%*!3?nsI%-a^5u|ITY)Lun>Mf`%Lp`)1*mdYVkzl4+)NjDm@c+3Q58!GfeIR0S zNiKn_2?xgj{2ExeVLu_TeulKWPuo8nk?RH=dlC_XenA&3f-VRgTV2|ooL;ZBP1pL0 z4HinHW>LMi>^evj;vRmB8k9XH1tGxvvC-}eL@g<#5IB^W-rY~kckZ0wc#>gP3*hi^ zi?3i5qF@wIv1sXn!oVeL0XM|=!dej%tP8IDBS^o30<`H_BL~yvumGQS@UXqOz=lW1!FZv}YL@pQ%*&YIaq5KCV$pRt-32-mMfO~=V=U$Ki_hP>6 z5++-}hIVtNz3bmOThkHpSAmiA0%S()0%? zF!@?_0xgY9>)aRhNXe+G>uOadMV$mEM*5J#DkR_#$eb<_=&GqRp~f3OzTb{uN^Zv_ zz(>c*;J{#zL|~D`8Q(7a+bAx#m)x}dg~eM@3Er;SYkj6flAL2JzI&JB3%&jz>AODS z1-51rQ9QZnzV;SgMjkHR9BLUk8!e)7 zcB*qDR|`nyP6HZUi#t|lH_zN}W>(1WQ0m>i&)RWb?~L@7vXLUhzjR?Ar@Ix{r*-zj zLcZ8C7(17Dte!J=x|ZZU_sqxVxq7!jVd=8`h@+l#F1Tm@CgCi@_NnmjoXane`yld3 zhywmGl_Fom=e%f4GZ#3k!C2#33NXA>^v_owF4L|GUetYu7(Sfb-0!cwVIgODoM2$@ zt2Op$i?ZVPGcAvA7vv3(J~a~^Vx(|klG$W`qHW2sS(EbQ{=aBDtEjlsMcFs*n&1}P z-Q6L$ySux)dvFWx?v~&ZTml4l2=4BBJDJ&gW}h?Xta~5s8_h!li~m|(_0_NHLv>XQ zIUM7FYMVbr;95L9L%8k0p4bOo^j6R#@Y3~bN#|`t-+qDHdkzN|ACCYb<|!=5Y&GcB z;A|i3knh_Qf0R%}f5T}T4Dm2X9~$ zOj-;G!@ERyj3=biCW_l$jCB+eX357FB&HII0Pms0c9__jPl}EgU)-^v_KMy{Ltj3z zUysF1X3v7T@Lo>SC+v-RA520kXGhbXTm>q~_3l{vOXt}Kuk_}+y}AW)wDEYw7!=4K4rx;=#WJd`NY9#QMb+N*f30N_7|_=aABF$ z?aVl&w?A}0K2sBIq5$9mE4$hwzjv%QwWaJvr|i6WPw`pgERcI1j2IlsjO&=5HL2ly zBy^^SEIm1Z;7(o(mh6|$w-%1^ikf9c@89DgYVyT%K$@1&vSfr(mp9d`oM`j;$|`Cn z!-JbR23Oh%KP^vEHL6q){j$5T&AEF|5ud~hLpq5liFR`fIv>ez_(g#Iqd=Nv$?Pz! zEyXI{kdmrpEs_Vjg}cM^-jIZS>ijWM>3l)Oif@!Z%dkDB$9;7RBvok226q3C4Y)!+IR)Gn;l)x9WU!BI#Pz71+fRb7byocoL^Rfm5^G4ejC zr}kOZ=u$$PYMNpeqSibbD?WX8g2Z;q2tQU45ErSzu_X;0YaoJ3lwS#1Vo^x!$Dm!r ztz7)H65L!TmgH``DKEK5PVIufi=6Zn>hs6}O~FjKUyi+Nm_ub~Qh$!&jp9h3kW9#s zN754{TG6-V1e%v-3W8#R@xpqeVI;VE*ZzD`72y&YBef7@b@U!V()Y=5L)_M}RB4u{ z=muM8u#mHLAry;;PD^YLA4B8XUMM()MK{f!ECQm(B(O_7udpCPn{ZwMVDi6JdS z1ydBlfjI2BVbdqU?OV1I-Vb9BjwF7E2c>PSz$t05LR=wrtCnG0XWap6sY}su7bDtL zn09mNMVjhft~tn0$|Be}kL*!2h{S&Mc&(wI+Ke%gVo1mKV2LC6HKv)^lv!&mf~^aN z7K*~vmHGoe&FGuI$j_@BSi7SmzGp-?O6wxWE1no9WPsahX}0((J{}*6I$8|FqdykR zcm*;rR=P##KjhH%K5{*S=x8MIT=XHTBhNdRe8d^ zl=ICrEAgrybuPOsKrMxRq;0p#Iv$M_1~nz<9(fjU4ZCEwv{t?}DXQ`h zG0+jEoF2+0(wYtmT8UrHBJRozI3~An+7(JpGG@SA_k4`4C)i#8i9!yF){=UY7#68L z%IZinVfx{1Yz_D2Q`2NUlg}lMP5m%Z26OSuL_+0NgNjBxbv@zyNT4?PlY`6L7B;b} zO3IeWLiG`<6Pr~031cqNhs1^Lda=x{W^2Tk%+(PU3 zAPfc$lztJ@m-i9?_zMDp0FbG`pMY7}_1;7v0=PBRL`p4d)f@SpB@bRCkP48LDZvt! zuvaDok_pbyGCgX32T0^zBmj`I<4R(uqUo^-BrF*@u^~vvmP)PN2eg-=KfQ%-0Hi=t zKxt%(R9nQbBkjgYKrcphXt=i6pAa{-P;hgtH)@qWC8|=9OR*pX2r^ z1C^2d4I?4kd|~$SIZVa9z~jb3iLtKo)!$JR@V>z1!V6&eGXYG>^Tt%kJ^=vC^Zu(4 z3~?r)`qHZQd*mkoBXl}{MjU|AX{JfO-vXfD9ElqIJs1U~JbW(jdV2#_RZHm}gCicg z0+_kQ^nFGEj||8JCrR^=ALKbRb@Nud+MPe&ufNWF4$1ozH-e4B9N^su_01Oh9HcTK z8BhtTz9XxFlv%f-5JynHOcH2KY%m!}q7xUK`eMu9$!W59()J)%w&&bilKfv2}6ftknp-tsWHK{DBCrxiMbekc<2a~j9k`5vt84|qLVLgQ&~ z^6*QvAn_i2ao1Bg}2vGy;Zwwb<5q@F@a+`Kvf)ZD}q@Ufs$mwr(Exz+x zWlY_dW%gU$hBJL-xSHrU*yRU4M5eDse7H_M#8^jg_78GCs&8!b5TECI8-4dmY8k5Z zTB%BI9`qpW-amCMxb)*qAEEn%0n>m$Sd7t-@!x@ZV`6_Lif3_6n9(h-e1CZ%ViUYnZeid>a}LeC67wTG zNR(Tw3j-I9-TEn>+=A=7RV=S>KnI%vqps6G%4FwaDLP9*nwr!gpe0+@8$a_>zj*Qn9>vz(H#V*0j3bY7D?oXQ|fvcD>* z4g4x^Ml&DWq2^JL5G0b#gnnB#=`iv28t;R58d&+pbX^bouAXU9!ni28vIZ{n>X~Cj=7eZ{(7&U+jVkyif?sx+ZJV~ zQ%>P$FIv*?YvSO$oq!U<m z`#yg5HDYY6tQZEJgI;!fpX{CScJ_N9tI0sIc**^X)jSxhIG-?EcKgr#ljBox*7ZAQ zQzfO}Zt!Bipj7#3a{#ene?T>r9WX92rF;kF`P>c6eu3Y+(vU`~(tX)p21sKjm{#W+-?)&7{<_ii2A}4vkpq(kA zE5S)fUl-Blrza3}a1B2Xv}K<*D>vHjIJBd04~0Hce06fyQ_1+RGBGY%9Jv-PO3t%Z zI*Pm5`OM>D&d-QYv^gJfCpP4?pm(?`;#_xxms-4^GYgxku%Jh_p*7Y+Z@=b+++Idh z-$s2EkKZdh;PC9sksgZ*HOi}Dq|is?I;`+hd=q8??%@yBS8exvW(2Neubel!ctw%C zAw22gW#`JH`iKHs2NEnFEmf{=fvl!lnd5)3n%RG_nz^XLsuMz9b@68?{Bbf-XJ-X9 z`%ZnNX{@{iIa~Y=$c0r>17GT6(|kX&WGx*8X^EEp8`Y$tG-cBUhM$Mev$C388K&@I zNf7ZYwe`ZuLjIBc{bBjig4CySg}Nd$iTq4p^67)qU!vE@@WQOy;Oj`%hTv1lld(if zd($En6dV$^;M(VX0uVhrF!ndj&mj(z0|()G-sBl_`11&Oh>R%*If*HhZl=!@S$A9e ziWHwt=RTv9p;PT~#u|4V8+Ep;=@TkrWc{W=sZS+>hlFg>_XF||!9SxQU`~rbbFN(3 zBd5=GGo#FZP@*0ymcBYoZZDBI#s7{JlCAlu@D)=VZ7S~hwSdHe=>@hY=b=eV!!ghP zTMd7)dnw7dF*;p3vc*2DsV%CzBH2s8Yo4TZOe0ZQNH`Ipzhy`U=R#T>=G?{5q^PX* zQB9o_CpwQIS(Rb}R+#yFDm~w(*Q1T?KCFFRm6uA~alyBHh(o;0c7dQ%xEY%+9!eLk zw;e>t=GfHLP+2W(h}M?AJl}75`=FYKq2}sFxY4N+xzA<& zEOi+kjs5%y@lD0o+%$9%=1IF{DQ`b;+al$&67^(WOVlcS-U$u9E3*^c%ye#hy4re{ zv?()qpB5YBUw<*!*XLqj0TIC+!eVSxPn2%NQ-W@0MKefuN8GCPEHDR%?;d(Y;Fx63 zHSO}{97OG!2;6N9MZ=j512mx8XdzxWaTxW*i%5<1PZ1=BoT09M{t-vY#+cvd^rk@= zf;xE0xpNp71@y^}P0q^WxdnZ9l*(qdkU}1rVl^3hJ55AMVb;nLI|ch!-U)V-SSloj z${t(uf)dXFs(C$S2G-tmu=0J@Y*eV7C^Hos_3$v@XS`U(sFhQ_Mtf9$5iff1zU(_q zDs&^-pp2}<4ysBD>>>oa=+jF!_P(oom&AES5uBa+#UtF^!{<_Z(#B4cGWlDvP|OK! zHm`!MbUSDA{u=1{IkifhR51Jz6k094G2d5eGo}m{0@totNm#>j@fXbkY*x#T-k#NO zFbyVrKIZOpsr^zfGY>r!16L!bj4Yv{DD?2P&DROg$5V_WSG&UjzGo1JH@cky9jW9O z+8uZG&eeR8GPA>}mej<14f}zPAu|)M`g~!5(j|*Sdoo57 z5qPZld2MY(2nXm6A_+;X>FQ~3fbzxGgPvuHIU6Cb58cP14vK89O1^n-3P$Rj`S;)$ zLX$E-v!V$1V{t93-!>~&>C!jfa_UIJV<(U9g$sc54%JygyLl_H43^+Y8MK~Nsh%}O z+oy+3?#T1cmJo>4vB&K-6N+drNupgvAd=l7G-^=VABir5o8zVk)FeXpQS$&;pvKT~ zgjWdyp<|W+rov}XCXpwB55l`tpiJOHaV3JGAAdue)NE z6pUUPGl)%3w;b3ue}`$stVW2N&mX?=SgA0ZRwN{D-z%oWO8$b=Q(aypO}5CPnc@-X z6dG8sXoFqkzUn+#ezzERd~{}@fRn;v2k%1x+>A;py8{R$)lx)#sY z7Wek{?fkfJUZy8Gi0Nn$Fr8!-Oh3M{lCwpPd>Mzh;n}{ldZ$(Z`$E)Sp629VL=rfA z@Lb-myl8SbYkkX=S8cVO?)ZgnxV9lb{)1X04`8wJ{xb$xlb1kK1+$q>(P7+acL5XZ`dH(2yt+E`H!fNrCKq%#|z%4KY zmI&T#NNlXg)#+|gsPJ(JBv8z-8^hR=P_Y=xyBYZ{Xu)?fz?TtX`HpTZ7aeIRt1>dw z>$|b4dFHlzn0LCau`zg#O#54c7>Pl>JwG@0?6{clheJq_~?MwH=1}x7B1Lg&{JEBfn>94}{Q*b<9xDE^1q9T0U7# z^QW_&)a_nvjk=@)E_OP9!PUz zA;@?QT(AB#l_deeidEu134y-|rO7T(p%vzH0KMj26gJ4Y7$&**RA|mjI0-eMMMv6M zP#=kJoVul)!4Ub~u=wYv4pskE*OJS_ESeWp?Av@!54$i&k1EEnc|<&{vZ#8!+4y** z1gXPZ!IjkAu@M;_Mn@r?%K@Zq8JCoyw^(S~l)x==Gg0im`-9_+aYkS2g(?j^Sg0`d zU80?*kSQ>_(R>_&Bkxh0yxUXvYLi487NDE~al^s4c$mCeXd>`Rqk~g3CfE6SkZNMY zkm<|0j+SBnxO3EPo_NHy_oEi#Nf4=XrTY8MQ6d9mU% zmOl(2@dh+8TC)PuxL(#cK@=901;ji7ZRMneLm+X}#m`(3SVqCRiafFFtIhQ%L8a#)2 zmCr*69NK18ZtkJT#Juc@9?lcm$S!wL&%gm}x5I+%mkaQ=Qlc zc6t?Ge`<8VphDt|BZRj6O^MeeG6Q zX*0Fxq_kxe{!I3-lq2JCY=X-kc~5z#?dh8P+^K8@=f|yDmOqlM)yssAoDxiDbdkT$ zp`F#9b;6GB1+p@{NY90zIMqF3^0$4$ilS!lqcb0PZBfTV{D4v21F>D7oGC!3;YX&> zk77K}q!y=BT+QkPwW!i-G_EbL4?f`$;Q7ImOczReZ^}jBM!H$H)m|CO*lhmAiA~rI zoi0dC59J07xkK5wfzY#PvV+m{<`GQ)S{j?dlL`(KkAX|yIr^H|=o(=GEBz~mfT!mP z*GIe0S@8CrX_y<=?XKMi{?qJT+!>qKMQzJXeoZSa{O6~$v`GDv8y8dZ@HWS!eTF=o z`6aS60~>rias=-98y^09AlXpv*{F30yB=)hHp*+(xn5IN^9R{&g`iO5CDQO5Iqj|+ z-u_pM&!^TS5BoU?aX!_PvI4i7by#=bj!D7agN}95AbjRch8RQqjK|O>=DAvj1y}-U ztYH)bvu{&Hwr@KHUC||kZ|)HCTwPs!|CJsXVXH^83)$B_%15UZvsYg4S2c^&XnC7z z_XI9eroaK?n2Q>bV2Sl>U39-B_Th|XU_J3D$-Vv9rt%wz0kD~vR^*dU;=5rWvFJYB ztA&qHG#8Z|95q&39WWNZ9aZ0b7x*M18-DBWudVrT0C7Q9nGiS>s-HC0UFAf>_^6+6 zQtvQSPGV1k-`8p*d8DLx{)_g#lvC+YlCP_W#uFUaj{5m2Lc8qGKH}6$=vvLeJX4_v z)#1kiq{SrB(az@++I->}RT;QtqX6;GKV3iSZ0i4Tb>L{(P;WL^j^&Y1%Kd@w^$hA| z^X)uDTpM`Jhn*eDg%I$XkD&V;nof;N;}KkX$6+L0mARh7pZ&l4h)QF>`iRND`iQ5E z7!Y5(uAxy?HOu6lmDHl zQt{euc8x&3k)L+KQ?>qhJ*v%K=JGbTo9#2=*@QP6IGVe_;sQ|~ey>h=ksuoHSs}4l za+F#wK$q^ zZC*=~^lpAw5(XZ6nf*gj*<~waFqMwxiTz}E8R8*#NzY-H(!q2OH7!il2=({XG==?X zqD9H%Il9Tp0^_P_!{;SkY+0I}jLr4RDJrl-?efyFkjQB}-Z5PnJIJ}bl=t)8wFw$A zv(qh<9ar_9kIOIBx|$hVF9Kd)_r|rRx-gy+9*xZ%VZLit+AYO*T0Ei?nA6U3P2w** z{4L#8!3+ncyCUJO#=*pL*?ZpmgUa~dLq3e9D7|LW)8`^SQi9ARMQ`yl<$k(db7H6Y zW;@c)Q-zpVc);+4D3x`p#geddT~f|ldP3#eH(q9Xqx`X2SCJsC`*P1sY` zqGblKc&SUr6^WJoGI_yhf=9s2MU*$D@_k(8glEr9`2W?*bGerN-+|1q#K->znK!j_ z1`P>R81!4wqhAK{EGY-GR|S*S}s;vAw#^pK7MFYo@$iNjw$$80PF3QA3TfKWG~KPbjld zpUaXEv#Lgwvg-d(ywr=I{Kl1nIvvFXetUFE=^<*1Sa5f+PK* zCXy!gStO`X6#}JKiFKg_`?6guxm;aQSi4#Q3pm*V9ojGR5-16;!3%fNpVIl?!d=&b zKf~RfkxuhR)*pX_yBMZ7{|a|WPcm^h{E&?LUoFYMXMLXu6&?xvh`p&5DlEt+u1piU zhGqg=?(i0u6cz4yDQ*hLyOIvKDflXJMz~BD6d0jb&L{VSMi6g&rkG6BI+p%i_YQ(< z|3)`AsJ9oRRIPO^$$^0Xz4gA_K2&V@6pK-ae5^7QYdk)y0JuZhOlKRbsfZ;}Q^NjK ztjDBv0GE=E^FZ4Bm1&VXavX1T%jx4pigH;ARZOSX%=*NKNEqi4)CWS9&D^L^-|kDPT#+_@K@pHpCZ z8k5{Hb)OSGg)Ox;@(ZK&J_Chv38P5F8{_u;r*I{~_gofpD;N|Nmw#|;I_(A7_@jew zZ^kl-(E*D!Pfs}`fs)EyHG8;Q?HAB7%wkI(dS7zRTq=KhP~o4zBgL?Zg;cqTAyoS{ zJ5<#*d0+4n>^Gs>KiBnq`gy;V-`7jv2hVUOXrOx#i{OxLI|s>uWRJhmt_^CBzr>iC zTA~P&3nf6GxMY&6_Hi9l9jR8=lUKtYOufc^mEeeTCCa5KTX51udVJ@MY>co=h!z7iUQ4?sk*F~;X0#mNfc?C;KI7^(+T_2D)-Yf?#qc? zNv9t+HhB`ALurn+ScPPSHnE8f4I5BL{ORY2`(oiy}pTk7J@oPo^Nj63@#QwD#>anoP%OYc$lh56Qk&DkYQ}=9th!^w5>*ci{c-FSFvA=T>zvT=InYr^J~LXc13NHF)aK^#)IFh%XbKrc5#HgfH%yg**lhv zeBy9QD1OF;=rJ|ZDHGaBbKDgf!*X)`K~*#ifuNP(h^0i9r9G4@-6CD74CQ$wjz*wF zx#&>TR_^2W!k%%vHe7;`Jv;)(RAi#<5Y1HaU$#&zcnCiOZ+7DJ^BuS&QBNRzG#S=;$q_q^94_MSph-llE z#`q&e6?3%>qsPT4G~<;Bp4%_$EQ|`ewGx5(?URzIXgf`_nup^>--k%ruFZ_{%Q+HM z`tp_YvN{Yn(wd<*96Eq+{UBZoq>T$6VkPsQP(RQI z06;*&p^-lbC>neafX|nU1_U4r=nKF$fq*&cK^B_6!hH}N>GKB%K{Y1pu$@698Pb%9 z1DY$B<1>}))GW6m*RiC_cLia0*sK1ZzaWsna*N9Z4DJRR#b!AS;J< zhAwGtZ;(KkuayI8f53L5=s{Kl6L&_UX82?>1FF5U_g0`CEGC*k`XIusZka#O320{o zHtYW+_%I(hV=GW?4T8^rpu-)NhoWfvdvnkl(=KI4f$}0e}OHS`{ey((D`wBgGw$J zeJ4yN#*S)(QnzvP_iis;*e`IE7H$3)TImu2feQo2=>CP3at>_*U~GgnaBOfh>ooSM z!mtLh0%;3bx6qgzG1^})5CgDzb^Cpc=Lh;;ppZ*DN1FZi$7!W}0b{~x$eNs2^3+c~ z9i>pyrnA58*00f!)^P|?>*rBED>V9jAdI^Dc1d-&Md@<`XhX_%8p9w!3) zfS1~b)x{)Vbs)@)(?6Q^v_*=uFffFLFd>i6SrBa(I+R8}pf?+td9WJPIh7foCZ76o9`<%eVE z5;q14i0{+o5(E3jF{N?3ZfLtQh?93`+gyR3duDD_XpS-aoGSyj{(=H7G27|8_s5zuwG z(|4SN@r-dQzm2qUTHtHwWZu7wv|+|CBfVYp+enY3sr;vrcBlG<9Wwy2<1|GKU2_Tf z>6#)Kg^pjb?-0A{OuQIDJtgO7p9dg9EM8ibj{ap3G?tPq^4-bFP!MHKNTBaG4UQ3w{mnhV9`bPTlPUg7$LdqS@Z4B25(q znc~kDTLiMyDqdm3D;D&ywtjmU!2JgYByzjT4H^swsDZUX;`$fvu6s&be9M9ZmH}(N z_&~0o|FwIcQwcP*ox{FOm#L)Z70R#9<2t*TB>3c1S2f2wQdJaJozaghzaiz^VJHfe zNTEwc3!#(XuXpwOxDvX_=Nt*%`{y4QJ-RBRl9iciG%!i``mm#^>XsIN%1}h;S*cTw z@K4u>)#f^VfW%)tTDB`03MZAgiKy z(ie~%{kqZpWh$VB}Jwx6Zn(GyuMO z{Sq4vqRAO?cB(CzwM`=IPFjll>f}@g{-kr+eda8b9`OaEDB2(EDnY)pHMNqm*T2>W zOel@2#!8@cs%RDw3L*0_x6=u`a*Z>Y53hYHVY0k^Y9(ut%cuu5G0wlJsZ;?K*$~(j zrbi%8xsZVWHfLl@Gq~y70a&!IlNvEUn zHYx4*w2_^}9}#)pFe!^wU8jZkWATBOcW#sNk$~5SrMg?&uD1KRqR2}qHAerrlas0P zcquWC%WaQN^Xp#>wS#5@>t5HMRc&dIujEJZk%0>Wtj}UzZyEh%XcghgD_>k3931>( zV-YWY2ofZ|j_P)KP4YU%tR{k-;<^) zYrMSg|D!MrblFg0|B#t4OaE=&$YauN>DRo`*8efjyplJDgVEY8yUH6E4X?rjp!14g!H>|uiO!f?Z}u3@vOU&sSni>Ll8=g zPUFDYnN-{#je~QiR-JJVWs}Js{EEy)6-s*Oev#Cx)PEHO(fHSzdP{55q*u}mYv&4b&*Gb$pe2*BXHj6HbS@6vDTwu za!H+Z-T3IF;bX|Jm7@d7*25+`N+-D=SZ2grzF|QrawIW%W5C{UN~3b7hzZ<3XXoyK zDy~Lgc1~#@n0+=l%@%E;v2XQ>h^z1LTcJbR? z2J02?4izXOI*CTKzmZ^*G*KO+WtXF{sO0RimMixsU~f7`kCf6Si7?RE9%3jP4*i-r zas~Tu#o=Q3LpfY+T*BVy>~Jtu8$k4j5H#86bFaR3(w+1O-kJ5!0bE{ICGTF zo$>ldb}lmiFOd3~cI3TsFEX;45fu=mzTw`f1a^tv&3+a!^aGZx;KJn@;mk56dU(Gh z<`^fg1H)LIN z@&VZ61%>TySmXL`SO7JkQb02~0PQ?tqW}9Q(Or32Kr#>MPbh!<&pK_ANbSJ;o1$il z0tH}zG638kb)i4oMiK^i7H{udJt_80VY&}zg94NT)?S$$#@<=iSZZURN38u)IAVtZ z^XcBLN$`U1$DBXhkJGJhn%g%BBIoIL9AqxgU_@vg@)il`4r$EUj35d%+^=<4PL5+DCF3F_ zz1zu?Cu>fH8c+2N3>mEFE_fC$hBiDnN|B-i>QmH)Z@0*`@0(HTook2tqe*_oc{{WZ z6E#aQ5XJ{R$#TGDk+LKCFh=9S zF&yZlC~^I}>nLjX^XK!HA z>3y%ro!RnJXTpqPSm)xy#BwwZI>i&=0ntLAa*iZN$xqV9i=4RCd}U+`uvLgfTGwDM z|7==awnF*aPr)|*5V>&3JLBia6%Ya`6~+uPyxzv6TJfqg(d(fUqV%& zi3xO+IDf{Ac){qdibqZ^>gxJF1|^RR z`D2shPWaeHf4EZ_*&J~df(2?4w{4+8E`C>@xO*fmCZ$-saxx8>;7wBGbGwa$khJIBPP@w&eKpa}S3NSulUwmNs@igE*Z%CtH4UqE8gUfE%myDz$2 z-bhCn>CopszFw*dqUnimaI`R%k4@W0MiWo0FPb|sC227;Q=d#9CzC)&-|yd|18gL3Oy4idt5>*_7R%fz9NV$yLy~b#6BLAfTM@Iq;5v zbaDikS)9`51OA#`i4@f=<#_S#h2K0Z>7C0PztQNZzID~}Yuh_I#kV}W{XMY5aZCL&)E#dH3$y;xb{-8!qn{;OofeKR_-v2-h?zbn0o#bBoFD7e_1 zIPNY13?nL;aXNm75v9Wo|JF#%|6L=k*vRtcoVtU$ZKkq`%ULSwrzi%^wHUNv+m1e7zu@x%kOR!6#kf z7$j(xT}3V4yJxAEBPo%8tw0tr5@qPnuMs%>jB`SDe>P?FJ^rsssoeDD>b+wasOE@)3j;W_cY8&v)SjL&g1fcR$pwIX4r=(zCzo%;a!D zPtB1E>n^5BcM+w_o?Q1_V3gfIOQ;R@@A3;(Cp#7FpBYpR>75j&H9XAQf7C!8hJaTw zF8wo^aJ&>v3zWn(uf(2K*iCU;@Yf3sU8P zK3yu9a35V`YLvELvl8g@E;;DdVJ53$%`aJsSn7+kXyBFAZGZ|e)%9O*HG4AwnaQDM zPVA6xAqLNZ0wN2ZS(*r*$w6PA%yBV-M4Hm8f4sFmyVgvO`TB(THVy#`9P#cN(2+kH z_D4t4q@lYed%5?Wi>+PYriTV7y74mkzo*01>eAf!twc6$flB0&ZsQiHL^fTgt#R$S zL01r)e<_jXzbg^uUz}SO*SmQ5GBu&EUK8=ACr=a%a6VLjs1YnRyorG%!+6G&>&S&J zUT_+Sf#5$0InjKF;RhJu%l-?Z)cT9bEx9-$iSKqreZw796VETkmhtBxTV|%OWj`>y zUs%d&a!?Vd#3XY&=IhY&tT9Jg-(dpPi2g4%!mM8dwqd0@>Ms~e1fAwCIWx*APcP7s zqzp16RR+8ijNW{@1p|CLO3avi2t)0BqfGeDW>`Lp)Sqx2Tv5`rSZ{16ir;ml2%bhzE$dEhqOX5;E0wr!0M9CV#Tp-AI3}bw>?>Jgu_V^%~P#iTt8DigQ<`1nE zv}e@F>@2Z=d=vK)LD-1#2K8_c*IMlOjX2`g8=tYP^Ae5)cFO>WL{o0?=i|fJ2}wK? zc7B_YV%ta+d?`Hsr9`3w-a0K+_F`<{4hXglGQQM&j*zo{Q>wax@z0)|?IgYK3tLd? z7IG{5ApgDh>+(06Epeu>@|1xzh|{W*A&p~9$H;9Ux^fqAO{(hgps{t#8F}mhjXI*Z0ROa@6EY>Y$q{7X(+={w_ugE&WxDFjT<+79-Xfh@-EOr@3Zi$SZZ#yxMBI zRz@|K5yX)&dS%C!(j85(kZ6agP2XD;R@9 zeA-q>_hk-^<)L0KeI%=Kgg7M2JZRV-!i4E{QsX!DLDEInn(stRTIogYDu=` zPODMe#FqMmf_V$_Qc=Pz`^D0Iq?+-Sa(WnRp_@&rQp&&9a1Lg0`hkxjg~%Bc7WLOy zHRsWvW7W*3Q0mCWFFPvMS0~l0O)PeeG;e!}w-Qf%d_SbrV$kgz8J53+$c$#?SLhxk zFx|b+a$w8fa^o<65ZQFk_FEF7$mXkXQG+OAMhc}l39D}i+bg1(i6QtrQ&0~5S2G@{ zQ}8Lu>Ubl0j|F;93at~kkaxXzs_@9lnb(aMOd;-HBtTIBWrU0SghV&(!iw$auYs4ZlWsl zyY+8wf=(cjD2)pjSh~wMba*JGP@04W+tM^j5eFXTD2V^+E*SJA-n7R)FqwdqQ8xPg zW*z$6NI;a}nk)=8Bk8$>li)snLw)x2kVVY%%s?wwBfKn)_blGWfu2!HaD$(zcozV0 z@N~lHJFv0MT%)sYQ&RBo;x#T{xQzN?N4F^M#Rw_=(SSU>o;2|-r^D^cc6s17^y(`= z#E3-B64sIFsOvE+(8aixl$=R(r45{DT;aMM2#}EEk%2&h`;-+t9G?-nqmTxWlt$4m zW>_^zlp-LfMk74?dV%ei395;}h*Pe=?2Y8dNOdauMwLBde+*pRy#IRf)_!`EFJ}_G zY3JqTrB)fTA4iF5IDgyA%krM*+KUcrsC1GIDJ?T;;kNgF%i^AyS|NN z_*NPP1^DcfFl2u-e1Ess1B`1aWQ_r)1J;3+c1$*Hfg3B$j5 zEwRzE4J_$x2&7>*yB4_S;(=B}Xje>t+S}xjY%E#CgU_q74kv2W5<Zg(uqEw`^XdPoGgWK6kKRR79kek?#IqPbN%=YpjhTVcDEj0l_ zuwwBs){shyR(hMosPdD!^!BNH4<&jV$mOYh09$2aDGW>jeZY+d08E|Y0TipdzF_Zb z6v%b>V80K1>!_UNk|x{s^gf@w`cpyqk?B;x#ep8hI(hk}b&qYt#QTi#Nu>Tbk*g^~ z&Q}kw{ zyIwzW7p+3_^3u7c>%Ih4`>VDso(lb{@%vYk%e6&kkoLRE59e#Gd+{E2CIz}YGHpU@ zIM~+;`E(d0v=K*rTICfdvh`|hOG0@PL2gTARpx7JN>^Ggl=5rfo4(zv^64T-xk;0y zY;+HUl>&=U)~Ds7VWgox?Oro$;#rA7J~O;a;wQTY!@3Wkgm229=97~zHqMO+To7gN z6u#o2U7nOln153aJs9@1Th35xE8U50z3@BP-E`ruQeY<@-dtoH9n?QBUAU8=c+NkX zsE6@j^^IbRWHX={4a}HtvZ3Rh#wQH63vHt&et)YdX27?;;~vtHl$<`{?%=JRaF8HR z&zC`PLOOUgVbaA>hGVzu<-BMgmBbV>~3g!N)C#NQUg~ZP{o`Fd#hDsPWxvog|>rdMs= zVOveFH@Eq#<4&*D>kPlw5nG6P|rQV9SvYk2ZM;TuzFcsZE|L zDV`cYK+gDXI<`Pp+6py@gB4x-bEzQHgI?247D>=%Y-(pl>?F|RhozI^`1&4!e1@{k z+PeNBRqS!pT-I0Cl&D;8&cue;&Q;y-j3f}nil%qWdl4ZB-PlS-J$V6Vn@_RRZkX6R ziL-W}`%+mXH_M$TS}XQ{wuv4opZbmSTh)NGIxI?)jsbpdX_d3umsG$=acPWabwUn) z4Lg&6!$0vvfm9a!a6pR!c9^ii7uRRC0uRXp`7MtN@uB+*w&K5wkCqe zGn?pw@&?Bmv)OpIeJJzEgc8{xS@;9k^y>>vQH1MPpJ+BlVJ<1U(v+P21XePX|3lq7 z1y{o0dw{WRCmq|iZ5tiiwmP8P;@d}8OovVBs_T_uKLP5_>Tz72FVgYe= zd(}EST2Zo#;f4lx6y}L#LJ+P~m*&PhlKC_$eV`fsU6IFXX*#Itcy#_aE*osK-0pYT z&=A+_8~sDc7^`r7z!2p)hfH_dFdct_5i6QZoeirU>#O)@Ip3@rbP*O~d5iPFD+!jI5TFZ?G!B7rN6Scln9HsuadF<&cAa4n}23F6Npo?asFRu<3z)=PU zY=2JBpN0NCfP^GHt~?qdRfiYN299>iOe_nih=NOxSGODc#|c8{L&%^c=1-Wdh;me_rBS|MnyWCXq0#D9Gkj5+k4-gL z=AOr))h0*ZgqMl`(xJj*0|Tb~F{Nf9ueewX-V>+yyjt8Ad9|1vyL3L*DJ!owt5Pa_ zyVHe^ff60<2GMx_${ou)>wK)P(DUcE@HqOwU|TxRP#xUi8R z{Q>c5MEV)DBeP}fJ$Z%|2yKl}v>EM)J#Nl=OB7ou-Z^?W)P!hm^en%)sF55Z}VHMTGiM8?7C!{TmOyy#avSc-Pp!+A8v zcpX82cT)L`vXlGe``E(XseI`@6s(}SF_FbLu)p@Z8h?YRCa0U8VkZr6{C4v-%O}{+1TdooMe6xlgf|ZaUoJBj5Ghy*x;`J! zMc-Fq6RtZ^JL|S!HKdkK*EY?^V4}LyCO-6t^8^Kp-CRsWO7D61wNxEm?7UTct#`+B zQ8>nt7s){4Yg%N6TmUq;cNhvwK<3HXsPDP5l+@h2_Zmfn;yq;Mcp1A1eOdCV_;}kX zkkN6z9{uqpf>HYoiuv_N0Bn{n((chSYF2ZY8|eNvlH&{?;h$Zv-Y5v~rfmzIOq}V- z&!c9~4PM*q^Aehv{b!bv7*)oWKrOYA1N_TH(nS`R#r2NTDK3%Qf)c`pz60clBGc=2 z1mXEc*@R!_V?(qYEH9@#j!r2Hn91Y7jlJ+VyAT)~a_R$P3zZ_yNS(FXjfJb;OyzL2 z4{SlxQ{tmx=XFbOcnA;=2wLzozj4f>Cp|!~*JlPn6W@2&oKK|j6~opvSt-~%GGzX^ z(s9B3euPgj$(Z24+J=IxZ`0(1Qn-G?G;5Pi#hR@MVV~=h{VGm z8{ttL84KQg6Yq*M)r0rNB6SpFX@Kc2b~c72l~5G3?}kz$c+`)zR@P(TONwGlJ-!(Y zPh0^tibq`L$_^R_=+QZsEFG4-1uv2Edy7+z>nQJTe!wtY$m}GNq!HJY&Vd46E)wIn zG)UXXGQuv9qV7|Y!Y-rDk|^6s1yl+ITLtutJ6HJ-Fv5u2%3S*eqFn^;V+0#HA%1Iq z7H&d{$#(#lM0?(TNORPdK2aA)x<=O#qk;O~(B?j@9gdK(PvmARuqASCn4T*G!A#ve zEkaH~*80Kt+r!I3^AF>w?PmJrc%UQ=p_f`tNih5bxTDL2D9-iy5H+xFh7_bs1o4GZ z>)IMhXuW&VDVmgn8v%TS)z9#LP^N?S9m#=iPumwGz#5hecvU{iX0jIiZ+4LbEpB1y zie#VAl*>a9N&W37Jn~UE+2sChUFOWj=jnRO=RC^Qr$rjC!o%l_tDt!XL3yXXr|Ew& z47&;d!+0NiHey&1qbF3x?HW7&ep#jUsoO0Ja!#1Q-&eO}zLyU(91uL=WB>|@9!-qD z4p(}pWfKwv;Txz^FeC5*a$?g<3gJ*htkc;K1Oi$<3xd@zJdQaA1V|G%t0mCE_<9c= z?Dsw=c%;qeYac$f-=bSv+`VNH!ER%fPhN{~Vj&?{Q+GMr#DzB*+Qku^H9`#|X`qFg zVJ7pUgLek)Y-iSP4l9^R~)q&v*Bf9dis$ zb||BUzX7|8SbE)Od~bWC$F22zOP${Sg(1dtd9Ypd#DAWRcUg2j&u_({pa56LCi-{{ zr(YQj8AkC|?(EPR*LhVQZ?ABnTNJ5yU0m6AHC?5*bSJU>tIy5(wlim?JS(AifXoUa zSVBx#0i+01&p%aetjefi5~?etj~doh4|I9SvQ6nAl4=Bc7tY;$PtL7sUl_|Au?6N% zFME2U>#IHSMHiXutad$M3ASObBv1qoA@8gt&~Y%3=bo&Cg~LijL@S%Qodvm_Wgw>l zzzW>W{;&dn)8`*;OUMQW^ELU(C}vJK-L82*EpynM@jHZ-V+)T|YWDG~jjry6+d^dJ zSsW}Jwxd+dUT|r503>_Emg}&z<=NkzZ}z%tRj%*lr0#NrWLm%<-M0+zxzIyj)~Uby z`Dg5E_@9HI-mjoYt&hjBY$zOygglF%5e-1-njJ8tbX^&Kd)RdO-D%BRD4Q(*#RVRP z7$BZFc5Xd|f~_BnFY@*tvQfaw%C0?4%1*+rx*LZTu@DG7?^5YnN4@r4F1GXBuq4@% zlIIN0jQ6`db7N-HGASZddJkw~HsBicb40nv*iKGgpTsom%*1!`2)P z$C)v<_eXTmnXe%x2Nwt|?U1PCicjsT{6A6IwdKsu$e-;s2|dS19g#Tjl)k}OyZ|bJ zl2&WdXDTX|2N2=YW-Mkln5x^s2Qe;v_U%uU<~vaSb&NZpI+Iwq-cC2KmhnWC4XI7t2F!Cc*MO>-*f8*Le$n@8@c$IM z;E>&y!69>0>onh1d-%Cs=t})8aFW-e5tP|(Q;K31@bi{#8K-@5IfN{S_C($w_+WF; zz1%;}tp^IUk|_Qm{vFs=%7IXF{}JSMR2aDO%>rr6JJ09-dLmLp#`?8tN!0!jVE0hP zNV*lf+SYt|axt}&D&qe>{~e0^%n>vs#rnFb6Jmz;FA@-?@HYwA_Ps4Q9oeb?OB#;< zp)7~IeSAkP=fk&|x3el;qP+h@F}}d)&BEEik;s4lu56CZQQ$l`@p{FNvbUQ#wsK~o zCs$2kBcCu|NG6vXo|~zd#$sXA8l7$K?U`+32=0uwBVXIEP-Z1vG(BfEv+XOcvKwxf z+v!)S-x%0aE$RETnh%&wDsrlY{HB`Qo%(}*U8137CT@6F$I*g0HMZ(rgZ9ZfMe@Qz z*>kbR(ZP!DXYP*wZ*l>hu>aq2foq`u%mqLt|Kb7!0st<68Sp>202kE%2e^QIOsPVU zw`i=SCVM$~7NqmOYdX9&8fZt5P&~Z)1qfg+DoqLWEc>fkB2))wR!~Ku;n`PT=!i(S z=J(2#h!w+m=882t%^UD}`D$bf!%Y~}TS`>q1cKaX& zj6`XU$Pcnp57C?%Y@?o8vTVqyD@5N|Fb>*cW-j+P6M0{zsizjoo?6UQ{5O2D{g&&5 zYe;ga8o6z+E<`>qV(GazxEFe_P7MfK9~Zbezv5f$x|z+ez1X(Wkuc^G22Q4E8Z;aG z&OeaxpPn0B7?!yf`g*VB*0>e`27u9xjQM!;&3G>}MFJtyf0#L`?tmkR`^JW%>XP4C zL~@PQ0t)ZwhiweCbb7sR;}5a5I}LdJ~N?N!`EO3sK1+mJ!bkuvyq+uSFpK?JJE_EiWc$lvC&F7X(@VjT(S$aE znTsGu#+f$BVhb#w^-3LF$!dKPL^49wD3J~iU0D62YmIz2pAdWh`xg+Y+~1TEtb(BD zD6IL!@#oQAtb4VS_Efk4FZZG;ry0i)-E7j7>g*staOTXFNjEy9y!;x*j1i(4&~^Nga8>V?GRjfd#I zg`P5P`jdFE z7cZdi$cn$Fn$Aofx)g;pFlnA4he`Lq?&2^Lv!Q9rz8RS9MB{0zSiEJkP_)|X?DHb@^c4V5cZs6QbLO2Btsa;TX(l~VaoZF7HJc*_KlTf)gZ zBIxiv7aMA{7X(%4h=LJmDr_XZosxr^xpb)mIFKoV5o{zmyfG50la;YlSS6R2UR=)& zFNC18#A!&RBTKpaE!;8evOsVA<6?V;eCK0u}_$A9plmAI*`R=>MBEwiyD z^d*0jc$mCoo^oS)B(C_Cr?KK;Z_iNaXgqFpkkOUjR>#0xucliM?s*P`YNYy|I?%5&v@+gSxzw=ePdExK1RC#fRQT^kfM|D z@p3PVW(Lmq&s&RJ>=ob_#qzk$M?PD!%E-*KQ{+;klvJABf2BZ=hAnBxLlX4Lbd@aD zX0G#2DF2{Va>mW8;rorexNPR^n0iivu_{U{7GM3Xm}ko&(Ju8}J6T5i+xu<(jS72r z^eU?1a=;p;@oWm7y=9j2>ayz!vg7-4CcZ@A{nfUbm9TF#o~OHle@Rk4*xRp%WE zdwauziB$5p*_6eS3?H1bca@8t1kPDzgJ1%(E#r&`I3L>D?R4d8K)K<(^JHBvalYDT zZCxT~X47}c(;Ek1N4BLjy%1GLW>1S2DIfJ=`d<@idt?)+`%z{l z?ks)dIZiJM;q3ex86o#lbTZIlCTnfk(i(@ZB5QRK$=9~yg*q)AH}i|mMP-b-;>VFE z|AnnLVNNTcf>^X*FLP@QY$}o_s;%2WNFfl~N0;|K<-M}hfuJS)(GI@Jy>;3`54HVO z(8QyUK;na>Z4@gJ==^@FV z=oB)@58#af&65dZS&*VXd=KE%0kUi*@eva19)j=6_`)y=5i#t#iQ=op&uQ~EGNulP zTKwGy1B-%zXNJO#5$a(cS~x%M+VfD5a3n)%Yo`f8M$4=A+tZW)(s5BrFk>EbE%bMv zyV=)4pNZ2@x%?xdDah|WE{Gv7g6V({$q~Zo3P$M)mQ!PHOcKjXj5;FkLYI@5O*3n0 zY%0n!j^aq~AOj3KNbikBmMJL&xcC`{1L35=+1T*r;um20LmBh)cP55Tido!uTw2?# zVe~h~96agvymkV-MEek6F{6<42Fnem;0Cq+c&>NrYT4p?3Cod)MeNYo`e)3J-EoOH z{NIsR#7Hi%@r`<}2EAP+zJDeY$ErmOtEa4^Mh{8=IUe9e2H!#-IHw%ktB8XP5j|`T zH;>gRT33%4ADhB2eQh<>6>RHw*h$AFIi?2>z$Mum34gc}-^RLqjt&;2V`bW-Y~53V z1P+@hvdM9ie=CFhMd!JB?e;n|e+x~JjRN`11NpRRw>d-MIkPH9>-Guij$>sl_9F#R zMd9oNF(>$X{Kt=}55zEvQ3{98L1SLAXMtiqI1T>(6hw!k;PDj1v+zJ2g1ywRaj*_( zOrELQ1(9y--x+zNaTE4zr2loZ} zO#&mXwDaAYP*0ebGp*Oszw+K}mUI1CFI9fjAikt#zBxAOPOE94=8ab4y#{2U-U#Zq zw0ZU^XUG=*m@e9jDcr3p+^G@3&(7V@(^FfXWh>gK5#ZXU=O4N^6Dgx}g;JRO!v6U6 zTD0ir$PaOJVrf1dxm$zCill!c>o%<)&3ELf}WY8@CM#)JfS)GfC%P>4Q&b2A#znc%*< zq?$qhvZ!a8r1jv6VBh=XsRh<6jm2DPa|hW+R0^dgiboD=7cu>X_X`}xZWv2bREH!& z1~~b~nfA`WekT)J2v+E#xMJ1Nn*8|AVRmxK!sHD@M(s4f5VOVG)$MHNCf_7oJjXMY z{wPmDDZ!O%6t#?zElgR&$-!E&_%b~E#ECijHe+6$l{3jPmTn(SwToojjXYuqDjQM5 zzV-7f7MgCyz_3jaob++eIXN0#0y`o$Cx%MN?U!6GP}aXZj9Hfy60#Ss+$62(tprdo-DlPXNE@ zN336Li(psnl>D?Jr80?O``LhDlSl-;hP@qQivdIy_EcxB*CGfKsbKt}s6LXA@~;DG zY!rAAI5=oV(*F1?3y31FTUrYffUfJy?wn}!iTCHkOr|elH%{M~RAuiTNUf#=p zL>2sXij$BHDAu)D?!_{;sf;s~PIq5NZGx11Q){wVeCf-scW-wcg8PTR=uf8#tim*3 zdWa)alow~J$wO)dG`4Q{;lth(>iz+ zjja?#M~R^MZ76bgV%6PHL&iL{ZC^(JUtP6Q6E~ccMQM$W_X7<0NoEo^S@<3HE=zuF z%Lbm!e!lLD_ja+KNuZ3TPh}LLR7bUEIGjgd4w3R84iksw{Zs)exfo@PLOQbPWCNPlvf!rXDWpnDM)q2 zyjtW(@eHU{A$}@}rbvtw?PEFCq45sV#dtVoe}=`N)t7P9j7DU~i00_ktM*}Qsq6S@ zy2N}2V5eoTk19ekGm4Q9r;4ZZPm(>zz^0373Qk2EVG;pX{N`AbIQp_@;VRAcA>!GR z*uu|5mfPl21lOq=P$aX`bk3c+l*_Xs=-gy7U#5SPBY6<(f`^uo$xT%Qv(AjC3LnbO zKv9<|42zkRUTK09P%xJ$a#NTARj{0~>F%5EqX5>U(G=oZnid4Ez^@(|JyK(kF=mS= znLJ;4S9!J<6^C62DPGYo3_X*bwso3iOFNW{^CAX%u4!~MZMJ)^{iu>>Pn(n4>rt8Qxu>dWhKDhDH?%( z0DlJ!S(OxUJ%ljy=>K`|$*Tqi+3!(9)bFtk%GfK6W#|+7pu%CUhb8dr)~?qdUk>FKdrsR6;gPQ{DrD4!PcFcstch{Oe~JJM zS?2?MO2CjcCfThIrp&}QXN(;uOQII_YNB)#5MP=0oCoUQzm*9b&Wvq~c+@%(W~w1w zl*&W|hkpnY4Xo=i)+s*n*W!(ZsDUsje$Wx^8c!9Ku1?hIXniDO@o3xg!FSR*Rdd<- zrFyUmQZD|}dKzj!r@Q~MCyTW=?hz5g5foL>=`0Yy2@Jnw0lS9Bh%F8bl+QLe1eIcT zCX%-oak+RBcFBEr*d;^2iQ5D`p&c0D)(JgmVD!-bVm58X`$K`l;2I$ zHqcuvlPkF|Oaeym6^YOw4w>nLZmH6jN!F}>cbs~2s%n^~+Unkq9(|v`8t33H_98 z=eDoTDJgFWa4Q>Gp6KdlnXi3N&-Z*yRR|j~R~qw&h)>ouS7{0J8}c%0Q-`tWDP1TR zkKt7{`!dcP;|_FN=Y~^ep}AA(DU_GuxJ@KYY-{tKY5KTUg5>hls62(Jf+@{q=tvxH zzcM{17HfHERRd*NFZv`~6`Mnv*%&&23+#)X$0Tpm)i1f>cc`2PWYfA>sHvX6E>0Wq ztO?vb!NLMJ4P+}GhemDpGJdhy4N)wfP+B5)&`HT_2viagC6=RCX6*Jk@*tdDIb;O_yZ z(LB<`&&gQ8WvD9h_g!0&vA*f#1Q^7eizH`l>#fBEXDJyWUSunnSDFT_z7dGcB!K0x z9W$4Ik%iR4vmSpko@_gg0fp6ek7e_uMet@umSz6>_L=)4tpxjl7Hl)|tvr-puE2*z zRcUMm`nubeFmLU!**m<;Ru&<)Q)2rdiKNS!8w+p!g_I+Mg9D)*=Z2S;6$NsECP~83 zEH2!_BU@=4+;mWVzlBVQrozd3f6VHSd2GEeXalwHD23A&B>k6K^zyH2(TDj7sh7TM zr^G15=yuXz(RJ0+!0ouu8@d(lvf((z|4@t07rdJ8L5)NWrSQwM8;sYkP?#Ay*nJ1t-+yAZe{!a^f;4+VHJIV{KAdWr3&021qAWOKUN9) zr+*xMDfYKggr7M{1yAuW_OXq|xl^w1KXszotN*PN{rC?$k@Vo}hpZ(a5c+mup0_rw zDe=jpJTG-u&R4IHbdyt%H8aCzI)lx9Vj~##w~vhev5t`0ZkVjo*XS@U%l|5$ty}T{ zZt4_JZ67?+78vTr^4y}Xk{LYbx{QP0vojfHCL6;8SP)BH`ZpVy|4*s;2`&4ImzQY# zGlp-Kl>N)U%0)z^oGQ*Tg*tWcjjH4Oc!e%43+3W}O3l~PsMJg*uC&d#>*0F)FO7D0 zJ$w)7zR(?{Nrh!e6@RNma9T@cQvQFbMIID{qxlMG9InYWov6wmw3#jd|M=+lMmQ|5 z7S4lL@=F0NG}Of-*b9m>6K+*z+BlVj6kOUsWhAF6xp!gdKmnVHsMY?@{k0#Hw4~gl zWR%gqGl1EzWt*dLcjxKD(seWyBvp4^B-OM!ev%ox8C_bmFhd3!rZgNH(wdjgwrn(^|d)b0c31QQ8;wItq` z)b4GXRD-OC{T3;Pc-_4(XECP^q9E%@OC*6qxw}Qxm`GVH6k}guezTyf22jG1nn@`N zy~fd4N7rhC7Myy!jG<{XWcko(J6shhwtHJpdYnEd2d>L4UKecd1OEL;aZ;HJYWCJg zr9Nc2m-o02Kh;KV)v4HabovIOcXcCCuVbb!(QM;-r1mOYr2Gz8AasfmNTWo%4$6X) z3C+708TgD`M${|K4D&NNCATPiA>@}(ao5VV-V)VxO$D_f)?F7iyI@C#D3X+ry`24a z<;{ZT7nu_>S9%Lt2GWD}^L;9I5BO*H7>EbNPq;mpD#4u5#W5^JjbvB+eC?E%$SWEX_<9^e*9ePi-dssrAO;0!5d9UtfHay=Uetu7MZIl(8i9=qwj8#b145F$wyA z0UfX)d#a9D;!w5dP zl?~&k!3RARAcLAScm{f?LxVW&BeT`Ue7)#{k9Ve?Cl{V+eB=?72a9)BA)*KvF9T09 zotK=2ka^9pQHSAu$~(^#@T3w1bmfXD_$F->@T9X)>RQnA zdozHl48@kXl-3pjCMjG+@Fq;R-T^-w45U@B!^;15?h~$l-7~zXVE-(LVD+33IxO#io13=VX9+L z2w*HQLnPM3ej?c@n=ipcpk=#V!*&crB5{oCGH~$y-T@b6g=cCNc?|sdm(7Qo!9Y!b zccj@WUtIJ$wz(R7s6I$H*x2ufc)d?spa_)+b`;Xo?Q&ouWME0K`0@m>cuu;;P$H)9 zVQrclB*e-->HA{+5gE8^$FxvAQZPXAfM0&pHQ^fjTSrj}ND?HT)&ofLxP$}f0Vv+b zi-_ylZPKT&AqBFHf#@}R?11=HMDQWt6!4N3G9>#1hWAb>+Q1iLY9?;)1K9(xw~tnS z8;*nP?Z+pcXW!Kqdd1<^D#EWi?Y(TWs!Q9gLkzsZrX<#K-xmZ`EfB8i*X>u z;F4WC77ium0hTR60hX?ah8xmG{mp<^JiyWbrj%~;3sgD=a4EQKRRWkS58a(CBb||f zFiPo~8@4PgBdVcUgarsoU)&@7umh^$aWhfBEPxI)DPtKPr#4&ar33z2UF%|=kCRtyJM*j&=xZeVKMW$E_9Kr)oN5GjMu(m1+h=^I5h0AgnA)B}KmA%i%y;3w zW3lNUQcg1bFVM%IieI*m0Yulbx1(|7jgra;`FJ`b6(n2RR(m2)n$>tX^JiVNawt1> z&Zbq1+8-7$^gax)^EV5~O#^*{dSc4EDtv0NDCSK-mKiUWX#C3ct&UK6HNrMMbre@2 zoR`rM*REfGe+*hI;Y{lwKO?3WM@*)ollK=tOen0e6}qw2`E&>__DLYe<8hgQHImBe zAOG|~t8w|C{;8AEv`My$0fVd9sg}frq>PKp-)TyP=O@Xx)_-8-i&OIp!MD}}S%tH{ z=~l8wNd^JpztWV>dRUX^f5j=?0OmxqJ>q6l3%zQxK>OX979yf^`P3Isyv{pfP}4t9 z`3~jidS{9j*{a}upxW~+D|*?gD(z2vQaor+AA0H%85utAuS=+F(&vnBrpO<(9ZHQfU+}lM5Ne2L}R_R&oE#KQ=$v1RE z4ZCh18Z=_K>S>Tc}S^O<#nP*?cfJ z4{-rvfi9;g(fA_aQ8>tg+zL~{5A{;q6))Uz*E;H)^2m)XIM@dj5WR{!oLkh|A zBNr82G>#-PGkhL$I6I`zU?&cNw00q4>_K6#$Z51pEWNwAp!76q_~$QrsE)CGV^(_p z4d{{rfbNkR^o$z;LHyz8NUpW;;*oM;T{v?XV??K8tyKz6HWf`?`LJ~`ty&{z7^Pkf zYvnd6GF+7ReF$JG7a#UYe9$}1qqjQC#~#sF%;3Al#AIZyy!CnB+H=yv@V%B22f1GO z$btCXk8%m>SAM&5%5@itV(N@6VgSxX2jJXE&Wto?KCOKaW=%DuunE#a2OK*s5%J;? z3QP$!U9&(GF2nr(?Y~lys9hyda+BUIgN+m1~e=#&u$J)zjU>4v~+jW$~WaZe>cKLg<2CWSZox+HPgJbuXoXe}@@Z#mDC!prA&tLk=C z!KAko#mMWqq?!XW*O@$Z@Wr4~KEvm=>pzP>u6}gA?CgkiC3=~-BeKOaw95tMV@lGR zFs$?2J0FA19f?^s(sS(Nz;*dB!8Y9D-a8{($rT?K`v0~4<>bOLM@ zi%u1z1!!Ivi4JUDc)V%DqM*^4y6yN^2hoF@d0c*!z#{B*#;Neo_-PnuUYRWYU69FPS^I}P zh5Cm&A$0?fz5@=tm$V@x1=BdB)b=+HGwn4`k67-(WMle>bK1h{2A<9I^QmIVRH(NL z#ci#Ja1Nb4b~x|Co)Q+HD926w(%=0&^XR*>4HRIk0gto_EYv1ai)y+Q-> z)D?hSyWhULK5U1X8(ieecBw{vrEh5GUv_+YaE5_;YZ9s zwb6LKQzYgWbeu0Re#Eb`<6N8YQzP3QvhyvCHvO)O!00M+>#}+PDpZjI9^{lo#kNN| zSsYlzI)=k%9@|K3hr=noM;TZoORz_|SPdg01yZ()i=2I@B82$nw}dYr9ds`0X~VC+ zkWa!I@e*zgT5nksND$#xFx$`xY?p}wwpHv6#GwWQYFC-OBfiD@2d(kE%NFM!LR{2F zgiRyNVin{93Dd=cg}^|uJ@IMA-aw=!S}8%K-e`>%X>f`A5J2(G z?C~!8%l$x!FvCEkrX8SwAA9f-TG-mWx?A^6)fJVI{JCby;#q6>fYxsjNE)C7RMY|4 zZ;`2{Buix^G9h^bfOfvKQt}Skhd=8-`b*e7-A$E7!cP-$FNLeA1l3i>Uh5=*=Vvuj z4bWl3TLj^dtW$Z2)CH?&F&lz(>{BEwRYCI61gQd)$3YdTr>R4g33{U#q+PgNQLvDZABB#kZfk576D1;}?o%Ini(LTss0^~AJW zUSGL+zM=`J@6NUrRn+`9*yVQV{3Cb2ivi^BEl9eEu=~<4m|IIfPw`DtpP~{ydZWlp z2f3VWI#}bilZptjxZu=4yvRCK4vtjRyBi~fv6r!LxlcE7l-Ov{G-GTSwJ|lnK6JqK zmL`2ugLa|2mf+T8#zdo)p>3hfiIt^!{YDgQ0j+9-Nh|b?v=KsG3FFM=zvON&!mjH& zOMA9Y-3K`meCTi)8_W8o@#eFhs!hDC2ve(v&ecJ?f%8(y(DOSyHExNFt8WONb>Z>* zuW~N;?mG;x$pHO3)jX-vR*HV|qKev@K_BGkhdRKaUM#ZdPpLbnwoj?uh0s{>Q{@d+ z-qq70_-h~N=LF78(XMCTm`DrEBZC34gu2?9GXSh6h8|G1^tEizORMF$GK==1$udh* z!i|~gf_+@V8UH#Pb(p}YHYCz8eY7azA`u6GUOF_mH8r@k3XUYxd(J+GB57Q+RGZ-R zS->8Ft&7>0_J1~dhLvXipisAr41y?aiO$E!WlL)V!gB+6-tA42tIgQok48ESH6&!! zpnwM~wnlzgwle1l`hMkf8ee_qV;{v9(|+Yw`PX#WOmolo^4ZL;bSf(S-izFBAs|p> zA#j^6=m(v0So{l(fv0R(oSoaa2=VF1%HfIuHIa?E&ULyDmmN;8U_4Oa#XJNLAF+Yzjv`z|2CXZ;Z4 z*0s%l?Y5kE<>vi5E8n(wM$mok5*Mow+eHy3v8{0xJQzH9pi$oQw9)7FNc}%_*`l7m zQhee4iJX*~uXFB|VSQ1bO#f%PtU5vrK$s1ST5(;Yh#5zuLsVJ0V=Mwi8Ix_n$*|Ik z2R2om29<7dqv!mpOY9x89#1rZ(;H=b2mhKdJUU78{}7^f+-d(eL}kzW3!=u$NK*cR zs89bHqEZBRWGmZ~{}ZBe1R{NVqjx;sL2R!d2fx+x6UfkgnzIw^#wDKVI58HAe_VB+ zH?(iXwUtpR@_gybW>?56i&5!uIl6rERo;;5aYOaU=S>70JX3Y{QC^{_$PUf){wv*g zSMuLopOf?4CBSjq+wdV|O|DHLN|6ckF_Q&bvpc2n{X^;!2FfH*6JK1`UifNVqZaN3 zypY0Mj&oTkuNr$R8FA+#{ks7}@s?`#@Q#Vc_3;KHob3wdX@^ zh>~3aEns=E3ZYeL;)tNsscos6Bt?vc0qFUpU^V`U_1O&kTdWT~_HUuKTVp9$>ZaiD zSYM=F+~2W2_7Rn{8=>NM16;>j@~S5NIA(!l7D^fg-e<2MALxp7*Nh`TPFL}}JT9$f zgor8Y`SBof^%oN51DJ5%^t23Xb_p;_yS=}XebDdWgK1_?i(oy6G~B?WESlqhst}d@Wt0 zYS&-?#MgoclYE!BIJYIXp8y??-CXt1Ssj0;PCcLSsGKv?AJ9>utERstF@7|mjDJB0 zy9fK8ogQ|xAb!(K<5QO^p+&7rmg!ER9&Xk^@EIcOR{oFSL`<^YBTgaNGHKb&cp7tUCyKm@89Jgww5qLvUh6AY>jGqFUW6I z(3esbyY)+PiQ{ETA8gu6pPibt5vYo`h~s zN@e$MgswZe;z{l&wnvBfKL`dp$f?zSd*7ZQYye6zUYajoipDY*>bu59@|-yyG*cpL z>DSl;4Y0Qa;P_D;MMNP0s!V1)I)(e{p53XynjMxT@s6HWT~eRE)&%_f^~3}T27Kl3 zoM(S!#Y*0(Ls~0v6qM4^(g^;Jz=0QPyO`Rd zHDu8`$COZv@N#3qkRcTR``A951{dUF4e42z{kvL-uep;#yHRbm+ycC_n%vzX&v9W% z6?Xusb`-T$ALbTI7v`s02t9P<43XARVb9O6-K#zNs@=5j7Btsrm`CPjCT9eW(_INV zM}DzOu)e+KPdKsIOdDSKkQnNYEA?7-rl{{Lwy6jFm#I3L-@hGC@j3L4$pmJbauC?l z9I}pKAeqxp<=pK1%AqD^j^tNHF~2f8?d2wco9Y5PM}10&H^- zxIXn4Ba09?0&FCAsZkfX3}|_KO6*`7u4=>%Y7F8~?`Sl*udGV!KeepE0-@*l_L^#u zb}ZZ6#xbf`K=GUPIX<1BlD!N_Make_wu+YK9+8Sc8VpE#^IK*a#-CKhgWp{v8 z7@|wIty{;j`%;7i25mCyM&ev8FG&^%=Vj%?2cb}J?<~>7W5M3GlHu#%-loiMcxL)s z>UQ@7!~M=^TK@M>WuA_%;he3S_3;yimZZ4W_M|u~x4Yp9P z7#XZk{aJ8JDfA}@<`?XYKXjjc(~Ks!|ZID=@-d_HGpu|Wy>U~G_d%KB)JzZ6qZTqxc&(> zF5d>k@(UI;p$}{*J@zc;r=*J`B0G@pO&tPfXF!3@&?5V?b2^WCi_m*ek}N~G zlNpX#j&C4OWY7bLXJddNRd@r5s>9fKPND!hnM90QG#wU(cd?~v)%^s>h=7Swq}7(i z=}*d=gCH(V-4lK@Dc!G{=7`!-JjK3}057RK)>O&r5O6)*n->4e>Q@To>Q&AaIr)v1G!i+Ja-Ohg% zX0~Ql5EqE=dD#*pF)txx>a>k1#YVFD!W)^ILAZ^1*W2MqoX|;}&ZkWRd1n}U$`@KQ z#8!!p>Hn(OYYo{-<-VJto1Lk=X*Z|ap`T^{T3w>MF*HV2<(BPHM~)b`r^7nmTmhaX2F5BEKlCf42qCwxyk*0g2{#V12cOH5C1lbouaGAZbRmf z1Xd%uteu4JQM7pJqJs?PCY%<2%=ff4Vc)!Y_2k%A_1mUxbJ5=oVUvPl`+qj?=WN}( z{zJv)p!r|G`R1Iv79cdyhb46eXbuF}vA%WCH{7kbyZu6R zI#Zk^LT!T5>LVj@NYeNWFE-}KP9o5Wa^|Q149>sM;}ORnp2azdg0kk*3xQIDM1Tz- z;5e)vwI#zR$gDrE%WKE9!!#YWcASJpPrR*!x9blQ7<~y&MGF}sQ_!DUsw{Z7`InN- zz@L(hQ!1G*@}J~HQOv(2Cup7jPEHKxO;WkC6&~ui1TZ?!(PKI{iAKhn@BR~+3;i21 z5BN{W9PP>X+tH%e)j8%^9t&);>YVU&&#edK8|%vkcIVlpuF7$Cf%6Q6%P-_N9)bi; z5MFa0C^11{E?x9bMXhEta>5jP`C8@IAZ9MXl{TS+&Hf2=%_@p%q0>&7!F)jZKBN5H zsGttn<10Hizp8)9&WQtKzWbP!<}D_Zu`cyDHqK2?55dGwT<=>E=5Tp{vDe@JbsASFO5x*By!#r86nPU+B4eVjWYg2I#1$({?L>*ibewvV?q`o8_g z_?g@77kanUv|$2T4B2!~94)XhY0@xGycre<=dXa;2yV|}Z6wA|N}13qQB;Wnsd8bA zvD>&c+GW{C8dRt|eUOB-1(A!wU%`1P8TNucT-^i7ekY5wrEY}35Xok-h}%fHTrR3s zPOi=CFjf6k9udbm8U8(zA&Y-4ab+)~0`)bqF0nG9=6oV<%|LEXe&R6|vK7z^yLm5L z@g{N1HSLAq`#&gq#~{fbwad3`+qP}nwr$(CZFN;wmu=hbE?1XbUAA+o|L45(&Y8IP z&fLf^8IfOh=FZsrx7V}QdSr^lWD|cqG_-r{ug<}2a2C~8c_5eHpvZ4U=KC+6c5h1N zx0Nj%d_{`6y(OQ=oNA+G(g6nV9ie|S>3@?Wg6Irpu1h~3^SZu`RjRqU3pYT6O%(x* zud}0ap=afTW!6~TdmK&}F_d|QS6vzC|I_hjsBN0MnGNGSV(>~?8}03!t=%PPKYblB z0+ETBwMcyv+ZRE!ITGQ!rwT`f+ewzx?&cVj^Ks|;bK{muQ+^-@HNZ zPfqe8WPr@Fo`JxgJ&mJ3Lj8#Smz%-C`75%+2EiHJFHgjZc<#9I`@`PczLEWHqw!6E zC8SRhL5lGO(|qVfR?v>15&Y_%O1pi9%YwZ3l=Q{MeP>Orhtu?rp2}m#n}9{zBC(57 zi!=0+4iBTeboz;WAqylLh3qpMOsbm*ed)_}m`o}w+bX_`@ZmTpdMbo_21Wyz%_-ELF^w(u%`tuKMMC)ZQk?a84$ zzY$yxY67M&^KaWVW1;>Ykf%z59RpP39RpdhLii^gf9NJ|>aJ<|>5+O5Z?!J_6(&bP zR$a*|7;0T5${l-5Rccld%zId^&1^>cVmk;oMk^er-rTvDPAwFR?UG-r+#&#(djhE) zYhj{b_c>ESin@LOhfI-W|4pXJGRgzTgJ~kWgZv}^lS=`>1JXgxQ(&AB`ygbx#Dn3Z)v=Dp zTOv*>f4@307xW2)JVcBGmv@94s2xVc%%BhlAN1NhHNPprYQ&fkZoo6actmlxAiji0|@t;61{HyCzRB-H79SbHH1mO5LC>QUkqb?Q#2HXDtJR*N8LkIpdH*1EPi&nsGXM?YZF(Ym&_64QbUr?&arKLiu`|lL@KGT1vxbfze5f@2N`Pp+~FfSmc z>U8$0#K&?4lNz1b#O>oKw;ZtytFR1J9VukDoCBD}(=Vs#N+6hVjhO>BPNq$)WN!~R ztC(a9*H>b+^S)fYy>wB+h!i!Xn>d4K%`J6^4|OdGpnv|`s-Ok_FRKEh(tnA>MhyQU z5?`Eb6W4sYMDJu>?V(Wk8ybX%4C zDJ}zZUlQ&Q1+-mpg(^Jld=HFDOkldi^Wb^BQ6|99=EQEa{CVUVW~>9?mwAS zD;%umyGG5#ZOuQ1hOey8SE*%$O99(e!*MT-_kT7*NkWcMM*gRlvnHiba3v zKO3R!t^U;r^@<89Zh_{{xjD2w;wY)|I-p%eer@k6bx3s{35?8PnZmTz+_93gQvvZ* z0@q^ll*1|V^5(LKbt3l$2DW;haw)&{J_3|vZWSp#7A`>o(nD&rogM6>B zAj@#LDA-qluyTS`5X2(6m5?}5GSR9q=w;`-#wL*5{}q^av;P;El44u_qZ+$NuR{D) zjU_<-+t`4u9U@l#0y=Y`3d@?QdR8wp#)eNcjn_OilBX_nvvmFjjLFeK)H`)WiD8R) z0WsV~yqD)IfB~i*=#LryYSFdO%Eq3P37E3J`|5+@T9VbwnZ9CWYyW?>HNbBFwKag3 zy7W`i>AWO=VW>ale`2Ue*BXuT#{ORrwV{tSxFWXoS=BnRZBDWH-$B&!FNjXk|1Th# zFk32Sh-{8vjN-npx0J%krP?Z}9RI(9=*EA7XvFjX4x&vH4F4qyYb>TqbN(Ad6H)#f zL^D`b55IKb$uC`)o08Sz9}vwh^)3)Tuh{=lp5>l)VD7@xz&EpsSV0?TMqX};6T*RW z64}0{RHEGco=C6EJ&30c9y=GY9NNOB!;2OzZM|Gh`s&5~Woo!%ezZRg?71X%{I%mqUw%;xuZAr( zmqLZCjt4x_uKG$X(NAjmJkc3nmhFmT@F(~H>asrclyhNC^j%_vY4nCt=*k^E`_sNf zhrvB56=n^-tKtc$g#w;kv(431Kst+h1jkt?1++O`xq&&Dsri8ky#sx`+G2%_dsy)r z6V>X$j|ky~f!Oq+B2xi41a?6+G3FdeMh!`Noc!xbyS=A{*Ka!K0OWzGQW{c%DpGuS zQoO2tGB{Ek)dVKn8k7cDl-0v+HmKNYE>Vp#dFy-Ah5jliUpiRN#cYGb#yRJre1}G+ zgn(w6{nxlXlB#`T+I=GVJwjSayb>=-eOHY!&L7V4>qoUvR&20l)o@01H_?_WSuVuB z2+-%7UlxFhbvnzhifePRd#vPz;vUK<`4jl)L{n*wS@mZGJ(A-d2!iC0b>X=&m;1{} z8*+fd+G@u)U`+9X@DI3em8)athBk)!lj4Ov7-TyRST%S78(+0XNS0Qdshdw7O`anW zA&~)d5gQ7V(k9dlo_6MP!bSv)A5K2MNramS2)gZ4JXwQYN(lZ zG`?N8WREEho;UT!`HwE}x$o2{BIsBGsnkQa*-FtY<}5N5M-Be3Y6Z!zdL20HX`zmA zjqLkiKZa>Lg5_Sh2`f!U$>pLoU0|~Bf9bjEm@5;U4i~s6kf2rt)+gR9useY%X-l*u z0?}NI)^LMb4My+e61Ok5Wur{Idbp2KX6JP`(5a`Gn~7zceYK-Xf2G-6Gq$#of+L52 zn+r}9Kd#AARK=+fP@wuoNHSu>*Si@Rq#&w zi{#!=5JDyJ7ywatsN9_i(`t$h9|n3CTtqFjd7))~GvNMcnl5dBA5qQHk$y2=*%CeZ z+q+oD#42!AI(&MyJ`Ma=tM_C8I#qv!{r8ZfZ}dB@ z1y+RVbNH*`;Xg1!q^}jgtAq4a$Itgz@Ay^8>DAo_u+O7tu+!^FX&4*UB5i=;bRX5? zakvyV5`YeX#t#D^h#-X=RDNK14MOr5=1HH-7IG8|odGFOa^$GzrsiA^?{v)F{qjk|pK%pa6&Z z(qccNWz`l&uu+yc;Sn9fuaBN3$k>*%iBbw$j6s=H8bXh%*lb?h%sAB%k@vNFHH*oa z=1t2OmWY%iHE!I;leJYYD;Z6jquzMXZ%C|DnS|dL#6L!o;yg7AOm9$`%~v~1^V|a(*lP{B!4Yq{buY|KdcfLapW>42Z9xEZEeJcqHV+$ zv;ZU_O8Q|ICxM|4oCcwUa~B=-bN=v#Dox^Y5z>ggIi%m_gusaXYuV{ic~ZdHQT3F~ zbkAlj|MSS`$IYzs>LgboPcDI*Ca6f>oNUQR+@2porqRgcJX^iVub=%fWe$VsN1d}I7lYE9Lo=9K_O?L5#~ZDDg=E3MRWit zU8Dw*7Q!Ydon$yuJs$c`#mzi-?S!xFB|7AN50YNB0GyTNFPw!iyqQqt7zJLy3{@z0 zQ>r57e_5GZPrLuomvgwj^yRy+I$lTnYO4uytYk7PulocR**9@%zU`5e#@)Q|Ha#4v z8gyDH@f;;k^2JOtPaCiRl;5N-VuL^HbFWnpD+>;uFTd4iBck%CgGwzm(-cR=Z8Z)GZqBDf&9n7M@0i zCy1 z$V3_kny;sE6q|0dYWc9Z34zv~TU!J(-t{Y@2=NtBl-(_oinp$zh*43u%#Ukp=Z6g& z4AL7FXA*E}_Yu;W5ybRIj7-tQ=f?jhpBQoRuY6)Q3+t);S3Z%<#J>}f>?Y14y8GRy zCRP+8ZNUthm7j^@Mlbi~Gc21LF9O~5Fio45JI-}PgP!(@bgiZ4qE}sO!S)P5@_X)S zx|S!LzqL)=HWAaoQC2OmS<#-0-2{{PO7ylMAiom-36XK3mcP>D_Ac zYg!>cLl!VNymJDkREjzU6NMYenLQF-s_&^)4w7xP9GGnP%_v#vUCS#ZYILUz-Mxsp%#>u@Eo)`GrBVpq8!u)Cox*Zt*ShfdS~Fd8ryz8&%QajcAf0x~& z_wl7V|6J*5ws|%F(%$#k?;)y<(oNmnEMy$JtN-nc>EXQi$Df_}ecNIq#pk=G1&`@68*1rteu1khr%~mu#9w?`GPjt87E%S;E zsF97tHs1gRmNGR;_T3E%2wRVkl$5QTr+5Is`NxOn2FFjTgsZykcl2@&UlVhB?OR)sGE9NFc+0&ge9&wUlw!933(yEI6jn z>;WSuyQ@TmS4haAh0lej$g%A{u2#CHNp-ZM5>u8IqXcLf6m9ZhB28t+mJ(>C< zxYQd1r1H>b1EI{GapC?h)e|1|jgtqTp8X-w2Y^9c=4as5NNi}|Jz`>lAs%5b7Z=aF ztYcr`BJV5g$B>R#8B5N&6lzW{Jc#eI9&gMz%g6I+;-3^r9A7ft5Ff69DJ7M~G=pq$`*@ zmZ!Nxz=r{VY6kGeXu$T~7b7_v*>kM;84YEkM1&hxAKJMCub%odM~FoNC^g|&2-Y8R z3sopP9t(->or)r>O2;S+8#9R5Diqlr&xbx!1Tu9hl@gVhFQBoFbJS!Hu?xdJeqyPi z{Ld>`>}f&X1imdu_Kt4|ar3c=++zr4M|CS_@bY2mv2PLTv_nf%u#l{x)<_#Y_vVu0 z#1po@VSN&Fn(ztMhK9)AX%hm8!?<@343Y~U(OF>hFWx-luaVplpu&=m~&9<+bKK9 zCtdJT|1>APjYC90$sQCQXS(msYx_nu^)d`@?iA-DAhxUJeZ_0c>G&gDoCIYSY>!C! zd9zrI>5NO|``L@S78{AFl1MUt%sF#K`m;&*6b1}Pbcp6?mWtvnr+GGGO(*;0k#= zRa%uQoukWE$nFg>2}V13-82!@V z^Rhku;hXvPM1BRjkV1ON4|z^UbC-(RSW~}d(m=?+bQs9@GMgT0{+ZB^_YyeIds2D; zSQs!S1!&%akt8%mmBL8+1Vks!)27@LGBGCIxeiOx9Tm!8n@Pczl;4KZ(O)(QIh?04 z{@PHoU^;~MKO=|n3t?E7?*pSOD)CAiQ@Bc4nre5kBD=%8>#NqRLx;cqxq zR=B0D41CL2>2P{8hVB%MH_nPxeE>hRZt>49yD_=t`~VDy(Y7{R1ed0f1#^J^+E4 zL7aHjgAOl>_NkS4yY#jQ$HG#N>Hznc`VRE->}zUu50s50gb5+i#t)Os#)Gk3Xs^;? z0#Nht%@&2zO@WRl0b9;8pI3wzUnhfHk^O~`tja{x%AG!S zLBL#B)}?qcprt_Oc#%5lR9EYBh58^P$yWILg5kh1^ijX)^oX7cq)>#K7CMEH9FmkU zIGp$WgyCV?DQiT3*1#^(n$d7MtObNpb|3;i&u`an->(bg>9@tj>fn7(AUX>|p9}Cx z5F`hmI#pM^i>G@7ZMuNp*KIx?!GfsXB_QRHZD;{9*P2=K5t=-R{EmG@;ZIwNKhu)#Y$&JkIju-#w-?5u4=X5A`{+9fT=w+*;(qKvW0ya35;<_XnD{iXGV-)EbVEv-TCgeJv%gEEYucL#t^ zW1i2udQZ3caez7>A}t{Br>eDRCh%F2E1Qb1Ua()Ta3SS4)fqhk+iwt0k%r0SAPv|# zhB8)tjf>v1l<9o#qwhP=OwJIEl(O6xoz$nxTqT!R)bs%EODA&&4M7k#$o>Q?uKyKa8 zay%g@Kz|GoGEl|c87S8^4M%QRL$4QnnhMjh&`0~|042BsJ0T!O4)2-?AKQ5V-5J$s zfXy(wrw2K!1f*TTnRSszkfK8H7!z{IuyJVLO+w`+2ydz9Q&&-qPWd@K0>UKue9o_Y zFV~x1zF`YnCuc$@!2(B43%89$({$zW$k%?muKKj$H?>8!_reg zwM>iV_GgkE-5jq#LOb_q{Jwxz(ko;M7k?dZH#xx9<|9MNW?Kq1C##f?+b%#K1kV3n zUMV|9)*k6bP;DuBvw(ixN$fEi=nIg?79%nIkY*!*z(T0*S&c@+JBqm~4&6uxf0(yb1 zAYS=8(7bfyt6e2mieDK=#^fATuo(674mnSW!3&N=spnvWdvB;5N(geiaN)D1)-mk2 zeAx9~5HGp6LJGZ4V~3E#X7*YMPo)>!I_vJ)m{#W=d6`o8cbZ6awtX+~Qk7tjUDmK= za*{`B8bsyYFy_J_$zSf4jn22pACnr8LC=>+4Pa0$4CX>)p{OoNZ)ynWCCP&ts%UV5 z9w<#K&*nu-)<<)#bA@`^nrxmHvV6N>tYTaPue`i_qt%#<=oe1rY`L6(04x9AGu4I9 zx9YrP%z=Ch^7sMo$8BSd&%2_PJb?B@Q~gKT=Fclt4Wkp1JW~(~+GFexdL&=mtFbNE zU0XeiRUc_Hd2DoVvCOtTxk2=7C+*4^wu8%wxD5zW2I*6BxegN{bGXhJU4zbsSu7Yg z__D+;KiQu@z9VPqo(jlyn2AndyO|r&n=g~&mfQVC*Km~U9;+(G{j+?=c5hb_AG|VM zAa1D$f26PCrp|ub*uuHGIOR{X9!OvU=Z(;66rSJzb-XuU|GE7gaa2G_&#cIzLNtuHfl;Mxl+V(qlE4EaWo25tt>qk^id;n zZ}g*`tk~^TC17oeIgx5haxA8m!D&VnFxGFUhny)l=u{~OZ?G0>^ufW|55_-CvJO8W*DC%I+0SpqvWtL23ebgWsy(EkuBnt zfTpqX^*4?}QrQO`sBi_qz$JIMj{3pCqc{Y9ws6wc%)q$|u<0P4`{FbzwJkOXl zDpbfRr2aytT`+85G)WBqY0W`4t6ej!RLY6%4n%>OOr=t$!6vZ1q1+7f3qh9A0}3f!C3Yycgb&a5z%*`vtJ~^uVC})g(l2+OuiNvK@-n<} z*>PB>GI16*E}={7u!d5_Okvb=O0&N7BC6Ad@^Jf)bCibQvGUS{9$RA&e__D4UeZx2 zTrRgfE%!$|x0bPRd4J$qV$#m)$cu9j@W)!Bjiw@Y;hfEfK7GUuz`Q3yF|8O_qT?#8 zQX>`d_)q>nPmhT1xSpK}ivz_tyIx=y#Kz$C9joH{%nwKaNh^){8zZr7*zot#VuU zU8@(j`-L^fcgsFf{hgwJ_+3MipDgBA0t)Ya`7w<^=!5I#t+ycGL zE4bwZ!5@p1?CST9!4AU($K%i-{4L#8c9@2{=m!`>1ybF;r&xq)>allb&?^gsaUrYW zrp-@FqWe2@%mmBaCsR{q^y0F3wbD?Gp>pp!n-Viyf16gq^% zWXH1Qm?E9BB+U#YnsHV3x0m&F_K7~zCt#eBqdg=61@f(jfa~NUw3ol`K)4PO!N)aL zm<3$YLAhdgF*FafXicRL)?tphN@xS&6p0_u=K2F8f2A^4(LWJ3q6imgLB*H=PQC3; zhZ9PtK+vsziN)6ZdigoR<8Z4WMRd~3f6aGo<1Nygnf56%6xjpJ1XPC3tkM0}_5E@U z-E8N4>9`Qm^4M{^2hg{J)~o~Y%6RMDcpYmJ^Y!|2V<}S-le&*yD9-zT0y=pCe-3E- zTDbZ?&f*;p>3Z?^7iuI&+g6L)GUgn{0)O9DHN0OX>aOs1m+s%t;~Q=olziI=SXa=m zjB((b7WsrN$eeg_vLqRsXCDFy2CQ|x3&@avQO(>Fnz3i++=kJWH6a{!NTx)aNc;@#oSf&HQ+_7Xz`CYi@KHbJ6Pg3bjOlP?DuNpt)qg z+sB97`_tz_z+cR!qXWeIH7|Z*$;CGxC|k3 z6l|XTeP{Hj@LlpEktcm`g9+VikTK)VU!wB8&aE6N8W(Z|Z4q773sF=AE>bu{p zk)arDP_TXL-fy$_BNY>&y(VBOI)0nL2)j5jJ~m|e8ANLz3YwV_M!Wbbvm(O!*!WG# z{Za}ig^G7L9C?=b2S1rQKtoh5H(+B|IZ)6au>Cop+@}rDyg{=)1RvGg?ab{(v0$dH zk;31C!@bz$$QWeT(Qk;H;3^7r-ZgkUs@lt%K$7W>nB#3@#S{vAVP?8J&c$@j&U~~4 z0p^iaOiI(xS|~I!!R)#nGD`d{kR^zwZg%4aBy1yR0Vd_@MXM>C9+>5(w^3T>x4$qDE)^E`&ObQ zQDMIfyaak|O|6Pm5pJ;7;29**OYO9C#hMVSWEqAq+vm%27=z}>3PMQmp+LzZv{j4C zQe^l#-7me0-Mmc+TVfq>N&*Yy%JOj#H5w51wr?u;*}(qHdsg5#dg34-xyHe>$>G=N zFi@(`9b~?iH4@-S?h}n51%7J*(g7K{*dXJ03qhUm?ORs9{i;xh`UZ<@y8SupDy1%0LAq~`a zV81uXLkVDDCF93w=7)SWKYGTclpknv*nD?q_8~!`*d%F7Hz=*l z#H=M4njA~%4)>Vszgj8G)-wNg@bCs;|B_9j&lPao<$s%tY4|^ScRW;iYOV5@CFoN zxXJ7}EHY_kYPQBsR5d-NXQb7ulybYpM|AGmvQ=B0Pv(T9mJRNeVx@?~ie9UZk*1AN zM5ux)#N=Hep$Wh`wk!0?e#citXLNVts*6@|W1@R_u)axNx7PI z(S?}bJMlx<%Y(NI(M(Tb?x$n>tvP>_j>#rnaQ@bKo(1c~%+KH6&X88I!0(~%MH;~( zI?qamgnT%&UhbDh+GjEsa)$Ygm^LWXTNx7$qMBDjmk9YkTISGLxo{J0OKE z9l*U%c)(ONND}g5)nKg1YZ{Mf4s9AFg{Wk1v7~t$wySU^*@BHFqGiCLy9-h9> z9tX$8nnmI(t8M?3r(V<>f;3!0wvTk%r;eYi_iSCMR{wNI956VGneaR}?i|{U(e$Q- zBtMoEN`#o8;xYG7SIhE@dhU2_E)2V~QG9L`@|H$O%u+VbBARB;99S*0+dzffO(jCJ zc6I({qdybeH7qwRLYour?X|)Q>RQC8_#BeWS<+uDs%$+vV-vWmz{(@%`O8ne!4%qR zN{$g#X?I$NL}&lI43I%gv$!ht(+0?JEl2RJ?#$H=f_dqpSSE~Hf>HL2>b}Zhxel+I z@(?Dv2tnK^D5ZR94@!v-{TrG0W))soGNkDbm$v6}YQh%~t_q)MXH`cU#5{+hW^Jk=*of~M|51o zeOdT;OxPXEkSg%LZU65g)CE9ApVb_o?ibtxYNZ-ziR*Py{dE$ga`jmm$r;AV`1ly_ zl_=L%K;>jVhJ5bC^r`zaI`?a!%{*Yih}|mcn9DvcO(V`Z1%}N0jQ>hoS#jHm(D4R+ zJ;E7v?-9yer9}kpCtk083(e=F$|%8e%s@uNFqNyT-~HwjQ&1coMdoxlZWc?2$pCm; z3`GPcO41QeW|(@^dW!vZ%rSkNhl8=OXoFf7ZMSXTgY@mPxbdUCht4a8DPZI7*a!Ec zxqv?m=Av|4N|eQ>*(LXSe~iRMGdtQW3UX@*@U!UTkTsL$s&3M+2Xai(HG$g)RnY8A zS58&A?jCerV}(50%Cs9X#W5xx8yvZg;4Z=HQg4J3xrmOO(qx z?R5)v2rzDZ_pZEeY;MkjS2c9*Dc?gI3OFR95I7rucjBSbHZ;xpx=9Vt*sREffvztz zNq^%t4aq6PI?MavYSq3YM;F%l)dL^lhs}5hj8Bm?_0U7$(p+8^E5@VrTs$feMkKsu zS{s}2%&ijh74)B_R>`G`aEP=Xzq9Zy*319Jzt)6JVoCvRW8F#+FdnW)RVsU71serz zax?37&3g-^26EdB@gZD!QK#xfzODYNPvts8a^5tHrq6^0-}}g2JCq#px5!y_rvb&h z{?ax&y1IU#Hwd^jq@n6cD2;O2DD_<@S+L6hIjBNtYFw%O@bix8se-=pn5Sr&>2(Q? zzbMocs+Q=h)W^66^EO?GI#3nFMIn5HQIh<&ez!^okDwyf!&qu;;_jZRUeVsb1U5bW zHlj~B))2>QHp=9*s~k6>j6xSklC0?yc2^YaiH|qdC?Vzm3$zchb?v)wwtkFKEv6s6 zuZ=y#^+<@9WSaJP0uj!s!EIkULMsEvyS%<6T6#c7suXa8Ro1 z{w$t*OSpi45yNl?IH`pGh(JZCnfNsd^F(Qb(gw?Detfil`TfnLig(=L{uVJAyxH!Q zXJIR7WP~D}lONJE2gCaU)OL_YS<5wZ-3waH*#Zr)vqUxVB!(w4GCRC25{O+Vxq7nQ zQ6+gq9^c+B1JRWT?wff1(M39av;AXm!uBrHL($8R@7*$>+7ej?-&1)G{mQ8%REaVN z7^E!IM`oXukh{>v&FfXC!b0u=vP77Dby2z~J3q^%wLgRpRT)KC)J>4xTyeBV)cO^~O5F=2?~^C0wm9>Op~`Vdg;7vkCIN4&aSwl!Xci}c49otn5L6!G^6VUX{h zb}mk(L>&fArpF@Y&sTcW@R#28IoF})DOr4}e<}T68|wU5eUp0u4@P|}2Z6dHcQq=X zD@NO?@ZXkNutFrHEN_{*#`s;Q=-V}<<_cZUio|5N!4Y0fM6f?aFUUO^`!u_rG(U1& z{XO|E`BU_q2H2w}f2Xmxq@es5=i!d8ZMo=;Aiy($gpKoh3VahqLp%FKl{_3W9v6Bg zzb3%?10h-aRhH?KL_GhBeBbp^;!yX?_R!eH^GVEn>w~hSckJsjG52@o@Os|H)kv-j zu?Z!nRz2FZ{ZkTcXg?7q4Id($rW|YHmWF#SsgTO`V8v2E^2}UIRlAjPL3<k7NmIev1S6mvwXA*)7D8R@ zrv0hXgyI-`$>Ax;9&61Q1rF#F#(*242Li*KYPApItazlhW1zN;q(Hm^ zvmo3t=}+`2?sPFGL5T~uu*bcGWl~hY`hAX`s6`)-FQI12T^Ov`FhH5U*MrETaK^>E zv@8J|i^+Gtto|qtz5x1g4;5u4O@A~km2tbUN1>O?7eEm(;CCAnxJw0P2cYHpl5#^p znT4H`5Rud}z*e;6fJ)Sc_lJQGc5t{Ao}}9uJwXccW$Ww4@3VPwo`6vS6m~mzV0S@l zKnHpcvK$iS^uf$vehCv;-M8JE)1`1sR1_%T&}2J%H6iN1Gp@W7))|5ojPA3=1z+{b z_k6ULdNt9S2^CnaWM>q1zjyLvICU;`fMKShA`wbE?an}R3Gnc6`GE9C*@|1I+p~aO z7)G)3m#K9RA^g;~*+*kJJTAMvA=zO213%|{JJbyor_zrJ-Ae`X-juhdB$q-Z>4-VP z388xg_eZoYC-*LG36R!S`RnQt@d-tH(|vfzZpNwgvn}xVRoO#d$C02$1 zj=f~OLXp!OB_;#^8G0Erx*`6w(p_}-4;gWD48dzNl_x^=Q)CKb+Z%}0d$4r`shOgj zdlI6AqtdB~)U3SYwdTC4IM^cLbmUe2jLh8pdgW)nl#1Hfk%o}lqmcDl3mYdmquH7F zzGLFcOw!?b|FjRyfUZMtLFs@`xjqKv{D8keOCG8{+LBLsW6qwem`Y}a`BcD_DRo>= z2Agfmv>`1a=v~gsDuC=OE$glFMsZ!4=%RI$7-)ReD0W!F4T7Pa>jAaGqdw0!sx*t_ z`B}ZcuR}B9;qXV8uYJ?syx$wLA@tn!Kq+0FBF$Y!-(if|zVZ}RNsYDJpItf@TP^Oc z_!&WFZSO8hON-OHYOC!WoQq@cOQJ~lwh}4q=l>NGA%Y}bBJB{Mwuz$x-R}K3-e?2- z-V84D`8nJTwD|V*{=$6HYY{=vqog%kF(SD7gtxMgwC&Pt)WJ_F0;UJPYMw6#z%yH+4uXSe+b;>I~tx|H$PnHdc=2i z*Hz1Ab8!p*uI&y&7XjW{q#CT~!U#&Q zUz5b!m{L~^_Y(D+*yNqRfeN}?WJydKA;>+A3fe$d!-eYc`*3y$@1&^8X--S+++nD-X&*lQ1`xX`#_a?2D?v1 z-{6sTnnp4%Z;4KB8$)Pp?jePsSEFUlAm%eQ)jIWl| zq%`Pkyvi{mH7xn|MzvZjJCc35E}hdzjU5MuJ&6Ybi&!WAi1jxRdsN_v@C|CrqY5`+ z8I#O&DYa>QLxG|31(~^F4|kN=F&P9W!;nEGS*R0X?lP5vf)I~+KxKmH3=S>=VW_be zpSe^QD%#4}?+XCyaj0{gEJZOn#bF7V@B;m=g0$UO?L-6Cl)!R!2L_CZdj9GVl8To3 z0$0(YqoX60fVQ3wJHck5EjMZ73v_2wd=UVq79>y2eaQ6^5;Ns6RBqZdoZ$yc3J!$z zogU4Kf#OAGwpP3611N+sxc{^ea4GSg#8%4 zhXVFgvT=`x1<*8EP=+%yfQ-K=n@%Fd#2>j^A6oZTA#=h(#;>EIH$vdNfAuXbK%sSTa); z!55D>9(C9UsF5m&sW&1dQ(*H^wK2u9#0*5J;}A+fkkriJWW2ZY@2bUB+g+Ax=H`$M z0oWECDs6PXcC-A(OczD+5Ye>Ljc}dvrOdETm#?I69!a_E!Zt*q+9((TKMKM304?c1 z7X}ofW@0}JeLwH6%L9`V09Q}BcZIaxFnfSsrhb40z)hxM2+j<4&E7#UhRcm|UyD69J)Z^QFbhR#5x!N3iFcDBr!1&+AYD*>LdhhskYs!=4O2b?8O0(LEZ4OFas-z>P*G#cu z#nBKs9cDC{vkO)|IpagA)c|vQw3@iWs%XhFesFjI? zWT(@GE=ScFRtp`sC&9}e+9O@#YqE4RG?dv9N!4*RYt|RQn;0Dc#LF84e0O%V{M;4R z4Ecx(`HIjQLMpI;D5d>ax=KXX1MVuwg_(zXk1ys%i6DUrgD0M?!iSWpAm>T`#BK65 zLZ(PUbj$vIT8Or#%d8qWx<5fl&KQ7ws{O1J37wYP8NSqJ#DH0_w8Bak*T%HZ@AiEX z*@^iEd{6&6;oG)+;=3!@kc6C07KT!4Hy^F3PY|Biw{)7Vov5mx6wS9f@#a2=zAcE--JA<1%6#f*vd7wNpB5_;nd(p%a*7Y{48r@T{Wh~y*RDpO;Ct+ ztu7vX`LFe?6DJE)P9*=(G^CdK!YOR1UqfQFESwhBFdn4L+qzU)PGPGiTiP5r%z>^w zK3af~Pd;Awk|2@JcYKKKpbsbHb+cs;QO*a;D3Jcu-!^6YT~^3?0d7BABit z9pN}a#D6f(_n6L5eTlFhQ7pA#ytuMW9h4D%i}k$6DJQy|&{d~N0<{Jq!})P+Q})PHSIy>>4iB4wB2g zp#b_dXiu+_HH^%Sj>8iD4hQcE=gu=CSki6ZA6r&?wn4D99Z%_GaV=X+FNBmL`@=!d zH1TgRmB8>=XUnzN8KXHxo!PeMTt-nsT-`f9AyEAwMhFtU`_twd<%U_3lpAUzV3C*Q zsCqXO3?osO>E`g~-#Er0QW!wxAciW0^a>BwLA{qix)dI0_V(K~-n{!(Km|iGH%_Ac zd`*dGZ_r`Z&I{uVVx_s4>B_sor@cp$;^~Qx9k?PZ7=iGmd)vWyU}bk6iB2Ro?*{tA zUgNGnq^Vmz%C%tUzvUGHFGq9@hyJc^Lo3lmHPe?#7zJtf;zI_8trDuBRV%O_lOuHN z6tRPmNQx!f@X28Sg+v8g^Q-00dvAqBC?tF;AbeWikz|TAZ1dbz)6lQqEdDXs@!qx$ zlY?jq+s@vRW&+}uK*p=SHc^!$#62AXPQNQEsjpyHp&H*16xE*kLZ%f{@(q}`ocFSF zw~HE+J960BoiEi^v@ku%=Ome%Tn7( z#s^ZIemEj~jwk?AjJrjxA5V6g0Y6j-9W!51SxRiajB4tP+}CiRtIuAiUcneQNXIy&jVNMIW+khT`cuAl z^8QshyaFNk!MXY(6WQfV=pmdI<$)MhYKfU9;Tve$NSSWh8~EkyvC|>J_Rw;n$G&P> z)MtWBI=KYG6edX{&2loF?SV#%IYvUxB1YOmgylOYhD81DKREpJgiNK7dIzWabstBe zw3sY&OCLJ*TXNo(R+!{N2#F|KS_+(vMHWY}s0l6+a*!z%yidB_jL0)g1H&`jhLWA> zZ=L<`%aWr#EwpIH4)WIiOQE2bL0n|Le-0HA~pjz z9ek??4O4$f&~GN@j$DwnCO9z>rk8-{ZrOsy)o3;LHDiXRIf?SB@T;7Dp5&FMI{Ky0 zbf2D-Q%M5HeIg^nJW_z+9%(}<@6xmOU4S(&G?uvayV)*GLSBZB1;6hoaNNV?;lMv76ocgPFRQ4i$W|&aY=VRkni~{T-5l`VmM1 zwA5eA2G_20A&=-sGJpXFypk&g-I{y#`kf9nnb_B#%inRhtjIi|T9k32&h%%`0vhK& z^wSfZx#)jnKy;D5aa@=4C&6rUzNmc5ov|EG63_N8K7%JQsG#>$ByNzIUqjLW_~o%6X3CJgAj(7@b00 z4Os?bC##h)5pVq|cC<2YYo(VynqnhPmXMQR8$NLYVQdiLxSRVcBVu)3-L&YQ)coEP zB&GH8_OuljqGd#%1!@gpTvd;@fnxL^#s1B2N1jM>d$F%9uyq!xff;+d;1AGpKcceS zR8f4Y)=gTGyQE?f`87HZwP>mLS;9iwZ->JSx*s9jbuN`*UbEHufNRT~c^DPvOpHQ^ zYzDO~cx|@A1HdGc!LaK97`5ovb$MwxFyq(}_)fcE+sPn3_$xH~rSuAT&kis+Xmqdn zm034C>uLI*v_)RXRD0z3wcKoq*15^v>h;iWwmRuGO{VJ}9^L7zZt%73vYTfjgnK0P zDZdm#!d2K8k_lV*v7Ct2Nhd`JIzo8{zY4Su4-44mlgT7%d@f5Z#d+XlxNns`2tCVO%Z6bz1!@UM?`N<#8*GSYSu__MF$6JP0x|ib$ zl~Hh4QIYmthZb+O5p7Cg4?<;0b zh9i*+^+a|$ZBd;~PKi9lRrou{Z9XJ16C%#G9SR^8K~r(P&aE9ydS#!@@WC?qnUK4G ze&}`Bi*npB9-r>Vi?i_EUZ4Tqed>)MWY5s2Gb*4dri|*-atn*oSy*0ge$ZLCah(>? zuzUjjt8bXqMoM$O=_Z{Sn^2!_fv?xvB#wh&6zXfti0)P#3lUmW;;ky2J_9WgqG?JR z8X|7b)-Gb_g)#uMIWAl+n380vn{t&&!!@K{fQ1G(|!N&unR8A?av@L>G z_?-f_;B)Qu`g8B@LU21Ep)KiGXKqNjn5zOJ0me&{A%nnnf&Yu2@8j9spF+p&?vLxo zyA5xCW$MVwQd*Qxh8>Itv&7=6ITj~!)kGI^z^8D-L0=cHQ)Iv!#`LG%C%?Pi&B`a) zY-^?q70oLGTEN=u7NrV=rrI~7m?r{7%AeIAR;T*rlb0aJ!ar&haJ5~w{s#c*Ko-9a zoYj$1Beuxg4M;g}{yu1Ds?XsEL^nN;&HJK2C%FNd@MZip$S@};HLr`&PihF;;PJ?q z@{62)I+Z*2u%kJYrow+z;2kd#BPrI!5J9XpVf-TOrVxZ%s7VHej6VuAAu!63$#O%yi zBXXCAv<5%gLYbA*`?= z^LYAmuwnf<+_3%})zhEKVM@!#{|tRbB=;8Q1ezWHb9ngT=qQ!{=f!ca$^X5Qr(FC` za*UhUpCXxmr@DQv%C!{;4HBJ!X?jxO&57qhILd zZPtl!otQN1MD=wdLp0E=6HBfWIV9aOs^qK_8KOMObz-vmbz)NQIx%V1i8<@UezQ(g zUnjCe1I;?I+&Ym*(k-J(cAdx)S6k_Um0I_M3HL-a2v6bDM>t@waLZHj|>wA=nP`pkYHTJ~3b>g_$rl`J7WQhivbz-@7B9Ek7MwRS3ktNDwTqllKzfEym?>5Ep zc5G7=9RI05R`yXdYE4uqjDam;%X*lg)Df-~8TdtqH0K8;mODYaWl@RsvF99}ZoAlX z^61!eMeAiDd(K@vE3#*^de#~lwpHwzCdR|F=c=M^ir9002u?Nj+>#ia+Sqe$K+ab2 zXNDRN&!8&{btvM{5^)dJSae$gAL`@L#sDpjZg>P7`oIS0{O#t7{Mi_wwQfFd6?>+M z@$l@qs*SyRlXz|YHeYS*Id9KztJpJ5jE85>Rqdw~vFH5Fm1^vHJSQjE^7+3em@<*Xx^DV%&4{OFyE4U%y+zm)HNfLvyqK#?Ng1zu!O1 z{ zs|m08`PJF`w~SHtlW&ia_{nDk+(zs_f(}P*-9gztbPy9KAirLq2&D)ygM_w?WijZ; z->;GcokzjKx)D9UPth|}-E71yhCQL!_VWaRS7+~mCMCce41GqVAQqGY*S97*fF2B0 zH@guO=93|%mjjq3UUO9F-){J-D?Jdc72R(NNB*l0A zquGpiT!rxtdJX3_oVUiD*S8hF94yUw`;!@fG~-QXFL-ti-(5r1cg=Mh&Q64fsTDbRJH$$F27^gH~2-W0ry=U&?hSmEYFW3@AN4Vm)hvN(-yWJ)Y=Vy&})cA^pgt&oz~s22kvj} zHu&kkL8K6**Z%PRN!ZwlZ2E-z?hKp=64#Vn4j8f!zCwfHRG1^ zTChk0D}%;Ts{`r?LpTUmh`MbbXy4oK2)p(w$l6^i-N|Ml;YEQ-;OFU32P{>QbFF9AaXx|D-GG#bT6NPbPh6 z9$jY^eH8IsQG*|F@rW{`;_Z)cF5a@yzu9nPa>f@85-N@}q9C@%wGC-_IE5N4d$L znEQpB9;`q`hqk71%Lz~ z2VJRkN3K2q6X0MjfL=0W^Ih;+igC<=gD;UY1s3$Vgo1?>^>S>62*^>8KczCw5eQp` zL+T4fV7;pZ=>*wm<;(h6xL)>A!1bCN-1(J`@e}|M0KndIg%mKLV`p=S&bwq(^Ml$@9OEEQs;n&rO4IYf2n;gH{vLmb{g@}uJ*n4CrMFki3 z6=WcfWfk=XntH`N+XmmAMj0Wunn(FZ%+<2A7=wn@H-tL_u9N)f>W&rjoGheQaka{6 z=2{6?aW_Hq5-gSIQsJ_@|35CgS%#@Ppl__P$&>+LAN&t+;f=~bt3VA@7&~;@xs04B zGON*e<=rTr-q>x81^xdH5+wqEgJ<6PzZbpzl>h(m@Tl?sujHBG|BuGF3H)s~0P5ZV zaFCcE@+)WH;|}(Xc%<1P*x)UKXp|QZ?+w5VJO_;j3@NW@L5xTc>yfw{AP)F&P#Zi4 zlw`lPHTDAsjl_=54iL7g&%;3%&51ve9Zg1_?1o;jfd|Fpw6z!OdW(f^DpaB}WyrF0 z^xU@6{((q;)Q~KUH&o}wc6ch%kCf;X@NazTe1Zw zF<8cafuscHKotT(spR&63vUMW3bBE}Zm>u0QF{<|Re9}wJ_vd^&|Ukc|96`0;4UcK zvybJ`>7P<_&Isq|SOWO*6ja_}4^#g>Hb;LYhW$jvIfC}IG_!^k){#-`;nNA^V2BWr zdiH7|}RQ~9E$5;uVa^pAjxi7ybZGe5USZ9)Yz1|r3T^O1BZLq#a&<>*#s zZA7dfgJXPyxUo;CH|5He1t1au0poiU$Wd`1P8p`&1q#UNpRF^bjse|%A(w<+lh&Ql zbYP7aqG{OV^jbI9c5hHA25zOq!@l7$!EvlA^~Vq#MJ;PBJFAu6%!j< zP#`X4iU4AQOjM*e8bRzJ8w`E@Q-?Yr0vL7Fd#Rw;C?aFbV>%Sa4&{?AEDvm7MOAu~ zb3AmA!nq?cE)tlEjbju-;YNq*b^?14H?o|lGX>grr-jXj)?w}KZl$a_N1lT%$QP9~ z>H2FfXKE8Hp;%BvLADYi=*B~qKsF%0J46i75nuuNR-|jin1&6P5+fBmQyjbeB&92v zQpH2oAcRn#AOYaVS&eE@7B)M8R}edrP3l6Rt-XE*3fdRScjlqudo~ovUJ{XC`#tx! zc7h(Kr^e4-jOq4CK^3t%@|_E`pctG1U>)V4(VfKvArAm>^ynp_f$HNBg$6r* zMy%8fHQR6O&{~Dg7bW69QE{&3?=QZnEOfFU)?Mh-CuQ^snky-&U+aCFM)SH+LWORL zMgvkHD9Rx@Q@akNgE)$;pFT&HSUzLY77Odusd53}69;i#3K30+d%z>9 z{X92*&7shJSmr4`w1gsDj~-aC>+s;}=~1Jd7CI~;aw(B^Hgz28iwogfmnD6bc~#eO zVTd}ipqElr&o#|Qm|!lgS;~ON=$IkSk*)MxD1d_?7x(3m43T1baJVrzrU4#xJtzk- z2dZqTMIlGFMGdEAzqaASOqF%YngV&3!Nf)!Gi2W*CT%&;Wrz}>;9|ZKdh`~-F%Z7Z zz~u~F?f&dXMU2v3_7zQ;W&tl=z+Z00Z!Yi<$6BHWRbz8MQf}qkB-^!yGHo>Q!rabkrcB zf~STiS22&0HzjeJ9aOY>rC}Zh_hbfSBtvf-7X4^;e8hZF(O_0>L_>Me5am#tAQc>q zrZIQ=p3ZhAs4R9ra>KM4OUVthLQ-t3$~N83xZ{7(;U_9yQ`d8lD9fIyO6$m&|Dwai z815?_s$=Yi0?&bfmy+A!lL%3@*5Sc^uh#;%VB))w;6Kot;Ba{iKu}->w5(J2{z`|0 z3M(~A1{+Em*x1%5c!OfnND$aXMJu;D?9>LGoU;HSWiq5GK%oq?)h~0d9H86~KiPfEi!hw& zA$~APby{{Yt65ZSiZIyN6y5jwESLX}Ax?c}%}E13JOAJQ{?XBKD*xYc@90I7|8Et~ z{QQ5>7&l1(nPt${8SQr(%Ix9C=yq`6&JpUvobSwln2*I6j-~Fbp_)(YhsVXYP zbhriOIMjkd#o>mPPg|Df>wAHsi-pS8G2_fq?wyslzeUk3ACXJhw5k|M*V-&e;;P>A5P!!^I>#y1WzC32C#fpg3u9V%z0M(C;3Zyu8M~&8jNHLfo8Nb+Z_Hrt)w< zJgu8tf~^-?`R|ppHAXRW>)*BTcd!ySEIxz96^FiZT*}2e-*L(@cdF7lvh}A*C)O|r z`iB2vTi^^a3lRaw=0Ud+z=CI6h}bVGso1AZNudBjHAJI$hzuDK6F?P}T^v){MM1$3 z0a6dDp?{j1)b}07%9uwt_-H9*e`bvkoLOT`mv4EJ-QLhOG?{!~-AF5w3fXRri zJBv#`oqpkELt>M48U}x)3@*8J>hrvi*c|>=rGd}qooib=&OTk>&X7%D>bEx*LUtvd z4y!aQ{YY6FB?o8*M@#KKEUlu29qi&6s{DHL_K(|k9nkBuFP|rj3gKWf{uz%;1lVV) ztRr`4PMXfU~fi>cT00OcHvIT1MfuI69-=dP= zowi!L;Lf~qH_l?AvRXv6FE;6CAdqafayvhQ9k71{_CUYatDd^%QK|`#H9B#*_&+Wv zgJU%33gCJ1e}@PC^!>j_y?zt_w~A+e{9iD}P4r(A{dYgne;0a!g-CDcEx-XAHPM5c zA3Ych_2RLEXL9~>DNFwkb$l1S!;Vx3zj!4t8ZD~6jyA^U2?FU30n35dMRqdOCsgdC z!dI%WDx0teDmx`8ac0F7<=HwThH8x+O807{$JF<7EQ~a@^a7~tF5jE!YjBVlX!vTI z&bXdxpu(lJL%@^}=*FW=Al414cfZo%r%0HTy>T?~D-1j+Ca0~vXtOWZ_Q*xlf*!Q6 zm_9h3KY(7hcaR&&l#95}k^L}8CnBzNs`&Jku6eA~PI{+u%M73;jog7tZS)NoKTccc z2-?38XZjJ6Y3t7P1J{m(=IL+he*<)*h-wd{0y|LBlApE&^HCBDZD!85GA)J$wxILq zEX`(_S!9{{336luN&rJrmIDr5PxfY4xoIDI0gCSX5>$zD;Cm{(0~0W!J_9zK@-BF- z&!$#ht1t(VoL{dsD}ATgBVNDE73^`ZVQsaB^^ewW4Kwld7_zY?1`Z|&vYp2`IetB! z{I&}Y!E>-L|2a7B^%UuwH93Dx-iFl1X*u|wP#f_j7v>a@bzGhw+zM1C-~{po%s_w@ z{qJ*S)h$$5U-gtwSy1a(W_9}m+1tmx#A-wzcxkO-9tM<^D{NyQKAyE`EA7K(F#pPSEN#Vj`T#wD<}ba;42SxZT28GASgJ$7ihHDv zx=Nu9eKA2q=$C>TBLbqK2)tdGDczR?Z2gK({n7Di7ke1{_(G*nD77p9t-Bhy{{T#Feb4Wald#w!s8*LB|Zb zgWr8f1a{C)uiNYIM)%pOqks--gB_^=>{LZ#=v$X4i-$h)(*{3)p1^EPf)&1C>cUTU0gI~$)c__D$}`C zYvP(1Kb9Na}-W?$ciZBQ)y#R;lw25{v8dpQw#KQE`r-JuRosn>E%^qkonS9Hn+% z%&1S8qRNOe;8KS4`Hub(a53=(;$8+5Gt5KRr9hoi6Q1{P*stfvKOViZaRNE>Y8A!{HY4$m;m+yiCzS~Zrz2Mg`&F+FVS>YMaZ>5brk+=eWpL5H&V(Y`=@De z8T%_=P;SX7cxyS-x4UCX#|}~&2zEW46s02@>KO5AxA2;0UUnvs*bZWQ+@qp{1!>*2 z7rFy={h8lE;xnZmA(@_0yJT2vvd%iPe$b0~BH)>1F6I+C#sG@NqCd~54Z>XFbvno# zBm|`{BvUUQh16LJ*~erT(wJoO?x|yrU^v|g&QI(DNs@LVAD-w01{Xq9l_ppn?ohzROkO8n+k-0AOv2v1B#v=G0$INMqL zSDe-_IAAh^9$951pmH%u!kb-BTXOVTci=lSQJapUeR)(>9zDv-7OQC@QZvH@asJMM zo+oE*X?-M9bsa_1=Lu5!uIfmb_>7J~D46Ey@!G?ZjZ{w^!o~)nfT&;fC3R~T8&HdYOf=!n$wia9{FB| z9Ua|8IawbmH&Q#mJwSCnONM_P}tsQVH*mGUWt9n8rYH7~DH$eU&!qafTqOmQTH6Uv!wN=eqR zSi@ou!(v;L6U;$E=QLT4#b&@*M;6oF*$5WX`35So7|-^985Rq&BW&*~*05N^Vh_M# z+q8;hl)Q69&^2_bA{dOdrp;Mo z9v#zWR?j7wHrwYpOdBknTg0FR$5S07QioG3Gj#bAe?j4OX3mE^?dKrzz-Rp`Z4qqv z5x|E&2DP92~r8&i}3ADSiGg8sp{!U~>Yn?h}AvTz`pl ze^Jr3N&^ycPjhT=YmN;@W4`#o!DzCVHwzL~*3~$O<-tRm2+;sOu%Qr(ye&%%^3clB z7Cd$6|3!H}!e@^De|&J%PwD?h2ggnRkCi-S_5VieZ?yic&im0Q?%SfcFRrc!v-czB zE)-VDlM<;)>!`ASo*;&R6c&YNA8b4tAtoVm0ce^bEXlu9iwBJg<+PV6**LnHd^RE71yZgM=RyROyVIl$@sZwR9 z+^n&Vd}>VIS7+~|jb0t3kckKiVa!T+{Z?>=l|^lI`e*B?+nskfNnP0-X$WoOezJwXi0`|YkZ4)`Dv^qc212D(_e{uLCWB(uTH~Ifp@)X$r zIb(eP9st?s+n~+H?%zzi-yGv}WKm|z;do@mf6nZ0%>NBF|8vILbO2}@pde?}H5L=< z3$SB({w{DcS(?;gam(|gBksmcripf2yR!0W3)>EA#malAkuk+6Cz0xQqEDgwt^|I< zeYXhBzO-Mi#tB4|D01J8zXm-}N@WGyRnJfVRM_8QdJVC-|m~j z^F-otRM@u+p&bhCejb7`LHCS0g~Xfu zW^K$b2bc~7c2ODWV52K+N%^p|XQQjV_W#;(U2EuEcD?T3Z^@O5x_`fAL%aL;TQ2{( zlKdv;F-x|Nec3@h~M8sYIoAbSlumqvAt%uGmo4K%qN#1tV&TvK*A zV8}xFDqzC-l=$wn< zEY;A8#_HZXm24@mR~zR~TH60JC-&nnbNxSu$Hy7}&*9;VCjNURPZ|GDwj};}f;fJM17GF>)aX^&NH`OvYcl`FqK;YOmwIa@-d{N%p9< z*306J-b7yeqTOT_`Avy4jmt)?-Q6Fx(h(+q12FWF0L5g$K_j8WpPc<6bqDq`wK@J{hT|ns`8nwKdf*4pKZ>w{#5OPsIz4bOL6Ge% zf#|Qtlizm1{^9fE-t*&L8~hNRDo?kWZbWJUayHHFjd3GSY&PgU@X6Y4fj2^JvxOQM z!8jN8I!Lzl5^P06rf$LZXyw|YJu+!(EVIVO9ct`$?a5FY(42d~F1s)|&wdk`B3z4Z+VY{W(*HttPq9IT(%ICxxQ zW24j!_1D67RI+v>GnSVbSWa8MBJYs;YiS!QK)F`;kot2lVhAlDV$`3drOV-h_EUKj z8^2H^&l-8QD#y^h3bi$nY5OaZX^&Qwr0X}7tMOjAfF9i*)%+Uu~I$_8(o}HQ)tiQ)aZ~&8CH!7H@q71>d$yQ`Q*Dp#9mWE z1cTP)TOt@n{0m2RIkue*W6e3ZOs*w50#?{_fOOYY0ym!{yCw#k;PHegB1cUHE%`B# zOqNpsVSqb=Z{&*(-- zW92n<9ApW~E-VH;q_Uco7FS)Z$Gns+$%dkK zG;n0l(PWQ>vDECLI3R3tpiAg0x^j<=tK8ySzz(k+YF%DjqU$$EAhk_ViU%^))^Xyi zPUQM-a@0Q_Mf6UI1%^}LQicK-N3X}b;4R@kL*UcrGg;W8WQ51QRR1i>7_x*jl})MR zc@tXKu9PLaz%S9Yog4>)ada;m~RPY?CXGBRB)gp1?VltrWT50Selapli0T)pCv)Cx%J2iRJfaJm(wTRCV zPN$%MynTFl{_6dkH)zbDU3OhJYpf&JN&Eq13{G>LIw?QRv+~@D39v&t%4v&$?JHZ1 z5(FsIx`2)OrM^UFt}^UmhV0y(kJ{1!feyf9qK?9Y9YyhW zVBm&`d{b{vThJ2t3bl6c6`h4H@ZEsj8zl}fzkH`Bbp;s`S6W9g@=5>)K`s=32Vw&g zQ@WHB9oi)A1`Jk0A`yga4xkW-NK8~jn@2gvLuU%05;1^Z!dxOYXBv#T$t(Fg?4UQn45jP?cCjcQa*?XIjtnWg5xt>|YX@k_m?(br{k09Wzic>gp&tZu6oAb@vi|*Bwu&$9nDJ$>_iEX82s+(RY8g zu8^2?|K7R_;{o?g9e00yjn9qBu>H871@-?j*S7L;qjZ zwQtSE?^|UBP>ttfGXa`w-ZtIcLezi5(XShArOOm4MZ;%3aX%sNLEH>XPs1$4>WoyJg&Z zlD_ujnN}}D#AJ&niKb7U711Pfo4M|0TitxD-s@gxZkQvbFOrKj_UF^RH}6-GxS~T+ue8?))p+ zW>hYJ1)DJOF_9=00^vWAsB^cNqOlTzhET7^k>L-4R}a9SSe* zmOPfGMNlldNm1V%H<)*C(E|E^j*7R;{m=XT{{D;f{m(D@M~(i!il;#T&l%(UHw5A@ zzXUZJBVaR)fb2+zSU(LX%fIMQ(q<{WK7`eZpvOMM1nl{MO+CK-*zA`aUTX}Q4K-wP z#(J?0jk637e!yJ3)kp8=ZfMM^y^b3iLBFpjaDTq3D*EFQ_5QYwZ?liKx(2o;@H zr=F#IuMT|fL7nJtyIA@}ZS;ZCOW#{uE~R0tqhKoJueiHq1;?iqnk9tV$Wf%PEI8th z<>Y$IV??zl2W^`n&Ih{D+C)UdjGB?eIfC|dF(%Y?*OB=Q9t)>Vb=@6v@=WiIO^Y=6 z8TtW3ochc{tI+2O70ehagIV(kA!m|VJksK4t)?!#nWN+@kV~=b=_%+X&LeK2HGYo1 zs#I*};q+NduTKHlS{`NrC2~#>_i~dhm*MT~`HGO)ABO$IPO{W+o9TR_=@e09IL#w* zMa$lW1dfqCh?)+Qe1y%^YUZ!8JZR2ttkttr{8ugKKaThJ57Os94tvK<{MSmJx$$4C z4Et)ry*54ED+u!*u?qt8FDDJ)!FSZ4Y5M6CY#6ja|mtAq<%IRq0z+zE&-B-S(p9_{*A?i`T`_e z9J^sR^^E`$sPEVy5bA2S0D{I);48#;0Y}Jy7_Oz)*VkP}hdvh`Vir<^(ZzI6O)gBv z9ZEW5=#LTa$OSwW1N)tx+KIA}fY>o?$U--a?(@KbTnu!N2i&(T#QDfK9I46mrGj6k zswef)rirR5EIv_zN7zzx>A!sBqjR4~3-g`tI924wEI8{ZQeMdpN>WC>0>8^{0XnKr z++Z#xh$It`>wW!l#l&BsA2c_LMdKqJW_FF9>q)D z@NLK@lS+J`$TV;e8H>qMf@v2V_rP;-(2I}7{b(LPEplGvp<_W0T3Ae%la%rCylo9C zQ=5Yqh}f8nm4x7*=>>I>`dd2-t8EFF0=SOy^Z#S-O}E>~(FD=?d-)U?+I?+RixjEV zsUFuErR>afSK6tOoK>ffCyxk5fFx4EKoo$`Qnu&Z*SN2DpX45_0mQ-xE}|rxak{gt zU;y|4eE2qe%Zrknmi@9qzR10AWojkVIx%H^SQ)kD1h~su=nXnQnntVgWpVzgCafl^ z=E(^oQv^%4yqq}a3oT|PdHQxeb1TUSfIui8f;4!`&?sML{*K$HG3A%qOHr7e#)C5y z^OX+0<;0`+ds!;czk>evO7=bweoEq4-gtZ@3lqB;-8@ASw@NWk+B(hJ$kQ6%dB=2B z7j3?9XouvaIr*6j+;3GO^@)(Tc$Xn&foNn>8ZWGw{txioy7+v&c=O}ARP@`1O`(CFY7ArQ0!dpOS_jT=>r5VXEmAkCaWh!oP|R*DjRwGRV@I?!a+>K zD$rvnYXT~nF~sc3r$9Isq=b2ASd6NzNh%6R%ywB>VsBEs*x&!wD>VBjPhKkp65|&< zyTu+h=ePO!4eaWz`wV9z&wGwdOM8$T9$#m~ia@^20iIXZe;1Dt6I*csr%5!Qk6uah z@A~L!VHuk>0Zc8*{n&cVD9l^=nPPk;WOEq=L^o)Wxp!79BQF3m0dWdMT-GKJw62Gpe)z%SLC2aKi>x|BD-K495< z`OnqCQf0aQj`WE)X%Y!_4SmE@#5kNLbCI=@=HEM63n@`)@JlSc`(tbA&3uM6W!Pcz zAb=2$Mu-Z~<%bLmQw~D2&LQAtrB_cX?I=9Io0X)}&Q{Mt&%tz*L0c0Yq=}EVa%gIK zY5Tdf{j7v;e$R2lDgSNs8x0X%?8KL~-yHenj(m1V0HhRO%NXU912R%hovT0TB;{lz z`)+vD#T1!;$VtjOWYp1ar%Ro4lJZM3x|CgQ4)}5h{2WaQM;Dw>I7UAiJ$H^1UfRKT zeZ(`@HzvkwdWB0y(z0L<4JXAgBP!Qg=3_SPjtd{9G+Id+mr_cgAYf{@NB(Y?lLDLE zL@tIiJJl7?eKpdT3gP;CL3AI+bYYaIRgeZk3q&b5s2OcFb`zN;p!5RQSJA$^r2x6) z*mVma9UD>jU~91A$=}P(`Zwc$shH3|DCX!#G{Ny)S*i++ziaNL$?}a@4k4{JV_ysm z)w-9a#+jRMtzLvxAjnw_-AyiMTKPp#O}>%ac$bk>-puEy+60d$h;c`;#<9u5zao#J z4#4ABMhCrg@MRmMG&1EYC>~Gv0?;e>O*04O>trXg+F5M5^mwyVeQfBnAx)uL7Qocn1~3ZJNI9C{z*u=K(loA4C#V|=I-xw%m#5v^;AVn@i6EPq zOQq0krtnrMIeCUMm?29^=q{)5_OmJA@w)wQ%t;q8=UE*T%gKKc6Q_6Ji;jE!0{kVq zS5~C=kGW{wfFm{C_H6x4v=a*DHmHW*F+bCor5AEVwEwS*10qm-6IHMr$4R5b3|LOP z@0zptVVg*hL2<526o9gvIP$I);5c)SIhfu9?M$O)W+$xXg5$A-%uGkDZ@o{9yh6@e ztjw#e)Y$wzNrmq*V>lj*-`{2%GS6u(@8P>Yw^PhmX#%Utv#L{*IOpQt5ARg%ofsVz z_O9|6>sEzh48jyiyK+Qs%4gK@pex-HbDQQ>E#^ZV_HTtBtMn(o;wk38U_O`cs@L+n zKil%YxcT8$ccu&sQ2x78C6IntWwht7et0`lRkhWOUify8DMFWL>PtlkU~gLQkS{QcC?lT80d8e%@6lo9IPt5wzpX3`)}qZ z;TJrf{I3+zyI%>M%iGUu_!Q6Z$_}LRdpJ3JCviK=JhMV+lk`r|0?e6i zh2k-ek-U$$Oul~rrZ`UdeT3ys@OUCejK){n+HSmT9>d3 zQYu5|DEeoLSpFo#>v8!NzMA}{fM=OlSH+Kas$B*AaV|4}mvm zT2maGIC${Vg=cHc2?w{`!TcTp@w4v;H=VoRM|D2yntaZ*<$#3^b5zJBd^ zB`+SfYDp(oeuJTCWKM_2iJhg=hvU8asw3ZPq#XbhuwXL<#k7Y$dy?P7_&5c=eg zFoJQAEr9>7ZWW3>EDXSfERT2&<1u1IP~2a|2^D=)S-b0bfI|w7UoSq6&})Q1B|DOD zW@}q$)=>N|L7;tVu%qp7@ka_rBOIKO2nTm{i(A^Lpu8l6a<2?fd8gSwFA@}VMXL{R zip&b=xuJj7&+P*V(HWtdq@g;SYZYs{n2-8f`CfF;obTk@S)#XFJP+wG!faxS zbDyZ{>4?>$Rz*A2D??W5f~bVzN_Ofh+s7ku2c=6;Q7nTHUfT#DtJ_ zG8*9+^E(5w_p)yOC4G47DlqvNv};b9K=-d-+iuf`mQ**-eLQpOe;*|gxxgU`AZ@A) z*64qGdwWOu`mei3{f+*&j^}e$I&_8(SjkQ~d4OZ$2B?B&}E#%JADs=|G>%7WP zFLqumB(>*OC?~tu$lYbjyP))a(L`;TX8|XiCua*UqG`R{LjIELW!;M@X7ORxfjq$N!sgSK|wHE!6hW?+%_yH6xz;KC289Zmy);(y{u-z7ni{AXVEtj`Q};RnN$9U zfpiC)&kd+X{_h|3_j2<8UVkJ1ujg4<{?`a`q7gzT(5sRA_1BAu|CNJ($Oz4Yn}T!n zvx>~FxYK}46B47Cdj$L*9gfVlFYg9a)>BiBW*m_rjJkLV$LK7Lq6-vIq^_g$@0uue z`8H}@IK|WIi|VJ&+2*AG`m>eN|NY&5-u|<7oGeh@Hx?XRBMA7YZBegn(i{UqGx6z~QpM z4H2Y>ek4~Y{s~8RuDRC@*Q=tlyel8%6Xj$jq=$=iG{U!_z0+=hi4Df`~FLu1=v!QL@+>8DIGg|Tr>RqpbHAJ z3fKjSTMYU<4QuMpX?B$sF@w6uHqTL}rMU5pNzYIJSxo+)&ke9v{@>lt-~S#SZQ{Sy z^30b1%bon{J~Skt;xc&s`hdPEW(r>)UMI-G^EmZ_5;x0vw1da40@V9-HN3f9R2OK} zNn@F}w6}Tmf(9Kd2h74cLQQYWXbPoWFQ+fe(`C8Vu%ygi3P7Qk#)5yd?l$88QxyM8 z_jV~Ipti@2D)6|T#pHiB*9Ab0{J-1Z@8#|P`@Ox5{J)N8Vf%j;%ITkWR(S{fD`vcf zIhyLcQOZ|s-mYc#swUcmAY7#yh32YOs}N7-lN38dbO}Y_dDcfh1@i@}B)31G7(xCzEPcoE)W&@cwYLoK6R|tFs9i(Jq zGxfxQvDmO2RxkA!E9;5P?m$54NC7PC&3)_j=zU%bmKh`=;m6W(azA)O$jAb+I5JJ;&SNITEu^V~!)U zuqCoknbb2|+*x?upFe}=cs+7b19RZ&#Uy<$d<-nQyMbatRKq=IG_4x2LXIkjC71C^ zJbtuu{r3eCrhKHj;E>s2DW>0CXv*AU6oXJIr%*Ph80Cj74?U5BYi0OJu8YbblL}aD zxQUsNJ&4ce_fqkuhyGbUy+U+>KCf1b zdCUSR#x2y4f|9U>=Pvk+Lyksi#1PK`kdUyG2com^fO)E#24h&^6QxbP>&~QS?72Elf3_A(r!DL6%7)l~HQ)r$2Xa6vF|GT%_+uO*0Yk6kM zf4}KXpCJd@Pb^;iL!-rFjU*lwnrd@59m2pw8oZ1NpRelxQT|>hrPc#%<&9Nx1eo#( zq4-~_0Poc+dD5*AsTsyOiORy57r33akmlXz1qoAqY+dHP9~*)_Y@{@h$GA~V%@)` zL!>|I{*3MSW~@R_zg;6rap=ZRGc>(M^ps2!ND*lN74*CPgKn?WYnMTisULb9z^4}q zqh9=>cu~Yq=~qH%ibWsHe3^+A*$&C>LWY8rVtyxk#z?ft)>^Larxz(h`n758_!o4R zI*{MKP0QifLo9RoFO=eY=2I8{cXXJ`|Gl@j*L&*zUn>=?Rx{PIXT$%O;Qv3W6SENm z)-48*2%V#m0K#yV8C%yf7BN?HTils2n*mFQ0Qo=$zki~@IGdFQx&p9@fxt2rw%Gyr ztJVL+zts6uA(V=j)X@K<{=s2h|2sU`ed6^0i9C;+{@)LgA4*)c1pPnBaK#i{pMe!P z8ZXKS9v!(iOR@yjHzskTMtSL2odhEOLwz z5}wR)W6=e5)zwzu%CaJics1jqWRaDkmKV~?Z+Pk(y@c#3d;-lEnapy z6TUHS-$DDm}>jUxQshKMM6{H<}~~k`!&>y zDT$WX`P4nF^-%O~G9w(Pw;l0&$J~^v_^{aFkYFkC!5uv399kzREHfi3Kqa$oT=xJlXIh>nm*T0dFYo!#+V1AbKdZO@ z$bV^EX=wl1KPuXPjyCq6bvzsU&wbc`nfCj6WOW&o^TH$)mS2c4$#^mDY|YVUkh($~EbXl(|9k@7MEgh;ClC4@>YE{ny6u zvoZWEjY}KD&&KexdDi@_*8Y>Qq{Mx+F8;TdkN@54?H+FYf7bFmZu`#+|Id0a`ui~+ zDe-IPx<5o58WYkP2`@BNRARzP(iT1mkI?d<2DwuSOLF#yBHx+uePtDhrSmVkPN>VK zUQ8&y#t|B$@ED9>#E>>KMdStqgd%WFqI8O6EFbH(fd1QtC%jOhB=2GJ!n{G#gx|fv z)V@e4`4a^kh4zh7HSC`uxruKe4NuPAWsL;JGLB;YcRAu|1o2e-Iw6dIK>UW#s|;lE z^4-~~|KjZ3o9qQm;}iBfLpmVy88}09ia7&(f-;K*;6!|>3E7PSND)XGj>q66NlxgLP(UG{ z2oNSP1{ZH-U)5u!NfOD#YA|vGiS(!MQ^w`zYCWkJ&TRGYP6+=AM@U&K%nom)weRs+t^Ah@{MAog z{LjH&FE9V??{4aUt>t;L^528S|J+aD??X9?e=iY3GXsa)?W*u#C1=$J_&To4PmG1G zp8glZNbB-H^!D@lANofJ`y2Ydj%P#v7oq?67Wlbg1CKFqbQ3YUdA`wSwfw)lN_4IM zSIqx(u*v_uo@c}V7c5x4Vf2rg(U;#!Yzjpe9+THfpORBIuhptD0oC3A9`5(^`G5BJ zHu-1#|+~8BsDl z_6wlx{2R+)YXh&un&bhs1=5^}Zskih3urn9oQDHtMYp-DV;JVlDa|aO(v_wWl9Up4 zOY4oaz*3&r27$~bdA^#*;N3VT+TAekik$m$B~GFFlzhf?s!W{)^QpdftXvkgtLFUY znzjGZZk4!mx}W&Fkfr!lgtOS?>G|7}k8izKzn{G^uYw4pnCrT8z6WR4&9cH-)=Q%f zO2W>)^uwwyoWme;OR}R-(+`8Fq39(P4gQ$MVYG;3?P2lO3Pp1@BLms|_-*G@F)5(nPOPzeoSc>R58p$4?fm3zc z0|7(Ph~aUJLhw$0vkh-Mxn8(tYvgpjl7$lc+7Y9zaD4)b77o~T;R&@`vH){(P+#;Y zR;_Eg17B>hkM{oFt6p!?oAy}S7wGMQIbOoWuR1ag6DDv|>Z$u$CFjgw*i+;XC(Ctt4rY|1TO@u3WKikMX)pCfyy z6(45@To5=!^OR66e1f&i%fu?D3_Z-LUfq@WYEHEa&uUJ!{k8IFzdAZ>aF(*ZC3@}jtaFiBW(y_^cIO*)YQKe;Z{x=mqXCSoFg7U?V@VXkR} z8JGW1PIb+?F*2I>M}Ems93}+Ed016^l9Nu|)*+l13K?%*F`FBiud7)%h8a}=TGwZ+ zV%EjcvHtnFA#gmVh_QwvJY~Dxs-9)|f7612b^hPGdwKic!BKA$|FxFqaq$1@c&eu^ z20Ub?Itzamc2pU3H2+mqG4GvKYc`QbPv)7M{)Z@u$lVlW;XSp_Z2G_3KiJ>R>wo>D zP5y_qJhINTJ%Ql(wd4HJu66EkkM5Q^yU(>{>u>2$2$>hxflPPob=|pAKh_W7`HwV8 zk67h*lq4);K5r}pJl8Osj#VF`rhvDy4X{E-Ev98KW*mNrVH)jzM2tY^l7c za*d`!mjBhuOuo#r8BY}H=OlZ1?s+}=Hrm-);FrsnzJl$1)oeQx5~>9(&(Sus#mwxV zwZqPppT2QVGjr5tDdQVJxWdHnm3_^X{(Ua&aa^G4=Q=wbe0x=S&gai(K7W39cPj1N zB2*@FeIin4EGM zc{htMs!#4yC~$$8hj_c~=3#g>lb*%hp3-7eUj*UI0CcByN5HN zJc@q8C<@);TKQ?|Dsm(7ovrXyGnWQkFATPJ_;^F65XYrlQGL(}+xrMd=(P-U+xh%?MN#1bzJT)2pUr_6pNYT91v~-E6}r1O zP_EEj28#Zp8j?s>5$V7%q=>QCb@U-(T^w^nV;G$gT51#%z4C~4ra10gtNXdS!x}O1 z|L<|E@ALd_6GC~Rl%zGI3oz=e^L1dGtHBB939B_JH-YC>?^UmIh&m(iyrmCoN*scP zi^SPUT~t+t>+d$Z4XQlDs$kB0lE%d~RVyZNNs++Zf=)%FGZj3oW3}AJ6hzS>OYU$b zS1+Zbs24t1njOCMAVGb+NbNLWGSA4w^w0 zD#%&y*i=7pr?gTAk5_NWL9{St<_bsqd;NqdReEsT$V}MUDR8Hs@f3#cyIQI>@ z?$-IUiONS_}&C?NJ{_dMaqzTXHh;2Qoomwz&XmE*SfSXQU(3HFI_&{pkFY>Z7Q5^Dx7Zwh5R!& z|JQ=tJTgEH|KH#3<>Np1_V+jWf7bFW98Q_9l(q?@oIi}xoTX^K;JaM284^NM09Fvs zS=LoeTxWCmw881!nS###StkUPwqIz4(5>cxD`#8B$2Z zpnYnvs_mo1M+!$H95hSGpT`QXap8{DI+ircwOsJ2=;VD&bU)~y&8Pi=gy@V=Zaw2- z{i5kq&G!`-yNT}}!{tqc>R*HHHCVv2q*HL_S!NlQT!oJjo4FAC`+KG9!14>>hs7@& z1K&6T{w_haF{s|kef`?rh~kgsSycYdm3W@{)ZYK>7ViIh8~fjSp2h5c)kj<#_$#u4 zH7~FHC^Av4PK(g(<<&fm5l8YqYk`ywosu(I(R)Cq35ik6-8x41pxA7RD?j09QTngH zUj_Z&@Ar!I|6r5J>Hm9;7Ys!s{qH;zC{2O9lV=UO@y4uFb$ese{vI!?1SOs> z0RRgo$XAPa#EON|5S`zrx{zxhfUFiqxgY&1N=lgL3MoB&H6b(s%mwqnvH%*AsJt23 z{gNLm;;w&Ql>=ZxVnTIRv&?C{u@S}`LmAR?oh9!ue>YT8tGdYnJ4Kx0;2cSm#j!~! zG&i(`ezNgY4w%M9w(1`3VLIH(aIxUWULxP<8*O7sbauM~lux4Bu1}YjI#}xR@(+s< zN`IH%92*PfB@XTH6eST1)nWyi;@Ax9sH&L1V; zTQ*ZUIoq(qiGuqWw1oiI_JzEa7l_H0psd!*jDj(_AKh{%W96vT0WTuV%s*xEjFLJi z4I#geax!|JriM&i$(iBo1<5MtZ%gW!(}!5!i!m@ymk^wZtuz?8QT-iljHeKUfJ*E$yx0Ed!oE9 z+SzDqy~8aqnu|;Bc<%cZPjImz^Q4Nx5sYEp=xUe2B3%HZs1qZ`QP>7AW!m5_XzS)} z`>zbhtz4Ea^FhrbtYJXUL{d2Jv(L#=5xv>(3wGdcZNr^hdP%EdqU);qti_lZTBDoM|5tQ-w=SOFxTNU(0#Dp>F zEhm19D>qB}-q`lPr)OUNA3`=65=g^2M1VT}-`~yi|NZ@gP5zIyJS*h?GsNWzfm&xb zdSh^ky)BP5TM1RqFt=Qqs0FT@tGDuygnb=sFk7%v8Dg_umFrb1IXv0*YA7shMF5|JXmu@&CR4;n61kV=Ye^|IhL7#$4Ncs4?P$ zK#1D#@l%sSq(EGkAf48C)Tub!#NjD33O?TgZ4a~CG6*4!18}&f;}I^>(FosycBfr_ zS7ofEI79)Y-R$Vhj<*IS`C*!MReF174UDeqvIg~eg8^hS$Gvc#HpigdZ-YPc{2yz1R!RRKfW#XNHHC6A95hKv8zkRqN?d)~ zx*?~t$Z3u^d_M&Bi9IWz|An)cw+hzN|6Y#%_YMy?`QO*_e7p32LS%T#hWI}m@fTaL zq5O~fSpogOdc~?`|NmA`|Mz+a{XG5e?;ULD|2iI7dP1IBaQu4aVZM6B{IjeNuxkAV z2VC|rqGT#5ta`uY=GG$IvB03)giwyC%v$l52ccm>5xx`D^epjTz$ZySBkl#Dh>4 z{9)Zc8Hw9lptC>^`L?;#VAbHCl9*ExMTq92g%_ENI8Qcr2U~7deqV+8>0o5pX4x9c<*k^*rA$+mL9vVH^)? z0FZmIu>d^cX9e^>L3BjuR94?F6)h;A@?DtuKt?4QQ_HnTr?-Zb6Iv(SAykS2N%6^Hl#*E1>^3gkD7ihLt>^mj3VN?LYn9P5!s_Jl`(; zH)y$G0uRds>^^Kb!6SU;rT^v@Gw(1zt1M(4{Xg2<&&&V4!wvmk%j3}hmu@k!vKXE% z@Y336uF$*EFZ5X+K^%ehsidBOp{(DEhOaqI5xAM4cqRm|Wh(VHDD}^9d01%(k~hIw zGr0FUm)_Y~zN$dJI{^M9L!GVL|84QI162&$TWOC+n?eOnwZ;!5Ms5{5zZ6?XWou_T zU3HQ#rsfTm%RObF?C`Wd3dp zifK>|$q+$`=tpveVxdQ>#vG3Fu1gw$&_6zl2_j-Gq`0w>R_v8PufcwVc za@I=n%zNf!U+7ZgqQmYON7M51d!5y>EUzeBNd>+DF4Dg$S*N?eF+)L0(Zv-`{*EXf z-8m)Z{2G7Rg3Ms18~*eF{K*xo%`WA5R`C=Tgxo6G*M+J{H(v~g%N?xpnrYrqttT`2 zPFG$ZV16CVaz-u5S5}CS(LG|L&8}inOueRi%hZBg!tZ$|3;-z3`9~awI39zCd9oFM zAOLdDD)*g4=p2ojPpkzjip|!{18Fwu2?gw0ar)m(8-gxjtO< znOFXwKpLVL6>@ycdTQkV!@Yxi{lC4vgN^*ZmPg9}_BhEP@K8p+UiR9+GnXmL)~X%8 zJ)3N`^GC|i+gr>yj>i_3e5kLC^mV4vzU;T>@+)zJZaX>kWC(dM$>fRuB*St!qI)`l zly|kz)=5OO4ueHAZgFWVO}Ev3dVVdUNqd5#X_rlQCWKtIk3m8h@8Fnm7)9IauQVA` z7^33moe)KcqfSC19Ne{!fqco*AV4TY;Wike5uvCfU(1}&n8a2eGF0Q(=n8giJT6f^ z7x6@%1-Quy0AK(BT6M|z(}!k*N@WQ1yHgT#bnDb0r)hk`K9KmF5bkM6`lsI+qQ{`$ z>-DUySr8L`CKvD+d_dR86!VQq=u6jD{*7>)-pXjTPPxqcDpQ^~i4b+tM3!~pd{fy^ zKw=JYjHq2}f%g=~V+5XGZiDBsqy+A1a+DyonPwF`pFhj*o#N+s3deayuGHsCef};f z8e_)ko$^KUyr7g4Bp83dqb@}WVS@YI=^{i`A96S@z;KpEk=czIO%wZ>+e1L6Qz#Dm zr?&pEy$#xO+TtI+hArOcxru*v67k>9|GN!SPNw1mUv!d&g8$vtwc)?EGwl)5vCu5r zomlo@*4BREh&uP72UQ=Hc_`BYh0*jnX4((lM5?*M8Rut{w=V%yoLh&_@ z&=`f9?6m-x5XL_senaS$|MK10ssG~a-J9%1#(vdpOB$hL@Zx>S__@QgUr3wNuYxst z-^p)I;yd|!nk11l(7-68RK+e|sJDVcIyb?xx^v&s?kT)I28Ra+dj~B5MogWf6?I1u z41bHGJ25foY%BR`wj|diO6@Im2fR>bVU?l3jY8%9sez5k1z|3Ara zRrNpj`bT@k`kx#7-&&se&VN%Y*n^$_MLZuXfq6p2WVb!9A#UMSnPsP2qSFRuyrn>H zXyr5FbivH`4cPcH+Z|2gj^-=&w>iyrU1he*6Asx&(P&rxSjd7Pe|7!>U_>Zj0LS3@%Mp%4u!DGDSTX4Ey99yJ)_;JI0IwMUD3}n?K2PHq z$7ArEb-Ug6f8@RiAP3JG_yUH|g9(6;#K`?xX?5?VW$f7d(rl%V<>rwl$1}($#~$P@ zw^v8;Ebl5XLY_PFvIJzKi#@7mQTb0A2OA22HS*ul;bAXd|Fyrj(f`)+%qRaXUMF)S z6s}4roGAzP+m&}OFp-r#bGI)cN+NPMMe63I144+VBxXqe$vEU_lt!#rL)<9_s;04U zS=E^r92=}zvnnA_XtC>{{5{Zut2NIx(F0+}Bk(}Yrt&=_s-ks|^I~{u0r@`fjW^h~ zHnLc8OaA>($GL9bH~fD6i2YDr2%EiL|6b4X#*mlxXXb~uEP#<5@SglNJU@)@)lb73 z*EwgIe-(W`5L`WMyrs24;9k9;+cX+s;_y5}OZ}R`I%*W3NcyZMtt$9G_f69A!MpeN!phHtVWD_2&T$ z-u@oL9BAIV`G70wt~^Jbik>JMyFaNuM^{4M+QXFCi1bG9c49f9{ca^kI z+EPaOH2<1S^fiu-Mrtnx8&HhkR9oQfvY%WvQB`AnYuvACpoukR9L2wqAXnsKRu4`a zBhf7sOj>f`<8)DP<(UejM!;(~kBs)%&{+ODB>xB#m( z=I!hl!;9cHw+%Y$ZOw!6{^gi6!BUtUkQNa#6bSQ+6;)ItU!u%A8cPHV*NG7MMRbR% zzm%ETdd3}70#k;<#^+RhuFp9c|3v5%^5&=9w6G2xwx?gwHHwbG96iYvxsE8}DCWj^ z(TsHI7G6*DP>5?7rBZr(=N0NHzHbaud6(5yPG-(8jnIek{PCqf)d{Q3`p+YrbNb6i z1)rChU~yi{Os8ZPX8Grkhuoe%;OKXT*e@uWs+MJdR#+~YRl+JP@d{QJMu_tNl_Hwe zjPhP7&bLTUZ3EE)0IA&kl=(0@Z|B|eLa#H+_bdXc&i+$`*3<}D0^odRp(SAcr`Vvk zra+1U*MB!Jq`4kf0i+H0G6dho#m;%qZ9gl4%J&8Wz3h3e5gvL!#v3ujs1tAIIk*~x5V^Fdbc#Iwu- z{)COWzT(HmGSQ6A7lSq-;d^c9)RJ)aV%|k``>I<>LYsDZ5_5bq8sQl8yJn2Re5^Q) z{_A*A7UuLeCxbFA>(&DObD_0pPaqB3#*-oUYbH1SGsP5zZ&Hfm@kKB}VH)9h{B9f* z`}*xI3R0;r*eD@R5)zT|-QUn%bFIh+;bYc?>uw>BnlJCEM@oHfZxf+!XYpv}>448y z0+#YCtZhINM4^=Q-o@MCT0(maJ}DTL&HIn9r9HZzRQ9u+?f(y7a9(u785!}q4NoW< zA-ceht3W$h5+L((BB9+)M5peK+#iC>K#@8mxeqjX5JWL{iKX(X&1-6LI+~x_xs6xB zMh$*lBox8$l*Eivm`UW7KhMjws>f+M3mt82)4!>h9_E}vT?cdt(fU! z6-(tN`*VRZ>HijiO!qd+Zc8Yi>A+rOL8<}xt^?=3k*B%;kGaiQdHmmg@1PL>-P_;W z`2Vcqncx2>pUvf4_wrGm?a{~_kxDvQEMPm*|IXRhSMM}r&SulVtK9dCFfY@^GX6?s zeJt*`WO_4IpUI%io{B}$C7c8#ItCw4&l=INFvNoTz({m62mQ=9tSZY>0b}Jd z#I5QY$-{-*z0pGpDx2qCp1I|JU8iw{^`H9(y+Zw${r=HL{$IzlMEsZU71@>9=}?`v zuvG5H>d_sa%*UraR1y0pkdvvNd7ABCfgVuS)e0=gE3qHv8Tz-v8Rw?|`ok5{|NVpg zeEo;L{e!~|{a?qkJpC`Tcgzw)4zT(JVD8Rt`Gca&HBn|8nWcKp*0*QI;N;c-d!F6^;5rZQn)W5>S(*WoP;#4j z=Sm&=R=MUj1H^p4EF3JDpll)4UyTvUYr8NALj)r0JH(!rJ2iX*AGs4t%W$EvsO%qeHb=7&(jYZkX7}NpEU073W@aggrh9O0aU0(iS zy=IhAOMY`~EZCPgw7*l7L@V5a;vjygDI97a(mpyBH8e|LNR{QYnL=-^-@|F7eDrq9usgO?GC z!OMt{t26=aS+!=`_8R1zM5qng;{Ud`Ku;#jdM1zQ^ASno5FEb-Ar83n14G>W*sf9x zV3bT?f9J%BPf@(8t@7y4*`3$Xf?b@EP}6`#JD_BU7H_Ks*`+%WRBgddd_8T!PMrK8 z#U9knU-uLyaEK$!F=E}5vv*pNWX_j(1SXLE4c(a$UvhH6#dt!pSKs|#IiS2xI8EJ= zO}4kPzw~|Nq+FK_T$ zNO#*ld7bg^hu;5^^WUAIXo_X1%WB4`J^%ef|NQq4cK0^^pKE!ZfiuWCqA>%U0JZDj zW`bfcOmQS7jsyl*aEw^D^$dIzSZ}iS12#cX1jPAP##tPXx20~)@imf0Bj-Jg!`3qp zqp>6=;AJ8$LMQ|`m`}ie-|B+j;^+>LShf@(fdo+y;TUyW-8UDP7o1SkdInC(bV_3I z_tOgyV#-?GG3Gn+zY6?Tcla;5BmZk&OvXFnKju$%9q(iv4PhWC-UvsCwf@p&H%aR+ z-66bc{iVyNN$W5Fr}Yf{9a2nE2Hw4S%Ua!pl0Q+vTU{I?xTC(KYKAdb$CqzbI{ z+dn?MJ-=v8U~sk53h+)VZCE-N331J8XDdS|SjoQxQnG!8dmr|UL z1EedkqYw=59HFAs0q1B+t`QhGu$zF%oghLmPLobRLsgM!Ag^%Czs*lJfLZ|K8{nNYxj0gn-dWB9&%qfW?MBgiO z%wSu-*Fm=S?=wnn?*`jyR`d$J7+meK3q-FGEg1&z3FKxN2Cnv)Oe=?|JJ!pAAn>IV6hF8#l(P~q)ik#Z zoTB5IaLPs};k0s;lW^)SrGDovr+&BGlIl)sz@=Acw`$9G^LxIV-}K$(KomW=@V%9X z)H@~J?4K$CQc4JgtWsN zBarNr$CYCq&5Hw0GQD7l+pC#?UpQFv><};3Z3giC`51s;q&8N&qC2 z*g4aA$2b=BP_h=a&zd;OnQv{Yxv&XIqfjcMN*PwWO=PZez_4Hpn1dVnl{OrTmQyj7 z_Oz^<=IOZCEFeHn zRMI51PAm@_Q-$or0y4Fr=6J%0#AD~YD+HgSn0JAY$IMDt@Z7mbY#$;N3#E$$vO`Da zFg>{_Kyt^+LY8e{Mprv9oZ?teXXhOXF*h{Yd3}x1&A@^?aO^{DkO@q(LwQmmV|W|` zDn1Z@TTx27w7`I?MJW?hPS4c>3xNy9Vwa3TX?Q1yG8bfMkTX9?dzKhPf~38b2jHcK z_!ta0P0?Vh3*L#t%kL5#zzCfGcycQGOp|SJM^Z4w;|T{h;*cnyh3Mc+_D3wu^m58W z9EW1L8Oo*!!G$W|pRI{G)`Fd+iJ;J8Ex{m1c?Vzz3>?a<{`T&5n8IDvJo{-N`W(1- zU;|0{VL%B}ludKVE_gSpTRAu$Q=!Bo`R7lBiX|Ed#MZm8t>^5bfI3gMsn}#O4Nz^T1uKqEHzzblmP<cVcvHn zrNBJ^y0Px93rZ2n(%e#<%6=_JtL*pt!>k%ya=7I>kVr0pT7J=uVU>`9LncC1DzfaUh7%jaKR;D)^UZid?=?(?8dx1O{?q z+d?f8qeWP-V#Rk;PNtBHlNQ~HL!VG(_7Y1hXv#IBcPh`4!euS&s*_rRA%l2~z60L&c0r|&MnMF3-_>?{*VLlmRX-tiCba`r&X!4{(ZpyGE4a5LHe@pF(x(B@RW50>l`kcgFTtyoY+h z>>$6N{|a6XvhpKFfOf|QU%xt+zunwda;Kb6yX-m`Yzat)P;g{28kvKvjAD{ci$g2z zpi@2dZEx-xPzl~NWn3NgA+n#(Tr>|PwQ`kM`2DWmsgYzuz{nK&rb{iyTa&2f+2%)a zdXT=9kjh7ud9~G%+{(Onh>ZArL`)#%-I4m=gJ4X%&F9PWPN_O>})-Ct!@%_!3_oU8X$Q)HuDo^ zuh?dPC&iDFZ!%tCCTWDhLAD4NoI;MqidzlNkueYmjaXeHc`GLIaEQc0GM)xkf>9do zD6e$R{w~E5&Y`rtb7BUqBv=2#kJ9;)STpGtnnviamE}_;kXDVf7kOQ9A|yA8SQ_zd zaDzZZ$d$S&jv{G1Rq|JSr(=VGzG-ldrh^$2@`=)uV|AARx^i_K+VPkL0 zcvaOhNCl308eA#Uwkoj^=dA8N#gq!Vp(!Pyc#LBhnV#j&88?9f7(+CH*H}3WWRgW@ zPZ95`ZE#Wr7SgkgHUbl|=8hDbIUvM@PGJPZK7t63P;eJ0*<5ukzhT<6_fditqY=(b zP%ud-flB;US9wunU0$@vt(18J1MBdK?5m-V5{gVG@ch4KO+1~4{5$EKHUbI~|(tG;x# zBgt>^@Ak|8026W}rnIdV3p3;V8oD^`oNkG@gh{-Sy^DSFZ+sO{791@v=qWg>=rGr^ zC9K5#L9VdKKwHpAII#8_|Hi{$=iqajrtt~;K;m;kc>5T%IZaV}8>sicGepJ9ey`VS ze^nx{4q$X{JEe^@Vae|dog~Q#oeHVhb)hMId6H#0dHwn8z_XE+shx_1x<)Nhs{JUv z&iXkU1?mC?0h!9{B?F+FqD2gUc5%kK;CE@U6RZqIH}FmjMudvYiM}jUl*MhU?vx#4 ztyp_0^j(~3N1^D>w*w<11DOjRZ)dFqx?04@a%n3iNv@b!5T-(WC`u?|DCSDjvNk(; z-1Qal(6KcR?-V(CDd^CECy|gIGui_U@7Ep&68k0O;J;4Z|7vGhiJ*=V#dm~&X=eFX z*3z2^5!xtX%(l`r>F*fbAS$ihN_bR98pb5Po0627W*N)OE{<8zJH@~z6iy*5Ds>(} z%MavK1vuDr?HcyQN=YUoM2LV#KuZx?uQ#1oD>(T5ohE@9z}bvZEU?$~sq7(;BC$Rb zv5m^Yqxss^D<<9amB-dL7^Ym3NP)IHW_z{yUY;1soUo#$NdzTPlH#{JDTzZjP+M^9 zF)}_F4m8q>S=w}@nP*^fCk~8BVQT?o2wihocIhv+#jK}ZUem`!XdMY0qwXU9pJo2P zzkT?4{_e-$Kfe308W-TY{BOIvy}bYb-tO+k|92hFGa%jb@GzBx^5+zXD8eyf(qs1* zp${rmP=11}SFdtXZS}k0Cql2(yR0zrHVDx*ibx`<6i1A!D_CXm5v_hqr-{RdueC?8 zz;ksQp`wo7z;3kToMT` zFDAhPiW6ln)y^O0Gr4Y#N27Olsz{T%*|CO0=VK)iD#yF93;s*fMZuVjk=vmXmv`&K|BFKp#1R(ykF=_V{h2KC9=xw4@oP)lHu^z;EQm4qk$8f-my zJkBfpk(v$({=nezcRaedLs39zh~x34>}zLBkk}!PjkP8uK{`dTzR!^U;2AkLx&eYr21ux- zKmf&Ihm#J9LwCwXb#px0##oix9dhrwvG*S5UJq)2@z zP1{siPegNyMv?T*)IRapJp_Z?ROB_bbTyKvVcXmsDh0gEaTPOV@gXtFX4}1#qShHj zQpaGJ3*oEd;zz&RKm7MrM=7X#|1Q7(8FBUZxs|%WyLd!et-)XrkeHDOwIpX1qKQ;2 zoK*?PbehVFcty0ze(dVK#YDzeb#!23)~j;H5hJ!*mjYEj4eXDD3`NAdE}N)xCnL4Q ze=fyWJ6lR>Ak(Sz9&-!_3{gaG1Z?VScl_EZ>+c%O`i%)p69Q%HN5}4#p}s}WED!y*jcDWQ zBX%s1=~MMec>ZB^$2x24AcP6H!?B6LD|Wn9354^~yX;*NC{^7{fQ*09*yS_1Ate;B4iS7vOiuvGw(X)ok2Sf>$2d*TExpf zZGd~$7CiIJSz~VQ)TyKNQE7xza*Y@;v4Jkn%k&k<7zwa6@7Q|~h2YAeG?ERJx423| z>aBu>qjnMOmvw6(^YR#zycd@#O;XArB&OzB#H9>iEsIkar_$dpGtD1+i)gH7YJwo3 zp;yygQ61JT&7@S@z9sXx%o0gvTQ9TG26-=VzpTHM_7GVPsH2}l8(KY zN%MxzW2}6|V{`+i@J~XG0jkwH(Jy?vly+=+DKFoy``z8{9_aiPT<>;!-QE_!aVYK6 z%*NPJ=>-F0fMY@FAeYxTLyBBel#E*xf2th;Q0hahtKk2Mk}25xp?fP}-S2g8HBmJ% z>7`(fsM)ciCMV#!*FE^5+uwFYQSo}WyZ5Tw+Xh7@t$#l3_9VurRBgJe-B;aS*9SmH z25Kk-+DNQXEKz86*r}Rm@p^CKk8VI!|NmA7b=6||B5Vhjn~CQZX0<0%%8N)lTf_J^0m7Kgn;63aNyk>)_J1P3}t*N7_jW|WUdG?oFkvWB$noP^hy5vt?M za18biySLjQR3RytJJuBA3wjx==()?ks6;3_YbTN3_e`*2#&N)`M|DV~#Z0-bW&unp z2Z8oVR@a2YgcjMGzzFfKf$@F5a?HTv#)o<>jx0CUb*h*jGo+Sc#!AE?fC<*w!W@$d zMPV8s5I`XvzzFlZiYW@_ZG!n5&GIC{%Ez);9Y?uBo1}DeEXRRfj>EZxlcP%Eg@QoGcFe!wV;i!(J<#>}w8mFc$|p ztmHrkPhCAeeBvBvHSj+z$RCyiEdlpKaiFC@en<|q3cw$V11%2w!*ig;VXx&tdzu67 z=Q)sZAFg6T2bD}{uY2&sugedfI2T$C{7(z=hvh;`!2M8MXep2%k_)W@@Q30;i^Kl# zTxfCFYq`*_=0bZVTu23Bm*1qHn&b)Bd);2QXN#m!B$MN52i`23hAbL2)R*hZE-6zS zsH1rs7FtRDf^96v^?JG-%9i85}mb1yQeOU{I zyD4$1+A$Q3^uN^=p-d$f6-p6J;a$sIJeJ4H065|{JFw0Dg>IZUAiIvc+EIS5%u!wz zWvO&W-_w$TIMa3rU5ck9hk93!{wo}!=(S9JuVX%87^)81`jfWK=f+9d;L2}n+oY$E z2^(ZyT(w2!v*BHZ^W6=hSAe88qtcMv0yu^^-Uc|%!T|NJGA&$rM;clgJ!>zHVMGxO z?^GJ%k~zsdNhPbJWIDMxY~UpGH*Smyt99Bnwdw$KoA@VNdvABOL)-2Th20f`B+C}h zW(%&!sVK+vb0dQAE{0Pa=q&Lv0@x8>y+px!1lCe1u2gnv8_9-aH^lAQl&!z+cXxM{ zM?$~5yXO==iSD}ADN-l+BC)MmroB+jOl1IWK#{*U|Gr&0Gh4GrW&V)2`QVq2AI~mq z_UL|Z_uy#ekTi|s{GfYg&}_*Xj`f4LiP|S*_f=sNb;u+uRAa_|BE=yJpvq&C6$GQm zCja(grg!^ZB_|WGSNQB8TMt#yOH98E4wGQYR_u}~Xs)G;iOw&TQm>Fk$?-_?<)$s2 z-S*GL8a5#TnRc@ zpCgrnO=j7Vh1C)$^B?F;?z%>TOfq4(iQZya$Ed4h6fx95uJf*>3)hfhg(g*BztwP^ z=q!YKHEO;-H{cI!O}B2Vbz*|y+{CZ>eqsIvy6?+wUQnW9RqlDI#Q*FE6O~z1ynU3`SG>Ci zRdI7w<^mz^8H<3Cz}zhK23WD!v0lqf4FWB@bbEjfg#O4ze>mYlT^uVfXCf~jj zO{J2<;%pETcO}$YU%uX!A<=f_$%gvc zYgb--oe^FC#y>zRLD6+OxOO&BUSbW{Z#3YrIfuJN| zx$JVB!qEr^T6dqKnD3ZgJGR%IXJ*Jw@yD%htMvtZk(M=u1Yfk0B>&y|()rTK9`E0+ zFS#u6?jJI{c2-sDiz*l;{#Q(~qy7** z4AE;slL?F!qsvli%PO5ICu}0aP-a7J7J{LN13lYwZG+$KTOO_K6cj}ShKOc_C?gOf z7;r*SsOoe(OfLJ#(kz*>9NoDns>(~8>j5%SsOx{KDg(NlS^#57WVH?6SW~3&&`zSS z4dA=d0RDHa?C$om`|&buS4PbDx(9j%dfkKF?rm2kakxO?x{-j5UF#|~?q>idWwtyXp)6_B&l z+s6oMwL<%NplzbUJ|1Z6l-9n!ZtKhIwpzucq*|b|ElUR2ZE5c?At03LCMC`FHM7Ux z^zBjqmCN7yuNv{U{U0oU>wTB}t@q^k+iDDqY7azL(? zm#hTTwegZApnU*dvIMlXyhMA-^bb8=a+vXw%0$aDbjHsIWQuj`z>!XbV+0@_r>b_c zG7BoZqVCJoEyE0a8b)Lc62f>@T1xT3&TenFzth{_>F<>kYUo^db~`jNI{gE0=?sN+FHh@Jy-hs9(CStMx75Vbw2zqsq_73)Onl`KXzExO`Y#0 zPtKzPa=p~~e)GvZ9%yT+vvy+Y?|IaDuNigTx77Jyz0~<}5a;_(H1l{MUi%4MX%?Iu z(rf3e{;r4gyUmb(&m#T)_lER3cC#bqzA`-0b^ef3h;@p`R0iX5VuNO6$_q}cHH`~@-yRCa-TWv8ASxZoFJB*zgnP70@AewT-VgtER(iCIkp}toX z*;_Snl$he|s~g$wL~!zmol$aoCq0SB6T)~J$0#yx?9z)ph8$lb@bT9Ri(t7xG>af( zm{n`O?sfNmkoCkY)@hf3zUMF3Z{{zzm)!yFmLgrRh;(OCp4;GAhG)Agkc@o>p||A+ zcT0aTF1r(3oz6o*TN-eX?bd}1Yu2RU?JY+%hS9)}r>Oe;0tFQDLDv?kj>iZ@h%+FT zi~*LQ0FUle8V32TbU#-`8r9!dNXB%g4B4m<2a{CHHSiqD1wh#%8mqD#a+F507d5&x z)T%Iu67+@)z$|uC1@khZzK4LLX%eX%Mv&_&l&lGK?y=KuJg*%0YJtzT?@=17GKgS^ z#IDG^1z6>>umQ!!Ed8o`+r2gWtG%zG7vfn~hg;0cd5;;0QGghO^iFh6XsAjMIs|6g z1wUcR__o`(^w*Vc{uUrI5)+hOQ>!iq3OXG#%2D^A+q3-FoA0apAN`XYL)ZCzk7GQA zkyjeaSzFUap|P!1YBEk>1_rxbAe44!U-Y+VF8s0!~g5Qr(# z`q$S$j^fdOZJ|1>7$x(q*NHmHD_U-Q!2x#IfnPtXGa@vQer*|cQPfdK$gn{@oQ#O# z`uqxhAVUOT3=pM6XI>ydkWy22RAoj{bw^#W0~m|uLjxgE_cgsAGeE(*Z#T< zWN&Y86N;G3mT~;)kNk+|YE{LgUdA}u`g*J?Vo5eSou(WPBV-GV$)!_kH4*eo=P{8U z`6v!Z8goQZxDBA*r3q%7(7S;xCmX<6tXisL)k4G(o#GhjG%p5uMejF+UWvYBNSZEw zPoiiDgR6ld5&C=YqXK4_Jb5zzNsMHP;Zv7}wpy}U?x{|hXVT%QRD3@wX0A)+i`^(M zq$`Dv9hu_dQWn*H7G(W(_ynnVzm5_PI@tEN)de4kylE7|geC672lBoml^nGM%mec8Spb{S$QuBg=Pi`UhKVCj_|5SB^ z9rmSXqY1@1jDrcH;JuYY@|*I}OAsM3Q9{Ga4AE^um@3Cy?CnKXyPtVsk;kpp7jOnC zoC@RvU%(s00*X~qBJr2Xq41^k1<05#p#Qhy|D^(>#QDp7YrhEke2qiF(WT&_?rv>) zXw7hKW{#{JyZrh_AaM+*G6zB=2)`=sY~q{>b*aA$+Eh)vlZkWffrTvR`uhd^=2oF` z=$ZW(d;x=Y06CA4(`AR2BgT7}ux%+}C^?V`U{#W+8DPQjn4&S{=p)fvE8hz^ zPs~pr|9Yx^MCaLaLyGBVIov<8%+8I{9}S-u_Q-x_*86BS0XVx%HnkD7~&mH z5mL1g^^0Q1TXJc&w5M|t)x+-yzA265qJiJfe+3D_vEq*EWH~$Lpp_m`)}z!z$`YJ* zK~+R0W-|C{2$`&7rNmyw(y2O=@(>BdD~VvNxQ5KF!8t=2oYKgCzezjgl6o9Tu0}p z6V;*Q$ueiGjf&$$%;AUL553y>PdttZMIX#s8o5HAuXpk{Q25a#dSPaZ5XfqT>I3fO zvojVCDZbGZZ9Ctyk_IZSPg=)9%mSG~>x_inr_4PM8U1t9Un!C+DZm#n7{Q3ilagah zni+{U`m{^N7vj+fQL*kJ7V_ILRjlY5L-5JqMUt{fLdk9Esn;Lvgy=eV&c#96NnmgV z$B6CZJKO4l3#3SV{wFXve|z%g{oC#|R9O+GVuNt366#1TD+V_*e_RxqnQ58LNG5uI za@SHeQD!Bb@Nk8km0k(0UngRFucN6Qa;ljOv_KfDs^+04XGM#u#BRoG49DR7Z*Q|) zZSH<6U@lC8wk3hc61_DaTdwhv<0f*SnveM|9t*wU!x+c6iw})eFP&I)Gsoy}c@Qo> zD&j#n$6&knKiA#L@vrunE(5su{_e3(u5#f^7)W)D%}UsqPd&JuWpMPcWlK!rYL8XV zAswQVaJt^}st2tD>R!)nLm2Mm{5BkWwI^xjph~fOpGF)fkyXx_Vwg;5I7$%983BZ@ zIW>(+1UY7Gl&T9Yy5f;dNh1|#7)&s_R_?mn0CV5=sE3gv0f|v2BzneO$66bQ0D=T! zX^(bqUqB)R38~t~;FlBM8oLc{COA@>yef_Aq%d_d^6I3V3Ud7ifWWHHcOXnPP099V zTT02rkWnYgrI+jl`DrV4P7yD;pV~U9k%NB_deu3hB#rg_{uYy)7`$UF6?-UkcAdeL z#2}&gTHw*o4ry(*{vkBjp9vX9j=Z2W4t18L46jV@rU%n{TgzVF6;0O3-_K4#f>id) zA>ua(X~n{Eh}K>GfB(<_D^^?9tJOPc(`0Jk)Mm<(1%IM|cfmW)d?*Aqp^OSiNVgF3 zok~tBa82M=B< zF{M32xhc8jRV8UP$x$BgtL%b}$FO0VN?}SDBK;A(wfe%0$eG=$DAW z^J`^9%i@Rvw=F67Bz_M`z%t1>h)5cC$8xu%{G3@zJ4o2xi1j z<`o4erWG*FTCIQN3?%mI#aQZl-M!wwZ|g%xQR%k{3AOc%N%MCcN`+pbnlyvsm?PnT|}um)W%4s4F!ti z{Gu^X8DouwP~VOHqL$gT& z)m2&V41dBQnkIyc0c7?ZOAAsO8}qo?ViK!r)uWL_6_RqB=~}AJ(uypAykgx}tKS7D z0ws(A94N9u$u(9Py`jGfvBnC?`!h9NO$3@uuwu%P%k7ZpYWq{yoKlie3DK#yJ^Dfj zd1IPu4S9R5Z=ocV=oWLg5~U{bp%Lvh(c~6wB+78aIC2FI zoj2afjviGNC(k|K9&xzFir`oc(_!S2=`~{J|37{Qsd+(4&D7Am1PmUCb1$9%z853cS-Xz2;?;fZZZI97Qv|k6bjs;=qd$yirz9 zF-!QiB(4pF+LBh#h>%>On^))tIYb;K5yK=B>F}ARb01%YxsQroTrM%$+v#W%Rg{mw zzd6o@z#`tATmin!7(+G9{W9sdyHXE|X{{W0H9+rN3)x^tB6B{&r1W>iKoizc0cyXD zpmqKG4*&ly7!b!sesWV12DJg`-i55J9FXdL3m;>-65@M!di+@rBVl9agRlLpNgTDdhIg9 zEH*7)#oyNCc(*sFt=sX(QMA zE2s7{A(yULvnrLJLgiLVxLei8r&B$Y%6P;_c(|>psk57WBm?7gh;<09b$k?qLp39E zt(V~;UZ40qJm!<{PKEbqZ4o*~6-u2rB{;@V0mY%&Rz;)QkipQ^?%Q<_`s_|bH;Vu| zF&WQXfFQjCw@|DIHj(Q9-xKRCBL^=&8RKw?2tE77^@`S+8qgb-6uO8vly49wm6k6N zUBU1$QF%t!0IQ>T8kI}2#it}P4+%SMvCrHKE1^B&@3HflBKj+G#=oghD`B)PE+fek zIH8=hnfIN@BjF7ZLZc$CDsOg3*d>1RFXZz!-nx7&RVtsvi7a1pW68d9Nysf-dQ&de z&Eofk9M4eYx(KU<>V5rk?K@D`e!EfmmE58mZFnV)Ekmh19}V!ghzq)pz%}wBO8i^s zvhYwe`3pI-q+egoIKDsB`$VxCfIi|kC79Dy+Kuf)NIbquMt~(f6FD(^I$kkP1oH$D zyK%owz3!ucqPlY7*XvZp!iRw?Ij@s(fO~uI2}65(r^?V34?k9J6tP>7a8q=}*LvOd z@9O+ky>6p^FjRx>BT}(C;<2!=cf!6?VWkM{?d4QxZ!aEQkvE=rk$Zc&J+il_2UJ$H zQjXI4B|Khwz@1hq|1I{_Qr@1AXfQ^~2Cq(8rt#Pi@HHO!6B(#9>2!=oTr@(P#sth2 z!x6h`&k$R5!gCZP_z^QF{vHMG!+L~2l@_)OzU`M08px-ZGUQt5H{t~2(1z0tXtcd6 zoc&_;_=p(9?pI(r5Ra9G;j~f#0D#z7=3jMgi!eI?@22^G!uK=vdS28226YeocweO+ zvZ|-|RWJ3>M^S#6G}T-bdFV+Qx%?VDUKV2*iD~m z7A80GiaCgV)fcj6p77dO^nBk19VUnMT({<%R^+Lz11WtE$LJIcy^gpetN4!B@DzNhenimzr;i!>;998q zyLcpw(wAk0QMBr7So$gGwtm4;u7zIWbkbtjo%u2nZRI6|{ULS;i5h*4cWI+i$*!x) zq;HLob)6VWXaC|t6DyU2hS0i8jKLo%xcE)#mSk9m9LV9eG>T0S+tssw>0K%Z=EOyz zzfAkQ;xkiX962&MK)m>^ zp)JYD-2*^aATJK`r4;l$QF&=>H@VoKBiY785B?*8;9%_Vji^vpq9Y)r;)@sXk| z@^zbV<<{sU22-hCe-am+@_jU`-y+KDZ5SRC<3XzT%``kL1yYX7Dc6L0TSD`~iqs5` z9saFHiOlw^L&l&rl4C=k$}2RoQX&_>$-&7t&N^*5Z>uTOj3;e1c|F2Nu*}hG78&&)-_@@ks`}M(HAbD zr7VY7M8!3`Cmrd(C@xXt0_v=sz;T*~M~B^A9o>S5qq>7`kOQ>IpSSs3N?ttkf}>+( zgLrCPoEtq%E z$gdnGh}&|PiyRd*r6)jCUZt*GdE#B6UoYHU3$woRC)Rx#kptt2hcZe)g;7Wksf{e? zt3`l@ae5-ALKrA@BAu9rkpoe!OI)Lkp+{3mAL*FW26&y9GLal}Uy=rY9nU5zKC=fW zGE65uIL$D9V^IvHA1ppLb7^^P&g*C zB>)MdWH4}kD1*{$A%sxB(8LKBznv=|^KUe=%f^y0ze%k;3|KBxA_&O*AgvTP(Wb* zgH!OHxN;B5yX5^GZ`Z&1{PE2xXwsk`W+Bn$pxf?r?c+|pbJ*$B53Fvher$KT_5Hz7 zAMT?QXdU#My8nLhN#M~Y6~c?XP2aB%`2$Vmlk{ox9kzTz$$&M^$=C}RYVvx}=Ir$z z(91gyoq}prZoh?GWN3-4wj0p?;5v7wKv?xFK&W;Lv%ADz<`lGl!4&`|+SX3ND`Ebq zD|3P08wEV6crwO9oKj6?gj%9f8-U=X)!$5vpK zjp2~M2H||=-~>C+=i|;NP=o-+l2aNn9V=3J)DA^yFR=xMw(avBw`MSrA)dlVApMt& zfUoV&kzk~6pSD|_gOjgPndCy{y*K)wjEVM#R7?)sJi$QcI`7+ zudgazGK@w0+7dNs>6#>MjKCre-;;^}qDH0iN`O6;@{x!n)f@90{zFfkb}eyKga7kY zO0h3+LYTduKnu;NyJQGR{=K>^^=m?p<}+#~?Xv*c93+loVwt#H>E$Taic|1cT`fz| zqr5m#T0=c~eJmELn>KX35p2hn?Qq;Ai7og8FF>QwP=95mb_!A>Mm(AKTtb?Ol0~oN zv_;;R6$~XaX+b`X_n=-)Gndrr7dMde-u~|SezLj$P3U>`5W%nF9j#WYb$D$i2m`3x-MU1D#w&KFTq8#^eliyEU5or^B=Cj#BNmjW7D3Uw z(tV~#Ep9rEZ%yRJXejGY%?p07+uUu$tz4mHH@VS`tV*YI#qSoIqIWqyzl;auE3`;u z2wN=1#zq6|DuOAIFB^#^ig}ebW;#n4u(BkI<>6gAqar6_IP5P;l-P{hw41vTrmX1^ z8G%w2yT_nE)b>%4lM)|UVb?Zz&!!fNg(Jv!K^>fFm>C9XtGQOU0?BclH&tpm8346Z z3V_T25a?P39>K89$hGT?)RAk4Ht3izQ>2Ur zg0Q}7daLe}8=a{2qS`L8Q5dYc`c*Db{4Qv!k&)mYT%~SG6fE917k5s)Y#ZIwZ#s>m zEOSl_qNPh$CG5&ofrdUBy&~U0ACrLQ&l~_PpHLd}Z)TTn!0tRGMfa#$O0IJ1Yj$9& zZKeti4jDPMr6Rh*Cm>QZzTp5><5o|-nHIm0l0jMCV_kK2@dhZ8lzjEXD<)=;$O=Zz z7)Y2MCCn;*q8Bf~XAy6yxXWTMxoI~#-M?2VA>lN3Gq-CZFdlqDR^VfH2ZR|-_*y1J zj9A3AkjH3~s-HDIV%PPTx(ujm?#4Ww`W(72c`?}+jY{Q=3hN3L@#lMcA>;IfrtR&4 z9pX!0oOIjkfG^>L&-8>Ipu07NL!=+llM4?cz(YP40DvyQZe2zyhLqZa1oN5*5>@G0S_~#xP``p5k%+6zJYhIp=-&w&xy#3qHorMYXWsrA_d$q(()Yu9InB8D(ov?FT_K{ z0A+!7EnP2IM!H2Yv=(uxu)~c|xFO@yGKOfw&Jg7$S}e1MIV%3_5jTqYm@t+Zk(T*d z%ylhVtRn(5!z=VU5}AF_M4X7Ck=R4|gr+C4O%mfN5gVT0N(qPs0e|9w zPYk-Y$V*IVih(>!L)hB>9(e7;#$lr+k2q*G+Va{-qt)1#ZvFR!VG9W_vpYS!BqYzw2Rncx?ZPclS`2l>$LP5GDCN=@g$HSov9*wlAtEfE~9-{{Mvfnvq zA5O%*`d<~NB7X2fd{OMt_2bU*@p1d8bGZAQjkIh0?J;0bJs|2O_kiMzl% zCfa}7t)s)EcGCXaX}3CEWB+}O&wT}eYOjY~FJQEK3cge-0Q_E)S2b-<@_Lj=&2QWb z4@{M>*Wxkh48GT4#h}^`u*2TC)l<-}MOPzrQ9T9KdSra4*Q>F|BwneWNo3^(<-*_%CVprt#;vUg6J$YOt#A zJ=C&|O*ZR?*w+~vg}!;B<}?`ZD2==$CSFfX#$LoV*^_{y=RnGOK5_`Odo&Qf*g@d* zL^>^lW3NY%MO>TS>y7L8FR!YBD^~rhYAs%%11Wv^pR4K*>5Es@TBymy1L3!;>cf}) z7X5u!5Jl{yf0*cRB{GRRC&^66>f})Vmz0@<$CwYZcB_>mN$DsAA4P8@WJpKkRt&-T z&nQD8^<%%4ls6py1KshVT}`(q^_Z9!zsIj(=AhSNyPv5KvhxO&C`FGa@$c^yHL|M6 z#w;~ZszVpCH+J8n_PZyC-Gk%(j=1Y!_d2S3 z)q^f_XgGQGXs%k&8lg)(MkHXdH_CflVn0FadMHpqTCVcGNbb$QMPq9P&~iWM)W8#<^db|h>nP3%Y#)WJ@F3u*GP0B9~bG>s56PJC$e~Kczt-rigzd>IMmaFrn|L2mNaYyQ#S}z>bqt2K((AXt$4R zpnZJ8=X3iwG35vRJsCyH3yv2fOX={H;bea|tr&{tkyw1si4%<7WWOqhRB^XyMK0FH z9j?x?4;d;}<~o+{K6cF`c1jzsMqhWvzwhqyu57gu$~Cd*as1Gu$j68#AJH@ZHRL<& zB&g$K3JrvMs-{MT(zOQ@hD5l$(Nu49rK;4aY9{!oh%aTdX6#uXx_oFMmu2*hR=Ls) z$~WrK@5FSEPn6^ML=krgk%A>u7j0?2#Mfi_LSfu9i0xBWh2L7EIjLDew5piu8C*Sejp6 zRiVZ3O{CZtQ0SDwthxl{QTFFi7aL7)H2o>4ddRns%K{g(r4|11x-`B{d;+Uc`R&e( zyYsfu`9|j(oj;q-FUz*PCW()}|IbzR%R#;Sdt)!u=%5M8RMW+A#^Yd#lWq;1obdk| z-O0G(lXRDWkB}j-;}W-i@K^WSH{c`c5tpKv`@+DD=La`zWZ^Ls+P?L?tPT5V=y5!w zxxqjWV4#PA9@C)*ycte&2`Fd&qZ$<+zO)76*aL^HCuB&-3krDJ8l4da9i!8YP6tIg zz0;mir|%n`ZgjfQ>C<((U=Uj{UT+>PU#z{s%a@?Fj0Yguvzyi1Zz0tuX@b`fJMqc% zq;+@UZX7xo(sQk6@1wEXhkizfh;Y@n$Q=qY>vk(~9pybfkMfNC$~i%b^1APf0h4?S zpYjQX!1Y(MF@+lKD5cR72JyV`wf)Q_A0a#(30ZYoE$>@3rRol&@AN&oO*hFwLnJ^^ ztYXl?L-&kc<_Gk0QD!bG4!|6xKf*TpdF-*ff_wi$KFO9hhTn3YA7eM?s?Xd1DK~aH zwm8PGVjKMv+hP#yClC)MzUWEaoYbvXh+5g=BreU?OOgQ>t<8Lerx|Hr7u~9wbtYkv zS+uiqD8XSC*otF!eQ4u=m)lKV&(0$sxi<2V&Av@EPq7XOipoC5piAp9ofK;B8OC1^~H zX@33F2oExYJyh;*R3i%G_`-Ph_~wg#MEdmAoHc}wppWdFB}^_Seyo1~T`-ed6?ngxTu~#ZKjrSUw+;Uxy#C2 zAcLG?Dz3jpH({+S@j|CyzJ%5Xb$}_uL^9m*-g$9+(i*fn)mr+wF{DiDq!;}`yWeVM zABoaOBlIT`!<;h)((R@7a9* zZvmv8E2?DmFt@!J%zZ*oHZM37lors^5trLDhP0)FmTNX+9;T4xaSB+bt(fhsV{Wn; zbHB4R;>-wmGUQy5K{C72r|4f-ak4~O8E|cqJdR>ZuSL%)dUgZK_U}uV1 zEJZEk1)9CLCq%gkBiSMV?9oA%2$o_c6m3Oy$g|MKY68q4Hod*JWzK zkWI=HSRT}!UwmE!(PhGVOsHkL`ZI&QM3NzhW2mY{{0t6!j&Lto&&NZ1mdO7~DT|qy zsiKskb}OD!REUF)Q#hz|kOD#(Kk#7|2Vq-e@@g%YnKlv>btma-4-S#4`cX`+E|98V zagCD34P2nVB4`U0oxCI0ideT;#7Q3#5ZRM5ji>C+nKa=9a*qY(B*$@l0nd!WoLpwv z0n_rCV^2-YX^x&N&T9toArI6*jFHR#@BjYq|JL8VtG{{$e*N`yJU&e~G0)hlM9vuU zh5T?{-*`Tv$iIo+l{KVL=wc>EP4;GiNdm+da>{({4wLT{5j)|sGj*K`1+08Nn3`?x#tDTeo;Fx-IY)GUQr! z&sj#TG=R@+5etNOzFOhg%vMML&LzYXBgBjlv$A?s4q2TTSxuMK&t;I+oA=LIMAP)v z>&F5dKh34ljL33Cc9}GZ%s8V)*tU_o8VLX4^QDoDzEMD)l$M&BXuqs>Elf_QN~)c+ zo4ZGtGBWhxxc5f@U4|XB(`xYEoH?(mrx)eW2rg}V_v$C#zr3m@ZP_K@7jRHb=Q&LX zFcrS0#LXFK1?DB^nIi)$G?$-GpR*GMd}0J#ZUMhqR=_7lz?&4XjVQye?o@F`b+NF2 zo?Y0pGrB|}`(>8m)O^_03NQ;T*D!ZquUMSv6pSY(&&OR@e_70Ln@S$OkdYDCLExj3 z58&vWij&wcedy8w@nVDT>*^S_wdz#6c%J3ji_7cUPp~IUW#Q z(SyUGkA^UPG+vHcuc&wPD)XVp?|0>Is?-{xG5ihrR2>+9C@*uZA=hh_avGj_FUnNG zd11*6jXei4><&X^Rdq0Bu`wA}VPOnyE}XcC^49VZMeKpRLJ zc|VGYD_2P3l|32IHao0Lj+I zZUhuv%7Su{;u9TJ@v}tvu5_NkmEO^=b&TB?M`I_3pQuS9G~0~5(vQ8xM%{+S+pOlD z%4%BP_>54{aNUpf_5S?bpe2DD*OOD-6ImWK|_xFk#I5OcO zMC9QiFXXn~*5TXw92at1P5jKm*0r!lsUNE@>FHfpe7~u;6XNf9-cNNu{-raH{_e*9 zZpXjux8iqVLFS#<-)&n?k>7P2_#QEi(x<&8UhrYO;P_iQ2k|elB(@_vUSD08MECtk zM5<4)hXd$BP_HKyC316f zbtA=>_4ioBO`bH>s)0_sT?3tNw+7P3KxpN57Bvt27dUf}pH4D}cItH0C(yTZY;@vZ zrNf1t-p8KKpV8}YF8yS6=prWUODBiz1AWbh-smz+*;8F8eG!ojwTc;12CGxh?jCpA z2Z!Cm!~K2b56So{svdMvVm(hLSLHHx7G$j#=dBlJuFr~WQr&k+7<7c`5HNU+TreO$ z5DS*@mjxbWK7wN)(ph{87y&A|7C@kuH1Q-wt}QM}pIiKuX|7Lo=@%c`Sc1NI^YR=~ zSyxmJseINQl{%L%W8Sin`$<|vvz;l1!%4i(IjQeqdVAL8T}UTil;mEN=3bOaS)837 zPqR$XKE#`olcb(XQ;)Ykla-!2<1PkT@6&72+ic_|pu%{L9A850c==Ft*(j^TV41(~PG;!5E$q6J;=cQ7b$xg8 zLX29Il-zkLfQ zIt6e{+#!ID6J2YR$qE&6<dG>sq7V}aU&dYE|raD^tPgMqFVfUt2ncOaL(AELcvm4~YVT?6^ccKBL zj{`_;WcBYDGMLn0(!`x@!K7JB-F|0rNP0LOk{Uh_`G7%{t3{R5(VV`do%=mU9v2^X z5-tGmb{7DaQ>(HZ)+{T+gc7ODNQ_YyeDyiby@V|Ul&}o6GTzTjou4hHs>EIqKPoGt zu+N;9)#>OPne(#JCuYUZ%!={WXV1-=%AuWq;>7gxv!CUzC@ptA-k7=iR6d(Cg zaI(jQvpot=_b4KkPn`0RKIbET>P6zHkL2%D$9+sW@FRKTN9xdz)UhAQgFljoa-@#s zNFD!?Jf|ah1W4=?}!jh zVezYG&b^3E-_So&$AujH^16Thf&MGhK#4;`Dw*>i3eW#gH=33cP=`rnSB1o!QoN2l{)|9;Goks=YKrLhfnp~b37)T-I;rW$BgH96rJ9YZ{MElLIDI&33-)JC}2rmS~Seedt(_SQlV54_$l z_K!}E>~7{z&|D*5k%_Osz&F!5>=-%rxj05HSy3AeVBoL}Cbt60ggUx^$lXzqglQ(z zEM-h=B`)Nd5{u7)KZ?EWHgzt1-ZAj4OeH3n4wbaSuQ^u3e4Amh#W3Gqm~SoAo2HB% zD&JI?Zzzmfnr9@;HxW)T5Kb`iRXrydVmI1GRgW6&7*%VL39!HbSZw~AX#6WQ{pB0} zCYk+aKY_aq>Hyvhcd)Rs-S@;{vc2BR|6EnMPVHG<5L(cL1pm6lu1#*KxFf)gxO`Qu zjfst3URAN}psVV`mmhjPUS^2av_Da=9;suF3aw%}9>v%Klm^`yuVT(&*ZKCYB5PNn zt*g+|6+x!+i_hRQ!w&v4d0uy}ajVF*m3J8BG_zJTfAURQIR>plb5@ZtE8morZ^+6q zV?|ZWny`}g`{{*M}GHZ3r zwPWSiGczr+_NyZ6RiW+bA-<DHuHKY2L zK>JH~{5#l*_v&sn@so#S302Q09`YGZ+m{n2&P@QI;}rm)eFK0D0GbYfXfWOpNXH@2 z?t%{=IUMTonJduEj)pt*jxsdvsT2E%-}@s#0qQxTwtVKT3f>gWB8?Ccu(-F;4Yttt|GBFAgs=hq>sRR8Hm29V31)=G-><3b|ISW?sIk*mAVR~&q5ip?0fFc8m zO5ucC1QZ<_P-H;SY)&{yXTULsKnXsAwnPasz$ho4h$9T~t6Z2dLjf!D?R-SgUW>Ob z)g`w+W(>JY^$IToJx;g$lfPVS*PG@C1Gd%#wth-cjTsNvgnAm7^&DVU#sjtp z&N?zU%iyeeah8kNE%7;0vJk#OJ>>fe6vPZX4*BZ_u~B31FPm7`$ZzcZHE^KoBB!zU zmjxZn|LOaUy_sUZIXDR`p#h4ESkHq(r|G)bJwXMktK(wp`~Upd*uxYu=r#8KYV7@X z@m~CUK~Z26@h1y-wXi#E?ESdL`16mlir{Ba!!-lHw2X8=l|@XV9%Yu2aKNr5!YnH! z=0lf`F)PJPA_41@z%BDkx>Wr&*Hk)R)l{;5;%!<;;XJZ2wV-e78C5Ph>ACdECtL^3 zCZ|^`n@wd9R5+VLL6u8H;Z&MSMnA7iMkUcp6uGR7Gbj|#9O~$GNsJ=zrL4iF4+jHm z8QaLZ98tzLVr(PEHln}h#pSdQ7O;&R8{3GnjVx*#2?0*bWwJVWlkwF&RV=eI`^V#p z;mMmi%7876&&~MUo;t3qsA99Eorm&rhO#rs;FrhEIe`}|pOteOC+B2F&J=rjirR4+ z7w2Rq&IAuvmaB%|nW}0*>!DN`^G1Lo2lEg6jS&G1LB7I?;yf8ss zm>@2!wqw+ZaT>)0r(&G2FwP?wCo2r83X?6>6o6{ z>a7`u*3TF-o&v4k6mx+XATw@lOP7XY82l0yHd#2&VyjwvPFNuJ!!;7~874l1Sqx@T zpLH|wEow;*C+l=jQlKT)K(@D3W7>s{*%Y7Na?L3gj-kv`Z`yjeSX_NWbS7=sW^CK+ z*tTu6W81cEn;qM>ZQJRfW8tmQ|+~Rdou_eUbZ*Dbm4%aLCCxD6^~wgq1BU z>aKMAOd)gF6?R*g6gIw zXs0$rLSRStpUApKtUGt@uCDzX1M^@w`wbYnY&DvWiZlsRmE$IMkX%#I=D3uz6&cF0 zoL0#cmB4^i*^AZykJYKGR_?by=R0N*TiSLoHQ^LCnQu+>>TN4?#A3MWM8#a~+odx_ zi%^!aF?QA&!pSErknvlrZz)oUHG#mU@I{$_{NTd39vTg>5IBqnJd`ouhWgEDvBCmv zO@F$n4Tch`YntcI*ceiP_ponL?&SGgZOlD>#CV&i2TI8=u&+y}M)KY``4yk`q|D;P zZ`qq_D{mtk*!$!UefX|hkUOk^Eg|>4+djTgb8f(IdVKA2!P7$#Si;Oi0iqU~WlqfRZ z9Q%)a;F2qHI9`8dW?E+QjbF4?pyRES;X~{ilHqFE^jxF3GGb*!+ec*t0h68?DY>rj zhSAMH+&M@YHhF=(5Kjy?CwkS@YLFZX(963hek>IIfYn3HUv6JVLh%g zdPYa- zN>(w)4utYA;!q((GEv08A*G%RLxDnwos7W*a9)~leDel5ptvv{w%=Ki>*Q&A{1sPN z3p4slns%aIuS;O0s9bh%1fEeI!x@~d;D1b%6HmpcBp^!82jQfdC{3AC8k?G6-gBe| zmaB?aCVGR73qK*IrCM3sK{1FACan9#3)Zlh2!C$`6iWn{ptgI#5oIHcJK152wu+0M zqF~m5#-SJ0JRLMNL%L;wKAWK6O$9W#Z51%-u9MGW)khGjAbV!m>=`sJ8Z*ans2@AN z^Itn{DqqScCP$8%kL&CgTK5M7BSP?2qwwOYQT@d^n4l-og0FhmtR%W6lj9`NVgTt`#qn1|fR^z0XQejiB_krnSJ>fH9QoX)ntA?Y<}L1S*I1+jhB=L&V}*M84lUDM6v7B^rL5` zKXy;|!Y;41JC>*1(;w-nLs26OB z2ler$Kkfhq5n#FY35y|da0K@Des2zP za+(&lmTA5JwQZTR65L)vX(x%@NaSut^^qv`&~r_9#hd0$GD=kxNv8eJryE_Tve2 zGKAI8^kS(7qojl{h;OzTsn%<&ES^p~-62ED;~lGzIf{VuuNrqnWajv|%AdiKggzOi zs@DT}_WhTEV1CX!JulYdWRFvm25>1*kbWWy#46M~+`11l3gU*&$i>+P6!Z5V3A;oF zd*4X6vHjq1pYaI5$7}>sd>(tY$h5dnpJAdS3pY!f{Iav>nj7wZtcL`lvI*!R2)i)R zE#(6;UNFO&5aEh(A8K~EB}4PL2VQ%|4x7X{_L>;1W%3&o+Za-poGWqL)s9EqZ5j4( ztqo6|R`uJ#Z=CLU|4vY=`jz3}&fk3D+e)|5h>-K4K-|Ol$~L4xz+!L-LLO5H6j1db zgpKF9f8{ee`c!^8-|`f`V`<5$KeJv9WPQNuY1m-N>2CnY9W&VC{iDIa_f%M~CZt9c zz;i+gBo4s~HRov$`g6O0`-d&WKGsq88%aMpZ^l}bknu%P_I{@T-v!8%N%zxL-nVi3 z+e8UUhNs$gKtV=mH!L=Anq~qB;mMtnzo<=B z=lWHw_cito*QNmaHQ|K)5qk0ZCqoX3B!L^$iIN>gU~*|M=?*(gf?_=# z>ZM&2hF3;ChfliP;Ma7``OifBI{Qv~FMcunZ0|I$J&HC}!c2nMDgDSz_Ywsq!bGM? zg2G+jdx>)UC-aN9o3*inJ=bB{u74=F3mb_3`Ci{2Kb5_P@1HNTN?oS2{{As@U&{}B zO`G+E2H`!9DwD(=9hGY$oZ59`E8tGfNqZ#d8J$sdhvY1}+HCWdZPo=#*Q#x5;J zbw9*YVGNYNl|O^{^jRgZv~6kG38Tr}Y5sr`ww4q-DoFZ7mQGjQT?1Zp?(tKN8||V& zH>uHO2lI7D#10Ce)11qP@g=O+{K@BsoDH`5yO?nB_yQpRO4m?pC_E9+A&n^)ZJZU??I&mRQg}bjGSm3xH3?P5zV8(A#i$pNKz`KKsrr`)jCJKZcf7f#tCyl~(?@EC12OFE#!_*k)4 z4c56Buh2kqnBBqYA8%H1MxO2t@q9vTfalJt*X^S27&eqGubLuad;LAtzHZ}N+H!;W zGnv_~2~$Qc%E-*?7n3wA)B;k+y+~Kngr%ECwz1JlqM0Z!?)XNd`^!l|i{WCj5Q@eB zKSnhtXIXHu=vPF%UEvb$JkQ$2Mj!)9p0J%?MNTP542}cycDXaB^V}}T-FK=;wWn7h zVvY6j=A?9IVXep05-*<;MgiG)0soy?}W)fg;$DXkC9rz}qAh!C6 z?X05i7fa7o#ksXSzrJp#=R_xkgYpIF?SRyNC{DjBprAG6m= zrvZ+<&z>Teo3Zg5JvH$*sRMS#2G-lD{$W;GR*U&x2Dq&4bQTV8U{|IpwK93eJ(blL zNw{sYI4x4ec_{cl79k;Ka_CLL%p{@A8rdMfQLQ;LNMZ6B&y$4lKV0cJPZ_M{$)}%a zi#gFt*({MWkf#N2;QY=f{`!PVonoT|j)_y}(-Z>=697AW{8p8>J;-oK339*(6F)h? zJNIqx{)Ubp@YR9EAzRwsV9VQ@4dJEv#^&=V5kQ%J#~FZAAJN0fcJ;*vcpDm0&xQ2* zQD6I@{s5LsI7?SiToQKH_c>WJYk9Mq8>~dpwVk+$$_cY zIkJyHjX~CRo$^l}nO(Z#GR{r6ZjI-K{GCvgI`vsh`-Yk&bLtEs$*|^;THJP#=AZQ6 zVH&s=?9H?&)qb^AtN9a)XMaQT37b$8tfSfdS7rcOsXPip`T}M{wh^PlxQGaEzxs6YKj`~&SKlr;kQ(1F+xAMJ)d9xlWDBfe9>yd(OhyEUA zQ>|D{W3A)`Se@;!uEtO6AZroCc}x%?W2{6DNDB`UJ4cFC1$`R#cbEDLQ~@S!Xjr>^<`r73p(pN^y+pA zRh(BZo@0%-q_-W2>}}HS#9SDo)1ilQ+!-@N-!a*YFJY-?Sn`Jn6MkFo(f53&Y59U!UtyO(!8(N9j7+|mV7WSEbTo54R z1>ALLSIcV0H)y8P)tHk_@RGggWPL{3aHjhkdQIjLtw ztBf9Juas=3u#TCbE3Kl*rR|HWSgNNBsvO2-rk+itFf*Bj{$)Iw_SZ69mC;(#QP191 zzPCwhIj+z6gMJ&s@j+K`A~!fop=+t#sP}OFlAu z{!+7YQzgZu#a!`6R_m9{X>1CWlF7t!Ld`U|7W;=W?h;>`>@6cU{yw&dUGjpG-?A+; zx2*VB^7MHIS+a2&UYsev%7cI?wNwW1VBd=EFp-;?JRlD{^5!ZPt|qh1|Dv@s^`6otaxM~6U1n_LPK(xF-Evx7p|GHBPD7$>Hd%ekbM{* ze>ix+#zI8cu2R_O=Ci_QUd({2C=1NgQL?k6w?Ai3*-!>ZPtw-s^ATHLkITbW=uG~a z7$!Rad1Oyd@B8`?*g@}S_`HOkwM&>=!vi(K1ZpT5@`otnXUMTKDn7vn1G?rMNa5VQ zG1==mDT6tJUt~tsmfM5MXE1GUAa!gwZLR>5COWdcw{;GY-2`rgDZAeW%&-NkCrla^ z;gJopN)2Yf%#Jlf(eSx;Ooym}A9asZoinou%A0Bk?Olk7tJ3@CIT ze{AFzfcLNFyO$j)hQv5NEd_*#dmPcb{7YNKEAT4Yd6d~nheCReW3SM^ExWy4r_j1aJPQW*PYwP}!#rU^7v(qeAuTm@p;$|q~I>}?sj$}nRaB5Xptm7?(Iv($@>E!X)S zs4ES1{d{^tB>s)GlN$jq%$Z>AtAtIGt&T-BldmJ>7>U2op5PAq-unxP#|^Oy6h)c; zWV@@9U-ZJ7qtBaXsguK8&dh=GJ>fgP)}76>Z9fbp#m4qZTyUWz2M?Nv{+sQy0Q|Gy zCNj2vmPV+W$~5~FJeJAcOiJhllN?+(0O0I)sPL3I3fQo7Rr$=%eO~B20Qkhj9{^}+ z0A&pUHM<~Y<$STgHnCcvmnARNz`e!3o@yhlDkhB{lfS^j_F0q+lNn!VZBSdzz)*|? zSi$nc_Ll;%MQ$yj_~8f2h+kQWT9;qv_Lt8>Ri+Ye&42a+=@hfkgaBtBzD`#J6uz;t z=4X!)jz*aEM*>qExDV|?!?81c<~}Uy@`KOLQoyIfiJ3PJLeTO_)SECS7Ot~qlpkkU zcvG@tD*Oq0u0-9Poc+^bp%48$ophFtJt&*3W451yQ5L8YcDuM=alc=YtIVY5_X-u! z)dXvoFcQ(X^dkcBhvYH+)jPfFvN7x_RoljUpG~qbc6OmHULHRgRPU83&-^`uT&7O6 zDA%AzPc#pos9!5zM1?SoO>&c#T^cW&*glQt>+(LeGN&?D||%fbMd;MsDwi;Eh1)FPIE+$50f6Am-o8YzRBYm4W3HVE_ zf3CkKeAjo$egQc|9A2&RSCHb~zjX^T_p2BUVBY4u&it7lf5-HhZ+#3vvyoAV`gZoi zHS~tYJ#d^9&xio}joo*43dQfsi`Ssg0V?2+*zWjX2-b%>kNI|`yak%nRT2(P7r!Ik z#TWjUX`!*Eo;S)iD<9c$`gSD3y=TdC#exxoA~B}Gnr9qy-4|0bI|G!8j4!%-UM@eTgIT zTOSk^qP>|{A}fEIf!qctxKgTc+3nF;8+!yv^COU})#*)4NUh#9EqaHuo_`T7-H{|% zI{T@CW-iy15HDePS)Yx`@+T#CK#WGjM(BcKG>BA-V0Q}fogd`Ie?uXe!u%v)cz+Gu z{H(7m=g(jT1&S!;3d%!wiT9UM+Gqo-Tm}#k_rLYjWj-gY)xB~`Y!l5f?S-qKl-zdV zBw??77Wt$G!kNtAHX!_J5d84*F@cjE17Vr?w5I~=0l^N0H&07E=L-G}%F zI%-vIsV-d~WEvyR`%!Lf-ir6DSOyJ31`E6Sm|9ov7=joogRbppbLS;6Ta!?p^4m=R zw{L*SVWdBG?7_mY3j&5uKCwsaw1BD#cBV7w2X6%RlRpkFu{Eu-rN0SwBzy~i3wY+C z%8rKK)#4+$phfFaQ5IZgV&aBCL_aD__B@yuatG!#xuS(=53mKNM!w}v zxRJRd8>feX#r%U{YjN3r+M>nE$ibkOoNjyg|s-%7cu6^H2SC?g1VS70CYCLeq- z0^UL!-GZCq4`M9)@$$O~cOqG=Fw>VU;2HGr~CG&sU2 z;#|k&r-KbwuE+}WeV`QvwIzOY6w*v^;X-g>fdq};Hd(yotNdIlJCeDYdvU{5$U5XI zPe(RgkbG@DRZ;YgIjS$5ADZ_reJoIV;%=hj9OhQY1^gu922;`;YcWXZ(^{0|8 zxKZM9Hc%`Mp_9yh`XP`+A&dFU0(my4wGf*X3p@q87_A;euLFEvOdy=KVKeo^rX0wW zJ(U~`uHq!7#^ed>r2Qd;anfo2XxY+}%et*i?#q6J~$P;>r?Hf~_zSMYQOb zTg=cX5t5=ASYtEOu^*Tv;v4_n&ztggSzC!XH!esri$24Wux-Q+BJkkH^lJ3vNS6CW zk)prz?<#vAC0I>;d|^xb*Rk8)A5GkPkXHEW>QU{aaHAOTlSDeoxu^B}MavJ6E9Fiv z9Mwj(@;^O_)0ZjJmci0+)EkV{LMiUD@gx9pQLO23dVJ&6%RMI1^gtw%=o6eBTe*-+ znsK6b)ob(d(}ZhM9MrIWnrTSV*I(Y#9(t<=*j!Ylhb@U@;z#T!J2_bNyNdw{6!=%0 zb_{6OR`)6J+`y)y6v;}FjINJP%>zqeV!!5Ak`ku~wy0+{sHTC_;#lH- zO+`p^*940MOBa>JTAFCxE@=JgZ84T5h42Ze0Vd?fNyc6NkI<5VIl>l-|Fz2*&n-lh zh-q1s9=gw$cPw1RmN`>xVe3W~9303&{-YF(%PYnaf^CeK&IOgg9_{H2f4!XWl zhPf9+D^H0ELy|s}q3ga0y!U@Z&PJS`o~~!G6#A&i#YGpz#P4a^8ABr^>WLxMuiL%} zzHwryYW9f7liIEmwmm!eRU}n0<>Q62R9hJ3w~CD^#bCKV2;{gN`Cgbv+?gSnWX=RS#My+Q zM728qCe~n@Gb6E}GbG`Z&V-69(}co+Uf;(18#WmFcM6vSWV$Wco}*L2o3xJoazK+g zE4-=G+*4={XPyA}ErbbjgD;Bqa8uRpr1%Z+HC1&n60Y$Bn&`ubUF(0JRlbY7URP>A zM9|fG4)<2B3Lds;tb{WNJbHaT@!5jB`nqczr-dNW<28AHzoSBB1G%AGuKt4~4-WF( zNQo?n0-w@V|`@^p{S4rR6*)z=yc zUK78_60<)OI?@MX9!u~+7Fdqt*j7o@*#s$8h_#6rC#UhDJ;G6T=^-)n7XHFhkrK=F zUna8LwDHsc_-Kwq)p$|=X>m1H#ux-gSz@;&ryr&C@QV;&}UCNJ@*e;7`w4^ zS7TKRiy+zdc761bV*5Q;77l-h27rE#;?_V zM{NR!ioQPOV6v_pW#0m3r_FR-Gd5-qU zA?KOnj(%Zh#pzQRWi!QEYVKu0yca=(_d0%p_Y^dx$oJ2Kig+MD9RQcBT{yU{a?^@e(v>5NBlQ=#evxiokme@A4Z) z`kRwzV$V$1DMxY$h^jf(XkCj>3AgM-`EJDfTgDgnbv5*D-7$RByyjxroDYB7(PV{~ z$dt|Z{Zx=Q49t3tV>f2+`%RpoSF|muGLD78n91dLyy=^f`9}Jd-u5+Xhf7d>r#~Mg z9{78v#2@%?xP4<9*R!TDj2gTR!~IMTK3dRYQ%i>~R1A?*PStb@Q6(iQ&9pLi^}J-e zsf{Q#v_sWK8LD}yGJ}j2DZ4aEEVyONVqRGHXibjH$5b@L3R;i}tawxk7*$wtXrO9v zs!DtCbWsD;*`w6)lF^M!1SzS%cx?$6CQdWt)RRY>Tb9XiMKxhB#Q6RX2~O}5s> z)kPT^dt6Ae&k(iH4I_x5n7j=|kc`|0%_wX*g#tF9(yd9mnMcFn69a6P$X^>iyiOSW zn&BO=ZwsVo*epvRU?*`QU~wuDg2CJHVfne$#+0}5wkAdz;NHY10uzb17|YMK3P?m+ z4aeEpg5vC6lrE1yzKo$O<_AKGX$aOpUT?=7hbWX zIAJ{mk1T8V7&Dv z@b8At2zU4JHmDFd@_^15Zim45d=`Y4C{%pVNLmkJ??=8tRQrnhi|Qk)Ca(V;*<}3R z(~Z~KddnL@ARxPQ#DCD+KW3~!(@P7FO1<>N=B_QP8R(P zFY!$5aJu;2gVvHi_%AkrKeJMtGgv+56w{FEy`~Wywq#!OF9DTf1@u3LtdYBqDWCjd z3x6JK^RqT!(hO)UBIKskZ<*SHSQxX>ijzD&rK4mv*%?{p_#KluN0IWX@g}hbQG-q3 zl9;+FASP4bCaWV}P1uiSqqr3Ef&wX=vmT}C{#G4oX~lYIe5_t4*gs2Nq;9Ti$X+() zS#~F-+lRNSEHlxx4b+8+ol-qDAKPY5iT5U@KD<4;M3IlaQvg@BFJJqY%1v5GXhm#D1k8g$WAdS;6dYUyV_8$+ zY-}x-7}{8!HTF(&qB9DP+hw-`7f^*yYmXTikD2d^QlRw?BKFip1?L>H^XfeOtqqh< z{U$~K$T`;Uy02NGD1bHK++y$6pKo;R)*t(u;V2|w4<3;2D14rc%MEuh;S@mU111y% zX5$$@{70VsQ9qtoaRSidW48E93g@)$Y0_aa($YCk(^j&Noosjx?TzJ_=_i4GZ4LES z3a7Siv5U;wY)d1^HvizAd8>D9_nFVRx2`2XN#yy-q#=g*gIRG@5L@Kgv|bkaXY+HD zky6?up?2QJuDzF?e$xcxFAV(Ou+u7&B>6j^n)&_jN37noeDq+Cum`~n3s3K zHG5;s&nmiOU(k!}nEq_LYHW<96#ipg*3BmH2&Jbc z7nieoTQ_dDB!y%`d*-d#Gh(kq9jlFIi(@}8KgUmg>(jn=a~Bu^xUSpbV|~|+y>`F$ zZj9MAA^t5_E{q7|P6GH;spQhaqAuL%5KD?al40 zl*cwH=NF$I!^r)9hVUPBM;2)gltS%F5n7w{cBcDiR#e$&3-a0tS`K3OlJc$@xe$Dy8L*jxz-RDC^jydMuzDDu!cvyOk zC*SwDHw9!L1l+jIzWh@ZV&3nXK?1GTg+}p)%X(bqa)YSzhgP;FhKmY_)~R0a z`t*a`ihb8DR(|gT0^Ew7rvaZ#FJ&QlAdp=HZR@&hzus(N-{24#8x;aOvj95nG+f|~ zSL+_NGTL>Ygw#8VXW$_><=(*fp8Rj>fdt=jZI`9Gfq9sIwrrcR>LcPPgpo4&uhO_4 zK%=UlM4I#s@1pz|%jV09r7Um?RP@6dWmkj^!W<>OZ9Gs7@@jyd#wh3*6%F=PS(%5_HZi*=p2hELFUJd>;OCBIZgS0 zN8R!<)#;poV=e9(Dpw;;qroVV}9>^>dZc73<*oWLhL;su)c)u@Ic{1uU?X_yu& zGg7%yx>2=FA!Dk==Rg@xmHA0NWgSj=bN5-&0S+i?^Vv!1lmBYH2gw13RB5R75kA5_ ze#k4C4qrD7VCJ8rT5nhY>Kcdm>gp!&f}|4p#_D3XRaP3WO%S&E4rc8CqvWada|2Nc zi7aCK**Zbj(P`4PnT7-daSVJYBh?_bjmCgip|sX~ntyWP(k@Hx>jL~ku+TK+`)M9Y z!L3q3jmN8zi&8OxI^DfWO8!18^9R}0$Jzi<)nS7VqsPY;Qe1uwoZOraK}-r;ANJzs z;~1GmjE?XKhFqQ7{Y0()UX~!bwP9j?W7k4EE&BZ?^ESx=N>m+?7wp0Vl+QnouFi5y zihH#VeE2mO?Ot$p2UB_aHjhuz`CH{Wp>OR514n3@OV9`R?LPJ=0r#=_9%R|m`>Ws8 zH26oJ6rS7&;di2cvh0+@14IQs>cbqbsFUME)&3K;RU=+iAllI7fTviu^{u;usH3G3 z{mS2{SwzcC5@`I8^_x^UajX0o9`9iJSM(u(|5zLMaDwqWXXpaZ_Lqn^flQ zTs!eyMJhDD@DzguKC?0v7T~XxO~CozU1GV=`h&Z!Sb)Xy6a0heT+E=g@;=7J>4)YE z58&XDqwVrCR*iB`d|96(roshqg+{wN86e7(7ky0jA*_IgX}#M}_4U#UChi+qo*~0j( zG+2tnF5HWATr{Rycl)mjRw(~scNRV4s;3a~Lp2hoe4m;wUPWn5rXh-Z9Hu0iig2Z< zj_(lMr!d0(J)ZT-2u2dHH*OSL|7Ts80YwiO8p}R5h89(X`LX+9rH|P51|B|WrGMYG zAOiRt$z8G`_74v7rM+BtjM17fQ1oVzJwfB^JxwJ;o~qn(bSxf{)osZ6r%tabvGaE? zxd(cXXQ7*EUqr%`bbHcq?4HB(PFy{kbgx7))-DY}A#Eq>tei5ibScG0I7QJg2Po35 zG!;6vUyW;u)x=r6eP~fsKr%)R)@9jDDTM3O$A?3UhevsIIPS|}=&_PTVR$%1PXmth zB|Dyx(And+9{(84^DR-Ca=S--BpthTA%aHk#7dS<|8Z|b{AmCcHc8Fez%|qxrMe@b zlDM_g@}5ytK=6JnQhgNE!h<9+$%256NjJ?W&$|FYukJqxc2P=A+Wztvtn#J z-mcDVejATOta|Z^#gx&?T;$XfF=U1zyc%}p!;uWWzLluGYKXYUR9Ac-@t`|Z1m!RU z9jp@dsuvrA9V1wuo}QjhWr$Z4O(y0(x{|h5OM(W(ha~^7^{=TYjVnMpB!;QwQm6d; z5)fP&a!RM%A+ANS0Epk-Q9z=y<0FXv&TtGkC?vv)_i|Kqlv&72Y>@4Q6LyEVUC8#k zyUuM)08_U(5QL4W&nHFWlW?h+Ql=W{+^P+(%C6S_Qdygzh2QkQUwWzb)T5x%lIxgL zBl!01SO!ihT@h0d@9z8e*AxcC`H}w)>oboGHpuzFXwUEelF3#S>3o0ETva*F?LFY| zND9I*MTI~@-eOPvf|0GOFp6PSWpau|Ymf07Mz7+nLl=vwn_%@J^Ot&^wRTB=wHtVN zBxQIcKM9WEo7_N>7A^1Y>m(sKwIF;NQgp<_~g8r}PG@8Ytbw zMj&T{>fptxEG0a-Y6!&|7R7`?MC@NPDXZ9cU|W``&Gi%QQQ$4wquNWpLaY!GE~un< z7Lbsnd|%gG=B7F4$%tFD`cu1#LsQDjOmar!_D>HPs1K3u>z-w6wA*Q3>ZQg?3dX(y z8sgo@;lleqw^G!QQ&EHy47rjv1HfL>U!+FDMmos$@tzUX6wPs=M%cbB+|3Bok%WpO zvzyth2X&1u&MuDrjm2ptqnvmoA>IiL`6E*Z^Km6Zdw@mChD4EYuqDZ{Im}v)>s(Pa}0KB zY0SA6ePCe67h2~BF{~`dR~3=c9`4+^2J~iro-&;(B5k-rzWAQ+t$YCYT*4leRSI`C z?AbNb5GO5iLUzT-gbf`CjVhuGBgh&Ths`b1}>ntfT9ICIk9SssIHLap6S_3`@HP^jEFG87+ zXa`z>3g&wQYez6und(=TQN6(h_=}94u@^-R2c`QlZJ8sshH!Cag_P2$!>PyPiH^E( zY>{JH=%`;MV73jmC3>;QB{j!G7bftfQPGmfoaq?!R?o14E(M}G2G3*?-~tn}Pv?zB z?jq+HxZS-vP!pB7>W*q6c!4|8xY-1TkID+vDxeIwOa%tS`Jux|Tk0gKKwIb{!lc@b zqKk&)MjS8O)qo93M`ZZYntUQBNLlUoogBtL#ExFtQB6kCZQ{se+DZ*Z7TX>$XdUa` zKT73pN?vLA0npbkGrLe+1oxJ~p2<2wDxU&1@>Qw#02jpH_(uTGm^s)2;eXVrA0M5g z8)~j-Ny?pk`fmi41>d(s1TolFf6PUAT%CO}4(50XyKI0e{flQVgu#i{WMhuM>G^rn@ zAxN#mYfCnhGz_e?y$fRb!n@g?C&eS1i3kUhq=Uf*gn7yGb6!^r_e1$VDnVGY?q2GT z*~|IN~e+9C@F8}_9sQa8O;LmQ`R?^Ean=j9#Vq4{jxRS&1n>gy*2Hat{2CAq7$HdTmNwzz1uh6acmZFtp44*qFz_(z|8DL1FeF= z>8g-e6w%=Czt@IL3Z`ngmlO~>fJ*M6r%6=zC5HRLtqIp9gy!byXIv3(tJ=70<9Vo0 zPjxan`hL$?Ej;`3zw)(p-r~GJyF4oEU&w4ZVWFCe%N1qIq^V2ZnD}C0q37B7QYcYI z78S-=Lz^I`q}b%tc=_%<@lB#}Ig0#6If2+<{*Bv{5lP0&iu04q`z69bYg4k~8b>M` z*ABbdsw%lzgfmH}3$U(-MSt-=z({hzH(SBjt?^KEH+6&B?}Tg#_T0MzV%L!?-GThT zS>Et*d8qf6Z96#89<~&yB=b}HmD>wJwM}L!XcQhs5r3K!ST(wev&}B4JJQ}-!>tRJ z)S0yS&Yzhe;i^>nUWHF{2nKbKTZb2nT{|MECPqD1cc=ofRIWxYQRXVAw`SwMXSY&@ z{AYyNZz2lq&jWYMylkO*KL!!RCnBK*UV6*}BH`z*_DlgGUe;YCgFhf)_!60zDld>$ zKOGx^Ao|)9tMlK}^qLnq=O{i(-%6lD>t@e$HT3HJkaBfvX$k=HcYhdoc|`Qo?=vTvDwN*g zB;l(R{zf~e>+ovb$ft^Vw~kN zL|B~%z_I?rq|Oeowdc$G8V2Z1N4!$1(V}a}4Uw_)2D_1v>Hl5ulG%nzKuB_(?@dG7Q-{^$Nco-S{L=ouO5LynZ$??O0UIrDk7NF zyOratUIkr>IQ*e|G^?IGJ^{vSKJ}#XQYZ6u%y>^bm%{S*`mZ&Ud>?~uZ7*B9`!`qB z=Zo$rs1AXvMpq~JzGtH!{MrB-*Z^JHk$y6*eB%S8ZmQ>`{D$ab_3CDll1E7M%W{k5 zsWXt<m$#pnEsh79O0%wwCPOwUi$N1qS4Fv~(fyO65OGLU# z%%sMQ_L==XWSs-{k3bM*xk>lr&aW5+X`IkfZM>L0RhbnNWZ$SR$6!cuQt<_rNl;h0 z1K$tR`b_?m4t%y`Cke7Y|+r% zeX*vUf@85#CiiVk#JYBm-~Fy*=|g`kdmsHZehe}^9``k#0y5bC25@uo!1yAdjiz(H zir)g~G;Ig8f^*3hXFHxGKn+w#*ZoiN+VPe4pY~0l#(?@}RwQF2s%qm*^g@Y!gLPbK=V30iPs2S!<;Qngf^ zh|Y)J3TrNI+j@9APS^8dHUbKuGPX2?&1UGsqgY>BY|DO~%TS z#^ddczji{(fEMZNgU{w%@^3@=K6XP@c+1desrx{?KQTP!d1~d z%@jYG1CBjXZvMFZo4w1NB!;iJ4od8w-^S*=()V>(H#s7mpkOz%l***i*>^+?TLTn# z-GyW0u)<{Zp=+4@$z?87>8HcK8rOQMQQ$h&wl~D~SD6gNFA;5kETx0VvkETBZS1yy z5ec*Q>`O-bdCGHjtcvKO6T+KPEXXHvJv@qoyuop2arw{d(gS~05&sz#^1lZSvT$3MLbQag zuU4*FjK;554co=~C5B@L|HOw|Qn}+J7$T8uUSG<4s*3Uc4U=H~9Xh@G5pDQZt)>v^ zi$6^*<8coldJGqfuf1d~`$l^;{1j%FZgbZ|h zQk_Qmf4T?Uh;;nVO1rd5wEWOlc1F71204gU?Z5~`h2gy`$^q3VBu@eXna)U(B5Sz^H(1rAtuUd6| zx&VqlHob6d5*)f|s|>%i`o~sw`5rV61IxJis7stnRo(1}YLwWM?Az3;GYv;qUt9;t^`^djm%la-VCv-)%1fFZZ5E zUkU?#+7Y!~s2lD9%i6?EQjm(U!DtqVezwc1?rrWsSr>NQahW8$FjZ41FU4DL9%D$9 z9YE?J1$Za_aKA%-Rf7q%MAr~K;*67(VRT|RRQ!wWiCsgs)C|;agw-W%Qavv~Y7?R5 zqPTtkJ~8WI>z=A&{SrtGS=P4ItCUI6(G6{>WyCY(7@mZ&Q5DggFkp-`lIBeJOqKBD z{$(GBOdaG1DX$u?tJa|+Tf=uH&^b}}+=2V05Jj>fse-Ii0)R)rec$^wsBim_19ZjD zUEczp1lg|5focTVCf_t1Q)@fLAV9K;w4>xiIv4)I;1M3cKheZIRp z`DjEFMG(Kt`5{uBEI^clmt*%bIBAr>H^GBi->sTXt83b=K>sX(Z49*Y__G(tO2oUw zWgR#lex#kIo}h1_M4zEk_$BEsvNjZHN$oz5yIO}-ieP^aH!Qj)k}%if!Ar zZQHEawko#s#>v~+-KX87-5>gl{bl`tXFOxAHRp9>b;a8nY@;$RGVub&f8|hNR-4|> z?0X)*a-#YCHAGsYN$B+XLkWwg+MnjJZ{T{*b`t1yJN@OxkO%J}nWJGsV~Vvd{qSL= zkLZ`-HAm5Vr13C(xA)$Izy1Ty0i3=$j!;jDu9x`>glYR$qEF`GV%3G8K<-7I zs?^*0UOJb4i#kI#JUXA8XS?#AMbf`gn8P+6xRPI`E{a>I?nT{Ne8GT~b~lLNF~m=X z8^k@qZiQ;ouJ9(uhu8NN z>H~U_e6pvIjM8`geACAJg}H;QojpfN_LWsJVPB~tIK*`@x1OwTv_J5@;XOS}VZXE# zs$vGs&CVGca^xn9M{N+xkcb`@=6-h>=s4W{#RueA1MVf4G#&Cz%CzbeR6PL)zJzFi zz@5FePd|b@ct_!?$dvSTh(BmCFb5uq!uM5y;uw#(%H76+tg%w+oO>#%rJ|R1%@?HW zuLx9H(p86vpth@Txn>P*Ld>qQ8I!FrP+rB%#lUC%@U!=OI7^sB$pJzpSlFK1;q|a4 zY6h%Bw%qCO0Oik@=pm``o?G6Ew_5|!UD#0|_4};>VED0{;j8HDFimThm9;b>-rXPR zsa52w;kI>WiBdrwJ=O!K=tt zJoi?C9$Q|$QJv{{)`^8Ur&i0NUK&IV%2vysit>CDkbEy=StCjgHfzX%RZO-xYM*2g zw#vXXO|_i$3bCZ5xXA?9k*?N#R2$a>dSjys{{y5PUT|cc2Xr8)5Vx5R(zdcTAv02t zfjqKvjhh^cF-bb7RH?Sg@dqD^gK#*`YVU*hgkQxwRvVtVfANSes8bbFg24N7a<1s0K3luxulMR+~1P74^3 zOQ%9ROor(T`c9sZ8qXkN3nHs!AXUhx(j<2?sbIB;5m2AClj7|}S~uMCvMRKRS4ZwA z*zzDvT1!u+o6@RBRkvm1Yi7=|E0WM(1)@GxjCG{E^5&(}9?($-Uy5OLl$wgwMFKGe zd}o%ulo5*SHE~mDEC2bEkpQO5njx*WU*&&WQy;lsWrAQ$ZhCwd<;GuHfF3y`&4eI zHAUtmr)A!xblP&>fEq1r zGEgXeoMCoE%J7FW2uu=-h{}9|7;&Izrs`a>B!VEI!od5AS{Lucma(va{;3(`KD2FPTr$dp2R>On^Ii2A z`aZGcKZ)23DQ4z^G>?cs)l*ZE;6uk@lOs5ua+MS&3A1d^=&#*NX_l+hYHdb@5>p(y z*-GruL-5LMY{WX3iKc-?g+W-;$EPY(2MX)v;AQP^V0jv@pBSbhy$rctQtz`V>A5aT&OyCL zY-%guLW}N^xyuOe*!QQYLYF7@CeTde79z1f{A%ehKOMLUrV>{L88?Tpyi z{a>TBcD~<@50&>m)({6n`g?kCJY*9W*W_ym*@Xz`Jr;Mv)gZkJpHq z$m9f?n@EU#kwak6n}MQXFs3`o5KT@(xv}YYZyhXRdDN{cdPdNX zO!AArNvLjY>{%jl`K36!R7Q)=>9ls-l0)4J;>z&J#S`N>;fr&6^b-qhzYs_qcYIqf zskl`phCH($!<|0o;-}@Q*YIf1)}yS~azlgq)QDucZ^-P1;YeC5(SYAZ3YwMR5nY)r znE1teY^Gp!Btpzd$c(Tg{7JB??juEP3#LI&36J+cL}X|r9&2xKf&xyOG!YoTzrTVq zN{zu}#jJSInm^vFDn#u*P^gw!l{$8rh~gt`o?gP@cbmp=|BB12Xnw-^ zbx(GfmM~$4AuK!llms22|12Sn9s{?W7)NRB-N(eu6J3tEhlK)`D68yAUy7avHIo{F zO1EM)K37R7#*iisxs^uZK_A%3wa|(%AJ8efTwXprjZ&g-R{pnn{~SuoW|OOUt5-I7 zN<}HA9l48;@`&g+Xv#` z!i~kS6)h6cPTKS)idf-Sq|O1+-N^}ts!jI7F&IyfFfEC2m2Ay0!$Vq&4Je0F2OAxL zIUVgTG?A1ftzY+K!C}nAq*@qmeJ}~kkQx{<+$*c#iROX!E{=&`MDAK~G-Tm6qM3i| z7k?bhC2^wyoCI9915)65$VvaWvrbr#FHv76>XH>PZCw0Dp?r^o%PkIxE#ck@L@M-7 zBShrUc|zyrS_ucGO$WqLffvP*r6!ZNw&E`kmFjw&3TmI#Wo9QYaX7npyu>pZ{#^c$ zLIS&&jpVHPF=I-ct|d zS~92L=HX#IJ>V7XIy{g#>X_sB(=9fLPd;i+9cBWfT2phXvR#mJ2`W1exv_nB? zk&3>cDyc`1q!LUaOzK4nHLD#F>Mhh2{vf%;PV&R$iipK_Xfr_hym=#AYQZE`ay3rf z7n^4&TtH*-$;;7N??VSc;{!?uXS_yF@V0cxa@G?7KONAnwWcs1z`q>X<6#+qp85U* zPp2G8N4vWju(5OU_Bp*pWr@ymG>FSkyUx8KeIGZX2mLd7!%h2z^7G^DdT|?@iX%&g zbdE3OsvkrT#RB_VK+yiguB~fK-If@kMB)|7g|6^mCXvD(P>KzyR478~P&t2$Gg>S`($i1=tz7Zmf zULq2PDUZu&Ry!N?Hi10ZNb+Osu_;xm3eHi(_&6DRgi(^it)`?5yIt&(In@5Yc0*X3 zh4gvhY^OpEL25%Mo|Y)SXcTo+xJi6=?z6*x#;Fz;o893tb@CZ+1>~5F&FjJ{2F!n% zIcc%FA)-(65yMMWwEK@V5MU380IsB;ng%+bk;HOyfV4Cw8j%i3Ub}ZWWw_rYupx5g zEtDLakr&UxEuEc)Q8cPyeu6%nU>MZ=;P2_h4x*EoX7S=^G_S6byf@KIL7hzgjXeF^ z=_8(;Xs4neH$U2cPkA;z7Ty*NsQCrXN`DaWK3@<7jn>liFGkK%f7~SXh<`ovy`1BG z-Qe@zE@_H)-9bf|i!FZWdc-7k3;dX8C*|iQcSQ$v+br>1>v|n@Vutz|wr5)}(@PO# ze^c>tQrcuW69%z=uGu$1M&*m%2z8k%a+L3!)|3l0+FbEOU=)n$Dtugod~t325n|1& zSt?cl+=BnPSBrrYwuyLE>Te%y1vQ$fm!YN}fI&7o22V6CEclEQkDMnW2G|uZ)L!OBCW7 z(D5@hAcXtc6T{c5S4KRsX@A@(ap!$BWfnhR@^W-{e{r{exm-8AS#Rpurp#27KKr8g z@kGSq&!{g8>OHeM01&$Kao%>LbA#`3DvzjFMDM8I3jb(M)Zj#^O+-xAO%y3(u3w3N z@ny06Q&ijL0L<)b+q2<~f4Z^R5(fV4ym>|d(c8J;1M&PItHUJl#34mIpgYkD1&1Wf z+DPVsqGy3*n|SpmuNzo#hEcNTf_iox+>S*@3nYWucSK5lkbMidN7fB>)q#vblXIGB zoO7bfCh~a3e`8kRA>}v61mE3MTqiROXJ#%0(}Ei}bh|NB_#%wcP>UTKt^-|eO@UOpnZy2o*u*}(L<=owZ$CX--Jg(736ow@Rt%6~A(1oHxIyLUG&OnP?=cGAL0X7lb z@g|qO;R0580ya-mYhgRiVA7i5?7?$(=oA0|GG zXp3`U2p_G1w^+?Dmcqw@lpeu_40^drj-+-91{_m)mX=aDF@+@|Awo!j75`X`@Y+#~ zu|xfZa3&l$%}i29p_rw}>8kNy7>(zX>kO?`TLU18_Q(#``nZj9rTam~>}I*cRxnRl)N9q%2>j5j%hWIzW6(NF7Gp6#DFPwa zFh6Sxi2pW^uS(O`N0rS|IgDAyV{lb*4KEqvQbLHEetyWZJqhSd5VyMW=)%UV-#FcM zT{)pHz`N2CMwkeAtlWy!LK|Q)3=P#mHn?Bp_FuqzK`RgI)czWi0{d>rrI&Ri);xj~ zD+I+>H6yZqH?v`dZKmnjb=;2f^_5kIqz*~pQvpRyboFodtR;znq?8$n!rh(@q>eB- z=#-g{xK`QcdfbKN{ha`y@F$a$?&IbJWpJLJ`fb3gKvQXHyo;YpsJSO?aM?|RJXTo9 z-6xVCXnn^&2h&(p2czZBk3EObp6K50Yxyb*9%CciWtAk~a4uh5ys;{vU;ducR^BhVQt$K4_*^D(AQ{?wG=>gzNZ3P8~>y zkSPwTBDTQ-EixEdUN&RI+VE&PJ%lK1XOc-bvM>%ll_f%`bWYJ+s&7O9wLnoy`!Z!z zK3gkx;}D1iDzn6vSfdlG5RKgSSw?1|5HUBmMN=wFl z+z8<=L=nQ_eum{?0=30>6S}b!qAPTa8T2p*S?2Q+Sre1%>r*6a2Z)%*_9;MqyctF% z1FL>tPrc&uqvjTPdChjvcXf4h;~NEZ{9d{NW|o6Edz5Fd<9bKS4;>Pp&S8kW}|y9wUfzA#&%)bHipRt+_f}0iXg%`Y%3=6u4_^h zPKs=9w97DtHS=#JHqtMK*9=lY?;6=;k^R08A9{*xs$oJh} ze+Lc>SM5agTbLn({bZ<3S1_)=;p5<&j?KZt&qh_l)sm2{rrJD$O%d(HK|!`V$*vm9 zJBu2`TJEQ}+YbFw`aDsNI%kxEBM+~oX^t!l!GoXk&(SF-|A=2S$9`-q}`52%$`!is2E_Qf_=BVljV?nAl`U_S>mSdcC4i(1Owg9AFvh zv)ckY!Bw}bS0f?SE=5jLQkMnMtlbtbIuL@?#b}M8zg&-P^wg*GGCittS@r!!2XEZR z7>f4X8gAfZ4JN&otWYgV!2H2dtelH`)3FnOenRBXOwB0H@xC=#$^ z&;{*aqxIYwN%CA;`r_S07~h5bAM0o&C#Y~nIr4~M=*1WqNy>@F9aWIU5_MA1Vkdc> zRcn`B+xenoc|ZT1sUV?WjkbBIB8?#|BKTL>FV;mll{j!8H5^rQYAaU+LIds0?PfBlXM_{7A3NH{uEbYZYuYymMh|((j}g zqYLvW+V~%31+_NcvH~A>5QW?{utAM(Am^ITf;Z5C6VrRpZ+G&<^_3uHvLNMUKH*}< zSEhlsBUl#p4_SJ?>k?@eTV)_Oj(UTy*S5)V5n|rl@VPo!dp(wL#k3`0qolT&h0{n~SSP z*}X8f2RcDsCwWa1e!Hf;_F_u*6w~^8gD#A0O|%AfTwiSC`=mU6b7~o7m&tOXvz9e< zSRoRUUJ80yX8b=5%XEEOwqhLF{7bGkvdziubZzUkD5P46PY_t7Yst@BRVo`ZYiUfa zA(v1NB+Z)dH$FOE3Q(+5$4wI(oi_j23Sl<;>3Tn(AGYhC9xlT^h;hxvzUa)DkZTjI zhnYO6dV3|)v1i#?YWM9byHlfT8@rn3(NJ^vJ3AgU|1-&3t@14yGAC)e{=ikQi4ZR}*D>2ZCAzvBFc;+4X57_<0{j zfrdT-fu}3Uc9^dtL0#{>x5WOl4$uMkw2R>wpt&W8`-MQjaqaihE9l!K@ArJ?k^W9V z2Se|C5vzSAXjllUYE`|;*-9kyRSpu|di&-?h90IdFx~y}zu^72LQ|5{O&0wJ`%cE<{L3(jCaHmloS3D9nd8)Kh%P5SDyxpp8-_Sr_UCgFR=n~c@>aBX&70Ho zeFUr0`Uz&6Y(`f3QwZ8t=_M}XEx%P|Dq3J`30GXu5c4<>+%M+ab_kLZHGqaV}+s`puK5OfxzOtJL)dc8qtRyx8G;^Itn>Txz&K1a@ zeUg#?kSDg%yVW42x{TcwF~eb3AHK-w-j8@MCbzg^Oqi8P$I`-m%H55TaaQT%VybrE{%8sw7JBx;wrVQTwHsbnV)nbMU4=syYSx6rI&kzFt(WvHE5S_o z*pC15r~T4AZYltf4UBFr)ULnjZ)JwXb6L!YG(T-gQxn<RhF!1%x3g7;%*2LX3K-Hz=e`W7L~{CjKe&&|jA4|0GH895ZxtYa1`)VfN^+?`OPg zTBGdddyu}4j158`UZs6J zOuGH@L!Bm2O630Z;cjw~gTU7t@OBht5bNvvTB3)D_!P$v9G%=vMHlgaro(U9XqL{} zo$>YY^8C1eEvk`99Cow-pY}mkjS5VF4ls8bvQv?&g~CuKN92A>o==Cs!g{RsW$jr# zD`gs6?pZVLS#j6qJwKm3uQuu?9_X`73eE8)@_UWS4kNH2CeQ%E+BiHDNl=gygPbA9 z`8c;#IwH_qHq2s^DKD1i)``00WI(4jpgBhOf1ZxZczxu=0?eaRXIcZ-WvtQh zxOg4+=@-yZs8@fDKd+LdT9JSvi$jiNU`xAthyS&rNdpGjz zgJb}YAQ#6f2=9u)F3@#}k*9*bPMmKC8gXt*{{{kTZGOwf-(L=IIyL*3kGS9TEFGY) zg;}_I0f>MvU~%dfmv`ys1$1J_`#BFp{iq5#?c_=D`6*e0#+>C0(!wYifPS_rF6ZLr z^)tWXdgLOVYQLtwlh#3?GbhdsF2J(v#z`ddzh(PN6R_>k3s!=8wE?=0mIYRzY3Dm@ zo9=iCp=jk~U2^~?nGggR2cDrsC$PF31KSmy!LDxUMWBk5WXTtKuQjx`dWQ$0FBY3U;5t>DSv(+lOT@C%<>!DoIy9iEV$#6H+lv<*>#G0bwc5 z*Qwigsch%WNfGp}rRdJP)qHZCy#DxNhz?m2bOO?nNtuqCFC?_0+UW@V{Vulia%8y3 zlBL3Ms`Dq=0kiKKQQTTtu(6`Vx>-yi-BTAmm`Ih9kvwcp%IVAF53|AmT&{HwNqNG; zvYAGYLKf6S1Jf6~YF4wP?xmyiaa!T@&J^P&p!+G{?aHYwFKZGQh;a_rp7XKGXMNE8Gb{~x!xjtE$Hu)15%V3>2y`w`)|zxw(0nL0`^s3RPOl36_D$D)QM?*bFf`3ILf zYe7bqcg->sH>Z0cRFBSFjl4gp2_-{Qz6>IfxRvrDyg^g)Pai#J+Q)mriQn`mfxH&C z%uG|a$?A>q@|VDxfcX({m%w`y_WW&F>~8y_aD& zzmzZn6%M(neh$_k+lRC2K2b>jV4Ze$Y&ULJGCO$-b~dT<7f|fJ$NrFtQ`;T;`gK4Y=74yBim~exVcH_S7w?x%jE&sCwu-| zI0YOpoPbSApXWzsc<}SwBa6FF2M~BW)!k`10rPr!J?|bS?a_CON+R@-kphvmbX5 zp0JcT`ep}+ScZCR7cWV3YJ`$m#Z$LNd7|TeEmwWX(1e&lN;F`$Oo#|V-$1I@x2Xa@ z{eqFqF^YZ4NQQ+5)JYjk&@L%S)=VEYNK~Uk+H~_!L^5`aXS8L83$B~5>wf7uGvh8! zLFzBGoJZ|tF8R;mR>6%1>S~CE7unc(b855UnY$WCWhlp|J zokHO;edh!#ZS}{>m$U4`=6Av#OkWub+`JT#BtyN2|@;a zzHZhStVzjnvsbbxIdZe8*rFtjf)hLk;bAt*Ty-83FCG2F^UAsiPCH|l`(!a+DemL3w8PL#u{cy|74`Zz*1T;B;NDx%2?IR7o_wH@%@R+ za2ZkwS5&et)Xd+Vb3dvaXT%GhfnT#gfG^?ZX5S$ij;)=SK)goFWYH8K`Qt%|EhI_q zKk|1;u7d0nB`_M4@9sw;`a($G!}JVN5){vjH20B-scKF^Yu|S3?t;}~Phs>|T_?MQ zSs9-S*BWIP8c4?>@4;a#(?Q8Cay1o_#$kFba!zXQ^zRC!Md$CXx_MbjIL~;#hFIi` z3<1+~Fkq6oY$FoJMEewjCS-$AIv%g^{N%|zY6ee6TD%ziMn4IP3JXO%W@n&ooQVu_ z_V^L!h6UX3uzG43uY!Nc$0@3LoLqm<_Lg}&=Ul<_t;0|yos$3HHY&+yq_P|7><5j+ z5pJWh#Ok049f>;yHW~4vm})52$is3=JW^>{vaie;BI8&G$AkNiFd{q3 zB$pYQ+``6^d0kD06Cc;cRW(Xj=4u7jyX01pC|Wz^f>=+#mRM7ID$}U(zUC906}kdj z5x-h`B+f!>KU~G%ecfPMhH7MDm0a^H+4J-(Y$t1ql3dv-c4!DqXiknHg9)8Iy#$nH z&<^%0D<7#_i`{QRLwAsK81Zq?th+4&%De)PgxOM+nR}(VFT% zpyAWY*HaiP2iIl`oTRCOl6$zsrFXV(3@~aTX|4%}{=u}D${%TkNWJfvScZ6SAfL(( zhC7)O8HzZsvD=!hn=pUEkobpg|B_FKrFh92HJ>i3%Ucwd6a7A-BPcV()Q0pGK`C}> zM*z@bH9Cc|gjw+JFd=PrC7K;nG+Z?mBc)AlnYWTphA2wva8EWR4Bmz>ry? zztU4fUqx~?N6vqTz-6|>Gbl%E@y&2umzjkjwl3X@Y3U@_gbr7FS@`WqgDu`mRbMhO4Ub1Cm$f!W=T}cjiw=`2R|bI4K-isDp53*DqHiHeq4z*2LXItq_1 zMtnjBBTjsC@mVG7O})oX@~s4Jk=>J%CMNI)nk}RsV(8N<6K=uybQ<{oNN@ccs#;iY zJYlV@E7>({K$|xCa8ve$;U&tt{mUiqArlHwMbT(iY1GVjgem_aZSaN4#dcGjtk;As zbi!L)lq^}aa3vLw(y{u64e&;nuz&wX!Gbbou|2t60tjoa1DI zJ2chj6@vRzqIo?mfzh!(!*aJOBDFTVTU@mC%mUuCI#iZu%_hRQ^mUtDno|x5V!DtK zC|hotZRH#;GAf4kEdg) zZNPpr*)n(`>2l^;uUv`#u_i}drkr(GQ?7po`J0nO$9w-<9d9KsZy=vVrZN4Qi**6q zOorz+a7Ou4IVS9Iw0mfn5Vez(gnq*HJeI@33b|7tTRNKR3~zc;nYN65!Z;~O#u|B; z{NP_he5&;hZpA#}(161L`bIHRQ3&UWXq~@m|FNqjh8HG9H6>;$pSAPC_`oRb;!2wb z5{^L*GeAU+(a^jpq_o#0*wkK=*&P~lR)`2uuB_RAvJMx0MCANR@~xq_^$krdGyj5t z!B{=iF~NQ3DXSRsuQ)nPmZFuCZ7bU9O^Bt7%K*AYIReoC%^reY)f@7ON$Maxm1&AF zhFbmpD&Bnu%NWwd7{t`gzl$jbU{5_40kQ*YKbQ_MITPCx399;n$g}-0@EAaRcZ1vM zbOGaY@mAmS%Y#G6dg&Wzdr^3P2q+t2-iVQq6s5^LKAEt}KK!H#Zza0hV`^xEYTu+^ z9^9EG$W0RBPz?tWy+YO2CV0A+m1p%D#eP>$kX z82s`Um+G9Vg5Z+8Ml+2c*>O*rgv$rMo`dXfIoAL<2^uxgpnJQC(is3To^Sbg{g?XY z%SQk$+M0_6(R201$>>vj>LH_|9Pff{mA1DwO>k9g55IS9TE!&A{4~wBsJX`uzRSb3 z8TQV;agh2jsOY>T^iXp&(+Do(jf%MP5(b2 z`=GM_N%sG@Lj(Trll}h)4Dfabna$Do@5z4S>J+fP?-?HG!;rUmroJyBQOomA zH{5uL%uJV^Vz}>Gv1glh0*}x0D=mu`hl&nNIO@>Ol%L@xzI$`%Uq#lRSjGqiqC$YJ$z`8ND7O*MM=9KEcPMkQT-2x*w+Hma~A@m007nxNtnUGcftWWM71 z=QskE9XTeJK~g)doC-6#9XbZga!A)Bvw5Z{J2J~RBN;>c?`1W#5VI1-D?AviAWtfMU5d5EY_{U6j=3S}2 zcV%juOLhdfp=$7*-M$ao58w1c@tOj5 zwP@)H7GbaJVI=45g;EYD^j}Q=ts#FI(ve3N3-886|`e2%%^7W{uMDqT3$3 zOD(uL>}!x5+1!uw*l{TSi`X(huUwlZZ$?`ZHHz0=W7e=Kn}Sxb%`EgBZ7`RWEw2J; z!d>)!3{lK*?sz`dJdYM1E(;`DzM-fm{P4J%d6@**)eUt^HK3}aveNtW@#28RTlM70 zkLf|}w+xe-ldxiH-5*WXH))E^!uLR;RrN9I51aXDE!EQ1C=|f^G~gHk_M3T6O3VBq z1`eM&y}rz4Aj7YheZe(M7#S8%;#%e9{XS=R`MddiwyRohG__+W^IV?`m0q0$586?$ zzC7Pb+oDaBexg1Jj_sbaL5M>LeQ22cHSz#&)dQpNP)N3~Yp;krex zMoW?c5UP}(d2M^!=Kd^J7N3!pQTBtD9ma09JF%J}81)QS`!;@wmTP}KB=UXFp6=t2}ZQVxk?=pii zgD>KfJ&DY*Q8d9&c8@p3LlxzOfTnTCzD^z0*PrTaYi85P)D=lHE5tlAQ6Uqnk>5oO zJ`Y7^3WdKfCOIU^{JdUA^qZ9S%9kpIYHK%0qDz~2$>RtF^tF4FoO60XsqE_UpjLM~ z&TQ2!QVqmh-0p0B7tu#`nxc3Gw8sIiViGke*#>2yD#MjGJY^g6k94fcK~NQ&6V1j8 z^SX_WEjoJ=^YJ1CmC*Ts2$rbx)aG$bH2Q_i?|h~6*tqLNFK*A!q_L4oa}HvGa z>7HX}y*&FPrk1ic|62SJo=!-SG!ki z=kAB!^L{A+t5RYYgj%u1l5&k#SH@B_(w(eh= zU$YDLm&TgO%!Kh5^&Ov}zwK^d5viZ~{fx_Fy)y_J-Q59hO`Zrn3j6?C5_Mk7o9u!r zTZK%K;|bEiDd&s5wJ51q`{>{$V*z@9ZCBzCGXofF?-8H?Xp4Z=LXkhBk$$hri{ul`9oyn(^EBH2git!3767M4^OX_g z1TEt`?{HB5h)o!D3C^h-*sNr?plR6nJ7*H|V7i^mLMES`Cd??Yc*}e5E_63`6YCh= zb?*-;G|FU>tFzLKZ{l~@#wfZ_4(4&HchWaPK<N+*LQR`dYd}8A52blw=1g_s*(dnJcAWBQ~HRE@~btI zNP?oS`L_nFb_(?E;iV{f>LOJ@aX8%suMsW!!g?L-3>nb(^wq!^7^adsllVZ(us;2! z+48+E`=$K~B)IYUpOgL6|BA@I@&APEH~$y1-vRuofG>dc-{~35j}#xfNm5XxbL^-= zJKo-MCb*t`CldtqN-R}EJkyQhn|V1?rm%#;B@3xph?mD5LlQa6sEb-pMab~diU)NP=+JY+j?Y%Y)s%P_Y$%K} z*gQqgkqb_2tmE6r@62rSlCc%w9x?t1@v0it*jmIwm6-2t}?tY)+%WLZaPwCow_blkD> z`XRY)L(piek>as-ds`cfG z9;I4bbrPxa&&Em&)d$XTliO6I?hU zJHU4V;OcvTwH+`~!@9la>QhjEnLdvBIejh;qZ2FIJuvH%FT!T4=^Z<|XCmEi^ zp-5FOW(>W{B;#NCsiAlim)zoy2xW1W0>)FJry*`>6SJ@63fK>YLZ)$XUCIOIK0~ab z$ltEFP+|;u5-KLwCi=qYZ06u`va-|Jf<~t>j(mx9QugF&2j*o=!FYcwDKA3;RWdb{ zefAHt)q*u1PK7t&{TuO=38$5E9md4DOtm+{Z6bbQ3j{i=O!>Q7k)$$34|(VuW=w4K zIn!xyY3DHgYTN*^pk9qN_V^tvh#Db9hW?pciqiC+@)d$H1d)t?C7?>WhgBCdt1Wt} zO0Otfom7g*6M0nOfI}s&M)H}vfMk+sXLER#4K1`LOM8;8#wul{Qqd(W-ZbM#blqp1CF@4{{CSudW zi7w)R7sOX!{uc%+rbUdgXe}XV>$s}=tPcH69WD9y8G*^kH~;49P@_pFXJWA=Jimkr zJ7SB`7%PrL&AC&C7E&`KRYCS;7}WV>{Mb1^`&l#&75Vg($BVNUug%4Pru6o+erPOc z)_RVH`TjG(gpHr7>`YmG61UT;aU*6KTZkv!Cue8ar&vJ#!NE^Fr2VvStcZ)378&)~ zA|bfRy$FHcdD|dWUxSuUSFTP~s`!ya4Av_wqMG-jKqGpg7p4FcMD=jkWEeVyLoYAruQyLQuB5mVN2xLo!MnR=DKsXf>Fuujr9%?6bUk;9%=Rj59~7I0 z;RN!oDYAWdSYjrNP{%2PN^o3lY)X|}#03?YXvzd0SNG@|;L1l-gkZi5MPFA<%sSoV z)IK*b4jH)|JJ(7~jye>q^F~=KR31Jll`A~v$ECFaWlyU?jV&x{;IrxIC?=lQCz;z4 z-t=re9k1M^)~9MX5@2i5~pLTZ8P7j@cA{NR07LKWSXDKekJ^2tqj}>|ZPe z(G){|MZ@gb>i1I3g@Bc-5Iub8+v&>*P_P60@Zp`z)&0e_?L$fR#g}pv-v)Iwnecp+63{mcEe zi8DGcSPYtsG#U#4X?lnXY7EDN0@P0RFOw&HR7AU)PJpqwxOfX;bm6=x?MJs{dOYo! zu;mrfL3S!EmMWwX540X334^uV%MQ7i!9Pnt=no0DDa2c^GqAPsGVlTgZd=`6(c zSd1X{xuu}zW@tJX3q6j7AH%G}+yc`@sxfXJ{p7g@G0{sLL}5{2T!GML7)-fK1~oL3 z+7lul%Vq=uYxZe8(SK?jK~@q`QxoPKPNjj*9k2dYMNUBmfY;N*=Qn{{6JqmI4)*6w zB9^xrXv8|dmh8}gtKTv`#~`E6Ed<5rxr3=lGGA^$+Et&LW;1exO+f)k*@wLC9q4ww zhS5oC8T+|zbM{x~#5}A%HJOqRgWCrtv#_Q+_t0U`-M>40&pjWDPolxbZT=$DUg8|i zCogYy1a7L%UIGCWug0muDYROL$~F}lw{2rTw>#8WjtdS7ps25bEC>GD} zOUF~z3b%OIUCl0$h`uzZHEbproosIcnzqH3R>W=pK=^+tRP|gavolBR8}IQBN4zOf zJsnqqubWz9I$RPIS(@1{tXRC`T|BqjmsP0!K|{3f<}ki6ts3vcekRG8GuJWOBX)Ek z=bC-CAl|&JP3m`6Vhs&-m?l1p9KJSC-#EREtJIt%9f`ZlHdgJH_T_779c*BKQ~Rli z{gzveMk88gb*j8_KF^MdMEAxA7+2Ybi=hw=XLTQMsDKIjVZ)7sDRHD941c=dxutHU zJ`=_hU87Hc_vZeBJ1)kT`s^r)4QBaAjwbs?J!Uj**dNtd>Aej|>?3ptVjGX{=Y^0J#vZKMLm18w@3;)W_wnz<}5s_{8 zRl9gY7(5MXYrzVU=4DmwPOQ@T`Hx!Kx!f-wj(bs>nd_ojBxSC79MWd?U!_fAg~z^u}6oA1F?~0MFxBedl5PMbM2dCWInO7q_JE)g=?M~ z1007i4N>mw{S4*71(fg3=ethl-F53IhD~6=>nqi>%nNYi_v-VcC+JBS6N@Yxe%1K* zoH$@ulN-?G=K4fGK7~yamO_jgJ+BKMvrsUuxxmCf__+ZC4jJ|7o5rDgk!R>*fs=FY zMdbB}e*!JJe}}QW?8SoKG8RmLk6WA=Rylf~J04@Z3k@OC_teN~x3MgILPB0bd|pqE zCC@u+yD#CCiHa?qQrU#UA##+bM>%#+D{kLlbdeBws)8o?IinM+RcP}YG1}z8D|Rs^ z0?WuDDN=T)NUnEE$*1t&`a*rp$ zJEsjYC3ihpzzEdQ)Y9K*!<&h3w1;$z%^`x`cnx&jb11vOV&_Fh{^Z9L0zLElx|F~- zw4;(l2Dm)o(|R6$nYweWAEjsWJtkNY1n+Ku;%Y@4lE}*_qds$Qxru#v+H7H9UQ;)m zAK(x;fitigyBrMkJW9fh=cOy3CY|LQhg9BS?(XmUE)m@blA!Jk zYtAUgo>TDh@tf%pIVmBJHhwR*KW9`I-FDZtA`L@dE1;x;j7TZiLNtk;mm135NKMZOS5w45VG-pKf z%`FTJwtwJEi)Y?asf3rLrFWJol*&&WzpY|8rxq_3{X7>uScBdeQCy}X@CORehQIOxg(^J($k8fSvBJ9B>ZNPOG1x%r;l`@$jeHM~;&Cta!U36PB_px7g5dehM0Vd`eNT zaw#>T73+wLf<|}G+Ap@x_(4tq1n}ad%W_$tUt+C#)CS;LF3SYyH(IDJJbHEgl`oS| zJ^##X4fs};s(v_vg z5GokerWvfSAf~G3=g*0A}bss9p2|;Jk_-eAwp^G(g?@*pX zqDA2*Bahzc(MOmJAAOwJ2 z80Sx3W$P>>Ufa#w{CWC;?3l*C)iaAi5X0CZmU1UPIYOW3Ac6&(j{-Kp-Uk_xr$U0} z8`Ur^3!5N87N>57coJFlWfI37znDVgNQPstPhnNVVyU(8jaGQju{TnBifK=QR%tLN zN{_f@$-MSA)_{E9cJ>CWkCam~9tP@V3U=@K!R~aP2Z;=#8TFt$J=QEWU(;j? z*(+@5E2XzMof^Oa9lwG6GStV!ffV+LK>mIzDrr)eOO_&d@M-@ua-6EbsbDeCwfkJf z1M0d$J;R)lNplL@&m*MfQ5C`TEd01ZV<@h1r}#4RpR_QGd7L;fxdSqtV z2RK!9&(~*$0E`I(-WiO{_$Tp{ho3b0t3LR++-qKL-ra$cE}wTYWuw^xxmfLZd0pZg zzQFGjq^L|@cpaIbrnl((SG>GJB}f~c=`!G03bNGq)-28HS0-L3p>!bz`;6_ z@;4Gn4PnOAPq#n?o(#t^~RqJciK`H>$z}y zZR9B~1;GAENodii!oXXB(W5e`OT@c4I=7c_xSwQ8TE}A-)ADG_hG70e{FGIFg|7`s zG+JQDu~qc_s7a?mh#N1_s20!ma@n+!F3STfxGPxR{PBx13w=|mvW>x^koU&RyfVt=!w+GpQ3E<1v|W|*XbtiJyj)13VV>kG{#Qk3qGZK8`U&OlmGrg zThRUzj+X43)OGoZnF+7aXC1uMcEL&{fcB2$Msn0L2d<&@=vF&Kpo}!R8q(+MbpvDB zzT9}5iX3iL=gyWZ&u+@}MeC9)R8iI5x8u*@b&BBpej}f`74@VMh6B9)CooLSsLct# zYa+ZxL#N%E=B>ihZ*h~>ZR+~8*Qb2{X2=)1R?L$l;t(Ybuk+DLi68L$E zLWy@By78DRYr!Cy?EVVDeO}yc2eWJ9hQsDFoiBn~g2jDzN3<6wI61h(rM<{V7Ty(r zVY_^nTk|DPoclY1Vw2Q}ZyzFp9N{=uuj_E~!tVxwW7>gwoB1Qs*tw*{h5O+^o@41Q zi)ai7h(J~aipcIyi*X-C|L?B?#L4@8-yZelf7ASbI0~RlsT42g_4ph@t{VeG7Z}&c z!G_O+xq4lst$G}uuHL$LV&9^A&e2x+d3T?~_WoA032M-0V2MXe>X$Xjg?;ZqAZ8GC zfYBK4vE@+-M_*@tZFde1)^Xytn$h3YoLrx=F45Xyc1dlin&g(|Rm+Y&eI zeh(}v0{sBEkJf(H-PDdiSNF=SD%)G{%vt)K0@AEJP6TH|zTuwVE=Se$#P2)z9ywf7Hz% z+t<0*6Gc9*NS;x)J!ucmC(X!NwQd_PEBo^oN7cvk)=20|YPhq4S^YS$2BO3B!s{-QDyp;2g^}aF9)|eCk*d1sd{}%={^P98(uyv&&tnWQ0e3MG=en8r zi}0Ck9tIuM2g@ivqp4%UbmY&m)>+|pF*W_B*D^9E_gZjrL4sCem8Xs(dr+~mwi%ci zr`I0yRf*U(#tX03#XSetdE#5aB1-OQ%U+M}6Li1FDZSyl;BJ#?h-=C5;&n2&y+!#D zhPS%A-~7ae0`vP?^7kc0cl2tV9MTSa`GleKQe7hl3a>Hk47+x}rps|*fiD}gzAY9# z34WwT(*v{p(a$$rg>Ig$I*TSAxHE!gmA9JCZvsQA5)(c#p__i8tG)Gqc>U{*=#{{F z-o_SS#UrKL$G4r!?ya4H*YnGb?#B0z+5Z1(|No2CKH&fTYJVPRc5aovIuQ4wN5uCr zdcv9>$RK%Tl$SP^wCLahNJ({APF+uzEF=vLB(J227m}Ya-_c%weonrZcnh)xgOrd* zYA~c~T!=_j?-9xeXUAQSdQ0^Jw_2E#@QNdMKiZw;^Dl|GX<4^TlEeEC1dsrN0C@jG z0Dp+bKB1BzeVr&V`MhD+ilMI}s&P#qReR09NPqJ~*L6$VE-kKb?)vlR9=RE=iK z0BR8OUn!|P!Zb^>5-2APzKiFxhE3=9m=M^M5^3s-Zque8jP^M*9r@o}pm8BwUoo5K z(aFQ*@~*dR(QbnG#p`Nz`M^UU^q0@o5#NNjminhXiaIw%t66HD7njG;Dy(8NrY!52 z9?n=PJoB?y7hX9W9F!pru{G|b-C%nXlNAu~&x{-EBJIJD51I>buPZ|}w_!P!TSXNQ zP6T+r%qS_K-;K})^lUkYbC{un*vm0BdMbu9HvPf1o{hmjAUg3h`M3rK1sbSK6 zrplk6Pnfh*#Dd2Qu`Y0&X;#S$u5@jv2pXVf6HGI+$xvZEjw7|KM^sbAxI%XQXqd9O zxYkTPth_v&I}XJA(;Ak|*Sz!o5&jL}AO^t1$aZlfYreF;Qg?lT z%stLShe7`Gnc>6$G#1!((#Zsk1wI#l3Hm!0fcVc?VDF@7@rFo=iC3s z8T5)UzD|Mst293~{yKN^km<2G;H{CBw2$@m{Ni_09`Fwl(YFp@bIN4Ep%3j#8Rm37 zS6sWFcm)M(IyqOu2*wcURzGcQp8O&B$}GU z*7J*ET*lv|l8Z3kHOTUO#pk)Qe@EnC?W#yc@+K=cOuD%g*Yvu4?@x%J`{fYJy@jRCaKjk*E41dDx z6L6{#aH#C5veaMw>U2raJ97LABK`?AEK*6Eq=6>{Dz}}z`Mm*RujjnHt`R^cs?rj^ z4?ihts!Id!GS|Id zLbjoQ+kHF?Z(xxfF3K9@05H_pBFH&Y&t|K?uLX!db;Q3r0IRfCi!{CfOY8apUR^I} zuD+8C#F`K+uw{vc>)lOv)GskbCiatKvH62nf^`atHn^NML;P31bAaYO#IgRFQD>G_F}-f0psmN>ws|YbNnA7&Uv1K27nhn*ALMjB98aKG(m} zt9QdS2?I}@V@e-8k)m5;?m!nNtcQgxGZOxU_8Whdj4#uWToXAHNNEbz8^;(7Icd-= zfal)E)Hcrs(^jDA1QGvSAmYDK;`$`fnHNjuLG+#YA1U$zylH}ne`=iQ(6M*oe1EZ3HtrLw~v~k9I0!p;FIj&r$GvT- zfJ#}VY`@R0Iz5$peKOgKSY`f_1ZcVn`-Iw~mzJDy(B-13tuZ&=j0l+binqAE=Zq`W8iS^e2 z2zou2QD;XObcnBBy{)ze5}gsLUIIPEJY$}Lyu4bw8T(wL$ROVzCkn1t0~`E7Me>!7 z8!FTlQhW!drUy3r7d5G&PreRS3u%f?aqOKqNdeGm zROq3DJUGptJf0QI)F5l8z3s(5l?vyB_RbM|*sz`)lLWHq+U0=3h98jhG5X7k*n%Ih zl!&E#l;XUxXSA!*Xc(h|4bMD+@5!k!#kG{Y5Yy-DFg|nR}XM1W+4UHk`K=w5)GO zA7Qz2QREWWYrA~sFvZ!_g24aU{wgJqW$5VwBr%&L>f}R z+=UlweMo-p=5HhjH{ruX z=-u|00NMUO_`C=H+5Y_aNn?{+z7!uow*M~(t3PhV%p4!NbXzFF4BZJp{l9uQIux@V z>^j36;ZNi40E%9Wuav2K19-$ zyQ3n5X#ayNcL4!qu4ReXhqfK6>dBc5SLHS}DjCqhlYG!wNrpCd1e^$ofuiBh@Nnd& z0nrK9i&;Av_V4{a=3c9@nV4?8X+&^C?FVAzt~-T+2jTR_p71s?*+YV6Iuf&f^cp_J z{R339G?RSt^t?}&AB+PFa%dy?A(3#aNh zU+QvvyYB=JKKh-WzGUo{ch>H_@av{9#-Msi9}YUMe=_Cimbr@q2y)52AgfYlVO(l! z3rAd#jgAGf;7p&8_p+&y{+$TCIeq)z5d62um3Sd zx%9aZ@@GKxzYWWQ2cT|M<3k8$m6Fk2+>%%rt$mv4HNbB)V*q>{B6_f|

LtKFc!b zDUl5QOV@wuf5=3vWcWB5xjOE6?mQi`0hb>~!@_kE#9d&&*HGUF0**oxD$u*ZZN_Vp zg2FJJBxXKS7Pu^coweA8_kn=RBNH|A6z-t!8W@<1pR(!zL(07xW-ML_uOB7V3UkI< zDMp|~Bs>UKbNLjqNAW)f0>mV+ohe5Z-iJPRH#b7Le+L3F*+}-{pU3_y{-@(OM8Ih} zo=(8(aPUS7$+cPJ`cuNMNh>pxy_<|_}lnHzonYF7B3o{;Sj=i^hILj zzCCg|lHJY>dK*a2BsvTPlDw*D3$A980J&_6Nz1-e&jw?0nq_K!ElgMU>>_)5^89T? zO?rAGvSHUyfbsqtO_dItSyoOFatjd^z0m+j_7^wnrQS^_Whi7=Fy@5&UN6a$t7*_k zd}F3S7~WgJ3@^b5s6O8&m#2+>S!YJ@?V*PhM}J~oHJ|Aq2{?Ebn=IRjJ$md@hdVV> z8l1*%kX)7!eF~g1NLGFMJ(<1d$nBORKgjv^vb?j{Ay|7&Tx|9_92lwV3LQj`i>@ri zn-}S@K5{t5o@W@CA`K(X8h)rQ&A^C~Q9-Iyr(T64ROXM~u8oUhuZOtX40F8CzsfBP zeT=G-mzVfOE|EJzA*f_;9;Ifb&QZMiI{{p3aSg5mg^Pgvh(eb}=P#fLj>t!aDzRgK zs^n)|8w#m>{q;BSSw$9~A+)kz9@sPiqAtA==tiP3Y|+mpDzNp$f@C69IYp7jlHuSo&#g%Rjt38K#b@%20s!i2$V;D_W!_rtHtH zwKe`M)p&vWVAb3ooL0Cl{yY}eUmG(#q^ueZe*#!XB{~8xU5M|Y7?S6GR$Te@SB=4-+b(L1XjrmzR1e2+ z5({q5fAarbQ2viy+Dib+|G)gp|Fe>elJG(KzfU?d^Aq-a{!e#8f?zljECf9x>7%k& zP|%TAHrgBViRAyt|5rfye-i1hHB-<;pfW4>eIh`sNHte#MA2FCBmFbreIfus+mG=3 zdyu>HDV$Qm=l6-gVb7{joe;K^WMURRb&(x1-1?zO3x-`l) zh|X0%+J76A|Fe|Mv!4Ut>8wk+)nveDZ3v_No8)_^W3gf}BsPdi z6a9bsQ+O1@jcdVtAbTLz zboWV{YIv6ESHl>Wm8na;QLlOO_0Rp@CjytCi9kJQA^;IE!5;ZxV{1wr{(U0g$Q^Yf z_4zDLO(Hl#fZEAG+B)%1GJ)Op0=bh9XA-v3%xbm?h|apDjw#O2HcFu8z=4hlsx!Vm z7KcX=z{gj!u9U%5N(*`I9aL6q`JZ@GOeV))iey&||D-YrJ=PRfV?&ZqVVARE@7mmNt2G z?KOw=^RKv|9?Ch*#B}HWThCn0b?xd$gwkHV9NyCac#Len@1OF!iZ#I4#9uQ^yavgl z9f#FXoRuIGZHUi`%*%t6{A3|7bbaxP)a8P8cfUE=&wshlzz4d5+)d^P^#!hvDeI*; z*(2E|mz{&2&q)uPx{ZxMY@jOlDFEE+qOzHbi_v96&aEq7HSdBpBDR4mMV-tS{fr|C|#o-hr->P4B#4=1RUp-TBme zsksi#eZ_~4b-pRCa{&JQ22H#V*h zJasmS6eN$lQ+U7L#6*joYE&uR)ZZ2@de44!%FuLz3f>XNNf%@F)EZGrnv&Gr3U^8h z%-M~{Z;1`7f9i8C)A&l~oLTX__>#$BcH&p(V|If0#5eW5(-rLSO7|RmYG+bn!fkVz z)P`ll8gr0SKh#($9e@=u3KxL8=f#nCCAIq4zXN#tyFZ3C_)n$^3Znv28_oIshd4Tb{jxc7czj)jtIFgi-u+At3lqVGW1 z=z$I)b?)jfNjJeeJsdR0Q?`nfgY{+2M#?td`#qy^n0QzR3r`D4bXoaDv?U6`C2*x~ zu`hs>|0p)@-6tF9w&*=e-Y5PO(HUrHZbd)=vxS;Ud)g*GDVF1P2nh;Wc2Q0#21YBt$<>T==4la zD2Vx|*_$&%aG(mZz($3#p&8tYjk7@2kCoso?O(|SqoYr|!idC4(g_4P|2R8boBbf? ze^)x#D}*b|OaXFv#(_v8%G}Cgt($t7cZMF!CYKpAC33QAQpA~{!hd|^_;&)oQbpb` zd@h4XMkW(Hea^&eT)$(-H`W^aj zY{JC-wQ08PI(tA}fOo1MN*@18?$D3aZ1^x@&q(R*jvP^Y4BNKy3ro0^GvXGUO9B}= z$@m%qG#7A35y|_&{!^Hw{MmHe9MfFQqjRqX>$MGz3?%*gWtBjn_jvd>u`a|#LJhGF z%tF3P|2V?~&MA3l>&1}=Q$ASTXiyrP{ObM%HxbZOzk@2n@$Z%$>helC?$&$JAnB|x z`WISB!O=11AE7>A7)RWrR1mj5<&nToiBY`o1rRH<z*OzMD53@*Un_I!LsjrfgoCaX?5Ab?*N2_@do-vwU^3x z5cO|cSOXtPEd=@Ho(Ca_cF5la9g!_#z&M&i)@`CHY2xs2oymqA8ED$4Q2 z(3Pb~DSj@Fp2Yy+A$_=avc2ww-ci|YJuM!}tEpk`%4RR628+QAgG%_n!N8;R-@yPX zpQNeZ`(VKAeK0Vz^qJi|3-V8+#Ix96>p#tV*gjc^y_Vh~3z9RIC?V!F&7@V27#%9f zMxNioUdBidM%fF{W8BBcJ5VRWKPTwg^W#9!yq8R5TtKeG5q)KbiA8?Tj2){H*93)q zKsB762EszwIJzmK&*;CffBFBy{&DP7;3JZzgr$NpzwYw{qqgp4s@ zcPl{HzcrfrkAK*IXZU34TQ(`|S_o`}VzL91oSM@|hD)H+z2)QP-F*xa(JLQ_jZ{3> zCK#HfyFE3PN0LH)xDqldn-o-2qN(iMA-GpX_{o#F-vi1V#f%)?E3c3xR_1P~SJAPL98m0qR`8zmtK{C{mT*fo!!RX2oPf z>^N(Xl(SHuhUqxY(H5QFrGH4dftGD}4qO(#bF}*d;Xlfk^{fhaVV-x-k)pP#S_sDI zOJ4`@^BcF=Q;P%K7LW#D zYA_+)6LD9#<1&qCVJ#m$ZrwCsmeAbbb!@{7sTwFa{ulZ;DU<|3|D~N#Y?7<0;z?JI zQAmk>cEti`7)5T*R3bEv0yU)Qj+@R zSYqeab?rIY^JV4S2dinJ?}lP6U$syi0S*jqw_!T&%CJ&k{K;G$K%H0^Uc?d zg>oj!mX0pLN;bjP+uKD=_vI9}yMUqZ1FP&Zi~O4AwCXF0ge4J{)Qupbyo(X`(TQk{ z)`+K~haUd!iosn4ysa8upRP?tXWX(knC>t0|A9~zkDuR~M;l_|* zAmR&gPvOuq_a2??yY+GFM~si^%7;(VZqH6CTIR55e@SVlA`j`5V5ZT`!7T-cg5UQ- z<3i%>y!1jh)+@5P`z7w8s=d9Dd{QOr5jWVa9QyIC9vr4ssNegs>9mKgEt=VsE{gT&Y#DZPgAzzjGI=b<#z#daJ87 z0BQATK&`rp+Ae6V4uetc;OkQuvY1|sW&g;6MIOjub9rVO_-kjFGXL);tsL^4ww;p++K3ZSi_b+;)P|+YicpW zg~UE(X@ZphfG*kQC&{J1%D=6Rta3LV7M`^#IA|_ljjRCRQgF>w46G!}&n^@j*+vz?cZ0gKz`wdR2|y`SnuZGs%NBKGwA)s3K+ zC+cLj>gL>>cW3^EvVwWia?*Fk5^dOm1iWHQ**lB+<1dntsXW zErE$|+zqkKJ$zG8KgeTrj&hdyETJ;EDSL+RY4`BL9ymo}+^1k@^Rqc}`gaOvnjSf9 zA5q?i>L0FS1BDI|*@iv4QRBrK5ghI##&1={$M8ux(q7;Wz4Q+X-i7{m7Q9^0#Q1o! z)^Y0{;>y8)Er7kfbkcS#wadC~REz3bts~X71U!r7!ZVbfTj0XM*?s4poqtN74?aF9 zsJ#T<6J6?^A6zrv^Q9GOA1)x&ABS}bfB3n8UF9Gxl>DOb5jm~rWEJ9__*c<><8>%3 zlRpswK>(jv>!@Lq$xRD(HGr)A{~!Qq5Co7GH(B=%0SLm-f10%zH%?MScHRLI|20mU z1|Z^pBsXTjtsI=QzM6f?mZSB-TbtHhsMIDUl;NWZ$CPHchGvpBTcjmPy=gZ^-%2IK zHd-IP-M6QOXWB8hw?^jdmrxaB0o@k1x3;%GN$7TppMo$xMlo~|W+4c~S~X`6#C}EU zvx<_K3RdeIil5AWj_L<+GafSJ8Qx+Asa0$0VScufI!Q1K?)ZUF4RA<{a-UX8uUpOE z40z~Iut_CuQF%hpj{Bp5+3r^J-TQLX=k0C_^iHlq@j1CrW%$a%g$Xx_uh9b8IB#8# zaiake>RCksikv|1ilN_xY^3;SC7i*&vDlvl`FH1 zda~P{ylRd*oeqc!&5k$1O34)3>3ubWm5yN6MoPO>ftgc~1<=qRbRu$)W}0b@=}PV* z`%zjn9P$yh`U8fYjNx8OVM*9UF&07cGrD<7(1G+FBk>lS5AnZ^Y%Lbczcbm6f9ID?b3m&2 z=K9Y9Q0aN|6+-ZT0TGmlm7SBs0;n$^(6VlXC?BD=>M*i+w*Z0& zXHOV2PGs0>5?A zbs+1T)F+VZNF%-cqO4gYi0@ZPtik%$e z8{lq1yVl#XM7d1B*7lg}hH93a7#bQHe)LOx`nf z(#LJQTDeYmh5?p;>(<;CqV2qTx(ncAu$v;JJ#^S{yzCbuv_iKd-Jb3Vt|I2*J->W?S5Sn3N?UsMp_SudrwGE93~|c^B=YbH=;m=9E_2F` zjd(C=mbPv9Y$6#Hswp4O#9FT%dP(G+A9y{*;|kZlhw#nYgJUVQh#t=3#!0C%I2Cpk z)_l2Re1`xe=HfNXUw;%TQw23?^~F0wEZ#GzomBkR(JeaiQF?~}B#Pc4fWm>69;d`{ z5>-*de8s>dX(%Ha5b>Y9832kF|Nm9sbefo=J_SZun#kZj} zc=T?QC%yBZr9c7#zHQ+8#NH|N91$|K%!vA6}c7Y#$Tq+FBRegVKinVXWuqzHla_k(;#{>doHg6`dJrnSxNbJHe`Q{sPL7#>D0adnFf5mc=$d2=E{`K z;4U8JSVK_#!&*!N@L4LXb?Dn6>LTd(cKgA8T{Xf?Jb#i-IyF5v->ocO{47Dcl<{D%9fD|$~7<0*Y zfAxrZn&4vkcbejC}z~6`O=B26y*bW;}w8bgQ+TcPo zdI#KkGe7|PRNXfL&v$A?CM>dQKgG$|`-2F8j35+Wy~4T9JR@H>F<gzhpi(?*xJ8 z6VPW-__(%Nol$|G@I376Zq**Yb#i`nf1FMIf?zv6xc%DM*r>M(Tz~C7`}=HA6+vj) zK^C1dk$V#z>^=YQ0m=S0;PPtnHl_0LBv4$VT&aa74}89_voJ2$l7c&3eGup-me{Tm z(&n&X3VF(3C#>egx!lzVmIMv=@+R2^xOXJJVn9^olj{|)D8r9A!-Q$)BPdu~Sc5T# z;6NUJ+apgNiZF~lq*aq|P~mmk4Q#8`J}K|*TCGJW?obgK;A?-tMSCdj$MJU z*e_)U`y2ni36F(`T~;u|exAxX;OvBm{Ty|9h4cK0&Y~SQI-a>0&JM-bGl5!?mlTyE zBB*Kad$EkSlqtFC0y-`~s>)EPa=;!Oh20Q(9;p5I`^WloTo348I$3oA_^=NfgsR6V z+2Pg4AnJ!SBmO(gq5j{ZpHlIVJHvdKek#19=aG(Y~4 z3;&mKPS)}#Rs9Nrch{eIP-+p9pT24*a0i+0M-SLOLoO)&|ByuQ_RAQQ{*%|Px&2H3 z5x?zA+(@(jJRrlV!#}8il_i3fJTnHd{yE6*%JA)ROAUadHa3nl;gzw2%pgSvgDA|n zmcRo}Ev?-}2sd_?N1yfUJ49gij`lwLX#b>v_Op9R+gCY=yh`?6ZC)noP+F?5u&CLt zFXVR`Y1h%=_s0biQ>s37d;MiWDMchkEW=Ce&87l=eb!SBfVUOL3^duFO`_wVTg|7Z zLsB!=(^D=kV1aN;yd&7z=GUs~arZ;8?PRVLyX8Lw@5Dx4w6~>eLAxELL;)M$$XIk` z6O_>30y`?sIr`hsp!7eK&Widy{f{#})ie*D*2WsE#ldr%0KVM=Ir(BUGqV#iZe3k6 zh=xvP_7n_bU|-!T)4L<7nud85WvLIshrgaJN1_u5ikgQ5EOmfC2-XV{8_lJafZsDXDnz41bV!z$mDjUVS0)T zxuEHb4V2Sx|I{<=Ys*Eue6{*Lwe4&<#*6w)t?*HH)?Am-K6REeN2BZV2WQf^-n4$D z3eacDf!k0^m_JBV)H5P{uX+F^tb1XqVv1sQR((r|Y~NBtL8w1ASccX%(_V$W?NIZv z?^d2=#{oq5iRWU|o!{BO^_FS8pQ_0J3?i zsa;{b-~_FDf95cUT&TQ>=&fIE1($HCH*tAvy0j!eM?R60Z{4%D&m+B_M`d|av*QR% zZ@gVzgCmv%yO)H{@cB}R5_BP<7saJs41st9@q20$# zFiQq!(qL@oU9(=AUHlT4U(2;PlnJN+Xy^WUtGQ?~JlwMMC~UFZP@_KG6Z{z#P}0;I zi{|hR?xu+Xb}6!tWdsd^_*J4S;#)-$5>7XGszVOuF|es&L<)81AL`Fc#0n`rHUxWi zVyp}qFJU4e?%;3&3lStTR{AgeH=~vKD3{tP?Kq#{Ru-mG2f9IY51S7P|9Lx^khH`w zOV)GqrRH|wyAil`<0puh2CxGOTmd|G?Rdnh6SgYR-+>#tjT_%Gjj|d`U?ti~=hL6y}i# z-^{ZxP<=7JII7*%h~jjdO#Vbef%nmTber*f7Ck!1Sb0q#BFM!0pX$HHw^whq4^sWn z1@CtPO~#hOII)hbv4gx6>kI4p(>{siR;h+j{VV_JM}!=Hpqr8mi!k2lWI#&x$93Wr zfy@600t*u)GR2cw0ew*~;Gw%SKI^w^Y$?B2>tjyb_ws*OJR6yNY$lxO<+0XF0#yDV zV-IHYfu6LfnY$3~-jst>|LK#noLG?nf6HO9M3zb|oXk{F<;aV8Sa1nZ6oP-{zlw1< z=E-LxbCuY<6e+R~XQO^RSOV+#=2{?pP$y4PIq_;gOwo*`l)1hQRQ{*Gm;Y5lpz>e! zf0zGQcb(Mvpz{A#{BQYR@m~IyznA~C@8v&+DiWE=)R3)PoZ;A^!+-;y%GbcU!jF21 z^&-ob>NzbbcUYC=@{g3AKXfpkN8qFtJLX15zdQxuTvCm7Zb!5xENfiA(3h(#mZB@2 z&#GtmBfFEGlmCu_<1(!>07q%GBy;!_HJpWZ)jGM_2Lh2)Oq=O$n0oS{`Y zPO)ROx2LJ6<4Y8lD4SVDKh!PuQp(?9r1D6>69_pseIOHlq!b`_X*eCP1(e5sP-i}| zLxU0}5~8P(u{QZuARxVLf5@+SR8^XhIH%_1?EVl-(uY|3m_Q1-n~LtB37ibNMca^{*9`wao5En5&|73@mG)9*J8Kblf~6 zU0{qP!e-cVXT@@8(ne0)QI#X1ha$kDp>bzf!fk3JRA&RVa@cOZdvg%5GI#b6D99U6 z@#K1`9Zm!G1Tr8AnN91{_H}Fxf@D+n@Ix$?sv^EPv{87@7`!vNKCn7`*pj+IKjG&X=bK#_& z8&d7Y4=9$X&(}`pSNB~V)rM3{rb;*YI!%!dCo(T*m}Q23`VDz&Vwi*Qk+}@>WKvFl zDmB=l>nlF41$b>Cftze`oOj8lX!n)R9;nYFaQGo)fvBT0|vT6(n6 z62iU9#00DV&HC#SSmcs~2JD27*Gm{lDmhGq>5{ys{|x^t{ontW{{K?f+BCJ0e>hGo zA+q!b7fNSfzr`V=5AKccmg>@ng7Y)y&ZE)x-uuN&q-do!6LVWX&m@zNtm7kr`D-j8 zqR+u)BiMq7qegxyP%{EhTiN8zq+FIx$I&U^`~W={^4&gno9$PO0r~?wygpP(c5URj zTb~0X4qcvYxNi+Y-#U6!{eQXs=qJNd5p5xel}}K-@H@Z>0N-JTf30m0yIj=Y&-B|R zU-Zr&4j(RGf$i_<|Cq}T^7d?o=&-tbRBr(r`1Ar5BM)T*Cb;Wry~on?O$b)O!EJP# zZL3rV)i=BI)Q1BltNFlt*xh-S|DFCnj|f;Wnel+q|ESxw0m#pH;WKip1C6cq@Jo(1pbhi;c5((AR|~s0z#AgUo*HigK2O3s0qd8iCz-a=eC6 z=;LdXexXZ--OgZ0*KK9~7ys)IMaM)(BYKEUX5Zgs@okSH_Py8PwT|Q4$sWrZ$QF3Cv4vPP+ zxwJs>|5q*7|0DjF1q?h-U|K|6n$~g-fD4hQuOzl&YpY_e03f#R9kB}Z%cV!8MFKfL4*8WwwG)`>NZ6R7?l zi~Q+N|5UKJ{&nrY)&Ew{B@el0=cOqc#$fYb>o7k;uHx>V(hA73f-JOv4Q>6e_ z0RoJL*jVPzsF7l?6wtkyyP$cLmjpa6JjAPI4Y5ZyNf7Xi4H5(4S$hx(5$oQ-5mESd~d9O94RMsoPfa zgKvH=-h(|n8B_FAII=WNF|SqVR~qTwSY~r6F2s;X=>)I<=^h1!1;mf)2GfaE`eQ#& zN!ejwC$T3V87rS+NX%Gwzm7@pM34?8M?Z^O3TsL2Ac{)d#hHSe!v|G28GCtuXDmH2 z$FNpah0cadv&0D68-i7uJBr1FmW3qHS2}dXz(6UI=}@it*vk2off_P~>7M#4UP=1f zfS;hg^1|e#vJuc!3A4JswZDGK_mvl|Go4qAWLr1MRHfHBfX33&Fw8c~&7U!sJMbA9sHQ@<)YlX>T9(sc6K_xHL(xsMJ@V6J`;s8w4;lY+%6VfDC{y*zX2FjQPjqc`O7CUtZc=0(%Mv``5&m zIFmM_3{#Bym|UMj^MVV|cakYNpCdA$T4^*JG3@ua^xpZ#SK;SFmH&&qy9kOieDpmJ z1QOhx;O@aSxVyW%yGw9)cXxLu5Zv9}-7PphP5$T3J=WYZ!E9_ z-c`1VH~HiRIVdYGFtv8&{!`RaL1GGOPis6JR{6}HsUOoA^wgz|6q0A z%^itZxAZD+_?;kj#WaXiaKrcfG~=*4l0SZLsa{4)G;8l*c|S_60>C5!EU{k&a(5F@ z$cR4`09vqo^mdd%ZVUk&JW30A4~eXT>EvHwepI{#ZLJFw5xES_3P$2cVg*Ew{n{jW z1yJGoW4nnVlfeQZh)4KcXc$DpZWS78m4UzF!{`gzkX_Z;v-guP`zfGheHRqSAHShq zB~?gCw$x%pNvLAeegH8_83}YKVWX7 z;=pHZjf>mu99@0B~|e{}%(mFZbV-e`ldM!hgy?>}LFwTS4Gg0npfD1UeK_aWwXwajTh? z6G%qsuWWuJji7?J;S;a@EdPxEo_`2Hl*sthYyUfkd|G<{(x}i1`Q^$L6Ly=i4NI)N z-W8@}$VC@aCYweipl7E}BWVbJ&zx&X*4#Fu$d&dBRL|PRO|X?*100*^|p0eAFke(we%pWAwjbMf@y*wQj(}>VYSOXSSKm0 zH3^kRr&xI8kh|m3#)SE?ApFZ_CUl06riwiWUVcsaqAE~%<)B8mqlG6D&Q(b*y2L>} zRY{oBckc!U>5DFGUK>yR3 zl7;CjH_e8w)Z-U0n6^pCi^U~f%L8NG$z=qhM=aYpX6-NLd1ZR$lJ13c<$3EsogA!# zWPi@vt|IcL5xRk9d8}n$8RB}7&bR8C)tRLN4yT%A?lQm|&W+s~1hnqP4$5eX*1Zkc z{%dPAdN)Np-KH<9O*|t(-EV(#S(D724kJO!+BE{_q~0d$d2^!J#H7U4$DL4abMS4N zPXoXWxfFR&4tB{Oj5z6NsRts!e4Z+yXs({D#&WTvrsY&YxAYI4y|Dm+YmtUou^hD? z4$;?j1bj0@qsTi1{PjhNiG2u#cu6gw0q{dD3X(V|u7i<@=Fm6}gUM*-Vd+ZY!$fjnHX*2`fT0dX}=9Ch9>Z~=}ZJNS?20(4(8nI2)mlUfd zPiw4C10YY$TJj#cPM=VzfAHXQE z@2pO0d@s1h`?11%whW-c!`}>EnjHJmm(mGfKgYXTxbBX@+v~nMa0GTx2M(p6yc)Ha z<1MHWe@IDaGC_aXvzfJa>~!`R9(@=jm_p3vOPgVTkV=|RUM0B7GPs}4JsQ`9Kk>*R zk(P}EegA58)_w0#67NT+LG`j?5xvH3de*HK3FJ1gEt@6Ti*CC6gudZD5|zn9UHZ*X z`*y0fC`;JOEH0C_*RByay|H|~ZxcE?eJ($g<&&2*qkZ7_2qK4o1VBQlc5U1z0RT~8 z2U&Ji)?|Lj1o=q-1a45Meo;GJJQPCfw6E(iL5sB#p8SeLnu6lIM5$a_Tp@v#0BWoU z6acWRCt3y&;A+!?mh}4vi>KBh|D*e#-OV}V-7V2a&;!@Uy*>w0L^IGMo8+?e{Vn7- zZ{`ou(ie|h(6VSjDrwp)NAaUce4K6e7CS~cDiyy9`pqEJ9}}R0rcBMTd*C8OZkd^$ zZ|5S9{$!Lq(Soa#wn$ks!tL>#ScJY(z8AG{F;u?Os5)Edwd|eH)w{Qk zVbt0|8uS_w&L**W!s4|g48){UFDan6Apds9!vZx|Imxh&r$32A+90ltRAuCFX2ERpx@!9hIbbTe5 zG8Py*!bKM}#2kV{x3ig+O;!EDyY8UpebGuHnA_Q`n(3j*+8IrF5|7Md!FWZ4GKnbNm5 z=>P(hiw}pJ=BChpz<+aWH~ndP+v%3qjcP9#Wp*`e+Uz?mf;xx{!I-vY09v(%h;)cveIxTw6CFV1u zhF0P_M=Cu=1(M;EP~1{COJwRLT50J(-rvWy>sNMoel9=+;He}<;4t6eH#MuSLY4Qx zxiW*_P5mm5b%a3?I`*LUbNIm0p^7La#bX;GFM-jGaD|otxQzcP_W!5Y z|34`9lK=>=C*l9S*uN|QTIDHBgI>;xyVYXE*bl`*3x$)0zSNjp>N_yv6U1 z;3WqdP%i9bEn{R$pkNs`P6p?vky^+XaooZhj)H?8EjcaTcCOHIi6@vrs zSKjxyA{b6{aLM&n77WuGI?E!EvlyyXZ;?k0L6`Kq&h>_q2u?CTd0gOZh^B~>vVVgp zxe}$d%co7l7UJrbQ5ujDAFELz&FCB!UqQ{Xh*n%+1z*RAjFUuEX~c*r$v~RfKqC7_ za+=Umf=T7?{%uk@L|VB`S*nWryk=ux^<`ZGkPt7rs9p|9HwW+#RR%f)*KSwxfR31{ zja|T4n8oQ7h((xH<*8oXUvAzJH8B2?tny>UlUS8lU&(kVZ&2~&*sD@`67*%-{kf8Z z3oOcT8js_x1j5q9cOpU-v5jr(xKH07_)J&bm0sCaNnH&Tlv(&$f7tB(^ZmmHOHaB9 zsx8fQ?Bf%x>)do4cY|+Oq6CODlJ>15DmD8QaYygTlas0=XdnY>_KjwTHk(IRouP9x zu{EpeVlcM&;cqxQ1I~9K_*~*IxSw6K`zH#_vDTTG_K)j25v>!IGQLLBh(k7DO&nIZ z70;EfQGgUHD`lYN4;927(R|%bSP&dkUG$OyJ1vhHjR&6Ks~pIVsnKoK^W0DURTl+( zDHC&COrHK_%?qPa2Szso@YpD@__zuv_$~ShBqN&l30WpbT>1^_aY;uOXh<)K9&;tN z`f3it_xhYQX=fpD?P2H|WkIS-6LqnCd^2sH3f2mrokuxyBFMZ7kle56jTLz~d}w7c zY!YEbg-qlUvTTkl$K@IP#Qi0Q0nTqPnuidT^4Xre3Nq{U zTiuFxPlg_nX7)mTp{=&$&^tU%&7}4aryG;<-EInlp z`ZWj}u!`*0U!cz7Q3l@oSi3`RrS!`w#tJEX{X;YE*qM@oPj^RR=xfQHMaJ-ac0vl( z8_BiFKF)QmOR{wn3>fCT)_oW-T1NuN``n(jDl#({cE!3O5}%*Dy&0aKy9s(6oVz_M zy>X57)-~MePNF|kPxKlMj+~{KuHVekJagSS4#9j8;Zoz4{J3;mT9*Y|bibbX-D~>% z-_G?n{_9+S1MqwA_wT)-cOU$mD(v9=y-W%z3g<3L5Qm2ct{|Z6zXq0Dox7@(hb{o? zknG4PId<&>@>+s){v$DP&@T*vVs!q;Wqj&1GID`XnM>wUX^O*bHD_&5|EO?|X{7UD zf(sS6j;MH-Oj8+p>KP((n+Q(+^6WB*9y}A|wCAWeO&rDm!HjZsu2qHC^)QsXY1^WD zh+m5-j*NFjc%+X9zkrNcKZ@}q%@2Ymh}m&veGsudCJvGJuv9dZJxzUNi(LLG`(F?Q zme_j-OntVvYrV6`w!}GeHit7_hixc;Mb37>kuI7Z-!o*3Skk~g#O=A{|_+~8-g720x;uF zk%0xP;eV+AED-fSjLEV859*I7N_yuAME&`IsDI@j4X#bfNNN7)lxiqnHJu@-AwrcO zL7?NB0B5D^+xOlqQy1+={jHe88q=n@V2XBov1y5%p{DGcn}=&4uFVW?0qsW@xF5VjZR6(25jlOW zfA8qrU9-VIP5(A89XUj085d*{o~tME^9JT4T(qkN@r2x}53{idRTz3{!9j!gI&+5! zf3UEX+&v(Bal}rZDQ6#*F8oZlvJ#h4xRRfDaSj5BR_mR}z%z4LRZDaghvFf6DKV_h z5Of}s_}tc?X0if&r%VyB3W7yQSvpFD*b^{Vamv@zkMKu}4N-MbPK$`6o_J!pX&Sbm zjV{%ciS;@Y@O}lb|3$#X#Y@fs)O>(v{7Xe+1^sv^FE?6j0a&tj3EqX7a+4^$fk|Pe z!rT}bGemF0j7<7cBKMpl*O5uXmF#?0UEOA#*@{ITLWd(#j<(t3jNWCuolC(6wp9DVDj-F$DLs0lMi6M9u_h?MD)#b{Nq8g7Qd}VH`HTe4A~KQ(6w|6 zUcy{c_|iX;dJuTT1d#Y7{k7wXCVnA1@)czMptbIA?*A5r&)-gI!q-uRH1=I&w^KSn zE$=VA)|k7$ifKQ;3JyW|{%Rc!{WxMM5ySXEe$KR+()q6&wqJdJ2!Z`&_|G?)(k?g@V#6al*2Y5A^zEWnERZGqBw(Rd0 zE{lKi2F~VFy-EJc=R;=}&va^SGnUx%HTdo^*i(51vqY3=!N53QOK%0iln)Cjcju zh1;j^F20AxctR{}+NmTUmxLuI)_Y~_QGx%mh4b@W&WzDN|M&ae(Uug_;oW%0d0@J4;a-kFvfrQVL0uFzO$>ySs=2 z4jqxIj8*EaIc+qh6c3%v=#%y-`m6kx=#L^YB&Oo^OBb&>nns~RP&B1<1j8T4sgop& zzcz+pz9ci#e30Zid`|F2KGT_IEYN}Z3x8}KyWaLq(k0z=wW!fFq6Ula81)!bRJ^KD4wV>A?87GYCHDsmC~^?b zIBR;N?eO;V$IRU+yO9SELo(Rw%Dg>uaFv2fd>jvb2dC4#XLhaug~A7 zrkd$I4r9a z(F)T>OmslCTckhtkr$EYpFfLh-wr$I($pN8rBG|}`O~O0j(^)vRf#7unj5!qO*D`? zvlqGdtK0?BToR^>!ZMoNiup(API;05VHC>HE&Y_TOtMsiho$`oXi>A_h9ve;{rv?ZIf zt5ulgnd1)e^n~1rNQ99Yt*^qNi5#uzX7g=bc(MINP^!e_C#pST4my2T#(hkOvU(ISlq;t=y8QtU2IfGB_zKMk1O8fJj zTdic69;lIitJPcFB7=?O306}`Umo=k3rMZsnf7a()m7%8EUP&_y}c$B48>KtBNv7o zW}@6}M5oEf`x~9;Sp-SblJ+7TR$*%PN7%MAd>*RlRBgnT`p_gQb6wyd&{x9#i<_># z4sJ*9yb;_jzY9+L^~#ZWDL zrpK>uR-8t9zk;~(bBA-?1)i&?3l2sD*rB-f#w}PTI@WukGs-8G75_M8gcK0a&D$~W zLl_CivxPzy5tQqN>68iFp$mYMfUG_A!p>qum&WH5=N$_Spk%#6w! zhoJ6GEjB)9f7iqSB=@25_AZJzNMay%QZB4A>39n|64)FbDmvxLHW}DtE93*!Wd0#^ zs@`C9dh6fCk8NH))R(BF5ox#j@JE)-(arJuhC9`PUnDNLXuT4DeE^RhG>Hye9K*m@ zOX{;RbIpk&g5~yAs(&Y;tEP@#*eR99Rrzy#l})e^ZDaMT1!+lXgRG{JWgTmW_oh(`L=ja|K`O-2;xb$F;AtCKbC+Dodr|FNDVVN+P zSo~@F3lxH}wrI95_p$2>_tcK-7bM8Q^XSzzcTLRZUN2B8^3H>Q31-zaJ7p44gAE}K zNb&7~MFpF25>jk^8`an6DO{{B#6PpF&`lR1Z2yR-(Mu!82-`dFgq!2BGRmukYC=CS z(YAlrDOF)pwfYrsdW}$u@VYH9V5*1TM{#YA{s&fp*A#2(CUj4WQAKD271S6fw1X1c zaz`l_1+)`mJD74YArHeH0axn*&MSQnptKyZ?1MDMRkGcv$#If!qmB;n>{N{cT;Mu+ z#@qlelJhGWWL%3943%}nCN(@@flrtO7t+jWy-r=$0AIIWI@Q0L!`F$;UgElKzo2{0 zzVG~Px|<_grHryk9;-U^q)aD%(-14H*K$t%t>|~=%^SuV>!KqL%KS351g|yD*5#rA zAvHp>dHN}DhtAX)C;yJ!S-}P>(f0s_K*N#BZstLGL@Lty03&6W{DdjRMN$2$f~&{X z!c()X*1d(tZu{G+wn6kOz~;xt%`ayFJ}&nmpf%-Rum9Hjf70vc{!g#}KfV6{^!oqP z>;FH}>tp}_z1Kel_WB6_yVrO4-@SfJ4BmV9v1NpV&@=J05#!wzgJz@oS?>>Mp$kq&whWd}QcIL3b^U^UqNp&mXa())`x{hbd}Z zBRNED`^*`ogRswkZQXf%yQtP2>9ipD>gEIGXuODV0jnuoKBv(JF~JY*Y}`Ve10og8`*D?qhN@EqyWp{)gi^ zi(}W$Ds^2cCvU$XEz>}kv$L9}+j@G_^KWslkuB!w)qaiBO0|te+zJ>AayC0Jx_;Wo zw_FeYt$TT2-LKIMB|X?@Bwl^=b$>%qD*NT$d!>S? z3qeUpoXW9LAkQ)x&K;jfeCubHy-Il*5+?0a#Dr^eyioO@mbC}P*BY4j{U5jNVM$CU zz$n@vvs%Jt4?Do~C|dop%a##uxt?N~zaeF*7FS9+@!%nOFQ<cE0Y~(%(}W0CN=@gMjtJ&$CtN8t>d?cvE2wO^qgy5js&qr zf%?ahIhdOZac&--tk~;>U0#XgvA)KYiwXlDl*8|Jv@akcSDV=rs#PNE=w)Q#E~I}1be+zl(2oA*|w+hCG2n>Sm1o@bM3`HEPPuLQH6C zXlza2pWHb91WOLQQG~8|p-b2axo|b1ailrCk2nzrPFmBNLIbDt&@~24T{ISp$&2Ju zu-*(f1_!&$ICuFatmZAE-QR8^$k!P8oht5eT8Y*gXgqF=Uf*_80B;w4H5j%UMSp1} zE8-94&UKind~D_jhJ`x1wK}b7iPYyogMQQQUq!T=RKKw4z9rT2g_lqZ7CZTj38MR= z3_C0>>IGFK%V%6cSL{!*TZ*0z2^(6Qb$CH&GUi~y>Px^x+vM!0Z4(IcIjNU2HZ<`j)gSlWSydN|_q~1tap=+i(<2&*VxFDGV zgogW~9WB(OT9$1f)RN>Ey@qDbxu;oReikojvoB?s7*RfWNk?5LIKgx8<17%2#ylif zASd09Ifb+CpeTYo58|^8O6Yx%5MGiNU=ax8(5LPQNgt5~W_Xnbj!jlI5v9(P%kpGp zYj?h1pFU(XAn@kAIsI+ZK_oiQ@p_4A*g{7abcdqNo?m5_zyQ8Ky*(Q^Spk081wY{T zXTPR%6=qE-iim*MPaw6(khT$OiKR79&yYucEyPXG89Nr8>yTkf;-|YB_*q+as5@2q(S08$WXpes1xL|uWox}1oL9A(yw59?sRXRA&x;<*7K`)2!^5K| z+mdMau@M}gHGkQ8;o{m@pjx;cE48899JkfjbF+4dJ0h2C)2T5lYf8MUn6E8YJMcDD z<|^+Bf@ThlZD%RW0*gLOHy+!7t`QPM_bw&zRUxldQ*teoJ}j?|Q$bU&P;~XE7r#6? z$5J7puE>|!*JueHEnKgb9z!dboY7>p?(nIsgf3W{%Fng_vr{g%lDgK^V%lU;RiWB) zBc@ZRqY9(+_G`>TP1TW}LtB+x%Ux>XL^`h`8vVZ0?hD4Zr;uG?1XyK_QU~}&^$Mcyx^rNJ=+X4xAG0X~1 z=)49|gScQWIvM3Ok@rPu*`W;^BJ;w!8;40ayJRID%zBK=(O$4%?&-Dn-&i8awpVzc z@*Oa`e5a`C5*DJAN{wR)KS^WTbM4M(vA+0H(uV052FWrRX#18>(lhYtE8Xfv&7O`< zsX0I~N#UYJf|Pdt{;5QibI=JzhG1o6zeo`zbsFrTf)vyd%?Ju_*vtL}WpKFOrk~@2 zzM`@Xnj$sAt0miW5|8UFpb$LX83*nEPWG>G@p(^yuUy(R-+VaarQfmmXyc-kacLH_ zkI1nk362{T(Y&c}XQ7ep#2NGG37~LpaaqFq!8(GxUK%@p5(~!(BfNVuf+yAMk`#U| z!|9~GtrUBrqs*wnu>ad3}~XFVFktazbKIbl2FK>TS8w`dT! zcSF6+902jE_ZWT}O^*@h(|(Xwcd&+mLks%Yn?fBv4Y32M# z=9c%MjPuJS0iZ*aoeBr%QEVCB{~|W`S;b;0?$Xv7K%37 z3=`?`LWnTa0y309|2t>Kv?VxRC5xcUq^@OOHF_g7)b-n~7TB1%7y+fh9L)_DOrVp? zn7?CBH@?S*>K0%#PSY3-BH`X6|4t8g8vh^kPh09rU-glh zR)=;W0G^0C;h{s7fC08g?3{;3z{$s^6g z9wvAQHi|@!Ew-zSm0c+qr7#KAsy>B>k3_;%jtm%V7>V1BGm+gDIMs z9YInPz`*YDVB#tFg*n8Wk}N6KIPnD>#5O&uoj3KjFIGYnx2lNu@U!BD5YwTnFS60U z%&HM=XraOTGV>%DGN+HK+cR{rkmZ45!v<_)fYcXb>F_j!>XR0*^~lF3D(%sN+0n}? z{t6OHq)FISfepZWPMQ)Q?EE(uh(js^9ZQnfOf?s>UJ3b%t6JEn87GaN9rE{NF*He@ zo6(xwA6hqyW<7X{%o^`H>&MGP8x!`0_fY&5Bx^XA}z<}5Iw6Kkt`b@>)=TrdZ zJzEKck|tS{G(rM66%gZXz^dxe;QgEm2u7=ZP6ammfm4CSe^UW|*RgI$W2W&^d$m9%YT%t-{oGgcPTLf+j*=RO7ZF1sB6Iv%n zd?=K)Hj1QBXcNKuN5S1jK;RwF0q9+OH{N~V{2SuYi{3a!uz770TFAM{UL*u%=I_8H zl~`89$BAcR+|cVfQN3}m7N*?S=X~zx2Pz^`iWv;CD3>F3>z9cbxSYOccR~kj%OO(L z$lo=tlWA(6#xv`(HdfJseHZyaAx z9{}8HF-v2RNMKDA_Ue6INjjsDAAX~p!+63sG7OJul^cZU*2CHl*SEQal&(n?RW!OZ z(g6v_ZuAo+6JR0-fz<|EBwkShH?`o1ZnhL$Caa9>wV~iJb}O1E=buy;7vhMai`)RA zSR><@{eB|_f_;#PWlr2e%460Ec2b-MdZ8jx>3}(M$9j||a-rLvEE)Z|6IjF{kX~55 z`LCS-iQ2kzT?X%6w z?rKPnEHrbyI=MrFFY|LR3uFB3|8c!s0(27OOPCb?%>=YZErRko$SU6JG>HGr1iaTp zU-lAXUYV!{gaM>6hrs?{VZFp1d2%<(LMiX+qyD~q_jt#{BdPuLv;Q}yp5N~=x}w{c z(}^))vJnPjEwGD}kO3*o8S1?>FYqe;Z>+!e|6=`(r1x8qScta~D?LYq=pBEl4T)kN^@oc>tEXYjgr)^&v1)L!d&$&fSN3{41FFv24K6Q@yT1{vr5pglIig5~{I z=(b2OxzT_oC@~-cx?0~kCdwRQ=qG!QJ5NVrN?hg|YGHKwQC6+ZW}00%2)$83NuAmN z90}Y$vrG3k+DM*^u%t=Fi`B%-mH!(FxNDHz{-`q{91tda)E+df+AZC}odcm5SMV(q z2XBZXyRc;R=yJX8`T;O*dy?x|fEh0jSv=?zr(xC!9(R=7Ie_7gzadzvee z(-Og+pbN~*o*+k|^7zeEUvFkqrs5@pHFq*Ea#W0zM9gidz!xtrF?BG%i`=tPpO$~% zL5rz@mUxUdI_&%EP&g?p$0j2XRq#N&r?C%`2AHz#?bymeT}@>V$%W)kE>CNn)Ht)ze3-gU zuB0r87(UAZ1%&|_Zy_dkXo3Bx_5@!xDx}ok!2?2@N3%C}gCP z?Q$BP{eigy0;HcC0R@cV;kr@qf(+nBpwo^`&Mfi2HUd-W$yvEF*jtlT#hZ+)Ro~0g z$1URNDY+Yw2uD_1fgpzxN9(E?b6ZyzK^QBPDmD4Zm4C`Yr$YR)Mlq!nSC%5^&lABJ z?#H<$T(y;2Lji|i(E|iqb_53zxk`^@!w_RlCHk>w z)mQ}Iam^pY;b5cYH7)I<%GRaGRHDu` z4%xX69-<`-!Soqy=v|St+_J4yE`&_2$j}x-P4j8~O$4-Kr9USEKNoZGdvcj1>(%Zd zm}enOsJX8FCl&4#qyzUob+!#+p|#_Y@Qv4$hcY@@#Q#kM8tnMU{O2vR;L z0%U&-^JrG`c@!!LhXeNfX(PoAMI7BHNB-0PS8JW?XV&KHsa*ow|B|ox4dZHChwfJ1 z&a3kXEIq#Zy$qhF9GUx9^Xl|h zLM{+N`B$-t^8`lGps|)M=C4~(Rc}cwoWA(eR?Fjlz(4FjYL!00o>PhMg`zWz6GTa< zgjU6Z_h1>ao(_IZ+z?!kvaXEyU!?zFHMuA~bT^Rn$KP(?{J0{=YcPD^Y4rim?nuJQ zDbG>9>6U#weY)z9b?NQ`c*G)bv#6}tfC&(3%qHeo*4X#HDk547&iW1YZxU_Wbj%}o z;`==Mp9gY%+sS1k*ox1xdrW&fGPG5u3kJVEW$!L0rSwUzhdfUfyvV&zam)r7tWA1c z>ic8+2p^PO?5u5wP#9hGFitq$9TBWUedD*nwGnL05C}BX3bU(BeNY`_mk>x2f{&%y zl7Sr+o(!hAA$9`MZ7;;F#Pag$d%ybbb5>J#@akh~dv&7Y4Z#2I6$S8#oeI7|-kS$b z1h&4B-SWm^TT2zZ8Zw;2L`%}p?~$ez;oa+ z*Vd-uHq_zVDda@%(PAtma66;lfC-H9aT_UsQ4!nqhs)9FVE#}2?>3%|_x(Hf3WwW= zm+9m4-3C9ZG)0kvN^A(w`zfCtDC66AaypY&4SeVfTMpkL%=hkh*&H~iV zK@BHVQ2ZlB>`vv#mT=-Fic_oV6*yMhorm~V;5fQsuL!J{xqvSl2%g`3>G1FIKz@Go zOOgfmd_5VtLBFHv`^^706W1`cOyDe(LZ79y1F}vM^S2$y*Kq>_lF^;PC2KG+B6Jw0 z67fSZwi%t)>Sxqu5@C{q{A_n%N7h`YQ?gbGPke*x=Ac-a+reSwjYa19(FN<7mN&MP zc}w?{Q;02YGI()bM?R+SU0KFxn0(W5S3|-4t>GM8vIxl04zxt<*?ts-6dHb5uLARb zVwH{0{9jZ}(^E=rXZ>>S_fa*sWj`?g4`-fXrs&`hY4l_&{rZ{z4>%-AI_%*EXi+iH zP5;Hhj0vWO4}OJm^@9g=PR|;x4MOvsbI=}31zrg=8#9><9*Utdp~8RW|4IMyf4Gtx zVE%vAnQN%O>GJ1HE$_$>vT;+gHOl;?n2^o-Bt98pozFCf_qaHn;7Ab>Q+!vmTV_0> z*?;Lxg6b(KV)ny;w$M)onEzjG1M`0ifx~zT=g<5L;dWp4dy5_B4`rOxnH@9Iu~P~i-?&tamTc=-2I#=Y;|E{ zPs?o5J#lbVJtZ%}wp@oOUih-3K7r6?@-*s3NdC(iQL^?Ds&lh8MW`Hn>;aSoDEbdX z1VNDdE87%^N%?+NrU;bYs>A_a?MQXiqVZUtbCrSNdnfkc8>FOM;;+Bk;GNS8aeX`xe)38WgI%6({zgFv zUCW-TB)<9iT-`%_5DUA4Le!?_wq0ozSQErXC=EamAmiT%x9(EusVQvq=@ujO^*92O((Df8S`)4C=ipk(>v5a_z|IF;i9@k*HIe zij?=EOjV#2Igr?R72$a5)l-N-VD#SVo>fdVm1D=fqdVliZ1vst%A`6-Dig^R{!q}c z;8=Z9u5jtR$l_Hn9t5BT;f{KSjpUMCO-|&Tq06ULMoJ@kUaVIW+N3V2&1KK(* z1+(;)Nn=zqsu_~gutF$#nGYK`jrfXag(E!|vzbQL{n(1e8Pfe@N7J6tKeMHL(SYpM&J|kJ+n3UsG-CsjW|_9= zlyK7k(*WPtroa@cLnK|ya01y)cN5*Te3x@h{>4N+Hbiw+zfM(ylN@g_7^b1_*V*F7 zt%0N95Bv=9%lE`04r(E_!wM~a>Nnni4UvzQ_nvLbkCboER>!W@p!+Av9xhy^A>>eA z4|#Pho zDbISKqRRic5JW_#bsp_4*<2@k3}!fBOG5Ca@dz;+-*7J+iqWO68PqPM7`4ONd`UO~ z4c>>)gcTohP8h>U0t1Tvw=k?}wWZ(VCuQHHkO;aL$wmoJz5`fG%u7bA&>3m|Ml%f^ zTeI&rXqES5*}C>-k^kl|Np@f0hlK>hC$3h~uVFRB2QRd&E&>MvC;iouFwdqN+`KL! zjo^KJY&XNLRaDRBS*X=yk1y9j>cu=cLR>XcD0zGCp7WDzDZqh%=gMOw+R-*qD^+}a zTj1K?q&=4vcynvHs0r)V9@CVzF0a#{Kfo6Q1^T-4!u5NUi>P4wlq|ZU93@^=#IkNt z0ucHemZ%)tXiD?>ez3H!!93rOIM=vsU2((;XawOSccd=miQzDEHI1w`rul9iC;mO9 z=2rt#0h?mt)0wvc6n|0L$Xp6%EpPo&ri!idMZ0!Iy5)=u78|WDlK3fOc&)fHoA>9P z%unOa50SvFP~f9RpY3im8-q8*W2q+ftS^`^Sdpz$VSB1Y{I_@TD(Z1zic)-U5x94e zd)TuJAvO#(A}Nt$8OL|$C7r(uk?#Z!IbnDccQ^#JjcAotWwFe{EQy-!A4_^E{$3uC zHp&dyi~7mmJfD+0%Rx7vAZjr-i_1(N^!k*IRt0NoAP`Ev5fJd;Rr{W|k_O@b~l z>|zMdo><2AS}S}daWQkhHKW7ql5}bO+6_0WR99_XB7@^sSYF87B}=w1PYqJ?Q)M3t zkt$aLGXS^x8-xhuRL!p9*EusKGT9Pk>CJg7mo2L%LE>&u0-S<}+*D4cH+|X)Hrje_&bh_1o0a+x(`Bp^Hm=jK zNyAb#Q;*0m_V9&bftpwxbOB*6txaxKO^uY}Qa5BKpy_X=ELYbl0IErlQTw!-u8wdC zReONQR!&)w82K^#&-Aal@L_q3IqsP=wbgqHf5d+cD0z6qmql>t8uZ~EKC*d=Sv{Br z`E{?i(Pm4T>?cW~#{Nxj*Jj$zwa-0ZXtM8sYzn(jIA)srS+eJ-4Kuza2H5}axhmI$ zzws<0k+zKj`+quh26RDS|NrVnr&d(VuXn#q-@LU#h1~Xa>vBo$6kU9Cob>!N}FHGRIo;`L1t*ZA3F>}E(vqSDi% zT95gILlUDTQ}7c2xac%wr3=t}!$cw5TJtJzJB}NYIskZ7c27f%?tcORyZG~}oMt)6 zb0{FaH#_~S=YLs0Hv*@k!ltG*)*keEd*%nEvxcURvsG;+th42k8>;^{0-hZJT6dIA zqL00ikDdh1kFB|^fSSkdkSDLSSNsV_Lg%w&jR_&WdQc_H%q8|}Ldo~iFOb?h4@3W0 ze`l=^!V?PByqO4_eonUG=>ihB_|&*?)Au`&XOuqKg+eCzTSrR~9wz8`gJgKZ>mTEV zEQ-oh{PR_h(u!kq=26ymePzKsoO?H4x0wfL1v=KwZ(r?;_F2kWvSe zxCS}j9{E2gyzkZ5H8*Pi2CLHSdd91kNuirT!4Ti<2>fLIllW&ZfUN)DeIV-(h(~`n z$bLX`k%5yE2?KvXu0!}_{V&>$OT}+WFuYYnya^TLO6?!G0I-fg*1yWN2c5e7fiAWC zll52T%KxceIV&*MYN=ayKDz;A{TFy#KUx1@y4Ney&!4Qn@sgDnz3qe`koAv1{4drY z6~ehUxSw21Ir#m+K#-;UK&9cp_>=YDWi7=87v-j237I{BQET|MyFz(ne6Y{N>t7ae z4*NBLGv{(-AG8mwuRq42AoOtDvW=Sh?{1-;SRnT~dr9_!Tf~J)PkCnjC0DY`kzbkl zLuyvfY+IMDh>F4#+k9x~5zKa8t14Xni<)f{l{|H~M9DD{gENHO{+sp5qX3Q0on{>)Ip-W=Oiw-50A>|Hj57thB6JrMF$6d$nn zv{W=8ry~#%5(Run{@c=!&bPTx=ZMyE}v}+XTyTeca z?q0kV!$q^1V7UKkjX#?R&(@&k=$3)230K~5)oCiY)GXx>5Gz~bTdlKWPN`J8P(=ZQC{{wv&l%+kJb! z=iJ|UUchs!?yWli^b1IJs(0GJ zYdUE&WajW3FZOwgX;Lw8e)B+U^s;ZYRJ@$LXm2=cvfNOvx!j5ClaCtJQ8yw!1ZfBDI`UVky0L%qlMl+9iC2FSj= z@Oc36jQo}T)&3>>bGFK)!e*1HU+aEJW>>a>iRig-bAL zGMZnT7$p3WPuQZGguTsPd3PQmm6Cbq@D+|IUFQAH!D; zbsW|wOtFI6?H>jJvCa_%SB0ojnF&jdkv0=n_cpXd==KomAKX9evbL)HI=rkY*=Mr}DZrB_IP>!#(#I1bC(XRRAi&EYqh!aKfxRPjhv=3Qwrmi+cTW$EHvtv}d`Ez% zoERy7rH5G!M<3{!)Atk3@q?I3#E%9a+bV#6Xd&qtWoD1A@&K)BFFNp#w4Iv`cstqr zRD0VB^k!WkbkU8UOf)h6aqw=KoiN4pq#xq^tw&SrJARgIixdQ~DbO4Ih}?^=^1qt` z=ZzM=ALUca0;t{dq3us<^_2M8or)z9_L5|%`Anr{vTRbm5Fn+TE_)C!ek|=&BKw4= zjU`S}ub+w@*jsi9V&_6c3}pqtvcoLd+a#JlaGX|G5-dQ<$?5Y?Qy?KLWFL&l6DM&J zH4w=AtN!KvQ)S!@##H)f1XJ6SjGO?^b7v1{N4|V+DS)<-2W)$;7e03LZ9Z-vre_?$ z9YM}CA;4~TdCQ(&zv`Cz-5+MI?DgXfK8CNjB?yC@SwiAyQkggt2P!o6$CoUb6Vk7U ztm%XywiM-z|5I?V{o7YFp;ldz%8c;(lch^EHM3L7w^j)SU@EdQ8A57 z*!q_FvPAuzjbd$L@+fIwtIm;E`d}Z#=n4l>ip^o{qd0LPK#EQHnKxTNMgnCN8>FF@ z0ZK2si;vo)4`kV$br1XHY!*8#K@e=mL-BE^N8A@F8lZ5$)AJf};-U8`2B4&C=(aJJ zCZ@b05M^J18C3ah9c<)@Y#n?c{h5I|>QVck*9Y-JO^d>dxxYAWgdF722bjudf=Wo8 z<;4I-{DIes!rZ1G^xbXC&+GPpobUME?>Fq3gKQ^8FP~c*8&>Cltdcjmo=ZT;vo$jV z8ZgZ@5>!BMA0A1k=)DOucVUEzD;nyhk zcNqR5NG%=-Q^X0Sn@2@8vi91Wj8cK&qrtGmm-FaIdHt$+`*0@X(x)8~I|9FoG?;9P z0OF*`|8vtwfGN0>0y3=H5#B`WNJt!ERBO6viVLoj=gt1K!^QZ$Kq($dP^qtJW8RP- z2evSyqW??mkeOqos1gS?-B8OA2{V770n+-CEznkIRz^P*j z7c0IHru#t)^+0q+R|1(#)(F2aBGo|>>@(74A3OarkRQob+L{`J-97?OOYOP%KKy>; zl(&@tLl8W8TWYKT4M~H2V#Zp)qJB2a6UBnMT~527*Ni0u84@Fc!Pyd`linl+wn&{0eJ2g-<5>Y^Ja}4hVo@_0BQ_Pu zQ(9&Pl!cRyvwBqMDNDyFMN&ZmwRHl%b-e}a2Y>_F)($|8fW7Kmej*>a#@><5?PJie zu%5+8n5V9OSUDM2mY*6bxb{KHLq`|B?NxO9_;rzLVB6-BgZX+!9&-j^X~1 zU~DW%@8NG&DQG(Q#qjR8$sT+l=OSwTw$tw}@EpuT#S5*XS5>(Ek(XZ)KgNE=b&8x8 ziy9~B)Jr=myD}8~$t*qz5T-0hQ^uMg=y1d%g-PQxdHo6qw3ety7`MK;LQ&JEHgcOi7es!-aa zQ;a+nebuQVrbx9j+PBDpmROOdJ4#JrmY`NL>TGtMn%u`~Y50QBRHO96Rph-u7@d83 zUZkm4L!u!SqpsIzSNs9a3PX;if;Z{k^Z)i*?!WW@Bt_$L)T*$5&HuB|O#hkx+k>#P z?dz>-A!{d~ZhUDYqfZMB2Se_!8NGqz99I&p4z!v}z|a5Os`vy47Zu&Zin9XgZ5B6C zS$A~tGhu8~Jw-KltcM>StP42TB8{ZD*{QPMt-=7oQ6=i={NG7@U`loA^|% zz%B@0IlE%s#QidF9sER#T9147XTN>NkO+Tcmh0E(RDh?r-_T3eRr|)HEmxzcw($lN z++`h{&YgO`5&UiJOu>4nO1#$;Em~m|`se+f`U;OtA|m>KSpV|>Vf~r#slcSCMhGvh zc<;RZAeghK#)?fUG)jV4H zJF;UHq|6tg=xQoSm=FGNXdiDIgAQ71S!y9Cz!(yJ^FdoCP#!oalqKBnNvAOaV^^d` zhbOGB>9*o%BP)o>L7T=IX!B||6faw$;MYoadkH7n?;9G1u zJDf;ZP|x#XF#&gSC7Kf9#V-j zex<16nmn0_0;oMZB4Lar!)?7E%2!Bp$(r5fRuRpMwd!s)=k$V7xu-I|939+`Ni3;_ zK4rk`ib>cXC^8z(gvo9t^}y}Fd6l|k`AS)gIhmY5Xs3c3%C#uz*M{ZV)Df+w1omI1 z#>x`?6u2_`{YM`Cg~k$?l2$RPNR8^Hg-o$)5~p9WIaJg1og3^0qcATaV4~vT%2^s= z2KP1Q>rodZ_SV`K7qmn>l7v(eG-Pf`gF{$}NHlQW_+aCxAk}cA$d;EeNoL7*EDuON zbgt{u)g)20#+idHN}Q;2$$co&k9=R-L8)7yf)>OOCpVHcH-DcaD)we~Ca9WFbCIPw zwQ6tY^d7-7gnW3XME-g!9mZY&USV3=LwuoI=YPPf)I;NN0|(!F9JL(B8K!_|^8$0yP=DK|Uxzw222nDL`{mU7 z5Es8^kuW{kA^xKNWw^rOK-8bXR<(Sgvq-*|xX}kL2K=@-)y(a?tuc8{_Ob*UEkhwcu)mu6M_YbrZX5GcB?BCls(UmE%v z1cDRSCP`6_bH+>!e>R6T!sm@t>3CVuRx>7Lj1H8?>5P91De2r)u#hI88M-*23xJ(Y zm@Lmaj+`va$GMSC1PAv*6mEsB4-?~^C?9^kBgS$zmB5JT{wdntYi$ClJELK#TOJnc zJq@c3rQu{bY-pi5W734_alKI(oH(Eaktq@_4`b!=mT->yTP}nZ;z-}}l zy0P-J-Yc}DF3QD$Y9Ax0m`k(S@aJ6@( z8=GZ+MDXn%VqdEs^^!LM;C)^-HWbFg(t5T?aBsFq0dc)@!mY76o{K%L1gY$u0 z?S1Re0A9hKt0Jk{J{hCv*F_D`XaEFyA}hya6slKJcUr?MFvAgx>y9wjU-7WMx) zEJBqnCq|wi4TK43`JC(GUwIBm;cnLtCZSuoK53HLyO~KD#flm}Kk4i1OUMd5ns#%| z;oHI!o(%%J{t)+ne4VeI`?D|ZZS-(!+&pXC9s_fcv;241C5MvB#x|29w8Xu@iIUg#sn%et@ep`L^iPqi(Hv;tc5MKFaK5E@Sj&B97zRc{&bs8ID zS;uC7vtyiQ`oVOwFH|7ai=<*IjAzV9!WFpjq4N;P zsq4a#kJ0neP?vL#DC4KrFu?>``X?`nf?#Edz-$@XQBh&a1kDXp$y1#3aI2V>VV&J@ zG0G-j$t9?%X&4NB>VkK}>vF6?lpDG+UmR5?us*{`xPvXw(jL}SSdm7pjfCxzaij=k z@2gFY|BZR;u6}EdJ?8QCG%T%5vrQ$)K=ypVl<>2zuoA10sdcn4qtMQFQ?H2bC}Hqu z=DI!3RS@CR6f7skp$%kbG`c76FaEQxptaOwTO7yvWI79tUU=unmq6QcXh&ey97odq za5m6sPVGKfQy8GvN^wEIB#3hiCiwT4SSX@~%$P1rQHFX{EzIzRRkf$0ER@0Kv?-o`g_Pkak=vMcL~4pkmhl4%62@QQ4>#X@ z)JKM##=z1g#yIuNL8rfWm4%($cyFBrwu-v`%n=y{C?JgiJX`r%J#zQ;BlM-YZM~D zE3u9ca>??T9Wnk*^d~?RQ>q%JM(}t1;m8wBZ*GKYr5;LTfx&t1s2(2-PN{Y(wcK;LOxY<& zla-R0*I1CZpgo2ul`Efc|5p9?q|!wc|Em7QM1NI(`mg!O?Fq*DiGNjp9E4w*e^q~v ze^mdX&PDTx+#k)7#$oVnyVpK>A? z(LuzKlbn6IPfiF6?S7WoV-lt1a5bv2474j~oC)fP7ise6AM#oTr}qwe8&80a_tG6; zrP1!Hgl1BMu%Ah94ZX1+@MFbh-){|<`_J1cz$0|}m+uh{f3|LsSxca&dwj1NK8}|U zMsd2V!$;Jyo9*JyDWQ{3F5v7!sywqX(gNJ{eU)F2rVDrz-F73A?>@qxNhxW ztg|*-Tc-l$-|2skegbp^FwTD;m`3|@Yh{xUO!;r@oYGy(*DVQu8(y(H0bPG$-ti)w z^%qz2b&ok*XUjA-yn&zB^b%#0uk~4s)E4SK6*fMf{K>NC?TxX1OOtm-ZsJl5aL%YP zk!$7gIZF~dmX0-udZ{L-cM^?vW6a2$*)3uh-cD%{%-tzI)9MZgbO9Aalxb3}HhLVk zDHpLz5Q{78zi_=>)6T|AHbI5-Whj{6am%qVv{lOM8KjF2*Vs!M?SdC5`52%1xxK2G zQpN+QV8E0LI=W)zaCSEX+v6Kg6I&eaV#DRK3PqwqT6E*XL>Qy_h5e$ANbaZn7nOdjb9){N21yTJ z^c<#C(E=t9&MM2>V$+5<(+WHs3G`MWPAWoqvnn9$KSQmLN(8}qwKdO9mx^??<<@S+ zqNG_^h;UN6wMBm8Da=k8$!YcD_iv*%9=maqs_N%37p-pS66%M`{xeA-U)w!by_#TL z`*oAZai>PG3Jk*Uw$A}G+$kpZ)*0E=9XfAK8eg&TD-=FI#o&_4zmap-oT@nv6XorCpZ<)qNdd@1hiCOhw=NdIlqy%si-d3LkAEUF8uW@98aMXZRw>QvSp$yI%;FBaHU`OC`_5{Z9diC z89*{b9McNV*B{cj2;qkK=z6?d9F=LEZ%>Op@>9)1b}{?VP^uEog>IjfeZ5j?zb|hs zF#GltTrVh?H~mrZsV>!qEmXoSL6&`V=sI22j9iL!;cJ(FHq1VvT(31Rm;I4K&o?Ck z-RTjzC8!_lJH9~NK!O|Z@86m;izwt++tbs6kHmybQFmF^7BKsKM5B}Gh;RdZKCkgE z`cEsI?TwLis<+);*+t6o@;691%cmZ4xt`q~ z-if2}b%1#`Y?)Tef+gA41o&Ldz0M&Ac#TsrJpN;t8oqzw{(HBG5@KyIQM%5=OKk$b zzLWMP3`8n(pXES~2ICN-I}{&bRHdOV`YnwXzPx zm1Vh~#g1VEDPc^;Sluv9*@~eit&!-ufT>H$oxsqfW|TUMKl`OXTeL*m8lb+V!tc8) zy{XcC)IF z(ull@r2%}3y0%GOVw$##m1@b`pey|0wY*eIOCv{+?S9ZER3&15S9>Mfvv4`%9m9{jvHP13)(e+68;?O)uVoL-y$HKp+w^RBX{*2z+zNs^>A zCDi9H?r*hBDAZ!Tq+9}V|I)`c;=j26Tfp?MslT{Cb%*JmmxtB&ua0xtLI1}63n@xbSxI;W%9+mT zF>%WkXj{^0>0$rk{w)F*1nj#Sqr8c9fA{~W)3O}&)Z{rY$kIB-W(-&hFV1pgh*%g{ zWWI^GBFtvG<2o93nB>7iMEeHA91oR4TGni^st1WKTXl_Gh|)3@!{>0xQx85r>f=4T z^F)QY^*|5@yDX6whdnD)!Zcr0I7MPY%cy@69mQCgk=B}zNgPGaevQq~!knRdws?q?xCaob&I0OZQXd1 z*xZx#@jiYsdlMm+kw6l$2;Bd_6{^uWijo2M|8cSjl8!P#iA+3Y1#;L?67AKW%=UxJ|rf8KQSxBQ2&H8x;^KQLzIwk z?UY%1Ufj$d!dG9^PhgQME!5@2jW`F^7owKKSH50%zbJH(|Eaw@$oM_q^R35W**ejS zip4Va?CcP#;3RT*e>8zyYP==hb{jYL7H7@h{w^!$(lg2PMMb#<)9#4P#=euWW9064 zlD3`d{etG`i;JbZO66(yT{)i1mLNQiu;d2BTy$_joAID!OaD_nVGOS_GXEK>8RjCM zg;E=pcj2PQ((3{q-X{5z^dlU7T$9Qy$*pKh=;~hpU>dz(6bJxZ00DrizW_i%?ndBm zl>|pS+vO~s8kMtRPZz|PeUnp{F8;}@mhzAc%S-f z1Xsl_y7x_|yVDZo*s!l`83j@HWjBnC()dL@?k8)R0 z_%_vt-BE5e0Ph^{+8e)!|3C=qTAr}?rj)=hu|6z9dVNRDhs<1aAn zIO*db;{D0qVpT-5hApu%_-ZXjg%r2Pd45Mm@{}R0e}(_&sL6)>{Ti*@Wo12`rA!ud zHKU*R=>%F>ZdcO~jVH%(eWlpl1X9%NjH!qC%^by zSDAZ!RgTVbp|>oAH{PiKBqGY`md%T>lO{kbU@s__WRUWKf+%OTI|RP>;OHa~-6FZH z&bN{J_?2}=UbT!8KN2DX8Gt5@JoAJP)9~IIs>GG~{#+EitZrcvoZgYqDIv$N*gWuK zhhYK~BzzTr8Gs40PKJYWeGEeBjj_5mKkt)=*9WJb9IbJH_WmneYr#AIH|A^n#~kjL z|Fhvf@ZM}Ev8Z96dk?%rjhuANLe3San^L(hg*Rc7?$HVLWvgg1aVYfJZ`_a?U zvAhll1hyjI0EE1_@Nk0!>$s$I8K)v#gP0uLQN-vIzd=ym1xG8`_Ihyo{&bJe<8pJl zTVyezE(*iCmqODlK7oJ-Y{&Eyu%iWySuJqWwu~+%x06h!z}r~C@|XU+NC*fkW3(e> z@rcP};BwRwm>Q!r#&^U>f-y@+N7bE>hj;*C5>${+5g`Z=t5REx`xS=o-)2ivQyJDN z3}Y;&TPszDT@0&KOLJ(A1_5~60-$<}H8=b2lH%IhfN#aAC5;#Ke@}S5>1Y1O_t#Mn zC`ICy)Hm7Hh@;&XS@?zTVM;bS5~O?kby_`mA{=z!Fl2lP7s92S+_>-PmlrHA{Y24f zi{wKU)=1nPJf>M9Jh4aCf=tv1S%-1je(AZsXak4LJb0L*=#MgnQ~}omPDwN-zp;Dp zPsl&1hQxG<4t@0M5N(F38Qg;N)Q7WZX&8wjGx+XRU11JkWO%kmcTE z0rJS8r`?UbS&91j+xVf|WKRXp8B|M#bPBN+qwYI2#pD^bhDPQ&QR8dVw5Nc#HSwy& zL+&;gnHi&uwq~H;EcHrE&%>X^!l>-COCl`&8{$nFX$^tP#JE%JC7NtYRUazka9n*Y z{a?-o9&}&FV5y5nl*u(wCGcjek&U=0Cya?!NszWd>}^MS8e523$;jJ59c6TxkkO%u zg7gyh5S^1tBDEox3(5I}KYG+YU|}L7hZu>LL4MlAjg_|^oPLfOI#w-^&+HrHMki>s z1Tci9seme&4cn_L%(@pzx91;6s!2kXGZBMJ0N-V_d)THR?sn;|(t{%1Yt6YLw6}Wft#D9wWWIx#ZjFfbk z^&2hV;HHU3d$Pz5YH%;W(Kzntq3Nn-_iP2;%2l^Np~HCnfno7r_|pN)k+@v25~&sU zbCTj)K|CtR$x&Uc*D3`*)qik*mH)y0O?Z`|QZwU()|b5vK}Qqo35r@f9|r1%h)i7| za5gZQ{}^Qz3hvWr7PX~IbS@59Y8r@jeuU04hNI_fs)X1OMciL9%#wQE7Hvb|#T+?7 zJv#h)RgX3LjfGIdE`)~vSZO3em{h<46%b&;2pUu4=;H6nLs*bJQ;w{yt07@N*5K4S z(>DqczSz9bOhkr0Ak6+sQ7up!IxdkVIO4~mF$85_s7i$+XsqY6?C2;XiqA)x%@XSL zWIY(GSf}u_nda&id2&a68`TT433mLC_$gjKPFjawxz+My8hKfr;FIMT%;C9kW`sAd zEGlEwnxdzp3|RunTm?yDIl3#XpkH=!7`Jq#hPZ>mh)>FmdIkHb+b}Z-OamH$1xlZF zfy7&SWcC#vcTJ2?(NTg?-O6-zv=M`KQ~hu9!ypEOWL@ByIA=kN(>-@)fc^8H5-lZ8 zv;mf|#O!V~C|vg{vXTZzqZ}PyVaS=YX|~Nm_yB4;6)n~{e$I)bsa4p%*}B-gO&9i; zDmW01WMbOx{#NFMyf7J8=Q4tDPg*W0LTZ;y@_jEBNsVdr6`~g~AWcn#jp4{ZgP8mq%`#S=~NH)gF z|E+A3u#mRNdv*!Kroy1^QumKuP%{5w#=E1d$2qkXgT$NS^ptJ}rYT8!{jng;m8^+b zAMuQ4U7~WG68@}ob^ww`!6nIdlq8sGjR9j^izT@O+~i1Ue2@Zb`bhBfU690RJYC|_ zcSb_eJL138)5N!)=OUuA{B&cRvek?8hY`3nf}EwiPw&86PB7plICO!n0eVFWq!F= zdFJVldlyJm*7MZZ%$?cNnfNlL74kM1QKQD?-()k7=t}PRnh+R+$IG1kM#@gBhWNphF1^J6QzjRhG)`aQo zSk@!F5Om<_xZi!dK$?n=FFH~zkrPmIPFhC&z8ncT5`h&BnLg`;wq}dD(G2~>ZDQ5nL^&NI!hH?6mJ8{TnM4diK)@mY+M8-7C@dN9iq*C&UP*zK%w_F7SJpR7^JA&SOhSVei_Cu*r?R8&Fo{-#(aL;!CH|$?`HaZ*8 zPY;CsA)hNFf#>03n(UIwV|@Q*+p0*p#eb#ykic|5>tmzqZ@&MR_W!>k-&ffR6KEUx zgH+@bG_@s_QW=N~_I*nqz$LadxwHa2us5_kIoEUpOS;}00L0rr47!Gyy6n1VZ@t2w zbFR*L z{kpkA^P!6pFX4|HK909ff_T3L34+5+(!o( zRtR`FHVv~)*!4q==QA8}1IH@`qF@+v%B*UCWGSL)Uj}sq+Rx18N9&(F>>AEeAEw=c z-h9>mWvj)CL!Iu}SI=-wn@Q;LhVWXi#6^NP!{Ex<_e(V8Ct>+SDCdZwxGO}*TgNG+ zOXsPhFs<*MnGxR~{PfRi(=-zZ`350e1^(J9fvIZL{lfgraf(Zb;`>oxT+p*$tvSz*^*p~coi6D!}s41e|aS@}nF#tXqD zaJ20(Z$b-QW??$hOspZe<5Ayx!}%|HLANl{ZZPi`)9TFC|HM5$zk}RRM&0*@`ARI| zeYPCtF{^r=t|tNBW3RBPR~gJa10D4DmpBANPi90Lr6^kdzNq4dWYj)z>cw(blC3!x zDatt4A0`kNK#9q0Nb5kp#0&==$lADPKQR(HjAa}zjZ^1J(OW5^)D_@RP;X<7grdu! z5N@OWpcbZ2wa-N7*$Vt8T@7HtP>YkO9h;J=l4c@&tklgD6aykGtZ9a2ZYyn|^OVmYpu^{;zi0l$Z0B@bDIs78 zFW+2oLzIiHyzayFx(WxAS9U&n!Ya+x^bR!#UtBbU*Z9e6nTKaj3T^+P{2r&$iJxhT z*A$cIcWhpGJyCi}uUg<58K^Ncl7kSoy&-*Iw*@}%eC(2vT7&D)EInppbktb>^M?T` z4}QEsi(L*K)^}&R=i~FueQ@(QaKva#h5u!B4VClA?`lppoQ=6&^as8Gcoie~nU3Udq z$+k>#APh}ZQi}HIH4gh5c%m?6&akJP_=!#}wY#Q#t(5tD&~O)9=TjgzUt%51MYl0G zJz=^=68jD#!ak($Ae~0t2ezPr{2vJL#Gw@Ch(i8Ba&l>r^IaopJuqQnXYx^D%3xM* zMdojCO`KwRw09_=D!!sp9u>0~0%q1pBPh7y1;kGKIwV|TsA#{F4=53{qKXg*r}@08 z=|p1hR2MZX3w;$w=;wnm+(aCCX?ZqA71ZT^E-RKiLZacv3n2Y8Y}@6{+w$D&%8&B{ zd0=UfjvQE`T)t7fvA(uOLaI-`RvhHsg%v{HALW`pr&d~s)*&BBM>&Te8Yhc=lBD@) zkkdCfe0I}Yz5ncZUhf4MCG>XX)H9m}Lyddmsm;IuruAFm02iZE`cD;rBjBCMYnBy= zhi6ju2Eyr%#8*8Z^YaIdR7=jm2e$mJHWg4##G z+x?~urY54ulw!Zu?YK_2Mpy-3Ue^ZC_I%E?oFdl+`Kvcw-u#(OnUSWoT-n4RRdTY$ zLDpgmrcBA#@Y>(~QPYGj1zZIUs#w&`i!g_`?GpX!jR#Uuyy6syk*WZ9;20UZKxug4ct^)Endq7WE zr_I>u%lwb41*M@gJK^Ujs6i9vcd|=&)Oj`gnD!Do6WU9tlA>QJYa8{*Y=(uUw8L*U`DdF zZXIcNzuDsv`znxRbwg0DlbP@vh9r~690u%k7>ik5uMxp zr1R8z$%NsYH+xDPv>6CDd#;?9EsGn)CGh4HdV1t`A42UFv0Ro+e}xP?dTl0;YwFyf zo;7=;%Br1i1TQE3dS4&9=+=d0+io4lN&&+DszBI({Te*agKm6#g_TFgt>e+E;VbtZ zf<(!zK!`P~*99l4^?pc!x((GmOq&6r^1$%Hq*GIoOIUO`IpaLo?yxF2`ZzUOEqFb2 zL`_xN!*(`^7J@@TdcEZ6F})4o*$l8g_NnId5&E6m%NG8Bvi)elv-6SF`%|Fz~ z4g&nP7~)daTe2Z`YfwP26A0NQ1iTwtCY$>?x3=wVrGVx=)MP>rns;^t@F;+lP{Ql0 z_E0`@WrU{?U-7L<{x}}ph%rcft|jIuK*bUVOce3c@GYx~D9-Bo!uMkVaHhz|5y`!m z=1TVA_^KJ*P>`_ZoY~iPk=amxS3T*zJ)XY}IjO7j+l^sSA=$3^8z9rzAwJ7*R%KMl zb&RautZOMbl8B(Nt;ANkAyr7fMAHZTT(k+NSJBN#cA*b91=o7%%jnYnI&uEKW&R~+ z5zeBs4&@$GE=*)W>TGY*i_y(*5NnK4llXe4WwXm51}s49`{m-OLetD>MapA@VK!d4 z9+;ANqhdYc=$_Kcg+a5swx81c^IzLvEN{_N?V&B-kv3M=CR3FC&+tRJo)x2}(9*}T z;7)``b_vk-FXNol?tW*-B)vXl{A>Ha(kjJF#9NC)KlDMjU!6(@MqvxS5 zMiJ7pk-@Sy25)fwI4Y?q2IJnuh`e0_Wgm zd|35wy5P$WFCm2m+QFjq?Z{{A1VS+AcS(PdYs2`#0+q^VSrwRvWcX5xwlvW{;C}%>*AtYb=T?+ditm=R8>{V z<>9{WvJR9FS~$>I%kj*e$@oSzV8*bj1RUEQu-S_|9*Vr~&K{1QOaord-t=Vk+^8?S zl2vKPOV+xql|R-C9JEJV{dj%mbwukcL1Db)#*<{;5E3m$ z?(!=MnAMmcQkwS>9!qK~94rjjq$mqg1H8(eEMZM&$$4ahIlA{6*bl+t0%b#sSMNV2 z2%Qv~Ho>(jOP4zIKg&~l-Bm6^AC2oIVQKfOeFp2L+$svtl;76l@R91DefrFVj-&!& z+LCk{Zn`>I5WjF(&t$ zyQwtBmrSA8pL`87E6GerN|=6!DyFOdfdzN!-AVdUpt^D;BB7rU z`L=d1(^GYiwmAd5!f~wqN_{m8vbcEB$Q45B=(QVLLxN{Zo|q_`{%6RpE=%aCQP*O* zaMe3iR=(K40y=-(-EdO_iaPT_q0^B07xCFCSW|X|yI|Oz;_p;D^=HhQand;PV)!x9 za$B8%&&9L7CqBGS_xCalpzM$D^B%LOm-3J7|DAQ!S#oV_%J=i&{`eW#+mMJKw6p-7 z^qHf^3D+i>)w`vg!X9F!W$kD>sj?z{ zR+NbAz+Lc=m5B8h_pSHR%>?U}m)psm6TRrIRx8#qo+KQWkp~y2pjqc3qg!CKUv!`) z!FCNV?h$pt-}*8o=hh|J^-fj37SVE-!OFgwsVXczVI-+mhI_bGU_{&Gw*|sPGjZl9uuLp6Bl% zE~LPDHs7?pA7h6h2A_~`jtzca5p2&2E&2>URi#dCDYfpU91X4ZMPH`0gt;;sxJv5i z;yt+2`~Q4=^aOs=PHq5~`_%<)@pn==vpIK8h_73c!lA&0`)5K4%ZHtx-~Z#I{dqtl zlw#7_zeoEz0IyeLw`&!ESLlCN`+ryaMF4;IzpMSozpH(z%AeHtJz0GMJb zV7bJ)ROl2~NuV4bF&%puWD}m)oOA7IP<2noQV4UMb5q`5g{K-sN-%{uW^AtP(yV zv|u53lzjhDbj#GeMHaIXBCM|{wrCohFY}l|`BkVw-cSxUP}14?6(!CbgqWNQaTMD4 zo|z(p93n6Fy>iaasE9G+x<9cZKqH93g?jk#^QLI|Y__mT|Y6nFMx`|;M#ex}!t zeFYz=PI|;nAH@RLZqDplF>6&lzJKzApD2HPe*7B7pVtzMKus?!yfZCFmW2lso=E#S zReX=)4~aV&3!EJf)mnj7iGJng;8N&ygg_AwTj|_JHmXaU$|~R1zP+O70kEz7C)n5c z&uaf^`|Q&%bQ*#q&tw!vn6>YZNI}1Qb|Hvw()@8iHs}D?*FtD84P;?yjdYZ@p4sXI z z)!TqC)i>5dKW>)`exQ&CL-pSkp8xiXdnfn?C^-J@_kcNn*Zm&zsibY{vo@0|s<jCp=|Jg3;jHz7F`jE<*XFz#=e93KAlLpnD$eMO>0a~A<4 zRMiK_7r4NdMr-Bit?Ah-w(KC23s?5^nfxZm2V+GQdNbh zj)UQ|7&wG$H+Kyj=Q(OcPvCI1a!GX{t;a8F-Ql{qXJuL0*=NIt)=^EoH+$0^%gO!i znIQONtC{rIFA}tA$1BMUr;*f|eScF?K}pqKQP2>)>0PI`X z#}*-6>PRQDe8L$@2n|G-P#J4X*NmIk!yc*wx4X@(z>ue8fgVrn*W%7+$AMYsTjm?- zsbz_E46_bytXrl?PUv@_eXf9(zqU6s{OQ3SyGK}@Mr3t_fLkn~7!WGH z$|ZNmCWKlTqareBzBEd(b8AFxm^p0TmoN{;Mj8IeF8 z;Vbn7At^EPOdvyTa8oT0F0~wpPVuY!%O1|1LWh8;hWUMNInA(gFX2o_eU~kXPbure z&awTx%B*heWkF^}#}wTkQ8uFuFrC$mKcl`P*){rNCHjTj`6X;%1ee0AVn4A_9sX$d z5)xX^C~sn<#>$aE<(V>}!SMVxASITljaGLXWGm|DCw(XW`O!s(YW{%crM?sY)vU7F z3I7oPqX6O`Uj}RLo%o+ztiUKue<%J4xZ)8Bq?ekXgo5MWiT~-A&dg}RIRCPQxNG?C z-{#sBe3mp*D1{lL6hWEOImKB|B}Z`Omh%k2?7ew%xg-i@)e`oo;lid>K~mYrRE#dM zXdH=$w(!EimsY;K$Ce8k>)Wa{5Y@V~JcXabxf508Q|A|5MZ=QqH^zPHCv|4nDN3pi z4lmCM41#eLugHWT2ftEm)}v9U<(x*wyY+)6wn@I^_Vr6Jt>?083mx{UJC^S>p*lE( zr7!dE_rzGXL%QzQdNYrAC>r*_^{uwsMX6j!6#6S95 zVlV1{6aRJp5dXLD#D9an&3_U9iD-0I9gXkA|JM)V{{cY!YXFG<*yG`5sts@XCutbG zf~>CNu45I^mL*L>pVJacQgG8W(J6$`<;8}k*-b2k7F3yVtObTYHO{FsoRkev{zA6RNY@O6jPug{R+8EWam?E^V6aP%6BKIq>Q z_mj-I@YhVhXu)&F`zh??8WkMdLp0*XUp5r=CB@EcwNdohne(_<*jxHY#Yrnkmg{&4=z}IWEmscDpM%* zEQSLAY}GhEjUHZ&0w)1Z2b{-F4w`%5zia!D(A(oKnt?0EGdri;#U-Qv{l!SAFO-)S zX>7?8Z%<%;kY5kkoMw2WaPzT3wxW`5eiLhE<4hJ0t~(%f>}TaBF|-+C_vguKL$Ect z;Jpk6<6LV=-UX1pmE>O>Y^eK!KxbghdVgGNuXEQ+{K{TIvu^LZHhoV*muvyY+NeB1 zJBs&leU7Y^eia>>C_SHrb#$mdubsZCJa-K|{8TVVIr&9IoKGTE>#)NdS+|NJxD0?h@eLrxF)qQYJIu@KD<`HJ%9)^3T+Ui1Rc-!+Zy{ zCg0xr8!K*>`$3scLnmdH`kUG!WCs`hj8gX=$2{pFAGHl}{*nF_|CRos`3nSZiPb7I z_7lR=Vdb`i_JKR=%{W!*9`75U);Qi~wGDpXz3JMV2^qX~y|2T)k!Qi4ko-ys*lOs6 z|Gw=-O}pCl<@LUjb0`#(CLopw1zK($76v(IP;-({xYuI}8VnKX5m#;9rO<8gA^*E$ z&UtvNA&!{m-8VVi+4G4R0IM_b77`+Iv#IC-`S? z$Kr4#gfs;9-5tI60v!HHd`U}UN&1_-Z_BgcMd@Ag9A_-x*uP{*J1$l0)_9r zfI^x*gx~LQz6g8ntRahP<_vxmO*r2b&v6?wIic$BZE`jHXjh7lKDB^ez)6D?iz?kX zy})NrolW3!gXr3*&`H#NoF2ThDQBESH<5p1!Tzc@%VV-D zfvL3_>bgHbr9VuGpdlNX2NxWD(+%StFokhtlD;76ylFIn1!7B-FV;wnw}w`;++tMq zw5*`JRav^s29xHKliwApz*={Qi^lFSCT;%$0dG;%*UUcoO8*5`1?Mw7 z^64ksSI3xX--@U;T zKA?YG0Q4_@)}(otn{~G3?<204V^Rtf(EI`Y6XyY-{|hdGA9dN{!nJlQ1^a?`6kF`q zYoyLSghw(6iTD&Ro83^(Ib}paE6$n9iZj1Dy_|h@17JGmT|S_H4zHiQU<;cDf>eW* zou>an{~7xa(QV1y&t@d5qYm{7i*PY^ANRJDFU|2YcQ7Mw+LVCDaT{;7VS zq^>Cep#SbFrCT3FrQr43Op_W}Ftur^O*_6Yp&wj(VGI~NBv5|3HVB`&D#R$hkx5H1 zeC5Z@WYew?O(1IAqB@xe$q-_oW*mimOL*r1Y7r-F2+&HOzF8_KL&bgc0tmwLfL`G6 zqZjZOV~Lv1M3`*TRXMNE)=e6}7ejMgGg-mwdmxBVGQIo@{nz%1p>6Pb4pz>SP&sw- zl7FUL%J!bzk1fnWD8AqJ9}3oT4?hU?HuXR4qo4~I4-^Sa_4AS6Bd;&e(a#A{S-@S7+?UN|uf)YDbg||HR87Hmh2Jm*^in#cz|#qe`VY?AMTyiI;AzR~g@+Vs zxrjo-Uim!xk4m$z^1at%Tg0=?(+j%JRTtN=i9m`U3jw_BD$o=v9VN;dZ1X+?ed4l5atGMdl)jFaSy!pP@AkZSPKrix%r zTylng`o7_HHTpGee_bWci;)G&Kk)laEhY~(%2uaw-RR~knbvKk%c%7;x?MMn;KGWv zrCCnw9RuhDU;r?`2`;>b6;nws8W`o^LcE@r(n&oNG-wPlj&Us_CzfpEN9=RJpVr`f zyRWR*s*JQ75I}sp`U@D3!km7U=kwiEG+sP_s8QA&P4b_r&5cE!5YTkf%Sv%gS(k}> zs#67&jdpOmS0t7ECYuoHKrIGpMg>t5h=FGoFxYvsFG>i7H?8EVuUkZDWqH(3u zdV4oJH-D<#i)_~nV}sEY3DZFlD>~zaZW6ThnW;IIOX zEsdQ7prX+x6+r2`s)%H~_&$_+pN*U0P%uikx+0`8CG(V1a59vcU9{>JJnEFP0{Ovi zL+Fq{Jy^`}e+^Iv)<9rb_j(k}E7nc-dffgoYhK7CD#m@WbC$Jf`i-z0Mfi2`kL|gt z zMd~8ipJ;<<)SZpSvwm)$EZO@a%!er{^0F3RFV0?D+Fq)5-!`Lu0QByr*NIC-{M`SkW7$=wL~IY+xl)nU z>ZNr^78FyYR+|3q03dH&E7@bOVJ$uwla^n!}(;`-zZgM@0bHgtW>beLD*^^96&wV?K7zie%`HIa$T@RQlB zCDVnvxDI-4ND@v!4{-xLp3SA+?=@;4tw3gvg3x;_aQn9vuzqg^_5iH_)kiB}DX?+n zl1T<=1wyz+ECH>+9?7{ea#z4l=$ph631d4BVh>n5p1dyjk5-^lWY9ma&ovv+3gl%? z8QP^9A$SGD34T3Gj*!?wv(fL_hDeiPN7t$yGJLI)x(N`MCGGTX)B1=4H>2nR{TcE!Rcl)>1Ky2Lq!_{$JrKV-T$p6Mp^5ylfU_O?vZQxrRwE_ z0oZ$j7(2S_@_g%`ds;Ja&)j_#xk`swX)RFxikNH)G=p`-9BDNe%To%(ui^aC;@!WY zWQ&{RCF*`aIqf=8p=ttw$q^4Kg7j7XqTCA;-z)clBCVcO-2L>=V3Imt>>qgoP`JQ@ zdgEGglHk^x&JqiDj*1#sYqptj5eu$Sp!8p=>ZVO;TAn(KgID!>;Z@{vtnJdR$tX`LUUn$ussl??f`TfV-2e_Enqu#u+@Kn07S z`uQajmM_|(A!|0e4XDq;Pi$ORSKn}GWaNVZfbAfqRQA$q2QUD&#abHbS)Vws`>j71 zfb_J?*8HW6XS9Nw@?`gzE2%$IRd1lqa=OcvdvHh+ zmLphvdARm4!5qqkBR|$6@X}#rc9`jU*{t#f)6c97Pnmqdg;xWT&L;Oz0Wbg@!d6}H z48UG_TJis%0ZcLsopR(G7kd%={Y@!_>G(SEd56yaOJ`AyyC$%q zX#w3n`upVTaMPAtcPC3S5cwGMf^avz%a-N@MCw~)XJx;4Da z*OU8>4&&Zsxe_@)O&wMd3~3WJ!Au^n&U$yM1FTM9imDo1$hozagG!Z>Bpo3~w+koF zDewX8x-c#t&7m7(A(4uNbe*C=h5pi0&Z0%RJDTZiKL2Se{1XheR0-vBCn|S3Ec<-{ zRN#7UJ7c+(IF^*M9wBut!wQ*|i46gJ8Iv(vBsC3GDMA~^uwtpIB22+(! z1B<2ftuHvxiy&;8s1)$KPPoS$73xhhWo^#HbP82RVCJ4(O5c{19je&0=EyW%0QZtd za>|M>A}hNQc5V`67R7E_&qeOixxL@u?<_5@_lEDsI`+n}U%U3&bY8roE?d&x#?Z== zkAZ2EXDiw-p0^o#c(7%vl^>!@tJ+_myR#x$O=VE8@7EnJ`ri=%9>KmmKUgnsZxIM3 z_zwi&O>`qtW-Ow?5BG%b4C$n}_c*_`o#XI=?-TII$qnFBBehKiUsp?{j$}_EYeMJp zO7?M$@oy_|h0gqPrt5VF0RBZDxI$iwdb+R>wcyEW@$ls>0{)QF_^2o6^M+k(h)6a3 zcmm>6IEhd(C=71uIjrq_*>~dRwuMwg?i|CF-zLAC-;jaT{Am=wN_c&M79$}|^S$C{ zK`HAkx3);Wp3rox*8VMnM2j@ET~{#49_Z?7mu6K{;18FC!ndN>X!WuYXvdJ)GODJ3 zfdASL;NOrDLxh1OJ*@ms4>e}&od^b{uM32dI=Vxq9}tgbef<)RN3==&@)Drw9n zQvFKU_!*>wXurPQ*8v-GxE3;)2UdlgX{4&8CKyUkXEvqZ+qsIx%?}%sxGWJgRUj6_ z89gEoh|dWn`ghOSGaeY&NEn@Pe3F%psF+Xl`L>U|c3JkYd4K*Q9dyn25et0%uUKHe$;`8(baXEd zYRz15^{)c3Iy@DiL9zuEgE?(jq+#R)ApR-eiGQ1S;=hl;yrIZmqV+Y_1(W9_+T{2y z*+5=o0T2t&+@{ff!~)VV5$~}8_(v@84So<13rquI0W3f)Kt1&l3m68_s({r&>K-ab zj=XM_yvG8)o?m!h_qbF{er9ZYy=D8noo_ybRbB8zT|OXPzOi_|z&?GNr5y9aBPa8m zIa{-EerD((sb|Zv_Lv*g5_{`4bQU=?mK2AyeGp-I9in@rv zCqH;3jM|VIX>y?odX(hN^YEeTH6`>|LnJXF@-20JBThCnsawros5Z*GW}2H%#qso=a>C( zLA&mbbuL=Ba~Fs243wFJ2w6mp|0|7SiLIY$99Gw}ozH&=R!~M8a>Yonv06U}#;Eh05=?)7&D) ztnS_pE;iEeqWsjphjAyKy{)Wt?7p6z-2sUIfe+&U+nKB$f60{;aCBJ}5BZ;#C=ECu zN3fYfXh#J7=(^are~ABx58^+Q~a_$xnUy+KRfpr_n??RRX~9BgVEdV2kvXEyHaB#EN~uLB^iIyvxl( zlg5|~RmF~^Y~%Y#l$^tWmeWYYoB~ASsZlo*;X7y_nA76o*%eHI#1sjL|5sM+BEOjRIK^_u1{MfNkMO%m!;giRA3QUAmI2TQc!2fSpOEc0`Z zk%Akw^Y!<;{}~smG*g=>+vM4e%5u2Lj0d5hMiL=`kzmsu68%<(S<$V|x=Il)#TThk z3FWQ2+6Og2FiRf*{6~ZTM_88#rP{e^ziofy&~CvEI3%8feJv^kb@YCU;q)I7#zW^- zH|%uoi1=lSEPvj*$6A`vdoCmQ=w-YV?i*c{{TRxR_SKbr)>xZFCT>)P?6R z9MHC>x8AE!arOAkJvOW7b^-2mLqs_hEPKK%bd226A?aM|?GAbgfyAWtqRkFh7c|Ei zJS~@t!}WIvKpdLoH?5jsbTSPGoXjeC=8r)r)VX38`P1kVD;Kd;I_$+;762``L$qdpy!yHs(8AYvSh7(AY(C1G-9l8EA=NtF7uAkNEFFu$Ulxm zc198XB(X%Cm%duiBlK$ffDLDpyq`~FZ+CdBKMdWTipmXpPpr;3FB|P$;^z(cd9?S9 z>9?S)YpI5zcDP^+R8yRl^I_}|nKwitQ$iFNbCT2m(7)h+p#S!F=znlG)h*0Ydtai# zBB4}+A)06xn|72OTX++xBo!-$#%V~tTW+E|ywD+)7zT+nypUgS-0wKp5kj2PatxvN=3$dU@_Uw^P z<^uBs<)8he@!1MoNM^{SN7clf+2QHxSAfWu2-qiaj42?PhAE~dg)JrA$DP3@r5HdK zE5cQG>5=xVG7F#^ybjc9zt(dQ!PPDTi4o348o1~M@}h*;QJ}rVlOoqWCAIe>a+bFP@b92#g#}$7>rL%f7%7$^;kN^^ zg!vOqNj)mW>!MeHka8(#L0Cex$gFQU5RfS;mZM*{WE9A4iwScD)T`oe9YUK@|*7`q6)k4L1rLb?EG3v>z4Me+F(tI8z?6BiNKw0 zR zD>*5Y`~^f+f4kd+WuF=I;Z?L2D=U7=kfMwv@HDmDX}~-p8&^=L2;L6wAR^9kIZcj$ z*43ug77jiPwEtV`KsWVb@h{}oQ#y$%s>Cmqg({_Gw;lmK+ARE1IFh@k{BZp@V4)8*R?LV`)XwfGgfKwp&*A6kRvOdV z0ZK8jF|}rKhnYC%q7bF}p2+)i%sc~PDr;`#pbDa}>C^EE67$Od00ltzdk^8*0M;=s z&R`_@v$h>LIrks6flz*O5eEcNFbN{?FFFV7pH5u)g=un>h??7LW5JIZ##x&L_cFROH3gVJ#H+24>4nUbjEO5Aefvjgc20! z=K)!%E$;}V_SQs8{lT54rnVp&`Vnkzc>7vXsl{oMnf(iLrHq0qxdGXZ_VR%(By@V&UM7D8|^pME(>jiR4OKh?WF7nmB|)Gi%X3UWzY7mn00n zoJ8b8>)Xmc*$6k`(<-P`T)aJkTo9?CsE6g^=wIG=f+KIO^NWACq+D1tL<=F_9>sQ+ z?!-$?SdMRcDWr8hWT$gVb!d`&zTWF+{q!Ha%RWYBcq*guJ}c)K{Xd6xqjo$qoc{F% zfpo)*xt7e-@+%TgFe*sJu5mh}v_T$5u%r|^hYJgwFFoP@3TWErJ1axS)Xtz-REhDF z#)kr_p$Z6uHrpAX?Q#qQ$IR4(o61%skvSBYO0o2z!Ui?xbzH{$wZt%hlULym>ePnv zn1d(8-+kh7eoNAqs0)KcAt0 z2=c`UUBzGG=7{`GfUrYy{y9H`mHMM0fSE-puB_4fpb1`tPqTQ#bP#4Rl-LFVN}Nxz zo3TSaV3)@K)0dnRgZb^jH2us~H}Z(3=tgbv4CS=1Vn}292aglOGFCwt7klQ5o-&aY zVP3yCLhB#*5TzSY=2i_&vI^4Pa39B*Ky!wU?eW zJGxRhh5Gdi-IKTaX*5JM#GH(l6Kr`)Jcek-aADWWRQBPd^1QP z>yt$d3%iJtQhqTf$~ru7&c&kkNTb@>0FT%i3(+Gatww z(v9bXL28bwUY?+Sqtwzwt6Sru5Xm$rKVdi|t|geiM4#1tLidy1-;8f2Un=2P?W+*m zf3>A#D9r!CMh9J!o+|exEnQPTj+_M(A}XNX@aj=CA`l-g5~gvSGy-#^pPkG#Korc< zy2!pJ$gU^US8t(Lm@EUwy-(iCBW*9{VunJ2XBreFkVV7v5Jp%PI*7zC$$J6^< zeuw7gVLd(W{L#pKyd#S;olG)@*4J7>eIb1GkUgues4D_X!<=fU2DBYx1-lpJV&yq> zOS_1}^B=|VLF@eeCb}wiNCEZ1y5MH2wZ1kGeOIFxU*%XyvyXu{ttAa`)1ki;df$Co zrZ@hk<|=nS-L2&1J2rXW)pX#}&GvS{CGB;F>oa97mRdCXt^uI8-2kZntB$I(H@qDX znFyms?5ODIM5dw9ggLfRR|Nzsfz4h6eG^36Cauz-jjln@1N={L{lOO3M*=*ZK}RN_2V=xe7e`~(*8iDsEc zJWt*D`))CI&9D>J(1?+8Bt13yvpSet9BIs+#Ry-<~hDe#D}FRfi@K zAxFvmiH%0eAJdXA6dw3ghzd>j zYU8_G(OtX3n!v<}Br>v089cUPA5-F|atZi)KncY+M8f`^64?SaD;e9|b%q|7$LCIK?mU>msIE3*Gv@+A5` zTko^GjR4?E6M~VkAS!_R_j^5kt$gPDQdNo*6Q=XFFfX$kRM=IfW}E`7cs4GKf?#P8 zU3Ub^K19C97|xMN`;EBswaFUhGi#!1gF#xhBdVU&F@tu1LmS<#_QGX3qRgiX(Mjj2 zY|A|ixl^estYu%!7~@02>)WM_hmfF#Oj7$OTvcdSM*6_FLT{*&vqTe=UG*3lf#;u%a;vJAehiidn|i zKW%_R4k~Q)@+`@G%cC_+*yz;NjD}USw!8UbX^%V~`&c!YIQGTRYy`f=_npxw~u?lo7HqCi4Ij<4Q6(6#*o!OGEE9uv`E`*~=Kz$!@a zb29ySYW+{$X3BC;7>_}b!q8*krLX$z=D*pJT_c_kq9IpD6<;^k5k&=x zmS>%$^Pp9cl_#$VT0oDCRT7t&yUK`{xBYa=jzNe@5xP&ljp^q=*A}PsZTX^wojQ-A z8_;`-BY}6X;$t|g$H}`&rzh$g`*U#FwX4TaidYV)EY?79gz2jqrenWSy;}fAM7eAH z)QWd*^X2r&q$~0X!N>&R`HAYIGelq6pvj@)EWea|Bgp^JUAbZw4rlgqfnS3Knh0XOeMPdcoVWF43?m33qjig z1{tBYGms=+j*(Q8*<^?_Ubc>*Rp$;{`+)YmogufH8A`Q z^W_Y~0n$I>U+MqYId?EQ1R(ueLD&qLw2KK7@!m(wj`*2RL)G%fzxgEuVctCWCgG121T zX$-0d?d4^@kZh}>o_lQz!N27iziR;_<=G#A2>1(MDF9ucXCt{`=pot5nvumA~mlP6P_ zvvyu-+>x@s`zfqt6!L_1PRHb53xMQolB)~s9}7VAKNf)4V9~%o765y765wnhzyiSO5|hwoCYqs9TGT z|FHm^`7;3)K&pXII*<=2zye6#;E>hLzkFul09XL(M)vO(fa8Y+;DH5=I#1Rq3AtUR z1T%tS4ra;M=lyno96@O3@NzwLRz4$X79H!p`FoA0f5KHzl_LDPA!TE|W)nQ90Rd~1U0c;$4-K33*I&Er>b^!{2=J`#Ql^<j9EX#7H&nyVa18tMt>MqDA8qzF8Pl*OvjIo>qU zG^*}aBjpfxp!4>@*fa4;^1?g~FI#Ib4(LxhBUim`=Z7ud=-vCDqF!FZRybbox=-is z&qN-U;osz1aIk(x!Ig79(eyLgLP5cp081{zW1V`k*__Y2G%s(f`PJ_ur4D#e)w+xZ zZTFIr%B(!A-joKP5uwV({{BY-;08zl@M#XCl+4VZ@<6<5UPhH;2AS`jnmi9*9ZRxs zgfopx?B68->F_C)AuD$aTfAonog1ze*Cr{5Pl z)Otmhgs#dKRzu`m{Hbn-vrK?veon(PD&5xcWx&*qO}m1)?RG8Q#<1UeMGukJrX^leKl>US0Yv#U}@K?FKBg5gP3wP;q#c+&h}zhe+cdx>#n=Dfv?FKWzr8 zUHd(YgPly-yME$jqfJ+hTUjNh?8TSADc(Om&Ja86SK_K@7UVcSmTpD8+ZI-LEO~<7 zc+@$%Lb&Tvvhh{v^Ws|Lan^2oJL#HVd2@Yp3m=<$SNN0W`c@02b%~3*d+npIdJDVm8mFV{HJ8 z?hP^N-2$KwbE zMQ0odx405zi91uL+Dw#Qr<3HAf^9rmooCcUYSX|09aP(AM}@|fk4-wyO4Yo7rV1zR6RJFDOp^0Y{E!v1lFonYYAF(y)@kp`Z^)H4vz0lKLmD1tntVMRVVj1HX+T zkC)orXuN&4AJkL?`2J{ArH*vTZIq<++De@HT5{!+{J)zmbZV|AR}aa-cDS3iA^fR5 zbqworZb-TZmM1G0?zNXwgS^w3_JGyhPDxOsSqPvH{b55SqK7{}{q7I6R2-@>{{7oG zh(5E=T9zF$vbNr^D~aV@`BzBHG*(k%f4Gj)JtXw=?9$nr0!iW0Rn<+tm$O7!O?M&r zA=Gb;f{qpv9fZ3#U4wO2z4BQ#L21@=VDgk}oH^pl*L}K-qab5Lk{fq{2*^5jV6JWW zQa(kzqY7mb^Bt7~6s?}3Mj+@4p2~`ZpFL*6&tHXMctabt>3c&`=`0~xA7r7DGS*Cm z=*>hkJ-9izJ>CwUn$9A5UcTRNT}XW>|4+|dQC?c=pLa;=o##!bD6Kp>pB|E?^0wy2 z8cFT2h6-Sr?nIk3x5FhN4bzA`-{3g77ez{%;ll$6pH|{oMj!|JMS@f42aB{%ZkDL<{`20KSGDX4VgBqSF3r0pP{DakvG> z{j~tf-YtOB*}|=N3jjCG>0b*#cKplFjZ#q;`lch@IkTD83hkACB9|0bEjrn&r;5Xk z##FcdgI4a1VFPm+8#t|R5kJ1e29j4*xlc-$&IRza?pQ{p1m4X`wii3yX&oYBKF9l5MLLZeH(^@6g_rs_TXQ?xAVD`W)DDQh0%Sv zoX@@|ApC-Bc@F~0#Zm0Kf8U8Z^&kTM!`;=o9QWAN%O%NF1lO2sW@kn&3LXj4)Vd1r zIX}7V@d@~dBbA0d>oNQ_HtXrgs|@i2`5)7n-s}@Ax_-b5xvPNv#p5~u})+}{3INNd*#8MWdSqQMktBXI%N4N`9wU=H$dHH?gYT=xu zV)p1o302atST37H-qLDsp{2($e2YLuRRegt5GVDsLs95y862km6HDOY<)1^C{9|3v zab7urvwwQA_cbr=nKH}mz)SwqP;12p@^33U_ojV(0^51$6?M^~^X$beCv}C%OB55K zfXie-2U+K9gz$Z_EQ~t=&I}f+nJ{G>J=&kJzZOk8ezT;MGwg0BE4 z)qfh_G4GCaEHu8$$;Vp3qe0DKR#CG7c+$+*Qg7Lh2V1r<&jc&a_&)W%v%sZ5O{}qR z)8%&vUQrTLNQI?xY!j~i5|+=QY$1R%Fyp0p7ar!-Znq+3&pb@kB>v7)!+ZSkv@G-nav&-(n}Fc8QXQPA2CTC0<@fqw z0jzebJgw!qvuqPMYR6Xi7Z_3v)rPr9KO3F$W!)$0jGzw$o&Dg*hv(P?*EG!n)|4aZ zVtfT+UpW`)lDaxla^%L7x>qK;T-6yWba%c~&ZJ$Y#FPpClTFIGLRt3}h*zlun|08u zY(j~G5KgY_TY|>qP12v=_hvy{23-RZez|p^d&s)d%mBWN zetYo)f9(bAh|JvsY87{=2QTcd*FX5!@DzPuGi#MB=z)hHiFlu5`MNB z1O&NXY~NW5k|4R}O#^W<+h+o`XiQO&)`u2CKoh5;dFA_dh0qw$pbm~z!1iLjcy6An zy59UKB#bXyQc;f+J<1o~0AFHYpWiyrb?)8(mi8bNjf66OEtE7J7V57nHsJHJ^g#4$ z9Q;*8{0O2!XfpTVSpVRc2&W9TZ)*f#5~i3sjKNC{okeEbR?+bpMD`2HaAr{`{EuE| zppa`x1+og!g7)A)sj1I>SxvG=hs$-nEx6K*C?1|BFhe$d-MU>gZ`Zp-JJG}6l&;si z4#N&yWS&J{hUlg;%}gZ)2rlr2=a=B_l}@c73|u#?Aa*35IjJ@sY@Xg+vA56agX`D< zB`1yp-C)>p7BzJTek8_;-UZ=P5xV9jeVFRm5bGUQ*3ExS_mBRW?*Do{>tbWOZ+*kt zs+;&Jd)+P&097!`3dUR6`I=3?$8F6HG>xj5MmfzF%r`17z3YPd3a|Ud_=>O*}RjL)1xY?X>lDabB|zo7Ma zAbBHG15onTr%%@`>|!LBxfsN)!>I9A834(L7!PNTV~_s)_PD3yY&zy5N?Pm>l$3Mf zaV9v3yaxV>CMudY6L*{eQ+lXc4MQg?X%0BnXRb4JpxQzTZSJXPJ(3F6ZaJhR#SNNI zwl;~x3#f#0wTi(S+}Ew!bC%NbyOQt9e?Yh>vudR*K=~&y593DJZzg_M{%h8`=--w9 z&v`M{oM`XLe{cb{d{}wizsf)Di7(2nTc#b%16LYG`~^5F`W1r!dP|{^P*vz#GLPrz zjGH`Mezho00yXu9Hwn?rALDv(ixuZ0dKNHt?G{oXeHUahoFLU+6mWVQs1=&mFC~WE zd8oapoTO<Xu#FWG z)G`|kao5%jE+yp*sg1ttp@vn{zRV20JKRy5R`UA3(_iM7RLEdJK`~F=W*Eb#-?-1l z<$~?JNJn88hJbj<3z#KYnTI**q5S)X&C7W$=Hw)+HWs$2spD*LX?RCYKMLx_IVY_c$19`e^V2Ft8LNN022{{_?kLu7E3LfOrHuJzz1JTG%H6P^MG7Pd(IR5ix}H3Cp_%fw;-A- zZ~^cT+Ts31I;JJg1(@7?9Q;cP<4z#imOL64*5~7kpc&qOAR&O`90?Q+h?yn_Lnpr(X*! zTK#+bjc$Z(fpmFF1iono=RJqtSTuX4|x>4jhiT zN!*8?QDbtn)f?~dH~Wt63U(F7l=C3JS?UC)_3V&)wMZQyQFgQL;8ng zwxdr0NdG8vd7@DovEC!1IC+djK$BTQ%g1IF?t_qUgW(_zvTp+oN?NfPtUgre@qvjC z(FD5s!f-8o{CzXPSRa`v53A`6_)GHO82!4?rjn8PPNh$P|X^0g$Oi=f67tUYr?bqu72+vbrWAn+B;uy=oPhK$$N}hb9)Ltxn{23*_Oh=n{t@#37PWPHrr# zOgx9QT!7j33}WqKql0LR2PRBPQ7x7oi4&jfu-s3zuKG74Od&8i8?r-RvcxB80}_cm z-KkgLDfzEngUG*Czm>=HAvbLZg))>4un)W_o*_&oVs(;Rgw@Vei#pPs&}oWgA4++$ zx8d9-Fem4`mzbEGUBi4uk_L>&l75iY)vY6%maEE_CYQjQQA+a#x5xZIIv4K8shg_~ z4%TQ$U<)iXR21tW$BO9h8M{n|8j7XPpZ&r(YE~2dA^neo$=g$Z?JoY1{*Pf%O#hMo zL*AwT!MI-y@6vz06ICE3*}L=)32!7AJOz;c5ebdnrGLlDDl*~;;tlg1;unGQ+Ef*B z1dZQJ0cJ%G!#QM*$s(*QzkgQ3T zogiC&8Hjr}d9JUrnprK(J$faPw%sw(3DQC=WYQsLiY%LAarj6KZRTD2hXhFflK|=8 z2|c3`>IbjM{{Kk-*@L+*;t!GIc{_il|KtCX{xyDHF9qe{(@xtmy-WYGtihn~(tnC} z3I7!uKXBCeErX>!K>C+C`v#EyMK$OOq{~K9h(kD&-C z*)lDaPXtXYNl|9#C0x{GtM7RIImtAfw|mPu%6WKv`ApD?5YOyP^FjV3I<13ckUSP( z!4KZ4`GoP2f439Yj6YGtwb`5{{_e$=fT1wSnT{TyDm_9TB_&N;BZiU|?l-`%UhCqK zFD!rnF#x7v8uu%FcQYNigFpWhOOry&d@q}xP;08&wbq?!ghK4%(WF9VM3ZB3;`@O z8htH4_T5b*(@L>X6rO?X*^BGo<-oX*dOd+{FdMRIx+vVvcgy+vOwB)bG&qdsc=SbY zAbDJ3i-szv;^bP=c2mhxG_cgfZzEMZ){6d7eJ5TcjC%cK<1J;)w z=gTecDB2xBKvx%r=hI(6UqsCfKmJieUe_SUkX`5Ui(m9d%+S#L$^ib3Gr0z1L6L$( zpb#N+r@lTBYMQj>pjoS}W*&i%5I+eF&x{iSXHH@@9cs3{n&w_16|$fn69u{31^pFF zV3?0vLJ&qJ;-EV=U6+eF58fLSR>53q7Y7H28y|<;lSS?O`H~GkEP0|*`$`G@%Rm4I z%Co~PvzK)zw$l#WGj9!2mfs$S(r|Lv_X~ct;q#c2-r9)3+3zI zc4>^Iiqj{|?r_b;%Ax)fg0&k6Z?v@KkjXaeROnj<*;4!pYQ7V*HWMO-K?{)$EVtS) zrV@OA0=p*{;lE3khI?PwP}@Oa6-~rc1kr_=PH(Pn#_+A; zCu0db!CQ*}_ceoacF4shL^{w7lpdVT3-4d}Tr~IE8HTBHH$!QvBP|c(9jJ1&yc^sk z(a!w5Bbf~+iDHKvcZo(i+I}qWqfJGUtk*t{-*oFGNRf(!Y4idgF4zkX*wgRV$sOpS zOJrGNtOG&xl!M_q=p)CITZ=ra(?AwQApKDTMt3g-PbqV36tciU4%_CcJIlCY%f0JN zqyE4Ms)v-U<8Q;2GgZ7YLxy#xU59>YVX70_1 zt|U*2=+WeQ3$6Kwo6u1(kw<7Qg>Hs|GhR<_XK6CW!a|byr>HaxHMl5bappp7(_j|n z0s{%`x%udr3-}Yc$tt~ zy~C%jtY}EZvfXM9U>$C6naClN;O+@^;mR_+!+t`)RhDOFR15(NMKlJMFAJW8q7umfRaGsKd;Vs(uu?e8SiW+qc|3Lq; zsA2H4xyb)O|4siu|7V}c7rKuRUYQIElr)brXt{{&|3d#p|3LrQrl&UODq|9C)g7o= zr+mgdAzvGy^1qBezk9<;iu8Cmfa#r_4{N`fgz)n9)fWVL#7et94DNrSf0Yvi%u)ia zKapl&YfBja6Z*gVU(i3={|@~p7c@r(l&$;={a?u(;q!Tjyq~K62l{s!x3)fEDfeal zFX-RJxJ~DwL#khv?{CvMA45Jg(&qL94SG32M7typomt&!^vNGa@PiT(eZ)&Rf4>q| z%A%7&b4nAj(gBo_3bZnZL6<*8xSqKU6v3jyZF@cQ>KT@*Y(#IggF?m(bbhsF%n;`N#6F-z(n(IQR?epsjoU1N|p+ zj1l3CBCMfx7!6HhKn4jKW1}kk)R|{N1wqTnWWcJ6h+))0LX4Wt;y5ZoT)&l2bYxIC z#|dhFl!jG##iAXm64L;!s#7JBmLZ4=pG0zvd&H4dfYm}T;c;R^=L+Ni+*Y+B3NCA@ z8rC7dNfLI;pi6C{-MuzCIgyL$^8m|9XKmsu{E>Leh6q0je-HGyh#01V@MywdAQOu-Pw|LFV!{mc7&L;u#cwzV%yfCtPRxToo*0G=+T85@Wv zI}*PdJ{FfZ8YkAI{Wt9Ghnq#;aba`7#s&c(bb+E{{}5JLIjrxonfE&+&j2|lQ80=r z+lx^Py5UNwpRNZkq=ap34qWtVg0$>5 zO(Lfp8$l<~3GrKFY(bsqB_*NB z1Y@x0H*0<0>+CZ;*>gxRg`3ZpHp2r{jUIF2$0KB<@;E;jE>#e9$Eb)%(m6H?hW zz9JGy@>@-FRxB<;M#6s#J#%Y`60PiRY`vAeuM~MZV7jLlji)_MoN+VC>5;bFRrPt@ z&S;$ZSTWE_!HmI-I;mSBC9&ON$^bDJ$mYm49Q#Ax;)rXyGR5g(n+(MdPmuW3b zo*=GLs_TJuC{}~lE^eixINuH*foC`i)T41Cgi^Gnm%huD39;&^kFUa(f*eSgu-I9D zX@ATDWr+U4BEQ^xPSYZUUFWCk_Vjd6p>?`{j(W{cEeZL+m?lB4ioF!Bcc<#+mBGk( zVrPxoxuN7yMb)%+G0vf;S^+sb95xS3@Y1b$YeFtyHQJhCL*>gkaR*_iNgrL9Jf4Vg z)CI9+yVHWKRIp8JH$pEFo?k(HVSam$#kst>x$+E@;gG6?u&Dmc^2RBPUZMeh7ji1V z@({h&%3^azMkeE3`ALZ;?1a)q0^I!p?7Cll zwe)nnqXBLd`Q#k|1@6;9Hd{&+X^=83z7|nWKS$V%#_&~v@@PB1w0rk&sam5a_({5* z&@8%6)hZhTU~#4ViNmnU+?IP_WBKPk5@j_}Ncmh%4yCIIBu&Z?K_CX4G?_JukVUpU zb{3m(vX)oD*)uIp3s~_?f#eKnXd5@C=z8$grF0WKHokks1k-36)eMrCNmt+tG^MI^ z?7-@(D}4WoP>yKDbU%6HV|0FqYs>lcQq>dGY-0Jee_kb}vQs91Z$J;D{YIDxCKzp6 zm$w|%0orfsBQYapV5~npHu+ci57tFNtLS0)NBP%StfsA!_rrZNVEOk*uRm|y z4UtBQ5U9`9u{|{z>22pb-goMKAdK?r!!l=I(IGTI~X?Bf4h z`7akq(HnGs`BwhZ{!#ur{!#wXFsfI&zLo!Q_w|H-m48a)L+L?0l}_e=l>cI~z8u|` zUs%r^@&a|kOSYfPqyJ0!@A`fHALT#RMfAUv|9NT8Z{Ohobf`5+OX7 zOyv=a&H)$Z->PaF@3_((4+1MJ9+SB}PSyD7aY>60aI8d=_h7fN{H5TEUX?AHNu^18 zMaoW4IqM)4jbE+JY9KHrSa&m+v_O>W9(}On7TvXkn}@=r+AiJ&Xnlo*?$58Me;+?f zZg#r4zaAI%Vn*1f{1Np5mk$8GFK2Vc#FW{6{Q}vF#@DOM6Fs?@Xg&Uo^g(ly6t>w- z;w^_bW+uW|>*&9-RAa1rLgP+B(R{`%L|cilTx$I3+Z#^G*oWu3mv!3~JaBkTPsYw_ zOuF&cJyZ$7S=+HaAEMI(FD%J1)V{FR_m6p_H};a?)BjQa_x`8yPyUbcpLhflv=Y7w za@+l?(M3L2`*id^u+W3s)3Rcf%1y;;5qoiQ3^{N{6EXU5GLw>QOR6)#PH@E9{A2Hp zn|gm3s)P{b0+ID@{&Cn(8B!s$cyYjTODgNPN(XRa0lGlj}_jz~FPnOWwcDO>^ zAL5Q<;Y&6_H=@GuUZq67%jDBE<(~6oj;gH^6%mzBW!zkUB(BdcvE+y>EAk}|t89>( zB-^wyqN&9a3S6z$odLhJ(8OADgati;LMn)k`ZlWrbV^h&nmwE`Vh)YZox234Zd%Gi zHY~2uN-o|4sbk7`yEvVmSpHT1JG<}yRsO$Dzm@-YfL%p(^naB95BC9p>+Q$4@~_C} z`T$t_f0Y0Bf0ci+|4sSN`Bwh#z^}^u@$mo9b-Rrk2JDA~x;fSEAt2tK=AP#rysOEa z;8Skiowe1u)E0am>Ez=&r)H_7sEhORNf6|=b$uUyOFOdBzqG2UaC?d#GX z`#*oZON8HYiEVm=p0Rq-RPU(|5MmeLd>%JgdURD!9_9jVS&42wldQ%=$Ze0#`m5sa z0!Lvj>KCe*xPJhtB(>WIe6;-3Ng~=uY+6@tBh~R4>x|5C8D)Os#F>;>K+CuCzxuE8{~^G6SK$rN9XNMS?CELQ=>_a~-Z=yKhfM=AXX}l?h%$Cz z3l#NvVo-p3#?9RXXMp!{f#*5=EA9GAXe2{dcg$A879MbwY6Fw+NCR4REs{ZjR4qm6Oomt-}o($?-k-S#cC}tr(dj z#t2^#hn{_Z^+XZAD!Nm%Uj}^^b3T}^(t?LsP>~S~0=uq!^^Ue(7>Y5rT@&|FaDjQUt|6AF#Dl%c%P8~PXK046nJp{2`-fkg>yG0ki*jxL=fkT{RD7sb?&-K z9=s5&gPH@=OvSAa(0d8eB|~Chaah)0X}rUI9$#(I;JBzB zdgRk|$(A-`XLkIbE)Qi~h802*hX6K_x}q|$UK|X>+?Fv(syK`xf;rXdT&s&ekfVgJ zyRFNdA$~2U7;;`E(UCq*QU-En{mjNMESRzDAm%6KwLpb;X*dOYDwE++cU25fth2v& z-FtvyS!M6;(}H2C&AXtY<68@%ZIOIE8%V~g5yRq(gf{Q3f~U z)-d41z*n3(1CSE%+ZEvBwyhx&i=f zTa7LT*;D3p1ZE4?gr`r|MU*oy(^Map8f7NjiI6Uz>|>OX*WtIVZJ$(b75Verqu5SHt%kcDh56vkNF2!kd_n{iSOFYol|!7h9p8oA6 z`-*WIYp#b{e}7)C5oo705$H%ln!pj;@0@B-$$O^PnJ^AkGaVFE!zPeCT(_s8pF|8L zVx$|&&zUzeaOs)vx%I~km@oJY2`Aw>Xu8vgfP^~&Asyr@gQ**k$o}~fXQ0A5e?fsO z*#F0pSpGr=vfspjQ@pa!UMcP8RTHaYHMw|47OP#Udsccq^*$bHd9QmmO*z=KRJvGW zCn1{Y%^IBXORxE$g9@bgfO!N0bj7* zHo`BZZRnfy%u@JKR`&t7UxT5D-m=j?B@I0KhwB|=I(LNkfUR@A?>GT#G*TNlkX3++ z+7NBZi#mFoWf`9z8Too`=4LrsprlOH&rmMz;DP(_VQQm!G*Qz|6(NNrEJ=xeTVs!k zo8TQyUN2J?EWx?!?Fe;Z9Hk!*N=QXMK+=&se<#7a$cT6FCDjfR9MWlwn+9if5|*xi zRUtJ7oL)QBr@^ia&f``>>aKg;qX|&zy(m2bLbCoR_+5 z6jmq1O2Y!iHg!hxTJc0ZHse99#P%_huz+K~X!cFyEsuo7>;z13N`v0M*K^O~2V0@E z+j3bNCqrO?QJ5V<-?=hU1(?ccASvl=cohq4Lp8GeG+V%ApMQ~-?Q+7Xn^$`v->}q$ ztF0p8^BFot8Vya2oYy)V#jWFVwTsAhBW~s%7{B89dsXJyI5<>dCG=5G0}X|6Ui?yo zJTim#&;4ya*n2?DtCOoEKUzxKXaSm{u7;d$bjGQDx@+`f$U@vqix36cV3O7gb%j7> z@Q6g7@USP7#u}6(o*E5~Fux|-nzN0pV1_;36mI{LSBtSw#R@f-HlpK?gd+!feOOyS zdXTX-$t%2K^yD`G(s$qeB+4RYo+qm@Sc41Ev?w1wIb+VUHKk4+*?}ZZxhgW`5_AVx z9>4tfFC4OA8j`lrp>F90i879R*9jIN=mtarNt}MG0?GIENZl*k&hi-H;u91@#?_hT z=mJKor1}KeN2t63nykNl?CkfHxI7AG1~@yLpdU;sW-h>ok5+tXv2zz+qoet8d7Ag% z_x76=G1C$xG-4h@A%S>Fp_!q@edNA1rnLMa4_Zu3w8GP)`BC3@2a*|41$OcEWkN26 zlu~H4q)zwzMf-3n8RDAg*rnzy;qj}9U!y!pOQFAk%L}pY#(HRG}W+iWod~ zo31~pHGYC+JR_tgr@snk{~A8mFM>^Pg`-!B)Zm@wye{zwiEUoI71hv6tO^z__cZs} zlLAq-y`NY+s;#N)BRP`h<@PMmOO3M|?}zE`1ixDs!idPzv@sd!shZZ`F>P+xu zr#epU3KkXFEUy}5WFak(LKd4dqe1sh9+8nqHX>|#jMzp7bGDZ`zm49{C8tjPbOyn_2{t=164Ay~XXM7mf_ zKjn}LGip{BAwytI-RPc#)`@0m4=)n&Xam%5b*;XocdSkm{&!!cj|>*37foFuOI_1b zEIQ*+f8G!CqMmX`B_+LurK3IJVMOlIWBG8zSW~4zbJ|~Q!dtkMFX2!$u4!+gVG${2 zy`r|A;frBS=f5UwsgIA*IopE9p@5V2!Eft^JIP#vs>U=A11_7L_Np8kg?~v)C1%59 z@d3-usp-nsmzwYh=!)3!%qC_RtTuO?Hp;gC;1b?BIcZ@0@j$(a1SX0;r9AE$h)1iA zHz>IaY^ZK&w!MVDys9Ewy$({m!-oTApBG#}NKZf=-zi8!0j3Bx@hF9s-hv427T6r4 zpFnK;ja}a4vDgT&dr&%ST2GTm@ayHX_(S}fa2UbNLs?ia+ zDO)s}cD)533vAL{mYfRYSPX6RB#FR0efme!ssz%~>aKfO-#9*fnOviyMWo&9M`N^D z;aZcfCE2U@0~bAKq4P=c`>gq_)xSlGu~fLKSfD^g*mA1By6MR}TYOl(MCMZg1r~GNDzA(lQ=bwi8CDlW%uxYSWC3bw@18m&=rxv$JKnpp zrpntrd+_vaB0Ln$Pn#sW<&$qZq&6<7pKMVxF++CfNh?oNN3V8>wR~VFj}ONm1}(== zXGjutp2#1oP=5@%8y9hg+i+53E7i9iBD8}s%Gr);HVkMR#%>_>$>>b9Px)I7hvK`s z^Vt;v7BBLjIm7kavB^r5Pns!z(VNLZu(@uG84e5>r z#fWpTXbH>_eM_|lbm<)fJjFXKzW|sqjmS!sIpS2M z+WpA5rqWq74;1N;lELMbFw?4?HFy?HI3?DR@FZ2fjcP?CGh?qaU^pPEu$)-GWsa#; zk@{h^t|JFniYTEh{yO4Lh=m^H?JoD`AQ=$D3J@h4DHb*eXTxtRc_$-_8C;Kk&D2x0 z$EvCFK7Iu(u=U|;-fp2i>6p8M8CIWj3y~&PQ2VBP0bSS94OR%E>mV9h1b|G|EleA~ zMJ_NN=OL_U!A8dY2>eWB3hrKz67YI?6xuF1^r-Vj7u$q0EPYMg@; z?A-C5rCG=C@5;H8<(9{rVyGP#=*17U#+mZGxMr`+Q^J)b-1Y(f{y{YHdZ0fk+U)tl z>Nr`2MLE62Ow*F3^>ia=wWV%C2CdSU+s(K^jg}EYE3jkO5b$jWlzeg_@jSRiuM2w; z9;a*9%!0SC2B0uPhzxQwzX!c8^>+G^qN7nJg*nj-#(IO@@?p4{>m0b->hMhP7io7D>T@5nam(JJwg4N3mDmXqH`GKM##iwc_Tr|C9kgO)0>yG z&7DLd;qaV7FsIPQj*ENQSmH~Zt=(&?v@l1$STU~|&8dkhp3kxh*46V;Q2mxgEM4aL zf`2jgQjmlwSnLD9);At*V&p6Dh@VvJL`vNVLqZj$h>4=YjhJ9&Z6g@N5Jp8Wxe{N% zZn1wN_h>K9a2VjYAt${+xx`Dm`-lPY0Tm zRp{G`(uyPenu-qJ^_^~5{dJQgf<;aVKdcX%SA&)Mo&eN#deTw@D44~Ar&-{*YA4d% zf`u@ac=Teh`wgV61+8x~;xEo3dg~(>hsm_>G$EK@s5+YMdq7Z1p(5w2F!MBMeV7MO z#1ww`-a{=gSkTO1K<_+jp?U7pMHrQ53v%&iEqWWf!#! zL7^!lK06MT&7drFMC7&;E;OvgUFsas#_vDV>nqTvx+@^HN1WHDz($T(0R3p)TDdh| zWtX%w6m3t5WGNPsL`wrP*VvrASW&lFsr@sXtT)x6KuqO=&d37SK$zrB0sU9T2|)x= z+v<0i%ZtpfcxKGEkRRah+vYqu!t&D)YSXNRMu= zI-p&kWW?4NL!zHPEqxJI6zFD8>v)gxD`2?xBF=Kz4->gFfiWJwfq?+GOe5>mEWX+T z`By0W{z0h?_t==~WMIA{W$kikMVp<%sxq|TfF@I(7M`Sh7o?%wJa%SJELDW-Ug~UQ zM$7s<6@9T2^xO2tBWFINEGrIYqyslMd98ZTox%(ni0k=1_i@Z9M@YK3OuB!@l$s^3 zkX=n>>krwVgAOdym@UZ#Kg6~cC>JresLAuVMhHu`T;d&4gLJ1R!{>hOlC#uCoX%7L zl|?0hmKdg2H!6z#AylYpo`QOCFHBDa2$$o_V?5g>M%Jod3K`?_OP3*P8()ew)^*iM zU`xRmG|dTP13%RSSyAI|91wsV--ld?Z+>_9pRs@nM%2C&K|SF5MY<|+cg^YV2b6$*ub#Eh;4${+?YVy zNh){L7n;A*J2>DgbMJ9W5Ce4)`Fvw%L*dCoNq>7ATXNt-#v?Wkjmg;&y~a$a+E!mq zHF==yj>TZyUXcI_eMLt&SJVs?`iKeH4^J7K!TKRx%TI`&cC*OHfK^;qixv-q_RRPb&PhWF z#r{r-1C?G=uK4aCKpwyD2mS4*{L#5aLyBA=xHYn+-3kC>4AtC$6H%s2$3} z;cEgK0xiK4$FJl+jFkePdMKB9F@U|#S-)qfBRO+Va~gD5B}S0;n1a_Qt!lLlM3Zct zhCdns%0NKDv2nVP+36HJQVw_A$QqI8<$3xZR!23;JLyov%;4^S5R9qleVA0$+bTN> zjxF@+Ma~Y)GQc3lgq(vs$RH}2Si~VT&dOCgT-VCk>d*Fv&ClI2V6hwe;8;b{)5cyo4cG|@L60yVud5OA)EP$>z1 zj%?$E3_q>Jh`*1vwZrs_36dwKlxDp!SVsrG>NTceTXMv(GcN?S`U4SPC-9LC%hBm@ zdYjqFj%KS%b?aq+i4bCsiO>|64J}U3HqI!wIFmTsGuQorWY)v}v=9n=-*P7(ptn0u zbjmAb1|$WFFHVw#pQk>6V$I-su({=pwD5Q`tVu*fv**_P-UxBcf ziv+iUsReKt+XEe-DOe&yY`jVgtUHxNf76cYQ_zdh6tEJmH1U~F!BBZBa=7RHR87M4 zz-M-F0xI_MZvkp8SGE5La=S2)^8lxb=l-cG1Sx^?yRCOOSdV_HADke$2F)4Be|?lo z>4OXRG}#ejpud^m;*k=+uZpr)xlG?yAzS&&iUog4>o+5V5FKH)LF_9A?eGk+sH$2} zhhaqmNc^V%U|C($LF2=g8p2HL`gWO_mcI6e0#b>4n6_C^Ut<)6#Ti8s`+4Jr9Of;m}AH-CO!&d4)zi1$%f z{yI=$f=UA>D>5l(D}2>t-V_QepMAYxUO61dHpCy-z8Z;gMk2! zUw622;7SgPe1Q5p&SC8&7@94&NRHIyd?}Wc6cOt;c*8s?&bvsssm_kIpV2&=V5_ac z8)5_gn>4mqzzCSQ!y_Oe8?@J#A(&bkOo-S@Z@uxn!VSG1Fj3Ik^ZB|}0TZ)x=l+&z z4Cw07YX)rdYj61QPb(LIqHZu75LU{VKy=5og{JR=hUSxibyqo`(a38qh9vBVmgZVX z+0zR*Fd!JHo8K@su&Y>=Wrl1hr3nmMFX`AwK2C?f6@oy`C!SoZ^LKf=CPSE=Cho&Z z9-ayiWjp??aQlt8SreOBehgbp3uoj)Wvh0l#8zks9r?4DCSjXQ?Ptyq?Wq(3M!?MP4@U%=i4`HJkJma1<&6C7CvouvWaw{1-5{ zt(ykG$8maD`2a9xH%B`{ny)XK=W&)e%EHeYWR7WW*eT1Ja(o0kYf7``E+DS?a9clG zVnRG7=fR|<_1g1!Us`d$Rl&bQL0A!{r%yQ81)_yO-U`O2xN=8RfDn~=SifJFQ$**| zh<3B-8B!^9&r2(bU7}}QMFTB}*(uZ6GvZp=-Q+E6 zl@mWjtZ)%%AvEcJX781%4yygYbU$~tj4oO@3u{ypsJa<6pV_ibLbla_GVH<^_WB5L zv5*mPNTCOkK6y&lEVWr4LM_O!+YCrpCx{H?DB{I{;JA#DKmcC$L)6_OU2orJ!&cFk zP;JAZhQqdr#**dFb_xZ}sxLNCoY$WHBg8XhfRB4MkhAxf2phJad(lDb>4$@y(+9;? zNGvRw#AE^NZcqX!_#S5u@)}p-Nj?H2LGat)2o`bZoV}n#KwiL1eWL9ymr#P$=xnjW zh0p7=P$C%dUf^G??1UYxaj{4f$@Wbtl=1jw=;{E_Tj+K7+DvId)<0rCETc=tKVc?= zykvc18{oy}J^28jT6RARN7Z<^R7=@tW~4f`OLQ$QvP4!yo+^>kK8cg!+F27vt@5xD;+12( zE6Fs2Knb+&(d_4CVAP}jo_G4Q8Bz|!RGTQwx6tavfOqhIpnO$+3tyc(rCj@!r?J?!-ue|)mECPj&7 zkayRnP25fFaALp~piX0+Jxp}20!vyUV{I4`JaodvzPa>Rjf$zkv@RMafAkdNER!^} zCVyzoOjKdJRSLhf2rF*35+}OT_@t8?-at;F{GybU&XA=OQZaT~CYn4v$Yx_)#!=In zrTlFIe=dz5`eiZ`f8yg@SkE(D>=rcB4%ph@rpf}uM8mI~0L0x^u@g{E%PdF zt50zuw9;|W4K;@qk}h`2zq&{=gw}nM;&&hs7FwgS(sriVYMcclwpzLT<7dWzGL;gm zoyJ3P0;ztK+c^i-`+FK7^=gPli8Ot*(oBytxo>PcYJ+*rAy{40oe#RvhbX4`(zu0O zRW``@gqccy*_x-AivLKP26RApipx*D=5#<@e8j}uufpPxL!orG4~|}@!n&NB3<=*O zqJw#p_8jN&S<4wcd=#~=2VhQ>Kc_LJ(^#7S)rG85<;7n;x=3Hv<|ahs5tukbwg~-r zS^qhF>8COyTf9QNW{Iagu${3u@y5s=3qIc>Vw;koW8PFOtLoTEX%!Q{U)g8 z2?sAF7aqvPoHcneAD|2}ecDzG={jNZC4KyJS*rth>KI`6AqP zCc}!6FOB=yv}4BQm#iMIu!ZWBL z?SoR&AIdv&%-WUd6yH5t8x&HO)g1Ae=wU7jiX_vKx8be}JyzbwT@Q2YG9_8XMXvQKzG3ob!lv}MO!uYJ36idK zLIkwQnJ8B+bP*^7|H#}R=x3^{5cKm?Q+uXR7*|?XUB)~$O1xx9P9qswx4XO5I3?ml zzEvQ#^@~D9FBdj#8|X@DO0|Rp1MJOnD9|PZbsY7l=S}@f1km zTLY;X@uYN3L=YI8SJd23`|QSJjlWIQzkgyz(7XLeTxTxHCxNz=kiq1ZHqTl0Z^xXA z3B)jd5uqDG>O;c+RQzb90UzKvB#hRLhm@xSg@OEqfUEgUSGKD@$X0&X>7Vv+tfHMs zaIa|K9?BW9T2a>MyD7Q425+|$Hpgt4l8!1xIdqhzwENgcPuCw&fZpi;1(Ehz&wUG=%dyT(tv;(ta!Sb6IiaWl!88#lol zP8GK4LQp$K;~d9WxflaFlQyNC#DRow-bxUo}!? z4x-Yp@2sGop+t8)+Y8<2rh9)OFM~N+ewM7BPutq*6ckn~`1#q|T30?{cqAVISY}&5 z9m4nozApH#u9J^?1_GKsUMOZp%%?k{q%R}JDI?eH4h*#ORB!iHYZuPx)B_#$530^+ zRk-P~97)aHP{fSPLSU&f0XmI@LE}-Jzv)AyY>m#Dso6kunRw?JB2r3B$%imZOXwdk z++&?F)zbxUC)lwLPSi4=;a1OeL+oADDIkoa51{_c#FG#)RV7L}C~Xu*iqju(o$Da) zYdi^KMd*;eNKhV`QT)7*1fJoD^enZkmKy#m7wpg9XfVKUQKDHw8v7`WiBv{8cdFAD zG+O_WLt1_GgXxooVF6Ikp?(b5a{dSzaku#3Pk-^{LWm1-_xr>4f*_b1(e5k2M|=jU z3uU7I2%SUx=I14=fQ^p88m!^w_x(UUyW#AryP|PhcJZGgn}(lWezk^1Tp`+1zJPHtV~^Eg<4uNv-EqZO`fenlXSW%;z%m z0HDV6Z{sDP3*cmn3wTh(8v+=P&lT^omB2RrLhVay=5G#!`r5mVj@pOJGS@-%v>d?I$(HWDD?0 zAZ~>f$=)y)M7$SacmRpZaTdMcko<)!5(LT|(Vqx$pvkBZ#KI0EWbCld6R3GP$OZGf zlNe;GYv+{2fVV8jMmjd*@0%VeFd>^Q^+7DxIrXP^nyZn(jatKQf|iY%a$Y#JG*!!7 z5VM%fAUz`)B&kBj9c4Ac5^dl8o}ZQ@T>Fy9}iF>hj?=03sPA#1F5JCwuRjpce>K_{x zFP{b$El0UjM}D4=ENRCJ%D?}W1f=5L6 zDyAk{2ch)2a-Y`lG5ng{kbnt=ryEMGbeIcND3vTZiEdN6KRstZZ!UXt&eMv%moqh& z0l3$=E-NoRF?We{N+nx`$u}C7wwx0!Wv`^?3GG^oqBSB9)YGcw@aj%}8lHr0g;aCV zWY8}wN!)Y$V9x{9I+h@ja#uB0^M5%D!k6=1bXAWM_}NcB9eJeheXel%Q=sj@0Xy70 zH17Z$oXe_LKmiY2wiiQ(50rd*Jf&+?fP=yOsE)ujr!_%b4@O4Jq_nydaAjHB-eM~q zJ7{DDX4XVJX~$Ljd>h0Ua5*@|qT2C%Qk^QwBFO#PH~}RYdbn1UK1dqi&(EjXjs)gc zlQ{+~IN=!8U@gN)1E%feMjaaMep-l)(V&B72`nEIBlH%w;Bjp?4VvH52Mp-uCfNeY zwkHE0lj%X`6xmJ|$K3fGfAPdQo+Ujziq%~Aba?aB&YOw@QRk8p_4BVsJ}Phe>9(je zhta!kOzd+hfn5;38jF<>HUO&drC0{Nk)J*H7yRZg)vAyxKtWf5)JM$LXA|K2R7KU- zvR97_vwc?#4L_JmQ3P0R8c*j2hW3m~3M~ebEGo|?ajPDe^^C`Rse0GMZTl2>ndPZV zi2b^`*+~bFvniD;E)zjbl|^XxlZqBV{4pU{; zIoi8_$xM#dpPKLpF3uVICQF(BeNqLn_S*yxK27tD>Ix*3Vsf{$+2GW)BW>`HhH$a5E_ z-&t$WMJ2YEX`CkUJ=7b#vxc0eJ^}NaK3(BG^{U#kF7HJ%GCoD7YY+UUf}?*tgy+M! zC$Q|2KS!?hNdXsqdt88>0v^_{ou*eowZk`^uvbF*AJB)7Pg}4Qw#*x9a8BY?%dp=; z0%np?1wbFp8|ys;0Zpy)|=@MUr9NtcL4KY--f?FFXm@ou0F0U9npY0 ziW!VufOE2^Pn7j8@UeG=Kp&UO=$po)Mkv6O7&&S{Uq-oJ0>9xA5VAE8|IyRZ^4<3N zMj?-#r9UnClX;Lb-Z8>PoJ8!CCX&F$*#Fa#hh)-m{d9}M2r(?7IFpc#NHH)N=}KBu z2@}C}w>U6_9dw>XAO!R+Z(%_a5|&Y+dZ0NCrOe29G5O8;%3~D z(%Z($=q$P>fJq>N9UlF{aQKaX^(y(wr~Mt`;_r7WR^x@x!#xf(@(PLHl@N>1w=`?b4Q{62WS6tB_J$xYbT=4DPby`A89*%N#}U-+OXgJm&@7@ne%4~y;?>l2v0 zZ-ttDfLoL@b_LD<_$m6R2CKrl;MhDjkw^vw)hGbr1x&kjnJ4=?!k15p9MXZ>SO38a zql|3DxiNab&_#yg6ftD#=Ku+6N{5?u_0jn2JKbsr!t7wsKr;gT#y5spa&U{ln^0Rj z`(i{8s5)dc;I=C8ra!5?4$RdWXgvG;@T|>86d%6H*LV_K+(nDfRlqRj4~M0@9s`*l z#CWDIS^65;3RR)Aae#L){yZVs`$_2J(0$b9kj zl1l`*aqh5u1t@06J7&gkMxQERi$d*j!h#^bC`6QCnJ=LOFFP05`myWsi0jmN9$vL~ zoN_NdJ!gmWvs+XsEepq*Ex(mZDE(2ZLzSErKDYMbyx>!6ww`OCb~IU3Uwp6bL|KZ+ zlX^3Lfyg9zozbbGJ`DC{;D__ec%H4}5gC*HWw&`@%61^$zJ-K_E06Y58y)^4xxi7D ztc3+m;DJM`_TVQr*~$LP(@N=F=>uBc8!A9F#ubBg$^L&WD!1lvGm% z_-@O7ikG#Gux>&uFp|t&s{mNi5C`Hg#wQx8fCeirG4w8VSd4)AqnX`KCGzsTHL`s^ zD;jgC%mmGHFo$r>>!x?()AQN~=FW%GmZlR}<^-_S74TXAIkNpVw+=W^%x3c_(}qd3 zD|b_cLwMv7PoFH0@)xIC^6p2r1}R<)a{nR^Bzafu%A9DGNcd+LW28_^9RCKlgj0vz z1JD;Yt-xDrDnWrV$i;}$!3@8USWHq1+!38YJb1@&vI$A5fjU0a$fToc=%`Bk|=L|lAr+vbW6NQnd3i! zX$htyLOOM*I3%C#-ZgCxd|eQLg7P=H)t4-OxFLMKQ{#K|Z*hhj%{% z1f?Oa0(zvu0BhxFuj}P%_MsW!_g)%vvQv=?Ce9ZNv>4DY*b& ze@Sv6?4hUf1%PN}K|s?F^~Ql#D9htA(ucS@ah33f8nn>iy0FWn@wj|h6>I{P6B+jf z*OajibqO#={48LKIi^P8`|I;!^9aKvpbpZX4_l(56 zP9GOw9#1teP97iN$$myHq_t_7$p#&~!K{AREZveg<8k@jxnh9tNq`T|_A z3f%Up3Dp)#>1NS?IjA_xK|;)l-TVA?ySoH}s10%F`5_ODWt}x7J(~%Zi+ep7LGTIB z;J&90U_#Xd?zTJJzB`e-i}*+vmXqxUNapge?72d^PoubaalJk%$Zc+{Hz~@rjxL&L7?1zX4kS z+4HO&DgPePjz6VjAjz$Yr33gP;pL|IAGh4MJLvBALum_XbiT7?&3Z6pYdQ0D zr5!L~JVA$dF{c>t?fqVI-9ZmL?)DGdcRc%tcLWz{z3=w@;Gd`^F~I5`zYd3^8KD(l zps=6^qC|IgMfLkAX&oQL;9o<`DARh^$%PO>rfK+YXg;q=oS*sBS7!!&tY24&zkAG zlHCq-6twrY^tUx_(T}w)fYf#@m?B^;)D>!9TCqW!9Wnz9Fg!RZdTqEgDs?Pe5funj9b{Piwd3b6;oOVRUq3mL9_p@J9?Dmu_})l`{=vA>G; zxV(F@LvT#f-uI_ho#OtH$~=f6pOu`y zh>j8gpUZ*;x@4=4Y|IxU=Abvp`^)V^i$D}&ME&wMoQ2GFP|Sq(O*=Skvj_J_7MB~v zMZOj|(t&*DarTH>jUKKn=}kO8MQ)B(v~7+!#d7q?7c{H926}Q!Hzm(t1@^Ywuf! z04ff2Hmm_uNt_%I=a^fFBU}nW6m$s)79jc+QGPC&CyO9%3nf(5QUTboa+%6NB)yE+ zsU}B(g`Y%_@mX=98GMNWY%eJuf~bk(>HQp}r4z20(3Gm*`$TN&qIh4NBr5A$gL^?Z zMXB$+4sM3^stxn1sN1SdQDaO?_j+qB!%k5wQ@6BU?`YhT~&B zU(?PHNX{qbg#_40bTfd?=*yoE$`Nj!7z+CBpP%A=ePauSUgR*BrBdU!{3WIpq*cw< zw9!=39mA-$CBmQoIWI zBPLNUo@q80Qbb(BlY`Njw&I;Ca=K2$VwguM-mEMhLP`$br_xv z2POYS@q)2O5hP-j1NCaYC0x7SZ`NUn&bS&Bfl#QHWi%$nUeZf=6jmPA+IRJ-6Z+Z? z-jkZ=?-vW4r)0)UeT_m2XUvPq*mC|{-0tsE57&VyfP{(T%>VWL@G%6rfz#A6&NAq(q6mvVSTo1E+{sX7j zr%0YqNEmif%x|x>AQyYFqhD#z{&7_JQ%I?-v0s?j{ z3(T}U)s{WAqe{;OixWPrP<9A{5?rkMh*Typao|%GF;zR(*)lofQ-^&)fj5NE`bz`8 zl}ShDHibAf2;qqp-q*~4mHTw#;0v%lU-ra;=K!41J1URcOhz@G+>;q~P)Gg;5EXA& zV6Ut*zxZCRRlsMf)2bMxa=jq5F6N8pJbUnK7Dt71yJEQF@RAT8eg2&l=R$<_Tsl?Z z^d;ursVNtYzGd1_k(5!(IkGcAJ4v)s;S?jIuX_Sx$;=?TvB{+Y0AbKOSErr**Qb608bAiVB zOOhuEJJTVvn$}JKky2=9vbGYwBACHcZ2kWAQZ?0dTY>GS`n1D&@%Qh-=_DVxv=i^G zGqkFAU|J~YaLm<6^@p8`5>Kzfj!NGnsr^Lr;oA;1ZF-Kk`t8g532?9qIJyV;9!v}t z^BoaV_VIHU`s=2a)W=T!4N0^tNNFvPF{9W*4I-2Sx4JpMa5C)maI&p74GlSM5n85~ z$ELfeJRHB9V;YB($1eD_Okoj@kpwao!y@ou{Q%G>2!gI7$iSa)oBV5cyxtd87;4RZ zbx?UmZcT2bPA?BnF2Gna??PHnup$Xvf<4v&@-F~NIVmKOzA@tj-6l^+{}{u(lcm-{ z9Oa`S>*K9#-P()Onb8v6rR##Wt!zyJ*1rob1xh^Ce7LlAT}BC&dX#)MC#taZ-1SoA z54M@mjfp~HzQ*r5$buXK`eDDsx8bM*$>h|SN*M4z3ic6Ze7gHyITL?Ltvqf|a}dkS zrx&CjuT9ohCQkK}CXkI{iY=Q=#)RaO8HO~G0yh#1hfJ6(UZ*%HkQ$78wVWS)xy0dmv&9)KA$Cn z%N)IHgQ@xR8#BMn!8OxRh>cwb@bJaVzttl3(*WP1gZ6KrD=SYjP+*Jk0eHRW`gtSa zx$+5ocmOVRYEqu~lTchR?%x1vf`Ht2zF*&T$nU*HX9not(GmxIqM5Zg0NRWg48CHI zp_>j5w=6()Y-@Lw`2H4{pZVt#rF{t?xxc)uesd+FRyLCf zdVNH?EIX5XAUa`~5vBX=g^h(ou_6-}r-hM)8KlVYhaIvV$ypAi2ZIK5UJb!9LY@Z!N zF}R-m#Xafk8T{(G|5A9dyaImE%r=F?A6&34YZ6lz-V-uyVbd}veyXl(vT+aOw~G(w z>l10zIw-t(w(@@R!k-Syr?90&w5=)|hTho^oz%r|ea~tf`df1f`;0mewQSl%B77gW zwCDVXIu%w6HrmYm)p<^SZZdo4FcX{#Tp$*aDb#aKg_wDmlQr?5ikqorrNaR{hnCJ0 z@_j$~Lq3D_-zA_ap5e`Wzk{Z1DOvSisw6JSJ3Ql*v5GkC`xdkve~^;h>zM&^3l1b- zP|?wAVD=lGy?x;og2V#WP=kvIewZYDDxiOMLL7N!Mo^|Wp%wg7>-#z{+p5=rHq)Tu zuxShZ3}3*#c|R?ne@kB+@PQ_tWNoHRwi6p^j>m)m>{)c73p%J#F4H!{5Sm@|Euy5I zRK;i?198j&1QxM0-AuM4wNy^kz3rzNbU&}!(y{RU_{xThks4l&Qjne_K-LPwS7{Ow z7iMl+1*Ap}Tm8N!52&FK(EJ3HIC|LmJFgA=hL-tJcXdDP5Q}Zt@GQ}?YZ0JsbT(^| zN7w|v7@CSGSN(|=%#gqX&Mx}8+TGU}FMu!4@&Dth`?1mk_pX`HMPHjtlbAX*r;EOM z2xIqfi_B&cRBOyt+h17?{g@$Vk_^1h%r6r4j4jjQf2=LD_ph2t6&#kH`bgu%?5wS? zr?IF~EIdshjZqa;ao!e0OH@to`HOLLVcy914VrCh z7~0@mx@bi*`R=wWd%JH~$t^PC6{}76mN$Y58&J1@@)@stU@2Rle2`|$+elRQN-w+z zmww_6w2}qrV2fAP5c=w!6j$ZWDi>2hdFT(o!P_+kX9ZRLe%L&PWQ?sOCH|R{5vrCc zirfl!Y8~@Tn_%)6BDII_i>R~jM(vj~-#72CHIBDX_v(?3<$K9Pq?HfH!tJU^KDl13 z*VWjD>V%bhbFSXv!#2n)O6#U#aM6}Nb_iaS&l)B?+C|KlH4k^{v7U$+IcM`11=kwK z0*xY(&3Aw0Iioqb`g9fz&tW4<;PAEkUfyF_8_y66@$8Yru1DXemnNQt!XVrRM}aoW zMXTE9_X$(7sVLr%v#|C!&laj1ZC8=RxUs049ozVCMlO&=m2DJ`EO32%h(LR-wdQt$ zq9mLC7~0C%rO>!S+|qC(AE|%h3a~x-1e_7)x4?MDoguKXEcWD zvaBWKI5IEqv@mWX(Xd0z2gj0qibGG6qXV7yqx}*nTDhT2ED5EH;3qK)vmfOtKooJ& zAEQNJ(4sKP^}VHyH0p1ftP6@(+R>Ba6WiAC_fMfVC@v-^9hnm*moYqIHLFgU!gpFR zWu1*F&3l${ntK#UVk^77A#=vbJ~^t|O*^&b`EA}cnE_*vC1tH(9#jYSExFRzRppt-9Mg*%wl!)yQgRCiL8prE8#MMB z?Aym;_-`tRubfv??r@BUA=V_}!Vs@o7)H>=_0%w3LkwOtoO$qv*eLHK#$4iY8U|6P z(vEx-4;(6dC9+#Wbj+&eEn(46KMnAjbTS9XZ2lZ56GQrPf zKId;aeTHuZmv23N0ZsVWYx7sb@@zzATMJL_!}1V4`v7@md2(Z~ow58t7jb@gzSLNs zPTCXYS%#0vbkG7dvkR61 zi5?-4uoDKyw#Z>4mN@EPT-D02n2Yd-m4A2rRm}^OYX-?31`h9(KI|;I0^&zKdm(@Z z>;Syy4IKO`A@e#|+~o~B%t67-TLoSsRZfJZqzeJq_Xqe8_Amd5yZryYL~s7YCzaS=wJ(WSV-*H@@;CBM%09Sm1HXSG%Es$tXL z=&#r5IO&Eo-Pwp@a_C|_M8iza7fWgklfZS|MBpKNFz|cfS?WXI6)|Dmf&Z_G2S;r- zch<=x28U-X#i_syXSZ6qboJco??tdmz5gsNbS+F6wsVid0_t{G+2w#EuXfg%1D4RT z+iZe*q$$sHo>;`q2Oj%0$>o`l{Zte004fuLi7|H`qNIJ0&Mt3gt_F$l@Q?8RKL+1= z$LbvRC8 z3|C;EK_hT&)4%h7hbZB90d#w}-@rT1OM%|*_0fS9qKktAjV~W0KwrT(23#yZdX4W= z$gg|qi@*1Q1@xJJzBEt&vcCK&i`0+-HS}IR$a5@X4x;1srE%}aeF*pfPMZL|HIsnP zd39F;L}#=+Kt2ZGj&>(KgOiOB$7U}R?FD8CpVO!mgSphsU=ju|H7l}jMeodOr{DRv z{oAKnG-CzE77e_)PP-C7dS1QjBR;X}eYTnUpz(bNwte~zKZp4wRUnea!csTn-$!Jc zCeS5m9(=P0PaYImeZ8fsIU~8F`f<}~&DD6%v}0iGdS2Bm1Hk`}#thKgVNLJCpZLgX z_txyoN{;|l4jfCzz!k7`@NaWU~0{9AMz$- z2+aD5+Ci#qeR343_du_-ZnlWXRkC?kdxh{f9?w2C9(>1IhJZb&kt2I7Wwcr)@mlYF zgLdmcXM2D9-2brw-ocz?4)X{ViW97@ILVlIEgT`Fc8HHv56O&^7SzK?6D_a>5@T{S zF-x5JUY9EPgFPf^sSr;O5t8$!C!*27MR8VKut~veDQT#^+!@xFct+$e0ts|clL}fv zVOS|8jFBPd?sV*Q?3}V8t73FsqD7pqk3%p>qX`0goO`5C`oHeo0Aed>z%sM=VBD(& z(3IPe+P)(G>w-Zjn1yU={dw*8zOA>f&y}sWPY%x}@StVB&k=7Srf@O6KI4Fr_AB=F z-`zmKZX84U!cMPvTHD;afWPbK{WQHj0mI7ZtjR%BLQuz2P{r~=lq$)Oymj~V z^>S(PCdHg!FQp(R5hRrLJ>3fLiTdW*KIcy=)-;z*>{ZYbVs)4j_%_##m6?r=E$ixgI zbW=YyT20`(pF1j^L<8cvpD**B9+Ogai97&-TncwVR0j8kHBqw>iNkKHQ60spV!N3& z=<##)xjVnVy35uewwBOsmc0a(tRIqn|K;<4(JzQ>THDY3ANp!`ail=BaAySG=!Z%n|$Dj7U%w zCn5rhL5yHN4oqmps1$0z*Ee51x%ox1sz$h>VylsZ*u=n%zsuz%G5O&o}Fa(YKTg6 zG!Ruro)|#d0NVvBd;K3fRcP%U@K_6oVL7I~GG&MfPY=jw%WprqM@@|RdnMwHcVNW# z?;b)Phg8ttobri0$dYWfQP3WAj|Zbhw?ISj5UCUOl9_r4F>HHhtoarqz8E=MfAqbh zHP|w0fdLB>M<|rD`XuJ5YH3jX5oj3l0&4^fImF-lGK=9gZ)Kg+uKMUCqIx)kn z(#KhC>e(4`^0F#r@C1&_ls{!)p~Ons#}2%pj$%lQ802>DtRFzcCVGtqr(?x12D4Bj zXhS{$;iV9l=)%KFTj>fZuU1d@fe0oosNtsR&KV-j7DKPFFCEEx%7@O@=S%=mn1N3q zmP{DE_39#vA!j%QBjI8=&=$N$RD|1&q4xfW^u$h*1dDe7I|goC=pa3hGit7bIfSYb zH^PG&I*J!K53#}#fyqh=3Ijy}Nw+OTD$y@UDF=my3M^FEEqG{70&$nYGV_V{U2nK`D$z@@Mgm`cgR2|$H`QYBXN{bwI^gtu73Um$60o(WZ$cM2kCpBrrrb2 z6{grit7EE#&-dvY6FjmK2{r4%e0>pxUc+nZu&`Lt1{RWZ@somR7xhZ2&QH;VAHQ~R zrKtH^?(Xi{MogSM-#-1dfzziMy3%XRdsWX;7k(m8H8j+|Y`9$W-+=1m{305=qrCt& z?e7<=5x*4^0}+E?40Sph)pG7<#ax-8$-2iw*G)Hkz{_xS{EqKQp!5|YM`jZ?^L0A} zl_)8T^rzqb{;+!QR`^#)(Y3@=ufZgM6DA4%K|e z6%O5p*{mP9Ga0QTeTFIZ~ZIM^KT>$D3wxy>Ep z5xYU2f_DBEfwX^)-XB-9H~LR)?ema(4RMWpQGql%`iohStW`+e=e$Kj=ii*`Ny}0~ zukDPTdC(*XO6zhmSYnJi=%fbFIV&=X&^Se0i5|k^Ns-d1NZ{Rp2*7#z4*W%m4VK&L zcGoL4H~JlWW<3d`$X)sJSD zi;tgIJpA^^cd^sCp&K>wJ!yNH1nhWsK}%db0l#If9#wA2^KC83pGU5S3(W;Bl>j)UARXlKmnD^2UoN~5C#vOy9pWH+%GUhz(=z08D;vr^Nh(2^L%O+ZrFPtG-+OE;&*ABH}A*d}$KW z|Ku{p@v4xL-QaA;J21j#%ure)J9%hA#2J@eH%`}d0s0Adh*FT|Y7=@xe>6`JenXj} zjNE@}2N!aasK*WR7!pFo+WuwGyd+5n@Rwh;%p-G%L41(A$WaL=VEhc;&k(ps`gva_ zwB0Zn9fo>WFSITX0|$Lx#1%>}t0O`aI*(We&T&?aQ6B5SH=mQ1I%>ml6PVCYKORC# zXZDX(p5mXtXpuebqe$^j>2xzjL`_^49(>T?1kpfo5y7QpseBr}mQt$7$c3vhCIx6o zgO78^fUwXZhgnf&w1R0tx@*w~RCzSe0=ztgqOR8B5z>o`UZdayZ0ds2Wd7b#-JFGu zG0X$GW}Y-~sO4n+l%L8ywCU;?ks`3cq8&xVHoTDZf6lzTySD8_qP1}^JB4^17a6u` zEu$~n)*{T6K-wF~CnPU_xP~l>+z1F7ye&N|!c)Z9OD&-6|~2^#4cL2j;Ik*N82Yp4aDPuanwt8Ep6 z@D#|iOvOk;{umJs^AgNBnsQy3_O{sq`3o0I2hwZa-L~i{LsCyUpX9ilhcr;7|KIlF zm;G-)@fNSU*bwoyB0-a~--AiDBQd|`j6$h)rPYgd#X8%xGV01mxJ-#4I({`kq_iw5 zUFcp2p~^%c|2C-D3_8OHmm2~IFK)QEJztd8`rqtQJdOx$BB;B(_9#hRjv-#9bAZ`p z?PA1dx{rUN;-a&2MHgojD*hs?By;M|7>K$`Ek1}^lFJy{W*PP^E7N{EWEqW;pcxnM zTE~H#(v&)~B=rr(#b6gD?GLcfZo=W0Qpu9ewTe+jgQkE?O6ivPw8}1~C)G4)3PVtB z;3>LG2n9{tgt^@zJdFu$R9Iq!?vROKUSkeGrfikhX2q96iSmeX@gw`Gmeg@tAFPjO zwC$!T{H^|sIwbMFb5`HDVZ0X`3us57YD&=@yrq8vbbjbP&9#3>>%3E_cg5d_J`99d%wV>8Rt@Lrdq;>UqC(ljM{Cn2g?0tu)B?18O> z^4IS%m?)UuK-jou8m9y;328F0&j?!d3XrEfMrJr&L`$#eMUaxvl+V0KBqwoBvZL!I;rds65nV9s+2{8;Ns+-EqJq6{IGr+nsA_Bn!rRd@#Gw^fd=ekz0QF5^7 zD2L2hctcsO&=m2`L8tfoAs#{*fYPCB;sPP4pow4=FtY23nvJ^Bfo6Gd9Q&2#6!8!p zF_auoOw0ww_e43FOk&h!vo>tBpU-zv9g;f4%6{rAYRlk8^GOn*Ng=`;)U+0P$4vJn zK@Dm+FtcUcEMkNADKxAFbxlt^h^(|^7!P~2lCwwWu!eYsg)++rAbOaIW$Lr3>+$;q zx}s0eVlMej`DDKiiHsrCdK&x*QP)lxwU@lrSK@`a=TV*Y_87_OcHa2 zM4}Ma$0^vz492DR%N$`gd{Or1Z32N>WaUZXN%BiMr-mCPZ6KvD56d~`YFY_QA@4^) zHU6Vjg~Mrm;l$!rB7HT0^$TU6gRHW%3p0Qu1Ui@{EMd4w=8vk9lv0b?^Uy!%(OU|6{LO)ju%NSB^}WU;XmsFMLR$G?HN4a38et)OG?U$-i{{ z=ukSh{Z=n{#gi7C7eqRw_L8xa>?{^zZD@+25^kUYRp&LXA}{bDEgl|RiDo3#gxe$u z*x!X3?KP}euobOi;h`_7snA_gjnyh-{X>Z&n~ik&;h+%hjI*J9#X@Z1zVsfj&);&vL!vpuqd>zh>{>_j8|qv$AvtnyZLZ~qD&MAW+XV>+ z_Ji`U^%^z<(VAzoCQLXOv$kJ*Dv7gG1EgjeksSEwLjDB~mXD3^>w?COf0PB$mjcoA zo|9-%NXgW}I9OEy?tA`Lj}zder>A(!6>uWqxpAsXtN!HI)N1ru@K|FuE`x;iuG395E^+0|Ig$1(r*EP z)SVS?fiPWz@AW3{Atv>f8JQQKaudW#PS%C*T0kXh+9;6$DKt5NTCuVoO zIN|(kg#wLn_=uY<*$Wr6=|6089%;u{QtaEdC7?0sMK`Qc;RR%WShwliP|(I$i`tsy^aZWiaqms|K>jmO39@y{NA?$*d|#;ySI(@Dcw5 zxPH<|1~K8M8RcE-&wcgO>Nge%9?{{^>(*lJU3tVk2$nFj>6DId$UfDIUgXC4n(#eH z!hGK)*qb`i8BIIDGUr@K#JKZpNctlc^LFOUONl1w)w|X=sx}emFwJnI@7l8_&)*i= z?Uz;3S9e%$@Q)ku`(ES>smtj07TC{9qr@gk=;3cW=TirkQ+VQ+&^eSdhB_gNx}R`a zAMuazmQK+1C|MjnlJa%b-Z!(dFDVrh#a>otGoq7AFmx-82$Pvj)X=(AG}-#AWUTus`NqCd1%)nV1|YI*d43Yrqt?QrnN zlCg=JkcGE4GB*(9)_c~&!P>A3uc8A2s1t~?`3PCgTr5gYmF5lK)@3XxnO7|9Qi{lc zpR+15`YM)iYY@?aD@T+_K`AV5p6eS~)wq?=;pW;ErM(7We|-dLB1ZcsPsGF#3E1_5HJW*w_&-o!%L&MG+8Ph*}7#RW_@maZMj^rAwQ7`wrX1~vOO5$<9o69b0 zYd>2H1F{^wE7Z;kLbJ3GT0+6C#_IwPvi~BqBrDs zSIM_%o53|fw!jXpE={S6==PoG(>WQYYS0pWmEH&du4j#3{3&yhokP+YwuCm+$Ci`T6O5~R zUds2}%W4`UFU=f4mK5I+7h;eU*)ZRQ`F5zD*d-Sy*TiRS6$qZxo~ zdf((3o}6wyVE2;0#gS>7Xf!#tNkQ)D13a_5O_+YV?%Y}YD2X&zn+MamDgHqXSh8*z z_fRY??vqAIhejE9Ka~Q-Y|l0V%1uWAhof$3K!qJU_$S;gHXeYp^E5ZVw+AQ;o(qtQ zYb`qd26W$v6(@PxHDYN<<6k%2Y*ZPxQ)2jR?&}lBD$}9STw^?Y$>~O&g$5w7#=p>* z`|UCy1S&N)EQufHaUq1m)+gY)_>g}BYsrAgJa5Z~{u?^^-(`z$Y$pOa6tZJ0h^;j^Me5+n zHI3blm(dJQO86)nQ#PT-3b8ZB%TCB1kQZj+*JxQzNzaNhm2k1TEhy)<d(SqNL=j^}EC{a2pG{66B%vGK1rF_+hXXh&~ zOf)d)Tjp4<7wFM;)@1aYgj#190iaaT0wrvgc7Oo(_RiIsZtU`7B4dJw7|;8*6Cqup z0V+))+yO$?vKeL~F>uu(3Zn4!HDpxh@!EXK9Z@b7y@* zs+pFywze1#ti&{kSQzL#yQ_E@#+Wnbb*}SG+3VNYRJC>fbmiPp7+@$ z<0J#&=+RWJ+J(3F=zRYl0-jHwF*lM&@p*Su>iDEmiQX7LR2Tw#h8w&g26%<5|(!3dkl=Of?d0Ua=G^vkoqsI2^SYrgfLC zHxoOhZw=fUq6L#imy?EGrOWNb+P)R*J8|4WseoQT2`TN>r^U}e*MXf<_W)kUS@!%$ zHMg8TA2$<-Qv0OFbOpmn(Fbt0mQP;-j=S=vKb^>a%zgz2Hvw)My82eWt2LT)0JG-R zY-`{IEVU}0!(WH2Qv&o%n$0efV$AjRJFm?n&{s0J{B=G|zq-avAotZY`Bn<{6bx@Q z!I!J9KFnoL^2h((O`4e4nMiybv8}|7Ovy)1HrEnq7{g@b>wiDj=KhHwfKIYyP5MW1A3o;)U>=e|2_#g%2NGXi)qnXD9lep==W_w8G+k=r%`1(am+Ot*F&+|wWMVgBf_;9mgRT%-;bPnezZ(BQ+(A&iQrYHmA#{s zR?s(|N{1EOay2%A;bSt?sIp{a8E1WK7yk!Zie^QP{QsPEN79z%p?IjCCuJ#DmMAGC;j8^_@)4TI2C2*P>QgoD)dOlEhldrlo&DcKh0Lk z2T7;@f?7bJza!){kZvoH%S<`97sL}=v|EJIR3(ah2XT}4)gi6H>hQZK4{B%tHrNi; z`_-{o(N(+FOe8k-B={)pPVJz+u8%{96=(bswP}=|!zsmbLVVvr|AAL1i9*b2={+}i zM(x2x!m3+p&J?>SS=M0YVN}0IpD_47F(3Y~wh-?efN;PaEuZov9HiWxK$lLY=KOhz`G56^w zkx>@q{A@X;{Bnz?R+BVd)ydEQ8AO!%__$TMVVkESKud}#s^r=^d4a+zx}J`3y#v#C z=`c{UE0*)(7`0wxhRwSF2`P-}jhQM+ESrNC$=!F+f{D-zCf#6B(a(>+$z(=CIUNp( zAm<8+DkPgdOqtS%3RK_jG%4pJSXxhDCTn@HxUzqDySy$ucKWG*eD7UAPdnw`{rl+{jIdkp6mjnPoFlQL2DB8y#lZa z0??pxV{c<+`82Jd2=jBZqV)zXU8(w;quEn6XG$QH8Mve>6(mXiI9HGHlz)Dep7`fI z-NZ_AAceEajVt?3X#>CIiPTS^H}v<^80Y^)eCgP;$E4EI;r`3_zN!6}?+wAYVH3hj zmQu(04_r&u*n8Haj|>u~B*8q~h6QZZ{lDCLV#+KVHiUlxcLCUVH2&zz5tao;k%A&Q zCCoSK?dj5l7 z;cj}D0yy^Io+<}D^SK-5A7!8Y|AN=+-|+f7&1|3#+$#T;M*jDUyOKoa9phZ(X?pt3 zAP(Q3ymOte2hHWcTyv}Bus4!up>X#Q%%oVqh)cfMaW6|~VdKDmVi(Y;j5|u0gurLw zsHItt{zz4(6}g!N&xWfZ^U6b8z>WJS%F-Qo?33%HqT`@PtwN?@n5<>%XiI5`q{1?{ zX-K1<`Q7bOTBTdw#CY&mWc1W`y0Oj;=l)SQz1*)l2N!rq5Q?xDq2zm$c@n_Eo#0jj zM<3YYl1#ov9I4gl>~oP5LN#A-!qX>6W!` zqZzXeSqvDWm=kT|BqSn{v&1hz4R-^D>yV*oX3Jj`$}{T*8+KixRu;1}%$%5C!G zXT4IG0Kq_us7-n$;L>y{-LkDa7X0notAdj)|3jaLN^s=fI?v(9kg~jyki|p~33L_CCB?Tz@XGNlHJ~N2>FtV!_vbyl8cAR0er}1HLYx+N5g+X^GlP-m z8#M8c{xFA$Hc`d8BW&rZMUq-?Dg13Of<`C!K|*P3TGu{+)|Z~aLhmF|nuDn#d5yO3 zoNAF(0-hB|iR?sb77|o26&(O+z)7T5?~?UO|EI1CO=3lnfGkr~A}I-<6jvNwC7~R* z<30!Y0tEQyU|V{BFdmh(_gr-gmWK`&Pw-P69zJAq_)tW1veie zYU~SEW_Jo_ABGKq6&D4w#<3HKp&v>>j0zjF1ph;G!Kj-0M4g9z%@;L+i%n8|r|qF) z9f~4#yM;kyp8QM{y(W<%jmB#sZI{i=`VlfTN8rR?BnRnGGj?ZP&JjW=`se1iCzuM9 zhP02dr6i9r-$VU$52#>UFdA&Lf(g_*jl_@xej`Jv$N{4RcPxTsJBu;qpyXvcY^>`F zpt5DEvfDMyGvNs=f=uiu=OHCIgmfB?lh7kM0pk5~{SmXLAcD{->$?bI(!Yc0qh=#i zs#N$C6c=T4?hs@~gBsam>OW>n@QJcC^ zm^8~a=BqN7%-U=+O@7Kwn@-p!g9M}oG&A~H{SJMA%{@b!qkc^KW_V^{w+g4r|D`X5 z@^ci%Fp-sk?$Lb({i%sOb#v5`0l5}*^v8@ECmLu43erAcQt~ZEv>mSWY;wjq(Sge5 z>BkKDgDiLSBtsUU*=hB+3gEea+y&yUlw_eIXD; zLktn-glzLzV*iG}m|<3lr%xlOE7ypue)fbM)Sk)ATFba^hUdi^E$)xe2_(r@^87YH z6H4--7z`H0Ulp+kP;jBGrQQq{)DtO6w?ayEQSk7NMKS{-aet&;WFa|;uu(F=FfqyV z3l%t{CbNOX+QKJY(i4^hQ4W1$q%0|2Yh%uu2C{AcloeJu%opOQL9R40FISukH2$|B z$KV)=WQ3UiT3%QlCrHAAu*<2}C3;sAIWPy5pkhcU9R&pss#Ekx^pNM&f~}S@3G`tl zzKIM9l1oE#pkXU{31dDCD6452ADtBn-S=Xru7sh!ECy#-haws^{g8-W-skCYYL}-w z{kc__7}?fs9<5#h${Y zP-vmQrrNp}03mg~TLSNGd~v||9{-!D1975}yDxA3P`6u)Kt7jQ1jEbR*(M8E!*FVx z2M~ETg`^$L#oEmIg~jvVuEEr8{`Ftps+}!M=^Y?cj%hPLkQNzJr70^_>6XPpPtbj7 zodh=7;>L}tLkYRqeul6%*GvwE>Rb1)UQiHaMJ75_#lhO zzKN|9;V3{>Lc)^&$ES48lSU>>Sr@mv+?FSDcZE;qkr!t@#JLG6Ug-tu{q^tpL<|E{ zGB@TCR6+Koc0yKN`fn8gJgl??p!ie0@ToxTQc08M~0>z$TxV!O&7r5{NqP6ugwXCQ3Zlj>Gl@icAqk<`8G;#_P_KP!#h@Ps!5VsZ6c#)) zX{2O~WMmBIXsGPubLp?0s%E3ae5TaW`~AxjrY+d(69XR9uS_#1F$fb!cPF7&pB7>A zLiMX?=t-usKehdCLpdC8z7bKP!<;+i&j1b&g%mO7V`j?^Jc| zlQaB|taAoQq%MWyo4mm92kpvSuR9IM4>M*aqMj4>>=}z@q=nH@?p}D>XrH})tL0JQ z!DIIg|B+J*qjxU7_S;bp7C%MbJ?zc$?bGbVY*pyU&V&}VhIqo-FrX}u0YoZIhxa*+ zgo!l;-$gYdF&om6A*;zrBvUCcL6M2s8%=lhk8P({kqjGVkafRtUMbEazv14@eAvHx zBUPIg0eith_EN{Op9BH6V2!Cn9%1E)cd7@!yoQy3;D!iFn5c%Yr+ME|$;$~phwDY6 zO!oxy$qlw@LB*)1;B(Vt#2!Kp7fwlrtAEWgU)OI}xomtR(sS`v+_Z>V(TEV!3su%XIdeOu<4`#YQv0RK@vd;p1{HS z^R$@omX6Zf^rzSrW+^hddVnTg(vn7U$@2Sg6qT>$n6M$baqVHY+TSO8;g)w7IrIDy zo=)UI_+ z(N+rzoI@Bn*Gl_H%J&^*1mJQ6IZG~m6l{s#AAQcJ%Zt&@|H zAJ?L+x2V(ZsRX_*ZxOD1psVN5KPGwT^YUHKzY7!V#lp7|Y8suMFVI{2T`5SzcmQ#@ z4PCwTs&XyLrGXGRk+w{Uc<(W6q)@?vg6QCpxKjo+8;{wt=9gXj;mty)tyy!(BjpA1 zq1>(9d}ZEFwtZ;#=X<+bFXqWw&{JQ}hfh~Gz@Xcs3Hbj2jzDq0eUxX-+!D+2h3&Oz z0T~YfDh}ZPI(T#HjaWLxnGkk_U?B<|ksuNR%?(beRNz;&QD7-y+{*k`t76O`tydIF z$|4o)Ea8cc|D;YlMRZ4mB!^J_xlnPa`lv0FHKf->t=Mxb>2f>h|NL{?Mxb(E3I`mu zKDhDkcdut5V46V*!l5}J3(jznM?_ms0>6`26c%@BB~Iaf4P@|L(59G``;jVlYOSrc zl$cioP6sOZ>x;kcwRDg#Ni!3t%WzfA7Y2G#cuHDRaR$bHbR(GQ4*V8dLtE8=ggI-) ziD*L5$vMJdm=eyVET>OgICJbS0v5rs%)-X^dI!SWBfY6u@QL z4H@BGQSVS9#ZuA5m}FawZ>dSKC1>JRkmOqd--_6n1~?jolwWUUL9#U^Q7KQiv|OPkRR2#OwRJ%s9fP~{XEo4} zf(o7IQG_m~0h~GYmoLI{OJ$)Jfu7}}zN!ush7i2$!%WY9oBF>sr~Wd}^80_`1w5FL zC?P5Lvt%hzVE+E!>+SZ+^8apc`}x!U{}|7jwsUMjoECNc(;U>XCJ2~oXj;1on`%15 z(f{yH`%VCK90L3AmSu?e@nh$k)}g+H*NkP9N6`%ZC&!Vrg1|`v(zW0E5$+>mP-5c@ z?d^aXfukV_u;4(PO`RKYFz5osk5tVGvn_7tt*Y7Y(|$T zEZD|^$?6I?45iYQe8^Iac3xP@pe@9irmEoQg|Y44j<@rCe|yhwebZ5csApV>-Kg+R za;U9oQ;|vA$hU1~PP2GD#G?e#t$YB&DEL z^`wBXRcZ#wAWr3eo0(C_Tm_k0N(q|wQL(+3myxtNn~%Q^zhwy#4qK3lN+F+$_0j%Y z&+qMe-F7Khixp(he@!#>C%^$2q)`MZvi<`B=NGe>#lxjfuMcmwaNHH$oY28@kh3og zyrr|HYlJj?JX98-nz`r_$dmY{t>8*!#OcZ9)$!RtWzlWSm{yxh7t$oc>4@dVFpz<_ zge~Y-Gc`eNE0XX0ID3Vhjx5BF&knvlJw6&7zCArXKD>H+ap~Z{7*?r$Yc|xPax;H| znF6cND;<-iIMpt(OV=HSO|56rHD7!|{e85t0*FuAoddNyZPfnx=k}(J%m#${m|%XH zk3?}%z;14{C=C%jOi08PP?+XC1Ip1Dt#{TDOVRqzKd)~|YcTXb+--5LWU=%h$g_O- zM$X$}0G_E2P8=*DqliOt@44SaW+Qwy5QQKLm9C_l8B96--;hDZ zG90y+DA{(K-dnb59FD|4196Cr2LX#?0&oXnfbx{^_6lV+y56!4E6uSG&jvWpCM3?3 zmb23CoT4i?8xnDXT-0KHsg)Z82`VPpKpj{I5eu$ao>kgwEVy!$BNB>TfrN{?*jRAo zCKJrLSS*WLY$|uB25(s!4uT1e#{}je3G14xmb!OiJP!gw!o}^Gf-5%(_Pqmb^H6Tb z{kk%6{e#9C8802{FqP99)x(4_Kao8QcIoHtdGyl)7tUDG3O@A>kmTJiw_t zg7XXByUDrzE0wx;W95ybxzN3v%H!*p-NuU=Q^i(kE{yp=DpLpIygV4rvSO2&U#e!0 z{)AMdIFRTO^UcmYxd0e zTjACDroHJOaM{x$N7HswsPo@9U%AWr54A_?!>s?ko!wq#{Xc(-|N1D;-PixTrB$bs z@)u+Q)Naam=N!Ks$5=7h-!gFToa}EI;BKaOv;#3R;i=&n?!F0uTMvPHy?6y@lG|NcALnfXbar87U_z4kAr zwnUqI$VC?G;ap} zP+UaR6s+X)=eer~A?bf`1d(4@I(wT+>#L^SraXv&))?4bxtqe^>pOk__Rn3;|AqB* znn&aT@_%*9{vXeu?>_l|Jjzp_(BJk|s8bCrsAJRwOR5hSB!G3DCmj92y-w|qr(V#< z>~YHS#7P%fW~^Q+FOYnQvLMaS#b13X%Pn_9qHbK=4tr0j7@wZXa~J*(L2g#?16;uW zcXwZu^MCE^cAxnFqdX6D|1&RHn7$b*5{7+^8eYYOJ%khbT5@sp)4FTnqWZl4i|e`d z(>fUAq~wN@TMl1uNIHZs(wu(%mpZ^@T2|rm973DQBnb22uac9kgo}*+Uu`{Mp$^`c zs3Ze+gJ?F%!DN~4}pVpTgafP}P<~`55$GrQN#vzTzU*+^;5xF2Efw3N&IlXTo zR9$qd_Ek+TnDkDjZl!j=H}Ps*ENX_hoF`nj{uK^lgSN8li71NJcqcaM<|_4zW=ogS zCUyR@oWLFkH~XR%&CAIXzs7Mfx!hBFLnAV_y~?e)W$w$9^F#N=`N>i7BF*Ci{*DuM z6DW3%K3cyJZx7Q-A(^D04SQ1EzA67M zyk%Cr;IO=Gs<#}n!*kqY;D{q#WY%w|bga7srn)vd;1#II>ev#o^7v02i?(t4|KSyBxM2NoTa>$ zH1eERi|tffl%@9gDs-%__H}IsM|0{N48&3&6fqtK2@40}z&N1Ef>OqeaRAPwGN^hT zt~xjIf2nk{{QmDxNHmoh^jB=p1JmNo71aIlSUz5~E>G zBS_S%qcNN4k33IgvMfF!Q3N?<<%UD!@fNK4jNYi^DaCsnhpjafld%j6v>{_K=qTBL z-c%VUSPV4=9W)Gf;+N!%KqK*Z+O5$()k*=$MWm{;`rd`&9OfXS8ij$`ri@4erf%8 zpW?qh&a>7WExC1Ia^T7UV{YQec`-B%kmXaMm!of*l<2@IbaL$gN8#Z!bMOjv3ErfK-BlM6d^$f%uGt zMCWapLSW6-C8WO81PmGBGUBJ)Gpsun$o%4@f{>XqIl|}+{PE9eLeR$hT5bM&$eUrZ z`-vH;+bk0L!hHg_oP8vTV9EtLH@KCdO2;-1#U?bIS(zrWNo*h{DxaIuKor;nA0?7H z8L(uEX1K0%gOZBgZ=s)>BI_<{t+vwURy9MeNlthRaR*f{D47e)5XH)73&mtdwyaF2 z7^Qg}3$g?(naTX}Vp7l`k8o;obFh)=(nIhAF+3^D#};Zj9aJ2;sHy_)0;e27(!tUc zkSQypSTtTn4zsD9CxnrbP~Yo$Ft( z?Hh{G#rMZOiI_&}QmrGUN!gO2v?ZTXaTalu5**HChSSn8>XG|jm55f>fRaN(VwE=- za~Mw;K>=XMSjMwdWg=1MLWsAE!%%17w0WjX#0scE7gQ(bPGtRmJB_fK%X%_&3?hEQ zdz-ac&>t@e366Chk_BlO*(=L`&v$p9;y*mf^XxcHS$Y5( zrSp`GNJ_;1y^q!}GnTBkTF=BtLny#~a41pB{AcmnCm%?=^=wMxA8E{W49|V^(UgS1>m%r9ps|A_If+LM?W2?UhFufy_(PHsNMwlG ze?bL8K|~>vFBPRf2}W>3((F~rrr!VMELLIvNtUN^1*HwUDgP3fqyFggd?;h#ZuB-c zTM!xbM@%!6QI(M&II7;~6q}d%1965Tf_Vl(_WZ6SUqP8lzi%frB51=Y=0zDQ5p@$u z0{xiMjCkLPo$1-eI-tQ~xl=*h!y&OS_}KldqaNOT?0xppp;)>g&Wte?h@)N?aT2gN zY;SvxxGH#OFe~+(+%dzWD22yVas2wDF9@H+?J8uVzMWjdCf;H)Vbp)P8q# z-rs%k@~`OX@Vx)B`?A|sJB!M=yDvC``1Y~;SuWuM_-3o6cN^gOGDo84>1@3=pr^IH z+OzulSKjw4w6S3Q?{4pv{r|R~@ARJ5|6@E0MqM4Vz5 zWXf)ccao7Q@-9e_r<@?~6-xu+Hfa$ToyfbDPv~u)d1rYP8IYe_Rxk!3t+uSUXXI8j zq~MDm&Dmt74gCMPdvMBe$qs@g&vG{qqNYt65_?kwG@$_XyjY_GMV zXg%ovyj}<_)sQPjZgHwL6mET%0?H9hb-|7GkKNC86p#Xo6;$3iHOqRnR4NWDs+rAJ z(?Hv$9$;7vf?}L5@>q@o9H^8)$m=D-XVp{)`zz!>Yqy?F@rMhYse2!_pWj=`G_|Wq z9So2zG%prMzFjPV=RJ8qW|P1l{d(7h;As)aYTQG5_C%R zeY^Okc&y)=FddZ6NShuP@W`VMK!t zosK&Z8#9?CCc!C*v%zk+`@v7*F(lM7o&5jx{Fh?v8j@H4isK2VWb%)(`0XUE)}M;P zX_N=ol>8&0JYY`QG?Sl-vQx}bf0R-ZPI3H?l!OzUIaNe~QEFA7DdQ2o@h3R^bwbHa z4NCva=y;YgyA>M!Lu_CfiEnWvM5C~9lXgC+)Z2PqXeaoVSC?G2ME-dRy7&B@m;T;w zxuq@U|98*(t)IF4zt`Q{d%j!J|A;-|iT^*w^RRigTj>ykqk}YJPzk0HT3bW!IFUEz zD%rIanxG^8K^q}S2n1*l2R(>wVAy&nTkn8U0rLOmoE$4qqIMrvt;a?lXH(*BD1(E| zR7O5XcyeHEbTXOpT9J!7VIi`1LizE6j0$e+CK?P`0BH~c0yiSkGd^LVrvqYm>fIVn z5}Zz1`hXxg2?91v9une=2U!FFfw-y#Ul;UoluXJw8I`m4dCEpK(s4c3Ll#_f`+gkLNf>)1T1)lApW33^`5^>8kn`5?hn(AuU)gAVLMd+zal*Ax5Q#9<=wUxl#dRjJ&bli z3jNj^LXPmc2HfVF`*@0fWih^$USMJcdpM2zNc@9ud7t8Gzu(*55j)1qzjnLbz9`e7 zcDfF&^NEq=-Q*6@Xd5gV33+wH8+8XgqeZ^GoQ0E>jv`SctF5 z7!1~{u6!qDNJ&diMds95W%y=HP~;cud}9G*aPZ`e?6v7uYiS z(sJPCOd{yLSZ_fVA@U)KFpUL|4k=G_khX_;I3}6T6B4`!s!qW-U=5`U_+f_mHQZr& zmO$1qW|CeK4m+)cg-52TZ=osJGuB`v4sI}w#1N^WnBoubVr;)`>_aj3fV$7K6lY{S zTdfaLY%=85oZ{}`FYBQ zu*?N6uSuq40|+zQ!3ph52#(ZEjr8=}>2|xVRzz>eJ?hJl$`nUOB*L>xX`TXe1Hq|@ z<(YZ8BVMZPl2?c-C=yt+5F=2rzFRYGHai)a~U}JrPeKyFj)(lg`T-F=!mX(fRUG^^af|d(=oO?5`J}~GGb9;#bZ)?riZ38B>{g= zX7ZyL;#MmoJbRVmDS^;IRkm*8f43_`Jj5A?f7*IX+BZFa*YCA;t@EZ4K}ZWNhb+#> zhfGKLi4XW0i!T_<%qDI}DMCG1xiyt*t6CLzUu^3aDlD0NGqQiS%m`doTlfg-@?#*6 z9DQw4tmZf}3CCJ;avbX4dRJdV$B>5J6qL>lAcoM`z)4uh!HY|rXu(9=8fGa*X#gss zc_BrqU6Q03_X>REEU?0mLogwIbmlzjs3JTcsyO9Enp*A$X@=I&22(3&Qxz^^VmCCX zV=n3bOXQEINj5v8X#?(%0A8$g8jro0fnp7Od*^k*uGA?i36dWqNi z4f)AZtTV{d2$m0rKlS2z;lF(DcbDXN)wbo@zEOut65qT^*;H}@1Gz^IZIVi9KA`1N=JpHT(foF*A1+j6;aQH2ba2$|S*WQG!mZhpbqL~D6OS6e$_@=%((wv+ZmC+^1 zUW2P`!h- ze-MUJAizm-u3`(J5hW403|Yih{!z-QDq~3OY{~|gXOx-9L@LY$WwDQrKlD*skiRWP zy`2R~8)8_Rrlj7;jUUpN{XQ81$+r-$ddMAtcastoz#9VL8V-+BU9FP6QNw43BW;Xvpixn&PaNLqdw|Q1>*=N#7fze zMJfxS<}2XZcqK(-G5vVU4Z$FG1hrMb`aXvUSFleM+r%}Q1rfv7E!Y?I)E1L_trTm@ zdRtl&tu@4qOq#Gzo^~dTX9p3*oNz7OY35QKPu98Irme!(PDYbHYWMtYf5+c#tF23v zjCH6JdB*fmdpd*m#AplIIv%Hl^IAD<4ZUKi?cXUcuwH^6m-3L(f~~+=!SaeT7x-$4 zPjcC)0%psCHpF?bUThskY~0!IZg)G~-A;GAL#JZXmHw1o#=LAoJl!Tvs7GV30N@Es zJ8KF*v9pWffoR%eBM-;ADj-qDtdHU`jX%IQB^3oFzEaCpM0vLp3bGF^7htOevxs{* zfJ2bJQFNJ2|7cZgOk}R#zNP38y16AK0M=y)Cp*%?7fa*{iW%|%G}qY;g1HmgAaZIBxr<*;XCZg|Y* zJy4Ut;gm0E(pkf*c|aG(8TIrVfw2DDqFKTsHlCr&L>#KnA&YsIivIFDs^Y}%1=lQ@ z0_|}CE%plyS`klvmn~Zj7o-eBDo=)>60;rIAA*u4oJA9bszl-l9P7l*aHg?SCw3g0 zYcx|?Z11il%M0E)B{&8-9VAKZLX2bNM$=aUu_$LB;9DiQAV02^TkE4wE$8I>L8_mX z&gDNjo(X!4@pQetc_-J{`t>5b%H z=B=#dv2?uux3?Fs2WJOwj{mMdf>nYSvMHwV{x=2?W7m|F0g2J|a2Sd$cV8WDx<35Z z7sm@-E>C!t5HhRJ8)rZ>>O623hmODN<2M;w%3)Hxc$u zBL5bm6*O)`Bhw_Cc_B?b30K`pDaA^0JeE^GAt?vT$3S#g%;IzXCR0>FhY_YzzS>FD zz|9mIaxq%X70UbMCa4!`dB##aCYG$HJ-v`ReZOI05g+h^;1K*X-^Oq-Kg>ZyOq%|8Uq;UzdR~>bK0P(;inUTcmO934qO2T1*3hI! zH1?!q0I{{CSTBHsMXw|?oHc3uMhXzE28#=^QB4S%;tzD1Pf^YVbQUYQ15HUt^C{B$ zKXeOcmZ7OD$T_7k)CF@MG$h$AA@U4%Nq;4$LKae|9123eJUNrJP_OWODrl?Pl+qIr zJBsWTPGck)wS=J#0bDl%Y7rqMLEg*>yN!=jEKf;$IkPpnx#0M33gRI`Agj@KzER}_c^hjm|@gf z$OU@Hhz>=g-Z1C0A^V_WIFI3EyVH|uep?&4@CL@kP7At5W`z-y<5e;mS;&b3HcfK4 zBvHb1M|ZZY)U*U@C5aa@vU=f4$?&oetCy<;dS`V72kIIWq$CtV1CF>nj)_?!nX%0U zB+o}1oQTOEvD?iST;<724EVFPCjWnqIlpCT*hf4|Sv*eEZ_#$yib;XhwgONeCX+A0 z_g%guwP~VCJxkJX9rdvQ_dS^@EIl<OsSq zeb1uwjsj;wLa~RB6gA)9z>Ot|Z{EwuQL$h`TwUXBI8x^j$G>74L@W+4{panDkWNPI(6CJ#$DIHiIU*+SEhz`)D+I%RoDfL@cT3=mVzxJrH}HSQTh zhhkiQ#906?RtG;`qT}x`!Gx#hn;20sqIil@CZpScp1u7e86pa+Et|C^R4oxBM#I1- z*WCXGZNw}inhDFVVu6TRp28?^`-p^8YVzAxY0fhhHIl`G+w-oAq@RHQqP)_vhf=-clIt_y}hi4&ZtMwjX^ZAO~i~a*+20=`jQhh3i&T zRK@BmX4{3jwLE~CC>q%Hje2~<#NI7P50_~hn&P&h7f`Hf=Ot+k(WdY%F9;1Wf1wUc zV^Mxn^-Qz@G#Ar?c_x-y ziM|qstxwe5E7!FYmlgo@&y0_Bya|QeaDsrZ1WVEtUUn2@?YRT(M z5%XB^eF*cTFTpejEJyU3%pj^W^oUiBz-}jEe@QK&*BErhLr;b;d`j zfeIC$(&?z}6d?oBmvz9W3@}tZ_T@Fbrs+mm>0_of8hPZ;#eG0Ec0NgL7)Kv#;%+6 zOp`6CF;F%Nr!>Ci)~vIX__iqx*u=<10ef>xAK5r)#8nOXO%AbI@cvy)Cu>B3l69C` zKr#w?y-k=xKwGp~8dYtSS_7nHs#dawlZrcdD>$J#i=YiSI^GJQakEB3gi|~OLZ&g# z(!7v(gxCP`$)?jee9Ju{c}T&k+PhUHw0V6~VXKLCVX73bZ&*nBXm`6?+@xwp!s2q& zE6H0|0%iC16d|046x6_oXC+KaCCP_`%BwPCGyQUJx7#fhlQ+SJJZ3-+FHhvr_~2I| z=Y3CR=m$8UR|chKGI39wr-?^nahj4X+ElkFuC+l`dIp@D-iIl@A!!M`A8=aay>K!jTrZcHvI(5KZuYci{W$qol9 zDtS!R2g4+#aX=GT?IEdLs%s1cHbF{4{t%7KXH1e(a~YFUMDZ7Sx zjUr3s0T9RNyQ`~nt;%gh8W6xSr;LR03<8Jt%|ObWSQ2Zkztfk?=a?%!ew2@C%t6<1 zi@}~-hg-!Q)IuB#JzJ`vHSt0^PH8alhWT(95or{X;Fv_}yQWAGvEW*Lu_H=b=4m*? zidUC!@`Oa;YcGA4j*UuC87Mdg)N3xFmi1FxrC6`P=UUxh+Mx*K^{!n~719&3$Q+=r zKh<4f<$az;rYDw0sB(Ft%S$DqeWQ*LqFkwM)f{zjDbznMF2xQ%7j{m=y0Rpsne?_Q zoa7Kf|K?0xC#@A*r8a8P*PrH7Sa>iCvKH!<`bmHzl7en)N94<(E^t8j{CO~)4MZ~ofU<7Y7_lf6 zTxvQSjA+WUfqY?=C@fU>y4-pXXuD#ICkJyn8_;mjD+wSO&BSP$hD7~R5h1=%=_hzl z`sDJ~qQR7m1QE)`-PQ9>V72b`y504fa$>uTs<0h|c>Q;QfilxkHqA9fkPgJx2t1n;Mc3 z1_SaTNg=&oU7>vL!~xk`#Vzln-u`}B=9Z6MKySEm!m2AY#UBJ)JC~^y(eBQ6L%}%{ zUUzCLgKN6WM>(^+Qw!9*s2mew5&>J;F3-l82@EeYa1%e!9L+5=VriLAh^G{T$VHs9 zDQFY>@-I-nlnO;AZ=hQ>BY4_JJS7A1mtr}ff(bI2rE(!(Ri)2OPRoVtHAo!ZmXd%7 zNw1z4N?w=KGM&|SjmIPn^Q=6HImt4eQqk?Pm`r22$H2YtKmYm9DnZE&Nx=j%NNGlu zIkZzm8F53l59M52Eu*u3_O-)lrN~%10OBO^c!q=PDk}MOiqlyieX5zSA3vh^PSR4f zUHenQIUcK2rSH+_&!zpk@KU?~uB`mzq#no%COD44>uRlKTG4`=d0~rfMJZP*lE!}e zt1B77H%I<~H$DAo4H2461d~)RSUMii(8z_N1WWCYvduS`#^`N2_6xaf5LN{@dwvyC zl(aPzVk(XYfX_g^`-ir(4w$lr4oO5ZGO+sIBvmUeV=ia!EnRD;Jat3%KEc`Ky-}2b zo+qM1&0N-cq{ue*~( znLWT0QZ8iSBSCg()RBn`QQ012scW@|I4M+N4J6V6^rF#}#%?SHCHUFftK&Ypl73JH zFgVY_xPTr{YETQ?2~?$hMR%>IMZl(=%E((SB_uWU-vTs@EkLZU{*}hO81drVs#l2C zT(T+gOtFFki<5`T$DUmr{5bf(mv7JXRs#8+>gtNI>{}Rj%0+zvy-+WjqgjUSO=%pH zOw65aOLrg_hyBiyee83h{0!!cbtsy1q9DAr;5&t(TPGttvoS?dpQutA*MRqin3KKT z)m!m~d%N>nLTI?Rt776gnv*gLW12;Hcn1_@MHdVC?rKr5X*SG*Ym(iiu2~0jheUZ`^AsU-BjYR!A8e!QmIYi-6_xZC5X0a)>7b})t-10YmE5t=a8`o} zM+_VWtUz;HV8uscG-TPtFZhi>0W3omjrwM_!Im864^yLiAKK+?)AOJ}{?H&u$q z>#b4U1iv`&)a7_}hn9Ja83h*G-5oDazVh6}XN`b8i0In2$)c*JpBD{;4 z>`O04U%M+RTi?oi@G0AbT;TQJ&?hOp%OWyccv}pn-VP63XBMS0((M`Ru;NlnO&exR z9L1Qnz-qqelUVRqqFNqBNCxyoBOHkOc^bi{DmFN=a#D87)rKcMq_tO>O_Wb{XH9lYd$`cJh)=TyDmWFYw67X0+qg@)NswZ| z={O#UbA$bf2P_eDCFdmV1L|8T!C{}JV_iAVCIfe76z<*;8`HSM0AukFOX;r~G;AHq z)dU6QK;4pQQO~W46Y5*lrLnGTN1Q<^#EU3;OTqz5$2e9Iu*^s4KP04j_l5ClSwp8s z2j>qp%M9;&ZLAlg2#$UbPay+Wb!n0*O^d*uGsKCXv1x>;;C44SQs-D0Z}HWr`b!ZM z)~bVTeUVIVAf+OQwU`!53>ipK;l@{5J*)GqnxiC*(O^QNM9A$~5;>yMP(%%Fj-d&l>0jd+^xicye=qZqrnbCLW8L+>TD_a;D<6yFdVNdPeN?_HBCxHdBe58D1g z`GM)FWLnTaKY41Z-H>$1I2lB2JQf|>FMK`_LO=Z^Sug+P7wa+*?W6W|2BV}dNA$&T zB2yIX?d+)+IVS_oBMnxaAjE1KWD!UE)|eo~c{JeHG#T8Gl#XVluR|J#gD@72=QP~^ zAHK!%eZgJ$Rv7G0XDl6yKV-B6XK`G|y4)0Mruy^dD|Q3UKo$ z@99Fa5pCJlEJ|seJ z0Q-1eg=F?ZxzOIl^glUyMI$0(oEWZ93e%|K{Wzf)HKwO*j3RPFA`=4;%ub^SsSzpS z39*T72mFohHap{=r|p9}VxTw1Z9lToo{ z$Sn41j!WD)!D%por65Px6GPl748gT;6t`?YxgL?X0=-*WiAF_ZW#4SKN4d%IuSG4H z%3Q)a$=114+$M}m`*^|gl-csZ>8T9E2IvYYFp4S&$**Tc04<9!Z%8&_p$VSFPzb4l zEhUg#yxd1WLUR0rtHbZA^a>fm>YL{HTXI2Mo*o~cn=u!}2OJ9}5Kuox9C92Bg6|cH zk^xDuMv-{-WgFVj+4S11!Y$(okb*)>?V4H(YhJA_ng9`F*DCeAan@01JSy$gAp)bE z!fN*FsX9(^G69EfJ&6CZyte>=5e!NK!+WD9RFcT6lugBs#4o}4Hc!cW5YYfBhy8#o z;^4z|72jH}MUX>h9vlogi}FmRgA-F~Lc}_NoGVhTsch6n0&6S&CmI9)j~EV>H@mFl zfQK=ZslQFoG&ND|(03%=LYPB{Ckh`RM`ScZL8N0Os?9=-heSp2HBDzb7~Ec$li+{R zG!G_dLdSx{>O>yVYl3$6x@MlCjoxGv`1OcjxyHoM$1L`gG49LDIUNz8A7KpUI} zf8Lx!k3E-UMzif4E99mXiSB4+pK^wF1(ZTj8rtf+*zyH0uBFr-DEKT0e5$xIr@s;Iux1HZi zU|(J!El{>)(?TYt+>PY^yOKzs1kxsf^hrc|5|QSLNXKyqrj&Ad#i2brr2OqTPsoWT zUcb9IRgt0loeofL!gvNT=^!@<7<#$(T^68@1k%3iLBV2Ii%$ytnkE-e!r3fjK=sm= zW)?i=5JSZdod}Fa?UFLCp$P)u8~ubF<=6z@DH?}+5r~JKF$6DgJahI6ZEayi_Yt#I z0vD(p+5RS0SLTWgm98x#GiWn{2ap%E2hdk0ENHZs5ENw56@>&F{#PI%NOYfsgD2tO zNjP{C4vcVM8@Gsu$0cU=n?oc z=^whZF?>FgarD>-u_#0;>8Qj~uyMhz1OV-9@EzqDOJ@oNm5K2HLO5~)UZ`RhnzD?j z423FemYo?@hg*?35ie8$X)JVH80g7Fel_*cU#t{I6{ch7fORZc*2)l16oT5oMUC3> z=@~s2;Jj8cJciF;7_;Md{ocINe1hG)ac;oi`dWoijl7$%Y-|pqTRfB2D5NJm_<0Rkm zyjvQF?A8<0cE7j%visr1^OqGkZ{8jq_jPJ89iJMVygqw-aXb*1Tn>OuU0Rl;&9lRe zu+u`N7b-_*dm$9ZE@+OWP&1707|)PObEFd2l#?DcSJt`lq`#&(bXSt)$r~CgVaxm# zR4kgR(QXYcCb$esB{z}N%A^@v7gF5%5_Q2!Z8!rqSOiRsLp%90va?b3)KYPhQS}Oe zVnIf;dR!hb!C5uMnc5w}PF(Cx+D4nk`ff?ZmKTDajxGm*&bg!`Uzh0>)06~RRCu4L z6BLf3Ar7uh;)TK~SFxf38Wuk;)zN=X0N10t+712Yjek{wPL$_TzkpI*^ib= zlfvp)zXPc=3qcMnoH~Cs8U$x+QxCagN1W zxh0N`p=`J^NNQxtrmNrvObVq(Bek^A5}fEE&xILukXwo*?rZ2+yAH#z=22Azkfi-- z5o1RA)-#AcmV%Q~=#)J+aeu4|9{LDTY-Hqo6OIX;#9K;*-A6xZaKC&u46qqLojz&a zKg6UxowKxDS6EowCfyN^6^zm<)>;(}S&JlCI~rOuNbxGi4;{R?wfYTak`;Mbo%8%g zo#EOt9fGW8pn0HiNN;GE<4C4D)6-h6aP1yQbe>e55Y3oWN&SVXS`-#li`1*gQwNm4 z$paAxtbf-aj{Sf7`frtR4JHzTsK{0d>C(I1-JJ!)Tx8D|LijCCLx|3UGdiS^kUiMQ zrtU46so%&5B{Cxb>iNAL6f(lazG)aqHLkIW8=@i}3%>iUYVy!-Q4dzm2}Fb%<cTMB4 zkMuTksT~7ht&$A8f#c?d^Ay8elvFuUWnjT^kf@N%Z@>;Tb%JfU!F_=Tn2@e++8$)Z zKvHpw?R-S7KYf8mDX_dEeRT%{WftDvS}x_Cv$t2rmwxskTd|F9x7*#@-G%>myWR5t zpFi)t_)~B9`QD4Y-4{F0cmLGg?(J@O|Ae|aDwe5qP|JsdptX$@$ zh(ki)Kft~%Vrcyky#M@JYby$``lGW;sp60VCCw%@)_1V5l}SP^(Mf+9YWe&o@bxAs z(;Lee7fseZj6#%G06tt3$4av|NoF= zU6+s%nuj#*6g(UT`7eLbMfk)N)~UgYjvSE;(}+vYV?mn6P#E)^n;|)?m@2T{zfFtt zo03s)@rwPs1)g?AZ?K2ia zUh;NjErGv)r!gfTU~QefJvttozrDEHf3{(Bm6h2^iB*WrTgrn!b${_=h1BPEkxpWX zrMX!}_2j&Sr~u9HjV{f|6for(&T_$wRrEdaPW|}Y*7yVyrbqgj!m9twP|^&wGcKnL zhu`7|#{o&_kBtlza3YSNGn7HVZ!{veXiDQevo7ati0I^8i`X}qMuG?VEiKt-w==LG zkrN1dDWp_uuB|(}%1v+wqTVhus_V|EULIfkaB^5Puy?{>)lF^vqaN|dqNZNlV(@A5 zd41Da+|LS>`%PPxXRUZ=8XQVSb8_BB^^>5qKF{ACL8hn@aX=Tg`uIesjg!Q8m7Ai} zeq()Eb*owp7;+pyRsVv(cBbQ7w;R`&J^}!2v!Zm@R_+n_Esa*cJ)a9{N!b5dzDR zle5?TA|bX+rL3-g!$1G|&%g+jTPr70S^}*AWUmkhTL+?f?2Rg6(gup8QyN2tBQ)o+ zAwFcUt?~S=#rc(=RnC8Q%%oM?n1B8gC%@g&`EPrtxAS!VdyHodUC0>#vshk1=;Wa~ zI`AMRW6HC1)>b=-XP-635gX#j4{(-6#FsUXip&b4o~f3kG|on-{Xe|Zz7qhk%*uba z*3ge&L&DKzou8zi@O4y&sSZL3w~xnY<<(wj9C*HzQPTib(P2^eU*}^tq4L{hjDRAxlu-ZP*=Pl zqY(+RzL2sn6$0XQp<8Z4cHFj0tp+r7ZhmKsIho#&6jXaDLG8cw{NAqDZ6p5>Cm2+H zlyLw1d`Of+&VNla^(Vj?k_?x2YR3DLI1()(lZcXY3)PLf7-Door+v6^8PSLciDiE( z7IZKneFRj8iE#WO(Hp33hyaYvZ>e$xRa}9?E55>{v2$nWDJ)7FE4xo9OY=BDdpqza zonGdn5&eMLUc0^*twJ5DLzCoDG(%$WWcVnY$k3~P>qjD?L-|a!A$q~lkOYtcnX@Ue z@57{4f|5wZeu1lhJx?h|8%p`DG#C(GD}%^d4W znUM!#Q%Ye}DN=weU2QkWgH4)8Oj7T^YfG zQ+ofy+a+kS-Bsq<+*PFKpEa;zx#$}L%#D4PSvB%{an1lksdi&`Y--EDHP`rLG6}c; zPaCxd?Ypn1@_H|2;%-L1Y7SUCPu*g^igTiM8XrHJ$+e*(z11E9H=E$a^7P`)jS^&? z6rpm4uLV*+0ha0i72(-EX#i7T5h>bUCR&q-YVV9 zKiG82VrB5v+#&g0_GUt&sm~|!umPvp%EVACM5!*T-?hYYs=yi@CmkV{YQA!iB$~At zW$6@;iJ#%Is8CfU+~~VSJNC1w@~OOKSPgta|H)ZKN@x6P3o=|x=nZGG5lwY<(~7Fg z3~oYYM-@3T_Afk*nhR944aIO7%Zo(=R;I95+Z&^gsEkmdv8k!1H8w5@&T9D8N|Vg- z7zUCt`+y6VW*5;a~0=0CF{H{=&Za1gBa@>H@Z3q z-3KWPGNiL+^Hxl53vHgLD67qpnoOYCLQqxh_V>|7#MpJ7p!Q9#joQ-Upk1?}+FHrY zMH}v>ySM1(>`ejDI3yp;r*?=l+(vEp=CwUl~2j?fM827)!9JOU-6+j-& z>?&PrM~sQpV=3$`C_jf{OVk%fYZu5p3HP07L>z6Ra~2-t8RG$tNIHj>lLX(Hlvp)D z<8kL^yN-C}5+!o2*hKC4luJAuG4+M)9KNVZG!js7jEx0dEE3mS6KfM~loU6A--l4k z^Hn$M|C`0FtWB!gmR28=Ixx;mUf5`L-Zv~B@*yKJH2o!3OTxk<%F`U|;l9noF`3KQ zYf3i`{Idl#loptsn_lO<3bvMxrp7XKGlf^D866p;Z^{wRiB%6TCZZ8eo`+XvD*ck5aMi#kQDR43#agFvX4P6?F(uWARQ)qbKL z1WeT@Krp)~3Ok0364i=rqo}5}FX$7B#qlW4&~}a9#er@)cZ=_~ulH(Dts$v+e2X$Q zZr~P0YO7RR*Z>vA90L;l%?hn+=qSTe_(e+GawSk#o!FspxSOC&gRsKeRe;o$DMh*4 z+!S4MV(##MZEx+y=XDogP1tQLS}|WY<>5l7brprYK$P+Xaz?^(OmuBHQoX|`SRYbk zR0>#9#jZ-7ds1@k*=l+7iQZ@AtKEd11_ZAhFShr0lEyL2^MK>(W;?P0N zPBOCqR1qsfL#VfUmPXEJEWThYb3;j245GEQGy16wbEUn7+TMlu*I{5zGroaR>VIuH zFs>FP*h1}cKF9VihAs}9a(iFINK)M{yveOIVh!Wkvya;r;bo*66|}mg-C|Un^Ngi< zOpK{0aCj9*pn`sd6^6=V4!u%1 z_;Phs?8uZlc~C~s1ix_=HC1S22=jaJ1(?DEcWGtj&;+i^Agtxx8Pd4JCu+&zbjw^O_t)#CcVs!!wKB6r$YC0u8o1b=>l;H4f94Stue>F@sch-FYq1xT*7TD^0APe)r zD~ACuA1+n94=V|~P#gCMw^-w5SBK*l*y8Si^vc_r1LVB2hnZ+^_JnU@CjEyPr?JNf68F6uZ`S#t#;oXKp z%W4Z3No`)yYRBH4o&3Ld$AecVr^japZ;mgQnW;^n@3W3efmW-C0(R#IRkF3!*1oX{ z_)qBHjK-+F)!qcYyejH$R@e%%m*1b953Wux2R|HNoV@ziGDIyyY{00h%~bUtT&izu z>5ECwXp!Q;5idL|8ZMeAtv0XAX6e0Ix4Dv3!~@SjcoK*H(BhCiQyx{>Kx0 zoK*O_w3{FQfyEy;BYz=nIeGdYyv_dx;m*w4yNPxd&r$6*cvzHfq?Mr#|^G8r6h8IksK?bl2tB$;aI?9Yp zN17|pdH@Y)<#zgyAm!V)o?k-0*$DlsmGhS&rJTSAam+Fq=DuNF3=YoD-d-JCoxDA} z(-Lu7xX;kbRD@M39$uWBU#*Cm0d^0Bs);Zwwd1*K)ZSIvkZ81R-(w3HBTOR|4Pb=Y zhgi@OJR?`bYY~64F@ca1OBLN*g117q2A9VdKOA2Su1?+@zkRprSk=<`zT@WP;`|+r zn~T?PJ#L4mC&y=3_Zhb`ou3pF|GkO{GdJcaCYBPqEYJOA7d_}8%9ciU_m-ndXsrJMXR6GpG<`QTh8iFCPHrA1$I9VbzFb4Bzm$Wda@*XvLw3WQQPY61DsuJ zpe;fP9J}3XiW~p+tHI^*;k%2ItA7m+j^3P{4c=WIUu@1Vcyw}k@a^gG;Ng3>5 zRXn^n2ED*$wPzQ{{}14bS>pE3Hq%E^^h`0$T+ABOAoaM^>p^PEepv<90%G51Ke?+4>ybupDJ9k;j^16=SPO{# zq{sSi)?*;1?Q4-~28sA+}r0PE@iT=<^qGFajrh-Vf`a4$+X*3^3F{Gg_sT6XG zKcGTr9^8je1{wH|qX=ql?%|X`s*QUqfHbauB;}9p(-%Fd)! zJt=#hls!+%o(E9&7+&xoik@PtcpN2aTz6CCeDP6QLV@!rqqMr>W-ei$ls5mpN*gsX?xwIY=Y~RA=4K@#mSr)Wgz@QoHFAzSknhxu!vYzDQyQ?lOnYasRl)D5xVW{^Ya6q&DmssuOZ_; z&WjsrsYHQCha}xX&#W?bti-08C1vWfYC$?e8!SZ|6U@aSLzQj+o3psRS$RF85ovGM z9JC6+-p7vx#tpNiLUlW;WvPCr(CPYsRh9JZN|CCOYQvv35zPx!czI><+)GUtv7V&Z`D_je0b<${!BA})lKUfEmhwH}DNG|U4a@{zdCfV$WrVrVX zQp=F(seD$m)0439oTb@WsTFgc6d&s{y!aVT$0QSsanfwPZUvySzF$Jsq5%zI%Ogb~&G1fj()?rC8Ns z%pyT81#BC#C2l#USyCQ@+8OcY>il8W@KP<;k0?~BS&*frSVsH7rtf`GZ&6ZnSA~&~= z1Us(}hX<#p-yR%(zu-pKZARgBuC`2p(o&sWxp(FMEW+rrtcz<@|Gj=SI6t`h?s9N+ zaCK1A@r^MtJAj=NlD0Sf1ZNYe7nuY1^zG}43DZ(=BQ~yQh7xWqD_j!vJXWiqU%dU{ zc9?l7KG06y8sCVE!H+Us>|M9rm; ztKy{Xy#TRiO}3?gkj$1_;M0(G#Mc<@ZA^(B*5;X6 zEwxNd9+{dIS#8(p-103i;R;A=1-ajrKYuli zr$EujK#z~*yi4%MGbZ>#Mg--%JUSx5EQrW=j9v4hL+Y)e^hQI4PpaL`YQu{=_<$A* z73liruNv6Yw>fD!YH7?ua!Dc*WGscwn{!4)CTV zH<)TQEUMFCJQ~qhMJd&PSN0NrQ-PV=k^?tm35(cxcA1E|cgSL%rI;#RN#n;A^1Eg% zA}NFx&180b5Ii%%;)mm zwWcD?$kbxR@KaV-RFnm3)?;NwI;InIa!A^{L(}zR&4tK<3&*>Sk=RYV28ea$APYKJ z-Q9!`STSCxzYmAOt-T2^gI)5bdj8yaR-H^s_qb{lQZWdTQb)i3*edHc9Gqp%N?zx= zb;=e`6(~#UPbvp5xgdYH3%vq`%@uDQm8{|K=-?LdlP&>H^+NH%{ zn}e7Nnbg)FMwlASMj(Ei+2g-ai-@8x)LmKww`rM!h(Wk_PkDwjGRh-PGTGxb6tiqX z<8jL!=`tPW7`)K<4VkiZR@Rabbtj-HH6pMrOqITVZ zTelH#Iv;w#sS8)sXgy4TCgEcE~!GE5kEuIBY`4KOjc_~nxI z)Rc77GYMz75Cp9`0UGrtg+pPXkn{ZseeZIwIsl{_^EuXKn5KS+s? z5GOYOu#Dw71wMO~GB@4J3vE6#@po!nF7=`tsZ>z|Pg}YnP;;bO{7VD-} zy%L&p01Rb28ps^^}vbE*tr*@!Kg}l9m+EVJ_?O$35-H>z$MaCo( z-@v6({1H)}wSOtuP`V2GX8OBo)nd+cQ8nF`+V3Ql(NElild3TG?9c-$?y(> zK!~ZW1?m&-ls>iW34Bdck!+=hOiy{{1XE7oFl?NxSNy*bR8 zRE|XdTd%L*`?C`N*ZXRXYH;38uz>$>@9gzT{C{s}@A(t|e~f1(b-2ybZ+e>dYklw^ zMOv>YsaNNO2#yWI=6XX{8H2Yq}b$RI9>mGF+~`IV$@EEKf<7h&skJl=!I#P4Y|GjIBC& zZrwjB^_vG{Vc3$2U10O@HNZfq7!kRcYFtUI6~1X(`!(I%&y7a143d=!WfU8*TMaEY zlE@usX#;o^Le|F!S#H>yYJL&YT2{ESV#sdeh~aQx+iOikn_~K}{kfC#v@@h}hr~CC zPn4xbhCGsw920;A{Xt7PUCpcQ)Q6fzemAA2*C9=jmsk!X9K68FU@Cr>O)Nl+Lk(6- zjo@7aW6h`4vua^83Uwi}#xcoG!kQpic^X+UvVuH~kjJk_=x2G3_W~BjB*?r>1?=4G znom>w0bUpHob6f-&v0)yU~wjxsf5kDM_yuH1#c%vf6U1t<>U}W)U7%T0Flv`QhN|*t>fB z{qb4fYRWA?rzrvDP!is|0)0c7*8eNcNt|T+@2*~XFWc4_mKVaaFacYd{yu8Afu)pZ zXDGgHNGYUlskEB{=xkc+*DKFt@*e?OIYk)bcej|vZ6As{%iXIiZm+buJy&{BG=@d+ z`E!wk1Kz+3C0B^AlPpVkzhlBL25j2F2`xv5Q^N-9Pr5!!KUDG6ZdAV)u#0-;tx^W4 z#(P!=I+}a8t(P)dZ`@+gc;sR@L zb;j#vzLeHdvG6@;c8EFI+eKbzlV8oczoWLUt;SQ4LH%;Ozd}Sln@|nG`5HLCS9X&4 zJy|_HJ^EQi|6{q+hzZ~=s}EXq|Ns2?c1i#9eD6i~N&oX0PqS>R4h|z45h-VZRu|nX zTSO7X+S%CKsOHibf|`0$G5F~|nSOM7XV zc8)Z=IN)m?7W*hma~)hz1wWAC8!X#a*cpsktgc;6s83$2*cHW>0#Kc`brl+*>)Kvz zsOjpzCPsi3FVLoS*jpGUwrCOL@Dds1w$@b9^Sp|Z<9EH&t;GLH60zBo#Mx>W01Np4 zZg*#|Z2#Nc-h1NzkMT%JccT)0E$8G?IT>D(Y*X?PyFiW8;^s2`nUcZS8v#xd-Z8tu zk(p#)&DDbKxC`Y_t)spA)_9}vMQqR#67*ZmLH2N-F&^NE#$#&~i=Y&6`D0Ivt|4Mb!{}yusC(L%~cDOCwUSu{7o=qXME{HzykTd+v`^3{}<1n{Qn;1`S`KUnf9&pTqsVomAF}o4?XdTul!kM z{Z9xEBf`0-+7@Jad`X?Jmw_}BT6q%p||xFFAIyA=L#LZYe9 zCvt%_RDo|+ooahi9OE$wy`f5ca6ux1Iq~&=+gOptJj1c-x2dMXIq3}nsCxwr)&z^L z)3%HE6^%PuF{Q?o#us%;VS5@`WmF~nVR5CRjH*Pklm_nZSXWOLYu-11>-F|~dsgB9 zZcYnt>FdDx{J+?`rPUdcsi)Pv2$B<@9!2~*_A6l>;+yq?aiv!d2apR;pN`)9jw3VbL)RC7k`Vp zalac5*X+5z5gtrPm`BD*Sk-Y}OH1A5>Nl9bF2bS`(Zxcg@@+0Yb&wpSO5wi$Kla|W zyKP%r6y0C1eg%%4?%2H+W!cW7S}Q%rb==l_<>6x|?Or3N$AU;mLQN4YLCR6%oN>S3 ze|dk&9hi6!BtcTLT&La39HXg4;xRD+OiavYwej_1&a6LNXY&8r^#8>)2`e>O+A+6* za>jUi6jID>UwrH38qnEI-2r5ALKzG;#GDsbOXX7onQmxiJ$T@k7iVEu$)f|G&hjrd zov%jtM~)0QD|c1R`{2snU`LFojMAhNEyS+RLlPYe9$4S4sw_%@#y2C2&#(=-LX^rQ zWp*E5@|4UkRWyUkgiI+B{|`x?+X_qAyQKja z3Co{lNEIlHZbQ}rJ!2vDmkrw`UwX1As=6P!EBb6c$K`(2%V7z=rnT>EM=Ve~{YLFj z%ZneCv+h=xd(#O6S^CQ9cuTveBI$LvO2zC7)TE#y^mBSZ)bojP%QI zR|C;KSSx365qUqpdv|tu_V)Z;skgRNiw=x9(%`M)?peOFEvl=gHQinrX5%1R15ssf z)gI@tN^p$FG^8mdygXMy!r~$N@EC{T<6jEjAV$tvLKie7Q*y$694h}ou!S#_)yb~U z8B4)S0Z7jf4A!lJ3o9mfc{;5u*8OxIm%x-5EXhC8c|5Vx$2M@dmF!*`ZjM z8xHCXl5;&@@wjhD*i~Z7YhY|T{F`pTR`xEn8dlHY)dbH**|k>1T7AZ?)qu2eZRyq7 zy8cjIRP#2G=LYh>h@{snx$4DmNH)j-+wA`j28ZSNe@_Mv@n7%dv5in0rGPti-_-`FkPi8QfCB_y|!DpsT= zRqP6>u27l?V&$Vr!sa@hj}gelEV#H2$=C{HsvtblG^9lIr+1Y7jkdZg%pWP${t8diL{*PxgZu{*^>7N6hs`j z?JyGBj<4xDu4{mZjei)xayg;E?|Ar^&8d&U}juTPWTLfukUZ0ui;*nDYT>aX~0 z!2hpo1>C~_?+*^j_Fqp1Pao{R?&Vog|KC(huY8x51F|A-9zB)&ESUiCr&f>q?v)1`9uk35vfVZ6gPX^Wa-v@&S|DSt# z%5+Fgu|CUnEYwHp!%<96`9&%|qTvffesg3#*KJT$u#3DM)J>C&bSv#$WHC^7B^SyK z6xtf+H5FIs>mUFEH>y{acbE$V8V0kr(j$phx7{L*1u^e7scxMG0qCUsw#d;mR{d0;uUA)0wYVV-c~xUr zExZFLshvNS60>$9XN;#h7PP~(qfkm=ya)DWwgFRac$TJdE}0SAHBZNB@72Phv_ItP z<2|SKrxFn9Oe_ToQxdf3ZtDnWsko*sm3Cc)op2#E#{Ly4n#(vKvCpB3a7Yo-aufBG zrue`mq4E}?D4UOUI6s?&yMQ$<5Iy_~RQj#Eje zXoMbrc$CsPxeS?)L)1f$c#6}E|AHPRWX@7@iGv^!@72$YlSKUZEh9Wd+m8e&mkF7W zgd{tU|JKP>p&yre5SKcsm3#(!e=C#{6s=T5lzLt&#!2KT_M}*7oJ}S~5U0WN8IN*CnCAV72c@siWu z$&10>)SzRIV3+?8eEmW`D`9v0?yEW=@TqQ z`8y>a(|#O^C0NLpg%_Cn360aj>yJI_161`nFP4~x@`F_nwA1}xV=`5LPU%Gb6-Uz& zYzv$$>xQe6dW+xP*B7TJ=)<7*^q2qTbuFCfMVemD2o6Yseq=mFk7kUgRw=Q~1iYw} z!pfRB-BgUZ#1)9)`hD1;APhd(+q0(fb6xA4;KZNZqGhWB&&HP%8m1&slUGS@<}S=4 zpV-^30nCstNZ$b^Y?p;Ra?rpV{H;>LLiT&Tt?W(KSmW62Ki6Jttg2>K^dzU(iQwBz zn*$A!2I)tUoobhoqCqlPgwX!p9y-|DM}wfPmxxV*BWE7sv5MHh!Ok-C?);xby<{ z%VN+s+!3TUPNcFxnOFWW##n;yxg-`}l7q4CtJ3w;R~ibKX~Yf-$vW^7H3E zH7;~QST`=jL@scOlm27zL;qb^RCI#2HJc?W5=hSYe~|a}|MIr~`|wwO<8yxVYdpOX z=iAMcPHy68dP9A7<7dgu^!FRSn2P^?znRB}H*7k+VbjIUH5t!$9_TAc;ZS+(e2 zLQnAN?h-voIet6ly*Z7J7MO;)j@^D!kQA>{{Znn~6K8Gw@qL6#-51`q15jzA!4mmS zlRQ0Wr&oN|r2jh5$67kzHvRA3;7OVOA09mT|J=({A_PUoJmzto4p=UL{$emDDIVms z{X#8}4K=`bMyHc8_Qg1kss@s_BG%!G=&I@HtE`*V5o>}xP)&O%8*w9`2?<^%EIzJ; z%h^INmEe$*RK^u}$^0vl>`G1A%cJAVw?CbnpP#-w0VB=hAK(7`#%L9fUcKs+qKfp; zV_(boAL}o1q;VD8N`26xf9&KqdE_^4p@2ptZU!XKz{ZML|HTNWr-Yp4M7f_5L;Zp>@vx zgoP{T{Ij37^Z#IfP(J^k?mguHyqCvu{=>!BPlz}#3+Fz3$T&GsXZ|@0$&Sk_w0hh^ z)f$PgXyz|*&aY|Py;7)+PnG-*?%Vo z`*(7^{L7y2V$Y~NjG8VFkwjXS&R9Z!hvt+cT}S6+1fEFE%?do2LDgz#EqX^+qG`GM zD62a%nIV4I>7hb&Hzu0x{&YyMYzvKjZBwDO@3v8kPdrzK}<-hyS z_8;`W_wtnJKZzDH?wd@yRMz@hu^h$cTZVEZ(c+#dy9{LbHpahYL^%$*V(ZwEbsU(e z#MFU0H)#CykVL*MH~Z@ZOIUyZuP*^=lm85!JuC13!Gr$iex6+Z0Mdm5uYrR(jf{pz z?t`6T5pfp$@cre*$?^O1(|7;8JbL;1^v&hj(Z$8jZ_i&|UVeZ2>SV1dErnm6UL1Y* z>g4kD&FQ<-qgSf(@%hQoyVJLCc6N#~k}$xrTZJXR6i2r6hfur!0z9mPdKO}WZ8Bqj zh7~8#BD(HnT!j}ZK=huI#7XBX`VlC8hB?1xNnke|t9RALP3ig$a$eohSam(=&t^F_ zM~5l}5pZk`wI~A|_fj?w^RQ)h6)81>NNTm?c#zio*`D>z{}ltim!6jM|KMZaXlOhZ$A=WN$ittkYMtKJ1@SkA$`v)Zx!b=b5f>sqWc?CDhmey!N6cN8%MLWLDN zJyS!mUNk{(*K3Hl+8phFjrjf>NAzDKhQHbB>qPHwtW*h5q&GZp-L)I$4GSPfWmoaR zHM>4i#ddaf@*ea{0c2eT3!KK>;h^k0`4}?})p)U>D<*Hb#*RDU+WHv{*2rP-rBCGh zeQv@3VJWs>oegZ0|32NT#D9GH^uhk;ULH3MQ<@pA32b2lwa&-p1~=o^R%5C(ly}Tq z-M8xMi_)B1?0;4C&i4Polc(kU9|zAK^8en?Xs<&7xj#OxP%CYg!9YGUkW!oC^6LHic6}at|lZ7 zu}@?Q-jzZX-4bYf=iC}>L4s}rczN5_$9^u&U{am-#I<~y*FoZ30q#iJzp}9!bXSb( zoP-2(;;9jI|B(0*&r1h@BYw5C7dC#ke;rQG{jA0Rr8p&%EaYn%0krUcg6XTo|9#;9 z?&q;Z$a>ReoLs1>z5xB}{dk93%d5MyQ}z?Zam+3DGKcRkqlCC?wY+BA!~sBk%!@Xh z>ZMCUc4v`xs@Zf}ZNFv&2cb+Cpvw+5OJZhGJYgx)`t4|W)q&8?NA5)P^NKhCAxG8* z@%S_1U-4|-m%8slY^?1#p;3w+dGFLPz3(t5klCl(Hy##1N4rwY$!B=~$y1)qkri&y zbdmdw^nT?m>aE+QyZ%}raKC3-=_#MnWNko9$BxDtV6p8@{yf%7n;9H!X6)piBWQZ{ z*|2Q-TzGGC=!scSimJ2ne$u3?c4NmZaMGIwcVvZjD7MHW2O8w0?(ZA>h06;^!9gB5oaE7cI?5NcQER!W1DKU8Bkk_$GNWVO>E>xd z*5UtCfob@+bb7S((Wd`-_N?sxefaF)LH~0vPl=$4$^AaTb8^j+t5!3hraU35FoUAE zFO)ST$s&)>OvaG^AwWUhcjDh42@ca)*923}lJG@W1r%RlR1m>>Cfm?4l6@AC7mv2D zrzAzao=ob{O9+oy#EEzl3+@N?dO8utU{Cx=DB);;9(~G^@H5)~_TLBS2I1=~^tk`O z5&H4nyR-f$b-3?;e!QbP`+&NSM2B7U;sxsN@9lNbFDf!~l{VaR|F0DavSt4d29@{^ zPoEq<-2d<8ad@%2X~3TjP8ttbC1vZGsdpELnIHX43v@80=|;-S?`hp^ zZLoi9Y<7dl=}ulK(Hi34h03Do*knQ@nl9BgP`|2uApT%i^j8onp(+K|P?xJoF z!tSb*Sn4pl+E83d_FoI4VcA3U&|JJZ1J4Fo(Xy40I4!@`34@Fhq@Xk?*D*?jqD{>j z$3Q~FA)IQ&y&(&d{Fmpv{v1y`|L2KQlTIU+kX!cAcK>@)k^k=v22URNzx#N$&>2os zl0+P(49RIm*E15KaYjQ(ITmC83Qr05I$P-7jB?OLfkuXHlkd3A75{;(2;1-h7 z1p#L&>phNw&K8QuR3^pWjuSGWA4wn&xBs@|AwhD$k}Z}Xp_n8nq!IBt-ph;2i<*l%{?7SAyU1#=j?h_*cJ}P5a^>{gW@Ee%{a+`&U_vCNw0x z^R>sXzL#f9+c}~iNjOKx zV(vSguhD75QyhjeUBERNBV(*BNP=Xj&<9obmu+PprH^@*O#3^X&ej(Cfu!i1#0;HA z6V~aBMkAj^oQ0$#jun)MPdEsWs)*zJ-Ifmx>+3Hl!$gaoy!YC z&P$czf& ztt4fTqET|FzzU(!eA!bkM#Cx&bTfG=jSYz-0PUUtVnCv(;ok;*c%D zORx%ps*)F%J-&lf5fU>AnX?7qNDufQ*_b2|NeLH4Viu7olqn^Tol0QADoM9RJD^w2*R$PUlFykR7Pk;+MERZin=WpvA!3 z_YP3+TeR5s_Po8FLLv;D3Q!V)C`UNz&`68~r*s?=G)@S<5>Tl2B0>PbIgTelQ;8Lc@TyC^)U!Z+aY%g!&iD;qI`6tWJ3@_xc zg8=n<6PEb!bIGyHs!6Fof|aL9$BOI@xRID zW0HtzjKGM#t^8=v+GriV(5NkQ{3!3|j0Gq#Wzn2Qbe_#op5eU=S46|xKvoY|A))-J z4leu=;L0K=WE;Yj6Vi(`!6}(8Ynl@4SQkZHm2GMrjXt4nx{OJ8h`Q$tsQi04-@52? z6TARdNEaj`oS!9ZOd3n0SE?w2vWSy31()n5xWrld14+9>^a*tZYcGJbZJl>fSKJD^ zLv*mWw}(EXE{$kParlyiczHp576rUJL{Im2QCHbH=Wh?h+X<#&mXLR|gzy;)gYFPK z9!5xQAaO*jFv1&ju8XcT!rKn;^9bN7NlWViD=vtVjI{=?uCeFr4$QGMdd7g~lIIxZHX{_r zN|S=NN8pt-CgQM#34EWunfm2V4OzL84cO3*v%a!yQ0_ zNI4=9fif^~J>T1W9(B;9hIOxru%HzH7>nR<_k`wcuM1oOE-Ub;yPX?!6albXKuLe zVjhc;rX9`Qi0)OCD2qW$8HAHYV^tSz(}|YUi&?z|c(riZai^{8VMuu@=-25PIzD}Q z&ZTn|3AAUr0CDVqYu#hAcs}M4rR&zco;F?7LZIVvz2Uj71Dss6(dHX;EN$m7(sde- z?i(}$N3!)n1Gvhel^f{SQ4mnc4jO=@zGuP`q>|5C`uSTUOyZ02^eCj5lNQOyjhHhI z4sBeYJ249$bJQoP-xuxhV)>2ckw#OoKvw6!I69S8+FIXi9yMGm(0dI}f!;5`AOYc| zO!GISs~WC98@<D3yV-EPYvQGIxPWF%KKi|~-E!F>yht9PKzdVmA zlZpTq5yTQSX96Epo(jf{BtSHBaH6+dV>w)}+L#vy|032FsPAz^C#1xL z-obsR7Kk?osmQ!GSWinTipmPxE!I^>el^xPO5>n#MB1cv{($NmU1)tV`DsXZ7dlOt2^!FlM z24{YV>AX^YG}!xr-pM@L;abZL%6YWyGtPcG1{O-TAm`B`Pg;AORq<5{2{$UjRhh>& zd~Kwbb_cqvws(WhtaW7t=d0I3emEyM_&K2|c^mm;WkObktLbiN!Il1$$4M;Q5=(Gx zLceUdCN#n!{oQ>W)xnilDwiL9K;4{^7Tj~Z@OyE>QUVNd7r9YbU0>PwtoC|%gTSO7 zVZ^gB3TR?P^p)kd;o`5rMI*_MItlCzIxUhe${~-dD!VJLE0XFnd1^`vA#vr>ArcXd zdUMI}rVP<}oUjFqYr>K_7H!_17&i?^(7#uLpB~x6xzKOnNEN{5;1$6}n{Q*mARf=y zb@URaxaj}`Gy@KHQNW_dskj>uMeW$NU^`|sMmR;_!;r=32D~Qj1g-{6`3(|9d%h^! z17Hjvr1a25t@#ZajWfO+v$f>{wQxB#hw8h8f-Z+#P{TDY9b?{>I~itr8D zTo+tU<##(=MMe0g>h1zu4VU98T!Q6n_BXu*r^*OOFn|l<37(XQzg9~=HHRU&= z6C_%!NW9SrNR~*npb3+A%mq%U6b;9ia{~7%ZAi1}^)6a~YuWb+t8i*%xSSA85;jLT zN2Oc`9=agXbol7(6a~!Zh(+kbiRewKeOyv3arT07bwVa25yZYfB@s!)8E6Z;a7_D) zfj4;8-y+dsffLznZ!zfkEFsbs8xEfo1ti5Z>m(spCD>k%$0Xd%J* z_FNg_Nb}xsiDX~{xM+fgTU0i#y*ql73N~0t)Kezv;~*gB-fXP}_b>#7sScxAdj3jj z*(!tJUuqQM%59IrgoSOerE!cRul8pc$T^7ulC-U>8+1V;4hG{ZZG0RB^41F`+iLNx zL<$sKqE)3@d_|+HCVBU-#7`Zz2we2+1lGHaZBQ;ek+_onr}YzWDHm;nCD5(|Hh@>< zru;@iLxAfi%P;mea4F{gF5!}^`B(?hUctCa1|(2k9~wXth1)8>k#Uz6&dF9AP}YPm z;}2ZIT#f3n1(lZaT7@HRn#m@(bU4!zSht)?dAkX-DQy#!OSsNtQAL+Rh6Q25A&aI` zZKQ2Tb@`3fm*Ce{QhVGO$BukeS(VYYreCv!Wz!i-<8bG8tcw)lha?fJcm*MT6)s)* z4uQ&*F)5wUMlpFkT&A+K{6<`!ak@KG2~z6my=xv-Wu5jQ;dc&K8^UhTOH)+I7-|jl z?i8*T9^}U6HVo6MG!2rM;5h;}xZFs%v^OJ-TI94hnhreXC{E}cC(A|^>4tFG`D$8k z5pWK@dU8WG`yGahki zHgK)!tW$t1q!Z#V{gC{~SnYKPsXM1Cie{p$whFjNwSRJ)kc*VX=);LLP-+x)q?ljv zzTVWN7qg&eM0b6hrr4kLW;hB$lJpFeJ+dHC+TRMughrwgPeE?n!%@(S6T(v#>sowA zBWNQ9vQ(2d$&xjKv>|{?e(XZ%=(h|n1wyXqHJv6j=wChOJ=I~;0K7m$zf@G=YVf)$ z!&Q_YJK-95gKxb3+ews*a5XqmmEmf0q}q_c7vMT;@S`fj)#gaGp+s53)oN&!!)1y# zw|+P4zSTW5hie6&%)5h2vR&^Z`ddc6ry&7p)~E;W%=q7VeUFC&WZz7?!uj%Z{~vNEi7a9tehOWVi^mku#0PD(u;`l41? zY#Vv&RpBzZHY58ezd>>(8eY0^cvrwedE2g0ZUh%grqoR54LS`pI4qgsh;kX2Q!MD~ z8TDn15o;p(jAdbv3x8J)kI)L&goXJqZ_q0?r9KXkd@WXp1VEzF;wFMB@6(uSmuo(nw@>Uw&E$uz(#&?ZVfA*TBGZqxo-tv_g zLndSV1SBPXnx7^rXbtz!&orH(pO4-h|5!b|0*0{qrghT0QlfhC>g41M(NvZL=QJFK z)@da!|0F^@BqWC8;OU-V0az5sBMDj^mAHv38ovwqPb8rer!6v^+MsbtGHK*^MPrnP z5N3x?w9G_wCoUBT#}xSxX=`0gbsfUtO6cJ3;aX`#ToXD)b8%z?uB!A?haj@)s3L8b zrgXa;w+Tj2VAlc)+JcS1U4huv!B?R57HHoaVy`c<0H6kfg_73#EDRx8nhoi87J-wW zt3PFwE1Q>hY{~`Sw&Tf|i{SGE3pqD}hDF*>=W)Lzk8K`RF7_CyQN5elPQleZ7BY4P zE0#vN&I#nXOvS-aCk#(%q}Mkf3iSDc{%mM%yc){PV07RO1%=>gb`2%)wc91n#;QOT z!2vKMjf(+91X*g&sayyNfgo-K2dfUVZcvgpHLS5=HgaYe2$|&SW8%{ZCBbfW#@sxv zoVy-Oo`6_Q9Jf^I+m)D<1bN&py5qx%}S>Mbr;SgwAJYrMtfa5+!Yw!<`sXQk6r7r!;~ zoX6>E2kAIa`o9=StHq*|WPAaNVM8RS;rsJfMe)Y>Ss0=$3B@%t zFJ4l9$+}=;NTMKSG)mz@Poo99DwAI^xjG7`Sc@vwESQAP7*B@>dwY8js0{~m8uiV! zl19_M1#w^Y+8s5l)himGL#e_(0wN?;h?FA+=B^;X*J{P{lmB`7{`?hCAMy9=lXpM9 zeOY4?mfx`oa2PX!I)&_N#4xu;xV1#94leh_qJX!ZWe%X5d)kcH&_!I zY)_=a1#9KGwLo2AZtGDffm&s5p=7UZhAp^OnA_XIRh(N1SKAERVVHC}K%Auvt`QEg z&QX@K+!0Mj7E&oBQOd4JWC>R8CQPA$tJc)xrj(7 z`;Kt8cDEj0>1jxKdJllZF)TxpjIrM^^NuwjSUCai`FBUh4chY!*8sp}n1{xYR}wA` zNsT4fnFB4#8Zo?{in zJU(d;Fs4?)84E6yg@UyGK-<7#7Z%j6KwgwW_Z-C}nN!Yzm|>2tNhnRF-OHo^*LzNm z;`k_;*Ttt1_Ys+zK$k=EFoxaY0M_IesEmE5dF|$Kft*TA_IVc8S(+52Rwi7W70v`! zpk4mMFSW>Td`fUx3)}@>D_r&l*&HsF8lnzIFTnuKB#@97G9~{E(0FM(nJ9Nu%g6b4 z;(Qrk$dzK$eFFZRd$22^J>>L+3{xa16T%ItpCd(I9qyoPZ=ws2Dh6|2sl3eNhnoYc ztpr!2om>rEDW1ACzc*;K7RVq?Lq4phT9_X2Avza!6vO3 zy!&ZCbsOT|pyMnNEQWto2;orMIvV*|5<)@V7k{p0xl;#Mg}}JrYBIsSL8E8hvjcDa zNZXBYRSa=ma5b6WZfJg62UjJigA1-E6Wk5So!L=3B}M)5@V2O|H_jHhWU>U8z}NQ3 z&bBM%sts8pQ0YSXTILmOIOk z1D10C5{Q)R%x#j!-Hl*C!v(R&7uYFo|B+pz2^c#?X}CmZIhvG+o%;zkwrn?OG-wVH zu?}4IVRUcMnbxY?-PgB{M*TTS6Y8(Y6*=MJ{*1Uq7B}buzS&oP)vtt9oIpjmW@*~s zlf4#PX{cNg9qX$a|8yKO|H|BgwQ9`3bq8_pHC**>SxTLgU&c%8K4(Czh4(h!pHfD) z3asvV6l>?5Ob=B$x7Ayv9<)>_a=lS5Fs9RXAjtQy?$WA-OWZleB&5-_daZj6tLa>p zkh3kXc5xg+WGxQfL>!IDgn_NllyDhYcr8b7dEF#Zx%ngIf_W&1(X!#n)5x(fKEGKD*_0Y>Jrx{aHu*%| zlwn&h7ga5or3_WQVlSh5Fx^+b8Zg_Oq*}og9JWiIYKqi>>Gqha0dv*lQ?+2Wv2?Xy zx-(I^!OZWq>q4l(JPNPzvMC6!YYWv!p1M(C%t^H9EpQ@fbqVs@fZ0a09bgtE;YIh* z3N`~f|6RG>>R{et(wn@%n!#MfCCm-xEwI^?4WkLn9~n=Ps<=9gXr=SV0cKNX!6q)}r!L`7A{P?zOvnG6I{VBB0!BYmaO$6BhrYl8Q1)Fw8mWHr*ZD6*sxGi8-ZIeo1 z0(cphqGW3YtO@4xz2}YM$p$c83B;PQsli=y`fmqjQ{J_8Q?9KF=1N94MKBeYa^Z@Q zYa(1gWL#}it?yV`f~7F+<1id!{|amao58%rPH&1%a8vMUbgffoT!I!<-D(RpG4D4h zGW>c8Naf^(xZ>Tf2#Hq)vyG{DfEkhWnk83~ocE8V_r|MTJ&F$=cc zUvxc4o!iF&KX?wGsBC=|amz~;g&T|skRMVLFbFX0vnV3|Dv^3_0l$Mvx$yr{&}*9J zX2f$y+?b&ZqYn9XCH(lHH-)WnQmTmscY zT{k?UdD&Vw?{PF56_Lays1k^_)A>oIC{ar7Wo&1ZuoGag1YiN}$~a3Q$-|hXGqA@2 zdp0^JUgvazB0|AlrjW;_P#-7L3=SU3(UdMoBwgU4cgjtORIg*^s#k?wAf*RnX^2z= zR6r9L_nrYd`U{-&Lps)2>D%R0x{aYyesE`@!Wf3;XHSbwA+?KK4+IBqqi{KtX&Nlx za*ci~e5IlqVMEllM@3R+5i&uZ!3j+qa6l##l4ePS{^R298#NK( z61I$GqD*x$G27o^PM#hj68S73ft>Pf;!QpD14$B^?sSe&M6OYc6Fes=Nze>)G$te} z+AU>C2%FExTlqSm@yny&jT3T~Z zGEx#~-6Gd#I)I)s6i|KzhXdF!$c9v=AWl*w4H@#zfr7zTS0`$8(01M-6iV~X;P8|9 zGDzrj)Qh9DQ|ZL3>}gbZ2!TdunhB-~tgQVRnd2e)yIyBYmL*eYM9y^|_dmr6`<3`< zPtg0%{c(aLe@1x!ll-ekgU@|vzyC@64}L4Of2;VVViRIvZ%gkqe3PMwE$;zuNy^be-c%ZA^(O(ZyH$--}Mf|8zG7aj-*m$h=~NiH=-o z#M&Q?A={+C#ID%BpCWMO8bz&B%uqb(P2s1<==e+HASaQ@XxXvmhrzGKs zWzsE)MMQG59jxw@SaH)5jQW5(9yngf)ofKrXN(gYB5{UaCp1k-)RE_kj6niyGGvJ> z*k60-ScXB;o3GTAVoXT@4M+*64DQvjquV7a02m3BJ8ybRK;|wq>z0IHo_zBYub$gU%I=f?*!zsWT@j7AKrIyChpE%`pronQtVdL`dqG ztAslmqVAyE(T!a_=cQA7h;Divgg$tl_lr5piaW*lnm2D1M_dfES0c#Fbo-qWQl83v zV)DkY#9CInV$EjLnL0t$0wIBG|8#2i4{F^%3NI2QXUp*YQ_$w-$|hUPc|>kxrc zYj@=a*fk07Gtf5IucR_YoNwdDw?Y$XZ9_v1BSkFi@UKk!&#*!AkKB?e*STaR4@KgXj<(`)^@%}VG1HrEVf2boQsOs=JzeSl5d@Hz*^39+S zq2u}9^Sx>rWI@Iqg(`nTe`=eY>ylbkX;(-n`nrBt)I3WgVZ2QR12o6ZXRW>d3k9sX0I1j) z@@c84HpMZJ$WN9r91pTGSPhZ?sDPS=TzA#=Jg-~$0E&#pkN+Uc;{42+2l(!{GV_wQJalR<)B7sqHMg19$A`&+8 zFaWHEO1o`ojkmnkcSbW3&b5QXNM3TW#8Ms+r!2pgM|y zLOBBk5l!xei>idXYGR%$k~`+-f^cbk+ssS>R(dv8dKxP>CuL^KmfE{&^&}0E%nA>& ze+9oY8Vt>p%OYDy>KQtUDY&FYytsu}{#y3+TJW`Rlc^*#lwWFLb53nJiGs_7%xM&m z#CorsT>Rw_4dijF&a_K08{vXn&I#vuN^;S^0O5iVG`h%Q732Cs>EFS<(*)l&T6wMt zN&-i)KU2*(mL0Hn3S?P*Xr!t>jRlP!qR0RFpa1z-vwrM~L__rWBl|ek@3J^#H~_=q z!iiH5s=@?-%Bv&q?U(CLq+{ajxoT`dPo_Teb;W@>6n>Nn1`sP5GcZLuL1Z2$WI{ip zZM~* zs?Sni$oVX$dr>t#Fj^g=ZZxIQM|lLppITq;6{{sgP7;VlX22Z$dr5> zqOJh0+c6qOLmdA5w)gc;SwVUAoEybtKo*@Q9c!*Yb%)Z^=f;*K$Kr!NLrlr)LJ%BJ zxU`a~=@Z71=g^3DI&h*ZSOsC`W*K|{!LrF#cWXjfaH{HWfgn}4x}$bKI4xUZT=1rL zZlPf-n0xFPDe?uU$cM=(caL z`(2sh~5^~I|_=B1I0n!ZateR2nuSyhB)_%bHq8h~;bdU|NX zZ}z@96dbL)kzBCzZ|ad6;G~z^xAkG~a)+^#+f?P>TA#hWy}hT0hw%Tsy}k1P_xASo z|7~#iEr1$xX$pSde0GPY4qGP!y)#2KH(3Hw;Sk>WTuKli+Wx7P`XOdbQT zAhbpnBWydoD&FHPqxN7PE!lY9~>M!J1Fn}!^4ODe=pA#Qo33#3lleq@;>l7wng+mk6yp( zO;|F=X{u~wMS+*Z4{<{30v1AM0N{&t{66k=I(hf^U!b&WX! z*#$QGm7*~CCENf7aGfpWxLsPt)jpfgvxuh4zTSiKa!Cjd#^l-4r%w+DPrvzQu>Z|B z`+L4W!5HI%J^cKM|Mb~}JRkJ)zP4Tsdanjg#K4Yiu~4To4cQonipHj)vNMQztZ&*S zCLM0@K)Do#&dHSWG+7Q&w+jN@SAuRj8T`%`I+B_=HbEC;t`u!NO)!nbWh(*A$F^2g zj+ZVBy@tE>oJIlfb7*7-X2Bu{CjT4vI$NDB^u5xc==k&EWKa}S2cH8Ct&tGOglse7 zU&%`!K~&O9Wh7|3%Bc(4V{Uw!=F;Y~vxRW9)RdN&$IG?&DL|OZ{Kd-QdyZoX_uEMH zEu~q|=x!l$wKS~N>Y)Mxq))y=LqMWDd55&JwC;xFTGo_Zo?1qeb8WktfGq)J_e)5C zwgZ_$QZyf88Jt=TF9Dm-on18!Szq_9&9$jgxX2#gFc1%Ip`IA8PBwz&JymbYUG$^) zDYsS_E)nKDo2#5N)^rL|uo!szd){76i%NHldc7c7_L3~xRpzS+SToseEzVfLZqAqY4gKlRFAvG~W_#5dUZ)Yq?hiI_3|72f%P{*q-ht%RXKP&qw z|3D+D=(xC|vCIKlEt7FlOetVn*XSKu3EK$U8t5zpWsX@yKyQG-S8EK5Gq?5KrXKMS zN&R4_V@eNE*ZghT0;i%&k*tLL}?2hr9AXd!K~L79qiN?p?|NhGuLQMKMER;M^w{Ibcj- zMM|e*m@S2E=Y&b@O%pukI%b~KO>#XS!;W-*BFgtz&#pAe09?l`&O!*qog@7*Hz?-H zP|7ncS%jV>2}{7*26BKY;jgAW;6^e*-cOReY9?4~yHsukP$4NFE6OGP-G$CLjeLSA zKubQxGXJWwTFJwAYGNZ7gjzg?JC}A=Tyf^2zdm|tn0YvMC0>T;)8|gdP!iYrHM=j5 zRA~CqTnvS{usqGbn7zq5NX_Xt2T#9&7EdQAi@=TwMpQQ61aq$QSH>e*GERDGwX#<; zb-hoY47K?Dxd(;4PoD%~iaGYl=g%Hr_?{Mng64Pl>60uc0Q>w|ZY4v!=PZyCXnlq& zWQt==5-?-w#j-T_lhc{Zz#k_EJdwGanaQFR61;#3j3D5 zHDL*OQ44NCCyUMr73jH7&qVdX{xfgS+w%spSyerk+#3j08w&Y0sk4n|GfrL^6}#c@ zN-QEwo3sN1TCdi@f@1XJyLV?79dk}e+l-gYWP*bc>VODP2n@`mF|h^Me|Is9vb8qU zqJi71de7IdQ8JSei8*2%wX^8p#oZM;-2W+2qZSvq40{hgRt zw|Xi%tDeBC4O`pLUR=B~q2MIHDtoHu2h=1P$50l@1twQ{M8w?SWGREdl0>Ev5o~iF zKvypTWqUDUStN~sMfsOBQR`mx^F5WxM!1!6S?pL9f4xjoVU2jI8J)N*#lTsfmKw>JmeUhZy)6_-YRFIvG zLWUf$)*A#h#ewlqCn&Axih(b3td>guhSH^VPXkaOl> z#)@B>=!LWl)ylUVV94+SSCWogKZOuZ0;@WTj-KW%WbFeL+Xd1!vOo$;?2}|*Gh!!B-?5T45`FE8rW{5s? zOO?BT2%p7EK?h`T{Q91?vtKWy;{+$m-ZN`RHFnCc2BU6CU^l}9hOm|)3l0|SbK1&(|{P-V0jqVm%kw*$4J zt-TDcqj_VtBfcdM_cS|)p)J)8S1dolskqf>iJ&#Myy3^(3a6*y=W&%qnD3fgjBv_B zXW+Rl&Oe!B6$~okX@Ucj_g7wI1b>o49GxMBv?d;iF#_1+IO)na|o&X}aQrVre%Vot~q;|qWIRnSG-RC#BVaS02ni@cpuk@C`& z1ya}OP;oJpD38<=)UGgzbqPfI=re5SSG;FXpHFmkfl+QEM0Bg`Z)fFYFM$fJb$|7o z_i!A;!q!Y)?KnJ%5qH7Dmhw=QR71JO^}hnTB;$TB*peWvgRH{B+Xz=hRb~wVcI2_E zBJV5SgAG@pY4?FXXSOj3pBsnuW7-6lD*Ogo1buw0u=$IB+bs=WVg9*%ddicFXHvx=?QuTo)R0V_RCyvF50g4x?@eSp&u4wwLQc9A7lv|7EDE4 zSl*thEv-v*l|6}>CLlj~Rba84L_xNIwqfzrHM8SDsQb^9{S(ha2dz>x`b*0{{?(uL zOvGAz@j}hv>s&>HPcnm!eihybrWR2^67(L!kvp#(W5tq#qt;l>i*iOCx?+oEYixP_vf#~IJ-K@bJrT&hwhZ5-Cyd22Xc87Rqgr~ zAkUN4Yq$=kaY3mTHCtuwbw7z*iHPS1{uh0ac2<}Z>gI^ub_O+nd*=<&IDdlW4n zmwjp~-!~+l+6t{SyQ^6exu1~j`OD_5{V#qM+i489IDgI#>?xB zr+^z7)=c`NXkVrtn$u{A_Dm3wIsQ0APoF$Fc+x>=!X?GJqvmv2lykKV*lE}45nNMI~@ znHocGM5>*NE-qe4>rrX&sO)LQCDI{hcfwr?D${nU%m4b)oa@7L7tdz*ztwz#TkJm$ zpFBM*$NxBdcKC4ryN~C~-2ZSKbHQ8J)Utx+SPe+F#`4Co1zGB&HXyW#*B!Dw4xPna z^F81dthX8YC_|GDQCF!74PUet>TDxJ2a{k`GNzIR&AMa=wC$dZc7{`b_Ug7neJY#O z_*6|=6D6KoBl5XnkQB1C34sG)+GJW+DHu`L-ZxDxN2evU=?H6<>7z9srvXl7EH$v( z%{JeU3ngz*x$Oe51*6OwSPM2wtAcBrQ8hwq7i42z_errBR+SymVPFq#Lo)bpp`TilI}gZf1xe6`m)ppq&!302#Zo-Y z;mxgL&5K;CSgx;%+O?JR$+Jyg?1o6OI8LTkRKgzW^(Mas(ThjhKfb+qcX@iYQ}_m| z$X=F&FCJ~5oxlChe_p;nf3;I+-?6lmjHyWT@Ma0=$wT~~u8tU5+*`xTbK&p7Gj(Rv%kTGMv%3bbnZ zsy|#AE?uI>uV~y`K$%;E*Cvp(I|hfsp15$mfb5@Eh|Ye|_E3=o<%!sbinj)_blo!0 zg!0o18IqNUz+21JZ~f`TWL~LvMV2kqdRN3<)yFGz+VgQw6f3k)Gw#wW5-selE~%i} z=NA0{lf~~7Hn*~PKyFMD28H0G)_WOQm8Uq(xF@AO8&L%bn;->cz=p_0NWrwOdGw}H zO}DBoHyIB}dlI`rtsppNQA$3hHeNuQ^@c^~jHTtwCYGoR4fgi-%6PgXkq0v2XY(kz zMMP-2D=PK^nphxKq7oNY<1MzEQLfl!Z9kTJ<$uO)U>*I8oyzh`W?8uX0q9 z%dT5##fS7ck3JoroWHyL{`A$!<(s3|C!ebY!NUI0r+=LMv$2?@m(b!-rA@1J{_W!J z`}5|Nif49=^v^IadG}M&#LrA|GjL<#x84Ea9uZ z#VfL0slh608lc2ZI4g_nn8o0|Xi7`}=11k8M8nq0cSq+xoV>HwtRFinRcfG{o9YPt z*_;LF@bIv)d@bl2eG2jt+5vF$&JB0DO1XR+)b+*d@r^4OugtE*`B5v@s}&u!S~0&$ z4JV6L+;>j4qpVxVBTq;KutZ)??BFBXYD?y7YE>(IFB)?2Lj?k~I&k@-+7LDstHK3Z znPjaF-SN>~V$Vd+Z~|Fc6;&YDxpZ-qvCbp z&#pPWrT$Ou)0M10TkSs&4iC%vzbAvigZ}Scp4;jFY_ckYJ-`Lix|LVlPwvC~v*Lo) zrb8-vdHwZ`KOH`3U&`q5&gbF}H+if;d>0mv4mA7;3?3a&-L-vR%XI#k%pJcxHdZ!v zv|rxF+R>QVDR#Nt>hVqt0rT7IofrbvG`EQ%V3|j=Dd(3yqyNZf6aH`2j1X=7-;={~ z{+Gl3!Gr(Ly*yup|I_AQ6^pLBBiVOgsntTWQH`ON3{qf7`r1}g_1)fq(NuloMVl$q zX_2}#s2|_Y3?EX5`$#AX&t&Iw#!zg(`jf_Ax$)Bj6RNW;~#q?kfCj;(bi!%^0oSXqIM3Kmu> z7>uKsCe8^fbRqiBHD-Zk6F7hipx8(m6?NPN_7{NCFZ}7Ct z|2-Y-?LF{+_wj6I|6dGLQ*{HV1hR3mgZbL?e3lRfMyLHU>C@qmR-k|_!G!(*N>~%` zsFoz=xm(buPwnklA&MM)=&x)HEafl{NDWjsc$ddnQS{d?(5teqHfk=ajH?kqIz^B* zh`V#Q0WCUuWOCFDU!ZQ+;=Cf3qHVEwPC4q*Xn{j&MYB@4-9hWt@N|bN{E1_wn<5Qn z@THhc=GfcTQM-;IDW}P;R@=vmuONnaHNAuC;RU4ZMB6F*56+_c(d<~*vm@k~vAhs% z6j+-YjI;!Vxf{;rPvNFh%iHJ#OslXqD_D<*l&2(u#3!qpjIYf3*Z@>n9~~vv6#%V_ zpB-zt{FV8kf3;^l{txIPPDxKC_v`sd&@KgR;r|AEPs{PYp9~Hj?(^xwQSaZcX#8b(OK5R|X^6V-W;(;ENdXZs!lAPnUdY6Qm1fY< z*{Koi8bYfx0iIo)sl;+7C6FSqal(8;0zsX-MZ($e_m`gkRrbF(BjKD*BbJa`_0hKf zpBy}?dsmO_PbMngz`6=VMjPa(y-OpwN9k`<2ljD#T) z`&-I&Xf)kL2?=pZ7X<8ft@k(zI$J0rQ<=GJJBF}FIz#$@+wo-jJ{Cbu0TPM{BxWIA z$9s8kd6BY&KwjhdoJHuT;|mnfgm=6tP5bb#1i#~re^2`GuYNI`_QgN?CtpPUyrD7n z1;qm!;m+3{zm7X!dt-dn`Pxh8;%}DFY3J+z)7e5l;e@h`qtllsyyL|Q`<3`<$D;wk zeOWwVzjnL@_gO&tUwm_~@T{``&rgnCzCQ8h!7ck}-v9gi2j%@gcqT}~!~VaAXRDG! zvC}!yIid9VrW26s*B^AwxnH&&3Dk9}HeF~(rWoWTHi?@pUGe+O-XPR*tq~j znM#g379m{7#Hg}VcRHt%E9K}zd0>seszskBg!HGgUMvV+UsJw*xv3ox*U6N~71(4J zTO3&lm}vqAdXG7ZROUr7NU18wP4X<`6)3KRPB~t6$qiyODPi4QD)u#sZ|TH0VsZ7vw+{gPjD-=Y5|=K8aJ_*Y;lhm<2ukqo*!jJMz*rCL}@$ znX?56@=VMY97kuTUZ-=!5f;~|EKGON*I%nkQr0xIufK*QRDkwLLio&xw`hspOH7y@ zxvNsniYX)?W8$YO&ooIUESXCh)Ps}}3W72%0unr`y{e9Mn)nfj>qg?rO2s9TOLW8u zSqRQBT$+Mul97?u`Tzc(|F`ok`ugiPEG5IQzwUgCP79Yum3vI^$4k?UjCdk9*)`?} zbIyDUD^s2o(NbJQbMqs|%+Lr;@PZ}sj8&Og#!=~|ioifxDv}BpV-jZdBxm3GW zslF8hIAXrx;w)*yNL(m&QzNuZ79m2}lnZ5?uqzTltQcYkkI?Y)%%4f*PO=2Ds6iX@$dsv>DI|tYA=e|?Rsct8IgWNq zL)b+m^}QWWV9MZ1u}>ULNs4%y`Bz460FdpXSiqT z{h$PVhBYfswVZuQWh!n+ z+X6GB3yX6Rvb>N~kW6)=RWqr}Y}Yc!HciZA%50MWfR%uAOZ?K>ip~u>(;c82^pbEt zp)y1G4LbRV=W$5TP3H#n#DmoTd&OT+U}QLs5xRi{*m7E{j#tp6Yb=%ViV2ad%t)mq{JRQo_3iNQR!`sNoQ!~I|KQm- zBRQl>&PxrH`2dm_b@1gI^ahQ(-H}4IbScMSBdS#n-4#*ow$&OzJ2Lw^zKi=ve;l%L ze~tyY=)Yus298An;y#Y4HxIUowuP?yOXGFL;=}dyDt6VruVC2AIZ+b_Q+{_rN8)-E zm~kr*WHTy{QOXb`>1P4Y_q1U?lm!Pw#(`Rr|Cej4xFn_Bgj~76G}O$8G654aawPXP zo8*RMidhg;T-HK}tbJ0o<~<%lkNnV}VWbJ7~VJtc|4n5Y@=+{Zm}K zcFa5hO-^*LXCxukPLy*IXXB9aSy`6S6Kj%AsIOOvCs-@lEfD=IOsP0ba293Tsc=}Cw94b7Y7)ze}+2(Of4qMIau!%V#jG3h~ zfAHte%9{=x6skFnKY#Z4!q?gCJc#L8b(v7s>)laKi$*!r3XhV;bi1X|*1MC5Gck)p+VO^B2#DALQ7kU{RtkvbQF-5eQNhv-0Gq6$zH;^v7`Cy``f zDsgoLt+wSHif%8cpm{o~5!YlF2&EbYob`?UH$@Z`K%GwX1y3yZ-O5TcN22I?87e&Ub9y2cYQ@KM3TbkoVOIx(8h6K8MC4b?X0u^ua&FFH-S5`oh z)}>xtyfPkU$e$7aiZ^$sqO-^&FqdK}s*+E=k0Wskg5{06lYlmgav8mb1W4Sft-vuj zLZdcp|=coD~75jvl!${5DzUxpiv!m{}3Qm46ZsDO{}jk2x1%<5FyIf5dyKZRd1dXW2G3t0$D%L2nc;FvZOh&mHChwGUduc2h_^EDq~VX zU*gr(;e*CtJE-SRkr1F~io_W%ST%#)9clGSZdmRT^@|c$&!qrYYU8z~4mGS}DZZ_k zn>Au`3zicMD#Z=pmlE=-xhrf=)&d`Bx5W!@Po*5fT2i8PCV2V~I7ORzJ!3&hcpz~R z!0~`1Je6eI?qa8I!X2qI%zZwaj|qrh;f^REvS6NJzAN}>werADLLM-7wF>85Y+;2> zRmG}JVD{>Vqf=by;h2;c5EV(?AVNt6B@4#PN)?>9APVvbtslcn4i)P$;qFqY1^M%wl4lw!xbN4YfEqo7Z7<4t}u{Td4&_a2?NX3?9ge@*!$$D+=bMgL`-zf?bGp)lMFV}2c%1YREuC9awO7A;E zd^CUleDC>Q0hHU#r3BDDmDRuibrYF4BuQ@R+FNRIg{j=8lbns*$&q8>l$AS5jR=GU za(mf};L72$S(Fo9khx$~eHQUF!65Ge3wMsT<&h7w>X81t27%6;Mgi}0Xk-VFt>nN< zJP(bh8u!rmERl;rFmyCRF35I^iZ^j<61+d0N`z?Y?Pp0MmQ&Tr<1t4I*`y?!goDOH zNwRr)q&bHm4vs6bG$M^Tj>S1AdId`b+1zg7Vh`hl6$Qhxhb@(KYVZMxjPx!0|Ji%n z?zVAcPyGLO`6+Ov^tF|1QIhT0iB6|?J&wEEJ4xEdPS4yq+5BUOgd~nBf=y6%G;!|P z_xmmPlk7ni0D>ea$q#Y5XUrFgMdG3GR47yx>X(Lvtxl`@Atxv>jM~CbpE1G`*en^` z1PtdO5Xhoqn!@2%H4Eb*b+#1!nBQpq(ln0H^vAQ1Wxkpup7-=!ln!AbOMy*_wa7Q? zg6sEEw7R}vi)$2ze?WOS023-+1G|diFrZloBS?dsW#Xw%JnxLL!t17RD7y#0o1(A| z4h0$!zk{*RCU-y`TqA`fLjFfBn0`oBL7r{9UGEX%kwZ!8N!~b zKx2lx_hwO+@r;GtMrK7wyJF^p0!dCMxC2)A;7_lQhB&W1ub@U!r`R15>X=)F8r8(AsfBKCDFmn@{EmJjf+^E`JG>ZC5d{Zx zz%jsbMvP`Gd&e(WA`e(dNFEFH>4IeNs@*oG+S$S`K)=&@3K}y8VL+l}f^$@brOcw>)bS;fQ|FQ*A=q1TX1t4LjL-8S z8T18ux6MV)XVE`Uxrj&Vvpl0Yn=D8K7Dli9wwU#&9Im?m3ZEq#uz%}7M4x_5=p~I} zIru{|@H{)1-xpv4f0ez8?x-0H_-w`!^d88$vZ*f&D=3^LDXQ$XhpJ?j0xc>ci1=JU z(ZQ5QL2>V4E{yl2zM7Fq$rO&YNx+15Ce7vvn6rx&quh_;NHR_++mNz_uC7#&H&GHv zIo;Qeydf{#+Eh!dZ1V(Lo0l(TK15Eo`eaKw*>lWfV5s1EPox^0@}lNAQ<=p|0#2uMk=#F* z5myNQ-v0tf&b zk2SccORztpPx%UC`70L+u>ghuu;qQ(0VUunxkUi)`^(kKWWuo-DXen(+DzNZ?+RTY z0Y0e$(A81vpN%4OyydVIZEXAndkB5eV$!JMVtNBcmGN=<6^^bJ=fYy6 zbY|k^$7HjAjeEUaz@Ik!U>H7Q`J#4Sd3c)3Bb_`K&C3)PsujMKKj}9lv4Zh?Xx!n5aZ+z zB-I6~duR@}A@2`Lf``3qT|$ezqa*Du9&Owqyyx$(kIr~FSb*SkGEj4vEMTHg7L(D} zxqs1&iTr8~KGJ6btwr4bh$LX-HxhJ1gP{1y62u{*i z?#F&@UJ>1)aL$gN{zMA@F-~?}P849= zjV3ql18?f2*ey)K$2?#97ZvZ{2T(yU*V0%_sGv<6Y3Nyja#8231%bU$&55A~Wtyw; zS9l)ccvZNqyxY!Z5Bh&f128Itu#AVh!rG|zNkoN;y$TH4Ek8+)G!IGziTPX~fnWyGKFD z(fZ&V_)P5UyPB2JXP2=aPh}3+{syiiff3jLLz~W>r!`ILCdyz- zMUl9`OnlSANfO=OPuxMZh}NHvjt}Tc!99E!>WMpjB>)~x%yrO7ik*1Gs^4Qn&hhdO z3Anej;Djb4uSR4HVhS$1CW8@mc;k>GgA>32*22c~^!o>Ie0>Ln+M!1?N?*ke;EQ9n z-qZ^4&0sfx>@K&76zI1{r8mx#N81MowTMm&6n8jvpsiNwFkY3ZS#o3EkG@oHRk8;Q zsCR-;w|TUE_b&k-0S3;`!bq&ci0Kc84E;iM8T40rfu;;I z{!7OfVth#Bj}#cKNbwByX7&ziv2>j6MOJ+(Tw9Q_@qZ4Q=E+;gOFBrh(x0VT@FV2u zo}HAKhbX_BGsq6}wZ9Gr&jM#DY71pkM_q(7Zc+XfYISiZFz)=7EcDE&_n41~q>dXP zUcH5ms1#%l1tkgi_-9!r>t5D{ZdI!#hh;&xBTW@n#5k=>7ya`Dvm5sT)D+hKPFEd~ zPsCXb7DGB8vNR@4xeexz|D&YkKm85A3ee-NWAP=R z#)6Z2t>0~fidr9y*nV<+OhJP(vH1opz=HA^>7#mS* zlUrYRXD9n(jHTE50;|cW7V#sFqTTEC485r)o}Ai+G|XMnX-PeBIYn%_-L`&DhxJ6h z*hBAMPzHFM-AxY(;#JzempYB;vt?vs6=^PoYWsW~^|ODz>dOsk%O5AdaA!^jm{aR%*V^~ zIdPkB@-zR17ir(FjQ02Eum%4?{bH_vvfM%Z#BAIgBVKb5V}_Xl=E8n?pZ$hQA2!0W z))Zw=C)m!1%yFO5B_XCTd>&a!VY%F+^Cwt+Rkb%a4?_ywM5}{-BBO!MZ@9W5?}k*p zbH;=SXMT{Q{{6(O<%k1A#MTvu2~shS61g>k`->>^U4GXSG=6>4#i|#-K}tX0?kg9{ z*X#Y{A?k^c+|miXAdS(0_jk9C=g+UgkLRC?x+85t;K(1{6cbDJvESE*&)I3K&MaaL85{iXF@f-CWEDM7ampxr z-5faZaV(w2HJXLGJGXotJAzM+Qm4udT?A9~nam~Z{o-Gu0!~r@LM1!B4C*1U^xXnB4V~t*@@m&NjtQpxs*?~>%^d60! zq6FeX%fyERkO_s6M);N)BC5XEweYgx4{cSV9J28!aAnE#5V?C+aG7V#b16Rvt!lMBSZOh*-u%Pw~q)KY-LAVosr8 z2E&pSE?O1)4{ruA|L@Yp7w1o-mJ>F>ui|7gSy7wQ%il0`o>o{Jh_b~-U7UYBCze+g z$4MdiSDUh(K4%xWlnuH)RWYZ1nZ=n4VV4(^iBM@zYTEH@87|!=;lx_!0QmzP+^m1n zaYLg`_?2ZEJ10iY6RnIA`{bDZYRluWE&JIy4p)s`Ig?ci$EmQLb<*=nsLT7U>p-+6b|#Fq<1Bu|*6Ez?v5eH6p79S|%)wEKPD$tH4#R+wwF0 zwmthD)(q=`q@$s$!wD96&5}!Z$@KD{JC|ECB=aVhfR0eH-s5x~fX;?3kl2(P(baQexs^Ml*t6 z15LGpPwTdCT3rYF@5C5d=GgIoEp*Ldko1 zL7y}KsfNexs|E_~OK0q(s$8~<4aiu>Vv%_{kq0Faa#;t?g-ZgRAG)cv zWq%n$Yj~ppca_&%!s-nAE9#o|rVEsk><(U4sraAPIjJQY;o)Y~7iFX-W{%eL1G{Nz zMZd?tWJ*G;RRN)DKlid#L$zX!L~CzeHNMv`3sfXv2k)}%1SavtCSbx&Mslgm6;{Qj!yIR6a8|eM1wO@i43J8uZS@|Yzap= zKB42;=i@Y+AZqTHEmS+`HYO!v%yv%+ADDPnQCB01Q1Xv`{c87>?6E`EE zV@QemLZLEWW$7|av^bBqDqKc-0xKkPO%3Z$lp_>I!dM2!lN;ReuqK-1M4IRZNu}SI z$TmX_79hpwn~oD+J*r6i%`VhtgG>#+$$E(Aa^3wk zy*_)y(}sR1@Amk0*&p2S_IYUiPBVwv^5I&XX18&^xy-PRmw&(eC_r+32! zx?j)cEOfet8qHMO@2t3OthZo*(9u@>CCf}AHf&c3)!Y6!e}6AC$o60$jLx-b>_c!b z$lDM`FJcu6Vbrm&SZ(q}S~K0C-8e#ncT^F}Y8-)xyx zQ{SDcso&w#>usGJ>h5iFEVyM%p#RfsYh%TfxL=L$3>tNLp6l;`zrYp$Kn!1^XV_L4 z)i3p;kdbQht7O@-S2~}&r-!(5(+OQ2m#69fv(as|y{371+Xg&V_%fjI-UWR0ynTLl zS$~9gU1m#ughP2%fQ1TwLK?gz0x&oG;cM;$^L1Bz$+T)jvi`ilw)CK~*jQLtJ>eIt zBiMwNr(X1OHi6XIF;V0Bq}|-`Rs+?F0B&t8`^+|bV6@9X_eG#ffCbR$Q*cyO8yIL% zZm&?)ewG=vAaM87M=76F!Rw#Q2Y3)O#uHN(@FV)zGr($Rhs@c0Gcj`mjy900Ote5dDQBrK9an*&u;EBTu9C^*GASd#ND zQ@44k`m=59W&8MzNL(75JP8+1tNsh>SN7-K+xF@8^#jo|P?Ybv^=n!Gl3n7KGK;fE zlB3t8L~n_WRBMhaE}jRi(?xaA_rU|xvL1q#ikHTxnDyL_=bX^AuA{MF zD^$G$T<7grUwmQw%+CIgpfvT&0u{Br4tSsa6VRnCk=8pd zvuuRltsd+97^Q`(quwcI4dS}?2cOA!1{er;|1-@}3d1T>`wYUT1a13d zG~0dv6om2pkHx4Xi_zLd+Kf;r$`Nr2Zfdb9)Zz$%7%MhbgXS}>?y_GxJ01H;0|oMC zAaIWzTq+)8bTUk0w8F_m5QJVD{UkxPcFz4QAaM+&k_Y%g?!6??j#wo&prgl8L(E|e z$>AZyt6V8Vgk;eOf0dtjWR7xOAp?(pMF%Mnn+D*S!ol|hgD^r_dB;zBO0d8xvArf! z99%$;Ti4j+lrU%3lae=);=7{W~#uX?qXNoExk6aRl+|;e)`Mq9cp0lqVuD=?ue?IpC)eUop z?F@^*0s=}afZP5p@1sDXJ#FW&4&{hqv-b!M)lGL^t4=}S`>NK`CX3u?&~Ua1LEJwX zqe;Y!V%~pKbxhCoUv6TVx;4PfY+<|4?}N7A!#CQ<)1>?>sx+O+zn66w6694gts4ye zD=e{y)O6vK;bW0s3o@xiyx1BdncW%7zVUICQD=pYsr=H=^=c=q+N}9JSZ_|9-f-%y zrYu-$T_4rvL7d))eFiaE6;ZZs>81v8S2e*FZfD7D@Uej?+%3*cTUWMK(?;Md7XOD? zXITXZAtUz#cfSIk1M<#t#b0=Hdvyb0Zbq-+jRF$zczXgyc=NYq+k6Q{#%yKuoHv5? zqT8A10=SR|UQB?9M(eQwjN@l)iq^@sI0gsVhuz2!B#8ly4Tf3sMUlIkIS#i%Vtg*! zAF*WCL8n7R5FQ`P-ocs4X8Kdt%`G_dOOF+pUY|`xxXRT=)dwQiu)k5nRb1~^T?6SM3I@zoa7FI#kHAaD0F+@?oSf?=uyu3`QR)By+VQY(KVn1cH3h_=2($$r4$FjtskxdwAYGQ}1KE?3_m}Saafg@N*KF z#zT%33p&4htzUBl-z1lQ1w2Nd7EuCc1&7S$Xkl?@cZ_pT#i;zwqAM4C&f-o&pBJVr z%AX&4Iyqk9CP@Ua4qg@$ZhXz49zUo|o5D|7zMch1pxTGt1o?S9ACE?JL(iA$&pvv3 z3~qtzTd8B;BMJQbA&rOsWc3^plS*3WP4iE`nLCz@@R6!!gle)4AV2kF;e;6fkrJ;D zczb#g91G>M9yX5FGgHoK3=xBQjogn?+a%yD;uY6B&C4BN<9o<)QI_?ex!|T)qx4 zzlBeVHmWU+r{~EqK^-g}^%biAj66JOiqP@TifKE}&dr75L*X+Ij3y2x8Qf~sFzB^t zsZ{72L^0ZN-$IafWqXOLv+m3bW5vABYmevFfOD@zd}M|PY7xon~&1CcLs z^Ru9Biv=zVI`8*Td|#CMby|k~iPoxTlJj@ncv4Jo`pkl_RBwgo*VoPQuXzt5sn*J~ zhVaFyzZp7mtr<%ktG9yE)E3LY11}5iNoQ%!-Uu7)SU}J9b88;j^kEgN?X{kp8`;I9 z1A^MH=^`DBb{ShVic;X24uI ze>vDpHnXJ*ZGy~AqV9sg2gCOr%;og8Q!7&SJ4g$YB$cc9Cq8U1XPMD$s~1@8bSY6p zy=%Ahc#93QRF?ihL)@o#;486}<~A<=%=7A}IgrP_{o7dJY|=9ML4OskSaSaR&|Nkd z6^eRFY~|kEfLbefmDy~PP>U$kiTz^@`BKWxQPfUOaH($Q;|$an?qzMm-G>D8W=^c5 zWhe5}gAg2l?fy+`Bv}(OK)qp|6gk2d`>LKS7sjND>5A!-LIpK`i}-`~SavQb5nT>y zShJQ8y*SuEZm6Z$(jL3*7*vrfL>l>1w3gqH^FWbnWU&Q}Jn4r!3c1&?Po1+M*tsQ? zxYwrdxMR=7UdAk+v^}YS*GQxxe0t-mL(xjVYST6-E26eSVR|S;n-D|GD0y!mE<+db z=)0_%)9BY*-RW~xZZEblqG^#~GnDOZq@!j-AOA zPq32=JfQCQxx?>{ALnI#`Y;!7stR(-M45S3|AuE;4`{*O3Fz-?H@?&OTe1x<)#pd)2~Mdr^?L9`or^p zx<=J|AkKxLj~)=|t|>BjZP8~GyK`pZyw~!J#0vtr-j}(&$vkb&mS&OQgwFb3u$RH? zEZrz|6(<5}TC4_*nMgIp9pyS4AO=fT;vK@Ns{i7gMC9Z)OsxTbQC!C{ih*HTAVe*i zyekU^?=|!bE>(K3lS7-K7Q?4l{})v;v%~<(`u6(zI>AMkC-aK`t#JntgozCG=IQ+L zba2-vvyZ?DhFh}%QhP1bG+!;Ukz>ldsuy6d!o6NrHtT!n#-|z0xw5_Xz?9_k_7JY7`+Ds0VUG-3~bJ zCw%gNe&)w0YriEEIhL((0ff*6#>fJNPkks?qh}Ua-HPFOFdVmTQ91^-?Uq;Sm{Ut! ze_6mP@=?=|aWjfej{LC#A*{+Ktb>9HDlx7#xEAD)U+LoJY~t+!(x#ivYf5zJae?_= zY=&k+`xl5Hed|AhSZ`YM?CWFCRFK27v<`2v>-Xl;Pu+V%ky8Uzu_m;nI0m>QJ{w-r zOQ-{Hjqh))#Vur;!SB!8jVuD$B|R}4;B9;-TqwfyGhNMm8od$?e+kDdL_0@+&;{(x zMeW};W7u$!)BeSOS@-MNRw`KXcJ27qhRp9xWj7ngSTGNY8wSzB3a3< z1%&`ZGlXFF)V~MQQw${3 zuwwh-{F8ch4g32>!y>5%D8ECs^Vu)BwU&A+Dz}}0O+vGol5WlhZrdzO?%(a|!rTz=63N@* z?n>$#`UUCPI9FL}NPFc~GiLwX2-0{EZE{2xrk6PW#S2U7JPR%&h-XW#x9P2WrobV9 zVP65_QoN@(LNseThi)enZE26!zYi=J(y+sD~;nQ625 z9@alpQN7|m=3^mCLkuqiuwg*FOPLiZNWjRY$l`(a!e%5gU_w9RdXYh~FcN&F%9SZG z8v9`KDdG~Qkm^;)|4h7jAEclh*&%V=y+$A7DC}kQm_GvK3k`K@BxRW!G*uYx_M){j zH|B5s^)D{E0#V~eOc^3obg2%Oe3GrlYD;U43TYrH`J2SF*_)J>KR;F-qZtj_<5z$m z+AJk%Gl71ud(jg@yoN8#NS1sbA2{>U{k;T*@>B5lIk(8Or;mg+JgW9KqrEqJWES^) znkJ($fJ5tX7ITyw=7ebatVhiRLo)LR)E``bM(Qm(41>fVK1svn+{HO8bjiJxpBB?C zG}+*Ubw*blT(pJz%1WH^V--!G`kn-Y2odVEQnD$X1w(jaGDOtF&U`Z$r8U62cKc#) zblh{R`nt1qQBjOmsCIZjYBle7SPBk~J+2j|_!<>a{>r^ZRRXk|l~B>l;L)U`>gY1- zfLExP^-b!4QoTDDwSu1vUOC(#isq$-kiFZ^7iD z2OK)1LDSrSX5l1U9}qCDB}&5kbv>Z;YgdiPgqA(rpVoFf@;js0*(boQ;|t(dhD12< zDX^#RLdNRzSA#o!{3O6iVz^XnQ=OSwq!oh#DV)82zw!w?F#Y*bPcHXjJbz`5!ihj< zitbGb8pX&gMAtejXOi?)hrg4GpAZ{I+qp}m>2n@S3N1$kaH(fw*($#g%nVp3wg?n` z6tERPf*Tzkv7;tRsH|CNGx$yd&{>$8Q43L4GaR_X-}^ifLkJ@lOjR%0lBDHDxCy%p z9?&%vp$9=l5%rDa#qcEgV&bS zp^&I)F90&PdSMxqwNb(>4EV4Pb`G@EArZwS^s&*7NBbgDdg%7C>U?mxB7=8SBakWL z$Oxy19%9Ix*rEdwv}gMq)7J-epr|ARl|g@j24W~)#kMbgzs6hZ{K3O5UD)l+I;33cYb37qw( zf8v_zMHB#=J9Tm^E07(>Q_&XfvW~Tx4Mh^oHNE>q$6}I`Go}}Z7&l<4V2lNj9y8)M zcuh1D>)1@vlwM$vI<7sRE!qO8%rMUU#w>G^LXLTcV36vG1@CFy#~SGAqb7^12pEeD zm5HmI2h}8nUctIF4bO{Hkz@Kfp!3)|i==~KkQV+ud=S`OsFNpg3||?uKC)Y z5BSkfDO1U&kS32#TMB4)OQy77KsrDt{<9!W?PD{_qlPM0Wf8_eA4oi8KuY;t1W)`d zh%$y?(2&=5Ygfmnfrw^*NkGiw4U?pk!$5-kt2P*h5>RwD>^2L`${Wxme zJTDeaN^FNz~P>iF~6FD|}0Jx%7w(4fxKbr78<&M--9;<^RJR36bCJhfPNzPJ9t z0&5`Hp&Dsh=kcq<)7}tBedXt$)xc%;=jPs(Ky?Q8T`{1;;5V>yeLLXE@>`-Vl~+hH z!l+T9;_krNU2~%D^fel=YGhiSqm#K~w(_I&uKp%5?V}gXV+Ms}2b#fI`8Msga@Xah z+qek74r18g;fi5aM9FHQNZF#mzQGXK)~~Z>1f4_|lGds8c_mm7nMdMaYPjQi4N2#| z3)HSse(93UK6z-`27Z9oU);o0JBl<)8pwf2uR}Nv!p5IOiA%cvCD8G;%~8%$I+8t; zRvR?W8sIpP@W0uIE$z4t8r7ous;{BG3|rS7P=N6zuINL`gv`6Zwwa}OLGds+eIX^Zo;lCs)Vq;05#W->|O~I z$5pb7_i^-H-PBgf$xm|++?f~UC4Q4t2ssE%?PS)>n*v|6zkn7ITsSqmM!1^C#?7{2 z5?es&ReO!_@&z6Z4uxJy1sk(miR$6fo5pd2YKOU0${pGapg^&>`;-=qh7q|l%zRm- z+qZs_c8R{ZU(AF!&<4d{Dr&3~QCufswE}+0yrdbm+T*RH!g~HX_e;u>0gdtIuddw%wHNVI{g0L2i3kZUZ2@FJ!sv3 z;ls8==^M25E*PGRYpD_sJsM1;c!7XgD%vnBjo*nB0f1ZdF|a&E+<+04@PJ4 zipBxrjwloSVpu`jqtKS(KR0K$gsljD8Z~q^k0wx|w%icEs6ht0k@Z?;gbx!z%?pVB90En*rnC z%1-aq28 zb!%BFw-zmdkZ?65HTqjwW#rYWP050hI24A0;u-`brBmp25DhR%wdLswE`z}FT$)~q zY)xvy&+11a;MsKbLjcBn+=<9auf)g=#Bx+}AeJT`w+s;v(v1WY0m9 z13V_{(?8Wwa0*F| zp}uEd?F$Ns^opJZzomO}x>GN0ACt$L&DgK}Z2Iq(!YK|x72+Dov$^U&G>;wax@X^$MD;y1@}==W@!1UG-|}oDjC{_9q$0&r8HM-K5M4?fcET!8XRPD+E(_ zGdAF<#Cpnl1FA%>%lvvs?-%qfQ)boOYDV>(id5lBj})G~x-OP8eq;J|OIARCcm!d! zSscW71O_hz*|V8X@_(CS;jr{$5$wVJ2k1VuyXF+$*>ZD)e$rugiLgGW*3Wp}I3sMC zWJx_17c@35pYTT^#*OD{5RwphyHjqqKQD;rxRudVB=9snVtyy1>!qa}NJhZ{4 zb`fEgUMrwO4r|top7Lz?zGUn$22T&JMc2u%X>H%Nx4gMH$h~9b@OWQE25s%bOa25r zKxUn~F=#1qdanIo&0bBmycwQzU} zpo=p3jUCu*8_s_9a211pO8yZ1?T~HXymc_TyBj;2?#b$U_w=2k_5)Wn^~f1w%(czQ z`nt;vcz-!RJy$6A9a&J}DPftWg;me(V1sAXzWO$F@JvXhdI=d`%Y3~zF#I`xyTl9N z=2XtSsH7z=F$)+G$ISS}>pr1wSgc7<-ExhgF_sIr^!st-(5N@tEG%*oj`c5_J|qtu{QAX7=~s%P|}c?_+)&O4!O<8AK&-9fr=z^T@@hop?rU7d0a zv}b#u0QxhHa5Ce0H6}UDspc3ufTV;29JY#Rc}dQ&FF9!mrw~Uhs@0xpAU1r$s##gr0ZENMDivh-Tu%ku+wVA8*w5(4R+G8gFk&{{keZy*v0)yz`8Fx1*; z;Lp#`=lyExf=`~Gu_oja=L#C*BKLC*-)ga(Y*|c-VLpZBEqONH6^-RY>k-@AK}Ehe zq0**)-MjE<;jOHkp|T+>GRqaHjLTN_0QdSFpt*lT`eXSYHz-TYcq62=fH*e}S9H~b zrb{H2ZM{a&V~w^5x!as}rfE1|=z25-`<8>hO0_hmZI`cyJLFe41&|k0Pl8%hx41bKp$+67$%q8zmj`o#fC|aMcoY@2$ zv+3HT0czuvM)_=Sh3rn&$Z0~9hS}SGtOFhu+TKG#h61raI%cn(m zD8Tp0_Wky2`WN4}*w_4(0ef7{yUFVFPI+^%MbZyR`tKOK*4yu{l8nkOsM7MI{s{rq zLEU^eZDW5|JfiDWNE!LS6hx(1SES3Y5V9&){|ZW7;S&VDv@Deqomg2jn+rfytkeK( zEjjP(q+hBE8v33+q3jfBXPaMJh6BR+9gQ>)X^8l@+61d#gi0fA^ASc^p{;v;0~lTk zUzHjYwj|4B7HiIZ;E3qm6*54a>8dxfrjEMOv7x*<^V3K3H6^EGEWj-5ABC`E$_M94 z<#@n*$FFS3*K6XOj#pqB_~Jq>=mOX(*HEAF)hp;UHdN`ne#+yiqm+$fFGgQTHyEXD zgvY`tD%=I;-Ru3?T@|u8BKO0!F9gY99kdjJ9;dJ7ptkbIvcgPtbglbx)*_^4VW4Zp zPduKhty%=j#aXmp%B;T9I`p!4GT$KT@PHe$2!lM0Ew;*1qr!prpoH5OkPjQMmwrky zhRXROBS+DAX?Ioz2nQLrs$0Z8_k1N7M6Mm+EyL9ZGo@Vp_X?Py3I;Tj=4b! zRX!<>WH1DndYu?twxxVPT_ha+pzOdi-9@F}fqiwD*{&Q0ZmnYk0=u|6&KL|_M4g@{H^kSs!(e6VYY!BSaZ5Qh2zK>T^QmbN5cP0-+a#byer2+leSwA-PfO8xTGYgg zQ#7AZE=iCuf%+fvD2`PJ3K+I(G3k0;Y_)=cdCdqhaBS|eK}t&G+4(%%9PAL0yJ%S8 z??1@1Ip`5jnCYQNqOA>fPjL?X21L2zH)})SBOp+@vb)rAshdb!A$IsDgu{I8)>`Pr`N ztK0=TAQAotG5;^Lim(kXjFt(V<%^RO=A{+C3In1hiZs#L3W5$icStYzABWV>_#Y)7 z`hCuhSzkG)3nKq7v-yV1x}@oCX^@Kpjj`gs0~>vANG)@g!D47TTwAyEShE=_D-_m zOo6X0 z&Nsr9cB_gH3-XaC{A9z_JLiXkmnsZuGEvt8ne&v7oi(J992$OEN)P#AIrH3U06LmM z;rSv57WOA*1436iS@m}-bZ^%;-@qVIZV+qGWqxQsaPUkwVa_LBErb zBekC3VLSOtLU0vj%M!4MrP(^AO&D@qav`PANIfZ%TBoGgFy-uRXf3iT^qa3qR%N9$ z84m6>D-JIC78e8S9z_(bE#FMMx*f>u|DkvCUIZp(l)piv9Y63xcIuHm^PatZ>9+^0 z-F*Chu?g7E)Mcms`bZ2pBanNIna#WBHbhL{?t(Vwp&KvzP0;>{tYBLSfqM*Z3hvqw zQtoTdEnd7V0T}k}v2>kzqrST`BX5&7+rOFE^w+@slyk=6olEk9fJ4GFB_G+Fl&HeOV{mYpb6rwAQ~}oi@~pM(%Cx(> z$^h5JzRF+WB`78^V=FNR4Ru1sEhk)D+)w=1Ldf62-FvQW62;sK(K%o3`5XaAWSWyF zr{Tecvep9Fo{=0TT4!0|sc~Y{Toud%Sc?oZlbp$TC^t|R5oM)A@!sHRyts;ET#7IJ z1-Ik7QQR@nqTVYhR(ERh0Z${;qt&eJ_buS(HgM!Uh|ljW_1O01q5K(~n}L83<0(Bk z4yyz^#xpqjA_`U{bVnG174137lo+WX^gY4Ev>+trlziGTPJOg$MTpM-Z&g>fX0f*% zrmwxXL*MZqZnX~casdo*Zs*S3otVyDy&N((w+=HfYenhwIZ7}aIP)OWr2qju|Xfisp=@!#M>xD$TU)!f$}qX zc;EQZ<`oVp0tK3X*uPA=pMQ%g7a^KSi6LHODv1V-7kaVA35!9(jkqf|6$SlYtMVON zYzUbxMXAfEGwx7vKC{NU@xRF(?8Zh=M0)#Dii@bfx{)M~8N<=e!HroI#FHXH>x20f zI7f6>)}b%Sr0ATzExpjEgU$vJ$ylkfspalXJc&F70McRiXYWSxO#R6N#EGo4FJuWuV7I&(FTL1g@zub`V1>DKoPTXE%Q{ z;x>&vG%4o>_=(YKS>g1-B4lu7b4d>^W#M!WPw0;Z}@{`>fBx$*V26)gWH!Qh`5T7dUi%gX42CV?4~(RraC|1=#uEpjKm z2w>NefN?A{r=bxs1@P;-ILl871}OV!kWT40l8ehoOM=cd@J&Fmh1vzhMYCEm*H?uW zT@hELuAZ0jd0eJ@C1wPl>dR{nSEWRlBuxEBzE%gwXikk;;zN3;zNj?yTL+y^@AD;Q zO6Oy$bWt6&%X*fH<3DbyAO!Z(;Yi^_GOd-(byFNOx^dOkF}t$Ot-|CFxfWO z4UCwFGufvqeC#k9EU@$Z%~KlT`nns!N(+)`yeBTP_#6+p(|5?m>OASp(|IJlOV_BJ zf=`Sw;YkpUR)vtPj6kP9wi#Bc%+sn>lKG*Rc5H0`;dH-o!ea{ghOAyt zfX=B{!Xu*;Qa-ep(7CqcLe=euBb`%Phzm369;95M(W~Fn^ks%3POdy+;@6ur?^nr@ zl%i5s0}M1OFB4pdRk!4?iWfF%-4m~8t{iUbeN?MP?oY-1ENG_J(Hsx~bj|fZPX>)s zz8-EK&eT@TO0T7QfAfqDCeprSNGxM7HyR!|`=C%vS*H}^6Yz{t05YG$!XJn#<%Hf7 zb~>^C#} zAJA6`sUNerGNGoC>8_p;6q?_X<6@7G2uZjOeX;BJ_$~}5u6KH;DqWz{= zTIM9HhwfioNqX>@O*{OnlDHyML=DfItpdt^DnG0DJU>E^zFKGO>l~(AC?Z>;VT^S= zj*XyffD|osuBmoIHsDG(yNgIbJkQAt*4ChI*WEZm!yIU4@#!`$bZSyhP9IrKAI?@s zjfF_yNPAzgmK60CRaL`5!~(W0%aVHzn0qfqhmZm8l6k;+$4tQ1aI^7FMrm z*hVpXG$JX;Yd^3HzBGs$`?oAODyeRc&I(cNYx1ZOW0k!|jT;J5oA3vQ}4+z9f}u zzVjtcbf^n+BLi`$H&^PXJ!(juvKlNl+x(xl(zi0pHoCbJ$E|yE%5&*fct@5_19Qrn z{k5a^>hxgx1;1iX)6;GCIhClhS7epRh8$E=s)%l`2`R}ljy~Msq%msS3 z$s={GMlv1-G@O&yYSK=>lUZXGC65U!b=eO-6fX(kZE(V?VB5V^q{6eAuTId=DLNUE zSu`anC?4I@AS_qR%uMTkO2IpL%3tUw1tEW_)@ksz4$7s+zv^h2OWHh`rdhbN&-4lL zg7u6OMmhd~M2F6qMqA6m!3f*qW7!(1;j(6o`zb8J=D=!gXq*}%U54O5PBvuzmf%@@ zi6@tM=TIEz*CgoI_>kuAQN5}U))PEq;rtz*7xW`tphNq8)AG9nm~Pw3jQDJO@~$p{JiP?jLwP15VS^RF*q=i6&vOSvW!%Roa5i-6Mh zujeO^|2ksrOvs1xLob`#5o3-6$dI-Ics=jid5>0Oj#Neyz(VD2q9E(hO&P2(^Y^-I zLcx$=T;l#ccNTa@ycU_cQQyRP+P5WHD?+%8<^}JR3$`L5hXMy^3H9paP>-7d&X+0y zd`)I7|9>`-qwJt7uBeft`lzkcC^e`i70JIOdgR2TZE8r_6}>v5bJpsG?izRAm*Ht2 zT`kLB5_3Jv-M>DNTm>(1Kq`D^TtF6HQjg`}yEsnApUm&c`hNVP%+ycTJ<-#kS|~%l z|HJb`cYs>E@343K>ishewHZpb70*1{oJ6PP@BcigLH_L(7cu7@^< zlU-HQGD{q#C-Cj_8fvdyRT1OwhwkAiohA(?j>T>IXx+&VKl;V>eW}@sau9z$7+YLJ zCVTQxxJW0jiOi3{K0IafTUlnF9FxgLoGQt!<@WI{*WwM6bIri|n2&%<}YaY_iyb{;3Dk z(JIEINIWL2nUnOZuP;d>o&yG*h8a{QM1?hbsM$13<|0lS9+Er6zM<-<2L=jCnEa-O zGk1rld2V8+TxRE9l_~msn$u4ds+7q`R>1dW0GMd4wapJ5%TfQ#Z%R6;?98cEzaw3A zwkth^*jDmBZb=N~-;5UBdWG1j-#$}Y8oJk%%-ssPd0c|*dCh^v;5ykytd z!U>mLS+#AwHR0_aWBh|8G&HB20KLFF@Gr|!!rhNi77CTvBXjALJ5#h08STh&)mNAF z?a=!W@g<^OdST_a#cZ@2Ax&|__dPEOrA4^+t1FlWTD_a0sYVh|bPT{NKMzeADp9|# zu==Aq05dN($_5HwnlDR`+{YB>8Y*1d=d$pe2p5-HkCkRUTD_9~&~R^YuT=D>C$Gxu zI}#x?hc|$H_*~*A0-E#s2{)W_FK%6yLf8RnQzjtAzT>6lmt)d%wagKws~8T+-?k%d zGI3!{_kGLcS=(8H$suEiaYga|-ff&0@M$R(ovFw~z1SG^@R3+uTA70gTcFJPbFY{( zJPU)^EKo0RxUyOy6y!gn)Zw$T#OeQ#eTC|IT?0ISh zLyvxRg&f_#f8dID>r?xRNJcx9$ABf{cxSRoCF=$m?~b*{IE`-o4Yr1f%JvtC%z$hL zL}LD43R(%D`z=e!1bD$wI~qAjnj9Vjbq3)>GnZsOoeLVcxW9ypSH&!@aHSpjbYg#k zgwN4vqtyRJ?wzy@+VO6h%`;lkuVhJ#`=RC@+H8N0V$V!zVPykVRZEwk$cPfVkAn=` z_W1Izz4zM+Fatmi*;(b`N0x|}ZTWB3-!BE5G)4}w&smp~TJJ-c^jcIVzZJ9}q#@AzN5^L~Ec zhtPXs&>V0i_1LvtbawF@|DWg%BCkQoA}2?uC(gb-LqSq?8r@E`J1*3LLgwPn#vui>ReP^%|Cn)a9i5*^4v9i1iCY-hwRv(Y041dwCfg zJVo0=+uY>p%Tp=_Z%_RVZ?_PIH==4SBCgwwJwbY=>(8{kGpV9IYL+=4|q-$vqS-e;}_P{ z-5SPHXvO{Bdi0n|P@ey21UlUUuH`l7a6)5IEoY1-R$tm5J3KEGNcFk^3}nyNEpyJb zdFNu3*WWChu>5?!V6c!wKa12nL-m7*4~GflX?k-Q?Wc{VcrjsL`n_BOb^V|-0n}Cb9+`I%_><|@ zsH4O>Re5urd{vo_wcWKwE>OYWTSN=9et5WZFaq@+N8i|`>hKk;7T0nP!1cZ@#%22G z+YX_e{!nxvaX@+7m}A~9r5kA>G+kQ6A0X*OyZUE@`sE&k6L4fvCJ^W!S~Ns-kFE4=b> z)t$-Ql{^piZ}1{p`#T@?k&hHpYi8vUvC7Q*eSsdf(^;mpf*&kqApv1Eik~K#7nucR z0qFcY0;tm_VqhsJvd7?Ol_dOPxh163NTnWtS5wck!YQR|#z!@?+)&37rKB?ZtPJP-E!Sxgb;(g5V^%qZrGIem>@7j5t0 zWaX{AnWzqSiIo5wd*nK+9`d%{b1wZTM71EgL^h2nGD9ZgmHpP2WdK!if(lx%6I|X! zKw1j#x*n|W6N{6Vi2FuAxRY+t&6#`zvSEp<%B8OS)2Ag+)N)GV_@1n&&RVcB2mJK> zsFPhy2JeDcw|PI(;fEc2N(0?1V-6PjYRCDBKB5I7S$4G01ta!KUfKs;7TAVo3nr+v zp|+Wuk0bp!W9n>so~3&J9!Y~N@a7k^7ANt9UC2oeB46iZiE#b$6h>R|f{F?}J@F#1 zWGRL@d(Pi+>4JS3Ov#G@tsLd4{?#jitD+ zOc^lR4SiT=ZQ6OiQdO}vjr~C;wmDaXlPemISAUT9Sb8d?$$jGN`sGfoMgVFsqe4kb zb(FP0>7d%0!c(y#c~G$wfuV426QHh{zz_v<&nPTQVd7GHc_WmA4?5g%4ka&gj0wll zYRFZrw=SwG=%-}C&tB$w(v*mS@cb$Kxww8umnOa%IkPoanVG@yeuWzN>gJX!-@nc6FqvBZ=L(Q zUvo_K3F;-(#x~-Dbl#N`)Y^p$UYziCAB!Tq_DfMxlUlsbfvCfS_yKiA=UI09M?mAx z2*0?&ZY)lxe(lieLUVhYodm0j7QBD$wLfDl`n0GGSknG>=^b~?7R2wsW{bFuCX*(< zoId5AYb?lS8}qd1!0RA}zU%$Moi*@c(fA zfb*@J@%fD!MKWfN(*gxC@)rs&t-R?NAJ=_$a2Druc<5Wn50_Cff!(v)W9ug*)*3OW z*H~5Rj>gdyqU$shcS=3`4MwHeg*iU64Qe%Cv8lZs7B?UN0o=2V9L6PO z*CMui2c=U8z4RErxCebaRtT}Q#zR-fE^5#NX}c7WL`r>}M-a!eL3c~#O3Z(Y`iD#N z6G4({=F9XSKb^EK%3nQpv=b$wb>|eZ4+K1ZtgWKWbpUTp7d9@dspn=(^b&4N`b3M0 zf>|72N1iBWoelD+x<iXP zc|3PH1>qm0{mDkjYYTBsbWL5dl9NM_q3!%!C+#W1G;Vkv-}hNg-gInbC-OB+z}qk7 zvNmge?Rv76+EBS}AZ;|P;uX%Iu@6@2fQQbiK~c(A_(jro!UVuWTy_Q}{IE9|c3ZC%#hH9OfGZeQ%DkSK z#tv&OEDJidbu_OaUWQLP8!=195j0gtcIZby2Hr0Wa+fDe)kcZi)kcm>R=vLuntd!&56S@1@(DwZTOJv7 z4NV0N7`n|qe$O|D?X8B0$X7?b*;_qh6tdw~1C;K+i#sx4zTm=`{zyR-X z#W+OOMGUdpna<*EZdF(H=p$Y#5xT6~qyr=?giN-umheYB-^d@NGNTcm*#JGnv#jCT zCYQHeg2u)c88IPo47Bt2vlHA}+^&3oaes;{J^ySAmsB6S#A9}C3H-A%{|)|zez)fb zIwjYQ0yJ4*JY?ow{>^D^|3y~vhUG8Z{{#2&BsxgU*MfYPlWIkf#8XO>R{x-rN4HP* zPP(TuPBs)%%f~ap(qoZOB?;?pp|5;)zlj0L?{}2u^(kLQ^5qW)Ov}0L5ItO*pO|`@9gjx%WK$X&S8Bb|P0q$vb+DXt zU}!4s;v)?Nu))w|7KHA?I)pc{i@@`}-HY zA{RHvzWC?r{-?j{{-H;K8Ts__GW4DNeD^QkWq%~8r@DXRUq$y}f7N~PpSq9VksqC& z_?eac@9@6LFW&#f`~O#YpZgc@|Kk0>@ILSVQ{IRCi}F7EFW&#f`~O4UzgQjUIAP?T zNK2qhvFzU38Ve0PWbY1*;g0yq$No_NwXqn0bkilMq-^Ns29n+$lIK-4&Xhe(xXkSO zA<6oh&^7)T8O7#S8a?XyC)pZp4@GGRN=XyN*NdG?J&}vqgWAff-WVIRjP9Ssle$L^zHg0A@CDyqJVr;zbaCbj^z&DPh{!>EH$eNOS zXC{@Q0H$7Xl!{_2QsB#!MwmU*!V_`9=2q=KY2){s2$d?mz+x6O`YyfTWfO@GuXHhq z*q4aL^U=1z?YlFxf~{bu1L3@LYdx2AmpapL0`F1=yQh`KU3sBsTT+Dq`)uCmaS^>A zD5wz{QHm{{)k;mwTm{syStokaZ9!rOFzX8?*IRi&VGgnM#iqPk<+k)qbbf3#l19X*kz}y)*xmg} yV6cY^Z*M5YFr)A%;8t5q1j%^~wzGdn?oH49maN~2IRym;nf%~r3{KH0OYv_r9e(8i literal 0 HcmV?d00001 diff --git a/assets/rancher-project-monitoring/rancher-project-monitoring-3.0.1+up0.3.3.tgz b/assets/rancher-project-monitoring/rancher-project-monitoring-3.0.1+up0.3.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..bbc0954d492e1008ddd913005967648ee2d44ca4 GIT binary patch literal 124820 zcmV(&K;ge1iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwge%!W_FpTH3t^)s-XKZ=Yn-<&YnauMjwv*@?+tFC^Iddk- zqo7H2H;&i@1AtnN?fLz$<-N4`O5Ps|3jsFCW^413<_B9%0)?$ms4CRLaT?7C?`E9+ zokX%bXDOA8({$Q@KEqu0uJAnh=4Q`eFc>`9+k^iHgF*TKo!y@M#QdAVjoT^@?hAQvnlgzcWvLi#AQWMV6E^KdSjvR-DC9wCD(mBnHzvIJjsQ#>albfmEfy>{4CS!qV&n4}}rkvu1z$|7g^m~_tx7nG$V z^zh%mL&M(iNpH{{pnpTd-p(`i=fldX8R2s(MVE;YN@$v2ZeP$eW*4HewA~0nTRXj{ zrm3A?Lra__1PfvYU%#a`a7O=P;h*np;4E`L2fh7od&7;GWF(DA8c`xf8(kE!G^P?t zOgWz56!%Dq#|eoy5Yp|L_ZtXtk};v$x*DMgO~|O<@AV_KjYZ#>n>6+WOM*xmcO~nRRE_XI@-g8lkqUH@ z3rRRCrc*ak^rDAe!0ZXcQY2>tkxMEhNh5;T1Yz`CL)buG9Tbx+VOJzZ=M?+ze}?Wb zzA>OR&5@ zO<9FubF6ya$3hV47dcJXly#%={{DEpAMNfv>1FA3{78K`_6$}BQ^New6 zj(0>Z@jOe&2&v=n1oJ78hR-P)05BT{kunPe8m!bz_f|xEClN4RdXhKlL z36=_F)X-@<=%FE=h(&J{FS7ToOPU1#6NgiCzqaW1I+<^N0X!^{KSl8t^N? zGMKC^OMu70NfK6$*nG}XU2=rpf85waBAU;zn2it~N5h@njZHMaf&wFi@!8ot2H?-t zNENE+&8xXD)mx7}QXMy3lWNP9eXEKBuMZ$bNHO1*fm81hnvzs;gYFaZ(8zm<6T;;j zr+7-Z_xjB7YzJ8;DnA@c#_`m)y@Al?CVETaJR)kY3ar;nAQ7=lfxubz#(okSWk#se zd)zS~%#5pP2qtC&nJo`f3`GwLxu>$cFBhpwrdF((ahw={P`BV3)!gbn0}NMMz4sP* z0T?dzrX9qC%03=(GNG3MhUe*+u`~4U?JLnk?}Q;2irMz*&4h9xQHHrx$gSR(imD!x zGb|Os*Qn~SSj|%p&_)+k9A3vUy85N)Rq)8Yn4G%;cI94B0YXjf$YWDL4|H>LW16rr zPK?Yd6QVIU6Pf-4AtNS@&;%z!BcQkvlFZG4_m)hlkV;hQbS#c5+Uzjwm?+tZaf39A z1;hyb^4o^S>qsW1VP6O{WWR4p=mHW?N9cUm+ZptB^qVYCk|UPT=t`0IH%uOJB1kIr zS3#njQ+f4V$qSd#j!(_}fq28xw~R?|m)S4xgxZzE!C;`caUw4mKQoO$xlMJF;7HPQ zCGl+=av&_(v{g{1>QH@*voyI<%g-)cG0E{{LL)TcY>rfggyC3#Xhu_e1gUB3nO1>; z06?m=!Yj_z*%r-3TbK?h#vY`&IrGtf^6GyR&`a? zPFYL@$fa_Yi{iZ}bsiiYq6?ZN>bMyvEILzDbupvS42?O#XR1>X5yH~jcZb5XDrcPK z(;2)qee0J1A8~ehh0HWr2I$?Po~eY+sWe?bVP;-@Y~DoAb0OK>Ed?h+avA|a=&99B z)v2Y1R|)Go0JRO(}MX8e+ zK`dzR0?TLyQ=n#83wZk&{4%IUh?nT5k@zXo2U@~1NE@p)5 z!@*2}nhsD1>lt!d6Br68iqM!OObuSLe^on~O2o#3@N>1rY_E$>V>obVlqZ-YuDe*Y zzr3&L5$R2Ph{RNG0V>c5!mtWj?Nc0FuCL=Ozq_D3QtiM=UNrr1Mv}R&Ml>wDdfkPp zUDe$#o=!QLVoAD+Zaf^JhySMDZzI>Qe}A~GW}%ET4rQ>9G(`u@QW>S9H{!7_X|N!g z6{sMY9<74ctH7x@OzjEHBWnpmW5}4y@Hu51X|5m_q)h)RaA_OLI284yl}FxjKOwO$ zuvK&;!l@!Ek&)*}Y#YTWrjrTb3Wy-UhIkDMgax#zsR1x4JeOum#B-W%!+dM4eLIL_%hO4wiGlg(7W#x))&atOmkwL4@BGHdn8j(zjKAgl?{fxz3%M*0XyG@*Bn9n`3b30%Ki6S=7ZX4>A zaNLlGr^vL{vlV(c$!540He=3{BhDr?A;64{(8I?MSA$~k+JiDe4`X${bNj7;XeYM- zIVQ3dM4qRT&Pf5%$~u7T5z$N)K_IwsqWaE>v?`NakXVu86gWh+_30c>0Wmi>5nr+t z5{olf5WU&DYAGUSl)ilhu?yh383(SaYY6RCf5WT_d_KyP=0++3agLI)eF^tryVmVo&Qmb zNj-5MjlLaxJ1{tV9C4hfQ(6*!j@9n9e~wURxG%KQBhb|uo~6(dY?RT~>xV^KC{NRA z->=wLB440yu!1AZMc9bJ-o=Gn6#EY<>eYz;8P#WO(PfQ3aA-0RkMk4|ShE&>mwM=k z2|>pRv1(S(kPf%e`HpKgyc;x=u6bT1WGJS0q0i<3?cD}NDBcU*YS*;t=z$10@X;c} ztzH<)pk?anxwJ?^;82XI;5l4KqH!K8w5?v6mc!$D+V!r9{Ncvq{-)5!vBGn#CZK3t zH@;z*aL{=8xJ(72^LZ{6QXzH9nW4wPbpR@G@<&cB-~8fxL&al~5UF_`#ryy*iFGp- zS7ODu{6DD>IT8K6{oQY$+11Ec{K9qqd+5Agk_yeooTdlom?rAO2o3c+eEBZL#oLZm z#sml!PC`tTtWM7>&!DEw9DwO>20y#%z|`>IsfKq!#*(qbgUMO0{_jdoNLMj{j5}1- z4H$K%Qx$3bj9|$*IaTK}%jF2|&y93Dqhl&hJw2!*o|@-8)pVG<5BlRnxHqTr3Vnwn zPJz9D=t^iJyu9lFpbN}Xnod8^bi#`IuiS6J*9%PL2<;9;@U}QG4bFkKkYMS3 z8Sc#7r-;yV!bj*~nkNpgpf4VR))YgidLF!a{2$Z_X7a;dRgIWUHSM;54FJpYd9An` zJX_*npU5aYxb;TtKkmtSmRSDx2n)^9v?4W5mG%=!<`0E!R&zSQKu&2&K;yLpraA0H z=?t~Q*xsPqBcE**wn_M9xBAk&J3FcHqS8$jsE)!NU<3R1lR~ne=a|Nvg zC4-o0DjAb=lCX@X(^F%uvzZH^Y%|i8S<;>4DX8_963IrQt5)DtNbV-CHK3G9Ixz>T z=-;67sks^iATmodCty#iisQ$w4O}m4rWtOWi<^PX64z`h`~c=B8TQU~M$bFtW+1 zSw8_2K0+V5j%dAq-&LziQ-V4o!O>aI)aglbDLbh9@uOF^K$wnS>~x+dl4c3%pdJb; zbP-8o08-gv4G_Q4$G`me_UCs;sEb|@iD@E!d+fgb?8){x!F(>XdXEZyBxpR7oKB~N zD^?QuQ`igpL?>t}(W8WL)adK7RbY1Y6B##T1ub(Fy9kyp)8e zIC=N>RnYZUG(A%o4V2)u5%?af)vc@IHL_7LP5>lOD@;*@w-!&XjXD-;w_+O10u(26 zfLsT!UcNm+T^M~uNe|heM~SGaUoKU>9tOPQlzceH=A~Wz#j?Mz(1g9W^II?)-_c{_ zkF}y?19(rq?}>aq$GkKO{mvlMlF}{PnG+%KG@SL<`dvjk6{TCY<5}(oZN2a;dKcTP zsnxPgb5DPo^CW2VZDCn3dW`<9+-O+s!$@S57rn?rJ}aW-D}1 z#~^D5bv!icppLh`*Pc}W!sJVuS&!!13-Kzg3%uJzKQQiJr)mF%XP_t+GnOYYG72f* zWDS&ZoFxh2V3w|pbVw500?!jHgc`ePMKPh(im`FRrv074&Y(Zo>koGNbe?f`PUa+) zqAM9l7`9cM(JoE91%R&VYoIby#Us^tmrc4jwN*_w%Do#QC7E4r)Tsgkvn&k*?7%?s zD{K-N!l`HaWDeLEfytpU^*5?X(-HIQh;cbW&j!zi4*E|_NTIDHwODsfV*;1Q)=Gp5 zyOhRaMc+@&R7G-bfIO1j*5usSMn+&77gu4M(9upAkG6t-^9|$P0-1!B$r&l2t#QOhD< z2Bl$^~{ZGV%p z*seDEIZdu~gLGmiqo*)b5toN=SPYcuq2F3+UXIZ2;M;*~>=hMo$#;092%y45CGksR zfoAM;>~$0v+qlI5+bgTxFNkaN6-q7?{^c|#eFH}HH;IwCx-@gPRu-UlpsNWK#*?cN zM|?Y0HD-TXl)t#$qLq(0mot(|xMqvpZpaEcZ(sSVR~!I#B!@>un+e15_c+06)Fx2Ad00GYMDW%x5yb2LAh2}0o`^DJHt51V9C1)i*SM%w|k&_0X}hQ z442G-X`6*{qCr@LQR~%KkSMc3uCkE)07ZOmx7vogAD28Q+l5V%StoOyym*Bh?r~Gh zneUZuiF@_}UJ$um##eivEy6kqanE$;3A9S>kMN>fH_Y$nW01(w={M z!-K-MIKN=wkfZ52Vzula+z*`wTSJ9c7imx)B}ECX}gMiO$@SBTu(-f z6DBHsAIAwB_Z1J+f8qOm_Hjmg^LSGxLigAnhITBL_Zt(;2|rjOVWaP&Enn+Hg zw**cNT`P2}5L(fQ@I;bg6}HhhSEuxZap0_p&^k2(HPDDIaqGOsaJlZTH)MlYbAL26 zorX*SjpswNBO z;J0FmNQR+DBlNH3RrtS;dXKjrlnxr>prb≫)mHdkKz!1s$OW#qng9*?f1_9#Vq+ zFrG|EB(<$)CYJ)?h-Q=i|~wKv4tCmu!nOz1vAx>4NGyFsRD&T!lJ{-oN~@M ziG4RlTn1)cNd~>0z23mQ5;Ghe8pd=_yKE+gopdja@QmlaoiVPso7D?zT_3~@>szon z%TsB+I_1pqnL*tnHE&?oZrjDYRCV!Y&R9bBg9#U&9inYYld0D@D~-{Af7`>X7@w0i zX2fs0#Yij%b z@jV?|{&+6P*icl2F330_8~#*!hwoU;Rze~}mga;{3D7TR*%mH>;x~i&!V7SnYnxMM zSzeq@Q>G-B!u7_gHpW-grl!c6n!LQslz?hO$>^tx&WNIG+L^&q%i75sp*Kt(rrsBA zA?aJKR2#7d^A-%xH=kCB&N7s!lOsgs<|#6ToQ`616TLLNGcfdeNf0*HWdQ`AL1_T( zxB(N#1pozPzFTsAcVZ{pFur0_#naER(OZCrXTqkFxkQi5f^I3<^6!GB>ciBoSi+{d z;>eVDpcPC#S5>B_q4UN9q9ttlO4S{~d0!ks^dH1hDsq`=Ocv^;aW}<*#g3Lx^?~6j z!ol!@s54%x+~)X9TUvUM+=kB6RB=!C@(@hC?3o^Pp=bCdr;m%<8P&=f6varzXaxw*;ef> zz*@J!))`+do)MP9i#wO23RRToo9^}Ialj2&FLJv@(K$=iK z>fUX|)CCB#WwdkWYZimzr}LKJ_^+Hw@^c!I&Tn2pM=$*r5Lg70Ky!;w(DnVnkJRsz z?{mE2^At{l^zQAehGi){H?8Uq<*Wx4kAFKmi^qT^Q_ zR#x;bEWt-n(k`CB32_B3n;C~=SEIFA9j^C$mf%QXh^N)HXQ{iH1;K;GBoL8eKk5+b z2sV)&G$%OqT(FC_jMDb8+9iZP*4lIF3LtsGY`Y+(BW49P*E(#>l%Z*kIZh>k!_eOU z23<24Uyew#2_+(#raZgH+N3 zQz_6B98O9Qi+gZINAxC@EMp0qUi}BT^7Y<9MQ>bGIG11T^@1eZ_SN6pXo6{ybJ8`p z=M{dH|6nO;7{p1@r4b5i&X@pWph8d(f=*Ku>97fkl4)YmzN~UL*XJMdnbg?18$^SBfM=o z$?I%!X2}le;(v4lRi}OmvChbJ#V22`E8cdI1~#mDzY`p2`UYPeL141L;)iPC664R= zo+j5Ulw#;*7efR}3p7|QudP7Q40F^uBUc?ajAAA_FO~RFe1VA=p$`0Cye6RZ9ih$} zW>%MUS`1#JKN1-y7<2+cay5)=Ooj{J(pNMKe77z9u7=Cor}2yZS00<6PX z7Mf!CT2wy<51O$g7HSE)T3EJ@;Rs8utu}FGOwc6fWT{9gsQ5!F8GG8Yl%<-LhNvXK z`{gu-10Fz5X^eITgFz2HJ|FguSX}N~z--^pC)By_M;ds)q>Zf#Oa#$~z_NS<9ra&V zg)3T&R-~Ru0K%y!z~ti8phihhoFS9Y>cC`ZFhQ7spGJyBYRAhP%y=c z)LTXr9Ui&$dBddf{I+3>Z0w<+)pv*608V|FG9hT@c?5gcj#^JrjH1jPJ9`upI7c9w z{@vaM6}A>`g*;(Ru`1HU=VBMutpumO(S#ED&1E=P)s^oz$_i*3A-34W-b=Twwf>5! zcDexF?J9lIf&R$xmBKhEvZKocKSt+Id%NZi1MbK8G_ZE+cJoX~PVoFYh0CLUf4K9s zH|Py|!%<#-l~U64WqSuo{poV#x@d zJU{Y|Zp+vgLWgfTqtzCUV`jO`a*2-3{p~T4p2kLZ+tlzb27Gvbfv>N1n50#K>T1E2 z!(mEgOT?r>(OTq;L9P^RZdpTTVfV-j-Lj2h%8}%RY^h<`n*uvs_7YlR@ILZG9V0Lq z@w*ZX=!jDW<~eTR$b<1uUm2?x~7A&bgTQBT_v*Hl~d?PyWW!K_!T#_QuBz zVKk%DS#ss6a;$DNU?9Wh!*MbW28KSf4lN_&RZ|iVxG_hBKz`i|GA>4G42KTlbHXJR zJgMF@DGefcJ4Iq*W77p;>E@~?nB-WEw6Q=mdITdPy2Iw3ASl8DWK#$uB{Hn*m1(tY0Y{t( zQ4uFyR5zuTg5b#L?I)FEEzihnn$mebM`=DE6Rr^1s-o4hX+;i3DY@_rVU_4wm|7{G z@CrJ_atRS!*aT52JjN*ESj^N&!A@F{3a3#6c~;O^d&t?%5Z*Bk&?D8PCjc*0Kv*Eb zSgQV~QY!#)d}TD~bDF+YKacg$M##oJd3h;0Hg~C!XVxVdXmNF*W0nhj5kOP5RA5@_ z8`+{qYWqv`IcNQ&!F(s` zLHw9^ptOxkF{wG5SB8(*i3$2eXg1+pCxnR){BY(FKUBXSEd+`|s3sgT%(}^i@KC5j z0UXB4cZx1hv*|od(Hv(!W-9ul5s0SL_%oO6dPaTV&U-fJgQ9Doj7X9&s)-X(fymk7 zG^H9(AU>jH%oSps>a*^Y@#!gNN_hGUB^Tz-0~XyBHae)&giUFBsygY%6Hz65IA!V8 zoaJI6Nl5S?a#N zyv!2Doh=O<+ou3lG0ufiX<=n|EY+5pnjUEz$+tw4JcA!_dg!1;FR;W`pKJq8x>v|q zeZZY2I8E6!8%21h8CF~lNnQ9`yU>%$WXnR z^QEZ&vLbNP37wOFu(XKCT?0=?e?=_QHyxOh5gK!Lp=4>s)p2N?K#(*Lw-N1;9(tK` zmXZFe{F2PaEa%hO?%A%4P%goj1VRuVVIeLUk4M0Uy6epaH!+!VRbh5m$)%aE7#%9JeW*#?VOifDx=VENwI7ZHoCfEV>cZyi8j1708d>d z|MOprzIE8Kj`|H~TR|C%Se^E$sKjH44q>?O;_597K2>wnA&XXCML3V%(RUF0L-?g* zkK#8>jU!yP^a5Q44uKkyWhCcfhK%=w7w@iUxI819MT(ywM2OD4;aRalM8Upm#kz+W zm(J}Xq@EXMr1%p&A+@{6q4gF4aY1-dA2r~G(H{rZMrgP%TA{<@iMTt6(d-cfq z133GF00)jQkZ^#eXFBwxxsr!4$G|Ns!NYWtrnc)v+*|970yripOHH<`LUW*I>DXkY zFbH)C_A~s1V;yMR#Hj~+I^#8Gj94LL`bDMJY@v$-{s(m0 zzE&?FQtfY{uX3N4zJ=JQ5ZH4d#Z7JFpVDYrjBSG!?KNbh>Wzfys6-tfAp zJ9U3*?=r+DlYcEfNAAx)RMh|W6g4$p%tcQph^wRn3ES9Sr#8N{j;-Y4b-)3CdDR0D zy<&0Hma8cw@f3ah*s;7*aeq^NdoysyQChX7Q02u<=|04P_m3Ta7E9?kyWtG`wazi` zM>v|1%KD~rY;M_vy8JKU#py77Z7xsMdyT4pF_$KA0qW~9sdqgs7EsGn3qwFIbdk(6 zdG&%8sdCDQ=nu3wl$&Nw<8Ie8r3W;VWWMNKuz-yS*n^mi(BAGd@12&Myy7c3K^JLO z>;0b#NRB955YOMffGkQz%mTA1pSN}j0}W^;*IQjD)Dw6v(OR0U@KZLvsG^5n)9DQ4 z!NM-p5Ng7EoG}TZoTxy8NT(O@)s3ED+UXmxRvh;!IA*TBo^N?p z|CC-e?;;s4zHNRaB~uJM%e5 z@+q`g6<*b2bMMGBVbM6jle)|H z2@4hqg=3tDiS+?igWEl8cI0Q22TNG%9;7p1Uh7zIlUY+Aht?s;&-QJyW*azXp|Dbs)m_8!|?Uc-))g%PwT^@7jPq-|fJSh)3ex9 zf?}FO&0R43^5lH3VF)kCIAj9K@dsZTn?C`^nACwk^f{n)betfQ&|H;ZIQDIx(V?`O zAJ|xWl8kep2JFI&O$e4Ix80bSzz6i)fU>29;|Mhyf-g&6Xs)2vrhtH;FMv$c@+80; zdrUZ{)k9afS@FzBweyZw@4$p;VH5NZ!Wm*5B_LAIaH`)JT+~Z#Pah{y%<<(h{Rh!5 z?#`jzY@{FbbO_{cCT(@6rpRZkEy9}_v|HjD*lt0cT2Ortw{4FCCdSUUJzE#!-4;C! zS^VpSyDfS1+F-Xkz1?TE!ER5A@El?EEQkOE(LF@vZoBgkA=NQL8iIt>MG0Al3Hdz2 zgp^I@OYvJZZ=qddb@D;0r4=NV_r(i(9jd&7DtNh)I18PPSelYZRz^m0);L(GGfnCM zoZwSiM0)jutI~A((sm(O>_9y8sBVI$h>}y z#eDqsR>0WfI~OAy$6B>|BleOEuAmg6? z(dA^$BjN&3U^A-R=aLczYqjbpFyfIOxr5}z`3(WRn zB!&yrDzgbxh@&pShAH#XAL>GQ1t-|4W`8!Ak1kmHQ0ke#>)t$12ws?rmwq@-ca870 zWVbsfIGQc^hWX(y{lR{Y!4a~XDhpxNo1@2j9FB_}@2Z#}BgR?|qMqPH zE0#?ZT)f!Z@|`j#6BCBpjM@fuFahpure|}FqFY`zLXFp^L96< zBPb;oZaqwMcOEVOmX~yCq$4g<=0d}pp~1^gPg58erxXlL-hVWriDG!`z2;%WTJ%x%57 zf$<`rGcM2=3!p?^r~@^}Gm^|b?{OCzS0f6vjT6DV%eZ2?-{uKf3_c&ISiOO~p~*Wz z#7`udYcGK^nGOLjgwyx*J~0&$J14w|UwJq|?>}z4K<`OXhE~_BuOq7dwJ|NcKl*HO zE_B7JM78RXEJeD|4E?4^SAw>@e}8iH%UJxmqh7}1CbU}|!E!q1s@#~y6_A?y^k+vi z&c>hbfeO8=MlQeK6?hd~xF2aSH$FATMAY`->%gO**ab?McFZ@4L5vqvz$JM3IR<@mV-*-wEGK#OYPGy)emd0td6 zAwrW7o^b}6YMfsAynd)q3Zpz~ET~KmP+Za#f#fIJ>|D$+H*!6=XJ{X~!0g0skzNBh zh|`fJ)Ocjibo3}2;9TOwyJ7&r+hAYmqJJ@C%*+2edinP7^~*OW2d_r{ZKG~N!X1GL z4{SD&4h(;ny|n>su|y)m3B-$F7pa8=#3N-=Z8n%*FlL2l^_(ba1&mZ|c9CsFE9|r8 z?A&YbFjYMOENg6oP>9qt&f#X#DjX$Eb4w(P$bAq1&IzT9IcQFp5$trd72_|Uuk3A9 z84#w;D^-~4h)`N_rniai7`R(UB$XT|C}CmzUUaNRpe=W_g@7@egaFB@wA=3Y(^KQ- zaeDf@rIvFdaTionp`1R`QL{W}ksu3`hv8uYCK`CJ)MQ^$uyl;M6@k@ch|#316@w?#2&Gi)H){Xlq^K2p$Ya|b&`{>Hu0p#IxI~)sZY5jrLgbMo{4VV4aPeE$Jd$vW1aY8dE$?(!qpSq=&E>~_M^;7UnlJcBn5**`c$6{ zA|p|wUHSc`_*T7wPC3ObFRsyoTTVYbnl3Z!XStZ!t`#NWmJ9kX3_)24awm`#z7R6R+6x-)ftV^U=n@O=Qm7=J+%G8q}=h;M!Zk7Ao59byJbSsB+3xc{;hjj}AyETP&yLoW8dKG%Bux~A@hXLVAA>o=* z`uNnbA}m~WV7ThgaLvKt>PT=+<+>PgwNc_4;>6WPimQwjXOwtfTgIP?OgJ^x%8hAo z4)~Z#MX!E1J^-HPLeqCt130RYWb~6-H-1UwNFlWP|fw*iezOiirO=w|dV9!|f z&e#iDU1O+pH?#%P$7uUTB-t5BH8ed^TtA937jJW5{KQhmjSh>3sfCTkj{u(NL)FtO z&Q!%yt(^j=(Et)eltVPFiruCL&Akgr+u*jgG%cF-n}GC5Y6NzrbW(^PvLXqQ*xL0Hj=qJ>4T8h{?Zu|`+WU)!i~$CYQ5rR^Qr z1TjvhR13mzR|1x&I{mzM-_$NZ!YohejzG!S8kANbb3n*RE`pod=LGlE3U2^upwgMPdz%;(bBz0sDOL>8-+Vd_x+1<5#p zusYj7seUJmBUfDH@1Uk4IJWH9lGzIN0@X0R88yr6;^b&g6t@?*OB;4uU-QB^OV(T_ zr?_ppd1V@q`}#{$$Qa}f)j@ikZo)L4SI_gJq2enx{Q)Su@!k*xv3HIHYF_{ImASmq z29pV!PD$MJF8P2o+FL7kS9ig6fNf_w0HTu#3vYA+vEgXdNhGD>J?z2TLk9`m zk}G`+?AkD3%!FekWXy6|d>46CsJR5{$K zV!U%Xy+U3)whL;>GQ!KDY8mgtHg=o6hYn@H(%IMw<16jtX&nAERfZU2-k>A{r+(-T zP7>R=HzqxnzVVyLQymq|hFvoW_nH&Df#qi;}kh+_9v>1M4b}`@tuUimno6v40eDHQ9wwEr&wxW$B zlb%3rECO^TD!{FBTWw}d{va_TOf^fp;Bpy)hsYv|!Gz=2SWqbE#Xa z!5fIf2gi*N-ZiXU#jdohXVqpjW-1!Vp?^Sbz;P6a^#T~x=Zq8IQ7mIZ8cwcT#F*GN z5k@4nQE9!&wo%yxT(zmG8JOElI}<$}TJanw6kHlSf>$P=JH4H!J*^!}$%V}uY9|g( z+{%4aHEjt=r*h_v7lN3zoI7l|0;mJnmQMA?4`%ZVnm5I_yn-pY{tW7ku;LWDeO8{s z5<$46l3~ekAXwJRY#zk|& zrzGrb!GZ{>22UuGlYQrf3B9%8suSw3-C1 zMW`C5jL0~PbFdjr2v+@embV~S=m6<1PJvFugXVN2V$3J`3}l7DmCk2Pt{I8$wT zrmcOe>J|MrKcBoj?#WAey*37e!Qjc>9{fKT49fox_V!DWF(uX1L%o-42K4bYTGZ7|hMP{)wM@1T>VY)qYvjlWPq zWm|z>bny z3&Xt#OPP?Ku4xYbx2B$}R%Bc2cdiA1r18Sv8}HxuA8%BUff-56KSkW={Z05gVspi$ zb@!e=efsp-?zh8@cLMG>-@mtksZb}vNzzS;kRuqDO7FO@MvxwT2kn_fvtK!|utj^NN*12| z-9z5mSyVDJRdnM~Oe2Xpa4L1|FGcp%1Y#kJ_O`ZAM|Y^>+US^rqNDq3exZ&Z`qX^$ zUu~7Twy}x+O4FEK2y~oha8s`l&Av4O{>@!U96MblLJ_1UMDO z!c2_x^0xT%Q^i_%DVT=YSB`(bUg%08j zT!mvMj`Ud@S{35x48%{Cl2i(`KmckvDD$DX{-8qI={DA*HKev&Q-momH5>N<Z0KeQ(_1tEevrQ=4e}&Ypg1}vB)nI~p8-FDlIFyHhsmT&f zOa*%iF9@=P3zla zplnrgI)=`h-k!{ekHa+eQ@GjOdWGdk;ok|{h7{Og7t$&#pmia+w(C3bN))<7&{(@% z6mhK019d`%-KWqA97)23j)UiJFG<<=a2jcE+ zO{7oAzwoK_hq6HA7iQDYdykMBO-Rg`yGyF2gSFPoo_A3GHgGR$R{O-3tdw+!mR0=2DItR~bo2Q$=uP$tKJ5t6UFML%c!D|arF_5iNp@p(nf>Ql}KtTlS@fbXu7gi z{fP$GlXkU*)T6n&##&Qx42H5nyMMG@(Y8uurOar9`li7KXAO_Ss~QTqb+)a}o>My9%b_w1VcZmWUz z=%f_mGbYXEcou1?tcg zEa^H$6@S_n?p%T%uZja^GO7^)M&q{~;6PAPO-WEPT>EO=apP;j1fDQ7BT1&M`Xn`H z0^BMv?VSf~ow-v`B96Hq0iV*NJV}miRBg=-83SdUBFs4k8@cz!tJ4+!h~_vG=+W6T zHF;MF+1iFo0A3xV$VQLA5ZE}d&qy*i6?z-GAEOQ9dh2yXy>p(y?)9+p?asyq;~PtX zmBIJ`RyZR{usuZ-+!2?qpvuJqtXAY-US;Ix3DEO7&VJEz_8TONoPc@JN6;j7k*BUO z+G7+V5tPz%^Zvb7s1%q}t<3-&(p2Y#&7H2#WSdxMhIvdJ|;9TSy&nBpk)8Gw?Eij+kf51)1-y7QQ$zAUL?aQP^72R z(Sotn`EWxqBctH%Xv1Q-+5ry9TPVOQ?}`lR_VNQ=%f@sA1+fw#7UHVv{6K%W;oEyH zz5Y!-PK|x=en8v}IJ!|;AX%Xp#SHK4KUuZ19%HAhn)&=^>649DPxlvs6`c}Cdf&b7 zggh@o?k@CN!&%g1uY{qHxA9sCQ_H&hA-P*acCl*pso*EPZ4JY#Wd^r!;dQN3uj<~c zxAed$_s$Q&48038kEwoTb>~MDtRCQ$zjbR50js97>_lUs8533*40~!~XPOQ_GJ?-? zP=l@2_Kp{5dSQquljspBI_H_Zsu8Yf=jtef-!zdnWn@gy`26 zc8#biIHUdZVZV@7``6-}`UWROA6BCsjL-xpV4P}6scEN|F|aA`L#VILMo2(|S@Y22 zMqTP%Yhv0CBqUg+jC&pvS!qGt^CZ#boMRcU{l-wGmB$M8YuU*nt3&Gzrz;o=TtuC3 zPk(J4XW`;tnQ-_k!Gby^P+r=O6^<5DCxErmk_lfmW|R4?yl@su?V7FBCvC;9m3F#g z{+ku%rwr(39fAykUUwiH;L20w!MdH<@?ShR1NIeG_1{XlO$R(EHNP zUM#zyGz-@M`g*q2soMn^>rP&f@#<5jYTwm@+t`0KQ)oWl#&X-1Zf7KgalRpeE-dq^ zJuM*JQqKYoZKISMq;oS)?;8Cn#oct|It<2n4YD0Ty`8x;!Lm&sZ2*Kod%x&&%T%w{ zK?ADj*jBZFU)#QUX-y0(;pI75dH#H8%jS;p_CWm<6m7SvEv{*ROYv}RBIChZnQYj) z%jSgqam_g~iBrtYZ8`IZjZuA#tQH7${X8VAu$Z-(Ly)_eHcH|0Ee>kTEN8p*9(*eo z&Bc|NupK1F*tYpF&@X;BfBRSm(<@X9>4rM>-#!LX?)6t*XYpxXd7Z-N8cTmc=yWC_ zrnwj9Id+Rm_}pKZyTp_RTv>)Kw~s5I0#htY=y@5}3b27E^37ye-(~t5w9l`8JIAR- zvg3>s96x8NkQ~$0%51ftS3l0`TWUL!M#GCm%aB%gT8l;>&IaSw#7!H6+)8&gy7zUY zI}7V}Iv0i;Hxn6#AYZwYC78F<(S@`PhQC_O=J5Xg4Io~dpK&h1N5oBJ>E$&9q!QHI znMxapUf-eEJT9yD%|f}&KABW3UdL>Dg6s9pz-vvp#kUQhRPA?9A|4pxAx zytn(*_Ah_-XLb88h^U~I%I(a*mc{=Y?(OZA?Z5U0gSGwFeLRi!UuvZ_XV(KgiZe^q z%m2nip0JMOe&y~zi7wP{1OHgz*#O0ug9`VxwvH#3a0dOsIs?2KG(gZF_#x^@_A3`U?X`uI`X*eVDg z(D=z7Nu#n`{GwsWr{1A=`>am?t$9T|+W*aR`oF*bbhkwRclUSK@gMKyS!Ti6%4o+k z6o%u$IVaZbQ(Ms${7`t%AI`Icxa2CwIv+|@L@P8V73IUnL@`-85`f>Yg+?HC-?BmY zWs7kvHwW>YJc^5`(RVtm+_kR4+~kW^GcUaE2Ayy{!x=p^UYZKxjr}_d$fnS7$)j}j zRu+9y!`6I8qMc5w%Bxh(uI53E|4KCz5+LW@^A)bEH{mI&fZQKH(Pnsw7kH-CP)vme z?aB?<5}N?oIxG2mWT|1S+Z+1-l0vThwqD+Dh7&AUXd{~^I`43sPI|VO9v7zGE+sEs zRfM`o{nVI}B?iKS;z9*%_li3mMVUrnn;C?k)if)(hv`D`0(9oX)sJ_=6$eu-{V7$p z74+`TYDxuDTs&hOosl#yUl-OQj{g`!Qm)%bYr;p3Yq2^qNg@IeN5(pFv7d#dP(|n7 zwCjr3NNua78LV&zUUUvFuxpJ!e{TG#q<3|=vyAG=#NOT|qMd1sUvt44rrt^YQ?vf? ztS6MDTd`c_s3#uV zeYDurwVg{F%>TbW_tFx(+Ik)5G(B)JwC!b(dsEMuwu7}mu~+IEzI>PBQs;tqD|W8} zUeG}i82VH=_E%f;l$4>SsQ2pT-q1JJQ(lAqi>%98LfR_;m(lA$fe;$s}yu$(pa{vz|w0!_u=vV;W30>Ht!oH0)Sq4S}+kX>u~-iE##iT=HfL#30L zdeNws$5`~TYuL41faHQL7AmQ7R53K{4flJ4?x0iE6A1HyGx{TEc_v2amxnqE*u&of zx4u%DA|RkGS9tqchXeo>TYGtcN{K2DPR?U70=oOl!(0$}X>01ddJx3r=6Lm`UKm}U z{*P%I({$S67+8A$zw@+2|M!P`PuBGRKA!uc|E-CBaZr4(5o~=7v^oY@Lf(>z>Wn3z z4HLbAkar;8-n5Dwk~A2qYK=DhI0hSm4(iroB3P(5zH0drY4}Z^YtjD|?*6}7PXBjy zcgy_$&XaZi*ZX-s1^o}hzZMFfW5dGfaDjJ3_wV-p(x0A8WCtr=%r;cN+sn+1({q}T zDT!@vafD3TbQCd8Y|?9al@ZbNP2UmRqC9l2^AGJCh=B5fa`(b?j>PVbHq~=KV|I~V zU>+YF9Tt^b-tE6Yi_a5G=j!W>3He5cmn^!hULGDj4__P|z9?SsJUtNa1TnfC$ge-A zQs~?}F4?(cs-%t;3o$s|1PO!%x*$oSvyvMdjP z2bvHaGRv;;pYaU8$+P4i{ipk7{on51-unE%kEhXW**EL!Kh~6NLKA|h zP-kaCNsKOLB!zvfJx(c0)z=wG<~DykvRNG^D1=NT8x%7lAfgtzq(XYhL`v4>k30*% zz`|S?TiN7q%Tr-Jf{0!TV`q7WI_JX<>KwO+>dOyXez$cSE1R(U1HY|ErvbyEXlX|+ zO;61FGsez3Bb0H{H4C*3Kk{tKaZDBqceMw0XM{Sto$#|&sde=^*BPNRLb4?(o~q2@ zml$|eRJu=7wOcV}ubU8=B|44^3W6}WKD61s zR|X6!!ERc(7EO4D_sd#a+E7y~K~(w{J_QzIfY-PMhl0D`Tt&?mgj%XSq7N!r%}*qW3*&qH%Yyff!QOkb-A9ZWd07x!ySbUw_CKe;dH6O zwcOGzj2juFR{^;}>~agv217kUzQ6e4(b5$RYpysGHbCj&Q7NMB;ZggU@PXWDT@r@l z?{R|DsF;ZG-SXL3gmHsT90SYv7W4y)-SNMcta&3E^V;LOT}$TDSA%MZDs9G;*7%az z#uSf+I?pYxbi(C6;dnBkkydLipXADF3(PH;9sAjUt`&p9Pr1`#gl||3X16ZLQ)*r; zAC)axVP0iyjhBMRJTqf0OSWseDC^qeOtOe2BXsios2x=+qKQCCzVnipg)a5=~hfP+Bm1&#`%H}CkesA z+*S47>R&w&B|WW{b=vgxWI7&$zXr#Py>|B4PCPGe{;qK!7j%iFamIAyRdD)klpB{w z%*_ru%M6yMF&8hqEMG(q?&I8QdxuvdNbTkBXUXF?J+1iv7>n7MVIG6y z&nltc;A!UnhkJu3W&i)3y(eq^&%Hbq{Qq(jZ}^l8!ruZqRO@|OdimTMvmeiCdaGQ1 zyO;$&dmdyqP=p8UqYQzgtZ#v+*WGA_xr7a+sbauSSF;P%(~qZ9PNrCr6ZS&;dcynF z`p|Vyx{!+>+4&5}uyHo^oiu@;?sUQwQE+(JT#>*wR{LFcuAfJ;`0giPEZ&xHjXFhx z;=WpJXO#!S|(v%ww}H9!|AaL>E2OwAK8`v$*(?DVf>)9g~Ep53M$)lZ9{5 z7rOYq3ew-I+jTp9y79u+E}E*}cJQs%sbeyCc52t@mMxqGtS5B0C(hHL#aJuBY-=|s|9?PWX1?IJ-fx&IsN zJSoS2+S`A+yT1Rsj|T!S7$kUMml@Ir#Wa#Abe2{;ruroFEFq{fp$QRvQ@MY^_*uem zEc%Z-3&ue%{UhgaL^!70Rgc+dkk>)wy5C1}sl;-d6xoP~vn^uD4GNO7tEN3gW0 z3($osw>Z{E)1bbB-pOg)*{b{^sZ7)f(XBNBs5E|mZsQ}}mPk|Hlb^YGQ%^#wB^*0L zx^(aFLe1ufu9iBSTON~D%yz&EK%9!=8He|H6hE zH(xcV#hqu%ng3zW`T70schfC864z~>PQoIbbWBd3irHDVTkmY^-ML`zc3v@OrTw?s zOngps>yu1gRn(xy{dTin-kglpX?&K_uzCdxjMx9%%;Yp%a91-r70^qpPJ5_J*qs1S z9ks12R3^Cyn4{M0Iwuj*M% z{}*a>3LQkVOTe=D4|_Z1_zzEZhU@$v_ww8_l~_^tbwh2HR-aiEHvRIjva7JPMbvf6 zlF^t%nD;!it`9p9Is=<&e9!_URP&s&R;gpAil>-gwXX=pP-oaN@oqI!v0C-5t+J1A zi7c<|W&A*$j;8I^JfR=d#8yR*eC=_y3VN$|P&h-@1Y-Ksd-6V?>(YO#?Qe4iET#Xu zPfGOv>EP*_{@=^ z`)m4tFOQ*FjH5@laRzKHl$ziB-RKI{$m`j6rMx8qrV znTktKoL5xH4Jygpq)0V}2N{;LZ4Kl(OC?DqbfSP78XVYE6r4=SOJ22^;hWQgN_D{IuG9OeC#+IFu#j7_g--A_Zc z1Rs#(c^aW7yC!Iv4e!w{;z|5W^trfjGJdMF(ZqQva7#^Uh!!6|8uJR6 zZ_lI#5cva=4D@%k_AY;_^YUwZu6O>6u0kkd#k!OOSQh_pXYu^s+gr!~yO-yh=YK&C z3p60DSO8c4{!HaeKRldW5IWI;U|MAFQG6 zoW={5N3H7lRthrgh>zlZK#xlW=>(|zdvzEP$A|k{HS(iTbP+^=7 zM@sUr5#bcG`NHv|fDm-$e(>92koiWOb!di(g@ z3JBT&yca<9dxREKd0e**soz0dK5J85&%ReoY>~D?t<`ZsKbH{7>UsrnUnG`m`QZ~j zEAjtjy-eVY#?BS3As36{Kr{cp|8#f1l>c>iFxXl9|J=)?Hedho#*ZW=97_^|?+kia zxv~%SN9_jN?{j?7n^HN;$GIRp(t0$A>+Ky@Ix8&W{j+>byi=?{$29HFaY`pdNQYvD zV)+G`(3EOorZ8&b1p~vmXa*`gnsz}A_y0qODPlaIh^MxzN!5_Un; zDN1O1HrlYm&_gKqJ7V*Bo>F<$FPz~;Uvffp&&`X{sPx&~pW*0i<8j~l2t826P9RXK zVOqh#%Cc?GafZhYEdOuc_P*_X+x@n>^eVTC_Y|c5zAh|puGsBV z?$6G04e$CA^iOaJ8fFA54(5^*o#i<@r>8W{atY>^8}9XQ+kOd7{>UjO4P`t8>5M$^ z@G+r6hE<`u`}NTSL}Dt{e(so@{@$l)O5|bO8KE>!68}BN+3bX|MAED?LPPJU?MzC?^w6#0>Ia4@AfR!Y*_@e~{r!K)Hw|3C={t2p5XP4P`Q%l4P;L z`i5OioKP&DvxITIR<$KRE;j3cj4`j6(S>4a6TKqoRH_*p4wjT8?Lb-~NG-wx?`Kmb zA|g&Rg`lcdlyk23jUW=SiQX{+3CTE#5!ET}54>&E1bRY~Bt*N)B0q8*QHG zPU9nXgM|T{-f1Y1kSR&yghN3<<`Ed)tu3J@gEo3@!Mc3}q5gxeML zvi$tkP+iT>5u>Sm&0s0uMbmc62#-iA@wCOlbsz+e+IYF@;{LLdZO9KNX-qibs;`rT z$)>(?k`XMIVnIg`PKmJ0{0(Lk7|wR|R%BRhl_yO_6uYq;Q-ma0M&egAZL=ggWkmhK zWuIp11fa-e2FoDw`6Hj{Io0(1y<@?@`=4Js58SU`JKIJqfcNI_UppVS(D({Ha^-BP zZJG*+(}-*}thMXZgz-77c}LPYIn_(srlQUD^8=0~Q+yLk;v1m1n$aIPn=ju{s^syEPFid}9n(V% z8?dHnKTF4CE;&2J40GV#nzxQF%lHze06EHkDz7r=D@|j1PU9RW^=s912v|74J2wsa z5?|6qmVTkwIFHWsu5NMQ%?+tni?jqWJ0K*rf@%)v7BlV+(FQa`frL_inx^&&Uy@rP zZv`buS-NbZpaw{Wt!7IXXVdR72qFy!yeqAlu$G`TAJ($4w{p#dry16IN{hm+r?j39 zSAMBkg0-|6Rtlv}jwMlIrpV!%bdo2a&7|o$PH1eUPfj92&q=J9kS|^S++E9`Yx%PV z#9IEWExDFI!y;dh{HbVsl@NMr$@(d5vz2AiUml#ED%hu1Jp66zD;87HTQgg?DzDy{ zZEUsB<~U!kbDMQO)RVQ+GJpSPR!dm+5Gf>C>nMVPYaK<^bI&>ombD@)U%NbgizGvUknUxivH5-|3CBi?Z!GwhT~t^m1Y zoLz)8w}h8#vxF~EQIs-CCp0p4Sc0VTYtR+#t#w6fT~Q5)wXUeP+qK@QTyU*-s(RLXrzM5gdZ#a9MpxB4RkyuXc!ZTg zg-3!VNuw*oCSR#?qe+ZgD>u+uxv^GmRF(WwD>s%6{F7@pW>iQv<#>MjM~+iT6Y^-# z`}W)IUsHsZ%etqA=${G_u{0K^nm@iTp*JB-vhJ_x7W%abGu&i+rV{VB-^v*}(p!@z ztxTNnUm;S7K>LF=0(}Mu^qRyJw;DiemB~FS(iU(-E~-LV5kK|FY@JF(^>~uS8S~VbkOfW2e{T(-L3|3J)eI*yR+cR z=hn^7HYz5iBcd6ZV-tZ(A;zBnQC{he#h9P@adsr0E|QNhCf1x@(zH|Arisf$(`iGT zqVmA1H;<<~YtZsaatV8?2!z{ooB-)96<o8_+_*ig~SBeVpi!V2z|_ zH5_S$8LQ#Ls#^MG2xP*O9VAN>r3I!Hf$(Zd&htdlCD1G`E(LaTRD_P7Y96S{(Pz7e z1z2Yq;UQ~{B(oe@4cl9X>=I9P+`9j?{jSA&OD|WN4pnP8XtSa8+|?Ay1v$}Os8*G) zcie67I3vE_#(rA@>OOXx>B4%ied&7*H{U0@?e^gGR299KO;?99!KSMhnOg`!D{Z&s zw^Mhz<*E!+eO==J{MzX~{4D6)rqB|_BsydRH zZ=G6@8I8{17PSP}ET2;oSL6|HxAI)lIXU&W-_3el-L)sxU90Z#&R+HFDvQ_7)5^EIgYu|r5#=8YE}T0R2`U!i zcb}N@C^kqmI`6|L$@}nyCT9pX&pIi?Iw^xj z(eSkV9Fj4VS-~1bz&NLgJWLy;uu%5ycF~V|;!w9+Ck|<%)GS&X3B92NjaUly^Kj=h z9pguXZL~8SZlj(3{cSX?l}xR;ec7R zq_?OE-*9*FB78IZ@<%r{K@j!pAS`=J&Zt zhVea4V{K@D+qb{l%aCcQD@@hW7}uAY;Vt!eS?cMsl2XxnpH!jBa<7wi+u+-VZ7{6U zu`SyM!}i;tBC6{$Czi7FN&_`t>a*f$o0l9LFBKE9yx4ye&YDXt^>pdGz`0i$ZGCLcZEM6e`RhxmeJ z^;T0bg_Z567wx7S{ljYPrCsM*37|E-rml+it;YAYhGf{+{%vG*)KOD@N&!L7M`BIsdCkK zU-xt@(x|l< zRQmKu#h}`cE6PDtT+LbzTFXIeImne*%R%TXlY=D3shCr_7KG4R5K@BBi9ratmW9@` zkbC~L%>P;z@}HZ_LJ>>yd5xiEbro0D8l0ar`%f1Z=TPvLmen?{4I4Haj|bNQSNLu^ z@%<{DsEOur<4!zZr4u#r7jE2%7prvQ#T|9xj`BJRohtEj!cu8X0=^ymQ&sI7D|D`H-ciAG*D7?XWY6a4 ze4m48j<7)gAe>bTy~_n-5pmYw-vnp;PXxyRrLK%-(CZxJS<i zje~cOgN^ds*Moy5aNn8;es&1hD9eA%2)HJKpA8N+s&c*_9JH4%mh_<`tgju`=vPtf z{?M;ciT7#HFS|qZ^9bJ>1DlH79|ksRaKAnbEE7QVg0n1JpTpI~?hg$cb@*Q&8dea( zH6}I{yFW~9yvX@_F!4>B8>6oi-*Xt#b<5YN0{gr+U#xWm>s54R-6}R}kUq0bxL(F`S+|Uh>X%#bgt`;2reld^ zW!f1h4eLb+zPIvUu<_AqY$yHjXf;JXU39cn%x9lee5eT|XP>z(F< zBG<@VUsnjBX4`95rpc+^6>2~xR|b%3(aGLEOEc*|T}rN2&ZOTW729+ve&N)9Q zzSK$ImA>mF{cUn~w$3%VVv7EDPW?ggrOy4X^tJN;HzpEnlm5TO9m;*=|8Mp{aK+jN z32+tK=f7_gG@vNFEO+}++okFKodWpKgou5~BiFKAeAIP66xr8yL zSi&2xlS%k$4p|=wwS6jyhMDqo8I=Xri6RU*hvlnzxokZYGQDtRR#RE5oF( zWs$WkvX({GvdCv7i>x!<1wj5x!ic@KT}vZtX~b6iy4mlwG~z$ElD6(kcKhC4!R@=s zqW3fL`(AE^y*BKw2ZWZPkt@{J@q70McHP6>r5w)P8FsfQ__^72w<)+p?sNq|7pv}1 zV|cwh+Gvy9>X-WzcGpdEt*f;*zW$tzua_X;XJmW*xrCu}U0fSq2hZ1Pe0`nlC~KSR zx?HNZ+t=B?%T_N;Igz~+5mSMS2 z-o(DHg>tX-S}0!&+W^vM3T+KYKYaj5U*~Cf0MY@ZtH=PP z%ZUM`D@eBtq_5>%>AbIi(r2!wqjZTI1^{&_ApmvR1wg%m7=U^O^}0XjvOs;|ZoS+w zzT@2EkME7KBl#N9gdEL-QHgG+*k)A0oZ2at3#t+mc*CKAkZQ5gymZd5kzQ5jw!xwBDzd3X zBty#!W3YT!<|`6YC2}$Mm1oGNuv=kM66ABN7y7PhCcH}DE+SjTn6_ri<*dj(dLeR6Y4st(=IHz)?LIpAFq%DGTJJ`S?Y& z_nF!Cd#-bEo(|6;ExvoSZZGq}yQ)>=Y`?n`MZcv_N&tfKM@aZhI)pF!?u*h+6m)P| zIx$YhB$|SavMPd0>i@!>_czR{5Rh~QU*-=d@Hp0t!OvOu%bLt}`BGmcDpg%|4jdA^ zT1FQJC8cB#Z_V!ipw@GFD#Kgiysxk2@VKp;UYN%BlDG%Bi$<&`JwLE7wX( z$^TpKxkOAzs0`A{d8t6Yls>3f?`2YJoMVB}d!?qxM6+6_6ovDCeC}6$odUm?abYFD zXB<*^p~cakxibZ@cSWc};}0_jaz=@z(O}-Sxv-cp;+ZLWW|UUxQ|mI`ZJ4V#ee+?) z*m5Ok^retgK7Ey}agDBQl9EqdMpu6Oup_6ICQ3b!-tF46rzJfuNQB>7`L~mmFV5pnBx&Cwyvz|@%W_Z-}#Hu`6>e?r+9wb5Jd{Z6dnu9p$U+vCP)badFqorC^`H6r-< z!aB6=-l*R>IX&&*LvmUya+RAPl3jwko!eUz5oV*iyJyY5IA+#_aMMpdr0IH$3XfAZ zZl}f)613BSYuovVncY^mm)$qLE5ffRxo+KH*I8_%)9G}MdcF8}r_-7H-9P9a9zW~$ z`bW{9{e%9q&cV@fzxxbzR`CJCKw$o?^We7TU#=!s#OUqkJ3kOcI2Oc4(F}pUnIGA2 zlKT@O{9w>-b9~(zQ!xoI!hmqgV}dZzvOKpvog+=pkE--|`!c*B=JY|^#gw&O%;<;& zBIhnM=dN=yqKw9xGv=tBa}P03AZvozm>|kb-@z973jM^8$8Exq@Un+uLIX6S4nZTz z1A#cfHX3=3<6TD@!=dbQu#>$;@(T0)wmjDj85K9}32|K0nqV%1w%~*$Jx_1Uy_Fg7 zPPZr6y4-o*M&@0jM0O*x5AhyzYUo6RmnhYMsC9;Yd_f&5C<$7TnoEgVKhT^$Q=bbp zWjpjJZHtZ&W;WXM_=3tM3|~0JUbsKv(CsbCv{$@ri&fkFSeaS-c|ilUqBfJN;#z!8nHVAC>%javFwkC#Jj*L> zjY7wX7o})-Ki+Pfks||riEtgW(9vQ1Cw1S4qY?d#4AV&3#*BF)-Yy6RJJE}HAF=B! ze6)bt#KOEa)yb_wN%RF#W)mh*FR3+NQwM{1dP{j_SEI_fSW-h&ZmBZqFmQ(XjefzH z3>jSm?L{)bM_gYlTYP^XeL;VOo*>h%XY+adFZO*+CTXQ(iSF()eu)O9nh%l>9+jLO zii}$q=FZ=Ph{wN}Nq?t{lftMzeAD70q>lKBDFDi>t;RIb4@pOnX_i5jM7dNSm!qbj zmd9d0*VyzvzQB8(7wDkdeSr@8{THZP=GKx!z*hzK|1)~!5MG*VBK7)FgJOreG&U%7 zRE|q77S`kyyU}trQrQ(ym7_=w3{#F@4s&Z1*MXJ9rb0T}#+VTy*}Y6WE&_q{4zRRTf$YR3OH{a3+^4f#=|d&$>WSJL4JjQKklIscDXrjDJ9+Azt)i7cp~T}gcB(Il zIj_v0u*7KC!bGMI zm86{5p+){x@jl5rVaKW#T*D=pm2VcPv{S4q1BICrp`u%w+{TSmvsq%WE(wQGm74kL zTD;>s;h3_in~HJL>b4H0elrh0pDbM#4so=6p=>R65GwnfFr&ingn9xf&y%!Rv8e+bz3 zlv6e?Uqj}rspvy5o3N(7iw;;!%wDjVnCVbG787O9mRwAnz+xhOCs<5u>S7`Y-Mwr< z5zSP|Dk2!>HUP~9#hvm1(`{K4OzqQ6SrJ%aAmXp16DF(|lw#Asckqo`FtSS(RRXIO zjZ&~$sV=wqs}`gtb zG>c64=CzCXo}TwKN<{677J8&CP%(iTl-cC-J;qa!$t5Sv2D7UZYncyaMWPxsKaLVm zyFgEDnj*-G2yQe#m$Wxk#0>A}1~IkRqo?PCor0 zhYw;mPNH`z@SD1}Wp$+99FwA+WKVcW*i)I>O18F8r?RR}VO5#BYHestCn3&yR=8h-Z|Z?LcRb`xsbguPEPpp>&kyabS)cVCfgD@~cDid>n-XsD=? z2zn(&91W(7k*UfVp_5ap%GM_P$m--#GfAUlY_^cbDY_w($4W#KZ;5@#Oan`y8jVy> zOF*C5WKc53s!9T-ll)09nUhSlS0`_(NXVp@i0P5+oN*4MKwuFDL(8+tK1vfWW$^@`o}*j%H>Yy^J_onQ+pn zyed&&Me>{F?HuyYc%t_igGnSUwf&5WjYBP+b)%NnY!gKp`5)2zgIwibX;EkZV*$om zHO5lzK|DUll31+(WX(SZkhNtXtE_)3Kv{8=RJENy$72&32ye`>JNzTWOi+jHby}yV zFVHj}t{yB)R=BsNey%fs?e5>Z!(mi;o`fLFjq8y8ee@i4p8~O+o{9;2n{X|4lv_iU zC~fKG+9M53zthN}>35bNn%CrVO1C zKHEkUNiv$~A6O7(-GI3S%q5FB|DdakB%I=W7i=Zv-%vS|HO5v_{uwvcRI(%K&_W90 zVzxz%6vWaxA2Z4DCT4H5Nnmm6D-&ABgoN|hO;kbh*qMKIQpPQl@o_WK%EhF4y!R6( zpVLpasFkK}v21nfRHOC$L8(mj)B9#}QxUk58WyuOMfZzg$%O9F+FDLxm(9Ow=NXuC zpUh#hV%b}Cw~ZJ5rP(>wr7aX|uO+g=Dr(78#P8n4lj#NppXci1A)|w4u`hL;IPBGS zDKmffF3evsr})AlW|G)+DW+SgI;sF3%jJI6&f=PkK?%{5B$i&ib~Ii|ZNNEMzMR+{ z4zW{mI?uWkQ)ZdiUhS0o({8kisv0Mx&{J7iP*zW=tY+@qH{o;hrPqY&RqWA!%nw<4EcXoah2r%Eg4xz0}N?^o0bOnDbxR!h!JD~hAhAdvzE=E z4@(BDv3PvcJgyP)J@c60o+I(3s!G?YaeQR)eI!nM6$(`sbqLKU*1c5Iy?Q#iO5=_|4n_U_?9g5z3%(KZb zpVWuGXAkpi3xoWxq2-6eFu-GyJK4qJH3&j?7`x`(=5@UMWbEeud@}C#QxCpqc|BYI zFk4n+u6#jhEiX_;`|^`v`C&!ExBOM7`aM4ED&ZKNg1X6d3I!6q|2?)uY=+lKJyGRu zn_Y^d!Bs3%^aM1HJ1_k@HRMwqM+1-#0ptV7C#3|)H%GVakZ+m2Jpg<&SN#DW?C=5H zlU)G!W~c$~Rg*U!?k(JvC8OlTCs>h1H+lY(AW0_VD#CZ(wIqCU=4C&mO1?B%do~ID zNU)tOkjtpv)BnbllcQx%UtB6^@}Lhvlk>YrQr1MuDn0|Gd_SaI zMvU~P^;qpC`M5lRk(qDc=uGfdq%NbvfBOEQciKPGDU)k7O<>Uy`0&Ily9E|VAl;G-@crq@p$eboWq<)5nE_U0D=Ry7Yo@yu zlfg#V%2weJe{qBMe9wMrBiB7_R%J)L`kt+EwCh|o|Df!031B6NA2Zt%E3|yDE$m>P zm@YFDWUS*9rb=<+M>i*!+nxMO%>*_bC`g8OX4(YvS zo~kp8wCZ^JP?n(L0H+2TwaZR2$_c@qExW*;T}ce~>`H2|XFs|`k&|J+9+de0tyGn(RMRFPTxQOvw~Me*F0Hqxt5Id47(5 z{BhvAgFp*L`dA3U*)r{BxFRvjR=7w#o*7#QzU8H23wA1Hn(HYmn^h|i15&eXUf-h( zk4-GQnH3UqfQE9-$&+;HuN}O6$s8&h=bSnYvb}4jwcw`g@)urp{BllSV9_LD z_n%&Av8kp(BD-|PG-G`hx)+4&^dk0H&(X*#W#!$nJANQ88sv2pm)9UJ(#E9Xg1!cU zDJ9<$fzk4K*ero521u<^Z2qyFQvryK26-Jt=DdC)v-&wE5f+$X6y#eXF5lHpT-Gte zy!C95l~VFlR`gxf)+{P^`>21?CA}lkBYo@m0{1$&b9~f0Iy~)@(ecH>;oMn|zGwgK z3UhP1Pw=v^XYl9fk>!MeApGTS`bT_o>M$~O7l|MEp8axnIJAiJwCTL>1-bS0IB~N? zcC|AcNNOp0fsxv+=k0ZKQXn{GL(D72=~cs8{Ys z7`l7uWH6YX(iwAr9}ci3=oJ|}DAgH^{QwzSM#XiE{VGL2&7uJ8_T=oQWs<9%s;Nk^ z0V5y5jZGc-x+xl9w$d^=vuW97z>WUr&=YuD+~_%GLB#Dkyq-g>NWGUbGjLq<&xDMTQL3^0J=f*dj{ z%(sjx5-vmT7)hC0CmG3e$E+;-HKdPOXy+-@$JB9LA%o1*XG;(8n4rDuwudZiO~|%o zNr!|oifdzR+wpRxj;2_!ZL6rkw!L!Oc2Vtvd0SpdP0ia?*6kCpZi97ut_sL0vk}(q zO|or4PMKmQ^~otyF|#ie+|uxsEeXo3VOp64(`2#v0mMeySc%xYzs5dDO*#3NNX?HRHPXf)2_Pf^gd~7@ zosa~u?ve^g086{HdC@#i6U@_~OgS~n{g-e6z#-XGzxXTQ#)`r7I3~q3Z zeHhzi##YNL4&mth29mLsQ$sS=8U?J^Hoh7H)>YIHu)eN6LX4Wrjz`>XRJ z%p~Un$1HHE0MP-_sc{(lDn;iV76f^tY|^pOTb$UzKyb>)w?uI27|Xr}!O7+v0kQ+K zQ{#yCb;!>Aq=U}67eP}Hpi=TJ5uiE-xNpYf12R-ez9lkL!$|j4$`FJes>s(KdWeLF ze9zX)at|ShiVH#z^@`M7Vj%>vv`bGDf*2q0UvLLyL|l9Pa>x@@lY|NkT}VStsw4&&a)2tZwNw-Zwf z41cpC^R&et#(z`7_wI)aHa-d{b8Pu%!hw~CnLs!Ygaauq2nU*>hH#*2atH@P8yya$ zJ3~NRP<`WqR6U3TgVYod83d6*YO*XcNX14F8MM)nK}RZ*G%%=w6PAk$+Llcf>XKnH zu6nTh5m5B)?SF1>|8sZedv^T$KX-RpOS`z5e&hh5Dk17uaQGXTf{kO3e|DFGnQ zl5H?RUSs?SAmrvEtuQ>sCN>faUxZNZ$D5g|R7m=WTeaQ>#0`iW5Vw>P5ce$Eni01}sIwP@F1omh0WsQ} zgWscI$O*PHcjNrQS1&&qpNtpCCRfxVFaP(+*lXM5s=fcWJ=e7^oXeKq`t}REa!Kpk zFZ{x8efuSdeq2RAKF2?8*NlGR=>C3G*D@F$eTx=*dd=xH_0z_5bsx+O#WLG%X87q} zZ{P2|izMpX|BJa*#T;N&DDNFu74q8Q%p9;QG}o>mZyfOLOd);TdJMP~aO+$ZfLj5# zrX)4Nty++^mxf?$?$&Ex{Jrov9uxG_zhEm|UP(<&1(lY96R;G3rC_d#dsqroj0Tp1Ray#? zMRSE5T3*CXitGR}l}!SxY6+s^qvfp@$^`A1*`n&ZFK4$1#EtVf%hGtBi2+pg@*Sm` zolNoV$B!RBns45i=jZ6h9|x{G2(;F=J{E#-woJPj#+gvtCafGMp+{L>=AUJ{E2?E} zu%a0|m3hteos~`U75D|Ig($D@Q3goUD=nvY5>thSuFuIo#J0EB4qm=wj@*rNP8|o? z-Zj%g0F+(+!sDgEl3e<0G(n+1z0%@TO=C%R=?rSd{Va4Z2-oRF$Y=o`tyEm9-3Ri5 zATN!Um)9UK(#9my3;Gs;+*HzUiQJrl+(;Xnu2vIszn_}>w^e4ewxqU0WX|g+GOzt$ z9RgFiHI|nKiD|OLdY`R;n~0Z%6V4jKG=@7yn9lki1v%Xvic6BHo$8{IbxXA@F!nV;Gm= z1>uYc5|}RiObZbN#TEr|eFqE5#tT~7aA+W;nn*4zh1f1doSz_{V;OqOJ(q|H36*DC z$GUcoT+UhYN{mSo=vAUgasf5YvB2oPDq=62ON`3cKEv}Po={8?B?}zmkC5=2cmuEM z>qM)%Xfai;D-2G?4IM!%s>zrzM>$W&gK>|C$!cdW(k4USvxk(8yh7HJGB{P>&ys~~ zHGifH;WGXfcpNia@N?GVQbx}d2J^1X?tCT;LwM;kqqIt&T9S0xVr~;4Gw`oAQ0T`-(+UanYriO`~6g<*j;o}z1e|&*Snsz8hCY5Eg@bo^IVMH zF-W++$))aMR7~{!yA=gvga2Yhg&Ek6ox-xO)(*plM)M5z?DY1nA`2B77H^{BDG zMrMrAUduD&s62zxFr9B+Y3blZGvR7&^MYP{WQtDXBwf8|x#q74`j;maA%|YChW%!R z*C7?~q`3EZzX)X1zpef`)-=8E$|v1n_|P`HKlb#?{r)j<+iK15xnx%O#}&%mBp=M+ z+J|ergYs_>LH^wjI(t3#<6ZiSl`=uglO7*P7nX`%RA)8A*~;ERZX+D1 zh{{fVRJW0vyYt_@NGmfep_MoFn`!(3Yhsx%7{grR(R&gsei(dD9;3IDc@yoyuJL$p z%}nwOYb#E7Fq34vikUpz!EG#>)H7f5t}C-qNw0XfG_%$D*Dcf0(b^jF)f?TnewD5K zDTzxEuDdm8L|r{k(ejYd3(tW>90rrfFMia8R%D;)cP?Sgiv2r+hP=jjx^FW=#R`$J zr*6g{h;Xf$gJD08NPXJwNARj|i;0wkW1GUEcsIo0>Wcd;yLP>0Eg?+a#}U84YL*=~ zPTFHk{T}L=+&wFJ5=$jRJGH6ku33X7ypv?at{3uvvS9#~1h+rIa)h!CUt{1)Jbs?D ze3C4TAN!cY1;7U#NG*zZ#nm69E#iz~Z)`{#O}+X=Jyid5iH`IM=l+T9&?MKu)x)aD zUOMpgINUHyjNAmWe}AnI223owFEG3?$F4+FGz&Ce=JR;zGYu2mz}RNWT4w956*RFvz?i zh1K!msc_$ICpf`SQ^}9owXBS+7)>#w5!gpG!SDD&KVzH-mon78d4>6)j2)hQDy+Ki zDFZSvGS`QS)c9-)8URId`m^r%8dBJyvxH=hevvy!aM5|uQ0c_f*hqa3_WHG7fCY@7=9 z?SGfeoMW}^(Rk4D17$-QO!Tq24dtvdQ>~cfq5%s_O!g7nT7fg@_BKlM9UQXP#`uKj zDD8hL*B#MmHSD3x^H2fK*6vv4Q9Ez=ISp7o8**S!5sOmby{jhmF!e)%5Mr!5EfxKl zr|8$PJ1QVsId#uyZM)_5H_gK4%4Xy}3!`+qY0p8QQ63sXo%Yf*V2xN)H3EEA9*v(sp8Dpp_C`xUC zXS)WmL6~QM2G45)W3%EwU1KaQ5Sm`YV!s#bVRW;xZyojUfoR8wZ8CN8$32!iV~k71 zA9z;<=u=qb-}=;Ky^Ly)5{9gU9uQPEHn{s8$!X959rVDPx0sTA)tfJvgY>&v@9?c^ z*h0yhHJ`ri{E%0dJWPd^UPnhA)((!EK@~BMLc%pOAlJY9$ay7dGXgx+<^yDD92fNd zI}te&qL@5ZnZY{X!tiA;G0pd}K2JZK5n$dL)|CqkYm5I%WK}h##%1I z6uiqvE>+(h<)D(E+%3U2uDxXg-sRRRN?`y(yMS(Fr>~+RwDz`-2-8|(-x(L04v z{~7`0nzX!W-o}U6k1-=4;e*HEBn6?7>Q97``0vk5)}zK~*{Px~dQ|7ywdbZHg+hy! zdGDO5hAC-6mLZ(+VrMk1x`e03sx+7-mMro*^Rf@qvr@^HIESANSS7M92xp(Ar<+%s^i1 z75_xlzIBpq^7nTV5$ws^p%xfO>a3_1$r#H!Nor_qm7gAwxLqMNnE0KEBT2?*os3o& zO=|0xMj0)DSAQHDn-)YCtkhcb9^LW8{eY&(QYhj-`Pe-lYU#|eUt5^P0Yq_7p2>9 zHH|XL&zg2y>9fjVFYl>@jpW-!+`*Z)(5%}gCX2-9_fC}%+gI2P=)jvX@e-Sa=yBm~ zO`+}ar0Ty*UFiu;Bp#=z%wS4+%C3@DA;|Kqd<7q{UdVO*V_jG<19<(w<8EZgKI_TGJwull1TFafBW*8Xh*&`gOivs8rT_5r9C z29s9e{NC-vsFnS^D99sMj%9ZtpoC!lsDW7-oPA{yR$-$~kNc||_VN!`zN~yh=BKrN zS4-bl?$IbH?Yr{r;c7-D0jmrU01#V+v3MrhxhVQ+JM*j9D0a9JK{^)_ijGu*{CJ%#MlSFgE<3 zeX05G6N3E${^f9%W&t$pJ}`Pa^cNW7#7%J0y`#h*;gF`n_#mTbP$0iSu2}EzMtdkO z;qoRLAiLKt${3n-ZY1xulIDLa5+seb)x{W-oWjnGE!f+SYH4EIMr8i?6!0VPWeUhw zK*M>N0u06fHU$8w-an>**ZL*2qt1c{*=?VVD{xT>45+c-Vgcu9ZPIJzR2f-U-yn2 zc{y<=__EuntjhgY!N%1{(gWUEf^4{C0*DPx4kBy?-PSBJmA6DFT_fsCq(A57_r0l<@#(Pg97IJCjB{bV`>0 zkbpRRT}&NHgd6|OP52p|$8Z}>X>jb|-R1*%FiO15jkG8J6QtNw2 zyq?=VBgI3|IohuB%!y*QxkkC=JEO`W-$QdE+m!8|6EtD>-w%4F-PZ8-Wwg|Bdpln4 z>F}`c30X~Pe%E@N2th#@55W|*Iisy(J}X4i%)x}t=vBs$8Cw@TV1l(<@!3f`e_7(o z57dA+&6$V_ecyu=`ACY9rI<$;lpIB_ERpmVXmCHmT?aXa30}Yz8(RLDfgU(N4SZfF zLgvM$@JM;E_g#k!S;q3w)luep)#Xse`iqsMqYMlQntAt;jX?>jp}MaBS2ud2myZqe z1PS*-FI-yPhhn$fsWRSM#gAo3p^@2C4hso-@_b8CSndd{lf&eZVz3Nzn!9yk;DL1}E{~e_{7&T8ZvS4a-!qYb z%DYP!#7ruEV7>Vbycq6tdM3Q$u0IG}O>W&aye4_ee;geTa5i7R%G86|Td>#dw+);? zD_MHup8Sf*V*vN0&ppfK+MG_zQv$2{J4T(w_{5jlozOz?c7FnV7t?hqdRpU=%baSD zt_DxWTC{E_g~B;ULbWKuQ`?^$$c8s`HYdGC5janRlcwp6Amkf@?|w#UZMnr{AQbPD zZeaMi3UKbVm$l2VWmD8{mekRD5Y_5IVqk(l-<;6d{H!&TD2&!(}(VGCU8~V3dGZW+38PdXj&(AAeB!U2QSo% zi4&(viVZ=iDIs|pV=j{8SEU3vd!8~PdB1t@sO^K%OQGWMMGS)1gzjY&vPs3TtU!kl zy$7yB9G(n9zKye?GYPu_6tIg|L}KqNw2^W=Uau=8Dn|jCO_&o|D~W zgWLutiA`m<6C65-(C69`ZYXS_n#1R(Zk0g%NAM5&z9F5(-=&FH10klhm{ofNU7FUP zeiGi~cEjkl2@&+bU^h~=4vY9>B=131L`6nz25sWscf*#6p_oE4t_bw^pA!si=qe%I z>e*uQ8?C4~gk@=|iXT3-n(mPXe-`tf=Wy?23;r4R5frdT`p!@hnpPiB8|VU6Ga$DS zBD|co*WGK8VZfk^%v%H7K^CsV!&_Vk9{SA8-SOn*!4p|VWLb97^a$yEpKXv|5Z7tt zAk#V&BKFe*F6Pr>>QcDeD!Mn)(ymQVs?mL{E%M13^rnU9HfYNd{*8FEnV%zQYqtyp z3xmo;`34je(d4902kHY0@nS=~CbeJ#IavgOzM13rHN%^NoRa3;Ae|6Aem3lv&YV?m zFBvy`gFE7Fp6O$OQoxvsDUkd|m!gYfwu5;#ExJdQYxcsSMAu;py>htTXH*m9?&^q% zjMv(JDOrMUL%iuCH08HRkPhcF_POLolSobAU#_>*auUL1Th~siRz? zP@64mV%;va2q*ebteY)z2YlaJg4-^ap~f#hv{Z(6OhIp3aYBKtK~tbyi$qYa)i4*X z$fQHa@@fPh0uR391w6Opv}dn7sK^QqOktD>G>g>_Dgw5xutmVix*1qmqx{0O1K&gj zYld(HENn+^`Np2jw+8Yy*x5s@q z!!Ci|CJxr{xWV3ee*JkR`=>6>gvF?X&wa2#OTpz4&IgmG&PQ|!;mW*MIommnwo<}Q zuD(X^`Bub9e2{V<+J5j?;|3-S9Cl%Kcem?^lxyKb$6xc%7{qiZXfT{?B@v|sv>G=Rz z_c)AS6dTbG9V9=OZrAFqqCgakU%}hMD=NI>eqf&x5fNcMk75-G$6ypWUoos!q*x7k zZ8-^0{V4V&#mJf!aeR*^<@43+=hBeG^f$yuJWBQoJ6RAi`DNX%Kxdx}O1Y5nW!h)( zmrt^?Hl~-fzwY-`T4(IdWv427SAXcKZ@oDQi<$@9vO*)fwH41CQoBbu{BqUoFskJ} zYYKWA9RfYRc2bXA8|j^;o9qEa@L{b zl)OyJHEbw=Q9;Qy#F+bxizM<$C+bt1T^TDr8u3+j3m08&iK4nplbTLQcfC7T;cdJQ zZdvEOGgXMlDo;$EY1CdCuAWBKp=#OEFeb?NKiqcPrJrV`uvVk>89h004feewq?qp$ zldPU}iU?A5cVX$%Yt+&f_3w0+D2%}DV|ByM?uae?IEY%E-&5C^TK~Aqd=R&z@;ci5 zF29?*&a*e?6nkXA&gdwz^qpD25T9YVuuBR9^A1?iE6vyEo2N|VTCPrtT?aU383sjS z$Ii-qDSTfn%nW-rW9{jQbVg>cz}AuLfF(4IfaSN!q5F11b;O+x49aHoTL@M_hhUp+UBbWG^N(4D>R0R&)b?X{J2}Ps#xbxLUet ziWWcoJ#FI)LoCLWaY`u*{j9B9G-aBiuz0BG-?@yr5Ti@CJPm{TRJuhhXlk=Fof?@j ztJ7WtMpU^@+ugfZ4m1I`cCc9G^-5UQ5EpA-#wu~a?q)%>?YqI0q4 z%@tD3vWvHSng{#L8|rZ0Bz!tv0?1iIFyEw}QgGj72J_Fi>;|wYr%m14sapX#b;K!b z?~6!M?od@r56aZ=ZbWN~)X=wO#D;nR+Xkr$|w5*FVDPe;9TW~~JJ`1GsutXHt)gb1ej)&rs& zW6|Zm*_Di)EeTj*-1-$lqox6Mh297jlGU?R5`}t(Nqc3m!u?y-4q^xC2xOPL+#}PG zWhP5k3GleO)U>*Mf>hAl4(p3B`|neNlQQ;T07dKbcH`mKX$!xrq6AzzFJS+@1$rO&;q+0fDwNo z(7}4GX_<+bC)l&_ed3&p?HIkGo*<5Ly`!`R3dt}}y&`V`@9GrFtt6MiTC$a$(&kab z{=#HB*W` zT}+9aYT~mTjBTGLdo%*J;T3A<>PiN@!`}Z7CH&NboNoFBthGZj4L-u2u;xR?tIrFV zD|!D-2@i>=F44GVz7vdbzm6ltB7^V|4G0|*lMX%2ne%xSEp@@pra-94Fi`2uc(fpET{PTvGiIgKNcrkEeLwK6 znbB_qzulQGeY?N^fpABD0h#75s7KuYY`S3-B92%e@$1)E{gJgwSsLl>rt0w0ry*^P z5#kC!36BCwxVRW0yLXB%vKT)?5KzL3t`;v!c-t*L#u?vK1vJ5$Ec6>U9Tub*tx>Os zQD)sC1aK9Pj%N5!injzw{S`o5w3fw-DZC0Myr0|4Ip# zeVCliclFr*69e;Xx$uy!`!?EfenW5h=cU8)i55Hx4V%&t%SmRm%EPizFD$^0Q@ z4hHWzBj?mN{bx^`WsvY!j8;)NI&QYK&hNnrhg+XdUBg0_loUB41D8$-9nrmLEVt9+ zuw8b$!yMix-;cw&T2C1}*l^th80&rDN!r_IvHICTs?1nB4eFbE`+@F?I?-%Ss+<4K zC#hW>BU9_FuVK&-5mRd42^`8^gC=Mbhk2z(G2yo2ghR8tSI~*!;0{Proo7v-Nm5@+ zBK0H!BRNAB7D+*ECuverxQ`MRB&u4=5^GZISF5;cS=J;snM3yAA|@xn59~XlEWU^M zJBMH@x?<@}!t4F*2|@jTacPN>Gc=L#wB9yBeA^IIKVjoRZe=B4Zk2>?R5q_jireGU z#U|+bOApCJCdNZDV+UTodo0Gx4JN%mhY;t9Mx~-yEZ+c@2!75ts5jn?$~L4?F|A*@ z5S*s%S_+*JovPg?b`nzAv>2FT$BJM0v!ak;?*%&6SbNdmR=}v54!aDKEBK~P}E zY^QEbUa;}Tj>O!4`-%h=`04t`+QJ8^dk%<7mXu=t2dAYwSzWcFzEmfrk_soHnfFoE#2c1`Ocb;sk3XTZ zlg)oZWvOLJA@<7vn)6!u|cA#EyshSsiCrR8iA7)VP1;%&tXd_e37QXUKPSa19lvQXOQ!V z+ugT2Ltj=(18z2`^DmF6xBo~@^suaGKO=!Va`ErTaqf~Cg!ScevmBJkO+7+-_LOkb zNqv4jXYw@zx4n@5(B0J1f7(IaFS&85@5Dg{aq$tgXJGKaoQd&S0k@j1iMjtkq&)gt zfOZz1P1t-XRj4*m{d5gqD?6mb;T*SV@!3~93lR|HH#>I{Fq1!F3I`kZMNvj6DNPlx-k2 z4OEDtvVuzTqL*i}CbEVH#)a@bi35AJOmhkJ7Hk!~S&x zs2bSkfif1KAVCW-AOw&*28h89UWo23AM~oa7+f=)quLhuYNAHN7Oy`TkA>E(|Ex1L z61Y3vF_Cd`yL-2iUsn3ZENlRaI%l4}|K3V`b(0>cp$z(*tOBkHRj%6%`fRB&zfFSS zSH3jwI`lpUq7$qs`5M{L){uWwv%5m^OGWkGbqUV_rlUF>-Y}g?$^#@-LGpAs@0)bjZ1+IgK24S8-UEK|M32bQ2r{UAzadc(3e?_)bCFF zS|mIL^b>pmsysvA&#kVEt=tyv;1KFl1k+piFwCRzo()x&9mtim2-~O47nB}$=W1=^ zYP!j~W{$IXHi&n|^xn@G2Y|tz9{;4vZjJ!D>{j{<8OUSQ3&xQf;Qkt5x>xkO5i&w! zT0Gz723UYfKq_Fla?Bug9gW~|aRUa8G0IksyfOyFYMYud_r9{fBzpfQU5_THViy)n zcbG|r61dRaWx$2*wgE!y?&uo`%u1AZ09SUd0&MYE?I?pZ$_GKcZ+U_=(qDmkD^Yu? z=;z^CYudxIFsVHU)Vbiw%RG&~NRRgISIWVdziS1UGMEwwr)_}=T^7w>tTv^F?D^_h z@wD}TzTK8SA163}Abh;p?skLmUkI2P6hoaze!~rc{gO3H3dFdev2A^*Q@9?g_v^$` zOeh_*WhyJTv#bCi$uLTI`oyq_q))K(b|id-;c)d)dLre5?{GgkqjYJu%XB&58M>-W zTd2*b9W{DaAQ?&7a#m6;xdA!VNVJFY*@ppYm3i?*AcgqYpOQ zgI}*O($25Y{0N7Hf93U@1U`x(x0xD`)<0RGeU@KN zq4pn^tsTTpZJC|ksASa|XZ$Ek{jz7{oW$+1Zn`83V;p*yPrX#1L zXfn%3l}RCPUm<@^rt~2Xy&MMDZA!tbAL}C+LyY;QzL8rqUu*Vu=c|xLzeFIk*62=S zTwq)HCk`Z2M8<>}_t5!F%FZg8eOp1sh1^*DXdTp=4&>QAmYR4}a7S~T9j+3J5Y$XL z8`vHlGgxG{Xy@5L&tsURQof0m32mU)Mwm$Y> zQL%0`$=sM1RO~m_WHe&qdRE@}3F zhW-JgVasKb(p0RMZQHp%GD1`N`$*5Gxq=YAX7Fvj!MjgTy*g-FA5RV9-dI1F?0&UK zEFVGKHON@It=9h=s--dnpjsJwI!)ha^QTjYs~3-C9A1q$co;0LbzZ#vvo-*VjsRw+ z&A`iD|3k)e@*HI!*`#3k;8`Wna2wU}si-nw?e1M@zrU_#e_kkzJTqcOHfDY6ph~~a zgraK}EuFfhSw=VE#L{xY(iDh7E0{hk!J@J6J2_8blg~bRDK0wIW@m-=XKz4W9$POD z!z2m0w=+j=oBQAavFmA%YSm&J51&A9X#R&i%pA-J{qKB&V48oEr(8$hQgtwT6@@+B zW-oEEh>Pu3mG%&T+5qPD#&czRcfGas)rmtO6-0!xQbBOY_l1iuOKGoUF~Zk_FKcN7 z=JD-y^YuTpY4z;>WzMGwIw28U*s&Zp;?;$R(fOT^+I5fKdoaCul-M<@1Kca@@u|D@Y?LHijQFor5kfmg|W?gR7-Y>3A64vWjIo_AAU-m0!5XGPlcU{ zkSJA0No8-pTTG0K6JPpnOzjo5gSC5a?^#K}M)!6Z<6CnPXOBLleGi=M`|R~pFM9Uq zNn7P=x0dtvsIfMQ8xQi@{%taY(@#C}iF7P;e0@TlxyV?FkQFlWg%TC7td(-!bOoo^ zzLQOCl$3^LCphx-7Bxf1_J8NK^)$4N%}d?6y{6ExFSLvh<|X;AfR>ed=;r6B%z++J zotezKb=(tkamDOHsV7}=rTX4RVMj;XN{^7@DAJUM$6h>}m*0c{SKc=F*A1ue?rAZr z>OhsZ?u5B3dWrkh@8+@Sn{R7u6b<-P=xyjr$(W8@M*3m#j9_*b{r#_K>N2M^HMro3 zs14=w)_lx|3Wr3D$S!*RC#OYhJRpEZp8ev`hWvJDsS*BgXgmJt(7HLYgi#kJs{P%e zMFzJ@-S~l{@bE3N(*KGqe1p7_IhnDuE2cA7SWG$g&0?Jn&u>nP!SrvO7Sdmw)@RD| zy<^e-J)^OL#o1s<6FV$eB{LIAyY$raU6X27O9>fN*Z2=s2R9lbx~w;RzlA9rYzkB- zj_5w-!5HHP5&&vdz9Y^0B2`#dA~dNe8Ee}9?$E-TvUpC(duxi-3(Gt9tg&4p>b1p5 zSoj8Y5ptB4?Q2UU8RQmVLfeVeU1G3_C2~H-hk<%X!y&{DR z!p`t-=Frh6F(_nR7_tBBN+9O8V|3|D!pCAAZ?T7>~?H1Ha(Pw0U`D>2nP>f}gZPH67kI5x1?Gq zvq+9b>=UYFR2fb(a!5bsHciA6GamzK0eFy+BofH?JE%)+9%7)1d7vubM$qpDbh=mO zXGab?Wyc@lA_EY!B`FS3eM3ii2!cim{i+Z+Y4qQSStj{!3zTz=w^lRUKi3hkM~4s# zh*UXwnR#P93j)053yMP0q!-v`Mb6@0Xf#|Ip*$P(_!yBhG#R1zMYv(<1E$hg?}B>y zO*XApDJ{@YbM}feaY5()7W5zI{4BTyj$vt5+;#}SPTzif=O8W=QIXdyR_(U9jFvUDq0JK=V`W$L}ePt|#41eBBKuPvBl#z%G zdO$1%CteUm5{8(}YhKPE3fjs+0Z|6kkAIhvoA)Y!lqB}yj8uLPNJ$7TKuQwUbr*t5 zz(^Di_{)99%<|Ai-HED|9h7o#GKGQYp(Woy?OUfZJP-mw+;)0+{_nQ`aQo@kJyLD80`l56o2J!Dxr4XK_nKX4I&fH)AdomG9-*zFl6C?} zJPEpFv~;&x`aaAZoM))LMbqB`T#>*6&2M(hHs};koyoi;4@e?6faOKAN1n{ zjx@luF{&-)W+2Pqn36$U2o{Y5c1%ebP*avbEXaPh0b&`leo4K)1&9UR57RNCcnu*9 zTvGe}1Y4Zc0Ba_8^pSgwqaRZ>P#ua`O>FFg_oj8i%S{rB!FZ-K zgC6RFKsOdRpeMjbet7YbAAn~P0z8wDPsJc{;79|E1=H9XcqX{;E2Dnm2o|7F&8;c1 zMt#3L;GvQhI3m;Vrha+ALxb{OEa+=}L7eWQ`u6xDU5GhMV`PvEC>6py(HJ?EQm=^@ z^tvEG5CmXOSAJfZwy@n@fQo)NU(NyD+=Cv#ZXCc*Qn-;zT#90a4%DmRa+M%UFn~9L zL|55kSfa{T;@Jlo?yuAaZlkm<>&jaMsL|> zw8m=uF3?DPMDAY8iQECUW8}qFBoFAJmJK-H`>`JaXec6&bwPf27C5=U$%{M!XCUzi zoP02F^3tC|{ltJH4KNx^m6wypgqIeAKuk&o!_}=lMwC%kf|XHs2ScwQfu_)vHISxg zb!=L=pM=jcszK=>_w*&Nrt1IFg-%T2Fn@#v^o|vvaP6i9LnHYQMlAP+Ey!e|iGt4- z=FqYi{L6&m_-#Tp#OkZVYri%De$iYQL>*f8&{;`8%^1-y)Vb`8YV$l+lb(SOi-@Dn#PGOyuvOVJB-DI<()p<&Mc zZYvlYmU5%P{Gw+2Aw62NC0-|5x}L|3_k;EVi~1LlL>(pT1TCfDLQyj^mOuK+BH>(I z&s_y@uivGXyIwi>OD+w0v3{|*pMTJ)WvJMlbk)%t*Z_|)3qklW@m_!AM_PdXfw)9r z*=HpSnp+!62@??^3WHeX5)$(aTJtm~V@b9vo`LALQdNi`j3Ad!+G;`U#H)O8mOb#i zWvECn<2H7@Acf&oXpz$j(eqhEuUD3 z*bNy)S-QA*XJ?MA*}>on}9AT(PxPysh%_L{Ami#$(S&1ZU6b*9F+jY&X8F3Dqi`=U=XT zbzLaYZPJ4s{|IP=!mMro`cE`7j^j6)iMyqZN+3ClcURceJ)U(=3$q;+ zciykVhUA{Xw;%Mfe}+VU%(x2TseGfzf+MQuC>Ebx%)Prl64`XQf?;RyOTdBroJrNE z4Q(m(or_SzN**x#A2|Gd_LnXGWA>+g4o+vAg#P#JZ_-QhKRUx^hs|FdLG^c#38d4o z{4xB4)&CbuD#Pdhwxm!kssoFpiho;Dd=XKFHI*-x)SOI+uBx6ameZRYH7cp08$OmU zWW@TEJlx-Krs<(SU`eUcszBcbK%%4tMX*hbIjbw2)!)n;bFP#&OtLD8RvacvU8|nZl@>s`H5I!_4$i} zp>gY1I>b6t4=J+-Sv$Id^}yc+UIg;)m%=;i@K7hORv;#RXEX>~&7*CIWVDm3Kq6s3g zN=Hjhayo^7WL-_Vj_lx9r01)OO7Ax#Dwfz|TnU{{&%Gr{zbR77v;3r=v_FGWATo%- z;lj1xIIp_s{tDZ%L_WpR?^szGnZFxUc%eK9x}HfHy&s@Y;F$ZuD+H8TDI=2ZE}8SJ zfzALK!9R*p^!EI3GUAX!cm*)POb$(rI*l@#2btdul2e?=NGl(b2p_{dhf`*sSP+#Y zxOgv|kBJkfSwE>hye9Z2`fTi$RaYBKG=_nbjTkn7uit}0OQ68gB#g&g`x+RHm&!M4 zA5IdSv>J7IXX7rBpM4hS^|;H26%4yX=Z*YD%13K!n5-OpMY|+i@FnWU(8VMo4t1R* zDAHBXFXm~?6-bGEAezGY2{C@Gf zf}0cO_V!yD?-E0{eD$<=+JOJu_F+d})Sw2{SuBq`N}9Sd4O0DZin=%!8=xV`Z_2K4 z$Ww+=bdj~Nz_5j~7O|Na|LK*8RvRw4*59FPReD5$4TkiXo5m2p#=jaQ7!hpL zZ*YF8_Xq9lKrtz<+C5#!MW}Jwqc0V*7vWvkO?8my7vqrTLy6SVIZfBN?-b(G(Ccb8 zAH^mulF-k*q+`}L}@80;D!|3@fP zSMjm@8;oaJ%-YrzSv1B*WJlEuL0=#xWg8jZv_j2z{NcP(P?|zM%6B+ZOS!jA#@y~y znNIsqpW?WZ5s-#tfnJHifA&hu6w4jY4#u=rx5tJ{Pc~61|1!d!sV+EoIh@Q>4XPE{ z{3pz1fLHLW z__B`Bj-}-?NX_cD8Hn{iL(c38cJOvQrLr5`Pq~~HWKDPdq^*RE**(>5R}gnIk-qCy z@WK@6^xBLkT2>echUq-Q;Xo=?4q!-jo+(JCquR`V~0U}y4 zHH=(&{g{n@cb<`fKEJT7FHt0Pdd7w~FN^gb(0~e~cwUvfOwooWuptOCFSwl0O`|4P zl=x&=N>BRgjhoO6Uo?FIg%98PQ%34568h3eRJ$txLFBrB2c{{F!T$A7W6rqFsAarU zY(8+Qv(xgP?z0a{`IT`)&S!A+gttNS9}?``V^iz3;V7uGm}`6di(^wU(GxT|k|QFD z#>tt#ia7auL%U5Vrhk>t1l+*v`aj&jec4684HQ=T?FQn>X}lCyP|#NVQCtx}^Wp{; z|Gq2qSz=jwkU(KvXuBXh$WVA}wrvtqc<6dwRAc@C>?$IX^{iJ{{UI{?CdU z@ZZWAUPCyA*cE;+sAGK_TV0=skDj~$bPzYzw4y$g=Y?$Uxj_kwPrMEWx3xa0qZ`8r z$U%b?2I?kmS~5`sa)7#t8yzRXJeX0PJj`i+Q?&PzQ?_G=5|%v;g^}(1OvaZ{K_8B) znBI~6L(Qp9|8Hu}#Ie5X-*ppvB>PCIu2a0%WY+ND>T;cw;Oc$v_L0)OMM7SX;gADd z(GD@ZfT4Z4vj%A;@-0#$b{z8xvJy9PKGOGmoh0w^Ek(n!v%7$UykacM16;uloSg~q$uKD^I`6N4IpWTXLyOj<;ki7_EPc3v0q?fM4wq8!{%KhBJibOOAziee6b?sJqyh4s}T zlI_B|qO7lT{*oCZc?5XI?U{Fw#N)!i?+a$0<*4lJX2}@ZMNW9E-Qt^WR3U_|x(w_i zxUD)m8`vBJ&ztgJh+t0jmr?l|mn6sqg0Im;NEjh!%7$x2bg^sH(*QKtEg(zYzG$+H zK@c}^qygrLvH7A7o0lk1WV$oXT0ss6+vA07XkeQR$3&osc6U%Fh$jP{=cTnkOQ-O= z33W@))DvW`pvZj-9cUS%URm}4{OEKZ*F7F=38Gdjwn)B1ODkxbRn#giSAq0HKflgZ zoM`qcvfncUDadyTs=Es)UiPJQBl7QRck;^z;NYzvwB4$H`2ZYD2*r~g&jA+QtHi!J zy~O4x-Ed+}s>LBPqa)^5P>VqF28vZ=2Jr60W?tyvh=oj4<6;0-S5t(rfv-mLvj^Eh zu*p>;jm1~2a8+|IDfRG>R3St{$Oj2B`?gZ!f=0Yxp#9pfs98Wa#vl+xHx({uCko;u z6X1gduZVVDdsi62OrLm8uM;MkY1W{u(LIJ=c`k%leT}Pv-Ais2HWL#e= z#n)Pin4NELez!9xC6Q!EN6L8x0Jx$ST~TQKWyEh>vAptgXLQdnjV^tXEqq`CYxqT= zs-`4Y;Qx&1(c?jc_NrCcn8ttl9?VKjlpLk6ko1Eie}(o@LH@Kr5um-C$lnuXGsH4~ zNf=!&M$7<=fzl%RckZd>B3Ie)YoEPZ90`h0g$7EMww5oj%_LF?_?icqj~#Z z$v&g+0*$+Rau{#+bEp^i2!>dU3iP^b~;k=3$xV;F-Yk%mIx@!**%J4wZPnEVcb(P^1sTc8#yL5GLenm_9j9&u6aLutB*?;_BP*ks4n`-%MTu2M~x($@Bdi%Q5}@&9Owk36l{zvKT5IhrbS98$Or zV)!>Z?_8&Al-r8?4^UTM5nXzPt_2eB6YF$9tTJP_jGUUA)^+?l|9=IGGdPxx`u1-1 zK1;jTRZuE;kd~lH?VW6Z``z%e`%}f(+s`Yudv|l~&8$9?|5-`>xOPNz#W(mrvVYOY zD1f(Q)^0qH1r2^~l?Btp`RvTuLiW~1c;nWerMHHJ>!U0Co#h8WV*XMNItdhQ8$Wfk zRro^D4hzxC7z5WUF?zOoh57K(0q~OkL-=RW*M0)X-4v7D*FMA69)R&cjxAds?Z+$7cgcia~Xv)0$%5#-$j}<$cuJB$7SpMOnIT3ms$JnbX~9jd#w(f#x1PmEy{wLBnRqJKwN zD`uwizY73tF#lTtfB_3V9YJt32D8ibuMZ}lGDc$jJ4t%PEkEV=-6$V)qDYh9;o%j< z)koo-OW2_!0d3R>f3#7T|Jg?U<)3ZT$UqzQFBwnszqe8E?IE5MJO;4hv9&@kN0|G> zGVd;@Qo+~8z%^zigef+V z(=74EWYiO!e=-Hu!Nc2lGF-inSpL3^(7x#DkKDQjG*xf-`nMK_F$We^!HZp3U5t>n zb5OMydn=}?n0n1?=b~r8@3#>EH3R00(zt6%cndReU)Zp{2^%C?B!)JtZ4!sDtb z$-ot&K&(3YWgh9oV_3hs6Jzkedtb1olxE(NXdz)i@ulN{%_8F#>ybQ7hqH9U_=D^_ zm0f+31P8`PHRsgV<-Q}|^yx2^wLbfLg6axT!ky!rxpCIg<;`WcYUsA5aqfjIwo$^v z2_cb)hjiY z6uT5UHBWL{$-A%q&ML)ldrHiD8EU?g7sOrE*oU5mtNQKhb6KufxT#0E%_L1S|Am+m+3*`pmT&kERmJ`P2z>9sPS=ysVQ>kng+w1p#U3|I{?H~Q~Ov9_M3 z$y~B?EL>$KRYylOPl0vnZYoCJ_aOok#^Cg7e+|iV;Qx-=)2zwo`uQx^=MeS~EEBkLXW3;Wb zF4vk(PP9`u%yJzow6VJ_d)_O(uO~&1S4jXt1a!`wJ{4jab}66yT1`0QZ|u9uq(m@+;wif+He;<1AyQXrKEaFfx2cJ1fQJl#`|3F)PoK`v z&^fHOuA$+#k?nr^aDa8MI9F75K74Kf0Zt$X86?SwU!vsUnl1@74P9ZH`U?z)-O%n7k4a>#W_C*m=w z&!;UxIXt}ez7t|2=;OFAb1ePRs#m;duMPrFkgmZNhJC_1J5-_ya_&Wm6v&<(!#k}Ppzhhy^-Cs*>6e$HI%HseJ4%N?wNDW9ZaWaW zQODDy_VT4@3L>@X$0%5j6oPkzI;ZRZqwF1{D_h%i;n=qAq+;8)lZtKI zwko!5+g8OkE4C`Ev-WP>=%;{V6tlWV^eif zomGIxg!^N|>iC&iPDYa#PtmKvQaG!!cpks1DLtP(1AW&;7WXs7zZIS zMhV*G&P{-LDNkH!*H|AtQGBd&;;+Q+dD4CTNghe~{8o?qag5Wb-aDLCcM}E4@2Usr z8Dv-Hfkk8O4g>ecIaY7rb#^bYZu{P_E0_(puOi|8sS9SR81akthE00=C?P^jV+URN z{E#3Mw|>ke#beaA^oTFF@Tb`4wJ=;c4X<<7M-nD9#Qohmusz(!^oqU z9&22x;ud<=2^gw&QyxnC9{g1u~r54pI4Pe#-yj<(4I^6dbY+LY`K&C^*2y6YsA!Lr{^kM@@9n0nl;a& zvt-KM>>^$%^&7BtbLrYMJ3B3-S!u88N(EPWRbBXuQV!D^L(f%#pK>b()*wDB*)ExR z4wa4llfiPhcosC{W^@l>__1uI51)!d2BJ}hGzX_N?gD>q)#pR(+e zA!Ds_!z^Ufp5AAz5s_@=!FX@Z(>b^xf~NVsl%Wb^(iXsiyP2^>DGV7Uzt#+p zf`xK1f_ay%8i0uvpoNtYd4q-FV5Cs_Z!Ft{h)1kF(UdjitFU&Wsw~k-6xz~P?CaAh zV7)XQSrxpNU-K*XvI=>%D6BZsB9{j{6N_PX(803sL*SMi>c|Sid^0R^R!o9i_2JKN z4Je9{cjd~L4PDzA)tq72R9Y3_?WT_&?~HSc5hTnKwLO@VR)$i@@3eg~q*f26bs7=u z%@Q-)S(57T=bfd#;blfz@6F4qlcwU8&-1g%e~YBPwNk2uX)8^e4A+h|W@!-jV3$#g zK5>$Q_sN1?-QQ{~j>}o@?*Z2$|N42u2q8UbuNY^ zgW7VXWzgdSV_XOHeF`U+On!Kpvm^diw$#PmiH;^^JNw+g;#rGNh_OmesEpyV#_&BB zs~&aZx<$9Tg(at6-;%+e2aWBX2Z{Awd*C5NoJ=txcAUWV&UCc}L_FoH^VlK0u_v~q z9=REjXKGjA5k#WBpDTOlk+XZ7b)994qyB^Z;y3sD1i>3=NZ5*p;=B6a2b}o$h|xu+ zR5>CdXIRo>irirfOv&=0YY-~j3MlQ=v;~H4i5DF#Jki7B?2qy(=>_hMTkt)`r#V0C zW=bF9KDHrp(opzdU22aV8_;;`_A&zkPaYN^aw!`ja&bNE_Bur0D){K(`0IX-?meV< z=wU_Bqq8FEx?xA?k=hV>#XhQNn5#taySsPsGVU;oub<;Hx{*aFgLMsxil%YhseSzs7CJ%uG?8$D6@p7Kb4 z@nM46)UxJMyvuj=pfZyEGNc9`!@P5=vV0>oKMpv#xtfFIaM=o2LRLzuiq*-4;A;j; z>y|%7=Q)f=&GbZu<7acF1#`tim8q!84QknE#^ep++}N%e>JFF=N0!v4O1(eS*-ih@ zLB=u-M2^I?xM9s2y1XP12Efs&0T*=61VvtjA$XBWN{Rthz9}u<3#T38@JYUZSHFI8 zZF5z#*paF_NL_YY*n@c&V0pQZTXS`!Ge%P~Mc~Yi_`?2R`8=2IN{FM3rD2g)%X2ky zI>@X;f&qObrVnyUnD)vlRve9Ol>+5cVbyE{w=%+21?<&3Okm;TUJ;@IvT6uMC*m*@ zeJVd{K0}~YBSQVT!H}p6W__Nf1Bz~ahBvp+m4e1l>qMoIh?ZNm{)lHzy#TZ{5pP>UBv<;61oJg8}zX5k)0@pyeC_yp?xpUCd z4fZ}1_ukm0&ey2~O!B~v_c@qYyG`hz`Ir|QcVL}(_^0s+7(u-E;kDAA({gVgACHeo ze*VBiqr{6C!q_xMLbvOi??A|qyu97Nl^Gx+`NXP^S>AXWJ*SGmoF^GGTu|aL!E=gj zdE{5hYxKI@mnPC?o8ZC{W%i5v2fVJ zfAkLi+7oN@cUs`{1MZAh0ygX?_MX>$(`_PbBiC30=hnaR35PODAcYhShVr1cT~E6k zqCW9+SUF?#Sj;uxhnFx6NSA|_2x+rDcXh()6#JyopX3gDoF;VPjgT4(28&nfXF<0% zrE&YAlomKwo&yU5b=;pT%q#?ylzJnK`w87m8o&(6)NlEgpx_8Jx+Z22qty>AG6!sY z-uXz;NJmehVa{`AKAgw+-7d>ZPm;0kLiWc+%O$l5@2NwWqR#!%=(I*l2(6qs%vDuR z9Z&uf(q{U$6F| zdS3zxn`Kvkpr}r#+m=UG^7FnS&xTHWYNwM3vAL!&A_Ay+h>$$M*Zhn1`Ox7-s2CR zi%0M8dn~`vl;iFT%Zz(|L;LnchG`mL^71w(x=X|=*TFf4N>ES9F_l%8%mcdo7Vc+j z+UH&`O*w~$5j%{~JvdEHRU+1_gQb;9^NFSyw&H{@@7+a#rzbB3tH67sX_1<>)o!WS zm7l@`E6D5RB5&_8O>RuUUOFN3cQ5b*z6>0Iyi#Nss0nXN=aRlacG@Gqd52U*7R2Weq#Fmvf^dBj+A! zy}$=aEDgt{d$;S(Fq|+AX*$a<>>9RSDW558u~glPW`s#qzkFlkVpFnIqv&d7sy0S@9rR=EYb3rV86M-IOQ#UG zk={xwYV>=1>B%DY!Q$M)znL%;tKsgvl3OGgd;o$ zVn2KyZzL{=chHjfw|D<&9`h4hJy_0cPQxHhH)IKNXUV)Y`kzq#<|_WVi~B(4!>$K{Y=+t!85l$|Nw#Wh7d5 zuYoebAQYl<$tkJzm0+OsFu-~aLW_gKESB})r&5z*HWB+)qx9)g`cS1RgyKay?4rsj z9Dku9$hMhuY~bSX$z3k$JSzdYt3wJwIgT|Dt0G9A=syEv5wkaXnx8oC$0yj`yQ+zF;*uZXWOL$ zrKHg4p`-;C`bTX2DCeQ`C5_B#{bI=OHqClmy8}}9T7Z%Oih*mNl+w@a%cX0mAhwvG zNNWK0t*$BPH|txS(b&ng^yk`iTxYEF1e)IqjFKz}g0;^%>Hv0~TnT*o-G)w=y_qqr zZFWHHsFt*y-zN@a9p&h-uM$kz(LtX2eoUlyDo&ZnPM(`$O0Kt&YOP}4W`&bbCvQsO9j|AT zQSH%KMX%Zx=x^{;+WR2-F_hZG_b&UQ-eu0SH10xpG6brkdUAE0$1rLi=whCYvdMRv z%oQ8$bmUTM$q_*YO--Sqh36jM$dO&QQe~UvEt!QzFfwJu(Pzm~m8n!HP^s1W-thd? zjA6)mD%doh2&?h`kSi!*LQ*6xMM5S)UyOuON3M>BPZV1p4j(1D-Wf4V^|Ui(w11sF zdO4anIo5bElizK$GiNl5`(((fQ$0+KZ!TW%5w0_ zrRKX`sL@v-*HK{BMt@gHU8=B%t+5B!GUd&Zm8Y$h^Qy=!^Mn1a)ZB_~eXxUe#Cou6 zvfyf6dsf1}*iWZejiqSPvcbwLpIR@Ko=rC|J$P)=VfpQ+*@9K~550R-2%#K~AsSwi z^Lkk+OM}rYQ{`%uJu@yk{ji`WHrzCPC)_IF&9x zohz$J>!v`Vi#tS_R2_eu6lpd5IAM~~;JaYWKdJ!u&4lnDD0^7N!M5``v_N|HI6B(p zk+NmADY4|~buiHYhhXE9^rCPeOSxI3uFk7l_h}EL;j5I$8|SOVYvvl8M`=Z@v9yQg zaKct3L*Q!)kUkeI;140pJz}vfhpeX`a55Xv;aZf)&C20LY>yTcVn^Ux?uwU2x3;gi zzg+1b$F8xNsYsG75~awSTWx6GR>R~)IkQK=O<7e5xkaX@|0T|mJ?`lVXF@D`Y=2q)+| z9z=1;!kjiJQNxngJS6*8!g%&*nM+~kWytYL(|pU}l7va7Fp9j9{@J{Pho@#@;o-XF z{ApZ-#-^5USPb$@kxHzNHCz~-oc&!>AG9cyceM>UE-^RC$RT+^>D4&62rg~|4bK$g z3_f9lgeZkR6_?C3K{fN%Qv@=&IBHcoZguvsc4$M2c1-`=j@qVa^xyC18D zG42;M7%?+!j0t^Xaq5g&7p#qWZ+s7FdZlN*RdT*#sP^ANs|gz%`vj@029`j9FH>lV zP$ieZ7bJ}12oE5^gefLS3Sbu)#6>X148}AYqG52VZ6&~{8HK5iJ8={T5u>yBac3pM z{6$7V-C7*|yX8JMPmf6q5i5IiiU~$Xr;cHbOPafNykruT6P=Bip+%%qO5mwe#&MJ< z6O_Y}6D93q(xSP>>T3PqIn=syc{tcEu0ZGy5R9NI6Z477P11 z6Z5PY!VDO}g4^K+fZzrUpdcn%{OT}=7?;%Q4Y8tDoz1bx zb{N7;5@2u=h1{?c3&htF;Mf)vbaUjS!aBM(kHH^OnI-`mP7`TGtc76Q=m6lUfA=v@ z9*9||E``0MzTabr0C(I5bj=Xncm0;Z8?TM>bmGitV^?SGGXir&Yv%Qdjsy%0O61-M z$4!{b41T9aXkUs_<2*PT*BRh-bfNXy^A_hDE~8TA&Vk|KBi#uBK@HH`|CQwCZ~@{3 zMX!dZ%#EPcVv{8HDcPphP)>v52ZP*&`dm@#21BEM{60JfCWbLuIZ2{+J_z{}TKc?& z*{A$nWz?N3HWn)`4qtTgUW1dVt9zNpLGUf!9822PlZ zprtBcchXxmY8L9MPpBeRKB6OXGwBY$e$f%pZi##Do8;jZ1^RH_G+9mboo9N1PwUSF z=wp98+~*^?TeQ@=%AVNcP3b9)xvWt56~5OEMeD@H2X1yT0E@Lmr4_X6&Mj#}N@w3T zEP*j8)Or_dOeus}kmx(&hWxlV{Rfdnv-?jX%lBVIb~^YZgc(CXkB1p_@EIOTt@1+^ zR5*ve#*Nd$KsEj`c5(hZR^@mzRxJ}%J4KCVdtw!pAZnTgLz`!a3sBgmA3c|~vgKd| zy@|%xMAP)x;7g9DZpJLX;g#-}*^R3SdIl4?6`(flRGm95I}w|yK| z{*O%7OLi{u@!HV+xr!FBl9%e$ z_{dtue|AM%5b^^nDJ)&KkdQhZ!uyZ(r&5$w$l%2SPOP}EhZAqW*r!MYg8mai*XMPE z??E=fz>cH4j;vG8H^dPFJVc(Cmu~?PpacYZr+RQG-cg!U=8x_s52+H+zmg4^&&Xti zsZPnB<{cZOES@%cisA@Ui1s3Gt=FlI9gPG3 z*av4g{`Su7$9=qoIKzz(VZVVoUA9jJhtxzJd9=y?#QoZ+7X79)n(R7EBK4JjC?v~G zK;{txl6$5}yVwvNqX8Epex;)*NCo+fmIw`!-t2?9ajLL~51h;u0W7~5?h^&dI7$y< zJPm??6@-ALvRcBS8K3?zFk|ARP3nYaXRjXR1JaC=|{Ta*#;LVb)to z-VMp4VxfQKvkhDm-mY>jZbTS@XwX;=JEIpo+#T@D^|%k!1!xR!CdEyJYUvxw@UhDJ z<~&6D(OjS}FGMYdM&xQ(?dz>pCsoq<_&u~U z!o|@X|$ub+O zew0XJoFJ80CsSC0i4%1#Do_mvEI0M*EgiljoII3Hyu1vU-%=Oj9g8VQNZg^m`JtjW z^wWEISdibu;gsm%9>Byar)H5XFGt<|#bzG>YrKE;R zWezE{Dtz<^nk#+E-A(f^0;*5>%=D4aA&J@4!Idu=5Lf}E9b?`?!i^z{gQSfM5R~g2|JvbF-v)qM_gMV8A>ofP=Nt+UA%L?z z6~TSz`klS&jp!J5WpFCO@B2A_PSz)&4Zd2*6(6!bk#r?|DW-fk8^1F21=zqdvyvDZ zx{B2G#=Y~{kdpWc&V!Cw5r#M>7H;`A1zlR=MCI9 z@jLUEpAK%bY7!xoO)>tHGkb43((TMmaMqC{>s*E4o1I@ZZ z$Jb1?*{C{1Pp~hm8FuyO8%j~?VgaVD_b?MvfSe$xy;_w;mqz}ATa=kMRD)#RL-43QRb>sKZ zHP?~O*i(l2asZ11>e;CRo%43ZfuHKpXeoN-tbV}zDO#kAzKhvcODM-Hk7%u*91{`^ zd4+NjaDx0r?n=`M!M+gO_TZx+{Nh6vR3)pGS7t)WLa(fqK4z2;wz~Ez$zEjE8+Z9! zw;+6t2wkUmC7|9{;T&10 zlCE5^#n@-uymy9i-USgRN$GT=&`F#)yK~Tv%A}Num7Zr{V*ifZspegg(OTn-!x}@D zf&g)>nu*&18@9!hh&hzJV~!&obtFsDlbG8WN&DqUh7LCb#HIhcvHP|!qRN;BpE1=H zF{;mYXgi2NhOkYTJkSAMOOUe9M*m0qU`$hl>>OwGc&&sR263{*s~?~BYFNpbm`dKr zRC|=zrIH>r(&J1M?W#FvpQK5RDjoshVlRJZDuOi?~^)u@jTR?_NIgN)kA1 zM@f);ZGP1}Bc@65AzG6%&-)GXQR{_JO}MTwgBUNBFY8ophK3cS@s z^1@**jk)(}xDC%{3Yl_G27hN_%~Fgyd$~Is^PZSt4!gCXnKMG4`)u&w=REJzK2~}! z;c^8ZqH^+!A>ci|Jy#Xg>dH1I=Fh;_9v=v(l#%lqoe1-%(VKpp==J%to~9lOyg*89 z2S)z+z|v6rIB7PO8#hP2Uk~xIL%Qd>;-r{tioDMj^_&r(kb}D9<%z8Xnl3`>`oLEr zN@xCM+tTmuSQ4mS1tUE?DtWf|gTy!#td*LYA>9p8uy2(I=yPBX=#fTA7shfI&1+V_ z9~YBJZvyexkzS!Mik*TnigrYb?pNbas1)6Xc?Vw}+-P~}Cd5N~Rf`?DkSSWX6|FWH z?PK~Zbxa263Ki_94owwjL=J01@tt5NJZFL=-922%Y>$_<%2hK2s}!j*1(jU^l_`d% z8N$Uk=Rc22{E5Dm9$Ry}3vW%%E?|iJ-RlXKGN=UeP6@F+>01d@-OmR;vGygY3MF9- zrW4M^lWXjbxl3-D$xrs*-c=g*<=67`(3v#N{eSV@m>g%3@Mbu9V$&FVqT{pBz9kMG zDwW2!5X5=q#zwhLm*&Q>5ybrT9m(>dS@EDc|F&xFNg|$e&g{mPWci&1a>Q$F7$i-9 zo^lkcW5$13GH|WFt2Jz@3pN<04pQ;Nk$_Yp_EYH2EL@MHtI`=<(7jKDKk6Ez|D;wy zt+#;0P_n*$V)u76zFW3iJNZ_so6wpSmys2hf-2XZ6!n?>)&1 zEny5#M*K@wyOtTb%kR>wZ<4e)y+}!hh%DptxpL6q=|t>gck3l0VKyOkNt!Mq14i2? zRhNHQP7G!79T&@HBrf)MyUs!$|0A5@`rB6j*kos|Y%OZLosC_Gb^UZ_c)fjPLQ~;* zYG&ApQLl+y*O>N=_v;U|6WA%14=NkeZ)!V-Gc@MS&Tl|PqJoRKnnSRf1+7ndeVwJ! zLsJ@cXXibh@R&yJ2|?qS!=bADI^@_S#KG{`M&n2#VbhX0%qHxRB4MifVQ@cs=MsoZ zV&DLm5*UKv_Tduyhqmg8^+s2&LAEsVlRLc>L9k81ynDuM z%VsJA`%xa=-{1fA_WijDhs@(X*!@F)6`C!hmwr!MTu70u5Z!N7FQ~$#0gILhzJSwq zmKh-DnNN`-6z86x5!?G_*imB9Ndf0B_uICnev^B@^W**r$X)vG3S-21099ERdHLp-iXKUD&w6aEK%n7Qz_&~uYnF=GA^bBKvsZA z>T6991ym{*BeB|2ZqNXwUM!tVx0Eq|I3SUA{~yU#nUsXJasSXUuN)D;et5=;HD_bGXDdntm?lo|7 zm+>qWPRc67>Y6QhQ8kh2MYFS zJMn^YIJZu}?f|OzXmYmwH#_~h=OOP79er}UUv?zi`^W+>;5tC+4{?NuOsl}BK#y&E&!rH z1{_{EO&6kI6$&>*?{8@WtzdS0yVkaHdDM5?@wRR2y)aP4RRM!zs$Jj55iLIMeWZZ5 z5^K)LBe{N^k(bua}H^KR3a#^o;aOGztIoP;7r zM(Ozrj9qL~Mq{_AGZ616-rulBLOL8h8YAH!^j|2Dja5duc=Eq$VqMYWkVqqn@{jkw z%hH|Ua^3r2I>}NvW9&FN_Lrzv4~mgVbim+H^2zS;6%ib$pwVm-H?e@j9LW791CB#S zp!!dHUToZCENfYrBlNJZvhYQf>;sL&jq*}O_Xxx?Pq`N*+(-rcsex7o=5N!BgAY6J1C{s|IOHX&IOJ38In*uXE!5O2TqsXI38Ubc{?b0+%_Vdf|582@b9Hpd zrp*6VKC)T=seDi;F>n~5H{n%LvZy#6nm!%1A$B=gT7J9&I-h2#Uy66lE>OHJ%9){m zO4BiHG;~|sqr8;xEuYIEqH_HJMDk|iRA+Rz4nKUkS7D zYtO>L#fQ1xyX^3;pPr&)M%~tEEGj(b{T)Ma7#IUVxo9Fz<8t+>e@1)X2m|@(8`k?;F2Gw;k)(h!Sh&}jscu$SckJSYg z!vxD|0L5(}tDCkXx-vL&bZ$fW8S@*}Y|2(;78d%Kdk(czPbyz%3?%*xQj|>YR{CpY zs>A7pY=LjfgDYe+fe~pVZlo`go#(^`Bd0e!$_3=c$y_+;rBR&HT%4>9$=V>2D+sM@$UJ4ah}a-2yLuAa zz1y~~-zG4BPW?Htd~f#M;7*ZQjRUtgm(E&s+MksnT))zk_=8?yk;_|&czSr`Yrfan z<{TR73^7BEeK>(Qw|j>ajts@M3H+)(huz)>S#gI7+cC&I)9T2hzYOy4-26SXf4TXc z05^YRNmbUj+JF|G@vJ{(=7=`iI&|H)s2OUlS!_8OF1-SVn zF#4#mTEtF_3aysO12t^K5i%d4MucOC85d@Ou*i4=T;$nG8V9-r_KX=5atCGl`yb9a z`yVPF;;y1;mBIT_#JV(ydn|!UnKv!U_~XrcdR3uT3RF8Rup&m!1mukhO)rw3dIwJ4 z@xR#7#W<4RBd6(!#l&OXq4BFk6Xk?m)$WhFLZ0~(54KFOX63?w%i!ea9HJ;y&~Ayx z2w*rLKZq%YfYy^a2YRl;fF)!(1<3sUn-PF0fWyfgqa^)(nhE+P7C?x+2y>ByG%v~R zqkri@5}91{r~l=}8yY+>G`}0vb%x{#qy0LDL!!oTn@{{YV>`X}CwnKXN{yFs?dbfJ zVe3)?QoPic?xo!xa!K7$=%e)oT7V3l%#%T5b|3huD7}BuIdJx_`Pm+1wa8y<+PIQ~D$BbS)2lGp~sH1C1wFHfJ;qTJ^pp;KUpQ zuxxE%5a^sF7h)rzv$XmGXt{8j za3WA}1wtKHvj*wgFnr|F=-zQ+{=ih@)ZVeSVQ^Yov3%CSF~Ds=ryw(y$a^NkY`WG@ z{b($Yj%soVD4=JS64AvvHxj>xEv9cS47THSC&mJLI`9YL+Z7u?N+R1CFpB7F*~|2Y zmp~3_jZFy7uFj6eL{U_ih@|_ISWR=@O9wytR=%qi2h_Fqf~`F^#|<+NQiFPyc$+ZZ z=~!G9i2?#B!-B?HkZ{9ZC{tfc;Qy{%rjK>zjIF>6cW8{2r*ou)O^Dvk7K6wbGh52Y z|4Pk5(*`{Ri>+6FVAT&xogPGO@^hOXj@*C>IMjj}n>Sv9+kx6;TJTR|e&AQ*l;9t2 zL(tE^{!U^4*Dm-YI`R$C@ruko+;M2Qqb;;?%l@OqAgL6Ng{FZ-5yTxFUd!8~^SdL& z+Z6+;jQoMb#wmjdz?~uodZaT)GZ&SF8FX%ph`oY``0ed0~UeY02SJ>7sdY>CWp-XgPL={rssK*P0#0tAsmyF|H`>;!sqb7mrTEKGqk>+gg*}%+Y~Wfj%nk~^OHVK$ zZ3sjsT(ZsiS%?sBr0-%|*yn$q7xbiG20n<6!8J2L0~*M?;F{~u+2{OZ&YP*5)A}|I zCY1~2hLb1H8S_!F6fFfyL>B@k8^@o6r3sNClcaFOI_`uPlP!mL<@Jn+ssgL4!mDqL zk3p9AIUiUdn$#n(r!$Z37^?=VH&x5zm@c-qzv;w5U`B{sW~x~Z5uu3^qzNe+@edJU zK@2cLp-2r8C5yEt2<-*3;Oq#xW93JNLlIJhjrMzkuADOIFl?gr3lJ5>uoG^K&T zo2BW-$E-t>yP|{lf_YdHy)TNm0Unzq;IT<2lyfT$1&A6576M12NP(hEk$i_jA@%V9 z?cfum8wsb@W94M}4$(>tEzF=`2vjW0%IBj&mlN#IH2niO5kgX32SO5~gahaii|F-H z(CPX*wdQkFeTVKH2e8`AQ%BU_0;xyn@tzK@urB!n1i5EY(FVTIJfWz^3er9tpr2(F zwVgW1-F^Q3ISXJ`d}w?mKa;`qUuQ8xi!t^rF*#&3Z^*?SbE?SS$1q8AqyyabqrucA zOBE-fFS}q%nMih&#Y&?C99dYnQnqw;5=%x~t)mQs4W{91W08%c9Ef=w(Jpz>_ZmeO zP>Yfvh`C96Pz&o&`26ieZnl7D8Q|v1jxONlejsg73-UyWxm2-S=zP-%mXEavcHfG? zW{8E_Ra~9ZjDcolp^H_Ywo`Wdy*hfdkDDi_&E9rQf1?QDvjY z%aB5;TXi88andafN`+YiGwh9hL7BE#8Jp-V3`#GV8JpDC`lr8DES54l1CY5b>lZMj z8}0{K$I=o*+p33zGP(MHW@QDMPZO=dKj`UGLD$vxO)#o-^6&JiVtOuGS(XnPjgqh0&{_- z(E#>m>Q!ss_ZRvVmq#fT89^BP0$fPi@VN>vNRdN}R#jUbx-bf=Ml5wTj0z_VehYa; zpJe|$>-a+t)z=f z@Nd5e_LwYS;h{HBA;uE=-2(7UL{{7k81a?Hv-7V)>Bpc)EfsXQgY0mTIh}q0OsdY8 z7oZMc5Jbe!Qw5amY7Z8QR$T7WSfaa1S`Fj5R?&hbC{7kcsr6NJTv5;PyJ43b8oYu6 zg`9$asUO28vNsKolptrVeKWRF?-u|`9avIYGt?8dv;?GVB?~Y=6DeM;i3&jSswJ_~ zW3A$@=p~i2+)VzCBkEA0z;8&HLNim??-rNFOq*g?#%c7uFmSt6!?mcJ zjMVWj38*_9JsZ0~ z&$e?vo((nVzZK=x{Ee>>&-#9@kU!7WuaTzF0>HJi9M;sN%$7jnuA7OwLa{qySChVO z1(m;IL#g@p?rZ@wWUS%oeKcIMujG-CWlFijvzb|>AS4=S6GllLi+UBU9slLlZW{{N z%bsfTMLQkHF%TWbHm#lt{Y|H8x906bj6271dS%sUJ*7Ji^`sT+34 z)C;aY6}1ZkU7%B425!!yG=Ek%=j;l#@y|qSKP3PI@1kC<{R0E5^8OP8pCA7d1B)l+ zRG*%Oh<}9i?uve+tA`~Z(4Ocj60cYdXdf&}J}#AfYGRZJbRWHabfBlP=B1%;s5F3; zGgXNq{EC#Y#J2k@bZR2U{!I0nz%_{$PyqDuuh8jD?leb3du2wj+C@8^FkJS(K5s2kWA2+6O zs#wiCV#7x;GI(rCj^H$y8x<^Zfe$TYG@y9x^L|m+_qFl1AHFgI{`>2lWtIoF8PDH$ zyr@Dd>7^9x2#p7Ugw3w?{3BC!iVHsF1tS9+;;Mh=288-KE3O{10{ttAfR z`dYN7;x~I6S=Oa4G6K>Bd!032Q+D!3dMr2Hy*b>%WB-VWWk9GAX^Z?W$ZHh!K%j44 zSxHXd>T$tx5xZqo5_#Zwi|e7`ZDO`JjFOoV|G2|F**>?kC}9p)%?mq4nO9E2v+S9O zikw;ZSj#O1hcZ#Qk)fmN!=9VDr&#%;<0WzTN&An?HPKlZ)S^`7aGp11$I5B|Lq}0M zfikt8VyXQ5#f*xzazB6+t647y%kJT{UTw0H;l*6{@7%Z~d*cxVT-ZFRU*Es;;6t|! z@198>SFX8q^=hUrNTT!wS^v0_3PQiUv~PdV6XD()$E?22gjd+uA?VJrzw)ggYY2aS z7J~g9vq1$F1{@xPm~;!xPA+ed*-az2a-^*jY?j1eM$FF7C^7(gmnd>J-|tz-CT>%K==5j5mg)3>Z(s&!mJlJle_4_5E!%0q&=s^;I%ba)(g0_h|8Pvp_0g|r@irzk zMEaYE&rqQ6s7?;i`ITj+p6u}I*x8kdJL1_i{vCmGC8E?e$|-_-6lxz9!CCCM92GdL zd!;pFa%`FP$n_Ng=^*B(d;O)W5yX@O3QZS&Roc(qAgqtX6@s9?D-gcD$xpnX-mOs2 zHdmtCM1(1i>?C;rCeb47{$m=!1bB6NVe8pwnmfYNgvc!P=$D9W6DtQpJ2{fd@>Q#u zWv!7Gy_ky({m;OeE$CG?1|<5~SiJ_*XkSaS^;e_ThzNA?gh|0&Ho;wv)rbLTkTjzd z^lq7RLYA+`T`AM@| z!DRvg|C)Ri&t$00+6R!fH=wx2vE#~}IpA&yEl!OPAAakc_`h`TKDQb0F@C}z`GQCE zf<)ADPRX0>;Dt|=P|{AdI0M+u_O*DNz(BJ@M`%)*tMKj!`;ny0D?ET-URnLR1QmP+ zF8yJSlM&`4IW~k0ABk$C@vx8p$_?Q-FE=!atB&VhpK?Vb-5dGyO%{79qykUmGE8=T zD=fbnjRnj!waamX39n?Is;LkwPMMyRQ#xh0d7lbi!jg0Hh#Ai`Q>}znYA+^C1x&?{ z21|H1K65BiNfDJH{^yu9iVK)iUi@!sI2-M%B8fuXJ!W-|;4JAN2#yK*;4G_9c)Lo# z-PvLV3_P*(e1vcUb`o`(H3jn~okS@rzzNqRutF^pEe)EoFO_MPK&c_fi{)4a&7Xvd z2&n=K_60yBv5yq*N}&5_X$(NbsYhXR08RU@2=*sS{Up8$sogbYLm1YX~yzghwBt1whtPyQ%9aSxiN; z$%yjjQAg0c3aB_O89Wx7L9+ukW2Twfu}ai97%J;u!YhYMB9weI7$Ogpj!n@j;Wt?* zBM}#P-9u|DqAGfmPxIn{J<9QAi4mM(ZDKPd>(nlxYKR7Y{b8%rC-unUWE2Q#Y%0@y zRVQq!6tfgzYQ&vU$P)2>b3%)v%6A1~GQ2Ki&GS|T0d2@k2?X2kCT2=Z5bQNa3^z>& zfQ>?is^-I4`S#XPBjt*QY>hJ(x`GG;B{03E!C`8!E&zbRU5*7yQ%atio|?+HSh+JW z$C(MDwh10x03B5wsFotet%Lbb@Y~$7@ki-N{u@4YLbOdS)AB^~SuE`)URI>3RWlEs zaGQ~vN{O(XXB>CV(7%*sQOT#57(rRe{J#?@FUoEPk0 zN~pCSul&AQeqE^gq(!Ows4_xC8Zrpv8xc)Jm?KB%_r{;y2u^!C?yAM7Z9fz7BOEjV zW71_!&1G#N$7kb1F}vNc0G>sq)p6SVuhA{9CZw$cR!=iEvoqs&X@_JMY|5W$_+}Ji zg)4&W`VC&XXICPxSGkm3JPA8j6ZV8|#|zBLgXc0g&)JQkuePo94dG!UwXHgl$6`FG zm~wgtUq3!tFYDPZ{yDpKS^Kx{+xGvb`!+I#E505Pxb*w$lDfst%PBFV$q0|go9mhr zQUAjH$50mIs&h9M*)v*0>g?&w_^%qD&NV3mIvDOq6t`^I_rJlav&ec1U>FOf%KVDw zw4>48rEB~8ZvMw_z+6`9pDTQL`8Y)V{{~ve0EM3a2DIXL{{ysc1g0IQ`eN_qI9)@U z=O6@gTtWX@bU=fMSWk8k_1G-cD+>@UCp4ARIsvc}_5T)OQ>R_5fd$wS(M*CCOEci$ zAx;Jg#2G{ZQd8~)v0q?2KRBCt_gH<$%Q%6IFG(0j>GlGMPXm}-b-jWoz}nMwa;}Q= zko^a3I&9B9i3dJvS;T5r8_N>z@`td69Ve1-S@f4traW?}o9olgt2i;1zg`^#p;(kI+3bom&p|L?MHPtU)Tb#3gE z7WjED|2uAtMpf|tSB%YIY#jjz`xoEeF*ee2*P?DKAif1gbs@;;p2x zE0Q~#MX|dJnKw|D;FOHXm(vxIH}{fN9tQ3Apnuq>ZHEk=(e2RuMN7lhz0M zL(kuCq~vFr;Se!}-?;gn>JLK#1nf67Bla$K^<-*`(R)^x5am~%LcvT^_WWg#-4QlO z?HZbKj4X0CK?P3Gzrq{H2>OHj-poPX+n{qdPY8nkjGRC{(vR6je>g(vA2Dx7#bPv= zhq-#P%JW0Em(wr*YbeVEom}thGoi)`lN0Sfhq7j6FJIXJLs|OefT1kh42(_AlqgP^ z4CtX5Z|xp0+X~J&+zYrzS`vfrZ7_pp^q|}$GQ#d7u2lPyQEY544qd5RGsYk&KA@4P zUD=j&eG{UI1cOmAP;(oh8W&yE)|tZ^O$QHFx~$f^EV%R86||+YYK0QJOs9M4zfw}f zs&G|p!cn*LHAW7XU4wJ|I5?Ae%kS`GwcUhwzzEN;d~4h-1F7q<*>}X7BD@;@L}RJR zEPIu%co%EKDU^ORx-nL{#x@j6&Gn(A%~^2-C$Ijrk|A~r1o{3c4}Y?@r6zGsOtM(I z1ld}7h@PWQ-l~86NW;=YK#|tKQ)*M6@ZLY^{<`AfZ{<0%;ytwDHE{0Hw}QZ_t=G_a zUi}gz*P~yuoYUE(?wgg`XI+z5W%TVEPhvbXzl);54R}FY_(+^k777BBkc}i#JjK=D z5sG;SmoX)$&I8}x$u|MQn(fQgzXKH1CH}2bih|pWIMe={e4Hhjf{W+eYHJ(8W zo<2*sM#=q3S7$2k`#Hq4)ytyIW2*FY*Vja)+|^MfV}hsq*Qkb@G2e*{UzyA|^C_>o zWo`TAU$|4b?yl3DRKeS31bozPRX%G--4mro5Z&0fX8qqO4Eu3C%=ThgBta0JgLmM( zX!SQkcKFG(r{M!wfan2iVb};r=T4iTA6?yv_Eyu8xJ~%zY{ikBq7Ma3>ckosxvR-c zV=N3jTgfJ5Rd5>6IIv(61Ot{cQJ&yJQLI=hD^9h{+bGYVW?Xws=A(O*Q>ID8886=I z710d{7fiF90lMMlMJ_Yi{X{|d!1AK4iC+^vz7@_EV@7EeZ}r!qHkQv6E)o4H++t>m zUWyT$(!TPVC?JNg#;Dt#~}4+TND@2@b)|LG%tMF-%8EC30*QCuk5@9Zn84!tDZUAj0IYX*ztp@y29%o^vs_NkcLfAY2K5KX}tGezcF|rLi9QYj;Z=7V(dC0esXmZ9(ehL4u;GV3z^h#}iaL&m}t$MNFeP0uUbg zZ;uA_KOW7m|MF-cYU6Ud-~V|LNPJ~%iL!@xP`BU;_?U)S1dleT4r>7;vYwJ{%f#Oy z>tgPfR-@UKV^&ac&zhL^U%DO94T@K~zVB-k)$h~bpCq+TJVLa2y~^H!hg@y4{kO2DmIGAZ z(1!w(cil=!#uO|pO^xyA15aM)rv(?}nkiQZuHgX9qNISUE5{MW zf9~-1h1CJT{o|!&exx{}qwA81<>27HI9^$spCL@fLHQ@0HCI`E<6aS()_~Lx`Edtj zw6mByM@O8PNZWrjrUZCaKihJ6+1W2HzU3N#;cHn!-d?Fm>R#!$TqE#5a!u~HTr>M$ za*h7%gNIhAf#$$kUZ?@nXJ9Kr4+uif?^nogxh5A|gb61Q6emz<@56`->bnh(^L-th z@9T^x{$v3>^p>F|x=FirNDuJdT$U#3bk1Wz7m5_1q; zqNM=3+k8>PJ5soKqU^uIA8?ogPB7*9|2JJiQv4nMAj6^cU*Qj7<^Om1LyiK1oT7H5Pf^tp;BUEGf80WQYr+3Nyrld8#!C=$9pVaWzsg${U9eG-1sp+Vy5Pp!?#_X(VPW(UI8VS6@@So1#Zq4J& zf4Md5AufFX%dJWLKinGQt>q2!5Ei>exp@{*1#=&D(JQ_~jA`l0#BzEKo1A$kfdp62 zK{(E3YxPmhn$YD5p>CNQz9;U>HUipk`wp=R@(Loe)pOehw*qvV!?XXwNvOT08Q#e02%~%f&i+7Er|rP#sXGgC>t(rJ?^vm_!wZ8q?}K#fs+E?Eguk zEEkR+UCUt}>D$2YTtY#E-{jS!nCbITCDBU_Tkrn=%#(QAx5$Sc_C;`pw>Vgh8X|ox zVdu=!?B@`hsT`;Cu`z%>=}3=GY$hzprM!V!7Hr?7`Tt;1&Ky~Nz8mK%*HZu8D_1l{ z%ShJLZ#4FpJEXXl@hV?RC3O2k+U2#H{T;O-_7((ZFM0tWY&^(W$zkFOg=i*V3(cQk z{O<#bT@g}b>1oq9;kTWJ5aU@;fngcqG}&(($2#Y{QFxEtF8k3SW|)eqdFz6Ji1+Kx z@aEQm?HXC1fS`wmyZP!nOv1*8_m7a*YFm#zs3`vJ?QMZOv*aa>5q<95PW+S(Aw`-> z=vYx=rA}d9B4hHOP&yZ-+2igH;g9qGmp;k^UVsjO_^WwVx&GJbnJ4`T~60 zHhx3<8aNK4`Yx%yE0-g-W0++jzt2%>_e(G4^FEU8w!o9M7oFFUTxfY(t6vinkJ+9t`H5 zBZNyZ9jc7q67>TseV%?=7_YZoU+Eg|X9YZHhWHjRtpA7W@QtjLHF2Nr{rV+|sjv#4 zpX?E@Z3Hjmh2LK7&zy%yNC-FM27*E@wMq|?cXMGzGjk0fB)^r7XY(~qdi@_oB@pzB z^_6J|^cMBO0Ywen9|2UDyBFe?2CRRKVg{4xa3Nbj;_tOS3j`%XtoSJCoG$i%A2^u* zhs0^JJ;&@Y->X<2px2tUkCi__^av*NU5HG!jGVc{S`c{q@?^&^6wu3$nnUSnwktsYyo-1 zQS^@UkBuwN=3NUhA9fEdA-zClc>yzu(R+-FAvtZ*Khn{xG^=*Tof@v}O~BI>Rvh9? zlJ5F9ppu_2U`K%Y8OU5c2$-<(TbxgIl#yuu(U`#BipS}<*wwdYy~`^5+8TbPV*p7X zzYga0q~2gr`8*^Oc_77MHAoTv7Xuck{!?oTTg=jUq7kh_)gUAe1$U+==(Q^Z&wTE+ z|3AkHnIi` zR)GTpeewVK$JjH0=2f};n%~1aa(hc^^g^1ZZOANa%11k^z=-K}Xls8wDovD_L>nvO zW6!zu>3`^47UX>q?2`ge$3K)L;dqzmPiJFM?c%boH5RtiJ*Wk=t`-7H3Di#>tUbE(iES zO{OEws^l6xCK4IWbgOC<{{2Qj`TWfdBR`G}@H?oD;RCa=lmLS*xJaUH2LC@}FpLjIW^tt-q;&5A1Qr;t(&R`AW zZW0vVXoDn^rc29k9tIlNEZE$P%{6-Ij$AHSoxf{}M>&j+i@I+iQ5Qp<39{HqZ3@av z!*kTzu!bSu#7MrhHESZ59LfuEk8rta*Bg7_GbZWuT6CgPaX&^)QNwhJ+Vjahrq7DE z6Nuz#3<|9&iFkP%-JnLBkn5iBBCYfuMY4T%S>L01MNwCXL5NXPG{F1povg`Kt-Y|> zeN&DtxMNHZKfmdHE-*DT^2^1WuDkp7MMdErQ$yubf--FrOQ?L9*Xnjh3Ha(B3lv}m z2>f-DTFZ2v>l6?)5Z=Wov8ZEsjo#j-z`Z+?Wlc?+x0X92F%}Hbp z(?}#&NvE}I@DF-u7C?)Jp@89~TgoIJskoeYbZ6csNi zM10RZnlw?z3WA3)bx1S_p-?NNzG`r%S8QbzQU7K7eHU&EazKDusHThe?nbL-;|YXv z_V^XI>zcbasAT{I7@+^so><9K5P)6R-wlHejUWHHRMTGL={J=l%&R=2dn5YRP?{)E zYw*ryw;PWJ=FtaxqpoG+<`x%< zV}PG=tJ@ZnFudpwN)iPhr>`Q)AYoSC^bLOoxu5(k*V_bDVtT!v$RCZTHYB7$RV0w# zUk-2A^sjC;uAdtt&1(M|R6|}JBJ+Z9UiAgbU=%Tn3gl6ev0bEfG~sv>w`A6VHBNPV z>@FePr*0j)wHwgCO6BisH^9TTw3#KZdwVMqaJSx=U_inKLYg=q--$H?@=suPVV3Xj>5>WzgK`I-L`}K63ylX)IXAW+Y8s0 zEe|XE@)gARh$E{<;fOSKN_9G^L?vjz(aHi)YaV8$iFK748JXenmMP`E+@N?#ge>ReL!s%xDj%-7t;p7U){7 zZ`vI!RQlyAp?azRap5z&b`^jsa$A0@MI-4h36)fu!~QF`;_P#$bQ%&#llnQp2b~8U zQ6P^8n0wIn2Hb7+vN`@byKkc*`OEI<eZAA4v(A+F9H&#bF463daJ5fp*FNB~wz)H<)7?ot|$hQ5U;?GnQ zM^NSAh}PH^2xgSZdhGXZvwGaDo=fq|272H|PSsHY%g4bA;cyN~(=;dC!E8GTFEO zQI2$)PkEtQV=6I;7kelULFlGbPwk27aHLVn&+VIUuD1Og30Mk?Ae)WLhehJ*h{9|& z;-~O}7vV=NFcjj_jBNIc$;}e(I?^hG_O2=N70Fe&HRIZ{4P}9H+bz z)if?&YTq{v{>B;qn}2RbfZ7Z0M&jJj(Q3pdq@P!^Hwky(#<~GM0+EJ zobv0YKPHTcJYfi=V`vwahOoC^4#H?V>y)qHUb?BpvQ}kAf0wHC{E9M+O<>(llrHzK zEDIRFOjYX7P1jlO%}vi-1?h>{7JF-aSeIGvFtW*h`n~MzK%2^>1tQ5SU3A^@^uzV# z3325ztK!u#*r`_H$Le=G_QuT3awE}TLd#jBy+I|ch~gbV zR?D9`G5eEqa=7qR-VoWJ;Cf^)2&cv0yTRh!SP5dn2yDWmkrBLPd)ihxac=i`|7ZIWR1 zhUD7qM8aX}D>9o(;Hmn8a=1-7XW;>}V6ICvuFFi>iA3VW>4K>H)*ydMPEowu%?*4* ziWaJ4-kI?N8J)R9V|mfp#$QkA4j`5=m|{SWlC?QkfD5(8Lhy05|E zi^+M}Br@-9(8A`e=x%IcUX!$)Y?b~w`WZ^@q0AU6-eP>U#Ov9uIID1JxB}kioh0}@KcdjNZd`1Pf8z4WkoRP`gJQB+ zm?SN@xJt^vBhL7?vWHC83GOSgJh0u^<_b^7Iis@3Ql>s*aOX#j9c~5BUOsQ=m_#)^ zOtTP?$@_d46Qr+RZkRFjL~NN07iPu+=qKuNcdJIj%I z-pUmgUt3ls3F<>+OdZ3N;;DG{pGtj!9AOc1R#y3~)0q9JisfoJmI*oo%z8_!<4CF0 zlO*M@_QxNA)7%uG=1i_#lS}s3jtzJJ-s#&7;wB+O4#q!bT^XY~H!rtXf4Qx%nK%YH zh5ouS8Y{qw>Wx*C95ZY=gl6tuqX%zqjf-x3Eu8OxcC% z7!R*?;T|M<{6qXM!8|ps3ol2iv`&Pa|c~sZ%l9+ zaejr-6z-XLzKOJ>=4t2UOEm1uP541~iANhk`zXMgib0Evfy*^jj5?joe;fJVl)bkW z>_b>oQhk9=O;hEtiQyb*(B%CA&IX=kY zq_xp8efn}1E&de#h3C_M(+G-m_PYzNFsw0CU(+u|;<@Mp@bJ`G;o2FNfpX9esfJT|S+cAuRsnl@>Z zJ>wVT5Ykm{?+*$s&Kz?}pN}9BIeY{r!KLolYc@ND%3#y8tOHRDHyfd zcZJ*I&b<4~DX?hXYzU*U2-+FC-fFA|b^jA3(Ct{}lPvFFJi{iVlYK`z^vLuED|B*= zww6?M-O0+y4o^8IZH2v33+%W90DJA(e}OjxK1&DIzJOE`lmK9%?#o0DP^0b|?^W!N zEkKa>iWOXg@U-{{8Xyh{CQ0f7pXGuXtH@VS!dp0_e_{@oB|;Qi8^tXy^l`HXLm_;1 z<3O3)JfbTPO#ZzP7!Myu#lh~yZvvy~2j2C^e)hV#J*AQy8JU%8u=}wr>Z&8PCz)el zax_mTHe55#{cWQX-2NP&uHH#mmDXv9I$;LM1#_d%AQaS7i!VuCu)bju-6#E2;Kkq+ zR8eN#uZs2e#U*fW?($7x-rM7oX!TW3-B@D5fL4EdVdfp;PS3?q3+kFhPijjmiXNaJ=k)g=^kGYmk%RvxkTZB_(9q0rf!2|vLsc;f}vV;=;?OHtUaWz4Hu=J5ujS{ zf;C)re~Ac(Up(%Wpi%I_*X|DG_WP%A*z%Q0MJh_t>v$d@irJ5=ux0jPc;KR2Y#&4TFUc4~R z1!)kaC8_9%g%@swXFe@7lnKm?Rd+16XO^M$QW{22GRRN%i#J})EjxbU8p6G<@9exJu!e#g0Ef{Tg=6)DQXygWz zCs~33ob;%zn0KD>+AW|`SJaG5*DIwBra%W?ofN%I7J)O{9d0eQ#!>rzz(*RU`z-5@ zm4wgm?C9%O>rKA($-_Ns-UVm%jS4|>azj}#e2~VflJpsX&MJsxT!G10LT>&#rVKeD z9^R^gjSUEDW&=bSH)x=^W&volqzql}us{6c(ZmU(0l(i@B)|qsP97B|#}Dw{#HvKO zm+!SU{fa*=sz#Rcvo$8#00k7g)RtQ{eEG&ZD3J ztkPV3JE~UoS5QliEXk;6oVWpC=p$^3(SWjed!=To%4S$D-W$~WYyIO0_pW_GiaQ}OdS*ug^nBSeR`r>zl z5Ryv0!|a&Uqx(WUq=pD@Up9gZlS3ESRIB56mDbJpvi;{#G;P_Y*)(*sK}0`A$ut{) z=@`mUkEWykw8bVZ!AJ^z1Pb#J@K2z+vd+*PPmkE9Rxz0DzB315zTjQBdRF-BW9shP)g9WjJQ_)%?kAE?B zgMowr-!=i)4_|lv7XexczxYY2s*eA%`+1Lk#yc*1M)KV&AV)~3gQ--+#kK^PKOc7w zjJ^Mjr;#T)ktr94cc@40CZ;Y50!3{<3G6V~M%xJFuXcRbDlu3x35+{=p!n!(9KnanVxt68yI5k##@?B9fN|zu&7Bm-$;L z&d!@bV0lv(g2bEoadX?U{*iLuVD69C&P9Q?qZUYi@$YhoK^1MJUlu)j1J}j9P8g0k ziX5G&6Zd%kv{nKuWl+j$70E?4^TR^HVB^jvXrmokUb}Ih#OclrB?c-9+FWq#e z{%cKh%)eDTBKcVow6u_Pxg@3_`uZem;tJLp8@gh;Meu$*+Z4e znQihXAOVKobSC?aT=iFcaO;Cu#^WX zEkG;&eb+>OQ7a#Y46Y8o(8XG@X3m?B9zbv(&$6Jpp!?l4>hf1bSrZfu5*drN- z+Qf(tN&X7bmnBaj4_tuD*gGw#3fGMrRRkt0u=(z|Uo6 z`hDzbwu=1hY(4fh# zF-RHeBPi==dreLQ8h82c-1qC*AecM#4QC<&gEIa!0~{6(n^%haBk?(=bl3QasAhCH zm>%!2z%E6J?79}UNht0zg|tio9{>c)33O#3lBN(?3Th@`u3EoKYB5z zxAY8l()@#ZtVZI!p{`iqRg0&b+bqE(q$uDNlm}CWO|=6vw_T@>ZI9EL&Z=JEm;}PQ zGm~?@uwcHBO)b{L{h%)6aZ>RO9BEnr z32JKUXfyI{-M9sWdEUJcqz=2H`5|&6$h4 zmmWe0iFgzQuPTjN2z>4FGd2tufD*=1I88Ru%@~qA?d0X2n^978^VX<8eM$-)9PP?Q_5UABn#gSv!H&7|%0UP{v~|6IBc`*DbM?gf*hxWy5kN&uuKa%Ovb!Wpkk9>9%a*woO^%Ex&vifyfThQ zU%rW*$HC;Nh_#(Gr8Fykhu&tU(L;5Rf^e`?gm-FS+^?uIdg^qBb8Zst>PTf5?hG9D zyT6a&G;?=+{{-QPfu8;A*)sRC5|BViqE4=h zhJqez&^xl1|KjXLN({i;4=lya4`Sn?;4}$h#dVMNp2eGz~74H|DT$cK>3 z1@1hhQJB_!FgqjP7uZD5u3Yi}tN96CE&uz=SN3ES!Pyr5Z}wSb>;w+1_85(Oxm|=( zn*0xq5~>{aqNuwtUZOZw*D@RfA$&pw%ypE*!0`wKwFM8UIJkUUW)1t~pV;-NuFjxF zD30(B7)`l1odzqvPdVrw5(s(1NIP+VIgD2ibXAmoH2vXOGK`R#OmA-Rz_?S*E@$J) zUC_`{dt!zQwISwwR2F`cUho$Dk-VO91V#~v3>lx0Myph>i`Q}(=OPHp$~~WnzXLK8 zYBxdh6E!JYhFbNux$=PJhLgiv!RmrPMt#h>9&~ZIeNHI>0Hy2X3)IYccUn`7M z>whdLXYI3-N2h))4wjFIihoKneRj_m9p@p{oO{lVi|!%@-G7`BJfJXKXm{PmLI%)` z7p+JS6gD9J(5Po)Pmc5`faZZ+xXdf)(7>$@+D)1Chn>DXWEI6Y{rHv4X^QB(l)*kZ zgDX0o_RA2lZ|?b#Q_(zwd^3j+`z&EiyW|dW$1E$#{uMLQ=AhbU!JhT{^`;XTP?5?f zPg-zHF{4~OBAMpLDHV@J)%sngA|v&jz;%kkiKzemBo|h%db6>2^XfP|8uv*~sbN>b zhr~*)SnL80eMDE}vB?nru)+^!V=MKrWgab&F=ml-8Za!CTP){--(_OW_qxDNv3am* zs6anY3lXckehLE@V@$b{afXt#swlnR*o8fQ&u?oBpaH}@1bo8fL}$#wM!bcXAwD1V zxD)MxZi)^vgsZw(xCcxLqKQJlGg{6^uJ!fimY|XS^Y>LoxDd(=oJd$~p|SOozMV3X zqy5P*ZuN2YdTO@Fu^$MSPVZOh7s>j`03JiY#yh)+oAiQh&Le&MbXSZ^V|rTp9gjHy zPwfI%Fi!b=&iOder@R7^0IgFA5jREi-m5FA#Y{&?y)zS$7!1*sR!#_&qZN-;nQ?3?u(l~IE01{Z0EY1ym1tPU*11U zg}4?(yzR5j9rO*Gjnto1)B5VQ?z*#QtnPtQLy&|CG&CUQC%}!ZwY43ZBcNAzLx;u* zup?^b=?!?fxl99cf#Khh2zI+j$MksE0HQ5jjt=T85&?3R#W@?}40_&#kV*hdl(3ZD zo~16Zd8J8bom*`@|2vn!jfbjAhyq6{Ym8O^aGxKSs_(~E#2LpD-r=Xico(PGr^99Z z6DEKQQ$HWmbpH>^On#w=w7n{to(#d&F^Q7(z?ihav&5&?t@9D13!sVmW?KDexC}U@ z(2POKBruPC9hNu$(*i2*Ah_f{)CIt_ZE1PIRf|oRW>S{wSM%Ss<;yE)JJI>)G-ro} z*gwwl3%@rxgBf`Y`|yj)CIaZQnW-Ie`iq3Z8o)m=fGj? z*Vz=N4#PLrs^+1Y;y*b`g*iRP@g`yn;d$T4Yp204xIN!!X}@++1_rY!c7?M94h>%^ z3@}0$?ljM`J`$`i0WS$`?7_9IwAAS*xPHMz>Oryk}$}_1T8d_(hj&gllPmmx$R;LmaS@4a(biQRVC{&RUM`#NR@^!`_&9o z8WBFVaAdj;gM7Whjo=F}=Nz92K#g|JW>|zX@4blJ zIlp*aNmaV{8*zhgHMZ6eH8VPknv!*}ss1BJF~l9!E-uw7%s@WuPg5&XGHD3Tvsp?8 zqw=DfeG0m3EKFzlBV@01X=iKg#^pi7UT&j0!b&48XyaeIGiY}PZwqG{J^ki?K3Dp# zuL1fr0Bb)#^PX5>d(=$QYmK*^y}9kc z6Q{m2s7?EYtek`Bw{E(?Hc!r_r?a0igt(8%M`p41PJ+XJB;a2JPzavNM@G7NPU#H5ONazDEW4Mef?(0n^I*8Q3wdi zLOBm;ENs&OEb}T7`7qJuM#-7AUOQ_%dBhM=LtKv!#i0+o2i#w*$KP%1^K{e~6F8(~ zA>4FuW`ph|is}Ef3N{TOAXiOzhQ`pHoK56CYeQEHCilTLTm->2Wq_O%G~CSQ|F(;i z8exEGOVh?CG!mZvxXEk(W_zA$QHUyIx7;O`8+Q$U8Qkqb-`ctbd8>OfO7S!B*}g6t zWZE;ImY|rzc&9i3?Cp7T!U&X}ch};3Xce7Qy*kH65-veAJW&lr*tH{>ZS#X{zaPwv z>8?(Im^0+39&~I}ns%(pF&?bK5yD=2L!yzHrW+3L*L{p>b%K3E|FNAR@mw zAf2jsB0BGRI!{Yp>BV5Q)n@KUGV^i%cmJ*wuHWEzYt{a!#D%E!s#iL9Me4Y&##rK% z|CHbq7iKCSWvkJ6MS8=sGAz9NI0h>DBO}$!tyX{0J`9CJ4J{zd7I?;b(epXP_Iz8jfL;~kWZAW`pVA&b5rJvL%h(h;*@&cv`Af| zcoy%GGdc5nUIe#{OoGOf1Fd|;o4+=JXaAa3=n)F->L}UkJP|uvU7CdPkiUQOY}695 z2Gdtx@tX)0Jul-Lazu+4bNzIBvd?g-s+T2@m+gH`Ft;yx_tayo_kT;b`cxgoa)JS& zkA*?*`u7`>^RN@;q39k#IueByLQK8Jifgsx9_p zpIsFaNELC6hncf&J}|kE83v;>JzLk;OhSMV?r&j?!@S8##KRZn01xup^Qn^MLM++b z`DewXxV41g$S&@9KK6BFbBlc^j6QU z2;s8udUcIySOf?TwVgb!jipLK?1UdIopb3WaWdh&f4dr$j*+oQnh{Uh9flWvYJy{< z%a$#cUD&ewqHkF~LD|iTejFRMUx6Tmo&KYz1$rMNW63+sMpn>=c~}4MRj2rt)rqu_fV(Xb6>~h|A%R zK$G)n?}&<+QwPzadj#uo&jg695KgyROtMhzaHJnu80)vo6Ijw>jS-ase~~24p=L90 zVnhIAR-|nva-G=$ZVn4?>Ofd!wmpkaeIj&lol%dNWU(eSp3EMKs@q@53H9F} zB0RZqV*i@jL+o?xjDJ#;J+dnls%2IV7Dnk%ZLdydUuVlsZmF^~H&Kq_gwTNYI1MsZ zNU%}m<837TB(=eB7drMq{ZNS?p(GjS#Z`Gi&prUmTC(?etcQN>zeQ|Zrb{nUfyz^W zCQLJy{;?lRzKb2Op5dwGt&SH5(2KSRU(CLSt8WTwM_Rd(F(OOde-9=b>_>_?m2_0C zRyU+$1vC8WI@a&!KJ;MIf#FxT>aN8%@ISWi$AZJOuCB$`U?MkhGcIKYPrSlV|4RAF z2W>jJpMoC@@qzq>wOy4HAgJIrC}4wBgjtJ>{P)F7gb(xC5e^0r5O$#Q&f5k{RA#rA zX->WTn46f(h5dWZj9PiswOu?n>>#J8CvjsR3rcb;=GxS-SqUc?*D(37XiJ1kA*T^C zi#Z|%{^F(~=4Ky$dKPjOK(;d!-l<20P2VFkrwX;L4+wAC;t$H|+|7c_stNb2zsve74hk~k&*w^MV4f2Od-X)j>8y$sd=OEe`n-r;Z zzm6n{2{gA^UmjE8$~_2lm+f!geZq#{Y9rPyv=(nV>r$@~ND|-MqS0sUK}f+D93~MN zVofx$+~&aCosQ;)$8q1*6>$7UM~vYt`xsJHN++t8#1!KBfR&`D;jhuSvMb(*lY|Rb zU{0a;a>+FgOkfb|rgT1eA=nJ|+2Rj|%BTQZ!@elFqBy?JvX` z7IVEAzH3=zOzP)_2~d50UBQOf=O}wM)PLjH?t{Z2oquFXi0If~aDGf}jzJrb`ww2T z!5VUFEE62z4BA9foit@&nyx{9Nw#)rjX_QrXJF-FsvJ-E6(SPlO!3NdwH~A8Xs&5A$CFUL7+?=O2F8 z`zoYQ-X$Bs0f7P18o4H^Sy>s$ias4<_?$uRE9rSP209_U421nY6jk$8cnPB55`>VT zmwS`SBVH=yRTZl@DDhLtUDf8U*!i-5_#b$Z&W299Fp3L8#A?LbN+PToB-;pch^323 z_pj;#C_g-=DlsqUgF&5&!+&#mdf71V{z^j!_eGbP3~46!>qRvaiuK=bxTs}X>yH8D zIx2%1g*6i)r4qW^vEo^>g>N0Xm;ptEJSW`lB(j~eP=mt_q-waLW2vBJmxrdB!bx46(Ia*)M`x?COYsUg~cCQLA9 zP+eFueeQETa6J0t|8+r|UKlZ0VW%7U;F6V^l_+8QURup6;6}GHA?fVqwEW$ZIXVT` zpn?cHC}hGAl_sqb>rL`3QIjG?vxq++*W&FtX_WIQy$}8OdD7`L6GV#=BGXYlP)V+A z4J8o-YN{GTuox1ylAl))17`K~^Qz#OT}GJksKy}Ecj-gDhVb(w^j!d{7nUjaheHgY zr=h3CU>=xDaA~*l4%GARKGcwyt_3Yo*^1YLd2Zcg9}cAVG0rr!0unjJJ~35=Sw?$3 zT|x25bCJnn7WH4PZkT+B8wP77LdqRx5vBU^uI<{3;%5MlfNqJvEa*5?-&wJ|d*2|yE-kqhHF zD=eDG{Mg`Gb;C8XH>AIZmy&T5EGEkMW__W2@Cpedur;1z@BToFsO%?!LJG zZ~&Yv26hNncGnslx z4rSVL&a{!ulQnEV;P4a1_N(GVMdQ`Mboi$j0>iZUSLhe1z!@ar34=IeoKk2$?C|xd zo>&nE?53n^busZ9(fCLYLk(?$>ksVK2+OwwPb_mGep<<(6$O^x$xLIkDRMy8PC#Z)J!WE=PIq3uujf!FEjJT)ih>UW=kd4n*r1!Y_(yw*oc6c{<(6wWW9)0b z5i(QfAMC)gK_oBPdjvryU|ssL$H3QiU-eECo7!`*&-=A$joq-#AhS(4d`OWtY6>d| z3*RoYr_EG=KuLUuZc_Al*5GQTC5|y8`^t*wvXP@c*_9^-!5nSBe`?yF&0zIesAB2o zD9hZ45MHU(AmrE9;X1b;DF2ge_ZqQ3I$;&VEsc2+ZOZSs&dLo7lB`)GNCor@XiKXN zW&_yU%2rQP@O*gEch93LIgZMZ7Gy(tS zt3u0-uZB=7=Y@svoHadE*nwtwGwX2VX|9Ygn9y z%HcoE+L>%Ng7$qJ9=le-XtoC=vbED-3`xe|aX4}GM}uQv(&OxH`$nK|mZGX9jXr-@ zEwq!x8VN|VFcW@pbr+5zcPhmnB3E)c*FaiOHR=M<^Os7B#YTgiaiQves^V8nwphgL z#K7su)rTcQ^1x5t5O|~vs_RU*%4cI?2zA}ORH_>C{=im@K3f+AX@>gAmil=pOXLj; zr(Cmz_GCTNU+(M$Xpm%ds(6ww+T`v6*O_`txtM-fiNFZiETmeVw;rF`u3sd;muKrY zKkVF%IAD}J<}zG5LkTnBSwXYFZ0=$<{g#uBvjGb_P5hrn%8|^Ud<^PCQDO7AR;ifL zq7ATw5iUmKVISLmL>F&Qn}%L)hI36DQg=bge_DSUM!C$rdv4xxg@9BwfAzckwqgfN zKUzZp$T?T3`+jan&2HzfJG^g|`De6wb6gYHZKfY+dz0T#LQWit9uBFPx4-WjUs<3x z;Coz4f{8)kPn>&Vc)By)%VuPrU{^kcs19yRXL!R$^avvf8_fiiyT0B>x18sQ6B40a zlDl?%Wp?S0*}@ZvJ$3u@q;mV_Ih_#U1X1rw3EW$1(t!HH4~ak1U_)thpz+dn`3Ali z?*2bGe9jrB>`$H1Lo{RG@uL*&gp!^Z0Z$s1q9#Zc*gRrwLUGt0$OW3NaASu&fe^YD zDd4I6qtldd?wh62!N3Y1{T&C^lQ_OzLFu2l9|R-Y3`VvvT+5HSy9xhkFC*29EF@o~G{v;;!K+7xO_( z)5zMmv^MMZFl+5K^}NVJuiC0jA*U|! zr4Dgv#&*ebHh6mo8kvNO)GTA7t`RroTmWzM6RsqB8ARV5xwXaA2rd}m2u-2Y=8t%4 zyFT*KShQdlBU!Bx{(m;!3#buV5H*qob^T!FD}s*lBBW<=az?Ub*3|6Z0~vdh7K2qx z@6&%~v^MbsvLcQgJ0!zM1nxRqas66!uD7*cd>jvDjtB@_2t)K6_@lre@y`TZl)4ZwQjF!PFzhtQjG0n8 zrU>YNxP^%6P-I&zj=61)KXBk-WZ0Z^*&xwWb2@@sh`V4r@&Z|>IEsei>smqla`)3<zob>|s@n_E#OVDVC8PmRbJ#RRiV zUP-H5=mic)^D%BUs8F{(2~&cDb3AmanCEr_>F_2Mu%h4QAT}Bv;H{7(6B-;Jl(Gps zNHolpX~gAlYrW%E7>I6n)oNU^&6!FuWlHcc1@h?d3nDHkxinA}bny}-Rxh8;plqQv z`?r-B-n?&9?N&ZB?0=jjt(EuyuFL;$aIjsr|Mw4eYy1B$K5OX2tbj~HywB}B&FYRU z)oTToOsXywwZJ5Bx|$8tgb1&>EX578O&4bQm7=lMtya!&fL-|ef-_l8#`~-l?kDBE zYoKTGIL)p)Mc$^Ra7QZKkBH-Ln`on89%@q~?vqeUvRpCLoxQT5D#iUnBLpoRo*nE| zNoFOc?>xyA#8#kX7YXwaP$Sbx#Eu*Qmj2^Q5`LFHm=g-UgKhO4`*ZF_$#khsxcZ1QE_ycj5;oWy?u4@JnFG-4oxG0*(v}pCZOGp`qyzZnxAi=naQ#c3 z8TmiWxw0nM7nud~j!I>Yz1VZJsJYcd%|DuuTUihO@IP>zL)TZNWx@SJKZ=O@<9tuH zBoP-xG{3IjFXR+1Wz7`}0b`;zl;Ja{c>uYK)FnDY1((@jL>flgud$H zO%hU7g0?wiM7<50UBuETGEW3fMrWKyiYCo2+J=Wz7ukJbzPn4fHO3BhUhE$1@9sR? z+j|agBg)P-+JE^CekPcaNM?w4Xm8?(VhO0o=LlYW`I1rM*ROh5YkSZC@;uzn2IWTH z>|>}4kxAJ@jf8h_yQzk5yYQS;758WP&)(0h$bgb4wBdRMNUeXg2tPv2AeD;8O&cm* zf*PTwHt_`wiNVsuum&`W9Nx1BKMEXD!c^hKP|)z0m++^@{oL#Ave`v1yx&)T69_fO z`u7A7BN~Q;ox+_a6G$_QA^RDTAz@(=3VbmvR|Cwz%_tRbVtiHgl(LGaa>Oqy9>cW+ z70-gU7e^XV25)^zg@>0kG>a&E%HSL&W$HZ#;)VzLLP>}S2vc}SCNP#n>5wuT z{-J9=Z|}7Cy{fuZJ;kXkpw^`OnP^UEy<8CBB7=ylydeoQ_OYpWCgOvP*ITx$W;R1$u!=8J0&uz?gdHO3kI^MMuIC9k+3I8z**>SxyVZX z>G0R)@yA!c`Zr4a=htR_LgLrvR>DJgmhkY`<`yc{{k8e^mp}J+m_R?7vGp={sx?z`t8d%rzjf&+9>d?Qlo+lfX6nEnpGTO5yaVZ#w)|v4G@Mt zo}di6OUgoi3HKg(P^JTBoTAY<|}VD?YCSSs*xaa#G|kzB^8ay8vzQO(}}a^ zCuC@?ic*Es5gn+>8VZ!{=F8(x=#!$6jXcf8waV1&FTQ?*1qmmO2g!vhDR1UBe`f$t z7SanErZ}2ZmR%Xp?sEXH@D(j7ko`0`H=^AijMm1i)}zN;VW*TzTP>|LhD;f&P<+Su zipa!DWIz{;PK$!t+Rcc`FU(wnVuj4p%jlcNM?QmcLUK0CJ$$&Fp37P5urXF-Seyu=d< zuBr9m5Yepxv@9{bGJxHVOZ&R%DqKkafROUq+}FRjV|W!T=Aj`aqw9sR^7@t-@4Zv@ z-9fbUge^wfZytz8z@{EV_8#Ec9dJwTfF!A%0kt!rb_TfLRl#h}Z{Q1fQTqaFU%+a7 z0pPK{eq+lJ%bd;kwY@qF9)SSy{kq;&pJE1k8{Su35{@2ZfRn<$+J zwbEHDoi{o`F_67WLA4ff16|@SV|9PlP~OSeh=J@0g2M-okrRUFb?!YB9qSd9wSrYE zSWjQUYS?Bq32N%{TWG>P@;Dbjy9eg68b|i@tvCnlG!-6t2Via5amt4CoJG#%dtnw7 zxq>0+53f5<-K&9qnk0txW=q9oG3M-6Gi@KY447ozH)2dkF&RPG`$e#Y@75H~b z#29?nRj_-g-YGmClB*Ik_0BnGfRu@`um+-kTC9{vyaER{-@#E-rT$c}@@AYyidGbN z_{zjhvkDu~XwUGKjq|imdI=AElnwY7oB8ta*XEz?*I%1oxAJ_Ao7MQ+y$*jBj9B5J zNwx5Q9bC=g+bJ*XOqkJlFH%X)%<8XH6(7>{Bs^Tj#CY>^Sky7TZlQ#Sk8iTzZ=N&& z#Ae3121d1LGJe_GaRRxixP8_vR7+@Z4l1^-Y=@s|Rld}0?&oZwxwGy4*z5KQdCjZO!_QAycUwb=s{+B!X)cIc?d;XW&VOghq zsU4P2%wc)oDPLBSxOXXpCN_kfvYNC~8GON^?RKBS# zi8_neAc7UkaZpseJ;)8k8Ya(|gkR&$K$(WWlB_gp0_N>1{~l98+?`^aO7bgzKCjs5XQjmLa^dj1Tve1mrOp!FP@8m3Mq+2Jl1B z2kT>{^|8`g7c?(wU9e8oQR{+_T^GFbR2@s@=6IaBIF?Di@xT?MI@w086@3$0QJrj~ zPPTC`$u_?9db)J4r-e=~wA$bOF=^ztzbj;Tup+6>#c?0GIF^{VQf3ZF%#qDyouuO_ zCh3@(m!nR`@svMv=l{6m;ymKmO9JAa=v5+Tr31Mp|Hrdu&-P3CKMwW|4(j|Lck!w7 ze?0d5A78#CJgoB;XAkN$AfCQeJ3}9jGj!tyc|fK*38$yz)$02u`VMghUr{k--*m4d z3IxH5guVW_cTQQTZ3O+d^h#IJubg)9YxC<$l8K-V%ji~+4tW};EAxun5XH;n3whGB zYO;=8JDm$eo==<3s#G6$HJjf6d1lw2%$&ys0@$a|<3y&CyPC!<1Id$~$xo7qYbUbK zXp;Bzl=gku0Mr1s{MZSSL2AO~Jb~1?R|YGF>ZKG*8L&mL8ijvxuE|pL$H4 z@MPtxOr7wg)?{i;rp|j(t1=Hvm03~Zllh!GE6#cH6dXJgw@I(mlfJ4vE328_)%N;0 z=6CW+>XrJ|SDe=6cF1@ooj;E0E~SoHxetCdS!A9PrcK_Kg?!{I;hf(Nrb{Vuu0{0% z$#NDGQg_P4Zm0K0HskZMu{t-;x8=5}bMw?ro7!oE>J&Y-&*lO8Z00(vyjoLl1zkQ4 z)##r6HFr3*tL*b}%ybR-Bms%_|g+Zrjgp1BBIV6L@+?1|h+QDnPpAEzpF(Kkm;d)`^SAFde{FUi zMiQWhxN!6o-gwPSa z{9pAZg!x_P|Ef13+{=5q4B^S<0K4%O1cfAE%kN0cLUNt{>nS#ctLvm+_ce*1BoT9*W3u1sTwhOMPqNPS_29Q9w`#NR0hoPtuCLncyKA%W z8_)N3E6Qk{?CZ(uGIg@AT9v6)nL625t;;+>U8YX>beO9z>aP1sw3Lweru5{9pf0i3FXoJ;rgg zL?5&Be{CP^9~>0(f9*Vfw!dHJ|GJA$Hp$&a3teDAaX%tmgd-wUj2Rvh(Kac&!UjSh z&bsI|JTRHHY@r51)=8b&ftnw7QJ?dOVAeoJjC6~&{62>!U)a>{Y(BC1d&(&pM+Vm`R~Eg?ie_-whI?6q z_O%QI1rt@TkO-MwkoP!|=#r`tQX?u&e+UbL5-cPM5tfsk%4$TEMq4%3L`xB=2n&d} z2+NC0kbkFCkT6?7#Z`Lj8d2z+0*4Cg@aTHQekqjut@6!#%*GRMKC)=+zp#Tm0%(y2x3Hjc4@x`#dYX`+EdzlQ z^498Qjfn}Hwzy8A9`Y(?XxQ79`7+AgN^=54E^w5>f#k)3dY#p+1Z*c>0xm%`2~p1G z2j|4Ak^`|Ft^x{6DpMhGihUUrM`Ia0``bVMuoOVXp(fk9Zz7d!2T8gJj-VC^(aYmc zK3vcDx0jo)3Ajw|ft!H#-qrM>drwyaUPNQMDAHaYe?sqcz2d^!UJ=GDNQ>gjrWBX} zY;SveIb>O;e&-_41N1s6crEbo{Q^3F8DScq8RtG}%PFhX)|*3&?r+Z}N0$WA7rB}A zT#49S60oNsp$8&P)CCMy`Ns?EjtT+dHNF-#dGIJGK3P7auS6x2D4YD;)7*JHSdsq)mCp zglBb8Q!nmjWs&o=Pg>Rm*G22!AEKT1&Ov*-wT=FYcG|no_1E>vs$6zaL|J-O`PMDY zLfgCT=eFtH_KR}MwuY`85TWRRYAI!(R+q~>+FfLN_GqAGQo>eO6eJ>8l9p~D>!W4K zrGXRrPY3qJZUZMt_VX|8o%VjCVDg@g2#N>}DH|fid4vXBAaEq>Czyrkg31&}^miyh zV}eZl6}*cLi)uGUT!S)FDv{leque$lszC$Yje8^TWqU}~DD9_`h=4OKtlI&PGirB# zW32gICrSGe4LUR)b|OCHCeS;girx9anz5C!}A~B{> z7yXXeNK!KT+fe`3T{jRim~^l5!Xiq8b4vaeP#N$-S)t6UyljlQXb%J>VT{?|1PMo2 z6{_e01L0Mmg3AbBv`0AneMHGc1xWv`=x{8!-wTcYrnt~r&Lxf%5$%v<#S1SQ=9ya; zR`bxP$mR)Vq6+;DBT8_RL^Lp>Bcp|b_TG#3!Lp)ce*SMlYi=R{X7c}??PojBcFX*K z|M_ms|L@{6jCdbMmi4QM7-cMxiPOrgg5>XA8K!8xekWu|r4r*VYMOl>yOKUQwkjbQ zt0DS0fNo%8F4L9P*3c(O5N3#6QK>X{vpUuZk4Q)VgEm5v5C*)FGo%}8XG}XZaCLNZ zo4P%eO7hw^rE7PACR=>ak~}7@jli_NDR`v&Ph{d<7hwab*Vd3$g6Uw45*{K?Mw*u= zWRUYx&GiH$ibyRKLLSIYz*#^NB|8a^XfW<1JZwo4q=Kq(%RXDfNrFWTzSvbYDM=9U zI9X+jV;QIj8U*Cp9@?&88%N0qw~Ni=DB_nSJQjRFBLWMdi`GLPoDe!o2$KQ@Fv=`!on=#oVv)B5?HU>lQgoVqkC>4 zoX{V&9g#oNcDR!!`Lhcm`tCP0=8@C#ZAv08Xh4nv*xIk4XApMw?-`M*+t9>hY9VZ@ z`2^KQFEK-Xf^7I53EPb|gbHfu8t|cW*~T&coiltXK~`!CZehW?NdJQ`WtZZ(+uhmS zd$xb@{Ka3kx3{~xOo!sQ1%-hVjEK;H;#BeXFbD&BLl6+MvWs>a8t9iWFoe;F;4sow zq#ZoyW@Q0d3cm6E(079fp}kYOK3B14@}6$ zS_9j1lnpgfOT1X)C8q4e0~{XVEAP>^d1f?3gUgn+P*3bs8w6)FZxN21HWMUi_QV9^ zA6*cEhs4Wf*+mE2H)-2Cz2<7(tR#XyYkCV*gveDAVaha*4yhC==+gZ(91;b-iqC-6 zm%O0f}e}g-CfUcpu1I!}23hR%^g&)I}Yf(9Ve9NR7->F05Cw(TL~;S)x8dlu<=- z^om4yd}`A5!`eV#6Y*4K5BK!L0j5zZ$eD}52YP7aItM7|Op~V!MkGulBDN4|58J3I z6&L5t_WUacwri3pN`K8sj0LOOS+1 zt)GuGgR>J;A-Eu+vph2kRP*lacn&Zuw^s`7A%%zNa>ONZ4lG1XF;M(bZn0|Y;-Rx! z5t1WpwY>z6DQQ)qi{1`CaCIz*)cnw>ARmEDa1@P^wEC1rx)6Ab_`ra1oJP?p2?SBH zZB;Mx3&p8aS~A3#rO<|r=|YqNn3?#r_2!!9tJ-!< z`;&qyQ;U*(5M3)XTPPk|-S{75Y+iytwxNhrZv>8sCejMFjtpY*aHo8V`&dc%r|IUT zd9l-e*4}BlTF2971R$A%Nw);wh!%9N?h;pLcz$TL&*=y_PSTU|keQ&YyrZ^FZ4F4TvD zJ4#o2mFu0j&S;q_IbMTSp=PA^tm^GCBmqz!YyW5iP>X=ut@v4}R_aUA}DBg_IK zT-B~>HK@U!~XqxLv=(fkcHlqp5fBbCc#SS_HET$TR5cz~P zd0ts^dg-{O6P4Dmnr%>_iJ7$9UG7JctqVIkp#7sTGztMul4HRY4|s&&jJn39hwL^w z8&QeCk_J+TBohEVm5Opb0#jR(hy)spHhO*4MNN(Vrk?et3KC5bUROXP4&CpKU$Se) z{dQmu{vqs8VBe#cC$F>`<5UH$JY#Rm6L}GEYim^=*nkVdWhbxFDpaWw*H&+}HkM(V z-mXIKQblOPo#fY8N-Z5_WlfZuQNO6PHUZJt-Yn0U3+=XHHgM?8y8iWAi=>fPj;}!Y z(3w$@UC59i&?03+>!LHF0_a<>M=K|CF>y}DLB#QS1LT5R+In%Xq2l`Xo|Z_Wv4*mw z1e!q^YiGozI*KTkL^|!xF_+vtS(ipkdxbqoMw2dT?zDH?d+ldUE4p+^K(15Dv|84T z$IzdiZLM3gp&(LL>S1f>4HxJi8E-&lYwHCX^AyPuPopqXY&FcbtyXSxp$m%Pl_48j zz~9w3_F%Qz+K>3Kv%9^!-PwND+1~BYSPNaEks(`(x73KVT%S0hEy`MX11$|{XU)Q= zCA%&TF#|0=Xkq560uW`$x`+)ayMlLCD+)?{rIM}a^2I^emfO&C-t1&S70DJ3zzA}C zjYTG9$gE*BZmdRUn#EIzIE%(W>E|!9DYE6yVEG*jGN4zwqMrCHo&*T3MXqq1M5G<@ z02@!IRT*`CpwmQv|5<+}7etJq732&FY}graKq@s+57G!-jtE2c0vF52GhCrQ*4*7m zmA3QLX(h{F(ssb#*~Qz(!8u`JzLsqRmT}9dB}hmG2~@d+A<9&eRt|)<&_s?njkmv4 zcRhj1*%0LqoS&x>I?F@6->!HG)P`Ycxks|4H6?3Mb&K=ZQjybK^Vwc=u_9Gd-Y9Be zYY3T$EbFTZk`#=f*!(met1jBvees^^M=peDp5j{V_`pNrv|^2W*kJ&@7d(k`7_y#b z!gxqpnNaOC)*AZBDLmjJQ`*jWWJ6DG+GpljDlGesRz_3{v#_PIEu0yNV&Sos?fZcZwX94DEJJXKq0EYwE5T$5X5B^Z zDlsqu$9l`C%2d)EI%~0GmTjYDm9=;;YO*rtoiV`-^mNc95e`EW{eW<)MuaKrl(h=6 zF6SHYjZ(XyKdzN~>!Lpz1{?c(uPYa56H7=!s8dwZ7 zhk6UF;gEJvFsjTnrEY`tjt)-iM?2ufKOMA?BbJ@)%Qg z_+8cz=jW7^8`87e!eOXI?x8hqw%hPuSDP2ET$)HF2##B+h+Mgy-RDqprwjIpQ}P^V zD!aubUftAxAz_OuiV%8%9O)7_OO8Ps| zA`Ze}C!GWc4JgAA{T%{+OcTXHB^QCF7iEN&-S{;U>z%LgX#+Ryw~W@n1^A4$E`9vZ z%!gNP?XKlcHE^?Nsf%Nx>-&KQ$Nzjet-dP*bJT5QR;NF&RKiNN2;MTrTW$jzAEO%C zCw#Z7E{|a-!1Yb z<4x05s#%h2x8Oe3&HaOnEtD<0R2@{_8xPPm^ok59BjAq5#;WZTM6O7Xg3g#x59*Ko zeHQC?)G!kgY8gJT*!+9}JC=l9dD~JUe&`3*ZJI*d>eN8!PnlByO z$b;SvwjOsSFe2=N3T})gcaFhVn)(DL9&uKoFX^V&j4K1w)NEc2zcU_p#nDSWFF#`y zjI<0n`uP;S{>LeV@a(j$PgUcI;ur}YnT0z}2x|UJ`iKIxsd3Y^>NH}+X&AK0xom%j zHW*jLF=6vo6Np~r0%m!)jYvq1C%<_nQmMdA3EIVoCbH>hMR&iYEd+#7q?a>g**?Q5 zoZET*?^IKM5aCohB}_}>wKXJx=x7)qaxQaFFbH&_<>P=0f;ONWHc}%aY~35ciX+Ll zG(V4UK#`S(sfzI)v}I{9#u7_+RApI`sbd;9A3hqJe5|I<7B_>b2g zdT-vod)-By3oJAr>R8U#nGA9(&QeG5bHY6EUjO*^*hK>(+~*fC?iinItx&+8pqsCSG3d=6OcNHY z(Qq58x*L;D53*=h@<+|8iO|Y=iBsY*tTZg!MjlgH2uHl0){6Mh-=$Md>!4-J}A$&X+^O z*#Nl%Vvw2>HaOL+Sksi;LPP~^v)55t0FyiSCXA0ssu$TDlG(>MBbRQpCiZgy_%tYH zr8r=mv(jxNYHT{q>$Z^jTJwFvlo-2BFxLb&GkQ+OTfklQi1=g>*yTve7vU+rS+JMW z=bRztYU?&($yX3)VScO|D0lH$pN`7=lz3>(LcdJpO}=2#UxwWo+d5Iv^8aV^s(+?+( zjXo6gf{0S{?LgA@`3p_nu3Y83*qwqSr3CG#s(^LV;ITCkUz!+(CO*H&!mVWzxOfx9 zcu0=ZenjQSkQDgSsy}N;1Cr&^FfJ-%raHqg5tIcq0csD)#HPA~KtmG<63SI{GMh0O zOwD9Wg(8-}m>rKP`~^zb?TprT1r5ebb#pp*}LtZK>wQF-_Febc4qZA;?mVf zrRbQn`kg{oMegSqpI*3rL!onXqeYhTl(jr-F;7{|4obo<%xZ>XOPLk&jt)pL4kChn z;{05;(QD%?)LOgQ76?!u%TeZ0)!rFlzPFem^26C?vrQ za@Fbg4kJOtgLC`FBE@*{^6<1Q$N9ugp4KSZ?hHN`!^|aU0~87Y)N93t8s1MAmEt{u zQ`mL~(@!*Dws-xKwvbzpUfvSBChT6}#Pd`{*+@K((8T76D{q{L{*F3Ah{{)m+$aTD za`#UWmR!QmY&)f4Rap{JWplh_hvX1K|B~EpC#~h8(giiS?a%C0n4fLdXwBU#)r$bK zWrF%qj*;73Zc(^~Awb1`&*(;^QMM8cu@skrc{Vf$JiP!&E{1Qzyg)8b*1vo~ZIk8& z41}*=d-1rZyXiqI>t2lkk3!9*;&E?4g;YKBz$=kQs2*%f?>T^7R9jkRGUIWNhP|DV z0s^^#y^eJKQW34bP@6ll^s2~P^A6$imdWBp>iMLhT5s)aZ?9LB)8aCkY`XxEtbVT{ zuwgnjrn#aB0_{uScxofAsl6HR4NVQz)FRHuJF63$hJuAt%RsJ@%mfsqK<%5HfzGOi&!Rd7uF z$Z@n{nE@ANKA}IQ>_kPtC6B?I*frn4`BExmakI>%}xQG6wdA|NFoH zdlI4Kf(QtK3&M*dXpi3p;zbcCrkQ6V3=zepcIJ5t|VWCrJw~gqs8+5%#6!|VZS?i)XY}=JNnYot)RvdZ_MDvY1GRz?W(-bU ztu?YPAYEx`pUH^6Kkl|RLpt+PtQL4n~Sp!xQ&JmNkkOsd1IfZRl5w* zZgX~N?K;a2ZFa~$Cs>U>XO1%P^F*|too>u4bpGmK0Bn74v~&B`nNpsTZr@~pU!$vM zvUD!lt0e zDbUx=rU`cA0-WF4=7+EX;vs?exW1i1=ZnruLah^*alU7zN=fK+XDDtsCpB(+%`}^s~4^EW8Ev{8{ z^;~v6h&$z?ZQXkAUd&80g?*tkWJKw;v+MZ|3~~6+Jl&_5-%`JZ@Wm<+Gdocu-Xr)< z9_ZFlL@FOrWc-P+b}O52^|2%e&lc~c)jxPPyC;PD2hVKAyMpJW48oAA2={LQf~i=9 z!aO^>Zq!tn+YxUva96k3ai3s8MBcI4YqtA1aH8o7VxGK=`vtOSLu^zPS-|#GUdg=y zH4L_sj`C_A&6W44jKo6yaRnq2aX2vGrJmb@C_c(ipQ}+j=QkPzhzzwj>SojqHotKz znFB&a;(_x323Hwb7U{p&BVzy@9>mdDK~^GNF&L5Hyf@&YmqNN3nP->gLsKM%ZIXa9X_B|OyCj&) zAXA_gKm8@L4s446I7-n)%`aaN9iR=plH2B#W7{29w6VSu&*4njCi?pI%a`hR=ntd3 zn<9jT=VgAOMfcEf~o)zfIzzboY{5Aqz5=5$O4r)p%+ zRCm_Qz}yKJ%JTd)Yv6*jiAcM)!*Yzf(VH|XdXf%VPumUtD;e-aua#61(FM@A1i@jK zi=nHWs!^}FGViWA!Qs+(Y4(~q`6 zDddaDM@zyU7emZ!2CVF*IX|Se`r?D^RLdHA_v+|)RjVxHT|Z{gi%|roALLU|a8%ud zWSY<-i02G((pEf<5Y^o70!P-4h56QRGgp5pgTmV6WP5K6lj|9+sK8pX9!m@vP%*)c zT}JaziyaMmW=c|qdLt4gT5nfLR8Uh5tp4G2jiF4SWg4oByKrO8a*Qv*(ARWpE#2B; zt>_vq9K#{N;lJW!(C1>9`DZt}tmvHVjjk5$)3}MhAKI_6Q zJ#n9>M!Bz{&!)A{S%NB~z9Bv^4ZzHQE{0sewpkYN;NlTk{R>58WNWkUkZ zWm)dLBab2ysA7zki`a4Jsob4bEHo=t+C&m?r)UTUAUui@WiG;+=-P^25bFbwMyZD_ zeu=O`5y3LQj%z>5$YKM^)>U>6Q}Lk*Br_rVSm2l_B4mY?z2$E!LQ|e;ZLbOIE^yZA zoL2dS`GKdM_Re40yQSk!*JU`HILKc-$zML3pPwLtb7yO4;xNCdu|HA4 zUPn`vu1T*fO{`~;{HGyT$V|k6&_QON(*$WE2Wocm8L}{>eWLXSh>w?(EoHLM5ZWh3 z|DBRIG$JO)NyZgQX&P<5pF-+I2kARLL=m|lQI-P`!cLImUBYjmtq(XRATA_Pn+@M#+EH=hy9IOGDW`$RIXkuxwK|16{)A-Ow*^ub z+8Er==E-Ms_$O69d}dGrjwmUDL;pU+99DBjv<2opQ6nB^IiffUiPEAZ_jQ;xD%ATmjkF%jg6uhmz=VeQ`#*mB%Nr1!-wl%xs zER<#HdIOdy)#;wT#MVy}-4waut z$*+fGHcz0PDLYASMuq|>BRIG0R^tD7hm@d!O#YSR;^)j8W(DpW!DG#M0eug(9wh)$($%w*>AR?GWV-!R#6`Y^SroItYY_c^#&^VK@$DH`Dm%@=H_IO3_o zLxMuV6WAx!gq2`j&oW)c(aGsq=gr#>TP_KpO@K1umnh<{O9L3X#8gRlCQ%S~3C#b> zdnnF;gRX%014#n3A!+cZ%^CPOD55O$-xic-!wA%nzhRaLd= z?Y+5H;T&vfScMDHU|-Ia_BZB?6{8h;BVSCnEy!xtCnJ18dFq-f)GOX6zh<-MfcI3d zipqPftlJI({d{0&o*E*{Dn4Vp}(yGS5f>ien+1auted*4)EV zROir1Jp*tarPLK)SSu~|b8l+tH>-!;g=SEz29H=Zc+ElxlrveCS?I40qjnZT5x)ciLp0g8M zzytui&Vz2uZT>6QTEzxu^`h_)Uc+Yh zUVFQ}Gpn>5;o@CT#U!BBwepQ}JT^PbWO{Z%dwmhq{^{)OxcAe?)3YvW z+I-Tk?~~UbUcEkf`{Bpl(aDdeUDRqZ-jbMweSWpoYFU?MYnY^4t=1)FA-``*AsE(c2$Cd^~yG(~z9@fIv^Z=&5qX8=1CA)=wGOc{2OL=EU6SOnAyoi={2_$Rl~Bv zON%D2EwY*}#C~dx#l>Ax<~->(U$ja zWa{}rJIji4XzZ0hYv?UQ0hV?Ly9WxQxvwOg1f`I?s>HZm=XqzR#iTujEuIqcVFB=L zn;-6;@~$PzfMuB&Dm7r)xkeTMdrnBw$Pctk$Rp%z49ok9RDsb4|1Id0AcHCE^OS{1 z2|O6kK)-+u89$h?aCsnd(ME6Wg+e|hUDq2=)lIv5ZF|eb-QC7OU4Ns=T$gjsxYNYg zR+IOdnB?BGZ#J2$?}hF*u}Q8c?l*y+ZgRuPG9WH;$B6~Jc+bfMZLF=Kzd;y8k!-T# z5QWP)InxAMT+`Y5Yn#+VmK?H`O(h!82;{o;O5Y`%G*L%4b}3!1lV*|b*Z54=_2 z+i;$ZJh`$*z(P4o)!tnT{Tj1&=m*;C+KKXqU^ZB_&6{nlt*xPrGHfU$QqljPy?5_! z+r}2f`?o#?M#)U9{-T#(>Cv3@UdM4#-*FNj+v%KHIlVSSLK13<;1Hl3H_rX+zl9eG zkl;g)IB9FH)y5+6*w_FzHuf`A`BF&CIw_WMjzEeSAzJqmM5=dV_yr*-|x z=c1*P4OBpYDVSp_VrY?AFP2ZA)k;yz;gtBw3>XT_FL|Rg2l>Q^BdL+7%--fQ0=FqH8q33|&;_4F zWC|G#I}Nb{j>D%)csl|gbaTIaP6=Q+d^#mc)&EeM%CKT<+3sy(bEhdxV5r*2?PBd! zpz zbZVr9&Ar>*-Km-8EF(5&!f#;gi-;SL;V}+4??EOec5j5~=|V;wkWs$Dus7TRK0%b9 zn<*hF#wt~@08|uHPIq6ZE)UHf^<*U!i6}3VBsfP*zy0pv`Gy}Q((0<%q}?o8ZC`}N z%X~XE$4dKe-(4J?_t;0)u#drDFxcPS75@$fgZ#gHd&6hn4R`nU2YcJYz3sj42HQJ> z-QDlN;0upkJPBnm{%){#U-`lPPM%>8yhcpw&Yl=9&1ni8@cHu-;Rcm@K5;S_C!uig z=Jy^!Z9Eo$DPmgg-R)+lwH2x-b;{PCWw0K1p-B=1yr3%6B_fzc1ljC)`%{k}Dm^>D z&F40_12T35=yrYN@tf)20rF;~)!Oa}&i}O?(NsCcrdi7uSTX1ZGPJ}wq(USa7i`#v!7sf~0rk0^1&wd8H9JL6k56-e@}}w9;9`d60#eE#OE@uB zF}C7TyX-y=gM5Ppnxz zKRWyQ_|P%2D?zaAq4wmHp7FrIrrz9q@^SR}NypmUk28=*Wk*)m*zwjfNb~ZyfqN0; z_UGxlmm(ib4mm%U}K?2!ZnI zqeyZ~LQWuJ)bp#Z)nfXX2USF*JrIiLI23tIK*eLWxXDo)^ZB*e`K6y#?tf;4lqP*t z-~af{Z#RGcd$#lJ;r@3Y&m(XqSAbZ>QYoQR1nL-|mob`R%HrF$I!U_bU1J)MF${Vh zWGp~ES@UHUKb_Z0t3@#m*#xxzO8f1V8sOV3|99&V_@}Tcq2N4;M0Cm4r%(OwTl%eH zr(h1uA~}AhJ7w6+$rS6UuKX3uVwI>hc$8GC>|2aW4B@0l;5p(&o0vf!VgP zRRV_2z-`SjMe_xUg|IJ1p#7i2-f*`&XoKD%jGz$yVMKfXNXAHoHSN8|O#La^86yUB zCpDoXi5v+Q=Sg_U%0jML=Ti(8cs>#;mmx80iDlG))i$ zuGdoKGOXAPM>qQ_7L6GpUoT-^GPS$A11wHL5A5%VKk@uLnN09U(C)U~qi7xK&;n@y zf+PrT0iQe>BnCz@z+$iUPb6Cxi)h zDRH=xV2B_(5%M~{*6{?yl8=&&q+Fvwn|z0}cuT^LMC9EN5$GherKruAU}Cq9^>%3hGfLV0D{bdmll?BU&MJ42UVp~K z^6jE^29Tx}Tj{Qm3df2G7Ny#y!!fZf|JGFFF3lI({{Pybec4`pKjrs(F5hlB@I?bb z=Q_2E^;DP#Ez|h)DP3G!DxQ<`64)tgFO;_zdu`-e)}hY}cX($b?gh|f{1=F_HE|%8 zKpiUDUB-K=#0iIGBY3eID%~6h!v9?c-pa_KycJ3z2az33)NbYT19W$#&mELte z7Cs7+zpg%h)a_D^Fo*hr4Yz@aZfz+C_Hsl^LT{8VrypcKC!sO{D<6>jE=My%!MsOj z@{%ELvxSABNQe?$7Qbtb3@rymka2bAgd@DQASXa7NP~2w1N?Q(8p@Wfs!Ff<# zpdf9?rYp6@sGG1nhP%$ur1FTu3}q4Q?6u~G2WL9dotWR?%Xrk9-E_#b`&RxTUq zWT27JbV4?_r1H)d>#wjALawQbW*eg?)D>D%D#1h~Wkyq3T@M^fi5q4>=f&tKgc_aFQ9Ls`?#02U`Il*GUB0i(wnIWthsg<3Kf~lAXE(w_~3zx;yhw066r~ z$MjR%hYYqs+t$3ctB#ee7>52q5Y6D*WDa%*9dHN6`@1Og(iPj}m^ni%i9>DcACoA? z;u@4D)sVrg$Iz=lvG|--$)By(#rELzSQVqapCAQoSy_dN7I$`)l(Em}#2B$;c52F3 zV5~uXezmq6Src(T@lN>FCO9SjLBa_2V1VKZT+Sl6GAg0!0Eg55V%vqhe2E;omh8eg zKlu`yL#9^9R?tONq7;FgVrEAJ^be+GO?@!~SWp zStlOT8cpz)7G54_c#@idV+tsfn%~+jfa$p?YW4MR$I<25GyK+AzBrqJN~P48>KCa) zT?5c{-Q!$Ub0{PRTb0Af#?J@C;so(MEcXA}XpoawMiPE#MiM&9<1&IWyXq1+JXKZx z=(zjZIv?{{N&goSzp3u;yE^^faIiBN6!d?C-JJ*h-+eqKhm~8_r<6>wzCu|qWICO) zvTgH1>T$C^$S6TA*f#QN zTKWR+K*+C0Ap_eExr^1h;qJ}9o8I5cwQ5XB!3Ug|aX5w>7;#o9_OK;H7!?L2`kN72 zG{vI~SkcQ8U*;P8v8A$YQL2{jU>VMN2+}_)-D=eXIr-L*MOTUR>7?6d&1(=yiqNb@VdWLSnZS^dToZpi0 zj1Xpr(k&Q7Yinolp)J-*`zdI5&-ni>0%mp7OIyi}-&sx=S926R1?_y+w)QV6UMw8pO{c06w`10|NbSE*y5gx+?ZEEp@z6LQvLz=`Jd( zP)ZQ0NALxR!iI;mG;t_vu1Fw^?cE>auuo@d%fWa`N8kf!cRju_=hr@tK{slWVHf=E zZ$LE$x*zQvXd1FC83^ssSsRq>^Ws1@zu86jpiil{!sBan`xHEu@x4aRt3W~FBHO)s zSMe3Y+eqh45ENw=#lOjxbKGXr(L1=m3Oc_8CTcf5AMLA{%%x1G_MRV5}-tL-9B;p!-}ba8PL<_2r9NQK=6e<$aGo?qJsNAR=~zY>YX13n2)$a;kn0noOIOzQ4QuVu8PS|d>^o+2J zl^%937{9;~w+7HlA7@r0r-d^tjsIpY_%br?US8|b@vLuSK&6YvTC~m>mPKGxSh<6f zv!jET|GGRqdv|zretz__0GN<1mI0(&dvkR0)4O8bljHM?cCP5j!Hc64*YK-GCBw|v zn5jWT77eoqu7Kh4=Yx~?M|ns-eNw8~W!o;BEJL24o6_+#tNYM}iqOA%eR*>9a}kS% zCD?|#ES>OI?@nGGofW3BH1V|=%|5>(&W_ICy+1o#Z7MXcR=Y`@*#nCMd;j+Mzuq5R zzB)cRdVBEZ=)B2FEo-`V+lU@c4~j##DX5lGM=_ZrHbV*RQU<;2p8AlQt({=1?09N6 zik+&l0N43Hj!!QyPR=iXJ~}&o^{*y4$hTNB_M-4n)!#T1UfRTL6x<)u# zP{mx9Z=-T%yId5x6cad-z9kz`L#`!PVS_wN zb<3OJSd1R-hhM4caC6*B+RNI!N(S!(r}D?(RIHTJy0o2Vdcz!xo!L5LkgR;y8}IYa zz>lT7b2VC6yurJPDP1&qt#OFY^Q>QsH<1*C5)#J5_LHR5O$Pu&8?$yhwy`8cGLrA@;UMh3DHF1DHUFKw`~@XxNXQQ2Q*)0+|fWnJ8t zP6J{nhIM&D_7$;G;cOsUwhsTPmYh?UaT{3c|1Re68^lRgmi6Gh!PrcNrpFj z(@ig=26^inb9l|F$~ZG7DqLHsRMJspXS4j(`oV1G&vLnbFq^UK*4V;q>VExTUGrdF z^I%=`XSo??bGnJErlYkwkc4lttp-^1Ucb6LKRSGWc6{-#%Y&D1j^AFsKR-I_R2O`C ze17oa|w96NSJwDUY97s+vM(iKxHfL^b7@TjJ zX44`XOixG4(N^XiBU({SAR6Ol#UBv@H6P=;mrxY{1Kk>}sxUPCL%W_xHbnjD!TI?= z-<`dzLBC!2Qf%fgF=M)i-{Xww_(0BC%Yp~h&YX!<=kB}4(HRN|bdW!>>d#!qST)7x zt-U`xaX0AZSWe%i<}#~Lq*Y~2Zk}j;p+zNRB~lAFEN-!dv+S3ZH`O3}o%3W>iPJsJ zUL%>)J_R)5%uJeadrmuiv;V zM}xT;IgW0vp$x|=zCrm-RlA#z-K6c`kKCrbyUodLR3B^0Yc#A6vYJ(7H5z;COGOGT zEladD=gRJGxD{D~;V>LNT%I;?}7CSy?c z**Nw`>hW~`wKho8U|Cs6YV3%RWqfrXe}NC9T!w!G2>!Jm1knZ~^S}W>`mO3Xww>p) z_m0q5hXO5g7*#~a63nlNkd=DVImVz1X0fsgrOohOlBL$cyhKrxg>GBte08X;ibM8W z4OaH4Dq^J}$rLo&NAXke*eGL0=_{+5lYu@i7Q_>7?^H*)8k4P^QqeG&30K<`ird4;s)EyXq|q# zB@DtBvef_dsRp3)!_xxYcEY5|^Xk|&o71h)-Ys;pJGy}Qp40!XX60WP+1FQ4gD-oJ zD*>e>_!ju`At*pOJNh*uwH9``X4+ibs6!Co7{<@WMPzfsXbfcin41mbXdbcKmpIPe>UqyF=50b!3bO&o{G0Q3xcn! zW^(uPdsJWi`4mp&{rw*2Z&T{0bRWxe$%(e(x91lJCnuMuC+}Y$zdf%;m#1%9l^81; zdKoBiV!$;0YM|wqvnW3Y&K2?I;&d~6xKYpU85LC=8#1>Q^I&gm`K}9k$y!`t720W! zOZlGHuP)Dy-o89KJAV6G>(Ly#&>3UVsNZj}+;VA=d!?p`Iz_NcYHXxymPcG954XN- zwrUKA2PY>l4i5iOqtUgyQE;8ABa?&FXs}CsObj2Nyq`U%ouJ zIB*PnYl_knz|2O7+nrtn*-XksD%w4H_qt$t)TrHnOx?s#w(BH?4V$hawW{^AcRwGW zAHREh{Py)~T^Kxmk%ug^zeM5UXH7z!%%qUy6&%bh!jlV3Cp+nY$5{-z;lROaHUh2) zQ(JW>0DD|!5-I?ad0I1gO7fl9hJ|+ik1hL)T=x2ach#Vs{Cit&3GxX`a^%pN;bgg_ zCXNgyjvZO-*BV^&p6lo=3KtFUHx?e39J|zo*k>0J>3(4#399~OoL3_2So8Z=*?e*k zQy%F4p{!DZ-=8tT7cwHq>+4{(DP3x(FT z=C2s=vu9G$d^FFH_~;x3$YUfHgHP`n0S=RoUH-jGRe`oUW2Pmz&zjR9*a1PT5|u$l zi{V180mI1zhbnld{=0CN^g61U%ATxt8Hq?hrnl!2Uwelnq%4M5$x2E;E|FQ3kpRUa zfEO*rxKXAa=|*8U&dma)h>)^CF%XB)Jta?itv0`wx#zN}-nw3AT>%=ekbchVt~C}h zLvw=^i=VQ(!lEqT*pG!BX_-z`WG^&Nhcfk}Lm^V5a9nMU_-WEDY0+g4QZvBf>BgDB zg7Jb|A1)@>sR_?F+fY+oy*3^f7gOUA7mY#+1|gE`7`d;lvVO_MS=KCM6t1k3w|FYF z(olXRMWA;LGWO>vh1ZANE~Y)y&4bq&~eSkege*+n}|z z=c%NrO|H;NSLdP@xu%shN9=57lcTN46y;J>*S56gm`fU3dDIQG;d)5fVO`*REq$!b zROA_jd@KA>2iP0pt3t+$FUt+9gHXFlI-K{dp{2z})>SI2?YeO5K0J!6TlXlo+vPRN zukcPmV~s&TS=So3Hfy0r-JEA}H(;S*MyREl*S~dxQL4qymvm!O;!Uq4$Y90@8f!vG z)XM}GWgDmb{GN+I%VM&+i_dKkXC4(3_#StNqF6B*cuw zIGpyq8H^cCjjc3~Mf+ZmP=?}|1V|Xm)%7tL3sS-_S{?z&~PX|4iAu8kKXQ&5?a&)tG7ZHdcAwqIIB#azWb(A3fiJV`R2 zVe%{q5VeX`-B@b)dg*Zy^Cm~D!?_Lsy#FqM5q=$$B%&kmq22xkJOb@Dp9bu4>I2ve z0guE89Go75DKFSEbr#@5+tUJD+I|Y!lJ}(TUs?bxP&^hzrik%x!m*YA5n#&NzvL`g zZ8b?b{%zrQwq^#PU_Pw54vA&(A>XC^>mK+2n)H9n=Ovt09|Lvte`j})qyPKE{hbH; ze;?0U^xs9?U&s})8jW9xrm8jg%^eXm8S^crR96yFDpTKq=kd!zt44@LtaTF>>cgR8QCat@uf4y%^=Bpeug_P9 zpw@K~)X@L!o&BLr|91w1;qZa}-^a6*Qo^L^i=n3dS}OlX;noYPg5_zg#)7pgM&Pb1 z@L{5Hs6~v@IZYx=OOKvZYi82cm4xYul7W$UdhFM!b<)Ztp5mtQwu`l;10a1Blldzg zAbQT?#A8Wph;U_*=A%h-BtEg_w`qgyHmc3NnYJd>mYL8QQ@)yCq5v_0|AwuY^^E3V z5RjYq_Ma48;o=oFk8fe)CqHwGB=2&LHban&TPj^U`^2+0j;n|7`f|Szi9Pz55{lyO$?-{>y7$YVo$@p}&kz z)UrqFx5iS)G3RYiOn(UVLyYfNfTYTn@DQM4O)K1&!vMIpFe}=1r439P8la5HMLWF zH(ls)nS!oRt=Mjv`M6Vmm-ozQj!7GdIzYE5@gWNk^Gn{CusC^k-9IY!%O|5Ycuc`M zvwZqW+5jM%5xJQh4n4*W@0d21W%d)5F=3hjS*VZ)u>`v1z_R1Htbj|ifqOxuJ5o!t zX)mk!MNn(lLd%Lixd{UT{Y%qoZpQoM%m2||`U#EuV;uHTxBzsf>}43}qGVzjV$_TW zG;)2bs%_O5HBV+s}^kr9Ds>dm20UQ^4JUu)9`QYNHd-3icM{h?)S9bY|u6Qel z67k&&A#cdz`tSUHL=k)b{^C{lhqf_?`Hk?{kAy|j=s9S&1xd-TPM?3yK6Hq3dLd%eEyszFcELW3&mFO zuQSFXI_jq}Fg-Hw!wBa?^r=}B+fVwROJ`vI)$CNi=WS>8(zi+$pgJEK1L$kw-8Npz z7*?v0jH%%K&mEx12T%IlF6ey^y50U?0PVN4GVM|C`=|B`BbSTaSo>*z`XpU0xviA# z`>yDA3@O^*1zq1nzgl!Zg0`-$=2M|T{j!I@L|8-Sx`0yMWvD@tygdE@WQMVHPM^Qj-=O|>&6aY2!e|NC6pO^pd?rlHN z|ND3(tGiW*ftOHpu3SCO5$i}gVis_?j&_=O$w~ra9t1FoXg@s-UZ#udccWS`-KRx4 z;0$-5zLjbezK9K4guGF!Jk%jf7@-~va5yz)F$)bMuDnzUIP_23YD>KYd4`{tm)EbK zFl8jZE&8{)3dpKDw1=FMIb`1K#F(R!S<FE$0Yv4Hs#SVLH05I;Bv5fT5yweB)Ne<%RTA8R>jn7kSCu4yt?T3#y@h>kqf zyHLaIy?_*nD`q>V6>dxCBbgJ0CUaASlXl_0NHp)V`XbT@1gE$0(ty-j#JONG_avvT z#m(smzq$G7qq*p&9SMjto`ltoBkBVu?wg5pYR-`KENwg&vV0}h-Ok>np~4ElbWyli z79d`yDNy;{ePAC1jkma_{-v}gB7WO!B+q$&ZSLgZ`O?oS{QnF=KR}drbu`VITR@%s zXM33E|M&KWdk_5oeLSBEeqMTZm8*h%95@5UlwJ!=xA3~lffZP$Qzk1?K&|LBqKEbe zFhA0yUHMlWpN_y=5~2d@yfllcBw5nN_E5LpGQ#I~9ii0rMZu zo3Hq+ME@h$(DGA0wf=wmdH=ti!OpV>`hOo!-fXBS56FvaoaB-(iL8*KnUZAxL}L6K z2^kDdiGQHlNAXvZ?!YMOT__aaE(qNW1@j)A$&FD`MSL^r6#JXQ5KfWb z9joy3XDC3BqMkl)ODp1#G8n3Hr`2>&9ep4O>|O{0n}+OlN!$4Qg2W9hnb=^C!!wsq z$XrH78C3~>tgn=nQI!yjv1gx-u6nXq`MLSE_uIGjtU~|o3>bq5uMX_jnHL~aonvg3*scb&!?xVMqq4}lq zX1Iv9DG%4-`Ngdp!q!Rr5+OI;s^QMr^V%7 zb;5{TY5An6xm{F{^txMeCrVWi7G%ouaVGVV&y2C?HDaTDOCrWVKmWEFi0;7}nOkk- z{d940dU^Wp>>}4&UBWvDMjXk=nz(!AuWXCrs;NzSmWMfYkSl?xu(wK&bFoTb1jjhQ z3?rJKD?cXD2z+<~gW$<8);AF&<21$#9H1#Wq8<#C|B$eSwaV(0!)JsrVWlic&qx@o z8U+_dWaRvG8o7k~Y#!ynlo-s(J=i>&m`OYNQd%{m}5Z zuSlDeW6MimtUCOwZoozkCAAuwXHu$yXRRDZO|e#<_ox|=M#dw(I&0S-D2pv!C-U5Y z{4Yf8hQ!z1NF0_98DO3L@6K>HAOCB(`w;)}ULMm3tx^iuDf_ObU$RQQ0M9Wy4yQ4q z(rmQb?OM`9RUC&?BL<`tCB8LV+K4oB-Wjs5wE&DZ9oevi)v`2Sif;2Qpad$?1G z|GqzXu>ZQ3r=kA8s+gYtx9mWZi= zeRy+@aMwP8AI{?6+q2U7FR$*6ZNO{J|GnX$VE_GW=fVHyUYv z#+~R2&c->PqCu|8#hukq=Ylv83{9SO`s88P0p#)%m4<4|7uExGRS@6ON+PKhuR>kr zjj!FJCqOCcN}K_-{Lje)W~ltyVI1@*Dw#ODOoiQGN#oUw8fd2dEo;k;eyT(L%KDG< zn%x4l<oG&0c$-lKZn#!u5%Cn~GicE_eSU`&!!(!o%KuPKRsg!u76FDQ4 z=~%E1(+;bY!gyEMmzf4knc*2@Q6`z;+citaXYN&NQJNnz_3^-I{iy^*IunCMVRC{N z-EA2G%@xXcuoEr-#?ZS)wz-T067w7?2!|9Q%{Ng_Y3xT_5(;kt2$T6(hx0N? zxLY_?Fp@GLd)ojGqlczlI(Bdon67()WleP-reOUkD8-sykJoIh}xqXm}A%9fcr zYg=S;iC7OH=TuN^-@%R-l%JK8sO?hH^FOn}a7J$~Uk$csAZ_ocq`7*9^wJ8)eWm_g z8ctMYY+_tJoGpps;0`eIe<%q{c&ujlud;fn&;VCRkj>yLcE>{Vee{u`IE02UIBx~B znx?o(=2tAt8Kk_VWil1k2FaoPV-#Qy3%R}6;?y)i&7iKa-6`2qra`TfrP`q4+(mI* zs_d8qXe3OSUDEnbUpQ>~O6UI+haXjpye2~6n)82uyO95TcYp6e|9dab(h<4Ua_GuM z5XI!I)y{<kZvlfSnzRp`fCJ%~%4)J8tT z!QZV?oTBB5@KQhIicu6gitX8j#>r%YI8m}DflMZLF)<;RLL^=_SK@CFpalx(^WkV4 zT%%ih`5Ot*^ZBj#cQhOf<^YG#V|am{4}CC)A1^8X4Lu(YrYSn+Fai=)Ni>b2kHF(> zg41{D8b~v-sxN;}KRkH?ynxX3&1c;MX8=%aG!clXY1!a@7-R?q0D64EXDeG^DE&J9 z4M!IK!oOSJF6TJB3{W^_Gcdf)ee=jXx)eAA+qq9-G0NWzePsP8;7icTmjf4&dNGce z_4;Gi_#mo!l-eccf&5?;6x!+juMwK6Kc{%2{))nB4z>l1Z_9?OlKS%B?KkJgN8rP- zyZ_7o^x6i_^de=KGX#AUgP#axYSL$fGNUNpYaD2hOJrlro^CIKR3c2s;`)8DO@%~w zXD~44^K)726v5b=tkc%*RPY zS&ZOZH6l->x;8}J?xE}uw4-DkV6Sb~T5=2Y%l1IFtUu*~rEdw(s`SD#4agVkqvf%+w+AxaFlkxjFXph?MC%G5>>mO)eH7N2n)phy# zv)Gc0VL#=%rt*>sOv@a0a;O;jnH)8IKIch(VST2g_mq5U`H=5Ku-8q^>g8d}@ zv)6y(Cb8fNAKn5o81v$zw*K2%yLbY&G|R>-B9ZCs|AF53|I^$0U!z~?ok!{2uhI05 zpOtr0Jh_X)=^ggSotMOS)8FpsV#@#f?QS0J-jV6_j!YMKH)uTXJnmTJ3IOym!m&Q( z)$<=VZLvlkqnj8r1pcqRPJ7==lx_9C?|}Z}AsEL9UK_*u+%o@t&@X)HXO;VZM0_99 zI1$+b$B92h)rnwg?*GG`LjITioo5g6-|popx@){lr}l-I+Pw7NW%c8zR%QWoS}gjz z&=Y*xT%s2#$FIkHZ;r!*1;jz7V>jPelHw-SKb59FaMp$&--j^Qz4fjhfI<@$mdG1T z^75daZuqQ7|8>BRMmpd+{qJD7m#6=O2l?;)JUK#OUmhYFmFa-x#P=7&F=B9-(e`t- zFxJ!nZ;VdIW9ad5925;CO+~E37134G(N|tKt0UI#w0o{gv)sZ zUMj&MMNGyOcuBl#6hD=kw3i2mm+yW)Iy*alc_ePFhd;gh=i5}PcyMyk%0(6Ff+wDq z@juaTbo`L?g`x?_Pv3YHr+>?|HtA2F+=MqU_76^vvj%jQ2llh*T_l3wU-@lZnF?e` z;4hC)5A7GH$1e>uCE)>mPmww?;)I_;PtN$;gYfo=I8shn>N+fb7gs}vQHwct(*kTMkK8)bGP9Ej4q4<$3V< z5{#awObTf86AP&Ph5#}UAV?V?AyQSrocIV#NDML#KrdFP4j7whFV9j!vc!PPLTSM;?rOnGH(ThO-!h>gcH~7X`@_hglg5 z6ybo#r}8Wb5bdZu@5*&@87Wg2zzD0mxjgwkJV75B3i-mJB1&*}QtASEkt9a4c5n! zfLu}FL!q+=8OAEls^|ZhFQ~AQ`FFkkHy{6Zdv|aD!T;-C9+$XWo&6g**k8zX@~1uD z`Cd_Z7&ToU0g1GP%}9)Y6U`|{x|Yt#D0m_@Hw}2O6jja8YMWjaqG`GM$g4Y&F((&v z)an8&x|_-yR1Ho=j-h4e`%iXV+xW8z{g)g;7ln&vx4;_uKiJ#L%YS!wb|3V=_wwZE zKMEHz?wd@yl-K$iu^jp56+=0qaBjm6lcS}o)D(Vse17oaj~%F7F`Y)g6r$*OUI7E~o0~P`Mxij;)~< zr4OSnBl92&TV_^~QX>&bt#lj@(wcAWS?&C<3HY9SYR>U%&u{9*Wy0kgh;EX&Ae*X*U|v(Ae*s?YgQ} zg#dEZI~N+3GhyCY?AZJ|s#=p}EtVPfbPEE%TI`iOilhWWg%vtJRYNgeR6%dntBAN- z9qoUK`2K50^j{)|f4bF|iQZpXsSuz@Z+O9Vmu{H1#1}Ct+a0I>vMwB|Vx3MW>p{Qd zK$cZ7z^Tj~E|h&oA0t9VHEI`h#pKP`=(r=UEuYa~i5v!B`$WFqXAS-jO7VR?8(1g* z-5(UCHYFmH9=s;jR`bJp1Zs_5GL ze`jw$AOCG{=OO>^{XFjd|3*!%X_l2sw3#iGo=0LtXwM__ex5X_hE~2PR)d%BDCY)@ z3hZaGUe6_DTmE)xQIGXw(Uy-mADFgV!f5BpS4XYYcK;~!BZ5_O{F;1}Cf{8~pEVFT zWGG%_F-Y}q*|^gdzP?fF#V|q_DsY^tWWB6xenvvg4UPbd6C{KE=}7D)okm7rcIwTL z`(l!T$V)VvSQbzjbx{{jUlfA`*R|ltpPC!}9I+UCXGkm$98TSFgmWDfDm7n*#j5o% z+LEdAs7C6RDD4;ZjDENj5e^ZhmzTd-H#|{dq{S7NSVvurQ4~NA$rQYe!YQo?w7GLu z2Ah+hRRGU#+w$1YxfzU$(;mB)PxU&8oh!f{N&8naR)cQyQJtXxL5g~61nn;pKjMen z0pN&VE$xL5`CbEYeOfn@+9m z*9<{Fkm&++*^y>R(pltBkc+gw8Z9q65SsbOooN1{APxY)k+p$8-VAxyG@19M?%Rru zwH3uUWZ-e{LJhO`0#YP0`?UM1hlQY@Z7JrYGq}CCPm?(?A|j?;WPT&vUnvQ@%XaCm zzZ3}6>!z)AmCtFsG$3imj>alrG3`yh9c!ia435?_c5=^=XuA1q7`A*ayjMB&M8wZU z)oHw+H0dhc*b(ua^rpfcS)pANTVxRg^q|$HHcw{cfuVen4cH#s-d%3*c5Hw$&u)kN z``Uit^1@*`$ODIyJh)Fsc}p9$l$*K$vyf$^-d$a0bj&(kKTXIg{6FIu7yr+lA|-v) z>3^O*%lm)t@9aJ3f9~bU5mY{@uVOeyHzdBUH3O>36Vikk18|Nj$$0h_hc0LV!kJa4O5;tfV6;!@9K8#=DBM||}B@z%{0G0^SGqz>H}(TIc; z@i!6Yen7XY6JZPo{6~xt1w-)oQxXTC!S;`T8-hCkZ?3_U{{IEwr;Cfz{wH;~Z-0K$ zQJsAN?Z>>sHhBIVw6_O?HuyzFQ!dhmHTQp`P>?nIe>lv?f7lrepFQ0F@8xlLvAb!& zHx(gLQ;yZ?KpN|)G&ZAB3b+C~t{A@15&TcbCUl1`G{05`E;I@{V6mi+&e_+LwY=dj3V&rmS$ z(OG{+$aQ-JUH;`M3v zR>u{wBdeEGwp>Gnv47^xlR{X8HY9##)@dcP3vifx?DFqjt(z?k_HT^MY!Eoz$*mH# zA^u&cv`xn*6C7f8tG0pqRdjUH-c6M~G7_NJNP^_ThEb;8zuqY9#)es-!UfnPA%i#+ z`3rKBowo(n)Pz4`u}G8QY-h=YHHk8?NdCOVRtPPLM=a5s@5A8mQSbq!|?T>LN{%Ai1?XC#Bt4?64!)$9qaVgn< z!-GcBm_Sno&z7p zwAGtp)))Vm;J13?-{QXbzkV^B_WA$xPr3;ESwmy!T_+Kk-~iFq_dR+OwZ89-;dSf# z9-Bw4@Bd%x5%?L#m?RV&zdWL?-hz6>N3EXPG_4-?5$wzIG5NLi?w@au&dz@qWUKl9 zKRY^j`R1rM_m}RYa{mvv_Xoqg{nucB|3Ut9FV7=w=Lmj6!5kd&Id8ST2gf00FbHJ2 zfEzRhsj)UE36h}#A5`66wv>64KITb0?RQ$OM~}d3#K0Mf2sjQWq}95*y7EX!Nq}1X zH~}&L1brW0zN2nrQC`=Ub81p!!okQo*DTS>}9iblzy3RVbQ z&2PKv#nq^Y1KmtkN@GJ~K@RWHBk(@NWxyo*Q(s7N3iP4-a5CwX`|47Ct4iQ6?7l}xSLPi0klz132P1ZBi2<(b(sEMJT99J}rp;%ck z1lmd-C^nxTOb~?V2F&5FBnAs9hiJ79)C<{xdd+|F+v8S%uMt=bd)vJo(ESlCwtIu# zpkpP%fQ*9@BY-J@VGD_CZB-XuG{=srtB)^jhd}HaHT!6uIk7CHkpr6%%?FFM)Y;% zuZFdamf;Ir)n$&q%KAAaKJe4BV2(pPPv#)Y@ScY&#K9_%mBVEvl)oy23w{)EC7~0t zHQ~w#={bubL(|)mruaJ6MFCZ1t6B$FpFo@4MyNdk?K2{%{Cjb}wZZ2qcm-SmUZ466Y0Y&dLF8ntC2+M^|Fm3gjDMc96cBn7{c_kvk~H zM0BBDY05ym145EUCg4<60iupLf+)q)5JbeMCSdFAASux0+!y6{jk5j2`#I)CK~}V; zb#RsAoSMRDz{TLSuGSrRw?J`>eZ|XY7Fsj_7@UHe84)~}JjXCK8KEdrniQ~gCA^Zx zh#$7%_`mA#L99m2%|Xyv?a(!H=?sD`A}A*eI#uO209TX>J!>bO7ga{&HRHHCp1dXO zG)5GK72B^4E~Q;4-y{ZHDk&P+@?gm4PfI%ejtSR?Usl4HqAFG>-YTkcB#NY0C{?q( z{1uCn$`hgqT>PA>Y~#+nB50U|r++D2Y1G-}fV1G@B)U0VA};8SxC3YqF$G9Op!8F? zei*Djk2+{l#k$u-n9~XY7zxGS?g`D>UKThDE+g=$yPZ35;QNw*nL$b?7zI8*Ao38d zNhgW{S4-Ke<4^{ZHK$JCt)%=FKeyLi_c{n_#XLIJy{_ekYn{W?5n#G(9+feUsX4D8 zV4VA?aQVoGvT_Z;-xdV1oKQL)nIYBPK9c9Y2Yll#D1z4 zBNgz)>j?9=61YCJ#TB@VKEinv@H54OL3K#L@|m`C>U9^ zK=G{@gEDDR((WF3Ptha^q*`2m!r>Hr@Z?HX$^fbIIQZu|I5>Hcc6dla7Ly=Aai);E zPC3Lb#Zzi%x!?`$!eHE0BkOu;?fx{uKI*Fv{cKbBAF2L3J#eN)`1yHcL@EMEhyaPf zoWw{D6@?wsC4E}2GwHFW7M@l(}~2wFpY#q|kEVxjz6a2e)#b@OxVG2H&I=e2SOR;u{Xc-<%_3<-v~4csU!uCHW#T6#Ua1Hz;pKtPi*@Nt}q z=nKnj&Bb4U3x|>&brRS+aBPzru1Km+2Gq@X<#S?LHuoS9Vtj@S23OeGmXu$MPM~nnka&Y5 zAz4D<0>?z&F&8k#QZyVvN|CrvX+xTIuXo`>xR$+&Nr6+#!{vl%5|cTA87k#E=z()2 zO@|LokAY7-3P=b(9P!?i+Q%iu;%Bcgu8z?J#hlpprzk`*KLbr+7mRR!G3*VW^&g>d zv4FAcw!0X1JrW~ni!BZx27JUI4rmV?<_=YjI*kX80%^O^?0N)k1+7SMzBN~dIMTc~ zxCJt>fw*W24L7fxy7qSTCgp6flBhGn>qFm1>Al%l3+`cX3R4_LwePA`J^$VN2r}MON)w7|0n4eH7QNt2=OxLMjZ#8*O|T`tsH*Ot#hHYeWhZT)b7K zT0Ftwb(OsPSL88=Edu2|JAv)3VjGkRPb99S|7rQe8_Gq~U`c4#1vUh)O4IUd2@M5Y zKO26rtH7n0`%S_nSM#9`p54H>O9muRULP93H2Sttel6oJEu53BR-mj3U#UNE4s#`{ z#~M@`%4-#lv}z`+;L_ntb6~AFmGX8IBvV``D3@@Z%A$%c1q5=!1OpOIrP@f_km~Yl ztuM~6HBx)rrH&ohsxm5rEls~>F-fK~z@nhD8tWp3_yLOfDsCXeFT$lOZxEvVIINlro{O4cA&rtbt0c2v-B! zpmpWaR`#OG8`mlEn;>dqa5d3FYPcF2QEddS(>fD&)sLx%%v8sjJ-gO$r*JLltYg6y z;0f|>y#W10Na=M5s5_@B3TC{lwhB0B+CMpp(K#a#_;4f*lqy9X4AN`b*P9x3BjR^c z(On-h2EAE#217qUaW{psixwzk{YO5U;E-3MOvsJ9F!Z}oj3^_Ku0=ZzwSp-ouF4ZKth^zWy6J-bi8rxFYx~D@qfKP5=jf+9=tg^cM5fS;CKQkVx0L_ zq5&a4Q*GSfAW*V3kO)u&TO^G*rC*ev2)}iv3^lINEtOmr7$bIrP-wE!F!cK*20Bn5 zzuB4+I}(F=5-=PENSqQvdMD*hwd|sWyo@z3VP7+=Y~gvS95`-7@;3xyZzia}!QqQ2 z3cgSKGNK6W8^J2(0Eg*GmWQ4qh^Y+B$rtp^40|%hh%u3LMv}nK zguhM0Bh`N5!?`pltYdG?A&@FXktA$H=|GdXCf&mqP@i#JLj|eQrOHxci8xWzH z;t;<-UgaKH3zuaTb_ewOt@2GZS_fC0Kz@n+C>Iia6_YtX59m3I6OSda39Q7RmK8Fh zlRqqx#W+GryuhH;UwD%|*-wkBm>_DN#K?IXXH8n8|X&ISmGZaa!@qKMDa2 z5Q@Zcus`4|01170B#Bn9a@@oN13jE1`qC7uU*E#5KWFFy}|Mz*Uic>JUUG9aW_5GA&&%$E|`< zD6mTb721Nez->Tm%iyzUy#d;*l-TQwtN>60K>|r@JrV>WS(*vyRuT#)KUaUsC|5Qw z@7S1fzOB=fF&Bl;k66f=5wuvOeKwE!IeBdLs4}s~l^WH>%ybGa?y-Q7Yq4T+nCYB^ zJeR0A80v(f42ODs3q%QhKBqrxS{pY*SvnXUctb(Kd77swCGfP{B~8YvKoW`rV1_Ce zgAfrU%$!rX5Mm^PxFP5_9cI~}WSp$xx;q$C5+qCo)#Ow~gx-|Jh4a!!><#7HWfdQSMtfYH~qTxoDFSG&1P0wGYrA%{%z{!h)7LSir`Y$m$re>75dyLkPN zEQSUBpQZFOjzI;RrS5C!=ad5=RfxH78%-}8nO?2=ZKLwCk-_C8`gJrvgQpSE*Tq*x zo|Eb~qxX$KU7p})usIj|S6J&NM10e}KRdDSkFSy-07)EhK0Yg+(=N!m!iWonenfD{ z#El7u3v!*O65V;qYzZu?V4lL}c19>0?F%vPd$_zmFiExkGWX`^fUhw?Q#VKbDd=xSa1KMkR zSiiXXJbogX6o?8Rd26J1ELJ3rpxfLb5bu(QujX%L7ya zm%N;~1q&)(Ode5Xt#1@xVX5BNh%2Q465CbEb)L$g3BvR)y}l}Sgf{8b)$pVg8}cp; zP#`5mSL%LuC4-HX!Fz$ITisI*uXH^^l-&d1;vObr6pW!)G4qZ!z*!Ft?%9ij!wPlU znrlG7m0DR>#=wzqQIX|Ta%ov+;Pi5=GGVUdzXl$RF> zC06pm_|~*KSN>^+)8lILJsEMtm2=R20{$~|X;o4@nS~rl7mgeuT$B1aa(0#BPL%CV zbm6Ol1x+tkUMBW})e)8&!BuHEQvw%*Qw^F)MSNT{VHruvF>U<<~J# zsmyIy16QR*$hyYLhfu7JzoW%q5n z)H#OXHc`3*XDQtvlUfXJe%g=SmU(yJFo`*f;ayuk-KDLAD=&!yQIPiepG&Fo%it;y z7#CbsHhFj8>RIpEPH*|pyOnSiEc0A&RoUdNX^&S1SHa8M1y_|#-kRht-BCJ5efjb5 z&eqK-V37`3%Bgc8VyaU)NgB5q!GMNK1S4KRr+D}$aswv9`XOY&EjZ24 zq(s8hi(zWqatE%4)js3Pz*Qbs^A4P9Wu@7DdF$Y+KSwOa-jZCA6E5n_kXvMN2hPPe z^UAOKm5}li$cAgiScQ}3QgE?A`6fBmS1};sI3V72dJER7oD{AN1j5#EmHTNZ^+R?U z&#n860WlWdyKH|-8Cerp-Sf!T&V|eulRLN7Tcys*tO3<}!<1u8$MFXu0Q|B`s}wGN z=NO{^htuMoo^+g-Ne+3#kUPiI0dI%oVU%6&}9|%%2ElKvirG zBWQH~IKZq*HC6?tt_M7kZ)_qAg7hOaWd(r6}200ZW4U!{CQX@ni*YRcLD>LIk}w-iMrxp3 z@sd&HDJ#{}X_!S7ThYPIMLubKUarP^RAnf*=cEKSU{xs!?l~(#j)Yg_D7fde1ol>F zbo(|PQtd60F4%epvgIIkZXXBy!j}!?q zJJy&3eyoYTvk`-DHrEggfvN{oYc7q4i9;9WDzb1@^^9sewpL$x&yg!x+8sCu0gPjK zE8@ zF6@vv2iR%}?@fJf?)P@2-Tas=Q0waI>K4v}mJuIo)B-ACAO8ygpUfc+M?guNaX9Vi z^idv}iy|>0>@tai5orH)D^kpHhmQLFzi!Fu9jc{kZBavXaLG5%B~8Yc9L|w&*la2I zdEaWysSiM;OQI5}E@->q;mym|+F6fRS64QY$OIH3Q?^<^tDFT&seK!nA?D49_#_sv z2<^%^VIu1Ln6R0!#}W2yc#e9l;|T~67WOh$Vh5`}jHih>crXQ1yg;G!i50zLn#N4* zwbHrj7GdW|=?bzm0xBe;K$9@;Jr(HaFJRmc@K|G|Z_eV7YUw*u&?3sw)j5Zjkmq-2hOT7%Llg&!F(R3^(%)SHo;)XWijGu6*1 zo7SuwKAXx!Q?7R2L1qjg-vRI|CE*C%wKQ$|)XL~o+pw8#k6Ol;Uax2TdIUJ73lKx1 zIpHcQOe1qO%%&M;0cwvx`<#zE)xNi%nuQYV^CEEU`NQpSN#Qf>2A%$3>C1JUEC5rs4Tcb77# zi4h0y3{6Hr2dmQ5)FX3aW%jpK>1l}Au|ER(x4wgBZ!(Xqk)hKQAB9s`5kZ3b>i%PR zqcYkh6vZA1IRO*U@ZbGRVbY&N%1~?qnH#m*kM?)1onr)+Oj#ZkTA73(jruB_ zruYFT$YhLI5{KaboWFakCL*{MTgEU^#=01v?H7=u{at`UkNC)!Q@(|I(;j$@;uy0| z>i~r421GE1bHq>#W{`q0LZNN9l*ED9d>*8H#{xV7wJZH5E!mjC`$Ir20%3pfdt|Os~b^AZ!?9Ln?I$MGQzo zhOBcz!NgZrCu($}?W{vlh-ICL!%yNXMMA5kUL2erOZQl1Pow(DS|8rlo-~Yt_5x*7M ze^mUE-2`78t+Xsis5E8c&^_rtQKoD-))s3bzPG^1EqL?({DLpa7)1f}q$KgL+ppB@ zo4s(1rd#7FNMYsgiJd z6(=DpF5-?Lk%ZdxJKQ2V(m3ttX0)rPLNY@!1tgJfNhCy)n{7dLr-X`|mSB`e;OGg* zE4iAD3T#FwG9lt;_)Ux%Lt#svD>5j7V3S4KD9ir32M%Ri6utR!O)16{`Jw?S;gr#S zT4uPbSVaUvzH(pnd#%<1h>=I;a}@gWGKHz;8c1mL#2M3UmY;HzKoBE8@$?le4fACM zOW?R_*)8!oOX65sE^#sw#Uw&;a0})*j>R}KPugCqrFrPg&tJA>ure^hKg%P21Qx^A zH4gnz7WSnzM-1{4j-OqUEtKXMDJPk2B%nk{>X<9UKN*4cu-(#)UH?FHr}hZkbz1;@ z==FNPq-UAEQ&QjP>aF64K#=a0P^4;EeWwJNGPzIEL=q%6meo_fW|QemouF!gAm6or zTBZ93)b5{rGz0erYRL_xK{a*{Xs~-YZ=ie@df+`(?v4}zzH($=Pg|0iV^C*BF@3q! z^-S-nUaNI(Kw@A=#6~eUr<4mwQZLwmG4deaT4rTjQDb<`K3QMHb!N8+gr8GtF1B3V0jz$0~Q>1NG$RY(Fp6CLY%lHzF8GBMWUpT+(( zx4mHO?K+B6{!hyIrTwXv7y3V1+MujXnoQYOSAIz=UdJ$+VTP(2G_b`l(z%v^csb%L zsL*gmGeosZz zQto+-@b||)7;=6^@P~q1#c7k`b9ReLNAM%(KJqsME26{?gC7RPS{!dAJ2W{w`S z!s$NF*Lv@U)u^elkgs`K#EuhUL5)ox`5A&fim9r`KObga3$4vze65JMSSRL|c>_NR zP9YM@a;mCg`qGpqh_>c1`cW#dRf1pbWb2V|fkbdZMx<20NScE~@k#`vG2{?0)d{Q~ zy|Yqs&>r@N?d&@XsF)uu*|T5&laK%45XH%!_%;&9gRCs9 zhS2{hfXV`@yK47(y|(p1C^9NP{sZ0G-xd}DG-pl9rum{1WF7gKSqG01bx{M&%kTx0 z7h{+uEp;J`=fNqWsyff>KR&! zDY(R`c<~V+*=yO?8_w6hi>H#zV0x*A%^9_&DD*F5G{>QjV&lDXa`A3QU?`7Ub*5eN z*$5Wsa*im4Q{Ez1toz)(3`1d9Lr9ycM4=# zeUwU7JsfcwJpxbu`@jGDiDv!CH3~=I$w%^WtluS3K%g%Si>(vK5~_*`5Gt>hytiL2 zJCTlwGv}(Z1wEPi%-0o%>7nqGR4@p!QfdaKNT(2)M=_eI?h`XLq@S;eT!Q zzVGA}l-EDdR59tJMXO53nki7-q2Khm@ko+m{z0E1Y02V3;2ckIYh+i_CyXJ_!69z7 z#EGt8<%F50%ix0$ET`$KRwk5|Q&sJ8Jg}r)5KoE4-;4i4AQBtw{i-8&bU@kF#_4x9VkM~m_F|V(> z?DLwJRy+N)&gZNF1^v>E$P%CBnmDpUc0J|y)ii`omH?0Q7sklD-L6}ZCuhSU#p3{U z6*yf1PFMEWl1JFP2>v@kEy=`dHas2m2>hp*{2%k9&pwFJ9EVAQ4O{1cxaH zc&;+GABPOZ6X+qZb$EW6X^FwfWehmB=i=>UcX%EDR#TYHJHKe=xaPV6aBk&J& z3w{>ok`Cr>Pzs@l6of())}!r;8)es{xGTF#2|^e0a-GIgW;ck#0Eei6=Qs&<&n~3$ zS02Thd5{q0n(lcN_c&R{B;_#*jQ|zy_JFY%j}w-OzVy1$C^}S!*ZejexxPh)#7C#e zIKXr!2YrSnSu<*(UN5>{jC^WXH}IL(#*iZ6W%oE#Gc0xAinXGWVu=}y(VQ@38HeL= z>YTr7N4fquAY-k#Iy*Xe`R1rM_aDVc*u`O2dfyw9YFTa;d4P14=SF22Mz&fnZZmP2 z%a+`yQYIiQt6<(7O&abA8)I=jr>XgrWh(8mKh}Y;B#=Mh=?ok!AP%6i1mkB~5(;5m znmAKj(QiotZlH*-2jV15k6Ii82xhz;XttwoJG@$mq)K$Zx%NI7r{=BT zN`F*#WD>JiyeGkxT^VfI6~B7(tJ47mA^OMwWhfGz>S(4Eu_Tft*UF~oY)y{l2Hv*B zB~?fMo4? O0RR8d&oZn4ZWjQ#(8?nK literal 0 HcmV?d00001 diff --git a/assets/rancher-pushprox/rancher-pushprox-102.0.2.tgz b/assets/rancher-pushprox/rancher-pushprox-102.0.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7003d10ab46a743141e8db12ee7264b1f95807a9 GIT binary patch literal 9606 zcmV;1C3)H(iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZnavM3)CqB3TdW!s0?$44}EK;&8+l+B<=#$;k-f_1Tl6z(+ z932)|1(FyQ3)KKhGDp(J-tSxPlWZVyDAa)m*=oBdKG%g!RpF3GBoaR)5=cSvWJX25 zDCMjW{NvzwMudtNWS;%$zMkQ5I6OQ!!2gHCVe|jt)5pU4cP-0@Lv@;i4sQakK^RW=sN;K;R!oKfUQsxR?{A zXbKaSQJvr=O)?@VToS>^IHM92hcShMNJ&#*x#FCcrcVzK4-fVZpFiK*fBt-bm?RTI z2zfjt&z>ZQPbc)*-k_>$>&;&O&E6B;uw$N2*t8U8fJW1dk4a{AtjehV1yIPs`~aZ2 z=2|*}3CSeImqv404xQ2|lS(W`(9>#I(l=Ufn%s@N(H0y*#w6;MGdjPdLUUFsL0GOp zDya+<<;(Z!*kh*VU}S)R&)#6otk7Xl3d{E`a6Qr(wZ(H8u`1yGXA;DRoI z<)CKSxQqNQd1^@=a_U(3PbnXT-U9|hL}Qk@p~E$4ICNR zxR3!8MzhqhA*H!#(U?M6q$rwK%!+YNuS`x;ZJ7$Ex0p?T*mdFz>6wZrJ_U#8d zy}EQ@h2Q_#8c)>+mP?wHf}UM44F%X_(N0rJdPc=1OXyL8eR(WsN^`|XCjAKYh{ZJz zhc)V1&7*n2b1nXAMwDjt7=_b<8Z8+trZG^Jq&tyMJ%XP9?aL~-P@!5yc`=+ZrRS8U zR#nSHkb{X5 z<%(usA3J*FxZT-dhI>;%#?p2*C?cj*N!K4Er1c$Y(Tpa(cbU{ujl3>+QEEjIGX0_S zESA8>|D=hEeMy0$r$TT6yi~e1g61g|D3V6^=$~u?@!yPkbs*RZhNeMM1tjD7RI-$s zX$1A}E>UI%Q)7!U~T^=f|c}i_CR>19<7dJWjiYFC)0V zjUul}y5!f7zN;BaX7zd;iqTvtxKz~_KQ?&;wojiwK75WPzMep-iLz5D=5}+GZOJdE zZ*ZcjfRpQ5l=abI;6Ppf`r2!Y+uJ@Sj<2t^Vk#s_=t<)7%ifX3&;q{5mzPJB09>&9X z&lGF3^IXq|8en<~Z5fvNp{moW2DuU8jPORYPuEc4y9PwWZX-!Tr9@qC<=~PL`0?Gl zle5UrQ+krwf|uOR%C?1?7$&Gmq$x6Gg@pb0F0g1yTgSRYP(A30A4bH?Z3f?vl>S!g z?}Y}8Qcv3wwHuCDm}F#X>#-Wy7OlAEjfHLXauvUzd4=4@3*GUG!<<}DAf=jd!Tv>4 zr^sAaM4QgQn>9OSQZozA&fWmd{7fwjUNto>#{;&Lm_T*0&<#fcGg6*Y-8V!m;N6=u zNT^WAE)APC4mNFaB9M?=53dO?^AyX~>0dHo0}gbY@Yn>- z>rAtw=iJXndD={3>%%0jPE${vA7&2mK-CTGzt1R6^non8IjbCJOwO9qNZ;z3B$zx} zU9L5D=UNd!j7j1uKT1=ki6dE)x3(n>yk!R%jJ0sOZ>COLA{q{?2zwA=%Oc&ixe2V& z5{(hzb@s(G2}dWdZB=h|zj?ecfzF=89;<&@r7v*yvU55F1fQ0fU6Mpbek4Ll$k?2r z8WQ%6@8&HC#(}{RdNzTar^Z-fW=GfRz&MykfT_+x@ByHBMuoNAYC-_WWWsW$7OqM( zs+g`7wBS-hCwV%8_q|5u9x@`~#X{==`FeHD zbEcsnP5T)e3nCW%aVZyLG=5qV_TtBT@m}PSl*2hJSGs339Gwh@4m^pfO>R;Vc0cIe?+L4*<=jAbHgg`t%| zD{Vdr?cuS5a|Fw>V-~Su}f#mBuGRzswd+-3d0GsgCM&E2^DjCIh=HsKmr;Y%JO@DxM9W4I_Y!l$TA`p}uhN;LKa*8XRiAIQ$-N zf^4Y4?x3<>^jjpc;k0SThTNt!vBxzb1O>jR%>w4UT zHc((U(n-ctuk+38Kuu{~r>D-0lT-r$YxsO8sz`j{Aya+NAIZuj z#gr=(b@%#T%q~T}Nu(&U#a}!252}Ve@Y_}}dI2d*l>dbLDpdmg-HB<}p2Tuq`6A+A z=k39AzJ*Lf8b9c|=TuB_i{MHyMMJ`?^6kd$su8lZK-;#k;1-`l=K39Bzkgx43eZpr zt^Ey~%p_cwswNmd)2VURh<|pu!qi<7(xm(ZZI>Dn@ca!K)6B|*^#U2e^>w`#xV;Ux zSM+DMtoBtX_-M zSO2~O1Km`$1EE!)UBAJ0E1#?~wyW9M>6#2$8BLl%@%NUeb^YghKFDW{*WbzbI~mK% zWb|FygKd^4S(&zZiGtOGc&Cx1DY_S`U-g{h%=%s#E z=rPdy@PVYMpi+ML(A(Ll7_$$K#q^+OzkguqW<*$u=cvm!Wkv^&_3->uE<3o=O>9{5 zT{vCK_c^?-71YgbGu$^T;SL-R858o{Sb}Yd=npq~0i-B&8q>Dzj;eQds@GluI@%pW zuT?=0w%fJt1Rd=4M*yt0XGH#$E^xr2t4J4@x2JYUyA(a^PvW}?)lZcbAy%hSFeSh? z3g5C~b~+f^{ZsLOka^ajtE`Ux+V+qC>dy-MUt@zu_QjYapW+z4=KRN#;nV%P{cnHo z@aZ@I?=SM;81=|%h3zC>vDyQ(K3d_tg}AReOM#N)oH)?*6<<6r;zN@0&r_Q4UlQ1eV(IpjQIYLj;_YX@+YdO*MVf_8>ux6`i zWH!N_v(@;t`|HYma%_3dbGMoF%jp~4&fdUox%Ps_z3)w_>ixRRcwoe%zSZtl0cJkg zJV)2W)bIB{LmdB;qjzncYce++>FmI1xszRQmi@-5(TeAX4HXF>%c96|g+($un}vM& zsgw$N^U%CS#|n3rsSk6Ok6;+NGZAz0aRi4?o;-dM0ZgRPSoc(%pd@{pXNyzL(f`nF zAXfc;$+L3q3hTo|NfSZUz4fQty|PpzrHqd z{r23)bBFccC!Yykn> z3a9S+7__I;0jJfLCA5ddu3jJ4Qr>9B(r_3d^)_j&WB{y`VT1jn~a1F6tO9B0) zxiqUDzv}&g390_h)a*x-#U_-sHRI2BU%f(gCM5u@M$vRR*yFJwbaJiNv()7-M)lfa z5|$BHKC*CoJ6f7dk!eM5ac&uK^CIW9lO_6V1uh2tq#u> zHpwp~?Pu=esW(c>9^anrV0&gy==ewYbHQD+X zv^#4;HmJ0pkiJe&UH7U(tzj(M)=M-}n~tyw?w z{FHN5oB8}lGGB_npdRwgwiBX<{e$bjzWT??WJX_NiASw6gVfcxv$wyT9>03=V0*&y)QUFJJb=Dh6ci?a zx6MJXO(oob)LN#mG5U;>6#6;r?F99Bdhb$Aqmk=t3EO(7_Oy7ktgfIkMWurNziORk zD!qmO_z&9;KM-aQS0EYQU2Iffn>8z_B%O4&gzT6XczV&N zHs_lkG;7iY2QS|po&M$3yHIA6q9ao)2i)AWTbRt|JcWaUgO%x*lJ3}NDQ~bH3HR^1 z>279ere8<(^5o0;O$eqt&;@nip_&5PoVZG;K9e?kS49_TO_jAdb;n2d$vuC2MkkRCsb~{< zr&UCwQ$DTCjwME$qn}uG*ZN~)C~UU6U z*!Npk!(EYkZPRsg!rhK(*u4c-^>ubfH(-d{^|eRZp}t)Bqwkz;V^;!K%D<{Nzixf3}Wbt=mJYpYrM%Dx9rtu;CumN;seOA5S7zq8lW@@ntFX=-`lb)PAS)>vIuY(I8yKHjqn zlof!r4p1HGzO?(3Az`iaQ#;ujLhsPH~H0`P4J&pG&aP?-GSgb{I_@5#DDt-!-H@5 z?@K(N=l@^7sHS}kpmmW=CmgI|^~DJnl%vz>psD)Ybx0d%z%`c%{SKON$$dvlRbmyp z1+K5xmls@7)PY0)$;SvON7aSYsCCnK)jca#|Aq;&TS z?~I53t3505A1XnjXx~Qi>n9@pBrD(={I@qe9JcmrruV+m7K_PbC zU%O5D=;XDXU1X4wO~BruW-HxR{0sx2x~m(v;QwpTRZF5L(V#qcw`A8}_Fl#hyYPU1 zWYS#fXv?fov`v5WNw8@(N~+nyMihnK){eiq-V#fk5SBsj-ONQe^&ucqP9;`0BbO%dV5=B7I(h94 zyI#?{NPs72CpNI04+&&dY$13;X{xnzudX;({Qlbg-x~k%jAnB-&AFiWRmZyV|K#zL zR{a0H{cq#{OFUa}LX@JyL^d(~Zj1`!l4ThDsvyY)nPP}{6Ch2RAS)8&jAj|=@onrn zET8Uzpczr@lA_;k@Sfypv;{exn#g6_1zvmPBBcNSJFyAh$8*f7NrHl6U=|uj@yoLh zXNn7oagFD5p2Odc&md(&M)8!X0sd>qkK*ya!~p+wFJ{w${>S|(FY`fF(3m7zwr+s3>MBB?FUO@P9_} zrA&BA2VZ?~Z}7Cn|LLovmp{FV=jr{`v3mUP?>}yj|KY*jxAFfao~>34#V9&*F`?Z2 z<^qtr*Y91-xnH+C0;s!CZ7$J{2{9Ypwp0$3pmZ>u^$V@=22S%0nnmrPxz2<{Zqa6<*pfU5z{~_X z=slE>+sKQ$k!Gvhg|cn(A%-J(-?6OgY=&7qcg3mSX-39BJ_RO$WRg3(XB7j|TOh-` zDuMvg=9nBM$xQc37~|W;B=ms><0$$C16h;YEI#vunoJ%y;Z(vDaq$*0a4*j?eq|z2 z(p;-sIg0x54_-n}JFn0{l8B3pNPMtd4f4j+Mby@HxS->fbUZ7vP2*`?9o;&oDoM|M z*-VSsjEI!xG<8C@vzi_hO)ML!(TjFX3jJ7c8ALwklPb!1i;9bKOwAU#r)5p8j{oNV z_)@y_q!LM?sh%onqHuzRb9c<D#z#$etybhrNd z++7xYzNWc)#PCuDXMoIMP6^vArm>Bl3FqzmNX~bn=v^3`K2M$A5!8<9v{HG*E4_&x zwpMiB2LsJU+Ek0dO0Bpu#|~I55l7M17W`5L9_1nbFZbg8C;u&q&J+^DewU z;VHN!4V>8H1r<^C%T7|B$U(yMgceE;oWIwg;A!9e(YFh)9kXZ}Q<{UIbACzFDiU)* z$I;2_IEs!W5WS2lGqnqk9@#}wxvFW89$^qFWcx%=IrHW%*3kEc6MjVQ+K{ul3+cy# zCd$T{reeay+~}Y_hK#TjG<6ZG;Pa(R)pHjn{v6G9=X%M?^deFkb`*kMYGjx#d_pBk zdLBpr_kaJN=zDnd=x46z=+UF-dw5-2Jlfb}8XqrwG3Le-Gsv!p1R^C*7)qv@EAoY2 zh*s`L9X-Qxn2<{@%p7YYvzi8);zz668%Is5C$Qk9=iY*s!Y``3q|~j7ksRIMxNtVQ z;asmVT~X(-O)qJ#IjSp|le{EZwtys~B-en!H*!bI5wnr`GwK%bKkC9P8;zih1;3y< z-W5Z`%Of1UvP@=%xsy_06g4cvOqnJ$GsD2p3S&LOwk0^X;&{H>Xu>W~mBc%-=9K4^ zg-;TuRDo1wa^dX;NZBqFhUSFl5~EShsMj`nSegTkSE$__GqBuRi|rjodcG}q?xOau zlx4+@)!D>Bb^{>Gtn74%m$@O(s6?i;(9cLVsYbuUUuJ>G5cK%{Lr0RCQdIjCBG!VEbvPC_?nId^gL@LcRacpZwnKiRo1)r1&#f@QGu!me?JuhOE7pk<% zv@=>elDdg@ZDMRQ;XBhrn?wSF0GwO;FSlC}-N1>f0B+zVm5E>`Lii25`bg$QM&Ty9 zfxdpg{@<_vg$d3*;y8yJ41irlDyzpWw>wERg&PZ>5XtE>f=zB$iV2gLS1{0EcH<5! zYlv6tq$^@J<1Gj=Q0Cl*B>c0z-s=0&pM#pduaJzUX#erk=jWzLt(cdNDE|R1F?Qms z2Ivi(_j>1+)#gY!$yT!3#?al6)!n{Y=U9%3zE19AJu(<)d_0&Ftu6*Hc~auRB2Dpt z6fB;nTXlECuJy~x4~XYyTFlN9;LqBmIPCbjbo%ZV32;E z%4$q|@L@eT@Mav$W$?d|t-44WzX>C`2pX33hjjtdJ#u8mHJ?64&`!aU;g# zMTyQnK~o<}c;y+x@f2rl)JHYfQ6V%qDp3&#nx_h7euXAhev^!1?v9WDK#4fqGi37Pe_5&0-scC&`Pj^fn?7i+Lndmr!KqUoq3v?O6gwBsGz|}G<{K& z>B*!r3t28oJ??UzI*4Px2c`i8%vynDEWzG3 zChZ$IfByLJd9xk%dOqEjD)w`TaeNG02X^?x&k)|tvNL}0?X5jvhX)keF^+FDfLqVZGOT=anuxuc)?sG&-i&YqT!BMpU=(jA{i5lZ;Gt*BTKqy;a>5t>slv zV^y%KS6U;38JFjFUPQQg?rj~q0=I~&QBk`$Pp5j78wk_7S4ZpW(9U7?_9fFg&)sSy zo!Ui3XP1ne+U%lng zt!}FA%=#r?T6s7l0?U_i_je)E-odquMt|4WS0u5zglj1$$sdB3^?Ri>v5lLi%(c@6 zkyw+P6#a2Ox7lGNDiaS%BBioHC^E1dv3dNBh2JPNkOknW1y_Dbbg-ev07DK4HF1FqSPcb+=TL&wJbwz_Zba3{Bhoaj)gR{*~@ znAeV75hB@ueAL|m7T%s3J47H-I(4ZreTGOe1g|GNZ5R&>FH)QyNKU3kZHHCtEbH)& z&>4O`U(UxA&9Asd)D#6Y&xqXBINC}c`bn4xCd}4C-t`hT7*uVph6-l5yg4q!g=>xv zd4abg*%d@)w4i}t+)JuP-dZV`DRg-o9!kR-QRbiBl-6p?t94}^L z%K+g3#aml%xcgjRzg26Bn#IiRVU8DfEZx{j_*J!Ci4&9?cV788eEw|sY*-`Z)B4g7 z*xi-wivgB(WL1z+xs7FSqr?rma+^&m7`an1C*Ub>R;0WMgr;VAg+g%Aab&Y@Cpx2Z z4OA1JOC<=}d(gvO!nT?6u~$2+KR=;CXU_6e4kQ+`gUq&e;02jy{-m0W;Rh~^Fla!> za_FLLx4!YFS4|rG<>1^XuntSV8S)|oooip`gPBdV6vxTQ#P@p+Z zmK09{rX>ObU35kYT>RQ*nfs7-b}juTzqk4oMaIn59~UVVu@#aidi0JJBOJ&YuxVIp z^ky5l{#iq-n+v+QF>v^MgNGB`LN&+0u2_~PM5Ne*BvDkzM=?av8KsriO?9;69{g^q w!gfqom`w!Sy})glN}d8-6n|~!s&CJ?=iBq``2#=yF8~1l|EQ2j_yDv30N1(uY5)KL literal 0 HcmV?d00001 diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/Chart.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/Chart.yaml new file mode 100644 index 0000000000..69517234ff --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Prometheus Federator + catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/os: linux,windows + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: helm.cattle.io.projecthelmchart/v1alpha1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: prometheus-federator +apiVersion: v2 +appVersion: 0.3.2 +dependencies: +- condition: helmProjectOperator.enabled + name: helmProjectOperator + repository: file://./charts/helmProjectOperator +description: Prometheus Federator +icon: https://raw.githubusercontent.com/rancher/prometheus-federator/main/assets/logos/prometheus-federator.svg +name: prometheus-federator +version: 3.0.1+up0.3.3 diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/README.md b/charts/prometheus-federator/3.0.1+up0.3.3/README.md new file mode 100644 index 0000000000..7da4edfc22 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/README.md @@ -0,0 +1,120 @@ +# Prometheus Federator + +This chart is deploys a Helm Project Operator (based on the [rancher/helm-project-operator](https://github.com/rancher/helm-project-operator)), an operator that manages deploying Helm charts each containing a Project Monitoring Stack, where each stack contains: +- [Prometheus](https://prometheus.io/) (managed externally by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) +- [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/) (managed externally by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) +- [Grafana](https://github.com/helm/charts/tree/master/stable/grafana) (deployed via an embedded Helm chart) +- Default PrometheusRules and Grafana dashboards based on the collection of community-curated resources from [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/) +- Default ServiceMonitors that watch the deployed resources + +> **Important Note: Prometheus Federator is designed to be deployed alongside an existing Prometheus Operator deployment in a cluster that has already installed the Prometheus Operator CRDs.** + +By default, the chart is configured and intended to be deployed alongside [rancher-monitoring](https://rancher.com/docs/rancher/v2.6/en/monitoring-alerting/), which deploys Prometheus Operator alongside a Cluster Prometheus that each Project Monitoring Stack is configured to federate namespace-scoped metrics from by default. + +## Pre-Installation: Using Prometheus Federator with Rancher and rancher-monitoring + +If you are running your cluster on [Rancher](https://rancher.com/) and already have [rancher-monitoring](https://rancher.com/docs/rancher/v2.6/en/monitoring-alerting/) deployed onto your cluster, Prometheus Federator's default configuration should already be configured to work with your existing Cluster Monitoring Stack; however, here are some notes on how we recommend you configure rancher-monitoring to optimize the security and usability of Prometheus Federator in your cluster: + +### Ensure the cattle-monitoring-system namespace is placed into the System Project (or a similarly locked down Project that has access to other Projects in the cluster) + +Prometheus Operator's security model expects that the namespace it is deployed into (`cattle-monitoring-system`) has limited access for anyone except Cluster Admins to avoid privilege escalation via execing into Pods (such as the Jobs executing Helm operations). In addition, deploying Prometheus Federator and all Project Prometheus stacks into the System Project ensures that the each Project Prometheus is able to reach out to scrape workloads across all Projects (even if Network Policies are defined via Project Network Isolation) but has limited access for Project Owners, Project Members, and other users to be able to access data they shouldn't have access to (i.e. being allowed to exec into pods, set up the ability to scrape namespaces outside of a given Project, etc.). + +### Configure rancher-monitoring to only watch for resources created by the Helm chart itself + +Since each Project Monitoring Stack will watch the other namespaces and collect additional custom workload metrics or dashboards already, it's recommended to configure the following settings on all selectors to ensure that the Cluster Prometheus Stack only monitors resources created by the Helm Chart itself: + +``` +matchLabels: + release: "rancher-monitoring" +``` + +The following selector fields are recommended to have this value: +- `.Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector` +- `.Values.prometheus.prometheusSpec.serviceMonitorSelector` +- `.Values.prometheus.prometheusSpec.podMonitorSelector` +- `.Values.prometheus.prometheusSpec.ruleSelector` +- `.Values.prometheus.prometheusSpec.probeSelector` + +Once this setting is turned on, you can always create ServiceMonitors or PodMonitors that are picked up by the Cluster Prometheus by adding the label `release: "rancher-monitoring"` to them (in which case they will be ignored by Project Monitoring Stacks automatically by default, even if the namespace in which those ServiceMonitors or PodMonitors reside in are not system namespaces). + +> Note: If you don't want to allow users to be able to create ServiceMonitors and PodMonitors that aggregate into the Cluster Prometheus in Project namespaces, you can additionally set the namespaceSelectors on the chart to only target system namespaces (which must contain `cattle-monitoring-system` and `cattle-dashboards`, where resources are deployed into by default by rancher-monitoring; you will also need to monitor the `default` namespace to get apiserver metrics or create a custom ServiceMonitor to scrape apiserver metrics from the Service residing in the default namespace) to limit your Cluster Prometheus from picking up other Prometheus Operator CRs; in that case, it would be recommended to turn `.Values.prometheus.prometheusSpec.ignoreNamespaceSelectors=true` to allow you to define ServiceMonitors that can monitor non-system namespaces from within a system namespace. + +In addition, if you modified the default `.Values.grafana.sidecar.*.searchNamespace` values on the Grafana Helm subchart for Monitoring V2, it is also recommended to remove the overrides or ensure that your defaults are scoped to only system namespaces for the following values: +- `.Values.grafana.sidecar.dashboards.searchNamespace` (default `cattle-dashboards`) +- `.Values.grafana.sidecar.datasources.searchNamespace` (default `null`, which means it uses the release namespace `cattle-monitoring-system`) +- `.Values.grafana.sidecar.plugins.searchNamespace` (default `null`, which means it uses the release namespace `cattle-monitoring-system`) +- `.Values.grafana.sidecar.notifiers.searchNamespace` (default `null`, which means it uses the release namespace `cattle-monitoring-system`) + +### Increase the CPU / memory limits of the Cluster Prometheus + +Depending on a cluster's setup, it's generally recommended to give a large amount of dedicated memory to the Cluster Prometheus to avoid restarts due to out-of-memory errors (OOMKilled), usually caused by churn created in the cluster that causes a large number of high cardinality metrics to be generated and ingested by Prometheus within one block of time; this is one of the reasons why the default Rancher Monitoring stack expects around 4GB of RAM to be able to operate in a normal-sized cluster. However, when introducing Project Monitoring Stacks that are all sending `/federate` requests to the same Cluster Prometheus and are reliant on the Cluster Prometheus being "up" to federate that system data on their namespaces, it's even more important that the Cluster Prometheus has an ample amount of CPU / memory assigned to it to prevent an outage that can cause data gaps across all Project Prometheis in the cluster. + +> Note: There are no specific recommendations on how much memory the Cluster Prometheus should be configured with since it depends entirely on the user's setup (namely the likelihood of encountering a high churn rate and the scale of metrics that could be generated at that time); it generally varies per setup. + +## How does the operator work? + +1. On deploying this chart, users can create ProjectHelmCharts CRs with `spec.helmApiVersion` set to `monitoring.cattle.io/v1alpha1` (also known as "Project Monitors" in the Rancher UI) in a **Project Registration Namespace (`cattle-project-`)**. +2. On seeing each ProjectHelmChartCR, the operator will automatically deploy a Project Prometheus stack on the Project Owner's behalf in the **Project Release Namespace (`cattle-project--monitoring`)** based on a HelmChart CR and a HelmRelease CR automatically created by the ProjectHelmChart controller in the **Operator / System Namespace**. +3. RBAC will automatically be assigned in the Project Release Namespace to allow users to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack deployed; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) (see below for more information about configuring RBAC). + +### What is a Project? + +In Prometheus Federator, a Project is a group of namespaces that can be identified by a `metav1.LabelSelector`; by default, the label used to identify projects is `field.cattle.io/projectId`, the label used to identify namespaces that are contained within a given [Rancher](https://rancher.com/) Project. + +### Configuring the Helm release created by a ProjectHelmChart + +The `spec.values` of this ProjectHelmChart resources will correspond to the `values.yaml` override to be supplied to the underlying Helm chart deployed by the operator on the user's behalf; to see the underlying chart's `values.yaml` spec, either: +- View to the chart's definition located at [`rancher/prometheus-federator` under `charts/rancher-project-monitoring`](https://github.com/rancher/prometheus-federator/blob/main/charts/rancher-project-monitoring) (where the chart version will be tied to the version of this operator) +- Look for the ConfigMap named `monitoring.cattle.io.v1alpha1` that is automatically created in each Project Registration Namespace, which will contain both the `values.yaml` and `questions.yaml` that was used to configure the chart (which was embedded directly into the `prometheus-federator` binary). + +### Namespaces + +As a Project Operator based on [rancher/helm-project-operator](https://github.com/rancher/helm-project-operator), Prometheus Federator has three different classifications of namespaces that the operator looks out for: +1. **Operator / System Namespace**: this is the namespace that the operator is deployed into (e.g. `cattle-monitoring-system`). This namespace will contain all HelmCharts and HelmReleases for all ProjectHelmCharts watched by this operator. **Only Cluster Admins should have access to this namespace.** +2. **Project Registration Namespace (`cattle-project-`)**: this is the set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace (see more details below). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace**. +> Note: Project Registration Namespaces will be auto-generated by the operator and imported into the Project it is tied to if `.Values.global.cattle.projectLabel` is provided (which is set to `field.cattle.io/projectId` by default); this indicates that a Project Registration Namespace should be created by the operator if at least one namespace is observed with that label. The operator will not let these namespaces be deleted unless either all namespaces with that label are gone (e.g. this is the last namespace in that project, in which case the namespace will be marked with the label `"helm.cattle.io/helm-project-operator-orphaned": "true"`, which signals that it can be deleted) or it is no longer watching that project (because the project ID was provided under `.Values.helmProjectOperator.otherSystemProjectLabelValues`, which serves as a denylist for Projects). These namespaces will also never be auto-deleted to avoid destroying user data; it is recommended that users clean up these namespaces manually if desired on creating or deleting a project +> Note: if `.Values.global.cattle.projectLabel` is not provided, the Operator / System Namespace will also be the Project Registration Namespace +3. **Project Release Namespace (`cattle-project--monitoring`)**: this is the set of namespaces that the operator deploys Project Monitoring Stacks within on behalf of a ProjectHelmChart; the operator will also automatically assign RBAC to Roles created in this namespace by the Project Monitoring Stack based on bindings found in the Project Registration Namespace. **Only Cluster Admins should have access to this namespace; Project Owners (admin), Project Members (edit), and Read-Only Members (view) will be assigned limited access to this namespace by the deployed Helm Chart and Prometheus Federator.** +> Note: Project Release Namespaces are automatically deployed and imported into the project whose ID is specified under `.Values.helmProjectOperator.projectReleaseNamespaces.labelValue` (which defaults to the value of `.Values.global.cattle.systemProjectId` if not specified) whenever a ProjectHelmChart is specified in a Project Registration Namespace +> Note: Project Release Namespaces follow the same orphaning conventions as Project Registration Namespaces (see note above) +> Note: if `.Values.projectReleaseNamespaces.enabled` is false, the Project Release Namespace will be the same as the Project Registration Namespace + +### Helm Resources (HelmChart, HelmRelease) + +On deploying a ProjectHelmChart, the Prometheus Federator will automatically create and manage two child custom resources that manage the underlying Helm resources in turn: +- A HelmChart CR (managed via an embedded [k3s-io/helm-contoller](https://github.com/k3s-io/helm-controller) in the operator): this custom resource automatically creates a Job in the same namespace that triggers a `helm install`, `helm upgrade`, or `helm uninstall` depending on the change applied to the HelmChart CR; this CR is automatically updated on changes to the ProjectHelmChart (e.g. modifying the values.yaml) or changes to the underlying Project definition (e.g. adding or removing namespaces from a project). +> **Important Note: If a ProjectHelmChart is not deploying or updating the underlying Project Monitoring Stack for some reason, the Job created by this resource in the Operator / System namespace should be the first place you check to see if there's something wrong with the Helm operation; however, this is generally only accessible by a Cluster Admin.** +- A HelmRelease CR (managed via an embedded [rancher/helm-locker](https://github.com/rancher/helm-locker) in the operator): this custom resource automatically locks a deployed Helm release in place and automatically overwrites updates to underlying resources unless the change happens via a Helm operation (`helm install`, `helm upgrade`, or `helm uninstall` performed by the HelmChart CR). +> Note: HelmRelease CRs emit Kubernetes Events that detect when an underlying Helm release is being modified and locks it back to place; to view these events, you can use `kubectl describe helmrelease -n `; you can also view the logs on this operator to see when changes are detected and which resources were attempted to be modified + +Both of these resources are created for all Helm charts in the Operator / System namespaces to avoid escalation of privileges to underprivileged users. + +### RBAC + +As described in the section on namespaces above, Prometheus Federator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: +- ClusterRoleBindings +- RoleBindings in the Project Release Namespace + +On observing a change to one of those types of bindings, the Helm Project Operator will check whether the `roleRef` that the the binding points to matches a ClusterRole with the name provided under `helmProjectOperator.releaseRoleBindings.clusterRoleRefs.admin`, `helmProjectOperator.releaseRoleBindings.clusterRoleRefs.edit`, or `helmProjectOperator.releaseRoleBindings.clusterRoleRefs.view`; by default, these roleRefs correspond will correspond to `admin`, `edit`, and `view` respectively, which are the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). + +> Note: for Rancher RBAC users, these [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) directly correlate to the `Project Owner`, `Project Member`, and `Read-Only` default Project Role Templates. + +If the `roleRef` matches, the Helm Project Operator will filter the `subjects` of the binding for all Users and Groups and use that to automatically construct a RoleBinding for each Role in the Project Release Namespace with the same name as the role and the following labels: +- `helm.cattle.io/project-helm-chart-role: {{ .Release.Name }}` +- `helm.cattle.io/project-helm-chart-role-aggregate-from: ` + +By default, the `rancher-project-monitoring` (the underlying chart deployed by Prometheus Federator) creates three default Roles per Project Release Namespace that provide `admin`, `edit`, and `view` users to permissions to view the Prometheus, Alertmanager, and Grafana UIs of the Project Monitoring Stack to provide least privilege; however, if a Cluster Admin would like to assign additional permissions to certain users, they can either directly assign RoleBindings in the Project Release Namespace to certain users or created Roles with the above two labels on them to allow Project Owners to control assigning those RBAC roles to users in their Project Registration namespaces. + +### Advanced Helm Project Operator Configuration + +|Value|Configuration| +|---|---------------------------| +|`helmProjectOperator.valuesOverride`| Allows an Operator to override values that are set on each ProjectHelmChart deployment on an operator-level; user-provided options (specified on the `spec.values` of the ProjectHelmChart) are automatically overridden if operator-level values are provided. For an exmaple, see how the default value overrides `federate.targets` (note: when overriding list values like `federate.targets`, user-provided list values will **not** be concatenated) | +|`helmProjectOperator.projectReleaseNamespaces.labelValues`| The value of the Project that all Project Release Namespaces should be auto-imported into (via label and annotation). Not recommended to be overridden on a Rancher setup. | +|`helmProjectOperator.otherSystemProjectLabelValues`| Other namespaces that the operator should treat as a system namespace that should not be monitored. By default, all namespaces that match `global.cattle.systemProjectId` will not be matched. `cattle-monitoring-system`, `cattle-dashboards`, and `kube-system` are explicitly marked as system namespaces as well, regardless of label or annotation. | +|`helmProjectOperator.releaseRoleBindings.aggregate`| Whether to automatically create RBAC resources in Project Release namespaces +|`helmProjectOperator.releaseRoleBindings.clusterRoleRefs.`| ClusterRoles to reference to discover subjects to create RoleBindings for in the Project Release Namespace for all corresponding Project Release Roles. See RBAC above for more information | +|`helmProjectOperator.hardenedNamespaces.enabled`| Whether to automatically patch the default ServiceAccount with `automountServiceAccountToken: false` and create a default NetworkPolicy in all managed namespaces in the cluster; the default values ensure that the creation of the namespace does not break a CIS 1.16 hardened scan | +|`helmProjectOperator.hardenedNamespaces.configuration`| The configuration to be supplied to the default ServiceAccount or auto-generated NetworkPolicy on managing a namespace | +|`helmProjectOperator.helmController.enabled`| Whether to enable an embedded k3s-io/helm-controller instance within the Helm Project Operator. Should be disabled for RKE2/K3s clusters before v1.23.14 / v1.24.8 / v1.25.4 since RKE2/K3s clusters already run Helm Controller at a cluster-wide level to manage internal Kubernetes components | +|`helmProjectOperator.helmLocker.enabled`| Whether to enable an embedded rancher/helm-locker instance within the Helm Project Operator. | diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/app-README.md b/charts/prometheus-federator/3.0.1+up0.3.3/app-README.md new file mode 100644 index 0000000000..99fa7ca1c8 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/app-README.md @@ -0,0 +1,27 @@ +# Prometheus Federator + +This chart deploys an operator that manages Project Monitoring Stacks composed of the following set of resources that are scoped to project namespaces: +- [Prometheus](https://prometheus.io/) (managed externally by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) +- [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/) (managed externally by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) +- [Grafana](https://github.com/helm/charts/tree/master/stable/grafana) (deployed via an embedded Helm chart) +- Default PrometheusRules and Grafana dashboards based on the collection of community-curated resources from [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/) +- Default ServiceMonitors that watch the deployed Prometheus, Grafana, and Alertmanager + +Since this Project Monitoring Stack deploys Prometheus Operator CRs, an existing Prometheus Operator instance must already be deployed in the cluster for Prometheus Federator to successfully be able to deploy Project Monitoring Stacks. It is recommended to use [`rancher-monitoring`](https://rancher.com/docs/rancher/v2.6/en/monitoring-alerting/) for this. For more information on how the chart works or advanced configurations, please read the `README.md`. + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. +​ +> **Note:** +> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. + ​ +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. +Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. +​ +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. \ No newline at end of file diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/Chart.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/Chart.yaml new file mode 100644 index 0000000000..c4d14e1d93 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Helm Project Operator + catalog.cattle.io/kube-version: '>=1.16.0-0' + catalog.cattle.io/namespace: cattle-helm-system + catalog.cattle.io/os: linux,windows + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: helm.cattle.io.projecthelmchart/v1alpha1 + catalog.cattle.io/rancher-version: '>= 2.6.0-0' + catalog.cattle.io/release-name: helm-project-operator +apiVersion: v2 +appVersion: 0.2.1 +description: Helm Project Operator +name: helmProjectOperator +version: 0.2.1 diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/README.md b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/README.md new file mode 100644 index 0000000000..fc1d39e81b --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/README.md @@ -0,0 +1,77 @@ +# Helm Project Operator + +## How does the operator work? + +1. On deploying a Helm Project Operator, users can create ProjectHelmCharts CRs with `spec.helmApiVersion` set to `dummy.cattle.io/v1alpha1` in a **Project Registration Namespace (`cattle-project-`)**. +2. On seeing each ProjectHelmChartCR, the operator will automatically deploy the embedded Helm chart on the Project Owner's behalf in the **Project Release Namespace (`cattle-project--dummy`)** based on a HelmChart CR and a HelmRelease CR automatically created by the ProjectHelmChart controller in the **Operator / System Namespace**. +3. RBAC will automatically be assigned in the Project Release Namespace to allow users to based on Role created in the Project Release Namespace with a given set of labels; this will be based on RBAC defined on the Project Registration Namespace against the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) (see below for more information about configuring RBAC). + +### What is a Project? + +In Helm Project Operator, a Project is a group of namespaces that can be identified by a `metav1.LabelSelector`; by default, the label used to identify projects is `field.cattle.io/projectId`, the label used to identify namespaces that are contained within a given [Rancher](https://rancher.com/) Project. + +### What is a ProjectHelmChart? + +A ProjectHelmChart is an instance of a (project-scoped) Helm chart deployed on behalf of a user who has permissions to create ProjectHelmChart resources in a Project Registration namespace. + +Generally, the best way to think about the ProjectHelmChart model is by comparing it to two other models: +1. Managed Kubernetes providers (EKS, GKE, AKS, etc.): in this model, a user has the ability to say "I want a Kubernetes cluster" but the underlying cloud provider is responsible for provisioning the infrastructure and offering **limited view and access** of the underlying resources created on their behalf; similarly, Helm Project Operator allows a Project Owner to say "I want this Helm chart deployed", but the underlying Operator is responsible for "provisioning" (deploying) the Helm chart and offering **limited view and access** of the underlying Kubernetes resources created on their behalf (based on configuring "least-privilege" Kubernetes RBAC for the Project Owners / Members in the newly created Project Release Namespace). +2. Dynamically-provisioned Persistent Volumes: in this model, a single resource (PersistentVolume) exists that allows you to specify a Storage Class that actually implements provisioning the underlying storage via a Storage Class Provisioner (e.g. Longhorn). Similarly, the ProjectHelmChart exists that allows you to specify a `spec.helmApiVersion` ("storage class") that actually implements deploying the underlying Helm chart via a Helm Project Operator (e.g. [`rancher/prometheus-federator`](https://github.com/rancher/prometheus-federator)). + +### Configuring the Helm release created by a ProjectHelmChart + +The `spec.values` of this ProjectHelmChart resources will correspond to the `values.yaml` override to be supplied to the underlying Helm chart deployed by the operator on the user's behalf; to see the underlying chart's `values.yaml` spec, either: +- View to the chart's definition located at [`rancher/helm-project-operator` under `charts/example-chart`](https://github.com/rancher/helm-project-operator/blob/main/charts/example-chart) (where the chart version will be tied to the version of this operator) +- Look for the ConfigMap named `dummy.cattle.io.v1alpha1` that is automatically created in each Project Registration Namespace, which will contain both the `values.yaml` and `questions.yaml` that was used to configure the chart (which was embedded directly into the `helm-project-operator` binary). + +### Namespaces + +All Helm Project Operators have three different classifications of namespaces that the operator looks out for: +1. **Operator / System Namespace**: this is the namespace that the operator is deployed into (e.g. `cattle-helm-system`). This namespace will contain all HelmCharts and HelmReleases for all ProjectHelmCharts watched by this operator. **Only Cluster Admins should have access to this namespace.** +2. **Project Registration Namespace (`cattle-project-`)**: this is the set of namespaces that the operator watches for ProjectHelmCharts within. The RoleBindings and ClusterRoleBindings that apply to this namespace will also be the source of truth for the auto-assigned RBAC created in the Project Release Namespace (see more details below). **Project Owners (admin), Project Members (edit), and Read-Only Members (view) should have access to this namespace**. +> Note: Project Registration Namespaces will be auto-generated by the operator and imported into the Project it is tied to if `.Values.global.cattle.projectLabel` is provided (which is set to `field.cattle.io/projectId` by default); this indicates that a Project Registration Namespace should be created by the operator if at least one namespace is observed with that label. The operator will not let these namespaces be deleted unless either all namespaces with that label are gone (e.g. this is the last namespace in that project, in which case the namespace will be marked with the label `"helm.cattle.io/helm-project-operator-orphaned": "true"`, which signals that it can be deleted) or it is no longer watching that project (because the project ID was provided under `.Values.helmProjectOperator.otherSystemProjectLabelValues`, which serves as a denylist for Projects). These namespaces will also never be auto-deleted to avoid destroying user data; it is recommended that users clean up these namespaces manually if desired on creating or deleting a project +> Note: if `.Values.global.cattle.projectLabel` is not provided, the Operator / System Namespace will also be the Project Registration Namespace +3. **Project Release Namespace (`cattle-project--dummy`)**: this is the set of namespaces that the operator deploys Helm charts within on behalf of a ProjectHelmChart; the operator will also automatically assign RBAC to Roles created in this namespace by the Helm charts based on bindings found in the Project Registration Namespace. **Only Cluster Admins should have access to this namespace; Project Owners (admin), Project Members (edit), and Read-Only Members (view) will be assigned limited access to this namespace by the deployed Helm Chart and Helm Project Operator.** +> Note: Project Release Namespaces are automatically deployed and imported into the project whose ID is specified under `.Values.helmProjectOperator.projectReleaseNamespaces.labelValue` (which defaults to the value of `.Values.global.cattle.systemProjectId` if not specified) whenever a ProjectHelmChart is specified in a Project Registration Namespace +> Note: Project Release Namespaces follow the same orphaning conventions as Project Registration Namespaces (see note above) +> Note: if `.Values.projectReleaseNamespaces.enabled` is false, the Project Release Namespace will be the same as the Project Registration Namespace + +### Helm Resources (HelmChart, HelmRelease) + +On deploying a ProjectHelmChart, the Helm Project Operator will automatically create and manage two child custom resources that manage the underlying Helm resources in turn: +- A HelmChart CR (managed via an embedded [k3s-io/helm-contoller](https://github.com/k3s-io/helm-controller) in the operator): this custom resource automatically creates a Job in the same namespace that triggers a `helm install`, `helm upgrade`, or `helm uninstall` depending on the change applied to the HelmChart CR; this CR is automatically updated on changes to the ProjectHelmChart (e.g. modifying the values.yaml) or changes to the underlying Project definition (e.g. adding or removing namespaces from a project). +> **Important Note: If a ProjectHelmChart is not deploying or updating the underlying Project Monitoring Stack for some reason, the Job created by this resource in the Operator / System namespace should be the first place you check to see if there's something wrong with the Helm operation; however, this is generally only accessible by a Cluster Admin.** +- A HelmRelease CR (managed via an embedded [rancher/helm-locker](https://github.com/rancher/helm-locker) in the operator): this custom resource automatically locks a deployed Helm release in place and automatically overwrites updates to underlying resources unless the change happens via a Helm operation (`helm install`, `helm upgrade`, or `helm uninstall` performed by the HelmChart CR). +> Note: HelmRelease CRs emit Kubernetes Events that detect when an underlying Helm release is being modified and locks it back to place; to view these events, you can use `kubectl describe helmrelease -n `; you can also view the logs on this operator to see when changes are detected and which resources were attempted to be modified + +Both of these resources are created for all Helm charts in the Operator / System namespaces to avoid escalation of privileges to underprivileged users. + +### RBAC + +As described in the section on namespaces above, Helm Project Operator expects that Project Owners, Project Members, and other users in the cluster with Project-level permissions (e.g. permissions in a certain set of namespaces identified by a single label selector) have minimal permissions in any namespaces except the Project Registration Namespace (which is imported into the project by default) and those that already comprise their projects. Therefore, in order to allow Project Owners to assign specific chart permissions to other users in their Project namespaces, the Helm Project Operator will automatically watch the following bindings: +- ClusterRoleBindings +- RoleBindings in the Project Release Namespace + +On observing a change to one of those types of bindings, the Helm Project Operator will check whether the `roleRef` that the the binding points to matches a ClusterRole with the name provided under `helmProjectOperator.releaseRoleBindings.clusterRoleRefs.admin`, `helmProjectOperator.releaseRoleBindings.clusterRoleRefs.edit`, or `helmProjectOperator.releaseRoleBindings.clusterRoleRefs.view`; by default, these roleRefs correspond will correspond to `admin`, `edit`, and `view` respectively, which are the [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). + +> Note: for Rancher RBAC users, these [default Kubernetes user-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) directly correlate to the `Project Owner`, `Project Member`, and `Read-Only` default Project Role Templates. + +If the `roleRef` matches, the Helm Project Operator will filter the `subjects` of the binding for all Users and Groups and use that to automatically construct a RoleBinding for each Role in the Project Release Namespace with the same name as the role and the following labels: +- `helm.cattle.io/project-helm-chart-role: {{ .Release.Name }}` +- `helm.cattle.io/project-helm-chart-role-aggregate-from: ` + +By default, the `example-chart` (the underlying chart deployed by Helm Project Operator) does not create any default roles; however, if a Cluster Admin would like to assign additional permissions to certain users, they can either directly assign RoleBindings in the Project Release Namespace to certain users or created Roles with the above two labels on them to allow Project Owners to control assigning those RBAC roles to users in their Project Registration namespaces. + +### Advanced Helm Project Operator Configuration + +|Value|Configuration| +|---|---------------------------| +|`valuesOverride`| Allows an Operator to override values that are set on each ProjectHelmChart deployment on an operator-level; user-provided options (specified on the `spec.values` of the ProjectHelmChart) are automatically overridden if operator-level values are provided. For an exmaple, see how the default value overrides `federate.targets` (note: when overriding list values like `federate.targets`, user-provided list values will **not** be concatenated) | +|`projectReleaseNamespaces.labelValues`| The value of the Project that all Project Release Namespaces should be auto-imported into (via label and annotation). Not recommended to be overridden on a Rancher setup. | +|`otherSystemProjectLabelValues`| Other namespaces that the operator should treat as a system namespace that should not be monitored. By default, all namespaces that match `global.cattle.systemProjectId` will not be matched. `kube-system` is explicitly marked as a system namespace as well, regardless of label or annotation. | +|`releaseRoleBindings.aggregate`| Whether to automatically create RBAC resources in Project Release namespaces +|`releaseRoleBindings.clusterRoleRefs.`| ClusterRoles to reference to discover subjects to create RoleBindings for in the Project Release Namespace for all corresponding Project Release Roles. See RBAC above for more information | +|`hardenedNamespaces.enabled`| Whether to automatically patch the default ServiceAccount with `automountServiceAccountToken: false` and create a default NetworkPolicy in all managed namespaces in the cluster; the default values ensure that the creation of the namespace does not break a CIS 1.16 hardened scan | +|`hardenedNamespaces.configuration`| The configuration to be supplied to the default ServiceAccount or auto-generated NetworkPolicy on managing a namespace | +|`helmController.enabled`| Whether to enable an embedded k3s-io/helm-controller instance within the Helm Project Operator. Should be disabled for RKE2 clusters since RKE2 clusters already run Helm Controller to manage internal Kubernetes components | +|`helmLocker.enabled`| Whether to enable an embedded rancher/helm-locker instance within the Helm Project Operator. | diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/app-readme.md b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/app-readme.md new file mode 100644 index 0000000000..fd551467d3 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/app-readme.md @@ -0,0 +1,20 @@ +# Helm Project Operator + +This chart installs the example [Helm Project Operator](https://github.com/rancher/helm-project-operator) onto your cluster. + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. +​ +> **Note:** +> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. + ​ +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. +Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. +​ +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. \ No newline at end of file diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/questions.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/questions.yaml new file mode 100644 index 0000000000..054361a7a4 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/questions.yaml @@ -0,0 +1,43 @@ +questions: +- variable: global.cattle.psp.enabled + default: "false" + description: "Flag to enable or disable the installation of PodSecurityPolicies by this chart in the target cluster. If the cluster is running Kubernetes 1.25+, you must update this value to false." + label: "Enable PodSecurityPolicies" + type: boolean + group: "Security Settings" +- variable: helmController.enabled + label: Enable Embedded Helm Controller + description: 'Note: If you are running this chart in an RKE2 cluster, this should be disabled.' + type: boolean + group: Helm Controller +- variable: helmLocker.enabled + label: Enable Embedded Helm Locker + type: boolean + group: Helm Locker +- variable: projectReleaseNamespaces.labelValue + label: Project Release Namespace Project ID + description: By default, the System Project is selected. This can be overriden to a different Project (e.g. p-xxxxx) + type: string + required: false + group: Namespaces +- variable: releaseRoleBindings.clusterRoleRefs.admin + label: Admin ClusterRole + description: By default, admin selects Project Owners. This can be overridden to a different ClusterRole (e.g. rt-xxxxx) + type: string + default: admin + required: false + group: RBAC +- variable: releaseRoleBindings.clusterRoleRefs.edit + label: Edit ClusterRole + description: By default, edit selects Project Members. This can be overridden to a different ClusterRole (e.g. rt-xxxxx) + type: string + default: edit + required: false + group: RBAC +- variable: releaseRoleBindings.clusterRoleRefs.view + label: View ClusterRole + description: By default, view selects Read-Only users. This can be overridden to a different ClusterRole (e.g. rt-xxxxx) + type: string + default: view + required: false + group: RBAC diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/NOTES.txt b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/NOTES.txt new file mode 100644 index 0000000000..32baeebcbe --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/NOTES.txt @@ -0,0 +1,2 @@ +{{ $.Chart.Name }} has been installed. Check its status by running: + kubectl --namespace {{ template "helm-project-operator.namespace" . }} get pods -l "release={{ $.Release.Name }}" diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/_helpers.tpl b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/_helpers.tpl new file mode 100644 index 0000000000..97dd6b368b --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/_helpers.tpl @@ -0,0 +1,66 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# Helm Project Operator + +{{/* vim: set filetype=mustache: */}} +{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}} +{{- define "helm-project-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}} +{{- end }} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "helm-project-operator.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* Create chart name and version as used by the chart label. */}} +{{- define "helm-project-operator.chartref" -}} +{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} +{{- end }} + +{{/* Generate basic labels */}} +{{- define "helm-project-operator.labels" -}} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" +app.kubernetes.io/part-of: {{ template "helm-project-operator.name" . }} +chart: {{ template "helm-project-operator.chartref" . }} +release: {{ $.Release.Name | quote }} +heritage: {{ $.Release.Service | quote }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end -}} diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/cleanup.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/cleanup.yaml new file mode 100644 index 0000000000..98675642d0 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/cleanup.yaml @@ -0,0 +1,82 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "helm-project-operator.name" . }}-cleanup + namespace: {{ template "helm-project-operator.namespace" . }} + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + app: {{ template "helm-project-operator.name" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed +spec: + template: + metadata: + name: {{ template "helm-project-operator.name" . }}-cleanup + labels: {{ include "helm-project-operator.labels" . | nindent 8 }} + app: {{ template "helm-project-operator.name" . }} + spec: + serviceAccountName: {{ template "helm-project-operator.name" . }} +{{- if .Values.cleanup.securityContext }} + securityContext: {{ toYaml .Values.cleanup.securityContext | nindent 8 }} +{{- end }} + initContainers: + - name: add-cleanup-annotations + image: {{ template "system_default_registry" . }}{{ .Values.cleanup.image.repository }}:{{ .Values.cleanup.image.tag }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + command: + - /bin/sh + - -c + - > + echo "Labeling all ProjectHelmCharts with helm.cattle.io/helm-project-operator-cleanup=true"; + EXPECTED_HELM_API_VERSION={{ .Values.helmApiVersion }}; + IFS=$'\n'; + for namespace in $(kubectl get namespaces -l helm.cattle.io/helm-project-operated=true --no-headers -o=custom-columns=NAME:.metadata.name); do + for projectHelmChartAndHelmApiVersion in $(kubectl get projecthelmcharts -n ${namespace} --no-headers -o=custom-columns=NAME:.metadata.name,HELMAPIVERSION:.spec.helmApiVersion); do + projectHelmChartAndHelmApiVersion=$(echo ${projectHelmChartAndHelmApiVersion} | xargs); + projectHelmChart=$(echo ${projectHelmChartAndHelmApiVersion} | cut -d' ' -f1); + helmApiVersion=$(echo ${projectHelmChartAndHelmApiVersion} | cut -d' ' -f2); + if [[ ${helmApiVersion} != ${EXPECTED_HELM_API_VERSION} ]]; then + echo "Skipping marking ${namespace}/${projectHelmChart} with cleanup annotation since spec.helmApiVersion: ${helmApiVersion} is not ${EXPECTED_HELM_API_VERSION}"; + continue; + fi; + kubectl label projecthelmcharts -n ${namespace} ${projectHelmChart} helm.cattle.io/helm-project-operator-cleanup=true --overwrite; + done; + done; +{{- if .Values.cleanup.resources }} + resources: {{ toYaml .Values.cleanup.resources | nindent 12 }} +{{- end }} +{{- if .Values.cleanup.containerSecurityContext }} + securityContext: {{ toYaml .Values.cleanup.containerSecurityContext | nindent 12 }} +{{- end }} + containers: + - name: ensure-subresources-deleted + image: {{ template "system_default_registry" . }}{{ .Values.cleanup.image.repository }}:{{ .Values.cleanup.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - > + SYSTEM_NAMESPACE={{ .Release.Namespace }} + EXPECTED_HELM_API_VERSION={{ .Values.helmApiVersion }}; + HELM_API_VERSION_TRUNCATED=$(echo ${EXPECTED_HELM_API_VERSION} | cut -d'/' -f0); + echo "Ensuring HelmCharts and HelmReleases are deleted from ${SYSTEM_NAMESPACE}..."; + while [[ "$(kubectl get helmcharts,helmreleases -l helm.cattle.io/helm-api-version=${HELM_API_VERSION_TRUNCATED} -n ${SYSTEM_NAMESPACE} 2>&1)" != "No resources found in ${SYSTEM_NAMESPACE} namespace." ]]; do + echo "waiting for HelmCharts and HelmReleases to be deleted from ${SYSTEM_NAMESPACE}... sleeping 3 seconds"; + sleep 3; + done; + echo "Successfully deleted all HelmCharts and HelmReleases in ${SYSTEM_NAMESPACE}!"; +{{- if .Values.cleanup.resources }} + resources: {{ toYaml .Values.cleanup.resources | nindent 12 }} +{{- end }} +{{- if .Values.cleanup.containerSecurityContext }} + securityContext: {{ toYaml .Values.cleanup.containerSecurityContext | nindent 12 }} +{{- end }} + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.cleanup.nodeSelector }} + {{- toYaml .Values.cleanup.nodeSelector | nindent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.cleanup.tolerations }} + {{- toYaml .Values.cleanup.tolerations | nindent 8 }} + {{- end }} diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/clusterrole.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/clusterrole.yaml new file mode 100644 index 0000000000..60ed263ba8 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/clusterrole.yaml @@ -0,0 +1,57 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "helm-project-operator.name" . }}-admin + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- end }} +rules: +- apiGroups: + - helm.cattle.io + resources: + - projecthelmcharts + - projecthelmcharts/finalizers + - projecthelmcharts/status + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "helm-project-operator.name" . }}-edit + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- end }} +rules: +- apiGroups: + - helm.cattle.io + resources: + - projecthelmcharts + - projecthelmcharts/status + verbs: + - 'get' + - 'list' + - 'watch' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "helm-project-operator.name" . }}-view + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- end }} +rules: +- apiGroups: + - helm.cattle.io + resources: + - projecthelmcharts + - projecthelmcharts/status + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/configmap.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/configmap.yaml new file mode 100644 index 0000000000..d4def157dc --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/configmap.yaml @@ -0,0 +1,14 @@ +## Note: If you add another entry to this ConfigMap, make sure a corresponding env var is set +## in the deployment of the operator to ensure that a Helm upgrade will force the operator +## to reload the values in the ConfigMap and redeploy +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "helm-project-operator.name" . }}-config + namespace: {{ template "helm-project-operator.namespace" . }} + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} +data: + hardened.yaml: |- +{{ .Values.hardenedNamespaces.configuration | toYaml | indent 4 }} + values.yaml: |- +{{ .Values.valuesOverride | toYaml | indent 4 }} diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/deployment.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/deployment.yaml new file mode 100644 index 0000000000..33b81e72e6 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/deployment.yaml @@ -0,0 +1,126 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "helm-project-operator.name" . }} + namespace: {{ template "helm-project-operator.namespace" . }} + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + app: {{ template "helm-project-operator.name" . }} +spec: + {{- if .Values.replicas }} + replicas: {{ .Values.replicas }} + {{- end }} + selector: + matchLabels: + app: {{ template "helm-project-operator.name" . }} + release: {{ $.Release.Name | quote }} + template: + metadata: + labels: {{ include "helm-project-operator.labels" . | nindent 8 }} + app: {{ template "helm-project-operator.name" . }} + spec: + containers: + - name: {{ template "helm-project-operator.name" . }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + args: + - {{ template "helm-project-operator.name" . }} + - --namespace={{ template "helm-project-operator.namespace" . }} + - --controller-name={{ template "helm-project-operator.name" . }} + - --values-override-file=/etc/helmprojectoperator/config/values.yaml +{{- if .Values.global.cattle.systemDefaultRegistry }} + - --system-default-registry={{ .Values.global.cattle.systemDefaultRegistry }} +{{- end }} +{{- if .Values.global.cattle.url }} + - --cattle-url={{ .Values.global.cattle.url }} +{{- end }} +{{- if .Values.global.cattle.projectLabel }} + - --project-label={{ .Values.global.cattle.projectLabel }} +{{- end }} +{{- if not .Values.projectReleaseNamespaces.enabled }} + - --system-project-label-values={{ join "," (append .Values.otherSystemProjectLabelValues .Values.global.cattle.systemProjectId) }} +{{- else if and (ne (len .Values.global.cattle.systemProjectId) 0) (ne (len .Values.projectReleaseNamespaces.labelValue) 0) (ne .Values.projectReleaseNamespaces.labelValue .Values.global.cattle.systemProjectId) }} + - --system-project-label-values={{ join "," (append .Values.otherSystemProjectLabelValues .Values.global.cattle.systemProjectId) }} +{{- else if len .Values.otherSystemProjectLabelValues }} + - --system-project-label-values={{ join "," .Values.otherSystemProjectLabelValues }} +{{- end }} +{{- if .Values.projectReleaseNamespaces.enabled }} +{{- if .Values.projectReleaseNamespaces.labelValue }} + - --project-release-label-value={{ .Values.projectReleaseNamespaces.labelValue }} +{{- else if .Values.global.cattle.systemProjectId }} + - --project-release-label-value={{ .Values.global.cattle.systemProjectId }} +{{- end }} +{{- end }} +{{- if .Values.global.cattle.clusterId }} + - --cluster-id={{ .Values.global.cattle.clusterId }} +{{- end }} +{{- if .Values.releaseRoleBindings.aggregate }} +{{- if .Values.releaseRoleBindings.clusterRoleRefs }} +{{- if .Values.releaseRoleBindings.clusterRoleRefs.admin }} + - --admin-cluster-role={{ .Values.releaseRoleBindings.clusterRoleRefs.admin }} +{{- end }} +{{- if .Values.releaseRoleBindings.clusterRoleRefs.edit }} + - --edit-cluster-role={{ .Values.releaseRoleBindings.clusterRoleRefs.edit }} +{{- end }} +{{- if .Values.releaseRoleBindings.clusterRoleRefs.view }} + - --view-cluster-role={{ .Values.releaseRoleBindings.clusterRoleRefs.view }} +{{- end }} +{{- end }} +{{- end }} +{{- if .Values.hardenedNamespaces.enabled }} + - --hardening-options-file=/etc/helmprojectoperator/config/hardening.yaml +{{- else }} + - --disable-hardening +{{- end }} +{{- if .Values.debug }} + - --debug + - --debug-level={{ .Values.debugLevel }} +{{- end }} +{{- if not .Values.helmController.enabled }} + - --disable-embedded-helm-controller +{{- else }} + - --helm-job-image={{ template "system_default_registry" . }}{{ .Values.helmController.job.image.repository }}:{{ .Values.helmController.job.image.tag }} +{{- end }} +{{- if not .Values.helmLocker.enabled }} + - --disable-embedded-helm-locker +{{- end }} +{{- if .Values.additionalArgs }} +{{- toYaml .Values.additionalArgs | nindent 10 }} +{{- end }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + ## Note: The below two values only exist to force Helm to upgrade the deployment on + ## a change to the contents of the ConfigMap during an upgrade. Neither serve + ## any practical purpose and can be removed and replaced with a configmap reloader + ## in a future change if dynamic updates are required. + - name: HARDENING_OPTIONS_SHA_256_HASH + value: {{ .Values.hardenedNamespaces.configuration | toYaml | sha256sum }} + - name: VALUES_OVERRIDE_SHA_256_HASH + value: {{ .Values.valuesOverride | toYaml | sha256sum }} +{{- if .Values.resources }} + resources: {{ toYaml .Values.resources | nindent 12 }} +{{- end }} +{{- if .Values.containerSecurityContext }} + securityContext: {{ toYaml .Values.containerSecurityContext | nindent 12 }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/helmprojectoperator/config" + serviceAccountName: {{ template "helm-project-operator.name" . }} +{{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.nodeSelector | nindent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 8 }} +{{- end }} + volumes: + - name: config + configMap: + name: {{ template "helm-project-operator.name" . }}-config diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/psp.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/psp.yaml new file mode 100644 index 0000000000..73dcc4560e --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/psp.yaml @@ -0,0 +1,68 @@ +{{- if .Values.global.cattle.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "helm-project-operator.name" . }}-psp + namespace: {{ template "helm-project-operator.namespace" . }} + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + app: {{ template "helm-project-operator.name" . }} +{{- if .Values.global.rbac.pspAnnotations }} + annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} +{{- end }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "helm-project-operator.name" . }}-psp + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + app: {{ template "helm-project-operator.name" . }} +rules: +{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "helm-project-operator.name" . }}-psp +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "helm-project-operator.name" . }}-psp + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + app: {{ template "helm-project-operator.name" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "helm-project-operator.name" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ template "helm-project-operator.name" . }} + namespace: {{ template "helm-project-operator.namespace" . }} +{{- end }} diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/rbac.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/rbac.yaml new file mode 100644 index 0000000000..b1c4092029 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/rbac.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "helm-project-operator.name" . }} + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + app: {{ template "helm-project-operator.name" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "cluster-admin" # see note below +subjects: +- kind: ServiceAccount + name: {{ template "helm-project-operator.name" . }} + namespace: {{ template "helm-project-operator.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "helm-project-operator.name" . }} + namespace: {{ template "helm-project-operator.namespace" . }} + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} + app: {{ template "helm-project-operator.name" . }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 2 }} +{{- end }} +# --- +# NOTE: +# As of now, due to the fact that the k3s-io/helm-controller can only deploy jobs that are cluster-bound to the cluster-admin +# ClusterRole, the only way for this operator to be able to perform that binding is if it is also bound to the cluster-admin ClusterRole. +# +# As a result, this ClusterRoleBinding will be left as a work-in-progress until changes are made in k3s-io/helm-controller to allow us to grant +# only scoped down permissions to the Job that is deployed. diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/system-namespaces-configmap.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/system-namespaces-configmap.yaml new file mode 100644 index 0000000000..f4c85254e8 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/system-namespaces-configmap.yaml @@ -0,0 +1,62 @@ +{{- if .Values.systemNamespacesConfigMap.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "helm-project-operator.name" . }}-system-namespaces + namespace: {{ template "helm-project-operator.namespace" . }} + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} +data: + system-namespaces.json: |- + { +{{- if .Values.projectReleaseNamespaces.enabled }} +{{- if .Values.projectReleaseNamespaces.labelValue }} + "projectReleaseLabelValue": {{ .Values.projectReleaseNamespaces.labelValue | quote }}, +{{- else if .Values.global.cattle.systemProjectId }} + "projectReleaseLabelValue": {{ .Values.global.cattle.systemProjectId | quote }}, +{{- else }} + "projectReleaseLabelValue": "", +{{- end }} +{{- else }} + "projectReleaseLabelValue": "", +{{- end }} +{{- if not .Values.projectReleaseNamespaces.enabled }} + "systemProjectLabelValues": {{ append .Values.otherSystemProjectLabelValues .Values.global.cattle.systemProjectId | toJson }} +{{- else if and (ne (len .Values.global.cattle.systemProjectId) 0) (ne (len .Values.projectReleaseNamespaces.labelValue) 0) (ne .Values.projectReleaseNamespaces.labelValue .Values.global.cattle.systemProjectId) }} + "systemProjectLabelValues": {{ append .Values.otherSystemProjectLabelValues .Values.global.cattle.systemProjectId | toJson }} +{{- else if len .Values.otherSystemProjectLabelValues }} + "systemProjectLabelValues": {{ .Values.otherSystemProjectLabelValues | toJson }} +{{- else }} + "systemProjectLabelValues": [] +{{- end }} + } +--- +{{- if (and .Values.systemNamespacesConfigMap.rbac.enabled .Values.systemNamespacesConfigMap.rbac.subjects) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "helm-project-operator.name" . }}-system-namespaces + namespace: {{ template "helm-project-operator.namespace" . }} + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - "{{ template "helm-project-operator.name" . }}-system-namespaces" + verbs: + - 'get' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "helm-project-operator.name" . }}-system-namespaces + namespace: {{ template "helm-project-operator.namespace" . }} + labels: {{ include "helm-project-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "helm-project-operator.name" . }}-system-namespaces +subjects: {{ .Values.systemNamespacesConfigMap.rbac.subjects | toYaml | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/validate-psp-install.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/validate-psp-install.yaml new file mode 100644 index 0000000000..a30c59d3b7 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/templates/validate-psp-install.yaml @@ -0,0 +1,7 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +#{{- if .Values.global.cattle.psp.enabled }} +#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} +#{{- end }} +#{{- end }} +#{{- end }} diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/values.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/values.yaml new file mode 100644 index 0000000000..63fae45af8 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/charts/helmProjectOperator/values.yaml @@ -0,0 +1,228 @@ +# Default values for helm-project-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Helm Project Operator Configuration + +global: + cattle: + clusterId: "" + psp: + enabled: false + projectLabel: field.cattle.io/projectId + systemDefaultRegistry: "" + systemProjectId: "" + url: "" + rbac: + ## Create RBAC resources for ServiceAccounts and users + ## + create: true + + userRoles: + ## Create default user ClusterRoles to allow users to interact with ProjectHelmCharts + create: true + ## Aggregate default user ClusterRoles into default k8s ClusterRoles + aggregateToDefaultRoles: true + + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + +helmApiVersion: dummy.cattle.io/v1alpha1 + +## valuesOverride overrides values that are set on each ProjectHelmChart deployment on an operator-level +## User-provided values will be overwritten based on the values provided here +valuesOverride: {} + +## projectReleaseNamespaces are auto-generated namespaces that are created to host Helm Releases +## managed by this operator on behalf of a ProjectHelmChart +projectReleaseNamespaces: + ## Enabled determines whether Project Release Namespaces should be created. If false, the underlying + ## Helm release will be deployed in the Project Registration Namespace + enabled: true + ## labelValue is the value of the Project that the projectReleaseNamespace should be created within + ## If empty, this will be set to the value of global.cattle.systemProjectId + ## If global.cattle.systemProjectId is also empty, project release namespaces will be disabled + labelValue: "" + +## otherSystemProjectLabelValues are project labels that identify namespaces as those that should be treated as system projects +## i.e. they will be entirely ignored by the operator +## By default, the global.cattle.systemProjectId will be in this list +otherSystemProjectLabelValues: [] + +## releaseRoleBindings configures RoleBindings automatically created by the Helm Project Operator +## in Project Release Namespaces where underlying Helm charts are deployed +releaseRoleBindings: + ## aggregate enables creating these RoleBindings off aggregating RoleBindings in the + ## Project Registration Namespace or ClusterRoleBindings that bind users to the ClusterRoles + ## specified under clusterRoleRefs + aggregate: true + + ## clusterRoleRefs are the ClusterRoles whose RoleBinding or ClusterRoleBindings should determine + ## the RoleBindings created in the Project Release Namespace + ## + ## By default, these are set to create RoleBindings based on the RoleBindings / ClusterRoleBindings + ## attached to the default K8s user-facing ClusterRoles of admin, edit, and view. + ## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + ## + clusterRoleRefs: + admin: admin + edit: edit + view: view + +hardenedNamespaces: + # Whether to automatically manage the configuration of the default ServiceAccount and + # auto-create a NetworkPolicy for each namespace created by this operator + enabled: true + + configuration: + # Values to be applied to each default ServiceAccount created in a managed namespace + serviceAccountSpec: + secrets: [] + imagePullSecrets: [] + automountServiceAccountToken: false + # Values to be applied to each default generated NetworkPolicy created in a managed namespace + networkPolicySpec: + podSelector: {} + egress: [] + ingress: [] + policyTypes: ["Ingress", "Egress"] + +## systemNamespacesConfigMap is a ConfigMap created to allow users to see valid entries +## for registering a ProjectHelmChart for a given Project on the Rancher Dashboard UI. +## It does not need to be enabled for a non-Rancher use case. +systemNamespacesConfigMap: + ## Create indicates whether the system namespaces configmap should be created + ## This is a required value for integration with Rancher Dashboard + create: true + + ## RBAC provides options around the RBAC created to allow users to be able to view + ## the systemNamespacesConfigMap; if not specified, only users with the ability to + ## view ConfigMaps in the namespace where this chart is deployed will be able to + ## properly view the system namespaces on the Rancher Dashboard UI + rbac: + ## enabled indicates that we should deploy a RoleBinding and Role to view this ConfigMap + enabled: true + ## subjects are the subjects that should be bound to this default RoleBinding + ## By default, we allow anyone who is authenticated to the system to be able to view + ## this ConfigMap in the deployment namespace + subjects: + - kind: Group + name: system:authenticated + +nameOverride: "" + +namespaceOverride: "" + +replicas: 1 + +image: + repository: rancher/helm-project-operator + tag: v0.2.1 + pullPolicy: IfNotPresent + +helmController: + # Note: should be disabled for RKE2 clusters since they already run Helm Controller to manage internal Kubernetes components + enabled: true + + job: + image: + repository: rancher/klipper-helm + tag: v0.7.0-build20220315 + +helmLocker: + enabled: true + +# Additional arguments to be passed into the Helm Project Operator image +additionalArgs: [] + +## Define which Nodes the Pods are scheduled on. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for use with node taints +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +# - key: "key" +# operator: "Equal" +# value: "value" +# effect: "NoSchedule" + +resources: {} + # limits: + # memory: 500Mi + # cpu: 1000m + # requests: + # memory: 100Mi + # cpu: 100m + +containerSecurityContext: {} + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + # privileged: false + # readOnlyRootFilesystem: true + +securityContext: {} + # runAsGroup: 1000 + # runAsUser: 1000 + # supplementalGroups: + # - 1000 + +debug: false +debugLevel: 0 + +cleanup: + image: + repository: rancher/shell + tag: v0.1.19 + pullPolicy: IfNotPresent + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + containerSecurityContext: {} + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + # privileged: false + # readOnlyRootFilesystem: true + + securityContext: + runAsNonRoot: false + runAsUser: 0 + + resources: {} + # limits: + # memory: 500Mi + # cpu: 1000m + # requests: + # memory: 100Mi + # cpu: 100m diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/questions.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/questions.yaml new file mode 100644 index 0000000000..87cf1339f8 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/questions.yaml @@ -0,0 +1,43 @@ +questions: +- variable: global.cattle.psp.enabled + default: "false" + description: "Flag to enable or disable the installation of PodSecurityPolicies by this chart in the target cluster. If the cluster is running Kubernetes 1.25+, you must update this value to false." + label: "Enable PodSecurityPolicies" + type: boolean + group: "Security Settings" +- variable: helmProjectOperator.helmController.enabled + label: Enable Embedded Helm Controller + description: 'Note: If you are running Prometheus Federator in an RKE2 / K3s cluster before v1.23.14 / v1.24.8 / v1.25.4, this should be disabled.' + type: boolean + group: Helm Controller +- variable: helmProjectOperator.helmLocker.enabled + label: Enable Embedded Helm Locker + type: boolean + group: Helm Locker +- variable: helmProjectOperator.projectReleaseNamespaces.labelValue + label: Project Release Namespace Project ID + description: By default, the System Project is selected. This can be overriden to a different Project (e.g. p-xxxxx) + type: string + required: false + group: Namespaces +- variable: helmProjectOperator.releaseRoleBindings.clusterRoleRefs.admin + label: Admin ClusterRole + description: By default, admin selects Project Owners. This can be overridden to a different ClusterRole (e.g. rt-xxxxx) + type: string + default: admin + required: false + group: RBAC +- variable: helmProjectOperator.releaseRoleBindings.clusterRoleRefs.edit + label: Edit ClusterRole + description: By default, edit selects Project Members. This can be overridden to a different ClusterRole (e.g. rt-xxxxx) + type: string + default: edit + required: false + group: RBAC +- variable: helmProjectOperator.releaseRoleBindings.clusterRoleRefs.view + label: View ClusterRole + description: By default, view selects Read-Only users. This can be overridden to a different ClusterRole (e.g. rt-xxxxx) + type: string + default: view + required: false + group: RBAC \ No newline at end of file diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/templates/NOTES.txt b/charts/prometheus-federator/3.0.1+up0.3.3/templates/NOTES.txt new file mode 100644 index 0000000000..f551f36613 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/templates/NOTES.txt @@ -0,0 +1,3 @@ +{{ $.Chart.Name }} has been installed. Check its status by running: + kubectl --namespace {{ template "prometheus-federator.namespace" . }} get pods -l "release={{ $.Release.Name }}" + diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/templates/_helpers.tpl b/charts/prometheus-federator/3.0.1+up0.3.3/templates/_helpers.tpl new file mode 100644 index 0000000000..15ea4e5c88 --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/templates/_helpers.tpl @@ -0,0 +1,66 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# Helm Project Operator + +{{/* vim: set filetype=mustache: */}} +{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}} +{{- define "prometheus-federator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}} +{{- end }} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "prometheus-federator.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* Create chart name and version as used by the chart label. */}} +{{- define "prometheus-federator.chartref" -}} +{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} +{{- end }} + +{{/* Generate basic labels */}} +{{- define "prometheus-federator.labels" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" +app.kubernetes.io/part-of: {{ template "prometheus-federator.name" . }} +chart: {{ template "prometheus-federator.chartref" . }} +release: {{ $.Release.Name | quote }} +heritage: {{ $.Release.Service | quote }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end }} diff --git a/charts/prometheus-federator/3.0.1+up0.3.3/values.yaml b/charts/prometheus-federator/3.0.1+up0.3.3/values.yaml new file mode 100644 index 0000000000..7e81173aff --- /dev/null +++ b/charts/prometheus-federator/3.0.1+up0.3.3/values.yaml @@ -0,0 +1,94 @@ +# Default values for helm-project-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Prometheus Federator Configuration + +global: + cattle: + psp: + enabled: false + systemDefaultRegistry: "" + projectLabel: field.cattle.io/projectId + clusterId: "" + systemProjectId: "" + url: "" + rbac: + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + +helmProjectOperator: + enabled: true + + # ensures that all resources created by subchart show up as prometheus-federator + helmApiVersion: monitoring.cattle.io/v1alpha1 + + nameOverride: prometheus-federator + + helmController: + # Note: should be disabled for RKE2 clusters since they already run Helm Controller to manage internal Kubernetes components + enabled: true + + helmLocker: + enabled: true + + ## valuesOverride overrides values that are set on each Project Prometheus Stack Helm Chart deployment on an operator level + ## all values provided here will override any user-provided values automatically + valuesOverride: + + federate: + # Change this to point at all Prometheuses you want all your Project Prometheus Stacks to federate from + # By default, this matches the default deployment of Rancher Monitoring + targets: + - rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090 + + image: + repository: rancher/prometheus-federator + tag: v0.3.2 + pullPolicy: IfNotPresent + + # Additional arguments to be passed into the Prometheus Federator image + additionalArgs: [] + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + resources: {} + # limits: + # memory: 500Mi + # cpu: 1000m + # requests: + # memory: 100Mi + # cpu: 100m + + securityContext: {} + # allowPrivilegeEscalation: false + # readOnlyRootFilesystem: true + + debug: false + debugLevel: 0 \ No newline at end of file diff --git a/charts/rancher-logging-crd/102.0.2+up3.17.10/Chart.yaml b/charts/rancher-logging-crd/102.0.2+up3.17.10/Chart.yaml new file mode 100644 index 0000000000..9afafbb62b --- /dev/null +++ b/charts/rancher-logging-crd/102.0.2+up3.17.10/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 102.0.2+up3.17.10 diff --git a/charts/rancher-logging-crd/102.0.2+up3.17.10/README.md b/charts/rancher-logging-crd/102.0.2+up3.17.10/README.md new file mode 100644 index 0000000000..d4beb54faf --- /dev/null +++ b/charts/rancher-logging-crd/102.0.2+up3.17.10/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging-extensions.banzaicloud.io_eventtailers.yaml b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging-extensions.banzaicloud.io_eventtailers.yaml new file mode 100644 index 0000000000..52c5401422 --- /dev/null +++ b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging-extensions.banzaicloud.io_eventtailers.yaml @@ -0,0 +1,2123 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: eventtailers.logging-extensions.banzaicloud.io +spec: + group: logging-extensions.banzaicloud.io + names: + kind: EventTailer + listKind: EventTailerList + plural: eventtailers + singular: eventtailer + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + containerOverrides: + properties: + command: + items: + type: string + type: array + image: + type: string + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + pullPolicy: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + controlNamespace: + type: string + positionVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + workloadMetaOverrides: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + workloadOverrides: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + items: + properties: + command: + items: + type: string + type: array + image: + type: string + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + pullPolicy: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + type: array + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + command: + items: + type: string + type: array + image: + type: string + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + pullPolicy: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + priorityClassName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + required: + - controlNamespace + type: object + status: + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging-extensions.banzaicloud.io_hosttailers.yaml b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging-extensions.banzaicloud.io_hosttailers.yaml new file mode 100644 index 0000000000..f16b1e5d0b --- /dev/null +++ b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging-extensions.banzaicloud.io_hosttailers.yaml @@ -0,0 +1,2305 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: hosttailers.logging-extensions.banzaicloud.io +spec: + group: logging-extensions.banzaicloud.io + names: + kind: HostTailer + listKind: HostTailerList + plural: hosttailers + singular: hosttailer + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + fileTailers: + items: + properties: + buffer_chunk_size: + type: string + buffer_max_size: + type: string + containerOverrides: + properties: + command: + items: + type: string + type: array + image: + type: string + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + pullPolicy: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + disabled: + type: boolean + name: + type: string + path: + type: string + read_from_head: + type: boolean + skip_long_lines: + type: string + required: + - name + type: object + type: array + systemdTailers: + items: + properties: + containerOverrides: + properties: + command: + items: + type: string + type: array + image: + type: string + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + pullPolicy: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + disabled: + type: boolean + maxEntries: + type: integer + name: + type: string + path: + type: string + systemdFilter: + type: string + required: + - name + type: object + type: array + workloadMetaOverrides: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + workloadOverrides: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + items: + properties: + command: + items: + type: string + type: array + image: + type: string + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + pullPolicy: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + type: array + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + command: + items: + type: string + type: array + image: + type: string + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + pullPolicy: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + type: array + nodeSelector: + additionalProperties: + type: string + type: object + priorityClassName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + status: + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_clusterflows.yaml b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100644 index 0000000000..1702920cfa --- /dev/null +++ b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,2056 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the flow active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + force_line_breaks: + type: boolean + languages: + items: + type: string + type: array + match_tag: + type: string + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + elasticsearch_genid: + properties: + hash_id_key: + type: string + hash_type: + type: string + include_tag_in_seed: + type: boolean + include_time_in_seed: + type: boolean + record_keys: + type: string + separator: + type: string + use_entire_record: + type: boolean + use_record_as_seed: + type: boolean + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + kube_events_timestamp: + properties: + mapped_time_key: + type: string + timestamp_fields: + items: + type: string + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + match_tag: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Is the flow active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + force_line_breaks: + type: boolean + languages: + items: + type: string + type: array + match_tag: + type: string + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + elasticsearch_genid: + properties: + hash_id_key: + type: string + hash_type: + type: string + include_tag_in_seed: + type: boolean + include_time_in_seed: + type: boolean + record_keys: + type: string + separator: + type: string + use_entire_record: + type: boolean + use_record_as_seed: + type: boolean + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + kube_events_timestamp: + properties: + mapped_time_key: + type: string + timestamp_fields: + items: + type: string + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + match_tag: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_clusteroutputs.yaml b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100644 index 0000000000..ab4b63e945 --- /dev/null +++ b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,11820 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the output active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_ilm_name: + type: string + data_stream_ilm_policy: + type: string + data_stream_ilm_policy_overwrite: + type: boolean + data_stream_name: + type: string + data_stream_template_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + exception_backup: + type: boolean + fail_on_detecting_es_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys: + type: string + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + slow_flush_log_threshold: + type: string + required: + - azure_container + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + slow_flush_log_threshold: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + slow_flush_log_threshold: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_ilm_name: + type: string + data_stream_ilm_policy: + type: string + data_stream_ilm_policy_overwrite: + type: boolean + data_stream_name: + type: string + data_stream_template_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_detecting_es_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys: + type: string + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + recompress: + type: boolean + slow_flush_log_threshold: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + slow_flush_log_threshold: + type: string + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + transport: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + slow_flush_log_threshold: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + slow_flush_log_threshold: + type: string + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_id: + type: string + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + discard_kafka_delivery_failed: + type: boolean + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + kafka_agg_max_bytes: + type: integer + kafka_agg_max_messages: + type: integer + keytab: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + principal: + type: string + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + slow_flush_log_threshold: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + slow_flush_log_threshold: + type: string + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + slow_flush_log_threshold: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_limit: + type: integer + bulk_limit_warning_limit: + type: integer + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + slow_flush_log_threshold: + type: string + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + slow_flush_log_threshold: + type: string + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + opensearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + catch_transport_exception_on_retry: + type: boolean + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + compression_level: + type: string + custom_headers: + type: string + customize_template: + type: string + default_opensearch_version: + type: integer + emit_error_for_missing_id: + type: boolean + emit_error_label_event: + type: boolean + exception_backup: + type: boolean + fail_on_detecting_os_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + http_backend_excon_nonblock: + type: boolean + id_key: + type: string + ignore_exceptions: + type: string + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_separator: + type: string + log_os_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_os_version: + type: integer + max_retry_putting_template: + type: string + parent_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + routing_key: + type: string + scheme: + type: string + selector_class_name: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_verify: + type: boolean + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_affinity: + type: boolean + target_index_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_exclude_timestamp: + type: boolean + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + truncate_caches_interval: + type: string + unrecoverable_error_types: + type: string + unrecoverable_record_types: + type: string + use_legacy_template: + type: boolean + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_os_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + slow_flush_log_threshold: + type: string + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + slow_flush_log_threshold: + type: string + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compress: + properties: + parquet_compression_codec: + type: string + parquet_page_size: + type: string + parquet_row_group_size: + type: string + record_type: + type: string + schema_file: + type: string + schema_type: + type: string + type: object + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + slow_flush_log_threshold: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + slow_flush_log_threshold: + type: string + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sqs: + properties: + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + create_queue: + type: boolean + delay_seconds: + type: integer + include_tag: + type: boolean + message_group_id: + type: string + queue_name: + type: string + region: + type: string + slow_flush_log_threshold: + type: string + sqs_url: + type: string + tag_property_name: + type: string + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + slow_flush_log_threshold: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + allow_self_signed_cert: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + enable_system_cert_store: + type: boolean + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + fqdn: + type: string + host: + type: string + insecure: + type: boolean + port: + type: integer + private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + slow_flush_log_threshold: + type: string + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + verify_fqdn: + type: boolean + version: + type: string + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Is the output active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_ilm_name: + type: string + data_stream_ilm_policy: + type: string + data_stream_ilm_policy_overwrite: + type: boolean + data_stream_name: + type: string + data_stream_template_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + exception_backup: + type: boolean + fail_on_detecting_es_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys: + type: string + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + slow_flush_log_threshold: + type: string + required: + - azure_container + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + slow_flush_log_threshold: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + slow_flush_log_threshold: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_ilm_name: + type: string + data_stream_ilm_policy: + type: string + data_stream_ilm_policy_overwrite: + type: boolean + data_stream_name: + type: string + data_stream_template_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_detecting_es_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys: + type: string + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + recompress: + type: boolean + slow_flush_log_threshold: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + slow_flush_log_threshold: + type: string + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + transport: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + slow_flush_log_threshold: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + slow_flush_log_threshold: + type: string + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_id: + type: string + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + discard_kafka_delivery_failed: + type: boolean + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + kafka_agg_max_bytes: + type: integer + kafka_agg_max_messages: + type: integer + keytab: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + principal: + type: string + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + slow_flush_log_threshold: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + slow_flush_log_threshold: + type: string + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + slow_flush_log_threshold: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_limit: + type: integer + bulk_limit_warning_limit: + type: integer + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + slow_flush_log_threshold: + type: string + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + slow_flush_log_threshold: + type: string + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + opensearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + catch_transport_exception_on_retry: + type: boolean + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + compression_level: + type: string + custom_headers: + type: string + customize_template: + type: string + default_opensearch_version: + type: integer + emit_error_for_missing_id: + type: boolean + emit_error_label_event: + type: boolean + exception_backup: + type: boolean + fail_on_detecting_os_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + http_backend_excon_nonblock: + type: boolean + id_key: + type: string + ignore_exceptions: + type: string + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_separator: + type: string + log_os_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_os_version: + type: integer + max_retry_putting_template: + type: string + parent_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + routing_key: + type: string + scheme: + type: string + selector_class_name: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_verify: + type: boolean + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_affinity: + type: boolean + target_index_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_exclude_timestamp: + type: boolean + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + truncate_caches_interval: + type: string + unrecoverable_error_types: + type: string + unrecoverable_record_types: + type: string + use_legacy_template: + type: boolean + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_os_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + slow_flush_log_threshold: + type: string + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + slow_flush_log_threshold: + type: string + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compress: + properties: + parquet_compression_codec: + type: string + parquet_page_size: + type: string + parquet_row_group_size: + type: string + record_type: + type: string + schema_file: + type: string + schema_type: + type: string + type: object + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + slow_flush_log_threshold: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + slow_flush_log_threshold: + type: string + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sqs: + properties: + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + create_queue: + type: boolean + delay_seconds: + type: integer + include_tag: + type: boolean + message_group_id: + type: string + queue_name: + type: string + region: + type: string + slow_flush_log_threshold: + type: string + sqs_url: + type: string + tag_property_name: + type: string + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + slow_flush_log_threshold: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + allow_self_signed_cert: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + enable_system_cert_store: + type: boolean + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + fqdn: + type: string + host: + type: string + insecure: + type: boolean + port: + type: integer + private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + slow_flush_log_threshold: + type: string + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + verify_fqdn: + type: boolean + version: + type: string + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_flows.yaml b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_flows.yaml new file mode 100644 index 0000000000..28be9134d8 --- /dev/null +++ b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,2048 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the flow active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + force_line_breaks: + type: boolean + languages: + items: + type: string + type: array + match_tag: + type: string + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + elasticsearch_genid: + properties: + hash_id_key: + type: string + hash_type: + type: string + include_tag_in_seed: + type: boolean + include_time_in_seed: + type: boolean + record_keys: + type: string + separator: + type: string + use_entire_record: + type: boolean + use_record_as_seed: + type: boolean + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + kube_events_timestamp: + properties: + mapped_time_key: + type: string + timestamp_fields: + items: + type: string + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + match_tag: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Is the flow active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + force_line_breaks: + type: boolean + languages: + items: + type: string + type: array + match_tag: + type: string + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + elasticsearch_genid: + properties: + hash_id_key: + type: string + hash_type: + type: string + include_tag_in_seed: + type: boolean + include_time_in_seed: + type: boolean + record_keys: + type: string + separator: + type: string + use_entire_record: + type: boolean + use_record_as_seed: + type: boolean + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + kube_events_timestamp: + properties: + mapped_time_key: + type: string + timestamp_fields: + items: + type: string + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + match_tag: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_loggings.yaml b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_loggings.yaml new file mode 100644 index 0000000000..f85b1799cd --- /dev/null +++ b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,9771 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + status: + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + clusterDomain: + type: string + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + force_line_breaks: + type: boolean + languages: + items: + type: string + type: array + match_tag: + type: string + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + elasticsearch_genid: + properties: + hash_id_key: + type: string + hash_type: + type: string + include_tag_in_seed: + type: boolean + include_time_in_seed: + type: boolean + record_keys: + type: string + separator: + type: string + use_entire_record: + type: boolean + use_record_as_seed: + type: boolean + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + kube_events_timestamp: + properties: + mapped_time_key: + type: string + timestamp_fields: + items: + type: string + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + match_tag: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + errorOutputRef: + type: string + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + HostNetwork: + type: boolean + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + bufferVolumeArgs: + items: + type: string + type: array + bufferVolumeImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + bufferVolumeMetrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + prometheusRules: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + scheme: + type: string + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + serverName: + type: string + type: object + type: object + timeout: + type: string + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + daemonsetAnnotations: + additionalProperties: + type: string + type: object + disableKubernetesFilter: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableUpstream: + type: boolean + envVars: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Cache_Use_Docker_Id: + type: string + DNS_Retries: + type: string + DNS_Wait_Time: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Kubelet_Port: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + Use_Kubelet: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + filterModify: + items: + properties: + conditions: + items: + properties: + A_key_matches: + properties: + key: + type: string + type: object + Key_does_not_exist: + properties: + key: + type: string + value: + type: string + type: object + Key_exists: + properties: + key: + type: string + type: object + Key_value_does_not_equal: + properties: + key: + type: string + value: + type: string + type: object + Key_value_does_not_match: + properties: + key: + type: string + value: + type: string + type: object + Key_value_equals: + properties: + key: + type: string + value: + type: string + type: object + Key_value_matches: + properties: + key: + type: string + value: + type: string + type: object + Matching_keys_do_not_have_matching_values: + properties: + key: + type: string + value: + type: string + type: object + Matching_keys_have_matching_values: + properties: + key: + type: string + value: + type: string + type: object + No_key_matches: + properties: + key: + type: string + type: object + type: object + type: array + rules: + items: + properties: + Add: + properties: + key: + type: string + value: + type: string + type: object + Copy: + properties: + key: + type: string + value: + type: string + type: object + Hard_copy: + properties: + key: + type: string + value: + type: string + type: object + Hard_rename: + properties: + key: + type: string + value: + type: string + type: object + Remove: + properties: + key: + type: string + type: object + Remove_regex: + properties: + key: + type: string + type: object + Remove_wildcard: + properties: + key: + type: string + type: object + Rename: + properties: + key: + type: string + value: + type: string + type: object + Set: + properties: + key: + type: string + value: + type: string + type: object + type: object + type: array + type: object + type: array + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + storage.total_limit_size: + type: string + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB.journal_mode: + type: string + DB.locking: + type: boolean + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Docker_Mode_Parser: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Read_From_Head: + type: boolean + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + multiline.parser: + items: + type: string + type: array + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + prometheusRules: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + scheme: + type: string + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + serverName: + type: string + type: object + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + connectTimeoutLogError: + type: boolean + dnsMode: + type: string + dnsPreferIpv4: + type: boolean + dnsResolver: + type: string + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + sourceAddress: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + bufferVolumeArgs: + items: + type: string + type: array + bufferVolumeImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + bufferVolumeMetrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + prometheusRules: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + scheme: + type: string + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + serverName: + type: string + type: object + type: object + timeout: + type: string + type: object + compressConfigFile: + type: boolean + configCheckAnnotations: + additionalProperties: + type: string + type: object + configCheckResources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + configReloaderResources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + disablePvc: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableMsgpackTimeSupport: + type: boolean + envVars: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraArgs: + items: + type: string + type: array + extraVolumes: + items: + properties: + containerName: + type: string + path: + type: string + volume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + volumeName: + type: string + type: object + type: array + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + prometheusRules: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + scheme: + type: string + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + serverName: + type: string + type: object + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessDefaultCheck: + properties: + bufferFileNumber: + type: boolean + bufferFileNumberMax: + format: int32 + type: integer + bufferFreeSpace: + type: boolean + bufferFreeSpaceThreshold: + format: int32 + type: integer + failureThreshold: + format: int32 + type: integer + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + rootDir: + type: string + scaling: + properties: + drain: + properties: + annotations: + additionalProperties: + type: string + type: object + deleteVolume: + type: boolean + enabled: + type: boolean + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + pauseImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + type: object + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + statefulsetAnnotations: + additionalProperties: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + force_line_breaks: + type: boolean + languages: + items: + type: string + type: array + match_tag: + type: string + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + elasticsearch_genid: + properties: + hash_id_key: + type: string + hash_type: + type: string + include_tag_in_seed: + type: boolean + include_time_in_seed: + type: boolean + record_keys: + type: string + separator: + type: string + use_entire_record: + type: boolean + use_record_as_seed: + type: boolean + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + kube_events_timestamp: + properties: + mapped_time_key: + type: string + timestamp_fields: + items: + type: string + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + keys: + type: string + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + custom_pattern_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + grok_failure_key: + type: string + grok_name_key: + type: string + grok_pattern: + type: string + grok_patterns: + items: + properties: + keep_time_key: + type: boolean + name: + type: string + pattern: + type: string + time_format: + type: string + time_key: + type: string + timezone: + type: string + required: + - pattern + type: object + type: array + keep_time_key: + type: boolean + local_time: + type: boolean + multiline_start_regexp: + type: string + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + match_tag: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + nodeAgents: + items: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + nodeAgentFluentbit: + properties: + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + containersPath: + type: string + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + daemonSet: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + minReadySeconds: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + type: object + type: object + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + enabled: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Cache_Use_Docker_Id: + type: string + DNS_Retries: + type: string + DNS_Wait_Time: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Kubelet_Port: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + Use_Kubelet: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + storage.total_limit_size: + type: string + type: object + grace: + format: int32 + type: integer + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB.journal_mode: + type: string + DB.locking: + type: boolean + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Docker_Mode_Parser: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Read_From_Head: + type: boolean + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + multiline.parser: + items: + type: string + type: array + storage.type: + type: string + type: object + livenessDefaultCheck: + type: boolean + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + prometheusRules: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + scheme: + type: string + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + serverName: + type: string + type: object + type: object + timeout: + type: string + type: object + metricsService: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + allocateLoadBalancerNodePorts: + type: boolean + clusterIP: + type: string + clusterIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + internalTrafficPolicy: + type: string + ipFamilies: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + network: + properties: + connectTimeout: + format: int32 + type: integer + connectTimeoutLogError: + type: boolean + dnsMode: + type: string + dnsPreferIpv4: + type: boolean + dnsResolver: + type: string + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + sourceAddress: + type: string + type: object + podPriorityClassName: + type: string + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + varLogsPath: + type: string + type: object + profile: + type: string + type: object + type: array + skipInvalidResources: + type: boolean + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_outputs.yaml b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_outputs.yaml new file mode 100644 index 0000000000..8aa0245de8 --- /dev/null +++ b/charts/rancher-logging-crd/102.0.2+up3.17.10/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,11808 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the output active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_ilm_name: + type: string + data_stream_ilm_policy: + type: string + data_stream_ilm_policy_overwrite: + type: boolean + data_stream_name: + type: string + data_stream_template_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + exception_backup: + type: boolean + fail_on_detecting_es_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys: + type: string + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + slow_flush_log_threshold: + type: string + required: + - azure_container + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + slow_flush_log_threshold: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + slow_flush_log_threshold: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_ilm_name: + type: string + data_stream_ilm_policy: + type: string + data_stream_ilm_policy_overwrite: + type: boolean + data_stream_name: + type: string + data_stream_template_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_detecting_es_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys: + type: string + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + recompress: + type: boolean + slow_flush_log_threshold: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + slow_flush_log_threshold: + type: string + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + transport: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + slow_flush_log_threshold: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + slow_flush_log_threshold: + type: string + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_id: + type: string + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + discard_kafka_delivery_failed: + type: boolean + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + kafka_agg_max_bytes: + type: integer + kafka_agg_max_messages: + type: integer + keytab: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + principal: + type: string + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + slow_flush_log_threshold: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + slow_flush_log_threshold: + type: string + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + slow_flush_log_threshold: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_limit: + type: integer + bulk_limit_warning_limit: + type: integer + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + slow_flush_log_threshold: + type: string + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + slow_flush_log_threshold: + type: string + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + opensearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + catch_transport_exception_on_retry: + type: boolean + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + compression_level: + type: string + custom_headers: + type: string + customize_template: + type: string + default_opensearch_version: + type: integer + emit_error_for_missing_id: + type: boolean + emit_error_label_event: + type: boolean + exception_backup: + type: boolean + fail_on_detecting_os_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + http_backend_excon_nonblock: + type: boolean + id_key: + type: string + ignore_exceptions: + type: string + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_separator: + type: string + log_os_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_os_version: + type: integer + max_retry_putting_template: + type: string + parent_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + routing_key: + type: string + scheme: + type: string + selector_class_name: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_verify: + type: boolean + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_affinity: + type: boolean + target_index_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_exclude_timestamp: + type: boolean + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + truncate_caches_interval: + type: string + unrecoverable_error_types: + type: string + unrecoverable_record_types: + type: string + use_legacy_template: + type: boolean + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_os_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + slow_flush_log_threshold: + type: string + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + slow_flush_log_threshold: + type: string + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compress: + properties: + parquet_compression_codec: + type: string + parquet_page_size: + type: string + parquet_row_group_size: + type: string + record_type: + type: string + schema_file: + type: string + schema_type: + type: string + type: object + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + slow_flush_log_threshold: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + slow_flush_log_threshold: + type: string + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sqs: + properties: + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + create_queue: + type: boolean + delay_seconds: + type: integer + include_tag: + type: boolean + message_group_id: + type: string + queue_name: + type: string + region: + type: string + slow_flush_log_threshold: + type: string + sqs_url: + type: string + tag_property_name: + type: string + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + slow_flush_log_threshold: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + allow_self_signed_cert: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + enable_system_cert_store: + type: boolean + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + fqdn: + type: string + host: + type: string + insecure: + type: boolean + port: + type: integer + private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + slow_flush_log_threshold: + type: string + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + verify_fqdn: + type: boolean + version: + type: string + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Is the output active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_ilm_name: + type: string + data_stream_ilm_policy: + type: string + data_stream_ilm_policy_overwrite: + type: boolean + data_stream_name: + type: string + data_stream_template_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + exception_backup: + type: boolean + fail_on_detecting_es_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys: + type: string + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + slow_flush_log_threshold: + type: string + required: + - azure_container + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + slow_flush_log_threshold: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + slow_flush_log_threshold: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_ilm_name: + type: string + data_stream_ilm_policy: + type: string + data_stream_ilm_policy_overwrite: + type: boolean + data_stream_name: + type: string + data_stream_template_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_detecting_es_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys: + type: string + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + recompress: + type: boolean + slow_flush_log_threshold: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + slow_flush_log_threshold: + type: string + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + transport: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + slow_flush_log_threshold: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + slow_flush_log_threshold: + type: string + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_id: + type: string + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + discard_kafka_delivery_failed: + type: boolean + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + kafka_agg_max_bytes: + type: integer + kafka_agg_max_messages: + type: integer + keytab: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + principal: + type: string + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + slow_flush_log_threshold: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + slow_flush_log_threshold: + type: string + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + slow_flush_log_threshold: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_limit: + type: integer + bulk_limit_warning_limit: + type: integer + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + slow_flush_log_threshold: + type: string + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + slow_flush_log_threshold: + type: string + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + opensearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + catch_transport_exception_on_retry: + type: boolean + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + compression_level: + type: string + custom_headers: + type: string + customize_template: + type: string + default_opensearch_version: + type: integer + emit_error_for_missing_id: + type: boolean + emit_error_label_event: + type: boolean + exception_backup: + type: boolean + fail_on_detecting_os_version_retry_exceed: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + http_backend_excon_nonblock: + type: boolean + id_key: + type: string + ignore_exceptions: + type: string + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_separator: + type: string + log_os_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_os_version: + type: integer + max_retry_putting_template: + type: string + parent_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + routing_key: + type: string + scheme: + type: string + selector_class_name: + type: string + slow_flush_log_threshold: + type: string + sniffer_class_name: + type: string + ssl_verify: + type: boolean + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_affinity: + type: boolean + target_index_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_exclude_timestamp: + type: boolean + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + truncate_caches_interval: + type: string + unrecoverable_error_types: + type: string + unrecoverable_record_types: + type: string + use_legacy_template: + type: boolean + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_os_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + slow_flush_log_threshold: + type: string + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + slow_flush_log_threshold: + type: string + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compress: + properties: + parquet_compression_codec: + type: string + parquet_page_size: + type: string + parquet_row_group_size: + type: string + record_type: + type: string + schema_file: + type: string + schema_type: + type: string + type: object + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + slow_flush_log_threshold: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + slow_flush_log_threshold: + type: string + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sqs: + properties: + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + create_queue: + type: boolean + delay_seconds: + type: integer + include_tag: + type: boolean + message_group_id: + type: string + queue_name: + type: string + region: + type: string + slow_flush_log_threshold: + type: string + sqs_url: + type: string + tag_property_name: + type: string + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + slow_flush_log_threshold: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + allow_self_signed_cert: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + disabled: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + enable_system_cert_store: + type: boolean + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + fqdn: + type: string + host: + type: string + insecure: + type: boolean + port: + type: integer + private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + slow_flush_log_threshold: + type: string + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + verify_fqdn: + type: boolean + version: + type: string + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging/102.0.2+up3.17.10/.helmignore b/charts/rancher-logging/102.0.2+up3.17.10/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-logging/102.0.2+up3.17.10/Chart.yaml b/charts/rancher-logging/102.0.2+up3.17.10/Chart.yaml new file mode 100644 index 0000000000..4d27697ced --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/Chart.yaml @@ -0,0 +1,25 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/deploys-on-os: windows + catalog.cattle.io/display-name: Logging + catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: logging + catalog.cattle.io/upstream-version: 3.17.10 +apiVersion: v1 +appVersion: 3.17.10 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 102.0.2+up3.17.10 diff --git a/charts/rancher-logging/102.0.2+up3.17.10/README.md b/charts/rancher-logging/102.0.2+up3.17.10/README.md new file mode 100644 index 0000000000..48a1a6a05a --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/README.md @@ -0,0 +1,132 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ |-----------------------------------------------------------------------| +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.17.10` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `podLabels` | Define custom labels for logging-operator pods | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | +| `serviceAccount.annotations` | Define annotations for logging-operator ServiceAccount | `{}` | +| `global.seLinux.enabled` | Add seLinuxOptions to Logging resources, requires the [rke2-selinux RPM](https://github.com/rancher/rke2-selinux/releases) | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ |------------------------------------------------------------| +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.9.5` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.14.6-alpine-5` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/charts/rancher-logging/102.0.2+up3.17.10/app-readme.md b/charts/rancher-logging/102.0.2+up3.17.10/app-readme.md new file mode 100644 index 0000000000..994c597ee5 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.7/). + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. + +> **Note:** +> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. + +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. + +Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. + +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. + +## Systemd Configuration +Some Kubernetes distributions log to journald. In order to collect these logs the `systemdLogPath` needs to be defined. While the `/run/log/journal` directory is used by default, some Linux distributions do not default to this path. For example Ubuntu defaults to `/var/log/journal`. To determine your `systemdLogPath` run `cat /etc/systemd/journald.conf | grep -E ^\#?Storage | cut -d"=" -f2` on one of your nodes. If `persistent` is returned your `systemdLogPath` should be `/var/log/journal`. If `volatile` is returned `systemdLogPath` should be `/run/log/journal`. If `auto` is returned check if `/var/log/journal` exists, and if it does then use `/var/log/journal`, otherwise use `/run/log/journal`. + +If any value not described here is returned, Rancher Logging will not be able to collect control plane logs. To address this issue set `Storage=volatile` in journald.conf, reboot your machine, and set `systemdLogPath` to `/run/log/journal`. diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/NOTES.txt b/charts/rancher-logging/102.0.2+up3.17.10/templates/NOTES.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/_generic_logging.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/_generic_logging.yaml new file mode 100644 index 0000000000..1583fa4498 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/_generic_logging.yaml @@ -0,0 +1,121 @@ +{{- define "logging-operator.logging.tpl" -}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "logging-operator.fluentbitImageRepository" . }} + tag: {{ template "logging-operator.fluentbitImageTag" . }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.global.cattle.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if .Values.global.cattle.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- if or .Values.fluentbit.inputTail.Buffer_Chunk_Size .Values.fluentbit.inputTail.Buffer_Max_Size .Values.fluentbit.inputTail.Mem_Buf_Limit .Values.fluentbit.inputTail.Multiline_Flush .Values.fluentbit.inputTail.Skip_Long_Lines }} + inputTail: + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} + {{- end }} + {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} + security: + podSecurityContext: + runAsUser: 100 + {{- if .Values.global.cattle.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.fluentd.env }} + envVars: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end -}} + +{{- define "logging-operator.util.merge.logging" -}} +{{/* Top context to expose fields like `.Release` and `.Values` */}} +{{- $top := first . -}} + +{{/* tpl is the template specific to the logging implementation */}} +{{- $tpl := fromYaml (include (index . 1) $top) | default (dict ) -}} + +{{/* Generic is the shared rancher logging setttings from `_generic_logging.yaml` */}} +{{- $generic := fromYaml (include (index . 2) $top) | default (dict ) -}} + +{{/* values are from the values.yaml */}} +{{- $values := $top.Values.loggingOverlay | default (dict ) -}} + +####### {{$generic}} + +{{/* the sources are merge right to left meaning tpl is the highest prcedence and values is the lowest */}} +{{- toYaml (merge $tpl $values $generic) -}} +{{- end -}} + +{{- define "logging-operator.logging" -}} +{{- include "logging-operator.util.merge.logging" (append . "logging-operator.logging.tpl") -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/_helpers.tpl b/charts/rancher-logging/102.0.2+up3.17.10/templates/_helpers.tpl new file mode 100644 index 0000000000..7f070904c1 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/_helpers.tpl @@ -0,0 +1,179 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "windowsEnabled" }} +{{- if not (kindIs "invalid" .Values.global.cattle.windows) }} +{{- if not (kindIs "invalid" .Values.global.cattle.windows.enabled) }} +{{- if .Values.global.cattle.windows.enabled }} +true +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "windowsPathPrefix" -}} +{{- trimSuffix "/" (default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\" "/" | replace "//" "/" | replace "c:" "C:") -}} +{{- end -}} + +{{- define "windowsKubernetesFilter" -}} +{{- printf "kubernetes.%s" ((include "windowsPathPrefix" .) | replace ":" "" | replace "/" ".") -}} +{{- end -}} + +{{- define "windowsInputTailMount" -}} +{{- (include "windowsPathPrefix" .) | replace "C:" "" -}} +{{- end -}} + +{{/* +Set the controlplane selector based on kubernetes distribution +*/}} +{{- define "controlplaneSelector" -}} +{{- $master := or .Values.additionalLoggingSources.rke2.enabled .Values.additionalLoggingSources.k3s.enabled -}} +{{- $defaultSelector := $master | ternary (dict "node-role.kubernetes.io/master" "true") (dict "node-role.kubernetes.io/controlplane" "true") -}} +{{ default $defaultSelector .Values.additionalLoggingSources.kubeAudit.nodeSelector | toYaml }} +{{- end -}} + +{{/* +Set kube-audit file path prefix based on distribution +*/}} +{{- define "kubeAuditPathPrefix" -}} +{{- if .Values.additionalLoggingSources.rke.enabled -}} +{{ default "/var/log/kube-audit" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} +{{- else if .Values.additionalLoggingSources.rke2.enabled -}} +{{ default "/var/lib/rancher/rke2/server/logs" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} +{{- else -}} +{{ required "Directory PathPrefix of the kube-audit location is required" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} +{{- end -}} +{{- end -}} + +{{/* +Set kube-audit file name based on distribution +*/}} +{{- define "kubeAuditFilename" -}} +{{- if .Values.additionalLoggingSources.rke.enabled -}} +{{ default "audit-log.json" .Values.additionalLoggingSources.kubeAudit.auditFilename }} +{{- else if .Values.additionalLoggingSources.rke2.enabled -}} +{{ default "audit.log" .Values.additionalLoggingSources.kubeAudit.auditFilename }} +{{- else -}} +{{ required "Filename of the kube-audit log is required" .Values.additionalLoggingSources.kubeAudit.auditFilename }} +{{- end -}} +{{- end -}} + +{{/* +A shared list of custom parsers for the vairous fluentbit pods rancher creates +*/}} +{{- define "logging-operator.parsers" -}} +[PARSER] + Name klog + Format regex + Regex ^(?[IWEF])(?\d{4} \d{2}:\d{2}:\d{2}).\d{6} +?(?\d+) (?.+):(?\d+)] (?.+) + Time_Key timestamp + Time_Format %m%d %T + +[PARSER] + Name rancher + Format regex + Regex ^time="(?.+)" level=(?.+) msg="(?.+)"$ + Time_Key timestamp + Time_Format %FT%H:%M:%S +[PARSER] + Name etcd + Format json + Time_Key timestamp + Time_Format %FT%H:%M:%S.%L +{{- end -}} + +{{/* +Set kubernetes log options if they are configured +*/}} +{{- define "requireFilterKubernetes" -}} +{{- if or .Values.fluentbit.filterKubernetes.Merge_Log .Values.fluentbit.filterKubernetes.Merge_Log_Key .Values.fluentbit.filterKubernetes.Merge_Trim .Values.fluentbit.filterKubernetes.Merge_Parser -}} +true +{{- end -}} +{{- end -}} + +{{/*Fluent Bit Image Repository */}} +{{- define "logging-operator.fluentbitImageRepository" -}} +{{- if .Values.debug -}} +{{ template "system_default_registry" . }}{{ .Values.images.fluentbit_debug.repository }} +{{- else -}} +{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} +{{- end -}} +{{- end -}} + +{{/*Fluent Bit Image Tag */}} +{{- define "logging-operator.fluentbitImageTag" -}} +{{- if .Values.debug -}} +{{ .Values.images.fluentbit_debug.tag }} +{{- else -}} +{{ .Values.images.fluentbit.tag }} +{{- end -}} +{{- end -}} + +{{/*Fluent Bit Image */}} +{{- define "logging-operator.fluentbitImage" -}} +{{ template "logging-operator.fluentbitImageRepository" . }}:{{ template "logging-operator.fluentbitImageTag" . }} +{{- end -}} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/clusterrole.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/clusterrole.yaml new file mode 100644 index 0000000000..a5d7a85c25 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/clusterrole.yaml @@ -0,0 +1,318 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + - nodes/proxy + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - '*' +- apiGroups: + - events.k8s.io + resources: + - events + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging-extensions.banzaicloud.io + resources: + - eventtailers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging-extensions.banzaicloud.io + resources: + - eventtailers/status + verbs: + - get + - patch + - update +- apiGroups: + - logging-extensions.banzaicloud.io + resources: + - hosttailers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging-extensions.banzaicloud.io + resources: + - hosttailers/status + verbs: + - get + - patch + - update +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/clusterrolebinding.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..89d17d094f --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/crds.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/crds.yaml new file mode 100644 index 0000000000..f573652d04 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/deployment.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/deployment.yaml new file mode 100644 index 0000000000..e1ec64f6d6 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + args: + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + {{- with .Values.env }} + env: {{ toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- with .Values.volumeMounts }} + volumeMounts: {{ toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/aks/logging.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/aks/logging.yaml new file mode 100644 index 0000000000..54bb732505 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/aks/logging.yaml @@ -0,0 +1,18 @@ +{{- define "logging-operator.logging.aks" -}} +{{- $logPath := "/var/log/azure/kubelet-status.log" -}} +metadata: + name: {{ .Release.Name }}-aks +spec: + fluentbit: + disableKubernetesFilter: true + extraVolumeMounts: + - source: {{ $logPath }} + destination: {{ $logPath }} + readOnly: true + inputTail: + Tag: "aks" + Path: {{ $logPath }} +{{- end -}} +{{- if .Values.additionalLoggingSources.aks.enabled }} +{{- include "logging-operator.logging" (list . "logging-operator.logging.aks") -}} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/eks/logging.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/eks/logging.yaml new file mode 100644 index 0000000000..2ba7860b13 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/eks/logging.yaml @@ -0,0 +1,19 @@ +{{- define "logging-operator.logging.eks" -}} +{{- $logPath := "/var/log/messages" -}} +metadata: + name: {{ .Release.Name }}-eks +spec: + fluentbit: + disableKubernetesFilter: true + extraVolumeMounts: + - source: {{ $logPath }} + destination: {{ $logPath }} + readOnly: true + inputTail: + Tag: "eks" + Path: {{ $logPath }} + Parser: "syslog" +{{- end -}} +{{- if .Values.additionalLoggingSources.eks.enabled }} +{{- include "logging-operator.logging" (list . "logging-operator.logging.eks") -}} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/gke/logging.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/gke/logging.yaml new file mode 100644 index 0000000000..6c834b12e5 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/gke/logging.yaml @@ -0,0 +1,18 @@ +{{- define "logging-operator.logging.gke" -}} +{{- $logPath := "/var/log/kube-proxy.log" -}} +metadata: + name: {{ .Release.Name }}-gke +spec: + fluentbit: + disableKubernetesFilter: true + extraVolumeMounts: + - source: {{ $logPath }} + destination: {{ $logPath }} + readOnly: true + inputTail: + Tag: "gke" + Path: {{ $logPath }} +{{- end -}} +{{- if .Values.additionalLoggingSources.gke.enabled }} +{{- include "logging-operator.logging" (list . "logging-operator.logging.gke") -}} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/configmap.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/configmap.yaml new file mode 100644 index 0000000000..aa454c8adf --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/configmap.yaml @@ -0,0 +1,57 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd") }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-k3s + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Flush 1 + Grace 5 + Daemon Off + Log_Level info + Coro_Stack_Size 24576 + Parsers_File parsers.conf + + [INPUT] + Name systemd + Tag k3s + Path {{ .Values.systemdLogPath }} + Systemd_Filter _SYSTEMD_UNIT=k3s.service + {{- if .Values.additionalLoggingSources.k3s.stripUnderscores }} + Strip_Underscores On + {{- end }} + Systemd_Filter _SYSTEMD_UNIT=k3s-agent.service + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser klog + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser rancher + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser etcd + Reserve_Data On + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-root-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False + parsers.conf: | +{{ include "logging-operator.parsers" . | indent 4 }} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/daemonset.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/daemonset.yaml new file mode 100644 index 0000000000..e80c2b1c8b --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/daemonset.yaml @@ -0,0 +1,110 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd") }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-k3s-journald-aggregator + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/loggings/k3s/configmap.yaml") . | sha256sum }} + name: "{{ .Release.Name }}-k3s-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-k3s-journald-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "logging-operator.fluentbitImage" . }}" + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + - mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }} + name: journal + readOnly: true + - mountPath: /etc/machine-id + name: machine-id + readOnly: true + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-k3s-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-k3s" + - name: journal + hostPath: + path: {{ .Values.systemdLogPath | default "/var/log/journal" }} + - name: machine-id + hostPath: + path: /etc/machine-id +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.cattle.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-k3s-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-k3s-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-k3s-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/logging-k3s-openrc.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100644 index 0000000000..963cf3ac43 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,19 @@ +{{- define "logging-operator.logging.k3s-openrc" -}} +{{- $logPath := "/var/log/k3s.log" -}} +metadata: + name: {{ .Release.Name }}-k3s +spec: + fluentbit: + disableKubernetesFilter: true + extraVolumeMounts: + - source: {{ $logPath }} + destination: {{ $logPath }} + readOnly: true + inputTail: + Tag: "k3s" + Path: {{ $logPath }} + Path_Key: filename +{{- end -}} +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +{{- include "logging-operator.logging" (list . "logging-operator.logging.k3s-openrc") -}} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/kube-audit/logging.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/kube-audit/logging.yaml new file mode 100644 index 0000000000..fcac111bd2 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/kube-audit/logging.yaml @@ -0,0 +1,25 @@ +{{- define "logging-operator.logging.kube-audit" -}} +metadata: + name: {{ .Release.Name }}-kube-audit +spec: + {{- if .Values.additionalLoggingSources.kubeAudit.loggingRef }} + loggingRef: {{ .Values.additionalLoggingSources.kubeAudit.loggingRef }} + {{- end }} + fluentbit: + disableKubernetesFilter: true + extraVolumeMounts: + - source: {{ template "kubeAuditPathPrefix" . }} + destination: "/kube-audit-logs" + readOnly: true + inputTail: + Tag: {{ .Values.additionalLoggingSources.kubeAudit.fluentbit.logTag }} + Path: /kube-audit-logs/{{ template "kubeAuditFilename" . }} + Parser: json + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations) (.Values.additionalLoggingSources.kubeAudit.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + nodeSelector: {{ include "controlplaneSelector" . | nindent 6 }} +{{- end -}} +{{- if .Values.additionalLoggingSources.kubeAudit.enabled }} +{{- include "logging-operator.logging" (list . "logging-operator.logging.kube-audit") -}} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke/configmap.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke/configmap.yaml new file mode 100644 index 0000000000..252572a4ef --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke/configmap.yaml @@ -0,0 +1,29 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser docker + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-root-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke/daemonset.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke/daemonset.yaml new file mode 100644 index 0000000000..cc39a5cc49 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,122 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "logging-operator.fluentbitImage" . }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: positiondb + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: positiondb + emptyDir: {} + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.cattle.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke2/configmap.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke2/configmap.yaml new file mode 100644 index 0000000000..3ca20be226 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,69 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Flush 1 + Grace 5 + Daemon Off + Log_Level info + Coro_Stack_Size 24576 + Parsers_File parsers.conf + + [INPUT] + Name systemd + Tag rke2 + Path {{ .Values.systemdLogPath }} + Systemd_Filter _SYSTEMD_UNIT=rke2-server.service + Systemd_Filter _SYSTEMD_UNIT=rke2-agent.service + {{- if .Values.additionalLoggingSources.rke2.stripUnderscores }} + Strip_Underscores On + {{- end }} + + [INPUT] + Name tail + Tag rke2 + Path /var/lib/rancher/rke2/agent/logs/kubelet.log + + [FILTER] + Name parser + Match * + Key_Name log + Parser klog + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser klog + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser rancher + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser etcd + Reserve_Data On + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-root-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False + parsers.conf: | +{{ include "logging-operator.parsers" . | indent 4 }} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke2/daemonset.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke2/daemonset.yaml new file mode 100644 index 0000000000..ddc30f8893 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,116 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/loggings/rke2/configmap.yaml") . | sha256sum }} + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "logging-operator.fluentbitImage" . }}" + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + - mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }} + name: journal + readOnly: true + - mountPath: "/var/lib/rancher/rke2/agent/logs/kubelet.log" + name: kubelet + readOnly: true + - mountPath: /etc/machine-id + name: machine-id + readOnly: true + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" + - name: journal + hostPath: + path: {{ .Values.systemdLogPath | default "/var/log/journal" }} + - name: kubelet + hostPath: + path: "/var/lib/rancher/rke2/agent/logs/kubelet.log" + - name: machine-id + hostPath: + path: /etc/machine-id +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.cattle.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/root/logging.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/root/logging.yaml new file mode 100644 index 0000000000..d88159106d --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/loggings/root/logging.yaml @@ -0,0 +1,82 @@ +{{- define "logging-operator.logging.root" -}} +{{- $containerLogPath := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +metadata: + name: "{{ .Release.Name }}-root" +spec: + {{- if (include "windowsEnabled" .) }} + nodeAgents: + - name: win-agent + profile: windows + nodeAgentFluentbit: + daemonSet: + spec: + template: + spec: + containers: + - image: {{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }} + name: fluent-bit + tls: + enabled: {{ .Values.nodeAgents.tls.enabled | default false }} + {{- if .Values.additionalLoggingSources.rke.enabled }} + - name: win-agent-rke + profile: windows + nodeAgentFluentbit: + filterKubernetes: + Kube_Tag_Prefix: "{{ template "windowsKubernetesFilter" . }}.var.lib.rancher.rke.log." + inputTail: + Path: "{{ template "windowsPathPrefix" . }}/var/lib/rancher/rke/log" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} + {{- end }} + extraVolumeMounts: + - source: "{{ template "windowsInputTailMount" . }}/var/lib/rancher/rke/log" + destination: "{{ template "windowsInputTailMount" . }}/var/lib/rancher/rke/log" + readOnly: true + daemonSet: + spec: + template: + spec: + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}" + name: fluent-bit + tls: + enabled: {{ .Values.nodeAgents.tls.enabled | default false }} + {{- end }} + {{- end }} + fluentbit: + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containerLogPath }} + extraVolumeMounts: + - source: {{ $containerLogPath }} + destination: {{ $containerLogPath }} + readOnly: true + {{- end }} + {{- if (include "requireFilterKubernetes" .) }} + filterKubernetes: + {{- if .Values.fluentbit.filterKubernetes.Merge_Log }} + Merge_Log: "{{ .Values.fluentbit.filterKubernetes.Merge_Log }}" + {{- end }} + {{- if .Values.fluentbit.filterKubernetes.Merge_Log_Key }} + Merge_Log_Key: "{{ .Values.fluentbit.filterKubernetes.Merge_Log_Key }}" + {{- end }} + {{- if .Values.fluentbit.filterKubernetes.Merge_Log_Trim }} + Merge_Log_Trim: "{{ .Values.fluentbit.filterKubernetes.Merge_Log_Trim }}" + {{- end }} + {{- if .Values.fluentbit.filterKubernetes.Merge_Parser }} + Merge_Parser: "{{ .Values.fluentbit.filterKubernetes.Merge_Parser }}" + {{- end }} + {{- end }} +{{- end -}} +{{- include "logging-operator.logging" (list . "logging-operator.logging.root") -}} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/psp.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/psp.yaml new file mode 100644 index 0000000000..e80bbc0dc7 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/psp.yaml @@ -0,0 +1,34 @@ +{{ if and .Values.global.cattle.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: +{{- if .Values.rbac.psp.annotations }} +{{ toYaml .Values.rbac.psp.annotations | indent 4 }} +{{- end }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/service.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/service.yaml new file mode 100644 index 0000000000..f419ae2c48 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/serviceMonitor.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/serviceMonitor.yaml new file mode 100644 index 0000000000..1bb762cde5 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/serviceaccount.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/serviceaccount.yaml new file mode 100644 index 0000000000..bb97cf1084 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/userroles.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/userroles.yaml new file mode 100644 index 0000000000..f4136b09a4 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/validate-install-crd.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/validate-install-crd.yaml new file mode 100644 index 0000000000..77fc8047c9 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/validate-install-crd.yaml @@ -0,0 +1,20 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging-extensions.banzaicloud.io/v1alpha1/EventTailer" false -}} +# {{- set $found "logging-extensions.banzaicloud.io/v1alpha1/HostTailer" false -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/validate-install.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/validate-install.yaml new file mode 100644 index 0000000000..bd624cc4b4 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/templates/validate-psp-install.yaml b/charts/rancher-logging/102.0.2+up3.17.10/templates/validate-psp-install.yaml new file mode 100644 index 0000000000..a30c59d3b7 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/templates/validate-psp-install.yaml @@ -0,0 +1,7 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +#{{- if .Values.global.cattle.psp.enabled }} +#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} +#{{- end }} +#{{- end }} +#{{- end }} diff --git a/charts/rancher-logging/102.0.2+up3.17.10/values.yaml b/charts/rancher-logging/102.0.2+up3.17.10/values.yaml new file mode 100644 index 0000000000..40b3dbac12 --- /dev/null +++ b/charts/rancher-logging/102.0.2+up3.17.10/values.yaml @@ -0,0 +1,240 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.17.10 + pullPolicy: IfNotPresent + +env: [] +volumes: [] +volumeMounts: [] + +extraArgs: + - -enable-leader-election=true +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +## Pod custom labels +## +podLabels: {} + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +rbac: + enabled: true + psp: + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + + + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non-root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +serviceAccount: + annotations: {} + +################################### +# Rancher Logging Operator Values # +################################### + +# Enable debug to use fluent-bit images that allow exec +debug: false + +# Disable persistent volumes for buffers +disablePvc: true + +# If your additional logging sources collect logs from systemd configure the systemd log path here +systemdLogPath: "/run/log/journal" + +global: + cattle: + systemDefaultRegistry: "" + # Uncomment the below two lines to either enable or disable Windows logging. If this chart is + # installed via the Rancher UI, it will set this value to "true" if the cluster is a Windows + # cluster. In that scenario, if you would like to disable Windows logging on Windows clusters, + # set the value below to "false". + # windows: + # enabled: true + psp: + enabled: false + + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + + rkeWindowsPathPrefix: "c:\\" + + seLinux: + enabled: false + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 2.2.0 + nodeagent_fluentbit: + os: "windows" + repository: rancher/fluent-bit + tag: 1.8.9 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 2.2.0-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.14.6-alpine-5 + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + stripUnderscores: false + k3s: + enabled: false + container_engine: "systemd" + stripUnderscores: false + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + kubeAudit: + auditFilename: "" + enabled: false + pathPrefix: "" + fluentbit: + logTag: kube-audit + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +# configures node agent options for windows node agents +nodeAgents: + tls: + enabled: false + +# These settings apply to every Logging CR, including vendor Logging CRs enabled in "additionalLoggingSources". +# Changing these affects every Logging CR installed. +fluentd: + bufferStorageVolume: {} + livenessProbe: + tcpSocket: + port: 24240 + initialDelaySeconds: 30 + periodSeconds: 15 + nodeSelector: {} + resources: {} + tolerations: {} + env: [] +fluentbit: + inputTail: + Buffer_Chunk_Size: "" + Buffer_Max_Size: "" + Mem_Buf_Limit: "" + Multiline_Flush: "" + Skip_Long_Lines: "" + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + filterKubernetes: + Merge_Log: "" + Merge_Log_Key: "" + Merge_Log_Trim: "" + Merge_Parser: "" + +# DO NOT SET THIS UNLESS YOU KNOW WHAT YOU ARE DOING. +# Setting fields on this object can break rancher logging or cause unexpected behavior. It is intended to be used if you +# need to configure functionality not exposed by rancher logging. It is highly recommended you check the `app-readme.md` +# for the functionality you need before modifying this object. + +# this object will be merged with every logging CR created by this chart. Any fields that collide with fields from the +# settings above will be overridden. Any fields that collide with fields set in the files in `templates/loggings` will +# be ignored. diff --git a/charts/rancher-monitoring-crd/102.0.3+up40.1.2/Chart.yaml b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/Chart.yaml new file mode 100644 index 0000000000..4637914a28 --- /dev/null +++ b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 102.0.3+up40.1.2 diff --git a/charts/rancher-monitoring-crd/102.0.3+up40.1.2/README.md b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/README.md new file mode 100644 index 0000000000..e0b63e0268 --- /dev/null +++ b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/README.md @@ -0,0 +1,24 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. + +## How does this chart work? + +This chart marshalls all of the CRD files placed in the `crd-manifest` directory into a ConfigMap that is installed onto a cluster alongside relevant RBAC (ServiceAccount, ClusterRoleBinding, ClusterRole, and PodSecurityPolicy). + +Once the relevant dependent resourcees are installed / upgraded / rolled back, this chart executes a post-install / post-upgrade / post-rollback Job that: +- Patches any existing versions of the CRDs contained within the `crd-manifest` on the cluster to set `spec.preserveUnknownFields=false`; this step is required since, based on [Kubernetes docs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning) and a [known workaround](https://github.com/kubernetes-sigs/controller-tools/issues/476#issuecomment-691519936), such CRDs cannot be upgraded normally from `apiextensions.k8s.io/v1beta1` to `apiextensions.k8s.io/v1`. +- Runs a `kubectl apply` on the CRDs that are contained within the crd-manifest ConfigMap to upgrade CRDs in the cluster + +On an uninstall, this chart executes a separate post-delete Job that: +- Patches any existing versions of the CRDs contained within `crd-manifest` on the cluster to set `metadata.finalizers=[]` +- Runs a `kubectl delete` on the CRDs that are contained within the crd-manifest ConfigMap to clean up the CRDs from the cluster + +Note: If the relevant CRDs already existed in the cluster at the time of install, this chart will absorb ownership of the lifecycle of those CRDs; therefore, on a `helm uninstall`, those CRDs will also be removed from the cluster alongside this chart. + +## Why can't we just place the CRDs in the templates/ directory of the main chart? + +In Helm today, you cannot declare a CRD and declare a resource of that CRD's kind in templates/ without encountering a failure on render. + +## [Helm 3] Why can't we just place the CRDs in the crds/ directory of the main chart? + +The Helm 3 `crds/` directory only supports the installation of CRDs, but does not support the upgrade and removal of CRDs, unlike what this chart facilitiates. \ No newline at end of file diff --git a/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-alertmanagerconfigs.yaml b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-alertmanagerconfigs.yaml new file mode 100644 index 0000000000..7863a2bc88 --- /dev/null +++ b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-alertmanagerconfigs.yaml @@ -0,0 +1,4475 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: alertmanagerconfigs.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: AlertmanagerConfig + listKind: AlertmanagerConfigList + plural: alertmanagerconfigs + shortNames: + - amcfg + singular: alertmanagerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to + be aggregated across multiple namespaces configuring one Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertmanagerConfigSpec is a specification of the desired + behavior of the Alertmanager configuration. By definition, the Alertmanager + configuration only applies to alerts for which the `namespace` label + is equal to the namespace of the AlertmanagerConfig resource. + properties: + inhibitRules: + description: List of inhibition rules. The rules will only apply to + alerts matching the resource’s namespace. + items: + description: InhibitRule defines an inhibition rule that allows + to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: Labels that must have an equal value in the source + and target alert for the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: Matchers for which one or more alerts have to exist + for the inhibition to take effect. The operator enforces that + the alert matches the resource’s namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: Matchers that have to be fulfilled in the alerts + to be muted. The operator enforces that the alert matches + the resource’s namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + muteTimeIntervals: + description: List of MuteTimeInterval specifying when the routes should + be muted. + items: + description: MuteTimeInterval specifies the periods in time when + notifications will be muted + properties: + name: + description: Name of the time interval + type: string + timeIntervals: + description: TimeIntervals is a list of TimeInterval + items: + description: TimeInterval describes intervals of time + properties: + daysOfMonth: + description: DaysOfMonth is a list of DayOfMonthRange + items: + description: DayOfMonthRange is an inclusive range of + days of the month beginning at 1 + properties: + end: + description: End of the inclusive range + maximum: 31 + minimum: -31 + type: integer + start: + description: Start of the inclusive range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + months: + description: Months is a list of MonthRange + items: + description: MonthRange is an inclusive range of months + of the year beginning in January Months can be specified + by name (e.g 'January') by numerical month (e.g '1') + or as an inclusive range (e.g 'January:March', '1:3', + '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + type: string + type: array + times: + description: Times is a list of TimeRange + items: + description: TimeRange defines a start and end time + in 24hr format + properties: + endTime: + description: EndTime is the end time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: StartTime is the start time in 24hr + format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + weekdays: + description: Weekdays is a list of WeekdayRange + items: + description: WeekdayRange is an inclusive range of days + of the week beginning on Sunday Days can be specified + by name (e.g 'Sunday') or as an inclusive range (e.g + 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + years: + description: Years is a list of YearRange + items: + description: YearRange is an inclusive range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: The secret's key that contains the password + to use for authentication. The secret needs to be in + the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + authSecret: + description: The secret's key that contains the CRAM-MD5 + secret. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email header key/value pairs. + Overrides any headers previously set by the notification + implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does + not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port through which emails + are sent. E.g. example.com:25 + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Struct containing the CA cert to use + for the targets. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert file + for the targets. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique across all + items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list of actions that will + be available for the alert. + type: string + apiKey: + description: The secret's key that contains the OpsGenie + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide + further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that can be used to specify + which domain alert is related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible values + are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible for notifications. + items: + description: OpsGenieConfigResponder defines a responder + to an incident. One of `id`, `name` or `username` + has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + source: + description: Backlink to the sender of the notification. + type: string + tags: + description: Comma separated list of tags attached to + the notifications. + type: string + updateAlerts: + description: Whether to update message and description + of the alert in OpsGenie if it already exists By default, + the alert is never updated in OpsGenie, the new message + only appears in activity log. + type: boolean + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: PagerDutyConfig configures notifications via + PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the affected system + that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that provide further + detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: A list of image details to attach that provide + further detail about an incident. + items: + description: PagerDutyImageConfig attaches images to + an incident + properties: + alt: + description: Alt is the optional alternative text + for the image. + type: string + href: + description: Optional URL; makes the image a clickable + link. + type: string + src: + description: Src of the image being attached to + the incident + type: string + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details to attach that provide + further detail about an incident. + items: + description: PagerDutyLinkConfig attaches text links + to an incident + properties: + alt: + description: Text that describes the purpose of + the link, and can be used as the link's text. + type: string + href: + description: Href is the URL of the link to be attached + type: string + type: object + type: array + routingKey: + description: The secret's key that contains the PagerDuty + integration key (when using Events API v2). Either this + field or `serviceKey` needs to be defined. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + serviceKey: + description: The secret's key that contains the PagerDuty + service key (when using integration type "Prometheus"). + Either this field or `routingKey` needs to be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: How long your notification will continue + to be retried for, unless the user acknowledges the + notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: Whether notification message is HTML or plain + text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send + the same notification to the user. Must be at least + 30 seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by + device clients to override the user's default sound + choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that contains the registered + application’s API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise + just the URL is shown + type: string + userKey: + description: The secret's key that contains the recipient + user’s user key. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that are sent with + each notification. + items: + description: SlackAction configures a single Slack action + that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields + and https://api.slack.com/docs/message-buttons for + more information. + properties: + confirm: + description: SlackConfirmationField protect users + from destructive actions or particularly distinguished + decisions by asking them to confirm their button + click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack + webhook URL. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + callbackId: + type: string + channel: + description: The channel or user to send notifications + to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with + each notification. + items: + description: SlackField configures a single Slack field + that is sent with each notification. Each field must + contain a title, value, and optionally, a boolean + value to indicate if the field is short enough to + be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields + for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + snsConfigs: + description: List of SNS configurations + items: + description: SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will + be used. + type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: The message content of the SNS notification. + type: string + phoneNumber: + description: Phone number if message is delivered via + SMS in E.164 format. If you don't specify this value, + you must specify a value for the TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature Verification 4 + signing process to sign requests. + properties: + accessKey: + description: AccessKey is the AWS API key. If blank, + the environment variable `AWS_ACCESS_KEY_ID` is + used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS profile used + to authenticate. + type: string + region: + description: Region is the AWS region. If blank, the + region from the default credentials chain used. + type: string + roleArn: + description: RoleArn is the named AWS profile used + to authenticate. + type: string + secretKey: + description: SecretKey is the AWS API secret. If blank, + the environment variable `AWS_SECRET_ACCESS_KEY` + is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the message is delivered + to email endpoints. + type: string + targetARN: + description: The mobile platform endpoint ARN if message + is delivered via mobile notifications. If you don't + specify this value, you must specify a value for the + topic_arn or PhoneNumber. + type: string + topicARN: + description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, you must specify a + value for the PhoneNumber or TargetARN. + type: string + type: object + type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. + type: string + botToken: + description: Telegram bot token The secret needs to be + in the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via + VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that contains the API key + to use when talking to the VictorOps API. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the alert (CRITICAL, + WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state message is + from. + type: string + routingKey: + description: A key used to map the alert to a team. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of the alerted + problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures notifications via a + generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to be sent per webhook + message. When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + url: + description: The URL to send HTTP POST requests to. `urlSecret` + takes precedence over `url`. One of `urlSecret` and + `url` should be defined. + type: string + urlSecret: + description: The secret's key that contains the webhook + URL to send HTTP requests to. `urlSecret` takes precedence + over `url`. One of `urlSecret` and `url` should be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications via WeChat. + See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that contains the WeChat + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: API request data as defined by the WeChat + API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: The Alertmanager route definition for alerts matching + the resource’s namespace. If present, it will be added to the generated + Alertmanager configuration as a first-level route. + properties: + continue: + description: Boolean indicating whether an alert should continue + matching subsequent sibling nodes. It will always be overridden + to true for the first-level route by the Prometheus operator. + type: boolean + groupBy: + description: List of labels to group by. Labels must not be repeated + (unique list). Special label "..." (aggregate by all possible + labels), if provided, must be the only element in the list. + items: + type: string + type: array + groupInterval: + description: 'How long to wait before sending an updated notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "5m"' + type: string + groupWait: + description: 'How long to wait before sending the initial notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "30s"' + type: string + matchers: + description: 'List of matchers that the alert’s labels should + match. For the first level route, the operator removes any existing + equality and regexp matcher on the `namespace` label and adds + a `namespace: ` matcher.' + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + muteTimeIntervals: + description: 'Note: this comment applies to the field definition + above but appears below otherwise it gets included in the generated + manifest. CRD schema doesn''t support self-referential types + for now (see https://github.com/kubernetes/kubernetes/issues/62872). + We have to use an alternative type to circumvent the limitation. + The downside is that the Kube API can''t validate the data beyond + the fact that it is a valid JSON representation. MuteTimeIntervals + is a list of MuteTimeInterval names that will mute this route + when matched,' + items: + type: string + type: array + receiver: + description: Name of the receiver for this route. If not empty, + it should be listed in the `receivers` field. + type: string + repeatInterval: + description: 'How long to wait before repeating the last notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "4h"' + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-alertmanagers.yaml b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-alertmanagers.yaml new file mode 100644 index 0000000000..236f26b912 --- /dev/null +++ b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-alertmanagers.yaml @@ -0,0 +1,6779 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + shortNames: + - am + singular: alertmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Alertmanager + jsonPath: .spec.version + name: Version + type: string + - description: The desired replicas number of Alertmanagers + jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional + Alertmanagers to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertmanagerConfigNamespaceSelector: + description: Namespaces to be selected for AlertmanagerConfig discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfigSelector: + description: AlertmanagerConfigs to be selected for to merge and configure + Alertmanager with. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfiguration: + description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the + configuration of Alertmanager. If defined, it takes precedence over + the `configSecret` field. This field may change in future releases.' + properties: + global: + description: Defines the global parameters of the Alertmanager + configuration. + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the + client. This is mutually exclusive with BasicAuth and + is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, BasicAuth + takes precedence. + properties: + password: + description: The secret in the service monitor namespace + that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace + that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. The + secret needs to be in the same namespace as the Alertmanager + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a + token for the targets. + properties: + clientId: + description: The secret or configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client + secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use + for the targets. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert file + for the targets. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + resolveTimeout: + description: ResolveTimeout is the default value used by alertmanager + if the alert does not include EndsAt, after this time passes + it can declare the alert as resolved if it has not been + updated. This has no impact on alerts from Prometheus, as + they always include EndsAt. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + name: + description: The name of the AlertmanagerConfig resource which + is used to generate the Alertmanager configuration. It must + be defined in the same namespace as the Alertmanager object. + The operator will not enforce a `namespace` label for routes + and inhibition rules. + minLength: 1 + type: string + type: object + baseImage: + description: 'Base image that is used to deploy pods, without tag. + Deprecated: use ''image'' instead' + type: string + clusterAdvertiseAddress: + description: 'ClusterAdvertiseAddress is the explicit address to advertise + in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. + [1] RFC1918: https://tools.ietf.org/html/rfc1918' + type: string + clusterGossipInterval: + description: Interval between gossip attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterPeerTimeout: + description: Timeout for cluster peering. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterPushpullInterval: + description: Interval between pushpull attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: "ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains the configuration + for this Alertmanager instance. If empty, it defaults to 'alertmanager-'. + \n The Alertmanager configuration should be available under the + `alertmanager.yaml` key. Additional keys from the original secret + are copied to the generated secret. \n If either the secret or the + `alertmanager.yaml` key is missing, the operator provisions an Alertmanager + configuration with one empty receiver (effectively dropping alert + notifications)." + type: string + containers: + description: 'Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. Containers described here modify an operator generated container + if they share the same name and modifications are done via a strategic + merge patch. The current container names are: `alertmanager` and + `config-reloader`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you + accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + forceEnableClusterMode: + description: ForceEnableClusterMode ensures Alertmanager does not + deactivate the cluster mode when running with a single replica. + Use case is e.g. spanning an Alertmanager cluster across Kubernetes + clusters with a single replica in each. + type: boolean + hostAliases: + description: Pods' hostAliases configuration + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Alertmanager + is being configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling prometheus and alertmanager images + from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any + time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created pod + should be ready without any of its container crashing for it to + be considered available. Defaults to 0 (pod will be considered available + as soon as it is ready) This is an alpha field and requires enabling + StatefulSetMinReadySeconds feature gate. + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlying managed + objects are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow a + client to request the generation of an appropriate name automatically. + Name is primarily intended for creation idempotence and configuration + definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + retention: + default: 120h + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers + for. This is useful, if using ExternalURL and a proxy is rewriting + HTTP routes of a request, and the actual ExternalURL is still true, + but the server serves requests under a different route prefix. For + example for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as + the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume. Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that this field cannot + be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this + pod. Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. Note + that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. Note that this field cannot be set when + spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature flag + will result in errors when validating the Pod. All of a + Pod's containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run the Prometheus Pods. + type: string + sha: + description: 'SHA of Alertmanager container image to be deployed. + Defaults to the value of `version`. Similar to a tag, but the SHA + explicitly deploys an immutable container image. Version and Tag + are ignored if SHA is set. Deprecated: use ''image'' instead. The + image digest can be specified as part of the image URL.' + type: string + storage: + description: Storage is the definition of how storage will be used + by the Alertmanager instances. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default + in a future release, this option will become unnecessary. DisableMountSubPath + allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: 'EphemeralVolumeSource to be used by the Prometheus + StatefulSets. This is a beta field in k8s 1.21, for lower versions, + starting with k8s 1.19, it requires enabling the GenericEphemeralVolume + feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC will + be deleted together with the pod. The name of the PVC will + be `-` where `` is the + name from the `PodSpec.Volumes` array entry. Pod validation + will reject the pod if the concatenated name is not valid + for a PVC (for example, too long). \n An existing PVC with + that name that is not owned by the pod will *not* be used + for the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated PVC + is removed. If such a pre-created PVC is meant to be used + by the pod, the PVC has to updated with an owner reference + to the pod once the pod exists. Normally this should not + be necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no changes + will be made by Kubernetes to the PVC after it has been + created. \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations that will + be copied into the PVC when creating it. No other fields + are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. If the AnyVolumeDataSource feature gate + is enabled, this field will always have the same + contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) or + a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed if + the type of the specified object matches some installed + volume populator or dynamic provisioner. This field + will replace the functionality of the DataSource + field and as such if both fields are non-empty, + they must have the same value. For backwards compatibility, + both fields (DataSource and DataSourceRef) will + be set to the same value automatically if one of + them is empty and the other is non-empty. There + are two important differences between DataSource + and DataSourceRef: * While DataSource only allows + two specific types of objects, DataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While DataSource ignores disallowed values + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to + an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. + Is required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be + updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of + a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on the + contents of the specified data source. If the AnyVolumeDataSource + feature gate is enabled, this field will always have + the same contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object from + a non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the DataSource + field and as such if both fields are non-empty, they + must have the same value. For backwards compatibility, + both fields (DataSource and DataSourceRef) will be set + to the same value automatically if one of them is empty + and the other is non-empty. There are two important + differences between DataSource and DataSourceRef: * + While DataSource only allows two specific types of objects, + DataSourceRef allows any non-core object, as well as + PersistentVolumeClaim objects. * While DataSource ignores + disallowed values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed value + is specified. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the status + field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. For + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity request + is lowered, allocatedResources is only lowered if there + are no expansion operations in progress and if the actual + volume capacity is equal or lower than the requested + capacity. This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + resizeStatus: + description: resizeStatus stores status of resize operation. + ResizeStatus is not set by default but when expansion + is complete resizeStatus is set to empty string by resize + controller or kubelet. This is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Alertmanager container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag is + set. Deprecated: use ''image'' instead. The image tag can be specified + as part of the image URL.' + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. Keys that don't exist in the incoming + pod labels will be ignored. A null or empty list means only + match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that satisfy + it. It''s a required field. Default value is 1 and 0 is not + allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a alpha-level feature enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes that + have a label with this key and identical values are considered + to be in the same topology. We consider each + as a "bucket", and try to put balanced number of pods into + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a + pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any location, but + giving higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. For + example, in a 3-zone cluster, MaxSkew is set to 1, and pods + with the same labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable is + set to DoNotSchedule, incoming pod can only be scheduled to + zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on + zone2(zone3) satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make it *more* + imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, + that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on + the output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. If the AnyVolumeDataSource feature + gate is enabled, this field will always have the + same contents as the DataSourceRef field.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + local object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will only + succeed if the type of the specified object matches + some installed volume populator or dynamic provisioner. + This field will replace the functionality of the + DataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, both fields (DataSource + and DataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. There are two important differences + between DataSource and DataSourceRef: * While + DataSource only allows two specific types of objects, + DataSourceRef allows any non-core object, as well + as PersistentVolumeClaim objects. * While DataSource + ignores disallowed values (dropping them), DataSourceRef + preserves all values, and generates an error if + a disallowed value is specified. (Beta) Using + this field requires the AnyVolumeDataSource feature + gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + web: + description: Defines the web command line flags when starting Alertmanager. + properties: + httpConfig: + description: Defines HTTP parameters for web server. + properties: + headers: + description: List of headers that can be added to HTTP responses. + properties: + contentSecurityPolicy: + description: Set the Content-Security-Policy header to + HTTP responses. Unset if blank. + type: string + strictTransportSecurity: + description: Set the Strict-Transport-Security header + to HTTP responses. Unset if blank. Please make sure + that you use this with care as this header might force + browsers to load Prometheus and the other applications + hosted on the same domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: Set the X-Content-Type-Options header to + HTTP responses. Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: Set the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: Set the X-XSS-Protection header to all responses. + Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: Enable HTTP/2 support. Note that HTTP/2 is only + supported with TLS. When TLSConfig is not configured, HTTP/2 + will be disabled. Whenever the value of the field changes, + a rolling update will be triggered. + type: boolean + type: object + tlsConfig: + description: Defines the TLS parameters for HTTPS. + properties: + cert: + description: Contains the TLS certificate for the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cipherSuites: + description: 'List of supported cipher suites for TLS versions + up to TLS 1.2. If empty, Go default cipher suites are used. + Available cipher suites are documented in the go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants' + items: + type: string + type: array + client_ca: + description: Contains the CA certificate for client certificate + authentication to the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: 'Server policy for client authentication. Maps + to ClientAuth Policies. For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType' + type: string + curvePreferences: + description: 'Elliptic curves that will be used in an ECDHE + handshake, in preference order. Available curves are documented + in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID' + items: + type: string + type: array + keySecret: + description: Secret containing the TLS key for the server. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: Maximum TLS version that is acceptable. Defaults + to TLS13. + type: string + minVersion: + description: Minimum TLS version that is acceptable. Defaults + to TLS12. + type: string + preferServerCipherSuites: + description: Controls whether the server selects the client's + most preferred cipher suite, or the server's most preferred + cipher suite. If true then the server's preference, as expressed + in the order of elements in cipherSuites, is used. + type: boolean + required: + - cert + - keySecret + type: object + type: object + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. + Read-only. Not included when requesting from the apiserver, only from + the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this + Alertmanager cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this + Alertmanager cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-podmonitors.yaml b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-podmonitors.yaml new file mode 100644 index 0000000000..f6e208c14b --- /dev/null +++ b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-podmonitors.yaml @@ -0,0 +1,663 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + shortNames: + - pmon + singular: podmonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + attachMetadata: + description: 'Attaches node metadata to discovered targets. Only valid + for role: pod. Only valid in Prometheus versions 2.35.0 and newer.' + properties: + node: + description: When set to true, Prometheus must have permissions + to get Nodes. + type: boolean + type: object + jobLabel: + description: The label to use to retrieve the job name from. + type: string + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names to select from. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of + a Kubernetes Pod serving Prometheus metrics. + properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace + that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace + that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + pod monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: FollowRedirects configures whether scrape requests + follow HTTP 3xx redirects. + type: boolean + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before + ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 + client id + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. If empty, Prometheus + uses the default value (e.g. `/metrics`). + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + Prometheus Operator automatically adds relabelings for a few + standard Kubernetes fields. The original scrape job''s name + is available via the `__tmp_prometheus_job_name` label. More + info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Struct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-probes.yaml b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-probes.yaml new file mode 100644 index 0000000000..014ef2743a --- /dev/null +++ b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-probes.yaml @@ -0,0 +1,704 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: probes.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Probe + listKind: ProbeList + plural: probes + shortNames: + - prb + singular: probe + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Probe defines monitoring for a set of static targets or ingresses. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Ingress selection for target discovery + by Prometheus. + properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: The secret's key that contains the credentials of + the request + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic + authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. + The secret needs to be in the same namespace as the probe and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + interval: + description: Interval at which targets are probed using the configured + prober. If not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + jobName: + description: The job name assigned to scraped metrics by default. + type: string + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label + set, being applied to samples before ingestion. It defines ``-section + of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. Default + is 'replace'. uppercase and lowercase actions require Prometheus + >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex capture + groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label + values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. + Their content is concatenated using the configured separator + and matched against the configured regular expression for + the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label name which + may only contain ASCII letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in + a replace action. It is mandatory for replace actions. Regex + capture groups are available. + type: string + type: object + type: array + module: + description: 'The module to use for probing specifying how to probe + the target. Example module configuring in the blackbox exporter: + https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' + type: string + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client + id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + prober: + description: Specification for the prober to use for probing targets. + The prober.URL parameter is required. Targets cannot be probed if + left empty. + properties: + path: + default: /probe + description: Path to collect metrics from. Defaults to `/probe`. + type: string + proxyUrl: + description: Optional ProxyURL. + type: string + scheme: + description: HTTP scheme to use for scraping. Defaults to `http`. + type: string + url: + description: Mandatory URL of the prober. + type: string + required: + - url + type: object + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + scrapeTimeout: + description: Timeout for scraping metrics from the Prometheus exporter. + If not specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + targets: + description: Targets defines a set of static or dynamically discovered + targets to probe. + properties: + ingress: + description: ingress defines the Ingress objects to probe and + the relabeling configuration. If `staticConfig` is also defined, + `staticConfig` takes precedence. + properties: + namespaceSelector: + description: From which namespaces to select Ingress objects. + properties: + any: + description: Boolean describing whether all namespaces + are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names to select from. + items: + type: string + type: array + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the target before it gets scraped. The original ingress + address is available via the `__tmp_prometheus_ingress_address` + label. It can be used to customize the probed URL. The original + scrape job''s name is available via the `__tmp_prometheus_job_name` + label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + selector: + description: Selector to select the Ingress objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + staticConfig: + description: 'staticConfig defines the static list of targets + to probe and the relabeling configuration. If `ingress` is also + defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + properties: + labels: + additionalProperties: + type: string + description: Labels assigned to all metrics scraped from the + targets. + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + static: + description: The list of hosts to probe. + items: + type: string + type: array + type: object + type: object + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-prometheuses.yaml b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-prometheuses.yaml new file mode 100644 index 0000000000..d9d97405be --- /dev/null +++ b/charts/rancher-monitoring-crd/102.0.3+up40.1.2/crd-manifest/crd-prometheuses.yaml @@ -0,0 +1,8801 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + shortNames: + - prom + singular: prometheus + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Prometheus + jsonPath: .spec.version + name: Version + type: string + - description: The desired replicas number of Prometheuses + jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible AlertManager + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + additionalArgs: + description: AdditionalArgs allows setting additional arguments for + the Prometheus container. It is intended for e.g. activating hidden + flags which are not supported by the dedicated configuration options + yet. The arguments are passed as-is to the Prometheus container + which may cause issues if they are invalid or not supporeted by + the given Prometheus version. In case of an argument conflict (e.g. + an argument which is already set by the operator itself) or when + providing an invalid argument the reconciliation will fail and an + error will be logged. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: Name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: Argument value, e.g. 30s. Can be empty for name-only + arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a + Secret containing additional Prometheus scrape configurations. Scrape + configurations specified are appended to the configurations generated + by the Prometheus Operator. Job configurations specified must have + the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are + going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a + single Endpoints object containing alertmanager IPs to fire + alerts against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + authorization: + description: Authorization section for this alertmanager + endpoint + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to + Bearer, Basic will cause an error + type: string + type: object + bearerTokenFile: + description: BearerTokenFile to read from filesystem to + use when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed + to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + timeout: + description: Timeout is a per-target Alertmanager timeout + when pushing alerts. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Struct containing the CA cert to use for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file + for the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + allowOverlappingBlocks: + description: AllowOverlappingBlocks enables vertical compaction and + vertical query merge in Prometheus. This is still experimental in + Prometheus so it may change in any upcoming release. + type: boolean + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run + inside of the cluster and will discover API servers automatically + and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + authorization: + description: Authorization section for accessing apiserver + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File to read a secret from, mutually exclusive + with Credentials (from SafeAuthorization) + type: string + type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth allow an endpoint to authenticate over + basic authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a + hostname or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Struct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: 'Base image to use for a Prometheus deployment. Deprecated: + use ''image'' instead' + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or + modifying operator generated containers. This can be used to allow + adding an authentication proxy to a Prometheus pod or to change + the behavior of an operator generated container. Containers described + here modify an operator generated container if they share the same + name and modifications are done via a strategic merge patch. The + current container names are: `prometheus`, `config-reloader`, and + `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you + accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults + to the value of `false`. WARNING: Enabling the admin APIs enables + mutating endpoints, to delete data, shutdown Prometheus, and more. + Enabling this should be done with care and the user is advised to + add additional authentication authorization via a proxy to ensure + only clients authorized to perform these actions can do so. For + more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enableFeatures: + description: Enable access to Prometheus disabled features. By default, + no features are enabled. Enabling disabled features is entirely + outside the scope of what the maintainers will support and by doing + so, you accept that this behaviour may break at any time without + notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/ + items: + type: string + type: array + enableRemoteWriteReceiver: + description: 'Enable Prometheus to be used as a receiver for the Prometheus + remote write protocol. Defaults to the value of `false`. WARNING: + This is not considered an efficient way of ingesting samples. Use + it with caution for specific low-volume use cases. It is not suitable + for replacing the ingestion via scraping and turning Prometheus + into a push-based metrics collection system. For more information + see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + Only valid in Prometheus versions 2.33.0 and newer.' + type: boolean + enforcedBodySizeLimit: + description: 'EnforcedBodySizeLimit defines the maximum size of uncompressed + response body that will be accepted by Prometheus. Targets responding + with a body larger than this many bytes will cause the scrape to + fail. Example: 100MB. If defined, the limit will apply to all service/pod + monitors and probes. This is an experimental feature, this behaviour + could change or be removed in the future. Only valid in Prometheus + versions 2.28.0 and newer.' + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + enforcedLabelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. If more than this number of labels are present post + metric-relabeling, the entire scrape will be treated as failed. + 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + enforcedLabelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. If a label name is longer than this number + post metric-relabeling, the entire scrape will be treated as failed. + 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + enforcedLabelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. If a label value is longer than this number + post metric-relabeling, the entire scrape will be treated as failed. + 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + enforcedNamespaceLabel: + description: "EnforcedNamespaceLabel If set, a label will be added + to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` + and `Probe` objects) and 2. in all `PrometheusRule` objects (except + the ones excluded in `prometheusRulesExcludedFromEnforce`) to * + alerting & recording rules and * the metrics used in their expressions + (`expr`). \n Label name is this field's value. Label value is the + namespace of the created object (mentioned above)." + type: string + enforcedSampleLimit: + description: EnforcedSampleLimit defines global limit on number of + scraped samples that will be accepted. This overrides any SampleLimit + set per ServiceMonitor or/and PodMonitor. It is meant to be used + by admins to enforce the SampleLimit to keep overall number of samples/series + under the desired limit. Note that if SampleLimit is lower that + value will be taken instead. + format: int64 + type: integer + enforcedTargetLimit: + description: EnforcedTargetLimit defines a global limit on the number + of scraped targets. This overrides any TargetLimit set per ServiceMonitor + or/and PodMonitor. It is meant to be used by admins to enforce + the TargetLimit to keep the overall number of targets under the + desired limit. Note that if TargetLimit is lower, that value will + be taken instead, except if either value is zero, in which case + the non-zero value will be used. If both values are zero, no limit + is enforced. + format: int64 + type: integer + evaluationInterval: + default: 30s + description: 'Interval between consecutive evaluations. Default: `30s`' + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + excludedFromEnforcement: + description: List of references to PodMonitor, ServiceMonitor, Probe + and PrometheusRule objects to be excluded from enforcing a namespace + label of origin. Applies only if enforcedNamespaceLabel set to true. + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: Group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: Name of the referent. When not set, all resources + are matched. + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minLength: 1 + type: string + resource: + description: Resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + type: string + required: + - namespace + - resource + type: object + type: array + exemplars: + description: Exemplars related settings that are runtime reloadable. + It requires to enable the exemplar storage feature to be effective. + properties: + maxSize: + description: Maximum number of exemplars stored in memory for + all series. If not set, Prometheus uses its default value. A + value of zero or less than zero disables the storage. + format: int64 + type: integer + type: object + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + hostAliases: + description: Pods' hostAliases configuration + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from all PodMonitor, ServiceMonitor and Probe objects. + They will only discover endpoints within the namespace of the PodMonitor, + ServiceMonitor and Probe objects. Defaults to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Prometheus + is being configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling prometheus and alertmanager images + from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. The current init container name is: + `init-config-reloader`. Overriding init containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: Log level for Prometheus to be configured with. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created pod + should be ready without any of its container crashing for it to + be considered available. Defaults to 0 (pod will be considered available + as soon as it is ready) This is an alpha field and requires enabling + StatefulSetMinReadySeconds feature gate. + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: When true, Prometheus resolves label conflicts by renaming + the labels in the scraped data to "exported_