From c79b04d009c5ada3800b677714154d7103806df2 Mon Sep 17 00:00:00 2001 From: liuqi-sun <48784730+liuqi-sun@users.noreply.github.com> Date: Wed, 28 Feb 2024 17:48:58 +0800 Subject: [PATCH 01/89] Update ingress-controllers.md --- .../en/docs/concepts/services-networking/ingress-controllers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/docs/concepts/services-networking/ingress-controllers.md b/content/en/docs/concepts/services-networking/ingress-controllers.md index 1546e5e1a5..6b7f97e0f3 100644 --- a/content/en/docs/concepts/services-networking/ingress-controllers.md +++ b/content/en/docs/concepts/services-networking/ingress-controllers.md @@ -59,6 +59,7 @@ Kubernetes as a project supports and maintains [AWS](https://github.com/kubernet works with the [NGINX](https://www.nginx.com/resources/glossary/nginx/) webserver (as a proxy). * The [ngrok Kubernetes Ingress Controller](https://github.com/ngrok/kubernetes-ingress-controller) is an open source controller for adding secure public access to your K8s services using the [ngrok platform](https://ngrok.com). * The [OCI Native Ingress Controller](https://github.com/oracle/oci-native-ingress-controller#readme) is an Ingress controller for Oracle Cloud Infrastructure which allows you to manage the [OCI Load Balancer](https://docs.oracle.com/en-us/iaas/Content/Balance/home.htm). +* [OpenNJet Ingress Controller](https://gitee.com/njet-rd/open-njet-kic) is a [OpenNJet](https://njet.org.cn/)-based ingress controller. * The [Pomerium Ingress Controller](https://www.pomerium.com/docs/k8s/ingress.html) is based on [Pomerium](https://pomerium.com/), which offers context-aware access policy. * [Skipper](https://opensource.zalando.com/skipper/kubernetes/ingress-controller/) HTTP router and reverse proxy for service composition, including use cases like Kubernetes Ingress, designed as a library to build your custom proxy. * The [Traefik Kubernetes Ingress provider](https://doc.traefik.io/traefik/providers/kubernetes-ingress/) is an From 00f172dbfce8f9da01cd179870dc0790d99ba8c0 Mon Sep 17 00:00:00 2001 From: Arhell Date: Mon, 22 Apr 2024 00:40:54 +0300 Subject: [PATCH 02/89] [fr] Fix link --- content/fr/docs/concepts/services-networking/ingress.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/fr/docs/concepts/services-networking/ingress.md b/content/fr/docs/concepts/services-networking/ingress.md index 140b15715d..b01ef2c9ed 100644 --- a/content/fr/docs/concepts/services-networking/ingress.md +++ b/content/fr/docs/concepts/services-networking/ingress.md @@ -448,7 +448,7 @@ Suivez [SIG network](https://github.com/kubernetes/community/tree/master/sig-net Vous pouvez exposer un service de plusieurs manières sans impliquer directement la ressource Ingress : * Utilisez [Service.Type=LoadBalancer](/docs/concepts/services-networking/service/#loadbalancer) -* Utilisez [Service.Type=NodePort](/docs/concepts/services-networking/service/#nodeport) +* Utilisez [Service.Type=NodePort](/docs/concepts/services-networking/service/#type-nodeport) * Utilisez un [Proxy du port](https://git.k8s.io/contrib/for-demos/proxy-to-service) From cd6b046f3f002d218b0d22d3e22023b3b53896c3 Mon Sep 17 00:00:00 2001 From: Eduardo Salazar Carrillo <122764571+eduardoSalazarCarrillo@users.noreply.github.com> Date: Wed, 24 Apr 2024 11:49:25 -0600 Subject: [PATCH 03/89] Spanish translation of the document leases --- .../es/docs/concepts/architecture/leases.md | 103 ++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 content/es/docs/concepts/architecture/leases.md diff --git a/content/es/docs/concepts/architecture/leases.md b/content/es/docs/concepts/architecture/leases.md new file mode 100644 index 0000000000..24a89cd1c0 --- /dev/null +++ b/content/es/docs/concepts/architecture/leases.md @@ -0,0 +1,103 @@ +--- +title: Arrendamientos +api_metadata: +- apiVersion: "coordination.k8s.io/v1" + kind: "Lease" +content_type: concept +weight: 30 +--- + + + +Los sistemas distribuidos suelen necesitar _arrendamientos_, que proporcionan un mecanismo para bloquear recursos compartidos +y coordinar la actividad entre los miembros de un conjunto. +En Kubernetes, el concepto de arrendamiento está representado por objetos [Lease](/docs/reference/kubernetes-api/cluster-resources/lease-v1/) +en el {{< glossary_tooltip text="grupo API" term_id="api-group" >}} de `coordination.k8s.io`, +que se utilizan para capacidades críticas del sistema, como los latidos del nodo y la elección del líder a nivel de componente. + + +## Latidos del nodo {#node-heart-beats} + +Kubernetes utiliza la API Lease para comunicar los latidos de los nodos kubelet al servidor API de Kubernetes. +Para cada `Nodo` , existe un objeto `Lease` con un nombre coincidente en el espacio de nombres `kube-node-lease`. +Bajo el capó, cada latido kubelet es una solicitud **update** a este objeto `Lease`, actualizando +el campo `spec.renewTime` del objeto Lease. El plano de control de Kubernetes utiliza la marca de tiempo de este campo +para determinar la disponibilidad de este «Nodo». + +Véase [Objetos Lease de nodos](/docs/concepts/architecture/nodes/#heartbeats) para más detalles. + +## Elección del líder +Kubernetes también utiliza Leases para asegurar que sólo una instancia de un componente se está ejecutando en un momento dado. +Esto lo utilizan componentes del plano de control como `kube-controller-manager` y `kube-scheduler` en configuraciones de +HA, donde sólo una instancia del componente debe estar ejecutándose activamente mientras las otras +instancias están en espera. + +## Identidad del servidor API + +{{< feature-state feature_gate_name="APIServerIdentity" >}} + +A partir de Kubernetes v1.26, cada `kube-apiserver` utiliza la API Lease para publicar su identidad al resto del sistema. +Aunque no es particularmente útil por sí mismo, esto proporciona un mecanismo para que los clientes +descubrir cuántas instancias de `kube-apiserver` están operando el plano de control de Kubernetes. +La existencia de los objetos leases de kube-apiserver permite futuras capacidades que pueden requerir la coordinación entre +cada kube-apiserver. + +Puede inspeccionar los leases de cada kube-apiserver buscando objetos leases en el espacio de nombres `kube-system` +con el nombre `kube-apiserver-`. También puede utilizar el selector de etiquetas `apiserver.kubernetes.io/identity=kube-apiserver`: + +```shell +kubectl -n kube-system get lease -l apiserver.kubernetes.io/identity=kube-apiserver +``` +``` +NAME HOLDER AGE +apiserver-07a5ea9b9b072c4a5f3d1c3702 apiserver-07a5ea9b9b072c4a5f3d1c3702_0c8914f7-0f35-440e-8676-7844977d3a05 5m33s +apiserver-7be9e061c59d368b3ddaf1376e apiserver-7be9e061c59d368b3ddaf1376e_84f2a85d-37c1-4b14-b6b9-603e62e4896f 4m23s +apiserver-1dfef752bcb36637d2763d1868 apiserver-1dfef752bcb36637d2763d1868_c5ffa286-8a9a-45d4-91e7-61118ed58d2e 4m43s + +``` +El hash SHA256 utilizado en el nombre del lease se basa en el nombre de host del sistema operativo visto por ese servidor API. Cada kube-apiserver debe ser +configurado para utilizar un nombre de host que es único dentro del clúster. Las nuevas instancias de kube-apiserver que utilizan el mismo nombre de host +asumirán los leases existentes utilizando una nueva identidad de titular, en lugar de instanciar nuevos objetos leases. Puede comprobar el +nombre de host utilizado por kube-apiserver comprobando el valor de la etiqueta `kubernetes.io/hostname`: + +```shell +kubectl -n kube-system get lease apiserver-07a5ea9b9b072c4a5f3d1c3702 -o yaml +``` +```yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + creationTimestamp: "2023-07-02T13:16:48Z" + labels: + apiserver.kubernetes.io/identity: kube-apiserver + kubernetes.io/hostname: master-1 + name: apiserver-07a5ea9b9b072c4a5f3d1c3702 + namespace: kube-system + resourceVersion: "334899" + uid: 90870ab5-1ba9-4523-b215-e4d4e662acb1 +spec: + holderIdentity: apiserver-07a5ea9b9b072c4a5f3d1c3702_0c8914f7-0f35-440e-8676-7844977d3a05 + leaseDurationSeconds: 3600 + renewTime: "2023-07-04T21:58:48.065888Z" +``` + +Los leases caducados de los kube-apiservers que ya no existen son recogidos por los nuevos kube-apiservers después de 1 hora. + +Puede desactivar el lease de identidades del servidor API desactivando la opción `APIServerIdentity` de la [puerta de función](/docs/reference/command-line-tools-reference/feature-gates/). + +## Cargas de trabajo {#custom-workload} + +Su propia carga de trabajo puede definir su propio uso de los leases. Por ejemplo, puede ejecutar un +{{< glossary_tooltip term_id=«controller» text=«controlador» >}} en la que un miembro principal o líder +realiza operaciones que sus compañeros no realizan. Usted define un Lease para que las réplicas del controlador puedan seleccionar +o elegir un líder, utilizando la API de Kubernetes para la coordinación. +Si utiliza un lease, es una buena práctica definir un nombre para el lease que esté obviamente vinculado a +el producto o componente. Por ejemplo, si tiene un componente denominado Ejemplo Foo, utilice un lease denominado +`ejemplo-foo`. + +Si un operador de clúster u otro usuario final puede desplegar varias instancias de un componente, seleccione un nombre +prefijo y elija un mecanismo (como el hash del nombre del despliegue) para evitar colisiones de nombres +para los leases. + +Puede utilizar otro enfoque siempre que consiga el mismo resultado: los distintos productos de software no entran en conflicto entre sí. +no entren en conflicto entre sí. \ No newline at end of file From e1cac996e58f26eeac50d30dcabe1536dfb1afc3 Mon Sep 17 00:00:00 2001 From: Eduardo Salazar Carrillo <122764571+eduardoSalazarCarrillo@users.noreply.github.com> Date: Wed, 24 Apr 2024 17:49:28 -0600 Subject: [PATCH 04/89] Update content/es/docs/concepts/architecture/leases.md Co-authored-by: Dipesh Rawat --- content/es/docs/concepts/architecture/leases.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/es/docs/concepts/architecture/leases.md b/content/es/docs/concepts/architecture/leases.md index 24a89cd1c0..9b03b17e6b 100644 --- a/content/es/docs/concepts/architecture/leases.md +++ b/content/es/docs/concepts/architecture/leases.md @@ -88,7 +88,7 @@ Puede desactivar el lease de identidades del servidor API desactivando la opció ## Cargas de trabajo {#custom-workload} Su propia carga de trabajo puede definir su propio uso de los leases. Por ejemplo, puede ejecutar un -{{< glossary_tooltip term_id=«controller» text=«controlador» >}} en la que un miembro principal o líder +{{< glossary_tooltip term_id=controller text=controlador >}} en la que un miembro principal o líder realiza operaciones que sus compañeros no realizan. Usted define un Lease para que las réplicas del controlador puedan seleccionar o elegir un líder, utilizando la API de Kubernetes para la coordinación. Si utiliza un lease, es una buena práctica definir un nombre para el lease que esté obviamente vinculado a From be2172f9a4a7ae4040ee3133be9d3bc4e887bf2b Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Fri, 24 May 2024 13:38:25 +0100 Subject: [PATCH 05/89] Ready sortable table support for Docsy - make the JavaScript an asset - add it to the head-end hook rather than the head partial itself --- {static => assets}/js/sortable-table.js | 0 layouts/partials/head.html | 4 ---- layouts/partials/hooks/head-end.html | 10 ++++++++++ 3 files changed, 10 insertions(+), 4 deletions(-) rename {static => assets}/js/sortable-table.js (100%) diff --git a/static/js/sortable-table.js b/assets/js/sortable-table.js similarity index 100% rename from static/js/sortable-table.js rename to assets/js/sortable-table.js diff --git a/layouts/partials/head.html b/layouts/partials/head.html index 5bea1abf07..8f94167ad9 100644 --- a/layouts/partials/head.html +++ b/layouts/partials/head.html @@ -87,10 +87,6 @@ -{{- if or (.HasShortcode "table") (.HasShortcode "feature-gate-table") -}} - -{{- end -}} - {{- if .HasShortcode "release-binaries" -}} {{- end -}} diff --git a/layouts/partials/hooks/head-end.html b/layouts/partials/hooks/head-end.html index 6918908c35..3221400ccf 100644 --- a/layouts/partials/hooks/head-end.html +++ b/layouts/partials/hooks/head-end.html @@ -1 +1,11 @@ + +{{- if or (.HasShortcode "table") (.HasShortcode "feature-gate-table") -}} + {{- if hugo.IsProduction -}} + {{- $sortableTableJs := resources.Get "js/sortable-table.js" | minify | fingerprint -}} + + {{- else -}} + {{- $sortableTableJs := resources.Get "js/sortable-table.js" -}} + + {{- end -}} +{{- end -}} From 7a6cd5cedc1c7b4e944a6ab2aaeed5a67f8476e2 Mon Sep 17 00:00:00 2001 From: anushatomar13 Date: Fri, 24 May 2024 21:18:26 +0530 Subject: [PATCH 06/89] Localized java microservice to Hindi --- .../configure-java-microservice.md | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 content/hi/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice.md diff --git a/content/hi/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice.md b/content/hi/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice.md new file mode 100644 index 0000000000..0757bceb3f --- /dev/null +++ b/content/hi/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice.md @@ -0,0 +1,66 @@ +--- +title: "माइक्रोप्रोफाइल, कॉन्फिगमैप्स और सीक्रेट्स का उपयोग करके कॉन्फिगरेशन को बाह्यीकृत करना" +content_type: ट्यूटोरियल +weight: 10 +--- + + + +इस ट्यूटोरियल में आप सीखेंगे कि अपने माइक्रोसर्विस के कॉन्फ़िगरेशन को कैसे और क्यों बाह्यीकृत करना है। +विशेष रूप से, आप सीखेंगे कि एनवायरमेंट वेरिएबल सेट करने के लिए कुबेरनेट्स कॉन्फिगमैप्स और सीक्रेट्स का +उपयोग कैसे करें और फिर माइक्रोप्रोफाइल कॉन्फिग का उपयोग करके उनका उपभोग करें। + + +## {{% heading "prerequisites" %}} + +### कुबेरनेट्स कॉन्फ़िगमैप्स और सीक्रेट बनाना + +कुबेरनेट्स में डॉकर कंटेनर के लिए एनवायरमेंट वेरिएबल सेट करने के कई तरीके हैं, जिनमें शामिल हैं: Dockerfile, +kubernetes.yml, Kubernetes ConfigMaps, और Kubernetes Secrets। ट्यूटोरियल में, आप सीखेंगे कि अपने +एनवायरमेंट वेरिएबल सेट करने के लिए कुबेरनेट्स कॉन्फिगमैप्स और कुबेरनेट्स सीक्रेट्स का उपयोग कैसे करें, जिनके वैल्यू +आपके माइक्रोसर्विसेज में इंजेक्ट किए जाएंगे। कॉन्फिगमैप्स और सीक्रेट्स का उपयोग करने का एक लाभ यह है कि +उन्हें कई कंटेनरों में फिर से उपयोग किया जा सकता है, जिसमें विभिन्न कंटेनरों के लिए अलग-अलग एनवायरमेंट वेरिएबल +को सौंपा जाना भी शामिल है। + +कॉन्फिगमैप्स एपीआई ऑब्जेक्ट हैं जो गैर-गोपनीय key-value जोड़े को संग्रहीत करते हैं। +इंटरएक्टिव ट्यूटोरियल में आप सीखेंगे कि एप्लिकेशन के नाम को संग्रहीत करने के लिए +कॉन्फिगमैप का उपयोग कैसे करना है। कॉन्फ़िगमैप्स के संबंध में अधिक जानकारी के लिए, +आप [दस्तावेज़ यहाँ पा सकते हैं](/docs/tasks/configure-pod-container/configure-pod-configmap/))। + +हालाँकि सीक्रेट्स का उपयोग भी key-value जोड़े को संग्रहीत करने के लिए किया जाता है, +वे कॉन्फिगमैप्स से भिन्न होते हैं क्योंकि वे गोपनीय/संवेदनशील जानकारी के लिए होते हैं और Base64 एन्कोडिंग +का उपयोग करके संग्रहीत होते हैं। यह सीक्रेट को क्रेडेंशियल्स, keys और टोकन जैसी चीज़ों को संग्रहीत करने +के लिए उपयुक्त विकल्प बनाता है, जिनमें से पहला काम आप इंटरैक्टिव ट्यूटोरियल में करेंगे। सीक्रेट के बारे +में अधिक जानकारी के लिए, आप [दस्तावेज़ यहाँ पा सकते हैं](/docs/concepts/configuration/secret/)। + +### कोड से कॉन्फ़िग को बाह्यीकृत करना + +बाहरी एप्लिकेशन कॉन्फ़िगरेशन उपयोगी है क्योंकि कॉन्फ़िगरेशन आमतौर पर आपके वातावरण के आधार पर +बदलता है। इसे पूरा करने के लिए, हम जावा के Contexts and Dependency Injection (CDI) और माइक्रोप्रोफाइल +कॉन्फ़िगरेशन का उपयोग करेंगे। माइक्रोप्रोफाइल कॉन्फिग माइक्रोप्रोफाइल की एक विशेषता है, जो क्लाउड-नेटिव +माइक्रोसर्विसेज को विकसित करने और तैनात करने के लिए खुली जावा प्रौद्योगिकियों का एक सेट है। + +सीडीआई (CDI) एक स्टैंडर्ड तरीका है जो एप्लिकेशन में डिपेंडेंसी इंजेक्शन (dependency injection) को आसान बनाता है। +इसकी मदद से, एप्लिकेशन को अलग-अलग हिस्सों (beans) से मिलाकर बनाया जा सकता है जो एक-दूसरे से कम जुड़े होते हैं। +इससे एप्लिकेशन को बनाना और सुधारना आसान हो जाता है। माइक्रोप्रोफाइल कॉन्फिग ऐप्स और माइक्रोसर्विसेज को एप्लिकेशन, +रनटाइम और पर्यावरण सहित विभिन्न स्रोतों से कॉन्फिग के गुण प्राप्त करने का एक मानक तरीका प्रदान करता है। स्रोत की +परिभाषित प्राथमिकता के आधार पर, गुणों को स्वचालित रूप से गुणों के एक सेट में संयोजित किया जाता है जिसे +एप्लिकेशन एपीआई के माध्यम से एक्सेस कर सकता है। साथ में, सीडीआई और माइक्रोप्रोफाइल का उपयोग कुबेरनेट्स +कॉन्फिगमैप्स और सीक्रेट्स से बाहरी रूप से प्रदान की गई संपत्तियों को पुनः प्राप्त करने और आपके एप्लिकेशन कोड +में इंजेक्ट करने के लिए इंटरएक्टिव ट्यूटोरियल में किया जाएगा। + +कई ओपन सोर्स फ्रेमवर्क और रनटाइम माइक्रोप्रोफाइल कॉन्फ़िगरेशन को लागू और समर्थ करते हैं। पूरे इंटरैक्टिव +ट्यूटोरियल के दौरान, आप ओपन लिबर्टी का उपयोग करेंगे, जो क्लाउड-नेटिव ऐप्स और माइक्रोसर्विसेज को बनाने +और चलाने के लिए एक फ्लेक्सिबल ओपन-सोर्स जावा रनटाइम है। हालाँकि, इसके बजाय किसी भी माइक्रोप्रोफाइल +संगत रनटाइम का उपयोग किया जा सकता है। + +## {{% heading "objectives" %}} + +* एक कुबेरनेट्स कॉन्फ़िगमैप और सीक्रेट बनाएं +* माइक्रोप्रोफाइल कॉन्फ़िगरेशन का उपयोग करके माइक्रोसर्विस कॉन्फ़िगरेशन इंजेक्ट करें + + +## उदाहरण: माइक्रोप्रोफाइल, कॉन्फिगमैप्स और सीक्रेट्स का उपयोग करके कॉन्फिगरेशन को बाह्यीकृत करना +[इंटरैक्टिव ट्यूटोरियल प्रारंभ करें](/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice-interactive/) + + From 4c51d16ad91a996429a9040a009d8fd188546868 Mon Sep 17 00:00:00 2001 From: anushatomar13 Date: Wed, 29 May 2024 18:03:43 +0530 Subject: [PATCH 07/89] updated with suggested changes --- .../configure-java-microservice.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/content/hi/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice.md b/content/hi/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice.md index 0757bceb3f..5e8646f9d1 100644 --- a/content/hi/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice.md +++ b/content/hi/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice.md @@ -35,15 +35,15 @@ kubernetes.yml, Kubernetes ConfigMaps, और Kubernetes Secrets। ट्यू ### कोड से कॉन्फ़िग को बाह्यीकृत करना -बाहरी एप्लिकेशन कॉन्फ़िगरेशन उपयोगी है क्योंकि कॉन्फ़िगरेशन आमतौर पर आपके वातावरण के आधार पर -बदलता है। इसे पूरा करने के लिए, हम जावा के Contexts and Dependency Injection (CDI) और माइक्रोप्रोफाइल +बाह्यीकृत एप्लिकेशन कॉन्फ़िगरेशन उपयोगी है क्योंकि कॉन्फ़िगरेशन आमतौर पर आपके वातावरण के आधार पर +बदलता है। इसे पूरा करने के लिए, हम Java के Contexts and Dependency Injection (CDI) और माइक्रोप्रोफाइल कॉन्फ़िगरेशन का उपयोग करेंगे। माइक्रोप्रोफाइल कॉन्फिग माइक्रोप्रोफाइल की एक विशेषता है, जो क्लाउड-नेटिव -माइक्रोसर्विसेज को विकसित करने और तैनात करने के लिए खुली जावा प्रौद्योगिकियों का एक सेट है। +माइक्रोसर्विसेज को विकसित करने और डेप्लॉय करने के लिए open Java प्रौद्योगिकियों का एक सेट है। सीडीआई (CDI) एक स्टैंडर्ड तरीका है जो एप्लिकेशन में डिपेंडेंसी इंजेक्शन (dependency injection) को आसान बनाता है। इसकी मदद से, एप्लिकेशन को अलग-अलग हिस्सों (beans) से मिलाकर बनाया जा सकता है जो एक-दूसरे से कम जुड़े होते हैं। इससे एप्लिकेशन को बनाना और सुधारना आसान हो जाता है। माइक्रोप्रोफाइल कॉन्फिग ऐप्स और माइक्रोसर्विसेज को एप्लिकेशन, -रनटाइम और पर्यावरण सहित विभिन्न स्रोतों से कॉन्फिग के गुण प्राप्त करने का एक मानक तरीका प्रदान करता है। स्रोत की +रनटाइम और एनवायरमेंट सहित विभिन्न स्रोतों से कॉन्फिग के गुण प्राप्त करने का एक मानक तरीका प्रदान करता है। स्रोत की परिभाषित प्राथमिकता के आधार पर, गुणों को स्वचालित रूप से गुणों के एक सेट में संयोजित किया जाता है जिसे एप्लिकेशन एपीआई के माध्यम से एक्सेस कर सकता है। साथ में, सीडीआई और माइक्रोप्रोफाइल का उपयोग कुबेरनेट्स कॉन्फिगमैप्स और सीक्रेट्स से बाहरी रूप से प्रदान की गई संपत्तियों को पुनः प्राप्त करने और आपके एप्लिकेशन कोड @@ -51,7 +51,7 @@ kubernetes.yml, Kubernetes ConfigMaps, और Kubernetes Secrets। ट्यू कई ओपन सोर्स फ्रेमवर्क और रनटाइम माइक्रोप्रोफाइल कॉन्फ़िगरेशन को लागू और समर्थ करते हैं। पूरे इंटरैक्टिव ट्यूटोरियल के दौरान, आप ओपन लिबर्टी का उपयोग करेंगे, जो क्लाउड-नेटिव ऐप्स और माइक्रोसर्विसेज को बनाने -और चलाने के लिए एक फ्लेक्सिबल ओपन-सोर्स जावा रनटाइम है। हालाँकि, इसके बजाय किसी भी माइक्रोप्रोफाइल +और चलाने के लिए एक फ्लेक्सिबल ओपन-सोर्स Java रनटाइम है। हालाँकि, इसके बजाय किसी भी माइक्रोप्रोफाइल संगत रनटाइम का उपयोग किया जा सकता है। ## {{% heading "objectives" %}} @@ -61,6 +61,7 @@ kubernetes.yml, Kubernetes ConfigMaps, और Kubernetes Secrets। ट्यू ## उदाहरण: माइक्रोप्रोफाइल, कॉन्फिगमैप्स और सीक्रेट्स का उपयोग करके कॉन्फिगरेशन को बाह्यीकृत करना + [इंटरैक्टिव ट्यूटोरियल प्रारंभ करें](/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice-interactive/) From 0d11c1d6b038750dd26f628ffe1e483bfcc0af3f Mon Sep 17 00:00:00 2001 From: okarin Date: Fri, 31 May 2024 06:28:20 +0900 Subject: [PATCH 08/89] [ja] fix Stable Storage section in Japanese --- content/ja/docs/concepts/workloads/controllers/statefulset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/docs/concepts/workloads/controllers/statefulset.md b/content/ja/docs/concepts/workloads/controllers/statefulset.md index 48aa86f68b..286ac5d135 100644 --- a/content/ja/docs/concepts/workloads/controllers/statefulset.md +++ b/content/ja/docs/concepts/workloads/controllers/statefulset.md @@ -142,7 +142,7 @@ Cluster Domain | Service (ns/name) | StatefulSet (ns/name) | StatefulSet Domain ### 安定したストレージ -Kubernetesは各VolumeClaimTemplateに対して、1つの[PersistentVolume](/docs/concepts/storage/persistent-volumes/)を作成します。上記のnginxの例において、各Podは`my-storage-class`というStorageClassをもち、1GiBのストレージ容量を持った単一のPersistentVolumeを受け取ります。もしStorageClassが指定されていない場合、デフォルトのStorageClassが使用されます。PodがNode上にスケジュール(もしくは再スケジュール)されたとき、その`volumeMounts`はPersistentVolume Claimに関連したPersistentVolumeをマウントします。 +StatefulSetで定義された各VolumeClaimTemplateに対して、各Podは1つのPersistentVolumeClaimを受け取ります。上記のnginxの例において、各Podは`my-storage-class`というStorageClassをもち、1GiBのストレージ容量を持った単一のPersistentVolumeを受け取ります。もしStorageClassが指定されていない場合、デフォルトのStorageClassが使用されます。PodがNode上にスケジュール(もしくは再スケジュール)されたとき、その`volumeMounts`はPersistentVolume Claimに関連したPersistentVolumeをマウントします。 注意点として、PodのPersistentVolume Claimと関連したPersistentVolumeは、PodやStatefulSetが削除されたときに削除されません。 削除する場合は手動で行わなければなりません。 From 40bfb79b626a1d318b7d6024090de062ebcfd720 Mon Sep 17 00:00:00 2001 From: Dipesh Rawat Date: Mon, 22 Apr 2024 19:59:18 +0100 Subject: [PATCH 09/89] Update 2017 blog to include author in front-matter --- ...rless-Functions-As-Service-For-Kubernetes.md | 7 ++----- ...-Run-Kubernetes-In-Kubernetes-Kubeception.md | 8 +++----- ...17-01-00-Kubernetes-Ux-Survey-Infographic.md | 4 ++-- ...g-Mongodb-On-Kubernetes-With-Statefulsets.md | 4 ++-- ...s-Deployments-With-Policy-Base-Networking.md | 6 ++---- ...Creating-And-Managing-Kubernetes-Clusters.md | 7 ++----- ...-00-Caas-The-Foundation-For-Next-Gen-Paas.md | 14 ++------------ ...2-00-Highly-Available-Kubernetes-Clusters.md | 5 ++--- ...stgresql-Clusters-Kubernetes-Statefulsets.md | 6 ++---- ...-Learning-With-Paddlepaddle-On-Kubernetes.md | 10 +++------- ...7-03-00-Advanced-Scheduling-In-Kubernetes.md | 6 +++--- ...ovisioning-And-Storage-Classes-Kubernetes.md | 6 ++++-- ...K8Sport-Engaging-The-Kubernetes-Community.md | 9 ++------- ...s-1-6-Multi-User-Multi-Workloads-At-Scale.md | 9 +++++---- ...-00-Scalability-Updates-In-Kubernetes-1-6.md | 6 ++---- ...Dns-Zones-Upstream-Nameservers-Kubernetes.md | 10 +++------- ...ments-With-Kubernetes-In-The-Cloud-Onprem.md | 9 ++------- .../2017-04-00-Rbac-Support-In-Kubernetes.md | 12 ++++-------- ...00-Draft-Kubernetes-Container-Development.md | 13 ++----------- .../2017-05-00-Kubernetes-Monitoring-Guide.md | 10 ++-------- ...-00-Kubernetes-Security-Process-Explained.md | 11 ++++------- ...pray-Ansible-Collaborative-Kubernetes-Ops.md | 8 ++------ ...tateful-Application-Extensibility-Updates.md | 9 ++++++--- ...017-07-00-How-Watson-Health-Cloud-Deploys.md | 7 ++----- ...8-00-High-Performance-Networking-With-Ec2.md | 7 +++---- ...8-00-Kompose-Helps-Developers-Move-Docker.md | 7 ++----- ...7-08-00-Kubernetes-Meets-High-Performance.md | 3 ++- ...0-Introducing-Resource-Management-Working.md | 3 ++- ...9-00-Kubernetes-18-Security-Workloads-And.md | 5 ++--- ...-09-00-Kubernetes-Statefulsets-Daemonsets.md | 5 +++-- ...0-Windows-Networking-At-Parity-With-Linux.md | 3 ++- ...-Enforcing-Network-Policies-In-Kubernetes.md | 4 +++- .../_posts/2017-10-00-Kubeadm-V18-Released.md | 8 +++----- ...-00-Request-Routing-And-Policy-Management.md | 8 ++++++-- ...-10-00-Software-Conformance-Certification.md | 5 ++--- ...7-10-00-Using-Rbac-Generally-Available-18.md | 4 +++- ...nerd-Container-Runtime-Options-Kubernetes.md | 5 +++-- .../_posts/2017-11-00-Kubernetes-Easy-Way.md | 4 ++-- ...00-Securing-Software-Supply-Chain-Grafeas.md | 4 +++- ...017-12-00-Introducing-Kubeflow-Composable.md | 9 +++------ ...ubernetes-19-Workloads-Expanded-Ecosystem.md | 4 ++-- ...2-00-Paddle-Paddle-Fluid-Elastic-Learning.md | 17 +++++++++-------- 42 files changed, 120 insertions(+), 181 deletions(-) diff --git a/content/en/blog/_posts/2017-01-00-Fission-Serverless-Functions-As-Service-For-Kubernetes.md b/content/en/blog/_posts/2017-01-00-Fission-Serverless-Functions-As-Service-For-Kubernetes.md index fb86e683c0..7f53d19cb1 100644 --- a/content/en/blog/_posts/2017-01-00-Fission-Serverless-Functions-As-Service-For-Kubernetes.md +++ b/content/en/blog/_posts/2017-01-00-Fission-Serverless-Functions-As-Service-For-Kubernetes.md @@ -3,9 +3,9 @@ title: " Fission: Serverless Functions as a Service for Kubernetes " date: 2017-01-30 slug: fission-serverless-functions-as-service-for-kubernetes url: /blog/2017/01/Fission-Serverless-Functions-As-Service-For-Kubernetes +author: > + Soam Vasani (Platform9 Systems) --- -_Editor's note: Today’s post is by Soam Vasani, Software Engineer at Platform9 Systems, talking about a new open source Serverless Function (FaaS) framework for Kubernetes._  - [Fission](https://github.com/fission/fission) is a Functions as a Service (FaaS) / Serverless function framework built on Kubernetes. Fission allows you to easily create HTTP services on Kubernetes from functions. It works at the source level and abstracts away container images (in most cases). It also simplifies the Kubernetes learning curve, by enabling you to make useful services without knowing much about Kubernetes. @@ -127,6 +127,3 @@ Fission is open source and developed in the open by [Platform9 Systems](http://p - Connect with the community on [Slack](http://slack.k8s.io/) - Follow us on Twitter [@Kubernetesio](https://twitter.com/kubernetesio) for latest updates - - -_--Soam Vasani, Software Engineer, Platform9 Systems_ diff --git a/content/en/blog/_posts/2017-01-00-How-We-Run-Kubernetes-In-Kubernetes-Kubeception.md b/content/en/blog/_posts/2017-01-00-How-We-Run-Kubernetes-In-Kubernetes-Kubeception.md index 49ccc4ce45..df0b8e4603 100644 --- a/content/en/blog/_posts/2017-01-00-How-We-Run-Kubernetes-In-Kubernetes-Kubeception.md +++ b/content/en/blog/_posts/2017-01-00-How-We-Run-Kubernetes-In-Kubernetes-Kubeception.md @@ -3,9 +3,10 @@ title: " How we run Kubernetes in Kubernetes aka Kubeception " date: 2017-01-20 slug: how-we-run-kubernetes-in-kubernetes-kubeception url: /blog/2017/01/How-We-Run-Kubernetes-In-Kubernetes-Kubeception +author: > + Hector Fernandez (Giant Swarm) + Puja Abbassi (Giant Swarm) --- -_Editor's note: Today’s post is by the team at Giant Swarm, showing how they run Kubernetes in Kubernetes._ - [Giant Swarm](https://giantswarm.io/)’s container infrastructure started out with the goal to be an easy way for developers to deploy containerized microservices. Our first generation was extensively using [fleet](https://github.com/coreos/fleet) as a base layer for our infrastructure components as well as for scheduling user containers. In order to give our users a more powerful way to manage their containers we introduced Kubernetes into our stack in early 2016. However, as we needed a quick way to flexibly spin up and manage different users’ Kubernetes clusters resiliently we kept the underlying fleet layer. @@ -119,6 +120,3 @@ This setup is still in its early days and our roadmap is planning for improvemen Most importantly, we are working on making the inner Kubernetes clusters a third party resource that can then be managed by a custom controller. The result would be much like the [Operator concept by CoreOS](https://coreos.com/blog/introducing-operators.html). And to ensure that the community at large can benefit from this project we will be open sourcing this in the near future. - - -_-- Hector Fernandez, Software Engineer & Puja Abbassi, Developer Advocate, Giant Swarm_ diff --git a/content/en/blog/_posts/2017-01-00-Kubernetes-Ux-Survey-Infographic.md b/content/en/blog/_posts/2017-01-00-Kubernetes-Ux-Survey-Infographic.md index ddea9bbe91..4e0e149ae2 100644 --- a/content/en/blog/_posts/2017-01-00-Kubernetes-Ux-Survey-Infographic.md +++ b/content/en/blog/_posts/2017-01-00-Kubernetes-Ux-Survey-Infographic.md @@ -3,9 +3,9 @@ title: " Kubernetes UX Survey Infographic " date: 2017-01-09 slug: kubernetes-ux-survey-infographic url: /blog/2017/01/Kubernetes-Ux-Survey-Infographic +author: > + Dan Romlein (UX Designer) --- -_Editor's note: Today’s post is by Dan Romlein, UX Designer at Apprenda and member of the SIG-UI, sharing UX survey results from the Kubernetes community. _ - The following infographic summarizes the findings of a survey that the team behind [Dashboard](https://github.com/kubernetes/dashboard), the official web UI for Kubernetes, sent during KubeCon in November 2016. Following the KubeCon launch of the survey, it was promoted on Twitter and various Slack channels over a two week period and generated over 100 responses. We’re delighted with the data it provides us to now make feature and roadmap decisions more in-line with the needs of you, our users. **Satisfaction with Dashboard** diff --git a/content/en/blog/_posts/2017-01-00-Running-Mongodb-On-Kubernetes-With-Statefulsets.md b/content/en/blog/_posts/2017-01-00-Running-Mongodb-On-Kubernetes-With-Statefulsets.md index 6682d54df1..6c4c0eb9a5 100644 --- a/content/en/blog/_posts/2017-01-00-Running-Mongodb-On-Kubernetes-With-Statefulsets.md +++ b/content/en/blog/_posts/2017-01-00-Running-Mongodb-On-Kubernetes-With-Statefulsets.md @@ -3,8 +3,9 @@ title: " Running MongoDB on Kubernetes with StatefulSets " date: 2017-01-30 slug: running-mongodb-on-kubernetes-with-statefulsets url: /blog/2017/01/Running-Mongodb-On-Kubernetes-With-Statefulsets +author: > + Sandeep Dinesh (Google Cloud Platform) --- -_Editor's note: Today’s post is by Sandeep Dinesh, Developer Advocate, Google Cloud Platform, showing how to run a database in a container._ {{% warning %}} This post is several years old. The code examples need changes to work on a current Kubernetes cluster. @@ -260,4 +261,3 @@ Happy Hacking! For more cool Kubernetes and Container blog posts, follow me on [Twitter](https://twitter.com/sandeepdinesh) and [Medium](https://medium.com/@SandeepDinesh). -_--Sandeep Dinesh, Developer Advocate, Google Cloud Platform._ diff --git a/content/en/blog/_posts/2017-01-00-Scaling-Kubernetes-Deployments-With-Policy-Base-Networking.md b/content/en/blog/_posts/2017-01-00-Scaling-Kubernetes-Deployments-With-Policy-Base-Networking.md index 3318aabd17..04bc2c3f8c 100644 --- a/content/en/blog/_posts/2017-01-00-Scaling-Kubernetes-Deployments-With-Policy-Base-Networking.md +++ b/content/en/blog/_posts/2017-01-00-Scaling-Kubernetes-Deployments-With-Policy-Base-Networking.md @@ -3,9 +3,9 @@ title: " Scaling Kubernetes deployments with Policy-Based Networking " date: 2017-01-19 slug: scaling-kubernetes-deployments-with-policy-base-networking url: /blog/2017/01/Scaling-Kubernetes-Deployments-With-Policy-Base-Networking +author: > + Harmeet Sahni (Nuage Networks) --- -_Editor's note: Today’s post is by Harmeet Sahni, Director of Product Management, at Nuage Networks, writing about their contributions to Kubernetes and insights on policy-based networking.  _ - Although it’s just been eighteen-months since Kubernetes 1.0 was released, we’ve seen Kubernetes emerge as the leading container orchestration platform for deploying distributed applications. One of the biggest reasons for this is the vibrant open source community that has developed around it. The large number of Kubernetes contributors come from diverse backgrounds means we, and the community of users, are assured that we are investing in an open platform. Companies like Google (Container Engine), Red Hat (OpenShift), and CoreOS (Tectonic) are developing their own commercial offerings based on Kubernetes. This is a good thing since it will lead to more standardization and offer choice to the users.  **Networking requirements for Kubernetes applications** @@ -54,5 +54,3 @@ Being able to monitor the traffic flowing between Kubernetes Pods is very useful Even though we started working on our integration with Kubernetes over a year ago, it feels we are just getting started. We have always felt that this is a truly open community and we want to be an integral part of it. You can find out more about our Kubernetes integration on our [GitHub page](https://github.com/nuagenetworks/nuage-kubernetes). - -_--Harmeet Sahni, Director of Product Management, Nuage Networks_ diff --git a/content/en/blog/_posts/2017-01-00-Stronger-Foundation-For-Creating-And-Managing-Kubernetes-Clusters.md b/content/en/blog/_posts/2017-01-00-Stronger-Foundation-For-Creating-And-Managing-Kubernetes-Clusters.md index b1cd384fca..2058cfa459 100644 --- a/content/en/blog/_posts/2017-01-00-Stronger-Foundation-For-Creating-And-Managing-Kubernetes-Clusters.md +++ b/content/en/blog/_posts/2017-01-00-Stronger-Foundation-For-Creating-And-Managing-Kubernetes-Clusters.md @@ -3,9 +3,9 @@ title: " A Stronger Foundation for Creating and Managing Kubernetes Clusters " date: 2017-01-12 slug: stronger-foundation-for-creating-and-managing-kubernetes-clusters url: /blog/2017/01/Stronger-Foundation-For-Creating-And-Managing-Kubernetes-Clusters +author: > + [Lucas Käldström](https://twitter.com/kubernetesonarm) (independent) --- -_Editor's note: Today’s post is by Lucas Käldström an independent Kubernetes maintainer and SIG-Cluster-Lifecycle member, sharing what the group has been building and what’s upcoming. _ - Last time you heard from us was in September, when we announced [kubeadm](https://kubernetes.io/blog/2016/09/how-we-made-kubernetes-easy-to-install). The work on making kubeadm a first-class citizen in the Kubernetes ecosystem has continued and evolved. Some of us also met before KubeCon and had a very productive meeting where we talked about what the scopes for our SIG, kubeadm, and kops are.  **Continuing to Define SIG-Cluster-Lifecycle** @@ -100,6 +100,3 @@ In short, we're excited on the roadmap ahead in bringing a lot of these improvem Thank you for all the feedback and contributions. I hope this has given you some insight in what we’re doing and encouraged you to join us at our meetings to say hi! - - -_-- [Lucas Käldström](https://twitter.com/kubernetesonarm), Independent Kubernetes maintainer and SIG-Cluster-Lifecycle member_ diff --git a/content/en/blog/_posts/2017-02-00-Caas-The-Foundation-For-Next-Gen-Paas.md b/content/en/blog/_posts/2017-02-00-Caas-The-Foundation-For-Next-Gen-Paas.md index 66c810591b..863f8d277c 100644 --- a/content/en/blog/_posts/2017-02-00-Caas-The-Foundation-For-Next-Gen-Paas.md +++ b/content/en/blog/_posts/2017-02-00-Caas-The-Foundation-For-Next-Gen-Paas.md @@ -3,12 +3,9 @@ title: " Containers as a Service, the foundation for next generation PaaS " date: 2017-02-21 slug: caas-the-foundation-for-next-gen-paas url: /blog/2017/02/Caas-The-Foundation-For-Next-Gen-Paas +author: > + [Brendan Burns](https://twitter.com/brendandburns) (Microsoft) --- - -_Today’s post is by Brendan Burns, Partner Architect, at Microsoft & Kubernetes co-founder._ - - - Containers are revolutionizing the way that people build, package and deploy software. But what is often overlooked is how they are revolutionizing the way that people build the software that builds, packages and deploys software. (it’s ok if you have to read that sentence twice…) Today, and in a talk at [Container World](https://tmt.knect365.com/container-world/) tomorrow, I’m taking a look at how container orchestrators like Kubernetes form the foundation for next generation platform as a service (PaaS). In particular, I’m interested in how cloud container as a service (CaaS) platforms like [Azure Container Service](https://azure.microsoft.com/en-us/services/container-service/), [Google Container Engine](https://cloud.google.com/container-engine/) and [others](/docs/getting-started-guides/#hosted-solutions) are becoming the new infrastructure layer that PaaS is built upon. To see this, it’s important to consider the set of services that have traditionally been provided by PaaS platforms: @@ -36,13 +33,6 @@ I’m thrilled to see how containers and container as a service is changing the - - -_--[Brendan Burns](https://twitter.com/brendandburns), Partner Architect, at Microsoft and co-founder of Kubernetes_ - - - - - Get involved with the Kubernetes project on [GitHub](https://github.com/kubernetes/kubernetes) - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) - [Download](http://get.k8s.io/) Kubernetes diff --git a/content/en/blog/_posts/2017-02-00-Highly-Available-Kubernetes-Clusters.md b/content/en/blog/_posts/2017-02-00-Highly-Available-Kubernetes-Clusters.md index 6d8a4a8a8b..1ae6f7dc5a 100644 --- a/content/en/blog/_posts/2017-02-00-Highly-Available-Kubernetes-Clusters.md +++ b/content/en/blog/_posts/2017-02-00-Highly-Available-Kubernetes-Clusters.md @@ -3,6 +3,8 @@ title: " Highly Available Kubernetes Clusters " date: 2017-02-02 slug: highly-available-kubernetes-clusters url: /blog/2017/02/Highly-Available-Kubernetes-Clusters +author: > + Jerzy Szczepkowski (Google) --- Today’s post shows how to set-up a reliable, highly available distributed Kubernetes cluster. The support for running such clusters on Google Compute Engine (GCE) was added as an alpha feature in [Kubernetes 1.5 release](https://kubernetes.io/blog/2016/12/kubernetes-1-5-supporting-production-workloads/). @@ -325,6 +327,3 @@ We have shown how, by adding worker node pools and master replicas, a Highly Ava - Connect with the community on [Slack](http://slack.k8s.io/) - Follow us on Twitter [@Kubernetesio](https://twitter.com/kubernetesio) for latest updates - - -_--Jerzy Szczepkowski, Software Engineer, Google_ diff --git a/content/en/blog/_posts/2017-02-00-Postgresql-Clusters-Kubernetes-Statefulsets.md b/content/en/blog/_posts/2017-02-00-Postgresql-Clusters-Kubernetes-Statefulsets.md index 63569bb4b4..30acb38335 100644 --- a/content/en/blog/_posts/2017-02-00-Postgresql-Clusters-Kubernetes-Statefulsets.md +++ b/content/en/blog/_posts/2017-02-00-Postgresql-Clusters-Kubernetes-Statefulsets.md @@ -3,6 +3,8 @@ title: " Deploying PostgreSQL Clusters using StatefulSets " date: 2017-02-24 slug: postgresql-clusters-kubernetes-statefulsets url: /blog/2017/02/Postgresql-Clusters-Kubernetes-Statefulsets +author: > + Jeff McCormick ([Crunchy Data](http://crunchydata.com/)) --- _Editor’s note: Today’s guest post is by Jeff McCormick, a developer at Crunchy Data, showing how to build a PostgreSQL cluster using the new Kubernetes StatefulSet feature._ @@ -306,7 +308,3 @@ The container is designed to create a subdirectory on that path using the pod ho StatefulSets is an exciting feature added to Kubernetes for container builders that are implementing clustering. The ordinal values assigned to the set provide a very simple mechanism to make clustering decisions when deploying a PostgreSQL cluster. - - - -_--Jeff McCormick, Developer, [Crunchy Data](http://crunchydata.com/)_ diff --git a/content/en/blog/_posts/2017-02-00-Run-Deep-Learning-With-Paddlepaddle-On-Kubernetes.md b/content/en/blog/_posts/2017-02-00-Run-Deep-Learning-With-Paddlepaddle-On-Kubernetes.md index bae95f2c0d..3e76f543df 100644 --- a/content/en/blog/_posts/2017-02-00-Run-Deep-Learning-With-Paddlepaddle-On-Kubernetes.md +++ b/content/en/blog/_posts/2017-02-00-Run-Deep-Learning-With-Paddlepaddle-On-Kubernetes.md @@ -3,12 +3,11 @@ title: " Run Deep Learning with PaddlePaddle on Kubernetes " date: 2017-02-08 slug: run-deep-learning-with-paddlepaddle-on-kubernetes url: /blog/2017/02/Run-Deep-Learning-With-Paddlepaddle-On-Kubernetes +author: > + Yi Wang ([Baidu Research](http://research.baidu.com/)), + Xiang Li ([CoreOS](https://coreos.com/)) --- -_Editor's note: Today's post is a joint post from the deep learning team at Baidu and the etcd team at CoreOS._ - - - **[![](https://3.bp.blogspot.com/-Mwn3FU9hffI/WJk8QBxA6SI/AAAAAAAAA8w/AS5QoMdPTN8bL9jnixlsCXzj1IfYerhRQCLcB/s200/baidu_research_logo_rgb.png)](https://3.bp.blogspot.com/-Mwn3FU9hffI/WJk8QBxA6SI/AAAAAAAAA8w/AS5QoMdPTN8bL9jnixlsCXzj1IfYerhRQCLcB/s1600/baidu_research_logo_rgb.png)** @@ -159,9 +158,6 @@ Another potential improvement is better PaddlePaddle job configuration. Our expe PaddlePaddle trainers can utilize multiple GPUs to accelerate computations. GPU is not a first class resource in Kubernetes yet. We have to manage GPUs semi-manually. We would love to work with Kubernetes community to improve GPU support to ensure PaddlePaddle runs the best on Kubernetes. -_--Yi Wang, [Baidu Research](http://research.baidu.com/) and Xiang Li, [CoreOS](https://coreos.com/)_ - - - [Download](http://get.k8s.io/) Kubernetes - Get involved with the Kubernetes project on [GitHub](https://github.com/kubernetes/kubernetes) diff --git a/content/en/blog/_posts/2017-03-00-Advanced-Scheduling-In-Kubernetes.md b/content/en/blog/_posts/2017-03-00-Advanced-Scheduling-In-Kubernetes.md index 722b1e59b0..3f6a2306b3 100644 --- a/content/en/blog/_posts/2017-03-00-Advanced-Scheduling-In-Kubernetes.md +++ b/content/en/blog/_posts/2017-03-00-Advanced-Scheduling-In-Kubernetes.md @@ -3,6 +3,9 @@ title: " Advanced Scheduling in Kubernetes " date: 2017-03-31 slug: advanced-scheduling-in-kubernetes url: /blog/2017/03/Advanced-Scheduling-In-Kubernetes +author: > + Ian Lewis (Google), + David Oppenheimer (Google) --- _Editor’s note: this post is part of a [series of in-depth articles](https://kubernetes.io/blog/2017/03/five-days-of-kubernetes-1-6) on what's new in Kubernetes 1.6_ @@ -227,6 +230,3 @@ Share your voice at our weekly [community meeting](https://github.com/kubernetes Many thanks for your contributions. - - -_--Ian Lewis, Developer Advocate, and David Oppenheimer, Software Engineer, Google_ diff --git a/content/en/blog/_posts/2017-03-00-Dynamic-Provisioning-And-Storage-Classes-Kubernetes.md b/content/en/blog/_posts/2017-03-00-Dynamic-Provisioning-And-Storage-Classes-Kubernetes.md index d8893fff0e..83cfafd8b6 100644 --- a/content/en/blog/_posts/2017-03-00-Dynamic-Provisioning-And-Storage-Classes-Kubernetes.md +++ b/content/en/blog/_posts/2017-03-00-Dynamic-Provisioning-And-Storage-Classes-Kubernetes.md @@ -3,6 +3,10 @@ title: " Dynamic Provisioning and Storage Classes in Kubernetes " date: 2017-03-29 slug: dynamic-provisioning-and-storage-classes-kubernetes url: /blog/2017/03/Dynamic-Provisioning-And-Storage-Classes-Kubernetes +author: > + Saad Ali (Google), + Michelle Au (Google), + Matthew De Lio (Google) --- _Editor’s note: this post is part of a [series of in-depth articles](https://kubernetes.io/blog/2017/03/five-days-of-kubernetes-1-6) on what's new in Kubernetes 1.6_ @@ -203,8 +207,6 @@ Yes, you can assign a StorageClass to an existing PV by editing the appropriate **What happens if I delete a PersistentVolumeClaim (PVC)?** If the volume was dynamically provisioned, then the default reclaim policy is set to “delete”. This means that, by default, when the PVC is deleted, the underlying PV and storage asset will also be deleted. If you want to retain the data stored on the volume, then you must change the reclaim policy from “delete” to “retain” after the PV is provisioned. -_--Saad Ali & Michelle Au, Software Engineers, and Matthew De Lio, Product Manager, Google_ - - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) - Join the community portal for advocates on [K8sPort](http://k8sport.org/) diff --git a/content/en/blog/_posts/2017-03-00-K8Sport-Engaging-The-Kubernetes-Community.md b/content/en/blog/_posts/2017-03-00-K8Sport-Engaging-The-Kubernetes-Community.md index 721d1363c8..78229a99d4 100644 --- a/content/en/blog/_posts/2017-03-00-K8Sport-Engaging-The-Kubernetes-Community.md +++ b/content/en/blog/_posts/2017-03-00-K8Sport-Engaging-The-Kubernetes-Community.md @@ -3,8 +3,9 @@ title: " The K8sPort: Engaging Kubernetes Community One Activity at a Time " date: 2017-03-24 slug: k8sport-engaging-the-kubernetes-community url: /blog/2017/03/K8Sport-Engaging-The-Kubernetes-Community +author: > + Ryan Quackenbush (Apprenda) --- -_Editor's note: Today’s post is by Ryan Quackenbush, Advocacy Programs Manager at Apprenda, showing a new community portal for Kubernetes advocates: the K8sPort._ The [**K8sPort**](http://k8sport.org/) is a hub designed to help you, the Kubernetes community, earn credit for the hard work you’re putting forth in making this one of the most successful open source projects ever. Back at KubeCon Seattle in November, I [presented](https://youtu.be/LwViH5eLoOI) a lightning talk of a preview of K8sPort. @@ -43,9 +44,3 @@ If you’re interested in joining the advocacy hub, please join us at [k8sport.o For a quick walkthrough on K8sPort authentication and the hub itself, see this quick demo, below. - - - - - -_--Ryan Quackenbush, Advocacy Programs Manager, Apprenda_ diff --git a/content/en/blog/_posts/2017-03-00-Kubernetes-1-6-Multi-User-Multi-Workloads-At-Scale.md b/content/en/blog/_posts/2017-03-00-Kubernetes-1-6-Multi-User-Multi-Workloads-At-Scale.md index ab44cdb4c4..5ea0dd35c4 100644 --- a/content/en/blog/_posts/2017-03-00-Kubernetes-1-6-Multi-User-Multi-Workloads-At-Scale.md +++ b/content/en/blog/_posts/2017-03-00-Kubernetes-1-6-Multi-User-Multi-Workloads-At-Scale.md @@ -3,8 +3,12 @@ title: " Kubernetes 1.6: Multi-user, Multi-workloads at Scale " date: 2017-03-28 slug: kubernetes-1.6-multi-user-multi-workloads-at-scale url: /blog/2017/03/Kubernetes-1-6-Multi-User-Multi-Workloads-At-Scale +author: > + Aparna Sinha (Google) --- -Today we’re announcing the release of Kubernetes 1.6. +_This article is by Aparna Sinha on behalf of the Kubernetes 1.6 release team._ + +Today we’re announcing the release of Kubernetes 1.6. In this release the community’s focus is on scale and automation, to help you deploy multiple workloads to multiple users on a cluster. We are announcing that 5,000 node clusters are supported. We moved dynamic storage provisioning to _stable_. Role-based access control ([RBAC](/docs/reference/access-authn-authz/rbac/)), [kubefed](/docs/tutorials/federation/set-up-cluster-federation-kubefed/), [kubeadm](/docs/getting-started-guides/kubeadm/), and several scheduling features are moving to _beta_. We have also added intelligent defaults throughout to enable greater automation out of the box. @@ -106,7 +110,4 @@ Share your voice at our weekly [community meeting](https://github.com/kubernetes Many thanks for your contributions and advocacy! - -_-- Aparna Sinha, Senior Product Manager, Kubernetes, Google_ - _**PS: read this [series of in-depth articles](https://kubernetes.io/blog/2017/03/five-days-of-kubernetes-1-6) on what's new in Kubernetes 1.6**_ diff --git a/content/en/blog/_posts/2017-03-00-Scalability-Updates-In-Kubernetes-1-6.md b/content/en/blog/_posts/2017-03-00-Scalability-Updates-In-Kubernetes-1-6.md index 4f9b28f40e..bd211665d6 100644 --- a/content/en/blog/_posts/2017-03-00-Scalability-Updates-In-Kubernetes-1-6.md +++ b/content/en/blog/_posts/2017-03-00-Scalability-Updates-In-Kubernetes-1-6.md @@ -3,6 +3,8 @@ title: " Scalability updates in Kubernetes 1.6: 5,000 node and 150,000 pod clust date: 2017-03-30 slug: scalability-updates-in-kubernetes-1.6 url: /blog/2017/03/Scalability-Updates-In-Kubernetes-1-6 +author: > + Wojciech Tyczynski (Google) --- _Editor’s note: this post is part of a [series of in-depth articles](https://kubernetes.io/blog/2017/03/five-days-of-kubernetes-1-6) on what's new in Kubernetes 1.6_ @@ -80,9 +82,5 @@ If you are interested in scalability and performance, please join our community - Join our Special Interest Group, [SIG-Scalability](https://github.com/kubernetes/community/blob/master/sig-scalability/README.md), which meets every Thursday at 9:00 AM PST Thanks for the support and contributions! Read more in-depth posts on what's new in Kubernetes 1.6 [here](https://kubernetes.io/blog/2017/03/five-days-of-kubernetes-1-6). -_-- Wojciech Tyczynski, Software Engineer, Google_ - - - [1] We are investigating why 5000-node clusters have better startup time than 2000-node clusters. The current theory is that it is related to running 5000-node experiments using 64-core master and 2000-node experiments using 32-core master. diff --git a/content/en/blog/_posts/2017-04-00-Configuring-Private-Dns-Zones-Upstream-Nameservers-Kubernetes.md b/content/en/blog/_posts/2017-04-00-Configuring-Private-Dns-Zones-Upstream-Nameservers-Kubernetes.md index c95216d423..9bfdd1270d 100644 --- a/content/en/blog/_posts/2017-04-00-Configuring-Private-Dns-Zones-Upstream-Nameservers-Kubernetes.md +++ b/content/en/blog/_posts/2017-04-00-Configuring-Private-Dns-Zones-Upstream-Nameservers-Kubernetes.md @@ -3,6 +3,9 @@ title: " Configuring Private DNS Zones and Upstream Nameservers in Kubernetes " date: 2017-04-04 slug: configuring-private-dns-zones-upstream-nameservers-kubernetes url: /blog/2017/04/Configuring-Private-Dns-Zones-Upstream-Nameservers-Kubernetes +author: > + Bowei Du (Google), + Matthew DeLio (Google) --- _Editor’s note: this post is part of a [series of in-depth articles](https://kubernetes.io/blog/2017/03/five-days-of-kubernetes-1-6) on what's new in Kubernetes 1.6_ @@ -138,13 +141,6 @@ If you’d like to contribute or simply help provide feedback and drive the road Thanks for your support and contributions. Read more in-depth posts on what's new in Kubernetes 1.6 [here](https://kubernetes.io/blog/2017/03/five-days-of-kubernetes-1-6). - - - -_--Bowei Du, Software Engineer and Matthew DeLio, Product Manager, Google_ - - - - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) - Join the community portal for advocates on [K8sPort](http://k8sport.org/) - Get involved with the Kubernetes project on [GitHub](https://github.com/kubernetes/kubernetes) diff --git a/content/en/blog/_posts/2017-04-00-Multi-Stage-Canary-Deployments-With-Kubernetes-In-The-Cloud-Onprem.md b/content/en/blog/_posts/2017-04-00-Multi-Stage-Canary-Deployments-With-Kubernetes-In-The-Cloud-Onprem.md index f46e9aac0c..7a362201a7 100644 --- a/content/en/blog/_posts/2017-04-00-Multi-Stage-Canary-Deployments-With-Kubernetes-In-The-Cloud-Onprem.md +++ b/content/en/blog/_posts/2017-04-00-Multi-Stage-Canary-Deployments-With-Kubernetes-In-The-Cloud-Onprem.md @@ -3,9 +3,9 @@ title: " How Bitmovin is Doing Multi-Stage Canary Deployments with Kubernetes in date: 2017-04-21 slug: multi-stage-canary-deployments-with-kubernetes-in-the-cloud-onprem url: /blog/2017/04/Multi-Stage-Canary-Deployments-With-Kubernetes-In-The-Cloud-Onprem +author: > + Daniel Hoelbling-Inzko (Bitmovin) --- -_Editor's Note: Today’s post is by Daniel Hoelbling-Inzko, Infrastructure Architect at Bitmovin, a company that provides services that transcode digital video and audio to streaming formats, sharing insights about their use of Kubernetes._ - Running a large scale video encoding infrastructure on multiple public clouds is tough. At [Bitmovin](http://bitmovin.com/), we have been doing it successfully for the last few years, but from an engineering perspective, it’s neither been enjoyable nor particularly fun. So obviously, one of the main things that really sold us on using Kubernetes, was it’s common abstraction from the different supported cloud providers and the well thought out programming interface it provides. More importantly, the Kubernetes project did not settle for the lowest common denominator approach. Instead, they added the necessary abstract concepts that are required and useful to run containerized workloads in a cloud and then did all the hard work to map these concepts to the different cloud providers and their offerings. @@ -206,11 +206,6 @@ To summarize this post - by migrating our infrastructure to Kubernetes, Bitmovin We want to thank the Kubernetes community for the incredible job they have done with the project. The velocity at which the project moves is just breathtaking! Maintaining such a high level of quality and robustness in such a diverse environment is really astonishing. - -_--Daniel Hoelbling-Inzko, Infrastructure Architect, Bitmovin_ - - - - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) - Join the community portal for advocates on [K8sPort](http://k8sport.org/) - Get involved with the Kubernetes project on [GitHub](https://github.com/kubernetes/kubernetes) diff --git a/content/en/blog/_posts/2017-04-00-Rbac-Support-In-Kubernetes.md b/content/en/blog/_posts/2017-04-00-Rbac-Support-In-Kubernetes.md index ad6461ef92..4966f21b30 100644 --- a/content/en/blog/_posts/2017-04-00-Rbac-Support-In-Kubernetes.md +++ b/content/en/blog/_posts/2017-04-00-Rbac-Support-In-Kubernetes.md @@ -3,6 +3,10 @@ title: " RBAC Support in Kubernetes " date: 2017-04-06 slug: rbac-support-in-kubernetes url: /blog/2017/04/Rbac-Support-In-Kubernetes +author: > + Jacob Simpson (Google), + Greg Castle (Google), + CJ Cullen (Google) --- _Editor’s note: this post is part of a [series of in-depth articles](https://kubernetes.io/blog/2017/03/five-days-of-kubernetes-1-6) on what's new in Kubernetes 1.6_ @@ -116,14 +120,6 @@ Thanks for your support and contributions. Read more in-depth posts on what's ne - - -_-- Jacob Simpson, Greg Castle & CJ Cullen, Software Engineers at Google_ - - - - - - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) - Join the community portal for advocates on [K8sPort](http://k8sport.org/) - Get involved with the Kubernetes project on [GitHub](https://github.com/kubernetes/kubernetes) diff --git a/content/en/blog/_posts/2017-05-00-Draft-Kubernetes-Container-Development.md b/content/en/blog/_posts/2017-05-00-Draft-Kubernetes-Container-Development.md index 8ce932878f..92518661be 100644 --- a/content/en/blog/_posts/2017-05-00-Draft-Kubernetes-Container-Development.md +++ b/content/en/blog/_posts/2017-05-00-Draft-Kubernetes-Container-Development.md @@ -3,9 +3,9 @@ title: " Draft: Kubernetes container development made easy " date: 2017-05-31 slug: draft-kubernetes-container-development url: /blog/2017/05/Draft-Kubernetes-Container-Development +author: > + Brendan Burns (Microsoft Azure) --- -_Today's post is by __Brendan Burns, Director of Engineering at Microsoft Azure and Kubernetes co-founder._ - About a month ago Microsoft announced the acquisition of Deis to expand our expertise in containers and Kubernetes. Today, I’m excited to announce a new open source project derived from this newly expanded Azure team: Draft. While by now the strengths of Kubernetes for deploying and managing applications at scale are well understood. The process of developing a new application for Kubernetes is still too hard. It’s harder still if you are new to containers, Kubernetes, or developing cloud applications. @@ -182,15 +182,6 @@ Now when we run curl http://$SERVICE\_IP, our first app has been deployed and up We hope this gives you a sense for everything that Draft can do to streamline development for Kubernetes. Happy drafting! - -_--Brendan Burns, Director of Engineering, Microsoft Azure_ - - - - - - - - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) - Join the community portal for advocates on [K8sPort](http://k8sport.org/) - Follow us on Twitter [@Kubernetesio](https://twitter.com/kubernetesio) for latest updates diff --git a/content/en/blog/_posts/2017-05-00-Kubernetes-Monitoring-Guide.md b/content/en/blog/_posts/2017-05-00-Kubernetes-Monitoring-Guide.md index c5f1147072..90c731ad40 100644 --- a/content/en/blog/_posts/2017-05-00-Kubernetes-Monitoring-Guide.md +++ b/content/en/blog/_posts/2017-05-00-Kubernetes-Monitoring-Guide.md @@ -3,10 +3,9 @@ title: " Kubernetes: a monitoring guide " date: 2017-05-19 slug: kubernetes-monitoring-guide url: /blog/2017/05/Kubernetes-Monitoring-Guide +author: > + Jean-Mathieu Saponaro (Datadog) --- -_Today’s post is by Jean-Mathieu Saponaro, Research & Analytics Engineer at Datadog, discussing what Kubernetes changes for monitoring, and how you can prepare to properly monitor a containerized infrastructure orchestrated by Kubernetes._ - - Container technologies are taking the infrastructure world by storm. While containers solve or simplify infrastructure management processes, they also introduce significant complexity in terms of orchestration. That’s where Kubernetes comes to our rescue. Just like a conductor directs an orchestra, [Kubernetes](/docs/concepts/overview/what-is-kubernetes/) oversees our ensemble of containers—starting, stopping, creating, and destroying them automatically to keep our applications humming along. Kubernetes makes managing a containerized infrastructure much easier by creating levels of abstractions such as [pods](/docs/concepts/workloads/pods/pod/) and [services](/docs/concepts/services-networking/service/). We no longer have to worry about where applications are running or if they have enough resources to work properly. But that doesn’t change the fact that, in order to ensure good performance, we need to monitor our applications, the containers running them, and Kubernetes itself. @@ -73,11 +72,6 @@ Using Kubernetes drastically simplifies container management. But it requires us   - -_--Jean-Mathieu Saponaro, Research & Analytics Engineer, Datadog_ - - - - Get involved with the Kubernetes project on [GitHub](https://github.com/kubernetes/kubernetes)  - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes)  - Connect with the community on [Slack](http://slack.k8s.io/) diff --git a/content/en/blog/_posts/2017-05-00-Kubernetes-Security-Process-Explained.md b/content/en/blog/_posts/2017-05-00-Kubernetes-Security-Process-Explained.md index 59c0616571..ce138d36bb 100644 --- a/content/en/blog/_posts/2017-05-00-Kubernetes-Security-Process-Explained.md +++ b/content/en/blog/_posts/2017-05-00-Kubernetes-Security-Process-Explained.md @@ -3,10 +3,10 @@ title: " Dancing at the Lip of a Volcano: The Kubernetes Security Process - Expl date: 2017-05-18 slug: kubernetes-security-process-explained url: /blog/2017/05/Kubernetes-Security-Process-Explained +author: > + Brandon Philips (CoreOS), + Jess Frazelle (Google) --- -_Editor's note: Today’s post is by  __Jess Frazelle of Google and Brandon Philips of CoreOS about the Kubernetes security disclosures and response policy.__  _ - - Software running on servers underpins ever growing amounts of the world's commerce, communications, and physical infrastructure. And nearly all of these systems are connected to the internet; which means vital security updates must be applied rapidly. As software developers and IT professionals, we often find ourselves dancing on the edge of a volcano: we may either fall into magma induced oblivion from a security vulnerability exploited before we can fix it, or we may slide off the side of the mountain because of an inadequate process to address security vulnerabilities.  The Kubernetes community believes that we can help teams restore their footing on this volcano with a foundation built on Kubernetes. And the bedrock of this foundation requires a process for quickly acknowledging, patching, and releasing security updates to an ever growing community of Kubernetes users.  @@ -26,10 +26,7 @@ As we [continue to harden Kubernetes](https://lwn.net/Articles/720215/), the sec As a thank you to the Kubernetes community, a special 25 percent discount to CoreOS Fest is available using k8s25code or via this special [25 percent off link](https://coreosfest17.eventbrite.com/?discount=k8s25code) to register today for CoreOS Fest 2017.  -_--Brandon Philips of CoreOS and Jess Frazelle of Google_ - - - + - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) - Join the community portal for advocates on [K8sPort](http://k8sport.org/) - Follow us on Twitter [@Kubernetesio](https://twitter.com/kubernetesio) for latest updates diff --git a/content/en/blog/_posts/2017-05-00-Kubespray-Ansible-Collaborative-Kubernetes-Ops.md b/content/en/blog/_posts/2017-05-00-Kubespray-Ansible-Collaborative-Kubernetes-Ops.md index c6e4007d9a..7db028c7f3 100644 --- a/content/en/blog/_posts/2017-05-00-Kubespray-Ansible-Collaborative-Kubernetes-Ops.md +++ b/content/en/blog/_posts/2017-05-00-Kubespray-Ansible-Collaborative-Kubernetes-Ops.md @@ -3,8 +3,9 @@ title: " Kubespray Ansible Playbooks foster Collaborative Kubernetes Ops " date: 2017-05-19 slug: kubespray-ansible-collaborative-kubernetes-ops url: /blog/2017/05/Kubespray-Ansible-Collaborative-Kubernetes-Ops +author: > + Rob Hirschfeld (RackN) --- -_Today’s guest post is by Rob Hirschfeld, co-founder of open infrastructure automation project, Digital Rebar and co-chair of the SIG Cluster Ops.  _ **Why Kubespray?** @@ -107,11 +108,6 @@ With Kubespray and Digital Rebar as a repeatable base, extensions get much faste If this is interesting, please engage with us in the [Cluster Ops SIG](https://github.com/kubernetes/community/tree/master/sig-cluster-ops), [Kubespray](https://github.com/kubernetes-incubator/kubespray) or [Digital Rebar](http://rebar.digital/) communities.  -_-- Rob Hirschfeld, co-founder of RackN and co-chair of the Cluster Ops SIG_ - - - - - Get involved with the Kubernetes project on [GitHub](https://github.com/kubernetes/kubernetes) - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) diff --git a/content/en/blog/_posts/2017-06-00-Kubernetes-1-7-Security-Hardening-Stateful-Application-Extensibility-Updates.md b/content/en/blog/_posts/2017-06-00-Kubernetes-1-7-Security-Hardening-Stateful-Application-Extensibility-Updates.md index e80f557011..8e1e32d9cf 100644 --- a/content/en/blog/_posts/2017-06-00-Kubernetes-1-7-Security-Hardening-Stateful-Application-Extensibility-Updates.md +++ b/content/en/blog/_posts/2017-06-00-Kubernetes-1-7-Security-Hardening-Stateful-Application-Extensibility-Updates.md @@ -3,8 +3,13 @@ title: " Kubernetes 1.7: Security Hardening, Stateful Application Updates and Ex date: 2017-06-30 slug: kubernetes-1.7-security-hardening-stateful-application-extensibility-updates url: /blog/2017/06/Kubernetes-1-7-Security-Hardening-Stateful-Application-Extensibility-Updates +author: > + Aparna Sinha (Google), + Ihor Dvoretskyi (Mirantis) --- -Today we’re announcing Kubernetes 1.7, a milestone release that adds security, storage and extensibility features motivated by widespread production use of Kubernetes in the most demanding enterprise environments.  +_This article is by Aparna Sinha and Ihor Dvoretskyi, on behalf of the Kubernetes 1.7 release team._ + +Today we’re announcing Kubernetes 1.7, a milestone release that adds security, storage and extensibility features motivated by widespread production use of Kubernetes in the most demanding enterprise environments. At-a-glance, security enhancements in this release include encrypted secrets, network policy for pod-to-pod communication, node authorizer to limit kubelet access and client / server TLS certificate rotation.  @@ -77,5 +82,3 @@ The simplest way to get involved is joining one of the many [Special Interest Gr Many thanks to our vast community of contributors and supporters in making this and all releases possible. - -_-- Aparna Sinha, Group Product Manager, Kubernetes Google and Ihor Dvoretskyi, Program Manager, Kubernetes Mirantis_ diff --git a/content/en/blog/_posts/2017-07-00-How-Watson-Health-Cloud-Deploys.md b/content/en/blog/_posts/2017-07-00-How-Watson-Health-Cloud-Deploys.md index b931ec336a..8ba9154a4c 100644 --- a/content/en/blog/_posts/2017-07-00-How-Watson-Health-Cloud-Deploys.md +++ b/content/en/blog/_posts/2017-07-00-How-Watson-Health-Cloud-Deploys.md @@ -3,6 +3,8 @@ title: " How Watson Health Cloud Deploys Applications with Kubernetes " date: 2017-07-14 slug: how-watson-health-cloud-deploys url: /blog/2017/07/How-Watson-Health-Cloud-Deploys +author: > + Sandhya Kapoor (IBM) --- Today’s post is by [Sandhya Kapoor](https://www.linkedin.com/in/sandhyakapoor/), Senior Technologist, Watson Platform for Health, IBM @@ -141,11 +143,6 @@ Exposing services with Ingress: To expose our services to outside the cluster, we used Ingress. In IBM Cloud Kubernetes Service, if we create a paid cluster, an Ingress controller is automatically installed for us to use. We were able to access services through Ingress by creating a YAML resource file that specifies the service path. - -–Sandhya Kapoor, Senior Technologist, Watson Platform for Health, IBM - - - - Post questions (or answer questions) on [Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) - Join the community portal for advocates on [K8sPort](http://k8sport.org/) - Follow us on Twitter [@Kubernetesio](https://twitter.com/kubernetesio) for latest updates diff --git a/content/en/blog/_posts/2017-08-00-High-Performance-Networking-With-Ec2.md b/content/en/blog/_posts/2017-08-00-High-Performance-Networking-With-Ec2.md index 181af0aa58..8f56af750d 100644 --- a/content/en/blog/_posts/2017-08-00-High-Performance-Networking-With-Ec2.md +++ b/content/en/blog/_posts/2017-08-00-High-Performance-Networking-With-Ec2.md @@ -3,6 +3,9 @@ title: " High Performance Networking with EC2 Virtual Private Clouds " date: 2017-08-11 slug: high-performance-networking-with-ec2 url: /blog/2017/08/High-Performance-Networking-With-Ec2 +author: > + Juergen Brendel (Pani Networks) + Chris Marino (Pani Networks) --- @@ -71,7 +74,3 @@ When using Romana v2.0, native VPC networking is now available for clusters of a ![](https://archive.org/download/hpc-ec2-vpc-2/hpc-ec2-vpc-2.png) - - - --- _Juergen Brendel and Chris Marino, co-founders of Pani Networks, sponsor of the Romana project_ diff --git a/content/en/blog/_posts/2017-08-00-Kompose-Helps-Developers-Move-Docker.md b/content/en/blog/_posts/2017-08-00-Kompose-Helps-Developers-Move-Docker.md index b94ac8b693..544d1dc11e 100644 --- a/content/en/blog/_posts/2017-08-00-Kompose-Helps-Developers-Move-Docker.md +++ b/content/en/blog/_posts/2017-08-00-Kompose-Helps-Developers-Move-Docker.md @@ -3,8 +3,9 @@ title: " Kompose Helps Developers Move Docker Compose Files to Kubernetes " date: 2017-08-10 slug: kompose-helps-developers-move-docker url: /blog/2017/08/Kompose-Helps-Developers-Move-Docker +author: > + Charlie Drage (Red Hat) --- -_Editor's note: today's post is by Charlie Drage, Software Engineer at Red Hat giving an update about the Kubernetes project Kompose._ I'm pleased to announce that [Kompose](https://github.com/kubernetes/kompose), a conversion tool for developers to transition Docker Compose applications to Kubernetes, has graduated from the [Kubernetes Incubator](https://github.com/kubernetes/community/blob/master/incubator.md) to become an official part of the project. @@ -147,10 +148,6 @@ As we continue development, we will strive to convert as many Docker Compose key - [Kompose Documentation](https://github.com/kubernetes/kompose/tree/master/docs) - ---Charlie Drage, Software Engineer, Red Hat - - - Post questions (or answer questions) on[Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes) - Join the community portal for advocates on[K8sPort](http://k8sport.org/) - Follow us on Twitter[@Kubernetesio](https://twitter.com/kubernetesio) for latest updates diff --git a/content/en/blog/_posts/2017-08-00-Kubernetes-Meets-High-Performance.md b/content/en/blog/_posts/2017-08-00-Kubernetes-Meets-High-Performance.md index 08de339bb9..6ad3823a97 100644 --- a/content/en/blog/_posts/2017-08-00-Kubernetes-Meets-High-Performance.md +++ b/content/en/blog/_posts/2017-08-00-Kubernetes-Meets-High-Performance.md @@ -3,8 +3,9 @@ title: " Kubernetes Meets High-Performance Computing " date: 2017-08-22 slug: kubernetes-meets-high-performance url: /blog/2017/08/Kubernetes-Meets-High-Performance +author: > + Robert Lalonde (Univa) --- -Editor's note: today's post is by Robert Lalonde, general manager at Univa, on supporting mixed HPC and containerized applications   Anyone who has worked with Docker can appreciate the enormous gains in efficiency achievable with containers. While Kubernetes excels at orchestrating containers, high-performance computing (HPC) applications can be tricky to deploy on Kubernetes. diff --git a/content/en/blog/_posts/2017-09-00-Introducing-Resource-Management-Working.md b/content/en/blog/_posts/2017-09-00-Introducing-Resource-Management-Working.md index 4c1ff8183a..5a907b7c9e 100644 --- a/content/en/blog/_posts/2017-09-00-Introducing-Resource-Management-Working.md +++ b/content/en/blog/_posts/2017-09-00-Introducing-Resource-Management-Working.md @@ -3,8 +3,9 @@ title: " Introducing the Resource Management Working Group " date: 2017-09-21 slug: introducing-resource-management-working url: /blog/2017/09/Introducing-Resource-Management-Working +author: > + Jeremy Eder (Red Hat) --- -_**Editor's note: today's post is by Jeremy Eder, Senior Principal Software Engineer at Red Hat, on the formation of the Resource Management Working Group**_ ## Why are we here? Kubernetes has evolved to support diverse and increasingly complex classes of applications. We can onboard and scale out modern, cloud-native web applications based on microservices, batch jobs, and stateful applications with persistent storage requirements. diff --git a/content/en/blog/_posts/2017-09-00-Kubernetes-18-Security-Workloads-And.md b/content/en/blog/_posts/2017-09-00-Kubernetes-18-Security-Workloads-And.md index e2f031f8a5..870ad747e3 100644 --- a/content/en/blog/_posts/2017-09-00-Kubernetes-18-Security-Workloads-And.md +++ b/content/en/blog/_posts/2017-09-00-Kubernetes-18-Security-Workloads-And.md @@ -4,11 +4,10 @@ date: 2017-09-29 slug: kubernetes-18-security-workloads-and url: /blog/2017/09/Kubernetes-18-Security-Workloads-And evergreen: true +author: > + [Kubernetes v1.8 Release Team](https://github.com/kubernetes/sig-release/blob/master/releases/release-1.8/release_team.md) --- -**Authors:** Kubernetes v1.8 release team - - We’re pleased to announce the delivery of Kubernetes 1.8, our third release this year. Kubernetes 1.8 represents a snapshot of many exciting enhancements and refinements underway. In addition to functional improvements, we’re increasing project-wide focus on maturing [process](https://github.com/kubernetes/sig-release), formalizing [architecture](https://github.com/kubernetes/community/tree/master/sig-architecture), and strengthening Kubernetes’ [governance model](https://github.com/kubernetes/community/tree/master/community/elections/2017). The evolution of mature processes clearly signals that sustainability is a driving concern, and helps to ensure that Kubernetes is a viable and thriving project far into the future. diff --git a/content/en/blog/_posts/2017-09-00-Kubernetes-Statefulsets-Daemonsets.md b/content/en/blog/_posts/2017-09-00-Kubernetes-Statefulsets-Daemonsets.md index 67f3e084cc..cb20fc8736 100644 --- a/content/en/blog/_posts/2017-09-00-Kubernetes-Statefulsets-Daemonsets.md +++ b/content/en/blog/_posts/2017-09-00-Kubernetes-Statefulsets-Daemonsets.md @@ -4,9 +4,10 @@ title: " Kubernetes StatefulSets & DaemonSets Updates " date: 2017-09-27 slug: kubernetes-statefulsets-daemonsets url: /blog/2017/09/Kubernetes-Statefulsets-Daemonsets +author: > + Janet Kuo (Google), + Kenneth Owens (Kenneth Owens) --- -Editor's note: today's post is by Janet Kuo and Kenneth Owens, Software Engineers at Google. - This post talks about recent updates to the [DaemonSet](/docs/concepts/workloads/controllers/daemonset/) and [StatefulSet](/docs/concepts/workloads/controllers/statefulset/) API objects for Kubernetes. We explore these features using [Apache ZooKeeper](https://zookeeper.apache.org/) and [Apache Kafka](https://kafka.apache.org/) StatefulSets and a [Prometheus node exporter](https://github.com/prometheus/node_exporter) DaemonSet. diff --git a/content/en/blog/_posts/2017-09-00-Windows-Networking-At-Parity-With-Linux.md b/content/en/blog/_posts/2017-09-00-Windows-Networking-At-Parity-With-Linux.md index 14d7aae14e..6f746457ee 100644 --- a/content/en/blog/_posts/2017-09-00-Windows-Networking-At-Parity-With-Linux.md +++ b/content/en/blog/_posts/2017-09-00-Windows-Networking-At-Parity-With-Linux.md @@ -3,8 +3,9 @@ title: " Windows Networking at Parity with Linux for Kubernetes " date: 2017-09-08 slug: windows-networking-at-parity-with-linux url: /blog/2017/09/Windows-Networking-At-Parity-With-Linux +author: > + Jason Messer (Microsoft) --- -_**Editor's note: today's post is by Jason Messer, Principal PM Manager at Microsoft, on improvements to the Windows network stack to support the Kubernetes CNI model.**_ Since I last blogged about [Kubernetes Networking for Windows](https://blogs.technet.microsoft.com/networking/2017/04/04/windows-networking-for-kubernetes/) four months ago, the Windows Core Networking team has made tremendous progress in both the platform and open source Kubernetes projects. With the updates, Windows is now on par with Linux in terms of networking. Customers can now deploy mixed-OS, Kubernetes clusters in any environment including Azure, on-premises, and on 3rd-party cloud stacks with the same network primitives and topologies supported on Linux without any workarounds, “hacks”, or 3rd-party switch extensions. diff --git a/content/en/blog/_posts/2017-10-00-Enforcing-Network-Policies-In-Kubernetes.md b/content/en/blog/_posts/2017-10-00-Enforcing-Network-Policies-In-Kubernetes.md index acbae0265c..acc6f2c896 100644 --- a/content/en/blog/_posts/2017-10-00-Enforcing-Network-Policies-In-Kubernetes.md +++ b/content/en/blog/_posts/2017-10-00-Enforcing-Network-Policies-In-Kubernetes.md @@ -3,8 +3,10 @@ title: " Enforcing Network Policies in Kubernetes " date: 2017-10-30 slug: enforcing-network-policies-in-kubernetes url: /blog/2017/10/Enforcing-Network-Policies-In-Kubernetes +author: > + Ahmet Alp Balkan (Google) --- -_**Editor's note: this post is part of a [series of in-depth articles](https://kubernetes.io/blog/2017/10/five-days-of-kubernetes-18) on what's new in Kubernetes 1.8. Today’s post comes from Ahmet Alp Balkan, Software Engineer, Google.**_ +_**Editor's note:** this post is part of a [series of in-depth articles](/blog/2017/10/five-days-of-kubernetes-18) on what's new in Kubernetes 1.8._ diff --git a/content/en/blog/_posts/2017-10-00-Kubeadm-V18-Released.md b/content/en/blog/_posts/2017-10-00-Kubeadm-V18-Released.md index 05a6605af9..a0bdeba9b4 100644 --- a/content/en/blog/_posts/2017-10-00-Kubeadm-V18-Released.md +++ b/content/en/blog/_posts/2017-10-00-Kubeadm-V18-Released.md @@ -3,8 +3,10 @@ title: " kubeadm v1.8 Released: Introducing Easy Upgrades for Kubernetes Cluste date: 2017-10-25 slug: kubeadm-v18-released url: /blog/2017/10/Kubeadm-V18-Released +author: > + Lucas Käldström (Weaveworks) --- -**_Editor’s note: this post is part of a [series of in-depth articles](https://kubernetes.io/blog/2017/10/five-days-of-kubernetes-18) on what's new in Kubernetes 1.8_** +_**Editor's note:** this post is part of a [series of in-depth articles](/blog/2017/10/five-days-of-kubernetes-18) on what's new in Kubernetes 1.8._ Since its debut in [September 2016](https://kubernetes.io/blog/2016/09/how-we-made-kubernetes-easy-to-install), the Cluster Lifecycle Special Interest Group (SIG) has established kubeadm as the easiest Kubernetes bootstrap method. Now, we’re releasing kubeadm v1.8.0 in tandem with the release of [Kubernetes v1.8.0](https://kubernetes.io/blog/2017/09/kubernetes-18-security-workloads-and). In this blog post, I’ll walk you through the changes we’ve made to kubeadm since the last update, the scope of kubeadm, and how you can contribute to this effort. @@ -99,7 +101,3 @@ If you want to get involved in these efforts, join SIG Cluster Lifecycle. We [me If you want to know what a kubeadm developer does at a given time in the Kubernetes release cycle, check out [this doc](https://github.com/kubernetes/kubeadm/blob/master/docs/release-cycle.md). Finally, don’t hesitate to join if any of our upcoming projects are of interest to you! -Thank you, -Lucas Käldström -Kubernetes maintainer & SIG Cluster Lifecycle co-lead -[Weaveworks](https://www.weave.works/?utm_source=k8&utm_medium=ww&utm_campaign=blog) contractor diff --git a/content/en/blog/_posts/2017-10-00-Request-Routing-And-Policy-Management.md b/content/en/blog/_posts/2017-10-00-Request-Routing-And-Policy-Management.md index 0d490ce1bf..701c30a7be 100644 --- a/content/en/blog/_posts/2017-10-00-Request-Routing-And-Policy-Management.md +++ b/content/en/blog/_posts/2017-10-00-Request-Routing-And-Policy-Management.md @@ -3,8 +3,12 @@ title: " Request Routing and Policy Management with the Istio Service Mesh " date: 2017-10-10 slug: request-routing-and-policy-management url: /blog/2017/10/Request-Routing-And-Policy-Management +author: > + Frank Budinsky (IBM), + Andra Cismaru (Google), + Israel Shalom (Google) --- - **_Editor's note: Today’s post by Frank Budinsky, Software Engineer, IBM, Andra Cismaru, Software Engineer, Google, and Israel Shalom, Product Manager, Google, is the second post in a three-part series on Istio. It offers a closer look at request routing and policy management._** +_**Editor's note:** Today’s post is the second post in a three-part series on Istio._ In a [previous article](https://kubernetes.io/blog/2017/05/managing-microservices-with-istio-service-mesh), we looked at a [simple application (Bookinfo)](https://istio.io/docs/guides/bookinfo.html) that is composed of four separate microservices. The article showed how to deploy an application with Kubernetes and an Istio-enabled cluster without changing any application code. The article also outlined how to view Istio provided L7 metrics on the running services. @@ -447,4 +451,4 @@ Stopping the load generator means the limit will no longer be exceeded: the blac ## Summary We’ve shown you how to introduce advanced features like HTTP request routing and policy injection into a service mesh configured with Istio without restarting any of the services. This lets you develop and deploy without worrying about the ongoing management of the service mesh; service-wide policies can always be added later. -In the next and last installment of this series, we’ll focus on Istio’s security and authentication capabilities. We’ll discuss how to secure all interservice communications in a mesh, even against insiders with access to the network, without any changes to the application code or the deployment. +In the next and last installment of this series, we’ll focus on Istio’s security and authentication capabilities. We’ll discuss how to secure all interservice communications in a mesh, even against insiders with access to the network, without any changes to the application code or the deployment. \ No newline at end of file diff --git a/content/en/blog/_posts/2017-10-00-Software-Conformance-Certification.md b/content/en/blog/_posts/2017-10-00-Software-Conformance-Certification.md index a9f31724ff..9ab6269735 100644 --- a/content/en/blog/_posts/2017-10-00-Software-Conformance-Certification.md +++ b/content/en/blog/_posts/2017-10-00-Software-Conformance-Certification.md @@ -3,11 +3,10 @@ title: " Introducing Software Certification for Kubernetes " date: 2017-10-19 slug: software-conformance-certification url: /blog/2017/10/Software-Conformance-Certification +author: > + William Denniss (Google) --- -_**Editor's Note: Today's post is by William Denniss, Product Manager, Google Cloud on the new Certified Kubernetes Conformance Program.**_ - - Over the last three years, Kubernetes® has seen wide-scale adoption by a vibrant and diverse community of providers. In fact, there are now more than [60](https://docs.google.com/spreadsheets/d/1LxSqBzjOxfGx3cmtZ4EbB_BGCxT_wlxW_xgHVVa23es/edit#gid=0) known Kubernetes platforms and distributions. From the start, one goal of Kubernetes has been consistency and portability. In order to better serve this goal, today the Kubernetes community and the Cloud Native Computing Foundation® (CNCF®) announce the availability of the beta Certified Kubernetes Conformance Program. The Kubernetes conformance certification program gives users the confidence that when they use a Certified Kubernetes™ product, they can rely on a high level of common functionality. Certification provides Independent Software Vendors (ISVs) confidence that if their customer is using a Certified Kubernetes product, their software will behave as expected. diff --git a/content/en/blog/_posts/2017-10-00-Using-Rbac-Generally-Available-18.md b/content/en/blog/_posts/2017-10-00-Using-Rbac-Generally-Available-18.md index 35f9234a67..96f479fcfb 100644 --- a/content/en/blog/_posts/2017-10-00-Using-Rbac-Generally-Available-18.md +++ b/content/en/blog/_posts/2017-10-00-Using-Rbac-Generally-Available-18.md @@ -3,8 +3,10 @@ title: " Using RBAC, Generally Available in Kubernetes v1.8 " date: 2017-10-28 slug: using-rbac-generally-available-18 url: /blog/2017/10/Using-Rbac-Generally-Available-18 +author: > + Eric Chiang (CoreOS) --- -**_Editor's note: this post is part of a [series of in-depth articles](https://kubernetes.io/blog/2017/10/five-days-of-kubernetes-18) on what's new in Kubernetes 1.8. Today’s post comes from Eric Chiang, software engineer, CoreOS, and SIG-Auth co-lead._** +_**Editor's note:** this post is part of a [series of in-depth articles](/blog/2017/10/five-days-of-kubernetes-18) on what's new in Kubernetes 1.8._ Kubernetes 1.8 represents a significant milestone for the [role-based access control (RBAC) authorizer](/docs/reference/access-authn-authz/rbac/), which was promoted to GA in this release. RBAC is a mechanism for controlling access to the Kubernetes API, and since its [beta in 1.6](https://kubernetes.io/blog/2017/04/rbac-support-in-kubernetes), many Kubernetes clusters and provisioning strategies have enabled it by default. diff --git a/content/en/blog/_posts/2017-11-00-Containerd-Container-Runtime-Options-Kubernetes.md b/content/en/blog/_posts/2017-11-00-Containerd-Container-Runtime-Options-Kubernetes.md index 7bfcebe705..3dd652df53 100644 --- a/content/en/blog/_posts/2017-11-00-Containerd-Container-Runtime-Options-Kubernetes.md +++ b/content/en/blog/_posts/2017-11-00-Containerd-Container-Runtime-Options-Kubernetes.md @@ -3,10 +3,11 @@ title: " Containerd Brings More Container Runtime Options for Kubernetes " date: 2017-11-02 slug: containerd-container-runtime-options-kubernetes url: /blog/2017/11/Containerd-Container-Runtime-Options-Kubernetes +author: > + Lantao Liu (Google), + Mike Brown (IBM) --- -**Authors:** Lantao Liu (Google), and Mike Brown (IBM) - _Update: Kubernetes support for Docker via `dockershim` is now deprecated. For more information, read the [deprecation notice](/blog/2020/12/08/kubernetes-1-20-release-announcement/#dockershim-deprecation). You can also discuss the deprecation via a dedicated [GitHub issue](https://github.com/kubernetes/kubernetes/issues/106917)._ diff --git a/content/en/blog/_posts/2017-11-00-Kubernetes-Easy-Way.md b/content/en/blog/_posts/2017-11-00-Kubernetes-Easy-Way.md index 54cbf1444e..af0e1e18ea 100644 --- a/content/en/blog/_posts/2017-11-00-Kubernetes-Easy-Way.md +++ b/content/en/blog/_posts/2017-11-00-Kubernetes-Easy-Way.md @@ -3,9 +3,9 @@ title: " Kubernetes the Easy Way " date: 2017-11-01 slug: kubernetes-easy-way url: /blog/2017/11/Kubernetes-Easy-Way +author: > + Dan Garfield (Codefresh) --- - **_Editor's note: Today's post is by Dan Garfield, VP of Marketing at Codefresh, on how to set up and easily deploy a Kubernetes cluster._** - Kelsey Hightower wrote an invaluable guide for Kubernetes called [Kubernetes the Hard Way](https://github.com/kelseyhightower/kubernetes-the-hard-way). It’s an awesome resource for those looking to understand the ins and outs of Kubernetes—but what if you want to put Kubernetes on easy mode? That’s something we’ve been working on together with Google Cloud. In this guide, we’ll show you how to get a cluster up and running, as well as how to actually deploy your code to that cluster and run it. diff --git a/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md b/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md index b996a796a2..c88400ed5e 100644 --- a/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md +++ b/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md @@ -3,8 +3,10 @@ title: " Securing Software Supply Chain with Grafeas " date: 2017-11-03 slug: securing-software-supply-chain-grafeas url: /blog/2017/11/Securing-Software-Supply-Chain-Grafeas +author: > + Kelsey Hightower (Google), + Sandra Guo (Google) --- - **_Editor's note: This post is written by Kelsey Hightower, Staff Developer Advocate at Google, and Sandra Guo, Product Manager at Google._** Kubernetes has evolved to support increasingly complex classes of applications, enabling the development of two major industry trends: hybrid cloud and microservices. With increasing complexity in production environments, customers—especially enterprises—are demanding better ways to manage their software supply chain with more centralized visibility and control over production deployments. diff --git a/content/en/blog/_posts/2017-12-00-Introducing-Kubeflow-Composable.md b/content/en/blog/_posts/2017-12-00-Introducing-Kubeflow-Composable.md index dfc3ace13c..fb20eb8f96 100644 --- a/content/en/blog/_posts/2017-12-00-Introducing-Kubeflow-Composable.md +++ b/content/en/blog/_posts/2017-12-00-Introducing-Kubeflow-Composable.md @@ -3,12 +3,11 @@ title: " Introducing Kubeflow - A Composable, Portable, Scalable ML Stack Built date: 2017-12-21 slug: introducing-kubeflow-composable url: /blog/2017/12/Introducing-Kubeflow-Composable +author: > + Jeremy Lewi (Google), + David Aronchick (Google) --- -**_Today’s post is by David Aronchick and Jeremy Lewi, a PM and Engineer on the Kubeflow project, a new open source GitHub repo dedicated to making using machine learning (ML) stacks on Kubernetes easy, fast and extensible._** - - - ## Kubernetes and Machine Learning Kubernetes has quickly become the hybrid solution for deploying complicated workloads anywhere. While it started with just stateless services, customers have begun to move complex workloads to the platform, taking advantage of rich APIs, reliability and performance provided by Kubernetes. One of the fastest growing use cases is to use Kubernetes as the deployment platform of choice for machine learning. @@ -168,8 +167,6 @@ And we’re just getting started! We would love for you to help. How you might a - Please download and run kubeflow, and submit bugs! Thank you for your support so far, we could not be more excited! -_Jeremy Lewi & David Aronchick_ -Google Note: * This article was amended in June 2023 to update the trained model bucket location. diff --git a/content/en/blog/_posts/2017-12-00-Kubernetes-19-Workloads-Expanded-Ecosystem.md b/content/en/blog/_posts/2017-12-00-Kubernetes-19-Workloads-Expanded-Ecosystem.md index cefcf21452..b5440b9a43 100644 --- a/content/en/blog/_posts/2017-12-00-Kubernetes-19-Workloads-Expanded-Ecosystem.md +++ b/content/en/blog/_posts/2017-12-00-Kubernetes-19-Workloads-Expanded-Ecosystem.md @@ -4,10 +4,10 @@ date: 2017-12-15 slug: kubernetes-19-workloads-expanded-ecosystem url: /blog/2017/12/Kubernetes-19-Workloads-Expanded-Ecosystem evergreen: true +author: > + [Kubernetes v1.9 Release Team](https://github.com/kubernetes/sig-release/blob/master/releases/release-1.9/release_team.md) --- -**Authors:** Kubernetes v1.9 release team - We’re pleased to announce the delivery of Kubernetes 1.9, our fourth and final release this year. Today’s release continues the evolution of an increasingly rich feature set, more robust stability, and even greater community contributions. As the fourth release of the year, it gives us an opportunity to look back at the progress made in key areas. Particularly notable is the advancement of the Apps Workloads API to stable. This removes any reservations potential adopters might have had about the functional stability required to run mission-critical workloads. Another big milestone is the beta release of Windows support, which opens the door for many Windows-specific applications and workloads to run in Kubernetes, significantly expanding the implementation scenarios and enterprise readiness of Kubernetes. diff --git a/content/en/blog/_posts/2017-12-00-Paddle-Paddle-Fluid-Elastic-Learning.md b/content/en/blog/_posts/2017-12-00-Paddle-Paddle-Fluid-Elastic-Learning.md index a4169f8f7f..b8c36c2b7b 100644 --- a/content/en/blog/_posts/2017-12-00-Paddle-Paddle-Fluid-Elastic-Learning.md +++ b/content/en/blog/_posts/2017-12-00-Paddle-Paddle-Fluid-Elastic-Learning.md @@ -3,8 +3,16 @@ title: " PaddlePaddle Fluid: Elastic Deep Learning on Kubernetes " date: 2017-12-06 slug: paddle-paddle-fluid-elastic-learning url: /blog/2017/12/Paddle-Paddle-Fluid-Elastic-Learning +author: > + Xu Yan (Baidu Research), + Helin Wang (Baidu Research), + Yi Wu (Baidu Research), + Xi Chen (Baidu Research), + Weibao Gong (Baidu Research), + Xiang Li (CoreOS), + Yi Wang (Baidu Research) --- -_Editor's note: Today's post is a joint post from the deep learning team at Baidu and the etcd team at CoreOS._ +_**Editor's note:** Today's post is a joint post from the deep learning team at Baidu and the etcd team at CoreOS_ @@ -39,11 +47,4 @@ In the second test, each experiment ran 400 Nginx pods, which has higher priorit We continue to work on FluidEDL and welcome comments and contributions. Visit the [PaddlePaddle repo](https://github.com/PaddlePaddle/cloud), where you can find the [design doc](https://github.com/PaddlePaddle/cloud/tree/develop/doc/design), a [simple tutorial](https://github.com/PaddlePaddle/cloud/blob/develop/doc/autoscale/example/autoscale.md), and [experiment details](https://github.com/PaddlePaddle/cloud/tree/develop/doc/edl/experiment). -- Xu Yan (Baidu Research) -- Helin Wang (Baidu Research) -- Yi Wu (Baidu Research) -- Xi Chen (Baidu Research) -- Weibao Gong (Baidu Research) -- Xiang Li (CoreOS) -- Yi Wang (Baidu Research) From e09585300cfbc107bc02b7f248eb5bc005220d1c Mon Sep 17 00:00:00 2001 From: Arhell Date: Mon, 3 Jun 2024 00:10:31 +0300 Subject: [PATCH 10/89] [pt] Ready glossary page for vanilla Docsy --- content/pt-br/docs/reference/glossary/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/pt-br/docs/reference/glossary/index.md b/content/pt-br/docs/reference/glossary/index.md index 89cea39e44..947fe48217 100644 --- a/content/pt-br/docs/reference/glossary/index.md +++ b/content/pt-br/docs/reference/glossary/index.md @@ -2,6 +2,7 @@ title: Glossário layout: glossary noedit: true +body_class: glossary default_active_tag: fundamental weight: 5 card: From b2fa03b3f2a20f73522b02f6eb8e964496aa80ce Mon Sep 17 00:00:00 2001 From: windsonsea Date: Mon, 3 Jun 2024 09:59:56 +0800 Subject: [PATCH 11/89] [zh] Localize kubectl/generated/kubectl_cp/ --- .../kubectl/generated/kubectl_cp/_index.md | 596 ++++++++++++++++++ 1 file changed, 596 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_cp/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_cp/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_cp/_index.md new file mode 100644 index 0000000000..a83b6f671a --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_cp/_index.md @@ -0,0 +1,596 @@ +--- +title: kubectl cp +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +将文件、目录复制到容器;或从容器复制文件、目录。 + +```shell +kubectl cp +``` + +## {{% heading "examples" %}} + + +```shell + # !!!重要提示!!! + # 要求你的容器镜像中存在 'tar' 可执行文件 + # 如果 'tar' 不存在,'kubectl cp' 将会失败 + # + # 对于符号链接、通配符扩展或文件模式保留等高级用例,考虑使用 'kubectl exec' + + # 将本地文件 /tmp/foo 复制到远程命名空间 中 Pod 中的 /tmp/bar + tar cf - /tmp/foo | kubectl exec -i -n -- tar xf - -C /tmp/bar + + # 将 /tmp/foo 从远程 Pod 复制到本地的 /tmp/bar + kubectl exec -n -- tar cf - /tmp/foo | tar xf - -C /tmp/bar + + # 将本地目录 /tmp/foo_dir 复制到远程默认命名空间中 Pod 中的 /tmp/bar_dir + kubectl cp /tmp/foo_dir :/tmp/bar_dir + + # 将本地文件 /tmp/foo 复制到远程 Pod 中特定容器内的 /tmp/bar + kubectl cp /tmp/foo :/tmp/bar -c + + # 将本地文件 /tmp/foo 复制到远程命名空间 内 Pod 中的 /tmp/bar + kubectl cp /tmp/foo /:/tmp/bar + + # 将 /tmp/foo 从远程 Pod 复制到本地的 /tmp/bar + kubectl cp /:/tmp/foo /tmp/bar +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
-c, --container string

+ +容器名称。如果省略,将使用 kubectl.kubernetes.io/default-container +注解来选择要被挂接的容器,或者选择 Pod 中的第一个容器。 +

-h, --help

+ +cp 操作的帮助命令。 +

--no-preserve

+ +被复制的文件/目录的所有权和权限将不会在容器中保留。 +

--retries int

+ +设置从容器完成复制操作的重试次数。 +指定 0 表示禁止重试,指定任何负值表示无限重试。默认值为 0(不重试)。 +

+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +要伪装此操作的用户名。用户可以是命名空间中的普通用户或服务账户。 +

--as-group strings

+ +要伪装此操作的组,此标志可以被重复使用以指定多个组。 +

--as-uid string

+ +要伪装此操作的 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书颁发机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +在 GCE 防火墙中打开 CIDR,以进行第 7 层负载均衡流量代理和健康状况检查。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +在 GCE 防火墙中打开 CIDR,以进行第 4 层负载均衡流量代理和健康状况检查。 +

--cluster string

+ +要使用的 kubeconfig 集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +表示对污点 NotReady:NoExecute 的容忍时长(以秒计)。 +默认情况下,这一容忍度会被添加到尚未具有此容忍度的每个 Pod 中。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +表示对污点 unreachable:NoExecute 的容忍时长(以秒计)。 +默认情况下,这一容忍度会被添加到尚未具有此容忍度的每个 Pod 中。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则表示不会检查服务器证书的有效性。这样会导致你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求所用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,CLI 请求将使用此命名空间。 +

--password string

+ +API 服务器进行基本身份认证的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +放弃单个服务器请求之前的等待时间,非零值需要包含相应时间单位(例如:1s、2m、3h)。零值则表示不做超时要求。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名称。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

--token string

+ +API 服务器进行身份认证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +API 服务器进行基本身份认证的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出; +--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 From e573edf7155fdc6ddbab1c6146877f62bffd6cd8 Mon Sep 17 00:00:00 2001 From: Arhell Date: Tue, 4 Jun 2024 00:08:52 +0300 Subject: [PATCH 12/89] [uk] Ready glossary page for vanilla Docsy --- content/uk/docs/reference/glossary/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/uk/docs/reference/glossary/index.md b/content/uk/docs/reference/glossary/index.md index fd57553ef8..9dadedc361 100644 --- a/content/uk/docs/reference/glossary/index.md +++ b/content/uk/docs/reference/glossary/index.md @@ -6,6 +6,7 @@ approvers: title: Глосарій layout: glossary noedit: true +body_class: glossary default_active_tag: fundamental weight: 5 card: From 2a234c4f8ac2a82ec80cbf852b42051aaf290d6c Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Mon, 3 Jun 2024 23:16:32 +0100 Subject: [PATCH 13/89] Tweak name of feature gate file We missed this one when adopting the automation for feature gate data; I set the filenames based on heuristics and the code I originally used didn't pick an ideal name. --- ...-tables-ownership-cleanup.md => iptables-ownership-cleanup.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename content/en/docs/reference/command-line-tools-reference/feature-gates/{ip-tables-ownership-cleanup.md => iptables-ownership-cleanup.md} (100%) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/iptables-ownership-cleanup.md similarity index 100% rename from content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md rename to content/en/docs/reference/command-line-tools-reference/feature-gates/iptables-ownership-cleanup.md From 93a3bdb33443ebc0e8635b5582576288193d7ad4 Mon Sep 17 00:00:00 2001 From: Robert Cronin Date: Tue, 4 Jun 2024 09:59:47 +1000 Subject: [PATCH 14/89] Update node-hello image to Google's newer image --- .../service-access-application-cluster.md | 4 +++- content/fr/examples/service/access/hello-application.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/content/fr/docs/tasks/access-application-cluster/service-access-application-cluster.md b/content/fr/docs/tasks/access-application-cluster/service-access-application-cluster.md index b24d0b1da6..2a7108fc4c 100644 --- a/content/fr/docs/tasks/access-application-cluster/service-access-application-cluster.md +++ b/content/fr/docs/tasks/access-application-cluster/service-access-application-cluster.md @@ -129,7 +129,9 @@ Voici le fichier de configuration pour le déploiement de l'application : réponse à une requête réussie est un message de bienvenue : ```none - Hello Kubernetes! + Hello, world! + Version: 2.0.0 + Hostname: hello-world-2895499144-bsbk5 ``` ## Utilisation d'un fichier de configuration de service diff --git a/content/fr/examples/service/access/hello-application.yaml b/content/fr/examples/service/access/hello-application.yaml index 1cf41313c5..24270db9c9 100644 --- a/content/fr/examples/service/access/hello-application.yaml +++ b/content/fr/examples/service/access/hello-application.yaml @@ -14,7 +14,7 @@ spec: spec: containers: - name: hello-world - image: gcr.io/google-samples/node-hello:1.0 + image: us-docker.pkg.dev/google-samples/containers/gke/hello-app:2.0 ports: - containerPort: 8080 protocol: TCP From bc355392935da82901f877f97b4da41765928cff Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 4 Jun 2024 03:39:22 +0200 Subject: [PATCH 15/89] Improve "Reserve Compute Resources for System Daemons" doc (#45771) * Improve "Reserve Compute Resources for System Daemons" doc Remove deprecated CLI flags and replace by KubeletConfiguration settings * Apply suggestions from code review Co-authored-by: Qiming Teng * keep the heading --------- Co-authored-by: Qiming Teng --- .../reserve-compute-resources.md | 105 +++++++++--------- 1 file changed, 51 insertions(+), 54 deletions(-) diff --git a/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md b/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md index fedc88f2b2..1959002a92 100644 --- a/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md +++ b/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md @@ -5,7 +5,6 @@ reviewers: - dashpole title: Reserve Compute Resources for System Daemons content_type: task -min-kubernetes-server-version: 1.8 weight: 290 --- @@ -25,10 +24,10 @@ on each node. ## {{% heading "prerequisites" %}} -{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} -Your Kubernetes server must be at or later than version 1.17 to use -the kubelet command line option `--reserved-cpus` to set an -[explicitly reserved CPU list](#explicitly-reserved-cpu-list). +{{< include "task-tutorial-prereqs.md" >}} + +You can configure below kubelet [configuration settings](/docs/reference/config-api/kubelet-config.v1beta1/) +using the [kubelet configuration file](/docs/tasks/administer-cluster/kubelet-config-file/). @@ -48,15 +47,14 @@ Resources can be reserved for two categories of system daemons in the `kubelet`. ### Enabling QoS and Pod level cgroups To properly enforce node allocatable constraints on the node, you must -enable the new cgroup hierarchy via the `--cgroups-per-qos` flag. This flag is +enable the new cgroup hierarchy via the `cgroupsPerQOS` setting. This setting is enabled by default. When enabled, the `kubelet` will parent all end-user pods under a cgroup hierarchy managed by the `kubelet`. ### Configuring a cgroup driver The `kubelet` supports manipulation of the cgroup hierarchy on -the host using a cgroup driver. The driver is configured via the -`--cgroup-driver` flag. +the host using a cgroup driver. The driver is configured via the `cgroupDriver` setting. The supported values are the following: @@ -73,21 +71,21 @@ be configured to use the `systemd` cgroup driver. ### Kube Reserved -- **Kubelet Flag**: `--kube-reserved=[cpu=100m][,][memory=100Mi][,][ephemeral-storage=1Gi][,][pid=1000]` -- **Kubelet Flag**: `--kube-reserved-cgroup=` +- **KubeletConfiguration Setting**: `kubeReserved: {}`. Example value `{cpu: 100m, memory: 100Mi, ephemeral-storage: 1Gi, pid=1000}` +- **KubeletConfiguration Setting**: `kubeReservedCgroup: ""` -`kube-reserved` is meant to capture resource reservation for kubernetes system -daemons like the `kubelet`, `container runtime`, `node problem detector`, etc. +`kubeReserved` is meant to capture resource reservation for kubernetes system +daemons like the `kubelet`, `container runtime`, etc. It is not meant to reserve resources for system daemons that are run as pods. -`kube-reserved` is typically a function of `pod density` on the nodes. +`kubeReserved` is typically a function of `pod density` on the nodes. In addition to `cpu`, `memory`, and `ephemeral-storage`, `pid` may be specified to reserve the specified number of process IDs for kubernetes system daemons. -To optionally enforce `kube-reserved` on kubernetes system daemons, specify the parent -control group for kube daemons as the value for `--kube-reserved-cgroup` kubelet -flag. +To optionally enforce `kubeReserved` on kubernetes system daemons, specify the parent +control group for kube daemons as the value for `kubeReservedCgroup` setting, +and [add `kube-reserved` to `enforceNodeAllocatable`](#enforcing-node-allocatable). It is recommended that the kubernetes system daemons are placed under a top level control group (`runtime.slice` on systemd machines for example). Each @@ -95,19 +93,19 @@ system daemon should ideally run within its own child control group. Refer to [the design proposal](https://git.k8s.io/design-proposals-archive/node/node-allocatable.md#recommended-cgroups-setup) for more details on recommended control group hierarchy. -Note that Kubelet **does not** create `--kube-reserved-cgroup` if it doesn't +Note that Kubelet **does not** create `kubeReservedCgroup` if it doesn't exist. The kubelet will fail to start if an invalid cgroup is specified. With `systemd` cgroup driver, you should follow a specific pattern for the name of the cgroup you -define: the name should be the value you set for `--kube-reserved-cgroup`, +define: the name should be the value you set for `kubeReservedCgroup`, with `.slice` appended. ### System Reserved -- **Kubelet Flag**: `--system-reserved=[cpu=100m][,][memory=100Mi][,][ephemeral-storage=1Gi][,][pid=1000]` -- **Kubelet Flag**: `--system-reserved-cgroup=` +- **KubeletConfiguration Setting**: `systemReserved: {}`. Example value `{cpu: 100m, memory: 100Mi, ephemeral-storage: 1Gi, pid=1000}` +- **KubeletConfiguration Setting**: `systemReservedCgroup: ""` -`system-reserved` is meant to capture resource reservation for OS system daemons -like `sshd`, `udev`, etc. `system-reserved` should reserve `memory` for the +`systemReserved` is meant to capture resource reservation for OS system daemons +like `sshd`, `udev`, etc. `systemReserved` should reserve `memory` for the `kernel` too since `kernel` memory is not accounted to pods in Kubernetes at this time. Reserving resources for user login sessions is also recommended (`user.slice` in systemd world). @@ -116,33 +114,32 @@ In addition to `cpu`, `memory`, and `ephemeral-storage`, `pid` may be specified to reserve the specified number of process IDs for OS system daemons. -To optionally enforce `system-reserved` on system daemons, specify the parent -control group for OS system daemons as the value for `--system-reserved-cgroup` -kubelet flag. +To optionally enforce `systemReserved` on system daemons, specify the parent +control group for OS system daemons as the value for `systemReservedCgroup` setting, +and [add `system-reserved` to `enforceNodeAllocatable`](#enforcing-node-allocatable). It is recommended that the OS system daemons are placed under a top level control group (`system.slice` on systemd machines for example). -Note that `kubelet` **does not** create `--system-reserved-cgroup` if it doesn't +Note that `kubelet` **does not** create `systemReservedCgroup` if it doesn't exist. `kubelet` will fail if an invalid cgroup is specified. With `systemd` cgroup driver, you should follow a specific pattern for the name of the cgroup you -define: the name should be the value you set for `--system-reserved-cgroup`, +define: the name should be the value you set for `systemReservedCgroup`, with `.slice` appended. ### Explicitly Reserved CPU List {{< feature-state for_k8s_version="v1.17" state="stable" >}} -**Kubelet Flag**: `--reserved-cpus=0-3` -**KubeletConfiguration Flag**: `reservedSystemCPUs: 0-3` +**KubeletConfiguration Setting**: `reservedSystemCPUs:`. Example value `0-3` -`reserved-cpus` is meant to define an explicit CPU set for OS system daemons and -kubernetes system daemons. `reserved-cpus` is for systems that do not intend to +`reservedSystemCPUs` is meant to define an explicit CPU set for OS system daemons and +kubernetes system daemons. `reservedSystemCPUs` is for systems that do not intend to define separate top level cgroups for OS system daemons and kubernetes system daemons with regard to cpuset resource. -If the Kubelet **does not** have `--system-reserved-cgroup` and `--kube-reserved-cgroup`, -the explicit cpuset provided by `reserved-cpus` will take precedence over the CPUs -defined by `--kube-reserved` and `--system-reserved` options. +If the Kubelet **does not** have `kubeReservedCgroup` and `systemReservedCgroup`, +the explicit cpuset provided by `reservedSystemCPUs` will take precedence over the CPUs +defined by `kubeReservedCgroup` and `systemReservedCgroup` options. This option is specifically designed for Telco/NFV use cases where uncontrolled interrupts/timers may impact the workload performance. you can use this option @@ -155,7 +152,7 @@ For example: in Centos, you can do this using the tuned toolset. ### Eviction Thresholds -**Kubelet Flag**: `--eviction-hard=[memory.available<500Mi]` +**KubeletConfiguration Setting**: `evictionHard: {memory.available: "100Mi", nodefs.available: "10%", nodefs.inodesFree: "5%", imagefs.available: "15%"}`. Example value: `{memory.available: "<500Mi"}` Memory pressure at the node level leads to System OOMs which affects the entire node and all pods running on it. Nodes can go offline temporarily until memory @@ -163,7 +160,7 @@ has been reclaimed. To avoid (or reduce the probability of) system OOMs kubelet provides [out of resource](/docs/concepts/scheduling-eviction/node-pressure-eviction/) management. Evictions are supported for `memory` and `ephemeral-storage` only. By reserving some memory via -`--eviction-hard` flag, the `kubelet` attempts to evict pods whenever memory +`evictionHard` setting, the `kubelet` attempts to evict pods whenever memory availability on the node drops below the reserved value. Hypothetically, if system daemons did not exist on a node, pods cannot use more than `capacity - eviction-hard`. For this reason, resources reserved for evictions are not @@ -171,7 +168,7 @@ available for pods. ### Enforcing Node Allocatable -**Kubelet Flag**: `--enforce-node-allocatable=pods[,][system-reserved][,][kube-reserved]` +**KubeletConfiguration setting**: `enforceNodeAllocatable: [pods]`. Example value: `[pods,system-reserved,kube-reserved]` The scheduler treats 'Allocatable' as the available `capacity` for pods. @@ -180,35 +177,35 @@ by evicting pods whenever the overall usage across all pods exceeds 'Allocatable'. More details on eviction policy can be found on the [node pressure eviction](/docs/concepts/scheduling-eviction/node-pressure-eviction/) page. This enforcement is controlled by -specifying `pods` value to the kubelet flag `--enforce-node-allocatable`. +specifying `pods` value to the KubeletConfiguration setting `enforceNodeAllocatable`. -Optionally, `kubelet` can be made to enforce `kube-reserved` and -`system-reserved` by specifying `kube-reserved` & `system-reserved` values in -the same flag. Note that to enforce `kube-reserved` or `system-reserved`, -`--kube-reserved-cgroup` or `--system-reserved-cgroup` needs to be specified +Optionally, `kubelet` can be made to enforce `kubeReserved` and +`systemReserved` by specifying `kube-reserved` & `system-reserved` values in +the same setting. Note that to enforce `kubeReserved` or `systemReserved`, +`kubeReservedCgroup` or `systemReservedCgroup` needs to be specified respectively. ## General Guidelines -System daemons are expected to be treated similar to -[Guaranteed pods](/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed). +System daemons are expected to be treated similar to +[Guaranteed pods](/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed). System daemons can burst within their bounding control groups and this behavior needs to be managed as part of kubernetes deployments. For example, `kubelet` should -have its own control group and share `kube-reserved` resources with the +have its own control group and share `kubeReserved` resources with the container runtime. However, Kubelet cannot burst and use up all available Node -resources if `kube-reserved` is enforced. +resources if `kubeReserved` is enforced. -Be extra careful while enforcing `system-reserved` reservation since it can lead +Be extra careful while enforcing `systemReserved` reservation since it can lead to critical system services being CPU starved, OOM killed, or unable to fork on the node. The -recommendation is to enforce `system-reserved` only if a user has profiled their +recommendation is to enforce `systemReserved` only if a user has profiled their nodes exhaustively to come up with precise estimates and is confident in their ability to recover if any process in that group is oom-killed. * To begin with enforce 'Allocatable' on `pods`. * Once adequate monitoring and alerting is in place to track kube system - daemons, attempt to enforce `kube-reserved` based on usage heuristics. -* If absolutely necessary, enforce `system-reserved` over time. + daemons, attempt to enforce `kubeReserved` based on usage heuristics. +* If absolutely necessary, enforce `systemReserved` over time. The resource requirements of kube system daemons may grow over time as more and more features are added. Over time, kubernetes project will attempt to bring @@ -222,9 +219,9 @@ So expect a drop in `Allocatable` capacity in future releases. Here is an example to illustrate Node Allocatable computation: * Node has `32Gi` of `memory`, `16 CPUs` and `100Gi` of `Storage` -* `--kube-reserved` is set to `cpu=1,memory=2Gi,ephemeral-storage=1Gi` -* `--system-reserved` is set to `cpu=500m,memory=1Gi,ephemeral-storage=1Gi` -* `--eviction-hard` is set to `memory.available<500Mi,nodefs.available<10%` +* `kubeReserved` is set to `{cpu: 1000m, memory: 2Gi, ephemeral-storage: 1Gi}` +* `systemReserved` is set to `{cpu: 500m, memory: 1Gi, ephemeral-storage: 1Gi}` +* `evictionHard` is set to `{memory.available: "<500Mi", nodefs.available: "<10%"}` Under this scenario, 'Allocatable' will be 14.5 CPUs, 28.5Gi of memory and `88Gi` of local storage. @@ -234,7 +231,7 @@ Kubelet evicts pods whenever the overall memory usage across pods exceeds 28.5Gi or if overall disk usage exceeds 88Gi. If all processes on the node consume as much CPU as they can, pods together cannot consume more than 14.5 CPUs. -If `kube-reserved` and/or `system-reserved` is not enforced and system daemons +If `kubeReserved` and/or `systemReserved` is not enforced and system daemons exceed their reservation, `kubelet` evicts pods whenever the overall node memory usage is higher than 31.5Gi or `storage` is greater than 90Gi. From d7d09ef1fe8941f250127ac946127fc770ba53cf Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 4 Jun 2024 09:03:42 +0800 Subject: [PATCH 16/89] [zh] Add kubectl/generated/kubectl_label/ --- .../kubectl/generated/kubectl_label/_index.md | 771 ++++++++++++++++++ 1 file changed, 771 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_label/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_label/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_label/_index.md new file mode 100644 index 0000000000..1a27be056b --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_label/_index.md @@ -0,0 +1,771 @@ +--- +title: kubectl label +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + + +更新资源上的标签。 + +* 标签的键和值必须以字母或数字开头,可以包含字母、数字、连字符、点和下划线,每个最多 63 个字符。 +* 键可以选择以 DNS 子域前缀加上一个斜杠 '/' 开头,如 example.com/my-app。 +* 如果 --overwrite 为 true,则现有标签可以被覆盖,否则尝试覆盖标签将导致错误。 +* 如果指定了 --resource-version,则更新将使用此资源版本,否则将使用现有的资源版本。 + + +```shell +kubectl label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version] +``` + +## {{% heading "examples" %}} + + +```shell + # 使用标签 'unhealthy' 和值 'true' 更新 Pod 'foo' + kubectl label pods foo unhealthy=true + + # 使用标签 'status' 和值 'unhealthy' 更新 Pod 'foo',覆盖所有现有值 + kubectl label --overwrite pods foo status=unhealthy + + # 更新命名空间中的所有 Pod + kubectl label pods --all status=unhealthy + + # 更新由 "pod.json" 中的 type 和 name 标识的 Pod + kubectl label -f pod.json status=unhealthy + + # 仅在资源版本为 1 且未更改时更新 Pod 'foo' + kubectl label pods foo status=unhealthy --resource-version=1 + + # 如果存在名为 'bar' 的标签,则通过移除此标签来更新 Pod 'foo' + # 不需要 --overwrite 标志 + kubectl label pods foo bar- +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--all

+ +在指定资源类型的命名空间中,选择所有资源。 +

-A, --all-namespaces

+ +如果为 true,则在所有命名空间中执行指定的操作。 +

--allow-missing-template-keys     默认值:true

+ +如果为 true,在模板中字段或映射键缺失时忽略模板中的错误。 +仅适用于 golang 和 jsonpath 输出格式。 +

--dry-run string[="unchanged"]     默认值:"none"

+ +必须是 "none"、"server" 或 "client"。如果是 client 策略,仅打印将要发送的对象,而不实际发送。 +如果是 server 策略,提交服务器端请求而不持久化资源。 +

--field-manager string     默认值:"kubectl-label"

+ +用于跟踪字段属主关系的管理器的名称。 +

--field-selector string

+ +过滤所用的选择算符(字段查询),支持 '='、'==' 和 '!='。 +(例如 --field-selector key1=value1,key2=value2)。服务器针对每种类型仅支持有限数量的字段查询。 +

-f, --filename strings

+ +文件名、目录或文件 URL,用于标识要更新标签的资源。 +

-h, --help

+ +label 操作的帮助命令。 +

-k, --kustomize string

+ +处理 kustomization 目录。此标志不能与 -f 或 -R 一起使用。 +

--list

+ +如果为 true,则显示给定资源的标签。 +

--local

+ +如果为 true,则 label 操作不会与 api-server 通信,而是在本地运行。 +

-o, --output string

+ +输出格式。可选值为: +json、yaml、name、go-template、go-template-file、template、templatefile、jsonpath、jsonpath-as-json、jsonpath-file。 +

--overwrite

+ +如果为 true,则允许标签被覆盖,否则拒绝覆盖现有标签的更新。 +

-R, --recursive

+ +递归处理在 -f、--filename 中给出的目录。当你想要管理位于同一目录中相互关联的清单时很有用。 +

--resource-version string

+ +如果非空,则只有在所给值是对象的当前资源版本时,标签更新才会成功。仅在指定单个资源时有效。 +

-l, --selector string

+ +过滤所用的选择算符(标签查询),支持 '='、'==' 和 '!='。 +(例如 -l key1=value1,key2=value2)。匹配的对象必须满足所有指定的标签约束。 +

--show-managed-fields

+ +如果为 true,在以 JSON 或 YAML 格式打印对象时保留 managedFields。 +

--template string

+ +当 -o=go-template、-o=go-template-file 时使用的模板字符串或模板文件路径。 +模板格式为 golang 模板 [http://golang.org/pkg/text/template/#pkg-overview]。 +

+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求所针对的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 用于控制 Kubernetes 集群管理器 From ae627f2680dd6ab91121b36a79c3a9129040c733 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 4 Jun 2024 07:39:04 +0800 Subject: [PATCH 17/89] [zh] Add kubectl/generated/kubectl_cordon/ --- .../generated/kubectl_cordon/_index.md | 539 ++++++++++++++++++ 1 file changed, 539 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_cordon/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_cordon/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_cordon/_index.md new file mode 100644 index 0000000000..d25d995fc8 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_cordon/_index.md @@ -0,0 +1,539 @@ +--- +title: kubectl cordon +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +将节点标记为不可调度的。 + +```bash +kubectl cordon NODE +``` + +## {{% heading "examples" %}} + + +```bash + # 将节点 "foo" 标记为不可调度的 + kubectl cordon foo +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
--dry-run string[="unchanged"]     默认值:"none"

+ +必须是 "none"、"server" 或 "client"。如果是 client 策略,仅打印将要发送的对象,而不实际发送。 +如果是 server 策略,提交服务器端请求而不持久化资源。 +

-h, --help

+ +cordon 操作的帮助命令。 +

-l, --selector string

+ +过滤所用的选择算符(标签查询),支持 '='、'==' 和 '!='。 +(例如 -l key1=value1,key2=value2)。匹配的对象必须满足所有指定的标签约束。 +

+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中的集群名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 用于控制 Kubernetes 集群管理器 From b81b952d8439279f5cebdf5cb246733161f52c56 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 4 Jun 2024 07:23:20 +0800 Subject: [PATCH 18/89] [zh] Add index.md and kubectl.md to kubectl/generated --- .../reference/kubectl/generated/_index.md | 8 + .../reference/kubectl/generated/kubectl.md | 591 ++++++++++++++++++ 2 files changed, 599 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/_index.md create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/_index.md b/content/zh-cn/docs/reference/kubectl/generated/_index.md new file mode 100644 index 0000000000..1dea8f4ec6 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/_index.md @@ -0,0 +1,8 @@ +--- +title: "kubectl 参考" +weight: 10 +--- + diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl.md new file mode 100644 index 0000000000..720bcdbc82 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl.md @@ -0,0 +1,591 @@ +--- +title: kubectl +content_type: tool-reference +weight: 30 +--- + + +## {{% heading "synopsis" %}} + + +kubectl 用于控制 Kubernetes 集群管理器。 + +参阅更多细节: +https://kubernetes.io/zh-cn/docs/reference/kubectl/ + +```bash +kubectl [flags] +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中的集群名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

-h, --help

+ +kubectl 操作的帮助命令。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl annotate](../kubectl_annotate/) - 更新资源上的注解 +* [kubectl api-resources](../kubectl_api-resources/) - 打印服务器上所支持的 API 资源 +* [kubectl api-versions](../kubectl_api-versions/) - 以“组/版本”的格式输出服务端所支持的 API 版本 +* [kubectl apply](../kubectl_apply/) - 基于文件名或标准输入,将新的配置应用到资源上 +* [kubectl attach](../kubectl_attach/) - 挂接到一个正在运行的容器 + +* [kubectl auth](../kubectl_auth/) - 检查授权信息 +* [kubectl autoscale](../kubectl_autoscale/) - 对一个资源对象 + (Deployment、ReplicaSet 或 ReplicationController)进行自动扩缩 +* [kubectl certificate](../kubectl_certificate/) - 修改证书资源 +* [kubectl cluster-info](../kubectl_cluster-info/) - 显示集群信息 +* [kubectl completion](../kubectl_completion/) - 根据已经给出的 Shell(bash 或 zsh),输出 Shell 补全后的代码 +* [kubectl config](../kubectl_config/) - 修改 kubeconfig 配置文件 + +* [kubectl cordon](../kubectl_cordon/) - 标记节点为不可调度的 +* [kubectl cp](../kubectl_cp/) - 将文件和目录拷入/拷出容器 +* [kubectl create](../kubectl_create/) - 通过文件或标准输入来创建资源 +* [kubectl debug](../kubectl_debug/) - 创建用于排查工作负载和节点故障的调试会话 +* [kubectl delete](../kubectl_delete/) - 通过文件名、标准输入、资源和名字删除资源, + 或者通过资源和标签选择算符来删除资源 + +* [kubectl describe](../kubectl_describe/) - 显示某个资源或某组资源的详细信息 +* [kubectl diff](../kubectl_diff/) - 显示目前版本与将要应用的版本之间的差异 +* [kubectl drain](../kubectl_drain/) - 腾空节点,准备维护 +* [kubectl edit](../kubectl_edit/) - 修改服务器上的某资源 +* [kubectl events](../kubectl_events/) - 列举事件 +* [kubectl exec](../kubectl_exec/) - 在容器中执行命令 +* [kubectl explain](../kubectl_explain/) - 显示资源文档说明 +* [kubectl expose](../kubectl_expose/) - 给定 ReplicationController、Service、Deployment 或 Pod, + 将其暴露为新的 kubernetes Service + +* [kubectl get](../kubectl_get/) - 显示一个或者多个资源 +* [kubectl kustomize](../kubectl_kustomize/) - 基于目录或远程 URL 内容构建 kustomization 目标 +* [kubectl label](../kubectl_label/) - 更新资源的标签 +* [kubectl logs](../kubectl_logs/) - 输出 Pod 中某容器的日志 +* [kubectl options](../kubectl_options/) - 打印所有命令都支持的共有参数列表 +* [kubectl patch](../kubectl_patch/) - 更新某资源中的字段 + +* [kubectl plugin](../kubectl_plugin/) - 提供与插件交互的工具 +* [kubectl port-forward](../kubectl_port-forward/) - 将一个或者多个本地端口转发到 Pod +* [kubectl proxy](../kubectl_proxy/) - 运行一个 kubernetes API 服务器代理 +* [kubectl replace](../kubectl_replace/) - 基于文件名或标准输入替换资源 +* [kubectl rollout](../kubectl_rollout/) - 管理资源的上线 +* [kubectl run](../kubectl_run/) - 在集群中使用指定镜像启动容器 + +* [kubectl scale](../kubectl_scale/) - 为一个 Deployment、ReplicaSet 或 + ReplicationController 设置一个新的规模值 +* [kubectl set](../kubectl_set/) - 为对象设置功能特性 +* [kubectl taint](../kubectl_taint/) - 在一个或者多个节点上更新污点配置 +* [kubectl top](../kubectl_top/) - 显示资源(CPU/内存/存储)使用率 +* [kubectl uncordon](../kubectl_uncordon/) - 标记节点为可调度的 +* [kubectl version](../kubectl_version/) - 打印客户端和服务器的版本信息 +* [kubectl wait](../kubectl_wait/) - 实验级特性:等待一个或多个资源达到某种状态 From 42c806e911a372ce77d903f5f3fe0c5da0f1ec80 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 4 Jun 2024 09:35:58 +0800 Subject: [PATCH 19/89] [zh] Add kubectl/generated/kubectl_logs/ --- .../kubectl/generated/kubectl_logs/_index.md | 762 ++++++++++++++++++ 1 file changed, 762 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_logs/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_logs/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_logs/_index.md new file mode 100644 index 0000000000..a2d536e1bb --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_logs/_index.md @@ -0,0 +1,762 @@ +--- +title: kubectl logs +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +打印 Pod 或指定资源中某个容器的日志。如果 Pod 只有一个容器,则容器名称是可选的。 + +```shell +kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] +``` + +## {{% heading "examples" %}} + + +```shell + # 返回只有一个容器的 nginx Pod 中的快照日志 + kubectl logs nginx + + # 返回有多个容器的 nginx Pod 中的快照日志 + kubectl logs nginx --all-containers=true + + # 返回带 app=nginx 标签定义的 Pod 中所有容器的快照日志 + kubectl logs -l app=nginx --all-containers=true + + # 返回 web-1 Pod 中之前终止的 ruby 容器日志的日志 + kubectl logs -p -c ruby web-1 + + # 开始流式传输 web-1 Pod 中 ruby 容器的日志 + kubectl logs -f -c ruby web-1 + + # 开始流式传输带 app=nginx 标签定义的 Pod 中所有容器的日志 + kubectl logs -f -l app=nginx --all-containers=true + + # 仅显示 nginx Pod 的最近 20 行输出 + kubectl logs --tail=20 nginx + + # 显示 nginx Pod 在过去一小时内写入的所有日志 + kubectl logs --since=1h nginx + + # 显示所提供证书过期的 kubelet 的日志 + kubectl logs --insecure-skip-tls-verify-backend nginx + + # 返回名为 hello 的 Job 的第一个容器的快照日志 + kubectl logs job/hello + + # 返回 nginx Deployment 的 nginx-1 容器的快照日志 + kubectl logs deployment/nginx -c nginx-1 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--all-containers

+ +获取 Pod 中所有容器的日志。 +

-c, --container string

+ +打印指定容器的日志。 +

-f, --follow

+ +指定日志是否应以流式传输。 +

-h, --help

+ +logs 操作的帮助命令。 +

--ignore-errors

+ +如果在监视/跟随 Pod 日志,则允许出现任何非致命的错误。 +

--insecure-skip-tls-verify-backend

+ +跳过请求日志来源的 kubelet 的身份验证。从理论上讲,攻击者可能会提供无效的日志内容。 +如果你的 kubelet 提供的证书已过期,你可能需要使用此参数。 +

--limit-bytes int

+ +要返回的日志的最大字节数。默认为无限制。 +

--max-log-requests int     默认值:5

+ +指定使用选择算符时要遵循的最大并发日志数。默认值为 5。 +

--pod-running-timeout duration     默认值:20s

+ +等待至少一个 Pod 运行的时长(例如 5s、2m 或 3h,大于零)。 +

--prefix

+ +在每行日志前添加日志来源(Pod 名称和容器名称)的前缀。 +

-p, --previous

+ +如果为 true,则打印 Pod 中容器的前一个实例的日志(如果存在)。 +

-l, --selector string

+ +过滤所用的选择算符(标签查询),支持 '='、'==' 和 '!='。 +(例如 -l key1=value1,key2=value2)。匹配的对象必须满足所有指定的标签约束。 +

--since duration

+ +仅返回比相对时长更新的日志,如 5s、2m 或 3h。 +默认返回所有日志。只能使用 since-time 和 since 之一。 +

--since-time string

+ +仅返回特定日期(RFC3339)之后的日志。默认返回所有日志。 +只能使用 since-time 和 since 之一。 +

--tail int     默认值:-1

+ +要显示的最近日志文件的行数。不带选择算符时默认为 -1 将显示所有日志行。 +否则如果提供了选择算符,则为 10。 +

--timestamps

+ +在日志输出的每一行中包含时间戳。 +

+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中的集群名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求所针对的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 用于控制 Kubernetes 集群管理器 From e9c7b069d53affeb15db2c2d6e01607f560a71ff Mon Sep 17 00:00:00 2001 From: shayan Date: Tue, 4 Jun 2024 11:10:02 +0330 Subject: [PATCH 20/89] Modify registry.k8s.io/nginx-slim version from 0.8 to 0.24 --- .../workloads/controllers/statefulset.md | 2 +- .../basic-stateful-set.md | 22 +++++++++---------- .../application/web/web-parallel.yaml | 2 +- content/en/examples/application/web/web.yaml | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/content/en/docs/concepts/workloads/controllers/statefulset.md b/content/en/docs/concepts/workloads/controllers/statefulset.md index 54c06cfb8b..516cb4f60c 100644 --- a/content/en/docs/concepts/workloads/controllers/statefulset.md +++ b/content/en/docs/concepts/workloads/controllers/statefulset.md @@ -101,7 +101,7 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: nginx - image: registry.k8s.io/nginx-slim:0.8 + image: registry.k8s.io/nginx-slim:0.24 ports: - containerPort: 80 name: web diff --git a/content/en/docs/tutorials/stateful-application/basic-stateful-set.md b/content/en/docs/tutorials/stateful-application/basic-stateful-set.md index 35af85aef7..4fe4bb864f 100644 --- a/content/en/docs/tutorials/stateful-application/basic-stateful-set.md +++ b/content/en/docs/tutorials/stateful-application/basic-stateful-set.md @@ -593,7 +593,7 @@ In one terminal window, patch the `web` StatefulSet to change the container image again: ```shell -kubectl patch statefulset web --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"registry.k8s.io/nginx-slim:0.8"}]' +kubectl patch statefulset web --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"registry.k8s.io/nginx-slim:0.24"}]' ``` ``` statefulset.apps/web patched @@ -661,9 +661,9 @@ Get the Pods to view their container images: for p in 0 1 2; do kubectl get pod "web-$p" --template '{{range $i, $c := .spec.containers}}{{$c.image}}{{end}}'; echo; done ``` ``` -registry.k8s.io/nginx-slim:0.8 -registry.k8s.io/nginx-slim:0.8 -registry.k8s.io/nginx-slim:0.8 +registry.k8s.io/nginx-slim:0.24 +registry.k8s.io/nginx-slim:0.24 +registry.k8s.io/nginx-slim:0.24 ``` @@ -705,7 +705,7 @@ Patch the StatefulSet again to change the container image that this StatefulSet uses: ```shell -kubectl patch statefulset web --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"registry.k8s.io/nginx-slim:0.7"}]' +kubectl patch statefulset web --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value":"registry.k8s.io/nginx-slim:0.21"}]' ``` ``` statefulset.apps/web patched @@ -740,7 +740,7 @@ Get the Pod's container image: kubectl get pod web-2 --template '{{range $i, $c := .spec.containers}}{{$c.image}}{{end}}' ``` ``` -registry.k8s.io/nginx-slim:0.8 +registry.k8s.io/nginx-slim:0.24 ``` Notice that, even though the update strategy is `RollingUpdate` the StatefulSet @@ -790,7 +790,7 @@ Get the Pod's container: kubectl get pod web-2 --template '{{range $i, $c := .spec.containers}}{{$c.image}}{{end}}' ``` ``` -registry.k8s.io/nginx-slim:0.7 +registry.k8s.io/nginx-slim:0.21 ``` @@ -834,7 +834,7 @@ Get the `web-1` Pod's container image: kubectl get pod web-1 --template '{{range $i, $c := .spec.containers}}{{$c.image}}{{end}}' ``` ``` -registry.k8s.io/nginx-slim:0.8 +registry.k8s.io/nginx-slim:0.24 ``` `web-1` was restored to its original configuration because the Pod's ordinal @@ -892,9 +892,9 @@ Get the container image details for the Pods in the StatefulSet: for p in 0 1 2; do kubectl get pod "web-$p" --template '{{range $i, $c := .spec.containers}}{{$c.image}}{{end}}'; echo; done ``` ``` -registry.k8s.io/nginx-slim:0.7 -registry.k8s.io/nginx-slim:0.7 -registry.k8s.io/nginx-slim:0.7 +registry.k8s.io/nginx-slim:0.21 +registry.k8s.io/nginx-slim:0.21 +registry.k8s.io/nginx-slim:0.21 ``` By moving the `partition` to `0`, you allowed the StatefulSet to diff --git a/content/en/examples/application/web/web-parallel.yaml b/content/en/examples/application/web/web-parallel.yaml index a6633f476c..3664c63c10 100644 --- a/content/en/examples/application/web/web-parallel.yaml +++ b/content/en/examples/application/web/web-parallel.yaml @@ -30,7 +30,7 @@ spec: spec: containers: - name: nginx - image: registry.k8s.io/nginx-slim:0.8 + image: registry.k8s.io/nginx-slim:0.24 ports: - containerPort: 80 name: web diff --git a/content/en/examples/application/web/web.yaml b/content/en/examples/application/web/web.yaml index 14e2d27e14..6f8f5133ff 100644 --- a/content/en/examples/application/web/web.yaml +++ b/content/en/examples/application/web/web.yaml @@ -29,7 +29,7 @@ spec: spec: containers: - name: nginx - image: registry.k8s.io/nginx-slim:0.7 + image: registry.k8s.io/nginx-slim:0.21 ports: - containerPort: 80 name: web From ff40e286d502eeb4d9ec34ec0add6247a40aadf5 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Tue, 4 Jun 2024 17:54:43 +0800 Subject: [PATCH 21/89] [zh-cn] Localize generated/kubectl_api-versions Signed-off-by: xin.li --- .../generated/kubectl_api-versions/_index.md | 511 ++++++++++++++++++ 1 file changed, 511 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_api-versions/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_api-versions/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_api-versions/_index.md new file mode 100644 index 0000000000..03457f07ff --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_api-versions/_index.md @@ -0,0 +1,511 @@ +--- +title: kubectl api-versions +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +以 "group/version" 的形式打印服务器支持的 API 版本。 + +``` +kubectl api-versions +``` + +## {{% heading "examples" %}} + +``` + # Print the supported API versions + kubectl api-versions +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
-h, --help
+

+ +关于 api-versions 的帮助信息。 +

+
+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port。 +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string
+

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

+
--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 From 4347f643691d97f64ec9d4b92ae3d26a828fdc06 Mon Sep 17 00:00:00 2001 From: Eduardo Salazar Carrillo <122764571+eduardoSalazarCarrillo@users.noreply.github.com> Date: Tue, 4 Jun 2024 09:31:33 -0600 Subject: [PATCH 22/89] Adding suggestions --- .../es/docs/concepts/architecture/leases.md | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/content/es/docs/concepts/architecture/leases.md b/content/es/docs/concepts/architecture/leases.md index 9b03b17e6b..af89fe6133 100644 --- a/content/es/docs/concepts/architecture/leases.md +++ b/content/es/docs/concepts/architecture/leases.md @@ -13,18 +13,18 @@ Los sistemas distribuidos suelen necesitar _arrendamientos_, que proporcionan un y coordinar la actividad entre los miembros de un conjunto. En Kubernetes, el concepto de arrendamiento está representado por objetos [Lease](/docs/reference/kubernetes-api/cluster-resources/lease-v1/) en el {{< glossary_tooltip text="grupo API" term_id="api-group" >}} de `coordination.k8s.io`, -que se utilizan para capacidades críticas del sistema, como los latidos del nodo y la elección del líder a nivel de componente. +que se utilizan para capacidades críticas del sistema, como los heartbeats del nodo y la elección del líder a nivel de componente. -## Latidos del nodo {#node-heart-beats} +## Heartbeats del nodo {#node-heart-beats} -Kubernetes utiliza la API Lease para comunicar los latidos de los nodos kubelet al servidor API de Kubernetes. -Para cada `Nodo` , existe un objeto `Lease` con un nombre coincidente en el espacio de nombres `kube-node-lease`. -Bajo el capó, cada latido kubelet es una solicitud **update** a este objeto `Lease`, actualizando +Kubernetes utiliza la API Lease para comunicar los heartbeats de los nodos kubelet al servidor API de Kubernetes. +Para cada `Nodo` , existe un objeto `Lease` con un nombre que coincide en el espacio de nombres `kube-node-lease`. +Analizando a detalle, cada hearbeat es una solicitud **update** a este objeto `Lease`, actualizando el campo `spec.renewTime` del objeto Lease. El plano de control de Kubernetes utiliza la marca de tiempo de este campo para determinar la disponibilidad de este «Nodo». -Véase [Objetos Lease de nodos](/docs/concepts/architecture/nodes/#heartbeats) para más detalles. +Ve [Objetos Lease de nodos](/docs/concepts/architecture/nodes/#heartbeats) para más detalles. ## Elección del líder Kubernetes también utiliza Leases para asegurar que sólo una instancia de un componente se está ejecutando en un momento dado. @@ -38,12 +38,12 @@ instancias están en espera. A partir de Kubernetes v1.26, cada `kube-apiserver` utiliza la API Lease para publicar su identidad al resto del sistema. Aunque no es particularmente útil por sí mismo, esto proporciona un mecanismo para que los clientes -descubrir cuántas instancias de `kube-apiserver` están operando el plano de control de Kubernetes. +puedan descubrir cuántas instancias de `kube-apiserver` están operando el plano de control de Kubernetes. La existencia de los objetos leases de kube-apiserver permite futuras capacidades que pueden requerir la coordinación entre cada kube-apiserver. -Puede inspeccionar los leases de cada kube-apiserver buscando objetos leases en el espacio de nombres `kube-system` -con el nombre `kube-apiserver-`. También puede utilizar el selector de etiquetas `apiserver.kubernetes.io/identity=kube-apiserver`: +Puedes inspeccionar los leases de cada kube-apiserver buscando objetos leases en el namespace `kube-system` +con el nombre `kube-apiserver-`. También puedes utilizar el selector de etiquetas `apiserver.kubernetes.io/identity=kube-apiserver`: ```shell kubectl -n kube-system get lease -l apiserver.kubernetes.io/identity=kube-apiserver @@ -55,9 +55,10 @@ apiserver-7be9e061c59d368b3ddaf1376e apiserver-7be9e061c59d368b3ddaf1376e apiserver-1dfef752bcb36637d2763d1868 apiserver-1dfef752bcb36637d2763d1868_c5ffa286-8a9a-45d4-91e7-61118ed58d2e 4m43s ``` + El hash SHA256 utilizado en el nombre del lease se basa en el nombre de host del sistema operativo visto por ese servidor API. Cada kube-apiserver debe ser configurado para utilizar un nombre de host que es único dentro del clúster. Las nuevas instancias de kube-apiserver que utilizan el mismo nombre de host -asumirán los leases existentes utilizando una nueva identidad de titular, en lugar de instanciar nuevos objetos leases. Puede comprobar el +asumirán los leases existentes utilizando una nueva identidad de titular, en lugar de instanciar nuevos objetos leases. Puedes comprobar el nombre de host utilizado por kube-apiserver comprobando el valor de la etiqueta `kubernetes.io/hostname`: ```shell @@ -83,21 +84,20 @@ spec: Los leases caducados de los kube-apiservers que ya no existen son recogidos por los nuevos kube-apiservers después de 1 hora. -Puede desactivar el lease de identidades del servidor API desactivando la opción `APIServerIdentity` de la [puerta de función](/docs/reference/command-line-tools-reference/feature-gates/). +Puedes desactivar el lease de identidades del servidor API desactivando la opción `APIServerIdentity` de los [interruptores de funcionalidades](/docs/reference/command-line-tools-reference/feature-gates/). ## Cargas de trabajo {#custom-workload} -Su propia carga de trabajo puede definir su propio uso de los leases. Por ejemplo, puede ejecutar un +Tu propia carga de trabajo puede definir su propio uso de los leases. Por ejemplo, puede ejecutar un {{< glossary_tooltip term_id=controller text=controlador >}} en la que un miembro principal o líder -realiza operaciones que sus compañeros no realizan. Usted define un Lease para que las réplicas del controlador puedan seleccionar +realiza operaciones que sus compañeros no realizan. Tú defines un Lease para que las réplicas del controlador puedan seleccionar o elegir un líder, utilizando la API de Kubernetes para la coordinación. -Si utiliza un lease, es una buena práctica definir un nombre para el lease que esté obviamente vinculado a -el producto o componente. Por ejemplo, si tiene un componente denominado Ejemplo Foo, utilice un lease denominado +Si utilizas un lease, es una buena práctica definir un nombre para el lease que esté obviamente vinculado a +el producto o componente. Por ejemplo, si tienes un componente denominado Ejemplo Foo, utilice un lease denominado `ejemplo-foo`. -Si un operador de clúster u otro usuario final puede desplegar varias instancias de un componente, seleccione un nombre -prefijo y elija un mecanismo (como el hash del nombre del despliegue) para evitar colisiones de nombres +Si un operador de clúster u otro usuario final puede desplegar varias instancias de un componente, selecciona un nombre +prefijo y elije un mecanismo (como el hash del nombre del despliegue) para evitar colisiones de nombres para los leases. -Puede utilizar otro enfoque siempre que consiga el mismo resultado: los distintos productos de software no entran en conflicto entre sí. -no entren en conflicto entre sí. \ No newline at end of file +Puedes utilizar otro enfoque siempre que consigas el mismo resultado: los distintos productos de software no entren en conflicto entre sí. \ No newline at end of file From 742bf427c6abefee2f70f0a6252cbe3d8c3b917f Mon Sep 17 00:00:00 2001 From: Eduardo Salazar Carrillo <122764571+eduardoSalazarCarrillo@users.noreply.github.com> Date: Tue, 4 Jun 2024 09:39:21 -0600 Subject: [PATCH 23/89] Adding suggetions --- content/es/docs/concepts/architecture/leases.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/es/docs/concepts/architecture/leases.md b/content/es/docs/concepts/architecture/leases.md index af89fe6133..918d3a6b8c 100644 --- a/content/es/docs/concepts/architecture/leases.md +++ b/content/es/docs/concepts/architecture/leases.md @@ -1,5 +1,5 @@ --- -title: Arrendamientos +title: Leases api_metadata: - apiVersion: "coordination.k8s.io/v1" kind: "Lease" @@ -9,9 +9,9 @@ weight: 30 -Los sistemas distribuidos suelen necesitar _arrendamientos_, que proporcionan un mecanismo para bloquear recursos compartidos +Los sistemas distribuidos suelen necesitar _leases_, que proporcionan un mecanismo para bloquear recursos compartidos y coordinar la actividad entre los miembros de un conjunto. -En Kubernetes, el concepto de arrendamiento está representado por objetos [Lease](/docs/reference/kubernetes-api/cluster-resources/lease-v1/) +En Kubernetes, el concepto de lease (arrendamiento) está representado por objetos [Lease](/docs/reference/kubernetes-api/cluster-resources/lease-v1/) en el {{< glossary_tooltip text="grupo API" term_id="api-group" >}} de `coordination.k8s.io`, que se utilizan para capacidades críticas del sistema, como los heartbeats del nodo y la elección del líder a nivel de componente. From 0e0555fb545cef19d4c833399097af985e522b4e Mon Sep 17 00:00:00 2001 From: Eduardo Salazar Carrillo <122764571+eduardoSalazarCarrillo@users.noreply.github.com> Date: Tue, 4 Jun 2024 09:40:47 -0600 Subject: [PATCH 24/89] Suggetions --- content/es/docs/concepts/architecture/leases.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/es/docs/concepts/architecture/leases.md b/content/es/docs/concepts/architecture/leases.md index 918d3a6b8c..144d9193f3 100644 --- a/content/es/docs/concepts/architecture/leases.md +++ b/content/es/docs/concepts/architecture/leases.md @@ -27,6 +27,7 @@ para determinar la disponibilidad de este «Nodo». Ve [Objetos Lease de nodos](/docs/concepts/architecture/nodes/#heartbeats) para más detalles. ## Elección del líder + Kubernetes también utiliza Leases para asegurar que sólo una instancia de un componente se está ejecutando en un momento dado. Esto lo utilizan componentes del plano de control como `kube-controller-manager` y `kube-scheduler` en configuraciones de HA, donde sólo una instancia del componente debe estar ejecutándose activamente mientras las otras From 338e872afbb6983719f7672c3882bf9aa0737631 Mon Sep 17 00:00:00 2001 From: Eduardo Salazar Carrillo <122764571+eduardoSalazarCarrillo@users.noreply.github.com> Date: Tue, 4 Jun 2024 09:41:03 -0600 Subject: [PATCH 25/89] Update content/es/docs/concepts/architecture/leases.md Co-authored-by: Victor Morales --- content/es/docs/concepts/architecture/leases.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/es/docs/concepts/architecture/leases.md b/content/es/docs/concepts/architecture/leases.md index 144d9193f3..209040aa98 100644 --- a/content/es/docs/concepts/architecture/leases.md +++ b/content/es/docs/concepts/architecture/leases.md @@ -28,6 +28,7 @@ Ve [Objetos Lease de nodos](/docs/concepts/architecture/nodes/#heartbeats) para ## Elección del líder + Kubernetes también utiliza Leases para asegurar que sólo una instancia de un componente se está ejecutando en un momento dado. Esto lo utilizan componentes del plano de control como `kube-controller-manager` y `kube-scheduler` en configuraciones de HA, donde sólo una instancia del componente debe estar ejecutándose activamente mientras las otras From 5de3b0fca32b6194af04646db26a63248af08b85 Mon Sep 17 00:00:00 2001 From: Eduardo Salazar Carrillo <122764571+eduardoSalazarCarrillo@users.noreply.github.com> Date: Tue, 4 Jun 2024 09:41:11 -0600 Subject: [PATCH 26/89] Update content/es/docs/concepts/architecture/leases.md Co-authored-by: Victor Morales --- content/es/docs/concepts/architecture/leases.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/es/docs/concepts/architecture/leases.md b/content/es/docs/concepts/architecture/leases.md index 209040aa98..8934f4f925 100644 --- a/content/es/docs/concepts/architecture/leases.md +++ b/content/es/docs/concepts/architecture/leases.md @@ -58,6 +58,7 @@ apiserver-1dfef752bcb36637d2763d1868 apiserver-1dfef752bcb36637d2763d1868 ``` + El hash SHA256 utilizado en el nombre del lease se basa en el nombre de host del sistema operativo visto por ese servidor API. Cada kube-apiserver debe ser configurado para utilizar un nombre de host que es único dentro del clúster. Las nuevas instancias de kube-apiserver que utilizan el mismo nombre de host asumirán los leases existentes utilizando una nueva identidad de titular, en lugar de instanciar nuevos objetos leases. Puedes comprobar el From 91ba3c31746927888c863a5fcf5b12bccd0094be Mon Sep 17 00:00:00 2001 From: Joe Betz Date: Tue, 4 Jun 2024 12:46:23 -0400 Subject: [PATCH 27/89] Fix feature gate name to match code --- .../feature-gates/name-generation-retries.md | 2 +- .../feature-gates/name-generation-retries.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md index 6f654f89fa..a2d0018e7f 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md @@ -1,5 +1,5 @@ --- -title: NameGenerationRetries +title: RetryGenerateName content_type: feature_gate _build: diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md index 5e2a05ba20..35e194a0c0 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md @@ -1,5 +1,5 @@ --- -title: NameGenerationRetries +title: RetryGenerateName content_type: feature_gate _build: From c2dce351a56b7edc2d27863f22eac4a744ef906a Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Tue, 4 Jun 2024 18:11:26 +0800 Subject: [PATCH 28/89] [zh-cn] Localize generated/kubectl_completion Signed-off-by: xin.li --- .../generated/kubectl_completion/_index.md | 634 ++++++++++++++++++ 1 file changed, 634 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_completion/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_completion/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_completion/_index.md new file mode 100644 index 0000000000..4d3fa1cb3b --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_completion/_index.md @@ -0,0 +1,634 @@ +--- +title: kubectl completion +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +输出指定 shell(bash、zsh、fish 或 powershell)的 shell 补全代码。 +必须评估 shell 代码才能提供 kubectl 命令的交互式补全,这可以通过从 .bash_profile 中获取它来完成。 + +有关如何执行此操作的详细说明请参见此处: + +- 对于 macOS: + https://kubernetes.io/docs/tasks/tools/install-kubectl-macos/#enable-shell-autocompletion + +- 对于 Linux: + https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#enable-shell-autocompletion + +- 对于 Windows: + https://kubernetes.io/docs/tasks/tools/install-kubectl-windows/#enable-shell-autocompletion + + + zsh 用户注意事项:[1] zsh 补全仅支持 zsh >= 5.2 版本。 + +``` +kubectl completion SHELL +``` + +## {{% heading "examples" %}} + + +``` + # 使用 homebrew 在 macOS 上安装 bash-completion + ## 如果运行 macOS 附带的 Bash 3.2 + brew install bash-completion + ## 或者,如果运行的是 Bash 4.1+ + brew install bash-completion@2 + ## 如果通过 homebrew 安装了 kubectl,Shell 补全应该能够立即起作用 + ## 如果你通过其他方式安装,则可能需要将新的补全数据添加到补全目录中 + kubectl completion bash > $(brew --prefix)/etc/bash_completion.d/kubectl + + + # 在 Linux 上安装 bash 补全 + ## 如果 Linux 上未安装 bash-completion,请通过发行版的包管理器安装 "bash-completion" 包。 + ## 将 bash 的 kubectl 补全代码加载到当前 shell 中 + source <(kubectl completion bash) + ## 将 bash 补全代码写入文件并从 .bash_profile 中引用之 + kubectl completion bash > ~/.kube/completion.bash.inc + printf " + # kubectl shell completion + source '$HOME/.kube/completion.bash.inc' + " >> $HOME/.bash_profile + source $HOME/.bash_profile + + # 将 zsh[1] 的 kubectl 补全代码加载到当前 shell 中 + source <(kubectl completion zsh) + # 将 zsh[1] 的 kubectl 补全代码设置为在启动时自动加载 + kubectl completion zsh > "${fpath[1]}/_kubectl" + + + # 将 fish[2] 的 kubectl 补全代码加载到当前 shell 中 + kubectl completion fish | source + # 要为每个会话都加载补全代码,请执行一次如下命令: + kubectl completion fish > ~/.config/fish/completions/kubectl.fish + + # 将 powershell 的 kubectl 补全代码加载到当前 shell 中 + kubectl completion powershell | Out-String | Invoke-Expression + # 设置 powershell 的 kubectl 补全代码在启动时运行 + ## 将补全代码保存到脚本并在配置文件中执行 + kubectl completion powershell > $HOME\.kube\completion.ps1 + Add-Content $PROFILE "$HOME\.kube\completion.ps1" + ## 执行配置文件中的补全代码 + Add-Content $PROFILE "if (Get-Command kubectl -ErrorAction SilentlyContinue) { + kubectl completion powershell | Out-String | Invoke-Expression + }" + ## 直接将补全代码添加到 $PROFILE 脚本 + kubectl completion powershell >> $PROFILE +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
-h, --help
+

+ +关于 completion 的帮助信息。 +

+
+ + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port。 +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string
+

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

+
--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 From ddecc6502d25336acebeb886317b4a7ba285348f Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Tue, 4 Jun 2024 18:28:33 +0800 Subject: [PATCH 29/89] [zh-cn] Localize generated/kubectl_exec Signed-off-by: xin.li --- .../kubectl/generated/kubectl_exec/_index.md | 642 ++++++++++++++++++ 1 file changed, 642 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_exec/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_exec/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_exec/_index.md new file mode 100644 index 0000000000..821ac56439 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_exec/_index.md @@ -0,0 +1,642 @@ +--- +title: kubectl exec +content_type: tool-reference +weight: 30 +no_list: true +--- + + + +## {{% heading "synopsis" %}} + + +在容器中执行命令。 + +``` +kubectl exec (POD | TYPE/NAME) [-c CONTAINER] [flags] -- COMMAND [args...] +``` + +## {{% heading "examples" %}} + + +``` + # 在 Pod mypod 中执行 'date' 命令获取输出,默认在第一个容器中执行 + kubectl exec mypod -- date + + # 在 Pod mypod 的 ruby-container 容器中执行 'date' 命令并获取输出 + kubectl exec mypod -c ruby-container -- date + + # 切换到原始终端模式;从 Pod mypod 将 stdin 发送到 ruby-container 中的 'bash', + # 并将 stdout/stderr 从 'bash' 发送回客户端 + kubectl exec mypod -c ruby-container -i -t -- bash -il + + # 在 Pod mypod 的第一个容器中列出 /usr 的内容,并按修改时间排序 + # 如果你要在 Pod 中执行的命令具有任何与 kubectl 本身重叠的标志(例如 -i), + # 则必须使用两个破折号(--)来分隔命令的标志/参数 + # 另请注意,不要用引号括住你的命令及其标志/参数, + # 除非这是你正常执行它的方式(即执行 ls -t /usr,而不是 "ls -t /usr") + kubectl exec mypod -i -t -- ls -t /usr + + # 在 Deployment mydeployment 中的第一个 Pod 运行 'date' 命令并获取输出,默认使用 Pod 的第一个容器 + kubectl exec deploy/mydeployment -- date + + # 在 Service myservice 的第一个 Pod 运行 'date' 命令并获取输出,默认使用 Pod 的第一个容器 + kubectl exec svc/myservice -- date +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
-c, --container string
+

+ +容器名称。 +如果省略,则使用 kubectl.kubernetes.io/default-container 注解来选择要挂接的容器, +否则将选择 Pod 中的第一个容器。 +

-f, --filename strings
+

+ +用于在资源中执行的文件。 +

-h, --help
+

+ +关于 exec 的帮助信息。 +

--pod-running-timeout duration     默认:1m0s
+

+ +等待至少一个 Pod 运行的时间长度(例如 5 秒、2 分钟或 3 小时,大于零)。 +

-q, --quiet
+

+ +仅打印远程会话的输出。 +

+
-i, --stdin
+

+ +将 stdin 传递给容器。 +

+
-t, --tty
+

+ +Stdin 是一个 TTY。 +

+
+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

+
--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

+
--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port。 +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

+
--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

+
--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 From 79ed05aa91913c1e2a8ca3b44dad7e34419b91c7 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Tue, 4 Jun 2024 18:35:06 +0800 Subject: [PATCH 30/89] [zh-cn] Localize generated/kubectl_options Signed-off-by: xin.li --- .../generated/kubectl_options/_index.md | 513 ++++++++++++++++++ 1 file changed, 513 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_options/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_options/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_options/_index.md new file mode 100644 index 0000000000..37f949f8b0 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_options/_index.md @@ -0,0 +1,513 @@ +--- +title: kubectl options +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +打印被所有命令继承的标志列表。 + +``` +kubectl options [flags] +``` + +## {{% heading "examples" %}} + + +``` +# 打印被所有命令继承的标志 +kubectl options +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
-h, --help
+

+ +关于 options 的帮助信息。 +

+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port。 +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string
+

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

+
--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 From 9923b3b8bcf32911943bcaf79f91ca74c4e6aab1 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Tue, 4 Jun 2024 18:40:45 +0800 Subject: [PATCH 31/89] [zh-cn] Localize kubectl_plugin/_index.md Signed-off-by: xin.li --- .../generated/kubectl_plugin/_index.md | 515 ++++++++++++++++++ 1 file changed, 515 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_plugin/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_plugin/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_plugin/_index.md new file mode 100644 index 0000000000..e340d87d35 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_plugin/_index.md @@ -0,0 +1,515 @@ +--- +title: kubectl plugin +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +提供与插件交互的实用程序。 + +插件提供主要命令行发布版本所不具备的扩展功能,请参阅文档和示例以获取有关如何编写自己的插件的更多信息。 + +发现和安装插件的最简单方法是通过 kubernetes 子项目 krew,要安装 krew 请参阅 +[krew.sigs.k8s.io](https://krew.sigs.k8s.io/docs/user-guide/setup/install/)。 + +``` +kubectl plugin [flags] +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
-h, --help
+

+ +关于 plugin 的帮助信息。 +

+
+ + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port。 +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string
+

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

+
--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 From dfade72f95aa968da9ef1c58286557fc5732b509 Mon Sep 17 00:00:00 2001 From: steve-hardman <132999137+steve-hardman@users.noreply.github.com> Date: Wed, 5 Jun 2024 02:44:28 +0100 Subject: [PATCH 32/89] Fix feature state --- content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md b/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md index 2bae4e6c9b..f42f254300 100644 --- a/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md +++ b/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md @@ -7,7 +7,7 @@ description: Configure and manage huge pages as a schedulable resource in a clus --- -{{< feature-state state="stable" >}} +{{< feature-state feature_gate_name="HugePage" >}} Kubernetes supports the allocation and consumption of pre-allocated huge pages by applications in a Pod. This page describes how users can consume huge pages. From 39bd5c2ffde25cdc80ea87ca368f8d20f077c06e Mon Sep 17 00:00:00 2001 From: windsonsea Date: Wed, 5 Jun 2024 09:41:53 +0800 Subject: [PATCH 33/89] [zh] Sync a task: reserve-compute-resources.md --- .../reserve-compute-resources.md | 206 +++++++++--------- 1 file changed, 103 insertions(+), 103 deletions(-) diff --git a/content/zh-cn/docs/tasks/administer-cluster/reserve-compute-resources.md b/content/zh-cn/docs/tasks/administer-cluster/reserve-compute-resources.md index eeee1b4138..40916de09f 100644 --- a/content/zh-cn/docs/tasks/administer-cluster/reserve-compute-resources.md +++ b/content/zh-cn/docs/tasks/administer-cluster/reserve-compute-resources.md @@ -1,7 +1,6 @@ --- title: 为系统守护进程预留计算资源 content_type: task -min-kubernetes-server-version: 1.8 weight: 290 --- @@ -38,14 +36,14 @@ Kubernetes 推荐集群管理员按照每个节点上的工作负载密度配置 ## {{% heading "prerequisites" %}} -{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} +{{< include "task-tutorial-prereqs.md" >}} + -你的 kubernetes 服务器版本必须至少是 1.17 版本,才能使用 kubelet -命令行选项 `--reserved-cpus` 设置[显式预留 CPU 列表](#explicitly-reserved-cpu-list)。 +你可以使用 [kubelet 配置文件](/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/)来配置以下 +kubelet [设置](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)。 @@ -80,22 +78,21 @@ Kubernetes 节点上的 'Allocatable' 被定义为 Pod 可用计算资源量。 ### Enabling QoS and Pod level cgroups To properly enforce node allocatable constraints on the node, you must -enable the new cgroup hierarchy via the `--cgroups-per-qos` flag. This flag is +enable the new cgroup hierarchy via the `cgroupsPerQOS` setting. This setting is enabled by default. When enabled, the `kubelet` will parent all end-user pods under a cgroup hierarchy managed by the `kubelet`. --> ### 启用 QoS 和 Pod 级别的 cgroups {#enabling-qos-and-pod-level-cgroups} -为了恰当地在节点范围实施节点可分配约束,你必须通过 `--cgroups-per-qos` -标志启用新的 cgroup 层次结构。这个标志是默认启用的。 +为了恰当地在节点范围实施节点可分配约束,你必须通过 `cgroupsPerQOS` +设置启用新的 cgroup 层次结构。这个设置是默认启用的。 启用后,`kubelet` 将在其管理的 cgroup 层次结构中创建所有终端用户的 Pod。 ### Kube 预留值 {#kube-reserved} -- **Kubelet 标志**:`--kube-reserved=[cpu=100m][,][memory=100Mi][,][ephemeral-storage=1Gi][,][pid=1000]` -- **Kubelet 标志**:`--kube-reserved-cgroup=` +- **KubeletConfiguration 设置**:`kubeReserved: {}`。 + 示例值 `{cpu: 100m, memory: 100Mi, ephemeral-storage: 1Gi, pid=1000}` +- **KubeletConfiguration 设置**:`kubeReservedCgroup: ""` -`kube-reserved` 用来给诸如 `kubelet`、容器运行时、节点问题监测器等 +`kubeReserved` 用来给诸如 `kubelet`、容器运行时等 Kubernetes 系统守护进程记述其资源预留值。 -该配置并非用来给以 Pod 形式运行的系统守护进程预留资源。`kube-reserved` +该配置并非用来给以 Pod 形式运行的系统守护进程预留资源。`kubeReserved` 通常是节点上 `Pod 密度` 的函数。 除了 `cpu`、`内存` 和 `ephemeral-storage` 之外,`pid` 可用来指定为 Kubernetes 系统守护进程预留指定数量的进程 ID。 -要选择性地对 Kubernetes 系统守护进程上执行 `kube-reserved` 保护,需要把 kubelet 的 -`--kube-reserved-cgroup` 标志的值设置为 kube 守护进程的父控制组。 +要选择性地对 Kubernetes 系统守护进程上执行 `kubeReserved` 保护,需要把 kubelet 的 +`kubeReservedCgroup` 设置的值设为 kube 守护进程的父控制组, +并[将 `kube-reserved` 添加到 `enforceNodeAllocatable`](#enforcing-node-allocatable)。 -推荐将 Kubernetes 系统守护进程放置于顶级控制组之下(例如 systemd 机器上的 -`runtime.slice`)。 +推荐将 Kubernetes 系统守护进程放置于顶级控制组之下(例如 systemd 机器上的 `runtime.slice`)。 理想情况下每个系统守护进程都应该在其自己的子控制组中运行。 请参考[这个设计方案](https://git.k8s.io/design-proposals-archive/node/node-allocatable.md#recommended-cgroups-setup), 进一步了解关于推荐控制组层次结构的细节。 -请注意,如果 `--kube-reserved-cgroup` 不存在,Kubelet 将 **不会** 创建它。 +请注意,如果 `kubeReservedCgroup` 不存在,Kubelet 将 **不会** 创建它。 如果指定了一个无效的 cgroup,Kubelet 将会无法启动。就 `systemd` cgroup 驱动而言, 你要为所定义的 cgroup 设置名称时要遵循特定的模式: -所设置的名字应该是你为 `--kube-reserved-cgroup` 所给的参数值加上 `.slice` 后缀。 +所设置的名字应该是你为 `kubeReservedCgroup` 所给的参数值加上 `.slice` 后缀。 ### 系统预留值 {#system-reserved} -- **Kubelet 标志**:`--system-reserved=[cpu=100m][,][memory=100Mi][,][ephemeral-storage=1Gi][,][pid=1000]` -- **Kubelet 标志**:`--system-reserved-cgroup=` +- **KubeletConfiguration 设置**:`systemReserved: {}`。 + 示例值 `{cpu: 100m, memory: 100Mi, ephemeral-storage: 1Gi, pid=1000}` +- **KubeletConfiguration 设置**:`systemReservedCgroup: ""` -`system-reserved` 用于为诸如 `sshd`、`udev` 等系统守护进程记述其资源预留值。 -`system-reserved` 也应该为 `kernel` 预留 `内存`,因为目前 `kernel` +`systemReserved` 用于为诸如 `sshd`、`udev` 等系统守护进程记述其资源预留值。 +`systemReserved` 也应该为 `kernel` 预留 `内存`,因为目前 `kernel` 使用的内存并不记在 Kubernetes 的 Pod 上。 同时还推荐为用户登录会话预留资源(systemd 体系中的 `user.slice`)。 @@ -217,30 +216,31 @@ daemons. Kubernetes 系统守护进程预留指定数量的进程 ID。 -要想为系统守护进程上可选地实施 `system-reserved` 约束,请指定 kubelet 的 -`--system-reserved-cgroup` 标志值为 OS 系统守护进程的父级控制组。 +要想为系统守护进程上可选地实施 `systemReserved` 约束,请指定 kubelet 的 +`systemReservedCgroup` 设置值为 OS 系统守护进程的父级控制组, +并[将 `system-reserved` 添加到 `enforceNodeAllocatable`](#enforcing-node-allocatable)。 推荐将 OS 系统守护进程放在一个顶级控制组之下(例如 systemd 机器上的 `system.slice`)。 -请注意,如果 `--system-reserved-cgroup` 不存在,`kubelet` **不会** 创建它。 +请注意,如果 `systemReservedCgroup` 不存在,`kubelet` **不会** 创建它。 如果指定了无效的 cgroup,`kubelet` 将会失败。就 `systemd` cgroup 驱动而言, 你在指定 cgroup 名字时要遵循特定的模式: -该名字应该是你为 `--system-reserved-cgroup` 参数所设置的值加上 `.slice` 后缀。 +该名字应该是你为 `systemReservedCgroup` 参数所设置的值加上 `.slice` 后缀。 -**Kubelet 标志**: `--reserved-cpus=0-3` -**KubeletConfiguration 标志**:`reservedSystemCPUs: 0-3` +**KubeletConfiguration 设置**:`reservedSystemCPUs:`。示例值 `0-3` -`reserved-cpus` 旨在为操作系统守护程序和 Kubernetes 系统守护程序预留一组明确指定编号的 CPU。 -`reserved-cpus` 适用于不打算针对 cpuset 资源为操作系统守护程序和 Kubernetes +`reservedSystemCPUs` 旨在为操作系统守护程序和 Kubernetes 系统守护程序预留一组明确指定编号的 CPU。 +`reservedSystemCPUs` 适用于不打算针对 cpuset 资源为操作系统守护程序和 Kubernetes 系统守护程序定义独立的顶级 cgroups 的系统。 -如果 Kubelet **没有** 指定参数 `--system-reserved-cgroup` 和 `--kube-reserved-cgroup`, -则 `reserved-cpus` 的设置将优先于 `--kube-reserved` 和 `--system-reserved` 选项。 +如果 Kubelet **没有** 指定参数 `kubeReservedCgroup` 和 `systemReservedCgroup`, +则 `reservedSystemCPUs` 的设置将优先于 `kubeReservedCgroup` 和 `systemReservedCgroup` 选项。 ### 驱逐阈值 {#eviction-Thresholds} -**Kubelet 标志**:`--eviction-hard=[memory.available<500Mi]` +**KubeletConfiguration 设置**: +`evictionHard: {memory.available: "100Mi", nodefs.available: "10%", nodefs.inodesFree: "5%", imagefs.available: "15%"}`。 +示例值: `{memory.available: "<500Mi"}` 节点级别的内存压力将导致系统内存不足,这将影响到整个节点及其上运行的所有 Pod。 节点可以暂时离线直到内存已经回收为止。为了防止系统内存不足(或减少系统内存不足的可能性), kubelet 提供了[资源不足](/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction/)管理。 驱逐操作只支持 `memory` 和 `ephemeral-storage`。 -通过 `--eviction-hard` 标志预留一些内存后,当节点上的可用内存降至预留值以下时, +通过 `evictionHard` 设置预留一些内存后,当节点上的可用内存降至预留值以下时, `kubelet` 将尝试驱逐 Pod。 如果节点上不存在系统守护进程,Pod 将不能使用超过 `capacity-eviction-hard` 所指定的资源量。 因此,为驱逐而预留的资源对 Pod 是不可用的。 @@ -321,13 +321,14 @@ kubelet 提供了[资源不足](/zh-cn/docs/concepts/scheduling-eviction/node-pr ### 实施节点可分配约束 {#enforcing-node-allocatable} -**Kubelet 标志**:`--enforce-node-allocatable=pods[,][system-reserved][,][kube-reserved]` +**KubeletConfiguration 设置**:`enforceNodeAllocatable: [pods]`。 +示例值:`[pods,system-reserved,kube-reserved]` 调度器将 'Allocatable' 视为 Pod 可用的 `capacity`(资源容量)。 @@ -337,35 +338,35 @@ by evicting pods whenever the overall usage across all pods exceeds 'Allocatable'. More details on eviction policy can be found on the [node pressure eviction](/docs/concepts/scheduling-eviction/node-pressure-eviction/) page. This enforcement is controlled by -specifying `pods` value to the kubelet flag `--enforce-node-allocatable`. +specifying `pods` value to the KubeletConfiguration setting `enforceNodeAllocatable`. --> `kubelet` 默认对 Pod 执行 'Allocatable' 约束。 无论何时,如果所有 Pod 的总用量超过了 'Allocatable',驱逐 Pod 的措施将被执行。 有关驱逐策略的更多细节可以在[节点压力驱逐](/zh-cn/docs/concepts/scheduling-eviction/pod-priority-preemption/)页找到。 -可通过设置 kubelet `--enforce-node-allocatable` 标志值为 `pods` 控制这个措施。 +可将 KubeletConfiguration `enforceNodeAllocatable` 设置为 `pods` 值来控制这个措施。 -可选地,通过在同一标志中同时指定 `kube-reserved` 和 `system-reserved` 值, -可以使 `kubelet` 强制实施 `kube-reserved` 和 `system-reserved` 约束。 -请注意,要想执行 `kube-reserved` 或者 `system-reserved` 约束, -需要对应设置 `--kube-reserved-cgroup` 或者 `--system-reserved-cgroup`。 +可选地,通过在同一设置中同时指定 `kube-reserved` 和 `system-reserved` 值, +可以使 `kubelet` 强制实施 `kubeReserved` 和 `systemReserved` 约束。 +请注意,要想执行 `kubeReserved` 或者 `systemReserved` 约束, +需要对应设置 `kubeReservedCgroup` 或者 `systemReservedCgroup`。 ## 一般原则 {#general-guidelines} @@ -373,32 +374,32 @@ resources if `kube-reserved` is enforced. [Guaranteed 的 Pod](/zh-cn/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed) 一样对待。 系统守护进程可以在与其对应的控制组中出现突发资源用量,这一行为要作为 Kubernetes 部署的一部分进行管理。 -例如,`kubelet` 应该有它自己的控制组并和容器运行时共享 `kube-reserved` 资源。 -不过,如果执行了 `kube-reserved` 约束,则 kubelet 不可出现突发负载并用光节点的所有可用资源。 +例如,`kubelet` 应该有它自己的控制组并和容器运行时共享 `kubeReserved` 资源。 +不过,如果执行了 `kubeReserved` 约束,则 kubelet 不可出现突发负载并用光节点的所有可用资源。 -在执行 `system-reserved` 预留策略时请加倍小心,因为它可能导致节点上的关键系统服务出现 CPU 资源短缺、 +在执行 `systemReserved` 预留策略时请加倍小心,因为它可能导致节点上的关键系统服务出现 CPU 资源短缺、 因为内存不足而被终止或者无法在节点上创建进程。 建议只有当用户详尽地描述了他们的节点以得出精确的估计值, 并且对该组中进程因内存不足而被杀死时,有足够的信心将其恢复时, -才可以强制执行 `system-reserved` 策略。 +才可以强制执行 `systemReserved` 策略。 * 作为起步,可以先针对 `pods` 上执行 'Allocatable' 约束。 -* 一旦用于追踪系统守护进程的监控和告警的机制到位,可尝试基于用量估计的方式执行 `kube-reserved` 策略。 -* 随着时间推进,在绝对必要的时候可以执行 `system-reserved` 策略。 +* 一旦用于追踪系统守护进程的监控和告警的机制到位,可尝试基于用量估计的方式执行 `kubeReserved` 策略。 +* 随着时间推进,在绝对必要的时候可以执行 `systemReserved` 策略。 ## 示例场景 {#example-scenario} 这是一个用于说明节点可分配(Node Allocatable)计算方式的示例: * 节点拥有 `32Gi` `memory`、`16 CPU` 和 `100Gi` `Storage` 资源 -* `--kube-reserved` 被设置为 `cpu=1,memory=2Gi,ephemeral-storage=1Gi` -* `--system-reserved` 被设置为 `cpu=500m,memory=1Gi,ephemeral-storage=1Gi` -* `--eviction-hard` 被设置为 `memory.available<500Mi,nodefs.available<10%` +* `kubeReserved` 被设置为 `{cpu: 1000m, memory: 2Gi, ephemeral-storage: 1Gi}` +* `systemReserved` 被设置为 `{cpu: 500m, memory: 1Gi, ephemeral-storage: 1Gi}` +* `evictionHard` 被设置为 `{memory.available: "<500Mi", nodefs.available: "<10%"}` -当没有执行 `kube-reserved` 和/或 `system-reserved` 策略且系统守护进程使用量超过其预留时, +当没有执行 `kubeReserved` 和/或 `systemReserved` 策略且系统守护进程使用量超过其预留时, 如果节点内存用量高于 31.5Gi 或 `storage` 大于 90Gi,kubelet 将会驱逐 Pod。 - From 0dcd95f47ca9e1bceb2c515431856f810d971c65 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Wed, 5 Jun 2024 09:41:55 +0800 Subject: [PATCH 34/89] [zh-cn] Localize kubectl_set/_index.md Signed-off-by: xin.li --- .../kubectl/generated/kubectl_set/_index.md | 521 ++++++++++++++++++ 1 file changed, 521 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_set/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_set/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_set/_index.md new file mode 100644 index 0000000000..fef9da0899 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_set/_index.md @@ -0,0 +1,521 @@ +--- +title: kubectl set +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +配置应用程序资源。 + +这些命令可帮助你更改现有的应用程序资源。 + +``` +kubectl set SUBCOMMAND +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
-h, --help
+

+ +关于 set 的帮助信息。 +

+ + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port。 +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string
+

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

+
--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 +* [kubectl set env](kubectl_set_env/) - 更新 Pod 模板上的环境变量 +* [kubectl set image](kubectl_set_image/) - 更新 Pod 模板上的镜像 +* [kubectl set resources](kubectl_set_resources/) - 使用 Pod 模板更新对象的资源请求/限制 +* [kubectl set selector](kubectl_set_selector/) - 设置资源上的选择器 +* [kubectl set serviceaccount](kubectl_set_serviceaccount/) - 更新资源的服务帐户 +* [kubectl set subject](kubectl_set_subject/) - 更新角色绑定或集群角色绑定中的用户、组或服务帐户 From c2650d69a9b543670662e8b7ff62b50fcc40336c Mon Sep 17 00:00:00 2001 From: Osama Dar Date: Wed, 5 Jun 2024 14:32:08 +0200 Subject: [PATCH 35/89] Update hello-minikube.md Update the tutorial instructions to get the correct pod name --- content/en/docs/tutorials/hello-minikube.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tutorials/hello-minikube.md b/content/en/docs/tutorials/hello-minikube.md index 3e20defe9b..f1d43391d5 100644 --- a/content/en/docs/tutorials/hello-minikube.md +++ b/content/en/docs/tutorials/hello-minikube.md @@ -141,7 +141,7 @@ recommended way to manage the creation and scaling of Pods. kubectl config view ``` -1. View application logs for a container in a pod. +1. View application logs for a container in a pod (replace pod name with the one you got from `kubectl get pods`). ```shell kubectl logs hello-node-5f76cf6ccf-br9b5 From 8d50f179434079c20fd3c8db3cb6035ec324c0a3 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Wed, 5 Jun 2024 21:02:58 +0800 Subject: [PATCH 36/89] [zh-cn] Localize kubectl_cluster-info/_index.md Signed-off-by: xin.li --- .../generated/kubectl_cluster-info/_index.md | 517 ++++++++++++++++++ 1 file changed, 517 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_cluster-info/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_cluster-info/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_cluster-info/_index.md new file mode 100644 index 0000000000..e947656b82 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_cluster-info/_index.md @@ -0,0 +1,517 @@ +--- +title: kubectl cluster-info +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +显示控制平面和带有标签 kubernetes.io/cluster-service=true 的 Service 的地址。 +要进一步调试和诊断集群问题,请使用 "kubectl cluster-info dump"。 + +``` +kubectl cluster-info [flags] +``` + +## {{% heading "examples" %}} + + +``` +# 打印控制平面和集群服务的地址 +kubectl cluster-info +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
-h, --help
+

+ +关于 cluster-info 的帮助信息。 +

+
+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port。 +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string
+

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

+
--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 +* [kubectl cluster-info dump](kubectl_cluster-info_dump/) - 转储相关信息以便进行调试和诊断 From 992e8fd10e429dd78ffce061d0c2fbdf42145cf7 Mon Sep 17 00:00:00 2001 From: b1gb4by <34154552+b1gb4by@users.noreply.github.com> Date: Wed, 5 Jun 2024 15:49:47 +0000 Subject: [PATCH 37/89] Fix: Corrected author name --- .../ja/blog/_posts/2024-03-07-cri-o-seccomp-oci-artifacts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/ja/blog/_posts/2024-03-07-cri-o-seccomp-oci-artifacts.md b/content/ja/blog/_posts/2024-03-07-cri-o-seccomp-oci-artifacts.md index 3a4060c392..f4dcd10522 100644 --- a/content/ja/blog/_posts/2024-03-07-cri-o-seccomp-oci-artifacts.md +++ b/content/ja/blog/_posts/2024-03-07-cri-o-seccomp-oci-artifacts.md @@ -5,7 +5,7 @@ date: 2024-03-07 slug: cri-o-seccomp-oci-artifacts --- -**著者:** Kevin Hannon (Red Hat) +**著者:** Sascha Grunert **翻訳者:** Taisuke Okamoto (IDC Frontier Inc), atoato88 (NEC Corporation), Junya Okabe (University of Tsukuba) From 53da5f74ab2e2b27ad328d511c419882c1fc9fd1 Mon Sep 17 00:00:00 2001 From: steve-hardman <132999137+steve-hardman@users.noreply.github.com> Date: Thu, 6 Jun 2024 00:21:27 +0100 Subject: [PATCH 38/89] Fix feature state Co-authored-by: Dipesh Rawat --- content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md b/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md index f42f254300..ce0925a109 100644 --- a/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md +++ b/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md @@ -7,7 +7,7 @@ description: Configure and manage huge pages as a schedulable resource in a clus --- -{{< feature-state feature_gate_name="HugePage" >}} +{{< feature-state feature_gate_name="HugePages" >}} Kubernetes supports the allocation and consumption of pre-allocated huge pages by applications in a Pod. This page describes how users can consume huge pages. From 071793e8ca3261b1f64cd34bb4925b5dfbb184dc Mon Sep 17 00:00:00 2001 From: windsonsea Date: Thu, 6 Jun 2024 10:19:09 +0800 Subject: [PATCH 39/89] [zh] Add kubectl_create_configmap.md --- .../kubectl_create_configmap.md | 706 ++++++++++++++++++ 1 file changed, 706 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_configmap.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_configmap.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_configmap.md new file mode 100644 index 0000000000..b5e69c0786 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_configmap.md @@ -0,0 +1,706 @@ +--- +title: kubectl create configmap +content_type: tool-reference +weight: 30 +--- + + +## {{% heading "synopsis" %}} + + +基于文件、目录或指定的文字值创建 ConfigMap。 + +一个 ConfigMap 可以包含一个或多个键/值对。 + +当你基于文件创建 ConfigMap 时,键默认为文件的基本名称,值默认为文件内容。 +如果基本名称是无效的键,你可以指定一个替代键。 + +当基于目录创建 ConfigMap 时,目录中每个基本名称是有效键的文件都会被打包到 ConfigMap 中。 +除常规文件之外的所有目录条目都会被忽略(例如子目录、符号链接、设备、管道等)。 + +```shell +kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + + +```shell + # 基于 bar 文件夹新建一个名为 my-config 的 ConfigMap + kubectl create configmap my-config --from-file=path/to/bar + + # 新建一个名为 my-config 的 ConfigMap,使用指定的键而不是磁盘上的文件基本名称 + kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt + + # 新建一个名为 my-config 的 ConfigMap,包含 key1=config1 和 key2=config2 + kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2 + + # 从文件中的 key=value 对新建一个名为 my-config 的 ConfigMap + kubectl create configmap my-config --from-file=path/to/bar + + # 从 env 文件新建一个名为 my-config 的 ConfigMap + kubectl create configmap my-config --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--allow-missing-template-keys     默认值:true

+ +如果为 true,在模板中字段或映射键缺失时忽略模板中的错误。 +仅适用于 golang 和 jsonpath 输出格式。 +

--append-hash

+ +将 ConfigMap 的哈希值追加到其名称上。 +

--dry-run string[="unchanged"]     默认值:"none"

+ +必须是 "none"、"server" 或 "client"。如果是 client 策略,仅打印将要发送的对象,而不实际发送。 +如果是 server 策略,提交服务器端请求而不持久化资源。 +

--field-manager string     默认值:"kubectl-create"

+ +用于跟踪字段属主关系的管理器的名称。 +

--from-env-file strings

+ +指定文件的路径以读取 key=val 对的那些行来创建 ConfigMap。 +

--from-file strings

+ +键文件可以使用其文件路径来指定,在这种情况下,文件的基本名称将用作 ConfigMap 的键。 +另外,键文件也可以选择使用键和文件路径来指定,在这种情况下,将使用指定的键。 +指定一个目录将遍历此目录中所有被命名的文件(其基本名称为有效的 ConfigMap 键)。 +

--from-literal strings

+ +指定键和文字值以插入到 ConfigMap 中(例如 mykey=somevalue)。 +

-h, --help

+ +configmap 操作的帮助命令。 +

-o, --output string

+ +输出格式。可选值为: +json、yaml、name、go-template、go-template-file、template、templatefile、jsonpath、jsonpath-as-json、jsonpath-file。 +

--save-config

+ +如果为 true,则当前对象的配置将被保存在其注解中。否则,注解将保持不变。 +当你希望后续对此对象执行 `kubectl apply` 操作时,此标志很有用。 +

--show-managed-fields

+ +如果为 true,在以 JSON 或 YAML 格式打印对象时保留 managedFields。 +

--template string

+ +当 -o=go-template、-o=go-template-file 时使用的模板字符串或模板文件路径。 +模板格式为 golang 模板 [http://golang.org/pkg/text/template/#pkg-overview]。 +

--validate string[="strict"]     默认值:"strict"

+ +必须是以下选项之一:strict(或 true)、warn、ignore(或 false)。
+"true" 或 "strict" 将使用模式定义来验证输入,如果无效,则请求失败。 +如果在 API 服务器上启用了 ServerSideFieldValidation,则执行服务器端验证, +但如果未启用,它将回退到可靠性较低的客户端验证。
+如果在 API 服务器上启用了服务器端字段验证,"warn" 将警告未知或重复的字段而不阻止请求, +否则操作与 "ignore" 的表现相同。
+"false" 或 "ignore" 将不会执行任何模式定义检查,而是静默删除所有未知或重复的字段。 +

+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl create](../) - 从文件或标准输入创建资源 From e3af3f3d1afc80e85ddfe7b73c6e10952cc589d2 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Thu, 6 Jun 2024 09:47:53 +0800 Subject: [PATCH 40/89] [zh] Add kubectl_create_clusterrolebinding.md --- .../kubectl_create_clusterrolebinding.md | 658 ++++++++++++++++++ 1 file changed, 658 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrolebinding.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrolebinding.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrolebinding.md new file mode 100644 index 0000000000..4a2a1ce7ad --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrolebinding.md @@ -0,0 +1,658 @@ +--- +title: kubectl create clusterrolebinding +content_type: tool-reference +weight: 30 +--- + + +## {{% heading "synopsis" %}} + + +为特定的集群角色创建一个集群角色绑定。 + +```shell +kubectl create clusterrolebinding NAME --clusterrole=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + + +```shell +# 使用 cluster-admin 集群角色为 user1、user2 和 group1 创建一个集群角色绑定 +kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1 +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--allow-missing-template-keys     默认值:true

+ +如果为 true,在模板中字段或映射键缺失时忽略模板中的错误。 +仅适用于 golang 和 jsonpath 输出格式。 +

--clusterrole string

+ +特定 ClusterRoleBinding 应引用的 ClusterRole。 +

--dry-run string[="unchanged"]     默认值:"none"

+ +必须是 "none"、"server" 或 "client"。如果是 client 策略,仅打印将要发送的对象,而不实际发送。 +如果是 server 策略,提交服务器端请求而不持久化资源。 +

--field-manager string     默认值:"kubectl-create"

+ +用于跟踪字段属主关系的管理器的名称。 +

--group strings

+ +要绑定到 ClusterRole 的组。此标志可以被重复使用以添加多个组。 +

-h, --help

+ +clusterrolebinding 操作的帮助命令。 +

-o, --output string

+ +输出格式。可选值为: +json、yaml、name、go-template、go-template-file、template、templatefile、jsonpath、jsonpath-as-json、jsonpath-file。 +

--save-config

+ +如果为 true,则当前对象的配置将被保存在其注解中。否则,注解将保持不变。 +当你希望后续对此对象执行 `kubectl apply` 操作时,此标志很有用。 +

--serviceaccount strings

+ +要绑定到 ClusterRole 的服务账户,格式为 :。此标志可以被重复使用以添加多个服务账户。 +

--show-managed-fields

+ +如果为 true,在以 JSON 或 YAML 格式打印对象时保留 managedFields。 +

--template string

+ +当 -o=go-template、-o=go-template-file 时使用的模板字符串或模板文件路径。 +模板格式为 golang 模板 [http://golang.org/pkg/text/template/#pkg-overview]。 +

--user strings

+ +要绑定到 ClusterRole 的用户名。此标志可以被重复使用以添加多个用户。 +

--validate string[="strict"]     默认值:"strict"

+ +必须是以下选项之一:strict(或 true)、warn、ignore(或 false)。
+"true" 或 "strict" 将使用模式定义来验证输入,如果无效,则请求失败。 +如果在 API 服务器上启用了 ServerSideFieldValidation,则执行服务器端验证, +但如果未启用,它将回退到可靠性较低的客户端验证。
+如果在 API 服务器上启用了服务器端字段验证,"warn" 将警告未知或重复的字段而不阻止请求, +否则操作与 "ignore" 的表现相同。
+"false" 或 "ignore" 将不会执行任何模式定义检查,而是静默删除所有未知或重复的字段。 +

+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl create](../) - 从文件或标准输入创建资源 From 59658ae6ac649722293fd6d8ec7ca23a7570c641 Mon Sep 17 00:00:00 2001 From: windsonsea Date: Wed, 5 Jun 2024 17:44:01 +0800 Subject: [PATCH 41/89] [zh] Add kubectl_create/kubectl_create_clusterrole.md --- .../kubectl_create_clusterrole.md | 712 ++++++++++++++++++ 1 file changed, 712 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrole.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrole.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrole.md new file mode 100644 index 0000000000..3c9efde42f --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_create/kubectl_create_clusterrole.md @@ -0,0 +1,712 @@ +--- +title: kubectl create clusterrole +content_type: tool-reference +weight: 30 +--- + + +## {{% heading "synopsis" %}} + + +创建一个集群角色。 + +```shell +kubectl create clusterrole NAME --verb=verb --resource=resource.group [--resource-name=resourcename] [--dry-run=server|client|none] +``` + +## {{% heading "examples" %}} + + +```shell + # 创建一个名为 "pod-reader" 的集群角色,允许用户对 Pod 执行 "get"、"watch" 和 "list" 操作 + kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods + + # 创建一个名为 "pod-reader" 的集群角色,并指定 ResourceName + kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod + + # 创建一个名为 "foo" 的集群角色,并指定 API 组 + kubectl create clusterrole foo --verb=get,list,watch --resource=rs.apps + + # 创建一个名为 "foo" 的集群角色,并指定 SubResource + kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status + + # 创建一个名为 "foo" 的集群角色,并指定 NonResourceURL + kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/* + + # 创建一个名为 "monitoring" 的集群角色,并指定 AggregationRule + kubectl create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true" +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--aggregation-rule <英文逗号分隔的 'key=value' 对>

+ +用于组合 ClusterRole 的聚合标签选择算符。 +

--allow-missing-template-keys     默认值:true

+ +如果为 true,在模板中字段或映射键缺失时忽略模板中的错误。 +仅适用于 golang 和 jsonpath 输出格式。 +

--dry-run string[="unchanged"]     默认值:"none"

+ +必须是 "none"、"server" 或 "client"。如果是 client 策略,仅打印将要发送的对象,而不实际发送。 +如果是 server 策略,提交服务器端请求而不持久化资源。 +

--field-manager string     默认值:"kubectl-create"

+ +用于跟踪字段属主关系的管理器的名称。 +

-h, --help

+ +clusterrole 操作的帮助命令。 +

--non-resource-url strings

+ +用户应有权限访问的部分 URL。 +

-o, --output string

+ +输出格式。可选值为: +json、yaml、name、go-template、go-template-file、template、templatefile、jsonpath、jsonpath-as-json、jsonpath-file。 +

--resource strings

+ +规则适用的资源。 +

--resource-name strings

+ +规则适用的白名单中的资源,可以为多项重复使用此标志。 +

--save-config

+ +如果为 true,当前对象的配置将被保存在其注解中。否则,注解将保持不变。 +当你希望后续对此对象执行 `kubectl apply` 操作时,此标志很有用。 +

--show-managed-fields

+ +如果为 true,在以 JSON 或 YAML 格式打印对象时保留 managedFields。 +

--template string

+ +当 -o=go-template、-o=go-template-file 时使用的模板字符串或模板文件路径。 +模板格式为 golang 模板 [http://golang.org/pkg/text/template/#pkg-overview]。 +

--validate string[="strict"]     默认值:"strict"

+ +必须是以下选项之一:strict(或 true)、warn、ignore(或 false)。
+"true" 或 "strict" 将使用模式定义来验证输入,如果无效,则请求失败。 +如果在 API 服务器上启用了 ServerSideFieldValidation,则执行服务器端验证, +但如果未启用,它将回退到可靠性较低的客户端验证。
+如果在 API 服务器上启用了服务器端字段验证,"warn" 将警告未知或重复的字段而不阻止请求, +否则操作与 "ignore" 的表现相同。
+"false" 或 "ignore" 将不会执行任何模式定义检查,而是静默删除所有未知或重复的字段。 +

--verb strings

+ +适用于规则中所含资源的动词。 +

+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl create](../) - 基于文件或标准输入创建资源 From a4257acbae99be2ec047432e78977b2b60e92ba5 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Wed, 5 Jun 2024 23:19:04 +0800 Subject: [PATCH 42/89] [zh-cn] Localize kubectl_top/_index.md Signed-off-by: xin.li --- .../kubectl/generated/kubectl_top/_index.md | 653 ++++++++++++++++++ 1 file changed, 653 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_top/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_top/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_top/_index.md new file mode 100644 index 0000000000..d911570aa4 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_top/_index.md @@ -0,0 +1,653 @@ +--- +title: kubectl top +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +显示资源(CPU/内存)使用情况。 + +- top 命令允许你查看节点或 Pod 的资源消耗情况。 + +- 此命令要求 Metrics Server 在服务器上被正确配置且正常运行。 + +```shell +kubectl top [flags] +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
-h, --help
+

+ +关于 top 的帮助信息。 +

+ + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--api-group string
+

+ +筛选指定 API 组中的资源。 +

+
--cached
+

+ +如果可用,将使用缓存的资源列表。 +

+
--categories strings
+

+ +筛选属于指定类别的资源。 +

+
-h, --help
+

+ +关于 api-resources 的帮助信息。 +

+
--namespaced     默认值:true
+

+ +如果为 false,则返回非命名空间作用域的资源,否则默认返回命名空间作用域的资源。 +

--no-headers
+

+ +当使用默认或自定义列输出格式时,不要打印标题(默认打印标题)。 +

+
-o, --output string
+

+ +输出格式,可选值为:wide、name。 +

--sort-by string
+

+ +如果非空,则使用指定字段对资源列表进行排序,此字段可以是 "name" 或 "kind"。 +

+
--verbs strings
+

+ +筛选支持指定动词的资源。 +

+
+ +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port。 +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string
+

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

+
--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 +* [kubectl top node](kubectl_top_node/) - 显示节点的资源(CPU/内存)使用情况 +* [kubectl top pod](kubectl_top_pod/) - 显示 Pod 的资源(CPU/内存)使用情况 From 7196a6c8b183478726b487c44ef47fb83356b6b1 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Wed, 5 Jun 2024 22:33:12 +0800 Subject: [PATCH 43/89] [zh-cn] Localize kubectl_auth/_index.md Signed-off-by: xin.li --- .../kubectl/generated/kubectl_auth/_index.md | 512 ++++++++++++++++++ 1 file changed, 512 insertions(+) create mode 100644 content/zh-cn/docs/reference/kubectl/generated/kubectl_auth/_index.md diff --git a/content/zh-cn/docs/reference/kubectl/generated/kubectl_auth/_index.md b/content/zh-cn/docs/reference/kubectl/generated/kubectl_auth/_index.md new file mode 100644 index 0000000000..d707fe0c34 --- /dev/null +++ b/content/zh-cn/docs/reference/kubectl/generated/kubectl_auth/_index.md @@ -0,0 +1,512 @@ +--- +title: kubectl auth +content_type: tool-reference +weight: 30 +no_list: true +--- + + +## {{% heading "synopsis" %}} + + +检查授权。 + +```shell +kubectl auth [flags] +``` + +## {{% heading "options" %}} + + ++++ + + + + + + + + + + +
-h, --help
+

+ +关于 auth 的帮助信息。 +

+
+ + + +## {{% heading "parentoptions" %}} + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
--as string

+ +操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。 +

--as-group strings

+ +操作所用的伪装用户组,此标志可以被重复设置以指定多个组。 +

--as-uid string

+ +操作所用的伪装 UID。 +

--cache-dir string     默认值:"$HOME/.kube/cache"

+ +默认缓存目录。 +

--certificate-authority string

+ +证书机构的证书文件的路径。 +

--client-certificate string

+ +TLS 客户端证书文件的路径。 +

--client-key string

+ +TLS 客户端密钥文件的路径。 +

--cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:130.211.0.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。 +

--cloud-provider-gce-lb-src-cidrs cidrs     默认值:130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

+ +GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。 +

--cluster string

+ +要使用的 kubeconfig 中集群的名称。 +

--context string

+ +要使用的 kubeconfig 上下文的名称。 +

--default-not-ready-toleration-seconds int     默认值:300

+ +设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--default-unreachable-toleration-seconds int     默认值:300

+ +设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds,默认添加到所有尚未设置此容忍度的 Pod。 +

--disable-compression

+ +如果为 true,则对服务器所有请求的响应不再压缩。 +

--insecure-skip-tls-verify

+ +如果为 true,则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。 +

--kubeconfig string

+ +CLI 请求要使用的 kubeconfig 文件的路径。 +

--match-server-version

+ +要求服务器版本与客户端版本匹配。 +

-n, --namespace string

+ +如果存在,则是此 CLI 请求的命名空间范围。 +

--password string

+ +对 API 服务器进行基本身份验证所用的密码。 +

--profile string     默认值:"none"

+ +要记录的性能分析信息。可选值为(none|cpu|heap|goroutine|threadcreate|block|mutex)。 +

--profile-output string     默认值:"profile.pprof"

+ +性能分析信息要写入的目标文件的名称。 +

--request-timeout string     默认值:"0"

+ +在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h)。 +值为零表示请求不会超时。 +

-s, --server string

+ +Kubernetes API 服务器的地址和端口。 +

--storage-driver-buffer-duration duration     默认值:1m0s

+ +对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。 +

--storage-driver-db string     默认值:"cadvisor"

+ +数据库名称。 +

--storage-driver-host string     默认值:"localhost:8086"

+ +数据库 host:port。 +

--storage-driver-password string     默认值:"root"

+ +数据库密码。 +

--storage-driver-secure

+ +使用与数据库的安全连接。 +

--storage-driver-table string     默认值:"stats"

+ +表名。 +

--storage-driver-user string     默认值:"root"

+ +数据库用户名。 +

--tls-server-name string
+

+ +服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。 +

+
--token string

+ +向 API 服务器进行身份验证的持有者令牌。 +

--user string

+ +要使用的 kubeconfig 用户的名称。 +

--username string

+ +对 API 服务器进行基本身份验证时所用的用户名。 +

--version version[=true]

+ +--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。 +

--warnings-as-errors

+ +将从服务器收到的警告视为错误,并以非零退出码退出。 +

+ +## {{% heading "seealso" %}} + + +* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器 +* [kubectl auth can-i](kubectl_auth_can-i/) - 检查是否允许执行操作 +* [kubectl auth reconcile](kubectl_auth_reconcile/) - 协调 RBAC 角色、角色绑定、集群角色和集群角色绑定对象的规则 +* [kubectl auth whoami](kubectl_auth_whoami/) - 实验特性:检查自己的主体属性 From 663e33ba6017720464d35654bc13a5ae48a225aa Mon Sep 17 00:00:00 2001 From: "Chris \"Not So\" Short" Date: Thu, 6 Jun 2024 01:07:29 -0400 Subject: [PATCH 44/89] Add 10th Birthday Blog article (#46679) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Docs to Markdown (no images) Signed-off-by: Chris Short * Adding Authors Signed-off-by: Chris Short * Revise to align with style guide * Revise to align with style guide * Images for 10th B-Day Blog Signed-off-by: Chris Short * Update content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/index.md Co-authored-by: Tim Bannister * Bolding Aggregate DevStats numbers Signed-off-by: Chris Short * Style changes * Add images shortcodes * Update image inclusion format to HTML * Even more fixups Co-authored-by: Dipesh Rawat --------- Signed-off-by: Chris Short Co-authored-by: Tim Bannister Co-authored-by: Frederico Muñoz Co-authored-by: Dipesh Rawat --- .../future.png | Bin 0 -> 31998 bytes .../index.md | 208 ++++++++++++++++++ .../kcscn2019.jpg | Bin 0 -> 187413 bytes .../kcseu2024.jpg | Bin 0 -> 280201 bytes .../kcsna2023.jpg | Bin 0 -> 490346 bytes .../kubeconeu2017.jpg | Bin 0 -> 77926 bytes .../2024-06-06-10-Years-of-Kubernetes/lts.jpg | Bin 0 -> 290595 bytes .../welcome.jpg | Bin 0 -> 285384 bytes 8 files changed, 208 insertions(+) create mode 100644 content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/future.png create mode 100644 content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/index.md create mode 100644 content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/kcscn2019.jpg create mode 100644 content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/kcseu2024.jpg create mode 100644 content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/kcsna2023.jpg create mode 100644 content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/kubeconeu2017.jpg create mode 100644 content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/lts.jpg create mode 100644 content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/welcome.jpg diff --git a/content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/future.png b/content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/future.png new file mode 100644 index 0000000000000000000000000000000000000000..7b14992a01cdbf9f8762046b214a4570e8bd0b90 GIT binary patch literal 31998 zcmZs?V{~Ofw648lqhs5)oph{@)j`Ke$LW|I+qP}nwryj_*1mnu{mwYwz32R>QB`xj zRb#C`wd$SqRG6}&6cRihJOBVdl985B0RX^u{}l^Zh<}mRvsE+z00N*aul5}T0)71} zppSpm$G`d$^!Bgw33>*BUO&GcK%hGi=o$oidxJ{zd5f1tbJulKhk5^G zvu8zfz>?X^!Z~36Jg{i)ym0O^fBs+hB7g3ta%MMo{-$6Km^Tm1S@rY{?TV88GR*hXwn@dJraAKx)TBAc^xp`8JXGHR^ zxJsMIeAB2Ry~q-);8erlY|W5-JKs4SQjl6k&Iy36Iv1>c`Q8l;q%MTc5{FAIxUtiW4L^Bp~=UVPC zG+NbU2A$?2>F8e*oZ2OJGL9|JQ&0K}+YcV`zpt0h1YNTfe)7kW^U7W-Co^alQdIb1 zAV~WG%%B6(%y01I*5kbh?CRfJYL@wliMSfUrk_8EoCmi@8?+@z(V(Iw{K-Kb;8OX$ zaWwW6@C0GtQvT#WcBL_R{?D`jZ2n)0{}BJbihmQ)DMew$gv~AQvPuR)p6cbt8zyD! z!QuJ!`AXK0i^k`Duk5Fsue^)Ac5de+fx}#v2G|xGRc5iK$YZ?7yiY$i3fw4gnD^QN$Xc`2@o1yKjYFW!1a6Z z7R~q`pH7vbph2mZ->YP%s4Xd~6<7%;15k@>l83gb*6^8MsET#aED^dN>~4+i)j;!` zDBom5mGj`k(W{(`d~QStKnNTp4ZO)OuxhmI?kji1I%|@!m|d2Z@Ym$jDq0Ah`TTLf4zBBINc;SMskFJnlZRkl>!)XE~5 zP?$1JB4e!mt!Z$95WOc}jSJOH;{Myq?DXL+z|8-+-_J4m!K_vnC9m(v*P!J`g@C-| zE=y0PF5dmY1dC*dOKY=jf%(F+3WvyZ@vwb7=PcVhj8s~(+)q8_Kr3PKsgNK=Tc5%T zvHVFo*A9c6g~AOsru4_7Owx+QEu^yZU%~2ZuFlc71>sO`9!keP=Pk~Q*k-!CyM@ns zs>(nag+B~Z{>-tXkJLF*Ikbf*j6#d-Ez@xC{9%OPK)?ZCnzItE>#u{b3yBnTJ7|QH zHEm5p`sx%#@^Ske5$w}GpNbJzHNS_eOl@L5f)g^`fOIYbJB_^lk6lbFsn2g=Zo83#;!EK8qApEs+t}fzy{ZY+!6}3<*UPEdB$TM7$7k~fq}g?^M+K^a_NTKy980R(ltSV#&u5~kr`3fWa8Lnmr(b{hJN^gKD zx>0u3j6ZvPE)iogcDA=YD0>g`+BOh~fU^@ZE z#QAKDa-DG!GYnX&>%V^AT)X(*Ot)Zld+^PaN8Zq&==HToUaz-3cR3Mraf73D9r99l zcfS_cwLd=b3lHdO-jz&UkyO(SMG>u$^)=Qj{p8b3oMWXn1V-12G8OBNNgG$0t^@uM8UBv|iz) zXAF^(@aGgC9SV}9UxJbMYQ%s%>v7%gR`^uEkBUDkyTd%UKA5S>%+4tr4BS5d@K-%f zTJ{{uz&{C(NJ@4%8g+R4w@_BMwAN_9!F_|2_V4?yX8{H-LfVU1i|z7Ycv^C910}6%+%1etgjpo?+*r#$NuGhnXs(w-yqZc z-iq)TM}Zr{vkjE#LA;Tw?B7|Q*crD~nuNk#pjl!h?hJ(YmM7?lfZL#XaTI0-CIb~0@jjIgP(XJMFt`GM@)^4U>hjRxA^#`sOM_tqI>OoivP_mhx z7Xj%Ys>>DPmMmroe`Xa(Wtx?&p*H54$b?hHYu{1i24A5E)t*Hs#>}77&!^e)avI^P z2CwTzcBWqvwq2Mw$;UI9!mp1*A{XG<1My7uGI}5*pr#_n1J7S*rNTK$Se1NzUVrAL zE<2w?(8mM*`2=-0@5sRez{5_OaqM0=|5H{j_CRYakAT;oYEdxT+N zIQ#DtzH4{)%ew41djSj|lf5V``-|#UG&L3Xr_Mmu&R3Aq@5Xp>JCJ|0D~>|XzMZTg zrJNcz|5f`Zc~*;>xui$$sWb3c-p$S3siv8Pqbd_hV)bv_%-4<5Hg6?@w3Z$!N$>Lk z*_`q>df30n(@aMVuPIxH*Pb)hK0S6m?h|YkI)w9Z8OjRi* z_^NH+)-ro8c=&Wi^vYPdx!oH7{4v-RA{zc9sLO!2vsk?-Q1C`YKPONPPLY_KhVvD2 zsO0nGwy&uzk&Zq+QK!^i%o&INkJ01|(?XNw#e_?ys6x!dgRe!CH1~8ipSO_h*JsOi zt?Gb*?JSGFHvim(%PojQ3C5Wu0%Twj?_Fa;>girt-Gj?p`)|7k_Kf z|G=E=69JzPao_4~#ELn&dj}bPA~jwvU?`*WKkR@ax<*_Wj{@w3YI$)>t12K;UpVrV z#-1yC<()4i7nCX{1SL88DxgX70{o^1F6#5mRy02rMhAOeO~dl{Dj_$xn&^a9HU&OA z${4vfXF*@YdadUh`Bn{w+q7DAMgSKu%E3zgu5_GFN9mG!$>Th`WB5) z?t!-k{H{ycQ`EkVuO3K*@!|t%o(3N2NzY+oolIp*R@E2hBIEC}-Zz`Xe?B9^8xzIO z^cJpPGwx~#JkO2=w{qU=`ZqYi#l`L?@+fu~EWF3^7HVkS<(@~0$2$dxe!>{=4b*9A z)!|3!q)8S*iZNs5koW75WZW-(>Fm75>0Q})9dYU!{P-$qIQSXG!w&KKk<)p?ZnwrZ zj7^^b>b2tX0-W)>n3@(!ZQY;>97!`4E*0zZY zycqX#dx8 zXMC{|Q!*ob$KP}7|6YS@tu2Z1GT(2+XUyzDWZH8Z%7Ub!N1;P?uv}h-M{CYo_Sp4~ zZ^!fIsk8T~IquYfRm`O$`F!1V%2^U)k+z~wS#+}9AP2=7ctk`Gq$w=`-Du7`FfvKE zo8LKHq{o1s%7h>Jwl@qCz(&#e`Ik<*4s2>}LH68X)oj?>n_1pA4JEHGhyE=~avjzu zY*ts%bp|fs>I<4Z&Fy>J=L*th&fUSWbo`zv#;i%wHlh}i1+vkHQ5pSPEPauDG#dq}&I7J~6| zwXUr_sD;f3Ypzt@eaARqy!sBT3Y-=^ruCkcAf<74r0Loo$7)#=W7f#DbIn_|7^9b5yAzkKhOW0d@{O$s6&L#l99Rn~+`aF45 zsP5E<%38b^p+#v;&*M-__kTu1?J`#rQtef2Va6E;Yrd=_9#cvoTiJA6`Z3VQf?MNq z6>Vi^81DPD_9DZhfacK;)88)w*cmBi>}AJ6h~u_Zb(@IbobF$GF{ZdxvSp_4*j+An zyU{iUxO@Q0M0%rq?DCOYXU4R9hz_fU`c4sgwG5r+AC|!E^eDzm8PlmkgF4+Q*(8Mg z-tY9KtNC^N?jy_ij9v7F=2sl})(GhrT)h=><gzu=DE6Xo?v_fbpLJzyw2R!BjM5?yZcO3^Rp-Dj=zbSlRFE->_&vR{50BKA{gT3 zUi)WVdKD6jy`y4t>mgA?vUv|D!A0qy*o>ob(#kjvrf}eLWor`+@LK&}kMzWx@GS?b7qMsueh7cFn~&YrK+fU&BPAfZi#^>& zSUnArt>eC<2!9~1e>1boOb4>NXR4xj;*_FVgJGhJs8fapOCsv@3Sd=0B5^MOSaQKl z+*BN=(d#rA6jkHsXwdkiX9ppPM_+3pwE)mIcp`U|$?_aJYIqY5MUAa;x?y~nqlJzm z{Ltnp+E?{a8j)Ct=uq9OuYAodrp+kwOmhw%S;pXMBrWpk5j*HsTN|g~ zcEHO?LI6M?+u>d8>;H^o@^Fau1Xqk>sbqZYAgT2_tn|cixtd zor#X|!@q%jt|xnHQvAsA#n zr!83yTUcvY7_YU)Y7TEnuqZpTC|DJ0{D5#x7Bm9@}V1l3n zL11cgiX3VS_I+n^`mtMTkHJIt!2!vnXiPOFMVT;k_RC>i9?Kn`>U(j-0tWF=x(Vx8 z92p3ym{-B!4mK6=ePJ?wkRwkE&o7++Nf47MeeBS=PI|tuSCvJ^1)DWOFMl*H|Mjvh z&a^*n67XHGS1xw7=BoS_BfJQWNQzC5WaJ_J>KEU~3I#8hq0%q*ws%7_fT3{EI94WE zsT8BtMlaE-$Ss`R@EfNndIK--q0F2UT~6wX>9#u z+qaRI=_l-~**_I+YS084Xa1TjkGs8CU)Cz>lEZWRE_KQ79209BG9JU{k`W;xTgVow5EIFf>0tdZP z(4HcsBm@7(HWhikOiR8q!n3PF=nZxmdzP?S`|fF@<4~@Q8UKQ`l3ZVNboc;kmV59s zrnFwnbd++J_suy<@ecX)yq26ol=pZGbT_*WHJVYQ)1?A?I!%Zn3fmW{L(?iqa9N=# z-qo_)5A9Z1)JpQ|-S|Ud_`KByL_u{%c7DSg`PpcR{)(ZXVHy0r|GV4R>;8+7t%D!! z=G^`&>F?ZKCM`PtK?tG_t4h4<&E)BGkxDt4s|=da4jara<+Xu5+@DkO1hsX|0}uxn z48D7+qGNcBV&7Y+;zK(j8UbEWu_{uLn zjhXpORnxonclcRq`h(sU{m`mX zWuyaL&5L+IgfSIHlDhpsuATdca)gdQkiq6+Fxwd@=DHbwMkvGUZj!=OxQl=>?7}&b zSMS`z-9_HZ@mQ(Z?FkBG|8A-@?!;qaT;a-dEV!9B!?O@1SSFGsv&?kTdjKOD&sFdl zEbPg*&DsDO60xEn&pPvTp?EHv!B>JmRwYKTAg^uyLpP6eB{U?VC!=8A&~b2==%dgQ zd;8_(Hr>HGGYiJ+u;o`-4>~%y-BLY!yv0S{X8RGUnnAD7U?%L@u%RYecB07485bir zmmp{^WEcY$&()NLCtk|(XG)p5ZO%b;u{c7$t5J#LnV0}bsP=E4BWKRyYL(N@A0{wR z9wkWIqnCL*`))HM*l2Tas4~7z5uFA)VmN9zkRkZY?nil|iSGwa@~**&Lk!RO)Ypqk z`TNg5M-63|OTHoUavx#QzeU@)2dw9>a!&!#B`vTdQ{NVWo`{Yidvwo=?U2D~A#x$`7J(M(jj1rjOFskse=eT@sr^8~* zMxumQE#;E+a<>POg0`y?_J>9r+y8a-Z1$xLm|iCp2v$+1z!Pt#*!{Vlh43!4m0$EpV8goA7gyfWlbfQd?AQBSRJ{fG+Nny}{yY81Pxjz>NRG%V`h2q@_vybmoa zG13YSmrY;bB(+4t(k{VC>@YbGj<#p4;>p|JHs9(alQk)6n(ROmF;A31$sen7ZwX(Q z1}p+DZuVN(77h}~aNsZ~d(1s{Pgy_HlU4cAeQ1VR(`Bi!If{n&TR=w|T?SUe!J;+w zFTKdLherf%N#ziM-ODs(9fichQ!M=k#jZ$6aLS;4K9)B=d6WXp=@pN9O-pm09={ zr7Gs<9cdqd!#2C4px~sN<*fULh~wwu(&1TC*~!o#@#6?NchulATYxKEd#nv=s&pub z@l{_}oBICZxt=g1ASK$VCMs!5mEKVJUM~kTF)Mb{gv`mr37TAKkAKDru2O?9YQ|A} z-1VJIKnfQzlnE3g*-vkbI7ykF$uxkZVdu-8PoA~pXTx3L2nslrj+40*OCenkOo^hW zQCR|uDYI1FUBL=>I*DLMxKEAe?Czqc=ZGptmfj(BS_OlEK%;=$F!ib&OuxB3CAC@Y z5c!u-e<*~+;eAJF#6*t|y=SHsQbR@DEbPLxexN!)f8hy9+2q7yFh2@Uh; zAF0RVarzKM%3^u{;~O|XC5I97Bm-u|$;>oNdM;!3%O2{4o$oaI7kmYz zf)rgo>ua6ZQS{@VFN)nt@vka z4WEO1VH6hSL0WUp3Xu7AOAK)9;)g?1Yt!fb1!Ey03E+$qYWI{&?3`ET-`4TVwQ5J7 zn$kvPPEg6J5zcT}T*ZU?>3-#;yb=#-3qQuoZAIi+d0Tp0uj3=-Gy+Zu25#x!LNn~6 zj1-J8{X>J&!pQ+Ic8hi%P>|4EGx)B5X(HUVPrn?PQWq!z3ESJh(NiTQ_vdTUy{kiN zCnqr)Zc_8^?S{CjvOz0byeMj^y8<&o_nWL%8F-@z2`W#c(YvJAL};26S?AZSev#hg z#pPB-vSoprfQ_Y~qz`pa_4ut5KDy4#^kW8l{tx<$Mp6oC_8*U!Yp=R&*4(6@azWpi zU;*h6Ou*?Or?$wYPde)DoR(tsLg>`!EzhayS1XpnKcrdBmojK>kUABP*ij2LY z_4-HmiT2PUe$(jg)YV`1-|9+&%AB|OX2C$mscdcjy{LD~O-5lbgY&G`tTR6-X$xkJ zJGVI2N4)NXt|Mb4L(BqchL3fXMPh-9ls;R>Aauf1ubIFi+EvHFq+w5nV8O_5o||r9 zjOXhw`yaZt6Z!d4#tLiixCo^6S*z?!&LSIDW)rw@O#AUk`A6$pvnlSN1J|-Br|Cq& zEQQg-15u%e{0ezFX)A@9oXZxNeJr`C`Nm|1a zw)Cng<>a4FkxPhEgKM38CQpgoK#V{t3yu$u{5m!3RR|vR2|3A4Sp1~p0Q8i1$P}e@ zMSB!DL$)9%yY>&mtkzAPFSP*VinHm{;(>Bw+M)u!CR4}fI;$EDM{ruTBA#wN!SWIH zzcwN9ym_sD56EVUIpn4bS9d|LS9&d5I%TrUS}=$8Oc>`&W3px!nI#(6^@JMU&E+tq zxd^X8bAH2ZgMvqu+}imMhNYe`j{(ybJ(_9!0<$)s8_8n>SWC`-;>`#&q*m)ez|GpS zy%q7I`Vx;)iS~kSHYeCrwSaSoiFZEAr#yT+0U?9AhUfv|?aYan6Z3f7DxFE8QpoHU zYfHEyu=!$VHO+DONz0&cypkAaaZI- zbO6^m6KAYJ{oLrkg%E8s4*7+s%)Xil2iqm6tNp=@h`3jwanxj<1yRGwVSDAymMTZ9tba9LDt_^J>Rh5k@<)Zx2a6E4iLS(wwbM%k;W*{>Q zm6ZrrX{~{y)Q~V#)#D6LNiT{(G_)o>Z ztit~|-G9d@{xKK-d%A>5*>s8QApeNi$#k>1Ns2H51c(k!6{rQ$H6zS0fp>8BpK1$m zdgKM@?#YnT>0@7C``^~l3aZ!gFu%=YcmLQml$|l7X8Y%!N%Ba;1Tw%YPRC4s$-|;g z?rUu#SmKj7YX5L|OoCLJHcV<$UpZr0v|3`I{wXLa4IVgBq{k+~G|(G%&Nm{ffxi4O z{#K;d4{uh|f|>p#YBuOPPi2XyA;26zv$}S=h%d39U@#PvRZBimBV$^zl zQ47JApXA?BQ(T@L2=Rh~ore@>aU4SNTjUYxBJid-`8OH%Qlm*rIOnLkMj}*jF?8qB zbTXFsd8hVJy>9M$h52H(9jow0Me}jZJ$Ll3iGuNUCrw7l+<08W$HTDPrpV+GXzu ze}3k3S<^)=K*vpR+oLX)WYzw-$6sQFAb^aLkj*^P+e(h^u|LQP z4qU1yCYJZL7iO~c@N!E*)xm*u6rJa6?S#}?r~4fVl_nK2-stYb;MP$!hooJ-H-g;l z`9kJd!geWKAqKg#P0IUENIzv(s{CC|2Ec0pGMkPXWtocJ#wTNfqi8$oMsWFbE8SrN z#{Nq>?81=khm*(me*S~9*=DPMncANgV``xi=PQUsb2>gfXyh(`$5xV*cI*`syT^wA>7}W1q`|8?Ch*2sE|GnE5@0iP zj~BywpZ|B4KR$G@pxLA@=I&>?*{`*PwS+X;3oQyFI0E_JJv6K&c}|1v+3cP4(*1LZZ2#UVk4tAQ-kk_Yz2(*Wjp*n3 zVRwzk`f`*pG+IVm3oEZY7kKe{*_Q}!>e_k)xbm$=ws_O!!`T_@C_G#`>0a_U(mQ#` z;zOXOP4b=Px^vB^sV+I^^u3yw(hJ-Qv*54Vac7olmIv?tOC6j#>IzRhC)^D6`w(cB ztwft8)CzA0^?*_KZ*HIo{i-=VUh5N!g$)DogOlsc+J4n?QT9?o-%h)+z<0I{-@usa z4D=ygwj}Q;tw{By6gwf0RIB_lUg%v|3OKSE3BwDRXP04;%(n*t=Z5n8^`j2yg(o+& zkO<6lCnpTq!oD_(>+#X(q@g#DaQ+$|K3^qf>*}3`>OX~;?X9$$;PIPmaV5gFaG$Qu zfuyXIpRo`7f3d)0M8f_-`}G`GKAtT|qf3sdxu!UF?{S;~k&=zyx%IM`vc( z`DGI5xDwi0<8$5kDHQLr=BpqKu1%ZkpV)TWE#6O~e5gA&9V0bi+$q?S`}*g@l1z&C z-T3mj#n`-%Y=O18+Gx|@tS78_SByV@_^}| z9oY-$2s4}f*7pnSU&UG%HzB^3;tV)%D>cF?wK0EKNWx9JG@C5FUW>6ZzAWZ39H23r?D%KZl z^RHsSnoim+E82^pE@IE(kFHlW%7!_2mDLtLN2B2G_@dJBDCFs>xnFArWy^c# z*-k@e5YZ2kB2<7e#>5>(7Py|V{r)~vBeb%S&D?cd!Nx)5k@<2Nwee zeqEnI)YfA*%+P{1k4`=z@G)(Ns3HEgLO&LDPuQ&In!Vv?5VT0o{M$&OyN^+8!hjm+ zuIMq>^!h?^IV?eA+;yuFIMAW;nQl0=#?})mneij&W&?VW8>LjRBqpZPcgcTyS+q{1 zGB@+*|$$qWBi~>0v{V4z!v3%g8UXAjz^d`<7WrGTmzU1Q=h18;?+ z5Rm6o=T!r@ z-q2Wwomrn9CAIHa*IE~fx0CqQn^CzA`0>%zBi-y1S=#7`0WR6nfPKyB(cZBOvdd7)lw0Lk$bGs+_Ac zeo@F(2e8-aosZ|)|Ee1q#hzUvJG)o$;M0_O)JyF3>aWMT_hZ>@=_jdgl6d9?Z@XGeM>5RZi2JIo;&N{!VBFluu*~nZ8Q3Xf36@>c|PkCuVyWs`BLr7&m zN%yn+=k8U$wR975*w8XTc;2hL8qe(WSH=)y-Db7y?bj%(*0LLkSk6UC4Y&{w|7KpO zP=uqp0Ohi~RL4K5>Uh#{&MtsIT9A+=x{a3b70#mgUkiLabCCGya`=1|0)A}T%RIAt zeq-p19C5c`uAHvPoOypCwe@Z%+l2*dunb2S`WOVcP z4Dn{ATLsD#p~gAF8f3xH{Ep|bCeYl?z^N?;jFQGE@g9-;n|^lO%x;3)96|E<%}LwC zO-Um8IRfL6bcGB>h78_wM%mG|YGsA?K;t^C7&wh{;*)+70nLGiNqy*rc!OYfdV?af zlEq^9OOO?MS)=TA66V==AOuJd?t$m}^ui*yNB#fDv;UVf`yag9{|LDMcPscUsYEhL zJzgERo10N%C{$0wAHOjVS7|jb{+0Q$=x8oj^spW_QVze{A3!mza}1(OX@-oOunJrL zBMT@i7CqF)!3jb3Q@)dDa|jh6_s7(r6j+z+>U@-DLPH~4QZ~r|7;1R}&6mb0=g5*pBli z`YwMdMK9&RfsRO}m`X#^@pwHW%;9&>UQkb02VnMs577(MbE5Z=3eAZ(Ctcs$JQ+rM z$z!8x`!+s_O4BX2Zzkt(-|XMdrO=>F$DoRntr}__YJ+Q{U5OhNd~z`HocS&i&$yOM z&U^D)RubzjgaubD~QJ?fk zDEguNGAW1eqZGYR2k@C(JN3W~MFAK$usO!Hy3#xXP?JixD)UJv`ej`l-~p)Nw;^Wc zoR-Pf{y!qu*260!FrZ7nleT7({tl-KimP2Qo-LX?@FHSjoxyq3A}xB29U;8Y2M=?~ zRsoKs%u@07bJ7_JHpVbz&j+>Eu(KEyaaE^`uVQ0F1A3!2N5jMvLJ=eaxdQsjdj!L% zJO@~e){byDVQ>1KgyRy)kRkRFclt6;DCfBWxo`8jCRLbct`EaH)N*2!Q0|RSH-Xg7 zr$1-8Apr;S1{{MtfoOTjL<&S(9ALcbhmo@hL4JS#U7Y~yciI_ZBf!A$)Xt3i@!%!{ z2cP-PsXKOE^NfH&WzB#UQU#ADk4^QI0dat#5{nQ0Bx<{Mzm7+gCQJ+oRZ@RJN4JJf zU7)F!jju^MG*30RB`x7ASp&MH0@&q;EJD|NXG-ZhB{cPignZzTa^LwBcoQ+w{0gS* z7l`0SYLMlBpln^Rx-_=g8I4*knaZojI|&s+_S`wQam}_j*pLvIe%l{LFauoJsn-dl zkiW+Xxs}j8_*qW9_M3?8Tmd*Lb&_Ps4Uf2qDw1oc47+^WHz}`A7HJ!HWwctyqWz$K zzF^<8&OP^yDYvp$#Lm4{Ym@^sOMXp`=q#U8KZou#U1|H z^J5;J-7wNI%W)&vy8Q4?nAUMz7iE3Y6{gVNf1`aU9oA-n?YgVp2X1S6>XiFAV@G)- zq5u9(Ew^bKf2`LlOCDahs#kjApr{2E8If5t+_A{}IS(OK-`(j;3YVY-QRY7_1_r)< zQFr7vRo@)_n;H|p_4+{vd)MCj;EH_ivi@Qvg6u~^PPXt3XA!85YZjPSXT$=8YjSK& zC@gEUG`k3Ij?T`OW3boVFwkxck(x)ppiMoye9^B^gDy7oIj3~!=3e#Me92(`_g))g z_*1&Kncx5m%!*kud%6 z8|^zTUEpr`t@V;&6*|E~Hl+2BOVlXh2{+EAAiV*;UdiHLzA7sDt z50q;Ka1ih0VL9+9U>RrGQg~%{&fflDYKI#Gp{$EF;I*=mmWg~mlVF;ldp4Ws4*iFU z^|`CBOXWGR*=CQ*Rc(n08J@TWSvnosJ^Dw>01DG$^ix(uFY$Wk5_KO7|*WHeYgK&W^%h$&%s&9s;37 zB(8)P2`-2AMAs7#X+(ajm;-vqK)m@_>_Syzg-{2 zkOpL}YXm)THZypj&5RoByVP5Kxh{yd7O&5Si#NhYicg>3=*!OGTry9A^c!N&?Jhwn zi7Uew;v8(GU}=6}yr@la`*NT;hBd6_z!h7(KM|PODp95|z4^_yzy6~19)bgCUSQxa zT?BdfF3Td>2}H;tb=WRrOhgg<%+3zf*%et z+OF>K)Gy-`xjD+nZ)zY0a@Wn`IwKdA0v}m_mk)Kd z-}b{POHB@gCkzQZPmONkI~gOobGATd4Hr(M*sMKAiuVjBgfFP#7larX`*09~D9fdS z35qSuEX6ouisOoY*Dl@jwL|h8=QJ`1~}^eb*JN)lVqv>*`9JPnBkR%39aB#1yRcG z-wjngY5gZUzH$EVfZ8EwoCiOBv+4sEB#2N2oPnsQKt!#6A!qusc*^O~s3S4>SxU)R z0FK$%`FbX4Av7<5L%aTf)DeyZK%kFTE}D!v9KY|Isw5(pogb;@D0EPUC~G-M5V^?$ zh7PC-!UFsVVdv;~9CC9y9@kmIJc7jARYHV7^Q&}X=&!<>L8630qggWiiU*epG}Mtz zlZ{GDjY@=uLY3jbNyVa>Uel-|AX@@=9r1=XuZ(q4G>aAj^C*G@i0y__~qO{8qJQ0U%D#0#Z#b@ZZ&Y{kCGlD%s`6jw1+v+QTA=w)6u6NnG4y zXduCFtxkF>A>c`1D8ZsSN2|agbH{ka^M_tvMakm+UGt1~B8NdlFcJ!8nHW+rg06;S z9)vjI6Chw1t)EqFedx`@$BszK!@#4zf(ru_iUABa)|+Ysb<6>Pfe>n!8A%8 zgI{E_z|DD}Rm7p>>q(6v25S2p1Ny$a2j*`{uqaE&pk`|ThGgzCu(RS7wGSr2aS$SA z0NB~IMS&@vnuc9VotsPy053_PMlhv_ltnwq7qSt~e1AQ|#v{$7p0&#Cu8el~LvK^G zd!;_pOFzpdtUvhJf?A%&^@)VWtbDH)J_B*sic;9v+!FfK@_awG+>!If5C<{dq9huxJUiSGktNU+LF51W)NxDGAUSh*ENOgTQc&X=Qs`(gX=U-;U_P=oB zH%<}x!T9qzCc#ug5h;Vvt<%O4k)V)tVoBLlbAJekBTGX9$hadBV`-qI<%nyfXNH)H*k`)Tq6L$N8rBp8qfmW87N$gNYT;Y)8=ya99c$Pa+0;pWQ6;$G-noeYE#SU?hFxbe zU%v(vUv#~Wu2@~8n2B{(_`Lb3zuw4?JodK}cI|bUCUE=ibiGFTI^OYX06UsNBOy%l z*#1}~O-aY#$|v>KWq?_dFfeIG39HaJd}tVETKiM5)_}0}U&4h#emGL?3JkgMVpwuX zoth9meWg>D zE}X`;%1*ylm{YZ{qM(NezZqU~@;ppM%>yq=qo2V%8Jk{}sGDL&TI_Gd1sS{fnmeu@gdrsmQsI1T;Vl801I|AOZR8 z%Qs}M5zQYpL+9$?5(3u%T*#ofbnQb40I~Lk^wP-8P95EsEJRy;fDjN+2`G_UQc6@n z`LU>QBS%BiL%@VgaVT+?OO*l7VG3|@c?r+}P;bcpd&w*s@o#QC`kwcmT71>X!Ita8 zU#76>Pk4M`$M)`eYvcR*yM^mFM71~Hdf%emxRKhQn~UFi%={of`OV*a3nzXh697^f z7u!-xE{QV5q?=vljqXMR`pyXeLnvay+EO1bS*6mXBO6__ngf|xF^$}T(pbAKa|tkX zDYSUtRNz%-a=$0+euXbLMIidE?)b{w!QnCmmA99j9)!-zFfU+z z`jis6GZjDaM0&7VIJ#u6eC`eAHnRKQ)|+xpvCUb3_*atcoQes01FZ2=KYHwA^|qCN zd*|J$^9zNEN192*i@^|LZ=L*NAN^-Mr&xn`qI~#xJIDke3Z8N|ehW{G4{GE;??0-oOKF+9ww~0am%OwZSlJ^eEMMIf;CrclF7e@^_sk&cVsGiG@u905*VW z5hi3QQWQ++sthbZ06>Pqu*s8hrX*=*aDE@jazLVe*8zxF_bJq?QyYn>=2TI<>=;+aGsQpaXmq~w?=wT?sqq<{qgN=g(t#Px||85fdVmeewsE+|TseMh!mMqnFA;(XgS z!wG$Guw`@ewxJvgB>;mmp$Zx{A{|yWDGC?B@{q-u9p<3lo&bm>FFUz;@)hxs0F9Kf zM3KilB{KogHlS1vXpG#*0Z;%Saxim*?fvHXk9Ht8UT|N)5yVF<>K+ZWKFOSTQ&dJGeaul$S7e*9QNtUp_JbGzb6` zm&NdM^IBV$)MjpT9T$j321LETe>ibgMMjQHH9n@2IVLtxjgY|t5Dd)Rs{Txi z{zr~SAPgZuBeXzV)_!w@VUCaBlJtbDN7;cIuI8q|wqNYPR64Z*;PEnNsVeVJ9HmXX zF_`#)olZqy%S35`lmb^4lV-Hz@cTvRpoIgPjB_dz9?MB65~J~(lPY=a)2d+QU;rRR z$|bT=0P>{v0}wS%{`1JT%U@e}RRFLw&Wjyb^(Cs-mAuTYRj(NHTONrO()`{T*O4Yc z9I{RnN8nD?CZw=!ZRHzm(3*4X*bzFR`Sk~{{Vz$Pw4AxA$o#K)b<0jtEY!u8(Te9G z!#!J4%hmt#ph6Z-mKt_2apRmG=S2?;$^c2|@N(8w(*@RV;eo5BBW`HcRIqa3vkwj> zN}3inG8=pMj-r5i{`$LfLjw)~H3h7Vy=srVe)y)pj$d)_8*gqfxVt@38)F$9a*Vvf z8Kaec^XykY2ZElT=H8DmDsZ$CT?I`~8jI$O-C^ zTkkkhj(x|W()Uzz9w7(Rr4;m0y#2K zh3T=fUb^>0J$mx?jU|2RhwL|SJiEd_MQ-~Un2g0$U;jEX9#>+>6N3L#;^&TASeCrM4 zo%`RGHnv~?>K)Qv|KRbjhxp#^22P(G5u=zH-f*E`0dIAxequ{%jTbG_(vFR_G#Whi z_Es?-9nsN&)?3`i+324_HwIOxcao*N19a<48&3DrseR0`j0G4o^2AbF*|#>}JiY1- zMs5|2Lno020+EW{({0N)zLHJ!xnkLc;cL%0dDVFN3CcY34Mf3p*G-Ph{d8}tGIrhQ zgml;c^5A%Je-IhvBIN;WZ35}>KfQS^BYMkirPM^pL|SO8hT(1cWeX6+)PC)av&&2@ zX6SJM4rJs8xKY#z+g|K+zW_jSj5d#9zM}qxC7bj3?iCJcnZZW`sYIU3)ZY3-X-Yx# zU)U=8pIlui`s-|*8jb$%CuZKVa&+bDB7^;Zx_#!M2$$#t?vBHEY_$>M)VsnhtYx&S z6=`7ruVw!07 z_oqh2=5jZ3BcI|`TW%_unO?s;_^#6cdZkk~%?z}#OG0&)Ry(Keoqx}@?&^;}QEW_Y zUdnjd)f);krJ^V3J71(xYTq*5s;IS*dtvakn~Ei|I(K0L$FXpX_JNyU!Rv7LdY-7C0~2}R7IN0fAcT4 z;`6ktT@&z+xu&*3nBF@Ka;f3V%)#Bg#j(Bqk*N)pC6DXO)ALu}bl+pQWRJY&H7p<8 zB$o>Hvf6vI|HwUNZT_Z7^N9Mc(d_Y$f9JmJ*p)4|J74>W;&)neUwGY4=kVQAuX%0z z!;inEw&}C~K)ZzwF1hblZo6Gd0QK=;tXLezjU87uv-tiGzja~QVz6Um^?=p-#w+U$ zmge94z*V;e3#~Qh*7em*OL2nDrVS0b^zkE&Qju$aW?UZsmFZgj`>Nh+i4L#DuGRY= z6W@Q`hN4=Y2hXzY_sOu|5BCt6@n`tqy`vRm?~Cs)a=tyDX=9UZP#Ivtk4(4gaTb5s zzZ`@!Ra{_APIG#M{12Rc7rQmsd7F(%w+>xw|%Xq_T&#)4OYF zeAC_r=D+xc-BoMk^!QF|u>GoWCHuu4qIt*Zy~RV}{0_=Io8m%}%Twl=cJL1&01B1j zGJtyIuRC3A=ejpJy}$dp(SOqn*9ytuMZR%#X0(wFx}W+$dG|COzqM!AwDS$CbG;Lc zPhYoDw*TAvHq{HQwQt+N>Q5~HXlZgLawf8qD-(-@!j1JEGcD2Y{K5kp-q)0}i2v|= z+5Uee3?Cfac}2z2^!NWtaXhSYo~o4=+)VAT47Miaczmlb6hZi910OM+;;b`XFx@!Y zR^vNoD}~~SbZ#1-?au68wx+6XR^gOt-gfYDq#XtKd_&hAd1c{{GyV+}cPH^ZUuO|t zUz_zeT{){d-b6=AACM-`lpz&g2@@n2Qb2aeH$uy}G%--GrhS0x9xRt_T>BTs)yjJ| zma<`z#y%U~w6|Chz2pCW?T!E5KK2(+_VSUD>CuY+;Avp#jdjxF?;G8`<0v;>Q3wv4 zxawM~D5aC0erx>0t_~+|sn_M=J@4-{er&8RqU8J5gj0TN&1U_*zj&RSrm0-``SKpq zj7`qSaO$R=z%X%)D;*5N4Mu84*{~ftUncPO{h4xHQ9uXZxYN?R+u*0g+Pp0ENZcrO zWv8x`bPH>(wb-YCqP?0@#HNVvnkJE3U7T@{{#u&h2TF|s#Ahl?fEdM#ATv=soB5*e zQ?}8j(K6P<946!5$QwrJY}{ZC?yKyIlW(9>s@twBqZ7l2c?CC)_K9VE`3t`>QRMg^ zw{~#&hbBt$)H|lWhEj*ujaaL{@+-F~DRGNSKl9|(v3bJ%j)}55`O62~u~x-3apxAw zg z^W)ve$Hrf2DvXcsnpDgG<~3oG$Z`Mxhk+>y00f1gz;jTSb@O0_3cj*KK?FRn7#9Ev zZlUFceIo}L-CZa<8%Hb3AO8&~m89!R{PmL`c{Kg$ual?UB>G5JD0gbLBB$PA-@*TQ z%avuh`tEF3X|7cI&X(*Q__43){;MCWLGtTIuD+vlfAfc?3TpMo)+USgRW(;z?cdlu za+=*0GaIxv%^rWV>83}P$2Lzu9f+dk>Z-jH&r+x;0b{wb&?px|OuENuxDa(~&lh;# zY_*s!7UrBz;qh2GoxhcTv(`9RJXlTE*E)}`#ofWaBgJljNv(a9cI)x@zc~9IY!;vV z)a@+&&1+TvackkW{as_>+Rpu1b5J>K2G3do?I>L0qN$*G9s!pp;DtHKma?;Qa904x zY7qSPEpMq=rygNwmex)OU-TYPK`glHJFfWn|NNr@{bN@LYp>l^%7PDN-(7tC${Q!F z!95S`*|FYkf77O_@^^9H2k#oUGkxgZsXJIJe%DMrZGUlLd)ZZND#wEd4{qPfTbg8< zUHsd-{>Tkd{@8sp0J%Zv?W?^eI5}l!CIstqKzpuHDGg0G3L@A2@^kRDfBSew@!C%3 z2={7x#vr*nW>$ zTPyN~>F%VSM%=$=dz{u$Ht#IP^LLNJ;UAxH)ZDx4H{ho??3_T#_@TRgZL5nt`;Ow*%qJp!PyFJB@?hfR9Zi^f_gL-mH*RwJ1$XeN_my|rzUR+ZpS%L-0N=5pB2PVhbSJSx z6t$TKXjZ_rI&ph)bmhwh_71kfy)c07K?|6gg82>5q6Jd}TEOAf{5&vU1Mfl4gTpo0 z1k8KPx1a?c`=JGg0lYIWnEEnh=P&b|YvF&<2zD7U`;i~vK!LCM^xJN#XHWe8u2*mZ zpQ3Ns9*kE$e5Cl>cT}_ces^Xq{g&%0=Bb~mw)of``>L$ILrgyK+P1%W%pqL+{^*8V zt6KMe&3`@Z^71RoI`6!W}Q-`IaI@Gx^nj!{SNm zwK}i8x}g_;Czz0t>$0*w2f%HkZd9^5gOy2E_;P`#=JEL7Wa=^_2K=v4z255fd;oad z>9DJwt^W38`2ab^KFabvSX#0g*Ii$f3-7DhdnaF6aRz@Mk6(47x~neJy9eXbV=Uis zbs-;q@wb`&ff_oSJyKue7Ctsnv2=I6&e54~x@NTZ&^wqcoc^Ac8@cVDTiEGUBVlTL z?>l=#N(E0^UR6E$i@nKjGu;w#e?QYSpji%G(jeg(OfFLRt4YBBew#zPaE)0#;mn3TnX4Yad2Sj zhKe=!q3T*`2!H~r&`HX-ZE!jCM>AiyaqBp$`^(mwPYfq^)s&vqHtN3MP2)~F_w$YG zr|UJePFvqSvd8uPwzn0Uq-zMT0qJfs>aLTW9};& z*@6$i3LGzg_f|9dMOqG^fJ%RYyc=V!?QmKCvD!~x>#x<^=x>Hs+;shVWi6V91ojWTJ zT3UQ^%XJf`Aq`6=>4As;O~}s8dqz!+B4IbGXA_5ZitR&OI{g8u0)X1(T_Ui^S#CcB zz{3R~;vaz(uC5sCj}*`LW%UO)6njr}Mynbt0x0%7wO$OAMhludH$=x4uMx?Sf8MxR zJ=DcAu}a}XYpwY^Chgguihg9c3O?s|B_V(_5N4ATKo565>&~~EQrH$Z% z=Bx_PpIDsWA2GL9$nT483OJ**t0`7~ezY6`M5)ChQ3e1(Te>$KfA``aj=HDbUi3=C zD76x8**|;`Uh#@OZvQ>;9=QyBXldE90t#c}H3EBt)qhJVZB5|vFo1jbi)&eNvNb>? z^=t2$|Lsl+DFt_Qrs(rU*K{y5lda9<^u5*jSCuj|%Ys4sGA`2#E;!aJ+m3ODjHIsAvG%j?U$cTc(f>;37{@IiOt#C&VqoEcL$ z7p1G_@2^h-Q0o+Ir`+@eU2Mm#_Ty5m>*7WcF0HlbW_i!5HNAGz{wgpr(VHU%a7M1? zkveLF1Flsa;fX&hI!@Ibl+7q=U-DjdK!qEe3qCfkGJwJIpuj&i%Xf^WCm!QS6=J!G zQ|SKD$Lht+ivUrI3lnLVdW3iPJ!v&EfA^-^;B)&o8yuclrS{S9*;*;qqR0>Z%6sb5 z+tgYMTE;FQwmSd@Q6(q#AjSpOaPM;%VUD{u11F%lBXU^@dhCqK*AvX|sAV{a{;>}f zcOALejXbiRf5~?MpP!C~Rq+{;#vouoX21x(MJDg2MgSb5mN<&2G|nE&V^Q#mnC>_|kJ-U=!j#zce__=Z>3 zgQIuW$8YX04MOsXEgwtxXp-dRa?u}etp&-pV{5H74DbP)1a#jHJ!gZhOn(~wtHr8vzmPG(iCg%bM z7m9G{0v=(F?*IS%(&Rvl1>m2zuht@|3lZ)!?|YX3VE1ZVAP1wL7x86w?uTC{#h5ey zpe-N)BUrLJwXWUr;-KD%owz`pte8&W8(St0zztMuRy6#z$!bRI05O}19Wq6hO!h6; zu|>d1&300~ya8Zl117BDvkc%ecU3Naufh>y#H6?s-V*xhhh-_#&; zv-Ai!mlinUbTyx^&s?Dn6t^6}?vBnZwacS5^GLd*fA6t4??jB^D=+e}bDkl;uyB-+ z6eSb^@LVokz(|}e0?XJqL~db*W$JCI(hzVj?7Id4mFlzl(mB!YrPca%wSlFOTrPE0 zdEUPU`kXZiaMWlpGC$49wDfi1WXmiS9k5c1&@1T3y#+LxMrcw{Dg{Mq6|s`6d*FVO za;;nI0$`<93^{~A%EX|PdG%{QHg&rh49B~E@QB+QuC-$TQot@4SJX1oqVsv65jRat zqLXt~=Tb*-i1Pg@=Y&^e!J*X6o{V)_bj#ECjpO7=y*n%g2GWZ9r2q;%KSAgMkmOe4 zaycH6+oQqqS{RX%QZ3D!B^c}ZHd?qb05<280O(g7o+Swv6G}}Dp{FF5!(L0aRo6eU zU;-`?-~xcfDtRgFcE9tcx)53CXi9g$N5 zn1p9it8o$!$99cu8bhV7pR0{Lc*xdiYy)Tz7`G@~!U0t$W_vlq%-Z{_qX5yR1m+6y zD78Ys@@im~uD-FfQb~?|%FoT}<1He0JYA(!*Ys+!<}wt*xD|7$qA;N`et3B;)Y#aB z`2Jd<>eQBni5Ge?03v@&5FQ$V`O>&}Me#!2|HUZ~29) z6ZaN|e|{{$O2hHj-C(ag2nB1zk~pR%irA7wiI6Od)#_sZFOJ!sSPMNMOL+z_WFak- zlQ&InbzL#Qb&&-=yoQ-(C^N&%(1vGYK(t;Rg>u6inAu=`+JQ@+gCE(RU_@feq4hO$ zUFahS`*;gW>fG)DCNf^XF)DYQ5_>~*^B z_69DZa`uJIv$c+4M5Mwu&L6|kr4&}%N17`S^s;A9MS#wB{~wdVfp?#_ilf_%*x_ql zH%9lZk4rOyRO3`9zi}r`D@_JOy}#-nN^IRMY$aS@LRi_^@r{w6eGm#^#q7D0nW8O~ z2s4Yw9n)|5^I3u{&o!VC=0t%KX^@Ws&C&pGu#OV}KzIqO=rbl}vC=HdO+&%Sg|@~m zRtGi)3r@`6E>qe#4RDET>U#U}wXiz!YM%>TWHd!GM;|!4l8%kvLJ5Y9KfJ64S+XVX zX+j-V3;_IuGYS`3Z(*3gcdu)zki4w|Q_2E*IAedm#JB}4OcuB_BmUYTs-#>ppA#qSvFRI1PCPtXhHD;9dscJFlEuD8 zhX7zWT=189TucJK;DW+@d7;}}I+~_P%>`5rh<8jdyT4vr8Th^`?E00fIeyP?R=0)o zL2B0Q6eq*bkqaF+aseP34mxOMW9SUQg;IyO{NdfD;hei^ba9^ERCUx^$%=)UJMSE7 zw93JdqWJANieSJBTgKg}ln$fz+(rig=aK?DZNM$AL$0xHSj*g?P~A1KeP9ScqM~vl z7bXd~l*EN&R}iH^ip!ofi`d4w}=bx;6Ci=twAn-msvG|$Ce%@~0W@$7zki+yC$f$o} zx;HvnBD2z9o#~uQoP)bHB!JWCk)w4QAKyxGtkNq_jt^o}LkV!C%JR`pVG^VR#6Spm zgverw3km`(-{_UcXwzDE3Tc)rAR>}w6p%s)l{Bp7#xstaTP8fT)Nz}}17p=*qurpo zDs-{F5g)=l58xyK9sy5j0Bwl_F_36rEJJ!701Bt_>N3$7?IBVN(2n~P$ z1ZV`=mXB<-y7TkdZxtW=?{~gFOePoq@QEki<|ZA9MgbV2a6NA93bFK7nOW1F;x5Ot#N;vVbSYk+X9gdFZ z26C}(YKnnxhQ|uQwP6`)~fbQfJV~$9h5GnaAY~duG_qoIcs5%tU1l6?XLhwod|fqDxnYTIY6- zIKAX|hD12!(QA%$lgxBlQx{#tW4Tlwc}xHIhk)XlBq--gKm2>n#P9a1z{7w0Y06DH z?O-S~TN49`%*q4Tib*msy#YXIiwLBhC)j2PU?-SKj$tEIYkNJZjM2C``_ay0H&-Y6 zKeg$151UDfo8|zJr;~S7RDt&An_HqS)pe6-Fbhs}=|>+8IU~@Z^LRb>JDI_H$-IKN zmji&G>m0gYiec%MGyP*HA;ltPVg|M^aiG!e)VCQNT0#laaAau`$ThGwPr|F*BL~xX zLedM`3nw=W3p~XIAf_9Jx=bInTB06T$q?yVYL3h(E*Va z4m!*ImC+j(CzCI<2VoipnJt{`$k~dKGg$8V#YnAK-C><9<9TT+hh9^9|C;8xDMQ6a zzO&@wb>eQ=v?dC{@{-C_t^k~o)p*-reP9<85jE>D7);@I24e#~6SZ~0FIV09LL>B8 zDU^HWRJ2a6#@!mG|8wDEDyzh%|=wzu1jX)O$CVj;w@{0$^cq+wkZh4CdG4 zX5x$UZDt8`ST8-=F-%iI05nQ!*<3;Y8tQx$Dq4Kl*{f4_*0zlRvd4^_HtVl9TVe z^47}C-}0@4ZTy`6-Jcz|aVwl)7SfUJ{^>^nEb zx0kzKk?!)k*8+p#5**&HLtHKtr$zx7I2o`!22=sO1gF;@yJpAXVBh{ng5iS6_}?5} zt4+PSPigUf?pg zqV)cCnQ#%x$r6Z&Ty!VyreP|)7{CDeTN~e6*f1RZz_txP^;0`;9MZYzt&9EfPv5!y zPU`KPpt-H+Z+L6(FF!zI_emP1i7={~Kjdb1|Ci+-CdZtq`Qf!*H=6v}J&5^3xrqWm zxKpk|FaBwGO6+O)u9XJsJ`qGA03MednC0;(6(wQWZrOI{SF(W*%^~OL3>zyQguQrO zg^6pqHoak|3X4Yqv+5Pft>eeqM%{z{aDn4D#AsN=VY#=c4P zgH7R+?P6*BPyn#FLK!%Ga#$Od*`SvC9v9QC$YwfGU3x;rJSPjtlsa)jfIy%Gnk)k( zmKLwr_Bmd0nh#&U7VWfuGHP{y;;zE`>2X!GyY;09pw)Ev)@>ud(TE>@M||g%cdS1g zx_)ikf90Wn+qsFX9)o3Mle7&u8*yS<Z4cL5Qxmg?BcIXH1Hh(!(9<$J8LSW7@_4b; zILPzx0IOMf-?GlRC{v+K1Ckua$T1Q?0vZ|*|1=W<6_{&d!KgZtn&))tY zk4_!^ogdoyu0+V0x5u5{k-uy3OG~@|^7tG0r6U>9wXx+8#L#XI%q^~ z>Q%KhMpG;?_#S&LF}?NQA|X)`yysX8$1uIL;P zfRd2l9{c4^`CYS{-nE~%Pv%E@_qoabpWFDvn)_4p2gc@wNTUyRV%>iGWHetGtnkPq zCn*nvzm!G%PIZJ29{3OYZrI~evBN02`!@$tIWYi9aZghOEH5ZgeMgBj3i`b`kAU!! z14o4r(4`pcO7XRdBnVn@l54FoI8VAsg{O$JGzKl#=^6*ZAQ4%B$l}>jjZUo1+NSkn zV#nW*8X8E~XIB^>50;9ETuVqe$KwJmDG?B(GpVE=0t;mGLs42vlt_oo^)d{OSr%zJ zNClKceE&6>XcYt@(jZB+6&}*bZv3`QYBjPl6 zxB^Ep%iY{GoRg)g(WI1Y-F$mdX-d%R^8VA7>)SDq3bXj_A|U-}g1EVrIs|=U0Prp` zaIIU5^q>S#=BBmbsg=^?$ubTAhnj@j1ZHpv^v1FA@2os%a z!#Y)Vqj2VaLsU1V3+PFMs%<$VeoL9Do=|!B9p*0!ad#JJ>l400@B) z&K(sPGI{7-f6=i@P)gh+vKiXR-FIbynTNs`+5la+s-8H;v4fep^#?^x6b;%X0{3zb z5M2WWKp9L*1Y?L4$N{<~&NDkj0~2@*M6;0xa1n&(JAQb%)V#VWwDFT%73ZFt&8pPmA@|ETkbwoc`niLzErQinH$iDW}n{ z&`)!1t<200bnml!HV#+PQgyc~fd+)ovHga}?i;N_7+FeySQ_UdTCM1heWaEEs9Y)y zhGkk77LX*Vz47ZS5e1P-XZmfwGM}O3a~^2&l8Jcsop)T*q#lKJzf>t?9w5_;<@P)Gb`m#w@XL2%~uH&Wl`*( zK9*D5cc`G#?gLY>);tWN=#{Eryu2{AVE~Y5#~a-=9?z|aaCULERi^Pz6_2cs}hN_1U>x8=N5}%CLlEnN_C*4ulKF4>zNz1o%a(bPj~JX4ct$`p15fI|HjPgh&B2fVHWHWaUt3Z@faec@+4-3kxh@!2YhVJkBsc0D#PF z&ge3J7{D~h0|2VCw(2Lqc(;rr0EVUcIKvi`_aX{SZ?Km1hMSE61|S&cVwPwPf?$1N zrVuDeRl7Um|7oY%7R^qa4p*iChyz)0yrN78>&KcfuoI+LWZkKbhW^S4Uu+mN7L8FO z*MM0Gl9eYMOVUFd&)?UoRipO@nx}}|mCd4yCmn*Ylk9uz;-8n&&_xMlp_4a%v1=KM zuSkX>eKc^74Wp^~`FC2K$Q2f;;EWu3Q$@-6F9%uWXKiJMVQ5Fhgw$Th2nO4k&+XS7 zxr(ziP~Fp zlXJbL&6To;ZXX^FX9rsH9Ex2rkqy>{s}{Fz?+lVgheMkIBKgL&J!l^nw=<|LEJWpT zXX`?=l&zFy`uNTIbA#ell~VKdvyU6$i6zGOur@JL0l{!(a~$?M$3{2rouv0rHRGa= zT>Z%S-o~Q~T5E*_BzbPS&1S)aZg-h5}6+C*CHCpTg-6el>c|0Air~a}7R*j4E4#$l~{|_RK$_;=dw?)0)D3_Y+ zv%}RO%@7B^`(0mCNlTK%smR1J`@is^Q**osav&2qxgrNc@HBI(VmZN+Z6<%z_MI%~ z^Z}R1tPr`Ic^^aF+I1xVocUo z)|Un@R#e2rrW$_=MJ+A>|gtJc?it(Bc8^S{CkqUc$!TNhf`gRQ$yew$Rh z7z7A_9C9rHK!YfKmksVmyY5vRx(-p)HhBSaaD)Va?l@i`{Cf=7fy591WT~eBFB|Wa zD^7pZYx%`e?~0T3;?!~~X0_2=qE5L!uqbWn7;Qmn%KG?@G2zs#%ET6ZyxIW8m|h)H zcCjio2N0YS0pJ$aB74v9s59uN-Jr8@fCM|Qsj|7$D;N8on;KYnBVQ}-y;+{VcHd{p zK`(J_v$^?(gHINrzxtn?%*(=_m24_CVv(5AipLzBVHzRr!tKi%fN{>~;sFp=Ni3?P z)rI>rWCAG2Db+Vs1(v-SulF(|Czi@+-}#Mq*b|DMfEyw0erR60 zsxZmI`jUU|x4e>vpak$rmd4sr+axtEtl>TN!l)cD8sk5`9LWeUG=^c-H*IfIXZxuW z!%PYdLgjYv=pBw9Vnk6@F8=nB*hq3C2Sb9;=jv$AXMhbP&rFZP$dS)DRR}Cx z-_pb{amKL3Ii`c}fCGR}i3`;@rvxy34ZSZJfKRc~5~?kl6jNL-P~x0HUYTkBkJ+x( zESGR{%UTN7KC^Y~>SPIkb=*W0Qi#JE=UjMy=cFmFEH#gw%rXN62#vIAV^JnrD(yxPVezKw+YC041Jt{2HdPCT|mp_93}z zr?%+yJ2(K~TwY+H=V7tLQlVPxKBk=2RZEp0wp;w(9p#4_LvH^Pezz9QWk&&7MN zvH2DPfU>#f%MqkCVA^O9YCVHDp@rE9pE4*$@_+H9CxU|Wl z%RB&Kscx0qxIC{zn;#iasL!mlM|R%mA04curIHsE6=xJv2x~YzH&?CHm~70Q)F==D zVApCSPff6dU7hZj_Eu&6=hxJW+1c{ zhR8adx&KZ+)L||qLIIE~i54H^pRH-0HGrk|UGO=N0L%m-jEv`D?x++LM^25r)g<$W z`@0Uj(7-^klVOk>06YYC!b8|3QQ7qObihkpUQ7-b;c{6Do$A)Mr9^1KI1DwA`J90b%~(c-OW z$+JZ3ML$X|=xb`4^fIX=7iGFX&``*KZNIIO*jd==I^I_jcyr>%VGNilPq9)1c5kKw z_;$pL%H_pTE$YVTAX)yartqs`HcVR89VeuM7=VK0`R%X^^#7HgBhcqBbYjbD^i-!Y zo}5aR%mFZnCCVVPI7cc2Db0AI<=uM46FggjjxF<2zSPsR2NrGd#Y!v<`3E)$^Cu;-Voeh!`*S z0nj|Zpa6hZX!-wc)=&s!3IKv+C?J&+i>0+|wY@OZLIdPTkz%3%6ku?c*k)1tH@Ag4 zlUzXMBzBTx2r-`0*eUj)`r$PNOURyQpt0&BLZk4Yc02P zPoz1Iwt|6c3AbCCIwj|(UAxl@0fYv_dV09!0-?wublv~c6xPK5_=cXXa|CDr1v!w% z7o691RHo`9yyrx-mm3OsL0^L$fwq+#zm3#dJ$m&_CRG%40Y(5Xe1UT??N%r-u>mNm z|L=j~N)sypz>S{n+r{IB3aRlTE3<6cW-n2AolV$a{f-?W}`mW@Mbt3mCZ1zIedn z1@l5)WPMnylqYtUVL+MA$suK>5zoK1aU%e>G;7Q~sx;@zbw^Z71;?GM)JtPuoSQCJ z{=dY&#xRrsjRaBvkRUW;HITA&;|&jJnMn6(vJM*ehLK%xu)v;IA9 zD3ed#)>5cWu;QQX`@&bz<*IhO1;ik7}!n$R-bi3i5$*( z>OQvNSF(wIaVY?Zh@b({X*C2S;6MM~r(0{oR;9i{$mRWs1_9Wql_C{nQY~4@j`6{a zE^Rni9bfXobVq5pH0<>Jeyqt23b6zr15o*Qq9E#5w*J+(E(uQqXh?aMJY?zj2IbDF z*SzIeKSJ?r+B8k^gN{%ves599sNc~>qaM7_z!w^Exwvy_YrJp{FR}>Wyo=n10E#bf zxa;(;4Q7!4aezhu0#Z;CB{LZ>kzgA4+`fIEb82MS+fssHhKJgPFeON}O^OB~QlVjV z5|m6Lw>0yIKiV@hg_c}QcC>zV``CTQW+QTgr>Jv7Sc5S>2Bh`PC^~&jyU}*O(!fp( zK;-h0QtO_LI+Oq?E>U|kR@3Z@`ICvIBp@_^1SJuM4wq8)5`L_9%{8T^qcG0V_-G_N zJ0!9KER!s;J<@)f8*Hl~lhn_;!+i53R+yy3TwKr&?vJ#Y z8Tq+Y^SQ!+gd8ew2FNCe(n0@lquppjbgsu`26j15Ko{@1=S-KcUQ@gP;nkbe>BfIt zL<reOn z3g=*IT*%?&DST|>p2A$3d?7Y8h+?rfFiZe5(*PK`W+mtp*Y-DRwX1&S1B+#fNhhLG zFDR0J-%4m0rTXM|H(0kG{@XN?t->fk%{kdgTt$`(vRvzDP95^X*CZEwJU0wwm4498 z01MJ!Zei-OdYJqZfZF7y(WC$2CqA$Q+B9fx>>LXv=bS6tADV;Wdp@|Se$CJQ;=r|S zfFvPPgM4KAhZ_~Fv=XhZd}KH=6VoLIMCMhhgVZOqeVL}I&|D5ff*9WpU;)F^r&zJ@I0r z{s~9CU4<>`x8kw)ENiI|d9n0qF!ggC#Byl5zj^%?N#n+U@$2i!Ko!d)jfpoki#8(3 z0*L26x{_LPeBy7kVAhr8O@U$NdQie}!g&aErX-gka~Z!4NG&U+)1RBtAUxd52>eg3 z4hoIRUmW|*!3nM7+>ll{JjPmbK?wl>hRy=y{t7z z;rgfD;yRY*S+p=T`|rKIlDM1y)!(wARutG-Y5`h6`@K&_GE;yFf>88&%SESIf*?uq z2~=806qhBb{~$nWkq#Go9tb=)_ChW>@IN_xlUMk);Kv6iGb^?c_*x92Nb+1Xg5)=^ zu`TIt;&_$l?4GYcXjoa!GA#uN0cbKY3_Bi_hFL6Fvui5tOD;n$^h6ny1PFAcbrL)` d29Hbg{{VAln literal 0 HcmV?d00001 diff --git a/content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/index.md b/content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/index.md new file mode 100644 index 0000000000..9caa6341ed --- /dev/null +++ b/content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/index.md @@ -0,0 +1,208 @@ +--- +layout: blog +title: "10 Years of Kubernetes" +date: 2024-06-06 +slug: 10-years-of-kubernetes +author: > + [Bob Killen](https://github.com/mybobbytables) (CNCF), + [Chris Short](https://github.com/chris-short) (AWS), + [Frederico Muñoz](https://github.com/fsmunoz) (SAS), + [Kaslin Fields](https://github.com/kaslin) (Google), + [Tim Bannister](https://github.com/sftim) (The Scale Factory), + and every contributor across the globe +--- +![KCSEU 2024 group photo](kcseu2024.jpg) + +Ten (10) years ago, on June 6th, 2014, the +[first commit](https://github.com/kubernetes/kubernetes/commit/2c4b3a562ce34cddc3f8218a2c4d11c7310e6d56) +of Kubernetes was pushed to GitHub. That first commit with 250 files and 47,501 lines of go, bash +and markdown kicked off the project we have today. Who could have predicted that 10 years later, +Kubernetes would grow to become one of the largest Open Source projects to date with over +[88,000 contributors](https://k8s.devstats.cncf.io/d/24/overall-project-statistics?orgId=1) from +more than [8,000 companies](https://www.cncf.io/reports/kubernetes-project-journey-report/), across +44 countries. + +KCSCN 2019 + +This milestone isn't just for Kubernetes but for the Cloud Native ecosystem that blossomed from +it. There are close to [200 projects](https://all.devstats.cncf.io/d/18/overall-project-statistics-table?orgId=1) +within the CNCF itself, with contributions from +[240,000+ individual contributors](https://all.devstats.cncf.io/d/18/overall-project-statistics-table?orgId=1) and +thousands more in the greater ecosystem. Kubernetes would not be where it is today without them, the +[7M+ Developers](https://www.cncf.io/blog/2022/05/18/slashdata-cloud-native-continues-to-grow-with-more-than-7-million-developers-worldwide/), +and the even larger user community that have all helped shape the ecosystem that it is today. + +## Kubernetes' beginnings - a converging of technologies + +The ideas underlying Kubernetes started well before the first commit, or even the first prototype +([which came about in 2013](/blog/2018/07/20/the-history-of-kubernetes-the-community-behind-it/)). +In the early 2000s, Moore's Law was well in effect. Computing hardware was becoming more and more +powerful at an incredibly fast rate. Correspondingly, applications were growing more and more +complex. This combination of hardware commoditization and application complexity pointed to a need +to further abstract software from hardware, and solutions started to emerge. + +Like many companies at the time, Google was scaling rapidly, and its engineers were interested in +the idea of creating a form of isolation in the Linux kernel. Google engineer Rohit Seth described +the concept in an [email in 2006](https://lwn.net/Articles/199643/): + +> We use the term container to indicate a structure against which we track and charge utilization of +system resources like memory, tasks, etc. for a Workload. + + +Google's Borg system for managing application orchestration at scale had adopted Linux containers as +they were developed in the mid-2000s. Since then, the company had also started working on a new +version of the system called "Omega." Engineers at Google who were familiar with the Borg and Omega +systems saw the popularity of containerization driven by Docker. They recognized not only the need +for an open source container orchestration system but its "inevitability," as described by Brendan +Burns in this [blog post](/blog/2018/07/20/the-history-of-kubernetes-the-community-behind-it/). That +realization in the fall of 2013 inspired a small team to start working on a project that would later +become **Kubernetes**. That team included Joe Beda, Brendan Burns, Craig McLuckie, Ville Aikas, Tim +Hockin, Dawn Chen, Brian Grant, and Daniel Smith. + + +The future of Linux containers + +In March of 2013, a 5-minute lightning talk called +["The future of Linux Containers," presented by Solomon Hykes at PyCon](https://youtu.be/wW9CAH9nSLs?si=VtK_VFQHymOT7BIB), +introduced an upcoming open source tool called "Docker" for creating and using Linux +Containers. Docker introduced a level of usability to Linux Containers that made them accessible to +more users than ever before, and the popularity of Docker, and thus of Linux Containers, +skyrocketed. With Docker making the abstraction of Linux Containers accessible to all, running +applications in much more portable and repeatable ways was suddenly possible, but the question of +scale remained. + +Google's Borg system for managing application orchestration at scale had adopted Linux containers as +they were developed in the mid-2000s. Since then, the company had also started working on a new +version of the system called "Omega." Engineers at Google who were familiar with the Borg and Omega +systems saw the popularity of containerization driven by Docker. They recognized not only the need +for an open source container orchestration system but its "inevitability," as described by Brendan +Burns in +[this blog post](/blog/2018/07/20/the-history-of-kubernetes-the-community-behind-it/). +That realization in the fall of 2013 inspired a small team to start working on a project that would +later become **Kubernetes**. That team included Joe Beda, Brendan Burns, Craig McLuckie, Ville +Aikas, Tim Hockin, Dawn Chen, Brian Grant, and Daniel Smith. + +## A decade of Kubernetes + +KubeCon EU 2017 + +Kubernetes' history begins with that historic commit on June 6th, 2014, and the subsequent +announcement of the project in a June 10th +[keynote by Google engineer Eric Brewer at DockerCon 2014](https://youtu.be/YrxnVKZeqK8?si=Q_wYBFn7dsS9H3k3) +(and its corresponding [Google blog](https://cloudplatform.googleblog.com/2014/06/an-update-on-container-support-on-google-cloud-platform.html)). + +Over the next year, a small community of +[contributors, largely from Google and Red Hat](https://k8s.devstats.cncf.io/d/9/companies-table?orgId=1&var-period_name=Before%20joining%20CNCF&var-metric=contributors), +worked hard on the project, culminating in a [version 1.0 release on July 21st, 2015](https://cloudplatform.googleblog.com/2015/07/Kubernetes-V1-Released.html). +Alongside 1.0, Google announced that Kubernetes would be donated to a newly formed branch of the +Linux Foundation called the +[Cloud Native Computing Foundation (CNCF)](https://www.cncf.io/announcements/2015/06/21/new-cloud-native-computing-foundation-to-drive-alignment-among-container-technologies/). + +Despite reaching 1.0, the Kubernetes project was still very challenging to use and +understand. Kubernetes contributor Kelsey Hightower took special note of the project's shortcomings +in ease of use and on July 7, 2016, he pushed the +[first commit of his famed "Kubernetes the Hard Way" guide](https://github.com/kelseyhightower/kubernetes-the-hard-way/commit/9d7ace8b186f6ebd2e93e08265f3530ec2fba81c). + +The project has changed enormously since its original 1.0 release; experiencing a number of big wins +such as +[Custom Resource Definitions (CRD) going GA in 1.16](/blog/2019/09/18/kubernetes-1-16-release-announcement/) +or [full dual stack support launching in 1.23](/blog/2021/12/08/dual-stack-networking-ga/) and +community "lessons learned" from the [removal of widely used beta APIs in 1.22](/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/) +or the deprecation of [Dockershim](/blog/2020/12/02/dockershim-faq/). + +Some notable updates, milestones and events since 1.0 include: + +* December 2016 - [Kubernetes 1.5](/blog/2016/12/kubernetes-1-5-supporting-production-workloads/)introduces runtime pluggability with initial CRI support and alpha Windows node support. OpenAPI also appears for the first time, paving the way for clients to be able to discover extension APIs. + * This release also introduced StatefulSets and PodDisruptionBudgets in Beta. +* April 2017 — [Introduction of Role-Based Access Controls or RBAC](/blog/2017/04/rbac-support-in-kubernetes/). +* June 2017 — In [Kubernetes 1.7](/blog/2017/06/kubernetes-1-7-security-hardening-stateful-application-extensibility-updates/), ThirdPartyResources or "TPRs" are replaced with CustomResourceDefinitions (CRDs). +* December 2017 — [Kubernetes 1.9](/blog/2017/12/kubernetes-19-workloads-expanded-ecosystem/) sees the Workloads API becoming GA (Generally Available). The release blog states: _"Deployment and ReplicaSet, two of the most commonly used objects in Kubernetes, are now stabilized after more than a year of real-world use and feedback."_ +* December 2018 — In 1.13, the Container Storage Interface (CSI) reaches GA, kubeadm tool for bootstrapping minimum viable clusters reaches GA, and CoreDNS becomes the default DNS server. +* September 2019 — [Custom Resource Definitions go GA](/blog/2019/09/18/kubernetes-1-16-release-announcement/)in Kubernetes 1.16. +* August 2020 — [Kubernetes 1.19](/blog/2016/12/kubernetes-1-5-supporting-production-workloads/) increases the support window for releases to 1 year. +* December 2020 — [Dockershim is deprecated](/blog/2020/12/18/kubernetes-1.20-pod-impersonation-short-lived-volumes-in-csi/) in 1.20 +* April 2021 — the [Kubernetes release cadence changes](/blog/2021/07/20/new-kubernetes-release-cadence/#:~:text=On%20April%2023%2C%202021%2C%20the,Kubernetes%20community's%20contributors%20and%20maintainers.) from 4 releases per year to 3 releases per year. +* July 2021 — Widely used beta APIs are [removed](/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/) in Kubernetes 1.22. +* May 2022 — Kubernetes 1.24 sees [beta APIs become disabled by default](/blog/2022/05/03/kubernetes-1-24-release-announcement/) to reduce upgrade conflicts and removal of [Dockershim](/dockershim), leading to [widespread user confusion](https://www.youtube.com/watch?v=a03Hh1kd6KE) (we've since [improved our communication!](https://github.com/kubernetes/community/tree/master/communication/contributor-comms)) +* December 2022 — In 1.26, there was a significant batch and [Job API overhaul](/blog/2022/12/29/scalable-job-tracking-ga/) that paved the way for better support for AI /ML / batch workloads. + +**PS:** Curious to see how far the project has come for yourself? Check out this [tutorial for spinning up a Kubernetes 1.0 cluster](https://github.com/spurin/kubernetes-v1.0-lab) created by community members Carlos Santana, Amim Moises Salum Knabben, and James Spurin. + +--- + +Kubernetes offers more extension points than we can count. Originally designed to work with Docker +and only Docker, now you can plug in any container runtime that adheres to the CRI standard. There +are other similar interfaces: CSI for storage and CNI for networking. And that's far from all you +can do. In the last decade, whole new patterns have emerged, such as using + +[Custom Resource Definitions](/docs/concepts/extend-kubernetes/api-extension/custom-resources/) +(CRDs) to support third-party controllers - now a huge part of the Kubernetes ecosystem. + +The community building the project has also expanded immensely over the last decade. Using +[DevStats](https://k8s.devstats.cncf.io/d/24/overall-project-statistics?orgId=1), we can see the +incredible volume of contribution over the last decade that has made Kubernetes the +[second-largest open source project in the world](https://www.cncf.io/reports/kubernetes-project-journey-report/): + +* **88,474** contributors +* **15,121** code committers +* **4,228,347** contributions +* **158,530** issues +* **311,787** pull requests + +## Kubernetes today + +KubeCon NA 2023 + +Since its early days, the project has seen enormous growth in technical capability, usage, and +contribution. The project is still actively working to improve and better serve its users. + +In the upcoming 1.31 release, the project will celebrate the culmination of an important long-term +project: the removal of in-tree cloud provider code. In this +[largest migration in Kubernetes history](/blog/2024/05/20/completing-cloud-provider-migration/), +roughly 1.5 million lines of code have been removed, reducing the binary sizes of core components +by approximately 40%. In the project's early days, it was clear that extensibility would be key to +success. However, it wasn't always clear how that extensibility should be achieved. This migration +removes a variety of vendor-specific capabilities from the core Kubernetes code +base. Vendor-specific capabilities can now be better served by other pluggable extensibility +features or patterns, such as +[Custom Resource Definitions (CRDs)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) +or API standards like the [Gateway API](https://gateway-api.sigs.k8s.io/). +Kubernetes also faces new challenges in serving its vast user base, and the community is adapting +accordingly. One example of this is the migration of image hosting to the new, community-owned +registry.k8s.io. The egress bandwidth and costs of providing pre-compiled binary images for user +consumption have become immense. This new registry change enables the community to continue +providing these convenient images in more cost- and performance-efficient ways. Make sure you check +out the [blog post](/blog/2022/11/28/registry-k8s-io-faster-cheaper-ga/) and +update any automation you have to use registry.k8s.io! + +## The future of Kubernetes + + + +A decade in, the future of Kubernetes still looks bright. The community is prioritizing changes that +both improve the user experiences, and enhance the sustainability of the project. The world of +application development continues to evolve, and Kubernetes is poised to change along with it. + +In 2024, the advent of AI changed a once-niche workload type into one of prominent +importance. Distributed computing and workload scheduling has always gone hand-in-hand with the +resource-intensive needs of Artificial Intelligence, Machine Learning, and High Performance +Computing workloads. Contributors are paying close attention to the needs of newly developed +workloads and how Kubernetes can best serve them. The new +[Serving Working Group](https://github.com/kubernetes/community/tree/master/wg-serving) is one +example of how the community is organizing to address these workloads' needs. It's likely that the +next few years will see improvements to Kubernetes' ability to manage various types of hardware, and +its ability to manage the scheduling of large batch-style workloads which are run across hardware in +chunks. + +The ecosystem around Kubernetes will continue to grow and evolve. In the future, initiatives to +maintain the sustainability of the project, like the migration of in-tree vendor code and the +registry change, will be ever more important. + +The next 10 years of Kubernetes will be guided by its users and the ecosystem, but most of all, by +the people who contribute to it. The community remains open to new contributors. You can find more +information about contributing in our New Contributor Guide at +[https://k8s.dev/contributors](https://k8s.dev/contributors). + +We look forward to building the future of Kubernetes with you! + +{{< figure src="kcsna2023.jpg" alt="KCSNA 2023">}} diff --git a/content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/kcscn2019.jpg b/content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/kcscn2019.jpg new file mode 100644 index 0000000000000000000000000000000000000000..95446f4ff4346ed66fd0db100c8b846c88bd4ff4 GIT binary patch literal 187413 zcmbq)^;Z<$6X?>Zl(h5$N{4_-cZx{@nl&t0*Wd0MO6?0JMJ#@D~mU1z`SPz{0}B{vY7s;^5%o zy}tLWU1JFs(Fi6n;_5{v@6+27)Xd4w*q-8CxGB;=A z@DvUgqd5yFmb(Q@t-B0vsKV!8bKCV4X#HVDN#qpwYW3vqP-^m=f;uOmb{wqVVJXp4 zN0tey5tvfr%%eTZEad2eN+5Hd{2o<4;dhZgXI%}&3b{!~PU5Ms<2dWM!!qzV%@PYz z8ZEtcWd{>g>U#;8drmBEXJlp+zF5jojuMdbHBg!HT5>v656{z*> zO^KgI$f1&lFN07Om$eWNGkJtHYD*Q()_?$7yF_7NZm}akwV59m$J8+|iveK@n+n2^ zw^haZ#+}m8Z*eV@G_~dURqV`tVu9+IJ1&*;?VH{KVNwDfbOTw8GChR8LoJ^zLTXI50zB80WDwKeNA+EiL`?+it1UNUMGEePOmUyQF8ZHP zDkBBp2hOG$WJZSY&#($8UR)|*T8(F_=Q3p{ii%GQw8Mj|ODrfggRRR34x5YM8@`~b z7K>?D44&E$SY{zJGcyV?w?7H~V`~;HYmWH=f4=gi4$B*UaQcQaA%Cc)N8%c$fAx3e zJpUV+`ghhrwQ1yN8a#NnS@(NyKCQjlWv;>GEM zdThcV@?3a;vO0)TZ@c-M0WcXo$FP3CfWl{U?2$ETOoV0qJFEg8IWF}C4mgCu8#8RN zhYHBQLn@13YsL2#pBj=xFwD)hQ{)kIS;U=IICttCHHz2RVQqW*s#lo#s{xiDpS-4`tQ>BHzD z=!009V6~qHL&Tj?kc3}(vem1i!6b#?o52{Kl=P{7pG76LP*^J=uI=VGFvuaCv#M+- zgDxfL+v^ZCP9{VFRb>oQYN09yfhu5Xky}78oPS0sW}Ljp&JZ&p{fC$q9ydWPl+Xga zOlSkf&>Y{q`n09=BJOM|;)DX7@C`7OKM~wxUX@?Z9Z{v^Js){KNTpLwv z8FNa(Jgm#erOLzwiXNWkO6^S32ZB_N)dDE>7Y)uFf`>%F^Axp-7@T^Hu^5A)p=~W} z#GvW?nC4asU2s?>H??`KEDfo2N~?sCc>)DEpPHJBoA4#f@kD1t3#Pka1+0aHXb~i6be@fXGK(8gDewEn&u0 zpU5R`(vzOC$Uuh8Ipz{={=){Vy^%wwcsclrv=#)y3{5dNc6`yiXo+W_sve6OJRHRl zmXSL|T;vK_K1&?|Yub)yp6-9l!Wj*%@ z9hWdQ6HotOU5LP_oNa#u=JydsU2`h=Bu=rokthHGIHA()m%UUoZO%#DHCJ#H8IsHO$s4hihts^DF3|7JtG<{9JcDis%RULax(;&@1(u$D5bGD14Y z-@u;#_dcqyn^e63gJPy8GzBD(`*FSiOVji!@x~yltXB<5$ zPK{wfj(RaN`MQmystO+QG-5nEsoyej_wdm45Q9<|xb@gc{9NcoLb#zB^zzkBm_6Xm zP;TkMQKz~vGri9oVCmOcBn}D7^dnQU6rE}0u`@!g_k?MR%|otBl+@f+-Ws`neOVdp z5-oLWH~x8gV|!=4U~2tz%qU2sp>jRIsLqZc+)NE9NFK%EfmEW#Pk%L-7-2=qF`!k{ zt6aqat^^WMFLSVv@HV6Bgc`S;T#X@07#&a!p0U@3;qq_8O2;=ZZ!4mFccYq zX(p$~p=8b+N&F_1bd=Sdi@f1YXsR8DjAgs&po`BKw>8D=oaeo$SWF$wEOlSn%cE*& zk=vR}zxT=Vqku#fT3QbR7(m~da^pl2tiyx2+Or~X+MJlW;>1Y#X2|6uQQm!AG;TWG{pgwKj~mej%N3jt zmo32iER$Kgh9!6ZZo{dsw7?4WUD51j{F?@jwhy*O365+-w$k1}+i|8Cpb~vEa$|ZY zlvL`A8WRZ0SI13lp;Mqs5wR&9%RIv$V1JS2k$p47PNoedd>r+S4?Jyd7K^)_S2`~1 zp6K%2yl#a-S*_X?X`a64KiM?aWy1wtTRgh&X27eF<)ek1R%_S(pSE36&)#)e)ko9A zDbOp8i&F)XW^TB~;>;-c5~DD1^;ujm!o#s+EYkb=t3YxV=3W&BT$)VLKms87Y|XuM zUs<@N;;$r>aC~A5%Jh%$C-M_){FCoFmx1pQYDQn1mz~{<7dSQ<79`3hpkZ@s$H@2z z-xq16?$qNk59>0=B3Uo848}nwR>0;3pI$>6QSq>ETxa@4tVKx_*yt8`q|l<^x8@kc zgnX4jXh5`39jRg^@GD~UfeNCXc;G^TD#eafth=~yyGSuAq^nKQOG@{@yW6o2c~$Cq z=i5M&Gn?~E+eRVAYM?^AX>b3t)Cc*RHu@4MTi5Icvb4`W85WS+xHh{# zb<0kll?^vJWq3UcBvwJq`G4D_3d#)RCoW~m5cCpq)v1KiU}3%q2TKQwaRHRj5+Sk_ z#e9G|Gh&W@L`}l=H}&46dHnkSY_fbfPz-_B6x!xmQAFGb${h2G1^3{w?A9B2)!;}s zmcuP?$?EQRRRj?o9M$4EqnE$9HIW5d@$khdv9>x!YX5E`u(NS9voHYnr@C6yH+-G1rn6PMRU_u6N3@{1s zxd)($lly2G55@;M#{F#d_F&D*@!0pDdT{=MKFaaUJ@B1Z4l1g~W@#ZZS=U7Wce>Y~ z&rOrX5~0FL?*fIdR=c5obB-qskcF>Vb z@kq(2%|g9lsajOYbg2}fjlsAxGE50nBS0{EPn`thBFgZU;EXV*)C$CWe@S=F15US4 z_8`VZZl!8EE`b%BDAjh;z*4&CAn?w|kLIOg<55#r>BxgK#Kds>(odSHP!;c61Zzg6$4jFn8iN@MtC-j6Rj-Hy6C#;vht0zx1#p3OKmlng zfSF9b+$%rL0qprM=^i?P4W3C!9KEK2mG#p?k6sEqM7@MeUWT+~o4@ z&+PqV?*-lz?bB;9dc8GDI9Ky}sz;6tQM`dI!Q_>}CZ<(t)CA+*n|^43HF$IiidbbkSAk)L+Qcq582d zZ(`}snOK8oN=9ot1}sl|iH3uj`L1T9yp{aaU*yk&_=0wW-!8)W<*puwwdMUj%dPPI z-Hqv{pA)k5xW&+Mev(Dfcn~2rv~=Ud4`HC&{}oL8qB!51%d-&<5wnKkc^QylhW5rV z=2{p?QDdNz{a~OrNDVFgYmLUtDr@_7Rr^d@^ya_LhjQy5&u+KCVR>z3A#L zLGjv#(%8!z5rqjqJqOIfR?d7RT1sB+Z@WHo?l;>nK;|w3sBiW)6DDq4*CqEnx*})y z&gzjKy7od0Z~gTS+YRej*Z2#92C&xnLWNH48W$(VPIl8%!>M$_tytxd5td2(e8ayA z>@X9C%@ZR5@(E~+;FQbtm-7pIYD~>6O}BpmE3df5f}jc+1mKpIuF})XgfeE3jLD9<{vGL;&%@HT8^f{+wm_1iSVFH6 z=HCEf+^Ec&Z%uu?(8k$q$7WQG{*9?PGMk}6Ot#O}?fyAhc52^WvP&9Eh=c1sT65mH zT{bQ4&zYc8w+%z?=DoP5INbU8&gRUdWRRy%8S!vMt6^~EczQ1i4R9O39*kq~W0Ms` zA;?vpcAk}PKOwKal=n^zfUrE+Mn*~ zIJCO4j7k3fzw>ry^{t<)X;{CYqLOYmuPg4mIENmH^tZ%DZOU#w{i-x8=x`fG{9_P` zQ@B0*asJPSmCah4q?kG2^JflN#8|kPH(^3Te{U6#RGvgSlS-u{ln-5jvA18EDqSt8 zSN9FNGI7|iyOt@Jj=Y$bDR<+*E~oO%51k^5rZi8{gO8_!pqzm%|AON)Qdr`vHyRm! zl%7kd>TTYXCGGjIPfk&tE$TY~@vTM-xVxPMvz{*5p@DhtTW;vL15>6P8W7=Wrd5b@ zp*_R(2UaUhW>}~cCZhuO$J$U_1hHk5E*HL@6pca>DG-~~fQ*q)jZI0K$r4?fFsU0* zn!GF4z2Gn68(VfL4k)kJU%fnVT_S1Ftm4u8pw=ZuhgvkGI`+opR~vM z(y`N7Ty@tOSjy=Tvq_GbIL_asudpGD;NBY4$w$8B zS8*Fx-ugn1&eJ{&2Gyr5kjGyoe|#j1oNj45Zf71(ksbsO0^Sl2b5HQ)^X(X>#Lrxx z%MJP?Hgu*cIN!b0!g_-~kemYuwq%n6vhlM@$EopUVDjOXC=)^`2i%R;^L)p8&cr1_ z<2%+atIj{})^qHhzRw)po34s#S-H>GErXDzk?vvv(KSpKw zDP&URA{dnt!uEo~sacdT`Ff|Jz(y`hGhm`-Bp7H5-0@x)o%0lDFBWm$r~7 z#vt-u0Bsrl1^7i9^BbkIkGcCT(B>r63~n}0aljq2A8=k7?(;JjGxr3{C-Q9 zYKD}NI6=)|%y#BoI2!&)CLgJc)GIHMTu)z#hFRg&T+l}b-piU|-!5qW+|JjJL>PJz z*Of67Tt?2E1FJ9e+^;FN)3(0W{5;8g@c2o~b*iYik#S-&paR=(;V~XItm#TL+)!{3R^@y>7r0i5xw7&Ny7zssLM%NNDHRhymfF%n z2ah?7Bp*B|hcVg3jfxg@U;Ww@o24hZfp=w^fBB#$H;#xG9!$WBi<>Vr`ue&{ZTBhU zfWFc@9&6^z^Zj9R{hF1-N70ViZ^Gbl$l_SHr1##^BXY8Yx6I|P&ZAQyFmTjE($Ydu zkUw0OQ4@@h&Y^1o>n)Q)|4B~%9|LcgC2OJ7D{9PW^g3)MvuH;0UrdCd8TimH0ThOL z^P%XcydR|l_v`X!qN`4&kmwX78|+WS(dKU(VF{wV{g$_90qb3J&<^&p!&`kXTJG>! zQAzLGo;zY+MR|zm;_m5AfYH=t$EyG0iFbfv5vpR((Pk?9CS+Qo+Jk3MMwYlN3_xHI zwZse{NwGjL%YQ?!$fV8EMow)ZrV5_CafTy)!Fsq|Rdpwobc6)P7%9EREJc7wWG+Si?3`}VoYh(Lzx@PVbs zy2^(BF3ZjGBiNij#+E+){eEU=>cU!+A5r52B$aC_T?rqZOXqXSNDna+e*T-!#4xXE zMv4Rh&R>jpugbk}xhMdnScw^ONkU0&d(mMhw}v^lHf=4Mk%_baOcbg2U%;d~P z+ajs(h|E!(dnP&eyUn;}Q2FZ6-}ps|qd-T#k|Q*V0t@fen`$n(hW>dFMiDr3?9GU9Y0$*)vZIxuX6Z!eXde9MQT8SJZb81I^*O&$^B35rXZT?8UKe_3a@>`9} zxa!Wn5By>FRMW_%D$7Vfp$q#41%blLNYH^1!Ec;NgB9>MsLGOFVG2Z85(o8!g$+di zcKNu5p~TkQ*#bjV-|ok4CC`2B3_z-nUBy?99-^KL_f6z;MmVby>U+WM@EW9}wP{f& zyxQKA&Tf2S(cuQ}`^E2gS5o3Ou=L5TznwwdNicNJ_AYSnDJ^*U-0PoN_`G~UHhG5x1mk)F~NSz?U>0CX%{pm-UAgUN%k<#O{(mPLE)wB8j zG_GZ)GtfDH`1Zze7183`(dD@x$Tan!H!uDd5P@42bew6i6B;oiWKyo4gYtP$c z0TR24;*DROy_L|+Ix^Cr{W*MihC=%9Kjm6NXr%HnKR1=B{J@PO|IC4ZEY%dx_(hI9 zRGJ3UGVv7^VHl$l)3%?8vXd5TsM+ZEsjl*h-K(6m50!_PU%U@bJ0~I8OUtK2yItR> z8Z-Qzp^a5Cx^wcHI#_+Q1PEG*^BTB=+x3bkUB89Vl+?AQ5u!=)+)#sL{JJ{q%T^3Yk)S0ptrJ*HOYu2qL$v z1Xj03Wn+HkP|>Z^Vh;UWMvAG4Nr36H7x1OR+G3VufO+-%+y}9<3diLOT9wN$_Z=o7 zQ@#$5_gBt)e*qIFu?6!VQJw{-G6NukX)Jy@^;`FOzxCLu>kr<`U6$KWRNRoDX4%$V z&R;;QKd5^5_O&iKwQ);7z37iZ(894l#*&z-TW%JhD~1^IQZH7MeiJj6`b{&UqzJ$&U{MDu^7gPg;x|zo5nB=TCmEFw4M(OK0i+}S3Wj)a2Y>C_1Zh3HGr0VZ z{N)oh({~r^GW)`C!{dHMqik`8h#P;;Zja2TK_M!?`2JQyPA|H1)A1*!T}sKR0J6|- zIWPYQQ>}Zr=@swzYz1mEN~dzZAgbw$qA>OAB_~a5C{Nw!TfUTSn0$3q87xy1M8f(7 zzem|9F*HyB`4n!=M(;F4U%_wp6R5@N)tPqCt-NoVJ;xcsEqHEP@a%l2Y{%BI>gN8R zv$*z;sK}$|zHC@iYR{ZzuitjvgWFC{)_QD>+ITo+k>73nfvMbajo!e}UEXBgf#l20 z+XwNXDT#Mkrh)g9Eas=(l4lYT_rX=pQ<9Q;=NYs*I^>aqvpTj=QSj{E4QrR1sHFBD2J z)<=zyN8_5^;IN*LH&LG&R$7}|0v%XWvN$V*PY8~>T85x5Qu0dBcJcc&bUqcH$4saqZxXE~bm>H2R;UR3cURQ79p3BvWQzw- zU{??jXvU_TJo~ntbW1wkI3+u$l--zWEx4w8f5>LADP5Y~$YbBRF$Le_1RWjvOI-!p zZcaQb2KbHLt_y6uGgb7vPEnj*(>s0(n%i!a7m!crth8A5Fuqu_t;>mo5SaWB|8INA zFn?I}yOd~y0V&&GSD&EQ?3&{NZu1jA->iDh z(>Ml>xbCSHI4Nk6;i4tTdsIhN&~>joE1v||DfZqx(fzSNQFhdD<~Oj7)8FcB_XmiN zJ{Z#OufN;>Xi_+Cdn5jw>Cd~d*z$z6A$A%l{kWHd)8Z}CMCj{M_pglj%C%WEoY#Lz zjWyn?`bD^cs2QE6J$`*HX=X)r5zOhQn4g215C2e9Q!uURFDNIZKKKDlSX#lgNRf_dy52{0U6#Vs$Oklrq1W>PTRQ`1pbqtZJ$hu$onC(x%z+ZQo*rGW|({x zC#=YWb&M6kGwiCrHpEm(oU^G#f^>lmR<~bhwb>e^=EQ9Wm0}QKcc}4VE$mCk8|17| zUE}=Ls!TC(aeprCeJF*CD-Lz@S(nA-2cd;3Gc}@{0Ts+Bz`_jq-T_ueUv2%`w;7xs ztbP(yFIs7T+v-Yb8m$*8)mr zc8-K|^>@%8_lJHhv3})IAOD<)=HMWyz9sM%pz{d#zHj~Cma zm+vI?yuf6x_SO_@5opB2Jb+ zDf#j7+sa*Wmg$c!k6h%Y$?f?NJH4KxX7-YkhXVY)_xIS1V5jWd8ZRoCdnY+B(f&~gw0+m*IUhY$H zc`i?UIT-=6JQmtMZm^Orq88zB$1vTlbY*A?33gdlAw;>QAz2ZChN%?G-A0! z(az2f(L}$VjWncCSwmuyT4NN{h6zam7?z+Ume3@lb*(26khhLs&ea)WTu52*H>w)0 z+;qr$=E@dv*gvAKHLr2Gy(}BTeqF|*oQG6GdUoI|fFISEA_KbBy zEasc0bpKS|^4212AJf>kIq#31p0sv6*0bmRAvPotU=2eI}2E=wOtysPgs5{Yw80!RJxk1U&}ns-F7 z<3_sM1kW|@nWw#TN(zQ@@T-TAsV5esh@pixi})8l z0*gNY5I1^lu#iJNyff`&%qY7<-3AgN)N1fZl=bn{G}q04a26vA?kPSIvMXWaqv3q5 zSM1&%lhQZ;Sa-=Fdo`KlD-vzy+g0dRuwv2T2s$|JbyJZUpy-&Q zD^XE+^BciSH1)7Q(-k{&&ZFjUGnz;1*0*{;X^rS`&i{}HTy<*W{d%f04E(2))>+J3 z3o9I*2cR^gg{e>{4=8J*2`)27u{*1Kv7L#81P>bz4?VVo$cLSLD{CH}m)t4FZOuiR zrfm=Gnn!-6vHo~zWA5t!Z&71Z^!y|DHagP_W?Tw65E$bfI=RxwuF2`bq4@F{lx%;p z1mzGAaP$}*v2=7zMN9b5lpQa9_#BI{33(E|cJ}XDUe^__**- zWsy>+T(5tkUZeNSsdV@5*w)|gB44{O{zP%kIWI<*b~DL!BLTrVJgac4wdcG43rOhl z9#3CAV^2DMF5D3BPB`yK?z;R7@Vq@{440Z-TZtL_{il=R?Ik*#dUR;GZImvTB0mUL zpaq+0RGFpEb`Uc%;u2GHVwt2exz&q~{$`@Jx6e@xU;n6KdcSUdMO5ac@GygL4;1jr z6vw%m-0Mzy^)>-kl!z-;XU@u0rIN&5Ju28OEo#%VgYa7ES_eg2nRx$l;91x{ex5sM zG!%d7=f5}012MZ~$jJzBS=!ul>LePheaaeo60N)D#i`=!+8iNO#kOFz&p+0=tS#ZX?AD6u{G@; zV&A{}b{j_qz*CUCA&K3}R}3V~GPNT?_)_xHcoyVTj6wXqrstA+?@=atC5XQO`JrB_ z?C&{8TvKL8T_LExT4Z)LoE@Og?=H#rxU}E;q({4QEa*Qw(fEu+N*o_N>7~(4D0ZS+ zla!gfofHC=<5KFL9T36JU4n~C`Y$K?)A~LWb8s-Tsv5g*Pk;X&`zOGX>duyClx!{%uaErcXn3c>qVD4cK10{kulgJn`i#QD% zme;Kxkh3*2+bt=m>TX(6SW}u8Z-qB@=|TJt-_@Y>%#*K(?kKUm+J%eUik&B6+G~@7 z-K?%r4fu&)px)uCi09cclQyAs^W#&qh{_+o?H#L{&f@BO%0;6=K@yOaeMF=Ivz`{j zVry$-b94JhEGkPmbQ`ig(tz}h2f=6K%Ob|?0 zC`7?Q2NBE6sh1jz=a!dfZ1ss~v(vQhp0Z){I$))i*qrsWUC=%3k4l#-g58(L!=~*q z3nPh|Z(2r=ghNi{Nabj7u(!W|puZoH^RI&m^j&JnN2K)Z{KuHT0yezjMlu?HEYV&# zcha;-^GvyE55LmhS{0}tNFlwP$z=T71JG^4muhJ%rft@YZ zPPIN6iW6&c#^+Gh<{e8hizzyAmCO%rP_e3(_9qE8HhN(;9)?)dvk2`(M4@E<75(*@ zkwb2X#+aFDiccj=z9|eV=$JHq z_@Ew}oRseM{;q>39aPyr|F0s{e2Rcg6mEAXU%l@t9whqV_XYAm8TQqnL&IY8zThlC zX!;3nI~A4Jcw{y4^o~nDit_MVTIK4y883xGM}Gr` zFNmi+*&_*&X;-3?F7rvtC$cS3jY5g9^yjBfRN=A&f=Xu-8vFYty)-^Y@?^pd@TJ;Q|QrOfT}Ugy~#hT!qyPlhjgTr??am8ooBiK z-V30=?q=HW^c|}6p&$D1({bgtKiRPM`lBqZ;Nf~M7m8u;xU29wwl*9a*x`%x1dGdn zkZDP2ZTnD%wv&hxRpl|}V*9cb-4yPxW`{TWY3;+X$hTFh#wmGqD`y_bP#R&G@%}8|g4CcSdaFD7u7jx8QRO(cvd7?C?8ef?o^J%F$ zTE|DuyS~;VxyqZ0N$(OtOuFoL9d9mnO0pi&dmoC5<1~7uGPK>TE<6b$yBO;41K@vr zOg)oisp_~BbAJ9hoaxT-`>$C(Rj9_jMO5%za-xpGOw&J$HIr$-hY)amJ%DF`N^9PP zUb@(o)Qy=r-aM!sSHD%jPD{K?TND3Yy1rxH?6h>$G9sb!IYK7tSk9ndN6vzV6cpV7 z%cr%uJrB&(ZR4zl@oO`v54f&0*ChXoAY2=5yA*c4;=L~(1NJBU34&Kp@p$KJA52Rx z3{KOgP2X?3uMV-Cf>1;SA%r~U&>LSro?O_oH$oTcs@l|I>SANIafzD((~ShFq<}yM zuZBHs&D`X1&$t41-8W`+@>H+Q@;!zNzu{Ux30B+uY$Ja$8-m!^@pM zXXhzTyy80VJxX=h@yf|J^1%NuU=KO%yAbZXkm@tkva6(K9d^ESdf{VVagQ91UiTK! z_mD5?y{O&Lq)60aRW;By{%YTJPpKHh%>1N1fMP%kfxE7njI!(-H*Z60Cz{B}OkscS zG?F3bof@sHHa54^z8#&Ozc^1s<5~AL$vIVK8aa~C2&iTTW#7V78BQl^zTH$e{#QsE zI_Le26Xs*B@iwv_(d~5GisFF`bYRT;rRJGj`nJEM{o^-z#7ph8583^Yr}DTZ&I0f9 zJZ`z8yKVgmY_zk=5}zPaH%KJMIQ00HAHw*_et>zQLoVL?bAB#wRGA~is$hpJOS&Km8C zX*W6#N#61UKX~|-^N_RXl{3uc=QGa0&+5SH^?T29Z+D6D?LdWl6OF*Ey@tcQ41bmg z_``X~gGQpg_`<@+sj>bBH0c0dnY-6&rTgOy~ysnL$N ziw2P|I5$0EOj}+&Gi|4f5Nd%#fuNT%^sq0VF6-y-7lXMlqKCRL#!~&!tAS#`M$I zYgad~K%mV4Kr|uGq_upicoqGGI;YAsMI#JWUXsbtJJ(@QQNbX(EY7mn_T;r*-fEW+%uG`}Zj z^B**EdP|){Q%{1B!2r`kjP;pX35C~gglx3A>wdm7@(IbWf7^Q*pw4G#U34AamBk}mq)}b#=z_Z=$-w|Zy8B?0xz zG@RU-m!fvs7QBfOv4uJOX&)8I|?!a$p zA?m(y-;KYf8KEwXrJRaym4g5{`BkkARmz;h=%rA=k8Vf)Yn;xt~53|2yplDS2U?IxAmlpo~(QTWP@*z zFB#hYE_7+9Eb@P{SjZ72`t9`rCy zX{>V^UD?(3^%vpX75A7G#38G>${Bw++pjmMb6*Y!OxgO7^D=*&X^7KZ<%yuJSg1 z!64&fy;pz-B9$9T6P7Z`9pw4+Q*5s(Tc$e-`HaPlhqjz=f{}HCGAS&$>GE9oNEq$7e7Y7BVW12|PVh&vW-4|IKMl?lZFVRvPNJEqzGXy1 z;N)}6mm4saw9T~5Q7R8Vq?MS~9XzpDuI=)@Z`{ODnd$VvE)BVJQ%nD#{~-e&C`_ke zvqKHO)7dk_|8p*4l)BsA5cVzPTWr9(OI`*etaaRQkZnBIq}3-pt7@-f+jP-5Iywxx zWj1^4-Du-G!OK5sFXSVRT|LrB?D<7Y9>9MnV2ko_A=<{`V6 zp0)cI%Clch(B`JU$7PPx+N~Y%e-V#%iT>1WSR=DUyOz8rzQ0}Lb1tI4bbtQ|+gm`H zoptZu{Mlt}>OQ-%quqWN75#it@2OR_>TsZB@sh|syKHN9sJy{!((;q)`s#>l)?Wbl z>cyElXKcmLf*Ws2q8;b=?_rfacY)F6LL#O)8I$(wZD;S6GG4Joj~^MfJ9_-0ik>H)_o56;g$oJHz^&L;h&WXeKUR zf91AKS(x$1TXAg6br)xuZTac_Lg8gMS=g_oE@@5^2@19reFSetmHYNFtocZry=eXX z`rYib_arOVv5NqbvxWtdVMoB+{y|wk{#9Ceb)zbcLnozd{y+@_CHtKCdJ(j|0#v#8 zm=^rUVj{T_rMMtYw3{jFxUbo?M0p6zUCU$ggH$U70&hAkTAe);0Q9LP7hXmlaNAc*PqTz0?OqG9KKZGVExHT!0+RV zaX;clYoK6fvrrKAr8v#gCsxO94pNtvS>Bm>u}IB(UeLp^UH0fyfG8g$A5 zVZi!zbL03rGY|_AR-8qv?+$e^9@Lo|>o_$59PmL`O@28IH?58}%ET$_C2{#81Z&0@ zb+hPO#={%fkIwb2e%cOkhrsszhC=3CX?@>`{_7^$^&hQ0{J4@sM^`m&#A%Qcu zm+Bg6(s1a{h?{*Yg;5cktBy|%^{9nPqs1bNZQ1gj4{JCR@5ic5T^bjCJlk%?1K_IB z%O|UXOi9XO6?xXIG2C2G#D(ZjV-pB+N5PHD+Qt_wihWN+QRVf!fzos0nAU3LiD><{ z{aDO5z2i_`^R%;#9TE#HeFTdL)D-}ePv7x zgY+?7A;K&D3wSLI)1;)3LR!_3IiJbv;YC6D!p)YQk;8D^@WV znfa)5-u@R*DozUx`M&IIKeT9>0Zi};lmBh2pE05Esl8ojZqHPli-)PM($|4CQ}w8d zkS((ublhe&t+eM%FL(U2 zHK*lCT^~c|%u=;n8Kd>nu^3^ya9k0i=H@z>>fqjFz3$=ZdzKs0QQv|+SL-dUKmHkS33jHF}VBwCUdGY!g;9+U1Q|%WajqWEC@R zn>$jA3s!7lk|17P8a1By{Y} zz>er(hlbSJBtye0`^T<`tgh%o+?q!$X4(;aN2S#7jN+5M*V&dO0`-mprF|*YTj1xO zx`?c&@^EE#^8M+IZK{chTPrhL`c|6;N>2a;0#n**i>LjM&i(kQbL>p5Zw@mQ|v%r6&jO$uklCEM2=|8=(u0}yje_Gr)WGO9vk(oXFPOC0~ zLYT5HBbot>t~3U&CH@TrhZO*2z!<=U-*`b%fLKBS5*iuHa4OZLc|)rOW6M8Z0{OgR z%hl}^gxeJp7i`>f*4>vJTi`2W$MP9bE!)#U$$8si?O7Y%pC5@To(zv@*Rn(;nc+9s z%D{9Jo^Q*dy<_umCu2G-j*B&p&nYnjxdze#K3|9xfE|&9q)Grg7G;9pn0&GnB$#|s zGiWqQGyI{6RB5hbx2FCrhSt1UezN;y^p$iTg`}QzpFHJfJ&fa(bJ`Dt?_VvpyjT19 z&U5pNiTTh$>uY}nqM|3|W7^ZbfaSxCh9u=TrUJXsl*0U64lOu^E04w3l;19m_lvz< z`M=t+#?sBp__i`9v3!W2QN{&i0Hcb32c?Am!VFf*PbRly;}al5PYcV5fx5cZyYl`X zp7ndUV9SL-FHS&Lxuxv+>(@Dw<{7XfpVN-tk#AF~MW{3Sy*=rEA=5iHZvF!D{l6E$ z9UAK6hTi<@gU7y8_9)KW0SK<`h*Q=L2uqNW69&Z0 z$fDzT)yvC_Q>CMMy^>LmDoPI~H5X9Q0SX9G)sJnF9176{ zqyLPJ*tE2J{N9=Nq;oRAexVtD;-zUmP+sp6 zV2m;ydUVS~be7gUk(CG=zLw?UrXP%T;*WlvZiY@q9-#$h3|5O7sr#=i#z0=0Wl^Tr z{F@vb?!S7>gv@}UTeGOzv8y1@!2jXvt;3?~y13ypFe0Nv2uR0(BcODLGzf!~f(RrCyyUx1W5Q-FhxY=hZpQ#TcWMXq(MoM*u28qJ9f5t=!&r1 zYh~QlPC)`;n{x@yjyGQNE{@E;) zVXxN9_sOhTtuVgANL@7JsK<1Q`C*mtlF5EUX`tnp&3+k$rI5z^#2DvV%@H`{>8OME z2RaIGi(Bit>*n2!WA@2le3+p^*21 zx6ls*yrdg8weG(%)sI^@*z=G5RaLSDQXlsIIBkxWAEnL{a$VhVxAwVja2Z0}XLr3l z)-Y|+K%ltWC^leUzhtx!9*@0G-0!=Qb*7+jU%TK-Q z%gb**Z5A)Ij8K`5y4(<$*99t7ZK|e6C+xZ1`PDQMFnvl*Mp6I!Qt2;1a^58)a@y+5 z-IJ=kyklc^-aDCWHo?{_ZwW_t!o?duDaLGZ;}4tPobg zd%El5%jZgynY-*}E3n;g!&6ly8ng1ON*%%dfSy4b8iD*E6U@rlhKfWmkb-;XP+&P3 z{PY6kA5|x=8g1N>dZ} zzDC=Tu{Nw*mY5q-(a~XJ-+x;)W&Mo0(ZME=@kY0oPRG_&)b-gxYt|L3Np)m`ESrA$ zHz*nn13Nf3AcK*F2M{BJ7_+yVKE1V@7;GI3zK=r&{G54@8-jsF#}fax>Oq^)=RHk-&TJf zx>h+MW6ua}d9u+g;4mdxx}#au$XAJ?$4J70bfTPDyt6%RYF+aOk8#`Aq&0c0r&{wp>s$Ap z^5s$SR#r$Ak{sdzaI}=3CETw714E)e;$p#|kHg<4SI$~-znM>zJW3qgukPzz&-@`2 zm6^7BWvg-;X%lXo+%zyZ5je#!PEl6IAlq!%!1KyDo{u0_i=QlNC^kMZRd&I$`&com zXRzhP%EQs^NQ@LB0^x}YkVm3X zaEt`lZSE(VfP1ntF*S1y;)y=mL$izzw*I7RFcr@Ism<9kZyTB2<)6Le-Yv;6EVex6 zIjDTDU-bT-vD#BBzi>wpLmd+x7aMVzq!YUzBiR-{FDI`Or58;+D8MOg&dZImtGix9 zFr*|USsz9o79bDD$Rikd@t}Tz2n;#Wk`jXS>ww}&A&9V{$O@~HgeCnL)@r9EA+I^} zo*&L-ksHGM>gQLd^>NF_Yy14}v&pWeCT`uLC3Vw#r}eyoe!XnC(H1N}r2CH@&UmtC z^~O}5bb8?X_WX%Vv>iQ7XJ6`dj}E>`oxiF(B0>UHibqB`zxv^XkAMs($whSa6OSxzf=7QO-d2#!WvKd3jLyZX5EH|PdoCv zMr7_UVV%#*ORATqGak?As!o<-yd1xaDvY%U1(1;IFUli1+u<10>s~k_5D9{lH^CC} zNNFf1c%K5`B*H~j&rza)TU)$I@@<=PD_Hd?_J^peT-6^R1@)X8Swu6toqF7 z{B1;hY877-!B~c}NBZrAv5lpe>EmwEh@G9+RVan$h4nOpe*HDiB5PlNS640y|8de{ zc%&mhyq{6FIU9W>(7IHQ!hKq z`Eg#C1PTF76z+eN6S;FgzwO$)QkL%Yy8G%>7k0v7Jm3|($1!R_le|LlFkE`#0W}2@ z=K(G^N(O`5L4iPjL>dbxqW87waX{sZe^4%^kvbybaaQUpq-SQ_`LFDuS()1W9?Xtm{9iB3+a9INM@A@Vom+(P1xKiTt z5G!%>3l*AK4_^i2WcQgl(b_bg>b#`hAqf7#9Y`*8-bHyp+_cuBVB;j6eKJqbhworx z%)9Kt8q4oLn)w5uyFb*DZ%L3JOaz)jY$PHH8H|mLzzxQtXOI{NV+?`tMIMws_=m;o zg{U6>U*4YxdbWRUiufjM9#)*uEQYAds{GKQ-&o)%y3%3wOqH%bb}{vQ^fjjaLoWJx z%&Mhr-`v`6O>mgduB&|7*I7}FQ`>SZ-Ux)Vgo5NQw$CF1b z-;NX0twm!e91efaY?gES}&NNzwMRDI{nzyniJD#i9g=r6|E`MMVf=!`loBU`as&6qWKB z(Eu9q9ejWu9mRtBL9ze<)wY8oCMHDr>G|Ox%%He{05O;;Ij+)Ed0yU5YzZKP=evJs z78HSl004>6V1(osRRfqcEHn#1f#Kmk0`Sjv)>r@`LJwfXg#w+tkpMGH4-4xZbQFX$ z0C_BY(XR~*A{UH}vXX*g15k<4_Iy7G7p?@S6!`=>La)Sc6b}wQfP93|M*yg<030m6 z0!|bp3xXG61rh$@fq*h{N?;r4LHz&#HX!5&3D5(hRRK6bPn_@~Kd8TPcM9e80|rE` z)d3PD3cv;Q96(B-8&?mO3xn$`MQt@*UbVv*@!gF#f-~Y#0#Zl`FhlG(J$k=RFlGq^ z-y%nIWhHGdijm5BQ4%bmg@F^2RkL1r$!~{@HEZur!1WPGP8>LDgPijo z5l9Hb1huiewXXj)(Z(Ex(%RDp}j>9<0>PMLcL6E0V;z~Qy8>dt- zw=q45thSnXbE_7k``qEogUs8Hu^WI(05BB5^-+Qm4sfd zO)YT@uS6|Sr`?uG{>HL$Rw{?kLzojf{JF3oUjcy*a|+YGErQq04~g#&9yz=_(HYTc zWl8*9YuR^r(NM!5$#*J~BwUz3K?J+QoE`cV7l333*naaC8P0Czs|F55$TN1sUcyw#Arj)xHeBB6*w3oewtUY$ zJl@D;rCnh0I=O;8T5tMYnwjk!!txt{G!R3uAP7h{r?fOV+$xi0a3tr_d4Ii3#UPeq z)ow&}Ws}3&!`uFG;;`e{pNH!C7spwEm3cXel4zaWKNJ`Ta3)oIy3+;LTJn6NBCI}* z944wCSjsjoX?W*;8u+dKu=zAY%MX}&380BC00?goE)F&`wL7z^+>80r0%1L`YsrD=F`mHCatTK! z-@9qLN%ce9&+v3@%9+Ehl{Pc0EGqyy!iSaXCk^4+GRpAH6qo*Ko8T=$jon-OPa^R{h3G5PZt)pusK$x<7~V&@yzETyf|)2nNJ z7WEGlWU5NMLi$f`5b`)g%0K5%0~dIs<11sZ1I;20G=^w8Z)%eaEh z^b4Y~-Ub<)Uuldb6*Dm{oV4=%c1N#5+pHNdbczQ*^jB5#9v(00$J@L4M9ZI0F()1Q zH>jyw*L0)Yf6_C--9tZeUSaAEHj@t|5kuh89O+US^Db5y+oXky}a_+5ftqGPRh%w506HtKhwHJ z9G7MNfcn!{@GBW$KDg-$tb)UQo8X$aLxcU#S_?ZFKFs)G#H?0??q6UE%6>7N zsWqnH$^awpBAMN5#eAbILbYr8#WB{#l2W6z5TfLcz68i?DtFRZ#Jveqe+27QZL?Z zk6OadX57h~RX9(s@pVS@{9gb#satc`%6Kk2>IG}=*R6i%zS37RI_V^38k(1B{UHwg zL4dd@63rf!aOq`pV{IcE7}fBL?7=6Z{7Uu(8-_@;x- z-0{I-#VaK;)mXyJlw1g#r;ZNssj~umY0cQv!o$Jestu<6meNpBZ@HoNWm7jh2O}q^ z>)LroZ#om_2*ZBt3a-)WY=k_m4=N_~>fy4Zvj^pi_*(6#hhO3%MQ(>n%*TipEHz3S z9ZVDNatKh%2ov;!Q+_AC8{dQ=qwRC=&F)FQxLO+S^#4>FI5OQ>FEQbrBBhZeC2u>Y z7_P1P(BsYZVQ#1VvRy~f2%8q0u#Z)nI4{K8OiOx+0$gsCJS0~qEBK!>@U;&A+^&eJ-)LZbGl^v=Cy;)`mDPy-|yo~Ic-A? zS4EQTi_Ezjjv0q-04d)A;5vXs0`U9*n7=E_=O?jcHl?!xj!Q2#jzq4OR|Y;g75*-U zdi}mWKF!o!JO*dlMzSE>e{-n62YwFDNqh~u%({9bR z5?&A+0|55xBowxuaBk5T4ke)*Jg3fe9UsC_J+2yh3ORu%%exb2jq3>P0g&?Vgp)!Z z+&1RuL_*iCX#3YQT|G(6LnH7y{;&^qp)U%t2qhXO9jH(|pi$(rj5AUsLYxY&1 zOC&<%e|ZBqJ&K7lMh^y?bq(x8)*W+S0Md$$A9BPDf1T=9k#b8Mwf!$+W*Tl?d7&e- z&)?79xG%*IV$jf3#fEsZjiag)vD73g33tE$((=B<&R6)IVZ%3DeC9Dif0<@uj0@#- zb|`tM!<4t>pkNZp?!*bjgDU}mz$55PQt%eW`S7rCbF10ga^v&*(G%6t6s3o6g3CTp zH!vY*vw1*AiR!K z0t+l1VaIz#MG0K;P7u&b;NjAU!~+0hXPbedQs_r=0GqNLnktPY0pQSwX6L7v0YsI= zN?CVMH~@ki4nXIqq_!l`Kqo!OiqlLlw7|d|n=lpte?VasVCFDCr_ij2jA-x@Cn>n= z5h1R`7c{XHQ7$$iED*rq^}}Hw1&EEl0st3paMHLr?^*$tp%H_WCRjEJMQcAi1VG;G z#7SxWSarrvFBDK3fX0%@^JI8~ffunLM0qdF@)x*rgWv!`HpwU#mU#t3a5iTQwgDQd z{MH!8#ov!o{QN*L_X`!<1T>H9Be^$WFc8$9Pw$5!ije>?3ak!8&|G!x{^y&MTeMmc zkOr60I6rI&@4qV!zzdMVa_DxMt;v3oX7@pvO;KqfkFRobt1e1~kJI>-QUFQ<_;4Zx z5GKJQtWYH1kA4alHh+K`M+g@ZJt8UyR}$uH%3(?T;5TnQ@fgX7ExCt)`eQ?C@NkJ% zVxCe>JKwV(GQ+*gk(O^cwt1WwWtWNXz}1k?kAazIku|A8k&L6=?V(sd2VprelP{HD z0`#HXO6Ie>tzsFPtQ+`F*o96rNHltaY!V>_j^!$0-(gr=k<$B;UYl%Bh)X456z_Q( z;m{Ff-f!Op%RMkD zDJTGPI}s2#_U}8)L=Zd}FJn+sU9Rcu!-3?_hFFFTfBv{TtRFk5u&#M7rWf1q?p!WD z@9d000KpSTE6d+R@(Ag;c6uPKO!#^BwtK_n_K_{Z%8ixPZ;!}BH_y-J*?qtz zP-Gu}LQ#3RcX}SQ#k&xbd?{8?EXcg}Z?rm5hAqe8v@mw60C@6hBkvZ9f4xGJ@+ zKPQ#f}_c-_5NfN3^32C#3$ihPQ)1Ck04ASw=?fNSNprth+}DSn@(w%h=m9YZJ}JekcBIV4Q$`sA5j`5qJ@X^o zSMKA{1h5H(yH8+Fo>b%PQ3RNht6}XuAxATKqU>)>E+1 z@$|+~%$8+fcW!VvpP0Ucwxw3d>pVu=`{Bq7A(PM){BTO;TnOTIyXQ~72xa&DRZ_0E z!np+PzfU?pb({&Ci|}oda#Fsz(W$B)I=WcWiOGl^`JkNiW6}v6KR{v`KAKR>L*}MF z$WZ-R6MXAi)T-(x=&jSn>1iE|t(^9UwzLjhyZu0$F9oN*yza?V!&4aKGjjsxv*0jT z{ySSSt?@U=k_&P5Xx0&~F@wi`=pUbS<$hf5JW`QEhxMQ3Q>ML!ofnhP%(fLg`!F>V& z@|+t4pqdYpl%{jgo0%c0Gi9j_^cH_zcXn{${zyNIu$_}w`S|?WyY`Af%hAiXYVYt! z%vWTDitN)DAondHwv|rUJ@Pi&OxzI#ca|&K>x++v^_ToO03#Op`VhA_m8Z9`3P<*_ zSQ)KA&&CFoDb~(5@c2HrB>&nK1C`z#c8Yi>_Dr?UpToFIIRrvp6#|fZ!7nBkX()GF z8g>T;O4fSfy6vW(dt_n7$aCXmp9dNOpJE^LUOn@y?Hyoa(!5->!vO$!McF{oGf(H% zNR6TPsHhxRx9xX;y`rL} z^TeJD`T7wCiq!4j5abhipzY*?5}qSo!=9rY?|S9OLZ8HUN7s)*;}8ItU)gt|%S`9T zPHBFK-wn0kgauf(>XAU}NhT;Z@%+Thu|KtNaln@ylk0_=qZU{u|-s7J!f1u!<_U_UpEpz+yfbRS{o;#R0QJhN>Lnn_wui&SJD z`r~t+KGLBf*Eo^kbKbUm*d^Sz(fVc(A}!B2I@3&O_;`eMdw*-~c=5b_qqiV{_fxXk z`gov_Ie&&0V@pWwtIyfp4P$`v8fZ`%qgQ%;zzAdYfX)3i1MUyL^l zNIMGZOK zk!-1Ae)Td>lElBEc7FXNDCiSkMyI9H?#{Uo&+h|~nzlQ@-(9-ongG+&vVXpU~6d`#uME)pk1T@;e??&aNyV{{p-ID zdG5~F%(&ORxgo%1Y?{deL%FhtT~DWrR0I*Ll4ZUq-X`t2C7RMGc9Ecbbkl*8?o7L?Hi>@YuS)>F(LF!=k0! zm?8kgMdZOMYOmx{`$F*cTeL0K1b$6hl9f@O73)$ko-t?#*Pr9{}W0 zw6p4MmqXh*!BKGuY$*^DzKGztKP7aby}9{{{7Uqh%HwTqaJ={4s~|tTs&W9rmCXgf zBEVr-KUge;VJ!^w@a>{=M!4#NC3PQ3) zF6~#Bo(~ppv{s9&ID0r6vrDMc=2N!{HR`3_-30L>mQwD&)Y$|A){e$K!4=xXsXev| zTVAxScB?&J>pVdrrL_Avv^e#eVR{}QE!Jz;zi-G0kj$_4q$a+gO&<2V(uo$&{%t+f z`akKt7KmoBhnUn06oy(u)P)Wi2%mWnYZN!1k?NBO8iX+!Nu1M^*FXJ zi}!ew5f$kNw%#MrX0rB$jY~3lKXDX*^7Up?<~UZfREnOY3DG6NuC zYT@T@!dD``w3>4dJtV+yV}xNk|E9(A6Cyo)7aI~&TBa-2-DUKKd?Y=7!M$t z0jFRlq=QmMd=e^FzZ^fx!N1M%FNYa2N<2!`Hqi_V8UcMFCPDxL#RAhmQ%8SufB;z7 z51@AliHH#-oH!CM^&Z-h{^zf9AXr$poPPn>!uMV;olM_`(BEO8yKr7Q<5qi}d1379 z_?QnBavOt5$(8;KK=muC(t}|X7C^ZAgiDm*<`ElsyuNBl>->HqJ~~~kv7j@#tE=R5 z^Yl;Ayb#u^_}Fx{`qR@qUAw=4yBWnX;JexjOVvfodtllRKd*KzXBYL~b^Rw<>@Q9h zU6oxcEeUvOFM#Rn?*|rtll~uRKeh4SRP6~pb#?VF{om8cB{El6m$GmT*OR4b-$siY z+f)rN-Mqi^`X?>fEHt__zA4?WwXC+-pPO7*0AKi*7s#zSAVwQJfq7TETHLU`)c^~$ z2Qpi}ZM>blTAFrsJ=2}_(w+aeOjBLr+pP-AH+z?RJ7*^6yS^8Ze->_@(JgYsig`EH zPfg;e3`Pqji(k@y3+z%YEGtBxc~)`f_wM+?t*p(=x&<%PuBLB=%GX;CPmGL=tc_C8 zik9?7cs(XO2A0UqVBPY+fU+v4xS^x>9DDO=4pj~~Y7Uv0p^#x4mDGNMO%;Bdw-U~V z6vX6XROH>&**I&G@TEOu^5tG1H+3|V8_%Pe>-N~C+G$;dX>${wZl$guY6|Nm6_v_ONxlgv1j z=1CkA$_Ssx{h3@WjwPLMuHq#&yVV3sT?^z*7%Wz@JXqyb?@1;T2R9o20sRtE92vlg z{rstyYDdpsfDV`?xHI|Ryz{_||06v&-RZ;aeQ7y%3PoS=a2-(w6c#Qw4}|s(^bI)W z-8Aa5F*7|wUn^c1U8UV582fe00miRheVJ=(^M@8W*kQzH=vt>5P76z`)zzmPlU(#*s>_&O^UCBWR314T$68U~jYf1|ZJhA7M9TjEZF;^E0lZ8P*@6fcD`wWY)Ulr#DiY9EY~lM+^_XKrCp_!H`$ zc{NpbmAkR(NoT)_XP7}B6Lpp0u!Q~#&?^cvs}&`US=>oAEYCe1!2jm;il1|o_`-}0 z&j3%)He2!653QaXn|_DrML}GKJk6~EU5-h_pfTx#%{Dh`9RIEinoZL9+pn7@@CP^t zC^Nv>%s>wpx++Rd>pN|eFE?{=_iljDJ>J#VmNf)ZZ@Qw+?u}aNaS2e&M0IkK2TDr| zi$)nt5A3`y~ zDGT#oKuL^|pq;u0P*5Sl$7j@;l*D|GtuB^evby_ekeF~7GpGKC>-RnKC_FB4vPuCN?_*G(ti<{GDNW#KF zGXyJPA@4}}L=TFAR!LtJd5{k2uSzn$Z2uBG*WBFGCi5a;~-15%{73#%o=OS#yGTrUt#Yo+Nj<+nqz3~)(a zXMoY(2JdyoV}c$w2Rus(T4~a!g{MRQ`=J*{uy^mN$2=lD*t?V`LaZ_o)Lc%A!2f_S4)&e@p-)=W`Zg z&5%X6+)zKo!8)x@LP@@d6@n=>gsI=q_x=Kke5c)pZ1L85nTc1;z6Hn{^#sybOnDJ; z{eGw<>CW(~c6+|FOLK(zkkU^eK+x>bu8fKveOhd*zn#4`@lnezM%wBPyR!*4A~J_K639d^jGappOJa7(JQ_~M)FbL z)HNQqs8SOf#XVg}T`qe19PIV#l@T?>_rOdAaX+=43~GB!{zutpJk(wLk%x8HFzEPO zo8Uzb^Ks66S1uL~Y%h|5vqvy4pA85z~Y1u8iKnmvGzQ zO=TlbYWG#*=j_yY2mM}F-#EQ|1DV@93|YedexsyD#IBM|Uzk)3dU2%lzKcS& zkRg4=U3UMx`bhia>U}OllVEJ(Bc|nxZ|#X>rPx}ZWPFPNvbkD(*3X+ABa0rRH1yRhX77^Pf*L=^A6- z^Ku&KRZ$7MDRRklOjTqzMd8{IPbB{hI4n&+-iNC|3HOeTHg+H@#8d)$GY4PiuElN= zR4%sv?CsrH>ypJya`qT1T5x@we6993hf_6dIGNw#hsy2;23K_nv@X#qd;C3ZAE5L@w;Luye=&EknAWDsO z7C-)orPD@Mxk^hwhzfHW{ow;~g!OIuzp&{4eq8Ke%>JgxVUA0bCqyB5ATfpWwJ^UV zcVql^Fz6xSS`c|Li2BCA!?Zgra2fLt)5)e}Woy5v#D2xFd<$fvk7-59Q-5e7wf4HG zx9W8}0|dLIF0vj6x<#u@#PI+E?R=J#>j zUui=1je@QR#@=u1hTYy07j<`Iw2T~tJ7zNzet1n)%$$Be6P$94Uo?at8wa9S1JX58Lk*r-4T00ry+ZO8~0PF`*GB!&TMD0G9k31hl$Y+ z7g3d-#;)HJpyIh=%CFUA(9XIx8!ch>Gs9h1y=+xu;0$By z(T8gX4)k&b-Lu&FPN-q?KJIK8&oG^$(@8A0OAI^w71BSB%kREYXl9b&gyGt1$nxrw z@1@@|=>%@DGj8H8F~T$v&tzNELe;c-Lb%%EW3kb0zC$M8ZX*z^^u%ru z)}dHN$C@5nemNpX>Vw^!e(erB!=$qWLKCk38GPP4LJL_Eg&G^VX|QdsUi91{RWrF1 ze}cKt%5je^B7}W;&@S|rxIUbG>)i^*KIQuwBX!c_aMMCHdAI24POZtpj@dPV$TwmG zkK4_;hJD6Sd3}lRL+LI9jAx&j9;eg)%pPVGzs|hWJ@z5ik0`Gu{MjROX7{@8a5Z9m zy_R97%8~tFj{(I03v-^x=yJ#GjxJb^*(_mXn;;dwrGI^HAIAA!qy_fWi=OAhmbsTN z%WGM%pFs=o$=P8g5s0vmfHa4?$V=f}&$kZ=Hgq@D)itWU`SUZGSUuk2Iz}>UYmMK7 zAIcOA(MR_ryQMzp5){Xkp{n^|U_2S&cdE5Y+cHr)Z8(`)Wn#+7 zXd*n2w45a=H>!CfUOg*K%ulXZIFBCeU06AEYw{7Ni|(2Dteoy~T3Du7EHkt0$Cn#t zl*l~T!!_vZ{y2U-IRd+pxKB~Fe}(+`4sZQs9%{Xcg6~cd-ji*}JJ@FaVP-T5x>dFh z8L6kTe(ZjI>nol)vT=L~UI?TPZ5+FMwdityDiqYE>Hk*A0;t~RYkdpA9T-uX$y~E0&MB0j^B<;%8!npFT~Smia#Tr3T(lK`=03Mcew=zi_dv9K%|p;(GO9 zh3B5E(tQO+3Nig>N9lrwDYSi5O!4DSlwU;hl_KjaQ7_md&gOT%M@2?EqBO^BjBUve zY)xv4aRqpq?i6&*8MAr?#x&20{CYnBPc!|u{y;!}^G^wFra`r$dvs)aVs`Z_g~nf5 zt$}~N?YpFg4u97{<_C5s%q=3VmC5p9Y%gn^aoWZDpGN_rj`pbE`9={bx(Ig%NO*yn z3d*G8fegG)4(2f#si-rd~!mX{g(opWoKlm_gL)%q@)dshYlZ0|V> zKFALZMe?eV-|y&Vhf~M;xrV%xENNfN8~*WIp%SMic>n#uxhaHiRADB`|qbn3w__x=tnzJ;YNyIKygL(o)7)!0bOg=Z)8A?+ck4cvFPvgVB3Q_wg zMgAs6Ykrd8UR%W8e7W|8iN!ovV!I<`RW8j%&cgLB_{SDrw=%xqxXottD*KY}V)vX1 zDM{>$p?qn*{xAtSeBm8q${2Oon&J=7hp!JmPSK=lWxL}?f1G+V9pUEch^U6g9K~N; zh&caX4qb26^of63xE#P9kro}Je0R1d0dr2;SY;GX)+Z8u;t)N0lP8gK!Ib&TV3?&$ zC;dMCyP;CqdBa+;2F2*^hPVGbbUr-UR-dYC++Aw@r_Vq8*(hi~*M$5y!9t z7uFvA70yJ%Yu{vWpP1Il{b zFJ`O3c;w#tB|oQ{d%a4FU-N+OA2s_AKvTYH)V_^3$okmsHCAD~of%Pf4<}^MVW1wm zZqRTsY%x_)#HA8FT5Pm+5BtF#sNAc}$nMW{A3p+42j zE}%zRye^4&8>ZW968kPIOy)gG07S+(GK;1@j+}8eacMYpPi7kVMVJf?3|A_$tWFN4 zYkeZS_y&v$zbf7*2MtE6&);@qzShVpdp`-fwb6OnH|gD)}k{Fk57)?X509)>#RcZ2QdfNCT-` zJwI269nc}FSt-Sw(@1vdfc)v8<|Z;d_1cmpv-^l=f~KNpgNjt!aOI})WG7%uB>zZu zkFJMP`qjhES(`x)P50_mI$hIsZVoqUCdjD*E)9f}C>wfq^KlNBNd1 zzqYkBz9>e8QY+xwFnzhPJQd69TKvE{ysF_i{5ma4N9r*_!RWI2=W+Q5n%f-d_{v6Z zEJs>Ch>kFk^sf`X1X2gugON*yEA3kEkgat|e3-N;Q?6NM{VvBTC$|#E1cy!u%LDo_ z{^~4-uz91`Tc2oY8o%)uJ7T{ju5{iwF+{K?;hxa-R=$!OH$4zSW}lh=9MZJv>mfF^ zcof2XfX{l69*0Y<9sK4yI3_AOX61lV~P~D&e$BB%A3rUl=)z$3$pT9W=Div z-;i=t@bU2CMoC8rYUUZWjrMZCwtaT6ZXF`U$daaeif)5WD^%3#*jM3QS4?JP>}p?E zw~I|9TiPv8Y(}^6o1$C(Is8CD-6T$!Chph{M#ST zd(X$F64z2F`oM<`=1X3tSswCKIxLj>PA?^7eOiC>7r=Z);@%e<)AtJPKWh*2JO)zJ9AQ9 z#Z!_|Gv6eZ7jH7wUxpimI8DiuDs-7d3ddBH7*g*(YB>n7pdMaYBYE|lmfhT)I`d^n z4XN;+Lq+9^i%l!lSC)w9dYu0U5voxgJM&L3>LD7^?n%j;z2#yGx1M`@K+X< zZ{do>B~E{+tz9yh-?a%=nq=B%OmGN~)tN`sDj*#O?To@n-8GlLs$!qtQIbyoc>C%( zonk$RxAQYm`i2IfbFLQOxE|vVw09*J47K+DTG5DWMVcP$kA-OMQ6sImceoBJ)#@5& z@>{>S$4}IF2|1KAOkQi?wAlwCfYO0VaNnsG?{vsR`$qi-=9bblk?|rFY9?Kw@i92O zyW)0|P@%aif>rP%wW6*FvZTkE4I^01^9MsO>)u^1_Zn~p&nNVYIa544`wKv@@zgzO z`}(Y%I%+kUxB{;1*Qw7sZIv~$zhT3p`F<)Mv$5lg=;-Y;BHoah9=yG&CWuLQHP1H0 z3!F__BR@3X_!EFjKfJU}*W}K893wER#U~dqD2ya(DmUq2^eLm`r zwoH$WCS|owptfy7q=Y<+Uc0ydSved7V^C z3|Qn*8CP%D>@9A}X(meSc6@J;s^x*>fm~SgP-G{ZO3z z-=?-jSD^P&{L#=-Mze?*UF4w{N0;FG<8^MAN`=bxuEFk+a4t+ASwxP1=|J(Q@fP*| zkJeJGNo|km0%cX$5~B%KZt$!15Z7q*%je@&0(AIVL6ct$>yj;)Qux!|=IgEH=%SeN z{VIhfQZ3q|V7EU50w?URHL|1||2s;q-FUvcRObdJw1|j!HMtl?n@hYK=cSQj&5Au8Unf4imK`9bwN523mm~jW^03Hd zFuumz;@Vn7?e(<|M)Biej)_|OIh0hGdiUn;!9RZFzB-4&MD(H9-Ru3!)?@K?6~NBU z&egI73}%qFRrhTu8Y!AbdSZ!HDxh>LW2rSpO2rmYL?zkU^9&mqs-s9 zQv_vo-D`8{QcKMe@^3Pt(p0rxzH2i0yrlOJ7A~u=QtM$x>Eu#gu{_%dh1mNR7X+as z&fZ=hyS>A(p5W!!YK`9QvM%E3zQNM!oiDM~g+=>Im`W4R`Gjz_`FCCw?J92{tbX&1 zvd5Zgahr0Sah!NDNmKMrjetDx2)Cn6$tgNYw-^!d|MBz{P;mom+q6KTIK^FyQ;Itj zFRqJIiZ3kg?(XhRvBlk?IE%ZxyE~Nr+k3zJXLI)CBqy24WagFUwZYq!zc2)cWS|CT z2-|QJ-}g!L!NDAgTz^FJwY7L<2`jBWEmlitm^|Fska4GS-%jwcWDW!RwmA_O!XG)^ zbx?6k2>sG-xM;B%0juOIalL9{1RKp@yH5e`C_N#r1u+PBuYRWL;K!(CWwYuT`EN-0 zPw#5~f!o!xden`Iw~>yjh_?1miA9G-?Ap1E>-++pR)1ln-xge~G~FL3CFvUo_-Mbj^L%F``AX6KUm+0GHf&ZR6>1-lzTd?X zS|hxt7;wk&T`2r$`!coF5i>M{2*Hhbz}d~xhXv08SJnjGg7Nxe<_UTPaASyk6=CnA zGEh8mSG`IgrMPsyHwq)}L~(o)`|cC6%36;Neo%x4m-<&t6IdF4VKR_+b$U$)xBj3{ zVOd)^k71Y;hM9Kh6}t~f{I`?NwU?)V2&ng;$_vBwg^_pryhd47L!7^$!&llc_Vv+| z6dfU?cl+uVd=JHDpZGPtjd!@cb7ma4f22w$E|SGccBX#(W6^pWLL<0h(wT)!JXiy| z$;=G6!O+fj%2e0IZ`H8yd1~8) zaUr4%WKypNI30^e4fPFAe_#Lqed}%0JK&y*K=>!0PlA&a+?V)JepF@9PJ_s4v8d!?OKlSOVXm}!SA7IrFG)MG71Esy8QhqB4ht1PZ!3(siNQI=Rr9YCY2+cvd)QQ z+{iRziNZTQAWS!U%s-`K&dzIGwhrYFWzRrR>3AG>r1WN*rfPr9oL(K0AhEXT4kC(4 zhwcLBm~C9_1o2q38PnAVmcG6a5>CGcuRnB1RhCr^B~1GARSgW#J{8K8-R|CZ4;Bq# zQGzhGhv_awaI(Oo3s){K{Q*B;lH&Nx?Gf7G@2}nX>ouWjO>xZNoL+*9#Y<*D!od%+ z=tVfINZ!hiV^%KFWIYV4 zR>=>80Ff?r{bdZz^$h(+=zPDpUB|f!fwP-5f*P~Y6cOS}!l)L36L>EDxgr)PP+jVm ziLoubUG%}=&gHF#-3r^!lUeSF?YXrFc4Gg(Fc^avA5;*@l~9>IbaUeP*V79|LcGv^ zZZ?&gDRh8JK>-1Mevs}lqwTB_M4193odrT}!Eq$k-y}dUtsLMsx_mlxB>rtxG6=V8 zqsluyvskcV-|mG9F(d~8Lc%5L7&Q9Xs|TkaMu=$H8B+tYdS#0Uz9bT$C@{eucJ4a} z+hE!CQDkmV!10`t5yoq@u8<*wHe%Yu?4rH~b;SWvK)uUG4#b0OxkF7Q0YpJ$ zPE&DcguFI$8TZlTw~PPnz`y^JtY-(buXg_M;I9L|2=mGc1g>eWfhwKvK6Z0<*j?Gv zQYF))e-X*1n_}KA+a3)z;x@pt%Yd=y5>?F@+8X~d7_L!dv>V*c$k2MHzCAm%IUWL9 zjo1B=8BQ^jPaRGif67T7^!>5mWJJ$=@OV`Cr=s$+rLY>=OirW#nvrrt33~nIR!Rhu zMN*K#`^yhs1TM&VsCsj}gFf
DBxGU5!Cq#MMXuB|#on#uf)VQD+T-)H$wKcVA# z59^|y7jyieRYRa<+|Eua+;BjFbs{p|6}E!WjZ9s(^LL^A?V@)%>szWd4T6;ITns)) zM|Z9HzDp&Xu4139mKTm7;{#LOmr8>Ho)DC+HnN4!LR^jMdt3Ou_!2T_`l}dvVL^@{ z+RWrep!Tk4{(I^a(tUlF3@!FwEayLr9bW9Qt-@mZjcN${cs@MlZxo)th-RV7#~j~Z z_;|MPTy7f#3-Sb^D6>|aK)9`KxxIt1l~q}LL*Rb~gs!HoK5~)gh!Pi>G4a-1EmfhP zx%9sk7PS#kI^zooxYlNeJ~v;nz+;6*X1(BjlBvgE+`-rs7q_Fy6(vpfF7Le$;;w|~ z<2`!?=1}d43C|=5;WpwE5qu(y<}oyq!VVV@?1v(T&hm-U{J6HRo!#qDh(T+;ec;>W zb6iO52T@{w5}!uW(YTBoqBJ*GOBZ{~7XDEDuS7+EVS?8*dYoY|GvKZWUOOe@xcIjh zwtr%xG%MF|1j6hl=L%&udF9EU)ZTW1?iyTV&d;Dg*{$J8K~P+AN-`Jz;?%J#jYgp0 zm(zU9{IjMS;yAU{5@Qr7oMCJ{_*>4xCYSsV_d|^AR!j&Lb5N368nL^jB?}b!-Qxd` z-=rWCT`B4!w~NbSytG3^WA?;$hqkowsheZn2vG=r*pPc5`ni*(s8Ey&8@n{5V*cd$ z?tPNBhdxTVBbz+e*M$Ccl#;yx2qXs|Zg!k``u%*~?QYvSlD=LsbbKR&hFjyJV$LFB zps0a}7Tc;^_*bGsSGw{gEpn#~kcLTre}CU;M>yT5s^nt)-pQ>xLC2HmgG8aSKja}e zBF+wHVd19yp_>cG&y(8`ieEnV(tJ9q*&V=a$!4+)vk&+w4+SGSC4)K1$~ZS{Ri2?K zFAuv4Dgfl6e&dd5Q4q@!T>La5?e}Rn(pVHm-(cLaWuu2pdE-Cw>#gMMHhq$26kaSi z$BI?Q;%U&W*(mhU{C0ol$Y0X0sW9fvpO4v)zkbhI zp?*+4arCMAR07D59be-QzPIYDE!gD!U)d z{KIN>PrH6mjmqhf9?R<)_8+Tmd+K|=`6@_ga#i@dUODk-W(UNV`6Ia|@m{D5Dr_&F zQupI4*kU$(nkXqIYo_;d?kc74Gq32Dh(V<%H0q?Tows!a$2x^1s=XYree{8@>yOVDPa6oEuh6F6$od|0ph&D@*yS5R-`BYNXe6YbQ;0#& zV4uY=sltUk#ZO_{x(DC;09%nXtX~u4fLq7dLYXOETfz&V=Z1gmRS#;M*e{DX`-jt4 zPTBl3R{Ucc9qx`tP#XpmdPEQDhGKUDWMuyt)HmUQ$6m5t=oum50iG_be{Ek0(L%d{ zwe9)eLmum%6g{DaD=!1MtCi6KF+Xg~T+s$k4IGHt9$Q+BUYlScPPrx>O|Gv6v5X;^ zf>D>qdYc5aD{mH13f_7Ll_wVR!XBUSd3i`@p>oedYcO2~21q;I*QR;*Sx{i85ERQz zB{N4%K8tN70_#owpBEz2`yV5MvZ9;W!~KE9pI2Tl;8SDAYBawZx?U_-L^wf$ARtVqTv+Y9vfcDRpca0{P$FKBtxj{)P~`K z9aX1rK<`df(F0b4@kp+k1W*iRPd^pbrGnRx2uKZq*+6Ku6JcKY=4&}mTy_0Nd-Cte;=(frg& z0j;HOe(NSpI??_2d>^E)a*SKzp|!+M4Vb?-%h}T38yZ?f);oD1MQux7Ne|WvU%>fbSM6i4TK{`Iv)J4M8DXGRc9I z3*3W3ZWaA;7meKN3*65OKJ)Ou+>?0LB$YR9T?3nf^Ha5r9Ic75_k&k-krOhpV(E|e zjlRZ)F*sr^PlX>QV5!Q=e&759d&11>7&(0Qk&%)|mvj8pksq1P`x_Ul$zPaqM4G%4 zx>a#6bk>qb8&nF(06+LoIQJlbh^51K!p&cb>@CA~uvr|@S3~J}%DmAAaJaEnP>)P* zA5(FBd^nt%#qRhYtCm?pF53s6=vj@SUN~4vcX5_!EU*Db(MntG;-Wv_w=SsH4e(?T zkxFYW3>P}A9`N$f!cb||G;oUFcXHPUP9xG?Iis$vL23Vm%fO7@iI7XJ`ONym*MZeEf$|jkF=p0|S}AH9 zkRRGPaSSeri_6b{?4&<_XQi66+UUprAV2l0^oOqt9pQgrW}%N|q&Ah>xx$wtBR24) zsfJ-J`1Zlo)Hrf8Ki};e4(4zGG7FPL0`+)8osqp=AuJI-P=ol&n9YtmV-zAb(&h}u z57qIYd<@E=ftTNz$=?)KU3Nz5=NcWjh+YKOQ{Ga^LrS$^jRoHuKSr+nc11%6`Lm{M zxBQ|+v@lBey<<~lY@`ZZA#WnH-1;=l7Q%Z_GWbY_yveVACRX2dvlO+XLF}(j;p6>g z6U)|VGeJ;5XZ+E#^V=I#r8|`krC58oK3qOpeyDT#K)ude0QFt$nh6vvCenO%I+@8e z#d^TfV1fNY|8&mw}lI5t;WlvMzfL$@HHUyS=XK)7rYm z%eOCLjzmQ7rA6ZkX{11H2$lb&?TEiHJQ(+BmcOY370t+~uHhl%n z>RaIUV!>c$)%0gVYieG;hOfy ztv?q0Bhvq+)u0NEr(A#1>xzE=%2sZ9bqb(`wn5ejI4nCBt zCskI!4p}9%G&~%}L!4!h{g4g;JLkD(GiJ{dh6MI3jJ#9ydwT|PUdIx_PZ$94KLu+= zkf`hg_)oEhtdT%gu53Fxyrl^IvSok)3qR@SF*Yw3I4HngB71m$R-+w7x)h9*M=Yd5ESz9Vs zdm{%be4c;%lTI_&{Px&&jE)lvLt`xLlzPYa5t+xL?b`-WUH?+d?}Gw*!OX0#w`^1p zjcj$%sa~-jYxHY(Tn}_&CnQ}GMv?`hj>DKPk1rAfr&d&1u z!lvbZlt9Bj*@NEAo)J*B-W?QXujnh9O%JP9Lw08XhXIWj#xxWOJ(9kUcca+~hyQ9} z2t#r5Y3vPuo8s_xcbpdAa`Bin>x%$}9C726SQ;s4xAV)zA9Cm{&8$sOU5_c-b=HZY zFd`UHqi@$#b2T4%!`P(rGL~QuDS~ebM$~=cj#_SV$Y?RzN;q%px`E!eT8D*spTb}n ziq&DKu43T#s`PCNq^@`w^7R?gE9j8MF%B8*kCKNCl*0Va*tD3^z#cx)4BIIcKW{Sy zVHiYl(Ac^f9lT+P;9%bRpxiMEYn97;4d*#pz+QW6j6C_U?0HrtU3Y%Z7=ijiw0G+N zuhq>od*hVU#MH_``wLeFlcjK&bp%fQghvs$%kINlEU%C4k&#(0fTRSvs7i!sUvOb4 ztxe3}&Y{*DkUS)JZ-iAcoJ~I7%Sagve2iJ>fg}V<5!d-c!)J^C!XVNV7d>O|&hj#t zUkj5D#=9~<#Wi&jD@aYgI|+tf|ArwpX}_18T1))omHG=}-6NRE8_&l{nQIVFDr1qv z{pcsiJy}eX*Ui2Q`JzBtr24^>+Hy33l$QBSG8g>W&?kSwlMz--=mmK11 z0r|C8A83pnd$#{CVgXk8{maDl_gD2^>yg)?Cu(m-gC>(VW6yYDoa&X@zc6e<(q!R_ zc>g=Kal^P9_gE3U26b}&&!r`+CG;Dr-MAN7lmENV+_LesYcyPo@;-Uwzt8+J4QVoY z@bx-;A{JVPWRvY{4CUT0sCJvZ8NUWkoK+V4FO%_2yjDHI=d1vFHycC7Pey^WW$cP) z+PU8GaA<#Fu5)&AeXN{3aeV|pP7D)d({Ps;QZkI<4J#ZH%SqkC-#gsF4QBn4r&Le_ zJ-v{K>3xbux7khZ95Wg`1x?lGPvK5uYJk<6BP9SB!4MYzW1Uo`k@CZ%m+UnWcYVFq zO~X^hPb(QWemHvSyQy_+e*e!{V@T1Cv6<+vS=%ilqI6sHHVX*nQ%K0Gk{Q;`gh%={WO2x`DWx;fr!7zm?is>8z^#%;)8XL;ft*fs1I3@b>KSBh9x-oA2F`EN#n z)UK5KN#%Qk!|pikLBVD;k@Er%j;D14x-wpQ2LhE0;Z3R;0Exmm1yBp{d1VktGx~e~ z&qFjraC$cV_~$v5(eoNQso2rt=Hs$7$?&!*cv5bR>}jq9MJ>*i!_bAD8%gfZx&d)Q z6lSUyl1Uf)dlIsxGPx!85^WDObugpp6jXMw(}S?GnW|?j6P!PGH*i)ncc;9+{M-i^ z=a{)L;*TttVJ{I9&&0hP5`n*zQSuA8=F7`e7Ah&X=skgvn5qhQT`4&v>c>9fp{E+~ zR`db_h`#4LLQaRES!_8CKng;pRBJ zip#y2;t~@BsHR9|y(BTzUa3v^vv%YSs-$13XGaLU+rL%9k*rLXcrrTQvepT$@;dCA+)dt~WgfU70(!qsG8xlG-QlS>BZ;wipHxQ0p zPPN0EeHR97Mlk0DAgVb;mx1u8-v}u9hOdM3C-F4A2+j8d61##j@*ISRzpN@?Xf`KVYCmT-R z4(znn)>Bi3m)IRNjA?06Rs97E`%xD#T4ebx91eJ|wqVt^)j!%^ssYqm^VEWpdX8`W z3+L1%)TO-6cbO`;Pea%hLO2WO^ph6#0N{dSu#_u+R+w2T9 zhd2sa9&we9^uA8-ZQ$tRcf+>2x!>7ZyfS(RQYn2?AgEi%uq|2A-qw`)6?FxGxw)L6 ztq0IUE2bqLwV2DchE4GWM=OuT4qfWtC%LWZcPx>?hihcN)M+^!&IkQbc0K{)ev!AF zKihzBE`YSOE!Xr+w@C6Z$(PJhP|LZ%l+tzpq6A6luIgRaR!bPXKMoZOD$VV2wk69H zr(-(rZq=#==fH`G`^XQ6=!O^RoiM!#DD{FcWJGE(~K&68#nr?uf_*`%4;5*2fT1hMsE92O4R zUgNn-k<0oqH2;)NW3qvRY;k|mlL;3-J$b8W06vm`I^OuxwwJR770)li9F z-?_mv&0qo2%f_rz@KV7MEVJS}XBV`?)wS>H8~b*oH}g-A=MK0Em@A%}lf0)lI`*3$i|f6mKfdVyXqb3}k2irp~%wZV5`hr@TVY9{KvAsFg(CN}VpWdglj ziv4pNlRf)5EP33INCkeY%4OXEx~VOL{#ErAq?NbN!CYwP2_&)E-QXn~|DszqsJ&$= z;Zm*Yz^yq+wxD@l}`o5d0hfsD|Y4 zzqw2^0|>=D2SmApboe=5r=oUW7U*6iy?zomDB!Qp9|kna+|~;r3%k#Pd8!~r=|b0h zy3TGH{e_lI-Dn@%zfc2fxoyPOGr%$R1@@pL*;3aYRiis!)$gNjQUrG!DZSyz_CFSg zsTOP(ep9ulV3kFi5b=O?N@u}=htz#@BfZ2Kw}ObDSl9BN8Tjg-Vj!#Gbou|=3r2-q zSeMO&L-W5w0Z>_4a44P(lmN6ljrf#Xc62`Atl?5U# z{G&Xk?t~0`z@Wep`E$@vEAQ9F%KW|sj)tEZNaHN<{vVn#+O( ze{edMm($2-;MHA$}AwST2S9AJ{+nJ(9{IrKDc+C2Q%68 z|L1Gox;77jQo1;`(rY@$`IG2)9PugRRtc4zMGS1j--n~>7RTo^`whAe*zwK@$RN#F zIZ>L5X^@sEi9tQufTFsby`gXB0W7>wFQ;dkT6NyWp^k)5Z%2_VhaizJaw#Bt@|g=$ zp0&-!cc+zrO<);pTME6}3P3!p^{H3>>p~>QV|28q*YDCtugGGp3_&zA+~x z`TfVjqzzjBUUx6h1L$R-KP5|4VuG+);bySwb*KJ&tw`*Z^9^{Qq)M6hg`nKfUqGrw zW=a)dUl`nXY;SE7nqP)XWO+(bD9dU-7jxtbSJIdpl=|4hVX>KKQ(4}7BurUeMOJSS z;}Fu%M%wO6-=0U6Ut60p2hB5wrocy7ix*rI35@Q7gdAjZ} z-QZsJ`u!Zn8iDoC2KCxGLrW_sBzl{XqcV#2>Rp^p5%nc9h1V{CMaswe zo*iG9`2`jT8hEf(9CLG8htd*#VJr2~MXtZ;f-nEO9kr4f>kr zx&fB~5ftgk#kS`v+oSOj`2;&jtU7xez}TPWTFLk9z#Yg@2~VgY)O245DR+~? z#0sRJi5*vH`p}XVx8|Ga7ueciVo_@kps~HJ5w%w}=iQ}ouFQJU^BB~uH20%I&Vf*U zaiR{M`t-fF4m`r7xK<)!`GysE&jgKP_zB6<+( z)quhIryKyJw7e4W8+tF>VL^FM^zVq|hiX$;Ly_`Visl9BB3n-H(Ht`03fNt4ABsn> zA9CLPw$;)@u_Mx}x;MJFyMT60La^1+8k*ubiunDqZ61&NpsgxI?nIuUf+Y5r9c&zJ zxALMcvR-#j5Y8TA9wwI@^ZPWEnVbbq{^MVMcc8LWN4bWj0@wLAu?r_{(Qe>FdC(I$ z+ybdLA*^V-;4E<2M8g%S)OtkyOOx?(rpH7}8KIiq-}FJXRP z)3w%Ba1&a4(gcoRn5GkTJg2M&Ie0X2P|$Z1*^1B9ZtQzpn48f9QaDE(9kMJ zT7Pq|ut*!t81q80}oP)gz_q9k5 zq?Z-_y6a5W8F+X4#&R1Vycr4U_sK6kB?uRGd)u~zekcIieI936 z!qrKtOIXZ6AWkf7Gg}WR)15LaH~*cV`pz*hcIwBju|rnh>jdmcKfqYsHTL~h9+JR} zxV7d|x+6=^Mfe!N2E1WAzcbcPMmJTzCWTS1YB3OS$skJ=SR<|eW?+B%p-t`Zw2~56 za>+^oQopvHCSn#kSHRuX_$EZmf?hstg5qT~*i5^;TUHB%RIEfspr9bhF8I!nm zFs%~>&Cv(DXjA`5$|~FwniHsN(`YTTkCvQ46day0cA-a>i`6i1$9DMoeY6|!af(N< zwSJbSHL9M2<9;9%199@t85+*kWOz|*olXiyMq8RcG111e=M0g@gI*|ualm){l2lGt z75-A@_gTy1&_eaom9zt!o1s&7l4%ijZT=G(N*O4XOG5|oR>-i|{Nd#6f_O~5RGc=N zK0@G4n69b|xnRyTn`GgP5p4 znn$Z{7Y9!sh4l@lcht)zMR}lV1FVyWochU(OU{&c46cZUt~vcHIh5Kb1ssluS`wS5 z2x--m^o|m7?1St3>MA6#^zuYPdGv>uNxECm(o5VsnJvp&bOiryhJy4pKtl}|wF9AkyuDUTLAV0_v&_i>y$ z0lb=FxMYR$vbK0max~62nuCp<(7yGnO>{d9jiWupkdmp*%`aVd9f zlHmpgi|w}aUN9UH7*&aX-g6l~T0-kf`Fuck6f(+dy=35>-(>#uCMaP9px};ep@;XZ zx(M8l8^!462x>qv;1D$@y&R}5mOL!6C`>PmbSRx?2sQF&zHowyCi7|ZC&JW3OzL)p zS*gMiUVmYhyuTOEtRQrUH$8>KZ`GkMFLUkQTaSI(oMceg`<%A_j?ObP)dwnWa~I)i z;L75Huuht3bp%R@C^;;(o0%*T&Nm5Tanf0SRryaC3Wp~+z^Ev^DsUfo)(|%IQT?iT zC^0#1XU1jpe4}}Gum>#JgC40aH*1_~=u)R`r@oE$I%rz&?T&y~L&ly&Hd-(p@}1>1 zf5%!Bk#=C+-9*lTm4FgFW#ZACakB8N*r;fq6CA&t!6&Kbw_na@&dG)^t0BcLlP!A* zy)!P+RdThG+zVkS%2Gq0F@B)enJe)3a5Dcki;-ny7njzfptrWbh0M=X<2rm!>yJ7L zUcMsj?Gh)V%_Lqy@yxqgjR>>jq@GV z3O#9D3tOknzJ%9s-=s*RytES4FF1c=QE4jk68kn;e{FNC=uOefF~}D}&E(9QJsVbT zMz>gPUw<+3XUb;HcS;4AZz_kMI4A?pI(OLRrL;93KBM%2Aq9`V%qz0&UWc~PuN4CJ zX22y$oub9$<@Eg376#bgEvX429}CyitDjE4&|>$9OOeObP^qatXn)-mG*Bcv&yfrF zj4oTs^K?>Qa@QkMqTpy^vf`z|p$y#fKxG zdzZMq6zK{N)N>p57yhA(*thwG+6~j2WZ4&C2&TwwV?x;5@EB(Y&?wf{798$;oh%a) zWgrY??_xH)1+iQ4Oc4r~rL9m$;0pLHG~1_Ma%)--|9FSAkr1xdn-&6X7Y1LqE{Zg0 zE~flmxKDPUjd>Hf5#WgFg6InP6ZK+KHf2K54abQMe3_cSWjXB(AAWMm8pCq2Tzui zL?i(fLOGO}%sNC20*9|ukE1_J1Cyq|A2)-Ms|8=>v^?f#mAw*dUmjLZ^uUNx<)^P0 z>5G~hOWlWy0xV9o3)o_A6Wt%rG^ze%!X}ut>GT)PB10)DM&E@!*NSnSdnixH=k^;Nt z{Fv2rQyJdSH|__fR&LSD`*XQ^N#dDp-kh}r4-x*cpJ=CVvav~{j}D9uOZgs7U>ocO zRHZXIXxTAJR&bZ>?fBl|v&CivjNkTdG4XLa-WG^(I1GwgY&df-!6$Cb^p z;VeC0S`gOSJoQx?HJ)W@DI?^uimObG74?8~WaY=Zr3i!0U0l%knH*_>bIvASw)QXA zW7K31$^)%E<0xML+*)m4B36ap&(6}ib?w8j%D2&E`M5+hWWVgWK-j1*dUqZje_f=YX+#-C#FnX=}Rcu>3;BK-(gb`RcIo( z8*v$ybzv%cTXX8uLjg&b{Ge6R#_*A>AfZ+U_tM(PRxOj`>Y4BtDG&dkbV*^IYmw#L z=`=HM0v;L^1dEs{)Ze8nbjm6_Uhj8z>b3Q54I}Tz`l4{hfGFdkoU9F*IlSej?R>KDb7nTvbUJgO@Ou7INpG;U{EzFC z!zUk?*Yk?d2LXyn^<)10cr)cFu-UXg_GbCi5s9bLLADYa;~wh$d)%(iNKQ-Iu0dhB z;B}i~ZWMJ8&(^ST|FZ64UcGcMdn%D(uFYy;lbbfeR4S!VZV%>-Io;(NJ1@(((~~2# zEPWRj{;?H^)Pn8kB~lZ{)P}7!?6RHBZuJQN#FXUD#q@zJ6%}x7z>f=^vs%*mr}c)% z@ceHs zo&@bX?^(&zoaX*Lm&V!F8+ndleMkMGT^agyv#nT;_z%Y!_RSWpA8()Wk{c>Y`4gis zpmp-3H1PS$6b~~@G3zOY2%Av`8YbF4UwfZg7j=zU-4Gf1cFps0xa42!?x;9%^O+M6 zIoai-*0-|$5<}>@5c%Vz2mer)$;@=w=&lUZO=TqVVYCd;?XD48x5Y>r1tj zZ&C<3`2Ml#x%V`ptL@;y8|>>)>g+jc7?O$jN%ocbtpgYIStX*tqgNhQC!*izI)MK3 z*OPT@=hPA19OI1mgjLs|9|mo*IRbu>x=G=#+c+L+ii9PndG!?iavJ8!9|fez~xZSD@uBn##8udY-Q(0GN|=ELY{TGmVkq zsVZ#WN@qrh`Zpv;JsOvCxek z5uevZQ(ZhaU9t3aeR}U3^Oag5(V)E5rZYGfsz7pnJ7imjAC)Y(t|=5sAKpuKgz&4SHiwz&N+JB(&y9 zqayC+X*=&NQlYydOsAr`@bh zm;|C^WOcy_#Ew}+2%WKfiK$Whm8OX+s1^YLtd)TndJ$s>jXN|(M9D-wpRTTOs6L4r z)ZrKK4?EThp7XZPu8-iP`_K*Z6`*+S@oBW2bAI6zdWnpe>@JJKxT(Q^#!v5;SEo{= zZCYA(>{mViVYi12_3a};2(VXc8}kfe{{xas6&y}@*PnufXmqft0O9o50)@tJ*gD zbR6{3Ikolr%mAPD_+6f|LH-OLC4@Mh9dS($5SR9`0Je`2e}0CnUsL$Xu8J1@r3ea( z^}g*~GeUZgNZyiuk^y~!G&{%jAzBYwyRQktmz9rI(1>(sMky#Pv(mI(L1x%*QLiw6 zZPj~X+@hI1PJy=*EMsVqJs9-c$ZQ{%=i_e&Ybig~>ng{*{=WTl`l($7n%pb(^c!35 zB->@@te%VSHG=0CqGxrR1)lQgw$|-F@dA;61w?Qq)rJqmkl5r+qod055uIkiRH-`@ zV?S%ltxwBhwP!ci#zJnw-{WJ?^>Vn06aIo7ckGmC@i$1FvVntstZhA z7wyMf^ff#CvH0Wx8W=_WM^~ymHsHfp0!i2~%U$Lv|3*hV>wHDkimveA9m zS;}P{t^Cu1Es0X<`WeMYQtx9l6svHewr>NFA8!)hT=}t<|-sdqo6E3 z%(!v8*_=$3;kV}kqUEbHc~u&J0#ITUyw;|hQ6@%)fT|w6liwk88_Bs7(1uOBLe)?B!Ede*f z`J5ZRqK-rdC&Dk1qP=-)=D7;~8XVzfDgK^l=j&LXfetnUTTBHkfTpc|EBGjbV<{fyq*ffB~qw(hN{REO9)v$9#2r@*GZ9bQ-Yv z{C!N{)SF_ne1J=4c_+mjO^jyJwpU_*98^_Sk1(usB6-DhUHmxm_l@eks!=4UL6)(@ zrSfjQZNVK6*&os2-ha?2q+1osm5R7#^tXlH^2nz>L!+a4WZ0K*M<2SMr7?VV>Z~N1 zr20#RSo_J+WY7hw*!VNlf>RI@`<2rVYl0%0zqlSt1)ezT(nC?gMxHz zk2m)NCjN5=4*Iz{JknZbn;*}9Q(L^W>1rz5IE+c^P9i%JQZ$!ps6RI*W?zSYK?`*f zMJj?;%H&0@@(~NIV}OkD4WrZhQ{zP~yY0ul{0Q2q8QZvK$26TxCUcy}LB`gmq831Q zb&-=0EAxnN^v7aOfZ5iHu;9^VS)l2U;v~dXUmAaf`Q{VCs3wd8s13x^l zpN%aM(EDZ~T>xMDa6#^+<0)cqBKP?=DjcCIc9OvEx!;KYYvqZc$p=Ey@k_ z9LMUVh8CDADrnIvPj2E*L^sa*xz=YRmyO3+;h=pA_K7c${Z^=Cn|6LYFkG&riT(?=5H<-IIVAA(3!9oTyXiaw=)LnC!U02_H}`i_X^?P zvx3gZUr(dG0iA6ZwmA8=2UZP0w_lW5{r0tZ4z-LdY3h=$70Hhq!Z9qb9HHb2_XS1)>e;ytC17qwl5uv%E5VM^kUe%?$!7(lYJHL;4_ zKfRsMtOG4_fF8X|Aq+uDw-(Ec6Q`?5z^(cX`*+EyZEQ(Ytb zPzi5^?Nm=ekrg{Qa={!1Xn{+H#_d9*u*w3==hEV-zEhlFJ5Wtmb}r6p#Ny7p7*R0& zpk%X;o;o_pljmBQL|F8Fc#O(#6Pw)q`F;J9;t{>QO>?QFm z`MCfM=c+k6*HQ~O#G;^;u%bNUI?W&bM-|>PKH@~|WE*P8yKzsU%RfA(JR+itj=Ogs zPJOf{$(-1}8?hBRrN9H3p1-z-FdrlH)}agVVr zF5&e`z=FnJb(kfcyq(ow!887n$<5X}hS$@?Xg_Bu%Rl!n*s%Ph8;- zaEWBOH>q7C&-38ffYf$HJWKWCR4qbNLiSw%gMs)_Iioovw_na{BNY z33Yw7`zi#ATa1Y=wjxOk3J@GkHnrao{|;zSllv1js7$qioUwP6sVLs;G4R; zUaH8B^sGgB~AkTgF}1lvvT&D{RS;x)PM=1?zmDm4wZpMy0I39QK$wVLSEUhuYF>bbKFV`vvrAZRW7 zlmmD$Ev8XP(*S=Dynop}C>LE2lx^3J*(S!S?&aOn)%A8I&E2=z(hd2CmP-EN>BZ}! zYZ6Uz@rWZ=?6(ieixrka;^dFmaM-~2aE|W41mo;ET%D(*WKgpQZYA{Z$QW)bjPE;9 zD%bV121D83a`p|5DDW1pY0J6#-?21OiqdTP7IX3>Ma~6^E^mzL8G6@lKhCE5igUZK zl1^)APf@m1o?#*x7JV!yZG;zp?UD*tC`XuYeQRfOrG`*!1RGc5^A-I{W!2*1uhZWx z@;wXYJ3B|Ti+_EZ%F9$Gt(MKSHyqgl_c}KvUSc2Is9;(!USe5QZF#7B?joAKIcW=J zAfj?BHq`v(g*IfnS~%E#@CNFtwJP<@xS1O$6+Zx=im9qw?*)R{Q$_5+Z3Z%I+q;g0 zZPq?F&GIf(&Antvh|e$~g$V;|l7r08hN5Gs zbwfT5u*98-Vvy4<&qjhE*Meg->E9%WH=aa(#oM*i~>?TAB-BRQ;GPH%u{9Db)bq;ks^t zYCeYxo;hUmP{la#wFoYgce7q==}n6WD86`8udQB8DKL#CkO_|Y!%OfZ-TXV*46oF+ z4^pmu->+1hZVY3tpNMipj;M<)&YgBV19EojJ&Q8Ne%`%i_@;%VTkWwux!v)*7-nV9 zU8=ve6JBd05}a@?XZQtPa%4aGgFU=&!VHISy#|cqjjv;i>rMgP63z}QyaJxBQ@yop z*URFZ!LTZ~&DaKA!(%{!k@4g{&X0FzAFK;iNCf5W!>7M|X1*2Nz`L{YiG?nm3>-CY z9C)%5db=hRyuDGG)n*kzy}&Y8VJevO+m%}*mjie`Gk3cjM$t8FOnA%%1e$ilBsJtZ zQipW;@#bN`0V0U5*+N&TZUG;J_+tdQ=1i{_^+(M<%_u-q4j}GgSsV|+s12{Z9*U6do&zR(B(&=>f zW?RqE^a6^lQ{!o^I76>}-FV}l)H`Bzaui}RvnB0U28-SNU2|RXD4rAj0<(Sgtg4s@ z>)`d6*2tcH@&CQSCe!X41I-iUsj|e(B}5b*0DaTmjQj}-t#omeZO=adX~|znl0a+v zl(6^u$65L_;W+hr)%wH2{$SD7NugRP=qbPDI*oR3Y#m(?c+l*^cYj9iM;-G1LZsrt z90kH$N*kXXDwY$qBmrja7tNN?ro^I}(8ib8w4Z)4PH43#N|$P#?;CkF;H2~w3I4P^ zqb#k1kSrE~y3dg2*M-gEg3)yAKUdqvZNf4ql$BwOOZyg;^Tph7TJuTCIM&EIE+$^x z?QgM{yXX!2_!qsL4EKnekaP2TcK~+#2_Y4|lrZvNQ^V3Eb`Eh_Zo~PpW=tgy_qRr? zn|Z{$>qtpn6wj@!WMH%0h6{xkseA-WOY;7dsAcExDeNSDpL$O2pTwul8-y6icf5?@ zNW1^$jH-rvkL^~h_UCWjBRgkCYL?<)150Vj6ZtO0AN!&;_N@#GQYbc^rC-hk>h~Bc zA#lusXFd^z04a{AWUpBdJ@Ah{L*n=Pi=KDadK1YQi8yr+LJQ*WgQ$So=sD}y{4-o% zJvA9D`3dM_>W&Fy(5Qz$X3pyVS^_Qqa6vni zQP1(y*pl1(77~NGJdoVeU%zBS@}jZY7>qM*y%L=9@n0h~q@nTozNSHyJj#?xj!9|5 zquah`5?O5L!rT~|Jy9CNtV_zvw!I2;&9QphTDK%$rZ;fpVE_+6lWaYgI^?9IqfHy` zA~BXKKu;C>@@jrn8gv-cIjKrjcN2t?Tro4P#0U%*UGvuLl|@)|?mjsmF$Efa8vqcp zX#LdEhLoHriaJB92(2~bp5}q_pOfW3O)pWAtywinvwE6?!xr?Ii?(_062Z;IRNvga zmZJ@`{_A|{pYG80x^Zn)xtFt)#U^s6G%LEaI-iLnk#9prnyXsN{=R}&@S3*;(2#lHIC@b-v;w4BeG!msR(jMb>A$hE*j~uX73fLYP{d zw&Mbvd@U-!`Rt>7gn7e%mwtLR#r4jApl&&0v+DV+jvfnl|qwp zwQg!rAPaw8Y*pIr!0&D#Hy1-wWNe@+v6^h;k)8fBF#z!%4+6psU&dk6PgFWP-rfpq zrKVv;l?ivq@BBW|`0iVP(&e*ISZpvF#K;BoDWK~5C-+>#bpuvJ3^LAl_$M^uk}GAJ zM%6a_vKibH4p+mS@dfaW>&5{eLjOYS*Lx>jtF*3+q#FP`&-P3xdU<&nJf+>|#S$6L zktubze<(ugMOFVSk;9Qi!1E?mRXX@H#N7V2uGOzl-|@g^%W5ApE?>!+INxx?V%PaS z-^lC48|QJKnpC}wm4;7ib(rO?iJ?0#fsF%x^+WpFsBN9-RG1GYw7z^sC%$G7i}=zB zwghNbW~6)gYQx96wz&`c{k>aaB>tS{J)dfq4KL^O8G1JU3rz(}*4(qQCxJ$4QvOtt z`iGgsh$JOvBMMZ(yu%W}!VNjC>SG-IcXMW!l0`J*pc?*tU$tqYL1kL|nY(+7d{i~AJxMKYGAHBA=a?y1@pV1hK|NZV zO@lkCaDaMl-sFhB-W+jXrrn%(6Dl`pLNzb)6w8X0FYf>;UDk zbnb+!gn7>%NGGImMzrvhL*aq6aesEr#W^{k?DVW}(4aw{BEBn!TU%+jIY?l=HC$Ge zc`1!uJ8@n3rW0(ym*?7lrmK%WkLT8t3U#Y81%z|k2yW!|nWbwtG&0kb< z=b;n7Y`#gFDF=bYrqwQ32#<)RLn)9sMjykZJaaQ__)A8~8o#G%@MA8LV{ONJot(XX z$ej(}4#zOkk{WbzDI`FzuK4Li)#stHw5C8T#ic+VKVOaHpJLI}>~$o+>}F zv*U}}e|`3vfk?m2xlNl}QdgiY$Q^4&0D$qsii=XP(o2t&qUWQa{QR6J)|Wwwf=+87 zMRA+mcQ=1gDBroZCnc0&UfLph((4Svwkj$4Q@?TPjbTnbv=!Km5m7-u2EY?mF)Rif zBWzLbjW#3+LHjrQ*URb_Mar>WmA{BbylU7O3~uo}$XVUGB#t1N*Dt!ySBvLCB-b?> z?yM?AhGW+rH(q+J{vq6oC-uCoN(szmcr_Ved`1su5z&0o8WGz7MxP9l5~3 zZt;H9@~?Wkse@khJo}`4U+#k)rTLOwaFSa>1utHP`UlDfaGV=GkDg%r1?FDb*$?Ui z{Z0YGv-HawgBoX;Yzr6RC#i&@A^lwfz$wz#4+VcD$-hO)Mz>v51(g>ix$E1P8SP>D z008RR)gb4OMrxV*Qg5tdZdM+d)-SHOF_SF-g2$i$88JA=piNBN2apyYL>h@S3$yK5 zZngNnEICoOwCC>aWbAM5Av8kh&@($m^T?FDr@t0o2U#9jpHhxlp%g2+rP$m(WJsoi z3T2qJ=t(?DRO|_x{zLdsfLSZQyB~bN`3#r?UL}6VD0l7ohtN_P-2K|J0NLZistcRl z@>ERgR%+^sFXuqXgD5u+ERmd(V~+>2m#$Eia?cK*1S+Y|v>sxQ(+Lf2gf>uog-@*R z1%I4{>GUQ269$*t6x#AA8akIcW3rUV#aVN{Bh zTfODWGz=$=hH{RnGvUG2f|P(#e!>Xs!26xX25-j1^_9+T zOwo$qlf6q)Bc(uiGbM`XF23Pz!T`|^o4)nD!D!I*Do1!(o5WZg7f2L*dzx~$vG7cI zi?MqlX&4W(>A+^cXH>jcfVyE!TV^xlwxN281NRAk-v-Z4Hf}tuT~lj@NWtpuKQ25L6q{i^HpmG0H_6@v*T$mcV)REFG< z)v@vTP%`y$Q}W|ePHh#EkEf%O=zkWq9Mgl7U1LSGcfVe-z26X7?CN`bIPlE7a|2CV zpALPw&BYsC7{anl~I1BcI7uFb+- zTF2PE+=NX{ukwm6)i-d;48mq&Qwi-2g7R{Vr;L5Al800lS0aZ)KiB^Lhp;SP3J+(_ znbtNhNBe#@FNx*N?J6p>xaXxq`*p<=Jc#^toR8#Li75kI8jWWMehk9jdyI3C!A{pE zG3>l3F^yO}p1-SMoZt~_FV^>^OEvw_JltzV7he_lp}}||A4>k0cUo?u;kY0)o0jXH zbf9XyB?b_=%WlYm#^Nr^2%RLpv+JGucy z4ll>mBW?vRqPA4lOyY1c8>a6o=%-CrnOH=;KZX0wMe0?}tEXT|KJg>dZPg?=c0?>> zduU!3rsTEc{>HG8ZHG!|$CZds@XG7uDtrlOxXCdhqcE;DY+TSq3BTVsX?Qv7-y;Kf z1~{-^kd~i%l^0rcrmD@7Me3%sGJSn#&E_>R!KjtGcxvplA1TeMw1YbDGDp48kpy#I z)nS`WCu*EN-PB=5s(KbL1vKI3%8C(<5k4lMN9u>o7X1KhhpUxTh&m6xtJ>}lV&Hvs z6KaC~LugMZxcT@Ld1LHolg#oL3$E^9z=ntV7J6t?MQ1nW==03EjIm-CMCO=Y)1I5wsttS$7^P8 zZrVr@W`1vZ?C;55LPW+DHh-32Sy|m^FxR^vx(bpNv1|;=P(KlcrXS1u)(jYZAK?og z78FPHz7vO=4JQ0U$XF8hfq!9ZR(gn%o-5&YUDpw!`*Ddj1;{Ve$DY}$#Ve5)Kj6k& zlYZCsGM_KJf-rwHjV%VPV7nSSe;Ul8YM|bp>1kkhm-vUU*g8kKQz-dcfb@IeQM2XC zPFsF5mBkCdI4wo*yW!LcQrw)f7sC)@@#nVsP2RqJ(x!g3BJ*N*gWQPfb2T@oM0*rA z2_0}S21k=Dv)8x-HP*HJgB(1WJlynf*P353XI|A|q+977E*`Y<-lD$F7ph^AySYaD z!ZKV=+**=~foz&A**joF1}9{W-XVT(lpFhOtm?7kI~Iwsr(pI`6aU?Y(dSnawQUU- z8GBDbIj_vn1j%p+62+i|(Wu0M#LFOfZfL8~)RnTs`>E|lFST!+gKXggO8G*%Sk>Tt zLer(juo!CRQI8+Ynf`|O3%eA*99hv(nmDgK3e>4&RzAivUF~$e_6(3zeAJ*QHtG~AjE1Q>a@V2w-(U)irg}| z2k}35k3Ib^-xJnpdakKS5vh7=cr?<8vO+vJcD9W%#)7zMAE7}g0uc19KVN0s=1{H>O~j6PZ9*x zB^|Fp2QT|qa)ce~%O)Q-T)2A&4WbJ9*V;?rCrVH+p$}Q(S1T!qMldb5k zxnu6vkIXl6V|NLWSVXT`k>dN*oa(AFH`v5k(tq|jKR31~BnJvVn#i7eAH$X2N?$oE z4X@>5Qm5s|3fvIXFf&i}G3p>NA8f+i(wGuPx9<_KTT;>D(k|ZYRPPVJsJ@)X7MYSoU!`TN0I$;EU4^Lnj+86x zR3qcIx7R@Cq*2q9TlY9DmHK7N@a5X$K{XD85yJbH!6W3sUpO{$;Z$rAD>Bl1?~5#) zDPezfml%S$jmxHaL*pG$0f!{xOAYr0639^Sbdt;4cfS3f!Nhw zxpr3%VMV`;yo{`>pCaG?I4!xI3$`gdEfZFxq?cU>oupAMrB2pMpXl5xJ%394O81-5 zn{I$MUo+wLyW6jPmbzK23~?8O+_{U(5en$6m5arAso$Wd?DUGmmDI~4C2CAyzRtj< z{HLkw_p?j!a02|k~q+Y%a3Vi#VUV)8_e^ue%Na0 zgw2b(gD){kdohB+G}YTKf09{xlov9u{nwuNQ75P+>N(^s|H$XQo8O1wpvkXIkLOOP zPu1q^DEv2!PH)e(Tb4gYS1#F>aDy5KrMcTQ``zN>5v$%)j7{Yi>|Wlx!;LPNUc_oV zYTny9upzLdm5S3N7iZE(iIzhqCZMlx3h-*XimNyM0@QTseQSJN-;cDX68L^6vjYgH z=t}Il>I5>?3E)2y*Ow;v8rsYF%LdVQOb+t*Y-i^z0SVX)oKVUaWyn`vP!_x&4vg3 zK;^rRL;5}}#_yDycpTwnJMvW)uufh?@-HVhs;z^0G4!|DHd2mYHfa-GL)jK~Uz7cA z13UQUWw$e2aD(U6xer=6E2-uARHteS_f0oo=Gp!vM6Qd(=Ro7p3uOE3$v-^ht2SO)Tc_lI~W-hAmiOiAL zYf!CBs_a)#WRw#aEqet_N}YSFUioyQa!>W2!gbZaOlR)DT|a+viK%e^QcSVsHW1tpVfB5%o)ly2D{MDZE@-RLzmjE zYT=^cXEd##)$?OlAy%zC-NYVx*6VaN;Rw6&Nll^{d$%_knm+@xl>v8mCCkL*gQ~0p z6oo$s5^VDZch}%L`Xfm?l@v60<&1(B0%esujXpJo;AK+5cr-@Z_!W}Mb}Ff}g58TJ zkx5CamgnxWjfvf?xcHW!s8pv?1?y%jIilO)YwcLv6-R>=(ts%h1;g^6(AY9wJrJ($ zH^^7_l!ABL6w=-)-_~`^QhzlM zvZVl5I}LRD+?TUmef75q-p?cYxaukBvR*~;vkHsH1}T4!j%jLfb*mhd5}^D%TRNaj z{mE}$Hvz?VeA!m$-NFd}RA_c@mUPO%R!XjXuN>O^n-&)2=szA3&Vc_0d7$Y6Agj6G zFgV_B0q?fN167pXy3)SzXx-6$tSJXzhK@p=S^g4fTR#JfyIjfUo+>XBKNKA6NnUv0 zXmc-E#ETF_7={;ryYMmrV-X-xrd@X60Wcz_8$LP?uj3RC9M*OL2M-Zq)6}TAM)F1Z z`d^Z}ki`D%2Nc{#LTsR}55*Ka!PKK2)u%y@1m&3)&LQjg%?h8yxu6~KumdymoB_iF ziX@F(?mo>^M%*G@UM4DeO2CWGmPy2B*(5=lU>XFGfTGIoO%lZa=!cBf!Z((Ki8Z+4 zi8nKbdo?1D(}7cm8#}^fkLOC#9k^1SHH5d@(;$=rPr7XxFd?XQ?iPy%DoFOJc!vhZct@AfB-1=DMh=GRRMRF`hCq(OE3`}7VEmHS(tPwUOB4- z7KHgn`Z@AK$dqaidn?lDdNHvX_%BsZfoYg(DBxc?9dsO?x^w4zyLUuD>p1KmhDG_`a$XU~|ZvpK*-+9#+ux|uj+vxz}VQ*BVfPxNh6g+_yp{ zz4_HU<5f!mGnI~oMSQ#GSP|7VZh?h!HcRV!#QjJf_N-ZCQw~0Xs?+@bl4=xYcHbUj zIA9Y?^3D0{w$nnWZk%6{vnx>tfM&KTsGss8Vx-%?sIP~91(2l)mKLr}n}2-?z6Zo< zRq7jMKQMdU?&FGMfLb?HtVVaYEb&@PT~*{EaLpC%&G4H89eNvc>9)`MaxzBYUD!IH zzP|*BiQ}J68jM+H9lRQyu8Kk$?E_SrNLOiTYQC{Kje)6u&feFHLV|vOn4e#5d?tQYfSh z%OBqpoU=fzUUGeJ6D)zhyg9jR-<*EkqZ1!-*b%k1@?&X*0e#4Yg5}{QT;Co>%EgB* zQv3r_;lj!YJvq;jmKkVTfqVhr3Vi9TL?4 z4$58sMG$bn8xB!Pzw>HS$1hy&>i-?i6~4AI`{7tH zf@LeWX`eh=CBGi=$*&ELJ~M+zVrmQQa*Z(wIyQk|1Q9t3WOA>Skgu8p)ik0wiI zo7Oxz`(k6jr80DhgE}Qu@Kw~~enWl@?6O{$tP|MBKR-;b(;Cm}Wdgs40-WsK;iNwS zwx_>vyT`o%BJ8o3A7ZS@jl!2!Eg<~n@=tQ}6e%{RVmra!pXfmBwjlc}8H_N>RqR(H z7wxuO!-u+U(z$*7i|lkNe9~EJFKm4B<=OQp=)r0MUek!&G3Ety`%M|9g?nro$1G^% z`#x3O%i;cWroZ`q*Kr$J_ znejOU?}toUhWsBHmFpie`!W2u(|?NxH9_YX5yfWR320p~MBXlkskaQ@B9Z<&X|+c} z-wg-z^;|!$p0rZ@LwIIr7maC`s^XsNFdvjPPsHS1hjUhh%clrif4*oFsC@N7^^wnT zTr!CQ8_8-kx3j6Zo7Ut*TUZr z2xi7+{JJwrn?JhfJI{Qy=Wh&FaUNND>b+L`A3>x4G>vBP)#bA>&}gP&|Nm3HSpUzb zM>+oAk^DD`|NDpkGra#j3E0f`rsYvhRG&F(MebFiEnnsZB+8Y96!#a7Wfgo1jqnDV zUUYYYVTl)qUP5fy8<~&(oR|O2mGe0hyr(3I#EC{7vidzD`f}m>M|lzI9t_qlK|HTm z-u3ddP3ndY4$t>${8ml6_MY~xKz!L2N2N`|m1>a_d7w%xe2L`Dd@h+h>B%`HJAJtZ zBatUL&C2e?pq-%)`=NujfrhG|4Budpt_tR@KBr%V>|24$fE?IJECeB~t%YG7`;ze- zEKLuIqo9|Sw(f8KCV?z8Xa!bX*m`DHUi)p3Jzzb-Ft;%OWJ!9 z$~`aK93FO&936%)PT>ALT0(M4dgNhq<(jbiAZznYd#Mw2tEaol^9p(4w}EJcqX@OJna5*gj?#AK$oq@MyEID62gjq5y zJ=OKtBsII#k&P`0oQdYt#YkK__Xhd2LGvJR-*MS?or34vXl?Bm`T#tBxvPS9Y>2+t zU=M-a6CbP25|_T%K!9dMb1+1@o3Vl}WQ8_+j+L!TVKMOTgO}WwqH*%+Uj9&Pq;>Q% zmmd1WF)>v~o{v>&kt1G{Yd_kA@s-HP!Be3yh;fW6?%k?r0$jdM`0-tuwoXnsC-dqu z^qbbcwL3jNivihDg(ibt@w^oWkt6$^Fap77OKf;A68>3o(r!i0Uxroc?0{K%6HeKC zGgmEpphyOs&SXLtxuiz`zpr#kTsON_&Z)X@kWDkwR01hftaP0AbrxiRrcxDM+K*|{ zF8pe2Q~rtpSOO{v^~ho1p}mlaGawCGy~~K)3pt@Q$mXG0DfMctZY`?(QlBkIxu8{N zvu=^@S?VN(nEFT=*e7GTtoG#+lo~GVGro^W(!nI=w7W@n;J+D@* z6aTs5oGAQZHA0Ie=OGQE>3JiAQOOW)<|sRltnmT_Qpvm}q-_L2@`==Upx6T8mpkkO z%xXDbzbD&YS^=Ei&%<@Oo|V5kI0{-W02(FntERWX^51kRRK2gYAZ5q~#~BH8#NVU*$d zn8Ib8v)?4n?#J(HXGWM zdYizzt;d9lC(bb(eUiDv1dr8w9Bor@V5`jJl`q#ggJR1dCD~F)Z7f z$Ue7}okKf|c1wvNdaLfX7n+mK=DSnpAO{yfOFoVIc7+7^q4htcqftV zUBS4-%DIGW^+a8GQr60(vWL4aC04mXU{9eytdmLxg;(cpUoe`n3*DLmV_z|*Z#n;$ zGQ+vlvH9zSfN`l!^_D~PKg3z!+gA*ey5L^%lY$FF>23@-<){%4yE11GOO%g^oFE|0 zs#=Rzbx5CxY4jY9m0#uf>g@_hfLQ;YTBuk50kD7I$7nVUyJIG)H}e%O*~fkY6V7R} zi#=K-GGQ>U;>uE@#jp`ZCBDg`E23?~MmCbak_WDpcIgC)f6nVi+pGm0$8z8UJ9wO? zF8Fb@*-)V<6#Dq6x_TGd<}gXg)=vMqqH)cryuB(33La;?#|kp=vR@Dg0V@o-oU0v8ino$=dy;ts+WJ<_W1)q3Z-UcFM@ z06LgT_`uM%!SABZA9?LSTT=DWFOR1*I(}$I67D9;#%eYIeuB-sMYuL$W>j zt($Cg6|0jp^O_CiG~_+JY&Y=WKLnPzK*wjGI+J`mwB%>>9K*ZtCEAX&4H=+z1&4nO&&Kga~ax9M+QDKINRHl?A|KNG$LDYxwP|Sz8Y0ViF;oCRF73O z%CW=VU9Q;orCa_=mx)<6J$5RwJBvLf5Qww!@KbzE+vcTMlaLaP|8sfq%!fv>M>{_U zivY4pSx+n5Jn|`#MY$)&xk1ozSw+Do*L}?*y3&DjEJyNaJ=%agyHZm>qKueLk_46y zFEKF(vUW`o-+Tq`dV<>|%^iuC+w;u9LC}LP^9rnvv^VZmT%TIE`t>>a>J;c2-cRcn z?J{O-CYWb#CNgu-X+&7~_4*OQ1DgZB6Af7%fizHGYhK+2sQP0XRQA3c&m2F_e_C)| zJ8PqWyJE-F!karmVWkX+=MG-D@?CNVF#8-{vDAGZ7IOrW*Xy1%@W*19My8MvP*_^m z&vndnbSYoX{oHAjw~nuNEnh8kCw;t1Q{VZ(CnAO!6TNBnm6{Y0^I%)8o!8T5EUX{qjJPoN2!7XTG!hxenYEg6*9PG0PX*-v0rY}W&QMTP}5 zpv_rEX&mQzAYP0vToMm0goT$#Ha1F34kvqhZ2@mafTeBu$QwD`#Gu&e1G}O-7sFqO zHGT2~mJQ!1SV^{l`2nDO{(OYWc_IdfdMC@mrdPIf*0(QzqWkTCNcPL>%5SKV+GTqi z9#HdYO(Qhu{#MD{o%D+lEyebguo&++tKnbO3|DY;9a)6wPL6hrBIgVW7bH zI#m^OR~aeH`=eEo9>meVS{$hSRU3>(am1zkItFZ?!ZiOH(&=5c*2Mgol7snH2fcEj zX&mBvlg)gWB<~Zh(YcLIcgoL6F*X?x&l_w@T(q)|Co-L^X-|3=+C>xzUms}q26;oT zH1loVFoeSqRpf8JS>>MkA2k77;I`V!1X_&L}U3}*vscytvGG`1|ZV6amWIDxl0u39)h!vtkQMBN_SBW z3_gFQ_2s7Ki0s(}*j3-?d{cYKKZHPAvQ%r0Ru&d;IsKYM(KoHCemD%U1@a)_G|QVz zLSqoG*=kaEZeZRI#RC!fiTeOcrAL>tUrtzN-$|zw{l396c~hrPsqAFMKB2qx-Cta( z&H~r7dUa>M_xpO=XFCcymt3}*;Xx6Zb@f)2i$ah0QO(sHOCorAaKobPCf?!!0d?ht z9^#9qH4}8v012smIbo25&Wr>ZQBm zC}Br({BQP~CfJhkex9Q}lvP{?aj<}*hl)*GggW}n$5r-RLWn-PI(hBUh5a5L*(S4g zV+%#0@O(P1*GleCMEVo@mI0jaW9NPj3HA!cDAOgR1|u3BR#xM8*r^iCJ*JqxVor1S z=jGkRk0D87T3k;2RfphHA4(;RqS-U&OLvJ$SJd+i2tm$hP{^H1nKOC*;3M?v=iO=1 zk)I?fA&w@Pw~q_=H4wGRo6&x!TQ8u;oCpq-ijz0qJ#g>WW>lk9<$tQV*B-65(b)Wk z$$IE%oV3%*o*t-Be~x^pw>2^G7%u7Fxk)kc4GOl$`<8FC48Lg|1-`40ijP&tG+Bu%zPVWjh;qt(>ThS8}qMmA>b>77;dfI7*0WAOwN;rhQb%{pAU8o?;Vm-opsW-jyW*IZgsl4C zNAG)EjgAao&|uwj1StsHa$n z=qdca+``Ms;X(MqOfK-mGqY$rTT@e@#8r7aYmhr}T{&IWkJEFLdhXzwZ@JjD0$A81 zuXStJAAF~JK~P^iO|TwL;KaLdcGJXs4h-MW@Z-N{Prr9>IDjq$Xtp^SPdsy0*=W`_ zwyJ@qwec}s-e&2N;0GWp4&8<;x3ewS+n;O8`f+c$*i}p7L00UDk$d%ik@RhZ*2fJ< zqWB6zD3Y6f=QUE1y1n zUqV415{LZf!xR_GcD`~Mu6wlLyry#z#H!(GKFI+2s~zXTDY6Y*&{vb&a2A;>hE;f( znLCKN@fi7v=!ss-5E)||-0R7?9Y2|(39?OU4^ z-gSmOQegDzV>Ckf3HHyhoYj|uWj_s z-y*$vi-?Hu-+_orgTp1MZt6-MlJu#t?xJ^EV(ap&+W&FvKoqC($1i4To=IJ@_fYjS zv~^)HQJRibIy_Jbox3?uCWdLGw$J3)#orV$k9ZW%=8;7_o_i=4!>%+P$pk-Jbjh)E zmN?xyV9s^jO1^D@xQy3+4L>Xeu zdZg`Te-sOn$Xuz5dd);1DQd*&uW<%ymh}6r*##T2H}b=L5-pJ!%EmVhTcJ8oQ=J$3oHfI1%Vzh7^T5-W3%Ov-uy3?Zw@>N228K@-y9!Qse-* zXc0|eH@v@kWU&0&B|F&5)A7IP%ddq~4fibZt}XS%qm@aAnjy5nDPLRY4uM7cd)oEgN} zg{fryG-21E$1!ImeO1r|YHjl)8QIZL?TT!3qs)xWNVP|PLVl&^v|VHkWn)C+5oiV{ zQ~+jVJ-70AcDkk7FPV=9O$sNQ7ANcjgKPyuiVQ=_OdKFF${~j`FB)8;kc-RJ;fs8N6(9|mQW3Q3Wn|5^<5$WQ+IB|;{5HXauZpeZC} z7q)=@j=mCpeVZ>~r2oB5*#AEK?;}Sv2A%F@Aijy^X=d@w1y z7jEUphT@sW$47(3JwJ}hVh;EOr-BwYD}Yeh8;8aKKjumB4<#9f0qTsOQZ}J-%RDqZ z@OSt?!;_!a5BF1k5s*Ajaa}%{LBquV?7FWDE1vA77 zaXB6arPC!n`h1usn(7iEdu)FsDtxDF`wq|0mRXclB|p4GET31|&jh%Tp|5e|Sv)PS z#;mB3X4B3b^aImW2?YP1r*~R0M3|~vY&orT zSnJ>ik1x1$8*+CuM=8!gJkCN}590(;)|o4ZFn}%m1;zipsy(%Mt{84H{8r3F-(J!W z@o`4f>~W4tBSQ*?vB3EgWwC$v@VA^(iGtsF7%t1je{JaN{2)mmj4aG%yQbJT^zuV2ctdqG@}CL9-$u=3vg7`zYrX?!=G?i z>^B1+Y#?>!|9rgYL*?$KVvdLbn8smdmZC-mGIJnp_`IJoA8}Ct=YdoKjUt0a`eBv| zGOp~bEOV_YWdhPz;Y<#Gtp`t;V&G051#vP!Ev2li$d8Y)iX%gAU{oWcEl~JKkyDnV z;;^Ueruc^DyyDSb2gV6{td4(7fpPT!@Nf!dtQm#aZIz0rJ>a*OK7KK?4@q~A*{gi& zduE0P*?0k*F8tkg2w^UFqTC|r%1aI!#Gn)jp2{{jH9EYR-*F5SQtrA z)!*b;CGbRzHXvyBIf_rAoEIllO6J!Ln!%9_PT0&lMY`X{s@|XfA<&IE<>M!EVffcA z)VgHU-X75omoq)H%ch__F@;etl%p3J;N?-ji1KWxL<)6rv`lsJQ%PlLeeQb^Iclj6 zRQfeeJmCRA*n7=uj?(*gX(*mYLrzKE+1Adqc*@ff>kS+*C>``A)e(hxSUE{ECPBj6sRrm0QKq|A(wWeD92DYsMs* z*ssx>^l;*}BKu#PQUWPDW2vg924Nx|VkR(lJOjcmwSpp3Or=A=!31QB*Whp8!4YKp zTrgh(x3ceMeXa$ysf5H~xxcFod`b3lETAN=05YhFA|-E7;uO* zjW``y)an(hN|9fIf?y3n9P=KfTvA8eagDg{O6Fo=9*i9oVkof z^lpBldD0oXz&!R;I8;gR*Nj~oLy9iI6a_%?Kj9f2kub94uG?n zFm_AU?nztFiZ|_fFRw)mISOOc@!}!{Lr!Z8+EZ73&b)WCdXQwY&TBz6JB0rbbR_Dd z=zr0mG=|aegni;s-7VM4GK?+*{b4LTRG`aJqT|8 ze2^rt>rc$*A8!R=h{3%YiB8Xiz&=ck5ymRIaloUNCP5rFdv;Zl5$;?r+56T%_E_|p zolK&Zg;Qx!^=ZW%DeL;Gp#%nH( zta*6VecVJ3OW1-hJSit6>a{ z_{7Ag>c^E0jr=y!)ffMzV%FHg zQJtr(5b;DuYOF`=&CX$!AV=rB?${f=&ZESOzio$fGappT@MLhLaB;%sI=Em1q%J$O9=l5n#J52Si?UPIHATC8$X`sUPT=~s+Oz^lqbRkF~{U1dpP* z(~OA@71?#1K9RM9B>ed|RSH)K(%sk%SOSzqWN7!!xmm+*qvm`HwwlR@{Z)PVq^~C>eF|f_8%E7E>RU{t^#G@^3nIMNk*;{b78$kJs`gZ%XSaG6m+(+r z){Xb2NRM)0x1(R)2y0cQiz;tKUGk^RAQ_sMjXWm`I$g*6Q>2{$ za!;xsfqVIXW~}zm#6yZs1%@hr5){`MwgTD77FeQRY%k#nH{sXH#+9Ahm)!Oy$0+X& zPPe%5iIZW97yKnL=BLtsuskOWPQsSa|C}71u8PShV%N6D*JlauJv}%IQ2a^_`=Ub9 zf%Y4~|5texpJT#Yre4Z^EI8dc3<2Uk|))G=RB?VZ7lK=M=J~N)s*oqTOf3 zV=zYzn&#(WCQjsB%1WxdT8Nou7pLWDvn3kGfm0U7P_6JD068&0ndqj^S%WNYrH>Cn zC^N3mkZ2;H!i;^0g#;}Bbh;ga^#awQ+{WskG)hr{QL zCmH+_@Vp{7R}Q&QMhv z{KY47x7mqhGs>RSH{@(X8I>KulQ@bzU=&*Kf-~R3hh={}w^8Xn_1bB|fLhhFEWN4RomuukHB}d^w~%)l>BeDIlC)ke>#R-K_4y@Zp?-rN1?_XN zlahZ}OM^L{{*h)K?!X@tMd2-V$oikDcXY_)1_OS2K56v2_`NnP;Epy4H?%wSwKYJA zUAw6hrLn9|UQ8a0vd|HeqAv?2o4i#1o*jeiyd+cwQL0smhOE7Y{9gznnzvzxRo~70 zeT;ietmqmgbEp_h{!yKCO=;-UV7EfZ7iiCG$Jm+J{4IGp?yZ$)-+ezbKPu4*l#~T1 zCi#!;dH78CdElLbP_D|B5bt11{JQBhU~l+5%f)0pJiT;ERb1rM32vrTTHi71c=kSg1-DN8kAw zpx;+07Ix+-9-aBlUG679BVaNKr8Jx6Y;)~oIk0C`hD z9iv=Cc$b@Lob>$RS6~?V2}eeoJDpssMvzfgLC#b><+3+dK)+W)UL)R`g1$4#s^ACS;CMO#RV^B zJhq0FBeEIrrKPWb^$3d}Eat&t{Lwpd_dwY^w! z-^J6Ne!wnQS>&+|zif=&fHWW`r6X!z(d9SXBbZ)m4Yw=0{ z%F-d~0kezHA7IumX5=3v$+2zjLJ~_d7o1}kkK~4)tH87eC<@X&|FfxCBD&r1eUj|0 za2U~@H>emHVz@GOM>?B!i%5(b3meo?o&vhnKungG(rZ#v1Y`M~ zCSg$`vw~~qy*u;Fq_A+3i)yfPR;!n0`R3+Ve`a^n&p8ISmozzJbx8p4eZ9!{1xn9C z75w6Hg&Z=B$tb$XzS^V6hKyVc2+}3uH{=Pgr&7kmpEwvS^f=%q;j?3m3R1PPL1HoQ zzfchy1&S6=|9$Y=wkA*aog6LhHn~IfdmNdmZ_|dmuFq+<#=h_3$}w-1Lb%lV6_Rj} zjz0jDPgHX0$?swg*~c?p+cnuYF0K#NKeT*~cNgvb%iGeOUV&&BvfXx0S9`56Oi*wJ zqNXIx&h4W9hKDN~zh_b~zRN<>mEOs@6Y4spv*qh3#V~qFHA#?crX?`T-dqFup5&lu zheN=6umJnTRXt=H-5&lNj(-!Eil}d@b zGF>W1nJGdn%cRCy5ooPc@+zt{iSZrCBf|EF;Ua%rZ0qT-V)aI|xQuRInePn0Ut1B4w9aGWLK zL*L!zqsUTJK}=qhN0Hx6?HQCgXOgd7u8G5K(+cbjh*ledNcdGa%OT8AgDwRCKRSTv1|ZppCc`Cmqe((V6ls{i{6;iw5^ zd(6{B=Vk@!TZzsZ6Kgk>k|Bm1s&K|7)=rnpG8noBCSAIT-aoEyGG{-t!v(!&t8RXL z(Yh)O_zY0-pIWBI^`s-~;LbQ>CUxn_)w`i{?E1x%_!&exg~VfBVd_C?SiV8O*2!&j7YG(!XMk> zEz9oWld>~3UO`KPfZ!&M6n)Vch2O%WIqL2`~xP#V*JHpeav1@PtY0(2B9Z zTT-}DysG4R<1N9T!(oz;#T{TLSKsPVgMiCPXmggOPjDd6VZTPBjRh@I?D}-}+u~6} z$hSxEuJGjMT)G7IZ`bwCVPOGdy=L3lZ&ElL3)hnb6zBHvK~rUQs;(7^nX1Zf5Mn1o zGw1l+%V@X6ufgP>6-^KmnQw+v^OBCxCJo_ZZ+kB4eMt&RNaUHr@4E$=A>tR7rv`JI zAtl~qhNKizNOO8$4+>23J+a1ofpGj+>8H|WCGOanzBKAlWY)3V6Vd(PH$L?pKj#7# z7iCnekVY227~>v);ovHJk-}9VEKHu1l$42P8v?U|geleHY*XGGh=yL@IJkG-f>G7h zwvf&*LEqeXv%ZYvCrU)JZD=WfweEbVOx|$`qWrY(BUz4l2^gr|%R9H}{N?kWhfzcA zg4$`NU)8~i_aeUM>3hx^OR2V~92v!Vrt}696toXw7AME??QP%u0Vi~L*m~%b1odU; zuV3E}d19TYi4|@0G%0`FjGdl`FM-xlq>oCRd^2%vO_wHvW_K6_hZ(sI7qK$eT>3h#$F)?6`fxg1L6*z_DZ?(0C4 ze@83VpR=uLyyeayUl#ya;g@B#iW;QeW#r=S%BGr!=nEmr!GVI_Z2w(jON7WKJ znNWVl4ry&o@i-biiP@_*G|$_J>kfR#@(%MhWAfT*=vhz{TQY8_gHL2VxCl%{yMRkX zOWTodu86!o{`&U;2Bw^JKsz$_?2Xo7a)46O>vPM|YA@0+GjB|R?0`o~tS_!4%2?Nq zY#;xZfR6WO1TU%9iorm=3|vw8kS`4sg_eHtG_{CGR)9qqAw8Qw99eE6?AkTE;f5>V zOEZjt#W2D3A$RLTqfeI-Tu|l40mP}_DnV*qIP(r~oV3Ea;`NV-rmL=b5vX6Fq&`-l zhYI1ECh~s$mYVG2pQvzNdc~n{h*sCczlusZeT<}GzLpYa)c63lu81*j%MPl)C zM%O6!wgWzh7;8HzRY4+bSdEOpEcaq^_l_*gamgK|pAVU@Tzg{wvF)j)EG4g2NOW>9 zGli-A>ZbjWc%kPt^M4H3nRIK`mez}%snQLUn_CW%IUXDxzyCf^MD6t+iX^oKemvPa z!f}92(>z&EJB%`NU3v^p#=X#3xa~jNSMcMO*{S9+K!*yULxFg}qU2FO+7NHg(LpyE z#pTtR4Fpx7!am1BYr@dx9jY8NvAhq@08Pxq2I{!`R zxu#cUh{a)b#6w;EDo|dKGBfVnFm-oITnD*MTon;{a_ztncLM$gxN^}vz*?%kzcBgt z)p&HT|1JzcAk;YHs@F7g9lHbK zC(P(&*UST2o>RXw_9pwxxxleII5VS5Io%O*Cdd4BFQ6TxyN3m4j}|C@x{0|m7N_Et z871nP>GYoS5GNLXD9~zhpj5=_g#0%_&lvbv9PvEk7T{pv!B*ge1D97a&Xc;0jw)&b zG!-yEZ$XQqqA+FFki*IKC?CgDt&%D6?8#+F-Y39GvY?X&bJB$X#5IZI3tc*~&;>uH z@iZesnezMElwOHH6T$Sr^xbLZz9krUdg-+36`0FZ?aiD3VdaSMbqalCDOXvGV%ZW~`j;9;xb}Ms4$h7Ex8+sf zq+akAT_>~ZgAK9;umyR6KjUK#@Ds~EjE$S9wH-(7QG)>MhqWLN+192`{}O2#;Cz`l zEOmulQZVVNn%CaE%Vm`7voGbzopBLo@qt(f7RNc~?4-y4VOVOhKmoR>iUqOge@@*$ z&rYBSdqcNyyBl?b%AYRMMV%UYtT6Pjt3~ohwVdAv@ezG}d7z4D2V&O$qSUS(u)29&6lZXYe9??Ik+InMuM7I2QGj~*U$r;^MbfpuSA0D7o zjd0l6R}_fU1ONNF6l{CENTkWdvXxx|Z1G(Np(LPcvKe9VlK~~{`8_W~h7)G>C$tzN zygd$WHJf;ZsJeCz81aZLL#-0ZCc-*hR3LlsV)d~^cbmv4}$2%7X$iu@e-W_pvR_uX`!mGK;wtcC0y>LT>Y;I@=6@=;kM^(~{3UN>A;)WtAB2 z#!Q^eJc-f-LdKl(8LtI&6Zp8#X9RTWp%vQOdTGf>#Jaob^H4k9Pla`@*GF|duR)6ptS}df8P7}74bq13Ql%yk>c+R9Qn*=f zgE#E!{b9;>0@qnxWlYT+o!ea`!U9zcYmZFf;el@8Eua+&6-KPCznuPkK=j~2;PwNq zzYmZY0d|fj*slI0_keINGeRH!HCE;3k0xRw_!A<&tdgKhmL`@3w;zmm(uMUhGeK-j zi`6ouj7FIDXbvcqBQ}c`^(kuCG{f|?JZ;~b=7H|(?o4*k!Nr$Akd)F;hL@IDTQ&nx z;`5IU+lPkk5{mp^BSt(HTF7i*iPjTEfPuW$sxq@Mw1xqBe#6B!S6NlcN~+Z zeWZRxBR(&i+jyiEx+`)87IeXwm~U5?PF}H34h7zNPu_YRqtf^BvY)1|-tU()8Px0j3LNlVq#JW0c`7%P}j|_+&MtKJtipa8ba`0 z2wYN^ITzj@>SWJ3E9mX_+Z4sXdidC{{c~E(A}gp4Rv3(sl)(c;iM4())I*;aT@tSf z`S;+l^;;7<@}-3 zR?{&K?57>>V2nuj1?tE7hP-G& zb7ECV^t&9x2dQuJ2R}q7nGv~jEi#}yj{13qKZGXkY7sA(`WyDfjRkJ_(nvr1MrBM? z>0jdLtPsjQ`2-j~O0xU#_|vwF(39xT+krXBfnkJ|So09ug#EzUi2oIo|C!nUUD#4M z*2Y4Kdr~h+5n=JRpIxdAngyB}zN^f?J*S z%5{Zk?1;%PGe?JvgKZ9Z^1naCG^mt>2p4EZh_l6wz3&3Qj%$6^w8E@-2@}6V4B~Oh&l;5RWGMtP4XM)mWM<+L=OS%D4;4f-Zwds8@&WaU&2RzKB;V=@myZc zRSCd3=3Z$%(7@zP`6wvn7kQiI!3+en zEy5n-DikZ&Le6&-S`_}H(joBJoQgwPK^9yy0E4^ld_*5PnQkXo9$j}HOa8rgiDCc`znsxrN8`V(G5x>m9{|rB zD`iPtp*nUfiVjwiP5eK`#~gIilJxV(>pE-Fcg>5tIfcFW085y4B0kMb_I^xfJeTB< z`zmQuIzj(8JcYw7oihX9`Kj3f;46?8xdp}e@Hxk43B?$Gi%I|uGT|1<)(n=WZrv!0 zAL+fPi~TcH*n)^Mu(-I1j+8m)#fBj$)6J1lsJ|p1Pd)d};^Q!u(q~{zi>rOi`Z)r>9kp zk1gK-fBx_lY_#_cON^_CzZE?%l1Ntv1zd68YUST~dlYu)j&8)ucN!W4EHb~V$yhAf zGgGhmyplE`C+r7=>BA+Gd+vI$QiMri@FuV6+JA3KHxf$tQjV%gnX3Z@qmPjOPahP3 zllo3kU9~;6-r5+ZtRbnY#p>24Kf{(pk0>S@4|UlW75gFZl6#`pK}cd6}*%LK%e!QA*^3@P-h_r^CRX354s)Wh3eA zngi)%BZ8bLYgp1}=VIq$L$G?5Tf7|Qf+z# zw48P*kES_uUfMLh-ykfidE}cV4baqQSriWo+s?G!r6O{WMc_`aJvjXIjVC$ z-bHJ#J4O%^)CqHaKTgiVb0jV)YC&vbk<<21r7@*Nv)ZMVYKPf-Rt`hT9uX+5c<8-o z=_uvHS;yN=GehS#7tkxmiQr!}il1in*y8FAB}AjQpM~LUwgh_azEZs~_w5x~yJqY` z4|_k+fNV=s74xU>D<}(mJS4)A=^K zd01PxPx!hx5us^}o_J3n(~dsi#~H;3MSJZ>de6VyXaGJH#LPSEC^}I&Qnxd1Ry`Yl zyCxS0{#Sg4%l^rd?Ay1z{}O|>gr5^d^T-XXOhMBRWxQ#(0W89_KQzD7iI2gpvOK8s zUu2*d%oewXgwoB2*n5!q?q#EVmjHf_QB6QuOG>O)TvqGNk+9YGhU3~pL%{H=8mA!* zVY$3hy~~Ho9NzC zU+#eTp3i5pth~FAx=-s}URp2aJ=EvZslyOr!-;=KNZkBIF}J%;EgI_>=(N-5UQ-oc z7uuLi>b1_)s!3Y}1N}S@Hms-$d4^PM;;`qvGv&H4}?_> z>Pa8fx`9@8M}&~TundUWO{1Wj5baMOQ5pxb!m4F4Oha=WOhFScz&En^@lfEx|H|=W zZeOiweAvmv0ij@L-Ix2WN%ExDWR0a(`T=r85((8erufk_VOgr*2sH}-H6=r(2bH- zBVG6%(!&JkjFGGyGXaFPl5DpJ{_5?Z@Jn9XXx`cp0keAZ(z4o7uG(k-x^`eY%_tv@ zLM^HbF`M6ApabRLBBR)<#luosx(WLTew<}4;4!0nyljw^`U5qJkXJ&SmPMiz>?~pR@(VNUCWt73* zVD58#CpxV(Qn%Q_N7*E+1HcNtzK9TE%WVn27%uaYKPJX9;X3abP`#O65Y%?4s>Um| z=Wqhne6!>IfdQ#e>Y{TE)@wCHt;(-j?Q{8uP6!fG-y`Q|Fj0L)`kT5V-teJBq2Fmg zE8hNs{C)8LSuf1|AV|q2ur#?(*;y##kk+?^O-y|TI0gi{2bHns0v98FBz06Lu0?ml0!xt#?!7OagU`* zB+4n^r&d&MS%)?Wk^!12!BZQbIg#O51u>+jVzxQ{kl~S$d&QCb?$+QF&CvTqo1NH;F;nw>BJpI290?Q}ws|A{7h{sWHruAjMPV;lZzP%Bu>VG`= zkU2xFB~s@^_;9=muf^Te(drALbf{Lv*G|%?+p{svIQD0C50l-`)>>jGvY^l4^_47J zp#hq6(Viun5)cNywf30%NbaggBhO!0$~iZ`{j<2+>d&)%35Sk0{x9Rw0O`h*4F1b~UB!B3-~O{<9YXwo zioF*2?t89xe}oVX^oiQaR4YpFhET2zD=seGzvhmd(`%&6g+`1v@B_oR%6+X3-&OcX zKaMaV4QFQ^TZ|^+Lb`jL_^N7iIv0!-T{Ah6hHXKNa;a?42N@d_Q&XsS*csxl)yM+P z>ldRhu~NpA{DwWxZgI)1KBGq6T#zop%lXy;K_^0p-!_~!wG-Zy=?e#W$t1BlY!xKm zn-+_u?U!P#oIK|+P%qk@``0T}< zO0_3}M?$~X_NQg9^45Uw_ctvfpm_=81S+0Lf#c9WG3bPM=Gy%!Tg`1kDkSeW(Lt>I%-)-J zyr8||p?1BQ)90tWNH*;(xwD2W9|{UO;>HjnH}8U*4BGGR@a4hf*KouBQoOjqG7Cr< zdv(~gI!EGK`Vgf>$Gy9i(p*NPaJ($($5Jc1bKbSF^OM0x0$Ty9BX0a3p`xN2bkDh! z$`i$kgY^oW2U>o4ZxDaHRcob5t?o0oX!acSH`h5)l((4U9_Iv+-Upj>B z^Ro~WO@4598}Itzm7i?v&m2>gpAHP2l~>x~5!#&0uTz!u{Nok(g&WE7Li>T{0--Gk zzT1$ru6+KwExT8JoDHX^tt`Mg@k=x1+{-Qw7SVSb1j}=E$_+-ab4Kk)rWNfS9Xr>u zSvO0FNV!9ypr`Kyf_|-am}b~1aRzBHx38~Rq_IJR@p(s=uFsXhA+Krppaj-hvN=lf z(@>TvtxXZQ=ap5J%Zo-Qw%4W*nZFN)DqQ)9?XORVMvN;l;^I*I)pY$49pNl=WXm;K zZaUiHV$OI?4V8mf%qhe0_ypUzcs-)TbMzdvIh9Y}1r1&QJ}dPq(~q|L`#|*XgK+KZ z$t#vDmc5~Q;n|nqO%dI6!EQD=Q)*+8y-gApNI#XmMa+{{qiVS1yx zz3o6UC%eUvr9K~E)*yno&q)q1c8RHsfB6(bhi4cNf%_|7j_h-Jw0+zR4>C=LvvTuG z5?7Ud9;00UnI{eJ4)XR~*lE8lU!SXn!#9q@l>)!Hku2Me6B=336pxq%k#yJEB2FDw zOaeZLw}o|Wm$kVEYdVs!CEq6IIHw8eMSc)MIyw%dEE}Wrt96=a;VZDn)j#NPQG;6u zwOsd#l;i{Px!ZUJ%fV6W$5|bH<)Skpg5|e1oifMx&hgJ4UV-V~9#sRkvy4+O=u8^g z`)%UBwPh;t9iP9PKUv#k4h}8>X+FzUII+{0?_D;qf_GF`bPb~eN((T*3YZa}-TE=< z#lNV3_f3S3IX8(XUMVu+b5p;`PU>k9Zt=$>-Y8SmItXgCD&N5-JmZT9{IVJal@eHd z(78pP^qvX`5N|tmH@NGQ$2xWz?44}N?CWENprhIVCt@=3HCG!_r2BVj!+?zLHR5ws z4dG<(1KPFx-w<4k6)mu3iRq0bg@X5MR<3j9dcFG%!iipfMP0^Pb?S9r<-nTz5JuDW zX2M=ljP_9Ydg9?@|ad(4X=lBjzh?a|9 zdX{p^OU>;R-ZrjwN#4q|uj#vEJ=XuAbWgwpn zo$vUYmWQ|T?rm*+#%rkPW`j%`lYlM3cV9i53ESne)br@|O)~|YbVjN1WdLTP6bNi0}R20p|neBelUA5E}_0yS`+imh{DP`zO{;v{!@uOQB zGqK&hg@UeF=EBE4LYQe2j%dMHkNo^f)G%*6NPv?1;*evL6gF3X{P5Rf;UPOKVI$(q z;gG0JaAcItmdV$ny}TSpy$^}=AL<9TYYfz(CUge>rM^21zq51{Zhe&s{)uvgNjUm^ zCu`t}Ll=F+VE}5zZLp*4Z})JmuaEe0p)SQ zemO&$yRAUhaIuc!0*8c;V#wgJP8JwCv|{7!8Rt1ISs8ZT4piLlZh0!{+--y8yBsLMbYAi;sU zD~2O6L}|DqF$6qtyGKN7R8*AC!ckPA_?ZaNY7ioS&C~-Lk+dQtv;EP;^iV%Hy`vg5 z*|`NA5DWm5{7C(s#D*qKxy@pLUDbxU2ymDL>|BcMo(P-$shx=Ll=b03%QAiBKlyU} zgd2R5Ih{U(z%un{TS6QVJ09}A!mw82%7OMMjJW3Fc(7oQzJ#NrPM*QNl5kU8w%L;; zkyRg;yYR2axB+WG3{94}Ax4qz8&ol72xRg~hdXIaDk{wk`b0PEMvsqnuD$=bYfkh+ zk*4+*$u0d!$SzYm`MeGnQrhIu_5_)F!^ z6+6fw@CW(YCOu>ZvpLm{->KsxvS%%>PEi)#YZ_j;9z&6_?C%?|Czb;MAUDB|B45@A z^eAm$8Xozl+{V&gIF3~1ZB`8XPFDTwK~@@a1kmAwH$J4c^d?vM$KAvtZq7_Fs&sNE zl)7Hs`Uo?=9QScCwn%oUGL?{zl6fpCV-kj;L4L`5$=WnL70N#4DGGE^k_5_)><{o} zr`~gTUV76P*A|Dd?S?wO=N0bOi^#%Iqiq6t#qn0+)f!RBYXnKa zc-R?-am6B$aDgNq;kNn~4V&#ud^x+G%;Hi}UtjV)*cR&%9^!T2$4%NF<4$_i47r*% z-Dl~U+Z4zU&agDHSrShe_@SCM;`5p6yRkIEp*Wuew zild{a<3SfRV9!Xes&~!A%||lrH>4)``>^31&6azWj8=@%3Nzx;hXFo}(=0zkyXo6m zSK9<4RAnLfM?%Ao%?*XXz!qbbSVjm>WYSA&LRM#T>WSdQ=WQ6qEqq3hE@6g}sw*nZ8HTysnLPD^&B6HVWw@wt)Xx`eRNDZ#&62!5)!l<~%DzgI$rzgZ)lsEl7EPXhYgEb+Z?*;)<50C@ zS0*XbShzNB0MWFXcDjY=gzrRq2IpJdqu}*1J}A{`W@Xl1@AT->*3%ymd}Yy!?D8c zCZ>hGE^T%Nxb+>x2IBXt-E;`OZjm;S2sl&>;T<=;Gq((CeG?_TM?2{4yLL%?lh*^K zfn~$AnGNhikAA8X>ksV61d5{+(jce+$&l#mY`2ec3s}=rI z#iM0}e|=YVo+~#Jq;$tSfnI7{k$Uby02rx$DI6G7$(}7l$6jWt4!gk_QRH}M9qxoR zc$m)hcCPR{8q(5P@Te4T2~#5Xa;xus;orH6@2icf-jLfnM8ZJ(p@sd{Hu=SiMRnH+hy( z2XIf-k!KY@HS$zDIz$!i)%$8Q^F*62gk*Gmib+^H8P80hG{u1*F*eB9p*?piWUM-+O|HBgr*?_vf7*Op7`P@n&C=&QI%27sP0(cB(-T)P z%V7?&WB~2Nr6&_EN2qiNB^W%Ucg!Fz+_mKHK`Hy>2Ku<@r3qRZP>G_5-dPcmuloZe zXm!L{GL$~Pk7HL@>C!pyxp|mmp*|HJht@Qd|LqpYvVTQiYU4kV;x}VWO#Z4B@S*ZZ zMnl|^IhCdRlY>NnERF|&>%!@XLzd8ovF<9}Q^I}nefI|;o^z$M^J}I-Pdd)$g%r_cFyOW6~?&Mf26uSoa=TT0%5BMR@vRL@{LD&Tol!cS0sv;HW z*Bx2uk~Z{5?aId}|6oR=asgh3+0=|8daFT$6{fAEpLWQ|>X@WA{tAD4ZQYjxfyFvT z3*`<@RDVe`5ns9z>4`=NMeb{UGGSA10K$ygbQ3$5@p*on#H5DZ_2v*oZWxOwo!Z0I zjzh?>GN7SfyNb~o`D}eWo^Jw|jmSqPy-I(8{YP+7xXB4by58DL&$pyne`gEv+~C~> zllu9tbsfCcV&dAZoLO?$^Zm_u${G4=0U`GHfy4=BQcGEf*Z2cj#t)%4zN@e5wKel# z`RGt6JfCo8p#A_`4uWzGR!pM@1W|)!n3{AY``j%1{)oaXQD@?7^0;S^t;zM+qXZTc z#W&HDWjpVcJ`CbC1u%m-B@g2qDAni>p`5muzYktUYI0<2mM$CImj39SIfv-o0`BRV zh@R}N8eGc6CYU^gUlM6n3;sc+2MY53YUX&>%M(SmEa=!G5^)t9uKf^vRu_RQF16m5 zX(3_|`DW`?7{%J-?(Y}aUfAy)IiOtcmziTv;|x~`RZB@(^r`Ce3#|wqBpWmsiZy1Q zlbmu*hk<#udCb|2ID~o$tx?xGO1}aZK@-s<#pg&Z_;OzcWcP|(GOTnoj8UgByAi7? zsvvqj1Gxss@10NicyiwjV4K#>LV^B-2R73Q>gI~H147{d-8k9_HmT!q>Z~~XbsySg zAKEF&)pV_bqOHL)M8oFC_oC{{F1HkVZ0Ch7TmJKI?-#CdZGZCtAF42B#uh5G`R$#7 z%_>ev4FetC*dJw+_{-i&?FD?_|12D%37yXwzqJ%b#;Hf03i~erYYU~`riiVW$6CB~ zsbvzPmxrkvQUuzOz94!14WlR|CH3s5bC{tUJk5YRxM$3MLt6kztEL$uj@~7DeWUPL z!j+lxGT4BenCi=FF&}P_y&TlFFcbOCpQudJR@_wavzCf5coZ<6ef|Bh*W<0~MnkpC z5@#6zt%0YdLhL2F$*iX~kBS*~ddm5=Z~v4mbg}wdtV#I5wl)uV%!784&o2sXvZ6;* znvz4EKBMinr%{1y#~!u8{BQt(PRMIz-4|W2dI6xt@KO#TKNinH0v~mKI1~ zWq5ScqJ z?11u(rp!?W9>DPsqumRI=%_wV)eq0*c92!T@Mk)ts=6Db7ls0(N5WcWpBCbLi4}iO z;5g3>{t6PNpLY>8uo+fJJVOBWbk7#;^7aUa(Vez(rX3w)EA zKHkHcbR2&RtcMqFyTw%*MO^#q^O^VE#+#`WfU&AMaoqldr7sB$s{FlXRIpW>LLcF{ zxL8;?t!q-wpgsn>yO?6lG#MzTqb1FHC@tPx%v?NM)zTFI`R>WfU!2T=Hv-wT8KP6$ z<+q6vBv+2%7vhUnBH?% zIBgl#t%?aRsd*~R@k4@}sU|l5P~OJ3INrx=yXt;7o7-P*qbX#5RB=k)UZbfUa`PP3 z`sXN+W!X019!pCxY3(dgCe^OFH;Yk5o0u1MeAZ2Mw87T7boamm001ovkq$`Po~Be9 z5JI5)h+O20xx;bL)lO#ZrF=1l6WHHuh)KC0D;X9Z#G zRah*XrYcy#R8jXkz0;^Wg+tHx$7Ps~23K?^gs9^a+JtwnxoW^==~q}GnaB1$j>}CP zpErH4_Sd5rms3+}8n3%7pD^4>=9&SFX%iJrQZHXU$ zH?HqK%K1RD&Z4yVDLyjBFJJP$M>wq&6Yx_JTu}!}%w9CyjBusH^+Fx?EjFHq{l|_~ zN9X0pHV@!jraSWQiVr}%y(JxCl~*Y}xWEX2kU&DD%pD=R(1zRH5w5O-Kp@(20RWM6 zZ@N0C?M(3*Y28>yA2%392ye%UbzW3cB4oRf!roumQEs$g0rHhDq?tNd^fU}Xlr2f( zOL!$W7gP45G-v>_}rS=r5V~GBU`w83k6{6sf{_bxT zj(<=)m+@yK?9hFj3jeeoLHl>|n^Q|%@O4wZUXJ-)GA_*z-!ODbi#?}~4r?eq|5)Wy z3~3Oe_POp{1BGORU#zuWz5HB@@aOYR)aS#Hl~`?dlD#7iMpAq_R(Ln7;Pi=HysNWj zh~V1f34fpdvWkR>uMmZ^c}kvJfroUc!REP7he|N(aQ3NUO|kr;5Uq=krNY;+@)ODn zAEvzOWlN+_Vhtbs>ovDV1zTo8roXIonTo-HnTCyB%^8Cz?_BPS4HBh<{8 zFDX=~=vfdv#g&3bfT|&L3*K|8i4+kbxmwl>7q||$?D(3pw2wy{X*wn8WLS1#sYmN9 zD}$dH2djQ)$$h&XI5K?q4js6`5zQwhi_PP+lUC$|HE?_D$q~LpmZjmoia7aX-M6&Z z@|dprg%h~=ErMPmrPx~Q_=_I*2l^F7@810INJlaAfX;vr>2tj!520T_s~2O7hLxUM z4t5IDt1*teBr*SqD7eo*Wj^ffp`Eeyzn*>Nbu}x*6n|*f5;&C=6l_!xNMLV#Nu3?l zNx8LTx1Qm|WBX!GfFC{ah)xSz+E{U9R5_iuLx@IltLwb;+v0oo1i2( zLchz>DDnE7Gz3uFp7{3p@Zv-2F7;h@!3*)_*C#Std5s;NXEQ?|JrqXwJ5^W(rcK;< z6y=^!6ZcoA`WMm8KzRy3%=dD+>wJPn5ahR&($j3Xt63|4TgtO?CgaX_XJ4|SR7$jS zj|-_+QLXIg$^G2j!L)UgO=NrW`TD?zDokOe@y~)H*P+>AlqrScAF2RTxuM4fCM!QI zqVZTIuiz(qB;ifeXJnM;gBDPkq2IS5({aS|Xx;mZCH(kTD&fa7CY6DWx2hRTdF5+L zK>K!l6TQHEbtr#*3zp`_Tf?&I8-6_WKH{9Y`})zjB+~;A&hS81m78Fh>Q(sg1(EwT z&(;ADQY$3Ryvz)vh(Ekgh-L9*nbIhxjy2h+7e8X}mq46`rW&t4S!fYF)grF8cK3W{ zv6riz98*ZNM8^SEL#J$o7OEevh^bt3HVgkzu-nLR`IDk&C*#|DOFDa}Jrj^h^D3Fg z#JLJwB;Xd6!$Rq07!=*c+9Y2>*?y$Ww}DjQj}K4}Z|XV_(?{IKzszB}A2UgcVCcYC z`qA?9Y!AWF$00S)8(ifHpyCY+q`>o}V+=cTA9Lv~b>hnumd>bx14)e+&*11cr0;=0 zbes!k5o-=#Qhx{-ikP;y0|lj81KhbYbG9 zxGz_SIOO9Zabun#JR}r}G2SnkxOdKN$4icy?!g172D6yFlCzGCm*oWr9|{vB8q<+^ zDgDTNST;RnD?XH;h=dqeJZ0}m_Pa&1FK#7}4LGcsN?H4agYaq$O^}(B)THwu^9{bw zE3hrgAEV}QF4dZ((xHh91=yIGk#YH_BM!P6MT3OEFcG<>l0}(r1-){+kz0#Kx5=oM za5wDvhNviXxhgxcay&)nkDz| zg9sIuV+t|!#DANtm49@zs%fR8I{A~A)|o9f^YE^x%BRY-P$vR=j{J!uoGlXdm&dL= zQJW1-Q5WeCAbxr;_mKFad(Oq2~gbK zt+*72;817@?k?T@cK3gFb2#B8a1PANyqP!Ox%YG5`)P9oK**P~)Hy6mfaGL0m%^&n ze=w>oF-5m;bq6@}NOVBklvX8(#*t^281zIXPsobKNZJz?8F#kF1%%sl_o;TJC;r@} zzDmYN&!<4?v3_A(dn4xyAYKxK<`U|*YFGXc^5OGkOf3R;>>~NAKM0*e76^ zpToj+WgwSCvXv=!?Y{|oW_^BGR5~7Q*R56+!bN68<{+xwR+HZ&>x3DxLNQ|)hM}hC$3##bXa}r6X;t=$!xY)FkJu@#6(scz)F%Ph77foYqfWI; zZALKuC3K$~zF7#k=3_5xX(SqZUM=Z&z`qxw?)q)_$h2D!fbwnr`cv>y_;^#8P=9;W z@RzOr&e&fhfE+-JC0HW!0o|(3hPl}2)ajKh$|c%4=^u>YeXL`2`Sw2;@kl6jOrnIp zOqM4D>Ws;-u-+*8kI-~%L?k!+akPq)t+9T`W*bFVmta=E)Og?Q)5&_Wx!UN=)?ZB@ zTbA!e&2qzI6uMoIVeL)A@;CAY>z+Ty$GW8mWbUjU5{1w6iFoNLKP+!1T5I}+Es!dP z;HJs>J9RLYC^KALNBE{wD*qUVX$CdD?`2m_@+6j3jnzWdplGRz1Tv`J6~w)a%9hx& zJ5%_Ohv)cf@0ACQ)&updP8e_3ky46;WdrnR({NyzR0uaybGa({=K^=2J2<0~w{c%? z!3!^R2eNYtNGlHjr3ZYhVu5Hq^Etk`&EZQ%@hB@vjr1QNnKaeP7x*grC`zuYEcAyD zQGUIB`zG(3@DIj>L{rON2etn)dBBC{e)4fbgPNI#@KX&tZ~a$|98!gO&1{6WgJ z78*MUJ>AT*0DB958e@oqgCm1LE|K>2*8p*O$QGdOK$azBLz>1#^R@PcCe~cW-^Xb6 zV_b$;=IXtzMKI&f+jaH;PWk=J&3`bc5EYPUyyM##R8*0^8=m3CP9jx6eH}932T8GD z>XJF@J~b!Y)L^{Po0^DfqnJ54R`1sl4_kr6my-<6FmENBt57C37Gf&RDWF6Q$JdxY zQlm#Z%!YFT?QdrlAq|!XmN`+h{gOqQ(_k;^K)ZzrAD3>HrM2m^nD_mLs-dIzCxTFb z%bHz&?AQ~o;tsjVE$*`LltF83=hoi2?ph*)dO$E6Q4}j7`A%VE1QTNxsKG8ILPOel z#7*|%&Krw~>si(upjO`jx$ga*lJqkmqyZeh`CcfEg?aLJ2qfCJS~`D?n{cD-elvcp zxs{Mxwo^1awqMkDP{E}3m*T90tjUg!j+*|qVpcl&uuu`3&J;HGWLFVTKH(_A2iQq+ z{CtmWLSrt9^1vn`Sy8t?ZWdjsr&NC?o9o2??MQW8{~ydpd#vurFT#@_J7)ZR(uF|%s0TJ32akkmVw|kZ4K#jJp4#F)DJ&*++l@z1zFjd$twhm$Lre?m*=0{pH%%lY+6N3bPjv*Ka zP!2?Nq@m_sp!oXG+A9bJRdH+%=#m>_EpB~!GUr?KyYxX<^*9yr{vxr?qcNYDU^KO{ z_P|BinsHWTUiiuy6#?LXRr8+Jv7WZ4_yhE_dgT^HU_jVD5;Ez)?WEnbf1{3>=Y7zX zbl}GB;e0enWLx2V1vVyBck!B2Wn*PdT&*9w;F3d(#nYAxL;l*2Ox?ee6dx%;kYgdn zk@~^?WR*9-tr`qAj2I_RB34rlC57*&U1QY_o$(Py;U6;aW)f(^ne!=#D-qb zZBmk6`JbwH&4J6JJm-GU)DQh{c$@3l6G1tXW6+%D-*zo4ng($Lsi$62yE7SQ<=5f7 z?GiIY*KJVG7d`;odxZ+mB(haKjnOH|&9B;?d&#t=^+ms&2%2b_vzHApe;QF0CL9WT z(Gi6^7X(y32(A_E|8*qWR_ON3E+}Cbzhafu!I30Pte;)dpO~u5@TG_tfBS$W$&SsZ zB&>oBUHfD>{(zq9zNpG(Xumd#urhd|^{X?{VJbD#kMYIA`kCxSpc_4qGXvF7k7}>N z1;-nwO4jwnpIIO+L3{?>Kg*@ekSlv zKVZKTw4X$Swud;)(Gq(mP_|8wXK45r9{b=c5Am5?I>UnYb?fSPb zSoUTuAs_q1KHpH(k9#101qA?bIey0_tv6{Zc84%olXcK>@=C z>Ub3mmg6|iPrdRNv_1Up2^dm1m1z8NBUXeHQYOtf`4^E6!WpBX)go|CpAjF-X}ahW zIhO=#Ou@eaPA}%N0n1mw{fU`_#;L{PsuH8B%EQ2t(ukI-u#f~7_N?zcr0xvqZ^ z#@G{@`yi9yL%=Bac}*NnIJ`8{kisUNG|)MqLIFEfxL$6D6WX}}ypsbK^C2c`D-GE= zxO21`d_W{gcv5D$AC#a3iTM48@-fL7r9~ zRwGiZB(pdsrUZTHO4*N8;VLA6*!h=)NowD0u!P>R5fn8)^Y(DD)ZQ#zbMrh}r+bdD zS}!)-L}@;ZT;iKR8Y{iw{f@Ee_bzRo-4D^QGY`Js)!A>C&>R`R6vx+ox!I3Wr<5xI z?+h{5wzUSojkIbPa(n5RF4G=e^RkIv-6Ku7LbEt`2eLimQ$Ma04!qb>CDQB~by=~; zpZFpd{^i6TX4h?@1L^bIcA%#~`Dr#>ZVu%Wl zB^~s1R6;0W53TLX=w;7JUefoLKuo~YdUK|nlO16yoQJ7idBc<|6QdaTLFDMD`X}`r zPVAA1kn&Pld_c9*cS(U)g_Z3rn^oQC!^%OIcY`>`Rc^5#YB$f(O^j$rAcG zL-5b)AklC{cuu!J+qcmw0#Ag`^V9XaAZwhX)Ownc-HoO2Ci5e$3XaIx^AQhHkLMm# zk>FS4cH@6A1@Jg_!B+$2@P{`83qsxf?T8zprKAJ7`f=Cfp{SlsFI5~jb6?DJ|G_|W zsDg`w-+ql9UJatMvV`%^9$yLxuKx{jm;fl*y|)`8bqCxe2OsssxD{Hg zd7gJnk?N}evd)r+XmwOt zy6GrXw>1gmBofoaTnwqe%qpTrk{VYe0hjleJqyi4M#VHIG1Fo!*snIfP?+eh%E=~e zBVoeL+*&O}0g*lJLdl@eamrj1GXCW*bpB%8NFvFW@1+|4s{@4=B2LSj^vMm`N7A7D zAX=q)%YK)Qx0v#}jVDeX&Jq}=x4fX?S{sXeA)z@<8qhNEeY{lLCY`AOv4gp;#0+g__%Z&hh^vdHn&Bn*C1>ru z_m#9id57NH-MQUa==}-*p+IFPxc4=ynfYR4qK|i0cQt03S7EWyJ>iYbpWFF(uo~`h>8H7A0orA;76?XDmE5@S?A$Ne@jACAao3G|>~@qbEF< z%d@>FfM0=7-#co3&sjg?73Q-5!E)l&6KMd4-`mcnHNytu%Ohpc@n3GuxwqhJCSz46 z@W?#wrr97-e-u0GH)4G@c#%l-9q}}OC*nE#Ll@?PJ)fd}K zT}}M8*0Cq74hx3zQE9546WQ}iiHa~S69G;UqFyG=z`np0MbkFYcJbDn}y2OtiviYpJj?7bkZyG5hs13s#F@gRFr)!t1|2Vkq;CA4GX zVb@CpszeOToE>|+G}w85jqABseE`1_XY`G|3_gckHo3g)PrSYapNeNaT=L=FNRS8O zyU4X)?Y5a4-k)5msMcSYc^kfmFj>3?LnBYV?+h+Vq+P(#D%hpbJ#^A3w8l0pIf@lO zkYEh`CJP$vK}>LTbZTPWtDvB@$>8o-lM#P||IuHrK;d~dw`vx>PJD}uglY8`s({mH z+5T<|9;m9T0rzDMKznsa#FH%Rcg}&kwFTh9zCrP`Z?Q`Eb61AH5k>vNTKgc%Q@}qM zP3uuKS@RrgKJq1_VNzxP)VWAzMG5HxZzv+9ph_oVc=)ce>boC5Slx+sqKUk3n3?k# z$DijV8hM+9tMy)v&zMy3Ea(@HSR|V)Lx-*Jtw5wJV4cjxX9A;TH+kYODG@^qAV^)P zOI#slZ-_C~DK1bVB%QS|1KfN?` z681dVg(irOF`m9$d%qox@31}`JO$6vABN1DFiP~__V>FTLOnU*5)Ti%b|Dfs;|)7v zA%~#^S1)seV}x@5U{E5BXTLX$b>F|o?OT*z7_G@}|3NsJxuCY!tA%$ie!>xpmU1U0 zSFpQzJTN+qdOD)i>k(^w6k?N8zeA3^ygiB-6^&KoMUrqj{1yp@THpzFob>UQER$78 zeEJnW`${?G1+)hj&qv4f8HcahD8^>=#aB(V&qaTH|C>i1gy!E4u~_&UKQ3p|9Q*Ey zB*jF4GdP3XHmBI6NwXrjU|K5Ml##>)-7r@65`5sI0&j!oCwBF+TPY0J%7!%uXa9(< zocS_iN`y+w$db=RH5yWC(O7lyd!~D|^djQzNiI`A)*R(NmHMh|l5=3oCnNO?HvYx* z36=;6J$E)*-bg!p*%*9&O+57Z{12u>>etg6C=pPJ5?Tg1!wbSZFCqrjQpD^)c zO+YYlgK+K`#SVBDPq~wYPdNa`ox#VcP>W%G6zkhQ?dD5k9nc-Zw?;vk9+*z_Y2498 zpVnsl`R61=la}FU?HD~ADAV$3=8)e{^`ov=l87ksDep6!@)yKWkaR@Lre*29i6RR$ z%l^1lLgETd?auC*6!K#pN)J1do}`IiG?*7}^HJJdi}g}_P(dn0?wZe9#pJiTmBxAW z3n}UzmrkW`#Iv+^EYaiQl0*_~6(!HZX2DW9aUb2&$1;>VB_-vN$&4u_=%nYW@GuzK zBdlUM7Fuk0xIN`342-G-AF?*aH#P^sk$RWF{lSRE45jt&L`DMYc?!RNe{XV3m=wGv zAS@s3F$5U(hk)CICA=m2cP5(pEsF1115wxOw=n`Fb`JJKEDC1dDaKyk4h}nccPjnF zW=;+tK)aXF49*AT*y*dqb7j@-Fqh<=@l){7!X@#+{5i8?CY+7&H{~#OG&dpbK za8`&Z?Po}?KrhNb36449z64YygSPt@q;26;3D(GRwSshJ1F^T;3gm&@HR|j#b#X3b z;#p26g%yz{(e-=zVw7FyMrz8?tOv+{G?ZiN2;U=6qii=?cgMh}vylPQRI_HswbQQR zZm4{*I(iR|ygUOtMHVQnrBQkc^6Qf`554qk*$eXVDjmZcrXRKud&YQZBFAqdY4>&X z#Fm`jrcO2W-Uscf==_x6pAF*;udUuu9h@tec7otWdq{7F-x1sz zR>@o$GoY1Pcc0xSArS_>wt;&i#QV(W z_Uk{n_du9t>s9=5C*Z&pZoA4QGEzbr{b?c|OFAsB%^FTtJ_1%xEIKLWaes{ECMxR| z&Z${@#kVXkjEegZ)wSE1enfMe&v@k^+POH}QG>WlGb)e9XK?3}kj{BpHXCy(e<2@nsRN#U1py|^4kX(>@{R}Q5 z=99>rSavFBiPW-O|BAju(2_yT@#xz*H0lA0T!a=gx+J71j$$2sdBlI-xhrBf2k$xG7M`;)o(uw%#O!?)S}NfXXWh0JA+F{E3ZvrDJ~Ilfbb z1;8=OvJ{qEd>FT;8zs=V$N3?vcD?=W4%;+5HL3t^vxdhWG$hHcB3(6ru1I z#_V`F2a50ggIQuD%xLm`+clisR;7T>R9%N2-hej|zR zBXjaaV_ur{wsBTC!29>>pn*sx<(Z7=VKbVS&RTQGPx@`#$zLLt`r!d#`%b+t*p#b5 zqQp3ADinU?p_G^iHrh)Qf|8Mj1xRCetd!VhbFkpre=wj9bq8+RYs2eq9W+_>)^<_C zO$rT1>mIUeuJwb0-_Z#0f8w28E%td9!lb0-knHqY^hK{jl!#A)o915Nof{!F{`D>bvF+d3pk4^r6&S$|89S4-C-OG-+tlZQa<*{zW!6jglY{w3poq=e%KYV;#7Xyi=w5>ATF(a{(w;(ypJ!*|Hh0`e4%G&!QFC|wKxopl5@4!9^4GTGK$0D7Pf#)M21>g-Rj7A&epUz zNyz^SqO5|vY5l;3lCFO&91SgWIEqtsAv)&bYoJe9UUK)Nqv&!QO$45;Cvl>1PZk<$&tCt&$2+&;9-jf7@&xg4u1 zGM0oL9lRa|D?9s&#C+L3%D?0=xzKQ~k5U~~JMw)OODvS$pf$Rhy%}#Zcz;dNdkFz~ z9+n&TM%)W9ntaV+ZFhV+2XqK~M*PXPdBoG`=^fPrY#qdVkP-6?J6ge=*n!-~PeK_B zhJO9wlsq(||KjBOi9AMnub_mKm0T7HuxC&bqtz=d?Yb=uR%@1dMy9dwcG>NVFRk3s zf1Z+^t-mI_7`S_rlhrus2idmh&k&Z&LFAoRip6A8=+mY)^>-m~=~B5dKiXWw<}zqP znQ6}{y~9QJkux%f8NPPIuX7Bl!k!XeQd-9)JyO~^gc9&L#5d1#@rs#T$b1X64=jm} z7=0Vt!co)26jK~UOkDA{jr>U}JL4{1&E?TvX>x|Wdx~02<*=(S0i!$pLr*o4da+)U zD3DyO?(gizxmLMFTY7juqc?V*Npkr2w}ZjEx3IU6MNZ89a~JKxy6_9TtsA9rXPix| zurOMn_O1d5h(l}1sCMZ^PL^>fNJ4-WltqIT45rchj2VKkpq@9b;j$c& zKBY!+6{T2lc7e>5XBIy^pU4JlvESbY-;~@19L+ADl83i=Ck?KP$l0Fdmo#`|%!?sO z>#LX0#p0FfmO%*!m<)Rm6a~64WV(E$l|uP5@@DAouYpD6Tp*5LC2#MfdSfBpt=OTl zy~xk*D&C*ByJ^|E^y$V;i+r>62Qw#vk=yQgVPynY6UYl^!Mef96iX)|{ks!6t=i`T zU3YI53Cs=q;~4>F!INPcm9cK|T83B!zj9FF2Axbdf4fJ2WJR-6pX9*Zk#Y$dR{w

_p8yB9i$mFkY<5n0pDus6m~-yh#-x1}D8YIU?7U@%-UDIkMi>1D z5+!Jc7Sj`HXlQ7mT6d~b@{$&BjL~S@Gu%0)xl;m)T{X%^qULbrWcO?Or3;C@!HEVZ zQFPXzs8vepI}J+Gps2G9p=skw4Yw{*3}4QUO!)=|W3{9*72%Y8hid`itd8HF^G&X! zb9D;nqwTxSgZplrunva!bLKoURn+5Yi3R&f)lmR6UA6Ihg4jk{40(%Uh> zmN}9k>_;m|6u#0GWk)P8eqkhQHP5ZyUu4&r|6BQJ>3q_pEJAd`0>7)8`0R6x#Q}%> zju_&d`$RWJB8`*D2i6*86L8+c`1>EmXV?~>e=tx5;>FVCaU!U&q@J-NiV{!Y02_%F;#~TUU8r$Q9RZl3o&vbEGX=6`(v89y1ZJoLv0AaEorV$@07PR|MAN+op)Aaf z6teu~?jGOs)#6>7sryjKRu&1;Lru(_oej3(ekVHpkn9<#!JBDC&rgk7w4L%DjBZdk z=dajONw^+iEgtWb?vv5^)6BBZ9rBr4B4qOx`&>dH_Bx=E{qT_V;_SV&tq^T}sKxQq z)D@mizyj<0{=z(6t*Ha|bT9>U< zR?u$vop4cEZ-%bfSoq6_k-&O_@Dnc7tOAtX2 z4_t_iweFyJ|LCv6cPj~*Fq+9lPZ(tJMpR6G(1_*JtgtJGlifqgymV3+tRe`^CQ?F# z{aGWB$_BN2B1Rmk_6b5cL|(kii|jQyip(9(*bGqz&fM~1+mTBqk|gwru571h>pKpsX21;p<+rbK?FfcZj;Hi-daY_coh3c+bGP82uq!AT>Xf zwoUU7W-l}P9cr0?&4BJ)L)Ys5>9Oi?>^QXoXa-5~Y7ulw+Qy)7KuBVq4yRfk3op}1 zs!AsK3S4Pi)7>8Qxr5IsYAx1C@h)CzljoA+a>&>VTU76->Bad=t(0Qq8IHkwWLT*SGiyj}}El1>^BpO*H z+L0Q@ngr-8TK(R~2-NtVi*E_uCsO2ye)Gl$VfmVD`!h-H&^ zXif06VIM;bYl{0!av#c9l(JtO72?qv0ViFg*=kFqqeoVD$V?=s1bXA#DB9~$svIc) z^`XTlwLWP2{>eu#-990a2vxz|6QQyjNo$o;T<)nj&V}X-k(izJXM_6LJ(LJV@7b1E zD`k=INf4RJ4abxd96@4)z8}JDLbDj3t$tv;#=2{$jruX^G$nAAJc^RHRaVrQ07+o| z%~9jKlvN;_z`OT_)3mSf$W{%}dhNWwTKhBfq|=M1&HX%XQ5D5dm{|5sM zKvb|g7a2=uVaoee`^$uGyx}GG=egK5!S(_3mg25MFO~`lYIdJOj>NA0&rr~GoDW4G zT26U-29a|kUM1%Rp0Q)W;N~{xARzQR`8ThdA6uaby|iGO*wE zKOI2~RY}+h;d|hqUb|6DMH~bagBUNk>lOJibq;C(3tVh1%%hwP9x=!v9JYi9NV3^V zwb4x&F0sX<=2(gTNA8zKg|J9@RmN5$fzS3kFibkU!7`+wp_5-`Sv&&kDNja3C;*9W znG~frl-wak4~gb(YPFeKTMMiz!>p+8pr}~}^{NTxp2(EVpE!_lOMUrbD4MZSKg8j#R*= zq|zwB(O07x7iBaZ+}_@pKkj2gW7HkN%SeupMe|eifjF5VX(!;32pG}CNlYY`?(h4x z;FJ?U;5pD&jPnIIA^(a~oqbd4KnaUaWW)gKTA~V5hc9YT*B`wFj6Y-PDw%W4&uTYI zP4#(|II0CiVY#TSK zeUv=|4%gbB$gWg`9%Mp3-tKuMvHs3F+?H@fyKBjqmn)n(z$Z7gRQ#HkS!X^-1UvaQM0VKWR9zPgjHq8e75&0HO2N99 zdfc4{-4g29^4m_ed@&iw3yLWa|5=!By?gRYK<@=DwX_(La9Ib@Jue#T2clV)*c}*e zW+$dj@_L4Uqja^Q;cYLf*UWKX52T8qN=Xj=ElGEB&N(T2E>@22TVZk5zxm=^zWe(h zOzhii7Mld!q}V8|ap@iYHQn*&P-%up0a_0MDG4pD!K5u^GYeN0r!tqj{Kaq_!coyu z_DUC(9nS~pdgUzjAX;h^js6=ZAYrLKH;?$G?9Qo~G^=xDC26V2z=7L6Zcyl3{4L); zC;3{M^c4+?5@r2%VXE--OZAnoApN%&N~BR_Xoi;a%5Mo=VN!zTj?xVeE9r+$+)Ki= zT&%nC08FoNPo(?rz_~CfAkbgYo*sR)MM;l=js*`&+DlYNt|rid&kf|OKIJF->+DPT z6WXNd=rQubd%=Vk5J!qfdIeR>ht2xWT+&H6iUGt@n_m=KX^~|YWsE7FL~=c3<&U8$ zt+%y=?_U0c4n5Z5f7 z@!&p+!4IlP(h*1OAo|y}I|0=24T*zxK;;8<*cAoM{cn#qc}r zJk13uLFc$PC*}aAf=G}VdpojeI9qm^>DaBlv8&pv_Im_Z1vag7H-VKv(70C==^ol| zxWzH{r6TZGnQgOXCj7DLJ%Ws}%~J8dwBBPAoehFeMIA>RbW_cQ6R2P76U|jdIr=l? zFLuIy<3Qn{YRp?x8pF5)&7+2N{VHYE4k;_=B} z=oA^Bt$mMv@JQPA<)IZ@1KE6})gNrGsXL?geQjk|6^1pw4o;W&n}vDkBI$3RHE^{S zxwyKPn!qAq&Nr~jrHc#{gYEUx3}h@?){^QJk0)fT)BH!6p_!&oxR)n1>UEaBYSn>> zd+6<2dpH>IM0%7iHrud4Lw3%;V0cRN4j(k!!Ip(uG9HuGmwam0Z!Tp$>`cO)L+2P_ z)=qp$zW)Vn9?QPE$S~TaR;4)IT1K;?Mm4PG7Pon1mQhyBYV^Q|=C4Q&&@O=ifjSWn zcL6feL(U4%rI{IM7x2t|jxoG$_mfdehywX;h(0;YRwZe0=g`EwKeu%U_R7b% zykT@A>ojSC;DHj}K(5IObX)GZL4ao-R=Uw2CUIcmV>anskxu!{_77$?u~w&>m{ong z`;z~?W6pz`lxDgo8wsIJI+Gh;5!r^4X4?nXOE|HmD`Bn0F*gPz5Q-lgi)l?KOY|UC z;)k4_ny}G6*eG6cqjmuKEYDbSRJ`dD+1NJH1G%NUr}<)A(ZSV?j|mTU!jx$o65zsP zVdY``XaftGjzakO7yM##u%SOn9o12pwI`r^pqH=~Vr`;5Hh6Fp_aJ}Q46SWFXB2)8 zYqQ138y%zZK14X33XF5X=%-c0qc`VUJnkVZgicxib+{}8=+JCj(+a*-Zj^&7I_RFF zZi|c5TvSkJoFAfCAtiWzmSu>gx1gIpm)vEOBtZL(qQz~XuhtFv9E>RloCi1?5%mfv z^RnTbm~-Tco+q}=tEjM%DJbG{pg41I5G~ikzu9S;=ApsWa(S0>b`olA-iVEgA?G8) z<_36jdDaM^8Or1}Av>x%B|am@Mo(_~se^L5H!5t9}J*Z-J!8y182dY8jq%lXOHOHr>2O0Hj84>co3t^_{cB4jlcAAbVZx# z3>KjH57cn6&1O}S2#Uyr2*$g)vmTT{2f}jk8ix#xUFB)Hs85ag9L|L)3bYudTrJjv z?v8S>1e~YHF^+BhU#%a;maf~WS|U({NK$GHnPLw}X$J;1-P87#GFXQI_q=q5tJMtt zjL1mmEdf~Qtd!PMNBz&zoND@~<~tw8k3FMGBXu=+L?V?HpOYQb6Y_8AxC+^#ZSlvV z52bJp0`usQ(NfQ~hN|s(!z{g|I0GTRw*mgv-9d;Y%l1%0O?GH z0R_fvcx5^sN9AJev@Z|b*nlndvh`0S_tBGM{j8MYZM?i>?`m}IZ}a8-nS53R)l)rm zs^cRWh32;Z?K;e7DM2g5Gn{(t-o2bL=$hz_agXplgqG$6ges)V>{ynOlC>p(1j?1e zAv2>$r@FoL6P|6yym&D?J>E>Jd5tR9F)&Y@Ll6;nEk`?~UVqC}dK*ulbZnb>wrDDm zB2Q&>m_2E~`jl;Fts$|NpiJ%!^|*-f(UNW2Nyae_sZ{Zh+c5|IA{O@rUBjJoE6EqO z-hUA?qBruo+=`#x+TN+CP6%~4M4rIcjcO9Ru6KW{rQejJbX#(?;%G&BAahB?8m#X# zRp}QbH}%USYBH6JG3};wZTECaMZT115E6wzrR!nuRX+)$(%aSQ9jfQAin@`~j$>k2 zS!BSUUlXeT8u%2sJ7Ip^syjkbYywLKw0zRYYF2_tb!s1fY?Q8Y*gnV-a`shOPs9?; z-jMk(s{jh6ez$|pk}V@?$G^fe#(;?>^GI9fWLJ}o$7?cT3-BwWsOD|h`{h8Y?$Cn$ zW;#+d)7caUm6Q39sQ0v69A>|d)2*ND=Q?8aX@uv|n9I669h&thQ*z3BLivuyD@oQ9r$Keh z>pqg_@vYhETvX*~a=u#c<%FwPv{}|bn%Ky=i5Z5&1xhWo*>$Yz{XKTL2TmG;0V5_l*VnzBOlWn!~tU_Xs4iz#$T zf()cqwXuy$kVM)jW_}E}ZR5*$Im;B=zQX4M)dZM4_I|MM1!(IdO>=81B)N}@i9d!n zOusRjk8ozN5X@IT#5f|_^oLco(YA*Q`(poP1ASz7W|GtsnYlXt@vgs|bM00zr{C;> z$H4C*nYedA&&u5bZgTx%M9kx&rB|MW^nSj!O2C2}2}d=T67}KUUQ(?9&L{?=xEoYv z)PJKihxNuDW@ipv=S_d<^dlN8-$B~uE|C(ndn}jL zFm}vvIil*R3-Hzqq0zqh2QxtJkEAs*bjOOW7(YFRif1m{kfhR~0B zDm_nk%3^NP@nJG3M{9z*H3>j9>2uID8WNJ(|33LU0J4J3*GY^5S23cw+n4L5b)KJ_ zf>lqOt$~gtrL&ka6%Wirf5SGk+ev8E5A3vve`ESFI)q7ciy<8z)nEF}qZ$ShB=`%R zXu#&|Nl_HrS<_4Lxyk2YhzTU-aqkc2aE8p^A>-a5cW3cta+ivvfF7SlVy7%mQV=GS3#gr3e3D zabnS`>{<7f)$egk}izW3k3|9sO-*$4~H|DRX?=VzikKGn``y`0%~`99pPJcOvw>glG>Mp z%ms{y(ijST?|4jV#aCk}Vi9%jg^V)a6t@sVWSBBAdb~!*D;n(4SXoH)IOWreD~&x} z&hxaVc~C4OWf3s~iQ>$8lb5ypsHjb=)bY&~*ntI zh>Jyr`CiA`qv{u0<(3I+Ejx~DW~#=#iyv(pq&)025@U1aiPRFo{yEhxy$KdZ zBRRt1g?78!E;3V0a_|ENmSsSvM%hBy_5bU$|F;i|r!zXldr1GKc4Wg15?3)IH_vHd z3?)EOV`75W5HcFx#iY9z>R!(mTB^+em6a;ah-OxZxRo-tQH7SibpHR>fL7&~jG8H) z>HqU5J~OSgF&CrNtPktKA*LJk$Bpn|SYaXZBkAFxAPhC9lW%{#8j_A-?S!e#DEroh z%F%>TAr)1OGHGxxEw}t@^u{}%W4=B^I!4u56Nw20k7<{{EizmvKK++&>cG*iJraA$ zdu18W^@G)4z;gtX`oP|^?3xj4R-Wn7nn}fP^ooVnqFIX$^F_O!%Vv^9EI1OlnSiVqQS^r|sxsfK zLV!6cubW>d^Hsa~#$HK6g0w>nf+xnpnMBnkk{I7}Isb+oLmGh^3i*Nu&BdVT?<#>q z8v%vg55P#I$Z;0SU%lG?Zof%g8zT?*xFjQ#Gc@012T@xLUctA=VViGte5=K-;b+h` zK}XXs8I@l$t#Yh2@G6@fcc`k$88Dj>btIniw6Jal*F0aQohZZe?)B;kc(MP%SjBAh zJ7ajmi#68f^6#+_e35o%zV(TaW>$9g0mAZpO<-R6wYkZNWSEgU<1>$w`?p)o>AFv6 z=pW3P)?L7KHRmL(pwBKz9-P|7#2I#4vUPJA8ReFCKqT8)^0LT?O5IbLe<;%+lNnT1O)~`k{D)Kh49)xXk;OL9RteNk{@8=NXwQmv;Pdt z7~}px$6nRewPeZsri5EKbSCcfjyL%a#v4-QpWL;qurI=JX0GnZ5}YFm6vh6D^U0{S zj3GUQogh+qN=Y*hgcLxGqP1?e;wn99MTIQps1gb{e63QpZaQ)#s0Ej#`G%dDkHvB5 zKMNzrx236Hu|zu*A~Pw@{(hmmR9dN_^^IOZqcotT$$1q$y(tE``M7!C?jF8=7WXp& zocpm>_8*MbhOFDgqk}dthC!>KRASq`jprgY{){5SuZrJlm;s>*HupdBH!YE z_5!}7aI2|3ATdy6JCNO%-r_h8Jb8g2>78ko`k;;2Dw?kRW#53*0|;ayk~~4-xt~fl zlz7ta{j_%X5w0Y+q_nJUMBTYF84^w3M3zE9*`QuUqc4{!wxo!pccm2!4TpuxUr|LX zE6}m%)K692Sce|`;6JZ0Mm5K7PJk0=WYMZ&T|ZyE%whk5_@FHpDYloG;i2W3v9gt6 zqZ>TlifsF)<||UvDRL*fEG_zmljnC8k4uvAKnNZ3JsB=@4IVL{*|AjBV9ao(p@GwH0BJ|U_^ehY}%1$fB{xF<1Qw+dHpbxOi* zDWb0smdg-YG zllD9sT@>r+dO`;X#NuVGfEHvZVP~h2Oi38eO)g!tTJ)xe3hNVfY2~6ZiC0wUPM1R~ zJo#Hqq`7?gI3R5%6H&~R!v&p%B)V@h=O*Gma zew8w)DI)X=@H4 z&AX6gpj}uuZi~n|Fn#N{?cxE$sV~9^-;rx)VHat{OxUroV>Rzp@cXUHsOTK2aD?kM zL*7jwW9y7?{N8LO06WBKGjEfQ+nYt^$2*>OF!rIZQp&zx3{EZ zT~Z@qY8k@PVynV)bJomdnj?8kjF(hK6qKog|LNg~?Z__Js$Wxu$0Um-bpP4BI+{_9 zpjMLW1O<;hy&54=^EeAX2R>nlmr{y(et+R$UA07gI>5B$xN^*M9D?hVl8;r6OK%H6 zF|$DdzR*s3E{oT4VKm>%VcoPxdR#}hSU&_@!&&AqmuPJh^w(#2ZDC>IL`9;cPuP4} zu>+RreT^@>1Oem6zhrb5M^o6fjEQNQV;dJX)ymW_cbD@u3=&+FxaP-*LesO)|F$y4 z!=Z8fFSgz@sHyLZ8m4!V-a7<=gx*DwUPBALLm(hX3y6RU(gK7gB_yEI@8*2YCCQj9b>TLowZ;IS1&4O4^=%kh-L~bxF=j)a5Umdb;kgd zRH;YEDizNEI{EeiE(}b2AfsutU9xH=L_Zz&)+Cdrfg=2~xSqaFezz>7?gYrG=MW;y zx|uq2o65tln6V8tn|j+3dd->|N4}u!t0;8LyKCH@jj!v`8qx2x7f9TMw{M3RG0Q!M z$%RA*c}J@fNSh3f{GxX(uH!vgUr()Ed4|@j;z{nzn%{ykQ6Yr1FV_|STVv=Gug`HI z#4q<;|1DnGB2H@1**IV5T69GuilWz4EO;I z*YX^U4^1V!G@@OxfhFOMbK&yy-z7MzLH8(YkQv`US3;4VPEEX7^HI`oX+F zkDNo)Z(FG*8pk<5J%q*+Glo~6e8%pLRNwpJQ<90=%-NzL`T2j>C>yAU3Jt!0a!2RI zwspMC93t>5rAEuC=MLI$*@mtUv92EZ#^-nU^M235Hp;11o8$J}?0GAX7w<3yg=V2VSaooIMC;sS@QiBFTSmg$06qd?q@(o$K{B_yTu|LB_HfSZ$5== z@PI0S;-0V228nv&xV#X~zIJVok}d|DyA6p*lsd{loXvpA_D0mWj2ubUsS*6FYsNnG zhDe~f+D7%TuDzR3koHs7kfXAL?;^k3X8As(O4EG#UUy6#XWdwrSt#6Z&2SB=chF~2 z6$I2aCTbtlT5aC-T)BL$9lbWr_jlzn=%L?ONZ-^6Vj`|p*=wbLF5Rl#ZF(xp{OASXkEzA%$u zkv-|*sy)FKAfPYcAL5W#s(6d>+ov}Z^xbJoxEp|V5S>J?{Ib6M-1zk<#?O*$o0Ncc z+N3+HX?|YfqdKI7ZuY%c>qz9rRi=2zUB)LJetu0K%KOiT^7p%x3WvVAs+K*y@#o5| z4Zla{xrYZNua_@a(pjtSU9pIbd3I91c$r7^M|YQJP|q*quATepM1A)iVOw$6%gTdL zNujuJxpbIJ2>)p?_C1M05?;1Mrad3~a+V>UGWhDfPlpzJ=F4sGzK?Q<8===6XDq5> z6YNnSZnvV_Pfq%SmCjR54w8YR9 z@RxL!4gW`Qz4EmYA$bJXyxTCNWZTl<(I<8@A;NM#CQt8G{gxs}oW;HRPk9!LP2oyi z()Xt}B2C^y%b#}$QN0L?L@(jK+P!=!)r6n3R)60wUBpx2tl}6F>Om*|I7DZ-j=BD; z!t})Q)V(fG*D<&8qG#N44sXZHJGZT2mt70z5<1R)t^0D0SZAz0srq3sxncj~4ELwr zY`NwIZ>kP~Ej<3W21|>uc1xf?^dtbuS~uA-5CEiJ)gtp~UiI*gpr2sfbp+qMo;ql2 zeH^1lmq<7MDb$3Jm^EYdZDY9Vhn2}6N2@;*ZqQcE_QNekypwH^SZF6r;XwTWHh7Nb zG7AVhqzz$g0iLds|Jas2Y+lgba$XlUk*+AXc`2s*{6SK=yJ8bF^u0R zGJHyHYsYwbx?Q~;s|ljZj%Sh?;enCXt4ey8-B>SiEgg0WDk=)vOH_-3nwH@|T#JJ8 zKV0j7uojJyoiC?^ir#;)Rz9tys!tM^lp!?v65UdZ-1;A|Mg1SJ_4`tKs;cmhq7avP zdK)*qmN`4LT*O_TU@-ucJN-1%RswwCy?Y&q%apksZA~(`PFyB%#*@1!LFK?;miP2Q8mwjA7o7mx9zTo6{AV*ZluX>`V&Hjk)ZM1uSHi?Eaf@FP%Q`eLmt` zrdH0KBQov zme*xjC@fui;eH52vGKi^r6Z{`TPTMydO`TjereTnXf3p=1wAf=TP@Jp%wc<=K&sXt%yQ@*-+6k>kdS6JVz5Pbwg zdwc#Ve1BcXF5QkRZ~5tK2;$bNE8q=cMrdU}zx8Si>Vu7aZGXzvAo17LaYJsc<@Om@mjpYBSUyxom>nm<|;R z-R#x;CiD3XV-R#IA$bDgYUA)Y`P~V3&FZy~iVVvSKN0E3j2`HK_pH9mvCoXT3%bng zqGFB1W&-LQI&cFN&hdwx{Lp{Wm<0{ujdXb#bXng~O&R}F=zVD@pxG}h&#|6tU$8Hw zd}}XYIfwzZb%2l=7Eop$E(O`#H8kz`^DY1ZIMA-2+(Eq@4!_hd^dpns%N_b|8nO;P zhul%5|K7KTw7%u}nPz5Y0aAGM>xLArM`3?_M>?o8D);KpGZwJZ(?fk~k-KWdWa;x;Cu3+}Cm#B0> z=B#=4XsFjk%ngrW9ub6sC1~ik&Z8?XPu%&iO-vZcd#8>GZ~C>*gIjKB^sQMPd7glK zNxeHqpPK$Zf3*J_QL%+==|zVo*CpOH%I`|sBt0#yBZ9iBTN4}CVv??uR) zkIZ=!#q*wbnQ>M~(}0kD4#Q$|1c#pd7BEHKFg)iRJ>0MTarb|LbQw$k8XW|AoxV106acMAdI7S z=tv1q!!q6&?ml>|@W`mT#tO53thu)uH)LjtKiP5TAfONzl39R-?J{pTaX<5W+_eIO zF;c5_IwBK~;?F2*Za(9Che<)=yk5xE%v0yE&u1GsN=`h-j!qIrv%4*Nj2jgl3{$mm zPdvNg+C(7kOlpsRK3`v2NIu|u z;jp^mAyj0XrEvq>+52SN{Kusv!Q%fKO*>+-^MPU17~*xD4mb_a2Vp$ z$XxOJe|N6t|2`2VGG(6jhR@_mRgDV84&PJWt;itMuZr+;2Q9t(uq^5jY=Vy|xR%Ab zC`Hb3>v?o`=NF&1<)3e=j?u2L-CEO$rVjbck5lC{7ycP76_y{M{D-!f%c|7<-&2@y zX`4Sgf`9X`e+;*XjL%OBXOjP+G>p0U@EHYr`SzZ)BwXxK8x9mOsSVgH%FH5Y3^gY?%|6AO#`y2av z<*)oNi(BWjtUHU_d-YV0UXHKRU;XAAacMIFFWOy=XGFV{hh_MkKx5ES-%O^YKMyq+ z%vZrWj(Z}kRUQMceTai&4FEz=wzEm_tw)HL^q z5xF%i(kECjU=#iFT(UqZp-xLyl5_m_Tb&EoKZ@a8LhMCr<|o5>NzRh_I4|mlvbS7& zHD#x63E4^}i?2HL{#-ht4%av)&l?gn08)Gp!wL8Tc^*|!lK3!%a8jBX$**;X&tLG^D_CE^V??iU?3&%oJ8tAk z%E!CEZ_50!@w@s-oL&4Y{BAMmb(!t^5ypFU(n_e@VFp;fY-w6Fk9<(4ihAE zrPN{C;>-`i!ab@n05>J^l&T*pM{NFwf5?Heh$&qv}PyT41d$aH{c?J?BH zAVGZo;iY48wx69)=O&?|@+{74ufp+h{*yGp&*vJSW^!rv4t=*kx9)igTBzN^1X!rK zWJiA+da`uk_4CiV3QF^5Z)OTvyuhGz zYtOZH4swNR$9U7?SB10;5sOH8ZjBqkJpZnpiIlp2OWoj~iN}D7^k)Jv(V`y!u3}je zm(XAhV$zG3mr3=5P1z@zKbBug%}6;)kwbmpl6x?-z|l52XK56qnTgK74cQeISAG*Khm9vM7(&)Fh_rq@wC1{&8ly z<~>thXNm70I$a_vWG2#(J!g++dOt;SC>>WJxqe6{(H_ON2uJkHa+PGI?6jXAMrMAD z8*}_e@q8Eqk*NvtLWs9@n{tvMprMu%%l9_xpC8XiKclcfEo;YguAYPybJvMdcz`>A1Fxl2HW> zzfzZd!x$-OlIc;UxRK1yGSXU-zNTw0f;6@B-XSbg=X_lL~dKHuri!^MXomJV?s zQZT6Vm;LgMDvfM&S$(uuj3?pnT{CnMhIVOb1wn4;Ubn89sx!M2318`40N;>)JDtYO z?P?HC=e$CyY32O2d!uK;$(#lUnUfps2#rJOe#hK~&wnYU);r)_t+OrcOIAF!ipFwqnHsP{+h%3N% zvNw^t15$;%D1nbH4J~Uk51Nhc-ZN47Ej-ZOnUfFu=CX`3;Wy;4-O3`|C%7E{g=!r? zB7iK9?(m2=3>6=fcGrtE;55(Jb40&fyAUyFc-kJX;cau~zk3Yh{jC@-=Ye%`99*!O zLEWkHua0Y3962S|*_~F~HBaNb(x#IXQt!YwA7>D}_C@3fe=x83duFzIf3*I3ECmGF zJks^}8LP!Unq!>syY#S6GTq^w_JV`9R}lBoa@$k-EFqA0X*zk4F^cQOnGNedip{BC z9LFM;Z20l&iCCND9+OYQp{R&p*mI5B<^uV=LEr6CzDEQr0%zx(`8OhwO>A9W(7ix~ zhXZOCS6PL(v%xazon|Nx;k)(^*|L2+_p~|UsuW6QzAkSK1*eIQ6P^e7LKomY86|-e zQ|lK`KRn9epLB`t$Vxk|m(kr|d8&)4s^YH4EjFHA=Edb(PN2B9?I}!SYY&w0U8y5N zWNH1(&(9<(SjU(xTIx^9-c8@YdD5GjX zia5i5dhLbhb9?%U9iJ1RS9Zl&np(9*_0eO_ZQhIm%=ps9_cx`mp~5}pwvW~0vFQk) z`>#6ddg%kX3uy~AEo{*1pCI&m=0j0kkN4>Z$Zh=xCAdHA3UtO7;-l)fGwlrhxjSd3 z!`1X*h9CTYH&@#|3N&V}kTA=N&#;u!xeGs2B)*ZfS66jc=Lx=jo=uYNz7sN>r7Ni` zsov$Tu4=EY^7|QpyNK&@Q)h9x<R~S^8?o8{Yn? zMaFAaS9D-*mEL|DnK|nLlW>(*==sjR;B8~@zN$mo{?mBc(HlBYm|f<|3ETPggfLTW zz)Z~UyS=?hFmy)wZr97iW#0DcW~i=!@Qb9h=c$Wn&y$$=ZcX1{(S2=6skozN^zzwt zMckZv&_&1RoWJSWPSxUPH*b0G(oaUtSKpPsu}Z~$uepEcnCpfv)nBwnVjfzY>i+g4R%29$>!PJH=vIgDI6Kz_yn zr?`RFpq7l3#7Z<32(Ko#5Y}#samjM!Azh~zoBfVn#KL$ zCk(Acr=E7~78$drOX@{;7mc|j&84J2pzAM;;E-Io`eyU=)Ut$f>(<=oYEuiLA;bl( zggU8ehiAqplL#4EDVb^uHPfHY#+g>4+!g%4Lv_y8`E`K7go| zSj-&Vthi+%e!}&mIhmD3m`nj795!0Dyib@k{OBEc_s(sX zCCSVRnJSV^k;#)IBUD6l`NHJQ8&-(1-|O!+47iGN9Y>CgB9^Xw8%CgFz3;pOqTi-J z|FcS;(Xk`-CE+U16N#EnWV@Q84Zh}!7Yn+Pb@P(F2p%c4{V#9GR($iUU4wz$H?p_t zcb*pYZ@BQQcM9BNqzZzcOsf3Md#(xOx*28n{X@mlsVnY=VozLb+#9(?gdCwP-pfn+ z>}T^g$1z7s8~DMKZy!7oBIj2yCI#M>I^SX>r`9(Yl=lkJLk^n{JKT>xoLlm!PoiV9 z6%omwlC(%qTHh>X+qC`-Gma*H^m`8|(=GbJ$5D6owpWxmxSOWt_XrriGBJ@WEwsHO zWy)c@GWc%#`ONTY>x6))HWA6eYa;sU2m5_D|G+kLWvM~F3zPIgS=1~{^$~Fh6;%u? z_~kPFo;<#Dq>#FSjm_GsTisR$S$@qe9n6#Z{PRCPk}TUL z|L8v=5*0Ni#U%pW;ec!t>~;jc3EeOO%^Xcj z@GH`%u-x1ZRVY92W$2+h99Q3R19ZSMZoB58wQ~RfBon~0GyG)+$%`#qx3&?ov&3Y^ zY-XLIiQk3(8Z)!*uS4c?gI3KEu*~QTNn}8nDisig|N(tSTO(M9KL3bHLLO9_| zK#oj5U&>i}`xasxv}Mjc7+0eP6#|F(l*FjaK2?g%^ltPYLE$_L^ZVmcpGTNwA;=!2 zYR@@r%}9r|p;hZv!VCNy-r!-6aZJP{qV3wh0+*!^DVuc1MmY&z2#Zmmk?- z!+3}j9^2@Wvu08H<}b17vkKEb@0K*DL^QK1!qPWJkx}tMW2~}MHG({fxlID&Ne*b6 zCWF`=smVqBlxP$+VUjqiU;#)vl29)FU6V z2S(dKy?uTkewaO0-EKN>)L(mHwTi#C)VIBZ?#7PoYpcRS4ni*AB}c1dC~jiH zo>axMi>M_tfwo*iGTUEQ(%>ZYaynk3T^>1W`C5noN$>z+K079(&k>KS zTSY&Vw;TwrH)H9I;$anI1VJ~m7vm>iYppA1bXW2u15P~+3e^d{JzRqg#!a;^tu?9E zMz`66xuR5*dfSv+cK%U7okw1f?lzZ*ZLxUm3t76r2G9vhon6Q}7?(E48wn zMPZ3dv~28y%ReaN1%){^`KBE?>Ur^d;0}Vwucy7HUxDLI{bk`aN`x8b6mz}OP6T`CVmc>Ge3ZDOlbwztv{$P-R zI55ERoHWyeNb9}UY?UZZQgCB3icJ5c?zYA#f!>~;?WQ51I8%yDw9R(pD~>}N1=kAA z>b1KU_aTcRsJRBpVpa@KHX{JAlO)J%skx-?f9|)(!fVU-e zE73H)W_%Kwcsw5L(bUj)O6h{aXJS|iDY27GWDQdmMuIF>8RnSCM#PIn3F4WAr(*jJ z&@`=4B9gYD$cSJ6C{}Iz8~#z42hJTQ?A;iveZ6@irv`dX@U+q)C|SA8JNe}Kek}Ij z0?+Y5PYKl4qI8u|SC%gR9CewYuE$)CEyCOJM$J&oITmm7aBOa{I;3Jvlh)IEkr(UV z_*y!&IHRfAxdA;-8T08kD zo_U8oIUt*0$_TN17Iom(#bnj64)CZ+RAAwzASxSG(=6g0V!taLxMieLa8gI8oOqolCLKc}qvnF-y077}srDH+t-CqdL0UYlyn1E!zQjHuvypLVD zt7M{x8}GG^73ve+?w=GHomHgp*e-KtbZfo)_e*%v3H-Cmo_G_c-r} zXO5=6VRMF_iUF=>$XDX=Vw-9}<&x|aHVt>FSf_ZIngaGr@<`^C&l8x` zshvsYDNzb)2F*0v;&^U58%ZN2?b0TIS3orL;7N~UBI`p9p9WKAl61rXCWz;)7^y#~ zK{hOSk2L6-DwxqSJ))}VVamno``|;e({E7)IZHaNthh24jZZY{v=%8P4ccaSUlx_s zyQVh@Cf@2y-aHmL&e5a#OPbG@NNNU~jE7Kum(5p`22Q@|i)-Uve+A{S<$Q zJKayD1oQo)2qeNr)6D5UEJ&lSsdSQFD2Y)wI@g5qX(zGKbKorxY#lZUBc&(>99-5{ z#_iPJ(FJA9rk{JoNSsNU%~8bMMU^^6)>&;B2+1fmMJX0If=}3uqT2uvHax0^CKqri z`~&_%0i^vx7`W{zNv+Ck*$PBtgce@bXRkq4@d80!a1qaVsZXFRcGQ|G*(!1>PF;`= zG~`?5=wPAqg$rRKKm1U@*%9j53~G~aT1JwcfS{U4QoCFXb3<`|{2ZtemV5-a&j+yOcMqJ1e5!i=lY@*gRD9foZORzIH{N+{fM1@ z%YN`HT52*=*tOjvuy^fWJ(bw0VD{q^fy!izQD_#Sx0Wo3r*VBscW?3yCpEi|2TRS4 zYGxx?mtxl}xQSkM-!D;&y)w(C5wC5H+aM}M2}*us%5bPsr<~4XoTC{Sz#719BOhmB zMk$V*xtYYc>Q&jnSJv5%0N@Vn1W^IVn+od=*!H*|Eu0bTpT>X5q1n{y<4UcMnG2OI zW)TB8lE(I2rWhR@7`jzXSVigaha!7t`tCK{{ax^%l+7oLNsvxI_F%zkwsyQb-4#+C zhE0rH2oD92%p2RuU2_tBj3s_VtYKu%1Q7>y-vrM#}$)fQgA(e#s!eit%mNugGokfl|h~4n7=D>XB*q8qVf%r z4`DP-ig73+L2r z@;PT=%8W%%@~vbXv}I(oL)}J%je6@T1&vxpE;*|_kQJ6_Ib+Y+B8e8vtiF)mgua)! zsmihJ4=DdgDcb+xGS6wOw~Ra?!*T8G+f5}joB7_*=RJ)4%; z>)HkUqx=NdF8L#0c0;YEBssD6v3esQ@Wh1AGp}2VfU9KlLF_eJs%Bt)YVCk@YV?Rk zePK()+_QqYcDIxx*08<3PWW}q3q(+HN~gS%Fkt&Jd@y-g746d>+FXJCsA~-MsR{Ur zZY<|5eu1avl|>{{A6E75oB!Z8571*q8&uB-UPxzAg~82WNvi>|lWXWtSexKFs#A8_#1FMs6MxnnBc9)dJ({Bth*b9km{8$(WhQLxM6i zfUou?7Ll3h8<(6-k?oTuaFZMp52kX;N62-_tt{f)nX0ewa;a)Lh4IPH6(0yd?G5Sv zQ9!m^zsut)lhyJqDs%9O`ci++oe}_<^4B`RnWZ-p-t^;ne zq7k5bMF*vw{QxStGvCC5gr>{l5M^yA`5>Q)JRs=fVFZ=$c0Q`OCFB}!p@Iw+bdq} zhNH(Bt-S3R2wk#CO1*XGnPHHg;s?H9L)m)^N4A3djHbw>mAx_ zQdQdX%`_3(1lzjM7W>=}V+&r<6=lp+ol`}yqOK1 z@)dC7xw8e=1_wW+kO?zCK~P>BuN}#x?o$=%1>8%{PhTMy~ zMYl{p&io~TSCS30#_TfywQ2`hKcuzJUn> z25{e5e{fZ56xki~#kMS&JLYD46_p$`K)U|+TRBh%`BDBMQ8VQCm!Icst6m(R>5V{d zGK{I&JMV3NSm@(!=t-iv3Lh~DVrfC?q}eO%Syn)vW?KW6>ZC!h(cW?Ba4jTmU)~^F z#MN9y+zDzWvJ*jKkFt72(?wNPASvoMk!Ea=B?#V|?N5UXZE?@dB*K*WTrd_zDyXol zY?Uq7vr5rntiE}3omHvA{D#!GGECLkoSm82Ola*|VqKeZfx7OX1!>^nwqT%=3%L#; zw64(Pm2kP-z7E#aA5?iA>;;}kZ1UUiDe2D|MDz6*m2Hdxd8%6+ggRGLe&yiQ8*4Nq z-AhK$6L3|uC9JVH?mog-)ZQGt&eubJ-Wc}2_lDBg&(zh%p`MN!kBQ74va5e_AG3be z(Adhhmvk5oFRutkkoypiAaAH$$v5}DMm}cF!d@reDe%&8MOfgy;zu}sHK-QX?P%k7 z@MiTM5$*)fcZkpcmLWplKZ=sH^bnSBdPV@6IfIqtugYob=nV@!Utbdz6Q8gf%jEfn zlQlKDATA7vdoM-hfJNzs6$muJ=``OqtkPA8r|rTU+TS)r_B#0&Yl$<-H@!GX$(Eje zIhvBMr7|vvxRiwCL*Gd;gh{5k;Smr8(1D~J0q8j=Y#6Eiiz5>0_DNew-Qo%ZhI{ggvMSnDZsKH?F zj<4M-_s2t-OMe){@LpbnohrtS zufuAh^Y|0H5sLxYP{YIKA4OPA`|wAkN+26p<%DiOZ0|~xO6%-UZE3@7kvG-_sT!MR zG)RNn20*Kf$AJL8IgJCCBQBp@B~5uy19Tb-3{f|K;J5RGs|QHkar;lD#I9rePu`F( zVJ=c(X?< zIRO^)2fZS1rC0{dS~y1p`1b`Y_apWtS-E8z3s_j#dMh(L&jo$@d*M6>vWm8I?w6Z! zKCx9rnx%1P`NTBwWMBmA=6s$@atspBTCehs2{KBEAkKO0d%6>PT{9Fa*Buq=REyz1 zh4#1G+fH_RCO|IFEICdZ?8&tg77BqiJ2&RR`x2^1O~I(A+)m^djQ&H!l>0f7GQGhe zpdx>JT~2j23mVagUIDUWlF@Sl*?F@$M5b39sH!CAwepp@(|tK_+iT0B?4|yg$`^)B zqwQ_*9uUhN0r@J+tiWkr0;rCXLr+SEsm=P`7QH0Sfgo2uqepWrvXu}gIOyC{d$689 zph>^_dP*48O9KjbJO^dJ(W{X~{2qM2N-By+?!aYM(2na&0^GLXQ2L{g+X3&x!Y`R7 zO0QC1NOIu#q!jYBIUj!$=WA=gD#(k?c+|8OE<83O0-hD(J)Hd-1X@$P=%cjEIS_1g&?emjMwLx2(SYQOpJ#Me^*SETkklSRM?$j zJGgEwIux%heXTJC`SAOWKU0f^V1=eqgC5S2@Kp0sE_*hHVH7Y?(nz!B$8od#V8`hW z38Y+_c5~Y*a0#LmU||_tw^4&d`ZPL;t#Bcrl9B`o6HN&EGuz3P{7KaiJ}`)85O2Wh zkPTNae5f0go({QQ84S&*T^VI=BD6-(w(u!6)CvF=sA})18Y)eAsOdQ}q~%4`^ekdo zS2Qydne^Bu#^t8@e2fY@gNe6A2DdInLVk$L4g}vb=U&@_#FzD*lDbqKZ<==5rCZ3S zPkW{90C9t4x0#lMtWwKF!E_@RFkSGil{DTw&+<0@;{Kw^k6PDJ*%kxkBPI^_w?nBV zZpY0eU8LNdWOaLJ5=$Xk)u?Tw0~ZMG|aC z%*nm<(LfTpMN_8H8E=1%iZ!?nb2L_^>NNQRX&E9b8Q5)i;dj%cq95~M&ct9yVeK+Y zbZo-hGO4FOx0cj7x!*n!MV>PM24_3Cn_L+W4-w!#$;>fjpv2?L1Z9A( zV_NowveDc#>7CLkYvHoLy67^v17#b0WLQ7L?M#77(S#l$x&Zpe+~8RrX4?oWG8cQZ z>VwBobn#-_P%I#Y30R%5x%o2Y($~V1iaXKJ~Zf<<5NtNGdRqEr+KDKmeIYK|7lT2t1Fp$Imi_9pN;Aru!v}%*ufz(Gn zGqKy8?RO1iSlhH1w@opjqhUDKBcwWd)XX`8kq>@b5b7IT2a1dLJ?8bx3H8}s>d79N zjtwBFw~mw0^Ax2h^{U_Mcu|>48=I`uF>nk0r03aNo(g%4&r+NBa)2uHKs2OxW{g>@ z?mCDvURmX!q%9eeG}J81;rkfR`i80 zajUR%-&xk5>J3O2ny7OX{sMmVngY7Nxywes(o<|(=h?^vF3GL7k2^k+cDE&+Q}lAP zk$E^zx41taCSndN#oP3jUb_rF{ESjEaj492VcAxXd7#dYvX=9;w;K)&Ghw>TigSR?7)qC7R^5y z<0M1>@{Joaos~VzwWn(9OSAXaDg;4U3ylaGGY z*SMX>C_0Bq^*??QAQ~(p$Ca$h5W=z z)mm)m&&k8o1*vz9_X{7$MjKUR~`A2>>{ ztsk7Z02p|DyAgVVJTM01F@)!kKj3>FgL#;t`S0A>CW5a4xFZGc2A#ni^Dx{e2>HBe z=K;Zq0`ttWRjEJ_&MV*~>7{FAEem+b$v5yBNK)#0XoSlBC_}3TeU?4r#&^{E=6sef<*w9Hzo>L>pJDYD&;*LWnIK8{kX5+87u?V zc*Q>|?o=Mets?jk-?-|T=Uge>_I=qhv6u0@{8ho#MnvJZi&SgQ(Pd#DP{}Nh@Nn>u zrFu){z~rqBlew)NrBzeK@NHX#5qF@T18m?6QDPdQtwcGV>23|mq&)*Z%`51zIdZ+S z^$35(vq&b8QvFDzgySr`@b>gX8)fQ;3+>cIJuJAw+>f~=*#Xv^NS|n@lWaL}lEgi@ z?b*5Qmr+|h4?f{64bWHVg{=t)9&5V-**tKMcM-TP1U7)?CkyCfX01cCBKQ0#P|H_; z({;`r-=pxE7c6XY;NDGc!%_76{VY+Y>9^if&Ipv9N;34i(Xo{)7i~VY2qZ!5$G7Pq zkRIxc;uAq934n++$1?*P+J_>IE|>VDa+9(^n^xi=5>@LDr6xhaE zd~8Sbj~@t@b-u*Xj>~9jH{@utEM2AmR*NvBD7(1dCO-17Tz`9LKsMaAT57CT@M7bC zEq#m+Cwxfz3~scRc9wWw!lvFk=^v!&&M#EY%siyt`&)Qc+9l`uYWFu41Euq>+R1ya zmAhklpXq0ca$|cPxWst8_z{{aHMQJyAAL5o`{QibI#P-gb~^cedoV)A!|yrcCGgN+ zF01iM>b!IPF}zfgkS*pnN+X1|HXU|}_sAGUqoKS`#dOGVfPzMnBFBC-kF2b1J;x~u zwoS!pQG~PC<%?4}me`x3R)!qFZm~lz;eId?{as#}_Q(siuj~pB_8{mGWO%B;1zT1)ssxA@{iABTBV7y+`Ge+^+~k;KXXvk8xtG^h&Nh-~H?5HR`QM3SO0J!c%SPm=He={?l*8hi zT+O(A+lNld=5MF^vVIK_l+4WKR$)-elpj@8rlFpg5D;!@Zx^Xnp{yoXrdU#_dNRt< z$h~f6tCxNH3re+iY#iavPg_03f#v%0l{9ll2I`h)C|2#Al{gB8{os4+BS%Nu<4B^O zLs#>#b#8<_vt$cdzk*KBVO;EQ3_diG0?*sjilF)V+mD753p!UiQh1e9S&@!C7^JN z=ExV#ZdT(9o3oTC_zXI7Ks*uZ1J#KkHD!T}HE=$jPV_M1gl?Lc?1U_?QbHctn|^1? zI^pFWt{$RcwwYm1*4!Y7>MOG9!6#GEBSD+pe3Wpf@Fc>b~@Xdq}|47F^ea+LUQfKk1LnT z&8tFOrg4FS2n`S*Fa?g% zXHs6@!eh}WBC-euQw7Jrf3qzC2^s=(l#j%)t7z)1^U)R``@d1%fv0ZAPhQy%JQg|q zAs-NUhAyuTP*4rJLl%}F19hGr_Doe{wKP13rl!JgD!6pF82un8%p+hTaX8oLCe-3l z)HkTB!gh_5tJ_bd4+FWF2ZT$@3`A}n<~0M|>u{ANk|L$ipE3T@YYmhnz>|U_LddR= z1zY_uW2Kx-s;h+AH_lCep{z*vV<%sQ+We3-@R1D1_c?i0tcChQRe}$LApf7J1{1s8 z>UWjyFo(_BP55YwKh+hr!KX`oYJ;KE1ehqHyT-??8gL6W7hoRlT-!}%Ig!3neAY#|G3hztM&)>ywW%5_!1j&I zAuJt~6>1IV?zv|@?8;;@a__xbdlQXLMarrT+h7mUt%137a@$teVP#t;DQ(q|LfFAK zX2>#ikm|&L?9GGZN`+Kk$a*(gRQ%pSKGlh(9ZEP4m(%W|@P?c2tA@~tNTc@}!+Rjh zRDV}7k>>+Cn~yiL6YvP~TGsTjmuCMxODv%WKboo`Nlos=O^_5==DJ0JtYPY;CDYNe zSU!Ba+WAW`((3m^_h_CENzp3C_sFkZQ$FWvMg&h?UVRPjsx|^pd>`|AuQ`GD-Q!-L zeQ)qD^rWJ8R^&x;O?P9wW&fSXZS=WDW{f7G<@^O)m8SRq0Hr`$zhEix)Q3K9NK{5Ee9t>|32es$HV7VYM>x zzX4*Rfhl^2I2OTn~cviU}?oCbdb3QCL3 zE~58JZmx(W3!^tsaHWPJ6=SnAS7Z7zv7$~Zzj4^&<|BQ^Y%!>$wWmNXE2y!tYE=NW z9Xvr9lvK`A;j6O*UX~z24EmR?pf0OT@vUe+cQiP1q1BKGetviYW~5-bv^MG4(B{hB_LqTF>o%t2a3!(WqOY?lU@Z@ zCRS2ba~o^a(QX zGP5~xEzAyA0ZO_RmznLjmz#eEQm#pj}OgB>ttH(d1b7)dm|Sd z1%2Gv#P&5Q!`$5asdygYfl}y|th0E2VM^n;luAku`pVbTq2nASe#LPdvBeL{DP%AX zGu%sf-08U5nRTThaXE7l-WR+AD$$^7nwG7+U4|rEj8hW*#?gjZcDyFALplJqY5xFa z4l9*8J$G@q7R;0#pitx_;1~8%%U6OTnD;3o(jOxDB+0FE=@=6}yHwOP&xOjmin0}| zi={6WnUNEl9R0YbbdM9{BCE2axBVdE$5>%u*i4;EK}}ICe5HxHm?lnI)J3U&V#Fr39F91WR2WM*h;8w5W@}kF$gdK)jYDS2 zRmSa`cMH>aJNqeH9VT38K?h^9vw=mIaY|Ork6xP-29#-TAurQfKj!Hvqej@qqqL}F$$f!&c3oRm!G06&>S3l7 zP``X^eGQel7u!e*@WY^u3tbdWd`lTGLQUBn6<=%Af?f znQ&lKfk&CD(4Ax;apz&&D9=R29 zYJ>GHfPh-XiV9gw%{wc&iD9@FjKrbujbGX+Y!Lwk$d6&X-zEL3w{N-GRls+VWN zCyJL*!ZPj|TjB;h83|dsgj<)G?^6B2)NbV#U6825h)%Ju3&aJa+bm`^3-MUFbVZSt zQxs~T{{T>N8pNPw=2gQn=2T`QSe4{peI;8e7RS^srlr>9xz6ECs83ps&L?rV!Njb` zaF~m09b#Ju9x=InN|+jqyPf03(W(2F-NIz?)LOPO<=UlQ;h^s869sbFfM`^@D8_^` z=Tj^TS90U)f(+-FmuE8%MyvM?Ak+`2wbl0ZP@ckv+X8{STrx%9`eM?TbNen?XgBf% zR@@(Wi0<7VL`uS`XBK3Q=o>%77}&8+9WjD8eu!*>n4FJhAIT7EC=X=VK~aa#9J=ri z84NKv=EpH_k<=ayL~v`_Fk?ZBTwKXyHoC5{FK@Ve>LWw)%cL-1+Z$AC5jd`@gE7y9 zFc%xsjHzl;<`~F5swM5aY<``U36OMjJyfX`33g%NfZbL%#S*JKAl)m4$dM>_BOvvr zHUuV(bRsy}~x-EuXZgnI5;B*&2e>Db4=??m>7!WaF4Y7S!JrcL556G)`g_=2jzo%Q>9pJDW^U zMhG}xMP^Wij^+g=3R}o}^t1dj!4x#_7>_V>MOzcjF_DRjsK6Ow@=MTXe`Qfr8G~{I zbnY1_Ss2^|15Wf)1JnNiARQgBH+AcoXxBt9@Se+pFh!j%HR|~HE!v<_QqnJE7j0I8 z{w8CMmd>MbE34iy&Cu3J7bSKuII#CD5VD9n6NA&ZEk8WpW0_L|7)4+~sPTC+j^SU?TH7bs%202_4xwbacaYBsiSjwNy2WX^2dqxB0cEGq*GsT&Ao zxYej_m|7#Z#GAw$APSaE{ee>RQp6r*kQEA+KqkC?FiOnEs&P4~P%7odDDh=XBn-0? z86!~e#vH=Q@5M@8K&tZC%6tr_R1J8hHgPM5!xxI2c|7wk)ZC|XtBK6~MkIGEbq^1V zoI<5~m?yZ`Q8yYc;}RB=h*pa#xk_CS6rG#+LvHqvT^g|bco%4OP;4PJiW4g^zuE@A zAB~qGLh|LP!&Dais~rN=R|{t&aZFWtc13`74x2YADSz3LpPmL1Nwxtq|OHUP+>INy9@sSj7+Gv`-3v8UNMuwY^c0NS8}P}ga88< zkZTHhh%!>vhVx-9{udOeor!Q-olZ@n$w;6WDLTO267oXa=P_@2a=56PSZj5eP61{Z zY^%C~DCIZmn}FD}DBblB3WTwgT|TDMOSIF3OSnuq^Ro~pa`w&czC>&Ln&%=d;^3{TLKo~OV>D_7I+l|-VJw6#SNC#GK+-xr~4pQn<*+0+SZ{% z8jf{d=2-ffli7$5kftT><%A8()_h)LOENO<<+U6A!JvVgB2X|`Vag*+x4n^Mwqc|& z%rJ)r8me%(p5e|3mbm!o2+|C=WqexZ5XW1J--U%mmmj`qU}M4(t(BJ&nNcw+iC869 zhHJ%2%qugS@l$_%Y4N56s2&wkvp%7esF5yIsaJTFiCUH7m%%aeQ{>()&K9qbFh%+0`B3BzcCfbQ)Z02Q{2eWEz zdD{?mqX~_zX_W``*#r8~P$U-mY&zyNCflZwx6s*Co#`y%vUu4158UX z$raiepqL3_62RQDHmPJVm?U{hHB7=})Wh$I zIMV|)je)qjmxz19dAB~GL&4EGl~B3NVzbQa!7CGfDR209;4hg{qBw~twie2=1bkGe zcsAdKM3pL~N`zENOr}#RRHc=cQ;bAqFjHW$I)eeOVz>QE0CzUGR>5ozRn0=GZQxdb zxtbfL#N%wT6`i7qkIiRZW&Z#Op>B)wao*Xz8VL>Yu%9J+O1Un`LQvz3;Zr(Q_-PE~ zeWcN3d>jB)8%?=@#hwV{2wr zh|%yy3)HZUE>PiM7TDB!Y8Dv%w;1U|W)rm*g7M$xUm0+|phIYl%Z}`YY8>4q!xUz+ zj+uWCICB_EEe7KNt6g&|_S6arqzx?7TU002z`eDe7?0zcHp; zr8WMN)GmSl0F1FbOmfZRsPTwl*D>+BdbMP`q2!oBw?juCq4?eHxii2{9-3^ z)d#Up?^a?1EGj!&qFBlfNEw?JI(mk@m`ttJj2q!NvgwNTU6SROw5$uhCH6UWDs`9( zLj^z;=3srNIf>h67Q_lQP9R8yLiFZhJveec=7@IjTx`rDS`?NP-RIuOwGuffgy}R# z z{7YGqH>hpkaEiQm1yNKmS@3Qpcq*|J3HLr=ZdTHS+hvcFaP-T+2mP_hm#y^7zj}1y97b`Ig;!#n=w%tINWR9U55N+jH zB2#t80qA=WD6}8Y#o)q0wT2(X%MHW(gvTO;>uW3MR0EK>MR+1;F)e+bu%$t&05IV& zkgc1yu|%0qSd6{e=N3{`N2M&wu^Bm5hE)}1ie-z=d45nrv!ZZ&7I zWrYv)62vUvs>88+`7UfXozVNT8Cg6;mu*@?Tb38c}bmBjILAW&vzqyvJB{ z)3mw8h=o$@vs)UABBzem6X**ltIa*`@zAA+*6So14uhf>v5gsS4wh&ESg*>lp$q8P z`AWYDBrO+OhD=THkX)o5>NEObz5#}6R{<2v<0=eGP+eb$@rXe)Au&tJI9yYRlWsjt zFPN$~`>5zoMk98iiu^WRpm%Y%5}gq1mEt|9cB7vX-bnOnY*bf>0K^N8K;AP@*HET1 zF+t^oz3e9Yw<#PaDlX#+;E94-rQkB$pfZ;3eMi{f37$t{l(<=ZU7#Nh_!nwGNCTF!{Mibr~v1&fvsozyW><9d@AxHkOY|vUblmyBD0GPypbJ%GGWsM~a z@g?FmW2w(ZWHuBqb`NsE@SSELKla_qJIX445${d}?wD5vGIeFN_u!WjVNuHf+-@)x zD==7M0OUYArV6?X)r(^(D1u%Cz&N?3g#Q3z*=j}ZmryC<%#pSr4wGb{3KfSpGhmk& zlE)MSl`aVdQUu(h{K+Y$bd{gw(RKYIE@e6qtjtrxs zSEnw*Ahm)7-UA?N*cqpdi$uYqWYl_y z>_p9}>VTE1p&l}r^v3o*5VkkbJtRTmP~CU}l~Sp7G^&VF)`%r)aKzP(R-sm_#vcU5 zz&i1w7=eafH4bKPaE>9wwRqoH-nGNX*obA!e2##miW>&YAO zRuM2tx|gWK#dzjs!oPrSTaP=8{7l9qN|eR&iprJI;dAye_MrmE{=}ki=)SOpZ5S|I zYk`#arceQCsf;Z~2p|)p1j6hh?3J7y6#kDyDSlhB`3s5&5a`9~ZK&HnvKB-CJ%H! za-l^3- zIZn_(rsAX_zKCpxRRE89osO9+ewaM;T|nSrGn<3M>oXt6b4SAw12g~V|#7vwS#w6E%g4A%hAvzsm8sBkDL&UT9bA~TTU5o$3slBcywV(Q>d6+H@vv?c0FLQ}~Z8D>0h)O*FkO)QFH{{U+UP3LTI zb96zt+0=VfFkl*+!orO7E|f+a{MfY`!_{WB5{w+X{{RSx7?o@M5Of~r_L1*C1^q0= z2`DfDsF#LZ0*bgl(Fxr(<)AnVYK!IwZEyg3(8DV20_x#GOJK!ri*4@xO2Bh>0(Nr( z6?Pf}n>3B2B-MV1NMdGQBmm-2cp2({cdQsk8n0|vXxyPUr5GEbQ5#~}ke&V~at;BN z4a=$k!3-A@zcGCN5pMoB>|s~VFv>5BU*@qZz$+Uk0=t_xuVNx|*4gPr3!M`{ess*7 z057GUFNnH@9SJFxmSyF$h_cAVSrLj87?!qP11;3HaT+B;qkI!N#JuV*X6|MxVhcuL znwnveOHqid7UwLjOX@dqyiHBTq79P#UOZe{@pnZ<0=#s^ z&yx4yc!26KrcAh4i&Ym4vRUDB{9L(m?eT26YnJ!o<`!Vf<}AEUCMAUCS#X@bDgq!s z^&%6<Ap;x$%29k+}B|ZdJ zqI!*u&Ja6gWUNtdZELv41KA_R>Nx)Z5i9H9V0Gqsf68Ncyas#XRj+}T6dFjzu`RAH zEuT9t^uGw@8gA8yz!9rI*o7$zfgCp%lNPCYmcOv7&3{HQs^C}!ueUb%P=&Lm%ZLq` zH*%CAie8`uv0W@EEQOba{i26Zpvh}N0mh^a(F{if@L(oGwPipsGbtEKVt-Op3Yo9X zr(k${A#%Ig`per-!9+cv1fADfn?%3(6iY?3j$}A1ug)X>^Lx|UtHzA-Z zrM&C>j}mM-tE-0E8!V>rH#s9@xqhKJWy5l+R7jZdO4N0!NmB6;0}(eXajd}jqqvHR zDk8A~M9GeG2~e`KnUz4pY%?mZS4>Ixhy9%5IJv??rL2KMBHm>cEXymxl@>7ehEn0+ z1v!A1xc!$81vp~MKQX+c%weG^cPj|3K;yu0vvDa1`<&l9A9L<~#t#8$e--$g7_1>_8a@^*D?gh(xICtxt2PYMWeNhoIAF zW@!A%g&|=Q1CC>f=;DOXKBB~-qZ_gMxo&=jZ?ym$B7MduNP;bHP~6{wB6VaVgOR8v zgh7a-6t`JQu-rTXLzy_Dr!Z$S^Fr^Jj%sAR;FZ;TQqS7BgT24lFwsjgqUNR1M92)Z zWo7BF z`Ky~sP9?+N#17>l1^jQzwY?;3e`108Xp2=5OWhqL!lP2rr{t%2nmiaggW zXjOTAL=v=MflxON5$kmwB)`!xK+tdytWMPb0K6!AjDq=W8E1xRC(<^{Bi+s`ufK$1 zMbF)3zLsNv@Iv-zaqhPSB|R;tRuZmJa3<2FQb#FX4l@=CWfc*)!#B28kKml+C5IY( z85CE7LXj~Ls__+NgAgmgyBD^tG7{73@Gd~PtK=96`94vVJ zO;r6dgCrT#1U9wY!k?Ee7po$S&A?6-%t=LzJ)!#sSO^B#KG{i%lgeySUW^aNw7PIjc1pS_~|PX$fSrK-t7{lmc^4 zaIZ4fto_ZDw7*j#tg>8e;u^_l;p!C}xx({>MF7uKP+SxbS*c_B32yvFV7;wnfJ>g#oI)?S3Ky6=23J1^~c96|%WB zMHcY`h>g6lc2N!ktzh6F#7(L-?T%0#TK=-qh{}sYt$6pb-F5n&))A##$uEF%tF+ky zi`qZz-AZ~zPrLHNQpmO7!aE~@`#OtQsbn+UbeK+g@#L66_YAx-H{nj_<0}wm<#UB8Tyouw5>`;4EHHgxQKqk-}uE3Gfx1@ z%S+OzmWs0cBtotL(Df_pi9sv2px|`F39l5#(3KYe-SBD@7R9-o32Gu&L!tp)Du@B9 z1wa_l9d@7mVmw_S3505>1L{$3@RzHn+$^hn{{VLpaF>{}U9RQ@-Aie>I4;+yEUjv% zt8g;&QK~TpZt)6ZB6K5045<;|z%t0pY5@hbM4I_7bq9%gm>@EyyCRb!na*J5SxgrY z=K8sCzN#M3SlOc8fo{{W<=H9^G~I4SPptZHD}dBnnp5u_5Q zWP88#QI~r1MtlLI*BbF^# z7+~*ek@~4EH|@5)+7n6V7pIi-dd0cJ=Tf1}AVO5Bu!r-Z@PTrV4KlDwrX#zRQ82-~ z**4TnkuFxrQlemvqhx9hQJqI|;^i)GdzZLnVpT=QhbY3iV(~7FJ2e}vvqLov1)FYW z!FLRqYO9atm??(yXdTAPdNIa(B(|@?_VHlOQe#=4a}H%&wjT2EMkm~Tqkd`%E-MAG zr!yGE*|kroAn>+oHka;N(WMxrt)5{FQkC2iVPXSZlc$B-3!Dj6yYsOsE37 zs?%E)TjB{6?8kfUf=7046iI!~yZl5DH8(h*H2(TeBs5DpQiFX-<9n z+5nkS=6iu_bVRhhV|w9rb%;TSWCR++ap^7L;8mm=N{h9-xu=2(ZXTiwO~o3zm{m$h zrxy^qSN0i7y2sD>a4NI4-_z(yk!X-al~U>rA)8eM)6&4{?uJ$rsXDD;b7`VWQ@#AuNH>DJ~d)W@Ze~>CRN$3tNQ`k(h!Uf5 z2!z5ijLv4G8pPQs%;HzMP--B`Okz8Ubj(sr1Zb6SvCArV?lTT!-I`n|+`Rjj4d=we zHy1>yQn3;6H2LniYs+G4Rt2EQc=(vkqg7aY*Ua%w#F}A=KSMwhMZL1XaoyG+Z9(WC*P{ z*$vaJ5%NXd)N*5Cqw~}(*9ec$N)b7!h_mk`5a~LCohm}0!FI~anU>5b{4Qfb?p?|} zAZm-r!});dD!mSmgu84Wr6IVv+9?2zRV|9J?QRs97sO?~L$@k)B4lO~` zNB;K#3SJBf6n2c#Y~{#ih=3e0!SpoRotU8CQeHkHhzd=rH`F{O$?6>b7ai(=>-%n! zFMzU*Tw~^R24!dWZ|g88A?p)J%a<|ZFmKK!lK%jLRH7$_u{nVi!5Hxv?-H(4nN3QI zZZnCSY8TX5W8rhDc$TiBRwmZv&Nt$zjvdN7j0;S?&t|9BfN6;3mx;z;7{}zcS&xd| zZ_490`7fNrR<3lv8^LPGvQ*}AWh1Q5QrN>h@=Q6GnA3>sEOUu;Jw;%?J5AyVg}?&D(VsR#pmvtQI&;K0;hml0LaYYoeb zMcu8#qfpWUsYyoFhB2}UvD+17zQ{P*6#-OG@Q|{swi2?*2QH$p+YK==64b)L?h&`5 z6^;-rn<*oVu|b`P5J^g~K;emoJd-jLlx4ENQY0YoQf&$lfhMqO2dwSXvy$(k4?h^8 z5S~Mst<3Za@IWElyY27Sv?*_KW$Wj)%LUwfX2mFX>rZK%!{^p3^i0)S_n?HqtGR5^ z*EZ_+5tfyA(yJ)=+6@ZlDcqj_X03~1)U5!b986|amKH`f=W5Ti@kT8^8V0&(v zo#sasxQmw$0J7luxHy+NiZbT}Un%9%Vi=-3i14wgc#npWx!g6G%N;^nbGSzoK`Jy( zpz@b;;IwPh((RZM?3)wcM`OcvQ|tBTdjZsp6trh*i9 z#B*fCt(X#q&?Q0Hh6AK`q?oP84wor#OBomfp{p|whZ`+tRb}4 zklN{nr(6)vFZyhcwM&-Im!E%-9?(07cyezE+dmJ*tjC4+~Quzbna<8 zM9usGm(Anz4K7fzO2-}xrd^X2Gi(;OG2&n9<+zrvSiMWz2MKc5QOwM|lLloGQp|h; z;hRsnOv}_%{Yy@MqAaC5tU$;wwZVqA)aL zYs*mTBtjykydv(Ob8r+w+@%x}_42H4M;#!H5t9NwX2nXtH%TFIBQB9+Yee+z-c0s6n2ySy6F)U%d6ic}Ns&NEee}TDe^TE7ME1Fj>jU zXg=+QqI?-!tO+IcY5v;P0<4(Y(I~DpVX42})Ujhl)VZSo;#Dwc9^PE4jmkO>^ zn`BblkSfp-?NACgZJkkrgm8=3Qk_-BjFC>Suv#S*W^1ewznIl2wwY^O8{6bORo9B} zPUFXf#IF^&lH<7V!6z)$&LcN3CLfGD1_I2-h)7mda{# zn61V3?q0IRbuDywF!{LA)OS^wT|_;l;c6>xW$s|q-%J(`$$fYkUDV!RxUs@}6WNKq zPEoB!Z)(d=3uZNP{lPacJA%t6!@zJMl>#`3c%7)bw0;=1eDx}6^Xv&ooiVPfuG%6Zpc%R)cUOo#<<^mlf%zkB zS$iEHhd_rjgfM>A_|`4O3qmX3#M5* zn+cng^#Osu1D^)i%9U`6i8$QmGOjYNBxPJoMpuNkRw8?W7|Jo`Cn+eXo}((IQ*j`w ziBYuNKGCBB^HI`Qsb>_#=A}xUN@{S3&`jAjTn9A}yiAyg+^ojOQM+QjHylhDshrETwikC1xbWu;{{Y;tQm7&^CX$~Zaoo=^kw8Qjg~n~#90DGeUl2^=v_I^! z&`t1D3Zh|1tY;?U1zL129~azYh!=x`8f{;a7nMEID1Q4XhiO$osu}#P1acG>zgb8* zl|eI#OG(TX1^{qtpzYiRAM7?UM>&Pfu*4ijjmo12i=N3rj|zx54~VE{2})s^ zp~tkiUhSlWuKWQ*v6yW)VPHE6a)Dh22}Jf$3@YB`&gZF3v2N*x+P!45cbP?he{#$m&t;N(6>4Q4a~yWO}$>vQIgU z#G_WOSOIY%w=n+z?Jo7NHlN}u$3>8?c1e_*E25a8ff_W9jbub&dN4BX*5&?@H;s(5 zI2glL$_RHOj&*G@r>*K0LWt+%0WhQP-Rw%o?G}BzR`sU4;Ii2MfG|Vj1;QYuqEZrN zDJ+zhODD&p=uOX8x}F{?4SvBEgZ zwDmGCxqD#DvrNFjoOe0uSOQsQAsrk=9ZR+wGwrkTvd)@b=VqJ&R! zy1yD*2b=JdLp_i}}$10InsV&BK1!@t6*;xL4^4q-DE7WqJ5ueY5xlmVptB zr81gM=_*?y7Xwua@J1Wg)QI6;r7&IVl^i6{0OHG`pqCuy63np4j$4Sm#@xhQu46poIYw~KF}EaT#&ehzHghq97_V}d7~ZB6 zH3q{umi#Ozt?Q>oUM*Le5;0Be>2p@0tv*RBE?k(dH^WTV|~SKUh0<}E=|kNjpG zk#<=PqSj$uTESEEhJJ5#?I@P!{{VLic&MMc3|z^gt_s+Pa`)Ae%UMn%2)%t=D1Nol zC63i_m}1dRUZ!3D09FXHRrGcc(!Bf|SZ#(Q{{Zqts^RcHYIiE;d*Hmw*5z2Zk-6@i zwApMzh%vttiY0lT)-(hYnVq*4QI(mCab-6w#Y^|cgApva&}J<~$FeP1j4f^|iD@o^ zKQL6d-QZ5#Ldd(gqKR;C7cGcH#8fR1<_<=&ESeaw*&fYdW@6M# zZNmlTR0}SmfEE$urRprz#8*tey3?V^!x><+eN4}8Vp{^(jenQ*W(oI-bjUwa!_(|D z65zzNj?%!XV$~u=zLJ$gFgV?YwGpD^H*sXv)C^pArKL`eVc9sg+eq$cHK4yPnOmI~ zDA{QOZZ&qmv5~3Cz)Zl+L+)T86DM%JD0-HRtxNAR;*oAO8n`E_tBk$jmBwS}mzH6~ zMv^cnUlR+xaQ^`NvWY3kJD(*tU>620w$z}bClrx?!pnd>wPTV!L1 zU=9YL3W|x6+^)!|sF+>uYF)NhF$UYtCVm*e8C7&d4mGxa_hJaO%%-Qe*ip+Zm~8{xdNDaUnZ5(4Xpy{Yj^{X-?Jox6=2-23ElN&i z95WwLN@K*rIg3PbYBW}EI7q(naZAMA7aEweGOdU$M}@>Yg&yObz#GO%S2&nzbunyX z_e@OYQ)~^F3UfB90c#s05OAj0u$JS-a8#q?IFGrcz=l=a&JD!WR%#`#Jw%-n?0~H? zW<#cNQMqrX2!u^pODx(xy+CO6>*1AN!R`M5sg=3-h_dUlJ1MDiaE#fM7`E_7AR=;H zGNE3#@a)zw#)^JN2!-IcE>Eai0<_s1 z%kw?n^XfU4TCTM!!wBwYgXFY{d*q~kq1-=YQBWxLrk~GjWSwR@s}Gz~N|9=vMTgjQsrA%Hz`f!isg!{5Bhi%Dx^W#ZjlYP z+LOq6_Xa>U1g}s1f#krlqV^F!~aU7DX%uz2E{1sq@n3pBW z_|$J5_%c)&&v3D=9o#tGTCe~SK)#7Pzh~Iz9u(%mr-+J zxUElVk4albH&();?z|SGNVzX;T7evGG>X)^7%{?TD9fj*XLWJO%tk%TI%3pvWr=<9 z7ZURq@h!ww7ME|yPT}@pKifEwN7{+ZMvNGiINJ>+@jfC>YGA!;8Ct}wlMB4U*q6j~ zMQ-7G#YZB*tDcB>9k^+KOjrO=`e6S6W)#u=63wsP1uj8*kmqgaPgcHlMVN2fg!hrpRr_8<#O|66$uujTw#F zCGwgDvciDqfk2hPfQGtkxa3@{WyQ)%c6be$)GY`ThN5+&*MDel(+BQuQHXTQgaH7c zoUtBNiojBLiCHT#1s__0!Qy<77*qO+KPDj)updZ%lBF&*>Nj%1%|ig6xr=wJ3NSjE zO<<2JsFMJwxIn6MF8QA%OUDTn=`|HduIe2x?pt|a?MAeRCn*C%8zrVvnt%aSkLA0M ze{^b?@8tGMs}hZE>h&egOg91qn;vv(UP$|QAA$Q}W0v~=0EvPH=2nUUyDDiZ*9O)2 zK^a-i60559Dx+E34J*e>Z2JZnR%MW3bHMj-eE59bKL%M4tma;VPV+`jI z%AaTE?}pI!z%Rf!Z?~JqFW9%(gk=rO0i95>!YIH-cQ_+NOy_ZIa>eKIFQjO}R^^Al zS1iN1g$Fu=8*dPy1XkBY%TsbH|~v0IAg$2Aji#Zi9ZBU#K;i*6@7BAw>q-iX-u9t^vg8D;uJ zx|%mLMes|C)s5Mh%e^%&`Gq#YYFyZt2FX~Q&+nHuAzRuESB%-kc z#pYZCd=mOga7rzI*_I^HDlKbrfT^=3#e+|H#Gu?&+yOLY?7;^Fa=~S;7-(#=Q*cSF zMR%BH%vqX)h!q!AZZ-%ZxLmH+EE?tT;==|}b^E@A8>KYITFBGp{CPxPpkg)s`K+e~80*Z17LvC7#p#2{+s zGLj!e34Yo4%W{vzSYq=H1|9=W34fOM{vhfh7MQ`~nR+7!i^U^Pbp$N!7_HKQ@QX}p z{E!XI=ZKg`4?=v!W&-@g_-jgA1uB%g7JOCZt(yUm{~D6ItV*Ks>v@uh*O%HHNh!PJOgNAVrJng1U<1a3WCkb_c(4e z^@(*dM?`-<4d)V^*V)0$c+}@pOnH?wH8FpPeS<$G&e+D^4OD(CTxuTU%~s`jrebCs zArY38?}048d11)GvQctgy)z2LbZr|AneJKJEDT_ATti8m!ILiKXE6{nEiq#h&`McV za{-s8HvAC#vPzfy9T1e}`M}IJ$2)0?jnotXJ@XK`41O7z z>d;@`!3+B@(1w>~#e*{iM9GcLiko?61BQs3dzOCDl;$J;v9NBkp@vkA=Gkn;SMM>m zl#jYQvzfp+^?H~M08ju9fPe~#jH{@dfqoKz3=hQ_auNsHQ2{W*Tk0K-NOjFpw;MtA z2Lb@jKrz41v_sy|ugt1@?BRw%0U2VUv}z!`fhs8Asm>nAtTAR_J;`AezsQrQjnw(k z`sNQ~!FPt%J*G-fv{H$nh*FC#o2j#w1q}!If$K9bTddT(xLhHykS{ftf?gZ|uf%(q zMr5D`tD-cf1kx~{q6?K@a_pIQW4()p2G{I26BSSx+TS1CFmL0dIXkUfSdJy_guCC| zweKbbOA8pwBRROIh-WI)b|^E$w1BtdfD;1J#V6?%?SZgs#bEdwjTxCLG>U~TjitP` zjPWfNrq%6%#}DKp)>E%*P%)~^*Zt~MREuc@c5r*FOOBrB3$%)5ETZnrF~t|SvdWio z?+~nKHxSITF+KAaF=|_K&L$#?miGn*rTAc}mOa6b$Tlu4p)RSqO)|BZIY_C`g6Tg48J@n{wSst-(oE$EYyx34j>%b4*ydvb{Y&>1ps98k5!4@K86H*(!ynxg)0L?o{>~BJEfOD$)3~*r zMYiCy!5^KMvlK_3CM0U2UR9x%BB_Q-R;Wau`-$#4HHd=;Q$?KmMowr89x7I4BLWPo zg`7d^-;cP~oJNsH5sV(R!n@nCHOVys6FvkGGYwj98`lKJzArR5VW`hW0;0cbOV9FXD7 zp#b2Q8!lQ9Z-xjCaQ$K}0Um0lsEB(YP)m*m^Em3&MncvNBJGrN&1MRj%fK5}8qGkp zar6u{E}QRyJuamT8k|eUqnDI%cDD#~`CqgFGV*3*itB5Di%snI?vF%3qlsw26-%WBTJP5`(nn_PMcd(l(TjMbL(-{%@gf z(P`yF78*%EH<-OT5Ma|f!o#U3+6d~TFUb-vkqj(k{{YDq@x=1tS!|71}r#j>8B8=GVYW&3m_u32l6PBe;%ez~Ys937&g9c$S zu(kTV0YxPNm2E?>W2O`W@ry=lQyA6`Haw?GK(Ttb1r)+cuA@Or+-Q!7C8VRaSSEk= z?8gG7hNYm*ijSiNWCSVzVyyoF(lQ9)?Z$!JxoCA7vWqYYZUxQWW1Ejm8#H}NNN0o` zT}I_qPcGdDj$IBH@ zYTPW;DqNd%1@7TDE`8QN#xXJ>JQgi;sF1UU3@U0HFT9bcCS{GHwgUz>{!p@+Q8c$T zFDd$#Cb^s97}*TPrsCAfZ!Y3hL2lv$H&AbJvY5D+fx?D$L0m{}_$3nPVN^aOmx4cTEA+9r?NejFMxUj3dHr%#0ftl;K#OM%a ztbp|vt3y;0?E2%jHKZE6v4;D&I!sN=2~Ex|Yl)#m8#kD+m%Ek-n|oth#239vR6BT; zMGUq*1S`0P1|z*(ck&aL{{Zldmw>r!mdB@SKis*~k>SU(VcMHwH+9NRSHl3{utfcJ z1Oop65oI&XFd2H}ibZ#l6^u)-Z0dZLpD~d%5VBs+JGctW9Z+RTISKtuSNf3Ml0W=1 zZ7P^j@5=-?{#bB-W>p|T?G`bq^xu#ifc%lAX8j_>5&Xjy{>EEtcgT6>&PB`jGjqWbwF3b3ZhMhgeoiGK*~C)}`^a1#eX zthO}PEQUnH>3lz!HQ4B;IABD3{zbO5S$*Sr3>6!BA}P?b$@n_QVI=zVEq2y7xi-!-RHZDyj%zF{d39BpV*yS(_3%aWDHV@Uye_S1HT2hCsj0 zSyLZzdD}yjv~;2+@tO$q$BclDeImqR97fDjkziBMnqT;>L=rY$bW6=_Ms;Y?NWAf8 zN{!o3$R$B+m-ubXjX3#rJP1pYNbpOKN6~?Lv*VytbncT?hdhI3646OuYo03 z$#p@7MX8Um3)F!QGKxLx2i82ds9?hIaS)*TL@gRPj1GwK(sFx^G_P{;Q%&4fUsB5! zJsd@^`4-u5#mj7l*f(daO38gi#BM~~!2}Nl(E_Z_KFg!?1|}`@FjTSTT2ykIW)4#; z=z?6iZeb`~{-ztE;7Y~%VrC<+573c7#wK11?mc2q9^x7P$sD)*#nzg_I+{RWBP<=$FP;pfftZEBvGVWJ6&xJL{U)trJLE}Zq;iyv}$!WCi zqpHBo-eC?>_a0cTsJ~Q3?jK1^$s5=}t)Yg?e+(g~uTd+Z=1@??F<8`Yy3T4ch0feS za%@4YarPN)UEG;Vw10Lb#~lVkTjy zp38uhn<|yEhLJg94Ms4kqfy4-GPn@`0C2Qof3p3?5lD#ej5kF9dDSQe!XKHvUU8DH zZ6R|dmKe&*Jy5~CWXuBa+FXf-gOG~82@l}7Z67+jVHU8wrke=l?I_sG^EMDa4 zD(%HEld=fs7Y0}nDILlya|woKQ7sIQO9QhoESorht>ziL&7J@Sbt@NogmYD-h7HPS z#QNqLnpJqI&L#GME=B| zrd377M~q6s+-7T-@rL37iC|@+_wY8f@lyy3tvkr8=!FRYA_4)khvH`9^c>4)QFjwA zSjfvW*Nu(!}$g^O6>MbV%KBouvjlmTDmGVbK%^8{g#9e3=8@yK0@iO{X)LL2kQ4KkYb=9yg~-xt%=n`h;~Y; z{wB$W*l?X8f)EZdDP;$PkdxXxF6;xuwh{s-eV5~!BHQMZ2KzeyY^!En=yDcul8l{Jfs+z|#U1L0AQr_&zN z9p*2qisY3W{^fwGiK$HIHK{@HpWLTh5T|i13#V*X0=nK(ekE^Wwvvlu=RjP0^?$CA z1YzoTyjuEZRFj`t>fEu z+|yX@FUlo>Ek#|Zo%b%ZWOcGMz&ro~fH6e5qd5>{TC?d3&_~kHH@s`X03FAzF>AVgQ(22oQq`?#eniXP0W#)Un}z)0fwCFD z{{X%J0AmA4M=HXd)L13UJ6#Ac#e6Y2X1Ktv9&{Vawis4P-Z%FuI$MTHgqN|TcCMq- zSj^^e9b6Dpm6S@jl*dn~9xTL0%y8{2go;%yOUo`{wr6*W3}`!+tUku581}U*68BlC zM3#?`z6`ts9v2nN4_3H^$@x+V{BK=srVX65KoxB|qBp|5b^KJl?_E+AHWu-QA!=&U zO;?;6QLk}2y(h281-AojhW`L_Xcf4_5C&hjEG&<#m}0gssHwUKb&S9(?8>_8_crR! zsmSDwM8dWKIbup*(ZuzljuWxd03TvqbU^KulP81YbDTZG>ln-eQ0fhiX9iMP{mWRu z&SrX}on5|4EDp}b&oT+1%X_h_Iyg{q*QZ2L{#7c!hd6r;t9)&_;7TW4y zp%msQzzaLUPX|gw%FJswGP4IUaQ^^o!dWo@;}Io+zf$#M-!H3HDteS@$)>%dX1W%y zsHRzef*vsdBF#)HasEo&c1orDm7By*$e_3 z)v52_=*-0b0QR9YT1C!Dm&%8ok&ZiRCI+z!mn$^`OIQol8AUc-4lPT5Di*{ua6U_z zd;b7*Yiumv>hkT= z4rNFTpYflx>==J}eyh#V$KQfxt1}*A9+n&_Q*jAhHV<=4{{WJ&5^`73T8URE#;_XY zO|i64Hr~n`T{vZbpoCS0%xR2W`pkS$Qtiwg#hq}YTdlJv)i4Z0 zMryS`?8T<-4ngQFAD{U9_)3)+VVPG%uO!~#P9<`2D0o%6Ay6P#LH?poTwXs+We9Wv z28{yQ6vdY=_izmt-%(L|SGVM72cGr*MUAxO>|8PH1y=FDaRn%MFhLejrXs;?D||u_ z<*8xBr6IygXoGG^cw$t#A<3$TKPAEPHMU{qC%LmwcN%icTXr#SE!D-v49cCLIwRI% zHAKRih`UTh6=LBqs|1^^NGq0@Y5-nsN&_XmL`5!}iJ%5eE)}VzfY4*PL_KoLZY5l8 zVwo$;(3fntaS__40H;r{HrvCtenumaa zxmVl=wmjvW9TC-MnVYxz>^Kw?JNr{Q%*}#Bu#P3q%PAWz_mXAyvjvxf#tI*3p5eHe zvh|s0$)hT_5H1q`0Nln1#LvlX5HgtK89vicrbbG##8-B~hh(T{IwBPR0K+tEP~4>4 zMqXDb7aM+Y3%kFxzvK>uMe5sygO!q}`iqH0{_@R4V@jt?xoVKgYX{w_0u?GuSiKHV4X!RI{`g}7yj(UMc<(UwiqyNs zWq_IhD7XS7KL>5L8?Ghzp}+=+z&Hrn9(cYsC}s} z3x=Z#mE~vW6YYrP&fyeQX)A2gQ{xC}gchotW&l8Mk$d8x_bT;wm}0H>4F)9vf(eEU z4-5{ay3}^ZP-sY(RSsb={Y6-Fo21n}k-bhakIKT{0_Cjc8X9m)`)r|FSfRRLM^ak+ zosSG#9$(uwjB^y3sft?|oM)#IOk!;*V@#}PsFY@Yp-;K^mrFA;kY>d%kBFy3 znRg8MHq22s1RfUGDCFMk4u1Vg84IwOM*sz5YFug$c#7<_kX2E`)k=^Y zy8L}amR&>n-cRU9WUPzh)9i^)vY@H`h%qJ9_WuCxLK+t6;u1GbgPNtli!gnu{85X5 zUS`qMSA_?k?W8iC<#oY@K}vhxA%=+llDRFmKTaZ^_t7GLcopcqk!DMV!_bJ z3?6SpmCb(Rk@}2M)kcv;!JqY`mH@t)T0E#~@XEwp67jI`bDRHW$m2K!@l##I$hYC~}SJEX2BE zdx2KkjLEp-<%@{lCWaTq0OtBsbP6H2YVwMrz+QHf?YQZslHOTb_b60?w__q9l>!hr(c0rBUTQ5Gy zbZ%9x16LNW7>-+)7Iikcc)tqpP|NlCp3P0` zh&IYPiM@jUiIMaft$v}Zz)@1DR@^M0gD!0brDJr=mqGnOf2yB}VI>tbn6Pg&=&V!n0zPdmTMbFb!=YC}upO^6eS$u3tdzTf`5GVHX-(#>=b+G4t_b-9G(p?HQ8 zyNn599IvQ2$+S^w*x{7{!P?BKy{1;BZ0d>@+mLJeI$Ii7}WuL(=Y@ntgV#pyH1~u>#7A9}y zyZ+117HyrY+(1y~G+HKpBIYR1!DdFbLwQ~vEP6#T4i{h>B^t7=nXd)=L~I-vz;K1I zo|8gQ4>)YHSyzlflNLNXMz;^18u$(Sl|TzTuGB`-0{ZGXjLGxw3c2f?o}#18V!Zc2-^&i1BL#qoH;<8Kujf zV20z7RVwZ|ma}$yQW;3v)Zb%(Fdm@{DOQiYaU$n;%*&P01+o{lWC3hh}5lojmUA+gn zbmUoz7r*jV#YD1yJdF9L^%%m0qk*Uf6`b0_ccqxc&m_6v8~DmMJXh`GBo&hNl{TE3s5ate>RV)Z!)bkus};OdWgnqI~#~h z5DmbWjwi}ytm0(2<+-)SuX5VT4Y!o&d3y+jHnc*hlwzOWidSZ(sNI#N!^b-*-`ego zYIaI7lp1*d0LCGX_rvlB(pd2I){ri>$EV1`=!;Fuvt0RNPNN1HZ?Iky7UnTKnrjmK zK+9ef3f0FjqkbuuyiMaJ%DI!=camzzz`3??^WwZF8vHWl&QWgdm(oitmMBEuh368L zE!0+(ftHm`v0WKM_CRI3i|&zx0cCc|+ewcP{?Vzppard#aVk$FO9n%$Q?)EsyUYtm ziDrzuan7!1j`yL+UjkEa=#k5_vQQeu5D0O0RNPGkZYGx_QS$!)AjG$7iK^N+!xGKf z{*%))kUG3S`-i14rUs%7ShjFn$QFxsIA3&TU8NX5(>X8U0mQ@wq8Y?GKqCZRV`O?1 z1lPSpsw2^!(Vpg}0Un}AnK#_TVd>4B^DDsC9)Jmk7XaBa^N!N_m@o(Xf_gSM%DpL3 zmZ^_K(;sc^U4uR;8f*`s1gBJQTYt^Dbt>wHFmm2?iD7I>@$uZxj!5S5D$n9Dm1}i#ri=J&+j90S$#fYX2s(-RIh)XKGE*xpZvr*0u2u!lU2xPc(eM%^WQ#?wz zweYX8_JW?z7cMb+;Stnn490|1zL>j-Yf)#iU8ZS_iN2Y4F`P$h6rt3z?r+Q@;>2aB zmsmg6863i_p&=ufG$dl);}|GlsMll|0ZcW+FuR418?ntrsGtCk6pSn|;0bq54+b&q zSxeJFCfmuXh9|0;2Qf!9>+?*fYDE%pHsrdlL+Rv{dWQIJ7!YnYWQtj1vJo}x87a_4 z${A%vKIlNA2$m-!K9xV72EyZcXLBEFRp*ERR}sde9O#Wks}p`Hl3w$uTQ-pkDs6~2 zE~uA1zAU|#Oy0cbhdvUY6xN8o;btvmf>6A{<{w&!8_hlf{vcXqa?iK-u?GajKo5l| zJ=E~?^oaMnW)ifvQ_>lQ!l2+egyAdnOta%amN|~hy_(21f4C&ri1j;l56Gq$Hi{v|$Jk?t;=g=t-5fldI1~4E1Y*`YDw{b#{%ESVo2n0U^SgJ%> z7iFRmCChQ?d5V91_QiWlx(=acA{XZo<0%WJ+5~4m@){O45Nu*&W*Q!U10+*2v}GRl z!@QY)QiU93sYlye*{9bI$i5`CacDNJJd+J{&Dd|X0UJ-)+4;~+C1CMJy-!RGwIT0t z1=XZsr2sT&Pf0&lQs%GAAH#FGc$$g1#32SK@J9vIp-5WcSwR+A_5CHqnS>cM#fUYz zX;_7bJ9QM{;B4GCPzpQ_+3%<+m%jwK=CK%}UT)=*_ZHGBqUI@4iuW5u!wea=nP*Wq z>4;RRu(@5+8=rHkEwdw-lA^EzvC!SR_-Z1th<}q+%(XEUoqDUa@A$K;{7 zh4U=Y3~*)gyI}!%7+0Z0UrImHO5{o-pj-Q@hmZhp_R1AI+v}(RUW)7hj2lR3Gr zpB68CVP|EIEvU0MiE|*fs?kYYi5B;!3b@!~vO{nh z77|%hnt@``O#nfuMz(+M#oS)~Y3P_t7U)owqtCT?4_Y6bTL#|ipy07Fgw#$N)d`yFFUd<#NodJpyzR_jWIXG0?iht`&sG(!j;Y;Sx?d3= zyN5wN_Y_cd91DN$iuH%~NiO24_aOfOuBIbW(-%}`*Ej_D<{btHOt)(1Q*-6}wqO;+ zeNkWBnCf~iRJ9wOxpYG9nPm6rw#1En_uy5Jpot6)#onRr>MF~z4#qgUR~Ofd3boBC z3UJlXeo)k2Qm*SovqhDU%Qs#_eH}3GY4+uH^fUHU$MEFyj{%4f@#EsGYd@&Z6&uR_ z_%jc8{o{yoK&ECu#-&W>6NL2uHx9P~zGk%n-~7 zY@PPO<^KSn{jhW%b3sBGSr78d3MyL&V#nqnQ6M^vL{?&^$K))he*!xQ2slTQ6QY9? zh;t4-6Ccw+$?+hAu>@Pm3~@;qDiKhxQNHKr8Gm9fB}R^1YnvD~UOw09h>z@zE;l#7Q4j4Y_;+V|iabXGzVwWqzybc^g1bc?7 z9n4KiHQ*+55;Dub>^U6DjM4ye8r=@ROg_TgR7EiIzhWL(AjO4RjX)8lH(j-WbP!g- z5Uh)cEGc|k(u%I`qR@0g&;$w%Y=GA-%NSP6;#7sb@KKr}Uzp)D@N#ln1MZ=JbXaPD zE{T+mJCuSwL}e>&PzP%g#j6UPh&$P9lu$;6rRH5}l2n^lz``eg2vmu~C>;)pp!!I; zsGfibskO2^tTBtKLhm}3sI?pvg$9STxDUwME*G)NJgBH{$(X>g?dlk%hD1)2BQvWo z#eAN^F8a)-CzWJY`Vtn9Wa!KO%9rxo_eCad=BjQmA>)1sc^+nwFERVaoUvJaSWo`k z<(>5`Rl)UwRbh#+%(^Bl#3oY_2BvNps0_mqmxwPlE$ZTlZT*&)F1E#CnC-b{UWmQL zG{r{aQDXNPZzx7u++_Dpe&uT{w40-dbpcjj+;c7lYNNVYWtpNw6vG|P zls>E#Lmj`iUm6St`amEsqXkR>Y(;LlWyq|8*h6_%KyYQ5TWIG5vx`weOa*b=WcQL$ z)f$waG-nj^jaih;mk@|v895>veF!!cA<+*`Nr8B#Q*m-&uPd=I!{vR{R^T~oNPhwM}H5P07?h4_AF7d~;|MZRUrgMNsxHwjTq zLa%&ByO?U2p_fyEn45=qg;SU`GQqaui{($UXfXCN$!G@nXAN;jKdxml^#1^n2qT6V zDi%ldyPQi*j1hSnBeXP-KU><=uBa+h&>KB42_IXC7Aj5>YZ@3Ng`~n~N)(S%T}Kpg z96}n~^_I{oAo|o&?{bsxyA`}H1-|4mfqs?(FdsJ(x<=lCsemupwG1;1BA4-m{h{r= zl35jbYV`jA=pYcIcRz=A#I^<};$L!yHyV`DOa=8VT}IkV8Eo9V?kJ~J##@nx z1~~U9_v&Cs`w(m7wo&eH;yjs;#N3y03XWKXq%gxW6qh!_@K^3p6Cl$n^R!hUu<6`l zxs|stLHN|ll!MJg%^TLzh5f(ql|@*fKSTqnfb%;gWf@cs;+n-vMH;zX(}#(c2I-B{ zRdG#!%v7`z(Wqlk2mt;a!`nNTy}Z<-=PkGO8FJxt?p|)z;Lt@;?}%0!{{T}C`7v$e z%hq41_P~^Gps?22ZKc3R2)XK|lZdLim=#UTkQ_JmBJRuImKe2U zv$$wnr#8ci%hVY}iLJ_6OXT5}oYTo0tSBm6oK774eu4i0lLJz24N1Y%R9#vQr3xGl znNLiw)(%3|1*HjCfF4t1D8-Egxan?Ra6^c))CNk-xIkh1yb^(O6580?67K_Z^BYUs zeI;Z!@pbey25vfT?||WJ{D{7T`(t1RY5B|~RQ~|9uyfT`BA9Anqf#YM8Mh+iz2HB% zHJBy*akARQ5A%i^bKWs}24R;8p^x;McYPo7=0(fllRxmx z{{TcI{{YeZNMV2Z7NdLkf8j3i)8Uu1{{WEK!tN09A5mfpO5#C}EbhWPYkHYqvgK*{ zmj3`@ATSyN1yx?74CA(jN@J3!6Kyy1odG(l+&M9{$= z5r$!H+4H!IF1#*%frckaO6vecaJ^3d0NRYQ!h)_|YHe9rFy=3JI8!fS7lthS?h|7K zR;-(s7BpgGbvun#CBe+x_Am=2CLW`KnSl`nUIXnL>6abc6>ktPVpxo-f%Z8WhS5q( z53zozMAcUU&=3x#T|-8yWgzrO$M^^%EZBu(LbK$&KZ8T!S4MW6u*UxY0iklmn;DzH zx=T=gg^;hhT;@xZvB*rTl^x+_J6)QLD_li6WvN#G0IZB%gy69&g1JFSSj+6LA%Q*+ zM-x0pBUE<7N60{9J4p+VqxsQ{_8TDpc109&{{SyAQ(yIaDdk(1Ri?25=rktx2Q zDNy%0<+3!yO0O`qtG|;KDg+%WrV6OeV~Zm4C?a77PFTZB%rw>hvI9!e_Sp?3G{wl_ z%(c$g7@SH198G^fWi8!-ezRDZazT3^e1T*3lC5(3XBaPw^Vjeo=5yh~8X{gWFTi3` zC3rELHU9v3vz5c-B)Vc*44+{Go~DfUgeN+f8MtawiA$K-7Z)&8ymKyZ9u0m+5;{+I z2C6>Mic{)1cQClBgar&HBs)dtd=gigYu|(!$Ha&rp!o-|{NMW*)Bgad%zt5j@{N`G z{{TTYS6}}C$DVf2pY*xR{Kx%~g?wM=5}ga{{{Tr6L-~Kn1|R&hR~=u`{{W<0TmC=y z2os&!zw930;{O1QWoz9w8sFxQAcL@)<~l|$(9UWcOsCaz3XG6yuHK+1QD%44DON+v z+6kVRwP&Uk#5%SR%30BH$FA!qp(@JsLIH-R~Z3msE`fUFc5f#)H55%{X8*R z8#?LKo;ggAP+RFl9y*q>+)9a=RWX`#ACa(_Fh$8bvdG1Y8*|iKvROBA6%~27HQ{ZU zgjS^?40 z6wv;;ej7lP0EjEX-XZM)In@Blk?qHC7gC#6&98%ShU$SEZW7U?h0>DmWmQp_?q3}0 z_RemhT9OKlQmv#OfN8BKvK_h=XZkRd(ebB`q(FdLCsK{F6uGeUV|R4U@2wOj>?$vvwRUIug!nhYmh5r>(BnAa!A0TI5z zObE58J2CONV%-F9ha0iq$0UCL00wjX2p$gygw|-Cv+*5SzXn_X0GB@_V>TjKLBvp> z7y!h$Vp|p=_EM@_1WSa;;O7##F^jv8qzc@467?)=6KU*=&$!M?tBSvHw7S0$2kA(Z zYCbM4Zs3|niE^{{S_`}I6jmE|TGu z^v-R+%JgKtOf879&_Ty~j3V}iM%6M>D|~YawOEB#_aqpucMb4L26jy0O;9H2yrV%I zpPQ(Z$5Qipia5CVWns)1#O#?SIf`Qb31G}MGV00C>w*+rRE6l4nK2!jeg+<=17jmgwxC8S$4mWiEHUe8??PBq4kTdz-m8xm=7pr1NcEbGYa=XmzV)r=C1?mQ_D)%pLU~0YsEmi*j zV1M84L1giHyvyW}BaJ_LlP-xUnd9+gzL7NdltoOelb=pW3-58?(C8FB{)cM+n_#0JBvF zw!TL>R{&>nf|qbkGX|>R)i3aSN~n!XtF@O^QtA?3B9hp*#C61JqcKic;aK{WF5PN1 zh@`obsis_hL8ZjId6wqt3q~P~#aX@T;1I~fvb7CvBC#8mFmElRW-9RzXc8jqgl0^h7%o*SMX(R*`ZB-HrRcAB zEp`Viq5_B424g%(_?z(rS`jqJ`8X(l za1g5%Qx3nNMAT~7Ip7yPwNYYk>-D9d?k%z#Er#RfAg{PVLhwo=3~pA8xxWxf!Jnxs zV}UMY4Lg9{L-b8lW8_g*YB9t6R-m6Bq!uz-H^McH4DkV@AFzXD=%&A!CCjcHFzevB zLU;BJPNt{WZeNRC@eW8L7B27TrKx+bAj|Fk;a6}Wcht`NhDpit0|PKC9KcgDtWL40 z5HQ;U25tuy_y}U|*^3$sQl*wmo~|&%v2_Bfu2p^piq+CMjju<@j&@^4vozw$umbw**yzLg_ErShs<`_}@oYJJ~Id z+4C@~A@ry@TyOD$Cv#47G}Ozv*EG}}?sCn=xQX0LNq(7OsK(8|LR{h4w2Z4Gi{fqt zakv7^7R6OdxHrVmvO4H$=b$4%DQ+}jR|K8cuEH+^7vF^ER|++jELoennasTrT*Vfp zxQ!PtJjZR@;cIgnj;WSaP6=sg%oL|ns9jr$#ZIAk_b;Q3O|iHyhgdk4=P`3Dh%OiE zDe8kOf7B#AiF{M#neeiVkl9QtUjgKt;}N`Eeo6*mi&u2&u2%6GqmC z2KHY5N?#`OMzxP-H#>C$4A1p>ftIun>@x;W&dCOwJ%A3*nt?`YsBoo3NL#nveeg zz>w-t!q!GnvU)Ut>coWg7tW>r#&P1jemouz0NmPdam|aNyYxn4Y_A3|UjG29dBhyu z!8wmCycnn>%|bFmW?;a*!#9{PZJ93M(95#!2~a93EMN9CV%p+;+)Qn6sDdilaln`E zJqX746sMA1BNW7CwJqipd@szah2}J7T8;L`$qRu&O7>}jqaKpfyj)`HC`54w(g-rM zOs_?|e};rCpr`b!Xb3>dEzvf_7i!PKR*Hp9pwpl@o3GL$nWwR;o?>O>=D=FLCRZdX zT>gT8$eqE&$0(-BL336n-Y(ggS^ejYIF+LxUfKI1$1|@m^5wSA$5AVwI1kbQ1GT0J z&0zI!%m5s{%1=MCt)w{TE^SRpZy%quA!xX$o5UJ2uMl<3yNkaChb#!3PK%k~qaEXz zwDA@{V#U@-vaw(4bR0(rCvl7LrO8J?CU0}( z4jXgGMjQ-%)h@(udSySe^h-5#Cwhw`adx=MTq44v3*-yy6b3bAo+%KbgJGohM?M&L zpuoi#yLB1-J0gLpRK8+5AfwKnN3vzjeYObx->;FfIwf396(4_Nw72?ocCG`D^4g#7 zRz1P7zm|XOMpIE4lt1wlGeF!2+{twt%vNvPKs8?>c(U#QG?R1QMA;aDXA^}2cC9lXsXfu++H}i7Ki*o3DEHwmf_vYmhXFtO}4+E*W za`^FCO4VJ}CrZ2-gZ4k8G#fkxTr$nFj6cLMd^RLK^9^~15U(&73qj8O30=-5)L9kO zS21FhwkbC=i<|B&%HoRC7jdE7ZJU%t7I>;JRUK1`p2$`aU?W2$Ox}7T2%{d^jL z7X|uZMC*AS1`OsHMo^74ni<&OF!UDc0yaxaFbfP8ZGjiS%O$uu*+etP5PPU;)F5kn z{71-vf8`mu@5JDh#6vSta@zGAHv!A?aF=OkdwoZA)L!P&>MdG``M>)xkvVy>jL1*MKF%VpMksdQ zlCdr6g`*V_BE>+{5c$FQBylhRnPO@xh^PMm#wJtFKzWK*r@JC2xkzB4EGqAD(pAqS z2wVm-%&oMCM^qapGw=uQW1O&9hQq`+^~TqC-Vj+Os}YzKitZvMc*V>g_L7%WtMOxH z?&6v=4h)~({A}b%^ftu2u+-sy$d^MX%4fL@?aeVWQ|C3W>LV7n1-q<9fog zJ0LV+d%xH?&;{jXKo=|kMW-{rL{}_V>xdxgPSd;e7{DCcDMMlNp+1a70tJx1+pS+q z%H)p29g)#Cot>52yq#Y5o|>X`lkeA%((sk09+L_I8Uf0xI1BB zg`t!^yeG8CW*O4UuQ14&YTzSgW?ailC*-(`W6~~=#8&y2c&NRYmx3(HUh^oAZv~m~ zHoZ(IgwHT{`HnGN$7xbmISBFYHPm1|W3yN`-O)lU1pNvwe!~9%$xQxp{{TTLFVFfY zfBQ8>_{3PLhftxf{;oV=HN5!qnSoaY`b27NfRJ;!?76j=#WS6nAHyo#h>r<4l}z6r z7{omjTY+XAJR()km_my;fvIKu%oR|+ zP#8pwHX0-*c=$pR}_0S=;~cJK|< zqkA7~yGZ3CdXH0JFoQNZV)Ewh{{YZ|)t#pn;sTlp9R|&I>*O+Uwl_#DTFHx1@=F=3 zEegMk22`p~sSNXXI=|uu*oIh0;t^a_z-uq;Vy(98>wYmISkutz0^XyDG5DOTlVf9f+_ z=Ieg70wd2`^M)H(((ryTytH{A#6VS+Qj?6XkN(PVv9!Hn>!RB(osOk7nU`=om94^& z%tCi@xWvuNx5Rk~+zNUVxMezRs?8Ux@T)M<>d5DZWy z3m_a<3nnGV;RAQ$Q3{rAWnS%+cCwv!MG^XyQ@MxyS`-(mQ4X63a)s`robBr{RogZguA&~+Hp+2mrTNO)3kE-aV^1& zwq=UA2ilkIr~3uk5&ccu#-Q%6X6|iQ)PYB+Qt7XxQm8zn%_^Wbj3?G&nkQQT@p+v?k2(lK8u2=t5u)U_{kAdi*+2J$ZsV8% z6quT3WiS|BL;$BiSij;X!I=~g#4m7l@*mYf6u6Sxg9y0XR-4Xc=%~wb#Tcui;@kO) zhcRNy9nGHti>X%;MbriTH$NUAPY}F#Q(1*_o>)Op%9s#T-q&Zjh4S|V3(n>kg_J0& znAui)jQ|?Rd?|)7iW8?3O@LmP`gCoC|_J&XoGtI}%#nnYDFRk$YO zcGfvcB&V=nyJz&rCmD)#SC442ru0=C`9vkfj(e9(DG|-NB8Gn4D&u3cru8jK{WU#A z%P6f7^Fzb`0LUJs4Qw2-I4pOB&zLsDFyyl|!2Cq(57eZ|`;Yp>M*je`BSW9Wuu>;c zTZVlrJ3;ZsYJA6PKB-<*zkl~(VPzV_{{UcmACDYqeqw*>7BfD7nDcm9QXOREe(xBT7W8Uo0d$r_9%9>3#hqCRd8}u zkaAY$F)!aN5GHJ3LJAl0%EbXiZGm;K;tZIS+B+5$(G{j1vyVT4QFJ?)ySBWV685f0 zLyPh};0$uc=hT?`L_5r=R5c+mpj9ZY`$ z9Kz-`Gnik<*hWr&HxfP`pby+yk*v>2msM=uTO$wkF}ZwH972r1w1$JJYtaJYMQab@ zDpE4lscOC=sp30DjSL%?xbwIc#SK(N!I@ZpRtm^8+*&g*VTs;h&IY4${{V8Tv-meDMleiDJB>=OP#7@@k0S}i zllSNGFqSN94#B7$31`9wC}IhTmskgi5Q&r)Wk%+}3e!vUR9m$QVOTU9m%sh-A-|!& z>?uOPovV!x&@da)Hyz!IT zWD2uh`G9GgOs&2Lzsy3Td%tTYPstr4R4`r#JElD>28S7p3prbg>Mibc0bCaehS6|~ zlMRmMM<#&4jT@8;lcqV^h+j?UjW=FuxTg~gNXh*s5>?dn!K~Fl0C{iXNp@+UDHfFA zkNs~E?HwHe{k9-}P4{WZHI0k6GFtUg>kcrX`1>JZkAZZ5mNnkQ17L{j*tkmm-|Bx{{ZtK z?qFh};}`e+3?Bq9AIOB>ahPVTrrbj6iG#^#>Hh#~F>GrR*=kx-Zxhm9@>H$saLk39 zgQF0-3#eVGV^&LN5LCjbAegy|&SJ~%IY-;faEb`H7_52BS<2_cON+e4jm5<7Y#rv9 zjqX12rls{BYpN766nox}M5wOsQB6<+VxcCXED?HyV-S}}EJqLttR|t_iBUkOE8^sg zyE)VU00R@b6cmZW5(eW|pzCuZn7mCnjhD@FYr^zqG#sQ$GZv?QF=zUUmJ|!>OX#0U zW!lN5xp`(QcWVN#Iksj2#wZj);zF*n|eA^ISNv)*FZlEAdjm zE|@M1CkyH?MYdqg_mC^A{{YlzI$!#K?gt|cSF`L3qFXbO+FcGR8{7!L-h=mnq?^Jp9!GzznMlHHZrklozYs%0$!fl63nB|vM zIipU;!zpaB8?Q=r!pU_^ZiN;JtjCh&YUej`f`RAMJEv8%Hk|wB7&IoQ;lXh0qyYlEIk~EU{#6!F<5#h;$N-0V<#5ygfo5G2-6=38|e- z5-tuH+lcshGS5N&;F6Pw2Lucau{sjB=+rXN4&1`LW)cm+pJu2INn6!NWDAR~SkdYd z*!eU^2rlDEbCb4jmOHA8S&L=Vf<|XgWJq2 zY$L;II8i7lXcshsG$O_+@dBVKUuu-ylH~xs$`N;pV3c(wE5vO@e)eWe?iG_t{{CSqW^7NN*BD%nGDCsBCe-@HXuEJ3|= zo5TSHQ%j4&b7m{J3&1u6#!=Q9bu%im*F!Z|n>Vn+0&WVOE#Urvhj`Yet)t_ujJ|jP zcI8bq$bvup39pBY^#GCLHPeqzQA2y%4ZLhqdx5wU7C(4X6I5M+i(Qvc@P=#ID*Bbo zTn@K-l-&#)DKZb;dl4xw zKJFGK5J7t&LOQBH;*`UY`y)1!BWB{s93Ba?3OSbajrnHMS^R4b$M)RigyL~8`SFWU zX6a7HfMYCfr6Y!WqHl>_r8OJIAhi@4VjhrE(;f=MZOk8WWfu&bz~?%Ft#}u4VvUiP za_C|+7G7@R&-BCyg0mF3!(XVcM7dKih<+ofW%DR&`++V){ft7gkJPD` zv)sg1<@$|vF2&617`O_8>I){}%yN}6ub?m<5@l2rZ`}DkLoV7u5j(h|3KxD#*|jDT zFobzU=2=;QoTOEj5uEf(xu{c(zyvj?QA>%RXjMvzg{~*0qM#xQMwv{%E-t?^y{WrR zA@ZuA8t7(4^{q$6L8UT=kV|V(b!ERPr(kx*9l$nze!|LtcPbn?39cS45@bbL{qggX z8-ZTGCTdw~QDioAZ^OxmW?scpS6uyICS@&hhasG4x6#W}b8-|8fA$RtEnWdI@Lt?0 zElEwl!UBaTUPp8!0X4YAKPJPn)QwBCcSm~3@QDkbcp9#3;LKczaj-7%WacrX^X5H7{l9EMebdbadwF zf!7s!Q}~5nPuvtE+TWQm60e~7wJ~WZF%!``a2rS}22ht>CDn;&*~~pb4K>uJDiv1n zOB^AFOz|jbm^E6rN2VYk;}B*1-7yKeH>kW3>sF1q5QHlg%tUH~aNMX`cR~$yEAT+& zWZojw&S3~38igt%H*gBX;-*7`9#NNnDi{9%$TFue@JhtQ%&2d{nACo%$@rBEY4RLRrBG3Yf8fCSu*O6&1{LaA1!3jxbCS#f&p)&QvS-$^Ojy{`vi(2o@w1 zbr!Ah4e6O>*TlCr#G(Wm(Nl42R&y6z)CLENV%M-&m*7jYM;`hB!K;+^eI=DCPz)>8 zqc$R$Qn98ni!krL2kZj6boU!=l`#$xwD#Oi+tWkt-GgAW{ew{=IeQ+ zRQyCC!&Odku4%0PX9z6bTiO>**xMMafGXa!Ak(CxR$lJZw%qNfyJNz=P;Y}5{vjDi z+RMLtg0gVAeZJhW6xq#c8Wsa=qEd^UaxV2ZnJAALO7!8Fj3?mH?;K1u^cxqa*9JAQ zL3Ma+IQrOTR%-hkUrjY!HwLgxK`pxAX}chZDBk)nMb#@Pw>XB&4OXz-m?O1SW%f{t zoD4Z(3jryj+}ji~6h>oRR5fNd$lbMwWfN9u!#UuYG0d{2(W)tdMo}p!fZ4Tx=PFDs zR!U}EVJKAH)e85(Pi#tsNmK=K^mC<%9WC#L*Z$b55etfQiiSh;d9V91=qSxVP<^SH zVXn0Xh(@w_S*8A~K+Mzs0Mo)$vN*cKT3*Wk047(Im{xxy5L4#Q(}XyJV9EI)TB>YH zlp7(J9JYIm7YT`l!}^4Y!KsPqGN`g$TkxOvvNU8ehCHSqPyhx3rPOL}5o$W;cr#wZ zY%XCK2rV0w@}lCF!KnzxLZqnZvWMAkgkKW)Avk<|wULHCRz} zY2r~(sgbMJY}Fy2vl0~8Fv>XgU(*r7jqFCNIdE$1g9cPa%B#}q≥D3TBnp9O6ScJ8=8LDfKLLIee z$5$?!dJ*bBHI`b{KW`C4!Od3UBOB#`X?@)ii!Z7IIVD9YF7pnf77M@gShrA?5T9`h zII(MI`~FY}t!fcF5*AgtU|#VHWW)`=;8rcuxXUgE%D7q9ra@CQlwVo~l3<+2L|g$J zjAXO~py=U>+8G~MEEp{g=P*+TF#RGAN_uq)mfW^Yz1xwDim8+6tI*)Gb&>+iY&ymd?}+6xUQy? z;$_4KQo?8cv0$lgSg&%5j9&#J^DK*I8kgYHn6(wUHy3i!Z=xqFztbz)Vzqh+g35QF z`$F1lmW;2G zx_bwt$riH}R#OkDTPm!@m`t+XVO1u(311k2X`yJJVAKFGRxl`Y_4wA(Yb1AZa_Ih; zREq~>ht@#bBV01|0A`IB0>%WGU=SrvrK**p^B2XV9TaxU_A0Y0S3;__FrWjdB`wxs zs$30bR_f2$6N)f7AN^SHv4GMxVKM44gngLL;-&%ey?!bqioS_&Ffp-Q##x^JCVfRY zIo!ev)&4C10Ne#n#$9U}ymb&Q%&OteP8^v?tkjIXRw;|^iD7!f8U-wOdl_YXXyno@ z;Qav0DkZg+TduOdM-j0LrpEA|27#Z7sn+k5+33u&bhyleFj0;ru zY|8-yLz}AT@0JKs!Q-9n)!KDzI+Rn$Mk)<}Z(EtHSUNXc-KqRXtr}*q8XsY2tCX`# z!*|Gk?KbVVE#Z0O11*UNwO|UZmQuyLa7z0!Rm!~Y7Z-tc3<}luM$rIJgL(~1G%d*- zLi=tF8MCcKB|{m!%cd__c$s2Q&|!+%pm>-IrF+e_h~%dn`zBZjIv0w8>R#P{kB8*T zbK2-MuVj4E%}b8iZtbFO0`n0Xj36*vR#%AkDhu0~bTue%jz?1~rI8IY5wK|&9g_Vl ztGb@%0$BioA?-14Cs2eH^Zx+C!6Bj_2b@lC#auauj_}g}xuH|m2ppn|<#-7P;KaBxF|xMMxbtLwmGGh}|ku5J|oXL60of$9W#3aCm{%N;mXu)KTpS48WE-6-C}Fpv8Z18FqN=N$&lI7Z-<9 zEU3gJ=rlm}^PXVs%3VW0KBb1k>_oU$a0BQXU<{z!PUDUTrWp%SOKPS1;9a@?+7HP%c(}`T^ zXLCTi=BZp9#lYqI1Jzpp00sTdU2cZ$XFW48RoQGK z8aLbQrK3oQd#6hm^H4$JlEhJ6I(%i(TT>MNboeTnWg^|FcU<&)wo`Ub?ft8z5M_&3 zewCL|XSu7r8sdQky0mO>H}OnZ7j=qtt<$}v9=XjnJ-&v7gGHx9u5;;Q%((yzfmxvBS$VS(inBTsyzK_tsc5rN-oLu&F}=fl z-~QqkH}v2B{{YEAs3q?;bGSgrPZXWRP7-rda?ESoYyk!hjY<)dmgTxMsxB?)%xZ57 z%p2aQcBkaXDNsv$!NjFVaJ!H7ds zCOtd4ozg&oI?wCDjKlu`zYG}i^)du5p$?MnGSnf28@*J#TNGb_YCKBBtj&`Iag(oP zwa2RnIf3{{s^~|zF&f-$<}B3Y+*iF$Hz*>NQEzO!2%@Vd@d&{7WIjV+*QEL@Y^XBR zl%CmBMMMF(?K)zh8)9WbGERsE8j8Hs$Y3(C3yOJ_mhGE!5Z&V7Kp`%8tAV`A1YbrK zUZ7KRe4xJkbOzPv)H4x>w`o=?vP8#%=4kayvagVeW<-qoUpsfwC%>Vo!}(9YO|C7 z0Dhc_Lir)A59<|YC9?9g-R8gLmrT7FPBcI6#AsAYa@8Mf)2P}QZmce|>hX3(h8~Wq zdf`qBhBD{8=UxS`53YFfPKC#dodlV0-~6%}O6 zq$Q#$Lwt&J$EXLDsYASDW^0E;2u0`3x`%H@7GaXPQ>du`F0MF(8fvu-n#4?InyZK? zrEI?=$6F)0L5!ESMw+s^NXBL zp$UFTzUIWt`d_&lO*x~%@ofJ9?xElk<{`*oNHX&j&dGVuhNa8?EcS~piFMI;^pBej-&Q5HCpaJ>`g75ANt^} za4HF~#ucB`tS+$>e%Xn^hox=+Vi*xEAqa&LaEM?jU>7l(mg3Qigmzaj!WeF6GB-Kq zIPP5?TIK4wP4p0tz<*^h6~wV7wKC`i?o*cp=cJ;>HwV{xg3Qs^@Fhhk%s8VqyW0N% z;e=(-&0nX~EJ(Mq)YOYqUVL3$OfZtn@iYx;o^MI^5yJ;&()zK<*PX>jKnD^y0PKek zhQiLF2$Gx-V5KHlnQwP_l`z#QG=Tk9KCuiPDyw-6KX43NX6(q_r#r{xJ0P^YheiDu zD>FilHZ0HjEq)OV3PaPrer$6xa#K#|u*06HhGVvF+uiJ>-c~Cxjj4eGzY8&DV45hj z=>GuNwfI9J0Y%$brNd^=%)ypYf#UB+>4BEG;hyW3uQJ;Qb(h?8P}XSMBX-{RhT@ti z+NsvPH7>0iTYJ6ct2l7W6)lcW*3V2Xg##`y^Pi(t00B;HYxT0rrcs;>d>_^FL8=o=UWU`vp{cjk_r&7fxC`bHzIDm@(0F`jfkg6IiFaH4Oy+eXaGfk&{ zns*|v6P>}v!_4cgOe zEDFvmq8OsuY+ywN=j}C70we{{OJv|r|nh4 zOmHS_)#1SwqMC_nIbINz1OEU47UK8p7@4_voA8>)hH(!fOe!%eMPNC`>|+?u{*O>Q zK1+jU=VY;SDp@W4Lnl5I^9x~xGt4m|QW(JKmez?_`%kDAe{pYKIF3bHDdIhngRwWcV2Q}^<(Wnv-Wxw%&{n>0N4dX~6*lssjD>T0nlBx|D6FaYoHbp+9p z4VRCP+ygT97V>P)FFZNoIqW7wtnjA4*oPxc+G3y9JHldTOe;DI(_1!WhhoMJxIGWt zQ!OPIU@jDC_d55<0xC2%9KHnZ3x6DbIUsAZaN|Cg2pG4f@qL{o z;vW=lsBPl2?0O)MXd$x!xm?5!z>F5e?T1VwhO`l-g(P@I0h@@1-wp$a0OVk+fvpDF zYG;MmZaE5rP;RNLjHQ!p5eAiQF$x8D!}0_HP;Y!WjYySjqR7DF0fuZ)&1a}#TeGzM zOTR-Je!vJ8niTg?{e>c2>53Zs!KYwFJWIh#k+sKwMk*g(vwn*==p|JQNh&cH5a^i5 z#Y0mwGawSP@&xw`Rf0d66lg5O@AUZ$_&ikS$pe~%BG-bexg_kQz0=*sF^m5IhlpvX zH#URr35j%1`xGv}aFjqglo<25*5SQE&}&S%W;do62dQ2oytVZKE`s1H=#C}Z3{*QBXx*rF1Y7rkz0v!c)ms%akn}W$!U* z1)m9Zr-;B3?{cO>aE>6&F%9iY2n!%OCW8|?hpD&=?+IY)%BJjzIp_^;D>iXdFp(rL zctiknw)@#BCmHYzMQL3-JQ#}j8h;YDYO(WI6;)khQu9WgK#lSqrVK|_h@4&CLz{-+ z*qLzSf1I!(EJ3<;Th>nTFHKsw<+B%_aWPLK-w*Z_@0d2&Dl%44oY%-S0LkaPaf|Jj zcA)8c&ULQw4%2ONS&Gj(`7my0pPTzxfYR>a=Ja&z)LBx{mbpHes&dO`n}k37_G+QF z6}CNm=9mhF8V0|vEQT$~&#ui`rdx^Or)_&SK?G&wI>vRAmIfY2cps}EX?MYTt@ClJ z*)o5wanx~_8*h8X`;~(v94}fo>A`W(rtdFqZ$8Y-?LEcSKKf?(*@FAmH_0=VgEdW2 zhOC6zaY%Ku_$1w77VIs)Ymy|Pqp>l*Y|}2Pf*_&UyW+^!#jVn;su|f=c*NB7ASyW4 ztkqE!+AD3jH<25=?SPun!b7to>2WEXk=3xz=3b(h!p&C;Vi1$2RF&3Y)o{yBBU)BbmX0dF7C%%Y zCTRvDyi6t~Q)w#~m=>;>U|EF_!Pov5*8b-RLz&#~6Q2b_R%Lk%`D;$E`fWLRQ$%Cn zf`9Q)7Tc5;FvPf34Mhg;$5t+wlNBt9hBT41nFo3OpRX4vEGb_#kJ}TrP&p)&Bsnv0zY#R+*JcgF8#HcVyCp!da{m zgv2%m1rf*NlVnqnA7&V(*?m(v!UGz(TAN=H#qBV(l`-y!!djTPCSZ-K$8|;{otI2% z^jJFP3c#xzhRu&Ne zv20B(Vp*dzG-8>VT&;#w!oB=s6STuAW#X8OvXU;DN-g|CmAlP*m0dVZanus?n}7A0 zFEb;qQ`a*z%?cmkEX^yG&UDkYSn^gZFzGu2UzX7%aWDQl+hlE0@+Sq>Vn`NcaR zuFzY1dD&T|o$#tp{f;%pWh@I;=-=u7R0JAiTrrQ2yQzwDTLZo3y_%^)f~f0&{{Yd; zQO7F89jt$2sAg0%Xw}yTZCo*|IJ`6Q`OLd!zwP=JG*WpX?4=dHNJ$2j^Gc@*J2hz!gjUgP?xI}+YrYY-p~L7y2M8&u+iLY z&5&Sr!j3~Jk5~drZmx8I>oHZYh{`y{I^qJh8eriO{{SGUU-U{D6c8dWS&U#&%M$&^ z9pW&`u^wP(p|V&pA0pc5thdN`7HIP-@dTRJCgRK}EOY=~m70j`Hu=ZPK4$QEOR}i}h7b*T?wYOiGhH77& zukc~uAu{mySN{N5uvx>H#xYm_04^ZvOER z19mdlQ2LaEbhZ#6ti;2p#JQ-%yj;l2ncmrgGOnVTs6!26phbw{b1-*Os<8bbFHf#KX6r;T!% zL}=t8S5&^CbxgGtaNez{?& zWbjS+!Qh87ph5|;7Uo(%4GYfkU)*CC!ph1MN2%X|+`evoOh>t4Z*uKXf^WcA7EC#p zEep$*?p?rN??~LJ#NOn2Z7k)&ux9~nbsVDR>Sm&gf@A`5z?DXp1X5IVe}x?$*?j@T3;tsXZQJYlpD(^CYR0Zv9T?*<6Xw+KBvZh*!^2B8|Sk$+%jAenDb7VzuA!wGa zm|nS+d~Q^@(-SzXnI&dg91V?VxLsN`njkJ6crZofSXmaPw$!!dYkU(iZ(I`vfY1qE zwRyz0y&Ex5ypZAwp%|#RZWsMrEpq+l4jY)MaIRp16oPDZUZRWsFs{ma=AcnktS~&? zUSO)rMyp@^v&wQwc5k={{XM)(*=KYj_>`uC68U#t^Lz6 zX_kxkt|{3Hx*ALyt?}uB<0ED^I^)>@lFvBbd_?1h3fqd}1*mHO0KbWRc-gJroj>J3GKOV{Xm7;TshS$Z+)bj*OUDQ!cq?i@lX_Y6LZ zEvtftrHns79;mr_xr*rhf|f8?1_H*k+S5q5iG}9Wo`qK6d2nEiQ3)eb+LiiG{4Cc6%L4O$ z-U7Y()Fn#yHhHK*P7^A3WAda|yN81q!^VKjQwP3ff`pgUYN&$5r9A2vD04S*)tDDj zp-D@cfmu~}#QZU$s}azMa}G>acG{tL^_Om3@~rZ09wQ#Sr$!Vlmf@_JAj}jaxCxuM z=*fU1q7)TocO^#P!Db6JE|=iMD%?1V!#xmrgCuJczVMbVD1pW!%WmLsqh-XctVOlj zV?q-otFkPyiK#|CFV}#hgm~floeao_iW(|!v(Yyr23uh@0KlhCLFp4roV`nKysgD$ zla2_e4d{=?B|?pY(S&UzarQ>FI0-?vTim3pe^c7rVu|;hKwmJfnWf(4eIYVMvz$cX zK2+zY^@yuV&0;W?u02J;m91t5EqVDy<+uL;EAf!_KxE<9f7hs5XbnYvMV$ME}bXm(Ovak}fRn_B}d9k4`zrC`9eAYkbGTtvH z``l^Q&{5Z9O^w40 zX14>NxM2g|^vbZvW}=P48CiB#E-Q4m1B78G0H~A)O+7)b!Ilvu{lOw(Sd8_IrXp6M^r;OaShmu~@2Y^}#MI9MPtMkU46)DobYP(y5BrXar4{{Vz|pkCD~k{1czkF$?9 zLLM{Yw6OU8qnmmLV;Ilf{)sn;;lVRFh?T_kq!4EgAp#gctw7F*dxhR0%+mwV&yWh# z%w%^`dJ*VN*iS-RQR%~>J#RaDQ__MV(FQihfI7%QZamJdJ{PikrM&oTyCEet3j7>Z z4_vRqPx22RT)ToPc!=R1l=NfQjq>$l(~9iI%9cl|IH?S{O?b~jSD_H=72z4L5{sDi zr>73QUxZntQBklhMcb@j9d#HMV>uT1_UU<#>SuvCKdED1)GwTQD1e(ks4I-4e?(2{ zWCIOKi_;dEmVTSBTp8k+vWk+IyPDv|-AxAF-E*(>)TU{0%!85LamJ1;mh3N*zkGUN zC>?>1)K@HzMsIbG&k})iQB>=-N-UdOTknr@fMB}(U3zrPive6M7E0#WNkvewgFwzM z4n-A>daH^w2JacCtlUKf6syQ7?5Us172Tkg71ap#xyRt6T>$ zAP%Ey*`?X)S0T1okci=797Ym|Nc1sH0f|gQiL6Vb%uiVqWu?E&PDA{>hG)r%&G{TK zggoZU-|Ci2YZVqOWBRW;=ZR=%XfS&{6TkT|2R35iAho2K>J+gO>a5hYjZ4q62Oi(3 zN$!`QP@(j^#zH41;h=KM*lB$<7z-kwQZTc(0T}O(?SqHLWRk#!z2U&)j^u@B=f@W*oVQx^@(x}5kczz~D$!2baFgx zE(#kVFOZe*{{Ru`R6 z9FpP@1rw-yOJ3RWPhE2taP#n+jAGNy!76s80l@^~ZQe7Dpr{$2k74EVaJGT_0N z;m?EkUSk$qWvpA5E?@Ay!_I3kWy^z^a_V1&uvmL}Ee|9RNn{cX9|Hy%coqmnf`o;~ujp=vo>5pX_iFLG^zhseN6$j<(-W);}p=ZHPfB$y7eapnlDlWh|$q zX(iFnVa_9wYwZTQwwF}~7=u8;#f39*9gSR4)+Gpq%>Mx9P$(Z{5`u+(U}~SlFc_vF zv@Dy^0=8xU07+ojIACLxsdHUJyDegn(H%yGWx!RGQ9`lg-OICSQ9R}fkmfla>QUEN zF|VVGC0?d{K;6_iRTB|vD7k?d$MfM$Lc>hi_sD=dmZn~yz6dh&EQ2oP#TKItQ@Q9p ztR0QEJE}Bqa}c`8K+f-MT4#@^@JmMZOLohQO3m?WDEf$Qp=r227K_yvq@=OKIN~|c z%;${3(}~ui9w2K_MaS844@thKq2gE=cyrH)SSr&Ak1IFk@dzd&#<2kLM~ak2x`QgC|5@u!>;-z`{z9r^^)GTfUFl>q?PU@Byuq*7oX$~9B zejVLZSv-Zj2woSn;1)Dcj#sGOSWtjxkYDFW;vO-bi`4#sQcOv zas%zbA7y8lt!0x06Tw%AYch)h7azjnbY=#ANDoPKK%p%UQw~2Oi2nd-WYRatUR>Q( z_+~psdhjCQ7jp2y+#%|kH$<&nYXdO?gH^?R#G+5%6uHZw_GDMeOxB}IX|BZOMqIMY z7z{!Ea5r(SVCUk<+NOJ%gHo8N$S5i(97;6Qso{Ohc!oJ4{^vYP)}k15@L2J3<@opH zgBCKt%a%)*a^=g9v?P2nWy^~$EWZnuOYw6_WU>qyd6zC>KA`)TFT*q7^2I!2W5y;t zW2uXny-JED5{}||0hG+c#kCeNc#F=W7$AhufWkE!E)6&JmK3ZNxa#U8a)D74aT`yx zcowmd<;1eOGMn0|`hjd_8q-LmT{Do3^krpGLZA(7xBQt27f{FgMPlQLJ~IO^7`aNz z5{9^Ajx=1fvE{0XD{-s<3~Gkod@&AOQ87$C7erlqlmf=cFv+SU$SoP*C^xx#7jRAI zbEsLoVo^`b2BHg9E{NL){LlFJ{TWO7q<@11Gv3?&L#6!A!{8a2Fzf#SRN<+#zw7~R zdLdM3GOpOUQhP#QqTD4Q7kpHINpq$Ajmk(^u}s<%Q_W@3)#2%$qY<_G5l26+Sta`Z zSZ&|;0ZI@w1`6B)wKWAG3~^DMrdet-L-Qt_SMG-3+plaSrSR-xhy({SDsT%r6!&w1 zS(S*8p#(~a6I#?UJOY}{LRgw0P9R&2?d}@GW5XMaTc}c7E~;F(c)tcEr0>PTUOZeF zGUNBg2tk>O%a@sc7cPRRvT9$saeRbZ2)_l4Tq5AhmloywgjwT%!sW|{g5}GcGcU<< z<;x|(AlHQ=+*^Q*#HJ;L5FwdFNo$_Vv^JOm0vG zP#1(~hT$%BV^rQuM`2oGrCJv80>oOe`zOcE2+Kv$Qa7x|9-^DJq@E3#cf$L_3T)AYq za^TCC;^p}d1U?QPb8Kq%a zcO?NhE;MY!EvXk$p>(!^C7!1GlxXv`gwU-p<{B)6#0MytZ%Hqe_XW$6|O;hVJ3m z5Ih!g!#+^V2oj+cDmLOUTZCm99qttVx)4@`^^s6OH$8TY)OLc1L zl!Kc_FE?l-OxOq%mzZhX; zs(Yr0Sb#`UDwl{XX006!#kj-_38`F*3n=ii?sYHJvTImIuLN)m+%^S`rvsXlp~osq zg_%QXo0kNdX$Mx`>S8PdM6s5kl$UiHt{b?;r{V}K0v2u%Qj9#}9f;k^!tIfq(+#D1 zw&b|htVNgFLVVPnFZNRf4g5Cn*Fulr7hpf{o(XtK7Oz6l( zUe#4874B5a1|Y3#m?GZo!PnR)8MRBB$OP2p%F+Ynm?BVt!Z2M|*NI^+RC+f|zzi-S zVv1iL7zBlgf{f2(y*QR%-~}beYd^&hD{|a3-vK_n0LvxIibOyc zaFcPzA4pp2)*O%w1P;QgSG6^1orhUU+@G?iev7A4x4%C7LWqF@6- z0JL7Bk$g~0QDQ}5Ye4{kXyQ^71xzhC#byCoOiKZvUBm@uYEV7w=MlLpc1jL@cTo*p zTfxKvoN3H!iU{gmxbC7N71W{%q$mwJVTP8Fw4<5|Vf@4Zp@veL2NJN06q3xbjtBy) zJz4>ax{$Db^DffaEUkAxH9tBJ=)h8TZ46x6G)Y@PcExT-Q~B&{A@&J52zFpb z9Hv}BN?1%5U0qAmEh`AT!uYuHeskgQ_&v*f;#d9~m*wzy4{(>_rC0F8Kc7Fyzb}^m z0P*qv0FUe+A#$a71Ui~B=H$3-z)@u|+4aAyY`h0n1Sq(*e&B4Y0P_5YVg+)+(uyu=#5)+8oE*+{Emh32w4nNg6oxU$1uQ4; zz{`coDib!S(P4iE?(%5GH97k%(#)5RIexlGi!Ej$* zE)47kSeB`3?mMdS5g=O-S~(yl&)tAQDBh9AER=Nr01!+=7k2dlLnaKqoX8bnV#MT@J*oW2{6usM?mVt>Fw<;edk8HAKAyTpP_7Hj29hcL}b+p)KwZpb*@( zcyX5&3&B0Xi$k&E65OR&u_6VE6$+G6Xem-sdh`Cjd+)c&FPltu&zU*9J3Bk)oafmv zRBiR4*7?HmJ+OZEjLa>1E8O#yO7`Wed=qPsu0hPpS1O$ZHp*Ip?{OyKvoF(n@(w9c zzuD+ewPqAa!=q4Cd=yqcU_CQt58#2vt(r5^ zEd&eU-X%8m-gr?n6k+Y`J5t@_JOlIZ&mrOHZflah9KJNR51o2N2&p$a7rA7L`4pcp z(ugl+GlqS$G$xMM_36wFjqXO>>AZFtqKwVv^eOh-sIb7%%Rv%oD$8!6OG;esA@9K- z2vT|Cnldq5@J_wr$d_0jNrLxQ<6X*ik_Jx03gPMoy|10iaW>zkkgBGrSl5zf_FeM?$=y@{P1kq_V^JdDU{H&K^RTWsoJEjD?!mj`knL7vDjaGJ^U@v%@ zS_|YPSJJM2&g~xts(%zeE1n?}D6bAgmVDOX4J7NWG zWqGtTKSDRmZuz?gpSp29ihWEyJw`&?|1Cu76zg5) zl&SG7%&bBo$7wzOIZvb#u$HwV+9E-;`alcwC z<;RK`!W$s9V5z4d;uWl)LXNdtRIF$0L@kwiFY_Ao(1^MMM9+_vMN%FykGM72#_WctF3IKOLSXwaMg&=8^ZlGgJB-*~n5Wsg{g3mX z4v%8wWV+Tse8g>0Wsm(7&2#Z^9xh-?zw^m{#ts-@2|8L>?xB1M)o6{|^5s2Zneg-nhVd7sh7O_eZO6ti6Nt@JF>Q_NdGkZ&??}h)-vob7KdfNqGuh*bVPkBL$p>H95~-6z@L_+>FcJyou1= zoG}zRJ{5F6mJJ(HlwILSAl`MzwpE?*QJpB(teOuwv(I09BUH0*nj35p3MRZzeT`KL-Que@tv&E7? z3!eAJ8_*?~Ro!x`$95rB@vScjj752FR8SBmpq*)7X6g(#&V*5nR8P)4DQgc; z`e>CPapDCn5mk7xgwR+3Iqh9PCIKd66ZXaD&2R#0Z;tmPCb@!bILW#cBATKaBHJ;< zAFZeS1&GPz#&NUlp|+bZ{!k<~QbyLE?=j)xbEu@o>c%3f%c3XT6GQlO(pBWwCTZ?AdVBeSx++pil2Qg!M^h=ABSjlojPCJ`?G{ODO( zk;@)2GR$Mg)-n1juArWP&I6fDX+wI2SF$1)O$BgcdP)VVXeVp{#^Tv;UbdRO{2*p8 zxhU4`-~s{#kg;fFo5r>a_~aKU0U1eDg~9XWq7^M?Bp)*cztEDh4Ig~Mvhh=!tN7@O zDyas1jK!JGfAGWbD!LtiVOk7oDnoXwJI+%*+i0o zuJ3XDA4-%8TppYYIaPD3+rm>PKNy}&q)I-Kx}kiQ2Tom3CGm|^@4BJOk1@%=|8h&C z-C4J+hB;{t?f8EDnbTx{6fSw@`z$<3TbM?0_p`~6(p4}BL@5+dBfZ^A`pWeb%ablb)ZzFdU@V;s|AB6e=cVjcUzwC#6)s* zg8zDx6Xwip0L|Ic<*&8Ux--W8fYCp(Zw;z@lh1qn;x(MyA>$#3Om6t&tvUfjO*HKF zi7f)>VbMl`#^W0B8fM{f@frL-g~WtSb2~!Kl2~!9m0sp-2RR_4w&m+UjZrkbPQpJ7 zH)@au?Trnfh3%ubYf{0zQ*YECH0Y=1aEktP7E2O$>Nq{dTZ@ms3|DKVN2RYiL;dm+ zN;}p__{sOlr4FfB3GU_AhxSWROjky>Z0JB}=$n5SSopb~_pElP{-|dO$q8BC?m~Wo z?5>$z0U=(`M46Y%f}e?3l7V)&k&tQksfkzgu^m=)PHbLZjtLqpEB|4<673}NZa;Wo@GJSniQxUf>tTYd% zypWV5z*U7Fb9Z*tkPrRHA`&?g7*9Wnoy^$jiV|&9DjMAjMI0&R{w7`3k{7LbJYsqG zSen`;cwG?uwvk~7DT*Ar&+8ktr`!`$DX*$?vR--wN1&fl=`(xyLd&JHI>QL65)`Qw7_KC}2C=z7sl5s{F z;2d`&U@eACGNZZS@M0^GWY<)=Z~wrnx9zvor}CbJeGH|6zY|TS>Tx{6OaA$D#HrTc ztXCA~i(!bhuw%%0f$VS6XD(qXLjAqAR$%9xfu0J6W|I#$=$P*roCVJ^`@7t zEctxD8`Uon0iFqtW9i0uvwYY1PeO-_okb*-1z)C>e#9Zcw^5*+!eyIUGSDpA*uj-MVnaGgEwXJsgOj`Abl z3+)fxULB#iQfsC==r5hP+P!SvYagQ7LmD5dJ^Sf*7)7F3&mS|?`6;nluUrS#)I|hLHag}Sz zckKO;f)4$oiAQa$BZ5d_Fnb>}IKDx1vW!boe5`a_xY_!7Oung_UY+gxwkZmaqksY@ zT;CG2h#;*lro+FAON^AWQ?RQVj~DwdULcWP+7Ov|p)We5GCxkUO^1 zR%)5_BzaRx(F`tKK)i;5i%8UDId(kkP(8)Al3L0^1ZpLMp{9j9#?AR*N_fmQ!I3GM zrR0xuo#bOhOPx?=<+xGzs+%?0sgJV;MtFwklWwXn{7IHoI9ZZp;f4h{T&IZ77?0dA zu(6Z+QR z@LCK-&Js4XpFw^pCn2GDmp9RTb$?j8XLg0ucpa4xbtgjrxDO569XtH{EJKTz$@{6( zP%fRD+v~;PfczxQ;DU^Dl9ne53x=;>w2%7-2{NR%UN=`sS5YILzH*)l(0ikrvLe<>+sW$_>}8kV)WB@!O>2!6~+iu0WUMPwaR&H{EFqAi{A7l&DD%z9n z5m9s`V#VxSiBr&R21QZ`{nRtAjb1e+PT>Fh-szD1O2{+uPqBZ2y`tjYrpUM9l+nUr zF(iR9DNQ)}GCjRp@{Wr|rSG1`UKK&;**kZ`I<*EDo{nYKXfd;cSR%(AytG!C0(Y}s zxa1WznMb%zo=_epEk8&~OuFD|D&?6SkDTQ%;;Ze(s4uQY=xCXqsbc@oW44J$ViY;E z&p!;Yx#lP6$M8~v#}`lJNEGBa>x@G09y=nR8?1o6Fd!sfXjVx+KgR)O&U7fnmOP_i zq(gF-Auba=(6L_{Wd1dJZ4cfSu_m`dvH){HtWF4$j!M0SvP^`cr9Az6dQF(e{48It zlJi_}A?D*=&6jDAn6F79;_vV>2Zk{fl1rulmftvk<|2f2Bg8!d9_3cpxoe^)4MOANf^6b}{{s4oyA-S-qB#^b7 z>ttk~+-v8%skr-`QaQF+iGtVSI!H$gl%34p<=uFH6yu`}`1coBB+RdfZEPyeA3Ior zdCmOhQ;QW|c$SHB>|Fmfngp`+ly;dvlOw>eRj4UCzRUT6a}IM`{P;w%wq8WzXx8H$ zU}N#i$5o&X`w@Y6xoI5VOf)t?=~d#IX(!R7NUfX1-`s5Lqa}K?+HS?~LmUFD?5up$k+d=B#yJ4zf)*#DG7cNI#BI9N@g@>G zid~t<(&uj;eRNspgIg?yxg1DalV)mbKQBSHJ(eBJw)E~z%Yr+B?XhxEUjMB9#a^=% zU6QZ;8h4#=9>{uph;xX)QU3!vNAK_-2Gy5eb9DiyM+jRDJH#U>>BH3!DyWntiu1J| zDu|aH54E9a93DIddgm=e^pT`p4DiR=9QNSIqLJ0T`4Za?cpye3#t=|8v*6(70&+$t zx_lgeKRUVWJo-i{mR1f_wq$GSO~PW30*-(`VN%&#H=`yH5|oa0T7GBa0`sMktQ*m^inD};D;Pp;w$8PJl_1z> zQRZq1`dt2Ek%s(S_yvV|jZ1M#_8y!V$G#NJ?7*u78@(lSv48AO`z$A{151X|O$9Wf z;gKOTVHSJ7cfE6i_9MyrW>~~LRxyID*|z1F{r6%Hu~Qpz^agX-GgzYHf>nJRXgVBK zv3J_NQl_w2$D_)ES0+ILct4~EmSdAnJMmoHd}q5*bu|j#_fP44<})2J-THuLm7+y1 zN1C$9fwMpGnKO-`Cv}u|q5R@HEMNhQy`(F~B6Pku%iV$9uO*bX+0`cD?$2hwtJnHi zVTws8F?SRL};5K@lA9%5AuE!&j?{B$`1sp2f- z*jG7xM}}dI;BXZW;EOGJQWHqt#2IlrVx;nx{k~!5*xv_UyQ&}NR^onEO%>`R!F8QZ z8)LqwsZHql{VWKRe#mgIdW_I%b^O2aJOg@=cNdi&mBlc(`!lNO@Yh}*syE|GPC@_6 z{c*tYKa6C>cn6fbyJlBUs5f&N*0v*kR^s|G!O_Y=<(d^D_1(fT(A>kraMMI(8zass zD{6YZ;M@2>Kn%S!vxgARM;*u=N5oV6IXx%=EpsE$P+Mcf9B#axZ1Ly;MZ3f=UwyQv zgXS5Kd0wZ@JdzS6-W4`MnQhA3cgc#)a7pX@q;aWOD(6o@n2^}fT-o3;Hh`0E#271C z1Fr!|?3mp4cXI^#oA4d9D z#k;$h{YRQ-h=8P3k%{c1`JA5DBKP>IQCK)~y$h@&fL|`}7ZaU^?x_qKFb$@t1jrIw zm3mx9Cf>}wx<>dJq)kkOAht-k*OtrkLo~j_h4`$U@(cYXw=v)bod+}yjn>>AYZRAH z9kZ-8cwf_Z2=I!nozEY-k*Pwce?SWuQaDBEQviMviD8_CGxKKI#D8__^InUL5fv|R zEBzFJICE4TU`Va0ei2I@F95%1~eBULk`aP4`Yc@ASVEtl^2ZrGh?r(a+E!xe~Fb zmu8nh0;iF~e#H@1-Cc^pmRtB|Cr|pMgyW|c(bhO(61AR1^m`YyE`0L7_^(^PS0$b8xAadNjIYV6!Qvv_2EQ8OrqtL^ z!9w%;iG$VqhGnGN(&Dok+1*rJVY!%sUeQ7%@6KNMNyr6B-Z#^KsO!zRT%AgoC3tmJ zS1M=sOU_tf_Gf7SBp}6b7q5T!=lUf&T9Nb)c{h06|LZH|&rqP<`$ok$S2$6v`C_?* zj~~hKFKivMjWg?pz}VI?=2==rqH2>uCd$7cdzmZ5xm+AQa%YUF)4zJjd%Y+@WjT+p zSmTM|w!c7o9FyK>D;E(;vjg7cYEbl;G)4A){HUqAIQVqi8?UZw1QVN!!bq z{=YzuD3cbygY$-TN@K=2Kl>E|2;M#tvU;EBu~CyaDn`!J9Nm+TV?TL>RqKGxJG!z! zyNsM-hO^ZS%8k^pKitK5E%SRw+;d2E_eJEJu4MnIGT_B%kyGTfHt`&pjT1l~M{3ML-MR-WM7aKqWAIa8U}Iom;$UH6V_;)q zVxSjH3II@yT^Zsa>KBuxRNiVZvUIus?-K?ACKe{9BH$FttM)D5t)O(|jehn1;(`KQ z9!#VliU>6;>TIqTXq$pwlC7-`^D2rpae~!PdU~pv_`^*_Y(z$9FSq%@hVbf9cr|)` z@W0PI$!Zb33G^}r_yY(<7w1t|gZ^95(NQDOn^_wk7U0)eWF=C@AyDS}QWb?6gEj4u2B-#6 z|0i%6UOmsRlkyS0gB>i7=yTfvb%Xp%A5LNiF~il#o!M*Hr7rXc7#9V8-E!tx;G#gj3A zq4e5-07HDz4eiLb5N!(L_O1zTm}=ZUvzp<(}pr#map{Hj?E5HPdWv z&l8o&4hRY4>)tI^u*5ReK9N|+uO|X8F4r5TxW57wB#!vwk{kwt?4fe7aK@&2RO;V_9G@!9Y6N!PGqLU zN&8R{`=9S_sC6tJ7cG&h9Wn&N_bW10e&jIr1LZ{;m-7gZ9RDX5PyppM0E(hj=w?EB z{?iucG1MxL05&*UCE0t&3oDH2oJ?um6L%~o^RO=wNNS6b66P=N#}Ai$Pokn-Vlih= zL8VNi&JQVYlH#kNlzLO*Y*Y=>`IDa1`L-8*YC-L@pPX8YTl;D3R#7py z^MjiCDu5j^Cg?WTIm7wN40)IQM1tStR8F4$?4Cy$6*WE-mI^}?Y z93Dx{?;G6WD4(PO64Ag$BISxVw@!#AO>bo{6R8<52y@R<5W0In_d$km<+e0<^~pd; z-L*(Mxux&`iaCR%ioLLbR6-pqSg(SJ;6`&0FDpBeIG!H9m1^uYi1*avAheEMkHlH4 z^I8_d1?2ykxrK$47b7!%srSiix&!(qTis-yxfYbDt3v7h1WE73Osw@)^MN{+*>8HL z|2QX`HfJ%1we!2BKrmy#z71Uky!tdWHID!t=)nTS$u`94;l&3t>EXpskL|g4a;y{B zEWK+t)eZ9@I9CBu5!dfHoB_`az}X;~Fp52giu%JCLQ~#G!!$Vf%z}#fsh>wNZIwHt zadOEnK~SJ9O?L=KAVkKc(lkRoBdeOX)-K&4@OgaR+K-|4J&&8Yb-NgK3m`CQGR_0?uAd9oA#G9~xGtoL&uF(q!)0Kkr|BZ~jc6q>o~B|8cCNvTy`|6O zv;qL@Sf{^06L6Y&rChlWMDYL$!t$X!04NV-g+A6F9!Qa)C*Iq~xX2s5Vv@3{?OISc;w|T+T3ReWzJK{FycvNtrhKdWo22=D`Ygjf=G9dwaOEy+e z(*=dHuQdW(Hu7r=PD?P|pvZj3aPL$33THo$KM_xi^mFVlM09DAT2<)$;A=lzyh||8 zI0YC1vW`nvEznhdeHX-HmjkGX|EpaC zkG6eQgY26FACl*L^_Fz$>g;QRUb~&d@@KvXF*VCd?&UbhU=g2>Ox%~)P3c@1Z)?jH zdDlxzRjU`oZTu#rT{6j9zOK=QZ@*@g3s=6nKRoqyAHtUO`Z+o4bD5<5s4(ks@h$9? ze6J}4-4pLS)2WQjj+)VPL(&3A34WlNb!+92YrS;5#5gD<&|{gcs@&-x#(ir`mItx= zX4F#)9m?9Z440`KhaWQ^t`*{&KJvFoR#4e-GGWtlI@Ah(V`N=MyNRd#S%y%cuUt~s zW=A=#Z--t;m#Eqn^;DlY(^>NBU2Am2(prpNzy>x&dgaIODGAm5>HGU-mc(82hYn=g z*IC!U^3P|#D&CEkPC~Q7tfAdW-@b&NgRrvzeCZ5KE(o>Bmb^H(1nQE0@zWpr*-TN` zPe~K_LoX(JDfnb~kOr{$cSV#(4r}YdQe9Bk;Iw{&QDmOMt04j_$DN;tCzh@Dt1^y) zCbv2)**{Cy7W~>AQ_52+jv~F-g7sZwWHb|?A1OFEUYY|LGb+`X3SwF5FMu<*EeSor zaorx`+c$#h_jc_ULr(2fR_;72-$`pFh2AZt&UMse{g~6oob()N#_J~(VbDu!ck1j$ z*8O4ld;tY}W-p8bD7u9C9-NHy(#kuetlrE;rV!mkz`X}ZZIh}b&CU%x%C)D%|1e(^ z`mCM5Hfp~~dA#iUOBL0X_Wo@sCs3Z^j#uTRz#_~kAlEX%T2lF4x$T`Z6Mqo1b9JNF z9Xpb8bVs}xO65-NLqrF5F7C?uR&6XROO6y~CeR&qL|^wa^qMd|l_LU@9ENhzb9W)( zF019P^>WpSRoh3wCy#Cq0oAZt#Hf2)tSNfxdwsPD8Fi@JuVSDhfSL+?^^;jcT1`G_LjQ z#*|rcTz42x2{^75`2Iujy6p)mys$uPWqQ~+503hNLPHvvJrt<`7r7UFa9NZY~754bywh_l%hVVoI?&R1k6gOoS zTm8gl1?vue4;I0AUO=_Edesi8_|=AT&XZsD(h(TyLHihU9>uDgzPT*?T{;ScpyYpz z8{+j<;4`avlq2$!&ZQ+CBmtiS*<5>7Ssqv!ezY;b{)*6tGO=c_+ZT+eKVrQvTeUQc z&HDToT4l|}ZBljk_xMO1s*sXWv{=G-rJ0v2p{z0%*f&P4BCVF(w3DTxJyW&g5zMoH z)8aOL{-9CtS1~R-$l5mJc7mS`+n_ilLe&b8Cijd~Tqlkd&dbf zZ|mZxr5Odc1{&`=fa5DOm2L(R!0w3B8)25F-JOjcAM5kxJ^eikeXXHkpYndOdMz+l zmS`k7fgTY4e1OEXBAD9$1B9&bhSo0)Z=UrV6!@of%=~DKasI}~HA~%^lu#Oa_4W;H zeQ?fca7$@A*b)4E6sQMJnPueaK3^IT>!CuvnNPag^Z2|rj_|&H`ML1b`h$kM`zuOs zLOi71r`_R%En;Gsch@p`2?e*aw16>JtX-_3bJrv}U;{vl%dMZ&l}&&8oBO00-VE8! zxXuk>*TD5qY4-{mxZQ2@<3@zWcXEyM(8i?9w=2{+K@EBu*Jfm+xdJ?_A4Wa_@s9r{ z6^W22i@vM*fv550EmruTAnV(=+Ojhr9It@~`;o@gA}Ze4yd8>9k~Y&+>fST<4kUZ5 zjw5|P5IxATgfDLSywutRob$-P{8-%sOI}MDM)TY*dqzX!YG0MUxgJWQD<`3k+}E}| z*FIKsPwMguUZ$ngrvLp(TrKV=QI#Y7+=*YCd&p(+U5^Gtkcu!sk4sfW!exL|zir5a zQHcURScC6m)5{ir8N!*nd-qJW zvpq6<{o8{ohnt7;CG6v&llh7&gjw?+#_Ym;*11=SLGBR$w^n>2v$qMCav)l|OIyy9 zf+XM1j19zugakhNqz!>Tm>qx1!Z-Gwr)A(}=w&w9Il1>O$+YABt zK*yal#x}n=inz%`@-1Ih>ciw@B!1a!WcK?zx>tIp-5xoZB>YVmaw}mxJS|doSy;bR-`0sB9O*MW%A>J3`)w90sln^=u#v;J!LZ4hy>^n! z=piN=Ft4Hwxu9Eo=6=r=3uq}MefG1|WuTnNVsO`?(!Ta-)Ux-|d@60meVQSg&)cM~ zuCI3qHIQL=+kQEgvlhu0OKMWnFNBWiuO>GHV(onYTNn zMg*q3%yoVV1W^_IYx~u05toCUIqjsrrGiranY8Zd6N~*J1S2pdgLy zRQo4>pL~h@l;Onzz=U3L*W`ekUIQK1OI@LpG+=Wt_hpfsa=@1X83zhV+KMeb+YyD1 zz}2Y^Uh`Yoa`Fc<_w~h(f=+aPJZ|QNEEa`|>ialv*zP9y*G}aWUj|ioJo#HFOw;B2 zF4&ywv+(zN#0)yN7rNNzo(w*{Y}Vd#?s(mqtG*D*whfg(Pz)<89u4P7Oii zHF{t!o^SqMLGg{Zoz=%{ZyB4sSK6p!3_ZG7lh-&-Fxv0g8fTYFd2tk_cRLf**G8`0v%_Z3yAs zB>5<{q?PyAjUfEA*Tib*kJUXH1UXL zJby-0)nxX~qXE*wt6k%1;KtYV4ms;c@^^QvfIf<)%Ly)*<75f~ZkVKQtxD+P<)%Wx z^NO)VvopujS1AO#y4Bw_9SBqx)#*_56IPKd$$Oc-=O8^&Qd-q=mg~vx6ejR!6wZ92 zvlGH%<3%O6peFe1p6cCKSU<%bC+A{8r{u{~rl+iOjHH%d?74wh=1xdn2>A^9E;(~V z)Z*O&1-Vi6lGk?b=NJD<~%$h^qFn}(p{|3ZyIr*#x~2g9GZuF&7xxDt^!pe z(`+P`xz)f(%9~6$l~zn&Vr1oFcoL9;f=~p@i`v5cv!XHkBKTZ0ZZRAOpv*<7Wv_>h z*ugx7y9=j&?|9Nu8Tgj3pW57tvf(`)gt+W-3fQYYdPf_g;)0Hbj}kvY+OhEKB=guT zNG?f5IF={KFK!~^?Knv!<>Zr6&s{ybyjaO@^iP>YcqW$?-ZrOJhy$SJP#_L0DPMO^ z1@H!aq7tqsMwieEi0*exR3L2&8r|Qvw(YCORBX9tkEz2vZ&c~03b=N$7&ksweQ+=< z$z9%Z!UgOw67;O%Lv;F(o)WFR z^pGMo_sd~@PYDDPKxbK0Q%tu0d~}YOZPpT+D8z3|=vA-$(oDpy4Kv}maZP4RQ!YD{a6#sIl7u+=3bB#+B{FFiHlv@*I3 z5v)AXu$ACv3dK57@#FGsY*VLmtMF{zS~fWGzX$r{#tE7v z-cx>0QtOtnd7w*L2}pk4Q?!KUvx^C*GZC3y&~gI&<(cnjmLPg6G_ytRGuR@A$tBhH zLU8eY-^NxwQ={MlBI?*sUs+Nnt9iFfBtCiGG)CKOW^v(k*opt z_U=&yP8>G4dZe62xA<~z*Lq^~QFZ=4v-fG`ANuNG$1SI0aSj#Qq@;JI3)t!!NAfAr z62pIN>A=r`I8>g!be6zh6jjedWHw48e`fT(E}~-Zjwkoc#`iF3_lz#=3TL{ZM)p+y z!-x(Y@GK_?bpj#o0=^XfXi#;FE)r^FCqw=peFZ?-m_=v@&=EzyktlK1my zf#oau+OMYsO2{M=w^VKnOvW^|dm{1}i>0B*rNY27RpBi8)WW4_Us3+7W}M+Fe_~-> zlk-Ov0#@!oC~TH7QXrp6hC4S|TNK^s9+-lTL_@v(#779}jana~z!+d!MIk zAr0U|$4EUz`m*X(S*nTJ|@nG-`=8;rOw7rH@yKqCTTuQL4EGH*EKNv9>iIkI%lcAEtiN`Hda5+%I@+*Nd%X5#vmq5`7x&6TYD6~_E zmjV+5>p!Ou+9QNs{__c8{9mV#QcPBP>xjYC|6D@oEfmpkeuLdtf?uD>9?q^gkKCz6 zQT5ju_F|ctfRhAFW%%JU^N!VEbn0gzLcqAuxTz#cYwGZsHUwrD+io}ro(LpDmlGP6 z1qz_o|D`eh-&G?b{{R1#{-Y_j+Ts8F-SnTRIvW~6>Y0iEHmJ=m10&*S1ZmKv=KsAp zs?jQA1aKPv(^zNNg02q{C)WSI_mbTiqxVmqaOw4|F9V}I{;#?^-9}R|LU13WP8Yoc zHud%Y(GKBNT&;tMqGdHF-HBXzRx!|Awa^IG;y)L_X^KJD2!5A~5G4Aaoc!YF=B6}) z^{s~0ks<4by&^|eUz3bSp0_m!F1jBc-#nxhA`rgEh89A}dK&+0sxx>jIUQt6C&GnP z-5*LumtmttnR?R1Q&xZx0+3|15e0ZW&=#sdw`l^*$xq84(1T3}vhH7PT+?Liv1b;g zWlUGa9Bg~i__Q{V8@&69k^Oc zUrX6;*lI`mS}O2qqj-h!MZSD*#+bglYiYcC3Nz(p+^#6;wwiD_x_5Z?vRKDCzN$i4 zKnNMaJpTU~3~g>x^y~jSX6qwpcz}snG5@*k9{)ceD*}!ynw?l8<+y{d&Vt**2||z* zVneQ)i$qV5!4=&pfhq~@Ra$}@2OtI65(1)xjMo{q8kQ$d1g`$~r8;n3U2p$%*Cfce zv8qmmV{6@vWkSzkjD8$i$oGCVm+K`|Y>uBT&Y%`YuSJwYZFHtrg8*$HL@e59=u-fF zq9u0`zYrD{5f;G}5h=N|wR^igj@6p`$dtmran0rGRDB}0B`A${j`0=NOad}BxSZw~ zxdT@T%?SH*_GoJ;fydKa|&bvEyJT5Q(dj#xo}YV>+yTY0Y3Y(uMgn2FO^h z@t+lF?Q;r)G%TErwvVbUlM*=sN19DX2S>AKLrEutMR_a#+4K15W2>d>>$EKOl`ct@ zI-ds-%u_TMQ_C^%E1EylOKBW|452ix8zU3Yd}Cgd>iZJ;zModj_H3l(C#Qg1OFFYS z8pmf5WX*sUh7RNE3GMMeIygh4`5gT3=l@&kzv+KCCh3plZoi$bGsAJSwO2e6%4GNW zhVkV+{RNF+lA0Dxncj{u1zoBMzboHN>N{J@81D<3wK=UWdzJ}e2Gzxe;n=!8sMgQX zC%WsZDY*{zsLB{Wv=%gcL>|aWq~fUU%71TuH8i@4UVZKPlqdDoLdD8wTuL9lCaSd6 zMmjuehES`&I@DSAlQ<#SXpp}-ik@;WhI+dz{&F*nnCG9ICr03{Y*o1D3uLqvjR--% z87os8PR8yyBCrlemiB)wp|zl+1CjJwBgOwSHuWvOjJG^@^qZmbT6epK3rCTSTEf{)cCl?1ObFqxu4gAwJvRg}g8X5pnF@C5yMQ zq+&3*X?gsXZf$ysEYaI@hT0NJ6%rGwh}f60DURrwUaMGaN7CN|AVD4wgCgV6>{trg z+{hp6bguwJMnai~IX#jrAKYt}aQN-~XckZ!9w?=eaQzFziovWn;n*YLVzs~uk?aT9 zmsQ-g;(bsB*s5z}b2*gd68g!^K-5$Nj*UA2W03G0^}1GkUKn#8-_y_l!DKfOBx5fX*@&E|E`y1Fx)@#s zj1v3D?Ev(jAw1q)2-}>))-b!R8<7S!MbA9g4O_|?+x`^hfMt`DXZp^WhZjw(XIKt^ z^*Td(dW@E4MMRBkaiK`(JDESI-J7>+0pBu`#-0G2jfOU<-J+(ALsa`Y9XVt%W(BSC ziZ#jTkN1dwv>8_5Qdv{0Z9z8KS8$}l(eM$4)jFZvfXgqU4*U$SH`5x5+4p|Q9;_S( zr)711@*OrC^Rrk)UEr~p2#8LA;hN~X4?6RnP*94Gr~|-+^P3MrUpL_)sqB=@Q_)p4 zmToQNU-r@=4xLg)+vplbt=t;pB+W}_ux|{59%J}yh`79)m@Urx@bap*v|N~oNky`Y z9IAfyo1S`jqX$KWKj!B=n-@PDuak>@anEv#TKLZAEg{uS>`$sglb8VaJUPaPQ5qCG zQ8BDy{z`5Rf8$?JU(41m5YBm2wXXV4kPGhlaZB?8jOTI#*q) zzF?l_ec{UQ&FKUIZBP)V6Z?j~nkeLbqk<(=ViMtUJ7eLgi_Mf zk_3$CsDz`A*=1gUi^8H;pjbqgKPb(IsfH=cF7Og+-R4Kt`$tQ@%1VZg9SA1Vet5oU zNl}aQxD;C#$%m+IWQ#d%dP^h7yTuuUxSzPq{Y7&u9#LI=)IS@RUg*3<=dDTf>dihT z6SM4sjDO?++B}JDI>w z3TW1qsrt0C7_|Yiz;t5&6K-w$?-U*;2KF{nxe_||i$fKpZDkz^?-bxZ*klHQmtvIt3SU9;pQztx>4{I=>_4NCG*vmQ|4)u#0PFqEa5@9p?*VhiUX z9*OPiGR1rYJD%d|mcN;bJzEja6#GLRx=g_EpXylaw9ETF{)vWPX=SCjx?lrixT5wl zysaSTMj-+BfOtJDIfugJ_hbCb0GR=+?wrdp`fT4|RFi{kXx#9=()g9BJT zm&sMZEc5o&&aTP-Yc9Iy78NkGFT)xm%2=A7wFH0l}NeEh6a9*uAk=bylBEP(bz^} zzGx0?t&cwgupBIjMD_3so42ubmqzHQ%geSXAVQA7s$&}t4bufy{8;P<_?0|E{eceS zj8@wvN+un+3>No)?!A8--&x?;95#m8)Qxr0^_%Yp{*e0#I--bOKR~DS-I&%dnm z)4fW86ER^%!}&nZWGu}a)#diMclOX4k8WjOsaPmOra6^#iOnuMw%aiXFzYS0&KC1f zV110n&dZynCr}SD`@oHPnaM>ja0y$L%K{7fg7<4*!Z3{dzE% zoa#_cLR8`*<7Z*B&z4$W3tW>NC|i)^tcv@80@n*D^brlEu!6tzk+R~z2Cm-(0k)42 zpuXfcYE;w~<@qJm&o|;wmlCgbM4fvW_Qgu+Gg+^a_oEdmRyn@B%}4cJdsv?k(?MGg5$ZH6%e;u!s9CKfl5mXe#mqKMGOM-D{{+6bqcmL zf!QvTT#-q2C{Js=Ro~op)U$er`t`AoZ?1&=9#VVZ;LloGIVSiG@dwo(B(Ug_oP_U( z>QlSE_b4L=aYdFwc8ErhQL%Ea8AEUu!V&21+hKOfVZrd3sAMsC<9_i_#Z8)V!_sl%XzOC@o>Ae56_riv~wQ1Htx6xcoDV^;SxkA{23dif_8320?O z+Py^B<5&8O=LS4WM(E&mIeE(bmk9I?T&#u`$xj5o#G|tig^?KUGNT!!)k+O*frKs} zV)+&DJTPoI90(yE@dd`X{o&ay3X^Z99sQ-jwVl~w1pfeKviJIl8pX?(#Wb6mY~P2a z!ya(Ej&3mc3{)_dCq>Jb3#^pY!FB1mLwvi3E0ne*;|><$&hU=G{f<}OB?V19LL2?W zB&yt?yJrbltP;AaRH;(1q05J|c_ABrrgG0W2@adox}lCSTbc#tz?m#%O~P@#`)70N zJ&CY=tO2WK1!3 zcVVSL6`{^5JcrQa8A=+S#b3t*xlibD21VI zz6k5wTD4u*Xm9>dJR%@b{lMT~tcs*W*O}OylXEEK(eIgCKCuV{GbdYH$T z9OcWG1eAnayt8Yj-X7UHm?0>8>|*G~xEhy*#hi9!`#8m6N{z&SQSnX{Mcyg7S|nF; z*-D`*_etovqo5+0Y-bs!BsZFXd6pp(Ht|(cM1u>L6lpN#=y;rQLy`-`Qe0Sr0Ht!W za7Iw=0H`hj-VRv0UQWJH^5_0pVS_g=Ugq0X%PH~EeH*k|5eWYP#N@!K+TbGGaAS*t zR!CKr$|9|PleNEK#PxrOVKxGn}*GaYO{{Tl>Qo4ysY)9>XsY++E5z0rP z)qx#v%(90Pf{2W|h7=K~lBG=;g+of=Dp7(q(+zvCOn!dk(j=6)JM51R|{cPAMUUNXYW6tpo!^MU(=;5g5hq z0ck3tM2Qm@qHSy)DQHzKHb*LiJPBj6;7JKdL~ynkaGeT-SYo9_i-$<9M*PiRu$xN- zh^??9K&ex3YG{y36^ZPXJ>Ax7TIS{ZIhRWBQG;^oSxP=orS;k9=$hZgMzc!-pZqRYo!4`iZ5n^nhhXcaCaS91+S&i5Oym ziVm4oE>*uj^kp@S8MGLYm)*@RQ^ z2yr_3M>$(%;fLbu;i*!kN|lP0@zE;|Ew{TJUVhP@(xTmDn}j)>!&oD{3W;bzOd_$w z%8I8V{#F@P7mJrJUN7XlT)f_HT)B9>T)wO7*IIM~q5}d#f`8K-Co6-gu+&0p1{jfb zNx5J{Y#~HezVbt+ZlaN3qRsWJV!1rQbr_ecERL7VYTm7iEiCZQ+Q*#+>8G(`s>Anl zf&D5a+Ec)li>Xf%&kzT(G?EOMe&iUCi1NEIg%<#5nqFw+X6oH51ZU?`!fL;bP)Ft6k_ z1P!f4Ae6H9I%Jsy*2qva_N;%M=WxSwk2lSx`856yTJ{(cwnPUdyIy+DmK@N zYzc+)uJ!H+TD5T`h1!x=%tNqmvGDizxztt>RY&cvpvrs6KH@nQ+&i5RB^ zhEzzAFmMoJ8D9{3D72sQXcbLlS^`0?A<8_N*m{c1aoZPx#mkrY70~{73CS416Nq;W zlJx@8ZMxLZRFL8^Qw5AwN2G$NcZeSlsaP4_Z3Y9_fl8iwELG+R{Y*% zxmQrq1Qn@k5?Dc^8kJ`HFBh7Xi^aigGo5nBBl?Ql(1Gd@suWL(s}vDKBJJA$uxPyC8~zW~TMq0DX8lz@{fKSJw`LKPPOOgS084 z1H87Y2Lv=x+G~?>a#A^)5273r@mMbx@))kB7=Iz@bhQ=@C}0n|l-H&@wL50xk9P}% z5*xgWmy7s}G2$2-gQ((dMJ1?he`90K&zP-gzQFz^a@Y zixJ!aMm$Aw?!&FHmPN8F%yhpKRCEp_lt6%oaTt?rP+zqZh*%n3vG((gLqc4vnZLy& zn*3L#Yxf;3gMC$8qcp7qbXE$VbTv?(A)z?`014yw3^0wlqYzfgos?aV645S+ULaAW zw)waMuu8aPN=#o#EAiaFi1gU6xEE{;(x{aJC6Ld6^$dq&Hidk3E287a?ih1k+604Q zh7o4eK&&RL?m?+Yab=`aQ@5;t`RAvP+87GdEuFB`j#n%M8l01a`-}Zc!Pa8s$1FOO zPDUzAzDNODR6^U_4wISco~h`bsa_LupA4tOr^YLyzZj3;y*^PpD0e z^FPZ5uf(MitC&P6P1LTlFI&OU#uBOy{o(^%ZdIYv#HqW>&|_XYd;Fw&&zb4-81!*I z;5JS45tYBRPR|Vg03__rf2f?!QRnqIxG=(Yj5Gh)hZ$~i literal 0 HcmV?d00001 diff --git a/content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/kcseu2024.jpg b/content/en/blog/_posts/2024-06-06-10-Years-of-Kubernetes/kcseu2024.jpg new file mode 100644 index 0000000000000000000000000000000000000000..43f7c2ed7c4aac9dde8625f968c364e735d69378 GIT binary patch literal 280201 zcmbq)Wm6nXu=U~|+}+(>gWKZn?(Xg^?hcDPEbdN%2MF%&?iK=sbAAq4Ks~`)2f&u`b{u_XQTL2IM_Wu9}2MhndKte=7Ktw`A{$HTs zprNDvH*v7=urU8y6omNrgcP*oWaPB0jEt;;e1brr71aOl2LFZun26Ah2w^Z#Q~+p9 zC>Ttrf1?0W004jh^}k2`e}IO8g@Z>xgaRP_+XNu~pT$?_8ki4`3em8ifYK0zihU>d zqr8Co5o8*Kd_Wsbqf$2sE#;@^F)dB~Cyn!mCKSg!P*TwqU{xvDKwZ}tkm-ad@g zY2}t>?IUKX@ee?U1>K)9BjVz1E|?1s{s9_Z?#YIWg|EndoZc7Ghzv+&7AHe3&sPzy zfDMCnP)Ah|-Hkm`#GHh72ZgoixRrl7^w7buu#SSTaxMRnXZyXpkD%i(04u>pde;w~ zA%I8r+?bAy#o!7hO!N9hNWj}XI`Ii)A$PRo7b&C~1nc23aOXjc(%B#97^9%PhnHIf zMO0M9U|pi3Zf|v@B2fX(O)XPA?#@U<<2(_hIe@1WKt{r*T!@hzE@YCzL@HrzQj1yT zN<8uvuZAe8+^?#EKE}+4)Js&c`N}rowH03YzRH?bX-{0nYN~NDClw^`&8G z4B>JPQJP~JR+b8r3nmp7Cdu5!+=^1f<3a8UZ|<5f*C5#Q?ZqOE)*K2#VDK6B|7jvRbw8396W9CdWeYqXtA|Y6w4^S{%p>qnOOjw6vS8a7wW>o?#Ln6a0I$r z9GPuK66T0UXFg!?+P~N8^&dt-O#&$yx3v_80R~wgrM#3EaTj5-WXl4UB@Zt<}3`wL0Y1Batl^I!(6E04l77Oq3 zZ-l$SF*}{t7z|W&;qfgABEYs=ZP+nPYW_XG?~iIu;8-S?NP%@ajQoLgHUKBH>u`9t zzPU`vRK*}m9J_+&fuNua36TWxh!gW^vEu;)^i#uvpqSdm?K`DTbHyyPR;*nHC_T~P zF{%bPyO7hSmbt20YggYvB$JA{4#=vZF>^n|KK9!o4VuP zFJi)jH*V~qhIa^p;BW$l)B*nSMI!wVkZFM;E5{$K1VY$G`oc$@m+0Kw!?f&8U*gR~ zE43&hpJhni`_}T8a}mi|4E0g3HOqHJP0ex^xR~iBaN_7L)Zk?aIHi;UvF}LXGGbPF zX$tcMRzVA*h)K44XkQa;!4Z4(wi2YIK3;OJDBmJsO=l87jij}!*c>>5td1lB%7&J# zWY-`I`&NE*3G#rM!dK=W;S_W^4I?{;`u@N?2XlvS+^eWau?JIth=hT#kTD#K0F*lv zI@Y&Ox|bxwfV1zF7;S%kxrwQgO-i%CX+TP6RoOPcqc%y|g z)^c=Lj8~_QdmZ8IH?>~dq?RTgs;+P|V$pCYWW?I+NGW@O>mUT^SGRm}K zrYy9#koBjjIc&kuufQllhE8o;uEfAa*_DM;n3TuT2>yDmtaxuO&NCuO4U~R%1D^Yl z!Nl$Y@gXsz~|H z{W}eW;W6f-o1~N%uadmyeWnCoYA5|mIj=Rr9t|`DDwo4?A&aga!IES8= zTG5LA8}v;Z77FBu1+qb<#wRvOxd?iNCWk^<6W)ImBrn2Wc7Xnpo7;kig^o$dK&GS* z3wKna0u!VzgU6lZeCeU?N9CxoxhzFRksim1oL#}ngcHGttko*5faYjqE=8$e=_Lx# zDv`wj;=XlPTxw%rFt}(bMx@;3>!ee`@>mdLVVEW8F81S6GD?U@w~gVz;DNHnQd>04 zP}4PI;X#df*uCbHE7W%)=5S>CCw?6TETgpOqZpEI!FI1wx3#jW0d5EfSiI!`5wfRn z=O7NUvwSM-#nC7^AXHSw@RUkZWjF_XK8Q}0@)eN#2*?SThqfH7YZkga-~rA2&}k)#AwDCKSvB#V@)1G4arEEl^0<& z%wJUesWgv+v39G;h2rGX1Ix6a$mDuE_$4hYMEBf8E@>ws$H+iO3J)+GA{=2%=;CsU z$dc(F#YPdXePhSmAJKji9L)mHB81fUfV3f1(b=ko`qt>!5dgM;xI9f1G)wBoWN$$Q zmI{b*Z2em;~rLc#2XJ%5*vZb^XW$hvzZ-h=_B(ZFL>*AaKDVc>P zRu~zLIB>Y%4wU5qvy9_lUBSmpE2$|s{KLc#2*}3EQc%W*Wm6`NTm!QG8l+ zM+Vs>3RDA0TdAdTnqw4Slis32HCn^PrS6&KH3ah?TBQphzmvj7Bh zw!s!VBE6(DlG2Zg5yV05hcCL|I|2pe@nH5^W-|$|Ai)4dQ`TP~mx}?AqOTo~@;`2~ z+L8U63Pt-BuYyRO3XATS2__k1->!r6rOqUjQ|C`15@2Z9_7iKrXCyj$+gVQ#eGSat z4qRecufwSNbMW)($g+N?i7RJ?+;bX<#N#LdEA+32Swdi$qQYQ44G1v3|TQaMN2>qDF5`hR4Lt-?mc4< zRjOvQ+`W*YB;>3+ZbeRjGNpo7cQLNSQZV^=%uc#)t*|5C@lJ2cG0dT~;f=BgQJT%4 zKc9Ljm1E)ctyW^KCecOra8nzTK^rb1EE~3QCytk%vyk{C2CeTuEpJMYWl7K* z%;H=ca#*%a&*6w5vxpi0-6q=x0$Lzd2omSDQSEdx8ba3JGu9fyo2{GR{T_SYjmx-d z4~&6BA4cRM(P+7lRd^ks%~(jMmBnAw0%^32#iOR2C!77;2Xw2Aml-~@i(0wT649Q~ zoP+Z8X(}m((uD3og*w@%7kMhB zr+aRY{{gs80@1Ijcv*WE((x>OGR=3dRG6C?ybp^w37QYn^^UflnHbI}fcpBAO3IY= ziIf}hdld(E*U*r5ATN$$&EVsfuyo)!^iW=%Rx*;#Uv#4ksE1GcOCIi))i5n1p zVq%sH%@i&B(C{C?H0ZMl4KH?(Ls0k2(trCkhBXq*%@hAeS30#jsHAM$FRPoPQ zO4>+R)xNQ8Lh_#E)}U|3^qi&j&+XL10L8MkivixJDXdbchDI9<3O@u42^vuAd_hKU zx_R5c?eF2{uDqB2t^QY$FWm_fVJ%X5PjD~6Q0#L9?oYC;&yeDYwZ`UJ?p1%yUjg-C zph9JHd(roBiR%1?hy9Y3#2nQSPt&!ZCc!4XKkQ?9D|wOb+cWB%O*MUK`3ImA@S{PRb%5|NV&y;ebBGB zPR9C$BWog05>Oy==UjAH>%0HtT&7Xpb(Rgzo`&%srBdI8%@l(BFvgdJXFRB_ zk&D0ay-(Zw0bjbo4jv!HZL`-iP479C2Ny+_6@!I~ewe0iLyJ;($y zyQnJ1tP_}Gm1CRx0!3d~ zTnbisq`~g2eatK?{uL#qo2I}M24SHepLLaoNed8m*OSdA+mpEB`o5%DdOd@=To>UW zQ$mx@GnNLZv@QRRYbH-BZ-NHA^9b|FdOsMk=Q2A)V(TiLPxw)48Vq_54F|(~obStF z8)Ch)ng0OoCh@a^_elNR0i^1+kI~xqARgwEO$+tH3v?z5C0Vq7kc6toCpYgh)qQ@5 zox18bi=XKIY9KXZEeyF_4}zh3uFkQH$M}fVsqhG5>-;w6Wqa&kdJ;?Vnc%!j#z3nw zUyncU^S@j?MudSX?SF1P);2YAW*dldsErt1Sk9=r+k(LaHsA)qcptP2ZLQY@!OoW6 zeV&yLxnPR8#WlvbgIWk;RB;J2!&o_5?^S*TvQQ^umAOg&N^kmL@!~kJGF280tyt|R zM?Sb(nBT@W@nEMTcul|p%cxqXcA_yY4z3n6@BD|4?@#cZy5;4Y{s&!XT-_D7m(~W* z>#!Sx#MmIbfqJ77?WDS#z;bEFtC)bR_MI;WdIX(tP>~sU4)tb|SDy*!)V88=k;mpE z`zd&|z27!5^V_HWT`N<>rh<8LJo;*XDa-H=M5^|tfw3@YRg{@i%Ow-uW979|4s_0C z=9#$DdmKR9F<2gpFLgcgc-sh}_zm9Q!;v*e55@&c=-C7D!q+(B#{fst3g#M`byXL^ z1)IGKY4bRSq#4HAt?j)Iz#JQwhI8*#yK3A?7XG|3VfF^L?Fa9bB;mM=Y5^sJT4k(- zQj%-bCcJ)!X*R~VY$qZZrD=*4^}bWwm~AshZ=>5*DVGDEhH!Jsn>gXfAjo^x6j9=a zWmD5ntpsDC-j4VQEKDWHB5=O)dALNpCo5%< z5v^vc3&xjZX{YY2VZ42iyss|7zvTz-C2w-!Q%ob*#|O%3{~AR`<9z#(aG_&ae$rUe zl!V}LN?`bt=yaw-`&<1%=9s$cNaLiFSXS5b9~f-j@4S*kCQNJmMN8Z|h@Y#U22xrk z8B?64WuXqI&R^B#%fA9I0$loUR%F)~3$YPw$}C%bWn9)5y&D|~(Nf}YyDlz+6(HN* zyxeL(of9WfH&dC{3p zcn__zGiFpdxdQiyAE9S&tvJU{T5J%8Du0#sjbFO>IAB#tkB^${k_daIlRQeeP-x|1w z8{!siRCCE@=a}4BX|ijHo6FJ{p{}WJ?0#>kQM2+3UJ=yQq0HjDX@IeAK!#iD%JtbT zc=%-cvxRk+SVa6qaU%JY`W>shp_rlOt$4kD&w%UVT_-0^#?hPqev`<4muJQ+n#=eF zg+mvARB~pDozJ3Rey7!G>XBK)mJxkHgw}!vtQpWHs6vsp^=A9ebMu)#IB@=Dta%(w$AoNw>zReI_5^eErpzj>y4nN0HCVk>&nwahR^=n8 zyIKE4m9bNKJd-JFJ2h)~cJ)KJeKHe4T1rfdt*ukautx@J4!GC|_G%B6C*EkGIPct! zFm$JOhaA)_2Dc$(PJcn&bJLL67otGxjV}V$q<~lRPb>{*;3L$a`tv`4$k}sFuuSk! zo3Kkyt9>5zxL=$Aq=kFu62e{WI!c%#9rSA@S^LyF%c*3!C7|P_WgvdkvyOcRepW}@ zJ9*t#bWQ7&=&Sk~6XOny#s+2%LqkQ;cC0!!h0a{;wJhv@4|U#lTjQ@jMb8G6niEdH zD&ts1LksL&(IM8KLLula@<1@1`t-1js-Yk}v6CEMr*xhEkDKuFdZ!PiwLY0mP?jxP zsnm9_3^A*ESJ?tdPN!I?b^y9+P=Bvj?6@5xT%DnI8`xyqXPgUQZ1AOez*=S9V82xr zB45p%3H{<<;;qGtbv>dgYTwsU7?E4KfTyA9YW){~9*Y>sVC+c;7E?sQ=2)An`nlno z%rgn_2-aqPiB&g(h287&TOo%Wd+Eb4E3F$CbB}qBoRuI7sq+vypWk(InheItHp=7U zPN;r?vA$o~xVqE2Bl)6QsghX^KfzMpT8N3e)Z!N}-Pcl$l!8?I@!V{6t%~e_0LXy; zG@D+q%?^_~Wo!~A%`CG@jsEd>6s>IOfEqTbZ8ve{H%#X5-z<<*msi!BRt zP4=v_&k#9fm8Nbkx4A(2+?HHkHbU7w3iF;Gz6$w4nnnc7)f{@9c(tXUSt?H ztY#aP&41Et5*kw4KomI%6F(H{)`8I5+XiNba}9*;*%+74mB)l5Lk{3yBfy z*t&}4==U4JmUrhQ!?31jG1h!+pd1tu_j9>&qNJ8E zI@&E}!X7b^v?lHK);>|?0E6(ayN#<4&{;;)#8*YT{^MncelkyPv42dzkEXZf#w`ap zRtfeg@m0KSZJOb8wza)JHNfY)xw^GZ_B@HQUr&BcY$J6=t!gEjX}#>x35Xwi{($Xc zw!5A)<6RwDz$a}mn66}hgyVwbf~DYRZCJ1snJ~t`oEL8NW4+;o8sW zgw6!ssaQY`7M!c43==Nrs;s)L@s)WXAX<}}hL(|zq_h`hjlJe)Qr#zg(T%o3Zdq0@ zw~hv3hlTth_YHpSum1hZ4Y`$QrO#qCcli`TzC8NUHfXG5v#n?n8SO?R)IErUkJSTT_7$C?Dm|Dwi1ReDOABtx*(7&>B#=#4*caX$bOZNG26~6RYV(K zo;IphZvHEHLcePiXPC}_FY4tf{<)RH^8et#c7fAMolvK)w!Y0 zUbIUxbx^w))qb!&YX}?iWUcuOgSlbQnOWWtz%H$>>e_BoN|duPw7_m_cz716!?T^B zC|Re!I+CK3i>chvqP?tl$;!Xkep=E`dLF=5X1}a6Yt{O2W7l>;TP=TX^s2Y3p3lv7 zIL#PMZEN?(zt;g-{|APl>qU^gm}xoXX|cyFPkyfhm@{#%&-g6B5hWjxh*rp+;r7)n zdb7bauBO>0b<8b~vV|}@XPzZga7N~NTJwZK)Ly%ywKT;G%9XF|^75-KXQ0HzC0Smr zd6$yPuNn3&ojwKhwsb+>Wj8wfY+czL;9^H&IiDQHa?gDLavCU@@omd!CfiP_p{B|c zTrNGR^V>hs-nwnmCDcm&!=KKt=ost9pOq_Z!jra#jm_m~ zsg)jxmZJxu>WG-FU~S%f=Y8QConYw}l}V_y)%J0IV(W+lw(}IF%{Ff}X^#`+-&X`m zUe<^JJ!}Ye)2DF;x{{6@k0#Q-q^)L_o`ExbdGO0c}&p`%%+6%V4JxjNS6*1do8V&e2|ALE{ zP;D}CY&Em1soMqIkkv0D3!f8}^Xp@3-B|hULg)LgQ!j1Sur+@Ec{^dXmUvw*6jlu4 ze#3bia{O{Ryo2VB(CqPzw{mN|KC7pbRDEvNGR~~}B}R4++V_!~`jleUDe9Coeauc$ z$vTZiZ+Czmnp$H{E6WeGe}Lj5O5RaaO`w=UUiLb_*94DNk<-hCH^=FP%mVm$jfJbv zmdIv{={#J$Dj4wx*r9M{bn8QyfV11l$R~TGXwoJvo-4_^orb5XaqCMSGwb!6x2^94 zw|C(4Y(+D7zrnfPWT-sWS-={@Wgo6RTI%%J&}?j$p8smSVl?A(>W^pjo3g;I_>vM{ z70p?wUGR&f30&T);Nw4l&XvL6+KJ2nvBvz7M0u)&kCY?zchM&%QaUpW`Pd$=Jh8?+ zL92KIb$1mXI)0CD`cJG`CR~sDB8^F=mP;C33NE?Q?O*)T!_!&~KCI;I$H|E=f^&nr zlEKzL*;?dc95wRgDxWa%%%kN}^?o?5^&W*BUs5M6&^~p{WJOrq`4TA%0O{-V;+M{F z6Y-=rX3TNzRCfw3HS;*GcKepPKe0B@7Hk!(<2gTr9@x6f>Sy#T9BGo0zo}7b{r&3d z2fnNz6yxq&{NdT|a+fGm)q5l++Y*)0WIb)}R#*9L!S;iiRL-fhJ9M6=1@agx6k1~L z&`pO0y@x`w}%;pojQ(?RZ8b_++tRvLRf(GdyCtRZi;;)BG=b$63xv~4k9Wu7#BGC+>bm_wf9q5M%t%mY6=zkoSZcxO z8WW$RqffxvC!@X=5@IQJRj#Y`_71ag8CwQJL$@CAU*c#zS4=!8M=l^SVhFpO$X}&5 zX6WhM=oqXbTu`)zYo@|1N^N`@f5f|?zP()S{!Q|#u1QkYP4O*0Fs-r9+QlWUBgH-IFyh-Vnt7UnF#a3ov)HX}Qk}tLhO3aD1WhNk;j1bLF0(h|EU}d! zqC0?}n-najV*ZDn&DBzEh`D zq1!Hpdq(nG%p2S=+(~Js#ARzbxUZTOFDGBi=NWyX+BS=oxGPhb=LGIdd(VVUba7f! zpME?iYy0VTQSS<-sW`+H;tSV%Id6hXJ6bXWencg8`nrr=TCY|${C8WG#MrBPj#2yT zemA>>6hteV+vpR?1{VJ-M2UXA?gQ-I@7RqIKzvbPsY!)r!+Q95Druk+Ywo?s_A z{Pi!^q~I#{=d?z4ysC}rMTX?M<{gz3iAo>n&ZffN1Q}wO5yH>>N~5?Bxuaa-I_fp=`ew;Rg=MbBgN)7d80T9Z)O>tgA;-Nv4bGq}{GB17++Dnj6_ z)>zjDj}|S*aQ5)Gnr`L(3Ew_Sk8soFLRWZo&RX9LxI87*$4`k$Tx&B$;*FV;TFN9s zH%BCGeIuO!x`!XRy3Rr)FR&(ZC{4z;J<-G_yiPlUYD=#?ac^wqvw^)o-c%db`9vjU z>eA@_9-0((c!}GLd-QEOS#{dz4Ie}k@~(DVv#swIXE0%`SB#_IPUu3juR!VrGjWDc ztt?oIX7S?$A>CNU!O|vv*xZbYm$0PnI!jf|4zWJc8=MM1y;Ah!l>)MWT8?da&)y_-G)XkwBhbf){&khsky-j8+`nTF>g)v(+}k} zRxJ?mPHwPDQ%(FL$$tFkAkjfi;vi(_o#_0H z$(zI}xT%G)wK;zY<{D_T4KO{Eoto#o2IoZ_G*WdJNng=$B=Hbmm$764@&Fge3Rr;P4&0N0BJsSlJy@8N1U9`RkzuGceSK}(-EN9+OmNxCE znel3{d!;_{u&0Ybyhb{tHN57fB^XiDC}62 z0l;{7OYt~{?qfdR18;vsk&<>?_o^FtD;dqK%5cITT?_tYw7jAE>rv)5XggsGUSRZy z(Ynsjl(Kv&lJ$ysQ!FpyDKc~FEMd7_OD=rd>}jw2IA` z)Yi{wTY)2Mtyw1q9jVQ7U9-*hn>rpc!85cblzsVOb1*tjVY-FDdnEDGN_*%ZKv}<8 zaVtH$-{mrM`mw!q!H!WmC7Lq+`Q;_1mXxuU0P-H)kbLc`NgT$;acVDru}(@P?Yl{5 zPh3Wxf9P>KSMd_q=ohbzn$nb%akXm6UL+!zrKj$H*~I(!v=Ve-m8ptynt%yeePJ}; zZw(=~Hjvc7u3vhmil3tT)JNv-`pbS}3t95#OpsYj3FxIq ztL5cM5K)`flb~%QW!Nnlu;C2^ML1`y%`s0SxRR&Tn5hg#9tjYC8V{3q6{s?<`;1#= z>4{g=7gxNcu-nCb^2>_b=GXkuChKiFuM=}`B7Dt=;)GNYP0JK^cy+-c2#CH8JDa_s!^DC53F#f>qj!{v9uK4 zejv=$q`*hp1F)Os4HlCc<7ENa=)&6_M?4uVM;N(Q9@bqD-Sg#N$(6SWU~HTeh6e9l zf3wcBQbPAyUZ*Sj@0M&{l}XT&!ZvKfM&?9IYSFI^7W;}F=(fEEF&#BN?atZDMZ4k4 z7+XbKKkQrdAIwZ?d;mzDaxBTrIx#QcH+Ll zdg;CPHgCqax+Y&K?m@r)8dgpn?G#N9 zqg>^j3UR#Yq+n0M8K>9^O%$7$XBElstIWdHlgEf`qrxKy78v@bldkX4$)77F22M5<1xiny8OX^=JSxM~H2$I3vKy!EaLad+Lwv;aw`$~x z6zAB)vBrq?AZ{7&j2iz_T(qo=Q%-gA%lgh>_EM0~KKthp=bKiX)kizltK|U;n`%M{ zy0q-fnj29mV!B@9?PL5qc~x2a%z&y&rK&P!g2~oT?=a1-?dCpDx z#g8RyTVcvFXYHP}Ls~G^=FEIvK8X;y)z%afT~va7)RV3t$?kX!S=}VDao8Wtc86BC z$ORo>rYMZ0F8zvp$IWOKp%|w`HA6E{9#jb|!1JtH`>j)RbK1mSllH0MHJ*o&K4dGV zeO=VbTK~IdynVlq5*0f-;NIYy)nc9uZIu4^%;~#M2mQD*scMF7S>4kO{QOQA|4z>& z54Gb!riA5XIydo{!d2q4Q*EsRq1q>2*$xH$fYlH$pD+lQpwXnEk%>XsjE(#PZ>x{0 zmE;D_*sxmZP?O$8TOTD%poJ)6H1JxG#sb&k1!U+OW7`(<_cH z9m3?!x)K168-L$yk5X_VdTZ4tw&2V*n$w)Da_{mb9m+-4u5Dvpv* z`jT0YNnyXJ9`E1&W@PTu0?esTb-0$oqJ6qZnImw&;PDBRab3gju%-h!KDA{11L&?Q zSFIDNG!C@R*rk#R{oPpi>2@pJ%^IV5X}bas`e)n-!x6*ac(48hoFJFzbWajU-^Kl!UN~<_eHldQx zhO|znowUtW&s=yUsiHdjHB;Qp-7GSB_(LpANZH|}s21JjqhsY%+L?KKhvLSLm@eUL zYu>&0@)mLWd;-Ya!st}KCx zx19RBKQud)hGtj92`RCRUk<`JT=d4HRMKm2V=jI@vtzdAyD=ZzxR&I{c{)?%d9YFN zD#9CX9{2G2RK^Qk$izY1$gEFYdll5irhV_kC4JvOdJDQgeNu49TXpF5*}~?Z>Ai1` zUx&o{^ovCh0~$H5C|K4z@>YD59gSF*?MhI`zN;7e3P`vbL~xa!q6wwb*+z>Kk<8~m zhkqcob>A?mJ0H85+y}{2QRdpc&A|rG=6cZHRVI;(&3j%dr`#3rq6p2ktf!Yoj9280 zDZQY%sF$=&Td?I{Ri){@@h;P@&)*dnc`sxof?hwsEiGJ2No&;%ioMM-`ZB9=88a+b zhU{WlXtLj(W?j)Er&zkNE93MzimeS3ou?0y)qpFVVb-Z_(ow-u^e=~!pM+1tHlQJ0 z8~$k;uGoMJK0nbT5PMA_3#EJIU`W1Khxy^Qu>*fstyi>nNr6YFn@ddccs%!vt%1W* z<)*O}iwBmC03o4&@SzDx9T%BJOh!W}* zL#M(`+s5SSN?mH(2LD48zB@^qvXS|%KHWjbB-Y^7+WXXp25XwEC1QKE{fc6e?m2_t z2&G;^Gg7^ioyyE@-Pz>DIG;-G4!6I2Mtc|@wy~G#u+AA3JX+ZEgSB2Fpp)zhB~mjU zbu#&o?MCVjKK`{icjLU85PK0GOM}0Jq|rNM)#|!82bZfd!)P;sMuz(JZ|y@sW)O~IQs{FlYGqglenl>U(P>IuEip4pq?wx#(%)?m^3$P7v; z_9i)IQTFSB$w*FxpaV;t3;BK8 zTp}QuRY{r3WVU}GN#iU;Uyt-}X-@tNO6X6?h>mdS$Gz@r7hYPh5XfC9Ijb!1a|!=k zKcC(p%Q}ZY|BzK(|EIUZWajLgCPMUd+mH|3KR|6o-WqJfwy%{dik!(%r&*doXX607 zEsMufGacH7ujqAQda!3cx1+)rpatz)Y*{@AcQ^fZcFHWG(%Jd&lM1<{eh`%AR|3x0 zf-@1+wS)uNV8DVtF_ydO%Eh3u<`@hE&)m*YFv*XYqKWviN7QPc05<0+Wq%P)|6tO;^0|miDq~@qO zc07|yk(GE9{(^!9du!~toZj0QD2?^zv-2x6V;p3Gw2Ki&^ho~YKNU+ajH_jhO{OTF z%`Nx@yy?l&tnm|E8S8Ll!3yoV&ItgXt&8O-(*FZ6Qz_~>S2EKs)II4f{sV}DLsEX` zmHW*GS2xi28>i3m4xEy*zzRwEub2vKiM~i$YyCNJ(e%1hVv9CzZZYz$MapP4?a(5g>ifFng~rad z*yA62fu)0XqPEx-9BlH5*r+>{WEK5AF3{Pv3oJKmR=$)re~-MjgpEabB-kV4d!K$?~j__Js}1 zsECX7)G_#y?oZCd(QQ^zS|<_mgV+@tSdp`MBpGi#YWJRh01)27=zP~E@)vv|GT0R< z?oqezPX)q*2+(FjO!4#p+ZwI&@PHLLv7JbIM zV278;`Z}ZE)gIrDres}(7dhW8ND%|_#Lmi+5cewAw7qrNS4MoZL>sh1fhCLSC7=i_M@ZNYGnJ*5nfKep!X&(fDZNiP{}=&bEs;=i4inyJUC+!b*^?8^a$vm< zR<3qU`2q8lLE%XayE7f0&x~h*2dABd!o62aY+#a5Efa;OzeZUk3$0h)g2l z4L&rK)WziGaJnJ)Hb#gkA`8AnXIMe|6@w}IHM#pEjEVY>wKjc!qs0e(#%;c7KYp4Q z;2Nu-yXt1j=G5lPZhG-|{{4tO45$s9C`dKM&bd=NNL0;bZhw`sc3NO09yP40i53CIiH zro=JRTx;)!b|0>6t0iRZ$tpD$2A$8aJ^LsS7EV!j+%Eb4c<}zJTL1GyeMOZuFhYff z;FkLW*Q3!>Wrz&SUjLW)&alo)%N0?2cT;1Y0eCC>K89<*0Z$rPNd<*FDb)|adVS`?wc2Rc7`)*$gSsKxY@w>?aht7Jj1rK12 z&%>8Qpxd2GzDmfiv9zMls<%DVSnh0p|vnqR`huV(T)g!_^0%d+Fe>G+N@ zwYTk2uy`_)**#@>&I}F4ndaxWuBJ8CAfO@CbDsXFujT8lLJ1_+BS$rK@73w#9xyjC z(l&ppv@acRN)R!)>si)}GMA$3cB$@?DE#gwR|GBV3p4vMd`TOD@v)z+CU}Q9XJqHSFLNm@SJ zoPV39bf`+Ki{9`H`HZPd=!BIgpx@aFWyg-&YMRVe(iVdId}>`3*tzm{TMil zupO91r8@tEh4T>|Si}*0ABOHniXM0ig2Pbl50R^xb^y(?DZ+IK#EE0$U-0n!aW0w~ zsImX-!nS@1*RP4xb+o;6XmoihKMcr9a?&j|Dq$DawaFV``b@w1Wwt4UIQsrp(~8 zfRbYmNsV1_k*vi_A)=ox5HWzV27h2aaQhXc)_3b>`JV%x3eJJAB9wl!u*MffXE1kx z6Zy9&h3JvDAH#?O(4%Uwrs(qVxCsJ+q6{=wRa}akcgV#srQNeDxFMA3+cxb2E7~j~M|-+~(R!9ey_-JPWc7JV+VK+ea9< z3!n2MLl^uG0@x-|hG{m(-1w$nIF=1{=}4OC2V<}F-p*iwx*d(4{LTy~S#H2ggJB8Y z=XfryPBgP&6of8cSb=+}6k)LNh)d#yv{kvXH9Si)2YJKD7ZbG{76fXQvFQlB7a8vI z7-jJ>aS;M#+rdZ$kf^S@XYkpavI7rKYQ-_v=ss)(&Daxg_##UI7mqAalsxbjrXQ-D z9K?<)PChX7JNPVc;XZTs4&lJ7`8fzt@=IX3=B{rM_xJl~Ha}T^LGv@gB}rQmoIyAs z^js<$X$52b4S&A!Rc_4{(|-jzJH<4xL%+5}3w4#$wWWu)n94*qXu1r39NDW1l%i>D z5S>)f$!`~wg<;^STNE&eEXCa6Vd7YfBwbX2ze44vr(r2f&FSt_m?@5Lx*yf-J9sL%#pT0*vV5JEw2qdE%Yufp7S$ z-0kx$Y}x11!0a)y7tQzVY=9)}Ft4 zx;Qa4>FT|#8|t4I)iq!L<5#g*(Q~x(vHhn)%p&q`G4#rh!B-)U`&M}Kps#~0biSo$ zLgbzk=-aP}Vi>{0VSwNN0H_sz5k(Aq?15evzAACZ6))-3U;xyl zzIUZ#7H|h)WG5Cyj)TQG+8EqtA3rE*6n>@fHek^$FA5}`1hcp#3J@>pPG$z~V%Cjv zh1q?~ht0W3v5&(HsL$u3qgvbxuswy-$Ucjm3s58M186@A?)y1Yw(om63BUgy^4!K3 z{qALn#q$S2bSd*WlX2t1lFLec#rl=XpDQd|Yi4m0ZbGzzX_Q1I53*Wh*rFFH@}*RP zIcO8T>9*RP;0p&0pcw&_E}@`-(ftJS8?SkR_uYL>c*HS(h+)P+l1&)T{pz-de>9

$&Ve@KEreSRhxW2RVv621LDB- z%3*M21>T;4p1JmzBw$`oLlEBP(8*`keYhD2kH|_mk2~KsSt6A!;0QXvwdve_3g)+a7O|H0C*UvyNSU7Xfn{yYZQU4 zADd^<{U5TYL5xxR(tB(G^u3afop>BY|KiN@MVOuhBi1Z+g3T)$T(sFt5Ww}q(a2+I zz-Y9fe7G+BOx2xSlxq+agMKXhiv6ClJ}+fc}a5;9_@UO(q`0GU=^O2n+4)~cXTQI8HBVgX%XQOb#8 z{-@{cX821~u*U6%0ng?v@GLqt!^9a0We6Sv)a9k1A*yOVN|a2Sp)DLtFdCQc5e?Ha zfJEdw%owPNfkW&}W+A2uz4XB5V;AG|&aF)u1Lb_&UmQ_zbcnxzV~CPh!3;SB)B(-E zOE7jgY>IX~zZ7#Ck3^qQW`8Js3wR=;p#sCt2S$-hVPXF~Si?lzDc>P1_G4>? zON^6dU~ z@j!?Lb{Gk|q=D4L5xg0Q6Ks}n=$WLFIY{7ea>yVeo5T=(*s4#d5OYaHc;E>L|6c#i zo1}ymLm@&)dmd48ABE-!^<0Po5Ui3FHFIHZKd!idD1|S&8(8*Ggb25U4X{8T*h2}Y zSaAEVs}m>ge*oD)CcnxNo#KG;cRk;5A~f*`KnY&(0s{{;qP!6F0PuJK_+^$@`Yske zaH3Njc)Xl|5@O>rL9&q7v-srdv1Hw>n_+dQg z#t{r$_qaZbyx=+Rp+BPUz0P-m54bS*z4wYlN4zeKXB=<6&UeA^%@+;{d@KO(O!s;Z zbKWck^ML5f4}0#CXLtnYJ;f`HQdoQh1s-V37lY20LQ)c#r~)sB0U~k=B|jI8{{R>P z9C4;_zZKDV!woRgJYWUl(Ig*DJRL_LtuxG)ri97j&let!uv`-j@6CunV%K$M3*PWJ z5qQsg!0>=lV@=_v3!n(a?{L8j-1oXZ^wjEMf1B@dR|?mX%Y9J!p*@$%gDJ`gtIGRL+@G z*Md)aBM$84?J)=&lm%^jD6^W4tPH4AvfLU zL?Dcy6XExR?~LgBUO3oJYzdS66uLC~Bo1O%DU@O%&p zFPtyE7kr#0lwWvR1(bx6#o~x1V7g(3oN$I8d&<0Lj2VFO-1h`u0nrkjQuQNLVo!Oz z!5TFjWF^(Zoc9Un#m{hF?}gEDBIklnz3+R05X%Kz4yF6_@n*c4L^g=d!i3I z0E7bXh3<>o-~cXw0^pD6`_cFT_l@t2H-QHNA8?~R-vp5OB_Hn#h9oQ^Go^c`o*?iA zl6ZaY@LUf9S3U0pqWD+=!b&YMNkRfkOsvDzsw{mUInkVGgkhfGx+6K!0MB)xrAyB| zYSaV8hr{oBk*K$m!{G~ro8AN54@?(1()@8mfk65XbG->3==>4%e&GBucfK%Q2m&7f zk@Lgvi}!)F7%-Tp7DP7gfM_0C?Xe= zD-if+f+GA-{mu`e0bwuP0895h;>akXQw1SpmRh$NLlGu-f#JP4^UN?_=!MW3(7(8% zPZcd!d^1%jSU-3?_k0$l9dTGOi@_~O06%cC`@I*rzz|;qe?#GPMSxy2y$WMEGlD*J zMj8VB&lUp1?+?azy(ioUJT8^PjPS}OI85(`FAKr(-RQl*pW&Jx6i+?id%hQo_XEy% z-1oXbf=_%tgQoYQ5rrBOKrsir2}K04g*bXJ^TZHe09gr>CE~SS5&SQKIYBDSRxYUN zq2WX6hMcu4YID8f0=Ze?5u@J0t?-wmMz2V&N0n)+Vh(-jC@d3jKjNyG6)P7JB zg~Eboj^{=m7&8E01LFDs6k)vY1@9;CIqwg^=_-_Xk~_~A-w5vrUGV$ilwxy~`^AzE z5y1Dxc;F>BsyJAK;=q+q68LFXd%_=laC%6(oPOZ=5{oOw5{rN|-X$ckhy{|Ag#Q5l z!~h%t009L70RaF200000000000ssL61O)~M2>;pu2mt~R0002>C}4&#jj71)49nA4zW$;=^$9HSO+7K$Pj7@9)S%HqK6akON}WClrr zlQWAh;=4l-#?UdRl9R1`)2>oHk|KFcK`=;e3~bLTifK{0M2G>w8AlXpkO(-$@PP@! zBw~g+9iwE4Mg+)6Q!tAdi?a`15I`UzAW76<`gBerb0>0?jG>Vcp+-POAj={&&Y8uY zB9Ve9-Q$e{XwU;E2;7*X6J-;cO%jZq5Flm-k%5yf_6QIQD&~pWHFctQc^#3;@*EPg zxrw~s^2|oy=ECQV9Vw!0ztw zsjXCzk(8iv6q3~PS9K+PP~-e;JE%6X)cM^4T{@j3+@c3eU#$(pG-1H>YL z#7#00QHe5{!WuTwI5RM_qe8-&gdwwKB7rj^fS&ys2&9m~6GW)0Ecp*C(kzbECSzj9a$SS+D1E^1eVVj_Un>Roa3zIMu{hSqY1OIQc9shb43-99C~8SwRU z>TJ-WbuVY=n>{Pdsc!&tY-?5+wehZ3?l^iK7FA0ay#%({>fg_m1K-`_8pTU->eb84 z=|%{6uS%h6t$XyYISWB5X&Jj(e3SH6dTRJ^O>yY9&NZEVOkLj=>E^XpN-a7PK>Be(jm7#k zylHrkNy(|BTG(hhQc<3W-vai1-=5!Mu~Arcw`a9NtzAiR>vo*+Y;!tzYi9$XwUw!# zTE71PJ<{^B>s8I%uGO`}F8sKg%?8$7&}?ht+r_D|pLQznby9J?mpMaB`M!!hZ0Z+H zvhCKu)E$mzPjf3Wz*(WYV?Ald7F1g;Kdm2>NH*x*418Xm9VNk6^gMdHoMCKlMVZZN zXyjkft81U@GcI$RATyzhoajo{XI05dBz*=xzFovS^UcQS zqmf&R_0>9Ik?m`q(3P)wqoqEae|j zgBIxykDbk%KF1-me^!mU+W4|-zbbk4bVdtC2xfTnCTfMwUFc-m;I#GmYY&Sx=j{B=~K$l=h}};ouXaG37^t(-5m>1-lw8AGRr$kF^{6G75a?m1g*)D zA87>GJ!Z8ZIJ;WOVbaj+vZBK3AeO*n%~aux2-uaOmfa~ELjzyB<}&qd<{UlIkRf*-=~9m%-L3^&{pzm&6ny_ zu`{W5`P}7vO>2@~hXbIDqzGwYib?c=Kj&+l$XMv#l{y5s)k6>S)KS z4>v9Fj_mmo+37hO_v_)b^Jh@r+U01sQU?&7y}WI# z{pcy^;5|u7&0YG%YcEVQtd)GlUa*w9Zq^rH$ql}*nds<_G`QP1FVx%P7&U8V;ZLte zS+Z@}sy7cGJEDGjt-Mt1+T*#6dwccsUsFD%vyAM$I5%R(t+jPi)}B6V({Oq3OXK$M zN0&vbP>WtHi?CdZwyj+{)x>Gg)2W(P^fbZ?MbqP|8=4UmSlN=EXxy+o#r=r$v2JyE z+1`Vdzoq8QosH9kv@VrZs!(86mY;i_6%6f3?8G&vjxF5dr#)zQv9)w;H()+zVy6E9 zLzW`^?k4s3uRc}ESvq=^q!y`zwAA97d3VAIOG@Tk8DRaUO*&fn16?azq`P&!bI$g? zcg8&L+HBnHd~2D{$m>Bzy_W%M=1)S?May*3Llv7aP|%KzO^Ww#)v2HdiPUGrwXX8g zM74%{wR8E)x*ct)c^f!!bU4+n66Q4Kh8e6*djh0S*z#ID&b4g%%+{@BGwWvJqte{( zrKiDhpGH>D)AJ5KrOB&AJM=1OYL*;BKS9kD2MwCW$D3tqU}fmvF@!luRFKI^zq*3aV@nwaGa6Eq!#XZcwy;qr-s%v`TlXu`yR|w zfvn3HtU~zOa{EcPD@i#z9&LpB?Ma)`MoRBhUYccXmcGcpE`?$ z@?Uz}o;_GFZdjJ>9Q(2Nws&sN)_E?DZvj&_uC_s2xghicnLfumrA*(p^K1PFDZ56E zyphzz?L5i%_9VGdfJtJoO$N0}$x^SFpJHbLwG(A(yNxQ4&r%&r&a?9Fb^G{vBXZxJ zOV-U5xpMR`9u;_WC&|{*?WgLztC5N`suRH^(nwnjnV#lN?T%MM{{S(wHWzop>s6?f z4OSbr+F46AvwB)foAeH9LC&D&?GBBY<{B|M%N10a+>(&11KGB0cG$CY?2KI$6f?JU zsB`lyUXG7#+0^p_i=^!vTlY*}U$EqJ zXg^FL-f`ZVRJ?U5Od$uR>%&eSrlbqL_&Dt*I z#8?6$LZpr~=XkE^g;us`MJ`H_PFC{6wDQOeLAp^col${H9$&nqqe} zCd`sfNjtNofQiY4l6f5&qDV!FffKy_22Fe^G&=tPLa$?xhi}d?rqZX4Im%AShB*BI zMj#eoaTvjk#x~H`!=4SU@0I4cJn18r%4a8LOhTRAGBoL$G)8R9O!7KJ>B%H4&oD*| z)Z?_SdKhL>>a~3T0F!2wibr(lVun8O0U==og_L683(>jToa9exJPc{(G)S2cGr1vm zNtlv!4I4;qAn1wR*~up%6mqm8PY{EVO-b~6ZokT?lQEk)3mOoMtrkoP2#YZ?jfQ<0 z>~rWM!BMG5iJXZGIlD7DWbWwW6v?DQ0K{bM!z84cnWcD`U6@5NoN>JE6qZvHq{f6& z4aQ_CgkwhH3{F~nz;yY_j$p+Mx=hGOoh0T=%t@Kul8xL`B3u!yB zY@s#m0J0>SQxX%%V`C<>F)e$X6s6KN$?j+*x+EPSYAukbDCP}C#S)QRZHG%Mq%ygM zth9zMyC-WDOid85&l93(d0|Q=Bv84b7$i@ax)@zFvpubu&JJ^*BOJ*~8uyh6MplNo zJfh%1LPEk(PUU8Og7*_30X^d@Ks`0B0jz9onl#oY2C?Ccba951l9Whgs|>SAFbww=*Mpmsc_nT-Lle8*rEG-sS2h z%;!4o{5<(J&Ye8kXLA4(4vV3+l-`|k)-(D(4#v(*7V-TSE*0HxJ=bASyI#)e=Uy2$ z&L>sR!>OIGQUKvRl+?x>8rUUUtlccbxr&@lwmB%KydutnB^_zG#)SFQ`iCPvPKrwU zeD&PAx^)>YR>cWj2CZr5r_b!>Nv-F-6~0T+@Hemq-R!slK4Ioq{r*owvc z#XWks{X>OE*qV@&Ukux>w{S^T<)9sBTLq3zFe^r^)4&|bCat?-tQC6pa@23R+8n0z z8I*b)%epvM^&p-N48}Q{8Sl!^=&flCOG(*Um36pY##{~7V8OVvY{zdaUZXWBkFggb~3c&$kobXH>_s^8;qAI44ro{b`f(DWpySjd;N@@UM}@XHTnLz zyk#!mpOVxY5QPl(;>y{GvMX3}OLI2W-3+X~94UGVu~b)T)!EF88&d<)AYfUVIeHYV z)5?D4p1%tw-d9n@?PzA~W>m`wwk5BlHbjo-`j0LYuf*#+x49^m%DIbMQ%8~6W=}_% zu(NkL=ymevza~D`7fAeB_W6mfHyT}>>pB>9Y|+rCJyARspO>wXV_BT!eWx3xzmG3N z&Bq>{u5PBR(YJoO$=#!yzdW+go0@}4Z1rna98%t{=bnUbRvKEo@us^saklQ&>Yb5< zbvkS+TX>n8!&8~R7VadLDlo^TOUhO=7Yopt{x5x96 zP~PdXEAQi4$FtK{qb;o)RWd6>dY4>Z&gDCxab;aw>gc7;?$a*4F^RP>|=LJ0np2xv1bF9*VVI^XQq#v z($LGu9j`gfS?QQ~?S8(MT-{gA9sX8X9AmFD^=d|w;C)(GY_&6bJ#C5NHUPI& z4ITboH#W7S8=xhPetxShXY^P3>ay0kUs6oyO!`(Z;dOTFYjTu2TiJEu=yD+v*3`3~ zt;X1oRB;+z6rC;=Xshep<*h>#ZbI2#Xa=cZr!}a+ua|zlmV2Yz&$$GV+IuU_YeJ1z zP@AHUE!Jp_idE@q*2=lRE<-eK<7RbE6Aq3XH) z4shG0w-t$Lsj}Z1y&Q5@R<&|8BLzesUHE+iq0Q0AzO6-TCt+t++HqueH(<%o$$v*z z8hL56Z&R0NS;|$BtvZ`$6Fyxi^0l8rHd*HPbve^-pyBH7J42m)o&Fn3cgg!oIniv` zHtf$<_LeiDmDH!9EQR`0;9rMbArbn$(X2 zrdM@2$E_^WdQ3-6(bhWtcfV5o>a}uoV!K-1-g5L8=wCE<@#;{EJ$8B8e8z0;m~}Vt zD!nqynzG|nHKcv+hn|X5n%sxT!AivP+p}YvwJe!8#ez>+Qv+w2wO22z+~7H4I_*ol z95wZ4GSifLRA|5QCWfT-gd?!Y*2Lh6kyYWd^q{Odf!z-heHzT zm9m4{){MerBb(KJ)^vC5Voz?qfy3Aj*2Z*|YS~w4TcouTaC72f^qi%teLridDM*F^ocA~$ zbE(GNhAjR3x>}jq(%^I|mEKR#uXCK#u7(XO7~AttUKu2IeXR4Phpz;U>Zs?tr{$w@ zY_imLlXGE{D{BTVYzRxs-Y=+S|F2Yw>+%ZR<^Y zojkO0c4Lw$Y&#y&=s4||)Ut#Mh&l;o6FRyj5CIKR7sD8QaiuMBJ30H8Y-d;1(y6C6 zIWAsXx9%1>5Q1npu1Uu$rp<$XJe{t7U4C<;$A*VosAw|#=NQZtj{EGMG!(s zAQOrNf(uef1k?&irOGcq)7s~EG$$B$Tg~rsuF>kZW}=nPT=L8qkO3S*n3!H%=c=1@ z2#$M@M?Ec5R?tDoG*2K7Nf43=Ady8U1QH1#(2_yOqLvRm+T`=v8@4>Vf2pM2d6Rat zS(U-gju=o0JDV;=&XL6y37GjSN`+fhH6LEyqyey!_cWw}DWoKjNEaXyDJ0Zd0!XBS zCcbUHLmQ{o*R76q@M%wPpmcKEYn5;TO>yQ+oMd~PkZYz*CDEgEDvbIP?Lg3?05*|`>_`ZUs)TX-8vc@$el0*;@Kqn@oi7re*I3(1PK_DDJX>n+JDJW!;8g#Z^ zl4?N^kxs@b#laV#QAIh_+h1h4(-)|~L;#8)A`&D7fh8o=;!8jTrnDkb0qG=(Ni>$V zJVuB?rK#mLP$d#mo&ruGsttKEZMpI}&tw3i8j39dkdi1Ol0_5(FLOgeNHrAX0U;Do zY60P(gc3;v(wvnPQ7>{y5|coV;)2;EJvE>t)QgKkB{e4|qKZV6nh|;dp$9cIl7d7z zBtQuu5-224NjMczpqCIyD6yot1fHJulu${i7a|fQ1WEvsKqQa=dI_K+fCQwGMFdbt z0)R;nP$)Q&p4UAji_rmv@+JgQbc7&KK@#?&0ZAfIML2{BDFz}?2n3Kt64XjSB2oc0 zB$6PYf-e8W05%W+0s;a70|EvC1OfsA0{{a70ssR95fTs+AtEsa6d*7%K_fFjLQxeY zP+&AtLt$`nHDdqT00;pA009UC>VL=Xe~|l&`F(f(ra!fV=pMuEpK1QS+4_go`(LDe zN9Yj!W8dtaq8YenyguJp_Ywa9BiHp0M*UCRKS=rqw^Q^Er>XY(&(MCO@Ak*`BkTSD z0B(P`um^czg^#iqw{~De*Wj^bw5$)-@b?FA5r~%NA>ids6qRN8T;${pX;E9 zr|aoc8gI-nL+#UkPf^qSgl}`#_4Iz>`oBx_-Wc z)Ac{sPuws=(|rv808{tWd-VSRC5`TS{<@xrsQO3Le!tZHe`EXl$I?E5(ESIe>-*#M zpR|6V`}>RdkG6e`A5r!&czXVU@Ap67+c7rlzK*rn+nBU-J6x9$F`qU%&hNia#&4u7lWp z&)-wi+HP;A{=Lok`Zv)2y6dNiN71N1C5_k5PuEZ1&_3>_ri{^=Ghb2rYy113udDa< znX}jR^ay^T(0_fYuBYyP$J`&0`t2U6PxQxA{lNEcto=W)tija7)b-zpy7!0A>Cs>K@-nhv^@0_Yd43K>A1bYwh;i+wOm_uFu9*`8W4Q4{`Sg@9IBG z7)(76LqC5?!3+@3*H6?RLH1v-_w*0VXYLMz->LdX_k-yW&++?5?T?^+!}JJx{e187o`+c+Zx8h=cU)>q|U%CGNqx6~nq3QbiPgMF05PQ$mA3^q6`uj`y4uh}n zq52QlKSBDBQTL4fe`+D?`uivBAN(Kh?hoJFFnbTL*^~Rf*!!RF?4G}&(EEKK>!Ijk zPux8W6Za3({wqIUK!>5~zTy}m>-y??7(Su)&qMV7{@?5Fe*S^e_0&Vx_4TDsY0`X? zYN+eM%KeYu_5(LLwxG~D0V{{R%9ue86A zhw1%wJ#nZObLDkm9P6*^ugjxUr|qBY583_01pW0t*eLQPIQ@)|Panp1Y`V)DI`BIB zM^pC)QSJ7R+&=#RXZQC9@9VSK#8b6j?vK;WIdS{P=^u~R`|4u*&)hIW_CLjE>ULl3 zujD>~04I9tdg2i2+?kduzL)7RG9vM7EHC}h`UI|(E6v#o{lC}W#Xt4xjNwMkR!?;C zU$B_ZZEWjXl>uLtv(*stUHv3aZ!?f5UtXaa>OH#tzLW1i)G&Ti_Xz2aLff)$K#!sI ze~QXHxD&K}PYSZ@eLqtcuBpeoWX~`H-o;1*e_>Ry05&_SJ0G`3yQ#Y|*0Gl6e*S?fTKh??&1p5zLlkmlSd^jz zGAml#aqIf}zh7qwO5?8cx1sc(r{T@~je(R4Y@O8ru74jZ>@jmkUiu6x({xKc^(RnPbp&Y zQPcO)m6uyTs6Q$DgVGg+rN4NZ6>Q|SN7O%kN4)G)YHc!U?KuicYFD)uq?8{eBu74YU{<8rUlZC$Mc*HP#TijCI|mzyI!J;bqQU-h;2@D{&Y z9MQaYgWi7n2w<4D>0M?;;{9vrq<<}NAl%L&Q(tu|c3witUZ(YRMdVdy;-E~^;C*AR zKQ8rrNSRq|o`LoL{@MDm*K+SrMPI4>t3s^MQU0s1wA`gU-!Qk>9^YeIm!3R91O z!Ch&!*&bzsX!AWeT~8GUgw(fM=B49Wb#<; zt-wL*BWbw_!;_U>mN4Nl$L7;|ox`v?8wVmfY-`VYt2v4DH7V6i zjagQ4KV50edd7{{8`LEK01+`itdiH~YZ-{U$61+J1ARw=CT2%*)p{9;UnbZnsIFo6 zGXXbt#FZ@0=jHurs#j82y(q+%-_T9 zd^)c!VX){++m+4tkI*6de{!0bpx0*6?e)F=n;l`#(1~V7NzzeIWq!c>0hr!I$X?=} z4VVyk#7<}~Zin|XJuQmyzjHKk$+Ba&8|g5rjV!*6*2=fj*dR=7*I>01U{6zXp!k{h zav>&&ige0m{T!m$8v0&Td2>B-D${ocO6i><20pAL4kTJ3Arp#!TSKgK=dAuYItk1fm9aj9S^9l9FX zTUlcBunQP+hQh7F%!I#*)-~qdT#R3F6hF>b!yS#G-KL1?kM8oWEOFt;s&Kpw^O?1~X63bU{vTYSsW*{Q7V`abP(yI+eVOi{{ z8FNvJhCOQEaW$U1U!wqXrNqxpE`}em`{_XCV#}<3sG8!$bO4^D@dVGwr|alL#etPt zuAq$Ty#+_rk5_uovx>}~9k%DtOgomVJxFU+0dikeJpFa}f9B>n@iLF2>m3nGuu)ZF zs?|m9plADs>K^)?x9)I1ElPJudN@*+AFzI!hRmj~<5}AuUPe;U$8Dx!Wp#IKREb*D zp;zn=f3G_t%Eprw?PIx3VzkuFLYDJf3q9*SbJO@WVHy3A_ZxiT|s$Q(@Xf7hr)TL%#<9jg4J^YhV{oopq@EUbtL zQy$H*F`t&EjP1FCqi!uz67D{mI$xA1WfIE}-`re#h3U*Q@s(K4`k9T&_n3~fVl$d< zZ0i7Fpa2f`D*!FYv%b|AqJt(%^zun-n+ zf;-GzpPRB^w!_b9+;U~NrZ}&ac@qH53_Y?Or z4w6uL-B4`N+N}^*Zv7Ly_3wpQHmEZ0c^-(kv?v?550n1@6_w;v`ach_b1O2x!dc-a zKdQqq@>=_m3te|UGW%N637gc|dYDT2p9_O${gnpmTyU7R8%?Zk!DiW%+O%UHOnGwF zHGeCPOJ2R|`A;L>rR~vD%QwiGinf*}yXm|gvS8Xcv{p9q4RK14v8yF4t*0G0p_Ss8h8GdS>}SLvf4 zxx||(YM76rpX#K(TjYZi$%~6u4L(*f)V$JMeT1ZXq56Iw{U({K{C_}JBf$iFiSXq= z$nxxwNS9w_-v0nac0GTJVpaJZs(Vf2rUBDDZ!hwiY5>q5XZQ7YYYbLfa=Bp^ z%Btei{z;z264Vz};CO9{tQIc%%z6QFkoMjz+eSQ?o|LaEYZEJt z)-p>AB-z|OG44@?M<>dp2yDK@1W|CgH`DhYhc_dh0WnT7a4Wj*$&_YQX$w2vK#BOw z>PX1iRh?Q?g6i^UxA6F)YfsbRHhQc{b8$k(yVa7?w;kAJmLAF^_-#G9ITiO4F3Z=E zToCyg4rW?*ou&!x;PYhuOMO86uZjNvB^vr~r@aOZ_NZnQ+lEDe^_eMbCVenv?R zO0=Zd#1-;E9QD^aGHRF!( zv@K3oU0c~?yZuW1b2H)gcJJKEusn(Mn7v{lLO8x^Kr_JU&{ z;<8)7Jjn2>v0t~Qm*3p4#`v-nd>ffLl)B7)E=mKNl@pFNEM=K}z{o7M>#uQJCg%Pt z=*dLxHZKb)B}HPd$0?1*y;^&YwS>l{1kIsT7GL=ag7J%Tx+@Hy>sb-K6S%Wr%wg*> zZ^o^7jJKyC22P(2{*%pnOOs`#v{_H((Rgff$FGCBOz%xTG*7crYI$i<{zaF2L|$vD zMmg^&Ye))pb|YI}lG-e%@^i9g4ih>DjfOQXrpikO>BNbH{S}spldk89jX}Mjr2y2) ztCAg6S$E?DS5;bDY&J1HL@2|qJ?F5ZKd)h&6(kWbzo^|ZSCub6T`}?BA-q?CLi^i= zLk|yIR>e$ESm#67`@9Ow^ZMQY` z=eRXG%WO7inedwTkW4>A*s1SkcOS(3N!Q-5iQ~V6uzkLqn|o+u!mby#d4}Lg{tkE-^^lvHLJ`f zCeI$yAAglw8&%tATEayveKE2XYE9wUyC0(tUMI`e2b(alY>R@J?zXAU7IV=KZl%I= z^UB*zIPSx-cN%#%HadD`xLED%S?$KPUSU5BipsBGpxVz}n5o-ha#+=h6>(E%#V}8M3s1S={BRjHPUrC7D?Q zT$TC*RbtfY%~J))8oMWsO6{*^Cx>S4;zsyxN#tfSn(2BP$Ev2}h%uC_SaK?`HC5ub z{cm0QG$~NGWG$72n6`GEn4gGTSBkx_XwypBeVmRjurK~jY29(X*>2prcPjF17o}{j znJ$(-(_GzFFUXbQF0Qn+1wN2vCtRYJe@tv+PYKy!s9Z3wgIIk`0#xVIY)z}u-PHAV9<`x(#=f!6Wn4WrFFoYe(%_?JJwu&U!Ha?fMMZO3I`e)I*7eqR zZ7ifT!l-t+o9wiAI8kYJ{!Fq9jbT)mU8djoi){)#TYa3)yN_@P+#gc9p2p&|;Js>g z39pcu)&@lf2ysSWU7x_Ucv!*@c~bJzm#Vk&mUpVVk)`>VY$^#h{{SMDZUouDBef}7 z2Fm_MNtjC&i>>*_$EAlhzZE#K7;a0TmwQZ=;_|v$&NCLi-Fggi0I<&Gj0Y-Hf)g?i zo}=DlV%J)YxLKD~TzRa;Kah_yeDQvmXIAvh$`vmG?-2{IQAK9Df`sn*-^>&FX0R-< z0>lA}jI<4xZ3&d@dI&zOCe`aXYG0ejzV1j)vxQ z^6T)5^p5cLJJ*b{dB3(Rpi}wWv{|kKjD9+5`?$Fk>*yzlCTHYxVmf>~99?$Uh4-Ee z9t3p`q#rf8Sw+gq2SR*IpEhxYAg92OO=bA7!r^c7QovKlrbAh=GXDUoWgpa7DoRJC zucbdGbluFY`N+t{xi%%6rOhPxX?Fc2GWe1e6Ks{aJF}l zZBq)g*Kiw9Z+ZSxn*2Eb03%G6rt|AxlPlXR^60C>HFanTc%YaM&gKr7;+?4E!c>S=9yt%7{1HFGVD z6*nqgZUkyE={9pjq;Pf0R5=zD(rRzSsm)_^xYuz6CeDM=dM~SPG^~9sG44bWtv$cw zvx#)!a4PI2K1mXu?;r)c6@M#U+TxAf$9C4OuyQpkW;%wywDbT4U&vNtR=uo{72lSp z#1nsmR>Qqpj9Tng;$OOesm6E2KBJpXyyWEo46f{T zq;kTv*sL3sWAV6`v!ynn#2c_wm69v3xHNDdm0Y8Q*PE>zTUBqmrgPsC7RNSOGOgdH zBCB{|-W{~568GPADypx-_5eqt=2L5lN$u%?;3hykH7j6PB(?M>mgHyarY(KjBR)!x zPDR;O*UA>Q{RWt$)W$rtuL3$F_K0cUyvJRVSx%xkM%YV*fl)FQxOngIO&cG$MEG*A zD+%1b!Kly7lhgI};4bdvEa%Ls7QSLj@hCdMnd%5s~Vo0N`6 z>}5X+jJCq(ufj&L$@*HQdjXk-y8M%z0r2@RUmi;T05r<02e)5{WOmSi$9+B-iV6oM z{d$F`crW6Q%|V$|uXcC1?L}Gjfu{MI897VxL)Z$gR~U0FZGcU*fL|=v#W;LBB`u^@ zd%vlf{Y}dM04RI8l+_ebVg;FZ6?;J5<{GNvR3>5LZj@ylF`<`}b<^RU-Tk!d_b+u!uHSzWQk@rY_5`6a5|oABDc5i%bd#^UT=?nQCzDhT;Ye3^+w zR#x51z8r*q9d$6dgreIwZ*#p}PsFp()w+yU{J?ygm%;g}OsgYZj*JrANm z!nG3S65ohg7=XEHZi8I-)~}mRDJu~OyF(&0N9ciq+mLLs%gVIUl-do;a zV|ROvGG4?h&D)lQ9-nUg{?mwWc5uGcFDn*Y)8SQs8q&?6%{!g2_d}VWreq*sT{ACo`uN|&F{MM#sYsxtfDYN(^S>2e~9_Vpjw`G;f#jov>t=ef#HhYX) z7z0t^Yd)a~rliw_LNBXfM~ffIiDl}t?2bla+I<2s143k3+h0w$cev{v7j?_S1EQnP zo2l*jSyio5azNe6)QsL;y$)p;LQ(0hnq1yG;^U?3wm5a@%P~-^ulEqX#~ut!jUNp%b-~^EOSQBH8hpxb0c92-v3d@U z+*FyDcXGqi9Tv;0R;@dJk?{eLWvoJ9e|bw8S73$r8YnuD)jQ{svWoI-#|I$FQev zqE+s4wGV~e`@0VMJjAh^wvp|yW7a2q<|ldkoxVAo7HcJQNL-wH$lUFsQmt?Q0AVmq zW~SMyn_F|`*PC(Qs&{Q4jx{xq?Rqj+37AfT@=eIE-ewh#JL1Dc7kBq%HI!lT5QTx5 zrl7z!K0r{wTXmXIE@02O{{Z45B|QBSw6_VB5kic|zE`H;d zf+~1+iG71pyH#z*+>e&c(y7DYhh<8Y-;Th`vK)z3Z)5nWn;#)Nm|poJWW7}`;9atB zC2dwED(0>n?;h(5j#U~JSK;>7uj*>jwgIvzJ&|B8N-E4mu#4SU_=K*tq*~J4UfYu~ z=q_2GnlkCiRDX)LODXd)g}Dwk1vS>ra`?DXpAJ%#lRhTsMM5W-0cYYGw;3%^`6e|L zFNtyj(-%Q4ml=`W9rz*>!I&$@DGx(Ne zZre)o1`)9^hnaP(fU)_Aj?c9FgvXc4jQN$~r-wQ!jx z{{SFaPLih;VXq!`T)RzIYwmxpnDqll;OL^BE`uFCOZf+JU|YywaaWLnnxD;YP`Lna zl*n@W`CI8>&aE%F$!D>US(3w)KSRHrPG9VDKHZB*-1uhEtW%ihdLRBDEoPTpG3rW? zXb4QmL@Z1{zo>hOj=Ep5ZA)^MIasel9rWD9_=8dCWX;EU$xlrCY^Nr>7b({yEtQnz z7PBi_*3=F)*EEri`X{9< z@a%Ei=J)0*KH<46KgCiHTie*ivc7h9_H+pIsP(!5DQ$0gJ8ICZ_;PZ{3|aK-Pj#Ge zm~@K?XKaes#5UFY%F?pgU6{3z+?fnZ&KX9ER;p>dhVJ~LY=*TvRx(O&DdJ(?EyM^# zij_GFmuC~(w&!8R){ol}Qo!toX!bKU*!WQ^y>z^;$Xf!0*8T8^bJ=Vf`#tqN{GRU> zw(O4QY?_K({A}ZDsf$t+b1{v3;yW&+w52;^n`KydogAB4J1;1wcy8jo5<#_ve$!Ro zh)f`^wraVw2dy7dLeF+5dKDG2wV|x3G1zXf&qCUAidZX+x#YC)Z_Y}6F>G^0?I2Bm^@=twr^)0 z3kljqV>4+MRk>X}X>!+{SVZ38%C%VO?rRr}AE>T%UIEDa$9y>go%!hFTKU8 zTfydD$Sl=rlVNIdSIOU8T%OSgO={z2##+5AQ`8Vt!4vROs;k9rZr($bs`a;y-ol=g zQe8b=#iNq4Ty?d!_YOJ`)7hy+%Ud{j#ir#Twq1Mk8+-!BK4pGg zC6wi}9xYwMgcIeQ07bR);JaGB7uE|>VDwz$=>l>wGZY2r4cWG`PG05WMENpPz z!y3Qch-l>1rRS8$;1gwi#H!M=$`a2tVz9+tEuF_p#VD0HP;zEV9c7h)>m}I~+5I(dBSfD&rpDflrJ9_n zf8d+xh|IUC32M0tKl#~i!IjGTX$6A7+Mb=l2IaSZAW3t9#YRcpwn~w$AOnYHwG$HW zRQXGn%=R#&G4%273Zcp#dPwwAUZb$v9)fmZ(u5~x|PK zsnNADz_%G%RfxQcO!ppyiIZ@Rp3hq(u08oyY(my2ravcNNz39mnt$zF5^K)7 zcI@ceUOtPFD@LT(c^aVh_yKK4OQDc&nX8&g+4{*oVVPH?u6W&gP5yjy(-;;dUL`(u3M! zmXz_e#|>uZxbdBYwuiAQU&uwa>b4ZMw*ESg5(gIezB`U9E z@6-^+Q;*gi;-^- zrw1rT#>f!X>yVn4Qq{2s2&lBHV(}GmnHd~h#mP0EK;B<$+>*h$i%Qd0#zy;x zt{@LnB(~-rCOwbAgrm(0vdm0>CR0T{w+6gyP}(Miw(XLoZvtO}?B1JE(CL%YjR5A# zCX>5WahTERPnl8gk=n>#Ky&P9{{XE;Ox~6%P>FspOAd;ejgDOIWdl`J#mKM5+3F%$ zU2d^8ms!WTl+^N^zU4fpHg{$fBXN0c`#_SB>0)p7(~j_Yxrs2)8R*U3#`erTec9^^Q>5mVy_w zT4f#G2?>C)RM_gO*!bwYM!2f1{{RpsCyZ+1dRAti;W3|PCy9)o_7#n;t8S$X8I1Uv zehmz*${65Jhog5pqQ*8Co8+phD;_okbGs&bk^@T51gd1@n$Z@t_vHA#T3u}wHyK~@ zHI7`TV2Qq%^cVF?vC&XY+Mji$LFOu~yR^QuQIunj#oJM-Rc*`_x6@;+wfQv0{{Z64 zy);R&DAJjc@UyQw~v&cteU_r{&Ko4Dq(zQ1Hwmp@UEp|yx0;(}7-cO(;AW z8ejc;CBz$T)))*3IY@}W412$e&6gKdNtUn4MD~bS)(r0U@?6XEd6A{cw2mtI84Kn6 zjmwZ8c|vw(Ekv&pB(RU6*X@s%6W1RDOB5bMgi<4W^{I)8qkhpKdBBLB9aIDU1 z_-JEPEwe{5s;jAZQBk_Uf#_<#jcmuZugegM?^5~XHM;=lgDKAKZ&zgV+rg8*8hon7 zf_%kAL6l{BL$+2|d~IkwoKs{!ncf!Fk~T*Byi+WYRj)&6ZVdd2&zO4JorR*8YvZ3r z;XXXkPt01bl^RONRWzXLh&t&GdJ_((3?fa&=GD*~F8Wv;|D$2;uJ zjz$6_Fy?2(O7;T8Z%nZN06G(ij^58l682dwufLS$d8lr8Kd1u&51P}P0WmS!vFmfi zVu6v$1=v}WQ=3;$+~wu>UN8`2Rao7ry?-8ELZ=!&=2e$F9pNpN`<`?JmqjUq!i> zy^|UKV-et5zvQ#u-qr5YVs!?5FDJWSY|NU`ENdZl7CNJ3WmLpH zg{(U$pRz-$Hu~j^Bm~-<;zo-h&Cm!&*9Zg z>aY!Lro;x9;gMdleH@Zi;n2mocy47`-M!nQ*y&rWrkgH0U-<1*V{!z8Umn0yiWY5j zXa4|{8S;n8owre`ctsnJ;r#E+zRu$VKfwe*%*v{2eqN?NZJ2Mtr^FO6TL*i@#O<{K z*E9JjJaI95pUC&*sPwBIM3}PbdtIFja>{wVY@Yu9%Dk)sRD=x{vbxWyuiJW6FCrJy z6?abGl{)hTKHWA~$ZI)jd^~!dd_nxG${)9NZ6BG*HU`OIUnj_Y*|>B^U(!aun(#|M zDZ_$R)1K*3D(#=l{J(8$Ci+wHM-6g`en)B9BJ;|*c9yEOi9d?(cEd{?7s;@K1ZN~{ zuI*`wPiCPQg;Gi}viqz#gPO681XJuKMx#=!uY(U6%lu*rSjWe7_fyBgYdssEE0W8y z&)a$yRv2t6KM}@$_cIRnsz4eoM++`%BAzu^(uEs?OB%s1@pEatQx3GN`79Zj{=+8Y z$B4klQFB&h){}pP7BkB=%aO~r!Cgx+`5TsHFNA4m(;k6IovjZwF|C1|fcSN*5OZ}C z;*aaDpo$gv=?Z1+A1frstu z)iDnlU4gxx-d(kJ$yzn6eKVJtb%k#o0iDyWLOsYs#ess(GP`_{Im7Dm6!xs#%dJwn z!1;@)W(#%pS^0Ed6uiO##o|?1b}Ca7hn1$Ieb+_(tOxZKpkw=WB3Aro%to`2ip+7W z6T?LOhZg+PSw5?{O870FyKL}4>9S>YUbT+frTi<_T~AvlAb*TZO|p{@i9>}@ry|xK zf#Lkm$eQK*+RgO$DkcX0WNf$r%=hI#r(_zwk|7!-Oe@7q%HF0SeEOikPR!(Xy)R1mwSZ)@g_3!@3?)ZseI}sSmO9s)# zu!}r<11h(Po#EzLZ!^YN+d7zwuT(!2THlSC{{RrK%0ktP{S}!Up1#^X1&Y2!WoMGp z7Nlxbk8Y~h)BRk!(DO*v)p#pC3uzWp-nDJvgS#=RGca+=sLz>I9)HVoj>;k*hbF|! zz^zcaW7*p#8_#aF32$zTj3uM9#ye?=O^yk#<#N46*w^hlo0{{nO`PjkSrgixUBXL$ zCl#5Rvf9k5lDA9Kl5v53Ez64Zv&2;c%P@0{6k}?ugE+>v_p#d(`0grunM~df=AUbJuDe}%pAtT*q3K$)w-vLz9{8+I%~$Cp9kZ}ErhiS5@m#Inx;_xQN?igm%pb%MmC zk7ek+7)&r4(x$6LD#5M1Kkmg&Ju4fh)Xa4}l ziBifZsA>soNZ1HM8>IY$W@uG<4_(ju@A~tG06nw zFgGt7J?CtL=UUti#GOo3?%1`PejZDDa&gxk7h9j|U#qau$0NuWz#P))mrgAn5S{eF zI=o99B`dtv=aXrOjb%<|Jr8m4zYDL7$fc;Tp`-!~uU)}1(FQ|IT6AuSMNcfQkp6xm zI9i|spn6e|Yw&UbwR^o1@Rb2603eL(GXjPV3vqKW+;$UoSe!_e`N&6rgl8(Y>E?1( zrYnJHuKxg4HLXd-ZQ%K7zTH5Hn#)sH#~UPf9f{1Zhd3@5sSzkE>xofaGUNf-C5*G! z!|y&Dc&I-t+?BS2!9EzQo}uuR<>w~?n(AVhMa@sY8i14OmazjvC)gQ|3-<_Wd2*Ne z8n2^h*;p;Nc$l1PN!aZp8AhMhGV2wQa*TzxvBc0z0{xy_K%Wm$?zPunwp!Ly%xhY^ zLd!fE@eg{Z5jgmt4#DjI04ivXKJv|`rI(-tK3+mtQ-{$1 z0BQPJ_?YRZAcAXoZtZ zU0jI}b4KtovR}lr7^)*m>n6QUYpyVPb%26Ad`Ck}7iE0CiE$l%D%uDv8Y~YDt(?J{+Iz2JdxNKQjuhY%${$$~OI{}BolZx8&H_ebZCudD* z;Iv4NK4n^KQ<3iacpsVWG|nSY&hY;46K8!gR8^i)_gv~(!b0_JW>9^|gY z1m#gOpSpcGhqr%|l2CCUHr~_bJW75eVz%2U!&0P29t>}DFx^u1B~yuVAdj<6TX%)N%8Za(J$~)jS&!=nd(#BN&xe-A0_r zm$G(Adg??PT+zy|GbbOn!Bbg^x?DGUd#2BsUL~i^IgHGG+OUO7Sat-?ua+vb@+AYg zbx3st22W$+!e;6n0lz95(u@nc!btF?0um~X6#=6{=n zBf*uOZdv75rym=YpH8Cs4~7B6VZ`b^z2&SMZtgbAYxPm}32%!d9-csiN~tzt+(KAX z`QMrGBnx$JE&QOI{az|JYn1;0{;hvg6Vu7@^xVeGS{SdqwdqVs=|%&7A=ee2BJhqN z25@Qc)DLR|mYi~JSQ5n%5#JiXhA9FArrdYsxw8e1yW=RSY*~LFQpzsY)^cw;sr_4v zcabYj{w?a;bo_9?Hr`GfSf_~=QrbL=y2>b|em77VW#}udg45ymEb_(($ZPP*4~fJv zJFSry#l@P#$n?SV{L9M`4Gcv?lgIu_=~dvg)!P=Hc0BTD!vg%|uxiT$_=c5ntA&V! z9=O;yWOoQac2N!ql;)(bvG{cw<(Bs*+A-ll*;SwHzvzJ$*76XaE*J-^r;=&(_6c^Xx-rD z=1bbho9Ux9>}55BjFFp)*{|Faky98j?W+X{xd0BtxPIYBIC`lF=g0v zDlrvW$HeuRz{dQHRAUy##;FCLKUhSUW!}||4A<0#`NQ?1H)5Oa7gJjeaW98TgQ}Z>}+}|4d@^`UY zp(Y}(`AZxGB2{XI0yF!P_X_nj>*90@l{TTO$3yU{MV2*(pc^E&AO5D-2aE@;o}_U- zr^AUj>(@0nT(1}M+{>v(oFCUsLF_(*&`vW`Q2r)p!lzM?*jPhmoQbuFbY<)hv>!%4 z_3M`(Our%fN)a)FdaTHPPI?qzJoFG95M{t+WAmQTJXnT&L(|&mzWqG3ZvaI-1a#y& zd4^Z-Ej~m({W%Ugg!ozT+X3#>Yy};b4|(w$19l@F>!k}xPEN+le9j>I`*`W?*WPLh zfmNJ*`Y(GKwm{jPiz6d1LE>^&Up`iDd^NwFwVHvl0~U1lg|+yA2%HQmRt6$d@cf&H zDBlXaFQmFeAGO=Hp0%tW8TT{sm40hD z{!*&@m#Rhhc;4SYC#C5AGo%K#)Hsyf`fENPem|*Om+n;hF#dkZqB6pjLad&p!)adSS$(S|oRvy^pxU`zt7>cmcZo2%gDbj;-4u6po95YO?C`{*X3mp&tTV>Er|n4aQW)by!}*t*Lf$Q!0| zozoo;j+DBM^0On6^cQ3KH=duUM!I{z z8DH)zOnb#`+aaaRU-?z80K=j@+5A@OGn(!s9H$(0^S2W$xL8Cw+%O5_r9b^a!@9vO z#k!;9_>^2b7Sd_|0ORD!>}o`{?A<#f+f*M&-*^7Q>-byLUn92aR<9WWrOn*7#+8zX znK@oOd9mXK$HwiaifmMrVsUN8^^()Rg}AO#RpI3rO2d_ni$}D`qqC+?+c^pdDoT?+8jZ!dcKuT# zgxM|gY}G1?tteFmS662C?Oyvr#Z{|=GO`(CyT0EJwR~!~kV4kXPm?exbz3ZN9nR!b zMWq8-i;EJPN8^?Jcz{kEh?ipIR-28p?=ZNi+dI4ZW*YwhBh1TJhZ%@frI_z$gumgp zdxxp({H6tZTWy)dSyGcLw#v|eUS6HAhN4RHbU4{*+e~V{R~X(;pLH{yr5Vjx(<>{o zFwSOYnAs2N6VDK{vbv2>fa-HFyv#dK9|~e?ZNp*+a;OsPDmFH)*KxFeT``eXrJ9vjFH=~I{=lPlZ%_?r`J^)VI@dV>m&(Gv)A$Gt`B!}94>r-LNP zRAuK9y^<%lj-bmew$cl?`i6q4T5e7Dd_76Hv|`8KD(z$061H=p zgc&*VT%1Aa2PYfaWiITs$3Rc8`2zKVyk5IFoPfC$^w^u2))aVZS6cU4-G6ttec6?J zb9eH>`%y@gCp(u}A)g}2T_)c^;#G)&U&OYOsmco&tq>n(DD7L7ozbb0Xl#=Oee1x0 zij9dXQDdshDhloc&=VONdHOLmU#Y2Z{?3b|Ge4^kk2|5Xwum*MJ!@!HRASR2(NX?9 zdi$FsQ&P7en1bAw6XczF6aHIj>Py#gz8+O>0|5hET4Xt7)S~A_bY6Kkc!7s=Q(l(h zz#Mfm9=)>8#WtrH>iCxVzP{U$({i!gWm$DpRy<0v!qy(nLF`Z%@pq07FF*ePpNA&P zwDB211}YI@jct`X7>QdRO1knQ+BZEm23ciYtbi1? z`1p;*)3-nDHGZ2YUdr-OK~Sg>QtnHWwzaH|%0`F7?;nZKW3llE;f~8IKD3k;S7wZO zH=?T#%&QyP@VMurkzlY91@FYK(O5eYqNGbrRh=$F5N8>FhY&GcDzlTjcb$sk z6sFLoq^vXQ%tdz)H;WF1y#Mzj=YLo3D0SJJ#<7m7U&lEM*tjN%Z98 zv)9DHH{xPZQUkN=x#t>@GO#7K(L~C6uF9{CR2QEojj3)RtJI2L$(^&OXg#Gq zOizDJ{zC{;YNiT^w}LH9ud!;}$~Iyb_q;jz6w$@t9 z;&Rv~2juA-CBBp5y7et)dkn{;wvy4|dRO~1DS6cK2dENrY8%pJRNf{uv7eqx{#C3xiSKR}UFQPcJ&1xt5u5sy&z$*cagu{L%m z?{JdS5v)o!nC+8u>6J4(o^r=;A>r3W&1GFG-rlXZztL93GqvdEtxp6}*H+5SzM$yF za@{q!78T+IE?~@lCMAqq^6m!k<&h&dBeTcC&2c(7;2TSkkOsuCw;d6CY#B-A$Pv#? z2P7q&t39Dbe+&u5ti@0J+-GdPmWhkw6D_8U@*(pd62wJll%)x?yQ=}F%Np2_FZ4&H z(2hpF{Y)oqwnW9kYtXw;qKb%_c7cl8uFl!qvm=-QU9XX)Qwdt@1#>R{0OcmG=2f-v zhxpnQ^?EA-6NsdG14i{qvFJ81J&M)1MKsr~0;#Yv4=T(xcdI2qB3J5S@d#Mf@-U6` zH@ETYdz4a*NM+{CL~;vw=Q-+Q*^ao+c|J zOJ7+|R}q}lIqq0}CRCw+D_Fs@(&n73LBUp5|V?7Fm z)NH^ReX7Q`?=$2nAC%;V4w{x&DNW3_W^J|# zaIcgv;#+6AJh?L&UCxswgR+pMp$2!Yh*{w0_xIB<6GLkoXPj>geyn%o4JGP&&YCdu zGDm0O^{>^8f0Iz64|jTiIoL_CDnc@pRs=_Pn&BH8S4N{tXG-$EUevYZnV0M0`ABGV%Uh zl&!7eqaF9L4}&mIX<4UrAKJThkl=`2bQh(L8Gu}`TU4^O0Yb-2l1)9ZmEB@E1j{6vqJ>94Q`%pSl?{BT$&y#2%N^rz(pxlQxXTKknFOQ{dr zc=$@*YSS*%sqNa08{$d+FP(G3#GS$WmDKi<5jKq!3m8T<*IR1Zok%5VX7p@@jEuOPmlQGTsbR1O1K*oTOC)s|JELYm1I0NQ}0Yig>Uy4=6vO{wHGYurWO3(>rCVy{87+iKr|!sWSDV)vB*1e=%ac*h|EotM%W7_pMrpq)L)f48IQmXu9?-v!a8h^*ssp9nr$6doY zPls>@!bM!s`DayEYiZJ}je8K?SLv9yxZjC}_FYKlm5lD1HZ_Rc3O%RWS$4}E6AM6n<~Dhtbv>IKoW<`5WQsv@S7WSJn^)SJ&)h?!o^(s;{)=d(3H>UKrA3GB5 zl&VtPY)RRvwF+~{*m`cN)=aQ+tEA#&JU_Z}Eylcq^~+9O{Ej>OgnbAsjs56TTh&Pdd4`>>?3XqvC66r`VFkj9D8%}6WUgt#tRb^wT_3h z&@)u56BRp*;uVXf_sKxmRM|JEAH-ztsWO!96O;0xLb)LcRZ+>gYa&NPy6IFR2h$wMPN^wefYZT7P}xDl@ZZ_JbwTwZ)11#5JTcPX355WyIEbnO~)Wh1HRidY8<{WBj62E3TnPW^8^Ta~L(->x_Z! zMPqVT;d39(qExOHIsV=6u(85u;=5c(ZHHE6f{F zE@X~T?cy!6ir8_pBEBYBd38|;5PQlP3e$EVw0bd-m!BnX0yZy^6AU9358?F@lsB6! z{6MP}wP=Fr)P{{Z#VO~;hn z#wvCiyuR9MeCzV?b8Oh;ZWe8xqw6sF+#YLXmBDdNTDsoh*-!T}msALY_YHQ1=6#OF z;9|Z)WhahTJKo!dvsoJh%L%VPRcuW+S3T5-efsOiTx2%diVhR(OtIUyjHe~OU778- znTqTf!O%~rmW{I3; zgsYp_ikaPn)oVF_9M;U#&|{@)2ozHl*6hUF1lM(Ib6+rSes&WNL_AnD=gM9FJF5%3 zM}O0z_8d^axP3msagDtQ@3 zVhTqrr|xLP8+8!Z-qmv2m8)9S!irg=bgtgo>UZ8$2Ww`{R<&6_g*{OZubiop^ei$q ze8P=&b~GL|!o>ZFk6>T}3+=e-o)?GpixYfDaeRoZCGI*O=_XI`_XCr<6>shBFXa4}Bus?iV{{C|*ks%%&Dr~} z;yiuN#Btbod$;)f+JP;zy8Gyak7iU0i0htNh#;)NzhyFW^`I`kDo}18) zoH(@ZSHsHNUvEK|iCN2uiDa)v#{_MBLt%ze0GWT#ZQ@n_XCb^o(|&p+)|kLMl@&F% zi}Isf%wNf6o^5#A{dC9Lmy7vA55G_g6jem)mU6B;g;BF-+&;Rabt_FcPMCEi@U79wRi|_*!$z zSm<&xu9tSf<6Po(2$*V>*Hwe!7w^!N()KH|e9MiH*1P-4*OBt*$aHlp9+56Pv8EPZ z5y8ev3qO*~ykeg_r4_>~;kA#s zW+|)4T&uZ>Sq_Jd-WP+uJFmAulZ+#w_Uf~g-j|g4fAmlGJf`Q9I8Fk168vzc%LA^- zJ$@X#vXW;L-C^`$c*d@7WUo6I!kkCh#v8RnC%bEb0GgXK%-r{af;_b-ylrX4Tb80+ z%R9qU;jPUr+2t%&+DpRob&R?*7U#zvt22{cn=Cf7F%d0Qs>ESl;#BTDXqn+*GOIZ+ z6U0k=4S@RtlX;3|XZd68S`TR5{s(+MZ{!;(2YGSlL?f+L*h2B>7u4 zK3dga3)ac+Lh|RkDeWfZIJyGMhPF!^5?DDj8WTcs{{T(zJitMSO>V9-f{Wi!MsB|j zWycR~nKmt&RN)BYInGjymdE^UwAglW@*5t&<2sdA7S`0B%Gwv)Omn3ntyJf@Pnod3 z-tFa8SKKlWa@D`GGt}xvU~c;s!QudxH<_5+ib3xPpRSm8aJX*uHQMVw9lql{W40&g z#q)hosjbo39*D6QICJSBs6!(_5porRt zKi`;N$d$C`$3|vS6_UZB8GuAo_3kHf!^S#T50x4K4+tP&fWb~Z{{YnacA%aPtV~yA zmm;{|O4=T$s>3Wk!eIXZKy=s9xw*=6o9Vf^x#Z3UaGXcemHiVHcgRg>^!R8004jV< zKa-bK^$;Qeh^i;VtK-GKoL(Kxz4VQD6M+MLaY63PFKf?D_1{X@u~~A~ZVL#22ljN( z>+rvO)^}HoyDvg>Qqz%R;^3-_7iN1vWk=Sc3`<*kv@SRZr0yPz$p~RrV)>HDUy4|U zw&MYxsC*wAKflz`vBHI<*I10?+Nc?&=gd7*_b>c0+7D545Dv|2J|*L{vb8Mg1Aa~P zd?=roGxsyc{kvwP2%F?JT5J}_@EKbo2({MCzRNUA4p=-u5>p>O9UqXX7%QJBAh5Qx@%X z{dB=lZWG&VE%{+QN5q-jSV+Y&!p zi2b>*%tHpi@HP`={{T@MZ^((PtWGc!_^|%~eJQ82OEWunF4X7dGydn6uufm7&UM9G zVmC_@{Gy#sTZgCoaVVx741qPGM^AYE^AUALe@3SttDj9zOxT;7oBD3oY{w;TBr!`y z`g}2WkXn3C_0$=Ld1F?3XD=!Ybp8Dpc>J;Mc~RYVD_OfXdgGoh494)8L!$i{lz_d~ zz4znj7H`4*#Tzpfg*D!hu2d4oF55NLs<$bvn!vEpTO_bLH`8rN7Bd4FWW}y0}%^8tzN@avXfI@r#ZqUQK=cQHZDds|<1GYu~MECGI|2 ziAUq-yNKS|Z_2?3fbPUSzahsdzqdYgcUM4>u@xsJIT`y~` zLz>L$X{au>0{;NL>%=eM&Ggv%lEz9xQ;;9HONozFS2#u$8b67a?lJ9F6MaaY!%#1| zgU{tkpz|`7J;Y2+jkD3m+lxR4Av+9(xV}E9ef=2j7jll>p0aUNJ6P)KClY;Cb5}fU z$oOOWnxD z`rKQ%BeX%{ZgL2_l%YPhav{{m0qjs;2OIoP!-tMP@wEQ{ljCEB(%3Wu~lpT04AIBJ#4517pA7Bgw)WQA5LlhJxjZb>3z;q;lX}f8Sx|}eHcUjwNp~%-A*7s zqQgh7I(G2XLuYf)GJOf5(HF+e2WfGHYF0jkvCSX{-sX=@O?1anShTjzZ^~@J+btdR zx|l;{-aYEAp?6*ruhxAh9;Xxu#L?7)Nf zsl%!dJvak3uYJVx70r7Q-aGWExOhF}D=ltje5-CHYp+tR6?4$*3~5i${bOsY<{Ci-L5 z-X>Z>Zw{TIR2l*$eZvXjH5t?VxhLwk{zR5%aAK(0wnLgsYuolLRvLDR`D$;}Wh0S~ zOTP3$SZ!L63V+-U;&06TK)|=DD=tNcbH|zK{kx!zX5fYnl~|^yjZa&v;?5&` z^k2w9<5MD=YPZH)ZS?|dbODI*jrdxU{{V3@*JfGo(zWMetjTd-pcdTU(v91pwE~mv zQ1!={YNrl1Ekn!|)!QglsjM9z$ipjQ9brBrZA|fJnN^k*;{qx3G8?%?c7ofkRKQ}` zC6@7JpE;)Fv|EkClhV~ae3vAZK0R&uUs(4Q4>4{dYd?*Tf~RM#Tn)pXHAc=>F{Zsu z0~UsDkjN(C^9a-te89dXtK)D$+JV8AeqIw2*NaH5WNVz~slH|{OZ%-yuxC}!36kOY z7r(k2m014(FwH(!6+Amod3tHbAw70vR-Vsg=ih+bCy4a)9{yJIQuwyw`jqG0RUNfw zdk)*%r?lK2Cn>qUqHzxVjmoMfDBX4$Wd_wx%M^|jt%}aQ+YKGT z+5{MUPH~uVhI2a97_Q2VK24y-ZTYsNS@erP*k%11)Ri#g;(p%jSE|KdZ+{RFAh0a8 zgFfX~y==T$-R#@f@5VJ7nD<>rf-k1eZb6LCshfx&E@4W?Rx8;=7AaQp0WoPmu&Xev z?y0QWJvuZu5oYo-4$6+LrKBv;j`g0-lUp0wew}A+{mU4>^Lz<~%Xprl;8#&*2e1zNs4-IYs|IyuGeOAZ=gfuPh-;#uyNF$(ocwJ zI;aM1W-2Sv4DBrKEbT1ptn94ptn94piP{siv$Vf=Kl1uM7Jq?+&Q9h#P4nQaIlP1_iz{s%Og}ejTltYOMy12wr7zpDT3fpunXjgg zHl)kYaH}cdk5cl;80U?NZ?we7)n=&O&(eo7`$Fvm)DyR90MD0ZUs3sLy~F8=p1;Wz zt^JI1$JPaEtYznwn-YwRY5Y!i5FyF#zbJ2vb|qfMaw=jwG~u~sGbfNe;-WJ8>e%rc z+FMK3cQLbGgEBAg`*ybonjgPt8&PbG%0cQ0m~?+0&Zec9mD%s|6$z0@O2G>04ax!6 zat9NajevPgPJN^4r!{W=ERIxFcOiApZ@C6}jCVBz#i?$s`C+au%F8gp%6jXo;fgoi zxqDW!baUb?Fmdx6sH(>HrwZ2DHjzu}5{}atqMjvb3kY~?W{pu2^($c$Q0s{4xxR<> z(uXHPGllnC(T=69ZoMQC?hG7etkmXbBm3rOGdI*vQ1dx*8;y3QS&LnPirH0wFwM8L z30?2pzzI4W8`@)3txido)z7&Us`w_)eRm0;4&QmD%;9_$eQeqJwBxuz61C*Qb}cBe z=(mt0*FzsK#b+iy)-(S578;GQ@vNG0Rx z01IfY@#+=Zi|LzY_Y5WN%G)Ntk8yf#H~#>ww;!bty9EcqfwdSx=3^;ZDxPL>-a|nI z$Mn*ZeRVZ8H8nLgHTQlXr19c>p1%tIjgXCvOq#nlI`zQI8WlfG$EhqFoz02FPlt+* zK<79mgmTa3w)U$#2cr9lh}y_Wm5w=cgn>{Yy;DbeiHl~&@{XK=H8s|T33X)OzU%H+ zdGRc>xZ8!5pgJ)akT~6I)}A^qv|%|nRk4%X=WpZ27HM|KuE|?!yJKmWeF2^t5JcQ0 zn5(4`mVPp~v-GcT>;&$H79Q;^p)pDj7USAHXN_uPVSkl-b($yLVVq-DKT{sA>GE(V z$UICBK5J1}(Cetk7--vtt(x6fd-$3Y+6N+cS|8)$Ko9Q{*5|mvZC$UlXXvDI9IL~@ z;236cTrw97{{Sp4j-eXMtq)gqEq>#(MQDBc6SxC3Tw9ta!@v6`9Vs{o#yTthVytlh zLG9MjVb=?G(%SCf9vIv|%&4&}YQz=QoOnMdvY7W-kSt+#XN#Y#LO5EF7RmTf;tT_2IB8u2s zVT2(AUkiGFMmFAe)|r+^-|}lSc4NZ8UyJJv_+v_-N;OGQ56x)FEocxdqzW zw`-ZrY^j!FRs0HKcN5*%mE|u}v1GT2eXqj5rtm@o01`p%z6}zAOupMIvqbdvJwH+Z z08ljGbq|Br8^!g^pau46Nd3)BTS28aux3%^k!%qL$PrWp0&Dw!h_?>YOTg!~>F~j- z4^N5GNLL*O=085oeCBl=uI@%7ex2@BYf|d!r;@3O`A>?6EH%-6!_@#z!a_fr3JT-S)QHK&oMDk*)Cy{#wJL|5! zmtc`G)vI=aHnX-oOQ?D^u@bkq5Uiz6jX2)S&;H?!=6MsDm9SrGAC$Fx_`A30(%mT4 zgJoV0+jR?`{zo1y&1U2^|EnlSXeHN=< z+vKhN*LTaKR_&Db_&mE6lMSW6BqeCbZmO)_)!^Fy0Fq$VzUxhE?KSl4>#$r~&}g~8 zBZFKx0zMxAOsfvd2H?TD3Yel3{;tmTN9z{N<5!~o zpA|p&o5(&RRyO8g}FPjS&qZ^+6kXWor3EM6_Hw0~B) zm_L}o*BAP2H^t+Ynn>cxZeF}BvDTJ>SvziV{9}?=sm=3f~I9CZr00tiMdm0)>^&#Jgbx~3cx%Q zIZe$T1)(yV9^t}WOH|%^nT@Vw#J;|0MtXsg`jodDP{wOt@vt`|zJe7008hZstJu@!2ju`}`4V#&1>a|(7mwITh!Sgd?^_l;XGxaK{(_NR!~ zSi?~~7#a%z0%Tk}Ee$n{{ZUPcZu@X!HId5V79$S z;p2WcuXo+P)nM#xtERe#k8YP!V_4JVm@eh3X+EwE7LP}i_7<$88*N~)X|!n z)U)!Kg0WwpPwO=_%H47G+){E~Y_n_E6Yy!8NI?J}wQtnMA#0l*H#vW8nT(cM;@Ztk z#LtHT^2^uaG;%-%nw_{-8o$?Ie)|g)Xb-=??fvG2deXtBbjYZBO}MuBv*hvL@IMZ3(ZRZW zo%7_bpDBFo{{Z%~;NK4d1Jm9g9Yn#};DZgFr0yTZG(X70@6-;0ZU!)Gew!SR1^2nW zl~dewMai=X$B%(q zel}q}bB3dSMg(Z7WVN+kpXmc|1rrzWX`0@o6KW-C++Y+Z5C=hF5I*MS=Klb+xa6^6 z2tIc{7Nl0~H#a^g-_rx8ri`E-a^K_u`ush=sI$z>2eAEcxO~+-m@fhjZ;HgotA(ef zHg@hpDY3h)%PO*HebKo80Lpl+t*=UG^i>TOhcN1`Jm0x9+od1XuXoe@zKptgv14s! zrz(GNQ@=2TKZE1;z~sy0#MewmtqCkGhV4Rs)zv?7j7kelI~7;6ErBAiW=1$#tGc+X zRxOgYA}fO}UTG{%`JR2Hb(cDn(gJE^V%X$y$HX;~Tp%C%Yu8<$m&s#KkfL!DipEv_ zYFwnpe@IT7oTtChg?RaT!K{l}nZJz3{;SX5TGwe9Af9Ku3n~1>B>`qO26u#Lz_T8t z!l2mB&1*X!*H4Gny9-7@%c+yx?D~FVDz7hPbz8Qol;EySR<&>9o0-p4}N>oUtq4276ul~J|736H|C3soB!1K_Av)N6lIzgvlD_3@PtQ+37urr~Aa zIb>Z>uZhZFO!D3z#zQgE&^HytO;n%h=3XX*!HM!Ym_YG`hF zm~N+?4m3eR$;YK{KmEjg#;sd(_Y$=I@*~>23m&?foM#!vahm@C(wK4tAC#&bMTY{j z8xETN%_q6U3>4Rv!~X#4^xI#*M5?;HExoyc3!N%J}2*H7n4` z@`^gJ3^ZF9@;f+9{w-!bdJ0ou8QWq`ktqanw9&u?xOzso%>fG&EFbl23pFt64*Jc88mEZ zU$wE9TIp4Ww+t@1!mhHNmd?65>CeCul&!!MoDT(%+yuxf>&`d^eluV}{F4~g%VkYq z(K?kc7xKy&M^c{RC6k_~e2BQ)8=op7QK%FTX`|48>TIgs`2baF>$&20NS`v%g>UVy zCRCo`<$Xz3K&z&Pf92!N8h(psQ?~2Z>Hxd%5SL?UwuxD%=SD=Tud0& zn3XpXJ20V)uQ*v2qZX(tovE9S%)p~mSKs0FgLo%Xj>wrD7;zy(oi*4>tI9n*cQC7} z<=M)}b|n*2#H#K!pq5tsr7^j?4OHrtQnM=lFRAkp@;pOgo%F`iqp`gBA}4|+t@;sv zAu_bBQjGQfWP-2uss!XEs63D+UyjfO?@)4q_3zvem|Xin-X_5v2Z9XQ9z}#%O*}x@rI>ry0U5XFt)9^+)3R?{g(1d(fY2^ zi!HU@SGw)xE}_xdQ%Qfv#0d&;rvV?C)LURvNtOGM#Uu9tprNxR-5s>*(4?_6_t^<)gKK z!v$pC-#FQJWc>MWsZ-yG`uOi2`&g++)SG1tq zc5O0^3Y0^|VQRPJEpP3Y#Y(8?7>F&@#vzo=O-+4!hp3)su6diBrzyXqUwcziQ&UsN z)2XShzBFb{$|lwQl7sGkT702{5B>a|aAQ|HDLY~W9t?Zy0%Yc?@I7`m}Ks$s~m z4;LR_U&?A@60JBH=j@5V8QXzR*xcOYXDQ3B=Kj{^=Kj{^`Wn)3S;RmD*Ii9@WJdSx zR41qPzM7hrw-Mu#j0To@9+-pDWquosBgyJzFTvv20Wrpyj86?xMBMTFHCAI( z%NlW->7zI_Om=BrApNCkzQG_G{{Yx*sxmN^cQ@>sp z#M+4V&h!?`y!Fw6%;y1&13<0J2(;dK2XsBbIH=zNRV(6htJ)W2k8hdy=!-ZLxDLES z?tX#hdX$M?K!0=BQ&U|vIKT|l*G)}LO-)Trea+3y&Hn&kdTwv*lhe#I&t3GiY(mX* zaSLCis*V{C1IbNFX8l{1{{XlI(3+fJyI%G%Z627lcWlv1Y!yZFHyuF`Uf@H zlRf;+^e3R>#LB%xh`$l*;(7xFqL#YF3K2v-vNm!q?Cb`~@Hbxr+hdb(AZaZ|Ur=I) zP`D#eM6q%^ zEqsol!-l2@P@{g+!Iav^#J$6lt_>2u_lAi@CC#~<>*G)lpb1ePwJ_EGh$4A|W@}J# z@L^6vVVC{!S;A?di#K1qSMB)~+?M-snwp#p;AbDXsj08-H#hZb=-l7gU}qCJ8QX^l z?8@^74w*Za+3oLkSoTkBuoV}W} z1AdA(jY<#lY8uqW$4GHje5%LAXjH5o;#j;UBC)s`vjKyyry0g;?`mu7AKP#5S(>B8 zb$6`t=E3KW&4z6T$wA^X7dxN0Z|-PYbyceKrynKTkan!F1y~jL+3C+yyEfK%7}dRK z0qRH476qD``ZfOmv>vTi;ld+)epJtt++2R&w*wVF*j-ISUgrZWpdyfbrgA5O7-T!gl-*z+;YtWTh*oMTk2?)W?Wen!bnTo+w61mE`BnwpyX z`kI>iI+~iCXBnaNk{90lJDip&Ds+WNDMY^UYj9pO#2SZyjKlTGlgvx_?qlATE`~|= zj6{C8s1Z7kJvF()a1)6B*lYg)TPyc;Bhs!VlzH`G){A!;m3M1Mwr!hm{Uh?|bv*JK z88*;$dOFxPzec9MtV{{U^{HPcg5Q(s%A;jNVHWIsJ} z_A$Lvgy3f$fck4Qej#u@(}OVM;fIw(PsiDT^aEqK1?7JqSH9C|4kR}T5myn72Q z8!!_$Id$HICSjdqBzIcI+m=PglCD>6$gv)~7ifAcK4AX<(8t){_nd&7mT&6Z*!p)i zCdbjfo;q*pWeqGtJ8KO>8pxappDIkV9hO)7Qp@9Ww9V~J42NV0q)knIy?=By^pU^r zka?Y*iIaoRY&iCxRyC_wuGwkj#u5d5dUBk;jr1PkRf|y9DD|WMK~+Y99R%Fjo12@O zn*RXK69@iNLUCE4*Hc1hP763J2%=~i#b*_o6GNd%!Dfd|3BW@|ZSFB>S)n!6Pxd?i z0Kj{HX1}YK8h)8SVdo_Tbi1IX8|?;0G==p{U1|| z(VTw0KtHnM{<&-4{{RWEuy;JqJ!{5{ckcdm^#EJIrwjLDClU5X zkL`}&?oZ@{eSFU|)&BsL-k>}G0Ltu6LT+!Sry0g^oMxuP*!#YJxAXV4*I#{YCcR0uVxQ;Gr z?Z-j~LdRM$Yj*ap2%pZn6+aN4Yg1p^`TqRPfBcz{PTEc)U077g>Gf)n?nwtLTjltvl!~X#CZFJC@nw%DK6O7l?KmLEe?!Dph{jmQ4)wlluvkA3_ z&-V+*_rw{YIcgt2-s}GW>L>eC{{ZnL`u_mNfB(b)J`ex_0|NpB2Ll2G1q1>E0RRC2 z0uc})F+ouS5+EWlGD2Z-fl`s7K(Pc+V8Ih3VsL^pLvqpK@qm)>qW{_e2mt{A2|ok< zUfsvl`~LtZ-@M!TCjS8JF8=_e)uZ`7x0PLRq#^0;o`F_ZvigI#2JCEzV{{X7C?)U!yVfXze z{{XAo`F`Er{{ZhU-QNEI?B3teTX%c^0JD4kuYcwHcYFT;M~P0mmY>mDALRRgBip;* zyz=OUy1=_d)<2w;C5~oRiyYY~gYEqlx9i*|`Bv1;t=#X@3F{rBXM8O>@Hk;vx)0Z! z;0298Rkb`Lxr=Cpnh@;IWCf`HL9P*reb&fWe>&dkW#mf4!1(Jo{Z@!aa3*CNwouPN zk}#SEN$SB?>;Slf-8xTJI`A_=C}$nctIFs-<|Q}(01mkzFJ7HW9OmM7Lecs|-D($@ z$^)~Fm+=zqoBEga`5h=s8Bqah3O}JaN5V?mq2M<}e3FZP$hYjde#@8axqiwyn<$9? z01i*O;fR>R4f`O}8waCB9qx)O*)`Ci$~?ts)rhkCKmuPE-lJ}j+O8k_ zqj!P$SZIOWiE=pWBG(H}pQs=fUHf;fvTsJGyxyArsAI2W^x}y&SRbJ#*98H5tn7qS zWtTN)1#Yrak87Gh^iHsJLTD}4Q0zJ^n-OGiAbg;I#B-!m>Y=<%1(Z9`c~R2+8z@8kHhxWeE|hhI=$THF`%neFGsOLuiN*)8 zU6$;RDA{1(t}L`(`9cPj;&^4>WMt1tlcLEt_ULTO!XRgtqcDy1m8n{GlSy;3nn67t zM=fr(rqYNT0)_g7?htVf6ERKD^qPHUjV73hM&KS%>Q?mJ{eo_MMHZ3`p$E^kit#yX zYQL6#R#{`wnMVVoM=eBmj$^_>091PQ zrl>$4p!=>Xzr>sz5WY|l;JwF3k@B)EgqHxD+71?=6#AB}PYI1Lg%L&D&7jDaCdAhArQqT8cI!y6OPx@mQy$VGmnE)AEM^qWj8`t@x~r(03n{ar06 zQ`&~xbiB0^{cgM_yLW!Vn)e@4(Xxk#_KL%QPvxP4N;BWQNElB<7X%4zysK#n#4noP zn?%T&l>6}K@{eVW{H#}3CqtX2=$S^Q71Mh@x}gMQRn|Zi!fCSp9DS2v#Wc`oWJq|i zTu@HSQ54il-DohcOuqjB6laCPJyD1TXmcfDT&AFBgfN~P&3Ig1W{(i`LztW`QOf1z zdr9?LQPxC23q;;$7p@y#$i34($e*$>7Z{Q-3K4a9$U>77qI=wDT4n`;@oZ3nGQWs$ zgN4N|C+gW26BmSH0(i}-vTV(l5)-FtJ31!`^jwlpYD(d^u=_Y_xOo{)a6HEe++0R$ zt=9y2dqkon=!D4ZmEr!&m86n~I4!vvF4Q!8${f3wE--v$sl2jo6IS;WU`>SQcy>ge zb@eS2(7+8cc2DqyJl@qFY7kE>4@LJCKPbqvfeTWEt{aCzSoBQsSlvr;l84OURP*Y$v zys=JgrE6Btx@ZT`qE98$89EKu50vv_nj`-JRl`W>D0FKBWK-F%XZ5 zV0e&aw@0#ZL3A#jJ4)d+9#qjJm;HNU|~3o z{gd&98M!NnT;JYSu1CX^VQUDJrc=)=vY0;TSX?iuYKv{S)iip-)czAj*IFnRz*rZf zljR>@ln}b)bB^h~k*YCd*>dC}J3_WO~QbgW2)X41egni>tzEFu!eL_is}`F z#G|TnZG~l*lzIfY1R(T$(`tB)HKr2{d~`n@&b2)vdzPjI!Q8s$(bJNQ?t~zpJU1Bb zJS@4PsF01tcB7X!5bV^#IA;=dLin=axDDyL3y2g}6zB{1n=j&} zvbZ{BI$FWZ+IG2&A>og*;_|hB5F`tyPd5&~Mpx$wJ}|E5Y3Qsy)yCQ`9}Wn*Xio{! z7Rmk<%m_1!r^r`o7g~ht9TWLe7Uy7_&Kx6U%sL$$&uD@C#m6RP3@WgMdiRW?Q% z#-QNVx+OUeB4cFgy%)-9GMeChkv^!%^GYyDx_gS(!ggJq(eqtnL|}6+4>swM+QRrv zZ^}5?F~^%(*;>ZMeMX#96OTk8qWr~Nz#hnROH-h$((M8l4&^pe4=@;9C-%J)ZKy^k z3ii=A{L!vf8l5FFJt?M9Eqk_HLgq!~YMz~juxw$Pe}}3*A`L#7KqiM5BiTMsf#mZcsv-{Q*Vrgs zlc5RnvM`61{^1;(p(GB`g>Ra=&i&ReOOb%M61Y64aJYQYtgI(^kL;cIQ3<{~p_Kt# z%qQbQtmdJB)#1>m3x#{-Orn0t(I#3~5W+m?_E^IPYnJOiH(yU$ZGQ43&n~S z)kpv?VR*kriLHi&z}wPGNSRC$w_DQGaO~Y`(6nrQ*NHS8O{uF29i?*jE3KEAe1tqx z_+ByE=3mB{n=T)q8C{O4q!V|`_YXAYf}ZdQ|yhY#WB{|n=T8x zNDv8v7YsvHpdz3(K}_(A6~lwCsvc!1Le$7jUn#4_piBTS6M}Cs+@T9}QL@&Ti>@pU zRQgj2?KCS?ZL&G0rkc|;L(EXZY}*L?wJ@fUG{Fh{jo2dTPx$V4>6F(dy6LxC_3hqv zV_uVPCBRqoTo`KMpG4TdPAP&`6Hlr+8{u()Mq3$10w4v(iQO3hT?s)AB$!+l!e|C? zyj$u}LWavEO)y<`fwC-bsVj=ozk;ybFX6;}mG^F_qa`|dv%YT2tzKy z{vYz0%HV1*7hfLB#VOpSLHewUyDr1-fr+vqTqew7g*;3rj&5tH=5}^RmHz-(S8+u; z`z|jpy5fQ~G~$)vjZm33RvflL*?|?h5rq<4Diw@EBbQ?mpnEMGxQ%Bh^KMjfeL)i> z+7X!2f1#rzZrdbP36Iu)cpAXQ&bdqLMbCgQTZ!YTHq-F7Cx;869oyj*Kqd(_u z8fdLEb!oa5ZhlsY;h-`P%5(r0HB-Xxr|+k<}1=zq-p%i8l2|{KKN%aQT-5BI&w#RCZcT8!ks%qyBSGWT#`q zR}-1BE|gnj;mjN{&~;8QO_Qd)9$+(d;n_CI^xYDSrmH!Lt&P#~Xr1sAY~F{FD~YaF zP@Y{E41v1h7}f%gR^Uz7i8I2PP97Hr87HhJ5Es8oWbT?ft$UnwcAB3a>B5e-$joF= zLVSDmsP zc8CB4=wj*I-l1fPA7p33u7@b*AL21?jz{-GbXqc=qwbr3@kve{s6jLm!5}LgP_sof zD;(+HD`o!xA<)?i_Fq-P@baQu@2f?kKH(o^XO(?1LH=(O@F^o7Wo4AhE*wTpa@(&n zu9zWXYU&`Z3c*6qu(0LY*)s{bR=g({9hd(AL2ix9dORg|_E}Dc5hYl9C;@LkW);G0 z?3gEH(d>qLH&)qYJSRw5uISs{aXV{>ifm6?6AEEXD7WsO-@4+paThn)aNqVr+pCJ` zPItLkMHM}h4^Oto3$p#GwRc11I(-6UCZp_C&K`=?*Ly~6pC9p92*SF8BL_s*^KD%+ ztbU#Sknv~HYnlO{*>MlHiQsLhPLaGU6^Tzygy;hrbXl(#^ecuP?wHn&Z55m7g}qZ- z3vQ3D%ON>WxWXj*r$+F$K(B;s+tU1(D_VFsmMCLiMBB7TM*ATmVZ(5bIUXNCqW%-= zvU5$>{9mXlO|Dm%cB%Cyh>&46J4owMB)By+w{$T>4J1mtN$mRt6X{(pxN_y;{epMh zc~3)s`C2XLFLW~4A1SnHDrKx6vT*Gd$l93YrMoDtuD4jp_Ero305AP6Sl$7H* z8;nud0v3$?nrf_QW0U)!*8{G!z+IBDD#^uqAsqK!9v^6^bm(kCK4Kh!?GO-ws&v{t z5G#k`xabBmZPzo)g5lpc-{$E_TkO2oqAK}}vBAdi*sRwW&5zlaw*t}q*; zF=dIB;eFb;ZU@zHf6D?0U2wtP0`CtE!WXpo*^rU5BebtnMRzvy58#z7F;>?TtBif=YGk6 zJ;DJAwt4&n+pI-3N7;E=oeRuRA1j2@C4UYtgvQatD_(rNHeoc6RAwpnSM^O3IvRbGuM*+1 zvw!rPCv?*wNmvyI22sFP<`i@c!el_!po0j>N3_v}W#I|g(Mml6cU(KGHDDpCVN3~) zhOQFexiI~@_URJ5JsDg+S0hYG3hPCxI9pwKv?wccwibv2!{J;ele*zBA%IG6Yy3N& zkGdB`_JXqGlQw+OA%jmO0_Ded)XvMoB+3Y$57 zHJ*1a3%>HXr_@n}2y=exP#Xz_%Yzn91~L_cR}s;+lpe}`*BHRiqm(_<;q7((R$FmG zF4c}h2*70ojh2{D*yXnL`d#}iO5J)W66EwdE{r36mhyxh*RsH}$3NgB;mVmKRA5cY z`a<(@C+xCH;Yl``*=V%t&>?cPtWa5@Gv#6|h6R4O3(IwWBhlt?USTRZmY76bRC{`r zlyIc>ZStgEgULf_@S}pXUaRY%!Z(OhD-608aC3g$TLfijWA1>LXQN783!JVV1YH1) z%I#Wmje(#N=E+!hL$Zx`G}af=pGU!{$OOTN?Ns znq_3n{4WW@y9=k;5DIfiTBmtqrPralDbSx}{{VFJCkkdf$=o+d#48H;c|;fQZ6p zFFP?&C5BLna?I+xXPVnWCPn~8)}8&6rMQBnp337?Qy;s8Ara_^5vfj}Wat~yb)jEg z787L%Ob+=&luh|lND*q9>JfsCHA4&VwOQR519Vfsv=n4cR_Wt#qnTn8V(V4fe-SYl z7yXf$0)QFaaK*yl;31HqGYbKFm6SbK25yZTXc5VLeEC&Cq}Vf~cGh(t1a0{Ufd z0R^CrfVQr-Mq%?!8Wy)G_>H}m0v6R;_0FD(%4~F7DNXQ?%FFDG{{W;f;rRyc%03}6 zLL=213T7wlwRJpPMC-{h@f|r|NUxUNEd$n?BU@G1XAEO>1D6Ww&X37Xo9df8dLwS{ zL(|$R=iywmkb3i!0vdE>pS1|M{HJof$1MKK^Ib%QdRg*>iiL%4Tof)XWafzou)>MG zs_bDD=XO?!+Txs7A4(MNM|qj01(3>hbfC>&6XiHq8mCpJnQP*L#>H#Hh4u3fo}4;_ z^Y33O%51b1#w(1PPr0tt7fksz9_xj}`zH3aM95wr-=kInj+TlKbnleG4G_4czKZFH z50%6abf~*}v?-j$t*~Fik$6JgJUE(ajiLxxUJ>e=5z1#cn<2_JK=_K`wLG6h&d-%# zX-t)cgAweoFVJB5mE%>qYre^@Z@S)w$JJv8*$HliWZs%10U71O_E>1?C)g)Py47n= zXd7Kk_?nHDIAIdP=`Kz^0U96si&DISSTIYD4LFWZkay|OEf%%WPbvM=Ia#)=9T_4% z%F6b!qzFev@Sn?UrxzKJglSNu9coq%we0g?r^pH%-!y5^C$gS#D@KK-1*@4`p@6;X zy);bu3E9fk0!xmGhMFUm)4~TbI9N8iw=9JnflqYebSsEvED^a+KB(b&mFFX6n*cf* zC)IHp#)W@W<783F%J8w7_gdY^+rph>?pvWEY~(6zxL`@9WNfiWVydg>1L7@S8bfPT-grsX;W7j9nF}ipKX=g0x=LbQOJy;!bVTqQMZc&bY@Z z{M_vQk<|-L)x{k~gwTPT6cN!j;BuoRYtShF0EH5BWM(O-ADVcBL?hbA%6Jft4@Hzt zF1Tad9)|{xGH=eQ#Ez3@xBmdO#yCXt0|uTPtV;VV6~&F(tkHxOuL$7R!<7EYyx7#( zC&&xJ=O;g(YU&6wtZVQt zb3pY)9-RvF1;lN)Dj|)~*K44S=u?)gg0!_6af-Ok$P|7kZWHXh*QQ2R=%am8m$^fr zM@(CFlaKwHiv0yoxJ|ay{{Y1t1;d!xG|XesFqm0!$D#+M-5)Mi&g{_Do+Wa)tG%_@~~Ql;FG}Is)Y% z2&ZAvg2aV|lZEW1!2}l#aPzvkCe-qp9J`>FdQuX}a#VkF|B_@)@t4y$^Sw8mCFyxIPkEgsJ8?c5+bmH*&nbFI4#SLL;DdgpO{FLS(_!IiRgG?wbLoQxCR?G+SIXJUi4@a59f& ztR>#%I?dD7X__99gzN>xFg(b1dUKG35-TZ&4acfz%FjRUt=htQ`ypstFUsNIZoE5C z)X6yAXH~(5`k{s9cR{-0p2}}%-`bl(Z`o%Hb;@BfFC{%cnCJokI45&7(VWwwXq~7h zWtD;V|jp)K2{{X_dT2OTO+nR6P=d4rAv^3CG@uD1z z3mw7AZWE-DLC|VEsEfDuO+=27$~{w>hOf)d&XR74n~Ej1APbHAZQGWgi8l8T3sv z9iWBH%{C)M2 zteQa5cB7cx9+J-B#!_R$-y(^O@4Tg^9C zOtuqNNm~@jB(4x6GfXVf{)ih6<5weK765>ql<#t`^ZQfjlz;N4m-`xg(0H3ZsRpvA9umEyLk{P`WxNr`{B}E0cs|qlZjYv29jD z6U-#0trwWnwHsDM;DVa?-DnqyItt|;sleGbnpqChPvVawn=}`6N@pVOx;aYCUB0-c=}w75B1Ibmm2 zk%f?r&QZ33W>#FB85vxEozuy^s0Hb8WnmwvncziUe$NN zR|(N6tt!WwY2n>*FrVT_UX~C1y1==Tuu!If4p~>`5L0Y$oeBMgf;m?DFaA-&)}K*W z;kIbw>YX!C9OUSndndSjui{9*$}$eL*#*qd6PL4>hXkyl;wxl1tpOWq7RX)3VHq;F zPI7F@d{5w`Ehu<#DcCw$H2phOv?s98;{=1#dzEktlYwg>r6F_qt*1h!Inqp_Q5y+^jv?!<9&jjZPCH& z)ONl4FnDf{+pEfdbqLROy21<0Dp3_C+b$p7Gz(WmChFE#3tEjAYIj4U61ziCtVyt2 z_aiu=x;bBTXQ1G%)242Xu$*mlKBOVpg`SW?Y2sb_!YrvcJS|C`OdfER~{ydDDU-#waAGAMqP^H~#=s5E>DKqQ!F7 z$GshVkf*b-M4Mh{S1=AUx_CPXQS7)u-o z5P?u8-5a7kp*-^(jTYSnX@u2vot7}22+9+HS7iPW`RjR*g*-yXA=6W>U4B>WKTQIM(vNiKI6aWR2i93{LFX)*Dn;1>ycM`~U8+1jq zRz}&b0<^pCue#z}WMHQ#Yr%>7lyV!NN(^e9dBq253V34ZkqCp#Ce^^QiS%2hg5!n6 zp3D$#iLgL}7ebq-pA0wxxTJkIM4~|UM9R!wxg10TR(O{+D=Tuep~_-v!CNCv5i*a$ z)KK1s!WQ%iwF#|2PV34pfGZ0t@mEjGpn#uLQK9PFui*@>DUOB}pV8-(_dY)>sbMJV zZu3U>VKK0MZmbI8^B}P+hJI8EwrK<1J&q?pyw?fJ4O-*sfe7nNO3@q%Thkp}IVV)n zEfzq)6!N)mUzK$h%xz4~XO~IJZ-?@=rt9ij-A#psb5CE{ULk6?S~iBwG=FM0=ynjE zWH}s7*At$Z2J4Oo`X8dy8Cs$|Fhc(TsL}UcRxD~!E3!sKc!8$@ zI>%P0&n`WxC8r?=^nVk5Hdf_NL=Z-l#7rqaDE5w5Y7^w0kejle%dX0dArbt)N_MB1-$zE?`ss=;I6SkNlOw`5gk7=-c$(6OrrOi@OKbj`r^U zJF^y9)T49>j9E98WZt9+-8u;Tt0NPYvduKELgDi{$e(0PD<4_~f~_Mf?_X|~$|Cu) zCJyvFE!OqI^I3Zp_4Un;ieQ~nj5V-;#z|P4AdHt9XvZJI)t|Cy@mhTl*OiFk5xB@% zI-zlc)r9HjH#g?lP4!usPA9VlQInxf?Qfx`izL(j<6%3rGGRNIYD&~s8mnxMZdZo! z?x2D`-6z9j={(f%P1CG3)`KDnd@Gt8Eti`_bXvGA8nqU#IvYO7*~nujWwc>!qK;6F zHd1~pvoTI4FrV7?t7Mc4ZWa*i$4Fm20z&5bqhs9$gz7%tsj!Wcd7gDTCI@^WjVZ)L z8g?AB(dME3Pt(<)u0m|@?wAdc&vY-k*QM1o5`;#Jbl3B4T?q3OOV1_2^-h4oU~fUo z#c%%r>3G}Oa9XEHa9+y>^z=g8(83y^3E2oTjm8CZnnl8i#W$dVQn*r8hJkB^w_cYW z$!1ePwu_AsX11n-$mPA$yCubaM4ytkqo6H&!m@0qnTNGH(Bn!%238t5_@#I`tPq(O zK*z5}l*)H&@PoK~o+;KB1~~Y;>BK zLdeak+pQid024vk=xdKQFJOu%mucwIo2@IYcSHXGm2($b4zHvdFu^%O4^xkZ@PX*a zQEe7fe6AaQ3e?rIh)vBfwNeI+)ycozJ;s8E?yX%6tQ(J>s{$dYa&Vi0{mMNCXGQS7 zN231#r^L8X82P5?()Oq{?LkayNxTJ~y==EwYgY9O>Od4A4zD#drW_!zh2nfPbQC24 z1s{ZC(xGm%;WPsEKLKKzP!!s3w_a-+M>eHA(}~$aC<9yjrb6ONcULsedA~{h7QG)y z>CjVNodWQljgN3He-%9+O#P8Y70&d0p;11FKs&A>F4v^N*83Cpe<-FXyQW5SwI1B!En^4a~PpkY&L2KYg%yTfdm)D zUDQH6($O|fj&cNa=$@MQxab$~hnIY&F*f5p4(Jy>lDv)l^kFd=^j0A|B+x6%kDw|{<_cC)|xk@MKr%oaMggU(Tbf`lhi%B ze)SOIVr#84(V<@*Rw9DqvQtWF^>NmM7EOZjpTa%Hi{)`b+o{kYaohJsWD5NC#OSgy zK_2PtO^vT12L;T5`B1hU#qBK#mT{Bno67U+-kC4E{{Zxa6MAtuNy2uWm7-|;_ZRyi z6m%mfAab}axWW$xC)22Q_eI2ir$yQa4hZtQ*99=K--O^s$)t4)c)rV1H4v}{i~j&g zgrRVu3gn0jRi$~9q1lwqCH|70;r{@V;y9-ko%%pL+o%R~rW(90&$`yRSv}s1Q(h47 z2YHnh7bg9Cbc=@bAlCCOPe+(_3jsmWJR)ihLLCg}(1pTteiPgru9&!j_Juso5*P5i z+pYsdLLxQ@U0n;KFGIN=8!i!{?(ljA2)g1k?zpq;fI`cOGqU3H$EyDTFnvKmZi_T+ zvDL!n^;|eYV%ECa!@Jh3xHl_m9Tq@C-lwKf=xI$MZ%?5L1m&WhQY1Jh_P5ZZBlkr5 zkMBnotMwfK6$n{tg=BEAD-|#Rmlc79=4Awg)PBi}5`t<96}C0rm!}w+&ruPzNkhX@)zJR{{A;~1426vS`aYhWO4F~+nhNi9R6-Tq z6=i2`xX)SKthSjbO5m}sTq5UBX)pk<=$w7Dt9gdYhC%m2)g%FVSCY77e5@vzLjB-` z+wQZi3gU&t5~aj_mu@jBtOrPHduBDVX7nYi>T5F-E ziM?B_2E`iYk~~2==Ek={T}DC=yR z&x9fX^FR#0-8S|`Tv9r$|61sOhpa36h+%0kiInLT_!j zO_Et;&v9IG-5#cm=2Kz5;Q*Or(e_dByfUM=gyBOC34sNgS`E{FQMA{7qtmZW)b#yd zh+m`X>Hh$Uu41GA03Uh@P33HK;+oJ}diPt

L5gKncY*Ifv}Hk&e#mJ=<4^ zD-sh!r!Fcf_C;Mbjz*YL5l-v-DWT|aB!nsA8gyZBfsv{J3s^0eEa+4J_5tMo|QPNhO*wd_|1qdR%GOV49BiWlT6R?Ul zj$gf6O0v3dd>J0Ai|_&@qPU-hWylCxakT}K_7(MSNOm^7ZtOi zTt@xV#G351)oQos7%Q~xlfDx|73{YzAqf+zBrTy4^0|E}bPO70WePj6e+bGQA4sPC8>78Nr5WUM)|yun6dceH>C)-i*M8y7 z_Cf<_1NM~T6X8u>WsPAphJgZTVL}L1)~l?x=^u3NVtde>gsvG(M<|t)CN)m`Ay%Vw z5JfzuA^K2g8M?;H$Wea-wZA}Wzd;!aPiC&9!qe|5p z8u(-L)4I{i>8}(IK)*dqE|X=#$;xvjx(FIW?SAAhlV;tMAe+C|Pb6Dr{Q3ra|;rHdbiS50ofwtT#@R zpjz|~FkC#`xiZn3n<+=Mbm`8B%4sS80P%VeGW^$XTwGFyX3bb5W1QRsh*M05dA<{rk3bvpa@e1 zVw&2rX^vpHmZyz^;=e1x>jk20{{Zb=>Y6AaVG3y4`3Ex9O~AtO20^ZcYtRz{cfnjG zC7(-?wu?0=_IQ}|au9omgny++%o5Vb4VbQ)+4KAwkUtn!MAi%|4sy*wtwO_nsFzb{*plZqeG;SCU|rwrjY zBYKS^x+@DM8^lvo&_G@yY|)@x6Y`(RB1md)utxOIpzEDF0@Na!xbAPF<4?jAD9|mC zOdqX0N!k-0n-vuu4Zgt)%GF~i`Y*b>&*GY| zzd`N|tARuOt0hX&ITYjfME%p`Y*#4wTu*h0%5TkF)bP7c<%O?CHC_>psfkZ6u(|5- zGpzKU%*<0v{{T^r%fEh;0H=3CQ0V%W>r${TR*Tp#rD}4A&35l!ZI=t2E*BB0qyhY} z+iGvt79k2geH8MVLM5k7kqZ?60F^fBZ{;45KC4?M+#L6~{-bQvi|&J9dh`SkOg&<) zxH(hXZI+7Bs`EJ-7~M@8<)=XX41XptxYO*oM5}rtigiVJjSGrh?1dfB0F$3(rYomN z7DD}E9rZ3MnC^o6e^46SlD54YE4J-+3&L^T9=D6n{VG4z1e&l~rSnh|-IHQK#xcQa7mgPxVl* z62id;PU+mKGLO&Y!Gwc0wafEUpIb3c!GeJVETt6s9>P&Zf zpoI#$6m*rQf1t-PpqR^#gd^_r{etG=d)YJ(YBV{i+M&$@6=U?_9eUUw{ggW)3QB3~;kVZ%JO#G;h z7@w8n&Q;^LwKRUVYyPb;4uu`F^Qx+2crg??@OKP0 zn#?Ar#&Z}Zu!j%F3=!NvVg1kAM~^2B#*dM>!f8L(feGAoD-qEjpynPq@<+#Wh|VD${T%%RQ@O*# zuMFeCwlMJ}K!M;?f>beQ(kqztK>R`9qlM8kkqp97br$tDH_JQ=g6@FUkI)siqvx=M#wQ>3km?JaG7_#3s<+ zhkrqaqvM|fGmjfQI`HBi9nW43eFuo@9y^EjoKAeOm8kgB$rpY({tjdG^A3K2xl*7) z$@_?TuQd-B`X z-j5%6PUUWQIF7t<&+?tb@a}aKd@fnUVT+fEa~>}&V-;6{Vlxy8%;q|dh~4-$$Dbdn z{^hOtffzFlcrft|qXM2snNaw0j=TxXIy^aN5Zotm*N2Gtr@+9QJUcuZ@@vM|4-1)a z@alCL$C!yOaWqY%sCjcg--LoOjt>XP+%%kdB0_WF@Xld4gy-mW znoqPPc&`W1UOyxl9u$<6@UIG$DsX@0`KeO8V!I}9)>NqdCx%<)pW*aBP0H{W{{XFd zxXn%H!a#_XFfUM#jZJ<0T|*>U#BiS^#5FMU;3T}KDBfOYNa`A3`C654F_!ajWtF&! z@%?xnkp?~)j*^!N=}O6x9OuRp{{VZrllPk?GlXn}IbpP65rxdnGm4KBQ;E2fGnhtG znQA5aheUeg)h$uHVp8!bl?%C~E-J!vJCyxFb27e$H&cyHCQVGmIK+H$;-QrFD;j|H zGjK3?Cd=0-rnb(5j<%He%=fbQZF8m%j`Wf8fXXxX@;n$8ll`0G#qN-QaeIL}2 z`k$xs1M9?nOSrY9%j1}MuRp9pB&f=S9(bIP(h)P^)Zp-Do(S_djMUa% zWzB@W$0){-aL!X{am&MGJe@;i{Y*4YW+NO+j!5Ij8TyazJNwRY=4}=^A&)%AQ%G%` z&U_vRP>&utm*bxdc<|0q<{k`wf-vX7mOGliQ%?kWoI*OBc{2>-#Y4gH?s7(R4m@+? zY2@9(#CPS4&yFTu1m<$a5avD({1b`C&}p1a&LiW8h2fk_i7Hg6AZ0$Y=yCjk`X8vs zVxit*AD`wp;`}h<>Eq3L>T@3tj(oG2&)@!VkA@yJJaGuakI#hqP99Gk{9Gc7nY6s+ z?mi57hcSU0us7nTiBq}M{Y=x#;AlKw3Vx&e@mrU2N5J@a@VJ`8aopxyIGoKqGmi&{ z&ctUhoxz;3;y*_-n0O=1F$0eTXA@+2^TgU|8DBw!X4uZ>Q2IhU^6DH;d^~yHGl|U7 zcQi29lh2MP5!aJ`7+{=7!Kw<%a_Vh})KPIYj^@yg;~pb7ekRNlY0eNHI!p1?{aiKS@<+v- zPt#2kGG`9oeq09VyM~@HF%zTg8{wF?D=;OtBH#|pEQPey;oX42EpWzoC7CD1)GdU+O zgBQa~8PAIFJ9s`h`}vbNj3FJ7kB`$w4CfugWaT(!b>Tc|4HEYqvix=QIA%oIL^G8`fs5VmNL4B zmXkr z9ti8Ax}Evra}NwYS=4;-IGn@59%nzS{T#=LeO*e7C-9qmL-~r8;-IzYe}6|mL-q3y zHQ@2gWkm6>FN*qDc{%WF!_2A7d_SgfG<=xqa>g3)b>LBlXgZF_>Tw?o{{X}1z{Df3 z4vExZ9M9EwkzuLdndM8aW$N5nCu-4t>OVk_5Jsxd-)u}+IZh`th)#SwN5*C-|$&_;~*SC-;42eFj~-9$r4D>OX?K zFz@1Z^i;5hPoeO`XT*GS<>SfRV>Cxn_by&%4C}+c8_(%u;ioX}aCmh%hlf-9U*CpI z)q&d_RUR2j5vqVA#Ka~ae&`C&OjQ;!;i;v1I; z>%i`FIGlv0N(sRqxr}AvI*d0toyGxk=PdDKJ;WW9<}eV0WkZ<#VmLe+j-|)RoXecY z!5^(2rdCcq=#N;ygw0Pl{s)hrSO8 z%zSg<(?6;H;2RVGdz-PrJ}MfVrI+E~f?@(w-*UQ;{7v|0?H)@TN|y!;4Qjdl%-Qb( z0^-eS{Y&t(pACH^1Ql(O@^~O?JM{&s?xr1<@#-d^8;)bY9sLa0QmIy&u6|-B&FVUx zL&3isc;NA;jW#gg(T;`AV-JVL%yS;$94IG#9HWu4KQLb=)MA}MW)X9l%R#tQD^rJq!2n->;$hBYEUaFxk8pMiXa48FUM@Z#0gn%dUN|G+ zmk$eZjY}7d12{ZNN>aR5%a_i7~WoWC#DU9;Hqw)+-|ntOg1PKc;)a)S(h0Avi&nCn;&V9 zeSYOc2*R;=J^8_-;(xnAUu1PQe9k7sL_r>*+1Z1JrG+Zhj)?2Ql$xx$jB1Ml_px8L zTcNBURGd-G@h@_cuL^?>nZ!U;vhqRDrVmU*klUC0{{X)pk1~Jzg*SJ#`bT*kn)9k& z3;9k+{9<=BjyA>libbwI)0iyXTMnaMk|xU~h%pPjBM8PipNB;qn?8mSZlZ!?gPu&a z$C2^GwPluSf&T!%%(w>ve#jYZFN)lJ&SB!)rn{StW&6g(5|g;`I8;#dH7y_j{PK*k zC|_zi@Ob7ihMCmjRLDV9bax9wORoHf=ub~_nv5z}PT}B;xc>n4aA+u3_bW=jKL~v< z(ZS%0+>|fdD2#jJcL~cV&LU7|f}?%UqmnLX9zIH~?5L0`f8z%~lS4@AD`FER10hW9U~&EFUN8a|rxfR34R_^D&_DvxUBe0PUy z70VrXsX_=@DpXAZsp&-xD|#S``Wz3Os8`x5J>95eW@{=}+ImjD(JNGG?PZy?CcYOK z@#@3l@QLfiotF_oA4F6K;B`OxXgOukn5Y|KJ|SuI%mw2qpw*BZdCGMjMx$&k*A)&Y z9x>uPzSDWN9BZmyiJ)}*^3G*5lrsjwpZc1QC80j18sUkZIkmmZp_K|u{{Z;=%Ay-z zv!5JCZ~YOT>ls%KtaQ)ZoJ+2*+*~ZPPkXuS!ofdC_c%NhVdQuJ0Evua8qM`MO}_I) za=2Ps$7^Qmz(3sC3m>U45;?W z?(PYn4MG0^jx!ERRIg|f6E*$_uHSQqs%cL9m07=V&04H`82B+~_xa`#aDD#()J02b z<&3~1PNkG&Z0wlIuA-NSd3+k2o*aB@?;XBhh_mEJb7^_<{{ZO~-D`~EUxp)VD8YSF z5t z$O&2D;!_212e>r%=7BsxVN3a$=-oy?>xWS@!EaL;J3}(mMGsI|XJ#epuV9*GCDn5n z)l~TLv_t;@nO=oEU^cCR=jIEcHB7)DTSMG4YzkpetXTy2@4(;9Et9nmk$*^=h08ae z6rp&yEe61MJ{gb7G=&w2K~O*X38)aEZ$O;OKelL=Tu?4%8D07u%*kxDo&NyRR(S9@ zAmB?b9$Id0KJxapVfU4RrC(B#I&EfQ%Bk}N&LFE$j=W%-s(#Vg04-|3xFcrBU0U&B z;$LAtVjbx*)7``G0G2M!55#BcVDKxMQSwG2f0zkq?w^=56A7;7p3NWG1Z%pRh5rB> z*wDwWe|8MC`Scu0p7rqUHqTMdbtGkJzRS#E8NAXpGCvwRmk4M?h1cjnfsO0j;vO%- z^e9)&{v`yjR#d+XHx|K&h{wi&k=r#Kc;b6qbCJEpIlZyeBjMs3oqYTRyS~3trZ<|q zW&N`q9t`+aV-j?!(jL=(1V0*cCQ0c#hn5pb%-ZUy!4e8OBHFuW2>53(mT1brgWU>! z%Jwib3H~T=gKQ%h`QO6JmfZWZ2)XS&&#f?dPi?m;maU(U;;#*#SUhXKkp-LrWPg|l z8FIU4E+vjhP0jxR@$*vT=9k_l)#7@DSPUJ+;$)vPgYj{(lY^POg`3m@OXV>~-e173 z%Y(2WW3N(*<+B;^9zOp7q!h?|Aq6e~+@nC?y!ZtAh`pNmfZIhut)WVcHYZR`C}}6! zA?s;lQC((-%gY!J%!pf5eh{xNoiGNL3AAS~6L-V=%n8H*Od0}bmZc=2#irgKVs>&@ zY$5A%t~kbU4EQC7twrO76+m@7V9HYyw&VUrJ?zq%S2!^p=B@WJg!gbnXtp1Tu0o6P z6O%i=1R8_;(U>F}IEo<0FwW`Yv$9!OqJ5=AIIG9n2nnWCT~|1WoIzJL!?#^jCf{3k zIH~dmUJ0;n2N4Z1IW+Ww^aftpL4kV~Frf7S{bBioXK7;muz*F@elsm~>C|^XSJo<| zj-oPJm4&lJcpp*HS*qqtR#(%AgIb_&k5RwCDFX0QKNyu5^p+#_knwbHs%5R}2GM2n zGg@8YScT0Tv<$uK>|+k)Arl^>T%D4P%>w2!X6l5$+87?DKIVjBUNH|k{{S)6E`fR( z%7(*M(DpXRqZ}U5vm-PUNs8mYnj%P9R%v1FM-!`G4t*Z^8f(iSJdqS1|xX05H?Cl%_Kp#2K)XV5b*h3az~X) zFm0GS8zMt_r!@e;HDqvD!^7X41`2Ijl}1pbdhQVny*f zN*NlPEt!*kGh!?+SetQjVrOo;C26GUd|e5HJKgK^41+magtN)-;%TXo`{H7uYPHQj zd6y6DoG?MXMeFQC27#Lo$APl&KG47RBv94+YnI0);KUA1XA`lX^h188Yx_d{r!_U+ z=D@U7F{}%*5uB;bdxCA*IP$$j2^Rd)5#J8X+x{=*GRgGRP33W^jP}d+!yfTdv24I! z(;p-R)>(x^WvsZAHiD=@^x1eKvc^zh_Z$Im0^0qFjm&+;zp9Jk5jQc^$pw6bD6w74 z7q(+D&y?hFy3}Hg-0cLZw(2 zH9NLNBA)^HOajp5x5+76#obB(G!Avc5Ntd2X6y==@IV9DT$!qY>z6o^hhB%M#iqfE zhw*d?2yhnwaIbP&ZJ@jy z#1)Uo@NqAlR*!g@VAK{|yZ-;Vg3iKm1fq7W<}FMR0O>1>$WkrUTh!gu%!KVg zf(z?5pRwH#Vw5$^az7D-7pOJ945O;{OFxwLHk7IH(4DfK(w}c72XMgiKG>7jF}aiX z7$r%7IhMYMq$%sz|?;l87umYBI^;V(6q=xE^o0CMC* z+A@YnPyK>luMXwkfLTZb_=e|o2kKuuEx>_pFBG#CbcZQ4V%$2^XcCny7@ELtDPPM< z6CaclX9#Xv=2482g&_g)fJ@gOZwrO1meqc#Z7^>lu=6!!GcXbHsi=`fXA^MRMHO!e z)C?bKAsC!A!tVZXO*4t`ebex5jm=PBsMNXX5UiMUQ6SPEX^f@IcgX;KieZ?Wpz8Ni z48ZC45mOi>v_8WPoUbyHPuc<T8z9S+=T^w;}Ovwo?+MyDL~1#S7GKOVN%Oc67yyQ zxx;}UZUaQ>JkD5OWMysp>2YS;a|J<#MM)`@?1b5n{kV$If;xubSW_+WDS~PqfVOuY zXX9_gQ?n3DpPU?%h%S8-07wtzL}d9nk1cvZ-Mke$Tp*WgfSXvh_2`yS0{8tT&QnhW zV>q7&Bx+frW?hw?&S8xc*$T--+XiFLbGW#DjV3L@VbwTae8Qu?kx3*sXs>pSM82bUZ6o3&uU!S*@}y`zFA)q)*Jgx zY@n~q8bP&~il1Qa3jw(rfcFO)ihY?`y6QH9n;4&oWcP#98a9ydn0DZb4Y#}zsQ&=2 z*waA!ZdOBD_fUj2EOGNH3*er~33btKaSCal{!l139uRihMiEP*?A%z#18)RN>BN>o zhTDT0w;`yl9CM4xZAC)<7#wOb-@f9wcM0!_t?lM-Mz5IQTO$bw{l5?uS;zXH;HoFV zA%Z$#%fjV%h|1vfLlwogekObZfu@jtnN|M)u3~n+$L4E; zozR@lj}Z&bp!SezdE;r21;Eq|p`@)oip51$v*K5WhPXfO3NHs6f~ONUb2gM%VX4(q z+{Nqv0Ete!&%lKQ3$36s&t} zlpg-6hoWkfR+*`94Jwr`iq(K;y>2Q5QhXk!7<6Z(JtFoM;Z!U3mbnV15B8Nz#U~#T zr5Tm~0GXA(Fnq&<2Y$UqSlKrg{{RVe0NGhsNAZca z^BFJ1Rc^85YBa4rWdTm@1Y6B>xEEw$@g|YtvyTf&o~IY=#=BPUxJ1q&4fLOxN4M`- zjYE7CaRkd^A=0#?TGoT0~pJ~$<}{{TxU%|D~Sz@5W4dnQvK0*$K#A zh7r8SV6JP3I;3u;+ryYOUeClXuly!Py`c$xv(m6MC9B?4!)4R9xs5Mj6Wkg0mX7mf%O(rosESg%l|}N#wXEcu;uhdV)DDSCy*1Ku(X<T1_fTh(mC3G9SS%{rW7gqS+QwltE&Ia7R+1>exQxSh~8mqCkK1sR|Y9`uNNP}+Ca=^7e zxTOvyQ{A(4`yxYAjKJJ#1$0k=_9auvo7@J*pS&I{rD$WecEgBpVz5nHJH)SJ2d(0K zYR!8+HoAV6o(@o~`31wR- zjhp?JJyCl`aE82+dZsLp71B`${8)>O&a}9R$?+K>7psj_+_5vX4^oA#UxUPcjXuA$ zsZze0t1rOYS{8@y(9dlqyG@*Lx zZcEE7-kTtr`c1@UXACk)zu*J1L?9(4jLPqYL;9BpqTq?>(mRUe*xbj5PKh^1ziU$y z)W-cp6uE4~dxbg=wA#tM<8svWk6C$cybsZ$w-3<|gqTVJnm4i`ID-c=zMv(3Pz6RXtux+8Z3+MxiZ=$fn7 zZWJ71TUGw16z{ys zhSsuv>VCXZT)oX_p*SG5&6<=WhRKg<%_hWF_Dnk*T-&VHIbX%z{?nCC_M_(9(yq9e z($GiL7^lT%Mn>Eo)=K1w^*92?YqplCq~cT)KsVN22o!k zz`mhy9+MG|D?5g%8qOvyV#o=w70mTuzNTWYoIF`P9o%;zD)?xgpx`GI=j{oIU5pml zHa$NQu9s#ymypI@#P|bmsH#;n&Syo#?B+CGB%Rfxf-0hD9TSPpXj8eIx)$2GVYT|0 zvUw&1Ze(PZXOy&)WwB(Zxs1V)>4s+V;{GMhp)U6rjs(s>q-d3&&lNh0E-nrsAg$9m z?GjXUx)(Xm7W#_i@+J$5f~g8^wxC^s9O5~C)W6VEmhIF~OND;Cd@Q@p+bK^+`Bhj40*H9e}L?}$> zbsJKa2M|Rk4NHO{^_~9V%EOKCaj9P#qg05+UO}c(y^A3F#cJm+jTSxv7JeS4dO}P0 zNp*5@7Q9ywv4TLz`a6fpdgqR>LOqUy+uWcLA~@Pvdt0Mi}tb=0+V1xdfo8MrN?@Xsxiu61oWa{nh^tSqx2dTy)WC*ik8D+v)`7NYceZ7YXOz1q zzEfanbsLEFhBu)w>_l3H^D9H^8%~a%a*IL?_Ir-YPr4S3Gp$d~DE&)HM=OJ=Sjz$J zjRy3$Wk+nW;o-C9H5WzD$_&c;6Wl8`JU=WJgLa@&sX=4Y+_h29 z_lau3oFc-Q{b}$9`jr?R$57)Zs9a7}b(kDYk5a&yKTu+|ZQB;&$D|QVC#F(ZU=qEQ zRa+?WnYSs2IDHm8%l8YEG6AHdjz6YeDFRmz%;8MTV7ixp!|^c?W_*ae;yo~>u3s|R zbWE2S?jqi<4}5XUE-2z_yI{Szf!?13GjIb{iIk=;487d9RWBqh1j=YRJxk!@kt=K| zui68s)Q*#ADIs@f%JC}NWljj?_9FIC9^8nev zL7WE?^JbzV-%)evVoR*R)lbro1D#U32=j^;tdWC;KWnyE_eO2BUYCVJR+$noE#HkE*a>gV1 zO_H;QqM0{}O8i|XCxUBD&J@Sw@K7UdbrYIWo_aB zMzhVt=Pz-16>Fcrj^ipYFJ(BhkhO7p{B018MjKkmn z^<4enkmzDl(O{L-JcXi=TPO#k9JOZ0m6h0MULoJ`{laFO4;}kG%KMG{+|=&p>R$=U z58M9$jw0UW^Ay!Nqp3}rxb$8R`9lD9oITEU`&A!!5W>>%*ZY=q0$WKtBIp%`iZM>@ z&*A~bSTg*omr#(T#hh30IRtN{rcyM|VSn7AmY%#l!*GzTek?|YHfl_N-tjlUCx%|wN&mR!J2;!het+PAZnu|_I&snzj3_buGnQIn5s$XAc z3jF(=8oDM)GU(4fqBfCIuLL+Xj!{_u0I6tV!`d9MX_=LIxn#}7b&TTB2XvPSB2T_0 zMH%wh2o#A}{jnOX7m+xZ8%2jiwJU_4%0<)S8&as5`;))4tu@>LdN9M%0SC9@2q+x= zEn)|;7W-DS({KRj4gy|Vzp&I~*%;Xt?%y%gJF<5Qp={j3b4sX2JAhZ1`x0zQztBqO zvrwgWs@xXJhzO=wHrc689WJ)|MD@4=kNcGPiKscRne%4nqH;F-M_{+Pz%TM6$`ulw zVveZw#J|jCvW4kPN{UPsdVn#;yv4J5D8k|Vpd+o87Iz18BwliCJDTKUN{#zyLXZAL z6nask-9-+tt?Ma(1?3nn0TB$2B_Ooh%PhvOssI-;9pZ0+`-Famc+m%fmnIllpSVUg zH8r|}+)9Qt32(IR(^4F_x2NJBDn(;yl%>|C$xm(E!CZdP15+l>rAIVz$B!*7I))>w zRK&tQ#H*vog4X9Mp=zexZAPBrej%15U+#D#St{Zx z&BRxSh19YQAw&)!&R|H-7aL%Xs5#3UnXt?ok?X@Bq%ZWM_&)+s*`7Fa^ePXBsJO$& z2hS1KCE{0lG?_GWxtiq#*ANp*r;=V;9DFgUg3%v82m8&DaDDiFZcVHZ8ZM{Iqvk6y z=@NKjn=U^LS5T9~KN3>DF^toQWj<0%WFpN(M+=z{dV|tq1W|WP2OvYzXM!Ntt}FU? zF3U46{C?qj!!XC#C-hzsU^UPUvl$n^FR|(sbXH9>OqQ{{W!NhK{YMfF*5lW3R@B z0=w!J{_ubWwwH(!&el_dlX9=H&VMkIV;GHY&r1bVfvoo{KOmZ$;$o{vyNDbT-4*sU z#bMp{ZeqbvoP$#GTFtqN*5v#mlrNL=n+mB{Sc##bTA%pg0%s_Abs1PD(xSfD`v|+_ zzlrb^{2(@Tr;msPS-QH16xbY|$Q1+fmp3bj{&R4wL10V%>QVcf9YJPVE9DHQV3Yp< zFsS{hgYl0+iyHSA3;V^Nn*E_rXQouvAhKQ=d`d?rKQV3tM|Bf)a|r$MdCMWnWrByQ zyKWeqVuiQnglsP%?sNKy1!k^aSg=D&Won`++g{}aXy@B8W>CUf6i#7^+&h_9I49%_ zH*wVpw5(o}o$3CjNgyFgZTPWQ8Dn!)J04sa|bptITYrqRAjIW&l)1L`Igc5 z#uG{t6RPcqhKpP`3dY<%M022pIMP3$Te`j=7;eqVuH$3u&b~KUdM4g(Dh?@BY5)*} z^Ud3SYLzR9%kg5k#98jM9QuV*Ts_>mL)gwS`C{cr&K9Fw;8)D)Qu;{Q{^>2v_aDt~ z!99S>Z03Yi8jfXkto1g7*i;T?rRhu;t}b9(ZZP}8s{Fv5Hh;30n^N1s6b!7tv}r-S zM>{x%4SJInD8A`M{{VDGTIh;38)~ag{{RxDRC^zVmF|w)#0ov1D~5Wa7;%it8lC9L z>JfrPEmAJ(OpK>8j`t1?jz0NEGtzo_g|k+-4~sL|vWk$+gD+SPjUkAPMvq=VtU)#q?ExDorTvkwY)(9g3Bn4FXa2`dBEZpr{?mZO z_s3p8rvd~UDTB`s?tB3z{{Wu{ry+X2Jxy(tU;Z%%BJ#~xh*>Mg>xF?EY>uOyZ*vN2 z#c>nMcfR8AWI7UO%{S+mBsiDNA-B+rteSiMMg>vWb8%nBl+P0R=j<0M9cSFkv_d_m z{{ViTef2OA++4Y3lA2~ZGoDw1D~Tv=!B>U8H!9^9JluJL%mZ7tD)_LMsxKv1xo2@Y znFyIe2SwUO##FaRJ;jydSY|faEo`m_sfu{OfgKCm65?+M|%GN%3GUz@;_3GhDl>{X7Mj&G%wxug+}T*!m$B)1Mu8cz)Zqfw9ncu zLBz}^^5&-{Hz|@sfuKgrDJC^Oik5+FimT!=MHz*3PJWl#vFqhjX@She1KC{qg{n6C z{K1s_q-(XqpYt=?U;PPw{{T!0S}=lCsa|$FxX3<~_l5~|O9{`5b8w*DErrL0iV%ju zCUDV*aG z&APbde&=!0({KsFH?Qo9&c8F)3X;nuP6B}Lt)YUGvK5p(^ zGv+4H0B5E#8*tm~mUV2Y#5Vde)L(2^5Y4cz;O}J7!@mX`ByvX62A|Zh$aV7y0DQ)U z89jsl020dX744cW$>_zmH)IA`Sfm_GAyDMGlK$&z1q zZfuCUxC$=cl3I>ck55o-jSupeZI+)NV2m+!2{|+NzA@Y~2N9#iSYWTmkcZc?>Rd$Q zFIqZ^liP#b_t{L28m?WlI4|juIYlsztS{F7OY^#95%XY8a`S?B0NHY&) zU@N7r=EW74!Y$tpcMs-L_-{<5fZW5_E~^X9V`SdQWSCeOrdFJI zb)HGHyK&s0Dp#*c^~s!t7`Ey)S`YHJj79?Sf+(qoZ>ub~1+@4_gDnnayB?-`8Xhn2 z>IoKt-wDU`e~>R7t<`t>mqsQ9o zx|AT1jplH72T5a3%4Loj?FE&Bl`s!OMdA`{u)cEC+wL!I!3$q6^%KG!2lR;_o(6uz zV#DBE=+cHI&qE{oLMlAOceMO7{DrcJ0iDbk7Fgooumu)!W^Zhth;t~8%OAw4jtry- z*&4#3VXp3f1j($t^C>9!PK16XB%MfO#|&;QPVoe$fNfz|Gu$rjy~M(%1O|Hq(UlU_ z>w+pa1H&}%{aShq=kw)2t3x^R5JEp+KrvH3yMnP2W1h>@qP6kbBBsWfIbUiq8d zc0DAxa(5_}kJazTc80!Nfn^Ekl>ikl1Nw+JOH(~@ER7le0DM7EZjTsu$qZO5S^#!zjwK3K#zGc>&&r{o{k}3sn z)C8?yL9KW`k<1<-B;#C3Qm~wm?5}_K>RV-KEu-)K!g*_`&x}C)l@gUgJ8>?zs2dhm z<`ynwSJN=oSBr}je?@8nuW{lIEv_g15pTl&*_TZf=2$_lwGv|wBQ5N3=BEUy17PKZs1T<`}dZopYn@;E7z{X`i^}HkcWWPj4i~HYQ2dF2Rl<1p2>dXB&TJFM_kJ zb2$jr^D-8`!VCL064afTQZLL_Iu$qxvv%QSjdSJy0J3K}sL(BnydTsxBbRNTFub8P z*Cf(t>fp`;nT__!W<8(p^BC@9hs<^=pq3G2?9^z|`2EeuvMbl-Y>l;BX9ynHSfFeF z0G19)8MbP0KGOQeVAGv#?p!ksMA3o*y$9l6cUfns7%EwkB)O`aiswb}LI$$*~B5(PaRaj2nFoWUI8hB#OC0(wo)O+y&btw=Gz1I;{D07Um zjIaQs2Nwf|pi_$CA5i=WRej)wI>BtgXf2#`FN$@GX|p}^A20_>%m~NbUocQzU*jxD zHr)EC7vn33?=b^4X0vq@z|yAG4%)BxlA{6pP(xzVr~{hw2!+B3Irp{{)Kl(($hbvc zR;oLw=H*0XS**$>s}wzPH}{M!d=L4Jx}A=rIfIMrmkktS!)6b)dW=9kqhB*uCLFUc zaLb*~inRUb$h>IdXD3hx!>>_L7^(fo2WEa@nqjyqK2;FyFSm1_KinnCAp1aoe6>LbBLC=Ms! z0BM=^`D&FD+wzr1Il@e9jCbMsliU*O_B`!L(*<{jxR7g@OSrG@Kn}|w%vQ_?gchUL zbO4HST2;ufUYYJ&Ewi2F25h1kAi8LKn6z7rVg~P4b2q?q0x>}EJ`8-Nw^noTnobIt znhimp)FOB{9{GW~dzg1;y-jnb8%e0FDfWuRm~XJktzM0UO3Lp-dzhNIK4#z!j(V1E zZslZ9@Gc2;ExcfC&MbOo#q;@&UwQk{N=x-r`;_XaVE+Jkx`GKkR2#NjS2-c@MeW{X zv7?BX7odSDEk5kSqx(!Yit;GLw?zA!>aHSkitZA3KiUu#7K>_#IhKBrYu%W>ePAN4CzoLfFO0kdU#RG=M_ z-VpL98YVqF($zFjHz4WxQg}#r|cGS*HZDeV$?# z<_K#$Me%8W46sE}UZd^!c92~d+j~Ap(OVC+$ZIBdUZO*mk^4pUY+0OPZ>+z<2RxBU~<&1P%**G9O*j0=`^kEW@b45RIv^s|R(CQtoJkBvNt*ex^ z2u<%75JOz-;tF)cC$qXL%TD+r6_6)7mcQ^FN}`+DF^e#B{`?o*0E_@2iT3D#&;!(T z+y^3bufR>Euqj|~ag%w{Evngj!x>I#-{Vh-JIXtG3_bbFl}B?1N{6kcyvXV3{r3JxpXT$%sCaf~MII z#6<*BhHFDG4h-H5Gl#6?1fQ9ARpu92t6~e7Ain`7CAL?u7cLay3u%t#+47EUeiW*F z%tZY|GPL4zH@JX^I6fkV()i6yP|T4l)6MW&!gzwjzLT!%ANoI+3g(V32M z@;@nnP_t_D@!L3a4fAa+`}d~z$L=~8?`HxdznR#I9)?6 z`I5q24RLH>PVg^pP~n**X#fjGUuj+os~W`ptS+V;$JQ!PlgV%50^lP$8EfVQ50G;? z+zNLsCkUC&80VOL4sAhFC zl$`{rGGU2Kfwh0AAP`yK*u?qK?I7xWrstIWkr^)6`GnH2A9%hTeE$HX%L+Vyq#C(e zz=qyfJX&OcB<%a&j%5O3dd0vfl_2Ny0hOjDXCU25^Ai-3oJIchT3T;s#A=dOc|vh3 zADDP_Kk9=umHf&pRu(SqHP6G90o{fsVfrQy*Br_+%_DA>)!Akr;j~(o~j86PczLHnvjaOks_B?6u8R{4Go%WPChb?`#DzI`TfI60` ztMY201B2{MkOV3t3k8Ri@hh+OD2{pah?D~^-N*hyqNus0IDueQO&_1caoA?M);SK9 zT-ah=7qD|GZb2O;KPfF>X^F&LKNIga_b@~qJxbp(=l~8Slb}k>Zkpm)@VE^r1iZ_d z;AL=P{{X}$1@IW7H``&JCJe@{sa2gvxPRQ2N_rBrm|H`UX`JxKb-7_pak^qQSY@2C zDy-2i9hD-JF!JJ87JROvxr|OLOiKq&QrhcJi>NVm6nw~4xUb@D%|T82w=->5uvk5# z0rA{Nt~!XMje$uzl|^oP9_zSi(B`}U0LCC7KmCPT1!fwW z^NMdV=`#Q$+=!1ycjGfUv&6l2wEqAx8rZS(C|C^t0JH_;32faLiC=_Ey)xt+R9k!w zV&Bd0$n}4qoaBu&1q(h!fW!X)VHYh#iANikc1u}P(#-t8LSuvbl%}==eXS0{{_D{j z=Cj$Dp>9fHs4|L&(mWq0%%Mnw55#OofDYrJm(0n(N>YU~@)NPz?E^aeN}6ppWGz=P zfQ~Py4cxtaLBYhN;So0|;s;ln8;ohU0Uni0ODa|;1DJZdKZHidjlnGc0NNIH{oTf( z*dfKkYvGodzTH(bMcbiGQX)G%DIOnaN3h9*J8$B;u2D_V&)FybiU z;@5fDZSTNGHwwQtvhxj$pxrzWiV?v(l>l)?Y1#qF9Q>lZRHU+5+{pYtFu;LO$bR84 zUSJ|{4vE5)hRZKAj~Io?O^Ljd{hZSXA8b2IMqN+9NpWz(R@cl>G)Xw2lDLxED1Jz*8+sy1)9td2`;M zWLYV?d=VPBIP}U_vA4Lu!tPU3v4KE<^28NFzM$n>X8GL9LhNA6#x5ARa-jy%T=Q@y zDc#TM`WH2Ur4&I>3%Ioz>Sq+4Mcz-Hz!jee_KWcacva_m`B`VQpWpkH*X?ZQwKkMr zzK~SYue1_d02E^optor{9HlQaY+z58XoV|P{{V16@axV1f9k{-;LH0*FvEj+nE{oN z@6MKUa^OKb6wXH}Y{`i3FH=l7?5!A?cwKIy+|}SS`4G*)UOPkGj+htuVEaqiFDDfp ziE0DD;m5>Wu9W;t8&-^I8KeEP;zRqLYKZQIGUesL&wBVE3-rF^)JWv-)Nkxxzc{rm zOf^x#?$8o65$he{hCKs}a}r|v0%RYZ#7h#G(UsvV>1;v7Zz!$hn4*sqqy7pe!F1bG zcEcwK9FcoWG#=$ERBj0^&+;%7pIuF~bcOSy0?jTkU7DVnziR!HHPnq^FH4T=4>0u7$2>J0m~sGy^v znt-L|r)kjnGb=}=4tHRBoZLjbm-eHTZm2BlXtA}o~LwPYf~ zX8n1&2D$KE09h2B^|J3kg~qYtR4@Ih zn1Gn!_JFar2-OrTj!2p{%4V`|n3#jJieFh7dqk@5s9*|G=Ngtn*-z;+W-q@VA%}zJ z3R-=MSr^k$QRyO-CF)pZ;Q4_c>!1ZGzGE96$m*()u2oQLe8B$twFm*3d-=F2$}1}w zAz>>?^At5=%o9|~_Cd4_B@kh|sh_J9Zm=qf;4f3LH>S6VwN}7`d!PS%@IxC9Zf`T(3+Vq&^tTWR)bQKi)d0 zUF7+RuTbP)Bgq%=CUzIum{fa>EWgTB?&FnWl?7PiGY5I*H>nr;GZBq?1a}r1e5s~T zqFMYK<^s{XmIbv%K}KVwQtQ;Zs;*dCKY}7wDa<$7Et|{4xlQZ77&kFF&9&|g0_P8g zx<=KSoE5OH1-(ppA?lTbSoFc^KQZWos1AOIOyFV>lreAYMPAjz9LuP&Rp80sBlHX( zaWSEHO%pM38n1IW)0ab0HSf0LnNDHg5u2drF*4m`(;AqL8U9&_HYU+=DzN1SkZFp^ zX?Uu;h;O+`kQVrjjMG1QWnVL&96T~A%}>4$xeb#=+o(@tDX54<*h(V-+}IT@la7cr z3j4hJ;Vv_e;(u=#{-&@wX7%$gYj&A!r8gc*f|FTaUBQL3C%+a7CuZRF7rYSN-V6RQ z=ceZw>Rp!^hUNsxH**XGafL8M?0IaN0;yasS&k!!?)Mg@ZZ+GwPLXD75{kCO$z$qu zbfoS9P4f|t@(FM{g$9hZjbu(}TA6ZY^?v0K-KHjJAK7`FNr%L+Tq8+x>tj5G!vf%0 zpU}8;+Zm-*oy691{{U&5spZDMxr5r2)9=);APnhi{Y!HJN9@XrfjzVf`^F|60yg9z zt%e2)%AV!sdJbp4dz?b_y|4glWAB)Ex3w@q0mx;+nRoY>-4*tT4H%C>5c@#^>bDbc zW2*8^3pYBJn9CXpRQZ`p3_6C+R=EiaM+a$>q`97zg9X?6NQ$wb{^7r|aE-P90PF27 z^juV3VEpsqq0B$ID+Kjo_0B7p)(^mgU?G#aRq!l6rC5875yOl}+uYNp#Kfx6O4%zB zB{mENibQ_VW>Peh*~E97h`6!67LOl-{luBOf>jFM80~`~;FX7gSpKCXy#}ZvAN5G* zdH5;E=@s7C$_|bZFS=zW{VVpw@FL@ALS{|^rq+p!1NR7%YwA=N^?FDb-9*j&66m%Q z?Gne??mi;+DicTT7NjLH?lcG9cf6gbGo*M*k8n)ie4NaE;-+Q2U^O(9V;Ze0W{FX` zVU^>kg4l|cv<{QQm*yV&G#=vQ)a6QPP)(no(17(kkZ(pLzQozdDy90FvR~ZwOONL; zm=h1uwdcuRrtj=Uf4qm=$c2)~t9MBR3gK>_an(=Gpi`g+;smH7Ez~mHre<)nX-pFO z=V!!!;v;hVkGWY6am32|9nji{wJK0?DUXgGB2uYE&dtiZD7s~`GvUmlycQl7P~1hI zGgntqvgKKnZvwjJ3?Aj%Jmen=!fcrqj}44fOfw8>zA-#;VawovbA$I96iVa5v(eg;x&dw`Y87Tr~4Njr1r7&@s)&O4!~`!rAG3tS<%Mh z_7-j5^){hVFC$lpW%Md?Gi&dN-I0Su*-=rMw}U?Wl*a}<7N|Vp96G-&T3Uor!g z5e5=pof5D5^*t^m3UGuk0n=Q;Q$_KE}^@n12?4QBTX zPzq>aoi2!>tzK4)4tbQ(qz*0N*~TKb!cLiw{{T=Xox>pU@bMX@ ztM+?`464U*9+-Y-Js7Y$sl$nlh1DLVweGK*?TJpgR>V`@^Ka5w;U0;G2)XW#Awfd# zyy8Prseu*qGUPYx)SBy}7N%QHr_7fTHU|}&ivUu zDc>OLYyS9`J!C_NP_t2nGIJ^_n2ylyYMX8sinzm5-1Ausm%5EEb5ukz)TC=GmlwNqb@_@wu z07djZYhwpK7mhF2&oaT?=v49H4)Qg%ke(Q8HLuqLm5VUnyh2 zVGvsLvnt~j%zcKm`I_vTJwuTJN1KN$J&%m(8@g7RuQ&JW^<-PJaRwO5!c zB@i49#qC2Itj}emtC!J+8XiA)a;&g@!!9LJ_#zh|`~+`z&&(+9L7aR|!2HON8{stj zs^Eb4{0f;RNlKb6T}|sPOx`vvFS4aoZLyWS**G;gi)E;j1Yl9SRPN=m=z30LEtl-^ z_k@UA#nZaIGPSSWKGNliWYs)G=BcdW?i+HS%*5DBlXDg8I}EO|-8TsKic6ugwzyZ}DuiKcRDI zDUgGS6^`X{SY)?nQy6L=?E*BDX`3SxR7I_^qI2D11=g8EUE`7+#VS3scAP>|hE&u7 zn6#o&oS9Up4bVy<;p3=A=}AHD{{XDACMV&>uk1ibl;3a#V?M~qMthwCVet9pOX;k| z(n01_BARMdb`3lsM%`6RF+*`u{8pE)V?T$!0hCJ3Pj>)JG>roLBVD^)buN9$9k*ZH zc!_0OUzwIC%x{678Zg{Q5j;R?+rn{!m#9Dh!39kwrm`U8Oy@R22PiB*F4;~zQexIH_;NO^w7Simeu=BQG~_1L+GqAjmcM)SMx?F}@t4V+xL8L#CVrO7q8 zyJJ}Mg!3?1`~*eJZ8oWNy|zh__?$y&Xa4|k2$o_P6gTl6LxoLrBUdaij@+J@WYB+^L+x8p`zYMZGl&WFSgpZxLy(1lk<oD0gOi-N<9`zFxi0gnb3gL8tamV4GBt8VI|LWvc9J9V!0oRnS{2;;cIl%eiNFN{{R=+l|Q*cT+)~GDhu-jcL>0A=inP-8~rl- zuDOAa!bVY~bg{%G35J+*)J|Y4J3Y;32?2Pu-C9>tkl}Obl)=Ha}w{UvxwAb!Z=Pu<*xyKLK)#`r9$lP28fxAb|HUhR8TSs zifXOt5Q~zo$=bfjp8MI|{{U|f7fu_TK4SWC z{o~@FKV#I-6Xl1&@Q6A*GA^y(!~yW%fX9vgK(|8ur}%O-IaHaIF~Ce29%e|9xDd<_ zUo$4tK+s`~>OZ;{Lt>D{$AFl=Yx~Rg#lp@7s-o=OZWw3I8=#E?Dak!l3|4g-?)qgI zfV6;f-`ve*9mm!M5%fZ=^=>+6ro8P1fQp3u<@Bj}OFwdHbvOyF_5M8Gq=(_CvuARpYaGNwM!eAV!g}Xg>S2z(Rpg6M51x_mpE9p z)%dSeTet-*a+aq6{E2xKaHT$iaT|xCru)`0wU58zBNf8;xl3^CYJ7x4aTGQa7pjSN zFYCb#3Wd96JC=LbUol*{Q#cQ?FypcF2qnXnQyFm!YED^bD}2VNU}KF+*Hq3e6?;~t z=6&W?Qm2Lrk&*~g*#wnx5c+qS?;MPn0iQ4^L96WoGFKvdBQJQo(wws>BO!YbC@}+5C~mPC zSO#gCm^zW_CBVKjIvU~wx(!OKmkOzuE9*5a$i^4$_=I+*`%4C-wJvdkV!QFfpK#D! zOv^8rEc9k8OlN&1s(e~r$(ErELEDCqCqub|Kvdb8caQs)Zc~Ls;Gf`JB#Ic7;a(Nz zGUdyI;rc?&sv~>_MQQO-jA1y^Kk8-G*@#qNw#wV!`Ax!e5;E&dZRg4WKy>Oqgm_gV zR6i^5=uSf(iAY?zF2BJk@aHfD4z8-8nk>{VEEr3@@~MrYyTK4Gu4a~r1%>0Ns_U|4 z#`qLq%-OK(i=Gc&1bkmZc%V^XzU z^mPPHIX)jdQv~MjGcYdFr`!hPK48gS2WzJvGc)vy^Tlmcs={b`W@4&g^*5MxSJ=w> z;vjDHLwJ}ooyr4`W)N~on!KgNcGP0kvh6YfO3DglXBp6AyM(Q{V46n0BAB$i`jx$} z@Pn0v*SyB)IddBzRyB@y86R^k?ZX9NoN+9UCT66%SE`Trcu^WgULqO?scy^W17_jY zKQOpA>SvW%`Ghsd{{TswV)S3woJ<<$8op+1w%RrMm&Xx1vQ>~)4(sm#OuuEuyMW=J zWV*PB(ew-I5rj0l!g-DT%o_*nLBS1T^>To}ltZ60J|cJ;238o`vUAb=o^bPZ=1|0X z#eQPhOvuGdhZLbY?gwYEr|KtFVTNJp`D!X3FFeJkwBx9+5|#`^SBDs5^D{@ccTAUDl_5M{stjzCLe+!3d04&M_%&Yb@MxFE3<-lj%4 ziHUvDT0)2>7s)zH`6mhXSzmF>@zCDFvN7>QxxHdp)jBK;k(R!gXPvH)L<{QQL)b@e&;=FH&)-kO?JjJtFZx*4Bi4WVpYmUA-N?qT_$E(Y9UC#Y-?9T@6?2CE+^ zOD#(SETXT0J+!3`NRowG>FO=xT&4L@_sM7f0GgOG_u}Huyt*0>XhUpXOraPV8id23)>*93FMjAVg z-x#j*EYnEG>o7!CJ;o@xZOcp*zoJ@OoUhXX=5$|C62K~8PNC_dyg_%FGs znZl!gtqav~A2R%K!K346$CdX4HP#uk$~~C4yPV$%l+AxK-&$+ZF&m=GY6F+iSb@xq z2lqE0vM?~C+n@6n(fCj7m#~?a>J+U`MJc6#aZoQ!(bYv>vXU^jr=X0w>7Bx@LgZzr z(V1x$}{A z;*&r#KERdqN|h_gUsfXhBB^^ymiV5eeC!>v#PE4}X)I-!B*@Xxm{wS+LIlg=dI23g`?1T@@Epm@bKZG!wq(gx`=e;-Fk>1UkCa{BUP_a4Qe{q zr9zLAuJDL-&oZv{VQA5CGXqgrKbe{v3OIxl4pCdG3l_66kNjhD-aRIy!YR%1iF89s zrg9@xk4!R-=Sd-Uz@fd|c(*U!KiX44s2#dlkG3lhP-Tu&W#7C#r=+I&j%W!SPsk!v zq#Vp?04(WixW494wk+EL6pK>j%NdGDK)z-W_}ckW0bX^8vhF!^>RMZZ%!nMI3>jqu z*D);f#06=Q+;iHbwl7D_F$^m|5RkY&Y6&Xo>zQMBIM~I#ljfFlFw9lBsdEteMPY#8 z@Rd-|Ao*fu5W;7P7eVt{6xY zGn-+qh=yiT8jZk6R&)#%(M$36K|588bv5CTLXCDz4?aD|1xY{zCDxg19>pIKxmA@< z%2r+tJx8*Y?uVCT*uQ9Ql_g8{_o|FS77KM507vjL$Fa6#>sR) z+-^SR*fE~xf*h-PKC+vBBm;w`%8sCTx1rU`r32(YO(jXS${9Im{s})7= zGd<6GZB%D6<(M78T@B5zQijzAq+g}@<`mUUejoP-X336-Sd1hG=MR~SbEo%5cnO~J z?lgq6-IIcD4tN*^PQJ&k?p|y?PP`-mkuusG(3uE#FJg;Cmd+m~CB^qOCl5rZT?>Nw z*oz9RG>uD_wK=~tnS92-;s#pg{Upy55sRCiX{`MuTW0!+IAhMfFd^ga8`Hl8z~b=x z&RHBX{xOCUwA)TyyQ8AX35N3{(}r zNlyatFH?VFB4eAkk{9bb%c_!x=4QF>ZtEH-2nXaw#QYO7guF&-UX#%R?TmyFiM6t2 zjtH9=zq%V%K~o`aBRw4%lbtgJ<=ml%YvL`b%Wt@4+wejz7Susn_cGGQwos(lMuNiA zsm(A$WF?!R!|JDS4^=YhUeY-5&1Pcdfl`QUAG2*_e^Y`(N;v(1* zA20|S35hV+iY^g@c-8zMJ>LW&PWzZm-dxNg`uYO?pJrJoerMq-StuBd24M6?oXc=I zlz$1#yfsjJjpqYj<|0fBl3$4SnIkPex<1Eu6TD0MO~W~Pss`yWG~%h;E_dvQH)k@2kr9IY%j6-vF> zqEg9wbW17OQDSBG5Y?HGnL3gLa~TqRM0CAJVVWKz6-VNIu>8%&?^Nzn6#A3>N;cN) z(hzB0+O^Q-)Ha61s2BW8lmWjjDf=t%Hhr@WU`7(n5R`N{!Qpu=Tn=6mTda~0+ZdO&K|qw)CCXbOIoSR z53VH>I+hjU?pM(ohcGDJOg?m>@yRY*7Vcldl9K!%JSNy4;5>N0Ed=FIUny}&cvK}p z?c*dFYPPc+%K*7>Xqb8VkI&F^jWSnqpu0|^Ybf%8Tz^#FoH26Z7UD64If=k@CG!$9 z4qE$zhScy`8s%i)=PI_*l=v=Lb7fM?q*yh6;U@6zU7rFZ&i&9l$&2gpKFlBq+KaiU zt#j>&^!8xK&GyT&G)LxcAeM>lON@$3)BgZSU6r&D@uBM|Wmk}DT`(rzJDNZ-vqUtm zavy1lE`Y?;dq6lSrG)`)7JiJa+nZ)(c)35Ri-@H)S1r3;r{-fYosg!l{6LZYN{h;3 z7niA!8TZ0Kp=Y=tJfRM|K|y$cwmJ=5vx98G_K7XK{{To{l8okhDOb!N9@q^g7jTFC zA%MclbvM~Ft)MU7Q?E1&OI^i(0l;)l8ABSB{huTj$9@2@G`+n+VSAX9S%`8(#>oBq3I>!MpVprS_L#ifXeFt@@3bUjt{%U&McLTR1E1)Xcyo6&%MJn0NYKrN=fkfezeC zyKrK^;3M=srb%-tX(%bCBKjqFONhlW_Y%r%X`DdDA$2Ip#me(WJtn-|xo1#Um>yUi zt^ul*?o+u=<&zU0E)Mk{T5e-rrx4;N1mC$|mw`!76Bsb8PrSW%B7h%8C$;|obO6>D z4+L=XrPB|@FL3bF!g%`=f6T_>M!4`Prc(Scl}Mx;S|%2Sa;VAbC+3z9f7Spr?pA7s zn5?|p!*!E1Sy%T*LzSCMjQGhu-+A9rHy9oR_F`TRT7%{u;#N#oxk1!RONJP{1f@3t zL{+l$aoi^^r7U>dv6gN*45nIbN}E4%n5$v)j6=k7zCzlW9AQ{yNDqk6_=khhCk}q4 z{6tm^;g+ttm7?6=tjwH-uxc_3K-^Nk<`U7T#qL^cXh4;Bv~GI;011eD(H)HD8aJpA zMZ@8gR1cnJC2`yw4SSsF95Xz?ksP-vp7CjxJ|()BydqUh9s#>EwhDC`aT2@@OZOQ@ z7hP~+4C7qh7i9KGLIR7=i$lSa%uVnkK{OaB}IEK;cX$bm77pww1zu^*-Z=2e^s(NAi~T zi@aEX?gQG*{05nhrRKmijj~*umAuO|2tc4TxGq*6tqfpYlG1GCiH-xwKhz<8W@~pZ zC>&q930l-QZMv46+Lb7zcg^K0st^ zi?MW>T2`Ugf3hQtzjRWa+81yEy+ARve`TW?LMpkM>R`P8{AxS-T&Ji}StxcC6>J_Jh+dYZNi0bJoTSNDZjZ%f*(Nda-ES3RY7CGaLF0jb2~H+ih=JxC9Yvrg46t)e?0|odLNO`MIhV89;!