From cb6777065f0ea58393eb88514feb97106b787da3 Mon Sep 17 00:00:00 2001 From: Nisan Itzhakov Date: Thu, 29 Feb 2024 11:10:07 +0200 Subject: [PATCH] v0.2.0 release --- docs/references/crd.md | 204 +++++++----- .../version-0.2.0/advanced/_category_.json | 4 + .../version-0.2.0/advanced/extensions.md | 27 ++ .../advanced/technical-overview.md | 305 ++++++++++++++++++ .../version-0.2.0/advanced/tips-and-tricks.md | 33 ++ .../assets/files/running-tutorial.zip | Bin 0 -> 1971 bytes .../assets/img/bookinfo-alternate-version.png | Bin 0 -> 61803 bytes .../assets/img/bookinfo-shared-version.png | Bin 0 -> 61305 bytes .../assets/img/overview-sample.svg | 1 + .../assets/img/source-labels.svg | 1 + .../getting-started/_category_.json | 5 + .../getting-started/installation.md | 94 ++++++ .../getting-started/requirements.md | 52 +++ .../version-0.2.0/getting-started/running.md | 236 ++++++++++++++ versioned_docs/version-0.2.0/overview.md | 61 ++++ .../version-0.2.0/references/_category_.json | 3 + .../version-0.2.0/references/crd.md | 218 +++++++++++++ .../references/custom-settings.md | 41 +++ .../references/supported-versions.md | 17 + .../version-0.2.0-sidebars.json | 8 + versions.json | 1 + 21 files changed, 1223 insertions(+), 88 deletions(-) create mode 100644 versioned_docs/version-0.2.0/advanced/_category_.json create mode 100644 versioned_docs/version-0.2.0/advanced/extensions.md create mode 100644 versioned_docs/version-0.2.0/advanced/technical-overview.md create mode 100644 versioned_docs/version-0.2.0/advanced/tips-and-tricks.md create mode 100644 versioned_docs/version-0.2.0/assets/files/running-tutorial.zip create mode 100644 versioned_docs/version-0.2.0/assets/img/bookinfo-alternate-version.png create mode 100644 versioned_docs/version-0.2.0/assets/img/bookinfo-shared-version.png create mode 100644 versioned_docs/version-0.2.0/assets/img/overview-sample.svg create mode 100644 versioned_docs/version-0.2.0/assets/img/source-labels.svg create mode 100644 versioned_docs/version-0.2.0/getting-started/_category_.json create mode 100644 versioned_docs/version-0.2.0/getting-started/installation.md create mode 100644 versioned_docs/version-0.2.0/getting-started/requirements.md create mode 100644 versioned_docs/version-0.2.0/getting-started/running.md create mode 100644 versioned_docs/version-0.2.0/overview.md create mode 100644 versioned_docs/version-0.2.0/references/_category_.json create mode 100644 versioned_docs/version-0.2.0/references/crd.md create mode 100644 versioned_docs/version-0.2.0/references/custom-settings.md create mode 100644 versioned_docs/version-0.2.0/references/supported-versions.md create mode 100644 versioned_sidebars/version-0.2.0-sidebars.json diff --git a/docs/references/crd.md b/docs/references/crd.md index ae35a7d..8fd4ad7 100644 --- a/docs/references/crd.md +++ b/docs/references/crd.md @@ -1,190 +1,218 @@ # DynamicEnv CRD Reference ## Packages - - [riskified.com/v1alpha1](#riskifiedcomv1alpha1) + ## riskified.com/v1alpha1 Package v1alpha1 contains API Schema definitions for the riskified v1alpha1 API group ### Resource Types - - [DynamicEnv](#dynamicenv) + + #### ConsumerStatus -_Appears in:_ + + + +_Appears in:_ - [DynamicEnvStatus](#dynamicenvstatus) -| Field | Description | -|----------------------------------------------|-------------------------------------------------| -| `name` _string_ | The name of the resource | -| `namespace` _string_ | The namespace where the resource is created | -| `status` _LifeCycleStatus_ | The life cycle status of the resource | -| `hash` _integer_ | Hash of the current consumer - for internal use | -| `errors` _[StatusError](#statuserror) array_ | List of errors related to the consumer | +| Field | Description | +| --- | --- | +| `name` _string_ | The name of the resource | +| `namespace` _string_ | The namespace where the resource is created | +| `status` _LifeCycleStatus_ | The life cycle status of the resource | +| `hash` _integer_ | Hash of the current consumer - for internal use | +| `errors` _[StatusError](#statuserror) array_ | List of errors related to the consumer | + #### ContainerOverrides + + Defines the details of the container on which changes need to be made and the relevant overrides _Appears in:_ - - [Subset](#subset) -| Field | Description | -|-------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------| -| `containerName` _string_ | Container name to override in multiple containers' environment. If not specified we will use the first container. | -| `image` _string_ | Docker image name overridden to the desired subset The Docker image found in the original deployment is used if this is not provided. | -| `command` _string array_ | Entrypoint array overridden to the desired subset The docker image's ENTRYPOINT is used if this is not provided. | -| `env` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#envvar-v1-core) array_ | Additional environment variable to the given deployment | +| Field | Description | +| --- | --- | +| `containerName` _string_ | Container name to override in multiple containers' environment. If not specified, we will use the first container. | +| `image` _string_ | Docker image name overridden to the desired subset The Docker image found in the original deployment is used if this is not provided. | +| `command` _string array_ | Entrypoint array overridden to the desired subset The docker image's ENTRYPOINT is used if this is not provided. | +| `env` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#envvar-v1-core) array_ | Additional environment variable to the given deployment | + #### DynamicEnv + + DynamicEnv is the Schema for the dynamicenvs API -| Field | Description | -|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------| -| `apiVersion` _string_ | `riskified.com/v1alpha1` | -| `kind` _string_ | `DynamicEnv` | + + +| Field | Description | +| --- | --- | +| `apiVersion` _string_ | `riskified.com/v1alpha1` | +| `kind` _string_ | `DynamicEnv` | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | -| `spec` _[DynamicEnvSpec](#dynamicenvspec)_ | | -| `status` _[DynamicEnvStatus](#dynamicenvstatus)_ | | +| `spec` _[DynamicEnvSpec](#dynamicenvspec)_ | | +| `status` _[DynamicEnvStatus](#dynamicenvstatus)_ | | + #### DynamicEnvSpec + + DynamicEnvSpec defines the desired state of DynamicEnv _Appears in:_ - - [DynamicEnv](#dynamicenv) -| Field | Description | -|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `istioMatches` _[IstioMatch](#istiomatch) array_ | A list of matchers (partly corresponds to IstioMatch). Each match will have a rule of its own (merged with existing rules) ordered by their order here. | -| `subsets` _[Subset](#subset) array_ | Who should participate in the given dynamic environment | -| `consumers` _[Subset](#subset) array_ | Consumers are like subsets but for deployments that do not open a service but connect to external resources for their work (e.g, offline workers). They are equivalent to subsets in the sense that they launch overriding deployments with custom image and/or settings. However, since they are only consumers no virtual service or destination route will be pointing to them. | +| Field | Description | +| --- | --- | +| `istioMatches` _[IstioMatch](#istiomatch) array_ | A list of matchers (partly corresponds to IstioMatch). Each match will have a rule of its own (merged with existing rules) ordered by their order here. | +| `subsets` _[Subset](#subset) array_ | Who should participate in the given dynamic environment | +| `consumers` _[Subset](#subset) array_ | Consumers are like subsets but for deployments that do not open a service but connect to external resources for their work (e.g., offline workers). They are equivalent to subsets in the sense that they launch overriding deployments with custom image and/or settings. However, since they are only consumers, no virtual service or destination route will be pointing to them. | + #### DynamicEnvStatus + + DynamicEnvStatus defines the observed state of DynamicEnv _Appears in:_ - - [DynamicEnv](#dynamicenv) -| Field | Description | -|------------------------------------------------------------------------------------|-------------------------------------------| -| `subsetsStatus` _object (keys:string, values:[SubsetStatus](#subsetstatus))_ | | -| `consumersStatus` _object (keys:string, values:[ConsumerStatus](#consumerstatus))_ | | -| `state` _GlobalReadyStatus_ | | -| `totalCount` _integer_ | desired subsets and consumers count | -| `totalReady` _integer_ | number of available subsets and consumers | +| Field | Description | +| --- | --- | +| `subsetsStatus` _object (keys:string, values:[SubsetStatus](#subsetstatus))_ | A detailed status of each subset | +| `consumersStatus` _object (keys:string, values:[ConsumerStatus](#consumerstatus))_ | A detailed status of each consumer | +| `state` _GlobalReadyStatus_ | | +| `totalCount` _integer_ | desired subsets and consumers count | +| `totalReady` _integer_ | number of available subsets and consumers | + #### IstioMatch -specifies a set of criterion to be met in order for the rule to be applied to the HTTP request This -field is immutable after creation. -_Appears in:_ +specifies a set of criterion to be met in order for the rule to be applied to the HTTP request This field is immutable after creation. + +_Appears in:_ - [DynamicEnvSpec](#dynamicenvspec) -| Field | Description | -|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Field | Description | +| --- | --- | | `headers` _object (keys:string, values:[StringMatch](#stringmatch))_ | Header values are case-sensitive and formatted as follows:
- `exact: "value"` for exact string match
- `prefix: "value"` for prefix-based match
- `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). | -| `sourceLabels` _object (keys:string, values:string)_ | One or more labels that constrain the applicability of a rule to source (client) workloads with the given labels. | +| `sourceLabels` _object (keys:string, values:string)_ | One or more labels that constrain the applicability of a rule to source (client) workloads with the given labels. | + #### ResourceStatus + + ResourceStatus shows the status of each item created/edited by DynamicEnv _Appears in:_ - - [ConsumerStatus](#consumerstatus) - [SubsetStatus](#subsetstatus) -| Field | Description | -|----------------------------|---------------------------------------------| -| `name` _string_ | The name of the resource | -| `namespace` _string_ | The namespace where the resource is created | -| `status` _LifeCycleStatus_ | The life cycle status of the resource | +| Field | Description | +| --- | --- | +| `name` _string_ | The name of the resource | +| `namespace` _string_ | The namespace where the resource is created | +| `status` _LifeCycleStatus_ | The life cycle status of the resource | + #### StatusError -StatusError shows an error we want to display in the status with the last time it happened. This -*does not* have to be the only time it happened. The idea is that a list of errors should only -contain single occurrence of an error (just the last). -_Appears in:_ +StatusError shows an error we want to display in the status with the last time it happened. This *does not* have to be the only time it happened. The idea is that a list of errors should only + contain a single occurrence of an error (just the last). + +_Appears in:_ - [ConsumerStatus](#consumerstatus) - [SubsetErrors](#subseterrors) + + #### StringMatch -Describes how to match a given string in HTTP headers. Match is case-sensitive. one and only one of -the fields needs to be defined (oneof) -_Appears in:_ +Describes how to match a given string in HTTP headers. Match is case-sensitive. one and only one of the fields needs to be defined (oneof) + +_Appears in:_ - [IstioMatch](#istiomatch) -| Field | Description | -|-------------------|-------------| -| `exact` _string_ | | -| `prefix` _string_ | | -| `regex` _string_ | | +| Field | Description | +| --- | --- | +| `exact` _string_ | | +| `prefix` _string_ | | +| `regex` _string_ | | + #### Subset -Subsets defines how to generate subsets from existing Deployments -_Appears in:_ +Subsets define how to generate subsets from existing Deployments + +_Appears in:_ - [DynamicEnvSpec](#dynamicenvspec) -| Field | Description | -|--------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| -| `name` _string_ | Deployment name (without namespace) | -| `namespace` _string_ | Namespace where the deployment is deployed | -| `podLabels` _object (keys:string, values:string)_ | Labels to add to the pods of the deployment launched by this subset. Could be used in conjunction with 'SourceLabels' in the `IstioMatches`. | -| `replicas` _integer_ | Number of deployment replicas. Default is 1. Note: 0 is *invalid*. | -| `containers` _[ContainerOverrides](#containeroverrides) array_ | A list of container overrides (at least one of Containers or InitContainers must not be empty) | -| `initContainers` _[ContainerOverrides](#containeroverrides) array_ | A list of init container overrides (at least one of Containers or InitContainers must not be empty) | -| `defaultVersion` _string_ | Default version for this subset (if different then the global default version). This is the version that will get the default route. | +| Field | Description | +| --- | --- | +| `name` _string_ | Deployment name (without namespace) | +| `namespace` _string_ | Namespace where the deployment is deployed | +| `podLabels` _object (keys:string, values:string)_ | Labels to add to the pods of the deployment launched by this subset. Could be used in conjunction with 'SourceLabels' in the `IstioMatches`. | +| `replicas` _integer_ | Number of deployment replicas. Default is 1. Note: 0 is *invalid*. | +| `containers` _[ContainerOverrides](#containeroverrides) array_ | A list of container overrides (at least one of Containers or InitContainers must not be empty) | +| `initContainers` _[ContainerOverrides](#containeroverrides) array_ | A list of init container overrides (at least one of Containers or InitContainers must not be empty) | +| `defaultVersion` _string_ | Default version for this subset (if different then the global default version). This is the version that will get the default route. | + #### SubsetErrors + + SubsetErrors contains all global errors related to set subset. _Appears in:_ - - [SubsetStatus](#subsetstatus) -| Field | Description | -|-------------------------------------------------------|-------------------------------------------------------------------| -| `deployment` _[StatusError](#statuserror) array_ | Subset's deployment global errors. | -| `destinationRule` _[StatusError](#statuserror) array_ | Subset's destination-rule global errors. | -| `virtualServices` _[StatusError](#statuserror) array_ | Subset's virtual-services global errors. | -| `subset` _[StatusError](#statuserror) array_ | Errors related to subset but not to any of the launched resources | +| Field | Description | +| --- | --- | +| `deployment` _[StatusError](#statuserror) array_ | Subset's deployment global errors. | +| `destinationRule` _[StatusError](#statuserror) array_ | Subset's destination-rule global errors. | +| `virtualServices` _[StatusError](#statuserror) array_ | Subset's virtual-services global errors. | +| `subset` _[StatusError](#statuserror) array_ | Errors related to subset but not to any of the launched resources | + + + #### SubsetStatus -SubsetStatus Contains aggregation of all resources status connected to set subset. -_Appears in:_ +SubsetStatus Contains aggregation of all resource status connected to set subset. + +_Appears in:_ - [DynamicEnvStatus](#dynamicenvstatus) -| Field | Description | -|--------------------------------------------------------------|-----------------------------------------------------------| -| `deployment` _[ResourceStatus](#resourcestatus)_ | Status of the deployment that belongs to the subset | +| Field | Description | +| --- | --- | +| `deployment` _[ResourceStatus](#resourcestatus)_ | Status of the deployment that belongs to the subset | | `destinationRules` _[ResourceStatus](#resourcestatus) array_ | Status of the destination-rule that belongs to the subset | -| `virtualServices` _[ResourceStatus](#resourcestatus) array_ | Status of the virtual-service that belongs to the subset | -| `subsetErrors` _[SubsetErrors](#subseterrors)_ | A list of global errors related to subset resources | -| `hash` _integer_ | Hash of the current subset - for internal use | - +| `virtualServices` _[ResourceStatus](#resourcestatus) array_ | Status of the virtual-service that belongs to the subset | +| `subsetErrors` _[SubsetErrors](#subseterrors)_ | A list of global errors related to subset resources | +| `hash` _integer_ | Hash of the current subset - for internal use | diff --git a/versioned_docs/version-0.2.0/advanced/_category_.json b/versioned_docs/version-0.2.0/advanced/_category_.json new file mode 100644 index 0000000..f935884 --- /dev/null +++ b/versioned_docs/version-0.2.0/advanced/_category_.json @@ -0,0 +1,4 @@ +{ + "position": 3.0, + "label": "Advanced" +} diff --git a/versioned_docs/version-0.2.0/advanced/extensions.md b/versioned_docs/version-0.2.0/advanced/extensions.md new file mode 100644 index 0000000..1667d2c --- /dev/null +++ b/versioned_docs/version-0.2.0/advanced/extensions.md @@ -0,0 +1,27 @@ +--- +sidebar_label: 'Extensions' +sidebar_position: 3 +--- + +# Extensions + +Extensions are a way to make local modifications to resources without having to constantly struggle +with merge conflicts when pulling from upstream. The idea is to keep your custom code in a separate +function (located in the `extensions` folder) where there would almost never be updates in upstream. + +An example of needing extensions would be to add custom labels to a deployment that does not exist +in the deployment we are cloning. The procedure is documented in +the [extension package doc file][extgodoc]. + +:::note + +If you are building your own operator make sure +you [modify the image name in the manifests](../getting-started/installation.md) to match your +registry. + +::: + +Extensions are currently implemented only for Deployments but could be added to other resources +types in the future. + +[extgodoc]: https://github.com/Riskified/dynamic-environment/blob/main/extensions/doc.go \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/advanced/technical-overview.md b/versioned_docs/version-0.2.0/advanced/technical-overview.md new file mode 100644 index 0000000..3d10465 --- /dev/null +++ b/versioned_docs/version-0.2.0/advanced/technical-overview.md @@ -0,0 +1,305 @@ +--- +sidebar_label: 'Technical Overview' +sidebar_position: 1 +--- + +# Technical Overview + +Dynamic Environment leverages [_Istio_][istio]'s mesh capabilities to launch custom versions of +deployments and adds special routing based on HTTP request headers or source labels. + +## Base Elements + +We use the following steps to set up a _DynamicEnvironment_: + +### Terminology + +In addition to the fundamental elements described below, here are some key terms used throughout +this section to prevent confusion: + +* _service-host_: This is the hostname (short or fully qualified) used to access a service. +* _DynamicEnv_: This is the type (_Kind_) of the custom resource. + +### IstioMatches + +IstioMatches corresponds to a subset of [Istio's HTTPMatchRequest][match] (specifically _headers_ +and _source labels_). _DynamicEnvironment_'s IstioMatches are translated to HTTPMatchRequest as +follows, each item in the list of istio matches (regardless if it consists of headers, source +labels, or both) corresponds to a single HttpMatchRequest. + +So, if you have the following IstioMatches object: + +```yaml +[ ... ] +spec: + istioMatches: + - headers: + end-user: + sourceLabels: + end-user: json + - sourceLabels: + end-user: joe + [ ... ] +``` + +This will produce the following _VirtualService_ HTTP matches: + +```yaml +[ ... ] +spec: + http: + - match: + - headers: + end-user: + prefix: jason + sourceLabels: + end-user: json + route: + - destination: + [ ... ] + - match: + - sourceLabels: + end-user: joe + route: + - destination: + [ ... ] + - route: + - destination: + [ ... ] + [ ... ] +``` + +:::note + +_DynamicEnvironment_ does not provide provisions to forward headers or source labels. It's the +tested application's responsibility to forward headers if needed. + +::: + +### Subsets + +Subsets are named after _Istio_'s subsets, but they are not identical; they are conceptually +similar (representing a subset of service endpoints corresponding to a specific custom version). + +* We identify the deployment we want to override based on the _namespace_ / _name_ provided in the + _DynamicEnv_ manifest. We then clone it using + the [provided overrides](../references/crd.md#subset) (with minor updates, e.g., setting the + version). +* We identify the services that use this deployment, so we have a list of service-hosts that point + to the said deployment (there could be more than a single service). +* For each of the service-hosts, we identify the [_Destination Rule_][DR] that handles the default + version. We clone it using the custom version. +* The handling of virtual services is explained in [this section](#how-virtualservices-are-handled). + +:::warning + +Be sure to read the [virtual services](#how-virtualservices-are-handled) section below. It contains +important information regarding our handling of virtual services, including limitations. +::: + +### Consumers + +Consumers are a special case of [subsets](#subsets) that do not receive traffic. They are a +convenient tool for creating a worker that uses a new version, possibly to connect to new services. +Since they do not accept traffic, we only clone the deployment (similar to subsets) without creating +a _DestinationRule_ and _VirtualService_. + +### Cleanup + +When deleting a dynamic environment, we remove all the new resources we created and eliminate the +custom routes from all the Virtual Services we modified. This is done with the help +of [finalizers][]. The deletion task is synchronous and returns only after everything is cleaned up. + +:::note + +Since we use finalizers, the same limitations that apply to deleting any resource with finalizers +also apply here. + +::: + +### Status Explained + +The [status][] is used for both conveying the status of the resource and for the internal management +of resources. + +The most significant fields for understanding the status of a _DynamicEnv_ resource are: + +* `state`: This field shows the calculated summary of all resources managed by this resource, such + as _running_, _processing_, or _degraded_. +* `totalCount` and `totalReady`: These fields display the total number of subsets / consumers in + this resource and how many of them are ready. + +For troubleshooting, you can delve deeper into each of the _subsets_ or _consumers_ statuses. Here +is a partial example of a healthy subset (subset names are uniquely generated based on the original +deployment name and namespace): + +```yaml +subsetsStatus: + status-updates/details: + deployment: + name: details-default-dynamicenv-status-updates + namespace: status-updates + status: running + destinationRule: + - name: details-default-dynamicenv-status-updates + namespace: status-updates + status: running + virtualServices: + - name: details + namespace: status-updates + status: running +``` + +:::info + +For deployments with multiple service-hosts (more than a single service pointing to a single +deployment), there could be a situation where a specific service-host does not have an active +_DestinationRule_ or _VirtualService_. We do not treat this as an error as long as the service is +accessible from at least one service-host. + +::: + +The following example shows a subset in which one of the service-host's _DestinationRule_ is +missing. Note the `ignored-missing-destination-rule` status on one of the _DestinationRule_'s status +fields (The state is still `running` because one service-host - `details` - is accessible): + +```yaml +[ ... ] +status: + state: ready + subsetsStatus: + multiple-services-per-deployment/details: + deployment: + name: details-default-dynamicenv-multiple-services-per-deploym + namespace: multiple-services-per-deployment + status: running + destinationRules: + - name: details-default-dynamicenv-multiple-services-per-deploym-details + namespace: multiple-services-per-deployment + status: running + - name: details-default-dynamicenv-multiple-services-per-deploym-details-alt + namespace: multiple-services-per-deployment + status: ignored-missing-destination-rule + virtualServices: + - name: details + namespace: multiple-services-per-deployment + status: running + totalCount: 1 + totalReady: 1 +``` + +The next example shows a subset that has two services. One has a missing _DestinationRule_ for one +of the service-hosts, and the other has a missing _VirtualService_ on the other service-host. This +causes the subset to be identified as `degraded` because the service is not accessible via any of +the service-hosts (note the error in the `subsetErrors` section and +the `ignored-missing-destination-rule` status on one of the destination rules): + +```yaml +[ ... ] +status: + state: degraded + subsetsStatus: + multiple-services-scenarios-no-working-single-host/details: + deployment: + name: details-default-dynamicenv-multiple-services-scenarios-n + namespace: multiple-services-scenarios-no-working-single-host + status: running + destinationRules: + - name: details-default-dynamicenv-multiple-services-scenarios-n-details + namespace: multiple-services-scenarios-no-working-single-host + status: ignored-missing-destination-rule + - name: details-default-dynamicenv-multiple-services-scenarios-n-details-alt + namespace: multiple-services-scenarios-no-working-single-host + status: running + subsetErrors: + subset: + - error: Couldn't find common active service hostname across DestinationRules + and VirtualServices + virtualServices: + - name: details + namespace: multiple-services-scenarios-no-working-single-host + status: running + totalCount: 1 + totalReady: 0 +``` + +To get a quick status overview of all deployed _DynamicEnvironment_ resources, you can run the +following command: + +```shell +HOME ➤ kubectl get de +NAME STATUS DESIRED CURRENT AGE +dynamicenv-sample ready 3 3 3h17m +dynamicenv-simple-test ready 1 1 12s +``` + +This output shows that all subsets/consumers of each resource are ready. + +The [status][] page contains full details for all fields. + +## Workflows, Events, etc + +### Getting Notified About Modifications in Resources We Control + +When we create a new _DynamicEnv_ custom resource, it triggers a [reconcile loop][reconcile-loop]. +Every time there's an event related to this specific manifest, the reconcile loop is triggered. This +means that every time we update the manifest, the reconcile loop will run. However, this is not the +only event that triggers the loop. We create and modify various resources (Deployments, +DestinationRules, and VirtualServices), and we want to get notified whenever they are modified +(e.g., deleted by mistake). + +Since we are not limited to a specific namespace when creating/updating resources, we cannot "own" +this resource. We have to use other means to get notified when something has changed. + +We use [event handlers][event-handlers] for this purpose. This occurs in the form of an annotation +added to the resource. This annotation (`riskified.com/dynamic-environment`) triggers the configured +reconcile loop when it is not empty. + +While this behavior is behind the scenes and should not concern you, it's essential to keep in mind +the following: + +* If we modify a resource created by _Dynamic Environment_ (Deployment/DestinationRule) without + updating the _DynamicEnv_ resource, these changes will likely be deleted (or may even cause an + unknown error). +* If you see the above annotation in your resources (e.g., virtual services - these are not created + by us but they are updated), you'll know why. + +### How Virtual Services Are Handled + +Unlike the other resources we manage, [Virtual services][VS] are not created by the operator. When +we identify the service-hosts that point to the deployment specified in the _DynamicEnvironment_'s +subset, we loop through all the virtual services to find the ones that handle these service-hosts. +We also handle [delegates][delegate]. Once identified, we manipulate each of these virtual services +to contain HTTP routes corresponding to our custom version. We also add an annotation to set the +virtual service to receive notifications whenever this virtual service is updated. + +:::warning + +Currently, we have a limitation, as we do not support virtual services that handle more than one +service-host from the list of identified service-hosts. For example, if our deployment can be +accessed by both `myservice` and `myservice-metrics`, and there is a single _VirtualService_ that +handles both of these service-hosts, we would only add a route for the service-host that was +processed first and ignore the second. + +::: + +Upon deletion of the _DynamicEnvironment_, we also clean up our routes from all the virtual +services. + +[istio]: https://istio.io/ + +[DR]: https://istio.io/latest/docs/reference/config/networking/destination-rule/ + +[VS]: https://istio.io/latest/docs/reference/config/networking/virtual-service/ + +[delegate]: https://istio.io/latest/docs/reference/config/networking/virtual-service/#Delegate + +[reconcile-loop]: https://sdk.operatorframework.io/docs/building-operators/golang/tutorial/#reconcile-loop + +[event-handlers]: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/handler@v0.14.5#EventHandler + +[finalizers]: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/ + +[status]: ../references/crd.md#dynamicenvstatus + +[match]: https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPMatchRequest \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/advanced/tips-and-tricks.md b/versioned_docs/version-0.2.0/advanced/tips-and-tricks.md new file mode 100644 index 0000000..79b6c85 --- /dev/null +++ b/versioned_docs/version-0.2.0/advanced/tips-and-tricks.md @@ -0,0 +1,33 @@ +--- +sidebar_label: 'Tips and Tricks' +sidebar_position: 2 +--- + +# Tips and Tricks + +This document offers advanced tips and tricks for working with _DynamicEnvironment_. + +## SourceLabels Propagation + +While _DynamicEnvironment_ is not responsible for propagating source-labels throughout the services +path, it does provide the option to add specific source-labels to the deployments it creates. You +can achieve this using the `podLabels` field in +the [CRD Subset reference](../references/crd.md#subset). + +It's important to note that you cannot solely rely on this mechanism to carry source-labels across +the entire service flow. Consider the following scenario: + +![service-with-non-linear-overrides](../assets/img/source-labels.svg) + +In this situation, when controlling routing based on source-labels, you may encounter a challenge: + +1. The test client sends a request with valid source-labels to `Service A`, resulting in it reaching + the "Test Version" due to the source-labels. +2. However, when "Service A" sends a request to `Service B`, the lack of duplication for "Service B" + results in it reaching the production version of "Service B". +3. The testing flow requires reaching the "Test Version" of "Service C" when sending a request to " + Service C." However, since "Service B" is in production and lacks the required source-labels, + the "Test Version" of "Service C" is never reached within this flow. + +To address this issue, you can override "Service B" by adding source-labels without any other +modifications. This allows you to complete the entire flow of your application successfully. diff --git a/versioned_docs/version-0.2.0/assets/files/running-tutorial.zip b/versioned_docs/version-0.2.0/assets/files/running-tutorial.zip new file mode 100644 index 0000000000000000000000000000000000000000..643c8f648d20871af7ca0a7375a57a70d75d6524 GIT binary patch literal 1971 zcmaKtX*d*$8pp>l7*ScKY&9c;#Eg-(TSh{WeT=2CM7D-$hQTn55My6*B-zH9Y7{3o zS-Q@+!->RXsYwZA$wSt%H+Eg!`{mwq&pGe=;eFosdEVcL|A+tI(MDKA4gdg%11tf` zZdpAM+D}0MfXXQV;Mo3^97!bNi9v{n$OsY{?@Q3RMk0maiGd^}^#J#rGaKAGLue|=6QtTxjGQg6X0oW!VUp1sKXKFahT+{%!(!D+Z_OT%=z z3LI)F)tpZiJ9-+YX;`8pAKV6C^V2K5425#qpn%3}Xh^Z>;mm|nsBnqhw2h4r4p{

7rJxp|WUTf92Rd{qB8mFk>1EeWjER`O2c0aA> zz^E5YRCuGGayrvhuAhGkZ*}Y2afJm6kL3KS>-1*zZWqf&X5jBwz1&A74N(UFY*fzH zIhNe4+jO)vSSn*rR*#D(;IOPw<2o-5&gj~eU*tAQ^);Yf=2j8{ey?6Sp z-iaVn0*qB~^oO+wZK?w8xBTRD96p)HpHnWcAflxfZ?-hIBsuKz`Fk_O=rbwv9*vF1 zrBb5W=B1mrAX^XKEOmtH8-p^2$Ma|W9unll3$A$MYt+MR@j|b#6*UnSafShC(UXC? zMNap)AQ#}ot+cA!_}Ev9W}=mr z7K>OKIJoNG5tfr{^|JpyFR6WVnI|l3cIYDfp<ma>+Ui|Xr4CYSAiqdV`B z56Z?nkHH1l0k-6qQw-QwvlDH zB*qISW#Z4PBHi#sCOw?GJ9CLuaXf4eAjq?Q%^b6Wq$uiGb&W9jF;PbpTum-X9m4dz zo}5~evn#%}@PgVioBVQP^_O!`PSki_M@aYkh@j+L%H@lhTxWuq&Ix{cwHg~o11KHO zKT4N7W>S<-*}x3!<)Xuv%7S@;N%Vo9P|Gd({H}+ER%w@@V2nkB^Ua((S(Ji{010nWSW138zr{U6{0N z$cnnngomAeWjd|AE2Rz;=ZvRO^fez&FF?Pha*Ri0VnGPHUdR`Nm0ggT*qN0f zK?yQQl^4MFiP#iGo}mv~DLt>Cdi4f2z5m=Dp2(edKa$# zhBKST6lVU6YYl$dWog_L`Kx3c)XV-xS^KsjJ1Yx|J=0E!+~r?Q8ov=HJ*aZ-)d$%( z$$1^0ZObR4^ncoLW@e^sPNO;(m@1uvU9-V*f-z z%sBBWJN6Coj{PIu4`oyncsH$15w*6m81GVop|$sj5n_!li#{Wr*kR{#(W~Z;NZ5;3(_S{4G4V2bXY2+g)soM|5{YkQv}?h!-AQDGut1dp?%b(`9?KPf#BV=GDPH!BYaFS`fA5uDD&r6H?j4*cO!$je zLJ%PTn2y#v_g(1GEG4E9l3v+U^BEMV>6$TGRah>bI2=O2h&=hkyj5_aGKY66{ZC%?zsYIjN2Y^QPLKk~}H8L;*Qh}rFc5ylt7R8V+c ztGsHvj-!nbP!90t>9;QnKnMW)G4|^(v+(z*-^=?0@E_FNe!Tu4>QBUWv;m3!_yq1Z KbARsqd;1sH6MlIB literal 0 HcmV?d00001 diff --git a/versioned_docs/version-0.2.0/assets/img/bookinfo-alternate-version.png b/versioned_docs/version-0.2.0/assets/img/bookinfo-alternate-version.png new file mode 100644 index 0000000000000000000000000000000000000000..f4356f7f5cf9e2bab2b7af944ec8eeacc3f1ce3c GIT binary patch literal 61803 zcmeFYcT|&G*Ds12g{_EeMMbGwv20O5qyz{>L`6VAKtMo50!RrVBmn{mAtW5!?|#4Yj&Z(o#<_ppG48l?jI3vs=UHv8HP@WKx$^#z zp$`8s;bUA}T>QEZ?wW9M9m(S2I>h{)=O72_p0arGIOJ`jbBC*9K$LipIP9oppvA>i z8N;{t{K!H2sK*0KZ!WGAZNGkpIw3_bxwtmCbnj|C_P1SQ^F1?LLQwbNzXK`{x4wGt z_|KfTIaw#NCj9k1^u~^rpFzB->zpIrPB+HwCwqlYsz~ktmDCG!GlZ4Pe>jKvy`4A) zR;>9n#%F%{vDV!;-|vV0dFSxa9(AVXVB;E!K7a=TllV{KWo_2Vw##~}Cjuwz;f(5x z@yoKZNawL4<3Lh*{UT{3KQc8nwOM1ASeO~I3)>ns(q#WDA;CUKpkqP~N@jK7d75oZ z%sTI+5jyway}w`nUjt4ZJ%W4aVBmj~Po9UMsOv=829KhUb(rc|VqTnK;KhSLmH7VC zL6CR#&Os2D@%ujoQ2bU!D6aq~lbiR%ShN_h`CuylMKz#lr7Y%RoRP+VA5^0lHnhN8z9NpVCE#`2UGN;B&dn{ZD-4;#2NGTpbwy z=RX--SfswKt?g)$ac+&vxD@0Mk2Nusp)7U;D&v*Rd7JTCSLpW2l#NZ3KR57c?gJ2yDu6N zD`Sab8A^Z3DnMq={FGLi? zhFfJEoz`}cE`48az>1rIJ6*4hYQg=-%v$zZP9Q#CN)DO!#{~|8wss`&^zgrV@$9Lx zE)*nqRD)I5vi>#kkGDK6U!1sw5nYa0CWjTMIRx9Xgd&s{O$<1cDB-{{5i(zq=i`iu zF3#r@A?pRU!Nhyz!HzLWBT7-~GD83~OWH>LqJCj8C$=7?F+#908vWGkKB38}SKHQf zalQ99`_}Jy6jZe21*}i0vObp@NWGFR@emoZu6N(&In;@NHJ>C^NYx31wNke?JEE{F zz9h`VN~o!~qSuh+Y74^`)zq8z%}F)z3GV@yUUT#Mt`9vIQ^7jn)*jt|h!d2KVO-{K zS^3Rdj`aY7WZur4(y9yJAY{7k&)>KAAumS*|FlS2PA@RhMwa>&iWM72(BTDa9r>|x z;+GV(Wk+kMs?W|l;j~+0aH1?pbA+NzL24FPXqT;(wiFnETm<4};gd87Jgec&e z_;G)8%p<33__77RnFLZ+Z?Fx^+~ujItNfHlGV3_FaoBcisx+3sPg3Bq&4ujOM~+Wo zw|6(uQg(}6ir|1wks;l5MVs?U#|@K_#)A90AmT=&Qq971k6_P@Q+IrhIVvAoF{)kK zwo<9I0gW2NMqG;tCS{#33FT<4Wh1%#X5|J zv_Aw6r_eVeBZ@58S5S=Z;T16KS)}dk3dOl8<^%)v1eCcc&{&-CZ_b=6I+=9k_uH;W zJRGL|^NPISB!eT2YFTCv2nA21G%lyvZ4pNbw;N6QD$e+!@(LJ0%k`;Md2<`X{Tt8m z8Wl6hll8XQ6!2us&d&oGs2V2kC2MLpI}-?PcLA&TbQNd2Hg)vTwi!%29|wlO#GGPO-%^DTaoWPEk*3K_Tt|q}M21MA<9``4?P(LxVr1(x!`GtAmp$lXU z|HcX?y}vPw;f~r^gA>j6F%9zfS8iS9VyC9Wh|L)!DL%;^B<1gJmu@?(2>PnCMG@+Y zzu8MXDTn%rjW19!oCFNcnQSMHIdj7Z67bBj~vDjS1+#J!89t_-*ujO`7f6`t3#pT4Pmo)BXpgxgln>Htf8)dgkbR|p+{v~ZTO^w_3@ zEo=XDF}l#bFogpgv)}hpB>RpwZh1y9X`hqM&OWn$3N$@0xp1R?5Rf3p5m~KTxTiSv z$D8>ZK-|aCrTe~O>Q7cPzy&~%0ky(}c3%tXG+3NO4389+#ED+z|7~dH^fZ?bh`(u7 z%I3_V+BxTPW?338UV9-xs+nxEJEy$zyp!jT0Hr<6RZ$!*j1;C>{4o>AmWCN&6C_Z3Wb9>L) z7i-LDQ7W54YAuAXrpxdL`Y!mv%+cBr179Brr3XCDPU7U5r7>1+mykYXCD6I8p;D5L zdG|kx=BinXs5rjbP5+#o%MYww7!5V77K%-6liW%md5zaoF0+45VYXXOG?jgtKzTn1 z-FJUCpxkJU1n()I5CfjE{T z8q*bIYi+Cj`ueeCdBfa@?ezkh`7dpi%j1pS*;jt9x9gSMrh-=58?&h5PjGC zmN*e^n)2xp5_K%?dY^}la^9JRl;_a}6k$#je8}FCRpaLw#;KCN8HG{FZQm-L=Pu`q z#(mY!oCFE75CYO!UvS#4j2my(a>`>mC{W$3od5jEVM0*CsRDCf)_@;&9 zysIIj6nFbXCdN*WD2cqKju_aWo<|#Dh)7pWJ|o=Nxsg;x-Rz*Y)W*)s4(#oZaZ7$Ve_Je%voEYjFrmqqgto(K8nPf*l#lAg*B ziOm}Bw$5%P#WZh0>zt5=rs&u1a38>J_U_s^C1xQ%z~-?n9y7d}qT0xT$@Uju=Lto< z-|#M0rj!o7hnTOer2%W(Y5VyxprK(S6sMe;ycJ?nkSV@0&}eL9$iA%uf_IBJBsO9D zAm7GUe@01k$IYsQUW5bmV~85NcQaQ-5kM(J;hCc|my1A0MFpB_+=(XA{63K(#ub~6 z_=&<9UMa|)eU;{7v4xTE=%I1yR)`nhB)b@N~M z0A3wDtsuV5aSEGQmadS*idp5KiR75>BlqMI2KQ?dTWZWD#FY&QHWqnJo4m<#Pop9P zR%nAUMb^ufJz|Q6Ou$Tu^Zu4}6w&om5KOnQDYxNNdCb0sHpmTK%MyewvWYAwj5v+z ztZMfOCy@`AsIKilt4S3$*jasBM5($^H{<5rDn9q|=&#MM+*%Ivi=F6D5~zfhpH**~ zAUUJuk!(mKAtUG^w0vMAJmoS8>Cj4e>Kc(oA?2dxJ5mbMAO%X#*0zBfBUkCA?$*jQ z*5k|{Aps{?x1*>bSu!f^t9}b@tBLyt5dX3Zt6nbJKHkDX3+Ba!2ALrv1mHAR9a5bZ zNwOm=G1bXi@~DvX8%2iiHqWreX2$$F^4+|rXl2`P?Dye7w!?#maJ_&?ar0JVbI;QL_tQL$|Yk1-^Xyme$h5f9=Bs_(AkdNy5#1TBmV{|6!FX3nn) zS)VU8(nOquPA3ABm*jgdV{Tc_`ifacJ=kVP?Z%+vkP!080TRP>F}1&0gD z2tXf)v`^j&8$}%IFRVODdD}nweF3Mrhvs(X?14ee#N0;m?#p_4<8*~a!G>ST8oEQ$ z_EBA=^)mtSk&}p=QKP|k#czWi!)}4ah=XI#X3M%6+nNr<77{P%lf(?as#PJmDJHpp+-3&6?~EzB3CU`N?KPh5mlqoC z6vs60GxE-|L(1KrqP4dv`KGz%D@6m!Gj(&@@BNP8M(JeWpVqv=b1B-VQN?LKi*tnC zHCm`#+ut_C)ttzd5F`Z!cyfIT8eM_Hm#OKb7zC`uOEg8vCi zbe0f}UXlOOFS`M8*}1!GGNxDO8nRJq*EG);B|PMV$ng%jEWacSd#Ozvr-50|0)5qKk!KUbM94jSs;>lOm_C?qD)ZG4aGYE* zsDYE1w9O<|%SMgnYd7g;u8l?b?Okx}>NB>+Jia#eEYU8}cja4%m|D%8EQa?_p zwpp1320}9rEP`iwGGxf6cb5#|(+N=xi=?Pk*UeKS;WMu{))xI5hg4Cl6w9QOc0SMV zKWk*$_|AhFBoGy?okWkm5f}X*L^(|2u`LBsQ5KjJo@kjX3X4`VK~zMel6zCnQB{Zu ztKQct(K@%GnE22ps8DFlZ&!!p5Eqfw1{TaD9xh|JPh~Y00JcAXGbHyNqWnfueH=ov zWmaj~<`&}(3qWs1VJ$-bTN?CX{Y+hGdJ)VC$8Ub06Eg;0oLm1Q6WZ6o+>vIyw}W;# z?3@*w8P56``C+_W0`fx{a3F$Md(6rG^bp70WJ;*!%8H}*7IW#bfR^Y$qGH zrRt$}T-38+fQ&If@$ygHWZhClim($l8abP-s>RX>8JJNw3Z|LfHk?SvRDd#Y~Y1Qq2O@v^Jiqd1DyJ@37TY=(@8~t>84-u3Amf z@}&ar3Ox;qYw>JXsVcug`sRn)4)1nMI!qdML)i>ykd|Ud20=a7RK2$@tFq!{R#oSI zJA)4{=VAQ5cre=s_WcAlg*+ZD=>R+~k~5za$P`gF3BZ7m`n=mic;7){gB9+I(ytR` z?yh`M)&ppiL{5e+yf<*Qk53lUWjc!ySq=))zvV4690p^okOBA+Yg`cV^TvX2|56fZ zvsZR(KEcRUe% zQs;U5zdGWa0jn!@41}|9&jVkvTel6UO~m0oFKv$9-223(BoO@<$kYyi8!V?3a^^1*`$2;izH|4u51^x`uz}HWW`MA#xdg1Z5QvHv9mA7J zTi-Kn$AVrv2DbRPx41V_?(pw^K0oL-8k!kWG=9CLhLA&D34adU{<+VREyrg*gQb?& z_f9#o_dEy36z|QB%sQ8wkDVA=f&(7-8T-L(11JKoVFYPAXf0+HuJG473R>p-RqHpo zpO4c`e2x?iw3-hzYVF$jT&|rspX0u;uWO^RTYLgdp75Y}wF-(zV@{*@%#z;2PlT;;w671F6c$6j&F+Cl#XKJzMO9rAglA*|#OKd@G% zP2$v9A}F2qfA@q-ROkR!k!@K)kDvNi#sP%Qhk1psvXA@^P`h_s?oWn+ zw+{RO$N&3edKvMk>uu=7an}C@vaf4YP@Ol*qwwE%<5&NjnR)*O^xw96>v|i4t?54h zhe$U4@`q=?n!p#v_>3&TcK@G54JWqFy58;_`0K#Q@qaU( zSecm@N0CHqO&X2pGGYw_*RB%teszW(=Q9G!ixX$*?h47OJM*v19p3mqPuG8y8mxX! zO2R0(jQzzXz&VA0bN`doyjg?+1d0Fet#pu^#kLAQdf}g9F0dAt@IUcSXAl2RR{#Im zf6vPQC+1}M-%h|(AhhD|E#GOi(%@oX8!$xDH#0i3Z`$&KC+x9msd>VDh%8eX_!zA{ zSTUW~Q%`p$6QU^JJ|4Gs+%|7brupjNx$F^l$1i+m`TJM6w8Sm&laC9Vu|`O{!yvj7 z`4IHMasz<`7!AMHO9s1dmkP7`#F1CeAWGd1mfzfD_TQc}Rr3W~Gnul9TFn4$dnDQS z&7ftaXW#RgLKk!~;UBGK+Q2;+2W@dVQX3jgtbecVe1`Ymbb^NuA z&-^X@hMdX9?MAj{0jT&iXv10j5Jp72RB-&2dznSMkwtNE1QVEBcm)Qo3Arhwul{{p zT-evi`hlj^PDNs{OP~?4w2CETp;eF;c#%}5n8gmZxAo61LHpJLYK|O8O^1E;m-I~F z>4Wy1!vB_OD}P2=HEkIHc7pXl{mdlSt#9_NbJYpi;*R{I+_UIMafWgzUV72X;VX(? z-z!H~8Ij2BUvQg`=-=K!A1iS2Az0L==9AniAwQS#LU-C(OZM(c9nvNz=Oikf5AM0+UV4%jURJ@oCHM2jP25nOeRFGxX9L&x=!6b>X zch$Vk9SBJUtO!N9O2-V2%{l`4YT*AQrI2odw{P13WGGB*q89TfhQPc;zBoi>xbdvMC2wB$LA zv*mi`-Y}M`0h?$(PCu8WBXKUb`E*H)D0buZ*~j5qK71^B&!&ZIV=nHF{3~6Y#`_pZ zh)upLqg2Ze=TN#>!8g86S|lz6PBtWiQ2}wwX<$STX9EKOK+;1dOU)S;WHUrc$CT!* zuww^6vR$0-zBw8%47aQ(K)eJe9w6vGr`@v;*kE`r%Bu3KRa_EfsD!5hER)uR+MNk9 zP24MMY}`a4EC&) z>VlkAJP^!;>yO#DTb4U`GV8%ZANRLQ^vo&mYb0PU;ldiT$evZj)OECZv6NPU@C2$P zO+3g#f3<%PwGG)BtJv3I zaP7%7N9PFkdY2*g14ieVQIGFpf#v0F4A&%c~WE zqK`#PYMyXu7g0*aJza@HlqhDVNb(f?5lp8w+b-cbTeLOm;CrL6i=?U2!ZgZZZ+=;H z9f`=VS3jhWB;f%J{W`LjrpwG=!Z2fX~t`<3owouMgr=bLJ2w_OU%>T!dWX~txpD)j8Ht#ss{ zy-;3$2yE~4lyfhz=2;eQ>)t|$na1{KJ%Ey4-B~g^$~Z$l!x*h4FFuuHcI6s$`d*-0 z4ybx^;-?LAq}{r9^|niGN_k14lv!2lp4`ji5_C`tcC5^M;e@&gJ^ZXf^4bZ}JRP*W z-hv_RA~G{1t7^aAHqs3@%+2Gv0h3&+&s)P3)m9CN6$H$xfK+B4##rv(GiuJNV)W1Y zDXH%kEjA^Q%nSX>EC(^R7-@Y*krr(08@I*R{x?rZ2O{b_!f>u3Yu%*3p#(Yo)hYK5 zvfR8|V)cy6S_O{Uhk+3SnEDF+u?Va6YQWaJ{qOC!MTY9m`g0`csSh*D+h@@?n>8vB zQgHuTDdEP_m8J!=wZo-x{#1U05U+@9{39#9G9xkQvy+*wvqM|$K!c3_mX@CQ{O=De zKa3qWH1Bxf^N8Q6$@JJ2+x)6tH>S&2wxolQZ?BUa>UsW@`(O$=aoFYvNKCL6?vjMg z2`XWzu%3^AF)Oc!-Idj!EC3l*a)Dkyxg1lqb%guX1YEoKT>9~DBP}mRT9ykeBk-U? zVCG~A_P#tCVpGT~vqc9S@XqA>jNpOpeDo6Sdu(bDLMXWIR$%dZohV=>*eTP6yVk=( zX8+q!4abb6(g2Wvl51>s*-4?2weS|hKLVEYMQSGu9=yo(oBH-8Hoyv5cO)|^9HXSt z>bSj9sxpiE>r`-^p-9>1^KH|q-+=Wlt*WwFB4c*1Li`I48tU7f4Gc(R)${)u(k7r` z?Vv6Tw8j8q?^lDBfZS0BYs{Xz+x=$M4bkbETk+mg$_cP`9z_AyR=$v^pP^Qp7SPmm zPoaB8qu^KWnHnZ>7v+!kHoJW~2KHNpt^|l&5(q>aj{7aAuzl_ITOFJBgr?`bm)D=F z3v=XJZ;@02KS~{ADZ^?VM35h=iCBjiJqI%vH@=xMg4-9>=rXr{k2k&M;et=2PXS9fQ3Ij`)Hn*~jQ z=_6*@eQ_>Jq6G>BwE=xRsFUc_D=wo}>F0BKSSg>sBdXhnRp2RHznpb&41H=lqFx`PsI6seH~D(36XwhVF%RCMXKm8 ztYrchiqXwNeR3ir8zf40uCnW_KSXZ z)WLK8-ngmbRGnKIu~?&0+DUY>bcjHYxv#$8bS8DjqnTo3rXoqjESC>R=x&)L3PCGe zCkdQkmmo935k8$v!K?2`=RLy(4J_IWaea4crVp{3(b(rCjjQXfu6G9a;Tv_4#Ej|H z=+Uo6)^1+{J2k)_Z&)aWpEp=j(<{|2i|jM;+0Dk5hToKHT4WxL21k_ORoyg#h`YTe zPG{{p9kI)M8<(Rr2APu4EyAlmj6}}dVv^6*9gV&-UNdyr1uF^YEl)r^nBIzMX4{S2 z?_|Y(U&UCf7~W=jL-!AFlg?aSnX$%z5czI2a#0A*FQKn=;*7waZd|WL@y}YZ65!Bt zvyKBx%~17kE#B~clYmPS!?BGJVTSnw?fO84GGWR_E#DH>n91CXDEj9`Ru&p6x`_9NP(&qr@t*Z$z#zS))M`y}5Q zT~}WN-9O2Q5j0OvB};dSsvDx2g*0E1rFw!hBVnpA8@w$A+6})lz=^xUaYMNnZS@~q zsQSe7Pu~iC;;idyl0H!1gIpCS`_C_YOn;0Iumz6`kPvnG)(38=wW;fmx2hFOK9u*Q z-(}m%9-C|`+--vUmf6nCT)AknX#!0wOa$Rjnt|K(xgU) z=Fk|(O^+0F{a`g+z4+TN6ZUGZhv1RAfT$BLwsUU|xu*?B1=TDfr7eKq9g?54ipLYz zS;&wKp`s=RbN6ixz3pz4A;6_g#}Idc960sdB(x>(Bz+WOD|v>SwQ|uhD5QXYKI#1Z z(wPkZw2v)C=+PT@SIWz+O3SUBakQ?L+&6M``-p4jb}l1r76xnR>W&Y*9nfQ{uQ|sN z;F6k$Nsl?+gJJ%~%lC~H0*7&4Ez>jb-?5kW5IJW^iGQBDaR%_Ep~@vn zO4H!fr2Fqg9W!@sVawczRr5mP^6@AU%0y0uwV;Vv^W2NJE7Dff0RXkxjZodTEsyJP zezTjE0hbQ>v-$aUX%BqPDD_dDm6>7I=xjzr?Mt(Co@x>33e%Stm7yGd+%pZk6CC4W zP8sX<%OLQNPBOv!BqI@r|fgXkONDaQ{p^oR2 zs1Ia0MOm>%{OZ-oWi7%b%G^bF8$-TVq$kek0?=OZIQu8-dNrnN2NF_?b)om9}N+--o5@Wbdeb(aGOu9qA7# z*C^2aaDTiURCqpStYm~I`M_F`nD(ekd->8<>0v!??&k%0_TYq*+0A$C;_lID1NT=R z-<}zW#8p^NX{7pq6Gyl1IgJbV`@1)-woN&WW%rZJHmAiEC;c)bjz4~FN>iy)7nvx> zd|U!bg6~R9<=!)@7=Dun25gzlJK=70XsO%On)*6~#C06^j58TAjjK4nGM3{$`J^-` z={}($gzR$0tntwPbn{7fgKgQeLyZekjEE0dbcK1he$a1ZPe6$u^LisZ0rom~Djb85 zAcTc_9`7@$I8i$P%~0JbI;`=T^MyiUG^>sa( zNNOx04Cj`xrXy`LQuC{VI*PLt!8W2(#YZ%Qv}4@(bZ#dkOwB9~+@Mx>Me+x2i4;lf zFI=_-PrL$)DCE9~G!IbBLO5G@nU2dID0p(MepQMMaF@wYHToF4jy*deyE+rxz9I z-x)M>-RudKj;}oDpx&9f?G`n+7e|rJ&G*6i^z{^i#!;>)t0ncu>$uZjLLIDGuNlJ@ zQKt8v=dtVn|?@NG!Z3I=$3vjAf5U_>ncoO9iWWC>bXQU3)E7_}Q)Vx> z@cGWJ+xDzZ6zzt$8GcfrjoC`|p&#^ebgqXEn%5s{MD3_bqr8*dB}Vk83cCr?MFzB$AGcZPX^y7$$GTOF@^_bu(R)hP-ocm>{|t&vOe9LO)A9Gu08XPh!hH-L!xXz3$P1}w-eYGSufHcJ4z$Md9@|3q$Wo;s-i zm8`};?|h!o$wdJ-*Q$Al!_GoVL6sK{s#w3*q5u1@Zu}x=E%vV)(=m* z1I+nf^#6ADy$GJHQirJV$;#L6dSQ2LvE6ntQXwYA#e?LHUG-AX_@rfmlnr@1=-1j_ zGnz;tpEhw;R^Ne^y>up9Y)9%vvBR1$7Xw@+AqYvETB*7q=c`elqzZnB3K`oJm-Iau zsFd&JjK`Kd7Orj{S+X^``bXdkm(+oitze4#?4OPea=6RWzB?LDOQcWrO1T(iK~!K4>a7fLb@Bd)QxFV zcl0R;%5YfQmT^uw{`3HQ-S|}D{k-u=uc4!LghK#d{D$m6C2lGPP0v8biKSIy`lDyg zg2wD9{`!Qnor5C*@>WPyl zNpbN}sJ+TkYH%NVM*;#%(99`xfl}zZHrZmVgtT$f1kwu`Q=ovJCCDV22^r81OO@}? zfAH7%23D339y}hrf2aC~(wA0(W8SSej4-;XA*lzR+A|f~%VK z651kbC*5(NGxresUg3?f+Uy4bWhE6`oX=9Fk`~dAiYAyfqsqAUKFEOYK-SsQPSMqn zQJ?g7dvtL8UsYGk^YsiHT`w5=w|%Jj;*k9zJb*2BiBJ*NKOm%hG~Y|ws7swu=!aOz z`}|ZB7io7Rry3k7_!CdPtIYYVyHNRl>%pw&853W#@?$6}?y6e~BusEYG_f%b3eNnx+|KoA`EuqR zi6S{dAMQLQMgl!yIkqF7X1@DYll(XVFM^=(oY|YRS*I?0@z6gjQGUM>6jK6tuz*&4 z9A@0sj|D5>$ajK>dM4EY2WV8S;yXlYcco%}saYjfzuu-=xYs>u%|m)|(g%(=WVnpc zKa?LLk42w|aaBbY_^6qY=nvX>@57&;^KR$~zb^U~V%w$~D56YsIN!R2RdDpLR=b2f zOHrHIuyc6^D9skLgg1RG9xUfGvfi}@y8k4P%AtQA=?z>%+P0?NF3@khA)lF&FwlN; z^^Q~M5donRKm6Xez`L^YPYT$e)i<3{{if?l_!YZLSIVc56~mpId+Rwr#f&Il-@}>u zpCCaRU(27?8h(@Aki%XK5|_h${SJacfQJW9QX1RWlIG~|VDnQOjZ0 z1%L4xnp^<^bmE)tlPHP}X#J=(Px}6a3xBYFXs2JB>-FryS0-s{M!$9gFd;k6c4`?djWX zB7!rtVD=7h8f|&2@A93OgWqK`TdTFusp~N(xds7T0U_g+?sVx7D7eashQD%f2 z2=$w}QaT;K)N@z!scP?gx6(!XiiZ9(uVJVDnl&b!vQB)_^SmapW2TJx+Dov>aM=D* zG8{PjZR2MCV@6c1=B@FPy}EB2A611q)^LYeKV-Z&o2|UXZ|Hh`1jtfjn{mx4uup60 z;dkWA7>9=Oqf=oZ=bw1|n zb-x$D?=HlGx>ndxRDblM`#~?^K-~9=80JTmHz=38BiE#vUgH;*L5U#NV$>4z9Ch8Fpn_4}S`L>-fm<#TOgI**1qqt+0vB^vOBYM!(*93(_;>b-G)`hxR`80fai{h}OV80gwLp?!Q^@;W z#9qTFFA&b&3jpZvC(eYwets0wy_uBa-*nl^&|kCWlMyttkQqfpv_W z8Zy})NILVh(;*;QhEW+1op~0Q`4O1e)yP8-iHL(kn>yVi9B`MrGz;tofW}L`DM}$B zZ&(*EGQV=_1dx%{>XP;y28>>7H?)OA8?$!p%k31t#B0~TfUU4s2dZ+G#TF}cZqD>u zZ#7HeR2}w`Z!IU~zU_^ilBr}sxg2GU#-2j}VxtMCJLA5xUunLY(a<0F!n z?hanP|9J_J26+fyYw=~-)!F#t4|e+5=+{NQ?^2P&9~P90ldIMe$0q|Ch^@`Qg(Gz5 zH9t>+U>D?3r2Q2uw~Rf`3VB5qmuB%NgtD_yZ|0_v%gXJ2tQKPXou%wDW74a?wMYKa z<>yuqwn^N&D#fr3$zhaRhWPJI?%ju6*HnL!5xNIHDXw`1Vr)PA!8BYlU}IO%kXoR# zd1{8bc-aMb7a3`7D;RI2v$ZqKzIFq6vwT)!AZRQwC}3m6N;NutYm$BDoTgPDhu-7h zvEM$RN!ffs6HeDz3%K?z#p0R7-EH1_Ew}UZxw4eo@W%9svWzNQgmSPrIp4(n(D};Y5mpqJ4&nx)S1&`0aeMGRY^R4rI zCy;NG?@aL-$EA|5U8Q!w8=!@VvW$KF=W&7(Y|n;n$FkrCmj8$4>D4Z7H<_==QsDpDK!}T z)0XCg&jfF~Elp4#*On8T0z-Rz>z1d7Fa`?8TH;*kqh|}RcpP|P9GH%-shSXExR=_I z*=rx&qwV^>E#qXrDa{%?)V&6KNj_~;){P>*{f*h%@bcBvg1XtBnXFLgz{E~jDE29V zZWV^v38-Ox3qCGUlA|@ib>^v4oi^Liohe7MqCE;xmR1XSG{LphnHRyBp_f}3&srQ2 zn>wwRRYq8h0g!}8&K`itn@k7Iv#tX+v7djc*?e&enFbxzt`jD%drPvUUJnV<5IS8K zY0^XKlfolcV5t_7*nZPBIg8T%fh)x$djTdJYjbi+I`)E6inE+lM+po0%MPjNvgh|w z?b0MSlxg^{cgFF%lLhCz_%;_RwDp+o@7YIgc~pFW5A=-h>?MmH9z5iSp6m>5iYZ0!LFS! zdL(Yuz9?JLea6(i?3w(ZCy?*Y7Iur~`q@RZ&h3mk>|+m!0GbG~Uz=T%jDe6Ui@H;L zIaI)rg+UCuB|mkr#6$&MlxA0YBN$fd<@zzg^;r<CVmTzX>^ z>EC%b{zs?h0Y{?e8hUR8rCz(eQ<93dKk^2&otyDrQxPBDk#eIjrVg`x-PAXY8#n*S*;L9a~TW7 zRZ-b94?hsLq8lxU?_2|NnlCM+gW>?h*i~rkM7g$W59DL~fNATkRjU3zFgErXitYP* z(#fV1oT_x^H-w3cy-Xb_n(=Xutb{BT2bYGkj?gp! zqi9pKIWhl=I-&mX=XlafLPmU|Sh7+;K$PUX=SymKfADw4M+f-ndz2Ov!Dh#Y<$Hy} zEv{PMgOHC0mRiYTz8~B5wyhGezFiY1WGv6_i3?tDw`gsL6r7tgyZP98`QY0dol z1pQGVo#nU@l({vfG6r!X_-J-hEJF4TKFOKj`Sxr{L;VjPNvk%9g+lCuZRVtss$B!H z_vrHZf&M!^Lb7o&hhqJ*z}~0bl@6Rh#W!dsrUTRME} zuyVxGYY)xnYqx35CoY{>A+Qr}XC3`~iZvO0%J`5QYeCCRP}2Eld~31<)Jg^|?TsDp zKQC;<@fwKo-sI~U9$Ig|{wz+tyD6sn-lp=z(?`>b{#qMFc8aSn-DRq>e;mrJTLRvH zqm;D(y7V(rWJTg^9P%%U!9(T0QZ^TEmM0HP2{fnz0vG&W;}cbIN=nL9H6Age2WkCs zffbzE0~#!gBn7}D7}cMy{7Z&=!=BJy2sJF zTQ--Nsx`R}uf(qgNO4*|UOiBPkExkY?@gaKs#>bAOut<8WZ2~I4MFf+%P^XD{lf2& zLITBJyNXwt#uI9mfexga4eas*k3or{p8>@)1Ph~P*g0>qTdzu010BI@-Fq$b+AOqC z2R8sAC#_A7*4fuTwY6T1$0Rdr91%Dxj%m>YhuU5I^{EE6dAW%RSIc9V3vrB7LAH7u zykECwc`tv~n{vS^UYt@j8>qoltx(UDqcE!H9Q!?bBApez6mTngU68wV zpmb&=1NIZHa_wjU-GA;X-Xt12Zh>-8$Am^_Pe-ZJ>C&W<|`q#}n5u=}khoLJ#qGM|Yt;LFHq< z54o_+Dp6`=IE!y^1Gy;{tnGZ=aD^k(eAQ~hDSl8uL9<>v!MNXTYy1(;?T3goVE$R? zs0!e?*>kpef<}F(i178sqsPGYT9A748rrQNyRd$Ab5J^VASB8*#`JpQdDf}+P${3^ zYGao*PDO^KJbR=cplY7JtP@U9eNA}TpLUm)W^O6O&b^abtD3c@Rw76Za}4)B-9 ze49OxVLM7JC3Rs)ULeKmhbU;nl`G$C@I}nYra`Gw`?tk^A8XPqkl+jXGRV^>_%s5W zqe$qR$N=F2@LRnQJwlv0RnYp-ch;fH&T&^Z+JS{vHFWB!>3D2V!h)wXbTEJ-w7o*J z!R0ld0Hc;!R?0!Et;PITyijrKnl`< zRVviSX|4{2*U@$bIouWC_q9Kp$0)SYt9T8c3IrLbqlBqks=nMEjb4zRA*{S4Wl-#| zF2-A!YJ_S&s&i}*Gvipt@8PfKdk1{CyOCvvsX9GSJis`HUiQe*KOPP(& z$oenQ{s(t&8qenT_I-C(t6NpO_f}Okb)+a-#5{CD&10y!tr{a@CJ3GAprop(nVMrr ziI_=CNezi1#E_tdh&hOah~ZBE`@XK{zTVx>yXW(qFZ0QHW}Pc*t>ak7aeRMkeADxj zu%~m?<7kw-vX9m2WSP36(O35p=E-DRw9J&>I5ISfq~bz1{6H?M&~@UaJ*8J&MqVrV&rEMt4~jqxcmIsQ z&NqpsuL=e_LoZgtG6F%d+|fM2N8@D=>W9-8(`m2!`3p@QhNo+PeDrJuuWniKYx+`j zJ_0Y48n}168T`tes$RhMzo6PVI9xBcdsYeC!{*x`s(PQy6n}P#mI^7Rrzd%?245|V zOwYJOGIc08SJUF#uy4v2<3}CYp@VdF)k6<(83}*t=*?56z$8^uelcgk;8q@aon#RB z9X)6VP|oEvxJqhk=sG$1GfjcK6p%R6(DV1CnO?7!WqAt6_+AL6ce_SigxjeoR`9up zJ`i3qP|`39TRo^l+PHx5Ft8TJepLg~sU@gKDQ;n3-JuNkmI=VKcd1)`X@U5G$the7 zJ#(@CyWZ)1k&cj%oael&@5xu4mdrV~s5$kYIztaA$8CYnY$> z8dsSG*5Qoh?-bN=T;HWNe} z=Fn2TIhF8S{!%%oJfv4}lB5i>&s7hr_k%71S+XiG2W}Z3WODDf)Pg!qiSw7YtA5o3 zijI;mK3I89-n;!C%VR^#kT0kLt47GLgQ{Rpa_9lyUh-tjT<;wh^rbcw9Qeo{B)If~ z34+YRm%gMP)9v@x=PElg^VJT6YVY=idC6~u)EWf3Yfq^=*n7Pk3E@l=)`dDJ>beo@ z$!O|dL^4@s_u4CbP>lTo=InrrJS5YSFPQXBn>)a_{(i^18n_meYF-Te3rtSj`^8{7 z`Ot+|8|*yOv|7nnt2Qjr7$u%GJYR=t)^aNUAbz_#ORY)`KJf~4XB->S{fS>&j*Q(J zcjR5KjH#AqzB~58@G44kJJlvsw5>;h8oM$7LIlTqHwI)XG581Tv~N#IB|s9=WIC_; z&n6XMM^SUbd8g_9$bQ|7_5CM-2AT*8(YcW=c9M2t`|ktmoV}YQ;-`#X)e^SxBQy6g z`0)UypJ@SXBJGlZ&P1dBv&+xtKhu3o3vg)S;gRz>^pD&$h_Ih*)OgG3no>RcyS}XV zH?VFXRFVD5ax`lTyA8TSvX82Q69u$aXsP#EaTAaj>CA58~8Of_7n z+FqDVo>h?QC=YEXnvdUIhUawa=YeM#(U-l(hQwExJtE@EDc!s5^y zG}f3dKZ~oOXi`3PJxDWcp1kFD)m+;ZzTB1PwFXsB2Dx+m+_KCL?@}^)=Dgn~xpuam z5?FS44>aeDg-z-Du)qG@)yF66X_RJQw^I8c%GrAgRw_A-Mg>FtJ2Ek@=(5P7sEHuX z#+brhI~U|r-Z3XTrZz6+8ihLJirWqoJ|CE5Ia?Xg9B3BTW19csb??5-PP4}v=HyCJ zY-!COA}+5#9Uil6**08s%w9ha!lHZCii-k715zLNg(e=UM9N~r%#GDRi`pf)C-k%x zXJqp7oHz)7=E`q3II{6~C^`NDz%Y=CXK-J7x38Pmc+tRoF|69eX~c`t$MbG8s`=m;*v&s$mBmF z;&BPsi?BJkCmI}eco{V!A#Coo3_m%belX5c^P&R1Y>m+Lr=e9l{caReuf3A|i~Z(~ z{%~tM&m%^HD`~IOphFw+vF*yrk^WMV;=okcP;~{I&UHi`zsa&sOqwi8XuW9(6F=F% z_(M7WQS7L@as9|q^;3T=+|N|@?nK;olhRR+=T8G~Hx7c^u9AQ7sJ|zKB*KRLOCzot$h*d6iv*pN`XeZwJXP}@Cc2X_6o$2pSH3t`@+OtUsF7h|RG z|CQbTADUMGrq+KawJ*y4`Ts~={a<{ne*K73;b4_3u#vnR|9AKkM5k$~`OjrYDy7hZ zjz|aCxOxB^v~GEUlOmne?X3?o-r|k?96d6)i;T2$m|vlve`k8-9W$hr&{jUF%uge( z4#a<(=(o9;dnD-j{LqjmKG>Od%X-~B-djw1eOJA0!yz^0s>4Xa)an17i0{|-Lj1AH zga>InTLf2cCHAs6Hcb<0V{h}1bI$06 zehd0rJJY4*r**n-rGaIeq<>ajG>|_WhLEMJbMpA=Cv;IK)TkVGZ~xUq>cJLnKx$K=CTZgnj62D%G)vS z+Q8`}b`OSuXz3f$mI*3XfoQtT0=amiSuQ)ftUHb8XqNJ`P=|&9u@G!Usa^TZG+H|P z8}DvMk&X{BC{3}jo%@_*UyntaV#S!8#9^|ty*b{AH!ITfZkl)0a3t&r6%`i#;M%S4 zV?)F)BDV_3r9oPGwh`Ut%0wFUrKzZS{WZ?rO{MNo@*d`;Rq!~bui6GzjunU4g+$mO zuKx8#mS=2V^kLuqKWwNc-hDucMYV!i>r~1^n@XInbEA|Inr_&xBR2Xg@TpxKK>KO? z=EmH0%tc%DB^^QE20|w;F;W(3NqKb?6+GdZr-@zBhqQL&eO$<`mSW57fww=TUG7l$ z=W*>+FD`u^4uPY?NY}l_7{pS9dbntBm2w5Yw$#5J{|ui$%hj)Zv+%A-Qx9+4X_-M0 z;TsIu9Atn1C?Uu9tfqBQn;V@A5EBS=oO_+hYkl+1^JmTo@}hKE%cIF6?~2ifB`<1^ z^-3694cy%B%iP~9^L9@Mpwg^u@l?=f0knv}@-ppU;z=*LaToc_7m-BKc55C(3;CWCEmi zpypSU!JRpME=WXd?fs*9e<Xa7hySEy%2d8 zC#Ouhq3sbNr$|tRT>>jpD*f)xVLu?e17FQ$w79~LC)u3yRqx1v^j6)}o^r{rO-_7d zcm28oeTowxu3|UFR4Q3v?9+kP#s9|`g_dT=4i*ZPsPhi5^bL1=o{ zpV~{14Cq4GaaK&?BR5Z!cb0uI_614vxsyt9=_#}8PY>`y7h1ppdlz%~tU37&LUG{h zi0C5kB&R9IEMWnmUW*|g(xplD>s0cq?+^8xgH8Xs?;FpF3aO!IC#ug9h72x0cb70c zitbB#S7-9N!{_BiNgVG&1UjoYEjXmRmA^M6`p>taBiYXxVKb>td_5yO z(+5HB6L-IVQ~kI7f4N*p|MlSe`U4bCqTE9b^vhBEa_0)1Uj?CN^JQqFgmh++!Uu^p z-Ye}mU9x)}?Bl$}N-K|&;@_pP$pN3$CHsn!(`t9-$(bU>+*MMqPL4fd-eO-W0N6`6 z`Nn$|&o{!-Z_g%A4PbwlsB$h-RZ+2LA>JO`q$U74J%>|Jy*PW~s7xE$l+XLx0o0nQHBeEDo0T!-1HtQn$nExM;gXZBqkz6xDJx~8v- zslMaJaStCfP5o_3m#oG4pdgoV#s$|Wm4m%?CEY<&Be4j#S+uFiV~sObYh@1zpW2hSGSB|QGD*yf`?9{S?f_WI7Uyk5 zxOzPO9NqH!fA&P}(;*F{?=B~(g&z{6lkw&6y;JMceyL|{-i)>@h=)k#iu%fr^;Ue* zgx=Kn*7^bBvmO)f%%0_m_Wbi$TbAJYqVZ#|F(xv5ZZXyyw|QALxQ{nvR7hI-_p;L4 zl*1fLH=$~YdjO4d%`EP5Y67uV;h(O$Iv77r$6zd273Vh^y#8Y8-{(|7j=y;R;Dqo>jw8T1F1n*u zo9QzqpD5;g4|RoSbl(o4))npd?}LtLVmba3_9HmuQY|Z&j;}~P1a^N0^GsIm1$Pt8z)69|?NhHG21GKR% zZ=Il`B)~(@O3cf=!==RP{JSyufjs1q46M;f0CVu*Ua`xUqY!iNCmeXAuN#O9wMT_; z{)mOGS|nj8#}`;JBK&C>S=Z^JXn$>XH|*ZvqkrL1fl0>_HP`0HQaq(WHWkt>t^X&{ z*lnmU(4tHgK4L1uA=dr=S*rBEf>M&|r(}g#3oA$E3c<^X-FlE3Q^|V`)Xq7Lva%5H zR9>90%nPyL$H z;~?B3LfxWs%8v*9ZazHTXu%LBmTe{KEWWc#z5r_Efj1+L3vWj(wpwH32L2jcdEL8% zavAuT1uhSV*(c0Lx;|47-d-*h%m?|3j8_?;lIFUUS8qWJEB2f9uZ3i~?6?RqLBpH2 zz^(qA%tfEjjur0-HaP?k=2~y!_qisg+-OfX|8bLaluZTCnfrbDtpuXN2~I(5nH!Vv zC+Yn}qMm5L>-vNh3(8C?fHgG{@xAKMxk4!J9wM$q&^WmH`tKUo)A`QKb5nyavE~`J_lb`#PQmjL&AOdMckVQhkeuY z3!z9Cj@oPbFYZxqg>4pzR<7+!BLE5qs)Uxn*Q9IUi+n?NIjaL#FkxNfzx0kalqLuk zRyhmMLFl>L@&bZRl?Ghn{)VmVJ|^nJbF=MQ(;=)2#L7Wg9hhyO_{OGnSZ!xo2K!OA z-dq-vjpwjnONFFW*EdkE-l=%|WzD+{`X~DEHgC7XX6my~paUouk_+}cDPq9A$oTHi zrwiT4Q-sX7?Li}B0rR)^&uFyxb4JX13^D8>8VT-4F)S+^BykLGjqOGq7_bl$RoR>P zGArWyOx|F+3J9=K6^vlGe&MvaougAhABg&=X%@+D(M*e&PnkRXV%m8ksBh5_fo&0S~d?5N~-cyHR`j#0NZE^=kE7;JiIs>N_@ zS;7kyO+`=j5P*W-c#LEIiP-y_pJ0EjSJg}@0NOuXG zy7O@<><(Xi5mrWAwYY~t0X%kf8z&lGt4taA3YYk-62|M! zG$kGR=70Ohg>MGe@kW21cv^yeu9dDu6ObLB2cky5-UGhw#pO5f;Q6v;oA?G-T_e&o z+ML#K?ugkKQ5%L;8L&0K_}$vln_sA5hy9nKlcbQ6#yj1tj}3o2p$(FeET^msjiD;g z-TMF@Qk=HKHf|4*0+XC~KlpSb{;LY*1iXOx#uejSU1kGpv5%W1mEFU;uNFEK3nF&2 z6BEa8{a!cQ-faKVmMLbr3MvCI7Aq!UGukc9k1;_@M<%rK;CXyG*qX>GQ4`j5oU3~BUVHeIMj?ESy%r|BzxIF<5~!cVMBpcF#mCCt zeP%BV7HW_sg+pnfAc+k2L>v7D&MyoHIVE}?icm0IqT??N*fxw8CohA+%USkKzzZrt zUl)6~<0>LD{j=-`mh$}t>+`Y(SPhM6mwcO+T8>opZW8?a*h%v)@w?$6ggcC%U6$D`7G`#_0d!>lV04qE0Dqq{skX@~EnBMQcbIAprENo zMp3<_ZOnL?es-9yzybeLKn^B47kOkH~OFVSmoy^Q}Pw~z_d$AX^wJ?Xu7%?``t(&|68;c3gRdwk(fHh0YElaJI6F%}et8?bI>CK6u zrq`^|MeSt4LjRoFv5cuG7lrKwg3yvbajX$GBY^nK0Jd!I(@hR809hm3 z6UCZ;{8GKh0V`X<4mCe&<1|ZrMCmQPcDdD~^HpCboCpDpM>OOzy$3cwe^{*zPFF9pOiJaJhH}{N7k>+#Y^gJ# ztB6?7KOp4X92{(fQnNf<0_tt)wlu($sL!u4Rkvqy3K>s<4EGA3l~VsJKKDro+YZ<0 zK>>J0D(Nn|Odn%4tV3@8^N5JJ(}^=;dpajhi;|G3q7r72=*cJbNd&azE~rTD~dvf_}L)6ik_+BkhgbhkZ%9W?3YAtm`8mzP14 zSe;5AIDUfa!k~n zKpjm4xkrD|MLvi`@FX{y@G8>?*|B=T%S0UsCJ*p5I}F^?fn0c0 z#QB523AVMu8NJI9z-^W`tR5P%6SdV*H#s7o;xmNQ@%_lnH*nZkg(2+SpYJygcBnIn zJ7DHH@6Y9iuaR8Wq^1V{7i9D{F)J-9gOI* z%8~{xZ@muHu^P$GS>y{8XXh7c07)q10mI?SC;pN-O;uNT)P8z{*;G#6GS;O4g#RkU z{4v)Aq-(=4lTjP4!;un{1pIJaX0WDi4hCaq)T_0h*Q=;ByQ>K37h+j6CR%`p=vHU> z<`xI`8PWcPGrjwVgC^nbW`ZV-8&3q%gSno~K0l)LEa{!_Pq6g_ejmXXM1v6vP~2I0 z(GB#IFiA;Ew>*!KT3^-WuOTrZOLd@S230m^@xj!MefsL`R-a2kbEyV;;|W)-UaIzm z2}s?+*CJ<`?aVJ4ay5X<>2$7sMpHh0e>%~(@z=`pT`Db7cS>tY8*_d@k?jN9&%8HY z1%@B&)pijg=6UZ~nQ=s%AMUFj1_d)ZHPF$q%w`m!Ao>deJUAs7X_ti8&fUJ7v((2i zxs0{qai2}rM0CCNl;&ohw2tTC8yWn-8{aOj{-u!g%7*&a+GkdYW$2s*xUlv>8R-mY z{SAGK@Wt`CvLa{ARM*fs(sFovXy0=c|8lokUtYiw`dkbH(C6A81*KXAca0ugXvUIx zE2m05h%_Q1*0(Xzr&0_vyZ5u@5n{H3J2$>JQ+tU?v;h*=ET-bPmtWM=WDL$dQ|{fw z@@eM^+Q1OW8QO&7wr(K5*e*h$hv)j*gnd&78Cw}jb7f}+rW}ma#09(M+;_xFd zj_Q&nhJ&)Fi!s96$(X}w(Liws?XbyhsnS870291=vY+erZg5vm59k8G`_ugYlr}4g z{x1Ua!N2r3r(cddtNFc7|9ky^VcM@SoOs{a>iAiJpCSy7Wo+ z!+6n*5*c8!ip2kZv0rny{|}|RAoC;YoIozZ!X$q6Tv=GXXiC{kvB_b3%skC7x%cGI zb7$uz;(KN+5ElS4Ox3o?D}C#20y$X}KRhIP*ZBoy#2dc|Gvit zd;Rx4(_X~ASPwgcAb#O?tW5OhPf0q?%Ev^#UbHW}v;J7-kh7zYt$=sp|BDY^IGbR1 zWE>LP?mf8|Tjm#D#qSv+fLO8B?XHUEjUwU<}Kaq{Peh~Rzy?}MOaI{}ddKXwd ze``hsGkxB^AZB_VFn@pKW9^-VM|9yRzwv=V1&*;eQnS!8)?H_I!CA#Y1|Ht7o_Ehd z8W2HzA&=+nN=*%ED+ZjA+9LZTA5_oQKFQdQL%})`K@B50|InmHr3A9dMZ#Dobt*EP z^CXLkT6~6qwk2D5o^DL9cCb%lnWX3Dgd2h!@Kd;bxC&Zo={024=ZQ8ENcXOL9OqOz zHlFo3LY(9(S;^S}*HiyS0V2VweKm`bAwCHdd^xH-x;@TKI^8cO!pG6(3kT796=YD= zToA#w##K{a5K~D+)et~#s%-<#`>J=;?_)5&`J*=rr2$Xfq(FWD$g*5ts?>1sCTgMm zKkrUQ<)NL4d*X5y`o4P1p0~x!x25S}(GAjdTLW*FCAo<9yE8VJfP>O(3 zwahZN6kbdBt;jd^k$p3(SJwkOkH?Pr*6eEVU)*Zaw?62WL!Ob$vDaekT&@__l}=aF z4?F-@>*Xw6%bQ5Jb7Y*|;aS9|BZzqK{(Jp>hA)2nHsuD`oEcA0@+z@L2fbZtzIw5u zGGkVgqAod*RP7Hn`>v-Y6nEMU&qI%PmWjVXY@@^hw)0MGeLExGpNSPL+ig&j{>gEJ zp=MqcD(dQKiYKjon5h#UzAAS4tLuqLTe%Wd^0c-Z7JobRmB6WxMu$89* zQ91*f{n4vE2RnTRwt>^4Q{EmsDDURYZOdAa%p`O=+MgZYbFmGMvns zFJopHZLK&sKl#l5%p8)m@fzme_6}%e|C|@#f2R~-cXE2^-X);6bpem9ev!;RMLK5L zyw$RZ$35(z9P#s}E2W*kcZXl8DLl)nq3~&%P<@qSQdaY;HWSBB@@4&}GKzaP0W5#{ z8zD8?(nwdjB&ZWE0~GXp@&i_bwoVqe@n+W1CpIdxOCoUL$_pR7qlMD64@oFo*yOA1 z-4W>^n(Smy$XG4(#b^Jv$&+&$o#R-E^hG0F)H?T%X{A7a>M^IssQ~6llX{djulEZF znHbodW;(5PrzK?aX_8o2d0ipwY?N_SB0?;EVQ%&v&-UVh!|aOSvL{D-OY>gRzJ9t% zYVJtiv44Ij7l^qrY#mLC zg-ZLcK2+U7go^`fet%)feVU#5^Du~^bJpHUD}NXHqi`5y7niP2ug4b}@~xC$(GC4)(%U#4{_1!7HInZuzVz zl>N9Ek59RIqHO9^)Kvw{*#w9OG(-erJSuVDCwr-7?sN5QYTTZKaYLA_rsYFJY?IU# zw@|aw;`$-YJfV6y8he{Ho-7}en%T6-WVztfkxl<>x%tTLjBizc)5zI_%JAaC{lE0P zsb{QOS8wgXkmNL|pq8}|{gwVEg(UH(L|+*o8i@E&q=D64fp!Ax%8eB*wWz{qvvX>! z^xcQNZsZ41dpp$aQTmuP^#m1Hz^7ILfl&^p9+fC$A$| z>9(cs7T1{Fm7t6lXUCu&8ZP&1&4w7)r-KJ6pGF{Iq+8L5z&-1636-Oi#=~zuG~||Ah{=Ca zMhgW?HFI#8!qyQP+DWgVX+}4|#ps+opnayq!4VOWs_aRQ&dFDs!T_&?R}O!)+eS3o zeN)fPGekks$_L#}0M-hu3d;Q2f}gvvhzI%dh+T!q22F4ZUAnu6X#oJj48(o z#rI5Fs(o2`Vn4;dG%p4Qu{+$uLh{xk{1VUp_X` zhO#h;o3!lwkBi5bT$=6|PQ^v$@$FYXP?>P5{4f@xtP{A_;+!TfXSpalA2*{1Daf@L zS>BzNr~?j9%STnB5%$i-y>Ca#E-H^wy-Knx9DHSl=_jy@a_q46-X^8BN6BJoQE`T@ z>31JA!tp<(@lNyL^4 z=@Znc3bk)kWM+xC$Vk-y&eLY=oA(o88EGzW-ywU5wSql>*}Q85tT#Zqcq2WJuRGg^ z2y(AFc>=7+_K$VX08f{}o;12^+LXpVu2ZMCg68D3{6kB#4@QMANo61{E0#3IKJh0Z zd**thyYJm1Nj_S2)pdsg)x+M(I)p@%EB(_hc{F}3249r5N|HEhs4wI8PWLRkz26X3 zT#314w{K*{^pLjoS5FX1><#ba)gVTMr8O1&*WV6?vhIk#^iA_XyzZfM*W zfjn!UqljgsA~h(#THoTf9ePMt610HQ`yPR0Mpi*Jc8#E#gtUg!K1@u}m9Hz(ERj4u% zA_7yM%qfR?vcIjJF?%;zI>N7_Gi}4L6_#K^rxm5u(P(i_C@^OtXpugYRz z>#eplxfH?;T)D12p*>R{cOb>0L6Ulw3v-K|BF|JXq| z=YYuqyHsTw4wA0mZpt}(IM8>+Efd#Hozbn$zabx7bqO~VCqHj&t7u_J!cUdcMY((=44^LJ3hT2YxNbh{#P`J2(K6oZzawcl{#%#vnK+XKG9uu9- z!_#xF99;b|2V4(WWN{GmGf9WlBQ1YawivC2&hO^~PqbXhRyoLDJg0cDZ^Tq@$%xkO zNQ>$w^O<5?X(*HJA9f=E_~g^htU)E6r{TS-+b-%wi|0_}l4~M%ge~zYCBi`u$^`#U z=3biDWT0h6?fwkDB5VwmW35Q0X$M0c#71ZjQ zBVVObsUSnbEE<1g2i-mUormWl9DQm+;ST_m!@{-J|?I2m+MHJeJHL8&1*PKRa2EW0PB+0W@? zlR7%1K}kXwJ1G1LdbXGaB?%~!d)m?Nuq!g{O>`O; zWlUW5w*`Ei_cn#CipX@`r{fE&{9U$#%LUO+Z?%+r6)@hZLiG|q@H(RZs>x^05pA@Q z_LP#FQ^?e(2Xac$lHo$rqelhQ0e@+=$EvTo5@VluKa3q-q6nId_a6*`k`a+|gB3nM zt!wYvv(i<-?$6gU)C}w#&XsJXoIsao+v*-p!7gOw+W7S^7v7HYB?g&+WnxaucjqPrtRg~({v4B?Scg_O2Hj$}|Lm&TzXbLoe!Bndt7g3T z+CDfKH_%Xv>+R>z+fVn6WYENN93zSMi}&UENvQri`JTREu+WE!|Ur?Xs~`tNEK|{FdCyjjOxRp)xN?Iaq8Ne!TV+XMq#$Re2KW&5#rKVvXFc(RKV4Ra)V9}xFvD)PMt=hHB3q$Yre}O2h{B@G9 zg-OR#)69aq1Q&+8OwSz!04Qq~wH|9QK-r#Q*X(q-r7Pa*5xyuIj=W3okR7Njqb{ga zQMB?>5^{(_sV?Uq`WEeODU08t{_N!q$O5(Bp*Eu|Wx(-=WsqS}3sS-BPLr&sc%@4~ zn>y=5)dUMyfLshH?7qgf?aJnOSVaQIhN#~p`H()OXxdjI7`1og^OseVZ@_eWq8>h~ z^}hf8)q(-(Ss@1A)lwY4RER3Ve(g2F6@neI!Wu$&PXX)d0i;Y7Xk;W(~%W%$7l+4 z8sUt@Q$%H@vs&nZc}FSti7#O;4%OPnxj=!{tyLrN&f*Ac$8?9j-m7v@yzHTK? zN>UYFe)xq-)~%Xr&ixmgZXXxS2tKXS{8sdFML2@R?*-~6i7@nN0>&) zGd91q(Y{Q{G$v+j?b)m9WKoT7Ka~fzb?sW=8T$(x-G*8iNvjd6b$dBQ^7J(@Kh zSz&s0cs6KAblx$oEOtcNdUG|>=`pFQwaJ***=v$JhzuM4a<1E`T@FQ5>u$Li0!d$< zfKKLE^fJID+a4GGm5DQTmnkD38B94Tpe8@K(fAf#|3^%{{1u;k9=FM!uGt`+Q$sph z7Y4`ew}m50cA*sv(5u=GP9P|uPLs4>U1ImGlo0^j3(ACQOxzXd*jGrcSU!x(w2JdC z+^<|Z!G-iyJO7ZQdrPUG;9^ZaSWR5gHhjx!JDe?ToOu^%vcqhV-rul7gtI?XLxQ3? z$-dKK>I?hH+*&Pt=h0?UWp8aA^LXmcmd;JH!kLBYjQW*uN(Xm5Qm&r?!(C#fgCkm; zWe~Oou5`d;ZQq2RZ&S7&lOZhv+T2_+q+(ws%WEUKk+^M}#qoP~SLi|PeSuwEd(tO6 zmr@qJl@LVZXUf{>)5@w@#o<*DVbcB0U%R1FbdvGk3)&a=W3- zYj1eQz2NyCsy~z3Hd;LjyNew2WGXXqOSeBQ>GL9Ln7L~6NW+$);(b*Jyf)j)p+#JM zVQ&D(UU?SqOOy5Si9tcU>L(erskS8LReer+lyiQb7r?WNw%X$zV7&ul zzsUT&MyfT4`yqeD*eRM(H{~;Fzs!wx_{!WEv;TTczb@*~hT>zFI|eUS0G1zgs}mx9 z9P`m$yD1|&J*~MVHlXpZ&&q{QCVSMz!ZvdGPxWROv_1WPo7OWu&H#^{EA^bvHtdSy zEc%P~6pk2wO6!x>Pqy-e!D6a6K1;UcjSLKb!82!hGMBGP2O+}e6=-N8JOr{`={c#= zfY!!RoadM)hGqNVQO%Zo&};TPU&grQ)4^YB?!qTs&P$r77Pq|}^De0z>~0i5RNlHL z;fVZsZ~yI&E?;U#1(nTxPdDwSf|&- zz1u^G)yIy(P4Dy)2sKTTQe{zzVmvv#_7RcW=FE;5>D_5ZS!d=uXXuv)4f-I)kmB<| zhkZHJwfvY`)d-sg!Gfq}WMs2-oN_vS#MOvlXcCXeaX@sy`vz*Nq(1G|h*MVw{-zF{ zWxhlLIlGR=O1wHLJo!3kD@$to0Wt=%~VAg0FpjALr)u3H=<(ont?++-Yh(5J*MV6Kib zPIsxHkGnBBaxM*L*24+YKTh3-Ao_=@tbhY~$EO7T1HZg&HW1(pqMbJHk^u2-OxVYF z#b*)gv7gu0NLkF=!YOhF=U*A(JOzw@-g0@A>iNBTK?ra|#^S(@C2h9^i-*zw#vQml zu&W~%f0Vk`NK3g96Q$O~=Q61X^sA_-YO;(wH*W6utuufQn|@dF=#ImvgyPA@^lLYw zx}ihry^(k1aujTA$sgzVm}&0gk@VxtKH)x`3ND6 zr9Lzo8fEjO6yLLFxtNs^djT|rYTgV(I8))KZ(BvT*0AVPQABAF2!lPJPjq@PZT@Sy*iD;ZASL_#P!QZ&nXWlE^X{XlijC2AbHN{rq+wyn>}Xl zowBg_2-kg22K}fiZMy^7xcS~19x6Yoc*88I@~2JxsCdN)UB1wKi4c`pr>}u8tr$C# zP0Z4{u(da6NQd0_oPH8$oT2HGI8sEx0*INCCPF2V_ya%Tfv@G3z#Nt9Dk{v+3OyKV zg!F>&;0uL1g9N5O*AG5gOy;An$l8Dy`b#S|MXIk>_i*O2mH@D4=Y!g0>gUa@LVs8A ztTt?@3C;>b+6W(Ap7VJfg3KSVVD}IzLBX0*V#S=8n^)VguKizRJFV*Etl;-iFIsN& zd8tHGXy^2i+ni8tq>t?8V_p0Dt=75iORM+)lN9=O6}a7W4KK)g@iu8jCwvTGmeiW) z+FAhg>Y{zT|Jw3q_|ho>cR-0Z@t6thXQUSjjM08rP^wdId2dZLJ;XJ|4sWle;PL#f zUDDRerisQhXz1bX7-kPUQ@_o`f2&u?Wl~wYjD0n~Zriws1Y{WWQ4r0DG~{UF6-?j=N|7c1YX5xCoE9N%2bTrZwnpA5=Ow5TbKQv!eH} z=yNJZ5DGnh%(RIjRPW|mlnv?VAERF_Y^9?;UrMKD>^Wu?zxXtB)^41kp=0JQoS|S* zeZw?cf%j7=y2cw?xb$Q^5-u4y!zG>Zp>TIe!K78%C5a|CymG<=#4Hy|&&)vznT<$; z+PE6~dKKL&Cd3}6NjH1Mrq$XA1d>lamJ*#RPOzG!XjvaNu>lM=T$N2y)5Ep8i~(#z zjZYK*P@&gi3H))rRlv#!NQ12ra}H5I7qY$gd2k~;pFA+HI%b{6sq_RMAdD4#8w}h4 z7P2&n54-+r)(OHI#8aVcc#JZqd<-q_SfLfIbVEK~y{K5bR@zeA$}uX(SQzM3+5t~f zFz2VHQ&XP{dMu}COt{I0lglw$`Uy9PHOtK#FLuu@wI2FrI3oIAVtgRLPECrF$H{LQ z5;Vn$zz7IUIjzHik(KxyRM}HKjR|iN)C8cAX zGyJR2uW(%#$=R8NZr3N&1MSA~nT6bAp>ERDGdmr&KfJ>}*^uZO`(T}AsXj6hb&2H!Fzc0x0Zsq4R z1vhW{X6H2rhLmnf7B+5UJ~lT^Mq0>*2b9i}l})v#5Pr^;+dm=73;m-{aQnj|#qQ=2 zlu5L?k$59;HoP3z(OxLM-*p+Rs&3i=KQs)qFKJ0n%aJSwQqI13ZZjVoxRn9jF7+Fg z(}ECNwx$Ds!;F!F6N1ZKO+FPh#GizM!|dXfT|=$S_6T%I=PAR-;@3EIq@%?bNpS@V z^_O%gNptU$4daGV&%+Y7+%5j0M)YGidVr%Ly0)dsAlLjXk0|X1?JiehjjR_6B|W-_ z?roPwuUZvpCVSlh^OAJfHpyDfoFMa3&5t!ybWU0EvYuxrKV}3Dxk+(N8soOW^* zvzYqgYC7fxXQPR#FxufRH2i*?vKzv0zD*Un8MSqjj_<-K#5{`=;v8}a;zX}yAWw^! zt-#W2Os_X?pqlOX{*A-s+ca@Q06g0U0zaY%?g~PgF82VLHEP0zL6I53pBXaAF!p89 zaMHvS{#LqL*Qa(#;MvH$x%JDqh9-=+U`kqb<89&UX8)sqpsf?Oo7p)-nUMFy?q9hm066)CF~P*Un{f)-xmVMbqR#pszQc%^v*j<9*}f(ooM zijnK0ZRHR}d_@Xge&97MZz2>{uAp8-+35M!z}Kfimx>5~8JOU>`*enhL_uWyxwh%u zH6<_%CAMc|(ze(CQ9@|M-ro9Kaqmb7iCav}L1k4Mf%5P(IU{BL=CUlH|owN1i4Uecq3P)&gRJ_*+#rhq<6`e~m)Ak}x z9}DE@JTxk;YyFAsOQdG3sZ8-e(we>t_h+(O06Q(pTA7sp#n^ktv)TRs<63Rq9k^T7 zRu$cfqV_7fRBN_YY*n?zioK#$v=r4=?NwWl5{VhKs#?U3R3eEQ2_k|ZR+3-zzTcnm z_&t8#-}n5J>yezCbDeXYbFSBTzMd~zk2bLA%AtT_7b5C-^66zfD^Wr@kGtTYaF%F0 zI)@&$+=>Bv1-J>Ei{&5i1AkFDl8}(r;ul*9L`_miKSCkTRKMC6yf{qAZ~NVq1xja_ z{``E=P+>j|jj-@fBXQyeU3sDm<>^w{k1Do|4{$iFo{;95^F6!&cr7^- z(4%+({G!JTN8ZQV3wcHvCg%m`cxH&&L9V31dvZdMBQEaU9)s`5k|l{y!0(lE<{>WC zAT9f1A%OAVn_s04$~A*MhTW_%%=3M7oN&lipR>wlYPCK*f%bfJ%ASww`h-cnwbQyY zGa0>7doZV)P4sU_H3MZ8KmuT`IxRXHx}Qn@U4qJE2yg9Oa+D_PYY z^F&WGD(AX4kbG&@YcGLPc*MAUxqHJooLGAbO8+lr2OT)u6WVxRNl8gEv3g&wSxrKI zP}$L-qs+4-)iXSK|HK_b>rUc!Rt2->`xJZilHFt2d-L74$>(iTa;0~y^7p%oX?U;~ z_W8>)&pf>-B@SMZzlqw4-FTYsIcU{TJk}q$tymtkb)tF#>ktczn)pHmiJIA=PMEi$ z3;cpV&hr4>XeT)g@$ai`#B8e61a>@eAkHn9Nbbx^uD33<@rCo>_Y8Q#rH(+rs+$(a z68Jb&lhl{;;%+y^2{yN-ZE)i|BS&IA@YX{s9wud%n-Q=(*(h7D>bbX-5D)XY17C}> z(Y~{D6Tg);9-dO&wNx|X3+1mRq z>y1xeBbWk1qfQbYq0i|vL> zLYK>KOb@*A#;Bcm!T~qweLl?BfSkjI(l7ObJbaDKb#4>@XC{<%yE>)J~f6csc-rH0p)!`#m z7RBL6xk6Y&pj3+VR;PqV5}sh;&BpD({}Dy zHSgBGIg(O|etP)BLXUSBB~!EAE&w{hp4TH0k>AAdC8m#POdkR!RE&+c4L8 zyJSbo8)ZM%Jnd5n@%jhJOGtdwVJd}GRV@DF&je z8kV4PsAE5ea9AT!$~->uKGMZl@B#hq{%9I0`^n2sE-(K9{Mvc?NYlRgp3JDXIEWn5 z4<@jOJmbK`c9pg9P`f=y;rYmgwQjM2(Y{Q-W-<0qaZq%#cBPj~ChOM)1Kmzoj4*JbPm} z7e3xBN1W)y)RbI?8|l2f~*zKgX_M}`~3>Nhc-jd z6NI#H=68fB|FGSN*Nz*>4OQRDsOYvAEwF7T?4?&ep&loDVa@A0X66Z9sEtw@s`QB& zR4ncp%SjXMzuK*F_oAV12>!b8lMPQxp5}7p@}$|4=PP@o=a9C#?Pd^ItD3*9hlz_c z%-jC4D-K$A`K|Q0(`OJC?snAq=1JO9h^Bb%?>^QEf~l=(z$bw|S7t$;^4{M7Io=X4M1G zS3{>W0zIu~dpLA%KpS6#tVDo=Dh z4iih#>ZUz?z#bRiWy z;ojbpH9R6MyNkksP9b|x!206p&4_a-#)){f`p~J>IDF&Y_YK7USPu5l;*FI`9x{sAUJhJK=(pN4;dWtPvvt_t&`? zK4tTX-Gs4&F0J~kv9A%&x|x<+{KN`apZw{$pjldk0p-4Cl?KcZduM)Q$7fVoflX|t zsimYse8NVwHu?`XcfS!9=5Fv}ML~XSb8e%csb3)4B2CXJd)D{f{$b8oI(}Yc?sIF{ zdfm8!DV~`03iyHMJqOMab1(hMtK56^I#1k{!*kZDe*J@WnP~OSd@W_J+yJfAUE9qu z1C`|}aV2{7(e>r>K*=4qJE|SI*P|y)q7Lr?KI<2MHSEiM^qllf8R~da%V1fE)7xCg zbU+y<%AeBAp#q5*caR!V0cj8Er)Ua!_g~!U+h@Y;#*)^%1-#>?`449iZ&>H0;PTe` zQ&{DJ98k#Mp)T0K;CzeLm>3Z&EI(@h+vmFLMD*?Uti zd$r8Y1-;Oq%_UOt-JfAO=Fr-o!v6`s-@LO>z*WyHlYUJxvev`H z!=S;EL%VY8ty*z{#FsVs*}m*5PGXtW(j$hsLMAIC%BTR&0lkYbQ2=mmi>td^W0+=; z&etCPeW$1>bBoo#11l<#8gR$$B^%AX+kJq8A+0cp%?bh}tDNWXNW@lFSAGc)iQS#n-XpMY7VYtxDc z8o;h?4!cD5^m@SM_ZYV4YEJTGP%~ohJP{v~+c!rcm6y73GPT%C)n6I@7Ds0+gJ$FN zt8)rVeXPW};X~6ac=VFMD zy>7H&BUnvEo>FCgHk{f4C)~phJ94xRh`HnA$Cu}F6ci=7s&hERrc8IWee=;dIZq@x z)uNrqLKWX2$A*V)W5mMYl^W`gS~@VYK1gE39 zd+MrOB8RmwH&1%K?feVqhl|;WRfddl1X<;A$Jjex%s7>}y59hME>>~J)I^z{YU4Y4 zk|(C=zV6sHzC+X1$(6_R5J1jE4>kqZa)s^X_K|+X|DaJv=$+?B zS~v1M?>??DY8i~(lDqA-*Q`iUW8&zQ+ox+*C{1eps!^wfa}b7(--HK(idsvrN1#i! z2_XonSCN^M8ZMSOD>>fJ0&ZZ&u89iz+{7jMh~}{H+Fe2el&22gR2kVT-7q^p17CIE z-h@mh7RBrzG?zqH+h(;{9;GFC_m2DF6$SaBqr2j}=V6%p^{1c6T$8j|s@tmkHM6GI zONK-^6&`W>y0>c{q^w@8m~XH*7Vf(-qMR8T(Me(0ZL&e}>2SFG>&zu-g~+r_;}5dg zjxL)vY#hZWrf&VJkCcHZGK#1YwLl7u!w@}!TSn4}i|gUT2x(4}ZL0r+nc=$y=z-lF z2jYBF*8aT^M{3J-^2t614do;INT?`VB3sRzT;oj5ch~L+^3uch&Y|~x|MTeo5_MB+ zb@MZydK?$`~+&18ckV8oVdSfud}?LSHsWQXs8JZkG8RU z?TzK#C;sd!%lLmp&VVYXv(X5X!>uGX4T1h{c*Szpz?6<1m98~({id9H9Afy~7B`{m z1rx2c7I?+~0P|^|iIIYV0xzo4JN4Fcj4kbVw*@1c#y%YQep$v-o9z+;y{J*2}7des~A9HV@| zE(ZPqxbrk~g=kCV73tqvMZ<45=T1jXaHf;~MsTJWC(=josOjeeiY8-yiE zWgXOsY2}(Hh9fJ~2M*azAArZ?a5V_g?4a6$G}7h2{^kk&GDWu*h*q9vMHU44UsUd3 zTHL1W@0!Q{vvAT|TU$#X7u|PXn)pai-P499Eyt1J4Gh4&_9#x;Rn8aDvWNc30Jpb9 zhClt;h$0#mPSXLV`G18@7k|w+t^ig@*9;1n7Lja}dhLwn{mU8-N)P-opm6>(C^u}+ z-5f-iu{cy{Q?_S%`9l#$*lTaE+$tOVvTyEA8oF_xV_A6Pppdn&o|(-!B=u&=o!Scv z()Na~W!Y(sZT??F<60^>`}@j4VCA40I45Ik2VOO8C}vNnGLglPmG0@Qbici~1gA_s z8+(Z3Xf9i=)-)d{tA`2ja^U&KZw4Y}9QwDX*%RevKY_DXyPQZgp3lJLP=DWXzcLk& zB}v+ubGl9J4g62p_mBG1NcueQ(tI2Hb$2Y@?WkCCg^ry$zUpJZQ#qwtPm)`^WcDPtKho)(c=m7Gs^cZdL-o9C zh~`KV$CgDh2H8E&`Frg_zDAl^la%+@bpUcZc#-fUm{Oj3j=YbJ!zvoBe3Gd}vShPj<^z`*0rm zPi?N~#$NrOiesA9l750Z8tf*^jDl*Bba5Zwgi`;OK*3xkB0C?WwT_r#;1KuZTCv?Abnx z?k5dTG=Y$}_r6PRz_$d4gLT#@n1P)=WoYxMs?0ya)ZWiV5&vxez3cyT#Mj)*#iKk< z8k~BQiE;lNSDfqr8}`M$9dp6lKnPOnlpXwM%hVU^mALG3#3&zyFKZvaCzWS8ugXDs zD3k}@q8vKL8=fg_aCk7c2s)Iw!%Ejb-L~@DMB`IXdc?b~jB|0S`?}#LRel70x?Owk zM3L(K!SguC8(*n!5`X6x_;ya_y=YAQ0epeK*eHJ9;%UJ_HH6Mnh32@S!}oL4hhOt1 z3*6^DCf??DMdm;an)JQub3nc;jYB6P`|kdom@g69oti;s21_m!^CKsEE5*HcT#c5zbGysQu4rxa-!Qmn zPyOdS7Z%Yn4z#H|hp&&%iux28#t+RLct;oA^bIS*D)da?T0G0U1FpI*-|j*;-w>>? z!JiG@KYr}~o|3UwBmkCtb8iU!;zkmw<5FRl(@;iSRAwKAs-4XOXUgvB})W(>`A1k?5N|rj?N^fGz#~SG>@hz09|JWmm?BE9@am zczN9f@J-U%j9Lvkh(4n}Kl`jE@X%jg#2Z+yxC=@?RU5PU%Cw{PGnw0$3YNV!<_fYA zotYN;(#VSEe=~EUx7O4ue+d2!J(dY_ym9BBrnw%3IfRC8P4;Cfz@2+f`TXb6aHTID z>D{B;_)|il{~f-1?XQ27JgL4k0T6&ab}k3;z}K`hWh@ULVmfGB`A< zdy|v)@qXXG@Kh)(Rr8I z&5+&hR}yuD!Mpueb%sBUct{5{eb>6Wz9k<0&gSHwQ?1!T$+!tuas6dJK! z-%;;C;`{6Wkz+ang-m@L_u;6f!D^Z>@uGvV9|s?Tu_@1@$U0?aKH)dS!*3Z!hx|7Q z@1|WTSABZ(9rO{k3W*bEJ>!3Om^B#tM^J)%2HRg^vGR1ambe#Rc%D||4Bh`kDHxen zJ5%W!t}1R+x*pAUV8S<`UOIC`t(0od@7i5ov9uE*p&D1pYd-+|=Yetb$`{;&kCj3z zBuq@d9X(_7bA6oqL~>=FebNXuaa4=XWzE6pPz8086NCsmbS|K)VT@!eW@$nzWuDQi z9V-47z?QpnWIPYocJkbknTle@)4HmvssvYN(&&bp&4x5&VEeqWX()?2ZoK5%S?%mEwLE32?&uM%pc``Rx=IjLPXzYfG*58_-<8 znI#4_jC9_~NKtwGZlJ!%upb0x80^+)v(;zMc-p0;hdX3{Zv6W8j{VMJ_{1ib+%ngf z!qdP;H$*bt?FU;NnJBGWl1g8P1vG(GriW)h141-Lh7`tG_~r7uD|A_@nz2~#tVC;Z zZO|i-qb&33=hC=V9J8r4j&iLF&b7aH2M1d=|fXz$|#i+@TEhWgnCnYy6MUFnhZTO{l90oY}LgkN~>QFq(Ew1`4`CDW2$ZG7wDkQ)|dXdlzvw6RLR zD0ro|L+Od&gEdc|UuhY|X^fGLv-Ro#$d*p~_{v_Nv9ECJoe&S}FeosI6Z7Y`z4|@j zDTBA8WeU%(;<}atxyA+j#pMTWy0BGBdcBlsJD!7J*Mh(7t*IITA0cLeF*AQ5Z0mg!g27_#!G#K>=%KVJf+-{`Di^wy#@|ufr{p{@z6}O>EQE zDoI!Ek}NwxihO*yk_8)>ySYpeVFbWcVqRIVpN6mhM@F$by> za6ygctx%Q7Owg(|gPX&0r?C}NbjNDi8WV75H3X^Y5ng2>7(7mG_1r9NFnrg3jL|=m zpy@Y@6QV3i0j=e<1DT%b@M4;FzW*=aDMSwo?->BMqX|z&je2H2!d--UqwKqs`#}AU zL1?{d>q%xBMCJ4DBO7@#wyrA34SW|k25@0u->h4Q&RUMT*jxQXV5cMEJftS3$5+ej z#3`-Jh*4fN>Shbk9@i$@S-?0wg{5c&^>4_1A9ydt+|_N4e|B~bU-7EKwZXupxk0kJ zrh7e9#7LC-<+p8-+~}9Bj4@oDnNr22CRr%+@<8uaUt7i*7EF0qvwstxnV~EV!tMGp zl8=@}0LLoWuYxwV^>ZoenRS{|=r7|L*1L>Duv|92$PV%=YsR5o7vHWGTw_Rb?LrgB zKb2g<>-)=Loafq}5=>5GnT2Mhcpq!cpbH~lJLM^uuu(N{d~$us5+WsVvnTxaitEL@vwfisO(Duuf~oamNQrR9xrR#K0!TAVX=l+$f z`rume!qBdh6j>8P^W^sTt<{_qyqaxVTW>@0Ro}zQR3WRFA|F|+ zvgs>F4Vg+6wRQK(_~9P&hrk6FMxxa%P^L4PBa)R~0m-=0M@1c7P79VWOKII!)Hx;= z<`SC+ZZTK~lI}JJMYzvrX{OK03VZ^? zEH%K9Eg-wBQ|ZnPDSi=oyNg>X0sKE#u~%b-l_fTeGDYp3p+kBg5$*Dq)f9AiuDTG0 ztdt&si$TUq*JI}1csCIVo+gaXarL(fyPHZ47gV+NlfcAJS^U|~rJ|P-sgZth9u|#c zB?f6^A!K5-+FeYIH#i0K%jw=Is53oh1L_$hYu zhQsj@!tOijnzt#xA@2pl*V*cu+a}U>Cx?bow5qxdLr)uo>*8(FJtFH`Lv0~K{26uT zYWZH8&uGW_Rr43GuK)wH8eE{sM#^Nb9_*T1)75tGr7QYlQp&cMT7FfZ0@+!&5Qnbg zlmVJm9gyQn5wg=+Z%TL>Q8tNUw4o1ME-mOJNz(@Fbm`%3nHKcPwCwGl&Crnh%P;M|Mb)al7E&t7yLrA~LZZ1I1AzodYeMGZ}*P z@JO-)0a`+QSUyKbP%|jYTNiVqu6_zl#GN#5!6eZL$_q-c{Fp1H1V+wU&yx+!@VewB zp~7QgQI>{xfz=NUdrx_;D42A~JGAtbk36QyIW^OC(RE81FlednDM>TyoZy{#f~tdl zLl7l5(-FjH7`EA|D`?fGN!316cZ?wvA>&@-jWUWy4U))O8_L^HfFVA{&RlS+L%U$jB5TfaGzUlZO_RehHmsv)ndW&~5 zP&9`IJ?itMY9K0-J&9X7p-bX&>0jUakjZe!2kr0xP(mf=e6+P2d+KAiq_vd+BV>jy zPdl?9l!nO*PRVvvdj}lRev8Sdnay?40NW_#G_To>jIiq?mfOPXph=*dD$n<7+E{qc zIZKqMFvx;;iILu`F)$OT&ct`Qh%qwh8|Z#o3cok_*V4}LA?4mmCv95u#FjZtJ#?b^ zMj!$&}7#XH};>vva_b1Iw4_Ui?4R zw>BV4t-T-SA^D=aRZVP>b%*e9>VkG|B%wdFbOF7xBgP*^XBqPo7%Ds?+IQXSXnsF8 zRKasv-d89;>Q%_QDSY0D{7&eS(9QQ2Vu%Tstr*0F#Zu71Xo+S`J1To%*T1D&0-8pI z>wQ#F%3rryS-O%5^jk*z@b{~<>yHIIQ`8#p&Cf;kGtW7Os>vbrNEv zMQH0=^=;vO2g9}?OGZUqw?0M4Iuuy5*P9Bh z`B5c>DdJ;#lMR+uB1N- zTIjO6T}E2lc!lrz?pIwk{I-%gyLt$pBJMRlu&{i5gr!gNxLpDbx_VHsrsZalKy0PQ za807k>BH;n;r=8Bea6%Z>T8Xwe4Jzm4gFEC8T>G7wR@ui0<*dRE;Km&9^=;0bYFlT zih^oh9`zjX+qOmj%7flbFr!yrTELFXu>@aEziAeAs2Rg}KMsi>hq7CJWaKcKg~{SJ zf;*Xp*Pj?jnvS$xT8Oy$Z0VJg;GySj9C<`LN%I%(M@dPK5{Y7)I7E*fQy%gFzDqV4)Hw_kX zOA|WFTD)m%vxKsALZ)0di^Q^ADoU|ADb=zz&`W2wU>uxnZ$Lu@eaW6C`_|}N;9A5j zr9hBb0IPh8us&Z)DI-?)?BTy4Jp zl42PXRhNK8_6ng4#92+VG(>EIm~T7a8>^*V+{eX6%Ab)vB;$GzDZ0k8?=6~e`W{5& zU)a#tokc;J$1=8Wx{yd?al;FjEE{gI#xnAInMn7k6f0`{5iWr7-DC~4<_GYK z2r`ne=<0Evc>ygcA(!H5!iEks(gnT>pIp8dZ!MZ~Z7M%6L7jY>#yBV(F%h=Rv|^`v zQ?(t6n*^P}5q-pGOxiTBx5Jsi@%+GSp5M9Hdhgh;=EucTp1DLCiTbf!1HPN-)lfja zsD==zKZsj|dx4Ppc)$g_l?976+S;#tDg9FVibL;^tt!}J<}w$?)tEx!3;TYX5;Okd-z=Rju_9S1sr6|C|f~U_em6~)4J(K z`EvkvbnQW`3(oduuXR2B$6sm%x{7+?yUy(ru@XPEOu<4J@AvPeRBJ|99d7+WS)p$x zy3bLqldk$LG;XPs+vrw5(T1@dGR4GrpV_5f1kv>H1K)qefo#cz?CU$R8rnIv#OWUM zu=J)x(b_Nibo#HyT|U=FsDUsum*n8JjHEX~5Qg9gfnBeNw7oZgTX^G9_l?CP=9+bPQpNKu7L$%jZoSwMJ1pS5I+MEp+{4>S zOFtiX_t)$Ht{}LiKfQ_ZS0%Tg>)bf2(xSpU^d50SXrwk+Pmz)Lx~i!*ME5jHn>L%~ zbrJg9p(fgtXkVS-$}>@E9)eZ}5`!(7m^629YlgAYMJ;G3B0hN7|6B4Clh+=~2u~`q z)YitP9&^g;L23_xI-Gj9Wo^cZzak+v}qA@Fv~(0o?7F zZa+?@;PMSyvS%4B7RKG_BsYYqdbFsN{c4BRh%-*T>Oe!b#{Gj+sj=c-*nBSX=vsk? z#$b-fu^w$r6Boo!(KnxoK`E%e**dn(zfT#iX#O_Nv#*K&s9k|L-4gJOXdUaV3Yk;b z3ADh>$Eaj5bM&6^SZ?p+c08W!>}1rV)L9Z>XtiyrTS8J~Yg8X^Wy-@^l0{lLcV-}D zrz2XAWS%lT;94D(y9H+qzYhV;ydzTwuj*`k6SUkc-Vl-FZ@0_EHn=8colbY=vAaJz z2B@JZScjIKG?rsu4WAeMT4LKf(X66d-ymCX(3m=sO0W+^HX2j2v&|jUH?p$NH2mTN z4i6-|<~vOlS8#%>Is4O=@%G+V!d-8`4T|=)Z8)q%2j3pZc7il8Ua2#vrnrVIvs^f} z1Z+?D?Ce^FI|odMed*C}vw+0I26>j1g@Lv8bkg z$Akp-uiZ_Zi>~b%!9G%>)`o1k5pIKZJo_VQI4LNl zseUIairUSLbn925L)8!U)h$jXO%1oH*d4xljVqU9mT>TS{YJvS1Go6@+esm8I(z-c zQ%?h-v0nxOdj_20W8Y3vlZJGi%)m7@da+?g&g7wxaJXVD83G# zcZcPFO7Kt1jvqi=G0#FiE2B9&WJQ2pmmXW+l*5^4#JAoJUk}J{_~Cb3vqim++pe}p z4|L_MuUN;SzD@|3xH9+U@e6<0$x8W@dZq|=Jd-u2JUCvQ&>}fnFRRe{*2GN6#BErP z-qGw3Kd=LGPWiGfW|kW2b(3|};iv3(IJ@NaVezZm$=OIAGkepT6At3Duw1zkHsiLI zOT}*9)FK6>Rf?2-vpc#tmKNIR1Ge@9`>29ys!5rC8@pqEJkoaQLDH}*C&8VIuGUQ+ zF6nON3o?0VR(iKRNTA3vct9Cg1#aIcWp;H$tJ~LuMOof0Yo2cd`PJa2RMHj!8UIYZ zW?DH?f8JI)W65*kbl6GF4|q{oDm}|5{IBvg8B?Cf9rW+wk1HYh^GCZHJSbin<2EIWVM^#!TxS% zFO0{%lG5DF@P}(%YthVGu4c7FzH4Xt0__s}T+6Pv0JA8=tQ_`sQY|kd$Ss9!A5v(e zfkPp8-p@AUN|Q3&RMINEnwwJEKHF(BuaIo<-xWPe)fxmI!`q%DM*`;0urJj=C>+4r zH{r1@Qqv402grh+E5E>~Sj=PSxF!K9-9i}9Y5<6o8h%W}KG`V|-Vy~>Fqpg86uQ{q z_uJ?die38(@+~u_P*WW}2+%~zx_b`S`c>1x zR6I5QG-R6pMH40J&He_w_kvO(0$TkDQVp`n?ZnG!6j zLy8{`4ZSecQK|%w-aNp7S1j#=UT;CIb4-L|fT~BGour}2V+mU4agH?{>68@4P-U<9 zKEw<+*8I5njiCvpmNJ7FhK~pDA2F_XN3U9dj@b}SN#}ywt-~Vs)%R8vdvlxy{gNKo z;LXF~$r|ve$7y4(I?@yURwaqpK6HD8%=+11?7mkajJI=3>y_cp-iO64UC4BC`-l`f zXGs?6ZK0V-qv<}gjrY^nLV0KKq7&*5+{g~4OO6y|kUiZE*l(ZnMOPT!F@|eUmT+0p z{}N6c`w*P$ZhF^}k{j8$er9|GIu#1f((v+C*bz<7w+d@4wC+N%$Y^(DHJHru(jxO5 zI#~q)psuBRKihJE@SoyXMBv)a{VgiGzUrZ}YW4Q?(+wGP#T|Kuaaj_6tbE&X>UI}@ zmDx0~G+B%h8Ppf(&dh9h?&<|powip6$Ex@9pnt6m4l*^EZSNQdh3?-f0efuhV&%HT z)7&lm3wl#{%w3jVFnzL!xZotsM>cD*VWui1F9g~>57QQ`<-8E^Fng-&f^@a;2wu%b z6jN2awD-&uh%H*B1XSb_D~UvML0D~dTv6)yaGWN$1@4c357=pPe{PYreMa?3yLi)j zEhuKIzfLKi9n#NwlR^t0Nt>=Ko&1bUr64k8t?dWqst7}*DGYCQVmT_}nm_v@YHnZd zhF18SzTlAd4@mc?VbAvPa{!oASQJq%_}QlHF(S@;j5{bG5Vl_U>k)MN9o9wDFD1a& z^PaQ~s&lL_zVEI*><-EC=aK7#LOTdVsYJVUEa|w8GD1@M#@(dsV9#pm7bpDRCiEp~ zYb&ebA|i}K6*NruF?x(zunTj!yZveGj`-&#wq#ah|8fr>Sz?kgP(5-0Z#;>rrf=wJAvn5@}=k<#R!R-X>P{QfmKI!>DF(LHxCn~V#K>jhi$#R{;9+IDK%-pk>O4v% zN{u$$qtUk=k{rNyX{E;4Y5rg!xcdX+b_;_B`?xJluF1Vdw5~e>ebX(QA_C_=V?PX6te)=GH)s7;NQjd9B*-3B7%e4)R-=R- zdEkS?6`O_^DdAGicWkh`vsil(yXw{Ma@});Kdb$jmbRZr15zm7 z7E4y5ZM?1GCTd;}`chA?9w=S{W%flrnO`_7m`@#4Q3=*SehOZ6GYMRA?^-1HRdnw| zx&8Wt_l#@jC$)CZR{Y56Rj>h6hGB)MD*5}!tO=hbBn1n1`Z z*MT8nmZ;v+Yi+$B0;i2cWNYMT_`>A?j+>femN$dx(So4hCXt9i&q z_QpNJuVdX(0nFxEi3lo+A$U8p?+bx+9%|lMgg_;FL5L4tEQ`2vp zF!0LlLI|91Zvy`zXT-}hAWh{x4 zE3=-Ql8ISLGOyf>NPNn=iB&fC0i=w?_#UGA9*D5tH>n2_^1nsKjQkS1t$0I;3jVPF zc?4_sQt@`&6Uj|fbj)5`SHHZ44+~NvBOBEmnAG19|AGHNh6F!wH(N=YKUU%`S#o=) zyiwUSY{UQO{x~bK(soEDvy?ZvTk=NJ3(mG zh|{mQ$kVzdm1Nqc4$oaC5rOGNZG<-!KtoG&!JqYUFmt$Xg|)rG+>3_SPIr3WaU^|E zl@721!I8Tr@BTpuca;BeI^VNCBLH~Uri@1Um{6X-)C#eIdvKEdlr98CE?0|EBU>%# zm@dUh;1LddM(rPSPc#G@t==|L+4#aEqFJA#c)>ST;MOgUiCF%C%BH#p%pJtsJO+v4 z^d)oY4>YGkX=zbPL(s~$Wc+76Z{j8Fc=nJr~UU z0INufVC0BRdccLkxwy}jOM#|$`)ZCzts+GoQfy_DIn+HDmH4B*K>j~VmMpRk7PZZAICL3zS=c0u2N)8 z!x?vxJFW9GNl#VD;iDTF;mI4Dzj+_?23`ki>N3NUHI@d~$p#ShpCR@#ld z3vB)4-`0W~k^&9AAPSU=q)5`)n^Qo*V~Aj>W)7-cSRB~*nTiF~It+<_tVDPqT4WW} zFt8B-z+OFltY29gK5ytXt|A7)Bw;zvv7-K!jcD)S!A))ZOT>=s){Z-{zWXamKpgV*u{m{2G6 zjdpX-*-C9pWN_c0E{o{RY~XGml;vYSdd*(8(rjJhWQ1DqS%-1UR!oC;?ZM3j1}Yjn zuiTmW%veOLUyK(00g@GA-^3c}Qdwi-iRRtx?eaE7@d8SKJv6G_PLmC@(cT6=NJ>G^ zZKOol<~L~+TrB$#b-0U#)8Dq5%3oh(f4IZzfbPs!cGlXhV)>CBnYZU|<5w=g#(!o= z5JS_@VRR^P_%3*b7_b;O;I{Hk8-R+0nXUSi1QRXvsFGipVdu4&gN;eOe1GyS$7MG8^5rn)zkrEwV#sZ<@6LYaR?*QM-~=UW5Cz^)L)|bBXNeC~ zA{nRE!zK?hx3#s3OH!hY8XR^r^YAUEJ4AWvyaGZqGcvFmldt48RLdWAUtd(oxqU}_ ze#*EVnoFcEW8ttg^)`!YHdZ2XCJ|iIZoR3Kb|^7mqbxpPE}q@c51w*N1OM_Ojbfz2 z)^)`LdjTxHqs}iz z#cDZy6TYa$g$~`8AdbBaUvVMfogH{`H6P5LZq)3zfD_ggww?=dhNh>isqBnH!VL;HV&9 zd`jz(s~8YerYRya;lPSMBb8;%hcrU^rnvnx& z7SxbU!)R4aUiQgUYBJzQWnalnkle^>@H$ginN@G!1AB3s?sJFPUJvpU(R$WqW1Ram zS3 zcDUK>bm*+eVDx*1!h40`s8EK88DU9E<3jMrfiP1X)AI=@9) zhM}nABmFX2lt`vkR|N39$B6AO3LZUe3zN9AZ~k7qGB8;pilE=}7+V|}uMS5HJHT#B zAB!LEWyLnRRJa=>O9>q36XnCn8#_z$Ya+BRZ{F7SZ}k-Kbu4A)_rb8bkh~&*o>suv8Jsc~7v}TVg9XL`^98(%Mm}cYJ{%+{4m}rfSkB?8!iyhh zVNUwIQ4{C%Qt-T9LQTJHG*xdFa+GsgT#$eE(a*Suu5(G0B2TMtwGB|CcW~bDT!1EG zTlK!QYkxmTyrHhAr`OlcR0n;}73+Tno>cF3U&qmg#MMVvL+%}CubGW5;v*PKVh(R* z&iwf6?AhnhTgu>-Mx&%OrMWE%Ehi`CnV_-rmVy z(|#YYXLU|6Xv*Q*d~ns!;q{A&`BVZx?7^57m%vsHHBwu^p_`2CyH#vj#eR$Sa z%SsFzLjywl$Kfv0c?OW4M$@c5kDeEn+sYZEaC(I!K5;j@hq(kBkstD0?;QeOA(Cuu z`6ilN5HiGX^dt5qB#1mH;fEB&NgMF<@Om_4!*M*gN;r*Dj8X7!JMdLVSJEO|b2aSX zo6z1B$Y}kw95;4F&)t_6)Y((`U9*JVFf8%hB~FHV&#cAHDsAx-C?Eak;Zz5GJe%Fw zT?^V^s{2Zjq~m|OLKZO?d$bsWYqLt!j(cV_d&#Km4W$`JdmX;uYant_i11behz_)i zHg2z167f-Y()9_nNe&?X7*!k?1>8BLwu{1V?_(+ZTQ5 zQN|76`E7R8gWZQ$J_RCncclX^=xG3k@QSpWp;O_?y0sixJpRV6-6#HJviw938&(81igoR0AQD$(loJaLUTIDl~icg>G3B>WmhYD4hhUOB~ z-r-jM6p9nU*AG1|x+}NpNVVx{t_lc)=y+XHSiZfeQ zj`9CjPma^lPQtD;yIafSl<$Spr*o6X;g6R*+#7^G;TH!x?>oE(cY`YBYgy83SRS?#$Sc=2w}5z(W0 zwK-;2>kQ?IoQBv9bb?WFOhEy7gpgAmBn?(I>K+wi?X*PUaznv5X#V>z z#pWhP&*}n|(3G0Yxy3fLV1X2XgrmY(&X^izSF?f6BHhr#13}S5Hbt$Q151zr|KWYSMqykXR}dT47&mKumc z8|ZUb9;gg07=UKWT0D%pyZLvP3BGEb#pnskeI5<{cLUBh2+K}dVykuqpUvvORj)(p z#WS*3MU1*jOqM5p%-PZDL1%iT2XMB8&4AmKu9{X~T$uzuQHvd?F2Ao9$hBIg6}dTK)+d-0{NM;OFwW3Xhb558im_ z*g4}Hov)UF$l=-Vh^#b23^HExy&vowzluR?H_xq8%WPiTx0UTC zmKJI&+3&p%JwsTQ*-?2Z!Qj&^f6Hhjg+%j$JOTm1AJxBrV9(OPk)c)2uD8Kr!?{3?pQT(oa=QSX6 zPFh8QUI_-RD{y7@+(?D=2nTBQ30|5_L~%s-iPV`%~j|P!X%s0@wwe0y#4XNn+&(1fk~s z=Gv^BCvu;HwzB@Le(IQbX5E5awmUlzYE)B3{n=L-iIu~A{qP-2s^4#TZ(g@Kn6K7v z>s|7Zgsc}br5Llt6nR=J7acQfbl~=Jo+~ugT-p5*jarWxmGww(CVJLzoz@;|^rZI^ zki6IvOBl+DnuE-y1t|>0mH-86qL&+NIV-03V4Y1xt!CtgbD;=uE0BmhJ^`HmG&}&w z(jU{^JIEZE)J~GzL^o+PGa8;%Hm2|pmC1m-LNyqpfN_B0V zmKFPqth2;8o9f5G%Ti zNHzhJ5;)3xiaq$^Ya!@>4)3s~9+v$28R(TG_XS$Y z6mhMW+)D|*j>F#e!#5Nv=wlp6;|e(pfgItV z+gOT%$!p4Jn?RfnN0o)(`E6#d+tfEr*P`5Opx7vs4A$#XO~jGJe(} z`cK(wxAiWp^f(x0g;b{W@gLJgkr3$U$srkzC-$l}(a$rbIY$;*^Rrvc|M30@pW3+n z`B)XPj)WVH&*CVLMJ3c<+=V%^Lv`*)%tSFgle9aY57hu!Tpx)~Vg8~~q+isfmkJg6 zSo}y{>e5H>P~kb^e3jTxy&S;fl(+-SWji#qz^yZPqJa7go=$7Zf7>AQyJ-xyGUjy* z<=W`d67Z{cIL^lDzlYDopu~qvWqaxL-mn6xgu|KT8v12-s^zv)M-h_zi?rr6x)(idOn2_*=?A&+X_yYGQhSRVKt3fqDz z^fY*O&*zY{Ai*8NG066ag>kQ;@~ocP^*cU8Zx3J$jp7Pi1=2f9duYBFu9>tB(+4~Y z)-(7&v^#*n;2wnon<3k|N7l!`HVdzkf%im){|?1ts^((sasfN_O&GXDeL1G3>#fIq zzFy{Txz5s-mT(?v|I0ar_0&ipm zkmt423T6D3tl5so(D{nKadsRBwBsfCz53| zCU|2Fg>8o&)$Lzt&o;#P9F%Of@9Aw5EU#`p-F)Jk?Coe@zpLb}x;@BCeho;hAsy;! zBHnSw&8JF^nY6JRUj2ptA@id5x##Xg&n+Alc8RnM?)1*24qowdxbi}->-B?$__g^kl-Ln#VUiSgL?hm^k z@W*ow4@oPV@fhiS-`$w+Pis30-P|wHTpkas^MC%PPR}#qMWvzi2gs&EmkKf&e>&J82Pl-Wi56TwqF2Ob=KQjtKa*2W}8-rjGxVq zvxy})^S-^2$1*0cMOT7meRZ(Y`-|xPV7dIFSNAv*Z1r4UAouwig~X6bp_@B_9CCrH zys?XqNw@nzchU~g42UCH9sTCjLR-E`*sXk-H8)AW7Txv59#CRp#i1cyX-PoKyJ|q6E+*&nHBV*L_cEjg4RO%O0{tC;9 zn`a-}d6gkiCwrUWNjDKGx1_XhzJGIC(M;{)9dz2xrp$|F&;8=G9fYza3d6|6#kilb zXtD>E83h-ESk!^oN=4U2!R={35ZcdgeRsP_z@x@@_h*bBVapGcowS(m!F=3jY&LBs z#&VCvW$CjMBXSfz)vjGF0>iO6yXdW9fthP5(RJKK2&n9H0Vev&?H}N}a!aI`smw?@Wil1XF>E7{-a%sq0ZiH6xZkdPylnJEtVW6^?aNnB^wpR zl5B%&tANE;>Lpx~6D31;j3O1v&FPEZl`*lanEreZN3+IY4+`YH98`yeU)Y=%UkZbB zt`5^3%6e8ood}=V9AOF19|KwRf zMG=Nd3e7}=Pv)w-DgPLC_Loh7Sl@n?UuE#*UIkK1;X@#Fq_@EQ2M;ar+<-W@myRYk zKiDLzhc0G#kiO>r0kuZU&t+$S*}M{7jF~quyfx--n+^zpggITD`Ze$%RpC9X3laCZ zw|3~{mEIS>+;wvU$XgV;HAqj91`Q15XNJ29Hkke9!YU!>W65zXRb@iz;^fG=l--2g zLYN^LBKZ0roCaHn!->6T3zldl{n^&7oLB)#tHYWe-c>2lvgz6OCUE;Zk}PX_;^apr z#+UAtWDSk#S{7g;u6|BdeQKI=x=@Fynz6cnXjA27)GA$JkWikc*_n{fk%|~V-0W`m zO>_bYN0eICnrilu1za916LlI zVry{O(SfHDt+lRB(a#0NHcCkS?G;-W+W_2J`r5ri0mRM(mvz5=Pg486TQ<80L-O4t z*kfS&xG{MRfZ!skI(4>553R3@eVxlI6LycRZ|CXyP6_zPI>i;-b%Jj&Id<4OIR|VX z-YWt^T|YdGn6zhEk)&ttrYa z+HSs#5?!aRZO6wU10iz0M4Vnr4kq5eOR5OGx4R^ek@Y{AxQ8noH9D5c1WK|L9mlNg zSU9z^nca*k@;txTBXbW5_+*!TjVi$@C^xhHH=zKY!Pu;{3zCU<+{d`>AKAR_yqidK z*IYq^1Rs2y1ELYeSy$>-R#qAlB<-MW=cbADhz@^|hAQ{zS`#4|l2_&?sv(uuS+~aB zmeuIDWMPR))BH#rAvGDdb!LGtuG)%spLRD;Sq-g^dAi?>M1D_|($!{%qu<%FWV6%~ z;+hJM(XeqIZx$b&|f%SV7RTw_Y}MT6rBr(=Qz5?c8kJ{#!nj4ZSfK;Ha_ zGsM~+-_!j9@{iBE@2fzdzVCy9ky)$$4}V1M9W|OH)Ba(rCCaj+RQq}BaUG)3g(^&0 zua-oNnn7GbXGKcN-GsoS!+c+4G49ta(NOhv9ub0vM`AQ@GDe}!-Ptjx{nZ7md^`dK zlCnLLt6mglN~d-)Ew}vd#1>s5sPn zY@WRPSm?H*ZEV66dcR0U>4Y@Cd0fTtzKi1QD?isZCj@^)n6}|l(%80*3rP}UF1jA8 zbi>S?&E#NAvHuh5FyA)$*Exhrce|Bi4wwaB*K%RpBVbteaFg%%^u_pqW($9>a-KHn z>q-L**wcM{SJgdi&F@f`2_HRqnei*EF8YcG^Wp4oB@?rGC;!`N4F$X-E?O%35+#Yc zC4(mxWgvRQPUf&Qb29#I!_lANPdL;B8z{$)u(us+npSX4M~f#qx9Jr8$eLd=c=NX6 zVB}f-R#>WhML5Y=Z9D2^s8Sw&s;fdFK+@3r=a-z03;CNEw)hBjvCyTXV91;MVqR7-!%S+d-Fsh_+5V!kRSCQ{C<> z$->i4a2Hr0(Er-#b9FwWnVE)HT(}hIv2>SqkpbhmRyj`}tF8Bb%hfFda|a=tyv%G4 z+*}ndqbCosGQH`(kcL3F*f&|#mfCz^Sa(gXF2P~&dt;mFWe-f-J2!XjX5HJw#q0qa z&XtM(;2d?SrUi{xO-`uyHd7(IwP@Ahb0`}tPwt&OekPX*gG+8t*h*^Y&%7gWf%-E_ znx>rq=AQZPv6IP&-G|$=iL^O&Gbc6(3AKU0x|j5c74jP7Ox3 z_vLJ{i1yQ_H=0YjZ_+b?`;0dEvJUrx3y+G4pM*`)*qsD*IrozKn=GNoSCsO`ldwHo zL-I4{ndP9a8t5L<*L z=!mg874_?N0rt6xU|(g6`4}lu&(PRPD(>?|iBhrm*8ApidG{+oG#wp$$HktEtuNBFhoD$!o)eCn5o#XK3J6uZ8`@Ps-c#ArjEc|;9i@z7 zq&i}MynXA5I{HTAP|H^@eO>Ms`y#)R;L;q^gBGqAF9Y%|^bq|mBQ~nFR;6sN5mI`| z$H~JCZpDo!O?Yp&ls7(I)rJ=;gu-qp4uNDHl^Y~#+F<^OLWR%&tkoq)k15ySJYY*@ z!$bMA$B+&O8I5rmmACDFJ~tow5WLQ+>u!5CFFw<1Oy#A`+Rl27XbY%2 z=YeSY+$_n*U?OYcRX(d%nL|4Q$XoGDTZ0e!%PKS=kprr=L)k)#bp}_q#7UJQjh*m5h?}mA;26h z`8J!!T6ndkeM5k00{PXz#rU7?MEc30nTGeSD3e9|Pw+W-ZEd>_E32iRbX>qiDj>4O zY=Fz!b-Dp6mYo%n-jPjbG`#A^H~pjs(FDkBZLT+Y7)cj+cJlC=&ET*UWB24|5z~=( z!EP1B>y*ye-ZcJa+eNd}H(~Lq!$8&ONzaPu!r!iE1V?t-q4pgo7Kg_RPWKfNz6Z%N zpW}&ejf zj)pw@q0x_^zI-lEW9B~&v-dP`?z;xb)iX*WANw^!Tapn)r^;ezjFNK`$|VyR#)y4eL69sd&*e+ zu@o1b13_+}t?|lnf($SOKRO%*Xvih@!gnBtg1+>Jx{Ri_e)PGNkz*#CwE9w`~PJYd8>wt7qEv> ze=(^Sh7EH0Nw|XaG9)6_%1h?{1)bOekn=%u^~RxrXdqW|d&2N1n=tH*!4ThP=^!=X zUygw}+9`|kw*hc`amoNw72$~eIy%LQa_cNkW@NAxSzC6Bn1%2j&(2+bpme_i63on6 zKC*e7?ZgbISfr-ich*J{p-XfwN7@ylq2KEX^tj663)3Abs}|WKUX$-gBEW<3IX(a1 z_KxOn1DMJb=lL550CF3o0uM6jHT~bh#{X07*_Ek!`73uB0G>09Lx0C((u>pM_?HSI q)4%RF`2UaTodcx*7y5*uXP^B+lj$qc(;7W`n>5sP?iJs)3iuBWRsyvE literal 0 HcmV?d00001 diff --git a/versioned_docs/version-0.2.0/assets/img/bookinfo-shared-version.png b/versioned_docs/version-0.2.0/assets/img/bookinfo-shared-version.png new file mode 100644 index 0000000000000000000000000000000000000000..0efce8a0b392e2ad22f4551ff729a846b910a630 GIT binary patch literal 61305 zcmeFXXH=6*`!{N5yA|16R0M?BQKYE!E+QZTK?S4+P@0qwdZ>wtiVaX{LI@~GFQF#1 z5RnpUkQyL_NDUz*k(K}<$&34Wp7;FMSGq3LgjfMY| z_;c5;UBV`}Z{6RuYk$hFU3>ocr159wb$Em2sR z{XC*M;)!=$>czXS(Km~YEDT9m&FmXX_r{&gH7>9-?rZ?kGY5-s5*nqg=w~{wYHm6R z%lj_wFTODHreNQTwnO)x|8aB{xB}0tTO#;{sx_R^S74_~%G4s!z3>YE%?-wxtub6{!dw0I(cX|(m zauWbg^DMG-qqo**gZclb2NGTD>73j4>-%SrYr(f=bfgAMEMkKP2LF2%*`k9b?H6-= z5Bp8y-znbGLdW{Tg$okb-Cos0E$lp3%ZCRBvP0-2Ud_+;M{pS!Y=!#KzioeWU?*L7 ziRq$nCpj7XgEASPrFA00E*r;3bJ?^O5xwANU3y#n34bU6njFmp3H> z|HVEMuRQdhh3|5EA<_M>L2n#rTFX_WwTfB<>yqpnj3crnx{X!;_keaC=NBT*uLZc# z16Dd^EM3L_)$4IA*fsp;x2FV8Nyqhub0J|f?QvT?7Myi>ro$l4J-8mLg&3ZgK$Fh5$?%9KK@k>SOXRs(FQOAf{fhi}RZxTOzB$n3h|}8 z36?J%^-CWW`9McO5*3sH9VGG=Png$o&PDT!f`DH zvD8#ly!x{Z30LE_$pk$?6h?U$a&}2E+Vq9N{S{NsvH6jw6dOEqa4z^DiHUH1(P)Q+o$P81DJ>Fw*(9 z$%GnMo2dQT8h4zydLFb@b2M(jC!d4O!EO6~aq9G!{HQ@Kg3wm;vAMZ=paNpTov>Fw z7w*;bQx1iEAJ?PtWgckduo=v}#%GGOmA;JZnaBqEKqlB;(3NPvHWWEdl{@z^QWt{8 z1M6L}e17ZM7Ze(*y9{@SniZT8;f>O@7ahsLIp<1&=Y`Y4V>MTqyfEy8?M;y)2aFcX z8B#Xb*O+&8>Du_9Aj0|-tvPUf`@2R|WkB*6T{vvvC6- z|BOq2P+TEc7PF3WS`1$c(5%PnGPc9=H*+V`BIu*K#wHCIFRmZNO2+H);~&3GFyxPa z6mbyw3I6mZPn8~*tLRN;l7Vsdq?*}`Ld9e8Lng-9(yd(K@dd{VoFZyIYDC^y+d-x} z>hp2MrUGlglC_|5Fr@tz{Jzs_cSQ7{Zb)}ny{@Lby{krcZv*g$yK{rRCugiARa)Sz z!%}+@HSG`jIb;iKmcz&Yn(x-JK1WbDGDl$x;J0+G5=3=#oAZ&SjY!4Cb>W5@AF3*2 zG2|mq7lxXI1*Gwp+Z`gHEf*QRmmr-CasND{4DGvEPGec>h;M-R#yD=Prl_Hw;WN~Q zB}Q&Ot<)KA>Fl)jAwt`&o!9ym;gu4?Z7kF5OHv5x2&NQDH3(f$5#^S%V^eGm>cu^ zkVMaz?>MK=shG&bn!|&0h6Y1H^kVzFRW~f;oxdFK&K#N$f}>t0M0$5n74Bz(6Ep^C zd)N$ub#t$pmm99setFbUhqQ3vYtRthJIps;TF@O>YRgZO7R))Xg%$^Qy`S>#SHM!r zZ$e;?_hK5>rVtlJu8epE39X!{-mJ^DZ>m55>#D7wQ7pkCLKHRNp0g6t6%e_;jMu96 zK~eU-T=zoites>;axeFC$(Hs_-^+Xo`J5@wwaiXWrb)gm^Y70BYdX@zu zvIZtLJ+N0&=!KM*!{r8xtA%GI7JBE^??kW)>$WJl%qH8rGk$&Isg6aK&+JxeW@!Va zgdhEqDPDxV3EnhkK^aaEQYg)9>#JFchU%S1iu`8f6N6Wl;&R>0p1V!eVe#`N!tW?` z=3*3U)K-_GdW+7IWh*(dDAwFT%Z9Qsb^mzZb=rC!Vl96Dd2d&w^l^l$wlT|WWx(?| zJx<8e+s}WqpLuD_^G&4m+!28LfyuC6;z$h&652c)CC_`9o9U$PFP@9aLHb;mwyFr!h4Odgzj=)Hi-mnx zkwNw+2GatL1ofX{C&Nef*O96p>BsRab+0B6H4-lzF5U!}9tM&s^#Oh=Gu*7tiP?ko ziQ^&!{}bV+<28->IQ~3*?FUOxWTWOw?3bDMna#B+noWWDj6(&6&bn&G4N%r<9^@{g zk2M&bfGd&Wvc3B<$>Ug`{LrXcU>qP#TZ(LI9Nryr-nWkc(#q(kQ=;quku&xV=jl~nPV z%InJE)vLlf{fLzK|CyM7EoC@2Pf}A(a9+=}!YbFA)%vW5YlqX73U3=4I;qWEW{k2w zpp_xeytgCAl(L9AoOhF_Y;plkj|MQl{l=*&MZTXBPa;BX)9xs)4=8RnzFB`c8Ll?A zh24*d*sRLJn-35zR9BWzxzX}uMGm!nmw`P5tvpPGcYeC+xc#?fRd{vpc4T#Y4Oqfc6N#dXNrcz) zA{_xpRktVX4KXUa`fH(m#vOFHsW(d1IK_u{4mTvQq7*M`;QF&YA1ok|c>24F-1=O9 zm+I);6dkRaXs*+GkA~qUHU7brHPLGT(^T{U?JjVQA3Vr(E3+ac+6JlHnNRlu7Nc1? zES|YT4-QXnO(ajL@7+qrg4rA5sa_LvGt>2lfLh~UPoek$*4h8~cj{{!`YM8;M|yT! z%mlsrPfL-$K4L^g|CrVgy`fLnT-O9T#}R~wx+r*L&5DJVVXs!>+)~G2eq)~Oqe13i z=Ho408JCID$dz?&c1!7wR{KH2FsomK)k3toq}W=XmFIabn(@9vwt4hz!WGBP0e0i+ zGbf7MQK9HNXS4{&A+u8g8%5G4{H`TNF0X24i8=y$Go(|3^Lrl;0F@l#E(Q49<|371 zlGPQiW_UL$`L>@w?3sjV^`rPPMn_5*4ea(fN)=Sz{2+a6eC$_RL83jrv|r!!wiy8LKDC`%r0& z!~6A2A@ZBAnRV36ujKDGSTEYb|4c`k33pU=6aBa&z2l8zp)!kkbrl|$zT?vJF-yvX z0rDIaqj<@CJZ!glMr-_=4_T`vn63;&fd_J0(x6P=&cTHvf_RB;^>TZ5 zMDvKB-xR6FAu^;IsQxALX6{(@BEprf3@`EEPS%^{uY#k^6-!17aJ)Izc+qaz+Q91g zamj|T&?4W}6Uqg5G25hIbL_MggPnuc=Sr+k&SO2GQtk-tlz5z3+y0oL)fgP@!x(2F zGm>iYt~)2f8bBwg(su&Ip>NFwU)6}+{2n&^I>`$t z`4ROpgx*L4cab8l95v;%4MbNw)RRv+r3Y3fOR@)fUfDFSmjP}$?bkv1Q0DPMYi=lW zh~R>8ZP1neWruV}7>uqpoekYmn;g=L%+=4Tv*JOQhL}2$)t(#$#%RzR1@*`$)%o}6 zzLL#pKu;noU}bf3Fk)pm;cKGefLI@+5DPPRfM2HuecT*~=NN5>O~|c`kJwWh!6|$ zVRb7hjJFQX9~o$*K>nx{`aouG-;t}EV_;&HgBB;F>=1$BxpK6>sP`#tX(_a+;|_MY zVk~9qTnLc!ElMk5A%o8P!C}>!WHCe?WTgIQB7Ygt(2FtGvx{sgjKzJ1jHh=dTdw(^ z|HMy$ZFaYHWjPl0MKX?SnQi?veVZhp0&d0h%fmP0VEmVf3x^|d9Y`1>K$y&0wtDX*Hz>{u+Qc&Bjv1{D+;S9UO%Xt8CJOxX}$A9TVle-El; zwOabbq-gWv*=+7Rejmoqs(&FUgn40RJq`jwRdJVwwfeRVAs$Mgqb&JoBghi1@XU)g ziOH(H;7b@!y_JjDoD1-%v8A^#P41$@I!`Na!3Y8;Zz#@f@zoRuKTA8TuYB}e`-0pi z3vc~!#KcBTIn>V|t;+m6$9k>Lat-;hY8da-hZH3NN5!{jN^1P#GDV5fAY*4gG^1NH z$MduzxG@LUWh1>ift2qXSTY&kv&X zeO`&uS~pxgKVW8?De0YIg^F!b?TBuMxom1#)R~C%%03{QLB=;d3w$$@^k$WzX-~b# z1j)a}t^zaXeG;Xm2#qZtN=X{j41>!z^0#`1DG#Q+CU3k4pX9f^a&mMm7E{|mWe2V6 ztlp2FnqCd|*5iKH@nWUC;-hE#BBqcD$cN6{L1f8y6G2Je0$_`x5fafSN#ZUk(h;e# zU)A6!0f(!WyIR(dc?%pSO=T@&6iJsq_NDr6cN!+H^-)a(8@;E7_fPtz(p1k6a}I;- zZ9h-tuMG!a$(uFMRCE*Oz6Fowg{9q^0^yNP1;y=|If)5MgK5$A^c?8g^guZ}gA)SM z2+qmmX9Krliz@Fh4shDm+NTJe@l>5qYzPwRhW0aHN9yx8NN8 z{JkOXLLbj~pxDIz=ww7t5?fi#iw=ZZttE}cskmV+-^X5Gj5kuxM3K*MmVnxF`77h1umHo-^omo_j|I=ZvZXUTv=FPcD# zE9Mt-S&gelp3a@K#Z>j_BEDUJ@+5I>b3iiV+e(WH{7m`be+H)7;I@(vh)6F9hahvf z;6Vta$!WM4`?o~iYv7%fl zb4s226TeRmsI3SbqWJY*UH@lY&9rR-0JsDV+1Vj=4jehP0hsjMb#=>op(7~dK1SGn zlT+i(Zr}5JA^u;vT{cbG85tR>`orvJWn=lQenJAqi=>L<+G=s!lmt&rAbx%$EEq?N zsuZui1CYJ{e9siH0pW4>n)b^49%I*gvm%#b)@>8~hhkE`9?$E}KP=p}>qmU7bi{2L zWbj9|=Nt;$S&bZ=sP_Dvuu96m8az3iThtl(l^rm@Lv05Q2 z4)*qI%|d_$pB>j#?SQca;h%-?+I4y_q;dIWC}Vt1SZZtuR?gjPTqa#tS10)3H5~fi zu+M}cJ_&*=efDfmetV^}&seguaNU=SHa)B4KZ2UiUB(&<_`F1P#i@)}!2_b)uZhf^ z(OPwBUw_Y9VWCO;J>^m&uzqL0f4%1YG))+>Jp%l6`2UtHzlnCri$;#u-C9`N!TkS~ z{`yf`gT1T#pX%-aMb>|i^v^o`{w=1vcG>+~ZFkyr{Q1=V-_374*s&S^ey+Uf@^9dG z*Zbpp{*4^(dQ$S&e{^;SQ2uuP-;GaS`TvLB_5U(K?qD9YaCdC+6X0Lr*}x0kq2UH; zi=~y2<3($;uVnMo3RE?hF2KKss)2vZbdMCUlfm{C*fyy#Y{N<*x8U(?T799*=fH%| zvWNOzwdI`GokhZ3MGnY&hs{H_`km2_+kj9r0?l)=-^3u9egwTfy(+OjdIEAzNXWMcj~U$|ZBUhGXBrmgCQn^-IQhCJ)4(=fi=7hI>~FjN~*JU`M@5FpshkhWv( z&scu##iy^P+tLptM@liI^LO(i^N+~>mO!anaXUi!WbdQ5-msO%BE;A2XNOc+U9icG zTSE8Z=29*WZ~N92seS4rNBVqEHCl+w2^zj)ukyvPfoQyz6ApPiW$f{50albA@#Rh6 z#8Asvv%TwBpAA8STEHxh!B#L{jo7NF$U%hz5X0#S1+R&@uqJu zu5jMOgDR2S7iI9UYW&$1#X+6@G%A=+50b#SrM?u=wX^h-F8g~j3_mIVr@$+DzG+r9 z_u<^B$ajA#oXmrWAt&;{^S@Bu)=l=ZP4%{VCmW6Qwt6LW>M9IFg978#NY^JxFp?P_ zV)K~bLpoOR8XMuWwrOC!nQNJd<}^mONRW9XOwAe=Vu&B!Y%%bu*FFT@+`Ibv6%x&p6H0dHf2=Qy$gc% zN~ROmz&x^{0eptzeQ&T`zMj-$d0jw$=Oe1dTi1~(C}HxHr-B$lUxRd^9~PN%L%i4e zbL+**b9z}eo0akv?6d?%**rtb%7Iha&Z7ptuyiX5pIfb8oK&kW@06pE`11)%Y`vVK zWJ&8FR#4FfUKPCPmEz@N#+uBXQ*6wWoW~-|k@DUJkt22^=jhPF&WSx-@GavJ$lW%q zsd6r%C#DNK!F~f(Q%R#`^`CM`)GC1AZp$ANX{cViAo&%1Wo5uf z1W$-+VCqk(*uWx zCO{f{&A)FYr=L_8%ZPqBs0JB4SEIQ2QfQ>0AM{%rG++H=2!w8-RZ>cs5}>e5=4FXl zRsH@-gBlT?oHxVrA4}J_Sm&&Nnt3Xh4kR@Yz3NQ50MVIDDHd@by2j7hvh5kPCd$*J zCZY6~L5-}lyKaW6RR~4fQp#Jk&OL@%7GV;EFb@?%mP9te%8URkLo2-q2W!Dfs*9Nt-HPat+YSamG^pZ0pUL{TVvgINo{M3#VZh}0(!=HiHDZ+ z2BHj9ZP>e5ti@{V0B5#DFbv}mnEr#8#E!!sB&V(=O0sV zFDOq&nOqR@yPB&n5zrjIwVb*KAJk@=-sqCkS*0v!gg4*TQHOn2>SJQ%J<=kp{eei25*4p3B`@c|!4fj0bf{OPvH0bQszy}&Fp?UE z|9y^VHv{~wNvD&82zK@G5-}@uJs@YAZs2z{oTI9;&%0N_VFfK}MbJ3sT!lO3>y+IP z7@L(-bcL(YJmub3GV-U|nKz%IY8!0wJ+Cxth=fTnK!)!Sr8f2WM5 zeJB_Ht3kiL=<$z%#j+p!bF9}jBugf8>MS-@oqLU&)`B zr9Mlv_N^MM*0&h{3H{*^S5$SVPyF*+(ji&Wy58J@({!-~_sgN1aS;D|V>7@alPk z&Q5ts?hQeDDf&t?vcRiLLu&X|k*;}n1r^ZK% z!A^+ka1E*GgN|=gN(1-445z-Znk7mf>C&(yYN!}F9D}KtwCpngJ|?-fesfJ?MJ*IR zQ>`)QK7LZQEI(e~B7TMuWzjuZ1=xCg^Ql-8@Gl9C4$yqPNX>+JmHw5HF&N}{JUVXu z;)1TND50vEu#appc-(VLn{kiaElCc@Jgx`{+|#ys4)_)#dp<42NIq!KjB%QFzIx{V z{6$U4Yh7dqGmL+Iku~uBh2oWMf+u&{HHu-*BR&q(C!9&k!DSK|&>X|s#Bzjw-Bmz?hs6<=GIsN6| zn*VX1r%sDSaQ3YCw zNfhJry12h6<#4D~QNu#efx6xRWynAkEa)T(Tl_-x7rfGhUVWz$#_;u`$77kXEe}4X zFEBd9uh}QS=w=}39mw3Mt9!hcTXbTP820P3694P69^70wmg~2}p@m2PgaJoFj5$dT zVrwUp$tjH~UggE7Xl5A?n#G+M1JLvgG=emIwEvyBsrA-s>TzI6M26Ae1I2n`KITAe zmL~CP>8rB9g`)c-}IK5SA!fsk}MN^M7}O9F>yi^jGn5^2P`$eWO?fv}G*1 zBU3F>zoVWf2B7M~U8EjE8J&4J`v%5*K1JSsgUBv^ttwd8k)NnDzB1`Oa*=wZ3PrSv zsh&n!#c5(54|9Q%(%kir->QMSz!oqCGJjSyW@}N~6Amk}?oZv-?h~fCt}7lexhp^X zWyckk_lwEl>!dOxPLr&Jm-Eq2PxbNPj05nJ;}A{P@$2~9=7T?>#LGM-M`rUSR063f zWbi@hDD9nB_t(jkHMPkQ8_k7~>CvskNCo112SL$1oP0R_O4;c6IOB5qv3SeVKIzFl4?VaiG zi-f0ckyn)?Uh!N;aB?5l!glBjmapz+OxomRbZnkkoYj~0&u(;Bza92gN!ID@1MSsJ zl2eGEUL4`;7(=)?m|K!7o3WgoQgaziPLA{j1U=tDT*`6(#H*)P>WhD_#w0^nOOy6F z1F<8Qjy~24g$|O6A{Ia@pZd(B4-{N#J48GB;*D`ZPty&5>Iv&@qGkH>P0O2uf604C zfphaF$e-;c)phH$nxJzoYMmW*E(Lzo`YmJ+eip7|uKDMh@kI*`Dqt^suf_1!51*CNvRcgo86cHE3&J~(3aZMVwu@8PJfIR3r_PkoCzH7tOF&^xtCSw)f2@P zOFblD=676?_2%L+Zs$lNKTY@}$8xym(9XS%&^C6!@^CZytHaP;?mIu2N33MEGWTNN zk|bj+$4Jo`djMG^gbPWL%;1cs_Yif_hJJ5Fnc93+suYP#e)({-ND%SSpXyOX7PzBH zFs8~~&VnM8mgUn9g;A^AhF86ed zaL+@l>TgHb_>6mXsvpANPE`<2Zu(xlf0BM_E^QCGd&x)dv+nfA{-VqAH8E2V&mtaW zd)!o(*L%RQag&rZmcuP*TssSbcAb$*7TUFI<5qyo&h1S9PaWbK_6a~8W6M~noQX_% zZ|}*OeR@IhI!0|Ts9wuBcX2Cp#F3#mch{PQ`7ia$)vig<>WR7ZvayLfFM*xbV>M!n ziWKvsR%oDj8CSr#X+18MFGbQx$)DjqzG=LgRKx62Y`O)%tYt|=4mi|#2dqG1y6Sk` zh5F@-0!*7wa%si~u|*E1Zgn}Q$rRVWN$2mblW7337rFK*(GB@(qdMG zTLe3*&m@L$KTSjInR}=WYEpuird0EjqHwWbXWJ^zDyaC47YEma>^D|5d&B6Ll3_vb zx+=X6{to-q_x8>&n?KwscOlO#UkKYPnlASyDj zl9_hv?(cW8ivRoG@RrCsnTV>E; zEtz6j!~$APQCPnu`&MSbU_n-iGWT-!o5vBqg0h3XxQg4w_HkRukwcHd>8BwGR}j*B za&;j7)du!k#_p8aF<77pmWc-6J(q|AwraG zT1{Vb{Sg4Nym+MghPavf2tVM{#toOHk8c(#{zw`ASZV)ArU3 z=1imshy1XYlqJ-uV`u|v(A^B0#D=zaC2M6=W|S57x84)Au4wDB3+?&H_T zo`NmDcanB%Gh+!*(=FD@8fnT&=}2B=rs@(0G=5!tLt5i@Uu;?ZiO?FCF^y657xT$I z?%O{!pd##52pmPB5qeu$y#%sY?4kz8gx(c|*SP2uu3pd;Wz6cYO#TH*p*8W(cL#c= z#Fn7dWdLu?c)sOuW^g&oFDU0M# zb49cXrpo*nm|)qlZKF|Tn|u!YJn1^pPw=8lZs+WkaLs3Fm!uWUtmt}pDW{=0;of>* zy}~7!|DT0xQ==LcE`d$T3SpU6MIDGrOO4(2fnE=M$?L1#$I?Rg?aLV%@}ez1vd$&p z0`RAQ^e%nO=|5wrBvQ5=-0`v8J2u(tDH$V@+72?kX)y8SG27|e*61UB5NgS!Uyg_5fv&_rety72FcC4ki=r!u#_o(e(vB4>cx5^BGTsX;TMut zOT0;4-|narM-qH&=i{px3}2Hy-49=gnYO)H)~b2zk^H7tWU*Wf3=!>5;F`YS5L+&U zW^io)9Ms9DxIYgF7N>iBUO{D$T|dY8nu zCmuZhacy8x_-P2_9$D6_$0oKw-LG-1e%J$tbj5uf7`g?61T$UFXv>aP|AU zBc`1TpQ%92QbR!=8iU?Q#kyKWb;*67tV>>w1??gIjU%|Eu?3YUv?0Ek&){isdd5cw z#QAnVH2&Yhv07w^xKoJ7h{4`M_+Orzt`-A=|mx@F54GD)P_=XnG8ApSzF z-bcA}*C?;KikJ8iX`4|Gwgdif5@H0JO#=RKR3q)vu5z#`PYL+-Nh|#7+}&aZ;AG;d z?h36CCtm@6M^Vc=lwsQMZk$j> zYh)xKg(YhDqBpBk7`x~B|z>Uz8z#TeIU4Q zd8#yPpHGVE=?lTUl|qfKTsgXegr(^pq#|kKS46y0rJ$7e?=#o5+3rwA;EKzzypjsC3LR6BM$!D|}^ytoccbB1M4ccp_8HYZGoYM##L zFC+N60bRieiuu8TOiM%0`E#r^J=K$DqNYM;9@wb8KI zIUgaWs16#Z2c`Rj7xBbJ;d0sB5e22Gh8{a37YZH{`6ke%mJUpwoYe4}r+?*s=3RCu z?5aXy80*?()eFB;B|(tyjm@h+(p0C^94Epf-g|*v!SoDNysy;eu*STlwW` z=?Dt~(uL1K9wS%tq-@7Equu<)C;gRm9>P2)&$pb*M`*~aS*UG)cSuL7eZuKks13&Z zBKe-sA0`O|A9dQ(hn|~Hr>aNLKmn{a1el{Xx^agtEa1HnZ>S3)!1cy7vAS3JTzK3( zbc@5Q{^seK{!QB?Pf{H8axC6C{h=o)rJ+fZUpppVnX%>^5qTzHY#pxB{U#U1b5*Y| z*_e}Z#+-lF4c(9Fbv7bRZESPtzu1Ps;ryo8b7%ZW$ZerjsySeSeV$gq zFjr3zx97f<>BXDyGjl6tRXHk3M-aH4q^OM;3A%iq>x>7-($*ermcu3 zgg=TvM310N9pO>bzAWAfqoU_=+9cnkNw8;5;c3;<&uc+!6vh`7bs=SQVa=p$fAic0 zP^iE9H%j|L<9?QO2DiAn_3{M%yJT@SvLfVli&I+MJh5_SkGq0xUdgv6FV-h@`WuJP z_YG3b!D^7@?sx|MIZd?dlXLw2GR23u^G6z}PQL0ey&4_e=Ii7X1ZQ;ZU<+_^FIQQA zt8pJYV7kKORD5Es9(JlV`Y&=`FzJ1hndav0ka*kXwbq#h`C@b37_Me-s1{fD;pEr3 z!8Dn>(nm)`aT)u(MkpS22U}j_N2GwG(0+G}C39RuXc~RSug>TMHNgI$`+Zn8 zm~d#`p;LpcylDlQ_mt0}-DZug+M6xQ+arsT%t1TB$O+`7X+d}^WFcH^ytfC;pF zO6tZODWHNkYNRzcC=Rq{Vz*lX4psbxwbz?*6dPDXxwg`qtoRMuOstYE)Wr#|p3bRduveyYYoO8^wAc76SEC!B z&oGjEe=eIk!Uona%&XMCYo*_RQdRQp+AGN;%$U~eOAHHmR&Ds7B}$zdCrEkEr=G8# zsYQ`yb*`T3@!8h3n3aloT(`DLha_O+`!_}N5=bXnIt{j0o^3~eh#vbh#rXK_2n3;W6%Vep!)&_!Nf16?IGwdFJ?uIb%RoXi=dMz-HN}dw-k~ zeNDHXRw3c>p+499kG%Zj_xsC1_FEr`guoe974=?FZLixcM2mkr=k;7++$&iayUfb} z;dq|n8&uQPbX0b?&=s6l&Z2McgqTgCeT;RuyPjJArLBl24In)uz2QTuYWlj!$a(mf zQ{1%MnhGma_qdx=aSez@t?qPkCD7$@<)w%^_0Su6kC&k%mcRCGBoG)v*>YZ`JgLa_C?3u zpbX=>N8R%G-5C^ z^1_Vbyrz1N*=7L#Lg)4D36J~p`{R8)26{acVxrGqVUPMRq})jsUX72D2}OpW68Ry+ zW0;wuJt|}}`2Ik&h=-PW1cIoTgjuc^( zui;4jjAc@6$*1i$mFP!ZamRh*Tc%W!r_nMajo6MRHyNsf->m@K` z^ipINspD7rq#Z{VxeUsbRivpCiEHLQZd(rL8^9fT+ZQ_)G>^;W@GI8fqT-j)B+ARj z;uWNysO~hGFmPNnE;rSWHDdDd3 zd}^`Agf%sfJa^re>!LE{SrhL0_0+zl`q^;`y;vqJvn?9x5f-nhb6T$o34vCdiIoTdq!b> zjJqOHW@U5DJSk}Wg|4**xhmEf2LvW6;1|>^`*7bfuuf!U$ztry9gft8G1ajZ%Yf(_ z<#2sp4RNwh$gDIs@x%07G?Nen`x&nH5sBY3Ug$R|E$PMnMkW_-nU3j~hG4mcZI0KCr`v%Ucf{4a22{Rp?x2i`nlwK1Z z)h=a-bLKm-0Rbc66~BZA!JIdq%TT~T!F_K8w?9NjT{$SQ2Y~Y7t{Lo&_R-Iu0ZE~C zRHJEtLk{I~VG0STE7_wm{I^^zQ2gp1;$gLorDQv$T<*+3bgQ;|+M9-hh}i?N$S3uY z6EpLimDI4oXjDD!sbOu`#Nw4b?bW1|n=u zleaG>E@rlk3Gt)Y35xvyh+(>0S7xNZz5d%w1n6>b_tzV9&xR5-J!E#&#u$ZahdHS+ z0x)xG^?g`{2l1NJPqzTwX5r?3SH?K*i#}_7&|nqThL*%yF;gd^Mr(4{`=I-nPA%7%X{ozcdRR$uPS}-qNxq+_(Dl7&YMzI}$t>zT{*v!E%wTy-tDW z=4FHt{Ufsydm%kb!M_@MKTK!peJ0ZfV9w4uo$(L9Lp_blK7bjNkgE>B&7O^>2A|-i zEwo?&6sd`3vb%j6GFH;dGk9b3@hO7CvajsyD3Q4hDf!xX%`H$$Gv|G0WF1z)eIvG} z3@38uLSp4`1?yEX$x5pimf9vL>tH+4T~g1MpZdv59x5$N`X!cT@k%gL;)b?aEoti7 zE-~-p`v>_v4p-Z4w-5Pfw;L%w@Uus8srwa&oUpeeJGTZ7W4yD*6Bsl(*o{q3mTYhh z0%KKEljAE7MyZDVO4u*dT5ii|u}y7!nHjX(!Xc-!cvfcUbZ~>2PwJRUs_=Qu8di_p z{aT!wkkC1*VvPrGRIh2%`Ombd<>26^_}db}2?Bax{xW3bY>+a((48&?)%#ID`VRVM zU?`E2w9RhwepySo2P_>en;MevXCs|mi4&*K^Sa?j#i>fpo4{{s6{>-Ou=gW<4r_{R zVA`G9GmH+E*1FwsVGNl0Q2oFLgZ2J7ApQs|>eYT0`SZQSC->@o5(PO8jvqP?9Zf;J zE~^WziR^piQy!+0D;jgOztXcijuWE-;zl7`P>wDM7(fRF_hx^*Z&|d^ie}oa>X$p- zvUko>-?e3UaFTH&cNc1AAlZOR{yaznL zsuyP9wCRV*Bg%Xc?FQK(@%@w})gNv#M(l)-^O8A!al9Be8S+dkZTx!BRZ!}YLLay5 zLMu&@v1x}{ST@Ig(w$?&HZgP{p|u%+Xp!U~Z3OF;8TvBCu|aG!--BuP$2=g3V=pzR zTE4XX2avt@JMV3ejPttYMms@HVTdn+5vmNk)kzh4pEdeYM z{gG^7HL+GEn>jiiXMT)w?D=F>voGdE)#}maJTMrZ6qzyJ2@`fquzXu5%w1^)$%gJJ zukcX2{}z7G`EF#m=G_dB8!zXycFzU(zH41YsN0DP@Xr)dLOzd%yImZ6`~5KWZ5vNN zc?rdXRqeG4+Viv!aL5EL?AIH2GCyT;y4-s)WnAmmHw{sgV8#Vr9R?tM2&Uv68=$p}OB+)aThao(Bh&ed2RIvsg6t*TYma<#RZCQ{ zhXsKYX&k!>@Z7W~GXGc1_kKwQjv{ZYLph6muQwdMd3?1F-QGa^6|>Umr@1G=(GD1N z$fJ?#TBUDFe?~v(XprIIY(~*I!VG{y4v3~e0IqMF8h?nC*Q=Zu@bOF|D1+O`-^5M! zau|+?XAmgs$GJtLJfec}_s!(ScHl*h9Q#xSzU1OMplR>!Fiyg(&@(`5)ze?cC6{M-N7t1qkMIykWdt%-?3%aAvB(9uPo;Ce7?F(iLB$;MJQ z1|Bw%wI2Fl6JoO!iF#Kyce$_PNl8=p_1Zj5+?DP0rb5|sr#iTwfdfqFEf10#jR_}uS1S(qU;P)1hY6M z6@IHz__QLZCdWKT3~lma+@0kynsoDavJJ~A{U7B^+*{v1j1U-=0(SflMvOnuX8ypnO+wN!(W z#J;ye=;gp32RZhH%n?TU;O^2+@$K$h(Hp*;ga>0iM7H`Z=>q@pXYuIaWFu0v4>jx4 zbcKwdzu=8+ucDl)`kyK=_+aX|+kVIoGjT$_qgxmw@K!?N2mgem0&L`o`~wq9i_i65jN&kKu!za{2|9G7L&lbEM?)$&Ud+%^I+y8&K+l``2)o9&av}&|gYImVZsJ%sN zkJx+Ot+2`L z;jeGbp12C_<|F)6{L&yWi6*g7y`d$P@)Y393yWUy7?=%3-h#W4DgYv#h>f(&Az>;8 z)x=CSJubgBVIZ46s4f(;kuqcA;Eef*z;D&vrwZ4qdp*{iyl@@;>0>v)$%3W|PM3jE6`v5D%6S~R1;DB@wHJ^}U!RH3snp8M)_F>I20^<6Z_LP)J{itK zD54)ZoI^dP%*xy@qB{X{)OfkYwDa4VB2&}{#TB|673Rfi%fI}-B=vNgXky*t9Q$&O zs2^YK85NW?^Yd6cCvog~8L(>g@LPK3rr&W|6;DALAsEl0Y!V}RlYLhknXN<{$RXEL z!Rl;>msJnoS4-9Y>=%jX_iacErzZaZ8`CWj|1OJthKDH85995+AFq_9tqLZb z^2eo=$JviNwXXNz-p~+pgLMOTP(8s!-BKl6ZqKOW8foL{OX#jk&S|!@$S$myxC-c8 zFXIATk|KI_}29-w2J0OrCq4y2q-_vWZv@rck$Sc zfdCDnISb>96WkELIo0w@;4a(~-S~Z4;a1yEIinO+oqW-=?>XpyJkduHYO@IYY#k14>^WL8xoo7 z?|<%?I}Ct?$NN9aCRhB7{LHGWj;0r8r%Yyz&9|ib9Ozer=H)hNz;tVMxkj3o_F}7* z9%aB5mLu;8N=Y} z;Qt&h2fNb#aDy?bg<~qi}wt@U{w0NB4ZJ<$&utqL-Tr( zt$1jg)4i;dx#hQj-+m=KLNi@ImG{7vI95e*y@0PWS$dEY4>79=p|KKt?Fq;Kaa;vW zfY&TYk}Y|m$s0QDbK_1$V>zN9!D9|iUIt3~M}Bk07dwY#ak&JIY#%&##zQ@G3t-Wb z?}&`atOpl8rL2o8=cdC^ElP0)&zLeam5-wcR+gzX@7q@b0FhDWyNS1UK7T%ag8L_a##1Uv#Sn>Gx%ib?FP= zg_)EiK8k``r@JwCY*!R-o&&p|$ZB;HZddoS7`u%YJ~H*s?vrv`FMpdJm^a7#pve)R zH-cS*L1{>at7x#nLF3se`?S#~uY|dk@8{TX@J4Ez8DC?M+^ z@83rxAeN}T3{A>&m)$u`q1qA#y-EKA4fs<6vQN89;+kQZUik~vC67c52|Q7CORv!% zvmm+rhzbS2^Ml}oIXCpcvU}=RH_w9!S0MSPyvizYwySI*U>`F&ZxE3y_DyYV=y$+| zD0IXt+6FmNyS2M-sek2Q>y1!53p4Ka%o*@Bz6-`?iaRKIDRHiJL_k*?Z_;H>lilpai^~j1+bBRFQWxDO#89(zaz7SO$^2l5wj+ zJ#4(lpYnHZmSP(Cd&!?m3p*^0+G99eu$-7Gv{Za*nqR1CSGV*hPW_(y(=b9=wnG51H#0i)RZdl~Lu8%&CN zgE#Bg0crQ5!oTdtzfWura}oTCkSI`Y(~a{1z0L zEpzx0U2ZP2Y;VWgR?`yJG=`L1n|U(%x`e@BbC~@SU*ey1o;_fsr$v8e%j*{yE00F^P%T z?edc>9~n22A*U3^jq&$uaE<2rdD?Qzi@j`K>v&^gk%EeQm&08%;kG?)(U|teRHeLq z)s}8k%$vdX-q%PPT@jU3bc!y))0`nnvg{bD^C8f>REM>-W21{n8c4JChW-d#C)xL) zbvRxS{?#fuB9b}4!R~aO7Dzz609C{a@l5!{wp0epJ+)-O0Pw-ttR!ST^8tYpk(#>q zV)hz;g7M$a({Beijw{PNt%2+7nhTT`Uw`$@H`zpa=-`rsh=ZR%f1SOQW6sz}=ysE{ z{KP+*GDbBfJWci!qt8q;RO=>=II`w+`v1XJf$DoRxIKDSPx1GDI7xY2W1@U?OsQ$g z8%|33d*i!^cYC{0Ab>u>&FI7rB;EoV_6*Om0sKUtTi)_U9PEdG)Eerh85G|}?KVTJWKY+*wehujY-WO=SuxC9~A$v}eTeHxa!FCNxuUpg@2W5e|x?O6nvO({R z#{X)ZeR(QukysZ0v{^ri`+jWP&$!HhBJ78$>vRk@w#VGWLWKK~)(E1hB%^Yrc%8$kJ|RHL%scV+KNjzl~x z;~o)PyMY-gG4GPK(yi8IJj7ZUpVd$1|8EivKW{Ht_u$IArua1SJL~)Bgq_ZE>zJ_;H!qJvkB?j`%!q#%_V*W3VEeHW zprEJ0h>wSR-Iv1P%NpO!&m(V+7uE;4fcqlsa!dF?m5@4p9{ab}oAR|NPr`HS#|n3J zJPO8z;FPw5lxj=`l7||pCo!fdJ`zTextgl(8Pmcx2rGin4w=qRJ)uJjqdy_x?awPC zmxo^J6Gqa!-wk!NzQ}?!1PQ_?h#3)Y>NR|Bs0j>6*IakHVcB@zqgr?^#kR|P2G;5s zGxl9y^}j3P{<#8Fg=&ydM0lfzyUE#z0*Y=@xEmz0!U_R_Gdnnc6Uuk&(t?isY$!lp zD_1&-Uy4(Tni?!#CFOPZ?J>pyGO zQaxT96ixcetLiqN|HZcPzMx~n{X6dn1MY}Hj*{c6@vB-VK~EOZw5$!jzg``w*_^@a zL4W+FyCvYu-?>vg#d9#BpIX?Ekhk(bOU686exMQAmp{y-2-qnpKp!ixJ~8#PMPtJO z)ScnhS>Ei%+w2u1AjyX2{VA1wY;7&fj%(_pD&5Q=D{Wi6nZvm&B{fSe@m=Hq5-=ID z>>zVVx66(415*ku0FoWudUQuG5Kn7C|8aEjwQDsm^^3;2>l0sFI>D#vBc0p2JP~J#&65JBbI^q8q_-=g()^SAwIi z`9w6p&l?T<1)i3(Hk<`l4PMYJ8#{m4@;b_{IW`0TtuMp;)lOZJrir2kBS=i&`dr4G z;`W)p+>0FOZl>)y_$MCmM)>;P=@T!28hac(G^Y?>ums8f#jDP1EbR0A<>#r(Fquu= zYw@x(cX*KrUcsRSdfZ>6@Z?Gl2I-9Fsb=sa*fkv~-+z1N?_%rH=}7exqus_mkvMu`~Hy|6^Cqd z>67Q?U+)R_k{PhVtK;uZR-S*47X0tBb6h&ZDXDGZ-+ZekBjKm^VVlwHx%Ll(ykYOt zE}Ft!5C6+SeM&py!Sz38z;7LuYRHfO)^H?Z=KsH>)uj>lkes7apU$yNk)7t@#~(H% z4!pZ6?$J5y;ueqyC?5p>2i}W5<|R^GP^dn($Br(VC<3+nIaT>Ic2aJdI?L?oMy{G2)y zoT8PJTFUvVd}=q+3cUvgVwsv!9_wN%zXHrzOPq|JwLBmV{Cv1K$Bds#1sT`ZYG?3&+}*H1UkQnhLIjF(co`i&pLbhlRgDrjR=d$PjDp;IP3U_-6q`lo&eo=yz>Ooz^B^MU2!#WBa#hGNE>ba))!>F1UE-p`{&hig6Vn zmUJObhuP6Nr13Xo(wNY@B2Vqvb&|hajsC$N-cRUEmXH@TnMBGbQ!f!IQV84MWzV91 zQMeQLUSz=~-xc3mx4S#IG*exiw{v?@J$PoeDSSvWuy^?Diw445TlewRM8B`$EAs}b z>B8-jr)C@MF!FkdnoHdn7?U+ z*QzXWe`YeE`LTCtP%wyWER zJ3W!qwW1WGFl~{X6pVR7YVfeDupzQmdDO7PF5`9k1VzAFlPZtQePiR^`<)TWT7dDk zqui$;y;4@ws-3l(xKoQI6XAM30W@1H%&JqW%l^CBi^KafPNv?!%HuTvCaJS;m(!a3 z((W<%gd5!0Q^x11#~3V5z-(zwGr+3JkL<`;KLX35I;85I#|YJ>E@0vcGGmTVKcy1 zKi>VYe!Ss5`EeShfr0ZYX$ zTUtpwb+SP(IQwFkF-7pP>D~5nT#eRf+tJ=%4(b4jdiNZ^w;61tQVwiozwLy#im|5i zz`QpJAs`q+vz1avzQ_;CS3#*7w+LjG3_xW}7)1rZ6-BYg^*`8eUN4@m38C74YEL1g z)-~Qw`cer;JTufdL#6ZgGgI%?@_ZRkKIBW)M0gVl1fLY3E7Txp?mgU86?NGx>0(C9 zJY;wGV#frk2X}jDJ$IuAX|?kPD<0hyp$`63{)?9A#ai*G3vV{8qrxA_7(5Pi=xDLp z+J4BTxjAI5xd>79I($C;AeV^ekY+QN9DV0MrjgYQU<5V)%{{4p@#9c4u;F7AwR5de zn}_DP+3MA|0kBSy^Zdls-M5iyJv0&hO+q}UNH{AzWD`2K_pozN5g8Jgq{4k9;>UkB zxSOG&li#V!X#aTU?kN4FGCD%DY&`e3m%p*Am)B;Dd1JQtN~>YpSCs}J73c^b)MQio z9?KxY9($)!1_U2El_s4!K`SPDKew&ApxiTIFAai?3+$I060|QnZEWQ&8)Mp3EsTq7 z%UeJOwK^Kg=FMw_o$`hZHTTiOOJhK8VneYuWdcF&@lw+w0;SE!V3!v6Dt6CLefqpQ zADL%o)XXj8KC>U(!2Agg3mWEK8husgTTPnCEXDb8>kprhi`-4EAyjAR3sf;1QX%^x z$%;Hm#z|rn6uheLs`}qvIKkef9VgNdv)WhzwWa56DP@ImFU6*7XhkY&AEWofJ!DDV z@V`(&9_JP_HJ)mc>9^`-M?|#d3KQIaQOq^3gExiV%i0Ec+eSExmbk^IsSy0Df6dp_ z=oIme0AoBg`Djacx}rNHXj8?}B3tf$E*{%E$)?c=G$7;FDBh44iyr+Sy8;)VGE=S{ ziP-qJ+rvXA=l8k*24<`tFv6-2*!aWatv1BzzY!3P--#o{n@ zLqDm|2^Bm7t*UXg{l-?6tx-Y?Uqc}cTk-)jb-2lDG=Gp=WH{2Wdi9KR zCd6nPU`o1N1x{DQ8W#iyJWc+vCxOE1nDVI?#k0tm^__ZmyV0k@e{?$D78l6SaGSEG z+5NVk`B6)(;UGlAxHA-dX|!lfHycOqzpeOsdBWIP*;a2CMN=kdu6pf1@2Ya6yy*M8 zXpFPyj!41THi)k_eR#+_u|MBCyKq07>NsGgFwR_Vur^Kh5w)#wjbYxHS-9*4eCdz3 zj?nt1bQ&f2@oLOVgNLmh5o6e9=4}wEdR4(%B@AX(e<$IJA7ZJS79U)5e^43yb=Vx% z8`La+ooh4D_VA)q^t1vnlOeu%AZC2A9`01lwiEtltB-ttQ9^WktT64k`64peE=W5t zfvWBHV_0ChXK)qv=FaxJ^DPt*X<{nSYabZ8KHSn{U7Q>kocLSJ9j3_>*z2~Bml>`N z2N^L$uZ2Yrq_?@|5#K5QxRl{GxMc?Nqwy9BvmDUK@D$^f{ILFbXKV?ni)~?kzY1sG zlW6?gTnXd62DPsLYzrgi8Y}cF3RhI=Xjol3oLR0;q%F#;Ob1}zzawp!mLcnyuNF;a zH7YKps911+nRu*19;&Jjr&1+^l%6Y*G={1$N<8@6wN%mAFKqf ztP#8qXS*Am;Dap}_%jRlU%0q+{-(NH_2=RySM9;EnV%$d*Sbyx7uPL#b7_0GCshP0 zbgQkKA=?YIwk%^zhCGs%?I^z#VqP2{1?M;hI907a6pGXeE(+SH1b~^Hk%5%k&Ra{7 z3P0vThwHSYqP2x0cc$K8GI6EE+cAN&yYVJ+2YzbwEIA;{%7jU*nJAJyI(1%)J)frC z4wR*;*LZU#3>L?xr+35*t#*D0ucJNajYZgPl>!*kt-1l*6;Ss?oR7%23S6{4OR#7Z zRrpK&L-9$@+h_du>jRdp-%S9eZE zMFy<@b|_dARsc}dYczpfl#w6g1-s4D;ggW1fcIggzq%Cd>$Lp^8b;Q|r}dR|HFh&C z4|}Bc`e&o8dnme$YSSc1oxfVjL4TN^rj@szhr*cl{5-VscBqHE%dqr(rc<1;7O>Jf zs7Y{V{vT_F#TMj3O$^U1VQs#lQ0H_>ly#|-RD(iTZGwq45P_u|)cv9m=P*asmWK~5 zc-|>)9zBv%f93GSzjuyM2JisumV>FEEJ(L=8yd8uFS?j}w1N~%E6})d=v^z&rBUGW zi1}ekl}_|7lLNw}1DD4tb%iM*x`&hd3S7|>wk@;T%kX-bY>vLl_5f&d*l&9{Fh|Ak zU>JD3=l(NmR^7ws5PxV-?bL->qlqmn!)tg1D7uU$IxwOn_Yuzfp~*r!knM>1M+Ym< zHC)3p<3t@cs{P_wyAvwoeFOQISA@5rv84frD$JDVY3v?L$qRQ;idIgXK$EHqv6^hv z{SiTN+K8@QXfL&gdP z)+$Gzee7QytO?5wFVeB@-jfy{GHx(X8ks9GMDrx z;j&NcvD7aHYmJ)t(58tZ8e4;)HM6KozglqT#+*v2Q_i=?DD{I^%Nl7L+H)(VJ&IS5 zYu?D=NB#zQw$ud>J9C4_PfXqHKoMVh7>U#|XsEMP38D?f)esI2^A*B8bpgQL85a{z z49^jDH+CFCq;ld2I9>=qef~H%d~?<;%WvcT9+e=lw327RA43TZt=mXZ8^17CJX!8K zkVA|tYdG-RMgbB>@KMS;3(MVb-P1pX$b0Tj4hehBT|g_$yel~%5!uw2CTig|E|NnF z-q{%%i{V%T;aN(Nn|e%<7kae%roD}#AdlufslCloF#~Ui=rLqNU<*HNYxc+ap=Ky` z^e7oUznvg<@Hm#J3%a#eEq0nx0=O=^)LRO<5H))psleD@(10u@&AolS&o=o-3G8`sf0XfR{;~@D9x1Fy z9oVsJEB-Z86*w7qm1n~NK~5ZIz)t-dl3K9)jZO$#MH8$j6UG9Goy15$mLN`mZA}0C zUita_a%ncIzH~fJYB`uvqO7vSd@yh_ji-v$Uql@;?$Q{jR1jTR)!hhi4^A%X%`P?u zc#nJtTu|RppsQnOMf&~G`g$`EhhxsSRi?M!@HkBseuz6)cokBUJ zclS#XZF5Upin!{Je}6UnUy?EV$Jxqx(#v1}Ck*xfNolcvT`BCA2D~Cb0pU3>_vkcQ zc)MZ>^2VK%5O!{xFZFB`%r^B@Cn6%kMiT?1O8SZoVe*~A0@+^b(CH5x?(+SK z!F60G7e0-g7}Ro`Ieu2AsZs&Hw)-AoIh*ibDZwKm@|C3(s+gyW)nzTyuDSPZ%vZMJ zxo3sjinDByr)X8@KQ`uR>FS{J2|` z@uhjcWmS~j%E|w$RmV}a3Zg73yzM_zZaj*L%#RQeV*6hqn1qT_i8*R7xa7-E2=Joo>UdRzw7U*v%^W5;K0?JzYddhCKrg!=hLn^D$TF0o$!Kz=Tl>Kwxcx42isebg$E&-$UyZBtHt##SVod%6o zkrTX$2ZN!NrzM#LlTqosP;P^MJ%Acc_|Jqml2sV0V=*16R2MQ7SXbM(|Ay7}NR9O& z{nEU;wA%Wsc`MfUHHq5+qFME>HYLuIJ%68WP{|+9C=?2I^KAS8k}~cq6gaSXel5O&^+f5CrP51n+d=3VE zrQF5+Ea13;0@E&Oike41na-Haim;LQLQrd^JA5m46c9UY#wIfwR-Sb~?ws$`{Q>*# z+txg3h6CY^Ve{4#ZuyLN>iN{gE)i0T+{+|c=qst zj7`)Ub#z1aK0a%E%xz!x1$5(EsQbp3^PPzxX)ct){7mexCx(JqH26moveh}Yq}6~~ zuS9&%?)=i{n{x6LeU}Z>igsHNb1~HX9ucQ~d{L{?BV3EAnz57k_?#d}Lyv)3{2g4+ z=C9i-S1C@v|G2eM13a42?R7WD-PCI^YxCN=@~pd!P2uefyUm0+4&AH>V0}%NtXF|X z^!`ft%=X_eA}S+arYZEVo)6E2EWaeE)e`YSyn{SiL6mggNd# z@m9u_ITGVXS?`(Z&lqY;ew{1k^#>OB`<0^I!Gi*?{M789XVaIy|6*^qe`Y(cQG(TO zo0Ad#j)~7_`TSk3d1#I>_r(lf9eL^EzO{IW!k%y{V!tO)h!P%qQ6FzR3_jL>l<@*EE$9f5(b*ICNepzi^A7b1N>c0@_9Z?PuIDAUiSnQrZ0i}gi>tKnj z2f-J!;jcSV>(=F*BkU^R6w{JQ-GjHa!X}$Bi~+RsSdBs7n`71-GWpm;zf}1CwfxLG zMUX%<_vKV2t3%h=)=3*!Tje~~Cb-eVjX^q*PmpfSmgZVY{TZ>uRCca3<(b{q7tzQ#&0$T1SlYDHq zII=uqf9MLO%CWfkZ=PCLB?QU^tZnm$`4L^oFGUBlg5tGkTr1QLBH~(}&g<&7Uq6qf zk^^DJy7#;@$udq7_xn#f`hAShMVPD)xK@eC0Xqcbr>#2@<9WU&nzz7KQspq+V~6v} z;wJF%$gR~-;PZzSZc-J&Ejtx9p}mGvF@!{gqst34Yfs_Q}TZ;Ok81llcGJaXrE z48DH|*Cp)z7!Pcevfc@qDDGD}>(aQvP<)UESl`xt4ek(<|#=P+lu*8>wTw zQ&iZK9Ig&|+mIiaU^r<`0|85=pp6yc2#UHL_m> zZ{CfbO+&odS@AFpByuGv4yH!0h4ClI67iBfoBA~cj{t{thKpk>t<^>eUjE?T1&EN$ z?ChCT!Zyrsv&f+TIF01-rDM>v$n}6GVdAGN=`%vvdmG)-4d^*V)cU2BY{y8Q?umGx zx$pw6k)Ix(u~Mw0K0kTuIm%p5u+}N=hYqhn)mTvtx#rRFR&%!ys!-?Kdcdi`X0S=M3%pWbk~ z23iN*(a0e?^g9>ZxbuxzR06p>J@e7M-34U#@(U70_NSL|I$M)znvn}yMfELI8Rd{{ z2yN&C^iFr<<#Ns%sGD9?`K4+*?r8f)m*bNX$EJDhSpsHQ-_C;OL4Wn7)lTILPLn*G@gY?s-Y5GoIyn!6sqK7Bz&z2*(X+CKOuz6hlz3lX;@i1ftD>2qOs|k&-ZOS-|W11^9CnA$- zC~1z?pvFZBxiuc7|260Ddj4%L+88^J5#gG+2ALYxmXI7RSkyakWNNOrdlQ~KUdJ*A zwDG9uWtR&v7$dmsjW|*Wc3U0S?cM85z7VX3!KkyqxFo8au|>v}>%nzX_qtXug*rJD zWJuRWzzDvf;ZZB#^yqRh*1|WZ>JT>DFbg>7rP>e7zPR5dszjcf*w{F0o0EeQwxW6X zXw~jO*5un<=jddt6;Wd-tjcm{-g#7QuiTWP3>&;Ty?Do$l1{tFl=3}%lD_G=Vu0F< zfQIf@p3m~4RUv~DbZqd!p5kglbrj*`_TE8szdvz)p+m-D#aa~Nn08)OG0r%Rtvd@X?r76<-y#DPwp?2Mh5yT$vPFPj;Y5H4G;@WR#e_(BA zMB{`A^Fc<}>i$k*8$CNhsYOO59V&aNJvI6YbI~krk-2x+fZX2D zJ=f#itb{+d*nr1-S)Z9WpOL+I`Rr&BIK*vXKUy`!E_`trO~HO$Qa~dm6Jv7lk|@#Z z-jKmMiEq6VD`txG-!;To3auLpo4uFunNcJhhPk=}dfD0g$bbE`O)rMUC?6^9-U4@q zpUcS70Ha9dZ`SRuu+y6XFm}fJYoRGV30w3*+ZVyRW1YP<8SvqhUA$=_u7|-sGv}8P zqG*;BA+Xi2W>P~#R>clnXu%FC4YT%Nt&O8Lhm?4ob53sJ=-x<;x@CW4`k_w=Q~xzdt7#{6GY)vInZ{uZg}8P~GbHsQj5 zo5<=rYxK~tkv`Vm;p>rh({trr1nMFbnL(eBEnhi)y)_xj_E%oU}7BT^U{%8eUiD&DqxcSL~|Kla+D#r89S{A2`H?<{+KmsV7((!0|=Vq<7@!QB7u;Q~}Pq9dZQTqYqW_@@9_h}E^6yhb_(v^6Pek(*sK z?D>nQhB4m1IwHAZn4AAduH_u*M#AM65x)!Ea}>Mq)x}vs>e{Y9(CdLmv@Zxi)Lc8i zs==M9`MSWp z!C=oK>}l-I_}Ns49>MU5k<$K@$&d86-jfo;6K3VH)*noi@J5=iWYfnOY7ekQU+u^u zgphz(p&F7Ba1Tu{ZY zL;4DTMQ!%*mC2Dd>#O+f@;I9|$5qU))5?NRRpH>LoP0$hEbTNt;LU`Hj=DX&oDz!7 z)6tHWyaOem>CBuKbNzQR_?!&HNdpIOs(3sE)wD_@`u(l;W3E-1JA7zuNxx06 z)gIc#sASrxOeV{GU8B4#uLIqFuK{SK6mW79i~7#cRJ)e%2a5bh6l}_;!aL(4tLM}O z?!a{{<$g0y6hw5s!)}Ineb@iic?!4hh@{CdpM=TTRVp$tZL;qYcjx>C{b73Rd~rpE zP98Kmw^A>9t8G2%lY)#fa7H=$E-|ux>oQ>U*K#2&`5^b%#K`w=!k%s;l^o~OL3!9i zA9!D#W79wN*Z3n_J^ibdPH#Fy=~OW)(#6{8K`=S6qoFA@ki1q67|-2q63w-Z_*hwq zvjn1~<5O~KEB2ZMmHFfApJM{|1h3Sb-g)bwlYjup9jwWCFm#(9yo4_XCyGVDY)-~pv$|h8 z740BLsPRLf(k?`gjnDIP1P^UflZDg|^8DK|s&O(F#+Zx7evGL2Bcr4Nyq z#ZVXBaB}+&L@1@j_i0N1_H|H^_!ZT|q-Uj-k{oVNMv$_HVwUFTra2H<@P|Pti}LyP zd%xwCL&&;$<^#0qHy(}?zoo$ni~iZS>EL723)dWECeva`{+8 zL)7ayMvce5rhwZ7x= zrP2-t47TGQwZQc3vOx>`pY6v64G?1<#%g!e!fw;cj*&yO6Ru<_JX8XrAr6OkQ)Ait zQ{d`fsRw&e9 z|0&~tT>d-jWvElEaG6)z2d1+tweC|nvnP-X2`v?*JIR{oAMI4@*fPVH@!M{#fFG1c zRv5(CQNMHfp(M>-jS26>M(Tf(@qYbb@Fb&NH1dw!N_%7blc2U+*9|6-9~eAbw$Vu! z)m)-HiBco^40`Ft!j7H&aG<`RV-Cu$(DZ$@l`V6&@#I@WFs(A*;EF!Ge0=vF>uBb=S!uqVOVsFP#alMN~KjF+jbsVFIn{mks}ToVRUXsgfRm5249Se5v!=7^HE z8N>Dn$f#&Y+08_UW?6UM8X zn7=lAmNKg*;8$!c%QW8iJtti-iW$K$te;uPNlTgNOyLl}atM{$z=4!?tb5p&7kO>y zb~ci-OzM@KOkpa%t*z*1z)XG_vlLof{d=BNtHV}Y;XAYt#?B&6 zxx}+~&|%Zmr`d$OIrVZ_t?FrTBEfKQ=46;GOrSN$CK1b8{OU09+kGZTd(LM3wcnnE zc<%&9NQ~{;6rUvOU+uxcl9S{7q4xP&T78wRP02VbA>!0MYO=j?qsPq5p_AMKEhmpE|4_6w9BM9m(e$|IdavQaTkmZi zSU^A8jq)qoVL?h>LocUvB)M1Nj(mBRRY=ZlqxCaY+yVqsu+89c0wT+-*f4h9YV?)% z8;8pKT7n@QblyG=YqKrdcOV;%Q1`5AFk!FH#C|-M8^pGl5d@J0I0H)k8mVqdvgT^rO@onyDQxfL`l&im12 z3AXlW2N}m~BiJVnPT;4YRW7H%{B5gMy24V2i|nm!+o)_>(m^fU*8{t{2PVJ3o6-sTX0~WdyF)~98CI^S8LUTBQP5KQfM{_SDb{$mP*wlfi%J? zB$sD$mFP~ma6*r=UG~9VxxQHQX7zNFQ39@-9WdZ1HP7DgYley(HUI^O3om?j! zB*liwR*ca5j0o293I~x-#q(SLWY6)rhaYXEW?WEd*}i7_T;7W+?_U!y+PlL+ybL8R@z}unf+KH4H ziK;cYUUz1(Z`F7l!pJRT${Cnx=g>KL9nrXEMP}i|<_%ccUV1_2vJ`%VzBd^yYgTd& z%Fzd`;I@5{d?(CcJq;GIk0GYGpL2@?$M~HtM7IyaCmEr#%+Zwh8!b8;DaHk_bqnWp z-G{&S!NX*gW@#qFwKfXFrX_P<9;HrL>D!cWp6vd?qoRC;BO8}#;} z0l1a0IrXZ89idRO46%f5IQO!7S;^!#py=?gauCg%zvUSJM}?D9qGGhc36D=|(O#^q zl$_PQ!J{W@C~l1$-B=&v_nm9lDI4Q*g~jlntGzV0&RZ&`<IR*WLReNf_cn z0Kc!SsU-O;>d5Krg<`FykI=X zwUnm0nhN3GWS?v4%Z*H z+*?ypn2VN*T=LVxCp$e5!(@$G+oU0=p`ZvXU|b|UzH@s@&p0YbDws|vds|%}Tw&R! z3RIiy?wcC1Q|r^3u!1qg1&Zkq?QV>Dab46uURab(i(Ob4T#t~6ILgD9v0+k({$#|pTdd3tZKcfaA{L?Dc-r?Y>=+#TJg-tcYL39RN@ zT`osDU}j`2^e1n#{<^!FW}rygvO*&kprwXdi#20$OMIov9*b`DQtEn8Pk$ySTtvNi zU@HF7+f>BH$WiyN=1!f^VtA*_xY8j;Vw=mNX;|p#bUJ2O|_$!TFGC3LSd`A-rbyP_= z1_~%xTcfBBpI`6#zC7uX_(_7OG{V^WSt|o_)2MV zjjg^Eqh%EwB82FyPlzi8m0X8V^Jhg$hldiBjXi_?Z%aE1zNa4STl!R zC;aXQ7t^|EU%-cFT`Bmml4VaIr6SdjQh6!ioj{3eCcPg}rk7e15mZRh0<^iHJx==SbX(;GO0DgDNNLs@hbF@gp^d;#kW~j1DbLxriVU0p_;Go z`r0PO#-;lm$uGP7H$+K_T_dj2Ae%D8l;5BK`unjLuJL+6OX`09ef#Xvf!ZIwh)Qrg zhrA4D*GOcq#_aj>vvuCF7e^Ftx$N`nLvyoAExB`wQ`P-rKWHqCyC3|_!M^nFZs9#Dxy^_-RG!ThK={jK$#mn@h~T?7GSZ~w#bb!9-Y@? ze_H*C@_~WL8aD!FqV<$!y@uYX${e+&y*`$(G+dy~B75i(y@iK7u5ZI1dDk6Zi}{A2 zLGno6kTUGbM&O`^%UGPN)t#+(mO(92=M`p`MEDQ=KPV0#J@Pi`yo}kjCD1Bra!ul( zBGUU2@=EA;w*EfpiOfiWhXz)|-Q{pYT_ZOl68)%Z*_6#!M*I}&a{Gg6Q2~8}E)sou zzKA}T&bVxpT2+QPO&Z+bhcdcV*4{k`ieYkg~d=dW>O_MFU_v*(<>pZz=#((PMB@h_<2y9*pMwe`kr(}8B7 zuqq=tLMl)esMAW2gF5!zmk0}b9$(J*l!8S}mGA33ZTxp>VRp#v(`h-@sBp22RZv{g_}D?j8WM*!KHVuf9eP z;!|=l=Nq|Cu*{UP@WBV+#HU(laOt@9z+d+3W1r@-o4sTGcW-6q%8Bs?wq`*dqzElS z1FcsDUmpCFA9=$wR`YubkZilM;ryQ*Z35<`XKD1O(HGT;0BeX%0gZgqydonb@BUJH zh|BKd^U1kOUr)96;un{-AbYy57~w0`l?em&4i%{V<|I7FWzb8r-H#LMa(*Gte8G|i z=YdC(p2F{o=Ghl_2jHmFs04uQhIZm0Wkmg&2v8h@9@UKL`UQ5Ef17=QHo|@^X?p7o z{P4_*J8})kV6v{~bnl3Y!5n9v9-ca=>~}A3@{WN3_ml=UQL|Wsq~l2fkd|xX7viv2 z{JK_^>L^O`HNp^~OBD+Do6R5|met?O&s+b8it%UG97;8s3mRs37n@xXLA}WGyo5Q` z2~h@{pUWyap0ZIah4MQsmhL{~-`w|h+~Eb$A&%I;`yIXm%Kio(!#R}111^Hk=XM0z zreXZGAC$^|FPRXuw|;|8mwYsFi{TvIGp?J0c;FFnYUhnlMw(H|e*_2b%nxJ_SL@_o z%bwa2as}SXc-i~xaB|+k2qgXAfLs%Z_5*z8LHk!n=g;vs-4A8A4vzeV{?rwA{)+n} zVRmrp|A*pbD~ucGYGlb-{2f4GKfYjOUl7v#vi;hD)vWRMkOrzqSrmhgJCL0H`6C68 zxDYoX2;RQ?mFIthxZaE$OHTj*9BP?TxPaBSpx4{c&NdApsoKX|;|1+M2)v7AvM}h0 z<_!5nFEja;mW)y|%U-*CzAl}R^xVO%Ya4Kc2^`$+pt0O%!CE%mn`uHij~YVX@!$;} zIM`LkgI|IN6)Kn$mb?94Kl=4nOz*E{L5Mvua%;>my8brSW>)Hp@xbZX5sAb>4nd&s02%=}dEiA2teZWxvylkxZ)c z)9Bhs5$JD3tz6(44yKN0d_!CXRXA!_lY2xi}}6dCVf<`6Nu-!3+5#fSc0G zZ-i=ed)Ug)7%mBX(W4G=w@#yvi?9)R6Qe3d8d);J4(bV?8R0?V*^(E{wy^4X6#=CR z$lAK8%k9=f_KEY%mv(yCo_%FIFy{a-H@olqam;))sr%u3pNMB}sDi@B z_-COvq@sTCV9I)YAq(P|7?rl+B<$DsKg64uZi@Zrcr{GD9J^7+kQ1gVh24!{<3g`9#0 zhDaUQw{_tyS_!Yy)kEDc9e2*em2njHgZ609k@6u$VB@`o8Qozpx_SA70V0vjGirMk zs=TJ4xQ{m`eQL;E_ChO>t}^c@Gg{ZV{=)>Ion3LO2M{73&(qjA*!0fBfwb81cF1vL zF|8GrSv(+vM@l7dC~}CQjx0Kd2hy96zD=^osbxX%CK7WKQ8-xnCWmU|N_bgjLHWRssdlK0n`#J%d}7;@yYN;`QT<|p=iXf& zzYV0<$*7jZ(B%N7&nrFZqm|bf;AfrVm5!=w=awhBF)^b2G77R-`yq!)$V0XxnPZw#xx}vCV8lrTGMx_4X9(?@Y)p*+3B4qFIS~{ zRAj*yD@DSEhQXFr<5(W@*mpnIW&E8K1*6urBq?{e72Ru^8YBD-BadsRc0@LL%A$mN znk2FjGonoq%w9aG1s>^Vgp(L7&Wb>Qh2;jEOY%VH}IzIcy$?oh!-A{uE=`#KT8l-HbJ?=Y(YuB(sA zQq?Yj%&(J6qD@dN)?{|!^Pn?x93tS)wH(No!KKlmLc zE`b_$Qlo{x!r%vDF*Rda(av2>g|-qQC+pmOm&JQe$%eX^ zid*JVOYbja`}iG|A~e8K%XfB|j1G6pS6crdgP(VOdo~@86;v)prvYss?#1w&rYs z4`i$F_68XLDe5{D{tDesW1e}w^*0a9JpBJ8%*E?(LwxYQGWf%p)gh@pS#j7zUH=$>a=Ji2muLDX(}81-$^aD`I|g z*1_BcITwv5!n0jkt*$Xwc#i1@nmIpH)>^O7rU|%3!>zX7%}i#cYSsdMkT%|DuNXr5 z03UW{7Azh5`IAXe*?yzSniDu8am`EfL1}5X`$ z*!Aoj{&>AKgRP@O%nJ^kslw!kf0=^LlzW%6nDU!$M~Zl)&rJLp?WKq3n^9lpSuQ6o ziHjj+n34zdsR_ren!h(HK5dWVLg!4di%Lo)9#7HGm}O3`+?sH5@xn3i(ffsuMVZE* zA6=B5wji0WFReaaA*gp4Q71TZ`3~9d%(RjtY1gWR^H!&B5uL_n0ftQ;=P~yJi&5_0K@$hq>D$4A|Ax&M;`Qx+2vw}g`PGGjY#&dY zx{)kq@*b1tt8qhe%q^(p)2(Z_4>%qQOz)VZ4W?TK$u)1#KLVzM0@jy3sMTK!Hoh~^ znKw{M(=GNX=Q>)+D^*WX6E!#21jB0yh=dRNi~g?5ZP8b&tADRg`=uDTwn^`jnOBiJ z(w-{UwkcmSS0EvTcKn;f^iC@O+c`PGQ{t}xe>kF}@zdvK%ln}AWauhjwq8b3UEPbYAuH2-FdmBXcLj0lW4EA7>NDl!;YPUx3V-sj6|R4G(lsXc;fscc zs%2gQZ9+97ZyG&5Dofwaeo^g{YuTVI&$GRsC1YJ*?VMwoeVd)9%05&_$Z_WH>-s8Q z;ZO4XP%h!_iFCfKV`gj&z1o0+Ef1l4KW+H+OlU2tO{WsRmWiGVxOo?tJ^jGLUcgx4 z@K)yEdG+eK++S&V?+5irg*)jrj&E%!*fR=!-T@TgZtZ=qtEX%T%^K08wR_?bvgZ~4 z!4+B~nkEuAkuRrqEw`8j$NgJO$Ju%9`5(XOeJONxXxW{CEBBsF*p*>Ua@F@`TVC6J z!phsetr*JJ6t@*iOcq6`qe99Q!B!4xn(a^*X3E`}+BHcrAJLh}Kh$Q=y9S+Dn^Bq? zIx&^C>N}ddLJG>UFFL?j%&>^XN(0=~q|RHDxr^e4hU6KY!eP{AYPs z^-118_pvKsXcQk1WO#RsJ=}#yKLE(t_Iaf==tjrx5c?68XoAPlPWyN0Q+q-ol|ReL zmMh1j8)^@)9-Dwqeg!#{1i>O*dYFGD4*YL!YyM+-uzo%xELK`%@!_~iOgp&K;bTCo zEOqyCvk-?li&8YfhBLH_XYeb}wP~>2Z=U%R(O#+oP+mQUlcPe0pHJB$Oy*bH^aK9- z3Qd0?jQ#Dw=VeJIThVJvt$UL^GxJ9=oj3Ha4jl9U4l#FMoxaRnlD3=K2Tx`>ix*gb zyT9^Q{)dD+x1>E=el3$iMbmG`5T8Z;2@x=_cs`i%ceiA9BBQ}nuECx{p+I;Ei3ipW z8n6G~eG~aaXs)Muoov&!50Jn*i=Zo#-bOo)6+u4m}VZnsFrWug$oB{AbdW105( zeYbPzWK6uFLX>|5O03=AhNe^m=9x4+pbt1`-h9s$(t!Zgw$C&Vamk^N=mz%R>DetY z2gGnsP+TxkM8{-F@WA?hXCu34#xYE;e`LeUZk%-wXXUs317Ylg_TZYq;}-LUVQ@!T zHvWV|0$T$I{Nj*q1%jIPJMnzW< zZ@nIlpT68>Xz|h0CoJBjH5$}hnZP8;>c1h*%j9tOK!BdN(|?Urq5s>Ezh3r!taQN_ zE9;qQH!CN5mhquI7>1h7F8U@VI&k$Pk9q9O%UDbc;TtCNi~g4{55Xh9l^F|>eG?fc zCYO~9T@GUW2aPvQ`HE#nsfn{;;$w@oD$(Zsd4+fY9&R=yU8B3<*>~fXZOQlDrhf6f zv>iQ)hbcFmZ9jY`h3n~z;eRHsLJnw;{_G`>{~zo0gOZHfo2x;87i7$TJQra5>qD8x z|F4RH_PBp(rVf2$mH*#GO;*;~%Mn2s5c))OYp!bLUJ1@3g0vyX~Eoa%A z&gy%4O=kY~Pf1>O^s10;3Ax1NW1I;6*Wz7eW&nt52x1Wt@eyjmWZt{@c|o7Eazq^A zTcx;t>h+ylI<>yXw+wQV}liRXmxy>l#V(Vav*jkK^L%s}ldcL+|wQ z(F^kOkW3J8EA;Th=?g=URP_L3x2$ywDS+KaZNIh;aw*cDA9P=}@@vF8rPjViPdH0v z9T5Air@za7b^%#svNo#}Z9TffZF)(s`HTFR`z4Ecyx+ge2tzN@f5D0~{7f}Q80v_D z?l@`J-EIAa_~iXT%<|_;BxXpr@*WV?<1vj_C?X8bYDK&caQO^{0?rL=RQQgCF848M z_;Q%_Z|Zw|CXU7(++PBSqgDSsB>{_zOe$YY`(4n_nscqrd2Jn5O;+)~!gq7l*p4!_ z|L)z-BM=s~fVYKx?I+7m037()v@-@gy^oBxfBo+VHS+(1X&h=!Hi&)k#`GhBn+&igbC|MP6Tzo`|u<-(+73;2eg$PTwz2c$f^e|RCaovHG(HY|A zfK|u<`CTe4{huD0EC)Z{N!L|;N07gERZE(8DF!fM#M7CCoru{)H_rHML=xDFT; zJ<~|`z_S6I$B*eSYv!;Sloq7x?PLGxb{cwCg9m%uCJ2+cs=?w+?jXWC*fPjXWZ3Ky;nu0-yNSAzb^f@ z#?k-9Sy#U0ui8nVIQi4U9Tn%KF4e%Yc}xrOYDPiHWs6!PZ{L0VJYzK0>2G92MGbA} zGZ!^F4ApJly)j6csJ}* zuCtR`f8Z~UZF;4s9Z{B+nY@Ed~=`3+wAY@5pi2# zwLEX?UBaRmA=^#=dbsDwt&Ydj1=z>j)$kI*McMb=l}Hl7U$ViRl)P-gF~u8SniL+` zdZB}pj5M!v1lqiNTKi^0AUYY;W9 zFw8YKel?VQsSar~)k&FGhACs^M7#&0-oC!BP%*^_ZMJ5jdwGHAi(W5%XYcUzPdop6 z!%i){rC~|>13pT&nbk%A{8W~O*mSynAtNR}4sD=NA5R8c(@hL{BUJ)8;%I=&D((@+73O+y6^` zq`-Ui5Yj_rvp~{$fpnd_a!j&{e|vF4=51$v#{K(gtjZ$SpL`E`?)A7xCGK{sTY{pM zy}pFR^3Dgl{d>6m_fHL71kgU6mkVt#i2Lc>=rt^PYkB6_)GfbHg70OOiX?EapZ1o# zA<@DsZ|(8};qTG^-r)J^m}BW(5UPph4gPCV|9A-659NIGda$qoP@GVENSeDl89b-? zd&01Fkypj3NX^3EGysh`%7$-SR@^nU8x>QSh2m#5aB0;wrNkJ&m)Z2XVP9T#txJWlwPn@j{?l%8|ZP3yC5k3h@^eLOwsU zczn<4yYGUslwfb&(G~9_U1d2Po0qiMY{oJb{+Tcw%*g90_MHwKGhDy;?=Lu%HOv39 zx#{a7E)=+jwpr|HZeOTTUK_P-2nU9fOogX7xd`1ST%($ClmDpytXBRFY6}Op|I+e0 zSiN|kYNwIfE+-pPH^$a#$H`qNi(ZcX&o&veciTUA(1~B07ls3`cPxDV#Y^7be#2$n z%M+POj`-r8oUshgj}lfR*GRQcxg2b-%uxApY#B<_E8-ytxfQy%GCiR@{cF@eYw0?j zw7Q73v6;xp#=yuaKO@&-q4pm3+Nj9qh74vO$dNzW(%-JTI;YaidIAt$ic-y^XuNnJ%4M937dwFme2nQk=NMfN@eE6eO{qs7^Pwj$$1#-r*=Ot927bzy8{q-nXK!*AvfDlEV6 zPW!3cE2!w`o(6Fd;{VLUHZXaFGp)QvDtGe~mHpG{@E@2@30z^Ga4<*yR=Q*qKa9Yt zja^_|<{w}=Z)vD!`uGS5Qvq+J%}fR*ilK z^z|00fV{*Bcg%5~_>JxIPG>7_prMRzzT z*M8n_G(&%Vor~2!Y|UfZlX3m`n1U(;OnnlETA6G&lO;DsEhrjrZlG_5%LG^&c+t4W zaCZ1T&c|yYXRGGnEJ+Zs0ubAf|HJ@V0a)s_;|{L!*SywXhs0+#=lryZYS)tQrqrYS z+fo9Bg(uNFnO}f@>h?o%jZ`XOcsI+1pWO6aIx3zk0bUTc3daY-u;!+RTBI5s2##cx&7AB$5Hp zRfV=(Oq^F3_QrO<_oBYU^kqOzO!;8@R8eWe2ciS~lSlxgCAG^_w%lrqY}O^VO6Yj= z>y<};rZpan;SLn34=nRLgAz@5+wmaRn!ry@&}bi&FlF6i`!oW%p+lw(l;UL*vXF^= zl4td%V{#!p4$?n0H?dycm=Z7;sph^*a4DPiY9`KPJg(o~Fea|^sQ?+@Ha6yURT-aa zt}XAjHj6xE!Ut1ArmWtZV7hkO&)j%L|LHw>GgV(&WmJcGG#nUSoSZ#g`}| z2}Kw6B6oJ^qVq+OXD(|rWmN~!8bmQNcV>xDL~Yi_p3ge(F0E7`8K{3Ie?wC#kmxW+ z>fc=Waix~%*Lq^BbTnu}z+iBYre-F0RW!vwDs^n2Rf$b z2y7f#i;0jnzZV-Oq}I)tShY7F#{Eu_%4yC_h8Q$VEA z-B4tz^Su;h7K1M7oF*Ap9QVkGYJ_OWC@;Bg0_+O|m6y63?#V3PHryh^cln*we zxHSxpIz7vSOBx!FnNZtZ!dFr!&9hqN_XVKQH9lv;-o9(?iI`rV>34D2>g`C92Rqkv z)Aa2mKURk7&xnSo7g5+;MV{_vI~3*PJXZ=M9Uq-9Dm&8wdys&S^PiXH0H%qMS09q0 zeyHo!4^tIiHGzHeMQma>`p_C%+&=jmeS`l@+ZJcBxA{MfSbfxf zAFVtQYbc);=tc^6Fa^!n(mx)lecAZC*A4W+h@V7{##gV5ytHy@;|vfrE(dcBje*a! zjU7t^@AiGF369$nFTGUzVfOm6WkxG*&HS=XXlo9mxR!FGpE7tjz+X?Wd0H}is>d;M zYmnws>)C`!o=y+o*J*^4&Nj5N_ZDB4i<{K!CvM0}YoAub5SQ;%F- zd>ma#%@uB!$&4`KfeNUwh;)_nn@2=BKrQxXL%`IxW=-Q5Db$MpH=w>fX8$ADoO+uE ziF%s!qI=Gdq@GJ~aT_i(gh!cHE4>O;-CGu5m6-Ujo)B~TXhe?=Aq>UxxgU10$$y+` zJJLtP`3isUpuQ2nv3i{=efw~){nU$&PdDg$R$gfVTRYnyq=bae_zJOQ!>>h-TCMv> z2uG6ng1Rjb+Z_$T6>DOHnz}qigGGz`+frbcEK0*HPw1-e?$gkt2Ei#EYJP13>T)#s z1zgCa&94wI>W6ztL8A1{@P-_PtkL(vB)+FFH2R^!3{Bmm2E1ua9Z@gV6GdQ)2AvAu zNiY1t44S_LbCl-X~%kX#2R%|9&Z(e(K}8d%q1bklx{bJ75`zGG(;ih{W(^ zf#!IHi$Nn9uiT-Vr~2AEq$5JY^AWbV5TVKC(PVs9#FX$7yP}!O3*v z-bnklsa^Kk+&i9jnXQyv4NuU!#31_Ri2k;?lFj6&mpLNHxNWBXRltf=>cskv*W~Vl zQA&4&J&mB&OMh39!rwkC*`}Y>u~xcmF+d@|Mi4<*B*O$BqOzD(WzowYd6qE% zB(s>PYlz6y`n;jvhBA~r1y{apDlYCNe^neG`lT4yV^lu+N}}0{@m!)g4W6$Y;Fe4v zZ{TGSUp;}}feUE!H|s(fvT9;D*bTT;kHgNr@bn$4kss;kojXS(0u^p!Vj8#lca%SL zsFOp{4i05KBQ;_zk?As-8*P|&sh!K}7Z^z`BwPT-u1vMVDc#mnX|X$B%{k*-KD03( ziK9fNW9-Q=iJ+wY+?vKbXTqpQb30PP%@flk?)yx(Iilm7!xh7c>yfQvc|-p=KiGs- z?T<8q1|$~(6Z^=mQNZwrK=%;874`DGq#;={yg!`lH-fgLO`aNwvM>L(_jYj$zP#S~ z`e66-lXc`guDs$1MBJ}uf*T)F8lu*DBl5VcE7U!w`Eeq2MQ%Cbxm|`zh5KW0^K;<_3Af8uXNZNdAs7pYo*? zA;Wj}XT;hSca~Pg9u+FtFZNILaBzwSmsh@WVi_G)|4?uGOBF79lMUkkw%PsbaWiiH zTsxtEKK4uJ@;=jCEO#Zm+3K3?=p2R57?|dSxbH@0OeP6Br}Y_oYCkTDa4-|jabGgV z^t;eTCLqjr_mi%w94bkM_p2j{MKV(vj(>Z-BlHYbof&p7E7l{8t6+XEd=naK$_a1K z-HVV<_@ZP~vH#eG^=qY;A#xdh?^QH=adp*ff$09ix)3zE$75n>>4zhV!RGobu%$Mz z=R#!@eq?}tzN$jkjjLJm$;v*=j+?aDS03KsZn|rp2Jry*$CQyKgUP-R_&x2Uxsnm0Hw zLZTo)8pHHKMsi~7ar;N3ob=zUPhC{qByZLk-eQH{BGnr`)dmQApAdNjnf znaZWnTdeFWSpWeqi{1{>G_H+kT_vP=SyVDU*t+Z%Gg@cu7*1aKz86(Evh#l&kKNr? zd7tWcCcD2u!fD=_QSNmK({v51kAqd~asWy^3fHJDGh){n)9ULA@LJAKGy_70X+ry1 zGTpdG!`5lNjl{K#x7k}jRx>uUc2}kKWFavk6k{`48#*pCTW=rk=7082PNU`mm-5(F z4*Z@dil`Vuc>86&;QXaNg*Ohr%J+imYl?<4v+LO4%KJ$z(on0ii4-I|9UVHB$^;Ry zW~=*TE7LZ3I%=tdS^N5@OK{=Vv9Wjs{gr*9TTqB*aLO{DmnjPJ?moRY#c^@32;On^ zMY0V?hk7kDe;cvLDpxGdzvDtAr@(xIdH|d%uA=ySxO}kMjpA_yYah_`&0`M})s>qA0~2yZhK9^X)}jiJ8EG@Q_2nQ}OJdSzTvz8RZS zWp#w4s9NRh7e7k%O<3U<;%U_A_od5-EY>V=pYeVt&ZPVw`6II#2vD1^xHs@TbP=8iujOPPH8SJ>eNbB=Gh?(C3Z0K#LJ=5V1r9r%L~&ow|I znCa~*)lTBe-Uri4Q0lfj4%j%)2I?l6oW-bbOzyd`5}Hl=rRb_JCUp8y+~&rBFRsPj ziAnZ2RL#gya|(JgC?A1qdU2{1$6$M&W4l5&C{FmBk}O?%d-I9#2c?N3Yn2d#S!q9b zSh3R5jmYJmm6hZyMo$_fve%IhxArn!)dV8qWC#T=hDziHcxj&*(t{L3b z++%aCs2`uYLDwtyYZwpl&fjgf9p#sdSP5^}MwO*i&b}{YRi!sxug$mkrAm@Isr`Mt zF6Ox8xp=c?Sv@|LWFjPY2^1(Dhe|)HgsCiRLCICO-2cU zG02F*p*R}edmKf0M3*?VHTsw3RzR#_{T9IfJdG82tEQ|;9FSXJEd*Jo-k$#ey!YkIuTYStRwc7}hdM)*qDgVK}|)O1^8HEq%TZnO$!vw_tDPJKM~iS80hTk*Z8S`5E@N5; zh886GlwF0fd_D5+zPZ*7xwR2{pA=+&W+%V*Y#4rm^|(<(>msQi=MGDxZVJTz9RRH* zQ>+nD^Uh(wo2Xh0+)X0 zrLiWd6#tf``Dr)KarpcCkz6;gu?}7xD&FJEG1sR~Lp%bM<%bzYHtdqO`pOi) zrC$^-k`GF+4Ap4z%Pd%na;Jxhr4LI+)Maiobf>xUtNBgtP3dyVVst7swetNkbWHBK zRVpgCn5qW8=&)HGnq33?7K>~WbT~;Q6E7U%=jIB2{A?n6A!JE`7PYx%l-Vs#bYjdd zrxM9gE~qZs_QD!zu0QkelR5{orHsL;oo|(4)qc%(idx2zEgrqV3`Fc|E0(C|3jA4Ikv409QmbnP)>MaPiUW((79$=w`EN*pw1*a#UUjA}+0 zII4VC`em8Gtg02cDF&!)sr0aVROrUmwBtEjT9+?6`jUQD*`-a!ZzIqns$SRi7BXqi0;!ZXh06u=1f^0Rp*@Ue~SUH5jzk7P-T}SH>wHpqNsV1K9WQ`5i&)6IZ} z{D-9wuz3X?(&nvAv;U63Yxe|Ct06b*a1oPfGG7ozOf~C#x2PYI9qckS*MyrZ$EIf5 zFz@_z0!GV>Me+(KQX+C`;Td08WNCBEWwIZU<1pup%gWDjHJFl!{T-a^?%pmo+C@BcXUdy6!YZp|q3inU0s{8XiO z`5*rDy-D{+-DUY%z=y$J?pHf%Rja;{cg@UFtL@kZT+44Xc!8Pp=7TelAzQyl3dBtZ zwxJ+*8)!>lRH0cjc9UIz*m^EaUjZ}B)l>m({*eR4W|iTd4ibZz3aOb+Gv+yqQn%SI z?8WnGVJq#hs7Mko(A;3H@$d^u$fbHD>30n%ixP=%v2&M=s4p2mF)W4qiOEcWlNQlY zIS&84T?Sy)Uzx55wEAIgMM`o|!%(kK&jr$1cKzbDv#*9}9v{0cN;?P)t0{-(1N}Tb zU&umpj6E**WMjlY843mYlEt9JZe8crmD$N^Q9;0hS@6dOD3_d1VV zZ+b&M;9O{M-Xy)^X4v$ii1!?_%-+d;2X7*eRc@xV1ecK_+JTpp)R4&i;u&A8>%GML zh9TLo&G(_PuUM5i&D`k4c>I=Sf;(yBdwo}9h7u;-X^zu&`(umXkjCd;XO>R^Y7Mx? zpo|T+*aUaIxs@Y+evzvoAnE<)jqzig6DNPJU6gPb@kny)$ChX{kN~F5Qnv!%aH7Rc zi6yeE*>pSFC)Hk%wQTc!piI$OQUP?fMWT!%m74%MO4Eyf7sP&wY*`G}K|`So?hl^v zWs`)@^f6prJHfE~x+=pkU7@vN2zYgo{u6yqA4?YsVYiv1Y(R9N4N0xyp^b(OAb3O+ z{5rnX%zu#x{vDZ&mZ}=#cIEd}jSJjz-y3j8Ub^)xD2PE!U>*ocWdHzjrwF&o#k({8Q^a8(GYhUj~7bH+-(QV7QCf|_1t3J2RT7l#P@JFH^`MBe1gFkD?_epXS(n zK)_(CMm8rpydRVwXJt>z3{}LmgkiE0vL{?7BDls5r<{QI%+r|8{tw%ow=qz*gDqzqP7< z6{Rg+-ad3iV4n}iVMCUd5vVu_-1l20=gpwz22&%4I*aGZaIUUAiZ=XjH1{R@JDzvFR+Adl0qt!)gx2(dm>r8c{fM=D@ zJ$cf2h4aF3<#i{O_oJbzjICn;rXIX2x@@q3WYHQ9+G?PI4Sc5bV)gQh*YSxSq|e>w3j-jB7PT zi>^>!GN+2_+2Ng8WzeRbh6$(pma-{VkbNyqb<6S^XlfcNl3=rm>Z#2hGBVR4E_Fq6 zQA3a|>Ni$8gV+;t6!*hXvV8XWew_lb@(E^sEDPG?TPY<7C3?}!^wHvjPA?i8>F4z+;=eEyM7KA16cVpm31c}gX1 zf{fxC=ud9=NVF7s)%3dgR|GLTCjkD|dWv4}!W2Gc(c4n6w0W*mhv^z8LmK<`cr_O4131F@HMrloy+yeb41z26BHt4W&d|b+5phE>GJyId+0UhiX>us zsE%<#VjO}V1Au>TZ5T$#@wZ#cq9sv}FK5~v4Ntz@!<-|<(AhZZl#{8W89|fyv-maW zaZAUv;rvHC7{2QttZng%!D0D;?4E!Z2ui$!$Jo~KvbKrGYdJ1jpeJj5O-Ea6fw`(Z zcZYI|OT;-M^$)@>UCXNz4Y-C9U@aUS7N_SK^`Kkq$v%~{lcfl5-_0&PMtTOwm8uBX z@g`%s0!N^*;$WS@MNWY)i2?FrXEVOMnh|X6`B`-O_7kP{>q?@xcTQ%xP%1NLq8vF= z4J_X86y!C&siNv!$g?fiW-6OAQ*V*6G&%Lp19F#-@||b);85KBLeu`2(|~g&Uj%=& z)ZBLtQWTjTG6ik?4D?qLpqKsNVEMerc}Q(weV{G}`|Yu-HnQ_;>dc|zM_TqSYd_lH zx+oYksXuyv26(Kw`3$on&ni(d430St+3P>-YkX9oYIAUzn>HvJd*w_^$oE`Zu>F-O z9sWR}Z}*keY7coUT?$NE7(QqDahm-}Et9ohuHv>$-k*g0w_e%`(bIGrrY6joYhFik zoIZ_d3?+^~D*wP{H|eoqR%=}wu~>syJ=+%(Ryw=EdMG2t_>?${(23QL3#l)Ob(WH{ zg1f1T%7^jjSgm+%Ws?K&>7heABE$8n(<_lJ8a!MXw&v&Oey%Iho2*sq8th)d5hqB& zF2yV4Gta81y9<2=c1p@EMmz0KN{*Ygb#02Qi#cd(Z*a%Fmr)i-?~j4pL03I`QnI#o z5#$z>e`Zh!FKPY^(Oi+KeBGGyc>ng#e?b79uQc;gs98FOA;~fBQ&z$tNZ^d@;>$8A z@$cW-a{Ai6>`KYwWA10<+`^umyL-?{X6s}jK|cLb@3lKFA`>n4wQNd4P_|DYqbByG@F-;zR0N=N(mG(zi` zB}wAIIRCY`2SJj~H2jCsF9#>oAb%wFe(K69SN^GsJ2+_}{+D1!XJ9AAvD$6CEVFra z@V!aZk4Uebt{xGGMC+ume*Q*1V+Svt(UC{c`1&V{mfhVbGilfN;H@5i9QLbpk@K5M z=NcvSRQl5yrpZhHVs8cTKTNN|x=p^MY~NBs7lExP?l^vwuxFLo*nlViFjZyLjw-c- zLgaw~ni04%=9T;x{(@&NNy zY18S!WbW9REqlG&{HDR6YEhEEshs}b>~6=|MtkMhIJ@|&+~rg!Ypn+$*Y*rk%?rNY zf0WiB_2f|#I{o$TU_j-9G?kaQ2E@dTssFPF6Q>ZCLww8Pz1T#2Kij;YZ5+&zVHkjG z>ibCGNT(j?x)jvx*~&Hy6ADkuSxo5+$skqTY_zdoB4m@YH)T-)n?4W9)a{-%KTfu}_A(KIEs3_qMwV zlzT-z@VkO7!_@42pu7AE2Slt{!>7l}n)3Jb5goq>tT^w)nw=Cz5ipX+c!*(M>DGcd4ZJ$6_d}N&J<>s0eL`{3}1kl*=vhKmZJ5b#y3-%WT>S(7H3ERxUMj zeDQ^DG(9hx^qK%sPM);5O|B%R+%g%kBxt?qK5Z1i6 z5~{k1VHl{+byS70(RBeq27q6P{L#-EQY*2FJn*)}z@|ScNbIF@yG|ypJKDZ!?L9S-)rE5Awbc%<0!J>)z zRnukTn+TM8K?7#wgy_F^ zG~Z*tg}&5Zme|u4QMZegT1xiJt44(SH#H<;YosGqq!191GWVf<-)8H!nUVMVQcKN@ zoof=Io6y#sFFccQVD=W=X&03NijtwNSQaB}KN+j$Z`WVEB2ZLP^hcHh-{|N3{TXHI&MUyKTSJzqgA{?u@$-YiLC;<3 z@P*S?(V_ATN@hq2$5 zW=L3iQ16^@9+*&-PcvIFZV0V&d=4`D+I(k8C2&%j>3W`Xd}$+hWUpQFiMoBkL3KKu zCDL1CZ;8J>08K-@j#@n2K#yi$6TpcssR{QhurbrvYcN%w6R)m1BVIm@;SHI^ZC4*am?o5cx3cf3_wwsU zOw&rY?HIvV=^f3YU56+OXpMFHA~WAsnu=Zf&M`~H?WS$7k&%zhyPv30LHt^qy!mbTCq4gZ;VjIVrkOe)Hi=Ub*s3 znjFX+(cIHw>yT#8L!aXzsm9%=3Go96X$pN(QY&DoV8>I{=Y^8FI-y1d=ZdGhfPUM!eFM%>X1Q{beSe4>*81?$uVF3=6U~R2Ao=Fb z^|dp69}i>u0^Ert^PnK;N{$p4zTeH-`;%{OgzC;S$VZ?lLSOKu#r(z0K*5dAoCZw} z>?0)^KCZbN$FFlQ-y%1*+j?1TR2{_pGFoQf_P?udzPor@?#ST{5dDjBF7JFBZAVs`;{Or` z^h>#)00q#@Myph-WyzmvU5^EF1i8<&96{dPC~Ez`<~{uW;Yh;&=i@l zDEf43PB9oO$PRE#a%vl$@*KJ2;LxysUK$2&INiOKxn9QS1y4~?f|%O>p7QB1 za>Xr~1(Ox39pGj#&TFpE&B$IXguP-6b8tR=Sh#4p75Nc+O6~sO$)C^NgFZ#iX{&s= z$`bu1%i$vEaj2fXKzxE(bAt^Q*sv-V_$9pbmd&yLsd__Els~PMG=7S#_Xj(dU_P8G z^X|q%-S;F6pX0=lvfe)XVU~{EAU{Mti3#{II+&$Zh|F`!x2S;g7O5@%Ot363lCd*Tyusf&{h>z<9x(_gts?>tck}rD%AXvlJ4NZfx!Hxat zsSOf$o?=Rd>k_?zRape5HP^A@a|+B z#~)6LpY;JqVY34J?k8FI+Hm$fmrqyR!rJ;MWfz=MII&}$96H4*P)7CFo*(&N?R{rd z(@nQ8f*^> zNEJd60t5)vNaOuK9{;D_CPwZ!(_Q1(#ECr6}q^7m**ZlF^Kn==Oc zGS3buxkd0y?d;hY&o#4>1R`dri-ve<23%;)1ix605#6ZAb#j;bfftd;< zDf-g}!~{eOPqW^l(s(f>g3MlU@$t!JDS!|8;y`Tbu#<(>7^BzVirbhYs(I2&bH&bi zPN?}7K@nzNG?xs9zarFpck!xKtD@-jxh8k_io70Y^SJtUm*eP$l3*L#_m_o6Y^7_Q zyFM_t+I{T6YvSVGeEKt1YQ({Rf%%TeHV)|sbmqS%&u?p-H&q!}lk9#$*>|v*si3;h zG`tC*GQek?PYSaCqbYbE!fBb|;Na8oKPn`{l}+w7aRp~pqhfUx>?(JOQCI0Xt`}IzFj% zX)%nJ$h#NdhB;?GUoozgVFhsEgn0&K3b1e#S|as-HX;Wr5$5tm0*exX4~eT>t8U5p zUgyI3U}jJ;L;v|6a+KHJG#i*4A8#erE-)?w~RaJn+;m+%S5a2o#R#nwQ+PqX^$=jc0 z=^zfQ)9qWM8|t~eUVI}nOPe5vh3}9?BpxH9#3uH%qxBB2?JqUuI{WTo0;M4S8CJ0| z79Kypr4$MzBpCGWSd6&*43l@a3(C`U;e1_POx)0sKy>ADtAHlyCcLK6~T_5Ikh6#>Q!CX@22yD%)@Nn&h zv!r3{SE#K6B)yA1?DRg{8_>|H8(qL-LGSaY|F1xigTEHV<23bVyalbwSlPJ)Xb)IKNLssE+3NW%?TyjwGu3EpHVG}3TdK#G7 zr65l!uxgxqE4PhTtZn1zky##Pq09U;s5Oj%NfLY6xh5qpAeu>`KqcQY)Cae?0*@1> zS1=QK^-ZCmK_Cy2zCtKreo}~L>_rH$Y@P&pMQPSkiT^6xecWlz7uty{w3(i!vx3*z*L1hov-^>-;>csKUL#sLMe# zQ|_=d{p^Z}isd!Z9{XX>P0`k1!-?j{BJ3=BrY%6d7Y&-gF^XTB2S4-?Noo+RUz$Hz zs&C1Cp|0$^!S@`>-8yp#`m=Yu_L2;4IYf*0OPiJIGE|tU+4(pRb8^cW@*ow~oNw3E zBv7#6N`@Zlxq{LrAIP^v&MvGJ;A-}-48O$C)>k|n1PjxTaw_gD7UbpUA%4$4JgXPK z7x3}agQ~v%;sVf2b#{X>PC1{@!n4{arI<7=q$PTaqd2lKAQu!&uFc7#O%A%(8Q|1U zBUtq3iB2p0Jp;M-dtJ)q(GzEyk;*&PA~#j+MCP`If8AJR(##{}=j+VB^WTbzJS*vB zikm5i3wd%;3h{FOZbA;RI~jDmT3YY7iqCyhn$FJeW#H6AvK5J_1kpB6j+u*WYWfH` z;m(-?!pVOwV{DP%Yw-*=syD-)Vmyyr(y8<%t_~XS$4Jg}=|Wp+I9{PY*PLflXK^yMdRw-uP*K<|FL}`!_C>vb!lu+CtUJ?2Ht~Ab3swTbZV=+ zJH!7FE|_5P+N{157$YVaRubauBEf;HzM9My5UjKLmZux)T%&sJ(rADjtl#x9X_ld& zv9Cv}W013==Zbuh0dcvab6y!Hez&Qm2CA!cwT{4$6-|2(Qp;gvS?)Ah$@SsQV-7_j z+nVemNI;4{W5+#=yrvf`JXuw-Xc6~_!QIzxa zrl%m*`uk97)=D4;%zb{Vo2NUrdmjjEFE9lho&vyg*Pt?ji>z8ki^;q4*L<{?R3mKJz9NSydQoAwD_jEr^ zWZwn77!9;D8i1A&ymS|R(3-1DQ{HYiUmVHp>Ff)kK19ZhyBXC)9XO*#wrv;>PX>iKDj2i zIiO*^$z3wt74AKv9=xTMU?A-QuXercM;5DEnLagCy%ms-tT0{aqFc__1zPMuZFv(V zqjBx(jl1pQ&23VlH+BOCn#CuvFY|E`kcRYe6hn+6pK|^aDJc{I6i0s2NbFBd@i0tZ z+1Rp?4JgJREXWLw*hy37d`9T7gUZuH)56`lx9gbbghTkCrbC%z7CK67=4$TZ)-i^Q zI7Pc_z^mR17JY_`Ucnh^oc`te@xO?g{muKr6&H}K#EAvJT@seuHIj?QKaO>J)ro#k zH4Z5T)@t~ry)@TX*Znk!yH`d)TwNg$qjcraI}_l(MTqv{oGK-()iQa!c|Y!y+5U=r zpqc6C^_O2Q;VSM+MAN4;?1|mr+nRl68+#=<4tC}@I&PE^5;Ux9$re$uht^}FPER8D z#409i8`tyF?0r_zx7eiuTP}!7530)h=|qe<+#8H_Z6_@_2j5@i zOn^)VWKuR=`qXiO^3zDQs=E^A+x)Pd1aL4B)SsNV@w8I`T^P*Q@D;dGzqY!#X@~eQ zTRM`pn{%V`=1?!W-XK$j7;BK6zw&G5H00%1WMKOWoW#*6t@to#aRM(N{&KjMmFT~I zHMvIVg~*yjKb?inffGee`o7Ol`OI2Gx%WHB<8puPw~nT9P~~v^+>ib7LH2_Va@zgn zv-kZZVXOQ-sa+a=9d4xna@1LyME~ZV=)D=jZklD&Y~sCT5z7p8GyHBdq9a}xSTj|F zcERa4n+$-&O%H4CD#{jzig5B2H|*b;eTSe9csuFn@P5%DTRmW66Or3sJsY5Y9{PL7 z!2oX|TW=b?w`ItIC;J}$4WVD<9XL4L;on7Dl75PBZ!7JuH#e6uHy^U@udCDU2Ii*Q zqkoYte46$^h!waA?h?PVI{of8#%|H>U_b3(Iw5X>7&p2cxY?C>cyIn-Kc^I#-Jk5V zS_o(!>}ozR#OF|w0b+d?X9q?W;PE4Fy@4fPDKzA|2an)+{w|b_k(D!fL>0`7AEBg& z#;W9PX3vj6c8g!JYtJyrPtgO7W)kME`g3wy{f`>FMaA{&q{)#pJX?V6{NOA<*2bJ) z+l28+ub)1<&>J!fxdR<(9pQEofDe|nJ&Kl@ytxem#&}5tTy0^-kI!|Gs<|o!k2o$a zpSqe-J98G&KX=bJtR)=bSfBnBoj9`1m75C{9hA!4&mk87$_xFdH&dQDg)aKBm)PBB zorT77h_yP`2Ho0tdiat-zoL&Ewq*S}c_-b%$)y%arQ%@tL;>M6zDxy%i;Td0v`c95 zV+Wh~kEXD^6)pP4Tna3_h;0m)I}UWJtxl9?-N(7Gt$uo(>SEd`R+trDGS+lCV6b>A z!n8pk%>g@jeXd%D(yx7d%*$A6)OoVM^Tpp(|7`z`gGBKz)felx|0>};=s6D5aVoQL zY9^_$D#*IM>P)`gbrEM;lG1YxbaZbk<;Sw;J((r>sdi{CSUIX53B=(_3R7L}7$rV( z^1!p9$aJ@HZ9upU_fTkTHx0;N(>?TgA`1^PJ3U$$+YHu)+J5&*KrK2+zOW|kx3yV@ zjZ-?MwvaRmWS1e=r~mdvvE>!VlODHgl*e0M2(+~s(Xv(L<}kYaH^|P#qy&x)@qDm* z7FH>l?EX&>n#N;|0;``h?d1ws%1acL=JTHc`G-TKc64R{$Dq|mUH}h{z4OJ%3YKRS z%uERM;;*;fTnFQ*4tsz1BLzpD%+tjG0gS0{RMY(z9Fw(Skv{2hjK;WIB9W;=+%p-e z^&slcDXr!A>_50dJ(Nx9Q?7@$^AAPUcF*9_X&r5?5XJJ(eUyBRXKo!Lo@tt{UNLO1 z4H(Ml5Um)}37_`>s;|rc9OO*$0tKSAN4=0WSn#dN?w6TFN_xAZezJD1f>sGtEvp4l zwqupGUND0DeBT7ch~q-m+OCl;0V0m$>lFpa&gs}&1}c~2P4i}MW4!&;Q{i>lscg`l z{WA4&y>o4z%0OpJtt>Ua~ zC|?g^r0kM3>#d#lZV#dlHrOS;qI4Ia)4B5x4O}hQB?0gS@=^|%TKE3uxk+-Ka(2PD z!rJ!q0Z9>4n{yjs{nu)`YaBW=xT$Vcok?Ros7zq&^N+|=06&RJfUTz%)pv(2dtd;BKU!{)KQ_SjmoT(#`48L=g(ayy{+OG*(FOaYgo zH(mE45EDSeP0%8^m3y=2te@EE#+$Q}hs8*b5BQ)Ug!@L=PjPZ7K60;7>lqrkS! z$q*9LhMeC03BiBWTwA<*hkltyPVnK;kmdpUM^qV;>r*-LzZAn3WE z=IIkkKJc8_OVelkDEC;ft`WhA+Wx{RBfv}XZMK~*A894)Io}bR+@jLX1OJx$Vjrr1 z9xP!o?Gt&Y(t|fu_0g5-#JUb$u@Aj#`nV)FWin%);a5lP?PnNNfROebq`>Z+J_cSD zx3Fs)*o%qnMIlN8HsZ#&T!Su?eYcDgIlcKRr8!;J*3pXxWzwiBst8IO9(zMw6YpZ>k^Bjb@pSD7o^gvx!fPb1rew-^t^LC!~W5b z#m}K*ZGpZ?Vq7aAJ{2Pu?cdLG27k0c)OmucYgk^hO5AoCa6h9q7Pz+ZGe&r&EIRh# za6`wpQYwX8*FR|_r>n_r)o&L~T#bYvSxwga&ShJ9dZmftm7rBwk$f-!Ov=?el~nkR zN0Ium>V<2LD&;IPdHREi5@ph1`q4hkz68+nOptGXGy1TR6WiB)+&`=Oapnt$W32#p zV?NzQciGJz2v}Zc+i&~C)JRZ$p6t;>#L>j-y>lad-Xo&261Dbi%J7qSZqN- zEh>k=g`#K~>5CNq_V*R-f1Wxgrq^eEFK=F(&s z-uv;5`$QV&Q@?e&{CRIa6yu79jmAb#AOI`oQ*noN90auAZuOun0W0zfZ5KsnNKsRc zl02wP18w44eDbMJ@XQ(eUk*m1qVF}yMBd|Co~|bwLYk4%I|mz(oaT%mDR}+&TD3$s zs#OEGvOWLZ2y%~BO0gTO;Px!LPZ8T7@2lFsq=&24{DU(l2Jf%GIj6T7BM#qrHT_nl z=Q(s{mY-&ez8E0PQN8nFx?{ZS8`p^?=E{7%9KQ)xjyMr7nR(SP@Zga|UO&g*`*!=& zDNxKrAfaUK&4os@VIXkI3oy(ZskohJ=PJ9J%ssLG3F$utt6u~1k3Zg0i0@O+Af^PY zj^_uJjqS6VG|^2cIIK6SZST}M5GI1HFypffRS8{~S`a1xR|}fo1c})C5JYm9C{wSK zJZAUkBf17v?4;-5yd*opAt7)DAA4d;W6^| zOrJ{xORx{_g=?Pns}npU!21aHxXD>WDf%=e0k4n3XQIOmBlz8q^=r`lqH{X|+Bo}q zlu470jpH{bAc^GqT*d^KGIl_rSAiFSwLLL1{YGWwVlLCPq@mG{B)I@YXG0}S#R(;o z2c?vHMpf%35H3N36&@ag8p@BAUo4INT|@zH&BZS*=x`5Fb^7*RXV81$PV zzqM$ChhjNUxYSI`V*kB}_3wMn=HH#PEpBNJ?5f`$3E?DbnLGM5zjT6I?j<)okc12= zrufrPbjIzqk#5q8iq^ej^JXo~pc8)0MjwY;w8iqTFC|KqUy9ajbez*&8XF|lhd#3N zkT2>}qfpdHusZFg>>yf!Q2STSniWzV-fRbQoJt8es1&1Wp9=9*JtZYkq0C@u!tR6n z@64q3e_IE`8+vN-J+;WmwKSgi@mxC~8{ua#5~_p;1KnlY@4quTEB^4D z8S%lyfvZwn0J@|@F(;!v=Y*E|pX|P?a#XzKCO#`gsi*(z_wLUnEQPmP$98UA6X|*# z^zB;lv?jaN6?q3P7B?lq42WPB9rGnKMWte?w@e3P1P+tO6FBG7az(cU>y~nBM0Hi) zK&PIdn0iQftPS|?P!rQ$mGU$3Na&rG$k2?>Lela=-5h`{I=REzkM^6^5y1 z`v-=ZiTMYHfeh#u4sB`tHN=!NcX5SxWv$`E-#lE*lJ@UFns#OH$)rR-%p3sjuy(544L@t`rS@luMLX2XUA51aF&25+ z)LsH;{jxfedBk(w>)LAv?-#3PHBdvEyfOt^!IzOpGaqO!#n-nr!gAxrKkB)i!}6F^ zEy_*s6$Ldx3k7DFt(EKJ0bxk@%Lvg)R)64$1o~)(l4zY*!GrL0``*O-0F#orf1xrr zz*K;Q(n45KW-q>hGs1cMTmbilULh1NT1~8|8D6V5D6uVloC>T91Pt1g2@EZdXZTDt z=w(Axl)u(nQCL71VR;8kTaqNzedyv&ETL1f%FY?njR(O00cU2_I;k)h|0PFs z#%9J<8}M=s{s!fZ$@Lq@X1%3Nfa=GDNc8*`S^eYH2MHaQyHe*j^Y6rB$47GN+yD2t zwKa!g!#uSMYCH4x-{{2t1Do0Z#-RVd>;D`*_}|{({|DCk)y5&+_@N3dUP`@}D#rIU L4Kzyc+K2rYIIMcy literal 0 HcmV?d00001 diff --git a/versioned_docs/version-0.2.0/assets/img/overview-sample.svg b/versioned_docs/version-0.2.0/assets/img/overview-sample.svg new file mode 100644 index 0000000..362b0bc --- /dev/null +++ b/versioned_docs/version-0.2.0/assets/img/overview-sample.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/assets/img/source-labels.svg b/versioned_docs/version-0.2.0/assets/img/source-labels.svg new file mode 100644 index 0000000..0bb7683 --- /dev/null +++ b/versioned_docs/version-0.2.0/assets/img/source-labels.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/getting-started/_category_.json b/versioned_docs/version-0.2.0/getting-started/_category_.json new file mode 100644 index 0000000..b1e4687 --- /dev/null +++ b/versioned_docs/version-0.2.0/getting-started/_category_.json @@ -0,0 +1,5 @@ +{ + "position": 2, + "label": "Getting Started", + "collapsed": true +} diff --git a/versioned_docs/version-0.2.0/getting-started/installation.md b/versioned_docs/version-0.2.0/getting-started/installation.md new file mode 100644 index 0000000..b854008 --- /dev/null +++ b/versioned_docs/version-0.2.0/getting-started/installation.md @@ -0,0 +1,94 @@ +--- +sidebar_label: 'Installation' +sidebar_position: 2 +--- + +# Installation + +Assuming you've successfully set up your environment, following the guidelines provided on +the [requirements page](requirements.md), you can proceed to generate manifests and deploy the +controller: + +### Deployment via Kustomize + +1. Edit the `$REPOSITORY_ROOT/config/manager/manager.yaml` file and set the `image` field to the + current version (see below example of defining the image as an environment variable): + +```yaml +# ... +spec: + # ... + template: + # ... + spec: + # ... + containers: + # ... + image: ghcr.io/Riskified/dynamic-environment:TAG +``` + +You can further customize the deployment by adjusting the following settings: + +* [_VersionLabel_](../references/custom-settings.md#versionlabel-and-defaultversion) +* [_DefaultVersion_](../references/custom-settings.md#versionlabel-and-defaultversion) +* [_--remove-labels_](../references/custom-settings.md#labels-to-remove-when-creating-overriding-deployments) +* _Log Level_ (set to debug - see commented option below) + +These settings can be changed in the `config/manager/manager.yaml` file: + +```yaml +# ... +spec: + # ... + template: + # ... + spec: + # ... + containers: + # ... + args: + - --leader-elect + - --version-label + - version <-- this should be replaced to change the label + - --default-version + - shared <-- this should be replaced to change the default version + # uncomment the next two lines to set log level to debug (also error is valid value, default is info) + # - --zap-log-level + # - debug + # Uncomment the lines below (and modify as needed) to specify labels to be removed (comma-separated list) + #- --remove-labels + #- argocd.argoproj.io/instance +``` + +Once you have configured everything, deploy the controller using the following command: + +```shell +make deploy +# or with image as environment varible +make deploy IMG="ghcr.io/Riskified/dynamic-environment:TAG" +``` + +### Deploy via Helm + +Helm uses a `values.yaml` file (`helm/dynamic-environment/values.yaml`) with predefined values +you can override. At the very least, ensure you correctly set up the image details: + +```yaml title=values.yaml +[ ... ] +image: + repository: ghcr.io/Riskified/dynamic-environment + tag: TAG + pullPolicy: IfNotPresent + [ ... ] +``` + +For more extensive customization, refer to the comments in the values file and compare them to +the [custom settings](../references/custom-settings.md) for in-depth details. + +Once you've finished making your edits, execute the following command (from within the `helm` +directory): + +```shell +# you can edit this command to set values or specify alternative settings file +helm install dynamic-environment-operator . +``` \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/getting-started/requirements.md b/versioned_docs/version-0.2.0/getting-started/requirements.md new file mode 100644 index 0000000..84aefa4 --- /dev/null +++ b/versioned_docs/version-0.2.0/getting-started/requirements.md @@ -0,0 +1,52 @@ +--- +sidebar_label: 'Requirements' +sidebar_position: 1 +--- + +# Requirements + +_DynamicEnvironment_ is distributed as a [Docker image][packages]. Since we are actively developing +the project, **it is essential to review the [release notes][releases] for the specific release +version you intend to install to ensure there are no additional requirements.** Additionally, you +will need access to the source code for generating deployment manifests and Helm charts. + +:::note + +Throughout this tutorial, we assume you have a basic understanding of Docker, Kubernetes, and Istio, +including concepts like Docker image names and registry setup. + +::: + +:::warning + +If you are upgrading your instance of _DynamicEnvironment_, it's crucial to carefully read all +the [release notes][releases] leading up to the version you are updating to, as there might be +significant changes that require attention. + +::: + +### Build Requirements + +As mentioned earlier, you will require access to the source code to generate the necessary +deployment manifests. To set up a build environment, please refer to the requirements and +instructions outlined in the [repository's README][readme]. Ensure that you check out the tag +corresponding to the version you intend to deploy. + +### Building from Source + +There are occasions that you'll want to build the operator from source (e.g., if you want to +use [extensions](../advanced/extensions.md)). For instructions on building the operator from source +please consult the [repository's README][readme]. + +### Runtime Requirements + +For this controller to operate smoothly, you need recent versions of both _Kubernetes_ and _Istio_. +Consult the [_Supported Versions_](../references/supported-versions.md) documentation for +information on tested versions. Keep in mind that while other versions may work, they should undergo +testing to ensure compatibility. + +[releases]: https://github.com/Riskified/dynamic-environment/releases/latest/ + +[readme]: https://github.com/Riskified/dynamic-environment/ + +[packages]: https://github.com/Riskified/dynamic-environment/pkgs/container/dynamic-environment \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/getting-started/running.md b/versioned_docs/version-0.2.0/getting-started/running.md new file mode 100644 index 0000000..98cb96d --- /dev/null +++ b/versioned_docs/version-0.2.0/getting-started/running.md @@ -0,0 +1,236 @@ +--- +sidebar_label: 'Running Sample' +sidebar_position: 3 +--- + +# Running the Sample Application + +In this section of the tutorial, we will demonstrate the installation of a sample application and +how to create a dynamic environment to test a new version of a single service within the +application. The application we're using is a slightly modified clone of the _BookInfo_ application +that comes with _Istio_. For more detailed information about Istio's BookInfo application, you can +refer to the [application page][bookinfo]. + +:::note + +Before proceeding, ensure that you have followed the prerequisites outlined in the previous sections +of this tutorial. You should have a functional Kubernetes cluster with the required dependencies, +and _Dynamic Environment_ deployed. + +::: + +## Installing the BookInfo Application + +Begin by downloading the [tutorial files](../assets/files/running-tutorial.zip), extracting the +archive, and then installing the `bookinfo.yml` manifest using the following command: + +```shell +kubectl apply -f bookinfo.yml +``` + +This will create a BookInfo application running in the `dynenv-tutorial` namespace. It consists of +four services: + +```shell +✓ ~ ➤ kubectl get -n dynenv-tutorial service +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +details ClusterIP 10.96.243.70 9080/TCP 3m40s +productpage ClusterIP 10.96.169.74 9080/TCP 3m39s +ratings ClusterIP 10.96.215.213 9080/TCP 3m40s +reviews ClusterIP 10.96.106.203 9080/TCP 3m40s +``` + +Additionally, note the configured routes within the _reviews_ virtual service (only a single route): + +```shell + ✓ ~ ➤ kubectl get -n dynenv-tutorial vs reviews -o yaml + apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + riskified.com/dynamic-environment: "" + name: reviews + namespace: dynenv-tutorial + [...] + spec: + hosts: + - reviews + http: + - route: + - destination: + host: reviews + subset: shared +``` + +You can access the `productpage` service, for example, by creating a port-forward. Navigate to +the `/productpage` URL (e.g., `http://localhost:9080/productpage`). You should see something similar +to this: + +![default view](../assets/img/bookinfo-shared-version.png) + +## Testing the Colored Rating using Dynamic Environment + +Now, let's say you've developed a feature like colored stars in the ratings element, and you want to +test it before making it available to all users. In this example, you've made updates to +the `reviews` application and uploaded a Docker image to the registry. To test your application, you +can create a dynamic environment manifest. Here's the final manifest (also included in the +downloaded `tutorial.zip` archive): + +```yaml title=dynamicenv-bookinfo.yml +--- +apiVersion: riskified.com/v1alpha1 +kind: DynamicEnv +metadata: + name: dynamicenv-sample +spec: + istioMatches: + - headers: + end-user: + exact: jason + subsets: + - name: reviews + namespace: dynenv-tutorial + image: docker.io/istio/examples-bookinfo-reviews-v3:1.16.2 +``` + +:::note + +You can find reference documentation for the `DynamicEnv` Custom Resource Definition ( +CRD) [here](../references/crd.md). + +::: + +A few notes about the manifest: + +* Namespace: The _dynamic environment_ custom resource is not limited to deployment in the same + namespace as the resources it manipulates. It can be deployed in any namespace. +* Match: For testing, we're matching against a header named `end-user` with the exact value + of `jason`. In our application, you need to log in as `jason` for this header to be created. +* Subset: In our case, we're replacing only a single subset identified by its _deployment_ name and + namespace. Please note that we're only changing the image. + +To apply this manifest, run the following command: + +```shell +kubectl apply -f dynamicenv-bookinfo.yml +``` + +Now, you can check the dynamic environment's status by running: + +```shell +✓ ~ ➤ kubectl get de dynamicenv-sample -o yaml +apiVersion: riskified.com/v1alpha1 +kind: DynamicEnv +metadata: + [...] # skipped + finalizers: + - DeleteDeployments + - DeleteDestinationRules + - CleanupVirtualServices + name: dynamicenv-sample + namespace: default + [...] # skipped +spec: + [...] # skipped +status: + state: ready + subsets-status: + dynamicenv-tutorial/reviews: + deployment: + name: reviews-default-dynamicenv-sample + namespace: dynenv-tutorial + status: running + destination-rule: + name: reviews-default-dynamicenv-sample + namespace: dynenv-tutorial + status: running + hash: [...] + virtual-services: + - name: reviews + namespace: dynenv-tutorial + status: running + totalCount: 1 + totalReady: 1 +``` + +A few things to note about this status: + +* In the `status` section, you can see that the global `state` is _ready_. +* For each subset, you can see all the elements that have been created or modified to configure the + routing. Any errors should also appear here. +* Finalizers are added, which will be used to restore the previous state upon deletion. +* For each subset, a new deployment, a new destination rule, and relevant virtual services are + created or modified. +* For more details about the status, you can refer to + the [reference documentation](../references/crd.md#dynamicenvstatus) and the corresponding section + in the [technical overview](../advanced/technical-overview.md#status-explained) document. + +Now, let's test our application. Refresh the product page. Nothing should change. Try logging in +with various usernames (no password is needed), and you should still see the black stars rating. +However, if you log in as the user _jason_, you should see something like this (notice the colored +ratings): + +![alternate version view](../assets/img/bookinfo-alternate-version.png) + +Let's observe some of the changes: + +* Added deployments (the last deployment is the one created for the dynamic environment - its name + contains the name of the dynamic environment): + + ✓ ~ ➤ kubectl get -n dynenv-tutorial deploy + NAME READY UP-TO-DATE AVAILABLE AGE + details 1/1 1 1 73m + details-worker 1/1 1 1 73m + productpage 1/1 1 1 73m + ratings 1/1 1 1 73m + reviews 1/1 1 1 73m + reviews-default-dynamicenv-sample 1/1 1 1 25m + +* Added destination rules (following the same naming convention as the deployments): + + ✓ ~ ➤ kubectl get -n dynenv-tutorial dr + NAME HOST AGE + details details 75m + productpage productpage 75m + ratings ratings 75m + reviews reviews 75m + reviews-default-dynamicenv-sample reviews 27m + +* We modified the relevant virtual service and added a route based on the configured match (skipped + part of the output). You can refer to the [reference documentation for virtual hosts][vh] for more + details on manipulating virtual services. + + ✓ ~ ➤ kubectl get -n dynenv-tutorial vs reviews -o yaml + apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + riskified.com/dynamic-environment: default/dynamicenv-sample + name: reviews + namespace: dynenv-tutorial + spec: + hosts: + - reviews + http: + - headers: + response: + set: + x-dynamic-env: reviews-default-dynamicenv-sample + match: + - headers: + end-user: + exact: jason + name: dynamic-environment-default-dynamicenv-sample-reviews-95c3950f70 + route: + - destination: + host: reviews + subset: default-dynamicenv-sample + - route: + - destination: + host: reviews + subset: shared + +Finally, you can delete the dynamic environment and verify that everything returns to its original +state. + +[bookinfo]: https://istio.io/v1.17/docs/examples/bookinfo/ + +d ]: ../advanced/technical-overview.md#how-virtual-services-are-handled \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/overview.md b/versioned_docs/version-0.2.0/overview.md new file mode 100644 index 0000000..dd58fca --- /dev/null +++ b/versioned_docs/version-0.2.0/overview.md @@ -0,0 +1,61 @@ +--- +sidebar_label: 'Overview' +sidebar_position: 1 +slug: / +--- + +# Overview + +DynamicEnv is an innovative Kubernetes operator created to empower developers by simplifying the +process of launching on-demand environments. This operator enables developers to efficiently deploy +different versions of specific services within a single Kubernetes cluster. + +This approach offers a cost-effective and streamlined solution for testing and development, as +opposed to the conventional method of setting up the entire architecture for each iteration. + +DynamicEnv harnesses the capabilities of [_Istio_][istio] to achieve this goal. + +Let's consider a service description: + +![Sample Service Graph](./assets/img/overview-sample.svg) + +This service consists of the following components: + +* Front-end +* Backend (deployment is named `my-namespace/backend`) +* Database + +Typically, regular traffic flows from the front-end to the backend and then to the database. + +When you need to test a new version of the backend, you can create a new manifest like this: + +```yaml +apiVersion: riskified.com/v1alpha1 +kind: DynamicEnv +metadata: + name: dynamicenv-sample +spec: + istioMatches: + - headers: + user: + exact: test-user + subsets: + - name: backend + namespace: my-namespace + containers: + - containerName: backend + image: backend-image:test-version +``` + +DynamicEnv triggers the deployment of an additional backend (referred to as the "Tested Version" in +the diagram) featuring the version that requires testing. It directs all incoming traffic with a +"user" header set to "test-user" toward this newly deployed backend. + +To enable testing, a test client can add a `user=test-user` header. If the front-end forwards this +header to the backend (note that this is the application's responsibility, not the operator's), the +request will be routed to the test backend [^1]. This ensures requests are directed to the +appropriate backend while maintaining connectivity with the upstream database. + +[^1]: Alternatively, send a request directly to the backend with the header `user=test-user`. + +[istio]: https://istio.io/ \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/references/_category_.json b/versioned_docs/version-0.2.0/references/_category_.json new file mode 100644 index 0000000..b2f653e --- /dev/null +++ b/versioned_docs/version-0.2.0/references/_category_.json @@ -0,0 +1,3 @@ +{ + "label": "References" +} \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/references/crd.md b/versioned_docs/version-0.2.0/references/crd.md new file mode 100644 index 0000000..8fd4ad7 --- /dev/null +++ b/versioned_docs/version-0.2.0/references/crd.md @@ -0,0 +1,218 @@ +# DynamicEnv CRD Reference + +## Packages +- [riskified.com/v1alpha1](#riskifiedcomv1alpha1) + + +## riskified.com/v1alpha1 + +Package v1alpha1 contains API Schema definitions for the riskified v1alpha1 API group + +### Resource Types +- [DynamicEnv](#dynamicenv) + + + +#### ConsumerStatus + + + + + +_Appears in:_ +- [DynamicEnvStatus](#dynamicenvstatus) + +| Field | Description | +| --- | --- | +| `name` _string_ | The name of the resource | +| `namespace` _string_ | The namespace where the resource is created | +| `status` _LifeCycleStatus_ | The life cycle status of the resource | +| `hash` _integer_ | Hash of the current consumer - for internal use | +| `errors` _[StatusError](#statuserror) array_ | List of errors related to the consumer | + + +#### ContainerOverrides + + + +Defines the details of the container on which changes need to be made and the relevant overrides + +_Appears in:_ +- [Subset](#subset) + +| Field | Description | +| --- | --- | +| `containerName` _string_ | Container name to override in multiple containers' environment. If not specified, we will use the first container. | +| `image` _string_ | Docker image name overridden to the desired subset The Docker image found in the original deployment is used if this is not provided. | +| `command` _string array_ | Entrypoint array overridden to the desired subset The docker image's ENTRYPOINT is used if this is not provided. | +| `env` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#envvar-v1-core) array_ | Additional environment variable to the given deployment | + + +#### DynamicEnv + + + +DynamicEnv is the Schema for the dynamicenvs API + + + +| Field | Description | +| --- | --- | +| `apiVersion` _string_ | `riskified.com/v1alpha1` | +| `kind` _string_ | `DynamicEnv` | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | +| `spec` _[DynamicEnvSpec](#dynamicenvspec)_ | | +| `status` _[DynamicEnvStatus](#dynamicenvstatus)_ | | + + +#### DynamicEnvSpec + + + +DynamicEnvSpec defines the desired state of DynamicEnv + +_Appears in:_ +- [DynamicEnv](#dynamicenv) + +| Field | Description | +| --- | --- | +| `istioMatches` _[IstioMatch](#istiomatch) array_ | A list of matchers (partly corresponds to IstioMatch). Each match will have a rule of its own (merged with existing rules) ordered by their order here. | +| `subsets` _[Subset](#subset) array_ | Who should participate in the given dynamic environment | +| `consumers` _[Subset](#subset) array_ | Consumers are like subsets but for deployments that do not open a service but connect to external resources for their work (e.g., offline workers). They are equivalent to subsets in the sense that they launch overriding deployments with custom image and/or settings. However, since they are only consumers, no virtual service or destination route will be pointing to them. | + + +#### DynamicEnvStatus + + + +DynamicEnvStatus defines the observed state of DynamicEnv + +_Appears in:_ +- [DynamicEnv](#dynamicenv) + +| Field | Description | +| --- | --- | +| `subsetsStatus` _object (keys:string, values:[SubsetStatus](#subsetstatus))_ | A detailed status of each subset | +| `consumersStatus` _object (keys:string, values:[ConsumerStatus](#consumerstatus))_ | A detailed status of each consumer | +| `state` _GlobalReadyStatus_ | | +| `totalCount` _integer_ | desired subsets and consumers count | +| `totalReady` _integer_ | number of available subsets and consumers | + + +#### IstioMatch + + + +specifies a set of criterion to be met in order for the rule to be applied to the HTTP request This field is immutable after creation. + +_Appears in:_ +- [DynamicEnvSpec](#dynamicenvspec) + +| Field | Description | +| --- | --- | +| `headers` _object (keys:string, values:[StringMatch](#stringmatch))_ | Header values are case-sensitive and formatted as follows:
- `exact: "value"` for exact string match
- `prefix: "value"` for prefix-based match
- `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). | +| `sourceLabels` _object (keys:string, values:string)_ | One or more labels that constrain the applicability of a rule to source (client) workloads with the given labels. | + + +#### ResourceStatus + + + +ResourceStatus shows the status of each item created/edited by DynamicEnv + +_Appears in:_ +- [ConsumerStatus](#consumerstatus) +- [SubsetStatus](#subsetstatus) + +| Field | Description | +| --- | --- | +| `name` _string_ | The name of the resource | +| `namespace` _string_ | The namespace where the resource is created | +| `status` _LifeCycleStatus_ | The life cycle status of the resource | + + +#### StatusError + + + +StatusError shows an error we want to display in the status with the last time it happened. This *does not* have to be the only time it happened. The idea is that a list of errors should only + contain a single occurrence of an error (just the last). + +_Appears in:_ +- [ConsumerStatus](#consumerstatus) +- [SubsetErrors](#subseterrors) + + + +#### StringMatch + + + +Describes how to match a given string in HTTP headers. Match is case-sensitive. one and only one of the fields needs to be defined (oneof) + +_Appears in:_ +- [IstioMatch](#istiomatch) + +| Field | Description | +| --- | --- | +| `exact` _string_ | | +| `prefix` _string_ | | +| `regex` _string_ | | + + +#### Subset + + + +Subsets define how to generate subsets from existing Deployments + +_Appears in:_ +- [DynamicEnvSpec](#dynamicenvspec) + +| Field | Description | +| --- | --- | +| `name` _string_ | Deployment name (without namespace) | +| `namespace` _string_ | Namespace where the deployment is deployed | +| `podLabels` _object (keys:string, values:string)_ | Labels to add to the pods of the deployment launched by this subset. Could be used in conjunction with 'SourceLabels' in the `IstioMatches`. | +| `replicas` _integer_ | Number of deployment replicas. Default is 1. Note: 0 is *invalid*. | +| `containers` _[ContainerOverrides](#containeroverrides) array_ | A list of container overrides (at least one of Containers or InitContainers must not be empty) | +| `initContainers` _[ContainerOverrides](#containeroverrides) array_ | A list of init container overrides (at least one of Containers or InitContainers must not be empty) | +| `defaultVersion` _string_ | Default version for this subset (if different then the global default version). This is the version that will get the default route. | + + +#### SubsetErrors + + + +SubsetErrors contains all global errors related to set subset. + +_Appears in:_ +- [SubsetStatus](#subsetstatus) + +| Field | Description | +| --- | --- | +| `deployment` _[StatusError](#statuserror) array_ | Subset's deployment global errors. | +| `destinationRule` _[StatusError](#statuserror) array_ | Subset's destination-rule global errors. | +| `virtualServices` _[StatusError](#statuserror) array_ | Subset's virtual-services global errors. | +| `subset` _[StatusError](#statuserror) array_ | Errors related to subset but not to any of the launched resources | + + + + +#### SubsetStatus + + + +SubsetStatus Contains aggregation of all resource status connected to set subset. + +_Appears in:_ +- [DynamicEnvStatus](#dynamicenvstatus) + +| Field | Description | +| --- | --- | +| `deployment` _[ResourceStatus](#resourcestatus)_ | Status of the deployment that belongs to the subset | +| `destinationRules` _[ResourceStatus](#resourcestatus) array_ | Status of the destination-rule that belongs to the subset | +| `virtualServices` _[ResourceStatus](#resourcestatus) array_ | Status of the virtual-service that belongs to the subset | +| `subsetErrors` _[SubsetErrors](#subseterrors)_ | A list of global errors related to subset resources | +| `hash` _integer_ | Hash of the current subset - for internal use | + diff --git a/versioned_docs/version-0.2.0/references/custom-settings.md b/versioned_docs/version-0.2.0/references/custom-settings.md new file mode 100644 index 0000000..373b94d --- /dev/null +++ b/versioned_docs/version-0.2.0/references/custom-settings.md @@ -0,0 +1,41 @@ +--- +sidebar_label: 'Custom Settings' +sidebar_position: 1 +--- + +# Custom Settings + +This page provides an overview of custom settings that can be applied to your manifest or Helm chart +before deploying. + +### _VersionLabel_ and _DefaultVersion_ + +To create a custom subset [_Destination Rule_][DR], it's essential to identify the *default* version +of the application. This identification is crucial for duplicating the appropriate _Destination +Rule_. This is achieved through two settings: + +* _VersionLabel_ - This label signifies the version of the application (default: `version`). It + should maintain consistency across all _deployments_ and _destination rules_. This setting can + only be configured globally. +* _DefaultVersion_ - This setting designates the value of the _VersionLabel_ that identifies the + **default version** (default: `shared`). It can be set individually for each subset when a global + default version is not applicable. Refer to the `defaultVersion` field in + the [subset documentation](./crd.md#subset) for details. + +### Labels to Remove (when creating overriding deployments) + +In scenarios where you are creating a custom version of a _Deployment_, there might be a need to +eliminate specific labels from the duplicated deployment. This could be a label used by third-party +tools (e.g., `argocd.argoproj.io/instance`) or any other label that could potentially interfere with +your workflow. + +This removal process is configurable on a global scale for the entire controller installation: + +* When deploying using _Kustomize_, you can customize the labels to remove by modifying + the `--remove-labels` flag (and the corresponding parameter). Additional labels can be added to + the list as needed. Detailed instructions are available on + the [installation page](../getting-started/installation.md#deployment-via-kustomize). +* When deploying via [Helm](../getting-started/installation.md#deploy-via-helm), you can specify + the `labelsToRemove` setting. + +[DR]: https://istio.io/latest/docs/reference/config/networking/destination-rule/ \ No newline at end of file diff --git a/versioned_docs/version-0.2.0/references/supported-versions.md b/versioned_docs/version-0.2.0/references/supported-versions.md new file mode 100644 index 0000000..d2e6290 --- /dev/null +++ b/versioned_docs/version-0.2.0/references/supported-versions.md @@ -0,0 +1,17 @@ +--- +sidebar_label: 'Supported Versions' +--- + +# Supported Versions + +_Dynamic Environment_ is currently tested against the following matrix of kubernetes / Istio +versions: + +| Kubernetes Version | Istio Version | +|--------------------|---------------| +| `v1.21.x` | `v1.12.2` | +| `v1.23.x` | `v1.14.6` | +| `v1.25.x` | `v1.16.2` | +| `v1.29.x` | `v1.20.0` | + +Any combination of these versions should work. diff --git a/versioned_sidebars/version-0.2.0-sidebars.json b/versioned_sidebars/version-0.2.0-sidebars.json new file mode 100644 index 0000000..caea0c0 --- /dev/null +++ b/versioned_sidebars/version-0.2.0-sidebars.json @@ -0,0 +1,8 @@ +{ + "tutorialSidebar": [ + { + "type": "autogenerated", + "dirName": "." + } + ] +} diff --git a/versions.json b/versions.json index 7b999c7..434e9e8 100644 --- a/versions.json +++ b/versions.json @@ -1,3 +1,4 @@ [ + "0.2.0", "0.1.0" ]