From 8de5879d75e7edefa71f2d4bd371e8ee5a42446c Mon Sep 17 00:00:00 2001 From: f41gh7 <18450869+f41gh7@users.noreply.github.com> Date: Mon, 4 Nov 2024 21:11:23 +0000 Subject: [PATCH] Automatic update operator docs from VictoriaMetrics/operator@3179fd0 Signed-off-by: Github Actions <133988544+victoriametrics-bot@users.noreply.github.com> --- docs/operator/CHANGELOG.md | 11 ++ docs/operator/api.md | 106 +++++++++++++++++- docs/operator/resources/vmcluster.md | 38 +++++++ .../resources/vmcluster_default_balancer.webp | Bin 0 -> 24268 bytes .../resources/vmcluster_with_balancer.webp | Bin 0 -> 36764 bytes docs/operator/vars.md | 2 +- 6 files changed, 155 insertions(+), 2 deletions(-) create mode 100644 docs/operator/resources/vmcluster_default_balancer.webp create mode 100644 docs/operator/resources/vmcluster_with_balancer.webp diff --git a/docs/operator/CHANGELOG.md b/docs/operator/CHANGELOG.md index d931e2ad8..8f330dc19 100644 --- a/docs/operator/CHANGELOG.md +++ b/docs/operator/CHANGELOG.md @@ -11,6 +11,17 @@ aliases: - /operator/changelog/index.html --- +## tip + +- [operator](https://docs.victoriametrics.com/operator/): properly apply `useStrictSecurity: true` to the `initContainers` for `VMAuth`, `VMAgent` and `VMAlertmanager`. See [this issue](https://github.com/VictoriaMetrics/operator/issues/1134) for details. +- [vmauth](https://docs.victoriametrics.com/operator/resources/vmauth): Moved `spec.configSecret` to `spec.externalConfig.secretRef.name` and added `spec.externalConfig.localPath` to be able to provide custom configs via sidecar. +- [vmcluster](https://docs.victoriametrics.com/operator/resources/vmcluster): adds `requestsLoadBalancer` configuration to the `VMCluster.spec`. See [this issue](https://github.com/VictoriaMetrics/operator/issues/1130) for details. +- [vmcluster](https://docs.victoriametrics.com/operator/resources/vmcluster): properly configure monitoring for `VMCluster` with enabled `backup`. +- [vmalertmanager](https://docs.victoriametrics.com/operator/resources/vmalertmanager): properly trigger reload when `ConfigMap` provided via `.spec.configMap` are changed. +- [operator](https://docs.victoriametrics.com/operator/): fixed operator reconcile on storage size change +- [operator](https://docs.victoriametrics.com/operator/): fixed converting AlertmanagerConfig to VMAlertmanagerConfig + + ## [v0.48.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.4) - 15 Oct 2024 - [api](https://docs.victoriametrics.com/operator/api): adds new fields `maxDiskUsagePerUrl` and`forceVMProto` to the `VMagent` `remoteWriteSpec` diff --git a/docs/operator/api.md b/docs/operator/api.md index 206db8363..01997ea17 100644 --- a/docs/operator/api.md +++ b/docs/operator/api.md @@ -78,6 +78,7 @@ _Appears in:_ - [VMAgentSpec](#vmagentspec) - [VMAlertSpec](#vmalertspec) - [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec) - [VMAuthSpec](#vmauthspec) - [VMInsert](#vminsert) - [VMSelect](#vmselect) @@ -352,6 +353,7 @@ _Appears in:_ - [VMAgentSpec](#vmagentspec) - [VMAlertSpec](#vmalertspec) - [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec) - [VMAuthSpec](#vmauthspec) - [VMInsert](#vminsert) - [VMSelect](#vmselect) @@ -426,6 +428,7 @@ _Appears in:_ - [VMAgentSpec](#vmagentspec) - [VMAlertSpec](#vmalertspec) - [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec) - [VMAuthSpec](#vmauthspec) - [VMInsert](#vminsert) - [VMSelect](#vmselect) @@ -727,6 +730,7 @@ _Appears in:_ - [VMAgentSpec](#vmagentspec) - [VMAlertSpec](#vmalertspec) - [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec) - [VMAuthSpec](#vmauthspec) - [VMInsert](#vminsert) - [VMSelect](#vmselect) @@ -770,6 +774,7 @@ _Appears in:_ - [VMAgentSpec](#vmagentspec) - [VMAlertSpec](#vmalertspec) - [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec) - [VMAuthSpec](#vmauthspec) - [VMInsert](#vminsert) - [VMSelect](#vmselect) @@ -797,6 +802,7 @@ _Appears in:_ - [VMAgentSpec](#vmagentspec) - [VMAlertSpec](#vmalertspec) - [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec) - [VMAuthSpec](#vmauthspec) - [VMInsert](#vminsert) - [VMSelect](#vmselect) @@ -931,6 +937,23 @@ _Appears in:_ | `vm_scrape_params` | VMScrapeParams defines VictoriaMetrics specific scrape parameters | _[VMScrapeParams](#vmscrapeparams)_ | false | +#### ExternalConfig + + + +ExternalConfig defines external source of configuration + + + +_Appears in:_ +- [VMAuthSpec](#vmauthspec) + +| Field | Description | Scheme | Required | +| --- | --- | --- | --- | +| `localPath` | LocalPath contains static path to a config, which is managed externally for cases
when using secrets is not applicable, e.g.: Vault sidecar. | _string_ | false | +| `secretRef` | SecretRef defines selector for externally managed secret which contains configuration | _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | false | + + #### FileSDConfig @@ -1068,6 +1091,7 @@ _Appears in:_ - [VMAgentSpec](#vmagentspec) - [VMAlertSpec](#vmalertspec) - [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec) - [VMAuthSpec](#vmauthspec) - [VMBackup](#vmbackup) - [VMInsert](#vminsert) @@ -1744,6 +1768,7 @@ _Appears in:_ - [VMAgentSpec](#vmagentspec) - [VMAlertSpec](#vmalertspec) - [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec) - [VMAuthSpec](#vmauthspec) - [VMInsert](#vminsert) - [VMSelect](#vmselect) @@ -3003,6 +3028,82 @@ VMAuth is the Schema for the vmauths API | `spec` | | _[VMAuthSpec](#vmauthspec)_ | true | +#### VMAuthLoadBalancer + + + +VMAuthLoadBalancer configures vmauth as a load balancer +for the requests + + + +_Appears in:_ +- [VMClusterSpec](#vmclusterspec) + +| Field | Description | Scheme | Required | +| --- | --- | --- | --- | +| `disableInsertBalancing` | | _boolean_ | true | +| `disableSelectBalancing` | | _boolean_ | true | +| `enabled` | | _boolean_ | true | +| `spec` | | _[VMAuthLoadBalancerSpec](#vmauthloadbalancerspec)_ | true | + + +#### VMAuthLoadBalancerSpec + + + +VMAuthLoadBalancerSpec defines configuration spec for VMAuth used as load-balancer +for VMCluster component + + + +_Appears in:_ +- [VMAuthLoadBalancer](#vmauthloadbalancer) + +| Field | Description | Scheme | Required | +| --- | --- | --- | --- | +| `affinity` | Affinity If specified, the pod's scheduling constraints. | _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#affinity-v1-core)_ | false | +| `configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/configs/CONFIGMAP_NAME folder | _string array_ | false | +| `containers` | Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false | +| `disableSelfServiceScrape` | DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable | _boolean_ | false | +| `dnsConfig` | Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false | +| `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false | +| `extraArgs` | ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false | +| `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false | +| `hostAliases` | HostAliases provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork. | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false | +| `hostNetwork` | HostNetwork controls whether the pod may use the node network namespace | _boolean_ | false | +| `host_aliases` | HostAliasesUnderScore provides mapping for ip and hostname,
that would be propagated to pod,
cannot be used with HostNetwork.
Has Priority over hostAliases field | _[HostAlias](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostalias-v1-core) array_ | false | +| `image` | Image - docker image settings
if no specified operator uses default version from operator config | _[Image](#image)_ | false | +| `imagePullSecrets` | ImagePullSecrets An optional list of references to secrets in the same namespace
to use for pulling images from registries
see https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod | _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | false | +| `initContainers` | InitContainers allows adding initContainers to the pod definition.
Any errors during the execution of an initContainer will lead to a restart of the Pod.
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false | +| `logFormat` | LogFormat for vmauth
default or json | _string_ | false | +| `logLevel` | LogLevel for vmauth container. | _string_ | false | +| `minReadySeconds` | MinReadySeconds defines a minim number os seconds to wait before starting update next pod
if previous in healthy state
Has no effect for VLogs and VMSingle | _integer_ | false | +| `nodeSelector` | NodeSelector Define which Nodes the Pods are scheduled on. | _object (keys:string, values:string)_ | false | +| `paused` | Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions. | _boolean_ | false | +| `podDisruptionBudget` | PodDisruptionBudget created by operator | _[EmbeddedPodDisruptionBudgetSpec](#embeddedpoddisruptionbudgetspec)_ | false | +| `podMetadata` | Common params for scheduling
PodMetadata configures Labels and Annotations which are propagated to the vmauth lb pods. | _[EmbeddedObjectMetadata](#embeddedobjectmetadata)_ | true | +| `port` | Port listen address | _string_ | false | +| `priorityClassName` | PriorityClassName class assigned to the Pods | _string_ | false | +| `readinessGates` | ReadinessGates defines pod readiness gates | _[PodReadinessGate](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podreadinessgate-v1-core) array_ | true | +| `replicaCount` | ReplicaCount is the expected size of the Application. | _integer_ | false | +| `resources` | Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false | +| `revisionHistoryLimitCount` | The number of old ReplicaSets to retain to allow rollback in deployment or
maximum number of revisions that will be maintained in the Deployment revision history.
Has no effect at StatefulSets
Defaults to 10. | _integer_ | false | +| `runtimeClassName` | RuntimeClassName - defines runtime class for kubernetes pod.
https://kubernetes.io/docs/concepts/containers/runtime-class/ | _string_ | false | +| `schedulerName` | SchedulerName - defines kubernetes scheduler name | _string_ | false | +| `secrets` | Secrets is a list of Secrets in the same namespace as the Application
object, which shall be mounted into the Application container
at /etc/vm/secrets/SECRET_NAME folder | _string array_ | false | +| `securityContext` | SecurityContext holds pod-level security attributes and common container settings.
This defaults to the default PodSecurityContext. | _[SecurityContext](#securitycontext)_ | false | +| `serviceScrapeSpec` | ServiceScrapeSpec that will be added to vmauthlb VMServiceScrape spec | _[VMServiceScrapeSpec](#vmservicescrapespec)_ | false | +| `serviceSpec` | AdditionalServiceSpec defines service override configuration for vmauth lb deployment
it'll be only applied to vmclusterlb- service | _[AdditionalServiceSpec](#additionalservicespec)_ | true | +| `terminationGracePeriodSeconds` | TerminationGracePeriodSeconds period for container graceful termination | _integer_ | false | +| `tolerations` | Tolerations If specified, the pod's tolerations. | _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#toleration-v1-core) array_ | false | +| `topologySpreadConstraints` | TopologySpreadConstraints embedded kubernetes pod configuration option,
controls how pods are spread across your cluster among failure-domains
such as regions, zones, nodes, and other user-defined topology domains
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#topologyspreadconstraint-v1-core) array_ | false | +| `useDefaultResources` | UseDefaultResources controls resource settings
By default, operator sets built-in resource requirements | _boolean_ | false | +| `useStrictSecurity` | UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions | _boolean_ | false | +| `volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts on the output Deployment/StatefulSet definition.
VolumeMounts specified will be appended to other VolumeMounts in the Application container | _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | false | +| `volumes` | Volumes allows configuration of additional volumes on the output Deployment/StatefulSet definition.
Volumes specified will be appended to other volumes that are generated.
/ +optional | _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | true | + + #### VMAuthSpec @@ -3021,7 +3122,7 @@ _Appears in:_ | `configReloaderExtraArgs` | ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader container
for example resyncInterval: "30s" | _object (keys:string, values:string)_ | false | | `configReloaderImageTag` | ConfigReloaderImageTag defines image:tag for config-reloader container | _string_ | false | | `configReloaderResources` | ConfigReloaderResources config-reloader container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
if not defined default resources from operator config will be used | _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | false | -| `configSecret` | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the
VMAuth object, which contains auth configuration for vmauth,
configuration must be inside secret key: config.yaml.
It must be created and managed manually.
If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders | _string_ | false | +| `configSecret` | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the
VMAuth object, which contains auth configuration for vmauth,
configuration must be inside secret key: config.yaml.
It must be created and managed manually.
If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders
Deprecated, use externalConfig.secretRef instead | _string_ | true | | `containers` | Containers property allows to inject additions sidecars or to patch existing containers.
It can be useful for proxies, backup, etc. | _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#container-v1-core) array_ | false | | `default_url` | DefaultURLs backend url for non-matching paths filter
usually used for default backend with error message | _string array_ | true | | `disableSelfServiceScrape` | DisableSelfServiceScrape controls creation of VMServiceScrape by operator
for the application.
Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable | _boolean_ | false | @@ -3029,6 +3130,7 @@ _Appears in:_ | `dnsConfig` | Specifies the DNS parameters of a pod.
Parameters specified here will be merged to the generated DNS
configuration based on DNSPolicy. | _[PodDNSConfig](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#poddnsconfig-v1-core)_ | false | | `dnsPolicy` | DNSPolicy sets DNS policy for the pod | _[DNSPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#dnspolicy-v1-core)_ | false | | `drop_src_path_prefix_parts` | DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend.
See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. | _integer_ | false | +| `externalConfig` | ExternalConfig defines a source of external VMAuth configuration.
If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders | _[ExternalConfig](#externalconfig)_ | false | | `extraArgs` | ExtraArgs that will be passed to the application container
for example remoteWrite.tmpDataPath: /tmp | _object (keys:string, values:string)_ | false | | `extraEnvs` | ExtraEnvs that will be passed to the application container | _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | false | | `headers` | Headers represent additional http headers, that vmauth uses
in form of ["header_key: header_value"]
multiple values for header key:
["header_key: value1,value2"]
it's available since 1.68.0 version of vmauth | _string array_ | false | @@ -3157,6 +3259,7 @@ _Appears in:_ | `license` | License allows to configure license key to be used for enterprise features.
Using license key is supported starting from VictoriaMetrics v1.94.0.
See [here](https://docs.victoriametrics.com/enterprise) | _[License](#license)_ | false | | `paused` | Paused If set to true all actions on the underlying managed objects are not
going to be performed, except for delete actions. | _boolean_ | false | | `replicationFactor` | ReplicationFactor defines how many copies of data make among
distinct storage nodes | _integer_ | false | +| `requestsLoadBalancer` | RequestsLoadBalancer configures load-balancing for vminsert and vmselect requests
it helps to evenly spread load across pods
usually it's not possible with kubernetes TCP based service | _[VMAuthLoadBalancer](#vmauthloadbalancer)_ | true | | `retentionPeriod` | RetentionPeriod for the stored metrics
Note VictoriaMetrics has data/ and indexdb/ folders
metrics from data/ removed eventually as soon as partition leaves retention period
reverse index data at indexdb rotates once at the half of configured
[retention period](https://docs.victoriametrics.com/Single-server-VictoriaMetrics/#retention) | _string_ | true | | `serviceAccountName` | ServiceAccountName is the name of the ServiceAccount to use to run the
VMSelect, VMStorage and VMInsert Pods. | _string_ | false | | `useStrictSecurity` | UseStrictSecurity enables strict security mode for component
it restricts disk writes access
uses non-root user out of the box
drops not needed security permissions | _boolean_ | false | @@ -3704,6 +3807,7 @@ _Appears in:_ - [VMAgentSpec](#vmagentspec) - [VMAlertSpec](#vmalertspec) - [VMAlertmanagerSpec](#vmalertmanagerspec) +- [VMAuthLoadBalancerSpec](#vmauthloadbalancerspec) - [VMAuthSpec](#vmauthspec) - [VMInsert](#vminsert) - [VMSelect](#vmselect) diff --git a/docs/operator/resources/vmcluster.md b/docs/operator/resources/vmcluster.md index fe3c0bba6..09e0a1788 100644 --- a/docs/operator/resources/vmcluster.md +++ b/docs/operator/resources/vmcluster.md @@ -43,6 +43,44 @@ see [Extra arguments section](./#extra-arguments). Also, you can check out the [examples](#examples) section. +## Requests Load-Balancing + + Operator provides enhanced load-balancing mechanism for `vminsert` and `vmselect` clients. By default, operator uses built-in Kubernetes [service]() with `clusterIP` type for clients connection. It's good solution for short lived connections. But it acts poorly with long-lived TCP sessions and leads to the uneven resources utilisation for `vmselect` and `vminsert` components. + + Consider the following example: + +![CR](vmcluster_default_balancer.webp) + + In this case clients could establish multiple connections to the same `pod` via `service`. And client requests will be served only by subset of `pods`. + + Operator allows to tweak this behaviour with enabled `requestsLoadbalacing`: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: with-balanacer +spec: + retentionPeriod: "4" + replicationFactor: 1 + requestsLoadBalancer: + enabled: true + spec: + replicaCount: 2 +``` + + Operator will deploy `VMAuth` deployment with 2 replicas. And update vminsert and vmselect services to point to `vmauth`. + In addition, operator will create 3 additional services with the following pattern: + +- vminsertinternal-CLUSTER_NAME - needed for vmselect pod discovery +- vmselectinternal-CLUSTER_NAME - needed for vminsert pod discovery +- vmclusterlb-CLUSTER_NAME - needed for metrics collection and exposing `vmselect` and `vminsert` components via `VMAuth` balancer. + + Network scheme with load-balancing: + ![CR](vmcluster_with_balancer.webp) + + Operator allows to customise load-balancing configuration with `requestsLoadBalancer.Spec` settings. + ## High availability The cluster version provides a full set of high availability features - metrics replication, node failover, horizontal scaling. diff --git a/docs/operator/resources/vmcluster_default_balancer.webp b/docs/operator/resources/vmcluster_default_balancer.webp new file mode 100644 index 0000000000000000000000000000000000000000..7b57688f006dbd5a1e3091a6be1540b9793a2dda GIT binary patch literal 24268 zcmeFXWl&w)+P1lH*Wm8%uE8CGyIXK~cXxM(puvKZ;O-DKKyY^g!J!vq?{m&R@7wiN z_rI=cex#U5)|_LF@yLB&&s35U7w^*p0Mx~V71R{Ch+2TZ+i!#CfY5w^&c~5~4fb}>N43&=v6jKNl*;DoN`EKoJUyXlnh9L-h1kFo4d%3`-%asLp z6-V~Ts>GZWLQhahI6R6=Rjqa84~<|QIl+tzRoz5;?-sQDWWxX6T9iAQXl^lfUJwqM z8NI}-r25xCLPD%*4Ygv^C|cQvKYu8gZ_^{nCE&X3j`;86Fhn^pp5b%YioxbL1wE}h1T655zpIz>+?_PkI_dsCQIu3iwEU#2yy7Ry0|BXf`5E8;xR~BsRO@M- zG3fi}$%7=)EBpwZ2y4jYH+3~}tNQ_NGSf30KQX>^sMrwI$f>hhnf zKuMWeh6OIK3BC4ni1nw`ANi>2yMRoy&q@9YN=5Z1=tc307(3>~hzmc6Pu!9tz-XzY z*uJ)NXUY1r$GD!@zMzbpDcRJQ6>H4lHT%3R{B`3!!SIe!OukX@MKziI#G6O28T~8f zNq<=w{{4M{U*5{l$YI>^-}~(lm$tyQH7K9@UulAJ>w)fMoKNhEXuQM@c%x|J-Zfg2dHD zfT5`U?;QtTfCtv|DS)xWC0@k`SiuavFmLkum0(66Z{=rhFaM8v0g^=b&*%b%n(eMI zba|J;c+&I+?Jbt;wJ&dUD7-F~wo)r>b3hcGr%{3%dS#v726I7yJzom$VdBvBk#sE{ zld155vB_CfwVX?4S^Gzyjd4S*$GSgH1o2?LOMFcNX3>le1Zv;X+L^$&=VqQf^6Y2V z9e6L^1Bq?FH&WM?{^-32~Jgcq%Rfb`-pfp&h?>_F1+ID8q+3OS{JP)4+NWM{<&J6UH9$uLOsFfoGTXc;XjFe6P7< zU!5y{@xk5C$BPwy5wCIHYu4Zd%cmtPqeTcTWaUtY`?_fA(ghgq~hsH3I|g?)!Y&YVBes;_lt@m zD+MP2m4k26^8hW8_}b)(@zDenhHrFek@7h9nJ0o*um1-k*agImIPQhmGEZky{5A4zY8c+N`Q#*kW+sxzWf^WDdHqZk5)-BGr50(vO}DDe%581U78w z$G^UG&aDZp;YAL;1TypcL2(c-s$GcJs_mG$uHO00&jt(frm;UR11~kE+61F|gT0;n zz!d8BI7~Jb)E1@ghA!+@$KPK4hdvbD=0uL7H2c71_(lYbx|bbkJZ;$GS%AbKDz9bIiPXOBS4%NqqWoRJ!M$~C$5b9J z7N#VPpfVE$l1B=`!AdIF8BI5i5~A`yDAG`9uXO3-SzvEguMC6wd64{8TYGQ)ORVF*fZ6 zdzZW>9h7Is5_kmuiDk`02PdA6` zkHHY^*AI;=GKv1wSA^275X80Q#2)aW%fDc!J++3?xS6vvYr?dZjiD(HQOT93Diqwh zVi8atP*rhHcYADndBV%mB$@jo!azn^w*hG?axu=H189 z+oFtn-IpM_G7qwY0@64;nQ3u*n>E=ZB7@TGyKrIzO(sAnk7yB zp(h&-MYk1uJ3QN?$TKXIZrK^12;!63^gVe;w9`(0+{b^p0%?2Z=2ArkmnIBb*i$ae zXm!j-7JU%+eJIvt!$to_cA2h7UGn2&3sA}mo>s42$UR0t0bMwW37pcSH*+14HUKvTg<=p3`*2( z%LL6Qr^sUj*DY13``$&Pp*>=(@DK8=Jb*Hyuym%vebM@e*4PWVVaW1FSK}A`XPXPi zeG}*HOSiAm8BJ#xSlabcr9o=saT+R5hkqoY!@es-s5U=rE2k&;QkK~6A+O#WWdi`S zadUUY&l@o{1lVs_npZOcMK7%(rMFb!mZ%?kZMAbc^Xt;hl1zYWWzl&oebpR)>Zu|m z1&ng{PJV?(eh9?pks6VM@Z~m@2)?_k*lew6l7V;k=W7S-E|(FR;0B^=@)Fg~X}kFG z*wWi91gl?oHo=rJ-L^W--qZVfYqe_#NSF`&N1)L%ynP*)@OAgs1%Z#eYOQ3-Q=P;} zUq78q`s0^hG??WIBm~tY(Z}|vbM~dC27?yF51n69o1bb}+~9gs)4c-n6&mw%%ekxk zTCaF>G&&!_BPL?lI4c19!elS0Rq@Kb?#MLstHK<7=H?y>QV+UMZ-UPkXo{-kTk_6c zh~dgjL9Gs+QZ$4Eb@w(oErRTAm> zmxnxaxfiY{eMYvyIzWF_Hd24)CsNR%{?dGER)Pnnu6_!Bex~nF<7{hlz$il{0IUGC z`Vz0Ev07Q`_%&9n%A{U%C3%K<=cmq_v~o)wo5ZU^({cJRqe?C>JuM;1;j-Y==Ee~R@FGS4Wg0pTH45m zl8?33KkCierX0tVHLtp&qdzW-vxHv%hJhw}=}qz5_!^mRkCT=OsUI|J=1LIOp_F3 z+`$HuJ0Eeh4eD#lDv7|pu@+eS~VY}ub-f*ZASa2RTxf2f+LJdNV5}keqYY{ec)gJ z5p7ocuV)2}SN@a%;BM(VfW#MwDliu?lGYVJ(|fj56P%1uz zG)2KrWWP_mO21@yBLvuQJ$v+9-s}G=S8gGO5?TCo^?=Ll3Lz4Cu^=&6llBHp-oK}S z5N#IOe!Jj8WDTL@6j{sFv#9_glvi+qb|QCaij4YX8WrT3+i_-p58Q@7k_vY84N>45 zaS^=w%6a(l(fEsFvX2ol%L-#_gBwCC4L%QLk?}y;*$4)ne2OCuBpRh}ZXEjQEwtsn z1rpW%H|h8X_IPc*z?+j0y_)O)|5N|}Zv30q#Qq;*BVL_AcVfkw^r`Rf=mx^V5Yc8) zR5Gc+2*$UzC;TcrOhn&&IAQT?;te;~ioWX6zCfD?0MyWx_hXZi>Htrxmf+3I#RV;Q z7WpZ}U|(19hPk)58Egaw#NdE^@$SAop3FM84%|Dz_G}vRHbT-=IChaCHws5zm5NvE zXFT-AI1J3*GKS%|FAcD;_$NTv5E&}+R-OL~&qnWr!;70|Wmq?Eu>*VL5k}479c(3! z(h9o{@>l?2$U?jy-Cdft5{cdz`B4##+*d#2}dTZVN8XcnUr zGATF|?91+qz`(_QBXtw6>Vw|6>(!gS+hNNc*#hc2=!`>@6kxsm!{~J6A1zYzU+eGN z^~%spU~=al++p!5I2>(`Q6R!%`D{2@1keIs`N3cG)ZyfSq4Q;PkEHVlt;9Kh?#sHS=>dwkvXCGp@Z+_AjtzVJPs0+R2F4GYNS?{?Ti5stt|~m1 zk?2~Itw3Qy#bE_8>;y4^HDaF}tQA;>&T^uIyvbnJVIbJO%3$zS2CmIK?EQZnCooJ3 z?i55_MG?01)6jt5XnaMn+Fy${`d_>e`z>m#`>W1??IJiVBtUreo6}pE{Q=3BXAE4G zUE|X72gd;CnqpnJb>De=i$bViVK*~R6~SF%rBy@glDh6K6^WaukXENdWTn8r;ne?e zwMw(Bnb|P$?|KIbG~Q%+{6EDWq45;~v7ggh zM*Rt0pl(gGp`<a?X$6WM=ri;x!4GBSLE-1CL0fSNQ^e6CKhRjx-EG8B@w4NA zQ0y;~_I zdyFu8zhv2bcvAqdX#L?;3)62NEqTW4HRv=*%*w=7UNZ*%>(-0W7}ddi6Tk3Jc2WNw ztqW}mIfXgmAH=f=c0kpI>v!qOWg1;&VSZb7u6PiwqXQx05+mDU@*@HE>pT8>{Z2zZ z!#$>jr|qiEm$c^PW4XTFPl~BPacb51CV%7p5!sQZQ4blw`UMMTsNy1a{4D%9qiTxP zDi}GnP3ZBV9YY;IW~Ga2$V;wN@IoH{TAbR132VJK?EAvGWg9eH^EdeG^mqaIP;D?e z0;NJHegrBSod3lx)QV0jL<5B+%-3(VWxDe(__vRBSUX%E54BIw+%`CgUUdFC%e6(% zvoRZI!Hvm$WLCc7mHQ5`vmu6pU>e8qe#FlR&BbFrjMBbd$)OZxGl$ zg<3Jsge~7rDv6?ITR!I=qDi<8>v+M{%N70b{jVDJ z@8}4UOwe50S>Ryh#cIhP+aENOmM8tg^QzH^kmf^*ZhNpS^dP>8M3kod5?>>|wztgZ z*MZjLfxH8RDju+zhUEd}*`8DoDu`1-m$!Ae2X0RdZ?!iVcy{O)1Gg8uzf}0ZcPG*d zN$U4Aqzct#Mnzn2V;Ou3CX}sAf6#&&lqyC@M$n%!vc#>oZe$WVVu0PCRhmKK)AV_s z)augbZk2YI4rn1f_iglGaDV+ZHv45PiV--q{7=m0gbol9I$7lVYw_ZE8aBvV>x7GW_BB;I0{^AmB#zL|A)!f_Rpj)Bdx~iRkRy6CKb~a>rd;)6$1uA35I*IP8z;Hchwsg}I zDzN2n6x6b+VzT_1Bf1fWjRuI~I|P2q<4&<>cL|=ZUgS+wn>L<`xIq0`6&(_ZBa!UX z$>Yh3<%ngt|G6vc)5x+_Yd)t3QR#ucKQEu>mbXcvlof&G=y@}x@g{w15%zDlI0NxdKIKG_b0duxw`)8&eMsGiYw7~)Q`<1 zd=kvNr(1)%|qUxRnV-LPNhsDbBeVzmQ{YP|s9z}CbMvPEJF#v2|oIA#`4=-v9C%xUU(aEXMWk#AOtlJ(BAJV$iv9VkZJqrtN)jPw%Q1~&^Fnfon->56Ecm9fIU zEA4r4l+g^Xg})dgh>;J$!Pfte!%%M^76+`ePk}FC$;GtLC9UmA=5Z!xp_$UZPKr5Jw;-0=5Vnm z5jq(z%$9ZMFe=tCU1$oLH(h=Cf+VSV)7n|Ry5p8X&VRAQE|qbTf62>djy z$J$AX(O1Ty1p?kaCgJ`$dBrIVi!%mHsfPQ{XBeGq zqAmE}ejL~XUsctcV$61972FoCn>8fh{A5_P+DxV!4{Nn`zbWWwtw&<) zk0)lYSA7pT&&D8KGW1CFA&xIG1K9^BR8(kT8o+K-6}vMZH6Sgsq6(h)Wxr(Uzo-#V z+!k-O0>>h{gMUkGyh&nSY7!j&PQsE+bnh;!JBx?^*$*jNIj$$TE*gH& zrT~JX{s8K~X8*8mqizEPB6Gv}Y4>hEuS z3P*d90``xYIDwCTi`_VRJ%1A@svNziY2YHH3f8%%*AQRwt|rdiOgO}X;Yq&1Sl&%9 zpqL^35`~)<7+QaZdFW|>y(=*UJlqh2h};6~`2Un-#ozEIDFFjwnlu}`GL)vr&}@aS zLoF@DvA~`92f_gMtk-yZYyLyr|0xLdLgkM3nAp{b zjU~UmE&#LPNmGFH-%Rrj)NRFqbN`mjqJjJmiy?K-cYh%qOc@bG8;&97&Fx1-?|Y7b z;Rl%|y&lR9q*j0M|6f$rVJkis2(V+&=rJk?Goaq0>n|TCGu?TiO4#R1C_xdtfJ;QTc0O zezfP+Kg^woW!T;M)t`4F)YhYym@WoW;om+D_BP`N7M2wOSD9%D+DOTFVHDaG=RlG7 zT5bN?hf|`u*JuX12r)B>B?Gnp!N-8J5mSe)*xm?p2?FEK)D>3=f8oD31_0c;zp=d` zuvUwE2n@_iE^(mOcD*51|Gxk!5dD$@iAEZSO#Uc2!)Kb{u4n=5p2QaKt;Ua19{3aJ zsH;c`D;tXRQ+IzZ;-Xgsr}KG^SY-YnKy*Z9$hBXpDSYXksKDvK(Vtfb{`dl*AM@OM zO+%U75n+E4R>>PW!Xh?V>%WG*(FxhLQxOq>iA=s(@mFOe2zY)v2nYNxKUHy_?<8ZS zi`7`XmTvWB(3ng67|tAUKFH8ai;f(Y*FCk>kc-C|%!YT`to->qKEm{- zKU|`{aNcju2ByxkF6J?Ccx(M={Ab!<@NhW#Y)8G@fdfkdfd$J{Hl)wm2dmj3rfpDQ zO)7gzKYRm09w{<8<@NO%MoH&e99O&CJB4?L0yOQjC4-=vNOV&b;Y5s&YnD4h_K(S+ z;A3=-O#@0{7yw{V@|-OZ{-L6l9h+v@v+b$ncZO{&fXvNu*w%Yv#mga|$#vki@RW53 z*O)ihqC3yeGaOh<0l>*{C<{K1H_Uu#dj#EMP2-u;+xy`U5Cqc{Mo0_!ja4LIB92?+ zE(qvQLG2LEZxf{$jadf}kT&DaS=7`W#_D+k?+RY>jR*jM+yjS?vy~-C=li(_i|!9H z5lMJNN$X0a2NeC?E$J0HEFr4(hcV!|Ad==fY)@aG>!n z@lXm=JeW(1^R`gr=Q(lqPy#uLsO+wJMgS?-tjrg*(Y|trdTNES?RBU3Pc&AV5D{_-o%kET1Ca$C{)Q7%A!xCjZr{K;D@ykPQuBoHJvE1INsWd)V}It=*uCx zB}CYH0pIu#rhSuQ1IWdVTL-Uom%VeTk>6MT{?*HCm~7X59CebiyqF5jzHbvO0}u~VpY z3^T@Cr9h>CgwtFa&N8w)v@QF$!BJn)C4x*y`UEOqD){nRrQ|_HjbFo!o^|cYOw(yu z84oqmbYD)*KA!O=F)@+}7zuJ%_#QN{Tg18ku$Dfq@A7%QluebRV;>m6odUkr2k21( zwB2basCurw&GGc1CtVbM>@+$l%9<}MJ(2M^___d?dqO0bTvyl^`_H`VU+~4DkBcY< z&YrO`i|atWRM$~lwPrfykyW61hlTh%sueCS6^tC3N%DDwZ*BQo0AQ=aO&`1T4BU|9 z%2i$4z7&4a_an(ocp8w{nkXEWivpKXBPSDbEEhcbg;^q$pWgA)yN8S&Ay&;u%^-Zp zAM&AtCW!V9#Sb`QCj#U7X?4>A1*i+eDNMWXKM9|kJ$NL6Y?rMw3@k!d2$&;S6UJ)U z)cC$76Py$$LTVu4bdN96tu}PZknp5+MQh%*zQQap`%_0%k~cP)JumN)%eIL%-t zNY!&#W9E*G~seXraT@^p~lTn+juV%C|TbS_QpV2Z2;uZ2n zoZnYJe6b7Jg~%f5)&qbrA&vM($jvMh8YOM@i%=sh%!IR`+B7VKwbF3y)WQ-IVd{!c zXIh`nDJG1oRS%K!e{YTb6sRPDLhI3Uiz-ZhpG~)-@>I#92=2~+OL`PW zW-@=xPBq#ntKIio{l&w)n^XJY*7)b<9QP2iBu8;8RDH7U4^J(@pht;>l)&xA2yWZY znppaVW*>cg%GY2RItqEe<@$Zi2=scgNmjb}lHOwxHyh(LFN#Xv){V^kbCP$E%9!sd zNhKL`i}mFCj*$J{_>3gTg3iwe#9upMf-9x>aNL+ddo}uHjyRBpZ865iFQzt#UKSp%a)`+P$`3W|2!$X@9=m4tjsz2 z*%;8&j#=2kPV-pX=7ZJ&M)+u#;T~eS#VHVYzW;J?1*ka%5@y^BDAB3;ecbLj8}urX z6hZ*!y{R)jQSk@KM=^ys*1pUo9bR|xZ(Zb{GKa&kV81uVHb0pQ8g(-Mcv(lBIDE)!gmPdx9g-#fh*{+oN-;6O;4QmSPw%|wd_+l1%DwxdraGHiGEWrjL#HCUO&IOa!+ur44vcSe3C@hV<_gl z+t#XEqg-jZny$t%h(xPxy*EnDty3{ z{Jg45@O~iR)s2f&5^0SLY&$b^U2QNIyE6dH+2-_5rQ)LM=ZkAlZ?zYOngYq4H2; z(v-BL`FYD}XfTRHLHxJM5HpI1_ZSSIV14Mc{Boln_UUPds@Y!jn?L%md({gxN0_oF zaf|!}0mxJgqZQPus!XHdai~b%9Z}wv_?W)m@~V=TKNN76-0$iwmS&U^cQNa67%Rz0 zh}fay#`}0BaWeqnISuTc&bLG8UZWumz@cmBk$nQ+tR>}m6Xcmm-eX9yu}aa zPW9}FH&vG6X#+GQ^WPgg1EAPGLg37F&OIqwkfBA}&Y1Wv$nHTSFS}hwwMlWk5ai!f z2@R*jjPJAQ7l$X-gMkUs{mjor7Mdk)#2g`}PWEbb0`c@X`S`d`)C~SE{?v5_k~A^v zvWv)h%OJx*qahF19{?qvPWt7Y{S3NGl)0oO-+1e7?y6+6(p8kjr~u2lija33#yHp2 zp4hR?kYbvV+q*;CxRZEi+!468Gdp5zULhU2k#(q1DDh@Xf70qnS&k63OFfh>0l@Br34gDs1&4;xm%Bx>QWXA^dZHjXZ86K zH?JaCUzSJxK1~=|xl6|4m?*v;_#OnBJAAwqGN&~3O9h`qo6Rj?S3xZs^$hF>glTcq z!v{A3rQ$3nj$W2p(T7_fe&xdwa0Ui#W)Dl}Yi<}DJs7M6|BrKFGYCyzF8Qg(e^x>B z5Ew89UgHMuGvGH1sK=NgCnw++h>xiy86mF_l zV<>g;F|!SV2Z+D6yC6tds>Jj!FoT&6G^=JKkB)V2X*|zP&{SK6T;yMvEZvkwqi`)J z&z3GE0*LC%Rmop6@$nMO0>9`+ek~E}g7X6jER;N^*!|&{kr%(x#m7SW0w7Bid~)*M zR6kK2Necvn4Ed(cxbf8r&X6JQL7pGoZWr!=EzxB+be`mfEYGsnSf2Yx&575#4O2E7Ym{w*I^fg7T)5s9`goY{|}`n_Zd)m9MKS=Ae>HiZnL67@$cZFK0qF*TZv&EBL-Fwa6*gj5{;l4FH>2Ym zSarW^xnMb5L1N+zF?zzWqKXEIw~^uzrf|0o<}&f;8&WhDtO@}f+20~OCSkCHDKN{7 zD2?4v(Q8TpJ+3pxx)-t{AxeY8!sSwe;N?Ctg2H?F*1 zqiGu4LY(DUO*3PsaW3a(LeYe}qwa2Z_?F-jarHg?xKc1+=1Xwaxyx-+xt0EzMFFRD z_K~Gg;7@rd$#dbSs>)s(hyR5=6+_V z14tT7a=)qa=?O92bG5*-eLt=4-zUX|Ivx&TAlwT2LtpTu0+`MY?HE`xa-%NQ+DGE) z8M4~Qza$f*nLf|1Mts94YSkA0U`{WLmAkMp;P?@B_(&GP7CG%3a@LnS(;R^n$+`q0 zMzZuhwlH+`wRh2L21i<_sYKrdP|GWq#W3vqb z55`@T#~xN-ZgrsYd8h5L+CE##=Z>+E3y(%%X(sMCP`hSUr|5F?#BH!W=}Z!brxms* zK9PfSe`k4cE|u3ZN3SoFXS@DF5K21^5vBwq!N@_eyMaXi;q+arI8&Nb!{`^6Z!#i+ zn*;ciT3RGNML3@&m-J_-&hiS^ro5NH%4f8^kV2<&@&GlJknd!17QsJ+K#R%h4+qbY z1d{9(Q2gd(3d^h7HdVC6%S#54xeW}dE#DX+R=7TqMzDa0}SX zzC`h5Zc=R5T)9^#r7b=_Th+CZm&`?5MvSgGRE#|xSRAOY>U@rZw`6qRclpTo;OOZ@ zmFj3y0#)IenahH-NFnrdyQgCj^1FEjv}2;ziTX2YvUtab8^F!#9f&{4R};ew_wD!r zgR-A+v|4Kws_i6#YQ>h{sx2c5n?79L3bB^-(dO)$EqaFd!1Fl=zaocwHC7UaF1D%j&KEr?@{(UDg|V_QF9DT0dpPvMuR+FU8A{%^W;ufy2D z;P@D}sczWjQyA?60*GCZ7TiWwo|)Z93Yl+82?oD#?dPvnBW_&E(t_Q|JCi7vY$J-j z;6m^9g+HFd-Epl{r1F=pXj>SNDsolrQ^YS4@XkEWP7z_iCoRQI30Z;S__j1@%0Xip zWHbA`;EyqwwEA7wHLlq-H@eB71rmnilY3s9!uanj(x?U3;fXS~-$YZ*e^i`e`)R`9 zT~%gmQnyPLWZOy>STgTWEeMCd@e+pKM^{w0yQJXSl+9}0tvPChm*a$a&KO=Zt+zJk zC4nmtLws?a??^BlfCzw)`JEMqfVi+r4DusPJ-KWOWaqHqk_Z|E50y_saC;%F83Y;D zAtp3S-;HKDA?TtUtKAry3L^F?r^UJdu(*d~-}*;sht2HbElwGQQVt4Yd$)8~$3?ct z0^}}ZnH<6GSgQUdeU}Rfb@7P#_Xw-Wk4tkFVD_Il%!DAr9jMs zub5B9*`ev#h#O$pF8X_&<|!? z3Atd(XKb-#L7P*d){=G$FUg0f^|boEhoYT3@Et=MA+YYvYj;ldUkqk%IvG4J7E(UVi3Ry#c}G%sD-(9} z8GQj#pNUb%_-F7i(e}0#miFd5@GD%S-V%03+7j^E-y1)~CJ)ACz`AWAt96GHySH)l zpS>{6vV%t@>)CO=L_(15^T=Sb7=xNzQl;C5$q*tPD5y1Qx67rWG3QwO116BXgt=fa zmo-vad7Scy3MXsI1XqzkF@0&L(x&lZU{!>8e_`^tXK|?`w&9FyR0zeC+?PaNptua# zAyduyc|S!Bs}Ajp4TJifA0U0_A4F;mNMVUk)meus-Qo$|XNme)>qwcKF9*Q21auqH z5*6vDEPo#?3A<3t9oq$=y>}zMGyzmDVhYfArR^=ikQA-5=Ih3{8~?%^1a~C KV& za8_?P>=w`3w?7%dA7V8eH}HWj#TS#uDaM)IV;h|m_$4oqHp6fCL@53sDNf|-wRpYp z$z5bq!J7+8+5Bf)r)gL-bqJsuW$a}8p zPs&CTYr(!?S9t~bYjB`Cq`6~B5FE4 z*G7e8KyJ2beIbZDMybOv@&9_`Nuzb>8dupON6hw69oMp|iEOn7ulk|LP)#*0eTdOJ zL3vUrCRWt=rdw^H)#N#2T8Z`Oj>{{wOLYVi)io|W6u%7d>yt*{I69@hg1{HMm6xZ0 z(e4hLNwui?6ytix-jxlx5AL|N6%XAoGfGHj3Vd8^EVKpPS`~QyeymEmq&Fp-l&i}n zOS9_$-*8cRE;M>@0FFhzCADSEQ*9z4_!-xP;#HKfRk9VoL6Iq^^WBAsh`8Md4HLMK7>iRR4&U0 zJmPov-JjAo=x!hS>2I}N4>O@-hJvM97;+|51>569$UiZSXVpph)qDmGdU_<=B?5r_ z3XWX@u`?89oxg5vGms@{3te>D%PB?CTZpUZoTnj|ujBvVrc9jB(M}*mLu^i2u$r}3 zRvw$Urbu`OP38fTrSB5Z19w`^h9>PRE#MZy?M*6NOyyE{&SbUqO>&LE&|=e+==_`+ zrYZDY^@l`?7pX+Y>|DT(#}dR9D)?uUT6PvaA0buCH! zWvkwATe#0k$xHPMY(Z+U9etrqWNz#}wn}oybX!h&9{UB$0#S3Z(!#d_$Fxq9M#-|i zshfoxW7x<-21$}tVQ zh)8x5b|H5M!kp^%%(1nv(+xR__b!$2XT90;e~j7i%tz`HNe=Sm2It@f{)IbHqM=q zqf$BN6tSwM$wDpXG^W?Cn2AN0A{;{Jb^t~*960Yhi2=B(ry1cHb2%bSU5Pg zkkExn$qfB{nUL*57owlgJRqU?T8L({5Z?HNhwEA|>!K*L;EuWGmNHAJEFQoRj6I#p2TC6@v!n0E zrN}@Sja=MGXh=cQhbO4deanfVnp5aur z7H$n^$t4_}e4$&F(L(7yIe%{~%r4Ibzysibgsne&7SlX(k=J|{Jw4=IeZT(5!s**|GH>vMZ9Vu;e zWAq$i@4?)w@(R4j8N9hQ?lxSH=^~j97FirsxC!|gzZy$MkqjiJIc8`w2g7Od^H9xn z1d+*zh^2t#JCW|)!R>qxP7GFw`4i#3juj2}L#&XbNah1@sr{!bqqfs?u7-O$YF}{S z@CHIuvGAJ7V3e1K%UD5BTLXAVx8H16<^xD$aO$7;7gm@8ROjx`aFV}jMUp+DW{`mS z2b#x<8cMypbi-@wfpkH^0M$t`GJ?1OXPq#Bv!>3CRunpX_+HDdXf@VH{_9tnJvhnY&ojC%4&q!CQ^sCUUa4*uweP zfXx#bNd;1asAD8BgM?XY32$^(d*{S=1uh3vmHWtm%6Y98vv-p%Xwt4jhr$|MoHd)= z^wol9{bg;ZTyQ2d-cUmR0vhpNs_i+!XfxA=+_H7lknY(I0UyCNtGYnG<)(SGPgl^u zA)|lo2sg@%sAH*YA`Wnaw&l%JRGd&{h|AyY(tI&?FT|6g;!+&1#Y_h8lBae5&G8`U z$}OkGp)Q%`s@CKOIzJsHIrk0!y_RUrxQ{1x7I(r+pmbre4JD}C)Z#~ixYz||07zx| zE>y-%jCx=|bb(rqu;*}#ep6LC1H>GffE^SbmDb?<{aJr6QVXb;*G3RU?*#9x;)J9 z_S-mBI#6@Sl_d-pN2$ldrp*EsSF>gLDp*#Riseq7ezkCiu(5CE{fbDMy?qr&? zj>qfIcU=HLE*-V~>}7fkuAhGoVi1qW!>oiCNYT*HHEq=`EX#1C*eK7mzjs6~Io$8V zAo7-Y9%08)lN>!!cx!Eq-1W_aVDL-l1}nZGsOX~DI&I6`PS3L5+;}mFvG@iN>igvw;!oJDP2>FrPP z75!U&dlrL|kQUai1O8w9fKbR@*k7ggbziwLo`22H5d1)ZXUmX@ScFKkeHO%n;%i>; z8GO&P7BgEVeK5zOAP?Cefci9LC%;Twvq6N&$aGkRRzbRhC5w?0v_J0Me67EitXz^) z6(7hkk7t5~u)ty+>(dwZsVTLY*xQWHNrs%k0aEnnov`pI*bffa0Gs&l-fb2<7PK^NcT5k%P9&0^S3SP=VNP91YU4Kxm7ElGQf9tF&)u&=;90KdcD z9XiDaL}U2qxDItpbqUM|MEiM`q=Q4-<$lRyk7q`{gMyN0HFtjk&V&cg@bGZ0&D4oh z&a>6Tqf=}B0RT{OY43eO$=)=o4*>AC;zP(wk5CKLiT#jzvU zt-mb!E*wNScIdkO3Nl$B@V`NVJiw2zmDF!-65_hoLO@%Mwc{N5>k0lI07vofti8NO zHEIQRDz=_X(vNHQ_33gfo?kjVI1G|CO*0s`@~`ed=yGJEAI>j3vc(Gu78_sk4Zyp< zAoB9>l4!$_t(wp$%8qqjV4I#eu>#8Gf9mrWV*zRxi2kTJ^TaEoAmRr2xc z)J!@e@%m_PuO;R4l#iq-zqwL$g_9qx(*)tNqKfzynyJS&OuRpO{=`=#efO1T6Gw!p z(Hn-F63NAyj)tZ3J%Fe-*eaj1(y@oivh>Ll)DQf<8Vmrg5eO~O1hLZn3Owe7z$1h6 zN@Y1LkMd@GV~F@mx$f7GZHU^>O{aJ~u3qJRChoERpb?GJU8wl{!tpJ1U$8!pf4?18 z8t{tFvHGQvwKv}>B6q7d4z)tq`xv+*p$gTdm%<&~@kpC8so z5iV9DZ6hezeN4$V(Pp9t%PRKot0<;oOxbPU!R~R2o<|>w_19`($pV_Hnf%b`uBa^n zGd>ASPSu0ka&;#HAmz7c0G41|09ZyV(jF@U@N^jxK~Y*2-(^cw@rmXuISK@KcjGCw zQs^KWW!>hhEb9OzqrO!-K9B&)&I=3{f{3cleEy9R zp;xuGpvyDvRSo;$t8|n#!@yNXA{+y1>0~dbtxzSz`Fnm@bre|XtFujdBB%&s11{RT zBXKm*xN~|OG4t9rFMl{jjFF`*z%=1axa@sz#L&Xi=V+Kku^@3fT}0v z9!h=p{}qxGZS0W?tj#p>dCar0<~sWk)f~v01WJu+i_ZfUsIS{8EGctL_BK0 z&bicixf%JN=C-^;Z{r&)2b9~Nv`3net8xVd*<0hg)=@pQ*J7+e?}yNBk`jL_5Bk27 zv;imj3Mj8G-lgS07bEh4!rY2!>r`L>xKoE2DpG@GY%04O3H8l)X!AFEu2W02_b`)d z&{ghuT@$yT!PgdOQ1cSPOa8Qr;xwXk1d4fiXMGd8XMWE0iP##?N~+)rRzo2Df@ait zKCc>879W_+;|8#Dhr0m3QlGlcg0;AsqUh#+mVEWg%)B@gA5WSObps;+39%g6EZ}Ao zm$YtVvO){J4hh>mo_40oQ7XFsQ)(RBqJ&?d2V8PRxH0P+Oq^&G%}kWqzMns-is%ZR zS^V0}c+N_M{GS_DqP1Bg9-BaI@oet>hL8D+46OUNXHci@7y5-b-O~~qs{jlqW^{sG zSc?FrccA7k98Gh}Fr6g%;A$4xDY6L?4eNVZak{fpvwHkwqwe=dZ!9!dDfJ2| zC2NJ6Db|v(0ba1FKd^;(Vq0dmQ$j&*&#r5Cj-LVx#!slXk1=ynHOLad9AX4=dU*Zg_k08ymw+gjTA@H^U z0^5>DgTX$X8v6NwG8OEjQyg|z&o((v|E{CNTtkXT917}olFz(#OpX^vtZR7}F!~N3 zZ)7g!Lrm{Q9Sume-BqYrb=rYRm0-&76X&>LdAa5<;WgL-NKh0Dn|||=O*${HQ+W98 zRA;S2;A4bYRJ~J3r(axLo;L3a|6ugUM|a8sf9oBKARua7_TT^>DrBAL)t*deqvhEs zs6>=7M6E5CE;Dbn_U;ZZXB;|kMM3U>iQCHrV*%lj_jHRqXDIqg0-?z`EGy|wvmE{k z%#CGA3k{;OpNXoCT`s|hc*HnZ5W(Cp!)CTcRN9mojhbI(#%{{212s7qZM3#-+cDUF zD!0bw{DleQbk1;tWyR$3memW@YiwWi#3-q$x6HO8CkK3~5*;SjqI-?AxHED|XVhq} zKCy<@T=<+L`G)v$O&xobTR<$0w(u5zG%->8tWZA=Ho@7a+!7uPgM~u*fOQPI?5^XB zmq#C%Rl!0vDw8zuJ{WLdkT@THsveC$6{Ua8{^Ceg@hDx8&=T_BG(dbe7T2iJ4}l8G zlwu72hlUnFp-+HAT?FIa;6v|KNyH-K_fn`|mjSzVRgla-_!2e|35YCsB3a_E8|I|1 z_*a1N0@_?1sOYOT-HRPF2X_31CG57Sx`+RXDv@(Kn1Q!R(v2SqsWT?fstT-KrjuQm zqq3Ne>Xc^R##lq1M{r(HMOy-^TU;6*5cWvMYDJn?XRiZTa|1l8h=C{5vGgd`)&pK6I|9N=M3L1nj%mDIZZS|1Df$teCsJB z#n?L8yH+5p9t;*%f{c8g2!eQ9J)5r}Ki!vjet9%O%vw$+m(kakusy;RUT6VT(Y)1t zFV%&e`FMi2V1-IL8O2WzVlP9wx{3UesCy05slNhbrrA54ITo|J`pg#2jjz9^oY|Ur zH+Wr+%gM9wD)EtzcoLNMe3azs||Eqd4z^bpnSdV0l+Bir=#C=BB7M^ zW*jB2-sz6e>mnmI6xDgpW4K)$sy=S_3_p)DVCP6{A0@}VpFbo{-@e521&aELJAyl> zJiUCt9@Xp^wO`+yd)_WB+9!_3O02+qdTP$=_Kbs*X5DC)V_ku;tVb^dp%%VgoJOpm zZq6gZ5~nrj;@<2QSqy(3BmT(9J)XkykstuT_?MR1jck<#oy-cbDp5|@kwTai;~ouL zPPs9`M2)QQIneMv;TDM(oB;NWt+nOr{w(|zJZj7NMD%O!J)Thl7QMC0LRNT0no5|T zzLyvwy+u^jq=jU;m5ecK6p!?zxX~m*iMah)xKU~Zbpzdp6HPhmD)5pr;)RNDmSKEM zJ9{8>cqzDOg2paTud|RCm>$N`F^uv7f|(A>93qIq-}&-^(gl5I=p3E`4jQB&eOhWl zMl8YEQ?hmzPWwT2en+Ev-Ye2zM#HXQCcq71x!QpvLo%KZ;MeD{IWKlB{?XrXnJ zRyG>H1MA^{RK%bm!SNQi@O{)=Y)NrOvhAkKWCdUMOb!Ad+Zm&FnMP=5gv*C}vc z2m(KpCp7sBJcSRQ16^O>Js{`jRJkbsLMo@P4H}b8 z%Zn9X>#c$HrRuR!&`~rD*Rxv(a%Qb?D=#WVwGy+sVenRvyg1aYdH2fg&V!yUZUO?2 zvzc;y3v1jXkO&LNBqFZ-6h)K3YoUt+>xhZJ?FA7XkkvU)(M|LbZst}FTem8x#&Dj0 zv6)R>;cRnYjwUui7h=?`hNtUUCBbhvQ%$i(Ty9HugR zo-DZL*z<8&DO`NI@HL&%2cma<=K#=$aA)zWu@Jlz`uoKx{jEGE{(wBy>wmHIk8~Q> z1^6&CcaNNLA-^l@y3G);gX{QL5&6@xK5$sc9joQZqCrR~DQr@|N>Oz8jV-Ny&0%=Jy z+mws|;Y(%A36u{tWjp1$Fd^8KsXM)qATK^36%X5($>_)2v)%MtZoGnPlcEMJV)&}c zVjg)l2OZQQpFF5^{kxC1OTg{jFx50yU`god+|HqnJPD5i+VjDB14NIE zt#(5|TLDfG0oq@lXNWdnh(4am)vF_{@{5XyEQzJaBzEeX(?-uK|Hc>9^a$ofWBs9{4_>{KB=T^M>R&dsYWB>-Z4T z53$HpWtHDVNG@_!i#BPpx)-8Q_AjlwqF$i-*D_-gow{Ru3h6& zVabBG`{ly#<0w%AopcC_2z_6p%_c;EvAOR`G0s1c&-S~HnEO@|9%53u7tcfL!wc&M zK{?ds6}qxIVg+s%FPM6n0RnEzk3Kj)cDnesbh13G2B!l2JO&m$DSD4I zKC&9#XoJdG^g%tVF$Qj4X5EahWl3foPnH{M9{>vlvoR-uzBy~^{M>cN1KzL}-p1eP zQFHHrRA>QIwg#wYMRKu{i-R}$$>xk6F5DK~X`+7|1FT8rGKj59OSJly zfZkOtzzNtUeHkqYsYonWkrh#8HH+#7^0bW>&MX0JK0j9h=rElJ6h%FJ&D8<0wtGvK!BauQ5`;Fu=q818OULM5=rMG|*l4pfMvY1JR1Xi!n z`1jv5AIsD@W6;Qc95NW1!Y9OQTBqHZXPAg~7PWcqWy+Dt8VfVk1mMpC^6IRKE+LDs z00j|;>u(i&EwR!7yAg>-se@0U-Cc4x71A?lMTMLqKbtgEg$}gvtDvK)S;2e?jn4x> z!}kin0iyCE@}PITnieHKvAizw;>i6~hP>KKm&*m^X0tT88N*Oo?>e202D`F5AO(gFE;miXf9CmKK+|Nm^FM~8`j{Nu4~3<;EE5hJxy2o z>r!q{P&f>yA!= zp=CdM)@OPFXg(C`hW`*%aIg(jJj}_#lpN+s(*P*PY~B|zp5ztgI3pd3G}2VR>_j*xZ`5%exNzhx&ujin5|&vBYR!vuKmbtc;z9C+t!)q-QQkCkZT9*WF&vL2 z%X97KSoRYeBi@A68CfD*I1`d%fh>ss>mVAQxBf?aUqlf&R=?mM?v%e z84!WPt2=3A9gJ&$-1_*NT&x%t+;G7J2K0AstL%@WG0)KXDsJN7iG@rjdP-QzjRGWP zY|VfKbZ7;mho&HwjW*N8t8F#8<>6;jB%lDIPb{=s7RV?fTct%K0%e6_Huq6?(w#KBN<>IWCy#Q+oQ@KAy!hVY zfB`;u01kM$*U#qw=5$|_gKw|^b48mDTITD9%29v->xniJ&p=r-{qW(NO=GCo03VqW z0#tm%q66c-`pml6eH*=y0x$c500DDR^uB@6V_5yc4En9TBCw!;>ZZXk0dA}PW|uvT z+)|Qt6$!(lQ`h~?C+9C&na=1N}+tozI$W19h6aOY6)f|cTJ)c~7LwHHUabFC17UHgY@o1w>6v=<;S8>Rd+Nt%WKAT}IS zCv))ULu4Ldd4kAhaEI*%P})#*J{Lf4iIs9KZl+c#p9e#+zOVbzH7ODL=AWo6BAlv2 f!-FLFEz2Xc%wrAQmL;)1#sPzofB*mh00000n)|g% literal 0 HcmV?d00001 diff --git a/docs/operator/resources/vmcluster_with_balancer.webp b/docs/operator/resources/vmcluster_with_balancer.webp new file mode 100644 index 0000000000000000000000000000000000000000..aa3b253116f64a66d8831bcfbb6cde02840af53e GIT binary patch literal 36764 zcmbrmWmwhS_J&J$H`3i9-Q7rcmvo1Obcb}e2vXAB9nvY?4bt6k7NGBb_x_*jd^vtv zvg8+Yjxpvl?q^&oN{WfaM*#t;i3-W9%5xBg06v$$gUA4;27_7!=jTlC)hVMc`2LMa zGIW&!+T3Qbgv0)dyFYHkdir!gC)0D4^U%!z!?M!5|FEUaJL*Fo!SlsW4@9ip!$PJZ z&^-1y+v^t1z3t<+A^w)vGp-8M^~Po_*$QvcArmIGQ65}Yi@?{g`aI# z^zfdS<$TK)o|hD0Md-S!enWQD>JY6tSStMg_|TU66~?}BvPzitcL;CSEf?%H;+Bq2 z+TQ2VcA1M7HN7~`9vz>=IcMt9HuC$h`m6DAol9+Z;@0q?A=!>vE7{|DM$X(c)TXO& z1ap(_qsJW3RE-MmHna8}u)VH-o|52j1*uLYeQLUKiJ&Uq0t&O;=}7ORIXmz`aRg9s zm#b`$D?HxlCj!KWVkD3|1w~E$i?m~6lfu|{2p_bT_COK5G>*nBmBhU#AYA+(SBC16>Rzo(ch|3xN~zjP*hs2s{>ku0AkK5 zIIzD&1b=%nHBLk=i)K9%$tHb)D%7>YrPX+#~3-r+^4Xgz|Wc26c=%iJKE?(ol!?d#*E7kgr(rgqi zhgi51!(kA};MFPw{7td+(53Fl&*!KzS7>wfWq zC)P<4uG*=;1dljlZqQ zz;@!x<{}yiI}Pwxn;3_bVwdIrsFTByBxcw0v!5+tVar%!{QJ}=)``z?!T&sODeM}~ zB8{UnRuM~%hph;LitpCnb)sq7CP)mXbus|4)aI)Jhax-IQ$fP>c1vBS!{Gzwr+mh; zBu0LKrq)3+BFNjCqyAYG1P;mSp+Jo84X01mdS#=yI^X5Zat-$yZg;;y*_yMSX~1HJ z-!bEM8^|WcyK0mK#E#tX-A9MJwJ&#K68oKlzGLTC7rT#N5 zW_--}*ykFOwS8vTBlbR=w-{KF|IBPQ! z^8zwEwP{mNLGW}aX{-hcIMRZc#m57;bb(dLUWK&bsI1d?#QV-bfgPhIyp5%3=K^8M zPo;eP{I8Vf@Jpp4`;&gZ^yeo~uzV%|h9Xm57)Qnm@=TDy?w{b4@5j=b&b6l&^a`V5 z#BU_LVH^C;LoZ`NctczrIro~jFWa5~h~Sl(k&X`vjmhM9p0#d4!oGl;RNz%nn|*%` zi$6J^eZaH_R>v~=izUVZchc(4_n$BxAHn%|X|Vl1$ri1x@CeLY@!ZZ0%s!TdRNr>` zRUKCN`i`B%(k|{nw%d7N2#%xXpZf9gAWs#xpjLFV7c;cw8KRYWAIod0`R>km^%JZZ z@L|ImP&0C*-*WLaDc8SF{JRi=^fVMylNe#@7+Qt5o|(v?S=vf+U8Ur@cnpT|o3$r@ z0=-WifZ7*(4TrQ7GA?p^O?i_3+8AS;l1}z3Z-c3%Qysw4{9PlG54Yt1dil+Chcl(? zRYOHP+iGMu1kRg9C$Dj;Yb;q0)l60$f`L5T2Fn9Vumo{dPEN7!q18hSDSCJhsMse6 z;0CmnOKvhr_tgki0?f-4j+HB=9jOB$)G{!mYW!}l7T>Qb0h@7GgUsvRQ@6X=sv~t= zXcS{F>1UFBLbLBnOs4vy!bg8VH%RmSaH7Yj@NP+qkJH(IO5XH0O)Q!}HTX4$vtx(5 z7m3j$S7K3%&AD=ZuUA}rFE9AGxfX(*La4xA(@A;Y?M_0s?-}PE6o2oR}v|lw{H?CeXV! z;ACN$a3kZNsYW#;4A19Yw}yEon*V<-WVG!Vu*^tHIbK@DJBXCrlusjly^^ot1Jb>n zsK&QR{UqKV7{6AZ@GL#Eq?ibagQJu z!U=A>+e@-f_+>0ar3ZH&d#pLFu-+@cp*gtM6|w2dRUSWiMJ!R`z9nF4$`xxuIcdLD^63 z9lj_RHSra7k^d4daBE%i0DXfb+mzVK(dxdM9QX77C?(i8MDT6w& zD+S~@qmx3(DV_j?>!`S2@b$)mzOOY`pc{eNh4^(e4xPL(l5x*`kyq|JDR7XA0Sanj z9PLO#H!NjdiYMu+i-I=AW2!VhTK-wh{cwE^COxy>!L`y-Ht#v3$*U{O>S=One$=*X z2;dygmzrO8QDKb>)lc;ybz%_QLC^qYdvb!BuF1%F^*0)VxegrqFzu4k@kb}il=3!Q zEL<~Hd%O6j)dk@}bPdf&G91`rA^}6!wi!ohBt%2>zQiXX&K`28M_yDxDup2=%pPrvYB@)3?r$%;+`%_d}>9GQr>Bd6gYHV}O~HCVf4mR(yNFcDJOlk~5_CBBI7N{!E|G6G~-hF7z6MCm_1BRvE48B}KOV7}8f z+E5+EgJ_6ThWdfJeC6AdXzy01?oC${pktSS67DZu51dXTTt*BhL_?PRAkBYWx5eFt ze+VwoD26n2GXR+qD(_;Kl%mg&r0>jdro2!iY+-1{gLp-%V#|3PZza-2$0Jr!x}Lva z%TVV_y$D zD2X^=%RWD0+*zK4jyHxEAnV@ES977%!CaA*aaUS#$c7CnK(&xJmiH6-M9!6`%qsYY zedZXvp;CaDQx3=O_pOBWw_DSoOoM49W0gwz`Z=3!2W)>hN<>*MACjGMqA-XtJ>Y#f z*x0U207Nz&eBX1LY7O?9FhjSE9 z3R%_}+bxR^K`qIzuL4KWVLJD}CBfOuN*DIv?lfAU3oZr}^nn@^BbEd%ZoIM|1&;eS zVy~^hdyt&*s0m#ezQ223+1w5vmmFDkmOWXjD^^h`B=U3X2TehE6p(J}uC{#<^{h{c z8o-$bjMlL-MrOTKAB5J>QG4tVx_=W|y6Olc$jS%P#n{CiPS6st$zx9Xb)io6d^y3< z_XWdfC`Z5R_RF6Io;dS{~?NI)SC~9+2W|JAt_vCr!hY!`8!1sBv;VOgM0;;5Ji^w8iRmj9&{{#Hupl z!^mDF*YvKxMkI?AAG?bQ8Ezuf6azHjt{aFWCt-pkW~g3buUS#*7cgt6{)nDgr1YS{lz%gg^{&bOq}sFbWHL)!YA0C!su1+{f)GVxRiLyy@dEZy(1xfOsU>WeO$_6AS)4K_`1ou?Y$F)y10z z2*>}r;(5zo?-zU$8axJQK0c&BX`N4zV8e0mh(N;bc7f}d4cJg4z|H9mv?n(CKVxru~eVaOg5E_QP+u>p|f#%>4Gn5?)Y^Oh*-o z*r$lpX7O=0@Sl?gb)9?!bVP<8s|q*il3C*!=UR^8*Tt3{OKXWJMHIumOPE)LUp+!{jMF1zQeiD^LtF z(rlFBrN%gUUZ!pTrw;~8v=S5-Hebe68IF!thFZmGXxPAb5O9^rT;8g+Yqxuf`Y|c5 zgGl+-*N9SoevAwF(4Tzs=?5uNP()CJj5s4XE;`{ezlj2p@dq9wMxF#k(?i=FL=l;Z#k3&}%E$dwU7}V#)-3 zqC7-X%~GDTo=4t*iMRHg)@PKVN06^{FC6vi$l?SX(BfusaJ(Nv&r)ZgKuY<|8NcDc z#uz+l#ahx-Zew)1Bl%677r$I!P5K}c-@wV)m8`#Yoa z*5fOtzn#=1H6%-EAokWnsPfShzWW4c2ux9%2H?DO5YmLi#pM2j9-=BhA}O2|fgN=d zo1p!D0A-sZ31bDn1ZFv^1xwGz0EY}?cl{^1TRUE`IRf`DBnSd?44?!x4y~VcWYvk0 z8?d0O!;5sF;5>Fp_1uj<{>8Y=zsngGZ9O-)GsD3ck(HLC#WP#l_A&D0Z6b@og0fs; z|B6#eZ}iyWtT#^-p-D&0hexVI7%jlxv7Kiq zA*r=;bhZ*JdSzmGXH;@*!AR?XZ(b!epnW#fgmRc5L$j=w5xM2Z8qqLa`fHy>bqKOWs=EcAD!YIdW%alP$C zOJ~yd8a|{ytd9;vn)OjOz|rlqdO?#W6rmsiJAYV(j60weSbrfxP8}^trdbWrDt+dw zcUf~u+@KhnbN_&&DL`>|<8YK#_xp#OIdoEL9sPw7#xiKJ4GWR$4%!u5Yeh{`bCvZk zdFJ9ZMaMhlCUJuUxn8`5xZm6M9-Q$pbu2!0ix*4KK698U20C}%qIiC~!J|Aqi+4oFjcpNHlzc|Z>VXyQWA9d%nS<*pRg zc__bVGPZK6P;)!PzOC!&Og%tp(D%%!kDs+R{M>Kx8OP2QJAMl<0*Gn5_U({eYwph9 z4Q1L6Q(=iPPIzwMs4tB^yqq&<>dR8UfXG4Arn$in@X-r%k>4+Yvg9M!A!z*$cuE}p zpxS>eLih2GE%)c)^_!pD({R?qZ+w&hEPZ0wJF*y&=JH4+$HsVV_%ZC4kG)qN#MMVo zP30(_`@|(_WFqYva&8Wa6M2jH{!b{*u}MF?=Z9Ao#WwhD3kS6VoJCQV z(q7-&#Tm0|{QHe+23Fmgf@S;5jc4u6Mn`U0-}0*IN*0+EUnB8>ZQn+5^Bb)7q`4~q z0Z&>OC!HmD3~D%W*JDz%O_R^}0~cd0qymb39H81mbLOT#cgLNk8iPig;fDD#GQT3QY6oVQxxa zf$Ic5#0nANUw;>6 zJ*o!lpj@2uJw?iIS&xz9w=2G;?SH}b=bIN$3_xwd18fwA0Lc+=pb7;NW4OGD-39tZ zBANCPVo&98RlpZCAs>PW+O6*odmThAlVd_>yED`U_fE}nCQ*5Ni4wf9=SQ+48vzT%*|H!6rPAZ48ijB+H6anJMje zZ{r`HTN|iS+1xk2_xVG{57NdQr?%n7h#h#3oK*GyDPn23OKHeI{%s*N{q+uN(iu6k zxjO04$w^PShoW6`Sdto%qQ8uYvx^26Fo8(dGV7Bx?#Vd7Si%Y*P@HG{L_fiEN5RJ- zc@~#EH2$+s9jjqkc6>c7g!8_p|4`23`P}?Q#DC~1z`S^(Dfxq++GZovf>O?OX&_cK zFJQi6Td%%P^4$B9qIVA(6%=wlxLkJpjRvyQUtaXVSR-G2<8e zzq|kx?|)$XTe$pp7!sLuEA|q8)IQo?lsANDbmo5##2Y{4lhGZ$z+wB8si=Tg**O03 zbD^_tMJ~1yTDtP?G22^2ETzuww!3gIwyA!;XT*PN7XYa_O&I$oQT}c!+i1a?1JZYW zh=rYj0?C|JBJYCBv=BDUGVenMUGmWu2Q*PUQ@mQrQIV?q!`Z8hFFSNd^G6U6No1Rn zL~^V7}O!xnG49XCUJhFJ?J=B4?&!7yPDZ@0 z%^f$c%Vy~s%?TlCr8nne0v{dh4?mc`V?IH9LIp`mjR;9L&hHUiMOD7u1#m5VX~o#W zSHq>U>ix8o)a?%A#Jhdlc-?`8WSn>WzIxD(U-o5D@G(hNs_DTyg#gCVNZBnjpF5iT zn`(?x&uhuPn>-Nso&o)nrx_HXIhAW&S!xgBK<~5*LXB}qnns6SbXgG1(fkcJ$54NJ zHrZq}j}hWf6xlITWuMyrw|Nx0bgtIaPOWw4dB$$A7m!)&|#2lB0G$HtVa3Xcw3$myA2wso)2w6m(j?Ad%zSj}L61sbwaz zTZ;McD@XIpQVK!NZ4s=Ezr~J>TN{5(uY^D8YdO34qpMXISMJ$vh%b|8~GsT z04dF~@FLM(BrqT{^-Y{!lw=r62+`fEJ*GS^s*V`liR=PAc%WiYYuwYQZICes524A> zK%TI4{$kR;RIZb-kH1pm0ajKN#Unz(`eM!rO<=vVr@)Kx0T6lF!YePvrYz;L<-*Go zG55^qN}bMm$eV=}?{Q}7BV3zq4ku2?y({3)zK{LK18%7X>_MV0PWL|SVOfjWS0yx!yDx!lbCa<`NuSV%R>aQ} z9t&8%%dxspw;xZRsazY}0V;P~u$IDQzo<--^23s}xb?svv5B)^)@pQ#fo5@M9<#`N zLMB?-H#q5J`#)On&sKZ}<_2Kx6+pPiD#vROLje}gC}-jr^94WHN?A$2xJ2vLqEwOy z+7%Aylmv#%qQO}kmN&?jUn<(C>y*&_eH5mC)bJ&7wus^oJEi1Zs3Ly;680S; z$pQEV-4TMq!jn2P+W&DLUpns)t{nh5 z!RKb=h5Vy!Cn`iw9EgUFZdNzZDIasa2mYJnfvK*!W`CI621 zuFkRd>gGzqykNx?cJrj(w@sNAk6&FxHP1NYh*lyk6fVYU4gam-|LmJEOd9Pl@I_1TUs2z&S}nZS+#F zdvdpZu5y@jY=I&-1WR9iFyy~*zS`Nhyjmj)GSS{aa?{h!25+kWeHbCF7GFF0~QM0ln6IgLjvuN9o+^gD^r}lw%9l7iOWWxyqnnp*(L)~z=-%m}4 zUQ*o#$P*aY8_TcPXDx;?{Ye(QCy(^7=um686oy>ckcv(MH4okWa5Fy+z^dl_YP}KO zdfQic->6W0sI3##NnQlr*wIu4-kqwEo1!ENGogN@8^sG@b@N_AaCzMB<~PbFb|~tA zc~+!)#tO<9X%&6Lt5o$&N{=+MzifAakjmWDYy|a8pDkyVlJY%yzW;1Q0OB z5?j1&>_Y+ib(Z&g0gJ6WbM7L`x$xPVsfnpuo`8{o*XM?0DT7X5;RXbx(65&yypYgs9OZll2Arn`l3m^LN~PFj6CmN8`MP1yT5gWf&g8^a1^vX>;RH+c z_sbaL=TzRSaA9Iqm%@2`oo2YMPO~By)~^DzU4Xv#r9s482KfpOw)^{=GEc3QSSdO0 zyb;s8LP+U}akJkL);o}Vzi2n)9#=(nYFp7Te~YT=G36+W+nTlCDpXViE7vrocd98I zmU}@IFMp_i=z=fDgp^l~(;S9|HU1>`dEjz#%F^}{O+|<+Ty`YlT>99_ujrRiPx7=S0*dpv-;TZjon?6+zh=n)`}2sJ&m^0ZYXvjPJyiOl9wDxoNWN!tHK_|q>_V|N}R#VoyU zopP0aczG}#L8Uu9@(wLYL7ekXic35Qh$s9FqVS;XLN0jxi{I(5t`RUE>5iZa!C71H z-E0Dt=wwqDw9@s0y3LZgPVgIey@|BIR2jga_**DMGgO3%fEJACwhR;!7$~Wr7P%d{ ztHU}6=W}7D`%_6Okl$M{okwkFo@54sg3OkcIKnERh-yQF0MEUj@ z0Kx&q4Q|5y0ptGHq$L;gkYLjXV&%e)yu6~r6jL%Prc2YY1$Uib<3Tr<1XP#PDt9Q^!^J$)7uv^vuhr)R_}~URqoqwXB%@?ARGgKZQL%hx5gz zOH0zW@Od+BU{zxyBtr>k^;|$1p9PgiJ))LL^y`C-G^re9@XareWm1OohTj|E`UwSL zCNXv^S&SUI=guk7s5d+nfn3d&R=$pxk9 zwi{ZeJDr5x?_tGpC_?0WywJPXJ5t6xh`|?nv_O_m9~jYpjq^Dv@@?7;q%>cE32 zA5@s=>+^^D93^}u0DeYYNpb;aqwnlm!K=eQcUZ6$!b&_~g&|sh$28&Il5=rS@BkX^ z-<)i!R)e0XVr7b-hJ=Z|Y!smGwxd?~eKZ!^EInUbRGVf6X`~+-LF=YVha?Z_Z%BTPy{296mhHt(ptlpF*bN%CF3dO3u-P9A1v2wPmZt zcbHlRSjD?~r<;d>=AUP{;FKeO!7eP-mH(6QqvZ{#=I?CoG#JmjI{cZ;_QqYxVmB659?i02+Sm$COVdpJ4(ZD|Ws#HT;_ z<2bRpSS8DsW9Dy}PJHK?T2MB(FJpEd88cjhmG8z~5=F6d!q1nfsWhnP`@EBx=oJpd zJ;dCWAG0@7{Gtv%p69JuxbBd$p}T!ItV};lrc-?ss&o|b2OW?Ev~p|Trrn%J3m`_G zw&qYEm0uXC(2aErb;iThv7zv91`B<|D%st+PQ#8amuL(tG_3$g-y>hDZ#G{-&dI-P zw6uZu`kGTpcS@Pw)WtC~g&H5o^M^CxkLTH_&wfjlXWwZ3Mb$+%Q@oH7StYZiRkn$* zK(BZ8K#NI6V)I*S0|8v`$951*Qz;^-PQ!%g}WCL8`id-WRVdWyud(3={{8 z=40!IfRx5C7k`zX%d3Q-8#pje)sR?ddh9VSb(z7L-tO? z-kOEgoKd-kN%YkWm+j~W4=MKsc-!{JybWf&+%pW;T_`t6!e#f(9Rf5x)Rs7Wt9vi4 z+gKbs8N<&ol$`&aoOHg(>#omv!9Y_@c91@StSTh!O`G7Oxj)MyF2}69BSq#|u4>eB zoS5Hz%VgE9lTsVlZh09VNIEK%1(=w4cYp)=4Sx*fZ~oL>1B_+Pu${cI*EeAD#x*Xg zUfv3@Ck}Wyxz#-N7D!+DB5}$e&Papu%$?b^1k_--`&h89sb`Xc^ji^VWnn;_7&t@} z>L#KM^U*OZe#Jo?=?)YrSMDJ^zKyK+3dOJ zlLi*(*WcGaR>v0|Nih8LxBpY6LZ#nf5=n~17&I*XE z5YCjt%vBYWQ4<@8;cCzhI*1f0{m1CCj$}-e)oe1FM}88281!UNVA3mDPdQsX;_ zuqJL|s$CbMMZz0a|F>P~c_BZTE&8uxQm-la#`OQ@mb`VSz4+@1_jm0a)seG~Oli=# z8=hT33vTB&80|)U!|nYN7vO(Z6!HQ_n$g}0!VgXNELQj}{bSdhw|l)-iNC|oFF~-^ zhf_oWm=gL=DggweGl>>ECw(qo4(&PI$#W(K10>^%mA3!JVk2#agJpT+H;Q_4UsvXj znf|9ye_i+j5pC9D!zl;9ef{G<_U9kx#Kc&ofh?IA^~`a$pPO_!d!`}gGy*InE6FGN z8on2-?r%Z-r}}e2hYK)+ zcS>%;;@J29DN2BNTr0`yju20Arf$0SCTbJ>x(ICy$!rpYOUgs{)NS#Sod7FUBSQw% z_`Q+h#&H+g@&6g%j(9J79w3&S|1z_r)Vzjl0d)2l(PtzS7(4a(kv?CRJlV+m537EK zbO28&Gj75Yk+Y6f@C0SDEV2LUE9IL*@`5t}^?V)^WU>b$By1!um6(Q0_LWp*6IXrT z{=YvuFDRJJGU&>Xr5;?t6&OWK_=jR%>iDD(wN+8$zCK>!sQE#2y`Hqu^!CiH8b#(v zzD0m_sRv_Tv)wep$vCXpo5gdBQuyZ?|3O~=273UsX+e^_p4wk5_cC)gbxzxAT*p<0 z_ReCcIZcK$-yJZ=3HnmeDqfAAH$d~h8}j=7@LUDaE57*Gf6U!=<#{sqz=+MY~>h-|nn4GzV-F>ASA@)*|Fe z7VEjh_jX##m~Uat#}|OZjDT%+c>9=NGAy7}qe>ZO6RoE!nasn0`I(9x4x#!iFy_F9 zmJ_0%MR&Ck1!G*co&YLzKl7I`WjMa#1 zKt6HMSj#%NXf9{f^xN`;LW}oiFc8#bQ}kN~)-$&zR{{|tHHO-2K%2+OOU$rj3xD?k zqIwUttM52w*&;zeMaMp7Xcvuuk1?L%ckK4d7qXANqzh(b#rg+px3zaiqWxn&;Jtx> zfDLTGjn_SI3B4P}cl#RXFrAb+81$Th6!j}*SApPLY8})|9Qaac{r6Ez#0Wsm5}cep zGl|KxCjG*KArEj?L91rnn8TA8gg~M)W=mm;n%ZM%!U5L>SrHG9-{n06qID(99MbO> zz;X>qWwVRkw|oC<$SJ{^=ByD<6kan+dH%3)5ME(ZbprlC4K58r_$LPk6(()u%O!*& zPNy$W>c+)*kHg2`+ql4~mZ<6xu#rLzn2jl^xhFQzXM3Hb+X(kB$FjmylF}1aZ5~lR z&GmypookB=duXibDnj{M5sm6aP(r_Jd*?El%C1a$plVH?h;{Q z7-(xJU))W6^sVxg00L@TUY{gH*)?=rYR9k}e1u!9)yWHAyi-7-{5)S=cSk$!`V&uw zBrs6YS8_4jg)H6| zCZmTF?8F0UqxQ>#Rk*LyII)zVT zb59icb(m~iMDQ3=V}>@Xu$&O*bICq&ppLb)Pn83+I7)OSqxC>QG_ZoY&pgw|VPF+P z?OnDb7U9}VVtDPjfdya}VOL^WBOzjSjlec3EC`@qm|zHr8R|R;7z(3!$_`oSx{*-Q z4mL2@Y4ms;b9cUQQQ@@E?{SXR1%6)mNNFt}l+cz?>dQXBPHR8*4B+3FguV6vI>Vm!5RT{p?%|cX&S9j2IaSbbU z=3IX5`AtHAc#rK;BFe_VWgmj}Xd{HJ6@O(}BrHmHxy*L*$yS~0Y{U4x#}s52YW|=b z-p&MHxDsZLuzPk{+p^LQd=pt;E5`+|Z|Ce9ZJPDkYoB8D{Z~iL6?&5F$r6K7R9aJ0 zeqBpnT+Xj_ER`+mw;|TtWc^}5{~WfpJviSyjBnLhe;{S*)HFi& z!F)EKvhJr9c3b~C117Y)*>MJMt=9+Oof`CZU*FHD-&RZ61b&r2%KuopyJ5Go2B9%& zAqg%^;P(c3qSg1}c%(`j+(JcZQsS0ex8V7#s>sKd9nSm|?Wb-mM9c=PY)+V$BJVp< z(jFVS|2}+rle)I^p0~1kegzfi4)a5Ycyy2A{DyQ~p%pX6xV)plxVvSj45%q*mG44o zJk{Ax74G`M66yDv9aHH10=HCDchYQbs%(iscw0e0KuA+2E83G+&>lsd`t5%DKtRht z4QgF5fDcTnKQpL7JtZNSt)T{H`%$?N?>7#B+^4K7#A!=r2?T)fTjJ9ZxZGi|)BI;w z(mH<&ao8101CiPpX+cUR9#|h?;`5cpNSZGi8Owd6y-L~EYP$Y}b{|C~)L69xN>H9l zH8j+bMh3b8hCeLH^6cHZ0zcr^TH&5$=j<_lPP_JWv+D!b?9V*nIr}}2llpl%K~_Z& z+05Y>k$o3i^qRcLz-zG#r*Nhc2=+8Bwfx@Jy6*E8v!f+wa@<@TA?gH2KzkWIMBt{u zJN8_Ktw6mESCFO8vmw2;C5a z34wqZuGt6p+c@VxOV!Vp1s&nvX6|r6!j}0ct%7~#1Ak9a@jIIfbbRv%bPwCg1F)b0 zLB#T$RWf9N6NHV~Y&{=R_s3tgKI&fvY#DU$Clg{W9RyLdDT|v}9!smT_6)ZT3l{6N z!<9Zx#yu_sIQLvjbqy6SvS--@NgC|9avk9hz@!NPf#}=fF4Y1FNcz{?_i|sh@^Bl+$=5T@oHf5El&UIrd;+uedPaz1FgUx?7}y2iv;dq;Kd3(?lXHzPF? zx#FA7jVCr#WbZs(TpQm`TJgpmf3@uGN zYU+6{T(5$=&a8~o79Gb32h@2vv-4A9JQye*(P1%iU`K{{eId=rump9BA)msDkYPE4p$7d1^H*dSkq@>I zr2DIq3DEE^9Z&(s=ozz&59Q-(7Y;Xhxezv8Fxx7r)V=KSQ_ISzlJ#=sy zNyj-Q;Iu9Tp@8qK`WW`1u;oaz@R(Or72{AaB~xEAoNfs=MDgr;c{E6oy13JCTx?%n z%`U8z+hUhoc6t7YG0`D``dS#*pjQNR^cbm@HqJgDj6nOOClhak)1mE2a7PvLq?_V? zb)EQgyw?KH&K`Ne=3?c7;t%1;v`+&uSrdyBBBW2$aTl(neZv96KxR}qt2XO!@vC1c zbtkW|nt{`p5lBjhFbKuS9z61TaDW|JC!uyb@}GP2oz)W+)B4jW+PY^-p?l!;H{?81 zXR)`J!hV@x0|nE$I#i)sCwBmExx{PoCW`s^fY40T{XDBe^QCc?tgl9I?%J(RmxxuQ zTl~lsz$(p;b{If6vg&pNYpyn)e=JcX@54JgTXsM!v7RT(^#qeA97+p&GCT@gGwgk-b_9hfxB38(M;_aOg zki+N0>P|IgTTbQHiz>0z5|q$X+dO506gK}3$|uE`W9V_HZL1|G*kDD4HNA^dDv^M7 zR=WISQS0v&o{8usyiCPrbbZI&d04^&%NGb#T99KmfIy z4Qid)AsO@t7S$4}X%kC()7%uybnzQ*SBE?>YZzVjTdajQ3QNxRV7oJg@Ewp<%(#=U zKsK#S(8+_GowMBNJ9>aa5qk4r#0xHG~BnjPXurv|3a2o;y6gPTeL92<@jwL;HKW_7rxNYvo1b&OAc6cLKJBg{} zZhCN>{PQX&-LWcf53_NgnJ2zgYOZ-=0j?sRBDOexi-h&KC8r!>73@1Chz2bTYS$ty zkJ6)c;&1yEY3zL=p0SyJA9VRNqZ?f33rJLk`+N|u-Th{f!hCdmj+4mW`R@y|e25ls zUuP@_Dx8}%NNlPPi%^DL6&xM!!(aw zPOJ~#ihmp3X|P8`0pWggSKCEe0y_wiGNlMG8S=rZN^yp70D;=#b`zf?hPR0^u6Z zn*$wNXv{kvL@4q;m&rELnnqb^hVjxl{{7rT7_HRTLwz7<$D5XJE`@l_I@E#kt|wV`%LXq6tIMf$X86y+mC?`tced6Inkj z>S&_Eh#ZW~z8yRgYDqU*-|Wf6mA<1iB&<7~G1YX8dbe2(&4&lw`f1*H_Sdcg(U*i_ zfqnfYxu6J04U$ODH0io^l}Gt?yLl#!FW{G>74M>COA)<-Bd(1UT=Ln)`ABrW_=z{K zTuI{bAyGcZm~^J=qn5>xs9Vr)JoB07Gu{JM&0dT zBH&FNoJY9$L&kpq0s-ybJ;qE^2cyj<7_?9~G5o}b-Hd}Uf!P&@Uo15?9w4qbjMY6( zRwRaBc`5He&i|C@!c;f3ocM#bwC$Zai4~eKU2w#4@Ca@9Y87$wW}ANMPNflp;iK>A zQ#q^1S#`%VEZ!pAO-avUe4q$b`}Qy&{89Y~&;tatj}SV{F*IR}5Yph|Y01KzHl=tJ z1>ww(m=75s*%lV);AeNil+`+^rSZL8Q0GeJlcm9E8&AO(5)LCETOI^t_O8Qs_)kC) zd`D3s7)X-i3gFUtkg-YEEwHVIs8YNx_2R={;51P2$tZ)G`%@M&GM?RWqHmSYDKyVP zoD}vwS(xDk-*F%T3G4VNv1v;dAchk|x$`^Ib7=@Kn0>h|6O0=Uclb5h0Yf0~S}yK< zTFn)4RVi&-fa3d0T~=o`RiOZ-#SVlxLihvxc<>MgXT9j9pGMMy)2{m_9To%29%-5R z%op;c_c>Bm3%L(pab|_=Byl?>x4v24#JXeiy`D zu&KQaEB3_`e(jjKAXldwgE;$WT3p#^K!=Xg1Q%=rn#?XaxAQs$OabozA44XfhmHmG zy^IUd)+q>yu#g9P;|gK zf&P+me4&}wti(ouk7b;3$grlPHRq>mRA(S9H=n@2AJJM$swI_{Hr9X`jbCb0LBM~a zXlXYJv$qcKPX=;EgvDowqCiQ$y5aJ?YK4JhS+six_>Upb_?mVnf-peNDd-TOw3iRV_`#l6fqiCbZ8P1$46 zPtSSao9?!i{Z%6Z@4X|^OHCE%qP^`iK>JPuIF)t^I(vEM3XpS72%~X7K|@_DdV-a; z3)ETYByl3LWg(Z5DsR7gKeNHkia?}7{~*G`6IH7fRM-zjBJ6o>I=pTY5;Bk55?ks; zoMcIdP0eWVjiIqY65b;KyG^K5cH+@U)*g=2>fYV*(JT0-YCunN2D?`?SkQ7YiR5DW z#{Ye4@`h_K?9-@iD>~MD@BB+Y)W&6`4>YFHq!!`c!+m)g3Zc z^9oHpwUql~&DnvL5q$KjS+=sM{b)l^;CP$1jE(KS_cpM^G)uOVc`6KxjM+iaO?ZBG zlGhtHxsR{P94eq1zk|PiDc&z#y`&qDmc`-u8VOs>{GCz9eG&Pfp*WfPPz=2b- zc&c-Ua7yv+)3psF*xNX_*{e|J@a|m^$VVXo-wAD}-uk7Dd36 zQD*vzSmhXNA?{nAs;~j)d9`*ptb^wmyjkxEg;g_nn&fyVg}b z(AN3KjXLCZ=ncmdt24C7BkhQ<=d)Ou4Aa;Tw5mCC3f;Hz4Sv@?DBGR11a~}+h#B!g zmi;w8?3OIwLZjofc4L-*Bt-FcG{oNbXJ9w{Sjf&GJg;ETs|^(~k~q8LJf^-FSUO1T zH4$cOb{b){N^}XeWn_SaRZkL=wHFU#^FExw=>~NTrUzkyc>I-3f6Jq3ZK1)-T?9A% z72N7n&V+|#uzS&GzL+z*HvWenV2Vj;1bt+AdmF@DVIa_0kJ;zqj8l!P`%{-?C>{LP0eNXl7Q!Hkfv0GFQ$fNb+MjohPK6{AS z@1*9#jQcpJ6dMpl7tS#S$>`sxjM|03+Rv_hJga)f9KQ!d(8JiV-{a6ejv| z8p?QcV%HSCN>INyJMDT;djmtSH$drEkm!7qUE3`K@vvE+Q-EQas(R_k490E8#L~B-cV8!}|Uq;4o6b&MOQ+ zLvRBiy79Atun<$Kl(+r?moE1JB54&eEirH3VA!nYl!_pDXpJXi8o7QMq9GD0k)s zz%=Ze?#{bu$)l35@0E(N34X7+MqX=Y~Db?E32HGpG1BhxfTX-6K7$nO4VB z)I?xZZSg-7MpjGEZY-h2>a{CcdxhLS)l}7t%cEFG#e#My_36LyfG@QR3T)0ESXtdr zXtndd7IiCK%=u`Y=ECq@s73UPh@;$SE)9dXDpks`R>^%VTZh*VWA0_gqg zW+p^Pg>->O8dpr?6AK}Q`}~MoaO*rNm{Djn+phNpSnapn=!xnY`Z%j3A*a?*ybSa1 zG%|+6^L^G1F5B+lc>0Q-P$zXyyE>FA=KZ9K>i3@+-8oXR6|UACkv|ZqpuO;_ifM_F zm!&CFTs&aKv9Blx{NKTE;*JTYp6QlONA}+a--UagchpDb?g`0$&eO+~AF&yjpoMf_zyhdWm0?0X?b z<4>4wC3N56#l1+xx#gMkGO!`0U;PCC%t&oi!Qj)6_KruTUMZ|KK^z*BmUzIsujdgB zCN!Gf#O?YE^MuJj?&xhb*=@|V!{a+UuCKYLq?v;tX3V6x@DC8l?l!I@n>e{I1L`Bc zakW3|D=?qPMHV@grD1xipCQ{s!h$^kHT%k=TSC$9v&)EWxYeb^gs2=zt1F7<8Q zc54z$w{Xm$9DYL;yB|8C=?iteq%1X-v0N40QIPEAArWnn8y+LMt94!idx$NvESjIi z+V!>AgsXoWw6+OY?A}lIsahOJLuzz>OX3LiN9?)eh9?WGqSuT-IyX5-|yI z9_TDu{<`s%RwkZNdwgnyPrHgAIohmB&Ld-SW zWEv#rw?k8gAF71;r3>RsfdfmyzBNVIdJ|Gs1Z@KY<8v1N!z``sreTc^hKzuP8(H-5 zu_u&_=g6tGNXR>3$lf^F6eRJth#q}|>q;7PuxI1=a%H^bb*3?o4t+7??35VPp@eGg zPx@*N@z@M@;C1;b4J63!|IWj9HPL}p3QYuqZ>17f3s%%7I5~YA*CdTMN%yOZqS}_4 z-y|Npx}cY5sR#2;`|51qLGloV5^q*nnd~rX;8G{v62ep<&{1p1314~BIEO)pu=qn0 zb_nZ;%XqG>W!}kL$c;SXg3pX7_vJUf>m1-BhqayK+sx2QJoUdqWU+Y$pgj=gyq5H| zoNMuP?Ke(gS5bRX7#F)KdQ4r&fglBa>%JmI(PKKMn45H~Nw3-hm~w$Ux+2=yl;U>E zK|UA>5*)n60C9Z`xzE5~xZR((+Hffam}P8U=|su@3m%lUDysJuTyE(pFUfGWTce}D!*2q0KF!9eP*dqB^e6~Y8g^Zk$xBk% zBLZM>AqoywS@%U0_j}aUNd7qD4zwFCcDqRSSN|imiJX>djFuUXNQcZezBOph?7>=2POhbIoq<+^yuoxiMt&m@p4*>JY$r}CtmW+? zkJ+Ro>E6dFsG*bac%w3XLALfJZB-(SdFT%8h~V8Db1qc{cGq6h7N{uTcB(b|2mxj> z$@sRvF`P4n;lLl1G|0{9t1ie~ixPi#5F05<_lG)(*j$BPvk7uP>5@HTk^nu++W5@b z=ZHkQWx&Bz@fPeLbD%yPo+FCC2%!8r$Tq1;j7}VDTSG)GuXhV#be;nP^0%kxx?$Dwsv<_cGqCC;EylB;EmiO_ z7~o87T65~uFE4rH2-891gcr>E3^k3faP>wWhJ3jeeJF?-*R6auL+F0Ny9oog`Ljpe z!$qmS$k}1y6YSZGZoDajLdC>1b_b_LYRNXX*kAeE|Znq+3$p_S#|XVz;^CmvJ$8L`7&9u%fzHhNb8D{ zsWP{S4VsR8=Q0K8sm)+D{jr~gOyGJgIOJipP?J9lP?lmv+RWlU7 zg5z{#UUp6gk0TNR}bi$_Z%a*9k2wj+vl6En95Y_8<@s|u1)4H#g(dT6< z4|s;#4a$Zv-8PAvN?kFz{yOo!-=(UsQp!p#Xu2avIBEUP52`TQW3!*Xu}6N6Ws%` zd6vt8tPRBdQW{wM7L#mDgtCE|egjW0xhVVCsHZ@Xk_c=9rI!q*SQcg^ZiNoDUe6e;2;vhs!&srt5B_%2b<#5BK8&{8Kj-=M z^_?pxbldipdC@M)^)L`*OFV9;zyK47LC3)h1S`15+#O*$yUE$Gs~3pQ0QVHJ*&nnm z^`!%u&P`KfDfo4#ww+&#T87_*u=lEZupu5#M;<9$BvQZ)UI(yg^IRJ##1(}I)cREX zuZPp3W%H37ll-Q7P#&C_uQR$n4?-Ie0)7eq_>Tp0Y)3B46{(=00_g`3OyocO4PpT~ z7M4C2WIopUpAMlxb{9gLG~7vV7CjLh=@)uXK*BLoYNz@9;ZBSHCv0gtBP(4mxrR_6 z0eR_WWG-CRh_m@Y2!mNBRY7c zjUuiCCg}0t*}}lgXiLEbnTg_#G{0q0R4QqW((F^;#`zk!k}9Vl(ch_3S+ANmLDE}! zsNrVSdv`en@RQ6^*E)2P>%Yyy2(Wpwt}<(>Ts87PyPx9*_6bKzHK3qDS{;cB(Z`n` zHRj8ckQ*fh^7&}9kZoak6!gjUai1Sb%nO^be+tQ^1#0b2zO8b8-c&pzhKrIj%d7Wq zFq0~{P}-+$45F~Y;PXS&+heuvMVSm!!`j zGchmQgd*(XpQU_rvyHoTV-KH+VsGVS@72_(36M(xS)km)bO4R@_jiovtodz>zqSK& zM8~@Mlg!JXKsV&Xu#ARi004BY@8}Uz`y79NhEKNiq~YY11r||GaWfIb4-e578lPsS zJq(sqxFs05Ge+Z)PDb>pIXi#YL>>{xD-bz;-3^6s|eb95%As(4nCZ2&$aKy_ef_AKk_}8O`Wf&i2rv zGu>zJiW$BcxnE6t3XLq(`r?BGmYq3qnDyqW%vn%NAaY}Q0)9WIlWT#(;CK3L#LmSk zOviRP+ilQzn1*L3fgU@6NMkr@o?Kh3{ptTO*&~8 zY+Do1V>CmtD;uoSOV9uTwZN6QDVe$MYptHjZ^1e<_}Y6&UU&q4oIV-vWTXbNdOHMp zb?pTM$-L1Hg86*ZnuYaza0s;Ul613Mu6kj)1F&0}^hscEoU4+LhHp%STKKbE5MM8) z?t>>o&5MIX`(?@HEdYf_8;nJ-XKF_a84%E&`9cby()~oJJW}n)*hYor5B)H{Zgs~P zq7o?=CZ<8%5sByRO%c%P5{Z?q(6JCu%gC7Ir%BoAUR_4_gnqcj8h4>x04zDw|MlX> zz*t2Mj}yz8p5)2`>n(SeFvEwSeI4}b{+zPC9v7-!ZBMj=F9V?82Au?G~2 zSA*^h`wkE_uG0TCnqUaITNin#^tr|e2zZBbHx!@!udt~>m?B=(2H{J*R&FpkjwTIW zDQMs^QqrA)5HaGj7$~ScvQ`d_xk}a2FPeyZLDf{ZG$gXTDqrYVa+Cu2lK_F%eiz+U z7uSZ6ca^r}5^w`>U?spc*r0}!g>a9*?Tz}brfI(H`V_62aVC7;dH>S7%v%ba@TuefX=#nV$1K^m?ppKH$=EpvX6UbjzO5rg29h^G6Lp9swRPRad zEqL$%0j<6EOc9Sv{1}+wrnigQS(q~_emahlIc4bOhO#*6b9da^3%kXOLW$OgfV!1& zPD)FfT_t+{>J!7B?0^k`pMEFXdSwJ-K!kR;Qdtkl{A$56JFMvX^N^e$RdV1l{eM}= zB&W!v=1_A*6cul~O0FaCF_-A@0}hU9=cDz!FOJHrc6vpNp>1H?KmY&=Af5l419)eA z=iBQ;vi4eUkKcVzO5KZ%aL)*~SM#!x5E_jXw|j&-!C1J$%3v6jxp^HV%1m+;8P|RKU86GDTA4v zbd+UO8~bB3tbx1lSX$NNx6*MN`ZNFl0-^%yCl%7rF}0|bEhLI_#0ejuR6?Mim6;hG zJ+C$u%Ql;O&Y$CgMaa%oKZLq>3!@MGNZ%)>Vey=y`TzyjgIVNW%Hi2B`-PL>-eE~* z1z?cSiA<-9e%ruxA*i0TnMgFFZGZsur?A-;%Eq06;hWJ+ z<;-h{r%F<{>QpHb1)i#GLnA=FVZul@Y#s#`r6Uve!DLa-^i|0P@AjqrFJ9N-ikV*)FdOj?*troz*_6%I-;+P^VxC+G`(m$ttS<3 z$1bMJBvFGEYf- zfU=Lr%-!;cp=tm=7V-zutby@~uwuFb&CgbImR1M=0HU|o*C6HI;S$Tm-mlEr`3hrK zT$oNUXvYm2yNTQ<%40yfM>}@4QM{Yq`hsK^bsx(bLU;escJat-e$u21a6nT=Ue0`} zgq*o-f8xz0G)&c3&pv0pG?GDl&xP>$A(dzP*Z0|JeMTGr0000CFA70ZSHhYCVDg2l zGwc+=3?LtON@~tfVz6fFA8_MK;siQnRxt{C4qheA5jtKv@6Zb!=H`e#KSJ?@--e;l z^#Lv;F@1QW4l7UW5nMt;f?jEe@jAT=Q!MF{VlkKi00053F&N=>?tj-QV#65MxuFfh zqVW8k%`p2;O03e@QGH_+%M)>cAu38CIYtB}ucJ5v?~Z1-L^R7vbMDYm-pc3wmH{<$Q|3}l*l zo*G_J_VU;vSOZ*PnY2fw_BeX~jKlcN1@^OQY? zh-tq%dqN^XaHPx%-2B);0K$+0%jG?W;`*Nu&2dxVsY*@nh*#?m0}~f?+z2V0F)KTB zYg3I~zO~aJmP1~tHC*Br@@~>Rn$4WanC{UpO(Nq%LaVsI;Bjk5qyIOyZQ90`;O+*9 z<8a;zFUlfqzgyr20#}**VX8-D5!pJm&+~daln$e*Ku&ePu}_`@D~u3hpGcf@n^xJ9 ztLju4Lr=~>SB3pQZUg9`ZlG?>P2(wY11ceDS*#v(OKn$%yT49}m%KEWK#JA?000FF zOV1_HUmJKTHLSgLv{Kb>+6|hC}Ik?HmGyMk)tv|`StFE`N7@_$J=K9 znKHG%&f~Oq>lO=9Sb=SJvxB+*N+7QRO{$T7c4dn)IzRzQcAb&40yBqxNFMM>2q-Si zbGc&Dt^Rm3H)II-tPNMnP%o&hNoqn!)2@+1VR04`YBeYm;yms!22I~N9sCb6Sj1s&+VTEyV+CK=-U;qFB+m${9%AwQiikwudx<@>Av6VDtZsZ38 z(3F{O#cQZCGRd}Kf>w^O1B#Bq6vp)RFBc2c*$YEIuNe0&vr=+}!PTtE!kfe?og##> zFFqk~P}J6S66iPW&uUvmv2cfv9>s!GWiXKpr3;P5h23aiZ7Y?Jt};p-1IgzX?mM4Izwmi2~S_Cb-utn(`hm2V36*RtCaA-c2W1>uM z*V$1)N-5E4lEh7un55b2b86do^Gagxay!NNg8&n#R^=2Fs$Ip47XpNPIxxNK5JNYk@G1Ut^?pSv~SJ000000d$>?N{6%1~MC1t@7>bRpwC;*`AeMMHvLYbpRQYuR5nAU&)xc7Ge<;ugotTuKMlZylg#!GM%3uh` zLw(dBf#5H8H|=T%+m>iGa{%O(FcL^r$7>Kq`s0~`b>p(&jvF1I8&Z?{1H`DLGJI+U zIXiE?scj|Xzn#b|TETwLZDECNjXr&kZ#eW2{&uR8+BLqmr#U;WjeE}gehOIQV2xC^ zBrR6Yc_aW9TJD#&R3TmEr(aDOSU#bs&FG^K9Is0ByuI_z_l7aAv2@DEUJR4jG-OFh z<_I+S!5pb;QR9cEo^mN|=z(MEIttnY+>Q=kAH01h0uE@|1GfG!WY*05m4dyOXUn-~ zV3UN59_drFYl*0E>Xez8zXz zyxV2H7I6W-wtp+>AROJQNhkim06#dQdXP)MCKJ_W=AaFBPHx)<^1P(&QvilooTo1A zgxLp3E6}&ZQ}xx6j)TiWK>=j9i}|i2ni7)4MQybQ8O33ZA zRWQ?&1RHWN006wer1xtVsdkoYQc9Fw3Fas1-L_J2k z84ni|WSLl?=1f&AL~>j1PA894O{4IEY$MPn?~^Qtkpknt_BMwW+f}ZaoGxeW-(c5+ zX$)-}drPWqCn1-31#aZP01RFCXUI1ch8fA6hkVTWBc#*F*3o7E1$(%yQiK|yWj3{} zJeX#h_rbfdm1VT`zNaS#<&7*i2GpV;#4-r8XBlP8nyp;}H}KhIc(YP);QLQqXd@AK zA=f+sVZQbScmM+nVqL%uJ@5K-G+@z3vj-Syk|DNNzWRsA!!mpHnKXrJh*&^ax@n~S zV?P&N9o<;pUGmdrxd#C?W-$!D?$LbcFMo3w-cM&3<4yhvW_S&~44vle1|@hXX8zKH z7TQ@QPrDSxry&U#vj!PyKYQpSZiKR_w7Hu_ryv*rK7=F4WpF9(y{H3WMr`ZRptT~M zxmqo=#KRr{=`%aEEcAQN-S|>q(A}y>;t9PaUE0h_KahwFJB)-S8-k78e$9> zL{+Q-Y|%`aFRNT&gdQn)A8->TFY-f`FhOzN|EKQy+RH()gqa$-L8-SdJKSqY7M;dB zPBV$3S(mCb{w~<0X62_DxudqwZ>0>;;b_@xcmw~b=9CzCn%lM8^Zm|T*e66^O>hJj zfdtzqj&>-CloL8b7=ClICwFL%a5+~S_{M8T^ks+@SGcwDb!O-H-f~8q-WRJrgN>G! z&2=^LVc+s)z44l#f8K8I^JCC^C=I#X{BXgnc*Anv7Sq*;Lj^&~9;V_;U|t*o%#GM6 zzRy4aotIs{t6~DBkCA6@-*M{o_c$Jw0{I2Hs}^ew+hP5|0yb}|y78j>g zp=<}DP1GnBM__1Zv?kqhQnfP>MInVJtEXFMZ!h-3!kwFet2AN}9tx{8bSTxgC6`*a z);WKctren1iqPfOz(SpqBTKb+HqRZ4J7?LF8Aw`+lP(fBTYJJAl;6Bh$6(4v$z?4J z{(h)B?Evho15OSBKe=MIJsy~I9J~kkJ5XI zhV*J}ulRQK1Z2;43O`G3{by`?!%F_x%<-Jn!>1Q~)x5NN#;&H(l%Mp7cb7xtyIxiw zL0I44luc${43jd?O=CponHE`TKjFxR;M)sfYW^1}P#vUF<|F6RMk^ny&Y^3%-$6yH zC@P5rxXW7Y!c^Xj8wiXll}lh$K1SB{#r;hPEl?X9oLrmWbWbu{UpnS9r4d#T4*cBy zeJ?)Q|A;bArxtsy53Te9RdVoT^86##JA*j9mXGPGT&x@F^|C+mPOO>4!<)MPdB&~6 zVTReMgX;1;ejnG zTU=PfC|~EEKG4>0Nzfyt>$=^yRQLf0V`MG#oNC6X9GF})s;ETo45u)iLDI@$m>eyv~q#u%`En{m?(OYqcSo|Q69zjpVp`2!}kIt<^6bmfT z(jWi~5t~F|5p*<1*XM^6e^L+_v)fAte!bYR8}Xg+R&TXRV@ar|j+Ip)F_1UkwHVsr zb-?SFW=X_8M?k&A$f3&B0N7cu3ng$&t5%3FBP7RRw>%G^04XjzY-Qd!F|U*Sk9Lgt&i@Vf9Ju$cSDh~8v3$gya)~HqZKJ7v;p;(l7(>sfityX^N24PzZr!=~jo7=~ zobxy<=IEOS9-2Sxs3}LE0kLAzM&E6+SQzf=m=Z>|Kl8a;kviV>h;+X6SM5a zg$&gQJ=t=8U;>TrPjMWfe|)#33}e>!W*Q{G)8i?F6K|azU=%o{9Wjc! z#Qh5-Wzo%x1;wiidAU$)<*=cAHiRm0JAv=Q2U;Tb0M29%WFE zgKYToJM}8kB=jI>Rf@DXWBbR#)?q0R?X5O`BYLI&0{S`7?$APEsj^I+F;f%ay7$^4LAo=}iw zkYY(@<-54zKf`?G+4#`^yN404pb2445CsTbogGu4vRGTsl>y9Zg1$(1< z=WU+QCi@V3k_F-O#viyyrzXwlxb~1Th6m3O=#8z5-1>x8!i6xt05iF>f$9M%vAXf; z5`k$n;dt+LKMMm069mKU&jEVE&|QRn#{*Q$cB-8nzJ$LKJ%0MTic|E$da0Tsr6z1?&OB zKm^n-C7;(%t$tR2tR(~UkB+Pceu`}>1g{a%fp`N97`)Hj zCb@w)yD2%$KguOaWdo?Y8huGw(sC#K%B2m0Xw1ireA|2Du4eGdfd`-0l}R_;0dID- zK*CnmxRAltC#IamNe=`I*@47%27mwt&0n%?uJ8dm9%%f95mX>?SE8c#41m4zN1e$Q z_A_x?*q;cHRVGJp)l31srq|oXUqfgw5;LDZ&Ow1l?$uqE4K0-xsu&6D2ZMdSW!C?q%NLD(_`{uv ztQfSiKxxa?uM4bwk)=t7TSkP7O>pzS2Kzw*iYUa-M9F&&asWgMF_Hy~=6rFHnlC9_ z>2~fm2jSviZ3^Z*uXfSim==&FbJAE$crLzrbkol26O)(~l9^v$ws@%O+*MqxV92J` zpCU;d2&h$3f@oz@u<$3@${roAn)t!m!!~A@FExQRR*wnu?I;>x;7zV7L!KT6E=N|y zrCSIq+r8$SIB)<0kDR)%DW0P1>|WCSWL=d7ZN04+Y?OWv^2bLa>~1Z#!9pC6LKjc>Y;`N7Q8vGIrb0u%u>daE!c~$2ua8mW+e8VmrkU2ANqH37122y8Z&nQ z5t+rFw|xpxD7siU1W~=R z{1|R{Iuw^bYZ&+A=1&zfx9}mXiIIcsa>J8{62Qss6m(5d8)dq?1B}y%d9oh>0s%`a zP}>~-GhuPUrtzDa+EVK`R_@r#2E1n)03`yAmm*^oAHGy`#g<#dq;reLJjgvCSw~)! zb19zn?Lu{2&0doHCY0l;2AH1d9K#!_zv$yU$Z+8WuMg zGeom8UZnZ`L&(obAt&_@BRwRD>X(JETvH$ElO9tC<(?I}=j)|xvppwl2Ww9(>aH4| z!q-ian@|dLbpu!E2YeLg?t`xC`bkYcwMr&mt6B!{E<*nGWS4_!Y3udjoXJ*V ze!!`ccU+Gp3;F&I=+IUB)6RA&S23HK<=j5uL~hv2W}7)efKimCRl*ND3#Ol%%Sm2c z#qhl}+e3CU%g<`f+^ZzgYN#Cw=SP&m?CAP8Vl=Zx&`jxpAUD44ESCLBi(DfQY@3Sm zi2&4tm<_3L9v#+}{)PX|lBKen?`TX5cl97uIXby$qH}nouv6yw{5o(ol<4Zv!N1Z& zgMQypeys_@(CS{{)(7DO7Qkyl-X-0e9d%+#;J!gL`67< z$$zE#$h%qws(yX9Vw2tNpY;!n>7c=?uJ3Cq1pyANZPvk*;XQwl4;y*aO(avQmb?GRWKS)eH*F{&@jOjR6y1T7rsL)h=jNlKzV3)Mm zUOvcf7McZR;KE{{{1X?p&fGkNFvxHKtdQG8^r|lR31{%>(;$!bGrU?qxg(w3Zd`un z&`OuYxmxQ<#g+6%dOf)!j*Vo7E>IlC&`mOEzirw=qyFE$=05+var*Xx4t)P{+c+gI zOq91Z;Opg2%OsXPyJIlKyR4slSIptw0m9DE8x*>(f%#QTm)up1`fClVkba>v!)^3R z$S@|6_J3bvG#nnI496OAHlZC`Rh2Ap>AEk@5Q9?5w&X$jo!-Sk<;tO}M+aesJg_af zhM3LK2=%{boZMvcaId4NFN@_~c)>x>@L5Py$fQ%qdw>~>o7d*&cNS9td*Gm1qpTW^ zx#<>lLgFVO!jyor>y@Glbyvo|Ktza>zwT#l-ZtrE-KAzW)yLbd`Q*|)Ez!$(A!z~`2yT=3lL zqt09ft3}0@p)GhMJ>_v=SC7^ma*OOcJyJi|2gkQiO@7x*f-r{Mo@TP(V_O?gTzv38 zqjOlt#AZ`;lNuKQ0bX6N?BR#%w<(7TN-DFEM-+skeC?Ou>%%6u%eaS)R`{a~#H}L@ zKIL>8+y`1@j|$0U_KBGWYv4c&KhPiZO^WRNP%-F!joLHsfDF-a|Bi*7FV;5`!)^Xp zlbTY2&8X2+n}Gm;8kPx0$Bnb*5bhxW@fTidH%+&rCrCx2#Dj z$k_5v1+GaW<%v>qNj^pyyqWTFsQ4QmRViuB*)>1>LVcbM6#bL&D;hV^on z*u0&cH90V3Fq)iO>a#XBl||a ztZUZF{W5>p+LT186cCdKG~or7g8il2QVf9tF;24BC3hCa$}R%xXHiL|9YGyr`&IZU zE8_WZ+0OE{bG;4(@v?bnMdf9O`aQP}Vt|Pq&#r^maW*RC`+DP>36fOE+b^P2-6HRf zk$c(=AMvl(yMu)3-D3cDgv=b2So8f+r)LFd8AcE$WUEF$iAY-JiE)fMVlDC+NM_%BQ^&miD|VB5Usau*zXoVK zqjtn_Kn}wt%WaU0dTq3n&E6r!^L!~2^U^3ZqZXrr{LC4o`72wTfas>Gwdr}LkLo~U z;l|#7fmd!r!;@+wiiX7Jd`Sztoms*DLSDgJrvyC^ zR*w#NA+)sCX<_D8O6%cxJ2{&tQp_;HzjY0RJoJ&2!6c9OVV9tEY$Yxht7HNLDHPP& z{VM~|Q1+2gyAQmLWpfytGXmUWu?%?D;@2L2JxcSMASL>5O-wIN#fP{nVG4`Ox-`o! z!wv?LQ{tlzTzc_~O3iG4TM3oGrTv=ka3}EpfEq?Y|EE1E4Q~3dSYoRwp*X>*=7&Ij zZOWhiDS0xf)ffXfz9rT3({@c-WotLd{SoB_fPHxBW0!z;oyiAlU&1ZbCxhQZ^J=`rSrHz48w zDAwqPjWjMaymmsgfMRKaXn-3ah_z!+j_`-}HMg{yuW_p;@Na?uQw#2_un3+DXm-xb z&>VOimb@+)raA~V0^g}nN3HU$Su8V2`#n8+0_GvqF2BXA!Ag6lZq0cL*4s|(jFD&k z^ye!;-@go~>AE!aOKP zpjl`_8;u57+V0D&;q1@L^9jICyS!*NmTfaDYvQj|N!7tY=AB_p*SnH>Pl31gd$`Ii z(dqI~eAi(ex@O=B51c5gDXU`mT78)dLBjIw~5K|#nrc5`Tt(sEwq>HqV zQgt35L5vYJYw8Ht2)VrCGhEl6cZGx>n-lm;I~poxsJ=SeaZ&~*;`&!rfBxE~j21^@ zU_Hp!>*^@58j?uJV9=-8ROTZUnJASI`6EV@T(AXuBjK{$N>)yO4zcf~sI!0#2|HB4 zAqk#eLwzUpybe`4@6EmayxWTkZa8*@(sH~I(%dgj^RWBTX(N3u4R*<`EwhYh!#lWL znd>}2DH^v|%Mk#O2x|hV``5>G@Z<5-mv!1-tY&MTdtDK~5sr?ba>bdRX^I1`RUIx0whRfZ;sp%8dFwaP= zT{pKA#`h=E=KfE;dF}d7tGODHc5@Zoid2Yo!qW|HWWk2&bh?bww+!lmt(VR#=1+_F z&F+Tqd52MPS#YX?mv-80!E|~2<(6ky7Oq=+RN}hU1wLwJDpb-o>iafG=XbWJolTYBVWNbbjl$vk3P^AC zi}_p_-+kMW*ibQM+g+M^SfCNYG30A8=||WpjjvYNZ#7pHdrM% z;3yLFINe_CX#A+&B6(hvau51K@uoxS4Gcir{D|AHgfE>aO3d%mPLM`7i-=(N%R1)g98)Hcto%#PJ4aBjzt z2r4b1<`T#0Airs1b6AwTS=#U4v?lPbo#9B* zDhV>TkUo7kjd_B)HvWfi<-^0k5^k3q&l>@L_-LHHkutU0R3H2hwFnnL);WqHRYRbf zc=v7raKUt_`-IPDu}Sb@31)_O=*QC&!b7XCgUd2uPnNR?y$vgz<(3v$Iu&)Go{z6~ zEGopZJ45|4sk}X=gmaYFcw9?couN&l)aM8{KsjZYKAv^@7IqH+sDSdX7 zwCGNM+`TT~9m{!>C2JvxzTrbyr5SG720D4JZB^!$FQb@>t7v}kw*I}4x6od=)fS2y zo>h^qepx^|*?jOBjw<*VbJvu#IDI!23&jLC{hXSz9Qd(VH5Z}doXP8jWnRbF_FQ1Z zJ!5Z;h4!9PK+fSOYkV<8%#qC$k`m;`q>fGq)i}<@0v#IHEbAxdYCIDuc|=-xuv~5Z^7CU z^-zF)xl(19!}(vXc7Xj2l}1a~qIyISNA;9`ic6wO=#U zR9ol?dn0VN-dO7uv`Vfu`!GjWBPUpRfBIa=jv|bp1 zx|LS$4??SK+AOt{VI=tsO5+n2V(f==Pm8W_3O(9n0g~3dy;F-TB`o)dTnx>d|GeOF z>E`axBWNAu)NT&Y&ec>te|G$-H!M0sD0WNi-p{#O&`s&<_!HZerIv7w3SkO@^E{Ql zTiIhW@IqO? zYcD?eNM8F%_R{L!^y!S!Htp+1f>O+w;E~VNA;SgCTIriW{8kx&c^E< z`rQ<5-Y)+weuhm!uw1o@IsR4bls6%Sr_o0@;Xf_R|GTxrPD@#rv^)T7?C_BxG@Lvz zO`=A{OkUk#B8X$a^U2sqady)pTfd_{5CexsayaOT`8E;@=6iBx_%vb_XCUi`8xp4k zaY(BCur^uM%M-ElQJ4+Jmz~CGV;TV~8z^JaqcvHt-e3r4yH*a%sp5@>Dx!<1gN(^Y zWmB~%~Lz` zMn1|Z@s`Uwz*V4pO~GC4GtXAefRQcfpV{+ zX60}ocfk|Kp6$#s#V**}A|7AlPT^xCVMmtc)gyv^^=6A2i|qNPQLfn&g+@?Zm*V-7 zyeWXhgNUogqF%B>$Il{NJLyPeo&^;@izze4H5^h?HLgB2|1KXlxKfhEYJQL|eey!=5jFl_ii zHM{*~Tyl^K?^n4$Zf`g=g?rJ8DU#szRe{S8p>s(=?afWykv%H9x$~ zn^xdWktOX0Y~V0ubP3dah*v^7?{Fu@%n$97Fz$h%KaF-(VSL|8T{iIELkT=R$Mielrh0p9e;qJv0R0+>@gMJH;Ud409yh`3OE&`ch zpy`-Muwgzp-Ci&{v}zI&?77}+Sjsl${drSm?gi%`%xj8bv-jZa^s0e=|Aiqo(Y?41 z6zG}}qL(3nO%FN7?Qj4*g0)x1#oHBUEyFUwhbQ0wf8aE@3=0xe()dB2NQQvf_)6Pk zcO^p&_V<^5r2~o}SSK6+08~LCv@94xI}V`BnL+y@%H@zo`J0jl(ch)TYfOUD>OJlL zWUUv0v`y2Xj`XLKgGf?WYJIg`sIh?=nLp3UolNJtS^qhD9PmzgCxPClCu4!*fyEP& zsYH+V>B=jT5wiQbch*ddS8~=CxgYJY2W2;tY8<~Az#WG$N~1aO zgJNeP!@QZl$bi)j4Bi5O00}?c*Ty;pYRej4A|gZW^T z4(M11k`{U=&UX&OPJiiL;6qZOP-_wn_w9pgpgu|HzxFO?VV91wX#B$j53m@pbTA@! zIlO&@Cm*FKx=12O5@8%^N>#q2Yv4h6p$|Ex-0V~Tmpl6Ad!*7UUe*kfjp9WZCM&3Z zu93kkj>^!##_I0Qzfo#1c7LiC;XTHMe!S0Y?LV@u$YRB4I?B0S^c8_#bjVP@CW4W2L&d#=Xf# zZ1u}`?I8;wlf&aH&5bZ6!vJu0rJ0iUyww9o#3Hgan$V=?o`LrSJ%@whB6tTm=vge1 z&D_VTd=pVmp`6~zh42k_;_>EXg1I&Ofa?1TcWDXMlgISwrl0y&VSqWmr5WRMww}ES z!LAu~?r!XpGLmokp122zu%2UJj|0Ytg!A_qlROTb85)e~Oj#sc&jQOM{^&27$Gp5; zW;1|04o?<1<{_S8$dsR>zQR=d{==DIQJF`?dp`nKmdz)aCqhV7no5d(jvfFA(dFzM z8pwWr$Pd9RVHsAGF8|ar?l`b;K<_9Ps~TBm(Idbm)=s;y7Fq%U#Ru#$7~+aYCJ`Yb zX)zpL!TrT4Dh02HJgAd_GVU3tb$m@CgE%@uEiF6});!}j^K2u?M%&xr8HXeL&5_QF} zjV)~RK1I?&5!&;|>m;YtY_PGGqu* z`dr`vl201ynqdLXQu7M^go9&a`)*%DycA!Kvt-;7q>bhgCs)V{nO*yjoS^Cb8>PI) z|0;`G;3(!ax77An#K!M;3#pOSqI-f0Pe3jQD)H^uw}1o{`KY*Wr$0xywy#st#?}6qNUx%B~xOxd=`i3s{jaHVjNudBC z6>P+UNWa6$xS&a%eVNhhzyU2SJfRYc>L&Xk@j3G^!%BHQz@p@{d0HIN6DGgMY^&Ty zru5QX1J@SuppW@sq0g2Jq~T@2kyhNf8L>?4N!1f;8A$2^`go z#+Kt?Zw1k_l9ij`DGHOtg{{zVWcss~fXCSFi< zTB;yU-YGk{6D+*uHw5O{wk1dgV)e)abHK#`J#)R=p2O2H@X%BRIe-Acyj*L<^A84S zi5p-G=^{YGP|Q7vM>)`zwuS+(v{rkMnaB1vDiC%|f5DrY>99bTmiT8XQ-UdoNrN%7 z9q4d)>YqrB8~fwZ2cx&xZxT754r1F(jBhRi>vjMJbc=Y`iR5_9um{o?j{em^!>Gnc zW@-ApWMGO|GWIq55zz?ZA(Q1G^zR=<0FUHeeu!t8o=Aawdsxv_Z03B#hVsBX0i!&#H zbgIrL;dLgx%^+uQ!O|^N<{`4J-42yJV`3lW#{d9zxExlxfLal*U#Ab(^FQ%?3c4^Z z;8oQG8GS$pm0*lLR@t}`t^;OGHY4+LZ0Jj40vM$j3h9%*fymQ{6uX^ zA`6*rCHq&KW`dBBM2FBg? z!UGrp0005Lew*V1oVd?gRb$*-w44MPUkFw(l6#tiaRLEzi`zaTTX^q&tn{OS1cG$) z^l+)EWbNIx)J#>D&#``O!6iHpX`dO5(>u1x2&WEb^E?2`n3Ma44vRg%Q@8sF#43 b3~+4K_D(T?00000000000000000000D^Uxk literal 0 HcmV?d00001 diff --git a/docs/operator/vars.md b/docs/operator/vars.md index 8a70c0703..0dc2488c0 100644 --- a/docs/operator/vars.md +++ b/docs/operator/vars.md @@ -136,4 +136,4 @@ aliases: | VM_PODWAITREADYINTERVALCHECK | 5s | false | Defines poll interval for pods ready check at statefulset rollout update | | VM_FORCERESYNCINTERVAL | 60s | false | configures force resync interval for VMAgent, VMAlert, VMAlertmanager and VMAuth. | | VM_ENABLESTRICTSECURITY | false | false | EnableStrictSecurity will add default `securityContext` to pods and containers created by operator Default PodSecurityContext include: 1. RunAsNonRoot: true 2. RunAsUser/RunAsGroup/FSGroup: 65534 '65534' refers to 'nobody' in all the used default images like alpine, busybox. If you're using customize image, please make sure '65534' is a valid uid in there or specify SecurityContext. 3. FSGroupChangePolicy: &onRootMismatch If KubeVersion>=1.20, use `FSGroupChangePolicy="onRootMismatch"` to skip the recursive permission change when the root of the volume already has the correct permissions 4. SeccompProfile: type: RuntimeDefault Use `RuntimeDefault` seccomp profile by default, which is defined by the container runtime, instead of using the Unconfined (seccomp disabled) mode. Default container SecurityContext include: 1. AllowPrivilegeEscalation: false 2. ReadOnlyRootFilesystem: true 3. Capabilities: drop: - all turn off `EnableStrictSecurity` by default, see https://github.com/VictoriaMetrics/operator/issues/749 for details | -[envconfig-sum]: f319004a92b62b1dad0c3e51323365dc \ No newline at end of file +[envconfig-sum]: f319004a92b62b1dad0c3e51323365dc