From 8a4a1e5548c6d994c08ee054ce29068c9ac4555b Mon Sep 17 00:00:00 2001 From: savagebidoof Date: Fri, 21 Apr 2023 04:39:00 +0200 Subject: [PATCH] Minor organization refactor. Partially done 06-mTLS from the traffic management documentation. Deleted some unnecessary files. some other minor changes --- Calico/README.md | 12 ++ .../README.md | 6 +- .../deployment.yaml | 0 .../gateway.yaml | 0 .../README.md | 0 .../deployment.yaml | 0 .../gateway.yaml | 0 .../README.md | 0 .../deployment.yaml | 0 .../gateway.yaml | 0 .../01-namespace.yaml | 0 .../README.md | 0 .../deployment.yaml | 0 .../gateway.yaml | 0 .../05-hello_world_1_Service_Entry/README.md | 1 + .../deployment.yaml | 0 .../gateway.yaml | 2 +- .../simple => 01-simple}/README.md | 12 +- .../01-2_deployments_method/README.md | 0 .../01-2_deployments_method/deployment.yaml | 0 .../01-2_deployments_method/gateway.yaml | 0 .../02-DirectResponse-HTTP-Body/README.md | 0 .../deployment.yaml | 0 .../02-DirectResponse-HTTP-Body/gateway.yaml | 0 .../03-HTTPRewrite/README.md | 0 .../03-HTTPRewrite/deployment.yaml | 0 .../03-HTTPRewrite/gateway.yaml | 0 .../04-HTTPRedirect/README.md | 0 .../04-HTTPRedirect/deployment.yaml | 0 .../04-HTTPRedirect/gateway.yaml | 0 .../05a-FaultInjection-delay/README.md | 0 .../05a-FaultInjection-delay/deployment.yaml | 0 .../05a-FaultInjection-delay/gateway.yaml | 0 .../05b-FaultInjection-abort/README.md | 0 .../05b-FaultInjection-abort/deployment.yaml | 0 .../05b-FaultInjection-abort/gateway.yaml | 0 .../06-mTLS/01-namespace.yaml | 7 + Istio/02-traffic_management/06-mTLS/README.md | 188 ++++++++++++++++++ .../06-mTLS/authentication.yaml | 8 + .../06-mTLS/deployment.yaml | 3 +- .../06-mTLS/deployment_2.yaml | 50 +++++ .../06-mTLS/gateway.yaml | 15 +- .../README.md | 14 ++ .../src/06-kiali-services-byeworld.png | Bin 0 -> 36171 bytes .../src/06-kiali-services-helloworld.png | Bin 0 -> 33035 bytes .../src/06-kiali-services.png | Bin 0 -> 75369 bytes .../01-Outboud-Traffic-Policy/README.md | 102 ++++++++++ .../01-Outboud-Traffic-Policy/deployment.yaml | 57 ++++++ .../01-Outboud-Traffic-Policy/gateway.yaml | 52 +++++ Istio/MeshConfig/README.md | 10 + Istio/README.md | 26 +++ Istio/{istio-classic => }/ingress.yaml | 0 Istio/istio-classic/README.md | 35 ---- .../traffic_management/06-mTLS/README.md | 9 - Istio/{istio-classic => }/monitoring/tmp.yaml | 0 .../01-ingress-proxy-forwarding/README.md | 4 +- .../deployment.yaml | 2 +- .../02-egress-proxy-forwarding/README.md | 12 -- .../02-egress-proxy-forwarding/sidecar.yaml | 14 -- Istio/sidecar/README.md | 47 +++++ .../01-namespace.yaml | 0 .../02-deployment_1.yaml} | 2 +- .../02-deployment_2.yaml} | 27 +-- .../03-default-sidecar.yaml | 71 +++++++ .../__02-egress-proxy-forwarding/README.md | 51 +++++ .../patch/patch.yaml | 5 + .../__02-egress-proxy-forwarding/sidecar.yaml | 62 ++++++ Istio/troubleshooting/README.md | 11 + metallib/README.md | 48 ----- metallib/deployment.yaml | 9 - 70 files changed, 823 insertions(+), 151 deletions(-) create mode 100644 Calico/README.md rename Istio/{istio-classic/simple => 01-simple}/01-hello_world_1_service_1_deployment/README.md (95%) rename Istio/{istio-classic/simple => 01-simple}/01-hello_world_1_service_1_deployment/deployment.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/01-hello_world_1_service_1_deployment/gateway.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/02-hello_world_1_service_2_deployments_unmanaged/README.md (100%) rename Istio/{istio-classic/simple => 01-simple}/02-hello_world_1_service_2_deployments_unmanaged/deployment.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/02-hello_world_1_service_2_deployments_unmanaged/gateway.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/03-hello_world_1_service_2_deployments_managed_version/README.md (100%) rename Istio/{istio-classic/simple => 01-simple}/03-hello_world_1_service_2_deployments_managed_version/deployment.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/03-hello_world_1_service_2_deployments_managed_version/gateway.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md (100%) rename Istio/{istio-classic/simple => 01-simple}/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/05-hello_world_1_Service_Entry/README.md (99%) rename Istio/{istio-classic/simple => 01-simple}/05-hello_world_1_Service_Entry/deployment.yaml (100%) rename Istio/{istio-classic/simple => 01-simple}/05-hello_world_1_Service_Entry/gateway.yaml (96%) rename Istio/{istio-classic/simple => 01-simple}/README.md (64%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/01-2_deployments_method/README.md (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/01-2_deployments_method/deployment.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/01-2_deployments_method/gateway.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/02-DirectResponse-HTTP-Body/README.md (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/02-DirectResponse-HTTP-Body/deployment.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/02-DirectResponse-HTTP-Body/gateway.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/03-HTTPRewrite/README.md (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/03-HTTPRewrite/deployment.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/03-HTTPRewrite/gateway.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/04-HTTPRedirect/README.md (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/04-HTTPRedirect/deployment.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/04-HTTPRedirect/gateway.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/05a-FaultInjection-delay/README.md (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/05a-FaultInjection-delay/deployment.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/05a-FaultInjection-delay/gateway.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/05b-FaultInjection-abort/README.md (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/05b-FaultInjection-abort/deployment.yaml (100%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/05b-FaultInjection-abort/gateway.yaml (100%) create mode 100755 Istio/02-traffic_management/06-mTLS/01-namespace.yaml create mode 100755 Istio/02-traffic_management/06-mTLS/README.md create mode 100644 Istio/02-traffic_management/06-mTLS/authentication.yaml rename Istio/{istio-classic/traffic_management => 02-traffic_management}/06-mTLS/deployment.yaml (95%) create mode 100755 Istio/02-traffic_management/06-mTLS/deployment_2.yaml rename Istio/{istio-classic/traffic_management => 02-traffic_management}/06-mTLS/gateway.yaml (66%) rename Istio/{istio-classic/traffic_management => 02-traffic_management}/README.md (54%) mode change 100755 => 100644 create mode 100644 Istio/02-traffic_management/src/06-kiali-services-byeworld.png create mode 100644 Istio/02-traffic_management/src/06-kiali-services-helloworld.png create mode 100644 Istio/02-traffic_management/src/06-kiali-services.png create mode 100755 Istio/MeshConfig/01-Outboud-Traffic-Policy/README.md create mode 100755 Istio/MeshConfig/01-Outboud-Traffic-Policy/deployment.yaml create mode 100755 Istio/MeshConfig/01-Outboud-Traffic-Policy/gateway.yaml create mode 100644 Istio/MeshConfig/README.md rename Istio/{istio-classic => }/ingress.yaml (100%) delete mode 100755 Istio/istio-classic/README.md delete mode 100755 Istio/istio-classic/traffic_management/06-mTLS/README.md rename Istio/{istio-classic => }/monitoring/tmp.yaml (100%) delete mode 100755 Istio/sidecar/02-egress-proxy-forwarding/README.md delete mode 100755 Istio/sidecar/02-egress-proxy-forwarding/sidecar.yaml rename Istio/sidecar/{02-egress-proxy-forwarding => __02-egress-proxy-forwarding}/01-namespace.yaml (100%) rename Istio/sidecar/{02-egress-proxy-forwarding/deployment.yaml => __02-egress-proxy-forwarding/02-deployment_1.yaml} (96%) rename Istio/sidecar/{02-egress-proxy-forwarding/02-deployment.yaml => __02-egress-proxy-forwarding/02-deployment_2.yaml} (65%) create mode 100644 Istio/sidecar/__02-egress-proxy-forwarding/03-default-sidecar.yaml create mode 100755 Istio/sidecar/__02-egress-proxy-forwarding/README.md create mode 100644 Istio/sidecar/__02-egress-proxy-forwarding/patch/patch.yaml create mode 100755 Istio/sidecar/__02-egress-proxy-forwarding/sidecar.yaml create mode 100644 Istio/troubleshooting/README.md delete mode 100755 metallib/deployment.yaml diff --git a/Calico/README.md b/Calico/README.md new file mode 100644 index 0000000..cf13547 --- /dev/null +++ b/Calico/README.md @@ -0,0 +1,12 @@ + +## Eventually + +https://medium.com/expedia-group-tech/network-policies-with-calico-for-kubernetes-networking-875c0ebbcfb3 + +https://docs.tigera.io/calico/latest/network-policy/get-started/calico-policy/calico-network-policy + +https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart + +https://docs.tigera.io/archive/v3.7/getting-started/kubernetes/ + +https://hustcat.github.io/getting-started-with-calico/ \ No newline at end of file diff --git a/Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/README.md b/Istio/01-simple/01-hello_world_1_service_1_deployment/README.md similarity index 95% rename from Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/README.md rename to Istio/01-simple/01-hello_world_1_service_1_deployment/README.md index e13e411..794d4d1 100755 --- a/Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/README.md +++ b/Istio/01-simple/01-hello_world_1_service_1_deployment/README.md @@ -14,7 +14,7 @@ https://istio.io/latest/docs/reference/config/networking/destination-rule/#Traff https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings > Contains service account configurations, yet they are commented as not "necessary". - + ## Files @@ -94,9 +94,7 @@ gateway.networking.istio.io/helloworld-gateway created virtualservice.networking.istio.io/helloworld-vs created ``` -## Wait for the pods to be ready - -(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment) +## Wait for the deployment to be ready ```shell $ kubectl get deployment helloworld-nginx -w diff --git a/Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/deployment.yaml b/Istio/01-simple/01-hello_world_1_service_1_deployment/deployment.yaml similarity index 100% rename from Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/deployment.yaml rename to Istio/01-simple/01-hello_world_1_service_1_deployment/deployment.yaml diff --git a/Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/gateway.yaml b/Istio/01-simple/01-hello_world_1_service_1_deployment/gateway.yaml similarity index 100% rename from Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/gateway.yaml rename to Istio/01-simple/01-hello_world_1_service_1_deployment/gateway.yaml diff --git a/Istio/istio-classic/simple/02-hello_world_1_service_2_deployments_unmanaged/README.md b/Istio/01-simple/02-hello_world_1_service_2_deployments_unmanaged/README.md similarity index 100% rename from Istio/istio-classic/simple/02-hello_world_1_service_2_deployments_unmanaged/README.md rename to Istio/01-simple/02-hello_world_1_service_2_deployments_unmanaged/README.md diff --git a/Istio/istio-classic/simple/02-hello_world_1_service_2_deployments_unmanaged/deployment.yaml b/Istio/01-simple/02-hello_world_1_service_2_deployments_unmanaged/deployment.yaml similarity index 100% rename from Istio/istio-classic/simple/02-hello_world_1_service_2_deployments_unmanaged/deployment.yaml rename to Istio/01-simple/02-hello_world_1_service_2_deployments_unmanaged/deployment.yaml diff --git a/Istio/istio-classic/simple/02-hello_world_1_service_2_deployments_unmanaged/gateway.yaml b/Istio/01-simple/02-hello_world_1_service_2_deployments_unmanaged/gateway.yaml similarity index 100% rename from Istio/istio-classic/simple/02-hello_world_1_service_2_deployments_unmanaged/gateway.yaml rename to Istio/01-simple/02-hello_world_1_service_2_deployments_unmanaged/gateway.yaml diff --git a/Istio/istio-classic/simple/03-hello_world_1_service_2_deployments_managed_version/README.md b/Istio/01-simple/03-hello_world_1_service_2_deployments_managed_version/README.md similarity index 100% rename from Istio/istio-classic/simple/03-hello_world_1_service_2_deployments_managed_version/README.md rename to Istio/01-simple/03-hello_world_1_service_2_deployments_managed_version/README.md diff --git a/Istio/istio-classic/simple/03-hello_world_1_service_2_deployments_managed_version/deployment.yaml b/Istio/01-simple/03-hello_world_1_service_2_deployments_managed_version/deployment.yaml similarity index 100% rename from Istio/istio-classic/simple/03-hello_world_1_service_2_deployments_managed_version/deployment.yaml rename to Istio/01-simple/03-hello_world_1_service_2_deployments_managed_version/deployment.yaml diff --git a/Istio/istio-classic/simple/03-hello_world_1_service_2_deployments_managed_version/gateway.yaml b/Istio/01-simple/03-hello_world_1_service_2_deployments_managed_version/gateway.yaml similarity index 100% rename from Istio/istio-classic/simple/03-hello_world_1_service_2_deployments_managed_version/gateway.yaml rename to Istio/01-simple/03-hello_world_1_service_2_deployments_managed_version/gateway.yaml diff --git a/Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml b/Istio/01-simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml similarity index 100% rename from Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml rename to Istio/01-simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/01-namespace.yaml diff --git a/Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md b/Istio/01-simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md similarity index 100% rename from Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md rename to Istio/01-simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/README.md diff --git a/Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml b/Istio/01-simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml similarity index 100% rename from Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml rename to Istio/01-simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/deployment.yaml diff --git a/Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml b/Istio/01-simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml similarity index 100% rename from Istio/istio-classic/simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml rename to Istio/01-simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml diff --git a/Istio/istio-classic/simple/05-hello_world_1_Service_Entry/README.md b/Istio/01-simple/05-hello_world_1_Service_Entry/README.md similarity index 99% rename from Istio/istio-classic/simple/05-hello_world_1_Service_Entry/README.md rename to Istio/01-simple/05-hello_world_1_Service_Entry/README.md index 0d3e011..adf6551 100755 --- a/Istio/istio-classic/simple/05-hello_world_1_Service_Entry/README.md +++ b/Istio/01-simple/05-hello_world_1_Service_Entry/README.md @@ -8,3 +8,4 @@ https://github.com/istio/istio/issues/29463 Funny example I guess. +Q \ No newline at end of file diff --git a/Istio/istio-classic/simple/05-hello_world_1_Service_Entry/deployment.yaml b/Istio/01-simple/05-hello_world_1_Service_Entry/deployment.yaml similarity index 100% rename from Istio/istio-classic/simple/05-hello_world_1_Service_Entry/deployment.yaml rename to Istio/01-simple/05-hello_world_1_Service_Entry/deployment.yaml diff --git a/Istio/istio-classic/simple/05-hello_world_1_Service_Entry/gateway.yaml b/Istio/01-simple/05-hello_world_1_Service_Entry/gateway.yaml similarity index 96% rename from Istio/istio-classic/simple/05-hello_world_1_Service_Entry/gateway.yaml rename to Istio/01-simple/05-hello_world_1_Service_Entry/gateway.yaml index 48332c1..7e96565 100755 --- a/Istio/istio-classic/simple/05-hello_world_1_Service_Entry/gateway.yaml +++ b/Istio/01-simple/05-hello_world_1_Service_Entry/gateway.yaml @@ -38,7 +38,7 @@ spec: - timeout: 3s match: - uri: - - exact: "/external" + exact: "/external" route: - destination: host: help.websiteos.com diff --git a/Istio/istio-classic/simple/README.md b/Istio/01-simple/README.md similarity index 64% rename from Istio/istio-classic/simple/README.md rename to Istio/01-simple/README.md index baac120..bed5787 100755 --- a/Istio/istio-classic/simple/README.md +++ b/Istio/01-simple/README.md @@ -21,8 +21,18 @@ ALL NEEDS DOCUMENTATION - 05-hello_world_1_Service_Entry + + + + + + # TODO do HTTPS ingress -tcp ingress to minecraft/factorio/zomboid \ No newline at end of file +tcp ingress to minecraft/factorio/zomboid + +Service Entry with outbound policy set to `REGISTRY_ONLY` +istioctl install --set profile=default -y --set meshConfig.accessLogFile=/dev/stdout --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY +(no funca) \ No newline at end of file diff --git a/Istio/istio-classic/traffic_management/01-2_deployments_method/README.md b/Istio/02-traffic_management/01-2_deployments_method/README.md similarity index 100% rename from Istio/istio-classic/traffic_management/01-2_deployments_method/README.md rename to Istio/02-traffic_management/01-2_deployments_method/README.md diff --git a/Istio/istio-classic/traffic_management/01-2_deployments_method/deployment.yaml b/Istio/02-traffic_management/01-2_deployments_method/deployment.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/01-2_deployments_method/deployment.yaml rename to Istio/02-traffic_management/01-2_deployments_method/deployment.yaml diff --git a/Istio/istio-classic/traffic_management/01-2_deployments_method/gateway.yaml b/Istio/02-traffic_management/01-2_deployments_method/gateway.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/01-2_deployments_method/gateway.yaml rename to Istio/02-traffic_management/01-2_deployments_method/gateway.yaml diff --git a/Istio/istio-classic/traffic_management/02-DirectResponse-HTTP-Body/README.md b/Istio/02-traffic_management/02-DirectResponse-HTTP-Body/README.md similarity index 100% rename from Istio/istio-classic/traffic_management/02-DirectResponse-HTTP-Body/README.md rename to Istio/02-traffic_management/02-DirectResponse-HTTP-Body/README.md diff --git a/Istio/istio-classic/traffic_management/02-DirectResponse-HTTP-Body/deployment.yaml b/Istio/02-traffic_management/02-DirectResponse-HTTP-Body/deployment.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/02-DirectResponse-HTTP-Body/deployment.yaml rename to Istio/02-traffic_management/02-DirectResponse-HTTP-Body/deployment.yaml diff --git a/Istio/istio-classic/traffic_management/02-DirectResponse-HTTP-Body/gateway.yaml b/Istio/02-traffic_management/02-DirectResponse-HTTP-Body/gateway.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/02-DirectResponse-HTTP-Body/gateway.yaml rename to Istio/02-traffic_management/02-DirectResponse-HTTP-Body/gateway.yaml diff --git a/Istio/istio-classic/traffic_management/03-HTTPRewrite/README.md b/Istio/02-traffic_management/03-HTTPRewrite/README.md similarity index 100% rename from Istio/istio-classic/traffic_management/03-HTTPRewrite/README.md rename to Istio/02-traffic_management/03-HTTPRewrite/README.md diff --git a/Istio/istio-classic/traffic_management/03-HTTPRewrite/deployment.yaml b/Istio/02-traffic_management/03-HTTPRewrite/deployment.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/03-HTTPRewrite/deployment.yaml rename to Istio/02-traffic_management/03-HTTPRewrite/deployment.yaml diff --git a/Istio/istio-classic/traffic_management/03-HTTPRewrite/gateway.yaml b/Istio/02-traffic_management/03-HTTPRewrite/gateway.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/03-HTTPRewrite/gateway.yaml rename to Istio/02-traffic_management/03-HTTPRewrite/gateway.yaml diff --git a/Istio/istio-classic/traffic_management/04-HTTPRedirect/README.md b/Istio/02-traffic_management/04-HTTPRedirect/README.md similarity index 100% rename from Istio/istio-classic/traffic_management/04-HTTPRedirect/README.md rename to Istio/02-traffic_management/04-HTTPRedirect/README.md diff --git a/Istio/istio-classic/traffic_management/04-HTTPRedirect/deployment.yaml b/Istio/02-traffic_management/04-HTTPRedirect/deployment.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/04-HTTPRedirect/deployment.yaml rename to Istio/02-traffic_management/04-HTTPRedirect/deployment.yaml diff --git a/Istio/istio-classic/traffic_management/04-HTTPRedirect/gateway.yaml b/Istio/02-traffic_management/04-HTTPRedirect/gateway.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/04-HTTPRedirect/gateway.yaml rename to Istio/02-traffic_management/04-HTTPRedirect/gateway.yaml diff --git a/Istio/istio-classic/traffic_management/05a-FaultInjection-delay/README.md b/Istio/02-traffic_management/05a-FaultInjection-delay/README.md similarity index 100% rename from Istio/istio-classic/traffic_management/05a-FaultInjection-delay/README.md rename to Istio/02-traffic_management/05a-FaultInjection-delay/README.md diff --git a/Istio/istio-classic/traffic_management/05a-FaultInjection-delay/deployment.yaml b/Istio/02-traffic_management/05a-FaultInjection-delay/deployment.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/05a-FaultInjection-delay/deployment.yaml rename to Istio/02-traffic_management/05a-FaultInjection-delay/deployment.yaml diff --git a/Istio/istio-classic/traffic_management/05a-FaultInjection-delay/gateway.yaml b/Istio/02-traffic_management/05a-FaultInjection-delay/gateway.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/05a-FaultInjection-delay/gateway.yaml rename to Istio/02-traffic_management/05a-FaultInjection-delay/gateway.yaml diff --git a/Istio/istio-classic/traffic_management/05b-FaultInjection-abort/README.md b/Istio/02-traffic_management/05b-FaultInjection-abort/README.md similarity index 100% rename from Istio/istio-classic/traffic_management/05b-FaultInjection-abort/README.md rename to Istio/02-traffic_management/05b-FaultInjection-abort/README.md diff --git a/Istio/istio-classic/traffic_management/05b-FaultInjection-abort/deployment.yaml b/Istio/02-traffic_management/05b-FaultInjection-abort/deployment.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/05b-FaultInjection-abort/deployment.yaml rename to Istio/02-traffic_management/05b-FaultInjection-abort/deployment.yaml diff --git a/Istio/istio-classic/traffic_management/05b-FaultInjection-abort/gateway.yaml b/Istio/02-traffic_management/05b-FaultInjection-abort/gateway.yaml similarity index 100% rename from Istio/istio-classic/traffic_management/05b-FaultInjection-abort/gateway.yaml rename to Istio/02-traffic_management/05b-FaultInjection-abort/gateway.yaml diff --git a/Istio/02-traffic_management/06-mTLS/01-namespace.yaml b/Istio/02-traffic_management/06-mTLS/01-namespace.yaml new file mode 100755 index 0000000..71be03c --- /dev/null +++ b/Istio/02-traffic_management/06-mTLS/01-namespace.yaml @@ -0,0 +1,7 @@ +#apiVersion: v1 +#kind: Namespace +#metadata: +# name: foo +# labels: +# istio-injection: "enabled" +#--- \ No newline at end of file diff --git a/Istio/02-traffic_management/06-mTLS/README.md b/Istio/02-traffic_management/06-mTLS/README.md new file mode 100755 index 0000000..9f40550 --- /dev/null +++ b/Istio/02-traffic_management/06-mTLS/README.md @@ -0,0 +1,188 @@ +https://istio.io/latest/docs/concepts/security/#authentication-policies + +https://istio.io/latest/docs/tasks/security/authentication/mtls-migration/ + +https://istio.io/latest/docs/concepts/security/#mutual-tls-authentication + + +# Continues from + +- 01-hello_world_1_service_1_deployment + + + + + +Nowadays, by default, Istio will have mTLS automatically enabled, allowing the Istio Sidecars to **automatically** negotiate the TLS traffic between them.encrypted + +To avoid this behavior, the pod requires to not have a Istio Sidecar set to that pod, for that reason on this example we set up 2 deployments, 1 with a sidecar, and a second without a sidecar. + +From the Kiali dashboard we will review the mTLS label displayed + +> **Note:**\ +> If the PeerAuthentication is deployed in the `istio-system` namespace, it will affect all the namespaces in the cluster. + + + +# Walkthrough + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +## Deploy the resources + +```shell + kubectl apply -f ./ +peerauthentication.security.istio.io/default-mtls created +service/helloworld created +deployment.apps/helloworld-nginx created +service/byeworld created +deployment.apps/byeworld-nginx created +gateway.networking.istio.io/helloworld-gateway created +virtualservice.networking.istio.io/helloworld-vs created +``` + +## Install telemetry addons + +[Source Folder](https://github.com/istio/istio/tree/master/samples/addons) + +```shell +kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/grafana.yaml && \ +kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/kiali.yaml && \ +kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/prometheus.yaml && \ +kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/prometheus.yaml +``` + +## Wait for deployments to be ready + +```shell +$ kubectl get pods -A -w +``` + +## Kiali + +## Access the Kiali dashboard + +The following command will tunnel from this device, towards the Kiali dashboard running, automatically accessing through the default browser. + +```shell +istioctl dashboard kiali +``` + +## Display services menu + +![Kiali menu, displaying 3 services. helloworld, byeworld and kubernetes][./src/06-kiali-services.png] + +> **Highlight:**\ +> On the column located at the right, we can notice a note saying `Missing Sidecar` + +> **Note:**\ +> If there are no resources being displayed, at the top left, select the corresponding namespaces where the resources are located. +> On my case, it's the `default` namespace. + +### Byeworld + +On the service `byeworld` (reminder that it's pods had the Istio sidecar injection disabled), it displays the message `No mTLS`, meaning that mTLS (Mutual TLS between Istio sidecards) is not available. + +![][./src/06-kiali-services-byeworld.png] + +### Helloworld + +On the service `helloworld`, it displays the message `mTLS` + +![][./src/06-kiali-services-helloworld.pngk] + +## Test resources +### Curl / LB requests / requests from external traffic + +#### helloworld + +The service works as intended as we can reach the `helloworld` service. + +```shell +$ curl 192.168.1.50/helloworld -s | grep ".*" +Welcome to nginx! +``` + +#### byeworld + +The `byeworld` service also seems to work, even tho the deployment has no sidecar enabled, and for such the `PeerAuthentication` rule is not being maintained. \ +Yet, as there is no sidecar, this rule is not applied, and for such the traffic is allowed towards the service and pod. + +```shell +$ curl 192.168.1.50/byeworld -s | grep ".*" +Welcome to nginx! +``` + +### Connectivity between the deployments + +#### helloworld towards byeworld + +It works. + +```shell +$ kubectl exec -i -t "$(kubectl get pod -l app=helloworld | tail -n 1 | awk '{print $1}')" -- curl http://byeworld.default.svc.cluster.local:9090 | grep ".*" +Welcome to nginx! +``` + +#### byeworld towards helloworld + +It fails. + +Currently the rule from `PeerAuthentication` that requires the traffic to use mTLS, is currently being applied by the Istio sidecar from the `helloworld` pod. + +As `byeworld` pods don't have the Istio sidecar enabled, the mTLS traffic is not being managed, and for such, it fails to obvey the rule set by the `PeerAuthentication` configuration set, resulted on this issue. + +```shell +$ kubectl exec -i -t "$(kubectl get pod -l app=byeworld | tail -n 1 | awk '{print $1}')" -- curl http://helloworld.default.svc.cluster.local:8080 +curl: (56) Recv failure: Connection reset by peer +command terminated with exit code 56 +``` + +## Delete the PeerAuthentication configuration set + + +```shell +$ kubectl delete peerauthentications.security.istio.io default-mtls +``` + +### connectivity between byeworld towards helloworld + +As the rule is no longer being set, and for such not being applied, the traffic from `byeworld` is able to reach the service `helloworld` without having the need to using mTLS. + +```shell +$ kubectl exec -i -t "$(kubectl get pod -l app=byeworld | tail -n 1 | awk '{print $1}')" -- curl http://helloworld.default.svc.cluster.local:8080 | grep ".*" +Welcome to nginx! +``` \ No newline at end of file diff --git a/Istio/02-traffic_management/06-mTLS/authentication.yaml b/Istio/02-traffic_management/06-mTLS/authentication.yaml new file mode 100644 index 0000000..e7d85d4 --- /dev/null +++ b/Istio/02-traffic_management/06-mTLS/authentication.yaml @@ -0,0 +1,8 @@ +apiVersion: security.istio.io/v1beta1 +kind: PeerAuthentication +metadata: + name: default-mtls + namespace: default +spec: + mtls: + mode: STRICT \ No newline at end of file diff --git a/Istio/istio-classic/traffic_management/06-mTLS/deployment.yaml b/Istio/02-traffic_management/06-mTLS/deployment.yaml similarity index 95% rename from Istio/istio-classic/traffic_management/06-mTLS/deployment.yaml rename to Istio/02-traffic_management/06-mTLS/deployment.yaml index 36e6b76..6039be0 100755 --- a/Istio/istio-classic/traffic_management/06-mTLS/deployment.yaml +++ b/Istio/02-traffic_management/06-mTLS/deployment.yaml @@ -8,8 +8,9 @@ metadata: service: helloworld spec: ports: - - port: 80 + - port: 8080 name: http + targetPort: 80 selector: app: helloworld --- diff --git a/Istio/02-traffic_management/06-mTLS/deployment_2.yaml b/Istio/02-traffic_management/06-mTLS/deployment_2.yaml new file mode 100755 index 0000000..ded5740 --- /dev/null +++ b/Istio/02-traffic_management/06-mTLS/deployment_2.yaml @@ -0,0 +1,50 @@ +# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml +apiVersion: v1 +kind: Service +metadata: + name: byeworld + labels: + app: byeworld + service: byeworld +spec: + ports: + - port: 9090 + name: http + targetPort: 80 + selector: + app: byeworld +#--- +#apiVersion: v1 +#kind: ServiceAccount +#metadata: +# name: istio-helloworld +# labels: +# account: +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: byeworld-nginx + labels: + app: byeworld +spec: + replicas: 1 + selector: + matchLabels: + app: byeworld + template: + metadata: + labels: + app: byeworld + sidecar.istio.io/inject: "false" + spec: +# serviceAccountName: istio-byeworld + containers: + - name: byeworld + image: nginx + resources: + requests: + cpu: "100m" + imagePullPolicy: IfNotPresent #Always + ports: + - containerPort: 80 diff --git a/Istio/istio-classic/traffic_management/06-mTLS/gateway.yaml b/Istio/02-traffic_management/06-mTLS/gateway.yaml similarity index 66% rename from Istio/istio-classic/traffic_management/06-mTLS/gateway.yaml rename to Istio/02-traffic_management/06-mTLS/gateway.yaml index 8ba8a20..cf24f1f 100755 --- a/Istio/istio-classic/traffic_management/06-mTLS/gateway.yaml +++ b/Istio/02-traffic_management/06-mTLS/gateway.yaml @@ -29,8 +29,19 @@ spec: exact: /helloworld route: - destination: - host: helloworld + host: helloworld.default.svc.cluster.local port: - number: 80 + number: 8080 + rewrite: + uri: "/" + - match: + - uri: + exact: /byeworld + route: + - destination: + host: byeworld.default.svc.cluster.local + port: + number: 9090 +# protocol: HTTPS rewrite: uri: "/" \ No newline at end of file diff --git a/Istio/istio-classic/traffic_management/README.md b/Istio/02-traffic_management/README.md old mode 100755 new mode 100644 similarity index 54% rename from Istio/istio-classic/traffic_management/README.md rename to Istio/02-traffic_management/README.md index 20c0e28..8fb3359 --- a/Istio/istio-classic/traffic_management/README.md +++ b/Istio/02-traffic_management/README.md @@ -1,3 +1,17 @@ +# Examples + +ALL NEEDS DOCUMENTATION + +- 01-2_deployments_method +- 02-DirectResponse-HTTP-Body +- 03-HTTPRewrite +- 04-HTTPRedirect +- 05a-FaultInjection-delay +- 05b-FaultInjection-abort +- 06-mTLS (would need some documentation review, mainly go over the differences respective to the template/prior configuration used) + + +# TODO diff --git a/Istio/02-traffic_management/src/06-kiali-services-byeworld.png b/Istio/02-traffic_management/src/06-kiali-services-byeworld.png new file mode 100644 index 0000000000000000000000000000000000000000..10118daf186f82352c5882afb45c090b174155d1 GIT binary patch literal 36171 zcmdSB1yGw^)Git-R4An_#S65>iWhfiai;--1S<}~CAidp0tJe@dvFa7E$*7&?g?(e zx#9c%^WXo>l{s_n%)RF_!!X%o?|1FB?OE%2_8a&~SqA?x`C|Y8fG;O2sR{tx3B~?8 zJ-mZ0dHVUjJpk|pASd}z-A#XM_JJ4ScoX}1lIMW;?yT#MyLoH{#)ko4R$Ol5O^xB` z_x!I)j~>0b7x5tv_dA~L#AoZEKOLV(6CcGv-jkN*=a9YcmvY=~Bmqq`W!6g@_a11G z^OgGVUHBja!nnypq!rA3&P%i-<}N6(&)%Ex+`5nb+rsb@g8ic}p?()zNS;BCHE8@9 z0$bGJpN9(oEbvJ3U_X?+f#CoEZumfaY!$2jcdG0jpBLIOB&g=A^8oqM!6R5RKEy&f zVMLGpRPijahU`gWKT(jAzXTWErMR_hj~rWot|G5Ix?2wg)0AROuFHr7vc~qJQ7GrH z{mIC!&U@Gnx}Z(e6|z<16?5>cv#{N3p&04TBMxqV5hzJAac&uM+i|xLK{7;DRn^<@ zpZ9o2ux?ohL7Av)YHE&;jcw#s+0wrH&nGf7F~MN4qtOHbyMCZn1vMGg(y8=Fpq_?C zPAc+6U{?R%gsU!W;n36MU#N(P7xYC11qD`CR!~1EnhSaB%`e3pCh8<4B(X6uF|o0l z8XDz~t!^FPVl~#C$Hu}!YiUzh%IjA5U)uTh?OR61+niFf0j-LTmgk7uQIcZF6ciIn zeTnQNvzjI4za7nmDr{%hS69RTCXn4_0P5-K^(Pf0y-o1`F(2&A33GCCf*LRMZK9A| zy?gGgx5l8o)YsS7(K1jQ8`l55k(HJAKs{B}zkMwK%$9~ndO;8~GqQia(7%bTvbyRZ zQ>B`Jc~=JN`V+KJJ#Loc_Gry+1 z?|GJJzrNGBE##^fR@dG1l_LA$iSIFHp-1>?9rlvlNp4!L2);s~;O*i&Q@9Q}G4hT& z(3d=CIC1cu)IIv;)UKia=A*-WlQl{^8ax+X@49opzajp-+tLAk+3o;bd+D>NmNbDn zW5Nsa_aJGn0zU=VB`ZrqU0hspGZP|$eVj=88rhjOhsT+Mq%H=s@P)NNBUPmu!L$s< z*{gcfvO*#rmp@)j3VGS*W(w|Rx@|7g7+AD9_MZ)D5D^nVdmgfBPzXo$C=_hp_1i58 zzOf6d1gW4+ru>fnSUCB7l0@beG4>kB3iCdS$>yf~`mTL(Hn1X)23>FPq_K;iEZqD~|yhl(jL!BnH+k;!%6FOusq6L7Mu5ERG~Rrr8R zKE0 zT$^dii(yvo6RaNOD6KyVGP9Pyyr}!3KkfLCFwQ&xX1T2c!2%FiFHYhAmeD{ zoB+k3S)4n=v6D)ITa#dNAi4Z8x1j4c_yQNEjX*D=xt_JiP@hWv_|j+R9p?0=GWf>A zDQCLiT+k!^;5uY$k?oPMLG0=3pNRUY(Lq#CP&b>UP_UNWpD2}`6|KUs8+P->pEPtQ z*L8Wejjdy?dt*L3k8YY+c4!C|NpR@cLAb7g@^vvIyWc7~UL!aOc31H4N3p>uMji)v z(q5aM6*SjAzVKL0+Um;R4{b{8Q&{$XU7IU$Ij^f0D;yEX7*dxpW~R3$C$}t!LLKa* zIYYmo^>z;#wOth3A{0Fy&~g%}7t0`DAoz0+s1$lVxMN1(@bjjH89I_Kyq?#SXGFyH zTCrP7LF9*+aDJpJxx4l;yZ+zyJA%-zKY6u1_-c#!6cAXTR26cRhH;k5S+rcCFR_Ltk|9v%`svFxza_nm)Fo1 z@Sqd8r-t8&dCXGMz0nB@)U4%`hUx{Ln&nqBldlL}F3Zf@e6l)RP?-)guyo~ERX#Tu z&vrK-^;R{|5FLKQlcww0nUs-UOjhp*g5ZPRvAlQf7Y0fMwA~wQkY#NARw(YQ`l)2- z#H1N&spC``mXRmsq&vZ`o)yByBqZ^&Bsp>HleR#wK(|P0Q_|JzWt!cFLpmn9Y_=ZQ z-p?1&Ky}o1C6$lV@Y@K5p3d=6u}NTpyo)-}bhQIUPJAfEe^+yjv1KadVhQW9!eLr?998&Ao<_1TZnA6gM@I(lky>rsuwf|}P z!5H>(Dj;{nF3ab`O%eGHx2em=n`Bb~6GUCYnf^DGOZgF5%-A@K{otdL@v(Jce5d}0 zU7!dO1zq*C%-qi(Ux@^V9M6Bm#Ht_yHQXNN%tk~NaLc>vot{OB*-5J3y?h?`7DfgE z8HTT%R~)dem-i>Vkk$vd4$?HmAA4JxzalBPf~t8ONL z8dvv5Cv1gh($^Y|zeJon+UA}-A>yliWlFaxgk>WMl#%Wa=6`|4Z*dv@D;v@o7^ISG-eyzvowEv>G-=xuA zm0^$;K9l2z5~QBbI(D9_6i?++b{sC66b9J31#G%%OFw8yblD7%f->lTLIP^|IdTIG zw0Y0Cd=k!X9z=}_Wyg4WMDm$KGLv(jvAX157_jy620n3x-!S^nH!>XAW5dkt@VL2hTS_VLHN&)m&RXy=tD584ZfrTj z>0{4Y`VbKy)pQfAjxYe4zzd7b<=)ZWEJzw`z@zS_EfB$Ol$;gT4xeGGp-1@_j>Nmq zecV*rf*|s`9K#&zU}JUWu&vNk5*bS_p&gpkoLu5KQ6H-arF)OKn8a$G&zi>m>;yJ? zbImSM6rhMj@{_+-#XG;w4hrkO>0ocCe{Foe*f5z`84t^gw@Q8f7ey#_tXu!%4^BUU z`F64i1NYHV1kW~?#O6LgT1}l|b}?34F*_>8h_`Aok$h~<>~w5$wm!tL@{#BIeq~ti za_eQ^bUol`-RyIeu*7iJ-MA zNqP44A?tN~AjEG2i`znu;@%6On5q5ge8&dzka>2OY;i|l$Q*bSb+rTs1kk#a^$d&- zt9+r(pxi#zSEYHYh=uQgGZ#g+0 zLE58HEEcy2MllJi`41cqpcM_<>A|DvwCTqc&0>z;zlp2$}YdR_HF&NKnvBIM)~+BW)uyzz9uZ@Ogm0qHUl-J$sEYGS1WNrG z&e+2B(3AVvZGoBT!mW!vFP3vqER0p96-fi>@std-z2z62ll$#Sz z((SIZ9n0xKYM(g9tM+xP{!r%ZrjZ~zT;%BcuDWR0RfTXqfjb($xAymy({v5ni zZBpC5`4*wvkk(g=;%a9qZ!SMT&GXU^c+Z_)XNqQ~m6!+BDy;42xZC&(g>1Q62KuRq zm!!#iEPxrcD>xRf@Xv;)s4U*StG4f*h?lw+mD>efZ!licmEAr+F9#*rD}0Y@N0wRE zw8Wyuf#aB+UlV^X;PbaUdKeyTh9LU{`s-pep{BV$+lK_0h)_@DR!7=S#9l5=oi-N} zYEiQ{YAVe4eo&7zp5GqxbseZr4|#hc*!N@)>Tu(!^!In8pP}iIs)SC?L8QFT1pU?` z)5dZN_lYwos94g2uo8HcIQN_WjWYY`w?GJf^danXL#%z89qM#J7{1(14HtrSM~_sF zP*>Am$9iARBN+x8H4>FVccA6Q=3Kb-^ge5EHkK2s=!!Pq?M81?B_Ia{7O6wUr`O09 zdZwSpO9=lkuu(~LY;dbJ7*)5CKVHHSxqB(5(T>^cKatZIBADZ5y=2Eib?ZK7AAOlY zuVR+e8c{?E;>q3xP+Nj>`Fe@Al3#V{*^uzvhU2HB3OY}|P)yUUZZne^)I2V_!{ytk ze?Fa~0jiRwbQQ`R$2zKb@bPBXlfBRkgM{x=Y#-&Qh3GEfo~Q_!gEjU8VDC(W{`Inj z(%~`%ihDaj)jUj7X*~-O&hX;eBP+-9nje&;dQhaYG>>e%YUP@})~4jbY1L9EJcwWt z^8I5l-iDcov!xE_0)VjV>zic;xnlc5B9+_K7$-*QPQ9};H=qIcC(0EsqfY0O)L@0@ z*-N~kLBO8iYuG&NPZVD$guhhiS}b`~cr=bZ0|&6d^#56${9mK-DNkf(hfBsk(R$qj z*#D}b{eLz2e>mr0p`;i6Y-e{B0v|w|M2vJr!0&+0uxMGRmg(eRC%xE>jOsC3ryAeYma zXcu%0g~dQUb)Zlwy65N1w*NMfU}i9^9t96%AA4n`zEqM>z+!W{SL84|o0;Z$4RNj|)=ao$z2 zMoPbIILmwvy5M#T8Qty1-=c7n0$z)N_S{A5P$34CZBus4Rng#?4|4h`_KuSaHN}*`qMpVYcZr|B8*L~> z8>Id7C`>|pBQp|emWy`+QW4zxM7`vv)fIq-eHTfn#7uRWNVBfv8@QfIReI zY)w1sO=uKCFH|oSRlU=X2dh-GrIJqlt8+jLsOy}5hEP9?r}iY!a%rqP#?32t!aG0G zam@CIxGnKE41PQ8w-iU{Yag7I9*1rGl>)k%ufLd1PxU%A+%3r|d>G1T%=rr@dgVPB z=rb;^G4Yg|e_{M^^No{e)!eJ`SC_CTN@KBjXyJ!hdt)gByb_WS_?W5gWaa0hFDcYM zGlP)o<-i*7`NwumVoc(zq<+Z&7DxAH72mp+t+Kj>g(IKlAHfOLQ}|$+D&9(;Fr@~M zp=qaOq}3VhJR){n<$>+&*2+Rdhs{Mwu!HI2^DWf&2hI8_WoAvGLNMAIK5(Vw#po&b zEh0h$&&4{l+rRurugo1?%4AI;Pdfp(Rm-mp$9Tt6o7h~6+f?_((x`bX=6rWzVXf8> z({7%v2(U;!-hVL2Mt$Pqq`h5Z**lyl$J5^^F6XqHJh{HQWVF6e%Xn&}=rfv95d5~f zhRP%RLgCZ8{$z(_(@E_EeRm?lI=-Rl-qFeRPc@~|7@x1!?*+NLoUYCh1ESaI1iMKG z9K?u#Wr+T(wLGau>h&7oLA}MumO{ij1PQ;|tL`!2r7O6(r z__ibOZzRCqz)YVjh+fU?X!QR1OCP};EOz15pNt#A*=^UyP!USZO_i8;Fe-LLRSQa^ z{pvOS2UW1^IwxE73`8O>o z^++CWt3V(10%l`Ot*5mZbs|_@Pbd6h>HPW4(7kQXSiWE)#M7rbp&c)W&oW_3!thxi zg)A3dlB>dPFnXcIdF$>hf9VM@Dl=O;2%6}_QOn1s1)Adh8OYBmW1nLieUs-(DP z(_wpWKA&HAv`2~NrK%7At*Ni07Im;Ow(}i$Up`Yr8k?KD zRBu+pO`uX+xM%^P%Vz4P6E=65Pt=XJU2U^u(hoA{@3jIOcZL-57fHUt>PRYG3<@PZ ztznZPK$Rk2P$8wE0_Mpv>WLu#Pi)=|1 z0wL?#n9<9n@!S9#2SIWbnK!QLk?Z<%>aqn2Z{hX#MCe6i0*%A?Po+)xQnP@jKgdd8 z%iZ<$Q!*FAUd2QalqD+ohxTG*44HXrc{!3QPwQW~AupQ(VBR(3Gz(2Gg&m*N(alXZ z&C;lH3L%lOHZq?FGnCj-=^e1RsjCKu)8lkRdvifMl-cE`&| z$cJfCQ>f@s{#xVmg;ip z`YExFNAn*UNB`d3kHQjF3{p&RJR2v@LO&Yg}fh z;*|+b-I~o$$aXF2EAv}?#j5lkc9yLI5zV4Trckhe{ls~|@#7Z>cPWC6_xxIj7MXr7puT4*Xd|8RoBWylVP|Y8? z%Mdzq$!T@NCow)}Q~bAHDiK)3)>Jj^u4z&y>p2liEGkl4r3TcqpB!JdXm~Vm4i$tc z*zrh158^}gW5In5G{EiZ{TCwF!+O9XpytfvYSZf8^TC{O`>Q;93TLs@?k1tkyTJZq z^874QvPXlNc0Z`+b~ayKmhQil#aM8`yRC=2AX8xoazsA+g1-mCJ?M^2?Xo)UqDDqHxq|E2G5-G`Y zW)y?zuqza)Dxg0Ny`F0IylydIgRVz$f)jyyn5}1zNM|KQH;3qC`f-(5f*OxMp`?hM^sh%lF-giEjS%p-q0I24R>m;o9tJCtL;JgDOf*ban@ z$OVj_=_C3HGv`kn2)>MNOq#G2P&TshgtnmxzC?;R?+G)1R#vVU0&YKlYayc!KjeW0 z3svgdeQu_xBtyWWB6oZ=6UJ|Y{MFY$~D^(~X;gxOq z0Bgm@S-a##+MZ0{ruOC|0=9cB)Z@A159<{?9_XBVSIx(%Jb1Fjhg892gQGUm1C$2; zI9);gS|io?aKpeyis)M@zy6Nv)x@t$VtPK>)AKgQcXD)Vy>ZwwJ6ehn z6Dq{I4>@n+09{|WrXFtyjO~kZSznJ`6{LuG4Dzb}X#Qv;T~+sfWPbPtOs)q~gVH&y zUx{eA(!(|x6+CBoPxZXw^%!A{y&?5b&Qn!zVn9!^m9P4=z^>pGH(b6rub?~R(d=TW z089L&nAFD=Wr7l80<~T`RiNd_b|zKvA9!$lQQkqxb}0s*5DB@+-PqjkXA8BFtnyD8 zt(>)KUEEmVluK@)7ux}+)kiu}0F?|Ho6tkwa}F!8YuMNEP0xHk<3dlx3{zRnTcMq` zeKn5uzN-zV6*OG8yEr<~sty0;#j#DNRTk{mBa!FVNk_keROKA0UOCM>b5tF_KT8}n zQ&&R}d=qIHe9Y8+BP0)ucQ%Fxa1kOxMtgWEo1=AAX<$sUAtJsDZH=l`!&GXC|D0sg zFA(?W0FP|P%+w=E-}zEi&-b>^TDHd6$Yf9%%v#Oo=h2hP zFSAq5Y>N9nvpB5I44+c*ZgkiVLmj`tr2e3s*jTb&-)P)E-CkJ>(+FpXzg?fO+~g9xK^X^~Lv z;Jh3==AQz-_K}IfvtU;Y<(pW8Xifua8Qc7z`qKV>_w2@io9zf}<79!5ki~IXP%`Rq3K0V*~MS6l-RDrjjL3^_+X@Kbboce`wA zu6@$ncjJ3fhg`V7XWy6#ahla!#y>nS$^TPodsjP*d^!*ro#$iMjaPY68B_8S%bsT{ zegeSO+Z@d;D=QmJ74tni zSS`>jS;GD-FB2xv@>(X#S>PrXcVcN=J!E&Dvb?;!l2U(H*XJHImj1Ne-9%(WDgKd+9gBw?zA-*J#i1ST;bFfkBQWobj5P`@TBg{gcq~UWafruhV^g2 zf18TFuef8v+}Pr6gnFhtW`4En=PtnzCi&o`tA!QnH?TuygRLO)>|k@_kU|Nh$vhc2 zkX560t{{<&9_{-{oV@l!afIL2vEVya5vQAUuq znyraa)c7k^CIlYMilR8&c7?wD&V}fc;X~FI;{N9 zs=fW&yP^$ElZC}0jF0u3-dR{QWDE$Eb@g~0uaZNRY|Z>GMbJQFp<%Zdh%9+qUuE>j z)CU_SIXwNjM`3Qj;b@;7mmXB1IhRq}J!!)@(F*FtDw(eZNEfno*o8 zBJXuHx8=%T6{RyJjSWd~K$393Nrms{_l!AmG$e6!49Y2HCHR0L+nf*xbZzlWgT_Z7 z-XQfE|LETYT?=8+9y>uDoj&Jz>YBCbN4&^ov*L;8@p`$9QqR#s-A0w@O|%Y)@+*N! zK4jN^{myErFIZ{j5}S2WI(E@S6m>RkvtM&D@l}_nD`&qABW9L$5_LWk)2z}BmnBRsbey`3Yg^Fb)0VYGNrKUif?1|a z=op$JoU~Czazs#Di*^iBVUW0hN8WJgl|nD|Q`7e{GJ>#vR_oZUC&8h$Bvh3USaf@( z5&H>583`I>VZQ+3FFDYm`bMno0ZU zyJoLMYGH_Cy~aqIx&r2YGNg>$a?5bfRTLIq7yqM7w&V`O{$-(7wvIU4d&|c6;&Tlz z7&MegUJ~mCH+&>_${@#TeDq9u@`^p{OksYS2z*UZU;fsOgAaX$uc{#9(IE7LVWpFbS#w^ZR>K8>3Klsjb*Oa*8xg;6qao7I^2B2}X|4mwy@5J@ca>z8 zTs-Hy5hu-F)ZJ59e-}{M?F>{3-1Sf_eQ(umG*xYW6vx91<0+SYVAU(|Q5>`ksOc1; zS*JsD4iuJGrR)%EPdIB%O}|2<7&dC*So>b&{eZkvzCf<`-5>;0jwx#Gf^9f}BBMe_ zN7aZ!`mpM1DiQZN7;E~V!X`%Mc(B^r*ih7?fAw+Wq__Gi0&3jPYKGf3N?H6aP-L_I z!1FxCIQMGf8EH5ZvY5Gf_pGY@=lnnvcay-2c^3+ETLA|Ce2$H%qci-1RA2J}yLa-b zsgu=f0r|#7MKa29RTDM_>bMnT2jbaV$ySzzXdl!;XtWc(mX20Q;IsS*xx!*%{in{l z{N6LNi4LPpI!nZ_mW1YEl)!Crz0RamGgbx#+4|(n8Ky82@NJ}0hD!DQFvg<1)F z^cb98jsEp8)lvi5(87q$G?Q|{D$pl`rnBd~GF4w6nKE3YvUV}(Nm!DvsD9M=6DTy8 zdy#Zaasrv^Hf62O4uNoSIR$f6#CTd0%xpJX9>bSe`dAr?1X2-cK>7#1R+hF`)A4U- z?SBaFuCOE5kip6;FdqE)bq$ru_wbauHm=WhdoBUH-6ArB1YXKUF)yS9LwTuJ?UO~N z(uZX;MVjadjL&AT)onBiDnc(UOa*p7kk@L&dO)&^{A#1Oy#o5Lai&FL21re9MICoy z9!%xiPUZ2!OG{tz%`dn3p~IgOaG`aG`%xo0DO^SU{W62PJDb$68hSeon~I_Z++)XG z)VVe(A}mZiBos`luBTM&%j_&HZ_+ar-*aiosdEwb#1)9@xNc~U^s#U`lB_WSJ_yA# z!4U1{v6EVgGe@6F+JLbs2DZi=0|Ky^jLfM%qf7B!%SQ zo=2zE+QS07Bo%2f+oKgz-bhN{(!8AMX1f~E!=vDS3|A``q&J#e9#~2gXeajmGsht}~0=w|Za7Gvk5u^%U6zBhcEmahovSWpNvB1XyY#h~v1D*s3V ziv|QvMjr;}>li~H=#qmR-22}h0$pNzvYkO9?nU!RQ?3rMj<1M$^i99687LFT8t7bV zMv$vA*VFgRH!-vB7~ocL((I+*{*HSo7IU2pja`uUku4`B2eYQ%rfzj zL=lxhHt(9i9~+gdDyxcy)}ly`j34ez;Hv$P^V(p=xfj!EK$4`($sQwI@16{{4$q8L zzUjAvh2>>ndu|;idE0OE_S7kAve@cTy6U3GdadVo}k?D?%x#&cr&b9>p4p zLXP%mBqw{(Enf8ZA2!~!)2%^7K$M;s-!i22d?hDn>Z^MUG2tdb6R?W5nw6z#-*fWA z9KX~=7zaGT^*0q5^k3M(*%r;lh8JN~=b5kiz+byuAfr0Wbn#Y^?EI9mU=kj=Y0k-d96c1Y1 zE6bG30K%U!`bftJq@%z^7C&waPMQ-I=Y;;I(oFD=}x=R$a$Blo<>0r^{LOaTXBLm!yEe;zxEoa5N|(i__lk= z{#d2pO`lyRtMrZI>-0@sp5agPLtfd}frGSo=x#M@R+~nuA&0yHd~Fj`0e2?tx-H?u zZUHIOS9k1Ey&^qrkajH=ytsqbt=iAC71R`&Tr^tdTN;9EcAgGc57t7yQ~!DUsGo)Q zx&Fk_*pp(*UpuYfx=LG-p%4NqoDZ6N+%N+;mQOaACJ9EFeF;l$G-^F*5y6=|nGb_= z!{aPmbIx=G5b;NrmL3*57!KF9f!amo(ZaqWYZ87tJi$`2q4Bd=%jGrehHN1_mPRyh z=**x|!-byZXv~^U`1Vlif)aDLnvVhRpT9GZrLfQ@occ>%mW%awPELseiJ6J!Uz{X) zYBd~NjXNGX9Rj&xY$nRg!gr z)QsIw;}YX_*hN7@2U+EHO#2x(b@%6gRg{r)Ot~OS(0AF}H8-S1^H4vlXk9yNXU4o0 z1)(>tF=jFI+s2}mh`jWbO}W(Qc@-*S5u=syn@e}^p(=IY@^U35;^-Tyt(5ZQFgLWS znhevA=@lk0cz9YXa(97z8|&UCzOm2kio~cU_ev)NmY#EY&J}KeGbJ{{*=K<9%%0K2 z9hd3kfQM2O&^;>2`_XJgo7%>P<%DNX&12!h};#$u5X<_S96z$CKQ
*P23JC$S`h}|NL-dpH);2^FZ843*&%7Zs)RH zKFrx^sPbt&vjl9s#RgK#hU(29)uCJ6$vV2e@zyrB0{w@!2Fna3#6 z$$hd~h`oA)ge*tD*Eg%$6DRGs-T$y)S3|u(VW5Q6#!|#~ZG`oCyp5OaBdlf{AKSl1 zom+u&!|e$D|1WZLBSpNF3Ma|T%X=pxqWA74eN(}`J2>v=S%k8hzn{LD{ky{`G32Q? zR%`p<3)^krsxQSOz|ymNFf*fDuHfhAhd>}!K2Da5)c+9n9(k0-EF19K_DynY_^XY^ z@ob6Nr+||C|IPsfghxQs%*-r;@8uXNp6QqPCXLl z_X@w;_IIagGt1Bq=ck)*M}UQI2^uldWM~(x-2HYFWw_PK%WZ$lvLw9ycUJw7=WO?9 zI0Y?a=w7pR+Do7j7XuED}`YVK8J7V zem+_=gX}fU%9M58WD+Jk*4J!^78yjjd}qsMWDOmCq%@`S+;JqX*W^uYU?VSJ<0IA` zqLMtD9_0kHKK@lJZJ1QHx=*e8Gqb<8r4f^(@W8XQc#-ggjLuFbnD%t#=szOMBbySGMNQc`Rf%72gVEmph!0)$U;< zmwH9px6GeuU$v0_+iY%buBK*liboO6FUtJ-$gxvfQv4_1oJlshBTw`-Z;i|65-FMA zX8FiYE<0Ojpu&|oUss^mucR@`iUaV*<{vr&@`xY%`FGl7({WsEn}u*vh20qbti>bYAK|qjytPh4FzFm06D05Pb zHP4f@=1x(170!Cwh+md2=Uo-b5jGLHv5nw8u^i4!%O=Fd>PN}A{?C)@vyp2v z(6UCBfJ`&x(dg!1aQT4Nd~DxMX3vjNw7HJYwOq*{?t~ZGYl&{Q9~XWJ_Gpr~ce!E- z#<@B_=1bghV@lb1PI%nl1Fz_7cufPXxPGB3*U1Y)JTZ%jzkY$unEf;Dsy@8_-25`6 zEgw_d{4OnQuF8^u_(}QX(Jz4^%zGUuN3v*#d=Qmw^2w?ghCZ+gD6${9PX%|}JeCp& zM|VEeai;G){mnW#&?!Me>5-(#8m*D7r!D5Q@T5FB!D4-JZR+RmVRMUE0`g{7eU?a* zRPcM}%GT9N^7zWj)%5#jnGHs;?E4IB_&StQOkjr@-f8v#FnhD^M>aec#mZxam%VL& z7sw=X+~(;oXo}Hd!D2nd)PpbxX&)3(T*x~v!;&~&Q0QK0Rv&wT>+DpRk2 zF4vQi-?~*CYqgvd2(k2;h+yw0q4w1H#9YMa=7Su^=q7Y^#e{5p7*tT88IRM(W&u9E zi3ZUn>si{ExfV%6>Qcs`LU>$ZimuTsM}Hrli8sn6tr9f?@5 zISGD}`)f6EJCBhe1W-xF&T=4qQbI$&BqnP+o_FLhP&T66vjgs_Tu9cuV-~`Fv!P3Y zk$G!V6LOR@ufuJ76JC!X72MkByxO!@n}ki{4=>}>Sa)?K#86QBM^}}==0xYb_J`ws zan9m~h~RCfgw9=NSV~#ic46+WCwDQ}IkuHl|DsrYuGXtQH}2<=Im{~J$hXJp;0 zx8p7t`Jhh>G;!o#z+%0>K<&dGk&v@40E1|#TRpk&gr)tmPSTR8u-!p6pAEOM>Ja!+iPN z7RdzZC0!}~kE)Uc70i1`6X(SbvolB%JC$dXlickG`069%TVq3AJwLr@8XF1CiYh$+ zn=yB&GHS{y0e*Qf`-Ny6G8s1Q9NpM7-156>R~H(+H-e0IvXOa00pZvjr-VDwb)@=T zFYp#|U&8;)-^-Pg?Fflmi2X31rW0UoGO?o9%{os(I_(%7olw=h-tFnfk?PG;=H5F0 z3x4KP@@31P(IaJ9_qY%5=t2H*Y~@ok55VOeENXx9-{yfpUj{=8l2@7UV6!wjitbbe zZTb$D2r1V9>iIz1Kihz8?$rzWHv9qWB=^$he^d)#slQ}$JJ)mxpZcRJ2Oi>9Sl>W? z)uPxo;jzQ)oDs?e$pwp(OxaGLEh_e&c&|kjKbL{XY*A=>ZE^2%>$g$564aLu~-(ONG8yoBrAlf`W&}J}R)s@|3VF zZ&0^R%^zl|_+C27En9fuDZPdsY(kZ}-#n&516X!IL6zL5SfVS4=g23PVFa3WBoNFzCrov1r2`fo*n^b>7o z-f=C{PHXdxjMlOv7f3}0@5EE10r$u+U82I~3vN0TR@)OLE^>d`v)3}W#Fu+$IW3_l zt$3PMqlqTvLA?siTVkJSMRt0AU7S!0AAX2AiI-I+=qKYfT@GPU-P3&7`l{1gVE10K zr}P~OPk-o;+qyz`bXEe3yMyy^tp8w~{1m1ZwU^e4Dc_upeJNERQZ~1zWrFolC`7gL z{1=s(@gX9kLQ3%gD!G8|p}|S?=7@Q%pTqP;wkW zD5p0wWJPC*4v3td^}K9vO|h$(##w;6Yi4+y_X#9hTw>|FYQd=9)!N!xli0_2c-{N^ ztV+q_e*Yc51x}=6^kbhwg#Zo2w@)g_GyC28)}13LC}?DK)KA=Ssb2o|v){QYf?u8Q zZ~k`4x$jXDEI7Um7?QgEdMlRD`{H^VJ^Y{WKf=EtNj9bnS&V=Np<4%N0z(A)SmJ`7 z0CpeV!Z#K58yr!x%Qe|O90S0q#O?N!B6&=`eo;M__0-#j7|^0~4~uxQY(mZ{vDJSd z-PqlcgJ0``XGN|O;FN1_w%Epo3~vMJqG6v_)4g8YwOrCoyP7AF;RUDu3V;QMe_^7U zv=0RepX=m)_CH|t3bC?O?Xx78iLp}7x_bHMCV$hFrb~R*j_EF7@4+q1$12^VeH_m4 zxnjcqsSyHsv`)ZamEaRHd`T)44Q;;oVc>oT(DW~cfdYX*L&G;02)E^5rY5ct@86ro`;rl zeLnTtnSK5Q)Pfcp6RDWCs3EaX+47=6Yu9EvwT_8j@3~S-O)yt?w(aO4zS>rc^d!1CIY2IA~AbLlg5qf(GYIelAx}`Us49oUJ}~)Gjs7C^E>Fr>2uFE54*uGd#D|<@vgXo1NXdv?n&;RH>F(Rv8 zHn;2oXtj2qEI;u$_P4xXbw14OeMR3WUglOyPEh zs;k+`J3Z~EDnIb3qO}>U3{O#!jEI`$YMOO2>OY0@S!JEctWVX5z37$<6DgGT7~N$h zhu?I~LVoQkl$|*E3hE##8!Y)G!}xxczM-%J5AXn#f8UNB@&6HD{>$uAXG~duSXq6a zFA3ZA{9xo-AGm;StI&8tGK0Mx;ae*WP0ji+OCkjAhuk;;8FX<4*>ots&&6rFRR)Z< zwzHX{VNdZ*ey`O3Ftpkc%&#n9XF-YFIM>=9j%57a#VxGS==GV&DcCx$%}B_EnMqZ3 ze0mSpzXSLT{x{O&btwiPwT(`7Y)Xq#R!5ZIyRmG1A_Z0BnPGzUmK2i~7QsS3Yp#d! zX;~FG#nbXwpnjXi8r)a8>0wh9Qe>6GOEBAfHS0lbm6=?)wmm1}`<5{_TPhvThHnd6 zsqN-3YObWYPE$p55>g=QT!9TaLi1txl2z5P6Nmw*-=WxJ?f&`qv2z9R11=GO4-WR4 zTMNy9SjKx-*V(sml60_hN?c9%w9BfY7M6&E_AE7Z*q1UfMy!Y^n-EredgOQ^*~qMPu7cqJDyPPwXaKbus^jY+AZ6TaT}vqrCOu!yrT#S^o`-Q&i?{ceQ^8KkD7v;P~U;B}{CtY`2RcJUM+ZOoG5@QhVDM;*?ko?JmtD2cM{Ip zsz#^bjqB7Cs?WTJ-OBKIe{7o5w;23?iIEnF{yj}x_ojO$*5eXOAGFke0NZ=~Y0(bY zAdmB%x~%5Rv84}xHHTvU6j$=TRWl6$nEy}QunX}0FK2&o!i?n98Rf!%4;23OTx8x( z7rRyCWFGOXo>+sX0h*2>qOK;LFD-+nxsVQ$HmJi@(HG}#vclBSi1Q`&UvN?MXBXrY zv4DZ$ED-#YC?Z6VV_zl^+lzhMKsOsU`4XY!(aDwgUr+zh6c2L1LeXtxbeo!#qd72o zNko*Ln~Uf7x6L*B!|T^7sm^ycACJ6wXbCvIdwW1rNn^za4OZAk{{KejflZo<$u~Ej z_4wC%=7vo|I7VFgN4reRf3PsX%XhJQ7rR@H$}&hjHzsQ$`BI5wu!CGXps>4%3)|DG zTjz=am3mCCI1}o_d4T$N0hfliW2%yopx(VbXsHLLfE6M9&JMijJT2jBBqRtT@+o|| zY{hp*?Dqg}owu?Vm5iyq8cdAc9Y-|w=K03tl0%UlBJ@WEUsj>sN?cQke`8HO*)0C? z4qy(eL%q#S`9%3NL!U(Qo`0|plBcuF(^U9Nc{u^+3=w%^%S}@sJ3RXV zE3P5^@=tJ!>euA099Rf%iU~F@2L&;B+RZ!zR>504LXAp3@Hx&CPje=O&-QNEzQ&4m zo_zQxEpR;3II3g5*R`$C3IUZnmuw1+OLdQpI1g?Xjqg(`?@Sx%I7{ag*GBVo&@Ap+ z5#nw$hr)7XKS*Dv@GnFZZqAemo>!*L-?#iOO~YPPP4Kd*neDn+WJE)xDAJNU=-0O< zpqCh%m)D-WzI1;`#Y1gExJd3mlP%go)Qsu(^(jVNH z5Vvw9Iy$j4kVBVM(SE(hPl+fIeaNO#Xg3wok(a}nfxQLM-TVorp@v#2JkVwMnYby?G5iu(m4 z8;@&H?#Kr?&PBTWw1-#TplC%<;qXs=Q{M)7xqOjet;&ZTak&DsGos|0sPkDTB9K8v z3k^fY$4oZ%DwqCx#8AW4_VhjGjs6kPv9%s9+C_p@Z#R17@5{|8q0fLo!LV zrvgwnn)f>SvCWa^_Yhn)L{lRCaa)d6UZ{n?c~ni%Rh^fGW)x8gT8Ub+__UN{E?+Kb z&vW+Q-OSd8fg`DtMK>ZUQKr>rQu!2-<>(%N#nn&aNAto! z4&c>xZw`fXeR^JsRVrCe)D$=NQr{PxU3qoP?W<_80oVW5+;>McwSDWxgUGQUN0BB? zsnUCIHl%|<=q1vnOYa0lL3-~^sU{F2AiXNRO9@Ety#xpWLP_4n^ZVU#-@SLdaqoL? z-1q*3?Ch+y*IILa^PAtCyAJhD5aZ)@^#=TK6+5S!sbAu#BHFnE`*L2vUZSr#)A3CZ zK0Bvjq>~U^@`!dN-mUhFLy3`7qNr4{xsV?{42GJi4ugOBHI4MvP&|Nx?+)b7`MY{S zl<1+=Px>9&M9|i5IwsYQ#Vx#zWpL5IP?PXU3LU`6{Uda!kSnRghAypedZ5s~RU&+J zZYQq_4NU+F@@elEQ6O|aHLlE8d}6MN6X$FUJu()F(xRKrdQ~N2`l0!OFF@Mf^DbMPEi84~A@qErN{Ee;Rtpjpl zHR+paV8NuQ40$WK+Xj28oOJOT zPkjNN6jK zmM^4_TZ9tjUN;xhbAOZin2P;#d)(bn5cr?xGvP~M0FXf|STq(4W zz-2hwI_NRlE9#_{d93^){~BnX_HqwufbD0OV_tC%-;k|{V0@D=NMtbx0-gWUL2;yr zK_>XU(C!yZ8OCfXT?eQS3{6Ls zgdLpr0|}6K5YfI{30S#D52K79=ym@XpqAFh%=+Ee(5Q>MIW&~6nRlNr7D_l|S2LzN z;|1;QUWTOEKv6>cRL)4SDR(}W}K z_nE@0f`DYr967@l-$@rupGOO7!2APO&>rKFhz(cxZel2z8x|=GyQ`dac=i@LVtO&2 zled%zPYDes==ddF%Hyndm^u#wM7G;!)G6-XJKj+VZ`99|t(S8ea})7%Df&q6cILf0 zr};I-i}<=le9vm>Rk<7#T3rWt+R* z97$1rioDWXx*NO+8C^H%X|Eq2<`b+s8q>_)1S1q;lD&w6fQsYa5kIhQqw;7!a&-n+ z;byieeu~-^*M?WtF(?2RbQ$1wI*wmBm&@wq!3R%#USRmeFZE-MDw-FQ#Eq{XcvJ++ z^hXA6l?sZ88K_m~JNALZ!|d29qJ}8uKzr(!8AsXY9!Rv8hypg1UL~6gMKRbBeSDh3 z#bCo}cYJNy@3TWqRX-Ziaf1A)%~7#S$}mocT5jU0l2`E9OgHkekiLs=5;gnTwD`p? zK4r6Oj-13eUPM0jZ|}=-ozBO$GT_tRg~vW&C$4JKHY;*kA0jlz%9YrZuenMY=#=B3 z>t_&WuqXe@=T5=rO-lv!f`Hx3J+jc}m{!&yCbpOjhwM8BWe$39`IokthCtQfN`jOG z<<=6R*FbzxF|4t9=!@=UlcuaSsEF6t?&uQ+r4eKV*ZqoYPG#Qgovb~Zv-cX+D-M!r zr~68E+QhUSqtQwh* z{bd;c*oLNiRgdv%3j3JQ+2;s5PG-rAXF2CL3+zM+cn3IhRu00M;b#aHGVVg>g8bY$ z>ANWfKU22cBAQ**F^YCyiXJHyc)LCRL4wGgoTsN~w*op${h{)O(`*(rms=EdW_|D9 zM%tcJskdGLVDGnMf`I)lnw_qrHtSv@1EQZMt0*Djhf_Jh zP0Ep<<2%e3N{9^V^s)ZD=&S7Gtr2fQS@1WYD4+%Djyun>=|6E!9$1~|rZ;a!Ig$I>wt@1Q z#FdnQh%@9}EjC{C5{yh<`Nzs%Yf+&CjRM0={uy28e$k?&xSn7COMIiJz)^7>FGV#%Vwtp2~=QO4J*2LFB$MFHYQm4|s2)IyE#(}UnE0F?>`15xP2BTi1Es>QzKMtQ4< za3e6?9Zm2(;Df)O6F;$f`8f7{Nm8KhHN~d~e{Na}oXcXHgH*46J2@z+j4zNlFxA?oZXN)rV!jdVRPwXwReI>x{4jaV}< zl;A!#LI^n5&PtcgKJBSZCp29&;`y#f!Ny!Fo!{o>EED2zx(Ex%Dg&O3C}rF6 zTf=)sDd)FZjVFut-E}>L`-Ek})Rces_NTR~@;bt|z4qkf?<%8?Ibz#>c)ngnLJEb3 z)dV_1juvTGe|A7n_I6X7^RB`+3LoKCtw$P9eF@^47(#~}ey}(DWBKfya1(1;uC?k^YBJB;35*a1lzs0Z%8Kc&td}uKUzL~6rHJGK3iS8`c*Hs~-%#vE z(boEw((EbA_GeGJyV_EW0@0fee3u$Zwx4a{G3T57cUKxfFSq2Q5gFrd}tcic?|!x$!4I{v7IrDh#a8Msm1G|+7tNBz;QwP`uh57J3FRh zI0*=JVw%sK&z8@T&pl>PMGRwj0`F#BW}g}x8@mA%C^af7D5@!H$J*6n0$^-%+^r-t z0NW#H{fWEvEjR|)Qy@?t8SDkH4zE<7!Q+6Hq8^F0yL><$!uj`sbqW$7{V#sJ8CT#t zuMHFfF`A`W+|T#D3S-Lw`d0=5Q#cX09O;-^6%mZV3Ethg%(+zrj9|}1Q9H!I{`aL~ zUju=0gXTU66T_;c=2GkqIBKJ?!0kXMy#IQVooEf;R5}6 z8&*gP*b&gXXK>r#%d)HaSi8yp2bW+Uz4DVA)fL0Kj->#jxT2+&p{ZVZI`%?rD3OC{ zqOVcI4}lbZ1tHvFO%wc}x&39my2*)dSXNHDSB)wDIi2k*1QH0Ch=6(h$WL!Gl(ZOc zW!NhAkxRC#sw{utr#BovQ{AKwVU5Ix?=_+_6Szb2F)`Ejo4ISaFUMm(aM<%G_F0 zDjv?*u!0flIK^E3fZfWC3?PS80<83(Nt+`Ghb`1|=YW!#rGt!XLe@g4=`{rd0axo+ zQ?+-N?&IuXfja6c9^K=0+(~VmDGoCWX+Q%f+r$0u$Wp|qqok1ha>Hi4ndSf%yvBO9 ztE74NUYy07VO+>}V_I#V>k!H{c7dJ9>J+=udQPd1V1F8zYk*mv_52eMh>hoRxeC%p zTi)&WM}_JAadl`QgtxZ`DuFc*T#xr(e#X zPUED}9YVcW+7_y;FN9CWWt9BU0TYWfs^c^z5%Sgl;-HbjaSFcaPhl`+A(zU|MZ+Fi8b_%3!-mD&?}%4x~E z=RjkyRY^wrkDkmLFDOrXQLE@*ZDb(+E0-HX5anOJ>!cZu+m%otXxjX`EzN>5?p(QA zevMU4*6<9qT~@Q(nZ|int-}Jl@-}#6d%GBK7~dz?HkzLiqUTn@ctF|nJhFJ&g!8UM zCsm+m$!9r;{*wc~G@qJi5r2~dl0Rz4f8?Q7`Tk(9?9W{3Bcy%$rDa|7Bhjvdd+r(~ z%v!2Pkjdmk?!I;YtT$4mnI6<)83OFUUtmllj|N%tL78Wy^x?a?T!$>Xsuh;zA_Hle zrS8~(x<)UpMx_(FCA=sic_%;pxp?;T)a$==y5$~?YkuuhYExC~>t~DUS2fYghlY7U zY;QE@O@7tL2pAmq5AWhw<*Vq&ytoh{X=PnjuCCOpKN(b`ZCP6uHk|R~M|q%~oyojb z83i299E&YBfQ1$V7W!#X`Z{8oyaP>2+5O`Pd~{pM1G0ZjFQ7-}-ZNYc=Gd}fq$jH0 ze<$CtQ*>>B8G1)C7w`RyX~M%JsyI+&W~c=!U_H4i6>uJHhkq>85nyq>*&AICBh(G2 zHjs&y_cTf0_6oki@9M6u_Lef5422$Vnr7#4w8JFWIL z66V8tXuZr|jt0sLoa8?sTtqoW^v^IE4i3EOmJ*d(F{#`#H*q77M{;z$gW7HS3wO z+*Yh}a%qtQj4tYsh8)J0GHyM%aEuRc>rrD5j1Y$C6h{?L;c9tW6*FhRTf(Q-f(+f& zlD$>FLfZLmSlVKdn30P#j>UN(6-I?~TpnI0M;}5u4?UtnQw@g37;Xubz!}Nxb$B#) z`X=rd68zd8T2Ape5Uzpv0rUVMpmY|*!pR?0O_q^)uT6T5?bC3YN)QjXpFEI_~9Qe@+ORrMJGcqu3Q@Aapa_Qal=QFqn>a5ja zySOl4a#1mOwKb~$$*J0fIvmnl;`}FwKkO2$3BlNIqB^uAu+CIi%O`8$gdH{ z+@j~V9s`QOjU4>BH%QSezYcj+_{+}cs<;el`MPZel7$18w@#h%rI9T3T;vLfU+HoH z&tR)mKZ&^xkrq{oB8>az;!9f@&&Vrylg1kYr}h@{1>0&s8_FalJ;OfAsf(Clit|#l z(66IzWTp)z2+n$J+r6Fd<60VK{=*EZo=@Czc-t_vb47dg*-@SEXwg3pk6X6jdT2Q# zEi-=;j~3vMsmQtZH`;2i?++q%_xN5~6b|(Ip0;{y%0Z#v_S2gy-PPB|ySF>FBM!ap zNZe}L>kQtl-mA|9;lIi3jAP)R=@Ku zud-l6UH7R>OKo<@;`XT39X!K;R#8nO0Fi{*z_HFEC;j zG`8?CWM!?2v=Tx-a=cs{TNN!p0!n=jxR*#*04#w*fFb?A#1{VvoP*8p#8!<8yMG;{ zA_7G+0oE!n)y_jRH{o^9%SiN5c;FUo>tLY|;enTtaZOA{aGybGW`*@2jw%Nmuv_=_ zhofWMx62 z?r7CnB~x|R)aNV_sxqGm-01Vx82yop3g2Qk^G1rYv=16aO@|c$^w@%04o>7=qs}H; zwX%v+$X(sDRS`eKt-VtuX>8LVc3fGo{W4PTH5dq!+kDdMv6jr0|audBtfbVE`!SF@a9=H ztTjtq;oP}HYn#&qwfhrxw*4aMTdJ)2v_~0br-#ry6FNJ z*|gJlQFp(ldx(Tk#xG?lPqg8+fLY8ANxZv#mLL!~#Sok0NvO|-P<`MmBDwbAIpTcB zTrH)}e6Zv}I~W!`E%)e=Fzjp8NEtnu+t{F%chAZV)a3So=Y?E;p>VtX0{%Rb0%JWm zXY~1Vp&{mx2~Ab=k35xp?h+KpE*cTsv_{e%^nLJse5`aE+ z)t~aety@kSlf95+UfS0ySG4Dwoagbptuj#Snzz@L{+PsIJ-Y{K4f*3*Y>rJTdhD!F z&L!mJ1-#i9A{L-##>J?qwzZ_vUU|w`(GE`!$fC_lg?`FaE4Gl6>y9SXe{(KUtWh~_ z5vXfLWmA(h11>h=DyQ@*zTNQkjPA;-TmWSYiE1IXpxHFs$$foH&5fuSs7`p6xkj^% z$0=BaDVjQ>#e))&BIFb%FXJ$>|GIp704`SYV^pU;nAK^^`S7+h!>!>W-zl%6x+3vz z=h-GHQu=^Zqxybr1Y%N#*bLU59!k`YjfI zim80Q1g~4Mj8uIZIAQTnlrA8txqmOb*ZJFY*4+5)Siggw z!d_J}iK1ofE8&405Ob@*Hs-<|8pwnQ{q@JhBUqC1%@!t}ImcFsZrZwW5B_=T@lK zebJzC**V(9`qNxINXBCcca@Pb-fp*d#I07I6mr5?TDQNgyaJD)XK9+W@w0w3vU|L# zk4Uzf%Q7j9oDC@6;3~54o0F+A9qW_31_WNM09do$1|W}z@kg&aVU|Pes8`PX3h5fN*gv806K#D3b0u3@+YHrbFmDO_UFWbs6v}Y zBoOtov0W}BGithMP2Q$lm!yZf+0iPv(}fuY04*Zm*_Q!8zLz^mbrWvv`t`iRRtfP8 z@CR%+|Na`#>;ne4>;EH8!8%bJ;nYwD^+?RgP-SvU=E~D`xXAlr3iT~wY-<`Y+GdTx zkL;!~G^+tyk|mzic!M=Y*UP)mGCb^KTrEzaD6?d7uvg-?trYx*px%cbW?aSFEo^ln zgDLsvSU>NR_dIg}JC*yEhS!YsW>6*AIMW__ijHa{8z}~QjqKvX!@a#5riq@V9fxFv zKC!Dy+q*K4USZTOXof--C3o|QrB0m0WLU;cvYH)To>SkEbo<_s8D90>tCr^U>a{PB zEaUBmM#3jei)>>tWS}Kd;F%4nii{h?=l-SAU@=^dInZE~`pW7Ql98(EAmYb0gl-q5 zUCsynR zhlz%}jpa>^0J>1bs%?%<2#r>MljL2B#G_YxbB`~~oxR_5kVh<*qt*L>!#xp$a|sO7 zBOyfn>L9;)4&~T*$arL;a_iiauJ$N?wClsfAgu&;Y$aAo z8$L$wKiC2)CCcE-xvK~C%DvzzZ+{Rq^b)C9!%+ns43WZ?y{OZ{^v^!4b*9VCVQIU( z2@+>75Q9Fi#V_2^Nmpr>s#n}+>wdy+KRkmo>}m5bJ09FU4hX7J4N zG*p-J%kZ|1D6OvFsd>O!)SzRJ-X|H->d&bhN{Qxcl^rHf=0iECfI9pQV4{J*M7{o=sK@51 zHkW@vE(cTGXup`SuYp#_eny80%3&mpRh#Bm!q#Uz;>J-sPB}Br&D53@Mk(RbuPz%{ zu{e}4ZZfH-zy#!{22bX?jko4p1{Q-3L+vo+eqVXkmR2H1#Y8W>15G^*w+~|zbH@Uu zVw{hbOSI`zO~+mYf^sBfn>b~tmj+UsHob*o?fQd-2_JkIx$%qZwcmyVW=Jz43>|l# zBy9$*+ySN6X9Q5LRlE3CTu`z(M`lnJ+_)KKT!*zRK;_77cjj8^IH>b9^G$OWIBe}? zaq5-jRaCS+Nz>n(v=ge6hxIE<}kHn}JFT<+L$ zj#^GmpO-w0&U)`AXMFstGK*~*i)T&K>ihAJPTF${vkDlSp*Iv8`XndI{i&m_}h)nF{a}^q(8o6V7vpvKmYZ%N#dF>&)q| zv6x#9l(G#(3#RCNFzFzj--scB61$nmZ%I=RLYzDrd!iF1+p||=u!1TgK96iV?5Bt# zJkn=6#p=VbW>(=IK3=^&J-c&!(8Go@H-E99swGnsa#Yir(Hyl;t?+cyp!vv?dLV` zjdTf4&nVOu&SQ1_V&s|#Fc2FD;0^N9>`L>5&stVOzR#T*`+XO*>EMCoYZ&=GP+h#| z2XFUSE&#o0-4iMC@I z(zhXxPPY&y`ze<}w`%m@YkA=`HDNiPZ&gg}rJjS{i>a9m=c>&eWZ$3RJ)% zlOY+_SVmv{v^Z?j<`sP%qDbdU>m`74=*1-g)LEaG=|R&Hju^VOYeKu)BmRCTuy1_- znb{BF4vsfg*0Z>G4bM1w$8)^#A1bo!0xKM9p0|CZmY*bQO?HV0K%x0c4lVO%1*Xag zJr^=OqWYCf1MG;bPDWuREyPmYt^?_9Q?IJJ2$YKq66ur$Q*HRstRJxzsOi0_%gm^X z(F#ONGQuKzeWumTXUDbDY3RR-$IR)gG1!cUs}*q?VL#|VYf@+s`mS|hC>X6%W}WW1 zg^o5R5ng;$e7+Q|>$xWfsoGkp&40DBI?Nlrq z16q3FetEXI+SB(uGs(v_GvDeq13Wk^41Ni-hmE$gn`6H(ikPu=l$PcfyIgr2k}S28kmYypkl{aa|G zTts)cRtfj~v4v4`ydxLEA|O$&7Wb_sl?TVC+G%HR#D$-%axc_cSSxyYwbNl>q*>|K zl)o>`+*G|0wK*wRFgbRnkgzuRl9Q;2D>(P=(cDkMhfk%7WH)|+haE4j_5n0D`Mpb* zss==WL8Sk+Y{Gw(fHBkB0B;F$jrNSl5Vl^4(HvaCeRErvN+)Vr{~hACF2_Me1}!lk z*vJijs&woL)W#ZH1=xeA#HB)^>eZyJ<*dNBV&J z@*JdZeqMXa)+Th+M1ADv2<1^v=fqYAs_dB!OG`=jwzA`=rKH%Qf@XeGvVqy+P}0}` zz%96A5V}4sckkQ$0=I`sQ^A;v3|3E&oQbGmd6%K-j(s5C(%`&VZXm?PZtZTt*`ko+ zDGXOlYU@U**mb_4&1% z^1<(JZlPa7XBOqX1YhgViAZ&zWSIfPYpR8p{AWxIC(X*;kjw#O?fcGX?1-h}eT?VkQf zqzT8$`~M8J*QiY|$><*+2|>&e<=h{eUbZGm0kyooBveje_|HPR7cb$V9}vA-N^Dwi zEcalE)ejF!=Ub8eLJn513@}!Q{VanzDLm>jg|+n)Hm~6m$2KWyVsbemJ1#Z53TbXO zHi^}gtaVe$*zwN#r_5w&E2BpvY>=gXMz?pKI??mcw+CP{1F;OqQ{7>!LY>OD3y*{_ zDxg=Rm#32pHYTQDwm-PtmNt@U$r~t8@6;rA9@Yks-2p_ zrm*$q!3>FBDCYQOpIWz2=5~Cu#@a|j|INhR+k))KuPcQk(ssqip&zYO2I5Pp)ze|h zQe|E~UqgfYcwQUm`jCth#Ajk?riJ;8PQ_|VYQ4RtZ`I~qvL2O!dGo~3+)kHHYm6|8 z1S}L7U@1;qNPN_v;}$HGt)KtX8t&IqMLalA%6N*leYG!s5d}qRAR zpgdqUiVT9kqpYI|bSt>;!_XNQkA}Ijjd--fy!P;h0dZqRAMX&Ufeq2`r_cNtUW9Hq z`>cj+%DqQC~0RLq^Mh2Ug> z1Xq>_M0{IbTzJ26JF@e@jc0k>7iyyZ?dDRUvTQt**LhG7O0!gXq|7D7f?_KAnRtGX zzUkMwNO5baekX7)#cPn!beir_@_Tdxe%-|?zz^El?oDOjJ-HI9!RbUnr>-QSIb*ZW z6GbkX-WkZPf9Ee~U{|SS`8_A`T4DE{l^9(!#&kQ!)}i%{45z6ndk4I@@mjEnrkfC> z2d26*$*#0`naaw2z&?V{?&2G&x|*0%+9Z=mH^=cSuS}K>+@tD;^x<6)waBF>l0yX- zk8uEW)D4Sbo+<|*cVM1>imEFjhOPo+fwfSacC4ElTb; z4p_+AhYY=di-?3W6*==%OrA?0+HUdflnfZr(?G`t^s1D6!l4f`zMAYTW=|N*Ixso-Io3ZWeX>ZS9{NuvKj)n`v!jlq0T8 zaCqBygwGX=uoQdIv=QCm1fS^0oVdG@Nr(4p2HZCiOXbC#{V+v<>CRHVexgrjhoJj* zg%iV>q)j&AbZe{=jUP(jOMKrlkZ>C-ZC%teZTf&8oU{(kMy)deLj&dkKq<6K4e48aEkR?rVNR&j`Lh;S}j*JMaG$4I*cz4bUIwhT&jTf)`T)a6O zp7mWwkTZ1Gkl%0e;yxzSf;Rg3hi#fCa4D2zYi}8#K(Zf;=S&c2%P@ZJ%|T^aLj2&~ z-{ae&vd`l1SEYn_YN;h_)C!bF1`7rPuk86DL^5_&%3!;gQX;fO=1t+=@P=w&$~Wnz z$IZw(S)1&eOOiqyTke5QFX)<)lKb$e092KBKcrPPE61g3Z*gXPv-FInEMml!H%V8z zDIw=BlUtaSeI=Qf@mEDaHZ;2z)DOJx%j%4F5SdoHtdCfEVm+BGWy1^JfKXV)ZSr|( zC7Gq^5ScC2LGESOp}tfdizjny_czIuwRo+x>yG$l{e~@X@kI{4lhZ|8v`;OL?lmq# zhzhryk<#~zG6V9*cIW;Or5WpI>9z@NAP!&P>D!}x1p4D|D=s>v=lIKPCrh`qEW^&V zC^}SuoVg*>GTId0R+1$^S!~yt%0uJwUE4}fkKmJmDaMlU>>uOKmzN81JupGoh;YxH z`6?|nWfw7_7Yp2Xq;L+L8ylrO(^-E}%r87js>Q)|85%HVCtS4xZQQ8svkI5ln;N19 z`0qmjK1mh7Cfwf8R{oF^#FQ0QybgwTF7hLh{AlS{Cq zO8vhLma?y&8g7{ev~3Mud3EcO?u5gt{K?+jVRpmBs7n~2Yy<3;oh>f$3xjK^)mJ6$ z^hF9k-+6bSaLglTaaYF8ydiZZ>8Ei{fMNM`J z)o@CPcW+|@#pejGZ0Ll=(dhQ6juDykeFSx6NskOGc zrnG$L;rB2cDyt;=V)%`Oi2rGb{ppCF8~ykg@%tiE+jUkkFth>sT63@5{~}E5_3fE;C1;Sb~#-7>;UZr@W{JMuyoNrEG*0gT9N)se{ z3zH#od96p_xU&jm^mF0@nRWUa<$n+%qz0i>C3{MB65ga!zE1LcgNS&|9jTj@gt(UR*3@Q$yH`bf|iVFH*k?y$1CB!-ry2 z=;(}xUWpRDNfo-*_Zm*3c{a&uayC;h){a>FNU@khO~hdF?t=S_m{#i_jV5garahlN zeWfpG6oK;IK1z{NEaH6k?y2sw=vNae-5S0N9x2-W2UxNq%iC0 zKbDS-ANd(;UNm85FridpB;l+JQb;*pV}rTbITwLhdCF{0+(JUQ5pk%tmO9viP)Hna zS36!ly~($X{ybYp9wF0un|e_JqLToYB6eyT`hgC#mddegKk3XCcKRYZ)3iToPFU|7 zPL@6REBy%m&gA-nsVVGOIGw~6e-k6CKV7pntbFVtHY!V zq}im-#fRPeS9`*v@%x^g+6|iu8$4 ze!!9`h(GQ!mwEvf`kxtrk)On+JaW2hnpUWcK#gK&)_Q>hH80^1(s`AE+t;kR{=M%d zAz?E3s(PvA8LV+Tb(~;UuH02IYiRm%KHU zXS~$snP7XkXXtxFBtVRaE%#weec}l0bgn_Eg{MJ1t5?joJ2CsSnCPwQ5;6iX&7psw zYwY-1pPQMn4VzWgz+nH!rDGj-QxQP2sqCS$>(3$N5!f;DBf<+(T)%76#;e|23pU(8 zQ4du9*vGoN{qgproV`m^BB18+MK{l)G9=)-T4%1zxarQaI8SX*{-kEvX3YmTp-Qi%0uwHk4e(D0#XEH3PDDf zNrmbDNKJ8-Hg(wyW#2mcn_leCiM_>@t(=vJ9A-20M$AI)%`KM zMQTmrxh0HNK0;=0a2@aM-8Qg0U1Rx0##+DhgW>?j;41HJ?EAzc1=l)RPX$tS_}ek@ zXX~SjuYpe1fE9QG|9%@#(!C)2Eq&a648QW~@b|y}?}#4Rqnb{e#hw=#pN&ES9!x70 zvQr2#y)Zw~Uu`OD+j}ujuY;@C9XQC?eB_qCNmXWUGn=P-At63GJ}!Q1+K|m{KRxZu zN%lmyu&@X)J?tn}0O zDiYMefvfJ4rPv=KIGEo3=Cyny5fKq~^-S;M-K>@N$&}C^R)HMV+_M|T0gjbMKaz3| zUo0C=YM5$guU=+%x29PFoJ)7YayGcUyu4D*LU>dsp`YPIXg4x)AYVY6@9X+X&RG3c z__WTLS@s`CSVm3L40QThDZ%l(9TX{Hi=&7#xvx8eE0l(=Ni$m6*-~{DO?nKq*vbKn zar?%dY)mxix3u`p?_b|sX4N{Vj#6hjEZ23ol`6O9r3$fLW2TC?j|_oBbQa{;Sji(T zjIF}?7>Agx4P+Y{onG|>{~S&{sEC2)6C*T@EY0omc(xC+f#>2l zaaq~f!NI|8<@n8y25H28%tT|x4B`>+(^JE@+KAd_9Rc)-RBx|@`+YV#03#@3Sz1K1 z^gm6z4xZmi3h70>`|MLA)B>Ff@G~n<+Qc5DHX8yNj2+yysDY;-5a~6g=TE>9MQp|b zvmslYhUn&oSHEud9UQpE+qHI*kTKAm=xgL`mekFrGrOHH-i(|}tb61F=Ri%8c~$5t z0BV@-#&;?C5MQecw?z$6Nj@2NiA~GR@)=m#=G$9Ahrh)^s(dh*NR{;$?B>SQ=uy75G{<&V$#^ZxNkytZvGZMcoMr9d44K*{WVgjvHp3c1S*h zpDAnmUlV(FtiB^t0$fgX~a}m>>;4k}ai`ZrRXZoAC1~Nznx+JMjN#|_=R@`ZW5u!8o7~k;m z`ha(?+|wD+E#<8VmCDU|l~!%5jDw}~)wNM5hbj7dQM$bh{Z@vd=r7%)ouT!gGCHe% z1RgE5ru~f}i4LCI%P|F?9$|7Ku^Ohw{oo9<3|Fd}_6wOGOBkmVfW1L+=M2yxVO$ z<=8Df)Mh>G21boshPC-oa%S0y*|`u9YHykf8{&iAP1N5oo;(GSU;TS+mJA2EkEXOl zg}tlZ?H9iC2pXT>vEjNeCE@_}!i@ar`xO*>cwp)Wv!0ug%_e+=3Y7l^+vPD_OL$W| zb!sj&mNZt8V3)M{xPM;T$_UBANoN@y5`apdoU`Fdq4zsgDjxAfQL^;^IqhCQ;tRnJ zYKV-xxQ)0YyZU{|?$>vFOplY1xsfLZZXrp}^d*D#uUsmXWv+j9cFQI50_*ekpY(=a z3vT|Fx4B(Aid!0xsi zc3!sYptnMM8XC290NAs;H)O^b6Bm$O0zsMvRTSr>?WO8JTiCZ)gYEf+R$FuM(Me~esXlF7D#Ql;+5<#w1MsR3Pzg7B)jz((=u`IE z23^1UpVe_6xx+ouDC|}?vI!nvGj8F6{3kiuZdQO^{Q!csU~sS+PUJ#W6!Kayj=0hC z7GuKAZk@4ez)1`IjtHs4|2=aJk|PHIh^CqcbOniz6h75YnBX#RHdTsMi%Xle_Q@AE zK^yt8^{IRya5yxFpmZ5O4*E|H+6mA3O1KsoDkKlEbn{I{im@_IJBv1niQ-a?<(-0f z7C?LCmjHASraPzXN$yuTTOm1fReuB79|oy&^fFidQR=9&7%hGF!s0lwxVvt`U&is* zsmvbCtiMqqwwjzc==u#H@~Tk>R9xi2U^1fd3x4LlCoCCd6@3Q{QB{vLu(2K$I95wm z6Kg{qTIy&)q2{Zgd4)?fXaO6mO147g?5wdR)SkR3l>krX4)Rao=Z~)@r2vwQ8Ryku zN2rVg$}`i1iB=kT7c#-VpzgOe>fg|)a|QU0jL>+C)_V-g+`*LZ6#V=KYxARG*bnmHYHG0}l; z@Oiw!kcQz{>kntBP0iss45sDcj?Tl29%)i3+&v}yfi_3f(af|biSE9-Pte>ID(=t5 zCV(P_OTEu}k>TAkf|)iZC?r9JL~F*VRtn5^l$nx@Ij$v_GH+-b-mtYYF@|igX(+Xv z3Xx^YHo0vKB9uaV>uc~wr#%PE5tflt;Y$=TTsh5KLkB=&_(S1x$~bsViW2#Xdd~4! z=}B!>Ze+fR1o60&akol_P*U6rI+zWRLRPvUcU3NihX-aX_3#h$yq81kHb0V}Ui#jZ zi=WrvD}i;VudwV#_n+6VpKct!uGMFN;$@0QWP5MLs~a6D*jialR8Ak}N75qZCW*LN zbVmm5ipf~F5sSw+J(wT8b5<`qe+>xVAF z3EWmWm}2V$lheRt7{+xbOVhp7t-$ZIIk=)rSTkhFIx~TD+ns zw5kZiuv-=2y9N${87|J8<3RMpc6-3TbO-7sBotVfLe8Ad6z|hN;aQ+Lr)T(2<}>q! zZc$)>Pv?(~-P>9UWLBfw4{Yw>>>71px+yHRx1%?2@Ki#7HE4sA@G+%Vd=bXZ- z>XCq4N>vvno1xN7T{?t>122zu5~KgK{V2fBKea-Y_h>Q~g5T8Une$Icx7#VYxjzt3 zV_R+HD-w_cp(@$849Nl>9A4D9OnQHkU8>XEWwUe@-Yj+!kwsogor66YhmFygMq9mh zGpI-gr$s)TU4GiCQoCo)13C%2T;9*%gcz>l_uXv=>palx?m;CZel_l_ri(za@#Dp= z@>EE4X0y)zNub%O1Jy*yw%$4O>mDr`8khMxiw_^hbE=M~lswi7ba>4Pq{M?6a>9)@ zWqzewe`+B{M3*~i1e_LVZ?8cfb@dxp`(tp|@Qc+&OFNdR%r(qaZ{@k< z?U}DmY)Z0H%RDb{Ih%!4KL&d1+yu^9s+nr%*YtT_f?JPaSNjEHkE>{Vh<9yQzWPB6G0euEZTjr%tp))an$|n>Au-(_)`dam z?*E9fO5NeOi?M%}ww2A$g7DXWoAUop>dgNC7z=I}3_U*?I^_Urr~IjY*Gc(9;9=3x z(S?Oz_xGdk|D_D8RnY$@ zP*k;Naji#?P7(X(WrY?0>HlG^*uSkbV=#b|$O11eJGqlAQTPO|5Nmf}Yh$yc~TjHOiU=0ah*ziMguKMTdIQY&9vUg}EpFV$rKsCUbWpVF5DZWo09*OT-;$L9lW nI7)t()7}1EDVD(k!^;WDxZj(oXSu9311ZU?KQDdy>fQeUn?btH literal 0 HcmV?d00001 diff --git a/Istio/02-traffic_management/src/06-kiali-services-helloworld.png b/Istio/02-traffic_management/src/06-kiali-services-helloworld.png new file mode 100644 index 0000000000000000000000000000000000000000..43c654da3f073b9a6dbe4ad31e3a9b3033ba4b41 GIT binary patch literal 33035 zcmeFZbyQqm*CtpANq{6k1r46Uo!}0?6z&ee6WrZ3QnR)5{Ad#(9n{$Le#*S+WNv(Gut-uu~mSFnhfL&0Qd%w7W<^;u73b`)5V?pLwoOWHRrSJhM4m?b~=V{FZs|A_K>hevlYIp z<=_t(b1;Ryla6^I{_*?!Ul4SsKV?ZA3?bMp{b*8{@;hkhB?vVGve-3&90Hj@mSrRD&k@DggOioTlk$};j0sdLI%V}w8`Q8(?y7u=e zOj0lgXTVzmQ~==GzCEhn*cxq@CjbaW&h=G$luUk)kRuv$RC5#qDJtv+HsiB~|MH-M z9$IoMvvCtI0PrjDClINfVQ&zAs5Dx2qyN7iPuKyDlc#=Do<|O4`uEB&!oM@HfAuff z*xrKjRc_D&m27P@R+-GhK7ZJJgJI@Nx8`UO(r0fvQNIEy$>TbuE}?nSDt+^&xY!xf;SlizRlVogpYUyG3VO$N<2UzK*-(LC zdGYRb=S}(Q<4;MQpKgn-F1;uI0m>m&hjvfzXxuBG^y71=$t<9Z7hB#nlV*r+d9QNr zwDL$5;g*D@G5RAr;y3zSO{3cRZ5CEjcVL96xa%W;z9~&8X?e8^`cPXr-f6@EMI0ZfpelNXC zz95AoprJEK{;M>rm3r zU9F3K%6Gc=yUi;|fb+L_Fustd)vt#r;SZ*hK|V3m?YEGLP(bAAt6-^1wp2_b1}FHgFu z{a!xN*7c_v_Q%xlWPLlUlHKHi-p1Nj9#r?8eAQ3ib5LOzuj;d`(T1dBZE9$d=R@`z3f7#pJoU~m+e`=sQA}05ZjLP9*hz%5@hD+_bep1o7EX@~w z?B745(;H$@93866d+Ll`o?^WdbF%g2L_lIxCsxg+cTO*!38O#t3Jh_5(qH(+ zr7m0`8l)l&O|;ogzs?*+PygX~#ZIdb9X-R1^Ev~Roj^qOVJWXXN6eDc$bi7|m% z{l#d1-O&;Hle2Uk|K|&(J|-DEk)b>3C5R3EPuAd#TafV;6Tn*~g$SId?{)cM@DKGP zW5?ui=Q4B|dyzq{`l&5Wu4y(<K*BHK7+61>5hnMnX8sEUNt4yC-jG9KkM}4_W%I1GQ4hi+A7T?rl z7<;cjJ$gsWNEg3ZioaRJPEbHtByXQ|QrZQYsRQDp#pgNo{->Z0bETb%R-l>;|WS{uD^*ac<_K8Hmzh5-M&{~j) zRY8jgi|d=S@}_}Insj3x%_Y{`yhuo9R#hB1yGt(#s#KeS=UEWx`HQn;Vi<4)qGy{F zUwkTJ94z#rxic=64sTW=2H(~k=QoH@$IKj`gPPeFnQ24HbLqR0CpHtOZ+eo40vmNX z7bnzbwO{LT1Ix5b1!%CVTtw>qwTq?h2xVMpd~4$IIi*wdL)BH6yPp{bk_{LrH;Sh2j-g zvxJ_u_3_PPg)TIv#dIHksfN?_&LX=-gbIEH%Xs-sQJzCoDl(+bRKtt}cP#i!vvP7w zV4}B5)m|oZ6x$KcLdhkDi-lZ)M1ttGOmL}z%ok9b37kEoZZSe9bbltzv{A0#xR=!= z9CO3%M2^U}jI+RkIU8T?GbarspvZ8j;qhi9Z%tje9z@m0q*cW+MMLLvzjW{t zdSj3YB!U2`8Ho2&d~&%Vae=PgBO$r0;fR1PADk>7D}f0~TLs4^i4qG2o@V#mrOEcC z;B*v@wlymq@TE*lb6`g_?uY!4$l>%R=57#`(fDtKi1n8}dhyM-g<)tv*_G8`pOZ&< z@@(C%9;F#?3KUqh#_7*-;Q>Y#r6RScx*`xcGL?OZ(x8I*1F&SN#vk3J={tT&XGt*3d0%dy0QEu%)%1h~zN!7$xCM}ykfdIMatL?3qv%E$;Qa@cE23+tZ}?ef=GKmw~F~HD*EUzIgD^@ zm8}iLe3VxrAzfuf#S#&0Qq{6}#d`lH0hnUxHhir+(IRlaD+!c-XX zMDaPAmwrh=%QMWs-B=?|6HHJ4HaQPBq;@8~6C(aR1k$Y`(E{345h= zfY~7&?JwYF5rDTar3XfCdbWLVIUr&&nu34$`aeP@vE2;D*Qn%KO0FVv(Y5Wt@_|u3 zayRb-flhkU7k@fSkb7mdv*LL8Ab4;Bp7=PeM{8508|TVj2|uBUNk4NDjHPO$B4jGJlrEf9G9*?uEyU^)R(x` zKMfEyXIa9RHY#Vjp5V!5es$N%cx?&6K#Hed2$iRyhXaT4kvttg!4o^-lKe{vS z`>;JLikVfLrNwI-PZm7RTHI+dMD#Lpgu*m_Lq>BpJTG(Tgep;q!9)yqHcL_>zQ?~N zqrV=vMbP*yYyc?~LncDZ>=f>o6;7Y3xjlNqOPHvI0`~gm!rC)})4kpGo-fB{+J?#gTJB~<{#C6#zqL={o1q zC}(pG7IIE*N|)Q(`A0pO0A(gafol=ka?*p}Xfg~vN_bD&%7Adp+Gj5miX?iHRgK%u zGfp))FyfV@DUv;Y0VRC!VUL}-Dgx&|e`X$`fdLY~@;7N9Z3)+Ir#zDeYnxgw<~l9l zV;nAyeI2TAoqiI@Ezu7scNNHB;_+V1%_)fvf>3~j&@&FsPxumbweHlY)H!oc=pE#W z_K&{jD>Vbxv4K(0)Wk|e^5mW;tI`@z@1o#zGd~XqqQ*zSQxUpC zY^$@4l&zp>b9}x-`m4#Jvf}a2N(QUUki4_V!!N5N1$d%TWQ`{7caLvaHzpOo?_C5n zw+TeRlgo;Dp#Ivv?&O&%ny5nFtf|KVmM3j0If>a7*;p?;LB^bcPJU;=GeLU}%kz1k z$id4HH9dEyR7Ax7j9b&=D$vsUF!Be(VP0b7T;mC?2hNGIMLjS_X5@acc_tP-=U!cVtthcA53X88a7*Hkn4kiF zVX|2Fhi@Inw?jOR>RjS>wi!#!9=WNZcb1jqP}ZJ!x*h0ygsW$T?s|iF{9p*z5o3B= zWETPPu(XoOxaQXimuDYXrJEe-x+bQ4;-OCkD4GUa{b7oesDKMu8H`lSW$BVKMm(9A^BtJJ2v%e~OFQu&7Kv@k zNL@X9n^?1J9k{^{{_Q<{Zdekc{d{j>N7c*q_U@(y6=JZZxfc^^5YARsr>p8n6 z;y6hp2sBsfuD`RVRJ8H-O|_4p``T093Cge~vufqGS#o>Sm$^Z0PO)NG2j&Ru3wDxG zFAL!wtmC-zi{~@Rw)@a{Pk1hK4O{8)K+?VSmGlr;EW_T;EXM0CQ&xhD+(&$_JmD2vARERkGi^SRd|@Z9ogzi51-Rsd@W zrW#Y!ylp68Z+db#$^KP*sT4<{vjqz)EWc4AaFhp5>bpRuH*im@6t9Wzynp;ySKzvE z_E{vgqC=lbIfnqecYl74I?K#^vZ2>pbq|ky=+HqVwX%jE6l~01u+%DW(0@Lkb@^vo z!6#u6IFVW$a-Y8+`L3JU=Z^U+KSZPQjnGp|T?1D!gSC}|T{kcwC<08G` z;BXV%=%b_vWb#K++mf)(NN*m#np*s3*OFk}gWB`hf%3r*5M5nv(g>C;D-Ct^wdQh# z)SRSKzy(yl*>!uDK+7b?Qd(gookS&J#3?KL&(%%U_@Xl^W_on7&rd?^0R6q{hy){cF!yJyM*S&JV? z+b0&p?7*$jWH3Rvy4yiDb4on*3BYG*r3?3s2El#?)UoQDz54TqM}8S2WUXIi`%dn; zeIq8vXDRo2^r+&iwWTAtucqgqgfZOw*A$1E2 zLfm>^jvbY!b`yW5&5$>zpS0JN)O^^S>(@iI-J~B%c;9`Q>d!r<4HCm6O};Jf+!E`2 zGD%pguiR{O8jdy%xPAC8P1<`PXJ)DIVtc)zfOBOME87*OXLMKIq&|bGTo4epceXEn zW~UISBp~om5P1+S+mSJtBX$tmTk*g&Etu6SJn0Xd%M5Qjwz5%(HXVCox9?jKX~kLM zmc5M7B@)Ni>?*5$Vl%&keX=5pDl7Hav1W7C44A8^p8moQN$XselFNKia<9CT(#B@E zHMIqaqS(E7h3K?PTk#oKyGQ{9EZ=4G@iF z3v}rU<^xzAWTyk>ysGyCM-mIAfr6x+Uvh- z$qGK5Uan}+RCIQdR$REWOX3$to+gA>uOB?Sv3_Z~><+QVg?M2hPPfj@|M{kiE)M;B zCk>>{%g?@~e#WVpUHD5C{FWzxOL?E26nuFUQN$Q)n~8?GSm%2lk>z8?LbBAt&zaKp zXe)tM>{R)}lRRYm%ddd1Zi_uFz;QZ{KzO5mKa%2W^8)YX2nbA*cUMux5btF z*<{IuUR*%M47xdqz%5?NaXY(YBZrYvZN)OeHdVg^j?l+IVviN$6f+)~?u-@gL|dfx zu?m!JKnlqn=m6!Hhn}I9ez)|@r%g9G;t?^l-Hr*GG|KvwOKFjja2-UZpx49dc^ zN~r$b1Zbm~wxA*y99&D5HcwFHaNbi6btQ$8z1w*A>uq+auaEIig22lF)Wv^-9Ue@x z$ueJGNC_O+K}w zG}_D%sq|ad^QtS91YKD9Q>I$1hoOEZrjZ-fuIZqGyUvxiE1%`zKeCnE*4>rE^Xs!q zUwz8t8dD;QffVXuT^GYfU^3GCY$O`bTa~vQ@owt)Enr4`-KBXd?4H5DO4{o1&1qw; zH3zSZDhoe4c|N%oGowHsKCNIgu*O*|5!02CbyuD8qJFgD>+R-A-^~idEff*i zZ|vh@k9<7mA_O0tKr(zhT@38CG^O{kioP04G@BIjQF^Dg8X|8ql$OvL?sv3 zis|$9$J@6_hh1K~LRCJ{VUZ*Y-ufH~QK@wDdbrD7IA;sBm^wjs`tnh22{lM;`C@6k z-gcpzN9*}l6KRD-IL_C^aia1Uk4*)EqcRB6LW8ZiLENc$zOlj|y4(^pwY`OXp|7t_ z1Ji_ zCh^SBzVOdmv6kOJkdGVrb*X7m!oq-P7c zu%<8WJtrgPh1<9%&C#M?S6sMk2#a9ZHM*oWkhEOh-;x#L`vXC&5gpDSW`B}BLLCNI z=}gPqO07K6%ER67DIA|Xu@LbUk2(=cvK7Qi@=JYpv=_j``g+m2^SxJq36$kw{~Pz) z@`Y9orn9NRJ_#N0L9H7i;+SHr*3#xn-`sYj0@pk?1zoaI9%GFsNUS4)z~}MTE7r(( ztJb!k6cw$^rX7ENw5pJ~eGN^#bEM5YM1)udnx~?J!grnWN~C<;1)WO+Q+pW*mM_01 z8ivd_XxMT>I4{Bn8SfgKp?B_OSeVd@+v)G~3BdCdy7krM!$;xLG{Hrbt8~v8J%O?w z=l_DLuE@kBAj$tZk4#(k5wIGxhXn_F zJltNU^4Kl4`w$Zl5Rj8+X2lno=q?zt^X9Sa1;2mnICPVECZq@h~K_)6X8TfK26@zl))#(n8+f-QE3vUHF#-ul_$qVVuA7 zS28?`4=Qx>rW7a>yfR3X^!}}|!Imt#6|0G%iJY29b0h`C@nyAuEymc($mU=s(F9Ii z!W7B^rOlfnPs_Zz?PqMseJE#fFizcy@DN5TW$}_Scf{UOJgwI2pS>iO7awtdOzxy^lN%3U7<}}95q3E?- z&G9&tQJSS{#&&G2oQM-fKP_cH!kUED09;m-UhM@rELmIW-k6pX7+65oE0NCP;a{&O z(#wiq`Cb+gB!AT!oxG8czY)dqonmi0+*a5T4M5amf=0ci&nA_HXGSBKNT)s?sJO%; zbZIEBHXlyWtin7;>{+v9Xv}^PCyJKb+u$MvL%Ynd6xKZU4i*)7E!vjU6P;XTIVOuTvrF7Rxq$*4oDD3AFlLMK%hbjToW7NY(e@KcqBatWH^gO_fM09u z5acF!FBUq{)@dlCpTsS+0(&wd5xo7^h_k?32Pb3W(URo#fcXWiOkTUgN7|R3jcRnt zo@%r6H>wht4dm=wf!)Lu`nXfmzc2!nT#jNXi4%seGpwC<5F81%yk}I6DITA$X5HfI z;W-@Q^$(gkUiy?}*1m6LOUnPmqYD&jFFbk*CVJ>8-`~O#rfPe!8XL(4J?EcSwl%Vg z;X<<*Oh(=k@3Sq@R=!|p=75chlWHct;n=yQ=`6$ zLtj}MtcIGJbnN%c#wDI56rKyP-x|}DrY+X!aOi~H>I*N%R0o#C-SlKEkj#bY$o=ZH z##KZ|1-#DZuAu&$^su}vaAf&B-~}3Wm?NnrSJ$Q~UM*_BXr}UXLIStQp{$9D)Wgx} zNCS86RbjN*R55L0WOYLgDMzo#`c+i9a40QSbq$fA(FBeu$x9rt#`H8d<<|8 z5cnpAlU&iGgIuMa-*J9%it^nLBrW_$<7?(~z|LJCI4I-M20m0=Xv8Bt+?uAWUNWf^ zGC&FqckDAp(~5L$*H!YeP*fM5`xxET8zTEWhG1>y8~XJ0`eNnglt#~9$qcCWpggd$ zT{nlD7(AZD99v#4$;1~!Rbf-7M6vYyB_%TXU>zE7QB>2nc{QCoBa%;ySwrh>>5HYyotA4~`Qfa!UHO zdpJhuga*s+b$F$ZVpxtL4qXwhGPov9UAgBM@Xz~|4RtXqn`!XQ4hyB_(+p81W=}7pwntgTIV{j>=_t;Us8+_xrn{ZF z#mFhlFci-pHGL!SEXQl>%zBZSu%I)?%2#-Z;Ly$bL?bH2^Mn$hr0@GoV0ppK$osh> z4>_{l2V;dD5{61s#w&1S`3Dy6Vzm0$O?m5yq5kfCrGuDh4)Ps6gy5M`nT_x4kY;h{ zFiS%%XTPW6C~^KS&~T>4t;5JZP|SN`ZfV@t!!1xrife~i(k6Bc96H>BPSVj9xfxJx`0j8v5VCJ!B3~RmX-}7P5L5u zGH;B=<@V*rWFy#ScMPXy($oqnBq+HyFb5tvg9H38?hNYKbj$>`xb zUKwCu7g>;NOuYexZ)_F>Pfz2t+3jK^st#J!@dU{Q0(}&Nx_bMlC1dM(tmxRDM!|hZ^z|_y?hbXgzE@MM*eVclARTYtza^A!y8@TBa6!ulRzm*IOKzghRCL$R?YJxfinYt6097))>ik^pm;Lpci@{eh`Y4P01zBDIWx_+w!~}d-YAi zfdou`VC99Ze!x(_w47P|I;|mEz@kH5%mcTXIa?+ z?fp?RHI;E~uiZKlsse^E!cBS?-^HLJ@tcXcT+&k{>LbTwa^Tjiwzl?oy5l@7I-kUV zeSUtx^oy~S_xT2(i=~tijbz0Nwp`>DfFdp)q=dk|x5Ijgt*AVkx^@_Kz zV%3-p!jkFbLc!cd=;5;wm&~g zT>NJ~%u*1tLx>j~{Yk;82dmNTJ)6T8_VP~xu&<4bTUx-)JQ=+4EXjH^D!JwO(qeAr z>b*Dfb8Iv~O3)o}e5H^?JCh}F#{o5Z+(@vSam&i94+TEL&&l)sb4x4wTs^JO&&N8T z$F~>HztP;%frI?X>#fwOzBrR(v1e>Oe9v?og_DnG+LI&4TcdmpGDl(aXBY{bI-uii zQFs0%laX?eYn8xxD|xu%uppZ}Hv9e!DnK6czuj&Ae+d=5#Xw@pxO_oBe*Cz&a2C$Y zMDuhPB%{YsVbAlHqK~d&XA)Lb$}7(^DMSH;`QRcW^gt7KEd>PyOG`^%Ute+Ymvi)9 za#^ASkhr(>4kp2vB#ySg{5O6PjfGb zDz?9mnyO?l0kkP06B!2zxiI>2=A1+oXZ2^PuTVn9iwqbWEcijOU+&uoFcBnHLFnY@ z`1;M8{U_E&ZfT32{jNnCHx>2G)1|z4nG3Qy1}CrL0a@>K6+_OBtC>+q#yzRfwi^<{OLR39=ODP%Qe%=ks317Cm_4=*W=o{XwCd46r6+<8TRUzacq zN55=B`8p}_Qz#8)8d=5}$dyuIiOu%gpii!wsl?P}zEB}aUkoQgut5oa^foRt z9RXjgeg3ogRbl7*V8R$44av9X0fN-X_akbeMNd3d*&(lAzdk!Z-+#bq^xsm~C-*>m zm-kj$y1^#;wYw%|#VO-kv&Jr3Jn;B!Vdpoc3eXTKHaGo``O`NWze~aKM{G#9|C=x0 zbr}-QcXxO3@W}HhtP=hX)+v)7^ z!hR2rTVDLpi#$(i`Ci=ZJGa8)cA$j1@QHg}liYV`Nwv6T({^SgXBg1S%<6Bw$tAFp zbQh+~?bD(Yrsor5pc5@EWB5mtA9HW6T*nTY>0Oz}cA3);jEQR(UgMlAP#ige--X`_ zT|auUYsOXCT&!HOUC6}T0n&@A#DwD(f4uxN-+%QJ z3AhImLs!C&DfG$?OPx{6lG@J4)8)riH=hto9E{^rM|l{l`W&Q^0=Mu%VWGyEJfYor zc@3efDx!lYnIZx}Ob)?nX%E)ke6{GdaHp@nA6xM7KdL$j8<|?h#cupeuZH-eC`=U$ zo~X0EG!+PK=b*h={Y#qcR!?N|HeJqW!RKVh`uA-nnHg};w?rLhznpI2=;Y<~DenhJ znt5GjnyzpVrsI*~ty$HSJZ*T%!ojcXo_ynd(WGBz__H7Z(rHGRdzp2y!Bs^v7L@15 z|5mQ;1GNq517F@HPOc4l^{m6|TjT=UAQw2YxAf_$lv2jWnS(pB!l86LV(4(aY88)| z?2t)QSFW&>)ZzEU5YDaQTr8C#*xb4|TG-8LXVZU9*(wk#$&Y5?dR{$rY53bq+M7+| zsXv9p5-#aYwBc%sYh|%ccNi|sF&fe(g*>ZH%z@Y9nn`a#4p+N34}rV}3WWy4?KmID z4CO|Nv(?@o+VFtlmeedZz|cn&lAkxmt2Kxan{o%6H17Ez60seLvav~J_xE}vd?f&iY&~ zW2iRYF9*$kqzRtcO&OZ>2|k|bS=Xmc z>-N0tPL8*rcOus8T4!WhDk>R{b2gCfFwqT8v<4+U6(qu`e{`JL9 z4(l0V{1k!U0J{!bx178-)!Vmj&A(W2WCv<94^yqihKtJ9_gob`_;@hgGr=z{RCei19vd(R@Es@)j%5a)$= z9Sc0oy)pah7aHxyje7|V8qvmqPhYC;aMh~iAzx0&G&yGnOT;%iY~~n;qjvL^HrS<5@tWpKQ90IJYI1lI8pu<+ z#YF>3<@Bp_hk{A)<~%E2881(de}-+PX?fOQ1Yf$3>-*Gr>GN~iv6aJpS6c7(;o;v1 ze_K{l=sJ-(Iw2&gM{VQ%$g}G@WISqW_eDy^h;q@4FTypA-)Q>SY74`5EG?>>vXi4D-YB<9_aM65eJx9Il2 zIfP`2onurn)4XmRe`_ir++A(sUhBIp>R6JMP1&0Nq`@rjnF-rb=rtw z^p6xG@fBA7z~+aIvDAK4ys8fiP(ndK3iPu?-sg$*@;dGuHNDx1_&I`>2r{;%BWP}I zaI=S|%g)HI#Xt^m_>*2|mza|ac&RdHkM9rOvNMA?}?IqC?nq}$cx_NY{vd1K7xoS&&Tm1jwWH~oubJ>!?u}VR zm3#mYj=jgVZLF#d9wH{CrB~$RA2A$ghm|DyV&*o`ymyHu^amEhu;gk#+dsPOP!Ttx zT0h&>2C?mvS_@{ruY=Quf#VpH~j#8~-~cB{(u)`}Ak`55S1^b8qFQ;W(Cd&^0;lY9)quCnFVA zwMl*nM;z>(&S=uq9s~qB7+M|-6=F>BYQ{os_UVNDUr4|z(zY9aK8enV(Y&FG34!Sl z(_Xo~4K}i*eaC9u<*MRZpu_m4D3=!9vQDB$J*Qpiw&f?RgU21fGiX9|wF zXN&K1Ff#F2MEeeU@2H#Io||D**O9W>o`q3Avm!xiKOz>+GeSOHsTp~MPf2i4MofzE zS)LQ#_pLczD3y%-9#M+fn{wUro!=B31f)ts)|twWu;{g1RHf`W?ufTV6(!=E*hMzW zHSCQwt0uPR;zI;s6B@T0o^yK(=w7o7RrgyV8G87-ldh{lHOJQJB7btM3Kifs1?57W zjFo!GMIGCx&2UZSEE;svVU?$Tm zsf#rhTi`yJgd7CugP)6Fy7B#j7+!WE<@Hr}m#cQQ+vG`bd9q#7D(HwJtDUXx&=)E1 zk2U9p?63?4{yq=9y036z9UOb}v#lWIJ?YF24^5Q~(%DQ57cLv{4Sz0N_BxZ8MO12{ zm6e~Pl{U|0mK1UG@y5hth+gG7N-hJ_sD)MX1C9WHgpZsl#rGACE(bKOZN|)Z;LEt= zoB6FRTzc=1TMB{FU_KweAkxBL5n>+{$KIf3(jvpoi7@hxPiRxvJXa{(@+>OX03sn$ zz$oBIRO)BuGaDiYC*J`a@%i}_7kMC{Y2PoAFqnInoXgapYVH~eh6=dmMTYsh-ebvmoa-)zwy~+Y>K?5;7BEdS zOY;93nW*^rYE874$#r@w%FPn<-E}^@Ky-=8^s9O+z6IDv3<7gt-kVO09EeMig5*d1 zLk%Na)-7MfqOnSw=^Y!~!?6(+x>4<(c~47sUIhfT(OwP^~%V zmocmO4U>3Ujvae=cu)X=O>eV%{9e_mdn50#IVlwMcf`08uxMF6qQd&ieMinMe-`Z^ z0oeNw0%a5xD~mqf3fa&G6^}Bd0rFYxnK|Nr6E;f{EQe zAb}uUF#8D?KH}v@vg^bXsIQ+yTJL)O?Z&Jo-0sk7Y=N+9g{mX1O#9lov#0_Gkr$l{ zG)qrguqzsjuak*kv-`8Hjd>bc@sSX`b}(^%hvm?orqGe*L;EGCJ1L6?T>NoV;eEzU$FunRfnQDMAEWV`$kSLbrE9W|{O)}BQ*z6W)R%9 z>-b9ksCvT_@0@b=K?6Sis9#GZaE}_g$-{_*m)ef0MwgBQrZqeAh2`Xf4hqZ7EI!&d zRGU1S;m&*wM)P$-godj|Sa(|QJYvrFW$)zBWM{-}cc-ZFRj)d5I8sRmxKqsM+oaAS zNA~#cUMx)KZl@kcP)bP?;j{cC4bJkC!47($S8Nl1yC4Ao*aQy(*%z>5;(8>SMjS~F zd0l$SmS>Wy8iYkpwL35H-qcW_SVR1BM4;kyUn(BDw?$JfB9^L?B@r6il~h+ z?nVtyuVPeZ>KFc4KT@Kj-r^$V=wsJ$)I54Z6LnSm-}r2!*z9Pa@ZvtU3>0KzC~~Vg zAs~O9TGB<^?QyP(CaSM@5X=H_5yO1%@L%x1xUFfIlkIyu0isfPlm2D>adgK%OjIh3 zh~M{@rCw_AhV)6&CtK&8u_0R2NTCc$KLJf9ymnoY+r-f*LdyHycCm4pno-4yaYm#| z?r$ay^Z&125ym2pq2E8+ei05Eqi_d;QBqXEA`(kr;So5(`c`}}ga`e@=eQ@BU0wzC zMR|AYNuo!dkaDs|rvZEs?Ui~iAnmN&c@yjuK^6UQx=cJi- z^4AXU&+q6r6d@0-CAL*0uV?`OI?ct+Bk0nO$1jG73@ro<7dHrHpHK7dX@f~=p>`P} zWd@aGaApaXSuGy^qr3K6pXmqVkz_{mNGkMs^Jja%tUbMoHr7Mm*GYVY}dr*ZqS8_xRbDs7qA6zLS`$^a{TP>TA{n_{ZNU}3dJFe!ei$d=tDYcK? zSh_R*8DK>*^bSZNPx4Tp*omWsEl&aXrueECB&N+RulPX^GuaZW_+Jg!0Zv28(pGD- zYPcSGY6V+^-50qUYK;Q9H+CWMJ?GB=!Z;*>QM>w0@;IW7mUQ7QD^ow-^;EJyI0g`_ zXbic@FY8$FE~LQ(ib)kiagEy!?#Z6{2U~W&6lOwFfEz+`R&HQAo-_==Ni*^YX5@=- zW4>p{fRiWWsPu1eS)Q6C+5}YA#C|PA_OT;n4jKf`ySt=2w7kWv(*maFtF+EK-8Dp& zv=H!l2dzH85JOs2W@N+puS_Iq%4sx0weC#V>f&G=FOzb_LqB_ypvEkXNH=bkTlr99 z+h#Kcirac9`?8micf}I?fR)f*T;U`BAKRc)-e&Kuy`F(fAL`;fu4ZuFII1_OwFq|flsxYLkUw`fXzuabO>O5du)QOVzz-x*sD-Dw zNM(_O)jm0{Vm+e!IVl{}3z>BW$JxCD15OCn*&%Y6((k>FJYQ0KI(uwH{rYWt`n>+^ z@=A$uy}PgFvOyf&$M^fRT}_HTM*_cwGJ6D%o|J-p)sX!0fM5z+hLW-PdML8vn# zjS#_UAG&po%t~W_hvWz}*{e3WMt93% zDwg)*-}%PqV=9@jb&BMtX&72Gg&?PmQ}o)(k#Qu6j41t802Pa|!2WE!OvvH=nbAeV zNQut?Q^$v5TMy)3^xi^(Qto$jjoPDgT(#5m)X)S{onLZqczW72m7C2X=ZGLmohUeU zpgj7>{sa4>nv$g)&RpPlTnFr4yMvkvH_UA$B=7jPhyv@(&qImV+RTD1zrQ_En4!ct zV)+j0tY2(Lsz~D5;VWxyX7OELHZ*@3o5&lB83g#Its4-v3OpRDjZ7$+-0V%XE>7h; zSotnj-@<8ovvUiYJOSG1p;=gVS#h733C6@lhZy9Cg;shGg^?gPkbHPwf20VbwuZRH z28Dyv`%1gKBvKQlGp2Q&88LyDC;40krW#k-o%i}6WBr(IJZ&$N7agh$Txup6D`p0d zcER-sh@3yr2dlWlE5#rrMAy(*fK?j7>&l*~Vj`5vAtz$T{m|5* zRGc8;@p5L!`l7SM1tjJOR;stPJDagudpd&EifG>#g=AP!K>D;z;;lqu+Z{vhN_EEL zO4X0m>vdEU@fTQRwG#)e6_~Z4M~6GKEefI~AM?#U|5@`Zi?}PaYndpuB;=UUMT_2C zro|6Kgg=F<8X{KGzNxM0YxUY_O29d1FrkCi4DH5BOyk_U~*OGE&kc7e}i; z$#n$)GE*bzknLhCPXC=YDP&pGf4ZX#nZk0W=66x})s4yFc0couxc&WJ?|-b2GMsoF zSjM08hRg{^D}c$Oi5)4eg#$S_FF1Gk!orqLEmc|k1{SWo_`&O+k|Y&c(&Z2Cd%2JL~+8f918~6tPZ3FgNP|F$q^@|!5{;SsE?3G!W zexDWtXQ3@BABPxC*6*-L%&APJmOhiR!HAJHUsSB{K?%%f{|q7-O3fTqmqTJ~j#C-E zy%!4YjFeop6r1{us~4qD?QG&X_{VOiGt73g^oY5@C<*EgL@P!6y!{n9D9%dCDG(wb zl63{_|EcNE05>|r)&e{@0!9sW14h%ng|;aDAH{uTP+U=)CQ+IIp^-p>rh^4{2%a>- z-Gesn5?mVsX(YJ21b25&aF@nCI5h6su$^yqc4uejtD2gs+5JOR-@0|V=bU?9dEV!J z&b7hW50O_Y=K~B6Y#{J!TcZ*DR<}Xga=yHuP>^^S6qz{K&iJ%=aOkc4; z$JKkbt-TFxwrgBOxbqmHMR1&qB)C+a&Yd?OwdYoP#f_Ajd=)4=2oOr*U1KHdx*7P< zYntg$p1`tc&caAsE(f|raOrZHjS+dREC_d2-|i{jd4*|M#b?v&F-QXZHt;yp)04T!>ktq1na^%Z(2jfuX8 zG8=t&S8$7UB>l`^&ll6$2cg8AjU3$yig}5f__YGZ`y$u^BPTLeSf zu&2{FajQvy=Tk+c>Nlrtb>d;i+VR&MQoAdkoM~gq>po!OMNtP0Hm5c9ODyU}E3^LM zprjI)q&HFYL7A?lg%8wC$kL){^-}^XzY)K+}s?sTTgM++VfinxXbI%xd(vGbKQBI+hc!SBZg2hBm*9AGR zBG+6_OeS@%Cb*jcUf5N7-;CR&>@KRZ6PEGlIf}OOinrSV?O)b>nv7@SuuZ1zS|LNO z;e1mubajfG&;EXhqg94lz>7&IlO9uBg{4Bqsb|tpK^A-=>=GNRNO0(W0%=haKa`>9 zko!#s1xqWPSBl?$)2%!-ZtPN)rnWnl#b(a2yv`9y>=9*uC`rV9C+cc8xB0H?_hKJ8 zFM)Z?9=4=*uk%y|LoC7k^+wO@MGLq;uq9r|-DAv8;ku~!r40t8BHE+UgU>jD8qX)o z;X*Y>EHZAMt)5D}ZUjZ2Z+gdYXm|7QC2Bo-9tJRITq6!8ZR9_A+_;AJ(+>qQxj(`0 zsh0jq4M57)ufcx;ocZ*lpRy3_sj4=q6=OmG zPCAKCgzVPAV7|u(8j)vY1gh(w?pbhN1ne^oWpU14!o@{n2ai3x<4dO|>%wSXwm{mb ztE;L%mgRK8Z80L_G&C?Z!E=lmTHrL^y5uE1I3~!+_!=vHLN)TuvNc^04>^r~r=A|T zHPAq~tdN8;z~>)s;0^djq&kuAC;*)+`#{A=U~ed7@ZR9dXy)`86QSF}kgfkDW`=)& z*)CW@`F{xts3g-HYkO{3ZWbVgrWMPAK;azVv*l3@Oz~7ZW+%KmCj=Q-B+CfJlCz+Ay(3$ zHYnSm@qe!xDAPm_%;eUP#r4^12+_h!dg^zNmo{vFF$)lzKPn|`{3G8;+dQni-p zu*a04IP=DmyEDv;HAef5by?}}9c6RdV={Lh{dlP0J4kQckt-{l)q1}P4vcseTedKK zdyBYo-W^XZHNLbkkq-1?j6UE^f)CT(Tc)oUsK3Z9wUz=X-tn8KUcQ*YsZzpQc}H;% zCQpsWHk{|9vSKEIeu+gAKlA+Z3hf^7FOkW}mK5FH5EC@rE?_Mn>;KGd@86=J;_oc1 z)2>Q1vl%fDi z5beJ*0+g)RqVnH|WzK>=r@ioN|0_5r?4OO%7h?hgy2ZP`U^IjaWp@yP9GuK`w~cn_-lw zoEnK=#9hHMfI(WC;g;9KmA!*V1CbJVT^koSh5vo&JvQVPUx}LH&KOn_yT3p=Ytb={ z8r)&V-8w3$d)F@o_xif`r?q)1%$ff#0rB+3-^aN}Jw(6gDE>QoPv<#qm{smjI)9YP zP~245(q%tFeHgWL-$vx-{UeZ-r+2$HhKa9c-tEUpElDO{$;h3@Sm&K{o!E2bY$UJ#}OdgzN|S>G9L?mm|tpn z=!y~cLVNh$+Lp}0k+-W7U67l^Y+)ei0<`9+|ZJqfW2SCNQt=65!jCZ2pHSu}Rqc5g)emP*v zx52G3-WdWgGN-7~U&y5DDx=!I<}_pebZCpcpVytt;!b~xrni)Y1ZFy&jkcs`Ta^RT zFpL*-JMHkmb37ZC&57XTBi-hrvx9MU!LoS@9pMJL30d#G{wVdqu)@fD`N7+RhI-v) z(z+X~Y4H|$B&7@tf`s#tNFlyUXp{IsBR1E`!k zqm-bUU0FrWhQ6$uZslMsnaOZ`?sP&DUMMJASVsXqLS&hoR?E5IHkh3Z1&npb%XJ1P z@QC=|J62uVa(;M>Huy;!2Gn{dJVUuwMcwFeSH^-}qVy8<8D~+#7=bM_cQ?hW@5Jn0 z%?tV6`Dmr;+TYE!g8&M~uX(da*9<>=b0C)~6j%1n4VE{f)w|Y^rvhc0@MzUu{Pi^X z?ahRA|5qKFn}jSiz53|9#9-9L>?r0_NjCv zzJn#WO6srr0fZ*n(_+XAwYRz{o8kRI2@d$W^A=}yjIvY4m1JQ5R!YQ^WMxcO8;mwB zE<$2+z89HK2ZJ+9c*JM6ayRR9x&)nXHNo2(0m2ue4OONwhqoOzoX^pI-F2%1*t)gC zdS`Ws$mxXP><2(_w2O-?LZn|D(Yu^17th3^ccJi%1g3qz&)v>Js9oVbw~%$p#PTW8QYBwp}wolTDcI>AZnS^OAQT;`S$)i zF=R3?1j5bv<$A9%U77o0Mb2FJ<=B2x;wSQCSPPT?ek%XRr^li&&nPjXAkV7)B#|2u zzZK`)lkvFwCwi>qOuQ&+Pv4sWjsd>=$kpTT5U~7L;p={)=?Te%+Uf$3>12E89;JzgNq3pIFmI+Y%aVtcqAN@vTzbCX1*_CCguehcD*s6 z34JGDO;T!rz_-`Y*qouwwh?A_fzxuz0=iNT)V!Ok_+^%lwsSws=(SOz{SxSQ1F*#g zr=41!jlbX42n{1CW)D%qXA(xXI}a=GD?CK(zc*EtB_`1ycDLWo80g#6H zQ8UaAowUL~cJ&|n{H?*|2N_x2thg{A^GeA6c0G%%aL;x?fb`{DSXi3f6Y>eA<#KDxQ~sz$c^7Uny2iGlt4;ngw;7|UrSc1X$j3*Smj^UsOpP?v`z6ZBVRvCR8k}&xaWwjS3Hqo zcHL0vMgJQ|ubO*cTCj0(-6O#%FB|2EsyF!Ua0W6{nX5FQL4G4kuEd$kP7uDd6}<+^ zN{@R}!DhPak{mk{Ol}+2wkr;rL^XB|d_5QZ9uvt+&QylpO5MA1n0UW)Iz;+1+4;PS zl8;F9iX<6n;WUluXKlb4ad4<G!K5{SHDOlNF z3gKRCo1AJ6V58w1n7U!-?WCmI9d_X*@kU2u4Ifnc8%%uoD=quqTi*DerIXQS(eO(r zM;yhAGV~ntfLYkq_x?i}s! zBz9&A7yT`=O_GDRpk|qy451_0?79WL03*6dy@enW#0|kj)LV-OiPu_a-*^oP!GZ3V zTU{p(#j98i-^9C3QYVEO+D@+Uy#gMZy61!Ok=Z}4RYz`GE%N&^N*gO>{HPFSMF?B} zh*~aTdvnE0nO2^8;0u)$cXNTHv~9}|iEn=lnl59b4a!#m!GwmYbW|hITb&r*D#MeV z5!|SCOk1nnWPFO-Gu4c?SKy?$?-_O|z|cJjXkeb?Ao4D}b|~NC8JYti55#%=b|4(s znbgl&c<1OuV;E3IH+^m9mdBeQZPqMqHhSYt$_xF$_8^COeNEjpZ;+fjn0m#w&9h^;N= ztkUF2_xHxO>zhS6WRI0Hex`0bwS;<#8SyA0pG7_x@4I?jYwj6{>Ow~^t z9OWh_&O?E4MG<)x(z!+{T*CLka>FfC8w&VJli3ZoV$`Kv8u%1U!U|>Z0EJaQFA>3B zA=qBh8p?RC@xdHbGXow?p*K5qnU(R zqNo@=teS>s(9y+azp)04ZVmJ;nR7+^t22R&#N=Cx78qq2O%eIETp6`lCm&8(o?-s2 zdhiU3NQgt56Sn);Ft2nqm(9Leu zfHBu1WEMw#Qn^C0c4rQV&oH+oPS|Hp9=7|wBrbDFy*RpyqV>VXcS>>XkYdqh+js=k z+WqaY8w%Lj&M2ZI7a)J*JvC9Biv#kyn)=SacDE?04si>beE;FE{TyO@L=MiFZ|`+- zQ%$9OKc1U)Kl3Fnm0;sgGRj7%GDqtqQC=n;Ck`}sW@fn)m;a}{zB6>EXLy5YdKyNv zJVh$4!x-HU77@vu-dH~5xae?7(IKKbIf}Ds;QPoS{6bfIP?HWNJ$if9ryQozMx2Ez z1hPJ_BP+0y~IEjl@~g#0b}Wq32nv&QYk#2S?oAAo4?u1wa+{d zey^JU)-SEH=2<92X7Vi=s#>bo`iC2p2kGgG{3p${NgP;W(qZdrv;HG4-P^^k%6e=M z?~)z3{Kg%QV%fm7MCY+-u6Eg z2WT>!@`wf*&Q2zsaYCK)YC9#mgoN%-&I4>)xaCr;GxlxY&$UwZPEU_O2Jbr0(2cy9I+B|R zx4&C#K{EQfER!VP1JM$aO(SA<+wD$T8-Q9@P7)BOV)Ulm zRra)|>`R`7`=bW8RwbL+03a#=^eX`7h}-13;jb5-rhAQMD%`$UUq}2-tRr=qaeFi=D57wE6Ck>8`i0!<-Gc*xhxHr_mK*~MR|AC$>i`H3 ze3I7D*u>7T&AISYONI!%H}~WbOi%JSywSOc7nYwEwE=37FCKvILug-}7PCNRD?q{w#(vY@)S#0o7?v^H2G84bYGVW zx|1j}g!T=tpuU4F)OX-mSb9qG7}oquAWeY)_@<3nuCrG+!^&RKS& zVja!L!}FM-1O#)niK2d!bD5MT02R!HI`OIXu6H=pzRtO2p>8_;?m$sgoX3}QQ<@!! zq5sjqrl7L*_6cJRLZlO7Q?y|AQM zpuy-Gl!>dKqvv8@Mgy0b#!Vnzv;muvQ(40QR0p4hSh}ao+eqrE(gk``D-BhjyWRnR zo)GeC>d*?i7W?#9yA!FmY%%9kLTCgRIyC!%z29_`PB z% zxMy2Q`##daR>|xdnxWl%aovY|N74-zq?4s?8n20B6fM8Vd0G_aLMvSj+vZ)!AEP;R zGQxn9F2-wMU-9RRBOlZXiPADaH`M6|v}Y>_F$j1&K0@cr1J&^TV<)yXNA>dmrt*XxTD+VmMULHE1!A;GcAGk$*?P-B~g@~@L9o?HsF zTuipZ^-+JFEv>VTMyJAX@68_RXdgiiR-qw=p9}$KSjQ`V*--{{3lQ&oTTdFE+EsF4m zjvw>tQK!|01M<*3Z>uhW1=Oj~RwmfW#`ke=ZH*{0Mt#xR%xv75pj(nh%`4jx-+F_8 zRfKv;*FaLj^JeEpNSW)$jY8yJ9U?`D_H274iR=@uxMo6`_@vgut~>^=lCZb8aDk^z zT0=kom?x`toS_p(!UlNmK6kk)I@1{b>tg|@fWAw^vAoo7(lgz^+#VzUlJGc}=xkxuXE9}$sR-yZPJ z(H!J@V0_=pi@KFVY~>N&Ugc@0Sx8#oTX_B%k8g-}n9G>zzmttLa6YK-^GH;JkO&=s z6}zFaVdT4o!}6inae*z+#|E``aJ?3TRD{U*^%G0uB}?X)X16T1FUke|;)@jGE(fn- zWjx4RDomf*9h7QWs_><5_USitZfYCIN6D0OmZE)vx|Iq~YjFFthBY+T>AS2&&u;teixpX2fC0Fy+^o;`z~u5D&P~l-_NRTO{Bz$Rb_N~ z8ebZj1#<{&HkzS%4S*~sMNo*K zImQd5lENmfNPN_j%6rZUh19l0^WNcbHYc)OCYk-b-zxa*tRc$fOOMg2{C9!yykN(z z#LVh#KbvfEz4i=`y`Tat_x0;*o#RjMcp^ESPb&nE!G?eWl1f56-CZ0at1yG`2<8Ds z9>&>UyUVQs!ZcUs2;{rJD2H@Px9!ORZ@cuK%39x4nR9$a0&jr?ty_2+--z zMf7G|>8GL58Uh@4`mOG@JlRVId1I3_Yo6lF%kL<#d?K$O`!}6BX`@xbYU{1G()tuh zuG3yfO3dxt!SbqzGm>o*kvFxK5kNr}q!ssI6tg(3feLhMg!@*5A^fdmEyq*7SKBG* zxiI?^lU!3GFrR7UTKzLLlc7Doh@9MtZ-AL;BN7kDn=z77|xd!ORR}D}G3fYXF%>%Un!RafIkmb?P(wR@QsQ zd1m8zQt@+$j3cg?QOvZ^&K{W>)H~ynV(m3}E%dfMGrW#Br0u8Bq>&iQkoRf?p zK}Qaz-rAm?pdq)3#jR;k+t!<n_sMv@~I2tZi#(s}4NfX*Asb>`bl zA`_@w1=?jB`P!BwCs*1=gkbs8T?5~1muo3-!8knk%_@f z#DM@J;MRD_z`G!ECiE-5v`E##oABJ5vTTXz6qh+1@$==`oG)?9M$thRwwuX&&uN-T zGO#a;lF$eA^&X?up{!Z%4!%7WX#bQ_e^~?H-Azir5My880!*iljtVz|gL4Zoc>NXb zG@2eq5>sq@ePvwI0lH-_9xpy@&H4k84JICc;F;>q4-r2uRy*^DVg-lAp)+x}D$9N~ zk9L`P$;>_=-5kTXGLCbftOTEErf@pKDP_gux<2HthKQJb$>G3i=gyWBDU0hP*&G2% z4~ljCqXhq_ANAQFf&0O#Lo&D=qA0Y3#~33G7R zVN65?huTKtS=OpshnMAb_a6kqndX6+OKCc9%8xbM=oGgzXyaqUXXM>7vy5cV;uz%M zR^6a%j!CD4@`A7R8k4M{k8RYR{TW4#Q8hgx!?2enPf^eqz=n=3c+bQnwkp;rMPTlS zj%Q^7F2(RTiRx&PfOD8#+ZZ>s&L<0Q4vafAsr5EXpwI<#u^wJbP%f5dMEYANqNBw- zm&veDXEidpP|ORvS5cX0UERJn;lg@?y)>|VoL7BbMZ+ysq3|)1Zr@>iQ`!w2&f_2DK6cWi&?Ff^gW1ANn}!UI1jUqHcV z%lcosE^yv-)4djZ$0|Se0{s^+3h(*XBfhSW|Mrw^V*Q&-|1@qH(vL>6K%nhN6|^G? zZU&GMzYA&jThUL)iCda^n$ix$6IZ|TSYBGLd{ag=%1Ew0JAIllWj2}JZ-U2bVQ()+ zQIuPDFfrxoW|XbX9IoZPeZw%&nX@OYWsq$^LE(LU(^03ZMbnq-Pabbn9AXmwBSdn+ z;n>eO@wvq|N<)J^u`E2C%F}6hnzOi)TEIP!gnOXvab1F(8E|1|X|O$+0YLm3axC-lk;&j9VFA zp>N%@^&y{KlPaO8So?LzrTcg5`8_-SCNtM! zWE^DHk0!!K%~XS^)^Hp|(osn31ROH^s`;)Ttlr{xrQwC#fV4$ROQ5Z(;bgC zo4QwiYbESRWKXm}zJL8!b@Eh(tF!T_e9f0V0zL9SG%!a*cM2M~{Bv92W5NIJsw*Jg zpyPN;alFS13*0)Ez1UQYyB{MYW!@C-w0L}Qi=2sdBpM*J9W1iCCE53IctZll=wYFd z)**bey<0Y;yCfvGD|TqqCxR5XI>6KTf|{*G*PcYKl}`pl8S$Kqj0PeaJY4op-(BD% zqB{%(CxH>=)H^v$7nl`@Z6E%`;OVrhDi`0W0`&A)Tb}B$T0JC;W-_hqYLfz z(m)s&V!Ca-fMVlm34NW8v(w&<*rBxxmRsgdffSCztNMnf6T$Ua7i@kDeoTTO{8a8; zuAOOYrD4~_w`f-@f4`hUHmo%1KmKqcLm9W32$bk6Nl^%OroOC=^B6A_fDy07QfK{t zx!{aud%by59xuz_>6;?Ty$)1;qt^o0W-~Z2io&|851@()lxHU3xj4}TCB*KE4VF9b z<^W2Wl5IujKQW-sEkz5Y(JBg;&LNpxlq|Me)SdT^xA>7$>gYmkOGe zPIs}%{^%KzfD3Q=q0ub6T2m-8U1OOlolq@L7XZgFgFxzQs^%zBl~`%@L0SogQmK^ z_Y1x~AxbzqmJ+#n>~nzLv%2^!vU`e#^=cUw(Rlv#bGEE(;JqiWMwCq|anckeuH9h# z<_FeKi(X*;*9kuh7aLgnHh1^v!f=e$t@4EEqOH(rni-@4{rO0XrB`U1jHRd=$qv2l z!6#R-JR)6%xDDzmDA=4w77BI-O{mv`C0t8-i}D*U{?u5k>+7y2rL68c$qt?O4+7wn z4F+Q0_cxpAL;~IPGggiAG{w!anUW8sR-tuEq^Lurs(dg&>N}gk*6FkBR|@e&TWxct z@_~r9R$f;3!xEmGaz&`shgPM==KAEtzcBp2&*dw0JooBh=pG^><1wj}dmQ_tRZ-Z# zPww(=yqbSZtyNU6uWo+YjEaUjT_69p>|g$Ho&F4MlN9Bp-Om5Fa|7Rw*`e^ftN`+L zT8YJHo;(jaHHKNKssYMtzEEwy?DrolDt_K)jgOB&l>Je(5Jv;Q^t?RzBl3<9mW5l0 zi?6mgkw#7hUXCeSh=ul&ppSiE$j&Mmby(I~f~T8CY#oT^Ga)g3bRT|Ie>&pueoXn_ zChSHxeCH~HmvUAbc+8mkFEy(LTJnFNgepD>ZL3od*!ChmPV+RiXYkqpFass0;t@Fw1}H)_#+^Tplc932yozEzy2)!A4VfW}VE% zJvU26k}mKSZL-rMUx9zPd4Ol&hagaY;5h= z4rQarqqZlMy)~JVGi-WKAfB4Ss30+ySDi+9sq_FT_mG5^bg{lL>B!{pl*05Fgr9kfiaE;F!^183$t%ew`DL#kbjN6WAlN21VlA|~d`1LY zWD56F%RQG|<*kp?r&2eq240CuPVw0Zj?7$@4qM__^tjuBN<@Oecx_5f_tMf(=&_Ej zfn2INxR*VLvFZN1snle`q!3LQi=qs`P1D4B6w5_-2oP`8+)YC<=`GAp&%TSZn`oUk zIyUzEX}Ajg{-_~2t9&B*#VwRab|7OEFz@DyI>@K6jb4>F)+x&}#%<(m{o`#*l#cW( zkKGEPXWy7$quOHLtt~on3O92$?sfq{xbs7;OmlVl5c>+3^x`tlFEu~Xf!X6GeoyrT zBBHx#k-$aMe1j6RaVHVnQpEcZ%=z0bo`KW;ekmF!loS;f>ffV4k*s}P4%Y8L;xf5& zsRH7fS+Vh#O^*gW02#a??k>(bRwL$)J(R?!$!GO zUE;m#$wBF%nh--2r`o0;BWAyOHh}jEEjIv|)U^FOh-&A+y~kjb88*}PSTxy|&nWhX zj>E#$?QH;|v>MVzcl!W>1F|@qJRcOj*D4I%J!EfPT0pd&=T=oEvg+f%e%+h>@^m@Y zeKRj7Cr6E+9kfm!Ip66#Z6>T@9T{lw64_U)tAymKleDHZeGclJSR}?&ZihDKj4|+J zZ;>*zES=db*s*+b!vS%+u!)+uf)fi`4U9KI>tOdlXebrvc&CjEdk#zHOD~VpbTRX9?P!vI8>Gm!~EB$V}!!GI&QR9`>8D$o-2WykKF~IPbeKQWrtInaJ%out@k!2&< zBo}*Xe)4uR8j#V?H#_^T+FGi*^|po+?cdfb|JGN~25kWu4bn(GmtX!2a?g!;t-}Tq zKRKk7c(>53KgCbMSaFj-&$>*h3MbQ27EQKqn;Lw;aje{CG=s6a8IO{l~sS1Wj|VtpRET6+fyIsUX6D^65xcy%X`0F zO=71%B;;(Rv43@lf?t=%?)zvcXJ6#GXb#1^lKXazftr{xB+>NK1M{zp{bb-kj3}Pi zw=>C=)}Z`TV@AWZXUu!KC%Z{STX#vjY$evE=Zb(!E>%(pOdfj~TjO z1KO`d+e|GyaUf0@QRBZ-aWhj+kzvI9(M+|1k=PY}lULC2=pWM*LSEmh5$Cvqbo4u4 z=G1JVHt-&wU^}*jI})+r^yNFj=Z$l!s~x)tti*dBp~VBi4kYKT_J(Gjp9apJT?`gb z>}yrFMFwMK3iI5P615^Xt0z$bjN)6^X7lldLxG*}QE)a3 ze8=sP&^FU=w>ff@Fx%T~)W(DMOBmJKg-K(Q(7cjbJ3_KaR~6~DqsD`hTfUD+fuWpC z=-&bQo_+j9`~ozE%6-p_EY6pkb`=CqGQ6#Z7j8~$GdL}z=DprgKP37q6}35e43$gu zsJJAQo0G5}^b5GoSf(6=xD7UU?tOFSMZ2Q7!4;8k5*F#a9J(2|c`R3+wZkYU*)Nn5 z7vcWi!}?@rYgrHU4DvFZ1w55 zu4g{M?pQA7>HiPGyCeBKaj?YvvO+af@@F8G;A4Zjl;YiSbS$o`?RXWx&Q!01JTW32z&DeL_y^m>ewbW`;$RIN)IRl!8)3RUeYU`#82LUPMIB;Zs)X$o z>D*X`auCsE@8n_fh+fqJo+a1T{#nzD!k!3wk4jPY_5R_CRXnrR> zYx4!&pWGa&(>5te0E|3RR$RP&_*(Pvd~afoi&uPn+G;?!+}X)%oF`71BjhuyurZ#Q z-Nuzc5ffiPBQ9#GI6XjAfxP!uI%OJ{4O9+*&^ppEs_WJPhaeUmp(f!^?L_|ToFSvp zPEDTAe$TTAxld_(BL|nxltU@2P0EXMj?XNjfY$G=Eo|J5y<`Ubfg?=p%Cj?L_ok9T zF>fDNQWVZOVOgBOabBq}H7e_*RZRo~yHgG_u|S>p&vOW;Yig(NnkS;)E*KY>l2_MF z5>j0OjTXxG+CLz|+PiEXw{_l0bJek|cL!gu#xS5*CKqmA313$lA-kHI#5S=Txm$}n z4{Gw5@$YN=;kD^9f^+>B7*IX~>TR2{-~|X57Anu$$=8G*f1;OJ9Ra)V zPJ-Z^`|&4TKYB`es#_0C)d%k$Dc~F8FZWXj&bnQ6zujdDi|pX;Nfmb>MY|h8B_78e z94t!>md+fu1*1T)ih2h4BMm)zNDJZF*A2cXinIrCk()P*Ftz5Y*b(88L?3()K@PP? z)rkKmsAh+gqukP3;jJ227d$#CPFP1ZnA)Rly}%4pso5dlR4yQKxC6wa$X)Iq6D3Xn z@Wt`oj-f8m$|kuXZXjV!m!#m;AU~d~_`bsZInPb?eb&E+&F)4}`M&Jz-^5za0({@J z+e)lEHVxB`X2DKsgctOU2!;nw|G174yrB;kf_3I@6yyOw`&&hH2fm`b-e;jjv~A6$ z3#-zeE`S{soGRqiYPD8+-u6(QDrHMayz|rJMdhNZq+1l`BCrlN?8!t?JCi*9-z$;Uahy7o$UU-4rW@%p2Sd z3G0|GaSs>vLBLE$L>dCh@Ld1~4*v<;gZ5#X;(_-*)Nc`8mcBT*!;Q%Nc@?tiFJw}+ zX()1B+6nl9PUnapP&!z+o#5aym_#eCcaN2|h83O|DuJ^9>B+G`UyAMYW7{OMd>O@)zj(FC85@_yHyay)p8BiE4Ui^XrRw z0|OeGnQbpNxs>U)AW#LrtEL1}eK@R-fJVav2p%NdOz`pX@%npra33y>Y=TVUCjcA& x8}bm;y>}d&MyQ`CCgvTEQQ9w*V=cI3fEp2+q^R8IQm~%y{{Ua?x5U*7;j(3C+HSB;J7Wi6|7a%xTcb6B-n440o6E$##M3w-p2Lv%CIa~`suAppU8 z_db47p51o7bcu$w;_Hgd!~_nI=gH?vJVbT=`w$ek5Bc*Q^(jd6u=T&En-9@+{+{{R zq4~c3d-j3bw~grUSw_mU6RbOGH#~8xfkz<2rHsrnRru?Dy+*~PXJj$Y$U2t)A;iDO z@gnT)qgFS(VEc40E8Zq{i^Twl2nZzGPVp!WHh*;d@%4WPbo@Y%Ua6=P9H)b7Iz7tZ zHta<{ZPYOobKUv6t*nLt0Q-lW|2f)lR|TJ6H`ZU>EyJn%3%CS0IY;k~+U&hR4p+Av z!0{Nd-ANnOsTt51yqJNI!HGGYv+wBGw>j|spBC<2%OF(HmhXmi#+}dKcO6(EoooGD zOyJWNe62~|P|<&fuqYa?(Anx0h|8GH84P*y_u&=yQxacrO$`S`QUBGeS8(}4{jRtw zrhR*J&NvnJm{5k8&#%SYX~m>R8{H+S*3!8lrB1d-vY?YAdDuY%LfNwDy#&-dRk=4` z-TC5m^lUNb40ppbIUh)R&ksE~`QLu-Er&-xYV8Qby*fT#QIQ;+n3(A43DjZ2P6-%x zZ;DbYz5N2jMv?*m9N8+~5!RBRZEF#!7P^FDi{dg;OLBUNAjQ(>8v!G`g3S6mI5 zPrP46iYV`HvDAVbXn9=i#BlNp2j;&|8>AuA(i2PAwY8>J4>TMuI;rvozt|p8x(vT< zTaJVX``bBnF783SenCSanr*j!JxMjz!k`Y?5#r79)lfE_vq#ua^7nbPQ8~GJ!(_ag zfFt@)P_@NDzm|o{Dei;c1M{Ku4OYre;?!b*S``|oh6Cc+C)PI_j_}u)K}#Ma9yD8* zu1MBcQ8d)x&CJq6K%p0LfkYD8h03P|Id&U~o z>nd0?HBPy}?bLeR!qZ9{^k3qy`^A3_sn^N9Zb;8t$fk{&;dbtWT$3!IWWht<4X-bV zj_r9@ZK_smdTHuJg5dim(pnCpGnX_&nav?Qa$JmF@*8fj2~g!bFo|5Vmu#gJp`9S+pbwz>a@9!H3wtG?}l{UM|$N7 z7($?~Su(B-Kz$}_~@KwiIP?=3R z&7DtWjqSP!FzKBhns??s;VO~bxJ&wXLUJ%V4J5M0WGxf}USreI+uJ)ZFfcc#UbC~c zMTm#TYB60>U;loJCpJXhy)l+rMw+d|_$4GMT|~axp!gD0eeUsE?i13^3nd!zw!Uux z1 zDNB_oG>1M2Z!b_t7zWb5JF)urmkugUqFcZ)0-)8 zTODLOm#(3q!|8^2g{l;&qN1X;wG}j3s6Z(c4C-^bRU5yA|>(Mu*Iv`hpDrIRHL@#7K2pBTKnjZI%U4BkEd|PUids0zIYRQ>90I*FX88>R6<2)&Y(WK#35Ia%#VBxnDv; z0`TDC;v$v9B0g*9;DFzDty4UPCb&!g?OX6qKa6eON3H7O4|GuN;o{hmF#_vmeB|AmPb(n2pz4~!y#ER zaX6*C9kN=emrJ~)S5;THUZ}4q=&Z_5`EV*QZ2adAn6PG7Lt=gg@epUy;Qrk;ng0ufxy>do8M^rHTU zvK2by_3vy!fkv4PAP}ilJO(nJe@QP9**_mM&be4P)0pVr@Ugw(hGN?s$==u3ULCPI zZ*b;y*$9uP28Pe^8^2APuByn)gC7h%VAv`>iHrgiI?uv&M~#wyVnlNT$L$tfA+TVP zY?)sAd0CCBa#`}Bg_QFh3-2D zdRXV0=a-p0aC{8*C9x*j-u6h)RO#<=h~&)RVP2Hs`KPXO^6XBaMJbX#Zx3LIAhwa-)^tiZ~qbG z`x6HC!#QOpuH^}hI3JyBKzWiIT>d@}8aH4u)T2-5jnI>1kMsck*IBZl3V(TNcLL0V zL8X8yd?H3A#Is-Wzgku@+<$&Nsi^1&0#H`+pX;R_?b}|%e+;1D3(55bl+svxcjgfZRZev&cGAOPbemF+V$= z;<}aKc*F>6P7hRtZlx5kG^hKQ2O%mo0%bQGY%MZnI*H$3THT$4g=IHDpoS5f1ve&I z{g|>;OfgR~uRSFkK*9?T`j>TH9lJu^ZLYEQo%E5yQAga-w9B&sj*iuPK@p$w(;6DW zK9)Y(QmXMk&4JO%F3Hfb9y6H*9{FPtVIr77PY8Iw-d4SvJ-W$7tK_~9AW|-)(gsEAjFq*17s^*(1 zOO?fmRgMe4$D~p{$0ET~<|>1q?%NxAq@BS}2KqUt{LfV#uX+#-xRDf+$SRe+uAhM6 zLuIbJl$#JiQ{Nb)?RQ_BTjyV>;ZQw~&Zrch%E_0VIMvr+zUZ5%_U#TpbBlA<6yWAk zj#xT}q!V2amMKMfx;iFo>!cQLi&%XTQP7Ug@9(m^gTc0(5#EK#6V7av6NCQZ=1W^XFYn?%Dw zvJf78H1=b?WggnHoPU_RjEKRK)w`L2%7LFYPLCNJGT`W*?@f<|H{C=~>#HdX3#WSD zqs8W}v}}(u0_`fL#NQw}c{*K{-rv#5fCP8MFltm*QR^$xU>Q%Y*gOgD-yWnbxSA01 zc_`-*0n7KyjJJ{~uM|2Lr$v_NY-OnZW!GBC06(YY&ua4Lp)8UCS#zqTi8|zx+%&$= zB?;RGXra7}&DzS1ot@sdn{ug+#k-FLZ5JFWV$WH=# zcEOE4!3EN^Ccs7_yiT1rVW=pv$ax}nJUXWZGsG&yrB2O4188nO5pb#=_GeLKWGp6B z2l5)aor^~X5pWN3o$thy?VN=N5x7!}aTLA0`j02$q%*!ndBf!D;zCSDc2?|)(m;Hu zgP-5^BH^crd5z;bf#krz3L9MB4C~21ha65YHtOB5$=cewsLRH?i!&<>i(zZ7WYIO( zyL-M4Ot~yGq+4~Zp;$iVP8+76QGMOHX!WRlvU~y(nd0&$0-?Chcy)Uo#d`)-xu3S0p89&+H{xtIO{8(brX88<(pHuPaVS-f@~H5}{)u+7Unx5OiM?YD zP$H=_^pN#%2u=dRM9E>Q#JyjWp~lOTY8Q8>KQVI!in$ptJQ1%$Ut1`-c#8fd8TaHzZ@0VC-GJs74dnBL{Mj;=H;K)(uINu`05VQ79i04WDisb?uZeQ z$n~Z<1_dQtI$Bn<&i{>wl|sHlQLzZhkwAI(ucFLBImG)6L%RI}2h>?82e!_9Dnv)g zcD)x{~`ao;ksPBo0>eq*n>NjlE#PuQA(8b4}lL5S(jkYi{Q|tDBp-rmvM+ zlr_Y}dP~%*`ajJ{<}8|S?Bsp)mI}Ya8P}$FT`A7L3YP2cg7tS`;nDQ$-XQ56bv{Z( zv2o#a1{vc6qVnxiD?a*1yrTh*W3G<$F~x?u-x-(AKa0wGQuhrFjz9(3*~wS#Pf^kJ z9hZ0CsaeeFQNPLB*WBi6uD0bPv+E8NA!Iu!^H5^(gZ05**Xe_thabn=1t{^>_p!oY zDOc>ev&`M5w`OOLVDZ>fKhY^DDB|PeLC*mIxi4W4WKoe;0yM%x&`2_vbs2AEqXBg$ z>2cx%IUefl>cXbro0*%N8yXtw?G=+dxwv4uaJ_d&$T8pL>kc!9jZki-%U2H6c-m8Y zmgVH;o=B#zGvL0B?apRcTgRGcbbmgzoor>wvj`h43idqMh3oF=+>xP9zT#=9?+aW_xsPl5GCrHt9uK1Zf489Dxv}DeOe3zEG)nx@z5B{G> zN$CbQB!%zFQy-q(oBY;qq;o-FL?__1AV(JG);RM(1&^AKbB2e#>0|z2yr-QMX)!ZP zqWsWtCip*AnRCRDh7_o90BEv!F393N`u_`?#u{t_kB6wF zT&bm8yTEw-Puyp~;c?rwizq#rN(TL6t+{S(=%AY-_aRGM$nvQ-m)!jDu#=2dYz+RI zfx&h-iF$PPm6=PFd)hbtb8U8;;a%+hklmd}=v}nyRo2vCa@7k`>!#^44^rf3$2a9b zbmns`xeIo_Fr7a-_nyz`r-JOW#i24Jq2cUo$j`@H*rbIPriyH_s&z*z0_G{G)sI4? zP(+3nE`J&QCeD0_*e*LcoXJjLHQ;yOSZQYISThI-RvDez@1v*~ zr3L6!=-xI`XZ@o<#wL!-OSL79W@jt+_wiv)_;N}yNp7yG%_zs;1ea3v98%%C4bMvF zS32>Flm{+%2Ld%tx^w7vs;0ySGW8P>6TO zW4xK11{ycnP&K)_KNS{!V?jTjJC2IXd7*G+%kBN`f1|zx)D>zol1G1^e$#NLxl*k7 z4{F&E>WT;`f_{*cl=dV=9&3MjmbdnoSZ%o55VGsPr}tvn(7gUQ52(hxq#k?x_q6}X z{~`wdVFl~&$Ue)wJpL=p_ukMx`=7nz|KHKwtMNF+73jTI-`=3WryXysiJIkhwEoWU znsMjYpS68cZb6yQ)m`!EFLm2Y04G@YmPIo4m^Aax|X;b;A#z=qm3Hg`C$LPn%;5VT>96tnM!Y{AVarGiM4v%h`5(4^7K!x*12>f9 zK`s5=OIgu6IWC{^t_Au3Gx|1fY&<{t92bpnh1)oJ1qE*;gWLLM9o)b2YZMOZ$tU1l zJ`8lE@}H^tP);wcy!I-5`syFjzF5(CGnLxh^yk-mg5SN3qW$pxAt5}7=+&Pv>fQ%4 zVHAZ>sCVf1|FXy7KW&g+&>x;6{|c`U_}f3^VnspBo^g&-WD@9q?d84WCyzZc_m9yu zHyZx-m@C=&_MQh>QEGGZe`$X2W!9zRML-QFduf3TNbbn62~4XUA+>IE`x-@$yzgg! zrRTY!d4ZRu$3Y&=9HpeAS$*m1W^Xk>Kn|-(1qvl>wD!2Pt$F-Uug{Y&?Oyb}dkVo! z7f&N4xKti5i1^9%K5hXvQ?8P9F~p!x`tEx=pW_ zZRNci>qRr+;9xB?D=M;H*1C~Tl<&$FNm1o*wa-?z_v@buW?VRV;&@);UzlhYI2Bb! zmd?a?VZK_Zg8If?60u>!BvbgXHB5%7C!Mb@y}^x&asM!tp_P{?(&63I+R-h|LmEWg z!&IFGxl?R6l1xQU?Pv|VuslA)t}stIyEweYZ=pY1`L;Y8yT{37Dak1eZo32@8WQDK zzp#CMGw-4Edzwfs&C^u?Qy#KI*274zNhNKJ;<)FA7q^}2s}uI%ET{e@NmsG~=j!#w zPqL*Z8wla$4zerG3b=)>O8k;Z7OSi8Nt1{0KzEUP1CPJI zg^mh1xPlN+qeI@8Jj1&%{rSRL+yfzoAs2oq>C9-BuzFPGI-L~sFj4v95ss%w3HS7X z&1Jm~LZ`6v%Q9NRE&Il9P4&#+U7IrnW|!j5FP8nAxnE6|xM5{fK%hSH>(;K7N>;;L z8k#jQJUE4F{Z8iy>nS;pB7NLx2wt$^)!||@@Lys2pr&tB*(_+Ql)3a}tt{2mxs$Mk z=3+br%^~lOZb7(5KH>2;kCJmQdWuHV32H_Ek!+4{$d23bEc;F(N zyu*a_Zr%XL)_Nn@>E##kGwH7MSrzy40(Q%!FXEgD>?uMnYJ9OHH<{-s0RLB1gPe##wW4F)OdZKoY zJWV%KhMv52Ke-t4R?~h%#v`6Fxrkdzt;)m4pN6ca!sN*PQuw^xubr~z3lp-=T)&IW z;&M5{?UFTr7IdWKw`Yb2*zD9+-K#hsNe0_jTW}+r9Zrso@d8*W5gg9lN6;lZbJBqD zM%f=MKfCsay3-Dw=g##XFbgE)ZIjlLK^%Uz1vEaDyUgwg<*(BUk%}|g-eD)LHyoOD zihBs^%w3vqGF+w1r)*t6AGCzYqzcxACc4cbTClbewufd(8Tx0f_6Z{noN`p0#v{5a zI!%I+5p{1a@32n4G3@aZ-aMoUDpGaYQDg8s#XBm=?@4ei;X}Smj8Sz;Z{3G35vJUg zFo!bJbT)5^)bf@Z+)OMn4Zr0gd@p(0W6=~QbtcOj)1Qe%Mm4NtvO#A<(b+ZM`l zdPbYBL{e=lHCZkf99mZDG>W=ev}AYTZgcR14Q&gYQs~vi=(A#j3**F3T8($tuEvXc z3|pKyv*jGeze2aoY68Hs@0KLsUD!T%w`M6GZ@OvUoM>CNRwo2y;The=9G!%8-8SL~ zc9+9Ogy~atT2~ac=U^YFtNgIMnzZfDWyz_-+y-2?4=wlQKDzdkR1C~nsBG1ZzXr;2 zz@8LGYBdm?9CvR%U=XP*DiEtB76+$hV$eDs*6r>z?0vLwn?7uU4gVqu7ZAAecce{e zY_j<5=-b#4GQVxi4lB=68*rVASGbScezoOq%pweGWZwIV6IqsdEnmayw%EA7 zD9nN;^x5+onX%mT{Px9H%11ptiwQUfQV-N3zB@p0q;3 zW=aKCdk>DwEs}W!HQrlprdk3&Qt$cV2h_3ABR|n&Y4JMPeOSEl!fm&{Ej^+O3Q=~L zwjY-~3oP+~x~qIqy&e(_G%lkQIMOeQkAZIbv}Es1QPiH9k4}*bTZDwXmrQ?sSh?Fz z@Rl}sXdePb*FvtL*xlUH;wtz7cCoj8a8RoL+Zeo|_BTR56`kLD!FJa8%#Q!fN+;_! zy--wRUxt+mGR=z0_Ouc2xl85uY859hTnYin^++3sAj`ah;`^SWr1PPyrV z7Ys0L=!6ne0s}qSG%;$Y85v_gOSOtUaaFbL)-i!|;;>sRG^uo9wW>@62Z<57UAu@x ze#A)^+ug8L!#1`?oSh4b(vIf&t`Bph)a|wXlBCTyw@zOpza@~)M@hR>-*=q|DapP! zscKKUOvKZ(%%;kehT|rD>Cnl(G&pa|JPKBy=OE}id?9dCRb=B zF=4qq*gjI7+%LQ`%~!V4%%>Q#T`YIBQy9XHeEIHhd}!tPeZq9Df()Oa`?0zIp|!GW zVYIpd^l<7yB%B;fD)pr30&WF0%-$P#R9E$D)MU&EA(zaBTg;SmRaX`Wt*sq52@=ar zY>E4Bv9DVy4a%7xoa0-YlkSSa^!oe)m52&kY~c$-rZiq!=j}e#!9GJ_Tb)9{@uK;b zD%bOv0!<*$*K1w*qB>YC+esxMU^h>iEQAE;SjEg7FMB9BOx=$;WB=KC|8z|H0zF50 zNbe9WzXvAMS&o+Z?rbVMD4~y4rZ~^@D8kqr1VZ!MBDbP121FHvbfmcAID1C)l!LzZ z56yFdvt&T+5(iB+#_58R`gB*wrGqj4__v4F%!E&>i`21GIL0!C!j8&52kLC|CKupm zYk2pbK8cImZ;6-AF&ndrwRo_o@68)Wuu`RCztBi>5I#wg8DX33#eDG%1kya6)iPnq zb8Cc78H-JnY_F*eF&}WN98alts?qZn2`UX-Z`1v2&f(DKm&~d!@p8Jp@kdAx0D_oO z-0Mo!J#_Pye%0+cw^J<7j$Mx5b?>{&dC1TfER`5xI|4=O9_) zu98ATOfwraY$h056BL5q@NTTo4J|#;@Uo0z7Bkda6iR=EN8yI5SG-JL&08R3=<@EfNKPU>9ckY*b8KKz7U+<6y%6#=gS-a-Slj{v zvU28aFd;J9D3jGUmq)-Zj@-D8I$mvQN=DXfHl#ch(Q>PCv2!>vXc(RJ)NdN4UgSc= zh=3fnkK5@8a4CqVY+*TU@<4qBX6t#1QyCdhr}$fP0YPUYuv4+{a6Z0Sjl*8nue&|L zz89YG-B017QU#7qPB!UHv!K`))h6AV*=)suGw_;s?>BDGbS#rBD4M=cWOxoF@H%fa z)>!1ZGJm(QTzt>tVl=M8Pqwn$O~;HuTd><`Ip%LYq0D{FgVMyBr$gkDDwL7Elaf|M~`d1baxh8w%Bx3=gM1OLK+D-2{2!pV2dTY}X?L1^7P8 zgsAq=M^XEE%!dd{8nw;OYcLYxN9E_!dSm}9a2b>T2%PE3M7Iu?8*xlDl8=&0sOpX?Gw00blz*a-Ky#m!H*ledXw@89goKkRx_HKF?5yxkqh zPEF6UY!s7}WI7L>q5`I8;BokQE3FLVQqycH7pSX+w_|Z<@5V9gnY^Yk0#w-M;{-~P zLaUGwHMsAqDERl576hpSs297XnXr=vdDpnM*IDKoo=g=#7Lx$Qre)cYcMN`~qRpLm zcP{y|3W}D|fDX@^bfa%4%QF_tRTtWF;Dgu6<1koudCVijUZc56iHS+*B;RI9svW53 zKSUno47!;#b(=%k)Hyu8*LMbl1e~vZzql@c$%`Hs&n0S<(aD_9lZ2;qHwRj;wt5;6*|zdT?b^2nRlRe9zd_!%x~NMb8n%HpS>ljkuL+RY#Llm*(YDZCy&lSwNvDob=0Dz>jfd zhswo~H~g92UrDi5O*OMJ5c4-Gvg;Vliglh^Ee7ir_+xRs)dNw~{k5%!uZu=r#q`J-YgE1BcsDaEU?NOm?Wi1+}LAzHwau=tW_Q5XzJ+`L_-iXPrt}(hJ zK@9i3`}067X)DQnrUtOHOfJSg zDnIMO8dIg>S}hCL&!45>7j24Uu-ooZ^_|5=WWi|UBSDJWo<>yy@OHe#RP(z_Ca|({v0N&N%ZdqzV78^G(V0FU| zTT2T7s0j8Il@*NN!b`Y;UxP!zwZvlsptj9k!?5_Yh@hZ1Tw1rv{@;2T%2#OV{Gj$UIXQAIK0%ug=6?+1f;jc(oS_p zsvCYDm|z!bwZ~6Ul2X~enE7=R|75R&{1K1DkLUnA5J<{@*wd=RNow|mIalv&xo-FM zvb~x5B1%l&?kHP*tTXTFhPJYombKQt<4_P-pbdf4Jk}w)whPX`n@QMVH_=nchL^UJ z8ha8Bo8z|_oCTT<#(Eu$F58*Z;T*U-jve!65qG5k++cFjL{Je|VfWBikvy*F+J4$C zmYQyLj|Dw|Aw(<{Pn@l3*_{sblvO7x_m^s#rmPw-%=7VI97{2KlMr{-9?Ug44vl8G z&%#@dv*l{9QPq}aTs9Z)6uM+Fta@e#NblIjmzEj=VLKdkl{Jz`2bJPG!Sos{N~VMH znf9!xj*&p%1e<*@JH09YGG|F@oa5efgn|(HwA*`A03cgO@@_TSx|Ed5eAYWbcVUTx zpMmXl3EP7G1}skN;6+nC_7B^QxZA)8ZQm0gL8tKN`(%1na!nNzgII=glCrupM!6$* z4mgpOHPrGV^p_tV%$6hMHD8G{M7mAT2|#MYAY+O7Cp_zb&qtCLW0Cb zyfT^`;!;07$X`BuGmn#qxfqXFQt>j?H!04OPOjc>eZOG6m=+w8rv33^X~~_|6g5c; zHLzS@U&1aU+`hu|l~uIhJJ(L0?Kyhdsp^OUo=VY(f_ zoTQ${Igyxx2Xt;n#QI{7TGLE9uYSh$vIFg`iXi3g7ygUIO`KD-S)((9d6Mm}_7noX zEX4*t!JZURg?p#uq3Zc5OEqU37oy;*>LREO)MBGRhLnh}dx#&uILyeOP%!XcOtv;m2OvN;wPXrdEMfqdEnjB(`HrlfQZ;O zp~i%$`a702(;j=5tnC4vV;})^`*p-&<*9X9M)bsKHiW~o-0Ngc0r2b51rN@?m7Q54 zG!7IIRJhaH;cY!|jxXq_?jkK>&a{=XJf>m?9dPaRh593%?n}&f*?YC4Jw)?e)A9Y# zwvqo{!j_7ILkSqQ;a-1)j)G+J-3RwGHmyS7lDKb#mroRagRv5nOON8qP(U+~{!Ags z)hHmA%e8wg z1uY-$5WPyTzs*k~n5@Lt33!x}xL$h)Kf5ZDD}wi(bN~#D$KtbPPgymY4;rE6awijc zLzg5fT5M-ZGjZ7(R}iM#$PVsbxx(9gDf@Ta9^z4#TRp88>0B?}2TOt_BV>wS$BHaB zxs39{J4Bf2Hg4JUVs?C*SW&14#{G{+80?Q*Ps+ac{6*7!Dqp(W>Q3Cu`HlQYh^)Ta z(_%g;S<3S841D_`IHQB8zs(u0`0w355Hvr-|93I`^A7+1zm}Gf&(5dY zNa%m|KX*sSvvua7K@>rX|Z*q2^ z*mV_<8P@rm$-O5055E|>ZcgGR^4~sMc0cD6pyLmn8fAM|V5nFp7fQ%k>ok2qUv!3h z4K06yoWELjjS;qyvEiE>(v!e%p8ms#m1N<^=z?K`Ci%*5)xBw0!#86&)Z~TK<%Q1I z=ZPXLwX8mm*sjb}AS{b53SL~;=s7T`j1hch9Vk#KG!9aB`_s-FtS~ilEHCU8vU-o<05ne=bUAQ(i%99HtHUF^C7qw$`04sPMN%$98o)O`hq|ivlkX2!3k| zt5t(GSn%;E-Ca>BGappkt)9KTuyVh$)Rybj`J2>v-NYGPDkcn zFeP8V`;t`Qpo-OkYXzY!_yw&cW3MZn_rcQO(k^DPHElW4%lWfubK`%Ql++l@OPDZG=K1TN>P_uO@HW=4IESm)Lj+!kIMYcpDlWi)=D@ z%s)~zIQAZsk8GfcUrptE7rNMjN5(>()2MR{%^ON?-6LGi+H7G4s(90+74}E67nrWU znsHSpO}3WB8MC2YtE&X5OV$bkbBV6C^yGaYlt1>lFxoXV)mp3V%eghUb8p#?_O1ayc)`Pw zJcg&j&T3<5G+$91YGuVDBJqc*aN6h5>i0cth^;(>d4ySID98z;x|L#{N8J$8!@A7g zMoxK+u+B7x>`$#{;75Yfc^n*8z8VS6E7N~Zu^XR<+IMXfwdh42Uf@_^ zjzo#xq+*iGjf5Gl}rs!ky*!L~`@g&)N?I^!Dcer$G zxqgxA?U|2^bhx7go=(4k>VS;V3J<7`d}vSqho4{v#by^55@i$UHp`AA&Pp$5V-9sP$#JPVmIBS1t)OIP;!raV8VGn%^)= zXCo#`tKab2-GzyJFNhlij}?s9dtz9G_LC-pJ06T^dB(<`(YTydle9}O`JqxdK{E*$ zMBw)@*3e0MwTl;{9eFb7a!wNPDhw`Wo%+l7bZm!aLJ@P@-!}db}rr~0odeQs&g1vWRI5vukx8}?lb2lQBvqn?vx|WjNyRjAB2rVd!Of- z{G|OmMRa(G;`><4FGOu--Zd*P6*p>`)B*7EzvAAsnsble8nFG%?#Jq&16h5JqLT_? zHpztNRYh6D&j1O@X~!FfHD^6{3$1!L&2$Ej91bR}dc$f&t!aA|Bcc|0>+h6#M1}CL zK83>QCbWUTQgwbWEzU{J)K$A|StP+rB^)7CZRy8P`D&5@8?x@fL1R@1vkgT)K?C)+ zyKsihpvS;yem>7Fac0plWl0s2m@IAOBk zkw>^GCI7@fEcPiw z$|F=S^7xyQLy6Z6ab*yQ{q@m+L5=+37X9Fdk1oq_2(WmggWjAC`}-Kii+!Hm%>Q{& zb3M?xqsYbi>>0pl5xMO~FBukJ)1+Z_fd)HQzjUs74ydpJqYLy?<0-NgGV2EoJY8tr z-6`Fv)Gbo(#$`Mlya3R+2b#HqN;PIxiWgjv9a%3xWPLaV-Q z#$??m361k+wh9y)WzITiUt}Lgxs4yd+E%cq#9_0PIU~|xQhZm+A3|*1mf(lu^lc@m_TO%7bV0j-ZLt^4iwgylk{DO5tGV# zexl-3P!xYAhk+K11cz6>zTGcuntj2dKBU#;Wr@!$mXV#$^irRWi9^W|Y4Z_{oS*zY zU|?rcLBpQAF-;}X0arEX3f zyshhreEioNT~Kny5jf&~AeC=UY4LjCam|;nyN>1-SZQLj)x1A(tLE9ED>k3;6u}xA zqR$fhTfO0oHANbscsh2{8A>&2j#F;au2)s-%%zE(cb!;jYnw6m>2UbJ|E=PRwNLNQ zmk?@My%yxt5L6$n8#$Nm0rPvDuDN!WdLz}@x@xwsjYJP~pGRK;ZNH9m(>y9k64-{O ziw+5%z9}u(ni&kjQpr*S;wio>EgX3k%*b2Kh4-vtoMGO1Nt|J$@7n*{mXk zf7WEtt=n(%t&KPguvR$zpx z*R{|}D(@>5oHF9stgpNI1xiix?Vj6*0`<=G-g{Dk(RU;Q@KHkm1{ab%rlU`P1WY>R zydTo>N>09E_YpH2jqX608Z3R=t}{p~Rf`k_uuqbnQ;sR?e9)Acd=;5EZ{0kg#4VEc z!pY&_XnS4Jf||NuX?99E;T1EN-QAJNQYENe9YrpNMx(0-TJx_EdlsynMhnZVu9r)r zIgvW(SICCD-4n#4LB4awCJUpM`u;NM`hTIcvVNd_uc4#a%T>8i!S3~O>=Q++pV zbj!;P$WD*B-C1cTuS%ye+~wGZ7)}Imj}2E1i*p0VX@Uv^myBbkTO7dH5LL3rL7t9w zC*v`Cbe7lOtK2P9dFDBaHCn#r@o~`b9Zv!v5+&I@O!fkU#B22kwjaWA~EJMap=-)sXvc@5OpNxSy6IcDINGw!XO^1hg{u_-+| zW38B}Ch>B~DsqacgU=rJ<}G^;2heWYY05}UBEA>ElZmY+a16GGc9+Gr4JzphOa)D1 zRQ%D?U`NdZLqSdMhof3kRFe#o?*Lek4U(LxN|OZA{3}o&%6+j~tg^3(b{r^9yi_|0 z?C#fr-txPT7&l|KoYN~dbU!}dyGpEZ@k#t1BxbmHQ1*b%~ig>VuYnYOukD&q^seh5Ad~kT?Y3X)L$?M2+ ze3?Dte5A&NpwGiDIY@1EuHzyqe%P~1lWJ^fGlocy$sg8f0bHI+o7aAjlrPLPVw;cP z*CZ!X?1kz3$Ek;FdS-~u5Zqxwt(QEn*#%DSP=CnbA$>*Jb28Gv#asCd6#o(!8q}g6 zSwvb>oSVy3lv|)=PEb=+Ypx_WH%?j_U({kE))~Zvr}3Tth#w+Y3GR#xh~K;LI3Me2 zSU%!jc3(?#Z@p?hy7H2h@<^I){2}S@!y`TKXsVQ(qb8I6FMHnU8MWsaclPKKx%u9lT@<8Dd6m_`L4X2}FSRq!~6`{9D!}}A)h+I%te~mJ@&hou=j??C9f~7m#J6J$2`dGcAPIG>f zo>_!wt?`!XP0bYpMESELvwC32kejmQ^h7!Qm2sD6vg4K2Wf1?r_?pj{dvkgw5vZj~ zZ}_x{Ni^JhirapCQYz2-Km@nwMWv~$sd}0n01)oJDbeq%b5|c*5VC_$g-gjpmR_tb zXNTTQ7?(6zgU#!7o4%m>rw&(}*&oZ}lYBejC8cA*+IF$B^dZ7LJj6(If$u@`#jQsd zI9rnom#pSi{qp%!?sFB{K#M&mYlS6s0E=VE*m`L|m)%gq?zr{!igGJ;3Dd#C?s*zg zX*(zP>`p&P`?u_0Lom5={eps+Pe;bU>DH6k&UIcBFqij9dlaCwnHD|89?Dv6nL)06 zC4<^9${kMR1T{>=T;E1#ro~S5nE!5H9Z_?TobA^QrZ`g3Y$2&N>T@^ndLNZyVez|% z56I_{r`iEVcjQ$f3OHe5UUgIF>w~Mh4z-9DaoDqPk(d+jaFOhdxC*5-5`o_j@yYAu zJN*8BkB|0mt$3T*b1$6bd^*RTpd#LZyo&qo`!$C=jA1f|1&S`4>Zs+EjGqK{&2I;kMTdh zg?$UwyMJu?nwr|oe$1487K`NhC)6h}>rF`38xjqpKV{C>5aQMUbLad2g+rZZB-iFC z$+&6bRnftE+`oC4@j;eBp~jkh6Kpe|TedT6{{PVS9zad4UAVC4ccR4xtAK34gwGJm1{^&b{-`-1%>Y zNj90;JMZ56-D|D)SHN&TJ1CJ978GS$>hmV+A7oug+{)m&<|P7)&Wa^Lw(8#$1l3jN&bAc8#(-Sl6trAY zm-{uvQ=?aT?|MEGIqCEHO4Hf zFl(CwZQBLoxi)+(Og8~K?M)NUB0v|58Krm>7jau-=jE^rrFwbY zDXcEhWTi{o&MLA(vzvSySTn-NF7saJZ*5+U$!fgpI`}@flT917v+hTQqrc1$=GS7VO}?O0VA@^H@~Jq_2OoNSp5GWmKAS}3u2DVnCRdv6|b zdv}P)F_A|K5x*X|w@>&tZZ}2R4U6H@$6@nZRiM1-pWqy z!bxf=Ay1}MpSU^U=@rt^oRD5V5$X%b6}G-Rusc(_dECQL>gzJFoJfUJZu@vLxMy9{ zs>Y|Lr||auN*lANoqHt2G#lvdQGdrvR;YE%Ag0Ti{A1(n*$(3vps^c7lU9GIhsrbL&z7TwEIWY+!Wo01;O3rGhn zTCYxg=L?>!R1&-Mc;|AdSyx%HegvT2n~;wt2sMuG@5ypYZu?XVu34eUtX0!emQt=1 zx|Z^XGH~-{(I$3WVP#cJgsoYr7de?K#@FI5*7U1UzU#Mej^9Hg4jWL8q_d_s4sW8NQOABiO~_)2)JcyNFJA&(AMZOpCN5*2(V^yJRj4CHYD1zp?$qOKp<`0HE4MF37V5qM@BAx6(Jb6=7H!udhgN zc^b1l%$mE!w`!o`YNOxyMZ=WA@zNgOYaYbDxsAMztDwxb=P4f~GCV!xxH3s%t@+OmFF9fQ!^tSwX^cLpu)&w51%c zwHW5S#Z9-t-jA{@^}ncILs#7~j>37>ibv-CGt|>y%`!`r18uA&`-$eHhkoYMorq#p zpeAP*eq9b~#cFt!4ek6$l)We3Ny@bLDY_Q96^!In30zQR=bI+nv=Nqt8T($StxN)-0K z`Mtdd561KUi47GDHCNxJgcqjfQLs-@qW-H!BFkYrV-+sDi!oKay%Pbvs>q$!gOGhb zL{jaagITGAeikmZytQZJpq4893-X1#TX9EruidUOG9L6HK=MTAsx1wC+h)6YpT!jB zz0tknxtyv(p`*JCMo{}z0mMGL!dG~TuR2(GxxhuSL2D&=dsD32MR?V4+Q3Wo2wL$? zxi@vM`&)7A{uduIRIxpJQ+Ld0(3(Pp`~Pt97xCKK9=nDgdF$VSF@D|s-ulU11hBv` z$iJ&jJDUZNi}CkaT__Qxx1v$*O!FqT2Z=bLLdN(Q4w_h2^?lN?$Dc=m+yaLX4IYk z;m@tT@A9XKz+Pifs%a|kB$}DHWRuvR$<+|z_h{tO?8MUpF6~ad2hZ4-J!yH?^fgw4 z`hfN&e#WrFX|EFNsgt3@jbk349o^ZYe$^?RAy;^0vIx=gdoS)DA(`&J%H(;4JklpC zzfwyauU+|@B|^I2nfg&$_{v8gw3U>g5f0&H8ax~gNxRh6o!UAb6Qjcv+^@da<6%*^ z`xnh$d001jy+y?s0Y^qwG>WvXVzoz{g`(=o$0@>Ab)ABLPuphi@Mcy~Mz~}D4l#~n zxM~&<=4HjKfNnhRBJHAw%7hyMVljYlkQICfIe~ADKcrkWMUpt5YGegnhk|AjZt8IaCJc9s>1{q;T~6 zM!`GVC2PuGOlSb9_`uwh2Gi! z2}6z!sdT*5i1B%y=iJZ12UQKf@n`}^s#i>^#--kuUU$@dkvKmbX-L0YgDdQ?pqKUA z{^I=f%(kr0fm}AFC8|3F1fI=|OJ(UlipWgNwq0kOVPmO;OqlKg{G@3N75Z2n4Y~1D z0YHM^@+&3zmjVD6Tc7uqF%8T;%(^!dgbuCH^EA6z5}qEQC|>r_@wr4qKR9$`{hQj4 zf{+7M?1tu$ojY(cTt{D+$U5T11#KViMa*q}=n!Q>7~dhC{>i&kQxM`x9!ujtX)Vqp zYg^nmB1~x0&fs3bt4%0#^+}zE+Tm>l(=t`08MD^@722H4Zq#cul68&1ga{ou3^t$q z*48_;W%-aR#6TYvtA;yg`}c%-dGGquo6V{GDyM|Z3U~Y=)*7_yV8@-Yg7ywV2Dw_j z$%HD69?tvqgY(9ds|;FyY$h?DKP8n;Gr}Unoh;drh!n9<{rT~R52RV&iCja*sWv)} zt=g3r-2z2{ppj7fFc?_8@I&o~5?iAYl;IgwSfhh^(n|yijdaQ!k7iq_UaCU0BzVUt z;2I3z)`Q<^OxLUoDH6()A7Hm+9+TzqwWuIGHN_d1pIefV6Bh%pUBZ<<|D;hQS{Su8 zl8$8Irw+JRcOdky`06<(w6ML?)k6$wb6oCnmvnY>W<2S~L(E$ai# zC`hVgs*m#<9s2PCaw|j(yQHa)GX-2Ufj}q>;ppkD!c>*J2%0*GH@3UZ0Q~#bZ|B;5 z6tz+^TTfU#uaV4fJqW2mlu5=+*$ghZUlXv#q=g)I+#ynu4^YRq%wcbXgZKe}NM8AS z29YwGCa!(ETKEZ{dK5UXruVh7KBJ`(oa!(lyd0U0GmTRL?)zVJ8WZX7KQc5lQ~~Pe zVpnWXgj*7r>B@_y`f~R^B61WRwVX=pKV&_1PQ0I$9#34%rLDi#4ous43k!p?wC_=t z4mbu=nl^&Py@}X-$(a80S>Z;N;sn~=Yi(~=LeUmALX$A%kl~s$H7#v*T$}1`#Z;-5 zIwkB#tCAt}q8QQM(Wn(C1Q0VdjC@!>ZWY~-wPvsjUJ%x(l{=1cG}IJ&eVg{DE{6&X zvY4)2|8XFW<-9ujZZgp=oHpaU{1yCnf)ZfCUJFuf$n-2#F9%+u#2bmiZf<*-_Sa5_ zdv>?d1fb!$CSS@Hf`k26j&Jy?zfyD!(p;#QFeVl`_w@7#C;cHs)ci@iZmO_OenUw% zhLMHV{E;IGwJk@QN!zzgfi6WR{O#l4iv6|SrU8smgq*yCAC^XpvI;+D zM7cG)RuxKBbt0PIu_UPzs4n#-ux!f75F1q~uz}oYB3a(yz&T zdR4o!1t!DsIa^!Oel>Ck`umz6%N5>rBII^P=Fh@5FDi=86dsRj{Zke6b3s zOHtuz=`*7xd6$u5nkJ}XUNtF4PpDK_i!&2;DY;92_+9$vWt;CqH|F$&)y?nIPTkM* zA&0M^)z&1^`=D2G84;e}ruYn5S=)C^($(zkWimvtRG()EgYoiAs%OhFA2iD?h8Ac{ zH3nANI=iJY-7LDfZZZ6fX~fG)w%=}RVIC3;ajL`J$(#HBX(kE^*_4Z2icIH%%x)ve zV=$$3+D`V)%f{&UbXWcX8QV9mT$=t(v@%#NnQn`^{h_b7hs>DBq|jPULu|-*7O2jMd_# z*g5$?m4ugm;M$`6Cu;&rlO--5(G=Bexh40j*vXi&HyWZe6*Tp995lRu=8*S~M)SjJ zh2P>(!x{9h9U({waZ_fH?a23DGNNGFlIQLoNPEbN1~uzwYwM~Q8dfE671;HMS_FQE zMy}}7g2JHBVsR?pM?Ox(``_?|7O#3T+APmyPG)JU0DIJBS>w=Nr?$~~=Fj&UGxCAf zN)5#39l^mX&d~6cge}YKvgEHHGZH^3Q0bkb8XAgqJ9G#Y-hx@)f{$pTP^IcAf?(pS zXRT-^G*l-F6}WTS`)atuT{g;;pBpphFQUpD6Kwi--#VrFCnnWcXhJh>d{#>P+; zK2Rld(-+_pWV?SL|D1u2z&X3laGT^h#Mx|^0Dn;QXpn5YmH6c)~ zuBS>XbbRL1Qw-HslPoKfASJ!X?sHa`pk#M={^|JD&GDoY_vd3aF&o#z)CK6Z+C?<8 zr51;!B|P#?QFtfP_Xoi-hMgTwvc@xlxuZC?(?I-FV$Kc5L;+%q+wRyX-rO}xmc<`t zHvVH<_FAFm>cdS9N^}WPnvE;3_P%a`7UBDWfmq<_MXDulY*|^#j~a?^)3Y?_<7pL; zOHhtHTg_dC=S8XGUxen}a>R0;ykipN*o2p7ee*1VmSlOinN7Dz^t;n`<0!|n%7P~?Jd)1MrjO2w3mkG!E~l}d4z$j_XwOni3IHmPjBQyNJY4HXBer! zr$o=!@@RElz9n&=7uS}B4(VaK8P(w|OWOIXuni=Dnv!J_1f=IK3d(0)9z$!0Rh5^E zxTFyn&Ca!TDSmDEn4?fmF-dn4x^1B-m^`DQ{I|`Hj-At;?k>L`aFKfC2A5`~r7+N+ zAL}y3sNMxc=DzArNUwNlpS0fRq~o-XgTH(CF0>$kJ(g462p!}rFE8H`xg5217%^2O z43&B*az5|o&6|6Z+~B_teL8V#>Oyns>djn{=}M9Lbi(HN-`}5$j-B<${H@ufxMG<^ ztp9A*1B1f8@Bd;Rszx@mzOB%Et+?K_=KN~~`?B@F>-cm3$GMFM|5*h0RoHc0kJ|q7 z2lurrN?f)kS5F0@Mpv9Bi{IJ&LxmNU`Q7?fJ*_H&on^KJ;Q0^o765)w@C$=GcPnC9 zd>aW>3|Rf5-4{wOJa{cbt-^P^(nX%hy0w+*^Z5vo_St`dr*F?b+Z3MwHGdByK2$=$ z-LxNLb!sywlq zVnWpA>N2d^$Qz`%&@aZvTUNbqzZ3SWzVZ1^C!s6nEa3i$U*}d;)}+g9lMVF>D-p*f zpQ~0)Gyb{c=gwuvKe^D9;In&loC^jQh?@;2d%Pg*B0TU#IM;=g_}>I;l#(n&!anjW zOs@=PPapj&3=~k$B(jYqT&F{sHzm}53J=GjA5-QoomrjW!NVtXplSescRH!juH{Ld z4*)Qp;7is#^X-_GD0G*D*L}gV`kd)>Y9y* zTAph2D^VAb0QRELm`nx_<=vU1K1$62N1%&Jbs4w`SM*e;DC&OAftqO6gj^u@YYox` z8REEg+?6AoGd#$%4t6#p)@UWN?7udtJ$4Kp@=BKx#V^7nXZ6*}Cp|D&g*nEKqG})KA)oq{ z_kxG=#%S?3lu>DjU`qY%AaN^Zx3oU)+IpF@JWtHW$?yo&O)9CBI?r$n8HK4XjhcfN zLRAEH+Sa_0r6xgWDgW6ClH>mErdgM=KTUwGtr+~~*spq?n4>kP=YqsheZ-t0_`T^Zf`%w9o*L+#7g zVn!lN4550nU45MK4W*kSWK`|NiHio_{kP^}?d`45v6#s4xe;o&ilV#DmaIef!A4A_ zle%Gv-rNE%%fCuykT6=$GYL0)q^km~)}~WB@;YemHJ3g;>7I)q8X*5h@@-8^p!mg2 zbHHx>yUZX+$F9^NH^LmX0o!Rg@p0cGruyRl&Eo~wFiCGG?QhQ)^@N;KKCqK>#+ryt zv_;&;JI*_c9MZdp1rKiUsZRsVPZ}Cx72;{=%?h_j*H_-@=tkpevqS-&N(azSEi4QW z+FJq@2%;^(iKY_o%lbCP8pd2XQFNA`a{Tibz2X`_EfsWnZQj z9sa6&n2FAPIO1x-vou-}9u`V;h#XTspxhw~YFUXFu0BmeP?vUQGMcp5nR@%)Nb!6~ zH)v!JIejPazX0_m4h6(EMrGqvwI;8dcjrb$T_2;8b*yzbs7u?uZRS#lR5qqxcC|U` z+x9yI)y&C6^JR+}-jCRrCbbEt_HA)4pJzAFQDpm1;wcx?umn4xrz}TrGOf(LG#)}7 zHwVtUg!Wo`-Ip@fxVZ1{uN~wuI@nyIp(^FogUV^p*Kph=pVDN0 zg1R%g`&NMoec6%40}UElYBw3R;&&1In=^^=lWS$AX=Jqu>K-pzx3{e+Jj?YZSr_y{ zJak7Owzs{9a|&6QflkXs?u8U+(QT$BvIYMO?}|qLxYU%u#pNZg;t%d9gUMbgp`Mgk z7WtMGJ=J#XONF&_9p&P~AZC8YUYqaEXC#Lh%(gBoDqCg99@ac+n3!nC$ctAmMf2R{ zVCqN1P9`8RYt%6t5{dP-YWmp==F(teTC-m*i7hXEAl?W4TQT@bruoiD zTWf2z2LXIWrI1NP4?>e-n&>$N#s+5v{ndz_&Y+ebYC#Jf2Iubo(a^}+DzSPw;NVQ_ zkEZ7N=kf}L>4_TapBU?vMEKyuMYA7B{7HUhZpW8X(&x9kzRC>R-65rgKx<6KSoGG$ zk3%cwX)|VuCy?Txk>xW1#Hm-xhiA=C5T zo%IS@9uk(r2L^+YuJ}F^+AXi4bu*a`I`=2zR186tp3Eaa?%I`Af>9<`3U_*nOP)u> zHMPooS+)~+tI0o0AibUjj}E=$DSwK2N0Bp%7In@*^~I`cM6E{phFV`D9b-ihZ@vJqgtVhJ*2Ipu092FV zXr;}jc_V6f?(B+#@A7i(;nj^jjWWd4Ui|v!00++B5LC>nHN^XTK)90dfoZ0uw;-)z zDg5K7PZ7_?D(&fDI~GHuW9HeGM>`7_Gk9^ehQNj67*$@a^m_mv^)G+M6Tsx&a`tmT zpb+QA+!>d|LKwSXa8T;ycOD`>!{@dwG!(_iAH*i+1Q<>aI^vPHnHb||?>@og)DQ0& z){Op?JBsza^P{r}j|Pil@b-}#$*}Wg%mTz> zHLuBSeQq*f^u1@6YfwWHd?@IsVSCtBwHmgyy0%5|`kAhgb~j{K+32^Ku^}c`c^4oj zW$VfZmK-e_a$l+AdcqORavhXs>Px6BD_cBoy^1+9i538qppE&iel*FVIgXP&4@$8V*m;sfkeU>)&+!1>HL$)R89r1=cz=E{h%vtUr`F8|EXmXV zV7p{6ceyU-2@%Fd7lf9z2_mY3?Jc@5G|6p~=f&7)Ct$@K|8d(|d7Wj!yd8_S-Sj)p zx`9p;0W`>ySwptfUj`cEuVN?YO~HUa9$ zhwO$uMqEtx7M>?8pk;%r1a=|Bg%@_Q!dqwmIY{kQ!}nI)4;&}3d>n$;Z^g7)Mx|uq z0@2EDP7dROfJm)HE4xcL(LzSX=k=A&yAxUhDZak&7ZhY13s)WNCgXDpQY=h=CTwr1 zkuZvgcCCkQc2Iq__?*eAM*N!+0cz?&M?HlF8g+hVV0m9WA6VO-?50jj$xn?-6zN30 zt>l_UPJk5bU+Oz9J5=?p-t*PRRBD5BHo5{h3aMkX)FR=IyuL(E!PvIN`U@aW z!11oNgwoo`gK}FoV;MyHW*A&4;|syiu`7cAae*bOw2p=&vqP3r1})dgb*P45{Ho+@ z6(?0pGT2uAg)<({C&GsP7Fq=3FfQ!pC~%_8=2?lxhxi=F@eQf$QbH2^R;r*PkM(~H z=`qBXnL$6g;*$nXPRUWxDe`-te?C#${{8Ouh3vQKH@p?aQ&uuPn&wDaD?_eZ&b8UY zti7BDl)f$oRP>~mHFHJzvj_>;wB1O`H3tTdQpNI_4?5tc?Ddvv9DJ`7*-bVU!#4O) zT_~Xk67mf$D!`#ww^4h7?~l?eS?X$3CBK>X`f*ZX4AC*50mrIoVgLD#Z+X;4cw}xT zeF(RwMS--0JZbWq_v%MWO2mvE%+tP^xB!I+HOm8vS|)mm^gxOWWi3&)(o`MlJGbwPex~B z+|wu|EKOOM+mg?oTpj0lsVHLQE;sjtDY-$&>s6~R`zN~G;NYsh z)*L)MQ>r+P^1-A{e12>s^#clF$St|Po<EqU=n{5=Y`8b0Fvxe@zuR;Bk9!F%OI9Iu?9BGp1jPjM!;or=gU= zv(XH&c8cOAr2^9CfGfxv^{R8~(ADQ_;!fQrEz|~yT-Fg?K_|l6_CMEi$4(gTXQ{YC zEETB2g#BRtrBeka(US0iL^1V}hR4i%oOes6Clnf=5MhS0Uz{eyF1`kcY<>Io)!tG%9nvEhPy98>Q+jb z-eA+}eMg`Sa@S25O}{OFbj~3iq7J$Tw9&~HJ?wOueqMydW<~;nS_5gzut-z#j~pqr zZZq&d7)diRq|M*loj@WAxknIkv|S@l`(r#zLpxM!SpH%AZW+dmLxR`MgF4&uPJ*MfB*ojP>dMJ0s~7FI-f^xFnVjIY zeM=C04v=etBOdI)us!)hVF;121N}#}vFgXA>6V z7*cy;k@B5+PZ3c_px8_&n_%vk8`1Ab-;B?u47au3b0b&t@CjLw4<~fto6OFJ-GE%& z=QdcsKifi5z2bJxgKI1Df`8fV(7HYZ*M#_;7`zG+6lG+r8t3jm-Vjz($p_`#$XbKc zygHs$x>>plA~woY=ox)*(X*|z%3(kIYcSudSEe0V0dDR8^qU^Sn3*X@;pv>o}Gcvw!fTyyCFAfHA893EM6ogN)^wEe7QQvm1E4zCr#A}?FE{r^zbT7D%+xkt)rGX|mcXdnj z`T%3&PfY>CuC1ZpPPuuR8?=tA3+!+Q&THT5DXbqO!dE=3(aBI$)0{BIkS*!NM|To{ zST$H5?pBM*tlDYa^f8x#q%8Ot7C}nI9+|R!XXoIcp+XIgik+g_PocDz$wm5X#Q^_x z=RBpI)pXyD;vGIJ(X+tBBvp_Ngb6n>ON}ZH0)6j*ep%pnbgn;{wu_TGM#;XbW}eu~ z{Se!#3{&+7b&q_@K}`Dd_mu)aT~%>kZ+lD{FzucEq1h={67i{^KHLf$K@D1vvh2cE zJZ9#7HL@}!nOu7m9YEg`L+_xKy`f=x!%_%vIc%QkX zF9e#oWM(X2*)+(@G;P1ge)A@y6t94|D)-*ECJ%~{eHTYFFx0UrVCTkhD{*&iRmLK_6s00^En_#TLO@7W>tn=|}zRhXKNm2~Mu z>BFpu4>}XNdzg(`yEH?(M&Kj`{ z{&%IEmDcXR3P7(Q@vNNRqc%GG0L>cOcGeY-yNxTQ815%AcP9(1yO;Qa?MzobT~8?k zs%~&G7uQ#YEUX|;v<2Vy=O|W!)h8-1sJXb{q=Y{6?0tPeT32=j_Eu+E3o9jv<>ga% z;$UG+KBY>JZ=TzZD^7EU>&;=G4-?)r98pRM5{@^t#>Cv38;6zbYO|aEteHnqr8aYB z&O_VLrKkuMc!hkweKuA^4QORCK4>L`meaCAFZU#A*aU;u^yLC(>k1esm!&ps-#C@F zw@sOvHwPNdFU=MLx#fNCxPq^st(e=UTk?u=P1w?wWr^&aIa-BHi-UA0_Q5t$Ls<#( z^NV7e@{!`kk2JJ0XuQsV>T#C>ANYJ9JBS^FHj}jJX#n86C}~dAo5k1Lh0a=YxVWqx zV~aAEnME7y%2YNp(h?bw#Xzd`9291lw_@0QYN7W^D zrcRMM@B8)jNuPwz%*%SeSsrngbWyh*YGDp6CgF5$Rc`pT1d{u+7>-@t8FG5A#8j?x zH?57-C41^`WnPZxYE0{a50q!9^ZVm_c76naOGqSb@@Wc(!#l<4%MXNC_MR`L;1VbW z$99LTY`d$MuN!~gi_{32aelF3c1X0Wn3`0|q8VP@mOD!$hfhzm6Wbg0%v}FN$N4_B zg7Tm9$gcO1$B6bZMFDVTmJ6}Wf&x}=c3q}N%c;(FU`mje*Al#*1_Zovc3xdr_~Os3 z0I5`tOAADkv8kNGVZ^$eoz0E;+r}5}ubB7-I+g!Oyd~vAYsOe4o;-ncU0z<6p|vt> zgq?eI$Wu5s@M@#SpWe?hL}@;DFfzhOkl%A~khGP~XQ{x-hDb?}%}`8_AZ4646FPfi zQRH8S#zQl21iqY5$^4z&xyJ&+n)AWvT@@0=E(3{`?ZkdoF1n%pl; zT*7bN6NoMA`}DBq9c!9t^VbV@PaC4sChDhS9pD^6^7+8qlSj+nGY;Lls!c{{=u)gT z>9oO^^rgv7Au+bh@$hOJZhE{9rwKv+|R{~?_r-RIE!iOoxIV41A~OL1ZWHp zMUY@>*_gQhTIdZ#O7!U-8J(8+2ZtVw6`al#Omg41oI-mqd%Qvz%@`I%5Hlzl!e;?p z9B3kDqLn|0l<Rv-ABfp9bx*9OWG#F*{VLZx@7a=*9uX8%E3l}9wQ2FMBh9!5D$ocbu5 z+{3w}Ux_q7kfz)gW*V$R%LeL=eikLmSUOu3KCT`2GmDU()N3sq3(Jv|mtS6{X_UE0 zBi-*>x11FHB`YgS>m+O^8~j^8%EG!iBcSnM@#ALiC3oid4u!I-31<~%5BX>q&YPJ> z?YlIzX^)MDC+GId%Fr?c%2`-{!ulQn2<&+u+DF|UcdU}bWtmkExw>V!aY>D|elGM0 z3v_)o{!vz0>(=R`^_8jeU=0p9z(rU23_t)WuPt+2afoGJyMA;SRi@2Ok!5THd@c0; znX9vGg-t3Qa$alow6u@}T*x$*>dRs&9n_?S*S$TSJ4Rbl*6YLk1CPb{Po_yQVO|}J zx`2I;D=gYc=KEgaw;mnj)6f(eKf_P>HcD{0B5+_I2M^lM5ZnE+{YjBSsJv{TF$zIr zJ8b26H=vOE|beDBlY;CgQ1tgpW^M$$0>bA|tUU@ehiJZ)I7Xc1Ieo(m2n#~GP>3KH=WMyzvb6ZS}C7K zP&%|=>6>)YlO{l>Fnl{W&}X1^5bml`!p@mKwiG=qybaZ#9}1)*x>)CzOH<3Grib7T zMXP(N{-Q97Bc%CECB^um%aiR&&+oZTy>3~JE(e*?FJF?@V%a*gpMRoxEvL*0$fW=L zXC4AQ$K2>5t?!LeF6O~!YqghkeTg&JGZ}t2YvL=DiwfrxmAQ+0Rq_U3iN1QlMEj&M zKkttXN81b0N_!UFub#ctE<*XN>b0jh(*Q90?qsY>ng^$jmZqjA4dE2OczkklQf7^r z?(6G&!*lKkQLuG#uY7&{MB@i*({4zc5e*G`8?w^Z3oaP+86G4{?|VZMM4#q3`UHwf z`~quI-W$P$&1+r*fgi)`P$+Mswqbim$67GugiA3f{O9gs_w(T2W+Dc(&Yu(K;mnrb zFh;u13vA&A$xT#hzMkKstfBUV!>g9l-7&^z1mMiIMj`P&cxXYhzOADpX~F};mi+rU zuK$3rkAV9Oa|!xCWHc$8-4j>FZL^Vt9A%pqi%+K9=8vEL0%&Q;S1OO@zcgaRv7Bq?5fbVt|5aNX@R-H|<6u#|@lG^)GO>y0pE0~;Wu+0# ze{KJNSLOk~d5k-38K6LTzsF#%Heqc3=tTT-ERnE-Km5Gj37t(pi%#=Eta2w!$vO9g z($s}ZT5HTf`IwB4$S-_<-;L*)Tsy>@uK#{~v^@EBM$J#JG9S^nMutG$T^8u`!ND;GCc(JSDT0eW!uHBuK8FnoCv1%r z6;}bykAQa#Fp5>$CqAHp_x9VTHo?Caf!69yJ~#)9hwTdBe3i1X67D!PjV-iXAhh3_ z!b{YAp+Y-cI}NCXug||qVgW6-ZV`+SvH^-TiX3dTA-LAqHCYfEfnu+uEOX;H(ODvZ zNVIj>vv_T!_#_q{hwJQ8|Z&i^mp}&X-Pv6F?7a(7{|F$rgu=2o}b{Ajx8`(}N?Wlp6+&o0KVk zUg=Wv*Tg~;H2l6Fmg7R}20LrE0FPI?gzzwRSPW5chJJOjJ6wy^`%Oz8J=D718hNu} z*CU#J#(Otx^@H~0mm7vw>j$$YVX`e4#pDWa!=_f1yS8sC5OCUb=Gm2agZ=xq3cm^iCKA-0E+Q=l~`#DRvTAP=OK%I8xlyuS0Cn@Z@7J14j z|M>`BqE62A{nOJVLDrV1aUZQ>Knb0nemw^>7xY$|Wf&~ydi67!OgH!35N3$DZ^^X<77_;#g$!3^x7K_F6fZVS`zFzu`br138`9=g~e+DdX!ekZTZ z_AW|AaZWO4>1dNb=if9Zt%pfNS<($U_M6{-zW2dps!e|xE{EN%QScVmN!prQ-AnfP zRRcOq%OiUw)#2oyT&wJ&HXOPEWv zNaY9~Uq^yMSX8nEYPk=vAN{Rirr!(dvf!ZS{poID(HkcF+vAwKJ^=nZ>qa?tvH%3&AU*=JB_DWTB;;h0y z$5SiI?N&3TEq7s{3r-bm_)|iohPr_cjaktueb> zoS57CL+gdnN;LuRd}h9Wmq3lL2v~D8h~)4WR4SKBjM7nEPGuCip|i11U2^VVeJ1kZSVVs36V z$F<8Fy+3Nt*c4u>YUx^C%K_UAe;4Ao#t8rn!LX2BVEcU5a#<7cq-`h7*n!S0Q_Ow1 zZ4=p}5;-!EQRGM2lK7xlT@crXnLft&C}>LUK_?#pubDp!szX125f@gHOcl-vG<3h8 zTkZep%UDi!9`R zcnbGL-^!w-pvUp76X-G@Siy*g(RBch11+k?>13|cir z7Ua~;Wm!%i!7MT-P+l$`(-63-qCE@qavqwNx%4zYTuu@4*;tCSMrTHszRXe3W1X0C zaWj1c{;eoXt#^qaB*&V8dBnI}yD?!TWnpOnlUh{_RC^?#7SjGfnfJgITWr(PfLyEL zL>@oBr~_oX6jn!Xj`DZGh;W9z4zVbH*0S~TlfmQRjAxS0qKv}mByyI=v|$@GwTkvt z{?&0#i_&{;V{iYfh;Z)f_2BN(Y0~#wl4mxbz4~KOUH~e#q?c8({d$SefK^ofGK;9@ zt$^*NO>>C#soiVe^Qt|3w^PxNSLTDshXk2^IJb#zkBio&r5m|_SSD|bLUy~-#*8lU z38C-s0ow8mpYmDxXMhfOs=f+lkjvwB&3G&>7^+fEls`-kUyJMWrnkm;FH@)H?jWpP^iT-$PCv5XbTOA7gK)O_yT7aL=QOKr$4)tQstl{Howa+99I z1X8hPB9*?7=hcVk&xX8VpMZ_Y-nJQ`XnCVy9;3fL^C$$fXBE!)W|{4~Tj~mK+jFu9 z7$*P8Xt#!~y1;QG^Jo0&Ngp~v7gkhV%_{LbD6EhoZ!}1s!qzf=SH_CI0ph;C5zna* zV{K`Q!^6mt@@XCpr@O1mH93A+O+f}AZ^kPz0=28_oA>_$%-P0LcYX%rHt1t%^bLhj zAvRav08+1o(&l8c9lbLA_SArC7$Y01CgTCys8EY!484&u?S0-r;obnU;}Y z89w+C);0V9)4^1 zFb{=DtMQD2DyDfiFf*#-({JC0K^WsMxM-KmyEpiwAEg5YJao&lVgVaYChUj zH@f13B1Ce72Vc3(GZr~BoO7W-9`BRPRDD@fNRusTO{?G!T*G^}wbkXc5W1>dwzB4m z+{90B#>+0m_*|9QTkShsRm(2i^)0;$M+8+n^zhQOTlIT|KW0k4o*!r-5rl-^q1ecA zJMNEi$EQlG9S=Vx4YvGUL;JV&1pw^q#_RP_J5R-MitTiplonFV^p||$_bJna+C`t# zFL!NkS;23tajfK9knK8>Zm}Vp_116QI^Dac7l9w34rwLgPP0ny=@lp`fbWz#g?1H9 zPAfoNYjdb|TuCLobM{wiYmS7jxk%;b`93!3PW8DpeaEMyzlL0*o;!KO(NWf3LTeQj zHch}c?Cz(E#HJ!N-D*cNjSty02x=7c?4tzd2ZS%1)oIl8){ADjsC=uVH8$-ysIdV1ev0 zuWhaWuCg+c*66y57%mDl*1#e?J;u7Rx-afI*$c^?`t|LM7WxWagohleYXkK04wNPC ztbyssZ|`NBqHUs%Q4T_>N;NyXnjloVWrI;AjtOtyBM%?tw-yfuCgxc41DB*4Vkrgu zIt|fQc{wCuOGR((jnU)&aK_i6Q21Ip1ERr)wnGal>9>&#Uu0Q;Ga4bhspNmhtbB?o6>J}UhcfF zfB(cJS-9@o_XpRzD}k*v_q;%vb*A}cW?1&W6588_J0v~`BwgMZg?`kX960#Kw6*Q^ z+8Ce1cyF6lwaAf?G$(_8Z=-+=)9`+K!j`*7VGkFB{{O?*TR^q7ZEc{mlv1n|FJ6Kc zE$-0bPH_*#9SRf+R%mf6?ohmF@L<8+-Q5Dg-QnfjbIVxIWFCJtN)pF)%UE-2+Qs%;U3d_x zcTTZ4?9s3f;8}+jLL>i_@Z_ZNIG|DF!1ONLGsGIe@g{z^I`LnA8bXyEb+SlOMP)w1 zj5za#adXh&Y+K5rXwp<0y5hhDN_rA!52(xyN-dACYCHVWwZ#xm2Y2B$(c{Mmau1E@ zw`2(tV%SB>MEjpf-^)7bzcM(-D;;M|3UuvVI|v|iu-%a<=kMpU>VTrCNA0*+(_ z>Wt1#PR1rCw74Ph@$nLX_bk2=N8ZdwQwIq3P=2caHrVyZDjzE~^{pYsjsJRi?j3Z7>y%X_8&R)s-J3Fz@(*|F@y zHA+|NWoK%!=55$sUNfEuWg?vXm>2}h&mY48zo)XKqM|~EMow0i3V??f+m5F+=9$^M z&`6FX62LUZ*z!u_3vOc4P~n-)_$%$oDGM9DsslzeX!@^f@2Rh2Jl6_{Ki{$6q&huW zw&oJaYSj?oYs@uBfZWA)}S9%XZ^BP?EL?(M3Idp>K` zlA?>HrJ;FCO1gn}x`1HvA;i;X=jL|da6+!^E0G%9zw9XcHM4lSQ2#8%`T#|8s)|6t zE_cJokNC>){ipb%sp>&ZXXp? z!!P~a-dr&ruI9A}F={$jfJ>m5tHo_+USeYY5&(8Cu1Vk}nxjrd+nAiZGn7rxB6dW{ zouv2!?}P}Zh~T56dRbn*Pqb^aOsAv1xp_XKrOg#i0zgMA*GCs#C-!W<&rJ@Gnwk%e zp${;BZ^~|=55L~dk}Oz(UmW-8hiH2HY7(+-{bl2?E=nvlO?C^Wly_$jBx@R|?xKz- zXjR)R4c@%1gOihkljoO9-*wIiySnHt!KlYao%xF^+bfN~zjuhPyHD{vEmyq1sv&wq zM9CE9J+tH`pl|Fi)STPVE7#`{Q@HdBX-oO5`{<4t^@?ii8fD>R(b$00%OF%Mwoy7? z;!`dWt;P%LXnJ7`MRiNab1w>xWChkl-^(VBz56DI>BYNa(d8%!kp1O%4Yx2#sl#~5 zA6iTA*Bq8dM?bSB4w!NbEsacg&LOU_7koOxeGNmtr}qRFFAT(XhX16zLO=m-;dF5C zw`Z&R zwDi)n`Ph*hD=9brG8EI()e50ijWh>uOAhl~CZ4j?Rm9t9$D`*1x^R6_&3Xv{sLEQD zh6$$UE#21_=C+hX3Tw0*eYJQUG=#=%60niuQXrZZ0Vm= zC>mA%E?og>6sp$`Pcj`5Ei>9P9|}&eaXaMZBn+%LIDhx07ZzS>ZT+bB66+CXpz`I* zm%F>WDUF#0SKn;TA053C8I2Dv!9kjkMA8sqG-``C%|P+<%Zr zq+xY7R@cRoIK9k!f!x+48Sm6|yv@_ufv&msE0C}0LiH*;;M$PJ04q{hCl?Ljg4BJz z@)~P^J|_iBhBX~vh=iPaJ@$aQ%c4fI2*~w;%i6*Y1B)(+$WG~~!;c<4e2GnPSxDw$ z1LCqrS4tU2lLdG#uqU(Gy?pWRhY7LEW;f7|P*mL-g6t(QH#cW!b27J1{p6NiP>`6O zURwX)0g9^mvykISUUjNAxGD~6{)%Wgc`umRR>B95Pt;7jHibuC2b$lb;BwV+#rELH zWJ^2cB}1VXMW$1k*aXdeUIe@+^AruD+W5e*=eSc^*`kgzcbOe#Bie6k>2AcA*B_Y> z6I~NtvVtbxLAtQR$!?WT!N~1U21Hv+3-a!aC9%c8e}wJB?Jv!+UeISd==q&n0|n;t zvD<9_1VoTcWco|T6n|Ei(qb0`1?hTS>B+mu@&~i19Wgm7WuZXo`BX&RYJb?Qo#T;X-lKpv8pDSANm zro8lVGPc{u+xfmmGkI_~(13p5J*f{*Wji{$CWvKjbpk9O#07P41;+abYmGcd@R^{v#I&)yGiN^bYv4X7HZ#`1H4QtTlf1U2_G z&e=sO_LAw85N~TaW1{I|9aRn>vUk!<{GiM8M-QUXh%>;}T^Q`ddd)@d%n=(bLr~qM zc;MKavT#LIL*Bp}Lcgwx?5Y6YSgQN9bjxx#GJD4mOAqK5;;8J#CdD2kn=gR%mQn?X zo*nP{`6|HYay8St?QXC4Un#J;bh6@x;Do2v{P042sMc&4osgOt*N$fM$tu+&1dGyqpV_-Y~N# z8<8hcd5Oj=a=vfpouh5Y)x0m=m2vubYjoXf6eOi0FVk&fqgnm*VlJa zU3ywg?2j;oeBgvg|QSb=nXmh#CSnEhR!H683O?NGef}$}%l;eVksZ`S6k}i)NY0%=tonSdV9NfE~%{L#Fb2 z-ngJ$N(q-`%lY}Y0lYIJJ1A~KR<8!!^R;gIX~A{^^OLpKQ-YiH%Q6RgIsmJWXQq9Y z2qb}bz*A^yR|`h-U(HAK$4*gljG8&5wQpUAcc-#A)1_UA9WR;a))iUG3_ zvx8EW*IW!rC5FuJmXb=L&H#Xhd-brg-hD#q*-4^SIH~BT>zOh?VZlu$Q39^9s>oo5 zyKNlNiHt_;(7N0WHL0VTlt!2ospnSJLu}7|dH?$CW&@A{!(O!iU|Qj=RPx_+nVQ*1g^x!b1a`LY`@ap^ntdKhGm7Fz}o?0F=;O0@HGXK?? zTk#Fr-hHjdTbaz;gXT9G`K|+}ELI}|PYtkuaT{mpl75O7L@HwZoaG9Cj!%+mM<{GBSDInS^HJSpW>i3T`pC(tr z+mW4l>7h5CvCXQ(UK;MDLb?mMIF3c6KGAs3D?2!nUoI2Wx_qeq5*!@mk#@aN5!b@$ z?#-0b_dwRehaq><^_=o*GjAj$PH)#5s0=ow?~%l!0oCt{Z|AwD=ve)xD9qllDd|gZ zELRm3Rt@Z#5-4>x^3NkLv1EfdJ+s_z z_vGI-c8q=5o&DYR=)L`h;_lW&qS|oovMdZ=uJWpUiDPt;n`7BV+1fo+uAJ4hK-)JV z>g-F-x^kMgE6=yz*okxjjTttSxRomx8wd+GEQHGQ-4L!M)GZcR zPl);!Mprk%b)|QEBSNk;O5DWpZhlNQ6@TB9a}&n*nUGMX8MxoQ`nma%)riSDFbXor zPb6|up{w0iE*pBDA0DiA8^FLa&dF+ya{?zF(Ew`DJO|#)90t3DPtBol16fNedl}Cb zB4j^#P(I#x;@l^V9YVTwWI;2mZ?ZdZ>%ciHO|NuJ;ylb9`?#msnFpFma@3(3V-8H)Yb~7jeXAhwNz%k1St-Pv%}h%h=@b9MEtOXd-z={IA}l|f6xpBkeo zexj#l4V7LAU3JnNMBt-cABuxm$r!2BV7;RPZ6C+EB$)ezC9NLPRx@ z2wtEOU)k*M^kA7)?G{N5PAZ%bGJ$W$3a_HZ(>4O8bln%iLV~#qIn6br;vRyy&bW0Z zbXiEX(L-b`r@T%l%|A7IZ`45sISHoViv{@suRCPObd@t_Hl~`zsch3T(z{^FBA?%! z>}o{9VeYVmI>w(He1Uy;P3pQwXv9{F6EHL##_7=-yQ}VL=J=6uaJ)8=@=c`uNlQpJp0DgDgb6oqxIPeL+-h**u^V$nv5G#< z&iS#JjUaw6=D1pxh?eLEcQtgPs6w0*bws$qhmA>}4D(?aZk{*C94#UanIPnIms8-j zf3;i1QPc4zEC4ZG~kHGOkz z;;I5|s_QN7sZ@#cBg)OwUe0DtIQ@}c2WQL(Vz}8w%&W=qA1>~6QruOhzAnRsHf>i? z4yq0}y*>Nf6^1p>w|On?DB-n(SEvsVz4E7Cr_Qh-Z6wjBsv2&=H4iYC_$m=vQp|RtC&*5N z-{3Kyk!J94lMQ$C48A;&Ybs&(h0%0soh_tx4G&umbW@qPo zBer}fi$||0-b>!BVl=#x{j_QCu8S#K4&lUdM>W!4x^xb-s6Cb+30~vA%oE6d#@VE8S++Uqa zuf24p5eH|Y&ab`zk;+q_cAyn6-dwu4kU|AmklTJpTgN6eKtXDL&OGqPgiR?~3%1zb zTud(nSNqfKpt+hQ!eY;JTBbA8(YFLOPLC8`xZ0aMg3Ljup$z=NTiH>zEi1-tHGWg) zA-yHKkmZQP5`_M+)s?O2~K^$AYwY1Mz-|Fqx>jTPX0)I~2_=B&6~>+DmxXI;((vsXB!5wz0qFccDVtEuO3cWpe9pH;zXP zq$Z92)mL7}RtFl-LS4#~)z8Z|Ut$T$c@f>5~NO;4dhoPP^ zdtgQtQ?Fk6D{i^O<D3cInhro*@NC6XR+z1TcCy-b zjTJ~hr=>w~9f1BcqtWyv>snTD7(rwWRuXv5YO$a(HHuTaEQN`qR+!(>Kt#1+-`Bhc zc)X&PMs&qnnH&x0K^yp+=yG#|Dnfc(?l2mjKs#>Fq)(} zm>MEu+WQm!!EK>Jw$NvnhhU1vVsiQ@#I&WBpc?=s4)`R&w9RAq_tHb4HXEqV43Zow&lvE_I4{F{$aV0Vb zn*B=NF6Y}!Lojy(y^%0AYitMOJ9*1*(Kg0Oa6!W6;s^pQ$QoOIk%y++S8pSj=eSu} z1O1^Xua$0_-&$ragQ+9KA=*Ip_uOv6Fh{sGIX!AkRY z`WPcl;RJrjHtvkSzk5kt5rG>u_YsC^0*fn1jS0Z{t--f`f&$44r%^M# zy**>C`Sl&$VLkZDi>ZTSRI2=ZbDcs_sw&(=tLg+egeGcjWs@B^v;4Y}L4n18x<#?g z5uo$=#Tm!UI7nHwV(F*Z0o|LziK8c;^PZZTvO#C&8=XJvp^LN}w#zLK>s>wmOmqh2 zyHya?Xf&4+XqDaK28@5x^mA@Sr*KOuDn^Wvo zo6{fF%hiNQ4T3Nwg_K5Ea2ZDjBn96 z>}v(s3>hYA@~=qwPknp?!e6Pwyer;wJ$gr~6>v%V2iQ-=G+W7`DQ7qe98|<`&k)TO zsWVO(8wMv_c1qsbF?Q+)s|pH5PyIO@o!h*qF6h@Bx5eOnupAD^~5{Py^B}c%dO(dV1Jc^>u_PJ zx#`1~beL#^-^f%qjZkJ(*PX;;v@OoYm06!VN^UInu!W_YJ^QU+ti^q_H!g%}mEU_} zWwC9)m}z-+z{eKW#QS=>V()uMX(_r$`5C{J?3@r-9a{ewHNE`elEBtjEE8tPUpV?) z8ir2Lz&7vpZlp~u@qwsjoCN)=itjaZ_)+C!XJN zF9HAwcN@R-4GD-h3dH$b(y59Fd2c!v#mL;8-a4E`>b>6IqoOe;7r6Ket+4Mld{2JI zJ53ERK4|pSn(#eb#52-CgdAnDhk+if)Bs!!2i=XiZ5H;66fMFJ-4UrI8TU&gm5$!X z09;Md50kf@O;fx;#^8YvA&BLn4lE1Gl&H%fi3mEqJIkpeyptSoSG5okb}U+{8~}ZX(`9hA~l=5cixS1 zj_b=<^^zZ$AdTapekEU#$Z%W`Q3yrwQpjZ7-2JYA$$Z}VP%uQvNwX`NL;+cO=rSfMEQDOs=wjE2ue9(v*OD3{l>+vvopIF5tds6(4hAvGk{gp~(OXEksi#b5Xs*KW^j%%K21QZuDb0M@kB(!I zk)jd8q9ae;gu`B*SNqd-M&68Zm$&y0C1v&}Hu)_xP`owiID> z1~s~;D|FY@s2KU_5$`@N^XiHP4U0D_%{5Q^UhT-P)DV9tzgx7cqMK1)Tyfqt`c(G2 zhPPG>d<54|7Cu;=P~bk9!$DNvo7U$8?%WK?AmAIq8$<_PuQVykY#`J-eoz+y7JmNF z5O|A#=`=LWYqyQwQe!LcdG;uEy$_MWao#YOsE|jvK+zvK+1bNj8b!t!&qUA+3=Bdf z0P%7)^8qeBthRSvQi-)ox33?4#-V!oR<*XXctHu zjxhS&IR>+l%WSa!oADX@!2U|-;8kt*#$Ufv+;@Y=W3{pGGjZumUfm%<~bo1oBNi_!LOFi4` zahEPad#=|fU-O;K)Gn8<(qQSHz?Qb^15W+2k)6fgt_Oj_+t*#an<)(2&R0!{_zE@x zG%D4}s@<-oJ2O}pG-NtJ{Kr!^`!Z9#QBKlg-f6Lxsh&5^e=PmtvU;4@P*13^{&4J2 zK#^|>%o~3qxuR1IVIkgI8V7W+fpn5oKjrpEXL|gKS3ecRN4zWM!*A~LQ%=$gq~Bkc zGiTSNXh#gl0@_&2g<{kz3e!B7+A+{5f3j_;Y0SdGsQ^(!yY61o02N>%ung4hha*2z zeUl~JWofQui_Ko$q=>R#{JS6F6Z(J*3~Z&wtmKVB$9n7TkL?J?z!`DneX-Ps@Fb0{ z{Ikw8#^y^ITJm=`!riz_Y?AhN7`C#aEA;Lu?9da5(1;oJ zAlDU8-!(#2Gt8%(JU__h;|g)KQ+H)d*Qp=R!C4T^d$$gzr@}Oz0dLSFn;HIl;;`4W z`|f4G*!_z#5->cqYd)9<*HtxAV8`%FMRIUc$<^Z>I;nbDH=A${_3>-f?rHC@-&LA& z?`bYsdl>F*2TJ@0o8Il_#-21f#ip)r8!5|C40fO5Zb=GB^b#8u;uznPJNkY>UPE6i?QkGUV?Vy-5wT2* z@NojSM5gWVt}AB9uYqH>W*lZ zSII|<%4(>44SDYyPS^?S0M;GI(UMJ9ouE*Ok6xBXYtr5M+4f&d38 z*EJ%sg}hl|(k~1EkrSQq&Kz)AlWJA>?GFJ#)}l-|$(*@72L2v$-Aq%Jz={%*=A~O7<9z+>TPMX$y(zPr_-hxf9mUQX3w}{o;SRI zEEFJ>O$7}RyjwZXH(ErKqiG0rN%wdrN0wQteMM$v6c#(=aiCsR9JEqQ7V0F{>g#y) z>y-r~SdAM72QiQ&+QY@eo)rcr2`parck5GMv@<*JZoKo6{6hcYt)MLGrfU3+98PGFY^sz@AN3KiQ4E>O-c1G_eia z4Q78Y!`({8`m<)9*O#ssut%qzoe=3yQ6Ya2KB~8;3!CrCmkuJBCD6@ufO_HHv&Ce4 zfTKN{C8|klUcR26l+^-a2{V0?91%x4jz9iZSYb6^iy$-jeBEZkf5oe~5Livr?1b5Y zV4UEoSX&pV7IGn29D~W%_v&th)x?ep1qW=Y3vpS4(Hne)>M60YCieFBwzee%f(hx% zcf9>yMp~c?16X<{jWs`bQM(sKNjL8}sQrQw&Jtq9<}dg9c+OqBym&!|4j6|pjp>V( z3u&KL%%#)#z8bqfp$07-GbMS_Iv6Y}b;p>HDVa=cW)jHeMYm-h$kqzO|C>gWT|+MS z`EL>pRBOH%GwkeISW+5r>UqtW&l$Difa36@O2BHEs`0`Yf5d$$ko;F&hq@;ufSJtY68gyjh0k%i|9!0y! z4Y_wM)3gg(htHws^NiofApkv9ntUbE1TQ*Zaxq<2@>rZ-q$r=yAq@w zl8+Hj;{QcVf}aSn#r7e3R8>_K0Xj+#bRit-dwj^{9my*q*b-ManA7n zCb%F-gscBk6b{j#O24!JR@p@yYW0;0;r6QeoqIHc3FiHWaM)wG@L&FQIa?fFGL`4SzXKveF0|U8uYP+l?A3Ycv+GuPD?|J z@t=xd&)dGR^>JWp#v;9>DN>nTv-uuY`|lHoGw{K2P@Vq{E4pUPe$DD10iH^Ud1=g~ zB5eY4QYPrHTG1j5He~W?C<)#S3BE*-dLabCG4=kcuYGVB9SWXgD6WUi=sseY|C8E? z2-q0-$vRjcF&e)2p6G3kDX)D8&a*emD%JG{q-_K{X>^jH>&|@u-EdQ`<4vgqu%2nU zYoT20&m{A^k%bf?xapT_Bmu+poyQ6nx$Ge2Grc ztEjhR48RY0p!QHWY@vJsB4MvgrGnBy_kKK;0|4A5%C43fsY{aVEOrpm^3aGbuN;(Z zp{JQFJ$KiM_^G3`d{SW$X|@$mowlDcX*!e3sO9;#ncoTM@nt5=jN^wnpl=g>N#U)Lk3Nv~VW3rO z(raw!PF@fH(N`_Jv&_6om*)n%Gs#uk=j8U5qW0*a*LWfDhxwz=YX8BVGUZB(+iq)q z@(%lKBz0O_^_DxsQ)=K zKpfRb9_@%SUx^lwU0t{6hw3C{*thgH8$FtRiYW}{Hl~MA@(gsa8Z=N8NaBzPj|eg| zG@1Khno*ZVKBKX6USns~`G(1MaoO=Fz|2BHR+6wT%}z^0{B8k6%HCNXZ!J(#oZ5Jj zpuoamdBAWMwRugpixM!`Bw*e0nH${OkWjMHA1&)~4*v-~n3uvu4t#NYix)Vni76w( zL=OOHLJUoiW3#pLHh=|XQCzy*vrYLF9j^ko_fl#`*(%#f!^@@Bata`-)O-M-<8^I` z3!aI5APxuo51&qWnuQDP66ss(@zYcI#E3OP1GYiMqOojP5F3GngqPC!k3HURIeD}X z*zXB!#=QEEic#M#EkK;tE?axKI106k6_1Qkm0a$e&wDkV9YLyiwJ|*PjCv2{M+{{V zC__k8*-~7y49m^l-<6mU&HH_1STi#swz;pk&UPxq-LV6`-5j@ORO8F9908mwI#RX1 z`c$^MRJPz?ZG*M;jF@4KfcVV!?d|}8-UGyQrCp{nJx-a?h5k6;Kr1qIU z>q8AdK&_xr^e z4{pwV#9Lumf~6UDRe&16_(j*awo3}2O$=gvlANi3*+hV&r*@XnTo=Ag$x_XpG~IjW=&gTx zA(ElG-5$V?4F}QrhX1_V(UqjBwpbTae|AG)Ww6wx$Qj>==b=arRB9_I3Wmuzd+-8^ z>>e&#c{4xubcyNb_-`3l$*-V)(^o*ChaOIoC4E73+w*$CC=#yrFB|SSuFU#L zxh5xyf0vPG*3wJZAK060p^urlsH74EcX=niBH5|$Olcsdh0)jTvDZMBJ#ZQMod%P7l z&xn zb8y}jKAiLWmnRIH`JvWN5@__Y;%fYk$o%q<-Fu-e_7P%#dz3s^8iPodnKoUa|I|Yd z+Nsrb-J6STWontkLr;??_bD&cT83bR%a$62UFoB_U!OnbiOUE2H16D|O9Hd+d;YCF ze~me>F`iMGOiozKK&-uMeU$TMJbY;dIL&WR4#_%W+;^|OOy7d<#wEv@eSR!Trw0y8>> z=&cn>&(=UAwEO7eXP3>QOxxGt)}qV`Mw*4dg2#v@1+OUk-J|-P?Q_ml=7j1bFG*)3 zs903*Tkh0)XGQ3DT9KuPc8%JImSkav8C~eJ9PA!~2KRR%)?8QPQ0Vpk07PB)jXGJi z)eJV=pbAyl^H_HV8a8r2a;QkL2}o zS*aaV>;Jt|%r9BanY1V23^Zh(=3IFXWnz=P&2Sr*G@($XKeHcY>iK})rH7?}bNocO`BluXU=0o-~ zaeWT#Zr2-r&8&inx~z(Yg=xC!!EbfW_wJRu4pI^lm^OXpBf#{xW#$3Tvl1a^Bn3`_ z&_ogQRU54~o{PSva?F|(pm570tbK3Z2A}%tA#a5q{0Iu82vx;X30#3YmUPVRc95o} z_%dA$SpztobHa0TRav3Z5)vR5sR-BRYxx4KnOq?pl>OvG6VR8DC(t2z1HE5xU9P+@ zg%90Ua9v{J%#n|Kg&}8wOWRt2ni)&DWI@FWoSbB>>cB5NnBlk+%p|l>!e(@f2;Bd@ zwH9#KL=U&(@x#R?s3@2F3O!&$23Wwp8`1s?Uv&nZ0s1di);YM_H4W7+*lcwja`{T7 z32v!4lQxH&D~p9+sBof3-FuvxZXA{V;R2Wd0E~5?I$x231XqrIsx(DvH%3WN9IHLV z6VC%35_Ywdn29YaHx-d_2$owe4WzPpt^eHp$+`(^*ji!0p(f*MnEoy1mg+8Oz`XWq zpdd#bd zX@ik-8=@cRd4pbA>Hjnik{1sJ;Xa%Pw=Iay<9UK6B-&luYv=Mf^K=YoF0$8_^68*K zaT&zA6W^J$0`7?#w6QfHKHyRTA z)z=LQs+FXZYYs#7`iG^9WoQ!e{Y*SXwht08;rhC}u*LQM_N>>@b1GeMW)QsB_E~n! zL22~CVwk0g9Q`qsBOh35Z6W0T#-MsuY`O-ERNPuw_rs)t4X~`vKhezvIdBr^ih_aE zeTJ7o8&I;dw0PME?MbO@J5nY%U9BigbgL0NTO`iUh5h@5k9834vtZ*+nGOA}uFlSv z-e$9Q@ON5N@md?RwFcLibc1i~kgMX;ifr%h^0l9|!W^&duAq3)-2yyEbA$VH6<-N( zPUdttWG4i;OAe(g+tYI6c!|z8j3Y|~mOUTl`Nuu8Y0d`=<5Tjv0Yr;1Az@(;?s(5aF@^y&>c-Tyc#X zSev?fZb#ZI0Kpt0VUJ&qE&k$ep&?y39>4w#83Wn>(ddZt+s z91bkRB0imQvMuBWUsx0{TD-m5%4;m}^=_TzOUc+xzeuD)U?MU&L0C)Ok`bczigdX^6;LDB= z%mcVM9Uo9oxVU)F&(G11{$0!=$^E<~&ofdWJttkx%LvQ!ld=4qwTqpjTWk;X46XjJ z1O(!C{UuQv<5~Ac61i$wXPb%>jB}}BPR5k!2K@GO7q$mA|5}99kNKiGZ!PBNFvHUg z;>!8&fsZ-?G5-k7Bi`J4@o!mo#G2CS`M>qvk&r&}`;jz%9!5b$wc-8OZMv6s2Z5}4 zp#;wj8DPs-%Kzq7uC`#%{-ZGSm!W9?B!~TV=l}n^{GX?e^gHe2|9R2~$l?Da*^!VK z=>I1d4k-@r-;(zKxm}j)zmpVFoQ77mh7V3rD-A1qs+zM$#PbB(i@Et}+eSGt2YMPG zL++;gzs&m2_VkPjT)zczM#i0*#|Zxa!YnGEm;#6>{yG02%%Y&PT1)<8HfS{@4Uq(P zfO72eKc;`q4`|v(;9EraU$3RDBN2N+O{}$kas(vc-u0SP`PlfBGX*(`+~Gd&xDp@O zfyn2!4y(TZW*X(;%r7k1K>ls>kI5B(Ay4y6lX&Na@8Mg_e{u&l`|G4Dihi`AKZWx$ z{ozN*BD+}-E%7Q!6xHPd?`B)_7eE{Vsq#4@4Wj$sHd0XGA5?gAKz}2<<3JcS=o*b-1PDMVr4(=ya!43X*?f zN2)#~catWe&o_k3G`yP5OtABKFt7P8aS?AxfXIS=ktl3pRC2;_waar9=kY|ecJc2T zkD(Dk;n&~Y5ECQY(B-3ZOR{P2g#3BGd3COMiYeevOV{6P!Y8NBAF~rvMNEO# z1Mgvb>O4(Os_jwxNz+~V_UMW^p`wnLb91A9 zq3F++E`Byyk97Aiku4p$O%a?Hk&}v1)?R4qsWjhN-p|vYe&Ys@j*&0VSZQkbtz^)v zVd_8k+(8Qo=6h-p>keiVftRvPi%gF^`|n6^^~D}J<49%}78Vv1)XVz(RlnloUMt+_ zZJ<%7aYb`;Gol1BB44Q^E=CvMpY=gPWPc0kd;4F^PU`(-_#3o%o8!k)S+s;2!v?eYv+BmX9XwjTD1%{*1P%{Z!TI*_$yCZ`+l?AU*P^Gxyu zz6!H#mz1q=W24@Fq}oUs=LjqFIX)?Y>;pOqVGFx!hKZEDR=eQqXbCRNd#9gKmG(4hl z+tA7Rg6OjAufr3=_ucs4bB{+ctXEARl@YRP$c8`Ph`plv`R2Cf112?L7$+xZmvKdY zetuRKRq7C3A6)Q!P*iN9T7eD^JwR4gR-bidb~b5XOEZCUo%Lb48UFR%&*lUlmcyF- zk{H`)BPIR!zyw{N$W!f?^U!?;LZpGu4!QFE*%HJDz0EGXdc_(CAw0~ut=W-X0yBS5 zvSOauG13K{ue8nS+F2`CX2~G2IR6j@5jHILE4px7tE5)#rfVN|qJ!iW;qCm7McV7_ zjg&c-^RhoAF|L-Qu_^4ga}<%@a2v2dx+NlfX-MXikw0=>a(x~9?18h^ELizTeE&h= z71D=dtI-9zEz=tvxiKC7h4mU<7M`zDhzV#)yrnCEYm26=P*ZP<`t=By!cDJ1;&s|7 z6?5rh1Z31c=5EbzbavDGv2osfgTu-HRKaGGP?&c@cjVc-*@(1wlNlVkVbD*F2R)T=W0SwtIautdueb>J#>nThnWC}k(d^efVQ+C?j| zCh=^XyKdBWVQG1RILnGRL%-$zSaoNwz)GjkN%F@3o7rdP{=v~EKQ-|cI)iyotyX&Y zs4s!y#LdkOLgLX&WTmwgNxZNB7foT-f3}<)HH4UON=gwJ3`XobMy;_vJZrv3JgG?z zykC6*nF4S+i}&c?53D|^T2+(%ekUt%Bk<`tAD@*%b#83f05jSby6Z(sk|^kS=@hY!(k{=DhI*^Q))BAFZt@CVtFfxKmrTgmQ^{|{ z{)C2vM`$;TzT2FloP)xWcQ4o)4I@nVFf0bjaf3 z0oa)aJ++HW%;eaZQ57O#at`Ttaj{;l$@{}`%Kft-WGZ!H-dHC;FoTXOAV|0&vU`W- zAb6F(b*b$Uw+E<#2;zeZ<2V3U*r@pZSQoPjK+?Z<; zDdDc`3^Pm$M6`Qo%xJ$AYM>aLtRg?WP|ry8T?K!f%SR;>ZR@sFJ+s6TG>}!NL)Pq{ z;&hmxAq*tboa0XHTAv(^Zc?ylmDG!Q2nxZ!VytElu-;Q3>O)= z>WRu@^`yqLz-Fb(CW;bZWq31v;|p^Cq?lXM2)iia@hZ+a2<- zXtd(W+S;S+RqfBDR!`K3I=8Y)qKqrwPFFyGM-&PcV(b6xTSn!rOA_ipYabaq;MXTV zOyOHw7ZH^~{Ose2-a_c~(l2*GXPp;Y8=V3^+#|WQ2|P%@?r}uYOz6k$x7k}q$Bg=7 zGn{*Pw>3zvWA2TH3dMV3Mtpx0e>shD9;Pc=AwhbFbd^b}^k>G|U!rjiNhIBr$A9>->Y#qcxc zSOEnY$?0YR-)aslyV6mRSUmbDBo3?~r#jyY4Uc$RW!`ClNM|>63h)|C!HKS*ls^3v z$0rPT36-e1AjPq0@<`368~C^*{pBqkCui&k>}l4r@_0VGIW@y;ml7;weYKNp5woL= z-TeO$_m)w0JWto?pn>3?pb72}+}+(>gS)$jBm@ZV9^4_gTL|uQa0%}2{!V^>d7gLO z`}M9n>wMvySxirNb$3(=g^O-v9IW>$xkuRjBe#dsqeAADhw?lo~ve1S`x~b_zc~|F41mRX|+e7PU`E;KX(rvgB z3oKq)3p^jx-Az08wQ+xKch}XAZ_}1`khI6ho?l4?04ypySq#WzkjmF6_S6O9i)i?= zD7IwW`7>O8=h`EqwrU%7;c08_i=r0Wy=H{&d1a#DO$~{Jn+8C=EJ~ z?i!ftvR*2)H?Qn^+nVWqIT}1x{gPSb8j>pg^7U7* z_D~@3WRnP&T)_(JQxIG3gCcwXw1F@|t_6U>MeT#AG1 zL0)`%Y_rz^SnGkWD1f9=0tM>b=GjztpMvd5v)|xvr$pTC5~O#Rir}(c5qn)-=UwZO zHPu;`$tX*S-L4?TOK@&(A+}QZOvFYeNWkOg{P2eb3927y$6@p`UDM`!bC)`u_sbu@ zG207Hzq)Um-!uFAJGPUX)Sip)PZHYGtC#$WYpD?VRpnMu#-E$AVi2+&EbpE{@O{Xt zmCiZQVdcq5pTl67p8HFc?)L!ypYv@Wf_wFopt?Mc=RJ-Q929+sP^^q6(>NPo91dR& zK!seO-h0D#!9TylYPK}WMebcUe#qA`WfI#fdyT;>|IV!1;8>F1xmm!fp4p*OV4r-T zd-7;n<+@9wfdXDvX?1P+_pBp4@sh?!(c==lc~hhyWGE*qOGiN=PL4@~wL(%WtDPu7 zMmbY-M{%R}(ojSgSwhbs==QrkNIaGlf(U@-7d6M}cydZ+&U5RB?q^uj%66}hPCNMM zo`+7WAfS?7_ION#i&)dD#+#~Ak6XE&AV7xy0P(s#s|pPsh?%F%p8}(Pc2D1@E&wo^ zt#`MTCNti)^!}K+SJ))La$3!FO6w(upSrZFV{Qiv>F>L4A1j0hs9XFYg|LuTzmc7+ zUMHms=X?a>fJ28!lLW<0I5J}F8foC2?J~VXqjutGee33n>C?=$Q@Ly!q}>Tn`RQG( zyBCKVyl>{`D{=}OC&8s~e~ay%C;BKcx4}fv@UmQtQeUljQ^?Zw%)z5NB8GV%av7%xL!4*!c7c&(#@p@a zTyU|+bgAnXDnd5xF1U|u(Q*HjORLaYyP%1Anr;hcK4HI_Zbo(AyWwP-C;EA%QS`fh zHOK3rZ!zJK8T)*HqJ!!1U0a8Ti^SMPrAcOh`hspIslVhH2c2QR+9Jli|M~ej8#}vG zbZI~^xwO3eNNX$K)|5l5EZtGjVCj6bW+{G2imaRJ-eP6^;9Ak31{|Yu+BGeXbeP5~ zMs+*!U0oLra?Xae>h|03J*37i1Qj)Fcuc2sxk%wmt(ZF#KqvWUvsXy4D79)kcNpZq zjvB&r*`^w92fUcz+Y$WU#z?7g9O>7ZZf%tcCso2T=v2q{Z6uhtYmMRgVHqP9s_D#8 zJ}uvRjS+irzioP2Yl%n__0`P0Sn{_xTYTNHrLKqj{R-a$CE?IbtMxf&@^ApnTXo)qsjJ1I}w(bbH;bj<@zEibnqA(Cnsu_;=%Ge646r)tVps;49G4*k}qo$aoa_Z{O_$Ut!yyCX+=}js$J@)D-MP{`h`hvR697=X$jblVz*X-oc0$}XD>&H7 zRj>Ras48&X5%-1B0phel=hc;haYd<@01Yt1Vf1ZZS?wLGH280fn#>pmFcq7Q$Q|cf z37DaVcnrlz%7%$B_f$rW5Y6@Ul^PF0mD(31q=!wHi}CYNxxQQ)2t@GnrJ-p+T7SY!`LGqAtTf73 z7C&^KPw#Y@p-CpVo#;DyeoVHe1Aw`=vpUBO8b989#@rGf+~tsT_I>49iKtXr6fTE1 zFWXqYHPjl;#*fC6K3?)VsbjA0O;573kE{8b>iu}yuX@ecG*h;#DzPoAr!B~P($k5T z&E&Fw_+?TCbz-9G+MWH$+m(pj7Xes$-F^Tm%4WIXcf0;H_zB?&#wi6&P3O%QDbxiG z+>Bv1u0cgq3CwGbgN>1KGc`TjKxwap{RWPb-eIXIKa$JHC zz3Fiib@K?FB#z7Ml&_RAyZYy2HddJdVDj-j()!pp zs6c7|gzb*={H-#_@W9<-MVT2ApAEYaK~@eD&z&|(|A6blB)~|;u<(v4ia8l$ubO5} zXt2-v9wFQM{pHn^^H@rHr>G4H*2uQP8;x*iz(}U$c97y@Dzl^Qj$MKNIh=UR8DBMd zgo=tj0f61{Y~!w|*tc+n-$2s*o-3Da>qiZV9m(QKTVzd*Pg;!baljAZGjodBKfXehYyxd%V=x>GYRTd1?&4Fa!8Kq_0?sv+llI) z!QGHuo9^Y}8SUQhWL)`Fw1o@QIKxX(seBa<-F##)r;QE`(}(I3wS<7$9&l6n{+!?C zT8yS!Q~G23@^`YJ*-y^`EkCy-isMk*G@niKUE<7EWEJ(=-8Z(Y&X&kb%wL(a0Egz` zpN<7@H;)Gp83zT$?$R2{gcrwFeNS&@C@T|3c{Al;#^2(ZM{*B>wP&7d#yc8nBMm=T zPa$1FYW9X@Ya~g?LmuBglCy0d4&!?iL@hi?j8@yN7bEzkD!?F+tjdq$3N**%0q9@& zBTG+?ekDrS60yIC2jk$8@OgRL_%yVZli|YBz}P5}^ZOez{h4dJ7+MI}Z|}igHWY9b zmz!c2&Q^R8sQOt&{XA9tgO4MPAtCXRU$b5|{L@Ui{EeXN#r2VHl1GH=4EY=^_4+fR z;8nrM(#89+Og)4BN5|`17^lHynt%(gmZx5<9feU_+ok48#b5ImRfCAXBrQH6``mH+ z4eIXZZNy2CeX+?kd4H~uD-cuGZVV%$6yh1z>C5rUcNMNZY zEkDcY#-9;JZe^+v4kdN2YMMk0pnkY+8$6WhdFaOK&43WPT^jFpcOC`TsbEbz$j^5x zn=Shk`eU2%Zs_R3AKGq@Ppb710u>UlC8I&(9)E15h!2Ms7a|vXGOMRahum+?VvLH# z-Kz@g>o>q(9-=Of)Yp^u90+%A&A-S#S|{ylbL5u!|MIcm)slEQ#^)aHe5Pt`ETR30 zi176K7ny-havIISwKuypm)j&4jNj9u$1zl(CWj1ytzDB=?46ViW}+2*O^0)gHlG%hK^q0y~!21nGcM9PFr0!6T7hi$x$8W z%wII?GyF-bNM3fXXO%-p4E3FijyhLU)6NGOOPe_;FCM3ZbdjFW_#$6-xcEwxA2!CG zZ-*tfk@Xoi=({rT(Vm|`+)m_)nt0&}`v_Y+EW~Zf&BGl8d>u`kSW$IXD~_hSyP`-! z1X=`EZ-?XEZXl8xX3B0<>8&olwnU`@yeE9EKAw5qFDDkkZMD-fLO zPAZvgS4Ck2id6#wvsC3wYoT}Z!X-)5#!{wwV_`mbR;|XyNbE#~6g^yI$1xH{S_(MW z>ms25gL6LXgI&L?OtPH^2Nucr$!h~KLRKPd_{`96)|QcVh;hy*+e2R|KK?nC?m9IS z-QTMY#OAtXNLysy9LF*HI#g}Du{vDzm_-zace%s;!9-z| z3lpc^mRrgX>8#OT7Zzk&fSmB@o)2nU3$3aS07Q52`7;lA417{>*TEiObvod;vvq;_ za?h^0(w#JYaX2^m9YyFZJJBDT^JBA5>n>@9BG2c)CkQ)w;_wNSg&fNlM|CH;_xe*j zURQ*8WN^M;Q=vRr<5zAdCUQ9upfwdUR$Q5NPzfnHd<-H)@oIwW^c=7oz=w-VkD4j+2U#B8B-0HX7@k(`6I`Op^O2@v3zrX@M9Ykxdl zOJ$Nwe8dybyU;Ow2EPj^G+`=1ent}7mBkQiDoq~Jtc2lWWn}sf7eJ^G)y|LCpZ5Le zM&g4+*f?jdr`t*56kYDMLhtc*v)c#?FIxlQ+_3*pg^lW}%*!eT%fP|m=qx3`=1G=j z&4`4717%43yp{vbWU`7tfO%$dj(u#)z`&k}oh;EbB%smA7Aqpg^lP`hS+!5P_+z&n`bU?JZ<_|1{&u-9+o5Z1gVQ$*uX!P*JuplpnrIej z3w1V)9)}a{9)&9exK~T~xs1}#Kd?p*eP%w+FZ;W}0zV83OAR;F(*R&|tq*nQ7KFF$ z$4UdwtR0BE3*r89l8`$ie$&B(^3;tx~$lyl~aBgt4>{tI^&~gjNrm88|Ja7!*y+0 zjn{sH;^F6(zcpRl?edW+_~ueee-TF8&N#j|kg|Q9^?I(F{?M)`yO{LU`J$rb*55N` zK0{N1VW)wGzv})ugmT{4+n{4lMA({V`p{bMUZaWKCdE%`;71oaAXWYNg&P=88F+h- zTBl|r>1LVA*!Hv1HtF>O{nEMd!?Sn?gEal-LId#!2Xn==>CNe~IreT+fl<0x47ZE; zwr|q7+V{T>y`TAEyA?v@Dt6wua6UNlr7FDW+E2j*OdwKNf#o9NXXNBd~F?IYERq#ke91? zmKDHH!;Ip!HE#O8;XHU3YHRgbGHg0eF3sKjMbMGjhpU9k$0Q`wuF$P$*6Vy?qJU>R z-|FP5f2gE}^z-=G^~+cX!h686T=V8EZalhAF(Jbj%ILJyA26~~X2G=S-zcOhwu;~* zh-dsXE?7YIbC5Ai)9%Z9I+_KEuTrG^7^_PY_mrI$R?VFQ)}T876qZ(kU&*JBaki;3 zta9G3=YMByqitVb7t zd`ZdnQjz$W0uPM^A|$CY1`84vk-Dd$EUEi8&(>9 zets9>u=om9W8BXr2&f@saRY2@Y6pr#WG~6pN!p&5YN{|{jA8Sv>q|%p;2Bb;9~`j0 z(~r>lFNA$ur6k}kNjcTd`%<1DV6%`Zp1H*-nW=Y714M7v7ZiVR!u+Z9oI$ISvjLar z=Lyh{QO+zLXF$Bor)*0)d&gOAb`lmzQ+8ZgW0kbDW0O9z?3q*K@`jn@PRT9F(;dkx z;_Iev8br|;?eCWwSQNz$m=Y>TZ|cl5!l|tKbwb}j0pGdKE^GZ|6*&czR(l60Y5sJ2 zKAaOMXR9%nnxh3Q8WcLTIq^TVLpHa!;88wmFQm2yU@^c&v7|5!sXV22$e7U;|Mcpt zuKghY-JdChhvJH7eT5=bCoN70--msjvC-!}UA;dVRi>=)GKJ>YvX9L!yIdMjboox> zlbO9)`YDG7>J_b?exl~Jqnb8ohimA#ad-CWeq?d8dF`}_g>4XMW`Qcf=2@xf2PC-rXhmHYu2PK9Jf znVAhOjcd5?M)SMfi)_XFY2Z?dhmtPi&&VJgSj~$U=R;xCcgA+{ek0AFo<&l}ZI3s< z&S@_xKq5I!d6=2yuJCmft&NGcRvKk{#Ix3q)?rvWU7G`Yy2uP_r}N43KRD%TAK~tw zf{KS!c^q0C_b$%_8x*Xp^)M5Dg7y2t3Mtfj5MZIRmGmKg#bPpNwT;*SbM-H1Wh+iy z?YaD^7;YB8O6RmW5J}?cDT4+8cpld7N+-TJ8;P9-4QcQ@k}Ty{Ln9=-XJ|%oLqSDo zJgxW!FA;n8xPKID3{i_o)DQ9I(`q}{`Si`0-0G%&m{;cNWJduC9p1p8wex89dn)G) z>|j-s?%}8(qP;vJH4xDo{2-0WxI~gj_R6d4URQ)suIVCj0fm-|(> z^Cl2mD~WfK6q#NiLXG_zmcnD}Zxr!Mfw&P@RSX6lHaA)oItX69@C5xy)n)c6gZg72 zqk^~RmOn-JbWA~e+cNQsz>}2l&I<8XuIXUYDs$S<1zv_v99T9*n`!LH=^c5}RgcZ{ zccxXo5{1<+O1wnd_AEv?oi_n?;+^V?UH;effW`lt!NxZ@ z(sU&=#HwVqjF!GMv%OS0Dn5R~Bdo>}`0^<3X;75P#0voTR}oKBQbfl&)i@|;) z*Fs}2iLF{4DL97!acHHV9H{=4vw`ukm0Y-p=gcn0Tl2i{0xIsocmA-{sgqV3g<5vC zOW*u>5!2Um_%hq>{`vs-r^gzy=3Wh1KnFEHLs3~o?J@WC({;`~l_4H=AWdY8KaChS zF5ec5#zhSQA^&IWIlcm8f|!B z^7jK8ZKR)=81WISlSr}X9CCnIG?YV!GVCk!DX@H8AhU_QT2!N zeW>hws`&~2;Z%`voIx53ufsCWoW@-me7346r?p$1k|N0QmKzJ50a3zgsk|1#)w~82zWlcn9ItYaq~U`FFUX z(ZsMWnAe!KQO=5KW^*!z0e)um9_#F#eRRT8)Qr-=V%nEqXvj-Aw%~{zx2-oiK@KNS z)op3<@kqleGq%Y&9%7WA5*HT-HEDx|3CAk>M~4?vyqq>`8&k%%(N8%&`d5gPC1cwR z{O2BM_WRp2Kd$;=V!RUCjhAQqba2Su+}=Sn79SUl97?Zn z{>}$OL@S8H1@7wQh+pb-<*I8xl+`K`fe$UOr>a{kKX%Rn1O7Qw;K}@wLBIW+*1TEc zd9W6uMnsoxz)A95O8{Aegq{ClhK<3wLnUDX7!WsU`!wpb(2&rvuBr#gs!tkd+Hi8( zL{&2&_)#fqUq%Z}{C; z>)&4z!5VN4(FT(bOumwV6{Zfiz<^b*FTw>*?;fj5??XZSjMHwO5jXtR)k$vIkrKxd z1H(z+c*o7dRpN)Y9)oN@>%PO^aiNr3sEi4Tich&8rOnwBBk7|Z@ zV3YDUMp+Wxa;@i!yxrZ)^H_Ddom-`dXV_3Q7_ z+I4ml{J>)On1XimTFOQC zD9AiVzt-y#I4bcECK1^Uze-tU1rc`O58Db3_t1fyP_Wk;$&{vjH+QLG#D_K(@A1Y1 zmT_k5g@(mbVibIyH`X=3-<}x25%W~-x#|sMz#F*XXK7{A+g~86zH#zgTN=^K$>*6t z@vfs(;Is4IyL3dtOn$@*NrHcLx^g2PVZSNlEm`BF`$P5z_ttR9RZo3qYxf><8tdzjhXYxTJ6BPuynL&0GA*v*JxuxR6SxB(89pN>X=UVq&f9Cgt zr%>#u`+eZzrO%#_mBo}GQ(j)4V93_)oRs4rx8>1)D7qf zH*e3$qLWr)<@uuZ)@Tg+vywXYTY?F{#7ez0oWi;=YFsz}BQv}f@4rC$7<#B!ad9yZ z509bam+wK9wAo6@Sy>MD_6FDWt(EinySgf%lU-f=I1NsNUs&C03;N~D+wKP6t(fki za;kUz@jk!MAE|$gacm`6y)&UGS9zViX@;RbmV9N_(Kc>Xtg?`7Bb*?hl(CTpqVl`b zrlG$+TjU?geI8Wh??uQStEpu+Bxdf2u?Q|ZOb0&_nJ9^`hWl#q{9H8PiOF;_-y=fC zY6qiX*>kqu%K2c3s3(T&w`J7asF28VKEhy!FL3)X6}0UNMhPScn{N*!l=@lPHX?$(|aTbywbi7GFtH>Lbf?;UwL?Yv3xb?T3+8@`f%=?On0wcxKelA7TnY7g3J~#}A8cbj8#8 z>AYJuyE3c5EZ@JNAEqZ~7ts)`DTuHE?x zq>c0@tH8-mfi?B1vB9m;sY%bp#f34cl*8b+{ymKE-I@?WF%I_4UMvlpPUd?5u~FYb zOuiCoXy*rWkLe&y#Vv=o&UyUdaTFQuviM^FKYNx|%!dix#*h|W30e^j1VPxwflvn)A@){2$Syd?ZwU%Kz41$6eGtVpF| z=q10Sptm6?KQYQ1@}TCMU=FAQ-6~HWbSL=ZJL8V z*`=X8do^it!|WB3N>DgT3jz~ny;HJ%~t2eTU`CywW#p(BL;g{ z#tT}^iLM&yAyIMCpsz_Gxbnd+DWUnhhr=^A;l1=F^O7Jjc)hhtmW5!{@lAZzhi$PL zRtzOu_c)1ya9t~1%~h@1`*zlUlMhSU!LGZwo1{M>^5Ud=2YCrR4M>fX8b<7X@|J`p{?-yRzZ@LOvdZeaJ3vFIY_j*FG-c>2*uK-Q8zDg~+7&rKH#y@Guh z4~l+fDZa`YAckUpKu88v1@MxV#OWrBDynC@-jAL9zrizj>eTVz07@P%d!gj*pcFU1 z+T_M>@d7Oy#e3IeWp$~h7X0XM7f(%vL84{rW16^xC_Bzg?v^~Sv$S&8rJ%|M??M~l z*cM{=%PnjB1^0|efIJj1p40MW8?Qij9}_r#jAA0?b)q&$8G0OMdGaO{|6LRROlqm` zPA5QmbrmvSK;p}I;m}J7RsE~xWbTdqIF8+Xf{kG39uq+*pla!h6ZI%>Ge|+jy>lGJlLA8DQsUvaSjo_D&DZJq8F#wr z&x$el!8*-Emk7YG>G^&`$xFUCD4oWaOy3_J+Ol@gQYB74rE8Oi!J+$M^y9zUJT`+L zlJ6|Bgrfg)D!rxL`7mkbQp?N5y3W|h=v&`I4A(0Vyi1Mp#64Ky%FDhTo}%H=57&D- zu_GEG!eYHjfgpef-+)Z+*x8n<0{c5&sNJ%3yR(Hf_&1H`h@W!w_%C&-c~3ROl$P7- z36bD`es?V&3lQ1VE?3S)%b4CIJ?5It{P=Bpbny~==}>&63ldjC*VMG&$}hUA1O z@%;BwWbuZW@*MHCRYw|Mm*C2(Qg=i@(u5_1@4fnP8TAMl_5K3-Z=2L!yM4mT){t#aynfWe z4}-tjYU2lDU_^tRJvjkK);r%n4;ZrDqtU9BQBQm|=T(+HP#)U&?#;19a`0vGE-e3| z{^15T1yi1AbyY!ES&#{=>Z~Qk`jE@msw`?Hz3YsQdlJ#>JiS5$fPYd1R%Pn;J!Vyx zT-(|?oGL#js0D+t=`)Y28+{3sJ{d=Jo+v9z+DF!AmxB|klXXU)S<3?|FsIRS?c{98 zdip8Xy-wb@vC3uqud`5HoBV}!bI|5*v;bi(VFvv#?y}u*#&?!ZY&ipPxQVwX2qZ)3foKG=^mqW~Z1v^EIQ zB^)|a)=(KA*I{2F{Uhd^F{Sc8ZK}E$(xZ@?MZgwkbVFpS>Bv%i(MnEZnCnDF6f!n~ zlGnb%ycmyYv>*wR(Ge!U(HqoqGiV5_(3ccP9i4DM>V23%zV#slr7~o^0oQYlz7#o@ zT$Y3y16DYe96*N^MyCjH8+^s3!1(V;`~LIu(7znQuxdA=cFge4AoM@_)w3nwD&&86 zS2pd)eDu=N*P;7DY2xtDBX*6+*UyrFj3xfk)Bp9qib_DvT%^YaC$mYh!fgP4auxVT zfY*mtm!;ig5&u~w{w|W8^U-{BDITCBgH44t^kXV)Z!nDSrxY_*v^}M1ODeWR+Y7sA zE5?7Dh<WdDd9} z>)9O$czAe_g0WwncxC({Tg z9BCjAdW80KfmMneCHCvM*w{wBimIv)Nkctz;BGJ;^*>|s#A2B`IyMHDmtDKK1JCbC zzR-{-m$tV2d+qM-V&me1S_aVlKiJ*LRkZgcRv8Ym%6O}vLYaIo)Jm`}z3Wrf*>!C+$t2D)l*l5+VBK&r7GV^ZHn zvBF;~ZKr9?fc>|z`a>aio0^-S-}%b<1c(p9B&DPbFn`}?15IZ)4IIJ$-u4fz&&JBC zSfNN^^JA4>-H~Cmpzdt()-)ZrI@w3avgcyb&1Y|o>fYt1Mf3w9|uC}2bf?w$^>ZT@4s<4ivq8|T1NrRwT* zVr27ctrt5)EO{U9i#eXv|9bO4HCnTp`I2&(oaFF>B)g_lKKxpeeF|<+%VR3Eqq=iVF65i(wU&6C zRwL6+FxQ>GH`A|hm8ZN%1ldk)FMrUAaeS_NLP$SsjoZ0*e%>|*bGz2Fi2sDkDjo_E zjf<67>yvW^aWf3Z2Ej0Z+{DlZUE=XGZ+$dd(W=W#td$)-O>{`*F;``ggOB#^#qI59 zkx~OFn_l)w@799ZRwTp$?#<|W@E~L=B5l~d|idmz%Y8=r68!XpfnF7HEo^IJB@O^mLLsxB*jG42G+COX+GyQEs@$S}E61nNd z`a-qi3)DAOu&B^ZncvYZx86+(+p#jfD&+b;KlN-smhiQOQNaxisj#aSpS~6hH@4@{ zVBj?}8may%<&$V}FC36H_o(cF;W1Xs3OeCI&VOkqw3xIw__~rI(1a?b6Jrggc|f z&Ar@YKdL?+=s-S-G3SGV7)r6xzbkK4QP%DMGVPUc}q30~4iJRow@F;=bD;uQr&6FM(gw)(h%68UJ3_zzRZn$U66 zp8#n-ZG*Kpa>3No-rNrt$VilOUurYKOd4ow>2$d7z2{8w8EZ$M_SRn9`sy?Gz0L#* zkP~q8aBkuRqo05Ais)S?3rzGshi7*34WC;VBCr4EOa(YhwR1HYb15Mg^J)2WweN5+@K!5J2 z0k((1K@US~i_vYtI%13ciw*fryNXll3*opPU{@d)iiSu9jsmo1N}c5CWN1 zea}$cuvAfBq;|*3u&AjVm|!pgwnH8d=kKB4HGmA)Gbz&xZkGiu=RkC>Yh9Mf-N!R@ z&{eZqn`orO0}$FM_0wV;4DvNSP0mkOpVE8+CTqK^A6Nh*ZFbwWJVhvAv0C(1()8TT zAj-R|{f0}n93YUzUcf}7=395rfSJbN#}7?sl_sp8UnlzO8ya#Ft+S?$l|01%hYQg6 z55wXc8~~^hy=30cDhg7=0|Pazn(RKev&LKSMD2UbPELwG0#JI3qez9#E8Om^Sx|t; z;^J6CET~hqOr`u*qO1)1N=jE>`2V{V;B~G!nzE#TTYwC2Mq;x4-sU^%)#S`{D|^FS zSA)baZRK2S>afISJEU`j9IE)FsuU zS+PEXxV6yq6PM%=OQlp@0G)2ID4iulyK_P)!V(Ne4qVbCDm>K6Bi9b&vAJv-`vIj9`{x_bg z4dSVLnlX~kAIz9)PIrq7;IZ|wYb<^@;g!??z_))e*wh%Mg}$V5=lu^Zs!=IG^>AAF z!-(Mcscj|G65nK_D#=)RfWDukpr=m9jfe?!=kH#X#kM|@v;~`lv^WLo8#R<{C2I8e zv2AeQ&UQfg8>N)&lg2TArAQAO@{QI_7h@ev!wn**<_}T_K}k-60KC$Qtt26kQ+)(- zs*^|zUi&?@3P;-~7i&asxieA7gp!lV^S{=+AxUq=5@Pilts4xUGjtNRJFWjl2Zlv5`TSswBG9b*~L?90ZGn2vV$ zZL7336nU+t>=r!Y_{;gNeBo+3Z3_yiaC=dGA2`@X`^?oI;des_Ejam*$-)^65etrx zL3#NkA(Ti$Y8g8yk^c);+8q)knwjPEfY2|v)zUuMf?mYs6or`}F98ofIn8 z{@OTe)U!7>&W?;!XhQt#zi9R#c91k;+d(N`V6_2pndIY-9pC-=QS&S{Uo>rOAo0Sc z_D%IaD36ea{e(TGKipcPw(J|tfFRVKPpQNs()xYKJ#aGAl*GKka6+?MgD6vEE zdliH?T0IETzb=C?h0zBqUc(B9}BR6}MSDd9xslx~mb01q;d|00O~mf*}` z(g292+ccT^&ed^!{&E0nPoly!=eV_t61kr!f4_CW+)b?;Y5$WKHh$B&<$QH@1vWV$0tihQNj&Bs}$WPb_a3CTjVur#mDwwyRamk)K9 zZh`NIky%t~ zbV4hR@N}Pef~Hi^mfqX4k}2!Y*H(H~sQRX*=eGa0qrSlc20-_<=r9J|L>~gb`=?Tv zo6%tdp6O+cc_M|1Xr@&XrRHSs$wGoxBOQtA-Xsk?Ip6q2Q+Z}Uk&&Bj3C~eY-i_ux z6T%=3w>s_b^-5jB?0|@O2t-6gFfhT7e=pzE=R-j^HMnuMay~6EA_3R4{2P`WLs=dF z{cnCSLxpV=2IK-HRSrfv0{$do2-S^MRl?7S8_^0m}hQ{6Re$JHIBy}i~QEn)hPWCvdU#5i8mI=L`JwUP*p5HFiP?dxQJbb(slSEWBb66+7Qr6 zq|42}3CSf;tO(FMCW&2HZQ;({xtskkHhcfLQPCWBOT@oe<{KoamrW8$E)7;X2UF`{ zS=ZRu*t9gd7^!xr^Py|)o6Y`8)iEeQDlMk)SR>yXl}%ojJa%bmDLx*%Sk2nrzM{0W zlx2bV{!7_wJr!~q6}zV*DV16t$6{+b5rii`^&J?DY+8A8%mjHKJO=Gz+YVoL%jwhi z!S^@ZzK6fJ%NLUvGNag=#yjv59cA*r*iEiRWZlp=4h@iRecA4%Gqy+7p*f*lA|Oh1 z+}AALr0f2Pm;Lhn|5C2J90*HJZUUV`1BgNY7Oy0{&qd`^mni0qDtGtb@FcjQ(Q11< zo$M&zq{A5aZddkfHu9=Tu0+XBbhqyv!l%9sZC%}Pv7FY{*0M7CVzv7SR>MmsYDtPU zM=t1~&cVU3z76BP6~l!#kFK>){DFL_e>BVi-hVcqEre zQ+v97A{GvS3nlrw+~0aF+{H1TIk{*ZMkEdZ%%MzElvzXm$zurL>ntwo@ok1kg`9Sy z`d!=;%^hmGsh5dNP{`cHGOO!d`}@&e-YJ+{F+7gQ%(H&OK)Oj+(7}7p_--yUVx+-+ zqAp=O!XU|+TQ}xqJ7UVMTHm3M!A)9O;`kA(m2L1PUQn<+-u6n8=cj-@vWVboVRT;s z61qFm%eG}7&Eu6875Cn{dgQs{0SM2J8Y&Lfduy?GpfoF+7W#x*csKmBWNR%m=Y{n& zI?#&Gp3Y;H9@PGP#CrpDW+!G;PyAYTUBTdUteTkx}!t$L^VfaY3v6so& zx>S@uy(PtI+7$=nzJmk#wlcOQBPN1G*JO9ce#~^m_g!D4n}YU^b6=95ug4Ne3Nr9* zwa`tF(UyCT+pcYh-*A6C^G5PqW;+1C?>mv|!-QwtJvqSq;Y<2__mTam8_&-BOsB(c zANar+q6b!YDl=!3e4G1Ne0`Q!A3a*!3s(;Y=au6@>zR?WE0rB^q$SjtkD{jK6k9wF z^h~JUAXfG$coiF2P9%0XA3gAjGnHRhe|6K;|MZIwF56I5C(#;0<~10k{VF(Lp=S1~ zC>N@8oWhGq)zfToj|%hQEWkd1$nEwFg7azy^|8Fks;R|7ZMN4mGmFR3Ci^9*PkGHF za;zwUD5+8}jnw?4|7_L{Pai2N?9s<<*+*6KI1;MwL*MbT_JmI9{CXN1$&%L6_wJbn z8{R9&(~Z9Dv5GNH0amkRKR3a`1W8DS?h(^kNA2V#GKPe3aa$o}!b5osLQ~VQR{E`eN z(127Qyf@=)crLb4Mp_M-u#a0{1p}PWnZz|ae*-1moaT6T9==8BU({w~gcRQi4mPlA zrMJS1@#fq)0~R~mGl^b?ZB6$A#9y4$Y(AHu#FAr6b6PMub<|G;T>L&YFx!8?{gSZ{ zSr1BzDh;WTKU!d4;=Q(9ZBacz3HP>-P$v03iD+@nZ&P(>-@yY7j8{%UD$h#f0pR@9 zB*f*hLH>fH0Jy}L(-Qa-aJ1~DH|<8;cQ$sy34_eq`R*Mxw1H=S5w+JgWM3zx*k(Re(n`y^&fU^#-q?JlIZUWX54yV_xnuSD!#8G2EBmkx zgRy}0yXQz_bK+<7?Wc!FfmJk;+nXpd^WRBN&}Cma58g16k`@dS`P9zfk_=2QXwuZY zR{F5ld~CHBot3318*-52dhqqnA0r*kH@dc-%OCV9mu4FK8XF|kt0WWi+R|=pFAZ>j z3QlOlKh*fB-cF_|sA?*4JHsWa8$A_J72CmI8|88IHi zK5FNzij|B0-WlJ%-D*ZWc&a>}a;O)QaAg{L=gZXZPI`!ovGv8ejYfKK?p_gCRpR9f zvv(N!)6!4+DVX9C@p`o`uB^j}!-d(q;e~38sa;_{u$8u_Vu$`kLimzyZt_DiX$*d3 z)Zd!%h!4WH-!r}a0!O8|dLbflcDy9sN0siTvCQ1K4)qAh(M*m0Ubjbnt-w*jrHSr zIU*DB%JH7A0ejhPcZ26qJXXi==}O(_cpK&Yf%vJAOu|ReGYY%rTqV17bw&(c54JrL z7sGk?K|;M^l{|)gB^xb!oF6$8Zp(YFnLKWTd#>=Xu%Ewtxx2k(en01yZIudw{9J@! zC3f6!3O>H2k5%Xo_;NTtoA!6lr^Ue+vD(Jp#u-Tb>cPB zdt4p0J@jR1l<85BW)6F-{Id9HGkflOvRrkMhC`>RO`q6ue|^1xeoJKirQzzeFOF;j zXhOwvGGn zGu;PGyQqu$$%hqdBsVEv;S((0#XlW6YrEj2h&)-t!;jqQy0%nPw3*SwB=`l}d}(Lp zn>(%}=kx51{_~bp{LYIti}zY=L?Zm)4C!^_897^HliZ)uZ&b(=H3Cw;XGi8yD1JpH z1>TVk)~;jEPlPYp=L0lj$}%3N`8x;AJ$`FH62^brZkC1=>&PWwy+Y-t7%Yt`rfHUt z8k|vi;b|h`hW!3L;|F;!!J;gtN~Eai)>SR3Qh~4zDX*U+&tCkg*WB5C=98@8%x393%D++9Td$Q$h8+4G zjBonc>;ERSw@XfVx;`V-7xUN*aBki8)kJtYaA0j8ni9W^&rx_mp|yGn0e7-`I{ z8_C4AON;Hqn@-}Jl=PftM?R`5D$=VV$m_1YZBY2FBA9<$f&u``P`k%Uw5A{(o${nAmEb7e;NOQh5x~h(UxyAtO$(I)|FY&np_9e#d zk3(rlh;dY%a6WODJVa;48TdU<;p9@G9{ApLu7p+&`_@XYH8}X6i=H7?I{T=a+@spm zyUoOVTxT#~^1tkE-*}iFkdkgUc9Ds!WO8{7ok8o@K4KZRzIauaUM7-~HkbZXIzy{X z5f@wXvbf+!%Y|LW#ycBnImvPjm0An6TZ~HN9mv1EPaZ4C-`ZH5V{CGcnH>V=Ifr zT|axPLPwq+^+sX(A|v$MeD-2uA4SE)K9ceL7Qdlob3o4}^?v7DdUu@7$q<2* zd}B1d1fg2z#KxsAfOksBD$5S<(9s^ry0Tq}A%)notWFm9xVEN}*6vsLZ&oOh{Co=4o3g{IW#md5lsK$rVNNuo^bDSdy5SXI+HlS;nS_ zF&o1SGy8qJ`rY^a&;94`pWkuc=U?X^-{U;a&v~5R^ZPkI-}m`?+rT|S0{Y(w9@lD> zMD@#Nf;oP5(db6K6xY;JP0erSWg+tiEk;L08|GV^v_ln6oat5M#avq;S)m>)TUV5* zyyx|NJ1dM(Zu5CFQX`7usRJZ#4W~XCeOYS%^ zyr*!se;Z-w6*}Q!-azf>`dH$d8GdMV3}k##ThRjS-`H%fh9F-ix|S~+8fsflcS4~l z)nevypuI!Usgu~o7cTj+C6D&3NN$_vW@TkHG&H!9VfJ8MX}TyaE9*v?ThV62v>Om# zmSpDTI(jvj)>UbgjSKKd{ep-G1*sh|zQzFx`mu2Z0?viPB9cdNljY@|7w_Noo7qHn z%~Rbq!qFQ?(c6+ZAeLx(2o_Nq>u#!2(-%* zYSV0QtcsoYNh2T!u9ldUx7CES>y?bRhw92~7;W3O4LCoW8XM2kj!LeMu+00%^NgQG zg_evXmtT#@WHN@cwkT3|owYodr*Y zWOc$^-pz41*?>)6g@<0B;$E-9-|fb@DHxLy<^|=gZ={{eU;!$<(HAneHZfA<-bqJM zV^XoPk^}L)j6ay;^%9s@2*vsX*R2xeUCdNaR#xqP71-F@w=7jOR{f5> z#%xTvNXu{|RW^P12X_3UuMhi{zg;{A27~wSuSdI#XmmIeMV8mzjwg%q*B`RoIp;#f z-u3UTa+5_L){l`$z}NaZU`SMCw~HUEq|uv$s0Hbo1FX=ZD!gTODrapvZ$h4>fs9$| zTYkMhk*2Lk@-DreT)K;CLR*7p&M;&_yX?KVt>np45u4MgS{EHVNDJ)gD%d!mE>qs- zWvqYVRYT{GLzc&oT|e@DYAWHrm?vu_knPplFwtTYc;Xrv$DG2p2J+6DItG0=pA&h->p!KA##!Vl}~*F+?P1_x{dlsyv$&MbUYBrfJmR@V{_ znUBy&?h~`aN|iTnnM2me{g@buY54SC!)>a#$Zz)xa3^vIZzjVXa*W@judgj&*0?G) ztM}FO)Txmg_A4Az3d_BFy6KKEFJ}e!(KE|xTWVmGHeUlpqnBBktl3Rn$%JCm2O^E8 zi<_-%G3A1nQKPL8^Y4#MH#B*pi-9;qL}2Dp3XagHR=eIMR(uqxQ^8(GlBAg?5^+{# zPMsd!4_gt`mou@EjGIRLA^_3{g`y7cJ)~J0&T6?gN{%r)D1E=xyYWw3n zBmu!(@PDo4C#=&>*-P8cuAPR6PDS1p$V`v&it$N#tKBcuZj1e#ozV0-H#%c^;tjPp zK5z8x>&QzD-6iykZe*+E#5~dJ4xvGN>`GxtU^D4sx^Jq=8J!3*3%uo_&Ephg-kB4=I6DmuPu~A@;iBU8BPA~2|Xw?$s|!QJN5WA4l;A+ z$Ur!fy%$j>`Xb}Y{eb2Z3R41z=E&1g9oHFPyERuOrK6ZZ`hmcjGLu&8iCK@^65)lu zM!(Gaq$!0uljyOf${oxagY!Lu7gfZr5#O>IrZ6-&R@7aW;jlY;PU?eN3}v{mFWd z+_kVoM+nA~e|yxhT-55ZtE`W0h>lLDyJBv3`X8i zm^oMcJ-u1!qVl7tNGzR=q*yvydJ3v*5pUdgdUC<)v9CLYdT9>+T?Q-*9we4UlbKPfvs1Q zyvY{xd>P$3VHjUFtU(Kx-&WwK#t1(&dinac8-2ARD^E4li{+2>5*bi^i+D{3Aew+c zFV6y>tx&2L7K>%d))aj;CZi;_ZT&4UsB=28-5Q*mhA4I|iCa8S;7x&p$8!7RItOmm z2cZ3GF;|A%B=U2F(5&GuZO83;D53))p|51egc{tR=+u)Vf<5{W2HM`DS8N-X zSTwU*)H`y0L`ydsC?e^f?$f<}ZHfe2&hE2#kFDs{=}qb)5c2GqlA+HfE#n?}IB6gM z?OOQf7f3=D=PPH*sbJSMUL1S^D9Kn@%e%YQ)MxG8^DLKWmzBBfNbk-$j%`aUG@z@l zE|pzy3Sl%j5#(<<9$N&0qtRd|`KlmL9qU<4)!*diQrYaz$)M9%@O;0c!oJI-P(|m0 zkWP|{l9MrJvD>Wn3DJ|17qeo6?f1P(T4@#5HJL?q4ytW3sfse+fz&Q^ZpznuYocLJ zKBeojtf%P@6%@S$gaHOKDsEA36TyCFCqF{ou?-l0k0VapTzwSwij-KS-6CKB$BMNg z!MPOHf89cPhlc@AgQ6&Bpjv^zOI7Pvc%-m@>%Hew?h#R!QJ8()YvIiKEAi&(y9HT? zzL^U6vv+!tb!VoZtRcv!_bC7Y82<{YulU0b(8_{9Rli8f$N+Z&;5FoU42w{~D!}!& zu-Jsfi_cYp?^3()?+!;4+OWr zJ@Of*o^k&=q6>Zjlt=uw#-e#^6YGpS0-U=t+IHG zwt_a=>>7;C7@`2)vboiA?mP=$=9r3)@EDa!-JRURVlB={0e8s%_uQFY(3FIK+7UQL z1=13`zaj1`Xx+nyZS3tU7+fFPfe-H;{6+q~LYQ3AJnv94ivBfdVqyY%?%a03hpSY1 zZn5&mMvY5q^Deu0?;en4f%hrQ`4oWwJzZE>n2k+h%eT>~UqErF2eynKPmZ;|Je)Lo zOZf>vFU@Z&?3KI!1WUiqLI3~& literal 0 HcmV?d00001 diff --git a/Istio/MeshConfig/01-Outboud-Traffic-Policy/README.md b/Istio/MeshConfig/01-Outboud-Traffic-Policy/README.md new file mode 100755 index 0000000..b42b823 --- /dev/null +++ b/Istio/MeshConfig/01-Outboud-Traffic-Policy/README.md @@ -0,0 +1,102 @@ +# Continues from + +- 05-hello_world_1_Service_Entry + +# Description + +On this example compares the behavior between setting up the MeshConfig `OutboundTrafficPolicy.mode` setting to `REGISTRY_ONLY` and `ALLOW_ANY`. + +- ALLOW_ANY: Allows all egress/outbound traffic from the mesh. + +- REGISTRY_ONLY: Restricted to services that figure in the service registry a and the ServiceEntry objects. + +More info regarding this configuration at the pertintent documentation (https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-OutboundTrafficPolicy-Mode) + +## Runthrough + +### Set ALLOW_ANY outbound traffic policy + +```shell +istioctl install --set profile=default -y --set meshConfig.accessLogFile=/dev/stdout --set meshConfig.outboundTrafficPolicy.mode=ALLOW_ANY +``` + +### Deploy resources + +```shell +$ kubectl apply -f ./ +service/helloworld created +deployment.apps/helloworld-nginx created +serviceentry.networking.istio.io/external-svc created +gateway.networking.istio.io/helloworld-gateway created +virtualservice.networking.istio.io/helloworld-vs created +``` + +### Get LB IP + +```shell +$ kubectl get svc istio-ingressgateway -n istio-system +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h +``` + +### Test deployments + +```shell +$ curl 192.168.1.50/helloworld -I +HTTP/1.1 200 OK +server: istio-envoy +date: Thu, 20 Apr 2023 18:03:18 GMT +content-type: text/html +content-length: 615 +last-modified: Tue, 28 Mar 2023 15:01:54 GMT +etag: "64230162-267" +accept-ranges: bytes +x-envoy-upstream-service-time: 73 +``` + +```shell +$ curl 192.168.1.50/external -I +HTTP/1.1 200 OK +date: Thu, 20 Apr 2023 18:03:24 GMT +content-type: text/html +content-length: 5186 +last-modified: Mon, 17 Mar 2014 17:25:03 GMT +expires: Thu, 31 Dec 2037 23:55:55 GMT +cache-control: max-age=315360000 +x-envoy-upstream-service-time: 228 +server: istio-envoy +``` + + +### Test egress the helloworld deployment + +It returns a 301 code, meaning that it was able to reach the destination and it was attempted to redirect the traffic from HTTP to HTTPS. + +```shell +$ kubectl exec -i -t "$(kubectl get pod -l app=helloworld | tail -n 1 | awk '{print $1}')" -- curl wikipedia.com -I +HTTP/1.1 301 Moved Permanently +server: envoy +date: Thu, 20 Apr 2023 18:06:57 GMT +content-type: text/html +content-length: 169 +location: https://wikipedia.com/ +x-envoy-upstream-service-time: 65 +``` + +### Set REGISTRY_ONLY outbound traffic policy + +```shell +istioctl install --set profile=default -y --set meshConfig.accessLogFile=/dev/stdout --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY +``` + +### Test (again) egress the helloworld deployment + +It returns a 502 code, meaning that it wasn't able to reach the destination. + +```shell +$ kubectl exec -i -t "$(kubectl get pod -l app=helloworld | tail -n 1 | awk '{print $1}')" -- curl wikipedia.com -I +HTTP/1.1 502 Bad Gateway +date: Thu, 20 Apr 2023 18:08:37 GMT +server: envoy +transfer-encoding: chunked +``` \ No newline at end of file diff --git a/Istio/MeshConfig/01-Outboud-Traffic-Policy/deployment.yaml b/Istio/MeshConfig/01-Outboud-Traffic-Policy/deployment.yaml new file mode 100755 index 0000000..7bee5e1 --- /dev/null +++ b/Istio/MeshConfig/01-Outboud-Traffic-Policy/deployment.yaml @@ -0,0 +1,57 @@ +# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml +apiVersion: v1 +kind: Service +metadata: + name: helloworld + labels: + app: helloworld + service: helloworld +spec: + ports: + - port: 80 + name: http + selector: + app: helloworld +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld-nginx + labels: + app: helloworld +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + template: + metadata: + labels: + app: helloworld + spec: + containers: + - name: helloworld + image: nginx + resources: + requests: + cpu: "100m" + imagePullPolicy: IfNotPresent #Always + ports: + - containerPort: 80 +--- +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: external-svc +spec: + hosts: + - help.websiteos.com + # /websiteos/example_of_a_simple_html_page.htm +# - http://help.websiteos.com/websiteos/example_of_a_simple_html_page.htm + ports: + - number: 80 + name: http + protocol: HTTP + resolution: DNS + location: MESH_EXTERNAL +--- \ No newline at end of file diff --git a/Istio/MeshConfig/01-Outboud-Traffic-Policy/gateway.yaml b/Istio/MeshConfig/01-Outboud-Traffic-Policy/gateway.yaml new file mode 100755 index 0000000..7e96565 --- /dev/null +++ b/Istio/MeshConfig/01-Outboud-Traffic-Policy/gateway.yaml @@ -0,0 +1,52 @@ +# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: helloworld-gateway +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: helloworld-vs +spec: + hosts: + - "*" + gateways: + - helloworld-gateway + http: + - match: + - uri: + exact: /helloworld + route: + - destination: + host: helloworld + port: + number: 80 + rewrite: + uri: "/" + + - timeout: 3s + match: + - uri: + exact: "/external" + route: + - destination: + host: help.websiteos.com + port: + number: 80 + rewrite: + uri: "/websiteos/example_of_a_simple_html_page.htm" + headers: + request: + set: + HOST: "help.websiteos.com" \ No newline at end of file diff --git a/Istio/MeshConfig/README.md b/Istio/MeshConfig/README.md new file mode 100644 index 0000000..821446a --- /dev/null +++ b/Istio/MeshConfig/README.md @@ -0,0 +1,10 @@ + +# Examples + +- 01-Outboud-Traffic-Policy + + + +## Additional + +https://istio.io/latest/docs/tasks/observability/distributed-tracing/mesh-and-proxy-config/ \ No newline at end of file diff --git a/Istio/README.md b/Istio/README.md index d830f78..9a35360 100755 --- a/Istio/README.md +++ b/Istio/README.md @@ -24,3 +24,29 @@ https://kubebyexample.com/learning-paths/istio/intro My current issues: - Understanding authentication + + +https://tetrate.io/blog/istio-how-to-enforce-egress-traffic-using-istios-authorization-policies/ + + + + + + + + +Multiple Ingress + +https://youtu.be/QIkryA8HnQ0 + + + +https://github.com/redkubes/otomi-core/blob/main/charts/team-ns/templates/istio-gateway.yaml + + +https://istio.io/latest/docs/ops/diagnostic-tools/proxy-cmd/ + + + +Using service accounts + diff --git a/Istio/istio-classic/ingress.yaml b/Istio/ingress.yaml similarity index 100% rename from Istio/istio-classic/ingress.yaml rename to Istio/ingress.yaml diff --git a/Istio/istio-classic/README.md b/Istio/istio-classic/README.md deleted file mode 100755 index 219995b..0000000 --- a/Istio/istio-classic/README.md +++ /dev/null @@ -1,35 +0,0 @@ - -# Examples - -ALL NEEDS DOCUMENTATION - -- 01-2_deployments_method -- 02-DirectResponse-HTTP-Body -- 03-HTTPRewrite -- 04-HTTPRedirect -- 05a-FaultInjection-delay -- 05b-FaultInjection-abort - - -# TODO -06-mTLS (pending) - - - - - -Multiple Ingress - -https://youtu.be/QIkryA8HnQ0 - - - -https://github.com/redkubes/otomi-core/blob/main/charts/team-ns/templates/istio-gateway.yaml - - -https://istio.io/latest/docs/ops/diagnostic-tools/proxy-cmd/ - - - -Using service accounts - diff --git a/Istio/istio-classic/traffic_management/06-mTLS/README.md b/Istio/istio-classic/traffic_management/06-mTLS/README.md deleted file mode 100755 index 6b19839..0000000 --- a/Istio/istio-classic/traffic_management/06-mTLS/README.md +++ /dev/null @@ -1,9 +0,0 @@ -https://istio.io/latest/docs/concepts/security/#authentication-policies - -https://istio.io/latest/docs/tasks/security/authentication/mtls-migration/ - - - -# Continues from - -- 01-hello_world_1_service_1_deployment diff --git a/Istio/istio-classic/monitoring/tmp.yaml b/Istio/monitoring/tmp.yaml similarity index 100% rename from Istio/istio-classic/monitoring/tmp.yaml rename to Istio/monitoring/tmp.yaml diff --git a/Istio/sidecar/01-ingress-proxy-forwarding/README.md b/Istio/sidecar/01-ingress-proxy-forwarding/README.md index 9efd6c8..b551f03 100755 --- a/Istio/sidecar/01-ingress-proxy-forwarding/README.md +++ b/Istio/sidecar/01-ingress-proxy-forwarding/README.md @@ -2,7 +2,9 @@ - 01-hello_world_1_service_1_deployment -# TO TRAFFIC PATH DIAGRAM etc -> "POD" -> sidecar -> service container +# TO TRAFFIC PATH DIAGRAM + +`etc -> "POD" -> sidecar -> service container` # Description diff --git a/Istio/sidecar/01-ingress-proxy-forwarding/deployment.yaml b/Istio/sidecar/01-ingress-proxy-forwarding/deployment.yaml index 66e06fe..603c10e 100755 --- a/Istio/sidecar/01-ingress-proxy-forwarding/deployment.yaml +++ b/Istio/sidecar/01-ingress-proxy-forwarding/deployment.yaml @@ -4,7 +4,7 @@ kind: Service metadata: name: helloworld labels: - app-name: helloworld + app: helloworld spec: ports: - port: 8080 diff --git a/Istio/sidecar/02-egress-proxy-forwarding/README.md b/Istio/sidecar/02-egress-proxy-forwarding/README.md deleted file mode 100755 index 658b675..0000000 --- a/Istio/sidecar/02-egress-proxy-forwarding/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# Continues from - -- 01-hello_world_1_service_1_deployment - -# Description - - -This example configures the sidecar proxy on the pods created, to forward the traffic ongoing (egress) - -- Configure egress to a different namespace? - - diff --git a/Istio/sidecar/02-egress-proxy-forwarding/sidecar.yaml b/Istio/sidecar/02-egress-proxy-forwarding/sidecar.yaml deleted file mode 100755 index aadfae5..0000000 --- a/Istio/sidecar/02-egress-proxy-forwarding/sidecar.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Sidecar -metadata: - name: helloworld-sidecar -spec: - workloadSelector: - labels: - app: helloworld - ingress: - - port: - number: 8080 - protocol: HTTP - name: ingressport - defaultEndpoint: 127.0.0.1:80 diff --git a/Istio/sidecar/README.md b/Istio/sidecar/README.md index 68aee8f..c0fed2d 100755 --- a/Istio/sidecar/README.md +++ b/Istio/sidecar/README.md @@ -7,6 +7,7 @@ +Duplicate 01, and show how it also affects traffic between services.00 @@ -17,9 +18,55 @@ mtls +examples showing application priority (root < namespace < workload) + + + + +istioctl install profile=default --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY + + + + +```shell +$ kubectl get istiooperators.install.istio.io -n istio-system +NAME REVISION STATUS AGE +installed-state 8d +``` + +kubectl patch istiooperators installed-state -n istio-system --patch-file patch.txt + + +kubectl patch istiooperators installed-state -n istio-system --patch-file patch.yaml --type merge + + + + --- +Set the default behavior of the sidecar for handling outbound traffic from the application. If your application uses one or more external services that are not known apriori, setting the policy to ALLOW_ANY will cause the sidecars to route any unknown traffic originating from the application to its requested destination. + + + +--- +https://stackoverflow.com/questions/75093144/istio-sidecar-is-not-restricting-pod-connections-as-desired + +https://github.com/istio/istio/issues/33387 + +https://gist.github.com/GregHanson/3567f5a23bcd58ad1a8acf2a4d1155eb + + +https://istio.io/latest/docs/tasks/traffic-management/egress/egress-control/?_ga=2.259114634.1481027401.1681916557-32589553.1681916557#change-to-the-blocking-by-default-policy + + + + + + + +https://docs.tetrate.io/service-bridge/1.6.x/en-us/operations ? + https://istio.io/latest/docs/reference/config/networking/sidecar/ diff --git a/Istio/sidecar/02-egress-proxy-forwarding/01-namespace.yaml b/Istio/sidecar/__02-egress-proxy-forwarding/01-namespace.yaml similarity index 100% rename from Istio/sidecar/02-egress-proxy-forwarding/01-namespace.yaml rename to Istio/sidecar/__02-egress-proxy-forwarding/01-namespace.yaml diff --git a/Istio/sidecar/02-egress-proxy-forwarding/deployment.yaml b/Istio/sidecar/__02-egress-proxy-forwarding/02-deployment_1.yaml similarity index 96% rename from Istio/sidecar/02-egress-proxy-forwarding/deployment.yaml rename to Istio/sidecar/__02-egress-proxy-forwarding/02-deployment_1.yaml index 66e06fe..603c10e 100755 --- a/Istio/sidecar/02-egress-proxy-forwarding/deployment.yaml +++ b/Istio/sidecar/__02-egress-proxy-forwarding/02-deployment_1.yaml @@ -4,7 +4,7 @@ kind: Service metadata: name: helloworld labels: - app-name: helloworld + app: helloworld spec: ports: - port: 8080 diff --git a/Istio/sidecar/02-egress-proxy-forwarding/02-deployment.yaml b/Istio/sidecar/__02-egress-proxy-forwarding/02-deployment_2.yaml similarity index 65% rename from Istio/sidecar/02-egress-proxy-forwarding/02-deployment.yaml rename to Istio/sidecar/__02-egress-proxy-forwarding/02-deployment_2.yaml index 0a34d4b..d9ec4c5 100644 --- a/Istio/sidecar/02-egress-proxy-forwarding/02-deployment.yaml +++ b/Istio/sidecar/__02-egress-proxy-forwarding/02-deployment_2.yaml @@ -2,38 +2,41 @@ apiVersion: v1 kind: Service metadata: - name: helloworld + name: internal labels: - app-name: helloworld - namespace: not-default + app: internal + namespace: foo spec: ports: - port: 8080 name: http + - port: 80 + name: http-default selector: - app: helloworld + app: internal + --- apiVersion: apps/v1 kind: Deployment metadata: - name: helloworld-nginx + name: internal labels: - app: helloworld - namespace: not-default + app: internal + namespace: foo spec: replicas: 1 selector: matchLabels: - app: helloworld + app: internal template: metadata: labels: - app: helloworld -# namespace: not-default + app: internal + service: apache spec: containers: - - name: helloworld - image: nginx + - name: internal + image: httpd resources: requests: cpu: "100m" diff --git a/Istio/sidecar/__02-egress-proxy-forwarding/03-default-sidecar.yaml b/Istio/sidecar/__02-egress-proxy-forwarding/03-default-sidecar.yaml new file mode 100644 index 0000000..06b38dc --- /dev/null +++ b/Istio/sidecar/__02-egress-proxy-forwarding/03-default-sidecar.yaml @@ -0,0 +1,71 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Sidecar +metadata: + name: root-default +# namespace: default + namespace: istio-system +spec: +# workloadSelector: +# labels: +# app: helloworld + egress: + - hosts: + - "./*" +# - "istio-system/*" +# ingress: +# - port: +# number: 8080 +# protocol: HTTP +# name: ingressport +# defaultEndpoint: 127.0.0.1:80 +--- +apiVersion: networking.istio.io/v1beta1 +kind: Sidecar +metadata: + name: helloworld-default + namespace: default +# namespace: istio-system +spec: + # workloadSelector: + # labels: + # app: helloworld +# egress: +# - port: +# number: 8080 +# protocol: HTTP +# name: egresshttp +## - "internal.foo.svc.cluster.local" +# hosts: +# - "foo/*" +# - hosts: +# - "istio-system/*" + ingress: + - port: + number: 8080 + protocol: HTTP + name: ingressport + defaultEndpoint: 127.0.0.1:80 +--- +apiVersion: networking.istio.io/v1beta1 +kind: Sidecar +metadata: + name: internal-default + namespace: foo +spec: + workloadSelector: + labels: + app: internal + egress: + - hosts: + - "./*" + - "istio-system/*" + #- "wikipedia.com" + ingress: +# - hosts: +# - "./*" +# - "istio-system/*" + - port: + number: 8080 + protocol: HTTP + name: myingressport + defaultEndpoint: 127.0.0.1:80 \ No newline at end of file diff --git a/Istio/sidecar/__02-egress-proxy-forwarding/README.md b/Istio/sidecar/__02-egress-proxy-forwarding/README.md new file mode 100755 index 0000000..d0f1f70 --- /dev/null +++ b/Istio/sidecar/__02-egress-proxy-forwarding/README.md @@ -0,0 +1,51 @@ +# Continues from + +- 01-ingress-proxy-forwarding + +# Description + +This example configures the sidecar proxy on the pods created, to forward the traffic ongoing (egress) + +- Configure egress to a different namespace? + + +> the configured meshconfig.rootNamespace namespace (istio-system by default) +https://istio.io/latest/docs/ops/best-practices/traffic-management/#cross-namespace-configuration + + + + +CANT MAKE IT WORK CANT MAKE IT WORK CANT MAKE IT WORK + + + + + + +istioctl install --set profile=default -y --set meshConfig.accessLogFile=/dev/stdout --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY + + + + + + +--- + +kubectl get pod -l app=helloworld | tail -n 1 | awk '{print $1}' + +kubectl exec -i -t "$(kubectl get pod -l app=helloworld | tail -n 1 | awk '{print $1}')" -- /bin/bash + +kubectl exec -i -t "$(kubectl get pod -l app=helloworld | tail -n 1 | awk '{print $1}')" -- curl internal.foo.svc.cluster.local + + +curl helloworld.default.svc.cluster.local + + +curl internal.foo.svc.cluster.local +curl: (6) Could not resolve host: internal.foo.svc.cluster.local + + +helloworld.default.svc.cluster.local:8080 + + + kubectl exec -i -n foo -t "$(kubectl get pod -l app=internal -n foo | tail -n 1 | awk '{print $1}')" -- /bin/bash \ No newline at end of file diff --git a/Istio/sidecar/__02-egress-proxy-forwarding/patch/patch.yaml b/Istio/sidecar/__02-egress-proxy-forwarding/patch/patch.yaml new file mode 100644 index 0000000..407ba6d --- /dev/null +++ b/Istio/sidecar/__02-egress-proxy-forwarding/patch/patch.yaml @@ -0,0 +1,5 @@ +spec: + meshConfig: + outboundTrafficPolicy: + mode: REGISTRY_ONLY +# Doesnt work \ No newline at end of file diff --git a/Istio/sidecar/__02-egress-proxy-forwarding/sidecar.yaml b/Istio/sidecar/__02-egress-proxy-forwarding/sidecar.yaml new file mode 100755 index 0000000..05afc8a --- /dev/null +++ b/Istio/sidecar/__02-egress-proxy-forwarding/sidecar.yaml @@ -0,0 +1,62 @@ +#apiVersion: networking.istio.io/v1beta1 +#kind: Sidecar +#metadata: +# name: helloworld-default +# namespace: default +## namespace: istio-config +#spec: +## workloadSelector: +## labels: +## app: helloworld +## egress: +## - hosts: +## - "./*" +## - "istio-system/*" +# ingress: +# - port: +# number: 8080 +# protocol: HTTP +# name: ingressport +# defaultEndpoint: 127.0.0.1:80 +--- +#apiVersion: networking.istio.io/v1alpha3 +#kind: Sidecar +#metadata: +# name: helloworld-sidecar +#spec: +# workloadSelector: +# labels: +# app: helloworld +# ingress: +# - port: +# number: 8080 +# protocol: HTTP +# name: ingressport +# defaultEndpoint: 127.0.0.1:80 +#--- +#apiVersion: networking.istio.io/v1beta1 +#kind: Sidecar +#metadata: +# name: helloworld-default +# namespace: default +## namespace: istio-system +#spec: +# workloadSelector: +# labels: +# app: helloworld2 +# egress: +# - port: +# number: 9080 +# protocol: HTTP +# name: httpingress +# hosts: +# - "foo/*" +# - hosts: +# - "istio-system/*" +# ingress: +# - port: +# number: 8080 +# protocol: HTTP +# name: ingressport +# defaultEndpoint: 127.0.0.1:80 +#--- diff --git a/Istio/troubleshooting/README.md b/Istio/troubleshooting/README.md new file mode 100644 index 0000000..bcac82e --- /dev/null +++ b/Istio/troubleshooting/README.md @@ -0,0 +1,11 @@ +IDK put some text in thQereSQ + + + +### Start the packet capture process + +```shell +$ kubectl exec -n default "$(kubectl get pod -n default -l app1 =helloworld -o jsonpath={.items..metadata.name})" -c istio-proxy -- sudo tcpdump dst port 80 -A +tcpdump: verbose output suppressed, use -v[v]... for full protocol decode +listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes +``` diff --git a/metallib/README.md b/metallib/README.md index 88b238a..3113b58 100755 --- a/metallib/README.md +++ b/metallib/README.md @@ -37,53 +37,5 @@ EOF ``` -```sh -kubectl delete -f - << EOF -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: metallb-system - name: config -data: - config: | - address-pools: - - name: default - protocol: layer2 - addresses: - - 192.168.1.50-192.168.1.130 -EOF -``` - - - -```sh -kubectl apply -f - << EOF -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: first-pool - namespace: metallb-system -spec: - addresses: - - 192.168.1.50-192.168.1.130 -EOF -``` - - - - -```sh -kubectl delete -f - << EOF -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: first-pool - namespace: metallb-system -spec: - addresses: - - 192.168.1.50-192.168.1.130 -EOF -``` - # https://github.com/metallb/metallb/blob/main/design/pool-configuration.md \ No newline at end of file diff --git a/metallib/deployment.yaml b/metallib/deployment.yaml deleted file mode 100755 index 7f97379..0000000 --- a/metallib/deployment.yaml +++ /dev/null @@ -1,9 +0,0 @@ -#kubectl create deployment demo --image=httpd --port=80 -#kubectl expose deployment demo -# -#kubectl create ingress demo-localhost --class=nginx \ -#--rule="demo.localdev.me/*=demo:80" -# -# -# -## kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8080:80