diff --git a/operators/kernel-module-management-hub/2.0.0/manifests/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml b/operators/kernel-module-management-hub/2.0.0/manifests/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml new file mode 100644 index 00000000000..799bf4623f4 --- /dev/null +++ b/operators/kernel-module-management-hub/2.0.0/manifests/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml @@ -0,0 +1,2557 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kmm-operator-system/kmm-operator-hub-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + creationTimestamp: null + labels: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + name: managedclustermodules.hub.kmm.sigs.x-k8s.io +spec: + group: hub.kmm.sigs.x-k8s.io + names: + kind: ManagedClusterModule + listKind: ManagedClusterModuleList + plural: managedclustermodules + singular: managedclustermodule + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: ManagedClusterModule describes how to load a kernel module on + managed clusters + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ManagedClusterModuleSpec defines the desired state of ManagedClusterModule + properties: + moduleSpec: + description: ModuleSpec describes how the KMM operator should deploy + a Module on those nodes that need it. + properties: + devicePlugin: + description: DevicePlugin allows overriding some properties of + the container that deploys the device plugin on the node. Name + is ignored and is set automatically by the KMM Operator. + properties: + container: + properties: + args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a + shell. The container image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image is the name of the container image + that the device plugin container will run. + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + volumeMounts: + description: VolumeMounts is a list of volume mounts that + are appended to the default ones. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + volumes: + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS + Disk resource that is attached to a kubelet''s host + machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'partition is the partition in the + volume that you want to mount. If omitted, the + default is to mount by volume name. Examples: + For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda + is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the + readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + description: fsType is Filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is + a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to + false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile + is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is + reference to the authentication secret for User, + default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados + user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a + secret object containing parameters used to connect + to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. Must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. If + not specified, the volume defaultMode will + be used. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: driver is the name of the CSI driver + that handles this volume. Consult with your admin + for the correct name as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference + to the secret object containing sensitive information + to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no + secret is required. If the secret object contains + more than one secret, all secret references are + passed. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific + properties that are passed to the CSI driver. + Consult your driver's documentation for supported + values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both + octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This + might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage + medium should back this directory. The default + is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local + storage required for this EmptyDir volume. The + size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is + handled by a cluster storage driver. The volume's + lifecycle is tied to the pod that defines it - it + will be created before the pod starts, and deleted + when the pod is removed. \n Use this if: a) the volume + is only needed while the pod runs, b) features of + normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified + through a storage class, and d) the storage driver + supports dynamic volume provisioning through a PersistentVolumeClaim + (see EphemeralVolumeSource for more information on + the connection between this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the + lifecycle of an individual pod. \n Use CSI for light-weight + local ephemeral volumes if the CSI driver is meant + to be used that way - see the documentation of the + driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes + at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone + PVC to provision the volume. The pod in which + this EphemeralVolumeSource is embedded will be + the owner of the PVC, i.e. the PVC will be deleted + together with the pod. The name of the PVC will + be `-` where `` + is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too + long). \n An existing PVC with that name that + is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by + mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created + PVC is meant to be used by the pod, the PVC has + to updated with an owner reference to the pod + once the pod exists. Normally this should not + be necessary, but it may be useful when manually + reconstructing a broken cluster. \n This field + is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, + must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be + rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into + the PVC that gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used + to specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller + can support the specified data source, + it will create a new volume based on the + contents of the specified data source. + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If + APIGroup is not specified, the specified + Kind must be in the core API group. + For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the + object from which to populate the volume + with data, if a non-empty volume is desired. + This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed if the + type of the specified object matches some + installed volume populator or dynamic + provisioner. This field will replace the + functionality of the dataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the + same value automatically if one of them + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef + preserves all values, and generates an + error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If + APIGroup is not specified, the specified + Kind must be in the core API group. + For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name + of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type + of volume is required by the claim. Value + of Filesystem is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. TODO: how + do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to + false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide + identifiers (wwids) Either wwids or combination + of targetWWNs and lun must be set, but not both + simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume + resource that is provisioned/attached using an exec + based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". The + default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to + false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is + reference to the secret object containing sensitive + information to pass to the plugin scripts. This + may be empty if no secret object is specified. + If the secret object contains more than one secret, + all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name of the dataset + stored as metadata -> name on the dataset for + Flocker should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'partition is the partition in the + volume that you want to mount. If omitted, the + default is to mount by volume name. Examples: + For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda + is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at + a particular revision. DEPRECATED: GitRepo is deprecated. + To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo + using git, then mount the EmptyDir into the Pod''s + container.' + properties: + directory: + description: directory is the target directory name. + Must not contain or start with '..'. If '.' is + supplied, the volume directory will be the git + repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory + with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file + or directory on the host machine that is directly + exposed to the container. This is generally used for + system agents or other privileged things that are + allowed to see the host machine. Most containers will + NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use + host directory mounts and who can/can not mount host + directories as read/write.' + properties: + path: + description: 'path of the directory on the host. + If the path is a symlink, it will follow the link + to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource + that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name + that uses an iSCSI transport. Defaults to 'default' + (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal + List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP + ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. + The Portal is either an IP or ip_addr:port if + the port is other than default (typically TCP + ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL + and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host + that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same + namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type + to mount Must be a filesystem type supported by + the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used + to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path + are not affected by this setting. This might be + in conflict with other options that affect the + file mode, like fsGroup, and the result can be + other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: items if unspecified, each + key-value pair in the Data field of + the referenced ConfigMap will be projected + into the volume as a file whose name + is the key and content is the value. + If specified, the listed keys will be + projected into the specified paths, + and unlisted keys will not be present. + If a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + If not specified, the volume defaultMode + will be used. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits + used to set permissions on this + file, must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, + JSON requires decimal values for + mode bits. If not specified, the + volume defaultMode will be used. + This might be in conflict with + other options that affect the + file mode, like fsGroup, and the + result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu and + requests.memory) are currently + supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: items if unspecified, each + key-value pair in the Data field of + the referenced Secret will be projected + into the volume as a file whose name + is the key and content is the value. + If specified, the listed keys will be + projected into the specified paths, + and unlisted keys will not be present. + If a key is specified which is not present + in the Secret, the volume setup will + error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + If not specified, the volume defaultMode + will be used. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: audience is the intended + audience of the token. A recipient of + a token must identify itself with an + identifier specified in the audience + of the token, and otherwise should reject + the token. The audience defaults to + the identifier of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the + requested duration of validity of the + service account token. As the token + approaches expiration, the kubelet volume + plugin will proactively rotate the service + account token. The kubelet will start + trying to rotate the token if the token + is older than 80 percent of its time + to live or if the token is older than + 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative + to the mount point of the file to project + the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default + is no group + type: string + readOnly: + description: readOnly here will force the Quobyte + volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string + as host:port pair (multiple entries are separated + with commas) which acts as the central registry + for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned + Quobyte volumes, value is set by the plugin + type: string + user: + description: user to map volume access to Defaults + to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + image: + description: 'image is the rados image name. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for + RBDUser. Default is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default + is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default + is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Default + is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret + for ScaleIO user and other sensitive information. + If this is not provided, Login operation will + fail. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume + already created in the ScaleIO system that is + associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should + populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. Must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. If + not specified, the volume defaultMode will + be used. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret + in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use + for obtaining the StorageOS API credentials. If + not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name + of the StorageOS volume. Volume names are only + unique within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope + of the volume within StorageOS. If no namespace + is specified then the Pod's namespace will be + used. This allows the Kubernetes name scoping + to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default + behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do + not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - container + type: object + imageRepoSecret: + description: ImageRepoSecret is an optional secret that is used + to pull both the module loader and the device plugin, and to + push the resulting image from the module loader build, if enabled. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + moduleLoader: + description: ModuleLoader allows overriding some properties of + the container that loads the kernel module on the node. Name + and image are ignored and are set automatically by the KMM Operator. + properties: + container: + description: Container holds the properties for the module + loader container that runs modprobe. + properties: + build: + description: Build contains build instructions. + properties: + baseImageRegistryTLS: + description: BaseImageRegistryTLS contains settings + determining how to access registries of the base + images in the build-process' Dockerfile. + properties: + insecure: + description: If Insecure is true, the operator + will be able to access a registry in an insecure + (plain HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the operator + will accept any certificate provided by the + registry. + type: boolean + type: object + buildArgs: + description: BuildArgs is an array of build variables + that are provided to the image building backend. + items: + description: BuildArg represents a build argument + used when building a container image. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + dockerfileConfigMap: + description: ConfigMap that holds Dockerfile contents + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + kanikoParams: + description: KanikoParams is used to customize the + building process of the image. + properties: + tag: + description: Kaniko image tag to use when creating + the build Pod + type: string + type: object + secrets: + description: Secrets is an optional list of secrets + to be made available to the build system. Those + secrets should be used for private resources such + as a private Github repo. For container registries + auth use module.spec.imagePullSecret instead. + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + selector: + additionalProperties: + type: string + description: Selector describes on which nodes will + run the building process. + type: object + required: + - dockerfileConfigMap + type: object + containerImage: + description: ContainerImage is a top-level field + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + inTreeModuleToRemove: + description: InTreeModuleToRemove specifies the in-tree + kernel module that should be removed (if present) before + loading the kernel module from the ContainerImage + type: string + kernelMappings: + description: KernelMappings is a list of kernel mappings. + When a node's labels match Selector, then the KMM Operator + will look for the first mapping that matches its kernel + version, and use the corresponding container image to + run the DriverContainer. + items: + description: KernelMapping pairs kernel versions with + a DriverContainer image. Kernel versions can be matched + literally or using a regular expression. + properties: + build: + description: Build enables in-cluster builds for + this mapping and allows overriding the Module's + build settings. + properties: + baseImageRegistryTLS: + description: BaseImageRegistryTLS contains settings + determining how to access registries of the + base images in the build-process' Dockerfile. + properties: + insecure: + description: If Insecure is true, the operator + will be able to access a registry in an + insecure (plain HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the + operator will accept any certificate provided + by the registry. + type: boolean + type: object + buildArgs: + description: BuildArgs is an array of build + variables that are provided to the image building + backend. + items: + description: BuildArg represents a build argument + used when building a container image. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + dockerfileConfigMap: + description: ConfigMap that holds Dockerfile + contents + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + kanikoParams: + description: KanikoParams is used to customize + the building process of the image. + properties: + tag: + description: Kaniko image tag to use when + creating the build Pod + type: string + type: object + secrets: + description: Secrets is an optional list of + secrets to be made available to the build + system. Those secrets should be used for private + resources such as a private Github repo. For + container registries auth use module.spec.imagePullSecret + instead. + items: + description: LocalObjectReference contains + enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + selector: + additionalProperties: + type: string + description: Selector describes on which nodes + will run the building process. + type: object + required: + - dockerfileConfigMap + type: object + containerImage: + description: ContainerImage is the name of the DriverContainer + image that should be used to deploy the module. + type: string + inTreeModuleToRemove: + description: InTreeModuleToRemove specifies the + in-tree kernel module that should be removed (if + present) before loading the kernel module from + the ContainerImage + type: string + literal: + description: Literal defines a literal target kernel + version to be matched exactly against node kernels. + type: string + regexp: + description: Regexp is a regular expression to be + match against node kernels. + type: string + registryTLS: + description: RegistryTLS set the TLS configs for + accessing the registry of the module-loader's + image. + properties: + insecure: + description: If Insecure is true, the operator + will be able to access a registry in an insecure + (plain HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the operator + will accept any certificate provided by the + registry. + type: boolean + type: object + sign: + description: Sign enables in-cluster signing for + this mapping + properties: + certSecret: + description: a secret containing the public + key used to sign kernel modules for secureboot + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + filesToSign: + description: paths inside the image for the + kernel modules to sign (if ommited all kmods + are signed) + items: + type: string + type: array + keySecret: + description: a secret containing the private + key used to sign kernel modules for secureboot + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + unsignedImage: + description: Image to sign, ignored if a Build + is present, required otherwise + type: string + unsignedImageRegistryTLS: + description: UnsignedImageRegistryTLS contains + settings determining how to access registries + of the unsigned image. + properties: + insecure: + description: If Insecure is true, the operator + will be able to access a registry in an + insecure (plain HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the + operator will accept any certificate provided + by the registry. + type: boolean + type: object + required: + - certSecret + - keySecret + type: object + required: + - containerImage + type: object + minItems: 1 + type: array + modprobe: + description: Modprobe is a set of properties to customize + which module modprobe loads and with which properties. + properties: + args: + description: 'Args is an optional list of arguments + to be passed to modprobe before the name of the + kernel module. The resulting commands will be: `modprobe + ${Args} module_name`.' + properties: + load: + description: Load is an optional list of arguments + to be used when loading the kernel module. + items: + type: string + minItems: 1 + type: array + unload: + description: Unload is an optional list of arguments + to be used when unloading the kernel module. + items: + type: string + minItems: 1 + type: array + type: object + dirName: + default: /opt + description: DirName is the root directory for modules. + It adds `-d ${DirName}` to the modprobe command-line. + type: string + firmwarePath: + description: FirmwarePath is the path of the firmware(s). + The firmware(s) will be copied to the host for the + kernel to find them. + type: string + moduleName: + description: ModuleName is the name of the Module + to be loaded. + type: string + modulesLoadingOrder: + description: 'ModulesLoadingOrder defines the dependency + between kernel modules loading, in case it was not + created by depmod (independent kernel modules). + The list order should be: upmost module, then the + module it depends on and so on. Example: if moduleA + depends on first loading moduleB, and moduleB depends + on first loading moduleC the entry should look: + ModulesLoadingOrder: - moduleA - moduleB - moduleC + In order to load all 3 modules, moduleA shoud be + defined in the ModuleName parameter of this struct' + items: + type: string + type: array + parameters: + description: 'Parameters is an optional list of kernel + module parameters to be provided to modprobe. They + should be in the form of key=value and will be separated + by spaces in the modprobe command. The resulting + loading command will be: `modprobe module_name ${Parameters}`.' + items: + type: string + type: array + rawArgs: + description: 'If RawArgs are specified, they are passed + straight to the modprobe binary; all other properties + in this object are ignored. The resulting commands + will be: `modprobe ${RawArgs}`.' + properties: + load: + description: Load is an optional list of arguments + to be used when loading the kernel module. + items: + type: string + minItems: 1 + type: array + unload: + description: Unload is an optional list of arguments + to be used when unloading the kernel module. + items: + type: string + minItems: 1 + type: array + type: object + required: + - moduleName + type: object + registryTLS: + description: RegistryTLS set the TLS configs for accessing + the registry of the module-loader's image. + properties: + insecure: + description: If Insecure is true, the operator will + be able to access a registry in an insecure (plain + HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the operator + will accept any certificate provided by the registry. + type: boolean + type: object + sign: + description: Sign provides default kmod signing settings + properties: + certSecret: + description: a secret containing the public key used + to sign kernel modules for secureboot + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + filesToSign: + description: paths inside the image for the kernel + modules to sign (if ommited all kmods are signed) + items: + type: string + type: array + keySecret: + description: a secret containing the private key used + to sign kernel modules for secureboot + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + unsignedImage: + description: Image to sign, ignored if a Build is + present, required otherwise + type: string + unsignedImageRegistryTLS: + description: UnsignedImageRegistryTLS contains settings + determining how to access registries of the unsigned + image. + properties: + insecure: + description: If Insecure is true, the operator + will be able to access a registry in an insecure + (plain HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the operator + will accept any certificate provided by the + registry. + type: boolean + type: object + required: + - certSecret + - keySecret + type: object + version: + description: Version defines the current version of the + kernel module being used Used for upgrading the currently + loaded kernel module to a new version + type: string + required: + - kernelMappings + - modprobe + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + required: + - container + type: object + selector: + additionalProperties: + type: string + description: Selector describes on which nodes the Module should + be loaded and optionally built. + type: object + required: + - moduleLoader + - selector + type: object + selector: + additionalProperties: + type: string + description: Selector describes on which managed clusters the ModuleSpec + should be applied. + type: object + spokeNamespace: + description: SpokeNamespace describes the Spoke namespace, in which + the ModuleSpec should be applied. + type: string + required: + - selector + type: object + status: + description: ManagedClusterModuleStatus defines the observed state of + ManagedClusterModule. + properties: + numberApplied: + description: Number of ManifestWorks that have been successfully applied. + format: int32 + type: integer + numberDegraded: + description: Number of ManifestWorks that could not be successfully + applied. + format: int32 + type: integer + numberDesired: + description: Number of ManifestWorks to be applied. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kernel-module-management-hub/2.0.0/manifests/kernel-module-management-hub.clusterserviceversion.yaml b/operators/kernel-module-management-hub/2.0.0/manifests/kernel-module-management-hub.clusterserviceversion.yaml new file mode 100644 index 00000000000..15177c82e9c --- /dev/null +++ b/operators/kernel-module-management-hub/2.0.0/manifests/kernel-module-management-hub.clusterserviceversion.yaml @@ -0,0 +1,332 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "hub.kmm.sigs.x-k8s.io/v1beta1", + "kind": "ManagedClusterModule", + "metadata": { + "name": "managedclustermodule-sample" + }, + "spec": { + "moduleSpec": { + "moduleLoader": { + "container": { + "kernelMappings": [], + "modprobe": { + "moduleName": "sample" + } + } + }, + "selector": { + "node-role.kubernetes.io/worker": "" + } + }, + "selector": { + "cluster.open-cluster-management.io/clusterset": "default" + }, + "spokeNamespace": "default" + } + } + ] + capabilities: Seamless Upgrades + categories: Drivers and plugins + createdAt: "2023-12-01T00:05:34Z" + operators.operatorframework.io/builder: operator-sdk-v1.32.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/kubernetes-sigs/kernel-module-management + containerImage: gcr.io/k8s-staging-kmm/kernel-module-management-operator-hub:v20231130-v2.0.0 + name: kernel-module-management-hub.v2.0.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ManagedClusterModule describes how to load a kernel module on managed clusters + displayName: Managed Cluster Module + kind: ManagedClusterModule + name: managedclustermodules.hub.kmm.sigs.x-k8s.io + version: v1beta1 + description: Hub component for Kernel Module Management + displayName: Kernel Module Management (Hub) + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAAAJcEhZcwAALiMAAC4jAXilP3YAAAAHdElNRQfnAg0JFSU8XwP7AACAAElEQVR42uy9d5gcx3nn/32ruyduXuwiLXLOgUjMOUflnGX7zudz+Nl3Z58t25KDZFs+B/nO9p1lycpUoghGUcwZAEECIAksctiEzbuzO7G76v390TPgkAJJ7G73TM9sfZ6HkixrezpU1fvWW+/7fQGNRqPRaDQajUaj0Wg0Go1Go9FoNBqNRqPRaDQajUaj0Wg0Go1Go9FoNBqNRqPRaDQajUaj0Wg0Go1Go9FoNBqNRqPRaDQajUaj0Wg0Go1Go9FoNBqNRqPRaDQajUaj0Wg0E4PKfQMajaZ0MDMAmACMov9aAnAAgEgvCRrNdEHPdo2mysgbeQIQBTALwKL8PwsBzATQACBc9Cc5AKMAzgI4DeAkgBP5/zsFgLVjoNFUH3pWazRVQJHRbwKwEcAVALYBWAmgFUBsApdLA+gHcBjALgBPAtgHYAjaGdBoqgY9kzWaCiZv+C0AqwDcAeBWAOsAxD38mSSA1wE8BODe/H/OaUdAo6ls9AzWaCqQvOGPANgM4JMAbgcwpwQ/fRbAgwC+CWAPgIx2BDSaykTPXI2mgsgb/hiAHQA+DeAWAM1luJUhAI8A+HcAz8ONEugkQo2mgtCzVaMJOHmjDwA1cM/2Pw3gRgB15b43AAkATwD4OoCn8v+3dgQ0mgpAz1KNJqAUGf56ANcD+BSAq+A6AkEjBeAZuI7AowCGAe0IaDRBRs9OjSZgFBn+ZgA3wzX8l8E98w86GQAvAvgPuLkCfYB2BDSaIKJnpUYTEIoM/0y4Gf2fALAdQKjc9zYJbAB74ToCOwH0QJcQajSBQs9GjabMFNXwzwXwXgAfA7AJbnlfpeMAeBXAdwH8GMAZaEdAowkEehZqNGUib/gFgAUAPgTgowBW480yvdWCAnAIwA8A3A3gOAClHQGNpnzo2afRlJi84TcALIVr9D8EYBlcZ6DaYQDH4EYDvgNXbVBqR0CjKT161mk0JaKoEc8quOf774erzz9d5+FpAPcA+BaA1wDY2hHQaEqHnm0ajc/kDX8IwAa4qn13AWgr930FiB4A9wH4BoBXAGS1I6DR+I+eZRqNDxRl9EcAbIEr3nM73MY8mvMzALffwL/DbUKUBnQJoUbjF3pmaTQeUmT4YwAugWv4b4bbpU9zYYwA+AXciMAzAMYB7QhoNF6jZ5RG4wFFhr8WrlzvZ+Cq9wVBrrdSGYcrM/wNAI8DGAW0I6DReIWeSRrNFCgy/A0AboCr2nclvG3HO93JwI0EfBPAzwEMAtoR0Gimip5BGs0kKDL8M+B25PsU3JB/Jcj1Vio5uLkB34arLtgLaEdAo5kseuZoNBOgSLVvJoA74Wb1b0EFyPUqZrYdkCMZUkFJxdIQZBgCwjQIlgkWlWFNHQAvw9URuAdAF7S6oEYzYfSM0WgugCLD3wa3fv9jcMv6zHLf29vdbzrH3DMk+XSvo46fdcTZIen0jUhrJKnIdphtCccyYIZMorq44JZ6kZvdZFpLZptqQasp5jQbFA0RBdiwSgCvA/g+XHXB09DqghrNBaNnikbzDhTJ9S4E8GEAH4Er5BNIud5kRvGRLptfbM/yK8dydKrXoZGkopzDYM5P+PPNenYl+oiAkEmoiwleONPkzUtDvGNlGCvaLBGPiKCuFwrAEbhOwPfhKg1qdUGN5l3QM0SjOQ9Fcr3L4O72PwhXujdwcr3MjMGE4qdfy6hHXk7TwTM2JVLKtfX0xiS/EINYyG1g4JzDUBMVvHq+xddtiqor10VES70I6kkBAzgFV2b423B7DzgBvVeNpuzomaHRFJE3gBbcpjyfAPA+uM16AjdXmBm9w1L94pUMP7gnJY52O+RIRmGf7oXhKzgEigFTEJbMMdXNW6J8/eYozWkyguoIAEAngJ/BbUd8AEAuwPeq0ZQFPSM0GrxJrncj3Iz+uwDMKfd9nQ/FjK4BqR5+Kc0P702LU70OSeUafj+NHDNDMSAIWDjT5BsuivLNF8Uwr9UQIrjGtQ9uxcB/AHgJQEY7AhqNi54JmmlN3vBHAGyFK95zG4CWct/X+ZCKcbrXUQ++lOZfvJwWHf0OFQxyKY0as5tPAALamk2+dmNE3bY9RotmmcIIbJoAhuDKDH8TwPMAUoAuIdRMb/To10xL8oY/DuBSuHK9NwFoLPd9nQ9HMo51O+qB3Sk8ui9NZ4clgfPn+2U0YOccAQCzGg2+an2Ub98RxfK5ljCNwC4tCQCPwnUEngQwBmhHQDM90aNeM20oEu+pA3A1XMN/LVz53sBhO4xDHba6b1eKnzyQEQOj8o3EvgAZrIIjwABm1Bl8+ZqwuvOSOK2eb4mQGZz7fAtJAE/BPRp4BMBIkN6pRlMK9IjXVD1Fhr8RwI1wz/ivgNuwJ3BkbeZXT+V454spPPtahobG3dJ2QrAM/1th5nPVAw1xwZesjvBdF8d4/aKQiIQCe+MZuEcC/wHgQbgdCQP9njUar9CjXFO1FBn+FgC3wjX8FwMIl/vezkc6p/jlozm1c1cKLxzKikSqYPgJlWaPCgmDtVHB21aE+c6LY7hoaYgCrCWQA7AXwLfgVg/0QqsLaqocPbo1VUeRat9suNn8H4cr12uV+97ORzKjeNfhrNr5Yor2HMmJZEaVPLHPLwqOQCxM2Lw0rO68OMbbV4RFXSywjoADYD+A7wL4CdxyQq0uqKlK9KjWVA1Fqn3z8IZc73oEVLUvkVL83OsZdd+uNL1yPCvSOf9L+cpFwRGIWIT1i0Lq9h0xvmxNWDTWBDZbUAFoB/A9AD8AcBLaEdBUGXo0ayqeIsO/GK5U74cBrERAVfuGxxU//WqG79+dxqunciJrV6/hP9/zK3blhlfPt9St22J89YYINdcGWl3wOFyZ4e8BOAwtM6ypEvQo1lQsRXK9K+CG+T8AYAkCOK6ZGQMJxY/tS6sHdqepvdMWtjN9DP/53odiwDQIy+ea6patMb5uU5RmNgTWEQCAM3Blhr8D4DUAdoDvVaN5V/To1VQURYl9FoC1cNvxvhfA/HLf29vd79lhqR552ZXrPd7tkFMC1b5KoeAIGIKweJbJN14UVTdtidKc5kCrC/bAbUP8bbhtiXOA/p6aykOPWE1FUGT4wwA2wc3ovxNuol/gUIrRMSDVwy+l+Od70+J0nyyJXG+lUiwzPL/F5Os3R9UtW6M0vzXQ6oIDAO6HW0K4C0Aa0N9XUznokaoJNEWGPwpgG1y53lsBzCj3vZ0PqRgnzzrqwT2uXG/XoEMcANW+SqFYZnh2k8nXboio27fHaPFsM8jqgiMAHoZbQvg0XJEh/b01gUePUE0gKTL8NQAug2v4bwDQUO57Ox+OZBztstX9u9P82L606B0JhlxvpVIsM9zaYPCV6yLq9h0xWtlmCSu46oLjAB6DGxF4DK7ssP7+msCiR6YmUBQZ/noA18CV670GriMQOHIO49AZW+3clcJTBzI0mAimXG+lUqwu2FQj+LK1Eb5zRwxrF4YobAX2BacAPAvXEXgIwDCgx4MmeOgRqQkERYa/CW5jnk8BuBxu6D9wZG3m/Sdcud7nDmZouELkeiuVYkegPib44lVhvmNHDJuWhigaCmySQBbAbriOwH0A+qHVBTUBQo9ETVkpMvytcFvxfgrADgChct/b+UhnFb901DX8u9qzlEhrw19K3OHiJgzWRAS2Lg+pO3bEsG1FOOgyw/vg5gjcA7eKQDsCmrKjR6CmLLxFrve9cOv4NyOgcr3jacUvtmf5vl0pvFSQ6xUAiPQkKhPMDKWAaJiwaWlY3bE9ypesjgRdZvh1uDoCP4arK6DVBTVlQ488TUkpMvwLAHwQrnLfOgRUrnc0qfjZ1zPqvl0p2nciJzJZhhB6tx8kCiWEYYuwbmFI3bYtyleujwRdZvgo3H4Dd8NVGtTqgpqSo0ecpiQUyfUuAfBRAB+Cq+AXOLleABgak+qJAxm+f1eKXj9ti9w0Vu2rFAqOgGUQVs6z1K3bonztxijNqAusuiADOAXXCfg+gIMAnIDeq6YK0SNN4yt5w2/C1eb/ONwmPYsRwLHHzOgfVerRV9L84J40He60hS214a80zskMC8LSuaa6eUuMr98UodlNRlAdAQDoAvAjuFGB/dAyw5oSoEeYxhfyhj8EN7xfkOttK/d9nQ/FjJ4hqR7Zm+aHXkqL4z2OVu2rAoplhhe0GnzjRVF185YYtc0whAhsmgB6AdwLV2Z4D4CsHoMav9AjS+MpecMfgZvQ92kAdwCYWe77Oh9SMTr6pXropRQ/sjctTvdLUtrwVx0FUSEiYG7zOZlhLJplGgGWGR4C8ADcyoHnAKT1mNR4jR5RGk/IG/4YgO0APgvgZgDN5b6v8+FIV673gd0pfvSVjOge0nK904FidcGZjQZfuzGqbtsWpWVzLTKNwH74UQCPAvgmgCfhqg3qcarxBD2KNJOmqIa/FsAVcHf818NV8QsctsN8pMvm+3el+PH9GdE3olX7piMFUSEw0Fxn8FXr3X4Dq+ZbIhRsmeGnAXwDrkMwAuhxq5kaevRoJkyR4W8AcC1cw381gHi57+185Gzm18/k+L4X03j6tQwNJKQW79G8SV2wIS74sjURvmNHDOsXhSgSCuzASAN4AW5E4CEAg9CiQppJokeN5oIpMvzNcEP8n4LbqCdS7ns7H5kc874TWd75YhrPH8zQSFKr9ml+mWJ1wbqo4O0rw3zHjhhftCwkYuHAJglkAbwM1xHYCTd5UDsCmgmhR4vmXSkS75kJ4Ha4Wf3bEFC53lRW8Z4jOXXfiynadTgrxtIK7jJO0Ouj5u0odgTiYYGLloXU7TtifPHKsKiJBtYRsAG8CrffwD0AOqEdAc0FokeJ5m0pMvxzAbwPbh3/BgRUrncsrfiFQ65c796jWZHKsjb8mklRLDO8flFI3b49xpevjYj6eGAdAQngEFwdgR8DOAEtM6x5F/To0PwSRap9C+Aq9n0EwBoEVK53JKn46Vcz6v7dKTpwIicyti7l03jDOZlhk7B6gaVu2x7jq9ZHqKkm0OqCx+AqC/4AwBFomWHN26BHheYcecNvAFiKN+R6lyGgcr2DCclP7HcN/8EzWq5X4x/FMsPL5lrqtm1RvnZTlFrrA+0InMEb6oKvQcsMa96CHg2aYrne1XhDrnchAjg+mBl9I0r9Ii/Xe7RLy/VqSkexuuDiWSbfvDWqbtgcpTnNhhDBHX/dcPMDvg03cdAG9HzRBHCB15SOIrne9XAz+t8D97w/cChmdA9K9fO9aX74pTSdOOsILderKRcFR0AQYV6LwTdtiaqbt0RpfosZZJnhPgAPwq0ceBFuJYGeP9MY/eWnIUVyvVvg1vDfDqC13Pd1PpRinO5z1IN70vzIy2nR0e+Qu/DqhUtTfs6pCxIwp8nk6zZF1C1bY7R0jikCLDM8DODncB2BZwCkAD2fpiP6i08Timr4YwAuhivXexOApnLf2/lwJONEj6Pu353iR/dlRM+QQ9ByvZqAUiwz3NJg8DUbInzrthhWzrPICq7McALAEwD+Ha7McALQ82s6ob90lfMWud6r4O74rwNQV+57Ox+2w3y40+b7dqX4iQMZ0a/lejUVRLG6YHOtwVesi6jbtkVp3cIQhazADuAUgGfhOgK/gNuISM+3aYD+wlVKkeFvhGvwPw3XAYiV+97OR9Zmfu1Uju/blcIzr2VpcEzL9WoqG5WPCtTHBV+yKsy374hh85JwkGWGM3BbEP873FyBfmhRoapGf9kqo8jwzwBwK1zVvksQULnedE7xvuM5tfPFFD13MEuJlKtdEuCMao1mQhQSBmujgrcuD/MdO6K8bXlYxCKBTRKwAbyCN2SGu6EdgapEf9EqoUi1bxaAO+Aa/q0IqGpfMqN4z5Gs2vlimnYfzorxjNKJfZqqpqAuGIsQNi0Jqzt2xPiSVWFRGwusIyDh6gcUZIZPQzsCVYX+khVOkeFvg1u//zG4cr1mue/tfCRSil84lFU7X0zRy8eyIp3TpXya6UUhIhCxCGsXhtQdO2J8+dqwaIgLCug8UAAOA/gegB/CVRrUMsNVgP6CFUqRXO8ivCHXuxoBVO1jMEbGXbne+3al6bVTWq5Xoyk4AiGTsHKepW53ZYbFjLrAOgIMt8fA3XClhg9BywxXNPrLVRhFcr3L4Kr2fSD/nwP3LZkZgwmlHt+f4Qd2p+hQh5br1WjeSsERMA3C0tmmum17jK/dGKFZjUZQZYYBV2a4oC64H1pmuCLRX6xCyBt+C25Tno/D7c63AAH8hsyM3hGpHnk5ww/tSdHRbkc4Wq5Xo3lHimWGF840+eYtrsxwW0ugZYZ74CYKfgvASwByeo5XDvpLBZwiud6NcEv57gQwp9z3dT6UYnQOSvXzl9L8871pcbLXIS3Xq9FMjIKoEBEwd4bJN14U5Zu3RLFoZqBlhgcAPAy3hPBFAGlAz/ugo79OQCmS690G1/DfBqCl3Pd1PqRinO511AN70vyLl9Oic0DL9Wo0U6VYZnhWo8HXbYyqW7ZFafkcSxhGYOfVCIBH4ToCzwAYB/Q6EFT0VwkQRTX8cQCXAvgMgBvhivkEDkcyjvU46v5dKX58X1r0DEst16vReEzBEWAALfUGX7U+om7bFqPV8y2yzMBOtDEATwP4OoDHAYwCel0IGvprBIAiw18H4Gq4O/5r4cr3Bg7bYT7UYav7dqXw5IGMGBjVcr0ajd8Uyww31Qi+dE2E79gRw/pFIQoHV2Y4DeB5uBGBnwMYBPQ6ERT0VygjRYa/CcD1cA3/lQCi5b6385G1mQ+cLMj1Zmh4XGm5Xo2mxLjRAAYroC4uePuKMN95cYwvWhYS0VBgkwSycJMEvwHgAQBnAb1ulBv99stAkeFvgSvX+ym4HfrC5b6385HOKn75eI53vpDCC+1vyPUSCHr+ajTlo6AuWBMV2Lw0JO+6OIZtK8OiJrgyww6AfXCrBn4GoBNaXbBs6LdeQopU+2YDuAvAJwBchADL9e467Kr27TmSE0kt16vRBJKCIxANEzYsDqk7d8T4ktURUR8PrCOgALwO4LsAfgzgJLS6YMnRb7sEFBn++XCFez4KYD1cQZ/AkUgpfvb1jLpvV4r2Hc9puV6NpkIoaAmELcKqeZa66+IYX7EuQo01IqiiQgzgCN5QFzwC7QiUDP2WfaRIrncxXKneDwNYiQDK9QLA0Jjkpw5k1P270/Ta6ZzIarneqqM4kQz5EjOdx1F9FBwByyQsn2up27dH+er1UWptCKwjALhRgB/DjQq8Dq0u6Dv67fpA3vCbAJbjDbneJQjg+2Zm9I8q9fj+ND+wO03tHbawtWpf1XHOIBiExhqB5jrhREOkMjZocEyaw2OKtExz9XFOZlgQFs0y1W3bo3ztxijNbQ60zHAXgHvhtiPeDyAH6HHpB/qNekiRXO9auO143ws37B84mBk9w1I9sjfND72UFse7HXK0al/Vwex+60iIsHV5WN14UVStmm+JphqDwyGw7QBDY0oc7szx4/szeP5gVoylFelxUF0UHAFBwPxWk2/eElM3XhSh+S2BVhfshVsx8E0AewBkAD0uvUS/ySlSlNEfBrAJb8j1zir3vZ0PpRidA1I99FKaf743JU73SS3XW6UUBGQWzTL5V26qVVeuj4hY+O1X+5zD/MLBjPrXh8bp0Jmc0LoO1UexzPCcZpOv3xThm7fGsGS2KYzgOgJDAB6BKyr0AoAkoMemF+g3OEmKDH8UwHa4qn23AJhR7ns7H1IxTp511AO7U/zoKxnRNegQa9W+qkYqxtoFIfWHH6nHqnmhC847Od3ryL+8ewS7D2cNPT6qk3MywwBmNhp89YYI37YthhVtljCDKzOcgKsq+HW4KoMJQI/PqaDf3AQpMvw1AC6Da/hvANBQ7ns7H45kHO2y1X270vzE/rQ4O6xV+6YDSjHmNJv8l59u4A2LwxNOOj3eY8v/8fVhcbzHpgCHiDVTpDgpdEadwZevjfAdO6JYsyBEoeDKDCfh9hn4d7h9B4YBvZ5NBv3GLpAiw18P4Bq4hv9quI5A4Mg5zIfO2Grniyk89WpGDCa04Z8uMDMMQfjt99TJj11dM+lS0wd2p+SffX/EyNmsx0yVU+wINNYI3rEywnddHMOGxSGKhAL78TNwOw9+E8CDAPoBvb5NBP2m3oUiw98Md6f/Gbg7/0DK9WZyzAdO5tTOF1P03EEt1zsdkYqxss1SX/v1ZrTUG5MuOR1PK/6d/zvEe45kg3w+rPEQd7lzEwbrogJblofVXRfHeMuykIgFV13Qhisz/C0AOwH0QKsLXhBmuW8gqBQZ/lYAt8PN6t+OgMr1prKK9x7N8c4XU3ix3c3kJtIteacbhWF78aqwaqk3pjS/a6KCLl0dli8dzYpCvoimunG/McEgYDyj8Pi+tNjVnsXGJSH1nktiavvKsKiNBs4RsOBKqW8F8CvIqwsycwe0I/COaAfgLRQZ/plw6/c/AWAzAvquxtOKX2zP8n27UnjpSE4ks65cryCt0z89YVgGYc2CkCdff/X8kIiFBKdzinTAcHpBRDAMIJ1TeO71jNh7LIt1C0Pqzh0xdemasGisCVy2oAl3rd4I4LNwlQW/y8ynoR2B8xJIo1Yu8sa/Bq5O/28A2IKAyvWOJovkek/kRCbLEALQoVpN2CI01ghPxu3MBsOJR8hI5RC41V5TGgqOQM5m7DmSFftP5LBynqXu3BHjK9dFqLlOUMCMqwCwBsCfwVVg/WcA32fmocLzaFy0A4A3afVvBPD7AO4AECn3fZ2PoTHJT+x35XpfP50zCupthl6eNXmEAOdLuaY8KEwDLAR4qtfRVD5E7tGAIxkHTubEoTM2fvxsUt26Laau3RihWY2BUxckuI7A38E9xv0LAM8xs+41kGfaOwB54x+B6yn+EVzd/kDBzOgbVeqxV9L84J40He60jYJcr97xa96KUiBbemOz0zmG7ZT7iTRBouAISMU41GGLI10J/Oz5lLp5a1TesDlKbTMC5whYAG6E24DtbwD8P2YeD9g9loVp7QDkjX8zgD8A8J8AxMt9T8UoZvQMSfXzvWl+aE+aTpx1jIJqnzb8mlIQtghmIA/BNOWm4AgwM4732OJ/32dj54spvmFzVN68JUoLZwZOZng2gK8AWA3gT5m5q/Ac05Vp6QAUJfrNA/BVAO9HgDr0ScXo6JfqoT0p/vnLaXGmzxEFHW9t+DWlRI82zbtB+YRjZsaZPof+7eEx44E9ab52Q0Tduj2GZXNMMkRgrGwIwOfhrv2/DaCdefrqXEw7B6DI+C8F8E9wQ0OBwJGMk72Oun+XK9fbM+ScK7/Shl9zodiSkcl5cwSQSCuRtXmaLo+aiVDsCPQMOvTtx8fpkZfTfMW6iLpjR4xWtlnCMgMzkm4E8G8Afg3A69PVCZh2DkCeeQD+EQEx/rbDfLjL5vt3pfiJAxnRNywF4Br+gIXQNBWAI4GxtMrCA82K4XFlZWydA6i5cN5wBIC+UUk/eiZpPLYvw5euDqu7Lo5h7cIQha1AWNtLAfwLgM8BODIdnYBp5QDkd/9NAP4KwM3lvp+szXzwTI53vpjip1/NisExme/ANr3PpTRTQzGjb0R5cqSVSCrbdmCV+5k0lYerQOrKRwyPS7pvV4qefi3D21eE+T2XxHjj4hBFw2Xf4VwG4O/hHgt0l/udlZpp4wDkjX8Ybpnfh8p5L5kc874Trlzv8wczYiSpoFX7NN5AUIrRM+R4Mrd7RyQrNf12RhpvEXk98rGUokdeTtMLh7K4aGlI3XlJTG1dFhY15VUXvBnAnwD43elWHTAtHICic/+PAPjPKFPCXzKjeO/RnLr3xRTtPuzK9WrVPo2XFMZR/6iyHcmmadCUxnrngLQUA2ZgUmQ1lUyhciCZUXjy1YzYdTiLjYtD6q5L4rxjZZjq42VzBD4N4CCAf2TmaaMaWPUOQJHxXw/gf6IM3fvG0opfOJhVO3el6OVjOSOl5Xo1PkIE9AxJK5lhqo9PfoDlbFa9w1IC+ghA4y0FRyBrM15oz4qXj+ewdkFI3b4jpi5fGxbNtSVXNgsB+D0AewA8X+73Uyqq3gHIEwPw3wEsK+WPjowrfiYv13vgRM7I2LqGX+M/RK5iZCKlZH1cTHqOj6UV9QxLUw9XjV8UHAHbYew9lhUHTroyw7dtj/HV6yNoqRelFBVqg3tE/ElmHpkOUYCqdgCKdv+3A3hPqX53NKn4yQMZ9bMXkvT6afsNuV69kmpKAAFIpJToGnQwr2XyU3wwoeTQmBRuJpdG4x/F6oKvnnJlhn/6XFLdsSMmb9wcpRlTaGs9QW6E2wTu/02HqoCqdgDytMJt7BPz+4dsh/H8oaz6zuPj2H8ipw2/pkwQMjlGR790dqxEaLJX6RhwxHia9ejVlIyCI6CYcbjTFv/rpwk8/FJaffTquLx6fVREQr5b5BDcPLGHAHSW+334TdU6AEW7/zsA7PD7984OS/Xtx8Z554spYyyttOHXlA8ClAROnnWmdHbfOeBI2+GgyblqpgHFMsOvnsqJL33XxgsHs+rzN9Xy/FbfU1I3wFWH/ftqjwJUrQOQpwnAJ/18TmbGK8dz/I/3JrD/ZM4gaMOvKS8EgAH0jUhHKjYMMblKgI5+twJAFwBoykVxsuDOXSlxpMvm37ijTl6yKmz46JgKAJ8AcDeAnnK/Az+pyrldtPu/HMAWv35HKsbP92bkH/7HMPadyAmCruPXBAMioG9EGskMT2pAOpJV/6i0y/0cGg3grquCgPZOm/7kOyPiJ8+l2HZ8VahcD+A64E32pOqoSgcgjwngvQCiflzckYyfPJtSX/7hiDg7JMkQpI2/JjAQgOFxJdKT7AmQyjINjangtHDRTHuICIYgDCUk/f3PEvSdx8dV1vbNOpsA7oLbKr5qqWYHYAFcmUfPkYrx0+dS6ms7EyKRVKTPSDWBg4B0jmUyoya1i09nmUbGVcmLsTWad0MIQiqr8K8PjYnvPTHuZyRgB9ymcVVL1TkAReGaHQDm+/Ebj+xNy/99X4LG00o369EEEgKQtVmMjCtjMn+fzrGdzrHSBYCaICKIkLUZ//bzcfHT55NKKV+cgNnIbyKr9Rig6hyAPAT3/N/z5L+9R7PyH+9NiERK7/w1wSZrM40mJ+cAjKUV5xzW9l8TWAQRUhmFf31wjJ59PSt9+Anf7EhQqFYHoBHAJq8v2jPkqH+4N0E9w1Ibf02gISI4kpHK8qQWxtGksmyHq3V90FQJQhCGxhR9bWdCnDxrKx9+Yj2AGeV+Tr+o1gk+D8AiLy9oO8z/8eg4v3oqp22/pmLI2JybzN+lMky2H3sqjcZjBAFHu236t4fHkc56fhYwD8DCcj+jX1SVA1B0TrMGrgaAZzx3MKPu3502dKmfplJgBsbTk1sPcw5DtwHWVAKFEsHH9qXFo/syXjsA9XCjAFWZB1BVDkARmwFM6uzzfAyPSfXtx5I0nlZ6QdRUFFJObtHK5DhbfcudplohImRsxveeGEfvsPT6KGAzUJ3pMNXoAMTgSjl6xmP7M3zgpA79ayoLBpDM8KR6ASiGH+epGo1vCAKOdDnigT0pry+9Dm4koOqoRgdgNjys3Rwak+reF1JkSx0O1VQYDKRz7FkkTKMJMkQEqRgP7E5Tz5DjpQO7GMDccj+fH1SjA7ACwCyvLvbCoSwf7rT17l+j0WgCjiDgVK9DT7/qaS5AM9y8sqqjahyAogSNjfBIvjFrM//ilTTlbL3712g0mqBTiAI8ti9DyYxnFQEW8mXl1ZYIWDUOQJ5zH8oLTp61+dWTNk2ul5pGU2YIiEXImfTfV9dap5kmFJoGHe3yVBdgE3zqK1NOqs20tQBY5dXF9h7LqeFxqff+moqEADTExaQcAMuESVR9Ox7NdIAwllK0+8ikJDDejmXw8Gg5KFSbA7AQrnDDlHEk88vHciSVrvvXVB7MjLqYwNoF1qSqAJbNsYy6uNDWX1NxuI4r8MrxLDI5zzzY2XCdgKqiKhyAol3KBgB1XlxzcEzheI9NOvlPU4koBVy8KqxWzQ9NagQvm2vRjhVh9ryiWqMpAeQmA4r+0UkKYfwyUVRhHkBVOABFz+LZ+X9Hn6P6R5Xe/GsqDqUYc2aY/IlraxC2JjeCwxbRJ66twbwWU0l/Oq1pNL5BBAyPKTp51tNewZvg5plVDdXkANTBFWzwhCNdNqeySpt/TUXBzKiLC/71W2t5zQJrSvN7zYKQ+N331aFthsnMjCra+GiqnIIyYHun7eWoXQWPJebLTTU5AJ41AFLMfKjDJqXP/zUVBDODAdx1ccy5eWuUvFAvvXp9VHzy2pqcOw+0B6CpHJiB9g6bHOmZ6zofwIJyP5eXVJMDsAauYMOUSaSYj/c40LZfU2kQwG0zTMcQ3o3elnoxyYMEjaZ8uKJANg2Pe3aGVY+8zHy15AFUvANQ9CE2ATC9uObZIck9Q45W/9NUHESEmoi3A9c0SM8FTcVBBPSPKurs90wWmFBljYEq3gHIE4OrAOgJx7ptjKW5aj6ypjpwz+Hdf5RiSMWQkuHk/2EApgCiYfJU/z8aJoRMglSAI93flMq9h+J7qpJNkaaKSGYUHe6yvVzL18GjSrMg4MmOOQDMhIc1mu0dNjsOwzC0D6ApPa4h5XP/mfP/TgRYBnHYIqqLkayLCWqqNai1QeSaag2zIS6MGfXCXrcw5Om8XjLb5N99Xx33jUgxklTZvhFl9o9KMZpUcjSpzHSW2ZZMUjEI7n0WHxnoPBpNOSAiOJJx6IxNihkenYoVGgONlvv5vKBaHIDlcIUapkw6q9ThLrtaIiOaCqBwjFUw9MyAIYCwRWisEaq1waAFraYzt9k0F8w07ZmNhtlcK1AfFxy2SFgGQuKN1W1Swj/vRGONQe+5JE75ew05EpRzmMfTjMExiYGEsjv6HbOj31Gn+xxxdkhicEyJVMaNTIDecAwA7RBoSgcRcLzH4bEUq/q4J6LuLXDzzQ6W+9m8oKIdAD8aAPWPKnT0O1r/X+MbhR0+n/vPgGUQ6uOC5zQbvGyOpZbMMWnpbItmNxncVCsoGiIzb+TPZ+BLZlGJiCwTsEyieATmzEYDhXtiZsraoLG0kj1Dkk/1OvJol01Hu22c6Zc0lJAia7tHB29ECUgn22p8gwjoHnJE74hU9XFPFnUTbr7Zj5grv0lcRTsAeTxuAOSo4XGlg/8azymckzMDhkFoqhG8oNVUq+dbWLcwxItnm2Jmo0HxMBnCwyz+UkFEFAkBkZBhtNQbWL8oZDIzsjZ4ICH55FlHHuqw8erJHJ0461D/qKSc455xCB0d0PgAAUikmI522Vg+1zMNn41wlQHT5X6+qVINDkATPOzVfLjLRtZmLQGs8QRmRqEIKRIizGkyee1CS21eEsKaBSGa02yIWJioWg0fESESArXNMKlthonL10aQtZn7RyUf7rTVy8dy2H8yR2f6HBpLqfxZLaAjAxovICI4DqO9w8at2zy77HK4eWenyv18U6UaHIDFANq8uJAtmds7bMEMaA9AM1mKjX48IrCg1VQXLQ3xthVhrJxnUVOtEF7W6VcaYYvOOQTXbIggkWI+2euovUezvKs9K4502TSaUqSUGxmoVudIUzqOdNnI5JSKhIQX5wBzACyFdgACwTq4Ag1TZnhM8aleG9r2ayZKcXg/HCIsnGmqbcvDfNmaCFbMs6g+RoY2ZL8MEaE+TrRxccjYuDiEj1wZ5xNnHbX7cBbPH8rSkS6bEilXkls7A5rJQAR09Duif1TxvBZP8gCicPUAHq30PICKdQDyCYAE9/zfky/QOeCovhFlVPD31JSYwm5fEDC7yeCty8PqyvUR3rAoJJpqhTb6EyQWEbR2YchYuzCED10Z5yNdtnrq1QyeP5ilU72OyNkMEshXFeh3q3l3iIChcYVTvQ7Pa/HM5G2Eaz+dcj/fVKhYByCPpw2ADnfapBsAad6NguY+KyAWIayaF1JXb4jwZWvC1DbDFKZ2IT0hHhG0aUnY2Lg4hI9fo9RLR7Ly0X0ZvHwsJ4bHJLm7L+0IaN6dTI7pcKfNl6/1pFgMAFbDzT/rK/ezTYVKdwDmwc0BmDJKMdo7bUgFmLoGQHMeitXumusM3rEyrG66KIoNS0KiNurJ2aLmPBARZtQZ4qYtMVyzIcpHu21+9JWMevJAms70SyEV6+MBzdtCRGDF5xoDeeSgzwewENoBKCur4AozTJnxDKvj3boBkOaXKQ7zz2sx+ZoNEXXjRVEsnWMJy9QjppSELKI1C0K0ar6FD14RU0+9mpEP7UlTe4ctso52BN6OtzavmW7viAg42etgeFxxS70nO7wGAOsB7C73s02FinQAigbzZq+eoWdIcvfg9GoAdC6UzW8I0rxVynW6LRTFFAy/IQhLZ5t840VRdeNFUWprNoxpNVACiCDC7CZTfPjKOG66KKaeP5RR972YwisnciKT044AUFSNwoAwCKYApAKkYkAxCjGr6fCeBAF9I9LoGnBkS70nrTLO5Z8xM1fqO6xIByBPFPnWjF4wnRoAFULZREBjjcFzmgzVUCMMQcBYWqmBhEL/qBSZHIPAoGlWk114P0IQls021e07YnzD5ijNbNBJfcGD0FBD4patMVyxNsLPH8rKe55L0nR2BAqGPx4RWNlmqQ2LQ2pOs2HWRAiZHKN3RMpXT9n0+ukcDY8rEqjsTPYLJZlRONzpYOOSsFeXXA+gFkCi3M82WSrZAZgJYIVXFzvcabPtMKp9Z1fY9S+aZapbt8X40tURmjvDoIjlPrcjGcPjCke7HfnE/jSefi0rhsYkCVT/QnrujJ+ABTNNvn17TN26LaYNf4VQExV0w+aoccmqMD9/KCt/+lySXjmeE1l7+jgCzO4atmN5WH3kqjg2LQlRPEJm8bMzs5G1wYc7bf7RM0l+bF9aZGzPmuUEkkJjoPbOHCuOedkYqA0V3Begkh2AZQBmeXGhTI75cKfbAKiK5wCYGaZBuHVblD93Qy3mzjB+ybBZJoloWGBOs4lLV4f5tdM5/sYj4/zcwaxwNdyr8wUVdk2zGg2+dWtM3XlJjOad5/1ogk/BEbh4VZifOpCRP3wmSQfP2ELK6q4aUIoRCRF/+Mo4f/r6WqqPn383U1Bn3LA4RCvaLF6/KKT+z/0JMZpSVe4EAMe6HUqmWdXGPOn20go3D007AGVgA4CYFxfqG5Xc0V/dCYDMDEMQPnJVnH/t5lqKRd491GEaRBsXh+nPPmHxtx8fl99/MmkkM6qqoiQFw18bFXztxoj68JVxLJ9r6TP+KqA2Kui27THj4lVh9dCetPzxc0lxutchRnXtdhmu8W+pN/hXb66Vd+6IGSHrwh4wEiJ6/2UxMg2ov7snIZIZVbUOEhHQPShFz7Dk2phnjYE2A/hJpQoCVZwDkE8ALLx4Tzjd66ihMVXV+dyKgctWhdXnbqylWGRig78uLujXbqkV81tN/qedCfSNSKp0A+kmProRkW1LQ+rj19bwtuVhcaELp6ZyaK4zxMeuiePydRH1w6eT6sE9KTE8rqgajgUKDuzS2Zb63ffV8faVYXOizo0QhDt2xOhUr6O+8/i4qFRj9m64jYEUHeu2lW4M5FKptcuN8LABUHuHTVmbp36hgMLMqI0K/shVcdTFJme5TYPotm1R+uOPNqi2FlNJVbnvy100GW0tJv/Oe+rUX32uiS5bE7ngXZOm8iAiLGg1xe+8p078zeeb1OVrIsowCEq9oe1QaRSM/4o2S33xEw188arIpFtMmAbRBy6PY8FMkyv1fbw7BNttDOTlE66AexRQkVRcBCDPYrgiQFPGdpgPd9pQDJgVvqt9OxQDK+dZvH5RaEoPSES4dE3E+COD5J//YER19Dtu6UCFUFgwY2HCdZui6lPX1WDxLFNU425Hc35Mg2jLsrCxYq7FD+5Jy+8+MS7O9DsVmeRaMP5//NEGXrMgNOXatnktprhibUSdPDtO1RgFKDzOkS5bZHLMkZAnDzgbbmOg0+V+vslQqRGAdXCFGKbMaFKpk71O1Tb/K7jzGxeHOH4B5/4XwvaVYeP3P1iPWY0GqwqJBBQy/JfNsfgLH2mQf/jhBloy29LGf5pSGxP0wStixv/61Sa+fXtMha3KigZIxVg62zvjX2DLsjAXKoKqEbcxkMTAqPTqS8fgHgNUJBXlABTFprxsAIS+EVlNOUG/hGkQFrSanj7hJavC4vfeV4+mOgNBdgKY3QSpsEV4zyVx9be/0sQ3b40ZYR3un/YQEZbOscQffriB/ueHG+SiWSYrZgQ9Bi4VY36LqX7/Q/WeGn8AmN1kGDVRgWC/gclDBAyOSXG6z1EeXnYTgIo8O6koByCPpw2AjnQ5nMpW3oebCIaAqouLnJfXJCJcszFCv3lHnaqNCqgADv7CWf+CmSb/zw83yP/xwXqa32pW4pjX+EgkRHT79pjx1c838c1bosrM5wYEkXy2P373ffW0ZVnYU+MPANEwIRYmVK0HACCbY7R32l5uANbAzUurOCpxMZwL98xlyjAzt3fYcGRe/aV6ISnZ828tiHDb9ih97qZaJ2RSoHZOKi+Icu3GqPrq55v49u161695ZxbPtsQXPtpA/9976+TMRoOlClY0QDGjJir4v95Rp65YG/ZlLDsOYEuu2uWQiKAYaO+wYUvPPm6hMVDFUYkOwCoAM7y40HiGcbTbFsXa99WI7TD1jUhfEj4NQfShK+LGBy+PK0HldwKYGVIx6mOC/9MttfJPP9ZAS+dYlTjONWUgFhb0oSvixlc+28hbl4cZQNnHdOEewhbh8zfVylu2Rsmv3JXRlJLjaa5W+w8g3xjorEOjSc/CPI3wMCpdSipxYdwEwJMizp5Byd2DsqrzwIgIUgGHuxzlV5g+EiL61Vtq6a5LYkxldALO1UTPsfiLH2/kz9xQY9ROsuyxsmA4klU6q3x798yMTI5hO6wqJlNukhARNi4Oi7/8dCM+eEX8XIJguSjoVXz86hr14SvjpkftbM/LwTM5VPuRqCCgd0SKzgHPEgEJeV2aIDiLE6FiygDzLzYC1wHwhBNnbZVIKW+z4wKIIGDf8azROyzV7CZ/zsBro4L+6x11nMqyfPillFHqMqLC7125Nqx+8846XjLb8vx8NAjYDnMyo7hvVHHvsOTOAYc7B6TRMyTt1gYR+u276ikS8v53maH+49Exu73DptlNptk2w5BtLSbNbjSopcGgmgiRn4apHLTUG/Q776mnpXMs+f8eGhO9I7Lk4kHMDMsgfPzaGvW5m2pE2McM/WRG8dOvZkkqVzW0mkllGUc6bd642LPJsg5uflpFNQaqGAcgTyu8awDEh9xzIFT5WAcRcKZf0mP7Murj19T49jv1cUG/9746Yob8+d7SOQF5DXS877K4/NyNNaKxxqjEyNYvPxcz0llWZ4cln+p1VHuHLU6cdbij3zEGxxTGUspwJEMqQCmEL18bUUT+RG+FIHQPSfzilUzIEIAhIEyDUBcTakadoPmtplw6x6Llc01eNMsSrfWCIiHyLVRdKsIW4X2XxowFrab8u3sSdOhMTqBE3fOKjf/nb6oR0ZC/w/rZ17O870S20kU+L4B8Y6AOG/lWvl488VK4+WnaAfCRpXCFF6ZMJsc40mUTGKhaEYA8RAQpGT98Oim2LAuplfP8W0maag3x395fp8IW1P270kL57ARIxWisEfyrN9eq914aF5Wc6MfMyNrg7iFHtXfY/NqpHB3qsKlzQNJoUlk55402zlTUodndrTFqo5QzBELw52hPxMKUN/7u7zmSMTgmxUBC4lCHbf7i5TQsk9BUK9S8FpNXz7fkxsUhLJ9riZYGg0IVKrZNRNi6PGx8+dON8h/uTainXs34LpermBEyCR+/pjTG/1Svzd/8xRilstW/+y/kfB3ttsV4hrk26smHbIGbn3ao3M83ESrCASg6V9kAIO7FNQcSUp3pq+7z/2JcAQyH/uFnCf7jjzX4dhQAuE7A//feeg5ZxPc8nyK3C5u3L7pw3j+/xcTvvKdOXbkuUpENfJgZY2lWx7ttfulYjl85lhPHemwxPKbIdtxsbCL3kFHQOzur8QjBz9hHxCrIZbzxPencv7jP4khG74gUZ4cl9hzJih9YhJZ6Q61os9SWZSFsWhLCglZTRMOV97EWzDSNL3y0nmc9ZMifPJc0co4/TYWUYkTDgj9/U4366FU1RmRqAp7vypk+R/31jxNo77ArcQpNCiKge0hSz5Dk2rmeTBoL7vH0T8v9bBOhIhyAPAa8bADU52BwrLoFgIpxF2zGrsNZ8affGeHfeU89r5zn34FiXUzQb91Zh7qoUN99YpwyNpNXL7tg/NfMD6n/9oF62rjYWzEUv2FmjGeYj3Ta6rmDWd5zJEuneh0xnlbEDJDIG3xBE6pOCVtk+Blzj0fe+X7e6hQwM2yH0TXgiI5+B0/sT6OhRvCKNosvXhlR21aEsGiWVVFRm8Yag37zzloxo17wNx4Zp/G0t90xlWI01Aj851vr1HsuiQnLxwwlpRi7DmfVP+0co4MdOarmVslvhQAkkopO9Nhy+VzPqoQ2AYgwc6ZS3mMlOQCeNgA63GEjm+OqLv97K4UM/V2Hs/T73xji37qzTl2xLuKbnn88IvCrN9dSU62Q//rQmJlITn2xZGYwgO0rwvJ/fKAei2dXTomf7TCfPOuoZw9m+NnXMuJotyPG0oqA/O6eMKn3UwiQRULkWYuz81EXE1kihC/0f3/OISD3TIKZMTyu6IWDWdrVnkVjjcHrFlrqyvURbFsRptmNhqiELWgkJOiT19agudaQX9uZEIOJqXfHLDi1c5tN/q276nDdRn8jWjmb+d4XU/yvD46JgYRENXRGnCi2ZBzqsOmmLZ5dcgXco4COcj/bhVJJDsAiAAu8uJAjmds7ba7mBkBvBxFBADjV69CXvjdCn7y2Rr730jjVx4UvhjRkEX3oyrjZUm+of7g3QZ0DzqQzqQtHQVevj/B/e389+XmM4RXMjNGkUi8dzfGjr6Sx91hODCQkMbtG35uF101knWib54kSj5ASRKyYJ3XDVMhQNNz3MjQu6ckD0nj2YBZzmw118aqwvH5zFKvnWyIaCvbENA3CHTuiRn2c5N/8OGF0DTqTPjsvGP/V80P8u++tU5uXhgw/jXHXoKO+/eg479yVMtLT4Mz/fBARoBhHumx42BhoFoBl0A6AdxSd/3smtziaVHyix6mEzYYvEAEGEUaSCv/7/jFjz5Gs+swNtWrzkpAwDO9fiiEI122KiNYGQ/7dPaNi/4kcTTST2k26Am7aElO/c1cdzagPdqa/Ykb3oJRP7M/wIy+nxdEu28jk+E3hfS8hAuJhknCPynwhFqbCSZIH9/uGM6AU40yfI073OXhwT5o3Lg6pW7ZGsWNlhBpq/HFMvYCIcNX6qBELC/WVH47QibMOCZrYsU0hmfCa9RH1m3fW0sKZ/pWvprOKH9+fUd96dJyOdNuGH+Owksg3BqLBhFRzZ5hevPcauHlqj1dKN8XAOwBFbIZnDYAkekemTwLg2yHIFTh5/lBWHOqwcfv2mPzgFXGa22x43iWPiLBhccj4i0818j8/MCYfeTmdT6IqHE0ABcvy1t9mdpOtbtkWlb99V53RVBvcI3+pGCfPOvKhl9J49JU0dfQ7hsrv9v1wrgoIIq6NiRyAqF+/EbYo5EeZIeWNJjNjPK3o6Vczxq7DWaxos9Rt22LyqvURaqkXge3cuG1FWHzhow385btH+UiXfd7Wwm8ViGEASgE1UcEfvCLOn76uhurj/lhjqRivn7bVdx4f56dfyxiZHE/LkP9bIQIGElKc7nPk3BmemcLNcJ1wWe7nuxAqxQGoBbDeq4sd67ZVKsuV8uy+QkQwCBhJKnz78XHjuYNZ/sDlMXnTRVFq8KGefu4Mk/7gQ/Vi1TxL/uiZJHUNSuFI91y/EIpUis/tTDiv6f/+y2LOf7mtzqiNBXNDKBXjeI+jdr6Q4kf3pUXvsHRz4QglCbGScJP0/CRkkTANwPFpaSsYJMMAbIdx4GROHDxt4yfPJdXt22Py+s1Rag2oI7BpSZi+9IlG9WffH+HXT+eEyEe4Cm2owyG3wY4jgZAF1MWEWjLbwh07YnzNhoiwfCiRZGac6ZPqJ88l8eCeNA0kpBAlGo+VQjbHONRh45LVEa8uuRpupHqg3M92IVSKEZwDjxoAAcyHOmxy5PQ8+3o7Cjr+x3ts+tufJIyf702rD14RV5eviVBN1NsXFY8I+sjVcePqDRH1+hnbOdXrcCbHRtsMw0nn2PzBk0k60/9GrsD7Lo05v3F7neH1fXgBM+N0n1T3PJ/kh19Ki74RKYBCrXHpblcQKGKRr/M5YhFCJiGT81/utOCYKmYc7rTFse4E7tuVUu+9NC6v3xQRTbU+hlMmycp5lvjjjzbIL31vRBWcAAawfnFIffyaGsTCJDI5RjwieE6ToVobhBEJ+XPE0TPkqPt3p/n+XSlxps8haMP/S7gy6YzDnTYcyeyRkuXC/D/aAZgqRWGzVXCzK6fMWJpxtMumam8ANBkKi65UjFeO58ShMzYuWhZWH78mzluWhT0tSRJEmNNsijnNb0rkCzEzLloaVv/yQIKfP5gVN1wUVb9+WzCNf9+IVPftSvHPnk9R54BjuO+wPKFVQUDY8rcKIBYhJ2QSMVAy61sYk5x3BP7mx6N4aE9KffCKuLpyXUTEI8EaFyvaLOOPP9ogv/TdEXWy1xZ37IjJT19fS7Ma3xRNI/i09o6nFT/ycpp/8FSSjnXb4g3hqEC9psAgCDiRbwzUXOfJsG4EsBbAS5WQBxBoB6CIjQA8EW3uHZaqq8obAE2VwqKbcxjPHcyI107l+OatUfnRq2pofqu/mfdEhBVtlvjTjzfyniNZuWlJyKiPByvsn8onU33/iSS1d9qGUlz2RTZkEkI+6sQDQMQiZZkkUIbu2eciAoqx70ROtHfauHhlWH38mhreuNif5NXJsqLNMv7oI/Wqe0jKy9ZESqJzIBXjwImc+sYvxvnF9uy5/JrpnOR3IRABfSOSOgekaq7zJLeo0Bjom+V+tguhEhyAMDxtAORgNKn0tLgACovuWFrR3U8ljT1HcvzJa2vUDZsj5LeSW31c0HWbooHK9lOK8dppW37r0XF69vWMkbGDscgyAMskjljFunzeE7aIQmVeMc45pzbjiQMZsf9Ejm/fHpMfujIu5jQHp6/XqvkhsWp+aX5raEyqu59O8o+fTYlBfc4/YcbTio502bzBu8ZAG1AhjYEqwQFoBbDSq4sdOpPLNwDSE+RCKdR+He+x6ct3j9Duw1H12RtreEkFifBMlcGEVD9+1l1k+0fdrnCBWWQZCFnkxMLE8ChSdj5Mg0zLJC+qAKdMwREYTir61uPjxq7DWf7UdTXy6g1R4VFNd+CRirH3aE7+v4fG6OXjOUOxzmuaOG4eQHuHTR42BloCt2eNdgA8YAncJMApk8kxH+lyGHm5Vc2FU3ws8MCelHj9TI4/f1OtvGFT1PA79FxOpGLsOZKV/++hcew7EdxFNmzmM819xBCgUHA22QDeSF5t77TpS98bMV44lJWfuaGGFs40A1kt4BWJpOK7n0ny958cF0NjilxRqep9Xr8oagxE4xlGbdSTd1hoDHQ46HkAgXUAihIA18MVWJgyQ2OST/c5Vda1vLS4SoKM070O/eUPRozXTuXUZ2+opdaGAB3CesTIuOQfPJVUdz+dFMPjwV1k80cAwjLI1825IYCYz6WGk6HgnGZtxs5dKeP1MzZ//qYadc2GqAhXoXN6pMtW/3x/As+8nhVSBdMhrSSIgO5Bid5hqWqjwotjxxDcPICflfvZ3o3AOgB5BLxuAJTQCYBTpSDcksm5LYaPdjnqN++sw/pFVsX3fwdc5/PgGVv+n/vH6MX2bGB3/cVYJhmGzxkTpkFcExE22L9jhqlQcE6P99j0598bpQMnc+rT19diZkOwVSMvFEcynno1I//pvoQ4edYJrENaaRCA0aQSx3scZ+kczwppNsLNX8uW+/neiaBPjCa4JRWecKTTVpkc6/o/jygY+73HsuIPvjmMB/ekpe0E4YR48uRs5p0vpuR///qweO6g2/e9EhbZeJh8r80zBDgWJhXkL0xEMAQhnVO4+6mk+IN/H8bLx7JScZDv+t1JZRV/4xfj8kvfHckbfwp0aLmyINiS0d6R8/KFLodHpet+EnQHYD5cUYUpI5UrAKS45BVMVU1hwe0ZdOjLd48a//bwmEpmAm0j3pbhMam+tjOh/upHo6J7sIIWWQaiYVJ+RymEIER9zjPwisJ3e/l4VvzBN4fFPc+lZNauyGGJ3mHJf/WjUfV/HxwzEmlFxgTbRGvemUJ/iyNdDjI5zzzFuXAbAwWaQDoARef/awE0eHHN0aTC8R6nItbzSkQIQjKr8O+PjIuv/mRUjSYrywk43mOrP/nOCH/vyaSRyTGJClpkGUA8InKGAeXzT4lIiAIZ/j8fBee0b1jSV38yanxtZ0INj0u/35GndA86/KXvjWDniylDqsqIRlUiRMDpPkcMeTc+Co2BfqkPRJAIpANQRKGxwpTpHJCqd8Qt39L4g8hLa+58MW385LlkRSy0zIwXD2XkH3xjGE+/ljGCnrX7dsQjVJI8hUiIRKFxT6UgBCFrM77/ZFJ86bsjON1XGedUtsP89Z+P83MHM0TQan5+QgQMJiSdOut4+ZI3wcfunF4QZAfgnAflBce7bZXMTK6PuebCoXNOQIq6B/1qG+MNUjLfvzut/vg7I+JIly0quUNaJEQGSnC6FYtUTmSkmEJjnicPZMQffnMY+0/kAj02AaC9w1aP709TuVUmpwNEbo+Lw52enhOthUct7P0iyA7AHLgaAJ5wsMMWjqzM3V2lIQjoHJDipaO5ct/K25K1mb/zRFL+9Y9GqX9E5s9VK29sFDbiEbcPgO8PUBcVOUH+lhv6RaF65bXTOfqjbw2LJw+kOcjJgbuPZHlkXFXgqKxMFAPtnTY8zBhdADePLbAE2QFYAVcFcMqMpxUf67YrcudSiRARbIfxyvEsgrjAJjMK//rgGP/z/QljPKOo3FK+U8OVI46FS/MM8QjJSp5HhbyAjn6H/vz7o3T/rrQKYomAVIwTZx0o1rv/UkEEnOhxGwN5dMlGAOuA4B6ZBc4BKHpRG+HWUU6ZvlGpOgekzp8pIQTgTJ8UWTtYI38spfgffpZQ335sXOQcpmoYFEIQYhFRkpyLeERURR6NIQiDCYmv/mSUfvJsStpOsMZpzmaMjKuA6S5WN4KAXrcxkFdjwVMdG1+eudw38DaE4GUDoB4Ho0kdSislQgDHemw8sjfDjmfzaWpkbeb/fX+Cf/xsUkhVPcdBROC6KJXkvCVsUUhQdVTSCkEYSyn6u3tGjZ8+n5JB2aVlbeYfPJVU+0/kIIK6Qlcp42lFR7s8zQPYAKC23M/1dgR1eLXC1VL2hPYOm3NO9Sz4lQARIZFS9Lc/HRU/eCqpcgHYYRkCtHZBCPNaTFYc3LDcRBEExCOiJA9jmQhU692pwOyKgiyZbfHCmWYgVCzH04r/+YGE+tcHx0Qyq/SaVULcBGbg4BlbwLu1odAYKJAEVQp4MYA2Ly6Us5nbO22qkrW+ohBEGEsr/NN9CUGA/Ng1NWUtiTENwm3bY2J5m8X/8sCYeua1jHAkl72d71QRBITdKgDfCVuEkAmkAy1w+s4wM9gVT8Kt22LqszfUYHaTWfZyLUcy/uXBMf7+k0mjUhQoqw0i4HiPzWMZ5tqoJx+gFcBqAEfK/WznI1ARgKId2Tp41ABocEzy6V6n0tf4ioXgGqjG2uAMteVzLfriJxrov9xeq5rrDJaKKzoaIAQobJZGnz8WFk7IpIAc6kwcZoZiYH6ryf/zQw3y995XT7ObzEAMTkMADXGha5XLCBHQNSBF34hngkAhBFgQKBAD/y0Y8LYBkBock7oCoAwUdlo3bI7KazdGAzXWaqOCPnltjfjyZxrV5qVhLtxvJRIyCaVqyRwJEYcsUqjAV6XynfOu3RiVX/18E9+2PWaEreCsDESE918WF1uWh1Rl6WhWDwRgJKnoeLfj5WU3AcFsoBWoRTlPPdwWwJ5wtMtBOqud6nLA+Z3WJ66toSAttAWEIGxdHja+8plGfPSqGhkLC1RaNIABhCzisFWa2vyw5ToclfOGXMdOKkZzncH/5fZa+cWPN4hlc60grn1oqBH0mRtqubFGBFqjoFohyjcG6rS9vKxnJe1eE8RJMB+ugMKUUW4DIKFraUsPM8MyCR+5Kq6WzA7mYlugtcGg37qrTnzhow1qyWyLuZISBBkIm+TEwuTpluXtMA0yLTOwuUO/ROE7bl4a5i9/plF98toaoyYa7APBLctCxh07YopQQeOwimAGjnTZ8LCEuQ0eitp5SRAX5jVw2wBPmZGk4uM9NmvbX3oUA1uXh9UtW2NBHGO/hGUS3XhRVHz1841840VRZRqESojD5iMACJfoCMAgUCSA0Zy3Utj1x8ICH7mqRn7lM43YujxsVEIykCEIH7wiTkvnWFwBQ7DqEASc7nXE0JhnqS6BbQwUmMW56MV41kChZ0iqs8OyEuZ8VcHMqI8J/vg1cdTFKuvtL5pliS98tIF++6462dpQGQmCIRPCMqgkc1kIQjQsEOQzgELuyZLZlvrCRxvUb91VJ1obKqt2cW6zKT52dVyFLQr8+Ks2iIDBMYlTvZ42jfKssZ2XBMYByBODqwDoCUe7bRpP6/P/UlJYfK/fHFVblpdIn9Zj4hFBH74qbvzVZxt5+4qwKjSSCSqWSYZhlGZxMQ1wTYQ8PSD1EqUYpkG4aUtUfvXzjbjxoqgImcGPWJyP6zZFxY6V4UoIRFUd6SzTEW8FgTxrbe8lQXMA5gBY6tXFDp2xIXUDoJLCDMxpNvnDV8ZhGZX74gURNi4Ji7/8dCN98roaVRMRwYwGsNsHoFQ140KAY+HglQEWQv4zGw3+rbvq5B99pEEsmhXs3JN3Ix4R9NGra9AQF4HsqVGtEBEUA4fO2FTtjYGCNkGWA5jpxYWSGaWOdtkl6I+mKcDMIAJu3x5VS2aXX1jFC5rrDPr122rFn36iQa1oC2aCYCwslFGimSyIStZ46EIpfI9tK8L8lc828kevihvxSGUdPb0dm5eGxLUboyqI466aIQJOnHVoJOlZi41zjYGCRCAcgLc0AIp4cc2+EQndAKi0KPfcle/YEQuErKpXWAbhmg1R428+14Tbt8dUyAxOgiADqIlSzhAlO5UXkRAFoqa5sOuviQp8+vpa9eVPN2Lj4rCotrH3gctjmNVoaPtfQgQBvcOSugc9EwQykO9vE6QPGQgHIE8IHgoAnTzr8GhKNwAqFczu2etdl8TUnOZgKKt5zfxWk/7nh+vp995XL2c3BSdBMB6mksoZR0JuE8VyPnsh12RFm6X+9OMN8tdvqxXNdZWV6HehLG+zxE0XRVXhuTWlYTzDdLTL03SXDfBI4dYrgrRQz4CrmewJh7tsztoMfQZQGlR+Mb7xomhVv/BISND7LosZf/25Jr5sdYTd88LyLsqRUGkqAArEwgLlDLAr5WpM3L4jJr/6+SZcsyFqmNVp+wG4xy53XhyjeS2mtv8lgojgSMahDttLpytwjYGC5AAsBjDXiwvlHOZDZ9wGQDoE4D+F3f+dO2I8o65Up9Hlg4iwdmFI/PmnGvH5m2pkfaw8CYKFXwu7IfmSjfTaGNmCSqM8+KbnzYf8Zzeb/Hvvq5d/8MF6Ma+lOqNNb2XRLEvcvDWqUObIy3SCCDjWZSOZYa+OAWYBWFnu5yomSJNnPYA6Ly40mJB8qs+h6kgDCj6F3f81GyPT6o031Aj61ZtrjT//VCOvWRAqfaIWM4Rwd+SlpCYiZGljDoBit5rn0tUR9Tefa+T3XxYzouHpNcNv2RqjeTN0FKBUEAGdg1L0jUivLhlCwPIAyu4A5F+EgIf1/50DUg2OqmrKBQoszG6Dldu3RzEddv9vxRCEy9ZExF9/rhHvvTQuw5abIFiq+S2IEA+TZ6nKF4Jbdlia3yrs+utjgn/lphr1F59qoDULQlWV6HehLGg1xY06F6BkEIDRpKLjZz0VBNoIIFzuZysQlAW7HnmpRC840mVTKqem3wpRBhQDi2eZ6qp10XLfSlmZ22yK//6BeuP3P9ig2lpMVlyaIwEhwHUxkSvls4YtCgny/8iBmcEA1i4I8Z9/qlH9ys21oqGmig/7L4CbtkRpdpOuCCgNhJzDONzpqSDQKrj5boEgKA7APHjUAEgqxqEzNpTSDYD8hpkhCLhhc5RnNZVm9z+QkHzfiylnLBWQOrwiwhbhjh1R8dXPN/HV6yMshP8JgoJQ8rp8yyRh+BgCYGYoxQhbhPddGpd//flGvmxNxPDzNydL74jE/btTMp0tzXhcNMukq9ZHFQMlizJNV9xKF6C9wxY5x7O3PRcBagwUFAdgNTzyisZSSh3vsbXtLwHMwOwmk6/bVLqz//t3pdSff3/E+Lt7EmpwzLOzOc8gIqxos8QXP9GIX7+1VjbVGL62GBYEhEtcBRD2sfkQM0MxMK/F5N//YIP6b++vF3Oagpno1zXoqC/fPcJfvntUPHcwW5JjGEFEt2yNUlOtkY+PaPxEEHCmz8FgwjPxy1p4GO2e8vOV88eLFkXPGiX0DEnuGZI6AbAEMIDL14bVgpmlWaCPd9vqJ8+mRNZh+tkLSePLPxjl7iGnpOffF0pdTNCnr68x/vLTjWrj4pBv57ZCEIXN0grzxMIkwxak14+jmCEE4er1EfU3n2/iO3ZERTignQePddvyT749gqcOZCiZVvSdx8fJQyPxjqxos2jHihB7lpuueVuIgIGEpDN9ngkCAXl7F4RznCB41h43AHIwntENgPyGmVEfF3zj5mhJdOgdybj76SQ6Bt6o7nhsX5q++J0RnOixgxcKgNs5b/vKsPirzzbRh66Mq2hY5BMEvZn4DCAeIcRLLL0QtkhZpneJh4VEv6Yag3/91lr5xU800oo2K7CJfq8cz6ovfGuYXjqaFUSAEMBrp2zx4J50SVZ0yyS6aUuMY5FgN6mqFtI5psOdngoCrYWb91Z2guAAzAKwzKuLtXfY7Di6AZDfKAVsXBziVfNDJRlDB07m1C9eSRORG2Z3/wF2Hc6KP/rWCB04mQvsfmhmo0G/8556+qMP18uFM01WHpULMgNzmgye2WCU1ArEI2TWx4XpxY8W3sPGxSH1l59u5E9fX2MEtYU0M+OZ1zLqT749Qoc6bCGKxqJUjJ8+l8SZ/tJEpDYtDYnV80NBUaSuWogISgGHOnIkvXvZC+BRzttUCYIDsAyuEzBlUlnFhzttocX//IWZYVmE6zdFEQn572llbeYfPp3E8Lii4uRzIrcc7eCZnPjjbw/TcwczKqg7opBJdNOWqPHVX2niGzZHlWlMvZ8AM7BgpqmiJfgGxURDRItmmVPKb2R2Ff2iIYEPX1kj//pzTdi+MixKKWk8EaRiPLgn7fzZ90boTL9DhqA3bTKIgFN9jrj3hVRJduW1UUHXboywIXQUwG8KjYFGk8or564ZbhSg7ATBAdgI7xoAceeAo9X/fIYZWNBqqq3LS1PO+srxrHruYJbcHdeb/3+uE0A41evQl747Qj9/OeMEdVtERFgy2xJ/8rEG+o076tSM+sn3E2BmhCzC9hXhkvYBANyjjYtXhRG2Jmd83EQ/xqJZFv/RR+rlb7+nzmhtCK6GRM5m/OCppPrrH40a/aOSzleNQEQAAw/uSdHxntJEAS5ZHSHdJMh/BAFnhyR1D3mW4yEQEEGgsk26/INbAC7y6pqn+xw1ktQNgPykUJt92Zowz2z0f9HO5Jh//EyKxtLqbTsMErmCPH0jkr5y94jxw2eSyvZUu8Nb4hFBH786Lv7qs41qy7LwpBIElQLWzLfUjpXl6c178coIbVoSUhPdEynlykbfsDmq/ubzjXzz1pgRMoM7Y1NZxV//+Zj6p50JkUgreidni/KG4r5dKS7Fwj5vhiF2rAwH1N2tLsYzTEe9zQNYByBe7ucqt9fdDA8bALV32JS1dQKg39RFBV+x1pOgzbuy70RW7TqcvaCqDiEIo0lF/3jvmPj3R8ZUqWqzJ4MQhM1Lw8ZXPtNIn7i2RsYj4oLLBZViNNYK/uwNtdxUW56dc31ciF+9uZZnNxvqQs5GC4l+LfUG/+addepPPtZAS2Zb5V5/3pHRpOJ/+FlCfuMX4yJr87smuxYc1F+8nBbHShAFEIJw9YYIYmEqicMxXSk0BmrvtL18z8sRgMZA5Z6AiwG0eXGhQgMgsBYA8hPFwIp5Fq9o83/xztnM9zyfwjvt/t+KEIR0TuHrPx8XX9s5JkeTwXUCAGBGvUG/cUed8Scfa1DL5liK2S2HO99Cw8xwJKOx1sB/vaOOL10T9qR0drJsXhoy/uCDDTy/xVRS8nnvu2D4DUHYviIsv/zZRvXRq+MiHgnoYX+e3mHJX/nhCP/42ZTpyAtPKiYCeoYkPbg7XRKjvHaBRUtmWxzsUV75EAFHumyRynpWfDkTwIpyP5dZ5t9fB4/KIYbHFJ/q0+f/flJQ/rtsTZjjEeG7A/Da6Rzvas9O+Ihb5D32u59OmqNJpX7rrjq0NgRXQtYyCNdtiooVbZb60TNJ+fDetBgYleQUHTkSgEiYsGFRSH3quhrsCEDCHBHh8rVho7WhSX33iXHn+YNZY3hcutnS+U7cEYuweLal3ndpjK/bFKX6uP/jZqqc7nXUX/14lF44lBGEiW0oiNy8iEf3pcV7Lomp+a3+amQ01BjiklVh+dqpHJh19ZNfEAFdA5J6RyQvnuXJJw3DzQN4oJzfrSwOQN4zJriCCJ7QOeCo/lFl6PHvHwygqcbgbSv8P3fOZ11jJKloMjoDhYX4oZdSIpFS6r+9v579XoynyrwWU/zWnXW4fXtM7T6SVQdP22I0pWzLgDGvxaSLloV505KQCFKZHBFh5TxLfOGjDXS821avnbbVmX6HsjabrfVGbkWbZaxZYFFjjTAqwTgdPJOTf/XDUdp/MkeFMr+JvxOga8ChR/el1WdvqPX9ni9eHcYPnkryWFr3P/ELAjCSVHTyrCMXz/Is+rkJbofAkvbyKKacEYB6uBEATzjcaVM6qyeAn7ACVi+w1KKZ/of/T/U68rmDhR3Y5K5RcAKefT0jxtJK/v4H6+XKeaGyhs3fDcMgLJtriWVzLShmSAVDEIRbdRbc4R0yiVbNDxmr5r/p/ZZUoXAqMDN2H8nxX/9oVBzvsSdt/AGc0wX4xctpumNHTPndJXPZHEusaLN495EsBTfOVfnkHEZ7h03XbvSs8VmhMVB3uZ6pnDuiNrg5AFNGKeZDHTZL3QDINzjfe37r8nBJav+f2J9B77Cc8ucsCAbtO5Ez/uhbI2L34Ww+Ph18BBEsgwxDUKCNf6WjmPH4voz84neH6XiP/Us1/pNBEHC8xxG72rO+D7Z4RNC2FWEmlL+srFoplHke7rQpZ1dPY6ByOgCr4FYBTJmxNPPxHqcUirTTmvq44C3L/N/UDY1JfuJAhpRHCZ0FrYBj3TZ98bsj9Pj+jPS7S5+mMrAl42fPp5y/uHtU9AxKeNVxkIiQsxmPvJxGJuf/YNuyLITamNCD2keIgNN9DobGPNMDqAOwvpzPVHIH4C0NgDw5gugZcnB2yNENgHxEMbB0tqUWtPpftP3K8Zw63m17muNW0AroHnTwF98fFfe+kJJOaXq3aAJKJsf49mPj6n/9NGEMj0nyOqlSCGD/iZw43Gn7XhK4ZLYlFuVlpjX+QAT0j0pxpt/zxkCiXJGbckUAYsgrIXnB8R5HJdK6/t8vCoNz09IQ/M7+dyTzE/szyNj+ZMYKQRgak/S/fpoQ33l8XGW9C+dpKojxjFL//EBC/euDYyKZVZ4b/wKjSUVPvZrx/XlqY4I2LQkxoI8B/CSdc/MAPLzkWgAN5XqecjkArXCFEDzhUIdNToCV36qBWJiweYn/4f/OAcl7j2V9DeYIQRjPKPqXB8bEvzwwppIZzzS+NRXAYELy3/4kwd99Iils590FfiYLEYEBPHcwQwMJT3eN52XzsjAiIb0P8otCY6D2ThseNgZaBGB+uZ6pXA7AMrhCCFMm7TYAIkwha1fzzjADs5tMtWSO5fsL3n04y30jyvdPKYiQcxjffnzc+NufJNSgd+d6mgDTNeDwX/xgFPe+kDSU8r/+WhBwqtcRB07mfB9fy+daNKvR0OktPkIEnOixaSzlaWOgNeV6nnI5ABvhHgNMmb5RpTr7tQCQnygGVrSZ3FTjb/g/azM/dzADOQHltangevSMn72QNP/yB6PoGtRhpGrmWLct//S7I/zE/jQBpdowELI245nXMlPu/vhuzKgTYsVcrQroJ4KAnmFJXYOeNgbaCJTn6KakDkD+AU142wCIh8aVzv/zCWaGIYANi0IwfC4yPtPv8MEztqASjsqCEXh8X5r+9DsjfLzHlqX7dU2p2HciJ7/wrWHacyQrqITRQiJXROaV4znqHfH3GMA0COsXhWAInQfgJ+NppqNdtpcveCPK1BioHBGAZrglgJ7QfsamnKffQvNWaqKCV833//z/lWM5NTRW+m6OBa2APUey4gvfGqH9J3I6J6BKYGY881qG/+Tbw+JQh1tZUuqjQiKge1CK1075v1Ctmm8hFtHlgP6RbwzkJgJ69Z49OxKfKOVwADxLerAd5vZOm72qF9f8MoqBWY2Gapvh7/bfdph3H8lSqcL/b8XVCgAOnsmJP/72MD37ekbpXVRlIxXjoZfS8s++N0Kn+xxPBH4mh5tvsvtI1ved+fxWk2Y1GvoYwCfc6BFwpNuhZMazfcJMACvL8TwlcwCKBr5nZQ8jScUne72tF9e8GWZg8SwT9TF/z/97RyS3d9hl9eOICIYgnO5z6EvfG6GHX0o7Hmb7akpIzmbc/VRS/tWPRkX/qHcCP5OhMKYPnMyJ4XF/K04a4kIsnWNq39VH8r0e0DfiWR5ABB6WxU+EckQAPGsA1NHvoH/U/4zx6Uqh+9+q+f6f/7d32KpvRAZCzdEQhP4RSV/50ajxw6eTMqdzAyuKVFbx1x8Z43+6L2EkUv7V+E8EQUBnv8Sxbn8Hk2kQVrZZEKTzAPyCAAyPK3Gy1/HSmdsEwCr1Nyu1A+BpA6CjXbZKZXQDID+JhIiXzTF9PxPfdyKHnBOcdqZCEBJJRV/bmTC+/vMxTmd1KKASGE0q9Y/3JtQ3HhmnTM6/Gv+JQ0hlFe0/6X/jtxVtFkdCpMerjxQaA3l4yUJjoJJSagfAs+YHipkPnrHh5tUGZZJXF8xAQ41A2wzT1w56yYzig2dygfuIQhAyOcY3Hhmnf7x3TI0mtWBQkOkdlvyVH47yj55JGU6ZckneDiJ3Ph04kYPf6pNzZ5iisUZABwD8oagxEHvYGKgNZWgMVBIHoCissRIeeTnjKcaxbkcUkjI03sP5BMAZ9f4Ok54hqTr6ghH+fytEbtbvD59JGl/54Sh6h7VgUBA53evwl743gof3pgzmYBn/AkTAibOO6B/1txywpU5gdpOp7b+PUF7gycOcjnONgUp5DFDqCMBmAJYXF+oZlqpnWCIAx3tVCwOY32pyxPK3Mv94j80jydKX/10oRARmxsN7U+JL3xvh032env1ppsihMzn5hW8P83MHM0QIbkUQETCQkHSix/H1dyIhEgtnmloR0EcKjYFO9zleDrbNKHE4u5QOgKeZjifP2pxIqXK2M65q3F0UsGim6XsS1aEOm+yAhWzfChGBADx/MCP++FvDOHQmpwWDygwzY1d7lv/oWyN04GSuLDX+E4HIVQU81OGvLDARYeFMU+hEQH/J5BiHOz3VdlgLoLGUz1BKAzoTwAqvLvb6aZvcdq7BnfCVTsgkbpvhScfmtyVrszra5VTEOlUQDNp/Mie+8O0R2n04q7UCyoRSzI/ty6gvfm+YjvfYQlC5avwnBjNwpMuBI/0dOAtnmjJs6URA/yBI5eYBSO9iLYvg5gKUjFI6AMsAzPLiQums4iNdNsD6/N9PomHC3BmGr4vIyLhCR79TzjLtCUFEEIJwrNsWf/qdYXp8f0bpWGtpcSTzvS+k5F/ePUo9g26Nf6WsA4KA072OMZr0t6pkZqNhxsKV8lYqj0Lu2bEeW4ylPVsAmgCsBkoXufHdASh6kPXwSO94cEypjn6nEhz+ioUZaIgLbowLXysAeoYdHh5XFbOAA27MyRCEniFJf/GDUbp/V1rqSEBpsCXje08k1d/+NGEMj8lA1PhPBCKgPyHRM+RvMmlTrVBNdYaji1f9QxBwdkhS14BnOR0mPNTJuaBnKNHvGF4+2KleB0NjKpBZ49UCMzCjzlD1NcLXhLeOfolUlivySwpBGBqT9E87E8YLh7J6qfUZZsbPnk85//rQmEhmgyHwMxmSGaZO74zGeamNCtFcK4T2S/1lLM10rNvTpOAN8KhT7oVQKgfA057HhzpsZO1gJ41VOgyguU4YIZN8jQCcOuuwLEFfdr8wBKFvVOJ/3ZPAibN2EKsDeAr/BIpXjufU/31ozEhlFFWq918oKz151l9FQMsEzW7y9/hOQ5CScajDUw2T5fDoqPxC8DfD6w0W5P+ZMo5kbu+wobg8OsbTBSJgbrORMwSF/foNpZg7BpyK36UIAo512/SDJ5P8Pz5YX1bd+WLO9DnyZy+k7MkIz1gG6JZtsdDyuVYgplnWZv7BU0nuG5HC9FmW2m+YgTP9DilmFj55voIIs5tMSQRfHfjpjFtzChztcpDMKI5HPJn4hWT5E6V4Bl8dgLc0AKr34pojScWnztoUkDW2Kil8txn1hq/jI5Vl7huRiqiyfTkiAjHj6dcy9OGr4mrxrPIbzZGk4r//WQKP7UtHJjNVFIBDHbb68081qpZ6o+zPc6LHVnuOZEX572TqEAE9QxKpDKMm6t9C1lwnQoVSwEqNsAUdIqBz0BEDo0rFI57kS0UBbATwUCm+WymmEwG4yKvf6ux3uE83APIdyyA01vjbAXA8rcRAQpnV8CldkRdFr5eg5/u7YTvM33xkTD31asYwBGAYNOF/TAHsOZIV//LAGKUC0AehvdPmRKoyc0XeCgEYSCgxnvH3vbY2GHbI1KWAfkIAhscUnThre3nZTfBIMO/dKIUDUAMvGwB1O5zUDYB8xzJJtdQbvnYuGUtzLplRqlqkHGyH0TnglHWPyszY+WJK/fCZ5JQkcQt/d9+uFP34mZRSZfYBegal6VSJCjMRMJ5RPDKufM0EbK4VsKrCvQ4uROQ2BvJWEKhkjYFKsVh51gCImfngmRxJFWzFr2rAMkF1MX8jAP2j0szkuCq+ZGE85hyWKGMC3a72rPMvD45ROjv18CERwZaMf//FmPHkq5nyJjhWwyApIp1l0TeiQn7+RixMViREOgTgM+w2BkLO8SybaT6AxaW491I4ACsBtHhxobE041i3U1E145UIA4hYRNEQ+RqGGhpXIudUx9LOzBAENNYaJspkrk6ctdXf/ywh+kel8KpEThBhZFzha/cmyG8J23didpPhVHry3xsQbIcx7HMEIBYWKh4hFbx6jupCEHDyrGOMjHsWJqtDPmrut76Ibw5A0Y1vBuCJp9s7ImX3UDC7xlUVDMTCxGGfe4onUiqjKrgE8K1Ew8Qr2qyy9AgYHpfqH3+W4PZO2/PyeEGEk70O/f09Ce4b8beT3duxss2i+hhVesEIgDdaAw+NSZ8dAFI1EeFvvaGmkP+D032efs6SNAbyOwIQhocNgI732JQIcNe4aoEBxCLCjobIV2M2Mq6qJjypGFg5L8Qr20pfAZCzmf/95+P8zOtZw4+GOETuLmfPkaz41wfHKJUtvQ+wZLYltq0IK8+ar5YZZqB/VPlWYgsAIYsoGqaKL7MNPoRUVtGRLk91QNbBo8q5d8LvxWomXGEDT2g/Y3PQu8ZVBQxEQ4SQzyoRw+MqXA3hSWZGNER4/2Ux1MdLW6DKzPjZCyn142enlvT3bhSue/+uFP3omZQsdVJgyCL60JVxam0wuNwJiV7AAEaSivwM8RoCRsSiUmm9TFuIAKWAQ2ds8rA7WEkaA/ntACyBmwQ4ZTI5Vke6bKoGgxF0GEDIhGEI8vWIaCxV+ceTihlCED5weVxeuzFa8t3/8wezzv99aExkcv47xkSEnGR88xdjxpMHSp8UuHFxSPznW2tlbVSwVFzxrW7TWWUrhm/vkQiIT0oFQjNRiAoRas/GpKfquW+HLwtW0cTcAM8aAEmc7tPn/6XCMskQPgr0KAZnbK7IgC6za3wcyYiHBT5xTY38tVtqRdgq7eA81m3zP9ybMAYSpWuKI4gwPK7wtZ0JOtSRK+n3IyLcuSNm/P6H6tWimSYzAwVHoNJ8AQKQyrKyHf98YCIgGva3l4fGRRBwdlhS95BnfQFM5I/P/XR0/dyxGPDw/P9Ur8NDY1JXAJSIsEW+pqAoBWk78FQ9w08KRl8qhmKgLib46g0R9RefbpT/+bZa4ZEM6AUzMq74H+9N8JGu0qtiFiUF0mCitEmBhkF085ao8Q//qZn/0611ctkciw1BkIqLnIEK8AYIyNpMfmobCCKuiZCnQvWatyeRYjre7Wki4Ea4yoC+4ef5UCNcCWBPONxpq0yODX3+XxoiIX97rCt39xbYj1kwIszuvZoGoT5GvHCWxRsWWXzZmgjWLAiJSMi/Y5J3YiAh+eAZO9+XvLSvkcjdORzqsNEzLKm5rrRy80SE+a2m+NWba3DXxTH18rGs2nssh1dP5ahzQFIqo0gpBomCD+vvWJ4sqSxbWYepxtd3Ve6nnB4QFRoD2bh9h2eXXQa3MdBJv+7bTwdgPjxqACQl86EztlAMmFWgBa5xVfPSOQ7UAlUw+oUcs7BFmNVoqBVtFm9ZFsa6RRbmt5giFia/erhcMK0NBmY3GRhIyLKoDigGZjYYPLvRAMqke0BEmNloiJu3xnDjRVGMJJU63uOo/SdyeOV4Dse6bTE4pshxGMhXMhT+LggoBd/rGmsioupElILM0W4bqaziWNiTuNwcuI2BKtIBWAc3CjBlhpMKJ3udoMxbjUcwlzcH0F18+dwu3xBuaH9Bq8kbFofU5qUhWtFm0Yx6Q1hGsEZfTZRo6RxTHjiZE8yl3+kxA4tmmao+7kkDlCkjBKGp1hBNtQa2LAsha4N7hhx+9ZStXj6WxeunbeoelJTKKlLsOp4EAERlsY8Ed8z57QAYRsXn2VYMJICOfrcx0PxWT+ZFBO4xwMN+Vfh47gC8RQDIk/16z6CUfSMyKF1WNRXMW3f5IZPQ2mDwyjZLbV4WwvqFISxoNakmSmaQPU5BRCvbLHK74zFKuc0rqB6unGeRGTDHCHB3+JEQaNEsixbNsnDrtiiPjCs+3uOoV47n8MrxLI73OGJoTJEj3Wcpx1FKOqdga5meqoEADI+7jYHmt3pmWjfCbQzkS76UXxGAGgDrvbrYkS4b4+ngnhdrgk0hS5zZ9dJro+4uf/2iEG9eGsLKNotaGwxhmcEzZu/E8jaL4hGBZBlk+iMhwsp5VkVYL0MQNdcZ1FxnYOvyMDK5OHcNSn7tdE69fCyH10/b1DPkUCrLhaAACP47BIrL2DRC4zlEhKzNONxp81XrPcvdWwO3JPCsH/fslwMwB941AMLBDpukYlSPFrhGCMCv3WMhtK8YAAOWSWhpMHjFXFNtWhLmDYtDYtEsk2qj5T/LnwrzZphobTDUiR5V0vJYZqC5zlALWiovIydfGkdL5whaOsfC7dtjPDym+Gi3rV4+lsO+EzmcPOuI4XH/owOWQdBhzeqCGWjvsMmWzB4dG86DKwpUUQ7ASrgqgFNmPMPqWLcdqGQxzdSxDELE8q5ii/MJBazcBbsmKnhei8FrF4b4oqUhrJ4fopmNhghV2C7/naiPC1o401THuu2SdPUqwAzMbzEwo77yPXJDEM2oN2hGvYEdK8NI55g7B6R67VQOLx/L4bXTOeodlpTOeRsdYLhRFNPnDIoqEE2sKAQBJ3sdGh5TaG3w5OPWwY2mv+BHHoCnDkDRar4JHjUA6huR3DWgBYBKTTbHfh8tE01hNL/pLD+/y2+uE7xsrqU2LQlh05IQLZppoi4ujGodPJZJtKLNwuP70vBTBrgYZjejfkWbpcJVJjNLRIiFiZbPFcbyuRbu3BHjgTHFR7ts9cqxHPafzOHEWUeMjMspRwcIcOeXzwZ6PK2qc/AHFCJgYFTRmX5HtjYYXswPgmtPBeC9aqQfEzgMN3HBE473OEikdAOgUpOx/VVXMwSMSIgm5CK/dZcfjwieO8Pgdfld/qr5IcxuMkTYmj7DZdU8i8MWIVfCZDLLJKycF6r6d2wYRDMbDJrZYODS1WGksswd/Q4fOGnLl49lxaEOG70jUmTyXZInUmbIACwTyjDcgIJfz6AUylxrM/1IZRUd7bKxZZlnvZ7WAagFMOr1vfrhALQAWOXVxQ515DjnsD4rKzGOhFQMMnxSiyRyGw69E8W7fM7v8ptqBC+da/HmJSG1cXGIFs82qaGmenf578aCmaZoqhWqp0RtshluqeTi2ea0euFEhHiEaOW8EK2cFxLvvTTGAwnJRzod+crxLPadyNHJsw4lUheeOxANCztskglXNdVzmJnSObbK/e6mE0QERzIOuo2B4NGkXAw3F6AiHIDF8KgBUNZmPtzp6HaWJYYAZG2WUkFYvjkAhLq4UPSWfgPFu3wQEAu7u/w18y2+aGkYaxZYmNNsikiousLPk6WlXtC8FpO7B33t3HwOZmBus6FmNVb++f9UMA2iWY0mzWo0cfnaMJIZ5tN9jnr1VI5fPpYT7fnoQDZ3fhEi5kIOgH+vUTGQzLCpl8/S4jYGcpBIMTfEPfEAZgBYDeA1r+/Vs0X0LQ2APFG3HExI7uh3oDf/JYaAdI6RcxgRHyO9TTUiCyBaKNNT7CYHNtYIXjzb5E1LQrxxSQjL5ljUWCOEmK7b/HcgGhK0os2Su9qzohR5AMzA0jkWxyMTO76pZogINVGiNQtCxpoFIbz/Mub+UcmHOmz58rEcXj2Zo1N9Do0VRQcAIBoi0zT8C/8zA6ms7gVUagQBPUOOODskVYM3QlmFxkA/9HqOe72LMuAKAHnCmX5HDSZkAKVGqhsCkM6ymckx1cX8+526mDCZgXCIMKfZVKvmWbxlWQhrF4Ywt9kQkVBll+mVihVtFizTbYjjJ8xuKe7KNou0L/b2mAbR7CaTZjeZuHp9BONpNzpw4GQOe4/m0N5p09lhKeIRMvzs4qgUVCbHDJ+OGDRvz1ia6Wi3jZXzPDuB2Qi3MVDay/v02gGoh4cNgNo7bEpnWduAUkNAMqvOJTf5xbK5pvVrt9TKjYtDWDrHouZaIQzt7k2YpXMsEY8QjySZBPyJAjDcHWU0TFjRpo+VLxQiQm2MaO3CkLF2YQgfuJy5d0TywTO2jEdIwMcEQFuySudYEWkHoJQQERzHFQS6fbtnl10OHxoDee0AeNkACO0dNrkNgLRNKCUEIJtjztgs4WO/iI2LQ9i4OKQ7PE6ReS0Gbt8ekw/sSZlDYwoE9kzJjhngfL+E+pjgGy6KqkWzKk8AKChYJlHbDJPaZvifwpLOskhmWM+uMnGkyxbpnFLRkPBivsyB2x0w0A7AOriyhVNmNKXUibOOHr1lwpbgsZTy1QHQht8bYmEhfvPOOrrxoqi6f3eKH9+XEf2jkrjQ9GYS7/lcMiYDzbUGX742zLdvj2HdolBViSlVM+MZFuNppbsBlgEioKPPof4RxfNbPfGXC42BHvEyD8CTxf0tAkCePG33oOTeYennEZnmHcjZLPpHpSdiThr/sUyitQtDtHKehfdcElcP7k6pR15Ji7PDklhduCNwrm8CgNYGg69aF1G3b4/RyvkWBa0jouadyeSUTOdYkHYBSg4RMDyucLLXYQ8bA22Cx42BvNzd1cCtAPCEw102xjO6AVC5cCRjaEyVts2cZsqYBmFFmyWWzqnDHRfH1MMvpdXDe9Oia8Ah9Q6OQMHwA8DsZpOvWR9Rt22P0rI5lmFM74q/imV4XDm2wxb0HC4LGZvpcKfNV66LeHXJNQCaAPR6dUEvHYDZAJZ6cSFmN4HCkboBUDkgIihmDCaUDVfZUVNhGIKwZLYl/vNtJm7bHlOPvJxWD+1Ji1O9DklVEKqhc4afCJjXYvJ1m6Lq1m1RWjjTNLT4VmXTN6JCOUcb/3JARGDFaO/ICR8aAwXSAVgOjxoApbKsjnbZ+oi4TDAzlAI6BpyQVFqFsZIRRFjQaorP31iDW7ZG1aOvZPjBPSkc63ZEwcFe0GrwjRdF1S1bY9Q2w/C1NE1TOvpGpZNz2DINACXqFaF5A0HAqV4Hw2OKWxs82cnWw82ze9Gre5yyA/CW839Pdou9IxK6AVDpKRh+yyS01Aue1Wg4zDChQ4gVDxFhbrMpPnltHDdviapH96XlCweztGlpiG+6KEqzmoxpK6dcrSyfY+HS1WF5vMcRQ2PKS2lazQVABPSNKOoccGRrg+FFblyhMRAxsyf18V5FAEL5G/OEEz0OjySV3oeUEMWM+pjgqzdE1NblYaxZEMKsRsM0deJXVUFEaG0wxEeujOO9l8Q5ZEELLFYpV66PWNtWhrh7QPL+kzn53SeS4kSPLXSEp3SksooOd9q0ealnJ6nr4TYGSnhxMa8cgBnwsAFQe4fNOYe1BHCJYGaYgvDJa2vkp6+vMbRFqH6ICJGQjuxUO9GQoCVzBC2ZY4n6uFB/+p0RHs8oreRYAgqNgdo7bCjF8MjxKjQGet2Li3kl6LEEHjUAytnM7Z02gXWdeCkoHOHcti0qP3RlXBt/jaZKuWpdhD57Q40MW8TKZ9lojQsRcKzHwXiGvWrK4Gm3Xa8cgPUA6ry40OCY5DN9jrb9PuJmfjOkYhgG4T2XxNVv3lVP8YiOuWg01YphEH3s6hrjN26vk401Ao5014DCeqDxHkFA96AjeoakVy/YRL7fjhffbEpHAPkbEPDw/L+jX6qBhNRaYx5RGCQFVTdmwBBALCJ4TpPBd+yI4T2XxEQ8otVdNZpqJ2QRfeSquLlsjqV2vpjC4S4bvcOSkhm3U6GrE/FG1q/eiU2d8TTTsW7byx4aG+BRYyAvcgC8bQDUaVM6x/pw8gJ5qxdYbOgB1wMNWcS1UYFZjYZaPNvEyjaLV82zaH6rSY21usuuRjOdMARh+8qw2LI8xMPjijv6HXWk00Z7p42TZx30DksxmlLI2iApXUlogvsv9A6ygtpZOB8EO98Y6NZtnl10JYBWAKeneiEvHID5cMUJpoxUjPYOm5XCtBYAKjbqBVlWFP79LRC5E9o0wJZBFAsTGmqE01QrjHktpjNvhmksmGmqthmGaKk3qCZCOgu4NGgVxSngHlGBpQKZAiwEQNrCeIohiGbUGTSjzsCmJWEoxUjnWA0mFPpGpXOmzzG6B6XTNeiYfSOKRlNKjqWUmcoyHMksFaAYxAwoxW9qR33OYYC7RgHT00EoPPLhTltkcoojIU8W39lwdXcC4QCsgVsFMGUSKaVO9NjTbkNaMPgqv3MXAgiZxBGLqDYmZE2EVCwsrNoYoS4mchGLZDxCMAwS8QiF6+OCW+qMXEONMGqiZDbWCMTCApYJK/8ydXzfB5iZbQeUzCrZP6JE74i0O/odazzNlMwqGQ8Lc9Fs01kz3xKzGg3teF0AWZv54Jkc7z6cVcd7HCQzbNbFyKmLCZ7ZaFgLW01nVpNhtDYYXBMRRsgCi+loWXxACEI8QiIeEZjfalpbloXBzJZikO2AkxmFREohlWWVzLA9nlE8luJw1mbK5BjpnFLjac4NjStjaExao0klR5JMI+NSZHKMwhGDmGYOARFwpt9Bn9sYyIuHjsJtDPSLqV5o0g5A0S51M7xrAISzw5KmyzrJzFDsTojamOCZDYZaNNPEqvkWls6xZFOtCNXHBWqjApaZ3+kLWESwgDdNIMKbRZj87zU6jWBmdiQomWU5mJCib0Q6J3sdo2tAOqf7HKtvRGIgoZDMKMt2mPKOnEkEhEwy5zQZ6uatMfn+y2LUXOeJIEgVwjja5ahvPjqOZ1/L0GhKmczuwGa3AQoEAZZJZixM1FRryNYGwfNaTKdthmksaDXkrEbTaKkXXBMVRsgE64jB1CEiMggwQqBIyDCb6wzAXe/PV9gumDmsGORIIOcwRsYVeoak095hU3unzSfO2kbngMR4WpHA9FAnJAKGx5Q43ec481s9a6W9CYDJzFPKmJ/0X+YdgDiAewBc78UT/ez5pPNn3x81vWx3GFQKz7hsjqluvCjKW5eHae4Mg2ujQmjxnfKQDzsjlWE5OCZF36hyzvQ5Rke/45zuc8yzw5IHE0qMZxRyNpNUb4Q63+q0FnT23eu6i8D2FWH53z9Qj0WzLKPczxo0dh/Oqq/8cJRO9NhU6J7+1jXgl47G8sdihTyXWJiouc5wWuuFMb/VtNtmmNb8VtOZ1WgYM+oE10SFsAx9klAupGSMZVgd6bT5oZdSeHxfRiRSiogI1fxJCv02fv22OvkrN9d6NfcPwLW7fVMZz1PdKc6CexbhBdzeacOR1a89r5hRExH44BVx+aEr4tRSLwy9KJWOguRxOsdycEyJ/hHpnO53zK4BaZ/udcyeYYcHRhXG0srM2iCpOATglzKk3y1PpfBNidzffOFQ1vjy3aPyzz/VqDySBq0KjvfY6q9/PEonzrrG/+3mQvF/X/w/YWbYDtOowxgeV+axLuC5g9lQ/ijNjIeJZtQbTmuDgfmtZq5thmHObzHlrEbDaM47BqbQjoHfGAahIU5i24owNi0J8dXrs+prOxPiWLdNQPU6AUTk5rd12rAdZsubGrdCY6C+qVxkqg6Ahw2AFI52OaKwyFYrihl1UYHfuqtO3bEjpnf7PiMVI5NjOTyuxMCodE71uaH7U72OdXZYct+IfMPQSw4xACJXMv1CDf2FQEQQgrHnaNb43hPj8jfvrPNKGayisR3Gdx4f52Pdtih0KJwoxX9jnMcxGHEYQ+PKPNxpA0BICCBsEcXDglrqhdPaYGBBq2m3tZjGvBZDzWo0RFOtgZoIkaEdA1+wTKIr1kWM5jqhvvTdERzpsqv6PQsCTp51aCSpVEu94UUUoAFu9d2uqVxkqg7ARgCeNDvuHZHcOeBUtfFnZlgG4TM31Dh3Xhwzqz3SUUoUMzJZliNJJQYSyunod8yOAcc+ddYxe4Yl949IJFJspnNMUnEoH5Y3iw29333vCy1CH96bFrfviKkls61pHwU40mXLp17N5h1/b9//OzkGOZspa0sMjknzUIcNAqxzjkFEoLVByJkNhpjfajrzWkyjbYbrGDTWGKiJEgnSjoEXrFkQEr/z3jr1h98cwdC4rFqJYrcxkBQd/Y5sqffkFIDg5t99fSpH5pNyAPJncRY8FAA6ddZRw+PKrM7P76LYPQd+32VxoY3/5GBmZGxWo+OKBhLK6RhwzO5BaZ8865jdg47qHVEikVJmOsfkyHOGXhSXI5Xz3ecXAnrlWE5qBwDYdyLHw+OypMv+uaOZc//iwszI2kwZW2IgIc3XT9sgcgM1kVDBMTDkrEZDLGg1nXkthpjbbPKsRkM01AjURIi0qMbE2bY8LG7bHpXfemzcqOb8r1RW4UiXDQ8bA62Dq8A76cZAU4kANANY7dWTHOqwqZobADEzoiHCey6NoTYqpv3C/3YUEubcxRgqkVI0OCadjn5pdA04zqlex+oZkqpnWBqjSWWkssE09G9HoUHI0W6bprtQADPj5FkHQdH9eCfHIJNjSuck+kel+dopnHMMoiHBNVFCa4MhZzcZYn6L6cxvNcWcZgOzGg3Ux4WIhwlEqOpz7qkgBOHWrTE8tCfN/YnSOoMlgwhS5nVumL0qXV0KoA3AwcleYCoOwJL8j0+ZnM18uNMGGKjWGkDFwPxWU21cHKrOB/QIWzI/uCeV2388Z/UMS3V2WBoj48pIZlg4kkPKLQ0z87kiBATT0L8bqSwbrLhqx/uFoBhIZjjwJavv5Bikc4pSOaB3RJoHTrqOgSEI0RBxTZQws8FQc2eY+NR1NbSiTUd83o6FM02xer7FTx6QhCqskSlsTI51O2I8zVwX88QBKHThnbQDMOEBWVSKsw6uDPCUGR5X6lRvdTcAYgaWzLa4Ia53/++EINDuwznzR8+mxIuHsubpXocSKSVkvp2maRAMw91+ueVDlTloQhapCr11zzAEoaGG7HLfx2QpjD9BlFfjdP+dmZHKKuodkbTvRM7YezQrQoF3c8pLyCJa3mY51RwSEwR0DznUMyS9uuSUj+Ena4wKCQiecKbfQf+oqurTMyJgbrORE4J02613wDQI126MIB4hCIGKN/RvhZkhBLB4pimr5ZmmwrI5FpkGVVU3umLHgABsXxlWHgrATApXN4FVkN9zXUyEyn0PfpNIMR3vsb1qDQzkE/En+10n65d62gDocKeNTM7LdxJMLDNYxl8q5vE089lhyaf7HDWeVk5rgxFaPMuk1gZDlOtcduOSEC2ZbaqDZ2wRgKNhz6mJCF6zUIeDAWD9opBoqhU8UIVnv8yMaJhwzYZI2Y6phsclv3I8pw6czNHQmJKNcYHlbZZcNNM0ZjcbqIsJMqp66xUsHDcPgG7Z6tklC42BzkzmjyfrAMwDsNiLu1eK+XCnzVJV5lnuBcPAQEJazOVTKFWKkUizOtPn4FCHza+dyuFYty36RhQSKWVJxZZlEmY2GLxtRVjesSNGaxZYpBSQyjIPJCSHTBLzWvwt1miuNcRV66PyUIeNassKVgzMbjIwb0Z5d4RBYV6LSesXhdRjr6SNajv7VQwsm2upjYvDvn/rs8PSOXgmp2Y2GObMRoOjIRIvHMqqbz8+Tu0dtpHNMRiuvoUpSNREiWc2Grx8rqXWLgxh9XwLC1pNqo1S2VorjCaVjbzsczVCbnYzjnTZ5ENjoDOTWSsn5AAUhRlWw60CmDJjaeZj3XbVCwABwOlex8jYzNFQ6Z7Ulsy9Q5JfO53jvcdyeP10jjoHJI2nlZAKheYc5+7Hdhgd/Q6d6XeMp17N8I6VYZnOMroGHaNvVOGipSH1559qFCFv1KzelqvXR+gnzya5b7R6dobMbpvrK9ZGVHOdJ2IgFU/YIrp+UwTPvJbJN4upjq/N7FY0Xbsxyg01/uf9PLQnhf99/5hVEyE01go0xg0c77HFaEqRoDc0LphdzYxEimkkqai9w8YDu1OojQme32LyxsUhuWV5GKvmWdRcJ0pWrpxPBDcQqBip9xCAM30S/aOK57V48nJjADYAeHQyfzzZCMCmKfztm+gadKZFAyASwPEeh073SV7Z5u/TOpL57JDkV07k+IWDGRw4aYveUSlsm9+kW2+I85clFf67gYSknS+mzKL/jvafyHFHv8NLZlu+PsPi2SZdsjqs7nk+ZTCqwzlkAE11Bl+zMVIFT+MdW5eHaekcSx08k6uaIx9mYO4MU121zv9vncoqfrE9KxyHKZFijCYVnYQDQb8cVaWiUgbD3ZACYIylFL16KkevnsrhR88kMafZUJuWhOXla8O0bmGIGmuFryI9p/ocbu+0iao8LkYEDI1JcbrPkfNaPMsM3QzAADDh7MLJ3EGhFaEnnOhx1Fgq+KVAU4UADI5JevTltFox1/R8p8PMGEkq3nc8p548kMHeYznROyyF7fA5DXshJlaHLIggjDf/xkBC0e7DWbVktr+ROkMQ3bwlhsf2ZXg8ragaKuZZAVuWhnjpHH+dp0qjuc4QV2+IyEMduao48mFmMC9axVQAAErYSURBVIAr10V4fqv/kZ4TPY460mWLQh+Fiby+X3YIGDmHcfKsI070OHhgTwoLW011yeqIunJdhFa0WRTxOIKpmPHQnhT3j8pq3wcCALI243CnTZet8UREF3BLAZsA9E/0DydjeL1sAIRjPbbhqOoVACpQ6A63c1dKXLomLDctCXuyMEjF6Oh31OP7M/z4vgwd67aNTK7I6BvkmemkvJjFc69n8Z5LYl6dYb0t6xeFxJZlYX58f5oqfWfIzIiECNdvjnLIrPZ9zsS5cl2EfvxMdRz5MIDmWoNv3hItSb7Pi+1ZHkl6U1X65gZWQM5mtHfaor3Txk+fS/KmJWG+ZWtUbV0eovq48CRfYPfhrLpvV1oU/361UmgMdPKsI5Vir5QjF8JtDFQSB8CzBkBSseoZlA4zQlV/BgB3R903Iukf703QFz/eyPNbJ5dMx8xIZli9dtrmx15J4/lDWdEz5AjFbnh/ojv9CT2DAF4/kxPHuh21dmHI191NJER058Ux9WJ7Bq5TU7ljpJAQtmWZ/wlhlcjiWSZtXxFWO19MVXQyYKH16+Vrw2rFPP8rPcZSSj17MEPM8Ly5VCE6UIgMJFKKntifpucPZbB8rqWu2RCRl62N0MJWkybb4a69w5Z/f0+CBhKSqjoJvAgioGvQMdM5prg3J0QNANYA2D3RCNoFOwBFCYAb4CYeTJl0lkXfqLQqeF2fMIKAfSdy4ovfHVH/33vr1Or51gW3As7kmE/12ryrPcvPvJ5Fe4ctxjOu509UuiqKkXFFz7yewdqF/pftXrQsJDYuDqvnD2Uq9ny4kBB2zcZISRLCKhHTILp+cxSP7ktzJle+ShkvqI8Jvn17DFYJOn2+fibHR7sc3xtLFr6HYbiJwq+eyonXT+fw/aeSvHFxSF2xNoJNS0M0s8GgC+lwakvm5w9m1T/tTFChE+R0gQCMjCvO2qziEU/c3YIuzzcm+ocTjQCY8LABkC0ZYymeRp/+jVKQl49lxX//+jC/99KYvH5zlOY0/XLdfc5hHkxIdA5I+frpHO09mqODZ2waHpdv7PYneObnxf0rZjzzWoY+dEVcNdX629e+JiLovZfG1CsnsshWaBSA3dI/vrIECWEXdj8MR0JJBTYEyDRQttKvYjYuDolV80K891i2Io983Ax74LI1EbVuYch3R08x44n9GSQzqqS7Z6I3ogL9o5Ie2Zs2ntifwawmg9cusNTq+SFeMtukRbNMaq4zyDTcJUoxMJ5mdaTL5gd2p/DE/oxIpBT50Qky0BCQybFKZVg11XoW71oHoBbA2ET+aKIOQCOAFV69B0dC5hwmmrwiYUVSSNTpHnTo/9w/ZtzzfIrXLLDU8rmWUx8XIWaogVHptHfa5okeh4bGlJHKKWLlVhMQyquZIAg43uOIvUdz8vrNUd9/75LVYbF9RVg9eaAyowAMYMeqiFrQapY1uJ3KKt53PMcvHMri5FmHszazZREWtppq+8owNi8Nidpo+aZibUzQdZsiat+JykwGZDAaawR/4PI4QiWIa/YMSfVie7ZsKwGda8bh5iJ19jt0ps8xHn4pjUiIuKXe4AWtJjfWugfd6Rxz14Dk0/2OGE+75YnTautfhKPcDbCHLIYrCOSrAzADwByv7lgqdqSCgWnmABQQed3wrgGHOvod+vnedKFTkGAghHxnvELP+qBYPyJCNsd4dF8aV62P8GTP/y6UWFjQBy6L896jOSQzqqIMAzOjJiL4+k3lU4MDgENncurfHh6nFw9nRTKtUOhEyACefx245/kkNi0N8+dvrOFNS0JliwhctiZC33syyZ39ldUbpHD2f/WGaMlUHp8/mOWuARkIHb/CpkbgjbbKHf0One5z3vo/M0S+FLmiPrDH+PDkDQDmAjg+kT+a6ECdDaDGqzsWRIbwLkm9IqF8X9FCIxGR/8cQwW56QwJ46UhOHO32VNf6bdmyPExXrosoxYXa5cpAMbBmgcXrF/kfEn47XjiUUb//jWF6dF+a0lkFw3ijqVLh37M247nXM/SH3xwWj+3LlE2Xu22GIS5bE1YV9IkBuGNyVqPBH7y8NGf/yYziR19Jk6OCFyk51wshv64V/2MEdD0rNT6M7zhcB2BCTHRRagUQ9uqOLQNmyCKj0ia7xvVgh8YkPfpKpiS/F7aIPnxlHC31Bge5oUkxzAxTEK7bFOV4pDzb/+PdtvrqTxI43euQabz9wkvkLtA9wxJ/d0+CXj1VnuYcRITrN0VRFxMV9Z2JgNu2x1SpWv4eOJlTr522p0PxVFViCLfxmYcIuPZ5Qo21JjpY6+GRAiAAWCahNhqsBjmaC6NgSJ7Yn6buQackxmL1fEvcsSOmiCY2yMsFMzCvxeBLV4fLskznbOZvPjrOx3tckZgLwRCErkGH/mlnggYS3h5SXiir54fEhsUhpSqkP5hiYOkcS733klhJqhccyfzQnjSSGVXR1RLTFgYiIRKxMHmdE9Qw0T+4oGWhaLH1tO4rEiI1o96wK2At15wHIuBMvxRPHMiU5AsKQXj/ZTFaPtdSQY8RM7thvsvXRtTsJn8rJd6OF9qz6on9GTHR81ZBwJ4jWdr5QqosJjgSIrphcxSWGfw2wcyMsEn4yJVxNae5NA2ejnbb6oVD2UCc/WsmDgNoiAuKhDx3ACZ8PD/RAVvr5d2aBolZjYYJVNa5rsaloGr10J40DY2VZrc4u8kUH7+mhiOhoBsHRkON4Gs3Rsty3jmWUvyDJ8dpfBK7RFe1ErjnhZQ4ebY0OR5vZfuKMC2aZQbe0VMMXLw6LK+/KFqSCg9mxsMvpfPtk7UHUInk+0Q40VD5o98TdQDGvb6BpXNM6Z6FlP1daCaBIOBIly2efi1bMkNx7aaIuCrgCYFKAZuXhHllCdTgzscTBzLq5WO5SVdZEQGd/Q79+NkUZBmscGuDIa5cF2FCcI97FDNa6g3+1HU1qClRjseZfqke25cxgOpokDXdKIiCLWg1DY9kgN90+Yn+wQUtTkU7iKzXL2TRTMuIR8rvCWkmBxEh5zDu35WiRKo0liIaEvSZG2oxb4YZyEQxZkbIItywOcLhMuhc9o1IvvvpJGWdyWeIU7729Od70/T66fJEAa7ZGEFznRHAL1xYyAkfuDyuNiz2VxK7mIdfSnH3YGWVSGreTMgirJpn+TGsJ7xBn+juZBSTaDn4TsxvNTCnyeCgh/o0b48g4NVTOfHcwdKVj61os8Qnrq1RoQCeEysGlsw21Zbl5Un+e2BPSrV3TF1eVRBhICHp7qeSyJYhU2fpbEtsWRZSAfu8ANxvvHlpSL3/spivbXKLOdPvqAf3pAXz9K6hr2SYgdZ6Qy2ePbk+MO/C0ET/YKIOQD8AT+u+GuJCrF8c4sLL0VQeRG4d+U+fS9FosnS527dui4qr1gfrKKBQEnb1hijPqCt98t/pXkfd+3yKlEf14YKAp17NiN2HS3fEU8Ay3WTAoOV7KGbMqDP4126pZb+lsIt5aE+KOypMIEnzZpiB1QssntnguaqbBNAHTDDhd4I/0gMg6eVdExEuWRVGxNJ5AJWMIGD/iVzJKgIAIB4R9Cs312LxLJODsk1kAC31Bl+9vvS6/0oxfvJckk/3O55tSokI4xmF7z+VpLF06eN0m5eGRZCqPpgZhiB89Oq4umhp6UL/evdf+TAzTJNwyaoILqRh0gRJAuia6B/9/+2dd7hU1dX/v2uf6e3eS+/SpXcVBBGlgzRrNLbYu/j+3vdNeVNMYprpyZtmmnkt0dhiib0jNsQOCAjSO9w+/ez1++PM4EAsl3tnT7vr82Q0D4/MOmfO3nuts9d3r3WkAcA+OEFAXhnZ16P6loHiV/h0slqA+5c30/4Cnh8f2MOtLpsb1iGfKvpbImd2Io472sv9uhnZ4vtMVm9J6cfeyH9fdUXAyvUJ9dw7hQvuslSHFE0f42NVArUfss1+po7w6TOmBAtWLpmZ8fBrUcjbf3nDDPToYPGEQR4TT3E/gG1H+peONACoBbA+31feMWLRtFE+LpcCL8InowhYvTmlnlgZK+hDnD7Gr06fErCd42vFHD+MgJcwc5zfRIT/mSRTzHe/2Mx76/N/PCyb4rlnWTP21tsFTwWcONJH3Tq4ir40aGb06+biK08JIxwoXA2+D3ek9b9ej5G8/ZcvzAyG0ymye0cjaaMNcF7Qj4gjvZAUgJUGLh6zx/mpZ8fiT3Kh9RAR0ppx3/IobdtXmOqAgJMrPn9GiCYN9drF1ANoBob09ugx/Y1E+J/JivUJfv7duKXIzPEwRcDqLSn16OvRQt8a+nR20aShTn+A4j1bRlVA4ZoFET2oR+GOdto2833Lm3mnKP/LGgbQMWzx3GP8MCQafRutSM+3eCDnjL7XYKAeQN+uLjVnvF9DdgHKGkXAR7tS9MDL0YLm5TuELXXtwgj17+ZGMfQA2dzwjDE+jhTw7RBwGsPc9UIzGmPmOiUSEbRm3P9ylDbtLlxwBwBKEc0c60fIp7gYOqFsT4dzp4f0tJG+grZ0fuejpH7yzbhCO++eV85kO0WePNrHQ3u7TYyfJICXW/MXWxPJvg8DaQAiwsJJAerftXQEP8KRQ0RgAA+/GlWrC3x+/OhebnXdoojdIaQKLgpkBnp0tPiEEYUX/z33blyvWJsw3lqdCNiyJ00PvNzMhZ6kI/u61Yi+7oIfF85u3c4e7+dzpgXJKmBL7lhC853PN+NAo12wo4ZC/mEGenZ08RlTg/luAJTlI2R25o80SGxNALAXwNMm7qJPZ5c6+6Qgl+LZbqHlEAh76m267dkmxJKFXbKnjvBal80La5+7cGPoYH5vmFf36lTYo3/7Gmy++4VmFU+ZbwubLQ702IqYWr2lsMFd0Kdo5li/dlmFfa6agfEDvfbVC8IodEfH59+N6+WrnLSOUJ4wMyyLcObUgB7c01jq6EW04gQA0LoAAAAegVMUKO/MneBXJ4/2ZXK5EgSUI0ROKuDF9+Lq+XcL21teKcKpxwfVWScGbaUK5ywiAcUzxha+7v/jb8T0mi2FawubDe7+sayZk+nCTtDjh3lVn85WwTZ3nIJObv5/p0Woe4fCnurYXWvr259rVrGk+cBOMIdmYNIQr148KWjK+ccAPIxWFug7oovKGYgrASwzcTdBn6LL54VpcM/Cb/cJ+YOIEEsybnummXYeKGzO2OMmunh2WM2b4NeA+UBSa2BUPw8P61PYuv9b9qT5vuXNys5T0Z+WkA3unn8nrlasK2xxoG41ljphhI8dMaDpZ8roVmPxf54W4aG9PQV9rloz7n2pmddsSRYssBPyj60ZfTq7+MpTwlQVNPYkVwB4CWidRqS1A7sZwB1wxAd5p183t7puUYQ7hq2C5xqF/KEI+GBrUt39YjMXuqFM2K/o2kURNXWkj9ngbhIzw+0izBrnZ7+3cMs1M+Ofr0T1pt2FV4cTERpimu56vpmaClgciIgwfYwfNSFl1KbWTifHG5ZU2ZOG+gpezfHtjUn7gZejiiHCv3Ile2rkukURPayPsVNBNhw/XNvaLzjiwZ0zIJ+Ak3swwvHDvOqSOSF4S6wMqNBysoLAB1+JqtfXJvLaQ6IldK6y8F+nV+GYo73aVBCgGejb1aUnDils3f81W1P6X69H8170p6UoAlasS6gX3y9siufoXm41boBXmyo4rZkR8itcvSCiZ471uQp5bwDQENX8lyebaF+DCP/KFWaG2yJcMCOkTxpt9NTICgAPAa1fA1oV3WaM1QL4DQwcCQScRiSnTg7i1OOD6eIXeBFaiyJCbZOmPz7eRPuKUESmZ0cXff0L1Tx2gFfnW1fCzCAA00b5uEt14cR/qTTzPcuasbuueD3hiQjxFOPuFwpb+dHrJpo13gevAZGnZobPTbh8XlgvnhSwjB+r+AQefCWqX/vA/IkOwQxZQfC8Y/z6C9OCZFDBmQDwWwC72vIlbV20ngBwn6k79LqJLp0TsqYMz//iLRSObJ+Au14ofCoAAPp0cVlfOauKRxzlyes4YgAdIxafNLqwR//e/DCpn307TqaK/rQURcCqzSn12BuxggZ2xwz20oAe+T0unHX+l8wJ6zOnBpWh41qfyfubkvrO55pU2hbhXznCcHYEjx3s1VeeEqGA2ZTgvwA8CLRtB7DVAUDGaAzATwGsM3WXNWGLrl8U4aNLqCGIcGQQETQz7lverF5dU/hUAAAM7um2vnlONY/q58lbOoA1MH6QRw/s4S7Yat0c1/z355uoPqqp2E6CiGA7DYho697CCT07hC110mifzlfp8Fznf970kPIUvo0D6ps13/JYI3bW2iSv/+WJ1oy+XV24fnGEDHT7y2ULgB8CaGjrGpCPbcv3APwAee4SmEv/7m5r6ZIId4pYWqKA8iSbCvj9o40FPxWQZXAvt/Wd82p4wuC27ygxM3xewqxxfnhchfPEL61K6FcLUPSnpRABm3en1f3LC1v5cdoon+pSZbXZotaMkE/hylMi+ryTi+P8NTPuWdasX15TOs9VODI0M6qDiq9bGLENiv4AZ+v/x3Dy/22mTQFATvRxF4A/AjC2sE8c4rUunxfWfq/oAcoVRcD7m5PqL082IZEqzkPs29VlffOcakwZ3rbjZJqBwT3devxAb8Fy/wcabX33C80UL6Gz4Vmh56Mromrt1sIVB+rX1UXHDfFqboNFrRlVQcXXLozoc6YFladwGzmH8NoHCfvvzxf2OKeQP7KivwtnhvjEUcZLRd8G4K9AfsS/bV68MhcRB/B9OAWCjEBEWDQxYJ0+JVgCXd+E1kAZydojr0XVv16PFu0B9u7sUt84uxpzxvt1a8YSM0ORU9u7OlS4d7YnVsb43U3JkntLJBB21znFgVIFKg7ksohmjfMj4CNuzVpga0bnaou/fEaVfdqUQFFy/gCwY39a//aRRtov5X7LkuzYWzAxoM+aalT0BwDPAvg2gOZ8BYr5fHvZC+CrcLoSGcHjJrpodpimjhBRYLlCRIgnGX96vIne2ZgsSioAALrWWPTlM6vprKnBtNuiI2ogxAx0q7H4xJGFE/9t35/W970ULUmBWLY40LNvx62V6xMFm5Sj+3vUsD6eIyoYxsywM7nab51TredM8LuKVWs3ltT8x8cb+f3NpRfUCS1DM3DcEK99xbwwGa4DshbAlwFsy+eX5iUAyFmQVgP4CoCdpn6F6qBS1y2K8JDeIgosV5Qi7DiQpl8+2EC7agt/NDBLdVDRdYsi1uXzwzrsVy0uOsUMTBrq0326FCZhzMx48JUob9xVuJK/RwoRoT6q8fcXmhGNF2Zmhv2Kpo/xsdXCks/Zrmxj+nvsmy6o0ZOH+6xiBVPMjH++HNWProhZBCn4U47YmtG/m4uXLq5C5yqjW0j74LxcvwHkd6zkbQcg56KeBPAdAMYah/fr5rZuWFyFLtVSKbBcUQS8tSFBtzzayNFE8R6iz0N0/vSQ+tpZVbpnJxfbmj/TmXCmUMzMcT5YBdqzXbc9rR9+LaqYS9tRKAJeX5tQL74fL9jznDLcRz07Wp/r/520DWHmOL/+3gU1NOKowpb3PZxXP0jYf36iSSUL0MRJyD+aGTUhxdctiuijexlp8ZslAeBHaGPBn08jr5Mgc3EMR6TwGxgUBR43xKuunC+iwHLloB7g9aj1jxeb7WIGci6LMGdCwPreBTU8doBHf5Y4UDMw/Ci3PbJvYRxI2ma+Z1kz7zxgF/3Y3+eR7f9w94vNONBYmOJAvTpZavJwb+aZffJ/ozUj4FW4cGYo/fWzq6lnJ1dRnf/GXSn9i382ONX+SnVLR/hUmBkeF+Hi2WE9dYRx0d/fAPwOgG1i/ud9ImQuMgHgZmQKFZhi/rEB68ypwVYJuYTiQ0RI2Yxbn2pyPf1W4d4aP43R/T3q+xfWYNHEgO12EQ4PSpgZLkWYOc5fsNawb21I6qffiikqctGflqIIeG9TSj25sjDFgYgIM8f6EQkodt49Piab7+/V2cVfPavKvnxe2BUJFNfj1jba+lf/bOC121Li+8uQrJ9ZcnzAPn1KUBl+iE/B2U3Pm+jvcExGwtm8xUpTBjwuwpdmhmnaKB+LKLA8UUSoa9b41UMNeHtDsihFgnLp3sGlvnxGlfqPJRG7S7V1SEqAGejd2eLjhxam7n88qfnuF5uprlmXjUKciJC2Gfe8FFXb9qULMiGH9XGrMf09nNsfQLOztT55mE//6KIaPe8Yv+Uuwhn/XGJJjd8/2kjLViUsp4pjeTxTwYGZnfa+Q3360jlh8nmMPsBVAP4bwHaT92QkAMgZ2GvhiAKN3USVI+Q6WOZVKD8sRdi2L00/vrdefbQrVfSn6PcqOnNq0PrhRTX6uKO9OlvJkAFMHenT3TsUpu7/S6sS+uXV8ZIV/n0aioCPdqXowVeirTqid6T4PIpmjvVrt4sOvvVXBRRfPDtk33RBNQ3r4yma2C+LrZnvfiGa/ucrUWKWvH85ohkY2MOtly6OcMeI0TVgL4CvIXOizuRYMXYTORf9DIBvwVDTIAA4qotLLV0coe41FiQKKE8UAau3JOmn9zXwnrrinQzIQkQYO8Br/eBLNXTRrJBdFVBcFVA8fYy/ILn4uiab73qhmaIJLvnc/+E4KTngkdejtG57Yao+HjfEq/p2dWmtgZF9PfqmC2r0ZXPDVk2oSAf8c2BmPLoihj8/0ehKpsX5lyNaMzqGLb5uUYQH9TQq+jukpo7psWJUwPDtb38bN954I+BsZwQBHA+YaV/Wo6OLwn5lv74uqVIyycqO7PPasi9N+xu0njDIa3qLrUX4vYrGD/Soo3u7dbcOLn3yaL9yWeav6+HXYvr+5VEr97cpNxpjTAD4+GFe42K3oE9RNKHtgT3d/J+nVdGwPp6idPP7JF5albB/fF+9qmvSKJVrEloOM8PrJly9IMxzj/Gb3k36I5w6/8lCzPuCnWMG0AHAHwCcbspOKs34/aON+m9PNSkt22xlSXZ79LQpAb5uUYRCvqIKtg+5Ls3OToXpcbXzQFov/cMBrN2WUsUqUpMPNDtb8T++pIM+ZrDXtFoaiRSzIlCxc/25vLUhYX/rtjrasjdd1s+yvZJNYX3hxJB9/eKI5TVbLvoxABch0+K3EP6rkKvrATh5jTdMGXC7CBfMCGHGWJ+dr45vQmHJnuh4YHmU/vx4I8cSRc8GHLwuS1FBJuXDr8Z4/fbyV4lnBJ501wvNiBWg1oPXTSXl/NdsServ31Uvzr9MyQb9k4f5+OI5IWXY+b8Hp9JfwZw/UKAAIOdm1gP4TzjtDI0QCSh1zcIIjewnosByJdtm9o7nmukvTzbpZIHqy5cCH+5I6QdfLf2iPy1FEfDy6rj10qoSieQKxLrtKf7+3fW0fkf5B3LtFc3AoB5uvXRJhDuGjWpJ9sA5MfceUNh5X7AdgJybegGOKLDRlK1enVzqhsUR7tFRKgWWK9njZLc/26TueLbJLlSTmWJi24x7X2rmHfvTleD7ARxSHIjqmnS7CAI+2p3i7/29Du9tSpIc9ytPtGZ0rrJ46eIIDejuNukn4wBugrP9X/CxUtAEa87N3QngVwCMnfseO9BrXXVKxA76VEH7lAv5g4gQTzFueazRuv3ZJrvSdwLe3ZS0n3wzplBhTkMR8M7GpHryzVhFPz8A2LwnzT+4ux7vfiTOv1xhZvg8hEvnhPXxw4zW/GAAtwD4MwBdjLFScIVV5iaTAH4K4F6TtuaM91tfPDmoXS1sFiKUHsoJAuiWxxqtPz/RqEtFE5Bv4knmu15oxoHG8in601KyFR/vfalZ7ThQmGOBxWD9jpT+7p11WLE2QSTOvyzJipBPnxLUiyYFTCv+/wXgewCixRorRZFYZ262FsD/AHjFlB2XRXTeySE1a5xfRIFljCJCIsX01yebrD8+3sTN8crzIa+sieuXMhXiKhFFwIc7UvTQq9GKnITrtqf4O3fU0RvrxfmXK1nR35ThXr5odogMi/7ehVMkb08xx0qxz1htgFPucJMpAyG/oqsXhGl0fxEFljNZTcBtzzbRrx9q4IZo5TzNhqhT8rc5rivWcWSLAz38akyt356qqAjuvU1J+8bbayXnX+ZoBo7u5dbXL46w4QJSu+Ao/lcV+56LFgDkTJKXAHwTQIMpWz06utQNS6q4Z0eXiALLGCJyhHLLonTzPfV6X33xKwbmg2fejuk3P0xWvFqcCNi+P033vtSMdGGaBRqFmfHa2oR94211tHpLSpx/GaM1o0u1I/rr382o6C8G4LsAngCKP16KugOQc/N3Afg5gLQpW6P7e6xrFoZ12C+iwHImW5f/0RVR6zt31vHmPYVpOGOKffU237MsqmJJRiWnqXIbKj2xMkbvbyp+46e2oDXj6bfj+tu316oNu5yCTcVezIXWwczwewmXzw3bE4cYFf1pOK19/wKAS2G8uIp9AZnCLyk4AUB/AOeZsjVrnF9t22vzLY81kq2lUmC5ki0WtOz9uFXXrPm/T6+yR/T1GK80ZwKPm3DGCQHdq5NFqzensLveVqkUA+TkzbP3W27kOnzNgKWASEBx/+5uPWGQBzXhwjRUMkEqzfzAy1H9u381WHVNGhUr3GgHZEV/Z5wQtBdMDLgMz7WH4ZT5jZfKnC6Nq8DBBaMvgNsATDFlpzmu+Yf/qNePvBa1RKxT3mRFO306u/iGJRE+caTPdH9uY6Rt5l21Nq/anOI3P0xg1eYUbd2XpsaoJls72+dE2QlLKLVhe7jDVwT4PMRdqy0e3MvNYwd4eFQ/D/Xt6lIBL5Vdg6MsTTHNtz7dxHc+10SxBBvvcSCYg9nZdTtptN/+5herqTqoTAalbwH4IoA1QOn4ndK4Chyy9TkJwO1wdgOMsPNAmv/n1lq8uSFJEr2XP7Zm1IQUXzInbJ82OWiVQhOhtsDMaIgyb92b1mu2pnjV5iSt35HGrgO2aoxpSqadhevQoAAoRGBw0NEDmZSFY9+yCEEfcaeIxf26uXh4HzcP6e2mAd3d1DGiqBANlEyz60Ba/+/DjfzEypglO4jlj60Zw/p49PcvrEbfrkbz/jsAXAjgKaB0nD9QQgEAcEgQcDaA3wKoNmXr/U1J+2u31qqte9MSxVcAmhkeF2HRpIB92dwwdTLbr7vg99YYZb233uZNu9P4aHdaf7g9Ze2stfWeOttqijESKaaUzYDzPwA5wQEd2UTnzD9y/539HksRvG6w36OoU5Wyu9VY1K+rS/fr7lb9u7l0txpL1YQqw+Hn8v6mpP75Aw305oYEEUprEReOHK0ZXWssvun8Gj3BbKOqZgD/AafLX0nk/XMpravBwSDABeeYxLcAuE3ZeurNmL7prjpqiFZe8ZX2SDaAPPZor75uUQTD+ngqJgg4/D41A7EE2weatKpttFPb99vuvfW23luv03vqbG9dk9bNCU5H49qKJdmKJxm2BmvGwVd4WzOU+tiZEYEsAnncBL+HOOClVMCnVMRPrs5VVqpLtcUdI8rTs6Mr2alKuWpCCuGAIpdC2W7pfx4pm/npt2L6tw830tZ9aSVK//KHmeH3KP6vMyJ68aSAZdANagA/gXPKLVGK46b0rggHF/IwnHLBF5qyY2vmW59q4j882qjStmzpVQI5ugB9xfwwzxjrVx5X+3mwzMxag9IanEyxHU2yiidYJdOMlM12Ko0U4Dj/5rjT5zxb8MRSUB4XedwuwOsmDviU7XODXBZZlmp/jq+uWfPtzzTx3S82U1NMy05hBZAV/V0wI2RfOT+s3GbXhvsAXA5gf6nOnZK8qpxUQB84osCppmxF4xo331tvP/hq1JKtvcpBa0bAp3jxpABfODOEzlWVkxIQzPPBtpT+7cMNeHl1QmmWl4NKICv6mzHWb3/97GqqMiv6WwlH9LcWKF2/UppXhUOCgGMB3AFgoClbu2pt/c3bavH62oRs8VUQ2TE0doBXX3lKmMcN8FjyFid8FokU8xMrY/ynxxuxZa9s+VcStmaM7Ovh719Yg96dXSYf6lY4O9fPAqU9fkr3ynBIEHAanK5JHUzZWrMlaX/11lratDut5GRA5ZBNCXSKWHz2tKA+44SgigTkAQv/zrZ9aX3rU0386IqoFUs4b/0lvHYLR4DWjG41Ft90YQ2PH+g1+ebfCOB6ALeiBEV/h1PaV4eDQYAF4D8BfAeAx5StZ9+O2d+5s07Viyiw4tCaYVmESUO8+uI5YYzq6y7bmgFCfkmmGcvej9t/fKyR1m5LKakPUlk4lf4Uf/mMKl4w0a/IrOjvRwBuBJAshzFU+leIQ0SBPwdwsSk7tma+/Zkm+zePNLpEFFh5ZHcDOldZfOYJQX3alAB1KOOKdELb2bY3rf/vmSZ+dEXMaopryJZ/ZcHMUES4cGZIXzE/bPp46j0ArgBwoFzGUFlcZU4qoBecrZXppmzFEpp/en+Dvn95swXIYlCJaM1QijCmv0dfODPEE4d4TauBhRIjmtD89FtxfdszTfThDnnrr0Syor/ZE/z2186qNp36ex3AuQDWl9M4Kp8rxcFAYDycSoFDTNnZV2/rb9xWi1fWJJSSPGBFkt0NCPsVn3Kcn686JUJhv+QE2gOrtyT1X59swrL34yqeYnnrr1BszRjdz8Pfu7AGvToZFf1tgeP8lwHlNZbKcftzJYCvAdhvykCnKktdv7gK/bu5tHQOrEyICJYiNEQ1rdtmrAmlUII8+nqMn1gZU8k0Q7r4VSZaM3p0cPHSJRFt2Pk3AvgGytD5A2UWAOT8uA/B6aqUMGVrSC+3um5RFdeEFGstQUAlwsxwW4RZ4/0sb//th+OGeBHyy+OuVDQzgn7FVy0I89gBRsv82gB+CeDvQPk5f6DMAgDg4I9sA/g9gL/h49LneWfqSK91yZyw9ripYvu0t2eYgd6dLT5huNEe4EKJMaa/Rw3r45G4vgJhZrgU4YsnBXnOeONR3j0AfgogVY7OHyjDAAA4GAQ0Afg2gCdN2VFEOG1y0Fo0KeD0RZEgoKJgBo4Z7NXdO8hJgPZEOKDoxJE+KJI5XUkcFP2N99vnnRwyrfh/GcDXAdSVq/MHyjQAyGEHgK8AWG3KgM9DuHxumCcN9WmdaX8qVAgE7KmzkUiZ20USSg9m5h0H0uL7KwzNwJgBHn3VKWEKmU3pbQLw3wA2FPue20rZBgA5UdfbAL4KYK8pWx0jlrp+cYQGdHeziAIrByJg1ZaU2rE/rYt9LULh2Fuv8doHSWKUZ95W+He0ZvTq5NI3LKniHh1dJv1aPZw3/+VA+Y+fsg0AgEN+/H8B+AGAuClbg3u6aeniCHeMWJDkYWVAABqimjbvSZf3LBaOiH0Ndnpfg00i+6wMNDPCAcVXLwjzqH4ek6K/NIBfAPgHUP7OHyjzAAD4N1Hgn2BQFDhluFddOidkez0iCqwUkmnG/kZd9vNAaDnNcbbTtkzgSiB7kuf86SE9a6zf9Dy+C0412rIV/R1ORSx8mYcRA3ATgMdN2lk8KaiWHB9kIgkCKgFFBE8ejwnva7B554G0HB3NI2mb0RzXOl/zLRJQLo9Ufix7mBkMYM4Ev332tKCyzIr+XoSz9V9f7PvOJ65iX0Ce2Q3gywB6AxhhwoDPQ3TpnJDeti+tl70ftxSkZ0C5wgx0qVY8tI+bkYdgOJlm/t0jjfzG+gRNGuq1Txjhw/A+HlUVJJIxcmQwM2qbtH73oyQ//24cTTHGV86q0p0ibT+x0b2DZfXr5uK3NiTJksdStmgGxg/y6qtOCVPQZzShswGO2HwzUBlb/1kqJgDIeSN/D87D+jOAriZsdQhbauniiN5TZ+u121JKFpHyg9nJFU0e5uP+3fIjGlq5PsFPvRWjjK7AeujVKPp3c+tjj/bqiUO8GNzTRZGgUtJp8pPRmlHXrPUHW1P8ypoEVqxL0KY9aSuWYFgKGN3fY583PdRmO5GAorkTAvq9j1LQLAF8OaI1o3dnl166OMLdalwm8/51cN78XwEqy/kDZdYLoCVkggAF4EoAPwbgN2XrlTVx+5u31al99TZJa9nyQjOjOqj455d14DED2t4fvDmu+Wu31vIL78WVpT5OD2UzASGf4j5dLB43wKsnDPbQkF5u6lRlmT6rXPKk0sx76mxevTWl31iXoLc3JGnrvrSKJpwfLlunX2tG364u/sUVHfmoLm0P2HbV2vra3+7H+h0pZcncLSs0MyJ+ha+fXa1njjOa90/BaUH/QwDpSnP+QAUGAMDBIMAP52TAdabuk5lx70tR+2f316tEimWbt4ywbca8YwP6xnOrqS354GhC89ptKf3cO3G6Z1mzSqT+/Y3y8GDA5yZ0rbH0kF5uHjPAg+FHedCns0WRgFKVHkjamrm+WfPmPWl+b1MK72xMYt22lNpdZ1MyxQA5Th849G0r+xvOGOvXCycGMPwoN2pCbUsH3PpUo/3rhxotll2AsoGZ4bIIV84P2+fPCFmGg7dbAVwPoKFSx0dl3hUOLhhd4KQCTjFlJ5li/vVDDfadzze7ZCEpD5gZIb/in1zaQR87uHW1wrVmrFiXtG9/rone3pCkprgmwudvETrD0qlYphmwFBDyK+7Z0eJBPd08tLebj+7lRs9OLqsmpOC2ULaBJTMjlYY+0Ghj6z5br9uWwuotKVq/I0U7D9jUFNekdfYtHwDRZy5I2UpvXg9hUA+3PntakGeM8Vsed+t+nx370/q63x3AhztlF6AcyIr+Fk0M8H+fUUWBtm/cfRbPAzgfwFag8rb+s1TmXeGQEp/DAdwBYLQpW7VNNn/3znr97DsxS1qLlj62ZiycGNDfOLtauVt5AuCJlTF98z31tK/Bpux7aGuee+7uAGcCgoBXcacqhd6dXHpADxf37+ZWR3WxdJdqy4oEFPu9VHI6Aq2Zownm+qjG7lpbb96Tpo0707xxV5q27k3T/kZN0YTj8OlT3vJb9nsBgNPKOeAlnD8jpL80M6y8rQwCZBegfLA145jBXn3TBTXoWm20fPd6OO19Xwcqez2v3DvDIUHALAB/BdDDlK1Nu9P6q389gDVb5W2ilNHM6BCy+GeXddCj+7euaMjOA2m99PcHsHZbSll5VoBmx2x2h4AIsBQh4CWOBBS61ii7a7Vl9e7sSnfvYFHnKsvqUm2lQn5y+z1Efo+yPS6QUpTHBZJha+hUGhxNaCueZN0Q4/SeWtu9r8FO79hvY+u+tLW71rb31Nmuhigj6+wZOW/4yO9iqpnhcxO+dla1vWBioFXPcnetzdf/YT8+2Joimbeli60Zfbu4+HsX1mD4UR6TD6oWwOVwGv1UtPMHKugUwCeRczLgKQDfhdO5KWDCVt+uLrV0SZX9jf+r5b11IgosRTgj/Z813qdH9HW3ykEyM+5fHuX1O1KWMvAOkl1wiD4+l8jMaI4zNcU0tu+Hi53AwK0I8LgJfg9Zfg9RJKi4OqjSIb+yQj5SVUGlqwIqEfIreN1QXjd5iQiWAvweOhj+MwOxJENrp05+PMmJRBrcFNNU16y9DVFNTTG2m2Ja1zVr1RDVFE+yFU0wpdLszu5eEDkv9tk1M9/B0eEoIsSSjHteaqbJw73cIXzkBrvWWHT6lKD+0T/qydayC1CKZAS7uG5RhIcf5TH55p+EIxx/AKh85w9UeAAAHAwCGI6gYyCAG2CoANKxgz3W5fPC9k/vq7fiSVlMSg1moFdnF58xJaisVu6hr9+R1o+8HlXMQKGCvNyg4PD7SaYYyRRbdU3AjgM2geHlg38PigA/Mr4+93vch70vp+yDja6ImX2ZnXYwDv65s8l+8LuQ+QYnoCgWioA1W1Lq+Xfj9qmTg63aBZg51k9PvRnTr61NyJHeEiNb6e9Ls8L2tFE+k8f9AOD/APwaFar4/yQqohLg55F5mHEAPwLwkEk7C48LqC+cGLKlUmBpwcxQinDa5IDu3711CWNbM+5f3sw7D9glsT5QRm9CRFCKYCmCZRFcmY+lnD9Xmf8mi9aMROrQT27lQiLn72S/8+D35Xxn1m6xfwciQspmPPhKlGqb7FZNuKqgoi+eFELYr2TOlhDZZ7HguACfcULA9AmZZ+G0l28qicldINpFAAAcDAL2wikStNKUHbeL6IIZIeukUdn2wbKglAKagdH9PXrhxECrx/y6bSn9zNtxRWUu9PzYeR/6KVcUAWu2ptTy1YlWd3WcNNSrZo6Vlt+lQlYDc8xgr75ifpgDXqPefx2c9r7bynketIZ2EwDksBZOueDtpgxUOfkqDOvjYSkJX3yYGWG/wvnTg2hNnhhw8pAPvRbjvfX25xxWEwoNESGZZjz6eoya462bcW4X4ZyTQujT2cUStBcfzYwB3dx8w5IIda4ymmQ6AOBrMPhSWMq0qwAgJ7rLbvc0m7LVp4tL3bAkwl1rLGkMU0SyZ8fnTvDbk4f5Wu25P9qVtl94N36IyE0oHRQB73yUVG9vTLZ6F2BgD7c69+SQdrskfVdMnJM6iq9bFNFDehtV/CfgFIv7J1Deu3qtpV0FAMDBh8xwBB//C6eVsBEmDPKqq+ZHOOCT3GKx0AwM7unm86aHyN2Gin/Pvh3Hztp2ow0qO4gIzTGNJ1fGYLdOCgAAmH+sX5040seSCigOzAyPi3DR7LA+YWTrinS11BQcYfjvAJSGqKcItLsAADgYBCQA3AzgfnN2gHnH+tXZJwZtJaLAgsPMCPoULpod1r07t75+/L4GWz/zdoyco27tc6EoB4iA19Ym1Ee7063eBQj6FF08O8S9OkkqoNBkf+9FEwP2aVMCpotdPQ3naHhze57T7TIAAA4u5AcA/A+AFabsuC3C+TNC1sljfJpFFFgwPlYQ+/VJo3xtGudvrEvwxl1pKe1Q4hABe+psemlVvE2TbEhvj7p4doh9HgnaCwWzU91x4hCffdncMPk9RmfbGhjWgZUL7TYAyGE9HAXoVlMGIgGFaxdGeERfj8gBCoRmYNxAr75oVhged+tD/FSa+bl34kimpK5DqUNE0Ay8+F6cGqNtm2nzjgnQwokBDUjQXgg0AwN7OKK/TmZFf3sAfBXAW4Ds6LXrACDn4T8P4FsAmkzZ6t3ZZd2wJMI9OrhEFGgYzYzOVRZfOT/MXdpYM3zL3jS/vTGZ18K6gjkUAeu2p9WaralWpwEAwOsm+tLMECRoN49mRsewxdcviuhBPVtXobOFxOGI/h4BxPkD7TwAAA4ZBHcA+CUMigLHDfRaVy0I65AUHDEGM8NShHNOCupxA1tX6z+XleuTvK9By1JRNhCa4hovr463+Zu6dXCpS+eEuSqgWMt8NQIzw+siXDw7pCcPNy76+zOAW9CORX+H0+4DAOBgEJCE0yvgHpO25oz3q3OmBdNKSX7RBE4e0atPPT6o2jrJkynml9fEYduy/V8uZB/TinVJqmuy27QLAACThnqtJccHNEFSAfkm+3suPj5gnzYlaFr09wSA7wGIylz+GAkADqUWwNcBvGrKgMsiOnd6yJo11meLKDC/aGZ0ilh80awQVwXbLiLavj+t12xJyfZ/maEI2LQ7rT7Ylmrz5HJZhLOnhWhYH0kF5JOs6G/KcJ++dE5Yedug02kBq+BUgN1Z7PsuNWRpy5ATFW6AIwrcbMpW2K/omoURjBngsWVRyQ/MDAKw5PiAHtPKNr+Hs2pzCvsbZfu/HGlOaKxYl8zLd3WtsdT5M0Ic8MquXb7QDAzq4ebrF0fQMWK0BdNuOOv5O4Dk/Q9HAoAccgbHMjg7AfWmbPXo6LKWLq6iXp1EFJgPMguKPnVyIC+tmJkZb21IIpWW7f9yI/u83tmYRDSh25wGAICpI3zqhOE+map5QGtnp27pkggP6G5U9BeDs+3/OCDO/5OQAOAwcgbJ3QB+ASBtytbo/h51zYKwHfKLyKgtZIV/CyYGuHuH1hf8yaW+Wes1W5OyZpQpRMDm3Wm1Y39+NL0+D9GpU4IcCSgpENQGmBleD+GSOSEcP9Rr0v8wgD8C+BMALRP5k5EA4BPIDJYUgJ/DCQSMMWOs33XeySHtElFgq9EM9O3q4uljWl/r/3A277GxbZ9NUvynPCEAtU2a3t/c+t4AhzOmv0cdd7RXGny1EmZnN+30KUH71OODpt/IHwPwfTi7AMKnIAHAZ1MP4JsAlpsy4LIIXzw5qOZM8EulwFZw8O3/OL/O19s/ALy1IcGNMS3uv0whIqRsxsr1SbLztL3mdROdJrsArSIr+ps6wqsvnh2y2lKcqwW8Ayfvv7vcW12bRgKATyFn4GwE8F+Zfxsh6FN09SlhGjfQKznGI4QZ6NnR0jPG+vM2y+NJ5pXrk2AtecNyRhHw3qYk7avP36wa3d+tRvWTEwFHimbg6F5uvnZRBDUhk8f9sQtOmd9Vxb7nckACgJbxCpyeAXWmDHTr4KKliyPUu5OL5WhAy2EGRvXzcPcO+VMSb9mb1mu2yvG/cocI2HnAVu9tSuZtQvk9isYP9LDUBWg5WjuVOW9YHOH+3YyL/r4L4ElAgveWIEvc55AziO4D8DMYFAWO7OehaxdFdCSgIKLAlkEEHN3LbVt5rCLyxroEDjTasnyUPYREkrF8dRw6jxOqb1cXedwkE7QFMDP8XsJlc8N83BDjor8/APgLABbn3zIkAGgBOaLAX8IpGWyM6WN81oUzQtptiSiwRRAQ9pMnX18XS2pevjoBLdv/ZQ+R83ljfZJ2HrDzNpnCfpVyKQkAPo+s6O+ME4L2okkBMjyfHoYj+ovLvG05EgC0kMygaoAjCnzBlB1LEb4wLUjzjvFrhmwztgR2ov+8sG5bmldtTiolM6MiyKYBXv0gkbcxYmsozt+Qq0iYGczAtFE+fdGssPK4jHrlt+BU+tsrzv/IkGXuyNkCR2H6oSkDAa+iK+dHaMIgEQV+HsxAbZNO5eO7NDOeWBnjumZR/1cKRIS0zXh0RYzqm/NTFGhPve1KpmTt/Cw0A0P7uPW1CyN5Kcv9GeyAI/pbU+x7LkdkEB8BOdHl63BEgbWmbHWtsWjp4ggf1cWlJQr4DBj4YGvKSttt3yr5cHtaP/tOTDlbxxIDVAqKgFWbk3nZBWBmrN6c1GlpEPWpaM3oWm3x0sVV3Lery6TkvxnAdwA8DcicbQ0SABwhOYPsfgA/htNF0AjDj/JY1y+KcFVQKgV+GpQ56rVlb7rNb3ePr4zx7loR/1UaRIR4ivHwa1E0x9sWTe+qtfXr65KGG9eVL8yMgE/hyvlhfczg/PTk+BQ0gN8B+BtE9NdqJABoBZnBlgbwawC3mbQ1bZTP+tKskPaIKPATIQJ219rqsRWxNv0+H+1K6affiinnO2UxqTQUAW9+mLBeXtO2XYAnVsZ40+60BACfADNDEeGsqUF7/rGBNrfj/hweAPBDiOivTUgA0Eoyg64JwI0AnjVlRynCmScE1SnHBWxARIGHQ0RgAA+8HFUr1iVbVfg9ltB861NNvHVfWtaSCoWIEE0w/vpkE7bsad1u0ZsfJviuF5qV1rL9fzhZ0d9Jo336wpkhcpsV/b0BJwW7v9j3Xe5IANB2tsERoawzZcDvVXT5vDAde7TX1uwI34SPUUTY12DTz+6vpzVbjqz2ezzJfOvTTfzYGzGLIG//lYwiYM3WpPrxffW0ff+RBQGrNyf1T+6rx65aOy/dJisNzcDwozz62oURRAJGz9Bk19u1gMzXtiK/XhvJeSM/FcAtADqasrV2W8r+6l9raeOulLJkETqE7BtI/+5uvmZB2J483Gd93tGjnQfS+tanmvDPV6JK2v62D5idA3yj+3n0FfMjPGGQR7msT3/wsYTm59+N61sea1Sbdjs7RDJODkVrRrcai797QQ1PGGS02E8TgKWQYj95Q37BPJAJAiw4g/N7ALymbD3/bsz+9h11qq5ZkyQiD4UBsGaE/IqnjfLpORP8PKSXW0UCCi7LeUzxFKtdB2z98poEP/xaVK3fnpK8fzsj25imOqj4hBE+PW2UD0N6uREOKIsA2AzUNtr2qi0penJlDCvWJVQ8yZn+IMW++tJCMyPgVfjKmVX2guMCJkV/NoCbAXwbQELma36QXzFPZIKAIICfArjclB2tGXc+32z/+qEGS95aP5nsAh/wEvfo6OJenaxU0KdYa8aeeu3auiet9jXYijlbLU5+w/ZIdpx43YSOYaVrQpayLCCZYhxo1Lq2SauUzVAyRj6RrOjvS7NC+rK5YeV2Gf2N/gHgCgC18izyh/ySeSQTBPQAcCuAmabsxJPMP3+g3r5nWbMLkMXp08imBTinVGC2PKzk+4UsB8dJzp/JGPlssr/ZrPF+/fUvVFM4YDQn+TqALyJTfE2eSf4QEWD+yVamWm3KgM9DdOncsDVpqI8dUaCoAj8JIoJSBMsiuDIfSxGU9AgXcjg4TnI+MkY+G83AyL4efe3CiGnnvxU5lVflmeQXCQDySM7gPFib2pStThGLli6J8MDubpZCgYIgFAqtGT07unDDqRHq1cnovn8DgG8AeBEQ528CCQDyTM4g/Rcy3alM2RrUw62uWxxBh7DFUi5YEATTaGaE/ApXnRK2xw7wmvTINpzuq3dCFP/GkADAAJnBquEcC/wL8tit7nCmDPfSJXNC2uuRSoGCIJiDmeFShHNOCurZ4/0mFf8AcA+AnwFIifM3hwQAhsgM2iiAmwA8YcqOIsJpk4PWaZODGpAgQBCE/JMV/c0Y69fnnhwil2XUKb8Cp9JfnTh/s0gAYJDM4N0JR8Tyvik7Xjfh4tkhmjzcK6JAQRDyjmZgzACPvmZhmMJ+o6K/zXBE1BuLfc/tAQkACsN7cAb1HlMGOoSd9sGDe7pFDiAIQt7QmtG7k4tvWFKFnh2Niv7q4bz5LwNE9FcIJAAwTM4gfhxOOsCYKHBAd7e6fnGEO1eJKFAQhLaTEf3x1QvCelQ/j0l/kQbwczgFf8T5FwgJAApAjijwT3CEgca88/FDvdZlc8O2T0SBgiC0gazo77zpIT1zrHHR390AfgER/RUUCQAKRGZQx+D0CnjEpJ1FEwPW6ScEbSIJAgRBOHKyTZPmTPDbXzwpSJZZ0d9yOOf968X5FxYJAArPHgBfBfCOKQMeN9FFs0J0wgivFlGgIAhHimZg3ECvvnpBWAV9Rtv7bgDwXwA+KvY9t0ckACggOdHtKjiiwJ2mbNWELHX9oggP7S2iQEEQWo7WjD6dXfwfSyLcrcao6K8OwNfhHPuTvH8RkACgwOQM8qfgiAKjpmz16+a2blhSxV2qRRQoCMLno5kRDii+ZmFEDz/KYzLvnwLwEwD3AuL8i4UEAEUgRxT4ZwC/y/x/Ixwz2GNdMS9s+73EkgoQBOHTYGa4LcIFM0J6+hifad9wJ4BfA0iL8y8eEgAUicygTwD4EYCHTNo55biAdeYJQS2iQEEQPoms6G/+sX777GlBZSmjXvkFAN8E0CDOv7hIAFB89gL4GpwOgkbwuIi+NCtMJ4322SyiQEEQDkMzMGGQl6+YF1EBr9FKf+vgiP62FPueBQkAikpO9LsGTrng7aZsVQWVunZhRA07yiPtgwVBOIitGUd1cfENSyLctcboeb9aOKK/FYDk/UsBCQCKTM4keAbAjQCaTNk6qouLblgc4a41FkQUKAiCZkZVUPG1CyMY1sdopb8kgJsB3A+I8y8VJAAoATKTgQHcBuC3MCgKHD/Io66cH9YBrxJRoCC0Y7Kivwtnhvik0T7THvl2AL8BYIvzLx0kACgRckSBNwN4wKSd+ccE6KwTg6xEFCgI7ZLsvF84MaDPmhpUltG0P56FI/prLPZ9C4ciAUDpsR+OKHCFKQNuF9GFM0M0fayIAgWhvcHsiP6OPdrLl80NU8Br1A2sRUbfRESy9V9iSABQQuRMjqxSdqspW5GAomsWRNSIviIKFIT2hGZGv64uXro4wl2qjYr+si8zK4t9z8InIwFAiZETBLwA4FswKArs3dlFNyyJ6O4dLC2iQEGofDQzakIK1y6KYEhv46K/HwF4EBDRX6kiAUAJkjNZ7oBTLcs2ZWvcQK911SkRDvoUa0kFCELFwszwuAgXzw7raSONi/7+BqfKqYj+ShgJAEqUzKRJAvgxMvWyTTF3gl+de3JQu5SIAgWhEsnO60WTAvq0KQGlzIr+nkLmSLM4/9JGAoASJjN5agH8DzIds0zgsojOPTmkZo71iyhQECqMrOhv4lCfvmxuGH6jO/9YA6fT6Y5i37fw+UgAUB5sgDOpNpsyEPIrunpBmEb394gcQBAqCM2MAd3deuniCHeKWCbX/L0AvopMWXN5+y99JAAocXIm0TJkGmiYstWzk0vdsKRK9+rkElGgIFQAWjM6hi2+fnGEB/d0m2zvmwDwQwCPAOL8ywUJAMqAnMl0F4BfAkibsjW6v8d1zYIwh/wKIgoUhPKFmeH1EC6ZE9InDPeadP4M4E8Afg8R/ZUVEgCUCTmiwJ8BuNukrZlj/eq86aG0iAIFoTzJztslkwL2qZODyrBTfhzATQCi4vzLCwkAyojM5KoD8A0Ay03ZsSyiL54UtGaPF1GgIJQbzAzNwORhPvuSuWHyuo165VVw8v67in3fwpEjAUB58hEcUeBHpgwEfY4ocOxAr1QKFIQyQjMwqIebr18coY5ho6K/PQC+AuAdQPL+5YgEAGVGziRbDqe3dp0pW907uNR/LIlwn84uFlGgIJQ+WjM6RSzcsCTCA3u4Ta7vMQDfA/AYIM6/XJEAoAzJmWz/APATAClTtkb09airF0Q4HBBRoCCUMswMn4dw6dywnjTUaIcfBvDHzEdEf2WMBABlSmbSpeGUCv67SVszxvrUBTNCtssSUaAglCLZeXnq5CAvnhQgw075X3De/mPi/MsbCQDKnwY49QGWmTJgKcIXTgxa847xMyCiQEEoJbKivxNG+PQls0MwLPp7D06Hvz3Fvm+h7UgAUMbkRN+b4bQP/tCUraBP4ar5ER4/yBEFSgggCKWBZmBILzdftyhCNWGj7X13wREfvwdI3r8SkACgzMmZhK/BicxrTdnqWmOppYsj6NtFRIGCUApozehcZWHpkio9oLvbpEeOAvgOnDP/4vwrBAkAKoCcyXg/gJthUBQ4/CgPXbMwwtVBaR8sCMWEmeH3Ei6fF9bHHe0xXenvDwD+CoDF+VcOEgBUCJlJaQP4DYDbTdo6abRPfWlmyPaIKFAQigIzg4hw2pSgXjjRuOjvYQDfBxAX519ZSABQQWQmZyOAbwF4zpQdSxHOnBq0FkwM2ICIAgWhkGRFf1NH+vTFs0LkcRn1ym/DqfS3T5x/5SEBQIWRmaRb4YgC15qy4/cqunxemI492mtrdnqOC4JgHs3AsD4evn5RmKpDRkV/OwD8N4DVxb5nwQwSAFQuK+GIAvebMtC5ylJLF0eoXzeXFj2AIJhHa0bXaotvWBLRfbsaFf01A/g2gKcBEf1VKhIAVCA5k/VBOKLApClbQ3p71NJFVbpDWMnJAEEwCDMj4FW4Yn5YTxhkVPSnAfwOwP9BRH8VjQQAFUqOKPC3yKh3Tdk6YaTXdfm8CPu9Ui5YEEzAzLAU4ZyTgvYpxwZMt/d9CMCPIKK/ikcCgAomM3mbAHwXma08EyginHp8gC6ZHbJ9bpIgQBDyCDNDKcJpUwL6gpkhy21W9PcGnA5/IvprB0gA0D7YDqeC1xpTBtwuonOnh9Qlc8JpCQIEIT9k3/xPnxLQVy+IqJDP6JK9Dc46YUw8LJQWEuK1A3KO6S2C08GrsylbqTTzvS8145bHGqm2SUMRQV4kBOHI0dop9HPOSSH7whkhK+Q36vybACwF8BdI3r/dIE+5nZAJAiwA18Ep6uEzZcvWjBffi9u/erBBfbQ7TYpERSwILSV7zr9bjcWXzQ1jwXEBGN72twH8GMCNABIyV9sP8qTbEZkgIADnZMBVMPz8129P6T882ogX34+rVJpBEggIwqfCzGAGLItw7GCvvnxeGKP6uU0L/gDgXgBXANgv87N9IU+7nZEJArrD2eqbY9peU1zzYytifNcLzdi4K6XAkEBAEHLIOn4A6NnJpc+cGuSFEwNUHVSF0Gi9BuBcZDqJyrxsX8jTbmfk6AFGA7gDwPBC2Ny+39b/fCXKT7wRo+3700ozIKkBoT2T3eonONv9M8f59eJJAfTr5rIKNC+2ADgfwAuAzMX2iDzxdkhOEDAfzk5Al0LY1ZqxbZ9tP/tOjJ99J67Wb0+pWNK5FpUZibIICZVKdt5l62X5PYT+3dz6xJE+ffIYn+rXzaUsVbDx3whHD3QrIPOuvSJPvZ2SWYwUHC3AzQD8hbTdEGX9/qYkv/JBAu9uTNLWfWlqiDLZ2tkOJQAgMwNUDigKBYOd8UYEuBQhHCDu1cnFo/p59MQhXhrR103VQVWIPH8uNoAfAvgOgKQ4//aLPPl2TCYI8MNZDK5FEcYDM6MxxrxtX1pv3JnmDTvT2L4/TbVNOt0Q1Z5UGhRPauSjyrClCD6PHEsUCoPPTemQn+zqoHL36uTS/bq50L+bi3p2cqmwn0y38P0s/g7gagC14vzbN/L02zmZIKALnFTA/GJfDwBozZxIs44l2LI1kLY5L90GiQC3ZWhbQRAOw22R9nmI3S4U/BX/M3gFjuhvIyBb/+0defrtnBw9wAg4osBRxb4mQRCMsAmO818OiPMXpBRwuydnEXgfTu/vXcW+JkEQ8k4DgG9CnL+QgwQAQu5i8CQcYVC02NckCELeSAP4OYC7AHH+wsdIACAAOLgoMJzWwX+A0xNcEITy5+8AfgYgJc5fyEVGg3AIGU1AZzhNgxYV+3oEQWgTL8Ep9vOROH/hcGRECP9GJggYAkcUOK7Y1yMIQqvYCEf09wogW//CvyMpAOHT+ABOb/Dtxb4QQRCOmFoAX4c4f+EzkABA+DdyFotn4Cwi9cW+JkEQWkwcwA8A3AOI8xc+HQkAhE8kRxR4B5zjQw3FviZBED6XJBzB3/8CSIvzFz4LCQCETyWzeKQA/A7ANyBBgCCUMnEAPwXwfQAxcf7C5yEjRPhcMqJAN4CLAHwXzikBQRBKh3o4PT1+BSAqzl9oCTJKhBaRCQIsAAvg5BeHFPuaBEEA4JT4/QaAuyFn/YUjQEaK0GJy+gaMBnAjgFMAuIp9XYLQTrEBPAfH+b8GgMX5C0eCjBbhiMgJAmoAXAzgGgBHFfu6BKGdsROONuf3APYCovYXjhwZMUKryAQCCk73wGsBLIETFAiCYI4GAI/AyfW/AcAWxy+0Fhk5QqvJ2Q3wApgEZ0dgNkQkKAj5Zj+cuhx/BrAMovIX8oCMICEvZIIBLxx9wGIAcwEcDcBf7GsThDIlDmAdgCcAPADgLQBxcfxCvpCRJOSVnNRAZwATAEwFcByAQQA6wgkSBEE4FAaQALAPwAY4or6XAKwAsAeAFscv5BsZUYIxMsEAAQgB6AVgQObTG0B3OJqBULGvUxCKQDOAGJzz+7sAbIPj+DfCEfg1QVT9gmFkdAkFJScosDIfqUYptEf0YR9x9oIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCC3m/wOsUkRA6CZSrgAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMy0wMi0xM1QwOToxODozNyswMDowMPHaHkMAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjMtMDItMTNUMDk6MTg6MzcrMDA6MDCAh6b/AAAAKHRFWHRkYXRlOnRpbWVzdGFtcAAyMDIzLTAyLTEzVDA5OjIxOjM3KzAwOjAwsmXK6wAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - cluster.open-cluster-management.io + resources: + - managedclusters + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - hub.kmm.sigs.x-k8s.io + resources: + - managedclustermodules + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - hub.kmm.sigs.x-k8s.io + resources: + - managedclustermodules/finalizers + verbs: + - update + - apiGroups: + - hub.kmm.sigs.x-k8s.io + resources: + - managedclustermodules/status + verbs: + - get + - patch + - update + - apiGroups: + - work.open-cluster-management.io + resources: + - manifestworks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: kmm-operator-hub-controller + deployments: + - label: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + control-plane: controller + name: kmm-operator-hub-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + control-plane: controller + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + control-plane: controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + containers: + - args: + - --config=controller_config.yaml + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RELATED_IMAGES_BUILD + value: gcr.io/kaniko-project/executor:latest + - name: RELATED_IMAGES_SIGN + value: gcr.io/k8s-staging-kmm/kernel-module-management-signimage:v20231130-v2.0.0 + image: gcr.io/k8s-staging-kmm/kernel-module-management-operator-hub:v20231130-v2.0.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 384Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - mountPath: /controller_config.yaml + name: manager-config + subPath: controller_config.yaml + securityContext: + runAsNonRoot: true + serviceAccountName: kmm-operator-hub-controller + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Equal + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Equal + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: kmm-operator-hub-webhook-server-cert + - configMap: + name: kmm-operator-hub-manager-config + name: manager-config + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + serviceAccountName: kmm-operator-hub-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - oot + - out-of-tree + - kernel + - module + - modules + links: + - name: Documentation + url: https://kmm.sigs.k8s.io + - name: Slack + url: https://kubernetes.slack.com/archives/C037RE58RED + maintainers: + - email: kubernetes-kmm@googlegroups.com + name: Kernel Module Management + maturity: stable + minKubeVersion: 1.24.0 + provider: + name: Kubernetes SIG Node + url: https://github.com/kubernetes-sigs/kernel-module-management + version: 2.0.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: kmm-operator-hub-controller + failurePolicy: Fail + generateName: vmanagedclustermodule.kb.io + rules: + - apiGroups: + - hub.kmm.sigs.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - managedclustermodules + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-hub-kmm-sigs-x-k8s-io-v1beta1-managedclustermodule diff --git a/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-controller-metrics-service_v1_service.yaml b/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-controller-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..ae8600fa8b4 --- /dev/null +++ b/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-controller-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + control-plane: controller + name: kmm-operator-hub-controller-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + control-plane: controller +status: + loadBalancer: {} diff --git a/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-manager-config_v1_configmap.yaml b/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..63741417718 --- /dev/null +++ b/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-manager-config_v1_configmap.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +data: + controller_config.yaml: | + healthProbeBindAddress: :8081 + metricsBindAddress: 127.0.0.1:8080 + webhookPort: 9443 + leaderElection: + enabled: true + resourceID: kmm-hub.sigs.x-k8s.io + metrics: + enableAuthnAuthz: true + bindAddress: 0.0.0.0:8443 + secureServing: true +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + name: kmm-operator-hub-manager-config diff --git a/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..d811c86aab8 --- /dev/null +++ b/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + name: kmm-operator-hub-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-webhook-service_v1_service.yaml b/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..8cfad74edee --- /dev/null +++ b/operators/kernel-module-management-hub/2.0.0/manifests/kmm-operator-hub-webhook-service_v1_service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/created-by: kernel-module-management + app.kubernetes.io/instance: webhook-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + name: kmm-operator-hub-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + app.kubernetes.io/component: kmm-hub + app.kubernetes.io/name: kmm-hub + app.kubernetes.io/part-of: kmm + control-plane: controller +status: + loadBalancer: {} diff --git a/operators/kernel-module-management-hub/2.0.0/metadata/annotations.yaml b/operators/kernel-module-management-hub/2.0.0/metadata/annotations.yaml new file mode 100644 index 00000000000..cf067e3dc30 --- /dev/null +++ b/operators/kernel-module-management-hub/2.0.0/metadata/annotations.yaml @@ -0,0 +1,14 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: kernel-module-management-hub + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.32.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/kernel-module-management-hub/2.0.0/metadata/dependencies.yaml b/operators/kernel-module-management-hub/2.0.0/metadata/dependencies.yaml new file mode 100644 index 00000000000..1c66b16b769 --- /dev/null +++ b/operators/kernel-module-management-hub/2.0.0/metadata/dependencies.yaml @@ -0,0 +1,11 @@ +dependencies: + - type: olm.gvk + value: + group: cert-manager.io + kind: Certificate + version: v1 + - type: olm.gvk + value: + group: cert-manager.io + kind: Issuer + version: v1 diff --git a/operators/kernel-module-management-hub/2.0.0/tests/scorecard/config.yaml b/operators/kernel-module-management-hub/2.0.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..60de8a4917e --- /dev/null +++ b/operators/kernel-module-management-hub/2.0.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.18.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.18.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.18.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.18.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.18.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.18.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/kernel-module-management-hub/ci.yaml b/operators/kernel-module-management-hub/ci.yaml index abd2a1cdc47..b90395d7419 100644 --- a/operators/kernel-module-management-hub/ci.yaml +++ b/operators/kernel-module-management-hub/ci.yaml @@ -1,3 +1,9 @@ --- # Use `replaces-mode` or `semver-mode`. Once you switch to `semver-mode`, there is no easy way back. updateGraph: semver-mode + +reviewers: + - mresvanis + - qbarrand + - ybettan + - yevgeny-shnaidman