From ce081bfd28e43e9b31c60c67ce87692e0c830072 Mon Sep 17 00:00:00 2001 From: Sylwia Brant Date: Wed, 10 Feb 2021 16:14:50 +0100 Subject: [PATCH] Add preview docs and Github Actions e2e test workflow --- .github/workflows/auto-tests.yaml | 16 +- Makefile | 15 +- config/all_in_one_v1alpha2.yaml | 227 ++ config/certmanager/certificate.yaml | 4 +- config/crd/patches/webhook_in_jenkins.yaml | 2 +- config/default/kustomization.yaml | 2 +- config/default/manager_auth_proxy_patch.yaml | 2 +- config/default/manager_config_patch.yaml | 2 +- config/manager/manager.yaml | 15 +- config/prometheus/monitor.yaml | 2 +- config/rbac/auth_proxy_role_binding.yaml | 2 +- config/rbac/auth_proxy_service.yaml | 2 +- config/rbac/leader_election_role.yaml | 1 + config/rbac/leader_election_role_binding.yaml | 3 +- config/rbac/role.yaml | 118 +- config/rbac/role_binding.yaml | 3 +- .../samples/jenkins.io_v1alpha2_jenkins.yaml | 2 +- deploy/all-in-one-v1alpha2.yaml | 168 + deploy/crds/jenkins.io_jenkins_crd.yaml | 3027 +++++++++++++++++ deploy/crds/jenkins.io_jenkinsimages_crd.yaml | 85 + deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml | 15 + deploy/crds/jenkins_v1alpha2_jenkins_crd.yaml | 106 + .../jenkins_v1alpha2_jenkinsimage_cr.yaml | 24 + .../jenkins_v1alpha2_jenkinsimage_crd.yaml | 85 + ...openshift_jenkins_v1alpha2_jenkins_cr.yaml | 73 + ...operator.v0.2.2.clusterserviceversion.yaml | 244 ++ .../0.2.2/jenkins_v1alpha2_jenkins_crd.yaml | 20 + ...operator.v0.3.0.clusterserviceversion.yaml | 226 ++ .../0.3.0/jenkins_v1alpha2_jenkins_crd.yaml | 20 + .../jenkins-operator.package.yaml | 5 + deploy/operator.yaml | 34 + deploy/role.yaml | 117 + deploy/role_binding.yaml | 12 + deploy/service_account.yaml | 5 + variables.mk | 3 +- .../en/docs/Developer Guide/Preview/_index.md | 301 ++ .../content/en/docs/Developer Guide/_index.md | 2 +- .../en/docs/Getting Started/Preview/_index.md | 18 + .../en/docs/Getting Started/Preview/aks.md | 24 + .../Getting Started/Preview/configuration.md | 315 ++ .../Preview/configure-backup-and-restore.md | 90 + .../Preview/custom-backup-and-restore.md | 184 + .../Getting Started/Preview/customization.md | 202 ++ .../Getting Started/Preview/deploy-jenkins.md | 90 + .../Getting Started/Preview/diagnostics.md | 42 + .../Getting Started/Preview/notifications.md | 114 + .../docs/Getting Started/Preview/openshift.md | 104 + .../en/docs/Getting Started/Preview/schema.md | 2642 ++++++++++++++ .../Getting Started/latest/configuration.md | 12 +- .../How it works/jenkins-docker-images.md | 4 +- .../en/docs/Installation/Preview/_index.md | 881 +++++ 51 files changed, 9636 insertions(+), 76 deletions(-) create mode 100644 config/all_in_one_v1alpha2.yaml create mode 100644 deploy/all-in-one-v1alpha2.yaml create mode 100644 deploy/crds/jenkins.io_jenkins_crd.yaml create mode 100644 deploy/crds/jenkins.io_jenkinsimages_crd.yaml create mode 100644 deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml create mode 100644 deploy/crds/jenkins_v1alpha2_jenkins_crd.yaml create mode 100644 deploy/crds/jenkins_v1alpha2_jenkinsimage_cr.yaml create mode 100644 deploy/crds/jenkins_v1alpha2_jenkinsimage_crd.yaml create mode 100644 deploy/crds/openshift_jenkins_v1alpha2_jenkins_cr.yaml create mode 100644 deploy/olm-catalog/jenkins-operator/0.2.2/jenkins-operator.v0.2.2.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/jenkins-operator/0.2.2/jenkins_v1alpha2_jenkins_crd.yaml create mode 100644 deploy/olm-catalog/jenkins-operator/0.3.0/jenkins-operator.v0.3.0.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/jenkins-operator/0.3.0/jenkins_v1alpha2_jenkins_crd.yaml create mode 100644 deploy/olm-catalog/jenkins-operator/jenkins-operator.package.yaml create mode 100644 deploy/operator.yaml create mode 100644 deploy/role.yaml create mode 100644 deploy/role_binding.yaml create mode 100644 deploy/service_account.yaml create mode 100644 website/content/en/docs/Developer Guide/Preview/_index.md create mode 100644 website/content/en/docs/Getting Started/Preview/_index.md create mode 100644 website/content/en/docs/Getting Started/Preview/aks.md create mode 100644 website/content/en/docs/Getting Started/Preview/configuration.md create mode 100644 website/content/en/docs/Getting Started/Preview/configure-backup-and-restore.md create mode 100644 website/content/en/docs/Getting Started/Preview/custom-backup-and-restore.md create mode 100644 website/content/en/docs/Getting Started/Preview/customization.md create mode 100644 website/content/en/docs/Getting Started/Preview/deploy-jenkins.md create mode 100644 website/content/en/docs/Getting Started/Preview/diagnostics.md create mode 100644 website/content/en/docs/Getting Started/Preview/notifications.md create mode 100644 website/content/en/docs/Getting Started/Preview/openshift.md create mode 100644 website/content/en/docs/Getting Started/Preview/schema.md create mode 100644 website/content/en/docs/Installation/Preview/_index.md diff --git a/.github/workflows/auto-tests.yaml b/.github/workflows/auto-tests.yaml index 359fcb2d..6231e0d4 100644 --- a/.github/workflows/auto-tests.yaml +++ b/.github/workflows/auto-tests.yaml @@ -23,9 +23,6 @@ jobs: echo "MINIKUBE_WANTUPDATENOTIFICATION=false" >> $GITHUB_ENV echo "MINIKUBE_WANTREPORTERRORPROMPT=false" >> $GITHUB_ENV echo "GO_VERSION=v$(sed -n 's/GO_VERSION=//p' config.base.env)" >> $GITHUB_ENV - echo "MINIKUBE_VERSION=v$(sed -n 's/MINIKUBE_VERSION=//p' config.minikube.env)" >> $GITHUB_ENV - echo "OPERATOR_SDK_VERSION=v$(sed -n 's/OPERATOR_SDK_VERSION=//p' config.base.env)" >> $GITHUB_ENV - echo "MINIKUBE_KUBERNETES_VERSION=$(sed -n 's/MINIKUBE_KUBERNETES_VERSION=//p' config.minikube.env)" >> $GITHUB_ENV echo "HELM_VERSION=v$(sed -n 's/HELM_VERSION=//p' config.base.env)" >> $GITHUB_ENV echo "GOPATH=/home/runner/go" >> $GITHUB_ENV @@ -44,17 +41,12 @@ jobs: run: | sudo apt-get update sudo apt-get install socat - curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/$MINIKUBE_KUBERNETES_VERSION/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/ - curl -Lo minikube https://storage.googleapis.com/minikube/releases/$MINIKUBE_VERSION/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ - curl -Lo operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/$OPERATOR_SDK_VERSION/operator-sdk-$OPERATOR_SDK_VERSION-x86_64-linux-gnu && chmod +x operator-sdk && sudo mv operator-sdk /usr/local/bin/ - curl -Lo helm.tar.gz https://get.helm.sh/helm-$HELM_VERSION-linux-amd64.tar.gz && tar xzfv helm.tar.gz && sudo mv linux-amd64/helm /usr/local/bin/ sudo mkdir -p $HOME/.kube $HOME/.minikube - touch KUBECONFIG - sudo minikube start --vm-driver=none --kubernetes-version=$MINIKUBE_KUBERNETES_VERSION sudo chown -R $USER $HOME/.kube $HOME/.minikube + make minikube-start MINIKUBE_DRIVER='docker' CPUS_NUMBER=2 - name: Jenkins Operator - e2e - run: make build e2e + run: | + make e2e E2E_TEST_ARGS='-ginkgo.v' - - name: Jenkins Operator Helm Chart - e2e - run: make e2e BUILDTAGS=Helm E2E_TEST_SELECTOR='^.*Helm.*$' \ No newline at end of file +#TODO Helm e2e test \ No newline at end of file diff --git a/Makefile b/Makefile index 254a96b6..823aa480 100644 --- a/Makefile +++ b/Makefile @@ -315,7 +315,7 @@ endif minikube-start: minikube check-minikube ## Start minikube @echo "+ $@" bin/minikube status && exit 0 || \ - bin/minikube start --kubernetes-version $(MINIKUBE_KUBERNETES_VERSION) --dns-domain=$(CLUSTER_DOMAIN) --extra-config=kubelet.cluster-domain=$(CLUSTER_DOMAIN) --vm-driver=$(MINIKUBE_DRIVER) --memory 4096 --cpus 3 + bin/minikube start --kubernetes-version $(MINIKUBE_KUBERNETES_VERSION) --dns-domain=$(CLUSTER_DOMAIN) --extra-config=kubelet.cluster-domain=$(CLUSTER_DOMAIN) --driver=$(MINIKUBE_DRIVER) --memory 4096 --cpus $(CPUS_NUMBER) .PHONY: crc-start crc-start: check-crc ## Start CodeReady Containers Kubernetes cluster @@ -405,6 +405,17 @@ generate-docs: hugo ## Re-generate docs directory from the website directory rm -rf docs || echo "Cannot remove docs dir, ignoring" bin/hugo -s website -d ../docs +.PHONY: all-in-one-build +FILENAME := config/all_in_one_$(API_VERSION).yaml +all-in-one-build: ## Re-generate all-in-one yaml + @echo "+ $@" + > $(FILENAME) + cat config/rbac/leader_election_role.yaml >> $(FILENAME) + cat config/rbac/leader_election_role_binding.yaml >> $(FILENAME) + cat config/rbac/role.yaml >> $(FILENAME) + cat config/rbac/role_binding.yaml >> $(FILENAME) + cat config/manager/manager.yaml >> $(FILENAME) + ##################### FROM OPERATOR SDK ######################## # Install CRDs into a cluster install-crds: manifests kustomize @@ -424,7 +435,7 @@ undeploy: $(KUSTOMIZE) build config/default | kubectl delete -f - # Generate manifests e.g. CRD, RBAC etc. -manifests: controller-gen +manifests: controller-gen all-in-one-build $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases # Generate code diff --git a/config/all_in_one_v1alpha2.yaml b/config/all_in_one_v1alpha2.yaml new file mode 100644 index 00000000..04971a11 --- /dev/null +++ b/config/all_in_one_v1alpha2.yaml @@ -0,0 +1,227 @@ +--- +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: default + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manager-role +rules: +- apiGroups: + - "" + resources: + - services + - configmaps + - secrets + - serviceaccounts + verbs: + - get + - create + - update + - list + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - update + - list + - watch +- apiGroups: + - "" + resources: + - pods/portforward + verbs: + - create +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - "*" +- apiGroups: + - "" + resources: + - events + verbs: + - watch + - list + - create + - patch +- apiGroups: + - apps + resourceNames: + - jenkins-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - jenkins.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "route.openshift.io" + resources: + - routes + verbs: + - get + - list + - watch + - create + - update +- apiGroups: + - "image.openshift.io" + resources: + - imagestreams + verbs: + - get + - list + - watch +- apiGroups: + - "build.openshift.io" + resources: + - builds + - buildconfigs + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: default +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jenkins-operator + namespace: default + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: controller-manager + spec: + securityContext: + runAsUser: 65532 + containers: + - command: + - /manager + args: + - --leader-elect + image: jenkins-operator:305dbeda-dirty-dirty + name: jenkins-operator + imagePullPolicy: Never + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + terminationGracePeriodSeconds: 10 diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml index 52d86618..12c86a38 100644 --- a/config/certmanager/certificate.yaml +++ b/config/certmanager/certificate.yaml @@ -5,7 +5,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: selfsigned-issuer - namespace: system + namespace: default spec: selfSigned: {} --- @@ -13,7 +13,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml - namespace: system + namespace: default spec: # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize dnsNames: diff --git a/config/crd/patches/webhook_in_jenkins.yaml b/config/crd/patches/webhook_in_jenkins.yaml index 37a2d93c..f34b8ecc 100644 --- a/config/crd/patches/webhook_in_jenkins.yaml +++ b/config/crd/patches/webhook_in_jenkins.yaml @@ -9,6 +9,6 @@ spec: webhook: clientConfig: service: - namespace: system + namespace: default name: webhook-service path: /convert diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 62d52def..d903f4cf 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,5 +1,5 @@ # Adds namespace to all resources. -namespace: jenkins-operator-system +namespace: jenkins-operator # Value of this field is prepended to the # names of all resources, e.g. a deployment named diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 49b1f1ab..28a07150 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager - namespace: system + namespace: default spec: template: spec: diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml index 6c400155..4043379a 100644 --- a/config/default/manager_config_patch.yaml +++ b/config/default/manager_config_patch.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager - namespace: system + namespace: default spec: template: spec: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 4d62d526..c615e4de 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,15 +1,9 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system --- apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: jenkins-operator + namespace: default labels: control-plane: controller-manager spec: @@ -29,8 +23,9 @@ spec: - /manager args: - --leader-elect - image: controller:latest - name: manager + image: jenkins-operator:305dbeda-dirty-dirty + name: jenkins-operator + imagePullPolicy: Never securityContext: allowPrivilegeEscalation: false livenessProbe: diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 9b8047b7..713c6413 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -6,7 +6,7 @@ metadata: labels: control-plane: controller-manager name: controller-manager-metrics-monitor - namespace: system + namespace: default spec: endpoints: - path: /metrics diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4b..95543354 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: default - namespace: system + namespace: default diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 6cf656be..022ddfd9 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -4,7 +4,7 @@ metadata: labels: control-plane: controller-manager name: controller-manager-metrics-service - namespace: system + namespace: default spec: ports: - name: https diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 6334cc51..96f0afa7 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -1,3 +1,4 @@ +--- # permissions to do leader election. apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index eed16906..b4857aa3 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -9,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: default - namespace: system + namespace: default diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index f6fd0865..c0d31da6 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,4 +1,3 @@ - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -9,54 +8,111 @@ rules: - apiGroups: - "" resources: + - services - configmaps + - secrets + - serviceaccounts verbs: - get + - create + - update + - list + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - update - list - watch - apiGroups: - "" resources: - - pods + - pods/portforward verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - create - apiGroups: - - jenkins.io + - "" resources: - - jenkins + - pods/log verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - get + - list + - watch - apiGroups: - - jenkins.io + - "" resources: - - jenkins/finalizers + - pods + - pods/exec verbs: - - update + - "*" - apiGroups: - - jenkins.io + - "" resources: - - jenkins/status + - events verbs: - - get - - patch - - update + - watch + - list + - create + - patch - apiGroups: - - v1 + - apps + resourceNames: + - jenkins-operator resources: - - secrets + - deployments/finalizers verbs: - - get - - list - - watch + - update +- apiGroups: + - jenkins.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "route.openshift.io" + resources: + - routes + verbs: + - get + - list + - watch + - create + - update +- apiGroups: + - "image.openshift.io" + resources: + - imagestreams + verbs: + - get + - list + - watch +- apiGroups: + - "build.openshift.io" + resources: + - builds + - buildconfigs + verbs: + - get + - list + - watch diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 8f265870..1d8f4c44 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -9,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: default - namespace: system + namespace: default diff --git a/config/samples/jenkins.io_v1alpha2_jenkins.yaml b/config/samples/jenkins.io_v1alpha2_jenkins.yaml index 265b967c..c44357b6 100644 --- a/config/samples/jenkins.io_v1alpha2_jenkins.yaml +++ b/config/samples/jenkins.io_v1alpha2_jenkins.yaml @@ -1,7 +1,7 @@ apiVersion: jenkins.io/v1alpha2 kind: Jenkins metadata: - name: jenkins-example + name: example namespace: default spec: configurationAsCode: diff --git a/deploy/all-in-one-v1alpha2.yaml b/deploy/all-in-one-v1alpha2.yaml new file mode 100644 index 00000000..4f013d84 --- /dev/null +++ b/deploy/all-in-one-v1alpha2.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jenkins-operator +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jenkins-operator +rules: + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + - serviceaccounts + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - update + - list + - watch + - apiGroups: + - "" + resources: + - pods/portforward + verbs: + - create + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - "*" + - apiGroups: + - "" + resources: + - events + verbs: + - watch + - list + - create + - patch + - apiGroups: + - apps + resourceNames: + - jenkins-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - jenkins.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "route.openshift.io" + resources: + - routes + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "image.openshift.io" + resources: + - imagestreams + verbs: + - get + - list + - watch + - apiGroups: + - "build.openshift.io" + resources: + - builds + - buildconfigs + verbs: + - get + - list + - watch +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jenkins-operator +subjects: +- kind: ServiceAccount + name: jenkins-operator +roleRef: + kind: Role + name: jenkins-operator + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jenkins-operator +spec: + replicas: 1 + selector: + matchLabels: + name: jenkins-operator + template: + metadata: + labels: + name: jenkins-operator + spec: + serviceAccountName: jenkins-operator + containers: + - name: jenkins-operator + image: virtuslab/jenkins-operator:v0.5.0 + command: + - jenkins-operator + args: [] + imagePullPolicy: IfNotPresent + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "jenkins-operator" diff --git a/deploy/crds/jenkins.io_jenkins_crd.yaml b/deploy/crds/jenkins.io_jenkins_crd.yaml new file mode 100644 index 00000000..1d4e96c4 --- /dev/null +++ b/deploy/crds/jenkins.io_jenkins_crd.yaml @@ -0,0 +1,3027 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: jenkins.jenkins.io +spec: + group: jenkins.io + names: + kind: Jenkins + listKind: JenkinsList + plural: jenkins + singular: jenkins + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Jenkins is the Schema for the jenkins API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of the Jenkins + properties: + backup: + description: 'Backup defines configuration of Jenkins backup More info: + https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore' + properties: + action: + description: Action defines action which performs backup in backup + container sidecar + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + type: object + containerName: + description: ContainerName is the container name responsible for + backup operation + type: string + interval: + description: Interval tells how often make backup in seconds Defaults + to 30. + format: int64 + type: integer + makeBackupBeforePodDeletion: + description: MakeBackupBeforePodDeletion tells operator to make + backup before Jenkins master pod deletion + type: boolean + required: + - action + - containerName + - interval + - makeBackupBeforePodDeletion + type: object + configurationAsCode: + description: ConfigurationAsCode defines configuration of Jenkins customization + via Configuration as Code Jenkins plugin + properties: + configurations: + items: + description: ConfigMapRef is reference to Kubernetes ConfigMap + properties: + name: + type: string + required: + - name + type: object + type: array + secret: + description: SecretRef is reference to Kubernetes secret + properties: + name: + type: string + required: + - name + type: object + required: + - configurations + - secret + type: object + groovyScripts: + description: GroovyScripts defines configuration of Jenkins customization + via groovy scripts + properties: + configurations: + items: + description: ConfigMapRef is reference to Kubernetes ConfigMap + properties: + name: + type: string + required: + - name + type: object + type: array + secret: + description: SecretRef is reference to Kubernetes secret + properties: + name: + type: string + required: + - name + type: object + required: + - configurations + - secret + type: object + jenkinsAPISettings: + description: JenkinsAPISettings defines configuration used by the operator + to gain admin access to the Jenkins API + properties: + authorizationStrategy: + description: AuthorizationStrategy defines authorization strategy + of the operator for the Jenkins API + type: string + required: + - authorizationStrategy + type: object + master: + description: Master represents Jenkins master pod properties and Jenkins + plugins. Every single change here requires a pod restart. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + basePlugins: + description: 'BasePlugins contains plugins required by operator + Defaults to : - name: kubernetes version: 1.15.7 - name: workflow-job + version: "2.39" - name: workflow-aggregator version: "2.6" - name: + git version: 3.10.0 - name: job-dsl version: "1.74" - name: configuration-as-code + version: "1.19" - name: kubernetes-credentials-provider version: 0.12.1' + items: + description: Plugin defines Jenkins plugin + properties: + name: + description: Name is the name of Jenkins plugin + type: string + version: + description: Version is the version of Jenkins plugin + type: string + required: + - name + - version + type: object + type: array + containers: + description: 'List of containers belonging to the pod. Containers + cannot currently be added or removed. There must be at least one + container in a Pod. Defaults to: - image: jenkins/jenkins:lts imagePullPolicy: + Always livenessProbe: failureThreshold: 12 httpGet: path: + /login port: http scheme: HTTP initialDelaySeconds: + 80 periodSeconds: 10 successThreshold: 1 timeoutSeconds: + 5 name: jenkins-master readinessProbe: failureThreshold: + 3 httpGet: path: /login port: http scheme: + HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: + 1 timeoutSeconds: 1 resources: limits: cpu: 1500m memory: + 3Gi requests: cpu: "1" memory: 600Mi' + items: + description: Container defines Kubernetes container attributes + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of + the exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported as + an event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env with + a duplicate key will take precedence. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + imagePullPolicy: + description: Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always. + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. + properties: + postStart: + description: 'PostStart is called immediately after a + container is created. If the handler fails, the container + is terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called + if the container crashes or exits. The reason for termination + is passed to the handler. The Pod''s termination grace + period countdown begins before the PreStop hooked is + executed. Regardless of the outcome of the handler, + the container will eventually terminate within the Pod''s + termination grace period. Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Periodic probe of container liveness. Container + will be restarted if the probe fails. + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will + be accessible from the network. + items: + description: ContainerPort represents a network port in + a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < + 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x + < 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or + SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Periodic probe of container service readiness. + Container will be removed from service endpoints if the + probe fails. + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More + info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag + will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the + container. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. This + field is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is alpha-level and + it is only honored by servers that enable the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and the + other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves + similarly to SubPath but environment variable references + $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. This field is beta in 1.15. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. + type: string + required: + - image + - imagePullPolicy + - name + - resources + type: object + type: array + disableCSRFProtection: + description: DisableCSRFProtection allows you to toggle CSRF Protection + on Jenkins + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of the + images used by this PodSpec. If specified, these secrets will + be passed to individual puller implementations for them to use. + For example, in the case of docker, only DockerConfig type secrets + are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + masterAnnotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations + Deprecated: will be removed in the future, please use Annotations(annotations)' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true for + the pod to fit on a node. Selector which must match a node''s + labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + plugins: + description: Plugins contains plugins required by user + items: + description: Plugin defines Jenkins plugin + properties: + name: + description: Name is the name of Jenkins plugin + type: string + version: + description: Version is the version of Jenkins plugin + type: string + required: + - name + - version + type: object + type: array + securityContext: + description: 'SecurityContext that applies to all the containers + of the Jenkins Master. As per kubernetes specification, it can + be overridden for each container individually. Defaults to: runAsUser: + 1000 fsGroup: 1000' + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and + is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + This field is alpha-level and it is only honored by servers + that enable the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + volumes: + description: 'List of volumes that can be mounted by containers + belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the + default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per + storage account Managed: azure managed data disk (only + in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the + authentication secret for User, default is empty. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in + cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the ConfigMap, the volume setup will + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this + file, must be a value between 0 and 0777. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys + must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents + storage that is handled by an external CSI driver (Alpha + feature). + properties: + driver: + description: Driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to + the associated CSI driver which will determine the default + filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the + volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this + file, must be a value between 0 and 0777. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of + the exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back + this directory. The default is "" which means to use + the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for + this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to + the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for + this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the + secret object containing sensitive information to pass + to the plugin scripts. This may be empty if no secret + object is specified. If the secret object contains more + than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> + name on the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir + into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or + start with '..'. If '.' is supplied, the volume directory + will be the git repository. Otherwise, if specified, + the volume will contain the git repository in the subdirectory + with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new + iSCSI interface : will be + created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator + authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export + to be mounted with read-only permissions. Defaults to + false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: information about the configMap data + to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output + format of the exposed resources, + defaults to "1" + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to + project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path of the + file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if the + token is older than 80 percent of its time + to live or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is + no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: Registry represents a single or multiple + Quobyte Registry services specified as a string as host:port + pair (multiple entries are separated with commas) which + acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in + the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not + provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with + the protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the + ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the + Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this + file, must be a value between 0 and 0777. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must + be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - disableCSRFProtection + type: object + notifications: + description: Notifications defines list of a services which are used + to inform about Jenkins status Can be used to integrate chat services + like Slack, Microsoft Teams or Mailgun + items: + description: Notification is a service configuration used to send + notifications about Jenkins status + properties: + level: + description: NotificationLevel defines the level of a Notification + type: string + mailgun: + description: Mailgun is handler for Mailgun email service notification + channel + properties: + apiKeySecretKeySelector: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + secret: + description: The name of the secret in the pod's namespace + to select from. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - key + - secret + type: object + domain: + type: string + from: + type: string + recipient: + type: string + required: + - apiKeySecretKeySelector + - domain + - from + - recipient + type: object + name: + type: string + slack: + description: Slack is handler for Slack notification channel + properties: + webHookURLSecretKeySelector: + description: The web hook URL to Slack App + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + secret: + description: The name of the secret in the pod's namespace + to select from. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - key + - secret + type: object + required: + - webHookURLSecretKeySelector + type: object + smtp: + description: SMTP is handler for sending emails via this protocol + properties: + from: + type: string + passwordSecretKeySelector: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + secret: + description: The name of the secret in the pod's namespace + to select from. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - key + - secret + type: object + port: + type: integer + server: + type: string + tlsInsecureSkipVerify: + type: boolean + to: + type: string + usernameSecretKeySelector: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + secret: + description: The name of the secret in the pod's namespace + to select from. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - key + - secret + type: object + required: + - from + - passwordSecretKeySelector + - port + - server + - to + - usernameSecretKeySelector + type: object + teams: + description: MicrosoftTeams is handler for Microsoft MicrosoftTeams + notification channel + properties: + webHookURLSecretKeySelector: + description: The web hook URL to MicrosoftTeams App + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + secret: + description: The name of the secret in the pod's namespace + to select from. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + required: + - key + - secret + type: object + required: + - webHookURLSecretKeySelector + type: object + verbose: + type: boolean + required: + - level + - name + - verbose + type: object + type: array + restore: + description: 'Backup defines configuration of Jenkins backup restore + More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore' + properties: + action: + description: Action defines action which performs restore backup + in restore container sidecar + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + type: object + containerName: + description: ContainerName is the container name responsible for + restore backup operation + type: string + recoveryOnce: + description: RecoveryOnce if want to restore specific backup set + this field and then Jenkins will be restarted and desired backup + will be restored + format: int64 + type: integer + required: + - action + - containerName + type: object + roles: + description: Roles defines list of extra RBAC roles for the Jenkins + Master pod service account + items: + description: RoleRef contains information that points to the role + being used + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + type: array + seedJobs: + description: 'SeedJobs defines list of Jenkins Seed Job configurations + More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines' + items: + description: 'SeedJob defines configuration for seed job More info: + https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines' + properties: + additionalClasspath: + description: AdditionalClasspath is setting for Job DSL API plugin + to set Additional Classpath + type: string + bitbucketPushTrigger: + description: BitbucketPushTrigger is used for Bitbucket web hooks + type: boolean + buildPeriodically: + description: BuildPeriodically is setting for scheduled trigger + type: string + credentialID: + description: CredentialID is the Kubernetes secret name which + stores repository access credentials + type: string + credentialType: + description: JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ + credential type + type: string + description: + description: Description is the description of the seed job + type: string + failOnMissingPlugin: + description: FailOnMissingPlugin is setting for Job DSL API plugin + that fails job if required plugin is missing + type: boolean + githubPushTrigger: + description: GitHubPushTrigger is used for GitHub web hooks + type: boolean + id: + description: ID is the unique seed job name + type: string + ignoreMissingFiles: + description: IgnoreMissingFiles is setting for Job DSL API plugin + to ignore files that miss + type: boolean + pollSCM: + description: PollSCM is setting for polling changes in SCM + type: string + repositoryBranch: + description: RepositoryBranch is the repository branch where are + seed job definitions + type: string + repositoryUrl: + description: RepositoryURL is the repository access URL. Can be + SSH or HTTPS. + type: string + targets: + description: Targets is the repository path where are seed job + definitions + type: string + unstableOnDeprecation: + description: UnstableOnDeprecation is setting for Job DSL API + plugin that sets build status as unstable if build using deprecated + features + type: boolean + type: object + type: array + service: + description: 'Service is Kubernetes service of Jenkins master HTTP pod + Defaults to : port: 8080 type: ClusterIP' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and + values matching this selector. If empty or not present, the service + is assumed to have an external process managing its endpoints, + which Kubernetes will not modify. Only applies to types ClusterIP, + NodePort, and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer + will get created with the IP specified in this field. This feature + depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. This field + will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will + restrict traffic through the cloud-provider load-balancer will + be restricted to the specified client IPs. This field will be + ignored if the cloud-provider does not support the feature." More + info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' + items: + type: string + type: array + nodePort: + description: 'The port on each node on which this service is exposed + when type=NodePort or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the service if unused or + else creation of the service will fail. Default is to auto-allocate + a port if the ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: 'The port that are exposed by this service. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + format: int32 + type: integer + type: + description: 'Type determines how the Service is exposed. Defaults + to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, + and LoadBalancer. "ExternalName" maps to the specified externalName. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that + is not specified, by manual construction of an Endpoints object. + If clusterIP is "None", no virtual IP is allocated and the endpoints + are published as a set of endpoints rather than a stable IP. "NodePort" + builds on ClusterIP and allocates a port on every node which routes + to the clusterIP. "LoadBalancer" builds on NodePort and creates + an external load-balancer (if supported in the current cloud) + which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types' + type: string + type: object + serviceAccount: + description: ServiceAccount defines Jenkins master service account attributes + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + type: object + slaveService: + description: 'Service is Kubernetes service of Jenkins slave pods Defaults + to : port: 50000 type: ClusterIP' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys and + values matching this selector. If empty or not present, the service + is assumed to have an external process managing its endpoints, + which Kubernetes will not modify. Only applies to types ClusterIP, + NodePort, and LoadBalancer. Ignored if type is ExternalName. More + info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer LoadBalancer + will get created with the IP specified in this field. This feature + depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. This field + will be ignored if the cloud-provider does not support the feature.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, this will + restrict traffic through the cloud-provider load-balancer will + be restricted to the specified client IPs. This field will be + ignored if the cloud-provider does not support the feature." More + info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/' + items: + type: string + type: array + nodePort: + description: 'The port on each node on which this service is exposed + when type=NodePort or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the service if unused or + else creation of the service will fail. Default is to auto-allocate + a port if the ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: 'The port that are exposed by this service. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + format: int32 + type: integer + type: + description: 'Type determines how the Service is exposed. Defaults + to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, + and LoadBalancer. "ExternalName" maps to the specified externalName. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that + is not specified, by manual construction of an Endpoints object. + If clusterIP is "None", no virtual IP is allocated and the endpoints + are published as a set of endpoints rather than a stable IP. "NodePort" + builds on ClusterIP and allocates a port on every node which routes + to the clusterIP. "LoadBalancer" builds on NodePort and creates + an external load-balancer (if supported in the current cloud) + which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types' + type: string + type: object + required: + - jenkinsAPISettings + - master + type: object + status: + description: Status defines the observed state of Jenkins + properties: + appliedGroovyScripts: + description: AppliedGroovyScripts is a list with all applied groovy + scripts in Jenkins by the operator + items: + description: AppliedGroovyScript is the applied groovy script in Jenkins + by the operator + properties: + configurationType: + description: ConfigurationType is the name of the configuration + type(base-groovy, user-groovy, user-casc) + type: string + hash: + description: Hash is the hash of the groovy script and secrets + which it uses + type: string + name: + description: Name is the name of the groovy script + type: string + source: + description: Source is the name of source where is located groovy + script + type: string + required: + - configurationType + - hash + - name + - source + type: object + type: array + backupDoneBeforePodDeletion: + description: BackupDoneBeforePodDeletion tells if backup before pod + deletion has been made + type: boolean + baseConfigurationCompletedTime: + description: BaseConfigurationCompletedTime is a time when Jenkins base + configuration phase has been completed + format: date-time + type: string + createdSeedJobs: + description: CreatedSeedJobs contains list of seed job id already created + in Jenkins + items: + type: string + type: array + lastBackup: + description: LastBackup is the latest backup number + format: int64 + type: integer + operatorVersion: + description: OperatorVersion is the operator version which manages this + CR + type: string + pendingBackup: + description: PendingBackup is the pending backup number + format: int64 + type: integer + provisionStartTime: + description: ProvisionStartTime is a time when Jenkins master pod has + been created + format: date-time + type: string + restoredBackup: + description: RestoredBackup is the restored backup number after Jenkins + master pod restart + format: int64 + type: integer + userAndPasswordHash: + description: UserAndPasswordHash is a SHA256 hash made from user and + password + type: string + userConfigurationCompletedTime: + description: UserConfigurationCompletedTime is a time when Jenkins user + configuration phase has been completed + format: date-time + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/deploy/crds/jenkins.io_jenkinsimages_crd.yaml b/deploy/crds/jenkins.io_jenkinsimages_crd.yaml new file mode 100644 index 00000000..acf4f081 --- /dev/null +++ b/deploy/crds/jenkins.io_jenkinsimages_crd.yaml @@ -0,0 +1,85 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: jenkinsimages.jenkins.io +spec: + group: jenkins.io + names: + kind: JenkinsImage + listKind: JenkinsImageList + plural: jenkinsimages + singular: jenkinsimage + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: JenkinsImage is the Schema for the jenkinsimages API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: JenkinsImageSpec defines the desired state of JenkinsImage + properties: + image: + description: Defines Jenkins Plugin structure + properties: + name: + type: string + version: + type: string + required: + - name + type: object + plugins: + items: + description: Defines Jenkins Plugin structure + properties: + name: + type: string + version: + type: string + required: + - name + type: object + type: array + required: + - image + - plugins + type: object + status: + description: JenkinsImageStatus defines the observed state of JenkinsImage + properties: + image: + type: string + installedPlugins: + items: + description: Defines Jenkins Plugin structure + properties: + name: + type: string + version: + type: string + required: + - name + type: object + type: array + md5sum: + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml b/deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml new file mode 100644 index 00000000..582c8977 --- /dev/null +++ b/deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml @@ -0,0 +1,15 @@ +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: example +spec: + master: + containers: + - name: jenkins-master + image: jenkins/jenkins:2.263.2-lts-alpine + seedJobs: + - id: jenkins-operator + targets: "cicd/jobs/*.jenkins" + description: "Jenkins Operator repository" + repositoryBranch: master + repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git diff --git a/deploy/crds/jenkins_v1alpha2_jenkins_crd.yaml b/deploy/crds/jenkins_v1alpha2_jenkins_crd.yaml new file mode 100644 index 00000000..8206d650 --- /dev/null +++ b/deploy/crds/jenkins_v1alpha2_jenkins_crd.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: jenkins.jenkins.io +spec: + group: jenkins.io + names: + kind: Jenkins + listKind: JenkinsList + plural: jenkins + singular: jenkins + scope: Namespaced + versions: + - name : v1alpha2 + served: true + storage: true + - name : v1alpha1 + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: jenkinsimages.jenkins.io +spec: + group: jenkins.io + names: + kind: JenkinsImage + listKind: JenkinsImageList + plural: jenkinsimages + singular: jenkinsimage + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: JenkinsImage is the Schema for the jenkinsimages API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: JenkinsImageSpec defines the desired state of JenkinsImage + properties: + image: + description: Defines Jenkins Plugin structure + properties: + name: + type: string + version: + type: string + required: + - name + type: object + plugins: + items: + description: Defines Jenkins Plugin structure + properties: + name: + type: string + version: + type: string + required: + - name + type: object + type: array + required: + - image + - plugins + type: object + status: + description: JenkinsImageStatus defines the observed state of JenkinsImage + properties: + image: + type: string + installedPlugins: + items: + description: Defines Jenkins Plugin structure + properties: + name: + type: string + version: + type: string + required: + - name + type: object + type: array + md5sum: + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true + diff --git a/deploy/crds/jenkins_v1alpha2_jenkinsimage_cr.yaml b/deploy/crds/jenkins_v1alpha2_jenkinsimage_cr.yaml new file mode 100644 index 00000000..cda0a0fc --- /dev/null +++ b/deploy/crds/jenkins_v1alpha2_jenkinsimage_cr.yaml @@ -0,0 +1,24 @@ +apiVersion: jenkins.io/v1alpha2 +kind: JenkinsImage +metadata: + name: simple-jenkinsimage +spec: + image: + name: jenkins/jenkins + tag: 2.263.1-lts-alpine + plugins: + - name: kubernetes + version: "1.28.6" + - name: workflow-job + version: "2.40" + - name: workflow-aggregator + version: "2.6" + - name: git + version: "4.5.0" + - name: job-dsl + version: "1.77" + - name: configuration-as-code + version: "1.46" + - name: kubernetes-credentials-provider + version: "0.15" + diff --git a/deploy/crds/jenkins_v1alpha2_jenkinsimage_crd.yaml b/deploy/crds/jenkins_v1alpha2_jenkinsimage_crd.yaml new file mode 100644 index 00000000..acf4f081 --- /dev/null +++ b/deploy/crds/jenkins_v1alpha2_jenkinsimage_crd.yaml @@ -0,0 +1,85 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: jenkinsimages.jenkins.io +spec: + group: jenkins.io + names: + kind: JenkinsImage + listKind: JenkinsImageList + plural: jenkinsimages + singular: jenkinsimage + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: JenkinsImage is the Schema for the jenkinsimages API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: JenkinsImageSpec defines the desired state of JenkinsImage + properties: + image: + description: Defines Jenkins Plugin structure + properties: + name: + type: string + version: + type: string + required: + - name + type: object + plugins: + items: + description: Defines Jenkins Plugin structure + properties: + name: + type: string + version: + type: string + required: + - name + type: object + type: array + required: + - image + - plugins + type: object + status: + description: JenkinsImageStatus defines the observed state of JenkinsImage + properties: + image: + type: string + installedPlugins: + items: + description: Defines Jenkins Plugin structure + properties: + name: + type: string + version: + type: string + required: + - name + type: object + type: array + md5sum: + type: string + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/deploy/crds/openshift_jenkins_v1alpha2_jenkins_cr.yaml b/deploy/crds/openshift_jenkins_v1alpha2_jenkins_cr.yaml new file mode 100644 index 00000000..9942813a --- /dev/null +++ b/deploy/crds/openshift_jenkins_v1alpha2_jenkins_cr.yaml @@ -0,0 +1,73 @@ +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + annotations: + jenkins.io/openshift-mode: 'true' + name: jenkins +spec: + master: + containers: + - name: jenkins-master + command: + - /usr/bin/go-init + - '-main' + - /usr/libexec/s2i/run + env: + - name: OPENSHIFT_ENABLE_OAUTH + value: 'true' + - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT + value: 'true' + - name: DISABLE_ADMINISTRATIVE_MONITORS + value: 'false' + - name: KUBERNETES_MASTER + value: 'https://kubernetes.default:443' + - name: KUBERNETES_TRUST_CERTIFICATES + value: 'true' + - name: JENKINS_SERVICE_NAME + value: jenkins-operator-http-jenkins + - name: JNLP_SERVICE_NAME + value: jenkins-operator-slave-jenkins + - name: JENKINS_UC_INSECURE + value: 'false' + - name: JENKINS_HOME + value: /var/lib/jenkins + - name: JAVA_OPTS + value: >- + -XX:+UnlockExperimentalVMOptions -XX:+UnlockExperimentalVMOptions + -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1 + -Djenkins.install.runSetupWizard=false -Djava.awt.headless=true + image: 'quay.io/openshift/origin-jenkins:latest' + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /login + port: 8080 + scheme: HTTP + initialDelaySeconds: 420 + periodSeconds: 360 + timeoutSeconds: 240 + readinessProbe: + httpGet: + path: /login + port: 8080 + scheme: HTTP + initialDelaySeconds: 3 + periodSeconds: 0 + timeoutSeconds: 240 + resources: + limits: + cpu: 600m + memory: 4Gi + requests: + cpu: 500m + memory: 3Gi + service: + port: 8080 + type: ClusterIP + slaveService: + port: 50000 + type: ClusterIP + serviceAccount: + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins-operator"}}' + diff --git a/deploy/olm-catalog/jenkins-operator/0.2.2/jenkins-operator.v0.2.2.clusterserviceversion.yaml b/deploy/olm-catalog/jenkins-operator/0.2.2/jenkins-operator.v0.2.2.clusterserviceversion.yaml new file mode 100644 index 00000000..de2d8c6d --- /dev/null +++ b/deploy/olm-catalog/jenkins-operator/0.2.2/jenkins-operator.v0.2.2.clusterserviceversion.yaml @@ -0,0 +1,244 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: >- + [{"apiVersion":"jenkins.io/v1alpha2","kind":"Jenkins","metadata":{"name":"example"},"spec":{"master":{"containers":[{"name":"jenkins-master","image":"jenkins/jenkins:lts","imagePullPolicy":"Always","livenessProbe":{"failureThreshold":12,"httpGet":{"path":"/login","port":"http","scheme":"HTTP"},"initialDelaySeconds":80,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"readinessProbe":{"failureThreshold":3,"httpGet":{"path":"/login","port":"http","scheme":"HTTP"},"initialDelaySeconds":30,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1},"resources":{"limits":{"cpu":"1500m","memory":"3Gi"},"requests":{"cpu":"1","memory":"500Mi"}}}]},"seedJobs":[{"id":"jenkins-operator","targets":"cicd/jobs/*.jenkins","description":"Jenkins + Operator + repository","repositoryBranch":"master","repositoryUrl":"https://github.com/jenkinsci/kubernetes-operator.git"}]}}] + categories: Integration & Delivery + certified: 'false' + description: >- + Kubernetes native operator which fully manages Jenkins on Kubernetes. + containerImage: 'virtuslab/jenkins-operator:v0.2.2' + support: 'VirtusLab' + capabilities: Basic Install + repository: 'https://github.com/jenkinsci/kubernetes-operator' + name: jenkins-operator.v0.2.2 + namespace: placeholder +spec: + apiservicedefinitions: {} + displayName: Jenkins Operator + description: >+ + ##What's the Jenkins Operator? + + Jenkins operator is a Kubernetes native operator which fully manages Jenkins on Kubernetes. It was built with immutability and declarative configuration as code in mind. + + + Out of the box it provides: + + + integration with Kubernetes + + pipelines as code + + extensibility via groovy scripts or configuration as code plugin + + security and hardening + + Problem statement and goals + + The main reason why we decided to implement the Jenkins Operator is the fact that we faced a lot of problems with standard Jenkins deployment. We want to make Jenkins more robust, suitable for dynamic and multi-tenant environments. + + + Some of the problems we want to solve: + + installing plugins with incompatible versions or security vulnerabilities + + better configuration as code + + lack of end to end tests + + handle graceful shutdown properly + + security and hardening out of the box + + orphaned jobs with no jnlp connection + + make errors more visible for end users + + backup and restore for jobs history + + + version: 0.2.2 + minKubeVersion: 1.11.0 + maturity: alpha + keywords: + - jenkins + - operator + - CI/CD + maintainers: + - name: Tomasz Sęk + email: tomasz.sek.88@gmail.com + - name: Jakub Al-Khalili + email: jal-khalili@virtuslab.com + provider: + name: VirtusLab + labels: {} + selector: + matchLabels: {} + links: + - name: GitHub + url: 'https://github.com/jenkinsci/kubernetes-operator' + - name: Website + url: 'https://jenkinsci.github.io/kubernetes-operator/' + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAlgAAAIYCAYAAACxPpKwAAABhGlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw0AcxV9TxaIVQQuKiGSoThZERRy1CkWoEGqFVh1MLv2CJg1Jiouj4Fpw8GOx6uDirKuDqyAIfoC4uDopukiJ/0sKLWI9OO7Hu3uPu3eAUC0yzWobBzTdNhOxqJhKr4odr+hCLwIYRr/MLGNOkuJoOb7u4ePrXYRntT735+hWMxYDfCLxLDNMm3iDeHrTNjjvE4dYXlaJz4nHTLog8SPXFY/fOOdcFnhmyEwm5olDxGKuiZUmZnlTI54iDquaTvlCymOV8xZnrVhm9XvyFwYz+soy12kOIYZFLEGCCAVlFFCEjQitOikWErQfbeEfdP0SuRRyFcDIsYASNMiuH/wPfndrZScnvKRgFGh/cZyPEaBjF6hVHOf72HFqJ4D/GbjSG/5SFZj5JL3S0MJHQM82cHHd0JQ94HIHGHgyZFN2JT9NIZsF3s/om9JA3y3Queb1Vt/H6QOQpK7iN8DBITCao+z1Fu8ONPf275l6fz9IqnKWZyls5AAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAuIwAALiMBeKU/dgAAAAd0SU1FB+MLEgghNpzyvEsAAAAZdEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIEdJTVBXgQ4XAAAgAElEQVR42uydd3RUVdeHn0kvpJKEFlrovTfpIL03KQICIq8iIihFULoUUQEpSlNAEQEBAekgRZoIoXcChAQSQgJJKOmZ+f6Y+H6+Srt37kxmMvtZK0sXyT733HP2zP3dc/bZGwRBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEATBrOhkCAQNcAUKA2WyfooABQFvIO9T/j4NiALigGjgNhAGXAVuAckypIIgvCTuWd83JYHiWf+fFwjK+q/bU2zuAQ+BSCAcuJT1cxNIlSEVRGAJ2YUDUAtoBjQBKgG+GrX9EIgADgJHs/4bLkMuCEIWBYF6QB2gAVA062VOCxKAM8A+YC9wBMiUIRcEwdzUARYAMYDBQj+ZGFe2ZgENs8SdIAj2tRBQB5gJXAQyLPj9Ew18k/XdIwsSgiBoigswGDgL6C34xfasnyhgNlBZpkYQcjTlgM8wbuMZrODnMjAE45akIAiCScJqFMY4KYMV/uiBP4DugKNMlyDkCHRAR+AAxtVra/zuiQE+EKElCIIaulrRW+PL/IRjXGVzkakTBJvECRgA3LCh7507QF9k61B4ztuCIPxFMLAYaGWj/b8JfAKsxrjCJVgWB4yriS6AD+AP+GE8AOEK5Mt6MJH1Oy+Nr/8E44rrX9zDeCI1KWvVIQGIx3iKNVN8xGqeQZ0wbgUWt9F7OPA3cSgIIrCEf9EbmJ/1YLR1DgFDgVMyrZrimiWKigIhGNNxBGf95MN4LN4byG3l9/EAeJT139t/+wnPekhex3iaVY7rm5eKwBygcQ64lyfAu8AKmVZBBJbwF87APOA/Oey+MjGePBwnD0rFeGSJp7JAeaA0UCLr3/ztZAziMW4BXQKuAeeBcxhXSZ+Ii5iEOzABGE7O29ZfjjFcQXL5CSKw7Bxf4FeMOWVyKpeBPsAJme5nPuwqAjWAqlk/IWi/fZdTeJwlsk4BpzHmaruIccVLeDHlgZUYc+flVP4EWgP3ZboFwT7JD1zBdgJKTflJAd6TKQegAMZDDHOyHgSP7MQHzPmTlCW45gO9MFY1EP7N21ljZQ8+cRPjVrogCHYorq7a4YNwLfZ3tDoP0ANjssSrWDZJo73+ZGKM5VqKMbYxv51/3zgDy+zQDyJEZAmCiCt7+jmRJTpyKk5AfeBTjCU/MhHBYw2C6zzGTOSNsa90IoEYy83Y69xHAIXksWOfSAyWfeGFsb5WdbO8pnp4UaxSTSo2bI5/3gJ4+QXg5OyCq4cn7l4+GPSZJMTeBQOkp6VyPyqCJw8TOL13G3fCLpMUf89S4xCJsfTFzRwyr94Y60J2BlpiP4HotspjYDuwBdiMMX1ETn2Z24/xgITZcfPJTcGSZanUuDWeXj4EBBfG2cUVdA745A7EwcmZpIcJpCUnkZGRzuP4+zy4e4fzh/dw7eQx0h6bbRrOYqyZmCiuLwJLyLlzvQbopmWjeUuUo2G3fpSs+gqBwYXx9PHDYDAo65hOR2rSExLiYoi5FcaNs6Ec3bKGuPBr5hyPGKANEGqj8+kDtMUYT9UaSbJqq6QDe4CfgY0YTy/mBMpiLJgcZK4L+OYvTN0OPSlepTZBhULwDQjCzdNL1fdP0qNEYm/f4saZ4+xds5Soy2e17u42oD1SOFoElpAjGQtM1aqxRr3epnbb1yhctpLxLVFTr9SRlpxE7O1wLh07wG8/LiY2/Ko5xiQBeNWGRJYn0AJj9uiWGPNSCTmHNIwrzD9mia3HIq7+F78CRXn19f9Qtk4jggqF4OrhCQoF1YvISE8j8sp5jm1dx54Vc7VsegowXtxcBJaQs3gFOIgx07ZJ1O8+kCY9BxJcohw6nWXcJy0lietnjnN400/8sXGl1s3HArWw3u1CHVAH6Idx9dFX3NkueAKsA77HuM1mK1nngzFDnGPVFp1p2K0/xSrVwC2Xl+ai6mkYDAaib1zltx8XcWD1Yi2a1Ge9IO0R9xaBJeQMcmGMATDpNEuugLy8OW0hZWs3wtHJKVtuRK/Xc+viafasXMixzau0bDoCYx6oe1Y0b0FZomoAUErc2K65CXwHfAtEW3E/A4HDaBhzVaV5J1r0e4+QCtVwcMyemu56fSYXj+7nx6kjtVhJvw2UQ/KmicAScgSzMGZMVk2t9r3oMmw8/nmDreKGDHo9V04cZuOC6YQd/12rZk8Bdcn+DMz1MJb5aY9sAQr/SzqwFWPKjT1Y16qWK/Bb1mfIZIpUqkWn9z6hTO0GODg4WsUNJsbFsHH+NA6u/dbUppYAg8SdRWAJtk0VjMv1qrcG2737Ma0HDsfZ1c3qbi7lySOOblnLj5Pe16rJdcBr/H9BYks+nPoCQzBmVc8x5CtRDidnF0rXboiLqzEFmbtnLjDj9nJK0hMMej3paalc/mM/BoOeyIunc9pn+zLGElcryP7SPTqMW5m9tWisx8df8kq77nh4W99ueEZ6GrtWLGDDrHGmNJOJMZXKUXlEicASbJf9GNMRqKLbqOk06/MODo5OVn2T4edPsnLaKMJP/6FFc2OAGRbqehDGArHvYNxesRmCipaidK0G5CkUgl+eAuTy88fV3RPv3IE4Obvg5pkLN4//F1KWitf7J/89UWYwkJ6aQtKjRNLTUnmc8ICUJ494nPCA+Jho4mOiOLN/G/duXrW1z/gjjBnkv8a4/ZQdvJN1fRPFeHn6T5lPSMXqVj3gBr2e/T8v58dJQ01p5jjG2E8DgggsweZoiTHXjiq6jppOcxsQV3/xJDGeX+ZNZf+qhaY2lQ40wpgc0VyEAB8C/bHizPJuvgEULFGGas064J8vGC//APzzFsA9lzceXj458kOTmvSEpEeJPIi+zcMHscTdieD84T3cPHfKknnaVHUdY6WCqRhLYFmKqsAhU/24btf+dB02Hi9/23jPMOj1/PbTElZP/dCUZnpgTJ0jiMASbIzzGIMpFdOs//t0eX8CTi62lVopIz2NPSsXse7zMaY2dQtjUVqtj8kXw7hC1hdj+RCrwd03gJLVXqF83SbkLVIC/3zB+AbmUZVXKMd9SWblaXv4II74mDvcDQ/jzP7t3Dh3kocxt62tu/osofUl5i9w7okxdtGkoPb2Q8fTqv9QqwxDeB6ZGels+GoKO7+dpbaJS1nf0bKKJQJLsCFUr14Vr9GAofNWWWX8w0u9WRr0/L5uBT9MMLm280qgj0bdCgGmY4zvsgqCQkpTpXFrQirVIE+hEHLnL4iHty8GvV4+PS8luhxIefKIBzF3uHvzGuEXTnNq71airpy1pm5uASZj3I4yB/MxbnGrptf4OTTq1j/bTgiaSvLjhywe9Rbn9m9V24SsYonAEmyMfRi3uRQzafNxChQvY/MDELp7M98Me92UfDkGoB3GU1tqKYYxwWsfrGDFqkGPtyj3ShOCi5fBP18wLm7udr86pZ3g0pGemkL8vWgir5zn6onD7PtxIZkZ6dn+zgH8hDHJ5WUN222E8SSjamU04LOl1GnbPdvi87Qi6vplpvRoQvoTVZkX/sQYiyWIwBJsgLLAOVScHHx9wlc07v5mzlGZa74zNRD1FlAG5akbAoGPMJ4KzLZ91mLV6lG9RUeKVaxOvqIlcffyQXYjLCe4kh49JOZWGDfPn+TEzo1c+WNfdnYpE1iKMUYr0sS2XIELWS8Qqug1bjaNewy0eXH1F4d+Wcnyj99WK4BrYLsluwQRWHbFFxgDqBVRqHw1Ri3bgpunV44ZCIPBwI5lc1n/xcemNDMDY9zUy+AGDANGk00Z18s1bEmtVl0pUq4yeQoXz7aksML/os/MJO7OLcIvnOLY9vWc2bM5u7qShDE33meojzH8BOOKmKpHTsdhE2n95jCb3RZ8GmkpyXz1bneuHN2rxnwR8LZ8SkRgCdaNM8ZVl3xKDYd/+yvl6jTOcQOSkZ7Gms8/Yd9K1afIU4AKQNgL/q4HxjirIpa+x8IVa/Lq6/+hWKUaBAYXQefgIJ8Eaxb+ej33oyO5cfYEhzev5sKB7dnRjeisF4cfUJawtCDGU4qqTg3W6zaA18fOtLmA9pfh6onDzOzbQo3pfaAAxpOggggswUppiDH3lSJK1WnC8G/W2dypwZflccID5r3Xk+uhh9U2sQHo8ozfVcCYWbuuJe/J0z+Itv8ZSdk6jchbpISsVNmq2DIYuHvzGldDD7N16WweRN6wdBdCMW5lv2wSuRUYT8EqJn+pCoz87le8/AJy5FzqMzNYNPJNQnesV2PeEdgknwgRWIL1oupUz/uLN1Kh3qs5emCirl9mfDvVCQz1GOMkTv7t33yBiVnjbRF1o3NwoF63AdRu3ZUi5avg6u4pHp+DSE9N4dbFM5z8bQt7fliAPj3NYjoPWA6MxLia8iwqY0z9oGpvb9y6QxQuWzlHz+HlP3/ni36t1Zh+CwyUT4EILMF65/IKCnPSeOcpwPStJ3H1yPkP6z+2rGXpqAFqzTcDHbLGuQswB+OyvtnxDy5K20EjKFu7EQHBhcXTc/wnWUfCvWguHN7L7pXfcPviKUtd+X6WyPoeY1D8P9mEsUamYvpOXkDDbv1y/KnV9NRUJr3WkLvXzit+B8S4/Sp5UnIQjjIEOYYCGE8IKaLz8EmUqFrHLgYob9ES3LsTwZ2r59WYl8CYvHUmxiBfb3P3t2KTdvT6+Au6DZ9ESKUaNpubTFCOm2cuCpWuQN0OvShTuxGZwJ0r58x9WY+sl4gGGLcM/76aVRljcLzil/IKjdvQeegnNlMVwqQHqpMTTs7OnNm3TampF/AzECven7NWPYScQW+MAauKmLTpTwqUKGs3g3Q3/Brj2laz6oSaTfsO4ZX2PQguWV5iqwTAmEA36voVjm1dx7ZFn1nikqkYc7h9hXE1aznwhpqGJm48RnDJcnYzV/cibjC2paqa7W9jPFEo5BTBLUOQY+gJ1FNi4OrlS7cPJueo49IvIpdvbty9fLlwaLfV9a3D0PH0nfgVtdp0wzcoHw5yGlD4601Yp8PbP5AytRvySsfeeAXk4bJ582o5AS2A5sBNjCdkFav9LiOmUq1p2/8W/bYH3DxzcfbQbyTei1JqehvTEhsLVoZ8g+ccFKdfb/3WBzg6O9vdQNVp1x1P/yCr6U+3UdOZsfsC7d4eRZ7CxXNM8kXBPAQUKESbtz5g9qFwek+ca+7L1QZ+w5hcVBEunt7U69jLrsQVgKOTM7XbdFNjWlK8WwSWYJ0UVWpQJIef6HkWuXz96TtxTrb3o+P7E/l831Va9HuPgAISvC4ow8s/gEavDcgSWvOsrn+9x83Cyz/QLuemYKkKqszEq3MWEuCRc1D8mmjNX34PH8QSHxNFRqox955vnnz45cmPg4M225nl675KYJGSxIZftfi9tXv3Y+p27CWiStBQaPWnQr1XObplLRvnTMj2Prl4eFG5USvN2jMYDMTHRBEfEwUGA47OLvjlyY9PQJB1zolfbjVmHuLNIrAE68MRUPyJds9lXWVxDHo9ty6fZf+a7zj083f/+n3hijVp/85oytRqgIubu0nXcnX3oOsHk/hmaE+L3V+9rv1p1ucdYzFt2QYUNCZ3/oK0HfQhtVp1Zt+a79j13exs60vv8bPx8PYxuZ30tFSuHD/MtqWzuHps/79+X6t9L5r2eosi5atq9vKlBbnUCSzB3lc9BKvlElBaicH0XecJDC5iFZ1/nPCAncvnsX3x5y/827L1m9Nz9AzyhZQ0+Zojm5YhPfmJWe+tbP0WtH9nFMUq1pAyNoJlXlYMem5dPMOOZXM5se1ni19/9uFwkzO234u8yarpozm//8UpD5q+8R5tBg7HO7d1rGjF34tmZKMSSs3uAMHivTkH+bbPOaQrNXh4/55VdDz2djgLhvV5KXEFcPHgLsa1rcqlPw6ACYkLc/n60+Y/I812Xz75CvHWF8sZOm8VxSvXEnElWO7NWedAkXJVGDhtIe8v+gX/4KIWu3aXEVNNFldXThxibIsKLyWuAH5bMY8Fw/pyN/yaVYx/wr1ocUJBBFYOQvEyTErSk2zvdOztcL56tzvX/jyg2PbLAW048/tOlW/4Bk7v387GORPNcl9tB49l/Jp91GrdFScXV/FOIVtwcnGlQv1mjF97gG6jZljkmhXrNzdFGXL+0B4+79tSsen10EN88WYHom9czfZxT09NUWMWJx4rAkuwTiKVGty9mb1vewn3ovlq8GvcvXZBdRvz3ulK2Ok/FdmkpSSzdcmXzB/cTfN7KtewFePWHaLDu2PwCcgjXilYBbl8/WnRbwiTt4RSpXkns12nfKPW5Cumfuv+1oXTzH+/t/rvlOgIPh/QjvvRkdk63jG3rqsxixJPFYElWCc3lRqEnTqWbZ1NTXrCms8/4W7YRZPbWjhyAHG3b73U3z58EMuycUPMsnLVf/piBs9aQeGylSWXlWCV5A8pxaDPlvDOV6vM0n7Kk0ckxKjbHku4F83i0QPJSH5sUh8e3rvDD1M+JPnxw2wZY51Ox7WTRy3yHS5YN5LJPedQCGMdsZd/Xbp2gVf7DMbZ1c2iHTUYDOxcMZ/fvp+vzZf6owRio29TpXFrHJ2enTg1+uZVFo18kwu/79D0fqq16sp7C9ZQpmYDnOwwcatgY1/6Tk7kL1aKep37kpqWyq3zJzVr+0FUBJeOH6Zohar4BuZ9abuM9DRWzfiIK0f3atKPe+HXcHbzoFSNehYf39TkJ6z+bCypygXeSuCYeGjOQVawcg6n1BjFRNyweEcjLp3ll9njNW3zzJ7NHNu27pnpDy4d+50JHWpx89RRTa87cOZ3vDV9MUEFi4oHCjaFf75gXh87kyEL1uLiqV3t8tuXTjGlaz3OHHj5+Mgjm1fzx8aVmt7f5nlTuH7muMXHNebWdRLvqtqiPC5eKQJLsE4uA4pfmc4f2mPRTmZmZLBzxXyztL3ik3eIvn75f/7NYDDwx5a1fNm/NfqMdM2uVbVlF6bvPEfttq/h5OIi3ifYJI5OzlRu3Jopm45Rt2t/Tdue904XDvy8DH1m5nP/LvZ2ON+PG2yW+9v+3VdkZmRYdEyvhh5RY5YCXBSPzGGfLxmCHEMG0BIoosTozvUrNO7+Jk7OlhEJd65eYNWUYWZrP+F+LNVebY+DgwOZGensXvkNKye+p90biaMTPT7+gk7vjrWanDuCYCoeXj5UqPcqAYVCOLt/BwaDXpN2z+7fjl6no0TlWjg4/juvtUGvZ+0X44i8dNos93X3xmUqNGiBf94CFhnHtJQkvvvkXZIS7is1DQUWiCfmLGQFK2exW6nB47i7lltG1+k4e3CXWS9xaucvnD/8G2mpKWyYO4WfP/tIs7YLlqvG6JW7adprEC7uUtVCyFk4ObtQv1Nvxq0/RPEaDTRrd+vX01k5dSQpTx7963cX/9jP4fXLzXpfZ3/fabHKCTfOhqotv/WbeGDOQ1awchYPgbeVGiUlPaZG845mT4SZmZHOujmTSLh726zXibx2ibs3r2oWRA/w6htD6TthNvmKlhAvE3I0PrmDqNasHegcCFO33fUvIi6eIjriJmVqNcA16+UkNTmJ78a9a/bvg/sxUTTs2u+5B2C0QK/Xs+nrGdy+fFaN+WjgtnhfzkLOkuc8LgOllBqNXb2PkIo1zNqxx/H3GVbX9gocD5i+hFptupr9C1oQrAmDXs+pvVv5WsN6nRUataHvhNn45cnPn9vXs/jDNyxyL7MO3jD7lv7tqxeY2LGWGtNojCVy9OJ1OQvZIsx5bFBjtHvlwhcGo5ossBIf2NRA+hcM4ZOfD/FKh54irgT7e/t2cKDqq+2YuOlPQqrW1aTNc/u3Mm/o69w8F8q6OZMsdi+JcTHmFaMGA/vXfqfWfI2IKxFYgm2wXM2H9fiWNVw/K6eE/6Jqi86M+WEHRcpVlsEQ7JrgEmUZOv8nGnQfqEl7EeeOM7V7Qx5EWi5FjMGEmqUvw42zx9m/apGqrgErxMtEYAm2wVXgkBrDtV+MIyXpsdk6lss3t00MYNt3x/LmtIX4BeUXbxIEjKV2eo35jJ6fzLLJ/pvzs5yemsLmb2aqNT8JnBYPE4El2A5z1RjdPHWU0F2bzdYpN08vilSqadUD9+bMb+kweMx/A3EFQTDi5OJKk55vMXjeahycbCf3W+5CxXD18DRb+yd2bTKlOsQ88SwRWIJt8QvGlSzFLBs7yGzV6J1cXKjeopNVDphn7jyMXLGDOm1ekzqCgvAMdDodVZu25eM1+8hdqJhN9LlW665mS6sSE3Gdb0e/qdb8DvCTeJUILMG20KNyFQtg9cwxJD8lZ43JGAyUrd3I6gYruFxVRi/faqxbJuJKEF5I4TKVGPndr5So1dDq+1qpYUswQwxWWnISqz/72JQmpgFp4k05F8mDlXM5C/QC/JQaxt66jpOLGyWrv4JOp60G9/IPIDbqttpcMZpTsUlbBn22RGoJCoJCPLx8qNK4NXHRt4m6Zp1VXso3ak2LN97FwUHbR51Br2fX9ws48NMitU3cAd4AMsWTRGAJtkcmcB/orMb46vGD5A0pTXCJspp2SqdzIKhgUQ6s+Q7jAZrso17X/vT+5EspeSMIKnFxc6dCvWakpqZy88yfVte//3y5HL882ga463Q6TuzezA8ThpjSzAfACfEgEViC7XIBaIExiZ1iTu7aSKmaDQgoUEjTTnnnDsIrIA/nDmzPpmHR0XzAcLoMn4CHl494iSCYgJOzC6Wq18XF04vLR/dZTb+6jZ5BtabtNN/2Dzt1jHnvdsOgV734dAF4B8l9JQJLsGkMwClgECqz9p/ct53StRpo/hZYsGRZHj96RPg5y7/EtX57NB3eHYOrm5wUFARNHiROzhSrVAMXj1xcOro32/tTp1MfOgz+CEeNi9hHXjnPgmF9SDYtaXJ34IZ4jQgswfaJBoIAVXVwMlKTOb77V81FloOjEyWq1CY+Lsai8VjdRs+gZf+hOLu4imcIgoY4ODhQvHJN/PMX4szerdnWjyotOvH62M9xz+Wtabu3r55nzuDXSIyOMKWZZcBX4i0isIScw0GMAe++akXWn7s2Ubp6PfzzFtCsU86urpSp2YCEuHsWEVk9xn5Bs95vS9kbQTATOp2OQqUrZJvIqtKiE29M+Ipcvv6atnvr4mnmDH6Nh3cjTdJoQHsgVTxFBJaQc0jDuFXYF5VbhZmpKRxav4LC5auRp3CIZrminF1dKVOrAXoDXD951KziqmmvQegcJDOJIOREkdX49XfoMWqatuLKYOD8kb3M7NOc1McPTWlJn/WSe148RASWkPO4BbgADUxp5M+ta/HKHURwyfI4OjlpI7JcXClVvS4BhUI4/dsWEVeCICJLEb0nzqP1wGG4eeTSrM2M9DQObfyRRcP7aNHcbGCBeIYILCHnciBLYBUxpZFzv+8k8UEcRcpXwc1Tmy80B0dHCpWuSKXGrbkddpn46EhN2hVxJQjZKLJKmVdkBZetypD5P1GlSWscHJ00azcx7h4b509l45yJWjR3FOiNnBoUgSXkaAzAdqArKhKQ/p2Ii6c4uX8H+UNKElCgsGZbhr6BeSlftylHtqwlPfmJSW21fns0Lfq9p9lKmyAI6kRWLv8Azv++S9O2u4yYSq+PppOnUDFURj78+wvSYOBa6BGWfDSIM79pUpf1DtAMSBRvEIEl5HyeAHuBPhi3DFWTlHCfo5t/IjUlhfzFS2tyakefmcn2b+dw8ZBpX8Zt3vmIdm+PktOCgmAFIqtw2co4u3lw+Q/T82TV6dSHt2Z+S9UmbXDRMNVKQuxdtn87h+Ufv83D2LtaNJkKvIrKurCCCCzBNrkHHMcYdGny3tn1U39w8JdVePnlJk+hEJzUihqdjmPb1rF2xiiT+lOvW386vzcOFzd3mWlBsAKMKRxqkJqayvVTf5jUVqPuA6lYv5lmCURTkh7z5/b1zBv6OhcParbKZsB4YvCgzL4ILMH+uAFcBjppIbIyUpM5s3crpw7sxCcgD35B+RWvHt08f5KvBnU0qR8VGreh38SvNIsNEwRBG3QODpSoWocH9+6alJbl7IHtlKrdiID8plWYSEl6zNnfdzHvvZ4c2fC9ySEJf0MPvAX8LLNu5z4vQ2D3dANWAZoGKrn7BtBrzGeUqdUA36B8L/z7h/dj+XJQJ+5cOq36mgXKVObDxRtyXG1Bg+H/azbqdPKRFazDF9X6Y9KjRL75sB+XDu1W3Q83b38m/XKE3PmUVwF7eP8eF47sZcPcqcTfuan1EOkxVs74VrxFkG9rwWwi6y+a9X+fqq+2o1DpCri6e/7r9xlpqfw4bRQH16r/TvLNX5iR324iT+HiNvGx02dmkJ6WyqMHsSQ/fsTD+/fISE/jXsRN0tNSSU0yvk0nP35IWFZ+ML1eT/l6r/43Uap7Li9cPXLhlyc/zq6u+AXlw9XdA5+AvDg6OaFzcCS7C2oLtkFmRgbJjxJJevyQR/djSXqUSErSE+5HRZCelkpGWhoAd8OvERthrPLiE5SPQqUrAuDo5ISLmzu+Qfnw8PLBzdML38A8uHnmwtPHH0dHx//Z0ku4F82MN1oTd+ua6j5Xad6Jtz5bgour2wv/Ni0licjL5zm1bxs7lnxhrmEUcSWIwBKeSgdgJWC2vTU3bz+a9RlMyep1KVC8DF5+udE5OHDwl5Ws+Pgd1WLA0dmFUSt2UKxyTSv8hOnITE/nSeIDYm+Hcz/6DpGXz3LlxGFunDxitsuWq9+CwuUqU7R8VfyC8hMQXBgPLx8cHCUqwN7JSEvlfvRtYm+HExcVQeTlcxz6+TsyMzLMcj1XTy+qtexM4dIVCSxYlMCCRcidvxBxt8OZ3rcVyfGx6t8MR02nxRtD/hWPZdDreZwYT1TYJa6dOsbenxbzMOaOOYc1FXgT+FE8TBCBJTyNV4BfMNYuNDuVm3WkcJmKbM9OJ54AACAASURBVJo72aR23p7zIzVadPzX9kV2oddnknDvLnfDrxF+/hSn9283q5h6adHVoCUV6r1KoTIVyVukOF7+gbLlmNO/4HU60lKSib0dTtT1K1wNPczeH762ir7Vf+1N4qIiTNoqBPjguy0Uq1STxNi7xN+LJur6ZS4c2cvp3ZssdSsJGGNZ94vHCSKwhOdRENgKVLCFznYdOY0WbwzJ9kSimRnp3Iu4wY1zJ/lz+3ou/L7D6seuWssu1GjZicJlK5M7f0EcHGR1K6eIqqSHidy+doGLR/dzbPt67t24nGPv18nVnYzU5Oy6/CWMq//XxPMEEVjCy+AGLATesOZOvtLlDfp88iXOLxGDYQ4MBgOxkTe59OdBjmxaxfXQwzY74eUbtaZO29coXqUWufMVlE+ADZKWkkzEpbOcO7SH/Wu/48n9GBkU87IKY8zVExkKQQSWoJQ+wNeYMS5LLUWr1OG9eavw9g+0+LWTHz/k2qk/OLj+B07t+iXHTXq9bgOo3aYbxSrVyDbxKrw89yJucOHoPnb/8E2OXqmyIp4A7wPfIadIBBFYggmEAIuBptbUqYkbjxFcspxFr3k/+jZnf9/FxvlT7WJ1ICikNB0Gf0TZ2o3w8g+QT4IVkZmRQcSlMxzZvJp9P34jA2I5jmAMZhclK4jAEjTzk4HA54BPdnfmna9WUa1Ze4tdL+7OLY78uobNJgbj2+zk6xzo+cmXVG/eIcflGLNFYXX9zHF2rZjP6T2bZEAsRyLwMcbQiUwZDkEElqA1gcB0jLFZ2VJBueVbI+jy/niLBLXH3bnF0S1r2fTVJJn5LHqNmy1CKxvQZ2YQdvo4O5fP06oIsfCSQw/8AIwGJKhNEIElmJ1yGFezWlrSh0rWasR7c3/E3cu8i2iPHsRxdMsa1s4YLTP9DPpNXUi1Zh1wz+Ulg2FGDAYDkZfPsXXpbEK3S+UVSw49sA/4ADgjwyGIwBIsTU1gAtDaEhebtPk4BYqXMVv76WmpnPptCyunjiTpwT2Z3RdQoExlun0wibJ1GkmKB82/mXXE373DvtXfsm3RZzIelhVWe4FJSKFmQQSWYAWUB4YBvQB3c1xg4OfLqN2mm9luIOLyWTZ/M5PTuzfKbCqkdofXaf/OaIIKFwODHKrSQuiH7trET5+NkVQLliMZWAN8BZyW4RBEYAnWRu4skfUGUE2zB3jH3vSfNA9HZ2fNO5zy5DGHflnJ6mkjZPZMwNnDiz4TZlOjRSecXVxlQFR9G+u4e+MqG+Z9yskd62U8LMM5jLUDVwGxMhyCCCzBFvyqXJbYap/1/6pw8fRm2taT+Abl1byTkVfO8dOMMVw9tj9bB6to0aJ07dqVwMBAihQpgre3N87Oznh7e+Pt7f2vv3/w4AFJSUmkpqYSHx9PZGQkd+7cYe3atcTEZO+KR/XW3ejy/ngCCxaVT4ECMtJSOb5zI9+NGYRBn72H1Fq0aEHdunXx8fGhWLFiuLq6otPpyJ8/v7Fo8z8/R5GRxpeVlBQiIiK4f/8+Z86cYd26ddY63JcwVqv4IUtgybKrIAJLsElaAtvVGr+/eCMV6r2qaYcyMzM4unk1308cij49zaKD0bx5c9q1a0eZMmUoVKgQAQEB+Pj44KDBqUi9Xk9cXBxxcXFERkZy8eJFli1bxrlz5yx6jw5OTgyZv5aKDZqL978E8fei+HXh5/y+eolFr+vi4sKgQYOoXbs2RYsWJTg4+L8iytQalQaDgYyMDO7evcvdu3e5ceMGJ0+eZNmyZcTGZstC0WVgEfArcENElSACS7B1nICLQAk1xk36vEuPUdNwcNQugPpR/H02zJ3CwTVLLTIAlStXpn///tSuXZuQkBACAiyfsDM6OpqwsDAOHTrE0qVLuXHjhkWu227IJ7Ts9x6uHp7ySXgGN86eYOnH73Dv+iWLCKquXbvSsWNHypcvT5EiRXB3d7fo/aalpXHr1i0uXLjA9u3bWb16NQ8fPrTEpTOBscAXGFMvCIIILMGmeR+Yo8bQ1duPqb8exzdQu63BO2GXWT7hPW6eOmrWm65WrRrvv/8+NWrUoESJEk/dVskuUlNTuXr1Kvv372fJkiVmX92q3Kwjr4+diV+e/PJp+Bv6zAwOb1zFinGDzX6tt99+m3bt2lG1alXy5s1rVeMQHx9PaGgoO3bsYO7cuaSnp5v7kuuAAcAj8UJBBJZgq/hjXIpXlbTq/UW/UKF+M006YjAYuHh0HwtHDCA5Ic4sN+vu7s6YMWP+u/3n6mr9gd4pKSmcOnWKDRs28MUXX5jtOnmLl2PA1K8JqVBNPhVAStJjti2dw7aFM8x2jVdeeYXBgwfToEEDCha0jeLd0dHR/PHHH8yfP5+9e/ea81JngLbAbfFGQQSWYIssBP6jxrBOxz70mzRXk1OD+sxMDm9axYpP3jHLTVasWJHRo0fTtGlT8uTJY7OTdevWLXbs2MG4cePMFiMzZMHPVG7cyq4/FA8fxLLm8084tulHs7Tfr18/BgwYQI0aNXBzs81C3RkZGZw8eZI1a9Ywa9Ysc13mXpbIOi5f1YIILMGWKAFcAFQppOk7z2lyCi09NYXfflrCupljzLJCMHbsWBo0aICXV87JZv7gwQN27NjBhAkTCAsL07z9N2d+S61WXTWNq7MVYm+H8/3k4Vw6tFt78TpkCIMGDaJs2bJWtSVtCgaDgStXrrBq1SqmTJlijks8AToDu+QrWxCBJdgKG4EOagx7T5xHo9f6ayKuNi6Yxs6l2r4BV6xYkfHjx9OqVSs8PDxy7AQmJCSwadMmBg8eTFJSkqZt9/j4S5r0GGhXIutexA0WDO/DnUvaVl3p06cPI0aMoHz58pqcRLVmobV48WJmz56tdfMZwOvAWvnaFkRgCdZOHeAQoPjbPn/pioz5fgfuubytUlzNnz+f7t27Z8tJwOzi9u3b/PDDD4wdO1ZjkfUFTXq8ZRciK/rGVb4Z0Z+oy9qJq4YNGzJhwgQaNmyYY4XVP9Hr9Rw7doypU6eydetWEVmCCCzB7tgHNFJjOGL5dkrXrG914qpfv36MHTuWEiVK2OWEGgwGzp49y5gxY9i+fbtm7dqDyLoXeZN5Q3sRfUW705qLFy+me/fuT01Caw8kJyfzyy+/0K9fPy1PHWZgTIwsFbUFzZAKrYKWNAImqjGs27WfcdvIhKLBWourgIAAVq5cyYgRIwgMDLTftzCdjrx589KpUyeKFCnCjh070OtNTyV0/uAuPP0DKFKuCrocuApzL/Im84e+rpm46tChA7/88gstWrSwiVOq5sLZ2ZkKFSrQt29fEhMTOX1ak9KBDkAnjAlJL8pXuaDJd6cMgaChL+1F5erV5F9PkL9YadUX12dmsunr6Wz9Rpuj73379mXy5MkULlxYZvafwuj8eUaMGMHOnTu1GespC2jQ5Y0cNUYJ96KZ9Z8uRF05q0l7CxcupG/fvhZPDGrtpKWlsXHjRrp3765Vk5nAq8B+GV3BVGQFS9CKhqhcveowdDzVmrVXXZ7DYDCwb/VSNswap8mNzJ07l/Hjx9tVrJUSgoKCaNeuHZ6enuzbt8/k9s7s20Zw6YrkCymZI8bnSWI8iz96S5OEtuXLl2fLli20a9cOZzMUO7f5B5ijI+XKlaNLly6cPXv2v3URTcAB6AZsQoo/CxqsOgiCFn6kavXKyc2DGTvO4BuUT/XFT/62ha/f62HyTfj4+LB582YaNGggM/oyr/qZmWzatIkuXbpo0t6Yn/ZRrFINmx6T9LRUVk75kMPrl5vcVv/+/fn000/Jn1+y4L8M8fHxfPrpp1rlzooGqgNRMrKCKWpdEEylASq3Bnt8NMMkcXXjXKgm4qply5aEhoaKuFK4etC5c2dOnjxJqVKlTG5v7pAexN4Ot9nxMOj17Fw2TxNxNW3aNBYsWCDiSgF+fn5Mnz6defPmadFcPozpZmRPVhCBJWQrqs7wu3h6U7NlZ9UXfXD3NotHDdRkpeCHH36gWLFiMpMqqFKlCjt37uTVV181qZ0n92NYOeVDkh4l2uQ4hO7ZzMavJprczrJlyxg1apTEW6n5TnFxYciQIWzYsEGL5moAS2RUBdUvoTIEgolUBj5XY/jGlAWEVKyu6qJpKUn8MOVDrp84ZFLnR48ezfTp0/H19ZWZNAFfX19atWrFnTt3TCogHRtxHRydKFWjrk3ld4q8fI4v+7cxuZ1t27bRpUuXHJONPbsoU6YMTZs2ZdmyZaY2VRGIQ0rqCCqQFSzBVEaqMQosUlJ1XTqDQc/+tcsI3b7OZHE1ceJEcuXKJbOoAYGBgSxYsIBevXqZ1M72RTM59dtWm7nvJ4nxfD/lA5Pb2bFjB61atbKbxKHmpn79+pw4cUKLpr7IepEUBBFYgsXIB6g6H91xyFg8vHxUXTTs1J+snTFaE3FlqwVxrRVfX19NRNbCYa9zNzzM6u/XYDCw7ds5Jp8Y3LFjBy1atBAH0phq1apx4sQJU0WrG7AKiccSRGAJFmQYKraZPfwCqVBPXbzO44T7fPvxOyKu7EBkrf1iHClJj636Xs/+voudS780qY3t27eLuDKzyDp27Jipn/cywCwZTUEElmAJ3IE31Rj2GD0dD2/lMU8Gg4E9KxcRd+ua6k7369ePCRMmiLiygMiaO3cuTZs2VS9e9v7KwfU/WO09Prh7m0UjTCtMvnHjRlq2bCkOY2aqV6+uRZmnQUBjGU1BBJZgbnoBuZUauXh4Uamhurf1q6FH2PL1NNUdbt26NbNnz5bTWRYid+7cLFu2jJIl1ScQXTN9JFHXL1vdvRkMenYun0/ak4eq2/j6669p3769OIqFaNSoET//bFKpQQdgGeAhoym8DHJURVDLUowxWIroNnKaqoLOSY8SWfB+bx4/UJdcuXTp0qxZs4Y8efLIzFkQHx8fGjZsyPr160lKSlLVRnxcDFWatsXR0clq7uvSsQOsmjxMtf2YMWMYOXKkBLRbmLJly+Lj42NKmSdfwAXYLaMpvIwiFwSlvAJUVWNYtWlbVRc8sukn7oZdUGXr5OTE8uXLKViwoMxcNlCxYkVWrFih2v707k2cPbDTau4n+fEjfpoxRrX9a6+9xpgxYyQVQzYxePBg3nrrLVOaGA6UlZEURGAJ5kDVt1Prt0fjn1+5yIm5dZ3V00ao7uyKFSuoVauWzFo20qJFC2bMUF+I+4cpH/DwfvaXhtPpdBzZ/BPRV9Xl+sqTJw8zZszAy8tLnCKbcHV1Zdq0aVSrVk1tE07AfKTUnCACS9AYL0BV+vWaLTuDwaDMyGBg9w9fq+7shx9+SLdu3WTWsvuLxsGB9957j44dO6qyfxx3l6O/rgZd9j7T7kdHsnrqh6rtV61aRdGiRcUhspmAgAAWL15sShONgXYykoIILEFLegLeSo2qNO9E/mLK69XdOB/K/lWLVHW0WLFijBo1CmdnZ5k1K8DDw4MZM2YQFBSkyv7nmWOIyc7cWAYDe1ctwaD0JSGLKVOm0KhRI3EEK6Fq1ap8/fXXpjQxA5AvF0EElqAZqs6lN+zWDweFQcqZGRlsXTJbdUe//fZb1Q9zwTyUKlXKpGK8hzetUr4KqhF3w8PYoTLnVZ06dRg6dKgEtVsZb7zxBh06dFBrXgboK6MoiMAStKA4oDiYyT84hGKVaiq+2PUzxzmzZ5Oqjo4ePZqGDRvKjFkhnTp1on9/dfmjti38jJiIGxbvs8Fg4NDGlart586di7e3t0y+leHh4cGUKVNMaWIssooliMASNKAPKgI7m/V5B/dcyoJ6MzMy2LVivqpOFi5cmOHDh8tsWSnOzs6MGjUKncp4qsObVgGWXcWKCQ9jxxJ1q1fjxo0zJaBaMDMVKlTgm2++UWsegqxiCSKwBBNxBF5T9QVWX3lZnIhLZzitYvVKp9Mxa9YsyXdl5ZQuXZrZs9Vt/25b+BlxdyIs2t8/tqkrLJ4nTx4GDx6sWkwKlqFnz55UqVJFrflw5EShIAJLMIFKQGmlRtVadiFvkRKKL/b7BnUlUjp06EDbtm1ltmyAvn37qs7yfnrfdov188HdO2xZMFWV7dy5c8mbN69MtpXj4+PDzJkz1ZqXA9rIKAoisATVL3lqjGq3Vb7oFXPrOgfXLFXVyVGjRuHi4iKzZQP4+fkxbZq60kdrP/uIJw8TLNLPcwfVJe2uUKECrVu3lom2ERo2bEiXLl3Umg+VERREYAlq/aSTGsPiVWorM9DpOLV3q6pODhw4kBo1ashs2RCtW7dWVRBan5nB5WMHzN6/lKTHrJs9UZXt7NmzyZUrl0yyjeDs7MywYarLHzUFSskoCiKwBKVUBoopNWr+5nC8/JTVg05+lMhvq5aoe4UcOhQnJyeZLRvC3d2dUaNGqbL9ff336DMzzNq/8POnSE6IU2zXokUL6tWrJxNsY9SqVUvtKpYDMEhGUBCBJShF1epV5cbKt0dungsl/s5NxXY9e/akbFkpD2aLNGjQgMqVKyu2u/D7Tu6EXTZr3478ulqV3ciRI3F1dZXJtTFMXMXqibEQtCCIwBJeCh2gKhNfoVIVFP29wWAgdM+vqjo5ePBgKZ5ro7i5ufHxxx+rsj1/+Dez9et+VCRH1isvUl25cmWpfWnD1K5dm5YtW6oxzQc0kxEURGAJL62TgApKjdq/Nx43T2XxJ4lxMRz4SXl9sMaNG8sDzcZp0qSJqkSce1ctIS0l2Sx9Cr9wSpXdqFGjJPbKhnFycjJlFUtyYgkisISXRlVB07J1Gil/oJ1X90AbPHiw1Bu0cfz9/Zk0aZJiu/iocKKum2eb8I+tP6sWi4JtU6dOHQoXLqzGtDUg6loQgSW8FK3UGOUPUZ7f6OzvOxXbuLm5STBxDqFNG3WphC4d+13zvtyPiuT0buWJbidMmCBJbnMA3t7efPDBB2pMcwGisAUA5MiV8DxcgEZKjZq+8R4e3r6KbB4nPOB3Fbmvhg0bZvFEjgaDgejoaCIiIoiKiuLBgwekp6f/9/eurq7kzZuXAgUKEBwcTO7cucWTXoKQkBDatWvHr78qi8M7tPFHmvV+BycN859FXj2PwaBXbNe8efNsGbvY2FgiIyOJiYkhKiqKtLS0//+Sd3Iid+7cBAcHU7BgQfLlyyfO9hI0a6Y6nKo9sFlGUBCBJTyPhoCHUqOK9ZU/ZO6EXVLVwU6dOllkIAwGA2FhYRw/fpwlS5Zw4MABDIYX18Nzd3enW7dudO7cmVq1aklW7+fg6OjIm2++qVhgxYRdJO7OLfIWLaFJP3Q6HReP7FNsV6ZMGapWrWqx8YqJieHgwYOsX7+e9evX/4/Ifx5NmjShX79+1K9fnyJFiojjPYMSJUrQpk0btm5VnJevBcbSYpkyivaNbBEKz6ORGqMCxRVX1OHmuVDFNu7u7mZPzWAwGDh58iRvvfUWJUuW5PXXX2f//v0vJa4AkpOT+f777+nYsSP58uVj+vTp3Lp1SzzrGaitB3c77KJmfUh+/IjjOzcqthswYABubm5mH6Pr168zceJE8ubNS7du3Vi9evVLiyuAvXv30rdvX4oWLcrQoUO5cOGCON7TVh+cnOjdu7ca02CgpIygIAJLeB6KzypXbNIW7wBlMSj6zExCdytfUf/oo4/MelorMjKSsWPHUq1aNb799ltN2hw7dixFihRh0aJFPHnyRDzsHxQsWJCuXbsqtrvy5yHNCirHRFznUWyU8reRRo3MOjaJiYksWLCA4sWLqzoQ8DTmzZtH+fLlGT16NHfv3hUH/Adq8rNl0VxGTxCBJTwLH4wZ3JV9ITVujYODMrdKjIvh5uk/FHfQnMHte/bsoUqVKsyYMcMs7b/99tt07tyZixcviqf9DZ1Ox2uvKa9fGbrnV1KStBGs927dUGxToEABypQpY7ZxOXPmDG3btmXIkCFmaX/mzJnUrFlT0eqsPVC8eHEqVaqkxlRO3ggisIRn0kCNfxQpp/yN717kTVUdLFeunOY3nZGRwbx582jWrBn379836wDv2rWLcuXKsWfPHvG2v1GxYkXFNg9jbnM/KlIDgefAJRU1Dnv37o2np6fmY2EwGNi6dSuVK1fm0KFDZh33yMhIGjduzNKlS8nIyBBHxLhN+Oabb6oxfUWer4I4gPAs6qgxCgwuqtjm7s1rim26du1KUFCQpjecmprKxIkTGTp0qEUHulmzZooDu3MyhQoVonjx4sqFesQN030g+QkXVAS4169f3yzi6scff6Rt27YWHf9Bgwbx5ZdfisjKQuU2YX6Mmd0FEViC8C8UL3HX7tgbdy+l2bgNqjJmN27cWLOYGzCuXM2fP5+pU6dmy2C3b9+ebdu2iddhPLzQuXNnxXZ3rl8CE33i0YNY7kdeV2xXqlQpzcdh8+bN9OnTJ1vm4KOPPmL+/Pno9Xq790c1Yj+LmvJpFoElCP/EFaim1KjcK01AYfxGZkYGB9cqDyAvX768pje8fv16RowYka2D3qlTJ06fPi3eB1SvXl2xTfj5U2AwTRDE31Me6B0SEkL+/Pk1vf/jx4/TsWPHbJ2D4cOHs3HjRrv3xaCgILUrlJXlkywCSxD+SUVU5L8qUFx5kG9ibIyqDhYtWlSzm71y5Qo9evTI9kFPS0vjvffeIyEhwe4dMCQkRLHNqV2/kJpsWl3C+1ERim1q166Nh4eHZvf+4MED+vXrZxXz0KdPHy5fvmzXvujo6Kg26Wh5BBFYgvDPBQQ1RoHBymt3PXwQq9jG09NTs2zUKSkpjBw50moG/tChQyxcuNDuT3IVLFgQR0dHxXaPHsSpvqZOpyPq+hXFdlrWHjQYDMyfP99qTpcmJSXx6aefkpqaatf+qPIkYWkEEViCYKrAqtS0Pe65vBVf6ElivGKbfv364eSkTRGCLVu2WF2A+ZgxY7h27ZpdO2BgYCAlSijPzJ70KNGk68aoCJQ3IUbnX5w9e5YJEyZY1Vz8+OOP7Nu3z679UWXh5+IIIrAE4R/UUmpQvl5TdQ+0W8oDirXKN/To0SPGjx9vlRMwd+5cu3ZAnU6nKnGnmi2+v0hNTuLiYeUpMwIDAzW5Z71ez4IFC6xyPsaPH0+yiduvtoy/v78aMxfkJKEILEH4G7kAxQFO+YqqqwyR/PiRYptChQppcqMHDx7k0qVLVjkJCxYs4MaNG3btiGoOMqSbsJWVmZFBUoKy3Gc6nU6zYt7Xrl1jyZIlVjkXx48f58iRI3briyakhCkijxQRWILwFyVQEeCeO19BVRdTk6JB5dvk/2AwGFi+fPkL/87JyYmpU6eyadMmTp06xYEDB/jxxx8tUmT64MGDdu2IauLsom5cVp2+42Gc8gMXBQoUwM/PT5P73blz50v93eDBg1m/fj3Hjh3j2LFjrF+/nsGDB5t9PtatW2e3vujk5ETLli3VmBZEEIElCFkojub0zVcI7wB12yQx4cpjjbRYMYiIiGD9+vXP/ZtJkyYRFRXF2LFjad++PZUrV6ZBgwb06tWLdevWcejQIerUqWO2iZg3b55dJ3tUs/X2JFH9CcyM9DTFNoULF8bFxcXke01PT2fhwoXP/Zv+/ftz+fJl5s+fT+fOnalZsyY1a9akc+fOzJ8/n8uXLzNgwACzzcfChQuJiYmxS190dHRUFRMIBMgjRQSWIPxFBaUGhUpXxM3DS9XFoq6eV2yjxQPtwoULz02iuGrVKsaNG/fMh7yDgwN169Zl8+bNqmrnvQyhoaFERkbarSO6uroqtslMT1d9PTVJNbUKcA8LC3vudvXkyZNZuHAhpUqVeuoKnU6no1SpUsyfP5/JkyebbU7suXaml5eq7zh/BBFYgpCF4gjyCg2aYVCR4DHpoboTX1qkaHjeg+LTTz+lR48eL7XVFBAQwKxZs1SlFHgZIiIi7NYR8+bNq3xej+4lPU1dHJaaWoYqy6j8i+vXn33Yo2fPnowcOfKlXizc3d354IMP6NatmwgsjSldWlXWhdwIIrAEIQvFkcW586sLOs9IV/cg1KJEzv79+5/6705OTgwaNEjRNQoUKMD3339vlsmw1iB8i3w5OSj/etJnZppwReW5x7QS1mFhYc/83ciRI3Fzc3vptjw9Pfnwww/NMicXLlywW39UuXKeSx4pIrAEAcAXUHxcxicgyGIdLFasmKoH799JSkp6ZnbqSZMmqYr9ady4sVnu9+7du3brjM7OzoptUpMeq9FJRnGmYotQifB5HlFRUU/995o1a1KxYkXF7VWpUkWV3YvYsWMHaWlpdumPWs21IAJLsE/yY6xDqAi/IHVbdpkqVhu0yHCelpZGbOzTM8irrXEYGBhoFpEVGhoqXqmAJ/FxqrarAdVbi6ai1+s5f/7psYg9evRQtUrm4uJCz549Ne/rzZs37bYAtMoXO3nGisASBAAUJ7PyCiqAp4+6OE7TtnPUk56ezsOHD5/6O7U5tpycnNTGaAh2jl6vf2asXa5c6neYAgLkAJsVIGkaRGAJAqCitEORspVwUrGVY61voklJSarbteeUCoJpPGtl1pQV23QTTlQKmvFIhkAEliCAiqzDpWs1UP0QcNYg3YIaHB0d8fHxeervwsPDVbWZnJz8wrxaavD19RWvtBA6XfZ8HTo5OdGwYcOn/u55pwtfxKlTpzTvq4+PjyaHTOyIBzIEIrAEAVSUyPHys+w2RHh4uMlxWD4+Ps9MGrh+/XpVMSaXLl3iwQPtv0urVatmt86oZp79g4ugU3kIwkVF3i0tYgLh2clzly5dqsqvHjx4wM8//6z5nNSvX1+zQuu2hr0G9wsisARtUBwv4J8v2KId1Ov1Jj/UdDrdM+OlNmzYwPHjxxU/ZJctW2aW+1WTCyqnoGqLy2DZPpqypfx3QkJCnimUtmzZori9LVu2kJCQoPn9lipVymw536wdCQEQRGAJanFCRYoG91xeqi/onstbld2jR6aHNTRq1OiZvxs9ejT377980d+NGzcyf/58s0xK0aJF7dYh4WLzdwAAIABJREFUU1UUbg4uVR5HR3UrLK4eygPKn3VYQinPK8MyZMgQRfmnLly4YLbahOYsDWXtPOvk8Quw3zwrgggs4b+4YcyDpQgvX/WJip1d1eWV0UJgPS8D94EDBxg8eDB37tx5bhsGg4FffvmFzp07m21SVNY/s9sHmk9gXhxUrrDk8lV+GvbPP//U5F6fV3Ln0aNHtG7dmrNnz76wnZMnT9K6dWuePHki/qgxKstWJcujRQSWILijIgeWk4mB6iGVayv/xko2/TurRIkS+Pn5PfP3a9eupX79+qxatYro6Oj/ydmVmprK6dOnGTp0qFnF1cCBA/H3t99SZmpWsDxUrooCODkr9+WrV69qcq9BQUHPrWkZERFBpUqVmD17NuHh4f+zfZqens7169eZPXs21apVM1t5pWLFilGsWDG79UeVW672W0xUwEmGQMiisKq3fj/TSm0VrVidG6f/UGRz+/ZtypUrZ9J1vb29+fDDD/nkk0+e+Tc3b97k9ddfB6BNmzYUKlSIjIwMVq9erckq2ovo0qWLXTvkrVu3FNv45smnOkZPzXb3vXv3SEhIMPm0p4ODA6+//jpr16597t998MEHfPDBB1SvXp0aNWoAcPz4cU6cOGH2+Rg2bBienp52K/bVxMIBMfJoEYElCIrrwxQoXQkHB9MCXv3yFFBsk5iYqMkNt2vX7rkC6+9s3brVopORL18+XnnlFbt2yLi4OOX+FJRf9fXcvbxV+eKTJ080SadRt25dChYs+FJbUSdOnLCIqPo7LVu2tFtfTE9Pf2Y5oxcgMVh2jGwRCn+h+OkSGFzY5Iv65VX+QHxWWRGlVKhQgf/85z9WORkzZ87E29vbrh1y+/btim1MWVF1cnalePX6iu1eFKv3suTOnZvJkydb5Vx8/PHHz40Ty+moFFcA4fJoEYElCIrzLRSpYHqOJm8VebROnjypST00nU7HkCFDrG4iateuTdu2be3aGZ88eaJKSHubkJfNydmZvEWVB3Gb8PD9Fx06dLC6kkvu7u7079/frv1RZdH1WOAhgggswe5RXO9GTVDwP/HLq3yLcOvWrTx+/FiTmy5XrhxffvmlVU3E559/bvcZ3OPi4oiJUR6+4h0QpPqaBoOBQmUqKrYLCwvT7L79/Pyszh/nzp1r18HtYIzHVMFleayIwBIEAMVKx1kDgaXmaLyWqwY6nY633nqLdu3aWcUkTJ48mbp169q9M6opWVSofDXcPHOZdN2A/MqLfW/btk2zjO4ALVq0YOTIkVYxD127dqV3795274+nT59WY3YeQQSWIKjBw9v0VRZPH18CCil/O75x44Zm9+Hl5cWcOXMoVapUto5nt27dGD58uNR6A65cuaLYpnDZyji7uJp0Xb88ymMC9+3bpygx7YtwdHTk448/pnnz5tk6BwULFmTWrFm4ubnZtS8mJyczZ84cNaaX5CkhAksQABQ/Wbz8Ta9DqNM5UKtNN8V2SsvZvIiQkBBWrlyZbcfQX3nlFebOnUuuXLnEE4F169YptilepbbJK0n+KrastRb8YKyXuWzZMpo2bZot41+oUCF27dpFwYIF7d4XTTjE8Kd8kkVgCQKoiMHSisJlqyi2+eqrr0hJSdG0H9WrV2f//v0EBFi2gHWXLl1Ys2aNXdcd/Dv37t1j9+7diu2CCpleVsjDy4dStZsotnuZLOuK33jy5+f777/n1VdfteznsXBhdu7caXXB9tnFuXPn1JhlAmdk9ERgCYIqHJ200WRq0j3Ex8eritN5GZF15MgRiz3Uhg0bxqJFiwgODhaHyuLSpUsq/aiIydfWOThSvp7yVaONGzdqcrL1aSJr1apVDBw40CJbx61bt2bfvn0irv7G3r171ZidAlJk9ERgCYI6geXoqEk7ah+MoaGhZrmvEiVKsG7dOqZNm2bW8Vu9ejWfffYZuXPnFmf6G0ePHlVsU6Rybbz8tBhHAwVLlldstXXrVk3TNfzP5yMwkK+//pqlS5eaddynT5/O6tWr7brA+D9JSEhQW8j9sIyeIAJL+IvC2XVhNw9PGnQfqGrVwFz4+Pjw0UcfERoaSqtWrTRte9y4cdy4cYPu3bvj4uIinvc3kpOTWb58uWK7yo1a4eiszVjmLaouoeaZM+bbEXJ2dmbAgAHcvHmT999/X9O2u3fvTmhoKKNHj8bLy0uc8G+oOWyRxT4ZPUEElvAX2Xd0TaejZHXlqQnWrVunNj/NS3ZLR9WqVdm4cSOHDx9m8ODBqttydXVlypQpXLt2jcmTJ8sqwTM4d+6cqodaiaq1QaNUCf75gilapY5iu19//VXTdA1Po0iRIsyZM4fz588zdepUk9oaNmwYf/75JytXrqRq1apyevUp7NixQ41ZOnBQRk+QT5TwF2eBCkoMRn2/U5Uwehp3wi4xoX0NxXY///wzXbt2tdgg3blzh7Nnz3L06FG2bt3K+fPnSUtL+9ff+fn5UbZsWXr06EHlypWpUKECPj4+4mUvYObMmYwePVqx3RcHwvAN1O6QwM4V8/n5s49U+Uf+/PktNl7x8fFcuHCBEydOsHr1aq5evUp8fPy//s7Dw4Py5cvTvn17qlevTpUqVQgKChKHew6PHj0iICDgqZ/vF3AMqC0jKIjAEqxCYGWkp/NJ+5rE3bqmyK5Jkybs2rVLs3gwpcTFxZGens6jR494+PAhAQEBuLm54e7uLoJKIQ8fPqRGjRpcvXpVkV31Nq/xzhfLMRi0CzK/fvY403s0Vmy3fv16OnfunG1jmJiYSFJSEmlpacTGxuLn54eHhweurq74+/uLkylg9+7danORjQWmywgKTjIEglU4oosLTXoMZO1nylYv9u7dy6VLlyhfvny29PuvlA758uWTSTSR48ePKxZXADVbdtZUXAEUKFYGN5/cpCQqSyC6aNEi2rVrh7Nz9mQ98fHx+a+wL1y4sDiVCWzYsEGt6SYZPQEkBkuwFgwG1athapJSCtY2/Qa+//57VbbBJcpq3h83z1w0ek15geNdu3apKlItWBdhYWEsXrxYjel5JIO7IAJLsDbyFytFUEgZxXaff/450dHRMoA2zIULF1QJrGqtuhJY0DwHBio3Vnd6dOXKlWYPdhfMy5YtW9TmNdsAyOQLIrAE68LF3YOG3d5QbJeUlMSvv/4qA2jDrF+/XpVdzVZdzHb6rWCpCrh4eiu2mzVrllmS4AqW4e7du3z66adqTA3ADzKCgggswfowGKjYoIUq06+++orExEQZQxskIiKCiRMnqrItVf0Vs/XL1d2DLsPV9cuE+B0hm9m7d6/a4t2HgTAZQUEElmCV5C1cjCrNOym2u3jxotqcNUI2s3r1alV2zfq/Ty5f82bBL1Ozviq7ESNGcPv2bZlcGyMhIYFJkyapNV8iIyj8HTlFKFgVOgcHGnTpy6ldvyi2nTp1Kk2bNrV4sWZBPeHh4aryXgHUadfjX/9mMBj+m3A0+fFD0lKSTeqfu5cPZes35+LBXYpt16xZw4cffiiTbEOsW7dO1UlWIA5YLyMoiMASrJrilWvhk+//2Dvv8KiqrQ+/U5IpmfTeewKEGiD0XqQoIBYsWFERK9ix6xXrd7niVUBFUEAUuVJEUKQX6R0CSSC9914mmfL9EUWRBJjJTDKB/T6PzyOT2eWss/eZ31l77bWDKM/NMKncqVOn+PHHH5k+fbowYjvBzHPeiBk8Bv+IjtRWVlCQmUJeWjIFGSkknzjA6Z224cl87rnnuPHGG4mOjhY3uh2Qm5vL888/b27xJUC1sKLgIoeBMIHgD9o00eg/+X3ddyyZ/bBZZdPS0kQOoHbAkSNH6NWrl1llR9z7BEajgW3L5tv0NT799NP85z//EcfQ2DhGo5E5c+bw2muvmVO8AQgDxJqw4CJEDJbAJonpNxS5Qm1W2QULFqDX64URbZi6ujpzd2oBsHXppzYvrqBx88WuXbvEDbdx4uPjzRVXAKuEuBIIgSVoN7h4+XLLM+YFm37wwQfs3btXGNGGWb9+PWvXrr0urvW5556jsrJS3HQbpb6+viXiSg/8S1hRIASWoF3Re8zNZpd9/vnnKSsrE0a0QdLT03nkkUeum+s9fPgwixYtEslHbZTVq1e3ROyvBBKEFQVCYAnaFS6ePtzx8v+ZVfbAgQMsXLhQGNHG0Ol0vPvuu9ed+H3mmWc4duyYGAA2xvnz57nrrrvMLa4H3hZWFAiBJWiX9Bl3q1nZtAFmz57N9u3bhRFtiFWrVpl7xlu7Z+bMmZSWlopBYCPU1NTwwgsvtMSzmA0kCksKhMAStEsc3Ty4761PzC5/5513kp2dLQxpA5w8ebIl3oJ2z+7du3nvvffEBgwbYeHChaxZs6YlVYg1X4EQWIL2TbehY4juN8Kssvn5+cyePZva2lphyDakuLiYGTNmXPd2+Oijj8w+d1FgObZs2SKSwAqEwBIIlGoNkx6fbXb5ZcuWMW/ePAwGgzBmG1BXV8cbb7whdnb+wZQpUzhy5IgwRBuRlJTE5MmThSEEQmAJBAARPfow9hGzsywze/Zs4TloAwwGAwsXLmT+/PnCGH/jwQcfJCMjQxiilSksLGTatGkibYZACCyB4E8kEgnD73wYFz/zM7Tfc889Iui9lfnuu++YNWuWSFHwD06ePMmMGTMoKSkRxmglKisreemll9izZ48whkAILIHg77h6+3HPq/82u7xWq+XWW2/l+PHjwpitwKZNm5g6daowRDNs3LiRZ599loqKCmEMK1NXV8ecOXNYvHixMIZACCyBoCm6DBrJ2OkvmF2+pKSEIUOGcOLECWFMK7J9+3bGjBkjDHEFvv76a2bNmkVdXZ0whhXF1ZtvvskHH3wgjCEQAksgaHbAyuSMvvdxfCM7m11HRUUF/fv3FyLLSuzbt4/bb79dGOIqWbx4MW+99RbV1dXCGEJcCYTAEgjaDkdXd6a9uwCJ1PzhW1NTQ58+fYTIsjCbNm2if//+FBUVCWOYwPvvv88TTzwhlguFuBIIgSUQtC0hMbE8+N6XLapDq9XSv39/kT7AAhgMBtatWyeWBVvA119/zcyZM8nPzxfGaCHl5eU8//zzQlwJhMASCEzHSNzYW1oUjwWNnqyBAweyZs0asdPNTHQ6HYsWLWLSpEnCGC1kyZIlTJs2jZSUFGEMM8nLy2P69Ol8+umnwhgCIbAEAnOQyeWMmzaLHqNb9sNuNBqZPHkyc+fOFcHGJlJZWclrr73G9OnThTEsxIYNG+jfvz/79+8XxjCRU6dOMW7cOFauXCmMIRACSyBoCSqNI3fN/hCfiE4truu5557jiSeeoKCgQBj2KkhOTua+++7j/fffF8awMPn5+fTr14+lS5ei0+mEQa6AwWBg/fr1dO3alWPHjgmDCITAEggsgau3H098sgJ7jXOL6/rqq68YPnw4Bw4cEIa9zI/Zr7/+Sr9+/Vp6WK7gCtx3330888wzYtPAZSgvL2fOnDlMmDBBGEMgBJZAYGl8QiJ4/qufUDi6tLiu+Ph4+vbty7x588SRGv+gsLCQV199lbFjx1JYWCgM0gr897//Zfjw4ezYsUMY4x8cPnyYCRMm8PrrrwtjCITAEgisRWiXnjzzxRokEolF6ps5cyYTJkzg6NGj171tjUYjW7duZfDgwbz33ntisLUyp06dYvjw4bz66qvCm0VjLru5c+cSFxfHrl27xAARCIElEFib8G69eepzyy1b7dixg549e/LOO+9ctz9smZmZvPjii4wcOZKEhAQxyNpQ5M6ZM4fBgwfz66+/0tDQcN3ZQK/Xs2PHDsaOHcuzzz5rsZ2/HkERYoAJhMASCK5El0GjeOnbrSid3S1W52uvvUaHDh1YvXr1dZNxu7y8nC+//JKgoCA++ugjMbBshLNnzzJ27FjuvPNOTpw4cd2kF0lISODRRx9l2LBhFs1dd8NDzzD9o6/EwBIIgSUQXMWrPhE9+vDMF6uxd3C2WLXFxcXccsstjB8/nl9++YXa2tprVlitXLmSPn368Mgjj4jxZKP8+OOPdO/enWeeeYb4+PhrUmgZjUaSk5N5++236dixI4sWLbJo/Tc89AyTHn8ZhdpBDCiBEFgCwdUS1qUnr/2wHbfAMIvWu3PnTsaNG8eYMWP45ZdfqKqquibsVVxczMqVK+nXrx933HEHiYmJYhC1Az7++GM6d+7Ms88+y8mTJzEYDNeEsEpKSuJf//oXERERvPHGGxZv47YX32fyU69hp1CKQSSwChJhAsEfnAS6mFLghaWbiOo1wOYvrCQvm6Vvz+L0jo1Wqb9Hjx7MmDGD8ePH4+fn1+5+yNLS0li7di3/+c9/yMzMFDOhnTN16lQeeOAB+vbti1qtbld9r6mp4ejRoyxfvpzPP//cau088u9v6H3DzRfOM81JTuD1m3qZWk06ECJGnEAILMF1K7AAairLWfvfOWxbPt+q7Tz55JNMnjyZ2NhYnJycbNYeRUVFHDlyhOXLl7N8+XIx+q9BOnTowPTp07nhhhuIjIxELpfbZD8NBgPJycns2rWLzz77zKqJQhWOLjz12Uqi//HcEgJLIATW9YEc8AL+HlBRDtQIgdUy9LoGdv3vG759e6bV2/L39+eRRx5h8ODBdO3aFTc3tza//ry8PI4fP862bdtYvHgxxcXFYrZdJwwbNoypU6fSp08fwsLCUKlUbdqf+vp6UlNTOXLkCEuWLGHLli1Wb7P7qIlMee4dPANDL/mbEFgCIbCuPRyAocAIoDvQAfDk0tg4I1AEnAUOALuAHRYWXde8wPqTc0f3s+DZ+6nIz2qV9lQqFePGjWPy5MlERUUREhKCh4eH1dvNzc0lNTWVxMREli9fzs6dO9Hr9WLWXecEBARwzz33MHjwYEJDQwkMDLT6UqJWqyUrK4ukpCQOHDjAt99+y/nz51vtmsc9+iJjH5yJSuPY5N+FwBIIgXVt2DsSuBEYAwwCzI2wrAd2AhuAX4BzXOz1EgLrMlSUFLJ63r/Ys2pxm7TfsWNH7r//fsLDw/Hw8CAgIAC1Wo2XlxcSieTCf81hNBoxGo3odDoKCwuprKwkNzeXvLw8EhMTWbZsGSkpKe3uvkglEqaM68uU8QNYsX43P/xy7RxZ9OgdIxgSF8N36/fw03bbSl47depUevfuTXR0NG5ubnh7e6PRaHBxcbkwDpsbj3/uXjQajVRWVlJWVkZxcTElJSXEx8dz9uxZq8ZTXfYN1sOHh+YsoPOAERfirYTAEgiBde3gCAwBxgI3AOFWaicF2ARsBLZhunfruhJY0LhkeGz7Rha/+jj1lWU206+oqCicnJwYPnx4k0s5JSUl7N+/n9zcXLKysq6JSTKkdzQP3TaSXl0jCPH3AqC6po7Pvv2VNz5Z1e6v7z+z7+WBW4ejsLdrTD2Qkc/+40l8ufI3Dp5Ktem+9+7dGw8PD+Li4pr8e3x8POnp6Rw6dMim+j3glvuZ+Phs3Hz8r/hdIbAEQmC1k5dwGr1UY//4bzDme6nMpQ7YTaNnawNX59267gTWnxTnZrJu/gfs/fFrMXpbEWcHBS89OplxQ2MJC/RBLrvUw2AwGNl9+AyPvf45KdntL2asX7dwPnjhXnp1CW/SA9Sg05GQnM2a3w7wwaKfMBiMYmC0dFz5BHL3Kx/SbchYZFcZ2C8ElkAILNvFCRhI49LfKMDWzl1I5i/v1i6gUgisi9HrdJw9sJOlb82iJCtFjGgr838vTmXy6L74ebtyNfkxS8qq+GnrQd6Y9z0FpbafST8yyJNXHruN8cN6olFf3ftVRk4h3/28hzf/+z8xQMxk/IzZDL39AVy9TUuXIgSWQAgs26IjMBq4CegHtJeEMzXAPuBn4FcgQQisvxmnoow9a7/lh/dfFCPcCtwxri+vPn4b4UE+pj+sJFBYUsmmXcdY9MNm9p+0PSE8NK4DD98+ihH9u+DsaF528JMJ6bwx7zt+3XNKDJirJGbwDdz85KsEd+x22VgrIbAEQmDZJhoad/yNozFAPeQasV86sB6YDJj02nctCqw/KcrO4Pd137L+0zli5FuIj164mwdvG4laad/iurT1DSSl5XL45Hm27D3B6s2H2+y67rqxP0P7dKZ3l3DCg32xk8taXGdldS3zvv6ZOQvXioFzGcJ7DuTGR56lY98hyO3MH1dCYAmEwGp9OtEYmD4WGED78VK1CteywALAaCQnJZHtKxez3coJSq91vn7/MW4d2w+Z1PKncxmMRioqaygqrSArr5jaunqqquvIKSixeFuBvh6olPY4qJQE+Ljj4eaEo4Pysjs+zR9+Rpau2cGjbywSA+gfeEd0YuKMF+kxfLxFjroRAktgDeTCBBdhT2NOqhtp9FQFCxF6Pb9+SPAL78DdL3/IqHtmsHfdd2xY8N41eahusw8IhYqbZ77B2k/eoaHWvDMXv//P00wcGWe1PkolElycHHBxciAi2PcaGn4S7r15KIAQWX8Q3nMANz7yHB3iBokzBAVCYNn6MwwI5a9lv5GAQgwLwT/xCgxl0hMvM/jW+zizfwfrF3xAcea1Gwwf0q0PYx54iujeA6kqLWbVBy+ZVc//vTiVm4b3EgOohSIrp6CEtz9bfX3aQCpl0O3TGHTzVAI7dGnRUqBAIASWdVHRmOBz3B//RYphYB5JR/ahcnTGOzgce6XqurhmNx9/Bk66mz5jbyH11BEObVrL7h+/QVdX0+6vTe3qyZDbH6DnyAkERscgk9sBcGrPZrPqu2fCQKbdNhKpFZYFrzeR9cQ94zh44tx1Ffge3DWO4Xc8RHTvAXgGhFxXnmPBNTJ3r5PrDKFxt98YGgPVRSyVJVW6vYLRD86iQ+8B+Ed2wtndq3HL13Xy41dWkEta/HEOb/6J/euWYzQY2k3/pTIZw6Y+RtdBowjpHIvG2fWiHzKj0cgXLzzEoQ0rTa771M//d00t2bU1x86k0n/Kq9f0NQZ16UWfsbfSecBwfEIikdnZtUq7IgZLIASWaSiAu4FHgV7t7VqlciUSiQx9Q3W7M/zgOx4mbsxkImP7XvCCXC9iq6K4gOzzCZw7uo9Dm9aSk3jS5voZ1nMAPUfeRHi3OHxDI9G4uDXrHaitquTJONNF0qszbuaVx24VT1gLYjAYmfnOV3y5artp41Iqo+eYyRzeaJsZ8XuPn0K3ITcQHNMdr4BQZHb2tOzULyGwBEJgWQs58ADwOhDQXjrtGTkc75BeOLoHoXLyQiJt3OptNBiorSygqiSTvJQDFJ7b3m5uRIf+I7nxkWeI6tkfqez6Wo2WSCQ0aOsoLcglL/UcGQmnSDi4m7O/b271vnQfNZGoXgMIiOyET0gkzh5ejT9iV7HkUpiZyuwbupjc5pE179MpIlA8YS3M70cSGHn/v0wuN29fJlKZnMKsVHJTkkg7fYydKxdRX9u6L3AO7l7Ejb2V0C6x+IZG4RUYioOTS5t7vIXAEgiBdWWigW+APrbeUTuVJ0HdbsTFNxpH9yDsFY5X8ZAxUl9XRVVxBqV5iWSc+pWGqhybvykDb3uAm6Y/j7tf0HU80yQYdDrqaqqoKCqgMCuN8qJ8CjJSyUs7x8ntG9DVa82uXuPmRedBo3D3C8Q3NApnTx9cvf1w9fLFXqkyK/kiQNKRvXx4z2iTyvh7uXB20ycWyQcluJiyimp8Bzxicrk31x4gICrmkheAqvJSygryKCvIpSAzhbLCfBL27yAjvmWHUXuFRNJ16Fic3D3xDY3G2cMLF08fnDy8kNsrrkrcC4EluBa8PdcKNwPLseH4qj+9VE6eoTi4+CKRmmp+CfZKR9z8Y3DzjyGsx0Sqy3KoKEqjIO0IBUlbbPK696xaQvze7Tz8/hdExfa7buKzLtbGRqQyGWpHZ9SOzviERl64p0ajHoPegMGgp6KoAL1eh0GvB6Ak7+LDnGVyO5w9vP/4fzkymRxnTx+QgFQqs3g+pvq6OpPLTJ04SIgrK+HqrGHiiFjWbTVNADVo6/4xHI3I7RW4ePrg4ukDMd0vehEwGg1oa6qpra5Ep9ViBOrraqkqu/g8SLWjM0oHx8aXRnsFCpUalaMTEomkea+1CFYXCIHVrpgKfA3Y1FNdrvIgqMs43Pxj0LgHYa/UYEmnoUQqQ+MWiMYtEL+oQTQMnkZlSSYlOWfIOLERXW2BzdiiNDuND+8ZzYx5K+g58qbrU2Q1/WuDRCJFJpciQ46738XLaj4hEW3eP1NRKUSmE2shAdycHU0uZ7jajRd/vAiADLWTC2onF2F0geA6FlhTaFwWbPO94BKJHPfQ/vhE9MPJIwS1iy9SaeuZ2E7piJtfJ9z8OhEeezPV5blUFKaSn3KIopTdGA0NbX6zFjx9F0/MX0X3oWPF7BMIBAKBEFg2Sg9gSVuKK4VzMP4dhuDq2wlH90Ds1S424QKXSGVoXAPQuAbgFzWY+tqHqCrNoiQ7nqyz26mvyGizvn362G28te4g/pGdxAy0caRS053ChSXlNnktEkBvNGIwGDAaobqmjsrq2r9eUOzkeLg4/vGyJEEuk2Jri1l6g4GC4jIz7qPIRSYQCIF19dgBy2hMHNqqeIQPwSe8L04eoaidvZHK/paKwCbjC4zYq5xwUzV6t8Jib6a2Ip+KojTyUw5ScG5rq/do8WtP8MLi9SjUDmIW2jBqR2eTy3y2YjOvPn4bLk5td28lEgl12noyc4vIzi8hK6+Y82m5nEvPZffhBApKKi9bvmdMCIN7d8Tf252wQG9CArwI8vXAQd22x7PkFJSyYecJ018EVSL1n0AgBNbV8zgQ0xoN2TsH4x89GDe/Tji6BTV6qaz8bms0Nh5iK5NaPlZJKpPj4OqPg6s/vlEDqR88jarSLEpzE8hN2kNNcZLVbZp+8iCHNq1h4M1TxSy0YRzdPMwqt/vQGW4a0bt1XyOMRrLzSzidlMHuw2f47/JNNDTozarrSHwaR+LTLn3o3D2Kkf27ERsThqebc6uHEv6mBMfnAAAgAElEQVS2+5hZ5Zz+2BghEAha8UWvvb5YAymA1Z4anhFD8QzpiYt3JGonb6Sy1kl+ZzDC7YP8GBIXhL29jOS0Er746RxlNbpWGQ4GQwO1FQWUFyRTmH6U/ETr5W2Sye35985zaFzdxUy0UfQ6HdO7mh7oHBXsxS+LX8PPy826I1YiobC4nGNnUvl+wx5W/Ly31Wzz1D1jGDukBz1iwnBxdLD6US5nk7PoPXk2ehNPCgjuGscrK7aIZcLLINI0CKxBe/Vg3WJpcSVTuBDcfSKuvh0bY6lUTv/Qn62z9Ncr3ImHbu9x4c04xN8FuVzKu8vjW8MHgFQqx8HFDwcXv8adiYMepKoki5LcBLLObkVblmbBH+96zh7YRe8xN4uZaKPI5HJGPziT3xZ/bFK5pPQCXv6/b5n7ygO4OWss3q+aOi0nzqbx8/bDfPXDVsqrta1um0+W/cony37Fx13D41PHMrJ/NzpGBKCwt/zpBSmZ+Tz40qcmiyuA2BE3CnElEAiBddU8YolKPMKH4h3aC2evcNTOPhfHUrURdnLJJcsOekPbxXXZKR1x9euIq19HwnpMoKYij/KCVIoyjpGXsKnF9e/839f0HD3BrGBqQevQZdAokwUWwMpf9pNfXMa8V6cRHebX4vBEnU5PUmoOW/ae5IvvfyM5q8gm7JNXXMVr81bx2rxVdI305+E7RjO4dycign2RWmCJ/8DxJGa9u4TjCZlmlY+M7SsGsUDQBrTHJcJo4Axm7hz0jh5NQMdhjdnTL/FStT16I6yaMxxX579i9+cuOcimo4U2dyMa6iqpLMkkJ3EXOfE/m12P2FFo21SVlTBrQLDZS2BKOxnvPXc3k0b1wcfT9OXG5Iw8jpxOZuGKTew7kdxu7Daibyceun0UcV0j8PM2fak0JTOfb3/axbsL15rdB8/QaN76327sRZD7ZRFLhAJr0B49WPeaI66kds70uHE27v4xNq0rZRLIK6i8ILCMRiOHztnmtve/590KjBnJqW0LqSlKMLmeo1t/xj8qRmR4tlE0Lm5MfPoN1n78plnl6xr0zHpvKbPeW8r0KSO4YVB3IkP88HJ3RuOgvDAbjYBebyC/qIy8wjISU7JZ/dt+Nu460S7ttnX/GbbuPwPAHeP7MWZQD6JC/fD2cMHHw/mirPtGGtNG5BSUci4th5+2HGLZT3ta3IfxD80S4kogaCPamwdL/sdbg5+pBXvf8hGuvh3bxUW+8UBX+sc2ZvQ2GIwMf3wDCrnt36raykL2fv8sem2JaT/gnr68v/HohSM3BLaHuYc+XwmVwo5OEf4AVFbXkpSWf93YNLZTyIVwgPTsQorKLHvwssrFnfc2HkPj4iYG8BUQHiyBNWhvkY83mCOufDqMsXlxZTCCzmBkeBd3enb2/esGSSW8fHdHdAajzTt4VI5ehPacbHK5qsJckk8cErPRhvEMDOW2F96zvCjXNlxIiXA9iSuAo2fSLly7pcUVwF2zPxDiSiBoQ9rbEuGD5hTyjexvMxfQoDfirrGjQ4CGjsFOeHk44OWmQq1W4Ohgj5NGgcL+4tsyol8oHcI8qK1roLpaS15xDQXFNSRmVBCfWUWNVm+VfFmmY8QzOJbzZuyU3/fzD8T0Hy5mpA0z+Nb7OLJlPSlH9wpj2DjdRk6k1+hJwhACgRBYV4UXcJOphaRyB1x9O5jVoN4IYZ5KqrQG8sq02MlMFzFGI7g4yBnR3ZNuHTwJ9nfBzUWNwv7qd83JZFKC/JrOqF2n1VFQXE1aViknk4rYfqKIylq92QkQ9QZwd7KjuLIBMy4XjVsALoFxlGUeNKnc/rXLmfT4bDz8g8WstFFUGifufOk93rt7NIYGrTCIrT7UFSqmPP8OdgqlMIZAIATWVXEPjcfjmERY3J3I7U0P8uwU4MDLD/fGzUWN0WAkp6CClb8ksvlY0VWJF6WdlEkD/OjX3Z/wYDfs5NZZjVUq5AT5ORPk58zguBAevl1PSkYJh07m8MPuHBp0V5c3x1Ut54Hx4fTtEYBaZU9NbT0/bDzL//bkmNQfiURKUOfRJgssgDP7djD41vvErLRhQjv35KH3v+SLZ+8VxrBRZn6+Gq/AUGEIgaCNaS/Jh6TAIsDT1ILRAx5EoTZ9a3j/GA+GxgUjlUiQSiU4Oyrp192fDgFqziSXUq1t+ggOfzcFT93agafu7E5cVz883NStunwnl0nxdHOgW0cfJg8LJcJHRXFJNYUVDU1+32iECX29efnh3nSO8kapkCOTSlAq5Dhp7Ni4L9vkPtgpNWScWA9G05IiFuVmM+jme5DKRE4sW8Y3PAoHVw9O7/5NGMPGmDFvBV0HjxaGMJHK0iK2f/eFqcXKgY+F9QTN/h63k372BkyOUncO6IXGLdCsBjcczCPY9xyD44JwdFA0qjyphLhuASyM8ubn7edY+lsaDfrGyPMANwX33xhJ/55BVyWoCourycqvICu3gtzCas5mVJFTUsc3bw1Hqbj0trz/+T6ySrTEBGnw9dIQ5OuEv48T3h7NZ8lWKuQM6h3MgF5BHDiWxTcbzpFaUHvh732inJl6YweiQi89by4zt5yv1541y3YKtSuB3SaRcWyVSeWyE06QkXCSsK69xMy05bcdqYzhdzyM3E7B8jeftP2HnFzOE088QY8ePQgODiYwMBClUklSUhLDhg1rsszatWuRSqUcPHiQ999/H51OZ/PX+dTCH+kyaJQYoAKBEFgm8bA5hYJiRiExM0O4Tm/kk9VJzF93jjE9vejf3Y+YaC+U9nLUKjtuH9eJsUPCKa+oI6+wis7R3k0Koz8xGIwkJBdyOqmQjftzyS27NIbFx8UeeTNLiUqFnHM5JZzLqQb+2m3l7mjH2DgfenT0JjLUo8nYLqlEQr/YQGI7+7H3SAbeng5o1PYE+V3s2SuvrONofC67DuewN7GsBbfLiE9Ef5MFFsCxbRuEwGoPIksmY+jtD+Dq7cfnz91PfXWlTfXPxcWFJ554gokTJxIVFYWTk9Ml30lPT2+2fI8ePQgKCuKmm27ihRde4OjRo6xfv5758+dTW1trU9fqHhTB9A8XiXkjENgY7SEPlhOQBZicJGnotG+xVzlbrCMOChlThgUyemDYRZnWL0dZRR17Dmfww7Z08svrL/vdGH81c19q+o16+bpTLNuScdnyzio5tw8LZGifYDzcHK5OChmNJCQXsXlvGj8dLDArsL1JQalvYPeKWWjL00wu+5/f03B09RCzs52Qn3aelf9+jZNb17dpP2QyGffffz9TpkwhLi4OZ+fLz/19+/bRv3/TO4zT09MJCgq65PPCwkIOHTrEsmXL+P7779vc9oOnPMyEx17ExdNHDMQWIPJgCazyItoO+jjZHHEV2P0Wi4orgGqtnsW/pvHO5weoqW247HfrtDrWbk7gzte28d81564orgA83ZsPxnd3UlyxfHmtji83pnL3GztYuuYkVTX1VxBXsPNAGk99fJANhywnrho9HHaExU40q+y5o/vFzGxHeIdE8OhHi3lk7lKcvANavf2bbrqJtWvXkpGRwaJFixg1atQVxZW5eHp6Mm7cOFasWEFycjLLly9vdpnRmvhFd2XWop+Y+upHQlwJBDZKe1gifMicQj4R1st91aA3oq3XoVY1v6lRYS8nrqsfNbU6Vu3MpKb+ygHfId7NCywHjeLqbqhMwoS+PgzqFYiDyv6y39UbDJxNKcFaMfjugV3NKrd79TK6Dx2DVCYXM7SdYK9UETfmFjr1HcqxbRv4bel8cpNOWbXNN954g6lTpxIaGoqslTdGSCQSwsLCCAsLY8qUKSQkJLBp0yYWLVpEQkKC1doN7dGPUVMfpcugUag0TmLgCQRCYJlNB8BkpWSv8cfZM9wqHQp2V/D24/1wcVJe4QEMft5O3DWhMxNHRnHwZDY/bE7lfH5ts4LGQd28IHK7jAfLCPi52HPHyBD6dA+46uVLuUzKg7d2o7yqge2nii1uK7WTN56Rwyk8t82kcqe2byA39Rz+ER3FDG1XGNG4uDFo8j30GXcLaaePc+bADn7+7F2rtDZixAgiIiLa/iEql9O5c2c6d+7Mo48+yvHjx1m9ejVz5861TP32Sm6YNouug0cT1LErdvYKMdQEAiGwWsz9mBEnFtbrFqt4P+QyCS8/1LNJcVVT14AEUCntmhROw/qGMqh3MAnJhWzclcbm40WXCC2ny3ip1Cp7jEYuysGlNxjpF+3K5BGhxER5Y2/X/Fu8Tm+gTqtD8w8Rp7CX88TdsaTP3UNKgeWDdwM7mi6wAM7u3ykEVjvGXqkmqld/onoPYMz9T5Gffp7CrHTSzxzn3LH9nD+0+5q8bgcHBwYMGIDRaDRbYIX3HEBUrwEERXfBJzQSz8AQVA6OGMVh6AKBEFgW7Nv95hT0DO5hlQ5NvymckADXSz6vb9Dz32VHOJlawWOTOxDXPaDJxKJymZTOUd7ERHpzT2ElOw6ks3xrBjq9EY1SRnSYe7Nte3s6EuKpJLWwFplUyh1D/BneL5hAX2ckl8l8ajAYOXE2jyXrEkAC780ccMnSocbBnufu7cajH+23+HKhi08UEonE5B+H9Qs/ZODNd4sDoNs7RiNKBw3BnboT3Kk7vUZPwmDQYTQYqSguwGDQo6uv5+cv/s2+NUuva1Pd8cq/GTZlGhKpBKlUTqNv+k8zCnElEAiBZTnGAN6mFvLpOAaVo+V3oPm62DNmcNPLEWt+S2DbycYltre/OUXYL+d5+OYOdOvk22ROLIkEfL0cufOmzkwa1YGikmo83BxQKZu/HQ4qOxa8OoyS8jrUKjscVFdOan8urZhFq+M5nvrXFvqvVp3kyXt6XiLKwoPduW2gLz/+nmvZAWavJrzfQ5zf+6VJ5apLCkg/e5LoXgPELL22FBdSqQyk4Or957ntEjQurte9ZdSOTsjk8gt2EggE7Rtb3kVoVnC7X+RArJF94s5RIU0uwaVmlrLol7SLPkspqGX258d4ae5uEs4XXrZelVJOoJ/zZcXVn8hkUjzd1FcUVxk55fzn60M88e/9F4krgPUH8zmZkN9kuRuHRWKwwnPdI8i8YPd961eKGSoQCAQCIbAsiA8w3tRCcqUHLj5RVulQt46+TX6+buv5ZpfVTqZX8tS8g7z7+T5SMkuxtpe/uLSGr388wcPv7eHXIwVN33AJLN+Q1OSSg5+3I7Fhll+Sc3QPxtk/1uRye1Ytpig7XcxSgUAgELQ7bHWJ8G5z+hYSOwm5vQOWdq97O9vj7XnpkTTllXVsPFxw2cOfJcDO0yVsP7WXSX19mDoxBmfHy+9AzCuqQnfhkGYJ/t6Ol21DrzewdnMiX29Ko/4qDnc+llpBdl4FAb6X5goaGut7iderpUgkUgI7jaQ8+6jJZc8fP4iHf7CYqQKBQCAQAssCmHU0jmdwLNaIXegU5NjkomNKZullhc/fkUpg3f48+sf60aNT096wBp2BNb+d5YsNqRd9PnmALw9M7trkDkWAguJqvtiQctXXI5NKOJdW3KTACvJzwojlF1nNzYm1ZflCeo2eiNzOXsxWgUAgEAiB1QIGANGmFnIJjEPjZp0s0j5uTXucqqu0TX5uBOp1Rnyc7YkJ0hAe4EiIvzP+Pk4E+7s0286CFUfZcCj/ksD4dfvySM+tZs7Mgchll67q+no58s3rQ0jJLCEjp4LzmRWczawmu1SLvVzSpFjKyK1qsg8Khd0l6SAsgULtQlCP20w+nzDtxAGykuIJiekhZqtAIBAIhMBqAWYFtwd1Ho1EYp2QsvqGZpbdJI25qOztZHQLdiAiwIkQfycCfBzxcNPgpFE0ma6hOSKCnOFQ0wHoIb4OTYqrCyLQU4OPp4b+f4Q66XQGKqu1FJVWk5lbSU5BFQlpZRxPq6K2Xo/O0Pq7lLxCe5t1APTxHb8S2jlWbFUXCAQCgRBYZqIBbjW1kERqh6tvB6t16lRaRZOfd47y5pvX3fH2cEAmk7Z4WW1Az0DScyrZfKyAqjo9EsBOLmVYF3fGDg4z7cbKpbg6q3B1VhEZ8lfaCp3eQEl5Lc1F3Dc06K12AriLdyQKlxC0ZWkmldu8dD6jpk7HwdlNzFiBQCAQCIFljsb4Q2SZRGC3SSjUrlg6/soIDO/qzu03NL0z0cVZhYsFz5R1dlQy465YHrrdQEZ2GfUNekICXVEpLHeb5DIpXm4Ozf7d3VXNw+ND+XJjqsWFllRmR0i38STu/MykctrKUrLPJxDVs7+YsQKBQCAQAssMzDqWvvFgZ9PFlVQCN/T0IibcFbVCjtpBCRjxcFEhl8twcVa1WNwYjWDESG2djspqLdq6BiRSCX5eTsibWT60k0sJD76yt0avN3A+vYQGnR5njQK1WoGrsxIJXDa7++XwcnfgtrGdGDM4guKSakortdTWatHrDeQW12I0Qk5BFTtPlVBbrze5fs+gHiSa0a/sc2eFwBIIBAKBEFhmYvI6n8I5BCePELOEzweP96JrB+8Wdzq/uJqaGi3llVoqqrRUVdeTW1xLWXktSTk1ZJdoqdHqkUklF3JmjezuyXPT4lrkJZq/4hg/H8z7S3AZjDQYIMRTRZiXEg8XBa5OSjxdlWgcFLi7KFGp7PH3cUJ6heN1HB3scXSwpznLPlStZd7SI+w+U2pSn9VO3niED6EoeadJ5RIP72H4XQ9jNBjErBUIBAKBEFgmEmpqgbDYiUhldmY1pmwie3pldT05+RVk5JSTkFpKUWkdKqWMED9HBvYKJMDn0jXBnQfSWfTL5ZfU7GQX/zXUT9PiJbgOoS4XCSyZVIJMCnmldeSV1jVZZnhXd55/qE+Tfzt8Kof9J3M5fr4MT0c7gnw1RAU5Exroio+XI+q/pYnQqO3pHOFmssBCIiGw00iTBVZNZQWIIHeBQCAQCIFlFmpTC2hczUvNIJHAC/89yLg4H7xclZRU1JOaU8m+pHKkNJGm4FQJp86X8taTAy7ZzXfz6A5k5VWx6VjhVbUd6avmxuHNZ5zX1utJzyrFaDQSHuze7FLi8P5hHDhdwO74kqtqN8hdyYw7ujfpvSqvqOP/vj1FabUOgMyiOo6mVsLeXIzGxmXLvlHOBPk4oFbKOXimmONplWYdDm2OxzHz7EnqqqtQqB3ErBXYPHq9XhhBIBACy6Yw+ee6ob7G7MZq6w38uCfnos9kl+nBoeQK1mw6y23jYi763E4u5dE7e6BtOMKO08WXbVMqkfD8vd1RNhPbVafV8d4XB9iXWAZAXKQzsx+Jw0F1aaJNmVTC9Nu6ciJlNxW1l3+gdw9x5IUHe+HURBb5Bp2BBSuPXxBXTYlRnd7AnrOlcLb0b9dint3rqktMLuMVHIadQilm7DWKVCa7pkRMamqquKkCwfX+XLOx/mSZWiBx33IatFWtpv6+2JjGroOXno+nVtnx/LQ47hkZ1OyByUZgxsRwggNcmxaLOgNzlxxif1IZEkmjsDl0vpz3vzxIfUPTPyae7g48d1fMZdu8oYcnr8/oi7vrpQ5Cg9HIyg3xbD9Z3Dpv9g11pJ3YYHI5pYMTMjs7MWOvSYwoVKZ7JhMTE232iuLj401/27VTiKEgEAiBZTVMXu+rLT7HqW0LqK0sbB2DSWDOstNs3Xvp0TRyuZSpE7vw4WOxeDheKgZ6hzsxbkhkk/Xq9Aa++uE4O5tY7jt4rpxPlx9pVmTFdQtgYl+fSz53VMp46a5OzHogDgf1pR4wnc7A9+tPs3RLRqvYTltTxumdX5Kf+JvJZasrStHV14sZe43iF2F6HrtPP/0UnU5nc9dSUlLC4sWLTS7n5O4hBoJAIASWVVABXuYULEreyd7vn6U48yTWOIuwKT787izf/xxPQxOip0cnXxa9PpwnJkWgsm80sdJOytP39GgynspohO/Wx7NmX26z7W06WsjydacwNOGqkkgk3DupM74u9hf+fdewQBa/MZTh/UKbPPamqqaeT5cf5pvNGVZLLPp3yvKS2LfqJfITNplVPivhJA3aWjFjr1FcPH1NLnP69Gn2799vc9eybds2SkpMXwZ38fITA0EguIawpRgsJ8DR3MJ6bQlH1r1MRP+HCO46Fpnc+u72JZvSiE8p5cm7uuPlcXF+VJVSzk0johnWL5Tfj2TipLHHy73pHKo//nqG5Vuv7EVauTMbezsZd0/scokoctIoePG+biSmljAkLhhXZ1Wz9ZxLK+Y/y06QXGB9wWI06Mg8u42E7Z+0qB5dXQ0NWi1KB0cxa69BPPyDzHvR+fBDunXrhqOjbYyL/Px8XnvtNdPfLl08cPHyEQNBILiGsCUPVrglKjm/dxEnNn9CTXleq3T64Lly7v/XLn7elkRt3aXLFRq1PTcMCqdfj8Amy2/dm8IXG64+IPabzRls2JbUZMaCjhFeTBrVoVlxVVVdz4qfTvPEv/e3irjS1pRxcuv8FourP6koLhQz9hrFyc2TDv1HmFxu/fr1fPzxxzYR8F5TU8Pbb79NQkKCyWX7T7wT1XX58iCBVvGhCwStjy15sMIsVVFR8k72ZZ2m6+in8QzqARLrTmC9wch/15xj5dZ0Hrslmu4xfleVAb5O20BFVT2T+vmQklNNcYWWkho9Or2BmvrGhJpKOyn2cilOSimezgrCfB1o0BmoqKrD2fHqdtVV19Sz80AaS35JueJuQ0tRlpfE8U1zqa/Mslid9WKJ8Np905PJ6Hvj7STs3Wpy2ddffx2lUslTTz2FQtE2geJlZWW88847zJ8/36zyMf2GXvOHmUskEnQN9RTnZpGbkkRBRjLlRQXodA2o1Bo8A0PxCgrDLywKtZOLmBQCIbAsSLBFRY+2mGPrXyesz72EdL8JuZ3K6hdQUFHPm0tO4emYwK3DgujXIwAvd02z+k6psOPm0X8F9xqNUKvVYTAY0OsahZBMJkMqk6KwlyEzIS+C0Wgkt6CS349msWp7BuWtJKwMBh1ZZ7aRsOMTi9ddkpdNaOdYMWtbmfLCPNLPnqS2uhIAlYMjgdGdcfXxt2jy1+heA8wu+8ILL3D8+HFefvllOnXqZPZRUSY/Z/R6jh49yqxZs/j999/NqkPh5EZ4t7g2v89Go4H89BSyzsWj/2PzgKuXL4HRnVFpnMx8HuipKCogL+08SUf2cvi3deQknrxiuYlPv0HcmMl4h0SIBMMCIbAsQKg1Kk05sJTSvCRiBk9D7ezbKhdSWNnAgp+SWb0zkyVvjUQmu7qHvUQCaqVlbklBcQ33v7O7VZ3v2poyEvcuI8/MQPYrUV9bI2ZsK9KgreP3n75j+RtPNvn3yc++Q9/xt+LuG2gR74uHfxADbn2A3/+3xKzyK1asYMWKFTz22GNMmjSJ0NBQ3N3dm/1+ZWVl86KyvJzS0tJmPTHZ2dmkpKSwZMkS1qxZ06LrnvDoCzi4uLWZkDAY9OScT2DHD0vYsWLhJX938PDhwbc/peuQG65CuEqoriglP+08mYmnObJlPWd2m/48WDfvLdbNe4v73llAn3G3Yq9UiQkpaHfY0uL3FmCEtSqX2bvQdfQsPENiW+2yOwU48NGzgy/aOVhaXktqZim+Xo64uahR2MvMrr9Oq6O0vIb8omoiQz1wUNld1M70OTtbzXNVmnOW45vm0lCda7U2xj7yPLfOerNdL6VIJBJqKsspzslE+zfBKJXJcPHwxtnLF6m07UMj67W1rPr362xfvuCK35309Jv0HD0B39CoFrebevooc24ffN08gKVyO+ZsPIZnQEibCKv0MyfYtuJL9q1ddsXv3/fOAgbePPUikSWRSKirqaI4J5OspHhO7NzEgZ9WWLSf/W+5j7EPPo27byD2KrVVhGhOcgKv39TL1GLpQAgCgY0LLAmQCERau6HQuHsI6zEBmZWXDL2d7PlwZl98PBsDVw1GI2t/S+C7LelU1OkxGMFRIcXfQ0VUgAZvdzVOGntcNPZIJBLUakWjVYxQU6PFaDRSXlVPWaWWwpJazmZUkl1SR7XWgFQCTkoZj98SzdC+fzkCTyXm8/xnR6wqSAx6HZnxv5G4a77VB0m/m+/loXcXYjS2vwOfdQ31pJw8zKFNa9n/8w/UlhU1+b2Q7n3oNWoiEd3j8A6JwMnNs00E5e7Vy/jm1Rkmlblh2jMMnDy1RULLaDTy7Zzn2LHi8+viAXz7ix8w+r7HW1lYGUg/c5ytK75g/9rlJpV9eeVOgjt2pSQvm5zzCSQd2cv+jasoz820er/dAsMYdPNUYkfciH9kJyGwBEJgXSUKoBholYPmnPx60GX4DBxcrJN3JtRTyRuPxuHr9deuoE27k5n7Q4LVr23ezDg6hHte+HdSahGvzD9MRZ3lPVna6lLO7FlC4bltrTJIwnr048VvNiKTt6+M7hkJJ1m/8COO/WbaUpJUbk+nAcOJG3sLAZExeAWFoXTQWL2/NRVlvHxTb6oKTfdGSiQSRj04k0GT7zFbaBVmpfPahDh0ddXX9MPXL7orL369AQdn11Zpz2gwkBZ/jC0rvuDAum/N63NUF+q1tRSln29T24287ylG3TsDd99AIbAEQmBdAR8gt7Ub7Tb+DbxDe1vWyxLtwrMP9MLR4a/dTKUVtTz0r51U1Vl/uS7cW8XHLwzB/m9LjwXFVbw0bz/ZpVqLtVOae5ZjGz9CV1vQqvfssyMFKFTqdjG5DHodBzb+yFcvTrNYnYOnPETnASPwDY/GMyAEuZ29xft97th+Prh7ZIvr+cujFWnyo+bI5nUsePrua/rh+8Ky34jq2b+VhNVxNi9fwMH1310z9pPZ2fPMV+tbtDlCCCyBVceojfSjKzCttRvNP7cTnd6Ii3ckUlnLvSIGo5HZD8Ti63lxPpsff03gcFJZq1xTabWOAHc7wgL/eit2UNvjrJKy51TL80jpdVoyT//GyV/fxaBrfQ/DiKmPolRrbH5iGfR6Ni9bwPK3nrJovenxRzn0y49sX/E5m77+BF2DDr2uATt7BQq1GounGJwAACAASURBVImk5fFb54/u4+jmdS2uJ/nYPrav+Jyy4iLcfQNxdPO86t19PiGRGIBzh/dckw/eqW9+Qs9RE6zahq6hnsTDv7PsX8+weu6rZCedvqZsaDTo2btmOf7RXfALi25RXZWlRWz/7gtTi5UDHwsZIWgOW9lFGNpWDacf+Y7i7NN0HT4DjVtQi+qSSiScPJtPsJ8z9nYy6rQ69h3LZFkrnfX3J/NWJeDpqqZzlBcymZTK6npOnWu5uKqrLOLMnq8pSt7RZgOlurwMZw9vm59YhzevY9WHs63aRkNdLT/Pf/fCv0O6xtFvwp0EdeiCb2gkDs6uSMwJmLdwioNd33/Jru+/ZMid0xk25UH8I6+cRkEqkzH+4Wcoys6weNB0WzPu0RcZdPM9VhVW547u59fF84jfvYlrnQVP3cns77YT3q03AoEtYStLhB8Cz7d1J7qMeRmf8L4t9gK4OsgJ91aRlFtLea2uTYysNxgJclfi42rPifRqdPoWBIYbjRRnn+bEr/9GV1fUpvfoyfn/u8rt4m1HbkoSr93Y9vm6eo27jS6DRhMQ1QnvoHBUGserCphPPnGI9+4cZrV+Db37UYbe9gD+kR2vONdqKstZ+tZMDm9cdc2IqwkzXrTK0u4FYbVkHvG7rn1h9Xc8giN5ZcUWHF3dzSovlggF1qCtlwhdgcXAdFMLekUOB5mShhrL/eAXnN+NTqfHxTsCqdz8B2Bdg4Gc0nq0OkObKVipREJlnZ7c0noMLdiFptdpST+5kdObP8Sgs1weKjtNAI6ekWgrTQu9O7jhByQyOYEdumCnUNrchDIY9Pzw0atkJZ5q877knDvD8a3r2fXDYn5bOp+KkiL0ugYkUilKtQaZvGkHttzenk2L51mtX2mnDrPj+0VUlZfh5O6Jk7tns542O4WSLgNHoTcYSD66r10/bG95bg7jps20uLhqqNeSdHgvK959nnWfvE1hevJ190NWU16Co4c3Ed37mFVeLBEKrjWBNRLYCvQzp3B4n6lExt2GTqenIt9yu/PK8+IpyIzH1ScKhfr6Pq6htrKQ0zu+IOvEjxat1ytyBD3GPINEAsXph0wun3hwF8mnjxEQ2QkXT9s6IPf8sQOsfO95m7uXBn0DqScPcXDjKrZ9u5BjOzZRUVKIXq9DJpOj1Dhe8Aoq1BoSj+6nOCvVqn1KO3WYXauWkJN6DldvP1w8fZoUWnI7ezrEDcIzKIzjW9e3v4esvZIn5//AgIl3IZNZLiqjQavlzL7tfPXKDH75/MPrUlj9nTO/b2XAzVNROzoLgSW4bgWWHPgXsBBwMreSgJgxaNwC8Qjqjto1mIJkywXDNtQUkRW/CZWzPxq3AIsEDrcrjEaKMk9weO2bVBdZNrVE9JDHiYqbgp3SEW11KfnndppVT3FWGrtXLcE9IISAyI7mxRpZGF29lu8/eJn81ESbv8WVRXkkHtzFvnUr2Lz0U84e+h1tbTUGvR57pRKJRMrJHb+0Sl9yz59lz49LLyu0pFIpQR260POGmykrLCAvJbFdTKWhdz3KjLnfEBLTw2LL2g3aOs7s286ilx9l01dzKcvPFr9kf6DUONGh9yCT4wiFwBJYg9ZewfIGVgJDWlpR/7s/R+Pq/9cEKc7gxOZ51BRZ9sEb0G0yEb1uwV7lfF0MCH1DHWknN5K8b7FF67Vz8KH7mOdw9f3r7MWS7HgOr3mxxXUPufMRbn7yFTQu7m1qu5O7f+OT6ZPb/RiQK1S4ePtTlNE2uY5ix9zC6HseI6xrT6RNeHz0ugbOHtjF+oUfknzkd5u0YbeRExlz/xOEdettMa9Vg7aOhIO7WTf/fdJOHGj348yujyfKKHcql1n2JW7OLyfwDg43qYyIwRJYg9b0YMUCO4EulqgstOdtyO3/yoekUDvjGznQ4kuGFflnyc84jYt3BEoHt2t6MNRWFHBq+0KyT62zaL3e0aPpMfY5NG4XJwXUNdSRdXpDi+tPP32ElPgTRMb2a7Wkjf9EW1PN0rdnUZqT0e7HgUGvo6a8pM3azz1/lj2rl5KVnIijqweu3r5IZX89qqRSGV5BYfSfcAcxA0fh6OZJesJpDA31bWo3B3dvxj40iykvfcCIOx/Gwz/YIsce1f/hsVr82hP8+uX/tVuPlTTMAc34MJwmReIypQNOg4LQl2up3W/ZFIgNDQ10M3EjjPBgCaxBa3mwJgArsGCm9lGPrUMivVQfGo0G8pP3c2rzXIz6OoteRKfhs/DvMLTJdts1fywJHt/4AQZdpUWrjh78GIExo5rMM1ZXXcKuJfdarC2VsztPL1hFRPe4VjfhkS3rWfDUneKJYgU6DbqBsQ8+TWRs32YCxCXUVpaTn5FC9vkz5JxPIC3+OOXFBZRYSfB6BUfg7O5JcEx3AqM64xMWiXdgWONZeZZ64amq4NTuzaya+wal2Wnt78fF2w5VnwCU0W4ofB2Re6gv+sXRV9WT++w2jDWWP/rq9R/3EtSx61V/X3iwBO1VYM34Q+VbbOuMxjuGfre+d9nYqKqSTE7v+IKKnGMW98aE95yMg6vfNRGbVVtZSMbp30g/YtkMz3YOvnQf8yyuvh2Bpncx6hpq2fb5bRa/pplfrqPLwCtnIrfUGX/V5aV8NG0CWWfMGGtSkEU7oT9bIZ5GVxJaA0czdtpMomL7IbNrPjGwRCIBiQRdvfaiA7UtiUrjhFQmaxxDFj4r8k9htfqTdyhKP9d+fkzUUux6e+PQzRt7P0fsvByQ/O2g+3/+2pT+cp6qFUlW6UuvsbfxyEdfXbUHUQgsQXsUWI8Bn1q6nYBut9Bp0ANX/F6DtpqUI6tJP7rS4hfmHjIAz5CeqJw8Uaja127DBm0VdVUlFGUeJz9xs8Xr9+00nqi+d6BQX3m5bvviB2mosfxxOwNve/Cyge9KtYagDl3wC4/GPzIGuZ35mfz3rPmWr1+ZbnZ5zzf7YeeuQptdSV1KKbUHczCk1SBomo4DRjH+4VmEdunVbo5NulphdXL3ZtZ++i6Fqe0jiF/e2wNVFy8UIc7YeWuQqu3AaETyxyO/uQd/fU4l+S/ttmrfnl+66aqP0RECS9DeBNbjwH+t0UZE/4cIi510Vd81Gg0Uph3lxC/vYTRoxR23tpfBxGXUIxvepzi1bY9DCe7am3EPzaLzgJEm/2BXFBfw6oQ+1JSanylf3tMdn8d7I7FrFIRGnQFdWR3ajHLqEkuo3ZguBlYTBMb0ZMKMF+jUbygKlUO7vY6ainJO/b6FdZ++S4GNCytplAZVrC/KcFfsfDTIHBWXPuEl//znP8SW3kj+kmPU78qzal+j+w1n1oL/Ibe/8uKJEFgCa2CtYKLHgU8Aq6yhBXQeh8Yt4OoUpESCg6sfPpGDqSwtoK5CbGm2BgqXEHpNeBOvkF4mLZ3WlOdSmn2iTftenp/D4V9+JPnUEYI6dMHZw+uqy/6+bgVHN61uUfuG3FpkQRrs/RrPsJRIJcgc7LD3dUTd1Qun8WEo+/piF+WCQSVBn1ElBhxQUZjLoY3/49Tv23H28MLNJ6BFnsjWpqqshIO//Mj8Z+5j7+pvqC4rttm+KscH4/5oD5xHh6GMckfurkaqkF/59flvfzcCRiTUJhRR9W2S1ftcnJVKeGw/vIPCrvhdEeQuaC8C6w5gkbXE1Z8CS+3kZVIZe6Uj3mFxSOQOlGYfF3fegvjF3Ej30TNxcPE1/UemNIuitIM2cR3FWansXLmI4M6x+ISEc6Vfj8KsNOZNn2yRGBxtajEO/QORKv4xJY0gkUuROytQBDqhifXFcUwIyp5eyEId0Tc0YCy0Lc+sRClHMyAcXZ0WY3VDKwqtre1CaP0prD6bdS8H13+Htqp14u/kYW6oYvxoyCg1uazzLVEogpyRSBr9Ueam9DLU6ShacBhjua5Vrjk7ObExwatcLgSWoN0LrP7AGsCqT7fQ2FuxV5meo1Qqs8PVrwPOPh0pSDmI0dAgRkAL6TR8FmG9JiO3V5knLGoryEvablPXdHDDDwR37olPSMRlX823Ll9I4oGdlmm0xoDBWY4iwvXCr5ekGY+AxE6G3E2FMswVxwFBOAwPRNHNA6mfGl1uBdQa2taAOgMOsUGoI32Q+zihq63DWGX9FAp/Cq2Te7bg4OSKu28AcnuFzYyr6vJSDv7yI/Men8LhjT9QX13ZKu3KIz1w7BeGQ4Q3hnod9SmmHy/mfEs0UpX8n0Pxwn9XGwhS+Xsm2h25rWbzisI8fCM6EBAVIwSWoPVfNi1YVyCwH/CzdqeHPLAMhUPL8h3VlOcRv+srStP3iVFgBkrXcLqPnomTZ2iL6inJPs3hNS/Z5DW+ufZAsw/m3NQkXhvfk+Z2SJqL1/uDsPPT/GOSSpqfqP/8g8FIQ0E19TlV1JwtpG53NlS3vuDSjIhG4eNyoU/aogpqTmdhyG295U1HLz/ufPF9ug4ehdLBsU2F1bFtG1n+9kx02tpWa1ce6YE62hc757/iCqsTc6g7nGnai2mEBp9XBsKf3qsrfN/YzBd0xbXkv7LLrBcAiVqO1FmJ3ozx4xYQyps/7rnsEToiBktglTlooXrsgO9bQ1wB2Ck1La5D7exD7JhnrZK1/FrHv8tEovrcgZ2y5T9aSo2HzV7nyo9e4enPVl7iBTEYDOxa9Y3FxRVA6cZzeD3QHaSSCwLKiPFCS5cEDBv/IbakEux8NNj5aHCI9cF4ayfqC6rRZpRTczyPhgOF1uj2JTSU1aDw/UNgySQovJ1ReDpRX1hBdSsJrcqCHL549l6cfYO47Zm3cHL3bPJ7Bp0Onc46S1b56edZ9UHrvkDIIz1wiPbFzkV98a02Qn226cuDyp6+F7yqxr8NOUkzGl9ibEJwGaF8S6rZ3lVVbDByjZKK3HjTX+KyUjm8aS2Db72fVhn8AoGFBdabNC4PWh1n/1iLJfqU2SkJ7zkZF+9Ijm/8AH19mRgRVyBm1PP4RQ603D2Q29vstZ79fQunf99K92HjLvo8M+Ekm7+eZx1hsiuP2n7FqDp5XCqgAOMfv17Gv8mtJsXWH798EoUMRaATikAnnAYEor+3noa8KurSyqg5nIv+TLl1riOzGDr6Xeib8Q+hZe/jjL2XE/XFVdQk5aJPKbX6fSzPzWDR8w9c83PTLtoTdZTPBWH1Z2jgn/dAr20wS9gqQlya1CV/eqqMlxFbfwoubWoZdWbuhpX6/D975x0fRZ3//+ds3/ReCQmE3gkRpCqIghQRrGf3rHfqT7/WU8+K4HnnnV1PPcEGKmBBAUUQlN57CS0kAdJJL9vn98duks1mEzKT3RBgXo9HHoTNzmdmPvMpr3mX1zsIQ1Ikggo03SKxHZWeDPDdO68waOyVhETGoEBBe8EXgegjgXZ7RQsM74Qg+DZ0LLJTf0b86U0iu4xSRkQzCIjswcU3vE1iz0t8qmTf0Ws8rpz3IQ57g3XDYbexct6Hfj1n2cIDOEzNWFREdzOC07blcP2InhxL9DA5AOpgHYbuEYRd3pWEp0YQ/9Y4Ip+6iMBrUxHifRev5CiswWGyOjdhp+5nw+arFtDFBBM6sgchk/uiSQ1XJlhbiFW/WEKvHkDIsK5owhusVi69VUTXj61SnntSGxVwxrFY96vD9eM+7ESLnZLv5ZcvCxzYGUHtvJnA3vKcJFVFeaxfPF8ZLAraFW21YOmAj/BjxmCTyRYWhz/MvMbgKAZPeJTsvb05sv5jZWS4IWnQtXS76Dq0et9rDQmCCkNYMqayjqn1lLHhNwpyMonv0gOAzL072Pj9F349pyOzmupNpwi5JLnZeJYGs5C7RUF0syi04Eqs+4NKQBNhQBNhIKB/NOGTumMrqcV8soLaA0WYfj3ZpvuwVdaiM2qdp/ZyH4IK1JGBRI3pQ3XvMmoP5mI7VqpMuNYSn/5xBHSLRRsWiGi3N3627o/c9Yu1pFr6/IzVoYloRQKLN7eg6+PqvYXY98h7rtreMeiiG0IRNGEB6PrFYtlXILmtb1//OxdNnEFUQmdl8ChoF7SVGD0G9GnPCzYERvqvMzQ6ugyextDr3iA4fuAFPzgMEd0YPPVleo283S/kqu41OzplaIfuh/zjznIlVrOJpR+93i7nrJh7ANvpWgSRRj9n3OTqLQoSrVsiCFoV2thAgobEE33rABL/N4GYV0YSen9/VEkGyfdgKamiSVR0o9QzuKbXSD6543l0kUGEjupByNR+qFMjUNAysQqdMZCQtGTUIXp+fvw9bBpV47710ufWAukhEMYRSQiq1gW3exuL9gozFZ/tlf9C3avBzVz3i7F7nOz0rPXfz0OJw1JwLhCsWNrgGuzVqxcxMdL94foA/5elCYvtzrCrX2Dw1JcJiu134S3gQfH0Hf84I66ZRXRymqSq9HKgk5G08OCDDzJ48OB26Y/SQmda+aFt69n7+7J2ew5lKzObGp5kkC1PwtUaVyKASq9GnxxKyMgkAkZLf+u3Hi9usunXiHYqHTZERK5KHcq0kRPomdKdh0ZeQ7UgoooMxD4yhZCrB6DtFa2s0O7zZHACodcMwjooDnWokQCtnlmT7icpNpG3pj3EkKgUAE7bLdhEsVG/Oyw27DnS9bb0XRuvt81xuOZQuSYHscIu636Nw7ugCdQjCm66WwJogg3o0zrJavOn92aRm3lYGUwK2gVtcRE+A4TIPfjLL7/kuuukF/r1ReZaq5inWkd0chqRSQOoLM7i9KkDZO34Hltt0Xk5EFRqA0mDriY6OY3QmFTUmvbTDwoIjZN8TGJiIt988w39+/fHbPav0GbesQwsplp+eHd2uz4T0885mIYkoO8W7jWIWPDIIBTPRLjqfm0UKO8hA+HNlQgYUsKQGh7tKK7FUWtFZWyQxbt/8ETunPwncovySeszkPziAowGI7deeR23TrqeI9nHEASBGz9+muDhqdh6x1OTkYft4Pk571pFrC7qhDE1BrVRR4ndzIEXvmbf0QOMGzaGnNyTGPV6Bvfsz7Sxk1i+fhUX9U/jzn/9H/vLcuvbsFXIi7/SxAY1CmLH+/DwOnSseVXULDoqbz2KNGDsHOkkV3Vtu00CY2o05p2nwCHdGrVq/kfc/Ozrfn9xVKBALsFKAO6Re9IlS5aQkpJCfr70WlRyBEbbRDxUGkJjuhEa042UgZMwV5VQU1GAqeo05tpyRIed0yd2y5c2bm+IDiISByCo1OgMgQSExmMIjMAYEoNKfXbUr7V66QV7s7Oz6datG6tXr2bECP8msFaWFHNw0x9k7d4s7/56xWLNKJB1bNmSw8T8JR106kYkqgnhEj02O4mxW2eSgdDGyZNGsVXUogvQAgIi8NmelVw2ZDSTR1/B/J8XYbJaGD1gKB/99CWv3Pc0Rr2BLk9eRaCr3JImPICQ4alYe8VTeyERLQF06S5iFdCQaRuh0XPr24+x6d8/cLrsNP9a8AHvPfoPFqz4gQkjx3PDxOnMmvsG+8rzXLpVzgdoLZURfxWpRR1hrOcwdQrurSJbdpGyH+XXVQwYlIygUzvJldD0JGqjDsOwzpg2So/d/H3+h4yecRvJfZQwEAUdk2DdB8iS7n711VeZNGkSJSUlsgnPWbPyqDQYQ2IwepTpSU2/5txx6wv4pLSLL6GXoYW1fft2AIYPH86HH37Ifffd579JojfwxcxHZR2rTgwmZFBnKhCxZhRKPt6+q4SafYUEpsU3tkK5Wa38Z91qiL3RhOhR9w7FflCarIOlpBptfEOmaIndTHqfwby/aA63XHkdGrUGvU7HK/c9w8KVPzBhxGVc3/Uilh7f3shqoYkIIHiE06JlyizCujvv/AylUQno0hMxpsagchEr0YNE3z1yOoeOH6GwtIhPnn4Dg1bPs/c8TmlFGQtX/si4tFH8e+0Cl+XH+fCtudLjrwxjOiOoGtMpUXRmCZ6JcJkyirFuKpQ337qG12uoOYQGpXj3sS4KAoaUaMzbTyBapGtrLf/sXe559UMElQoFCvw2neXsh8D9ck42ceJEHnroIQRBICgoiIgI6cGspXkZHa8XRY+Al478I4odtP/k4/bbb+eWW27x2+Vt+uFLyvJy5L2J9+nkTC/vEd8gHioRFXP2Yq8weydGrkfqmSLv+T1ZsVvugfIqAX1/6TFR1uNFjeJ14o3BaLVazBYLhaeLqKiqYM32DdSaa1Ghoqy8jFE9h9TLO9Rv5K5fNBEBBKUnE3L9ILSD4zlvoFWhuziJ0BsGETigE6pAnVPewp04u+QWUhKTOV1RSmVVJRqVmkUrFiMicqowl8rqSlISkqgW7fXHihYb9mzpemf1+lce8Xnu1+QQwS46/637isNso2zhftldEdQ/qf4kTciV4CRXCKAyaDCM6CrrHFt++oqMresUBqCgwxGsiYAstbZZs2YRGOjMRtPr9SQlJUluY+9v71JRlKk8ufMENRUF7F/zPxmcrGHF1+v1vPDCC6g62NuoJiUcXaQzZlAdqMeYLi89XKy2U7k2p9XEqM7K4MBr7LrMQHnRueFKhKO4FnutBVGAW/uO5fu//pvQoGCmXzKJvJJC4qJiGZ02nPzThfRN7UVqUhcuvWg0b01/pH6TrdNxqrsYQYD/N+56Bo1NJ+TGQWjTzmGipVWhH5lM6A2DuHnadG4dcrkr2sB5r/X3LoBNgPl3vkK/1N6k9xlEQnQcxaWnufqyKeg0Wmpqa5k8+gqCAoNY/f/eoU94glP/Smb8VRO3sOf7mgfZEkWwAxUbTuLIlndOfVoi6hBjE7NsA9ESGogXYEgKRwiXJ1b885w3sVktyiKsoEMRrJvlnOill14iLS2t0WdTpkyR3I7dVMzmhY9RfGK38vTOcZQXHmPzd89RcWqH5GNHjx7dKEi1W7duvPvuux3q/gJ6JzbynxiToxDC5G0GNYuOYs2ran26fCutW1JkIHTxMuKwRLBVmgDYl3+UWQveYcOuLRSVFrP/2EGKy0rYum8HZouZzfu2kV9SyKR/3cdXaxc3IlRCvT9KoNxhY+zgkXQKi4VgvdOi9adBaAbGnlPjXzcqmdAbBxPQNx6LQc2IHmkM65mGRXQ446cEoeHeEdEA7y/7jHveegJRFPly5bdoNFp+Wb8Su93O178vxm6zsWjlj3z08zxKa51Zg3Ljr86of+XFumUvqqF6vjwvg2BUE+AuweARe1VnuXIPehe0aozpKbLOd2Dtrxzc9IeyECvwG6RKcgcC/8XpJmz9m5BWy8cff0x4eGPF5traWr788ksZi7aDvEOrCAhPJjgi6dwJMFdQv1oWn9jNjp9mYjcVy2rh3nvvbSLT0K1bNxYuXEhp6dkXq9T2iiGgS3SjDUKlUaEKCcByXN49W2vMBA6Oa1R0V7I+kdDUqtWsTJVHw4JOQ/X+PMQSq7SnHROINjqIPFMFOVWn2ZWxk9suv47Rg4ezdf8ONu7fxtQxE+mR0p1XP3+TTfmHOFVb5iTQgoCIyPNj78BUWcEtaRP58K7n6dO1F1ddfDmTel5MZtYRbhk6ia5durBt9cZzIjZLOziO5+59mO4R8fSN7MxHd7/EuKFj6Nm1B9P7X4K1pJwEYxiTewxnU26Gi3DBiZoSTlWXEoORR/70V1RqFV8v/5bk+CT+NH46h7OOctcXL3Ow9BSVdqd1pnb3CcRyaZm2hsuTMfaW6BJ2iJQuOYz9iLzySwGjUtFFBtVbLRu7BIWmg9Q1jtXBeiwFZYhVVsnnLDiRxbBJ11JbVcHqrz6SfMnAOGAyMA0YDowHegNDgUSgOxABhLv2T41r31VMZxcApEaMDwUk6yQ899xzdOnSpcnnbdUx2rv8Vazm/0dS3/EIghKseG5AJP/YRvb8PJu27IT9+jXVJwsPD+fZZ5/lrrvuOut3Gdi9QXqivlwJAvq4EEypEdiOSU/ysG4soHpEEQH9YpoW2PUwLLRodXD/1SMzsaVAedQChsFx1Bw9Ju26s4oResc5LWoCZFQV8uycV3nt7mdJjIknNTGFjOOHyc7N4dN9K71wQoH8skI+/r/XCTAG8NqXb3P3pJtZsWU1qZ26svDZjziUfZQn5r6Mpl80tt3Sg6s1lySiCjU0DlMUxabWGvfPRbCuygar9CBrXZdIDuUd46U7niIxJoEvf17A8dwcdBoNh09m8tpfXqCwtIhZn7/R9NEJ8MTPHzCw5wDUgsAD195FUdlpistLmP7+/2HF4bTuiC79KznxV12kly8yZ5dh+fWErPmiSgzG0CmiabwVTa1W9f3h+l2lVmFM60z10oOSz5u1ezO7//iFTj36yjJCAmOlUFCcXlQHYAY2AnOBBSjqpwrBkjiYXJuLwPXXX+/1bzExMTzzzDPMni1fXyjj97ex1JSRmn6NT2vkKfADtRIdnDywioOr32xTOyNGjGDAgAFe/3bFFVec9fvU9YtHHWRwI1duQSOCQGC/TpRnlshaUsu/PYi+SzhCgLY+i8ubFQo5hKsVMhCGlHBqJF6zI7cKu9mKSq+tP+GEAaN5Z9H/+Gj3z4hAlDaA1294ArNoRy+om5R7WZe5k+eCwzBZzFw7ZgqhwSEM6jGAXl16UFZZjtliYktpNrrkCHkEq0cUhv6xjcmUKLrlr4hublfn746yWqzLj0s+lxCpQxsZwJKTu5it0VJaUcblQy+lvLqSIEMAXRKTqaiuRKvWsjBzo9NV6PHMKhxWqqqruPZ/T+JwmUT+PeUhbuo3jjm7l7uep4Ct2iRvY4gLajIWWhxGVgdlC9oQ2D7IVW+wFeTKUxNLBHRxIZi6hGI/Lp1Mfvf2K9zx0tvtsTSoaAjL0QMTXD8PAlOBMhScV5Bq9hkj9QQTJ06ke/fuzf79tttua/NNZG75nANr52C3mZUn2kHhsNvI2rWkzeQK4IEHHkCv9+6l7tSpE4888sjZu1EBAro5N2pB5UmunD+aMCP6tER5JDWrhuptuY0Ci0UvmVye1q1WuRI9AuXrYrfcjTdy47DsFSZXPJHT3fPISV88QAAAIABJREFUT2/z8e5fEBBQIVBiq+XP815Gp1I3ZBAKDQWLpw+6jOzcHO5/83F6p/bCbLVwUb80DhzP4M9vPUrfrr2psFWjjQkGo/QXLeu2U85zqQTXj9NiJ6gFBI2AoFEhaATQ1P1fwJIlzxWtG5AAahW9wuIIDwkj/eXrsVgtpMQnERYSSqAhkBEv3oBOp2NgZGdX/FkDmRAFCNfoue6TpxAEAbXrj48teZc5e35tFL9lk1N/0KBGExFQP7YcovdkCXdU78zDcbhSVn9o+8eiiQxyI/pC43groSm5EjzZv0rAOECeuntx9hF+nvPW2VweRwG/uixiCi5QgqUGekg9we23395idlfPnj15/fW213c7tXcxu1e8g9VcrTzVDga71czhzV9xZP1HbW7rkksuYdq0aS1+Z/z48WftXg2Dk9AE6Jzkiqbkqu7/AT3iEPTyLK5Vnx7AVlzbJJurjnDZW9gUJcVueSFbqlADqq7S61JaT1c1vh530iC4bZxuQd11P531IXSO6USn2EQ+fuw/BOqNlJSXUltbw7B+6Xz80L/QabVMShxEkEGPpq/0JGf7zmIcpbWoBCcxbiBazh/cCZfauZ5Z12XJI1hJ4URrjYzsMgitRsv2FxbSLakr1TXVnC4vJSE6jo0vLcCoMzCkUy+itUYaAv5Fr4TL84HW9Z4c/Svd+CRQN9W/qiNbnskS9koLVV8fkDdh1IKz3mD9WGicJSh6ugTdSRdufQFoY4LQ9ImSdRn71/xytpfJi4BHUHDBEqxgQHI+dJ8+Z64F/ec//5mLL764zTdTfOx3di1/A1PVaeXJdhDYLLXs+/1DcnZ845P23njjjXqpj+bgLT6rXYxXOjUBXaOdb+DuIkYeG6AoCAgGLcZRXWWfq/zXo40KNTdHthxuPz6xbqkF9DJkEazZp70SqgZS1XATYl29RMEpNPnKdY8SHRGFTqfjxbn/ZM3ODXTtlEJwYDAPvPcMGVmHKSwp4pnpD3JDz0vRJ8mrV2rNKQOV63pUuJEtULkTLjXY8isRT0qXItD0i0IdoOOh0TcxceAlmMwmlm/6jXe++x9R4VF0ik3gs5+/4fvfl6DRaJg2bAKPjL2lvs9EjwfekGHZlGyJVjv2I9KtbPqu4bRosxIbj62KP7IQy22y+tw4LNmpVN/KeKvG5EpwjRShnpwZ+yacy8vlQ4AWBecNpCQgDQR2SSY9xcVERkae8XsZGRlcdtll5ObmtvmmguMGMGD8gwSGJShP+CzCUlvOrl/fouzEFp+0t3DhQq699tozfq+mpoaBAwdy9OjRdr1f47AUp3vQ02qFu7WmYacQHQ7KVx7EcVKeayXi7xefORhZaMqTzlTyBFp2B9UeKKL0X9skX2/o7UNQGbRNziACt/Uex/8OrkTnJVnFgQiCwG8P/RedWkNyQmf+9fW7XD3iSox6AymJycyc+zof7XEW4hatDsrm7QCTtCLD6n7hhD8wtH6HFz07w+2zyh8ysK6QXqYlcGovdAmh9Z3/2oS/cM3YqyguL2HP0f3YbFaG9bsIrUbD1gM7+POCVxBF789KhcAdvS9j7oGVXh+4tbiKqm/3Sb7GqNlj0EQHeCm31PQqrKcqKHlhvby3+ygDYRP6IWjV9fOiuXirxiVz6shVw2WJNFg+qzZnYd1VcK4um9OAH5Xd48KzYElmK927d28VuQLo1asX33zzDRpN20vhVObvYct3zyuCpGcRtRWFbPlxps/I1RdffME111zTqu8GBATQt2/fdr1fIUiLMSXau0vQG7kCUKsIGJIs34q18ACizdE6y1MLrkRv1q2WXInaWHl1Ce0VtW5WqgaLS5lo496pt1Fjq210AXUim3VB3vd98ixqtZrgwGBuvfx6kuI70Te1N+8u/JiPdi8DUUAQBVQaNdo+MtyE+0qxF1aDxQ4WO4LrB4sd0WJDtNjAYsNxugbr6hwZY0SDLjoEQWy4ucd+eZ+V29bQo3Mq6b0HM6xfOl0SOrPv2EHuXDirIdNTaFpfMsoQxHWXTW9sFXR74LLir6K1qCNcCRruGmlNBpNz4FQsOyJ7/AYMSQGtpmFe4BFv1YJLsP5e3aygdePK0DtOnsJjx8D9KDhvIIXNSF5VvUkztIRRo0axefNmJk+eLKsQdKM3q5p8Ni/6G0OueoGIxL7Kk25HVJ7OYecvr2Mq9Q3B/fHHH5kyZUojYdEzYcCAASxevLjd7jlgSDKCVuXVelUf6O6+cbi+o40ORDsoDusu6ePdfqiCmh15BA5tZcC8B4ty78469ffmrFvu/9eEG1ClBODIkpZPaD1djSY2mCqHnf83cBLv7VnGzNG3MfGiy+ie1JXdT33Nsk0reHr9FzwxaBqf71mOyVXyBRF2VhZgtdt4/N3nMIk2LFYL1wy7EqPW4CQtbvdo6ByBdUee5D4tnbWhPput2W60iWCTngKqG5DgjN+qE3UVQIsKvVrLh9/NZWfOQVQqFT1iU+iRlIrgVmVZBPqHJtIvNpX5R9byxpUPcungkcRFxfLLA+8xb9W3LDz0Bzf3v4L/7lqGRhCwnpTuHtQNTUTQqJoybi/FxGv3F2LbLLPeYGoEurjQtrkEEdzi9RraUIca0A7rhHXjyXNx+bwcSAayUXBBESzJuPTSSyUfk5aWxpo1a7j11lvZvHlzm84v2mvY9v1TDJr8IjEpQxRB0nZAad5Bdi79JzZTUZvbioyMZPny5QwZMkTysfHx7Vc+RRVhwJAQ3tQlCIiqxjoKYpPvCBj7xssiWACVXx/A0CsKdYhexgRpzKAEL2QLL4RLUAno+8dSmyVNosCaU4qxTxw2HNxwyVXcPelmggOCmL/yW7p27sLy7b9z25U3cv1l0yk4Xcj8Pb+icnPPGVAxZ9l8Pj+42pU5B9mFp4gKCG2w0LmscdqwQIQANWKNNDchFoffBIkMnSLqiYooNPT/6h1r+erIWmwO57WqMtZxTdeLXaRRrB8qKhEevvpuntI9SLWpht92rGXqqInsPLKHF+94kvtL7mDn4b0Iu5chWuzYM2XoX6WGt0o+RKy2UrnogOy+CBiUBCqhVRIMjV2CQhOXYKOXFtfvhh4xWLeekkWEO8CefDfwnLKbnPvwqyG1qqpK1nHdu3dn4cKFXHXVVT65jl1LX+TkwVWIokN54n5EUfYOtn77hE/IVZ8+fdiwYYMsctXeCEhLBo2qqUtQ1dglKHoLeleBOkiHflwXWecWy22Ur85ylsJpRTp9i2TL7aeRtcKLDIQhVboQpSOrAofZRqhay4I1P5IUm4jRYMSoM2DQ6gnUBxBoDCAxKo5lm1ZSY7fXu/0EUcCImnkHfkftFvG9ozSHFSf3Ot1YrvQ2QQRBrULbPabDjBEhVIdKraIull9wuH5E+PLg79js9gbPm83OwiPrXe65Bv/g3rJcDmQeIjo8isjQcKICw9CqNWjUWtQaNQnR8by36ktUguAsT2SXPhI0ccHNFw13X9u3nkI8JU9jS39REpoQY+slGDziraCxS1D0YvlSB2jRD+98ri6ld/jb+KHgPCBYGzZskH1sUlISn3zyCXfccYdPruXAqjfI3PGDQrL8AVEk9/Badv70vE+aGzt2LL/88gs9evSQ3cb+/fvb5dbVicHoXa4Od5dgo3grbwFN9b87C/rqu0YhxBhkXYP5p0ysJyrqyVBrtYtaTbhoGruljpMXh1VXl3BC2liWrP2FXzb+xkPX3kNlTRX3X30HP/y+jB9WL2VC+qUNpMlDjKs+LsjRQKrqJSVMNsw5JZSvysCyO6/jTJFyC6Vf7aBiwzEseeWIFnujfnYnXIIn2XV9Xmq3kt5nMLO/eINjJ44zfdxU1Go1d069iXcWfETG8cPcPtQpYWI7LSP+KliNOlTfaAh4KxpuK66h5utD8ohmsJaAHrFerU4tSTA0mjNu5MrdMlzvVnT1obFbNILhnBSf7gRMUjaWC4tgSa7tkZGR0aaLi4qK4u233+bxxx/3yc0e2ziHjHWf4bApZaB8x60cZO/9mX2/vuaT9m6++WYWLFhAUlJSm9o5fvx4u9x/wIAkVz5/A7ny1HjyTq5ccgSu76i0KgKGpcgmQxU/HwG7w5P3Nkqn96V1SxNhRIiQnlHuKK5GEAViwqPon9qHcUNGIYoiy9b/ikoQmHjxOPp370tIcChqV0ZhS4QK0Zk1aMmvoGLrcUrmbaNqxWFsxzumKLb1YBGVyw5SOm8bVbtPYi2qcrqxPCQ36khV3ed11XkiQyO4avgE+qb2ptpUy6ZdW1AJKm4YP4OosAiiI6NxiGDLkR5/pRka36w2W92lOEQo//WYbNebcWgKgk7jPd5KaEmCoYFY1b2UNIlpxOlGFVwfqrQaDCNSztWlVQl2Pw8gJSipNyDZ6Z6fn09sbNuq3FssFl599VVefPFFn9x0XK8J9BlzFxpdgDIC2gCH3crRrQvJ2jbfJ+09+uijPPfcc4SFhbWpnYqKCnr27NnmRIkzWq9Swggb09NrlqD7W3mdm8PTalX3nXqrhQMq1x7DliGvGHTII2kY+8W0anp7K7EjFaXfZ2BaIpHI9o5i1+LfiQ6LRBRFvvhlAXdOvonIsHDKqyp4/7u53D31FmpMtRSVneb2D57itLt4cN2+7hCxltZgPlWKZW8eotl+zs4jIVKPvmc8hoQw1MEGL3WKYHLKEP4y/c8kxyZSVFrMD+t+5unbHkGFwP7MDNbu2sgdU2/iRMEpcgvyueziMZLZdNBfBhJwBo0zc2Yp5a/Ki41VdQom7LI+9SKmciQYWgqGbyCkQv3vos1B2Q+7EEvPuZdqO85g93KchaI748zk7wREASE4i0lrXL9HNNNOlqtXcoBc4CSwFzgKVKHAr5Di5811PXRJNtcTJ060mWDpdDr+/ve/ExkZyUMPPdTmm87PWI6ltoL+4/6KPjBcGQVyZr/VzIG1c8g7sNQn7b300ks88cQTGI3GNrdVUFDgd3IFEDgwqXkJhkZWq6bkqr5QrSuIpM4yE9gvkXKZBKvy6/0YnglHZdS6Nh+x2fcpt3rF9YRLKtnSp4ZjQhrBEg4WM+jlG7g+dTifPPUmYUGhBAcG8dCbz/CfB1+mc0wiAQYjf33zKVbkHsAgqOutWAC2KhOWvHJMh/JxFNWeF3NJPG3GtCELE6BOCsHQLQZdbAhqo65+LC09vp3v/r2F+wdP4tk7/o+01P4UlRTzwfdzeeLmBzmUfZTqmmqu+ud9HDmVI8tUqY0PbpL40Og6rXYqvzsof76kpzSQq2azBN0lGNxV3VsgV6KbccuNXCGCoFKh7RqNZfupc21YqIE9QABgaEM7/ZvjykAGsAZYAawClDIofniIrTYkAX8GJJkX0tLSSE9Pb/OFqlQq0tPT6du3L4sWLWpze7XlJyktzCIisS9afZAyEqQMBFMFe1e9T+HhFT5p7z//+Q+PPfZYs/UFpeL3339nwYIFfu0Dbe9oAlJjXC5BoVUuwbpNQRQassJwCI1cYGqdFodWwJZbIf2iquwQqUefEoYnxxNaIRrpZgBolXVLEARqfpOeTR7cNZYcexmUVnPvjNuxWC0YtQYSomLp360PMz/5F4uPbEGLyrkB11ox55VTuT2L2g3ZWHPKEGts5+XcEivMWLNKMO3Lw2oyIahVqPQaVGoVGlRsyz9KvDqIGyZMp7yqggCdke5JXYmLjOXZj2ezsygL8muwSayTKERoCJrUvb4MEF6GS832PCy/npA3XwbEYUyNOQO5Et1eRgR31tQk3oom5KouGaLhc+wi1ftysWzznVyDKtmIpl8kjhPtwkWM+C/YXQPEAcOAP+EsON3dZenKR0G7EyxwFnvuLdWacMcdd6BWtz3YUBAE+vTpw+jRo/n888/b3J65Mp/8zJ1EdR6AzhiqjIZWwFRVzJ6V71KStd4n7X3++efce++9PhkfAHa7nRdffJEDBw74tR+CL+mOYNA21bdqLt7KjYA1CDgKTbPfHKALCaD2WCHYpCdkWPcWYxiegCpA622PbGRUa4lseRIur0riBi3Vq4+DRZq5RBUdiC4yiIMFx7k67TKWrlmOWq1h877tRISG887Pn1NSXYmlsJLq/aeo/uMYlszTiOUXVjF3R3ENlmPF1B7Mx+6wI2hUaAxa1BY7vTp144/t60GALXu3ExYSxv0/vIVBpaJm3ykcp6VZ97QjEjAOimt+XlWYKX97K1hlmMY0gnO+aDVekzxaJcHgEW9V94IieFqtXOTKYbJRuSkT6x7fcQXNsGii7h2C3WLHuqv4fBtuemAwcB8wFNiKjLhrBW0jWCmApEq6ubm5TJ8+3We6RIIg0LVrV6ZMmcK8efOwWq1t25AtFZw6tJ7whN4Yg6OVEdECqsvy2LHsn1Tm7fZJez/99BPXXXedJAHRM+Hw4cM88MADfu0H3aAEDClR9St9E5egmwRDPbnCnVw537ZxC2R2zyATBAFVsAFLtrz1zeqwYewX26Lsm0+sWyoBq9mK7bC0gHJRI2BIjiLaEEx1aRn/+uMrlu1bx++HtqMvtXBw024yl23DcqgIR3GNMvEcIvb8SsyHizAdLaBXSg/2ZWXw7pbvWbZvPcsPbSVRG8KvmTsx2KB63XFnNLoUU8mELmjjgpsl05UrMrHvkzceDaO6NBIV9ZRgcB92rYq3as4l6PqbrayWitUZ2HMqfPYIjDNSCb+2D6pALeasMqy7i8/X0Sa4LFn3AlZgIyAqk7B9CJYFuEfyhqTTceWVV/p0I01ISGD69Ols2LChzfE2ot1E7sEVhMT2IjAsjraF/p6fKC88xtbFL2Eu943A8KZNmxg3bpzPr/PTTz9lxYoVfu2L4Eu7I2jVrZZgqPuOqo5ceVisGlyEYv3n2kAD5rJKHBXSrTaOrEo0vcNRRwa0FFLTduuWAKLFjnmzNDkEsdREQN94Ku1mduQewVZRS21WMVXrj/DHjyvJzzwpS8PpgoDVwYEde9n+xybMReUgCGh0GjacOkCAoMZWUYv5gPQ6fIFTu6MK0jUh0wLOeoNVH+2Rb/lJiUAbHuC0VLlZrRoNNi8lb6S4BOsu2pJXTuWyA4gVVp91edA9/Qm5NAWVS+HelH1eE6z6x+YypowClgK1yuTzP8EqdDFbSUFLW7ZsYcaMGW0OdvdEdHQ0kyZNIiMjwyeFffMPr8YYmkRwZGdF9d0NJaf2s/Xbx3BY2x530L17d/744w/S0tJ8fp3Z2dlMnjzZr31huLgzuoSwVkgw0MglqHJ3CTYhViCIYqPPVQhog4zUHpMn2motrsSYntgopsZdpkEe2Wr6gSAI1MqIw9LEBmMtqaZq63Fqt+RgO1mOaLIrk00KUa20YM0uxXQgH0tFNYJGjbWkGttJaQruQriGwGbir0S7g/J5exAL5O+vtuxSbLVmNDHBCFqVVwmGM7kEobEEg6fVCodIzaECalYdlWy9a7ZfAlSEPTGsPjPXeUoBy4VBsOrQFbgOZwHqMmXW+ZdgOYBegOTd0WKxMGXKFFQq32qbhoaGcsUVV5Cfn8+ePXva3F5h5npUumDC4rr71OJ2ji7hFGRuZedPvqnaMHLkSBYtWkSvXr18f6WiyD//+U/WrVvnt94QdCqCRqYiaNTeJRjcXYKCF5ege7yVO8ESRY//O2eaRq/DZrdjOy09m1o8bUHoFIguMaR5C1QrrFvCGaxbKoOWmhWZki1OlszTWLNKECsVTTpfwFFqwpJ5WjK5AtCOTMAw0Hv8lelAEeYf215T1FFcg+VoIaqYINTBerzFW7UkwaDyIsFQN5BFi52qrVk+zRRU9Q8n4qGhzsxKN2se4CRYe4ovpOEVDswAflBIlsQ9Q8Yxo3GmdkrGkiVL/GZhKC8v58knn+Sjjz7ySXud026gx7AbUam1F+jQEMnZt4KM39/2SWvXX389b775pt9qBG7dupWhQ4f613o1pgvG7rGNmUej31uWYKgjTu7ECg/17kbuQ1HAXmuh4OediHLeyvUqIl8ZgzrMIGlBaO2iUHefpYsOYPkl55wb4ePGjePuu+9m2LBhBAcHy26ntLSU1atX8/777/vkJa+9EXjvAAKGJDQi3wCOWhuls9YgFvmWBGsvSiSgXwIqnbr+jHIkGBDBUWWmYu0RHLm+k3TSjk8iZEpPBKPGs2woAJVrsqj9MoMLEEeAi1GC3/1KsMApONpb6kFdunRh7dq1JCYm+uVmzGYzM2fOZNasWT5pL77PJHqPuuOCEyR12C0c37WEYxvn+KS9v/zlL8ycOZPIyEi/XG9ZWRlXXnklmzZt8t9ECdIQOmNwfeyVc6X3rm9V/2eH0CSIHQ+XoDfiVf+ZKxC+ZG8WtUflxRnqp3YhdGpPWTNeaOUhNbvyqXhv1zkxtvv27ctdd93FhAkT6N69O1qt1qfrz549e/j11195/vnncTjOjbJcYc+PRJsQ3ORhV/6WiWnBYf/Mp2gDQZd2RxMR0DTeiqbkqs4CDA3zw1JUSdXqQ4iVvpPsMN7Sm4CLkxBcel2C4GG+AirXZmG6MAkWOOOxpqIEvrcKcnPjRUCyKaqsrIyysjImTJiARuN7eQ+NRsOYMWMIDw9n+fLlbW6vqugIBVm70QeGodUHotEaOT8D4J1BEFZzFaW5B9j/x/98JiD6+OOPM3v2bEJD/SODYbPZmDlzJl9//bVfeyhgTCqayMC6ND837aszSzC4u/7qyZXn542+62xMtNgoO3SS2iPya+rZD5ehS4tBHaKX/YrVGldi7eqObcF65plneO2113juuecYM2YM0dHRPpMGcV9/EhMTGTNmDA8//DBXXHEFoaGhbNmypeN2jF5F0LSeCJrGoRu2omqq3t/lv220xoblQCFikBZNeACCSmhBgqExucIBpswiqpcfAouPSKxGIOjhdIwD40El1Gt01Xsj3WpyWrLLse29oFyE7ugBnAJ2KPTJfxasIJwS/LJMEm+99RYPPfSQ32KcHA4H8+fP59Zbb/Vpu+GdhxESlYIhOOa8GgSW2jIqio5TkrURUfRdoPHMmTN58skn0el0frv2efPmccstt/h3kkTqCZ06EEEreLVa1b15uxOr5iQYcIgtugTrfjeXVXN662EclW3XflIPiiDyvovqVbR9sRq4W7dEm4OCv6zocC+1d911FzfddBODBw8mPPzsVGwQRZGCggI+++wz/va3v3W4ua8Zk0D4TQOaMOqyBXuxrm4f9XNVtzACLk5GHWxoUYIBB2BzULXnJJadub6b392CCb5pIJrYwIYxXfc3L2bcqrXZmOdfsBYscLoIu6O4Cs88v+Qad4D/ALJ8cQ8//DCdO3fm6quv9s+EVam4+eabCQ8PZ8qUKT5rtzRnM6U5m5VR0wr897//5Z577vF5UoM7Vq1a5XdyBRBwcZdmyZW3eCuv5MlNgsG7S1CoL1xckV1A5e5sn12/fVcJNfsLMQ6IbZlHia0nXO4GBUGjQjchCcvys2/FuuKKK7jrrrsYNWoU8fHxZz1RRRAE4uLiOuw81faIwuFBmM3HStqNXAE4jpZRlV2B8bKuGJKd7+xNrFYiOGotVG4+jv1Yqc/OrR4ZT9DUXqgCdYiujhBxi7kSGyxYSmJ5PSKAx4Bnla7wjwULQAdk4iw4KQsrV67ksssu8+sNbtq0ieHDhytPuh3x3XffcfXVV/t1c9uwYQMTJ06ksrLSv2/XScGEXtEHVIJ3CQbqiJTQhDw1ibfyGmcFgsO5qtuqTJTsO441t9z3Ez1eT/hTo1EZNQ0TX0r9wTN8sWZXPlVnKQ4rNTWVJ598ktGjR9OjRw+fu/7a/GJWWkpcXBwWS8fLmAxxj7/CmZFX9tZGHMfOTh1gTb9ogtI6o9JrXUTLWTfTXlpDxe+HEEt8p+avm9Ed48hkBK2q8TD3ED/1nC9V67Ixf9X+FqyLB6YyOr03kWHB6HRauifHIQgCBn3zHgKL1UpltYmc3CKOZucz/8e1VNb6ZByW4Sw8rdQv9IMFC5yio48BsoNfxo8f73eSdfHFF7Nnzx7+9Kc/sX//fuWJ+xmrV6/mkksu8Tu5mjBhAlVV/t8EAtI6O11rzboEaSrB0CioXWxs1WpCtARwiFSfOk3Z1mMNVZh9DDHPTPXGHILHdW2wQIkeulhCK61bXr6kjW/fep5hYWE8/vjjTJo0id69e2MwGDrsnFi3bl2HJFcAmqjGCTy1O/POGrkCsO0rojyzhMDxPdFFOyVGbKU1VC7b7zudNLWA4fb+6PvFOseyvUFqRfQY7EJ9qemGadAejvBXH7uRYQN7EBMZSlCgkejwEFSqtq+p/3zqNrJOFrJx1yFmvruQU4WyX+bCcMZhL0BB8y/obTz+G5yVuGVj/Pjx/PLLL369yf79+/P999/73Vp2ISMlJYWtW7dy6aWX+p1cXXHFFe1CrtTdwtHGBDVxCYqNVNldJW8c1P9bZ7XCITZ1GXqQK3utheJdxyjbctRv5KoO5m8OYyuqbpY/uS4ZUTzDJuKRKg+giQxAMKj8/kzqXsqysrJ49tlnGTx4cIcmV6Io+j0BQza5uiTRmRXreob2chO1X579l1Cxxk7Vjweo2nUCW4lvyZUQpyfw4aHo+8Q4B7tDRHSA6BAR7a4J4GgY26Io1v/gcvO3B8Pq2SWR4YN7kto5jtjIUJ+QKwCdVkOPLgncPn0sW7//Fy88cE1bmpum7Hz+JVgAdwFtKvp05ZVX8tlnn2G3+0/JuXv37nzxxRdcf/31ylP3MdLT01m6dCnp6el+O4fD4WDx4sWMHDmS6ur2sUobB3dyzZDGEgyqOgkGd9FQh4t0OZzxVk2U2h0eFi+HgKmonIKVuzEfb7+MpOoVx5zXdyb+JNbvP2feT0RnHJZ2TCe/X39paSmjRo3yW1aqr3H48GHmz58vfWEeHEnIS6Mw3N4XoWugX65N290tR8kBNWuy5RVz9hMs209R/v0en5Er1cBIAu+6CHVMEKJddGo8UXAcAAAgAElEQVTL2XG9CNWRLbGebDn/3kC4RMBhsWM7etrv956dW+T3c4SHBPLkvdN59/k75TYxStn9zvCS7oM2KoB8oE0R6z/88AMajYb09HS/ZZ0FBwczfvx4ioqK2Llzp/L0fYBp06bx6aef0q1bN/8ttBYL//3vf7n99tvb7+1+QAzGHjGSJBjwUvKmaSahgMNqoyzjJBXbj7d7zT1HdiWa3pFoIowNShOcORar0Yt7M65E0e7AsiXfr9efl5fHlClT6NSp0zkxPxYuXMjSpdIlT4wzeqHrEo62UwjGYZ3QDImDCB2O/Eow+UaaIHByKqpgp3yH9VQ5NZ/sPW/XKc1lnQmY0BOVUesKpXRJMbgGtSg2uAMBtxqHQsNLhAi167Kx/XbC79c7fGB3RqX39vt5BEFgYK8UKqtq2LLnmNTDQ4E3ATMK/EawAHYBKcCgtjSyevVqDh8+zIgRIwgJCfGPVcJo5IorrsBkMrFx40ZlBLQBN954Ix988AEJCQl+O0dBQQGPPvoos2fPbtd7CxzbDcEVEN6k5E0zEgxCixIMzoYsZdUUbzmE5UTpWXtu1tOVGIckNK49J4FseRKuOo+wOlBHzfocsPiXNMbGxvqlULivUVVVxeTJkzGbpe8/gTf0cbrvAFQC6mA9utQIDKM6o+kbhSNAjeO4fMeBemAEAZekuGKQHFR8sw8x//ys56u7thfGoUkN493dKivWjXnBSbbEhr8LCI3Mt5ZjpZg/39cu19wpLpyp4y5ql8xFlUogNTmO9+fJ0o78EihCgfe+9WFbD7iIVpuwaNEiRo0axa+//uo3JWSj0cjs2bP5z3/+o4wAmW89999/Px9//DHR0dF+OYcoimzcuJFLL72UOXPmtOv9aYcmoA4zeIm3oiGGyt3t53IveLdYOY8V7SKVx/Mp+m0v9pKzu5E5DlVQszPPO2MS3Ted1lm26lyJQpCOoDsG+P36Z82aRVFRx1/Td+zYQXm59CBi3dSuqI3eFeYFvQZdtwhCrulD2GtjCfjrINQXSdflC5zaCwSnJdZ0sBjHrtPn30IVqMZw92B0feOcrm6X+8/dJYhDxOEWf+UUAXa6+OvchKJdxF5iwvRV+5VBWrvtYF0BoXYidJF0jo+Qc2gkCtqFYNXglNAvaGtD2dnZTJgwgeeff57iYv/Ep+h0Oh555BF++uknAgMDlZEgAV988QVvvvkmQUH+yRwrKyvjtddeY8SIEWRktH86tKFnbEO8lQOv8VaCe7yV++cOj7I4ooCtykTRpkNU7MjqMM+w5rP92MrNzS/hzZCtFmO3RDD0iyHgz/3OeH5NejTBfx2E4YYesq5/zZo1HX6eyA1u1/WLdVpQ3FX+vS3ewToM/WIJvWMwoTPHYLitD6rUluekEKgm6LGL0CQEIwK2Gis1X55/rkGhRygBd6WjjQ+pTzhxkiVweAS1O1+cXN+xi/V/rydiFjs1SzMQS6yyrqVfv36Sj8nOLcFqtbdbf50urSQnT5ZuqB0FzY9DP7Q5ANgA+IS1JCcnM3fuXEaPHu2X8joAJ06c4IMPPuDVV19VRkQLuO+++3j88cf9Fm9VZ7V67LHH/FpXsMXNbXRnjP3im5dgaBRbdQYJBgfU5JVSuvmIcwHvYNBN6ULwlJ6NFgNB4orR3F3Z8quo2XISy8/Z9feuSg3CeGkK+m4RaCKd8gC24hpKnpFOliZOnMiPP/7o01qCvsTx48fp1q2bZCu80DWI0EdG1Kvue9YUr+/35h6UQ8SaV4XlSDGWFccRS52kQIjUohvXBWNaPKrQhqzL6tXHMS88fF6tU+qhcRjHdEFwaWmJgltNwbq+89AlEdx0hOuDE13fNW3Iwbr0mOzrWb16NWPHjpV83NGV75AYG+H3/lq37SCPzp7L3iOyxGVTgGwUtBvBArgM+Akw+qrBe++9lyeffJLU1FS/be6HDh1i8eLFvPbaa5SWliqjA6c79ZFHHuH6669nwIABflNmz87O5t133+X1118/i4xDRfBNg9AYtPWq7N6Ik/ONmBbjrRxmG6X7czBldmxXVsizw9EmhTa7MLSVcIl2B2K1FdQqVIHahkPcAuVLPtuFbb304Pi9e/fKsg60B+bPn8/NN98s+TjDnf0wpCe22N1NiLDQPNF1VJhBEFAFaZtIkduLayh/fu15tV5pJ3bFMCAeVCov7NSt3qHbIBQ9BqXg9h1rdhm1n8iPfLnxxhuZO3cuffv2JTMzU9KxB37+D106xfqtr6prTHwwfznPvSVbysrkyz1eIVhnmWQBvPHGG9x0003ExPivHmBFRQW7du1izZo1/Pjjj2zduvWCGhR9+vThqquu4tJLL2XQoEHExvpvkpeVlfHtt99y9913n/X7NozvirFbtNMl6E2V3S2QvUHXykm2RJMVh82BaLFhr7ZQvicLR421wz9rdVoUYX9OA43qjAuFr6xbnjBnFFP5xjbJ1/7vf/+bRx99tMP1qdlsZsSIEezYIb0ebuisS1GF6s9InGRZtzwsXRXf7MO2Nve8WbfU/SLRp3dC0GkQdGoEo9bl5/dOturL4jRDthwVJmo+3Q6l8ufxgQMH6NWrF3fffbfkWNIVc//ul0xCURTZtOsw//jwO35d36ag/Y3ACIVGnR2C5TeSFR8fz+zZs5k6dSqRkf6NsbPb7ZSWlpKbm0ttrTM4OScnx6+aXe2NpKQkNBoNOp2OhIQEwsPD/VqguY5YLVu2jOeee07ym51fJkKYltAZA1FpNM5V1uYKgjXbEc02RJsDR5UZh82OvdqMo8aKw2TBXlh1ThCplhB4/yAMA+NavSr4yrpV/7nJxuknVoHFIWscdTRNrK1btzJ06FDJx2ku70zwtOY3VLEVz6W11i3L0dNU/Wcb5zuEcB1Ccggqow4hWI8QqEOlUzt/16qdpaO0agSVyq1ig4Boc1Dz434c++XXM/7iiy/qa6W+8MILvPzyy5KOX/LhU1w2wrdJIzl5xbz96RLem7/CF809DfxDoVEtzGk/t/8bMB74ER9mG+Tl5XHnnXeSkJDArFmz/Eq01Go1UVFRREVF1X82bNgwZeS0kVi98MILHD16tMNclyoygNpDhTjKTThMVhx5lYjVtgvimdQs2I+uWwSqQF1TJuRlUxc9/m3WuuXRjtDcnwwa9FelYl50RPK1b9iwgSuvvLJD9ecPP/wg6zh9v5YtxYLYMnESvTwTzwB5UQDRbKd60YVRNkwstSCWFnMm6i7EGBDigxCMWlSRAThKatpErh5++GFuuOGG+v8nJkov2XuqoMQ3fSCKHD9ZyOIVW3jmDZ9VFRBxVnJRcBYJFjgD3kcDS4Euvmw4NzeXO++8k6SkJP72t78xdepUkpKSlKfaAVFQUMAvv/zCrFmzOHLkSIe7PvuxcuzHyi/IZyOWWKnZcpKgsV2asirRi5nkDBu71695tOOp72PsFyOLYC1atIiJEyf6tTyTFBQWFvKPf0h/qRdi9Wg7S7DEiS27BUUvPLmOcNXuyEXMqUWBW38VmhALTc61oI1tDR8+nGeffbZRAoacMIuScu/lwExmKwePnQREThWUkBgbgVqlJsCoJyq8oXB3fnEZmTn5rNq411cWK899/bgycs4+wQI4CFwELATG+rrxEydO8MADD/DAAw/w9NNPM336dAYPHuy3rEMFrYPD4SAjI4OFCxfy0ksvOet5KeiQMC84jLFPDJqYQEShBROWBOtWi65Ej3a0sUGo+4Vj3yctuWTOnDk8/fTTfq0kIAUbN26Upd+nG9e1QVhUBlpr3XKUmaj97pAy4P2Id955p4k+YHBwsOR2jmblef3coNfSOSGKn1Zt48GX52C3O87GbZqUJ31mqNrxXKeBicAb+LFc5quvvsrQoUOZPHkyixYt4tSpU8pTPgtv8UuXLmX69On07duXF198USFX5wCqfjuGw1V8sD7I31tlZ89du5kCuPWbOo3q53r/oiBgHJ0s67p/++23DtF/NpuNuXPnyjpW2zOqodB2W6eK6FHCye3zmjVZUK1IF/kLc+fOZciQIU0+j4+Pl9zW5t3NW3Qjw4K5Y8ZYjq58h8f/PPls3OponKVyFLT04nOWznsN8D8gzN8n0ul03H333Vx77bUMHjyYsLAw5an7ARUVFezZs4dly5bx1ltvUVNTo3TKOYig/0tH51YE2DPxSmzt8iEjUN5Raeb0E6slX3PPnj3ZsWMHAQEBZ7Xv9u7dy4AB0oOSVekxBN82uEmf1feRj1Zp68lyqv6xSRnkfsL999/P22+/7VWbLTMzU5bEUMXOz9FqWrZsOkSR3zft46GX/0fmyeL2vOWxwO/Kk29hbp+l834LDAT+8PeJLBYL77//PuPGjSM8PJwnnniCNWvWUFxcrFhVfECqNmzYwCuvvEJqaiqjR4/m1VdfVcjVOYyaxQcRzXZ3o0e9FUoUacG61dSKItW6pQrRo5ssPUzz0KFD7Nq166z33apVq2Qdpx/ayV3bsmkfuRJa22LdEm0OapYfUQa4nzBw4EBefvnlZoVv5dZrLSmrPPMmLgiMG96f3+e9zGuP34RBp26v2+6uPPnWvUieTYL3F+A1fKT8LvWNY8KECfTt25euXbuiVquVEdEC7HY7J06cYO/evaxatYo333xT6ZTzEIbb+xIwrFOrFw9fWresOeVUzJZehP2RRx7hjTfeOGt9Vl5eTnJysvTagwYVoTPHIhi8x4uKZ+r7Vq7gpr0F1H64SxncfsLWrVtJT09v9u9ms5nk5GQKCqRVkju0/C06J0RJ2tBPFpTw8x87+GbpOtbt8CupngX8XXn6HZdg1aErTpfh2LN1Aampqdx3330MGTKEHj16EBsb22HLcLQXbDYbhYWFHD58mJ07d/LDDz+cEzXgFLSVYakIfX406jCD5IWk7l9RkLDMuCct2hyUvrYW8YT0LLcTJ07QqVOns9JlK1eu5PLLL5d8nPbqbgRe1jrXkdia/vfS1Y5qKxWvr0Mssihj2w+YM2cOd955Z8vPThS5+eab+eqrryS1vfqLF7h4kLx6nQ6HyMn8YrJOFpJfXEatycLujCxM5sa6ff17dGbxyi38sU1y8sNM4HllBDSPjpJmlwmMA24E/g0ktPcFHDt2jCeffLL+/+np6UyYMIH09HR69uxJYmIiwcHBHSYd3NcQRZGqqipOnTpFZmYme/fuZcWKFR0mgFhBO8LkoGZNFsFX9Wr9+PH4111/qXFWohfC5fZnQaPCMD6V2rnSFabXr1/fSHuoPeeO3MLO+l7Rjf1+LawvQguEq77/xaZkq3bzCYVc+Ql//etf68VEW3yHEARZWlhmi3wRY5VKoHNCNJ0Tohtdh+c4Kiqp4OV3F8o5hZJBdo4QrDp8jVMv6+/AQ5zFOkfbtm1j27bGSsfTpk1j2LBh9OjRg65duxITE0NISIisFNyziZqaGsrLyykoKOD48eNkZ2ezceNGFixYoMwIBQBYf8nGOihemjaTx4bvTrbcCcKZZCD03SORo9L0/vvvM2PGjHa3PGdnZ/PJJ59I3wB7hKCJC2osIiaeQTCsmZ5rjmzZi6qxfKfEXvkD06ZNY9asWa0eb8nJ0rNkfSU26v4y4D5W7HYH/1uwgrIqWaoLJ5VRcG4RLIBK4CngPZwmyJuBDhEctXjxYhYvXtzos/DwcMaPH0/fvn3p0qULsbGxREVFERYWRlhYGFqtlpCQkPbtwMpKLBYLVVVVFBcXU1lZSU5ODjk5Oezdu5ft27dz7NgxZfQraBHVPx8m7M9DEDSq1tW3a4FsQeutW+pwI5qxidhWS3tBXrNmDXv37iUtLa1d+2n16tWyjtONTuGMoq5tsW45RGp/PaoMZB9DEATuu+8+Zs+eLSkrPS4uTvK5yiuq/XYfFquN97/8mRff/VZuE9uV0XDuEaw65AC3A6/irHd0FR0nZqwepaWlLFy4kIULvZtY4+Pj6dKlCwkJCURHR9O/f3+0Wi06nY6goKD6otWCIKDX61s8l9lsrs98LC4upqKiAqvVisViISMjg/z8fE6ePElOTg4nTyovFwraBsfuEmozijD0i/UgRW18i+bM1i3DwHiqVkv3QCxZsqRdCVZNTQ0zZ86Ut/imhDtLuIge5YYEL4RLhnXLcqwE+6Z8ZSD7GPPmzWPGjBlnXK89IedF+0h2HoLgA20093ntcLD/yAne+mwJ837aILeZfUCBMhrOXYJVhwzgaqAf8DhwCx3EotUa5OXlkZeXp4w0BeckauftQ/tsOKogXf3GLZyhTItUsgVNrVv6lDCqo3SIxdJih1544QUeeOABvxeBr99l9u3j+HHpFUM04zs7+9S1c4r1/Sg0Jp3eyJY3wuVBtkSLndofDyoD2EfQarW89957XH311U1U2lsLORasXQezyC0oJTBAT0iQPJ23WpOFsopqThWWcPxEAQt/3sBPq3e2tUt+xI+C4QrBan/sA+4AXgIeAe4EgpVHqECBH1Fho3bzifpMN691B/1h3dKp0V3eBfNX0su6bN68mUmTJrVL90jNCquDrl+skyM1YZuuGBkBRJf2hWTrliBg2nYKMataGb8+wm233cY999zTpjYMBoPkYzbuOkrXyx4EINCgZUi/VIb060pEaCB6nRattukWbjZbsdps7Dtygv2HT7DvqM9j0W04s/4VnAHnckpcGHAb8ADQQ3mUChT4CSoIfm4UmujAFkmUQFMy0JZXXFthNRUvrpN83IwZM1iwYIHfde1yc3NlZYYJKYGEPHAxqBvrPDdLTt061FN7zBvs5SYqZ68Dk0MZuz7C119/3eYM1aqqqnMuIaoZLAKuU0ZFq5bOcxZlwNtAL2A8zgxEpUS8AgW+hgOnCrjDSZfc69x5ZrI5ADvNKb9LgyY6APVg6a6+7777jkOH/F/QeP369bKO0w5LAlXTwJrm+rVBEV90ZYGJTgV8saGP3VG7LlshVz6GnBJITTZblYqIiIhzvStMwBPKiDj/CZb78vMb8CcgCfgrsM21xitQoMAHsG8qwHz0tNfZ562wsHsZnDrCRXMEojkIAvrhnWVdr78FcW02myxpBgBd96jGWgreauA0V7CZBrJFPdkS68mWNbsc26/ZyoD1Ibp16yZLYsETRqOR0aNHn+vd8RKQpYyKC4dgueM08AFwEdANp9zDVpRgPAUK2ozanzIQTbaWOVEzpMCbdUtohXVLnxou61qffvppqqqq/NYX+/fvZ/ny5ZKPUw+PQx1qcCNKeCdbcqxbVju1vx5WBqqPceONN/qkkLggCLJrEnYQ/Ab8SxkRFy7Bcsdx4J/AUJyleB7FWflbkTRWoEAGxOPV1O5qfUascAbrlp0zW7cEoxbdtFTJ11pWVsbWrVv91hdLliyRdZx2UAKN6mQ3IUrItm6Z9xfi2FeqDFQfY8yYMT5rq1u3budqNxzC6SWyKyNCIVieyALewFnrMA64FmcWxHFlCChQ0HqY5x3AVlIrS5dHrnXL0EdeWvwXX3zhlz4oKSmRV1g6TIMmIQRRdMVP4RZD1RLh8iRbXqxbYpUFy+IMZYD6GFqtloEDB/qsPTlSDR0AecBUoEgZEQrBOhNKgW+Be4BUIBmn5MOngBK80AyMeo3SCQpAhNo/jteTBIdIm8nWmaxbmoQQVD2kizTOnTuXnJwcn3fBli1bOH36tPTNenQKgts8quNKjuYIlzey1Yx1y7T5BGKpVRmfPsb1119fLwbtC0hRfu8g2AsMBpR6SzJwoe+aIk7F+E9dP+C0cI0AhgHpQBpOSYgLAoIg0CsllisvTeOi/t0IDQ5g695jfLN0HQeOKYKpCsD22wlsQxLRJIU27P8eiuxSa6I3Ilke1WNElYBudAqmw3skX+sff/zBrbfe6rN7dzgczJkzR9axul7ReJZhbMSjxIZ7FlwiWU30r6CJBpYtvxLrkkxlYPoBM2bM8Gl755gFay7OmsCKoJrc/VTpglbhNBBxvt1Ury5x9OqayKj03iQnRNMpLpKE2Agiw4OprbWwdvtB3v18Kas2K4rQChpD1TOUkPuHgkbVZM/3XFyEtqwyLhLiKDdT8czvkg/v3bs3O3bskCXy6A1HjhyhRw/psnuq3uEE3Z7mseJ6qK+3oIMleB4hNLCyqm/2Yt9WqAxKPyArK8snGYR1OHDgAH379u3ot50DPAj8pIyAtkHx+7QOnwH/d65ddOe4cPr1SCI6Ioz0/l0JDjTSOSGasOBAYqJCCQowYtRrcbj5eErLq/hu+Sb+8d/vOJCpWKwUeIfjUDn/v73zjo+iTv/4e3Y3G5JACJ1AQm9KUxEQGycqnqCeHip46Imeimcv2E7lp54dUdSzYMGGIgqIUhVBOoICUgRCCS2kEQiBtG0zvz9mE3aT3YSd7G52k+fta1+yZb7zbZn5zPN9vs9TujWHBmck+3xSq7iaZVhwua045sRYLBen4lx8MKB6bt++nS1bttC/f/+gtHvRokWGjosZkEplJert0a94KixP65bmnVLI07pl331UxFWIGDlyZFDFFUCrVq0iuckH0fP+fgzYZAaIwAoXE4A7gbhgFTh25BAG9O1Kbl4Bh3K9d/6oqkr+sRNoQJPGDStFpE5p3ZQWTXWflAaxVkyKQpuWTbHGWIiNjaFJYkPiGlixWMw0SmgAGl4iyutcmoaqauzNyGH+0vX8950ZnCiWjZZC9dhmbcfatRmmBKsvo4uX2KKC4DIitmLPSA5YYAHMnDkzKAKrqKiIN99804C6UrC2S9Kd0f11jq6wPD5X/OZ7LPtTVkudlM4Tx/ZQcd11wQ9WbrVaady4MQUFBZHSzELgZ7cRYR4gjnxBRJYIT50HgdeDUdD1lw/kvWfHEh8X677BKH4HRvPzWF/T7OqKonC8sJj1W/fw1Q8r+OKHlTLCQuDa4YpOJAzt4jmxqj3G33JidYdqTpWCiSvRDgaWsCEhIYHdu3fX2P9l+fLlDB48OPCn2Es7kDCks/9+qDZFjvebMrFV+lsGjm9FYIWKAwcOkJqaGtQyVVVl6NChLF68uDaaVIBupdoGbEKPEbka8bEKGWLBOnXeAs4HauT1+Jf+PZj01L+Ij4v1eBrVTukmFAwcTic792axcPlGPpmxmD0ZeTKygvH5NC8dZ+/WWFo39D1zFaVK3eBp3apuKVGxmLCe1x7b14GJiqKiIlatWsWIESMMt1PTNL766itjIrR7C1RN0zMJ+vKn0vwILj/WLUVTUAtKccxMkwkYIkaNGkVKSkrQyzWZTIaCjU58/Q26d++Bw+Hgi88/Y9asmUZO/x/gXRnd8GGSLjhlXMBN7qcAQ3ROac5HL91Nk8SE8FZcVdm9P5tpc1cwdMxznP33x3lq0nQRV0LN0aBk8W401UMleL38BMv00BKKD9Gl4TsMROxpxmJiffzxxzidTsPNzMrKYvLkyQEfp7RLwNKyoe5HpWloqr4kr2mVH6LK+6LaUA0aJcvTy3NDCqERWIoSmgWerl27GhL4qampdOrUiSuv+pvRU98sIxtexIIVGL2BxkYObJwQy6x3H6Ntq/BsRlRVlfSDOfy+ZQ+fzvqFZb/JUoIQIgG/Lhfb2UewdmvubZ1RqOzU7aUolEoCw9evPa1bpqbxmAe1xrUmO6A6LliwgLS0NMM7uH7++WdDx8UMagdmxecNs9x5XVEqLZF6WrcqWrYcGQW4VmbKxAsh55xzTsjKNrLsWFxUXP7vnj170rFjJ/buDTg0xwD0mFYbZYTDg1iwAmOo0QNnvfso3TqGNg+V0+Vi2+6DTJu7guG3vUDvK8ZxyxPvibgSQo5t9ja0EodupUHTEz1rHoEzy5US1aeC8dATvqxb1n5tDdVx3rx5xtpms/HBBx8YE1jtm/qO1O6tttDcm018Wbe8LFsOFdtCyTcYSh599NGgBhetSNOmgT9kHziwv9yiFhsbyy233mr09GNkhMOHWLACfLAxctDU1+7lvH49auyY7usp+NiJYnbsyeD3Lbt5Z+pC9mcdlVESwo6WWYrtjywanJMKHn6FGm6nbI9dcYriS2x4fFCN31ZMuyRKEs1wPLC0aK+99hq33XZbwDe4zZs3s2rVqoD7xDywNeZGVve2SaVcU/psVIW/a3/WLdv2XNTdx2XChZArr7wyZMuDYCzYaMahDDxNwmef3R+TyYSqqoEW9Q/gcaBERloEVqTRPdAD7rh+CFdfMiAo4kpRFEpK7ew7lMu2XQdZvGYzU2Yuk1ERIgL7zDSs3ZpjbqJHM9G8nLW18hAFmqfYgoCXEk1xFqxDOmKfvTug+h0+fJiNGzdy8cUXB3TcwoULDfWHtXeyO3DVSWWleLanoh+W4lNtnXRlK3Zg+0Gs0aGkd+/enHXWWSE9R2xsbMDHHM7NxeVyYjLpi04pKSlceeVVfP/97ECLag6MAKbKaIvAiiRiMRDNfcyIizCbja3EKopCcamNrNx8du3LZO2mXUyft4p0cU4XIhGnRunyfSRc1UO3vFRM6qxUEFsYt25Ze7YMWGABfP7551x00UXlN6rqyMvLY/z48YH/7TaNwZKcWFkveoitioKrOutW6W8HodAl8yyEPPDAA8THx4f0HEYsWJs3b6akpISEhAT3XNEYNvwKIwILYKwILBFYkYaCAZ+1P7bvo1vHtiTExVYrplyqyrHjRWRkH2H3vizWbExj9s/ryMg5Jr0vRIfGWpaB44xkYto1riSKfOYbNGjdsrRqiKl7ImpaYMtln3/+OePHj6dz586n9HsjS4MAlvPal6cR8qcVKwquqqxbzsOFOH/aJxMsxARq3TT0pB4bS8OGDSksLDzlYxwOB06ndwzQvn370KhRI06cOBFoFc4HTkePhyWIwIoISoF8AtxFeNczH/Pelwu5Y9RQenVNJbFRAi2bJeJwuDicf5zSUjt7DmSz50A2qzfs4Jd1Eb8EsBT4P/SYKpfJtBAq/aEsSMNy69koFlMli40vsVWeFqYK6+Gq8OsAACAASURBVJYvsWU9rwOlaYEngF60aNEpCSxVVXnvvfeMXVg7NUUrDwhcoQ3+BJcf65amatiW7ZWJFWLuvvtu2rVrF/LzJCYm0qNHD37//feAjsvLO0Ljxknl7+Pi4rn/gQd5/r/PGanG7URh+jcRWHWbdKBDoAdt2XWIe//7STS32wXMRM9T9Yf7tpAkAkvwKUx2Hsf2Zy4N+rauermvTHBp+E4L4yG4Ki0lAtYuzSg1UL+33nqLm2++mbi4qjNfpaWl8eOPPwZcvqlXM8xJ8Sf9r8ra4G5TWSsUpequKRNcjvQjqH8clokVYm666aaQOreXzw+TidTU1IAFls1WOT3gwIGGw0n80/2QLM7uoRxr6YKAWFPP2psLvAp0BEaix08puw3MBfbJlBB83gxmbsd13HYyTEMAoRoUzePlKT7c4Qw0TUNFg/gYLJcF/LzD9u3b2bix+lBA8+fPN9T2mDPbeIumCm3W3P+pmnay6b42wWig2VzY5opje6i58MILOfPMM8N2vtNPPz3gY3JyKsd+S01N5W9XX2OkCk2pYVYSQQRWsJlTD9qoASuA0UB74DH0/FWVDBXAJJkSgk+KXZSuy0DTvCOy+42L5S/qu+YtuKgguGJONxbZ/euvv9bDIfjh+PHjTJw40cAVVfF2bq9GYJaLrYqCy03pxky0PEm+HmoefvhhrFZr2M5nZCmyuLi40meKojB8+BVGq3GnjLwIrEhiHfoSWV3kEPAi0AO4EPgKql2BmQJIUB7BJ86Fe3HlnHTkLRMPlcSWT8GlVWvdAohpk4iSEhdw3d5++22ys/1Hg1+3bh1ZWVkBl2sZ0g4lzoIf01UV7a0guDQNZ34Jjvl7ZCKFmPbt2xtK4l0TmjVrFvAxubm5Ppcwe/fqRZMmTYxU43ygp8wAEViRggY8V4facwz4HD1CfSrwJBBImOgTwGSZFoI/Sn/aheLSKi35eYotlerEFv7FltmEdXBHQ3Vbtsx/DLlp06YZKtPSpblvy1VVYstPm21r9hP06MRCJZ588kkaN24c1nMaCdVw4MABn5/HJyRw1933GK3Kv2QGiMCKJGYDC6K4/sXAd8A1QBv0BKCL8J/IozreAWQNQ/CJuuUI9t15J1WDplVe8vMUWwasW9YuzQzV7d1338XhcFT6PD09nSlTpgRcntKxEebmCZWz/1Qptnxbt5wHjuH6NUsmUIiJi4tj+PDhYT9vgwYNAj4mNzcHl8t3HLRBg841WpUbAavMBBFYkYKGns9pfxTV+Rj6kt/VblH1d7dQDMYOkv3usgXBJ7Z5O9BKnd4Cyf1G8RBc5X9gPgRXVZYeU6NYzOcEbhFYsWIFW7ZsqfT5okWLDLXT0q/tyTAUeGlK32LLj3VLc6jYluyWiRMGxo8fT5s2bcJ+XiMWrHVr12K323x+l5KSYtTZvYX7viCIwIoYcoErgSMRXMd0dOvSJUAyutP690BBCM41AeMWMKGuP5Fk2yhdn3lSdFTSFJXFVkXBVaV1C7CeZewmOXfuXG8xaDSxs1nBkppUrqY8q1hRbFVn3XLszEXbVygTJwzccMMNtXLe2NjYgFPm2O12nE7fFixFURg2zLAlTpzdRWBFHFuAgUCk7KG2A0vQY5ucDnQF7gEWg6FwQYGwDfhGpoTgD8fc3biOlugBN8sElL/lv3LBxSlbt2LaNkZpHhNwvd544w2OHj2ZIH3Dhg1s2LAhcH01IBlTgtW7kj7EFh6Cy5fYUgvt2OfslAkTBp599lnat29fK+du0qQJycnJAR935Ij/NGm9e/cmNdVQoNTB7vuFIAIrotgD9Ac+QffVrQ2R9zYwHD2J58XAS8D2WqjPf2upD4RoQNUoWblPj2PlITS8xFYlweV7KdGXdUuzmrGc3yHgah07dozVq1eXv58921BuNyzdW1QWjhXFVgXB5Sm2ygSXbf0hKJU/o3Bw3XXX1dq5zWYzqampAR/nK9hoGQ0bNmSUMYucCT2yuyACK+IoBG5F3/K6MpS3KGCrW1CNBtoCfYD7gPnoO/pqkz+BGTIdBH+4Vmdi338MTdVQVXfMJ0+xRQ2sWxrEdG1uqF4fffQRLpeLzMxMXn311YCPV1rGYmnVyGtJ0Kt+/gRXhea58opwLT0gEyUMjBs3jh49etRqHQYOHBjwMTk5OX6/0zSNCy80HG5iDBArM0MEVqSyBrgAOAd4H8iroZjKBRaiW4b+iu6M2NstqL4CMiOwD55DT6sjCL6fwH/eheZQy28IZWKrLMgmnoIrQOuWpVk8pt6B7yj8/vvvSU9P59dffzXUJsuAdihmk5fgq+iDVa3YUlVsSyXmVbi49957w5IWpyqMLE+WlFS9Lyk1NdVo4NEWwFUyM4KL5CIMPmvdr7uAszkZzK0r0A5oVOH3WW6xtBfYhb7st5PoTEPzJ/A1uoVNECo/Ze85gX17LrG9W1dIQIhHcmTdaRflpGXr5G88FJhXomQ9yFZM/7bYtgS+92T27NksWbIk8AYpENMuqUIj/eRWBG9H/7J/KuBIP4q2PV8mSBh4+eWXw5LUuTqaNw/c4pqbm1v1dFQUrvrb35g3b66RKv0b+FZmiAisqLiXAL+5X/WJp4BrEXOz4Af7rB1YOzbF1NDqLZg8/3jc64e6ANHTI7s1l4cyOSlQyt5bU5OwWRRwBrap9dFHHzXUFlPPZpgaN/D2Vq9gGfFK8aNUXhbVSp04FohjeziIjY2ttZ2DFTESqiErMxNFUapM89S7dx9aJyeTHXgmgjJn910yU4KDLBEKwWYf8KF0g+AXh0rp7wfdQUe18iU0fIRfcKstPcGzx1KiP0d5JS4Gy1/CZ52I6ZXsHe+qijQ/ZYrQs74aYNuajXbMIfMiDEyYMCEirFegBzkNlJycHFS16k0QCQkJjLl5jFE9cJvMEhFYQmTzHJKjUKgC58/7cWYXegkSxZ/gqiBQPH23PDVM2XGxPVuFpxEWBXPbxMrVrKitqhBc2rFSnAvTZUKEgQ4dOjB6dOR4LxixYG3cuAGnUxfjiqKgKAomkwlFUSgsLOTEiRPk5+fTvcdpRqt1CxLZPXiXCOkCIQQcBl4AXpGuEPxRumwPDa/tAyalsopyCyYUxdv3qvyLMu2ilWsY3WdLwdyyIUrHhmh7Qxus03JRB0wWs8dSZgW3sJNNKf9eKa+s/mHpr/tlIoSJCRMm0LRp04ipj5F0OXl5eUyfPp2YmBg2btiAqqpk52SjulT279+H6lIpLKrRvG8BXI4elFqoIYp0gRAirOgBSDtLVwj+iB3dC2u3Fvjd0FXxc/cPtWquYLbN2dinbwtp3eNuPRNzi4RKldD81Evxko/gPFSA7YvNMgnCwODBg5k3bx4JCQkRUyen00lMTEwkdteP6DvXhRoiS4RCqLADj0k3CFVhm7sDtdSBqmknI7NXVCteYRq0U/LdiunQxIdlLIgXzi6NMTdPqBQyokxI+YqD5VVFp4p9hSwNhouXXnoposQVgMVioW/fvpHYXZcAHWTWiMASIpuZwFLpBsEvBU5sm7PKcxJqaG6xpVWdt0/zIbY8BJcpMRbzOckhq7alT7IfIVhZ7fmKg2VPk3yD4eLee+81FNQzHAwePDgSq2UGbpaZIwJLiHz+DcgWKcEvzvl7cB0tqSSgNA/BpVVn3fJwIi8LPGrt3TpkdY5pm+QzdU8lseXDuqUV2nH8JEFFw0FcXBwPPvggJlNk3uoiZUejD4bL7BGBJUQ+O4BJ0g2CXzSwrdnnTiqIzzQ5mi/rll+xpYsbS6tGKE2D7+NiHtQGJdbszqvoFk4eYkuhasFl25ABNsk3GA4mTZpEx44dI7Z+rVq1itSqpYg+EIElRAfPALJdSvCL+lsOjoxjnoqqypce9b1q65ZiMRFzQfBvrjFdWnidR3PH6Sr7zzPWVUXrljO3ENfqQzLgYeCCCy6IqLAMUSawSqkcJEUQgSVEIMXoORQFwS/2RbvQ7K5yf6wKiqpqsVXBulUuhjoFd1u+0iaOmOYJlZcFParsKbjAQ2g5VewSliFsTJgwIeIc2ysSHx8fqVXbJAJLBJYQPfyA5LkSqkA7WIx9x2EvsXJyybCC83g1gqtMbJmSGmA6o0XQ6mjp27Z8d6JShaWqrI6eYsux7yjqDsk3GA6ef/55BgwYEPH1TE5OjtSqfS6zSASWEF3cA+RJNwj+cHy/E/W4zUd4Bn9iS6vytxoQE0Rnd2tqY8ocwCouTVYltrQSJ7al4tgeDjp37sxtt92mJwyPcIwEGw0Dq90PxIIILCGKyHWLLDE9C75RdSfwqoxXVVq3fFi0LCmNwVLzS535zJaYGsaWV0Jxv/DhB1bRumXbngNHZTNtOHj//fcj2bfJi0iKLO9mK/A3wCUzSQSWEH1MB2ZLNwj+cC3PwJVzolyxVGW8qvYHGihWC5Yh7Wtcr5iuLfwmpK5KbLmOleBcvE8GNgw8/vjjDBkyJGrqa7Va6dSpUyRUpQR4EzgXWWUIGpKLUKgN7gQuAJpLVwi+sC1PJ/7qXpUsT5rHso9nrr/yDyraRt3rdTFdmuH8aa/h+iiJFiwtG3l/WCnx4EmxVfa9pkHpbwdlQMNAr169eOCBByI25pXPeaUoXHrppUyePDlYRaroWTRc6DsBT7gFUxH6CkIhcAQ4DuS73x8EfnN/JojAEqKcXGAseqR3QaiEtuMYjr1HsXZpflLLKHiZhrQKPjaKL8Hj/szcLB6lUyJaurF7iOWstigWkw8B50NseXzuPHQMdfNhGdAwMHny5KhZGvQUWAaDjS4BprkFUh76Tu1ct6gqBGzoVilBBJZQD5kFfAqMka4QfGH/aReWtkkocZZKAkqrILYqCq5KjuaKQkz/FOzpxhJAx3Roop9PqaCi/FixcIdlsK3YKwMZBl555RUGDRoUlXU36Id1APhIRj6yER8soTa5D9gl3SD4JN+BfXOmVx6/MvcnX8mUPdPl+PKDt6QkgZGdZXFmTAmxJ4XTqYSOAGw7D6NliREh1AwbNow777wzKnYN+qJ9e0P+gSky8iKwBKEqTgA3opuzBaESziX7ceWfFCm+xBb4CJHgIbbKBJcSH4P53DaBV6LEhSvreBU5Byu+0VALbdgXp8sAhhir1crEiRNJTEyM2jbExcUZOawtPrIyCSKwBMGTdcB46QbBJ6qm5yl0qZUCT1W0Yp2KdcvS3VjQUfuuw6BUkXOwgvWqdFMmOCUaSaiZPn06PXr0iOo2tGnTxshhreT+LQJLEE6FCcB86QbBp8b64zCOgwWVkib7E1xVWbcsrRqhtA48uKNrSx6u46Un8w26RZWv4KLOnEJc67Jk4ELM+PHjufLKK6O+HQaDjTYFrDILRGAJQnVo6EuFsqYi+MS+fA+q3eUn8KhWtXXL4+eKScEy0NCuLRyHCjxEnF6ip+BSNFCcKrbfDsiAhZjLL7+cBx98ELPZHPVtad7ccLSadjITRGAJwqmQD9yAvs1YELwVeEYxjrRcKumrSpHbfeSwqbBkaElNMuS94tiUCS5/5eqF2w7mo+4ukAELITExMbz++uskJSXVifZYrVaj4SXay2wQgSUIp8o69FQ6glBZ4CxKRztu87kUqHmInuqWEs2JDTD1DdwXS8spxZlX5Deau1bixL5EjLChZs6cOVHvd+WJ2Wzm8ssvN3JoG5kNIrAEIRA+Bt6RbhAqYVexbcwotxYpeC8FatqpW7diehpLAG3fe8RbWHmUX7otG63QKeMUQt58802GDh1ap9qkKAopKYaiLkioBhFYghAwDwHLpRuEirjWZOLMLfQWTPgRXPgXXJbkRGgYuP+Oc302WqmjkhXLdawEx6oMGaAQcueddzJ27NiojXdVFS1aGNrdKgJLBJYgBG4oAEYgTu+CD2zL91TyhcLDDwpPp3Mfju4aoFhMWAamBn5yVcN+qIKPlQql6yXfYCi5+OKLefHFF4mNja2T7ZNgoyKwBCGc5AFXoCcpFYSTeir9BPY9eb5jUlVcDvQlttzWLUunZobO79iRg6Jp5ed0ZBbg2n5UBiZEpKam8sEHH9CkSZM628aEhAQjhyXL7BCBJQhG2Q78HRDHFsEL++LduEocaJo7TIKfmFRVLSVamsZj6to44HOr+07gPFqsl2l3UrpG8g2Givj4eGbOnEmnTp3q3oOCpqGqKqqqkpxsSCuJBSvCkWTPQqTzE3A3MFm6QijnhAv75kwaDGjntkh5qCoFFO2kn075P722Guq/s/Rtg31X4GEVHAePEdMkntI9R9ByJLJIqPjmm2/o379/RNbN6XR6CaWcnBw0TcNut+N0OsnK0oPNlpSU4HK52LlzJ5qmUVhYiN1uZ8mSJRQXF7N161ajVWgJxAAOmSkisATBKB8AHYAnpCuE8hvc8oOoXZpjbhKP5un37Cm4KoitioIrpk1j7AbObV+dgTU1CdsSsV6FiilTpjB8+PCQlW+36yOvqiqappGdnY2qqthsNhRF4cCBA2iaRklJCZqmkZaWhtPp5MSJE9jtdhYvXoyqqmzbtq02uykFkEkYoUiySCGa+Bi4VbpBKMPUqxkJQ3t4X8mUSiGqvL5T8LZula7eh3Nl4DsAlcYxaAViPAgFL7/8Mo888ggmk38vltLSUjRNw+VyAZCbm4vT6aS0VLcoegqkMiGkqir5+fkALFq0CJfLRXp6VO+lGYzsuI5YxIIlRBNjgSbANdIVAoC69Qj2HvlY2yWVqSfdH8vjN9VZt2I6NzcksERchYZBgwYxePBg5s6di9PppLi4GIBt27ZRUlLCkSNH0DSN9evXc/z4cQ4dOlSfu6utzJjIRSxYQrTREJgHXChdIQAorRuQcG1fFKu58qVNqXzFq2TdUjWKpm1EyyqRzhSijUeBCdINkYnsIhSijUJgGLBWukIA0LJLse86XPFT/eUZ3t39caXdhiYFy1myIUuISmTiisAShKBSBFwFbJOuEADsS/aiHrf5yRPoKba8BVeZ0LKmJkknCtGIVbpABJYgBJtc4CIRWQIADo3SjYcqWauqF1z6P00JVsz9W0s/CtHGDukCEViCICJLCCmu9dk4s49THqq9oriqRmzFGIzsLgi1hAbMlW4QgSUIIrKEkGNbsw+cWoW8hFrVYsv9maVVI5SmMdKJQrQwFdgj3RC5mKULhDpAETAD3fm9pXRHPX6kL7CjtIjD3DS+8pdKpX94vVVMCqpJQd17TDpSiHTWAyMBm3RF5CIWLKGukAsMQoLu1XtsS9PRih1+8hJSpXUrpn1T6UAh0vkauAQ4Ll0R2UgcLKGukYDul/AX6Yr6i+W8FOL7pVS6xGlKNVdBDYoW7kBNy5dOFGqDUvRQNEVuAXXM/TqKvhw4G9gi3SQCSxBqixjgS+A66Yp6rLRv7Iu5SVyFK131gsu+Px/bbNmcJRgWSPnACbcwKgSOuMVSvvuzAo/3np8dBVweL1W6M8of9KQLhDqIA/gHcAh4QLqjflKydj8Nh3YHk2f4ds1DZyleS4hlYismORFbrAlscn+rh5QJomLgsJ/3R92CKN/9Ps9DIPkNDiLUP8SCJdR1xiGpJOotDa7ugTUlqeorng/rVsn6gzhWZUgHRgeqh6ApAbLRl9hy0S1Kue73ee7vc30IqLLvBUEEliAEwEjgEyBOuqKeXeCaWml4bV+UGLPPvIT+rorOI8UUf7lZOjA8ONziyOEhkGxApocgsgNZbsGU4/4+2/3+sPt3sv1TiChkiVCoD0wHMoCZQCvpjvqDdtSOLS2XBr2SvRdsFCq/Lz8ILE3iUFLi0TKKpRONkQ/8DDjRl+rLBJLT/bfo+f6wW1wVSLcJdeoBT7pAqEe0Q99h2Fu6oh5hUmh44xmYGsWe+pVQAdueI9jm75L+C5y9wBVI8F+hvl96pAuEesQB4HzgO+mKeoSqUfpHBoqmlb8q4SPSuzU5UR5BA+dn4GwRV4IgkdyF+ocN+AbdMXYwcgutHxorpxhzamPMCboVS/F8Kb6ngGIx43I6ULOKpANPjTeBm9EdxgVBBJZ0gVBPWQZsBIYC8dIddR/XiSJiuzRHMSno/3mIKY8XnoLLasG57bB0XtUUAmOA15DYTYJQjiwRCvWZOcAA4HfpirqPmlGMfV++W1jp64EK2smUOu6X51JiTPMElJax0nn+2QUMBKZJVwiCN2LBEuo7+cBnQBO32BLqMM6DBVhPa4HJYvawWOnfnbRinbRuKSYFTVFw7ZMIAD6YBgxHD6cgCEIFxIIlCPqW8XuBEUgsnTo+0iql23L0HM/uPM+4LViKhk/rllegUqGMXPQAvuJvJQh+EAdfQfAmFfgC3QFeqKM0GNIRU+zJMICarwtiWYYdTaN09X60Aod0nDcaegDfJ9GDfgqCIAhClZiBx9CjRGvykpe8qnwdQ8/5KS4nguD9jCYIgh8Gosf1aShdIQjVsgm4G1glXSEI4oMlCP4YBHwg4koQTpm+wArgI/RNI4IgCIJQTkPgLcCFLP3IS15GX1nAtXI5EeozskQoCCcZ6n76TpWuEISgMBN92TBHukKob8gSoSBAHDAZWCDiShCCygjgT/f/BUEEliDUIwYBm4E75O9BqI+cf1ZXHrv9SizmkE3/ZsAM9IC+jaTHBUEQ6jZm4HHAgfjLyKsevhonxGpTXrxTO7Juilay5Utt0w8TtAduvjzU593jfqgRhDqP+GAJ9ZHWwJfAEOkKoT4y/u4R3Pz3v9CmZdNK363fms47U+czbd6aUJ3eAfwHmMjJGK+CIAJLEKKc84DpQNtQFP7QmGGU2hy8O22R9LQQcdxx/RDG3jCU0zqnoCj+L/9Ol4uVv+/g+Xe+ZdXGXaGqzvfATcAJGRlBBJYgRDd3AW8A1mAXfPkFfXjq7us48/SOAGxO289bn83jq7mrpdeFWueaS/pxz03DGdi3K+YAfK2KSmzMWfwbj7z8GXkFxaGoWhpwFbBTRkkQgSUI0UcM8DpwT7ALTm6eyKSnbuWvF56JNcbi9Z2qafy2aRcvT57FwpVbZBSEsHPJoJ48dOtVnNevR6X5GQiZufl8/M3PvDh5diiqWQhcByyUERNEYAlC9JCIviT412AX/PRdf+e26y+hZbPGVf7O7nCyZmMab3wyhx9FaAlhFFbnntWDWKslKGWqmsbGP9N56vWvWPrbjmBX2QncB7wnoyeIwBKEyKclup/HOcEsdOi5vfi/+0ZyVs9OAR1ndzj5fcsePpmxmKlzJF2bEDphVVOLVVXY7A6+XbCa+56bQondGcyiNeA54FnE+V0QgSUIEUsbYCnQNVgFmk0Kbz41hlHDzychvoFxS4CqsnHbXqZ+v4z3v14sIyXUmFHDzuH2kUMZ0KcLFos5LOfcf+gwr3zwHZ/MWhbsol8HxonIEkRgCUI9EFcjLu3P/903km4d26Bpwbnua5pG+sEcvp67khfenx20coX6w8O3DmfU8PPp2TW1yl2BocLhdLFg2QbufmYyecdKRGQJgggsoQ7TFPg1mOLq3Wf+xQ1XXECD2JjQ/BEqkJNXwKKVm3h/2kJ+/3O/jKLgl45tm/HI7Vdzybl9aNemRUQI84zsIzz3v2/44vuVwSz2NeARGXFBBJYg1D6xwBLg3GAUdkG/bkx8Ygy9urUnXMaBklI7v2/ZzVdzVvDpd8tlRIVyRl5+DjddPZj+fbqQ2DA+4upX5pt1+1MfBKtIDbgfeFtGXxCBJQi1y2fAP4NR0JN3Xs09Nw0jKTGhVhqiahoHDh1m0apNvPDuDHKOFsro1scnBquFlx66gUvO60vndq0xmSL/kv3nroOMe+nTYO00dALDAIncK4jAEoRa4l/AR8EoaNrr93HVxQMi5mZWVFzKhm17mfXjGnGKryfc+vfBjPjrIPr16kzjRvFRV/+jBYW89tFs3vh0QTCKywV6u/8vCCKwBCGMdAY2ATUyN/Xs3IYvXruf07qkRGxDsw7n8+vGnXwzfyWzF2+Qka9DDOjdkXtvGsaAvt1IbdM86i/OTpeLr35YwdjxHwajuDnA3xCnd0EEliCEdQ7/AFxRk0JuGD6Il8bdSKvmSVHRaFVVST+Yw+9b9vDprF9YFvzAj0KY6Na+JV+/+TDdOrbBbDLVufatWr+Dobc8j1pzZ/zrgBkyYwQRWIIQHoYB82pSwMO3DOexsdfQKCEuKjvAparsPZjLxm3pzFi4hh+WiGUrmnjzyZu5Y9TQOt3G7XsyuPGhSWxLz6pJMfuAHoBNZo0QDZilC4Qof0D4EmhrtICXx93Ag7deSUJcg6BXTtM08vJP0CA2BlMItyGaFIWmSQ3p2TWVa/96LreMuIhLz+1NSqsmZObkcexEicyUCKZbh9YM7t8zoCTMoeDY8SKcTjVoqXU8adE0kSuGnM2m7enszzxitJgk4CCwXmaNIAJLEELLpcDjRg9+Zdw/uOfGYUFPKVIWauGdqQto16YFbVo2DZ/iVCCxYRyd2rVmyKA+jBkxhPP7dWfaXEnNE6ms3byHFk0b0b9Pl1qth8Vs5vPvl7F+6x6aNG5IUmJCUIOXJjaM45Jz+/LHtj01EVm9gXcBVWaOIAJLEELH6+hLBoGJEOD5B67nvn8OD5rVQFEUDh8tYMaCNdz33EfMWfI7rzz6T06vZYd5p8vFhA9ns2XnQZktoUMFMtETixvip5Wb6d0tlR6d2tZaI0wmE/16dWbnvkwuu/UF9h/KIalRPK1bNMFiDs6tomFCAy45ty8r1m0lK6/ASBFJwG/ATpl2QqQjPlhCtNIEyAECDq9++3UX8epj/6RBrDUIwgp278/mu5/W8vYX88g9WsRl5/fmnWfuoG2rprXaQU6XixfencHLH/wgsyW4HAD+ADaiZw34DShA9wWskTPVks/HM+jM7rXaOE3TWLRqM3/796sA9O/VgUduu5rBA3uR2DA4forb92Rw3sgnKbEZShY9G7hGpqEgAksQQsMtwJRADzqtY2sWTHm6xrsFFUVhQpVaJwAADv5JREFU175Mvpi9jFc/mlP++Tl9O/P1pIdqfTeiqml8NH0R97/wWU2LWur+f3cguZ7NscPAdmAHsA3YjB4O5Bi+l6iaovsHdTB6whiLmbUzXuS0zrUfKmTRqk1cdeer5e87pzTnmftHcdkFZwRlQ8gPP69j5INvGjm0GGgJFMllUBCBJQjBZzpwfaAHzfrfw1w++KwanXhvRi6fzlzCax/P9dp63rNzG2b87xE6pLSs9c75btFa/vHQW8EQV0MBB2AC4oFuQBe3iCh7tQZSgeZRNoeOAllABvoOtbLXbiC9CiFVFWcBKwHDCqR7h1YsmPI0yS2a1HoHfT1vJbc8/p7XZ+1aN+GFh0dz+eCzSIiLNVy206Vy+3/e4ev5vxo5/FLgZ7kMCiKwBCH4ZBDg7sG/nt+Hb98eh8VizJ/k8NHjfDpzCePf+rbSd5Ekrpav28Zl/3qhpsUcBM4msOjZCpACNAMaAe3dn7V3f9/U/XkZZvfvg0Eu4LldsgjIQw9MeQg95UoGcBw4gr7MF6qglaOBL2pyfb3w7G58/eY4mtRSqiZPvpqzgn/95/1Kn5/Zox3P3D+SvwzsZXijyNadB+g/4gkjhz4LPCOXQUEEliAEl5bum2ZAV/Xpkx7gqov7B3yy4hIb85auZ9xLn5KbX3lVIrl5I+Z//HStOiiXsXnHfi66cTzFxnxbPMXJeejLYYIxXgSeqEkBo4adw9v/dzsN4xvUemOmzFjM3c/6XpG/YvAZPHnXtfQ9vWPANxRNg9EPvc53PwcceWEeNQwuLAihRnYRCtHIacCdgR708rjRATnpaprG+q3p3Pn0+7zx2QKKSh0+fzdn8hOccVrHWu+Unfsyuebfr5BXUFyTYlRgFLBMplmNWIy+XGjYY33rrgxsNhvn9zuNGEvtXqp7d2+PprpYuT6t8rzbn83HM5ZgVqBrxzYBCUJF0R/zZ/20LtAq2YH3ZJoJIrAEIbj0A24I5IDzzuzCv//x11NO4Jx9OJ9Jn87l1ifeY19mnt/fffPmA1xybp9a75CM7COMfep9tuw6VNOingY+lCkWFOYCl1ODzQFrN+8hLjaGgWd0q9U0OiaTiYF9u5GVe5RNaQd8/mbZb9v57sc1pLRuRpf2yadcX4fTxUffLgm0Si7gDSQ3oSACSxCCSvdABdb5/Xow4rJzqr0aa5rG6g1pjLxvIt9Xk3LmtcduZPRVF1LbK+25Rwq4adybrNywq6ZFfQKMk+kVNOzoSYr/gbfvWUAsXbeNhDgrA/t2PeUHhFAQYzFz7lnd2ZK2l/SDh33+pqCwlJk/rSUr9whnnt7plCzGdruT/01dGGh1rMBLSMBRIYIxSRcI9YG42OrDZR07XsQrH3zHJWP+y24/N5Ay7v7Hpdx2/SVBjXRthPyCQh54fgqrNtZYXP0C3CEzJehkoluxahRS4KlJ0/nyh+VoWu0abJolNeL1/9xKw7iqY8h9+t1yLr5pPD+u+ANVrbrOBv+EYmVqCSKwBCES7nKH871CKlTkz10HueL2F3j2fzOrLWtg7048efd1xFpjarVNx44XcfczH/Ldz7/XtKhtwAj0nXZC8NmE7tdWo/4dO/5Dvpi9rNZFVpf2rZnxv+oNnfuz8rn6rgk8+/Z0ThT5z4fpcLqMVCMLsV4JIrAEIfjaItADflq5hfyCQp/fLVi2gQtueIr12/afUlnv/XdsrW+fLyou5dm3vwmGuMpE342VL9MqpMwF7qWGPkNjx3/IrJ/W1npjBg/oyYRHR5/Sb1/9aA5jHn2bg1m+fRnT0g35DdoQ/ytBBJYgBJ2DgT69qprG1p3ezrl2h5PJ037i7/dMPOWUHV9NvK/Wo2wXFZfy9BvTeP/rGsdZPO4WV3tlSoWF99HDN9SIG8e9zfxlG2q9MXeMGsrIYeec0m/nL9/E3+96hQ1/pnt9rmkaC4y1JV0EliACSxCCz368g0qeEu9+uRCHUxdSNruD597+hgdePPVUMvfeeJmhOFpBF1eTpvFezcWVA31ZcKNMp7DyFPBpTQsZcc/EWhdZ1hgLz91/Aw2spxaObuvuTM4b9TTL1v1Z/tm23Qf58NtfjJx+u0wlIdKRXYRCtHIxEFDwqR17s0hp1ZSe3drxwrszeG3KvFM+tl3rJkz+750kNoqvfXE1rcbiSgNuBCQLdO0wDz3USLeaFPLN/DWcdXpHunaovRSRjRvF061DckBxrKb+sILB/U+jUUIDHnzhE3YfyDFy6teBP2UqCSKwBCH4tHWLrICYv2wjW9P28el3ywM67rNX7+WM02svmGgQxRXovkCfyBSqNVTge+B8TqYRMiayFtS+yOrSIZlDOXls2nHglI9Zsnozqzak8eOqLUb77x4k2bMQ4UiqHCFa6QbsCMcc/vcNlzDhsZsxm2tnRf3YiSKee/ubYImrl4H/IP4rkUAzYDlwek0L+uyVu7ju8nNrLWzI/kOH6XPFw9iN7QgMlGXAX2T6CJGOWLCEaOUIMJwAEz4bYcpLd9G8aWKtNDK/oJC7/+9DvvhhZTCKewd4WKZOxFACzACuQU+EbZjZP/9Gu+Rm9OnRvlZEVlJiAq2aJzJ/WVhc+l4ANsj0EURgCULoOApcH8oTvPrIaC4ffFatNO7w0ePc+9xHwQjFADAVPX+jWK4iiyLgR/QNB41qUtDcXzaQ3KIxvbu3r5W0Op3btWbRyo3kHDke6gerW5CYbYIILEEIKdvdN6ZWoTrBxy/dRUJc+INGZ2Qf4aaHJ/HT6q3BKO5r4J/o+duEyOMIekqdGous+cv+ICEuhn69OmMxh/fyHmuNoUXTxsz4MaRxup5FEpELUYKEaRCinUdCVfD9//wrLWphaTBtbyYXjX6aVRt3B6O4xcCtIq4inl3oMclqbP55atI3jJ80jZJSe9gbMbBvt1AWnw68JVNFiBbEgiVEO3uAzkDfYBf8+B1X06V9eHdn/frHTi4b8yyHjxUHS1xdiYGYYUKtkA0sRV/2rpHZdO3mPew7lMMFZ59OfBgtsAnxsWzevped+7KDXbQLuBbYLdNEiBbEgiXUBe5G31EYVLp3bBO2Bqiqxpwlv3HRTc9yvDgolgcRV9HJr8BlBMGSNX3+r4x+6A32HswJW+UVReHKi88ORdEvuMWnIIjAEoQwcsItJjKDVWC/nu1p16ZFWCpvdzh5Z+oCrr9/UrCKFHElIguAZb+ncY2PFDWh5IzTgh4vbirwnEwLQQSWINQOu9Fj4wRFZI24bFBY4l7lFxTy+IQveHTClyKuhJCIrLR9OZw36mm++2ktLlUNecXbt21Js8ZxwRRXYxAfQkEEliDUKrvQo2NvqmlB4UjovGtfJqMfmhSsAKIiruquyDoRjML+8fBbvPrBdxSX2kJa6aTEeM7u1aWmxWjABBFXgggsQYgc9gL90SOWG3ZmahAbE7IKaprGjys28pfRT/PLuqDlrP1WxFWdFVmDCJJl9rl3ZjHm0bfZf+hw6Gqs6TkKa8BB9B2Vj4q4EkRgCUJk4QCeAPoAn9VEaAWbE0UlvPT+LK6+6zWOHi8NVrFTgRtEXNVZ/iSIy99zftlIv6sfYfHqzbhcaiS1cz96poEewHwZdkEEliBELmnoSww/Bnrg8cLioFdm8479XH/fa/z33VnBLPZN4GZ50q/z7EK3ZG0LRmFFpQ6uGPsKEz6cTX5BYVAr6lJVsg7nGzl0HPA6UCzDLYjAEoToIOD1kFXr04J28sLiUt7/6kcGXvcflq4LWjQJDXgGeABQZYjrBQeAIUDQQqU/+85Mht32PKs3pKFpwcmilJWbz4r1Ow0dKkMsiMAShOhiX6AHvPXFQjKyj9TopKqqsWZjGtfeM4EHX/o8mO2xA3ehpw0R6hc5wMXAwmAV+MeOg1x883M88dpUDuXUbM4rwNK1htI7qUb+TgUhkpFI7kJ9oCEwOtCDNNXF4AE9A87ppmkau/dnM37SNB588XP2Z+YFsy3HgVHAVzKs9RYHMB1IBc4MVqFrN+1myreLadmsMR1TWtIg1hpwGbv2ZzHq/onYHAGvWOeiW2QFQQSWIEQReeg5C5VADlq3ZQ8KGv16dcZqtVT7e5dLZdvug7wzdQE3PfI//ti+P9jtyASGAb/IkNZ7VOAHt9gaEqxC7U4X85Zu4PtFv9I0qRHNkhqR2PDUdgRu35Oh71DMMuR/tcgtGgWhzqBIFwj1hJXAeUYOPLtnBx694xoG9u1K8yaNvCxaJTY72YePseHPdKbNWcGcpRtDVf/16GEYxE9FqMj1wMfoltrg3iAUhcduu5Ih5/ahe8c2tGzWGJNy8rZRVGLjUM4RflzxB09M/AqH07A74L+AKTKUgggsQYg+7gXeqmkhZ3RPpUuHZEyKQlGJjT0HstixN+S53qYDtwGFMoyCH/oB36EvG4aMAb070q5Ni/L5v31PBukZNV4CL3XXO0+GURAEIfpIAorQd99Fy8sBPC5DJ5wiLdGXj7Uoe30pQycIghDdvBpFN51s4BIZMiFArMBEdB+taJjnLqC7DJsgCEJ00ww4EgU3nV+AFBkuoQZchb7kFulz/VMZKkEQhLrBv4jsJcGnAYsMkxAEUojsJcMcoIUMkyAIQt1AAb6JwJvNNmCgDI8Qgvn+GHr6mUia7yp6yBFBEAShDtEI+D1CbjRO4GUgToZFCCGnAb9GkMB6VIZEEAShbpIUASLrV6CvDIUQJszoKZaO1fK8f16GQhAEoe6LrOXUzg7Bm5FMCkLt0Ax4D916Gm5r7YPS/YIgCPUDq/uJ2hWGG0wB8DAQL90uRADdgalhEloZ6EmqBUEQhHrGGcCqEN1c9gIPibASIlhofQLYQjD3S4FJQKJ0syAIQv1mKDAfsNfwxlIEzAauQMIuCNFBS3Tn803U3KKbhx7wVOK5CYIgCF60BcYCM9ATLFe3jFIMbAc+AEai71QUhGilB/py9pwA5/976EFOG0gXCvUdSfYsCKdGslt0JQHtABN6VPgTwEEg0/1vQajr878l+nJ3AZAv818QBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEGoC/w/3ebC3WcXEPgAAAAASUVORK5CYII= + mediatype: image/png + customresourcedefinitions: + owned: + - name: jenkins.jenkins.io + displayName: Jenkins + kind: Jenkins + version: v1alpha2 + description: Jenkins + resources: + - version: v1 + kind: Deployment + - version: v1 + kind: Service + - version: v1 + kind: ReplicaSet + - version: v1 + kind: Pod + - version: v1 + kind: Secret + - version: v1 + kind: ConfigMap + specDescriptors: [] + statusDescriptors: [] + required: [] + install: + spec: + deployments: + - name: jenkins-operator + spec: + replicas: 1 + selector: + matchLabels: + name: jenkins-operator + strategy: {} + template: + metadata: + labels: + name: jenkins-operator + spec: + containers: + - command: + - jenkins-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: jenkins-operator + image: virtuslab/jenkins-operator:v0.2.2 + imagePullPolicy: IfNotPresent + name: jenkins-operator + resources: {} + serviceAccountName: jenkins-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - update + - apiGroups: + - "" + resources: + - pods/portforward + verbs: + - create + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - '*' + - apiGroups: + - "" + resources: + - events + verbs: + - watch + - list + - create + - patch + - apiGroups: + - apps + resourceNames: + - jenkins-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - jenkins.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + serviceAccountName: jenkins-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces diff --git a/deploy/olm-catalog/jenkins-operator/0.2.2/jenkins_v1alpha2_jenkins_crd.yaml b/deploy/olm-catalog/jenkins-operator/0.2.2/jenkins_v1alpha2_jenkins_crd.yaml new file mode 100644 index 00000000..b74dcc75 --- /dev/null +++ b/deploy/olm-catalog/jenkins-operator/0.2.2/jenkins_v1alpha2_jenkins_crd.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: jenkins.jenkins.io +spec: + group: jenkins.io + names: + kind: Jenkins + listKind: JenkinsList + plural: jenkins + singular: jenkins + scope: Namespaced + version: v1alpha2 + versions: + - name : v1alpha2 + served: true + storage: true + - name : v1alpha1 + served: true + storage: false diff --git a/deploy/olm-catalog/jenkins-operator/0.3.0/jenkins-operator.v0.3.0.clusterserviceversion.yaml b/deploy/olm-catalog/jenkins-operator/0.3.0/jenkins-operator.v0.3.0.clusterserviceversion.yaml new file mode 100644 index 00000000..4853d9c4 --- /dev/null +++ b/deploy/olm-catalog/jenkins-operator/0.3.0/jenkins-operator.v0.3.0.clusterserviceversion.yaml @@ -0,0 +1,226 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"jenkins.io/v1alpha2","kind":"Jenkins","metadata":{"name":"example"},"spec":{"master":{"containers":[{"image":"jenkins/jenkins:lts","imagePullPolicy":"Always","livenessProbe":{"failureThreshold":12,"httpGet":{"path":"/login","port":"http","scheme":"HTTP"},"initialDelaySeconds":80,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"jenkins-master","readinessProbe":{"failureThreshold":3,"httpGet":{"path":"/login","port":"http","scheme":"HTTP"},"initialDelaySeconds":30,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1},"resources":{"limits":{"cpu":"1500m","memory":"3Gi"},"requests":{"cpu":"1","memory":"500Mi"}}}]},"seedJobs":[{"description":"Jenkins + Operator repository","id":"jenkins-operator","repositoryBranch":"master","repositoryUrl":"https://github.com/jenkinsci/kubernetes-operator.git","targets":"cicd/jobs/*.jenkins"}]}},{"apiVersion":"jenkins.io/v1alpha2","kind":"Jenkins","metadata":{"name":"jenkins"},"spec":{"master":{"containers":[{"image":"quay.io/openshift/origin-jenkins:latest","name":"jenkins-master","resources":{"limits":{"cpu":"1500m","memory":"3Gi"},"requests":{"cpu":"1","memory":"500Mi"}}}]}}}]' + capabilities: Basic Install + categories: Integration & Delivery + certified: "false" + containerImage: virtuslab/jenkins-operator:v0.3.0 + description: Kubernetes native operator which fully manages Jenkins on Kubernetes. + repository: https://github.com/jenkinsci/kubernetes-operator + support: VirtusLab + name: jenkins-operator.v0.3.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Jenkins + displayName: Jenkins + kind: Jenkins + name: jenkins.jenkins.io + resources: + - kind: Deployment + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + - kind: ReplicaSet + name: "" + version: v1 + - kind: Pod + name: "" + version: v1 + - kind: Secret + name: "" + version: v1 + - kind: ConfigMap + name: "" + version: v1 + version: v1alpha2 + description: |+ + ##What's the Jenkins Operator? + Jenkins operator is a Kubernetes native operator which fully manages Jenkins on Kubernetes. It was built with immutability and declarative configuration as code in mind. + + Out of the box it provides: + + integration with Kubernetes + pipelines as code + extensibility via groovy scripts or configuration as code plugin + security and hardening + Problem statement and goals + The main reason why we decided to implement the Jenkins Operator is the fact that we faced a lot of problems with standard Jenkins deployment. We want to make Jenkins more robust, suitable for dynamic and multi-tenant environments. + + Some of the problems we want to solve: + installing plugins with incompatible versions or security vulnerabilities + better configuration as code + lack of end to end tests + handle graceful shutdown properly + security and hardening out of the box + orphaned jobs with no jnlp connection + make errors more visible for end users + backup and restore for jobs history + + + displayName: Jenkins Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAlgAAAIYCAYAAACxPpKwAAABhGlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw0AcxV9TxaIVQQuKiGSoThZERRy1CkWoEGqFVh1MLv2CJg1Jiouj4Fpw8GOx6uDirKuDqyAIfoC4uDopukiJ/0sKLWI9OO7Hu3uPu3eAUC0yzWobBzTdNhOxqJhKr4odr+hCLwIYRr/MLGNOkuJoOb7u4ePrXYRntT735+hWMxYDfCLxLDNMm3iDeHrTNjjvE4dYXlaJz4nHTLog8SPXFY/fOOdcFnhmyEwm5olDxGKuiZUmZnlTI54iDquaTvlCymOV8xZnrVhm9XvyFwYz+soy12kOIYZFLEGCCAVlFFCEjQitOikWErQfbeEfdP0SuRRyFcDIsYASNMiuH/wPfndrZScnvKRgFGh/cZyPEaBjF6hVHOf72HFqJ4D/GbjSG/5SFZj5JL3S0MJHQM82cHHd0JQ94HIHGHgyZFN2JT9NIZsF3s/om9JA3y3Queb1Vt/H6QOQpK7iN8DBITCao+z1Fu8ONPf275l6fz9IqnKWZyls5AAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAuIwAALiMBeKU/dgAAAAd0SU1FB+MLEgghNpzyvEsAAAAZdEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIEdJTVBXgQ4XAAAgAElEQVR42uydd3RUVdeHn0kvpJKEFlrovTfpIL03KQICIq8iIihFULoUUQEpSlNAEQEBAekgRZoIoXcChAQSQgJJKOmZ+f6Y+H6+Srt37kxmMvtZK0sXyT733HP2zP3dc/bZGwRBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEARBEATBrOhkCAQNcAUKA2WyfooABQFvIO9T/j4NiALigGjgNhAGXAVuAckypIIgvCTuWd83JYHiWf+fFwjK+q/bU2zuAQ+BSCAcuJT1cxNIlSEVRGAJ2YUDUAtoBjQBKgG+GrX9EIgADgJHs/4bLkMuCEIWBYF6QB2gAVA062VOCxKAM8A+YC9wBMiUIRcEwdzUARYAMYDBQj+ZGFe2ZgENs8SdIAj2tRBQB5gJXAQyLPj9Ew18k/XdIwsSgiBoigswGDgL6C34xfasnyhgNlBZpkYQcjTlgM8wbuMZrODnMjAE45akIAiCScJqFMY4KYMV/uiBP4DugKNMlyDkCHRAR+AAxtVra/zuiQE+EKElCIIaulrRW+PL/IRjXGVzkakTBJvECRgA3LCh7507QF9k61B4ztuCIPxFMLAYaGWj/b8JfAKsxrjCJVgWB4yriS6AD+AP+GE8AOEK5Mt6MJH1Oy+Nr/8E44rrX9zDeCI1KWvVIQGIx3iKNVN8xGqeQZ0wbgUWt9F7OPA3cSgIIrCEf9EbmJ/1YLR1DgFDgVMyrZrimiWKigIhGNNxBGf95MN4LN4byG3l9/EAeJT139t/+wnPekhex3iaVY7rm5eKwBygcQ64lyfAu8AKmVZBBJbwF87APOA/Oey+MjGePBwnD0rFeGSJp7JAeaA0UCLr3/ztZAziMW4BXQKuAeeBcxhXSZ+Ii5iEOzABGE7O29ZfjjFcQXL5CSKw7Bxf4FeMOWVyKpeBPsAJme5nPuwqAjWAqlk/IWi/fZdTeJwlsk4BpzHmaruIccVLeDHlgZUYc+flVP4EWgP3ZboFwT7JD1zBdgJKTflJAd6TKQegAMZDDHOyHgSP7MQHzPmTlCW45gO9MFY1EP7N21ljZQ8+cRPjVrogCHYorq7a4YNwLfZ3tDoP0ANjssSrWDZJo73+ZGKM5VqKMbYxv51/3zgDy+zQDyJEZAmCiCt7+jmRJTpyKk5AfeBTjCU/MhHBYw2C6zzGTOSNsa90IoEYy83Y69xHAIXksWOfSAyWfeGFsb5WdbO8pnp4UaxSTSo2bI5/3gJ4+QXg5OyCq4cn7l4+GPSZJMTeBQOkp6VyPyqCJw8TOL13G3fCLpMUf89S4xCJsfTFzRwyr94Y60J2BlpiP4HotspjYDuwBdiMMX1ETn2Z24/xgITZcfPJTcGSZanUuDWeXj4EBBfG2cUVdA745A7EwcmZpIcJpCUnkZGRzuP4+zy4e4fzh/dw7eQx0h6bbRrOYqyZmCiuLwJLyLlzvQbopmWjeUuUo2G3fpSs+gqBwYXx9PHDYDAo65hOR2rSExLiYoi5FcaNs6Ec3bKGuPBr5hyPGKANEGqj8+kDtMUYT9UaSbJqq6QDe4CfgY0YTy/mBMpiLJgcZK4L+OYvTN0OPSlepTZBhULwDQjCzdNL1fdP0qNEYm/f4saZ4+xds5Soy2e17u42oD1SOFoElpAjGQtM1aqxRr3epnbb1yhctpLxLVFTr9SRlpxE7O1wLh07wG8/LiY2/Ko5xiQBeNWGRJYn0AJj9uiWGPNSCTmHNIwrzD9mia3HIq7+F78CRXn19f9Qtk4jggqF4OrhCQoF1YvISE8j8sp5jm1dx54Vc7VsegowXtxcBJaQs3gFOIgx07ZJ1O8+kCY9BxJcohw6nWXcJy0lietnjnN400/8sXGl1s3HArWw3u1CHVAH6Idx9dFX3NkueAKsA77HuM1mK1nngzFDnGPVFp1p2K0/xSrVwC2Xl+ai6mkYDAaib1zltx8XcWD1Yi2a1Ge9IO0R9xaBJeQMcmGMATDpNEuugLy8OW0hZWs3wtHJKVtuRK/Xc+viafasXMixzau0bDoCYx6oe1Y0b0FZomoAUErc2K65CXwHfAtEW3E/A4HDaBhzVaV5J1r0e4+QCtVwcMyemu56fSYXj+7nx6kjtVhJvw2UQ/KmicAScgSzMGZMVk2t9r3oMmw8/nmDreKGDHo9V04cZuOC6YQd/12rZk8Bdcn+DMz1MJb5aY9sAQr/SzqwFWPKjT1Y16qWK/Bb1mfIZIpUqkWn9z6hTO0GODg4WsUNJsbFsHH+NA6u/dbUppYAg8SdRWAJtk0VjMv1qrcG2737Ma0HDsfZ1c3qbi7lySOOblnLj5Pe16rJdcBr/H9BYks+nPoCQzBmVc8x5CtRDidnF0rXboiLqzEFmbtnLjDj9nJK0hMMej3paalc/mM/BoOeyIunc9pn+zLGElcryP7SPTqMW5m9tWisx8df8kq77nh4W99ueEZ6GrtWLGDDrHGmNJOJMZXKUXlEicASbJf9GNMRqKLbqOk06/MODo5OVn2T4edPsnLaKMJP/6FFc2OAGRbqehDGArHvYNxesRmCipaidK0G5CkUgl+eAuTy88fV3RPv3IE4Obvg5pkLN4//F1KWitf7J/89UWYwkJ6aQtKjRNLTUnmc8ICUJ494nPCA+Jho4mOiOLN/G/duXrW1z/gjjBnkv8a4/ZQdvJN1fRPFeHn6T5lPSMXqVj3gBr2e/T8v58dJQ01p5jjG2E8DgggsweZoiTHXjiq6jppOcxsQV3/xJDGeX+ZNZf+qhaY2lQ40wpgc0VyEAB8C/bHizPJuvgEULFGGas064J8vGC//APzzFsA9lzceXj458kOTmvSEpEeJPIi+zcMHscTdieD84T3cPHfKknnaVHUdY6WCqRhLYFmKqsAhU/24btf+dB02Hi9/23jPMOj1/PbTElZP/dCUZnpgTJ0jiMASbIzzGIMpFdOs//t0eX8CTi62lVopIz2NPSsXse7zMaY2dQtjUVqtj8kXw7hC1hdj+RCrwd03gJLVXqF83SbkLVIC/3zB+AbmUZVXKMd9SWblaXv4II74mDvcDQ/jzP7t3Dh3kocxt62tu/osofUl5i9w7okxdtGkoPb2Q8fTqv9QqwxDeB6ZGels+GoKO7+dpbaJS1nf0bKKJQJLsCFUr14Vr9GAofNWWWX8w0u9WRr0/L5uBT9MMLm280qgj0bdCgGmY4zvsgqCQkpTpXFrQirVIE+hEHLnL4iHty8GvV4+PS8luhxIefKIBzF3uHvzGuEXTnNq71airpy1pm5uASZj3I4yB/MxbnGrptf4OTTq1j/bTgiaSvLjhywe9Rbn9m9V24SsYonAEmyMfRi3uRQzafNxChQvY/MDELp7M98Me92UfDkGoB3GU1tqKYYxwWsfrGDFqkGPtyj3ShOCi5fBP18wLm7udr86pZ3g0pGemkL8vWgir5zn6onD7PtxIZkZ6dn+zgH8hDHJ5WUN222E8SSjamU04LOl1GnbPdvi87Qi6vplpvRoQvoTVZkX/sQYiyWIwBJsgLLAOVScHHx9wlc07v5mzlGZa74zNRD1FlAG5akbAoGPMJ4KzLZ91mLV6lG9RUeKVaxOvqIlcffyQXYjLCe4kh49JOZWGDfPn+TEzo1c+WNfdnYpE1iKMUYr0sS2XIELWS8Qqug1bjaNewy0eXH1F4d+Wcnyj99WK4BrYLsluwQRWHbFFxgDqBVRqHw1Ri3bgpunV44ZCIPBwI5lc1n/xcemNDMDY9zUy+AGDANGk00Z18s1bEmtVl0pUq4yeQoXz7aksML/os/MJO7OLcIvnOLY9vWc2bM5u7qShDE33meojzH8BOOKmKpHTsdhE2n95jCb3RZ8GmkpyXz1bneuHN2rxnwR8LZ8SkRgCdaNM8ZVl3xKDYd/+yvl6jTOcQOSkZ7Gms8/Yd9K1afIU4AKQNgL/q4HxjirIpa+x8IVa/Lq6/+hWKUaBAYXQefgIJ8Eaxb+ej33oyO5cfYEhzev5sKB7dnRjeisF4cfUJawtCDGU4qqTg3W6zaA18fOtLmA9pfh6onDzOzbQo3pfaAAxpOggggswUppiDH3lSJK1WnC8G/W2dypwZflccID5r3Xk+uhh9U2sQHo8ozfVcCYWbuuJe/J0z+Itv8ZSdk6jchbpISsVNmq2DIYuHvzGldDD7N16WweRN6wdBdCMW5lv2wSuRUYT8EqJn+pCoz87le8/AJy5FzqMzNYNPJNQnesV2PeEdgknwgRWIL1oupUz/uLN1Kh3qs5emCirl9mfDvVCQz1GOMkTv7t33yBiVnjbRF1o3NwoF63AdRu3ZUi5avg6u4pHp+DSE9N4dbFM5z8bQt7fliAPj3NYjoPWA6MxLia8iwqY0z9oGpvb9y6QxQuWzlHz+HlP3/ni36t1Zh+CwyUT4EILMF65/IKCnPSeOcpwPStJ3H1yPkP6z+2rGXpqAFqzTcDHbLGuQswB+OyvtnxDy5K20EjKFu7EQHBhcXTc/wnWUfCvWguHN7L7pXfcPviKUtd+X6WyPoeY1D8P9mEsUamYvpOXkDDbv1y/KnV9NRUJr3WkLvXzit+B8S4/Sp5UnIQjjIEOYYCGE8IKaLz8EmUqFrHLgYob9ES3LsTwZ2r59WYl8CYvHUmxiBfb3P3t2KTdvT6+Au6DZ9ESKUaNpubTFCOm2cuCpWuQN0OvShTuxGZwJ0r58x9WY+sl4gGGLcM/76aVRljcLzil/IKjdvQeegnNlMVwqQHqpMTTs7OnNm3TampF/AzECven7NWPYScQW+MAauKmLTpTwqUKGs3g3Q3/Brj2laz6oSaTfsO4ZX2PQguWV5iqwTAmEA36voVjm1dx7ZFn1nikqkYc7h9hXE1aznwhpqGJm48RnDJcnYzV/cibjC2paqa7W9jPFEo5BTBLUOQY+gJ1FNi4OrlS7cPJueo49IvIpdvbty9fLlwaLfV9a3D0PH0nfgVtdp0wzcoHw5yGlD4601Yp8PbP5AytRvySsfeeAXk4bJ582o5AS2A5sBNjCdkFav9LiOmUq1p2/8W/bYH3DxzcfbQbyTei1JqehvTEhsLVoZ8g+ccFKdfb/3WBzg6O9vdQNVp1x1P/yCr6U+3UdOZsfsC7d4eRZ7CxXNM8kXBPAQUKESbtz5g9qFwek+ca+7L1QZ+w5hcVBEunt7U69jLrsQVgKOTM7XbdFNjWlK8WwSWYJ0UVWpQJIef6HkWuXz96TtxTrb3o+P7E/l831Va9HuPgAISvC4ow8s/gEavDcgSWvOsrn+9x83Cyz/QLuemYKkKqszEq3MWEuCRc1D8mmjNX34PH8QSHxNFRqox955vnnz45cmPg4M225nl675KYJGSxIZftfi9tXv3Y+p27CWiStBQaPWnQr1XObplLRvnTMj2Prl4eFG5USvN2jMYDMTHRBEfEwUGA47OLvjlyY9PQJB1zolfbjVmHuLNIrAE68MRUPyJds9lXWVxDHo9ty6fZf+a7zj083f/+n3hijVp/85oytRqgIubu0nXcnX3oOsHk/hmaE+L3V+9rv1p1ucdYzFt2QYUNCZ3/oK0HfQhtVp1Zt+a79j13exs60vv8bPx8PYxuZ30tFSuHD/MtqWzuHps/79+X6t9L5r2eosi5atq9vKlBbnUCSzB3lc9BKvlElBaicH0XecJDC5iFZ1/nPCAncvnsX3x5y/827L1m9Nz9AzyhZQ0+Zojm5YhPfmJWe+tbP0WtH9nFMUq1pAyNoJlXlYMem5dPMOOZXM5se1ni19/9uFwkzO234u8yarpozm//8UpD5q+8R5tBg7HO7d1rGjF34tmZKMSSs3uAMHivTkH+bbPOaQrNXh4/55VdDz2djgLhvV5KXEFcPHgLsa1rcqlPw6ACYkLc/n60+Y/I812Xz75CvHWF8sZOm8VxSvXEnElWO7NWedAkXJVGDhtIe8v+gX/4KIWu3aXEVNNFldXThxibIsKLyWuAH5bMY8Fw/pyN/yaVYx/wr1ocUJBBFYOQvEyTErSk2zvdOztcL56tzvX/jyg2PbLAW048/tOlW/4Bk7v387GORPNcl9tB49l/Jp91GrdFScXV/FOIVtwcnGlQv1mjF97gG6jZljkmhXrNzdFGXL+0B4+79tSsen10EN88WYHom9czfZxT09NUWMWJx4rAkuwTiKVGty9mb1vewn3ovlq8GvcvXZBdRvz3ulK2Ok/FdmkpSSzdcmXzB/cTfN7KtewFePWHaLDu2PwCcgjXilYBbl8/WnRbwiTt4RSpXkns12nfKPW5Cumfuv+1oXTzH+/t/rvlOgIPh/QjvvRkdk63jG3rqsxixJPFYElWCc3lRqEnTqWbZ1NTXrCms8/4W7YRZPbWjhyAHG3b73U3z58EMuycUPMsnLVf/piBs9aQeGylSWXlWCV5A8pxaDPlvDOV6vM0n7Kk0ckxKjbHku4F83i0QPJSH5sUh8e3rvDD1M+JPnxw2wZY51Ox7WTRy3yHS5YN5LJPedQCGMdsZd/Xbp2gVf7DMbZ1c2iHTUYDOxcMZ/fvp+vzZf6owRio29TpXFrHJ2enTg1+uZVFo18kwu/79D0fqq16sp7C9ZQpmYDnOwwcatgY1/6Tk7kL1aKep37kpqWyq3zJzVr+0FUBJeOH6Zohar4BuZ9abuM9DRWzfiIK0f3atKPe+HXcHbzoFSNehYf39TkJ6z+bCypygXeSuCYeGjOQVawcg6n1BjFRNyweEcjLp3ll9njNW3zzJ7NHNu27pnpDy4d+50JHWpx89RRTa87cOZ3vDV9MUEFi4oHCjaFf75gXh87kyEL1uLiqV3t8tuXTjGlaz3OHHj5+Mgjm1fzx8aVmt7f5nlTuH7muMXHNebWdRLvqtqiPC5eKQJLsE4uA4pfmc4f2mPRTmZmZLBzxXyztL3ik3eIvn75f/7NYDDwx5a1fNm/NfqMdM2uVbVlF6bvPEfttq/h5OIi3ifYJI5OzlRu3Jopm45Rt2t/Tdue904XDvy8DH1m5nP/LvZ2ON+PG2yW+9v+3VdkZmRYdEyvhh5RY5YCXBSPzGGfLxmCHEMG0BIoosTozvUrNO7+Jk7OlhEJd65eYNWUYWZrP+F+LNVebY+DgwOZGensXvkNKye+p90biaMTPT7+gk7vjrWanDuCYCoeXj5UqPcqAYVCOLt/BwaDXpN2z+7fjl6no0TlWjg4/juvtUGvZ+0X44i8dNos93X3xmUqNGiBf94CFhnHtJQkvvvkXZIS7is1DQUWiCfmLGQFK2exW6nB47i7lltG1+k4e3CXWS9xaucvnD/8G2mpKWyYO4WfP/tIs7YLlqvG6JW7adprEC7uUtVCyFk4ObtQv1Nvxq0/RPEaDTRrd+vX01k5dSQpTx7963cX/9jP4fXLzXpfZ3/fabHKCTfOhqotv/WbeGDOQ1awchYPgbeVGiUlPaZG845mT4SZmZHOujmTSLh726zXibx2ibs3r2oWRA/w6htD6TthNvmKlhAvE3I0PrmDqNasHegcCFO33fUvIi6eIjriJmVqNcA16+UkNTmJ78a9a/bvg/sxUTTs2u+5B2C0QK/Xs+nrGdy+fFaN+WjgtnhfzkLOkuc8LgOllBqNXb2PkIo1zNqxx/H3GVbX9gocD5i+hFptupr9C1oQrAmDXs+pvVv5WsN6nRUataHvhNn45cnPn9vXs/jDNyxyL7MO3jD7lv7tqxeY2LGWGtNojCVy9OJ1OQvZIsx5bFBjtHvlwhcGo5ossBIf2NRA+hcM4ZOfD/FKh54irgT7e/t2cKDqq+2YuOlPQqrW1aTNc/u3Mm/o69w8F8q6OZMsdi+JcTHmFaMGA/vXfqfWfI2IKxFYgm2wXM2H9fiWNVw/K6eE/6Jqi86M+WEHRcpVlsEQ7JrgEmUZOv8nGnQfqEl7EeeOM7V7Qx5EWi5FjMGEmqUvw42zx9m/apGqrgErxMtEYAm2wVXgkBrDtV+MIyXpsdk6lss3t00MYNt3x/LmtIX4BeUXbxIEjKV2eo35jJ6fzLLJ/pvzs5yemsLmb2aqNT8JnBYPE4El2A5z1RjdPHWU0F2bzdYpN08vilSqadUD9+bMb+kweMx/A3EFQTDi5OJKk55vMXjeahycbCf3W+5CxXD18DRb+yd2bTKlOsQ88SwRWIJt8QvGlSzFLBs7yGzV6J1cXKjeopNVDphn7jyMXLGDOm1ekzqCgvAMdDodVZu25eM1+8hdqJhN9LlW665mS6sSE3Gdb0e/qdb8DvCTeJUILMG20KNyFQtg9cwxJD8lZ43JGAyUrd3I6gYruFxVRi/faqxbJuJKEF5I4TKVGPndr5So1dDq+1qpYUswQwxWWnISqz/72JQmpgFp4k05F8mDlXM5C/QC/JQaxt66jpOLGyWrv4JOp60G9/IPIDbqttpcMZpTsUlbBn22RGoJCoJCPLx8qNK4NXHRt4m6Zp1VXso3ak2LN97FwUHbR51Br2fX9ws48NMitU3cAd4AMsWTRGAJtkcmcB/orMb46vGD5A0pTXCJspp2SqdzIKhgUQ6s+Q7jAZrso17X/vT+5EspeSMIKnFxc6dCvWakpqZy88yfVte//3y5HL882ga463Q6TuzezA8ThpjSzAfACfEgEViC7XIBaIExiZ1iTu7aSKmaDQgoUEjTTnnnDsIrIA/nDmzPpmHR0XzAcLoMn4CHl494iSCYgJOzC6Wq18XF04vLR/dZTb+6jZ5BtabtNN/2Dzt1jHnvdsOgV734dAF4B8l9JQJLsGkMwClgECqz9p/ct53StRpo/hZYsGRZHj96RPg5y7/EtX57NB3eHYOrm5wUFARNHiROzhSrVAMXj1xcOro32/tTp1MfOgz+CEeNi9hHXjnPgmF9SDYtaXJ34IZ4jQgswfaJBoIAVXVwMlKTOb77V81FloOjEyWq1CY+Lsai8VjdRs+gZf+hOLu4imcIgoY4ODhQvHJN/PMX4szerdnWjyotOvH62M9xz+Wtabu3r55nzuDXSIyOMKWZZcBX4i0isIScw0GMAe++akXWn7s2Ubp6PfzzFtCsU86urpSp2YCEuHsWEVk9xn5Bs95vS9kbQTATOp2OQqUrZJvIqtKiE29M+Ipcvv6atnvr4mnmDH6Nh3cjTdJoQHsgVTxFBJaQc0jDuFXYF5VbhZmpKRxav4LC5auRp3CIZrminF1dKVOrAXoDXD951KziqmmvQegcJDOJIOREkdX49XfoMWqatuLKYOD8kb3M7NOc1McPTWlJn/WSe148RASWkPO4BbgADUxp5M+ta/HKHURwyfI4OjlpI7JcXClVvS4BhUI4/dsWEVeCICJLEb0nzqP1wGG4eeTSrM2M9DQObfyRRcP7aNHcbGCBeIYILCHnciBLYBUxpZFzv+8k8UEcRcpXwc1Tmy80B0dHCpWuSKXGrbkddpn46EhN2hVxJQjZKLJKmVdkBZetypD5P1GlSWscHJ00azcx7h4b509l45yJWjR3FOiNnBoUgSXkaAzAdqArKhKQ/p2Ii6c4uX8H+UNKElCgsGZbhr6BeSlftylHtqwlPfmJSW21fns0Lfq9p9lKmyAI6kRWLv8Azv++S9O2u4yYSq+PppOnUDFURj78+wvSYOBa6BGWfDSIM79pUpf1DtAMSBRvEIEl5HyeAHuBPhi3DFWTlHCfo5t/IjUlhfzFS2tyakefmcn2b+dw8ZBpX8Zt3vmIdm+PktOCgmAFIqtw2co4u3lw+Q/T82TV6dSHt2Z+S9UmbXDRMNVKQuxdtn87h+Ufv83D2LtaNJkKvIrKurCCCCzBNrkHHMcYdGny3tn1U39w8JdVePnlJk+hEJzUihqdjmPb1rF2xiiT+lOvW386vzcOFzd3mWlBsAKMKRxqkJqayvVTf5jUVqPuA6lYv5lmCURTkh7z5/b1zBv6OhcParbKZsB4YvCgzL4ILMH+uAFcBjppIbIyUpM5s3crpw7sxCcgD35B+RWvHt08f5KvBnU0qR8VGreh38SvNIsNEwRBG3QODpSoWocH9+6alJbl7IHtlKrdiID8plWYSEl6zNnfdzHvvZ4c2fC9ySEJf0MPvAX8LLNu5z4vQ2D3dANWAZoGKrn7BtBrzGeUqdUA36B8L/z7h/dj+XJQJ+5cOq36mgXKVObDxRtyXG1Bg+H/azbqdPKRFazDF9X6Y9KjRL75sB+XDu1W3Q83b38m/XKE3PmUVwF7eP8eF47sZcPcqcTfuan1EOkxVs74VrxFkG9rwWwi6y+a9X+fqq+2o1DpCri6e/7r9xlpqfw4bRQH16r/TvLNX5iR324iT+HiNvGx02dmkJ6WyqMHsSQ/fsTD+/fISE/jXsRN0tNSSU0yvk0nP35IWFZ+ML1eT/l6r/43Uap7Li9cPXLhlyc/zq6u+AXlw9XdA5+AvDg6OaFzcCS7C2oLtkFmRgbJjxJJevyQR/djSXqUSErSE+5HRZCelkpGWhoAd8OvERthrPLiE5SPQqUrAuDo5ISLmzu+Qfnw8PLBzdML38A8uHnmwtPHH0dHx//Z0ku4F82MN1oTd+ua6j5Xad6Jtz5bgour2wv/Ni0licjL5zm1bxs7lnxhrmEUcSWIwBKeSgdgJWC2vTU3bz+a9RlMyep1KVC8DF5+udE5OHDwl5Ws+Pgd1WLA0dmFUSt2UKxyTSv8hOnITE/nSeIDYm+Hcz/6DpGXz3LlxGFunDxitsuWq9+CwuUqU7R8VfyC8hMQXBgPLx8cHCUqwN7JSEvlfvRtYm+HExcVQeTlcxz6+TsyMzLMcj1XTy+qtexM4dIVCSxYlMCCRcidvxBxt8OZ3rcVyfGx6t8MR02nxRtD/hWPZdDreZwYT1TYJa6dOsbenxbzMOaOOYc1FXgT+FE8TBCBJTyNV4BfMNYuNDuVm3WkcJmKbM9OJ54AACAASURBVJo72aR23p7zIzVadPzX9kV2oddnknDvLnfDrxF+/hSn9283q5h6adHVoCUV6r1KoTIVyVukOF7+gbLlmNO/4HU60lKSib0dTtT1K1wNPczeH762ir7Vf+1N4qIiTNoqBPjguy0Uq1STxNi7xN+LJur6ZS4c2cvp3ZssdSsJGGNZ94vHCSKwhOdRENgKVLCFznYdOY0WbwzJ9kSimRnp3Iu4wY1zJ/lz+3ou/L7D6seuWssu1GjZicJlK5M7f0EcHGR1K6eIqqSHidy+doGLR/dzbPt67t24nGPv18nVnYzU5Oy6/CWMq//XxPMEEVjCy+AGLATesOZOvtLlDfp88iXOLxGDYQ4MBgOxkTe59OdBjmxaxfXQwzY74eUbtaZO29coXqUWufMVlE+ADZKWkkzEpbOcO7SH/Wu/48n9GBkU87IKY8zVExkKQQSWoJQ+wNeYMS5LLUWr1OG9eavw9g+0+LWTHz/k2qk/OLj+B07t+iXHTXq9bgOo3aYbxSrVyDbxKrw89yJucOHoPnb/8E2OXqmyIp4A7wPfIadIBBFYggmEAIuBptbUqYkbjxFcspxFr3k/+jZnf9/FxvlT7WJ1ICikNB0Gf0TZ2o3w8g+QT4IVkZmRQcSlMxzZvJp9P34jA2I5jmAMZhclK4jAEjTzk4HA54BPdnfmna9WUa1Ze4tdL+7OLY78uobNJgbj2+zk6xzo+cmXVG/eIcflGLNFYXX9zHF2rZjP6T2bZEAsRyLwMcbQiUwZDkEElqA1gcB0jLFZ2VJBueVbI+jy/niLBLXH3bnF0S1r2fTVJJn5LHqNmy1CKxvQZ2YQdvo4O5fP06oIsfCSQw/8AIwGJKhNEIElmJ1yGFezWlrSh0rWasR7c3/E3cu8i2iPHsRxdMsa1s4YLTP9DPpNXUi1Zh1wz+Ulg2FGDAYDkZfPsXXpbEK3S+UVSw49sA/4ADgjwyGIwBIsTU1gAtDaEhebtPk4BYqXMVv76WmpnPptCyunjiTpwT2Z3RdQoExlun0wibJ1GkmKB82/mXXE373DvtXfsm3RZzIelhVWe4FJSKFmQQSWYAWUB4YBvQB3c1xg4OfLqN2mm9luIOLyWTZ/M5PTuzfKbCqkdofXaf/OaIIKFwODHKrSQuiH7trET5+NkVQLliMZWAN8BZyW4RBEYAnWRu4skfUGUE2zB3jH3vSfNA9HZ2fNO5zy5DGHflnJ6mkjZPZMwNnDiz4TZlOjRSecXVxlQFR9G+u4e+MqG+Z9yskd62U8LMM5jLUDVwGxMhyCCCzBFvyqXJbYap/1/6pw8fRm2taT+Abl1byTkVfO8dOMMVw9tj9bB6to0aJ07dqVwMBAihQpgre3N87Oznh7e+Pt7f2vv3/w4AFJSUmkpqYSHx9PZGQkd+7cYe3atcTEZO+KR/XW3ejy/ngCCxaVT4ECMtJSOb5zI9+NGYRBn72H1Fq0aEHdunXx8fGhWLFiuLq6otPpyJ8/v7Fo8z8/R5GRxpeVlBQiIiK4f/8+Z86cYd26ddY63JcwVqv4IUtgybKrIAJLsElaAtvVGr+/eCMV6r2qaYcyMzM4unk1308cij49zaKD0bx5c9q1a0eZMmUoVKgQAQEB+Pj44KDBqUi9Xk9cXBxxcXFERkZy8eJFli1bxrlz5yx6jw5OTgyZv5aKDZqL978E8fei+HXh5/y+eolFr+vi4sKgQYOoXbs2RYsWJTg4+L8iytQalQaDgYyMDO7evcvdu3e5ceMGJ0+eZNmyZcTGZstC0WVgEfArcENElSACS7B1nICLQAk1xk36vEuPUdNwcNQugPpR/H02zJ3CwTVLLTIAlStXpn///tSuXZuQkBACAiyfsDM6OpqwsDAOHTrE0qVLuXHjhkWu227IJ7Ts9x6uHp7ySXgGN86eYOnH73Dv+iWLCKquXbvSsWNHypcvT5EiRXB3d7fo/aalpXHr1i0uXLjA9u3bWb16NQ8fPrTEpTOBscAXGFMvCIIILMGmeR+Yo8bQ1duPqb8exzdQu63BO2GXWT7hPW6eOmrWm65WrRrvv/8+NWrUoESJEk/dVskuUlNTuXr1Kvv372fJkiVmX92q3Kwjr4+diV+e/PJp+Bv6zAwOb1zFinGDzX6tt99+m3bt2lG1alXy5s1rVeMQHx9PaGgoO3bsYO7cuaSnp5v7kuuAAcAj8UJBBJZgq/hjXIpXlbTq/UW/UKF+M006YjAYuHh0HwtHDCA5Ic4sN+vu7s6YMWP+u/3n6mr9gd4pKSmcOnWKDRs28MUXX5jtOnmLl2PA1K8JqVBNPhVAStJjti2dw7aFM8x2jVdeeYXBgwfToEEDCha0jeLd0dHR/PHHH8yfP5+9e/ea81JngLbAbfFGQQSWYIssBP6jxrBOxz70mzRXk1OD+sxMDm9axYpP3jHLTVasWJHRo0fTtGlT8uTJY7OTdevWLXbs2MG4cePMFiMzZMHPVG7cyq4/FA8fxLLm8084tulHs7Tfr18/BgwYQI0aNXBzs81C3RkZGZw8eZI1a9Ywa9Ysc13mXpbIOi5f1YIILMGWKAFcAFQppOk7z2lyCi09NYXfflrCupljzLJCMHbsWBo0aICXV87JZv7gwQN27NjBhAkTCAsL07z9N2d+S61WXTWNq7MVYm+H8/3k4Vw6tFt78TpkCIMGDaJs2bJWtSVtCgaDgStXrrBq1SqmTJlijks8AToDu+QrWxCBJdgKG4EOagx7T5xHo9f6ayKuNi6Yxs6l2r4BV6xYkfHjx9OqVSs8PDxy7AQmJCSwadMmBg8eTFJSkqZt9/j4S5r0GGhXIutexA0WDO/DnUvaVl3p06cPI0aMoHz58pqcRLVmobV48WJmz56tdfMZwOvAWvnaFkRgCdZOHeAQoPjbPn/pioz5fgfuubytUlzNnz+f7t27Z8tJwOzi9u3b/PDDD4wdO1ZjkfUFTXq8ZRciK/rGVb4Z0Z+oy9qJq4YNGzJhwgQaNmyYY4XVP9Hr9Rw7doypU6eydetWEVmCCCzB7tgHNFJjOGL5dkrXrG914qpfv36MHTuWEiVK2OWEGgwGzp49y5gxY9i+fbtm7dqDyLoXeZN5Q3sRfUW705qLFy+me/fuT01Caw8kJyfzyy+/0K9fPy1PHWZgTIwsFbUFzZAKrYKWNAImqjGs27WfcdvIhKLBWourgIAAVq5cyYgRIwgMDLTftzCdjrx589KpUyeKFCnCjh070OtNTyV0/uAuPP0DKFKuCrocuApzL/Im84e+rpm46tChA7/88gstWrSwiVOq5sLZ2ZkKFSrQt29fEhMTOX1ak9KBDkAnjAlJL8pXuaDJd6cMgaChL+1F5erV5F9PkL9YadUX12dmsunr6Wz9Rpuj73379mXy5MkULlxYZvafwuj8eUaMGMHOnTu1GespC2jQ5Y0cNUYJ96KZ9Z8uRF05q0l7CxcupG/fvhZPDGrtpKWlsXHjRrp3765Vk5nAq8B+GV3BVGQFS9CKhqhcveowdDzVmrVXXZ7DYDCwb/VSNswap8mNzJ07l/Hjx9tVrJUSgoKCaNeuHZ6enuzbt8/k9s7s20Zw6YrkCymZI8bnSWI8iz96S5OEtuXLl2fLli20a9cOZzMUO7f5B5ijI+XKlaNLly6cPXv2v3URTcAB6AZsQoo/CxqsOgiCFn6kavXKyc2DGTvO4BuUT/XFT/62ha/f62HyTfj4+LB582YaNGggM/oyr/qZmWzatIkuXbpo0t6Yn/ZRrFINmx6T9LRUVk75kMPrl5vcVv/+/fn000/Jn1+y4L8M8fHxfPrpp1rlzooGqgNRMrKCKWpdEEylASq3Bnt8NMMkcXXjXKgm4qply5aEhoaKuFK4etC5c2dOnjxJqVKlTG5v7pAexN4Ot9nxMOj17Fw2TxNxNW3aNBYsWCDiSgF+fn5Mnz6defPmadFcPozpZmRPVhCBJWQrqs7wu3h6U7NlZ9UXfXD3NotHDdRkpeCHH36gWLFiMpMqqFKlCjt37uTVV181qZ0n92NYOeVDkh4l2uQ4hO7ZzMavJprczrJlyxg1apTEW6n5TnFxYciQIWzYsEGL5moAS2RUBdUvoTIEgolUBj5XY/jGlAWEVKyu6qJpKUn8MOVDrp84ZFLnR48ezfTp0/H19ZWZNAFfX19atWrFnTt3TCogHRtxHRydKFWjrk3ld4q8fI4v+7cxuZ1t27bRpUuXHJONPbsoU6YMTZs2ZdmyZaY2VRGIQ0rqCCqQFSzBVEaqMQosUlJ1XTqDQc/+tcsI3b7OZHE1ceJEcuXKJbOoAYGBgSxYsIBevXqZ1M72RTM59dtWm7nvJ4nxfD/lA5Pb2bFjB61atbKbxKHmpn79+pw4cUKLpr7IepEUBBFYgsXIB6g6H91xyFg8vHxUXTTs1J+snTFaE3FlqwVxrRVfX19NRNbCYa9zNzzM6u/XYDCw7ds5Jp8Y3LFjBy1atBAH0phq1apx4sQJU0WrG7AKiccSRGAJFmQYKraZPfwCqVBPXbzO44T7fPvxOyKu7EBkrf1iHClJj636Xs/+voudS780qY3t27eLuDKzyDp27Jipn/cywCwZTUEElmAJ3IE31Rj2GD0dD2/lMU8Gg4E9KxcRd+ua6k7369ePCRMmiLiygMiaO3cuTZs2VS9e9v7KwfU/WO09Prh7m0UjTCtMvnHjRlq2bCkOY2aqV6+uRZmnQUBjGU1BBJZgbnoBuZUauXh4Uamhurf1q6FH2PL1NNUdbt26NbNnz5bTWRYid+7cLFu2jJIl1ScQXTN9JFHXL1vdvRkMenYun0/ak4eq2/j6669p3769OIqFaNSoET//bFKpQQdgGeAhoym8DHJURVDLUowxWIroNnKaqoLOSY8SWfB+bx4/UJdcuXTp0qxZs4Y8efLIzFkQHx8fGjZsyPr160lKSlLVRnxcDFWatsXR0clq7uvSsQOsmjxMtf2YMWMYOXKkBLRbmLJly+Lj42NKmSdfwAXYLaMpvIwiFwSlvAJUVWNYtWlbVRc8sukn7oZdUGXr5OTE8uXLKViwoMxcNlCxYkVWrFih2v707k2cPbDTau4n+fEjfpoxRrX9a6+9xpgxYyQVQzYxePBg3nrrLVOaGA6UlZEURGAJ5kDVt1Prt0fjn1+5yIm5dZ3V00ao7uyKFSuoVauWzFo20qJFC2bMUF+I+4cpH/DwfvaXhtPpdBzZ/BPRV9Xl+sqTJw8zZszAy8tLnCKbcHV1Zdq0aVSrVk1tE07AfKTUnCACS9AYL0BV+vWaLTuDwaDMyGBg9w9fq+7shx9+SLdu3WTWsvuLxsGB9957j44dO6qyfxx3l6O/rgZd9j7T7kdHsnrqh6rtV61aRdGiRcUhspmAgAAWL15sShONgXYykoIILEFLegLeSo2qNO9E/mLK69XdOB/K/lWLVHW0WLFijBo1CmdnZ5k1K8DDw4MZM2YQFBSkyv7nmWOIyc7cWAYDe1ctwaD0JSGLKVOm0KhRI3EEK6Fq1ap8/fXXpjQxA5AvF0EElqAZqs6lN+zWDweFQcqZGRlsXTJbdUe//fZb1Q9zwTyUKlXKpGK8hzetUr4KqhF3w8PYoTLnVZ06dRg6dKgEtVsZb7zxBh06dFBrXgboK6MoiMAStKA4oDiYyT84hGKVaiq+2PUzxzmzZ5Oqjo4ePZqGDRvKjFkhnTp1on9/dfmjti38jJiIGxbvs8Fg4NDGlart586di7e3t0y+leHh4cGUKVNMaWIssooliMASNKAPKgI7m/V5B/dcyoJ6MzMy2LVivqpOFi5cmOHDh8tsWSnOzs6MGjUKncp4qsObVgGWXcWKCQ9jxxJ1q1fjxo0zJaBaMDMVKlTgm2++UWsegqxiCSKwBBNxBF5T9QVWX3lZnIhLZzitYvVKp9Mxa9YsyXdl5ZQuXZrZs9Vt/25b+BlxdyIs2t8/tqkrLJ4nTx4GDx6sWkwKlqFnz55UqVJFrflw5EShIAJLMIFKQGmlRtVadiFvkRKKL/b7BnUlUjp06EDbtm1ltmyAvn37qs7yfnrfdov188HdO2xZMFWV7dy5c8mbN69MtpXj4+PDzJkz1ZqXA9rIKAoisATVL3lqjGq3Vb7oFXPrOgfXLFXVyVGjRuHi4iKzZQP4+fkxbZq60kdrP/uIJw8TLNLPcwfVJe2uUKECrVu3lom2ERo2bEiXLl3Umg+VERREYAlq/aSTGsPiVWorM9DpOLV3q6pODhw4kBo1ashs2RCtW7dWVRBan5nB5WMHzN6/lKTHrJs9UZXt7NmzyZUrl0yyjeDs7MywYarLHzUFSskoCiKwBKVUBoopNWr+5nC8/JTVg05+lMhvq5aoe4UcOhQnJyeZLRvC3d2dUaNGqbL9ff336DMzzNq/8POnSE6IU2zXokUL6tWrJxNsY9SqVUvtKpYDMEhGUBCBJShF1epV5cbKt0dungsl/s5NxXY9e/akbFkpD2aLNGjQgMqVKyu2u/D7Tu6EXTZr3478ulqV3ciRI3F1dZXJtTFMXMXqibEQtCCIwBJeCh2gKhNfoVIVFP29wWAgdM+vqjo5ePBgKZ5ro7i5ufHxxx+rsj1/+Dez9et+VCRH1isvUl25cmWpfWnD1K5dm5YtW6oxzQc0kxEURGAJL62TgApKjdq/Nx43T2XxJ4lxMRz4SXl9sMaNG8sDzcZp0qSJqkSce1ctIS0l2Sx9Cr9wSpXdqFGjJPbKhnFycjJlFUtyYgkisISXRlVB07J1Gil/oJ1X90AbPHiw1Bu0cfz9/Zk0aZJiu/iocKKum2eb8I+tP6sWi4JtU6dOHQoXLqzGtDUg6loQgSW8FK3UGOUPUZ7f6OzvOxXbuLm5STBxDqFNG3WphC4d+13zvtyPiuT0buWJbidMmCBJbnMA3t7efPDBB2pMcwGisAUA5MiV8DxcgEZKjZq+8R4e3r6KbB4nPOB3Fbmvhg0bZvFEjgaDgejoaCIiIoiKiuLBgwekp6f/9/eurq7kzZuXAgUKEBwcTO7cucWTXoKQkBDatWvHr78qi8M7tPFHmvV+BycN859FXj2PwaBXbNe8efNsGbvY2FgiIyOJiYkhKiqKtLS0//+Sd3Iid+7cBAcHU7BgQfLlyyfO9hI0a6Y6nKo9sFlGUBCBJTyPhoCHUqOK9ZU/ZO6EXVLVwU6dOllkIAwGA2FhYRw/fpwlS5Zw4MABDIYX18Nzd3enW7dudO7cmVq1aklW7+fg6OjIm2++qVhgxYRdJO7OLfIWLaFJP3Q6HReP7FNsV6ZMGapWrWqx8YqJieHgwYOsX7+e9evX/4/Ifx5NmjShX79+1K9fnyJFiojjPYMSJUrQpk0btm5VnJevBcbSYpkyivaNbBEKz6ORGqMCxRVX1OHmuVDFNu7u7mZPzWAwGDh58iRvvfUWJUuW5PXXX2f//v0vJa4AkpOT+f777+nYsSP58uVj+vTp3Lp1SzzrGaitB3c77KJmfUh+/IjjOzcqthswYABubm5mH6Pr168zceJE8ubNS7du3Vi9evVLiyuAvXv30rdvX4oWLcrQoUO5cOGCON7TVh+cnOjdu7ca02CgpIygIAJLeB6KzypXbNIW7wBlMSj6zExCdytfUf/oo4/MelorMjKSsWPHUq1aNb799ltN2hw7dixFihRh0aJFPHnyRDzsHxQsWJCuXbsqtrvy5yHNCirHRFznUWyU8reRRo3MOjaJiYksWLCA4sWLqzoQ8DTmzZtH+fLlGT16NHfv3hUH/Adq8rNl0VxGTxCBJTwLH4wZ3JV9ITVujYODMrdKjIvh5uk/FHfQnMHte/bsoUqVKsyYMcMs7b/99tt07tyZixcviqf9DZ1Ox2uvKa9fGbrnV1KStBGs927dUGxToEABypQpY7ZxOXPmDG3btmXIkCFmaX/mzJnUrFlT0eqsPVC8eHEqVaqkxlRO3ggisIRn0kCNfxQpp/yN717kTVUdLFeunOY3nZGRwbx582jWrBn379836wDv2rWLcuXKsWfPHvG2v1GxYkXFNg9jbnM/KlIDgefAJRU1Dnv37o2np6fmY2EwGNi6dSuVK1fm0KFDZh33yMhIGjduzNKlS8nIyBBHxLhN+Oabb6oxfUWer4I4gPAs6qgxCgwuqtjm7s1rim26du1KUFCQpjecmprKxIkTGTp0qEUHulmzZooDu3MyhQoVonjx4sqFesQN030g+QkXVAS4169f3yzi6scff6Rt27YWHf9Bgwbx5ZdfisjKQuU2YX6Mmd0FEViC8C8UL3HX7tgbdy+l2bgNqjJmN27cWLOYGzCuXM2fP5+pU6dmy2C3b9+ebdu2iddhPLzQuXNnxXZ3rl8CE33i0YNY7kdeV2xXqlQpzcdh8+bN9OnTJ1vm4KOPPmL+/Pno9Xq790c1Yj+LmvJpFoElCP/EFaim1KjcK01AYfxGZkYGB9cqDyAvX768pje8fv16RowYka2D3qlTJ06fPi3eB1SvXl2xTfj5U2AwTRDE31Me6B0SEkL+/Pk1vf/jx4/TsWPHbJ2D4cOHs3HjRrv3xaCgILUrlJXlkywCSxD+SUVU5L8qUFx5kG9ibIyqDhYtWlSzm71y5Qo9evTI9kFPS0vjvffeIyEhwe4dMCQkRLHNqV2/kJpsWl3C+1ERim1q166Nh4eHZvf+4MED+vXrZxXz0KdPHy5fvmzXvujo6Kg26Wh5BBFYgvDPBQQ1RoHBymt3PXwQq9jG09NTs2zUKSkpjBw50moG/tChQyxcuNDuT3IVLFgQR0dHxXaPHsSpvqZOpyPq+hXFdlrWHjQYDMyfP99qTpcmJSXx6aefkpqaatf+qPIkYWkEEViCYKrAqtS0Pe65vBVf6ElivGKbfv364eSkTRGCLVu2WF2A+ZgxY7h27ZpdO2BgYCAlSijPzJ70KNGk68aoCJQ3IUbnX5w9e5YJEyZY1Vz8+OOP7Nu3z679UWXh5+IIIrAE4R/UUmpQvl5TdQ+0W8oDirXKN/To0SPGjx9vlRMwd+5cu3ZAnU6nKnGnmi2+v0hNTuLiYeUpMwIDAzW5Z71ez4IFC6xyPsaPH0+yiduvtoy/v78aMxfkJKEILEH4G7kAxQFO+YqqqwyR/PiRYptChQppcqMHDx7k0qVLVjkJCxYs4MaNG3btiGoOMqSbsJWVmZFBUoKy3Gc6nU6zYt7Xrl1jyZIlVjkXx48f58iRI3briyakhCkijxQRWILwFyVQEeCeO19BVRdTk6JB5dvk/2AwGFi+fPkL/87JyYmpU6eyadMmTp06xYEDB/jxxx8tUmT64MGDdu2IauLsom5cVp2+42Gc8gMXBQoUwM/PT5P73blz50v93eDBg1m/fj3Hjh3j2LFjrF+/nsGDB5t9PtatW2e3vujk5ETLli3VmBZEEIElCFkojub0zVcI7wB12yQx4cpjjbRYMYiIiGD9+vXP/ZtJkyYRFRXF2LFjad++PZUrV6ZBgwb06tWLdevWcejQIerUqWO2iZg3b55dJ3tUs/X2JFH9CcyM9DTFNoULF8bFxcXke01PT2fhwoXP/Zv+/ftz+fJl5s+fT+fOnalZsyY1a9akc+fOzJ8/n8uXLzNgwACzzcfChQuJiYmxS190dHRUFRMIBMgjRQSWIPxFBaUGhUpXxM3DS9XFoq6eV2yjxQPtwoULz02iuGrVKsaNG/fMh7yDgwN169Zl8+bNqmrnvQyhoaFERkbarSO6uroqtslMT1d9PTVJNbUKcA8LC3vudvXkyZNZuHAhpUqVeuoKnU6no1SpUsyfP5/JkyebbU7suXaml5eq7zh/BBFYgpCF4gjyCg2aYVCR4DHpoboTX1qkaHjeg+LTTz+lR48eL7XVFBAQwKxZs1SlFHgZIiIi7NYR8+bNq3xej+4lPU1dHJaaWoYqy6j8i+vXn33Yo2fPnowcOfKlXizc3d354IMP6NatmwgsjSldWlXWhdwIIrAEIQvFkcW586sLOs9IV/cg1KJEzv79+5/6705OTgwaNEjRNQoUKMD3339vlsmw1iB8i3w5OSj/etJnZppwReW5x7QS1mFhYc/83ciRI3Fzc3vptjw9Pfnwww/NMicXLlywW39UuXKeSx4pIrAEAcAXUHxcxicgyGIdLFasmKoH799JSkp6ZnbqSZMmqYr9ady4sVnu9+7du3brjM7OzoptUpMeq9FJRnGmYotQifB5HlFRUU/995o1a1KxYkXF7VWpUkWV3YvYsWMHaWlpdumPWs21IAJLsE/yY6xDqAi/IHVbdpkqVhu0yHCelpZGbOzTM8irrXEYGBhoFpEVGhoqXqmAJ/FxqrarAdVbi6ai1+s5f/7psYg9evRQtUrm4uJCz549Ne/rzZs37bYAtMoXO3nGisASBAAUJ7PyCiqAp4+6OE7TtnPUk56ezsOHD5/6O7U5tpycnNTGaAh2jl6vf2asXa5c6neYAgLkAJsVIGkaRGAJAqCitEORspVwUrGVY61voklJSarbteeUCoJpPGtl1pQV23QTTlQKmvFIhkAEliCAiqzDpWs1UP0QcNYg3YIaHB0d8fHxeervwsPDVbWZnJz8wrxaavD19RWvtBA6XfZ8HTo5OdGwYcOn/u55pwtfxKlTpzTvq4+PjyaHTOyIBzIEIrAEAVSUyPHys+w2RHh4uMlxWD4+Ps9MGrh+/XpVMSaXLl3iwQPtv0urVatmt86oZp79g4ugU3kIwkVF3i0tYgLh2clzly5dqsqvHjx4wM8//6z5nNSvX1+zQuu2hr0G9wsisARtUBwv4J8v2KId1Ov1Jj/UdDrdM+OlNmzYwPHjxxU/ZJctW2aW+1WTCyqnoGqLy2DZPpqypfx3QkJCnimUtmzZori9LVu2kJCQoPn9lipVymw536wdCQEQRGAJanFCRYoG91xeqi/onstbld2jR6aHNTRq1OiZvxs9ejT377980d+NGzcyf/58s0xK0aJF7dYh4WLzdwAAIABJREFUU1UUbg4uVR5HR3UrLK4eygPKn3VYQinPK8MyZMgQRfmnLly4YLbahOYsDWXtPOvk8Quw3zwrgggs4b+4YcyDpQgvX/WJip1d1eWV0UJgPS8D94EDBxg8eDB37tx5bhsGg4FffvmFzp07m21SVNY/s9sHmk9gXhxUrrDk8lV+GvbPP//U5F6fV3Ln0aNHtG7dmrNnz76wnZMnT9K6dWuePHki/qgxKstWJcujRQSWILijIgeWk4mB6iGVayv/xko2/TurRIkS+Pn5PfP3a9eupX79+qxatYro6Oj/ydmVmprK6dOnGTp0qFnF1cCBA/H3t99SZmpWsDxUrooCODkr9+WrV69qcq9BQUHPrWkZERFBpUqVmD17NuHh4f+zfZqens7169eZPXs21apVM1t5pWLFilGsWDG79UeVW672W0xUwEmGQMiisKq3fj/TSm0VrVidG6f/UGRz+/ZtypUrZ9J1vb29+fDDD/nkk0+e+Tc3b97k9ddfB6BNmzYUKlSIjIwMVq9erckq2ovo0qWLXTvkrVu3FNv45smnOkZPzXb3vXv3SEhIMPm0p4ODA6+//jpr16597t998MEHfPDBB1SvXp0aNWoAcPz4cU6cOGH2+Rg2bBienp52K/bVxMIBMfJoEYElCIrrwxQoXQkHB9MCXv3yFFBsk5iYqMkNt2vX7rkC6+9s3brVopORL18+XnnlFbt2yLi4OOX+FJRf9fXcvbxV+eKTJ080SadRt25dChYs+FJbUSdOnLCIqPo7LVu2tFtfTE9Pf2Y5oxcgMVh2jGwRCn+h+OkSGFzY5Iv65VX+QHxWWRGlVKhQgf/85z9WORkzZ87E29vbrh1y+/btim1MWVF1cnalePX6iu1eFKv3suTOnZvJkydb5Vx8/PHHz40Ty+moFFcA4fJoEYElCIrzLRSpYHqOJm8VebROnjypST00nU7HkCFDrG4iateuTdu2be3aGZ88eaJKSHubkJfNydmZvEWVB3Gb8PD9Fx06dLC6kkvu7u7079/frv1RZdH1WOAhgggswe5RXO9GTVDwP/HLq3yLcOvWrTx+/FiTmy5XrhxffvmlVU3E559/bvcZ3OPi4oiJUR6+4h0QpPqaBoOBQmUqKrYLCwvT7L79/Pyszh/nzp1r18HtYIzHVMFleayIwBIEAMVKx1kDgaXmaLyWqwY6nY633nqLdu3aWcUkTJ48mbp169q9M6opWVSofDXcPHOZdN2A/MqLfW/btk2zjO4ALVq0YOTIkVYxD127dqV3795274+nT59WY3YeQQSWIKjBw9v0VRZPH18CCil/O75x44Zm9+Hl5cWcOXMoVapUto5nt27dGD58uNR6A65cuaLYpnDZyji7uJp0Xb88ymMC9+3bpygx7YtwdHTk448/pnnz5tk6BwULFmTWrFm4ubnZtS8mJyczZ84cNaaX5CkhAksQABQ/Wbz8Ta9DqNM5UKtNN8V2SsvZvIiQkBBWrlyZbcfQX3nlFebOnUuuXLnEE4F169YptilepbbJK0n+KrastRb8YKyXuWzZMpo2bZot41+oUCF27dpFwYIF7d4XTTjE8Kd8kkVgCQKoiMHSisJlqyi2+eqrr0hJSdG0H9WrV2f//v0EBFi2gHWXLl1Ys2aNXdcd/Dv37t1j9+7diu2CCpleVsjDy4dStZsotnuZLOuK33jy5+f777/n1VdfteznsXBhdu7caXXB9tnFuXPn1JhlAmdk9ERgCYIqHJ200WRq0j3Ex8eritN5GZF15MgRiz3Uhg0bxqJFiwgODhaHyuLSpUsq/aiIydfWOThSvp7yVaONGzdqcrL1aSJr1apVDBw40CJbx61bt2bfvn0irv7G3r171ZidAlJk9ERgCYI6geXoqEk7ah+MoaGhZrmvEiVKsG7dOqZNm2bW8Vu9ejWfffYZuXPnFmf6G0ePHlVsU6Rybbz8tBhHAwVLlldstXXrVk3TNfzP5yMwkK+//pqlS5eaddynT5/O6tWr7brA+D9JSEhQW8j9sIyeIAJL+IvC2XVhNw9PGnQfqGrVwFz4+Pjw0UcfERoaSqtWrTRte9y4cdy4cYPu3bvj4uIinvc3kpOTWb58uWK7yo1a4eiszVjmLaouoeaZM+bbEXJ2dmbAgAHcvHmT999/X9O2u3fvTmhoKKNHj8bLy0uc8G+oOWyRxT4ZPUEElvAX2Xd0TaejZHXlqQnWrVunNj/NS3ZLR9WqVdm4cSOHDx9m8ODBqttydXVlypQpXLt2jcmTJ8sqwTM4d+6cqodaiaq1QaNUCf75gilapY5iu19//VXTdA1Po0iRIsyZM4fz588zdepUk9oaNmwYf/75JytXrqRq1apyevUp7NixQ41ZOnBQRk+QT5TwF2eBCkoMRn2/U5Uwehp3wi4xoX0NxXY///wzXbt2tdgg3blzh7Nnz3L06FG2bt3K+fPnSUtL+9ff+fn5UbZsWXr06EHlypWpUKECPj4+4mUvYObMmYwePVqx3RcHwvAN1O6QwM4V8/n5s49U+Uf+/PktNl7x8fFcuHCBEydOsHr1aq5evUp8fPy//s7Dw4Py5cvTvn17qlevTpUqVQgKChKHew6PHj0iICDgqZ/vF3AMqC0jKIjAEqxCYGWkp/NJ+5rE3bqmyK5Jkybs2rVLs3gwpcTFxZGens6jR494+PAhAQEBuLm54e7uLoJKIQ8fPqRGjRpcvXpVkV31Nq/xzhfLMRi0CzK/fvY403s0Vmy3fv16OnfunG1jmJiYSFJSEmlpacTGxuLn54eHhweurq74+/uLkylg9+7danORjQWmywgKTjIEglU4oosLTXoMZO1nylYv9u7dy6VLlyhfvny29PuvlA758uWTSTSR48ePKxZXADVbdtZUXAEUKFYGN5/cpCQqSyC6aNEi2rVrh7Nz9mQ98fHx+a+wL1y4sDiVCWzYsEGt6SYZPQEkBkuwFgwG1athapJSCtY2/Qa+//57VbbBJcpq3h83z1w0ek15geNdu3apKlItWBdhYWEsXrxYjel5JIO7IAJLsDbyFytFUEgZxXaff/450dHRMoA2zIULF1QJrGqtuhJY0DwHBio3Vnd6dOXKlWYPdhfMy5YtW9TmNdsAyOQLIrAE68LF3YOG3d5QbJeUlMSvv/4qA2jDrF+/XpVdzVZdzHb6rWCpCrh4eiu2mzVrllmS4AqW4e7du3z66adqTA3ADzKCgggswfowGKjYoIUq06+++orExEQZQxskIiKCiRMnqrItVf0Vs/XL1d2DLsPV9cuE+B0hm9m7d6/a4t2HgTAZQUEElmCV5C1cjCrNOym2u3jxotqcNUI2s3r1alV2zfq/Ty5f82bBL1Ozviq7ESNGcPv2bZlcGyMhIYFJkyapNV8iIyj8HTlFKFgVOgcHGnTpy6ldvyi2nTp1Kk2bNrV4sWZBPeHh4aryXgHUadfjX/9mMBj+m3A0+fFD0lKSTeqfu5cPZes35+LBXYpt16xZw4cffiiTbEOsW7dO1UlWIA5YLyMoiMASrJrilWvhk+//2Dvv8KiqrQ+/U5IpmfTeewKEGiD0XqQoIBYsWFERK9ix6xXrd7niVUBFUEAUuVJEUKQX6R0CSSC9914mmfL9EUWRBJjJTDKB/T6PzyOT2eWss/eZ31l77bWDKM/NMKncqVOn+PHHH5k+fbowYjvBzHPeiBk8Bv+IjtRWVlCQmUJeWjIFGSkknzjA6Z224cl87rnnuPHGG4mOjhY3uh2Qm5vL888/b27xJUC1sKLgIoeBMIHgD9o00eg/+X3ddyyZ/bBZZdPS0kQOoHbAkSNH6NWrl1llR9z7BEajgW3L5tv0NT799NP85z//EcfQ2DhGo5E5c+bw2muvmVO8AQgDxJqw4CJEDJbAJonpNxS5Qm1W2QULFqDX64URbZi6ujpzd2oBsHXppzYvrqBx88WuXbvEDbdx4uPjzRVXAKuEuBIIgSVoN7h4+XLLM+YFm37wwQfs3btXGNGGWb9+PWvXrr0urvW5556jsrJS3HQbpb6+viXiSg/8S1hRIASWoF3Re8zNZpd9/vnnKSsrE0a0QdLT03nkkUeum+s9fPgwixYtEslHbZTVq1e3ROyvBBKEFQVCYAnaFS6ePtzx8v+ZVfbAgQMsXLhQGNHG0Ol0vPvuu9ed+H3mmWc4duyYGAA2xvnz57nrrrvMLa4H3hZWFAiBJWiX9Bl3q1nZtAFmz57N9u3bhRFtiFWrVpl7xlu7Z+bMmZSWlopBYCPU1NTwwgsvtMSzmA0kCksKhMAStEsc3Ty4761PzC5/5513kp2dLQxpA5w8ebIl3oJ2z+7du3nvvffEBgwbYeHChaxZs6YlVYg1X4EQWIL2TbehY4juN8Kssvn5+cyePZva2lphyDakuLiYGTNmXPd2+Oijj8w+d1FgObZs2SKSwAqEwBIIlGoNkx6fbXb5ZcuWMW/ePAwGgzBmG1BXV8cbb7whdnb+wZQpUzhy5IgwRBuRlJTE5MmThSEEQmAJBAARPfow9hGzsywze/Zs4TloAwwGAwsXLmT+/PnCGH/jwQcfJCMjQxiilSksLGTatGkibYZACCyB4E8kEgnD73wYFz/zM7Tfc889Iui9lfnuu++YNWuWSFHwD06ePMmMGTMoKSkRxmglKisreemll9izZ48whkAILIHg77h6+3HPq/82u7xWq+XWW2/l+PHjwpitwKZNm5g6daowRDNs3LiRZ599loqKCmEMK1NXV8ecOXNYvHixMIZACCyBoCm6DBrJ2OkvmF2+pKSEIUOGcOLECWFMK7J9+3bGjBkjDHEFvv76a2bNmkVdXZ0whhXF1ZtvvskHH3wgjCEQAksgaHbAyuSMvvdxfCM7m11HRUUF/fv3FyLLSuzbt4/bb79dGOIqWbx4MW+99RbV1dXCGEJcCYTAEgjaDkdXd6a9uwCJ1PzhW1NTQ58+fYTIsjCbNm2if//+FBUVCWOYwPvvv88TTzwhlguFuBIIgSUQtC0hMbE8+N6XLapDq9XSv39/kT7AAhgMBtatWyeWBVvA119/zcyZM8nPzxfGaCHl5eU8//zzQlwJhMASCEzHSNzYW1oUjwWNnqyBAweyZs0asdPNTHQ6HYsWLWLSpEnCGC1kyZIlTJs2jZSUFGEMM8nLy2P69Ol8+umnwhgCIbAEAnOQyeWMmzaLHqNb9sNuNBqZPHkyc+fOFcHGJlJZWclrr73G9OnThTEsxIYNG+jfvz/79+8XxjCRU6dOMW7cOFauXCmMIRACSyBoCSqNI3fN/hCfiE4truu5557jiSeeoKCgQBj2KkhOTua+++7j/fffF8awMPn5+fTr14+lS5ei0+mEQa6AwWBg/fr1dO3alWPHjgmDCITAEggsgau3H098sgJ7jXOL6/rqq68YPnw4Bw4cEIa9zI/Zr7/+Sr9+/Vp6WK7gCtx3330888wzYtPAZSgvL2fOnDlMmDBBGEMgBJZAYGl8QiJ4/qufUDi6tLiu+Ph4+vbty7x588SRGv+gsLCQV199lbFjx1JYWCgM0gr897//Zfjw4ezYsUMY4x8cPnyYCRMm8PrrrwtjCITAEgisRWiXnjzzxRokEolF6ps5cyYTJkzg6NGj171tjUYjW7duZfDgwbz33ntisLUyp06dYvjw4bz66qvCm0VjLru5c+cSFxfHrl27xAARCIElEFib8G69eepzyy1b7dixg549e/LOO+9ctz9smZmZvPjii4wcOZKEhAQxyNpQ5M6ZM4fBgwfz66+/0tDQcN3ZQK/Xs2PHDsaOHcuzzz5rsZ2/HkERYoAJhMASCK5El0GjeOnbrSid3S1W52uvvUaHDh1YvXr1dZNxu7y8nC+//JKgoCA++ugjMbBshLNnzzJ27FjuvPNOTpw4cd2kF0lISODRRx9l2LBhFs1dd8NDzzD9o6/EwBIIgSUQXMWrPhE9+vDMF6uxd3C2WLXFxcXccsstjB8/nl9++YXa2tprVlitXLmSPn368Mgjj4jxZKP8+OOPdO/enWeeeYb4+PhrUmgZjUaSk5N5++236dixI4sWLbJo/Tc89AyTHn8ZhdpBDCiBEFgCwdUS1qUnr/2wHbfAMIvWu3PnTsaNG8eYMWP45ZdfqKqquibsVVxczMqVK+nXrx933HEHiYmJYhC1Az7++GM6d+7Ms88+y8mTJzEYDNeEsEpKSuJf//oXERERvPHGGxZv47YX32fyU69hp1CKQSSwChJhAsEfnAS6mFLghaWbiOo1wOYvrCQvm6Vvz+L0jo1Wqb9Hjx7MmDGD8ePH4+fn1+5+yNLS0li7di3/+c9/yMzMFDOhnTN16lQeeOAB+vbti1qtbld9r6mp4ejRoyxfvpzPP//cau088u9v6H3DzRfOM81JTuD1m3qZWk06ECJGnEAILMF1K7AAairLWfvfOWxbPt+q7Tz55JNMnjyZ2NhYnJycbNYeRUVFHDlyhOXLl7N8+XIx+q9BOnTowPTp07nhhhuIjIxELpfbZD8NBgPJycns2rWLzz77zKqJQhWOLjz12Uqi//HcEgJLIATW9YEc8AL+HlBRDtQIgdUy9LoGdv3vG759e6bV2/L39+eRRx5h8ODBdO3aFTc3tza//ry8PI4fP862bdtYvHgxxcXFYrZdJwwbNoypU6fSp08fwsLCUKlUbdqf+vp6UlNTOXLkCEuWLGHLli1Wb7P7qIlMee4dPANDL/mbEFgCIbCuPRyAocAIoDvQAfDk0tg4I1AEnAUOALuAHRYWXde8wPqTc0f3s+DZ+6nIz2qV9lQqFePGjWPy5MlERUUREhKCh4eH1dvNzc0lNTWVxMREli9fzs6dO9Hr9WLWXecEBARwzz33MHjwYEJDQwkMDLT6UqJWqyUrK4ukpCQOHDjAt99+y/nz51vtmsc9+iJjH5yJSuPY5N+FwBIIgXVt2DsSuBEYAwwCzI2wrAd2AhuAX4BzXOz1EgLrMlSUFLJ63r/Ys2pxm7TfsWNH7r//fsLDw/Hw8CAgIAC1Wo2XlxcSieTCf81hNBoxGo3odDoKCwuprKwkNzeXvLw8EhMTWbZsGSkpKe3uvkglEqaM68uU8QNYsX43P/xy7RxZ9OgdIxgSF8N36/fw03bbSl47depUevfuTXR0NG5ubnh7e6PRaHBxcbkwDpsbj3/uXjQajVRWVlJWVkZxcTElJSXEx8dz9uxZq8ZTXfYN1sOHh+YsoPOAERfirYTAEgiBde3gCAwBxgI3AOFWaicF2ARsBLZhunfruhJY0LhkeGz7Rha/+jj1lWU206+oqCicnJwYPnx4k0s5JSUl7N+/n9zcXLKysq6JSTKkdzQP3TaSXl0jCPH3AqC6po7Pvv2VNz5Z1e6v7z+z7+WBW4ejsLdrTD2Qkc/+40l8ufI3Dp5Ktem+9+7dGw8PD+Li4pr8e3x8POnp6Rw6dMim+j3glvuZ+Phs3Hz8r/hdIbAEQmC1k5dwGr1UY//4bzDme6nMpQ7YTaNnawNX59267gTWnxTnZrJu/gfs/fFrMXpbEWcHBS89OplxQ2MJC/RBLrvUw2AwGNl9+AyPvf45KdntL2asX7dwPnjhXnp1CW/SA9Sg05GQnM2a3w7wwaKfMBiMYmC0dFz5BHL3Kx/SbchYZFcZ2C8ElkAILNvFCRhI49LfKMDWzl1I5i/v1i6gUgisi9HrdJw9sJOlb82iJCtFjGgr838vTmXy6L74ebtyNfkxS8qq+GnrQd6Y9z0FpbafST8yyJNXHruN8cN6olFf3ftVRk4h3/28hzf/+z8xQMxk/IzZDL39AVy9TUuXIgSWQAgs26IjMBq4CegHtJeEMzXAPuBn4FcgQQisvxmnoow9a7/lh/dfFCPcCtwxri+vPn4b4UE+pj+sJFBYUsmmXcdY9MNm9p+0PSE8NK4DD98+ihH9u+DsaF528JMJ6bwx7zt+3XNKDJirJGbwDdz85KsEd+x22VgrIbAEQmDZJhoad/yNozFAPeQasV86sB6YDJj02nctCqw/KcrO4Pd137L+0zli5FuIj164mwdvG4laad/iurT1DSSl5XL45Hm27D3B6s2H2+y67rqxP0P7dKZ3l3DCg32xk8taXGdldS3zvv6ZOQvXioFzGcJ7DuTGR56lY98hyO3MH1dCYAmEwGp9OtEYmD4WGED78VK1CteywALAaCQnJZHtKxez3coJSq91vn7/MW4d2w+Z1PKncxmMRioqaygqrSArr5jaunqqquvIKSixeFuBvh6olPY4qJQE+Ljj4eaEo4Pysjs+zR9+Rpau2cGjbywSA+gfeEd0YuKMF+kxfLxFjroRAktgDeTCBBdhT2NOqhtp9FQFCxF6Pb9+SPAL78DdL3/IqHtmsHfdd2xY8N41eahusw8IhYqbZ77B2k/eoaHWvDMXv//P00wcGWe1PkolElycHHBxciAi2PcaGn4S7r15KIAQWX8Q3nMANz7yHB3iBokzBAVCYNn6MwwI5a9lv5GAQgwLwT/xCgxl0hMvM/jW+zizfwfrF3xAcea1Gwwf0q0PYx54iujeA6kqLWbVBy+ZVc//vTiVm4b3EgOohSIrp6CEtz9bfX3aQCpl0O3TGHTzVAI7dGnRUqBAIASWdVHRmOBz3B//RYphYB5JR/ahcnTGOzgce6XqurhmNx9/Bk66mz5jbyH11BEObVrL7h+/QVdX0+6vTe3qyZDbH6DnyAkERscgk9sBcGrPZrPqu2fCQKbdNhKpFZYFrzeR9cQ94zh44tx1Ffge3DWO4Xc8RHTvAXgGhFxXnmPBNTJ3r5PrDKFxt98YGgPVRSyVJVW6vYLRD86iQ+8B+Ed2wtndq3HL13Xy41dWkEta/HEOb/6J/euWYzQY2k3/pTIZw6Y+RtdBowjpHIvG2fWiHzKj0cgXLzzEoQ0rTa771M//d00t2bU1x86k0n/Kq9f0NQZ16UWfsbfSecBwfEIikdnZtUq7IgZLIASWaSiAu4FHgV7t7VqlciUSiQx9Q3W7M/zgOx4mbsxkImP7XvCCXC9iq6K4gOzzCZw7uo9Dm9aSk3jS5voZ1nMAPUfeRHi3OHxDI9G4uDXrHaitquTJONNF0qszbuaVx24VT1gLYjAYmfnOV3y5artp41Iqo+eYyRzeaJsZ8XuPn0K3ITcQHNMdr4BQZHb2tOzULyGwBEJgWQs58ADwOhDQXjrtGTkc75BeOLoHoXLyQiJt3OptNBiorSygqiSTvJQDFJ7b3m5uRIf+I7nxkWeI6tkfqez6Wo2WSCQ0aOsoLcglL/UcGQmnSDi4m7O/b271vnQfNZGoXgMIiOyET0gkzh5ejT9iV7HkUpiZyuwbupjc5pE179MpIlA8YS3M70cSGHn/v0wuN29fJlKZnMKsVHJTkkg7fYydKxdRX9u6L3AO7l7Ejb2V0C6x+IZG4RUYioOTS5t7vIXAEgiBdWWigW+APrbeUTuVJ0HdbsTFNxpH9yDsFY5X8ZAxUl9XRVVxBqV5iWSc+pWGqhybvykDb3uAm6Y/j7tf0HU80yQYdDrqaqqoKCqgMCuN8qJ8CjJSyUs7x8ntG9DVa82uXuPmRedBo3D3C8Q3NApnTx9cvf1w9fLFXqkyK/kiQNKRvXx4z2iTyvh7uXB20ycWyQcluJiyimp8Bzxicrk31x4gICrmkheAqvJSygryKCvIpSAzhbLCfBL27yAjvmWHUXuFRNJ16Fic3D3xDY3G2cMLF08fnDy8kNsrrkrcC4EluBa8PdcKNwPLseH4qj+9VE6eoTi4+CKRmmp+CfZKR9z8Y3DzjyGsx0Sqy3KoKEqjIO0IBUlbbPK696xaQvze7Tz8/hdExfa7buKzLtbGRqQyGWpHZ9SOzviERl64p0ajHoPegMGgp6KoAL1eh0GvB6Ak7+LDnGVyO5w9vP/4fzkymRxnTx+QgFQqs3g+pvq6OpPLTJ04SIgrK+HqrGHiiFjWbTVNADVo6/4xHI3I7RW4ePrg4ukDMd0vehEwGg1oa6qpra5Ep9ViBOrraqkqu/g8SLWjM0oHx8aXRnsFCpUalaMTEomkea+1CFYXCIHVrpgKfA3Y1FNdrvIgqMs43Pxj0LgHYa/UYEmnoUQqQ+MWiMYtEL+oQTQMnkZlSSYlOWfIOLERXW2BzdiiNDuND+8ZzYx5K+g58qbrU2Q1/WuDRCJFJpciQ46738XLaj4hEW3eP1NRKUSmE2shAdycHU0uZ7jajRd/vAiADLWTC2onF2F0geA6FlhTaFwWbPO94BKJHPfQ/vhE9MPJIwS1iy9SaeuZ2E7piJtfJ9z8OhEeezPV5blUFKaSn3KIopTdGA0NbX6zFjx9F0/MX0X3oWPF7BMIBAKBEFg2Sg9gSVuKK4VzMP4dhuDq2wlH90Ds1S424QKXSGVoXAPQuAbgFzWY+tqHqCrNoiQ7nqyz26mvyGizvn362G28te4g/pGdxAy0caRS053ChSXlNnktEkBvNGIwGDAaobqmjsrq2r9eUOzkeLg4/vGyJEEuk2Jri1l6g4GC4jIz7qPIRSYQCIF19dgBy2hMHNqqeIQPwSe8L04eoaidvZHK/paKwCbjC4zYq5xwUzV6t8Jib6a2Ip+KojTyUw5ScG5rq/do8WtP8MLi9SjUDmIW2jBqR2eTy3y2YjOvPn4bLk5td28lEgl12noyc4vIzi8hK6+Y82m5nEvPZffhBApKKi9bvmdMCIN7d8Tf252wQG9CArwI8vXAQd22x7PkFJSyYecJ018EVSL1n0AgBNbV8zgQ0xoN2TsH4x89GDe/Tji6BTV6qaz8bms0Nh5iK5NaPlZJKpPj4OqPg6s/vlEDqR88jarSLEpzE8hN2kNNcZLVbZp+8iCHNq1h4M1TxSy0YRzdPMwqt/vQGW4a0bt1XyOMRrLzSzidlMHuw2f47/JNNDTozarrSHwaR+LTLn3o3D2Kkf27ERsThqebc6uHEv6mBMfnAAAgAElEQVS2+5hZ5Zz+2BghEAha8UWvvb5YAymA1Z4anhFD8QzpiYt3JGonb6Sy1kl+ZzDC7YP8GBIXhL29jOS0Er746RxlNbpWGQ4GQwO1FQWUFyRTmH6U/ETr5W2Sye35985zaFzdxUy0UfQ6HdO7mh7oHBXsxS+LX8PPy826I1YiobC4nGNnUvl+wx5W/Ly31Wzz1D1jGDukBz1iwnBxdLD6US5nk7PoPXk2ehNPCgjuGscrK7aIZcLLINI0CKxBe/Vg3WJpcSVTuBDcfSKuvh0bY6lUTv/Qn62z9Ncr3ImHbu9x4c04xN8FuVzKu8vjW8MHgFQqx8HFDwcXv8adiYMepKoki5LcBLLObkVblmbBH+96zh7YRe8xN4uZaKPI5HJGPziT3xZ/bFK5pPQCXv6/b5n7ygO4OWss3q+aOi0nzqbx8/bDfPXDVsqrta1um0+W/cony37Fx13D41PHMrJ/NzpGBKCwt/zpBSmZ+Tz40qcmiyuA2BE3CnElEAiBddU8YolKPMKH4h3aC2evcNTOPhfHUrURdnLJJcsOekPbxXXZKR1x9euIq19HwnpMoKYij/KCVIoyjpGXsKnF9e/839f0HD3BrGBqQevQZdAokwUWwMpf9pNfXMa8V6cRHebX4vBEnU5PUmoOW/ae5IvvfyM5q8gm7JNXXMVr81bx2rxVdI305+E7RjO4dycign2RWmCJ/8DxJGa9u4TjCZlmlY+M7SsGsUDQBrTHJcJo4Axm7hz0jh5NQMdhjdnTL/FStT16I6yaMxxX579i9+cuOcimo4U2dyMa6iqpLMkkJ3EXOfE/m12P2FFo21SVlTBrQLDZS2BKOxnvPXc3k0b1wcfT9OXG5Iw8jpxOZuGKTew7kdxu7Daibyceun0UcV0j8PM2fak0JTOfb3/axbsL15rdB8/QaN76327sRZD7ZRFLhAJr0B49WPeaI66kds70uHE27v4xNq0rZRLIK6i8ILCMRiOHztnmtve/590KjBnJqW0LqSlKMLmeo1t/xj8qRmR4tlE0Lm5MfPoN1n78plnl6xr0zHpvKbPeW8r0KSO4YVB3IkP88HJ3RuOgvDAbjYBebyC/qIy8wjISU7JZ/dt+Nu460S7ttnX/GbbuPwPAHeP7MWZQD6JC/fD2cMHHw/mirPtGGtNG5BSUci4th5+2HGLZT3ta3IfxD80S4kogaCPamwdL/sdbg5+pBXvf8hGuvh3bxUW+8UBX+sc2ZvQ2GIwMf3wDCrnt36raykL2fv8sem2JaT/gnr68v/HohSM3BLaHuYc+XwmVwo5OEf4AVFbXkpSWf93YNLZTyIVwgPTsQorKLHvwssrFnfc2HkPj4iYG8BUQHiyBNWhvkY83mCOufDqMsXlxZTCCzmBkeBd3enb2/esGSSW8fHdHdAajzTt4VI5ehPacbHK5qsJckk8cErPRhvEMDOW2F96zvCjXNlxIiXA9iSuAo2fSLly7pcUVwF2zPxDiSiBoQ9rbEuGD5hTyjexvMxfQoDfirrGjQ4CGjsFOeHk44OWmQq1W4Ohgj5NGgcL+4tsyol8oHcI8qK1roLpaS15xDQXFNSRmVBCfWUWNVm+VfFmmY8QzOJbzZuyU3/fzD8T0Hy5mpA0z+Nb7OLJlPSlH9wpj2DjdRk6k1+hJwhACgRBYV4UXcJOphaRyB1x9O5jVoN4IYZ5KqrQG8sq02MlMFzFGI7g4yBnR3ZNuHTwJ9nfBzUWNwv7qd83JZFKC/JrOqF2n1VFQXE1aViknk4rYfqKIylq92QkQ9QZwd7KjuLIBMy4XjVsALoFxlGUeNKnc/rXLmfT4bDz8g8WstFFUGifufOk93rt7NIYGrTCIrT7UFSqmPP8OdgqlMIZAIATWVXEPjcfjmERY3J3I7U0P8uwU4MDLD/fGzUWN0WAkp6CClb8ksvlY0VWJF6WdlEkD/OjX3Z/wYDfs5NZZjVUq5AT5ORPk58zguBAevl1PSkYJh07m8MPuHBp0V5c3x1Ut54Hx4fTtEYBaZU9NbT0/bDzL//bkmNQfiURKUOfRJgssgDP7djD41vvErLRhQjv35KH3v+SLZ+8VxrBRZn6+Gq/AUGEIgaCNaS/Jh6TAIsDT1ILRAx5EoTZ9a3j/GA+GxgUjlUiQSiU4Oyrp192fDgFqziSXUq1t+ggOfzcFT93agafu7E5cVz883NStunwnl0nxdHOgW0cfJg8LJcJHRXFJNYUVDU1+32iECX29efnh3nSO8kapkCOTSlAq5Dhp7Ni4L9vkPtgpNWScWA9G05IiFuVmM+jme5DKRE4sW8Y3PAoHVw9O7/5NGMPGmDFvBV0HjxaGMJHK0iK2f/eFqcXKgY+F9QTN/h63k372BkyOUncO6IXGLdCsBjcczCPY9xyD44JwdFA0qjyphLhuASyM8ubn7edY+lsaDfrGyPMANwX33xhJ/55BVyWoCourycqvICu3gtzCas5mVJFTUsc3bw1Hqbj0trz/+T6ySrTEBGnw9dIQ5OuEv48T3h7NZ8lWKuQM6h3MgF5BHDiWxTcbzpFaUHvh732inJl6YweiQi89by4zt5yv1541y3YKtSuB3SaRcWyVSeWyE06QkXCSsK69xMy05bcdqYzhdzyM3E7B8jeftP2HnFzOE088QY8ePQgODiYwMBClUklSUhLDhg1rsszatWuRSqUcPHiQ999/H51OZ/PX+dTCH+kyaJQYoAKBEFgm8bA5hYJiRiExM0O4Tm/kk9VJzF93jjE9vejf3Y+YaC+U9nLUKjtuH9eJsUPCKa+oI6+wis7R3k0Koz8xGIwkJBdyOqmQjftzyS27NIbFx8UeeTNLiUqFnHM5JZzLqQb+2m3l7mjH2DgfenT0JjLUo8nYLqlEQr/YQGI7+7H3SAbeng5o1PYE+V3s2SuvrONofC67DuewN7GsBbfLiE9Ef5MFFsCxbRuEwGoPIksmY+jtD+Dq7cfnz91PfXWlTfXPxcWFJ554gokTJxIVFYWTk9Ml30lPT2+2fI8ePQgKCuKmm27ihRde4OjRo6xfv5758+dTW1trU9fqHhTB9A8XiXkjENgY7SEPlhOQBZicJGnotG+xVzlbrCMOChlThgUyemDYRZnWL0dZRR17Dmfww7Z08svrL/vdGH81c19q+o16+bpTLNuScdnyzio5tw8LZGifYDzcHK5OChmNJCQXsXlvGj8dLDArsL1JQalvYPeKWWjL00wu+5/f03B09RCzs52Qn3aelf9+jZNb17dpP2QyGffffz9TpkwhLi4OZ+fLz/19+/bRv3/TO4zT09MJCgq65PPCwkIOHTrEsmXL+P7779vc9oOnPMyEx17ExdNHDMQWIPJgCazyItoO+jjZHHEV2P0Wi4orgGqtnsW/pvHO5weoqW247HfrtDrWbk7gzte28d81564orgA83ZsPxnd3UlyxfHmtji83pnL3GztYuuYkVTX1VxBXsPNAGk99fJANhywnrho9HHaExU40q+y5o/vFzGxHeIdE8OhHi3lk7lKcvANavf2bbrqJtWvXkpGRwaJFixg1atQVxZW5eHp6Mm7cOFasWEFycjLLly9vdpnRmvhFd2XWop+Y+upHQlwJBDZKe1gifMicQj4R1st91aA3oq3XoVY1v6lRYS8nrqsfNbU6Vu3MpKb+ygHfId7NCywHjeLqbqhMwoS+PgzqFYiDyv6y39UbDJxNKcFaMfjugV3NKrd79TK6Dx2DVCYXM7SdYK9UETfmFjr1HcqxbRv4bel8cpNOWbXNN954g6lTpxIaGoqslTdGSCQSwsLCCAsLY8qUKSQkJLBp0yYWLVpEQkKC1doN7dGPUVMfpcugUag0TmLgCQRCYJlNB8BkpWSv8cfZM9wqHQp2V/D24/1wcVJe4QEMft5O3DWhMxNHRnHwZDY/bE7lfH5ts4LGQd28IHK7jAfLCPi52HPHyBD6dA+46uVLuUzKg7d2o7yqge2nii1uK7WTN56Rwyk8t82kcqe2byA39Rz+ER3FDG1XGNG4uDFo8j30GXcLaaePc+bADn7+7F2rtDZixAgiIiLa/iEql9O5c2c6d+7Mo48+yvHjx1m9ejVz5861TP32Sm6YNouug0cT1LErdvYKMdQEAiGwWsz9mBEnFtbrFqt4P+QyCS8/1LNJcVVT14AEUCntmhROw/qGMqh3MAnJhWzclcbm40WXCC2ny3ip1Cp7jEYuysGlNxjpF+3K5BGhxER5Y2/X/Fu8Tm+gTqtD8w8Rp7CX88TdsaTP3UNKgeWDdwM7mi6wAM7u3ykEVjvGXqkmqld/onoPYMz9T5Gffp7CrHTSzxzn3LH9nD+0+5q8bgcHBwYMGIDRaDRbYIX3HEBUrwEERXfBJzQSz8AQVA6OGMVh6AKBEFgW7Nv95hT0DO5hlQ5NvymckADXSz6vb9Dz32VHOJlawWOTOxDXPaDJxKJymZTOUd7ERHpzT2ElOw6ks3xrBjq9EY1SRnSYe7Nte3s6EuKpJLWwFplUyh1D/BneL5hAX2ckl8l8ajAYOXE2jyXrEkAC780ccMnSocbBnufu7cajH+23+HKhi08UEonE5B+H9Qs/ZODNd4sDoNs7RiNKBw3BnboT3Kk7vUZPwmDQYTQYqSguwGDQo6uv5+cv/s2+NUuva1Pd8cq/GTZlGhKpBKlUTqNv+k8zCnElEAiBZTnGAN6mFvLpOAaVo+V3oPm62DNmcNPLEWt+S2DbycYltre/OUXYL+d5+OYOdOvk22ROLIkEfL0cufOmzkwa1YGikmo83BxQKZu/HQ4qOxa8OoyS8jrUKjscVFdOan8urZhFq+M5nvrXFvqvVp3kyXt6XiLKwoPduW2gLz/+nmvZAWavJrzfQ5zf+6VJ5apLCkg/e5LoXgPELL22FBdSqQyk4Or957ntEjQurte9ZdSOTsjk8gt2EggE7Rtb3kVoVnC7X+RArJF94s5RIU0uwaVmlrLol7SLPkspqGX258d4ae5uEs4XXrZelVJOoJ/zZcXVn8hkUjzd1FcUVxk55fzn60M88e/9F4krgPUH8zmZkN9kuRuHRWKwwnPdI8i8YPd961eKGSoQCAQCIbAsiA8w3tRCcqUHLj5RVulQt46+TX6+buv5ZpfVTqZX8tS8g7z7+T5SMkuxtpe/uLSGr388wcPv7eHXIwVN33AJLN+Q1OSSg5+3I7Fhll+Sc3QPxtk/1uRye1Ytpig7XcxSgUAgELQ7bHWJ8G5z+hYSOwm5vQOWdq97O9vj7XnpkTTllXVsPFxw2cOfJcDO0yVsP7WXSX19mDoxBmfHy+9AzCuqQnfhkGYJ/t6Ol21DrzewdnMiX29Ko/4qDnc+llpBdl4FAb6X5goaGut7iderpUgkUgI7jaQ8+6jJZc8fP4iHf7CYqQKBQCAQAssCmHU0jmdwLNaIXegU5NjkomNKZullhc/fkUpg3f48+sf60aNT096wBp2BNb+d5YsNqRd9PnmALw9M7trkDkWAguJqvtiQctXXI5NKOJdW3KTACvJzwojlF1nNzYm1ZflCeo2eiNzOXsxWgUAgEAiB1QIGANGmFnIJjEPjZp0s0j5uTXucqqu0TX5uBOp1Rnyc7YkJ0hAe4EiIvzP+Pk4E+7s0286CFUfZcCj/ksD4dfvySM+tZs7Mgchll67q+no58s3rQ0jJLCEjp4LzmRWczawmu1SLvVzSpFjKyK1qsg8Khd0l6SAsgULtQlCP20w+nzDtxAGykuIJiekhZqtAIBAIhMBqAWYFtwd1Ho1EYp2QsvqGZpbdJI25qOztZHQLdiAiwIkQfycCfBzxcNPgpFE0ma6hOSKCnOFQ0wHoIb4OTYqrCyLQU4OPp4b+f4Q66XQGKqu1FJVWk5lbSU5BFQlpZRxPq6K2Xo/O0Pq7lLxCe5t1APTxHb8S2jlWbFUXCAQCgRBYZqIBbjW1kERqh6tvB6t16lRaRZOfd47y5pvX3fH2cEAmk7Z4WW1Az0DScyrZfKyAqjo9EsBOLmVYF3fGDg4z7cbKpbg6q3B1VhEZ8lfaCp3eQEl5Lc1F3Dc06K12AriLdyQKlxC0ZWkmldu8dD6jpk7HwdlNzFiBQCAQCIFljsb4Q2SZRGC3SSjUrlg6/soIDO/qzu03NL0z0cVZhYsFz5R1dlQy465YHrrdQEZ2GfUNekICXVEpLHeb5DIpXm4Ozf7d3VXNw+ND+XJjqsWFllRmR0i38STu/MykctrKUrLPJxDVs7+YsQKBQCAQAssMzDqWvvFgZ9PFlVQCN/T0IibcFbVCjtpBCRjxcFEhl8twcVa1WNwYjWDESG2djspqLdq6BiRSCX5eTsibWT60k0sJD76yt0avN3A+vYQGnR5njQK1WoGrsxIJXDa7++XwcnfgtrGdGDM4guKSakortdTWatHrDeQW12I0Qk5BFTtPlVBbrze5fs+gHiSa0a/sc2eFwBIIBAKBEFhmYvI6n8I5BCePELOEzweP96JrB+8Wdzq/uJqaGi3llVoqqrRUVdeTW1xLWXktSTk1ZJdoqdHqkUklF3JmjezuyXPT4lrkJZq/4hg/H8z7S3AZjDQYIMRTRZiXEg8XBa5OSjxdlWgcFLi7KFGp7PH3cUJ6heN1HB3scXSwpznLPlStZd7SI+w+U2pSn9VO3niED6EoeadJ5RIP72H4XQ9jNBjErBUIBAKBEFgmEmpqgbDYiUhldmY1pmwie3pldT05+RVk5JSTkFpKUWkdKqWMED9HBvYKJMDn0jXBnQfSWfTL5ZfU7GQX/zXUT9PiJbgOoS4XCSyZVIJMCnmldeSV1jVZZnhXd55/qE+Tfzt8Kof9J3M5fr4MT0c7gnw1RAU5Exroio+XI+q/pYnQqO3pHOFmssBCIiGw00iTBVZNZQWIIHeBQCAQCIFlFmpTC2hczUvNIJHAC/89yLg4H7xclZRU1JOaU8m+pHKkNJGm4FQJp86X8taTAy7ZzXfz6A5k5VWx6VjhVbUd6avmxuHNZ5zX1utJzyrFaDQSHuze7FLi8P5hHDhdwO74kqtqN8hdyYw7ujfpvSqvqOP/vj1FabUOgMyiOo6mVsLeXIzGxmXLvlHOBPk4oFbKOXimmONplWYdDm2OxzHz7EnqqqtQqB3ErBXYPHq9XhhBIBACy6Yw+ee6ob7G7MZq6w38uCfnos9kl+nBoeQK1mw6y23jYi763E4u5dE7e6BtOMKO08WXbVMqkfD8vd1RNhPbVafV8d4XB9iXWAZAXKQzsx+Jw0F1aaJNmVTC9Nu6ciJlNxW1l3+gdw9x5IUHe+HURBb5Bp2BBSuPXxBXTYlRnd7AnrOlcLb0b9dint3rqktMLuMVHIadQilm7DWKVCa7pkRMamqquKkCwfX+XLOx/mSZWiBx33IatFWtpv6+2JjGroOXno+nVtnx/LQ47hkZ1OyByUZgxsRwggNcmxaLOgNzlxxif1IZEkmjsDl0vpz3vzxIfUPTPyae7g48d1fMZdu8oYcnr8/oi7vrpQ5Cg9HIyg3xbD9Z3Dpv9g11pJ3YYHI5pYMTMjs7MWOvSYwoVKZ7JhMTE232iuLj401/27VTiKEgEAiBZTVMXu+rLT7HqW0LqK0sbB2DSWDOstNs3Xvp0TRyuZSpE7vw4WOxeDheKgZ6hzsxbkhkk/Xq9Aa++uE4O5tY7jt4rpxPlx9pVmTFdQtgYl+fSz53VMp46a5OzHogDgf1pR4wnc7A9+tPs3RLRqvYTltTxumdX5Kf+JvJZasrStHV14sZe43iF2F6HrtPP/0UnU5nc9dSUlLC4sWLTS7n5O4hBoJAIASWVVABXuYULEreyd7vn6U48yTWOIuwKT787izf/xxPQxOip0cnXxa9PpwnJkWgsm80sdJOytP39GgynspohO/Wx7NmX26z7W06WsjydacwNOGqkkgk3DupM74u9hf+fdewQBa/MZTh/UKbPPamqqaeT5cf5pvNGVZLLPp3yvKS2LfqJfITNplVPivhJA3aWjFjr1FcPH1NLnP69Gn2799vc9eybds2SkpMXwZ38fITA0EguIawpRgsJ8DR3MJ6bQlH1r1MRP+HCO46Fpnc+u72JZvSiE8p5cm7uuPlcXF+VJVSzk0johnWL5Tfj2TipLHHy73pHKo//nqG5Vuv7EVauTMbezsZd0/scokoctIoePG+biSmljAkLhhXZ1Wz9ZxLK+Y/y06QXGB9wWI06Mg8u42E7Z+0qB5dXQ0NWi1KB0cxa69BPPyDzHvR+fBDunXrhqOjbYyL/Px8XnvtNdPfLl08cPHyEQNBILiGsCUPVrglKjm/dxEnNn9CTXleq3T64Lly7v/XLn7elkRt3aXLFRq1PTcMCqdfj8Amy2/dm8IXG64+IPabzRls2JbUZMaCjhFeTBrVoVlxVVVdz4qfTvPEv/e3irjS1pRxcuv8FourP6koLhQz9hrFyc2TDv1HmFxu/fr1fPzxxzYR8F5TU8Pbb79NQkKCyWX7T7wT1XX58iCBVvGhCwStjy15sMIsVVFR8k72ZZ2m6+in8QzqARLrTmC9wch/15xj5dZ0Hrslmu4xfleVAb5O20BFVT2T+vmQklNNcYWWkho9Or2BmvrGhJpKOyn2cilOSimezgrCfB1o0BmoqKrD2fHqdtVV19Sz80AaS35JueJuQ0tRlpfE8U1zqa/Mslid9WKJ8Np905PJ6Hvj7STs3Wpy2ddffx2lUslTTz2FQtE2geJlZWW88847zJ8/36zyMf2GXvOHmUskEnQN9RTnZpGbkkRBRjLlRQXodA2o1Bo8A0PxCgrDLywKtZOLmBQCIbAsSLBFRY+2mGPrXyesz72EdL8JuZ3K6hdQUFHPm0tO4emYwK3DgujXIwAvd02z+k6psOPm0X8F9xqNUKvVYTAY0OsahZBMJkMqk6KwlyEzIS+C0Wgkt6CS349msWp7BuWtJKwMBh1ZZ7aRsOMTi9ddkpdNaOdYMWtbmfLCPNLPnqS2uhIAlYMjgdGdcfXxt2jy1+heA8wu+8ILL3D8+HFefvllOnXqZPZRUSY/Z/R6jh49yqxZs/j999/NqkPh5EZ4t7g2v89Go4H89BSyzsWj/2PzgKuXL4HRnVFpnMx8HuipKCogL+08SUf2cvi3deQknrxiuYlPv0HcmMl4h0SIBMMCIbAsQKg1Kk05sJTSvCRiBk9D7ezbKhdSWNnAgp+SWb0zkyVvjUQmu7qHvUQCaqVlbklBcQ33v7O7VZ3v2poyEvcuI8/MQPYrUV9bI2ZsK9KgreP3n75j+RtPNvn3yc++Q9/xt+LuG2gR74uHfxADbn2A3/+3xKzyK1asYMWKFTz22GNMmjSJ0NBQ3N3dm/1+ZWVl86KyvJzS0tJmPTHZ2dmkpKSwZMkS1qxZ06LrnvDoCzi4uLWZkDAY9OScT2DHD0vYsWLhJX938PDhwbc/peuQG65CuEqoriglP+08mYmnObJlPWd2m/48WDfvLdbNe4v73llAn3G3Yq9UiQkpaHfY0uL3FmCEtSqX2bvQdfQsPENiW+2yOwU48NGzgy/aOVhaXktqZim+Xo64uahR2MvMrr9Oq6O0vIb8omoiQz1wUNld1M70OTtbzXNVmnOW45vm0lCda7U2xj7yPLfOerNdL6VIJBJqKsspzslE+zfBKJXJcPHwxtnLF6m07UMj67W1rPr362xfvuCK35309Jv0HD0B39CoFrebevooc24ffN08gKVyO+ZsPIZnQEibCKv0MyfYtuJL9q1ddsXv3/fOAgbePPUikSWRSKirqaI4J5OspHhO7NzEgZ9WWLSf/W+5j7EPPo27byD2KrVVhGhOcgKv39TL1GLpQAgCgY0LLAmQCERau6HQuHsI6zEBmZWXDL2d7PlwZl98PBsDVw1GI2t/S+C7LelU1OkxGMFRIcXfQ0VUgAZvdzVOGntcNPZIJBLUakWjVYxQU6PFaDRSXlVPWaWWwpJazmZUkl1SR7XWgFQCTkoZj98SzdC+fzkCTyXm8/xnR6wqSAx6HZnxv5G4a77VB0m/m+/loXcXYjS2vwOfdQ31pJw8zKFNa9n/8w/UlhU1+b2Q7n3oNWoiEd3j8A6JwMnNs00E5e7Vy/jm1Rkmlblh2jMMnDy1RULLaDTy7Zzn2LHi8+viAXz7ix8w+r7HW1lYGUg/c5ytK75g/9rlJpV9eeVOgjt2pSQvm5zzCSQd2cv+jasoz820er/dAsMYdPNUYkfciH9kJyGwBEJgXSUKoBholYPmnPx60GX4DBxcrJN3JtRTyRuPxuHr9deuoE27k5n7Q4LVr23ezDg6hHte+HdSahGvzD9MRZ3lPVna6lLO7FlC4bltrTJIwnr048VvNiKTt6+M7hkJJ1m/8COO/WbaUpJUbk+nAcOJG3sLAZExeAWFoXTQWL2/NRVlvHxTb6oKTfdGSiQSRj04k0GT7zFbaBVmpfPahDh0ddXX9MPXL7orL369AQdn11Zpz2gwkBZ/jC0rvuDAum/N63NUF+q1tRSln29T24287ylG3TsDd99AIbAEQmBdAR8gt7Ub7Tb+DbxDe1vWyxLtwrMP9MLR4a/dTKUVtTz0r51U1Vl/uS7cW8XHLwzB/m9LjwXFVbw0bz/ZpVqLtVOae5ZjGz9CV1vQqvfssyMFKFTqdjG5DHodBzb+yFcvTrNYnYOnPETnASPwDY/GMyAEuZ29xft97th+Prh7ZIvr+cujFWnyo+bI5nUsePrua/rh+8Ky34jq2b+VhNVxNi9fwMH1310z9pPZ2fPMV+tbtDlCCCyBVceojfSjKzCttRvNP7cTnd6Ii3ckUlnLvSIGo5HZD8Ti63lxPpsff03gcFJZq1xTabWOAHc7wgL/eit2UNvjrJKy51TL80jpdVoyT//GyV/fxaBrfQ/DiKmPolRrbH5iGfR6Ni9bwPK3nrJovenxRzn0y49sX/E5m77+BF2DDr2uATt7BQq1GounGJwAACAASURBVImk5fFb54/u4+jmdS2uJ/nYPrav+Jyy4iLcfQNxdPO86t19PiGRGIBzh/dckw/eqW9+Qs9RE6zahq6hnsTDv7PsX8+weu6rZCedvqZsaDTo2btmOf7RXfALi25RXZWlRWz/7gtTi5UDHwsZIWgOW9lFGNpWDacf+Y7i7NN0HT4DjVtQi+qSSiScPJtPsJ8z9nYy6rQ69h3LZFkrnfX3J/NWJeDpqqZzlBcymZTK6npOnWu5uKqrLOLMnq8pSt7RZgOlurwMZw9vm59YhzevY9WHs63aRkNdLT/Pf/fCv0O6xtFvwp0EdeiCb2gkDs6uSMwJmLdwioNd33/Jru+/ZMid0xk25UH8I6+cRkEqkzH+4Wcoys6weNB0WzPu0RcZdPM9VhVW547u59fF84jfvYlrnQVP3cns77YT3q03AoEtYStLhB8Cz7d1J7qMeRmf8L4t9gK4OsgJ91aRlFtLea2uTYysNxgJclfi42rPifRqdPoWBIYbjRRnn+bEr/9GV1fUpvfoyfn/u8rt4m1HbkoSr93Y9vm6eo27jS6DRhMQ1QnvoHBUGserCphPPnGI9+4cZrV+Db37UYbe9gD+kR2vONdqKstZ+tZMDm9cdc2IqwkzXrTK0u4FYbVkHvG7rn1h9Xc8giN5ZcUWHF3dzSovlggF1qCtlwhdgcXAdFMLekUOB5mShhrL/eAXnN+NTqfHxTsCqdz8B2Bdg4Gc0nq0OkObKVipREJlnZ7c0noMLdiFptdpST+5kdObP8Sgs1weKjtNAI6ekWgrTQu9O7jhByQyOYEdumCnUNrchDIY9Pzw0atkJZ5q877knDvD8a3r2fXDYn5bOp+KkiL0ugYkUilKtQaZvGkHttzenk2L51mtX2mnDrPj+0VUlZfh5O6Jk7tns542O4WSLgNHoTcYSD66r10/bG95bg7jps20uLhqqNeSdHgvK959nnWfvE1hevJ190NWU16Co4c3Ed37mFVeLBEKrjWBNRLYCvQzp3B4n6lExt2GTqenIt9yu/PK8+IpyIzH1ScKhfr6Pq6htrKQ0zu+IOvEjxat1ytyBD3GPINEAsXph0wun3hwF8mnjxEQ2QkXT9s6IPf8sQOsfO95m7uXBn0DqScPcXDjKrZ9u5BjOzZRUVKIXq9DJpOj1Dhe8Aoq1BoSj+6nOCvVqn1KO3WYXauWkJN6DldvP1w8fZoUWnI7ezrEDcIzKIzjW9e3v4esvZIn5//AgIl3IZNZLiqjQavlzL7tfPXKDH75/MPrUlj9nTO/b2XAzVNROzoLgSW4bgWWHPgXsBBwMreSgJgxaNwC8Qjqjto1mIJkywXDNtQUkRW/CZWzPxq3AIsEDrcrjEaKMk9weO2bVBdZNrVE9JDHiYqbgp3SEW11KfnndppVT3FWGrtXLcE9IISAyI7mxRpZGF29lu8/eJn81ESbv8WVRXkkHtzFvnUr2Lz0U84e+h1tbTUGvR57pRKJRMrJHb+0Sl9yz59lz49LLyu0pFIpQR260POGmykrLCAvJbFdTKWhdz3KjLnfEBLTw2LL2g3aOs7s286ilx9l01dzKcvPFr9kf6DUONGh9yCT4wiFwBJYg9ZewfIGVgJDWlpR/7s/R+Pq/9cEKc7gxOZ51BRZ9sEb0G0yEb1uwV7lfF0MCH1DHWknN5K8b7FF67Vz8KH7mOdw9f3r7MWS7HgOr3mxxXUPufMRbn7yFTQu7m1qu5O7f+OT6ZPb/RiQK1S4ePtTlNE2uY5ix9zC6HseI6xrT6RNeHz0ugbOHtjF+oUfknzkd5u0YbeRExlz/xOEdettMa9Vg7aOhIO7WTf/fdJOHGj348yujyfKKHcql1n2JW7OLyfwDg43qYyIwRJYg9b0YMUCO4EulqgstOdtyO3/yoekUDvjGznQ4kuGFflnyc84jYt3BEoHt2t6MNRWFHBq+0KyT62zaL3e0aPpMfY5NG4XJwXUNdSRdXpDi+tPP32ElPgTRMb2a7Wkjf9EW1PN0rdnUZqT0e7HgUGvo6a8pM3azz1/lj2rl5KVnIijqweu3r5IZX89qqRSGV5BYfSfcAcxA0fh6OZJesJpDA31bWo3B3dvxj40iykvfcCIOx/Gwz/YIsce1f/hsVr82hP8+uX/tVuPlTTMAc34MJwmReIypQNOg4LQl2up3W/ZFIgNDQ10M3EjjPBgCaxBa3mwJgArsGCm9lGPrUMivVQfGo0G8pP3c2rzXIz6OoteRKfhs/DvMLTJdts1fywJHt/4AQZdpUWrjh78GIExo5rMM1ZXXcKuJfdarC2VsztPL1hFRPe4VjfhkS3rWfDUneKJYgU6DbqBsQ8+TWRs32YCxCXUVpaTn5FC9vkz5JxPIC3+OOXFBZRYSfB6BUfg7O5JcEx3AqM64xMWiXdgWONZeZZ64amq4NTuzaya+wal2Wnt78fF2w5VnwCU0W4ofB2Re6gv+sXRV9WT++w2jDWWP/rq9R/3EtSx61V/X3iwBO1VYM34Q+VbbOuMxjuGfre+d9nYqKqSTE7v+IKKnGMW98aE95yMg6vfNRGbVVtZSMbp30g/YtkMz3YOvnQf8yyuvh2Bpncx6hpq2fb5bRa/pplfrqPLwCtnIrfUGX/V5aV8NG0CWWfMGGtSkEU7oT9bIZ5GVxJaA0czdtpMomL7IbNrPjGwRCIBiQRdvfaiA7UtiUrjhFQmaxxDFj4r8k9htfqTdyhKP9d+fkzUUux6e+PQzRt7P0fsvByQ/O2g+3/+2pT+cp6qFUlW6UuvsbfxyEdfXbUHUQgsQXsUWI8Bn1q6nYBut9Bp0ANX/F6DtpqUI6tJP7rS4hfmHjIAz5CeqJw8Uaja127DBm0VdVUlFGUeJz9xs8Xr9+00nqi+d6BQX3m5bvviB2mosfxxOwNve/Cyge9KtYagDl3wC4/GPzIGuZ35mfz3rPmWr1+ZbnZ5zzf7YeeuQptdSV1KKbUHczCk1SBomo4DRjH+4VmEdunVbo5NulphdXL3ZtZ++i6Fqe0jiF/e2wNVFy8UIc7YeWuQqu3AaETyxyO/uQd/fU4l+S/ttmrfnl+66aqP0RECS9DeBNbjwH+t0UZE/4cIi510Vd81Gg0Uph3lxC/vYTRoxR23tpfBxGXUIxvepzi1bY9DCe7am3EPzaLzgJEm/2BXFBfw6oQ+1JSanylf3tMdn8d7I7FrFIRGnQFdWR3ajHLqEkuo3ZguBlYTBMb0ZMKMF+jUbygKlUO7vY6ainJO/b6FdZ++S4GNCytplAZVrC/KcFfsfDTIHBWXPuEl//znP8SW3kj+kmPU78qzal+j+w1n1oL/Ibe/8uKJEFgCa2CtYKLHgU8Aq6yhBXQeh8Yt4OoUpESCg6sfPpGDqSwtoK5CbGm2BgqXEHpNeBOvkF4mLZ3WlOdSmn2iTftenp/D4V9+JPnUEYI6dMHZw+uqy/6+bgVHN61uUfuG3FpkQRrs/RrPsJRIJcgc7LD3dUTd1Qun8WEo+/piF+WCQSVBn1ElBhxQUZjLoY3/49Tv23H28MLNJ6BFnsjWpqqshIO//Mj8Z+5j7+pvqC4rttm+KscH4/5oD5xHh6GMckfurkaqkF/59flvfzcCRiTUJhRR9W2S1ftcnJVKeGw/vIPCrvhdEeQuaC8C6w5gkbXE1Z8CS+3kZVIZe6Uj3mFxSOQOlGYfF3fegvjF3Ej30TNxcPE1/UemNIuitIM2cR3FWansXLmI4M6x+ISEc6Vfj8KsNOZNn2yRGBxtajEO/QORKv4xJY0gkUuROytQBDqhifXFcUwIyp5eyEId0Tc0YCy0Lc+sRClHMyAcXZ0WY3VDKwqtre1CaP0prD6bdS8H13+Htqp14u/kYW6oYvxoyCg1uazzLVEogpyRSBr9Ueam9DLU6ShacBhjua5Vrjk7ObExwatcLgSWoN0LrP7AGsCqT7fQ2FuxV5meo1Qqs8PVrwPOPh0pSDmI0dAgRkAL6TR8FmG9JiO3V5knLGoryEvablPXdHDDDwR37olPSMRlX823Ll9I4oGdlmm0xoDBWY4iwvXCr5ekGY+AxE6G3E2FMswVxwFBOAwPRNHNA6mfGl1uBdQa2taAOgMOsUGoI32Q+zihq63DWGX9FAp/Cq2Te7bg4OSKu28AcnuFzYyr6vJSDv7yI/Men8LhjT9QX13ZKu3KIz1w7BeGQ4Q3hnod9SmmHy/mfEs0UpX8n0Pxwn9XGwhS+Xsm2h25rWbzisI8fCM6EBAVIwSWoPVfNi1YVyCwH/CzdqeHPLAMhUPL8h3VlOcRv+srStP3iVFgBkrXcLqPnomTZ2iL6inJPs3hNS/Z5DW+ufZAsw/m3NQkXhvfk+Z2SJqL1/uDsPPT/GOSSpqfqP/8g8FIQ0E19TlV1JwtpG53NlS3vuDSjIhG4eNyoU/aogpqTmdhyG295U1HLz/ufPF9ug4ehdLBsU2F1bFtG1n+9kx02tpWa1ce6YE62hc757/iCqsTc6g7nGnai2mEBp9XBsKf3qsrfN/YzBd0xbXkv7LLrBcAiVqO1FmJ3ozx4xYQyps/7rnsEToiBktglTlooXrsgO9bQ1wB2Ck1La5D7exD7JhnrZK1/FrHv8tEovrcgZ2y5T9aSo2HzV7nyo9e4enPVl7iBTEYDOxa9Y3FxRVA6cZzeD3QHaSSCwLKiPFCS5cEDBv/IbakEux8NNj5aHCI9cF4ayfqC6rRZpRTczyPhgOF1uj2JTSU1aDw/UNgySQovJ1ReDpRX1hBdSsJrcqCHL549l6cfYO47Zm3cHL3bPJ7Bp0Onc46S1b56edZ9UHrvkDIIz1wiPbFzkV98a02Qn226cuDyp6+F7yqxr8NOUkzGl9ibEJwGaF8S6rZ3lVVbDByjZKK3HjTX+KyUjm8aS2Db72fVhn8AoGFBdabNC4PWh1n/1iLJfqU2SkJ7zkZF+9Ijm/8AH19mRgRVyBm1PP4RQ603D2Q29vstZ79fQunf99K92HjLvo8M+Ekm7+eZx1hsiuP2n7FqDp5XCqgAOMfv17Gv8mtJsXWH798EoUMRaATikAnnAYEor+3noa8KurSyqg5nIv+TLl1riOzGDr6Xeib8Q+hZe/jjL2XE/XFVdQk5aJPKbX6fSzPzWDR8w9c83PTLtoTdZTPBWH1Z2jgn/dAr20wS9gqQlya1CV/eqqMlxFbfwoubWoZdWbuhpX6/D975x0fRZ3//+ds3/ReCQmE3gkRpCqIghQRrGf3rHfqT7/WU8+K4HnnnV1PPcEGKmBBAUUQlN57CS0kAdJJL9vn98duks1mEzKT3RBgXo9HHoTNzmdmPvMpr3mX1zsIQ1Ikggo03SKxHZWeDPDdO68waOyVhETGoEBBe8EXgegjgXZ7RQsM74Qg+DZ0LLJTf0b86U0iu4xSRkQzCIjswcU3vE1iz0t8qmTf0Ws8rpz3IQ57g3XDYbexct6Hfj1n2cIDOEzNWFREdzOC07blcP2InhxL9DA5AOpgHYbuEYRd3pWEp0YQ/9Y4Ip+6iMBrUxHifRev5CiswWGyOjdhp+5nw+arFtDFBBM6sgchk/uiSQ1XJlhbiFW/WEKvHkDIsK5owhusVi69VUTXj61SnntSGxVwxrFY96vD9eM+7ESLnZLv5ZcvCxzYGUHtvJnA3vKcJFVFeaxfPF8ZLAraFW21YOmAj/BjxmCTyRYWhz/MvMbgKAZPeJTsvb05sv5jZWS4IWnQtXS76Dq0et9rDQmCCkNYMqayjqn1lLHhNwpyMonv0gOAzL072Pj9F349pyOzmupNpwi5JLnZeJYGs5C7RUF0syi04Eqs+4NKQBNhQBNhIKB/NOGTumMrqcV8soLaA0WYfj3ZpvuwVdaiM2qdp/ZyH4IK1JGBRI3pQ3XvMmoP5mI7VqpMuNYSn/5xBHSLRRsWiGi3N3627o/c9Yu1pFr6/IzVoYloRQKLN7eg6+PqvYXY98h7rtreMeiiG0IRNGEB6PrFYtlXILmtb1//OxdNnEFUQmdl8ChoF7SVGD0G9GnPCzYERvqvMzQ6ugyextDr3iA4fuAFPzgMEd0YPPVleo283S/kqu41OzplaIfuh/zjznIlVrOJpR+93i7nrJh7ANvpWgSRRj9n3OTqLQoSrVsiCFoV2thAgobEE33rABL/N4GYV0YSen9/VEkGyfdgKamiSVR0o9QzuKbXSD6543l0kUGEjupByNR+qFMjUNAysQqdMZCQtGTUIXp+fvw9bBpV47710ufWAukhEMYRSQiq1gW3exuL9gozFZ/tlf9C3avBzVz3i7F7nOz0rPXfz0OJw1JwLhCsWNrgGuzVqxcxMdL94foA/5elCYvtzrCrX2Dw1JcJiu134S3gQfH0Hf84I66ZRXRymqSq9HKgk5G08OCDDzJ48OB26Y/SQmda+aFt69n7+7J2ew5lKzObGp5kkC1PwtUaVyKASq9GnxxKyMgkAkZLf+u3Hi9usunXiHYqHTZERK5KHcq0kRPomdKdh0ZeQ7UgoooMxD4yhZCrB6DtFa2s0O7zZHACodcMwjooDnWokQCtnlmT7icpNpG3pj3EkKgUAE7bLdhEsVG/Oyw27DnS9bb0XRuvt81xuOZQuSYHscIu636Nw7ugCdQjCm66WwJogg3o0zrJavOn92aRm3lYGUwK2gVtcRE+A4TIPfjLL7/kuuukF/r1ReZaq5inWkd0chqRSQOoLM7i9KkDZO34Hltt0Xk5EFRqA0mDriY6OY3QmFTUmvbTDwoIjZN8TGJiIt988w39+/fHbPav0GbesQwsplp+eHd2uz4T0885mIYkoO8W7jWIWPDIIBTPRLjqfm0UKO8hA+HNlQgYUsKQGh7tKK7FUWtFZWyQxbt/8ETunPwncovySeszkPziAowGI7deeR23TrqeI9nHEASBGz9+muDhqdh6x1OTkYft4Pk571pFrC7qhDE1BrVRR4ndzIEXvmbf0QOMGzaGnNyTGPV6Bvfsz7Sxk1i+fhUX9U/jzn/9H/vLcuvbsFXIi7/SxAY1CmLH+/DwOnSseVXULDoqbz2KNGDsHOkkV3Vtu00CY2o05p2nwCHdGrVq/kfc/Ozrfn9xVKBALsFKAO6Re9IlS5aQkpJCfr70WlRyBEbbRDxUGkJjuhEa042UgZMwV5VQU1GAqeo05tpyRIed0yd2y5c2bm+IDiISByCo1OgMgQSExmMIjMAYEoNKfXbUr7V66QV7s7Oz6datG6tXr2bECP8msFaWFHNw0x9k7d4s7/56xWLNKJB1bNmSw8T8JR106kYkqgnhEj02O4mxW2eSgdDGyZNGsVXUogvQAgIi8NmelVw2ZDSTR1/B/J8XYbJaGD1gKB/99CWv3Pc0Rr2BLk9eRaCr3JImPICQ4alYe8VTeyERLQF06S5iFdCQaRuh0XPr24+x6d8/cLrsNP9a8AHvPfoPFqz4gQkjx3PDxOnMmvsG+8rzXLpVzgdoLZURfxWpRR1hrOcwdQrurSJbdpGyH+XXVQwYlIygUzvJldD0JGqjDsOwzpg2So/d/H3+h4yecRvJfZQwEAUdk2DdB8iS7n711VeZNGkSJSUlsgnPWbPyqDQYQ2IwepTpSU2/5txx6wv4pLSLL6GXoYW1fft2AIYPH86HH37Ifffd579JojfwxcxHZR2rTgwmZFBnKhCxZhRKPt6+q4SafYUEpsU3tkK5Wa38Z91qiL3RhOhR9w7FflCarIOlpBptfEOmaIndTHqfwby/aA63XHkdGrUGvU7HK/c9w8KVPzBhxGVc3/Uilh7f3shqoYkIIHiE06JlyizCujvv/AylUQno0hMxpsagchEr0YNE3z1yOoeOH6GwtIhPnn4Dg1bPs/c8TmlFGQtX/si4tFH8e+0Cl+XH+fCtudLjrwxjOiOoGtMpUXRmCZ6JcJkyirFuKpQ337qG12uoOYQGpXj3sS4KAoaUaMzbTyBapGtrLf/sXe559UMElQoFCvw2neXsh8D9ck42ceJEHnroIQRBICgoiIgI6cGspXkZHa8XRY+Al478I4odtP/k4/bbb+eWW27x2+Vt+uFLyvJy5L2J9+nkTC/vEd8gHioRFXP2Yq8weydGrkfqmSLv+T1ZsVvugfIqAX1/6TFR1uNFjeJ14o3BaLVazBYLhaeLqKiqYM32DdSaa1Ghoqy8jFE9h9TLO9Rv5K5fNBEBBKUnE3L9ILSD4zlvoFWhuziJ0BsGETigE6pAnVPewp04u+QWUhKTOV1RSmVVJRqVmkUrFiMicqowl8rqSlISkqgW7fXHihYb9mzpemf1+lce8Xnu1+QQwS46/637isNso2zhftldEdQ/qf4kTciV4CRXCKAyaDCM6CrrHFt++oqMresUBqCgwxGsiYAstbZZs2YRGOjMRtPr9SQlJUluY+9v71JRlKk8ufMENRUF7F/zPxmcrGHF1+v1vPDCC6g62NuoJiUcXaQzZlAdqMeYLi89XKy2U7k2p9XEqM7K4MBr7LrMQHnRueFKhKO4FnutBVGAW/uO5fu//pvQoGCmXzKJvJJC4qJiGZ02nPzThfRN7UVqUhcuvWg0b01/pH6TrdNxqrsYQYD/N+56Bo1NJ+TGQWjTzmGipVWhH5lM6A2DuHnadG4dcrkr2sB5r/X3LoBNgPl3vkK/1N6k9xlEQnQcxaWnufqyKeg0Wmpqa5k8+gqCAoNY/f/eoU94glP/Smb8VRO3sOf7mgfZEkWwAxUbTuLIlndOfVoi6hBjE7NsA9ESGogXYEgKRwiXJ1b885w3sVktyiKsoEMRrJvlnOill14iLS2t0WdTpkyR3I7dVMzmhY9RfGK38vTOcZQXHmPzd89RcWqH5GNHjx7dKEi1W7duvPvuux3q/gJ6JzbynxiToxDC5G0GNYuOYs2ran26fCutW1JkIHTxMuKwRLBVmgDYl3+UWQveYcOuLRSVFrP/2EGKy0rYum8HZouZzfu2kV9SyKR/3cdXaxc3IlRCvT9KoNxhY+zgkXQKi4VgvdOi9adBaAbGnlPjXzcqmdAbBxPQNx6LQc2IHmkM65mGRXQ446cEoeHeEdEA7y/7jHveegJRFPly5bdoNFp+Wb8Su93O178vxm6zsWjlj3z08zxKa51Zg3Ljr86of+XFumUvqqF6vjwvg2BUE+AuweARe1VnuXIPehe0aozpKbLOd2Dtrxzc9IeyECvwG6RKcgcC/8XpJmz9m5BWy8cff0x4eGPF5traWr788ksZi7aDvEOrCAhPJjgi6dwJMFdQv1oWn9jNjp9mYjcVy2rh3nvvbSLT0K1bNxYuXEhp6dkXq9T2iiGgS3SjDUKlUaEKCcByXN49W2vMBA6Oa1R0V7I+kdDUqtWsTJVHw4JOQ/X+PMQSq7SnHROINjqIPFMFOVWn2ZWxk9suv47Rg4ezdf8ONu7fxtQxE+mR0p1XP3+TTfmHOFVb5iTQgoCIyPNj78BUWcEtaRP58K7n6dO1F1ddfDmTel5MZtYRbhk6ia5durBt9cZzIjZLOziO5+59mO4R8fSN7MxHd7/EuKFj6Nm1B9P7X4K1pJwEYxiTewxnU26Gi3DBiZoSTlWXEoORR/70V1RqFV8v/5bk+CT+NH46h7OOctcXL3Ow9BSVdqd1pnb3CcRyaZm2hsuTMfaW6BJ2iJQuOYz9iLzySwGjUtFFBtVbLRu7BIWmg9Q1jtXBeiwFZYhVVsnnLDiRxbBJ11JbVcHqrz6SfMnAOGAyMA0YDowHegNDgUSgOxABhLv2T41r31VMZxcApEaMDwUk6yQ899xzdOnSpcnnbdUx2rv8Vazm/0dS3/EIghKseG5AJP/YRvb8PJu27IT9+jXVJwsPD+fZZ5/lrrvuOut3Gdi9QXqivlwJAvq4EEypEdiOSU/ysG4soHpEEQH9YpoW2PUwLLRodXD/1SMzsaVAedQChsFx1Bw9Ju26s4oResc5LWoCZFQV8uycV3nt7mdJjIknNTGFjOOHyc7N4dN9K71wQoH8skI+/r/XCTAG8NqXb3P3pJtZsWU1qZ26svDZjziUfZQn5r6Mpl80tt3Sg6s1lySiCjU0DlMUxabWGvfPRbCuygar9CBrXZdIDuUd46U7niIxJoEvf17A8dwcdBoNh09m8tpfXqCwtIhZn7/R9NEJ8MTPHzCw5wDUgsAD195FUdlpistLmP7+/2HF4bTuiC79KznxV12kly8yZ5dh+fWErPmiSgzG0CmiabwVTa1W9f3h+l2lVmFM60z10oOSz5u1ezO7//iFTj36yjJCAmOlUFCcXlQHYAY2AnOBBSjqpwrBkjiYXJuLwPXXX+/1bzExMTzzzDPMni1fXyjj97ex1JSRmn6NT2vkKfADtRIdnDywioOr32xTOyNGjGDAgAFe/3bFFVec9fvU9YtHHWRwI1duQSOCQGC/TpRnlshaUsu/PYi+SzhCgLY+i8ubFQo5hKsVMhCGlHBqJF6zI7cKu9mKSq+tP+GEAaN5Z9H/+Gj3z4hAlDaA1294ArNoRy+om5R7WZe5k+eCwzBZzFw7ZgqhwSEM6jGAXl16UFZZjtliYktpNrrkCHkEq0cUhv6xjcmUKLrlr4hublfn746yWqzLj0s+lxCpQxsZwJKTu5it0VJaUcblQy+lvLqSIEMAXRKTqaiuRKvWsjBzo9NV6PHMKhxWqqqruPZ/T+JwmUT+PeUhbuo3jjm7l7uep4Ct2iRvY4gLajIWWhxGVgdlC9oQ2D7IVW+wFeTKUxNLBHRxIZi6hGI/Lp1Mfvf2K9zx0tvtsTSoaAjL0QMTXD8PAlOBMhScV5Bq9hkj9QQTJ06ke/fuzf79tttua/NNZG75nANr52C3mZUn2kHhsNvI2rWkzeQK4IEHHkCv9+6l7tSpE4888sjZu1EBAro5N2pB5UmunD+aMCP6tER5JDWrhuptuY0Ci0UvmVye1q1WuRI9AuXrYrfcjTdy47DsFSZXPJHT3fPISV88QAAAIABJREFUT2/z8e5fEBBQIVBiq+XP815Gp1I3ZBAKDQWLpw+6jOzcHO5/83F6p/bCbLVwUb80DhzP4M9vPUrfrr2psFWjjQkGo/QXLeu2U85zqQTXj9NiJ6gFBI2AoFEhaATQ1P1fwJIlzxWtG5AAahW9wuIIDwkj/eXrsVgtpMQnERYSSqAhkBEv3oBOp2NgZGdX/FkDmRAFCNfoue6TpxAEAbXrj48teZc5e35tFL9lk1N/0KBGExFQP7YcovdkCXdU78zDcbhSVn9o+8eiiQxyI/pC43groSm5EjzZv0rAOECeuntx9hF+nvPW2VweRwG/uixiCi5QgqUGekg9we23395idlfPnj15/fW213c7tXcxu1e8g9VcrTzVDga71czhzV9xZP1HbW7rkksuYdq0aS1+Z/z48WftXg2Dk9AE6Jzkiqbkqu7/AT3iEPTyLK5Vnx7AVlzbJJurjnDZW9gUJcVueSFbqlADqq7S61JaT1c1vh530iC4bZxuQd11P531IXSO6USn2EQ+fuw/BOqNlJSXUltbw7B+6Xz80L/QabVMShxEkEGPpq/0JGf7zmIcpbWoBCcxbiBazh/cCZfauZ5Z12XJI1hJ4URrjYzsMgitRsv2FxbSLakr1TXVnC4vJSE6jo0vLcCoMzCkUy+itUYaAv5Fr4TL84HW9Z4c/Svd+CRQN9W/qiNbnskS9koLVV8fkDdh1IKz3mD9WGicJSh6ugTdSRdufQFoY4LQ9ImSdRn71/xytpfJi4BHUHDBEqxgQHI+dJ8+Z64F/ec//5mLL764zTdTfOx3di1/A1PVaeXJdhDYLLXs+/1DcnZ845P23njjjXqpj+bgLT6rXYxXOjUBXaOdb+DuIkYeG6AoCAgGLcZRXWWfq/zXo40KNTdHthxuPz6xbqkF9DJkEazZp70SqgZS1XATYl29RMEpNPnKdY8SHRGFTqfjxbn/ZM3ODXTtlEJwYDAPvPcMGVmHKSwp4pnpD3JDz0vRJ8mrV2rNKQOV63pUuJEtULkTLjXY8isRT0qXItD0i0IdoOOh0TcxceAlmMwmlm/6jXe++x9R4VF0ik3gs5+/4fvfl6DRaJg2bAKPjL2lvs9EjwfekGHZlGyJVjv2I9KtbPqu4bRosxIbj62KP7IQy22y+tw4LNmpVN/KeKvG5EpwjRShnpwZ+yacy8vlQ4AWBecNpCQgDQR2SSY9xcVERkae8XsZGRlcdtll5ObmtvmmguMGMGD8gwSGJShP+CzCUlvOrl/fouzEFp+0t3DhQq699tozfq+mpoaBAwdy9OjRdr1f47AUp3vQ02qFu7WmYacQHQ7KVx7EcVKeayXi7xefORhZaMqTzlTyBFp2B9UeKKL0X9skX2/o7UNQGbRNziACt/Uex/8OrkTnJVnFgQiCwG8P/RedWkNyQmf+9fW7XD3iSox6AymJycyc+zof7XEW4hatDsrm7QCTtCLD6n7hhD8wtH6HFz07w+2zyh8ysK6QXqYlcGovdAmh9Z3/2oS/cM3YqyguL2HP0f3YbFaG9bsIrUbD1gM7+POCVxBF789KhcAdvS9j7oGVXh+4tbiKqm/3Sb7GqNlj0EQHeCm31PQqrKcqKHlhvby3+ygDYRP6IWjV9fOiuXirxiVz6shVw2WJNFg+qzZnYd1VcK4um9OAH5Xd48KzYElmK927d28VuQLo1asX33zzDRpN20vhVObvYct3zyuCpGcRtRWFbPlxps/I1RdffME111zTqu8GBATQt2/fdr1fIUiLMSXau0vQG7kCUKsIGJIs34q18ACizdE6y1MLrkRv1q2WXInaWHl1Ce0VtW5WqgaLS5lo496pt1Fjq210AXUim3VB3vd98ixqtZrgwGBuvfx6kuI70Te1N+8u/JiPdi8DUUAQBVQaNdo+MtyE+0qxF1aDxQ4WO4LrB4sd0WJDtNjAYsNxugbr6hwZY0SDLjoEQWy4ucd+eZ+V29bQo3Mq6b0HM6xfOl0SOrPv2EHuXDirIdNTaFpfMsoQxHWXTW9sFXR74LLir6K1qCNcCRruGmlNBpNz4FQsOyJ7/AYMSQGtpmFe4BFv1YJLsP5e3aygdePK0DtOnsJjx8D9KDhvIIXNSF5VvUkztIRRo0axefNmJk+eLKsQdKM3q5p8Ni/6G0OueoGIxL7Kk25HVJ7OYecvr2Mq9Q3B/fHHH5kyZUojYdEzYcCAASxevLjd7jlgSDKCVuXVelUf6O6+cbi+o40ORDsoDusu6ePdfqiCmh15BA5tZcC8B4ty78469ffmrFvu/9eEG1ClBODIkpZPaD1djSY2mCqHnf83cBLv7VnGzNG3MfGiy+ie1JXdT33Nsk0reHr9FzwxaBqf71mOyVXyBRF2VhZgtdt4/N3nMIk2LFYL1wy7EqPW4CQtbvdo6ByBdUee5D4tnbWhPput2W60iWCTngKqG5DgjN+qE3UVQIsKvVrLh9/NZWfOQVQqFT1iU+iRlIrgVmVZBPqHJtIvNpX5R9byxpUPcungkcRFxfLLA+8xb9W3LDz0Bzf3v4L/7lqGRhCwnpTuHtQNTUTQqJoybi/FxGv3F2LbLLPeYGoEurjQtrkEEdzi9RraUIca0A7rhHXjyXNx+bwcSAayUXBBESzJuPTSSyUfk5aWxpo1a7j11lvZvHlzm84v2mvY9v1TDJr8IjEpQxRB0nZAad5Bdi79JzZTUZvbioyMZPny5QwZMkTysfHx7Vc+RRVhwJAQ3tQlCIiqxjoKYpPvCBj7xssiWACVXx/A0CsKdYhexgRpzKAEL2QLL4RLUAno+8dSmyVNosCaU4qxTxw2HNxwyVXcPelmggOCmL/yW7p27sLy7b9z25U3cv1l0yk4Xcj8Pb+icnPPGVAxZ9l8Pj+42pU5B9mFp4gKCG2w0LmscdqwQIQANWKNNDchFoffBIkMnSLqiYooNPT/6h1r+erIWmwO57WqMtZxTdeLXaRRrB8qKhEevvpuntI9SLWpht92rGXqqInsPLKHF+94kvtL7mDn4b0Iu5chWuzYM2XoX6WGt0o+RKy2UrnogOy+CBiUBCqhVRIMjV2CQhOXYKOXFtfvhh4xWLeekkWEO8CefDfwnLKbnPvwqyG1qqpK1nHdu3dn4cKFXHXVVT65jl1LX+TkwVWIokN54n5EUfYOtn77hE/IVZ8+fdiwYYMsctXeCEhLBo2qqUtQ1dglKHoLeleBOkiHflwXWecWy22Ur85ylsJpRTp9i2TL7aeRtcKLDIQhVboQpSOrAofZRqhay4I1P5IUm4jRYMSoM2DQ6gnUBxBoDCAxKo5lm1ZSY7fXu/0EUcCImnkHfkftFvG9ozSHFSf3Ot1YrvQ2QQRBrULbPabDjBEhVIdKraIull9wuH5E+PLg79js9gbPm83OwiPrXe65Bv/g3rJcDmQeIjo8isjQcKICw9CqNWjUWtQaNQnR8by36ktUguAsT2SXPhI0ccHNFw13X9u3nkI8JU9jS39REpoQY+slGDziraCxS1D0YvlSB2jRD+98ri6ld/jb+KHgPCBYGzZskH1sUlISn3zyCXfccYdPruXAqjfI3PGDQrL8AVEk9/Badv70vE+aGzt2LL/88gs9evSQ3cb+/fvb5dbVicHoXa4Od5dgo3grbwFN9b87C/rqu0YhxBhkXYP5p0ysJyrqyVBrtYtaTbhoGruljpMXh1VXl3BC2liWrP2FXzb+xkPX3kNlTRX3X30HP/y+jB9WL2VC+qUNpMlDjKs+LsjRQKrqJSVMNsw5JZSvysCyO6/jTJFyC6Vf7aBiwzEseeWIFnujfnYnXIIn2XV9Xmq3kt5nMLO/eINjJ44zfdxU1Go1d069iXcWfETG8cPcPtQpYWI7LSP+KliNOlTfaAh4KxpuK66h5utD8ohmsJaAHrFerU4tSTA0mjNu5MrdMlzvVnT1obFbNILhnBSf7gRMUjaWC4tgSa7tkZGR0aaLi4qK4u233+bxxx/3yc0e2ziHjHWf4bApZaB8x60cZO/9mX2/vuaT9m6++WYWLFhAUlJSm9o5fvx4u9x/wIAkVz5/A7ny1HjyTq5ccgSu76i0KgKGpcgmQxU/HwG7w5P3Nkqn96V1SxNhRIiQnlHuKK5GEAViwqPon9qHcUNGIYoiy9b/ikoQmHjxOPp370tIcChqV0ZhS4QK0Zk1aMmvoGLrcUrmbaNqxWFsxzumKLb1YBGVyw5SOm8bVbtPYi2qcrqxPCQ36khV3ed11XkiQyO4avgE+qb2ptpUy6ZdW1AJKm4YP4OosAiiI6NxiGDLkR5/pRka36w2W92lOEQo//WYbNebcWgKgk7jPd5KaEmCoYFY1b2UNIlpxOlGFVwfqrQaDCNSztWlVQl2Pw8gJSipNyDZ6Z6fn09sbNuq3FssFl599VVefPFFn9x0XK8J9BlzFxpdgDIC2gCH3crRrQvJ2jbfJ+09+uijPPfcc4SFhbWpnYqKCnr27NnmRIkzWq9Swggb09NrlqD7W3mdm8PTalX3nXqrhQMq1x7DliGvGHTII2kY+8W0anp7K7EjFaXfZ2BaIpHI9o5i1+LfiQ6LRBRFvvhlAXdOvonIsHDKqyp4/7u53D31FmpMtRSVneb2D57itLt4cN2+7hCxltZgPlWKZW8eotl+zs4jIVKPvmc8hoQw1MEGL3WKYHLKEP4y/c8kxyZSVFrMD+t+5unbHkGFwP7MDNbu2sgdU2/iRMEpcgvyueziMZLZdNBfBhJwBo0zc2Yp5a/Ki41VdQom7LI+9SKmciQYWgqGbyCkQv3vos1B2Q+7EEvPuZdqO85g93KchaI748zk7wREASE4i0lrXL9HNNNOlqtXcoBc4CSwFzgKVKHAr5Di5811PXRJNtcTJ060mWDpdDr+/ve/ExkZyUMPPdTmm87PWI6ltoL+4/6KPjBcGQVyZr/VzIG1c8g7sNQn7b300ks88cQTGI3GNrdVUFDgd3IFEDgwqXkJhkZWq6bkqr5QrSuIpM4yE9gvkXKZBKvy6/0YnglHZdS6Nh+x2fcpt3rF9YRLKtnSp4ZjQhrBEg4WM+jlG7g+dTifPPUmYUGhBAcG8dCbz/CfB1+mc0wiAQYjf33zKVbkHsAgqOutWAC2KhOWvHJMh/JxFNWeF3NJPG3GtCELE6BOCsHQLQZdbAhqo65+LC09vp3v/r2F+wdP4tk7/o+01P4UlRTzwfdzeeLmBzmUfZTqmmqu+ud9HDmVI8tUqY0PbpL40Og6rXYqvzsof76kpzSQq2azBN0lGNxV3VsgV6KbccuNXCGCoFKh7RqNZfupc21YqIE9QABgaEM7/ZvjykAGsAZYAawClDIofniIrTYkAX8GJJkX0tLSSE9Pb/OFqlQq0tPT6du3L4sWLWpze7XlJyktzCIisS9afZAyEqQMBFMFe1e9T+HhFT5p7z//+Q+PPfZYs/UFpeL3339nwYIFfu0Dbe9oAlJjXC5BoVUuwbpNQRQassJwCI1cYGqdFodWwJZbIf2iquwQqUefEoYnxxNaIRrpZgBolXVLEARqfpOeTR7cNZYcexmUVnPvjNuxWC0YtQYSomLp360PMz/5F4uPbEGLyrkB11ox55VTuT2L2g3ZWHPKEGts5+XcEivMWLNKMO3Lw2oyIahVqPQaVGoVGlRsyz9KvDqIGyZMp7yqggCdke5JXYmLjOXZj2ezsygL8muwSayTKERoCJrUvb4MEF6GS832PCy/npA3XwbEYUyNOQO5Et1eRgR31tQk3oom5KouGaLhc+wi1ftysWzznVyDKtmIpl8kjhPtwkWM+C/YXQPEAcOAP+EsON3dZenKR0G7EyxwFnvuLdWacMcdd6BWtz3YUBAE+vTpw+jRo/n888/b3J65Mp/8zJ1EdR6AzhiqjIZWwFRVzJ6V71KStd4n7X3++efce++9PhkfAHa7nRdffJEDBw74tR+CL+mOYNA21bdqLt7KjYA1CDgKTbPfHKALCaD2WCHYpCdkWPcWYxiegCpA622PbGRUa4lseRIur0riBi3Vq4+DRZq5RBUdiC4yiIMFx7k67TKWrlmOWq1h877tRISG887Pn1NSXYmlsJLq/aeo/uMYlszTiOUXVjF3R3ENlmPF1B7Mx+6wI2hUaAxa1BY7vTp144/t60GALXu3ExYSxv0/vIVBpaJm3ykcp6VZ97QjEjAOimt+XlWYKX97K1hlmMY0gnO+aDVekzxaJcHgEW9V94IieFqtXOTKYbJRuSkT6x7fcQXNsGii7h2C3WLHuqv4fBtuemAwcB8wFNiKjLhrBW0jWCmApEq6ubm5TJ8+3We6RIIg0LVrV6ZMmcK8efOwWq1t25AtFZw6tJ7whN4Yg6OVEdECqsvy2LHsn1Tm7fZJez/99BPXXXedJAHRM+Hw4cM88MADfu0H3aAEDClR9St9E5egmwRDPbnCnVw537ZxC2R2zyATBAFVsAFLtrz1zeqwYewX26Lsm0+sWyoBq9mK7bC0gHJRI2BIjiLaEEx1aRn/+uMrlu1bx++HtqMvtXBw024yl23DcqgIR3GNMvEcIvb8SsyHizAdLaBXSg/2ZWXw7pbvWbZvPcsPbSVRG8KvmTsx2KB63XFnNLoUU8mELmjjgpsl05UrMrHvkzceDaO6NBIV9ZRgcB92rYq3as4l6PqbrayWitUZ2HMqfPYIjDNSCb+2D6pALeasMqy7i8/X0Sa4LFn3AlZgIyAqk7B9CJYFuEfyhqTTceWVV/p0I01ISGD69Ols2LChzfE2ot1E7sEVhMT2IjAsjraF/p6fKC88xtbFL2Eu943A8KZNmxg3bpzPr/PTTz9lxYoVfu2L4Eu7I2jVrZZgqPuOqo5ceVisGlyEYv3n2kAD5rJKHBXSrTaOrEo0vcNRRwa0FFLTduuWAKLFjnmzNDkEsdREQN94Ku1mduQewVZRS21WMVXrj/DHjyvJzzwpS8PpgoDVwYEde9n+xybMReUgCGh0GjacOkCAoMZWUYv5gPQ6fIFTu6MK0jUh0wLOeoNVH+2Rb/lJiUAbHuC0VLlZrRoNNi8lb6S4BOsu2pJXTuWyA4gVVp91edA9/Qm5NAWVS+HelH1eE6z6x+YypowClgK1yuTzP8EqdDFbSUFLW7ZsYcaMGW0OdvdEdHQ0kyZNIiMjwyeFffMPr8YYmkRwZGdF9d0NJaf2s/Xbx3BY2x530L17d/744w/S0tJ8fp3Z2dlMnjzZr31huLgzuoSwVkgw0MglqHJ3CTYhViCIYqPPVQhog4zUHpMn2motrsSYntgopsZdpkEe2Wr6gSAI1MqIw9LEBmMtqaZq63Fqt+RgO1mOaLIrk00KUa20YM0uxXQgH0tFNYJGjbWkGttJaQruQriGwGbir0S7g/J5exAL5O+vtuxSbLVmNDHBCFqVVwmGM7kEobEEg6fVCodIzaECalYdlWy9a7ZfAlSEPTGsPjPXeUoBy4VBsOrQFbgOZwHqMmXW+ZdgOYBegOTd0WKxMGXKFFQq32qbhoaGcsUVV5Cfn8+ePXva3F5h5npUumDC4rr71OJ2ji7hFGRuZedPvqnaMHLkSBYtWkSvXr18f6WiyD//+U/WrVvnt94QdCqCRqYiaNTeJRjcXYKCF5ege7yVO8ESRY//O2eaRq/DZrdjOy09m1o8bUHoFIguMaR5C1QrrFvCGaxbKoOWmhWZki1OlszTWLNKECsVTTpfwFFqwpJ5WjK5AtCOTMAw0Hv8lelAEeYf215T1FFcg+VoIaqYINTBerzFW7UkwaDyIsFQN5BFi52qrVk+zRRU9Q8n4qGhzsxKN2se4CRYe4ovpOEVDswAflBIlsQ9Q8Yxo3GmdkrGkiVL/GZhKC8v58knn+Sjjz7ySXud026gx7AbUam1F+jQEMnZt4KM39/2SWvXX389b775pt9qBG7dupWhQ4f613o1pgvG7rGNmUej31uWYKgjTu7ECg/17kbuQ1HAXmuh4OediHLeyvUqIl8ZgzrMIGlBaO2iUHefpYsOYPkl55wb4ePGjePuu+9m2LBhBAcHy26ntLSU1atX8/777/vkJa+9EXjvAAKGJDQi3wCOWhuls9YgFvmWBGsvSiSgXwIqnbr+jHIkGBDBUWWmYu0RHLm+k3TSjk8iZEpPBKPGs2woAJVrsqj9MoMLEEeAi1GC3/1KsMApONpb6kFdunRh7dq1JCYm+uVmzGYzM2fOZNasWT5pL77PJHqPuuOCEyR12C0c37WEYxvn+KS9v/zlL8ycOZPIyEi/XG9ZWRlXXnklmzZt8t9ECdIQOmNwfeyVc6X3rm9V/2eH0CSIHQ+XoDfiVf+ZKxC+ZG8WtUflxRnqp3YhdGpPWTNeaOUhNbvyqXhv1zkxtvv27ctdd93FhAkT6N69O1qt1qfrz549e/j11195/vnncTjOjbJcYc+PRJsQ3ORhV/6WiWnBYf/Mp2gDQZd2RxMR0DTeiqbkqs4CDA3zw1JUSdXqQ4iVvpPsMN7Sm4CLkxBcel2C4GG+AirXZmG6MAkWOOOxpqIEvrcKcnPjRUCyKaqsrIyysjImTJiARuN7eQ+NRsOYMWMIDw9n+fLlbW6vqugIBVm70QeGodUHotEaOT8D4J1BEFZzFaW5B9j/x/98JiD6+OOPM3v2bEJD/SODYbPZmDlzJl9//bVfeyhgTCqayMC6ND837aszSzC4u/7qyZXn542+62xMtNgoO3SS2iPya+rZD5ehS4tBHaKX/YrVGldi7eqObcF65plneO2113juuecYM2YM0dHRPpMGcV9/EhMTGTNmDA8//DBXXHEFoaGhbNmypeN2jF5F0LSeCJrGoRu2omqq3t/lv220xoblQCFikBZNeACCSmhBgqExucIBpswiqpcfAouPSKxGIOjhdIwD40El1Gt01Xsj3WpyWrLLse29oFyE7ugBnAJ2KPTJfxasIJwS/LJMEm+99RYPPfSQ32KcHA4H8+fP59Zbb/Vpu+GdhxESlYIhOOa8GgSW2jIqio5TkrURUfRdoPHMmTN58skn0el0frv2efPmccstt/h3kkTqCZ06EEEreLVa1b15uxOr5iQYcIgtugTrfjeXVXN662EclW3XflIPiiDyvovqVbR9sRq4W7dEm4OCv6zocC+1d911FzfddBODBw8mPPzsVGwQRZGCggI+++wz/va3v3W4ua8Zk0D4TQOaMOqyBXuxrm4f9XNVtzACLk5GHWxoUYIBB2BzULXnJJadub6b392CCb5pIJrYwIYxXfc3L2bcqrXZmOdfsBYscLoIu6O4Cs88v+Qad4D/ALJ8cQ8//DCdO3fm6quv9s+EVam4+eabCQ8PZ8qUKT5rtzRnM6U5m5VR0wr897//5Z577vF5UoM7Vq1a5XdyBRBwcZdmyZW3eCuv5MlNgsG7S1CoL1xckV1A5e5sn12/fVcJNfsLMQ6IbZlHia0nXO4GBUGjQjchCcvys2/FuuKKK7jrrrsYNWoU8fHxZz1RRRAE4uLiOuw81faIwuFBmM3HStqNXAE4jpZRlV2B8bKuGJKd7+xNrFYiOGotVG4+jv1Yqc/OrR4ZT9DUXqgCdYiujhBxi7kSGyxYSmJ5PSKAx4Bnla7wjwULQAdk4iw4KQsrV67ksssu8+sNbtq0ieHDhytPuh3x3XffcfXVV/t1c9uwYQMTJ06ksrLSv2/XScGEXtEHVIJ3CQbqiJTQhDw1ibfyGmcFgsO5qtuqTJTsO441t9z3Ez1eT/hTo1EZNQ0TX0r9wTN8sWZXPlVnKQ4rNTWVJ598ktGjR9OjRw+fu/7a/GJWWkpcXBwWS8fLmAxxj7/CmZFX9tZGHMfOTh1gTb9ogtI6o9JrXUTLWTfTXlpDxe+HEEt8p+avm9Ed48hkBK2q8TD3ED/1nC9V67Ixf9X+FqyLB6YyOr03kWHB6HRauifHIQgCBn3zHgKL1UpltYmc3CKOZucz/8e1VNb6ZByW4Sw8rdQv9IMFC5yio48BsoNfxo8f73eSdfHFF7Nnzx7+9Kc/sX//fuWJ+xmrV6/mkksu8Tu5mjBhAlVV/t8EAtI6O11rzboEaSrB0CioXWxs1WpCtARwiFSfOk3Z1mMNVZh9DDHPTPXGHILHdW2wQIkeulhCK61bXr6kjW/fep5hYWE8/vjjTJo0id69e2MwGDrsnFi3bl2HJFcAmqjGCTy1O/POGrkCsO0rojyzhMDxPdFFOyVGbKU1VC7b7zudNLWA4fb+6PvFOseyvUFqRfQY7EJ9qemGadAejvBXH7uRYQN7EBMZSlCgkejwEFSqtq+p/3zqNrJOFrJx1yFmvruQU4WyX+bCcMZhL0BB8y/obTz+G5yVuGVj/Pjx/PLLL369yf79+/P999/73Vp2ISMlJYWtW7dy6aWX+p1cXXHFFe1CrtTdwtHGBDVxCYqNVNldJW8c1P9bZ7XCITZ1GXqQK3utheJdxyjbctRv5KoO5m8OYyuqbpY/uS4ZUTzDJuKRKg+giQxAMKj8/kzqXsqysrJ49tlnGTx4cIcmV6Io+j0BQza5uiTRmRXreob2chO1X579l1Cxxk7Vjweo2nUCW4lvyZUQpyfw4aHo+8Q4B7tDRHSA6BAR7a4J4GgY26Io1v/gcvO3B8Pq2SWR4YN7kto5jtjIUJ+QKwCdVkOPLgncPn0sW7//Fy88cE1bmpum7Hz+JVgAdwFtKvp05ZVX8tlnn2G3+0/JuXv37nzxxRdcf/31ylP3MdLT01m6dCnp6el+O4fD4WDx4sWMHDmS6ur2sUobB3dyzZDGEgyqOgkGd9FQh4t0OZzxVk2U2h0eFi+HgKmonIKVuzEfb7+MpOoVx5zXdyb+JNbvP2feT0RnHJZ2TCe/X39paSmjRo3yW1aqr3H48GHmz58vfWEeHEnIS6Mw3N4XoWugX65N290tR8kBNWuy5RVz9hMs209R/v0en5Er1cBIAu+6CHVMEKJddGo8UXAcAAAgAElEQVTL2XG9CNWRLbGebDn/3kC4RMBhsWM7etrv956dW+T3c4SHBPLkvdN59/k75TYxStn9zvCS7oM2KoB8oE0R6z/88AMajYb09HS/ZZ0FBwczfvx4ioqK2Llzp/L0fYBp06bx6aef0q1bN/8ttBYL//3vf7n99tvb7+1+QAzGHjGSJBjwUvKmaSahgMNqoyzjJBXbj7d7zT1HdiWa3pFoIowNShOcORar0Yt7M65E0e7AsiXfr9efl5fHlClT6NSp0zkxPxYuXMjSpdIlT4wzeqHrEo62UwjGYZ3QDImDCB2O/Eow+UaaIHByKqpgp3yH9VQ5NZ/sPW/XKc1lnQmY0BOVUesKpXRJMbgGtSg2uAMBtxqHQsNLhAi167Kx/XbC79c7fGB3RqX39vt5BEFgYK8UKqtq2LLnmNTDQ4E3ATMK/EawAHYBKcCgtjSyevVqDh8+zIgRIwgJCfGPVcJo5IorrsBkMrFx40ZlBLQBN954Ix988AEJCQl+O0dBQQGPPvoos2fPbtd7CxzbDcEVEN6k5E0zEgxCixIMzoYsZdUUbzmE5UTpWXtu1tOVGIckNK49J4FseRKuOo+wOlBHzfocsPiXNMbGxvqlULivUVVVxeTJkzGbpe8/gTf0cbrvAFQC6mA9utQIDKM6o+kbhSNAjeO4fMeBemAEAZekuGKQHFR8sw8x//ys56u7thfGoUkN493dKivWjXnBSbbEhr8LCI3Mt5ZjpZg/39cu19wpLpyp4y5ql8xFlUogNTmO9+fJ0o78EihCgfe+9WFbD7iIVpuwaNEiRo0axa+//uo3JWSj0cjs2bP5z3/+o4wAmW89999/Px9//DHR0dF+OYcoimzcuJFLL72UOXPmtOv9aYcmoA4zeIm3oiGGyt3t53IveLdYOY8V7SKVx/Mp+m0v9pKzu5E5DlVQszPPO2MS3Ted1lm26lyJQpCOoDsG+P36Z82aRVFRx1/Td+zYQXm59CBi3dSuqI3eFeYFvQZdtwhCrulD2GtjCfjrINQXSdflC5zaCwSnJdZ0sBjHrtPn30IVqMZw92B0feOcrm6X+8/dJYhDxOEWf+UUAXa6+OvchKJdxF5iwvRV+5VBWrvtYF0BoXYidJF0jo+Qc2gkCtqFYNXglNAvaGtD2dnZTJgwgeeff57iYv/Ep+h0Oh555BF++uknAgMDlZEgAV988QVvvvkmQUH+yRwrKyvjtddeY8SIEWRktH86tKFnbEO8lQOv8VaCe7yV++cOj7I4ooCtykTRpkNU7MjqMM+w5rP92MrNzS/hzZCtFmO3RDD0iyHgz/3OeH5NejTBfx2E4YYesq5/zZo1HX6eyA1u1/WLdVpQ3FX+vS3ewToM/WIJvWMwoTPHYLitD6rUluekEKgm6LGL0CQEIwK2Gis1X55/rkGhRygBd6WjjQ+pTzhxkiVweAS1O1+cXN+xi/V/rydiFjs1SzMQS6yyrqVfv36Sj8nOLcFqtbdbf50urSQnT5ZuqB0FzY9DP7Q5ANgA+IS1JCcnM3fuXEaPHu2X8joAJ06c4IMPPuDVV19VRkQLuO+++3j88cf9Fm9VZ7V67LHH/FpXsMXNbXRnjP3im5dgaBRbdQYJBgfU5JVSuvmIcwHvYNBN6ULwlJ6NFgNB4orR3F3Z8quo2XISy8/Z9feuSg3CeGkK+m4RaCKd8gC24hpKnpFOliZOnMiPP/7o01qCvsTx48fp1q2bZCu80DWI0EdG1Kvue9YUr+/35h6UQ8SaV4XlSDGWFccRS52kQIjUohvXBWNaPKrQhqzL6tXHMS88fF6tU+qhcRjHdEFwaWmJgltNwbq+89AlEdx0hOuDE13fNW3Iwbr0mOzrWb16NWPHjpV83NGV75AYG+H3/lq37SCPzp7L3iOyxGVTgGwUtBvBArgM+Akw+qrBe++9lyeffJLU1FS/be6HDh1i8eLFvPbaa5SWliqjA6c79ZFHHuH6669nwIABflNmz87O5t133+X1118/i4xDRfBNg9AYtPWq7N6Ik/ONmBbjrRxmG6X7czBldmxXVsizw9EmhTa7MLSVcIl2B2K1FdQqVIHahkPcAuVLPtuFbb304Pi9e/fKsg60B+bPn8/NN98s+TjDnf0wpCe22N1NiLDQPNF1VJhBEFAFaZtIkduLayh/fu15tV5pJ3bFMCAeVCov7NSt3qHbIBQ9BqXg9h1rdhm1n8iPfLnxxhuZO3cuffv2JTMzU9KxB37+D106xfqtr6prTHwwfznPvSVbysrkyz1eIVhnmWQBvPHGG9x0003ExPivHmBFRQW7du1izZo1/Pjjj2zduvWCGhR9+vThqquu4tJLL2XQoEHExvpvkpeVlfHtt99y9913n/X7NozvirFbtNMl6E2V3S2QvUHXykm2RJMVh82BaLFhr7ZQvicLR421wz9rdVoUYX9OA43qjAuFr6xbnjBnFFP5xjbJ1/7vf/+bRx99tMP1qdlsZsSIEezYIb0ebuisS1GF6s9InGRZtzwsXRXf7MO2Nve8WbfU/SLRp3dC0GkQdGoEo9bl5/dOturL4jRDthwVJmo+3Q6l8ufxgQMH6NWrF3fffbfkWNIVc//ul0xCURTZtOsw//jwO35d36ag/Y3ACIVGnR2C5TeSFR8fz+zZs5k6dSqRkf6NsbPb7ZSWlpKbm0ttrTM4OScnx6+aXe2NpKQkNBoNOp2OhIQEwsPD/VqguY5YLVu2jOeee07ym51fJkKYltAZA1FpNM5V1uYKgjXbEc02RJsDR5UZh82OvdqMo8aKw2TBXlh1ThCplhB4/yAMA+NavSr4yrpV/7nJxuknVoHFIWscdTRNrK1btzJ06FDJx2ku70zwtOY3VLEVz6W11i3L0dNU/Wcb5zuEcB1Ccggqow4hWI8QqEOlUzt/16qdpaO0agSVyq1ig4Boc1Dz434c++XXM/7iiy/qa6W+8MILvPzyy5KOX/LhU1w2wrdJIzl5xbz96RLem7/CF809DfxDoVEtzGk/t/8bMB74ER9mG+Tl5XHnnXeSkJDArFmz/Eq01Go1UVFRREVF1X82bNgwZeS0kVi98MILHD16tMNclyoygNpDhTjKTThMVhx5lYjVtgvimdQs2I+uWwSqQF1TJuRlUxc9/m3WuuXRjtDcnwwa9FelYl50RPK1b9iwgSuvvLJD9ecPP/wg6zh9v5YtxYLYMnESvTwTzwB5UQDRbKd60YVRNkwstSCWFnMm6i7EGBDigxCMWlSRAThKatpErh5++GFuuOGG+v8nJkov2XuqoMQ3fSCKHD9ZyOIVW3jmDZ9VFRBxVnJRcBYJFjgD3kcDS4Euvmw4NzeXO++8k6SkJP72t78xdepUkpKSlKfaAVFQUMAvv/zCrFmzOHLkSIe7PvuxcuzHyi/IZyOWWKnZcpKgsV2asirRi5nkDBu71695tOOp72PsFyOLYC1atIiJEyf6tTyTFBQWFvKPf0h/qRdi9Wg7S7DEiS27BUUvPLmOcNXuyEXMqUWBW38VmhALTc61oI1tDR8+nGeffbZRAoacMIuScu/lwExmKwePnQREThWUkBgbgVqlJsCoJyq8oXB3fnEZmTn5rNq411cWK899/bgycs4+wQI4CFwELATG+rrxEydO8MADD/DAAw/w9NNPM336dAYPHuy3rEMFrYPD4SAjI4OFCxfy0ksvOet5KeiQMC84jLFPDJqYQEShBROWBOtWi65Ej3a0sUGo+4Vj3yctuWTOnDk8/fTTfq0kIAUbN26Upd+nG9e1QVhUBlpr3XKUmaj97pAy4P2Id955p4k+YHBwsOR2jmblef3coNfSOSGKn1Zt48GX52C3O87GbZqUJ31mqNrxXKeBicAb+LFc5quvvsrQoUOZPHkyixYt4tSpU8pTPgtv8UuXLmX69On07duXF198USFX5wCqfjuGw1V8sD7I31tlZ89du5kCuPWbOo3q53r/oiBgHJ0s67p/++23DtF/NpuNuXPnyjpW2zOqodB2W6eK6FHCye3zmjVZUK1IF/kLc+fOZciQIU0+j4+Pl9zW5t3NW3Qjw4K5Y8ZYjq58h8f/PPls3OponKVyFLT04nOWznsN8D8gzN8n0ul03H333Vx77bUMHjyYsLAw5an7ARUVFezZs4dly5bx1ltvUVNTo3TKOYig/0tH51YE2DPxSmzt8iEjUN5Raeb0E6slX3PPnj3ZsWMHAQEBZ7Xv9u7dy4AB0oOSVekxBN82uEmf1feRj1Zp68lyqv6xSRnkfsL999/P22+/7VWbLTMzU5bEUMXOz9FqWrZsOkSR3zft46GX/0fmyeL2vOWxwO/Kk29hbp+l834LDAT+8PeJLBYL77//PuPGjSM8PJwnnniCNWvWUFxcrFhVfECqNmzYwCuvvEJqaiqjR4/m1VdfVcjVOYyaxQcRzXZ3o0e9FUoUacG61dSKItW6pQrRo5ssPUzz0KFD7Nq166z33apVq2Qdpx/ayV3bsmkfuRJa22LdEm0OapYfUQa4nzBw4EBefvnlZoVv5dZrLSmrPPMmLgiMG96f3+e9zGuP34RBp26v2+6uPPnWvUieTYL3F+A1fKT8LvWNY8KECfTt25euXbuiVquVEdEC7HY7J06cYO/evaxatYo333xT6ZTzEIbb+xIwrFOrFw9fWresOeVUzJZehP2RRx7hjTfeOGt9Vl5eTnJysvTagwYVoTPHIhi8x4uKZ+r7Vq7gpr0F1H64SxncfsLWrVtJT09v9u9ms5nk5GQKCqRVkju0/C06J0RJ2tBPFpTw8x87+GbpOtbt8CupngX8XXn6HZdg1aErTpfh2LN1Aampqdx3330MGTKEHj16EBsb22HLcLQXbDYbhYWFHD58mJ07d/LDDz+cEzXgFLSVYakIfX406jCD5IWk7l9RkLDMuCct2hyUvrYW8YT0LLcTJ07QqVOns9JlK1eu5PLLL5d8nPbqbgRe1jrXkdia/vfS1Y5qKxWvr0Mssihj2w+YM2cOd955Z8vPThS5+eab+eqrryS1vfqLF7h4kLx6nQ6HyMn8YrJOFpJfXEatycLujCxM5sa6ff17dGbxyi38sU1y8sNM4HllBDSPjpJmlwmMA24E/g0ktPcFHDt2jCeffLL+/+np6UyYMIH09HR69uxJYmIiwcHBHSYd3NcQRZGqqipOnTpFZmYme/fuZcWKFR0mgFhBO8LkoGZNFsFX9Wr9+PH4111/qXFWohfC5fZnQaPCMD6V2rnSFabXr1/fSHuoPeeO3MLO+l7Rjf1+LawvQguEq77/xaZkq3bzCYVc+Ql//etf68VEW3yHEARZWlhmi3wRY5VKoHNCNJ0Tohtdh+c4Kiqp4OV3F8o5hZJBdo4QrDp8jVMv6+/AQ5zFOkfbtm1j27bGSsfTpk1j2LBh9OjRg65duxITE0NISIisFNyziZqaGsrLyykoKOD48eNkZ2ezceNGFixYoMwIBQBYf8nGOihemjaTx4bvTrbcCcKZZCD03SORo9L0/vvvM2PGjHa3PGdnZ/PJJ59I3wB7hKCJC2osIiaeQTCsmZ5rjmzZi6qxfKfEXvkD06ZNY9asWa0eb8nJ0rNkfSU26v4y4D5W7HYH/1uwgrIqWaoLJ5VRcG4RLIBK4CngPZwmyJuBDhEctXjxYhYvXtzos/DwcMaPH0/fvn3p0qULsbGxREVFERYWRlhYGFqtlpCQkPbtwMpKLBYLVVVVFBcXU1lZSU5ODjk5Oezdu5ft27dz7NgxZfQraBHVPx8m7M9DEDSq1tW3a4FsQeutW+pwI5qxidhWS3tBXrNmDXv37iUtLa1d+2n16tWyjtONTuGMoq5tsW45RGp/PaoMZB9DEATuu+8+Zs+eLSkrPS4uTvK5yiuq/XYfFquN97/8mRff/VZuE9uV0XDuEaw65AC3A6/irHd0FR0nZqwepaWlLFy4kIULvZtY4+Pj6dKlCwkJCURHR9O/f3+0Wi06nY6goKD6otWCIKDX61s8l9lsrs98LC4upqKiAqvVisViISMjg/z8fE6ePElOTg4nTyovFwraBsfuEmozijD0i/UgRW18i+bM1i3DwHiqVkv3QCxZsqRdCVZNTQ0zZ86Ut/imhDtLuIge5YYEL4RLhnXLcqwE+6Z8ZSD7GPPmzWPGjBlnXK89IedF+0h2HoLgA20093ntcLD/yAne+mwJ837aILeZfUCBMhrOXYJVhwzgaqAf8DhwCx3EotUa5OXlkZeXp4w0BeckauftQ/tsOKogXf3GLZyhTItUsgVNrVv6lDCqo3SIxdJih1544QUeeOABvxeBr99l9u3j+HHpFUM04zs7+9S1c4r1/Sg0Jp3eyJY3wuVBtkSLndofDyoD2EfQarW89957XH311U1U2lsLORasXQezyC0oJTBAT0iQPJ23WpOFsopqThWWcPxEAQt/3sBPq3e2tUt+xI+C4QrBan/sA+4AXgIeAe4EgpVHqECBH1Fho3bzifpMN691B/1h3dKp0V3eBfNX0su6bN68mUmTJrVL90jNCquDrl+skyM1YZuuGBkBRJf2hWTrliBg2nYKMataGb8+wm233cY999zTpjYMBoPkYzbuOkrXyx4EINCgZUi/VIb060pEaCB6nRattukWbjZbsdps7Dtygv2HT7DvqM9j0W04s/4VnAHnckpcGHAb8ADQQ3mUChT4CSoIfm4UmujAFkmUQFMy0JZXXFthNRUvrpN83IwZM1iwYIHfde1yc3NlZYYJKYGEPHAxqBvrPDdLTt061FN7zBvs5SYqZ68Dk0MZuz7C119/3eYM1aqqqnMuIaoZLAKuU0ZFq5bOcxZlwNtAL2A8zgxEpUS8AgW+hgOnCrjDSZfc69x5ZrI5ADvNKb9LgyY6APVg6a6+7777jkOH/F/QeP369bKO0w5LAlXTwJrm+rVBEV90ZYGJTgV8saGP3VG7LlshVz6GnBJITTZblYqIiIhzvStMwBPKiDj/CZb78vMb8CcgCfgrsM21xitQoMAHsG8qwHz0tNfZ562wsHsZnDrCRXMEojkIAvrhnWVdr78FcW02myxpBgBd96jGWgreauA0V7CZBrJFPdkS68mWNbsc26/ZyoD1Ibp16yZLYsETRqOR0aNHn+vd8RKQpYyKC4dgueM08AFwEdANp9zDVpRgPAUK2ozanzIQTbaWOVEzpMCbdUtohXVLnxou61qffvppqqqq/NYX+/fvZ/ny5ZKPUw+PQx1qcCNKeCdbcqxbVju1vx5WBqqPceONN/qkkLggCLJrEnYQ/Ab8SxkRFy7Bcsdx4J/AUJyleB7FWflbkTRWoEAGxOPV1O5qfUascAbrlp0zW7cEoxbdtFTJ11pWVsbWrVv91hdLliyRdZx2UAKN6mQ3IUrItm6Z9xfi2FeqDFQfY8yYMT5rq1u3budqNxzC6SWyKyNCIVieyALewFnrMA64FmcWxHFlCChQ0HqY5x3AVlIrS5dHrnXL0EdeWvwXX3zhlz4oKSmRV1g6TIMmIQRRdMVP4RZD1RLh8iRbXqxbYpUFy+IMZYD6GFqtloEDB/qsPTlSDR0AecBUoEgZEQrBOhNKgW+Be4BUIBmn5MOngBK80AyMeo3SCQpAhNo/jteTBIdIm8nWmaxbmoQQVD2kizTOnTuXnJwcn3fBli1bOH36tPTNenQKgts8quNKjuYIlzey1Yx1y7T5BGKpVRmfPsb1119fLwbtC0hRfu8g2AsMBpR6SzJwoe+aIk7F+E9dP+C0cI0AhgHpQBpOSYgLAoIg0CsllisvTeOi/t0IDQ5g695jfLN0HQeOKYKpCsD22wlsQxLRJIU27P8eiuxSa6I3Ilke1WNElYBudAqmw3skX+sff/zBrbfe6rN7dzgczJkzR9axul7ReJZhbMSjxIZ7FlwiWU30r6CJBpYtvxLrkkxlYPoBM2bM8Gl755gFay7OmsCKoJrc/VTpglbhNBBxvt1Ury5x9OqayKj03iQnRNMpLpKE2Agiw4OprbWwdvtB3v18Kas2K4rQChpD1TOUkPuHgkbVZM/3XFyEtqwyLhLiKDdT8czvkg/v3bs3O3bskCXy6A1HjhyhRw/psnuq3uEE3Z7mseJ6qK+3oIMleB4hNLCyqm/2Yt9WqAxKPyArK8snGYR1OHDgAH379u3ot50DPAj8pIyAtkHx+7QOnwH/d65ddOe4cPr1SCI6Ioz0/l0JDjTSOSGasOBAYqJCCQowYtRrcbj5eErLq/hu+Sb+8d/vOJCpWKwUeIfjUDn/v73zjo+iTv/4e3Y3G5JACJ1AQm9KUxEQGycqnqCeHip46Imeimcv2E7lp54dUdSzYMGGIgqIUhVBOoICUgRCCS2kEQiBtG0zvz9mE3aT3YSd7G52k+fta1+yZb7zbZn5zPN9vs9TujWHBmck+3xSq7iaZVhwua045sRYLBen4lx8MKB6bt++nS1bttC/f/+gtHvRokWGjosZkEplJert0a94KixP65bmnVLI07pl331UxFWIGDlyZFDFFUCrVq0iuckH0fP+fgzYZAaIwAoXE4A7gbhgFTh25BAG9O1Kbl4Bh3K9d/6oqkr+sRNoQJPGDStFpE5p3ZQWTXWflAaxVkyKQpuWTbHGWIiNjaFJYkPiGlixWMw0SmgAGl4iyutcmoaqauzNyGH+0vX8950ZnCiWjZZC9dhmbcfatRmmBKsvo4uX2KKC4DIitmLPSA5YYAHMnDkzKAKrqKiIN99804C6UrC2S9Kd0f11jq6wPD5X/OZ7LPtTVkudlM4Tx/ZQcd11wQ9WbrVaady4MQUFBZHSzELgZ7cRYR4gjnxBRJYIT50HgdeDUdD1lw/kvWfHEh8X677BKH4HRvPzWF/T7OqKonC8sJj1W/fw1Q8r+OKHlTLCQuDa4YpOJAzt4jmxqj3G33JidYdqTpWCiSvRDgaWsCEhIYHdu3fX2P9l+fLlDB48OPCn2Es7kDCks/9+qDZFjvebMrFV+lsGjm9FYIWKAwcOkJqaGtQyVVVl6NChLF68uDaaVIBupdoGbEKPEbka8bEKGWLBOnXeAs4HauT1+Jf+PZj01L+Ij4v1eBrVTukmFAwcTic792axcPlGPpmxmD0ZeTKygvH5NC8dZ+/WWFo39D1zFaVK3eBp3apuKVGxmLCe1x7b14GJiqKiIlatWsWIESMMt1PTNL766itjIrR7C1RN0zMJ+vKn0vwILj/WLUVTUAtKccxMkwkYIkaNGkVKSkrQyzWZTIaCjU58/Q26d++Bw+Hgi88/Y9asmUZO/x/gXRnd8GGSLjhlXMBN7qcAQ3ROac5HL91Nk8SE8FZcVdm9P5tpc1cwdMxznP33x3lq0nQRV0LN0aBk8W401UMleL38BMv00BKKD9Gl4TsMROxpxmJiffzxxzidTsPNzMrKYvLkyQEfp7RLwNKyoe5HpWloqr4kr2mVH6LK+6LaUA0aJcvTy3NDCqERWIoSmgWerl27GhL4qampdOrUiSuv+pvRU98sIxtexIIVGL2BxkYObJwQy6x3H6Ntq/BsRlRVlfSDOfy+ZQ+fzvqFZb/JUoIQIgG/Lhfb2UewdmvubZ1RqOzU7aUolEoCw9evPa1bpqbxmAe1xrUmO6A6LliwgLS0NMM7uH7++WdDx8UMagdmxecNs9x5XVEqLZF6WrcqWrYcGQW4VmbKxAsh55xzTsjKNrLsWFxUXP7vnj170rFjJ/buDTg0xwD0mFYbZYTDg1iwAmOo0QNnvfso3TqGNg+V0+Vi2+6DTJu7guG3vUDvK8ZxyxPvibgSQo5t9ja0EodupUHTEz1rHoEzy5US1aeC8dATvqxb1n5tDdVx3rx5xtpms/HBBx8YE1jtm/qO1O6tttDcm018Wbe8LFsOFdtCyTcYSh599NGgBhetSNOmgT9kHziwv9yiFhsbyy233mr09GNkhMOHWLACfLAxctDU1+7lvH49auyY7usp+NiJYnbsyeD3Lbt5Z+pC9mcdlVESwo6WWYrtjywanJMKHn6FGm6nbI9dcYriS2x4fFCN31ZMuyRKEs1wPLC0aK+99hq33XZbwDe4zZs3s2rVqoD7xDywNeZGVve2SaVcU/psVIW/a3/WLdv2XNTdx2XChZArr7wyZMuDYCzYaMahDDxNwmef3R+TyYSqqoEW9Q/gcaBERloEVqTRPdAD7rh+CFdfMiAo4kpRFEpK7ew7lMu2XQdZvGYzU2Yuk1ERIgL7zDSs3ZpjbqJHM9G8nLW18hAFmqfYgoCXEk1xFqxDOmKfvTug+h0+fJiNGzdy8cUXB3TcwoULDfWHtXeyO3DVSWWleLanoh+W4lNtnXRlK3Zg+0Gs0aGkd+/enHXWWSE9R2xsbMDHHM7NxeVyYjLpi04pKSlceeVVfP/97ECLag6MAKbKaIvAiiRiMRDNfcyIizCbja3EKopCcamNrNx8du3LZO2mXUyft4p0cU4XIhGnRunyfSRc1UO3vFRM6qxUEFsYt25Ze7YMWGABfP7551x00UXlN6rqyMvLY/z48YH/7TaNwZKcWFkveoitioKrOutW6W8HodAl8yyEPPDAA8THx4f0HEYsWJs3b6akpISEhAT3XNEYNvwKIwILYKwILBFYkYaCAZ+1P7bvo1vHtiTExVYrplyqyrHjRWRkH2H3vizWbExj9s/ryMg5Jr0vRIfGWpaB44xkYto1riSKfOYbNGjdsrRqiKl7ImpaYMtln3/+OePHj6dz586n9HsjS4MAlvPal6cR8qcVKwquqqxbzsOFOH/aJxMsxARq3TT0pB4bS8OGDSksLDzlYxwOB06ndwzQvn370KhRI06cOBFoFc4HTkePhyWIwIoISoF8AtxFeNczH/Pelwu5Y9RQenVNJbFRAi2bJeJwuDicf5zSUjt7DmSz50A2qzfs4Jd1Eb8EsBT4P/SYKpfJtBAq/aEsSMNy69koFlMli40vsVWeFqYK6+Gq8OsAACAASURBVJYvsWU9rwOlaYEngF60aNEpCSxVVXnvvfeMXVg7NUUrDwhcoQ3+BJcf65amatiW7ZWJFWLuvvtu2rVrF/LzJCYm0qNHD37//feAjsvLO0Ljxknl7+Pi4rn/gQd5/r/PGanG7URh+jcRWHWbdKBDoAdt2XWIe//7STS32wXMRM9T9Yf7tpAkAkvwKUx2Hsf2Zy4N+rauermvTHBp+E4L4yG4Ki0lAtYuzSg1UL+33nqLm2++mbi4qjNfpaWl8eOPPwZcvqlXM8xJ8Sf9r8ra4G5TWSsUpequKRNcjvQjqH8clokVYm666aaQOreXzw+TidTU1IAFls1WOT3gwIGGw0n80/2QLM7uoRxr6YKAWFPP2psLvAp0BEaix08puw3MBfbJlBB83gxmbsd13HYyTEMAoRoUzePlKT7c4Qw0TUNFg/gYLJcF/LzD9u3b2bix+lBA8+fPN9T2mDPbeIumCm3W3P+pmnay6b42wWig2VzY5opje6i58MILOfPMM8N2vtNPPz3gY3JyKsd+S01N5W9XX2OkCk2pYVYSQQRWsJlTD9qoASuA0UB74DH0/FWVDBXAJJkSgk+KXZSuy0DTvCOy+42L5S/qu+YtuKgguGJONxbZ/euvv9bDIfjh+PHjTJw40cAVVfF2bq9GYJaLrYqCy03pxky0PEm+HmoefvhhrFZr2M5nZCmyuLi40meKojB8+BVGq3GnjLwIrEhiHfoSWV3kEPAi0AO4EPgKql2BmQJIUB7BJ86Fe3HlnHTkLRMPlcSWT8GlVWvdAohpk4iSEhdw3d5++22ys/1Hg1+3bh1ZWVkBl2sZ0g4lzoIf01UV7a0guDQNZ34Jjvl7ZCKFmPbt2xtK4l0TmjVrFvAxubm5Ppcwe/fqRZMmTYxU43ygp8wAEViRggY8V4facwz4HD1CfSrwJBBImOgTwGSZFoI/Sn/aheLSKi35eYotlerEFv7FltmEdXBHQ3Vbtsx/DLlp06YZKtPSpblvy1VVYstPm21r9hP06MRCJZ588kkaN24c1nMaCdVw4MABn5/HJyRw1933GK3Kv2QGiMCKJGYDC6K4/sXAd8A1QBv0BKCL8J/IozreAWQNQ/CJuuUI9t15J1WDplVe8vMUWwasW9YuzQzV7d1338XhcFT6PD09nSlTpgRcntKxEebmCZWz/1Qptnxbt5wHjuH6NUsmUIiJi4tj+PDhYT9vgwYNAj4mNzcHl8t3HLRBg841WpUbAavMBBFYkYKGns9pfxTV+Rj6kt/VblH1d7dQDMYOkv3usgXBJ7Z5O9BKnd4Cyf1G8RBc5X9gPgRXVZYeU6NYzOcEbhFYsWIFW7ZsqfT5okWLDLXT0q/tyTAUeGlK32LLj3VLc6jYluyWiRMGxo8fT5s2bcJ+XiMWrHVr12K323x+l5KSYtTZvYX7viCIwIoYcoErgSMRXMd0dOvSJUAyutP690BBCM41AeMWMKGuP5Fk2yhdn3lSdFTSFJXFVkXBVaV1C7CeZewmOXfuXG8xaDSxs1nBkppUrqY8q1hRbFVn3XLszEXbVygTJwzccMMNtXLe2NjYgFPm2O12nE7fFixFURg2zLAlTpzdRWBFHFuAgUCk7KG2A0vQY5ucDnQF7gEWg6FwQYGwDfhGpoTgD8fc3biOlugBN8sElL/lv3LBxSlbt2LaNkZpHhNwvd544w2OHj2ZIH3Dhg1s2LAhcH01IBlTgtW7kj7EFh6Cy5fYUgvt2OfslAkTBp599lnat29fK+du0qQJycnJAR935Ij/NGm9e/cmNdVQoNTB7vuFIAIrotgD9Ac+QffVrQ2R9zYwHD2J58XAS8D2WqjPf2upD4RoQNUoWblPj2PlITS8xFYlweV7KdGXdUuzmrGc3yHgah07dozVq1eXv58921BuNyzdW1QWjhXFVgXB5Sm2ygSXbf0hKJU/o3Bw3XXX1dq5zWYzqampAR/nK9hoGQ0bNmSUMYucCT2yuyACK+IoBG5F3/K6MpS3KGCrW1CNBtoCfYD7gPnoO/pqkz+BGTIdBH+4Vmdi338MTdVQVXfMJ0+xRQ2sWxrEdG1uqF4fffQRLpeLzMxMXn311YCPV1rGYmnVyGtJ0Kt+/gRXhea58opwLT0gEyUMjBs3jh49etRqHQYOHBjwMTk5OX6/0zSNCy80HG5iDBArM0MEVqSyBrgAOAd4H8iroZjKBRaiW4b+iu6M2NstqL4CMiOwD55DT6sjCL6fwH/eheZQy28IZWKrLMgmnoIrQOuWpVk8pt6B7yj8/vvvSU9P59dffzXUJsuAdihmk5fgq+iDVa3YUlVsSyXmVbi49957w5IWpyqMLE+WlFS9Lyk1NdVo4NEWwFUyM4KL5CIMPmvdr7uAszkZzK0r0A5oVOH3WW6xtBfYhb7st5PoTEPzJ/A1uoVNECo/Ze85gX17LrG9W1dIQIhHcmTdaRflpGXr5G88FJhXomQ9yFZM/7bYtgS+92T27NksWbIk8AYpENMuqUIj/eRWBG9H/7J/KuBIP4q2PV8mSBh4+eWXw5LUuTqaNw/c4pqbm1v1dFQUrvrb35g3b66RKv0b+FZmiAisqLiXAL+5X/WJp4BrEXOz4Af7rB1YOzbF1NDqLZg8/3jc64e6ANHTI7s1l4cyOSlQyt5bU5OwWRRwBrap9dFHHzXUFlPPZpgaN/D2Vq9gGfFK8aNUXhbVSp04FohjeziIjY2ttZ2DFTESqiErMxNFUapM89S7dx9aJyeTHXgmgjJn910yU4KDLBEKwWYf8KF0g+AXh0rp7wfdQUe18iU0fIRfcKstPcGzx1KiP0d5JS4Gy1/CZ52I6ZXsHe+qijQ/ZYrQs74aYNuajXbMIfMiDEyYMCEirFegBzkNlJycHFS16k0QCQkJjLl5jFE9cJvMEhFYQmTzHJKjUKgC58/7cWYXegkSxZ/gqiBQPH23PDVM2XGxPVuFpxEWBXPbxMrVrKitqhBc2rFSnAvTZUKEgQ4dOjB6dOR4LxixYG3cuAGnUxfjiqKgKAomkwlFUSgsLOTEiRPk5+fTvcdpRqt1CxLZPXiXCOkCIQQcBl4AXpGuEPxRumwPDa/tAyalsopyCyYUxdv3qvyLMu2ilWsY3WdLwdyyIUrHhmh7Qxus03JRB0wWs8dSZgW3sJNNKf9eKa+s/mHpr/tlIoSJCRMm0LRp04ipj5F0OXl5eUyfPp2YmBg2btiAqqpk52SjulT279+H6lIpLKrRvG8BXI4elFqoIYp0gRAirOgBSDtLVwj+iB3dC2u3Fvjd0FXxc/cPtWquYLbN2dinbwtp3eNuPRNzi4RKldD81Evxko/gPFSA7YvNMgnCwODBg5k3bx4JCQkRUyen00lMTEwkdteP6DvXhRoiS4RCqLADj0k3CFVhm7sDtdSBqmknI7NXVCteYRq0U/LdiunQxIdlLIgXzi6NMTdPqBQyokxI+YqD5VVFp4p9hSwNhouXXnoposQVgMVioW/fvpHYXZcAHWTWiMASIpuZwFLpBsEvBU5sm7PKcxJqaG6xpVWdt0/zIbY8BJcpMRbzOckhq7alT7IfIVhZ7fmKg2VPk3yD4eLee+81FNQzHAwePDgSq2UGbpaZIwJLiHz+DcgWKcEvzvl7cB0tqSSgNA/BpVVn3fJwIi8LPGrt3TpkdY5pm+QzdU8lseXDuqUV2nH8JEFFw0FcXBwPPvggJlNk3uoiZUejD4bL7BGBJUQ+O4BJ0g2CXzSwrdnnTiqIzzQ5mi/rll+xpYsbS6tGKE2D7+NiHtQGJdbszqvoFk4eYkuhasFl25ABNsk3GA4mTZpEx44dI7Z+rVq1itSqpYg+EIElRAfPALJdSvCL+lsOjoxjnoqqypce9b1q65ZiMRFzQfBvrjFdWnidR3PH6Sr7zzPWVUXrljO3ENfqQzLgYeCCCy6IqLAMUSawSqkcJEUQgSVEIMXoORQFwS/2RbvQ7K5yf6wKiqpqsVXBulUuhjoFd1u+0iaOmOYJlZcFParsKbjAQ2g5VewSliFsTJgwIeIc2ysSHx8fqVXbJAJLBJYQPfyA5LkSqkA7WIx9x2EvsXJyybCC83g1gqtMbJmSGmA6o0XQ6mjp27Z8d6JShaWqrI6eYsux7yjqDsk3GA6ef/55BgwYEPH1TE5OjtSqfS6zSASWEF3cA+RJNwj+cHy/E/W4zUd4Bn9iS6vytxoQE0Rnd2tqY8ocwCouTVYltrQSJ7al4tgeDjp37sxtt92mJwyPcIwEGw0Dq90PxIIILCGKyHWLLDE9C75RdSfwqoxXVVq3fFi0LCmNwVLzS535zJaYGsaWV0Jxv/DhB1bRumXbngNHZTNtOHj//fcj2bfJi0iKLO9mK/A3wCUzSQSWEH1MB2ZLNwj+cC3PwJVzolyxVGW8qvYHGihWC5Yh7Wtcr5iuLfwmpK5KbLmOleBcvE8GNgw8/vjjDBkyJGrqa7Va6dSpUyRUpQR4EzgXWWUIGpKLUKgN7gQuAJpLVwi+sC1PJ/7qXpUsT5rHso9nrr/yDyraRt3rdTFdmuH8aa/h+iiJFiwtG3l/WCnx4EmxVfa9pkHpbwdlQMNAr169eOCBByI25pXPeaUoXHrppUyePDlYRaroWTRc6DsBT7gFUxH6CkIhcAQ4DuS73x8EfnN/JojAEqKcXGAseqR3QaiEtuMYjr1HsXZpflLLKHiZhrQKPjaKL8Hj/szcLB6lUyJaurF7iOWstigWkw8B50NseXzuPHQMdfNhGdAwMHny5KhZGvQUWAaDjS4BprkFUh76Tu1ct6gqBGzoVilBBJZQD5kFfAqMka4QfGH/aReWtkkocZZKAkqrILYqCq5KjuaKQkz/FOzpxhJAx3Roop9PqaCi/FixcIdlsK3YKwMZBl555RUGDRoUlXU36Id1APhIRj6yER8soTa5D9gl3SD4JN+BfXOmVx6/MvcnX8mUPdPl+PKDt6QkgZGdZXFmTAmxJ4XTqYSOAGw7D6NliREh1AwbNow777wzKnYN+qJ9e0P+gSky8iKwBKEqTgA3opuzBaESziX7ceWfFCm+xBb4CJHgIbbKBJcSH4P53DaBV6LEhSvreBU5Byu+0VALbdgXp8sAhhir1crEiRNJTEyM2jbExcUZOawtPrIyCSKwBMGTdcB46QbBJ6qm5yl0qZUCT1W0Yp2KdcvS3VjQUfuuw6BUkXOwgvWqdFMmOCUaSaiZPn06PXr0iOo2tGnTxshhreT+LQJLEE6FCcB86QbBp8b64zCOgwWVkib7E1xVWbcsrRqhtA48uKNrSx6u46Un8w26RZWv4KLOnEJc67Jk4ELM+PHjufLKK6O+HQaDjTYFrDILRGAJQnVo6EuFsqYi+MS+fA+q3eUn8KhWtXXL4+eKScEy0NCuLRyHCjxEnF6ip+BSNFCcKrbfDsiAhZjLL7+cBx98ELPZHPVtad7ccLSadjITRGAJwqmQD9yAvs1YELwVeEYxjrRcKumrSpHbfeSwqbBkaElNMuS94tiUCS5/5eqF2w7mo+4ukAELITExMbz++uskJSXVifZYrVaj4SXay2wQgSUIp8o69FQ6glBZ4CxKRztu87kUqHmInuqWEs2JDTD1DdwXS8spxZlX5Deau1bixL5EjLChZs6cOVHvd+WJ2Wzm8ssvN3JoG5kNIrAEIRA+Bt6RbhAqYVexbcwotxYpeC8FatqpW7diehpLAG3fe8RbWHmUX7otG63QKeMUQt58802GDh1ap9qkKAopKYaiLkioBhFYghAwDwHLpRuEirjWZOLMLfQWTPgRXPgXXJbkRGgYuP+Oc302WqmjkhXLdawEx6oMGaAQcueddzJ27NiojXdVFS1aGNrdKgJLBJYgBG4oAEYgTu+CD2zL91TyhcLDDwpPp3Mfju4aoFhMWAamBn5yVcN+qIKPlQql6yXfYCi5+OKLefHFF4mNja2T7ZNgoyKwBCGc5AFXoCcpFYSTeir9BPY9eb5jUlVcDvQlttzWLUunZobO79iRg6Jp5ed0ZBbg2n5UBiZEpKam8sEHH9CkSZM628aEhAQjhyXL7BCBJQhG2Q78HRDHFsEL++LduEocaJo7TIKfmFRVLSVamsZj6to44HOr+07gPFqsl2l3UrpG8g2Givj4eGbOnEmnTp3q3oOCpqGqKqqqkpxsSCuJBSvCkWTPQqTzE3A3MFm6QijnhAv75kwaDGjntkh5qCoFFO2kn075P722Guq/s/Rtg31X4GEVHAePEdMkntI9R9ByJLJIqPjmm2/o379/RNbN6XR6CaWcnBw0TcNut+N0OsnK0oPNlpSU4HK52LlzJ5qmUVhYiN1uZ8mSJRQXF7N161ajVWgJxAAOmSkisATBKB8AHYAnpCuE8hvc8oOoXZpjbhKP5un37Cm4KoitioIrpk1j7AbObV+dgTU1CdsSsV6FiilTpjB8+PCQlW+36yOvqiqappGdnY2qqthsNhRF4cCBA2iaRklJCZqmkZaWhtPp5MSJE9jtdhYvXoyqqmzbtq02uykFkEkYoUiySCGa+Bi4VbpBKMPUqxkJQ3t4X8mUSiGqvL5T8LZula7eh3Nl4DsAlcYxaAViPAgFL7/8Mo888ggmk38vltLSUjRNw+VyAZCbm4vT6aS0VLcoegqkMiGkqir5+fkALFq0CJfLRXp6VO+lGYzsuI5YxIIlRBNjgSbANdIVAoC69Qj2HvlY2yWVqSfdH8vjN9VZt2I6NzcksERchYZBgwYxePBg5s6di9PppLi4GIBt27ZRUlLCkSNH0DSN9evXc/z4cQ4dOlSfu6utzJjIRSxYQrTREJgHXChdIQAorRuQcG1fFKu58qVNqXzFq2TdUjWKpm1EyyqRzhSijUeBCdINkYnsIhSijUJgGLBWukIA0LJLse86XPFT/eUZ3t39caXdhiYFy1myIUuISmTiisAShKBSBFwFbJOuEADsS/aiHrf5yRPoKba8BVeZ0LKmJkknCtGIVbpABJYgBJtc4CIRWQIADo3SjYcqWauqF1z6P00JVsz9W0s/CtHGDukCEViCICJLCCmu9dk4s49THqq9oriqRmzFGIzsLgi1hAbMlW4QgSUIIrKEkGNbsw+cWoW8hFrVYsv9maVVI5SmMdKJQrQwFdgj3RC5mKULhDpAETAD3fm9pXRHPX6kL7CjtIjD3DS+8pdKpX94vVVMCqpJQd17TDpSiHTWAyMBm3RF5CIWLKGukAsMQoLu1XtsS9PRih1+8hJSpXUrpn1T6UAh0vkauAQ4Ll0R2UgcLKGukYDul/AX6Yr6i+W8FOL7pVS6xGlKNVdBDYoW7kBNy5dOFGqDUvRQNEVuAXXM/TqKvhw4G9gi3SQCSxBqixjgS+A66Yp6rLRv7Iu5SVyFK131gsu+Px/bbNmcJRgWSPnACbcwKgSOuMVSvvuzAo/3np8dBVweL1W6M8of9KQLhDqIA/gHcAh4QLqjflKydj8Nh3YHk2f4ds1DZyleS4hlYismORFbrAlscn+rh5QJomLgsJ/3R92CKN/9Ps9DIPkNDiLUP8SCJdR1xiGpJOotDa7ugTUlqeorng/rVsn6gzhWZUgHRgeqh6ApAbLRl9hy0S1Kue73ee7vc30IqLLvBUEEliAEwEjgEyBOuqKeXeCaWml4bV+UGLPPvIT+rorOI8UUf7lZOjA8ONziyOEhkGxApocgsgNZbsGU4/4+2/3+sPt3sv1TiChkiVCoD0wHMoCZQCvpjvqDdtSOLS2XBr2SvRdsFCq/Lz8ILE3iUFLi0TKKpRONkQ/8DDjRl+rLBJLT/bfo+f6wW1wVSLcJdeoBT7pAqEe0Q99h2Fu6oh5hUmh44xmYGsWe+pVQAdueI9jm75L+C5y9wBVI8F+hvl96pAuEesQB4HzgO+mKeoSqUfpHBoqmlb8q4SPSuzU5UR5BA+dn4GwRV4IgkdyF+ocN+AbdMXYwcgutHxorpxhzamPMCboVS/F8Kb6ngGIx43I6ULOKpANPjTeBm9EdxgVBBJZ0gVBPWQZsBIYC8dIddR/XiSJiuzRHMSno/3mIKY8XnoLLasG57bB0XtUUAmOA15DYTYJQjiwRCvWZOcAA4HfpirqPmlGMfV++W1jp64EK2smUOu6X51JiTPMElJax0nn+2QUMBKZJVwiCN2LBEuo7+cBnQBO32BLqMM6DBVhPa4HJYvawWOnfnbRinbRuKSYFTVFw7ZMIAD6YBgxHD6cgCEIFxIIlCPqW8XuBEUgsnTo+0iql23L0HM/uPM+4LViKhk/rllegUqGMXPQAvuJvJQh+EAdfQfAmFfgC3QFeqKM0GNIRU+zJMICarwtiWYYdTaN09X60Aod0nDcaegDfJ9GDfgqCIAhClZiBx9CjRGvykpe8qnwdQ8/5KS4nguD9jCYIgh8Gosf1aShdIQjVsgm4G1glXSEI4oMlCP4YBHwg4koQTpm+wArgI/RNI4IgCIJQTkPgLcCFLP3IS15GX1nAtXI5EeozskQoCCcZ6n76TpWuEISgMBN92TBHukKob8gSoSBAHDAZWCDiShCCygjgT/f/BUEEliDUIwYBm4E75O9BqI+cf1ZXHrv9SizmkE3/ZsAM9IC+jaTHBUEQ6jZm4HHAgfjLyKsevhonxGpTXrxTO7Juilay5Utt0w8TtAduvjzU593jfqgRhDqP+GAJ9ZHWwJfAEOkKoT4y/u4R3Pz3v9CmZdNK363fms47U+czbd6aUJ3eAfwHmMjJGK+CIAJLEKKc84DpQNtQFP7QmGGU2hy8O22R9LQQcdxx/RDG3jCU0zqnoCj+L/9Ol4uVv+/g+Xe+ZdXGXaGqzvfATcAJGRlBBJYgRDd3AW8A1mAXfPkFfXjq7us48/SOAGxO289bn83jq7mrpdeFWueaS/pxz03DGdi3K+YAfK2KSmzMWfwbj7z8GXkFxaGoWhpwFbBTRkkQgSUI0UcM8DpwT7ALTm6eyKSnbuWvF56JNcbi9Z2qafy2aRcvT57FwpVbZBSEsHPJoJ48dOtVnNevR6X5GQiZufl8/M3PvDh5diiqWQhcByyUERNEYAlC9JCIviT412AX/PRdf+e26y+hZbPGVf7O7nCyZmMab3wyhx9FaAlhFFbnntWDWKslKGWqmsbGP9N56vWvWPrbjmBX2QncB7wnoyeIwBKEyKclup/HOcEsdOi5vfi/+0ZyVs9OAR1ndzj5fcsePpmxmKlzJF2bEDphVVOLVVXY7A6+XbCa+56bQondGcyiNeA54FnE+V0QgSUIEUsbYCnQNVgFmk0Kbz41hlHDzychvoFxS4CqsnHbXqZ+v4z3v14sIyXUmFHDzuH2kUMZ0KcLFos5LOfcf+gwr3zwHZ/MWhbsol8HxonIEkRgCUI9EFcjLu3P/903km4d26Bpwbnua5pG+sEcvp67khfenx20coX6w8O3DmfU8PPp2TW1yl2BocLhdLFg2QbufmYyecdKRGQJgggsoQ7TFPg1mOLq3Wf+xQ1XXECD2JjQ/BEqkJNXwKKVm3h/2kJ+/3O/jKLgl45tm/HI7Vdzybl9aNemRUQI84zsIzz3v2/44vuVwSz2NeARGXFBBJYg1D6xwBLg3GAUdkG/bkx8Ygy9urUnXMaBklI7v2/ZzVdzVvDpd8tlRIVyRl5+DjddPZj+fbqQ2DA+4upX5pt1+1MfBKtIDbgfeFtGXxCBJQi1y2fAP4NR0JN3Xs09Nw0jKTGhVhqiahoHDh1m0apNvPDuDHKOFsro1scnBquFlx66gUvO60vndq0xmSL/kv3nroOMe+nTYO00dALDAIncK4jAEoRa4l/AR8EoaNrr93HVxQMi5mZWVFzKhm17mfXjGnGKryfc+vfBjPjrIPr16kzjRvFRV/+jBYW89tFs3vh0QTCKywV6u/8vCCKwBCGMdAY2ATUyN/Xs3IYvXruf07qkRGxDsw7n8+vGnXwzfyWzF2+Qka9DDOjdkXtvGsaAvt1IbdM86i/OTpeLr35YwdjxHwajuDnA3xCnd0EEliCEdQ7/AFxRk0JuGD6Il8bdSKvmSVHRaFVVST+Yw+9b9vDprF9YFvzAj0KY6Na+JV+/+TDdOrbBbDLVufatWr+Dobc8j1pzZ/zrgBkyYwQRWIIQHoYB82pSwMO3DOexsdfQKCEuKjvAparsPZjLxm3pzFi4hh+WiGUrmnjzyZu5Y9TQOt3G7XsyuPGhSWxLz6pJMfuAHoBNZo0QDZilC4Qof0D4EmhrtICXx93Ag7deSUJcg6BXTtM08vJP0CA2BlMItyGaFIWmSQ3p2TWVa/96LreMuIhLz+1NSqsmZObkcexEicyUCKZbh9YM7t8zoCTMoeDY8SKcTjVoqXU8adE0kSuGnM2m7enszzxitJgk4CCwXmaNIAJLEELLpcDjRg9+Zdw/uOfGYUFPKVIWauGdqQto16YFbVo2DZ/iVCCxYRyd2rVmyKA+jBkxhPP7dWfaXEnNE6ms3byHFk0b0b9Pl1qth8Vs5vPvl7F+6x6aNG5IUmJCUIOXJjaM45Jz+/LHtj01EVm9gXcBVWaOIAJLEELH6+hLBoGJEOD5B67nvn8OD5rVQFEUDh8tYMaCNdz33EfMWfI7rzz6T06vZYd5p8vFhA9ns2XnQZktoUMFMtETixvip5Wb6d0tlR6d2tZaI0wmE/16dWbnvkwuu/UF9h/KIalRPK1bNMFiDs6tomFCAy45ty8r1m0lK6/ASBFJwG/ATpl2QqQjPlhCtNIEyAECDq9++3UX8epj/6RBrDUIwgp278/mu5/W8vYX88g9WsRl5/fmnWfuoG2rprXaQU6XixfencHLH/wgsyW4HAD+ADaiZw34DShA9wWskTPVks/HM+jM7rXaOE3TWLRqM3/796sA9O/VgUduu5rBA3uR2DA4forb92Rw3sgnKbEZShY9G7hGpqEgAksQQsMtwJRADzqtY2sWTHm6xrsFFUVhQpVaJwAADv5JREFU175Mvpi9jFc/mlP++Tl9O/P1pIdqfTeiqml8NH0R97/wWU2LWur+f3cguZ7NscPAdmAHsA3YjB4O5Bi+l6iaovsHdTB6whiLmbUzXuS0zrUfKmTRqk1cdeer5e87pzTnmftHcdkFZwRlQ8gPP69j5INvGjm0GGgJFMllUBCBJQjBZzpwfaAHzfrfw1w++KwanXhvRi6fzlzCax/P9dp63rNzG2b87xE6pLSs9c75btFa/vHQW8EQV0MBB2AC4oFuQBe3iCh7tQZSgeZRNoeOAllABvoOtbLXbiC9CiFVFWcBKwHDCqR7h1YsmPI0yS2a1HoHfT1vJbc8/p7XZ+1aN+GFh0dz+eCzSIiLNVy206Vy+3/e4ev5vxo5/FLgZ7kMCiKwBCH4ZBDg7sG/nt+Hb98eh8VizJ/k8NHjfDpzCePf+rbSd5Ekrpav28Zl/3qhpsUcBM4msOjZCpACNAMaAe3dn7V3f9/U/XkZZvfvg0Eu4LldsgjIQw9MeQg95UoGcBw4gr7MF6qglaOBL2pyfb3w7G58/eY4mtRSqiZPvpqzgn/95/1Kn5/Zox3P3D+SvwzsZXijyNadB+g/4gkjhz4LPCOXQUEEliAEl5bum2ZAV/Xpkx7gqov7B3yy4hIb85auZ9xLn5KbX3lVIrl5I+Z//HStOiiXsXnHfi66cTzFxnxbPMXJeejLYYIxXgSeqEkBo4adw9v/dzsN4xvUemOmzFjM3c/6XpG/YvAZPHnXtfQ9vWPANxRNg9EPvc53PwcceWEeNQwuLAihRnYRCtHIacCdgR708rjRATnpaprG+q3p3Pn0+7zx2QKKSh0+fzdn8hOccVrHWu+Unfsyuebfr5BXUFyTYlRgFLBMplmNWIy+XGjYY33rrgxsNhvn9zuNGEvtXqp7d2+PprpYuT6t8rzbn83HM5ZgVqBrxzYBCUJF0R/zZ/20LtAq2YH3ZJoJIrAEIbj0A24I5IDzzuzCv//x11NO4Jx9OJ9Jn87l1ifeY19mnt/fffPmA1xybp9a75CM7COMfep9tuw6VNOingY+lCkWFOYCl1ODzQFrN+8hLjaGgWd0q9U0OiaTiYF9u5GVe5RNaQd8/mbZb9v57sc1pLRuRpf2yadcX4fTxUffLgm0Si7gDSQ3oSACSxCCSvdABdb5/Xow4rJzqr0aa5rG6g1pjLxvIt9Xk3LmtcduZPRVF1LbK+25Rwq4adybrNywq6ZFfQKMk+kVNOzoSYr/gbfvWUAsXbeNhDgrA/t2PeUHhFAQYzFz7lnd2ZK2l/SDh33+pqCwlJk/rSUr9whnnt7plCzGdruT/01dGGh1rMBLSMBRIYIxSRcI9YG42OrDZR07XsQrH3zHJWP+y24/N5Ay7v7Hpdx2/SVBjXRthPyCQh54fgqrNtZYXP0C3CEzJehkoluxahRS4KlJ0/nyh+VoWu0abJolNeL1/9xKw7iqY8h9+t1yLr5pPD+u+ANVrbrOBv+EYmVqCSKwBCES7nKH871CKlTkz10HueL2F3j2fzOrLWtg7048efd1xFpjarVNx44XcfczH/Ldz7/XtKhtwAj0nXZC8NmE7tdWo/4dO/5Dvpi9rNZFVpf2rZnxv+oNnfuz8rn6rgk8+/Z0ThT5z4fpcLqMVCMLsV4JIrAEIfjaItADflq5hfyCQp/fLVi2gQtueIr12/afUlnv/XdsrW+fLyou5dm3vwmGuMpE342VL9MqpMwF7qWGPkNjx3/IrJ/W1npjBg/oyYRHR5/Sb1/9aA5jHn2bg1m+fRnT0g35DdoQ/ytBBJYgBJ2DgT69qprG1p3ezrl2h5PJ037i7/dMPOWUHV9NvK/Wo2wXFZfy9BvTeP/rGsdZPO4WV3tlSoWF99HDN9SIG8e9zfxlG2q9MXeMGsrIYeec0m/nL9/E3+96hQ1/pnt9rmkaC4y1JV0EliACSxCCz368g0qeEu9+uRCHUxdSNruD597+hgdePPVUMvfeeJmhOFpBF1eTpvFezcWVA31ZcKNMp7DyFPBpTQsZcc/EWhdZ1hgLz91/Aw2spxaObuvuTM4b9TTL1v1Z/tm23Qf58NtfjJx+u0wlIdKRXYRCtHIxEFDwqR17s0hp1ZSe3drxwrszeG3KvFM+tl3rJkz+750kNoqvfXE1rcbiSgNuBCQLdO0wDz3USLeaFPLN/DWcdXpHunaovRSRjRvF061DckBxrKb+sILB/U+jUUIDHnzhE3YfyDFy6teBP2UqCSKwBCH4tHWLrICYv2wjW9P28el3ywM67rNX7+WM02svmGgQxRXovkCfyBSqNVTge+B8TqYRMiayFtS+yOrSIZlDOXls2nHglI9Zsnozqzak8eOqLUb77x4k2bMQ4UiqHCFa6QbsCMcc/vcNlzDhsZsxm2tnRf3YiSKee/ubYImrl4H/IP4rkUAzYDlwek0L+uyVu7ju8nNrLWzI/kOH6XPFw9iN7QgMlGXAX2T6CJGOWLCEaOUIMJwAEz4bYcpLd9G8aWKtNDK/oJC7/+9DvvhhZTCKewd4WKZOxFACzACuQU+EbZjZP/9Gu+Rm9OnRvlZEVlJiAq2aJzJ/WVhc+l4ANsj0EURgCULoOApcH8oTvPrIaC4ffFatNO7w0ePc+9xHwQjFADAVPX+jWK4iiyLgR/QNB41qUtDcXzaQ3KIxvbu3r5W0Op3btWbRyo3kHDke6gerW5CYbYIILEEIKdvdN6ZWoTrBxy/dRUJc+INGZ2Qf4aaHJ/HT6q3BKO5r4J/o+duEyOMIekqdGous+cv+ICEuhn69OmMxh/fyHmuNoUXTxsz4MaRxup5FEpELUYKEaRCinUdCVfD9//wrLWphaTBtbyYXjX6aVRt3B6O4xcCtIq4inl3oMclqbP55atI3jJ80jZJSe9gbMbBvt1AWnw68JVNFiBbEgiVEO3uAzkDfYBf8+B1X06V9eHdn/frHTi4b8yyHjxUHS1xdiYGYYUKtkA0sRV/2rpHZdO3mPew7lMMFZ59OfBgtsAnxsWzevped+7KDXbQLuBbYLdNEiBbEgiXUBe5G31EYVLp3bBO2Bqiqxpwlv3HRTc9yvDgolgcRV9HJr8BlBMGSNX3+r4x+6A32HswJW+UVReHKi88ORdEvuMWnIIjAEoQwcsItJjKDVWC/nu1p16ZFWCpvdzh5Z+oCrr9/UrCKFHElIguAZb+ncY2PFDWh5IzTgh4vbirwnEwLQQSWINQOu9Fj4wRFZI24bFBY4l7lFxTy+IQveHTClyKuhJCIrLR9OZw36mm++2ktLlUNecXbt21Js8ZxwRRXYxAfQkEEliDUKrvQo2NvqmlB4UjovGtfJqMfmhSsAKIiruquyDoRjML+8fBbvPrBdxSX2kJa6aTEeM7u1aWmxWjABBFXgggsQYgc9gL90SOWG3ZmahAbE7IKaprGjys28pfRT/PLuqDlrP1WxFWdFVmDCJJl9rl3ZjHm0bfZf+hw6Gqs6TkKa8BB9B2Vj4q4EkRgCUJk4QCeAPoAn9VEaAWbE0UlvPT+LK6+6zWOHi8NVrFTgRtEXNVZ/iSIy99zftlIv6sfYfHqzbhcaiS1cz96poEewHwZdkEEliBELmnoSww/Bnrg8cLioFdm8479XH/fa/z33VnBLPZN4GZ50q/z7EK3ZG0LRmFFpQ6uGPsKEz6cTX5BYVAr6lJVsg7nGzl0HPA6UCzDLYjAEoToIOD1kFXr04J28sLiUt7/6kcGXvcflq4LWjQJDXgGeABQZYjrBQeAIUDQQqU/+85Mht32PKs3pKFpwcmilJWbz4r1Ow0dKkMsiMAShOhiX6AHvPXFQjKyj9TopKqqsWZjGtfeM4EHX/o8mO2xA3ehpw0R6hc5wMXAwmAV+MeOg1x883M88dpUDuXUbM4rwNK1htI7qUb+TgUhkpFI7kJ9oCEwOtCDNNXF4AE9A87ppmkau/dnM37SNB588XP2Z+YFsy3HgVHAVzKs9RYHMB1IBc4MVqFrN+1myreLadmsMR1TWtIg1hpwGbv2ZzHq/onYHAGvWOeiW2QFQQSWIEQReeg5C5VADlq3ZQ8KGv16dcZqtVT7e5dLZdvug7wzdQE3PfI//ti+P9jtyASGAb/IkNZ7VOAHt9gaEqxC7U4X85Zu4PtFv9I0qRHNkhqR2PDUdgRu35Oh71DMMuR/tcgtGgWhzqBIFwj1hJXAeUYOPLtnBx694xoG9u1K8yaNvCxaJTY72YePseHPdKbNWcGcpRtDVf/16GEYxE9FqMj1wMfoltrg3iAUhcduu5Ih5/ahe8c2tGzWGJNy8rZRVGLjUM4RflzxB09M/AqH07A74L+AKTKUgggsQYg+7gXeqmkhZ3RPpUuHZEyKQlGJjT0HstixN+S53qYDtwGFMoyCH/oB36EvG4aMAb070q5Ni/L5v31PBukZNV4CL3XXO0+GURAEIfpIAorQd99Fy8sBPC5DJ5wiLdGXj7Uoe30pQycIghDdvBpFN51s4BIZMiFArMBEdB+taJjnLqC7DJsgCEJ00ww4EgU3nV+AFBkuoQZchb7kFulz/VMZKkEQhLrBv4jsJcGnAYsMkxAEUojsJcMcoIUMkyAIQt1AAb6JwJvNNmCgDI8Qgvn+GHr6mUia7yp6yBFBEAShDtEI+D1CbjRO4GUgToZFCCGnAb9GkMB6VIZEEAShbpIUASLrV6CvDIUQJszoKZaO1fK8f16GQhAEoe6LrOXUzg7Bm5FMCkLt0Ax4D916Gm5r7YPS/YIgCPUDq/uJ2hWGG0wB8DAQL90uRADdgalhEloZ6EmqBUEQhHrGGcCqEN1c9gIPibASIlhofQLYQjD3S4FJQKJ0syAIQv1mKDAfsNfwxlIEzAauQMIuCNFBS3Tn803U3KKbhx7wVOK5CYIgCF60BcYCM9ATLFe3jFIMbAc+AEai71QUhGilB/py9pwA5/976EFOG0gXCvUdSfYsCKdGslt0JQHtABN6VPgTwEEg0/1vQajr878l+nJ3AZAv818QBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEEQBEGoC/w/3ebC3WcXEPgAAAAASUVORK5CYII= + mediatype: image/png + install: + spec: + deployments: + - name: jenkins-operator + spec: + replicas: 1 + selector: + matchLabels: + name: jenkins-operator + strategy: {} + template: + metadata: + labels: + name: jenkins-operator + spec: + containers: + - command: + - jenkins-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: jenkins-operator + image: virtuslab/jenkins-operator:v0.3.0 + imagePullPolicy: IfNotPresent + name: jenkins-operator + resources: {} + serviceAccountName: jenkins-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - update + - apiGroups: + - "" + resources: + - pods/portforward + verbs: + - create + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - '*' + - apiGroups: + - "" + resources: + - events + verbs: + - watch + - list + - create + - patch + - apiGroups: + - apps + resourceNames: + - jenkins-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - jenkins.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + serviceAccountName: jenkins-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - jenkins + - operator + - CI/CD + links: + - name: GitHub + url: https://github.com/jenkinsci/kubernetes-operator + - name: Website + url: https://jenkinsci.github.io/kubernetes-operator/ + maintainers: + - email: tomasz.sek.88@gmail.com + name: Tomasz Sęk + - email: jal-khalili@virtuslab.com + name: Jakub Al-Khalili + maturity: alpha + minKubeVersion: 1.11.0 + provider: + name: VirtusLab + replaces: jenkins-operator.v0.2.2 + selector: {} + version: 0.3.0 diff --git a/deploy/olm-catalog/jenkins-operator/0.3.0/jenkins_v1alpha2_jenkins_crd.yaml b/deploy/olm-catalog/jenkins-operator/0.3.0/jenkins_v1alpha2_jenkins_crd.yaml new file mode 100644 index 00000000..b74dcc75 --- /dev/null +++ b/deploy/olm-catalog/jenkins-operator/0.3.0/jenkins_v1alpha2_jenkins_crd.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: jenkins.jenkins.io +spec: + group: jenkins.io + names: + kind: Jenkins + listKind: JenkinsList + plural: jenkins + singular: jenkins + scope: Namespaced + version: v1alpha2 + versions: + - name : v1alpha2 + served: true + storage: true + - name : v1alpha1 + served: true + storage: false diff --git a/deploy/olm-catalog/jenkins-operator/jenkins-operator.package.yaml b/deploy/olm-catalog/jenkins-operator/jenkins-operator.package.yaml new file mode 100644 index 00000000..69971831 --- /dev/null +++ b/deploy/olm-catalog/jenkins-operator/jenkins-operator.package.yaml @@ -0,0 +1,5 @@ +channels: +- currentCSV: jenkins-operator.v0.3.0 + name: alpha +defaultChannel: alpha +packageName: jenkins-operator diff --git a/deploy/operator.yaml b/deploy/operator.yaml new file mode 100644 index 00000000..95ba9a28 --- /dev/null +++ b/deploy/operator.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jenkins-operator +spec: + replicas: 1 + selector: + matchLabels: + name: jenkins-operator + template: + metadata: + labels: + name: jenkins-operator + spec: + serviceAccountName: jenkins-operator + containers: + - name: jenkins-operator + image: virtuslab/jenkins-operator:v0.5.0 + command: + - jenkins-operator + args: [] + imagePullPolicy: IfNotPresent + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "jenkins-operator" diff --git a/deploy/role.yaml b/deploy/role.yaml new file mode 100644 index 00000000..a2653abc --- /dev/null +++ b/deploy/role.yaml @@ -0,0 +1,117 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jenkins-operator +rules: + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + - serviceaccounts + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - update + - list + - watch + - apiGroups: + - "" + resources: + - pods/portforward + verbs: + - create + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - "*" + - apiGroups: + - "" + resources: + - events + verbs: + - watch + - list + - create + - patch + - apiGroups: + - apps + resourceNames: + - jenkins-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - jenkins.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "route.openshift.io" + resources: + - routes + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "image.openshift.io" + resources: + - imagestreams + verbs: + - get + - list + - watch + - apiGroups: + - "build.openshift.io" + resources: + - builds + - buildconfigs + verbs: + - get + - list + - watch diff --git a/deploy/role_binding.yaml b/deploy/role_binding.yaml new file mode 100644 index 00000000..8224b7c1 --- /dev/null +++ b/deploy/role_binding.yaml @@ -0,0 +1,12 @@ +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jenkins-operator +subjects: +- kind: ServiceAccount + name: jenkins-operator +roleRef: + kind: Role + name: jenkins-operator + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/service_account.yaml b/deploy/service_account.yaml new file mode 100644 index 00000000..21b293ce --- /dev/null +++ b/deploy/service_account.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jenkins-operator diff --git a/variables.mk b/variables.mk index 6ed1aef0..0c310b53 100644 --- a/variables.mk +++ b/variables.mk @@ -69,7 +69,8 @@ OPERATOR_ARGS ?= --jenkins-api-hostname=$(JENKINS_API_HOSTNAME) --jenkins-api-po .DEFAULT_GOAL := help -PLATFORM = $(shell echo $(UNAME_S) | tr A-Z a-z) +PLATFORM = $(shell echo $(UNAME_S) | tr A-Z a-z) +CPUS_NUMBER = 3 ##################### FROM OPERATOR SDK ######################## # Default bundle image tag diff --git a/website/content/en/docs/Developer Guide/Preview/_index.md b/website/content/en/docs/Developer Guide/Preview/_index.md new file mode 100644 index 00000000..595fe717 --- /dev/null +++ b/website/content/en/docs/Developer Guide/Preview/_index.md @@ -0,0 +1,301 @@ +--- +title: "Developer Guide" +linkTitle: "Developer Guide - Preview" +weight: 60 +date: 2020-02-09 +description: > + Jenkins Operator for developers +--- + +{{% pageinfo %}} +This document explains how to setup your development environment. +{{% /pageinfo %}} + +## Prerequisites + +- [operator_sdk][operator_sdk] version 1.3.0 +- [git][git_tool] +- [go][go_tool] version 1.15.6 +- [goimports, golint, checkmake and staticcheck][install_dev_tools] +- [minikube][minikube] version 1.17.1 (preferred Hypervisor - [virtualbox][virtualbox]) (automatically downloaded) +- [docker][docker_tool] version 17.03+ + +## Clone repository and download dependencies + +```bash +git clone git@github.com:jenkinsci/kubernetes-operator.git +cd kubernetes-operator +make go-dependencies +``` + +## Build and run with a minikube + +Start minikube instance configured for **Jenkins Operator**. Appropriate minikube version will be downloaded to bin folder. +```bash +make minikube-start +``` +Next run **Jenkins Operator** locally. +```bash +make run +``` +Console output indicating readiness of this phase: +```bash ++ build ++ run +kubectl config use-context minikube +Switched to context "minikube". +Watching 'default' namespace +bin/manager --jenkins-api-hostname=192.168.99.252 --jenkins-api-port=0 --jenkins-api-use-nodeport=true --cluster-domain=cluster.local +2021-02-08T14:14:45.263+0100 INFO cmd Version: v0.5.0 +2021-02-08T14:14:45.263+0100 INFO cmd Git commit: 305dbeda-dirty-dirty +2021-02-08T14:14:45.264+0100 INFO cmd Go Version: go1.15.6 +2021-02-08T14:14:45.264+0100 INFO cmd Go OS/Arch: darwin/amd64 +2021-02-08T14:14:45.264+0100 INFO cmd Watch namespace: default +2021-02-08T14:14:45.592+0100 INFO controller-runtime.metrics metrics server is starting to listen {"addr": "0.0.0.0:8383"} +2021-02-08T14:14:45.599+0100 INFO cmd starting manager +2021-02-08T14:14:45.599+0100 INFO controller-runtime.manager starting metrics server {"path": "/metrics"} +2021-02-08T14:14:45.599+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: jenkins.io/v1alpha2, Kind=Jenkins"} +2021-02-08T14:14:45.700+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: /, Kind="} +2021-02-08T14:14:45.800+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: /, Kind="} +2021-02-08T14:14:45.901+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: /, Kind="} +2021-02-08T14:14:46.003+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: core/v1, Kind=Secret"} +2021-02-08T14:14:46.004+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: core/v1, Kind=ConfigMap"} +2021-02-08T14:14:46.004+0100 INFO controller-runtime.manager.controller.jenkins Starting EventSource {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "source": "kind source: jenkins.io/v1alpha2, Kind=Jenkins"} +2021-02-08T14:14:46.004+0100 INFO controller-runtime.manager.controller.jenkins Starting Controller {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins"} +2021-02-08T14:14:46.004+0100 INFO controller-runtime.manager.controller.jenkins Starting workers {"reconciler group": "jenkins.io", "reconciler kind": "Jenkins", "worker count": 1} + +``` +Lastly apply Jenkins Custom Resource to minikube cluster: +```bash +kubectl apply -f config/samples/jenkins.io_v1alpha2_jenkins.yaml + +{"level":"info","ts":1612790690.875426,"logger":"controller-jenkins","msg":"Setting default Jenkins container command","cr":"jenkins-example"} +{"level":"info","ts":1612790690.8754492,"logger":"controller-jenkins","msg":"Setting default Jenkins container JAVA_OPTS environment variable","cr":"jenkins-example"} +{"level":"info","ts":1612790690.875456,"logger":"controller-jenkins","msg":"Setting default operator plugins","cr":"jenkins-example"} +{"level":"info","ts":1612790690.875463,"logger":"controller-jenkins","msg":"Setting default Jenkins master service","cr":"jenkins-example"} +{"level":"info","ts":1612790690.875467,"logger":"controller-jenkins","msg":"Setting default Jenkins slave service","cr":"jenkins-example"} +{"level":"info","ts":1612790690.881811,"logger":"controller-jenkins","msg":"*v1alpha2.Jenkins/jenkins-example has been updated","cr":"jenkins-example"} +{"level":"info","ts":1612790691.252834,"logger":"controller-jenkins","msg":"Creating a new Jenkins Master Pod default/jenkins-jenkins-example","cr":"jenkins-example"} +{"level":"info","ts":1612790691.322793,"logger":"controller-jenkins","msg":"Jenkins master pod restarted by operator:","cr":"jenkins-example"} +{"level":"info","ts":1612790691.322817,"logger":"controller-jenkins","msg":"Jenkins Operator version has changed, actual '' new 'v0.5.0'","cr":"jenkins-example"} +{"level":"info","ts":1612790691.3228202,"logger":"controller-jenkins","msg":"Jenkins CR has been replaced","cr":"jenkins-example"} +{"level":"info","ts":1612790695.8789551,"logger":"controller-jenkins","msg":"Creating a new Jenkins Master Pod default/jenkins-jenkins-example","cr":"jenkins-example"} +{"level":"warn","ts":1612790817.9423082,"logger":"controller-jenkins","msg":"Reconcile loop failed: couldn't init Jenkins API client: Get \"http://192.168.99.254:31998/api/json\": dial tcp 192.168.99.254:31998: connect: connection refused","cr":"jenkins-example"} +{"level":"warn","ts":1612790817.9998221,"logger":"controller-jenkins","msg":"Reconcile loop failed: couldn't init Jenkins API client: Get \"http://192.168.99.254:31998/api/json\": dial tcp 192.168.99.254:31998: connect: connection refused","cr":"jenkins-example"} +{"level":"info","ts":1612790818.581316,"logger":"controller-jenkins","msg":"base-groovy ConfigMap 'jenkins-operator-base-configuration-jenkins-example' name '1-basic-settings.groovy' running groovy script","cr":"jenkins-example"} +... +{"level":"info","ts":1612790820.9473379,"logger":"controller-jenkins","msg":"base-groovy ConfigMap 'jenkins-operator-base-configuration-jenkins-example' name '8-disable-job-dsl-script-approval.groovy' running groovy script","cr":"jenkins-example"} +{"level":"info","ts":1612790821.244055,"logger":"controller-jenkins","msg":"Base configuration phase is complete, took 2m6s","cr":"jenkins-example"} +{"level":"info","ts":1612790821.7953842,"logger":"controller-jenkins","msg":"Waiting for Seed Job Agent `seed-job-agent`...","cr":"jenkins-example"} +... + +{"level":"info","ts":1612790851.843638,"logger":"controller-jenkins","msg":"Waiting for Seed Job Agent `seed-job-agent`...","cr":"jenkins-example"} +{"level":"info","ts":1612790853.489524,"logger":"controller-jenkins","msg":"User configuration phase is complete, took 2m38s","cr":"jenkins-example"} + +Two log lines says that Jenkins Operator works correctly: + +* `Base configuration phase is complete` - ensures manifests, Jenkins pod, Jenkins configuration and Jenkins API token +* `User configuration phase is complete` - ensures Jenkins restore, backup and seed jobs along with user configuration + +> Details about base and user phase can be found [here](https://jenkinsci.github.io/kubernetes-operator/docs/how-it-works/architecture-and-design/). + + +```bash +kubectl get jenkins -o yaml + +apiVersion: v1 +items: +- apiVersion: jenkins.io/v1alpha2 + kind: Jenkins + metadata: + ... + spec: + backup: + action: {} + containerName: "" + interval: 0 + makeBackupBeforePodDeletion: false + configurationAsCode: + configurations: [] + secret: + name: "" + groovyScripts: + configurations: [] + secret: + name: "" + jenkinsAPISettings: + authorizationStrategy: createUser + master: + basePlugins: + ... + containers: + - command: + - bash + - -c + - /var/jenkins/scripts/init.sh && exec /sbin/tini -s -- /usr/local/bin/jenkins.sh + env: + - name: JAVA_OPTS + value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap + -XX:MaxRAMFraction=1 -Djenkins.install.runSetupWizard=false -Djava.awt.headless=true + image: jenkins/jenkins:2.263.3-lts-alpine + imagePullPolicy: Always + livenessProbe: + ... + readinessProbe: + ... + resources: + limits: + cpu: 1500m + memory: 3Gi + requests: + cpu: "1" + memory: 500Mi + disableCSRFProtection: false + restore: + action: {} + containerName: "" + getLatestAction: {} + seedJobs: + - additionalClasspath: "" + bitbucketPushTrigger: false + buildPeriodically: "" + description: Jenkins Operator repository + failOnMissingPlugin: false + githubPushTrigger: false + id: jenkins-operator + ignoreMissingFiles: false + pollSCM: "" + repositoryBranch: master + repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git + targets: cicd/jobs/*.jenkins + unstableOnDeprecation: false + service: + port: 8080 + type: NodePort + serviceAccount: {} + slaveService: + port: 50000 + type: ClusterIP + status: + appliedGroovyScripts: + - configurationType: base-groovy + hash: 2ownqpRyBjQYmzTRttUx7axok3CKe2E45frI5iRwH0w= + name: 1-basic-settings.groovy + source: jenkins-operator-base-configuration-jenkins-example + ... + baseConfigurationCompletedTime: "2021-02-08T13:27:01Z" + createdSeedJobs: + - jenkins-operator + operatorVersion: v0.5.0 + provisionStartTime: "2021-02-08T13:24:55Z" + userAndPasswordHash: nnfZsWmFfAYlYyVYeKhWW2KB4L8mE61JUfetAsr9IMM= + userConfigurationCompletedTime: "2021-02-08T13:27:33Z" +kind: List +metadata: + resourceVersion: "" + selfLink: "" +``` + +```bash +kubectl get po + +NAME READY STATUS RESTARTS AGE +jenkins-jenkins-example 1/1 Running 0 23m +seed-job-agent-jenkins-example-758cc7cc5c-82hbl 1/1 Running 0 21m + +``` + +### Debug Jenkins Operator + +```bash +make run OPERATOR_EXTRA_ARGS="--debug" +``` + +## Build and run with a remote Kubernetes cluster + +You can also run the controller locally and make it listen to a remote Kubernetes server. + +```bash +make run NAMESPACE=default KUBECTL_CONTEXT=remote-k8s EXTRA_ARGS='--kubeconfig ~/.kube/config' +``` + +Once **Jenkins Operator** are up and running, apply Jenkins custom resource: + +```bash +kubectl --context remote-k8s --namespace default apply -f deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml +kubectl --context remote-k8s --namespace default get jenkins -o yaml +kubectl --context remote-k8s --namespace default get po +``` + +## Testing + +Tests are written using [Ginkgo](https://onsi.github.io/ginkgo/) with [Gomega](https://onsi.github.io/gomega/). + +Run unit tests with go fmt, lint, statickcheck, vet: + +```bash +make verify +``` + +Run unit tests only: + +```bash +make test +``` + +### Running E2E tests + +Run e2e tests with minikube: + +```bash +make minikube-start +make e2e +``` + +Run the specific e2e test: + +```bash +make e2e E2E_TEST_SELECTOR='^TestConfiguration$' +``` + +### Building docker image on minikube + +To be able to work with the docker daemon on `minikube` machine run the following command before building an image: + +```bash +eval $(bin/minikube docker-env) +``` + +### When `api/v1alpha2/jenkins_types.go` has changed + +Run: + +```bash +make manifests +``` + +### Getting the Jenkins URL and basic credentials + +```bash +minikube service jenkins-operator-http- --url +kubectl get secret jenkins-operator-credentials- -o 'jsonpath={.data.user}' | base64 -d +kubectl get secret jenkins-operator-credentials- -o 'jsonpath={.data.password}' | base64 -d +``` + +[dep_tool]:https://golang.github.io/dep/docs/installation.html +[git_tool]:https://git-scm.com/downloads +[go_tool]:https://golang.org/dl/ +[operator_sdk]:https://github.com/operator-framework/operator-sdk +[fork_guide]:https://help.github.com/articles/fork-a-repo/ +[docker_tool]:https://docs.docker.com/install/ +[kubectl_tool]:https://kubernetes.io/docs/tasks/tools/install-kubectl/ +[minikube]:https://kubernetes.io/docs/tasks/tools/install-minikube/ +[virtualbox]:https://www.virtualbox.org/wiki/Downloads +[install_dev_tools]:https://jenkinsci.github.io/kubernetes-operator/docs/developer-guide/tools/ + +## Self-learning + +* [Tutorial: Deep Dive into the Operator Framework for... Melvin Hillsman, Michael Hrivnak, & Matt Dorn +](https://www.youtube.com/watch?v=8_DaCcRMp5I) + +* [Operator Framework Training By OpenShift](https://www.katacoda.com/openshift/courses/operatorframework) diff --git a/website/content/en/docs/Developer Guide/_index.md b/website/content/en/docs/Developer Guide/_index.md index 17a331ec..b7a594c5 100644 --- a/website/content/en/docs/Developer Guide/_index.md +++ b/website/content/en/docs/Developer Guide/_index.md @@ -152,6 +152,7 @@ items: restore: action: {} containerName: "" + getLatestAction: {} seedJobs: - additionalClasspath: "" bitbucketPushTrigger: false @@ -244,7 +245,6 @@ Run e2e tests with minikube: ```bash make minikube-start -eval $(minikube docker-env) make e2e ``` diff --git a/website/content/en/docs/Getting Started/Preview/_index.md b/website/content/en/docs/Getting Started/Preview/_index.md new file mode 100644 index 00000000..64cd1b66 --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/_index.md @@ -0,0 +1,18 @@ +--- +title: "Preview" +linkTitle: "Preview" +weight: 10 +date: 2021-01-18 +description: > + How to work with jenkins-operator to be released version +--- + +{{% pageinfo %}} +This document describes a getting started guide for **Jenkins Operator** currently in preview version and an additional configuration. +{{% /pageinfo %}} + +## First Steps + +Prepare your Kubernetes cluster and set up your `kubectl` access. + +Once you have running Kubernetes cluster you can focus on installing **Jenkins Operator** according to the [Installation](/kubernetes-operator/docs/installation/) guide. diff --git a/website/content/en/docs/Getting Started/Preview/aks.md b/website/content/en/docs/Getting Started/Preview/aks.md new file mode 100644 index 00000000..166643c9 --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/aks.md @@ -0,0 +1,24 @@ +--- +title: "AKS" +linkTitle: "AKS" +weight: 10 +date: 2021-01-18 +description: > + Additional configuration for Azure Kubernetes Service +--- + +Azure AKS managed Kubernetes service adds to every pod the following environment variables: + +```yaml +- name: KUBERNETES_PORT_443_TCP_ADDR + value: +- name: KUBERNETES_PORT + value: tcp:// +- name: KUBERNETES_PORT_443_TCP + value: tcp:// +- name: KUBERNETES_SERVICE_HOST + value: +``` + +The operator is aware of it and omits these environment variables when checking if a Jenkins pod environment has been changed. It prevents the +restart of a Jenkins pod over and over again. \ No newline at end of file diff --git a/website/content/en/docs/Getting Started/Preview/configuration.md b/website/content/en/docs/Getting Started/Preview/configuration.md new file mode 100644 index 00000000..19721edd --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/configuration.md @@ -0,0 +1,315 @@ +--- +title: "Configuration" +linkTitle: "Configuration" +weight: 2 +date: 2021-01-25 +description: > + How to configure Jenkins with Operator +--- + +## Configure Seed Jobs and Pipelines + +Jenkins operator uses [job-dsl][job-dsl] and [kubernetes-credentials-provider][kubernetes-credentials-provider] plugins for configuring jobs +and deploy keys. + +## Prepare job definitions and pipelines + +First you have to prepare pipelines and job definition in your GitHub repository using the following structure: + +``` +cicd/ +├── jobs +│   └── k8s.jenkins +└── pipelines + └── k8s.jenkins +``` + +**`cicd/jobs/k8s.jenkins`** is a job definition: + +``` +#!/usr/bin/env groovy + +pipelineJob('k8s-e2e') { + displayName('Kubernetes Plugin E2E Test') + + logRotator { + numToKeep(10) + daysToKeep(30) + } + + configure { project -> + project / 'properties' / 'org.jenkinsci.plugins.workflow.job.properties.DurabilityHintJobProperty' { + hint('PERFORMANCE_OPTIMIZED') + } + } + + definition { + cpsScm { + scm { + git { + remote { + url('https://github.com/jenkinsci/kubernetes-operator.git') + credentials('jenkins-operator') + } + branches('*/master') + } + } + scriptPath('cicd/pipelines/k8s.jenkins') + } + } +} +``` + +**`cicd/pipelines/k8s.jenkins`** is an actual Jenkins pipeline: + +``` +#!/usr/bin/env groovy + +def label = "k8s-${UUID.randomUUID().toString()}" +def home = "/home/jenkins" +def workspace = "${home}/workspace/build-jenkins-operator" +def workdir = "${workspace}/src/github.com/jenkinsci/kubernetes-operator/" + +podTemplate(label: label, + containers: [ + containerTemplate(name: 'alpine', image: 'alpine:3.11', ttyEnabled: true, command: 'cat'), + ], + ) { + node(label) { + stage('Run shell') { + container('alpine') { + sh 'echo "hello world"' + } + } + } +} +``` + +## Configure Seed Jobs + +Jenkins Seed Jobs are configured using `Jenkins.spec.seedJobs` section from your custom resource manifest: + +``` +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: example +spec: + seedJobs: + - id: jenkins-operator + targets: "cicd/jobs/*.jenkins" + description: "Jenkins Operator repository" + repositoryBranch: master + repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git +``` + +**Jenkins Operator** will automatically discover and configure all the seed jobs. + +You can verify if deploy keys were successfully configured in the Jenkins **Credentials** tab. + +![jenkins](/kubernetes-operator/img/jenkins-credentials.png) + +You can verify if your pipelines were successfully configured in the Jenkins Seed Job console output. + +![jenkins](/kubernetes-operator/img/jenkins-seed.png) + +If your GitHub repository is **private** you have to configure SSH or username/password authentication. + +### SSH authentication + +#### Generate SSH Keys + +There are two methods of SSH private key generation: + +```bash +$ openssl genrsa -out 2048 +``` + +or + +```bash +$ ssh-keygen -t rsa -b 2048 +$ ssh-keygen -p -f -m pem +``` + +Then copy content from generated file. + +#### Public key + +If you want to upload your public key to your Git server you need to extract it. + +If key was generated by `openssl` then you need to type this to extract public key: + +```bash +$ openssl rsa -in -pubout > .pub +``` + +If key was generated by `ssh-keygen` the public key content is located in .pub and there is no need to extract public key + +#### Configure SSH authentication + +Configure a seed job like this: + +``` +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: example +spec: + seedJobs: + - id: jenkins-operator-ssh + credentialType: basicSSHUserPrivateKey + credentialID: k8s-ssh + targets: "cicd/jobs/*.jenkins" + description: "Jenkins Operator repository" + repositoryBranch: master + repositoryUrl: ssh://git@github.com:jenkinsci/kubernetes-operator.git +``` + +and create a Kubernetes Secret (name of secret should be the same from `credentialID` field): + +``` +apiVersion: v1 +kind: Secret +metadata: + name: k8s-ssh + labels: + "jenkins.io/credentials-type": "basicSSHUserPrivateKey" + annotations: + "jenkins.io/credentials-description" : "ssh github.com:jenkinsci/kubernetes-operator" +stringData: + privateKey: | + -----BEGIN RSA PRIVATE KEY----- + MIIJKAIBAAKCAgEAxxDpleJjMCN5nusfW/AtBAZhx8UVVlhhhIKXvQ+dFODQIdzO + oDXybs1zVHWOj31zqbbJnsfsVZ9Uf3p9k6xpJ3WFY9b85WasqTDN1xmSd6swD4N8 + ... + username: github_user_name +``` + +### Username & password authentication + +Configure the seed job like: + +``` +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: example +spec: + seedJobs: + - id: jenkins-operator-user-pass + credentialType: usernamePassword + credentialID: k8s-user-pass + targets: "cicd/jobs/*.jenkins" + description: "Jenkins Operator repository" + repositoryBranch: master + repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git +``` + +and create a Kubernetes Secret (name of secret should be the same from `credentialID` field): + +``` +apiVersion: v1 +kind: Secret +metadata: + name: k8s-user-pass +stringData: + username: github_user_name + password: password_or_token +``` + +### External authentication +You can use `external` credential type if you want to configure authentication using Configuration As Code or Groovy Script. + +## HTTP Proxy for downloading plugins + +To use forwarding proxy with an operator to download plugins you need to add the following environment variable to Jenkins Custom Resource (CR), e.g.: + +```yaml +spec: + master: + containers: + - name: jenkins-master + env: + - name: CURL_OPTIONS + value: -L -x +``` + +In `CURL_OPTIONS` var you can set additional arguments to `curl` command. + +## Pulling Docker images from private repositories + +To pull a Docker Image from private repository you can use `imagePullSecrets`. + +Please follow the instructions on [creating a secret with a docker config](https://kubernetes.io/docs/concepts/containers/images/?origin_team=T42NTAGHM#creating-a-secret-with-a-docker-config). + +### Docker Hub Configuration +To use Docker Hub additional steps are required. + +Edit the previously created secret: +```bash +kubectl -n edit secret +``` + +The `.dockerconfigjson` key's value needs to be replaced with a modified version. + +After modifications, it needs to be encoded as a Base64 value before setting the `.dockerconfigjson` key. + +Example config file to modify and use: +``` +{ + "auths":{ + "https://index.docker.io/v1/":{ + "username":"user", + "password":"password", + "email":"yourdockeremail@gmail.com", + "auth":"base64 of string user:password" + }, + "auth.docker.io":{ + "username":"user", + "password":"password", + "email":"yourdockeremail@gmail.com", + "auth":"base64 of string user:password" + }, + "registry.docker.io":{ + "username":"user", + "password":"password", + "email":"yourdockeremail@gmail.com", + "auth":"base64 of string user:password" + }, + "docker.io":{ + "username":"user", + "password":"password", + "email":"yourdockeremail@gmail.com", + "auth":"base64 of string user:password" + }, + "https://registry-1.docker.io/v2/": { + "username":"user", + "password":"password", + "email":"yourdockeremail@gmail.com", + "auth":"base64 of string user:password" + }, + "registry-1.docker.io/v2/": { + "username":"user", + "password":"password", + "email":"yourdockeremail@gmail.com", + "auth":"base64 of string user:password" + }, + "registry-1.docker.io": { + "username":"user", + "password":"password", + "email":"yourdockeremail@gmail.com", + "auth":"base64 of string user:password" + }, + "https://registry-1.docker.io": { + "username":"user", + "password":"password", + "email":"yourdockeremail@gmail.com", + "auth":"base64 of string user:password" + } + } +} +``` + +[job-dsl]:https://github.com/jenkinsci/job-dsl-plugin +[kubernetes-credentials-provider]:https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ diff --git a/website/content/en/docs/Getting Started/Preview/configure-backup-and-restore.md b/website/content/en/docs/Getting Started/Preview/configure-backup-and-restore.md new file mode 100644 index 00000000..a5a4135c --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/configure-backup-and-restore.md @@ -0,0 +1,90 @@ +--- +title: "Configure backup and restore" +linkTitle: "Configure backup and restore" +weight: 10 +date: 2021-01-25 +description: > + Prevent loss of job history +--- + +Backup and restore is done by a container sidecar. + +### PVC + +#### Create PVC + +Save to the file named pvc.yaml: +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: + namespace: +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi +``` + +Run the following command: +```bash +$ kubectl -n create -f pvc.yaml +``` + +#### Configure Jenkins CR + +```yaml +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: + namespace: +spec: + master: + securityContext: + runAsUser: 1000 + fsGroup: 1000 + containers: + - name: jenkins-master + image: jenkins/jenkins:2.263.2-lts-alpine + - name: backup # container responsible for the backup and restore + env: + - name: BACKUP_DIR + value: /backup + - name: JENKINS_HOME + value: /jenkins-home + - name: BACKUP_COUNT + value: "3" # keep only the 2 most recent backups + image: virtuslab/jenkins-operator-backup-pvc:v0.1.0 # look at backup/pvc directory + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /jenkins-home # Jenkins home volume + name: jenkins-home + - mountPath: /backup # backup volume + name: backup + volumes: + - name: backup # PVC volume where backups will be stored + persistentVolumeClaim: + claimName: + backup: + containerName: backup # container name is responsible for backup + action: + exec: + command: + - /home/user/bin/backup.sh # this command is invoked on "backup" container to make backup, for example /home/user/bin/backup.sh , is passed by operator + getLatestAction: + exec: + command: + - /home/user/bin/get-latest.sh # this command is invoked on "backup" container to get last backup number before pod deletion. If you don't omit it in CR, you can lose data + interval: 30 # how often make backup in seconds + makeBackupBeforePodDeletion: true # make a backup before pod deletion + restore: + containerName: backup # container name is responsible for restore backup + action: + exec: + command: + - /home/user/bin/restore.sh # this command is invoked on "backup" container to make restore backup, for example /home/user/bin/restore.sh , is passed by operator + #recoveryOnce: # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restored +``` diff --git a/website/content/en/docs/Getting Started/Preview/custom-backup-and-restore.md b/website/content/en/docs/Getting Started/Preview/custom-backup-and-restore.md new file mode 100644 index 00000000..f632953a --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/custom-backup-and-restore.md @@ -0,0 +1,184 @@ +--- +title: "Custom Backup and Restore Providers" +linkTitle: "Custom Backup and Restore Providers" +weight: 10 +date: 2021-01-18 +description: > + Custom backup and restore provider +--- + +With enough effort one can create a custom backup and restore provider +for the Jenkins Operator. + +## Requirements + +Two commands (e.g. scripts) are required: + +- a backup command, e.g. `backup.sh` that takes one argument, a **backup number** +- a restore command, e.g. `backup.sh` that takes one argument, a **backup number** + +Both scripts need to return an exit code of `0` on success and `1` or greater for failure. + +One of those scripts (or the entry point of the container) needs to be responsible +for backup cleanup or rotation if required, or an external system. + +## How it works + +The mechanism relies on basic Kubernetes and UNIX functionalities. + +The backup (and restore) container runs as a sidecar in the same +Kubernetes pod as the Jenkins master. + +Name of the backup and restore containers can be set as necessary using +`spec.backup.containerName` and `spec.restore.containerName`. +In most cases it will be the same container, but we allow for less common use cases. + +The operator will call a backup or restore commands inside a sidecar container when necessary: + +- backup command (defined in `spec.backup.action.exec.command`) + will be called every `N` seconds configurable in: `spec.backup.interval` + and on pod shutdown (if enabled in `spec.backup.makeBackupBeforePodDeletion`) + with an integer representing the current backup number as first and only argument +- restore command (defined in `spec.restore.action.exec.command`) + will be called at Jenkins startup + with an integer representing the backup number to restore as first and only argument + (can be overridden using `spec.restore.recoveryOnce`) + +## Example AWS S3 backup using the CLI + +This example shows abbreviated version of a simple AWS S3 backup implementation +using: `aws-cli`, `bash` and `kube2iam`. + +In addition to your normal `Jenkins` `CustomResource` some additional settings +for backup and restore are required, e.g.: + +```yaml +kind: Jenkins +apiVersion: jenkins.io/v1alpha1 +metadata: + name: example + namespace: jenkins +spec: + master: + masterAnnotations: + iam.amazonaws.com/role: "my-example-backup-role" # tell kube2iam where the AWS IAM role is + containers: + - name: jenkins-master + ... + - name: backup # container responsible for backup and restore + image: quay.io/virtuslab/aws-cli:1.16.263-2 + workingDir: /home/user/bin/ + command: # our container entry point + - sleep + - infinity + env: + - name: BACKUP_BUCKET + value: my-example-bucket # the S3 bucket name to use + - name: BACKUP_PATH + value: my-backup-path # the S3 bucket path prefix to use + - name: JENKINS_HOME + value: /jenkins-home # the path to mount jenkins home dir in the backup container + volumeMounts: + - mountPath: /jenkins-home # Jenkins home volume + name: jenkins-home + - mountPath: /home/user/bin/backup.sh + name: backup-scripts + subPath: backup.sh + readOnly: true + - mountPath: /home/user/bin/restore.sh + name: backup-scripts + subPath: restore.sh + readOnly: true + volumes: + - name: backup-scripts + configMap: + defaultMode: 0754 + name: jenkins-operator-backup-s3 + securityContext: # make sure both containers use the same UID and GUID + runAsUser: 1000 + fsGroup: 1000 + ... + backup: + containerName: backup # container name responsible for backup + interval: 3600 # how often make a backup in seconds + makeBackupBeforePodDeletion: true # trigger backup just before deleting the pod + action: + exec: + command: + # this command is invoked on "backup" container to create a backup, + # is passed by operator, + # for example /home/user/bin/backup.sh + - /home/user/bin/backup.sh + restore: + containerName: backup # container name is responsible for restore backup + action: + exec: + command: + # this command is invoked on "backup" container to restore a backup, + # is passed by operator + # for example /home/user/bin/restore.sh + - /home/user/bin/restore.sh +# recoveryOnce: # if want to restore specific backup configure this field and then Jenkins will be restarted and desired backup will be restored +``` + +The actual backup and restore scripts will be provided in a `ConfigMap`: + +```yaml +kind: ConfigMap +apiVersion: v1 +metadata: + name: jenkins-operator-backup-s3 + namespace: jenkins + labels: + app: jenkins-operator +data: + backup.sh: |- + #!/bin/bash -xeu + [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1; + [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1; + [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1; + [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1; + + backup_number=$1 + echo "Running backup #${backup_number}" + + BACKUP_TMP_DIR=$(mktemp -d) + tar -C ${JENKINS_HOME} -czf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" --exclude jobs/*/workspace* -c jobs && \ + + aws s3 cp ${BACKUP_TMP_DIR}/${backup_number}.tar.gz s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz + echo Done + + restore.sh: |- + #!/bin/bash -xeu + [[ ! $# -eq 1 ]] && echo "Usage: $0 backup_number" && exit 1 + [[ -z "${BACKUP_BUCKET}" ]] && echo "Required 'BACKUP_BUCKET' env not set" && exit 1; + [[ -z "${BACKUP_PATH}" ]] && echo "Required 'BACKUP_PATH' env not set" && exit 1; + [[ -z "${JENKINS_HOME}" ]] && echo "Required 'JENKINS_HOME' env not set" && exit 1; + + backup_number=$1 + echo "Running restore #${backup_number}" + + BACKUP_TMP_DIR=$(mktemp -d) + aws s3 cp s3://${BACKUP_BUCKET}/${BACKUP_PATH}/${backup_number}.tar.gz ${BACKUP_TMP_DIR}/${backup_number}.tar.gz + + tar -C ${JENKINS_HOME} -zxf "${BACKUP_TMP_DIR}/${backup_number}.tar.gz" + echo Done +``` + +In our example we will use S3 bucket lifecycle policy to keep +the number of backups under control, e.g. Cloud Formation fragment: +```yaml + Type: AWS::S3::Bucket + Properties: + BucketName: my-example-bucket + ... + LifecycleConfiguration: + Rules: + - Id: BackupCleanup + Status: Enabled + Prefix: my-backup-path + ExpirationInDays: 7 + NoncurrentVersionExpirationInDays: 14 + AbortIncompleteMultipartUpload: + DaysAfterInitiation: 3 +``` diff --git a/website/content/en/docs/Getting Started/Preview/customization.md b/website/content/en/docs/Getting Started/Preview/customization.md new file mode 100644 index 00000000..76b12e10 --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/customization.md @@ -0,0 +1,202 @@ +--- +title: "Customization" +linkTitle: "Customization" +weight: 3 +date: 2021-01-25 +description: > + How to customize Jenkins +--- + +## How to customize Jenkins +Jenkins can be customized with plugins. +Plugin's configuration is applied as groovy scripts or the [configuration as code plugin](https://github.com/jenkinsci/configuration-as-code-plugin). +Any plugin working for Jenkins can be installed by the Jenkins Operator. + +Pre-installed plugins: +* configuration-as-code v1.47 +* git v4.5.0 +* job-dsl v1.77 +* kubernetes-credentials-provider v0.15 +* kubernetes v1.29.0 +* workflow-aggregator v2.6 +* workflow-job v2.40 + +Rest of the plugins can be found in [plugins repository](https://plugins.jenkins.io/). + + +#### Install plugins + +Edit Custom Resource under `spec.master.plugins`: + +```yaml +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: example +spec: + master: + plugins: + - name: simple-theme-plugin + version: "0.6" +``` + +Under `spec.master.basePlugins` you can find plugins for a valid **Jenkins Operator**: + +```yaml +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: example +spec: + master: + basePlugins: + - name: kubernetes + version: "1.28.6" + - name: workflow-job + version: "2.40" + - name: workflow-aggregator + version: "2.6" + - name: git + version: "4.5.0" + - name: job-dsl + version: "1.77" + - name: configuration-as-code + version: "1.46" + - name: kubernetes-credentials-provider + version: "0.15" +``` + +You can change their versions. + +The **Jenkins Operator** will then automatically install plugins after the Jenkins master pod restart. + +#### Apply plugin's config + +By using a [ConfigMap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/) you can create your own **Jenkins** customized configuration. +Then you must reference the **`ConfigMap`** in the **Jenkins** pod customization file in `spec.groovyScripts` or `spec.configurationAsCode` + +Create a **`ConfigMap`** with specific name (eg. `jenkins-operator-user-configuration`). Then, modify the **Jenkins** manifest: + +```yaml +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: example +spec: + configurationAsCode: + configurations: + - name: jenkins-operator-user-configuration + groovyScripts: + configurations: + - name: jenkins-operator-user-configuration +``` + +Here is an example of `jenkins-operator-user-configuration`: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: jenkins-operator-user-configuration +data: + 1-configure-theme.groovy: | + import jenkins.* + import jenkins.model.* + import hudson.* + import hudson.model.* + import org.jenkinsci.plugins.simpletheme.ThemeElement + import org.jenkinsci.plugins.simpletheme.CssTextThemeElement + import org.jenkinsci.plugins.simpletheme.CssUrlThemeElement + + Jenkins jenkins = Jenkins.getInstance() + + def decorator = Jenkins.instance.getDescriptorByType(org.codefirst.SimpleThemeDecorator.class) + + List configElements = new ArrayList<>(); + configElements.add(new CssTextThemeElement("DEFAULT")); + configElements.add(new CssUrlThemeElement("https://cdn.rawgit.com/afonsof/jenkins-material-theme/gh-pages/dist/material-light-green.css")); + decorator.setElements(configElements); + decorator.save(); + + jenkins.save() + 1-system-message.yaml: | + jenkins: + systemMessage: "Configuration as Code integration works!!!" +``` + +* `*.groovy` is Groovy script configuration +* `*.yaml is` configuration as code + +If you want to correct your configuration you can edit it while the **Jenkins Operator** is running. +Jenkins will reconcile and apply the new configuration. + +## How to use secrets from a Groovy scripts + +If you configured `spec.groovyScripts.secret.name`, then this secret is available to use from map Groovy scripts. +The secrets are loaded to `secrets` map. + +Create a [secret](https://kubernetes.io/docs/concepts/configuration/secret/) with for example the name `jenkins-conf-secrets`. + +```yaml +kind: Secret +apiVersion: v1 +type: Opaque +metadata: + name: jenkins-conf-secrets + namespace: default +data: + SYSTEM_MESSAGE: SGVsbG8gd29ybGQ= +``` + +Then modify the **Jenkins** pod manifest by changing `spec.groovyScripts.secret.name` to `jenkins-conf-secrets`. + +```yaml +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: example +spec: + configurationAsCode: + configurations: + - name: jenkins-operator-user-configuration + secret: + name: jenkins-conf-secrets + groovyScripts: + configurations: + - name: jenkins-operator-user-configuration + secret: + name: jenkins-conf-secrets +``` + +Now you can test that the secret is mounted by applying this `ConfigMap` for Groovy script: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: jenkins-operator-user-configuration +data: + 1-system-message.groovy: | + import jenkins.* + import jenkins.model.* + import hudson.* + import hudson.model.* + Jenkins jenkins = Jenkins.getInstance() + + jenkins.setSystemMessage(secrets["SYSTEM_MESSAGE"]) + jenkins.save() +``` + +Or by applying this configuration as code: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: jenkins-operator-user-configuration +data: + 1-system-message.yaml: | + jenkins: + systemMessage: ${SYSTEM_MESSAGE} +``` + + +After this, you should see the `Hello world` system message from the **Jenkins** homepage. \ No newline at end of file diff --git a/website/content/en/docs/Getting Started/Preview/deploy-jenkins.md b/website/content/en/docs/Getting Started/Preview/deploy-jenkins.md new file mode 100644 index 00000000..29e892f6 --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/deploy-jenkins.md @@ -0,0 +1,90 @@ +--- +title: "Deploy Jenkins" +linkTitle: "Deploy Jenkins" +weight: 1 +date: 2021-01-25 +description: > + Deploy production ready Jenkins Operator manifest +--- + +Once Jenkins Operator is up and running let's deploy actual Jenkins instance. +Create manifest e.g. **`jenkins_instance.yaml`** with following data and save it on drive. + +```yaml +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + name: example +spec: + master: + containers: + - name: jenkins-master + image: jenkins/jenkins:2.263.2-lts-alpine + imagePullPolicy: Always + livenessProbe: + failureThreshold: 12 + httpGet: + path: /login + port: http + scheme: HTTP + initialDelaySeconds: 80 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /login + port: http + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 1500m + memory: 3Gi + requests: + cpu: "1" + memory: 500Mi + seedJobs: + - id: jenkins-operator + targets: "cicd/jobs/*.jenkins" + description: "Jenkins Operator repository" + repositoryBranch: master + repositoryUrl: https://github.com/jenkinsci/kubernetes-operator.git +``` + +Deploy a Jenkins to Kubernetes: + +```bash +kubectl create -f jenkins_instance.yaml +``` +Watch the Jenkins instance being created: + +```bash +kubectl get pods -w +``` + +Get the Jenkins credentials: + +```bash +kubectl get secret jenkins-operator-credentials- -o 'jsonpath={.data.user}' | base64 -d +kubectl get secret jenkins-operator-credentials- -o 'jsonpath={.data.password}' | base64 -d +``` + +Connect to the Jenkins instance (minikube): + +```bash +minikube service jenkins-operator-http- --url +``` + +Connect to the Jenkins instance (actual Kubernetes cluster): + +```bash +kubectl port-forward jenkins- 8080:8080 +``` +Then open browser with address `http://localhost:8080`. + +![jenkins](/kubernetes-operator/img/jenkins.png) diff --git a/website/content/en/docs/Getting Started/Preview/diagnostics.md b/website/content/en/docs/Getting Started/Preview/diagnostics.md new file mode 100644 index 00000000..18ecf679 --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/diagnostics.md @@ -0,0 +1,42 @@ +--- +title: "Diagnostics" +linkTitle: "Diagnostics" +weight: 40 +date: 2021-01-18 +description: > + How to deal with Jenkins Operator problems +--- + + +Turn on debug in **Jenkins Operator** deployment: + +```bash +sed -i 's|\(args:\).*|\1\ ["--debug"\]|' deploy/operator.yaml +kubectl apply -f deploy/operator.yaml +``` + +Watch Kubernetes events: + +```bash +kubectl get events --sort-by='{.lastTimestamp}' +``` + +Verify Jenkins master logs: + +```bash +kubectl logs -f jenkins- +``` + +Verify the `jenkins-operator` logs: + +```bash +kubectl logs deployment/jenkins-operator +``` + +## Troubleshooting + +Delete the Jenkins master pod and wait for the new one to come up: + +```bash +kubectl delete pod jenkins- +``` diff --git a/website/content/en/docs/Getting Started/Preview/notifications.md b/website/content/en/docs/Getting Started/Preview/notifications.md new file mode 100644 index 00000000..06845e29 --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/notifications.md @@ -0,0 +1,114 @@ +--- +title: "Notifications" +linkTitle: "Notifications" +weight: 10 +date: 2021-01-18 +description: > + How to setup operator notifications. +--- + +## Slack + +Please follow [this](https://api.slack.com/incoming-webhooks) instructions to get web hook URL. + +Create web hook secret with name `jenkins-operator-notification-data`. Contains key `url` with provided web hook URL. + +```bash +$ kubectl create secret generic jenkins-operator-notification-data --from-literal=url= +``` + +Example configuration for Slack: + +```yaml +kind: Jenkins +spec: + master: + notifications: + - level: info + verbose: true + name: + slack: + webHookURLSecretKeySelector: + secret: + name: + key: +``` + +## Microsoft Teams + +Please follow [this](https://docs.microsoft.com/en-gb/outlook/actionable-messages/send-via-connectors) instructions to get web hook URL. + +Example configuration for Microsoft Teams: + +```yaml +kind: Jenkins +spec: + master: + notifications: + - level: info + verbose: true + name: + teams: + webHookURLSecretKeySelector: + secret: + name: + key: +``` + +## Mailgun + +Example configuration for Mailgun: + +```yaml +kind: Jenkins +spec: + master: + notifications: + - level: info + verbose: true + name: + mailgun: + domain: + apiKeySecretKeySelector: + secret: + name: + key: + recipient: + from: +``` + +## Debug options + +As you see there is two debugging options: + +* `level` (warning/info) - Set level of messages to send. + +* `verbose` - Print stacktrace and additional error messages + +## Multiple providers + +You can use multiple providers to send notification to another communication channels at the same time. +For example you will send notifications to Slack and Teams. + +```yaml +kind: Jenkins +spec: + master: + notifications: + - level: info + verbose: true + name: nslack + slack: + webHookURLSecretKeySelector: + secret: + name: + key: + - level: info + verbose: true + name: nteams + teams: + webHookURLSecretKeySelector: + secret: + name: + key: +``` diff --git a/website/content/en/docs/Getting Started/Preview/openshift.md b/website/content/en/docs/Getting Started/Preview/openshift.md new file mode 100644 index 00000000..7af146ac --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/openshift.md @@ -0,0 +1,104 @@ +--- +title: "OpenShift" +linkTitle: "OpenShift" +weight: 20 +date: 2020-04-29 +description: > + Additional configuration for OpenShift +--- + +## SecurityContext + +OpenShift enforces Security Constraints Context (scc) when deploying an image. +By default, container images run in restricted scc which prevents from setting +a fixed user id to run with. You need to have ensure that you do not provide a +securityContext with a runAsUser and that your image does not use a hardcoded user. + +```yaml +securityContext: {} +``` + +## OpenShift Jenkins image + +OpenShift provides a pre-configured Jenkins image containing 3 openshift plugins for +jenkins (openshift-login-plugin, openshift-sync-plugin and openshift-client-plugin) +which allows better jenkins integration with kubernetes and OpenShift. + +The OpenShift Jenkins image requires additional configuration to be fully enabled. + +### Sample OpenShift CR +The following Custom Resource can be used to create a Jenkins instance using the +OpenShift Jenkins image and sets values for: +- `image: 'quay.io/openshift/origin-jenkins:latest' : This is the OpenShift Jenkins image. + +- serviceAccount: to allow oauth authentication to work, the service account needs +a specific annotation pointing to the route exposing the jenkins service. Here, +the route is named `jenkins-route` + +- `OPENSHIFT_ENABLE_OAUTH` environment variable for the master container is set to true. + +Here is a complete Jenkins CR allowing the deployment of the Jenkins OpenShift image. +```yaml +apiVersion: jenkins.io/v1alpha2 +kind: Jenkins +metadata: + annotations: + jenkins.io/openshift-mode: 'true' + name: jenkins +spec: + serviceAccount: + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"jenkins-route"}}' + master: + containers: + - name: jenkins-master + image: 'quay.io/openshift/origin-jenkins:latest' + command: + - /usr/bin/go-init + - '-main' + - /usr/libexec/s2i/run + env: + - name: OPENSHIFT_ENABLE_OAUTH + value: 'true' + - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT + value: 'true' + - name: DISABLE_ADMINISTRATIVE_MONITORS + value: 'false' + - name: KUBERNETES_MASTER + value: 'https://kubernetes.default:443' + - name: KUBERNETES_TRUST_CERTIFICATES + value: 'true' + - name: JENKINS_SERVICE_NAME + value: jenkins-operator-http-jenkins + - name: JNLP_SERVICE_NAME + value: jenkins-operator-slave-jenkins + - name: JENKINS_UC_INSECURE + value: 'false' + - name: JENKINS_HOME + value: /var/lib/jenkins + - name: JAVA_OPTS + value: >- + -XX:+UnlockExperimentalVMOptions -XX:+UnlockExperimentalVMOptions + -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1 + -Djenkins.install.runSetupWizard=false -Djava.awt.headless=true + imagePullPolicy: Always + service: + port: 8080 + type: ClusterIP + slaveService: + port: 50000 + type: ClusterIP +``` + +### OpenShift OAuth integration +The creation of a Route is required for the integraiton of Jenkins with +OpenShift oauth authentication. By default, the jenkins http service is named +`jenkins-operator-http-${jenkins-cr-name}` + +```bash +oc create route edge jenkins-route --service=jenkins-operator-http-jenkins +``` +Note: the route name (jenkins-route) must match the pointed route on the serviceaccount annotation. + + +After the creation of the Route. It can be used to navigate to the Jenkins Login Page and login with your Openshift Credentials. diff --git a/website/content/en/docs/Getting Started/Preview/schema.md b/website/content/en/docs/Getting Started/Preview/schema.md new file mode 100644 index 00000000..2a1444c7 --- /dev/null +++ b/website/content/en/docs/Getting Started/Preview/schema.md @@ -0,0 +1,2642 @@ +--- +title: "Schema" +linkTitle: "Schema" +weight: 40 +date: 2021-01-18 +description: > + API Schema definitions for Jenkins CRD +--- + +{{% pageinfo %}} +This document contains API scheme for `jenkins-operator` Custom Resource Definition manifest +{{% /pageinfo %}} + +

Packages:

+ +

jenkins.io

+

+

Package v1alpha2 contains API Schema definitions for the jenkins.io v1alpha2 API group

+

+Resource Types: + +

Jenkins +

+

+

Jenkins is the Schema for the jenkins API

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +jenkins.io/v1alpha2 + +
+kind
+string +		Jenkins
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec
+ + +JenkinsSpec + + +		 +

Spec defines the desired state of the Jenkins

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+master
+ + +JenkinsMaster + + +		 +

Master represents Jenkins master pod properties and Jenkins plugins. +Every single change here requires a pod restart.

+
+seedJobs
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SeedJob + + +		 +(Optional) +

SeedJobs defines list of Jenkins Seed Job configurations +More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines

+
+notifications
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Notification + + +		 +(Optional) +

Notifications defines list of a services which are used to inform about Jenkins status +Can be used to integrate chat services like Slack, Microsoft Teams or Mailgun

+
+service
+ + +Service + + +		 +(Optional) +

Service is Kubernetes service of Jenkins master HTTP pod +Defaults to : +port: 8080 +type: ClusterIP

+
+slaveService
+ + +Service + + +		 +(Optional) +

Service is Kubernetes service of Jenkins slave pods +Defaults to : +port: 50000 +type: ClusterIP

+
+backup
+ + +Backup + + +		 +(Optional) +

Backup defines configuration of Jenkins backup +More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/

+
+restore
+ + +Restore + + +		 +(Optional) +

Backup defines configuration of Jenkins backup restore +More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/

+
+groovyScripts
+ + +GroovyScripts + + +		 +(Optional) +

GroovyScripts defines configuration of Jenkins customization via groovy scripts

+
+configurationAsCode
+ + +ConfigurationAsCode + + +		 +(Optional) +

ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin

+
+roles
+ + +[]Kubernetes rbac/v1.RoleRef + + +		 +(Optional) +

Roles defines list of extra RBAC roles for the Jenkins Master pod service account

+
+serviceAccount
+ + +ServiceAccount + + +		 +(Optional) +

ServiceAccount defines Jenkins master service account attributes

+
+jenkinsAPISettings
+ + +JenkinsAPISettings + + +		 +

JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API

+
+
+status
+ + +JenkinsStatus + + +		 +

Status defines the observed state of Jenkins

+
+

AppliedGroovyScript +

+

+(Appears on: +JenkinsStatus) +

+

+

AppliedGroovyScript is the applied groovy script in Jenkins by the operator.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+configurationType
+ +string + +		 +

ConfigurationType is the name of the configuration type(base-groovy, user-groovy, user-casc)

+
+source
+ +string + +		 +

Source is the name of source where is located groovy script

+
+name
+ +string + +		 +

Name is the name of the groovy script

+
+hash
+ +string + +		 +

Hash is the hash of the groovy script and secrets which it uses

+
+

AuthorizationStrategy +(string alias)

+

+(Appears on: +JenkinsAPISettings) +

+

+

AuthorizationStrategy defines authorization strategy of the operator for the Jenkins API

+

+

Backup +

+

+(Appears on: +JenkinsSpec) +

+

+

Backup defines configuration of Jenkins backup.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+containerName
+ +string + +		 +

ContainerName is the container name responsible for backup operation

+
+action
+ + +Handler + + +		 +

Action defines action which performs backup in backup container sidecar

+
+interval
+ +uint64 + +		 +

Interval tells how often make backup in seconds +Defaults to 30.

+
+makeBackupBeforePodDeletion
+ +bool + +		 +

MakeBackupBeforePodDeletion tells operator to make backup before Jenkins master pod deletion

+
+

ConfigMapRef +

+

+(Appears on: +Customization) +

+

+

ConfigMapRef is reference to Kubernetes ConfigMap.

+

+ + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +
+

ConfigurationAsCode +

+

+(Appears on: +JenkinsSpec) +

+

+

ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin.

+

+ + + + + + + + + + + + + +
FieldDescription
+Customization
+ + +Customization + + +		 +

+(Members of Customization are embedded into this type.) +

+
+

Container +

+

+(Appears on: +JenkinsMaster) +

+

+

Container defines Kubernetes container attributes.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +

Name of the container specified as a DNS_LABEL. +Each container in a pod must have a unique name (DNS_LABEL).

+
+image
+ +string + +		 +

Docker image name. +More info: https://kubernetes.io/docs/concepts/containers/images

+
+imagePullPolicy
+ + +Kubernetes core/v1.PullPolicy + + +		 +

Image pull policy. +One of Always, Never, IfNotPresent. +Defaults to Always.

+
+resources
+ + +Kubernetes core/v1.ResourceRequirements + + +		 +

Compute Resources required by this container. +More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

+
+command
+ +[]string + +		 +(Optional) +

Entrypoint array. Not executed within a shell. +The docker image’s ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax +can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, +regardless of whether the variable exists or not. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

+
+args
+ +[]string + +		 +(Optional) +

Arguments to the entrypoint. +The docker image’s CMD is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax +can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, +regardless of whether the variable exists or not. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

+
+workingDir
+ +string + +		 +(Optional) +

Container’s working directory. +If not specified, the container runtime’s default will be used, which +might be configured in the container image.

+
+ports
+ + +[]Kubernetes core/v1.ContainerPort + + +		 +(Optional) +

List of ports to expose from the container. Exposing a port here gives +the system additional information about the network connections a +container uses, but is primarily informational. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default “0.0.0.0” address inside a container will be +accessible from the network.

+
+envFrom
+ + +[]Kubernetes core/v1.EnvFromSource + + +		 +(Optional) +

List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence.

+
+env
+ + +[]Kubernetes core/v1.EnvVar + + +		 +(Optional) +

List of environment variables to set in the container.

+
+volumeMounts
+ + +[]Kubernetes core/v1.VolumeMount + + +		 +(Optional) +

Pod volumes to mount into the container’s filesystem.

+
+livenessProbe
+ + +Kubernetes core/v1.Probe + + +		 +(Optional) +

Periodic probe of container liveness. +Container will be restarted if the probe fails.

+
+readinessProbe
+ + +Kubernetes core/v1.Probe + + +		 +(Optional) +

Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails.

+
+lifecycle
+ + +Kubernetes core/v1.Lifecycle + + +		 +(Optional) +

Actions that the management system should take in response to container lifecycle events.

+
+securityContext
+ + +Kubernetes core/v1.SecurityContext + + +		 +(Optional) +

Security options the pod should run with. +More info: https://kubernetes.io/docs/concepts/policy/security-context/ +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

+
+

Customization +

+

+(Appears on: +ConfigurationAsCode, +GroovyScripts) +

+

+

Customization defines configuration of Jenkins customization.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+secret
+ + +SecretRef + + +		 +
+configurations
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.ConfigMapRef + + +		 +
+

GroovyScripts +

+

+(Appears on: +JenkinsSpec) +

+

+

GroovyScripts defines configuration of Jenkins customization via groovy scripts.

+

+ + + + + + + + + + + + + +
FieldDescription
+Customization
+ + +Customization + + +		 +

+(Members of Customization are embedded into this type.) +

+
+

Handler +

+

+(Appears on: +Backup, +Restore) +

+

+

Handler defines a specific action that should be taken.

+

+ + + + + + + + + + + + + +
FieldDescription
+exec
+ + +Kubernetes core/v1.ExecAction + + +		 +

Exec specifies the action to take.

+
+

Image +

+

+(Appears on: +JenkinsImageSpec) +

+

+

Defines Jenkins Plugin structure

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +
+version
+ +string + +		 +
+

JenkinsAPISettings +

+

+(Appears on: +JenkinsSpec) +

+

+

JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API

+

+ + + + + + + + + + + + + +
FieldDescription
+authorizationStrategy
+ + +AuthorizationStrategy + + +		 +
+

JenkinsCredentialType +(string alias)

+

+(Appears on: +SeedJob) +

+

+

JenkinsCredentialType defines type of Jenkins credential used to seed job mechanism.

+

+

JenkinsImage +

+

+

JenkinsImage is the Schema for the jenkinsimages API

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec
+ + +JenkinsImageSpec + + +		 +
+
+ + + + + + + + + +
+image
+ + +Image + + +		 +
+plugins
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.JenkinsPlugin + + +		 +
+
+status
+ + +JenkinsImageStatus + + +		 +
+

JenkinsImageSpec +

+

+(Appears on: +JenkinsImage) +

+

+

JenkinsImageSpec defines the desired state of JenkinsImage

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+image
+ + +Image + + +		 +
+plugins
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.JenkinsPlugin + + +		 +
+

JenkinsImageStatus +

+

+(Appears on: +JenkinsImage) +

+

+

JenkinsImageStatus defines the observed state of JenkinsImage

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+image
+ +string + +		 +
+md5sum
+ +string + +		 +
+installedPlugins
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.JenkinsPlugin + + +		 +
+

JenkinsMaster +

+

+(Appears on: +JenkinsSpec) +

+

+

JenkinsMaster defines the Jenkins master pod attributes and plugins, +every single change requires a Jenkins master pod restart.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+annotations
+ +map[string]string + +		 +(Optional) +

Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations

+
+masterAnnotations
+ +map[string]string + +		 +(Optional) +

Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations +Deprecated: will be removed in the future, please use Annotations(annotations)

+
+labels
+ +map[string]string + +		 +(Optional) +

Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels

+
+nodeSelector
+ +map[string]string + +		 +(Optional) +

NodeSelector is a selector which must be true for the pod to fit on a node. +Selector which must match a node’s labels for the pod to be scheduled on that node. +More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

+
+securityContext
+ + +Kubernetes core/v1.PodSecurityContext + + +		 +(Optional) +

SecurityContext that applies to all the containers of the Jenkins +Master. As per kubernetes specification, it can be overridden +for each container individually. +Defaults to: +runAsUser: 1000 +fsGroup: 1000

+
+containers
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Container + + +		 +(Optional) +

List of containers belonging to the pod. +Containers cannot currently be added or removed. +There must be at least one container in a Pod. +Defaults to: +- image: jenkins/jenkins:lts +imagePullPolicy: Always +livenessProbe: +failureThreshold: 12 +httpGet: +path: /login +port: http +scheme: HTTP +initialDelaySeconds: 80 +periodSeconds: 10 +successThreshold: 1 +timeoutSeconds: 5 +name: jenkins-master +readinessProbe: +failureThreshold: 3 +httpGet: +path: /login +port: http +scheme: HTTP +initialDelaySeconds: 30 +periodSeconds: 10 +successThreshold: 1 +timeoutSeconds: 1 +resources: +limits: +cpu: 1500m +memory: 3Gi +requests: +cpu: “1” +memory: 600Mi

+
+imagePullSecrets
+ + +[]Kubernetes core/v1.LocalObjectReference + + +		 +(Optional) +

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. +If specified, these secrets will be passed to individual puller implementations for them to use. For example, +in the case of docker, only DockerConfig type secrets are honored. +More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

+
+volumes
+ + +[]Kubernetes core/v1.Volume + + +		 +(Optional) +

List of volumes that can be mounted by containers belonging to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes

+
+tolerations
+ + +[]Kubernetes core/v1.Toleration + + +		 +(Optional) +

If specified, the pod’s tolerations.

+
+basePlugins
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin + + +		 +(Optional) +

BasePlugins contains plugins required by operator +Defaults to : +- name: kubernetes +version: “1.28.6” +- name: workflow-job +version: “2.40” +- name: workflow-aggregator +version: “2.6” +- name: git +version: “4.5.0” +- name: job-dsl +version: “1.77” +- name: configuration-as-code +version: “1.46” +- name: kubernetes-credentials-provider +version: “0.15”

+
+plugins
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Plugin + + +		 +(Optional) +

Plugins contains plugins required by user

+
+disableCSRFProtection
+ +bool + +		 +

DisableCSRFProtection allows you to toggle CSRF Protection on Jenkins

+
+priorityClassName
+ +string + +		 +(Optional) +

PriorityClassName for Jenkins master pod

+
+

JenkinsPlugin +

+

+(Appears on: +JenkinsImageSpec, +JenkinsImageStatus) +

+

+

Defines Jenkins Plugin structure

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +
+version
+ +string + +		 +
+

JenkinsSpec +

+

+(Appears on: +Jenkins) +

+

+

JenkinsSpec defines the desired state of the Jenkins.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+master
+ + +JenkinsMaster + + +		 +

Master represents Jenkins master pod properties and Jenkins plugins. +Every single change here requires a pod restart.

+
+seedJobs
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SeedJob + + +		 +(Optional) +

SeedJobs defines list of Jenkins Seed Job configurations +More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration#configure-seed-jobs-and-pipelines

+
+notifications
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Notification + + +		 +(Optional) +

Notifications defines list of a services which are used to inform about Jenkins status +Can be used to integrate chat services like Slack, Microsoft Teams or Mailgun

+
+service
+ + +Service + + +		 +(Optional) +

Service is Kubernetes service of Jenkins master HTTP pod +Defaults to : +port: 8080 +type: ClusterIP

+
+slaveService
+ + +Service + + +		 +(Optional) +

Service is Kubernetes service of Jenkins slave pods +Defaults to : +port: 50000 +type: ClusterIP

+
+backup
+ + +Backup + + +		 +(Optional) +

Backup defines configuration of Jenkins backup +More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/

+
+restore
+ + +Restore + + +		 +(Optional) +

Backup defines configuration of Jenkins backup restore +More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configure-backup-and-restore/

+
+groovyScripts
+ + +GroovyScripts + + +		 +(Optional) +

GroovyScripts defines configuration of Jenkins customization via groovy scripts

+
+configurationAsCode
+ + +ConfigurationAsCode + + +		 +(Optional) +

ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin

+
+roles
+ + +[]Kubernetes rbac/v1.RoleRef + + +		 +(Optional) +

Roles defines list of extra RBAC roles for the Jenkins Master pod service account

+
+serviceAccount
+ + +ServiceAccount + + +		 +(Optional) +

ServiceAccount defines Jenkins master service account attributes

+
+jenkinsAPISettings
+ + +JenkinsAPISettings + + +		 +

JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API

+
+

JenkinsStatus +

+

+(Appears on: +Jenkins) +

+

+

JenkinsStatus defines the observed state of Jenkins

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+operatorVersion
+ +string + +		 +(Optional) +

OperatorVersion is the operator version which manages this CR

+
+provisionStartTime
+ + +Kubernetes meta/v1.Time + + +		 +(Optional) +

ProvisionStartTime is a time when Jenkins master pod has been created

+
+baseConfigurationCompletedTime
+ + +Kubernetes meta/v1.Time + + +		 +(Optional) +

BaseConfigurationCompletedTime is a time when Jenkins base configuration phase has been completed

+
+userConfigurationCompletedTime
+ + +Kubernetes meta/v1.Time + + +		 +(Optional) +

UserConfigurationCompletedTime is a time when Jenkins user configuration phase has been completed

+
+restoredBackup
+ +uint64 + +		 +(Optional) +

RestoredBackup is the restored backup number after Jenkins master pod restart

+
+lastBackup
+ +uint64 + +		 +(Optional) +

LastBackup is the latest backup number

+
+pendingBackup
+ +uint64 + +		 +(Optional) +

PendingBackup is the pending backup number

+
+backupDoneBeforePodDeletion
+ +bool + +		 +(Optional) +

BackupDoneBeforePodDeletion tells if backup before pod deletion has been made

+
+userAndPasswordHash
+ +string + +		 +(Optional) +

UserAndPasswordHash is a SHA256 hash made from user and password

+
+createdSeedJobs
+ +[]string + +		 +(Optional) +

CreatedSeedJobs contains list of seed job id already created in Jenkins

+
+appliedGroovyScripts
+ + +[][]github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.AppliedGroovyScript + + +		 +(Optional) +

AppliedGroovyScripts is a list with all applied groovy scripts in Jenkins by the operator

+
+

Mailgun +

+

+(Appears on: +Notification) +

+

+

Mailgun is handler for Mailgun email service notification channel.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+domain
+ +string + +		 +
+apiKeySecretKeySelector
+ + +SecretKeySelector + + +		 +
+recipient
+ +string + +		 +
+from
+ +string + +		 +
+

MicrosoftTeams +

+

+(Appears on: +Notification) +

+

+

MicrosoftTeams is handler for Microsoft MicrosoftTeams notification channel.

+

+ + + + + + + + + + + + + +
FieldDescription
+webHookURLSecretKeySelector
+ + +SecretKeySelector + + +		 +

The web hook URL to MicrosoftTeams App

+
+

Notification +

+

+(Appears on: +JenkinsSpec) +

+

+

Notification is a service configuration used to send notifications about Jenkins status.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+level
+ + +NotificationLevel + + +		 +
+verbose
+ +bool + +		 +
+name
+ +string + +		 +
+slack
+ + +github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Slack + + +		 +
+teams
+ + +github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.MicrosoftTeams + + +		 +
+mailgun
+ + +github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Mailgun + + +		 +
+smtp
+ + +github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.SMTP + + +		 +
+

NotificationLevel +(string alias)

+

+(Appears on: +Notification) +

+

+

NotificationLevel defines the level of a Notification.

+

+

Plugin +

+

+(Appears on: +JenkinsMaster) +

+

+

Plugin defines Jenkins plugin.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +

Name is the name of Jenkins plugin

+
+version
+ +string + +		 +

Version is the version of Jenkins plugin

+
+downloadURL
+ +string + +		 +

DownloadURL is the custom url from where plugin has to be downloaded.

+
+

Restore +

+

+(Appears on: +JenkinsSpec) +

+

+

Restore defines configuration of Jenkins backup restore operation.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+containerName
+ +string + +		 +

ContainerName is the container name responsible for restore backup operation

+
+action
+ + +Handler + + +		 +

Action defines action which performs restore backup in restore container sidecar

+
+getLatestAction
+ + +Handler + + +		 +(Optional) +

GetLatestAction defines action which returns the latest backup number. If there is no backup “-1” should be +returned.

+
+recoveryOnce
+ +uint64 + +		 +(Optional) +

RecoveryOnce if want to restore specific backup set this field and then Jenkins will be restarted and desired backup will be restored

+
+

SMTP +

+

+(Appears on: +Notification) +

+

+

SMTP is handler for sending emails via this protocol.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+usernameSecretKeySelector
+ + +SecretKeySelector + + +		 +
+passwordSecretKeySelector
+ + +SecretKeySelector + + +		 +
+port
+ +int + +		 +
+server
+ +string + +		 +
+tlsInsecureSkipVerify
+ +bool + +		 +
+from
+ +string + +		 +
+to
+ +string + +		 +
+

SecretKeySelector +

+

+(Appears on: +Mailgun, +MicrosoftTeams, +SMTP, +Slack) +

+

+

SecretKeySelector selects a key of a Secret.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+secret
+ + +Kubernetes core/v1.LocalObjectReference + + +		 +

The name of the secret in the pod’s namespace to select from.

+
+key
+ +string + +		 +

The key of the secret to select from. Must be a valid secret key.

+
+

SecretRef +

+

+(Appears on: +Customization) +

+

+

SecretRef is reference to Kubernetes secret.

+

+ + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +
+

SeedJob +

+

+(Appears on: +JenkinsSpec) +

+

+

SeedJob defines configuration for seed job +More info: https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/configuration/#configure-seed-jobs-and-pipelines.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+id
+ +string + +		 +

ID is the unique seed job name

+
+credentialID
+ +string + +		 +

CredentialID is the Kubernetes secret name which stores repository access credentials

+
+description
+ +string + +		 +(Optional) +

Description is the description of the seed job

+
+targets
+ +string + +		 +

Targets is the repository path where are seed job definitions

+
+repositoryBranch
+ +string + +		 +

RepositoryBranch is the repository branch where are seed job definitions

+
+repositoryUrl
+ +string + +		 +

RepositoryURL is the repository access URL. Can be SSH or HTTPS.

+
+credentialType
+ + +JenkinsCredentialType + + +		 +(Optional) +

JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type

+
+bitbucketPushTrigger
+ +bool + +		 +(Optional) +

BitbucketPushTrigger is used for Bitbucket web hooks

+
+githubPushTrigger
+ +bool + +		 +(Optional) +

GitHubPushTrigger is used for GitHub web hooks

+
+buildPeriodically
+ +string + +		 +(Optional) +

BuildPeriodically is setting for scheduled trigger

+
+pollSCM
+ +string + +		 +(Optional) +

PollSCM is setting for polling changes in SCM

+
+ignoreMissingFiles
+ +bool + +		 +(Optional) +

IgnoreMissingFiles is setting for Job DSL API plugin to ignore files that miss

+
+additionalClasspath
+ +string + +		 +(Optional) +

AdditionalClasspath is setting for Job DSL API plugin to set Additional Classpath

+
+failOnMissingPlugin
+ +bool + +		 +(Optional) +

FailOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing

+
+unstableOnDeprecation
+ +bool + +		 +(Optional) +

UnstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features

+
+

Service +

+

+(Appears on: +JenkinsSpec) +

+

+

Service defines Kubernetes service attributes

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+annotations
+ +map[string]string + +		 +(Optional) +

Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations

+
+labels
+ +map[string]string + +		 +(Optional) +

Route service traffic to pods with label keys and values matching this +selector. If empty or not present, the service is assumed to have an +external process managing its endpoints, which Kubernetes will not +modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. +Ignored if type is ExternalName. +More info: https://kubernetes.io/docs/concepts/services-networking/service/

+
+type
+ + +Kubernetes core/v1.ServiceType + + +		 +(Optional) +

Type determines how the Service is exposed. Defaults to ClusterIP. Valid +options are ExternalName, ClusterIP, NodePort, and LoadBalancer. +“ExternalName” maps to the specified externalName. +“ClusterIP” allocates a cluster-internal IP address for load-balancing to +endpoints. Endpoints are determined by the selector or if that is not +specified, by manual construction of an Endpoints object. If clusterIP is +“None”, no virtual IP is allocated and the endpoints are published as a +set of endpoints rather than a stable IP. +“NodePort” builds on ClusterIP and allocates a port on every node which +routes to the clusterIP. +“LoadBalancer” builds on NodePort and creates an +external load-balancer (if supported in the current cloud) which routes +to the clusterIP. +More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services—service-types

+
+port
+ +int32 + +		 +

The port that are exposed by this service. +More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

+
+nodePort
+ +int32 + +		 +(Optional) +

The port on each node on which this service is exposed when type=NodePort or LoadBalancer. +Usually assigned by the system. If specified, it will be allocated to the service +if unused or else creation of the service will fail. +Default is to auto-allocate a port if the ServiceType of this Service requires one. +More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

+
+loadBalancerSourceRanges
+ +[]string + +		 +(Optional) +

If specified and supported by the platform, this will restrict traffic through the cloud-provider +load-balancer will be restricted to the specified client IPs. This field will be ignored if the +cloud-provider does not support the feature.” +More info: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access

+
+loadBalancerIP
+ +string + +		 +(Optional) +

Only applies to Service Type: LoadBalancer +LoadBalancer will get created with the IP specified in this field. +This feature depends on whether the underlying cloud-provider supports specifying +the loadBalancerIP when a load balancer is created. +This field will be ignored if the cloud-provider does not support the feature.

+
+

ServiceAccount +

+

+(Appears on: +JenkinsSpec) +

+

+

ServiceAccount defines Kubernetes service account attributes

+

+ + + + + + + + + + + + + +
FieldDescription
+annotations
+ +map[string]string + +		 +(Optional) +

Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations

+
+

Slack +

+

+(Appears on: +Notification) +

+

+

Slack is handler for Slack notification channel.

+

+ + + + + + + + + + + + + +
FieldDescription
+webHookURLSecretKeySelector
+ + +SecretKeySelector + + +		 +

The web hook URL to Slack App

+
+
+

+Generated with gen-crd-api-reference-docs +on git commit fe81e5a. +

diff --git a/website/content/en/docs/Getting Started/latest/configuration.md b/website/content/en/docs/Getting Started/latest/configuration.md index 9fbf0bca..56b0e14d 100644 --- a/website/content/en/docs/Getting Started/latest/configuration.md +++ b/website/content/en/docs/Getting Started/latest/configuration.md @@ -106,7 +106,7 @@ podTemplate(label: label, Jenkins Seed Jobs are configured using `Jenkins.spec.seedJobs` section from your custom resource manifest: -``` +```yaml apiVersion: jenkins.io/v1alpha2 kind: Jenkins metadata: @@ -167,7 +167,7 @@ If key was generated by `ssh-keygen` the public key content is located in Jenkins default image details --- -**Jenkins Operator** is fully compatible with **`jenkins:lts`** Docker image and does not introduce any hidden changes to the upstream Jenkins. +**Jenkins Operator** is fully compatible with **`jenkins:lts`** Docker image and does not introduce any hidden changes +to the upstream Jenkins. However due to problems with plugins and images version compatibility we are using specific tags +in the exemplary Custom Resource, so you know a working configuration. If needed, the Docker image can be easily changed in custom resource manifest as long as it supports standard Jenkins file system structure. diff --git a/website/content/en/docs/Installation/Preview/_index.md b/website/content/en/docs/Installation/Preview/_index.md new file mode 100644 index 00000000..60f42ee0 --- /dev/null +++ b/website/content/en/docs/Installation/Preview/_index.md @@ -0,0 +1,881 @@ +--- +title: "Installation - Preview" +linkTitle: "Installation - Preview" +weight: 1 +date: 2020-10-05 +description: > + How to install Jenkins Operator +--- + +{{% pageinfo %}} +This document describes installation procedure for **Jenkins Operator**. +All container images can be found at [virtuslab/jenkins-operator](https://hub.docker.com/r/virtuslab/jenkins-operator) +{{% /pageinfo %}} + +## Requirements + +To run **Jenkins Operator**, you will need: +- access to a Kubernetes cluster version `1.17+` +- `kubectl` version `1.17+` + +## Configure Custom Resource Definition + +Install Jenkins Custom Resource Definition: + +```bash +kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/crds/jenkins_v1alpha2_jenkins_crd.yaml +``` + +## Deploy Jenkins Operator + +There are two ways to deploy the Jenkins Operator. + +### Using YAML's + +Apply Service Account and RBAC roles: + +```bash +kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/config/all-in-one-v1alpha2.yaml +``` + +Watch **Jenkins Operator** instance being created: + +```bash +kubectl get pods -w +``` + +Now **Jenkins Operator** should be up and running in the `default` namespace. + +### Using Helm Chart + +There is an option to use Helm to install the operator. It requires the Helm 3+ for deployment. + +Create a namespace for the operator: + +```bash +$ kubectl create namespace +``` + +To install, you need only to type these commands: + +```bash +$ helm repo add jenkins https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/chart +$ helm install jenkins/jenkins-operator -n +``` + +In case you want to use released Chart **v0.4.1**, before installing/upgrading please install additional CRD into the cluster: + +```bash +$ kubectl apply -f https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/chart/jenkins-operator/crds/jenkinsimage-crd.yaml +``` + +To add custom labels and annotations, you can use `values.yaml` file or pass them into `helm install` command, e.g.: + +```bash +$ helm install jenkins/jenkins-operator -n --set jenkins.labels.LabelKey=LabelValue,jenkins.annotations.AnnotationKey=AnnotationValue +``` +You can further customize Jenkins using `values.yaml`: +

Jenkins instance configuration +

+ + + + + + + + + + + + + + + + + +
FieldDefault valueDescription
+jenkins + +

operator is section for configuring operator deployment

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+enabled + +true + +Enabled can enable or disable the Jenkins instance. +Set to false if you have configured CR already and/or you want to deploy an operator only. +
+apiVersion +jenkins.io/v1alpha2 +Version of the CR manifest. The recommended and default value is jenkins.io/v1alpha2. +More info +
+name + +jenkins + +Name of resource. The pod name will be jenkins-<name> (name will be set as suffix). +
+namespace + +default + +Namespace the resources will be deployed to. It's not recommended to use default namespace. +Create new namespace for jenkins (e.g. kubectl create -n jenkins) +
+labels + +{} + +Labels are injected into metadata labels field. +
+annotations + +{} + +Annotations are injected into metadata annotations field. +
+image + +jenkins/jenkins:lts + +Image is the name (and tag) of the Jenkins instance. +It's recommended to use LTS (tag: "lts") version. +
+env + +[] + +Env contains jenkins container environment variables. +
+imagePullPolicy + +Always + +Defines policy for pulling images +
+priorityClassName + +"" + +PriorityClassName indicates the importance of a Pod relative to other Pods. +More info +
+disableCSRFProtection + +false + +disableCSRFProtection can enable or disable operator built-in CSRF protection. +Set it to true if you are using OpenShift Jenkins Plugin. +More info +
+imagePullSecrets + +[] + +Used if you want to pull images from private repository +More info +
+notifications + +[] + +Notifications is feature that notify user about Jenkins reconcilation status +More info +
+basePlugins + +
+- name: kubernetes
+  version: "1.25.2"
+- name: workflow-job
+  version: "2.39"
+- name: workflow-aggregator
+  version: "2.6"
+- name: git
+  version: "4.2.2"
+- name: job-dsl
+  version: "1.77"
+- name: configuration-as-code
+  version: "1.38"
+- name: kubernetes-credentials
+        -provider
+  version: "0.13"
+
+		 +Plugins installed and required by the operator +shouldn't contain plugins defined by user +You can change their versions here +More info +
+plugins + +[] + +Plugins required by the user. You can define plugins here. +More info +Example: +
+plugins:
+ - name: simple-theme-plugin
+   version: 0.5.1
+
+
+seedJobs + +[] + +Placeholder for jenkins seed jobs +For seed job creation tutorial, check:
Prepare seed jobs +
Configure seed jobs +
Example: + +
+seedJobs:
+- id: jenkins-operator
+  targets: "cicd/jobs/*.jenkins"
+  description: "Jenkins Operator repository"
+  repositoryBranch: master
+  repositoryUrl: 
+  - https://github.com/jenkinsci/kubernetes-operator.git
+
+ +
+resources + +
+limits:
+  cpu: 1500m
+  memory: 3Gi
+requests:
+  cpu: 1
+  memory: 500M
+
+		 +Resource limit/request for Jenkins +More info +
+volumes + +
+- name: backup
+  persistentVolumeClaim:
+    claimName: jenkins-backup
+
+		 +Volumes used by Jenkins +By default, we are only using PVC volume for storing backups. +
+volumeMounts + +[] + +volumeMounts are mounts for Jenkins pod. +
+securityContext + +runAsUser: 1000 +fsGroup: 1000 + +SecurityContext for pod. +
servicenot implementedHttp Jenkins service. See https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/schema/#github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Service for details.
slaveServicenot implementedSlave Jenkins service. See https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/schema/#github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Service for details.
+livenessProbe + +
+livenessProbe:
+  failureThreshold: 12
+  httpGet:
+    path: /login
+    port: http
+    scheme: HTTP
+  initialDelaySeconds: 80
+  periodSeconds: 10
+  successThreshold: 1
+  timeoutSeconds: 5
+
+		 +livenessProbe for Pod +
+readinessProbe + +
+readinessProbe:
+  failureThreshold: 3
+  httpGet:
+    path: /login
+    port: http
+    scheme: HTTP
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  successThreshold: 1
+  timeoutSeconds: 1
+
+		 +readinessProbe for Pod +
+ +backup + +

+ + +Backup + + +

+		 + +Backup is section for configuring operator's backup feature +By default backup feature is enabled and pre-configured +This section simplifies the configuration described here: Configure backup and restore +For customization tips see Custom backup and restore +
+configuration +

+ + +Configuration + + +

+		 +Section where we can configure Jenkins instance. +See Customization for details +
+
+ +### Configuring operator deployment + + + + + + + + + + + + + + + + + +
FieldDefault valueDescription
+ operator + +

operator is section for configuring operator deployment

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ replicaCount
+ 		+ 1 + + Number of Replicas. +
+ image + + virtuslab/jenkins-operator:v0.4.0 + + Name (and tag) of the Jenkins Operator image. +
+ imagePullPolicy + + IfNotPresent + + Defines policy for pulling images. +
+ imagePullSecrets + + [] + + Used if you want to pull images from private repository. +
+ nameOverride + + "" + + nameOverride overrides the app name. +
+ fullnameOverride + + "" + + fullnameOverride overrides the deployment name +
+ resources + + {} + +
+ nodeSelector + + {} + +
+ tolerations + + {} + +
+ affinity + + {} + +
+
+ + + +

Backup +

+

+(Appears on: +JenkinsConfiguration) +

+

+Backup defines configuration of Jenkins backup. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDefault valueDescription
+ enabled + + true + + Enabled is enable/disable switch for backup feature. +
+ image + + virtuslab/jenkins-operator-backup-pvc:v0.0.8 + + Image used by backup feature. +
+ containerName + + backup + + Backup container name. +
+ interval + + 30 + + Defines how often make backup in seconds. +
+ makeBackupBeforePodDeletion + + true + + When enabled will make backup before pod deletion. +
+ backupCommand + + /home/user/bin/backup.sh + + Backup container command. +
+ restoreCommand + + /home/user/bin/restore.sh + + Backup restore command. +
+ pvc + +

Persistent Volume Claim Kubernetes resource

+
+ + + + + + + + + + + + + + + + + + + + + + + +
+ enabled + + true + + Enable/disable switch for PVC +
+ enabled + + true + + Enable/disable switch for PVC +
+ size + + 5Gi + + Size of PVC +
+ className + + "" + + StorageClassName for PVC + More info +
+
+ env + +
+- name: BACKUP_DIR
+  value: /backup
+- name: JENKINS_HOME
+  value: /jenkins-home
+- name: BACKUP_COUNT
+  value: "3"
+
+ 		+ Contains container environment variables. + PVC backup provider handles these variables:
+ BACKUP_DIR - path for storing backup files (default: "/backup")
+ JENKINS_HOME - path to jenkins home (default: "/jenkins-home")
+ BACKUP_COUNT - define how much recent backups will be kept
+
+ volumeMounts + +
+- name: jenkins-home
+  mountPath: /jenkins-home
+- mountPath: /backup
+  name: backup
+
+ 		+ Holds the mount points for volumes. +
+ +

Configuration +

+

+ (Appears on: + Jenkins instance configuration) +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDefault valueDescription
+ configurationAsCode + + {} + + ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin. +Example:
+
+- configMapName: jenkins-casc
+  content: {}
+
+
+ groovyScripts + + {} + + GroovyScripts defines configuration of Jenkins customization via groovy scripts. + Example:
+
+- configMapName: jenkins-gs
+  content: {}
+
+
+ secretRefName + + "" + + secretRefName of existing secret (previously created). +
+ secretData + + {} + + If secretRefName is empty, secretData creates new secret and fills with data provided in secretData. +
+