From 603a4afbd1127ad2120ab1a5361eaf7f713afa60 Mon Sep 17 00:00:00 2001 From: Yevhen Kizin <84331044+ykizin@users.noreply.github.com> Date: Tue, 11 Jun 2024 18:51:31 +0300 Subject: [PATCH 1/2] Added priority class (#47) * Added priorityClassName value to helm chart * Updated short documentation in values file * Updated helm chart Readme --- stable/connector/Chart.yaml | 2 +- stable/connector/README.md | 57 +++++++++--------- stable/connector/templates/deployment.yaml | 3 + stable/connector/values.schema.json | 1 + stable/connector/values.yaml | 6 ++ test/golden/priority-class.golden.yaml | 68 ++++++++++++++++++++++ test/golden/priority-class.yaml | 6 ++ 7 files changed, 114 insertions(+), 29 deletions(-) create mode 100644 test/golden/priority-class.golden.yaml create mode 100644 test/golden/priority-class.yaml diff --git a/stable/connector/Chart.yaml b/stable/connector/Chart.yaml index ddda8a3..2cd0590 100644 --- a/stable/connector/Chart.yaml +++ b/stable/connector/Chart.yaml @@ -4,4 +4,4 @@ home: https://www.twingate.com description: Twingate Connector helm chart icon: https://www.twingate.com/twingate.png name: connector -version: 0.1.24 +version: 0.1.25 diff --git a/stable/connector/README.md b/stable/connector/README.md index b7ed765..03e2ad9 100644 --- a/stable/connector/README.md +++ b/stable/connector/README.md @@ -58,31 +58,32 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the Twingate chart and their default values. -| Parameter | Description | Default | -|-----------------------------------------|-----------------------------------------------------------------------------|---------------------------------------------------------| -| `connector.network` | The Twingate network name, eg. acme (required) | | -| `connector.url` | The Twingate service domain | `twingate.com` | -| `connector.accessToken` | Access Token (required unless `connector.existingSecret` is specified) | | -| `connector.refreshToken` | Refresh Token (required unless `connector.existingSecret` is specified) | | -| `connector.existingSecret` | The name of an existing secret to use for the access and refresh tokens | | -| `connector.logLevel` | Log Level - supported : [error, warning, info, debug] | `error` | -| `connector.logAnalytics` | Real-time connection logs (see https://www.twingate.com/docs/connector-real-time-logs) - supported : [v1, v2] | | -| `connector.dnsServer` | Custom DNS server | | -| `image.registry` | Twingate image registry | `docker.io` | -| `image.repository` | Twingate image name | `twingate/connector` | -| `image.tag` | Twingate image tag | `latest` | -| `image.pullPolicy` | Twingate image pull policy | `Always` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `nameOverride` | String to partially override twingate.fullname template | `nil` | -| `fullnameOverride` | String to fully override twingate.fullname template | `nil` | -| `icmpSupport.enabled` | Enable the ICMP securityContext. See more in values file | `false` | -| `affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) | -| `nodeSelector` | node labels for pod assignment | `{}` (The value is evaluated as a template) | -| `tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) | -| `resources` | Resource requests and limits | `{}` (The value is evaluated as a template) | -| `additionalLabels` | Additional labels for the deployment | `{}` (The value is evaluated as a template) | -| `podAnnotations` | Map of annotations to add to pods | `{}` | -| `podDnsPolicy` | Optional pod [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy) | | -| `podDnsConfig` | Optional pod [DNS configurations](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-config) | | -| `env` | Additional environment variables for the deployment | `{}` (The value is evaluated as a template) | -| `hostNetwork` | Enable/Disable host network for the pod | `false` (Disabled by default) | +| Parameter | Description | Default | +|-----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `connector.network` | The Twingate network name, eg. acme (required) | | +| `connector.url` | The Twingate service domain | `twingate.com` | +| `connector.accessToken` | Access Token (required unless `connector.existingSecret` is specified) | | +| `connector.refreshToken` | Refresh Token (required unless `connector.existingSecret` is specified) | | +| `connector.existingSecret` | The name of an existing secret to use for the access and refresh tokens | | +| `connector.logLevel` | Log Level - supported : [error, warning, info, debug] | `error` | +| `connector.logAnalytics` | Real-time connection logs (see https://www.twingate.com/docs/connector-real-time-logs) - supported : [v1, v2] | | +| `connector.dnsServer` | Custom DNS server | | +| `image.registry` | Twingate image registry | `docker.io` | +| `image.repository` | Twingate image name | `twingate/connector` | +| `image.tag` | Twingate image tag | `latest` | +| `image.pullPolicy` | Twingate image pull policy | `Always` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `nameOverride` | String to partially override twingate.fullname template | `nil` | +| `fullnameOverride` | String to fully override twingate.fullname template | `nil` | +| `icmpSupport.enabled` | Enable the ICMP securityContext. See more in values file | `false` | +| `affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) | +| `priorityClassName` | String to added priorityClass for pod assignment | `nil` | +| `nodeSelector` | node labels for pod assignment | `{}` (The value is evaluated as a template) | +| `tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) | +| `resources` | Resource requests and limits | `{}` (The value is evaluated as a template) | +| `additionalLabels` | Additional labels for the deployment | `{}` (The value is evaluated as a template) | +| `podAnnotations` | Map of annotations to add to pods | `{}` | +| `podDnsPolicy` | Optional pod [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy) | | +| `podDnsConfig` | Optional pod [DNS configurations](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-config) | | +| `env` | Additional environment variables for the deployment | `{}` (The value is evaluated as a template) | +| `hostNetwork` | Enable/Disable host network for the pod | `false` (Disabled by default) | diff --git a/stable/connector/templates/deployment.yaml b/stable/connector/templates/deployment.yaml index a5eade7..67a9194 100644 --- a/stable/connector/templates/deployment.yaml +++ b/stable/connector/templates/deployment.yaml @@ -96,6 +96,9 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} {{- with .Values.podDnsPolicy }} dnsPolicy: {{ . }} {{- end }} diff --git a/stable/connector/values.schema.json b/stable/connector/values.schema.json index 9920aa2..2574883 100644 --- a/stable/connector/values.schema.json +++ b/stable/connector/values.schema.json @@ -145,6 +145,7 @@ "nodeSelector": {}, "tolerations": [], "affinity": {}, + "priorityClassName": "", "env": {}, "icmpSupport": { "enabled": false diff --git a/stable/connector/values.yaml b/stable/connector/values.yaml index 0131581..40afcd7 100644 --- a/stable/connector/values.yaml +++ b/stable/connector/values.yaml @@ -47,6 +47,12 @@ tolerations: [] ## affinity: {} +### priorityClassName for pod assignment +### Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +### Note: priorityClassName will be ignored if it's set +## +priorityClassName: "" + ## Extra environment variables that will be pass onto connector pod ## ## env: diff --git a/test/golden/priority-class.golden.yaml b/test/golden/priority-class.golden.yaml new file mode 100644 index 0000000..cf9e148 --- /dev/null +++ b/test/golden/priority-class.golden.yaml @@ -0,0 +1,68 @@ +--- +# Source: connector/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: test-connector + labels: + app.kubernetes.io/name: connector + helm.sh/chart: connector-major.minor.patch-test + app.kubernetes.io/instance: test + app.kubernetes.io/version: "latest" + app.kubernetes.io/managed-by: Helm +type: Opaque +data: + TWINGATE_ACCESS_TOKEN: "QUNDRVNTX1RPS0VO" + TWINGATE_REFRESH_TOKEN: "UkVGUkVTSF9UT0tFTg==" +--- +# Source: connector/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test-connector + labels: + app.kubernetes.io/name: connector + helm.sh/chart: connector-major.minor.patch-test + app.kubernetes.io/instance: test + app.kubernetes.io/version: "latest" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: connector + app.kubernetes.io/instance: test + template: + metadata: + labels: + app.kubernetes.io/name: connector + app.kubernetes.io/instance: test + spec: + containers: + - name: connector + image: "twingate/connector:1" + imagePullPolicy: Always + envFrom: + - secretRef: + name: test-connector + optional: false + env: + - name: TWINGATE_LABEL_DEPLOYED_BY + value: helm + - name: TWINGATE_LABEL_HELM_CHART + value: connector-major.minor.patch-test + - name: TWINGATE_URL + value: "https://test-tenant.twingate.com" + - name: TWINGATE_LOG_LEVEL + value: "3" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsNonRoot: true + runAsUser: 65532 + resources: + requests: + cpu: 50m + memory: 200Mi + priorityClassName: "system-cluster-critical" diff --git a/test/golden/priority-class.yaml b/test/golden/priority-class.yaml new file mode 100644 index 0000000..47e619e --- /dev/null +++ b/test/golden/priority-class.yaml @@ -0,0 +1,6 @@ +priorityClassName: "system-cluster-critical" + +connector: + network: "test-tenant" + accessToken: "ACCESS_TOKEN" + refreshToken: "REFRESH_TOKEN" From 6d1d381176bf3d82c79970c0bb308140880aacdb Mon Sep 17 00:00:00 2001 From: twingate-build-bot Date: Tue, 11 Jun 2024 15:53:12 +0000 Subject: [PATCH 2/2] publish 378 --- index.yaml | 181 ++++++++++++++++++++++++++++++++++ packages/connector-0.1.25.tgz | Bin 0 -> 5466 bytes 2 files changed, 181 insertions(+) create mode 100644 index.yaml create mode 100644 packages/connector-0.1.25.tgz diff --git a/index.yaml b/index.yaml new file mode 100644 index 0000000..140926e --- /dev/null +++ b/index.yaml @@ -0,0 +1,181 @@ +apiVersion: v1 +entries: + connector: + - apiVersion: v1 + appVersion: latest + created: "2024-06-11T15:53:12.408518685Z" + description: Twingate Connector helm chart + digest: 93d3ace13a3becd36bff707235ca9c7948382c3a67a7cd096a186b048bf78163 + home: https://www.twingate.com + icon: https://www.twingate.com/twingate.png + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.25.tgz + version: 0.1.25 + - apiVersion: v1 + appVersion: latest + created: "2024-06-11T05:40:02.441706024Z" + description: Twingate Connector helm chart + digest: a734031f6421083fc63ace53924ed349a88f1016123773b10b6c43f1de1ebcc5 + home: https://www.twingate.com + icon: https://www.twingate.com/twingate.png + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.24.tgz + version: 0.1.24 + - apiVersion: v1 + appVersion: latest + created: "2023-12-20T18:03:46.812556341Z" + description: Twingate Connector helm chart + digest: 859f8b9be9e6129f3c7fdcf197129525e5dd83c9d396744a501af0aecf8d17f1 + home: https://www.twingate.com + icon: https://www.twingate.com/twingate.png + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.23.tgz + version: 0.1.23 + - apiVersion: v1 + appVersion: latest + created: "2023-09-11T17:05:07.861777017Z" + description: Twingate Connector helm chart + digest: 1f13149b70ce886d1670c005a0853be581e68e81553e32cbdc32e70e4df02b03 + home: https://www.twingate.com + icon: https://www.twingate.com/twingate.png + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.22.tgz + version: 0.1.22 + - apiVersion: v1 + appVersion: latest + created: "2023-09-07T23:29:24.322329463Z" + description: Twingate Connector helm chart + digest: 0ef16e163ef90d9e6b523279df00b88307fbb77504bfacdf1584c9d3c67728c0 + home: https://www.twingate.com + icon: https://www.twingate.com/twingate.png + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.21.tgz + version: 0.1.21 + - apiVersion: v1 + appVersion: latest + created: "2023-08-25T05:01:00.702065089Z" + description: Twingate Connector helm chart + digest: 926016f8e52026a1c3b450c7b4dc0660c6909e469383d7e6c5655d0d21de698f + home: https://www.twingate.com + icon: https://www.twingate.com/twingate.png + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.20.tgz + version: 0.1.20 + - apiVersion: v1 + appVersion: latest + created: "2023-08-14T22:49:08.358363332Z" + description: Twingate Connector helm chart + digest: 57a15f0b7533ca8c9ff8e3a180defbeb12c314716c1871cfcfd6ef6cb5e6252c + home: https://www.twingate.com + icon: https://www.twingate.com/twingate.png + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.19.tgz + version: 0.1.19 + - apiVersion: v1 + appVersion: latest + created: "2023-07-31T15:59:00.114856576Z" + description: Twingate Connector helm chart + digest: 79b863c61e8f6766cc7611dd3017ecb82a92d935b647357799ddea00791d37f7 + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.18.tgz + version: 0.1.18 + - apiVersion: v1 + appVersion: latest + created: "2023-07-28T22:01:46.580635997Z" + description: Twingate Connector helm chart + digest: 9ec38e5396d8ea804daa923500969ee25ed4dd6325b8eebd30f6eb9c8cdd34f4 + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.17.tgz + version: 0.1.17 + - apiVersion: v1 + appVersion: latest + created: "2023-06-05T01:45:14.85107974Z" + description: Twingate Connector helm chart + digest: 2728c6bcc9e8f9f79c38da06935a554e7f23575c1d1f9da882c7e08f3404aeb3 + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.16.tgz + version: 0.1.16 + - apiVersion: v1 + appVersion: latest + created: "2023-05-30T15:42:08.25908964Z" + description: Twingate Connector helm chart + digest: 0bdd619a0a66c6c12167717fa9f9ae143e3367e9fee9ac83e3f1d2a964caada7 + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.15.tgz + version: 0.1.15 + - apiVersion: v1 + appVersion: latest + created: "2023-05-15T22:24:13.815966128Z" + description: Twingate Connector helm chart + digest: edb9b79c6bd250fa82c17ad1023472a45aa023bb4c0bbf808bab0f065952007f + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.14.tgz + version: 0.1.14 + - apiVersion: v1 + appVersion: latest + created: "2022-10-03T21:00:38.668519433Z" + description: Twingate Connector helm chart + digest: cd667b14eede671eb1fd4fe22b716c2ce2ee68104c9c5be01181dec486af7100 + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.13.tgz + version: 0.1.13 + - apiVersion: v1 + appVersion: latest + created: "2022-07-06T17:41:51.672421099Z" + description: Twingate Connector helm chart + digest: bb3e01cadf2123eead1ac0c6efc69e08e80612535c49fe737b151bad8210b840 + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.12.tgz + version: 0.1.12 + - apiVersion: v1 + appVersion: latest + created: "2022-07-06T17:14:04.135784651Z" + description: Twingate Connector helm chart + digest: 8b3682202a5c7f18812e324cc876355c99e6dba888ee435b0e7fbd3822612682 + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.11.tgz + version: 0.1.11 + - apiVersion: v1 + appVersion: latest + created: "2021-12-15T20:45:25.693118238Z" + description: Twingate Connector helm chart + digest: 38f00e914b99e661c2b60d4bdc9b1be6a818920b2daaeec15ea25d46b076e48d + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.10.tgz + version: 0.1.10 + - apiVersion: v1 + appVersion: latest + created: "2021-12-09T04:58:11.393000932Z" + description: Twingate Connector helm chart + digest: 6608e29b7c9e5499947c08c62ebecd44dc66721398fcc8248deb6b3aaf649ccb + home: https://www.twingate.com + name: connector + urls: + - https://twingate.github.io/helm-charts/packages/connector-0.1.9.tgz + version: 0.1.9 +generated: "2024-06-11T15:53:12.407865292Z" diff --git a/packages/connector-0.1.25.tgz b/packages/connector-0.1.25.tgz new file mode 100644 index 0000000000000000000000000000000000000000..083c38c0dc23a9bf301277d4e2cdc6faa84400b3 GIT binary patch literal 5466 zcmV-g6{YGQiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKD1a@;nuaDMYC`lGV7me-t%Zr)6N*($B2Y+S3zE=$Q)N~^LU zvWJ711Q-Aud5%Ws*-ruBeaM-SG**uH2tRBM3G@x!jRw#Fea;yAii`f62@$F{BXRW2 zhRa|u7#!^Fng0iaLG%B?&g;Q9!@Yyuox$tj?*8DL!EkqYu=@=RHcd!dNu?svg~Qk+9HVM1v}{)0yT}4SK`g&c5?U%k4jZZC;j{feMcINQ9FsIsVEZ4&Tv%)FIa_c(p%SPB0>2*qbmEP< zh>21dz?ep;D;%L85rHrzf|Bb9B`6Np2nmrA1E5TCnDJDA!Z|ECoI4-@#B)#qh-2a5a_zF>Yi+-uWiiFbH+Hwq}kpmzw;gTvYW+Pav?*J$gj$r5j zBxw}A=MnX1BRGt1$V?hCkC|qwe?+DJA0}KXV5n}m_+$j7CI|@+G*bQU)V>S`5Eej0W2)qW6h5WbC>UxnQr-`^FZ-!P;e{y; zG-q*=D)dAKQuZ}r#V;!ni$wno;3w$__6M=~5o2rwwKEv}L=9<&K|rn)4$}B0h_esXt4IQIUWsqEV8f;fZNCg4;U-G2y`>V_XsaR>JXTB?yqp6D^ri zC9G&yiooa0$3)3KpQ4yjyy zeAa6~q@*F!Y}@`@yMHufPa4paGebiaSwVr~5sFM8=as)7MnEAQpR+LyQwy!H2xZD6 zEbvNnhNKGi5nNmvipY3O8CA2*l3;;&2@gCihyGTM#*jsrqF(+)V>#stM@EIRhwlYS zRIjX7DcXFj?a1_I{RQ06DAGQPhKvgg;AVmhsMcYL%BXKvKktw&NCf4As@a=}NO?+P zY!}3XC80%-zX4qb2;`2er$PTL5jcxxn(G-)b1$p(fF)Z)qxiZW(&Di%OX!WArkb4LN6sKqAR2qaQ{|Jy@RjePmuL`$Q<}M=1N> z4R?pT2fMq2@AeM9^L{q+@D%s7^gL1w3SJ_(LSJFvUC+E6riW8xo|^D9oOo1uK4IRq z9!ZEl!NB9p<7$G!OSn+dGlQ%jCueD*ALzlv%0I}4KGXZ9A3qdfs`bo_&V?!&HPPx5 z@$dwv7>&S1A-HhOQfmQ86=mTW`U2GmTxtFQJ^QdV0w&K;Oi}2UJjPzYq%;q7H@IK@JY*sMm;MA}()&$v zwkaITS7QdI09sCZw_BwF9ssFX@j7B(=nQ0sP8sZm{GZYRBHg`Y{BM23Nj z)*2S}!ZgTjt$exg^llNat4P=_56{3y;Gdx`f6Ky z(sU5jPF!X7ZMM^C6T?;An9HM1UP*t2Qn#|U(Cr+rIggOAZtrL!vn~gDytqoinGW{d zR*EXo-xqV&C5jHGE%5i03JhBH&dnmyx_~e5>GyLWE6uK5`YlYi^g=uT8R|`VAsdso zz1gt6l;T=M*`eE|Eqx(9DyOdPTGTyE-PSbB&FsQ`1#V^bp?_AV8t!F_2k(YdpMkiS zcaKund?vNQVZzSHR(Soq7PvP=FaubR>0_?{5AZq--L7%D)>k?Gc~`A9Iz~J^WF(p? z>bHyKVT`Zjc{+NLumaoi4cP z`Lr)u>OkBv=WR9WR_j(5)9kijTcd{6xV81QtXXFO;8aA?A&RcWfP2Q|?eX}ESiC#< zZiH`cvAfnrsNHL8AFBN%)tL7Oahq`MW}L2Iw&NOtY^Afg>DCC0-1>G`^KEq_s`;+6 zBc!|NvWhg@Dp^3*+#5IbLpWCDe+?G$KlTpx_ny~(pQ5z&|HlbN2@2U$$wpFv zR`mbQ{{FDh|NHv~JJ0?96y^4|{}QG&9)Uz<(t31I^?j_x;!kh{FZ*|Qj;`e#e@+Ms z%x*3tF#;c(zq4eateyt}jwwTMebzJEXyBDEOrlZGW}2Ek?A|YS*GboWH$@?6fG`Io zQs%?KuKAP3XX$uMKZEO)z>o#zZ%f)6fkYvY0>?Owq8a?2l8BBe20)U;5Z!bBg%-N0 zuQU$LfP`!GNh%Q}k82yjhSf2}D3Cw|+RPlxa$u;07uPeJ40C#>>rxhiOwix%Id8`x zFhU|TdHI|vLYcG@v(IR`*`7*Grvze%&!}yas(xLUEFBku%wHD5%leuq}*EQDa8^gdV#*~SH}wWs$cFcFlgF}Qz{-k+q~fM)UDN5#7SuBl$7PqmR` zX>7VbO}}PJVr!XvqV~Qu72Hlvs)DwEXW6~F}K4ia)~vlg(h?OJ>{wZt3}ibB_@o7CX1p@lb#h)zt&!h>yLKy9i?sj4~o3L z&13_w82?`nULQ2Z|AXD(bN>I6lxqGzNfOzg4xLYw1*1xKr<3P)jvRniBQJ*}W4@62 zkdf1aNdc#kLtF~HlFQplM;pQhvRp?Nn60c$^zx0l0<%OvHH#gbDg3NT>{(J@`M}G} zr!)PrvP58307l>r0Ct9ZulN4Cd$9M~ZKJwDYh}Tzq_LKsu0)D$fFKXgP_z(Tj+RZ$ z0GnGg0$10`MW!G1D(NeCccX>ZiiB`?=Qbg|ucYHIw5jAI)M!99{Xy_}R9j~8z^3$l z!0~8tTdpp+Vl3=6maXp=Q%y>dJfLwAu`UC=)W5dCt9D~qcw%jCaYxpq@76_Sai9O| z?dd-b&yPQz9RB_Ize?nTG1HZXG~B9-sX5@y(BiAI{t1EQtq~ zLjU>0NjtzImF@Nx^8HtEbJH-fda*6r(vPgLpA7x0sbQJ2l{*Qm zI6XQ&>)^DNz$)N2YFbogvFqObRhbOM9L23DQ6!zSCzrG_WEauVgv{K`@1`p zm$kE6btW6pR8g}M)eLt^F)V~lwPQ_1wc7ckwWFrhL0WNOs0`2YLp2YL%@%M}k4Y71 zs;8G8gQ;SHizjaiY%OPODrU9Vu%X0jgt|veHe;P2e`Jx}57--X?x+ULK6;R}{^;53 zb9roOTmP{U^X5*1uUP*X4hH+p{hz(T^Zw71l+4#Lu2#=v?5c0=z6iTiWZ(a1EEB0& zf+KjBkl#~ua&C&a>hR5*bQKD20NV%N=a@+Y|BEDUAZkLP&`JiG(PN3qhn^2$diw7)209{MxRZQx?7g zfqFhQMM#L6RGt$SI9tFlG|@S{NCb}QXAEqV`v10j@Qy_@;LNntBte1#BFeDm^p4Ix zo+&QS*@A4F@|QPf5KtkVUPx8n{AR#DnVeZr?y$*V}3hM%mZ!7H(W%4z53@ZQ-TMnxdX*6p>2p_cZwzS`-z;HiKb1_laPW0EFf2y+9L- zNvcpfj#o`18uo@ee{no3+MV9uFPSW)B2koM%S3+8f!Y_9q!HsKl{qg^$tk*uXI}Q; zYUDUqS69X-JKx%C*#supjXk+Eb54r>3#roLq}(v)8DuhVpC+Lo0fOh{1eN$&Zd3w~ z!G)$vCd9`}__tXv@H~kM7S`3jzsUaRs#gh6uWiBd+W% zHb0v>gu!t(ugfNG##rs_rC*y`NXPj=RB-`HLZq~G!BuNFU76gctM)FrdSxzZiOCES z!KXC9S}Gx7#bJ?b%Px~no-n2+Tw;Dp*_4thp87=fs^>Vz_Dn$r%9_TE#L+z`u<^{Z z5bifGG}q45Qoyf?#DhIRrUQgv=~T}&u4jWcTN`!OJ<4d82TAi+{Qx6WR@hZ{QE`wh zo+H4Tt=ILbFsIy@jPswOgxqIUjflqyXULQUA|>}JQF+i;dN&Qj(kZJ>F7vB}!C0hY z9!31duxt)3m!?%%rhZ(pvn*A$F!d6tnjjU0WoLJwIL^F83d_qJj>-!%SJd5nnHSgh z-MghT_tq`z*ZdOY;n?TSyy_*g@#d;SlIK+oVU=CtSAby;h#w=o$QN6-H_&-C>N1BbdmYxjolb?vG68hme$*`>v3V3< zyv*Uso+p1Sk9J(_05gX(GmOu`8irTcW91G@X%3VzAVQFhaz2Nvi_0r`5pa}d^Oyud zRo0dUv!`IEnHWIA1G#N^tey^ABBeQ;nVTInn1l#LNfgb1=f}#5(IVehE>h?>#UrCj zqUj|qHIL1McAdIf@@P*jJ{5oPcph8Q;@ii^%1yv;-~9BxnW5J+cizTaAW&A^L{FoQ zFsl24L~@y;E#omyTwBq64nL7ZhpOf(YjZWUZAkH9A?W=mg{#}UD|n$}W}7cbC7}Mx zthShArMdFdqkhBVLZ(`$&na}31cA2cYQvUGu{X@)V|2Be>bTVBu%&mtKZb)fD1BT% zR0D_GN`H%i*K@v6-*bId&|5q9LCTSGK?Yck)<2 z$F*eMk@?l?XClh)Q0SoIOEFmT_>h(vk3|CSQlIlKJEmg{@j_1{ZM1s1?6UddV*=Si zp7gR+OUlB2z@+)ILiVn|r6uLrryBBh1^Yuwg-4r2d`}*08)@=O@MUPSNMYF`AB=LoDf_-cC7hPoQ?6-;4zEkUL3W2%wbu}uP7?qW&gw7X8zyn-NEzy zA5T(N*nj;qJJpO9*ID?)PR)|P{!iolpC~o^Hw(BPWy(_|+>r6FGyd;2zyEWvxBEQ) zKS|lpw=$pI$X8lg?BCv|y+IeS+WucR$N%B}{<~9|HaVNO8|rb0PkhtQ2+n{ literal 0 HcmV?d00001