From 5f7d7012847074c51524692fa77ff62f50d64127 Mon Sep 17 00:00:00 2001
From: David van der Spek <vanderspek.david@gmail.com>
Date: Tue, 5 Sep 2023 14:40:40 +0200
Subject: [PATCH] feat: squash of capi working branch commits

---
 .github/workflows/cluster-chart-unit-test.yml |   27 +
 .../charts/cluster-api-bootstrap-0.1.2.tgz    |  Bin 0 -> 51085 bytes
 .../helm/cluster-api-cluster/.helmignore      |   24 +
 bootstrap/helm/cluster-api-cluster/Chart.yaml |    6 +
 bootstrap/helm/cluster-api-cluster/README.md  |    3 +
 bootstrap/helm/cluster-api-cluster/deps.yaml  |    7 +
 .../templates/_helpers.tpl                    |  237 +++
 .../templates/aws/_helpers.tpl                |  100 ++
 .../templates/aws/cluster.yaml                |   17 +
 .../templates/aws/control-plane.yaml          |   84 +
 .../templates/aws/machinepools.yaml           |   22 +
 .../templates/azure/_helpers.tpl              |  112 ++
 .../azure/bootstrap-cluster-identity.yaml     |   62 +
 .../azure/cluster-workload-identity.yaml      |   16 +
 .../templates/azure/cluster.yaml              |    9 +
 .../templates/azure/control-plane.yaml        |   65 +
 .../templates/azure/machine-pools.yaml        |   22 +
 .../templates/cluster.yaml                    |   24 +
 .../templates/gcp/_helpers.tpl                |   73 +
 .../templates/gcp/cluster.yaml                |   42 +
 .../templates/gcp/control-plane.yaml          |   23 +
 .../templates/gcp/machinepools.yaml           |   25 +
 .../templates/kind/cluster.yaml               |    9 +
 .../templates/kind/control-plane.yaml         |   45 +
 .../templates/kind/kubeadm-config.yaml        |   13 +
 .../templates/kind/machine-pools.yaml         |   24 +
 .../tests/aws_cluster_test.yaml               |   23 +
 .../tests/aws_control_plane_test.yaml         |   43 +
 .../tests/aws_machinepools_test.yaml          |  156 ++
 .../tests/azure_cluster_identity_test.yaml    |  101 ++
 .../helm/cluster-api-cluster/values.yaml      |  699 ++++++++
 .../helm/cluster-api-cluster/values.yaml.tpl  |   61 +
 .../cluster-api-control-plane-0.1.2.tgz       |  Bin 0 -> 55697 bytes
 .../charts/cluster-api-core-0.1.3.tgz         |  Bin 0 -> 51877 bytes
 .../helm/cluster-api-operator/.helmignore     |   23 +
 .../helm/cluster-api-operator/Chart.lock      |    6 +
 .../helm/cluster-api-operator/Chart.yaml      |   10 +
 bootstrap/helm/cluster-api-operator/README.md |    3 +
 .../charts/cluster-api-operator-0.2.0.tgz     |  Bin 0 -> 42860 bytes
 ...approviders.operator.cluster.x-k8s.io.yaml | 1475 ++++++++++++++++
 ...neproviders.operator.cluster.x-k8s.io.yaml | 1477 +++++++++++++++++
 ...reproviders.operator.cluster.x-k8s.io.yaml | 1475 ++++++++++++++++
 ...reproviders.operator.cluster.x-k8s.io.yaml | 1477 +++++++++++++++++
 bootstrap/helm/cluster-api-operator/deps.yaml |    7 +
 .../templates/_helpers.tpl                    |   99 ++
 .../templates/bootstrap-provider.yaml         |    6 +
 .../templates/control-plane-provider.yaml     |    6 +
 .../templates/core-provider.yaml              |    6 +
 .../infrastructure-provider-aws.yaml          |   21 +
 .../templates/secret.yaml                     |   22 +
 .../templates/wait-for-provider.yaml          |   31 +
 .../helm/cluster-api-operator/values.yaml     |   32 +
 .../helm/cluster-api-operator/values.yaml.tpl |   13 +
 .../helm/cluster-api-provider-aws/.helmignore |   23 +
 .../helm/cluster-api-provider-aws/Chart.lock  |    6 +
 .../helm/cluster-api-provider-aws/Chart.yaml  |   10 +
 .../helm/cluster-api-provider-aws/README.md   |    3 +
 .../charts/cluster-api-provider-aws-0.1.9.tgz |  Bin 0 -> 76423 bytes
 .../helm/cluster-api-provider-aws/deps.yaml   |    7 +
 .../templates/_helpers.tpl                    |   62 +
 .../templates/job.yaml                        |   64 +
 .../helm/cluster-api-provider-aws/values.yaml |   30 +
 .../cluster-api-provider-aws/values.yaml.tpl  |    3 +
 .../cluster-api-provider-docker-0.1.0.tgz     |  Bin 0 -> 9396 bytes
 .../cluster-api-provider-docker/values.yaml   |    1 -
 .../helm/cluster-api-provider-gcp/.helmignore |   23 +
 .../helm/cluster-api-provider-gcp/Chart.lock  |    6 +
 .../helm/cluster-api-provider-gcp/Chart.yaml  |   10 +
 .../helm/cluster-api-provider-gcp/README.md   |    3 +
 .../charts/cluster-api-provider-gcp-0.1.4.tgz |  Bin 0 -> 17559 bytes
 .../helm/cluster-api-provider-gcp/deps.yaml   |    7 +
 .../cluster-api-provider-gcp/scripts/Makefile |   21 +
 .../templates/_helpers.tpl                    |   62 +
 .../templates/gcpcluster-crd.yaml             |  597 +++++++
 .../templates/gcpclustertemplate-crd.yaml     |  303 ++++
 .../templates/gcpmachine-crd.yaml             |  561 +++++++
 .../templates/gcpmachinetemplate-crd.yaml     |  446 +++++
 .../templates/gcpmanagedcluster-crd.yaml      |  274 +++
 .../templates/gcpmanagedcontrolplane-crd.yaml |  160 ++
 .../templates/gcpmanagedmachinepool-crd.yaml  |  183 ++
 .../templates/job.yaml                        |   64 +
 .../helm/cluster-api-provider-gcp/values.yaml |   26 +
 .../cluster-api-provider-gcp/values.yaml.tpl  |    4 +
 .../recipes/aws-cluster-api-simple-test.yaml  |   35 +
 .../azure-cluster-api-simple-test.yaml        |   37 +
 .../docker-cluster-api-simple-test.yaml       |   26 +
 .../recipes/gcp-cluster-api-simple-test.yaml  |   33 +
 .../aws-lb-controller.tf                      |  261 +++
 .../aws-bootstrap-cluster-api/capa-sa.tf      |  369 ++++
 .../aws-bootstrap-cluster-api/certmanager.tf  |   39 +
 .../aws-bootstrap-cluster-api/data.tf         |    1 +
 .../aws-bootstrap-cluster-api/deps.yaml       |   24 +-
 .../ebs-csi-driver.tf                         |  178 ++
 .../aws-bootstrap-cluster-api/existing.tf     |   24 +
 .../irsa-autoscaler.tf                        |   63 +
 .../irsa-externaldns.tf                       |   40 +
 .../aws-bootstrap-cluster-api/irsa.tf         |    6 +
 .../aws-bootstrap-cluster-api/locals.tf       |   12 +
 .../aws-bootstrap-cluster-api/main.tf         |  161 +-
 .../aws-bootstrap-cluster-api/output.tf       |   66 +
 .../s3-vpc-endpoint.tf                        |   12 +
 .../terraform.tfvars                          |   43 +-
 .../aws-bootstrap-cluster-api/variables.tf    |  376 ++++-
 .../azure-bootstrap-cluster-api/deps.yaml     |   23 +
 .../azure-bootstrap-cluster-api/locals.tf     |    3 +
 .../azure-bootstrap-cluster-api/main.tf       |  214 +++
 .../azure-bootstrap-cluster-api/moved.tf      |   34 +
 .../azure-bootstrap-cluster-api/outputs.tf    |   33 +
 .../terraform.tfvars                          |   31 +
 .../azure-bootstrap-cluster-api/variables.tf  |  635 +++++++
 .../gcp-bootstrap-cluster-api/README.md       |    3 +
 .../gcp-bootstrap-cluster-api/deps.yaml       |    7 +-
 .../gcp-bootstrap-cluster-api/locals.tf       |    8 +
 .../gcp-bootstrap-cluster-api/main.tf         |  180 +-
 .../gcp-bootstrap-cluster-api/moved.tf        |   51 +
 .../gcp-bootstrap-cluster-api/network.tf      |   28 +
 .../gcp-bootstrap-cluster-api/outputs.tf      |   12 +
 .../gcp-bootstrap-cluster-api/services.tf     |   77 +
 .../terraform.tfvars                          |   25 +-
 .../gcp-bootstrap-cluster-api/variables.tf    |  363 ++++
 .../kind-bootstrap-cluster-api/README.md      |    3 +
 .../kind-bootstrap-cluster-api/deps.yaml      |   13 +
 .../kind-bootstrap-cluster-api/main.tf        |    2 +
 .../kind-bootstrap-cluster-api/outputs.tf     |    8 +
 .../terraform.tfvars                          |    1 +
 .../kind-bootstrap-cluster-api/variables.tf   |    7 +
 .../kind-bootstrap-cluster-api/versions.tf    |    9 +
 127 files changed, 14881 insertions(+), 17 deletions(-)
 create mode 100644 .github/workflows/cluster-chart-unit-test.yml
 create mode 100644 bootstrap/helm/cluster-api-bootstrap/charts/cluster-api-bootstrap-0.1.2.tgz
 create mode 100644 bootstrap/helm/cluster-api-cluster/.helmignore
 create mode 100644 bootstrap/helm/cluster-api-cluster/Chart.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/README.md
 create mode 100644 bootstrap/helm/cluster-api-cluster/deps.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/_helpers.tpl
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/aws/_helpers.tpl
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/aws/cluster.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/aws/control-plane.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/aws/machinepools.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/azure/_helpers.tpl
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/azure/bootstrap-cluster-identity.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/azure/cluster-workload-identity.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/azure/cluster.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/azure/control-plane.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/azure/machine-pools.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/cluster.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/gcp/_helpers.tpl
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/gcp/cluster.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/gcp/control-plane.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/gcp/machinepools.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/kind/cluster.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/kind/control-plane.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/kind/kubeadm-config.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/templates/kind/machine-pools.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/tests/aws_cluster_test.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/tests/aws_control_plane_test.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/tests/aws_machinepools_test.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/tests/azure_cluster_identity_test.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/values.yaml
 create mode 100644 bootstrap/helm/cluster-api-cluster/values.yaml.tpl
 create mode 100644 bootstrap/helm/cluster-api-control-plane/charts/cluster-api-control-plane-0.1.2.tgz
 create mode 100644 bootstrap/helm/cluster-api-core/charts/cluster-api-core-0.1.3.tgz
 create mode 100644 bootstrap/helm/cluster-api-operator/.helmignore
 create mode 100644 bootstrap/helm/cluster-api-operator/Chart.lock
 create mode 100644 bootstrap/helm/cluster-api-operator/Chart.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/README.md
 create mode 100644 bootstrap/helm/cluster-api-operator/charts/cluster-api-operator-0.2.0.tgz
 create mode 100644 bootstrap/helm/cluster-api-operator/crds/bootstrapproviders.operator.cluster.x-k8s.io.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/crds/controlplaneproviders.operator.cluster.x-k8s.io.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/crds/coreproviders.operator.cluster.x-k8s.io.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/crds/nfrastructureproviders.operator.cluster.x-k8s.io.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/deps.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/templates/_helpers.tpl
 create mode 100644 bootstrap/helm/cluster-api-operator/templates/bootstrap-provider.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/templates/control-plane-provider.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/templates/core-provider.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/templates/infrastructure-provider-aws.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/templates/secret.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/templates/wait-for-provider.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/values.yaml
 create mode 100644 bootstrap/helm/cluster-api-operator/values.yaml.tpl
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/.helmignore
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/Chart.lock
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/Chart.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/README.md
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/charts/cluster-api-provider-aws-0.1.9.tgz
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/deps.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/templates/_helpers.tpl
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/templates/job.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/values.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-aws/values.yaml.tpl
 create mode 100644 bootstrap/helm/cluster-api-provider-docker/charts/cluster-api-provider-docker-0.1.0.tgz
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/.helmignore
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/Chart.lock
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/Chart.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/README.md
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/charts/cluster-api-provider-gcp-0.1.4.tgz
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/deps.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/scripts/Makefile
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/templates/_helpers.tpl
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/templates/gcpcluster-crd.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/templates/gcpclustertemplate-crd.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachine-crd.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachinetemplate-crd.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcluster-crd.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcontrolplane-crd.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedmachinepool-crd.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/templates/job.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/values.yaml
 create mode 100644 bootstrap/helm/cluster-api-provider-gcp/values.yaml.tpl
 create mode 100644 bootstrap/plural/recipes/aws-cluster-api-simple-test.yaml
 create mode 100644 bootstrap/plural/recipes/azure-cluster-api-simple-test.yaml
 create mode 100644 bootstrap/plural/recipes/docker-cluster-api-simple-test.yaml
 create mode 100644 bootstrap/plural/recipes/gcp-cluster-api-simple-test.yaml
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/aws-lb-controller.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/capa-sa.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/certmanager.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/data.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/ebs-csi-driver.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/existing.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/irsa-autoscaler.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/irsa-externaldns.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/irsa.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/locals.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/output.tf
 create mode 100644 bootstrap/terraform/aws-bootstrap-cluster-api/s3-vpc-endpoint.tf
 create mode 100644 bootstrap/terraform/azure-bootstrap-cluster-api/deps.yaml
 create mode 100644 bootstrap/terraform/azure-bootstrap-cluster-api/locals.tf
 create mode 100644 bootstrap/terraform/azure-bootstrap-cluster-api/main.tf
 create mode 100644 bootstrap/terraform/azure-bootstrap-cluster-api/moved.tf
 create mode 100644 bootstrap/terraform/azure-bootstrap-cluster-api/outputs.tf
 create mode 100644 bootstrap/terraform/azure-bootstrap-cluster-api/terraform.tfvars
 create mode 100644 bootstrap/terraform/azure-bootstrap-cluster-api/variables.tf
 create mode 100644 bootstrap/terraform/gcp-bootstrap-cluster-api/README.md
 create mode 100644 bootstrap/terraform/gcp-bootstrap-cluster-api/locals.tf
 create mode 100644 bootstrap/terraform/gcp-bootstrap-cluster-api/moved.tf
 create mode 100644 bootstrap/terraform/gcp-bootstrap-cluster-api/network.tf
 create mode 100644 bootstrap/terraform/gcp-bootstrap-cluster-api/outputs.tf
 create mode 100644 bootstrap/terraform/gcp-bootstrap-cluster-api/services.tf
 create mode 100644 bootstrap/terraform/kind-bootstrap-cluster-api/README.md
 create mode 100644 bootstrap/terraform/kind-bootstrap-cluster-api/deps.yaml
 create mode 100644 bootstrap/terraform/kind-bootstrap-cluster-api/main.tf
 create mode 100644 bootstrap/terraform/kind-bootstrap-cluster-api/outputs.tf
 create mode 100644 bootstrap/terraform/kind-bootstrap-cluster-api/terraform.tfvars
 create mode 100644 bootstrap/terraform/kind-bootstrap-cluster-api/variables.tf
 create mode 100644 bootstrap/terraform/kind-bootstrap-cluster-api/versions.tf

diff --git a/.github/workflows/cluster-chart-unit-test.yml b/.github/workflows/cluster-chart-unit-test.yml
new file mode 100644
index 000000000..72a49533e
--- /dev/null
+++ b/.github/workflows/cluster-chart-unit-test.yml
@@ -0,0 +1,27 @@
+name: cluster-chart-unit-test
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'bootstrap/helm/cluster-api-cluster/**'
+  pull_request:
+    branches: [ main ]
+    paths:
+      - 'bootstrap/helm/cluster-api-cluster/**'
+jobs:
+  helm-unit-test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: 'read'
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: install helm
+      uses: azure/setup-helm@v3
+      with:
+        version: v3.12.3
+    - name: install helm unit test
+      run: helm plugin install https://github.com/helm-unittest/helm-unittest.git
+    - name: run helm unit test
+      run: helm unittest ./bootstrap/helm/cluster-api-cluster
diff --git a/bootstrap/helm/cluster-api-bootstrap/charts/cluster-api-bootstrap-0.1.2.tgz b/bootstrap/helm/cluster-api-bootstrap/charts/cluster-api-bootstrap-0.1.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..f39e3671983aa428f7e4344e1f20f49245d37818
GIT binary patch
literal 51085
zcma&tQ*>a<x;Eh0>e#kz+qP{d9jjy8wr#Ux+qUg=@@K8R_xbnH7^iOL95pZMW{$%9
ze1#VQfei3h`=S7#G7wj!Hxid&m3HS~F=SGuH&$Y?&{X1Jl~Yw^l~J>{G_W;xS5~m&
z5jU~60l4^M<AlYQ%m#OD<qMVg)J;o@5f^Vg%v2zuSTy32-$YX(&C#L6r1WD2HXfbj
zmo5NJ+UP;Yc90VQbNi}XBJ%ou&k0)CB-l)^#m)}*r))gR8a+!f2i|lc^BQ?NUM6iB
zV*-ng$=5A_FC08Pd=8H{)E6H&cjedD&F$>2FE)?&+r#MYvX~sM?;pGnF+D!-j|;w$
zU7^m-Yq>mFl`jXkYu81zXS=(QqYtuT=9InE4Q?Od`_7N!*@M%A(SpQN;oFT~JF)|@
z<SKE)XYe#B5nU9fVh|>2K1AoiXo>w`591{cE>h-crfhkxg#xUv^nuaYgWCc*nUF8F
zFXo&ttaKD<K4jn%j<3H)SLFMe{%qy?!aI~B9L%Ki$q%2`7<#xR5?l$<zC}R_Hhszo
z)J9_xonL(R@$5{r6q#HVv^R!wO1A)`VR{>X!<jb~xz8+n84V|uqFo6})OdCB-jQ;j
z{9QB}JvzHwAr^)#I!bMH28-g{mzV{MB8a(z|Cajkwoddug)#oYr)nZ4cma?IU0h5}
zfy{QUL;>@ze?vjQJbrK)w8zG61pOpP#$51-@*{pGbINT9R_tykM|rgKV>vam)93Ot
z=^b$XjJ+Iz><yeG;v<#&{q3AAW`BFzN~-$KtUDk2XjqLpB^|45X;`=pbXl~DY}t1X
zi55Qp-g9R}BYWRLLXa&nFQRv4z>_wdx+4}tZfW?y+J|;B$S@u99zw6$Bro3a5<|~n
z|1^r`vqhitgV=binA#{TZtPDX`i-}@bTlprWl$dCV5!0I?^1srsQJ`-VFs>+?a$j2
zPHmc!){$dJkv0gm3E~9ENnDF!Tep7Mcwy9j=IgkzaZ4?*nyRiYu@>v*#5<4h{ncNN
zWiZk%Fupvbayf*nFe=cdv^#9eHrB_0&O;qjldl(h_uXshuRR78+y%j>0XZqu<7sn9
z3EQufC%a#A**Lt_cVELHA#%|!A74fvuaC<CHMm_bu}X1>4aWAEp_v2Q0%IB6Z)ZC#
z+qi$;&QlAmr$C83qdZLwJ+I;%R+CZF2#}OXrY>s}a^x#(X|}iMi`>RWdM@&iA>E%q
zKF8GN4SA38Mz-8yTI*89FZJ;HwB>fmkubOD>FTXzK3j4za-5Pi36NA7+#j}KhJ&Am
zy8Eid6ELLA^Dt%|2MGaDmwAt=rC9R92}+D87~)e&mJcFUF;DJ3ye!up>+m_vMpF{R
z%$)Mohe};QoY`Vr{24!nVA~EgL`@@+*QS(^pb}ggaKug53nVRh;S(R>fq&{GEFBA#
z=A6<`eZi|beq7#6YfUlCfPklU3i%u8@lB7#Xvxy5X{U0mzVmr}_&(^`P<x%;OfG#a
zkD*3(SMl)3=GASZbl0p?uRz&m_HCoTCE~Sq*QOr5xRx};`Sz(uA&EYH)`~s(Y^{H~
zjV?+;xeCE$(KQc2(rGlOpBw^K?tcHyRJ(+u;f;26NSU&FR+q#P%U4MW<{=!0nIJez
zyan#O6eN&TjG&YE%X(Pt9}ypR1h5r9%$$%Dndfh<qkvyGkA8=U?s?RiOWiFkbK7Pj
zj4}K{7CvII&_zL8laH%COWz|}b4ENv3qcx%5J{V0oDpo;9ghNSzh~7|vtbqZ5wlR8
zL+25y;5a{;VnY<+_V}ac_Ikz1cNL4d7fkN8@!2=$Bc+}@!KwmwYZG&Z=!=KT<EfDL
z%lprTJ=vFcBwyX1n4>n{Rt^v6Nf8g}>=3#y^FbJyvb<pdoij70*-^rtKd2V@MkNI)
z9_W<kvSsh|F6lPa2e5Kgn%ZX#vIDSdUGb~z)1~^ug}0!+jP1v1K@kUf!uD~D1|v$I
zv~|xkY~%LTY}AO=uB#g(J##8ctf^eLDzHCSBJy#yx+lX+hfzp2>YtX-UQOAfdpx4E
zehd?jFVBi~447d(?Sgr?%V^{l4lrf*m>JuC&hm;nsdOfC(U_h%UUlX2?fOI9ZZ{b2
zLPek>m7{VtOGgc36i_G`p?BWt4@T~V;ZC=T4>QXww&*KrNZLeyIlq()NbYkK6w6z8
z);{;Q*hzYBwJiQY&OjoIqj5k?0~odIx$HS>q=dt1TxYe|zHc{7z~;1Fj6b!wwoteN
zBdSS5$C{T2V&yX9wkA}gqMUmf$5CcOAduepJspSA<MH(;!u6PrR!`cO*ZYr;$Lrqa
z^z?Q&2L~5C4J4o^FSZx5?H^$+Y3tk08N}5|rVVbg85hNLs_$WO>}F?YKws5#nkpsl
zlQafh#&>HdJO_bIKY}5PAA{nVT(IM8Eu=qznQr9*4;H9nM*HGtC#ZePc!3J^|3Lbb
zzdge|iF}C+xQov3<#cs1;2IBXp^GZbjR>0#AKX3UJIxG439zZnai<$HA8O5yK54=e
zC|OunZ`gI=u|7ngAI%zkc>kOPt=)XF$qrmv-W;h^uVYjFsPWoK`f~_WW~lnw_n7n0
z`X&I+?~V}R(4RPqg*Wzz`Ny2%UDfzpe~t8Z7h>t*#CZWvl#F(Nt$JkSYwp&f0^=cM
zhURL{ImE^%#t|BMPdG>FR#s9;1LZ;DfU-y4ajIeLNGRdGLlC{&aN2=mSLCOSW9Y+L
zVSwz|Dps+owjcXbKt5!Le)zca7$Sw@_tg6V$i!$=o_KE$U;CO#a+I1mZc%S+5tl^O
zX?kvy`>Z}1X`_yPA$-jvEu!m=Y`1J44Vxh|;1gCB-GeWIB-JAWuH4z;-mkCZYnf#B
zO!hWk^3@?1jyTD#aEdblkoER8UlQ}xy8FfPwm;8z_3#yQTVkp#rCi=c0XrF4=kC`4
z9}M|Ucll?!PupJ8oJj3@L*yfKk|TTvb|_#hdoE!FS$n>RmBj>z+X5Se)4g|)Ps4Bs
z5@$L|8z(_w)4t3J>S!gP$_DjThCAE_PPI*o9x(E!>J9Z^8OXrh<nF<V`Ca2`e_X1y
zQQnR(scXIe0@nuiEVbSo+3@eLs)o(^nJWve4h*J;5!Qg7jrsDure$F$IobuwsQh4>
z?}e=AcFa$2^HBj4iyi3*`AMd*Y5p2I&h#QRleYU0YkQ49UJs>URPz=@la{qI7NU##
z@KnS)R~UMVog~ZFkA0ku-HRohwiDiNj_}X3o&lf$3C?NwiRnu|Dg81*^l|p+#Q}ai
z_EA{|F-9YG_~oO;qlRVeeW<%idFBc{>yK(}>hQ?&wE?lf6JgCf8U#vj;ZFF;LG40n
zwTUUtC=h{<;H0jq1QIRKg6N4f_BQtS)6vE|CW0jXp{_AWh~=HuURs0|^Dhk@c#byq
zjMyINJMQ%5!#Nk7V`_F+6s=LLWJKCf<USI@%H|!f-yZd9<$jV!(key~5Me8}B39+p
z2F7Zq%0>^RJA~LjG|nIbly=g|x$GuE?v&n{P=u$bzcOPf%<<Asim2-sY$Ui2g=s;)
zNFs}8ai$<fz=Q1#QW2Sjum*Tr1=XBokQ?^n1%-)PYX$E_DMedT$BpE%9&h{l{4)^d
zh}9|t?HfcDlBS`El6b{eVaMT^^&-n8lQ(LABZuRx1VAUC*h@&Op8A5>*ees@QbMkg
z)1uA-uRP!=H)CyI!JoD7QA!%F<xul%b*1Wpfucf2H_~LB#ZM#)Yfq&0CqG^JE2N4$
zjRpy9Gu&|HN34cp;Q&>I#vwUEu@MO)9h7ZGAUTqbQ0UZMEHLJ7XN)ALdsv6DMNa%&
zx7t8IMYckXi)z@-P@cMCHj^;<Dv@?Fd9J8ajLcNakQ;%vO_qKIp!sOxr-603PTMJd
ztKdRnI@(G=9LE2Ya-5xaR%G#H#&uQH?M#|Iv#~Tb*A*Zg1nPp!fX;);YLfV<AoVAa
zwkluxb+55InL*4(I@=B5-wDm;K0mMqB}+S1YlDH)&x<Y+W;%pRjYI0}=pgF6syrI$
z2V_N-Cbe6D(vm^xaCh)<(D~?|byVG!m6vnT*z4pI4@kxQ5xm=^n%1RNdIW8t5$t_k
z_?Wd(t1_IZDW{=CRF16E()bHBQ<)p=k&jtMAhu*xgpL7xx^m1=??nS32jvjAw!}4i
z7F3&)V{!M+Vig$4@%8Cd%av+9BCX1?>|&@HJfkGibTxg0(Gj|Yd4G8#y40>sB011h
zgCo&J0s3I!Yfm_c58-1REB$=5G~@{@(<b1BPeq1~r_kfaPYc2&Ma%svj(2mL2SDpf
z;f{CO%85&{vc5)0)#(#{Gi%U?-$P8Tf}2ni@tFFOKE=DZjnEc3E3pAlzR9+Vn^l^s
zdxQPhpS1nI?YDGy?wyVW?~z}vXy>a(6Y_?Ce^ST{tyAwtU8`sbaf>*17>9!*E}}i?
zQvt+zXN=~E)d{z%oH0Fvm4jy#kW3fZbWU>9X_Ltr%>Zw7{=xOA#Q;<KVrB9==6r3a
z8Lip_BWzF~m5Cb)AmvP8G*WhMY*H*w>S;gXfXk?EP*{1(s=9bO>x$vTxQ)%2yFp0^
za;K>3G?8!z{QNYqey^`{dR5TB*T)*x!WTzB2ob+yh@as$Q+}*0Fk*X@FOa#l)?Sna
z+>`~xd5Nnu9y#W&8~2<F37svNw?v!CdC6qDRPRi3h}3CNCQi7+WKBkK{V=HNbQYZI
z;Uo2ut@J;Ii9O}@5o{&u9GDSz{Mjq*DDRO9cW34Ev&E!<)oIH^Ls<^Fba<v93-F<f
zfir?GbBiZ*4fc;bUasnCrb%R`j(VGh1};^S9J;;$Ua7dDFM;ZEe!p(lf~`XK(woxV
z)#2&O$;mAex+Gcy@*eZksC0jqO|tM2d11o%JoHU<01tj1Cf(!^hZAhh$~EfCP-JG|
z(~iTW>;}vyfA=wAS1goClVHOGohtSj4mXUnY0xhVO)#+m<Xdk8`{=lPBu9d#qvXh-
zVrZ~Y^x;4m)LLT9ZmvpC5`mH;bDN6rR^D`tj!Eb?oVak=ro|z2({2!t{Xdhu?9K5K
z>G2qo7yM(ip4El)1Y*UnK}ea^HdDW0)f97KV3bS^X;u0a?PoQ?T4Wh%QQt2cr9UDG
z8UWyGp2Ce+oLsD!CEnaJ1xN(vleoHn#Z9%<YXWmSDONMlxIrhgE+BgdI$f0%-qu?y
z_yyy1TAG?omvL1+pR!;i+TH$QgSX~fp_t}6bT8q)PCU-K>r~2i9dqiq+h7u>)LfB2
zG*Uk$Rb^DzqOtRQ&n!Mwhf3_Phw-j0Rz^;DRpMg`j2(3)ff%S=KdM}VMgj3n;HS3$
zaPot0A7S)D@&G2&1)QH49eo7sq6?2Om6In~UzrP>g==QsA@94OJvGDv(w+m|v+i{l
z2-24!XK+^F%)o!+QdILV9Alx~=Gc><#3-j8jSmMUYNU4*ftBND4zq^Oj+;sAG^o>#
zN8K5qxeLmtn19X>IW=}y`MJp0;`T1Oz9{~c<ipkg$0PwQRW=$=Dlw{PT2|c-v8%Ky
z!1)tWQg=Mi^Z?q%+;MV_E>Ef<kxjfE4Ai>SKIAPuAu*Ly%H66YNt~b((a4NkvTJIJ
zrZk@2f$BKefxn(o8c-|3yO!ovhN}jfREgxlgvPneOrwOXIUqr`WPX{L@i8``pSozz
zROX1=34Ak~F&R0$4K$wyTA+pWAgks1hJ%8+JSL^4BwMsu=6C~4w-r*!bUmn@c2-d;
z1KGN7+A54!zCbLn`f4_pdz@p+dr+0B*qPbNbM6DTak$R2zDsfll?u}klnh;``>@43
zh$mmpbCS1#XPwS1YIFC}a_7ljETPthbB!HnTZ}81yZcurl6y|W{SwAkQ!Ep5{l_)$
z7NqVkyoro1UQDd-J$_a3?T`rXFs|;Zc$@!0A`2~mFbT-ij;eTWu<XeFiRC(1Yu*|D
zegp8j&$R)&c+YF-Mqgm#AWZrNk-kJd9;^(JG7VHCznhrfvZtRt6K$!cmX11t3Pg>C
zzs%fCp<W7Jp}sYNza912wlvK4-uYw1{^akM7L?JJT$!m<&daEawcKfu1)B~CI(FEn
zDq!Hw5wiBq*#s}}IcX}KYkur5nUD1n0y#RSGm9O?1K-@@C=t7XiFX^(B=`qL4-NzW
zsd~h~@)?_@m~0f-y$<+syXm9AD#wN`GPUpXeu79oskW}l>WTFw%Jke1isM3OA@E}0
zU+X1iAal+mXs|Smd1IbO)rda!B8Bz77-W)`-u90qZT%el_0_D-fE)r|kqzCJ{6C>*
zoa+}43k4+WVJ{Mg+T!t+-Va<XO!l6BdbaSO_u_|Rkj*~YXiX29?s)ElZ-VyPVF2(Y
zei%^M{&2W2-=a{T28?U;S++d}cS*(VJI!b?-UI8LhXQ44QPgpoCCpb&alzGW(afcf
zBV}e{Oi9zO9I(tvYq87vdEBg162sd!tEHXrXH0^!QK$^3*pr7ZhjRqBCKW=4zLm(n
z{hZGtXQJ3jQvwvSMTiQ+Uh0T33zbPh%-%ffHOTJTtol~ZXQ@q^h5lX;WR?TU1i0CB
zx+Y1uFZHL#(+7@%YOrwMuTA=<V1%%<e2OEINTs7&4je7Vj@-AOV(qu@U>>C0D%)m^
zZA+>%;LF64t<QNySl(0~virO=%r@JQ@Pf!M#v}qy1mhy{T?GT9IXN<LWFg>UG0)s-
zqL@7wJghn~7kN09eX%D9@V{p8Q1Yp0T>J1l^ka4CM`+OtjlQ?`v6n}!&|s^e0UJE%
zg)<k!Kc^B^oTv5((HHrW<nFt-N<KurWRsubRGRa9w{xY%POfLY4=WpOfgMen)-p--
zSLdip#>Og2-CZl|E`eR;@ekiT#-!t(jX!yxFZ0E}JosU9TiJE!OUCf=2?L?H_JOC-
zXRT~%NP#G@$<=K;+uwt02U-=tyed*m&dslO<n}O&65TX+FqlQQyq>u17L%7%^Xbp7
z(>dy!8ZHQ0NDv)wY`(D5mrH*c!EnX#P{aRDZ*gxa@lax|=ka#}79r{xtn7~y?MEmK
zD`<jd&0>NOS-9NW1it75)_6z2vTM@;Pas<3UW`GeLD<@C8WWHLSjp_W2TEOursy+Q
zaQjiZuiD8HpDES%6c$?@C)d?_4RipjWKRdD`&(<92zz3k1bDt!Ss$Oi9y>|Cj`RX}
zxpsI=4w8xqYQATQSj}47;*etRus+eE;9xEOpv%<!ou^1dkGiimf{T8=j~QJD<Wu`k
z`j2fe6iXm?xm3afcp~EAi`o7WUxm7@_2Hg@uiG3!sOAuNhwaQB-}}w(1l8&7p4&ZC
z8EJurlb`wOlc{I&V_+dFerkUXo!M!&UTLR}tRV%Nj_Z!utb01Uwr_+bXpVz3KNR&b
zV}Ffnp@hv6j~d5C1CI5N$YTVkx&&q>*y+mpc7L1?MqHB~d|Vzz7%7HMggaYlyhwr~
z$BcH%8G*D(doG8gDT@(NE)^&U57D2#E7r>)V|PFoJUY0mYG(8za(OFsW!JGTVUaTm
z3qyqD$q1HaMusH(7!x|-h=a#>CJ7OiWNaToZoc`9p(Af)!b02V{e`>pR#&mU_X%jo
z3`NV1d}9)QBz-Ui0FgYHIeBkP=9VODWY7vFMfBBW+@FwRRax0$H>}G5#p=YsI9sat
zqZ<KnPkloK0oSpvl`o}dTjp3u`Hzm-^9{?iM7{ASOZc&bhE|a_YR<6dbag%V3O}kw
z=mOOJY&CgJ>u(*0EoW=bNWb`kcO($z2;RY-u`@dFlr>yNP|GitCQ!Scwh2aeXam3S
zA36tZ$^e6`m{q2h%$#snYEmLQFi*JdOgMbLTvhNAq6H$h)+IAHAra#q6>^iE4(ngI
zm2Cw~)|I$C$i(|6`+4aAJXsrQN|%J((31<(6fB9zZO8&Vn;ULb*q-}~C_2#*o%|{9
z{*e4SsL+kGACX9Vgz*sRPo8+=vW4`OG$Ne@I!Ta9NVOXf**5F$O*oxf-iJdTWyTex
z^UOr+xFl4AN74*&wTbLGU6~;mm=ca@XlZ5wI!ZW>i#GXUuCl0oqXoTyo=!V<_y-(H
zvdkjl*S0zPGwz7sIbBf}Hz-=~*IqVX;TvcrT>a*X_4#cbtDRbJ_w-O)`RyFbR*t#8
zriD_eN;RR}69*w0>@^x{!s|k*H18bDbEnnRsbRv!RSpPP8bB+pE);JJhDW<GR#r2_
zNFr3O=m{8$7pwD2!x4IJTdz0pS-=lhfbLXlnH@i8N1H2Wfj!Pirj7hBh_3px<L9u~
zzZ$_r9;Rro?U8L>XwOtr3CCyTKqPa!tM_X+GTx7+t6G;XDHlbJt<3dW7=+~_oqG{U
zn1v<g2h8N)uO+9dfmy*MS-4NQRWB7Mu_XZ>C1__#yNjUqjUnDAY$^b1U?RPY7LJfu
zUGha0{mJ1AQELKRo~R1}4;q94Y(ydcu;b@)VVB8860uYyW?&k+m!X#W*Fqe>8dBs1
zYrp3Db}&@~)WM7>pEVG85yFUUsP{!PIxvs`#iaf5GgET>e2PbQC$&g4*xNozV0IX&
zHt&Xq(rkuH$~?rrb74kG4@i;ar+(mp6;yE)u1F*_g_Z}h#>41<2FO+|ET4L~&r8mC
z)E$@<*~P=nvec+7MW047Bb;0^Hi7@}k6S;)gh!<Yr6DyBYz2*=1o7l3IOm<68^oP=
z9s~tH@F`>FSJ#1dht46SQ>N`W{QYaHBC{gfxVHQpYHb-7%4@JOuL7GXiP9?QY0<nL
z1Nb%qBfc6`r%fBxGPEB`2%jC4Y5ef;T*9q}WbONz+}J|v*lIPt#b|B4?Wi{=;O@7Z
z_zsx993(4$;y}F6Nx1gwFdEg=LIYJ*13V&`-A`HuuSS=3r=DtKcmEC005Tvf0NXER
z*pHrnbI-$~Wh|0QiVwdQL&aRkbYg>%6yJYQ<6&=13iHB|eTk1GBop15Gtvr%G=yP*
zC*0+Dh>hObg(#0xx2zlJw4ChdcK%Q(^Opd$pnPkel}8M^Bgu0!bVrdD{=;QF*|?h=
z7dEeRO7@y>pmKubj`;TRHuwk^JA<wGM2u9J3J5Qnt6R?&wDPNWreMcMf?T>U5C<?B
znwb{9UU&7+uuCVDHI7A!@Mn06Jz5v+^YC}6#B)t?8hoN`$h-Y8rU|ZPtFdFJ_s1P4
z77MlnQ))@Oc%(J=uyuSYn+6e5GiE9^B*O9=@AqF;^nfR^aM*}kVxEEY>C}*D6g|5Z
z0u7<KvJln9t*x8s8X7h<(DD2dG@sBy3>O!B_yA#=s2Nfw`O+VuD+@$!mWiA6qCXH=
zic({*fu*SC-J<r)8%l!W_7gGqr8R)!E$kUNOX5@#k9H){C|-JKMB;XnN^_BOjR;sB
zW!;0R>O<gw<ntME+|t+E413(9t^A6BiF(=WWrfNO1H0GceSz|Gw3j`LHYTudPJ3U$
zG8gFOz|#S-^70k}lZ<Ju8#gGsE5G6Ft<ZZ<7w)j1+kK;fy8{Ka5+l0(-4?^nt0~zu
zTO5bF`Vp*N`v8YDqd8S^B-o~NY49)~(6KVX4@D>?z&Wgvn%@w@MGNIFHs+O`BPScI
z+8P`jVGeQyeE$!f3Tx>z8`+^XR=7aEI$==rJwmX&xTc8u4%m3CIGfbc#_bGAxSWY2
z4|~t)!zM;EydpEg%w1N7q+_j8-NoRlKIP3UP&KW-1$8a6|71*u0Uli7ANg={R$6Dg
zOvz)3CT&Keqrv0Y{rhrOH0Qdtt}^2~b=w^m;i1GxjEB4wxjt$e(8oCitR}d+EDW^B
z4g0g|S3mPeT?pSWzZR9@a7S$knt>6a#OaNaBsOUZzpP&oDUii(KxdEa4e|1q!Oq8n
zQAd>(`vs$4iD|+IB*q*xr?5m)-Rg`Yj)Ol)pcB6`DJKVkAo9|f4gn$S{dD&ecYY@T
zM?28_SoHJO76SA&Q0d$I?U${)wwyLOA&xB`L{XK127%RJ*Ee;PT8ZVQ8|@ERw<dI0
zvhtLT=~Zfah+NRRh)buCgf=G)Gtp34Unp0rD)w?y-8<x16?Sps{F?NH8qS}+*X+Jh
zv_ul)>RT@Do8N{XiE#mTUo21s=&vv}=*P<#(JRJzdG{~U&mJyagp$#zr_QN`{K38c
zTv+8zLZ{(?6x0Ybdjs)xiN_{}lzLoKpy0}LYWMskTClB8iEu+cXl^`0Gl&kLp6s2A
zN!#pAHXa1Z9@wQ~yCiJJZD32H7TtTWyj}ef{^@ad#M0htxh^>#X>zVO&np)DaQAc`
zTC_nsc{O)Uq7D=b{nW(3tU*YSg4}b8tGd2LWFJw@;53F?0pPnY>0Mw2I^+>552AM9
ziFMr_A|)gn1N@Q@kfQ`OGW7(#lF7@Q5u1ZQg)YVqr?G^&O@@ZRr}zmJd9U3Ku=HX-
z3%d?xq?{51-EC@x7A<_wz5ilCag@xrz<v4CHNJSW4hE~C>!ItcocT>vy3De@XhYG)
z1g4g?*EWezYhchS)&6+U8)!J;O|>;@)14~3cd{LarJqrOLb^~<`dG0L;u&FfH@%9_
z5(X;U-!ri6<8#yr2mVU~?aecDEaNAQw^xGeD2t)f%JK#F&{s3ueqc7^VjR9sg}>9D
zmKtIKPE`3z6#(>cuBBCIP8f9^@6SPt`ctMdBSza~Tu$*5Vg=Lb0W@-#fu^MRnM<=I
zoa(MhkW~T6>XFC3NAI&#XJsHON(29<o;`0Z$|#yg<Bdxdmh}4YZ3tp^1dJeTdVLDk
zy;#?#F4zV_yVyMe>QPwcU*V!UEpPOFR;?lqMkYNqDseD9%WqW?SWaK!sG^K3W8z>M
zn4|n3TLP$Jb9O(8;Q>%m9kWKTSRoYc9yZvjhbtBpyNRfz^3uSUK!Oe)nW08+&-Mdu
zMm~{LV1+R)FRQ_}g++y~`9sz8B8D6QF@KFb&R$FcL4x!^b2^mzZB8SzCF4*U4$D$d
z_QDo$GoqslvBHqOWXT)U5{mBJI+<2RKhcj|;S+s`Ki13rw24Qp)oY9p>QvXAV9fR_
zPIiJp>o5qP&YFemK5P9{5$a>FU?-=5<=}Ckkhi@~u~7?RH5QSn54@r2RP+C1Cs-UB
z0PQZ)7u*+#14w}M@xp-yRNh2T<lXBx<2*%r04kGgEb&;c`4w$h{~Sef>pHyMi`BD!
zZ_!$t1gKsp9}byNHC{;iTVOZ+;*`Yu<FTPj0>C)mc$7DifIPFv_-%jm<#u`cX7Xz4
zp|uiCd`-<-X6mB(#n9vS>_W;eYtNtC_m&pMnUN<4+kO26kuL>aKUV{26_ujDwjeCa
zJGX+{=>6b3XmWmgOC8CCtYW&`Js;ppaL}E&5W@*Dn;A3RZJR^JbrKk=r+*T~r%*b$
zb^Tfn?*z{uVZ5uE;np!18WIO*)UAit(a^{N({5oaE~P0C<!nCGz&3W%s#^`=9il~W
z%^Z&nDv$g?D8Y8Ue@H(rA>&&$Istj0S$gU=2}Sg1KNWt*j4L5?`|vKol9iYc?EK1v
zavVQlK`LrA{0S2RYQ>^5SydSd7=f;5@~wtbiOKz1oz0{MdaMTs?uAs%L%eqHP|ptR
z6I@hm)}||i&$j$f;3YB22Y))2%_SOsizWc@M%WS()%lyw%YK%&)MpW`F~1S?vSQns
z43mZnWBAm1O?*H++~%)7A-8{N;MT)eB(_aoIkHrO+tRC{WK<es9>##{?tpcq7?I6y
zZ;QNO>vU(^Lgk{++FbKeseq3%ftT#9W=gYqa)K<ZOe)+iFSJY3G8B5L2A&8Ulgp&_
zy1oo(;JsGVsG@sW=6F4-6iM5)#WA?E;y)MM<6vXa)^{K_XmK>a=QF{)dGWm4pz*#)
z41l}Vv2?7Y>sU|HHk+bpHAGac4lZ37TDknQTjp|_w)yDmy^aN-Y7;yW6#q_TI7Eyo
z@bmX#&|ty>kQqA+I`r+C13R8^?XRdoMYd}n<x05j?FQ(#U&HCykn<rv-ahU>6y`pu
zPL<o+=|I#dZTvpp`cYJ<wl8<z^+g4c9f(|FD>pqN9oG<QgAtmMCx`BsQX@Qrqj!et
zIBV{IHK$cE96FXo4Wx34T$Wt#Xj?z6^kztX09QPs`p>j2N_Q!jK-Ha|+Ua;7kFBd^
zQ8gd7vvNMrS`8g3*2Q#G3pSwPITp97h+8~GV>ErzttxMo*SB{))BNFvsxk3nDtAW|
zLC$A|X=O<~AsJ`%7uvHkpPnHw(3Kn67O@YhPE9E9^AS*gxGQy;tWsW9c8`>%Q9}vR
z;)<b;gwu#1rjd`>qw<vUF(5lRyRy)s|3e}v2+(Sjsu>ql2vB^9F!v`j3g%qcR9Pa6
z_+GH}z`=IuupU8=Kn5~vv_G~aq^A3sKirSv*;PPSQbcu2{^WxFJ@f*c(8YpX8?`}#
zP)(t8L;XI8*FL#{Ve(Z#*LbyWpO4q`E{9@S0x(yeuY%0?b3b9gEJV+jXVq$zWAb8R
zs^J>Fb6Ev7m<!K?6LaepwGp_bS7`18vC*!bkN&`)#1Xx40>0TqrYmTR*K`=`=f&@<
zvCNKNd~X7L`6mJ)AGZh%nqw&ErK>trSRgi5_w_`=Nga5xhT8Ier?|{*Ov|kTaP;w&
zrR{L{1j-?GT*pg?vQx&6-U3bCN#!cB)!=HuaI?g(*f4Q7R-|a!!h{hKjuy!p!P52P
zE6o;`6+UXY%HW~<0HwTDb|JH1C-JHv4xx?`Qfu75gU3+x6q<tfS*&#xLOA*Hc>5b(
z@EZcgf6g=(yTRIdRmTkpTyX<;arcGZ=&8SjSA{rKoIVU&)`$j4o)^KheFYV%{>1*>
z>v5qaB%Q^BSxl?QVVxyHSs~!~1WwWrvg5KTA4xNO6D=RfCOuhrRNObAtZ^gPtpm^!
z@`i+h7J`z^*oJ@70YMZ{ReW~ViWy^9ox7ITwPpom8ZcSRh1$mR*&0N?Ca<*MG8dcz
z3F2GPD4X|FL^+OWW?K;*lKMUgcM-I4oRolZmxHBIPXCM7R@(z;9}`m+Jx53<Sqnia
zr$M_e5a{C#S&9!+;sPPm&n(S5VBrLkS1V(3a;eT6iDIsq5%EzPdYK+!Nkr}Kt&GG*
zCd_j~SdUTt0EQ0sI*^#?y`S-tT-lJPjh(6h)*mm_l)bJ)JP%{>NKwI$KXES}zB5)&
z$p(7{t$loxP#S$~7*n!u<4DvF#9VM{P(B=ympBla(1bD|bj?vY#Q$)EN!><G9Ju$F
zAs)j|{PxDig<wFM(V3*(x<+=x^#gU>T$3iDsM;><tv(XC{4+>H8o??7a^{^n)VA*!
zTa;RS3<iHc*8}_<mbu2wR@E8SrAWnAlcu4oK`rv^31SLXi-DD{F6ILb+hWChR+%Ot
zYERYrcxS&UXJU$1L$YjD)S@KZ2}+Pg@n%P%p1d@_pFVkwfwgp3(CkX=$E0nlWoIU)
zIpfc$F0}=f$VsMbd!hJ9OP%0~F%I{T2dSA9vVo$i%RM!9i_PKuYW1-)!0AjLrti`g
z!bP6>y<+kKX>-Gi<`l|9!?>!r0|OuNLbmIYl&Qpv4fH4EU6cDusq`i?jK_qkT^}nV
zOvi|NOrEPeZ#;irND%{FLz<Llpw!;1V-rrx80D50Dq2m)A~$fMQ}mA8!{39=0h`3p
z6ZwWRq<POE{tpG}A(N?ju_<9e@p880)6{Cc2z)VyQj3vTwMt27Iw0cgbc}aFrjgRU
zZNWKtnZcik5tZ{8(-*w-@r4ME>9-&&)Ov@C7;9JDT`4=E^A=vl!`|#^j8)=jJpTMD
z$QG1Y%4L)Wg>>gCB7a=!r%87?#aT<ZsgOPAT`ZK1s;Hs@K7vY8ASi~yF`9xi0x3uq
zNsHb~?y3*L%+te+^x(OF(5-&%P&PhH9bJlof5GY?KIMBM{61Rcj6R)Cr&lJ5>&f#G
zP#eqZnt5MHb8U|5Io%8{hg#X43)uBKRiJRLv!w5D%+SM}o*9Y}PcbU(3*tjByD0w6
zsQIGA0IfYnH|^kYcWxI$?^_?)6L9dXl!ih@7a7CWbxr)(XObH9Bc-q^bmPkVYeA9U
zo;R)13nuy6>69Q-M~j|4E+Occy49R&pQry?!IIQqb>;Xd)bure&un<Xr$;}H$-&X#
zX+FW?@VLERIjv(mcBQDgKHp5S06}R!mB0Ac_y8W$pz0l1K=&9i3*icQXrzfU6Hb}Z
zB$NPFd_SDPE-nNV4Yv&wm^YfIPtM9cDx;^VJ@?2*e1mcAEy-VY?I}NpIu7mLC*W&Q
zT|qDx+<G%IbY)4w1y&bUS3m1qT0~}%Dw`8j=m2VR7#j@m9HYbv!uIO-5)w;s3B1wu
zEYD;FuSzr~$O4L==w(;8`#f~YWKv9aEL5N+r{ff;);sz}yqN%_PVkacSz4a4gUYN2
zuodEM=NYJKmwQCN^0F1F_QWB45i_RleWmQ!0-l@9{ksASaw@A{*L@%NCYFIWKQ|Jy
z_8XRA>VMc_v;`?ag=fYI7px|Hqq6eNQTCf&X6a1`W3sMm;2K=0S%Ar>@nKD#iBN5M
z$N8LaWzj<L#?HMr47`yA-t1L3v=y8lth^vXCo0ZKq=A00&~*saLKOfr>j?5sCfMg(
zoe?1r2)fO}=J19Gsxm*qwpQz0dlIAG>8yZLXs!|5!eE+yVS|^dl$)XF@+yMteCVWG
z;&Qr^dve=Qts-70&)No5toN)V^U-;=7Z;;!wCaSCItNjTch{Z}T<c)faWATRn}V*o
z1itt5R?H7S(rXOhIky?%cgLfUA?SCR<yCU)KU1pDbT}Lb#m;FHbVZz(A}~ZW8gork
zhhn!rh^OaK8}$fiN&_ilPNM4siB}o19RWA*F!&#17j&DL)+$0rWiDl+EQ2gmMTBXI
z%jiNWCcCw&x|{^Z+jz@JBig~78$Y_k1LF?L0ei2{Y{x}yidXSF>kh^l4O+7RtpWeE
zh=3+37;XMg%aSpYxPu^*r9_nU5zcN^M0|(d1tjz%w3e>oBe~Yij*f}O<@=TA%pinN
z<}GauW&$7AXf8@CM+a~YdjSZ@mRqG7{^vK~9z+&A)`_bxxxis%rK)-IXAzL(469pM
z7BiJ}Z&02=_)9mvo1cGsZ1o&ua#+0`&k#_t8PFcaO~*jHntFIrep3|&g@W1+iX;lo
zd13v6m^5M6?WZXowici^yc#Z8m!xEJZZHj9=8m(?y`_D979)~V8Dg@bW0v74=O{o#
zSyFOXj)O*=jHd|W1xE)<I<YtRR7#$C6JK{bH9|$B9K~H(dGv2y5u`uL%*Q^Gm~`W)
zpyn%m<Eb7(pgJ&&D49#|59u&tEwL&Khr80?|Alt%W!<}tRA~uLbK93x+si;!mh7D_
zozjbqLP6$&O*I1X7F2?paxm^tbZTAyDxO^pe(GS@ZLq9CjN$0N6IcKX#Tkj99$?F3
zv)@CZ4}lwE1$*cwr%mS($R^@|K(s;c!h?aBxQeH3Cg>&6Ni>i9@sXPsF}G@rHFPE!
ztIWfm9`i-JJB9Ct424r&>M)o^v>sqa>`ZE>PMyLoy-KJ@o?ah)@b#{#m?{A#kkLgi
zamL@s3eC78z&Yp|PJZzpZac0ckli)Kq@68@QdT+Mk=P<nq6-B$!Z`=2vGQ%U=5{r}
z>GJ5uu6>cxC*!i66Hz8v*>3v0l(}Gn#ySLKd0;^JT#HZyJ3zBuiR|+D@T~&5xvZAf
zf75IyG(ng(;Mqjts!LwARO7-N42agvy=Hz))CyQ*`-0jb_Hnmi1%?u5dJ~U@5B%Ex
z3eTz>prqI2l9tc9+6vKI<MIX5dV`R@%<YW}i@j%Sfy4?cjt%y&>w;Jy&Ncq2uueMR
zJhi_`Hqq*vWPd{duIvN^L1E%WL=`X0L@#Uy|826}bO}BNfcRMe(Ez(oy2ZguQUe?E
zKVxrKf7$dr(_<HI8wy?NH?10i$&f<QZ>_|rhLAoqyVh6&?3!u=!1TvM`X$<r;iLk>
z%DpWf3o!mcRlFX`|C}V=rs>x00ojm_^wpwpgI+s`ESulbFNb~87T#=zF880;-{zz*
z4)@9*$I5DP#h+}PyM_BbyB?V7jd}OLSdb0oBr21)0>98$cVd(3-ji0GZuX;VgGlss
zB1o_W1KUHDIrN&Bx`!vj2z86M?G84J?xTE6%FL?9I~k5&tpsqh=hr=d@53oZ8Va}6
z=syki_qW0Nt&~IJ3AHcwEv6h;#+5>*fPWLNk<E#J#31{wQKpBD=|cDPdr{WKf^p3<
zKIJNyi{!rcD7+Opa6(=8pl1$;dJY0Vgz4O4l9t>k-0MdIVNS}sLxg>b+M{frv&^D@
z+FMme7Sa=JaROM3)l_^K){X7T)x?J6&q<MpT1A~Tck@llh<@tinTZi?Q^z{EipP^n
zp7To2<V#NP6Y%J*J+uooCB?iPA?@G%G#9V0$m`%JBIbJ8;|(3(1PjlWYxNeU$6#)P
z^ET@D&X{uAm>Slne~Z@LmD4ul`>JuwxY)adqw7fHkGqo2)1yiX+OTxGdhaT%VSy+D
z0k+6hOL}-8-t{9MXozC`B^+y{9-#TaMd0x~+IjyO_CeaMynEW%5w=$pSCYTMa}nC1
zz)ob^VxuIe_>yZ^AQUL4l6Zu-Fjc(X)tUYEzF~Ct;AZFKHk)jIguvj-=g8_(J|ZO0
z)GcuTGZse2qAlY0iiqI_A%jaCI*!!$t2NuO4)G8z;=XIIm|R<THsgF?fO=A?cLzC8
z7jEefV2A@{j1c7@P)z}jmiAU%tMMktLe$)errR^yBa0A+0+?6>-Q+4O`7qr0T1Fab
zgAI@y**DtEZ#ebWI=iMkpKHt-AV7oshEtK3Oo9>3AWZh5+R3#6*qtHY4A%}Pwn4CU
zA~yhe%Nwl;0#<Miz}eD1OpuJJRY}4#m%1jvp_yOWcA*4~8`S}$KWwtk#KKV_uCFu?
zb4iSyhd8}5u*{vARKc;MN<a$QY@z_a%$%r`h(_Cxt#cqwF<%q?-f8)_=t0$nc0@WK
zdHVY*fpbP3l}p_Rc<rNpA`Q3-gmMR2NLa;Fu~s+UAyY&k{|B66eZy(afcHukYU-sv
zW+W|;Z*|{lvKLk(bRgZp0*Ws>frU{Fs_17#_~RDuC(dWg7qVh4&&2ZE(Z`>RYcGb&
z`)9jO;ytMP<QgIASvYSK`wPI<Y(3eK`Ms>`y@|SHd}b$G8=rwEDXLqnZ1S?hjo1V|
zs6&9gwi(fHG-bdgTX+$oW3Re^;2_)X%>49vU5-H8mKk|nA4eN5L`X|=$%R3=kPy60
zy?B4%M9={0uSwYz{ZC*jiTUqfio@D<Rq(%nX-qwE8~~iW=yIwi%GTHIcPy;WihTlD
zo%7R7WH0I+Jam@4bw|E8g+uc#mJ4ZekT8Nns|#QMrV?sEMI95B>gT~RW?$>m<qDN(
zUnaFEDW(c#KboLmZAb@1zYr~^z14Z)+5X*g$Eg>#8AxzVjk|0-iBz=$w`)hW2keb|
z=ko>ScmS;N?IUNtj)Ja3SjS$c%Hk6`Ac@#B8H72iH>X3Ff8MzwouPWJp|+CN%~QrW
zbwUdQRSEj6NVXIxf<eKoWwB_%{!VrvRC+Sgis!+k^T)?!BQG&V6lz;tmf!#$E$w*~
zFU$Rq&6j8GQS?-8-5UUcO-58a@yz^amI=qQAk!lgfH3M`P})W1&zyW{ORc%*05=FU
ziN?1dc%{=0GDg%=M9WsFz-V9zl#JEaU_;Ke`l`Y8l!SF&6knAtJs)Z9nOK>72a5zL
z6&A9T{a<91!1+Xf$&bCzfk9AH1aEL-&pbTVWrKG(@1EF|{P86ml={=^UG1Qoee*}K
zc09`CA$jNU(|v6U=eLP+fwcJbgjGkx1-qVXgip)<a8DhDXZrk!#_R<Vq01K{%DI^Y
z$`m)!$Reyyl!%M9Oe?}CI>G(nU=u}coNs;zXH;sp32=IbN9VKaemubE3^&sOeo$q8
z@3|yGwq7p^e^Qmg9Rpb(;|Aa<Dd}YWHIGR*!`0C_5K?cjRHJ1OPA!B6MgHrpJsRH8
z?kb0=X;0qSI@eLDxn><bpG=gqHvq9dxA1hgp(MnW#EcEsWy`vuhv=kffa)qvJ6FM5
z3T0>%;VErhRmJ%{N+CmTWhD$#0%nyfRI?L~bhRNC>}C`(tsbN8Zr@Mo>L!Ypp<7|4
zHRUcHw!YI#@A6mb`ctTSS7y4$qiZEB&761+Y#gWo`Q8we3$j`cA!Wb#RPlEq0SU#O
z^c*=Xkus5^15c}g8uK<dD2-N#C4eK`C{4ORS`?Nj2nfvfJiaoCSfeC`VYB|lytnZM
zEx(IqTsh}_eu!rHm^&;RT9B{X0&!^rV>Z>4aC((cR?>fQ(BA?a1ysl<y|vou)vdjb
zFNy|_K~@BIyGjQ^V<s(`>@)63PKyZ)DnE4u-rEKGfb-vhIA%5Tyjf<fhxk7XgA1($
z)M$4DF!P}RGq%Qf`X(IRUp)}FtioK}U)xF8DkHGh7x?gm+pp%5u@bGQ?ZTkCDy$*X
z)r7e!+cZ;)Of(R-#QX9|;PA6%LmX3J)1hQje0i(!5R&Or*+&4~++iSqnaQhDTq-77
z8y<ieQx(25>Y)i5BOrgSED`ts${_^#qCVP`V8kw${|2DR?eWA7+$^Ov{OxC9?jO#t
z2xj^-{s@)UH|bkM%^IU!m;JV<m=IAWy#+iv$*~dyZ@iL&rNrb9-aeJ8z+^+Pr|0$>
zB0EkFA<ySs{7Kux6pd1oFNI|o2(rG84$Yv1`{$Y|E4*rXSxQ;?@-MMsm;L2R$!3n1
zbPAQ`s3I9ahTCcQeA(;+olafFUc4=O@VsgXE=(3f;t!-8yW^oP0u*be5z<rUs@0^z
z%DeARz{~nT^3XWu1TN7}5C+T|f)*KA*{IABC%b_=mQNw;RcT3!OZE5?c~RQ8dg$Q>
zW@zAmJ9G6b+LTB|6=J`OaWxbRE`oPG{T|2%1HJInHPg;9Eo<icM;yjrdc&y!4Vc(5
zvgSu9C7tYx#DZ48>C-$38DECL+8!?H{UZD#F90C1)C(m0$fbIP4tE|i_NaH~1omSx
zb{Z|upLIdR?}TjmQFoP`34DaZz8kQIX=0v0s#nyU{Fgq7#yA&EOE}%RnOqL9MUI<m
z(DK<``Z(_(jiw#AXaBYVu6{(CQ2@Yk6D@5J)Qo7Bb2)lDaN+oGW59WV+VygPVD6#e
z+SkhRuc7?(AH_+?!QS*+Y>Fld9==YBQ&+j@2W&P=Ex_cfU=>l~Y~z_5xBSHaFix7|
zzl{@-_S-lEGbCLqlzcCWmU4$eBwL>h3l&Iz75%W5-hh3t)wm2%6s~i~d%xjtpRMnm
z^vzr0-j6792Mk&Y7Bpjdj4D?}%yM{$I1G=fi=#R``p9^BYNYNw8<+3D0s@A*8mQiB
zk5LKw&G;UfhL$6QI$g1*J)>kDQx`vI*!FAo$7&#>DLrzo7u3?v3cJM5qtc%c3X`q+
z2f<2YRUp0k&c!bs2$@5iOV9g)CKzDy`KhO}0!_uNFFEc&s{RbgJJq@m(M_$hnQ?Aj
z%&$3&YN4Hh+{Gka2F9akQpMuc?1YAWy5nVY+SGms?TU&_(Bdq4jg>^;7o++E^MT&_
z5`cG3Y8(3iUm7jYj`Oc4AXOEkSbFVKpI(Q41zDX6`<RQ=n0Pe5vtHDhWF%ES4V%s@
z>aCrNc&k;Y7-^`mzy6bmY9bi4eTyjK*1e|aUm^-_Ll9D$-?J^1U8~(rHP(Ua1#GXw
zB82g|BK(Os)nRP0V`BeUW|ZFUtj=qIMCjIhEur-;smp&r8a@G<zx(5JozFI!lzv)I
zj7X}wE*>KzQQ}ZFPE&y^<v(<^h2kGNDi8LzjvD)Ulf?&vvNQjsqi%q$N!lDh33|RA
zcT{iZqZ!L5qZKw(G)&}*7qDQ*p#r*4P&fp6>m+kJZ(Sf#0FHg#tihyG#0T+vY@0^+
z98wdwfWM5Q+7zDDK})fSm^@`?gg}gVgoQ!7UB;D(nPu=xh5<iD`=%*C5A@zat!44j
zWk%!>XrqYmL%36TlU#DN`O&3cq3NfbUV+s22S6>Xv6K{bcxhkKU(ZUu@2f`VBpW`x
z2u;rGx{_I};l$T5tV?ZI*#6*0i=$vMZAsKBuZjc|MOvv+chzz*`gb0E_4@xj+9LB$
z9zFSsN1Kw3w;l5b1TAimH;C4b5{ifaG*sg~z6`OAi@wp*Tx(bhZ`anWzIJ`t{Mmx!
zF)1ekZC5ou`rT4p$jgPPQl|+BG}Sk^G{b|WvFC9Xer-1Ys5Gp%QF-AMJ0p=lkqu5R
ze-Ug&MZ!U&^b6wBm_*!B(NUxtzWQ2;w6I`CRVfI8x(elbUD3jtVtLQDru;HRWkV0Y
z@7D<Vfghk$-H(vY3P^`k2Co2QctZrcTu5Y?v-ZUhNZkS00xYU`@2CRfm#!r{;?2}|
zF~-FBz9B`%5q(KqfMU8s&Nwz}gv`y8Hal(jfC`g%G1VABCU{FosQz;c<kS7dHt=1I
zKU|%d+sq50x>2WL7g<|$KWe&B5BB$Xf#S{!G-To3A$y=1?a5y@rVCk<aiI8zyJ;zV
zI|{f_(a_0QVKBZ`)UQR&XQ%C3MW-I<OV8}hzW!3tB<uFBy1!HuUGr}hJxX+n6#QF7
zf584jMZKA+MyUQ)(KMBRSJ6`XgZn;QHUg#Jxk1iF`bzpk(SG7EJ|CITfP<s4bG&c@
z=A33ocmAYO6@zpYhg+qjp4;k(zOEmzowpr4Ih)X07`fat_*qrs+7!aL|7N0o{Qoe~
zrT=82aQCUD|II{c{*#Gn9e$f=OvJZ|N?=n6<`%g6eVgdU*|D7yY4QB>u<((zc~%^}
z9^PkK<h`LO-x)e~w5lr9bW-t6Dl}tqP#t!9p>*8v_8&bef80>Q@sS?Ed*?h@3?iHn
zw^3ea5>IbT{q-&RqGo-Pvz25shgf#oL3KO@3{Sfa2U;S6a>jF^OvjDMd8_Q4><{CZ
zJfzeX_4W5;0?C!*Vx&tc!tCsw+vhA>b`l2YTU&R^5t@Q!>BPB!q*ok}ibZUemU^rq
z0mGH#%in4oN}5o1zt++Ny(N-`YCk#zUBD=A?xzqTGBn(7NigwS`U(h9+`q0^(#xn1
z<+q2-W}6I&Rei13lJOqHo1BCL1o-@yg4rrAR)piop%Ic}RtbLb>Q1d?3qJFu3bCpr
zF+Q*ARDa&}!X8m_CL~E0VBg!<Zt6eZr5nG!cZkP-hb9^Q#zFgQo)eNI0^t*V2Cl4R
z36t4ye9SHc%3cIbv<Xs?oH-~2y)zsHN~AY9pVmuapJx>)LnUiudfqB!^jcR&6E(09
zFX+GkvcPB`I*{i$jRe;bNo~;RABBJc9idq|zo%#ohiMGZ>KY<eRz)r@2whx$aQ*9p
z*+04+^S|hXF93*L@xsylrqwptaL<0cA*pGg$|*uG?b9#N|85)J^*ZSXvqzWO?0hE}
z;C%6!racievGO35#$$eYJrog^c&{l`;=Ald(EdJgmVZL4C0BX146_DefGYfsS`nys
z!D1h?5Q?Q1q*rFf8lTpuy~1d3z#2a5oB~g;YX;jGFJguBJ4bHH=?-wJTQvfXq`QTW
z3}h^JwoP)QTPzc_PCmE!KWivz#XmJvxb7bsI!N)Yp}D;OUqjz!0cH6A*3h%RHFQDf
zFAY8VhlT<u{6j-~7$e~*vi_5XKK@ff{X~ub)=)p@tDXISY3L{w$+w11c>JxQUWEUq
zq2vhwt^d-{;xlR8cL-02Zw)ol`G<xgZ~d*IqC@{(Lqj$GuNtav_D>D9Jo-yRx2FE3
zp?4$y(ohA3w;u}mslwn9cmLGTHytXre`;t`&)*u_OON+IYbf$}hVma88e;w5G<5O5
zX=wi;0JhM-Y3SnrprIZF|GS2=-~SI9YWTluXr9l%G?YE*FAZh?t^)ga4dwp~*~9){
zG*mMGKQy$zji<cr|DvH`$QD{6;U3KaR_MjMIKkDD792=Qg5+$I!7!*Z{Za#51hd24
zwbFkeA7$ler^e|2A8+>*UD>w23qM9h72CG$RBYR}Rk58^tcq>hw#|xdCl%D0wbov1
zuif_loc4X^;>?>l+8B59X7t&A@ALGKZPr{&*>gH3Ez!nSWt16|!j^r|>gr`>>`=@Q
zANOV`<dEB&U`2*z)EQR<k3i;;6m&cLS+w7zNdX{D$dZE$O!awHaZrpPL;Rhu1bGb&
zR)3J@^_4*@N8kRwy2WqOlu7P<n<1qCO`3gdLL&Sn8rufg0MdN>gEallbC|$>ljbug
zfHYN80i=16`X_0YOu~&*vC$hO{!N-v5g>*D(nS0>X(p9KP(vDWC|<k$2Wc8Q{);q?
z58znR+J+QXKqw9{<yr_OL>uY8C?8~WeECUw{1U$tG4FaqU14^)C#Obpu;7P3o`q>s
zL5C~GX>J?A<P%IbWb0X~NQbtHC4qMsD(rFR<8cC8J#}m+hgf%Lr#Dx@J6oJ>4c9D)
zJsYc)$hzf#aPeC6Dpf*%hcw>Tf!+gl$wNP{FjUaisRKP7Pd&(uQ8u#@O;1jjg<ApZ
zFoKS1#RT0+{y7z21i~7EICw*xM$F6c%U9D@kPr|L0qru=4L_CQj$<P0{;zRy^ejfk
zAXOA^um>#nDe7Z@E)CNs|2UH1k%cJo9@7`9l(89CwY|;(nhe=JV(!a+34Kadlw6N#
zY}N*<4BJ8nCDbBG|4+o;!8KHVEzIjSNL7KxPGj{#wd^)2qO2tCa~v%vH}^<{gX)a=
zOZEx+`U|*4|6!VtAKMX~f14)JJ-{@BCIF_nH=Vw%P7K_diz1}9mJKk?pkMzo%};SX
zu2RV<c(6z1sgk*oDuJVUo9eUfA#6UvZ8%>z>EC+AP1s3Q_xrLVG`1CezQ)W0*0!F;
z(+)V55YWfPOw_8n82HNt28m9a;=e7^`L|`#ASG7K`(kr?UTl%$4*|B8eM4(B%=#K3
zUG5RsAux<B_iWD_Z;FO93it?M@A!AI+EIJEjjFn)3x^A;CQgidsqSjy5A$ztCTF8C
zJ%WrwoPFf}$)0o<V^_ZC3d`iPHYI|lp8{E_;cZGFxf=pKb8s83yCw;qb*^8%1GcnA
z&cB`A5af$a#rKj$XOJenUpdHYon!8UL-H24CWeY*gUl0;H&Sn%%RZ9fjfu|pJ|={m
z+-oResmY^JTZGm8;z*LTPe2Hxg3?&v>-+J#&%*qu&q_q3?DQF_b*xZ7j}ygAAP-2%
z)WeaF#q@rGRg3~Gqe5<*chnCxpm`{wp$!^K@D5zxY30f1r@i|l=RohbF(~&-Wj6q6
zdhrVTV?)y=)Cqe4Nb{QRhn(Ke-HYBs%E0|0Em7N@#DG3ClG)}B5-Fkj3LL6uak+Q;
z%a~tZFmtQ8LDV6I!+V*0>m1i+BuUl9fBYGf{bGCl!Uv&K+wjfYZ7Z0Sy$oUn9|}4W
z-g$^&qZbv{?+?`E7U%g3HG?+kexs%?05yRyTFuP>s0qIXK+SMi0BWLy(gx7~2WkrZ
ziJB$Ff1{?>+n=au<@Oh94pIMwn%Ld|)HEvj6E*980qOsRnztvRqB}qTM$Kx~->4Zr
z`v+=15z$I4|ACqxC?`@G0MxWm><<8-=IeIMWfo#b;QA}<_TyLv)h1S-@|Oz$Y7TuG
zG-3J^HPe#+ftvGm+C$s`)U*%&jhfbfp{D&GsA<&t8#U*fMP`!~j7pK!KFb=R-b2mH
zP$88?3FEc@iJFdnL<Rqantr9;69oX&RA~AWHB)}0W@t_&Pb2^}KcF&Eu*F?`DS)^C
zLQTits9F9SHKYDQ&2Ru}wtP}8`i+|DrDg#$*P8~L)D<6=nBgUnEqF-sYTH-<)s(8Q
zTNoz%TQyTZtHnWd%1I^z1^uO(Bh`PY=2-e4s#*Lm)dZ9MPt}xd0;pz%1VA+xZlH4j
zs(FL>uJM1XnpM;Q)l^&qsAf>*5`)X1s)_MiHNo^3R9^m5HNiUmR84M95M&`5urS7d
zswUfisHQ%`Z`Evp__u0`$0Mfa{!=wq(!Z6_?aUL5pjc7^RP&+WpQ_pMFV#%^`KM|c
zl>b&u`3|;7@;_BG?BpM+37qqnYSMsr08}#-pqlQi|4>a)Ie=>V=loX9=gB`*Gl!ol
zM_2F<)zk&vCS8m``%^Vba1o3Ib3)kvR!z4sYvAYqQ8j1&x2mcBU#cmu_&=!T;mV(?
zS^giYX)p;;O-uBDsb<jHU#h8O@mn<oT>1V~&GDB1vuZ-V-TkeaEj{tjK$ib+RP!4^
zHTM`^U_<{_O;wi>Pv(v49C7st$IeLh`$$RFf%C;3As<vME^@9Hp_=vUy_DhocDvC@
zK=0Px=q&!zJAamROc(qwcdi$w=hx+gFSn?*#I#7@`4T+|@cFYe#7t6Yw-vGpkx?35
zlm!kP?Dk)lN-(vvU=3+-M9FFnd*F0ruyI(WUuS@IQKybD<-)uaWFN-Ev!M&35qoXZ
zh&WLiZmcmo{Due}Lj^ZPM7n??Y^AE{H`St6`GqU9v*I**>l3{cJWjsA*p%Gbj+O`E
z6IfgK4aZ`;{gHGv!PWjH@vSizh7N5n=$pf<wo0|8<<^l~46^?B3^J^JmGvH3iwx=)
z12`8CCebQO?9#_i_$@%$K(%rDWNuEvmq6G2lt4bMgw0S~9x7KTI8e&8siot5>#coT
z`nPu1o<}rkEx=b0H`5b<5l!ueu&Bkt%+RGuG{JqW+_bpXiG4#{)ic32&n1ngt96&3
zKsY#^2Lcb&k)<=!gj^;$bZ>875f_1Z6b<w_5Mn+}P3-=Vp);(sv(*^Rd+@XlehcyA
z&YBYg+v&jngjS%U?V22`udqGK=P!-R2pH&c(^=ibV`KLeBa9TI0V+J%Y873v>5Q@(
zLuwlWRWLQA%`jzpZUxxgb~$E!N)O&-306Qhw>=2yo8?eZfS1O9r(I{o{yXgofAIR`
zL}VU1!b2i3l+XSIIdm*JuER4yhi8h8P#+n3qTUC%Z0Ee(HE_LQ=mvfC9D8_3Oe2dL
zE)%|37x@bGV4sFzPFOs~q0LB>3$xa$GW4LSRV72v3u;mot>(ro#~p=j;s<+IXRQ<H
ze{Ua|WML3@LU!#j=eE<((S&5E?5n2XRD6L0-zpv(8%W=G1WR~Bwa~*DVzY#23&j4h
z-mzZVMai~;*NYIS7`SB!AI&ua9o7JMNU-8OrHZ7`99ap+Ac3&&@nvH6z!g_I#{5p1
zUlEY-c3Y-`qy-kxfS5jOwAo}N#hA3Ql5XetZiGo7F;%GlDlEP{LT<X@27DVr*}?=t
zzgu~Q2ycp8B%7Qs#EbvvZ&eY3-vtALMI{Zd^#!+Gl3FgV4k&?5vWiyXhgHbXtdiz^
zFfVNTJV-sRbl|MW_B3nBk9fO4SATt{Q~^LXwP5Oh$fjyI{gF-0q<8cA_=rvs)=t{I
zbqPyZ%dLiu0rCg(OPSwka6fA2aH=4Mn$)%j?lyQWOnZitOI&cY9T}w$c9aFCYfum|
zbO!5-Da2z$^Z(z5QYE?N4PhQha^0mLz2k|)Xn;Fc#_jVFQO{;6h>TM2y(w48NuxJ|
zXMeWvP*=+6hiBT>>yqnYpTVJE5)lRU&yW!+%MSIALLCs^XN(MU1&9MdQsi4n+rwP_
zdJYf*jlzS!2U?zPtDm?ZdIudaN71&Y*dE8B^&ZI#KQxRR%&62oXLxQ7-l3v_vs&W1
zb&8&`cy&ET&DWPjBSwy<N-EdX)J5MRM2Dm3cTs$BczNA)=1XS-`MJEzLp~Z$x=fMP
zuA|lo@yzqX(>3X!7ozT2ljQF-YMJFf(x{m&x|y>srRe4~@{CobwC=ByCds2(Vd~0J
z$3)YGOf<Y?e+g@L&}q*9S7F_z0tl-k^&i4oy7pUGd%pflSbwmiY1z??>?%<HEv(7G
zhn!Y-WXlHCITlVL2sjXPI+#lsWn*Pt@X17PjjWF4zvRiD0|f6L5=zGcZNYrU1;A&f
zPMmQ-*_Wh9wNR^zFjpTbpo9>K$dHnezOC~iFtfz(Gto0mGqx9T?VE~fuk~iY3fk_q
z#WsAhiG)6xMIlt{^p5#*BylP4a)%0If>?E-cT?AM62l;yQc+S3yNf%K9r|?{adC3B
z_XFHs?Y<$3rQ^$y>YAI!e803$YGqw})BYC>f>(N!f_WV~STdxvCQ%maeLelXHQdYL
zu(VMAs!HkT@Vq4MsN4m2P~95ej_2T`OoU%EoB~&PvCVmtGFmD3*5g>bInBDaJY*w$
z0pjPBl#{jZa#rqNuFh}aQ>H`E^K4nD>R@^Ka_UddxJo8ETYaY%BEGyg`?smDcG)6@
zXRVB*$TLZ1M8+3|PG{l$NXppMKl@rAxf2t13J=>ZHWMKFK&yg5e!F63tEG}V&n{}i
zXJAB*Ny>=i^p;8wHquXfW=T?THDBMryj<Z79I7Wo7%7>!&;%dxndmh=au@UmBIu6z
z>E;+`Ru>;GPv-|^yyUj<G75W9tDEAP+7x41yBZwxmszjDg+7($VVtPrFT&B|yCHO!
zoaZ$iQS_s!mQf<o1%`@p+MVKb2yaCkJ$c-U(ZMXz_;2K0&er56c5o#cqw*LI*cn>1
z{Qd)&$w=clV^7*n4#f3VuOZ50KlQT|669Iow|p{ItKI#=3?XA(^Jh`)V~uUM@U55f
z?|nlCzF-cvk999gI;{*9eovYn9de^lh_XMnwt1M-A5MAQPo@HP;P?A^c22I`J_qD2
zD5cZZuY;S~0WZGc_RJ0(CFQ(ldcXG#)V`yC<aGe!tN*z6m=)WI?VEQa<dRzr50-2&
zp&DO%?`0IVTBBY;94p;`NN{c#HnqCH4sAgR4;|<C_`Bwmf)QqkeB~~A@+lG0-4LBw
zFZ>CqRW9YMI4AMg1z1V0O$H)@ll`p2b1Kd}6-h)X=pnvMG0y41Cpl_KRq}=*d2Tn(
z>Ybs>YlLqdkgT0UPJ?OU^)4kRF74WTy#a+B_0V3cTGx<*D8){gf{YXsR5>RRFt*|P
zPpmz6|4!pB4*6F-0n)e?>t%bmYs-_lUFX5{Lui$#Yij+*X0Q#6rs8dA&Ij=jrG#al
zYfdV$P@)D>QmV;!I+M)--&(hk?IVm06YKhOF6g*Fa<q+h3|Pe4();zp!p%b$Yhdad
zXkY^BDN|1dfC~m*r4#D}6P~p`URo4jYl3<Q1mSzejRY_VJ~?(aXqgOUW+MrU<bSdm
ziAvKN0t+hQ_5~ZGGJ=9!+*T3)a^uVm%Z59|3X#yCx^wgSj~s5YO5$&ZR<HMSUPQio
zKDi~F>d65o+&<W5?G*Exi1%C%-kf9ojCHq|2ViJwDMGiAi1Q!VNJnZ90Emu)_zlrk
ze44edPSA%Z?18{4J_y~TbhYQm<jI0eGoyp6XeC|MRyu}G-odU@@kpe%U^MV4DDl4w
z6Me%CA0{YN@#OWU!Cr0#T2Xbj#s3+^&Cs#SMPD0iY3RNATcQU7cmI^=SUcQn+P@?k
zv+-|<F3aq>Seh8Kw9<$zm=UddriUG@sgDc<inrFVrb`MZkRviw`X*bU;M%`!Bmk3a
zDAa{OQ#l~T5RpF|hb9`MWD1mS2~9CcDBRcDQJKdQDnJm|rmc61p&RZl4UC2zkaZ+a
zx>PlS#|4!gDfxNF!uBZQ%Q>G4!=XP~5FG4LED|1}6#K%G|B4I%qg$PsAy0V#7!Arb
zF`tXv3&7}nqyNI_iwgioOTiBPh0$0}e`7Q-%IEUm80`UBD1~VTj4u8!j27GenKAQg
z2xJP8F7FSFR?+-7MjM;iE-8X@-2Q>lQYM>!V|3~DKQa1~K)}B+`jvyE1;Zi{(!>G`
z8`-U&&sz007e&EZ`<PF<)OJ7wO0iAeI_qX|t^;U%Q~r6ds7oQ(IFC8T_Ex)=k<GD5
z&<td#x!5GmPVW}O6&*v~9^W+>!nZ<F6$sQ`!FV-z!o3bv+-$Y{Ql=080zG&Km=m-t
zkk}`tTmP|T+Z3VcC2P^`aV+nK3+w=mX60GC(t4r5tMi~UVM6lK^VRt3cWW%TB)+FG
zRh`?EZR%QiA)i|Mi&k^ujgF0lZSwvi*)8a+o~ISIL=4$C{PyEP*`$i`SIa_+3?H#T
z_cq)~{n95+mdA4AiH>KSIt9JO!vI7%S2s!xnq=%Sy*L*JBZw#27nF@E)jOKKqP!)-
zMWVfcIBeO>4XiPQoD|-i77E*^FUBw7XGx~1P=236*R=qPFz^Xb5(%=@UFem_p)}MB
zE28Xn;|=qvNG87YH@UPsNnIhn%lID*b^DQ|N+fDHH?00=`^pw{XaZ0=l>3?B8|~ZX
zPWwQYC>5>gH3&460tu%PTlk;VXK}yRVJ7VgU;g&-vL%3z$8;y~SUricVlRkwIu?sB
zL@g*Lb*pzdsoZ8ts`!-an`)|FekiqSN&w$gObmNh#XWv9RK^@q;z)kTUXCSAR{YNK
zjByoVNt@;=k^I<oIi^|$83*!gHfbEe&lcD1T%MGIeJw9dR64WJ%LSzUZF{wg+~$J%
ztBU`3ihi)L5V2>wUoD*JJv_d+(KM|?lBU**0r~1l9wHaoU7PFJ(LRBt0w2JA=$ndB
z4uK}CkY$2c8*XC~>VEx)ItQlFd45`>NyH2<>->KOheO;Knv#++$CnCEj&Z2d6N!w(
zEc;!dcT#-ldy)LKYpSDjN0Fdg3!Y`3R=lQ=Je@vCKgUr5lEWEh#t^zz4G!zIcti{E
zdhI5Xv{<FF^Ls!a``br}Aojv<AZ*15lVtnk;;+4kv0t*J5TI-2=m_}g-oP=ATD^cP
zZg%pXn&8+f=<w0KCcP$I(vL8Q<)je74{{GJs@oG-E@BqfQ!fgyRGQ&(>t_<1kO4OS
z$pB5CFK{ygDQ$O%VP`7x6)cAQq0$~(Y)lo!|GNvfWspgp{de)g)Tu&o#8isBepW5t
z1q>-3@JyMueg=NgRZzbmD<jH>RG#%Z*v*?!Z*xR(ofY?{As#eqSc-Gf?P7L`sU^}V
z3Mxj=8=J;Za)&{1JyhyBKMZmVCtK?jZN#EsR-&a%g<6E?o-YphAXyA6(}V(u93s#x
zQFNc=SflQm>m(!}KhvDswWUtKg!;Z+APBI%4t_8i;KL%jR(c}eDpK|F&8XO>QOH|L
zJH^yZ@8A=NTGkbn!!|VdY6jaPFueXM&29Ib%u*ZgC{x2VpGMFLk&4zCEW4)Ae_YY~
z{5kDBSi-IYs7kMCdlYXqP$LfudLHD5U9z=|s-NUB5N~|p9$lOC_nUQ6Moe2+JMw6~
zNtd@S=v8WH3}@{S*5ysGb7enE<hoEj{pp?QAS%}>TqN$ajvF$QkkX_@huE#3xOP`O
zz9#w-%;^VGTxf%1R8%bEOS<2BDz}Fo-clob8i2&BHpEm@%FyD57tp+XDYZliT^y1l
zQ+6}uyn`{EUb84ty$+OUz|8FwHRfImAk+@wK<ItMYD%rL^k_=)1`>*L8S(hDz0>yW
z_>3lRFsjqIRA3j8Rj>A+u3@De70wNUMdEJUN9(+%5l)llH%yFmm~p`<JvSv0zw>v!
zqRsML#lmyNc4-wWzSrAgUW7-i*A#?!!Qm?{gkhQM)knI&Hb=Wl9aAdd&d4+(6_R(k
zfY*)AmS~=U0uAUWBxu@%2`8%%I+LCnF(2p0{OHy|e<a9F5cZD(?y-#6w4aozp{Hg@
zYoUff`jMy|cNTc|ijsCtF~6a#hXlhs{Mv*?zA1k`@9<K#oT37vCtw7L>>mpXK{E-)
zv9FUE+P|@lUEuy%%^g$*$g@={61&J8!7bdj;{3@aGJeNHy4%y)=n{WaL=vK1Vw6CQ
z@+(m6Q{tKMj~WC0<7w|b4?bx)VCp(Y^z^S1;IKl~#R^f?>|4B0)2CZIizA1*mv@#d
zcKavyh|o8uRy&<^yUd?k`O**WW98o47m{*0hu_zJ&pLQJI;dWpHH6i}Pz!Lw8Ze03
zVN~64=K|SPzx6mBO;{o$DA9pko#U6<F5Y3M9N5~OqnD%e0rAqCV#@U>COho_pS^5w
z%50a%oawPDFE_<E$Ir#iBZormJo>DnEwC-XXNp=7{TdIFt_^@bChZM@rAiP5<K*|5
z3ig{@61S)xg_b$87Sf$DmPl5nFCXkH{f|M1Z<1hIm;_L>sF{_-CW{>R1H7FD-@1Jc
zb@FnuX;woSNiyparG0rY`9FSQcCBt2bma|!$3LQKB`~+scBSfeaJ|lXLbec0>vh0@
zW=c<!i|H0??;hPE#<56!YM2rLrj3GuDhg`mM4mr6Ga_;#YnU1dtw#7IJ@l2a9^VBv
zSM>kKh=aefS9%>qr{I{4!Pr7A?es3t^;kqLUkXvoy8Uo#lz+uo1%ktv1G`r6^Zh=#
zCv0X<$KcwJW>^I@I7_bCuAGk(XguGolMp4O`dC0-F?rUCO!B06>`lQ0VY2c(1oJaS
zjm^Ij-<~*t#5X?2M69H}PH$TvY}4Hoh{yM1Lcn;#CpLdb9je=pO)D0*02f&1+ieZ!
zN(^Yk#OU?geBD~t7;}bWv5(C#T?%eC1(E<z{{y3R_ndDj^-aYy?+AynGAe}=-mWP-
z)Jx$pjXM%`<Zh(%P}tNs*6b^t9s6k?A9V5i2WKZm3>rHvk9hS+j%mj*z*uHZOsnT7
zr+5Q&dl6UdOD2xtFQ)ZG>fSmt5@TRp{n?X0NA$c8Y$nsws=FfcTr?WKA)-?($bDG`
z;t1DSQzOkan+fTtUUf;Kx|UD^cdcz}SKrjBsM6}AQ*}cxZ;xEu96Y@=baDIF1Ka2N
zf81J^c1ACMeH}avIIR1}ZSP_`^z!v3{WEnP3ZfOYC!jGCRZw=Gha7(3@wP1o+C__y
zMb4hF42}#0%?%2d9zY`eg9s8=_=3=aU+_C15Uw_H{dP-~SMaVjXOVW<)sdQ0Um-(M
z3Y_v~JcJ02AwS2X4Ut=X>GFMu+GGat(O_oQnub5HwZ#l$<nbjVN!t>cgAwP~pMwwi
zUgEp>7!t~aP?^|80T~6KYAu$m|Br(Y&k@jH>fI(v9(+fOgg#WFP5?1*F9p_dAT#AV
zk}>%nZU|dA$@_Q{%wED9cIThRegq}tVJ}fT+SG>?6x;iRG#+1-3tv^stjfGbi2;KT
zpyjTJCJbCX9B~Z-<(PV_p4Twkg7=@CDq)JcozZg}>fn{A>tazXiQ58Fe5OQ0T!@&<
z^d;iH65^!ev7b3=KyjoM1x*<njLi3|ZN0W}06D$80fStQc`9YrTj7I$`^E2Rx4tnH
z{T6w-ekSK%Udbh0M@0HUiTz$*s%XqTTU%Ko&3R;f;Y$r-CV*7FqYv*FH(~6}|4Qo&
ziZNkd(mRuwe@>`Jf(EVchsWd0?(=SCU#i?(e&@&}IY892g@Bq}3hLQuzOWjYH&GWj
ztjF(rdz4sS05<ogx1V6w<>UDLcD>4cyb5E)O^$*@AxLkPmvxH(#;{3%OqSW{&sFZm
z%PE#_4C4?eD<fG{NLTnmXJju0`;;jUf>I(4t%X-zkW`dT9{cN)0V5^$7*jp7v6rK>
z`+c;9I~h~@G!maCU7bqTW&5KM@o|;Qo9^P1zIL1Zylep6H;4J_bY~G3j={+UK3;{{
zC{m&rl4nSzx}9&qYw#==wuI8dY`i*`MUEFm4sa-6#}C?~bteY{I=3C5d3^@zqJ7fP
zgkD`ek@h%)8{!l)x$A@1>t$$5Iv(E%m0y~!&ewI^yQE2$(UnWJ2>0R*I-#k+GWV5Q
zI0NmN8TY>CIBBFhw9lc=kG9)}s$PYhUZIk>h$Ux*Y12q<4vj+W$1l-9`(YL*SvN7}
z)`-oHHq&|Ca68%=e5WpLzCH`h@*0<LOYtjj?`{Xv_I|x7g>LyYimptz!xE)cBN$9(
z4dL6D??n9_n&M7j6DxnMyRID`g{{s3Vc`voSku?!#HuMuiEd~Q|Ey6HmqT(=r{%nw
zhBbjwa_hK-Ke|=&s-;)nglcz4qbLtg*|;l~Xg$Qy(ao}gRm!S=L7iP%HfXoa#Iq9a
z*-UNfNHpaBfE6m5afykMI4t^xwqHjdSJH_U=ZAKjg{Yb7cPoqrTDJhVVa2L%+1kV?
zMo>x7X$=8}w_R6^iB%eCh9Dn#D4GG$?U%IGjU69RQo>nP<Exud<xSw;>^Lm5&OziA
zrxNz&4G$s0>q;NFA87)V`grPbupBWqeu?fq4Ppm9gAg{|_E%i5%w_k51+ldv`zbt%
z>t0`yn!ZARzOjPL^;V*bm)M_>1s@3U%kJ}7rsiD@6ddO<LAt^zSEaS+1|Qe|RH<z~
z;uL>{91Ue0sug1U0uenj)8@AD3#YUNW@50zw4qjQH}f@j@)C)35m_4U3rRkuv5RY|
zfqNFn41ac9q6NXN=n+iR@_0u`zQzoxyEl5UuBY6ORnO59O?><&N2hOt)Mc(u5Rjk9
zG-p)mNx^44l~#!_C#ab_<qm}?4x<GK5sMT9KLKm<fb*b|*2hbxTMa4B4@I!h0Lt7+
z@>bvyDz&~wN)I*J1I0p+>klDUNyIA@mg#dal3vOCKogY*@$V*Lc69DI#o59nJC*^H
zn=D1mJ%Ti?HMG!C7x2h5q&*51@no-ZkC*vU6f|EAr#$8j2S`p(^;N#uRhu{I{<=WZ
z8n>vCHE+>c(OH_#^>%~vhQ@r>GuVB5;<N_AeuDWVEOTYD!^B!#&Wv$;|2>>u^wAK%
zBi+CrdNRd$-|8Cy7>7VsRS2&;8e05~m8dKrqdrmPCn!dDf|i6_)f=ge>)gBf*f24I
z9>K^2Qi9wSQigpx?(Hli<8FEgtQ|y7lx@o6Z<9>_iI7zX!Q_>M)#~Bif;Obn_I;Gc
z$1@_GQDYXC-;R~;Og>K2pt`OSE6u#qim=j9NzTU74q5fUGt{^^(X7zeZaI_o0b^Fv
z;A($JMAk75fpp#x8WLXA(t0Mz%?duEDQiW?b{yB?bQgim%E!#kN3(SMN3Mx!x(dI$
z&cY!)++6UFLa}BNi>}Dffs9ujwmxp9Axbb;p|9P8FyhRoQ=;Zmxgx?<V<M5nj-4=d
zE^w7z;f|bSn#nDnCxzJ)n4XI=o;xR^r?MdTo4<W4%LiU$N=|<;mJ*sET<yn>C!!{u
zJkR#mmHW7v22AdM)CcK4AJ}!nL60jjy*=N^W#2<r<%jsZ;F&j3=vU#WpM9c#+g$D!
zF7n%p@EqC!eC~?nc7BD1hCck__x{*l-I>jf$>Q_=xqrPnn=m~6;r#qOTHjCZOB9;T
z*3cqX%97;E^|o)u3i$;2k{UixY<$l=7eT_r`paMl3&-c}nIb2XxM3TwtVsL%cyg9F
zW3)I{<~UOao<3?a6uK0hExljb^V&LoiL+4D=V!Dw)L|$g-(Up+EJ;PhW{|{%zHe+Z
z2RpS}>P&9!RLm&gkd~3-%+7V5ryo<_@DY4oqpxu;=|^?X?(t>DX_$33iHUD-_C81L
zd$F;66ZZ1)<H@MSF+?CEomM;_i%wXX+&MlrH*Ok>l2t$Sh?$mlZeo(}CS>vDsPSmx
zse)h4O)~Nf{!Z+7$ID4}spppLc{<Lkqh{O3!pk(cjsFeGztyRk#9>1;<`)^~v{F7e
zA1OXR9~0Xwqpd4DVRf#EDBZWwUxo>-pO>#MXg}63YB4P5C;BpHuEu#LR~R`n-!JSw
ztj>0!<nS{>0)HU)x*C~($6-ki!gL*;fEh<up8huKPpag+ciZPaY|GL9pw;#6Ep8hV
z;M?{D6tkyq*if0>!S!|Gh6{PlQ#OPI!^@s+aYG=*HLdRoQ|;%&PbRyTxkjT(@7}%F
z!<UMQ5^bfC44-fY@_O_F&J#P3URVh%0g|`XsH+yXr?{dyXeAUHe!v+6FQYAwF31}5
zTtdZi28%`5^^CGCtLr&9`c#ej%v62k@%0F6f-DOqeM$}O-AlDWmn(w&{<zN3mR*uq
zwZxInD0N}1hVYA_raLOj9lR<_9SKW~Jap=cT99;3`t5E%R3abd+HG?Be_D8l%oka1
z-g(B()qybrJk^bRSgmkjvoK2$D=sB$$xbQ{+R8iWkq9WI$4Sw!c~Pb5ASv(rTs;}>
zW~9lOIWDFEGBE#Y-x=Y1rO-nq5vNqDqB7k(CrHb?3(xFLATeR{9$7|=3d85VbCh}0
zb;|>@O6I(0^)l{ktjH|^8(%NS9~xCJG1jak)`Nl^>AeZC@B~1n{*JSv+hxzN7(tVF
z?F2}1I6egkC_%zbFNh<iTcbPMeBP}%Y^Pt}1uE2WTRQ1#oW{=al=RtVK<xRmB8t6b
zId3gPMXIicOpSIZK~I|i(?A9(K;-pk!kdnn6VQ`&3=7i%Aaa}REykmIR7>D4V)Cv!
zG`NVd&;AC#XzCmhiElgvgykD$!klthT6?#i7`F@ZI@QT1E+$VQh?Ia|ID>}4uqB4j
z*anc0iUJLd#lS9&bGGVvpVp!=)!oEittp<<)@6s1bea3GI@<?zdcT)AD77#;v@F$o
zapK}MFBUJ?5z|Rp?&Ws6G-4aUwA=Q+$_7pP|5zU}oN=fO{G{N>aga_tSJ}3S_G&xe
z{&je8BlEqxCTWv<_HlRWZGCdk^Q_gF<(+bx%OSCn*Vl}?omZUjdyEXuB^!koc_+lo
zpe5F0H+JeV-xvPU{7<iiXew=>>&JY&@QHj_0fmiTr27_TwjtN^qM57a1s<*N<pCV<
z^^i;m9d-;q(ZTc2R?AQKB8zx06E)SCl9m*%Hpsq{s+_zafqnp1F!y5XFkF>tm7!YV
z3&4$W!LcOByI6sqbrW{*jiKL0UY>?!sL00MKAC00TrLM_Hx_8NuElW7j9GU#>QP6G
zM-10__J?0c)GV=!qcCvTlzwx?B>hBSWdQM+a5VCcF#sN9L8Y+w1AQm!)Q<@GYd#;K
z7$Fn>k79%(WzJq_u-B1xXwf!u`4*l|KN`GkxVwtRO7A8NUb*CN0trbSWWJ?y!5EoM
z$~5oQSfrP2L)2&=5~aNT91l7JM=wL(ivBRUDC~wbsF{S%hp9EQupz?lUVaW=VDqz-
z?pd3UdK6e4x5f^Hl4>I~PKCPVf0TsQAh>#hD4sx1N`DC>h|iN$t3UK7KChzGML=fN
zF?~@U2`Ut~BGssqX3~GqqaGi4Sh=$?Sf=F%o8n|<U85n<{z&0#>!)?=CL}h4_&5~b
ztq8;A#4?OG@6|~`!JET{FzE(QV|+oY7WAwbnm65)Rg-&Qse>xp$R0O4npojvcAbjK
zWHvgQFvnh)O1pvP-Qr|kLi^a`U?#$rS?|lY1h<?yx^v)FE|067dXt@ZhNAddXpszl
z0!(viD)kdVzNFhISpLm6y?e<&W6??t69)8?FJSkSz(&ColMj&*oY?Gn4F})4P|!_m
z{O<9)d~={Cl1U+E^opn_jmhx^X{HTPsuWlGEf;ueFiWONN==czIlPBdPa)sUL@Zw#
zG?*cxre$po7U#VXe%$)@vG7I>))vWaSJI&LT%yZd`eXdOjz58wF&MT}3v7VJw-T#6
zRsQz%n3DpdajWBFE(sgM*hR029`3Ix(PE6y)GtC7>Du-8QYDVfj~nA{z+YOs=b|1P
z7dg_1oE#$03%|k#9rszzsZZUne*duJf$p#?Hft*X044R~@NzLbtZwY*<#lKcF^8v2
z07b{=yrE3+FX@hB$ApaOnjCQK;QlbKZ#7US4d#(lb$z4jd%d1l+7VA(`2ML!6;4?G
zg~EV}|2&slU9$jsKIfN{EHdLDBkhV|U%@9)Bh|X^<EE{{a71fRB;U<bZkidvS|!*r
zu&ZlL8Ca`ULG@s6BF<)Pu^7QGu)--$i;aXeUJaX0X#GiWc-_1<>b+BK-U-^L2Eme)
zo;trI8FnGK-|!JWUp2lLE6)S^XqS4sd(x-GD@r=_^>YkCIth2MEWV~=UfY%Mj6ClH
zQRZBkghsk4#mm{N*v{0m`C_}%OiJ0A&N-lKPx*iY%elkT#0bEuA5QfP(4y;iOc$pB
zxA>pbGp+EKynOlDec;Yqq9g9>u4E3Hh8i_GZ!UZiu|XGb`W{<YQ#LX02_iKLs-*e3
z_Xe5>XBlfnAj}fki|(tuVbl*4Vi;M>#X@6#`AwGsYe%TTSBkT^8^K~6z%&Lcy-G?m
zjpKgjROCe#vYAqW&g$=GdzE|*A~9|4#pYk5bDU^YKz@_Yn<Ho-J3@eB`v8eibXwBH
zqPfj5J<>Oz`gBq+s0A!YHNAN1^Zwoky+wHouD}r$z5!i!57EgxoS4C~IGZQSPYt3<
zKy_9qieBoM3G1!3tV`e4d#!rnB50;&!Yd2B^s?)lA4IPDYS|_>*Pj}nDcgbjE?w&D
zx^eqZh~YMK@pboT>tMgyi}uFH+1OJPPp5UE-liYnmZ^J>9Ca;e%8`cn|1{J@AwsS%
zObHlQ+hF`4;~0$E${nwHfHxQDm`yo61sACFSZkx78djgi_G%@9TD#>wdC*IOIZ=hP
znw9{u-h#5K9zM|xbJmu<ZI`gq5_R4=ZAGMf8;>sfTpI9YfK1F9Or_V=@)0sWH*o&$
z{(O*|DB3pq6JntCgMhy>a)^u>gS5sFy7reGJZn$ar3JHofyOCF`lF!Y+gHFJPJvGs
zsizB?9}CgO*4a&Q8N&vftaZBlPEABK?ny~GkAxlyv4DpAS@vnM(ER?u{9#X7FVOGs
zPLT;LifXrMwI1h+ba003lG2NkmpumD_ABr>O`xF{JqFm(){yY){{61oHGuv?(9ooa
z_ZFH|mJsrm01pb0tM4x5Zd1j^wmwWl_MbU+GKmBO2DiPMn!#N2oFqt?J;+RB48Vg?
zmW~C(F+7)p!eiyf79Ubi9x&lm6(`ni1@~2u1t2#ZmqO@E7Ls+o%QBf}O7j>A(<X67
zKnJbm_H{MEIFJ*PU<|5ycI>ICREoxfr9|Z{>9jc5$&h0D<TXUGZkFWMrB7Em7Q5QS
zcsD?L0e3d$p~HqBSSj{5{k(vU(_$|P<wtc8Pf*dBU${^4D6woSwQ?H&dVq9y=--S&
zR_}rXVMlyued>TPdk1yq1gSt9`NI%~%;cREGQh8EKs<l>v%hkUo9|YtrkgXWCfs)P
zb~58(2-?2(zBPW`xga6BWAlZ7I5wG}-Z5`Wwzf>SAj{~1$RbznOMDH2cJD@I5l|6f
zEQV?aNw9IhCM7v#@vkCj3(90s<tx;F?r<f|A;Zw0lx!b0$F$!8#aCun;cjJjkWK`G
z8#E#DZG#AciJlD$yIU-Jmlu28JHMXI=p36u9agrox_w_ayBg7^wz^$Tsb!oc>bD(I
z-%0vbF5#*{SSHFHd@(znR4#DC5m6>-c0;ym-X%T1jw4ehrdm4QT2b0a%H(&9FwIhp
zL_vis*XjsaF^fx&HdhaIYk$1&9=H)Ze#{??8z~;9Da57ZH8`cpYumokW#HXwX6KJ!
zf&~IkrUVKS=x&|ZNO7n(;;jW%)vGr?azzGE<XxKQ+a<QgK+(_gQ6=bEpRp9JjkWV<
zmTKPHia85d7_+m%u;oj^RzALe<%m#%Ipbq<M;I=R>w`F=gsN8Q?I+ve**T6GRsuiP
zt+zjNF$<Uac_oO~dN_xG=`_E#JcycR7z0~Hh)_#ZIs(aMt|H!N)(VvIoww)h8;{+n
zMT2ZmZSlOTtS#gTLS0~)mF{Qpw#dV{%+80sNV$GaYf(KL8Unf$f6i2q#kkBB;&q+y
zR4mZgYyH;%5Gnd4MrHmyI-SL#jCqq@%?Syf$zr1M0otDLq{L-3p9uZ^+!)lQ_x0`1
zcMwF|YLL_Jt}fi4cZ(hBC73WKKG{&c1n_HXvq|yZe}PPyJ>roh!U}}OJ~0CtHzI{(
zY0!Uo3ZRPgqeo5X7GR67``qfrUy;3%Nj@p5wqzXbD#3P(`4h;u7vA+S#x;8-pA50p
zR7aVH_8x&|84i50X+H*geyj3;rO{?9Y5TD%%hkBeh1agAEgDlOo4Awv#^#KGP0|m0
z{;BJo++oyS3(|pK!eR61sTHTS*tiuNzAXFb<C3IJrS+nHXHTwxJK_A%hiM!+&ULq3
zHE*Ow@r#AMP4M^3bx|(CBN}>cw_3t9`9aNF64uB`p92x)+-_l34Bn#wn;+mH7G-5c
zqF-WWBGT`OQ1<z5IW8m!?`vP=$T6tfmPH0cuEul>=g-tkF@M|z)C=gazw9*m{6v+e
zYf;=Rx|b~QuU@{_0q-_92(P5FEIY-;;q&!qp}iS4d7``QB8bww+|(?T5k)Iy6xuml
zplw`SoUn8KxumpGY4d)Gt8cEtGvMe7dn;RdM;7k2@253#L~Z)h_3-CbXok;l|BJv^
zj(4FJl;w&P$m>@R8R->B_Ej2E<pgSU8dK9bR8v;A-SRhlyu*X<L`}3;-SwRI(JYg<
ztn`o8(o?=|BqnjtSi(#{-?q^P!jZiMBfS|m>I<hisER&|m0=WIbQq9?t|ZZNlb!8C
zi_+fOzs?>mdw+jL0A(FwwPB60Evg=_J2mrdF8tMB>mf9Cw4>~pT)aAW<kgi)?_kjP
zdG<@_RHasn1dx42r?sDPF9x^JJoq%{J|r>{bFc2vE}E`}!kEy&$pJ5Y5)2)2V8)r+
zn0)m~$u3M0iw+81xElc|g`OCx97ai{bb@o*d~kGbLHY<&sEE<M;MG!lhZpnhG;3c+
zhgUsW2e+tntwkR@8Z8O!8T~4Lj;2x?pi{gl49$f=>zZL+ae7h}8pGog-qIUTDuQ-~
zqKaQ6M(SdJOLr*YBO1{qPlu*y5HL2CniKN@*~X6?VCJgi!a3u<ds-t-VJvkymb}am
zzdDs|xuK>HQjP&*!&#qp6*~uuO?+s5RnZbo{Wf1grurk#C-AVQE+TyXOgpFO2P}&C
zpO1KFp8FtGvY5=<T5Un-PTWVMJlfPM9v3J=^8qu1SbmjOZTf(Mt?(v^C`h?*#)c1y
z>r{7sNb##X-Koo6e0<|K;(@G8?F^fq*pDIw)_e42V@sJu0@(?rj+K?XMAS5Ot^>bv
zQE@N^^X!BDVPwxZ6GAk~Y}rYz;N=xl(wH^Q@l0wCH8i-on6(X*?<R&q^_DDnm=V+K
zPwhzK{vsRkVMYh~m!CxwIQL-yee@Fb0(eUtC83II8X1_I&Xkhz0)2)b)L$C!&Ubr|
zr@mKqepZB(=JKy8HS$m^DJN>ePF)t^BieeUt<M{riQn5qp>4z{k_J^;$HBOIKj`Z8
zVhuS!Az=Rci36QjVMCt!(ft!8G>{TsAx}SI+8~r)BLOdd)$OGY`w!_HxV+b_I9_U=
z7ruQy{VTgsdPoXsEtm4#Ok}BoEhn5T->s*uc$?k<3kgy)7LR(!?>h9#R9XChLV8aD
z!OM5@Z^WTnS&`iz;oN&6)OMZuEy$Jw$!lMU(l<|W;~AV=dPc@{<nqg+YeS+SmK0-Q
zt2cs3J@m7LsLh&PNYS5ULP1>(mVsnyS@`+hqP%A=b?dq=%H9`cHMSCrKObj=X{Y(@
zr^^$#^f;r^;&t-q$V9gmie!oNp^ds+acs=HnW;}}p%bXr|Jqy-XRUy?f`3F)i}?b+
zT5*-cJUjxAhB}q*t!{n@E=janqg?B3qre@w+R0p`$G5LOzZ}g+bl*E+LpiqU6?{Z(
zA7LU*EL!vvwMsBbPzjhKU=Hs!>m~y*S5m3D%j~jEo6da?^pGPIDw0ah{l%E|G|lx>
z7&aN{%!Yqnk0aSv5Zf37Q<k=&aNFhYHj^Ifp<?;JbVM5B)jr#B7X!{8e6gM)p(GJo
zlDF?e0sMy30-qx^)M&#9?ySEqt;TXV^ssGbrbhf8EfMsO0p@#ZF^_KF)9u`BN?%$$
zu9V4wwK%S}CPOc`XGvD%4Vmw~X<5X_=F=i9w~K1^6`8PZo`_FTnZq!$GnQOv8dj=R
z55xJXarVtS8uZ{im;f^&!K-Aq(;Uzx6+B0%iS$E}*n8eJJjnv5)&hADBC!Z=n!soE
zQM2rt(T%SbrOM%RrCvfKY1}q38xiO9BcOQPZrUP78&clqGa22B@7vv>IoSJ~4FiKA
zj$~Y|g2;s-O*J^H_sjZ^ANtpbZ6G~1aR?CU8;S$FJv9>ubq55S&244)ekOFfC>|2Z
zL&&CLjwawTKCkWvqW4b;&34xjO^lm~BkD~RJg7&hG$mX%#0)#%gZ=f|I3d4)-1NRJ
zr;|CMoM-HE|1g@Tl)A_BSMmx6yu@C<{^X%$BEyY<UTZ_3`0Q%bFQB%7eFN4TvN6`b
zOy{W2?f|NVi-v+7mreKsM5`zBNt>fD+}jb@z4{b;C3bpHYQ^yiL8pOIyo?SFWq?&n
zQ=N!5B5F@LXJpk;@11@4LLz<0AY4_{;lz?%=d-(7F*Wig{7o`d{;S^;glXqUJt+lH
zI$$z<P0jSFZ6(gm5kZhG4kP33yTo`TaP)<+_^2}BEy_tc2&Yc{L10hJj^#Sh#Q77<
zZVbhJbx|A&be=k670<`44rQ~WOWN=S5E9_P^l(5yJ*FVf+(^LJUCTu%v5NE4w-14A
zD<vEjj7?+(ht~47gN@To?F3{`R+SS$A+hiU&lp?rI_#<_*RbV<A&UL6ld#WlRD%K9
z_}X^N-wcGwcAHQ_Qaw2`j*<|&$fgT;qt9d=Rok1vqS2I(wS`&KOJ`U1o4hLDZIM-l
z8<Mbt(KG}h7BDUfvxU~S>N}Wrr}uQo-lvb;>F>r;`Ra?)?jP9_bn(pQm=T2Or<uc_
z_!2yG^krKm2jI>`1bN(ds90}G;Z75KtW>EE!{&MgyqMv09H%<APId9R<Ij3}yPBz7
z?6tRrUD362m9fk@VZv_db63+jF$wk0>Ww>dz=t0&y1!P3?d|VY{0KSd<8CJq;xbjX
z_o(C;x$ex%HC3ka6_rV2Yr20o<^st)7Arffr3+)bfI5RL@7)uObd0|Nqd5&A#<>rX
z;A@=HP6h8jq`8K!i_Rqrp4q=22pL#oRZh}LluQ6$9L3pAb*J;_z7C6G<Odl@@X$k@
zF9I)MaJ)e0nI`0B?E;3Z7)8yjL;Na{z?r7RT7C3d6mjltCH%2@(|kQ}^@x)RChbjt
zMqOy!I+d)#Kz*C<Ao947!RPbnWw#GaOqo`X@CC}%fD-eUJCoPjIVaz0)=P}tFA$N}
zblTChG&;Q~dfjaAla5#(a(dmaJGjiKX)&=WGrr;F13x|%DS`;v!3H6Bk$%1zk+@p#
zTczIHo99VJMDX#Xv5`=-(5+Yl1=$HH+&;MGS&{cEMTO_IBV!6l8(Fe=CJ8*>C;q5Y
z-`Erl(T|JBV&=lp&j$h_PLG6SSWko|;K%+aTA`=;uH4RA<P7N;PJMzo{pD=!xXLq`
zZ5Q_V?O;^_H>~usaz1S1%UDd<Q7`Z5MP-R(HrxT@rM?~k>!Ib&{glwn1fj&aoUJDJ
z=?6)VCe}>jJ96{j3LD2`P|Bhk`K1Hs;0coZQ+uto=0^Evug5BksjN!2o9k<bBFijP
zplg=<E+zQS6Rh^olq7&=1~?DRNhu*UxDT|9C{3WD5*L%Vs<prq=AT)+r7~)CA>|Nj
zB&fnZf$9uIQ{$7R8SkXc@4Wfb9aU1c-|Lm{z#|PMH5`h*Pnr_W`H>G^i8Ret>PnlQ
zzRD@|L8jOZl}ET=C^MS1)pB(}==PBQTuqEpwbC?wy-u%k-C8MOY8#kIkvN&{N5hD%
z!^z%3^Q}Lq?$RVs-+a4WR0GzJ0fzyR!1gMl0xRqh$%tkt9Ryi;460mH?$ou~=h^HH
zz$c+`4>edfSaHQ@I<4=oxnQuiI_ih-Z~Ehs8+IMOAI%5wOgDeUV1<j18&=E84xb_f
zPO*9b$yi7+|0j65kzR-^6vj>rO?{wGD?TCFp;F%=E`?bzazddi&y95|;*rL_btE}W
zXSsBhQGH&9o-UYO-&>L}X1fDqu1x7hfA;kpnL*Xh{o|0_VqKMbTCuQ>S67gSO+FGK
zJXehSx%1^2u~%#m!b@vrNx0LKz*pm{bs-9yRx-I+tZ1DT^m0};cYEZgK(rxqQs=U?
z`=TtGy9cOrSql+~GA+qqW9%5;Lc^nLa%(CQPxU=|RL_@O{djuyDnN6+MeAGkZk2N@
zE9H5op3;_y76bN25LFhKxXHZ-&@XIK%c;63{e)-SpUsKn_6o$eTdkppG^vdtJ=r4a
z*VhE(2bHnQ%3M_rq-d<e5q07a=D2xF5}J7`6X>Gj&wb7_htO(e#-~yX0{$(s%&i2>
zf`l&-lOuaSD}wRKZPOcPzB17|Ny+v-)M26Bf)rBbA}d(l-d{gF#V}yCSpVWCuMQ%C
zIWlkZ>GU=xfKV!N<e45Hr9g}XQsY+kDuS;FbrFa0kx$fcy?#DBlKaSTOiC2^@f_)O
zJGm?epN-Gw$+mWus^Df<U$j*_e%x7RSJ~p215Uk8YXN#FXmwm`kpr7bZkLVWIfOL(
zE&T#gDSv0lPZj5Iiu0FrXtPVn0HT3Qf<8Ef$#{?perIMRxM%O{&Co}f3)VX;?W!`Z
z5Z#qhA5U>Ce34r5v~?jGuLMk8&h6S$g8V@?;^GkohZtG>8BEziWo#yd0`mO@HALo-
zl6_czb6V;RkNg9T$Azs<wcL?WMprrA*3UPfQPEhnryO|I)23`1!5E9lSda!S&Cy#v
zGHb$@fH6{<JD+zrDmLiA8}be8%fjUx<@?i1jK$cbWj^_pl_ig&Lvjp>J8CJtdXw%=
zSDuer-S)*ARm;mh7atSKR<;8Van3ot_2EYRlUxAu{~XPi7QxN10w90;w@vOC$2Ozy
zD@X_Ta0$q{EnWSUn#c>&RULANU|+W^)xtzACI_OnH*<VJo(ay>!qxhBCQ*&Qv6m@+
zsqOAZ$3!2W#qD+|{=EFL^6?SE2mFvfrK;KmcE`^flA-t<j21t&!dMjS5hO^wNXjNm
zloe5-&4IPIQ&yf@a4CwGn_-ZpY3F#T#MfTo_NFJf?>9r7AKYHz>_U&bRZa_2OvIVi
z+Qw10z?xhqR2Ou*wo)@Si8vX-DRSu>)$9y{3O){~ckuCHs`B1s!PFYwJ|tDOnUZo=
zYDF&`86Ct_m!l8x2_OZ(c5;IuUlrQemaz!VA?JJrVn7u|Rq`*KuNtq0@!Sk<^$|)v
zONVnqWoQBo^Zq1Y9i6&)Xur|9gUF$M<xXB{^;Ns3pa~uaG-uAVuzG#y^k~Rqe$587
zTujex`A4e;qU-dPU@CiqH8DlU`kY>pqFaiGq=m4qBg4y@64|~5OaU!JxiyzXdnKTQ
zxdO$8f3O`FPeSU6C@B$eJme^mCWB|UToKd;mxngt^EPMbs#6TzV8d#YCaC|Jxmb2)
zcfWRI2nkc^F!_-;Fne(mmMG93f%e9d1O(*g7OE)J$~B?@)NDcX_OCuq2R1CO1^7yC
z&Yw{{NAw2;!IcKorTL2|E*Zf~ve35iOB9EirznS;wlmI?h&QcicuYR)JC2Xgo+Dv)
z521)OYm++xQu3B#+!TMY7)EY{0Ng_hNT|Ut>xR>=G*X70uF5sCfmZqSjqR&fccqCr
zIs;ofRd%nGPb*y8y4)+`Od)Pq$?CW$#N0$J&VB@h>rU01ss5Xg5SF&wt%&#i(KSP2
zhJ=>aWR^LS>||NgS!+BEL`<pfpu#Xbw*R&;yTS~p@1Wi*FE9>ctYQUPF733Bn_-M>
zp;wZ>=&enjWP3as_8gpUet6Jf%J`1e%lJE}uU-g#+Sy44+OUy-mi2%mVC$%-7ao&2
zE$Q<q6-oNxqdE#;FSvA10DG}~{j7nUy8MTF(NJhpMQR;ZmtZY0iu9VZpN%#db-JGG
zBc$S1fP9osz0N^Ei*{PRgD^=eQId=XwG5rz)7*Xka<K#0EPHog4(WlA>C-quLNFJs
z(roFiY9fYjV4CJe=tNa6i=@BYuxHc9UMG+k&S7l~mT@m)kn$2>B_+AhAoa?Nln;ET
z@AFQi7AXo5^_Kk6$%TuD%j*LoQ|cJdLH~-O1S!fDzdIA9ouvyzi{jqzb$r(5jAJV4
z{ut-Yg7qCt)3@}wI7(KFD)~c=w#rp!54Cc%U?I!V|0mt<o!4Gg;epVKF;?o$2+sqC
zQ(D$R(9aj3Jzf1K)rhV`S4TFL$j?>Ubg4{>7-&#g0$=m-`uJ8ZpoKPUAdvh@qzg-)
z=azWvgEm<Q&z{NWO_Jq;rPU)G(BetQNkG#R8|$RCzm*%CjA7pUOr@31niB5ZcHh6W
zY&xo`RH>KZoUV(oYaq5C<I1>{iZ*OlNqs^%fe)<P3YbXsl5*lYJJ{v4S-Nn3P?jT(
z%o%%c_4*69{&cP;!HW#c?3p`&ciHUl$1oEoYc!~RvdxDJ8S+k$T=+w`z`!KuX<$nD
z4VfB;>`uJ|&Hh(q_ZVE~zCL_BX5+?oW2;ePqj6)~w%MSuoyJCE+qP}n>sjsI=bZi5
zizhFVd*;qe*2-kEGWlHJ>vxJz6S%GJh>}<FVYf`XCASm7l#`JW2f0@y#pqGE_hUr*
zmPMHVqGZ5%RN}!IM~*f0uPJ~eOY<6x=YMo7^c)O|RmNnFyo?GfHDDdp_EiE=QiX{`
zph9I(xiNcrKLgQI*g7B&&8|nVZEV^s@i%UX^bT0BkoG%Hhrb=>%PNc%)(-F4;Izzm
z=89Lzw9BVbEYQB8mRN?1Ei7ff-F;=%Dvj@Ou!9e~5y=FX2(FT(PGs@ASGmKL!`fbX
zqIGnE^+Fc`ZDd}ZK^uS+b;zDTYBkyIojCw6mI@FegpRWA>Am)DTyz0z>YD0q_hfOd
z*<srKWC*^lNpV*IR;3J%qIAxmJdEUVh<No2R>yYl2eKmGj6WTPbcrsjF?maqWunI_
z5dkXUDVv5hCx^Ddn69~IEp$7^Gb8VI0gB>eMNDX}_h-@gUkt`+Q7}Z7$4xssnO0ga
zV*#h1G0|pURv!?n!dB%kx4mjYHY{G`iVIM_8qo##__1ZYDfh*7b$;;(h*s;4^cG~Z
zG8SsexhC3)16TCE@OEx=MIw5FVAzD>wQw-<W0`Edr8r4#;kGXzhH>q72z||{#mg-(
zze2P&8;f&wkz`mg2QSq(s`8N^@xS#Mxxx@_iGIIS>4##b!HO%K(j7x@(t?<K@nhFh
zPAPoowTy)>s3YRsMib_&V5{;&o}-vlz0U4!JiBF86m_CnLQ-<Ur%J;UygKjr9OE%b
zCH7f}LW)q#^+75e&#m%CzvZBJ>Ejc~!%zZ^DHDzA9gA*_<9g7s|5^do7tY`fY+}5F
z+X!jN%>3Q(L{v$|BkS}^;3{y(Bv?W)+>1Y}z!L{iFoCPUm4)(;A`WWxx<eN4L??>e
zGJC?*v}(@QCH;;~;gabQ;Hmg%iNPiNo1rckX*bJ-5s?oiMprI0y|@)lp(Va+jjbT)
zT2`hdyrF+cU@1sb7v`7m)kqz68|MMb)g2mSZ^Zv>TVNB^y6+aEph9@vRQYS(B&<5I
zJsBftu-Eb^e-oyIyMII2H~ESi2D5(M4nSb@p5NpS>ROPgasl-9`I`cr3QbYkh74_h
zvL8+-XuM+WOFCI6TvXMId-_d~_`n|7#Td8uKgnvRS7Dc(BuST>?ImDpuItUs{eBxi
zMs!4UE>xf!R@&w%cYh$5s9bNDxqTBScT0Drwzhx|7plaG&y|akCt<^cqzP&qrO`$V
zS2vBhUT#Hve5dLh=UZhKmj(((>#(H!3o^;4!S$)F!?XjSTWxhs?eJ2z`;m*hzb;S>
zqt4&^8FIz0Sbs_^NmwPWa)v3x2eSz2Tqdq!$5}%3`z54%hO9;x#7`*V@&}w+KCK*M
zM9>flKeGC%6C->T$cH)$G#zDwAIHdK%1s<j7ljaPmN(H_32N-=WVO&Z%Xw)lF=ta-
z!;?}kZ%LkeqCdAo^_Z+U5=DSm@N`ZfDX{Q4bnxAVKP<;;^)*K**3)>y5ZgV6#F>^8
z!8_GgUSno^L%=lGus&9|*RIqdzG8Gm&|}uv_;$&zUw=R#`;^(@N*Ln#i`G4yE;;@#
z2@eMB8I?3rTWIt!P(&9lwFpe{B&tHN)EQfEbAIV#?G}tZP<`a=_28Q(E3A;DR~cc&
zj4!(0cFms=y6sxv%;H*=%7xr<@BL_`&ki?8DHvk0+ME9dr($aUm}v#t$f9+c;Pxk=
zH-VWwXPo`Vn?B^uJ%P^?*Ekpq=4!kmmo<n<(Y?#u>;ad8<G%m!*(Wjaz`A%jdwOZu
zXnNg0xY+oNFuwn@oFJqw4CUU~rVQnakapzD$YDmQc_nN_wyE(J<!kVnY6Fgq8%YqV
zqKvFJUH%@~0oSy4vF{De%m)(npn2oy<X9V>NS~(Hm%fn;(cRa=k)(m2qbzykg8kIV
zJ%QWyD=vB~*~@MU%7ti1P^>zLP=2mng$;CDYG?MQNX_H=bIT{RaJiw)RT1slXP-%0
zg<p!Ky{pS-lFex@-W?0fr&{o*a)Jd!{2|k($b&DR-+A!*hM3Br=4pRx(-AW@?Cr1{
zT(^btWt9Y{9H;xwD<$IZ2eq`TZfQ*jyxYVJn$N@re5x<aje^><UNiUpUmGcg{;f@u
zNq@8{%L?GQJU(=Gc?QbR(!38Tu}|A1dNVk_{(RL}xP`}_SILfnoFt`(GMallD0>=n
zW(_GF2`cVd<t5;kk9mS?MqyT`oaTlj<rvNSZ)(!@`kR^#o&KgKJ&<Un*;C>DR}XH2
z_D8c-%h(T4wSsAq?VCuLNn;8~Z<Ad{w_HDBL;H2RMW3-duhoX`LFv@q+J@sbs40B>
zZYhn3?Jv9+Rh$_|Th~*OdX2%E6p`j17#6$AO(6Y7=e6Pq=~%)4ZA^o^*laQ+`_)!2
z2_G{OjWy(CcxR=FzafmEB`&k}(dTpY1o8!a8XmQZVG=rY_(_vEn0&I70I#k{H@YHj
zrC7wHf%qf)<jcj>+HZ);iWa$HyQ#Za*w1oJ-DHG<5ut=XW@h3f>+fkNtYYYj>SNyX
zW(ZVKp9ZT04$5Zc!x{9e30-+Z%}u!BCxKt{0cXc3QHNbL#DEVV##t~zMX=<bRE4tm
z7ghZf_j#|YT|8CQ7Dj)TQVN)IkX_x^;tVY)F*j%3g()xMVh|KKC)JtE{3uA625{Vt
zao=q{YCq9zlC^Mu8>a0km9@nvI-x*XnwRVFAA$^dHRX+5EYY5EL4VB+B9|}u6kXzC
z`}lgaRo_dP)bg|OCCXB&Ny-u<T09a3j-$}JxV*yHyLQH9o85<Va=zaC0g<tenxGq-
z8_KP4)-A4#$G($}>;N6yom=SnLdd^;$HOz*^M^OF=68$v5%5Q^HVQvg-NZ~|s+?5K
zra>x}xC+bXYaRq3R2}X91y#7;)YK9NV$&msp5&5#(lQGKRPkl04Q^xE`7@YSBL#cZ
zlc6QbpUCg4qx9ML5yMc1e2MyRPQ?>#+1cG#P%b)^dV8m)@^*Srf9u0}Kj_w!{bWnc
zH8Nu<fniLV!eq~_v)vs?oEw6eq0wL)2l6QIu~a1&U$uqCs&$!;yOrz&`Y~>ysWC`Z
zCB6pP&fRT7YR`XUFm&TNfqB;AbBX3N*$0O5A&}t(za}&&bD9}4t$jy5aJXWMno+$e
zEU(FyJ9>tVh*yV5Mh1qBvM{G8lo<-DcaJc3da1+jh8iqEx!{8ou#n-Oqv;Cz=<Zf6
z6F^7{H}%Gle4#pnj+G$KhxN3*2>Rc6KU6m$+Z}ApF_V5!<7i4vqvF`QheE(o`$d~T
zfmUFHJpyWJ!#f3YjRQ8R<j2o-x0EQuqE@$IJ*T0m{vZaHoPc7ESe0Byl(KZw_5voX
zp%e2XYrLVU-yPxOkb%dKJ6`*7mBI+@OFFIY@U9QHUFy}XZ7@EZY(9_3?drN33yw?B
z-!*?j)rTnA{|;4xAcTf6M1eYgpsM%nA5f(<e3P+wnfh<2QUYOQ``@7oxc#4o(*^r@
z;j3wyeyy~$sY+x&snC_%i?^yiSCz6xjd>Z~D1NsoGbNAQ6M~#nD&%!lzW{IQ<oNdJ
zVS&`w*q=)3w2ze^=EiHo!R0Ki>+c1{@h68Nx(lMdYUWgYzcki;#CQtzyl5ExPTE~~
zSD25{6K|GHmj+(j+_Bn_RM}sZ4rWL(`1AwUyiY;a@0mb%PH~t8FXmeWh#LHK=N9$F
zy3@`W#4?f61@>x9_rUqi1bE_OB9F0ecb#$r&KhTR;2H10mfN})fbQm_bb4aEk!T)=
zN7d4uVE*>gOrcye^v9&zdcN0|*o}E9=S)fC0oRbLbA0PhHTE0RMdm_Yer@aKC$U?<
zlB!0*M;$)zoz_>FZm;iEHPSz0ZW1TD^ot2pBQ38X%s24;>R6^a0mOXRwnB@cnfalK
z1_uG2oSNNNnpjwBhTKp$i8?eu(sYiG=>B~E;lvGr5W?a<I}K+ffQ@u)Yk6DNZV-<%
z+YDLH*bo{G*JO-O+W7{IJjPP3MD4wbll`mjm8LlR*rR2IjwF@g2HinfdE|GU2-F0-
zRxx@qTz%s1s*l^SRhY%KE7%f}RAZ;UOE8G^=?zTTn;YD?Ib89~zftSc^l#M4?XkpE
zh_8KuOH$oD8A%pBl)Ix@J;&lM?+${<=l#jQ!$r!Gu5L9#+1xoI;F1WQEEMFO%sA#4
z>}#i#byiYR$P29rBiHG{(o1{fB+_TCSI_1V#>j*7c0sL@(CW{*%mrK{K5pVbAwkT=
z9MFwNSER&~<wx|fmcSHQU?2Oc42j%s+qdb|tM(6Pb<u}*IXpD-N3}HTwAD4h?E*PV
zO4_=;y(Ub)j9_jt<9I3s(P*$-ebrV3{+rhgL)Q(BzHy7ukJd8#3M>|C#a!p@^zVIw
zyOR^@KBpFVpG=@2n<CP8g~skg0-E&c;}He28+T@F39Xa~nG1!aKgyt`L)Yaagi!tg
ztva^3dDsR;tU&p=U-=>b^en1gO=uK2B5BQQz~jN#6wLF}imq-iC$MkM`(D?F6%TLz
zeBIF2*0o9M2zhx(LimBTDIbQ(UoVBwFx<MvM%k7h1bCLxr(0Ac9PU^e8q@2Q0UD0n
zj;vO%0FH^sqXOan8lyd5t^rN%1TZvErw!W9m+3JsEYwh>{f>Folsw&oj~iD6X|msP
zA7DO-N=5u)8<|ktHH%5P3*?BLocAJ1ufoL*uF4&OmP582Ea&k&BY|E=<*1s|6R1Xc
z!tNHYf?Rc*2+E6Hq{IX<C~fycc+zYQq<eV(qL`-NajY*Opjn$g7iId@5U&tSggx=)
zxP!}DZkiR5<QMaIDb<#vZ(TIvT5bfV$Tr2y%}AX2y7S>Y8vbC}->esMyo{VH!||Ue
z7HAC7!n%e!QtDc<CPSiOs8XnfGf7Ysi3%<1J&~h1HLWy+CwLDpPkq?V#>FiM&6mBQ
zPaHY+%4s$C?YLJ5e0a`Da|)$J<-fDWif1;evr(haw0sWXm)~7xg+iFW7gq8-D{($(
zbl+RtZPOmRb&H<-N^+M;iW++wOp}MNPNVHFq30wFW1pZe0Nf_tkOIX>5@VwQ^+kFO
zcl>4;MklUdDzo2dgTGX3z+V)e+L4|Fr)<{L(q4mp*E@-fhGcnIL?XP5$j>z5ep-(B
z?1E7T`|7|hHSYbuq4mboNIGlDPu87#N`gV`a}%`tPJAhFq*VL1Jpi*p0quNQS0A=j
zIbT025br}R#}0_w!RT@MdCnD0QIycBhlJw5GUU6hiyVezK4^RGBQ*duwLAq4cDsX5
zN)%SzRulRvZT~x`EdBVgm6~%?Ej-E39UMrLnePU08#FlLq6t?fz+Z?4J?nB9#FHZ4
zKg|g&o*T@_)%evA2(;DX<02?^hcNJ_@;Rihi=A@2X|dQ%{3cE;Kaf!cQWR3Mch6Vk
zl$_=&rP3D3?)#qi-VDANh#5vSK@;)Jy@V#S(-D!zT6Ao>Axb1%A#kS4RvgAh4oant
z4yBj4@yf6%8(wITUSC9Y1W|f794u1l9)l}mY8x5?m&IaW4>Xc^n9CCKd$e<0e~gG9
zT?!%Y9j}Uy0JgS3)xyiNoKPPy^6|^{8cW<Al}=*l$E=)acU<SsjKgHucnX&7Kgc6J
zD9zkCv2P?!B}e|4q(4m1YNbzjm^--0_f)L=<oddw9O}O(X|&r@+ha3W^@(ynA91UD
z_0ad-rTEk9r~~uIe0EAOi4?LQ9WR8Udwhc<w4{LhzL}J1!%%yo9<CQ;wAGhrtOt)T
z5DR_~#cPOb^RN(9qLD74$CvYy*3jsvMHRIh1N45Sx}Ia<GjUmC*T0~8p$xn`3W}+<
z#8;v=6}qxAH}AKo*K8%b=?1$LOl7UH+l<}v@31rm6?SmpHSO~9NY1hK;tNo9K1x%^
zaLeuV=SCvTU&OUgLxC-f<S<7{qSWI=;uBo+{eoZJgq2wD@CdM$BsIHr*tF@oDu6T|
zvPoO-D23B~j)+Qg?Vm`{m@DyPmw=qwB*KV@y|H(2H}Dy<^4WSwNp~8ua!539*Zq1*
zMU!b-Yd|ZEV_W!$(8u09r_m<u1)xg3-AlVFVb<ct9&NIug{~CAv<3BIC(oNpO}yZ3
z-7Z<1V=IZEXTmX7aQ{->rX=?*YQol{W9eE|hYq>J+WYCa6hvsi|IU{OkuMHS-*6Lk
z1S)H`8{A#y)XE|G!nXqn^|3{0@C@0WJ8%_|xZ%&GOWO&)pmj*}3h}NpOw*ssmXP<0
zKcBNa0kDGM5??|cp@tiZK3)ins=-+%-dwP~mxVTQ;>Y+p+7md&Jvadu^GWK=b(>0<
zbi8(O31i~gT{T5>pdgm3qZMX7@QEhuny?o?ke$i_33E&;t-t9wZpSn@(_MM29*_9?
zoEvM_<%N;KP2ONqs#Zsc@XQA0p|N)C6I)TC#!VcoKYUId`5}*p1*@~3PT9OBF_P>m
zk~&si!ep`Wbeen3=-j>(ucX470yWu+?JEsBcL=|pA~2c4@hM&$L4u6)?6Q}sb&(#~
z1AKJJUn-Z-yLd}|rWXlXx};RPBI^{$TL2fo`SjHx(Fh`~_hQnhi032{Ck8OitES&o
z#s)zz*zF$z-9!ugFG;~PN*zsg5tmAQpT(CG<YT#M)N=iHM)iKof&li8Mg?+3om?n5
zOP|ys$P`#OYzs>q(ghQ`S5CW`vMYpWvlI<c%!;JBs%U8{;C}H?g*f18%N;JXD_=lf
zH@Mu$$-Z%Jv^gc5lUlJP3nno5Xv>O*sX-L2<p3vBbTj6K)Gz;A6x%=Yk0`cwN_!xp
z*&~hZElNxDLfOlrF9DoRZOK{!mk~+5he{UQsFTO-#d4b^G1S}BnLil^p#iFHJ346m
z$>eiuxe$32Z&?}_ZRZz_=c<>(Gfmn>`1K!_4`O9Ahm~eS`wb}eZds`NTtRrB+dg|4
z)BHM=P>+U8SZL1*qy|J3@eTN@Fvn=>$md%JowA0eM%(K!9r9%P3*iAL<RcFJN=%sC
zT~6G+J`?WTYB@d4A3%$<`(L#{Z`3F>ycxpUOIrkg)P0_oOnhL{ga4hS>ZLrK*vMB8
z)kN@bt=lrRLFMPFx(pNrm$lyeb@$iLv#{}Zac1azdrqZ$Iji5f`f;~h9{fwe0rSHx
zjnvRDss*9pnD=GAiZ^kjAZo=aIRYc<V`RgdppQ#lr|Wh+Yxpa@iLT8y$>}hCclg$G
zsoCDndtOkq;)$v)f~=Aj6vhx2P;Y3R(BC>FTX7I=Du_;6zb4>(f5UGdY!r_<KaA!M
zYP=t~f8e+cD<yQQuel~q1{^VwZFe)&MLYIKF(qMmE6aM)ZZSQb?U3G#UK->26UvFG
z(Bl!`+Rph%E4avnf0}39scaCsp~}*l7rS8~x9?<&o$6lGZf;JB;#x=qzT~HmYHHzG
zALI07*+fxD&yeEbKsbDM`|iI-iD|;mkG;@t-K3{;RF;;YR?9^*C9$U+M*_Svhi9SM
zwb0jnuCK#SeD5^I*94cbBCy8?N!=hiYW+mua-j$@-pjo%aYBNJNn2bFKHywb_bvB?
zJ@whSW1YnL#O1E{_<Wh0gQolZX$;)qXQGv1gbVKB8HrU^pMlIx{P66sJEMI2bDJFc
zL-u{ky)|WE(DYiyr+kJ*YDo+8(*|XJ%LvVsmn7)#C2P1Cb+&kK^D<bc@Jc<~11BWR
z-%#(n&a>4+rIle#MrDt$LX>11p*D2ymgx^HVO4jHNgw&i<D>?~V2H?VV!G!IqTGZz
zK^yV(M{G&T&ie<Tp`9$ns8OACZzs3PcB!~wv<KX8g#&Y8hAezGIGz&)zmv372juJh
zG_lhmR{jMZ2*;JT&nR>ZTC((E^y77qq_CdR1asmc132hRe&j<>R-n>;aV&aDPn5<N
zY2zp;OQH44pL=Dep4^}2<XoBXAypdoRi@_eyD~LyLR)t?3Ct%X;tJ_Pw>u#XZtgV5
zEfW?E^G#d&H`*A;fh8NO>9UxL(T<s)G=Q(zRbJ=FZtbuq4Bv2>s}FrfRMkA6tSDd%
zt@@Mj_;pJ)I4|;+^zqe@n~v>zae1&N1SbsUkb7)bCW7^tL$hv4WZIW2>}bp61Ab3W
z7LUQseE~?b{<wt+s#*_e(D_oxM^vwPp_g>~R)%xIie^U^TzENb;gdCHd-xXN{z@k3
zRXPq_&as*jDxVa)<Mu9csdoi|C}oK5Drilp;I~?)`j>)pVupYcE5UU5{2_$*_8&#D
za5rtT$t!7dksgSUtpdJ&u<WrBTW^J9nxON^_$YYu$aZEP=Q7kRRWF@V<5rX${$Wih
z^T{!^>FDdi2)<|iy$*efX@?rZ(=?X8-T?zvJar8f&IXox3ug%RXnGFWNZbOnvQ7J;
zj->)keeJkR{S*>9M}VO6({<QMuEndyCRZEYq=*9ky`=&o^|I4@qM#fy_8$M0?8}T>
zoG+H09y*-)X|rF0-W0;A+urKhyjUS{{az&pXH0QeYAA-Aro`{;@vGDtH3b?*bxb(K
z%f9<hslDf)1udVu!Vxmc>7kST{9KKWpq}kM_gRg26rA=q#)%%vBtDJh++U(_0p1(2
zZ48BgKV1$fT6ILKbhJULD=5(FDF+!L>u~;SF>H?3oVb?+*3pn=ld0T;#_@r525i&Z
z#9?wPJ1nq4IHx`+=e*n>n=EkdsN5co9bFx7A7NSZhhdrZ&J4s^u#UvhL|N?J+(99n
zHvJ!j!A`F6Q>eC{lJBQXEft>L^7Xq}K3f&5J?pR~`a4Cc3d_YQc%b4Ow}ejIM0%{3
z!0Xkb>q&Cm%o<2zcqO78AAm=A_#IV^1;=y9fDhysnR~(~j6gal;P!y|seH1T6>25@
z_$X-kozk~fCch{dcj0f0Q<L}?#xZ^SgK^tMe_@<u^gl5U8V!xN+l-XQZaCi_g@hh;
z`un2DvssB0TP~!FmV&Fe3s(FahGGA%M(WHr2FwYwTI<5nLU){R5X$Ehd$kV6r|H<-
zCjH|n)egpW2<8W)kAayN>DU(V0K0VTYRwTBV#Gno`j;EKu|}I%nzRkGR7AfrVY5^t
z&>ID5>eEM=42HvqHehe28BSkvnD8e!Gh79QM~(gTrB2{aaONis49?V-+3KgWTk`hY
zUSx_^1n3k)rz5PB%E8?|Buvs^_G8DXk0*R(6=uFU!CJrt?`Jna;NfNjWT?E_M}NSL
z?V>NL4|@auS8XP5Qwz~!#1zMBgi?JAJbaHS<CY}Lqd0DMI;Gqgohfq7jPL8uXG)z<
zGI17(-muE`eYEG6lkd-;QY(~Y@0uFf)?|b;!E>Vi0dn-aK#*I_0fJm#Ve=o5D-(AR
z-$ikq7z~r!1%;50v?SoPb;PAeBptjmO!fkY$$*8N7pLJS5c(<1u8V4-U_%X}!G<ib
z_a0FES`~7xTad<Br1}o?zr<wQ#7u@dwR^!1J8bhG3i{bRHZ5|HtmywoMHUKT-;l}8
zcfOQ~Q0*P9b)fI>p7pYx(;Fj(sNE{ZedA#TpqgVP0sCci$xu~L+flNph=pZpgUlz_
zI3)*Cram#^D6}WgPYGS{y8d=*dqwc&8dkd#!F_&z7|bNw?MNnA)Wv02S_t_v@Sqcw
z(S(bUMQsOvbvl*u>O5Y%ehx~dZ&(+Q4J-=*i92)=&ctt9<q-&mDvT6zd0nYA_AM|a
z58zhaCCqXcVM}C4(q;m-y_BK0nijg?#3eG>mAe9Ab}O(g1rf&zHH1aypB31-0=L(E
z?#i%$9hm@n3a!`Z)fxlcpOCEi$7UST_e!EtJy#{p!JtaaT@~0LkW#GA2@IxP^t<8d
zYtIZFJQN#mk*j!-1pEZ}UTqieuFRj^_knAypZftXONY^(BGOW|!h#lHp)+0<tRta=
z3KVN9WrHI9qwSgSR^TC<y*A==LU35R`LsvWc=+B8^%7-O${S}wBM>U;(gKUb*CKOs
z3}O|O1!Ux0Ek>~)k*Bt!5E_kKW^dY2JUU|;zT|rC-Q|0QZ(Tw7B^R0)DqPc&>nIgr
z>j;`rul)ijcOyk-ac&9e{^W0bj@8_%LaYFk1WV3fPnh%sBH2A_&M8BfXC4?wDIc!T
zBQaSHd}P$Z!2q^xg8CH^F{S;&<~-e?VVmegW@xvD+?a1IqsU0iEW&Jd93W`z)++ay
zdP?KT*2ng5*;F=W%m-XIobmqTq$``w_WF!oG`nmQ+)6vo(Gy<fzcLM0y*!!d;9|m-
zrlq=!+77XN&_WFQFMJ&r-3PiOIJ##v+d!1Q$!+xfF+wQU3e5u1MFk2ehiQnffovx$
z5@4PvDDy5zR;9>Cjp@5>aW<Nb?$*L^0Q)>D;Syif)!0;y?EzhWAQ5uicfxx8A;SK7
z0muXaL~?1D*Ief`kR1D-cq7j)wqCOCdJ_{FFZK^gC!Uw~vaZw}6T<cgv|nuv^T_LE
zuvZGL$PVn(Tq4UBCeq7c;I)m&i@acFKN?;f+TM=c0G;s9k-=yiozsgx?^1L|RQ)d?
zJ9u<%97M9frp?xt8*dd6x}m4*%+?mzw1ot$Y;8JoHYRpwF%%2_MTFw)C%=iX_Z!=m
zJ+YYP-$dw#xc+Y<1UvbkMCi(iUujg{0s_{^q5%=cYr5c=2PI<3*CKg5_ly6Q>&q47
zt;z@OFTa9ktIEBBOCuh@5RM8-5MOIbtW#3oGf{rgaX8UsG%r*}QxmKPGp3YZ(7NI>
ztvLKBjR6v2mPL&Dw_6MiMyeAAE@X&Xa#5VNU>HmBwwIUw+2*{`$r3G5EIt?ZzE>mv
z^zihvIL$>t`cCT=a5N6-?wBPHTmGh0?*LoNRl(&tP34p5=m@V(xP5CjNXE7FUZQPs
zGLZ5F``8lZVJf=5>Codg{lj$rd?VWQ;*F(qr113`Y|Tf9g03gc41QgFeLlz!cuwJj
zf)o#?#eE%S?W-#TK0Sb|31A0@lvmNg>jSuN@hWA^>hL*X<xDefbH_tn6J1PeL(u`5
zbYnYb$aASEX`^8D&rN{@y~3^6(XwdW3;QT3&BpcgEB+oeTw|IC-H@tNvn3Qe_ZK!<
z!S0Icjt)J*`|7#{_=<jXy~jj#Gin+ZZGgPbnA5m=uXV{&<eUk$a@6}@TeKFuf3|29
zk$DVF|5uB)XeA$`+hyz+<~Q5Uk0fSipT6kF7LKsqV`u)es_XyI!6j4PbFx1=sNnEh
z2Psbeiw>q0G=JU)hG_qy!Q2o2(m2Pdm}DunyEtQ{+#V+bm|4LNixKV1YF{+zkK`G{
zOGvq^#p+wo8QGwSwz}>iArrOBY<{MwET~u+&(lo_Ofynmv1WazMQiYFOpGY1`4l({
zTxT87rB4DKVDJO{OR%gK#{Z8EPC)#zK`ZUwHW;Y<w+-@%g~FOnY#QEhq!dG+ykMSg
z&fjoO<?3pgMpI-^Dw)Zx1&o2>L-hPKcEa_Q>k<mva3&Gm;Rt~sT(rQeh;!myso#~A
z5huo<8w=etUGXLtDePLES5!now;YV^zYff2=Wjo<R)B3o7D;K!;4_BtVnypi#da8J
zwV$vo34#qMwt}+)k%B>U#BbDZepzn-?4nI`bQtq(4E}neB>2u50ou<7GRHwpf+&Ao
zRmpWKRb^0JH?jerlaN@~i97D+Z&KW?W-!0rmL+g^(=|X&*p3w9{@V5ZdTl;z=vw$^
zhInzpBTw1vq?e|~mhnM-%=lQ!p3wn4I~iKZ;!R;jpK-@ENy(&6E>1+I!#4YczXL0q
zwPGHzn5oE^8w#8~;ZWiIPvqyt*FrRvInpKdhlI1?a@`rXZ@|WF(SJfni$mh<uf~m&
zZ2#0OT=g!MzHt*X&l3b!wXaaQEuiN>4yl3sz47O_zBN@Z4aroa895Q^cKJpwCn+ms
z*_*VCcC?149>4nfyA~JUoH-?w1UE4zzLBo?qv)OthW=kDRNq-NTK&@>ZOU9@Kd0U*
zG9Y_}cH?Fy5nf84NmS04Y2Urwj+tFp54dE^`sy-i=^VYUOXPXaJrGr!<F|(wEcy?n
zNTq;Pdv%4w!>KM=TeW`A>JkYm97(q93#1fe&JkswV#I{DX2!?5lBe5c#7r#?;NKAn
zDNx*>4Ky71kiggC+elI@P9z_f-)mVk=TPD1O<H4-m1B_lHA9~3*1;e-rNP5@v<w<~
zzj$)bG1|}>AHPh_@RZNXHc$QfCx`AwYGp<QK609i27Q-aF+(W@`J;=zUcRP$X6RQ^
z!|JMc?h=?dg+bH)SgaLW4PU5r=}wfEr80{1q8j%)leb4NRF6~62*OVx)f;2<eQYOA
zS=WEL={TI46_8C$Ie={HYlPdY>K4aqJ<B0tsqxNkXedyxOyFYAPI17m6<ae1fgm{N
zr7sf>Hvrq7-N)A`P)nXt6}WuDRe}DMRuvCS$^k}p^_opii>Iqdguq;2`L+4t+C|`X
zq0yLC?5opV8=&}k34l5X*usiA*z@1-Dc+@(t0n)I9BJ4;c;*=fj}~mYX3q$2y`_yY
zd4GTGob?HKzPD-fCKpGy->5Pyq<6T6tC0v5JjwyVA?y@YV}xOK5x8Tv_RQG@bC5oW
zkqnf4JHbAqo-Qwo%(Rg#CcAj1ImrkfMkJHe8~M=QURsP#1<F3~Bik!JlfJ!#v0};6
zB#+ffZsbU82g%aB^wXhigT!@LHRd43`H5-qfpKYIHXhvh&MQcfmFBL2@+N(4_A}21
z){p<d)8wCj;VH%s5bBzLSAK!?OCG$leZe3rs<zxAR&P?aFwFzGZ_cIb+tbbb6~ko_
z@(#XzKOu)kGcVeTh?bwfd%ilhkFm{LWQ&Kcdz4+oh_!t-8uhg~Le>7zuLW&EKFADH
zUD01>*AS_fZu?tLmme7Ih*7<>-LAzzar;{|1l+T3yzMdN-@bsC5GUX5Zd(SNqT1jn
z_gIvsN|z7N!tmVTX|t;_8HrFN%5rU%pcp_dL66&C?}P<Gs&%Rl7b@PUY_ZjU3(LFr
zL^>CxR>jb0pr;F@Vjt-ZG@di%87IhUxNsp)6oP_E^97}Wb_iii9fh4x^zNC7HTL5v
zvy*>VSo~Mz7cUtO2}sCUc5}AdjB`r<lldu`0W-gm*c^G)K3$YSb>eH3r*)eY^oy88
zJey~;;yy+roFdMHXu4jZeA@UvtVBf+qW$8%-fU-~a%LNO@dGdc>VE+$06`&b`!}Gz
zJnkJ!2)eu5tJp`lN+uB9NJv@BcGj(wXhfoCEs~J|0o5Vt@m+&mB$<=Wj5AWy=3ck<
zBuKIkxDqPM5oz#fhi5^KKn!t1Iv=}*n@xGQ*w8t`MVxSYE0~04p*^xBkrR};M$Jl#
zxz!6Zu_nkZvpaol9$jX&Mbj`~M**ZNV^86RDgQLU89C^AzVKd^+vtry7Suz4#NOyR
z#zN4q5_0CO&UNnEk?q$-B8EE2lN#AVTfm9jMur}5<yL^M71V`q<6vsczO9vAA!mBt
zSgjV9QpBmQ{!ZCa$dI*mHd!o!6#7UQ_CPd3_8|OF0e05doz&&*eg25GMc(%4Phlgx
zE!rSMAzDMP?t4iPkC@Lb88JWOr$-T!BR4m@-Eh(LuRKf^A=R_OnMde_`{N?Tmr9q%
zR=&PYkHWZqVAN0Pvvhk|^=lk(sCdwQI>q*|`?1*uU1UUGlw-Ia68@BiVH)ONC@np-
zE@4cY(&km;!p@8N4E8IZmxOGI+k`{<ob8jCd0%=WvY`s5TfH#h(}}Vu<-L#OV3b^x
z=np~-R_AyL+yHe(6$nJiTwTtH&~2jcR`ilL7{60RLzR%<s@pw1s_-XO++w}NFp=KD
zEAxg-_OHIBNjH{X4p}tfF#(<pU0V5as}pK}MQanA=7#Qio!-2;JkzazdWwh6AuYLB
z_9eiWD~<;gu))YuAS*QYD<s=$Y<(NyhbW+BJBp~%cR^p)1}o)eDP2NAJj(N^Y6ShS
zRB@PItd(<wN3N;^q<-6XZPMcbU5`*r!QTiQO=k`q20cVTLnP}P+OGL+q8VIZ=l%&z
zOPiWZt6lrt5-Q$tmPSvBT?(<`UF6b2MTyr~yQF74Q!fj-`R9>hHCkcBx3ar|_I^M6
zV8`gKDG9zhFKyQ3pZkJGjGw?K%G_lK%gtv+J3_<Et^D`=M%%WS2N+hgrJU9@@Y}0g
z4CHlX<`XMm4*~X>XWTIy>zORYjff;r0?CcLz&|3>@=$JX8oD||?LLY0i=u}uhlU6I
zvs1j%6Ay8fLZN~0VdfviICI{>vGWFDH|fcplu}YY6|X4E9^!v@`#VxZ7Mx4AmNcZ*
zP@!*i82zGF+=-H7l7>>D`M*bsqp+C<Ukb(Tp4_%|>6pK0ZDxd+o$zHhFGeCzkx!b1
zQo^wBst~k0$AJGx#$7zF%3ch8{h*hz2zK6j(EXMBEDpZYKy{-t*pptnJJG}Ea6?95
z)Tug~sA6gQc%kkSbCjYV3HP$s-3DF*r5R4hofdXqe(Bon*cN$xg{P`>Xv4=%(arh5
zZ$EGfcGYWFD}-K#Pqi_*uVv^D2Psek;(S=l+?cYNv;H<+CjGxmchOqY>Z{0(?q-L{
zGGliC+46O2vX)|=|8P^b{q5vW_EicEeNPgM;8Q_#fffhgG9>gfZX6$vEwh#o?k@iW
z&#(02@B!B2$w79DM4TJE713QTQc)OL9JvgD{0R=w2Wk+@VEi&kVc<-XY$}$Vkz;lI
zDY3*czY<r*H4@-;K<7*P{@A-iFP~{5F7|2UAPq6>%NNX`rCR}iA$8l?J467OTHjPG
zJ#&>i!05v+@1WKl1LWM9!F_tliS&WHkVnN4Ts>zUw*8x2Ce5U004&R3=EdzW_?L2B
zmdw)_-b3=#y-7OG(%W>pA+W_Xx)@dFhL+TlZh|#dNylKc{->cHF$Z)$8{vCuQ1>j*
z9bb}ad`2zM;>baQc0b+`je}aV6^oin)ETZBg@P1KEDfXwj|S9H?6W9l>2m2>ec2GV
zCPpaSv6}qaLR;!Z=QX!ZhYl(*KWnxh5i(|ZhLeG~dg8=<9n&e`rWROQhh-Sy=--GM
z&fC%8pyrw<>+s6dh$9cRCX-}15I}xz_(9yHVq!X!xStsr=)fiwhVL_6a$^=-K2Vr+
zX~dxeUl7Z7_a7lNi$Fyi>wm>;*^bxfPp}<FJa&t&YP0O23*{k(0@tZ}J#ZL`Y=E_W
znRvJyBCZCQyLXdLmCz745?<_Ad6d(R0JWa%*oOy|?T^-r&Totzg_SA;Cn0J|O@;%6
zS=qnol5(h%l$4p41pBK)3b55mF=gN>xsM6hjUl0amLxmm`|^=y2|-o!#RC$Sp4y{V
z0HpRKyuFug+nC{tEzJfCa<6jf*o`}$i0zO{7Yf9)ydW!BDQIt}5Ey;R?*z5UsA|Yc
z%lsk0sw~u$W-=0(pvp#KSu|z^<N?s%heP=%*!YfYF8Xv1DkF|qbdKWI7oLAE%<(ma
zkO@+$hBfNF#U8fWCZyW=A{2~m-sdTeni+2%daxksgQllBmwK4K!j*`L-Uda^P64_Q
z+Jw#n70d#`)p{FzV8`Z1!ysM>vdC>n={PF_9%URv@PJ-&$6ki+?5y_zIZX<To<W8F
zGq5}bHB`d(VV6#+?mwr@AUG!BSC~6eHN&r%ldSSKt#9&8%1t-q0i7`Ia!6tflRL}D
z8}-+7z~HnOt5W-koSL4g21VWyTvDTpm^Wud=Y+p{5jlv(^6J-iaDmtPQF+kyWSPO$
z8qp4V!2!emKVnZU-@eL89AWfd$R1kn7#y8Nkfz3H6Jjz^%Uy2lXvbt?ZH{-*$>ClP
z<|h~}`3|96@Q*Cs0m_xyd83GyFH`NtQuf9LBbYnk3nn_vD`fu!dy~?MD<>{8ma$mW
zHoa&p%qxa<k(>W3HU$fu`2Vnaq4nG7>*YHbbv4ZTFK5n&^|C~rtmduZS8#UH&fG;+
zLrxiQe9o|%kUJLI>6x#ViIr?b>{vH1Y%<CcTr19j8Wjh*fllsdD$QH*fg184et)&5
z^9GhVL@XKGqGEmGv>#3x6CQJQ6~b26G_7ct)tKw~uyYN*JhkE7&J+o+mRf3T5nrGc
zfsqJ{1NUR&I^qN*p^>I+HEg=hfJIN1&%C%OgGy&j*`Z}k=|SczvQ1JH`%=L7`ri_3
zTg%#<GBlkryz<4>(l=R+D~w^%e#dv%GoCrcf{%e(P4*V5j<iN6k1f977l{Mr657fI
z7L);8Ns)W<C@dh^N0ySJrEFGwmB`Frd%RhHLp`61!t)9!{IukMpuUM4w(nL|2eQZ;
zqYQfY=;kT*3J&%Q3OimsM%AK)zRe162fT=TbdEUp=sRL<N6+a6<IDfJY(M;8Z+WBD
zB4KR&ms<eBfTa+!t!lS2qBn2+#@(L?XUL6ab}WsgQu-aO%E?cJX)Z*&3A4(yzjngp
z)X}dLNOUA#;hTOpr*TPH|7uRxOndQbXba=Yq#!NGJpFL!B$~4e*KZqsH>bGh{$hHS
zbp1i!Alg`8m~N-ugF$Bb*VX9*r{8=1tZ4sIdkNK~M#4Ixno-ycbBeb1Pa~dfxUGun
zUt^CG6^NIDcXWyuxn5z@;D!k1AEo-Vy+0-I!Y5j!wi&3?0}3~*?bJLj7G_-}V#b2`
zbG}mw7-D30*_J5e?$eIIu!n7Ikr!N#cA5ur(IU4u>CU%6B_#$zB2lK&!4Vg0#%d5(
z7CTZ2B&f~e-3^n7=Qw2xk(q^QtF$w^cLV7@G<8!lLE6g<9a7IxgaXr$;?u5pL)eX0
z*00N*UYXkdA@Kqu>u)wq+A2MQ-AAnCjwF&YnFQ_c>w8Xtb@+gc0KY0*Q!o#=mLK17
z8|SGVyIRvDP^)3KLxaCh%=)#7a_n~krDCaTr!tHG$zfPoLC`+;A9DYDowbU1qP#d6
zTw7U~`!GLpC>v-B<IySS>{FZ6G?yB=MkubMzalf86V;dtHh4V5>WL7n{1+B-OSeG7
zPcm$BMEtbf(+ceIM#d(<t!{^xhqyDB(uS;A<eqh!h9@^adehNFFRNcVJ(T%zZGnd(
zI@?=HWH2GA#|6hhEl0Rr-=o=%tC2jD(>-?0nm#_|pktP8S@--dS*iQK_PWgUKtm<&
zg?9W{AOF42`VF<^?XQwG=sol$j&XwOXU4_c5sOAKFYbx|u*HU)V1kdRQkH>jXNq_Q
zLy<y*;Jp;d3q=u@W2W3zFxFoq0Tt#w1m`L$FOGcs7>;*{b$t9^YEYKQJ$COE|5dS~
z1~P`##qN1YtDTx%7}jI9FXJ~^R-Yv()j!@5vZa)J;I;(TTkr$l0T#&X=*V>Bn;@)m
zHbhaCEV~bZ!yQcLMmOL)CBVS})2Q-v0`Q<nt8x=_Z~qT)9W}RX8uyCJfA(2x;73S~
z;mh>=-e+B(M1UC<a0s3f*7~IQck0T^IqOL*;!G&1t7*OzmEVy+Tk~h1^>dU#K1ETM
zmYYlZ?w)?PAwsH2#DnxGjQ;s6+NN~};#AA;$$>%EJeJx>4m>=U)vJNNOP7JO4XWN>
z{Pi6j#IAA?IG07W2?-2c2&n{UbW&v%zo!SfZHB`r-MA<^ygUs@pHb&AWl&X26H{lV
z=s97Ki9JmFF~3on83Uw+qw2AVatTn<F2-w)H<LQv*vV++hAwvo_}{Ae{br0017Z<Z
z(-few^Qhv467|^gbJ8av=)ZgL>|6rhfTOdQfS#V7eE=aL0si~Z;Sq3_7BLH-*X{LG
zF60LxzuW7r-0mg8z!`u3w9@<0Wn9)A-YVfPT9q`4Yr{E@5MvesSu>Y=ApCyD;9_2o
zNLy+GL@M>u8ArE+ZF)@GJT_Zu;y2^r^B9z;N4rMma_N>pL&t9B7C|kg@sOOeK**Hg
z9cp)L(}rHLz-02JDQL^J+szHK1Giy&natQ9goJ*z7mriXlm38BULK)Uq!Jm(b_0(7
zakoIqfH%a8KGhRS!NK^0oKLE_5QIi~UD$^SLh`JegbhlRH<#b`v#`+a2lu}<bQIDW
z6fpE`<sqz}J>bbJKiqw%tbf|LkO>E}q9W(V)0So-_8+TUSBQm_lKNHXUq28~8T$E#
zh5W!~aqB^IjwQ<tjE*>jE>RzI037;RL44q`G`k&d?we@adbrxzd{_^0&e}MbaeCKy
zoEJT4e{swJOk{FQ0D3BaI3EB^o^E+aEuq@2ib1`d-}It<vPv}Oet{k!nlF6t4`{k`
zt&F<ZlpbL5$yc58O(ju3D^EajR{!Pc#JI;b_E;%h|Nfm~whgJ+gQz~R<n61I&0$q&
z5c1M7CLQF7PaV3NTarb54FYSqF1pp%EjY{>LggvAhorH)a(Ps4-ji{;)2GVAf<m8z
zC!fc=IFqp(z|qvs+7p0_ud4s|Lg(1Cxq}Co2lv{{9{lkOgGi^kA%c2qfj4h%%z3En
zMVw+?Wz|H}E0^ZMdA8o`kANx&tWBW^S8@4PbK2vtbNr<1J_pYXGL+X#mx(g_f|^Jc
zzUz&=IZ^<QVQ;TDey{t-leK36UY4!ajAIvQv1<5%6*Ys+S;V6bC-HGS+lsuwdAeOG
zeApMF7VaAvRX6ML7d^ocMJkNRp!uH1Y?lq)$o<+JH+`#+=XivHC^S0c2e|cW+;Qu-
zeDK3G4zYV5w1VO%4yfxLT+aIkGM=kNKN<8-l<q65M5YyrJ=I3=B?ki#4@fG!W`~(b
z+)vTrIr!sM#_l{MzNvKNwWrLx=zA$yO6=|yN~J8#E6jqV6EIcAUXH0sdK6GPdG63;
z+39v2ne85K_D|FASMS?FFL}nZb;~B-3s1>|%?aZiVrtjYFRx)MkUS<3R3CouiM@8M
zva7N$0b0g=3Qepk-ds)q6Ybhp0ABA`PnUO}C^^^nm8R%JOQR^lRXl+Y$7rPxnu}&%
zxi9$z^eA0;Uz0yTX&E7+5`&J~_Sn<yPTN42$~o|Ig>0-fz;In&a`JcLQsUP(eN%3O
zv+=h0g;?oDdl(VPni1pkg1j?zlrG8pnF=l`<zQz(tmDDMC9C4DQjJ~NGqKhY#*aG9
z5<=?)Fcepr_5cWxLj*oH2T${pjvO(M1i**&SN8aqgrhn(I(2kfCaYx1h%MNG-3I>8
zpAX*o*G@WWT+ff*FAlG23jh~~mzPV{Z@_0W`^;aSyj@=lyBdIgHt&;4gLH%I-JHUr
zZZZ=wE5rQwVFC-%T@2mM>_S3YmmR0B%2w!C68*X0-so9P8m>2u$NgpuJeB}DHPc)<
z0lJz~<k#i}t4f2aIKgpK>kHt%yMs#Pug7EE5puwdxHXX<($@~g<rdy;ZjwD?p&JbV
zKK8D+t<?a2Zl2{cK-S*O2H>SO3*})C^gPvpoA8owWaGe|*lGg)gQw1UOA?@PmxI-y
zOQt<d!1(!GvlqZ2lOjubRiJ2cAh7QB4$iOjtTUsu)C)Pe2Y7Ms1GwDYo@Bf~eB*Q3
za<9)BVcVa$fIhK%2fe+47X5XWgMR~a?GE-+RG>9D`e9Ca;XUn6{HLIJc@*Irf59)d
zw;+<;4MZFzwkuBR&(&UUKlW)gbn8>;MytnPIw*kO%B7pamOH>VJ|7B9B?}6sYKC_E
z(N!iYw?q;F2YVS4=}3Y%Y`13G(h7t{N?^PpU+zC!+j%u=W2xSI?2%gd<6YXGy=Rw1
z=VPqQ6ZC-hGr*gRgr7K^YL-=t1Trof-ssl!R{wQG4StB=ZHc0hh(9YzVmRNOHPy}w
z1kiWRk0axq0DY<R(C6u_`@Zw8#PK9BHyKE=VB{y<@S`24cx8J^H4nDU`*u#8VYDM?
zw^mH&%?J2Zy$fQ)6=G^J8Rqi75<^0K`r$f!2#S%kt@A^agBpd3+m$iN)5UXn0nm~}
z$*|szM>k#0ljrcpZ<7uXlk0eQ4*|T;X7O_m^6m;>Eo}TC=#u0Z0Fl^NGVgW(ZW=C*
zmZlJgx{wtzoP}R@#D)iwp}+ahO2ormifA{LK?{<CT|)j;2b1R4157&403~y}-7dUv
zPcHY{Lxo0b(6{`fB_+d@Muei|xjZpdRaLZ-{U5rlvFL+E$&>yb>OzJf@;5PF1enm9
zbL`5&L?Gx&4JdS%K__1nGz2aW1WvY@*PcjEKeSAo*S@?K`n&@`KtKQh8`)7M5FAL5
F{|8$eN;&`l

literal 0
HcmV?d00001

diff --git a/bootstrap/helm/cluster-api-cluster/.helmignore b/bootstrap/helm/cluster-api-cluster/.helmignore
new file mode 100644
index 000000000..faeb926b1
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+tests/
diff --git a/bootstrap/helm/cluster-api-cluster/Chart.yaml b/bootstrap/helm/cluster-api-cluster/Chart.yaml
new file mode 100644
index 000000000..ff6b464bc
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: cluster-api-cluster
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.40
+appVersion: "1.16.0"
diff --git a/bootstrap/helm/cluster-api-cluster/README.md b/bootstrap/helm/cluster-api-cluster/README.md
new file mode 100644
index 000000000..a0a0c9626
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/README.md
@@ -0,0 +1,3 @@
+# Cluster API Cluster
+
+A helm chart that deploys a cluster using the Cluster-API project
diff --git a/bootstrap/helm/cluster-api-cluster/deps.yaml b/bootstrap/helm/cluster-api-cluster/deps.yaml
new file mode 100644
index 000000000..37db77237
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/deps.yaml
@@ -0,0 +1,7 @@
+apiVersion: plural.sh/v1alpha1
+kind: Dependencies
+metadata:
+  application: true
+  description: installs a cluster using cluster-api
+spec:
+  dependencies: []
diff --git a/bootstrap/helm/cluster-api-cluster/templates/_helpers.tpl b/bootstrap/helm/cluster-api-cluster/templates/_helpers.tpl
new file mode 100644
index 000000000..864e3c120
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/_helpers.tpl
@@ -0,0 +1,237 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster-api-cluster.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cluster-api-cluster.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster-api-cluster.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster-api-cluster.labels" -}}
+helm.sh/chart: {{ include "cluster-api-cluster.chart" . }}
+{{ include "cluster-api-cluster.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster-api-cluster.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster-api-cluster.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cluster-api-cluster.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cluster-api-cluster.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Creates the Kubernetes version for the cluster
+# TODO: this should actually be used to sanatize the `.Values.cluster.kubernetesVersion` value to what the providers support instead of defining these static versions
+*/}}
+{{- define "cluster.kubernetesVersion" -}}
+{{- if .Values.cluster.kubernetesVersion -}}
+{{ .Values.cluster.kubernetesVersion }}
+{{- else if eq .Values.provider "aws" -}}
+v1.24
+{{- else if eq .Values.provider "azure" -}}
+v1.25.11
+{{- else if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+1.24.14-gke.2700
+{{- else if eq .Values.provider "kind" -}}
+v1.25.11
+{{- end }}
+{{- end }}
+
+{{/*
+Create the kind for the infrastructureRef for the cluster
+*/}}
+{{- define "cluster.infrastructure.kind" -}}
+{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}}
+AWSManagedCluster
+{{- end }}
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}}
+AzureManagedCluster
+{{- end }}
+{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+GCPManagedCluster
+{{- end }}
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+DockerCluster
+{{- end }}
+{{- end }}
+
+{{/*
+Create the apiVersion for the infrastructureRef for the cluster
+*/}}
+{{- define "cluster.infrastructure.apiVersion" -}}
+{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta2
+{{- end }}
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta1
+{{- end }}
+{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta1
+{{- end }}
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta1
+{{- end }}
+{{- end }}
+
+{{/*
+Create the kind for the controlPlaneRef for the cluster
+*/}}
+{{- define "cluster.controlPlane.kind" -}}
+{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}}
+AWSManagedControlPlane
+{{- end }}
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}}
+AzureManagedControlPlane
+{{- end }}
+{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+GCPManagedControlPlane
+{{- end }}
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+KubeadmControlPlane
+{{- end }}
+{{- end }}
+
+{{/*
+Create the apiVersion for the controlPlaneRef for the cluster
+*/}}
+{{- define "cluster.controlPlane.apiVersion" -}}
+{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}}
+controlplane.cluster.x-k8s.io/v1beta2
+{{- end }}
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta1
+{{- end }}
+{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta1
+{{- end }}
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+controlplane.cluster.x-k8s.io/v1beta1
+{{- end }}
+{{- end }}
+
+{{/*
+Create the kind for the infrastructureRef for the worker MachinePools
+*/}}
+{{- define "workers.infrastructure.kind" -}}
+{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}}
+AWSManagedMachinePool
+{{- end }}
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}}
+AzureManagedMachinePool
+{{- end }}
+{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+GCPManagedMachinePool
+{{- end }}
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+DockerMachinePool
+{{- end }}
+{{- end }}
+
+{{/*
+Create the apiVersion for the infrastructureRef for the worker MachinePools
+*/}}
+{{- define "workers.infrastructure.apiVersion" -}}
+{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta2
+{{- end }}
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta1
+{{- end }}
+{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta1
+{{- end }}
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+infrastructure.cluster.x-k8s.io/v1beta1
+{{- end }}
+{{- end }}
+
+{{/*
+Create the configRef for the worker MachinePools
+*/}}
+{{- define "workers.configref" -}}
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+configRef:
+  apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+  kind: KubeadmConfig
+  name: worker-mp-config
+{{- end }}
+{{- end }}
+
+{{/*
+Create a MachinePool for the given values
+  ctx = . context
+  name = the name of the MachinePool resource
+  values = the values for this specific MachinePool resource
+  defaultVals = the default values for the MachinePool resource
+*/}}
+{{- define "workers.machinePool" -}}
+{{- $replicas := (.values | default dict).replicas | default .defaultVals.replicas }}
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: MachinePool
+metadata:
+  name: {{ .name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  clusterName: {{ .ctx.Values.cluster.name }}
+  replicas: {{ $replicas }}
+  template:
+    spec:
+      {{- if or (eq .ctx.Values.provider "gcp") (eq .ctx.Values.provider "azure") (eq .ctx.Values.provider "kind") }}
+      version: {{ .values.kubernetesVersion | default (include "cluster.kubernetesVersion" .ctx) }}
+      {{- end }}
+      clusterName: {{ .ctx.Values.cluster.name }}
+      bootstrap:
+        {{- if or (eq .ctx.Values.provider "gcp") (eq .ctx.Values.provider "azure") (eq .ctx.Values.provider "aws") }}
+        dataSecretName: ""
+        {{- end }}
+        {{- if eq .ctx.Values.provider "kind" }}
+        {{- include "workers.configref" .ctx | nindent 8 }}
+        {{- end }}
+      infrastructureRef:
+        name: {{ .name }}
+        apiVersion: {{ include "workers.infrastructure.apiVersion" .ctx }}
+        kind: {{ include "workers.infrastructure.kind" .ctx }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/aws/_helpers.tpl b/bootstrap/helm/cluster-api-cluster/templates/aws/_helpers.tpl
new file mode 100644
index 000000000..26d07d0f4
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/aws/_helpers.tpl
@@ -0,0 +1,100 @@
+{{/*
+Function to template an AWSManagedMachinePool resource.
+Params:
+  ctx = . context
+  name = the name of the AWSManagedMachinePool resource
+  defaultVals = the default values for the AWSManagedMachinePool resource
+  values = the values for this specific AWSManagedMachinePool resource
+  availabilityZones = the availability zones for the AWSManagedMachinePool
+*/}}
+{{- define "workers.aws.managedMachinePool" -}}
+{{- $validAmiTypes := (list "AL2_x86_64" "AL2_x86_64_GPU" "AL2_ARM_64") -}}
+{{- $validCapacityTypes := (list "onDemand" "spot") -}}
+{{- $amiType := (.values.spec | default dict).amiType | default .defaultVals.spec.amiType }}
+{{- if not (has $amiType $validAmiTypes) }}
+  {{- fail (printf "Invalid value for amiType: %s. Expected one of: %s" $amiType $validAmiTypes) }}
+{{- end }}
+{{- $capacityType := (.values.spec | default dict).capacityType | default .defaultVals.spec.capacityType }}
+{{- if not (has $capacityType $validCapacityTypes) }}
+  {{- fail (printf "Invalid value for capacityType: %s. Expected one of: %s" $capacityType $validCapacityTypes) }}
+{{- end }}
+{{- $scaling := (.values.spec | default dict).scaling | default .defaultVals.spec.scaling }}
+{{- if $scaling }}
+{{- if not (and (hasKey $scaling "minSize") (hasKey $scaling "maxSize")) }}
+  {{- fail (printf "Invalid value for scaling. Both minSize and maxSize must be set") }}
+{{- end }}
+{{- end }}
+{{- $updateConfig := (.values.spec | default dict).updateConfig | default .defaultVals.spec.updateConfig }}
+{{- if $updateConfig }}
+{{- if and (hasKey $updateConfig "maxUnavailable") (hasKey $updateConfig "maxSurge") }}
+  {{- fail (printf "Invalid value for updateConfig. Only one of maxUnavailable and maxSurge can be set") }}
+{{- end }}
+{{- end }}
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
+kind: AWSManagedMachinePool
+metadata:
+  annotations:
+    helm.sh/resource-policy: keep
+    {{- if (hasKey .values "annotations") -}}
+    {{- toYaml (merge .values.annotations .defaultVals.annotations)| nindent 4 }}
+    {{- else -}}
+    {{- toYaml .defaultVals.annotations | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- if (hasKey .values "labels") -}}
+    {{- toYaml (merge .values.labels .defaultVals.labels)| nindent 4 }}
+    {{- else -}}
+    {{- toYaml .defaultVals.labels | nindent 4 }}
+    {{- end }}
+  name: {{ .name }}
+spec:
+  amiType: {{ $amiType }}
+  amiVersion: {{ (.values.spec | default dict).amiVersion | default .defaultVals.spec.amiVersion }}
+  capacityType: {{ $capacityType }}
+  diskSize: {{ (.values.spec | default dict).diskSize | default .defaultVals.spec.diskSize }}
+  eksNodegroupName: {{ .name }}
+  instanceType: {{ (.values.spec | default dict).instanceType | default .defaultVals.spec.instanceType }}
+  {{- if or (.defaultVals.spec.roleName) ((.values.spec | default dict).roleName) }}
+  roleName: {{ (.values.spec | default dict).roleName | default .defaultVals.spec.roleName }}
+  {{- end }}
+  {{- if $scaling }}
+  scaling:
+    {{- toYaml $scaling | nindent 4 }}
+  {{- end }}
+  {{- if .availabilityZones }}
+  availabilityZones: {{- toYaml .availabilityZones | nindent 2 }}
+  {{- end}}
+  {{- if or (.defaultVals.spec.subnetIDs) ((.values.spec | default dict).subnetIDs) }}
+  subnetIDs:
+  {{- toYaml ((.values.spec | default dict).subnetIDs | default .defaultVals.spec.subnetIDs) | nindent 2 }}
+  {{- end }}
+  labels:
+    {{- if (dig "spec" "labels" .values) -}}
+    {{- toYaml (merge .values.spec.labels .defaultVals.spec.labels)| nindent 4 }}
+    {{- else -}}
+    {{- toYaml .defaultVals.spec.labels | nindent 4 }}
+    {{- end }}
+    {{- if eq (len .availabilityZones) 1 }}
+    topology.ebs.csi.aws.com/zone: {{ index .availabilityZones 0 }}
+    {{- end }}
+  {{- if or (.defaultVals.spec.taints) ((.values.spec | default dict).taints) }}
+  taints:
+  {{- toYaml ((.values.spec | default dict).taints | default .defaultVals.spec.taints) | nindent 2 }}
+  {{- end }}
+  {{- if $updateConfig }}
+  updateConfig:
+    {{- toYaml $updateConfig | nindent 4 }}
+  {{- end }}
+  additionalTags:
+    {{- if (dig "spec" "additionalTags" .values) }}
+    {{- toYaml (merge .values.spec.additionalTags .defaultVals.spec.additionalTags) | nindent 4 }}
+    {{- else -}}
+    {{- toYaml .defaultVals.spec.additionalTags | nindent 4 }}
+    {{- end }}
+  {{- if or (.defaultVals.spec.roleAdditionalPolicies) ((.values.spec | default dict).roleAdditionalPolicies) }}
+  roleAdditionalPolicies:
+  {{- toYaml ((.values.spec | default dict).roleAdditionalPolicies | default .defaultVals.spec.roleAdditionalPolicies) | nindent 2 }}
+  {{- end }}
+---
+{{- include "workers.machinePool" (dict "ctx" .ctx "name" .name "values" .values "defaultVals" .defaultVals) }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/aws/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/aws/cluster.yaml
new file mode 100644
index 000000000..326e45aac
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/aws/cluster.yaml
@@ -0,0 +1,17 @@
+{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}}
+kind: AWSManagedCluster
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
+metadata:
+  name: {{ .Values.cluster.name }}
+  annotations:
+    helm.sh/resource-policy: keep
+  {{- if .Values.cluster.aws.controlPlaneEndpoint}}
+  {{- with .Values.cluster.aws.controlPlaneEndpoint }}
+spec:
+  controlPlaneEndpoint:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- else }}
+spec: {}
+  {{- end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/aws/control-plane.yaml b/bootstrap/helm/cluster-api-cluster/templates/aws/control-plane.yaml
new file mode 100644
index 000000000..fd37fdf61
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/aws/control-plane.yaml
@@ -0,0 +1,84 @@
+{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}}
+kind: AWSManagedControlPlane
+apiVersion: controlplane.cluster.x-k8s.io/v1beta2
+metadata:
+  name: {{ .Values.cluster.name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  region: {{ .Values.cluster.aws.region }}
+  sshKeyName: {{ .Values.cluster.aws.sshKeyName }}
+  version: {{ include "cluster.kubernetesVersion" . }}
+  {{- with .Values.cluster.aws.addons }}
+  addons:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  eksClusterName: {{ .Values.cluster.name }}
+  {{- with .Values.cluster.aws.network }}
+  network:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.aws.identityRef }}
+  identityRef:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if .Values.cluster.aws.secondaryCidrBlock }}
+  secondaryCidrBlock: {{ .Values.cluster.aws.secondaryCidrBlock }}
+  {{- end }}
+  {{- if .Values.cluster.aws.roleName }}
+  roleName: {{ .Values.cluster.aws.roleName }}
+  {{- end }}
+  {{- with .Values.cluster.aws.roleAdditionalPolicies }}
+  roleAdditionalPolicies:
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with .Values.cluster.aws.logging }}
+  logging:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.aws.encryptionConfig }}
+  encryptionConfig:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.aws.additionalTags }}
+  additionalTags:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if or (.Values.cluster.aws.iamAuthenticatorConfig.mapRoles) (.Values.cluster.aws.iamAuthenticatorConfig.mapUsers) }}
+  iamAuthenticatorConfig:
+    {{- with .Values.cluster.aws.iamAuthenticatorConfig.mapRoles }}
+    mapRoles:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.cluster.aws.iamAuthenticatorConfig.mapUsers }}
+    mapUsers:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  {{- with .Values.cluster.aws.endpointAccess }}
+  endpointAccess:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.aws.bastion }}
+  bastion:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if .Values.cluster.aws.tokenMethod }}
+  tokenMethod: {{ .Values.cluster.aws.tokenMethod }}
+  {{- end }}
+  {{- if .Values.cluster.aws.associateOIDCProvider }}
+  associateOIDCProvider: {{ .Values.cluster.aws.associateOIDCProvider }}
+  {{- end }}
+  {{- with .Values.cluster.aws.oidcIdentityProviderConfig }}
+  oidcIdentityProviderConfig:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.aws.vpcCni }}
+  vpcCni:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.aws.kubeProxy }}
+  kubeProxy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/aws/machinepools.yaml b/bootstrap/helm/cluster-api-cluster/templates/aws/machinepools.yaml
new file mode 100644
index 000000000..6285bcce7
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/aws/machinepools.yaml
@@ -0,0 +1,22 @@
+{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}}
+{{- $currentScope := . -}}
+{{- $defaultVals := .Values.workers.defaults.aws -}}
+{{- range $name, $values := .Values.workers.aws }}
+{{- with $currentScope }}
+{{- $isMultiAZ := ($values | default dict).isMultiAZ | default $defaultVals.isMultiAZ }}
+{{- $availabilityZones := ($values.spec | default dict).availabilityZones | default $defaultVals.spec.availabilityZones }}
+{{- if and (not $isMultiAZ) (not $availabilityZones) }}
+  {{- fail (printf "Invalid value for isMultiAZ. availabilityZones must be set") }}
+{{- end }}
+{{- if not $isMultiAZ }}
+{{ range $az := $availabilityZones }}
+{{- include "workers.aws.managedMachinePool" (dict "ctx" $currentScope "name" (printf "%s-%s" $name $az) "defaultVals" $defaultVals "values" $values "availabilityZones" (list $az)) }}
+---
+{{- end }}
+{{- else }}
+{{- include "workers.aws.managedMachinePool" (dict "ctx" $currentScope "name" $name "defaultVals" $defaultVals "values" $values "availabilityZones" $availabilityZones) }}
+---
+{{- end }}
+{{- end }}
+{{- end }}
+{{ end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/_helpers.tpl b/bootstrap/helm/cluster-api-cluster/templates/azure/_helpers.tpl
new file mode 100644
index 000000000..48fe04909
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/azure/_helpers.tpl
@@ -0,0 +1,112 @@
+{{/*
+Name of the AzureClusterIdentity used for bootstrapping
+*/}}
+{{- define "azure-bootstrap.cluster-identity-name" -}}
+{{- printf "%s-azure-bootstrap-identity" .Release.Name | trunc 63 }}
+{{- end }}
+
+{{/*
+Name of the secret for the AzureClusterIdentity used for bootstrapping
+*/}}
+{{- define "azure-bootstrap.identity-credentials" -}}
+{{- printf "%s-azure-bootstrap-credentials" .Release.Name | trunc 63 }}
+{{- end }}
+
+{{/*
+Name of the AAD Pod Identity used for bootstrapping
+*/}}
+{{- define "azure-bootstrap.pod-identity-name" -}}
+{{- printf "%s-%s-%s" .Values.cluster.name .Release.Namespace (include "azure-bootstrap.cluster-identity-name" .) }}
+{{- end }}
+
+{{/*
+Name of the AAD Pod Identity Binding used for bootstrapping
+*/}}
+{{- define "azure-bootstrap.pod-identity-binding" -}}
+{{- printf "%s-binding" (include "azure-bootstrap.pod-identity-name" .) }}
+{{- end }}
+
+{{/*
+Function to template an AzureManagedMachinePool resource.
+Params:
+  ctx = . context
+  name = the name of the AzureManagedMachinePool resource
+  defaultVals = the default values for the AzureManagedMachinePool resource
+  values = the values for this specific AzureManagedMachinePool resource
+  availabilityZones = the availability zones for the AzureManagedMachinePool
+*/}}
+{{- define "workers.azure.managedMachinePool" -}}
+{{- $scaling := (.values.spec | default dict).scaling | default .defaultVals.spec.scaling }}
+{{- if $scaling }}
+{{- if not (and (hasKey $scaling "minSize") (hasKey $scaling "maxSize")) }}
+  {{- fail (printf "Invalid value for scaling. Both minSize and maxSize must be set") }}
+{{- end }}
+{{- end }}
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AzureManagedMachinePool
+metadata:
+  annotations:
+    helm.sh/resource-policy: keep
+    {{- if (hasKey .values "annotations") -}}
+    {{- toYaml (merge .values.annotations .defaultVals.annotations)| nindent 4 }}
+    {{- else -}}
+    {{- toYaml .defaultVals.annotations | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- if (hasKey .values "labels") -}}
+    {{- toYaml (merge .values.labels .defaultVals.labels)| nindent 4 }}
+    {{- else -}}
+    {{- toYaml .defaultVals.labels | nindent 4 }}
+    {{- end }}
+  name: {{ .name }}
+spec:
+  name: {{ .name }}
+  additionalTags:
+    {{- if (dig "spec" "additionalTags" .values) -}}
+    {{- toYaml (merge .values.spec.additionalTags .defaultVals.spec.additionalTags)| nindent 4 }}
+    {{- else }}
+    {{- toYaml .defaultVals.spec.additionalTags | nindent 4 }}
+    {{- end }}
+  mode: {{ (.values.spec | default dict).mode | default .defaultVals.spec.mode }}
+  sku: {{ (.values.spec | default dict).sku | default .defaultVals.spec.sku }}
+  osDiskSizeGB: {{ (.values.spec | default dict).osDiskSizeGB | default .defaultVals.spec.osDiskSizeGB }}
+  availabilityZones: {{- toYaml .availabilityZones | nindent 2 }}
+  nodeLabels:
+    {{- if (dig "spec" "nodeLabels" .values) -}}
+    {{- toYaml (merge .values.spec.nodeLabels .defaultVals.spec.nodeLabels)| nindent 4 }}
+    {{- else -}}
+    {{- toYaml .defaultVals.spec.nodeLabels | nindent 4 }}
+    {{- end }}
+  {{- if or (.defaultVals.spec.taints) ((.values.spec | default dict).taints) }}
+  taints:
+  {{- toYaml ((.values.spec | default dict).taints | default .defaultVals.spec.taints) | nindent 2 }}
+  {{- end }}
+  {{- if $scaling }}
+  scaling:
+    {{- toYaml $scaling | nindent 4 }}
+  {{- end }}
+  {{- if or (.defaultVals.spec.scaleDownMode) ((.values.spec | default dict).scaleDownMode) }}
+  scaleDownMode: {{ (.values.spec | default dict).scaleDownMode | default .defaultVals.spec.scaleDownMode }}
+  {{- end }}
+  {{- if or (.defaultVals.spec.spotMaxPrice) ((.values.spec | default dict).spotMaxPrice) }}
+  spotMaxPrice: {{ (.values.spec | default dict).spotMaxPrice | default .defaultVals.spec.spotMaxPrice }}
+  {{- end }}
+  maxPods: {{ (.values.spec | default dict).maxPods | default .defaultVals.spec.maxPods }}
+  osDiskType: {{ (.values.spec | default dict).osDiskType | default .defaultVals.spec.osDiskType }}
+  {{- if or (.defaultVals.spec.scaleSetPriority) ((.values.spec | default dict).scaleSetPriority) }}
+  scaleSetPriority: {{ (.values.spec | default dict).scaleSetPriority | default .defaultVals.spec.scaleSetPriority }}
+  {{- end }}
+  osType: {{ (.values.spec | default dict).osType | default .defaultVals.spec.osType }}
+  enableNodePublicIP: {{ (.values.spec | default dict).enableNodePublicIP | default .defaultVals.spec.enableNodePublicIP }}
+  nodePublicIPPrefixID: {{ (.values.spec | default dict).nodePublicIPPrefixID | default .defaultVals.spec.nodePublicIPPrefixID }}
+  {{- if or (.defaultVals.spec.kubeletConfig) ((.values.spec | default dict).kubeletConfig) }}
+  kubeletConfig:
+    {{- toYaml ((.values.spec | default dict).kubeletConfig | default .defaultVals.spec.kubeletConfig) | nindent 2 }}
+  {{- end }}
+  {{- if or (.defaultVals.spec.linuxOSConfig) ((.values.spec | default dict).linuxOSConfig) }}
+  linuxOSConfig:
+    {{- toYaml ((.values.spec | default dict).linuxOSConfig | default .defaultVals.spec.linuxOSConfig) | nindent 2 }}
+  {{- end }}
+---
+{{- include "workers.machinePool" (dict "ctx" .ctx "name" .name "values" .values "defaultVals" .defaultVals) }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/bootstrap-cluster-identity.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/bootstrap-cluster-identity.yaml
new file mode 100644
index 000000000..b8a32402b
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/azure/bootstrap-cluster-identity.yaml
@@ -0,0 +1,62 @@
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") .Values.cluster.azure.clusterIdentity.bootstrapMode -}}
+kind: AzureClusterIdentity
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+metadata:
+  name: {{ include "azure-bootstrap.cluster-identity-name" . }}
+  labels:
+    clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
+  {{- include "cluster-api-cluster.labels" . | nindent 4 }}
+spec:
+  type: ServicePrincipal
+  allowedNamespaces: {}
+  tenantID: {{ .Values.cluster.azure.clusterIdentity.tenantID }}
+  clientID: {{ .Values.cluster.azure.clusterIdentity.bootstrapCredentials.clientID }}
+  clientSecret:
+    name: {{ include "azure-bootstrap.identity-credentials" . }}
+    namespace: {{ .Release.Namespace }}
+---
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ include "azure-bootstrap.identity-credentials" . }}
+  labels:
+    clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
+  {{- include "cluster-api-cluster.labels" . | nindent 4 }}
+type: Opaque
+data:
+  clientSecret: {{ .Values.cluster.azure.clusterIdentity.bootstrapCredentials.clientSecret | b64enc | quote }}
+---
+apiVersion: aadpodidentity.k8s.io/v1
+kind: AzureIdentity
+metadata:
+  name: {{ include "azure-bootstrap.pod-identity-name" . }}
+  labels:
+    azurecluster.infrastructure.cluster.x-k8s.io/cluster-namespace: {{ .Release.Namespace }}
+    cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }}
+    clusterctl.cluster.x-k8s.io/move-hierarchy: 'true'
+  {{- include "cluster-api-cluster.labels" . | nindent 4 }}
+  annotations:
+    aadpodidentity.k8s.io/Behavior: namespaced
+spec:
+  adEndpoint: https://login.microsoftonline.com/
+  adResourceID: https://management.azure.com/
+  clientID: {{ .Values.cluster.azure.clusterIdentity.bootstrapCredentials.clientID }}
+  clientPassword:
+    name: {{ include "azure-bootstrap.identity-credentials" . }}
+    namespace: {{ .Release.Namespace }}
+  tenantID: {{ .Values.cluster.azure.clusterIdentity.tenantID }}
+  type: 1
+---
+apiVersion: aadpodidentity.k8s.io/v1
+kind: AzureIdentityBinding
+metadata:
+  name: {{ include "azure-bootstrap.pod-identity-binding" . }}
+  labels:
+    azurecluster.infrastructure.cluster.x-k8s.io/cluster-namespace: {{ .Release.Namespace }}
+    cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }}
+    clusterctl.cluster.x-k8s.io/move-hierarchy: 'true'
+  {{- include "cluster-api-cluster.labels" . | nindent 4 }}
+spec:
+  azureIdentity: {{ include "azure-bootstrap.pod-identity-name" . }}
+  selector: capz-controller-aadpodidentity-selector
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/cluster-workload-identity.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/cluster-workload-identity.yaml
new file mode 100644
index 000000000..3efdd1aa8
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/azure/cluster-workload-identity.yaml
@@ -0,0 +1,16 @@
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") (not .Values.cluster.azure.clusterIdentity.bootstrapMode) .Values.cluster.azure.clusterIdentity.workloadIdentity.enabled }}
+kind: AzureClusterIdentity
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+metadata:
+  name: {{ .Values.cluster.azure.clusterIdentity.workloadIdentity.name }}
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-azure
+    clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
+  {{- include "cluster-api-cluster.labels" . | nindent 4 }}
+spec:
+  type: WorkloadIdentity
+  allowedNamespaces:
+    {{- toYaml .Values.cluster.azure.clusterIdentity.workloadIdentity.allowedNamespaces | nindent 4 }}
+  clientID: {{ .Values.cluster.azure.clusterIdentity.workloadIdentity.clientID }}
+  tenantID: {{ .Values.cluster.azure.clusterIdentity.tenantID }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/cluster.yaml
new file mode 100644
index 000000000..9c40dfe1e
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/azure/cluster.yaml
@@ -0,0 +1,9 @@
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}}
+kind: AzureManagedCluster
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+metadata:
+  name: {{ .Values.cluster.name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec: {}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/control-plane.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/control-plane.yaml
new file mode 100644
index 000000000..842739cfa
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/azure/control-plane.yaml
@@ -0,0 +1,65 @@
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}}
+kind: AzureManagedControlPlane
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+metadata:
+  name: {{ .Values.cluster.name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  identityRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: AzureClusterIdentity
+    {{- if .Values.cluster.azure.clusterIdentity.bootstrapMode }}
+    name: {{ include "azure-bootstrap.cluster-identity-name" . }}
+    {{- else if .Values.cluster.azure.clusterIdentity.workloadIdentity.enabled }}
+    name: {{ .Values.cluster.azure.clusterIdentity.workloadIdentity.name }}
+    {{- else }}
+    name: {{ .Values.cluster.azure.clusterIdentity.name }}
+    {{- end }}
+    namespace: {{ .Release.Namespace }}
+  location: {{ .Values.cluster.azure.location }}
+  resourceGroupName: {{ .Values.cluster.azure.resourceGroupName }}
+  nodeResourceGroupName: {{ .Values.cluster.azure.nodeResourceGroupName }}
+  subscriptionID: {{ .Values.cluster.azure.subscriptionID }}
+  version: {{ include "cluster.kubernetesVersion" . }}
+  {{- if ne .Values.cluster.azure.sshPublicKey "skip" }}
+  sshPublicKey: {{ .Values.cluster.azure.sshPublicKey | quote }}
+  {{- end }}
+  {{- with .Values.cluster.azure.virtualNetwork }}
+  virtualNetwork:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  networkPlugin: {{ .Values.cluster.azure.networkPlugin }}
+  networkPolicy: {{ .Values.cluster.azure.networkPolicy }}
+  outboundType: {{ .Values.cluster.azure.outboundType }}
+  dnsServiceIP: {{ .Values.cluster.azure.dnsServiceIP }}
+  {{- with .Values.cluster.azure.identity }}
+  identity:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.azure.sku }}
+  sku:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  loadBalancerSKU: {{ .Values.cluster.azure.loadBalancerSKU }}
+  {{- with .Values.cluster.azure.aadProfile }}
+  aadProfile:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.azure.loadBalancerProfile }}
+  loadBalancerProfile:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.azure.apiServerAccessProfile }}
+  apiServerAccessProfile:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.azure.autoscalerProfile }}
+  autoscalerProfile:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.cluster.azure.addonProfiles }}
+  addonProfiles:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/machine-pools.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/machine-pools.yaml
new file mode 100644
index 000000000..6f1a03f6a
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/azure/machine-pools.yaml
@@ -0,0 +1,22 @@
+{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}}
+{{- $currentScope := . -}}
+{{- $defaultVals := .Values.workers.defaults.azure -}}
+{{- range $name, $values := .Values.workers.azure }}
+{{- with $currentScope}}
+{{- $isMultiAZ := ($values | default dict).isMultiAZ | default $defaultVals.isMultiAZ }}
+{{- $availabilityZones := ($values.spec | default dict).availabilityZones | default $defaultVals.spec.availabilityZones }}
+{{- if and (not $isMultiAZ) (not $availabilityZones) }}
+  {{- fail (printf "Invalid value for isMultiAZ. availabilityZones must be set") }}
+{{- end }}
+{{- if not $isMultiAZ }}
+{{ range $az := $availabilityZones }}
+{{- include "workers.azure.managedMachinePool" (dict "ctx" $currentScope "name" (printf "%s%s" $name $az) "defaultVals" $defaultVals "values" $values "availabilityZones" (list $az)) }}
+---
+{{- end }}
+{{- else }}
+{{- include "workers.azure.managedMachinePool" (dict "ctx" $currentScope "name" $name "defaultVals" $defaultVals "values" $values "availabilityZones" $availabilityZones) }}
+---
+{{- end }}
+{{- end }}
+{{- end }}
+{{ end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/cluster.yaml
new file mode 100644
index 000000000..3d729804c
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/cluster.yaml
@@ -0,0 +1,24 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: {{ .Values.cluster.name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  clusterNetwork:
+    {{- with .Values.cluster.podCidrBlocks }}
+    pods:
+      cidrBlocks: {{ toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .Values.cluster.serviceCidrBlocks }}
+    services:
+      cidrBlocks: {{ toYaml . | nindent 6 }}
+    {{- end }}
+  infrastructureRef:
+    kind: {{ include "cluster.infrastructure.kind" . }}
+    apiVersion: {{ include "cluster.infrastructure.apiVersion" . }}
+    name: {{ .Values.cluster.name }}
+  controlPlaneRef:
+    kind: {{ include "cluster.controlPlane.kind" . }}
+    apiVersion: {{ include "cluster.controlPlane.apiVersion" . }}
+    name: {{ .Values.cluster.name }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/gcp/_helpers.tpl b/bootstrap/helm/cluster-api-cluster/templates/gcp/_helpers.tpl
new file mode 100644
index 000000000..2cc1a9617
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/gcp/_helpers.tpl
@@ -0,0 +1,73 @@
+{{/*
+Function to template an GCPManagedMachinePool resource.
+Params:
+  ctx = . context
+  name = the name of the GCPManagedMachinePool resource
+  defaultVals = the default values for the GCPManagedMachinePool resource
+  values = the values for this specific GCPManagedMachinePool resource
+  availabilityZones = the availability zones for the GCPManagedMachinePool
+*/}}
+{{- define "workers.gcp.managedMachinePool" -}}
+{{- $scaling := (.values.spec | default dict).scaling | default .defaultVals.spec.scaling }}
+{{- if $scaling }}
+{{- if not (and (hasKey $scaling "minCount") (hasKey $scaling "maxCount")) }}
+  {{- fail (printf "Invalid value for scaling. Both minCount and maxCount must be set") }}
+{{- end }}
+{{- end }}
+{{- $management := (.values.spec | default dict).management | default .defaultVals.spec.management }}
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: GCPManagedMachinePool
+metadata:
+  name: {{ .name }}
+  annotations:
+    helm.sh/resource-policy: keep
+    {{- if (hasKey .values "annotations") -}}
+    {{- toYaml (merge .values.annotations .defaultVals.annotations)| nindent 4 }}
+    {{- else -}}
+    {{- toYaml .defaultVals.annotations | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- if (hasKey .values "labels") -}}
+    {{- toYaml (merge .values.labels .defaultVals.labels)| nindent 4 }}
+    {{- else -}}
+    {{- toYaml .defaultVals.labels | nindent 4 }}
+    {{- end }}
+spec:
+  nodePoolName: {{ .name }}
+  {{- if $scaling }}
+  scaling:
+    {{- toYaml $scaling | nindent 4 }}
+  {{- end }}
+  {{- if $management }}
+  management:
+    {{- toYaml $management | nindent 4 }}
+  {{- end }}
+  kubernetesLabels:
+    {{- if (dig "spec" "kubernetesLabels" .values) }}
+    {{- toYaml (merge .values.spec.kubernetesLabels .defaultVals.spec.kubernetesLabels) | nindent 4 }}
+    {{- else }}
+    {{- toYaml .defaultVals.spec.kubernetesLabels | nindent 4 }}
+    {{- end }}
+  {{- if or (.defaultVals.spec.kubernetesTaints) ((.values.spec | default dict).kubernetesTaints) }}
+  kubernetesTaints:
+  {{- toYaml ((.values.spec | default dict).kubernetesTaints | default .defaultVals.spec.kubernetesTaints) | nindent 4 }}
+  {{- end }}
+  additionalLabels:
+    {{- if (dig "spec" "additionalLabels" .values) }}
+    {{- toYaml (merge .values.spec.additionalLabels .defaultVals.spec.additionalLabels) | nindent 4 }}
+    {{- else }}
+    {{- toYaml .defaultVals.spec.additionalLabels | nindent 4 }}
+    {{- end }}
+  {{- if .values.spec.providerIDList }}
+  providerIDList:
+  {{- toYaml .values.spec.providerIDList | nindent 2 }}
+  {{- end }}
+  machineType: {{ (.values.spec | default dict).machineType | default .defaultVals.spec.machineType }}
+  diskSizeGb: {{ (.values.spec | default dict).diskSizeGb | default .defaultVals.spec.diskSizeGb }}
+  diskType: {{ (.values.spec | default dict).diskType | default .defaultVals.spec.diskType }}
+  spot: {{ (.values.spec | default dict).spot | default .defaultVals.spec.spot }}
+  preemptible: {{ (.values.spec | default dict).preemptible | default .defaultVals.spec.preemptible }}
+  imageType: {{ (.values.spec | default dict).imageType | default .defaultVals.spec.imageType }}
+---
+{{- include "workers.machinePool" (dict "ctx" .ctx "name" .name "values" .values "defaultVals" .defaultVals) }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/gcp/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/gcp/cluster.yaml
new file mode 100644
index 000000000..3f1c22da5
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/gcp/cluster.yaml
@@ -0,0 +1,42 @@
+{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: GCPManagedCluster
+metadata:
+  name: {{ .Values.cluster.name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  project: {{ .Values.cluster.gcp.project }}
+  region: {{ .Values.cluster.gcp.region }}
+  {{- with .Values.cluster.gcp.additionalLabels }}
+  additionalLabels:
+  {{- . | toYaml | nindent 4 }}
+  {{- end }}
+  controlPlaneEndpoint:
+    host: ""
+    port: 0
+  {{- with .Values.cluster.gcp.addonsConfig }}
+  addonsConfig:
+  {{- . | toYaml | nindent 4 }}
+  {{- end }}
+  network:
+    {{- with .Values.cluster.gcp.network }}
+    name: {{ .name }}
+    autoCreateSubnetworks: {{ .autoCreateSubnetworks }}
+    datapathProvider: {{ .datapathProvider }}
+    {{- end }}
+    subnets:
+      {{- range .Values.cluster.gcp.subnets }}
+      - name: {{ .name }}
+        region: {{ $.Values.cluster.gcp.region }}
+        cidrBlock: {{ .cidrBlock }}
+        description: {{ .description }}
+        {{- with .secondaryCidrBlocks }}
+        secondaryCidrBlocks:
+        {{- . | toYaml | nindent 10 }}
+        {{- end }}
+        privateGoogleAccess: {{ .privateGoogleAccess }}
+        enableFlowLogs: {{ .enableFlowLogs }}
+        purpose: {{ .purpose }}
+      {{- end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/gcp/control-plane.yaml b/bootstrap/helm/cluster-api-cluster/templates/gcp/control-plane.yaml
new file mode 100644
index 000000000..863930ba3
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/gcp/control-plane.yaml
@@ -0,0 +1,23 @@
+{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: GCPManagedControlPlane
+metadata:
+  name: {{ .Values.cluster.name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  clusterName: {{ .Values.cluster.name }}
+  {{- with .Values.cluster.gcp }}
+  project: {{ .project }}
+  location: {{ .region }}
+  enableAutopilot: {{ .enableAutopilot | default false }}
+  enableWorkloadIdentity: {{ .enableWorkloadIdentity }}
+  {{- if ne .releaseChannel "unspecified" }}
+  releaseChannel: {{ .releaseChannel }}
+  {{- end }}
+  endpoint:
+    host: ""
+    port: 0
+  {{- end }}
+  controlPlaneVersion: {{ include "cluster.kubernetesVersion" . }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/gcp/machinepools.yaml b/bootstrap/helm/cluster-api-cluster/templates/gcp/machinepools.yaml
new file mode 100644
index 000000000..9788fdace
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/gcp/machinepools.yaml
@@ -0,0 +1,25 @@
+{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}}
+{{- $currentScope := . -}}
+{{- $defaultVals := .Values.workers.defaults.gcp -}}
+{{- range $name, $values := .Values.workers.gcp }}
+{{- with $currentScope}}
+{{- $isMultiAZ := ($values | default dict).isMultiAZ | default $defaultVals.isMultiAZ }}
+{{- if not $isMultiAZ }}
+  {{- fail (printf "Invalid value for isMultiAZ. GCP currently only supports `true` for this value") }}
+{{- end }}
+{{- $availabilityZones := ($values.spec | default dict).availabilityZones | default $defaultVals.spec.availabilityZones }}
+{{- if and (not $isMultiAZ) (not $availabilityZones) }}
+  {{- fail (printf "Invalid value for isMultiAZ. availabilityZones must be set") }}
+{{- end }}
+{{- if not $isMultiAZ }}
+{{ range $az := $availabilityZones }}
+{{- include "workers.gcp.managedMachinePool" (dict "ctx" $currentScope "name" (printf "%s-%s" $name $az) "defaultVals" $defaultVals "values" $values "availabilityZones" (list $az)) }}
+---
+{{- end }}
+{{- else }}
+{{- include "workers.gcp.managedMachinePool" (dict "ctx" $currentScope "name" $name "defaultVals" $defaultVals "values" $values "availabilityZones" $availabilityZones) }}
+---
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/kind/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/kind/cluster.yaml
new file mode 100644
index 000000000..93d0020c1
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/kind/cluster.yaml
@@ -0,0 +1,9 @@
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+kind: DockerCluster
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+metadata:
+  name: {{ .Values.cluster.name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec: {}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/kind/control-plane.yaml b/bootstrap/helm/cluster-api-cluster/templates/kind/control-plane.yaml
new file mode 100644
index 000000000..947f6991f
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/kind/control-plane.yaml
@@ -0,0 +1,45 @@
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+kind: KubeadmControlPlane
+metadata:
+  name: {{ .Values.cluster.name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  replicas: 1
+  version: {{ include "cluster.kubernetesVersion" . }}
+  machineTemplate:
+    infrastructureRef:
+      apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+      kind: DockerMachineTemplate
+      name: controlplane
+  kubeadmConfigSpec:
+    clusterConfiguration:
+      apiServer:
+        certSANs:
+          - localhost
+          - 127.0.0.1
+          - 0.0.0.0
+      controllerManager:
+        extraArgs:
+          enable-hostpath-provisioner: "true"
+    initConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
+    joinConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: DockerMachineTemplate
+metadata:
+  name: controlplane
+spec:
+  template:
+    spec:
+      extraMounts:
+        - containerPath: /var/run/docker.sock
+          hostPath: /var/run/docker.sock
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/kind/kubeadm-config.yaml b/bootstrap/helm/cluster-api-cluster/templates/kind/kubeadm-config.yaml
new file mode 100644
index 000000000..c80704403
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/kind/kubeadm-config.yaml
@@ -0,0 +1,13 @@
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+kind: KubeadmConfig
+metadata:
+  name: worker-mp-config
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  joinConfiguration:
+    nodeRegistration:
+      kubeletExtraArgs:
+        eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/templates/kind/machine-pools.yaml b/bootstrap/helm/cluster-api-cluster/templates/kind/machine-pools.yaml
new file mode 100644
index 000000000..0d83fcaca
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/templates/kind/machine-pools.yaml
@@ -0,0 +1,24 @@
+{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}}
+
+{{- $currentScope := . -}}
+{{- $defaultVals := .Values.workers.defaults.kind -}}
+
+{{- range $name, $values := .Values.workers.kind }}
+{{- with $currentScope}}
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: DockerMachinePool
+metadata:
+  name: {{ $name }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  template:
+      extraMounts:
+        - containerPath: /var/run/docker.sock
+          hostPath: /var/run/docker.sock
+---
+{{- include "workers.machinePool" (dict "ctx" $currentScope "name" $name "values" $values "defaultVals" $defaultVals) }}
+{{- end }}
+---
+{{ end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-cluster/tests/aws_cluster_test.yaml b/bootstrap/helm/cluster-api-cluster/tests/aws_cluster_test.yaml
new file mode 100644
index 000000000..b60d0ddd6
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/tests/aws_cluster_test.yaml
@@ -0,0 +1,23 @@
+suite: test aws cluster
+templates:
+  - aws/cluster.yaml
+tests:
+  - it: should be created with the controlPlaneEndpoint
+    set:
+      cluster.name: test
+      provider: aws
+      type: managed
+      cluster.aws.controlPlaneEndpoint: abc
+    asserts:
+      - template: aws/cluster.yaml
+        hasDocuments:
+          count: 1
+      - template: aws/cluster.yaml
+        documentIndex: 0
+        isKind:
+          of: AWSManagedCluster
+      - template: aws/cluster.yaml
+        documentIndex: 0
+        equal:
+          path: spec.controlPlaneEndpoint
+          value: abc
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-cluster/tests/aws_control_plane_test.yaml b/bootstrap/helm/cluster-api-cluster/tests/aws_control_plane_test.yaml
new file mode 100644
index 000000000..231ce232d
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/tests/aws_control_plane_test.yaml
@@ -0,0 +1,43 @@
+suite: test control plane
+templates:
+  - aws/control-plane.yaml
+tests:
+  - it: check kind
+    set:
+      cluster.name: test
+      provider: aws
+      type: managed
+      cluster.aws.controlPlaneEndpoint: abc
+    asserts:
+      - template: aws/control-plane.yaml
+        hasDocuments:
+          count: 1
+      - template: aws/control-plane.yaml
+        documentIndex: 0
+        isKind:
+          of: AWSManagedControlPlane
+  - it: should equal
+    set:
+      cluster.name: test
+      provider: aws
+      type: managed
+      cluster.aws.region: abc
+      cluster.kubernetesVersion: v1.2.3
+    asserts:
+      - equal:
+          path: spec.region
+          value: abc
+      - equal:
+          path: spec.sshKeyName
+          value: default
+      - equal:
+          path: spec.version
+          value: v1.2.3
+      - equal:
+          path: spec.eksClusterName
+          value: test
+      - equal:
+          path: spec.eksClusterName
+          value: test
+        template: aws/control-plane.yaml
+        documentIndex: 0
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-cluster/tests/aws_machinepools_test.yaml b/bootstrap/helm/cluster-api-cluster/tests/aws_machinepools_test.yaml
new file mode 100644
index 000000000..4a8fb59d4
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/tests/aws_machinepools_test.yaml
@@ -0,0 +1,156 @@
+suite: test machine pools
+templates:
+  - aws/machinepools.yaml
+tests:
+  - it: check kind
+    set:
+      cluster.name: test
+      provider: aws
+      type: managed
+      workers.defaults.aws.spec.availabilityZones:
+      - us-east-1a
+      - us-east-1b
+      - us-east-1c
+    asserts:
+      - template: aws/machinepools.yaml
+        hasDocuments:
+          count: 24
+      - template: aws/machinepools.yaml
+        documentIndex: 0
+        isKind:
+          of: AWSManagedMachinePool
+      - template: aws/machinepools.yaml
+        documentIndex: 13
+        isKind:
+          of: MachinePool
+  - it: test defaults
+    set:
+      cluster.name: test
+      provider: aws
+      type: managed
+      cluster.aws.region: abc
+      cluster.kubernetesVersion: v1.2.3
+      workers.defaults.aws.spec.availabilityZones:
+      - us-east-1a
+      - us-east-1b
+      - us-east-1c
+    asserts:
+      - equal:
+          path: spec.amiType
+          value: AL2_x86_64
+        documentIndex: 0
+      - equal:
+          path: spec.diskSize
+          value: 50
+        documentIndex: 2
+    template: aws/machinepools.yaml
+  - it: test large-burst-spot
+    set:
+      cluster.name: test
+      provider: aws
+      type: managed
+      cluster.aws.region: abc
+      cluster.kubernetesVersion: v1.2.3
+      workers.defaults.aws.spec.availabilityZones:
+      - us-east-1a
+      - us-east-1b
+      - us-east-1c
+    asserts:
+      - equal:
+          path: spec.capacityType
+          value: spot
+      - equal:
+          path: spec.eksNodegroupName
+          value: large-burst-spot
+      - equal:
+          path: spec.instanceType
+          value: t3.2xlarge
+      - equal:
+          path: spec.availabilityZones
+          value:
+          - us-east-1a
+          - us-east-1b
+          - us-east-1c
+    template: aws/machinepools.yaml
+    documentIndex: 6
+  - it: test large-burst-on-demand-us-east-1a
+    set:
+      cluster.name: test
+      provider: aws
+      type: managed
+      cluster.aws.region: abc
+      cluster.kubernetesVersion: v1.2.3
+      workers.defaults.aws.spec.availabilityZones:
+      - us-east-1a
+      - us-east-1b
+      - us-east-1c
+    asserts:
+      - equal:
+          path: spec.capacityType
+          value: onDemand
+      - equal:
+          path: spec.eksNodegroupName
+          value: large-burst-on-demand-us-east-1a
+      - equal:
+          path: spec.instanceType
+          value: t3.2xlarge
+      - equal:
+          path: spec.availabilityZones
+          value:
+          - us-east-1a
+    template: aws/machinepools.yaml
+    documentIndex: 0
+  - it: test large-burst-on-demand-us-east-1b
+    set:
+      cluster.name: test
+      provider: aws
+      type: managed
+      cluster.aws.region: abc
+      cluster.kubernetesVersion: v1.2.3
+      workers.defaults.aws.spec.availabilityZones:
+      - us-east-1a
+      - us-east-1b
+      - us-east-1c
+    asserts:
+      - equal:
+          path: spec.capacityType
+          value: onDemand
+      - equal:
+          path: spec.eksNodegroupName
+          value: large-burst-on-demand-us-east-1b
+      - equal:
+          path: spec.instanceType
+          value: t3.2xlarge
+      - equal:
+          path: spec.availabilityZones
+          value:
+          - us-east-1b
+    template: aws/machinepools.yaml
+    documentIndex: 2
+  - it: test large-burst-on-demand-us-east-1c
+    set:
+      cluster.name: test
+      provider: aws
+      type: managed
+      cluster.aws.region: abc
+      cluster.kubernetesVersion: v1.2.3
+      workers.defaults.aws.spec.availabilityZones:
+      - us-east-1a
+      - us-east-1b
+      - us-east-1c
+    asserts:
+      - equal:
+          path: spec.capacityType
+          value: onDemand
+      - equal:
+          path: spec.eksNodegroupName
+          value: large-burst-on-demand-us-east-1c
+      - equal:
+          path: spec.instanceType
+          value: t3.2xlarge
+      - equal:
+          path: spec.availabilityZones
+          value:
+          - us-east-1c
+    template: aws/machinepools.yaml
+    documentIndex: 4
diff --git a/bootstrap/helm/cluster-api-cluster/tests/azure_cluster_identity_test.yaml b/bootstrap/helm/cluster-api-cluster/tests/azure_cluster_identity_test.yaml
new file mode 100644
index 000000000..16729f1e1
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/tests/azure_cluster_identity_test.yaml
@@ -0,0 +1,101 @@
+suite: test azure cluster identity
+templates:
+  - azure/bootstrap-cluster-identity.yaml
+  - azure/cluster-workload-identity.yaml
+  - azure/control-plane.yaml
+tests:
+  - it: should be created if bootstrapMode is true
+    set:
+      cluster.name: test
+      provider: azure
+      type: managed
+      cluster.azure.clusterIdentity.tenantID: tenant-id
+      cluster.azure.clusterIdentity.bootstrapCredentials.clientID: client-id
+      cluster.azure.clusterIdentity.bootstrapCredentials.clientSecret: client-secret
+      cluster.azure.clusterIdentity.bootstrapMode: true
+    asserts:
+      - template: azure/bootstrap-cluster-identity.yaml
+        hasDocuments:
+          count: 4
+      - template: azure/bootstrap-cluster-identity.yaml
+        documentIndex: 0
+        isKind:
+          of: AzureClusterIdentity
+      - template: azure/bootstrap-cluster-identity.yaml
+        documentIndex: 0
+        matchRegex:
+          path: metadata.name
+          pattern: -azure-bootstrap-identity$
+      - template: azure/bootstrap-cluster-identity.yaml
+        documentIndex: 0
+        equal:
+          path: spec.tenantID
+          value: tenant-id
+      - template: azure/bootstrap-cluster-identity.yaml
+        documentIndex: 0
+        equal:
+          path: spec.clientID
+          value: client-id
+      - template: azure/bootstrap-cluster-identity.yaml
+        documentIndex: 1
+        equal:
+          path: data.clientSecret
+          value: client-secret
+          decodeBase64: true
+      - template: azure/bootstrap-cluster-identity.yaml
+        documentIndex: 2
+        equal:
+          path: spec.clientID
+          value: client-id
+      - template: azure/bootstrap-cluster-identity.yaml
+        documentIndex: 2
+        equal:
+          path: spec.tenantID
+          value: tenant-id
+      - template: azure/bootstrap-cluster-identity.yaml
+        documentIndex: 3
+        matchRegex:
+          path: spec.azureIdentity
+          pattern: test-NAMESPACE-RELEASE-NAME-azure-bootstrap-identity$
+      - template: azure/cluster-workload-identity.yaml
+        hasDocuments:
+          count: 0
+      - template: azure/control-plane.yaml
+        hasDocuments:
+          count: 1
+      - template: azure/control-plane.yaml
+        documentIndex: 0
+        matchRegex:
+          path: spec.identityRef.name
+          pattern: -azure-bootstrap-identity$
+  - it: should not be created if bootstrapMode is false
+    set:
+      cluster.name: test
+      provider: azure
+      type: managed
+      cluster.azure.clusterIdentity.tenantID: tenant-id
+      cluster.azure.clusterIdentity.workloadIdentity.name: default
+      cluster.azure.clusterIdentity.workloadIdentity.clientID: client-id
+      cluster.azure.clusterIdentity.bootstrapMode: false
+    asserts:
+      - template: azure/bootstrap-cluster-identity.yaml
+        hasDocuments:
+          count: 0
+      - template: azure/cluster-workload-identity.yaml
+        hasDocuments:
+          count: 1
+      - template: azure/cluster-workload-identity.yaml
+        documentIndex: 0
+        equal:
+          path: spec.clientID
+          value: client-id
+      - template: azure/cluster-workload-identity.yaml
+        documentIndex: 0
+        equal:
+          path: spec.tenantID
+          value: tenant-id
+      - template: azure/control-plane.yaml
+        documentIndex: 0
+        equal:
+          path: spec.identityRef.name
+          value: default
diff --git a/bootstrap/helm/cluster-api-cluster/values.yaml b/bootstrap/helm/cluster-api-cluster/values.yaml
new file mode 100644
index 000000000..43ff61eae
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/values.yaml
@@ -0,0 +1,699 @@
+provider: "" # Can be aws, gcp, azure or kind
+## managed or unmanaged, currently only managed is supported
+type: managed
+
+cluster:
+  ## The name of the cluster
+  name: plural
+  ## The version of Kubernetes to deploy
+  kubernetesVersion: ""
+  ## The cidr blocks for pods
+  podCidrBlocks:
+    - 192.168.0.0/16 # TODO: shouldn't this also be getting propagated to things like what `.Values.cluster.aws.network.vpc.cidrBlock` is setting?
+  ## The cidr blocks for services
+  serviceCidrBlocks: [] # TODO: check if we should be setting this
+
+  ##################################
+  ###         AWS CLUSTER        ###
+  ##################################
+  aws:
+    ## The region to deploy the cluster to
+    region: ""
+    ## The name of the ssh key to use for the cluster
+    sshKeyName: default
+    ## The cluster addons to deploy
+    addons:
+      - conflictResolution: overwrite
+        name: kube-proxy
+        version: v1.24.15-eksbuild.2
+      - conflictResolution: overwrite
+        name: vpc-cni
+        version: v1.13.4-eksbuild.1
+      - conflictResolution: overwrite
+        name: coredns
+        version: v1.9.3-eksbuild.6
+
+    network:
+      # vpc:
+      #   id: ""
+      #   cidrBlock: ""
+      #   # ipv6: # NOTE: setting `ipv6: {}` will enable ipv6 and auto generate the cidr block. Needed for migration.
+      #   #   cidrBlock: ""
+      #   #   poolId: ""
+      #   #   egressOnlyInternetGatewayId: ""
+      #   internetGatewayId: ""
+      #   tags: {}
+      #   availabilityZoneUsageLimit: 3 # TODO: is set to 3 by default
+      #   availabilityZoneSelection: Ordered # TODO: How do we deal with people choosing ones manually in the init flow now? Should we only allow number input and always use ordered for the time being? Set by default to Ordered. Can be Ordered or Random
+      # subnets: []
+      # # - id: ""
+      # #   cidrBlock: ""
+      # #   ipv6CidrBlock: ""
+      # #   availabilityZone: ""
+      # #   isPublic: false
+      # #   isIpv6: false
+      # #   routeTableId: ""
+      # #   natGatewayId: ""
+      # #   tags: {}
+      # cni:
+      #   cniIngressRules: []
+      #   # - description: ""
+      #   #   fromPort: 0
+      #   #   toPort: 0
+      #   #   protocol: "" # TODO: find valid values. Can be tcp.
+      # securityGroupOverrides: {}
+    identityRef: {}
+    secondaryCidrBlock: ""
+    partition: ""
+    roleName: ""
+    roleAdditionalPolicies: []
+    logging:
+      apiServer: false
+      audit: false
+      authenticator: false
+      controllerManager: false
+      scheduler: false
+    encryptionConfig:
+      provider: ""
+      resources: []
+    additionalTags: {}
+    iamAuthenticatorConfig:
+      mapRoles: []
+      # - rolearn: ""
+      #   username: ""
+      #   groups: []
+      mapUsers: []
+      # - userarn: ""
+      #   username: ""
+      #   groups: []
+    endpointAccess:
+      public: true
+      publicCIDRs: []
+      private: false
+    bastion:
+      enabled: false
+      disableIngressRules: false
+      allowedCIDRBlocks: []
+      instanceType: ""
+      ami: ""
+    tokenMethod: "" # iam-authenticator
+    associateOIDCProvider: true
+    oidcIdentityProviderConfig: {}
+      # clientId: ""
+      # groupsClaim: ""
+      # groupsPrefix: ""
+      # identityProviderConfigName: ""
+      # issuerUrl: ""
+      # requiredClaims: {}
+      # usernameClaim: ""
+      # usernamePrefix: ""
+      # tags: {}
+    vpcCni:
+      disable: false
+      env: []
+      # - name: ""
+      #   value: ""
+    kubeProxy:
+      disable: false
+
+  ###################################
+  ###        AZURE CLUSTER        ###
+  ###################################
+  azure:
+    clusterIdentity:
+      bootstrapMode: false
+      # Credentials for the cluster identity used to bootstrap cluster.
+      bootstrapCredentials:
+        # Service Principal client ID used during bootstrapping.
+        clientID: ""
+        # Service Principal password used during bootstrapping.
+        clientSecret: ""
+      # Settings for the workload identity used by the cluster after bootstrapping.
+      workloadIdentity:
+        # If the default AzureClusterIdentity should be created.
+        enabled: true
+        # Name of AzureClusterIdentity to be used when reconciling this cluster.
+        name: default
+        # Service Principal or User Assigned MSI Client ID.
+        clientID: ""
+        # Used to identify the namespaces the clusters are allowed to use the identity from.
+        # Namespaces can be selected either using an array of namespaces or with label selector.
+        # An empty allowedNamespaces object indicates that AzureClusters can use this identity from any namespace.
+        # If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided)
+        # A namespace should be either in the NamespaceList or match with Selector to use the identity.
+        # Make sure that the namespace this cluster is deployed in is allowed.
+        allowedNamespaces: {}
+      # Primary tenant ID for the cluster Identity.
+      tenantID: ""
+      # Name of AzureClusterIdentity to be used when reconciling this cluster.
+      # This field is only used when workloadIdentity is disabled and not used during cluster bootstrapping.
+      name: ""
+    # GUID of the Azure subscription to hold this cluster.
+    subscriptionID: ""
+    # String matching one of the canonical Azure region names.
+    # Examples: westus2, eastus.
+    location: ""
+    # Name of the Azure resource group for this AKS Cluster.
+    resourceGroupName: ""
+    # Name of the resource group containing cluster IaaS resources.
+    nodeResourceGroupName: ""
+    # Describes the vnet for the AKS cluster. Will be created if it does not exist.
+    virtualNetwork:
+      cidrBlock: 10.1.0.0/16
+      name: ""
+      subnet:
+        cidrBlock: 10.1.0.0/18
+        name: plural-subnet
+    # Network plugin used for building Kubernetes network.
+    # One of: azure, kubenet.
+    networkPlugin: azure
+    # Network policy used for building Kubernetes network.
+    # One of: azure, calico.
+    networkPolicy: azure
+    # Outbound configuration used by Nodes.
+    # One of: loadBalancer, managedNATGateway, userAssignedNATGateway, userDefinedRouting.
+    outboundType: ""
+    # String literal containing an SSH public key base64 encoded.
+    # Use empty value "" to autogenerate new key. Use "skip" value to not set the key.
+    sshPublicKey: ""
+    # DNSServiceIP is an IP address assigned to the Kubernetes DNS service.
+    # It must be within the Kubernetes service address range specified in serviceCidr.
+    dnsServiceIP: ""
+    # Identity configuration used by the AKS control plane.
+    identity:
+      # The identity type to use.
+      # One of: SystemAssigned, UserAssigned.
+      type: SystemAssigned
+    # SKU of the AKS to be provisioned.
+    sku:
+      tier: Paid
+    # SKU of the loadBalancer to be provisioned.
+    # One of: Basic, Standard.
+    loadBalancerSKU: Standard
+    # Azure Active Directory configuration to integrate with AKS for AAD authentication.
+    aadProfile: {}
+    # Profile of the cluster load balancer.
+    loadBalancerProfile: {}
+    # Access profile for AKS API server.
+    apiServerAccessProfile: {}
+    # Parameters to be applied to the cluster-autoscaler when enabled.
+    autoscalerProfile:
+      # Default is false. Changed to true as in old bootstrap.
+      balanceSimilarNodeGroups: "true"
+      # One of: least-waste, most-pods, priority, random.
+      expander: random
+      maxEmptyBulkDelete: "10"
+      maxGracefulTerminationSec: "600"
+      maxNodeProvisionTime: 15m
+      maxTotalUnreadyPercentage: "45"
+      newPodScaleUpDelay: 0s
+      okTotalUnreadyCount: "3"
+      scanInterval: 10s
+      scaleDownDelayAfterAdd: 10m
+      scaleDownDelayAfterDelete: 10s
+      scaleDownDelayAfterFailure: 3m
+      scaleDownUnneededTime: 10m
+      scaleDownUnreadyTime: 20m
+      # Default is 0.5. Changed to 0.7 as in old bootstrap.
+      scaleDownUtilizationThreshold: "0.7"
+      skipNodesWithLocalStorage: "false"
+      skipNodesWithSystemPods: "true"
+    # Profiles of managed cluster add-on.
+    addonProfiles: []
+
+  ###################################
+  ###         GCP CLUSTER         ###
+  ###################################
+  gcp:
+    # Project is the id of the project to deploy the cluster to.
+    project: ""
+    # Region represents the location (region or zone) in which the GKE cluster will be created.
+    # Examples: "europe-central2" TODO: add more examples
+    region: ""
+    # AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider,
+    # in addition to the ones added by default.
+    additionalLabels:
+      managed-by: plural
+    # EnableAutopilot indicates whether to enable autopilot for this GKE cluster.
+    #
+    # Note: Autopilot enabled clusters are not supported at this time.
+    enableAutopilot: false
+    # EnableWorkloadIdentity allows enabling workload identity during cluster creation when
+    # EnableAutopilot is disabled. It allows workloads in your GKE clusters to impersonate
+    # Identity and Access Management (IAM) service accounts to access Google Cloud services.
+    # Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
+    enableWorkloadIdentity: true
+    # ReleaseChannel is the release channel of the GKE cluster
+    # One of: unspecified, rapid, regular, stable
+    releaseChannel: unspecified
+    # AddonsConfig is a configuration for the addons that can be automatically spun up in the
+    # cluster, enabling additional functionality.
+    addonsConfig:
+      # HttpLoadBalancingEnabled tracks whether the HTTP Load Balancing controller is enabled in the cluster.
+      # When enabled, it runs a small pod in the cluster that manages the load balancers.
+      httpLoadBalancingEnabled: true
+      # HorizontalPodAutoscalingEnabled tracks whether the Horizontal Pod Autoscaling feature is enabled in the cluster.
+      # When enabled, it ensures that metrics are collected into Stackdriver Monitoring.
+      horizontalPodAutoscalingEnabled: true
+      # NetworkPolicyEnabled tracks whether the addon is enabled or not on the Master,
+      # it does not track whether network policy is enabled for the nodes.
+      networkPolicyEnabled: false
+      # GcpFilestoreCsiDriverEnabled tracks whether the GCP Filestore CSI driver is enabled for this cluster.
+      gcpFilestoreCsiDriverEnabled: true
+    # Network encapsulates all things related to the GCP network.
+    network:
+      name: ""
+      # AutoCreateSubnetworks: When set to true, the VPC network is created
+      # in "auto" mode. When set to false, the VPC network is created in
+      # "custom" mode.
+      #
+      # An auto mode VPC network starts with one subnet per region. Each
+      # subnet has a predetermined range as described in Auto mode VPC
+      # network IP ranges.
+      #
+      # Note: Only auto mode is supported at this time.
+      autoCreateSubnetworks: true
+      # The desired datapath provider for this cluster.
+      # One of:
+      # - UNSPECIFIED - default value
+      # - LEGACY_DATAPATH - uses the IPTables implementation based on kube-proxy
+      # - ADVANCED_DATAPATH - uses the eBPF based GKE Dataplane V2 with additional features
+      datapathProvider: ADVANCED_DATAPATH
+    subnets:
+      - name: plural-subnetwork
+        # CidrBlock is the range of internal addresses that are owned by this
+        # subnetwork. Provide this property when you create the subnetwork. For
+        # example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and
+        # non-overlapping within a network. Only IPv4 is supported. This field
+        # can be set only at resource creation time.
+        cidrBlock: 10.0.32.0/20
+        # Description is an optional description associated with the resource.
+        description: ""
+        # SecondaryCidrBlocks defines secondary CIDR ranges,
+        # from which secondary IP ranges of a VM may be allocated
+        secondaryCidrBlocks: {}
+        # PrivateGoogleAccess defines whether VMs in this subnet can access
+        # Google services without assigning external IP addresses
+        privateGoogleAccess: true
+        # EnableFlowLogs: Whether to enable flow logging for this subnetwork.
+        # If this field is not explicitly set, it will not appear in get
+        # listings. If not set the default behavior is to disable flow logging.
+        enableFlowLogs: false
+        # Purpose: The purpose of the resource.
+        # If unspecified, the purpose defaults to PRIVATE_RFC_1918.
+        # The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.
+        # One of:
+        # - INTERNAL_HTTPS_LOAD_BALANCER - Subnet reserved for Internal HTTP(S) Load Balancing.
+        # - PRIVATE - Regular user created or automatically created subnet.
+        # - PRIVATE_RFC_1918 - Regular user created or automatically created subnet.
+        # - PRIVATE_SERVICE_CONNECT - Subnetworks created for Private Service Connect in the producer network.
+        # - REGIONAL_MANAGED_PROXY - Subnetwork used for Regional Internal/External HTTP(S) Load Balancing.
+        purpose: PRIVATE_RFC_1918
+
+workers:
+  defaults:
+    #########################################
+    ###        AWS WORKER DEFAULTS        ###
+    #########################################
+    aws:
+      replicas: 0
+      labels: {}
+      annotations:
+        cluster.x-k8s.io/replicas-managed-by: external-autoscaler
+      isMultiAZ: false # if false, will create a node group per AZ
+      spec:
+        amiType: AL2_x86_64 # AL2_x86_64, AL2_x86_64_GPU, AL2_ARM_64
+        amiVersion: ""
+        capacityType: onDemand # onDemand, spot
+        diskSize: 50
+        instanceType: t3a.large
+        roleName: ""
+        scaling:
+          maxSize: 5
+          minSize: 1
+        availabilityZones: []
+        subnetIDs: []
+        labels: {}
+        taints: {}
+        updateConfig:
+          maxUnavailable: 1
+          # maxSurge: 1
+        additionalTags: {}
+        roleAdditionalPolicies: []
+    #########################################
+    ###       AZURE WORKER DEFAULTS       ###
+    #########################################
+    azure:
+      replicas: 0
+      labels: {}
+      annotations:
+        cluster.x-k8s.io/replicas-managed-by: external-autoscaler
+      isMultiAZ: false # if false, will create a node group per AZ
+      spec:
+        availabilityZones:
+        - "1"
+        - "2"
+        - "3"
+        enableNodePublicIP: false
+        maxPods: 110
+        mode: User
+        nodeLabels: {}
+        nodePublicIPPrefixID: ""
+        osDiskSizeGB: 50
+        osDiskType: Managed
+        osType: Linux
+        scaling:
+          maxSize: 5
+          minSize: 1
+        sku: Standard_D2s_v3
+        additionalTags: {}
+        taints: {}
+        kubeletConfig: {}
+        linuxOSConfig: {}
+    #########################################
+    ###        GCP WORKER DEFAULTS        ###
+    #########################################
+    gcp:
+      replicas: 0
+      labels: {}
+      annotations:
+        cluster.x-k8s.io/replicas-managed-by: external-autoscaler
+      isMultiAZ: false # if false, will create a node group per AZ # TODO: false currently unsupported so all node groups set this to true
+      spec:
+        scaling:
+          maxCount: 9
+          minCount: 1
+        management:
+          autoRepair: true
+          autoUpgrade: true
+        kubernetesLabels:
+          plural.sh/capacityType: ON_DEMAND
+          plural.sh/performanceType: BURST
+        kubernetesTaints: []
+        additionalLabels: {}
+        providerIDList: []
+        machineType: e2-standard-2
+        diskSizeGb: 50
+        diskType: pd-standard
+        spot: false
+        preemptible: false
+        imageType: COS_CONTAINERD
+    #########################################
+    ###        Docker WORKER DEFAULTS     ###
+    #########################################
+    kind:
+      replicas: 0
+  #################################
+  ###        AWS WORKERS        ###
+  #################################
+  aws:
+    small-burst-spot:
+      isMultiAZ: true
+      spec:
+        labels:
+          plural.sh/capacityType: SPOT
+          plural.sh/performanceType: BURST
+          plural.sh/scalingGroup: small-burst-spot
+        additionalTags: { } # TODO: allow this to not be set
+        capacityType: spot
+        scaling:
+          maxSize: 27
+          minSize: 0
+        taints:
+          - effect: no-schedule
+            key: plural.sh/capacityType
+            value: SPOT
+        updateConfig:
+          maxUnavailable: 1
+    medium-burst-spot:
+      isMultiAZ: true
+      spec:
+        labels:
+          plural.sh/capacityType: SPOT
+          plural.sh/performanceType: BURST
+          plural.sh/scalingGroup: medium-burst-spot
+        additionalTags: { } # TODO: allow this to not be set
+        capacityType: spot
+        instanceType: t3.xlarge
+        scaling:
+          maxSize: 27
+          minSize: 0
+        taints:
+          - effect: no-schedule
+            key: plural.sh/capacityType
+            value: SPOT
+    large-burst-spot:
+      isMultiAZ: true
+      spec:
+        labels:
+          plural.sh/capacityType: SPOT
+          plural.sh/performanceType: BURST
+          plural.sh/scalingGroup: large-burst-spot
+        additionalTags: { } # TODO: allow this to not be set
+        instanceType: t3.2xlarge
+        capacityType: spot
+        scaling:
+          maxSize: 27
+          minSize: 0
+        taints:
+          - effect: no-schedule
+            key: plural.sh/capacityType
+            value: SPOT
+    small-burst-on-demand:
+      replicas: 1
+      spec:
+        labels:
+          plural.sh/capacityType: ON_DEMAND
+          plural.sh/performanceType: BURST
+          plural.sh/scalingGroup: small-burst-on-demand
+        additionalTags: { } # TODO: allow this to not be set
+        scaling:
+          maxSize: 1
+          minSize: 1
+        updateConfig:
+          maxUnavailable: 1
+    medium-burst-on-demand:
+      spec:
+        labels:
+          plural.sh/capacityType: ON_DEMAND
+          plural.sh/performanceType: BURST
+          plural.sh/scalingGroup: medium-burst-on-demand
+        additionalTags: { } # TODO: allow this to not be set
+        instanceType: t3.xlarge
+        scaling:
+          maxSize: 27
+          minSize: 0
+    large-burst-on-demand:
+      spec:
+        labels:
+          plural.sh/capacityType: ON_DEMAND
+          plural.sh/performanceType: BURST
+          plural.sh/scalingGroup: medium-burst-on-demand
+        additionalTags: { } # TODO: allow this to not be set
+        instanceType: t3.2xlarge
+        scaling:
+          maxSize: 27
+          minSize: 0
+  #################################
+  ###       AZURE WORKERS       ###
+  #################################
+  azure:
+    lsod:
+      kubernetesVersion: v1.25.11
+      spec:
+        additionalTags: # TODO: allow this to not be set
+          ScalingGroup: large-sustained-on-demand
+        enableNodePublicIP: false
+        maxPods: 110
+        mode: User
+        nodeLabels:
+          plural.sh/capacityType: ON_DEMAND
+          plural.sh/performanceType: SUSTAINED
+          plural.sh/scalingGroup: large-sustained-on-demand
+        osDiskSizeGB: 50
+        osDiskType: Managed
+        osType: Linux
+        scaling:
+          maxSize: 9
+          minSize: 0
+        sku: Standard_D8as_v5
+    lsspot:
+      replicas: 0
+      isMultiAZ: true
+      kubernetesVersion: v1.25.11
+      spec:
+        additionalTags: # TODO: allow this to not be set
+          ScalingGroup: large-sustained-spot
+        enableNodePublicIP: false
+        maxPods: 110
+        mode: User
+        nodeLabels:
+          plural.sh/capacityType: SPOT
+          plural.sh/performanceType: SUSTAINED
+          plural.sh/scalingGroup: large-sustained-spot
+        osDiskSizeGB: 50
+        osDiskType: Managed
+        osType: Linux
+        scaleSetPriority: Spot
+        scaling:
+          maxSize: 9
+          minSize: 0
+        scaleDownMode: Delete
+        spotMaxPrice: -1
+        sku: Standard_D8as_v5
+        taints:
+          - effect: NoSchedule
+            key: plural.sh/capacityType
+            value: SPOT
+          - effect: NoSchedule
+            key: kubernetes.azure.com/scalesetpriority
+            value: spot
+    msod:
+      kubernetesVersion: v1.25.11
+      spec:
+        additionalTags: # TODO: allow this to not be set
+          ScalingGroup: medium-sustained-on-demand
+        enableNodePublicIP: false
+        maxPods: 110
+        mode: User
+        nodeLabels:
+          plural.sh/capacityType: ON_DEMAND
+          plural.sh/performanceType: SUSTAINED
+          plural.sh/scalingGroup: medium-sustained-on-demand
+        osDiskSizeGB: 50
+        osDiskType: Managed
+        osType: Linux
+        scaling:
+          maxSize: 9
+          minSize: 0
+        sku: Standard_D4as_v5
+    msspot:
+      isMultiAZ: true
+      kubernetesVersion: v1.25.11
+      spec:
+        additionalTags: # TODO: allow this to not be set
+          ScalingGroup: medium-sustained-spot
+        enableNodePublicIP: false
+        maxPods: 110
+        mode: User
+        nodeLabels:
+          plural.sh/capacityType: SPOT
+          plural.sh/performanceType: SUSTAINED
+          plural.sh/scalingGroup: medium-sustained-spot
+        osDiskSizeGB: 50
+        osDiskType: Managed
+        osType: Linux
+        scaleSetPriority: Spot
+        scaling:
+          maxSize: 9
+          minSize: 0
+        scaleDownMode: Delete
+        spotMaxPrice: -1
+        sku: Standard_D4as_v5
+        taints:
+          - effect: NoSchedule
+            key: plural.sh/capacityType
+            value: SPOT
+          - effect: NoSchedule
+            key: kubernetes.azure.com/scalesetpriority
+            value: spot
+    ssod:
+      replicas: 1
+      kubernetesVersion: v1.25.11
+      spec:
+        additionalTags: # TODO: allow this to not be set
+          ScalingGroup: small-sustained-on-demand
+        enableNodePublicIP: false
+        maxPods: 110
+        mode: System
+        nodeLabels:
+          plural.sh/capacityType: ON_DEMAND
+          plural.sh/performanceType: SUSTAINED
+          plural.sh/scalingGroup: small-sustained-on-demand
+        osDiskSizeGB: 50
+        osDiskType: Managed
+        osType: Linux
+        scaling:
+          maxSize: 9
+          minSize: 1
+        sku: Standard_D2as_v5
+    ssspot:
+      isMultiAZ: true
+      kubernetesVersion: v1.25.11
+      spec:
+        additionalTags: # TODO: allow this to not be set
+          ScalingGroup: small-sustained-spot
+        enableNodePublicIP: false
+        maxPods: 110
+        mode: User
+        nodeLabels:
+          plural.sh/capacityType: SPOT
+          plural.sh/performanceType: SUSTAINED
+          plural.sh/scalingGroup: small-sustained-spot
+        osDiskSizeGB: 50
+        osDiskType: Managed
+        osType: Linux
+        scaleSetPriority: Spot
+        scaling:
+          maxSize: 9
+          minSize: 0
+        scaleDownMode: Delete
+        spotMaxPrice: -1
+        sku: Standard_D2as_v5
+        taints:
+          - effect: NoSchedule
+            key: plural.sh/capacityType
+            value: SPOT
+          - effect: NoSchedule
+            key: kubernetes.azure.com/scalesetpriority
+            value: spot
+  #################################
+  ###        GCP WORKERS        ###
+  #################################
+  gcp:
+    small-burst-on-demand:
+      replicas: 3
+      isMultiAZ: true
+      spec:
+        scaling:
+          minCount: 1
+          maxCount: 9
+        management:
+          autoRepair: true
+          autoUpgrade: true
+        kubernetesLabels:
+          plural.sh/scalingGroup: small-burst-on-demand
+        additionalLabels: { } # TODO: allow this to not be set
+        machineType: e2-standard-2
+    medium-burst-on-demand:
+      isMultiAZ: true
+      spec:
+        scaling:
+          minCount: 0
+          maxCount: 9
+        management:
+          autoRepair: true
+          autoUpgrade: true
+        kubernetesLabels:
+          plural.sh/scalingGroup: medium-burst-on-demand
+        additionalLabels: { } # TODO: allow this to not be set
+        machineType: e2-standard-4
+    large-burst-on-demand:
+      isMultiAZ: true
+      spec:
+        scaling:
+          minCount: 0
+          maxCount: 9
+        management:
+          autoRepair: true
+          autoUpgrade: true
+        kubernetesLabels:
+          plural.sh/scalingGroup: large-burst-on-demand
+        additionalLabels: { } # TODO: allow this to not be set
+        machineType: e2-standard-8
+  #################################
+  ###        Docker WORKERS     ###
+  #################################
+  kind:
+    small-burst-0:
+      replicas: 2
diff --git a/bootstrap/helm/cluster-api-cluster/values.yaml.tpl b/bootstrap/helm/cluster-api-cluster/values.yaml.tpl
new file mode 100644
index 000000000..5e311a854
--- /dev/null
+++ b/bootstrap/helm/cluster-api-cluster/values.yaml.tpl
@@ -0,0 +1,61 @@
+{{ $isGcp := or (eq .Provider "google") (eq .Provider "gcp") }}
+enabled: {{ .ClusterAPI }}
+{{- if $isGcp }}
+provider: gcp
+{{- else }}
+provider: {{ .Provider }}
+{{- end }}
+cluster:
+  name: {{ .Cluster }}
+
+  {{- if eq .Provider "aws" }}
+  aws:
+    region: {{ .Region }}
+    iamAuthenticatorConfig:
+      mapRoles:
+      - rolearn: "arn:aws:iam::{{ .Project }}:role/{{ .Cluster }}-capa-controller"
+        username: capa-admin
+        groups:
+        - system:masters
+    {{- if .AvailabilityZones }}
+    network:
+      vpc:
+        availabilityZoneUsageLimit: {{ len .AvailabilityZones }}
+    {{- end }}
+  {{- end }}
+
+  {{- if eq .Provider "azure" }}
+  azure:
+    clusterIdentity:
+      workloadIdentity:
+        clientID: {{ importValue "Terraform" "capz_assigned_identity_client_id" }}
+      tenantID: {{ .Context.TenantId }}
+    subscriptionID: {{ .Context.SubscriptionId }}
+    location: {{ .Region }}
+    resourceGroupName: {{ .Project }}
+    virtualNetwork:
+      name: {{ .Values.network_name | quote }}
+  {{- end }}
+
+  {{- if $isGcp }}
+  gcp:
+    project: {{ .Project }}
+    region: {{ .Region }}
+    network:
+      name: {{ .Values.vpc_name | quote }}
+  {{- end }}
+
+  {{- if eq .Provider "kind" }}
+  serviceCidrBlocks:
+    - 10.128.0.0/12
+  {{- end }}
+
+{{- if eq .Provider "aws" }}
+workers:
+  defaults:
+    aws:
+      spec:
+        {{- if .AvailabilityZones }}
+        availabilityZones: {{ toYaml .AvailabilityZones | nindent 8 }}
+        {{- end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-control-plane/charts/cluster-api-control-plane-0.1.2.tgz b/bootstrap/helm/cluster-api-control-plane/charts/cluster-api-control-plane-0.1.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..4f52727c5effa0b8b4183ec5f8c440de3dd03cbf
GIT binary patch
literal 55697
zcmaIdQ*dX&yD$7?VkZ+@6Wg}!{9@a-t%+^hwr$(C%`^YKYwvUFy?DExs;*iWYxPa{
zs_yTn@gpHofd12dD1fN+#TDrd#bsEf-8oncm{jSFlvvC)lsH)BR8?7J09F?IHb(Bs
z3bs7r##YuqmtVfF*e!MR(K|g~ly-|Z-bN)vByRxCEz%S6`mEAsV_b!4Z;$nCj7=~J
zWhp%vJrV}<?T;5d@Lq$Ij!o@w`^^*L@3_&!UtCN;;18bhm9rsbNK<d*asA|JfA6E9
zn|<qZ$D;sFX<sWmd=UQ{T@GL94?Ygg;*am`<L#R-F0b$R=UQLnfT^7B=Stt+!~h@n
z7oCIM4*JU*%DViMF2suu0JrTY7GdfQLE4;l2&v8IJ?z;1ZD!!^;jTf9Vj+CL&HpBP
z?1fr0e()NOF(IOprdS%vB-Q87X*_P+GThT>rGtyGS+*&6o=dyf%C`!{!NA>uSPu)$
zch9Ri-_Hs&Rq8f4$SM0zC>=b)#mUcG!$9c64+n2J3KQ>-Kc#F5=7LyE7++rsV@g_P
zP4sA#NjeWv(AIGTT^c=e!wiyxiZrH7%8sOYqXM%p@lt&HLfh^r%_qMg<NLySfO$iq
z`*h;ZkacTR*^BZlhmwm1We{^O{v*=cTZ)*=ZKClv{=~h6;3a4xOfe}n1qxdQG6if0
z%PSQj^Tgp)+x`l-q2sd#8FPX2ETn{)Yzg;42r=+&0%cmt4_4fP>&<451E0P|mKf^3
zns13w9DZC1oesArmhX>(X6HoBTl{odj&7Zng-xLbF4EAk7IqVs?w3ML+h&aHX*aRk
zQ(?3uWBVCw7Q{2|wzH1WTHB;sJtt8~1C#kQ>VkBt7^Givu%zTCQ}^NU0#42=pwH=5
zax_s!ZTL5F(uX9&?&W(J4zHwggr@|9#VQg*xn9gK4CG{TlaluhK0NJUm_tw`Z<3V6
zNV~WwrnK41IFs{qvP*UeBSPs1-m=chX6svr^)+{=fnpen8dCP0Eb^3bpjzVBhcIs6
zXd@=&sWgtzo6Xv|V35<OmbAdP$4|bedyA8w5SoW5tl}46ty*eR$ru@*l8W5GA3o2w
zee<LrJ|4Hb&=iEvA4e~rZ}*=Hu^L-PN<{-S*lDOZrdRC3&bxw|XWzG@xf#9~@o^I^
z`uc@-(_xoKc+8}k1tKP+sPe(IERRo+2-N2>gcWIuY{q+APa_dQ9o|5`HwVQ@lh5SK
zD3`E|$neGQH^^Nc|3FzYw}Hyhdek?702A*4b(0{e9;44=59~?E$zSilA;|;^DYHDx
zIfpSKLbSUa`{bf@`Jq^Z`a}$g$pFiHxAtG_otzn~rfsRnSq+C{uXATn<jD->xJX-D
zg;}+*JN800Zpm>J#KFyW7J|TT5LZBo8wx5859+zqKMeA#JoE3KIjEyfsV6@Wt2o|U
zzTr|BAli2EcVNHaMm*T5bm2j10a~e;Yj3tZ@3vh^88Eu*z5^^j>T4l$@9Rp3iC7)Y
zwZk?8yGnLsa2lo<09ps!w$$s_mW7?so;|^0C}OUj9YQX?Ygj%LhqlE2tpXvvVI;`M
z0ON@|ol6irvBQ%bD0B(cLho2SVl{73GqT7|#~M5_u4$xW_S5EPw)B$&#pl`p)mc&B
z?>7C>p0OTibG5(n7Y(^y>CwehnWHznWOmHI*I^W037m0n6o}=?za9(zFeceExoDXQ
ziS(DZ4vDp#1ufE{kxe2+%x4-`2b&DcMi2Ehu=1*TTSfgMD$|yW@kA^-Y(5~fZiq~U
zM&i4_S+n=Od`#E-d-BQo;*0+lGkp><Ri=M7YOYJnQY2x!z@PGUbM(Nsc-Uh~r-Q>i
z>YH<byz!%_V6Km*c$dT9aL;-Av{yhyJD+=_H5$dE!6>9;ajGC+^UjcZN*$-`gUND5
z%jGS<E5G2nzI!$5pGf6CrBtB=NYXDM;v)ie6JTRkZ)NzF0Y#@k4&jElJ^?yV)I!0G
zlqN>=o@vNBZY?BL?~DY3UyiHu%<5P>cLRMC6ZQCo6Ng(daLuhKGR!aYy|mmj^CqXB
zJ+>4d&eaaWIsG${0zvn00^F`GKz!_&z73w_9JkTNyjRqoZ*ZO!WsTcDe&9POevxpi
zd5?Lk15euxOc8BvSvE_twR>%j_RJeEv!-<{Rk&38&_#&CdS$4n#84J<QVlnCkMe~)
zxG5m7l>6^(nZLc$=-rTLt$;{+bP99-TZ7z$J+Wz)7$jXq%jq;U1ukR4FbI9TshaQn
zCd1@eR_bItna43?(y;mtlkk%#$+J)A5+j|27nHr>LRNzpk56MDe7Q^iy=W07;_oF-
zaSv}9Ct`Q?b=~R~ef1mGC|%EG*Vd`>Dzo}w4u-9Z%<4;LMeCpUX-#J%w|3&L6e-I2
z)XtBkB+{Vpi&xjfq7!_bFE^LZ@2A7h*F)#mBt*O3E(Hg76mN-HcIQ5mCEKl+lSS(2
z{%r8Sf+x)SRdie5A6U9icaKXhJIc3CS0c82J|FM<mrq9*V=-hmyt1^qx}UG-10M$q
z4eu5HS9zQ_E1g4dNObfbR;-TFExU$pE?Vu*|Hg>}hhcV_`PpHkRk2P-DL>Sm^<6_D
zHiT^QnGRL_)E2LVMmN--`pIQdUXd_Re@TZiHMw7MF1O2G_7fnb!iUiZaR6YpqjT!{
z9Q!cZmss{<)Mq96D{bT=Oe;6dChJkldd5jQ)j%Pt#G5MXvRICgCK;-A<Z`36N>AI4
z2amA-w8R29t9{$xuCA)-NLH^ix-lj!hv{tG+0EN#oACNMkMU5}p7o}W340^gA3tph
zuHO;W)fo3dT%&CL5%*#b7-8VVeZnt5PO-OUV7#Z}<h5ogF~x5m5=ytZe0m~p;U|oK
zN<%?cOovvbCykr<)EdK_q0B(oiboHo_Zrh7<lGZ+&QRCo=pI{VrDdR(rfCE6f8-KD
zc9}*=ISV3DEd2LRco#A;8djz_+vnA5z?7Oq;z&p^>YFE`s_QhUAkO8$0A0SUL|gTg
zQ-V{7Xt4q{90*ycH8mJNU=v>+oUdI|$G@@9reEFc$@^Xr`*95$bcs^PpTAoD(dp#=
z9KeUac<$lrbPN0Wpw3C}<5nnpHgRww89WA_wt+)_*7ew8R5K$^LBD=?A2PuaxdJ~B
z81R|Ts4}{+VDvv=hrW;6JlW5oW+(`XHc_qr)8UK&2HAg@qWgSf)EP!su(f)t$I{M$
z+zTiMn^6QMb4#d37!D0RIGHMr9yGEX6-<S0Yv3s4J$;Wgc?;m>BKofRJHvx8!(;1d
zGY-qs7}JNZNnhjE#1hw^0Jo%GP^$m1g!HC+n0{MzkXy9m&!jKQZyLGi@@`EyAB7v2
z@V25WX2lisrCb!g#bq6V#k5l;1H)xAARCqA`im&OH<7cGcoeMT_;NUF=+vT}H|qQG
zf?))sv6>i+p#941j9LZK4|~YI6XOD+WRv2AjQzpAmAR_-vH2?8Rf|~AU6nkYg$YRO
zHdxs%7@WR39>;gjK*va#1>Q$EOtui!>z8wtiyN+jrLbB0FQNRkw*7v3XM-Adq;2JJ
z$8Ie<8AZ}U{q#-hRCRihLLxz|$K!(ysLpKa(h%E7?gVCIity@h%pBy;o%my$s_(KQ
z{yEo5IF?{MkcL9cpK$jkw3ef@^%wG8nW9MyRGC~hY9J0?J`!Zaa;Oyo%9^k^;kuwZ
zOEiNIjlMu6)ZTo|m>P<iQ)Y3kE&``LR^!^BWT=vmBD2pRwG8MuY`qC}Mi*pdy^p+m
z+<=0=`v%*si}SNlVFnycQryIX5pgMI>XOOK>S{bQA|UU6(RjP=^LcPhzxG6)q(J9v
zBx{ged&BNz%Mk-2IfS!z(^XrFAiN*yb(lfaXkYbCuSEq6&=zCCx`y5S6V0pDuqvDM
zHmrsUN0mORMYVYMZC!_o5f^Q5J#9nGs!il4b~O8B)T>jER?G`g_HW0*Y7)RS!5f+<
z)7W|WzV_A%?^(+ByB7wz*%{ezASLjhb7-tgq`zrLD<Fk;3(+DG--=fibs7@w1PUP;
z2m`jT@cBzdxQdL$$1=+-%vcHIv@{rsm220UAi2N;2}#1j4=|~nnFSI37>+TJ;T(#;
z(xHh;RI72gY)Y<hRgB6y(rHG+Ghrrjx2&)X!7zc3#(LK&1eln4uKUcj=TQ|Vr=_5g
zrgj}@M?K3h_6$g4deaMIo?lKjgTn0Ew9o=FP%Ub_G%(5@ea5TRn`_>@gjMQyLr99{
zt#+UoR;2xIxpj(rU_|q`pzoI1NqlyXcleDxZ#HBEx8w)&{}g|X&mZhR9Wt&q#qNr4
z+$(6uuf>N&Vk*5BCY|Y{k<M#5>{aW>eudE%OW8QJj)cV-I{d-{3DO_}!AMXNkUfnz
zCR0WHXbQI~D-%n0`x@196&^w$&N46*Iy^O3O9&a@7*ki|0L$*vSOzVr)t_y(D6`^@
zcpey%R<KqEUTm#oU)AvEw#EtK8ms=pU$PoSL3$Yy7ZeZLIO%{smiC3YN{`Ay9|lMn
zwzO+B6lA4O5v8sqI4r^#8OND4`Rc+>-tm<*6?^G$B|LT;M#14Cke|kkEjrW+g0aSs
z*-CK<r9Af87#KL3wjNu9JqnQbjCGg%W_+`2{>c&^g_QYS%yOMhf@~6VN~Dfh{uPqG
zsyi%2`5I-egcbF)ll^Tdy)7=XN~3*@xj~F`hT7_<Yf-&r@li*B@=Lr;8h4frs4@=_
zB@SWLCq7)WinIp2R_paN^X&6!9Ln9TPCqmXUv78X-&;);ce6J{kccsK;<#$s>wih%
zYtRI2W1MxWA9c5E$H{=$1wZ<q&xLYV?~7DYdP!xk!ywU57{41up_k}D3E5s{jtN?r
z*iOO<yT&FExP65fuR$WXNZOo^@9#=L%@dB5F*Z$H-VanDh`q9QSUKwJ>aQI|ZB#%v
z08?)Sv$Xi3w2F(y8wm_$5;jInLVGR`cet)yT(C(!u!dq6`?UHneQzOiAdYzuxT0Nk
z{2f(+TPc%n6rs^?oBOy=FSDGsdA2QV-#6f`$F>Zrs3QCX-2A|QyP9gvrp_S~HrjcC
zS6+HPerLtrr-=LN^l<eBW-X4a8`?MQj`dH(A(3g$qp0JeR_J;!Xw0LIcYC5z1C$G&
zZKs;*c6P#5!ET)8`Les;xi#B%T{)9z=23iX#7NW%NT$SS^|wYz<SgWL!PL!%PZC)4
zt^P9FUd$AvHhi;$^am!RS_$fm{FEH#-lS-hYO#sJp}J&dAqbGq@~jw^$zg>crAsi3
za9t_eDSap~AXvXukp`%{2b8PKQqyenrWYf{PC+6i?#joQdFpA0ISyCGW)0f>%@<}e
zd_u?dYuL}G#iyx457#<YeDzxI@R!NdG<5K4zDs-8XeC6`KzJS8S{cDK%L&nCVvbg&
zw-?t0?zN%*xHidK@@>_hfS=`bm-rGWN71%+gGc177OrOTHu$i?7eokX96#3a4BJJC
zbg1#OrY&$}Pv=;g5^LO~(m@1KpONgcN|Q212;{lpHfEksJq+Q{Ux99M5%nJUo7C1&
znJMYHY`@>rcOd2?cN_D<yh3B3k%U8YS=UU!r<`@jGy2SlwJh8kyg2-^{X)+>NT$<_
zeEZ$e^y}b7QAi$outIo}07P4?BeX>C$S&0{L@zBPls%P_S}+6nasuVH!LHYtZ!I8+
z?da&X1(Kf#ew+8?ZddRD#odK=fmV1l_P~hG7-&}BY5OCN#mm4B%EBYt$oa52TBf71
z2RKgcapX#Qq+heA1-^!4tq7MM<=ByJb^%Yi10JGhrWxKE@)`^JDj56pEtHfk0{gfM
zBf5>?$`b^)qnWiYinNk8RZKs@g%=}Q`XnKVfAd&Q&Sd8$nbm8|NPk-#6&n#k3nAq%
zav}^w23(H)X9So6NBnryALbcM6&}0uRc{{hMPo{>f%`r(hDkC8ySYkGOH`-GW2$Yy
z=MGO9JPbJZRW%ZoBW7fe@}GozXx1#$o`5V)pS#pdZ_l7%frG!ZeHP|7g!m>Ff8H8r
zq<^0ce7vFlIPv|?HF0Ua6D$YgqUW<<IyilJKE3RAsZQUnn59Q^#*%CVhPXUyOL|B;
z+ERQY!l6E8My0s(4O=2Et6k}CF$Rn%Iour^Ik~+)VoDc9nnNr6cp6a(n9#!zIVw|*
z9*uDfS_EQK<YCdBiKb@Ju%!CG$nQyB?H#7$azXmYbsrJ&q(C2y2sS+WR;n#?xSQ){
zqk;D}O2>gC-g)agL?@9CA8J`l(O|;JoWMe7;vlhRgGe%80{41S2<Voa7FI><bVK`X
zM^+6+L#bO>Rw!^fy63WuLtZY|WlPT|N}HRIDWYAa#rF@Qy@sGiBWZoGBd=&l_&ad;
zO%6(z2NfY+TBhw%j<u%VG%YaRAqo}2voEew4d~CTRn3{1`y0ZSW545V*1=D@3@0s_
z?Xr<sb2Ws!y0_K>r8^?T4@bHL<}d#ss$P^ovHO!f*=HTc-plY79RL_3xiNt8qJR)Y
z{UC^Y1CjJ1Z+ZXgfhO~>$5d)mY&9+8xynUUs!{ULl=#rEtl~3q=tTGiSRrVcvdPAq
zULRQW-=K8k^Oaw=Z42k($_C~BB;Au#kWeDYdmHq#)|W|QQ<>DdIkO|4c5|2E70Q@S
z!2B5qMl%JF@;dWx@&;P-9I6Mw4<XQ#5%LD7olc(u*N%lcU}Nc)e}Wx5;*}Yd>$Iq$
zX`-|g2apkyh&&@qC7md1)Tzmez=F6@-?Ziu&#GpJo$BYy*R9h`I)@5qtP6F!W(<Z6
zNY{GvEgWhj6zgNv%PXq2)I_=FM7zS`T^aK*-7Dc_s@2{>LmH(DyP81cDMO+1OG7!$
zqs{AM*${XB1l#4wl4tEZqD|)#5&u@@MR@Rg1f>3ICg^CAyT6$FZ0XrdnPqDd-oYc!
z#@P^%9nY5DjvJj6iLRSYQIEr%!6~REOCSk0fLCuk)35txXuEBu<s}XlMSZ*98eEv*
zU4Yv0gW=O3-vl#fqZaIFoa$r!Vw`)jpW;#WJLiQD0pSqhPPXDOmK4KSO*nfg<LTb=
zdr?dWH&|Us;HNkJfVccX6BCj09qOL_+LEKkX$#zWirsj?jR~e%zRM*3W~~I3XEFl<
zh<2Y_9Y4VwOO8@N`+a-nXaLppi98ke&rIk4+n$T22od+!*d+oA6{~ZV2chGD8Q>#d
z9jF@Rg+>lloU*Pjb(NZO?#{ZseM~!W%5uj3Zq8k@BBqma{Z`w#%+H4kFL(Dx!@6<0
zYsW=&90yaOa%j*CC>3<0!M^MaA^W<-?m{j0KOevf_;)l2irJk1r5tY3|0!01404vp
zR4nTu0#-eD&W*)M&50-*<^ABd%YP3B36BA0C*~kS8F<4_&%>M@|9Sl9VrbTb`%n_d
zM{J68neQ?G)YP(qdOrgau^%+c#2D#Y(6%1>skfd@ZikkRFAJ%8a>^pctNpzIZw8s=
z_+BYVL=K=cN1HY3AX>ega7Fm|d6>xG^!vVb56ZgqUS~-TYUf9|u--T7H%Zg>&ts66
zAV#iL3ab-*k-{rv-uL3{5mDoLY!$5_+<dxsZvgXnQm6J+Tt;xx&c@wy9){kZAWk?)
z;T29>Zn3L03CqZj*dLFP&$4bQq~?=e@rsrw|2|FNv5zM%?^N3#o?|^wF(2i~eVtWk
z6RmA2UFMnoFx3j2<CV~nsG8<;2G`?z+RTeSnAr8x{J(b3aMedX5z3T}7e7n7re4mh
z_CuUqze$+;__KR4Yradpukf`Oaw)xsIhjkd+3aW+Bp6Viuwt?6*k25}(Xf7w7)FiD
z_lU@a5zh*0#q`3TJ2lHNV7<snYG}ji@2R0FF4N0UgNBu%_!(AA5*c?cM(Y?_xXLTK
zE3j91W?A>j-dPjIl7=sJEHWFr;M&_;V2iK*;H?PmJmc1*{_49=8eD5YFW>SGg*f2r
z!oiP1ct*&%c8kBV&^n^A8pdP%>jH-SAqw^OD{^a2p#A<(NPbpGUY=<UFCYMm7ePSa
zze^i|4;1X{1Of~--MeQztsZ*Ad=t(6OG&*y=E?p@;~rCeHK+0(1FRS#P(V3=zMZT<
zlEb90wSL`W`giTKd9o7NQ+RLttp82%-&ujU#ES|jCXsDon4ctH)^W8m2uT4J-I9}I
zWlSqS;JmBp-F_y~N68JUIDU=a(0zYvZn~2$oot%3FJ6mrkoJImc&Zf~A_PF`swwVW
zbmrYVS~|Ob|5frmS&VadK%IM879~Q6=hx|r#R|5|{w`^U&;*;i5ZcBKucaMWQ|PM;
zBFfx}R*jP+&Vw80%4I=hEoF)qQNC%X@>rjO&?57;K0ZRj7tS{;P(f!9#L_$M?_`sd
zw|7U3n$<A_aicdx$p$BdqAJFgm@d@w6c&GpmE&4RW4uqNXf1#seC&&X4(-sH1|%~f
zQ>q4SIlz6?X_@rSlS?OQ#c9<k98t*O(n%FdW0L@qx$#+qxZa^?-UnkJ(f|Bn!WWL&
zda#2~25_`v^K0V>=@1l8y$QiW8FDq!-|r|_x;)?7zVdx5iTAnC=RD4s;_vu2oD^O)
z#N2eLi6bk`QhVSgYh20mLj*7L4-RIG(YI^8>Q5)zh6^#F$Mw~$=}_==o`lD1Ov7?~
zm&sQ<RH5Q2$6?6COQW4Zj<52^8N=@8CS?(s9?sa3^67j(eLk@nIy~>)KOs>Fn~2OL
zQF}pXMTnWtl>7?ZEbXG2fLZD2_%|w7;&|}f7Lg@hqKi>&QEYsQnZ@A|pexxPJ-V7B
zQWre(Wq>kNXo-wsS!UtY1m)4*)8-^ZReSO)5ecTYKBt-AK?|zdW?Re!)xMEt=P~s#
z$PEX9VgY^d0`Sa<8Lj9vg2-t@s*;D#4d?(P22i9GC-c}3ZR+hrKTF!2bOR69OT5CZ
zN|-kC6ea4OBOzh+m^R~{813;!hrqRO!TYSaZ^`<X&yZt0wVFflxrpL35S_wdgPX5L
zl+-ZLpZH+$D#qVe$@i2pn=0p1k1m6>^3JZFgTQcQF@%L4f3@EAo4Sml8$%YA={t>0
z87B_mf-)&Zo#IXu1)eUqwvLpquJOQL+KR~SP&~!Da-wv+Qx{AAbaXsyt_tk+-AvP6
z$a$NigW$#JW*oUn|H`Nh-G+<zYV0jN?=>UCK2h!nI}l`gGL(cP5up{4AIV@lAKuV|
z3ySC-7tzsk8_I+_Z6G-|TX;tTJ|K#hUZ0l8xgdz^uaz;z#hM>aqh|r0o!YMfg*hl5
z*s$bl=UCB{auG5ed0k(q_Ar$cOgaOqiu;q|9_OCC4Cb<P;oOy@Mz*`!Obd-y$A;nq
z@vDr<Q)E}LEM)2y-aoDN*g{CA#&&J|CYb7j%)uSh8@(WNEdKbK^=S`MH(P%jX`@f~
zMl-UzNn0Cj<|$&y1?kLIrrSV!E@6Wi;iUsJHsr<lL;4Tn76wy8GD{$cMM`51nTh20
zsV(feasKM4y{M5Si|3oy0r5kQ+xA=U4HwyYlk4H%)x+DGNU!HJtSUY5u3dNON}kG@
z`hr4cv1dMP5DO21bXWFYD_-)>7b<barx2h+YPw67oYq&*V`&-=RcsXrmPqUR(pz}Q
zUj~I#(n`t66z1Ny_iugPW1G%uV*Gu{_*^lkCS_LORc#;Q+P8Y%*l5FJJkM+`s3qA@
z1IF|0jvwK;91Ktgr>q2vk_tL>KARwIApv8?EJw!{6FDup_d;16bfweUtGg-p5l_uJ
z-kP|<UAw&lV~T=sZ->YRm(g#aOKAQ^McMd*4*kl5Q>a$*)sDeMxjgYM402?LmjlLY
zcr!Hdz8P}m@YeUw{OVJxM&rNFVY4>P^3!H<I_rKJe6|=VSHzR_t45?IVSHTR>0r^8
zdMm~OaZSj=)-@;H!ZEc4`@W95M;b^BnH94mn>Q0lP2e0yZBlEUF!ICD$e7i(0b8<y
z5^@H<;LXhsEiX8YfrSodDw>nmxRM;gQOoI+YPn3bfZ)V&0C;}WRoIAQD6w_lk}QPK
zI!=C9?840eh<Qt3g@sJS+kZQq-S?IfLVs8U(xXo*rKH>p?{y{n{p&RpWje$Uss%kQ
z>*Bl@n#G}T1ws|>xiA#bWBX?P8``$nNoe}8Bw-qAFX0VhDb&D+c#V`lwEo`v*Gm{~
zoU}aL{gMoX4A~4!83~~;B^Z6`w<)1;)xj(!HCN7qOJj5#NcAhVGNt*uF=bKfzOU8&
z2Ex0Za{x;e!!Xb}<We%y!i57*EMemAB){XIxP<)t_-3GKTFmC4_UM4<gI_0W;!dpg
z$MzH&jlkkH;A3YAOQhvB{7X!HtQ-{I**cPk`~s?ELMGh3jG``LA_WU=PHqQ6^6Ndi
zEA+F9j?@?C-XeNN4nh^g2Y`*X!9nHZM5&tygDlD4suhuVl&19t<5_h>tsKdNdiY^@
zLT`WloH&!qheNHM0M2StJ##UYCfG6R*UZ@cT<1<&!c0{MrQrG6-PLQH>KD;gtw#$V
z{S2ee>@Vx^nO*`mMdZQm-<ghf>|$eLJeWkSWhnBEEOdAC=*5QuXujk~85d4sB{ERb
zT~aHU47+QPH&%;acw?>YW!%~(kM{Ykfx#h}=5HYdQ+kbqGdNvmirR`9Bo~HafJZG7
zCy<;JPm#D5(z=CtglS-eKmbZA(nWh`WP6<dCG4a@b<9n$p<e~>Bn}Z>uEh3;9RSJ6
z=0s&~p#&iC0J_X8cJf<8UG#^WpVb(ZTuAQGh(?0}`j>h8He*83!8qz?^IZAcY!bJf
zEqL?&T~>7-D9Coht+YRoG2xg2BlWSRM~-8`7q(8F_z0rhl%)i~YV*#MBsa)Yiq&S6
z$A*8-j2OQw%R{Q$74ZqC!*#H1qpKR{c-Z2Sn^q{m{$>yY;S?hO6K5Fy1YVIMKBoHz
zJ<0aQT@87NjIj+Xk;%=$KEg0S7-6un^P)Yz^+s9H6NxRA*DDB8>zG+mv;Hw4aG$Gg
zeZUZ125Cq%_*%)Q>>)@qI)mZiU1}o1Q!@}|>t7B*sXmEr`Q$|us4xsWES=aBz_CM#
zP_)3~!8wR!szvWGRfdc&_~iC@|2hH1eaxx)%ma9Mz&!ixw`n_KQGy;<=?k6)RpJIl
z?jvuQSG_uRJ{g-juAD3wxci}LxEsYDMG3;If#KDq7jYP>)4<1|cPM8@cO(chnRbHu
zGb*@5b>*q@{@v^{00xpndYMcD2HB!5P{xDnv-Q2`ELWZo!25Tn<9fyL<B4oVp%)6I
zsX%c`;vo;v?QSy_LZR~ZS0#@RsiQ%AsAWPjQZwCLUEiJTU#$6Sx3c#j*#_YG#$)ll
zSB4v@TVvt=2va750|!B+WQks%6;RmNk*mk!0VN5wTxt4hyr7s^#`2x5Pti(EZ_qBN
zo6<TxVkHea^UR%QNp(!ZVUurXK|p|a)$?`mZU<}k-PvI&!KTP)cwiwlN77X5)z#3@
z@d4xaOQ1>d@*2xQh#?weww|vv1jc@5EE*UX0OypJfjWmNmpX8mK+O1$3&`OW^x*aQ
zhSCnLqb)ERu9Y`}X6hG2+%I2-t>9)idz`(X=l(JZ?6QHCK@*<^8*19p|4;S;-?)HA
zHObg0Mw2+g$Y?k&*4?YM0ZY=ivO^e$aKzb(YWLf>-Y&ez?;Hv*%~^T3j^Pd1V9Or-
zu-J5-tm7umF${*X2bk28R2Kw$%g1S4`<G>TA^%~`>UePB9QO=6EyoZi;zr1tPRfY+
zI&Ne=_*)UaI^bar!dQ}JHP2b7DGAU^`HKq+t6*bdgMM#1Srcod=UtC$@tZeQ&`t@V
zM3x^Lbyb*h$ca|u{QWz_t<AULm57@|6H@5C6RH#!;j^JS>e24FhJv1Od#ZyQ+wyT0
zz{7t2ljE>R_83$aZ2;axYc}E|TomSC0BFi)Ni26V?zBXWMpj>DT}BmKXwNCrQF7@b
z+42z_31{T$rVck)(b9y1+bUB9K3JbHk3}sxjMuu-wJwNJ5hEKbMpIqoV%(l7a@d&H
zoZO06F=VKC-Qtf2ol_abLr&hOl6BY3F!Ysr$5L-Lkg?50aB9DZ|ML#xKTuh2srLPz
ztipJCeQBz%J#fIJp*}_+MRjIvO#)((`O@4T?~@FuAF3~=SPAbm>5}rk?!E^(w~uJ5
zhmB(?o1H{Q1Rpxz`U72ae}23CYSXiz21k#*Pgn}BBr>dY6BSOO5LxZu&*Fdjw01cK
z7Eae=LE@V3$PM_yxWa<^w**%lXv<VAI1(k*NJE0>vKS&&<5O~}HbS|MMqyUC+O!OS
zkCN^vb)6Puvq?~}v#y^J^3u~4W6JS=Omc)k=r9eLPWwSs@RZlMm?>MJ;*k^)l8w-!
z&Su5juNmjTsVgQ>6G$W6RO!LsCO|ENhGw?wwdfB|`xVK3esZAyY7Zh>@<t4ubs8Q%
zWRXEL5_rmAcTKXWe=wCgw~hXWwf!_1DQO=-3+)#SR+LV)QXzfRm-$mY7OgW|LZ@>b
zCFIX0iFWA%3I$0`l5i6vCa2pu$kxHNwvx*$Hs5Vb<zUe=dNB63u|T#>Gy>-S^iCx0
z#La<?@4<EVD`f&AX_nf5G8bh-I~OKkYu-4!j_01x)PT|5RoG}cXc@E3+y0h}aXhk2
zdlAV^w@Mnr2aw)BqZJ!R9o3~GK91u4KJ`;)@X}3QAN9$_oju(|NL&blNwaDV5Z$-c
zrsy!0R?}3*aHgJa5Gt+I6LG`;#_IUHX-_vGT7Lh|+6Hv}IEFeS7wuaswnza7a`(B)
zD5GB7b2j*~Jw!G#iuajoDJwB)-~|hUdKfZCMJib~dd^!t-LzE6(o#<eUSUv~i949W
zp`-zAd)I-?@nHn_lH}gLpL@w<P1OKrI#t=wG40W8?v)Z64YSLg5aHG77Md*5foQhf
zyOWPSC4Tw7*?8cakg?q#;gari1iq4)dbCS=F1%LF4?QUe-FR=XYiD77^ZBw>qatZ-
z2!YjYl%;~b95tA%PHl{}WChtdDAS5M@^8pp6+oSyZ#MO`pn%q%F4L++{K6fa%(fCH
zMjiaKa-I>J!U(=fRwJ))bLa&k;TTQ`=W)>P0sQ0lNnP)z!Ca${34pGO##~AUF7k}f
z2nuWvP-xr)V(FkOVET30DRo<F&5({aD8h#!FCXDf{{N@G9}p3q{=2{ig#;@6c}4DX
zF~ycR4l4@#aR#4gMiyH0q%D5(-By1<N}l@gEuHVw&h1VCNHqu1XLXM6s3cY&+Nr!*
zK-07{#F87nBw5ggFUE)Krq7E5x*aANBsksF<oxKu#B7!j5^S0q3dxt6uYZDyL}Jyy
zq3qgrW|4L{bxTSadhwi3-V@svhnLd01Zb*f1h{qan^Zd(@A%ZJx)Fn>E03>86jZ{F
zOQZfOpB0XpSR6)d0k1R(WR=RUNmD*=>}!}kzq6V~Xo6*$pih=A=^ANb4?+)f;cE`R
zj~^u8$(9{Upm;~10hQ8-gzMB&6aUNBLS1liq2*2)-Z~(w&q*AyKvwM`BX#heC_3WK
zBPex8029VTqq$ivI3}T$+VN<mH1|baL-?9N+I)a2nBtsV6bO+zSS2aO6qIz>*6H7P
zCd44wqq~%414gQl04x6tm2k9WS_vh=l6v~Xx4sQq?>p5}u{T$Ne+gCccI^43x~Ccq
z%3{cTZ994KfiP_W#(3PZW7kb(IC1*JSLbN`SBbCN+odbTiUe@*wvY16_hYCj1Ra7-
zC&rD{s>oI4T>r*Ns@I~5OBfl5D3{0f18Fmz8HJowLF8(;y=Sob33c4p1h2PgPIcKc
zePGPkeF!bgp*N<lD{%JpK9|B^Sw(My3?#b4n9kid3t`X5i6#BIy4DA9_*P|$j07!t
zBkL*LX&Lq`K?;UMva&YVD&&&>w=8={KQLpOR+dtgZQ*(;^&*J#KrW;nFNh(nSH>6z
zdK~)^QTqB(SvQa?CiTix(oz!yv<ph?mHNHXMaDNXh({5s2nbQue7woVreE8>RJp31
z@W%iKTsivtV9u?yEvjPcs%Id(0E3>jge!}zldaj~K1KtokHMK{^Z5)MS;9>PF?Nz<
z6*@2OK3TFxQ#)JWrM}purNMQc{{>Ofmpz@LI$Uj|E_s@DLWN6;@0MNVjr#XfdRf`x
zW@G9L<=|@{A9i{K|4nX$)Ht+HS|;)%OYmABt*Wz(H`d>3J^_FZRls7<0osR}Yvt$h
z>nq&gZ${%9l%xH68ph(~*RE%;(+-L%0@=A?BGYPe?B#QqINP)v%xcGw-yRkv0e0#?
z(ueRpQ5N^PQ-3WTY9Y#jJm$9^ZyO`I{4ukBKse_iVdn{F#ju$Yylx6ejcS3A-TowL
z<?H@oz?_y6B}Tt}Fy9iZ)t}HT3L|UWYXsD=ZK^q-SwPU#9r#u$ALhZp&4!Qys7WUO
znBT?*!l@RQZ4{dcg|<%**E-EeVyp7KVZ){~T8md#-p1AXazCF3eOXT)`A{Nv`F>e_
zT6w)X`HKED{d8muSqKk_7oS0%;E%11R$xeh+j{+mzzFPuE6PUs7)Q~f6STqTXiD4*
z`5a6HEs_|mUv~(Euz65lb%MVHPYh1Or~sS9mi<m|d&%eQhe=lOt+GG~(WO~51?wPG
zWPWPgtW;HFZ%g$JDow}xJo}a7s?R<RD&|mrsu(lIfpu@Md8>{~W`_09lmoKkzCxNQ
z<-tX<SS(wvT**7hx+Hj>a>8`(%COv74%5Nk;-yZ_15pz?cPjZMv?GqU_+S~vMk73~
zT+|BKklr1o`~}Dlm@P|I*YAI_HzVU#<65m@K=~%8#EMjKy#3Ibl=XhGN1$!0MdR3;
zAd%u=q1Fs`W9zB-q@4?)Y$yZ%xFTo#W2Y~w_&0W2Y&QLzHd%OKeYMo%Q47J;Rd3|*
z&mWc`?oh@KfschTmbJ3WgDlCKVmwW+gX(oZ&A1s<nYFt~<|ek%bn<+$I05h(R`fEd
z8dRTQ@x6cNl9e;pq8KoFr-Uq^Hta4_pds|F>shoO#uk`Y@yWm@eQN5(Rn7NnE_9pV
z7TPVwfh%AYO|W*p)%iMOHuX;=mSDN+^*BhhCJ_b$gMxKZE0dkivnmABQ8Q#5QWia2
zc6e1n_04RJdBvr56HSPf>w?mH(!rz-(ANPd$AJlR^wpBtE+$#xam~*7m1Ha(5Fqrl
zZIGSlv#6^B3-x8oDU~WG=047DOhz9YE6Hy^-JGPt{Xw-Wh-$)2pfzWOuG+?!OUH@|
zr605c?3czqUSdsm0d!PQGSaEzWGmu*o5#JeX!IOhWo6v={;mT}2?84G92HbE7Y1JB
zx9n70+EDJqyV;1T1}g2h13}3~qpn_Yy3r!cj+Y240oJ-RUME+V=Y22v=L~2Gp~WAw
z=F{j2uAjddA5;B*XPSvYc!5k&?eR&q|1#ZWWUHcmmpw%-Xy=i2lZhA{nINk00dr-s
zYJ^m-KoSLBOd*Ms(;K6H921nBT7HKD5M>ffvjx-BOCE!%C}RvOa*bfIXu-aGk>{_m
zC{?XLrt6~MKkK`!zd6byh%=TurzMb>9{xH@(c@2rU52oZLm*-!)k+FL$i%d+6a`j(
zsf^6XkFqZguiMZmPmFYL7L12@jTOJ)lcm+J^oz8uD}h{lT(LD<&hFZgX%6|w`)f8z
zgHr?NX*P3`rz6-h%eH#>Pyj?~XWF`c)QBcgbtriUACjH#axhURbqflil1Zf3^k9#{
z6C%At9_zxR$AcnHh}mOs_?mt{=>Rs#b63Sxn(hDs-*?|0Nm(=#5yib66~`c~x5t>M
zcS=TXvOqC&$y-}abtq-b4a_=`qWWBT73YeJvTgK+)uui7nvm5ZQ*DFXu>q&gG~OUs
z_hLQSie;LYsC-jVnG);*OPdoCkdU}B!3J<huOm_3LxP(56ah_PTwcG6E0S%?JA$df
z)PMHQUO|Zc`lW$Rqt%{nfWh}+nHMafX4W?kHsVwE%sHBrN!9+J=&e#Tk;+7a)7hps
z6~=~r>Qzog)1qoG!85*4T6|$P-AAVHv92sHDH=IWd(~@AumtYZ1V0wtvd1w?hztE<
zU>(TT+X*b|_y|G3B)i%IZS*f`Q3#$Zwv1#{v35uy%!f3AORYL<*o3`3YN@+1L_i&d
z{<HY&V}-s^h&k;$CIMYvgyuT4iAZu)7$xYsnaH`H1*@m^lA0@<UoZ->tE!9<FG)x_
z2a^w1rOJV?6<QRP6;O?~Kg8tIbZ^P0QAX*TM2GYh@{3m6SP3;u!PV6HJ+L-5=Y(Z7
ziQJWCQV_i6^B-vdt&kwGX9QzeCQyhw8hVXZJ~zKM)o+MllKe<>`9^*(N<)x*fo<U7
zq0O!NzL0B;^r$SW$X!pLGfxb8>6bckj^T%zfU+e>>U80npu83ZmptV6ip9B9N4Lfv
zT^R|Wz-ClDv4?;XD}2DG>urw$2KQ*QF64P|ELV2DSx7fmb7O7Fbc#d2!|w^}+>Vwy
z;b#XiHPy<BCMTYdJ~bydyW5?@AhJ9Tncf8FHa)6Y42;kVgK@0w1NC6k;Y;KC0G+;M
z<H34P7ijR<-K^3;`n`v+X7_b1hjZMN<LFONM9@WpjAVOoGWql7P{V@9mS+;3(6}pA
z?6S&LvD{D|AC>GIescCVlBL~3w`tHPn6Q+buREw24Q8ILuL3m3nT-hu{ebrZcFQaM
z62`b3U-uxD&T%UV#9Ub;Rq8Hl%f{>-e#M+$VJuu;rjKY9>7EySO(^h{MKf^^#B|;n
zY%kQHjj;!9_>oj`9zuq=q-O8+&JtF*He%D_%9XvI?ayEB(hTR!I?qXZ{{e0)g2_za
z#<q|_D#VO=8WTYS`ru?+?|asMQ#R}6Yv}s_T-(+<u7d7))on6dVFeCK&~5(v5hwDQ
zpM5G&tGhZ~Ixsc57rj#to~zAJp-YysoxqBs2f*r@0K74<jW$tPfX3GrjLo>sKovLI
z77oY9TfD(bKta8Kzx_KRmIHa@q=b(<L%F+pB!-Ovfoy8Gm!P1r7Bej02h|@k69raW
zCs)~uqJ|-%wQ^Y$v?F*PHp-&7Ane4XgkRJAAk<;_h1_(LNTvo|#GO3IAxDs$#_0L?
zqyinf$#lFw{A4D{U)n8eH@cO~2HgA4jrWIE-{qcYgW<ri!y0bgzime24%)2PSVsxW
zkIxrK*mIkST~_Pc@)Ji7E><IkOH3lPC^Sz^T3(7_Cc}PTxp{UDH18s`jufe8GYVJg
z*&!569K6_yrF(;LeGy}jtu-m`nZQioO3#?uj9bbA>JJ=N|G3N))IgU7{Nps)HNY$0
z+Z@c&WkQi<lLKx`2Ur1hya@y9?&a@)Y)p5)7kz#ZC}VAG5iIo27QF)qfF7eR>d$*f
zhLM0-a*|T;U>5QZ93J2OM}6XCF+0^f-xAjBS081o5NBJ$%3LjJKTRR)A(rpX0QFJ5
zj~q7eO^>FfI}cVn0za+uAS`2uyXUk6WJ>qIpVdt6!M)>VNb3gD;eKGYRwKWW@_D7c
zG!FmsBqB~c1o&xB90E@iT|BifARR}t|DiD2Aw^{BxNTL23)(lOz;O+w*9bNxoM<|j
zo1C4=Mk&~v7gh8*9sYgC7g{&Zw*S#ERZAOuVVD0>5xd+Id@L!CHqox^|Kc!PB`DXi
zikLqCLt${k&5SmjSp-EE*c7uKEwltRpfi_A$<e39VkCC(zC*wi+Lot@W-zxlv-CBe
znD9B_z4dWJ$M-Eg40&y<a($iESkzVXCXK1T72~AGsicphdDQPBM-DGH3OwN009I(%
zggMeif8G{nZA%GDOd+A<nYcFG2&=##-Z>|*F-Ll<ML;sPZ&;fnAhJR<ioDZRG}gpL
z1XG^Li|Z19|AgMg3JKKhds%anpxerdhK9=J^eMNe8u&)=REj}IP_tg<VzzN}grYI)
zsX!I^Z>(<s>O<+HEUN@&ZYFftRDGzKrG82jU0bd18Ml2jQW*!R{lacw5<;hcpUktA
z&@pEjnr$HIA8_Of58wfH=B);*%QvdCvboPEL5~~v(l4nN7?sIwig^@7_1fTG_}_0=
z7w`?AP^draS-9_E^fko*F3i<p(^4gpYEd3;QKVEQz^iaI%+uV$gphbaahZU(vKurD
z=H`Em;3%^(0~I&TM>ADBjbb>d{J{<P9ujVhU&!=~W!7oLMrryEr8hk1L3P^RfOSyB
zUonRd|4o@P7kiZ<^8Y}V-9E_Lf2R)rC0l0HwGv_*DYoc7G3e5h+9}6Eo6rKDUDJz+
zAyZaDOw<>%ds%2(OD6kLoTh2jXj#}Cl#mBmcI7IFCsdOaDuAdTVf7{4<BVTfA3vhI
z?oZPbYn!0r82#)D$fg}R0exE7qAf}yIJupL4|#*Fg%9<Zs*3_+v+ifF4G6>MDzTN`
zJ!rbcg_pg*%mahaL<OIJg-OQo3^9>RX2u-;Sy7xhVsl*t*-mZ>ODlA3Nm?P5(58!d
z@>!EdH%xdJs5_%^zm#<3_9uL~iac{}(Z9zl_vAg+NC@t%BOq0TB;TdWLJXS`;6SVi
z?}mYc?dR^Xkg5#oKC^;r4%r{8yP*&UYb=eflsIH>EDag{-Nd^TMx8$WdnL4Y<*Jz*
z=)r{IQOe=bVsfm^7ksk<O6izZyh9&py$A}n`79;8I;I$N{h?uT<_PxAPQ-)=_Hyj;
zV-au1rq}l(I~ri+9NOd?S&(1UW1xHbeZ8><hv2g!WHaN+jn=F-;u!t9AwQfqHvv=~
z<;8Ny1E5Q#A}k>{eY^4I$9_)eqm=7rct0_jqhM()P&5Vkk40GljALc_!HP?%iHB>h
z`C(~Pg*G(!$}IT|m&nIi{1-zpj@+DUXZgoa9N{q9F7ubU7~FS40C}~E=;-pm?tP%j
zsV?KxsY-Bi?`cRL7bGA>k1U`+ASBL=Rw5q~ms3G+G0E!?^Ax7iS&z`&ngvVl%uZ^E
zc$pX<$G{A3hcJjZvui&87ob?h{SQE4{?By`@Bbwz^X014VL*2>G+yzZd2E=v9(rpT
zCAKLkIn%Y@lX!23_)d3lIptm+?f2_0XSL4Ot(NXOh{xUzlK*k?|FI{PexZ1i|Ln;K
zt1}e7KwjLJoZM)Md;YN2^?xp%HRd_e9v1|~AU<LlDGPl;N730aY9-7F2acNH*Ao17
zAh88_9-8O}zrr7SUxKI|)rtZ0&o}L3%Pk5KuhSJHS+|Kngs^s1A;4Y(i{n-7Tn}WP
z-7uUHx=j~ojeaz386S(5Q_-?QiZ{&<=nGeP!#{NN8;Tw?COoM0Zn7<3^|s;B=-EH-
z@vwh@>)P-oQKG)14tB!M;^}6|*h$Nm1d(EJAg>-Q;WyFE0I0A!59%PS>xELz-O*1N
zvrv>6N=t6q@DJ){U+H25XqDgq0hTK26W>6|W-}d0F@1}!4)5my<dv>aq8etC@JU&e
zpms8Dq7;FOvud0u8a2~cs@?#$YR_Ejex)aC(gdp0gk6|h^X4Sg+iRLYbFT1_rr8$n
zP^)16S}zj&=gTS!*PXq-S2?;7h=ahdffBB4qmF9AvlDxe*MM&C0SB*yv1>aVZTEXZ
z=o3Qdk~Av>1$MZcQ1Z<GuIf<ye7o<30y|DT@wV=C`i14~vT~?b(}JjQk6c-;HS&`2
zR*glcbOzI)T})z+qANJyE;WqtpnrD6WZs37O;hgeT!tfm8F<_kQ0@nLJ+<u9RXAh3
za{n&btMrwnw5*eC1?kNVnmigvdkBDytOAe+Jv{Cl^0dN=6XD<6pntWC8;XI&z(_Lt
zaJ7r3354{K=IRj!!kt@*A}w{OnaTy;16{ALq-xpR3H*s*)o?~4E(8vto%AdKRapn`
zdxf7MYYqrKLcL?xQ=B-P1hn!b1Y98zZVB;T8EcM?S{Cn)V+GAZ@KNGidpNVGPs3{G
zuhKk|MI>WJUQkIdY5p%A(J1;~I<j&9kB)!>9(w>F|3gO>If0X1LCoaTGLRRVKM6yE
zif}bB-fSsVxjbLlKJkAj3iY^BXI@YKk&&J?$NrPGkry4w{BR00v@UomUFTE7Km%EV
z#N8<)3~ky^deimh!MrpWmE9Gqn#S&)|A&smVxX@o2#b9g9iS;R)+-%GeZEZ{j!g7q
z_k0hx5K;-7kklnnZ|abs#LQ>QiGVRsGK)RdA79g=R%~sB6#}1HD>TJ`vN@#84U3I4
zHQh1rcP!{HPh_=(XF)_fp{n%nnI|Yyl9_+hOS-%9uszIW5~TO`O`Jk6Ac5fYRQ2w6
zkceX8$u<vJ+AOWs+ksf!#ESpzN0Ei#&MA08;ozIon*1LyGA~673jmg}nm<Vnwxn)s
zH$Bl|gf8~1v&>g7BJ!gB1Nzx2Mfy29<mJgW`emz(uY~i&ybRzb8w(%-l<Kr*sdpK?
zQg7#=9mF#Lg?n8*o3$hY%=fG3TdP+7uM^SEUDlaKsJNn0%C*le4%nmNN>C@YB|uZE
zt1nqYTHDf=UAn$ju%pn7_$5~7y7)16x)dtmEm_~eHS-r21@H6vv;KQA#f4$_?zKtX
zXXH;Ul;`Od!B~xRZRngV>vWk*UTd()xtQ63?x7;6bEkX3^Nl?MQtuScwf6@IgBbEm
z4CLxE=N6eFMsryuzmNtKaxp1TyZUF6p8lqjo9C4n+X*%an}vzY>>3048wL1ZUF787
zJJMEYxh(OAjC71M^X<LYo?RBnrL^cf=?OFN;RY0!aKStJ`p%UQi2g7|zgP#jKurRW
zE(2-eY}L*3yo`UGp1y$}wPAlqq|Q6yJa0ZzOiNq_U2Z!x;{W^huoz&WI^^Yavm8ja
zZk?9s>u&|1lB&`!V|m_(4P^ed+bSnqxENbVe0g5Nj{hqD`C(9c4FBuzT(vX`Hpg_B
zbeRd9w(-8$G2dP1ga3}J?4sq(D0bc0k2d<-<pPUFAFM~;L#mpm8orU3gn9I(FY9p1
zV*vBbZDduO(fM)((Znnbctl-y`3lPV`W47jQ`2^(Y;`bgD1)=7^kZaPHNB+zdST&H
z-^2;T3yGsE!guG^%KXB?9BERU4?0gFtrfV^Mo6%|L(JEd^-!5<zg-&h^rnx2n5=Yv
zZ9N=hlVajZ<jpgGb)KHB`czBX`ppT=>4&`O6-;>p8tZFOr$JX0U`JI<-xA&oap=F4
z2$RS^B@)zSKr<%E!zWxCR2G&&wVLZCMdU9wPkVe8l<D0{-I3HPa&P;vHk@ZUhDTnp
zM)_!;$RrNC0E<<q!$d^z>MbSOM5#_>RTQQU)p)ZpAT<EyAxHUJ&vY%2aJl(+w?1jh
zErM<vT>EjfNd!}zNyRM7i^(3AgdRY!mN~EQ7`$=~G2sMud)5Y3Xv)0(FhHorxvVzj
zI4PE`mfJngVU1=7-cI;f>uFTHvYqfBsd?S^d=TDx<k`OUVgYg(=VvwwDWnoep%sY0
z%7+FH{e@k~@vwMw)M4*dL$dp?PsW*~oqx2h<W5a=B#HFGAn6GtbOy$R#bwX9(Z?`@
zT9(&H4K{XN?ZcxEG{9H<>wPZx#^2@r{{H`kA$lWEzcljfPm=sCLPSy5V=0)}qM#rZ
zU6vJLr!fWWa=<glrjIfZb_>2ZrU~vbm?kx?Ts^!x3>O?F7$*t>-{A`@vujIc&^I`l
zy5a`%BLi<g!kn=tu=|MIg#ficY%tl>`(L`OXtIRZB$7(ye{P(tVJ`Jy|H+WEjt0%4
zBPqDZ(~=vIA|LOOZ6VGD^n__pbJBksPLPVZ?h3fbt4vf*&LlcXIH)EhEel|mmPhnw
z4Q%>SRS(M1myv1x{mm<ioT*F6{&^O2y@TWT+U-n=#z<H*Dq>6g3{wZmhTj>8O`$g%
zFj^r{rK{)A&HKA%J&2+SV9eFs$L0bJVR*6xH6{{mSsCh>_9QUz|A()84APx#7j@mX
zjnTGkjJ7@6wr$(CZQI6Z+qP|M_505KtvT1OwRcs1q*9fiNuDS7ah*X~8zK1)%X@Kg
z@5T#%SAWWsG|ERpL98pQDX)+>{%fmHYELzo>WQtYn-*e?BKjMWCh}L&1RrKTs3JNX
zoc{4j1Jp)jJ8wf!0XgGHy#iej<21q$X92fh<ON`0Z(->pLiWX^W@ApMjKyFeILLR+
zA_1IRy}Z*wus0h5|8cN2iG{@(6bigA&jK?XeTM{7EkBm}x~kdQoyz#EKH$#b{qZy_
zQC%DC8E5;XmCm`WRp$=^Z|&V!hc(V%$<JI2Zfg`O9lIzr9Gn3q(gI_KX3+xaD1-7E
ziSf)VoK_4(08%L+H1w<0*!TLQ<Xrr`<Y(WEJcut#A19!}9!P+KlvQ`&9DpiOct95)
zG1l_T%^kLfoTdpYVaC<QKFDCVZ$3y(*H&$q%7r?q9SK_ufma8ZLKRhSPTi%uzX!J(
zFlqT82|`xd;f@#Rlu5-p{^F^pO+~VZuw=K!++9f|6gI{FM&&Rl@`9lEg7Q{`=)Z8@
z7fBqX;Edi|4IF@QHC^31xt))k)WyeWtnFi_W@}?%oA<np>qQdrs$XR-Yxq5u+J_K(
zr*b2ss#O|E5Sk5_H;;)Psp)W5m?syBlcoGs9RvV?vrfyM@bm*oHa4yrf1ds*mSnNA
zsk-50y0;ic%C41=NYOZLtC_Q&j_hAOM%6fOz;3=XW=?&_(8Xfa?8=7$Ua5bI+ERfD
zm>rT;@%hopH8{A0_C^8USyrf6^jfGX_>`~1>n=}wE}Y?OxPr6fp3OeCTtb?4eC$Er
zvMm4XGcQIm;fW7rm8vt1N+@~X%Z?6`>AN&nTsW&e0o9&K6&oE6vB!-Up#YeG;<h+;
ztW^-n)4|GKs-}A?jmPVVS?%rc9uO~HVQa*xP={QPNtA*c@Q?PUGa&R>s)yGH35<gE
z0S5r?puV*?I`SGD5V|%Wk7{Z#(52cV3x@y$-kN@2;w^_5_}(9HYDu=o#baWp2;)~W
zwiKcz*SI)4yZ8Xg;ftt-Z)yozlLr?8s6T-(;>%ue$g|_`lzY=UH1taj=-rJXrhR;j
zlf}&H#BBEn!kbw|n5ETODq*os)m{ryI64O6!OKc?J-kE90oM0vvjvkv6PI2`bq^Rb
zC8y#52~0paKwQd08`VZmT&(ibVNEnmj$n9x;><nFMEbV?$?VCZ(bl2JVfPU=L_=}2
zlK$p9;hpl`c#wKieB!Z((~~)5>ouG{u+S}7hi`6^%#=$)3H?CT;1CZ!avQQ6rBHTT
zVV!tt=a!kjnn`CFq5B+ZUj))JFJ3sqQD;-sa089xt}Q4UQMPr%Cf!)Im)w6*!Ltl$
zM+W-?VSTo{0BKsln=Mw9I#ncArz$CwLe=~>*<W;XU`bGZ79m0RX`+>Kj+jwf{2g?|
zbKPfE*=wNlh~RSbt+>H2Ae(wdt|Vtc>3kuoD1pN6u5_*}C@!H=-Jv|n9%lq=pmm#3
z)iHV2WU$QDc}eD&N#3v@5l!wq*_1Sssa(mI=wgpW{7TVAtn#k1ZVJ6Pn_5>!gwm`Z
z`Rq`((cE}u-(tA<G)ZYK6idwSh+01!So9M9XKOidZJVK1B)N(m9P0!)YQLR0>`P#W
zp6C`Uxu-iX6{dsh9W!$I<|R_ZfN{iD${jmq6iqU;Sd;87{gJk!?R^ZsG=z7Fl1B(F
zOMpqI5<M})C4pRjyrS^up71Fn#A0j}I-iG?gSzU|<wI61M58-Ccm|TcY|_vIelYh@
zt~75pWoPqj;A}zsGq73}?V?m5GaaVb{e*|1w*<r5>RoE9dP{h7i^-(?yl%|~9Sh%G
z;yx=XY#oncYuPw2IHIR5#gy#}mg*46-f0{@or#F3?4hW0IpZ-;i6bE)C=;#aoX3TC
z*f1`DUH_9i;5)$E!s)~1AVse1fi-jQbMBAK0<0)|d3B%#VeS?xe{V&|JB^GQwMeHP
z@jnx8N+Mr0Jf2Qo*#7m2x%Dy`J)Ipw16SlRqncAS_KUxg^DoQlEcDyM;CPlDd7j9q
z|7J9PiC>Z7-RJGeX++A4u?yXs`}DEcT8pKy%q5x|H;0eM+h2{rR{R=moxreYGLwBl
zn+mNR`&V|<bdp%hM12d$hx}TN_6eqDQQiY7Dbnlc(22AePNEh%xGy0QH-@GNPN0zL
zr1Ac1i9auC(2Vgxb(vX(QgJ2QA9z%6R}qBcBRvEAr<&M|0-Uk4{+rGu9A8UHWgfw4
zO`z%W!+YFZf%>q@kxz(Cb;sj4&x}Y#luR}W&^t0YnztVZFW??OGs(ON(=jyji6plf
zGMzTV9`=zJeemr^iGQhwLWJe`tueav^An{izjnvOH7=DMsOa=RsDigw`90H^ii&QO
zTe#vHWC`uJaVfR(l)7LM8>W((&(lh8i+-)4_>xIb-reruq@Pj?&no-&2&*K-t;DsO
zoqv(4GzXzZ;eJxySGj?V_en2=G3xoDq~@WR9v-&sF05_wUv=D;C$0^_F?)`3QgK$Q
zX<nA;j4_uVBc%Fg*ivbiO8I!Gh(FzJ8fv9h+1h#NsGISK)p4+k$eI{-^3E*^M{6;n
zZYx-gydW`Q6bnO8J56mRLVAY$9)C>hc{2~Y9eYZt=`ME^r+el+Dh#0|!bkv|LQmnA
zgZ#YeGHX$KekLG)h=7Fh3T<@%|K7?yaS5yPrv(d@s1D%ceii}l5zLxS`*hgmpwv+w
z%19xkxyxzkbY#$u@T>1RvWH+F4c}GZ|8^6wSHV-MQQ?m$gb4P``Qf-o#bnLbxErir
z_dl4W**d%7%CCJ<oi4O=&=D>BHk4rQH(4yJ_3xgS06FqA+c!AJIyS%q8jW_N>I?L0
zfTSJf0HnOb4nV6PpQEsVrQTm@jxeRHwfcLKl@2~~gdU$4EQNcLet{F^b+Kk)7W=yw
zLd|YCdlM;fQq-qmwduR`I$6n)mH%N)2>)zuMN9AMo=n?Q1}s?xWio$6UtQv@^S_-M
zPOj?~>M-j3Q|^W|*pv?n5N<1<k4`-fArrQprzRBwh2#D+YVHs0J(@WLU`*eipCbA>
zX<gW!KZee|WUt1+Xo?OD&>-l}Bo4iR_Byw<7enJ)4PUtgIxj019&n}?Tt<>63AKr#
z2@MC|5C<r0Xq)uQf{`k)LZWZ7TnIX%vydY1j~d3^$IfL-_ZSVz)kg=uO(CJAO^EYR
zFAsGEl)0c;iZ;r;9bt;R<B`~X+m_4F%1<52`zJH>HUGQQ^Qj~8ywEq?^>?|6&)Yyl
zz)#skJJN;qBHww*bobIhiua6?>u&;J0S?c#8}d4O<HBvxtgz*FYZp|vL-NSiV_kQH
z?6RUqYM*Gjn_vp)U3X+phl0FIQa*X|ViM&VX&`i)VU6qeUfTBlJqyMqb+v53U+<Om
zVq$a@cfJR(hXq*ESjk9Y$?|F-%fK^wAF@m>ez-KL>Z!6NHU%q1v@?QUJvk8i96tv1
z?#YA92(e6iJN3&uMIGM`nB?=Lv9mQ`P%g^Lr^=}EM`@pQz^=LQe85``Gw}v1>t4-U
z5+y43{7=0|utlo;Jz3Y{7AOkMi!T1mT#VZ0!VWC5b~a{ryGS>L-*pc(8jr`p38T-8
zaZwUQOVBx{x5$!J>YEw-Pqjo(EDX;xy-smsU#;k6mBCSKbcqwqqe>m;2iELM&y@)t
zlM9OG*6I@;sQMo}Ik1~5xuXh$Bu1b;Qd5v`>HQbF=oRh7yip>{Ik_1%sQl*rb`f5c
zTu?p^2cKa2G<B$-MHUe4GSTH_1#gb4qpZ%#1@s-UY~J=bo7nFB4%Z{FlV^qf2r!{w
z)sJ&Jz@`mSLqFs8mbgmf&V9yRW1!1JFI%9kzsE_zs`J<qT_}N-4lKcNQ%=VyNtFOP
zsmh8fcWPoAT|B+dkRLh$xB7beWM}pp{of76>eo(TbSg9565}(O9PdLa`9|>dnVodn
zm4EXl19p<o8kSCA{beU#mb#=%fH!&H7C+vwyHsh)1H+=aM${sPrqXH4S3-UtcNGWC
zVXzt^_!9WOJpDbCYZ3Hf9^D8HDCP})GqbcgY^{2T$~R_o<~!8A7Oc&1v(Fx3_wRUp
zAKdls;%^Pw=W#f<$oA9d&ttf5dUh%UQKMJ=O3d;XPq=q@?z3g7RI-^zQ<1<(T(qfq
z4Y1K=z#oF>a}hhN)Cqx3(Lo{`V8WJiihL|LPo;NKmBpkcHVLBs-Iro?s7;lyT}zGq
zikr-aLg>dsaa((=n5LdjUOcC}$_^H^#^K&=tjXTuzF1PGb<h=8-CE!RI0fYa#@2f8
ze(~PtXZ<MnjE5}JERRq_h~;v%5^B0gkU1u#!Hk@Y-DPt<_&?|9tphvwt_4eCKDYb6
zucFW!VKDuFJz>1UV5~i#e0mU^(B=D$ZX)BQD`4Bi$SX!S^}i-F3onTco~dlFBu63~
zB~^;>vid@ukofZZj-F{dQn_9SeE#Hej#sZhdzLA#62omo<J@e;@8ggYqBQRcN3V|v
z{oTdnJCFs1C6vy#dO9iwZgjkAUeH<Qt3y(Q{E{-(qhMes&x^ViDQOdJTPyzxfaoDD
zNRmlXn_X2La|O7guuH=Vi53LRj}=`kEy~d=7`Iz4>tD|yL`f_rV%O%Uj644<2}AVP
zK414h6)Vr6!V9eXOTpIxovlSY#<BvWd09KuRC(Wv*I^x+YTqPYijL1ZVX<<S<~^R;
zbmU)CFhAPqQ?GziKWaAWYNoD*fJ?HJ_<tXSGsq1b>1yJ~I1xICdL-BV<qm`RSt(yf
z@`;xys7x~973{5>nFvo}59!}}2v7kpbB_r+b>$mL>{3XK7?&=iYLe_=9XdY~!J=Zy
zzuvC5EiI28d{Praei%H-%sVD;`lGZkOFs6=NLe0H688_YqNRk1b(tTSw|3GKaZ%4J
zs_d1*ioYds@z`XevlalOA{Q*IjF*gDmXr#<kDnbeI`lNxPL9HE*+gJcUoHv3K;L+>
zU{_G8p#8~pQ7@o91qYa~9OX%p|8Hy+S^<72SX|aHrF(+$;KdkR<e>~Xkw)kf!2hQh
zb`(__Mt0>l?mPDA7aHrwW5aF3?e6?1=I8R)wKZA=A}Uc@F;S)uu?f+&ng*lmegeA&
zM!(d|N{;^as{gq#d2_!tjZrJXZw8WGc6Bgp$A%w`)&Oam@H%{Dqn5g#W@fIS467A^
zE6gmgLV{jaLAg&BNe56&?Mdx~>nZjH<4$^EUy<sbh2qGJuEx`}P^(|0;uJvCMZGj9
z6ZM2p2aCPc_nTqtZV3!Jmup?xaya@>{|gZ*IQ?}leoF?5#YFU=cGo5FoG{z?K3&z=
zK|W}Ot2ICPWYI8P*9CZ%uNIr|QV+{i;@t0i?W*nqzM)K$JXY!E^dHIvhO)<T*uW_>
zbNGBtsdr`01Wh&LeI2nFf;Nud_pz;=Bqid42yx+0drG5&CTSyHZ6c_22z05hMIg0<
z74Hij*KTmcVZ1JdAg2+i5eg+xqHY`nX?!8bwcCeP;uRHKTTnU<f5g~-?Q#2f>Z}Ej
zqOKZ|d2<+Fl!=vGH8z2xv`MliXY>GuEG=xX+aFnoMbH(KoAROs0yDoB*6#kGykfk@
z5Xry+NkSxm8dmQd_*9Z$QU7Okm@DaMji>o#NUI63<(w6oZ!@P(d2Z6Cpv7;=yWR;x
zBhMn4NMvi&FO4N3lcZ_ef;V)n1}<8Z$21p~ML3G4vWR<;HU%=W3_(yPixW85umhNr
zuE@DKQOu81Bn8D02^XgKg_@15Jmu!0n_R;ya<T@_2F#(-%Svr@y5$l8UhwqeCXAa|
z@Fv~a5q*5Blr<$>K#&tsz^2AF$3+pFZl)oA=5Jt`XBZqs>iVx#0U!eHtw@}|sl5fh
zUB<cn$qnt@{In&(ST;%BNOvLtzfn|6i(t~=k=5h#$PYW<?Jln34EEnxb0nw5UZylg
zSjx|Z7Y#1#MNtYU$ltrivycJvrr?=outBuEd~I^wNH&Mk2=EO`V8{OzR-4srq%^zx
zM$hOy{vBAX>L8T6NuJl^3YOCU0agMx(Tb^U3U++H!i=C~FeLZ>l$0<AWmyJMShR;9
z-YBy_Q^LyEkLte|d4Cygh(L+O%U6w$(b|j9#(G1N>W=PQE~CBTtLv{O-}#3y6~MZi
zjDcuPO3N1;&i`GpqEi|h<klb<1@;sxe8wY7*>VheC4NF7$oP7Lom@M=aZ0G#^)@BK
zvX7WM4*mgFDh=(5pzA~cQ@F3>zK|Q3)y{5(!h{rU3Y`IcmnLl8zqr^)K>~+RVM|rx
z{t;I0D)M`0?%rPHPEcEt_MXyi#%(~#-8VeKlJk0Qo5IFbYH@MH=?sj)kz|^|NHCuu
zgW{ZrX`A56Cc*kNn6kc;cST8crXAoN0sR?-(jwL>%wLAbR!V#7f5)GC6EF|e@>bqi
zjWs7N<Rr?Um6pZ@a>P{BVg=+FTZJ7+N-#A9c(mefCUk^sDGU}hb4E`CUDdm9()GH#
zjvs*oyM330p;M}t*urx@n`Ziv=uOk+K|`p}ssl7f+w#XrSh)Mz``h$QJ+K2A&^K(;
zZ*$U{7u3njpNYlOVoAe+VO7Mn;_ljV^M-4XbG6dlSJzu$PmWS0>6W}h{AM=8`$L)l
zx602Xn5M_^{3p1z7O5++t<+#ApV`*xF{H6!S(82_)2o5%0%)4~HKWH1{Y&QIKnf)K
zFXC<%^@HOui`!02UOPd~9m_hV!>Kh8l^_~<0$hfG7A?0{%ad-b0iY>Ft}4?<tR-QT
z9E?AlRV|QTR;V#lrg-*$p{p{$WueP9ho$E<0yk}jc~oy4{7DX)eKK~E`L&F<eV1-A
z`sZDpB=50>2Xa2CLM%6qM>t65hgUhl(rUNadjL39ZE#`8|1^&HXMt|ZA_rr@UVZ=2
z9$h8FbptM2I9(WOfNbAOZfnNryTL}p8*uNOVEY|T3BL--5RyHplof!tMSFvPV+Zw}
zFXg~av>+@%6S#02&BA!OSemWTWl0<c9ug<7tMW@=OCBKbpQNBt847kG<B>W2x23|j
zN71ZNHqiZ59YJB?8e@X0jM0!X8jd;4sIP{DEBY^_dV!d@Y{%B5sp6uY#Ce6phbSE!
zqTU}+B$%;^V25jHSd2eS(e%A^*<3)YsFYs%s1{kQ3MrP?)_O;xyBR4jk5W{YBVnpI
z+EF19g_4BsEH4Djw3?PA&`op=+s1pjsno*g`SVfWT=ik4$P0nIfH$aS0nbGe^YiwJ
zh^l{>)*IpVUtz^!t;iHeV74jsy`a#l5)=wysOz)t6mj!>dwFse^LCB!cW=YbpLX@?
z_r@;-C6x>pt1J;GBCtSSYYlbH;W0#dBoivRoNBKg+UH14*h;UWO640}A<$aWq1@P~
zpxP<B{?j|ng17-@faO|Q#C8?-xc8~$NKV2K@R&7KN$^OQ{cvoEHGoIq$MHUTIAkq0
zx+h^K-$T|HDU=I`nnrzv4hX8&+<USvDpnT+-L*bV^pf)2<eq1+6uLYE|B4+5)EtIo
zVAx1lDShDKN21HhwHYIABhY(F)xNx~-c<7znniWeUr)d<qaHbL<)To#FF(QyD`YsN
z8op#g4hFi{SoCWx@xNi#m9vgp9Lg{#WPT8Q3Zr0yWHHV9K_1Nl&ze9}sL^>CD7=!x
zb;8w*z|j%J5i7X;54*bB|6y0z4^}VH%fF6su!jG`t{4vjZjNiLwinAgRS()1IGB@1
zMu!A54zrkHh)~My0LHD!KPvp$T0fML`+m|@N)^2XG+WO$r6I%RKIYj8>VjLu$-OfZ
z7`0o>%(>-*D<ej<pvae~ZSG5q#$!^^)4_>F+;)Ps_b5PD9@)Q4dL#Sd08W{tvr3tB
z28QadzwXK(>glSuudUTmQ@B#9)~WEV1?|*{^49qF5ow;oWy_#RE9GdxFA^vMvf<e#
zifH^HXT|buTE)=<jnz1m$p6^?SCmKxZE6!`Quqx$8Q9UMcFY|;sKUF!R26v_O#$0J
zs^?lyy18E6?!WYvk`%L}UEr7<BGU+lGKIafM(YC(Y2V&40UTS4uxSP=A39uXA1D%!
za?)1flrgAcO(M*bt1U!UFJQeWaFt&Z?k<aqz;PFz+5j2Y@?ydraRpI}lVy7a7aKkj
znZ=%Sxxp^#TGfDsxN{ppYaZ%PiiloyLu)7CbN#xZO0WV$`X7BoqGR`uzJgAD_jDZA
zjD70zyPBUe71NXJ5$D2#5iPzSjjrc1TvrkjWXkwgUjay}yRR?&qpyaq^fWULRj5P9
znwoRnrc85aQ=V;_?`GOwq0cuolhc>6D^eEI8I?nnBm*dvi;X0N87XRNZM7~$BXzh*
zO}23tsg~Z~ke_hxD9lCTWnsNCG#Cfp;sID18oq>qX(g8zjfZBBFK1UTuYlAwf`aQx
z=jAFIWg8?Ub<0L78X%RYO&zB{;dcrC45*NlMVB1xO^%-2+?+C{N}&I_U}z7SwBU;y
zEUsWCN+CO*8AGq6%%f2xnxOq+Csx-(*i<jr-%jBPsQOSfP5zQCI#ygiFald{q&M2q
z2SD6LCxzeSpDtS3h_9P*jP?r>4U9VWMS}GJxCx$1Hr7jvDvj9g?r5xboTeOTDr?3n
zqVhyKiDDEGa}A!d{*%5MM$f4*TA$)H4m}J}?bWHyv*7<<F`?AWGSzwsM$_q4iSfUJ
zztrLIPf~Txo-#MFqLR_rk8<1d0O_k(>Qn8C1aZsH({{x!-UV}ua*j3v3UBkfbc_-i
z|DOLJ{%X$g|KDG&N(9C_{z1(d%U3I_h<{5PMr<Nanq|h}ulHwV9?#cKwz6~mnvdDN
zBgtxjPL`aEQp9<$PS=#f36qd&63Vr(00mU}AN~q!p}q;y>yVc=oyRVFzRlZ8Zp@B~
zXC7cok`qrNQj(JnJ6&|L0X8co`uDqT<xfj!?fL9cSZ(~OLscpE$6sAR{KsES#~c(k
z%B7z3sxVtYt>8&z;CAHv7%aVpe+<_CvUz}zBn^2;z4&MD0gfZ5=LKc`55v0j*Rdh^
z<@o<VtUWEkPc>jr`k)HfFadmCa3$SN(l^>h3z++l^356Kx8eq>53F#q;qDw}R6|BL
zQ9=tOyP$G{5JoC0aeiR$qgdg2wY_%QH(H})aNQ-wAnny??I=w7$7x>=mjB%cV)py5
zKF};P5Amfs6H!ghIOg82IkfQqr~}PO|5FFjm934~!dd#Fi4ITx3irx;@33+3;eOGA
zZ{yj%RbA1?ndaED5yT8>ZU$~;yjzTQ((cl&4$REYJnVS}v|8aokMQ7#*f25qmt@h2
z|A%Bn6aP!Hs((lp02K9*l8f_GP1)M?3kp=+rDY1yV}oTJmwF4Bz`S8KAW@3eg8R1F
z_4*AZin8rK&>Ig;s;{@YOd6;|`L6hHCIOo+!`#H~;2odbLYd$y)8AoTY4qQ-3h#WJ
zhmmCo+I=n-jhr#TaM1k$$OhZo_+T-ffd0Uo>(^q{;zl<(5XB+EH1XS+hFuuyF(Jm0
z=>m1vrK^A6u9bOO#tW6I&=CRmG+f`1fP=OSJx~3NY_hd2EbVlRzfd`<>Kv}i;r9=y
zZyHjaI-HMng21(OLENZUq+foPdR~t#?7i5%-yA((LU_JoO!f!Rck!l&eV}}LFz{k)
zLbJ@W$y23`&A72A83`K_DW*ADIHpq%2L!NENI==_qVoHMC-I|)n!Lf4@mecL<WpIE
zy>=vKevBv%un=xaE-$8sSS}1K;zck;ydXc|^pTc5JQ2fBa5rw4Z#M72eNUO8TLypW
z>mX4II=krLcF}zZ5sgd8mzTuz8~Nvj7K6V!*LzNOtZeAg*CO7d7&hmzKCi?JM9Xx^
z8H)@{qHSN+KFBHQFlw?#GrVf7NLzeM1&`!*WSneMl%huvJf9y)Z*wZZsEKviZ7k@$
z1<NNn+i5RA!#{Z<abUAhCrk@fu>cDu)IIe4!jAVQAiW_Los&&y;z-k`ctR7%7|gVB
zsVNmehhvhH{x;kOz%Dn<Sk$TR-I>QfmVfee_zz|QaK08-L54w!lui9_B}WL0sXQEn
z77wVfs)lhL-{7K}ON0`~9TlWN*AZ@-f(QSn4-3M9M!Y&8Uqg1y=ed450}41FJ*|Mw
zuZ?C&9ji%G=NFPo0;s;dCpVHi!WsW7U=gS`P=0+j<OJU+?ONVFX=q<m$AgNNw@?}L
zrz)ZP|7ygV{x3!hOXc;R-N5tqsJl-d`P<V(F0q>X6#@DY0eVrYIYhNIcv_Hp;onVh
zc>umn?)$V(4hOzaQ%5@0%z{FD5#*ymeoKN!ld}3Q{*RF+k2B|FYJ<Q{Bx2XxQ?M_u
zB#cr2(6S4Y8CO<DRf*?g@h|yv&MPi=6+RHM1_~_7syEr=f0fvZ+P_LH-R6HNF>E-+
z|3isg@r60X4MjtF(<PdII5)ZrV~x_w9RNxjb{{%MooQ7zl&JXtxLjJy(Y3tbBMD<y
zwTB|k0SKZWb;<jWxd!NZhL8wp^bH^txc;JVI&nOz;LZ{6dkT&HvB#c`G=>K(e{79l
z1x^C+P~lv<+;gZ+g5hj0&@uvq$0K1$QAnk##j00I?-EO*(W?}SqvEL~vt!cp>|O)W
zyaY7gwk!P7;PZ#C+**OlD}HUl=JM!ysY_+whhWSNIh*Po^pvSyUhHn)_<WSa`d{iQ
zpXN;Sc7GdBL+1QshCC?3NQ-mT9ylxWmhxg?!$16dquCPl9NTUNGR@YJLX2s319cj@
z=03i%$t27<m=0b_1UO8fU8MP0#2M8JiO7wSn}7@cUumK4L0tkys<0}<-6zUC*Tg4J
z0s2t+HIKE<%GYm`YnzVs)~YVMm(Ht_Uj1dS(Vq**kn1#T-H=AO8F{fe-)O9@+Mz^^
zg&jD)G`JU~S4@A-^ZC1f3jmDiS3DC+(n`rf1S=^xel0ls`)-TR`;Kq;U>`s69Q}!w
zcvA#eO6$1kCDCHG`a6b{hrvqyA33K@J6z%=B_+rVlcZvWb@7g6rSi#hS*DmW&_xhd
zZ5i}b6s)1!cS>sO?cv9}x&|C=hlnH+ah1qRSg10kwEnA|iQ^NV!Gs)B+G00Pg}3`H
zieOY_evImV<~o654;oD(r|Y~+k16ujt3kgo_oVQfvRHr)`xL2{_=wXh>)7}0Qry+c
zYsHSO8aMtqOv#$rPFt!5@4*}KPTtGNiU2?%VoB;Ztg7TQO6g4{tQ1==fHK?*8FpO)
zr(0-d3CK6&s3s!`M>uAwpG*-M<Mbg7zCLQj*)k6qIQV@XC%Y@I{+KGsN@7q~!B%uU
z`gTmZR(wE!nVx0A%}z^-%47*|a|B?^upr(mHm9HPO5YWjG_QM~=^39z2{yVS7oTHU
z+MB2dEQt|;F#Yg4`q|pLt{DW2M^Z$-(1afyAYt*z-YYm<WP})#T9a(MCU_(H3TGo<
zf<8QM4U@&o08oejgM(<V&T_>oNT=n?srrIWOH|e#yc2E*o~o9MQ`gJ-M6~1m467x{
z@-Y?3GFFmRL4%c?nG(#Id<ivCH`)$y<dT@eNdCm9S*O{G77OsCLK6jN8%j>2v_6{m
zS-YJRVyqk?7OkyxC7w+V1G1Fg$)%9jB$_vk=K8neA*b#Mcqks3gZj%E9-QjUZQDv#
z?dA&(<|&&3mK6#Oy@Ye_u8X5y6}k!Xl{4YyXaBM#GObfe^p<rB*4Rxq8ya%i#8SRa
z@?BglzhKYJ=iiX{?KcZ}8Pc&PG8us(#fId3xm%+79Jjh#zu#6DrSofXE&5s~-DOp4
zCD`@;xDS!&b+vGDy2iPM%+r_Ol|e&}SY~wug)J!3=A2t&+{2-`D-Un&;u1{_>)_#c
z7F}CN+Wp-jKVLafc!=sc@KY<<8!9vO`WS53e-C$?H<sq}r|Q1Is8lPGYqw{?K@q7u
zTu==zvZKuSoT3@5`yIH;Xm;uL7%iO{91_}!8go+yz@<CssRFgpa!G&a@N5c-1CbNx
zU(Ir`)eKkyaO*uF>=xpp0>4&ZJa67<Vl(9q+q7;g4x8Ix)+#B8o5{MSydNbIw@46Y
z8b6ViuIz-WdI>5F&vl;H{}6(zrr27XS*FZwMTwf=&VFdD937&G`wHq1C|p(~ksCNQ
zi+3xE%th{D@u}rY00Wh{j-Z(!RUB(O#HbJ7edbc#)*AQfL~g=5S|(m5(XTFM|1J^}
z`*;H}x5(Ts8$Gvi8B@R?qI+!|nJv$K2|5)3ri76#J2J;rg|S%s?x}bAj9?QNa*#|3
zxWc5X;_^jSUT17drW_#MJm&?x+9?jQeK?~^8dH;cxSn?GqhbHbb9^lN_Z3s7_~$DJ
zobNY1Wi9<cs&bTbSNMXwFVuJ)`n<Y}u2l77>zKCgc~pCEP}#0JnQ}XN#yUr@p_-mP
zN{b*4bfe$tCfyKCeQ<q7DRctDCLDgmMw7XUZ?Hr_NOjIA>ZK7R=~XCo%0NM$@bce|
zue1f}3~h1#C9)HFSUNquf-fN^h(T|!qe6D1^`3}l$J<kydZd-Ik=CS@x-bkpe54(<
zcqrP#k=W^zZ9B^N&YQrCCrz;}H}2sIsP+wI8^F=>wu=N@-Ec#`tkUR>HA{hEdQENv
z_f8luseVbLFr#SxQ(E=3EJ8^@tf0vfPBL#56>I}H9m>8cDmKbDfR;#6bU<nH14!?Z
z9Y}|YqxC0bqc(Zs^GjeZbWcYWnBZyxQlZJl#xY!CQn@>KD588GyG*U+;L2rti`&;B
zj(!x6NEq3;oolRtfEkp_OyuEXT9#M~iUkr@BdKW`Lm-9bt*MA-B9MHUEJEJ3bUF~=
zc$eOL4@fZ#pY%-5ML!`Y%b$>w_4LUOB#8Wy%SwVtgVtr*RDvMTj`qDrOlIF=lrEW@
zB>D{yJsGq5ceD#;AHNAoINke+QszLbnc6R)L52(3Ws-RCT#B1I|AF>4IDQ3qobxp@
zCvPF~tk@qA=(d%B`6*qX)?jNFTX2sn3~BFIGEAbXmu2CjN0+n+a&+Oq-_7NuX8_JQ
z_F|~NP2Abe3T?SErF2C^B*5jlKq=wyzQUYhkgn1IxnlIuHDEhN4|uT~&HW2o^gM_@
zeF_2{vu9UL{9X)KhM?x1b7O3>D!Mh6L|oG9AoF`d?vtyB8%pT@$(6Q{5fMj$*zyc>
zi{&g5q8xn4i6ZzQ!xlt2lU&3u5^a8NgxCO#{MNYF5l@#9Zc7)o719aySdvVh8=q>)
z6^aBLVB&Wk_b}!vEX2)3DGct_#bb%7%5UYYmF^I9!!YFEa;!p9pEOO&0HPP^SHvz(
z7bABbkvuo&Aq-qgOse=aMoX2fR?{jT`GZis=+oIeTED{{L1$A+*0q0iy)LX}3}%B|
z$NK9=ts9GzqemIja$r+}u+yk9L>@_qzV-t3r0TXf6~Rvv#h^XEt^pL<dx{gFM{i={
z9aZC*yxF?RO}XS_7)q8Xm~z4CL4bCHQ-9Cw1tDR+W*p={o$|2BmcNJ<FLxn%OmAfw
zWaR1v&|j+A{~_YCBTetZ(9lH0Z2|k?diKy&ow~bwP#l4SmOAN#;Uq;@{c0^~;%L2A
zDdE!gyjf`}J9QU=RO?IKdyNG`$G`I6gY+SJ4?gmzP@{=PI&mh%)G3Wr04q6dA$H$3
zKy<!&$_arshmF#XQy7oUZ0z^SjhM_s@B{!A-tlV>R$$LsTRsL^cKkB{EyMhphQUC*
z-g6n<W?V=8WsxlcCuZk>ZQ?Uy`^>CqLi-3XGi7ND+k~o&`3eaGpq&R6a``pnJSMh}
zlB)O%N6=5mtjnk-zl@pyiAG0nMv+6}H%%F>!y`4MaZBoU^IT7`af8aP^%GWGl9=xA
z48}2hHZjl%4=<n;>ocd4Q^APn%%)(fYtA$vLNp@U`qzbJLzoLPp+&6Ooj4uH@dC)h
zdd~`5wV2{U#&r(6e-q(Uk5&D48%XpQ1aDL&P2Hn-8I0dZ$AER3*HW)$Ll2UW3I47b
zlO(IbH^DtypMG&1LZLtr#nof4g8HdY{XqzH)_@J*bKBX6;g=+XV_)=F(Li<{o<pK;
zmwqM30c6U!6&n{LE_w68=zdf>yd1{cu-j$c8S+w`o_Z>^xPnO!-q$WaL-vsIDxIQu
ze!D5DoXxOMo2QyO@T3KeY+%KGK7(syQ!hBv(O#>Yyv^?;XG&Q6%jeo@bN1NpoWH2f
zqx%O;2e}o7co;T?!F%P2vK+z4Nv;1iVpM_Ul@kg*_YsNv_k+H5CxcD5EwYh<AAp_3
z_sjg`D8kU|c%L7tR=(j>FsfcW%j@w%^kGHc&d!bs2Gqek{^Tl+@GoMiaqm3!#wkG)
z`XEU5>^nC-v{LofG*4Rr(%)YXebXmCGTYt!VloC{W@!zc@@+k|wF*i_>DFS4r?NY?
zhs)?vpnt(EHZjtt<Z_w9ubq2Ik&}NW^K|_)CTuG}_hg71_&{@Owx60L$w|LH&?qiX
zEC)0Ixo)|jb?Q)hi4MpbxKUj##k_r)*)9NO=b=x{bl^rwcFZeecVfF@>2@(TdD<PY
zb<MR<*k3K0ZQp2V!ZY`&N=8B(&l%Rw@0iC~4LDLnybm>4y)-afS(2`YrO%Ur7C<%q
zYV+mq|7>88Zfx1t3}xwP8LzXQENJ}Xr=C+}Qdub%%M`;;1;Sy%CJEa#8wRg~rw6kd
zZtEuLx3=4<VP_Pox$@I7q~9Gu+wQ{ZPF6=WB?P;BGif|AD76)ZhPGh2v=tvlOm$)R
z)@^;c+@?TtQXJ;`H7PJ0=z&t`QG$nA7)`e3`4L;^-fibWy`4fy09;XJvcg?)1Ua?+
zQ#16P@*`nlOK(KAWJo`*O7Olx2per~O9(ocq*mPEgAbAv12<>g^x#cm)dirVIhSv9
z0FGHTXWZbH4t`hda`?7Wd@sywd`|Rc#B32)xiH^osl>MYRpNxv0qv%HheZ0Dz>o1T
z2j8nSUCfOW3mAzssfB^IL18?EW(X%$7Ck|h)s`TxVy5SPT1Yx9y!ZL{R@MRMdn*=(
z5)e!y(~gg+6>ufbcOlr&*G6}zwM>9S5gjW$z<vudiD6)2V@=If`+d>oTEXX2S4}D%
zohd!k-a3jT{TSM2d`H3d^X)z}!gd5O%%~~4lINHaeZ~_@UmfksyJ%RXc7$DUTmv4i
zhhEfsT#yb$iuvL6HxRX0S>=gWd=wQb)K1EFXzNuvdJ0oHSB^@-3_wf4v;yr7Q%=?C
z6rK$Y*FC}{@sj1i@&kru6k>Lxvu7M}T3si`i%eIaW-H8Ji{gNO;~E<Z{g%mP9fJKE
zp1ER=5zlkSJ|9+|ejJ2oN$rDJ*#kS>D$C-hlBbiwZ>5vL#B7Epzo#mB()Wdy(%CK!
zw?!%j{y0z--*Wj3vLq!XTrI(E>HwScMY&{)WV|BBRLU6@-(LAT?CLhiZYR)cTo++}
z{gQYGdoRbX2!UY)=_|meXKC~Ew&)BS3f@cWNOzE|#a^);Gl1pbSRBsE4eXUeFW|b(
zT~JB=Rmi`&!o0mqJ)?6MSHvgi=Gy6p10fmWzt_t(R@}^Rd-P7y9-w|FOc9vY59DKD
zE|+!cZ9)ro-oU1}slqOGj_m80AF&YIdUs(8x7u9SZ>+8^TZt~jU3=w1J0-fH2tSd>
zsUpFyv<QBH<*|AEFwh$$Zc`k3bz9B#O}Gvc#7yn%<#jHq<BvJYmuOL(%m+z0FHav+
zUDZdz%zb3zs;tdq8-dRquJYwKGWC)ZW>8D)3;|xdJn~@<**-y4+g)hyn=oj`zIB;&
zn|0)NKc$}^?*|tP3{9<{@;uO_r0VrkZ!Gei=3*kM@=%tgI~w5kGDJ*8*F8J^+V!|V
zM^!R;r-87elIc?;k>+xtAKU~qdN(RmXEizBsNT2dekOzgByh~77<bd?ae7w2GS2y?
zPZFkkZuE?6vy3lj{fI4+<7Qn-Mt_d=>Nr2=*XTNi<^TMrIoP0$6D=5DK92EP2!y`d
zJM5U5Jw4HP-Miez?52%zE^<@PSAh&CAw(l;<>{tN#faMCCac#KIM3Yh^8O$Z54X3}
zF$b!puSf~HPAa}(K_`wYsw3kXO(m4={`#%_$b)2*o!}EP+)&0!%+C>PICRB|IP|gQ
zl+5YBsM5Ds#<llh2l3ZMIqJ!cgTZ^q>KSTUeL2m=4QfZCCHQ0Y6y7<4bFk}}d%NbO
znDTC^dB4hvPI4uL&8`4jM%?qSkZq)fNKINPGqQz`P*MVO%NwEbEPm)V>)yRT1x--Q
zm?g;+ZJ~@-g}*hBsf)9sEGwFtmhod4-JzT-d@Phg-1GHTt{^J6Zz>Jc_CM^?H{MFC
zy=OehYB*db#+v$AGBmE-F2j+~92WspffPi|&8xbn(YYnAgSNB1(76r>Hm4!#!c`KH
zqvQOTF{1UhKW~R~15$!udE2sLRJ#k4hN_|I&&F1YvPKQk3Lv`!FTucJa`lkZulgE2
zcr58)l~iyJ+5oZ*KR-s&8@3N^>!*)ZldbRSwAYIUh`!1ErsxmtJZsWmNqqKe1q2I7
z!z}d6YR%dAh4>iKCc~KJt^KBF*GnF4kAHVv=wtu0`=6uQk1fL%!#*CJPq;N*!xrD*
z`%Qi2YyW*#^w*Q?<;}DFPE($#Wy%|^oN^mn=B+{yFN6@r$C&1y-3kvL^vZ+CO?TTf
z1#$G`HV#Lsqk8@m9HA}gor-SsVoAjHh>CHsxhI`dk($pV=r~BuspT?(sC=j!N69!W
z3@!RBtr~2hcHA)EWu;@HzJa5HxYc{4p~G&$*uCMdXQ(o1_RrnW(|Sa@6b+grEs0Nb
z5hNuj0kYt-+=?=V#tx5V38Mm`CCLIg%ZN5wmNoW8h77Sm@9nna^sY{-)IA4Mn8|I1
z0yLk5PD$E{ozL**Zqs5O*I~tb=CSBLE_iDOiHFETjy~F3CYb8eUbOO%5t<nKZVm@r
z5{P0%v`==F)RgdY(6*$rbV?n6nQ^yC$SRz81b6UqmiVL-=>rE3y5IG{f5~~4+YR69
zI#P=k2UF7%$_nN1mQjVD3|JW_kl|agwz1O^`xy-F8%m3V0vpssPE?bFxw*VQqiVRo
z9N&D<bA6}1nAbs3;pG{CS`<(>vy=AqD39f%Me|=3@!Ddmm0DuL8K+~iKVBnBd?s3D
zB*`Cc;U6EyfB)wB+IzX5)-$A2%~O@g3&n}7Cq0AgA&SKVVALC17b*P%&X(yyNy(bR
zc5+c<sF1F(I&BXo?;gr9fSkK?sNQ~zi1cG$xP#mSAuPsJ^T#%-VrNfBZ%0#__sb^A
zQj0xXQ;#p509msxm3OqBUOlvaPup1tTD0I_l}W7NsmfzTi=+pB4sN0bWz;J=lVN`^
z@owH|3Bu#rUK4RR$3AzpvCi|_6njQTA`QQHjw4PTWOnUrMqqh`OtTG{dW2m*ZA!*N
zLm35e!9Q%UnAUu;m7H-#M#<s4ZL?2Ft4?bcFQ+J;Ym~L4Q+gt^go90xAyfs*I&d5k
z&Vl1-dNm2GIQ3=_+K=D1zIA{@T9^7R)fp!(wQL%J-Hn+iBlWH{NEml$`m(oc3nS49
zCa|y|)om9cg}vOCC=$;~dg+iOemw;tX=J}LLzAF|PnW6pUT%2Zi$<m2P<%ku+-Kn`
z=q5Vi?m<YW7R`U~8HhgPMrCK|lfFz-drYEjqUOz>bhwWzhomks<(Pjljb8v=RAM`Y
z#<>K^I)>7oGA3*uYa7>Rvzz>uW85whXlirZO|NpFo(p1=iYhuX9-P%i9)kZ`l^gHL
zj7cl+tE!w$AE)5|rF4R$-|e)r7((3k%16qPwPw(yw^9@OX+0&Vo#W9dqDmWUJ9re-
zC6Y2I?=ruXQ@y9ppotE9o7VZ5b>5o09*KrK7CzWJm?##6?-(h+kUKjLq~_z|z#y-P
ztps%Qfs^6r+IKw3s;$)jsCFuafi0B&0aZ>%hRlZ?g&r6_1i&q24(falXeuc~H!V1^
zxVdNjVbRZv<4pBJ{5Ip1DSH!=1pWC(!8Z8Kct;oz4pfBcnE*MM3T<ZNr!ax9J(%I2
zhM$@z_Qm@4wRfU%%1x^30+5MoITgr3+%9FZ)M$V3P4qr#D+8KCZxsyaSMB3@_lHPs
zT;7=gbbt=<xFvk%yk%oTS1f2^BiBZ+Hdvdfmz;xHXsTw_fwA`3{9(Rl<<HeJpj)7K
zli%ktfDb*utv-VG<AAD%`0Xjm5?-#bO)7oNWiU{x_Cu{L`4FXaD@QC|&IdDo%-KDm
zrr||2H)QFcfN_kLqZD0W-p;6mi2{>f9z(C0TEcSrehc;Vk4rQ>NEV<q<iS^yGs05j
z5F_<HWW!jPIt)Eax821raO%u<ZW|V9C*;u96E<1JDpe10+U8m;X*=aj6H0Fy67b5e
zi>h_bcd8{qp^`2VQ`38h>q56-@8D_wxtT<m>7#4<SMcHaN!vY$zVvuZLq{g?CJ0&_
zv8CpH;&?gMK)ywkl65VP3{+!ZUb2RdsV~ZOb4=ct7V6*bK(B`*B5BP9i8c`{^0}Ev
z1xTPj$7_so*<3sy(|KncYTtQW?nSBJY9R%&9yN+(rdu9lme9}~!Ch|gM{r_bQZkk^
zKEH#5b29tfH0}A6YB}R9P)pHh=m2)xtcjDISM_nIL=EJnNgyVQ)6-?qGL!_>2%P!*
z$)Az4#NvhTz*MBva}5)k6izrP@o#Sx5#Ys?Gq525R%)*=M$!PF7+r7sBuUYntPq4#
zW#Mu=o()wz#<Ihv3beGQY<a)S)S($M(zp#p=P%cpu~j~195_zgZ9hkK7lFP&%0+>G
z`zB?N2bv8Oi?bB@e_x!Ol<NJlrHvKkObSZi8CNsM6$L8B4GYl`FOpxTw9g^Z0t9Y4
z7u>vQ45G8$U*|8|+8?z1p{J2ux*QDy-RdblJ&CjHrl|eCOBjPM4nbKFAbb8JL$z*t
z2)L<C#~?kunIPeqi&Fr>6Bw7ZXt&3<qU9DTEOBkSFryTs0*g(M97A}GTsDZfKuR9{
zplsAS_<7lm8CfBo^7QnS5G39>og-J78ZRAVF_gbxc?)5LL@cx?$57#FMC7;jyMAdh
zueq{?#|@R=Lr^pj1^4G^&rP-zKnME<PB<&wqX<!~s7UtjrvJhNx+Bo#7o<#BcbzHV
z61#jU<x2;Tzvp1%ReIQauSl^@Vj&F>1|r~>9pxy7EFvBD7LR8i3x&VrDh~MT6YIud
zLYJC%TDcu;YUU<;yR8tdX{~^metZDt%@2+wB(;p`?1S75{LQEdf4(i^BVPT)N;)o6
zz>CW~ctpKVUyVqZs*xEksfKi&tf3_5U_@u;VZ5jYbfm`>(rhRa;ok&l*fqse;sU^S
z2K2}MJo^#)n5OHVR<2baq04~_7#D|IFl&4mJ~5Aw$$*)yAt)z=2lW=hF@f*VFW620
zjd&68Lu!@=e1}{rv?-#t$O5FF4`(D;!(_~6hwUuhsZ@7R^{~Oy!(MEQmxI_QhnLI;
z{ooQ3vq5o6?a{)=%mZ0$_Wg;N18{mIJZ|6>4xT6cnCLPjhG4cz&OWoD4c#(okVJx`
zGUjAv|1Jm^F7KtGCzpuYFcGN|wA>9Wn<)Hxmp)t8zvd{0%)3-pJvcp++u2~|7GJ&H
z%^z5V00+rf0YKsvHP)XtY&#zh@>*HdHATt}b2bV!eA8CV+!A`f0!`Wpc-~a1x}!zY
zGX$^lw86bd6=RF*(G|bIY-AEw-j@!$Au&06T%=axZ;u~tjT46n<_wF$+2kF(WCzg~
z?adxrHrsI5ASWW&Rog_ihPI9=xYZ_`E#F8dL7fb^$e%F=EUFX!7m=Cyo3{%jvg07=
zlJ3o(B71F@Z*R8nn+^1r$4Y@)?9CUrPdG|1C#@Dv(D-mu!6Z9JuHmQxQ0@B7EXjLO
zEMk1e)Hu;AWzUcIY|4|yW(V%HGO>ig+(?uV*I<A0t_vced@fZ=n~UIvAmYF`otXRS
z-r?#O6wQuS9ow;&$93fR7p+|b(3i0~G75jWT1@ibOAnq4W7bT#QK95;L&x2wm$u8H
zaMKA-)AD%RM_#_<kcuIM$qw}rE#uYtdmc)|u!wWRX8jhM8Db@;Warhv+u3n!4|Hqe
z4zn!eUdkZcXq-Y&%61)2127J*F1kBW>rZa&_*fm)*)D;X4VsB0vORUos>QqBcx(CM
zGftP82+uaN8rg+aRGDA)D%k039pP!r(8S`Y`iVv|<NcM5{$(6&L)AJRF=>Rq1qvAE
zgHghZgG(+-M7P?&Fax)od)zoZIl0~Jne)Cm-}Wyp<K*H-s3mK^g=CQ6ZL^tP28S6Q
zsSMxo4H@>=x|ie6)pVy!T$C9%Vsp~sZE<_4?(~X{CLKSE8m|QE!NRB~%QkDVwg2{Y
zoTz1r=8EnRI<NqF#?&!IP;l{ehz+Ev4o>tU=qU#|-m-+U{eWtAj-y6>po+UspvSM+
z&cE+_9NLP}0R)DzTvVlR!Y*Px9!^gWr}K1KH^B$xQ{NbpL&vxZ(pw5iQzI!M2cx$M
zB_V-WcO-cZcVA~Py>-CvcJ?349A9^5FXP9<!_zS_-`@eruB%6m_bl&YQJ2{4xU8Mc
zF1HQqU99M>Rm7>3)~S0aO!(^gJLl3xp-jR(jVdF1pjx0r<qbJatT6L4v)mvCX>55Z
z#z^qJ9?s@$jM|pBN!rp|TedwMrGKR@vN&Kw^)e8wG-!*j{Ss@n#vI()C>IlX$jE56
z_gl9HHy!DR&xxK+>}vIPlg-%%<zs-fbk>-<kLS+lmy0&_YUB+q9mD(!bHk^89tC5x
zoxCrF93>UPeIqJPeU=dtkT$waCR)_pI(}UQBMcj5>H_sq<2b1hCph$oiqYX~(3Kur
zUi#d`h?{&zjueb8FYghaO0s;z3c(2(Py)m1M@5i)b;#?xxA8y-v_Qk>A<tE8C~yXB
znHo-dtqajj)cRf}`rwL>O8%tdSO`Kiq$5G%g%WaG(_!*PTtGGf(0JWjow<6_V`0DP
zgAb@@=D>^J!o~RBH%D187nbY>yG?q|YyY+=0oy1KuAEcVR#_+Nh>m;u2--ugYAV~=
zYt!Mf4<H)yP^xlr3zAd~opFHN4Y*Xsrh5=Vmk=gs9HkZd9%UvDD$Yi}x`SioN9y<l
zU0@Fw$o0?SKG*(Lcn2cr6@Yq>g}ys^>v^<IFDFQe8Cbcr6TcK6Ni^`kA#aSew}}~@
z32Qhyi`IXp8IG8W@uz&s^h8T<&t-5!d47IzV@XK(jrZomjg#$(`*myiV)Sx79Ws2t
zq#zy09bWSC!tv5<WDO5USAK}oXph>&m634hvi8#LH)QE~4t5s;XQ6~`J~njQC1klG
zCoMWt+-!Wf0_qH?V6rWqA))b}w3s4F2`Zw&hAD5d+eeQv?Rw^)yy&W2wkp|Ei)6L=
zHNTqzm}>0PTz)39Ap%lq1Pc5JhoFnAW_M@VuI^AinUpW!fH!oJc>fY?z7Nb^iNws1
zM|Dk?;NLdrCuA2}dJgEtp8@9rsTm-Kp!gUrB72m2UwUgY^|Knahp;&<*I2-4ArPW$
zSUTIG%{MChM;U{2O2s(Z@vvj9lx8Ar$+2lqA!IIIjibb$T!hJ&r*%j>2)tR%n0&ek
zm}kH<V8Wu%9WEBI)3d_3&F&#wz6)!&sc>;`AFvd6YsW7*2n}{IJq_{sS;<JS@Mi4d
zWIio1JqSjmEH<YaY_O8!tC-}U<S66%a6I#`&zDc){8iXLRCXVd97Zp;f4hIZ(#>U>
zYbm|PBHzIsrVvi%!??k($?&EEsP-2q{MDT{-6v#NoE?-_n{}99STUkg8X8=PgHqZT
zB<S+`-F}CUYZ%qg0TFXrqdn{Cl)q?P*R%m&5g1$|9K<`s;&|egU#&O_2MKc=+lg)q
zVaZdy=)Mm%S;v{QhYAB=+HrF@({@Zy_1n0mM4vx6?-9WqPxzs6T=P8df@G(4^c426
zjR&<B${+qy5x@MbJpzC?fsrhR*}xE@Gx&eebx+}uwd<mWW81dvbexWDJ007$ZQHhO
zcRKDQ9ox2(UH?C|)}DKxjk>Ci>S&Dd-S6{0<5U_RkCi_zFwb0Y15rh?-#O+EGEW|<
zVU|`kyyN=xS2@`xrmmGeFypzLsXrd6ukO=Uhb(4rGXUMYE@tRbHYiF}wmqP(u6Yz-
z;ggTQiQZ9RB}gUQu5YQ^yBT$ljPYd4id7MI8%oSw)&(CdHynz#Tl8o<q%TYF4$tua
zZmze462o<#*r5p3E>Zv#g}vqA<r~m!3b1}Kc~1S^8hx3up{+}ZLd_+^Zh}bA>vhO<
zZJ-RLkJ6csHqo1L&0d^VWGSO(Q$4#~xNr@($H5i*Ed697p<`zKX#r_}G&)eceR_tt
z<=<5Xo2HJA5%&@5AQVx>rW5yDg}ArI{s&SfSJFY{Z7@8C#+QA+pdPE5#sgW8ShOTL
zE8MGlN-4!W&FU@gcWDBuL)!;!o8xX+pFb&nOTC8a`|~t+31aesxJswYok-#s+wT6S
zxceWAE3Yp#>LYEVKe(9Nyp?MzQW=AOy}CPfd%V#%4q9*SZ85T6<4)QXT0Dr>=Zr-`
z6x!NIoJW~`2>pmQ&AK+dI%nNsgYWOcXyRhXfu$Yc04&x1d7g7b3-!PwUXbOs0aC8+
zFIDYblf*KE2{?Quee+ju3$k<@yJGv(z5(c=Ms!6Nfl7AeXX_)F(}=RV8=FScLTbcG
zsPbjM-7u6L@@(vn;&mKVit?L!nA^xhLt2d$__H{WcJQf1CocI1=P>EDzk(u+qM(C1
zhGMBPyFU%47z8VJ+3d@E+Iynv#s&?6|0<76r?T8vzV1lpw&4?WH1sv%aOPk@*rFBT
z_Y`YL56wwjpd)%94v>hN^olmP+wqJmDe?+9`GWdN3m)b3jtNc<^fWS_)Wvw1bs15E
z3V@N(anW%3A&+aNU=bAWmZp56Pm3Zm6m!NZE*~5B<yVX&F9n+^#PETB3(v@Va*^Kh
z9xFgot!UaZ0v<p9hm^E+B|&JE$QiJ&RbK@BedWN`>0z<en_WAXlIeT87M>RqzXPF?
zpWC-FTL)x93=4%Luchl$DT#!$O8VE+v&xQ0s|`-sDy8~+V!drev|p$9ODHk?6$r)G
zraR@8BEZ^fgeCFc<-2#Tp1j<bdNKPH-isbpUna{vk+{wIBYQXqTzd&_C+qym*ZGef
zO|Z$jb~T6>GT@LnRrgB@JKoIpJ17CiLXf*GGwWx=h<-2R#D5hZAC|uc`@-3nD;DXw
zZYLE8xrFKE_OJCRDt`K7e)KK9;}a4R`rVvkzkl7_IDCBNeZH(T?InG2dpw@6EbPt5
z=kmY2_r>OUf1c0izhiRgEuYkWO4*dZ*6n$HsX003jpykidkcjM7|h+Nm^}KO-&kT!
z5R#a}3c(UUZMDe5^l-g^GEA@%t-Bw!uE5G9?kc?#Ps@eeyEK~e1!U2CbKjed>IMot
zg{6|sCR6We-d}{b*NY1$&Kno*zjJXtA7HY0AC-TrYQE9;<9j{890Z@WNgVj;!_@qf
zex46*qOOkuX&q%@_>+zX2sz^`8JY^8jlm;#$Ns%Q+BP<fl2X{}+c0$8rJHgRqb!H@
z-65uUZr#2|&u@iYu(i$OLokh7z!Sk|-xB{59q*I%qLY#7afA=t=N@8k|BqEV#q7S6
zqrQl3k|xg)*4wi>zxuLcC*GfyZYg7Eyp&&QF=k47LuGBxTc2>^7wAQ;iygW1c2Wrk
z=UiM_z7MJ{EJoohy)X_o1lBE7>k25#7vGDtjX5-WQ1*^s+sR`Uz&=;2z;0tV>|JpY
zT%LS{Y~>2S?yo@IhjNo-wWU;+qh^dBzT_mxf{sBfnWe36uCuM~JQtGe+BsUhtTzVy
zVFLik5apIfMX!gFc}wW;qbr1gkD#d1mXagetb9oxT$qNd(w|u{>M;*Hd|-Z}-8}&a
z&t<8D8(+kBYftuz*OA*oyg9F}<u_pAIv8^pknoUezd5Sq%&ZB%0UHktpB%g(%8R$e
zWx3z7v)-tIxz3U;S^Ah^DOwk4g-Xc5x;4V86C)i=yTh2^1COlb)K*cY<7B+09odu<
zwy|j(24kE?L*Ta$qN|{N3wY$OCs@IU<^QMv+WPj00Tr122A!J49y*W~x75m>js_Z-
ztt7%{P=7X%fgR}TJzMC{XmL1c&GYtS^=Su4i}=u0D^68|#LcDFozm*@q1?cN7Qz-k
zdz|wUhL&Zc{A}qxahWd2Z5%!o2PdV*v69y2A!{(Pz>v;ok86_Tk~^$Mq?`WS4Z3$J
zLEy-x3Ey_-AdYnY5{c#B7qDtv=B<vG$Z>_eK6AI$DCG_#{J=AEn%ld&gsY&R7no{1
zRq2ApptVw-9huHVYk_JW+$0iDc7GMv<%pvcd<@l|Rop)5$Lt6c$QNnjvy~~_v(86;
z)o!CKSra33+fCY=0(;R22Y1i$y|r{_sEwuB4ker8FUK;j^(v$%$f-IGVM@5EvU<S_
ztWG8(x9Y^xFHdH`(bB`p2jQ8T=h~Nza$pzW|6{E<15#zSy#&&+z4+b@1*3!ut+HJs
zF4FSIyJ%o<9EL)LR5Fe=bqC&I5<86y0xgE(Gbzgr>Tj<?J%_Jr_KCWFxG%5TaPETj
zZgS&HMHAu2<g@?s$8@DHI<pPhnWE(e4?j%9uj;3TF8QC0x=%4+D4XgDP}QMAVJb5x
z^%j&%hgn2EzKA%)XKXO?8M*p3|2G1$XHKV}i_IS+);%d;sx&!AxSMh{zuNN%A&DqB
z;&GvG_WCy0lAd=RpE3`%w}g#yZ`gD$h#BV(iwV6`b)g@$DY24FcN?vzZChU3_dGP_
z^lAdMY_lgz&WMJ;@bDHs+w|)Y`C&)QAA81mQq0VAMtGLLi*`CywJ+Wzi2uQNe6IDB
zH&vcWI@IZ0{C4dp`3EcqH<*64Lo`eY`m^q+WKo^R0Z@G`j=V^xukET@ime3SX2n37
zk|&P%nMIbs5tWjJtt%d|m2I`Wy1zlb5`x#Q3gcy`Dqy$Br*D}(&{Ht0x;DvO#aXAG
zB;<=%e3u-#ucQZQ+v?vM4#`A@xy38~3Zh(uem`>W&61n2KZML`0cOBOQ~Lsg(`6$X
zgmEWY7Ue=cFw%1As_=lV>devYEZ4tjS5t!6Oiw)r)xZxp-$`zCi&5Dh8G&->sL2oO
zLn63M;d}Gx;UmA&%OR(vl+P7X@5D26l<W9LW(3`tn4#LzP&dsWNt^;KZjvu$iQhCs
z^^gscUTB}WB0J5_<3jq3`Vty-u0->@NqVZWPcWcIHb>nUd~aT*+0QWi*{i@Qi~u)L
zx`Ms!2OWFPkJVA9{YNgyP|h|EgH6F16H~MyAeW{PSetT*8V^)*R@Di6746AQ<a0=m
zqFU5&7bi(pmeP(3C@1-3=k7>pSEc6xVuWRWy}EjfuwTO>mB}U&sudcY5>5=IVO1s>
zugIXC2nfIzIVgrxD<yNMTtP-Vm4)~}3$0y<7Q!5lV-ulj5c42Ubj}cbg<vnkif;n1
z44xmivbmJ)nAx_R%yQY+?3|56jRCjr6GL51k8&A3%BEMzE7xsqKdWEYcuY9t>;WHd
z=m6h*A(hF*O*gryvJVR1kko5g#)KD#-*GEMm1w34%2ji)&CphMr<h+K>i0zzeQ$0W
zsqx*+KLs|L{VnAQ?ul1Lm*NrI7a5;iz_|*_Zr>!VZxI#sDB&#gMF{2YdNttK*jcz>
z6XGmdHm(`mB84|cOdcv%<=^hZ#G!9AsDhMmg!q%psku)BKRQ)RNQ$*QF=1<xFm)UR
z<0L_|B3=;|I+;Mwl+P8F)glbFq98Ymjg&RRtTUDk$O1(DnENg+k&~r_%VYmoicmOd
zD$>c$2-5oG;@*U9h!$){W)s8`Fu7(qRDcpQ1ME`ygtWb1?ScFXT++-&UXA2xmZzhi
z?z1L|DmdD^>k((wXFHX<Iyx-@I7A(8P8vq92Nz4|u4F3G)S@{I_GeHg<HJsL+cX)c
zj2#L~tl}hP99tUxQuWh5Mx<6g<R7%3B6U!ymDjk;3&rBSt`8Gc-a;JsBBA^yAbyTJ
z_3P5RZ}Z}2)<>wvTBNatWQ9>sq+aQbZ)w`f8lOJL>M`Ox%h%I#7a_YAv5Rl<=BD16
zhyO}%Rrs5sqgSn+L)Nwr(zn7>%)^#=qu;_GM+8oA0!QiHIblz3eOfG*=4Ii^RYZCQ
zXM$hT=*F}R_KEqjBwP$_+$d<#QCxD6;+!h@2i|bj`$1uR%x@l26MQ`-+OdsOQ;>4X
zT~xC};)~59VHt5#9!Z!dn;rQ-nFA`6+|9t-pWx-+I#N8>!nC!%OQU`T(-SvtWL=pd
zx4@qJg{U@{yu*zC)?~E5N`zx9Vt5VkHauEEwhp)<Cu|rDHc0h~bWu4oh8;My*;&{x
zLbs_4Y8e|s6_c&_)ArlBqq4PU`?W*r%-LlQ2pZKnTOCZI<Z?Ipj5ub~ZO-;8{|?$Q
zjUW*b-trXj;mxG`dNUaYY3H~G*BLV&!^u^SXd;W((qj-kA0)UxESb=UNNMFu!oT?T
zc*y7$7`i5|_Dh>`b(Y#V`3@{>6AQaO*P}ab!D8)4m<IC_zd=|sn$#veg04v?eA1H!
z+4U}n4Qy=jnbdK!@-pU$ozKUc%3y9q@RN_IA-x^6ruW7<QE*57x~#DF38d`}TLi&`
zQoZvr_j&~y7;Ejj*Vc)Ca4PLbd-^IK0c&G?M|P-XKR-jGB!;X?TuMmTiQyGK6Y7V|
zqRcU-zv|kcmY)OjVC#SkdM42=Jzn4PS51-UGCS^~G<fw>EQh5$eqsDdIUej1uuwZ&
zm-N=sjND$|`!ARbi}pw<<mdvZGC1)DKKbemAcmc$JIt%_!AjNb_dY{QV63K211bt!
z3hbcHE)8GM$WD1JwTS>*UCQr=fNi~;9Wr(7YV1Pu?o+S9<UEsWAE!$!gd-Q~<310O
zs}bAVEowqM&28PfHI!pRjD1)Hh;eapxp3W7h-|$dTby(UQOEZodokW!F-*L=UXF3S
zYeiRT?-z4!UiTXWK5gP#fXg1U2Jx*LyPJuED{lUD2Oqv4r8)y#galQZdcCsA2}@w7
zBRZzws-ue~g?rgtWhgV)bFemc{2(Xc<;r#VVo%azu2-H{6=}VdT4HxWf{e@M8Y9Ax
z?*7!;QZj5`-1@h)p~|3Q9AiwTRn*aGU$1(b&yKB13VKX*>uO14kIR0_58u$gJH7QD
zBa~>Wf!mxRDT>I>GCEmZnIv37-t!(yhJ;*shtFxBdV=4>Sz9}3-@{v~Xj{-Kiov$`
zLXqtBr*}$~KP3m?Iaf9GeYbo{84^2nTlY=RcIUr2aA7Dm2>W{#w7z$_<WF2c&Ue$Y
zaO-VpC*A^MD`Alli3THh!%+6w+{3_7Fob#oR*5S0ckZpyU8Ut{v!bKn$fKSSzLlfc
zB!7Oz=c{OYbZg?mfJyu0X%$K5UjOR|H)wk886v!d3jXZ;xSw(Z7T&Jk(AS<o2%5G3
z%e7yR``6={aM`|ox8GTdbY^Da;oJ<dk+-;)Cv7ygppRZmYtk~$)_RCe^{n|Nk?4CU
zzS>-28?UO;WCU@UK-y2tVf58<7WT~I4!S0=<JrR7_2$;b{owb9#bZMCFQ=E=Gvbct
z&(i}ZrO0*5dRWcQ7FjCW31N8$pwrUF2C2F(LOg|rZ{Na2@F6}F<}Zt0C@xVh?#)}o
zdH4`^Pw<#7(JwC@FTf(6R5u0>bxJxGT~CM3Y!?l8<W=M3+_Do%NV#+kR=u#6$13_e
z?kE|ELUZ`HTWrXi4tn5)Y*e`$wA-t`dA{6?f>0du@=tv59ax2c-$yd(gq$ROMJ={%
zV|D;4Y~d5|8LTkG)D8xPdVshu4H?ka`T<t&{*PCC&aF!}uso|B7qG6l+JDVgIMH_d
zvfoN}PuGxD20@EZN+)O<F=^?hSjKZN5;45^0?qTge=7(WSsfEl>HDnpz8lqIBj=95
zDP^{VN6k38#i-wpRCT$|O9~2l(ZI*!MVy7FwfHu0zVYgs-2LqP`#cd3PX^WqHw3b;
zr`wYMp+eWZeZ#kow$iAqzTN9twO=U`112+jHmZpkrczf*2ryv*$%LL3f;O<x=u7I{
zIg%Qxa>rw@m<)w|OMW$srW^9rAK-{=VVU)4l4nJiGFZ>x%uC-)D3cxva^ZQWo`LU`
zCS1Jy>ehE7H6fSkv{r7T{W}{yi)lpUC(ADEjQk)Spk+z-bDgk5w`@T@W|mG>SNKeN
zz-5h%0a#Smt(FS&_EKa4NGjL%?vE)07;9MTV|t${Y+q^Zg<mI*BU1^eOcW7dgd))y
z!R78`*kpau;m$F8V@txKS+Tia;WD5$GQoZ5$&m7oz&HD;&cQ;$`N^#-3XzqoS5G67
z6irH~RV6KA4r?mr-o9s~2XUpcY9NZAa+F4Y4^Y5V*u=^C9ZrrIsPjFSP2)dlRo$vN
z4-B!XTCY_S8y!o|xFf^9AiWGhNJ-tTf67z7Yt><+;qNU=7tEHnHUDyg(+>g_)#vPh
zB|LwmPtSC!>FPjERT2|gE6rnk9hDGoR#Pldy*hl3G8^mirPoDF03++&DacJ2mep#g
zB3=<*8xg9CIncu?(_g(>Pb7SkhGbZ5>8pPck<9jtWLiZ)-Fh~4Z)z7tByL6vEw2=7
zR!@2MffYaZFcSdYT&Xv#-Df|$5dA3K#DNVIRy0dRwj77dlQdWV18E=&p{V9t;GYhw
zi@dCU?eoeq2-4Q+GjT-fc=Lfy4R}{Z^|1&TC%EVj5hxoW{>FR@j@^{ZJ;ukGX->fw
zR?G@4DT%nhUK2%~*@JeIU~=9TR_jPZu^DZd>0-88Xw%)h=-%e^5$fj-u?Bd{N|He}
zEt1MOzD~fcEM{v~i^D8~$(MBu)g3~GV34Ale-v+iq7-P(aTF*_FIK@eyRHZ80bAEV
zrApkjhN=w&22<;4{Cjx^c((QA_nqn!lWZ3SqI)j_79p!bMF#PT&}@fve@SS$Qh(`S
z;qf%Sr^|yWmhUpm<LT)Xj9fr1$(>0atEI*dzncOPcu~@}r2DqnW(#+JBRDV7tM6o1
z*Q*Qjzs{LqD-h9m7k8nkxV<g49)Qwx6D$Y`IY3LhQw(l??=H5I!KDXw<bKC?xh%}-
z$FWhVfX8NanoRdEMm{=-qfNKGUNqA0HOJ&%{VFEaM(1Z)E8snsi)=yp<1LoBzDYdb
z16o*nwM{u=+O?U~Lm5N%M|<jx@78R&YHMR2yt{r4Ti)!Z*AZ_Y%89G#3+kk%rFcem
z@)+s3*KoO$At9WIbcyL*#Zc+vorh>{i?P2~KI`Ln!IYT(=Kj`uk_OBUXUeG0OSX4<
zI93S~G%P`yc~T=`GDKaZ-PX7hNcy9LXe*}^s3>UB*qf!n4olA>i=4;04t9IvScnH~
zw(=JEvB832jIGWTb$0C8D{KeN2qgU#Ur~S~b_v;#EeDx_#doMF@i2imyFh8C(}kA1
zjr&F@l`KT+;oU6s^z!9Ek?Pc-E<}h1RZ&!Qu(UTbPz)b?=TTupFp~I%0<QtxFG>+_
zFQA!?Wg;Coa|l}{1*#tolc){i3d}%>1k^eyg^HkGH3S0YKoIEgAEN~^(1N4o%~Y4q
zwq?!&${`$)Qq~FGEh=dw*W4nDELx|^Ac@QDKJj$h4YURgBiTY1QB0U)B9O3^C1@or
zH0NA4@}nAxFS{#EWg8SnHXsbY7AX0K4bxVWZ5X0{?};^0PV(%hA8)IXN;g!CIi>L<
zs`6(q=3|B8lo-7m1T4tbuXQ>`9c7Psy+wQae|}@AhzB3PjE<XHij(wd=cPItQi8i(
zQl@Uk4`T`jX@E?%x41!xjDDAORD5$D%VJUWCR;eGQL6ZB!eGt7&_DiS#YNdj%b~Qk
zCtq7fh#&wwjW?!|z6Q^5XHSYdc*;P(^zR9SA=*DV8(0R~|C%t6l5Ck$blF^zAK{UR
znC2RNf*nEe4rlU)aUlAZ`0EWDOH#VzyfQ!)27yOsMi=;qP+3&VYwqAz_q$4Cy*}q?
z6cxVLFqNj9ne@AFf<CJm1hM{N8xnpKhjGY5L@q)F1s7)Yy8UT$hk^)HP`#cykU?y$
zkJRV<^#}IJHks|y1a2uBo$zcOAP8Kx9U<jdg~o|S>~`L<siQ#7h5gw_vz*l($a|07
zV`w~D##$;-@U0Pb=#{>FUPtCT;BEN~PdE`GV1>w6lBYvIH=?h(>>qq->H6=ThY0u4
zTW(>hbf7fZjjx8!ODS7~t8oJDfy#1bR@vqcGNy5Y2Xf$c?b{`l{4ao70%!wIKl5)r
z)s~v-msBgwu7>}}eksIe&b~q|$4~lUt=lMwtY0#gs6in&#+B-MUPwNZn{>KOy_p8G
z`Er2ag`1&Pb(IvDs#xvtbwd&v*~{3{5X6;us9ZwN8_vyQ_2G_)Mq|NxceMBaVf!uq
zw*3={?3Vw__VY_P*c*(~i?(C^t^4n@h09*Upub@}0Cc}QR|i1%4^s5Kzy4GA4}|*~
zo&2r)xgr_rdo@eoTx6>L<kIc@tP@Vh2}gbmW@gJN@Ha!-dhnN}pkoIG`MCt*G=Gr_
zcb_44=o)9phVkktQH+CdL~yckoIAJ%!E?uhnih!GPrXms!7KVV?@y)x@ct9nlL{RG
z@9#$g@c!#w0PlDAb-!Nox%PHJE>Ngl8MM%8rgDsx4kodh7oHi>TQ1XF!ar?gE27;J
zUU&;4)>ifqUw5{vXa$7i<_ydv5*P&|m}J`d&h$!nFyAB$*X&VO)B^J*tr>fWFz&sI
zm8eT$saeQ0qxM~=FbMI_k=>3#^T`CLJ%ju>Z1xHMWRt&f_xtdX6r@DVeC`vt-4RA~
zNuFRU<5&3Mhz7~~OyV5GB^mYPLMym--7>_$pjT8|Dj#cgyK?EQ?Vsz{K6@w68&>}6
zPYR-T9co#W$yxp$V6k_vEOD#mC|4U-OIUbrH8yx<gRbB3+pGJN)@&dWrRQ>~Zj4`p
zz8XH0z5G_l^|)T?s9{pKYxWH?I(4`uDPJ*aJwM)AJ*J}1v0L}rz~Zq_7bw8G4D=qB
zjBe`64T>VZ1_Y+qO(B4n=)rT;g~m?9F7qY`v)2%HciliLlGmZcw6`4uE5%L>IdHxU
z!qpe!Y0bgK`h??q4Yw^zB;vEX5nTa9{Ji1rptQxKsU6q2=DTdw#cbeS?upwoL&V|z
zZTDuJQ2}osnUaUCk$ojS*Y>qf(RZ`OQu{5L^oG{wAvHVDo+F-0Ganrs8yuuZ<coA5
za)zG{)5`VZu(1-mxTVj-TnUCQWK)Yfl5YL!%1StnuBVN^Hu$S@bJAAhx!6zOkh<N+
z!2Ryyqw6nWicKK(u~=InjoI%$Fm<4){>0f0?Ue?XqH>TiT5yxHR(_wmy8|=0-mX)-
z*BAJrecxRMo%saO1}T4G8c$-Z%(gei-Oq%(j|LngL=7-0v@5X~xk2xnH$+GG^2p|T
ze}aEDcJ=w>#7d)GShW%zxt{Ri==Spao%dwx#A7mUg~ZB<V-BHSRpsrR-F{=pEQ{~X
zFr;RS{@K98&FJVV@&Co){$N#hq5r|*oY4Qm;fn(Qg~K~3TKuXPMLY+2)PZ>`c(^~9
zVT(nUqOZeWzwMsJM!`g=wqX<8q7C4)bRLfUrNgawgiR-3`t;{?Ri!E}hT9KJDWw05
z{ga1_cxWJ@@2AdLQP9NvTs5iv1vzyn;#7r6x{1G2--?`vDPuw1?e?Je<5JjsuFcdy
zz5IvW*le-W#Hfi_poRt1K|RqeHM+;wC48sF1+E|=yf3D1f*1%vwF|5_8chg34|m=x
zGc==UX_ee+F$Ob<e>jse>-g+h*+<E<J*4OsxK7%>aJBK!Q8labTw>T}E{9WwD6i-a
zlOw)>L^9j**1CF9pC_x9+M!ijOwU&hI%@MX2*}3~DvOTo$*IOL@sQSe)10w;NQUYj
z3(y3<JFyXn-%uX<RIb3Ab?gh=W7Z6RRDC?%D(kopO638uDRf`}gGWWG(7e};fC^tI
zU;A4Tq}x?OjF<5q!AiS0$L0TZNxDLc+x2;o5c7mQ_pcw=_~oHBB1>sJ7-EJNIzG%+
zmW_n<LOmOI<1YnZ_6cM$Ewv2g-Pl)?3mK+%bUYNHT)MkGY7~6@$>-#wl*vQU##B$6
z%WC|R;&~J9)E}%>@RNU9kXGO9!^t}e2vdYyoO{^3NpX%cERfqwo1+6#FG5~>10Fr=
z6@H!?_2sED*KT)n6XVsBu)#CD!q!^!L5Q3@SduQ@ulO32u<}RcW|jeOQcV%s`Z_+Q
z8?c?HMe7QaNyV{4n@E=}{z2F#BQ>SBi7s=)g&KNzm97}oHz9lQ$0`xKTYoN$an6V_
zlX;Oh#{Ta31UOOp-!R;{?6jY(By9hR1W5bvm!{`7KRMm&O}Xt&jmomhOCXBYwAD1(
zMLqj0&#Yd2wa8iCOby2UI0Dihug+QG$yhlbC{LN8rCe#EkSe1(%yit!IFmeYxYatY
zu@cN!=<rlwCPrea33h>zCeH2o^8;t@0b%&?7sEJh#rQhl;2ie_$zo@qyK0xP$&pv)
zfLF+gGE@E`!ReB+d0SjG<49co^L=DNz*MJ<oN4t_nD66uMn10Z+voe;PX5s8s<-jl
z&C`nMmCHx^XbyPKH?AuU(guO{!d~DQG!&k|uqtaNlZx{hftMPaMf(#$c>>8({6fHj
zmEQVJ)>j+TyQuoR*!e4BasDKy$G|7bqfdl2_EB3eCzpX@t#^#Xqd+0}#!b|3Zt&Xo
z9HbN3m1j(*LN3oa(|cDiLO)GBeI#3YQ!10@mSq&7Vu~WJp~29%7j)!0!hb7-&8%04
zJ?2QLkG(Xmb@zq}?&8xT-tXHlzqa;8fA7_tQUJ>~Q=51u#&j=u&aMQ<L;n~fV7Fyy
z+f#QR<voTIEI8r2N3Q%XExjjb6vjhX0+87RD}T%E5Ba;lWHw^WG<b~}zu|>hYJ%09
zj{M2fb<`7l#r^g6F-y{iiHd0>f>|3ORffPm{alZnV3?8Fm<xz)I*#<z6oi|rY`DNP
zM*$2m8edI_cg<kVB=vxX?KArI(~@u>VdDNFXvV&?rD|uWV&lNo8edk0HiR<d&a?&h
zUZ8G+N5X>3$lGact0yg@Ohu5w?4R@r?JrX9PR<7a&JIV8)RGQS0QB0+K?BraYqJ=B
zjfg1HJ!;WB#>#r8D4I7vus7Kgs*E%-{S0u9L64V}qd?lhW32wJNf?fJVw+F@37^;@
z&p6|=+lpx4;o%ZK^YD$2sJcTI<?aOxvRDTzATf|N_$`>uaU9Kr&55v6DU;v~Y)%^T
zdv)V4WVe$@>Mxu7kCC~yd2sy%#w2rL_$Jp6;yDxUrq?Rc8oU*|P$!z_U<+2bXS$EQ
zq`XiA<*;|OSQdDHu|DJM7(&A?+m4KZc$kci?^}Zg@I9tT>MjW>+4@aK#s)KA$7OyE
zWtVlJw@^Mvpl>t4p9VnK!$3i&VF_nCf9Y&mB4b;C&Mv4t4u-<!qr(#_l47w$*dL=5
zfFCb<1@wWjyGZ3hNQ&ZDj4-d4U=5FRE?9FUr@+MKh+3^LV60#_8hPctr{1+;GLZC=
z-ObTdG9Vg&O4&$k=z;>d@kr-T8SrFEW4UG-oF*j12`+^1ljbj15Oy93-VCh-ZJd&P
z8|@e6LgjRU9LPIbK*~XRSu!knK9bSJ2v@w`LYvl#v@2>m(kWa6DB3OWkyUbeUP<4#
zrjKCBFIqF$mImM8O>O<e2``*?KZVv4t&R5!tYdu7Ibx3Yttij3P2KO68r-kpe~iG|
z&pRi$TO*+>z`_hnoct)erSrH7+WUBk+A>{B_AV<EF{9mKh*+O@(juF-W^$ZfaJjJ!
zV>&NDCy0ha$5ze2T^<NP*x-HEx)W&D8|C{g1{Uc?Yt}|@+@AKZZh%ucdepcijht-G
z^p+#X1|Zs@`yhgfLeT8-?14aFRdG!`WBA5@5p9myQ!ro``NeeH@K=?(C(BU`pxs8#
z;XbKS3<Y>xqPBri;Pd#-8&ia0!|$POYjo08#Xd)xu>2XRyhh@4R;Qg^+`w{<+@>#M
zFNa%7RB|W3U9Yb+sCk;5bdHD0q$U1V+7c0eDQ$#=zm&F@IGtIA2VM_Ur~S&ybBYR%
z%OuGYw#KEzObt$qPdRRGYrUk6cNEnHes6y)B1}dDW~8ITB6&%Dfj8T#r+!4j=;>_u
zO@lhDO4~r8BwZr*D3Qwm(~r!RT1!*kWO`?GbnJfJDRwUY;8{8foQ}&Ki>Jo|@wPJn
zneK-Z2astuFH;GI-agL=YPqQi15xO4Fa^ih=iT4?e;6fE(&%3dKdjE0XE}Lh6HWX^
ze6o3MvFlbUAE-cH`}WCxn_eSibL)HzlRH`nFIc4_o6ghi(+Av8H2v~eK)Qu_kc}~1
zDPS*zEgg@WHUHI298y@ZL;ZG=(8qk?W(c~$i_edr%gdEH>xchw<Ju}wE@7NX{>P7m
zG9pfJ2K#+?FTDn2+YBrEXFG?EjC8G8z;N`2CbWaFuc_4FV=JUry^Xq;U}wj9XZzVX
ze?kdYPP)s8&)Mu+IkX&W|8&PVURKuCx8C&h#y!&v;U%CB!TLSJWsRY&wRZ#1E}7(p
zlvLHK9$I1`bsCoDsrgknlZ*O<^=>h-6;|JvvE>}{vsj)rOw5I+c&N@#o$Q4!#fnk@
zgV4Ogi~Z7Fw`p^;MC@~W$av{zECvBNElD85ey_^Eg>scH-l%?Z&UlQUn6GReV>4ak
zHYcVoFLdG~OM@yOy$g`fbn4MUi}qH<T(9*m+L^LhavI)!gD3bA_>SI_KAiYQCFE-O
z>jWP#<x5y#ZaTU2Kz!i{4fN;)x{qEmzV7-&`Bs@rWLN;#MvERC+ww~qb&!;@b!e{y
zcZZytH&0xZhFP4TS0H*3q|I~4z5?G$6Nx{sDO!2xRy3ue;<QQ%w=(*2JF-eMSSMYi
z671kB8%wn|PTobOdb{Bg7i_70k-^~vaY8d+55`&s9Wv>$3~1R{VGT2g$oowfusgy6
z-8KDfib7tFb-Gmq{VZ+g>^j!Ftjet3;r{HQY8di>X~9vY-gQiHK02nx{bx+u!&(cA
z4&N^@+r5%F^~a@6Wf1p~l7zO$#(QF%+BuAdQ0A7l&EP|XiRwuQgH9hg-<Jo(M@}PD
zWR+Uhj5Mb!HHlPK8;QfD9|@CCMFChLmWm8Gc6)hRFyRylhV|1vi0ZvRYP~Rcr}mvs
z*LI7C7NhmIvZFH!+*?R@>eDLe(!cfae(ju;KRQUO-9-|6WkIiT0=ACh@9Sq%l%*Xl
z%9;0_s)f8i>P$UtTk1KC(}`O>s!%>f;MX8Ib@8~4yqL}WWWO?=3T-y?J97a;-hziz
z_z2Xh3CT>EjjSE=K3bOSNo5dh12?M8<U8y{U0p(Dz{VME^zNu#E?n*!6F_f!HkB?&
z!tJg@ZBA-!adWdfyS&UVvvsulg0Q<6n2qVV0nA|-yy)0r+Jq%JRRwK&MRh&eP3iC-
zae*@$Nz=Mp>fn&<g!&$JH(uj(+lI1f=PryS*m7wFaP>U4MCp$BvkUW(8Ko-yf^*E`
z{4tAPRB=K>iAoBaF?j;Q_ATKyn_AxRTwn)1AT=XJko8mrCXYu8okhdV%GQgG5!(j8
zW_o$bwLF*J56?v1egM9V>kIoNy-6X1_}eOP!3qO$q=hv08G&9%E6tx^Au((nczR=V
zn))HNJWCRdpUth9{%s1?ysrAr5G`w;Orq+7L<VxqG19C?EoVz4Fz|j!*_cX94P3B&
zlvlXQrp}%X@FCL~R*{RS_CkQ0aJDdM+(auNkl$*u-|wjD6nH}A<2s^!Xp&7J(KWFv
zO$;wqc#J`Ub;X1zq|cBQYxoeQ0e3SrEx&U)d5!u(y(jVRS&x>tzn0t9H!s;{s%nL#
zHZ#7!+PGenMJbj>l%-yiRQm7#n)|qVg*ff_RJ`K|m<Fs?hUgOz*$j<bu}Lv->wCq`
z@Wi2^23`|!hB|;_^~;HYXzk0wHh1g4IyXgvbLSZdGZx6~7_gN++%?m#!abO+zjn2B
zw(|AWG0)xEP#Px~A#UBT3drkOX4`rtz`2Vq+i~pdk;qE&z1DO!o43j^fJ+}SS;^k8
zT<(uOG8FY{VK!(qWk{<H0{ZT-gZ8%N+XG15pcSn=k@O+jV7PA2Fvk=p@gMd7LxYqe
zntXAPN&2EX+ak4^A7S7tt4#>A(t?9Lsw?F@&|rwGT{m!YS7P{=VI`FasB1Dw;*bwS
z2F~%PRJqE7_159MM5x46AB($Cng)vP6noxzdiMQDK~$tkl=g_($MDcI85;q`N{q70
z<y?{RiB0N}=R2Q~xGg9#-G{i>)t}2B@tzX^KBy#Ny>eBs(M)Lc8mSxAwmJc|k(O!(
z-m+0~RiL@u{Sl0<yV+W8vFu08+fM0Is`Gzo4<o(?VX_~PkYE^kMO+=+UBQk1NWm~A
z$Xa9PEG;14;BQE!N6@}h773d@T`M#n)3i21RCCnJ+Z-%t&dsq%KJ|`yRo*+3wVY^2
zl@_QQ83ZV;zlBiG)&C_ts*Fq@XHjIEM$}t>x4@vJ$mdvEt#lc86WRTC3FIWKERMFY
z<pCkdh)7h$pF$V-HoUVscJ@oubzDZKSV}V#N_%8pG*ft@CZ$p4BOFwg9s!@Z*Y;nu
z16alo&dL~GX&+jh+aN%6%H@PB1fIQwU_S7T*rI#eEvrV|V`fX~ds)why4lnt?uG_(
zuqOe#hr8R-CUuh=fTObDegYtes-IWcuTkjB92TD3kxlA5!rkN(Wy3CMF)JHn4SIH0
z88&IlwJVEMa)nV*+{`0Id|LG#%dt+Zyaj5nF_?;u1l`CGM%mNuO<~nizDnv4a&n@L
zVyZhlKlGhYVY}w8A8yta!ZSYyM7_vX^M2Ka!pt`FO5menJ)q~<(iYQl*F?69feXUt
zr~x~?8Cds1OpYvr-Ve*Gh6os=6qF=5S-Qhi8t*^dhLImyig*?e8U6+Ft##FAmRQaj
zveG5Jk`TJtEDj^b7o&*2f0!njT1^Q^Z3?m%i8D-IGqbI@Y<Sp7+m$gEVe1vJn%!a`
zWhg<7kp@Yz@k3(AZ3<sgBwNCKyqBgJD8E)Zm8_Rk<mJ5Lq^rcw9m7X-hYTk?Wq_wH
zRsOs#EBPS@b<85GJ3_86Ih@O`u$!e&es!|n&Ou%L(iZX=&th^(3b)LQB7X2HV!ljC
z41q|q)w<++;Fo}!oi{laV`}QwtAF+Ae#~DG*OL0muDxz_(LK5}H{W5JH{N@q&4i8k
z--II{Yzw0edK0ps)Z}BZ8^bZ$v;1rQD9K<%K&Ib~U~}uka-zHdzoT9o>;^>J%d7Fn
zK&WIOM?}T!`l*D!QXH$|zW@gr$o~^?WVUelSWjnlkI(mm|K?9;24<(qZUR|<3oZLt
zm+H9~qOZv>iSQdtMOwL>dTI(^1%K=tq*+z+1vfga#%y<!3{6wS{1EJ|zdMI&?SD>;
z(=Zfbn&cbdu5@V(F?eXbwz!>(Y+W8$-P?gKDpfhxw(QhVeKLYMJEf_i4^^K7^6_BG
zJ61Ynkn13rKlZ_7ACJEBg7y)c#$ApNn+|q$R9b9`t;JIhd~CYT2W3hS58MbvBov_3
z_Y<|13zg4>lmGNS{<?8?zx8+?YuZWM=@TF%NSX=1u*jr2mKE~&oW-4TBDssE_G`9s
z%wYABhqBOVB{9c<pMZdZ0_Dx79fMU@{Ps~3E>vguXDk-u_km!7yWqYe`|mMf0hBi~
z^1uxiQ5cD$yJe(&5`Ra!L`8!vUoeyl+Pbkz`q5?leTtl%B!`K+Xx>h}!V&vn%5V9I
z)B=MvOVsj8<SqQK*XiE<7WlefZF0>8$_%BFKT&n~2~STUTl$XFV_E4|LE6)c0n4C;
zrC`XfFv8S&xkv#S<%%0r0wjn!AZfh;34Rou1E0oEJJEX``a}AFqPi^nU;|QBWz$S<
zBZ2S)S_`CW5pe0S+M$hk0oJ{6C$Bq!uvFTf6L+DIF(Iw8wD2f7n?zAmZSd|(1iFYG
zw?Ew<cn}%0j6lroAv1qTxHSl~fLXAcFn6#R%tzBmr5vkV5JvRt0_S_Q```O888JT_
z4DewSIAKgXTYX(|z7EXP#$|+CJk@FX65gQ90GQ-F1v>WSZ%iU2Cjd3D&eYPsy3Rh(
zUYH~~>Mw*^QBIWSH{U3Q;C#jn%_8qn+B;$5S<`?9!ahyo4dv0LzoB(l)cyg}QKzTK
zgN)a`BxN4<nAukKu<s6_$wPZPH**t70hk8?qitVr5RiO3I{FI5jGleia1~bam(1~A
zaQl&cd=QRt0qaIYPgvu85RFfCk67am^!!|K#$%AIwRPgZtZAaO+Pb~7s2J;^)1qH^
zVJqRxCBRSuv(+PxqK`vbISGG582lF_;h-sdJuPY}0F@X@9yz4nd`Z-2&c@+w;R<a)
z^=M1#yE=$rG@}JS0B5t2KzTdstMJT@%<u5gcZOu6uL^8+2|p{OI8N)Joh5V@Ad(bP
zuVl1ZahKMu^UvKWp|_3dEhw?1wITm$4!n%{oeU34SsnTzmqlU8hW(MV^&rzwc*ge4
zF!K0ixG7g(VgMoHugs^&t3pyTr_4Y~&!R}*Q_T?Z-dVdexGx!LmA*d>?KuLhrN|_x
zsT~@{5~D<chLYD$>8Ywp>;<uj5cD;#DW-M@fFGG{`Ja9SC#AoN2ccSj`_@Tv;d9pC
zc?Xz2=A9EgYJm8Y^IhOmSz-WUT<Ur`>dCH;-&yK&<gHDwtGI&Ng5U%1_SUVrtWD?@
zc>8qGoX4Z*Zc2B21SaMX;m?TOA47Bo&q-zSmTWA?SEmXc`*<D*71?>6R85d#XGKXk
zEp1Ilq0d*#`?#vF4)2#1N=G_TTlPO8bQ`M_Xl?ril$k&-tZ3p-oo@rc=utsI62A>+
z5y>z3GwpU6=H%kkyqXvGh;pY5-}Lf>7?$PY-Srpgt*2EpwQb7yyD!!7F+NouxIkiC
zG>ys1V95xf_FliCf72)DYg}(wfb4F?#GOp3!Mejmv#gqr*cj9unVXE`#F*2OxqBvi
zdP-KVriDYsNOxTrv(&g`cZ^9vL9p3!5+f!fN09klr4lS30`^?eg*TL@BSUz3xRw*T
z&8pWOYw$G3&M3icbi$tLW*f3xC&nMK+>s*U!W3|9ObwD#jcKO<uT+LJd?1e?xC)6#
z$yTrN_8f+D;Pu~d1nDDEmEAD+-*Ds)e6b^kiQ&~!Thac=Q;})f{<eV@)*2P>^TmPc
zU4{IG(9p%Bm#!i{Psqr|P#s9BQnSMBez0D4jH1E?im=qwZ-IOaK}`wdb^0?-p)zf2
z3kmi<P)yN?^a5&BnSu(~qd@`td>xU@)l#38Bb*}9fzEuN%-;jE)zbzCi1g<u$C~Lt
zEseHy*U;{6Hw$v+d%ln|kpk;pa=!g8S^W=(c4j<5m%^9rB^!3#N{vaZ`8K~>>2W{{
z%-zKBe*Q!!b7Cxt2S-YK%9PWel4w$K5rw7O0k>X&LNHB%dWW;d6hB6j1#QpmoHEMl
zK$4MM<A%D<q<_!sZ2gMBWR^Pty0giD1fvlmkhnhy&Rn0|VefslD`s1z(lT&<6;y9|
z?V<mwM?ELJYB$xrc|^o+KX&UVI(PFiVoms2jaq3-t&fh&anG`)?;ZY1TCo7$FS2rC
zEHj>N`8d)f_ZKP=J%arD-La=<rMel(fRtCdXrRq*499nZ&G>_ukc4?dP|_lI?dt?=
z;*340&`83Ux^vALD9s}l+2b1e<cxy)FleJ!K|=G)HaDR}rx@TOI-`3Vq>!1ORq?zR
zySP4gS8i(crI&@tfFtbO%gyYalM1g+F`g8*3%)ybq>WbmdgN)_AN!mSkaoFXwB}bt
zDRUrYaUUx3rs=;tBg%_moPAmp7CEYw1XqR0`_@q65`0$+GDtjf2#<Myzxkj&`;DWk
z{Lta?(7KBHJ`17(7@<qf$bu$lL5y&bw{jC#!HMnrk&LX*2J?7OjGp;@eG@{JPIdim
z6wFu#>tg0|ywpfBfm}yM${ul=xNiZzCbJ@`DoL^7>v7z3Q3QT+Ps<lWe*j2i<(mE9
zWzOwifHLRlzssCX?EfrtN;<xk#>Ml!Ld_Sk1D1>d%A9RQ-x1@*-RPPWc{gB&;oxbp
z5cA?o+;o|zc4zisl@!o-({AI}mB@jDU>5_kzmhBmlM^d3aTV3I-Ix0@HtD>7AH{1i
zWU8pDSk|@QzhS7ZIyL%%WS{SVbtf)YyIG%Qd0K(g4Q+DPv%<e@H}PM<yaAzu3nr(u
z@o%RKs}Db*lPC#80%5wlucmqPlVEP?Cp3<e$CMMl*LjH1>O4DX;RRZ8=?4orJAxSF
zXF^XA6Ke|&UV?_KpZ<t6WfZM;!G60aU@U}wi7(1@%4aRv;%I2M>|O)k9~9v2daKS>
zPLM$}BbmfBwnfaLCT(j1x7A6nbut>PY!CUvZ5-cz{YE@DZ(=!bJq;cPbFcJ$O2CnR
zpT2vvP$lI25@iLXRn>km$fguwHL!I`A*v2CHe!_BqyO%KEteUz4v3XZ8;aX)AMH1i
zD$F01rEY}pmH(`C*8g4Uyl_U(XyVQn^7vcR@ToS^wf@a%PIv<B!5<?LW+j%8q)SRN
zR*W!E=Be6uN04XLU!r$T17s<r9-eN94-I~5Lu1I(>)A*T`ithBW$30FT{2PS=i;hb
z3XlF;XQ3cU0USpwK1mayiwc9Gzukh<-^_hd;;&Rv<*y)knYk%dr}Q7PChk8XKogiF
zx%fZ|cyO#e<eu|c&>=M}c5fNkM0hS<X?OZ#hOR@*^+x`L6h`P^Zv(6@o*vn1jz%az
z6Vpk+lJuN4epMN$`q23e&@{BA-IT1)VB>H^n(u#U8W=u+rrDb{1ZWy*EOKW^UxBpe
ztOk-a*t&50jd6is7>1)jZ?{teLWJ}5n~C9GL-!J!)bsit)7UsLm<#)iDyg$SW2GH<
z3*DKr<In?JJaA=Ls0t&a=nVs-bKE4+rL2RZqjv6U^Sp^+tSYDclx>AhRj7={lJiQq
zTt@<|DsD53aY6&6Ui4^68R25gC>#$dp=_t)>0sa~e#Kacc7w>;4q4bE$R*#UNt2?n
z^MP`|kCXtVIn|R}UCRM=)3A&w3vU4Hs4^BR(7-0vQ6wLIBkf`a)+0b?9mC(cNWMHX
ztH#t>9mH)>X`)sj5KSr8vg8!@4Y7J9T8A@IU$=<j3h7iZWQZ+6$54^ZFtt+s<FuL^
z-B5Tt(qtyzB|E(arjuSK?-@SC&_cbY!%`1;;*d{ullWK|s1ZvYyoouC{XLx09cEI8
zRY+c3r1K--O68xLW@hk)ml9~)nKz1<Giw7Ik+Fg>>F-`=SP52rMDf3Ro#b?OOS|M~
z|Lk?fa+>_z>(oZp$?oA9YaJK_B3^4cD-{zul+pG2-qs$>%Yeb)fpgHW%{4eUmf{SR
zHP9;~iY6_!5$4p!b0^?$!HAx<@6FB1I3V03i|ya)OCzTz<vfjCs6v&xEj&$lDMb4J
zz%&c~{H2x`f?F<{hc6|+JUU&NBP+v9(QpKsX(4=J{#>1px@G5m7UJ6vOaZm7_OCX9
z1~L;Xe0a~xP6W>2Se;GHDM2vi|0CF0`R`ySz4d>BotP?KzpMyTE<^#rPAo$Ao?n}z
zfMO@+KZ~8OSJsYhqRASt5M_%uJML2WS^nk(KTy}&vH-<SWkWrW4J<|yrwb{yzl)tI
zq;(#EV&}rCwtt)g`kq%&nXsqDG&m_|Hn%o$vYkk>l7WxPdTr0R(TOU`R$c;v-N{lz
zx1rPkG2|)_s>}`Ad$y#lY;9=f1%v8xR#YGb<<OV<O;@~nKObumXY{Xs6g$T{k?grK
zR4f=uiJ&f8=^$|L`t=C{Pvr3IBSWdeD9&R`$Tiw^@4&r4);sqQ(vZWZ(O#LnC*i;g
z9p7#s-SD`g@*VV-R;0a`pxq$!Nc%}uA0qf51yqjmy=tD7bx<<_&Cam@EqgADXnFy%
zhvQEaM9?}w_E19Y^r+Xpy%DW;FKTz1dUB$&<(rF=8v7Hr_7u`M>**faUmD$70c1}m
zytxqg3}VkSuHAf=$GS*H1Ca(VjPLu&p)u6n`@wd9B%30O*-)g0!}!5m_G*JSI~E?^
zJB)CEw|KE^Pf2)LsKpASN)(3AG2A2*uzH`VUOIRszbyq}cKt-0fX_ASYu-Ye9n$TR
zhNspcoxY0gIBYeYcEu{bGIblJMCa`pQYplbU_L`QSu?6_>=8FUgCuC_8Vn+)08P_&
za!`kk1g?B7rbnYUPYEhc0P9I+IDQ}g59=X4{x|DkGyMnaIa&Lw+WGuHSda6w575;=
zS<lJcKUt6R?!Q?NZ0|o<Pg}S@kn+nWfb~!d_V$ay@_@2yj>H%aUT8kiY;^n)hgpMQ
zooGb?ll|d!0^X31oFG+_&QLraufd+U#;)z{>;c>^%p<VL7qh*W&qg9KvvB}r^P}CS
z3TF2h8hdsjxkIJiJD{WenMuX53P#@D?af^=rActe8ENYflvnal=h}mdl3r#rkQuVb
zAtJ}nU57O3ITl~6Aat4oudCn_VK^P=9-+)oH62noRIf1|)ZC>X5bn%>`A@jBu*L4}
z?{KGv2i(8Ios6jQrhkPy4*}s$JMO>3oi744!~*`W0sjhj?rjd&{T=R{T^LqXL(~V)
zReXcSKq3iZIxZmuLJyVo;3fjaBJV^r(6EQh#MX}IV*1I0(&v0AC!$;O@JgPNiH8{%
zhdL}U<?`+&%u)`9<&7H+>Ny7Aj{siGK?dp#3OZ&HQI&VdZ;S=$)1%B}6k5^I!g<qs
z-8H!R@u@X@`_9H_%7%QfjuXQ+gSlBcRI>g0@C1#yg9LtiX^F4dwPa#kfXy}RtnvOK
zB@nkg;b2<bmWsz<7TdiUrbm@7c)36Ut}(BqIrl~;LYE(^Db>eXaLLZdV5aiKe<W5w
zY^y%wskm*%FTItcy;-&W%bX2YvnfIU&d45Ky!~pmK|IlT^!CR#&qHj;ph>zuD?XY+
zm7WB0*F^6p3@zt*e5g^BTT@f>l^+Kw5MTV5^juJU+{sO9&H2?M<x~0YmxPLg)J*!R
z1gEy2yjfYVNsQ^zM1$T0TBJ+IU~SB5az%Be(kTv(4R-WW_0pJ(r^<<h_z1gz)CrSn
zzBn*(%MVT+C)6J_FgjM3k-;K9<VX9j$DVCMF|+X6WY90AEf4xLRS|*l=*_}~SCnF|
z^*H8;ygb`dD2>8lDLl|!>+FL00(hp9Iy?cx&ExQ=kS;BM-gwMfgT&~jKHGxC<1egd
zeVHOkUOo^Mpc~P30`Eg*;vwleQyp@C;x6^||AF1A&j?yIIEo?pUSg_83RZTQrI<{(
ztGmD>5cPJ^?s@o&BR<DdO(NL$+PqRjD25F=>=}`<WF@QTz@PGnv!+QJHrA_jYp07W
zb7At%Q(#((x33u@v8oL8drk=uQm-A`Z1pPIWfpYP((X_yr|4g3i{~XstL&1E=$w>;
z*{4uNG1e(JP`rJ65EBsl#2gM@Okh(Fqx1x~l9IF-U#T$SaC)ou#E@~jNBUM57_nO*
z%rY2RWsnuB0hd07lhN$+1&*mEc|9v-Hw7z8X)U2Q?<{7j5>$9}1Z^Q7)TcG)_winL
z9i@-RyGLaWogX9)CEXj2hcVi)f%rGqf<+7i%5oaLL?N0pz{d7*%jA7|hkZA3^LvBI
zNuyd_w*EeSG4H|F>Fx9RM|`E7h*7T>7C$GJA(V2nj%jH5K=G7KUiyCbJF@dI9=O~5
z6F6$oT-K2YhKzYmQrApeADN_L?1i)}kgdhT)OF81TJK>XStHvc1u?er{>1XvSmmpD
z;V-A#t7~_T#ZWRT$i!cNbk#{(;#y+OXZBN6PiTMR=X|DvljvB9J$nye$sYowmYLrF
zUuubT{Fl@ctuOjV$dkq@O*BP-z0H%^^v<v`&Sv-sTv-c-aHA_N{VksAG0NCke)t$a
zJ^k7nR|InXvSA(x#t`&YjOO-p1J^k^h!V5ue5dO;k_~0{vPOHmNP+tN&)m!JI?pK-
zmdev&SxaOS{BWoW=Rmj~-&OrcL^p+d-F_EI{$VK&?`iI)JqA(0J3-bo&EXha1k&Z3
zpnPY?{}W0Rwe0=PeKq;3H=|``zINN#``=nI72yZ~&CVxexZKj!PK+TdHSA5J$?yvE
z#>Zudm^koU#svO`KP#F&fA*P=(`aTs`z*@zV9}mIzRgf4AH!+@MscaxwFKGTi~pfQ
z7W>q-k3My6pSQ8k+t}xA?DICZ5b!>4W1qLN;%}d~vCrGs=WXosHtKI`pSQ8k+rYnl
z-bVkK@AEc#ifEs=vCrGs=WVq8?ejJ|<ZXa8y3gC#=WXosHuiZN?GNwsHvR+hHs-S2
zXpGk0+goT*1CIH(0DTdNIQf;{q0(&s`g|~iOZ*uRHeV{y$1*p!e#QAZzO){%tltaU
z^qeq7kC%0Ebs4=W`>(Wfw5R*U%>*6iT~xnDF)C=)Qlt<@9b6Z#_l~cm8$t)K+1^K%
zPs@o$Y|ncbulo+c#s53bhC*r+ZaFwA`y3RP%dMBne5U>jBZ(>np%cSY&{<U})`tf=
zN%8+<@A;nFwwcW9@vp!o4^A>BCE1oUpTD^WH}<u;eoixXnwy*J%@>G-BwR>>1xVRy
z>igSounUkN^^3G+yJ>}o#HLALu~;m2vA<elupRa?$?k!Zg^xF)WW>fovOhLX3dPQE
zGA4P#(wxSZESK~D5WGta;PanX^kIwM>w{)Q6%U=LK$HpKl&3^ZSsWAW5}%>5Se048
zRe-f}&}}zi=B5#h!-P45lbj`)kW|jewUA$^v?ZFANNUCmWju$WcSu=Eq5^N9d7|Z(
zml{CyV&O^^OuaIKi_o$xlL?s!8p8!V#5R>M=c1e^GU8g^R5C77lgXOr^J-d{a6XC%
z9f=|*NBtkavvqT!JkT#GC@_ij<}gO`eH1L=da?5Em=>cT6p0h7<|{r?J>$Bd)s<dW
z#BuN7&GF%jh^w%Gf@=Sihktu>*gx(MhXC0b%Onda6mteBYp5Rc8v=1lfD<OI&WSon
zc|B_{n<Y!c42=VnjElUG`dQ4tO9gx>;0+LvV<pV{=n|uHn)49qb)#Eh#C%!AhC;4R
z2mQg{bjK4B({vK@V4lS5>m0Q`bMyjq;S)cr`Z<HF0eUfnvSpD<54fV_F?A#=4Z*_|
zJD#vmbT5ALz5c3U6M>#=ppUgEYT&nh;<hg*vAL9lqb!<w5)TRaR3z+-cQ0=F1Af<l
zUH9hRvphWJc}l~a&strdHtJmAhs&#DCsckZVJ1|S<Ftmqt&eyt!Y?1FQrALuFYx^j
z=VNCgd<<53cp8fdPaQehgwJdiq`OX}t>t;q?p&uKz<A5by&Y?yDs|l*$AI6crs+Z$
zPE_IeAqgCzzEjch59Oz8YK~+73nj<#@t>jSxLu`P;qhJJ@v7|#kKY}NO!9=vIY=+v
znUeEy)14CkgksNwGF4C#JA;0Os^!9IwWqMdtwX7%r<i%<Hx~WK=G_I%tE(UCJuJPj
zRcdNeoczWjP3WCv&JMmVUEQQQSY=faiS9TmB2f>3)(@nJA5w5_U;4WRE7@}C?-`RL
zp?JRGNUI_7ll{gXWoeO&n5?;R(kRi=C_(?sauo34sJnB1_WjvsGLGp)9~+H}o(;Yn
z?ekx>%X!fPxyEq!ktLZHJ65BuZoa60RoSE6um!xpnTl&Wh;j=UPibad_raD3ex(wF
zchELi3msXFxOOs6V%$PI(8b<WPSc3W$Y5}9PnF#~csP+AXuZ2$hqPcAJEFVa%w_KC
z=iP}tHj<B3@ENmtk*Zu4fFR)O#zjbrlcxNuxixiS%xDgQWN5V`qd8$WCY@L=M2sd`
z{ViP0m4P@^j(84NrPcC&oU%Ds-&2v3UkfJZTJuCd>5_;+l$SG0#}JtbPAy0<i>b*@
zdcC?EDU>hQEZUzGJYqd(nc7B?wGw<{I%4r3bLB5+1_wDhN5BEDv20w_mpMxaIiV^4
z&EzSgIh(-gPhP4}WM++6%)<PYvk=s}hTxxsRC-j&ve*V?R-P)#^dV<FT#{gJ<0>My
zx43{UUra^B&RER!bUwBTG+qc5Y<ykbr)n;a7ygyAhl4P4YoF&V$#V2(iJ8&H-=i}y
z#Sl(&a)9f)GR89ZIahFhW!#q|15Q9rNmQ1L8<Rc`sCV$Ze2MTBz~woM=a_L#7^cC?
zz_Mr`<ED+z5B|ASPYpkvTm8>MRk9d+hYy)zS}fVd9RW)wDZj&d?Y(b&Yvq?*<TNG}
zeHrvjpaQF1f##~IjG<*H(p}Y#UMJ@B;{wvSBK>_ZL6uHTWekGZu+XDn)EYjTVw^gO
zdBSrWL-ziskLQN^8k51QhY)ciMS_0(VIE_@#P?0i`{(sLt;0%u5^<5RGnUhEdbbU<
zq=$Ph%QfYgq)SLb<Cx4~1XX6wL%;f<{R-I*>>`;S*00k2G2DWONtUpP!-!Yte78o9
zUvMP8T>QH7mX!MV*IcX~kerkoy!@6-X_m2dQ*J47(i^Y<cd;N}m~Sk}T+kb<jlf}r
zhSlpSq!>YNYaFHR1Q?1=Q%2)_I=A!F{1cg_nH&l%w46UiLQz%v^-;WZ1-muIylL`V
z(ly#Bq10u=wRFN~Fh(8Y#-U9zR;dLSgMD&wuum=yPslGRxfqZU3q``J(f+<{g)lqp
z#lRnEe64~UP6Bx8r8^&?AHITEluU|I%o2;(S^^3uN~jLezI8cGjZGKPAN`%EBAiyi
zVFb&aDjq@T62*1ccjx2d(!3a0P!E=X>JMHS7?cadl5P$VU_{bBVR;BPY)b(lNU!);
z^bW*R7zpnJlUz6%oifR0Toekw1^6nWsm^NZz+}3+;OP(eU`?OZl44E&$fVxjWgd+N
z-ZXOp)BlKtv@mHnQg)5537|PBRU|BeOu^`FzBsVZJK~oVMTFd@{4lFnkGaP^7isCw
zN*3$w>D$)f2}v55?8H!-tKb^QONk0s3_ZbqeER_>Z;=n@f!^PRWax};*MB35-`N_+
zHergp;v3i4?y$lZ7&g?KVtxaaQ<<AgA^isH0V2@5cVYgR;RRyDr{twMFJC<^*Wvlp
zSQrLV>Bz)*FCx-?<gtKCi+jhJ#4w)9-DCsrAwHpYbT=deatBI2;VHQD=>3FK#y?*S
zh;MfdPgTxnWR@Iz5^0GP{0v0N<-DNW?JSrCWGo6vB09JFK%%?RC>k+)J5*t~S`WbG
z{wf%pc~^AWW|m7hgEd?&q!}7aH*kZNvZt(gZ<pQevTWYi({Q5e&1|kKv>0hU@k%U$
zuy09f#K29xvjFhY(ABF2%vpkS&LhGTL$Dh;>DHu55yzs)Pc?0|6elm8Ptg8c#^~}i
zGKtk~$L@s?lbZi)^p(4~%G(J-HPb>7#AuUnO4A85Vf#Sq39ZuWRKXc#Uh>r<Y5Tap
z7Fad&`VNSt8^-XPyP=Ga8~6$(&za;DT^-l>X|)r`o#1+Pt{Kq$jBc_^)zkSb?Vy~V
za^{yZ7FiW-VTLXs_NJl6*O5KC2SbGv%_skGRs=KcHcA_C&vi)GeerbiGi32vzd8xM
zxhmv@oshwr_YnR|x7!X%WqoGWEetd+;El@_N<7s;G8HMiw=UTMCkwk$Gj&XfW+Ep@
zMkP&DKuj(gR08<8IoFT#jFEq<BW^wAwKqqUE4TSZI-UPC-u#;1F%7(bpDSw!Ii)uc
za$2e9HA1N0T-!)T@M@kxC|r?7=75Np(!$Wno**AUQC_Oil+ck9agmpn%7N~%U(XLR
z2*^2#!zVUD7AjU&{M~o2oecGs;8G21k-4XJm1axUsR{-07KtTpe8&%)r@1erkN7_!
zxh&S3id$ZR!)xs~2++6~TLu=8w`Jb!GL?1}IjSrd;EFu2?TadXmHu0YEwddVXT3?@
zw`OQ`Sh~tsxb(fX!>k^{htp}{@ygzo_vAywLfmA|OM6*(h*mg<ic~Hn)dxfMq!^Wj
zd``&MTTkUQFMv_eFl1TIqW3hhoC^|TlIJL(W^o~DY<>+ziY7A1$l?)Wj5L*#@Zs05
zK4ED@{M*}Sf9>W3TKKgbI6b@CsuwdFG3kR@4z96AG=u>3mSgn${r>UM5&Ylp_nZG8
z^oRXtgQKIP!~Sq^crbj{KRE2a=|3a=2cA2$LUYGw{d<qqoZL6koN8nQ*46rIVKO4)
zEioH-xZy5E%skgs13Wp&*RO=95bQ#pucWA8T*R?{|2YZB?XAB+R=V%HCER8(z3~ko
z#z-hn>Is{C!#_Pj^ww?x3yz{8`JJRZjkK6`L~d_A2-Z3Ad_pt+eHnS-BX6k~6g<<a
zVy-;&YBJAIJzxAj6hcNkb<w)mA;cIpI-G!yr4J5u@WVCD!>K!#{;{xPvyZ6>;3qWl
zdcN;_cUb4|IAnQw$mJfHA)bEKMa(W4h_QCv*5Jvr=g%dQEMjGEYiQZ?6jt*9Ld2o2
z(AnWMgbUWLgR0us@5|x$Oh@1xjlBhzCe-bH=`?+NyZ6+5YS$j7wK@MyTA0q~zHJ-M
z|HH$>H;waua5Q|gJO3Y}bvzf|BDri+3@E8<E5|>vs#M^*$OH>L(aA)z30%es3&II`
zuC<Zp4=6>@jF*Xu)JicREL1KM`_TAI=`UJI1`C6h_VNWZ7|CP}qTmgljwLOfJ(s=H
zn84oay`@r-Ba|$iKqb03^2~}^ZHB_Up=!VMP_4WhCO401uNP~-EFJR!P|{IG-7sE<
zK`<2PPNOW&s=Ku6aHTB^tuAx=)`eA<ci&HDEtzLjL(ooa{q|ZH`A^ZiNPipUzy6!y
zpeg?ihP(TpM`^%|#w7TJg)!?JE<hHpd5+7GOTOFK+;`=<t9JR*b6V^HEQKpDgrC}X
zNiP12Ch@9{SQ_CkjbNWmgE+5OowXXO`f<hjx7z<j4z4KvH5*NZ_~O?Rylv(QoAkf_
zar6FncyN5M+y9Tz+<i@>ghO_vT0Z)wuytXm;XjcW>ZP5wC3dZ)xWx^Gz9Uu`(ctn_
z3nG3<{jn4YfU#6U=-mlE*q`ad*Q3_B)O{I_nJ=o2b~!HDjI-;~fCaMhY+(Kyv7G9k
zu|Nf`#z|>&<6&uRy^p|Wm%((o=XAMI1T*huG@qUj<RxX&VdU2q3}Ea&7rvR5W#sP5
z9<i>jrtA{=cgkarVC<NEcK&O@XEbJx#AzH`f+c;fzbeq$4r=p8f&bpg$Fx~{1{vL5
zyZW*br&^Q!>)Xro(~sxom!ChJ*<Wf(mt!?{LC`vw;t@N?+5{)$y-3-Pn3fZhW6)ks
zR2xah_V8ySq4MBgMoLe8UhUd;TO0Y$%Gr0*{x<7>$Nj^G{MUbTe7KYU9;3PPpP_{?
zj~DODX9LJ<e`tij4~8Ua0^hx_?$-ctLiYAHz0(VY1P{X*OLHOTB?DhRqJ`)^yknoD
z>yqo#UCwo85v7kOqp4L<p%+H@EQQd7PFRrB3HiMY`wZSrsmz1ZEHg;gGT)P~f1CZU
zSUgsIlCsE$c#N)$VAK9TJZjqi4u)?AyZ!$dt+xLgI#j9hy@OTXmU6d1PFvNWRK`Nx
zj~?X;MmZs0|LR_Tt6RJMUunA!VE-Q+_J_^;-{H}2|36A=wf~*Cn(Z-x2f9JA`#(xm
z=`QSVM^g<}silFMg?o=QPT&Y1mAAgJ?VSmz&yI>RGFM|Lv_`;pmgC+}hhN~~d!9|c
zisDqLyD&0Uy{qPIEeROgAp&bM2-THZt<WnzDOLQKk6Abm<DF7^_tu90&uGk}dsqNA
z@c*NOgC_qU4v%;Czej1^@BcrQ)bNlNfK4>FvjKd&*S2PDpTY`Y$x74p&JeJpsII1f
z_4M<Xvj+U>=?MaDpOjA_2;Ty?>dK&cFteSJ=}B7~`M;^2cD(}HbpQM2xM}}6I5<4o
z$^Vbh*7@~qOO|iY&(pj0**hY%^*9$Q22wNsK>r<G>TFKphX&b>^N-aYiJ6eOI`RHR
z_qYOXc!m6KT?DHx4i+NbSMUE|%Ho7iQX%ilk2mfA;bBAn9~>X`hr9j%80`i5K=Yi*
z6mpW_a$_QqQNiPgrxTLV@C%(V6?iYOwxY?mVG5IwNi0Sv(C~D!j|uDejA3#7>N!m#
z?*&QO1k<0r%p@E08=EEmUta~}C#-}GUuuv@#w3Y($^tJqyZYx<E+q3_khda9L`pur
zy&@5p$_pku@4>$az88#slRfy?KA28=`XBqNnx(y}qY(|i6d4vz_g)9;I`du!Bl^XA
z9ps7rSx7$dUjLu>f_$P9k|(}9J6B$iNdXBi0v<8i!`G$wUoV)cP(-Zvw3gj=ZT0@Y
zJU>0VI1iHO-eYXq{|o*fgW>Stc(?x_qrI?ULFDwqJL~p9!0*BHV7KdIfP_;jbI2-5
z<5;=r@9HO>&EhUG?WfZ>RAS+Z&>|NJ&3Q=Uc<z+_9L)(OV<Eo~F(&{0gFbu4^Z$9d
zq*g4Ic`jscim$v1Jny5hpg}of4c%D8vAA~1`YX@-{Q2{Us;LJvk}Sh&xFOAWSs?^7
z$*5^y#^a&~mJI!g4@gkX=O%Uy9#{b2^)liTe(kN?WE!MzflKV#uI<{NvHgDl00960
LbdvA_08|A4(aDZH

literal 0
HcmV?d00001

diff --git a/bootstrap/helm/cluster-api-core/charts/cluster-api-core-0.1.3.tgz b/bootstrap/helm/cluster-api-core/charts/cluster-api-core-0.1.3.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..98b96abc6f3fb0bc99e3a70dc6ef784d6717c1ff
GIT binary patch
literal 51877
zcmY(Kb8sb5*Y4wq&6A03o%qDIHNnKTZQFJ-v7OAswrx&q^UnKz_p4jCt9sS5ch|1k
z)qkw+^{n3}ih{)i`_J`714d^csmyF7DaRq}!Od>Srp|1v!fx?Hg_}b`U7bTt!`jlo
z*4RT;$&OFb#M%bzyz|0wgQJBybK4U>*;HYaUwbo=etoq_rQC_Hfo<LEy&&=6AXnOP
z$Q*q$#wKwGHUA)XSnY}Z@@$i;J){{7^_^0?fnj(cZoqQS30zZin=ah3T$7`SCJ&m_
z=v%2(X8B9#(5zdl8ZrtB3Xy;}?3VxtRQ36F-Mf3^CV@i4590TBc7ETPbqkX~i6bKP
zlR&n!fgzwsi!|LP*mAEr-RnveR{6vjC&w9uYxk@ZnQwZ&Gyk;r{e!`ZXADxiUdOo2
zqmPuzM}gCdjDF|)Sx0XWIhqqZbRMjVvJksgd>%XljByuqVdB+r4eo!LeRuyW6SR}X
z*!<=vR+K%eEe6K-^mRPj-+%hy=l$&7@s(EuMXGhXr~uq|Mq}}45IINc!YmITuyhhm
z1twaDp+53Yx=)~sk?Bq^g3Oc;w0aoRX=yRgXSX^3%2uS8(2Tz`u^=sh49tW@Kc}^F
zsR<jSu5&)vQ6t7gG3(DM<c=dvJasb3g~2Hks1Evv3Has$#UA6@%A~?C{cnR!aOg+a
zYB)+smCif+YJ+E}(U;Bey7$nu>&;m6(ZpmmWTWE!OPqVjYPf`9Wzr*>o~^`l|F|1`
zO521PwCB+)<c@TkkSZvQ>`TPO5<Pc!CjcY|r$Hrjrf<`lwB#D3>)G+q)orS)rk|Gr
z2iZ}OSMWs1wT;lZC!(_{{in9UjiAUW(Se{zIFBxGiUqA9av99a@KvqW)9_&(ElHyo
zza!a>Jan`M1nhdjh>7=PmY(<9;O`euTHzA(MymA~g$>ykZ5BFp#6}&JKYiCd{%)nH
z=*+30spPgjnGi<!i}NO$Xn^z;0tF8uEcpq3_0onxZ&z(@=2*38BHUa;yv-B*B2{5t
z#e2UC26>0;s{plGTwuC0OxgHQ{Mou(O{b=(FW>jo`@bRwEkv=BzI|ynQk!ICSKgZ{
z2%&rm_}=G7ei8Wz%=+b(dOzD=3%KTXDp;VSH=Ej%glqP72aIK1y~hQ`5xMburzgZS
zc=V0fK1@uw6zQ_kRm_5vjbp0@=r;G?smSS^Czmzo$K6Lpy6;nDA#R^>KS%eYyxR}1
zMlY??(z`U#PyH@?fC{^$7^mWzM@mg3UlSGsY1tu}Bf-!UZoZ}~oC_MBP@T9^*!21B
z#-fqw9!+$NUZYx=(!y+^?y(`FaD_`ciC$4i{s$+O2)b!hbfhZS8+litpNY|8(bAB-
zcYBf|Wc_wJ308z+#=Vk^4<L#HW)HS?U)ZxT6Y9HPkQE=tU{)1PzC;kuk{!OENZ1ay
z{nt4RN5?$@ITO=p>MKiAjraQ_qrdPJ781`twWdDl-ROLF^ZTc@?gV5?r`Oee%n+H1
zS}|LevN5Wl6(-{^LQV&_)Rzx}@V{)*fwxTVdKNt+m)%#1n||l9-KwOqVupHy;3|WW
zT+8fHd+j<zJ@*PDVJN{=LdjtSGTHm&Jhajx{C}7sCp+hj)xQQD%3ty2<~@WM%_B!x
z(uw$iz!#hsGe*ox!J;h$^u%53`rg>{QC6TZ8Ia+E?R)Ox;S}I+ptCg91}fh~)^Z<4
zxjA~>t@OLhit|z>N?<_?teB&W(XdW~P}KcslZH)rm5xnpFn&3R?rBX(QGfL1qeULW
zZ<3I(e)B5R?;QCwKa{TP-iyD*dB)GVd2A(;7JCX&fqfhsh|2^xPWs~Wd~cKe;^TV#
z>=pg;N!=U&(s#3{St8x<hD0#Yny4(waRb2-7&$SLwqUS{iBud%>=*IeB)M^q4#zc?
z%>VLoLCj<_Nbk<e$SBTe+bcLq?gV#*1(%)UaXr{d^h*e)B9X!LfK8v92#h)a#idhy
z&d4;aY}5s?sP(>vaQ+T`X*Zcnu0!A@`JMT+u{nAh4(|2#%dL}|;Az_zzTw(*uV?D*
zYo|A;zyFHvefudcwma|g>o0W*4%djV#kOv-DEz&k%G4HJ>T$O*0o#Fc#7ZPYo~5*Z
zP*Zm-<wS4d-RVVnxE(5Fo$P8<aPov-qu?Y2kG3f(KZ%!Gpm+&pcw-RD3hdUiG5dVc
z1@|b4^t35mDj0Y3hzI5#{r3<L7cK#wOaW_g?SM#2D=3Tkzk)WI0?^)+=)Bsv8WqvB
zEo<5Fc}nik-2fr=fMqV31sd2e1UxgruS_a~0r`=W(=eiq=?2uy)j<4CPE!PLB>>8b
z-Y?FTrPzzdvr^S+g%R)?omC2MuIxs-shY`l*D`PMn%F;njOm51S6Go&__4GTW9O}*
zWh2?{?&_<;!qU@Jk;Cn(eouZry%baIF}Km;gM7U<+EIwqW_GaeJxOYWvwJJ&sHBhy
z4H$bn7?-Hy<(aL~p(HvAfE)|cB$HCovHbxTy}8#6IP~(eF^U9_x+TObJQ?BKD&(pA
z-bJ6ZPyO9q6>OGYe(wplu#^SkeliK!y~vaG{T>}9^5U^ne<$9c#VV9dKw7;DBr<Fz
zLWDd8H8yT8qD9VfN{Vzr>`~>LKNA`bMpy6hVwt1`l8$~k!hJ_sf|jGIdoYz4NoxG-
zv@Dbvk!)ge2u4D9dhc6}*jj34{H%PCYp>I&MGuS;M2?o3ye#r2v@ib5pcJJC%4a7b
z#0$&#sNYfpsq_+}p$${6w{`8%4}V1Wh}6P<_YW3_O7?prUI{-5HI{vnxg9v`J^nT-
zlfcrK^oxtc>X)*IqkY}p*a^Al_rGu&S&%(N-U(K$r^Ln@^gQw2>_u92N0HF9(<=e9
z>N@pMs9zxDuLB^87sbxv6a;pgE`j3GldK&LyPN|SH1mT3fbj1$BV*1SBzSBcL&X@x
z1V9v|)qrSq`ULA~Ae9bZ^J2us3P?iFU^1*Jo=-!iI6A=8<3&X%Dd3-Wx&@Jx0!?Sj
zhwSnIBY;fDk^oM`iBA>1>S+60{*|Xv6NL$}-;!F2JTD|kpm{1a3xFuS&7enl<q@4k
zq}c<O$}*{!#>blDI!2Y8B7UaX$os-tOPus|-~K4rqM}I1*p9+fF3tnEj`t`Mrt(M9
z=kUKbe)MNmyK}}&D=)W{y3Bw4{du>4|JB<?E0VtCRCL>+)Q%o!Lm&oHU0zM|M>8z`
zvbNULVJ0`1DNu{WiL7QBq?yEqwpL4RP^v@@7RIUY8-Jk#3N-Nvh}hA!LK1E>bQu1-
z6ttxpVT!j2T$*+Jk+*sjV7evCyYut6Knt$t$g#lN6F40pCUnHwYZdV?A=t_g=awHG
z&-=;CYSWk8X6w1%uta}BwiwW0dLn5)><W<SuAu$$0O1pgJ^*6Nm-&5U88Z!d6jk0_
z)Rb+<c7zRFppw=QLvuEiPaKRab6l?NFxYD0**Rg>@v(5YZJBSQ0oV!{vH2_YPkVN)
z=axFPe0NBmT179b3=YT4fKRNa7}qQ;rxv2F|8p?`atcr|Q4(7sg}->KrH&)duURmn
z-zmaN?kQ6Y;h6tsJYuyenajzjZr8MUkEa{1mA`hn5Kw~Wp8r|@B-sDQ7!S1uR&EMH
zz3>B0q1X@z6tDy^86B<jCzgiZGPpzj%7d$rG9XO+>Tv%!-LZo(6E{a?rb&Q_(kgr;
zm^K?}MEEcvoDXKoP<1jhrSS8(UeA7~X6@UW=Zab3--Tt8kXU!>rC=OthCYB$krp$j
z^g&8eyC)z9vpjwb?>3?`*2tr<J4OL0cyCZV)hyE+8RM8BFy|Y&OCKTG>T?Cs?pI>X
z7gOmA$x&@nk<Q;K1Z&{2zs{jq8`zL`gPv{DHt1@juE~wBMj`t!bhK#u-kcoacpIfK
zeQMtjmxLRF!^zi<@oG;}Sk&4~m4G6w+~mv7Ma%j^<!&j7$(HA;hToWe3i$X07M<8=
zQ+UEo+S9jp6`J1`;Nh$|@g;oclp_0R_U&_MiKcg&6rOl$;XZTOs(ML>j8pH_`56rf
zXyc0KLDbx!yV`JJtf^{25+i<?gGi<IAg;Mb=&wNm#tbGc$`V!KUA91B)q|cf-tEqs
z^OJ3M0u}Ec@zj3}Cw$Xp7~^N_clg*6dx&U&08nhKqa@;@Bn<*ZRV9)psRWt;&K@Ph
zTbg9kcyhuYcB8-My6vDVvr#(A>~aM@KoZ=4wKvD)Jzqbn(wFE<P9{*Fqz6D{3rC}@
zMam}J=b{2q_kVs6iOIJrz^71|9_RN+Gh&d^plots7y!}4|6kC{fGygs%Y-d*+)O@d
zkit}h7{*g21((a-{EbdNxdVPPK^L9QH5u&tBd2&+kqv+|Pfe;LCHxB$yfiYz6b*^h
zCi_7+JbczTJ`-Mb1`<=P?Cnua%@Dk=8~?aMH1NkWjBpjLH5=9@)O9``m8P51_5Fg&
zbrbwRR+v*!?|yk0?ZT986cFiHQnORl(%7H*7bR<*LK~4%IU`%9WcmPwotHH2ysywN
z(#YWnWfoJkF_%GMkTt2nQo2ymj|fGpRIS4PvQ^x6JvQ&dJ91;KrdhMbV=TA;d-+_Z
z1bJ5Az;96<s!VAkxY13IP>XhC_L2BD=1#CuRC7#093`@ea4J#c-mduJs$Y7w>SU(M
zo?9U~iax?i9<msTEP&I|)uBv#$hb@6LoTciRPIv-gmnD6Jx8OC*?1F&3J#mf^BkX{
zGHb7Tz`>(tXWeccZyVKazK6=9YEG%oatuLINvrHMza|2S0o_B!taIJgJ!?Dcl^iTN
z8%1TdDNrdoM4w$bB$NfL4NsK(w;`TJmJoA0a|%NkY-?7h0vVybSYWtxxyHHeD|a6g
z>MKRs2;+e=nQelWh8~=I?l21idtfYwyIFCAuL-iQLyFO~|0*Q(6qMFTl3J5c{O=c%
zc)hOnwguEgS&|QwR@m7a6oEO(7QHmzI`*AUj(n09YA$k+$eX|PK%$N*_c|4Gj?XP6
zIC<T}pZvc3{Z1)^dkDH0D%^CS&-LI2bIzUMz_%_RI5`gE%OBGZJwtuplAB`f=hl<q
zXb|G`ci2ah=*GxmupUQAHKsaaO%ZBXGj0A*O%*|<dWc?14UK@%NE+4k#TMWE`Qcu5
zAp3C|1j)z4zxkVbWJk)*a^UrYt+nbJ@UoQ_-XvYN?)HNr*(N=%XtePuwCw@+x}WCM
zN++u~R3_70pc%AOq_Cq;?sk7fljK&c2?02EGLb)skvKOopt=G=k*Mpelx4<>Kx{2&
zNI0vlj_0J@(rjO|SD5EXr$hey7e<sq!r6n_APrm%!PGJx3h(ST>}B$$*4nu>j05Og
ze)cugjJbi0J{xn|iufW+&N5thdOvL*2C6aRV0@xqh2zly2dtDVasm1Dw8y2z^m|Qx
zvgmh<09g#6BimCOK0*^<DS7&y*!zsgQtrNvo-ww`cS$BIB9RQ4oFE&(cQIJvczc1c
z)){$pxBYwUG03JxNc_7PR!TWOOw@=Rx@Lvec0j6+#qXAwc~+55Yck<1%8v$FXNYg&
z0Sgo9+={BRk_zT%^|;o0N&XV4pD=n*4BFLnEtJ%PGp9qp4TDWGN-XW0TGZHcJsT_T
zu=koQltLR`F|CyM2xOvF+nizMWvf^L!>Tu6NPhFt<=8>Pv4`p@WFJhzYJ7#;P(fNU
z6K5l2OWthscAuQ7xS>sEuC-Q3=LgXV_Z81OxPE6B7c<^IiMhMe`(X?+<{Yo!mCyVn
zQ8g;fI}J@7&R_=xSS3)Q&$&rvcZ(Z<>#L+Ykkk%Qn*XeS`8t((vqCz&cy{!V*UvY!
z-M<-EG8C*ah=1I<S${6<P2)xq1hq!r8@4UbyPHRQMI1==FmpujI(h$%PD~4A_sU&g
z>!2z(&(7>P_PRD!d(@oK@tg;B@z}wGTGriF&SULMiMuHe$~kd%k^)HTM;MIiXIkY2
z6e2`$;Jj+BVUfAFT`)5Kuu|4WkJ1_4j-~%sdj9WBk?Ow(OA+#Vcu5*V#@<|bMDjyn
zNjJOyD~oVgJxpZv@cv&K{l7}}^|{*91hvpQx8O43s&~CV(Z7T>F1i`fsk)NqklW+o
z^>!7`qh_WF_0ZX~njTym*N!`_21Pu;SzBpvgtbtz8!GbW36U(wotNC~6<S&)q5R8&
zka9j-rs1g4rHSO+XUuwxTy^Kv4P_#{owdbU8SkOR_q2^t*x3i01N3u~oK({mMGej!
zc1v(qm9y13&R01K_ZoXd8!hfb+*Oy-^>w`OyqPWfJk{|@B(lj;PP?@EZEm5p1hIwB
zw573J7~YBho30(7)2-+#y@tE7VeN9d$*a3Z-#fh#E0#XC@`5wGjo)^U=U#&_LGP+D
z$=(a<Xp{K9wwbO)kN{4tn7Kv89L;Xxp8=Od=oI?<3C5wTV8-UU?rJOvymCXlV)=@T
z=dC2ee}Cq=RI!~1qr5FF_dc>Jbw3-jB<TJWId~?>CWH*Z4ONN2p@IKGu`!5ZEn%Ii
z@rLv?^De%+fJt@+D7~|pt-_#Y*lIk}2h71*&-ciYVw3y~+)o^wTr919IUJ`LH?7PL
zJMUS~JX)?sJVJKTrdOizf5q88Of&bfUYT^WCS$2Z;1TNiR3ns0s5bBOlNeba>F#E8
zL@B)7^A+5Aej}VYf$1N{$hs0CRXAucOx@Bu?>7&ZxWW~F#^$gRq)6Me!3FSfE;3-t
z-MaU(?)U8(6pIFX9!{fa@3PNt5XU`QX)cap7JD>a1AZtp8Nzb5!7yof3I0A{shd${
z-x)NNk)%$i@1DW#1&s9<ZgIb8{rnTSSwc64Q67Dq4|j6fO9uFp#Gnh<g%Iuq^xvoz
zvdCvGKBI0@;^~{tdBFm`MQd{DQzqM2e8B#klAC1YQiShcyS-TgBI12+psmHTBcXH>
zfXom09Y4WO63qZJ$BwBhrRl-+F$0t^Z1wW&_N_lnPy*Wl6Acy+6XSg92@B1ym&oZs
zrV5%I!LaXmR!eZF@k|L)5PzB6FA)JyW=Oiw61}`Xihj3J4BOY{Vr#Rb7X7JW7k#lE
zpvW!>715W<oT5o038md+bMO{hjjZywmu3U7)%lBAusm}yj)QR|xd7YH`V8b$#CVR3
z>q(mUF``IomxWo;ZzvErga&Ale2{C$i+v`#3{Ujse)yjpPgLMGwQy9OOc=t~`~pum
z!Ljp>=Tq6+i{6ROaA~zG2}DvfN_N3a+4`{`7L^R`RQ9$6LT(l7zjtCnV%|&*DGzwZ
zxMkrx!}Hu3!OiVc-3~k&V0B-vlhqlLYeOVD===kdO7i_%Dw8uzmlEMX*hYT!cb#V4
z>DdP8+UQioBA;tNOINZ5cb`!$_4xg21&}zSy*Ioy#)fh@z4Dc^r=42AS0|N&_|u9v
zd#m#pVM+NWl`QmAFBM7toXp$^g_clUkMfQRl<$bFfXkIf_At5OsC4xcLJj<+@3Lym
zu6{Lf#b7m`%EyL5zh2W_I7NqfFKI$mbfOksW?7I)6^2+p-jEk1O)=huTWZ7`gAVz?
z9CMq-Rm)nu7b<Np_wJ$eh`%`f@3=yX51_Q|2ipz!5)cpFRwnM{Y(33@KCe4WH#%>#
zkCDxio{c<>$Lg4DP01h_RJeKYyD^DTd-LdIn%;^-$BYd+BQsD|PN<|#R;Z+eSVbki
zoMvPJ)3`#tOYxtyoyTmoh+GE_+GOr=ENZY1+E{Ae|99%1VxMEP-d)NKSfLsu6kwKN
zmF%F?GX3q3aCT}t{Yzi@yXtE-3@$#~n5ldoy1ha{Zi%9TN?ECNhA^MnIOgdIa@gxX
z>9hVO5aO9B%$Gp3Fpqg^5oyjW223Xf$f6;Ygu@hJvx@<7kt=Bmh1xGMPs^W}WrJr$
zapnFK7RUat_z;3C`k%${4?rm8;&6uRyl8PtpAJ)@AoT`^Kqf1s>VPs{oj3A>Igb&`
zgM^#-7i2TvvqaCv+0u=60J7#w-QroG)5T*SUD$8WP>taU2zm;O`AB#P>@#UIyVAnd
z$nrkf#P`hjzcNi2JS4TEDt1fXr|wPGkIzUm8uZ+s6h@N3s~@ttcc5f)As%8LPxW7Q
z^BW!M8E_jcplX@yJEcVX)+nnRvYTa-Wws4OB9yJ7+ymZvg96D!g*kN-Tidei0u)9a
zK^~KLA)}5~m=e_lJ`!z=tUZp4sp(yQNmT}I>ZPdkz|}vt`dc5Y_~!|l3k3M*CsGY0
z;~>bq%;*CAhyWyJjwNk%B3Cg(60B9969&iDYf&K_OCZHY^XJ0vDTgiKvFi$b=QBu&
zEn(7LDmOsaNlJ8t5pz;CSMN4G;*VI^5^QK1W0wdf_Eg`iwf2PZrU4D2YW8*C;mEDO
zOcVRPjTVD(%=()6!9nIYySpZ?&PjK{oB8{xw`+A0Dr;ugCh>Q7<Uf;LK$6QL;{H3&
zJMqy(zY-m4J~EiT8Tx9NTO{yzhyog@Yo~@Eoj&(6KW?cFcYTNHjQZ6{)Mr)XR+@co
za&lBv+63$!^QFpY(o8JGLPP7oU9!Um5JL>Ao>TZW+UNcbun|Idb=p?3ftn=p{Ht8Z
zBoM~mSxNgu;!vwye3Jxi(91S00@hNW3Up_de6cP|W^81@5F;cUsi2)WHSNNBYP@FM
zgxy;Y`@X?FtfhSoV_n<8O{@3*<VC#lN42jUL`Jp+iYp$cZ8Wfy5}*nF*nKV8TI)*o
zZ5vG7?{J8ALQZ4M57?y}Q$pN$pAp$UgYF#I4~ZF&kRn$H<)eA{bSXS%PfotrrGvwi
ziu_nb{t>;<{;9XW2rhUV!%O4wi)v>OaW!32m!pX;*hOVz=7q%AMSDDZ5>7n587P13
z(pHj4kLy(U3#;2O!X+Dmp_vpd$Q_eXC!BDEC&$@N8s+<t=+PN+#7<f|6%(=XA{;kB
z(MJ`NgFV<`t7JR22j2I^*$N-MF~T{Fgj$0w|Fm}bdq)pb(5z10EGM=b|1>)qFGSu&
z3@S`YQQ*Uve=!rp+y|cRw_Ni4=E21CE}BViH+jYrUP`IVdjF8?wlj_J=i5?lkCx1&
z&7ZMmalY#mY{oQ(;tYikX$HSoT=5ty{&jvNuJFxFt|9BFciX^B>xaC6a92rQQPK$U
zF?^QhGatkysx+w-R0m)0uj5Q%jot5$S8VUwwcQ`<lZPP4*rkyw6cMtLR3IJ)U~)WG
z7WGl}rCXOn(r8S{LsxO5E!n#_eB>#nX?<$4A$8HAOZ0w;24SETJ<nwf;s#4hzq6Vi
zHPc?y&CA*7io9|xK;w)dhx7D@PLd?97nH&rqC%Fh)SjxrMoBo{13T&pV^+|lQX{r<
z(zXm@%#U~EbfA}6a%w@wP&SALNMb03>>%hv$6138`y$vrR4BKKb$=W$Sz>XE?9H{4
z4k61nCIR7mrS>bw=XbIqkQ9jB4o4Sx+@1a07obsss0@>!=oaEA5ncrSCqrofTS*<|
zDF9h$A8nq(9^+_9kV!9FZL+c#ij>ePNTZ5CVjdzg{pI@l&!U8YBHE*jDVs=smyN(B
zB*|w|_-#6$NhHkK4OM%=15&S_95>f6<Q=xy0lav;xW)HA$xJBRKXfgSzgbGcE_2%9
zR7(+AR6^5P@C+ZjoFj2>lPxG^iIOmWQv8M)ilx6JSLA3RPcx>7Za`Ms-m8#=N~n7p
zn^$k4R<osgL!4}*gbLFP`7l0Hx5y+;lOD*7ykP)a<iU8ctj=iFkKqQcgbuW;mKD0n
zif5?R6=gq~&6)ET=IphWP@}sJFr+<1!<_xl&{^s`R%~rb^pOi<S=Pp^{lnl|dclgk
z8yDH@J0S|<Vwl{TSLS7!f~HlNogJ+1A8NlL$=}w=cX;=0Be(NFzX|SSFhov6iUnkd
z-eQX&ai{;G7&4r&w5GX~GP}f@k68WFy7i-uAq_eTdMKR(vHGofB`I=KOg1T=Hlf`(
zqJ>i5zZDwypd1b-@`%TdgweA96G!IbuoW5Jg!pc*RHo`LJL;i{vy|hvNwD0E-M?2<
z?kN>X#I?bOR9pKtc??ERN1aiq7E@7us)IoOiOqT&sicUa&k4od8mIx+Vw&Y)(pkwL
zdIXbSXL}Eoi5Ve6B>Fty%xi8+<_Pfmp;hmI;s>kDkVe5^F)*6^olF?vLA@Pev|kyp
zcRc_^0|>b2jByJauF6mQgkBXAmJEM(T1luDj;3L5?NrsEGjDKkFTR|_13C{yf@6KO
zh(RIu5#+d&+5T_4BnW-iv;E!Q`Ci9a-p2dMhGP4Mqa=2J#`Zz`c*l2X6F_OXgRw+@
zfqOo@NWY&9&hGB7Mimtm)mSMi+iNKe(GR;1vuTE%H^rYN`MH^rrSE!JzpRZTx<yr&
zk~^p*w$VuGIAtUbY&s^kDJNej`7?-pZvm?j1*rR$v}K<7uu?IxhxzXm5mRx-(C$X_
zwYO92a$9Y<YVY9g!_0vtF`XbPPxrV*tv!=Wksw{C>xgz4;Gofq5Qx<wy5aP)_E<oT
z<1QySMqS)KY_f2o({tKW_OdShDh6lvBOXSlFOnZMr%Hl>m9L@9>tBQ#Pv=aGcILHM
zS;Obf)5nWw66Y=iPPjWtWNavP0o;-q>_(WElS{@Oo(NQ1phlU^QYhm$xYJVb1@-ga
zr15btvoXd~^Kma`=Ah#3`m0T3U{M?$ECNpnoSauJUxKQ8>#fgT15KJB5mW6pkzmG&
z&C-Ry-b{52>!MBAhT4Yp@lGTIO@O(8L*~X0T*w@=I`7;R6qnLo)|v7lb;6?``<73<
zEB`j88OFV?kGJm_Wa9YeWiFOev&FUh24yrqitYLNf%iavb&R33X0NG>+hLHiv_}60
zLY`G~=nqa1fvM~R!*|-c4N)Eb_L*qsf*T=z)F2dx(%##UsUFT#{e2PJ8FgfdY*2t|
z70$6GE3)5h@UX`@U-ggyG_2vlh)^_<O?Jt`*j^NVphve%4O7@bZuN5hn!}jbhq4Sf
z9&OAk)@#RhW2nL7DgXB{bEvTJ-=`cYM~9;rpVQfBgbkt=L*!>Ot3N%5xO0agvfTvT
z%uhAWlszfwkW6{K(9N9VCN-R_c<ZSQbl-x@clgQK5zCB2h%;px0ts_cYlt-sUkT+U
zppqYa3xq_Fo#hSzw#V@4E81++xQ8N3O$^&5RI40{ga>L%V0)vj=Sz?J$$47+>fT9P
zrewPtR~}1XE3RLSiM@w`7T$*Ug=4tdu5Cq&S_!*T=1XOx(XP(jgM2ZR&~jBoD9t2K
zq@Oj+Wkv1i{~GP%m-|JPTG&n4t(02kClN>aGSih+b}Ian>-1_RaNT-N1(}CUX2lk7
zbwi)hJ-zwhWaoToU~1E`O4YNzBo=N<^(Kg=CAIhp>UPAF*X9|c+$|hhkuitFKVZhW
zxkW5!r2)?kzDtaVu#B8EWCAN&_KYII=|*Dd&(XON;opMjJ1x(APF)nG<+Jw`1ljP6
z4qhjf`;-;%owTD$3DVmYb*NqmuZ`KM1Ol)EC3enp=gBc|_*Z=fYcf=SzZpNdV4nIF
zq;sPULZ@*@et)cf!`K;^dk<MpKq#Rf<V2;VALZrid}k%&y6IhX@Cd3TL*!2Z(3e~>
z-CC!E5~Ayo$+fj$6K$%Xq(mqokB(1Zgi5BLq(7LC^zT|wHI|rAoE(<3`r0Q6kVG+r
zag;^d9hpY>9zTOY5F+T(%Bj%wN|<8#E$hN7WoLv0pQ~#j$9gfGb0mhzPj-ocKJ#%O
z*`RVn*o#824N>7Fl|o$CdXkJ0CBf8EEFL%c+=AJu2p5WjMBHyM6eBmgc`-+kx^Hfy
zLa~;0hcvtO^{7BnjpX;#gi=+Y%G?STw=gtZ3B(ks@Eee?5K@I2jP~58M^iF37UgRL
zYLeRnN%&v{l6hs`A8?w(Qg)^tnGk=4kvamR3$GXhZNh5h64P9usTJ6m->nBdPr@c>
zmkOvZdKpEj7{&x{j=q{Q`CV?-tkw85{O<ZdT4FNitpO9YtrL|30q=9qe$RVy->-B$
zK2830gF<KKY<3=IhX$J~`v7mWPjjY;zW!H}hBnNkwZ%4CKDC2CVLH)3nZiG__*9yl
zHH+IQBWUvfZ6>7XAgs7yn19Yp3{k^|$9I|oGK;IUiJVkvwVw$w=ut@``;s7OD;S3t
zT4RtE20YgUtF?&{j`66*w61yBXfGurE=i07;v~)^#XfET?+w)^6U#)+g*rp{9f)z}
zv*1HCU4t4J+l4wU`L#pol-tbcLot8X@F|Ln8dN5tX-tRO((w)*_hA8ttV>`uWF6wo
zmKs$tjxWa8Hjuo85W#q%P{&oXklAP?-0L{Yt5R>mYb64Wu~yAY)sW5J=Bze0q>+p>
z{L45Wks<ZN;M>g8yS34S>*ewJ{inY()8;be*5UHq{2P`?2fy=(1UD&%PWHFY_9RK8
z90G?Io^0u>3h$L^e%$ROXX-WachDCq>zV=+HY%pRLF;;fbIg}%&}-TMuBk#4BA)>0
z&>74+agPlJVgc22gXyDsmMV_1I{So+42qClAjQ`uG~PBSYD50Vn15yI1oQb0MX#o-
z+Edr&4QU>fE+w^2v2Mbo)G%d~=?@FBWjvpLO%8=oVhsI5l~76;N8LiR=a1+)o)<TE
zX~m*ur`sc5QN!j<X^BVwsn`I~?;tO9<V;RAVk(P?LKWJW%b!0aNIFeCAA5hmYH`Vi
zBXa1fWv3w^kO`Rg{p&ljo8vm}nxZD0N1Es~SF}j~$BIXQCs=4Yj*NX)uU*-^cM8s<
z40?<Z<z3QgkUbsb9gRQ2^5MqWz$>rvs1(uAIb49QEDo3()-%q8h>j*m%p!s~In0WZ
zu`)WLPlGGmC-N;$u<m61&_8pwqJ~7O7h8-m*&f<$pKxqZ(C2wOKuToSp01PuTcmcT
ztxNO^lv{}Zh3d2)fCwyf>-#xpEOJ!y@EvYJ_~!V}<UNOpuyoil1s7owl{#UY0(QIO
zfwRH>Dfc_(T(AjYf>$C7>o+p|{zfddtD=b%M)%@r@MCGn{+E-t!F^TZ$d=#bPm~>Y
zRN1CTwF*Yf>UojsdExSavK;?gC(WP$6M=fgnkzkruKO4p*>^3gGcHC4PntxPek_3H
z!aCu>38_f{yGJ{9I#b>$^{`)})2+@btYnu`^$`k!b<=;m^uJwmKkmXfBGW0|WEUdL
zMU15}oIYC%Ov{A7&A8Gma3LInXZyW?yX_lo#F`A@iVsH3LUp9;OGG0lG4o3_8QLm7
zeVpmzz1}srnVE9>Mjc6>eQW*>k9bbpR=5-|so+&#p6y*4eyk(r#au9@)<R_6h{U>g
z9H*Pn!9qag2uUK94OPtGI%bbNvbmOKbMSM%_-E=UUnQj|5i#h0{quBVfZ8`uLo$;+
z_}i~KZt-^UsGAyG1Fe!1xbM|AYB8l-Ri}SK=&gSw7g+EQW+uB2qmv=g<@5qEDx-&3
z)Iea1cB!U_42Tj8t=_1ie_*H280bwI>SM^_H18(sbZ)ja4K;gnS37Ii>ym=5b0e!F
zQDP4{O4N042>Bp;hEcRrXQ~1emQ^1&W7%|v-M&AT>l}l@vRVDb#clYPU;lk{9ft&u
z+ZCo}B@Od*AjBbEEs5l55a3jL!;@y+udD<}-$6=Qs-*KHJ#Q30xmc%#d*jFc!D=~y
zmg2D~A*gx~R>Jq_4N<ePbJWx3#-I1W1P5u`uHiS8tN}RJ!ze_i!4xDJKJU+)s$G+Y
zH4}(IhQ{YTFsF&%jxg%V8i^79;sYesqaEDc-JhR#MV`NQcMV>?Pzd?BK)%<Tv;AQx
zaVSIt1Oo2&o4Y~%5^+TT!2<o-9};E68n2M;K<X|IKc!~5{Fz3-W6C=c8W((`JOd{A
zeK&3lb5pQbIPS+5XOT$@RAwHt@nzMi(cHXIe$H&8ed(XD#5~`BAiix_Tw5V&mYAAn
z<(?RL6e^w5=d;Px=froS5RJTNi^;OBiM{8<5uxyV6NBIiLB__do-2RHL6OXw%h}%V
zT#zTW4VfpiimQ7T&g%3T-Qzgc33t>3S}W#T2dDPF&cNmA+^cYl<?_Nc0Kr_1FISzh
zKV(ww1u{vUQZ+)a!2|237<z8-tCqLqzfC95Ajn_yQ4bQjr9K>({Re|X_U#<<TQ{Q)
z{|`^2nT3Pm{QvVb;=q6KUfZUZQA^K+zNzPW<$b79##-xoZJu&7KgqW?$2V~tdoDAL
zY~A1AX1((gD#@<$5K78Ey;34TeB~FZ+;gtoF-a94UjKlaH@&wtwP)@<<&VzC6KKw*
zrAGs%ZTyX)=8<Fx)Coy{2YYe_bq~=-M>@H0P{Q-n$mYATQPL<r6VmT2s8j!iX<`&p
zBk*`t$Z;tYATUao!r82>C=R-RNfJ|%Wbo!$uZy}-Va3c7d_nPPX@R4lYfjzM-m^Y%
z1;VfE5X@5Rs*sB*<yb#y7Snq;KE9XkN6k$yDrPShXEnhZo-9mL1QCd4aj17h3{J`E
z?Eg?EiU0H{kh9q%W?JAnKpDGEmtiU~X+$h$;5Qk>`#Nur={mGpo<O5ky;_nVn%xLt
ztO&nzD;Qmu^(-KGP=kcA{VzDf2w%9%vZGm$06(-Ur3lJn35Q6h(nFyp{x~4%`Hs}J
zEO@kh{N=gQ6T0J1?JgMScA!YW%wXm9dA>J?;@D$?Rx@|Y1D(zu?%rU`@sNh4UPmqq
ztq|=*L~JvuKA<BNPrw5A*y`kXiby$Q4}@CQ|0((r(udRH-_Fe=nPs~Qa$)e=`)L;M
zy0;u6*QS4NB17-#wGk`N?i5y6tvj)VdB}+lZtmI$QltiIMNv0lh%@A)x#~Fh_+7NK
z@?o5>(e4AVjy5Yv#CF~rbc_UF<8_S)P9gB#U`xYS3+<$}Fbh%ivB~;oo$S!am-cb9
z&fO^=UD0{c+B%54Bx{y2GjKun@KnCCP0=@`_ONwYVOG|ivf75oPugOpRsAUids!V#
z!%%9pi+6^yHSlj>*VY_x0&CE+{ePv!2ZXwEj)x%`u3*G@a`*5RZeqH-o`)c>1pVmu
zYiR;+dc>Zxptg5$2g#PWhzV~9;)Fr=^+lw}epU{l-}>q}ORjTb$U)`-LDt5@!|<0a
z*Etp|K;M%LdAIO>_(2eJg8{p5!L-zd?QtLJuMMiAmP+TxrR4j3`*0)39VDIvm7abZ
zNJ8Ycai3l!f&N(Epk0J-raU$ZZ(Bo4z8tBpV12kfV_VrV1om4nb+s60JoPm{an5*l
zHryJkej@zl(J$DvJ|!?w`c_jJ#@^X)ec}&|Y%0-Bq3#T}!J{?9JL-$<gn3dJK2)Er
z>zgiDWjcKQM}mFcAaAYAt-*P5g4>w8%ccywqHxZEKnq{4GU@iuM<i5A+9c6hpt_@+
z>OfcQj~5!M-jh0>0`<~K+X{z5OPh?cwTOzGvb7;rrDi0Af8xKRhzbIJ5RA@M)Y1*x
zQboE`N?`MEeW=hQvT3YDvw(0?Y|TQnM0haEbKrHA%Qg;-alDHfns9AMjn!Dw6?-4_
z>U$CgLKM!o&2%JA_)1+@H2XKEunxNtFy5do7X>UNOQB_AmbfB?^8N8`Pzro8LTFHk
z-gR7S*W%VX2ZU>QHHLqcOp+oC^THXt7AZ4Q7way>A1qX(d5Z|7MpO}Sh;|c5=5!!)
ztRlS@S&=-6(D<%!TxzliwC9^;OyZfxlx+o7y%#60>=XbMrOIyC{8+O1cFb+QouWV}
z-^@S{MaaU(Q)a1!Y>FebU>6Zbn7W)bGd8mJMPt2Ugs}2y%4I2^nq7-)XNo8K2)vK}
z+$1jVVdWu#A7d~T%h%Fq@IqZ!9GAI;-r7oKs4yCtifiUiy~z;9PrjQ)x7^yUU8ECE
zU+drB-O?btNhF6vWjc%gyfO&t`|ld#;9eqX_=zY+vsPL|ju2&ib&~{p#W1etdrFW)
zbN=`oIj-7|VT)n~0&ITw9%0X4&ex^Lq;*w`UTGvNW6TPmeTZd*e?}bVg@4wtqJ1>~
zyD?_3#zgNGM88Du?f5Qir>hH-A9S@l>=)J8@`mEhu(^YUKGpRe5`1~Y@H`l)?5b=!
z>nn(f+*{v3O_Betx{tfnLjHAx{w(Tn$!Dx;RnkM8s7bg@Rom%pzId3*f6gfz<jd$d
z>E$|<JBo`Y>dr}W1Se7u@%!5BZdf01;JeuU?y+gbX`Or!fY!-^sF4F-F7da@<J?*E
zV+E8yoMb{@g=Rr{#zcA>$`Lul>ZJM`vhv4<-zh?zTzpfr(s2`rgRnSUu3K9I%5_>C
zgi*#4rPFp*DM)f~cyW#5QaZBMKZAEH9AGS?a>Bj2{q&4lV|bP*W>*Spu!5V`9X3dZ
zx$xdjh3m%n$AF8mrIfyA;IsqG@jm8Qx|G6&oypc*ox_g0L~CHhilp$#7iI2ELN;U&
zH?K-V>t=wXdmN-x%Q`i^Ey*(a&8Qh{74=8_M~U_{YBrXP$;CulBVVKIE8}`>qmIPs
zcb@a&!H0PSZYLA$z*R+U47mle4k%K2G8nu;Yw=tkW5F~~q-NWd46V1ZavghU_S}D6
zejNlBQ4B*#;f4~avW#E<T>c}qx}^#EE2B^dD1sY0pH#<R)1eYY!k?{2lB~v&E?gFn
zR5m*~3o!Ea$m^AI^~k)~o~6#NDpmb7OS?I-E|QYAS`qWHe^z3cy;bbAG@G&b&3`Ra
zi;rA7!gVBfg$^<Oy>W5sS47ogN~dDi>%oAT_9j=?VY{fEw$bzB+D2j%L;}p!xy~3C
zFEzV$bRdDn=Cwp8YIy21X+I88W5iRkcv6KRrbrO@=VhD39|gZ#CuyI}V|x<Rl#?S2
zp}!s1JY&gNzuHXRStVu&QJN-EYoizs25x4}f(I2?_Ft0sv<!eedJ|KA<i!^W0iwVy
zNfw8TV=rpSZ0Z<VyJHP9)0V8;#jqe_FL@?2T*g%{h2(T;(daL|bF2&<%Df(6!Qpk1
zKzel(PBAuVS&~1k3*XqjLxb=Hrz0s=eN-|ZF0*y!++-7hM&Jm$y^FO_HzpiTx7O@b
zzq`Lr6MnSFm`b(`NB=lDX6lz_J7?8lyu@&f+oDS6RUs2`%ZWn}#J2h)k#x=9-dffK
z<}p_k3Uh&?E}dei<tY3)UEBTc$n`dE_r>4;_3^siZNo%%f{^3YKY@WYe@62qs*-W5
z;QYWkYD}3iL7tRh%xYtjIO<IAoH#1WngMQ~Wz4GBRrroUQ7ypFIiYgSkq!e)N6_K;
z8yGIrPCVlDAzkUy$6}h45#}RVdVtd+JId6>?{r4<GDyIl+huVZB^rEA6P3;$XoCe(
zH!tyIqiWKOvO<S5vOU5R@-GgjjnT%0QH)BDQ2y3nY8(K6FS{g6D|L)+80^svc{;g;
zCvi6;Yb2kG8Or@X#{MBk4f?fU{7sHn7PrS(Dlo1GD)Bo3`Y1#~u%o<QXP38W0}&ZK
z^RRgLCLW4NsyQnSYarmjw+e3am)PKB){;||fdK26gk9+JP*;RB^`y}tse<BkfI>`w
zql=mG*p36S!I5y*$!fkSnW!Y5y}cCjlMrdRX-J7o{3yPn5EG11V1#NzFPtdo2xePT
zkduM<K!&{TI>D>5Rw|$LJZ-{Moc{e0;c8KVbj;{6nFdfLVXGxFkAJzren@Nqc_D?F
zK!+=oIfF<NT}+eGi*LzW=Vj@M+f@G3P@*LNFC@6wznFx19Y+nF9hi$_0`KXIL*cD5
zb4PRhaxJ#Gng3UXHjgGnL5Z@$wa}94f5Ic>S!UVVE9-xU0z_(A%2-udBiXF^({(>a
z73YEMVd#jO2)aP@pYKnJ(#<1Sg+EgrWx;Qysa=K71*ayKoGtW_6GF`CtG>Y24?{JI
z7n$<e;US_=Jr4WlCi*~|t`@pm1$5Qb5t(O2R57t7GGaPgaiwCAS?OU^37>hZDHppI
z0Ddn8NGzLhNwDo#$jE3=qx3dc+8A|^_Vyj2K+N2je%GLWp1nfo1tK<vbm>b;(^X<g
z;G3O%!8xNfwe&=a=tE_Uxj}PXtA~lWwMM`2CQs+ZT=%Z99a~+_vD}eL*2dOZ6O=cf
zW<=Pa6hOagsp(c55Nh`{x*q)t4QWL?-)7sC9$VuTWztfcEJ=vOSwc)w=G#z84au>~
zLv;1J2JByI6L3<);X(XCtXu{COvl<*cJ?EJOinPy1HmT;eXk|&AEY&CV_lWsvU!>|
znXw^{nI2P1Xk>&Tw}D32IG#~C@n7H#-x6|ne6w*y2=%>@NB?mE{J`7<ua#vV@9>Ep
zJsevmv7?q-(MH1=k|f{X+S@8SY{Pb^3O%{0fhxUBa_g_rLBmKKXh%c>rljHlv1keY
zB|yX&2V}wGHdM#hu>O4SX49D!2#n^6L>j}UU&>DS|0v3-U9(V72|9Ti0L|f1uU=H8
z_V&~qnYuTLJ{%+hEHG$S_;&`TL#yC2r$A~J;C;RXoClg}LLCJT0%LXyBQj7GEGYXx
zbq1VJVDRs6mxpjrc(Y$HEf1gB*^MR<wt9b~JcteBLbIj162C245Ym&@bHSpl?y~TC
zJ`;nCg>d;jpVNvY{J2g1JlqFXl%CyhsNctx+VbO2=G-cSh!Ie>DE4?>zA;DLr996^
z74;7{;z&qHh)n56ST?09H-ZBA&FY9(@n}mNg&!PNZ<G6^-r(g=QR`wS^_j`%^?0BE
zvB;h^ei#(x6+|d;;zES0vT0yD+#bq9ThQ9>Vr=p_31oc!#OXoS<<G?hzehZZ-IalL
z_%0_1?g2AKo{Dsr?1f!l9|wmBoiX-z_R4wmWsNy|>hYhWz!v|OoEOECxxU54mZ9&L
zWk^9){9WubzJ<}4WP9PrD9iL6g+Yc`a#;7O08q29n<_*vN5Uh4P{_}8N@U)Mfib1;
zJ{R_?Ik;C_4ZCHAvYAO0dp*+rsUT%yA6JZJl+3fXFXtF8jeb_HWK(#<r6KOqDO(rU
z9@L!Q@fG_=FAWPT+2wQ5z2z8FaN}U>g$0hiKOUJ(H^}A)XzSg?yeOhRUjxV5&C%3S
zV(!rPixNfe63nm9w6?Jbp@E5opTB0w(l-zSB)<jO7)v}T_1JE-cM4qh_T1H@k{SZ>
zW(uoffVa5}`EP&9^8yqZrwwpFiGEN0C_J6-x*uUcu$hG2>{Kpwv$dTz21icf_ST!O
z=0gM;NwF1~;{IrdK$+nJ?uH?SRt`;t@t;Cc(D~xY5hwIASu}t4_}>Q6p^yPh2?59D
zWoQx#DYuo({u{?y5?=t*F7vvg)L+`3s<1hCC+iwt$H-`;0t}ymB9ShH^Tw$x0Epc)
zHCL88UTDwG(iDo0{c8^^&7isW+|@O%-z45>KY4^4ghn!y{vNb<h+&`1B}A)VS`O7?
z!`n8bT0rcsYEQ;=Z&DElw;d&-)##v5BGSGtrKIM;{(4#UiBqmd&T5zdwA*zHiB}28
z!tEx5$)9FnZt0t(emy3`iRk&qj|=M5Pu$wyW?-Qq#bQ4+HAn5ew?Xe;$+M%)Q1>NS
zQ0)<9$HF1@J<_GtMbmQlO8Hf`d~ZbOt(s@rbS9vbmUa_NnB|s&;ZMhcK{MNnb=ZZ=
zP|nqIOH@r_otkbz<(X3QSKC27z&qwukK#TU;GhUrd2(~%b*4?E`1#P^@s|KnXj0wm
zsMK<t#cT*!CbWbbQ0LWocEOrfj^<|aa^R}j7$uqB>kQy`W-R(Ba5FEK`1z%BXpn@}
zu12#d4i<*!?LTSJL?64!cCZ|eA%DGkD8);OTkGf6*COn9T<o+y(d-uaaW$g;w@hJb
z*{kP`dg>O^+cxBI$zAcs-u_sU%NoCoEWdPXHc3$>N=52fbGY@r|Ay!Buf}lQ`jH=c
z>ZrIC#>~`UNs%FC3JK!2fov;JP>2Xe86d}Si(|Ki$M>hZp@zi35=j5_>Jn#(_iUz*
zH|}6ui^-UIw)W*iSBA!W#xbnY7PNLAS6)Z0g<&B5i!dwBw*~KdoTDrGJW=`SJlC#U
z5v>~=^e8n59N_&9!3(S4#2b8QH;ddTpL5i=!%Ox}&3+S)?N^&zWg`+RRq<CC8|60c
zrCTgI4*4J%^uM&F|4#m$`=A~s{>(5h5UWm%qRt#XN|bUmRduyfG<qs(XOS|OHytRZ
zzc0i?xJB&XM5#2`0NTaF!yUbLCN^m+;{n8tHuwQoPL+N%UI*%S*{!^$MpbD{r_uuJ
z!d@AtLxZ;cIw*_iNU8Ak<X4M-)ipcF<1Ri|?0d_O*q%;XS}pP=|7Fxokr1PyZGFu9
zTmyUzoxyv>;yb*K&ekUNuo%6$ClH|zDsA-{dFV%v3CjXlwx#2vc^8pL_akA#?%uWG
zD5!ljvEHRWaWagz$v8TU$F@K~7~e^jFB1HXHQYpgqSDxRh%>ns9lZD;E`Pg)x-h)m
zn64D9NLeH>C*BLj0vGZ=adaxW<U6wa(VwE4)h)dt*tPUZa}meUq{R>0tn3!OSz4-+
zObM{8tUZ~VNWyfjX^lcZP9*nGn_Vz+zO4<%t9IKx0tFGvqTjL2dl%Xg<y%BytPv+~
zfA>jV=b9XM7mvNrh5YS_Dq^PfsNCPMZE9-8(c*}Zd6ay(rx6ilo$u-edrTP=sad&@
zL;HHhZ%2EWKe4WJ*&!jGF%*Q5lDz8NyU3d*RDRL|q*{I&jU|-r$zbp?p)XVJuXSB!
zf3Su5TfUj7@XXtsX}&t%BmZiJ3ceXkXDIRx47<Rv0V=e#-<71STjqLCx^0;NaS?*Y
za+pMRD}UduEBX@ZnhDlT<}mT#x&GCNkF)Ek9*)(Pz;`?QP|_ZHvApb*^I^7ZoUTjQ
zJddtk@jB~Q=esCNh>oGXb5aTIkI|*2vrbG*F&}8qx2l7(PT#1Ml7Ad7VhaPzJxZV7
z9J5<1NICO+*V;<$vG(1Ym&uw)8s<jY{LuoK6W@1R?Um+v?_y47E87tLZM0Lbv%4AX
zlHp3y`h0z4w9dWuJF-SlK9HNOqj%Yn%qNHDHnbtPuhJ%y4wd;1vzf<I`PHo*FNhg&
zMw%7bPE0uzE;M~qh)FmC!1&i<t8pwqomJFg>@AyiK4X??T3vpQ{sksdG)9ZcB2=5)
zLFjL4;*(lC-a#>gGS2LBx1i{=KT$zjeWCiGeKKiQqqQ%w%8|$La51FQEV2Ii&*mte
z9d1Dds&!CHbC9BY#NKkEhf^B{s6h$}YN2MQEpAQCA%(YkK5;-z#x$&X4Yfh`F)dpA
zu#~l7z^&=u6jb_iG%^H~PmWQubV&JmOyZQ?5#XCHW$T_~(fOcghR-8@-p8nv3wFQ`
z4+>+d^ewk`+4QexQO5=G%UniEh3ILFpa*z#T_l}U`=>{TO<lv9Spx4+qmTb}RmS&1
zX!@vMqF8VGF(%F~@q^NASR;L6EQB@atL%ni7)Dc*B|L_5BhznpQ{}t_UMJ}j3|>h|
zJ}V->{|#A%V3cBVmDl6>^jECIXN!@}kr62DqVDY!*59TNt>X<4I}IGmxFUyy0q3px
zl}?0s6MB9h(yq`iQOaedHO{a?IiQE$qxY@G_^yMD2tRcd_OiK*FMN!VHv~zc!MqXv
z@)Zxo?X8gkU}-5Bsigc1-lNczG;6m3=2{uRqD!4w4!Ve@*@B2B?UcgAPDEmix_)N#
z<=hi=ON!E|-~eTcgHaabRh#Tuoi}j)w-Ar<Ve*WJ&>k-vV{1XV5+~6zxS9|DrelEE
z(yy&@>9y|5Jp<mJt$g%nOUNi+`pdiBZEipT$oR0>6DO8D`ol9-aKK^!Gm1mBSW^7T
z$Tp55j<gBQNba~N3L*|yQ-R%JITeoDu^)J7Bm1u)hqGT9pNpIbvK__35t%`RZjv5g
zFCcb=R<|@fA#9^Eo7SG|`#)^GV~{9OvtZk{jnlSmp0;h<wr$(CdD^yZ+qS!>zdLu{
zyYu4xsEpjZvLfnVMP#j98^t(kVjhERZezSK%s8oZt~V<JwlS+fR%VXu#_Ms6#&(E4
z_N<nS^(aN}bf#k!B!mmO?H;TWH!i&1`plKI<|t(XFFCUw62kYgELBsWiA~cGnfOLb
zYO*?oyC2ov3r$p0%i&2eK4|MNx;4e$SLv=UZ+UOPH1}j{Shp0x5;ZhS&IgYvKX;}-
zkO;#um}8NHkEusG%&KT%Zu+2`NkRrgz*zAsCm3u~o1r0?dgH=HwO4sVVl9O%=YS|<
zY4LpKVt>(?+5RS}w0%0WKIM&h9?6sA*ELpc{Z7iVJm{U}&tBL`lc>|DtcLmy)v5tG
z>BS(arxxI?f-xaPb?>w=bj4wymjjToP&4!EpZ$#iW5K|dHp77K*4_bD@>Aozq71dL
z{aX&;$&^<BxEYtRC4ogv6t^b_TgBCLl7WwV7R;n|2$DKirk?thKzat90l^*ycmpDf
zA$M&c?y{3~+|5On`iPUrf~ToF&O$b$;@I#pad$aq+hG&}BQaSfJo3$`^{CVcqqgvr
z@e9@AcGaFFFgOu4h#j;7nEp@ruJ=Fi-HV?FGWxx*&(~4vz?!bl#|!57&C1UAl?$<W
zV2t`?qNB*b6sSqmA6nxU7l|QzdT}y9K+VR?AZ<}>GPRb5G{PXkk`da{T5jSOt1d8m
z+^z!d2DoSiGZ#%PN%GT+Z*7EDPZ9YMcn{Yy*&=TCM)L($={M<{AQxjb*2QJmEQbOg
z&<`&5K#L7lS$CzLTUv=^`5~2TtbquejdmjleXctHgk(Dcn>9~beLC)@MvcN8B7Ik2
zF+p`~?`5|JkHio|XT_7%gu~fIA#Z$&DKqL5Gv*5TR`E++&HiA2x-|H2J<kF6O%rAh
zue<-a5p<sHt)peThL1+CUXj&?sad}z)vM(2Fn@WMyQ5*X5)?XmvjqYB>|cs{cU-k8
zfw<#@8B(}Y)<w78l62|%7t_EAe%Bq9B`av%V;qqy`ygq#`VX8D3=Os_Hsb>z6yipX
zte0-rA6T)U0H!>|veUdt`yV!=Dz}eNa0+VFYypUIxzmrCkmllhv3KfCMN7f(<qygU
zwEfT|2jG#0pdvEE7;6b+J~Tyv7Dvq;uBWd6?$!wYIK>1|3VDQA-c|E%tJ7BD0G}pk
z()H4yH=oeu?YFeTE%5tLMj}}<AcGB}NIZ1>`fZ4|l^Cf*)KpR_Dx;&#SGVl#KA_4G
zQZ)bw2k&PiVq3lCPYnC0JZv*J2{)?=Sjdggb4wHi!BYS;l+?@mex+`&x=`8eG7%?z
zFi>9qHh5I<;pyw`jPz_);!3Z$D6ZdMdvJ$;t|EdvEht2!t7O#i?kaL%$?oll4cvXH
z<ApE+8*ytxj%Vy=%V)7M8GOr1!D^KRt_9uck~y9&WzAf<mom1#iciq1F~|Uav9071
zs9?Hg-edmh0P!@}e0e``;MlKCMN@AXJHh1dnfUfnZyIYs5v^-jh2_IM8do2btan-W
zG7M=!iAVOg;%O;<Td$xCo6_jL{aJC<;(uolx+t!1rh)KwZFt-lmCqMEEl_Wp*j}$i
zCSKz$T(uK3iDHD23^9v`FcX@snygrjE2PMrLXS^p0f#madMK7*$0jk!5ATNq&&)Q&
z94Da;lFQh*kk(WV=-0Kb6sRquOSq`&8=Qg<zsQ2+=1&V&R~*|o4A59$ajm*lB(>f4
zAu;*~sbj6r#ymi@0rG`w9HW|fXOzH}e&{Vs>aMvJmtW%kG;zn0c47^hkZ<DQ9Jl#b
zv8$SZe$}WJ6UKGc%9cvbO21nbe6+=&zXdf2JmY>T-{WNRty%5642Fn};R-u(r;0-U
zIc0&?vnPu1iRvvu;?ZZQ+=TF*te}VdzuMr)b34kU1wAUH1-^vu+W)5~UR{dwA0q-M
zvPYao8PLLLaK=C1Osj#EqOuE`Tm7g0_%LI~U;3s%EQM_N8NSPBGml|HWf);*mda<J
zLbcJZ1TU^RJnG3o7D+$q8;oM6MGQaSNF?KqY=~OA?2+4kQtgxk@*$uDBbQ{P7XTJR
z5k1Aao&xERf`Aa8AisLdvG#X}2P1zipfbt?yM;*4tIb}X<2$|4Do|sE_z~vFn!6dH
zX}lid%>j7L^=^BmPK*g@?Ee|#soI<N0k-uPLZ@z@Fx@4Q?lT5#`}5miWEX5NVOJs4
zoD2GymhvMWQXyRM-A?qUzqUSobJ*EHYG+^ws#1&+Qs9nu^PBY2Z>N&RTSJ9kMf(V+
z?>Vaeqvosz!c}^FS*45?vneINg?9(HZ`b70l#reR)x~t`uw!Apd7nR)SjTd+4*D+e
zzFcacj{tFd_MCi&otzusGKlBYx{_k5^jfx_o^}XdXet;|n(Js&p!2NoXL@X=4DWOZ
zS+W>rOQDxNe<-8y=5JJ)QYxl2aSJb7put)ffUC0Cy5w|Y4V5J-36hDob}~M*e^jFi
z`z|hwsaFyi!33cjRfJBw{z$8+-xW+Pygg?h4CP(_cHcj(P%I;I5c;lODlD`8e^k&h
z&Jj@M2D`g+?&X}f9+O2ySFEkZfVd^5gtR<~=2C7*Ku|I&yMw(%;-><K!=&SVUf19p
zj5j=yic1o#uwo!$N4?zBsl6np=fMc8*Sk4EfydIxw?SF+X~LySSUtF@J=(VEIo@?>
z0%*MFgn`nk$?P)0jX3H@%!T0w)Io7#%4Qe~9hrZH8mLn2mn_V5$Ic>>s~1;|jQYj2
z!ls@gwxsz)UqJ;NOOVX%zRU!ARYe^xTDDs@1G$KjNv3G#6SR(2nGUC5l6ap97f@V`
zwBENq5yV&z3DpSHM-&5A-$L=siCbpK*RIrcz_1J=Ee`#>Gn?O#fTn)J`mUtwwyRH;
zjCEGbR8;jyen0~0mGQh7*!uOwU=FiyQ<>M|+AMiO>49^of{;N@t;d6s;N~RbAQQ=!
z`|We79gYIx(V5%P4fFHBQvdgy>YqQScGwZ-qaS9%66oCXCjgynK=IT>xBwYP_LPjm
z8!QlP5|Wy}-dL4Q?cFWyb+(vhE8P#IqRxfv6<Iiq%e}?bg%RS$$SMP0%|bzUB@|(2
zoK_vks7{!su`^Se5viJF6Iu#dZthR=O${EA$F{+67I-Zzm~_&LB1~ufT3nrfJxdm4
z(Sn67UjMH4$&%;>l&&DYvpgT~TtM10B3KLs@j`xv{6&l;1@1^coX_xCR5IkKt{8od
zAX_T?z_prEwB@<oxhLL-^n^y}sUXg;2>~DG?>{Ej#K9WMn#z`@%+CDtk#b%9wD~3T
z=h)c#CTM~`zmLA{fGxLiE!5mM?c@4$3KqZ19?g_`fFzBGk&{j8rRKyL7aG=q=x#IV
z>`n2gt<S+S+;Qx-YDSvtL*0?jH=!7Q8hESjQ#KtIYeJ0SMXu+9E(Z^5qW9EM&Bl2r
zbY!`ok=~X$MK+!XYofYe&x-UcWN53{YhEpcjJpCzUoE812H)!rW?=(RU#<D9q*#`t
zluvNl+*c8t50uF6f-Nri_ql?Ze9ZDpz0cx%1w+ilCgh3LQ_w&rWy3bAw~Bf%v|Fo>
zWhwV6K4V-<>fAj5m`SVXBb&pP;d^yGN8ru7p?e*}H|pIrELW+wIzD?|E9%^D1enRV
z=%bjUv1e88v<#e!Hx}dR?}C4Kx9pcsQ|-WQ|LUU>WTIUNG01$eaP@v@P1b)4F@%U3
zY}l$lCr-AXRe7|~9I@S7v3KvPO%JwBn1+oKTelYB2Sji)>OBW{zkp}>adz(7h!R_>
z=QCzJZ>2u!N=-=}EUIdU*Rxk$ie1YLILsCQszK8+lUHk$iRDxg-oy|yUo(7OaOP`I
z=M*<}GER>u>mKta4@6VXb}q5`*op)6BzvnH7Ouyd5g*6XDuhSXr2R;C+YS4>s1Nrh
zc)hkNu4)uyGeP(1qF4rSF|G|c<(ns&GBf&mgxvpc28fg~C+YPd6rQO+A#Re_=hKFA
zho1qm-}H1oqaGOj@V3{>fh@jUJudhGHoDN>@DDC7F0aok!nd!Ro7&q?;lW63Y&Vz3
z>+Rm%USZ(@`0v8&cK7!6mCNC^9PKJqi!#I8)$O3ZBJx8bqWjiM{1`z+bvlrG@yFlj
zz46!U)EP!nR20$>v!E)<6=p9(P&VGiK|R#bbih^Dule^JTyokR<6LK|^z8%lxo2T_
z7_&}lihjnoq_h_~TGJFT+n<DR?c>&eat71v>^PY0Ya|vNj~5{aL>`y1L6hh8!5CK<
z!^KdB*C)&WLi0ZuP+SA;rMoFr$|Q?==YMH)YN*p{;7&wEA40i|djy%Z^8SMXHU9?#
zsyF*H`e@|};V*5e4FOk~dPkS=>zoKDg#XnEab?)C_l53`yAHdCla9_<)uZj>e0oIx
zG~dV~*r${!ip9%uHvxWG<^&;f5tLTq`PlJc_x$}4AFkfPZUi*}V_Mkw73)OR&USD4
zd?i&pL2~paZ;Z704RCbqU#@oraiws!a^8Qp=|!CPsHTrDAkX_4B<`~`*Q7t+s2h`A
zd0NBBUOlzxv5$mFKE0$s(Y20|>*2kHSO#xQ{70%&RUT3T^gCgN0?r{#uInB*%dC{a
z(1nz1(f8HKSs>qDGQuu5CR4xURiB01-Ayk^gf$?1Vx^>u>jC(c5m&km<G%nry*g1v
zR}=S_iIx;2>b;8)GY9*uSk)Hoswvo}0s}3Fr^TPb%Tp3q1}%kJqzxUX^%j)c$QM0t
zB2{OR$lHZwg;E9bXY1*h+BsShNH*%CMVcW!&r@mG&vqKQ7CfoZ>;4qOX5kqN;uy<V
zH@0j6fek!bzS@g@T%BXFA!OvOF;a3zd>eAJ^E2<i*_~m8@nBNDUt>*9+NOvfD2qR?
zWAO8Wlz`9+2S;!!6bKsv1y@$$2?<#%9qL*s=;Ty9$@-`F)W%!`*^{PMd_$fSq!o(G
ziGijq)9MkrrVa+%Gp=kJ`a6#k?~R}A<Sf!u=9O+RcvP-HgHbBnHq@>aU;%Nh$biMD
z<B>VF7dWsWRuVTxA12kbW~WLADja=p<IB6;giCG;l2V2AxDAawrb)<1%-wJvnb{q*
z-{n|kDYcc!9vA2eD)`#7|5S8~E<I&Hv|*T=Rj%B9j5WfMxfB%cVza|Ay&Ko6WqmZd
zLB8}oz0kx%46N*Iv8eO4p-1*Rc<M(lO|@O`X#yb}lCCBMOilr?Iz{k3SMypT1i!b+
zGWXD{>o9U}Hz9dPi}r4tTh3*os=(O~kLL^llOa+<X~3AOKp!2O4lx{`TljLGE*jDc
z;cJNYxFho0OhBMy^rW!K%Dz%-1K~eeAx1&?!xCN?2qBdKeo@yFDiqxTbYg5m>GHKl
z^u>f*?%q+Z)2&6&RlxBgc}%Q!6wxnxy6yVrW+w1%nX}y#c{-S5uQ^0~lc*VSy1{b{
zj8KtHG((Iuc&y+){Z}!C@h7UM!EviETalez*Fw+T1T#0?xlv-fLP&kY0=dyLh2f8n
zLk}8a1ECj$t8T;0t*`a7E$^Jm>kb6@;)ip3hO#o3y^ZVFQUkxuraMDvt#zOW#}h|w
zk84`BI0h2<xGryT#kgwID0-}_$R-^B%x(aj+ADCw0}uNq=9c_F9SuzbRoQ18njT0$
zgr^IvI<?yQlpO+!8Hi)Sjlp1)$V-i2E_T#VuT2(29a;h=C5_87H9yvLyX?lopa8V2
z;Y*KaoH9uM&8V=KReL8IA~<n=-y%>5U5dF{4|B;?|BycViilZ^;&KZXLs}YQH8Kpc
zFkDy0G5_V9-qa@gMduY{!tYd_RvHh%*4c)<SB+=F>{o*gE8MqL5+Ekq^y+O1NEMgJ
zNmMHmDDoFm<RPU{<jteVnM0K^gDPbJQ7(<EqES#7PC#5<G53D*i@V7Y4A~3=Jq9@)
zP9P}gZ`_KrHO&IT1Amrp2#MN;(QyD|PnL(>v)gC%-di(_g&_(gkp1Ntk%$b4i~C6-
z^#A;0bRF=z9@4H@Zf3Pcvbe^hzUCM}<*Lr}@#F<h#<Np&lKJSBm}5KtuoaV2%X!wD
zU5!@YIS(x3(d&@@=+`Xe(JKzmeg;U!vs(n7_2`#~TL;u24u6{bd&M&R&waajV7Q!>
z|0<H+;5h^A@!-i*ep3$}xnlNVQ+bunXct#xGe0Ml-YP23WOhz0sd0`-EU}qijQ0O3
zDzAiP`JeaT##gG#Gvgi6!iab0iiQRl&F@HQwu^=~Or8_bYBhdy7ro4XZoj$0FWo#-
zblKrK-p%Kvb}fIGi~dd^qhdI~?>gek%j@Cv*oyS?_WF7^hw}60nACyzv-YQo0){!g
zpI=r#@5}VI){QAoMwQu2(UxD%%yY$VhRZ;ZZgbX^R_LEP4L?W%Sbm(=k5VnQ{PanB
z20{(ws2DNTKjbv-2{O;*F`c8DwaPTf?&!4$b513G3wZ<h7DJC}vw{qSn0VpaN#x)i
zxynQRF4w4Hq!>U%NWGqj^#LO(?0%)ENU=Z-y4sKmqjO}l3BaYip!x(ES$Xh)yNe)W
zxcJQD$dWJGaR3h8O2!65NlNg(1$qtO_z>f2^U6Dk*pME3xM!)+rq*UCEGoVNR35dv
zLl#^(FTrX+W$2=foqe0)wb`U{la`LFKjR99j=b#M2AHth<}t&XUS9}p!v0cCT&g>>
zf4nUzJr#sfOTKcI+KXn}&D{r{i2<Q?iiDxuRm_BxxQ(8KIeGeG35hyn1e-U4AedQm
zG$VZR@TldeCWR!*IQnH)(4j&o!Li8qnUMr{mo1~_i}!2*Hpmto4bSFX4A17=Hzd3>
zY^j0sQRK@f|K2Dl=$DsQbfyGZip&<nOHrem%gnK`R74y@FLWIUCW{oRY#0C7s$H8l
z0`)TXqUjA<gc@})V=u@T4*B%@*who=mbwQjrEUS;m}u-bgRJ@z*TUuA{A2`nN@u+f
zmV1ua?Jttac>n(gO<viocebf=-wJw|mWc$}&c{K?{~4UBrT(+UmK2_v<8~IFI?Q-C
zA9y^+3%uaV<gYMHR4Tj#7XVTlN<jCyD{`1DcRBd-H`*LYfrN1i7(?gjFK~@H4@9El
zaw-kZw=RJsQGK|2!7#fgOOnk`?Z8NE<+rZr4&UeZ-Qmv@hs0VRRdTT4iek$bEUlK|
zrz>|T#X-%|CCbvx?O|4}iMbH6ivU)~_B;&~c7Nk(=bqLJU34yHGi?RcU61*nCg+lR
zpig;w9c=oz6@x=FmHoJS=6%5AI`u2yHH+0)YEU~Xh$a?;+K?-i9iKJKF0<8^5q9&)
zhRGtT{q!;<N~=YvkeWTx%2#+TVRaQFLbduyN5R5$x~lZ}HEIK9qcs>#I`6RbaW{O^
zci7xH`bnQKA^yUqxbs6kxSxYMCHJx4J~gYR`M;k5$*4v<QlUq|w?pc;bFvKk_OP_9
z#uxKp7MHv^ZrY5vSiF}DrK8!H^Q458onkRzVwKFA=>P}it#@u&W@Vqd#~VS@_;j>A
zuB~s-FK@@`q6qVh1}n2)NmTNd{^pt*vh=qIZc=Q5$w<xTO_<}14&T>EB^h0=b`}qZ
z_c5Y8{?Hc#GAbC{X`^FvRYK4$R|R=iNPj(Ob>Q~5TeM)8`}d=Z=(xKY_UVo7_xt7N
zQsaav`VYJJ-SPhY+8bX^x6j+*TjlwzALmax^w4I`FGEf(nPxDbHC{?s!hOe<Ho~9o
zVxWD}QgvbRhng6i^8H{W5fK(uJKi@Q!O$xH?JUE@;+t5ynz5L(^8ZL%)80_4KjDac
zhLA{))Jf4ux(%z9-q}jVI}EvPSAM+(U!HG?ql=K`K7G{{IxyNTLBKdU+<`jZ_qTiX
zD;zHSTnMQKf<@_aga~txZQMK;mydPJ=H4VzUB*!%Ud&lel~V}xsNAyQ0;gN60#=&b
zLZYGH-x6qtzltfvc=BhR=*u1d+k#E$3p>^Sz(op&;_iWlU(h<|z^J9*H{XKO<Jca%
zAEy)RBA~&gEnBfG;{Wc{L~k50_SDZ@l=wW@;DUC42qivKA8j=W1&#&u;R7>wio#jT
zZba=t?hnJgND>?gl+2Z9NfGQlQo>1MB|_oVtsYo2@V#yDZySA)K(HQb-_O20fQvq*
zeItw+Wc^aUG=Ik%h8b!5p-bE?-34MUw-g8&`wX}<LjNk=Am2-9fmos)>&W%ES~&vc
z<roth;F>H8X-hr*vE7sof8V&1tza7oaU|U<dj%NLMab|6(<Z3`%-Wur`EkDep<M-^
z=P)enMk&tx@x48L?Hl-g`9kp6ShDXQ$0Rz$pJIo)B9hk7VDGoWAYFz#LC)oFVSsp3
zw0~ux{&d2tapNl*b#dpz_^Rz_>Gwg!OxmzLt-A!tA;O~wg2XHP!J8G*DhmaC;Us9S
zqSm$%%IT((oLLst6sXfiMl6`>Z^<KA>dH1KX)1SUl@%e_YRCPY3cJk0!xmYy<*G|t
zLrtyAu0#A9M4$bS^HUHk`mk7MHeAT)xs~!A>N&su#0b;Z%QeaV1pXju;!@dBAU^F{
z_c|Ba)MfsI2oWv3>S4?q@dx<4M22(ANQz+PGCI}@b>odfWt%Y0<%Z=g=&A_IsnrBy
zDLz^-<FBoHpynCQgl235=E9ln1ppw;f}67q?#OMV`1qERz!qBRuqgzD0L6<3W5bp>
zPGVW4Xy!+K0ARL<`^?@M?08M$EJ+oZL-#f~KC+^f$2=RC**p<eM>94;3_WzYAQx<2
z^nX^jq(OX}`&InhOjZIJ&-4_QLKgc;JsiG(+P#e<se||)*i{*%*dG=}8RjVobdS=D
z9pA^FpdbLHtAMEpC25uSEJX@0zY^aoOcAt&kd$R<+h(8m^85?*^oiHfOvL!t4S-_`
zPpm8P7t&?h<Xqm}Ur!{*vj&JvX_&K}A8{-?HPK6qNh}@@r_aCG#kND$OP`N|uCj*T
z9~ArxDB8;@HdHBaz)6_pk~<fIEm)<8>dYVuXNfKQsv*abLUIw~nxLIvIR0_#%+Py_
z7WDC+w*F;?WZ>X=;`4HRv!>@)UzvpbVSaGg9Z)^jKm_*}HI=t2vG2<^Jtd|9rW=zg
zZZ*{1%qFs6n%}a$G4G)Uq@)oZgs6q=k!05nYg8RS!nKr>;uL75ZlWMn0RnPPuuGuH
z-1y9@mi@<-9B<C5z8vD^Nh^fVKef89)-?cF!uwcN#7yn|gS;<3TVD%ayg$w_yj6F(
z922a>#hB5Uhua-57uP=xJ50wf0vMspU{kVEWLRhHQ`cB9lZ3Ao8aruW66lP&iHgh-
zf1LK-T%@8xaG_Z=9G)a+hUZK2nU?0{R@1OE2_`V0$nV*ev8B+=PMT~XNH+jiYXoy)
zMdlROdnv5-+N8{Zt<&ehWXyp}|M~AYt@Dp1S-5CmxBF&$s-_%ir}bq;i44FUx!38E
zf@hGn$bl5-x=7oLeS|vUVu>uhSIy>OM6AIYd}<G(PB7wzP}l!SL@dY^QDS|w|0ht%
zQ?5?ngGH=!F=3{HT9;3k;tqh#6lP6fu)!Ix?oJw_c$zVnG%F<yIh8>v1vym`WTGh0
zNRhvmG+U)|ts~ILBHcgQm`^7$M1@(I{J8(T&e7kyL>bmTBtitBYN%O|&l!};i<O-8
zDg<z*ml9M!oiHzThaYQZ0xK>zn_QpF>!t1;Q;jv~vu+^no@6?SfdJoT#P?1kks-5y
z?pDef(Iynip~hYSlo~_DC}gGnT@p&<1qmN$74yMw!*}v8-|->nhl%c@ufnpeuMxK5
z^XCzX!Fl?kvuwxULY|X`JSQl$70$<7%Z8ZUvQg$Nt;e*&AP;(3fqaY!4<_mf%a&SA
z!xf;JmBY^>aM{uOA^j0r4oa_C#lE~_y=0a|aE}4Gtzoz=5O-c7ao(P(3$<Aj%N&y`
zd0JApds#Fz<?m_hqTr*Ow?^mnNVRYv+k@@N6_0jMXD({<Xk(ZpOQboc=Ljq8$2?<)
z2Rgf+R`?9PyS{H_@xXUxDKiWc>Ctn_j+)13Pmk~8=|{xZ%ii9=4cW)djC^;{R|}V#
z)U><Af$jWthxMK&hBqIdXTWXH4wR$qi|5qr#s;9!#&p7lH)hhaeG+C1-&le>tB`R)
zaqTdE$D?MnPev1XpLj5TQ_oonM&VjYpYxMr^W&F7v~0!oNaXT78#tfLLW<)p(3+d$
ztLL4iHC&5P&UK7rq<%XWR-*X3Q37vzQH%VTnupZ<mi7g+NU6BIy_u4%qo^mbPIBh=
z=VWtbqbiP-C4xLI8~gssueCuVGM(iyAheAC?}}1EEIc#|5SAs`5^W!aZnVQLb6T1O
zx0`XxtQ?2}9@o^sD6sud!>`^LzDD>thOBapMfD=R{+81Z{A*YCme1ks{mjyj7qBZm
z`81$aXPT#~4Zg)A_mKNjcPjs*nWgbp<W^%I_*nyz-lI=LcA_UiH_b|WPq{Y(Tf12n
zXtdp(!;!6DonmN|qglZjt8g&cK7%Cvw&Q1V!6*A`!WCR<SRCiggKMHq6KS&nErWR4
z2&fuZA1M&p`3h$aVZm-tsd*pd<?xIlGN6{qu$rV$w9E-^Ofs<m?!bSMEL5)-O)VCw
zT&>_qFwUlDl#>^Enum(DK4!QbW^1F~+~-~=5o2<V!Qy2BqqB-XbJDW@M|RyIZ02M|
z^KeJ!nCpq_PdcWa884om)6%n!UU=Ww_Oqm`Z<G61?g=)sBxKZAZ@~s1<UHl)4-OuW
zkJ8f*pVzBd!jD(Xz3>sAT^%XrZ1uRG->MBVNZ*KyIl{GQrVu$j&rX9{8ErG*f;b><
z9kadDQ7Yn&6;CQ1-LU`Eb>b2J0}G@RssA+b>=`~oD74e=GHl8@|5biLw&p>CzUAC0
zFzLaqhQ6gC#&Ni6j@uC*VeRkC8!JP>hKI0{oWK|b5DyTHN}ao9^8nQG^)pcjS&ad-
zO`RG*kQpi<bvNW+Z-cEwqD1OuNxjBs!N|#jG!v}`xR(qtn_jv^s)@sK#<m8j8tOzU
z=yWZ0Qq`0YTi2;%W5(I+aWV>=cRao}2=p;(%~?GvSh?7*o4J>fSj)RyJn8q`83iv;
zcq{s;B@LrbSGOEXjT}eBdhC+G3LGlHzSR~9h^AsJ(g~vI1t^BVIZXgss{9d5eN}4z
zDj-#A&9t33x|$YvkXd@(({mh=sDicXl|86?i)nsi;GfnKO0^HeGv5Lw)bI568-mER
zoC&Mu#vz^c!>5*>V(3(~pT_H|u(bFfc6lQ%YM0AQml#t7)o#~?;+w0{KcH~$QF{>R
z#eX1yM=T_(>RJv)MuKFHPhjAdJHrCs?hbT*zHWMdLdtr|UqpXR{2pGPueW6>KR0(t
zKR1m@booCmoBQ<Hd=rb4#Y9Np+;eP}XtQgK$o3<9d>D?=Unq>8zSNq)N||U8nwi`0
zL7!2WV!Nt|(Sr>jQ+-w180HS`?|a}cj)J{MH1y^qc;h<7Ejn5!OKjpvQT?m5V|{yB
z+V(DAiKY#HFdIwpFEgNuc|mL?SS^Od`VJS$lT4GfEFCbOvUVF5<`@PV^^0NJH!W5L
z_9il<_G@bvD)1#Cm3mgV6?`w4dKhwQ^;MIBEcppq>nH+a=etpW`u27)_B!xBMcf7i
z`jlpA*yAYkEXk+?2sf!Zg>i&1txr6q3K4#RHiLs^Ck_AFoFTN6JDcs%jAgHNen=6q
zc(e{~?JsU2f`o#q=EOu^F4jhiFwyaao!YuAk)hQy7`%_Y)dk1Aj@&FClC?cSGGJA+
ziV%y+{<m`yp(5aMTx5Mpjk-on%*{a9$*lPsw;%|J<XX5sn_8E2B6aNExacUdtyb@T
zKld|ZE3%wjskRG2z+9uaFQth2Ti3b^teQ1g>?9tHAD7(lzW+ZO$q|gcva6v%?2Oeh
zrbX<Gv2Wj>nIEdi^rCmSA!@aSpouvTyFYpIvbvg!<<%Rl<ZJ|$onsNLd)xV?5mmuD
z+1gkv>soRPYiZfdrgW!mES{Yrurq%VPgNlcp*K+Ma`}oQ`UQ=ad>{=8EJC3v+ttN(
zez9_~$FvG<c@~kVMpCmYeSWJH!j8+jU+swQes4PDmW=qgdap#;wn#1;-#Jw_!-F+m
zef(diA;mm$q4beK@E_;9_ocp_pt*!Od;lg|?<0ehGH=np=^Ji<<F9F?USma+4Nl{_
zxSt^@aw4MtYTE?<DKVHWaFNwvtTc~GB}B|hy<?G9o^pu<rCUw&t2+s}_~TNBeCJVw
z#&#TTKV=w4T@uOy0JpzP#WpI!L~ZL}>Q?hlK#^+}4t?Z3Xe0=^B_kV7DPe>vlig1Q
z?zoI~-M5FCly4`3n{f{p>l}Dn64i;LfXZg*(GU+>M)S)ym8eFEAu>5k6_|ynF%S>i
zPX{0YbCxnICa>VZD(W$JSyv8Xq5kTkv&y8NSf)faLDXQVA*;$a7+2^-1SeM!PrA3v
zs(lW<Kh9*3b7t;eqqR=M2HA2qRL+Jkem`HPH_9xI)1_MZxT3h5X8zA(*e^1d+Df@n
zl08&=qC!;q-Dx3VSmq6Hhv1rlh%lr9Q<J0x#p3La@2`4}M6E|&w?jS;pJyi=*Bm`_
zG}o|pDiL9*3yUCw1;74hvxcxr`LSq#bx^F)A(0h3$}r|F(K{sY_|XAO*;WTI#Z^R7
zA~CmrH;Q>be4aPmTg~xL(C<5Qii_k6k}|On@+p^ISLu@)5l2p*O?2uBzimHGo-N@#
zv3(4oJt}|%j24sZ74}-!93z!0ZDsOJvA6`B@$FZldWbx^m-W=0Z)?w6DnR$+sbQNa
zd@!w*#X!2+0|8mxF{dV4?c+Ubq-H&IC1aS=sCUs0<e;+-Hy>c7yvhlw7OO3)%ob-<
z1>`IDEuL9DE<0HlmaTmf?`$VRr1a_b2S4il$0jk;q0WX87>j6vRqoXGz-6U3(I0h9
zb47s2Th*D@{VFOnyg#LYo{Gn$!f+*s^@a*m*vRPk?1K#(nK@1KGo;p03+4M|8_5z?
zqWnD;ytYkLAV4fjRR~&GxE0QvPZ-J<c&-_%Xo$#EGu0hutd=RySlJ<unDeH%F}#j^
zeQaD61Dmo!Gd8C*!0QbHx@+><#x$!=elhn=r(~Az6{>V=9N9*i<_=6e#L4mOs@yWL
zOZQk5C%e`M?&y-_&|O=!M&XzRQgKmZ5~}GI^4$|m@d0sYX9aeS;CZa8(L{%)tl;`t
zjdui^5WgM%VU%*b7C&3^A$Dr#Y`6A7DB?Rp*05N=F7KCb5)a}`*sy(y7>0J!@8S+R
zY9#8^Xps=hcU|wd_;&ZwEME^A^BC`07n46{$-9Ka6>Vn0MvAOqk)!_%K?XH0MM+pb
zW={9rrXA!-`~$j~`z6Vfk=#k;Hvr=c8~|3vUkFv4d5-U_Xi+2|k-*h_+x#G6%41a_
zRwa|t@z=~o9WivNN*)^G+((hAWZmctBosHs(ZhGo$|ltaP3_HO?QWjrXc=pi`A!yS
zh?$YU8G;R4sVh1<%ih6XdS;LOv%~vm+<P5&Ea8p8E^Tp^j;u%(^7rL@Er?4C1t4uP
z@W%ow@AL(w?mU+*(MdrA@hPad?kdE(Hdf0G674woQMd;1nO(s<h^7g+EUkc79y{>9
ziB{SJ$B=D+tnhi*oh-A6Tz!ZY<u9fgpWe&QH<$zDVnJ2$q<YDKBrO}q&b`~nFRPCA
z<um@onH!ZVdDfgY6|mq(q2F;q8%RsH?RMwf&z5l6#-!j>`e<7YY4n_Pxm!YaO@!L=
zq+8>QIaZ(H)X^jNaxNs09Dig}bA7sG-qJh|QFka{_jr;<4rixqbC1Gy(r&MD1|YT{
zxa!fYyJPFt8B*b*?Neik+iYD#ooM{@8hLM<Z2cLLGie%HF1%1}SZPkzmEu#Y5HRIm
zM2gZ-5=Xv-w2OOj{8#-_^6U`kvUu6$npFKt+_56o%=QG|A4%JKO~*+0Psj!0j8JJj
zQI*ep=vCR`=bhMJPg}_4dHc(R$^rUK;MNT1?+JWUXtk0;B#^Bwn|H^Qkc77en{|$6
zsph2WiN>YYR}|0!1w9TOlvHW2(|-qB?OX=;0(*e&vyG?=xLZ8SUrU8>;d>y}0A^?s
zKV}!dnQuYr2QeZv07t2Q)@tF{SWvk<KUM0S042Yg>|=`QmxM7)D2i2Cc-B;}L$b(m
z8b2({K=#kd;?DKtn1u_sw*6}2)Uzi^nj92;TstW5zj$eP^2-~E(<zA{P)bbXzLLA>
zZSx5M3x8gaXgP~w9Js9!dim-!;)#Hnpd5XVZVl56j`65^+Ei%yN#{nVr3vPJ=y)`_
z%ccYs=jZlofNY^EPJM3XvXh|x<<-ucPCe+H6z;!Gn;1Tpf6SKUg0N$8#1^DiRAj;x
zovwl%7#RBMZv&){Y)(RJ4)V3PYnUefrPws8uSC$&E@b-Sy4mXO6QYkT+9d~5HgENW
zIfB1L>)~b<OEN8bB)k*R4Ad!6QzmD}*#xx1c^%|3BFpK{LIn2>sI2{CT2s4o!@^1D
zh(LsTYQ{PAU^OzH^IuoHdFeSt6yQX!<`CeU$e5a-k6M`3h_RelI?trvV<efSmbyq<
zK1*$p$z*MP!tzD#nlF8Z2P>(X|7tqFV;XL#Dqp@h7e7HkbT5_?xYZVXu(e>-_R6?u
z8bj@}4A@#$`l8_t)=Ub2j87q2e5m6;)aEv}?;DiPLdQv=2YN#o4dv$rxhII5xo!Th
z{Nnwj67Wq8?<`l?LJP$*DAlzZy^7f^pwDy(_QcOx{P@d3H4AM<#&dlmTL6c+%b6c5
z4y+RYGUI6}JYxC|1Iy8>R|l-I7w8i{oxqp<F`WQTT^RHZG9K`myhe2kd6hfOuit{R
z%u}+0In)7|vv-e9uAB782*|=YT|G7KK_XC1V?`b48A>XSJkcC<IS)Zjz6oVT!$_h~
z{<rt)^W7u=FIdi$i5lB!M?0OOlzR+ZUeRV!!{Co!Nf9ZYC^n8i2-;K2vb{rREV{r&
zR_o-w+RZEis{9K3hI1X_tG~BKY7)9v{E~$uYh_~+1`xY}89_)27vsO(Wf>Tn!C8U-
z4wsUqW_N@R;g!LYIY!T3VkR^G4>_$GoLKG1$Fs2O!df&}CO&N@^Zs8VS~LT#8ewHY
zVG{op#L~$0eN=<p`{}D}H)SBMg7ooWfb}u{--7?jz*zkMyZ--k<G+_h?ZQGNLP`Q4
z5V~xDK#0k+oW;)V9~Vhs61*((W0g*np{?VOj->xY{MzVa?h6~D7&r^04t^+`hV|B)
zotj&tv!nGULw|6+3wJC!Dwg?!xqUAIz{^!sraM*Bke;5(EgPbJT?mcmju<SLcEKs2
zpU*oV1~m7Q|D+rhNIfNCTub}Txh-J6cbpGLv?Ux_O((glg$Gm5(%!3qH0D)^J${~^
zva`eHcy%ZT@}7<*z}OD!?!7G~gCo!Xg?!D6=cH%hg^bAsJ(y!pGh$@Nxf6c8beiBy
zMZQZ+V4Hxgu+~*qf2g)h3^QnKCoX9H$-p=>o*id*GsL_8=H*|pyC^RzXdmII86dkL
z&4G#cc%Sv6X_b&y4oI)xJv%7fSyvFX56WD5C@ch(?SU@Jz#*~M*goYGO;2%n?8(7Z
zrUQ`;bgvg{?svfew&Lv2Iu2HY*&N<pYr*JtvDHkU)TQyDiFVcrlLU*cQF9b6fQU8X
zWdv+C*~^X;pHzH4Y2m}`TK*dE1~$rjwSK#Dxu6TBeSJImi+nZD)A=M+Sz_UBu%vA=
zjifH-LO}S84$(gmxrq}EaSW3bcH9Y|C`&xxpikr<E5u3pKtxjDJMDfq)0x$3^6A*8
z$O{Z|I(HYJ<0)#9L$@2Z-3k6NMOC<txM7bi+Z}_=1Fkrd*o4z_;bZ7}<zBRY&xvct
zB|p+N40P!Mv?4T;ZE<W3<U%;#dQRBO0$2lSC+%kmq=mej0kF~m)k-?gP8dxz-x?}{
z^^$JZzpQ+4aU8XQdfdGe-7($JCoR;+py!Fr*b3Xas|6^uFG6hde+84#+94PYyKUrf
zO;JJDe(tuv9btpjTa$DvRvdLZVS~|Pn_$j3@vVsA*zv9L^s@b*(@+mV6ly!I*$C^9
ziu`Fn{U}yq`=m(v+L{;co7>GhcBJQRohBNaM%t6so#carRP^*5h{3nqizyjX5xWp`
zM~X=%!8dLe4uAbGeySX<$0)E5z>~=r=XpR%7no%Z1c)d6vWXP`WMzyPR<n#UuLr$^
zLEQ4<0Or)}(lJt??`xrOXTj&D<JfN1XV$vI;L_u3OCq^|>W;#~5e3i@Tzl!=Yye#X
zq#>!q_L6pqKKcvciT!t|hC=Yhp98<<_1?`F#Z~+A`F@^1LFM-K6dw$Dk)$p&#T?}&
z^mR`hvT&b{Y$AP|PPO_1`2@1-Eg?SgovKnIV-2vMR0zWuOEQL(rHb3)VM0bICyb{=
zD&HS&B2yST7A}g|aK`@6hQR@ra~5xQEaD5HJsnahwtf3=R;{Q}3h$ErOJvy7*+kqD
zT?_B)5MK|uSciGWx1xu8);F#XcCC8&{U?v#CnlE(_`gHJH?=+8x6EdwD+zp+kNOmj
z8pkf;Cn4eL@~t>~%POyiV`GsLH-oQ7E5-AR?<E7WpH(yD=iR{wBC`3QNJ~qs&(4G(
zZmdB0pgaK@=A>xlgealpp~8fFp`37E0$l=Z4+C!O$c&8a-p|2Z>-P_tY!0_Or;n4D
zhldBFkB8U&;aTBb;z8+*3~v1$nT6vO<wHQF=mD2+<ytGa!&y3ptokkV{9-WWc>Jo|
z=~&yz*<TGZB(`8NeXNax^K&=&)P86P-5&ajvp)wF|BlZR^9WA#EDerQ)R<Z^_1iq=
zip!bnX<H8k@*@x_-z0oFWu6T1g1wlP9qzJlygo+*pqVQ{l0h6iJs<CgA{Xc>i29y0
zk$KZn!~@3pdu?n*cRM9biN094bt<}CnUT%&WW&TU$q<+O`>)oP*x7mE9>KD1!^NzM
z?;Q2x|E-@k#~w!$T|~QIgM(c%fCVmXAbeKY4ELy4pho=DE4_SnnPHqD=+P%RJq+Ft
zPNT_f><J&!8i&8VVENv#2^$>=6*6CvN4&=yXO<Xrd^ULgdbu_|czcXR`EwsA9n!m~
zXC%R8mK363_G9-kW7-?<Zj^>&ov6j91wmudTD`W3S6^v(lbeF?SYnjUV;h~4zU<QJ
z94m1&2~{|Zu%0-uIx)S4<>x7$h3<RR{lhsOxvsyUBg|grSPpfQhgA=n(R0t9oeZgp
zV|y-0ne-0e{8hHocK>cHh_$8il(|`(N+7%M^z7(j^zBSry8!la5$|7-Uf=2prWW=s
zIWZ(e9`#p3bofU5l|c|xm1$3^02S5J@Uoq<OekfLV8+t9v+QRTZFYH4(O>b!r(&e=
zNZ1v}{oiJDKp<B`hJT1iyl%J#aRRDHZ`S+<j3C(h8p46ob~A<XI8E5Cj>qr0O&#q^
zU)z+T8ffr+XF6jIDO0IrYgxIw0XqTHu036Ls*E2V9q>S5zS3)Ls(f{NfOZS}AxUbZ
zR6$}GPLxP$+bEN*LJsgmf0g=#P^FamHsnE7E#2tN?ViSG!-l{|l$yg7**9t9xAmoq
zcLvQn$<epN^~?zLh=e@xOv_tkQetwg<jJA~d16Ij1Hu_RH}}~dfS5M(2OLu*cY{pr
z{oQzQX?nDcK{(wT(h<W_-!wj#sem;mspbR9T!i!}GW$jtNlYaU-`aNNkxC6#<Meuu
zVPT+mZTA1Ml6R7-h&Aux1%04ohEY&|79c_y&SvAgY8->9N+d!G{NR+5fMl6U1hB#A
z8h`sk{3X_T1$Ogb|0tikOl8YQKt$+YLToP1un^yDS1%}`$Ej<X-xt#c-m}JTNkqQ`
zIxY%z3*tT48c@wFm>E7mWeCocWu}6ueYk5cHgPSFV9gVmQz-tscM2^c6F@%wl&?7a
zmL)A@PZNaB|ClL<G%WlQ_b|6*OI2$?qx(rR4PBm6dm!8yQ!F&oY!MhQekd>r%Bl=`
zJIvW`$AeDB{b?7=Gkd!3c^RigOh{d%5s8o;Hpp{H)b-%k)!9e7#ChyN>nKZkB9XSj
zGqzbna?3EFxM2PjZh^y(l?5grzExOF2&C_h9B&0f?nkJ*Z6;236H{*eB=(T(QRS;}
zLl>y}*D@oVy2{6Yn#0p`n`LROVst~Lcv{74b>DCbXEjx;h!3hIRBR>Op$@GU_K1hK
zO2}Xu1F$IPoq!1CWzm`^n`eRKX~&8gzD%fEQKUujXE%m>g*nF<lGyPaL8`(MfQa6a
zhrTtUW`a8x#_9ZT3{Kg}IQKLHpZ@H)O4BRo?jPj>Kpr}s;?Q^ext~Di5b%{Yls8TF
zUOHDBVjmwnWa(9Yn7&*DXRw6SQr$z+26d$^#1oDF)bVCeCmw8?vPi#T9z?yI-mv8w
zMk#bL<qLn*q4WYhvSF?=Nm4tP%)nGlL(4x6!E#J}j9u-j&X?mXZGU%aBeok?D$)c^
z5X`-AVzgeKxa(2~J)FPvuz&k6i<zmmX<9AVRaf=Ta8bF#UDka}Jji_KG%%zCG!t%B
z_kP*_-Ykeso-w1XlqUX=N>0AIcY|SN+{T1`G$>x>Pu@SXSxz2Q4tiN%@CI$Zs~KG%
zwe#NC4-09vHe_I*v%H%dJD+732xK1c)6ORuYIGb+g9cvE0*ns+1<2GwL4X1}m{fFr
z%sCO3anP(h(@h{?#}{RZ@I}gV&|cdZL{f`r6RrD^+<JU_yfH+`u4V_RCHe@zPC6Rc
zo^I=$RM4I_YGu9|AVY5L?u)U40WEU-+|?Byn<-vpHmWxb9TIF+Qnff5dVVVS6GF<S
z`ysLheSVuBC{w+&QMe~SrZHm$G#M~oYMY$KQorj1YGg_j^FGr8NuoZ}*b(14Js#}}
z`R-x%1hyP;^w%FCm*rRd&eWhd$}u}Xx7=*%^aPT9jftva;PkSt6V?={CqVB@^n~oF
zA3L+l%9Wf;t*1XLTPh|j4j|}B#pj8vbgh&Qz|T&M@^f`*mQSFI(DvHSip2S<AZG2C
zuSTDtHec7;SWv%%p^&ux;mdlwgW`k*15MKDDHUnZ&Z9yZn$@Z+P4coYpqVy_p4^c+
z?N(TLz;rtT$HKl(9}DD*&E4!YA_~!V9B!na(<J9pIp95V-lh_jp?quYn?6m#_ncR{
zD|PM}sM?K}u-b{v!aWS}Pc2UiJI*sruxM54%1uwB$qW*>aAm=oa*FB1_gKy+f4Z7I
z`kG!+m)9>=$tv2Fnx}zIm7bs`JyZ1v-E<zEC%ozUSPCrpP$kF^BWx|){2|(n%%zaW
z5|s1jWMbx!w6E%RTpgu%u<^mIB7^^d#X19}InVCbA{Tb9r1}#1j|`V2%B+Z)I>XUI
z=ZI(tm&k*Iw|Ragc6eQewx8_!4SGuVDxL^plXF>>MXcUtsyxwCx}~>^-9aoOJl?sl
zDMy)i<e<*onq#6V>x)6F6Bq|jz&&-~Q<KY=scF4!axc|&<wlZRs(Ao^*D92eT%(yE
zwyE`^0EMZq!lE-ql=g<3$PHA_-Gtz$w#gN$V~XyNV#heY#jBh)PZoFx`*Id8BV7Kh
zd5%Q+OJb!{FhtwJ;jB?&l`Nv(K1;lC3|kN4x~*+@d4J_zF2&w5Cq-l&W}O^sA(tCE
zu(}}fJq!9?*4?jB$R~{#qO;_vb<9$M-5N|UoHs?Cv_V4+as+YTiqp;kH>a_m-&Fv*
zb7T**l~r&yn|o=m;BoS!!`DlkcB&c!QI|zOt9-wN&vy7g(SvS8LcStvFO$Do2>V!R
zi_6qEFEI@+v4i>fnK|pC!Wt<%a!DaR!-$mQc!289bb7yRJFy;II(?GiHwCNJ2%=@e
zp)<sFrH|x9#jZgggeOJt;KbIm!Foe;uHwLZ3?-=M(&o?PFfIYbvzX+4kc%71hm|q1
zsOfe}Cn=YacwWi_s}6n*n}&W1sa^*A7&?K;PJzY-y`z<L_s(N+EUngrg}m$|+g{ld
zqooI}hRXy+_N1-;lM)mqL_e`2l{VAC`RcdKONG;kgKfSw3U-h3&QUyo%@~e~e-2bT
z&Ux#u0XuBXD9X5F{)TmRh|K(yt{d?a9{j?Ax!&=}WY@*IiE0`;fd~g)Aym-iG_|%F
z2S7PPBLjFo&u0CBRnWQ~SZr1?Zp6@@Ed=fcyG$M#g$u<YEs!-u{n;Wo5N7~)fr3D&
z3cGvU4wVtIS)o=N1K>QkkwOKDFx7C8*I4VF${+SYX(dT7ck5HGS~1rMV`lt3r!Dts
z3JW5UuPv5r4!e`Noh~sv5i?PW`D@G7X2Ujx(yqIg<;@QNZEzg1yZ2|LoHrH7C8eOT
z;N5Bir8@G%dB>>w)w#z5MZD@$b66JbUa7=`mKngwPX-`(x=N?eS!IOcG@WsPuajb0
zWSfA>(v+ef-k4S^U*(wICQVmy5|(`qX!dPm!nd3EWAEs~GhIQsZck>K#626zS$_ad
z)#~O6^J)Dx(b`vpaG=Q&=MW9>&0>67r^jU`-4T0pE;$}9kz)1L3izNwkomx(-&CVj
zY*tzqGJ{n{+g6SuH(d*v#erVx17PmL;tZ&G??ajsAn3W34JSBb=01el-YjA6oi8jE
zs-!WUyf*|0s0t+IDrp90tO0iD<MTnUTCon-UM&+T8C<N$j`{WQBiJaMd{rR@H8k1g
z%~^v&zAkXl$6hna*n43^rYWXP7`s170$R^4lbtgIvBqa&qcTeG1Qo!$ZCspl@Mi{$
zwCU!ww_0K2fMu3#VwE_44;+IcQ_!-I@*EZ9vD?&k1}8IscIr&zL$Q1irYhqZ`UB$-
z@8=jz<w>InVA9~(p+4+rl%6r*T&F}h%W04+GaaW+k^l_!bNSG=Q95dp6>;M6G_wMd
zD78y67u3-``u8AROF)}F0rD6!A%>S3gf5ieocDYV-pc;2PyKFjS16(B%dSD#0aWL*
zrV=gk6ez?aD?Bc%Tw?*6{mopK*``pKvd!89t-1v=+0}zw#Xww;z~PC1VUb5IxC*$*
zm-<ZA*aqr771fp<6w4UqtM(6+Lt>tRoh=!))8RYvCpaWgX3gHc-*p<nrxx${oZ(X>
zr=FH`<IJbpuvq;Rb@HAnznpX#$3-3!3`ODQTjTG6Q;sUUajc1dSny7XI{GdBhR2&n
z*RIjG;h8iZ?p)*oyV@byEuvbM5t$JkeNZKr#H#Pd(7S86>#Xn@JvGt&CRCZ^JX|U4
ztSs&{MDBz_;!cH<H6TLOK;uKWCnST^`!T^jS`KEO-c)~1e1GuVl?!2dnFzBUn5WUd
zxIXB^Vfa?XUzavk(Vw%Yhnp3@qV7qRBf}Y!+Lxp+fDa++?Z{<Q>|I<#yF(t4L{UQ;
z;)aphs)mW!Pe5JYu;&CR<9sb|-`JI!w}jfe_}*LszkFy4)os7RwxU+2Tr#$-CZ6bp
zvb@cJu0(L?h03<XQ~q)NbB)e#>6zo|D{3|#0B5LrV*8me*4${|13#7F8Xav`HUy`n
z+Nhw4dJ2r-<Z{3>;xrYav3MhKR!=TMAZ>^evByHE{rH0xWKU(D^=Fw8hrQ)ZV1nd$
zmtoVKR8fCn*~=YAFfPNWT_crH3CK)W1tXU2^s7we7%W?<R!TL`70y-qIZ=ReZYjB>
zqxrhJ<E77Ut%dQqtI_qE18iG|%5aa(tVtZ&iPm`p&T2mPo2yyA1Rrg$)`!>_7-n>z
znLie%{fQ%FcaN*7!4c1v^rG`w<h(<2L$j>_ytyacZpgfJcxFvbQ7}*ZK_LN10cuP8
z?6!*f8LNZ{ZVCQIl<iOJ5X>T^I3BV0?cP}+@Jg=-&n>~3A24>8&dY{=mu(;`-0X{s
z)(Z9|&>H{9$NFQ3zjv!j?S^{xb$8L()nluY$iCJcJ4@WLzXJB5)5A_<0#yjbT`)BR
z#)gsA|6=PbqvF`MwT(N$-66QUy9H?6-GW1K_u#<^AvnPa?(QDk-QC@-zfSf(_wIe}
z_oLrYwboqKW7LnX>N%fxE^bkPJoyg+3|hF{cqRlCl9A+~_+Pj`w-X*>Q5MB6YO!&k
zQv#9Luw_{<-1Vt(Vv~C#7kbH|PEK3ynOU)9YrwJ2h)D^6Q>%E`@JYi`aioe#eI0Y6
zI-2hauw<Xv5bK_vsP8|Y?ns^eux8Sw?8<&YW?P5vu7lcjEyjM1Vv5;kz#$b-^R*2w
z_sYRV#BuiP_G%}m?o&*%B_7`stCFxMq7ttZxv3hsI5Gi}z6tE`MzyG`dT4(LFJ*U%
zyU!_in*C>yh!W+mB9X+Iq>hXw)t0&lfCiCyu>5z8Xcl2p7()j$<8T#VTrk|xY!?1^
zod^yqM*Q_>e0mH5Wvek56O-n4PpHT4ed#=tL_auT|Bz2Boyxg}Td@{#I-SP@1GGnU
zOAzRN9hDt(-T?rNx5*fU(n&@Q#oV!9Epv>Sd5H%|mhlhI92XYbPs9BvLo64<9btzE
zw66Izo@QgtnXoGtq{^*YEI5CoGl@@3#d*&^j8YESI-M8<wZhqSqE$9e3wr{td93iX
z1T)dsZAEmqrp6w^HUDFc6_K5_H2|I9ZRYOzE&&?Za><%wpy)|w+;{x_%(cYuSS7DU
z&b_(&>9Y-|lQL#>mfg+%TEMu56?(A^G7+VU=<{^fZc8ISg;}JLyFQ!^1xr)V#XYME
zQ%{UJMI3=Z!g{$0ce^5AT{NiMrG2jp2V11e6yce90@|7={o4Xs1PNQL%!(Y(XT2>j
zK`x&yB0MZjTO`he6Xg9VzTz`Qc1aj?#x+>G`)v~@6SJ*x0ppP~dLsSTUnx*1OpNln
zC(vO|S+k>PO~xi}J_vT7wFFrP^ndY8sVlRMqlTBZfaMk-sSUQO5p~bP%8Tx`pf(6V
zbd#8FU)^x_Q|q)A%`>jk$et2BtPi%WU|(tiF5hWfA@7f|WV&R5b+Kud?}R!;Y+sAr
zS7P8ZB6?;VV)gcIUp}C$5ffiUg|VX7Mo<QKq<AdKd@TU${)&Vbm5HOnW$>k&eq=kZ
z_KjYj@u562=gf?E!EcKj?o7C+nOJ1N-ygZvMvOXOe_K%>FQc|n&lRr}qeXn?*Q0KC
z+^2$5m*=8So)l$4-vU!(-Sz@5&;fSo>OBvz@-lvI;4IAzc>(|gC4U<`4Wu6b;3+X;
z@r^j-&69-Tr8>tM<U2uqbAt;>jgtAr(#&nrY6$9G^lUxyM7fXBP7yyU6`LezzQg@J
zly^zIi~cj3@y}_8I}_T2^}K8W2SuWJ@KlsiDw-@i+mA1QPHd;{6V3B(X=T~PtfbnX
zI4Iyko@A&T8@GH)2jV;{W&p@|Z#(QH4R%o>rMM%6<nL?(T~gv(6_9<~1b?m|VcP;f
z7sl%mR=+lE>Fo5qkuCdwmv}Nfv46T%(+C)AmGD{;&s8H^tI+@skvh>L$mN5!nI>n%
zDM9Bo+SL#U_-1ekR-b<#2-;<cGA6s1HIXM2eZZ$ZL^i^d#u14!Ms$19{Lt`eH$wUK
zHq&A)pJt@g^8Id7_6l2~?%w?`MsZIPH@0&~R(<s8{I+(40=d}BFdpVn$@K5Nj#rY-
z>9&o;;nxW~%wgPKg&s;=wmgmo==-}#(XR~Y-z82y^u`>gN%Y1@oM?4~FT^KiR_Gs+
znGC!QgfBQsio45ZlbJ}9yS@J{rTTxu|CR;EtZ<@DQ13;>{-u4BmifBl5bufG+I(4#
z<nP5b{NnGI>dufMj^8SunHqc&utp<lTr*#9hH661LjBQ=@C8FxT)8TO_xrs2rUmNr
zRDw)o43CvLw=yrp4iGgH1;uWvj2iPv^$=o+Y&skqSi({nr#}>Zv~n^?Q<*G4P5B{g
zpydozshINd*vtU&hdcBUQ_tySA_UcdlH9G=+MS)h+n8i4Dk;L9K!e*?y>Nm3*FaER
zVAZo}gZ4+Dqw?l3gOnF+r)b)W<_CMYQ&(Su?+>V>VXQIBbHubLFzUor%$;#YGT|$5
zVkdQ(tmVZzfa?W=fcwef2CqSv)1Ib8UL?wJI+d;;^O6)<i9w^X<sLe4Xk?4Zx!erL
z-5Fl*aWuvHB<)w!%M_VLd+r)TW>2>sdxG~pk)zxKUvXs1YWFQYp*oeKsg&tOgmwt$
z00s*aq79CHIwn(;K@(WmUQ2TMl8;bL1SL<#)NPNCS8Z4=or!QIaEd?9{ey#Fb=`Fb
zy5{Gt8g<qBHPXeyl46epcSggG2z8zo%Z_Jb@z1-WHCqydgSysAsN0dEUisj5w+8pw
zr=F}f*4_oU3`fR0bD;|YWcQku526{o&109uji%DW<811Fifw3wWrV%UNP_oHN9=-7
zszYX#xjkq&VBGo2GkFcx{Uny6@RcXnj?3Vq3RdfSbX7r^=C5!Hc6vVhLnr=ENO8B#
zIq?yjDY%&to1W?|;eQ>0PUV$*FIw?>oY!?+vMC9aCf!`H=MD)G**nbWl72)~ZeJR#
z+mb1mZK=IM@O&d7_kA3TZ*N$I1^pjHGEJ`DfL*kVt!BppvPsTa-^raeXvAu(oJ7#@
zn6Nf%_O??{*3&08mPQPx{!=>im~4bI`sw<Qo+&It^9ahT#urH#>sP-H3KR{AjkC$^
zRc>(K#eUg?g#Q}3Z<{CgB{GQ6J@jtP3vPi<b8FCV(Jk)sB{_O>o1{2W6<A2Wm5K1u
zq1OWltWR0Swxl}SF3zkUv`^VO1Q1rEh<(IrGIyOAe(&Wx_BPnb=}WX9F3lf`2V99s
zx35$)Lnvo;q*T+?kM_owI*2_f_5Nt2%CgK;s-YR~$!+BS@m%EwcaFE#*S!C3zGBmm
zE=<hmov3fQc8b`~^S}g-ou*3x_~f4f7%JpwngWdJBT)>hPt&Wavk>=Jfyk0qxT>p1
z6FL`(<8<d=?gNFZYrdThn6fHtL+Cn;Uf*;sOSTM^wwFL#)Lm`9daovi8@8{JdAWV-
zTdYO3S;fFvt65-3KMkopfb*S7M)%Dj%XWdjT}i_>Z_+^HaS(~1k6*GR>I{DXgdq~c
zmsr$M&VSKA!#WcNdfx51y549*aNi5o$mzd4Z0+pqC>9(;+_jT~SIsz<msxsFiY*e9
z!Bq+qRa0+MQ-?+2oG3;yFN~iXcJi&v3&-|T=U!&5#R6}91pI`Efx^#3Rour_jPxIM
zhTuDCsKIuj4!pyiAZpV-@PgA&2ekY(L_j(OFY;%g?a#oEbg)E>jcZ1=zlTA~F6_(_
zF^nt;@OGj8%mz3?C@FybXMWNYU6AU(W>|{kXsJ7k*Rp?K3>3a0$qWAB@X_QO@euq3
z5O)_!YjPq(#q!S=dcg65OOP|P^<LD1*)QAkVQ%Ufurs=~)J&pS?MjkiYj18s->Nn@
zB19Xhe`|t*YC&AB>geGpR}F^*Khl<LA}h3wB2mjxlDkJu&z$CoMvUhm&yOA8YQ0y;
zVcFGwSn<Sm3Gt7YX+qu4+1T{CPFcCUBWeMr4uov>LoSS9`H*pMuA}+<L;xdUp{obu
zXDJAtrEvakkbi=e*!H<vQ|S(2$Y9bjt6H;Da*>|K8``Ym$3LeovCJwgvp@wg<pe}o
zCs7$DnqQK)qJNIgthQ7WBEQKn6&n((fp)N1lh9X`*jVashS&={rC>KsO8i2-r#NoZ
z`SunoXx?eiPZK8W_rhaB9=&jIcZa5*wR1I6m8(SO_z_3i@1w?o-bG$=m@}FmZU`Mh
zl25$tUG$}gfS;Qe0+1wj;1)<i5*wQpMM9L7nVA`tMVuwz`DFRB^RW1<M%wn}C;q9S
znSsNtrO&=SC&9f4Q(NyAEux>Ob&ZlFuek%N*X*gMkyw9?)(R$h$gLGCj^==OW4|HT
z+-3KP?*2h-j9K%3n5rpy$X)M{opsuVc`)?3YcF+}7#2mIq59LZW3l_J@}RUTCC>O_
z*FY>oBWlEiwNXe#Q=8z^LwuiAa$>yE^C%t(VEDc0px*D2mQe`ccS#FVm@dTRcS&nE
z`LB`|AJM{}l2)z8X4ppRc!=bbb?!258h1?T_(sz?)1oPoR7nHbgZ65ae+`EMg)c;A
z_42YHf!-HTGhLjB+-4JhjIT|JBpdTKFAajWN=m&KJx5>&k0@sNlv}*stj}-HM{uGT
z<^HwX$t1RHPz5j)s!O7|9KAZXC=Ea#n8JnlUvkE2J5QTpdVO0<M0|U1;rc}0z*<^i
zbJ?WD>p9C5PrHF-C}za(8$X4D?*JTp8-_+`trL-8pQs!SUh4J(=c~x9s$s1L#JU|b
z<kUS1FTxr3jBlB*mD0zCf=kLxZX5|^8JimYqVLlEk!4p|s%F!$OXO0vU<LaUC@8}Z
zpUe?(NGn;-Pad6*<)8bTgSqXO#hNFlzf$TBa=;kp<&x7NN2DPY>5byfIzzRcv^Q}n
zPavAoI21&i18+12)Lxm1e6MqkHCpK62NNe$=f4B&h6pl0I{SV8Y95)+{d}6z%6A+s
zoHf~sly{?!EP4o0lWEF}gXkHO-q-IIQPt1gc~a~iE>Lt(MeF^}Y&`pfm%x17id9id
z4U<U|=6H63_1#T`aO->CHJRyhM-=BJzW!QHfR$^9S#vF>j@LNkfLc@~sRKm{1}4~a
zsPU(DVdDFe>oIDE^#-XRUuhpx1Izo>&=t*}QN3ne>dNMAA_Gi%Qe$~ZmD;TPR1Up?
zW<;T=Xf8yapG&bu-)BuO=en!>;IH7ORg8UHalLysR#Sh*Io0HA;(u{;DWD~>ZY0+L
zWJR45d|HxBg1gYr(V8Oj!YK^Bo)A}mkgg6xmV}<zvtm8|b(&NjQ%<zd<D4nQ`*qr?
zOcEI`KhlRS3j$Fe-SF^|2~p7R2^l2>t+qy|R7$5b(!WJ_Wf`A(C6$N!i+%1xeHg}i
zy?OclK#gE9Pd#V!ajfogmq#7Aoi<uleXgUG&E`AEt%>%ehZ;`bSpxfdXGinpsjyEU
zE<4l>NC#82f}LXrND?S;Uk4D9x1@?#&d6N~IRq063jLH*iM>G|*=cbrFB<vr4fd6$
zSOcVJfybs-so9;Qg;LRMWDz>_aDigdtNuH+fxZ?#Xe6&udYHh0NcaQKABf^el!^;2
zk>c2}<Sb(5(paQRBepDeC9{P((ZtyArq80E9Kp%X3>tq;O|azVe0pe*7pN^{69+4(
zn}J4}-qwN^yh2F7CJZz;hacGjJ*FPM>3sMa%`r(*{T4IZwmy01YSL*v^8z+jcKdKY
zYrN*(J-*)NS2DR>VzjwXdgiSw(vRc#gh1s`Vb<=8w4xheJW#+k=v>V;r?j^*D-LvG
zEJodC<~ym<kRdvfd+Y`GFqox*h$X+^Bguvn_|lpCm$c5^;)x$0SypmRiLjgJhx|e`
zOL>~a(l3ggqt*yhV%Xv^NCdrPtV|bw%9FrwX)qpktCS>w6>Ya^Q(7bk$E_z9yP6J`
z^eTUQLF%HmS#p^4>k;)@F>*E1BNTAi?W~GOmNjboDZ(5cW@cR4jc!$5T1H$}YbW<g
zjc13XrbBQSta!+0I1l+DZAOe!PqGYUD_#FuY~9jcwJqlfY+la0p~+@sS}n`=K~-}?
z70axabz`9j4Mc4vHJ0JwH`<<-xzcRiQ?*euH3}$*i@VxMq!UNEm+>*3C;KYnr2dAs
z=-jw4>SUW<e1dD<svYJUU(v@>9p-{-sM0w%OW`eEHyr2U<|VNiaImY7icFEeGhn+4
z%wZHTM4kK5%DEBkJ1fm>6E1Qa3!~{VuZROa+qET+%>|<lvv#$>ugPD0`s|L;nzpf8
z7P+wsbx!5M{d+hX=iifmPY{5H`Okc*JQ^AZ^e$=<4VN5<-f^$ZD^uIp-8I=)!zM$g
zwu=-(^hBmtzh>Fg&FV4$Nu82t(Z0ZOD3(dht{j4U^CB+1tt(0?0;|TQXaEdQ4g87g
zNU#R1qYejs`zNeGjd@A<g}4=T{zC|Gfjz4mMsESDR`B+yLL%l`&gLkb5T!%sJK)>X
zeMhXc|I+|as2j8^LoCp)@iL?H8ETFCLMZSazEyF<7vdblBkSKo42RPJ_wHz^?WPB>
z>lm~hLD|^Yh4$Crwy@J3?6T`vau;5o=P_C{H*TRSs67O`j^Pay|L@Sc>({>mUW@6_
ze+Q@CfI@Y%$p2@BGunTy;d}4%zr%lD+mO1o-S^3s;R6Oj#~hv5=6!91(nD}JFh}WO
zmbpaqVfI&~N=105cC;b{KIqA>Ln9~KhjCq4$Y0d~G({0+Am4uJBN6r^WQ~`yb@6@<
zFNbx-WAB7}J(MNX_R;bCI44PE#)hDd$?!<Ncto&$>G5)MgZU;*9D5A(cLE)|yc|5-
z+}wP8xp~<6H7&hOz5Uf<TiVv=yzI1bsCDCL@?mV<n(Hi3&+D*X75nA0K?mreA1V#k
zmU=J1L%OZa@ChNlySbq#x@22$h2J32lMDyP9Fh-bnkU50bR5>+6e@(f%86hEV<oCm
zqD?seXD<(A4S$Fj76@8<1kk)r^2|PO(d^{@Oo-e++1QrG)-!qw{PB5XWsTVP1(cKo
z41K74-BUv;FiRlCXEJJNps2jatBHTZ*V!(<_5(fqFS67B0$R3)+(!NaTC%e|K5<+(
zResR1bK$qU?vD>C5VA0^yT=VOKC*-J)8O7-XNaEuK;rrbXEE7iCC?Rm!nHWO;(bm_
z9?6$5KE(&xjlYW`^&p$J5-3q<i32JXD3fQ_;MAOVxC;|pC;QWF8U6DOAlUe?Hvm>)
zX)5eKu3xu3A&p=9>iGLcUeQ|k?%u2*egE?Y0B<*-dtanB*3D&&lr8u%`sDR%BK%9S
zSwaWbd27sdjvMx~4NRC4;>R_3Arq=7+SqCB6bE&0>8$1K8McsPX2xoL&(n1liSZH!
zkL~R^g0@Z<BYv6@q5A#t*vO~YW3j21aeU{TzKwQRY6`7^7(a9?DB%3D47W1SQMup(
zNP?!o{H3y?crktdcB4D1)o@Pzs$vY~cw<sv+zigc_vS6|W;Gq*)KbVBf7`I2Qm4)D
z=j&YY;!`j?HIL0%oC6GusTmRhKv$MkoYesnvH_9RVXe7sL_#a=l`0|o%GnbIR{Yft
zg^~2r&~~2MmL8Kw>zvGk>8Y`WAX@>nDrV%!>7LX%Z;OZWg~PipZGuMR1~xX4c|AB{
zM&^*YgZa8k<RuFMXO)=quCW*g`*3^NB&s!9C$~hNQN+y9?)zif*TaAeQvv*wK-0U%
zM=4Dt!iK$1zP<bCF)G+Na1c9_SIfwZiX|g*8c%+%<+~M}`Zubl#+9qbo~Sm5Elzu_
zeB-aA)5Z2LsGP3`Sc!YyB}1(&l~zDJ8g=)ufTCoCrH^r242iN40$)j?$dqR1L`eEz
zJzK=G{9tr0?d3Z(T9Mr7tLK`ZUU<0#p`{T|9>r3$q<jk!9fd3~l=Y5<oXYFhgA*Kj
z#X9r)^vi1ZKJkR5Ti5kV!Ry*34N`WZpXxS)o4pJ4gV`GDMdm6peHZv1UNqEd9<2QC
z(WZ|}!9uv_5VVVif8co9whHs4m4GRprcXTV3AI4>q&{wo>h=of<y0-|i^cl#)Wz|t
zQ2y=0^&jM*L$!@NY0===BsFckED&NII_sVk$OSJbFwM?f8l(^zstnKCj^RmZ4eR)<
z9+2|AyM08ppSlS!)SUt(iA>u+q3u0%OoGR<&c@nQ9hD3jCyoUg^_;o<lw!l*{;>9v
zuF>L<UgOv~hEEcFpHK<dcn@YZ@_h2~S0aNWJ6+8jn_ooc)IN4;U?hG{EG0i4u*-<M
zuP#IVd-pMKc}v-db*4kulhUnB8jc=T6a2D^F|0iIcL2+KP5;S1z(KD(4JaL^*zbR^
zma_&9#(2qx+l>WY`q<TrT4D3Wag~rQelOg9p!u$88<Va+3MU|t5lQpQw^I4-TPZ6r
z%eL9`7<!YmfnjgCnKVHZzwD$nS<BlCYTfV474;ts3SW=$xfE-1Y;qPSIDhVYo=eQF
z&nf!P3(j+CRhp~M&gCXGh=2(YDj_!fD5!P{ID)-UC3=>#Idwh3P}ir!t1}XiF@oM}
zlS5U`6<l>%mvfMJ`5=6jk8!IK!4OF4B&*~X5+uxA11N@=k*1jF<z22Ix_kaqe&`Lk
z6JVE%A88E0h|!1e&zNcJHh<*rgL2J~H!J(J+g8H|`yE=5qMUrXC@5&9?d?}I`knZy
zvqPK6+|`PUP_3u{8UcRDY;aMFS29flo9hb+n#9u&EbA`z?TLC(yi91>tR%S1ndh~S
zzj~vqX0eRM8Q!-ec7H|>`O^0drMEcr^i_|6h;r2bn;4^G!v_jQX&4HePI)74y+N8x
z2(URzR}g3Lj*7`STdIaFrZ=9O@U>-V>4Mdq3}i6<G0hA0?0>h$YHEb1?jl!sIhsA^
zlKzG$uNl^?db*EmVTKRXw6YaDUu%C;ygQQiz?YRI^8C~dBhp>1Qx^#L45$2B)iczc
zC!t)7nc^s*o2`GKEYOGhX?VrdVAvz`cxzo#fd2wP(J3Mc5hMR&!B;C01BJp%<j;&5
zd$ASAPvWo#TY;`njIhN3D9gv&I}PluKeR!p3y3z*>L`6g>Nu)&#|?TF^~e({@ahi@
zFa_g!(zy2&m4z|14x{bP1Q+BKzCq~D^n5;RJGAXzJbX~J{iv<|PTQ7GuNS5mDpnAW
zqz0$I=slJ<AF-)Dz8XVn05alNl!$W0@2GR%;yns<NUOV4NJ*~W$4ips(4~&+L^_Hd
z-L`&=Jx!NSic*}!v_fDZ!7g7weC<C#%1i|%Xl@x@cJavb(yeVZC03y>e>U9lphp5A
z5XA~n`V9fLItAI{NCUiSGN#hS&lVn|jMH75wO!bmrQsrGS^F~{L6e33@|U6v&dg%}
zW)6<Q-ayR3hHc*~QI1vnEtg|E2bCa!<yQ(jWUT>~v98T`PO31CJq<kIm73?ZkN3_^
zwO$S+1@*`)T#=KLIJ_u+od&zJ1yEr`Y)%C=2q!*+9x5YdylE7(iXorpyh%22@fvKf
zN6a=>F5L@;WCqw7TWHE`H}*P*#h5(M!o192KgpQW88~1ayQX53&!*j|6@Rg;)sZkC
z?1D3gUnPh2I&@*S<8zx!U{H&>;RFE)^Ap=H<7iN}51*)C`bMz2dU#`0eVL$782T!s
zk7`aW?e$kGo<pC`=3kGLp+=q?qRy#yegeqS8_%{t+Ym({WN?<|&S?`B{;(KA0$vpG
z5O{`_mS*H1;D7ftD|26=9(1{|8Cpv=cXoTbyUMB<_w#ssGAK}!B&hxBEMrh8rmqE&
zjkWCUE7itT&b^!!Kj?6(lUQ>**^ydZGhealyte`~u5XqXDM5~4oH7?RJ^5}jssujE
zYLmPRbxwAoHp<y6NcM3g4#ms630_H@n6J(y(c;4QA>dL^?q$_~+DOU=t{IQf^dArc
zBD?`@j1of8_lTkzp1W~jl)0-<Gn-F!w92gS!ZBlD1n+0ND}`l~!XZ2uN9W*oVz2nh
z5@{AhtvebS`$u3<drDkK$}|ZJ)N}}~Bh-c;VU|Nm)?ut@DHc4TMGVWg$neCfdSF=C
z?_4(e38QB@<KBX+WXO9^SXB1CE^T!r+dh*f9iN;wZA;GN^R8O@(|t=0RG;=UCOLfC
zT3_idHYmXk&>q1O+6mH%anO{SZ39H|92zmPv-2B$7emT9EB>`^o`#!ZN1k*z$*qnd
z6>kNZ{vQw_P^9`dh!7kSg-1TbVIrpZIzgDFzBz(zz<mgz>EF2~*K=eY$v2~;3Np`y
zgge#864j5hWn(*@jpH9IiNiRy%sVnI9Db!fxg57D_(<cl6YHCT?O63P*W;9(AZS}4
zp9g?a)D+US(_faa>i^Iab4;qOPq5QA+nRMzRXD~k`?_HJ9PnyfhcG#NBib96CO2_E
zmt&yN*$#tj47*Y!_{tDKz->Xqj|DlP<N8+W0~k;LhLR`WAF&5%)><3@j!(ZFhxAk1
zL-^}_YHWkC``uB&R4M3(NqRzJ<WZeLJ?Q!IE3=Qj=f<!E+)X`GKt!UX0Zk@y;+lWu
zxO=rXH5-%$qPjI1p^*hSvS-rw!H;kjxF_oxSU5tg1HhMaAVr0BBKQ}nVCT&K#~gnP
z5-JcO!rY5c;aXC~e8Qg*?TY0pQlY%|USE=ZM(;?2y9`AH&KPe%K)Zi&^;Waf0YVQ#
z8cW`oESl0uJ6hUd4Dsy4(QhO{#{0jK1a40dl2DlLG31_F==0x5Li_dqA_)=gASA&t
z{~m-S?8>kIjU<${|NoGL*;j4&jOJ2V6*vrSsa#M}RGKpsnvBy0pSn(u=i9PR_Aa{f
zMKTLOTyDOW)6if5b&)isd@djETR`|6R{u7#mvHg7CQ<5H`f04B#2)=b{?4d{e-jBR
zCBKOTlVJl$9xd3qX6#>_l`?e!Ov^=HgqqPb1>i6r9r1q*yjy)D)IPh+kg7}$<7Q7L
zV29B74I>;|m1|fRxNcis3zlTy3tNcGBL^OKZD&E{%{1%jy3f>y9fjTJ61-b6fjJ7!
zLrD;NxVY&Gv@vQUeu#7F42(9Ycs{LMYY-)XJ@Do)KSp*7wEeN|YxlI;DWq32e_E>G
zZa8)0=A}nR;aKjGen*vbde+$xeP6os#aPydOm4*8<e*6&^(!nX1TWXP1VXoEUSxL<
zERBhLIGfZ_V^sCF_{L~OpQPwPlW4yfEzH}yUv_o^Cg{v27?G%z4d-heK4Z=JN}Ffk
z)tAhx8OHHOO|~3t@EC7(@1~laSW0++fxh~EPs<9QLLRwQ>(*G?{Uts8`J2}ZuaNNZ
z>@qNgwW~b^(h&R5+g!m0#F|jUh3<-q^-f5ja>4`#0Ay0~n`UHW)nkLAYmv=E>hy;1
zKNse*^#B+(t}YBvcFDJ8cMS5r1)Gx_K=%e$Uwl6KQta<wScdw>o-H|<vNnoYpnOS_
z{9`2GwJf)pFuU8aNSHHWS~)wI8!7HX-|RyrnZcvraUEj3W3s~H;D2ZXj>Qj<ZlSdg
zXYbsk)5S-W^m<rdrORE(F)WS6a8=?uTpRj%ua>0HYhYT=7*s2=ireKW0_vF>pNv?>
z;h>5~sY>osEopGaD{15l*n`E7X=gKSKrI51QSeG%$F72o!Ol5$$)<+urH5l?y)v9S
zi5=?B@+$1W^aYgXjMvSdt;<E*OtH;PJisZrUVfh5pN<Z2hZp-}rJAbwmhJl)n#3JN
zBxM*omr9(Ej!u7DU>R=%->p!T+G3?3Ye^U0s@r+LoIufJv>9paLvwCZI;LJ!MX~CQ
zWIS<Os)$^lWsiK+svzl-RZIOzqswBR<1lQg=k7z9nTAzGM0@b{>O#w@YWoaauBMsq
z;hC81z1X1v%_?HPceV?2)Kr^N^Y<9<EY{da$E`Myk+fwc!2T$$BKpO3Qt-!!JbD$_
zr+JPj3~z`otEkJJ_F||{X!rT_UBN0|`rGbLy{YN~-*5z%oi&|D)|@)ZXm?=a@pF|7
z`W^DR@3LrlReiv->x#zBWRs1C<nfo(Sm%Zl<*CiHjCdD>n`E13B9FuX^D20$13Htw
zImSJnkzQ|!eJmVu?^PEx8dv;bk3U`)HK}FwK@;+c2&v#%bQ#;dDCJIuw_$;ikLlae
zn>VU|mUJW@QZWY0TP)qdJn?eWqUxKvIyrC~kQ|fMvUAu8?~{-~>&F09nCVa!96Jq0
zRW80$%<vnXs2juYlFc|-iEe~`o2e`{LTc2g*+)l!!{uQEZ6{6EV!3d93jj`fxn!qD
zFzo3R8nX3$6LOkt!Y{PE|4?}b?u}llNxRlFHzJvklDcJ(x?jZ#cS%z$LHtTsO3)@y
zu{B8lwM{m@WYiU5MdUN`S4EEPVo=MHZ$g|1SYaOT4uZDhUYk+&ByolJgFqXK@CWt3
zT^zR)9~<8L`?<!XXjT=TjMu^0K7;$}%Av8{L&{f3Ch$Py7YU_;^H08RXSiSu%XBWF
zm?!+0$W61{i)V#unYlnV!35%QX>YZJnPW4MQrhZO@@iU+i+L8uF{qM%AxrH{&D;|h
zmcXx6O^g|Fal#-q_$V9f7()iUlBK5`dBJ2ce=KuVba>|1O?H4>VDfMGIE}9~la(@~
z!8HVIY5$Bh6vxz9XGShTP0x*@5Ui)2O(P;3A5C{)E#5>|y);qFPB3%Rl0->N*(9Q)
zD{yY%OqH?AVZ0epmwmq_8wq}5)%mt3rFS8qkTh1JHxoK}2IFX;J5i~I5usx5XZd--
z*`lNT!^WdaaYJ^k9vtQH3VI=IRL1bl50Q6iYI;4yf$Jh)s2NfCx!X0Ue*hMgkbQG6
z{Yd-dL#iru@_zPb2i`4!C4SUSxprMAdxcGkwx;E|DP#-gXPaIAS*+)W4A)1Ak5w$<
zUb`y6wSmr9OO=*#j-LJ<BaWG#WEyRJD_4e`TAJ#@%Y~58-+gE3Dw406Pw4Y5$;b|O
zMOJ2drNWO@zUeNn_hb63JU03Fb&UjKE2vw0WMrS_#vasZ(!v5Ow3mC;lT$M!rje{C
zWuZpLOe|n<;b1q-+KKZ<mWXu&V-`jAMpE}|tzsS_66(ZEid<93ZrBaxQd2##5iUq^
z`a|9|PYfGjFVF;tn@_0|Jw=qg)Be_KO%a6f0M~HEljA<=Nx)AOaZ);@pu|45Jv>Ga
zNt47o9&hz)Yah94LI~IH?tGe_mt{Bj6o<b_q(+5Y!p)Ss>P4sv=d7ljxb9)X(fUI9
zd1vSJBU&<l1I4{P427k$73QnNyq~eo#x%Z@fo1fls4>20#}8ZTa3T=Ze?hoFHtvCo
zBPSl)vLQDN$#+=V@tSAWl9dPzXDX-ck*`7gb+1KBy(nTk@^sgE&5iIpbri?L>!PsS
zrJd|v=B94JcK=HjXL-Ekc(XAG@G;-LW`nU$$GB*d5eOh~A`Uv8bfTV{MBlS9Xy+eD
zvR$9Z--R~R`hj3x#-BD@b0LZSB>D*7G4c}ZA*AXjHl+CB5uR3<Y?nIkB{(rF?g~T2
zubXin)vPbOlqV5uU#NOZssBsHh?Xc}M(?CmMaAdb>1{gldIe`RU20>=cBRrmjpM)t
zzKAksk6d@CkZSdwh_bH>d=0iI7RJZ#Wo2{n^w!_!<h_?2dXh{`%)9Y9l|@ljxf7O3
zOr*zeRz*NoRzatv{4Hju<iErJtO13`JWI&PBqsh5{aMiFg3f5a<L>U^l~tNQQTz_I
z)%!Dhj4%6l-2bkSkkRf4Pe?%JHpJWtrJ;>TaQa@!{?F<ETpE&=Ho9XeaVC%1R-7l!
ztMYA*kFRep&;5*58mEeIsBl3>)H9|pd7TYQ&f&T0H$Aa{fwyPGHlk0?xJqWCFx<t9
z20d`mU`NB#V6@=^jpj<FY=Qn;QWeOL06Amt|3_>EBxX`1GGzWK`Z%EIf)Ex)-7?tU
zu_K$&YiPA28pzbYm#tJ+{fS?b{CiE_P25xsJ?IWvfbQT-%HMYo^nH8cKgKX4Dvdff
zPf~st$sfl46v^GM%&u}!BTGewq9ia6C?@*UgOfGXQ-)gy@v?H%3}4?(H;&c9J^*VF
z@M-^VnLL1Wz!Z_G=_?JuB`+&2MosepCnXWlkqLo#j63TWk^OqrGsuP-E*1_@_{)YG
zVf-G|v97CV0pg_dw+nSd-|O24gNU8~2>%(zFZ%da^xxv9p7z0DRPud=#MRO|wZzp?
zbM)`fI>%@}g{-lGaKxlWqlo{H=u$H~cA*EK*aXI*;V?LMouT7K{hvr-Y8>0!;d2FO
z-6oHTHahY+rHg0MxN2WD(!Xt@@4Wu9iFTTedHvHS+I}${#1{>+iN=T2?MTmo(|l1b
z$}#$d^UG}=H+Ep#qOkA+c<G@B1YWw2XGSX$|GSp{@ny&3B|Q4PrAl8j1xHU1fBjK+
zv|lhzPVv@b=(Ay*KZlw!G4Aoy0mxrjQ^1nhw^e{jTZ%zHV?cDispAdq7(8d`8xwG$
zRp2e8j+Zc`fkEGZG}1K+hq!XQ@q!RSCxw`Km7?^N1}df(|EriT0;#I>leVEjnnYMf
zS76zG?8Zok3VsO{!p)l>Vo;us;IJZlMLWVWH{}B)<D|k6Pedg)_TWHyf7hksk6n(e
zxgj4Wh6D|Q)&7}Q$B(Om<GyfP#HK8=ZOC2YN9HeS`HuKjyl084YiHWsR3A&rILKI<
zA{PHnrN4l67;JZ(!o(nzd^l9KJ0b&S19Bw<ESSyL{SEClE!l4<AqbEE=?fjQ{^JXE
z_(F(RZm|4*9tG6HfaKFO_r3JV(ZX|Kz7Pz>?e9YRqwT;l>Sy=?aRU-DZz{Z|8x^B`
z5NP+d)Oh*Z6WX=Qh)dYfq!!}76ur>B68<}hzT1%#+o*Jev39FoyYEn>)E%0BB;UpK
z?XZYNHX!!w6ywmzk)(E;{$MN(%l21BPiJJ?H(QzRx+T7y-ul_TV&ubqBS~Q|1od2Y
z&)SnRoxE8w!SBA8<4%Fs@6)a^(yesk0?##7eK_$NGY{Z?K5?4u8$_?o3$kw9>kiW2
zY~Z%OL-$y<M24>qUvZ{D&F4}6f|38=mbmpj2X}<VkM;|5k`f`LnqPtpVL9Y$x_9i{
z6Jt*nLroF<k&cG(2dWqh22~LHSZ9r#=_=gp^oM*rfsJ~FP!K{{w>TsEF9@=XFS1sz
zR+r60OJV?-p?Vv}&-m-wN^;AJ{}NvBnTVB8;^2$>9`pK?T5>&ZLx$Z26Xvp+4w@}@
za?5$uXcC*dd>RVVsPh8uL}(la-UJKsmL2<=`bF*`Dj*D_a{j`Lnxqnk^JgD2R#Opw
zA#J_W>p@0b8(k{ecQ*}fn_+N~xjKCJ@i9z>n*)Le;9xvz0};K=L%-{&;o8Ah&U5PR
za%8z{EOtJsZdB=Ca|1e-I3BhX^&L;pZnZTH`}#>r^$6|@#WRavPzb7e)<h935#@V5
z9l~9dXxyzF$CO64dSu_jbkhZJ6sHRNDkYHF%8*DfKXl9r{3xy_reTjQ@c_N4XPU_{
zXsCK1?<iOP?Sh2G{D%ut03sV)m3nB4RTJ&`$n%m;@T0w1Ht_z63dSvn!(?A&$KLF+
znxLrJnBwv}D9!Q?X(s|!I(LBMQ`*%~r@5_rZ&MOYezhHIk(j`^D;oA;QJq~B?IB%{
zOQ2dEv6gZ=Ey6p<)}Us&ZgDj21Cj=+T%M1J+2)_kyj&}e7QWdy1+^RQR@TiQO{g*^
z`=I`DLYCcdR+!13myp;7RcKzU+IPEl)DJB2v-siP*F!t4`OoO$0z!3@F12>S`5~v3
z$*u1Rl?~KKAR<OwK`uxMQls=j!28CK&)nth=OooOBHKr0gJkh{!r{Ab#x{3n9kTZ*
z^e=_NhN}ul8$W#;8#*49tMpx1Kq(RPX#knyndt#2;}0O7O5ukJc(ej#Vjbb|OPxa@
z;j}I5REDk2@!<q_zEw;EH~B+uefG;KiKKDOXp9rHcjQKuOyc-WAem-gL9MltSsj|-
z*(eJ@>Edkz5l?_Vcw3lDmTCGos~5w3R=Za3=O^LC5|a3F8DIdxLHa((FfG;*&9kvB
zcsuZpUOWO_@}~+1uLlfsONQDeLSK5}tPS3{^UiEUG@-4-h0LeKtiE1We0Agi<U<&D
zOIXE$dDqu$NSDjgiHO$8wV@H-NpIDZ&zuW)CJ<7D(tC)Y|F|R}5(4e~ing}^Fo+m%
zh_kd+O|pQ~h>yQh#DOd{7;8qj%0DdD+P&@h(j49R-Y^_A!Tg@%`U-lGlX?a2KKhIp
zB<pL^-MI+#uW@WTS`N5y$f|p|`8KQda)3JZR0AlyL&f9x6w$RY$%_@VY_4iw`a*Q7
z2Z&Wa^kKk2FVG17+mzOPg@hReH-6+Xbn>OBaPMhG*PAdxk_sGW@$kb14n|s%)xnm|
zR{CgO;P!k5QtO`XL6j11Yltd#UdG7h+8ET@_QQ_b+=&qrm%w*pHbj-0#Euw*Zpo}X
z8S2&ZzujbEs2|`Eih|kN?v1SpKF!;bm4$V$r_d>4jMtvznD`cT{?6)(ZIl=+2I?lH
ze8JJ{^U5d)`9Kkr;EWenBKe+SUWJi9w$Ib$=>r!L|L`X&wU~{&47~=(Mzv*UC{cuV
z3^0FIXUPkPv8g*fgaz#{d|tPU^)Lm$EoE_Qug!*nU%H;(7;~+I1-|{vL_`)g>s%Xx
zIJmX#mg(g18u*!ne5(>WA*MQOy+c%84YH(pYtjeSE73dS9`{txs+23%g1P)Fr;DXf
z`BzR?J=;y(V#dZ)s_xb5Gd=xvjVs4L(z)~uBJ!fa682xCf3fKl5#``%VhBxlOD5pT
zPsz%1aUnxwu;zJb%cYtPI<c6@GwM5F`gGvA#!T4W7yNQFpa|}rWOIBAp^G1qe9Ue~
zgy)^&*#iGz5V|_heJTtT(6T`+k;a-S=-oK*I2NB_>`<VmL~x5+V*V7#S_9sDVNG=1
zid~@#%G|naIT1uT-0F7YnnCebfE^60*LP(vPKEBvwp0MDf-o`x=y-ks@zsfK1nSBa
zq#NHr9`G}A8doa??xieQN^@Dn%ird)1)P7F$7l%poIW<Ph`2IOlPmC<q>PNbTgXQZ
z5>VuPT(-rasFCkw6MQPL?jDSXKCUrhs!+E4Y0oIap#;}=8BDYHhL`g_XF^q&W57ba
zQCjolnY^%*w0BKzg+)&}Ovh#@<THmq@AAOAWs4Lgu3l{~3a7yU@e{r=Xnx<TV8J)u
z(L^N4%plQiGo9YPD_xYhVA;FMl)2G$<$svRh{}s>etXAIWHRnpy2X#}NGgSqWK!!T
z7Y_E&Z`$fCMYu{vDWJKn$K%q~gV>=;?{HZ!kkt3bhX!s&v>!#52CS?}Xtvd%kpSg&
z`qpKxYn(&y0N%jUTlF2N0zl_o4xqEw@+yQa)wYh927|>6f_UwKXj68vcry_`nGM{2
zabY|G-UIT{`7eu=PKqzR3>n}fUi20R6X7W@cA|a8U4xZPdn@QifQi5}Li4wg%2zf4
zAd?Wr8IkZ_HDTvTQYJx$<Yfs&V<xNsaVcdCK-B5fEsYEtrHmh(Oag88xdq@r?xzLq
zEkk~0{!C4xSN-;zxSXI(F3lZGqA<tpNj?qNFM$^Dp7BrbGwsxqS0mCs>L1m64<*zC
z>B<rxH9m2OH-EpOlBv;m3;+4~h<BbeTTSq1dc!Jobm3_kz#L4%ansKeFVqnqTmNy6
zuGm!A74@U2ti=8ReaSnpri$RyK|P-7SVIqTivYcu(@u$kMm!5R=vU5Jc3OA%uThJG
zKR(`uzEkbZgRJ#DXNY%3b{(^U8sDOVBy3$=1@#pZ@_#+R-^l>SyI{2ia%EI7APQkT
zHsB^1Ga7J}j%m&BieWl`XiTiJN|Ev*n}Yb#rZJU?k!iLn6;JX*GE99@Nw5eYu67-G
z=aC?`W3O`s1v_l1`j&m3_a0DUzMpwmZ$mImkfvsei)~Gw5SZ|jX3J&I1l2_!#U|dI
zu=AH^ikXThc&5H9mz_ik>eugeB&Lq>kspVsAi&D$>U(O!ox?J|uox*1pRi!v@LgMc
zM(R<~CPsQG&^9eMU4KYXsUwBr&G(2YnbSTKxD%(Cz2e|w!)W^Qv-HS6?il{-H_0$}
z%h@*-s$b|2_!700`R$9AXdd}}O}$gXn42qZ!H;FEH4Mfg6jrx__8s@}#i9{b5TdN7
z4^25)X8uOrTqDaDzphBYfSCEhjn4WFo8-<_oGXPNofrTfP#dZqt;V;VKOHE^zM5vg
zf8RE9?NrTCl?8KQX;7>daTHWQdaZ9{h-;>I8B#R^vPXVhY%yr?$<<oE-7#rvnbp5W
z6N!R-s}&*xSDSvPl)=<MsqDYC15Mz}L_l3b`)mIhdR$&kU1VtONw-Yd@(R@^kg^(G
zoLKxOB^t6k;_cL$XA9-|GZO>z19^%1fvtvxWQ+$HUx^szv>|IBM`nfut32lP-_n-T
zFTvVY&mCdXyeOYmVyd)Wt_?Vu?iG^%r)1z%DPla|#7(}xvogtA%ZrX$DC|%J9fz*U
zm}_lylQ9u``(o+w7ywwRwvr>Y9BB})B4a+UI0&NBzpL6pvcFM~l>M~eVA4mXk<Li)
ztgYo3{uEMVIL94PWElRG?}v7aNGoXAG9^C4{2GgPJNzZ|EKv+}BJnErTU1*9g#Ru1
z+d|46sJFwRf#6T{jwn0DhiBX<%`uXbwGP3g<@WQ+ls6DMEgc6!aQJm^I#}cfrAZdT
zZC58cDVxGzoszLKZW*_9o1T|zEX77}7o>VGHiA)74jAe{J}2yO-{2k*`wN~jv?qAj
z@Hz<|qwl61G=Cf}SIa3XlYB<g$yeR@*g|<%e4G(j!z)tYVs(0f&BG44?D+wgEHhV4
znMJ+?DH*nC%usNy%jC8=zCPkaZC>VDjyDNigCE6fw|8S31nxgTfc-JItfGDo^EkD$
zsqmtS<)e$G!8RgJ)d=R|`HWhYV-ZzSjNRD!;n#hr0Su<P;K$~>O}!z)Q1sw;KaD1i
z#bQW2`^+gpc7xz>7Ny2X0xGTRPl5@N^x0cE-2FLo)Zh1vy&bxb+%}bsyRTbe=-Ef)
zvuBRD&21zPP`(=IC1{v!^@&NaG6xG4-lqOSL=1A{*C;h3NyGde7Ls|VVwEkRZSuY4
ze_Sp<I%$5pTv9<Um!0(AE|*_(e_Sr+svwsOSJJcK&S3BnVRe@30#toDjsT0L7c={V
zR~`K$J1#?m*Vb^SR!)!-Q_PE&QJEFY*(n&rT-yS`;&h@X?_;Jnu1%aQQ4pAlvb@A#
z9fX>(Rf+0YkEg<Lu;5sT5jf3gDBKUP8{M1dOPTZoPcY?zY(Sw*lvU2QB$ayCGZDIt
zm&dnSZnm17>m;Uz?S8PIW%Sjb2iL=2qW?$AN(3d|xbh|?-lTTyCEn`UckGcvSqe#-
zJM+kpY>3)|zwr*JjM%4qp)6`U@o1fIcq8VcTsi+$b=SFg<Q5iQd3t69!k}<9b(FSy
zPqnc$IJ!Fk+I4iVD$iwg28`ls5}1Udxyz_Kb|bO-U&u`O$?GY8i>ZX|zP^O5bg$b#
zr9qn_Vj(8{H2g0a1DU*H(5i^gmj7D@ARPrz|2=_xq(WY=JInv~^}=w_mgA?c`{)EE
zZ0CWvXv<}m2MV+te`Zkv7Zl!i_Y)%R*Mqh|pC&Wdze=^LYWX@EgA=0lF$C6YR`GC)
z&Lu%zeGi>QKsE8GWZf8l-m{YQ^HV88XPhcmKMI|4QNA~v!njp>f5->?jq&ZOkoYwj
zOseY6ae3?_`j<$+PzVnWG|GP3_)bj2`NHeG023hi{kBYZ`37PWc!bmiC7Rv8JP?!!
zQaMKN|B`-C#;)rFX4L<Y2M1c*<wC`M)83g6faw2{dksw!>lK-T{-f`(k~3O|JeG#2
zXkZkT<pIgY&yD*QGCw^`-fl`&PtJi0rZ9AtfaV9#Zj2OEQ{mB{>`7iTzgt`qhp0qQ
z;H3D}ZqR1IbE;qv!^pLNsDJJE5Fi%j7YqS{@;3cIkn=%^-}B%7yg)e|g-ijH?Pojd
zd-XkN&DehTH;o$5@6Z)k3KC4}_ddPi2X3B^j2^q72400NRk{X)5+{$@2Okt3{?UYs
ze&XugXHa_<Z+@p5ISA%F5?osY<WEw2*FIdTCNQD=R)#)fcemx$>#w1=HUjtheBM!q
zX7h%UrNQMJ9oqPX@z`vNi>IfVbQo<X(oq(dS>G7giw@zwd)tW<s0YxuWn1<Qz6e2D
z527_LZII0C$l84WmHVN<bHY~TSsd11pvWIwGEi`*5)k}oaop0$3IP-oYWMyb<=Op8
z_vHl+Ec()3Y_~0zM_fc&y6$MPTpv3!O)Rgn45m#T@<+|<B&o&?!E$u0vxV#J(BKiY
zcDL%}tHf$r9R*}tfjYnTepe0pN%iP$BLSB6Tdk9%&yuWN6EPQE$5XC_`@vbjx^t;p
zotKnmlmv)+i@Q0o&TsZBM*;4q9qVdTUPtJsAvkw^H6b38d@y#mnSJzDw3sJ;B;t}%
zjRp+8w||{bwP<ayQO(upYcD?cscR{2C{}QPYqk7ToOOgz*Wth4=IHzFs6l8t?{KPa
zLa=gU@gipFhszD(4cCdE5JdR!dj2)b%VYWa*`rbVWgi$P*_a0=ZT!A*_jX@Wr2IE4
zH0DrCN(J5Ch_CK%9`|3(IhK~!%CE$cSdP6pDgb~8n^J~*JNEbpWP|$cx*YnuQqkE4
zmc>vK+bJgthA-9`4wV*LG+i-4>&+7W=h|@ZXCZ~Z&l`9h3;9&;!!C=Gb%lI@8kbb+
zn_gWbep#dHSmNw_OS|UR_Mcz$AJ{&R$>KWgpjK2Ee0%0)(pvcq*S`F^{T0pYa+6nf
zYVm2_x-<*fy|g{#Cgq;i2W<jhu+2!|U{70P5V#YWS3w#t^&lP8<+3W>I#ALL<6Hc+
zkG<Vt{rVl6R84x`gzfuPPZ5mzqLHH3HqevJ&q>b^sHmXu3wZ6x<gb5ii3ZukA$3yp
zNqILq1>3(z`?5O=(;Z7kW32Hm)r0}FxN@Mi+${Zw!VmLmQtcPCPun%B&{CdGrONc;
z2mjJ~Uc094<hg9|Uw4mxNY`t$ARbRw+cyhmKe9@&mY1gMrU7*aAof+lsg3GXpyrg0
za=$=YpfC|P5^FU{FtRu1aQsi;AWgLQJ6$VuaPV%2afjyRbpt*o7w&HWTMHvdl$IS|
zml@VMC3G)LqpY}o!TmxlXEMCAv&hKr7Uzbk!hUauD{qqloHGDiPr``r)3k6|CuM-X
zdESd}r#I~dBI;W`$w;m>?DCNX-|pM@LNs@Jl5vqKct??#&5qkf!u15=7`wF$JMQpM
zn|J!$3H<oOTLkYiOHyFkKZ~!-ABY>Hm?EeR##MYI$KCdw58jaB+8@Xb^?e)rnxkxB
zv<gdK`H8;Z7s9^yxJ#G$s%yJTBU^g{UX6nFU>@L1&UV7=^r3$ejMj(pD;Uo4l4&nw
z+S<JF7FN@4(j;)sg2%|`!EWB=u?;!F#dppo<aND@cy;u-VGVeHV@3bA{g8M9%-X#=
z1!_PsE=jM&qv<L{VRT+i&mz6)dY&#6j|*AA!X9VxPEFtOMg}sd7w0cGyq+&qbl9zS
z(bVIpz|T_+&p@w1ZkLsG`>x~K2VL_qJOH4ev#R|0@47bn(o4vBhS`R<UA<fGy-{5E
z>r7tv$y4?&8L%d4#;%>7qm5Rd=55-~fCT>Td<C~a-twg<d!Fg^;d3k`AW?>Q*`W(b
zIY(NG5{@5yh_D5T|9bdPm}{9H@Z0h=M!!D<*bmP)e|Nw!utqOv4v3hIbbF$oD|Ej6
z?bEz};vN%+w+r<w$HBCC&<mZwLv0^yW~Z{`4S_`7FPk6)*0Uc>+yJ|@H5Ezw({b3!
zislhHh8cUVR8!a~Bl;>XD#K6uinC9i#N+AxnZ2rLOg+JvW9zp%RX|AL318CAxs8s@
zOabqyUVmTrE22|i*7g!1@HR3HI|~fF{?iy5jP1Z^jX9Vw8N!GHS_(SqNmtC9ph(x!
zb-;v?Ved*Kih!246YBdD#1vw8$KAR@=*@28C5}dVwvjYQe)x9;RoCAu4AE6=AJiHN
zG)e_Y+)$agELD627g)JDg-E<c(x`mF*u-K^Uwj_(7OLu9L@%l`GT^h&MCOEy+Z~Yb
zM)8&fv2OdRllclRV1<GJ^zFqFm=-=&V&;yeJol{jdd8y6)Z<^Yr|!pmWob%6bTxq$
za@9n9k^wx22K(@d4-?dp+h558u7_+wfDI9P3-}PVNk9vqrCwl03_S2zyIj3h$o*!Q
zYj515;I?XzwD;bt6JM2aS_-fXlgM|wLUykvtb1_m_mmANCiia#wP612MF$^S>8~sF
zqd1(}U7mDO2iT?eKGGve*43VWSLX#N^A&h}bI9He^i4V@xWiyZ$W|Hj5800S8A@fA
zF4BG<6-M#^*y&p1rW&R%cpK6d!jb7Vk4SG!R1E_}1dHczF;04PTyrcvhvu7v9;Ojn
z$Qmhd8TCCGb|5dbaA=Du3?h~EvJC<<zZfy|biC}Fk$qcu4sDBz3;`@MGc##pmiRCy
z_w}K@;FNUW0Q^*?FASf1eBAPYrofSksodfp@F>EGcxn9+gZFQ^JM)WcBth`N%KL#I
zS_l4eSmSqZ55QC39=}bxB(pJtjE<4}&j6W0UyR=P4e5u*1ketrjYHyi5xJ`pFY^_1
zPaPhfZf|>LmEmXS1UB=)uT*dMJ1v*2Wx#PqUsXBDS25;TL9Lx9T%*l&dO*P7SEw2_
zP7;&_`ayb~@lwmHT4Ohnu>uueBd7ltxC2N0%KrWreYi}Q|9CtviY$MAbTo^Lc{zdH
zs$3O?R7Z1s<lA6x@4d9&W~#)zSyP!L@*1;AFBUwF^1Z!({p(*7p3nE7%1UIC@hAeg
zDzl%#{7m^gFyD*i5x`mXD<f!S?!9gpUEv2?0eHMhoUi{pYAzmKlZUYAy{onULlsq_
zf1^-EcMktsxBj0VKWp&+9Y1?^`jpoH=eTP4&yI9DUJwAJ(YY`h_qj`>Q_~XK;7k`c
zH=2nQQ0*XCm<R)>dW?hP<KWck8Fm6X`(#(-pOf)tNG`nUQDclTmEwh%Nfo!uk}f8(
z5#^|VO5(iuYwhRP$OT<xe{;1)vr?SS%7m-xcdcZEQtKnm0u&+5v}ds55hjo0$xjM$
zyuOf0xu^^y^(2$=La@kYkImyW6iDH1GGx|Tz}SDwWonY&*-;DZ<GQH4;ESwg20NSC
zY|N-g8LDet5w9>WX*0g|zWSk+RIv7@ADCGyp;7bIrI;S974S>#x7Pc{{$;~jVZg$<
zSa53wl$l7+etPxG$z|>5MkYyHO$K?TOg{LuP)nQW(KfIOP_6P^W=dv46>*gdv2H8#
ze{E*4)KxRFrS{YMbEYRmWLkr1QXxHXrbI5%!s4j?OHOsYF_mKg>c3Df6>})lE1@8l
zr<|qnZ?0^YG8gPc&9vMwcT=8V?qJMcyx>cw1SHihQ?EQsFYKkee9k-pA#j1di$$5n
z#qtPtm3UGXQsqaHxDv@x9?wQxh4Z)&kfZ7dPqfrzNX~;r^o=tY)>B{hq`ibaV8saN
z%>Wa8n-rgzS=)8AO~8Bc^76g2RKj31dmqybyBG6n2y}<V=~S3(u~Q`%m}oqWG8sdz
zabYaljY9KsvWN>z3oUX;Zyc}}us=g4c@S};fW7jP-hc7|&^?`xbjJ=G0{>`fKHSO$
zUyJeXAGe>p$6QWtTs(SDuz7_Y`@xWU!q5Gm)VpEhQ($&#eu`ZR;p+Fkod|y_72|La
zL8fk(fg6|4kcwWd-B|3VQm<|(7nw{&TG$c>bql0JFiBIv4buPF{l7Jy?HC&T{TdSM
z`~BAFB|o!xj&+FBS-@URnOJ1Svc4^MKi$#sINu;Iy4DA(G>?#({9G?yUERnN1EAZI
zWo)v+HwtZPQ|2r>#VYZzV0ySG@=CBpnHN~M#<%~ER+)O2h(!{)gu_ZK<Q3*E=WJT)
vrD+Gz9S&zdz1m+tpm$FA%RcTX3j$qq(M8wScm4kX00960mRpSK0NMxu-#~D7

literal 0
HcmV?d00001

diff --git a/bootstrap/helm/cluster-api-operator/.helmignore b/bootstrap/helm/cluster-api-operator/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/bootstrap/helm/cluster-api-operator/Chart.lock b/bootstrap/helm/cluster-api-operator/Chart.lock
new file mode 100644
index 000000000..50f8708ff
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: cluster-api-operator
+  repository: https://kubernetes-sigs.github.io/cluster-api-operator
+  version: 0.2.0
+digest: sha256:c39f99bafb6548710529418988b5ec868b39091ed2d0173d4fab59ab7d05a98d
+generated: "2023-05-31T11:06:51.180036+02:00"
diff --git a/bootstrap/helm/cluster-api-operator/Chart.yaml b/bootstrap/helm/cluster-api-operator/Chart.yaml
new file mode 100644
index 000000000..9803106c1
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+name: cluster-api-operator
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.1
+appVersion: "0.2.0"
+dependencies:
+- name: cluster-api-operator
+  version: 0.2.0
+  repository: https://kubernetes-sigs.github.io/cluster-api-operator
diff --git a/bootstrap/helm/cluster-api-operator/README.md b/bootstrap/helm/cluster-api-operator/README.md
new file mode 100644
index 000000000..a67b66911
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/README.md
@@ -0,0 +1,3 @@
+# Cluster API Operator
+
+A helm chart that deploys the [Cluster API Operator](https://github.com/kubernetes-sigs/cluster-api-operator)
diff --git a/bootstrap/helm/cluster-api-operator/charts/cluster-api-operator-0.2.0.tgz b/bootstrap/helm/cluster-api-operator/charts/cluster-api-operator-0.2.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7e85197498d1053db4511df41d73d9c6505a769d
GIT binary patch
literal 42860
zcmYh?1CZrTxB&XyvAtv4wr$(CZF_cX+qP}nwr$V6`R~2&zIUo}`sAx5os%zJmG1rp
zCmamv*MFaHvR@Q>qVlu`qEgI~Zfs2Y49c{I3QT6|3T(_W%F4`ADwgJY)`o71ayDF|
zMwV8;F1*g|51JCcy|apW$*STSPK%5)DqQjhZl#SG5fi!gOJntyzp!iqiDx%MMSbyl
zmK-frE-fz3FXKNTK~c2RP-5aRJy2fsWx_cJ9(OXf*<SFZCGf;*2iUakGLTg7_AUmI
zQRvt9DL;!tNM*9Qz1~KveW1U+-X6@}yJfOJ&%3|o>vg{0PD#G+s%3m0%T2x?9#*?O
zKSqbY1GBhCmPN$L2&unLPdmF8tv99%b~3z$Ao$ogMB1aXcQ{?XJ<+`|xxC`w;87Tp
zZ{{JnG-mEyl20TUG_q(jVjUKkVzWlPq^IDg?h}So!(8hu#J@#YzP~+BHNWEw-To56
zn>-a8P1I*F^cAF3p#(2|*XwxQRd;*8i8*}weB2Iy-%(b4<K!<a^GuPw;({xDBg|fQ
zhlSqNZ`PAEClDQ<2$2y^Zz1-M;}g@2rqM%4uoEDVsP5g9fawjj1SV21@WB5S!%Idp
zb`^jiimL05Q>8ZO&_v<n5E<U~3dwsWBvOqzp_&REv6GyE<;fU)Bx^+~SdnW|BX=8C
zr#GqFF%$oL7+iDGq#3IuHZSNie44sBf5I|5ECVNg`?sJ;*?no4K62t)7$>QymyRZZ
z-Qt8Uupv&vjyj0aHVeg51W`V8gxdl4By2>if*Zxb*a8qo1%Pn%VtRJju<`H%*}HT8
zyBbH1sUUC^C8P3m=qp$@;#;<k@aL}$9?i>aPS3E>m1fmHGVv!L`7LedmV*ZGv^;r6
z9X?@Zo;HbUh%MJW8;Xo(ri%3`8-_Vgn}3JTdxkH<ru!$qvYlPCEAUW>$aM3pRQZ^+
zVSgpb<MCX7y`w0exF4CR?KD{2JlM)Mktt|8a^3*p!8<etwOWg1;Wm^rIfU89^|1Gx
zw)@kI{YBxVVps>4cu?tG<v8gS6{VDbmm?;WR)|aaa+k-c8^7W?%Tyfkuam0YNny}J
zxt%m2`Nl4F;r@Jh;p!dzdU?>eSKPO_Y3`Ca5i#E{YBP|aw;WDB4&?H2d0nioLgyh^
zphbrf29fhSNW%R@R=)@Ma%1Hln+naC>5xSfmd8Is>@4ar?`|rytuQam<`0|G6kP6!
zAQY4AhtnZwEd=;ONE3=Hd0rQ+TY%jMb(=V62;YVugb*;0lx(KI6etKB_8L6f&9Mp~
z27?onsnlfHH=)NW#F3F?=tnCd8~j{?dqz=W$mDht8ajia4JWvomYrXj(8|igu`Y|o
z#+775lyC0?k``AbJ_>1<6oVx;4YWyV2X9kKSW5|MU$lUwnA!UgR(F6BB=@-2BDWl1
zmIqle=Lauat_aP^Tz#gjh*jw=-+BMFcZR+y)34j$f%DesE~hAv!yZw`MD~DNh6Q4X
zkaUni5B@!q)<~q7P#z)9bmc=47Gqw4{{Z03(12eufk-KakSh_ay%SMDlThV(@mrRQ
zDyhuiGdQOUz8Pn!Q~5n$Gt+(OTz6LckkGm!GZ0L@WR<Fx&|C_$1A%G4g+}Ldm-FyF
zf_C*wqFkP4GaxceF)nsPKTLmOAqPHKg^cvVd3U0rC#;^G^t$5B_ED+Vf;Qwy%g2Ig
z&mP)KW;uZn@>4Dg6LJPYEVaxD&Y_4sj(#=kgWE|i=r)iOr$RyGxXh;_)Hhix{Opl@
zECFm$r4u36YDN$AO+}kWXsLiy^sY{^{$osO&%VFq{dEs8Ou{Ya9dzBTlc-6mfY*gl
zYH~QiyU9mZ>g4KOU4rc)A=ME;f_%xtwELXnj*pCt7P*WM2flp`<5Ea0jdG?eAyiz}
z>Nd%N4{iw%NM}<HW_>hNatdq@cr2mIpDJph9GNd$k-wA|jb|lyZ7?!sb81oKs$`>&
zhZ)$<3MPzRA-jXXu|83s4nIMd(0@?Wwxd#sj6e_~aDG9#J1vm_AyK#(Sgu?%2eG*p
zRj9khhbP5^K)*fM)h{$6e;!zV%ARadv~;QZDOB9(G)f|I-9H&)Gk}mOv56U65{woq
zVRV%FMAYSM_JuPDn}R{m>6owESanDvpU*%WN$_CI(-7k`IlN4(8>_Mr*$rR19K5D5
zy%Nhu6YfQ7vdnzzp&U%9gm5({nD;X1GXpQ~&|W7!m1&bmEOwPST2#nAuQ!U!G2Aq%
zn6YSX!r%cZvq!P;PPNBh^X|j3g|CcLq{8vdILANK?)_6PwFuwb3G7M>g@?*ATWOJ~
z;#BV`@hIh_l~`0<zw}8}-Vib{XopS-`OiaDi0lHL)T3;K%Ui=x*_`$-ZyPK|Ew*Cw
zN9OjNsu<40zM`B0Oh`b3mj?9Ls=O_b2W3nw)k6W`<sqC4hAF}#NmLPIKiW2;_u9%_
zJUKGHqhCN&O}I6G`XpP4JRWC&VuwoaybaDW<_?pfQVg^XdmR04L!S8Z`RdcRG6_-5
zRI_}`8BQm$uMH|zdfP<aw>h$9WKs=sLA5GpsU}I9bnH`7YXmDLKL1FY?Uk_`#g*qh
zwMsPc+O#Tux4!TOAwfRGA>JlQyc{=F37<4BsP>>BZfCHGw&7gS2~MN+3Hd#jDV#@r
z1tu1b7cwhtAQbbnZFkgUQZyUp32MPAbXFkktTId`=`sl(g(C(nofi*lEY@=GDLkOl
zV`!Nu;gqFS7nbdz*xTKdhVkd>Yjgk#B-cruMJxfgt<SkaZY>JtQsmXvbl{G0_wbXs
zKaK|@jmhQSpOw*dA`KJrfv3EohxNr-nnuveTNXW;RaFF<&Aab8SBy^-TIyshX)Iyg
zRUgQk?SacI`;&VYg7%>M40a#t-gL@;Ey|270Y=lTxc4qWHfh&9f}o>Vc3w3BYy1nH
zQ+=aYb%x=*)O1j(6zB>f)K1uTG3vx~=HH&YqvvKorFmD<9U+UCMJgf^KcA%&YnDNE
zP#AD&0zyeRp*Hkb3e40W))&io8NZ~Vpd}rfXMUX-Tw}A8uhFP7uoEORNxDDCaX}c+
zL2bM3vTVNPi9bhar&Z1cWuxy>q38>i*EY&Vlm0QcNFXIZ&|3u)n~7+FYmD}1IYnUp
zn}$0j`5-pgWm@w@kauoXzRXRm3TL!k8EWx+S~2pJFKL)>`fQSqDQcybmxORlkd%y%
z)R_2rU-3C$1yZaIzBZLU4B{pF3{LGLk+hCLGKp2{IrPGmQmeZPlAAbI94iq=JNwI8
zTm!}RLV;>uQ|7v4`94v+ESg=;8-^3={$~8yz>bg6$inKq#VD;Tc2=*iAL88rI1(;1
zDw{<)FG^nEU|!<nzL`eJhMaAg^O$V=;(Q-a9n?Ptu?8qYu$7)WI?cjHBLExUM1UxV
ztm}Ulub=X_6u7B4ufm%J{7gbNZW;o<N$(N{<-Z)Y1N~2Ke$wSb<zM-X*zoARFp_Gs
z_yMBt2IlH9;L4fCULA|Q=a4nQ-IaWAxbuJ=$O3}?=iX?{fbwxw1I~Ca5Ws{zs-D;9
zIO1epTKo|#3)&2ry178sUwYuQr!~Qr+E&$)6$Nz)_zU$Ipcz%UlXgh#ny$CjOxBFH
z(AMYNN!+#p1N$8+H|@q)9AHv_sn(H)keDri@H*`hV{?`f|MwKEG(ucX29g9<EStJQ
zl4FClV#(?B>>sw>3Y~hj_<)MX5nBTS^X!lNI=Kzb*IMbX-`2X&L9M>Xy0AVJVznZk
zB7etxoFmY`wqPzg6?0G_J6~VY<{V;@TW2*Et^%8Ir9NWkW+(I2Ue+9qNhn=WowErw
zD+RHfvv1a*mJ1x59hpqqs+mF1q=Aip>0$;#o4B5W7-j(5P6WWtVuHaphKMh&tJ1<q
zWl+Ln?M2ta3pwJ@xKP)Hu5IoW3CRVZnLLc+(XIkBO~GvdkhJd(q1i8DcEJj}RrjU`
zu;x9@puvR$s2bi5qjAj&QgYCapwX|F9OAXG2$-VSyG^@4<s>(fPp7JDfgM@G!E(XG
zgdF*~nNsJ3Ts7+-{q`_LZV4d<^fbjD2|4=hWom5Wi}oxO$ueKPfChhjxy>;AIRmno
zxZETk?9f>6Ssa0>TE-(;FGNcfXm0@(suOPjU$;g=5~j?Q4^ZmX+)t)ASAdP7qO;g$
zB_~sVdDWz8Dj^vFteBIpQOBds$hgNCqn(p4;ao5|2pD8VHEVXnE%AH;c7W-0urNix
zV$#1Cuic8X5_#rX0ek6bKCfV+x?=MJ8(y#Nmsw)m+SXyEs&UiqgYCzcB`(ZX|01r$
zW<d6yp<klX;1`ItA?G_Sh8f6}56Wv?pfF5<m_>AHcy}6ycS}T&0`6#7`(z*|#{L(x
zFtJ%ur9b}Ko7HIrOL|@%7|<UM4oEA}7Z)nQ7q>xz7Y^Vj5a^2w1f*901k{`4i@PAs
z3x`gG3)Xn&3)a^Wfa>(UZb*1Kj$Tu6%Q##P!*ud}J`CRx<h%n-z}iPBvY`*ON$M{|
z*dbK)6cQ@^z#HQShy&9lD}vZzgq;JEWh1>2XF_^ViV?*~a?JDmyrDkIL%chyd02<9
z#BAs<ZAm_^+9svs`Wpxi8c%YrF#Z5RvnV3Tl(v^qL0Pk^$V6UGscf}{*F{5~aZNg?
z)s}#7#mD#$kwIBf#_EP(XZT6F&V+l=nMZiwm%jnmqUy5zLd`<*{fUF_*ZzQHUAp@`
zF@icAg1e?#e;d;m`Z<8ITW6kPk7tkB*!2fXZWx8h-`my-mFfLgF^qM|r~GyiJs$JJ
z#?Oh-XyQX`5Rif^V;~Sh8W6&l{2>~uKXazj>Ujm=ilPMcRC4k{L4jRc2&(<Se!nNi
z6z4kFwV2L!dam+oQyNECY|fyR6fkW_s97{q>eT?AqJyTihRw`PqbNo5VL@g>ruDqd
zs)p=ENiTFs%mZW=2jnzr7K`%9FJ}5?e9xm)&piZO0+o*X!&tFcVj?(pOsvru%oR^U
zQ=LqgBE&6IxU`QZN<=$jGSKeZ*S_B0UxOu$dU!+F5sT2j#(dE<Oc8%2kFL%|Cz5ed
zNW9_nSuNr$JJyb!_HON_6tRG#*$Wy*?*niPW6l!<qlF^Ajhl8LtZ@?<dt9p?@<j3E
zGH{pXM<R0QQ!<wlL^9;paM_K9-ODGw(vA8c`S6=y-f`Q_R;_3g<gprnN6?Z<CalPH
z<AjLqx<jOtgeNgz@@0@B>_z%X@+N2Vr1n&d?0n|=GYmb<=J`b<fqO2H=I8*~ic1HI
zJXE92rXx|d=^WVXLA=O~(itB@@Mve<^dE!0AA`DR!EI|1AAqE1=yaEqyJ*+=KrPac
zxT5E-a^3p{RBy=nS7Uk}?ofd0tX2c*v=#&Du)U0RUH>b3RbaaA9Ch5@y!c=f;5mpe
zl%a#OLq2X&YrfQKx{mEh413;OigljOD=L=2*S7_M*@SjwCiJ~Jpp?HalyH<KwTKO?
zmKfwa4Pi|xv5Rb6Augv>FDC>aul=J4qkAb8X+|$47ePmPGim2P5m7(iFZk*axWZgg
z3!VwKE34xGLALyqPX;(T_8Ixy$O^Sdu_-$M>7jXSbayLNT`~F<_RX+jSK@ux_y;-g
z7Z4t$^Y^ge%|qRb<!+-!8U#Ce2*|g(>|i`Q{GwTIZb7)WdWJDp90Ag&5}pCmr8U%b
z=g}zqq>7aR(xr9h!7bVSq)2K`ftWLUitbITf&Oj&;tJ@$BM0D5TM7h(hYQB_)3OzQ
zTKG?(@Lxcy8u-8XZ$8%>6#$%TQSkpNbGdl^sp)4|9Gji}AcPm!&HHbPS67VHrp<y5
z0xIjdHTSr?sF6S@dmZ^Lcf=3kVZ8I3UkulwBOo@_G(Y78vCTD-@fLh<RI>{J!*z=2
z_&P?48z95a@h3X4BY(aKh-#oy5mtf$)?>P3dYBnE`g)j={#%_f1-BINvno;U{TJ{Y
zoA$RNrM(9+-s+h+SNfN1WAHBfo5X->&eDHb1|@nK`!Cb>^*}nWyV$T39au#F?Vzm%
zz)(%)m&!tWzZIYAa`3x;J}ys0f^lgN1*Eu4yKK^mVO1yYr%R=cY9for#QoIgeLzl9
zoBD{JS<(X^=#o<8$`pf7!sgoxEF~(`b%vf}9+}vKB_-;IpyEb2=DJRS1nHQ%3;lcX
zvttFUU4yOn`(Edp3Qn(XML=19yWyeN&9)Xzad-Ywe;RlO=t7agA_nXgH(Y%>)eSD+
z=`TzFU&Mw$DS0Bwqp&68VAX}IrRi-g;gdaqthp3(#p)e1_BhWBy<nDt5*he%n#qq2
zH<L2V&e`d*Qzr&eBze7NR})q3L`Q`9z#3Fk&r~tq3a^tQIyZtv7nc6C)5Nqi9NVN~
zLqBVCrSPgJN^cQ}v3Lxv_&<DwzSm%4H#OKy?9FM{Eh{<chw>L{9TSm?ZNe1P&9uZt
z@coIMO^$0CRl<@~<-&<N@RZ~J9Yb-U7^(y;<A>_sEgL=60ysDFF?7@P6Ci&aBr<#M
z-Lv5mrERqwG<B*2CP5=P7k<H(k2`?BS^f^Z?C|I{x9xLo*nwi)gh5d(m6g@^7p<2E
zDZh5V%-WnO*#KVm3QBLGIIlPz0kP0tZu<<9kt+UmH5QD~td9ZhQNHx|koekECUEN|
z^GpYRF|S**tHag9>-Fqz@3W<qp?BqXysiFxR5!g9Z_i_eV;(O~rsw0wr_L6)kAvMA
znioEf{lo&dEQE#lG4QIK_Fu<qMvKa8PDADUwUVzi<Up`#Y;gGtQ^_L;kQLN+pL|pX
z2mL%;|6-0fN=}*AmZ^HDLQ0y#!em?X>_LqQW^d&y3GFg=uLt;(M}I=2icWJ&z2a!(
zC3euv6FfvHQuzH17<sRP!7Q<lT}>Pq*0++UVmbg9LzdN!owBqwnHeh?KXq;)5hpkJ
zHrd7-dwlbI`D`;h4*6d_R!18Ee+&b{35ob$YJE4Xz%?Oq?I;*t26}HJ#=$xXEi{Yd
z$&_HjL_}t9185FafS-4`Y$%T@yaIaCP&&uPD4;;Lqh}zSaT^Bp`E`~|?jr&vA%lm0
z2B(gor+7%-pA9cTy%{-vb1EV}0{SRl;;Wb7__A_&a*#QC^gL8&I`6B$?-wx8+I4SM
z*XIpCTFq35qvf(-N~2W1CXh}lk7;IPXDYFp3%;uL8Q38^AjfO|WiZ;iByHtr-yfth
zN<YL(TrXs%7)0ZxGwJsImVCK+Os47P6q$}6*nm`ksH0ZcZx;kRexQ&C8zTvVvLTZ|
zE-4r_*%$9gLNge4xFnv!?5422eS*F`UK&h5_4-Y+wUE(RD_q|zWBKv-K0){BajAhc
z-6zn>zT~3o1C@6E=(KTPyw;3#qhc_F<XAMpZ3@zcy(U65LpO||(HD8r2cWN&m*q;t
z7iExTc)0uhV~@w%$MfSd^7^dAutz#?o($dpms=>ROsG6fm;El0!6#R=fi^vOwE$@W
z(rgl>+w0UP!|~`Lhs|oEOW<%*l(7|RVo_>q#^m~=L<l|9_q(`Ml#A-qzD`IGgrkZq
z88{#$a#YaWBY&l(1xRlGW<5Ax2O5O66$N*_#6o!!&jW;AI(eSA`_MwC-y4sQOPF(8
zGfwTR0@H^39O?Io`xJJv=Ogah)Mn%&$bhE_1W?{4ymZ1`#F-(5$9fVk$=fjLl!T6w
z-qwidQ21xxSNwrS99gjm86nM0Fy)3w5tz%h>22f~ws(IrlrUSoof_#n)#kcZ0AX~|
z@rGz;XUO3xFRoR0TVoz(CiuAf@H{<%{w^iiC0u=`ebhkynl<>Q934?LeEnx~RyfG%
zuO*=1=>BJ7;-4O7(t@CiE7`p~x__KmMaIz;PnGB7S&Nectosq5@JXBjnON`CtWVa*
zYw|XY3=ap}>(S{Q%l6mZ!8H8GG*7m-^IPZVFpZ3ijC9xQ$K?6B3(EG~{B^gUk#qU?
z<L4;L!JdW;UU6}@*MZhxa8jWpwOj3ifL)ZK+#9j?`cztb*M*VUablhm$1wqQc&SEK
z<%W#IFd`v!sHf-xzr;iDefiuN{p)BS7Ipfsv=ifXAgfwxS7bcjEvA|-z&1mI+a$@6
zS!iDIU-BU1q%rn|CYyu~ggK-PPL<EcA8YM_gBS2uSf6<^Ey>2N3?*!B^`?@2W9z$V
zZ|3$mmrkevOtmhB6_W@(xTAv@IaUVd%O1VRgvb8k+7VYwmFYT{7NT%u>bd>?mL)Mk
zGIIoD<BW?|2=2{pB}rl(sm>U*TaM0M1L-2C9@VGZ%pvXqCrWpGTs=UFRspec)ngpp
zdg8|5n!#GRfK#0f70%kH2wfI3`9KEyJl73@#mlUV8W|@<Ux8TF9_*S@99NK$_@_83
zL*J7(plOL{eP}eP$$*$RlDz3q8uj3vlw4RGRFFNZ(~k6;b75M_ZrLUVPm2XqNujja
z-z*cy&&Uu~lcr<l4DJo$F}fSY@_2_sULg<z4CG#Qql?TT6ha-mip;)v^~k5{$Hnd$
z2KdA*Oq(jI-~1j7E{gNX`oX42=ld!(MM+)EZDKhurPVso!$X!QeCMkSot@MA#++z+
zNU3?s!polH64hQELW()_RTbMsORK*StXlPnL@db5`?2BM&SF4K=q3<{J6qY=@y{)J
z2)cwG%T@fp7D!uYz1;QjPJ*c%vM3i>+=~uIph!d216Ph8`qt?+V);vx1HovgeU%lm
zY5i~g7IY3{91>*l$kr1S9|nh&1-Ib)GSGQ_NPw43T3ad@`3VrAxXzh>MFw+<$bi1(
z_&CII616FKz3tj-Evp#6L<?z&yHI^jTWhYf6}COCjRt8aA(XR$kPtuUfY=gDJc*W4
zmLBUn&4^Z_rxgQzPGx3l#XP1B+&#00G^iACXhD(`U$ic6uYSLOdPSL^pu2j&pxm(L
zQRdbXpv+D##wn5*?T2hV=8}3T&s2OfT7e-1YqT-n3<+Z*UBDb7JS1V9In?o9|8lJG
z_EY;#vOsv?!<iemME@Ovq4nY>q@K5KAtv!4v$((@A|JA8jt%{ENVTe>2p>!hY>yg3
zC(bfj(YHJS-QC!w*OVuzBJZ;V^Ohs4M8U!NrW#PS<;Afb!dFNKp!0NJ*nlP*%(0CP
z5Y2u~RdFIUGq^3Dq3rHtD0;as+|&E}l_QOqjv5!af`XPa%|9JcGG|wRA_KkL`0vbZ
zGA2sgkkQ`|E{Mh_mJZYi7S~8Erp;>63AMdwJ<aCrifCd>cw1%D35-NWg3BP6IY#G~
zwKL{oT47}wBUzP@mc^*bYaP}~=U8z_sPb{1i^@Y-ZC^2AWWhC0*LJAM8ur=%`Q;AZ
ziM#l~^MfO-$V0QhuWSa$5#joYbR!RudA&LsT4?Z$_dx(IA(FSNUui~!xvFuFK4tL4
z9xT1G^%f}Jo_FW7Va!Kh(b#{?iqcjKuEnL!Id7H}>DJ#%qOOSgOSQPwIB2f&^EL_J
z%hQTc{}|>kRjS!NYo<Qm>4Ru%Bcj<jL0s*sG79e~JratC5(<G7n>Bw_t;XB(0}MO`
zMkJa{rLtutwscI7#n%*5EaK9oQNtX%pw+w~K!5JOk?f_QJncc$8^ez(6N-uMVOO*L
z!K$;Gd?<uzPB4QAO{d8f*@g?tZ)PQ6k-LW~;ts5*u89#s8?U=ZMFgU;zR7GUea@JB
zv%r*qe&d)n6*z3t6r!6pm!6ZKiDV6*mlu_%w3AM50!@CA&iL~)4dzHU44s~@KXZCH
z7PlXC`)ju#_>9pMO0!Vk9LOZCeD*Z;V$v*^y@x0alCWTIHI$wYvGYS}p1{%1g9@AE
zm-97jYtco_Mjx9%eO-0ZV%TA(RG`r*H@{6Q;c=AZKrm(*x@qIwIbz>$aR<~5aBB48
z89j`CG5?xfEzwgdw2>KA2cuFz{A1<h%SPDobss>Hb<gwp&H9t&+3Gf}Q#;t9?0tLk
z@<Q0gW7g<H)UfH3Fa;Z!F=AZ?{g$VC>8Wl$?=`R6u3CcV4h$aY5s>kHR;cSqfYZqG
zcY3Zjdk$vLKiNChEa?U`Jo_ahX#osDv9s;{AF3#wZpaoBVf&p-JryfbysYH*7u@%&
z7opsqp&?Kq`TFnH*w6cn4+VB<a0zM7&zm#F!*!k=FQA=$(ECnL`hPOe#U9QUOEvwX
z0Bv{rwJ&@_DtrW_&<+7Fj$bhl*3~__CcFXhubrMBy~JXRj*}CGWaxDbv_DQiQ96a4
zH{H@KOeva~_TzGvcgz<Ma@41!LL~06x(y0mb}!n`3UM;tXB7gzcM6rG%}F|H8$lsZ
z<2&38jAPBsjR5Tu=3kmbOjFxmCaT;7Cl`d9ADI$;C{;EcbZrM=B0BY8(QgZ(=cRCn
z5}85i0=NQp6Qc^9*gA<5#pco3&hh|d-1E*+_FW-O@bG-r4V1AvO*{Ndskj3n^4jQ<
zm|1|&Rxp$UZ2(IkMq0(-o7Bf)EC#XIq~m4|9z}eNhxh>ZBE{kUJkAI&mVf>+5*0nH
z^MPh!TKzo)jY2nVAtJi-B>Rv=a=-{sRD_*d#ojni;+~MJ@e9w_!B8WMxXMA7`Pst<
zG!xkgM;C3iu#EaP1)io%?eyW1_>dxlc@{YyY;$?EOu<4xPo6|f&ziqUP{&x_iRRF5
z7=-=Ve0t9!4PF~Ya68S)va<;B6e|`3cQwYWIAQ%J$vuQDLxo>|TEB2SS3D2x^%K=7
zAu*2k@952Dwm+2Wr#EXA?B8}W*Hj;AwL5<XuRI!TTbN@tDFaq}1^CXZ5;-H@R4VCD
zFV-ZWok+;1VdW%r{YTg|c|?Q-c-eeA&}+7mBD(@dxB+=PEsy!GQ!d;E^Pgu+Q>8gZ
zxo*)k`Ne)nBQhlZ`e~)oc7jM1uk9^u%XJF&0+kNdu)GtbK~|{{PPlU|zdm+kbb-lQ
zS>}ky5r?CiI*mFPO7DQmX_Tfo>zd_94bHNvN<VXV-4JD&M7LX$qbSHmUjf}%BmT%_
zVhDwCb6!%}{I*jxEx$A_HZ9y1mA6i5{?<8@O4}^R&XyUmK}ts4jOxllhrd^rGkZk{
z=wx9mT<$nrzMbt=w~t(kX$v#8amuE7Z!NW@ZKgzz3IPvsw04v#NvYZ9oPzP+GpDZa
zi3W7iG-fQNZ(F9&d`cutz3P}D0!?PuvX&5-@lL7QRuZpq+mA6EjO;f~mx+PfbnUrl
z8`QPwjWE6s=2Llwx|RNEv790lbw|LZ>t0~PZ&414aB9dqgT3`$Yy0R3rMzWUs0c-A
zkj-Ug!g<L>NhC5diyDO|^&v0^J!^`WiEW$G)K&OZO|WknstBD?>W`}29KeTmFI<Ju
z)@E6-*f=PzQakKEl)vCi-tbL+$%88^VALouQLmNe0u*+@USZH(H31cS6`(|x-if%@
z(4VP$3@m-R(dHc)B$~-xLv-Q$<WRb05dy<^-3IbFcUh7=Jchf7<Mhf9tUH%`F%wo$
zfmzkX>K8lf%s*&))$6Eu@bZ<a8wrL&Ch@ZG(pvF_XWZW`E}c4QO?F3H0S7Qqf=QoD
zkau0XH!Fz{`S@g$NBxYlc~ei^-R4$Wcjy+&ovU!2Hd@VuNR~h!N~d}|2dTDCUcoqv
zm{Q%QT9howPVbg>>eYaP4KyN2XUxf^*ana>(D2_StwMnrUMNl~!`fwuocKq=)%%x&
zW}2v-OPy8KjhNqRG?F$u);BI}jlp4$MBK6ULqIH%JAY?YY_Y9~OX)LeoMEHeW70~P
z0yIIZ67Nv#H7a(Ej*;VNUZ48Y+J}VD2Z$4!{jEtL94{1$>Y?K;aN>*cPl^Mo6b};z
zu?HpiW1JP5FiuXPPGT{OCH5S-FBaK_3U^kN?KhCnn$slBkn8xB*iLHRD3ZcQA0?Bm
z+z6x!oEJf-is9%*dk&fj54aFHSr6YiHnJ(<AD=+4<F)2GEX^RwzrDLqn3A50ZSFe?
z*iR=J3I!QI41;4TP0Q4!^bG4JA9oC}6<CgvQ*Fga$<$6GcsKI%w4q*(t~}+d$YJMg
z9#H(doyOJkoXdHUq7w7!uQdcST}e-lbp;!B&A4ckJke4hG%Vu_w{!>s05PL$-;s__
z;i7Ij#k~28Ov@zT$;(2p1z6kC8=lU#WN26=&Rj6;EKS|YIR{9G$3W+7EgOP?e(0_x
znUXG#<tf_=!lE~E$<V293zV}^d#RccGmwUqJPmA)U~s_Uc$?kQx1f>Z1Lyn-oqKjE
z<NOFgrzhNa|Ki+xMmnU!#4D7Kt!=gEwX8U7`<K*nx--AJ#2{a<*Y7|G+$!+d)SV$y
zvN7x<VHex;Ro?k`zMF^<{~>LwMVTe7=XT+Tnz#2(ujfU>kj;Jxo7X)7W0CIUEEG-x
zdkJwp49r{!3@fat5?_nAhmnlSdEVqS!lLa7l&jhgks>$k8zw0+x|Lcf=D8z`NLL2O
zsB>*=)oXV<Ie+^{FBR}mQ(^P|-qWA{>euMJOjcH#Z{lc5hyxs;+9f*wB0y=)W?F=9
z!Bb*k=@;dIM2mzSCwpBRUvbvEHcx672r>Zjb?jQw;@Gtr!$2d(t(I4-zZ`~GU{-#@
zc5EMZiXRvEk<hFSH2k94E4I-X?ze{6{<>rLuVN{kwH)pw2Vy98Ah&5-XrMeVa;d&f
zyE1b$<M)1bk&~dLU)rs$5Ykrhoe0kzg3S@zxg3p2i`_d-xG-6K`+?^Q4Tna*^`_#W
z1L>Wxa(!ytDM*AW9B*_=6Kwecn!tTA%h7oozn`(wOF`2&>8MV=&s@Affij-;!lvY!
zkdVA&sVB!2^@Vrn<J9JzME?FkQG6Ouf%aT#4sS3^ZzQc;Na!DA$$Rr(b~9k?5TwxS
zPv7d8A9MNfI~~L0<_(V)pN2TvR23zltB?BfBgu}q*)6HuIoZxXqy4yu?%QJ^%W89j
z*0%liW?N+-j?hy=hIK#_KR1RX)#w12!qmHbNsM%U8TZyBxFFiwRhr?eg!+fA^Sh0{
z8F&4{bw(<cUFjB@BzHIVS5*5urpef}n2=!>`W=h{{9ur#?^XTFe5WVo$`NNjtY*te
zsylRshDkpor~z19F6FGsj<!GR`BABpMWCPxF5#Pj&B1WJ6B~`E#&Z-(mD5>cSJLS>
z)GoEEJEN4Bb%mLL8h(KBVh;{eqzOyg?4DF3?3#8d&Iesb1iPZ8-8G$)!X~Ft{A)$P
zF2H&Mc$k_b^4kM!%Fm=KLLcFv*|B{)`FioDAR_-vZkWIBO^%!2n5V)o*W<2ryr#Y_
zr@G2HtpQBED!Pg_nnme?IZ6tm4V@*tCwr?3BtKL;F%&fE5di#p7i0)JYGupAvx;4q
zFj~sRQfY~or3%MKm-xfFBcY-+dx@vxH&?e1Q(p*4fy%bJ<ma+#Wl~sVg3(mKaHnM#
z9f9LcD5;E5sf?{~Aa|aPND0cy0+JAZ803VmxjeF*(_i-g`7CRj<qm%qbnfsdml&Xe
zUH}f)^3}30E{-F~<9x@9qf1HQ`y45%(rRIk&-C({o0+GqzLT#43r^#rOJXww>V&z{
zB3qULT+5RBBBpiDg?fvxC^Z%`<h!;WNkH@E2An%95b4^O#Z>R*Q&Dy~!dWx740r~y
zHzls-T&#c(6^TDc$${fri1Gy<Be{+`7@hZ5b9T;tqXipCUR9xs^5;2dR{~}0cnqB?
zC9mWKI74)!9)GaPh>XZ18x(cU?%jr*?;^nHc(2#kyIQCiCUCQ0U4z|L&0!Yr0!1Yi
z{BHgx1A<!kN)JbsqG4yYWbb-8y_i{-J0eH0IK+5&tZ`gQvLe&QS}0vw!5f_bPl>((
zK<2rCC5sgWYd4Z_*;9uS=rODG!xB@qA=1Tgr0|xJ2&W^Uq=@C&xU-#bP0FlM+<S9T
zj6@-IdLQ}~=HoPxOK(@7S*uFd!mSxEtCuy8T|d4IXkH%ji+nn!k<-Wq?^Bs}qK;f+
zDg|k;kDZ+AI6!Yo8iiqfL>s8Z{x0y~DyZV>r+A&ruBy5mwfx1#3wZ*4Hm}0^r*quB
z<DKJauxn}=LtjX*{HObFJf)37q=s8E1@IZ>hmfvC<Jx1<dg-7aR}k4$S&i9JCPgKP
zotiITt5~A0_S2hQ#TJq_2SOWVVlGv`ql$v077UVl90L+~ZSB0#A~2*t*q4V34F8h|
zO#Q?(-=m(Crq-o$5rzxY3#=d8+FFiaSH_Sah5VN|R~Fe7f|K%7sWA1f!j=bqas&(}
zC@u-B-R;<*^ZmAt2K#c?!YQ*0ND#z@hzu)>Tn=(oH!rP?uR1u-cvs!dE0qY^LDg!S
z;xe`J$;rh08LIdd`P)4%2u52iEw13%ypcFw``qrFw`r=fb?k{T^zT`Je3=E+*>YfP
z*F_Pr%5pE{;;FY-pkVqLtg@>}kW`)6rR+ejK>x7f+ve94nd?n{m0D!(lBT}WccCVh
ztQ&??WY_!dsC}!ad^<nvZblqz94#v_hMIh&iHtRw#MErKyl7S@%bhlPyY@QH(?{VO
z|79@$XKxCUy_o_a8Be|>lP=nRVO{F<?5)do?nx*20;<ySwfD;|<q(_J+I`$OJ6v%p
zS6P;hHCVXy_#ZkE5pzx4W7B8GH>rnPM2TlJ^Fpp@)uIqed~>|4{GsJ+)I8_+NzTED
z6*MaR_Z7bilCd3mod`Ay)~=&pA6vccHx`gcORs=d=J}}KxrSomKc_fZoZXfkiJ_AH
z-ZtjM8_)bfaXbSX!JjEeG;Hq?HRY&rF;JoYlyyPc$`C&))l9U;RsKnHLhuNf0bM#m
z3e!HdATv(KAp88qvG{&{rYkKT^wIGgOH;BdKQdp}V>V5CW|s>^THTiI<`0+gcR}*w
zEny!K)QndtIZ^>XX5h)c*vOc}Fzkz*HQ*dAcGG+v;#th=XH?=*ObcTHNk4hV9QOOD
zKHdlPeScmidK)q0B3h<965S*J3;m<=8u2Z54He%(uL#Q`3-Re=^H8O`&HQ7-tEP@l
zP#N$X<y>24n)ftM6Z(1D`n&u3?+o#0d|Bga^_giTnp)gSI-edxK9hbA^+S9$(^@W)
zRv;tL1*ccNJFaG%-ov$Y6Gv>mOKyOaTAaV0fJ><xaDssnTo0^-a=eL{7`tmdi=wdf
zq><Wa$woFG&Abws8{QN`9l>d8PC60w9#tZcY4=nDb6^=mii}*+N8csoFjo3<uQD`+
zt1i%vVEz$CnOwOdmK9#aGm6S`Bjgecmr_89@&WTATnS9RCA2VDB@7mU{@sg(nuZl_
zr{-^lw)SKByDATs8KeF~?}PszQ<Q1O;TGhWoLXei)(U?iC$TelT`^dPQNM5>N4b&|
z&ARgvUP%f2oa18k%gpKT*?;QkLUhql2Iv4uFJ<|4)hlCFG78OFG6A+G5=Do7sr0pV
z-^=dgSk<|}+j*g`Sgj(LmLpRwC~~}Y&GByMc4({Ji90GGirQ(P*s{=3@@DcgHsmh$
z@Egd)>_;CIe4z@yP#!u=#n)0G5Qb#Y$4l#q4XzcGu6GeI&9Sna5a?ePvirW7qWX@p
z7Zi_PKdQJSL_1XCLH8lC0}s1eHI|vRlp=@&kG+tJC1T*U_m@Za@agB|2f8N5h$g^g
zxBat)5jlT_3Fn%p_FOf}<%L57J#@~V-Oj=3@N4<19QK+}@~==}!cC{^;cK-7I(P+#
zW>5Pzul;f#%enFpHm2;>%B*_FBd_=b3<xuf^5|4581@(JIp;Fjo%hS>xD}O3t~gJY
z*;hFYZNoIt5^X#3M$;bFXVooYN%k7jerdF=uH6nlWl*8irLpu^=xS%^PWt|yH+8Tw
zUUEz(6gnF035TKzC!+O3o}K6!X&awaa0F0D95eV0X+L^De+$W!O`y!~#URT!(DM0J
zBB=o1$PV;eHJ-pB<=_Bbybat|i3>BqB*IsU-pZ>AhOH19Qoi*F_m{n>6dNL2L$X+V
z=WH5rjne8(svmCc!oQ9GE&(zfV8az3YH8QQrJST*TL#db;>y8CR>_>DA1XFXI+m4}
zL%kR|6W2Z?utBXz2O^?K8!DnrGWq=`fjOMV!mNIx4Sq9wwn1%8MP(~|sbMk7E^fY*
zYb{66so+xKMSA_PaUt}7!Jju}+2q_-pht=#33ErleZyoqyPQ7B<>~M7Gr?Tg-qAHm
z1E|X9sw0civX>yvgQ84QByx}isg*c4^!&vwMml%U0X?-;z&<xVNo;Im<^=iT;!M&e
zZ;1Bj3g<jg8uN8!sv@i5wh7I#F2a^c`b!8)##4051Bv8y%6OaUtSx)m7wz873mzhk
z=?!EY%TC?%e@?G6^2dU?tov8~&^_Jr$E5G@rmX>3Nun_u<Vaa*5UK7ZR0l|+N^7S_
zC2*;h25+?ork)yNu3F#xx#^_oEbhnD-NuDx9j}YceQ%ZN_o)#h=y+@|#ppg&sD2l1
z$#%7a-uz_aa>w0bVb}7#MxDsYAa}u1+?c^^_^=wwKtfYt&CoTG-t>a7H>&ldWz?!w
z?6S|$6ZiGA#%Mq71<Y;+svWf1WUc6+=!c^mbdd{H)T_{f29}L;D7bj?N}4=O_;j-P
z65C>eiAx_tk(AuzMHH<yZ!Hv0N&G~1a-I(E&&`A;>YJ5f^`X|RExGDribO>mr@RkL
zSJb23<m=%*f77w0wI{oAMqqvxFhp$S6&woFz!P?ByIDE&P)~R8MV2n#42!J$1e>SF
z+u4L;#_@S@RRG~UO|)#0$;ReNKG@j$T!a~<?f+R4x)5d(e2ah>e<a>#Bbe!!44f2r
zY`yL|bkcv9yjtsjFZIvQZsgvjcknfL9`l2VW^-@AT27!2E`3gHsmx_j*jqLkW1Q`A
zH+oxl*gg!v$iJ`jhrE^$e8@x<e1E_yME}p<ZH<E!LB!;d@saE~?r4g$qOejjXFx(7
z1NcNZ_-R0uZ)wBNdPv$@qAQ|Hl5K3eXCh!;1`l%!xI%OG(h@<Vv}dZO;-xN+q7k|+
zTW+636~TksdfUdu038;no`p@!rkSg+D4z=lrF~&)#Uf6<F{LxHji^UMu`uU7jq=c7
z3{J-5oFCxqfGo+TK$`x3x@nF>@)&R_DETlMF5kVrT+uk#bysSn^pZMd8yVj?p)z;j
z*N7?l7Ck*Vnx*u#Vy{O;=7egOL8wyBgK3v>wF<VFW8-K;XWUf52!JXEVE9D~(-+Lp
z;W(bk1G<v}ij&6%hi?v>*s83xG&?YgFpKxaiXkWXd~1J<A6~LaWv!0Hlwv2`jR_F1
zCA$yROJ!S!VV!}eGP(P%oA8X@!4^tj4x9PAmef}W*(YNbQEH$LFdzf3K2jaq--990
z887*{!UWb`t^6*dbTLSG3gmWX|CgI7c1p+*fcuFzg)w$bh_RoCDSgk6%KJfhGa<%L
zASre_3nNUQ;+Z6NTVGrb8?aWgT5eVpMyS-0U(#r7HHtnd#^Ji^V24YnaNWei_=b%#
z(g>C2!oc$P)*%Xg1!7#xRb6FH>v>tm>zh`sGf64?t~@_#IbTSCKpOBAn7z$V1kxj4
zOhHdW!ZEFNdX9@7fK3F8t+5{JX|?91K;;V5IiKC&T!15c?O_28`3d8zf3HGCm!wRs
zirNNa3HjqHTSPaeIBrq3pnMEXV)YnFpfeAeaAGG4z*Bk;_X3UU7d=5HyLRdgr5Q=Q
zOfpm$4O*{c4ncS$PPq7-+yQB2hfy1PmgjSSY5$dN+7dbHf7b4#>_^+>00HG{{U5&j
z5jX@tGN<V$s0`pgL;9PqBoR~)?g(q3<b9i%Kul-VmngEBP1~u2?^}l_YKN);&<3>^
zo|tV9nczeio)UkT%D$0D&@m6x9}4ru_9louZHMaqm(z`>!(I}n0G`aIZ2=qGcWd|Y
zlK2-Lc=Y08B{c>;9|?1!5#?qP`O(~DFdXseoR~d0wSuq&V~TDX83nb<JVR*>`J$y}
zPCFGDx>fO$_b!m$cdAlCM6c53#1ZkCmf-fc{t|`awg%w?3g&s~P+L-7aA8-TNH*X-
z4vBHx=0f_Fwk;q(e>8=KYV(kefmRQBwaUWAPWXJn_Nxs)qRJG~zJpqI*6@8ib5rVt
zh)Z;z_rjRPdulw6)EE~Ol<4Lp7?h|sl<18}q>egy!E9EepcrCFjIiO4!TSpV?qy}o
zK?4S*t6UU!w0K%32MX$p6FFERHRP>eQj)gk%3;^K+m|tkP~$`Cc*QQQAmCughweq|
z%k2qsFX2JcEyS+}${~m0Sw<YS=3mK-rKA^v91NoAGN8VV(MC`~kMpB*Tl@?+e)Bkt
zr^w~=i%e7q)Eg`6_g~!7n+OY?1szPJY%e}-Z%?xrk^_RUFQn2g-l%{~tnjD*YLT2u
z@~)6PRa2Y$hO;jJYAFg=l7@YP8D{Jh8;K#n_rOHCq1#Krrkmi+n9&j5PxMN5hfM?x
zQ~KI}L1f>LXJ2EjB^c6=XP;wbfLKRN&S0fcO2vu)5V<9B9KyRsM7jKX$%OxxA*lx}
zzE3a=>+#(#1*xjoH>}N+tsj0M3?FX`bp*)q^)()R;xE(|4LPfUBn}n&i)d_*NF>0U
z(68bHL07@=H26-j-n@6AFXAd+oJ33m<*J+gLvS9?s2U${+hwNPO(TBmn$g$C@HY2j
z;P+wKPkaAj__R$19M+dHtp68Y-6VdB-z0kcECJOQ@6!Jj|4g3Db7Ju}$^$Q2twNpN
zqV9{^2y8a^c{cF52ek`7NQIBfn^E`Fn0aQ+r<7uh0@Bw2<<juD?&Gxfqu$_x5&w}n
z7r~;$lkL)(-dk|-%vHqVl%(P}^@->m>IDB|+{TomR}9nwIKw87-)#3ZHY3Gsylb+U
zJI~$b8#$Zq4wh+<bVomjG-5)s{8`XmZyyKl{LMWG^48y=W;#x$tR?s`uGeG&#SQ{~
zD!FS$@-6t>;1U<~Ki8p>5)1DPd3%=_$NwLLgZ_bW|M5CWH=df)hC*QG%vyvMM{}b8
z1$T)5xxD{Tc+pSdJNy4_9?gOahW*p5<NtxX8HN8tcmE^sW**i5*WZHr5Z&BHCH$*w
zI1Bdwyq`9yU-UB9cXwQLbF9_6)ELLy9&u$Q3E9sXj^I8M9aggR+Sp^(!NAhqM}=D6
zJiXE1M~ztCJxS{wVZmRxdXW6Y!x}m|{~5TS<4>H=ru0m3$p4@_GCwQQ8t7NZA8gl8
z1@)h}`&o@l`e*LU|NIM#6n{|uh&%=x-6QCU4()%*wodv_TK)*j_<zavl>J|Q$s%!+
zh;wz@GqEoBZ->PnfwzY6kNk0^x`|-Za!`@EHwYR~dF$DhofWQaFvouqjVg3q2ibxA
zk>59<xe%$cM@Uzzo(+S*<Z}%%`>O&-W*-NLsyP#=cu-#TyKG4nd}B5ciPSDpBrl@5
zlfRZX8Ep$rc5^yBvZg%|@q_34aT@@hIGoFn=t)WfCj%5Eo$n9#CiRo%FR32s#yXI&
z7}&a!$Ba}^I`v{#h6+|bi4{VnKK(3HE8|e1OY6^%O`||+?gO&OQsGC4tRjNZ;s4${
z{QHJf`!+W*o$gXJHjD9Dk*3WOz>oLGIou`qP)Ur0P7EyEuQxdrXkabG8a<vx-phrd
zB2~Mz^!2xin>g}Gk#gh7&s3L7K@Ml@ER!0%BE(Bn3=r(OT)sp3Yg9ONn;P|C*5LSt
zXrV>Jo;{?2K02M|s)a;x=b`z)LY=wd>!02_$`K37uogci`+Ci)$LMkB5B7)OG{9*0
zl>L^nbj=IkoYl|Za;HGcOv8_l>?@u#BLdJjHEo>9In&6zD^u+#6(A&*B9K$O^Ov@K
zi4ed<#G#B7Mm29$%U7$=kz-mln<_0~?R8UWQI<7FPL=CAFAI(kJ5`n~b`(vsHO=Og
zs@8W=Pl6|r+ofNB<fz`p568osmy@fhX||%%IS?bTXu(OCFJCC;L4Y);#YrF@W=B<~
zx4#cB?^#favt~)|@P;KX0Sjx29JOPx4huz}rR$g8rUZ<csw2;;&G<rZE@E*9qlOHt
zbbTXh-&y|BF^~{L;JdaFjP~6pM4xkNsEpmotGk02KdE&LTJD=1b{!O!&5PjpY14?x
z53Q9CAv?dB>Qy?-gkjV7`XbOxUE(f^s9&TG;7mR4`sPQQ`=Arpia5tlLROWPegbVi
zA(b2|I4UNi<U%Sz(vaja(>$gk*AW2!+AyA?lI3G=5tYXe#DN^yOzJ6wLvN-Jkio>9
zZi$$Ys2egOPn3U*adkw(;(3wxR<ecNx*xLdnqvX0aGNc!=;+hE`2_2<h2+<uBz`dR
zVxATqY0x#DSWUCu+WBy(^O0Hd-Vv!s>=9s+<GC?eq|OU^`yD#p-yF~13@Z7(X2w$0
z$Ro`Ti1@tz$xh*}xeYQ|mH_YGzw0=gCKEPiSvWEHx~dkGFPxA~#EEP|XF@kx$f`iR
z6&2TB&!N2`-=wxB*Q#Y+FQ4%n$>9m|WjYX6$LIBK+~I*!Y@(C45ciy(sY@czR=OKM
zD92NN<R+=k&`&(gler4WGL_DmbJ==t;<g<C#b$fP+geL9Y!=0KPij&P!-5gxV_>M7
zRR-Kx+eRw9?p0)kIArW<Jo-0-RhBkK6;gU|-=zA4n|+jE>T$<S5#V^}0C*CsJf!LD
z2MKNlq~pFfkgJ@hgXc&4G|kuk^YHNY)=O2CILHMdduARUSWHOhZ6N969tDav{nGY5
z>k(1>4SOKJIJ{MBO!D;xk3*Jb*L{+fhls1?x#?1{oLO4x_-cn%w<Br)O?UOefoq5n
z&zF;G39k!qVjOLa?yf4S4$Z<?lQA6o8do~pKzi=ZQqvwoyI`mJyFfKub1D8=v5Dj+
zM#=Zj%g(079`Eq!JWBnQB$0Q~RmT^0qbjg@*BhIvR=g7~MZCCcSi6E`lO@tkb<I}b
zj(I*2dmRr-e~uy}3_Dh6E_lSch*Is{llbodY)1OL4FB3bM<H*QT<o%Vj_M{bpd|;@
zZO(OWGKt=qx=%$etb3?t!2r!Ym1|Ip&8F5=xct1Di;p}NHwQzvPIfHHS$3H;gY`$@
z4xMh@=d{%{21Zv(_l4EdM!!xmL{Ci0F(jFurVx)bb!g1&>T7>&xgtt~<vGWMTQ`uJ
zEh!G^0`v2DG~4I(^X{QOKHesa+UNd~M&=8%_xt1i)TDTO-RI-(;o;yQeR{j2%iHCa
zitF<WL)p0bO=mmXQ-Heb5y{^DZB=AT$<kD9>>v(Bf(z+b6uHo5ulcf~^?Y1A$yu9B
zz1e|#uP&wSaCPjH(S?(5&wnIDkg7othqIf!k}^J<a$~m+JSWV$Noof9+}{Kq;6w}X
zoFhkq8Np^W5Oeca0T8ZHO#}d$iu;ljy$HZxdWB_opQ-9j3DpVg-K|-gw?GfGV3vTi
ze2(xT!io;8s?uuW=UMF#JXu5!m9aI--%xRy9lzI@i<~=AEcxuIOAZE4wCCGi7rTOi
zV)Op6Q;q~fsJ#$!<#k9ZY!c_Xq=%TN4y2nk|K67}IhN>fOXzw|yE1SnVF}bG!dU>6
z<XvP&MSCpkxW_0mOzJUO`NO`mAu(=#oJhUf{=_Iw%lvgOE#c}Osn9tXroAV#a@$ti
zzu2(fHA5QrWoPuU4ds)gmWr2g8|TK>bK48lFj~WuJ~KWyUprs-E8|m=WS%N>#VGOF
zjoDa7YE3^3?EclK-_zSBcV;P~sDe3Pq#Ou*$cy}sy!D1l2`^{<97(#Sl|zgC0HmN1
zAS%5@Y?YID*)SWizP-Y{SI{F(1B-(QlNXtBsBtT|H?W2IsYQM|(BJI0w?|jYiD2x8
zEUx+WcS_@-czEGhGIJxx$>xrSwP6iGVD`(gH!Jf@Xx!N(3T69-qB`~q_}p?BH(TU>
zPP>it@_d52sV9a#4aIJEq7#`&f5`b_5@dht75d{*d9QpE@u&%3{}Q24FKL<%s`@`<
z3GQN{zwV(-nI6FjP;o>*m0;LJ!2iV6Nr?&Rcv=b_VBt-a{(f+gxAjU29~UQJr2l`I
zyQd&c{<T5ZUAAr8c6HgdZQHhO+qP}nwyU~~uIgR?UhDg2P0Z|*iHX?zAoGp)7m+8K
zCy6WWr+==|258P~%<<7F5AL0fY+SK`Yq=DUcGcP2IOLDoQnAzO!k?>==4{0Z%i3(M
zGh>SS3`08ufj`DS*aoa(lO_^8XjQ<Xmn!nzCFX9o*4IJQYsIO3YaPWrg*z6T?Hnd@
zG(WRHdv|wF%R*}WTTkr(Vu>aYF}WNNwzX))ofTMp&b09&7ED2=-(?p=@b%k@ErD#U
zhWPt$<Y@VA+w*zJpdMlQMlaCPo^0Dm`SBhJx~EDI?Aqpob5)B-I=WMug#IW=^EeVa
zuT`JS>*?+!cnhQGpDEyn+M^dbB~DR#O>f<4USgS0O*oM}nO^6?K`J*l3>L<+oLy|U
zK6s-mVG`XL|J0Sp1Tb!UxF)zOd)OI>*a6o5T|H!8tSTC^#A^eLjUCrpXpVRYXwcsQ
zI9N#0#?cRqNjoxCUT;wXj^jISPhhT9;<i>OXX!f_+3yy(x~9DN88MVa@`XO){4xD*
zHh>CX8a&b^FV3`}<3=WJ7+PCx;|OVJ^rQsp>>Q?fz4rbUyl8<|-qcsu@q2Jb<7*Ej
z&B%zqXgaiYat^u@iHqEM8fuLCr+Ax;&Ca}9j>y>`jz&K#=E*Mg7FT8*(htDJxW0B>
z>N!QHf?L=;brHk}67iQ(O#KE|BxsgSm;F()UfgUm!<f4>`FN9xbm{k+rKTAmTWOTW
z?%0bn9mcGU<HY8N176Av>4x44_Xv4@R*UTn6xZ2gcRD(gy<?X6Un-@0xG}<pz&gsZ
z1wmp8Ms^u4leZZ>5M;!BR<dJi?k8F4gX-avA648Co*fD>h=u0|az3d5m2~rScs0I+
zG4A?wHT0IK@m9hKLBuz|G8E?tHdmx{FYF}KOZ?j25Ir7Y;@LeSnH-Q<X7w%v*)IX1
z)RXF|xnddk?+!qB!!tc*DXM!%>X-6*AEH>5Y$lbFAF57>X+XBa8rf-riH8wSoy<M$
z!f%Jv`4s|$(HytxI4D80cWS6PbkO18Wh}~M0!R9kDN97`O4>2AbH;bFP%D766599#
zD6^x<k(lQvcbRzv(AriH>;d&&zTzw=V8>~)n3$<PEY!2rcGiW|Qf`PIQzRX3#zd^f
z@+<sRsJeLxu=AKh`?L27>>+Vl7_x}Lv37!!b`t!dqghl_IPo29oY!?e>bgGJ?3$)q
zdAE5YeQ-W2Hj{B*^nP>DmNsa-%X!8;sKvy;M&+<So#a^ovJ!<@{=7W;jdfJIjdqL0
zbwAem>oCZwjyq=XZihN<r>%o-v5>CSa8UIZ#EnZM$MZc?Ohgq2yCOP9H`i3G^L(ah
z{YV!3jwaAl#5QnHA>rr^Q|@%k*<h&Km>oN1%k7E%PZ>d3%u)#ca&y;R7;g{i$<avP
zIjSvs9aB1${_=RCTAl0(lr#1pV7ynuux?}TY)eV<ynQ}7y#)2u&8L%BZ20#&uDZLa
z$mSkC>gtcgK&&UjxjVk|mPV`DrR^at4w_7~5FRi!A~XOM$6HQq#Jj(^L?ZBJdMb6^
z``ht&SYF|DES}0-2Cy_e^ZXdbGucc~%S%*P;YB&3Z9Rih+9PMLGDMf8terG<72if3
zmU+NHRj>Niu%7b}bT{a?ALSLy9pRbQn9z03)ihEUEfvz4tK$o4Iq!<dI(!&nTJ2B~
z?^}6Hj^`ssu)<aj1k3O%unf%|74u@c^@U$q{VM#jGLiKwo3H9rw&D+oA*6MDA5BfL
znelhZfaT@ktd+Vqbmc>WlxROz<rEWf^tS8}9=cqDfNkJ}ZQTWAi1aKj5H2bdxx5QR
zF*-ot0og@cj?E7^!Au-`UtH(R<zE0&;<YO-5MwcZ6=WpK=-Mju445NXGlb81XIF7H
zvm%o^Cm^4Y8c9AHlPbR`;JRAnIo3W?_mp7lAM-s{uaB%)a>nl<v;!o-q`OG8!`PO)
zrVY505I<9^bYNEyXT<Nu%8RH|Koq4x?|xE@`7Pgu9=_+b{nIBoO(LOVUnF}!064YF
zS!NC)Vndm~jKNd}O<F%#+6^@n|FP4i=WAtLPN4E9kAj7O9|wR1)AcSV&;nCb0*s#;
zWwn{@I&%j|p!)mXGFF8|8tEyrh(ejCOD;u#fcZl!xr1xLZTaQ;dbp*#K+t12GLbw&
zMm}oMX$+`-2Zg-KFrQ%w8_IZaEsWa~ma3D)bM%01?cGbC>KxQlyLY(oVgs|R1kA<k
zNhux8*W{*64vHNZRh@Ln&AfoVxe7E0kfkCsXC9?&J#i5vz_WPwk~oRVdj;~eeJ&Cz
zTWLxFXy9!_gR}H(29(BzGCw}SZL#oW9%!xe5>t0quvi=hhsr#dv?3NOvm#PO;U|k2
z9R$*-gK_#>`G_F%8(elwt1buX;bVeJV#RIr3cQlD0#enmJ-bonGwg6lAA@@8`EpAV
z-J3RCyI>)Z?y8RXD^4R;M*lTpr~2g&vDy=A3D6bFGK_J@CPGV{xQ^{myQ*7uQIL3J
z03B@Z%~GBkf_TWHjSvF;igvro3=?7xa|`$TN2PA%2wu-KKG-VhWu5ZP>!Sn81B;Km
z*>IBi%QEHI<3>d}+|XUc_p_9fx4mEX{;R+>52JuT>`UkzK=G6HSegO2ln)ECF)8IH
zKK6PL4s9guHbgz<(<ps|z^DpqnnkU)bHRu#cvaF-pKA7~?!hJ!PQ?}A_pxMO4NoUs
z1ay1dN*@t^GdEbbZkP%VYy`}aVo|tQys${mF0*|&H-jN3RVa%Dwdp|=A;B)9HjQz>
z=~`#&tS<llSW}@_8w}VBnyEVYsBzVFR=R(ADL)8{Sh_qNpvJ@7xEO(Q!EE+fPSn{1
z^&Sh_kh@7bH&qR5-n_cea}8QS%xw>`fO*2s*}wwz^yAZ#+#jOA35H-xV|*YawoRY*
z;~SA#wt9j;bq}Il181OW^O$o_Y2GQip^U6T?NyF+kYv-8ysn1c_n#uqWva^4t2TJK
z9lyv9tX?7(X)M0UCm0223?kLr^fLzRA=HsP&aA4s?|;gn1t)TKBWEfzN+<!B6mQVV
zI0DB864F2erZA%r|4y8g8R5IqE9jqui?vrZ6gW4aZpS<Avga(FMFQm8ykm$-r9)X<
zG9yWx>b6G~sCWip5Ffrink!5CDdSI|2R8Gsf;IZgVKDG*uW@6|S4M4h6SIp`JS>++
zyIwH|5<lX|Xh*bTT;zkManoZD294FxyI<Y;p8zW!YC8XkBO`IA-IH$f0C?XJ8B}Qe
z5Fn2IzS}5ouFyY*7HdX2EoF7XtosNUZQU_c?OvGJuQ@BxLkfh1z8J|k1ni7DB3Cw$
zUc2K9yghUxC(siJB(wT@Qq_QIX=khs`4hCs?H40!-4>E(S&eu9G#!+-_D*2^3jawM
z+1+E<*D1P%g_B9dKpKKRlcE6fJeZObNF#r38eowH8#bw@+LW20Y$8~<O#F2JL&At%
zt)~jh^ix(zM0A!Z8mI6jU4ki^dtnl+o?DBid$zruel%<L4h-yN;sv(&vF>u$sn?vW
zs96acc?*rN?8iX{d^UtlR7$~>zKs)DYYq%^Hy-e87`55evdX8?wsWtg5L{*N?xw4*
zw96V#*JBDDuaV26=ec`76Jcu+a!Wr#N7MYuei&q1iEQlDIxmb<xwygmwAViFq_0uN
zDTwZ35^^BUrV){K&wLo0;Az{<amZ5*8X5_?>aJ_DUzkY|D|VJmd)#R*_vg`hIh0y@
zlsh{ZL)>x=ff7v|<Yx6axQK<Wdd9`9Kvz&F@@OGZC6?1g`|VTWxuqU~-Y?v8YxU~i
zIjn+Ood~<jsZ{9A@j_=D5^p#ZSN<4lhu^uG&lPz2?BrYd66pKhWab{}7bv@p$6}ZZ
zLk`n{Ji)jZ=+*CM)zSsxEv(Xt6#bT;Rn9>=W)OSHnU#A>tm{<vvyx7euQ(lwmg=8S
zHc$t97|b$lyuz9~sPHG$>wM&js|fF4m8}j6LlR(rk|iL}n9VYOjMY~FD1G?e)~9>a
zt>Y{PeAW7_y7Kk8<E5No8%y%fgB>qaNs*WU(-Nh#XuB4v+4CFAdM)>vdUuLtwx~xg
zNJw*Nc@b66xn;A73`#a3vUZ(Mb5(nZs%Xx5c2$XJ_O8f2?=KHTc*JSbkp_E-gWZQ`
zo&&v`oBmz^WXyl5wzA76(Y^v@<IX&(w%}Xc(-I<;?8}m1nqEqfilRU6q6>yRXRf$7
z)XwEg%D=4<Pw6chhBIybLz;5JB>6d$zK)oBk==jvaJhfm);Vim@;ggO=%k$BmL5f3
zYYgO!H}dE9<fy;(4Abwv;K-cv)xLITRw+mN5PXaYL~oEAlCVab9F0~HF((j#f}hVK
zKHQqA4+E{vw{H6yr8<|E>0h((Hvz?>i%X{?8LUYpjAkk@zvUO*Tne#hc9cHyu9M&U
z@dhW$1cy;ya245>rxjV#XF1Vn>!j1;(uR%lW&ikbprR2INGW8w(6&}KcyCBE69D66
zkb{H5WuTQ!v4Qxx-gM#^P+e)0ZBlLvPa&LO4pw|BTnkZ7Hz*8z8siwyt&T__gdwCl
z#qS4E<1>1i=EENv46D@4VBW-m4=Q9|GzHmCOQ`y?snc5O7*$ZT8u`}5rn-iKmh~|&
zRZw}l*S=c>-|I0XWO3A~xq82_IPFZ%4W(}lop+1ny$o)*4J}A`IFKLd@t;%CWB_(B
zg6<ZlA$azmpmZ(SX*!Js6642VcN}ROWYApijvCH5#Yl|8?$%Vg&y{2@sg`vk&aBuO
zwRy^#IQcF-ftr*sNfDB0F%~b%?)QZ8lgpbbSb}<#nXYExHo7TLA36J{gRa+@|AgLx
zE-@gebo{DWjCU#!D^Pr5Co(yBtn{@R<RQhBqtTT!L8SGQ6^p+is9o^3e#GsP96bav
zNpjGBR3}oAYz;JNgDbZQwR+OYKdFpMKp!Q(RrV=MDJySUQt&RHg~Qz3W+EK=acp@h
zcGxmSABg@_5BtQpQd(&eiI71WWPnNs7P|!?0*9-_#LbD(H{@m6zpTA_A)R5zO5pvM
z#m{D@eYHNJ8s+9z;iP;tcA|4A>aZOaEthmmkL3!t$#(phv~?}CpJ`)fGUI%_`he%T
z=++WidZgh!pT~JG%%<kGQy))N_*@E)?-^h#u|8`R?B1spoz5J?0%lw~mgPH?y{m^v
zj?KMLI1o$am0f%oF|Bz|2KYmck0>72RDxx`(=1L*$s{fW0N9fe`1sqG1kTqOI^(uq
zPR`b{mOys^8hp2Exjh5rXWA==+q?Cu&(1wN1XLQDJf&!?na>^M<AD6msAsa!No!Xg
z{XjaC*11TD?AA@z-p74U))oZ!W7uQ?hl0x!7q^a6&*TmYL}Lmy3{uO84)$7h1e9GB
zs-)<%v)3edm@Jy{=&1qtT2*D#cJ;OCpeq|oRuA0<vcLr3v?!5N);h^yirLLpjEc+*
z!3`6NdnV_#l+#JA!5`!1A|iI=T}@YO(_DC$+p($M4BrT=@=}O2kGYM?{(R0x32J?>
zC}ZX?y?gqmck84uNb3L4yXtRx2WI(S^llk8N8=xQ*U?Pc`47EQYME*H4|*qk^$)#^
zDkb&(hu($z{s+ASl(^3Ohu(>*zUTY>7rkp<(X#qW@8&%JlisQP7rn#4QZM-5(>tk>
zZ+f@#Z+f=~^1q{ZXXwhN_y0xjn35(r*-O`X{|CJr6}R~PAM_5u;@|Xc>c8pTy^C6r
z3u)xo*BjpmlCfDi-EbC5mYyTJ&uyO0YcmM^rB(pzwEX|vARO_ooORb;=4=zk@=12Q
z0rTjUDN8VH=MgpSpm7mUq4AV;N!m&mKPp*Ayv|wvLVJvR2bc+08bS`$HoYi4PD>w!
zI>i~Br9ioV2>j{I4-+eplL8{6Sy=p$%b3@0@pTO$U<atscyoyqEsO01psda+6T~;L
z0hN=IZheRNscZ+T%0So|+=6nR_<q;4e3JN1SxeDD+rPZ?`=8Vxtjlm|E^aRw`#N5(
z4;ITa_b1D%<}TSIQ8R<UiGvhZ3OCu+Tjyl0kMr{Do1SH5$bf~?r@(Y%ISe>Eq>NJQ
z%Z}^0Y2uvt^7Iv}^WAV1p7@n^ZXL=z=CUqY&iE>3rJMz&0OpdjPlq}X{Euz=cUQ8_
z?D~1nvHlcF@%}o3x+N)q2^vap`~Z^5@kVAM9H})dN}|%DhAJban^``Xh5uFDg>}s&
z(FT5tJC?uV4r&xfbGBau>eB98+(i|bz*oc<e~UYSu)pGtY7zERDllHfiRItojuf~$
z27$<c@xjtv&DyL>3t+Xqv;AA#Wio$@JN^Gj+)cLN@ea{Ve=RcUJQaH+C$`mFT>)5u
zfv@B~gODL5lzQbNu$sX4I>E{8p`Fo>w(&UJ4sEBZ{;2IAIET^qq?f{Sum?IWpU!=r
z*NhsqOm=<ts*}OVwyY(Qqw7RnzEn;kwOXW_M`(EQ?C`PD;`si^EOw8mz+0<DLd()v
z{-y3%6r=Ot^&?H4&~@;<>?bG#r{qS~gV9w2(0G37R1uPzLOpBvNz1KR^z$^#dzhLh
z4XhsXhIwfNY@hkN$LBK6@u8Kum>_AeOaTM0O0@+hc14haKO?UM)3M0d&F%$}9WpvN
z34s9#F(Qdj+70-&RWW*DS^+}%V|P9K&dT@q55oPEl=tW@4}mB#tGUChw(Fs?mtaBI
zjRz|st5tY9_;`D#4m&m{J+n`X*fL-;`z$vL%{zxe&pCJm2-9%0Amqy})@JNjr_z}1
zb&Dt%Wt0joxc6omG&l}5Le&yN>^QS~+)tOL6^)~C_G;3;6q^>8-}O8clfhLd)AY5e
zXqBo+JEoXeHPcfWHwi^!UF=Tr1S<8&#B+oh7;~zw93BxedKC)p)O!51?mnD8BqxqT
z5~a4Flws(tyLidwlm#lGdppkQ4pingHS>?1fUPJF{_Q7X#L7fy;86XBkO<bxowx$>
zqs+^K`;KtuOH^u~>Aac6(s}0WyqVf^s$w|~`ig#Bl0p2WUbebVM<bW!e73{hHa{vP
zu5D5YIOix3!NLSDkMfX&Viv<#Cm$`n=a(wI<x|fc@Ji-Qex2f2r>MJTd^jesN`Bmr
zdm<#ZY%s_uayE-%6_v!ectaYRcXp*<0=ya=WHNz`$AUGhZ)DoRp<N7xxYnh#q|1{@
zToKdq?1^WSKN6@ZXBtNtKJ6@f(I}(z#)V!rAO#By`*}fVa>^JsZFCZf*xIvGQ#lT?
z(S?l{4NigbUH~^D4X@0~zsyg|AfF4%Y*q|6U8|+0ORlGmw5XS88$^?88%29T*k&5v
zf37ZS!h-HnwP}Br8eOJ;>;(P`*nO+7R{Q>yOB>C)r@s(v=iYaICG*w4T<K-H0AXT0
z?|c>0&?diVxx1=|G9My!rPi|t6n%vl3Ds`xZT)_Iv6PpoE2ZqYGPc`u>-OGl7o)vO
zf1xn;LLNO*|8*wP+%=Hf?Qy{>nfCV*xUKTk<G(X_zz#P|ga|3oalq4IQ1Tz-Zi&S5
zy=0q=NQ1)bg3Wjc+P0eA&kXQE89+`YAlyXn9T)X?@jKW`hhaESgI{q;&oLg^zw{9^
zpOh1b448}&QEsRM+k0cLz?p#S-zy|GYcB(0#fua~k3&~WdoveSKyW{lCfQdPxh|f(
ziW4phWs-7%;0C#W-+!uU!Aq}eZ1UQqm+*~){&)9Idz6QoQvxPlmM;H&1~txc+A-&T
zx`&rHqbbY8ofAN^Pb`V*@S&{zxrOD7z=2f>Fylb;U)zEzV8*}AU2!iefb<(g0R@2r
zs#SMC;y<RbS@Pef`kObd60Ujt<k!3vjm~;gnYP7G3H56gjT$X1f51E^;5{9`I`rg_
z1(mtwcQeeBXV5LdE)yphD+pp4`|=w+yUjxI-ViUx?e~1^R04oxA~_Svg3XeII0XzH
z4srC~*V>D<r?rdJU*43&^@xRtkq(pyqzL}dtW^vs+`d~g1+Vo#M=L4PS8PS1Vq*Tq
z`Tw50lfK%p*e;V>%q^sH7*OvuX(R<xzl`4>5n1AWJ2ftBbH6vt{tdL%hY9HjK+}i&
zrIKI}`x=9s{O8Jz`FA&tCmgp{Tt!N8Ed>vldpcIP@U@H?)PfTp1<p2iMsTgPsmnk>
zsQ!!iz_P@W{tHCyw4F4ksi<mT$%lnu+`f_?=#LTpHM@{h8}-}MAJ`9jg3Mq7Lf83>
zXoZuU8SLtWoI`k~L=k7aIyYKI2+f_t(vbzAOfzSxf_e>57Fh&sATln4(M(4b9A0=)
z_d0=WVD{ffGvT9x)Qug)GI<n)tGVdKF&VYUPYT-EhRo3(-RC@A@zYr<=P)&Qz)!8?
z<9cA@!%YJ{%xUq#ZQBk{0X@%A+rdeLzRq#SeXqaIP3`<(x{1U@DbX!&#GBddHI4bm
zhpC{dwJwGpY@XevAOcIdfLpXekb=tJ!UQ^4JyHv*dL9=qP@XR1v)H+|lSpGOA01g%
zZMM-|TD0oyq(R$2bd0(Z{eGrsGBX=8$M5D7O}#SHza=)Ow6YABVR}*T5EaEgEh8#*
zN$KasLd|`g`0TS$I#u^JJ5|ig;T#<B8T3`ldV;(XVwqe%wjSIF*!_F}hrU;8z&v&Q
z|2B9>^?x^bSKnc_Y%EB6HdN9ORlKP*tQEfwKR~R_DNfsOJYg0NiX_EkJbY~7L5iYM
zoDmJ>)Jh^;c)hd(nuUM$voRupq0K7uU$wgro&U9Vr+WV%wY%*rYd*0vdt;c(l~>Cu
zD7E9Kh>Q;x`;2?8KhkCg6X^zCw3o{dZaxbm-vsCEMt&_;!`=F)<9(rcd#FD^c_)TH
zz<4A8#8=rbNy%X5jm8vmb3l}ZZxWTHBu|iEJH37Me;m8Bop1gBQ|zwc7V;+l9>0FV
z7yCPB=cOQuMdmW3W~CsCX)2=cd60l~T1@$1nDB@ED`<xO$orr`yS`gQ$bJM7U0)%M
zyuQ%qCv4)t6EeL#8jUG?0J}W#5Ef9nAMH<HMt}AA{tsag)2Q=8VIVvT#Md%;zFzRX
zq%82*GhL<vHVQST-m%>wl)J(N!>I`rpDynG&{>4%S-6`H)SgbMF&I{kULSeY+b+F7
z=oPv$cgzBfo+m(Hy6uJkowaMw{f?l?es6cl-n)N){+he<p8Lm-09<k+7YWuXOz59*
zZ~IL8pN)Fnv&S-HeowbDy;rO1>eWasz2T4!5d*nt!|!ewRbT6syj5u(Qe#@xrbQm(
zxHB3&QoDD^8`<?6>ERc<AUNW<f$C*C37hE^a0&jL`XwJ^^zSe0fhHs#h_{U5x1v3o
zx+GxGT|m`y;jV6@<^lH#65Vp#YHnagm_9pw1Df@BtRbZ%i=2e@WPcojB3y;aNG`HP
z{)yhf|Bc?on}>V&iYRq?A7cNzI`=O>_ZQbu+=8)Yw>0&YF#Qv{tNz=!`wwpCFMT?%
z^EX@fPa_YwzwlevDnNh>@WFe0yStL_&gJ)l#NUMu9jJfS0R!&#{>kITf0ylm@NU;0
z{zqO9>Ko#9oc>Y0|Hay1-6`%as<Bnn{6u_=6AyuL)Kk>;MEWWnBe=2;@Ex~{huP85
z{r*jt-r1q}F4_g)*xmx0>@dWqw0<Y&zJqn~-vEvW6DiGIR6-An@jG}2(n8=%;BRf#
z7W|jnfwbh$|4rb@RR{cw<0a*SY|8!RcK+$Bm47exG~&PNhVBY~uQJ?UclWI;zax0}
zgFLut?pzXo59k0k(b4>C@4CsDZpVO3N=bxcQ_QM{>7ZqlyOlCGO&WTM-6vkU>1Xl;
zEWECQKgX11445uiIOY9`z;EfLe_7xQ%Q*Z9gvyAE@LFc!TgIgF=gNo!B&oR<OZwHK
zN{)KQIEV#U@!?*N;L_?4@aMGmOA~*<s6Mo6sK@*~@L|t@scfKhb2tYo4`QucWd$GM
zo*%V2hv@-d<PzC71cl5DBC|+BZ3?M+8oIu0yE?bGGiq))l)IQ=xlE^j(TVtteGuAK
zOg@)TMK|Nk{b5Fl!=o@)dGXRjj=X5V=GRPJ7v(uIDTF=){VQXlpW4TqwBfx-#jQ;U
z%OVvE%g;S(*>S+_r3zH-YxUnT$Vp^u9i&tN5&*jh348iH7EU%SyY}_`Y?H-njc(~!
z<xbHmS~mJpQbZwCp4R70ty<A(8Y<D0y@YBhAnws52yAsCHYt<MU-s?(x}m&##rTFf
z#%VB=Cn=o%r%${Dl-YY7Cv81CV3}~3?qvYDDygT4kL!Too9-_G%X>lBX8jmu9XPaQ
z3i)|M!0{%<&?>u68$6x)^6gM9ACPSJsw?V?@h~f0HO?PUxfwD5TgfnNHp8r#&nnd@
zlhQl$IpE#DxR!efD};U9z1)92zuzw(4}aJ@ng-MZk?s$b;P@JE`1xI`p9}f(a=u->
zee`yDf1MmGF}(}%9;KCg=OM2o%|JC2b|Ihdn6GH;x{p<zG|PXo(10W4@E{hg&8JPF
zK-V$2{1IU=IT;e-2bOguR(H#}x6d}clu*}^kfhsR;*D%gv;JMRmD;7`{C-9>cL^ds
zq2{@~HXwsXQ{@cHIWI_xE=M@hj#Kn57Ri(NI@r#OZTBdDEo%sTGiKA^-mlEkoSV0q
z1K8{p5p!`*=#+1<e=M|gQp~$3;8OI%Z*!_0gmMfNO<W@A&Jdt|6R{0h;84ZnE<ErM
zBNf3ze5FmQSfK(JF*c^)5KMQX7V@Uwb4P7P^&Qloh0Y^6Srr|+2QMGZhTkl5IH;#;
z_5=eW9Ths7LvwK&E6Z2r`F4B*?zfo>pj#Q~1=v^BhH#VI&mZ<4uPzE_&wl5+T-PJb
z&!gg|dIvt8x~9Uhmz#O&$&3QF>{+xL4;1nl|C%9CX}9z}u_9>nfck`*v>n-WVrWy|
z!PR9nQgecJl8drc(pn{g$<JWM2jEZo-Toz=u8(_64q13RS_!g|cFBlqIQ-1HY7u;r
zEF{K`LJGB<c;f6xvL6l8NX+SmbQXt?>fSdr-k7b9q+oall<6wxur!P|3Cvx4MLDJD
zpSr9zmuLM0zIi0K?)}D~S2De5Iht&+DA%SQ$ss!vPyUdFw&SFS5zpR_C~5&flko>Q
z$kE?sEA|Ingl$Z$@5|e;@9(eI*G;V5W%+TxY@t#`W?+DOc!nJKVjZvJ0m+efPu$Ti
zBSf80IWdX?8npZS><`nK#7Wnk2FqLUSZkc=4SGsxCP$9U*2`2_WAv|=<P7ZFx~tJ%
zSSXaUnmh$WP*iGcsN>6EjrA310ntuVqyRT2<gE=AFO$?VRcqfflmk{}q0h&ta!;Tq
z->)0QYbV>E1`nkcZBIq=U-M5{JhX2Y{Eyk4Sd}ngZ!^f?LY+ie<i!}v<0{WBH2yM=
zvGQ4|Jrx68@$pe;AHknw<E_MsGP4R|I(sncZLv}aH#_qOSjjxUL+CJ~97qov<XSX4
zT023-aiwS5<2^j#CKvtrHhi2dg*iBpQl4T;jYWnA)D<=eOt_A*!$q675jzSEBy@;O
zKInMRU={$XAfWL=Z>6PDF6gPt!*A{sPKud<Nfy;Ornh~y-ZGZ$FHdkEr@*4-NJbSB
z0<sJLaKAm!_3GyMxH#NTFCN=|zv3OwC3?;E<^8;R^!$j`&B@8h@_Km7TwT4T?I|wZ
z^&OnJQu%ZFk!U+M+?pdGBm47XtTO_JMlxON-k?160DHXPQTlgFHjAtG`sBh4mGGs@
zjHni>Vk@_1`=8mJRl3n=P0tfs9*`CB<RUE=5>rygQ_6HB9N%cm5!}>b@rxZ|&*;Ac
zX958FQarJ3|21&NYJV>fKl3~B%x#Z&A8WKl2-gEQb9(EQ!IpzhL3YnujhbN)#nbD~
zDNmYP)jlYU)Ca$9li5e3l7#{RxY)^BWeY&NF4skXWZ+~fIAJ9Q!CM%TMAdys8cx)R
za?GcLwXL<~hGv&WwAEcmGt%a1?!U@EGmj^12&keH?1?!!ZrHZk1GV(JgVM+<`U8mM
z)Yh*)x_<i%Xi|I_I5{eIhb4QW_L+$|3>jyYfXtGTI2OV~NICn|LrP$m^@W8oe08w`
z;L!Q@NV4mT+!3#Nd-QoO52_o2_YOzu$1>_;l!)`rIgBEqWFESUA&%Wev2b%FWNH|X
z=Y|A*%U7teq>x3lV)Jmg#sOKC+qV3^#iaeN1=Y9VGk@F#>@5`5#@DLrh*I!d?1nK5
z)aOa3msnWrS<DE`{?r0nq`_VnMtX7QCDoPgFbGe3dH6Z#<6|hDpN%6eX)7A*0s$Bm
zszw>K)#g&hSCz*|nxUob*rq>Z8a9!lKb9rjvGA)L!Ch)-sN|$`WW~3nIbE}2U(!C@
zO#b|lid`{M4PzTv&g<fo?Vy<fgOi*`G^7<ye2QdJ1YWqLE_t45cYdLJgo_V^^J?P4
z`XUR2dLETZg|VriLHt>4P8p78Y?$5_8*b#nEVe4~6Z#Eysg@U_qg?)Q;PE;<IPcOy
zzTPT-1AQ%lh|3Sj8Qfm#d7!dG4Y6iTQUo~6^haemQ<R=J{-Y|z5wx+Am`05yWyo(s
zNkUr)3LGrHpYStIv}lPiqGrMY`JtbHdHZpxXN2@%gQ<x|9P^2oOmK86yuFN*zSLfn
zpWRWj+ifkL64KYrg;0&uBr2ZJjNkP<Ko=sdn>Yh?h1+4$d9iFvjbq@?jpLb|_~nSA
zdp6Dxr?{fYn&2sl%+`0y58d8&$%>F0{-%>VWF66_DYJ_{;YT|b5*G1cw}nobh=ulm
zli#QAk#Y2E3p)c?7z|=-B;WD82#hmFhY+2>`T92ymrtq^{<%O-qog%v18f`VeKr`g
zaNJrDn)#nBnzKbkA<Gsiz^C^iSD0nsK&gNXQTkZLn?@=7mPaAF>f3c{3kt3ZY?f#|
zVoFaFw6QXlbK9MlN2B;<O)7hx`dvx1fD&%^)`)Hknyq#IZ2Yo+G!DD=D~Tj6blHHP
z5sz%mbBfaf>C{~DyD|dOp-K1bC}?r8EL|ezzEU9_#TPk8^`ix{KUog>eFc{`ST;W+
zimIj#tkGAu={}c(r~n;;N1Eitp%!@D$gK54tEp`rp$(57nE{;>hpKI?w0-xR+J!M`
z;Z0I|H`T}SntmWfQHM4Cx_d^?Fm^TyR8ox+G<p*sak6_zDY<9n|8qP9*swzWaI&_u
zzzzKjQb6F}_09J{IOm&z%;e*u48-rZ%UkHzH-Pi?Jwbl<ym~nmMpFzFmJ?pfF=0J!
z*O}vh?W|Ltc;Fq+2kNow{1T_r<qi?<lzv8QmSs3Fs-CIluy^H7cU>?5#H$UHV&epM
z^`+6Ex~p<WG8RJA;bXlH*={jKWF+>x@|#pMKdE9KS5J@puwsVD)GkLYFM3<&{p1Bu
zL7Sh0`H(K6IBc;C=4cE<mP{}vcC7W35QekfWYS*R4@toUJh*nHFQf|}8mH2VYZd1L
zQzYB3Vn<C_EwA!iOzU(1g}NKj`ZYyS(>qYUB;s3&QC+^ZG)Zh6TuMv>tR4BlTpLX6
z<xka7$JEx>dXSZvr8ggnjfN^JEO&k#nP9kO<`-9<PYMGHRIDTwi(lHVp6x%qvx8~@
zs1^4Q-OGtKqcAIp?Zxm2$T{E-A4Txn{Ln5Y;3953$(pOdzA#R#?`rn1GwzX`qaqzI
z2EwYR4J`r7sD{1>isLg+=*Q9DnGguIgf_((0CgoOWg~{quQ!lT0E^7x(so(dp|R-!
z7T#=nT7K5QcfVKfrR1sUA2QUE5pIt1f5slI#|HX^G0h%5l4pfwB?7#vzcfBbH6~k$
zhIh#o5!M+#7-W^t9h13VD34!weNitKTfY`VqfIi>z8QPM9yZG^v7l&Ig3l--tA>4H
zz&ukBn#Inm31Bqr^J73h!SHDcPDC`SUvNv59h-zp$(<W^ksfixJV4Px<GNFB(NLaO
z{xwkkCgc~dXg;LO6S2tjg;Et?C;++{J0y-B-V+^jl00{xepWC1`pkNy@H13gm*Vwh
zX8@seEM4UrAHANXuGgQFO@4w+)f`xqrsNF`dht0&IhL*;Wibwmg$Z4ztt9(+GrMef
z-gXzGd~jch%NaZsnRnIKJbZm=d(*8ZXyy5=jPQae(zc*sE6ESDR+|(SC2Ss5v*o`#
zbe?bh_rhVSy7}QS=Zj$$rs0W`QNipXTt&iDH&RzhA2Z}gVJwgGBA=Ph!z*+n7GaJA
z1b({=)p*^tJ%JSD_=4LPlrSW-vVy#`pQ!}3^p`=VI3f{RwWnyWfO0ut6X!=?#(pVb
zg24E(VG1a{)<m1AgmP&R5+qN2ft{6y!_r%{iK!nK$MHSMJw_NGF#{Bp02I`4={$$)
z7^k7u!Sms+ha9J8Vy{gPZtU(9k$gf>6SXQaksxp#*f&z)^y-{ig+H`34+9IpNjGFD
z*-}WI5$~5EHh{b{W>)+mkELRzZ&&SP>@ES(ckcUG!8JT(!V$am+v-bziFb);53XI(
zlp@fD2-i-h)PdDTw4S}CljEP%Km=!iSp7mK#(x@Jw>PY6vz)oOz|t^@RWE0HU+{Bq
zOIu<#5w&3|IOXB7048@FF7FNX7T4>tpZQu^P>`(p;&-&r3fKU$V7IB8;ctva8V>AB
zjqtva4sCJuD?5ILIhk)LaWC<SXD+n}nN2F{3l_<>6mS&<tv%`S>|U#9vlE*||0$ku
zgj~!%D~K7kT;r#Y17$5(T_?vF^)%MFus&fkHk1DfBC4CcF4Hlr^QO$5QT`NV;h`^B
zS{mN<s(8K-%o!rc7f%zcK?j3e5~J)#&R5uRovsCt$-}`TD5v@!4f|cpYgcKj2;$W`
zE8<6mgg2$4I?pQ5ylisYgqKDhZUyqf+YapNyuW+Dp^~CZQdzK<W{$@Cev_f1(2Ek3
z8We3<-!S#1bV;!B8X7aYsS-2H-c{6H^t*E&GN3}%BG8#0R<PlGPoauKX1rpimbKYy
zzy_=jM+50~>x0;^wYYmOYMZt(wb{iF+CfGq6~7uVGrmedvcVwh)d6pyyv9C;J)Q-O
z26hMM0CyE$3`FU=FOGhj+p#nQmDt_D!`;EYqNidwj=M<|Y^DUWcInW?$^Ov3*^$0z
zDB;L`;e7O9pMpO2^BMVPN4_$O)ORmWI4|obsvbO@Gl4065n@#f>zd4Rhgoq5WKtu6
z<8GK;D*-zmV7Hlda_#=GNZI8U0@llEo+yn7<zkVJV+(O_q46{MBs)U=S5U3z&larr
z_g|L7v3sTQmYqzzmxwEfL8$BCyA_+O(A^5wun!mDigGnF7zhXE>HO^a=q-6bGwpxO
z$vm}PA42OZ@z(@p>_p(M4l;XexxAGgU0u%)z$2GVPs=%Y8S0j+;jUOOepj${r@(|z
zBV7ozD;MPQ5UAKRwgz@1aEku!V>*Iic5v^ai@FBDw#NxcJaJl*Y8z={#uK<pX@>?E
zx?&zwp<_@XIWy+~oPw;tmC6yWX3OuCAbj}UdLd_X=3$uMos5qi78NnB4+3h5;rUyN
zb@xiUn3TRl>kI>u0=8|+47348j5LqxAX%wne1Q?~YL=Odq<uJlEUzPpSyW9zL1_V4
zbPrjoh?fAIe^NXorCG=s!YMEZvQbuO#s~?eI<WaH<)~A|L&1_3P-y#^iIjnawybi|
ziX6xH7*d$#JGulPg~U`UP1j!qs563G1k<sx`NVHLgnlvdybi8QGk%Q}(3q7{|GVia
zdfNm(sAsqxih)fM2h%ScXpq7x3=j%w6c(n5Elp$B<Xtc$$tc;6F8>j5s`)A8_~aQx
z7Wd6E+L20ma2!Ie8S7M0liRxPBc+&a-g4DzA$;FvuVfD~5Ej_Iu(Yj@h6rN<Mg5R<
z>u|4=84d(k3jHo<a`#UWlO7h;BE~Bj_lcjg*F|45#0HkP*eV;A!NHl}*4=m7?LNDP
z0iK8GCNgI-9vwk2sIYhm=tVztwm-S-hKav98`f`fPo*g}!`OtNahdqp0Zxkeidy$|
zVEqm&dXC{v=5hqxt8`zAs22KwpZZyLa?jI-4x4ZW?KPX}WrA%+0)t?+_v+7rjTluq
zyW(9OP(A~^r;rnI8-j)#kKfiAVk<6a2(J||UDy$GG-jpGqUyG-=FZ^Bt?SBmY9h)r
zI8Aq9Wav<gK27&Q6~2R@g+5qT9@@$#=5v{!g~zYHqi1u$)D2>j9VsYR_AjE%t^+G!
z$ALhkO%Wn%-}!sC!K1cwW6&p?Ia&$1;tkjAAF(C{wAfj;X>qB#T3+_{7uYJK2Dtb5
zfb!QHK@|`R`lT#b_3<0Bs3jj@>Rmxp5l9U2(jYiLpSNeFbO9jw({JKBQkKW@(3xJF
zHNUjAwfgI#srh5&W^5o@A(-q&OQRn2&BMyZD_qLt0N->iGj@(TndCN{=0TU$h9&f?
z1mRzxjq%}e49pQPM#^hY+P1D=IQe5)K;|Z-DcGH*VHLLOF}IVhP`4`@tG+;%1JKPt
ztD#q+n)F$~*i5xSwbDCc>3^zuD<kAk;{HaXBtbTtV+8OsWPvKX`P1KovAce?(4_a3
zx$6uAKK4Svgi~lmKprC1-c;roE(tg+2D?$CIglzP$FZl&a?+TuSp>CNC2n3)f=t_j
zDh(z7HbU+tgk`WVd0S_7tl6+d&zfi4Jn|0qc@o#Hp{DTSa9JEQNyZE>y9J9kXUnyp
z>JS#R<6O}1oW#5fO2>_LQtiQ~nx{ofD$!?DoUU&nF(R7A#EL8s?1Zko=%$MlmU8yV
zLQz4M<jdasra&#l1ob)H-j0ZNk*Rn0=G=y(`hkrmF*`17umfox+AgL*JL~tN{;`<t
zgxz*RxD6-8ew+Rdouo-N*n~!8l#p*+BDvS|!$D<Q@pJ`Vyv9%L{weR2%)treu)ff9
zx(zG)-O9}9{f~eP8Z}W!Nd^{{2Dt<=xeCZvnLhVNH5Sg6(nmoy%Fkb;dyE#U_068K
z^_eC2NiZjkkRgs%-?3$_k|Qb8KYr{f4hiuJ3Ry3>t(6^_*Q6Vyz}Fdjz=5FC>=l(P
zV29b3t)W(io~!*W5v~Y{16Kr98!25;N*c(`LGQ*qM!Ho|NrZCZT64nwOb(zq>zbC3
z43sJs=ND!BxDj>K(ki7OUY4#MZ=K-|>I^z%`CD<@#WHla1TZClOmdSoR=;$XEewzQ
z4T#y9?9^HXpD;Zx8Jn)9Y!0DO5z(#Mc4_PDl4732uW-n<7Yd~FkQm0oX{y{o=vtRh
zt}pO0-~$?uedll|@1(OE6h!kMxAwPRg&zuF$bZe|(Y&9$BkIicZ$*BQZnxQ+hgb`c
z<VPjJ(g#Pt^Bd;JB(I=9%+2;_bCE6{sf}62NLq_@mJEjMv~(gvtsC8Uii<A96Q;wC
z7?Ln(8m9F#UCuE)f1UUNb|%Oj@DOqD@*fphS~o3hLxnDZ1SBZPII+r~gDmyaYYAFx
z5a4>pm6@Xiz%C{!1zy3p=ch%$(I`m@X3VU8YQqx%=G9~u4NGh9A$Gm$4b$Uk`s9n`
zAcULK!s|3}#>oKTbGk@R-=Eoi0^VjMl?sX$8|oJP3V6Jnjy884sP~J$a(1>8Y7&aI
z=f59SgZHLudu3>Tv`{(^Vc^GpY@h(ggI0EOr-x@q<M$&Ixx{qTk|?<ByqeAtA;Bqf
zZ%s!rl6=i$Z7173OQnfiR94p3KE{U1Cvl!G2JQSUQY$;L1Vh_YD+^Z27z3GQ<9Av7
z!~OIJ<>R_a!OUH{<u4OT%d4m__GB1fzMe(NixDK=ak}2#j+VDIy^SBVdAB9CIs01B
zxR<}qZ`)x)Np*LFVeG1R7EM`oo-<aDp!r>A=3YqX>jOVP=!9@uwS}e3n)X}1#{B`U
zFYp_Nh@trd<QyA9PO($DlGrOCh6p^-6?DdEWH^ut>cwCdfPcNl(>&B%8%QP`Xut=(
zB}l})%^<;4ahLx(0vpc(7l2QKk(BDL2^lJnkz}nW!}Jgs-{#1xg?3FwmB<|!ykjDw
zLU+KY@vwQ=Sp~g49F9Zd6d1giYzO9ozJZe7m?e=1TUQfc(F^2-*-EseY0q~{NP(}a
zIW1lpP2tiF-ryZ_Z|={PO_=0In{-ToK~=ImJayJ-wJ;>poOX86<5OaWk-exvDalPt
zfF5RUM(B9vHFJ0;K|rj|{Hb=pgTqQdszW)nBe{Q+q;K5o3U%{Y=6SNekg=frMfc<Y
z*SA?``S>+BZ&1&E4|z(UC4VoIfasu$1XcX&?kpr_oy0>6YCM81WCw|4)$(o7M7sjD
zt0SnRKgq7W4!}Ptdr<*KFa97nA)Rji*T)OFd!ZsmBI)JLVCVy~s*`>rF<Q@?^r1U5
zQ?FVgV|#h(5OI_nIDV>`XZ&x``$!_FdvlLsmRO~ek2Qh|e4PT7OHt6AZXkcdmnN~R
zNYAC1q_N@+DfM*)H|c|qnRMs<)ffh~Q5YwJXocUM9a9bt->)Qk-zPq;kU4x`E@eJK
zq&61nvIz0i!0@<>2OJ#3XP(rqR;)yxL#!y;SvJS5+dwvWAHR^;6W#$F1Tf(vKFgUt
z7o8q)z2-CitoC4#l?wPExt(iT*dbSRov`C+Np^EK0ryqrx5mH+REb3o)iz?sW{CrJ
zbeS24^TBT#rmO~Mr-8gj>X9Uw3Oz4eH|!AkVsu75kDWr{T3!)tZJqf3z8?PrEPhm3
z8?y_absZ!7C#%Uud>iw(bs5BGL~F_z@>G-M45b3E$LGOIu6DD}PABI(>V$*gr@3Mr
zL7mpSd_?GnX)lXjnUon8pv2SGmQK(5NEPk4m9t#iMj06Fnkj%WmGy_56&?Qu^wpz}
zV?v*C2kkjrOv~iNyz9aa3JnBZy?@uz8lc4V0kBn=^Z9&ZA2H9`x+Nvj=wn0yZTVI<
zkY@3u1|#hZQv=Ccd)_6;$$5wbV4`o08<A6Y5Kl7ly6pCMT*xu`T6@bb1BmK}dNiiv
zSfHvo=>{hA4tICQb41nkW%WqK#*Zy#$vo1i6e@UevqZP3u<+v-!q$$FM-PazvznD+
zBkyLmxyTg2uXr@R=_a+Z@MulIKPxvqUADiNTi5zLp74$;BZ{hlj1pV3%j^GissWja
zRAgO4D#So+%Wg#?$w7Ju@tPpL;IwxZAnl=u$p^;VfoE9&$=gf?OH}0v;$s}@=oSO;
zLOz$9I#}BSJ=J5y@6zdDozCJ5gI)4gNssD#D95$Vh(7}Ziq>k8>6m#beKv|{;LxCU
zn<h2d-GO2#uz}|ALVar0TU99q7||=5EJ9G1tEJmHbGZ%y#X3gv3ap^60&vB#Ld%_F
zy)lFL*f>kBv!7rtm|)Zh+DGA@I!j~aVHPOm1w;oZx1%(?bXfo+MgXKB{?-v7ln>0k
zNSS*QiD1a1%!m_G%^f};xm4f}3wo#X(YEa-5Fu~jbCKCXF;x3XZ<KL*SqES5A>kDi
zDj7dduYB;=f1JcAKt!Imf31KqebSiC^JhYo;ha}dt0FpDviHg(bFR9tMBr0WEz99f
zQ^j+_C2SWe4w4jWG%F<gv}jt*_y&5`tbHLhY%ZVm)2+q=tRJLNu&BW>D=q{{8(&w~
zQn9Y$1Civ!I!1fy)Nv3|VW=Z@Ri)V4c}Qy&O1Mz$aZoDRF=#7ZK@%IlGWo#d$E`jJ
znWaUS&f%#$=oBq7RZ7rJwFtIjG{K%T0t=J^xdqk0QxxtZE7zm(BRpElbt2L%N)(~m
zM-GEqa%rJU`60i@IL*cpo(~lNNR|z%_ZeETixyhLLhsWXHM{_4iB%;a1*YT-Hu&MQ
z6pEhB=YSp6^eIIL8&!e|F5+D<seLE0Da-9){=rek=)v7!{&AjC*M-z&Zi;=VSE^{*
z1QLDGw^_QE<C1%-pb65G{d(*li5yz8;nR_N_oLuq$p1wz*X5TonZi}@&uu}?Y_Uh)
zI`z$2bcM_8&Nr<JS|6$x1`9I8;23})q?WuK5wm6#G7(GutDlmI<XZLy2fyshv#EHc
zu7w(WSfAm|u7wih;aju6^K&szj(hSkAcNLF7bWxy#gFUcsjX~2(zS#=-^cj(JV9AD
zev+tvPkhZa?p9yP{AY)Sy+wWb6l<OGWTI}H@&uaeE39s70Hg@;uo>GTC&QZY#lM-x
zrLs`cVM#4%mMQsJFu$r7!U7P9tx$qTi>sqGbY(|}e$%KcH0!1X@xF%BerL5%SbL$2
z{-8f}6KReja<lDeUL$epW6|D<>Gg5ErhdmGk;SLw%TGMeaGa0_Vo!U44r&WX_S<3;
zbr*fYI@IH*zy@CC?gz4-h%{yn1^`tUtq0Eu??P%ICU(80K0R^6hDyh(JU*$L23ip|
zfhKu;Sf>|+B1oK-xVfH*bH5~4E!E5jxk7pO{r&?+ZHbdR{}9hI!pzgN3@D3kdD%!E
zQt@fuWF1_uC({X<kYdeBO^oI#$B$0`OuOE}Uo8PCku{|mk<SW&r%VxLHNOF!YSf1v
zT6W$p3-f2q<&Tl9Akf1-%$;zXS9P3Gy`Qs!bJjBuKc-fa)=XPUpm`cuj9W^+|E*^*
zZbhzV+(T$6n#`_KUxMWRJ?A$}lOBy#Y=3uKk?JcSz{cHp%Z{j<&27PIS6E#{Ufc+R
zJXUcCM^q^|Sv{)t)N$QlH_?503N2$8Ke7T6g%K?IK>=kJ;Hro@H^u95`#~87mVoHZ
zBj&={VUCKY-2L?%9Ch}x&|VFXKy2u<JTxf{=%wwfu$Zx>7`AkUjUi%W21jQIx<I@1
z))GJyw{5Bh{H8DWpcA@nVr?Hq7EvMOeC$%<p_PN^9z{&dgju+)Oq~jaroCcv#vs~#
zuJxr|8s2mESA>_Qe@7<BZ}Gm>Gydtb(E|w<gwfFRe6^H*g{`OAkN&!<V>xKX(UiuW
zsH!l;ppw8daOYU^jO<99BPk-_bKvxFZ^CO~OkB4_-E!@eC9IJtaOsqNz520S<m&ne
zW7bi_YQmUhkp=){IA`VNmts@@0LNg5ZNe)Qng%cLS}x`8e6EQ^rYQ9BJQ_$7aYn0g
zlb<5Il#SX-(`IVIt*7%0ljvPC0tD_FmH2rw0(4fv<AsKGoQ--5A4zmUo6TS#Pmikp
zaR|UP-=g-sh7Xsw-mGzh^#Y5(VcOnh_!F!uRVNj0UBer7DlppZ>=6BaPJe{ksf-_P
z`+5l5WK9qZ<7LhW2#<4WEEJaMF(1ejXsFGWr)|1zbX1c2>WkNI`^8vp+nt6A1wBHv
zS5*KOdl_!g2tle{&LW!Oz|*NJc*@cN(R`VSGH%0FGb>RcW6rSfqEg3|<ifmR`#J=I
zCY)pG1&qz;Wv^-&p%mjB#N)2O%g%%<vk9XmS*SGp!?;Hf&Tl3#Cv77T_&IR;Ad$B{
zvmWaWyym6a%VJ(pRBes*Aaz*0)=%b0yoS~WYX<c<E}p0!wXE~`z64t~Q-XsOYT)jC
z3dz(O4#-*7P<kC)8bDt9+1xLYAi72y`ZuQu_*VsZEy%~djg44g!E^ot{OSVp4&0os
zKXw;ZuI#hjursJZ>j8P4jGFL(vsV0Pyp16GE%;OaEYfSji{z{a=;f{l?C~^$<UdWJ
z0^hcaLJjDLqxXDS6DByVgHoGwO8>f-hI#J|xdxvX^1Ol}atRWTXlq7z)I_KfCd@c;
zXtkXezZo~$i-Pl{d0h!I%kWeQ9it=D83&_3Do2Z9PJh@Pvb4$G!$Z1TLw0nYkHg@s
z&!;xrXPq{juxklRN}$CiLEB?AZWe-qD8XqsFkm4Hgv=~mk2XDX5p=V>T2jHDfsff$
z@1m6?U)SDP6Y`Ec!=yjy5_l;TAMoPWkZoMi3Bye3kcyoFiqtJ#0PZZO)AqJA3<|<f
zU8uvA<{tHcEZw>-D?g8X$l4y!6+n`mLEd-VccnY{6i3_iKND@m1NkgNT78Ct^<k!X
zwiDsIz#ED3Lk{)>_Fa0GgbHTnY()LmddLgl(ojiDd<6MF)80?B`T$X#Y0a07RHG@`
z?LN#jrzV81THQk~C}h}>VzEw0*(Ccu?Mn<-?Q^iwh%Afd!vP+@4AXMgBtBOVA=%c#
zJN6u#?Uzuj+Rw?MHdE=F`kf`K9=l646<81c8BL287sUxrW`n_Ck#rW8)=ak&rC=5Q
z{{$K$<=s6|;>;*XeUO|O^K0+^{mtQmOe4U+ggOzXS^h?V89Qhb3@($Sr9W1r^g&V5
ze-~`4VZWyHRZe&IhJBjRAY{k^k$oH$@MHKfBYc=MaKi92>aQFs^BsEb#aH?F!%yh-
zPik-D#EBU5O=?f$fnL}FzvRSysh-1ql7BD!gkC@7UHqbbzP*-5@qi;Rf}}8!Vo(2m
z93+M7DaJ(oXgXmJ;zW|*Z=Asd^z)AoCUB5v@NQng1J?ATc>_O^C-9?s0pmP?Q(___
zynk(v-Xv$y-8_F2Pr#1~j&V?|@W+c2zW*5E`1s(yQt|!IgxFvc^Bd=NjgAYB_o2qc
z1WyAryJI}?tSk3Cv#vbr%CoLK>&kJ@tSb*Zv#vbr%CX<fy7H_m&${xgD^J&zr`HR*
zr-;}o(XeVU;xy#@kA#hnf{o3~oe%*VKb>*WuLni7PPqOiGRP?me_|Bt$BST%k6w*I
z#njJ)$W=cgHHvmPYIQ$+Ba&!;#A<IOYWx)R1bGCbP@^b!BUSGu0(HVpj}KsspR;?7
zN{j^FEhW7h_^y9S_7HdjqtJnOc*|&ps#;2YP$E!x12hdj?~KCRpzyYq$HQqIp*RqK
zIReEyLev8FPJ`kdA!>knr$O<K(6m6k|3FZ@L+d=_@y>X>Gam1Z$2;Tk&S*L_n$DE(
zXEdEIwHZxk?3vMYyk|z!nbCA+G@ThuXGYVR(R5}sosag(jK@3U@y>X>vjrjInJoyD
zp4oyhTM!1G*@7_TnJoyj1!2lFTM%XoLf>bz1!1-z%oc=u|76DF9eHLv-WiW~?EM*!
zcgEwL@pxxEUU+6aUibb#B_3}p+O{8*cVxtESldWY-VvG*K^_ar>klDrbL^uI2atJ3
zNVaf$W084BXtr^Cry%o=5O%n|6OehwNLt+98JTxR<{f!vWZsCu%*ebW&x|%?o*8Xu
zMjMJJGNTQJM>wMm&1ge2+R*4TqYceyLtY1Gw4oVoDCYTxKpUEod1qwa8JRcgnRVq^
zS8hMEt~~3?v#vbpnRVq^SKfPOU3u1(XI;7d%)0XZy*?xJ_B=B(?~Kf=pBb6gJ~J}!
zjLdsSWZsb%%uP%90GDW;#cz$Bs`<#<+h(&rAyv+HgJzr{Luxhl*fw%ik<{#ZZJlV0
zBM5IX&G9l2A}1LbgE`Ge1HS48pn8oJ!7a@QN15w95_P&6B#H%kQQ$QJ*8PaDg}tpD
z;s5u4{;xo!lzazKi9_2m#?FKJI>^GO%f*ogplz^Iqx4K7<elW+%$a?VqE(L9Va5qu
z!Un05GG&?OW(HW)-qw#^zev#2cU4YPs;zpQ<@rePae+&`Cfwg5mS39v`S!Kxa`IBY
ztG3tMAW;Z~-QcZ3c~#U&N-|QWfZ$u207S2$x2?^asJVL^=1kAj)_jMHDko>?t=F~W
zYFDPO38yT3t9!B}s20$UkOYVMsNuQIe#d-`-YynmSEh@~P^BxhWO4&*Vg?cJ?6rl{
z-Y~Ud>R7e9{ET2(bMhQZBHqFodAnGw^pA@*{2FQ?ib1BVC~z5M%pG<D@9TR)G(5pg
z&9Q%8gTn`o92!7`)D?LIW3B*FZlh<xa&S^^DQ6{cx-I5Zu~1-Qf=F{xg57tscE@RG
zb?#}o{XK5mUCZ8{j$E+jbIscy$MkfH!ClF4<5FyEV6W6!vDoB2<4MrVxUBvqQ6u{A
z7f+tPx_<HO#nU(A;?4wN2Smb&Lp%Px83O{WXT=i*`q|0vAHDhSSC3vkJ&p7}k#`j?
z)jd!PD@s?KY$>ZnzH^+_o4W{_&Av9Q-{XSd;n^WU_?D*RP{Lp~#_r!J#ihxZ;6$)|
zOR}@bEFU*{wy(6TYH8sm9NRC`4KCMlQtlI0t3LhgXTaAv$?8;V)!3Syes*T1bKr>)
zG(mt8DX#1y`714UrNr+pb#lOipLu^818_(7lC3yX-PC%59(xYZ@;Q3o(@W4()r%-4
z!rPZRr-f_@2Lrd+b7zQ?HRf4Pgor}{x!n*b3Zd;*X7PzL$Cped=m}ZjI+u#6Mo@h4
zAUVGGqx_7s2;B45alX<O1Xhd>GOH*z7_^_D$L>IAiN(0Stj-qc37O^$O<B33>zBCt
zhV0&uRh;poJqe(p8m}Mdv+5SnMB@yI)7`g|T(^5j|5|A`s&%}b^Z=W9-0j!f(PRG_
zG^bJ~=p}>fq7|FsrP)YXiOciz#*Ug$cAl|RoTsczNhQU(67jZ_+@9YuenZRk;+D$I
zLW`B+9859iKZXCB(D3zlPrkcEkFw0vg{cKu)w$7K5`-)Id%^`}lU#;3w9L*>O|##Q
zGXeV?uy(A{YT|+GcLgfmuEqV_xtQXk=aBKH_N?_anhSp7;FpZ$1eZ}?P4lwFd)Ows
z%I=Df0Xyw5zINO&Hf;(wXR%`0B@%U2F&+&ERuG9ZEODX^&{_MRVBtJNZ{3ezUKD>k
zKK}JLPyh2b$H#wu8+$q$8gP^7aEcZouskFs%ZOqxv2@`hBmF%}Q&yJ}J_lDwEs_lr
z^2KZS&x&O)UPsgRz7Y}EIy&gWXgJM*$Ju=C7ab}v{O2>ZIbLHqZ2#JSs6e-zN=ZtP
zU?DA(t<KcRwqg)^uzfheiFW{lTiK2uI3?;+J0JRlxJwn$I6h<g-m>~Xdi?@z^=yB{
z;ZNmot4XW;qw_hNF8S<U_?@eb)isF4?i6rDyA)28(}L<?D_d<#pcDOLl2&yrt1w>_
zq+on^X8%d54Jnk;vk;PTye4O^ktxL8H=2B_v-@qtg25<dGOf9i-SVBiHAwc+_?%m*
zS9g#+oe@aOukNfUMQ6gX-m<(dh&XeSlvaq#tx}G}N0r?&x}{=DTq7=b-$fo8q#alj
z5I*+5n;0zBBUn=7-C?z?YH0vUrlE40+J8*xnoYWO`wn^-V~o&Gg{36CyhQ)&<WK+h
zx5epiPfq@LvG|Wa|J%u*68MjwpZ@mrZ}uPmc6xep^2cvpKEHnb^w0G4Z+|T7;zs}L
zZzq2wPyZZA<n;8nKa1{Si_6kdE*M|vrMN_r*Rg@$cCrpVU$$7<Wy5IQ&G`|J#nda$
zcJ9->@dQaZk@sn}&=h0r`OVXbGWlf99WI&xhUj+N1a7h7tVj@;-nC(U3vkJX;tiP)
zqdOZ?W<yHw88xI_>0LKT9GR^s2lCqJ=HkY?fWsW&?j3D0#@$N`ybf}X{wNv~u<|P0
z(^yU(!@c%hpvL#En6)_q7$`Y^1B`8q?M5G1PAVp-WPJ3l=~RBTpCLh{=(r9!SyLf-
zOwc2$>O9wD68g5euaQZ-o>mPQuX`t7;`K+F`>5?cwuc5?=uPl}?_dI`wxDM;s`E~7
zm=ak6#jqRefKx9ms$EpLMC{qqR)VqhKP+1!Qfr*5El$)DKVik|jtW;>j{8<yk@SyC
zqyHB89WCkt;eyp=lmeXYZ9p3g>&b*slAiXR)*S5Y=Q@~f;m9tUxX<%3`D)S?OT@gN
z{~7l48*2*f>}XngJ9@NB5MVsSQX%BVwL=AB1(h+;<m#Hk4I@57RJII5<}A{cj!%uq
zV<ILtHQzP1{xhx3+)@o+ic3U`N~d4JnOelk=q7;TQ$N2EuZ_vjLFqX%ynRSwE?G8$
zC^ChujGp<9mhLs)0V>d8S5|LR=PY1}wpg)}p%s-)vPXihdgwtehI!+7Fjhx<WS#71
z$akQA^-0i8jT#rGZ%-@)U6+fBWee5Dz?K}@0i38qh-0!BUe(2taK&CSB0xL?SWTT_
z1nUE#ze*uzD5FBsa$Qp~<R4oSc}qy?*Z}&0aHey)m~1#gD-sMn>=ytHhrC1=fjJny
zoFvPMp46Cmc(L;Nm0A8{;Zy1FWqj_&wcS%{YOft#m}M!k+GCJ0q5l%F8{u+?6w8u&
zFE)ur>eSFGC+OEMclL~|RwR|b(J`chBwcnbWKP+<)nD8H`psQZHFOW6HHWA0I-+Gp
zQwJ`hhpQ>6Nh-#Z-gQ!x&J{H0KhIl)gu#~f7T(B+LBcL6m!Mb7K%bK{^cswg%`dR)
zUoj1W9@HVD#HJDBaBB*`X+TT#cr9p&{;An|CM7kjR<k5Hmp5eBKt&k16o_FA+bG>8
zvkYG&H~h-#hQ*SWx|6zDyXZlps#kV-bXtS%-d!g@20^8@0^beerF0Qc!jo^4z?0s(
zg$=w3divKI=M7&SSyKDDA+VPqe@pW$#T<OWx&z_W6wG8W0f$R*>DXAaQ-t=vRG3Se
z);SJq6zc4+84vm!qSmh2?pGvbWfpJ4xbA-GuO?g(kSjE%jY?XO?!h~03p;FOd7EPx
zBd4bksGB5ibz|%L3#ZL3(r|$=yZqhGO8%e)m|$c<q>YES$IvXRBO9c;VjLpNPco*1
zo3}KTrwRHmCl-*kMwvIq_Lk;hurCk|3FQ4^fiBRAt{p&&f@Bm+lJ8Eng~`??2o2jS
z`0>T(qZ@5Z5gttyX@{EGpznrF>p1YvRx#K6D32Zl!|{qwdimlpEZS|dzo>nR5hrVP
zZq13i<H@{}78Ce*MP$0sA-MZ%(OQ9L&6_AAlJEkuX*cY)J(G|j0b~bU#!541rAf}p
zT-;})N!aX4wMZq+&-Ur}39!0|hHltzB25{$g)7XNMWk4gEF+nF-BT)hXxpCYq7FB-
z)DRGFzk?ZlNhD5Q;exzP+Bujy31`Kzki1T1-J8Y)&WpGBR=o9RPI3JePNg>bJI!cK
z<)&UHDJwiBX(8xZoTqs$B;gBO(S@DC1-=#Moa6+HKIFKtI4XilZ(o!g<3<C7Obs<@
zFc>JMVtNEQ&CTizZ1(oHP!r&S#03&k@oYp(K{I{)&CnC{6c0)~jsV==?<x)1A(=Jj
zgm&dnFPn_ztqp`N^Id{oF-a~R*obvGG(FI4Wl$%C1WJ<(?g;Z%7CKyGILi<=xC=SG
zA%O^u6;qNrSmfO4va|MXaq}f8+NQ0qwhxoflh689>2VDv9^-N<s$~qc=Qxh#7>Lhk
z#%VMLW!qpgBDfBtP99!Cep<cwSl>}Z+)W%NWDDhS+zcO$0vT;rk41Wn#dd7zDlyL8
zel*8He8y3do`N$4kuiG0;!qc(aTYz~#PQh*AS?C*5RQ@@t7m>NI${hS;y%LRDA}RP
z<8hdVkuXjZoKn+j--VhUi}H!WAB=K0jQ2STRdA{&F=|$)Vg))3z(B)M=z#mEf1#m_
z;sFlh{DsJN&R#6CUx4JDYG2<K6lr>VS<MH60bBdx`#0YX3faE$bf}=M)YgJYf}Vq_
z;RQf-l$#!v<UPAB3IA~ZzWL~bQ$GfJ@Sm*K>`~o>Z*A`Z0>%VyzBRi@4YiSh7^-M`
zGeESioPTE9PEj+x(PMp1<=6GHe-8vtY+&sTdeDe2ZIEt;AgQ!Ch)cLLO1#v*v_7TR
zgfeMZBL`iyr%6v#{ZgE6AQuwiw<C7tgU78e5cT{+h!Zu9skE^v(8ocyBD4)gRj{0!
z5Mj%;?6Nl4k>el<ZCro!r_v~B0KCx<qQZA=G_yL~(Gm%%RQ5kWPfc`yQNu;bDldfu
zs)wRiEF-50AT<pTb=~o@PxLCow19;G^2jzU&)np|ZXVYD_9iXqPhc6jrJ5;;*b$GL
zUFrDsI%i9qx2-KE5PE2m)ueh$VL~SfH<ger(3ja%{YQCRv4P3G+Lh@wEeNXv-naG`
zJD=%5dI#hNmTZW$Q_L-VrQTu+`ASIa%2e@k=#prAet&@qTGo<4h)KBiryv2TKhBOD
zW5r!_R#)H9GJDKQoza&Dl*7ZMrZGEmn-M+l=}{v<nJZ5HJ?u*Y<BfCnr<RslV)YN2
zQ{xiU9#F$^gLMv?ZJa0`1in=4b8kAdy#quo$8Ru?mNm^Y^^2rARWp31Bn2)s`dkyb
zJ2H4R_ucEoj=h0HddB!kk|d`n#d#jmK&*BJ4C`2E8)}7xl3}bzo|Vp4c0+a!#V<Je
z>dbc1E%wT<;?Yd4XH?S*8#+Br<i(##moC&X90H1LDb#vtpfGi;0z?5C)ost@3fSz)
z=^28$(r<JS%9YNw!c`^o;X)@3vQU6HTUklx6x~{<#oLBxqA0!{;QQzv<lU8r*LPoG
zQlYexj%%W6+{jdYu#)<%AiN}O9E+7@_NQ78(Z)Y?Jl?i)EXLs_?Iq>kjaCp;eNr2&
zgK-#=O$V1^&2dUrb$+#}<r8*00PfJ5z~|m48M`g*g=Xw_nZ2yF17whM^11|R71)eq
z6<U%N<HVQy5KeWCbHs_PIcRb4?hyC5hCnKyY6pgd>E@X`)wCeV6VuC+i&OPgEr#Tw
zJvwkU)p(^Ix1)<2kE@-7Atjb1&y!9+77tH>dF;2R_|Xlms$lxKz$*gf{ILLoc&Q6H
zgCUh*wY9-^s@6p-HB_LS4Vn8!gu4yF`4H$uYpZ+>FE&D5=Z@I8KL<T(F;bZ(^_sIK
z`5i5@M_I;+i1jCY-TSfK(ASS&D}Dq&ja=KE@mZI!mLRmqM)+3UzGmo^YIB%ZN0@?g
zb;^hkPs<F#3B#}j9dOS5PdnM`x|=_YT?N4&a)L8@U>D!?ecS1yqQARK7e`p6K0i;*
z@ri-0Zhc_4QRi2^>9uSyWSLMG%B>Rp><O`Qo4p<EjnFyb2c98sppnbtePL`5;E3xm
zoHVDSX2Lb5rTGwox6EZgAY!K(wt9)NDnU=n5nxtO^<eTWYP|{FRT7!!zg35FL)RM%
z?X3jiKx9-*4l6KN%h=;*viWB3Dm8)8<wDO;NO8brMl+CYKr#Vc5wE1uO_rAVV1K4L
zDakDkMF!QSq&dP;lA@9(I0C0&BJ~MD2wF}uw5%nnOQ0L{RG57taweOoXdSFYw<O=S
z(vw<q5g_WepD~FkaY0?3W<%-tD_1CLxkI>wV4RpaZF&i274R~qAZ^gq-mVWSBgRlS
zw$DcRYDsRN5S-<-jOC}TZ|pXMAoMNHU5L3^>d*j892ibvLljt;ICf~Dy}{J_Hq#%{
zq$H~Zd<mr&V6Lq<EH}3=c=E_!Yn)rD8ct4ts@*uB+Tv-0-M1{giC(+rlTHkG12+Yi
z7<3@W8$HDZZW+l?uE-j<;T{LyrFkeIV8VbWT>kziodMfena;pJ;V}oS<5LH&P0-%x
zL%P1%5EDlq;)eGzFOu(cje+PHabNUYj>L!<A{;HH9=H!Xd=9Qeb)N~U?Q{TK2DhTU
z)GRX#nXM+VmwR9$VQ2Zm7tV&?XoQY|cUm{b;5!Xx8hK?94`Q)@S_a>9d*KjqzQFIC
zxmUh%R>}yu{$>A{c0*c8#hHSK90-kp*dwAN!Hv+u>jC6Om$>yXF!W&~ctIqmY1CNt
zo4)FP+wvYZf4{TtzMQPEM`-CCT|6Xq3~T8XX9bZPQVToa1ii4{*04tfRMU$GCbv%;
zy3{5y^JZGO!|@;4<`rivniC$J*fttz`-_&p879X~FEgljgLYAZD%HO01b8$Pb>ZNA
z!-Ty2;^K>oQ|GWU5%Z7-5r}HnCR9z33OlXYh>g^KvM}90$l@hjQJjd0Y%1vZvG0Cn
z`U+48%5;a+wX9D5z?i|W-SY41;tGasWC?nNa&}9&O_+f@K4qK_OG89WR<%Qg63G8r
z)AT0aoq^J(i#DjnDpm?(9fG)LC<B4$5KEI#H%@h}z~yeg*9m&8DS%dPO2MgXa**PV
z)##>Vx9C=#W%Vzp7Q{d^Xl1xwpbe`zxH;=G;L6l}g!#ehtBUYc@!-EuDWO1vmI(kH
zt64yG{|~0k_|9gRrUmog{H|+2K)z3z=@?}TK`~^?rA3`fToNcoa?p0&624@D$^rkX
zF`o_HB3;;KO-eI0rEsyeXj+KMH%8$j+7Jt0dWU5z-;(8qu>mcsHP%1qH;3%i!jig|
zTQ4PCKB0kl;&%9ee%lGZltU!+t`iNeqonyZc;VSFZ`A|30_7qxQ356_%?wjhGCsnb
zv7rzuq{FD1#`~H;v_$W(Nl`ta{KNUpmttX>S?F)h&6T)N-vootufy%Q+UK}XdQL79
z^HxYZ%texNc?P`C+Mn*E<G?i+>3(3sdC$~mpxincro9*;lMF30T>|$7kh5x@I=6;M
zas@<^uLnIpk)x{^j~(4>#@*=DXG0^?{}-~mU>Pwq)!f+7LQx_?u`2LK4ddBw-RR(^
z+86Dt_=!ITmr=Wlt=)T!-87Y_Y%rfyFq~tXmO|n(C1*PO2gI?IlZ=#-;=K2`UDe%e
zH_<jBXx9WM7&K_cQC+P$81G!WJ!Bi(yAHNhyo;C=W)ET2w&Z1`(xRv()GzBH`(kCJ
z6oE?Of-VZ2ku&hj-da<LQL$1>S4R!^P=sY^vN|o`Tf5WE-%XUuit$1X<%aAob$WRZ
zX)qO-fm(KDi}$Kl8!HbMBf*)0!@3=+*U(#+p>1b!8)vYPz+l7uc8P_hbhJ-o??CC2
z7HtA;Op#Wmq%E;|1)sGP7wz;Q8IUCVN_jt__GpLi@|2Z2PNnCT??yP97j4Lie@bmx
zINQgOB_GVr=x@@^2QJNYm|#jMG^ImOp=LzToT#IzH3~iSvu|IINj*6h@|xpP8``ev
zuqn9hP{l$vx&Cg_k#wX;ro;7ENzCRMz5<wa`52EtbA*ARNhkuJ5uWcLw$imWS_|)m
z!}0=AN~te8->CFL?qC?MAvNs~u|7!Dv<hK~X-cX=28g_1O~t7es-+=aXzYeBh!6qT
z*G^jFrY>*^etxiXn2#+-Q6tZY#55NOFIgQ(xB-|QyQXG&bU=TBcTG~%p`+5#G0})Z
z`t{~cwL9Thz()4EIyfR)qQ|%(`C}}IzBycknOb@^s&vDcAP$__l#CAsGrCL}h$+k<
z1QernjX5qQ(G_6!W>4dm4${2a%nGt4d{E!qlYsQgmc{A1tFH2Lj)l;&yyjAaU4En2
zCuQo67up-B!&ezc1x`1>^-=)Ea}XB#Y%5`C_{_C<GnF-VZULOi1|%Tg=_PgJ37_Pb
z-(OwZjBPM}02k1A)>qGPE(VYF`1JSOmqU}U@5lz)R`2OE8&P}BYjTF5J7?(o5}4S*
z{el;wj@zyxCV1L#TmR%h2{&~RSz=O(Acd$oS;KRV%N<G_)dV7yJ(MXgC>N)k3DMZB
z25Eu-{m2%A*Os#-NpUR*!hA_3$9(6B23F$Ki1UMFPXr+d3X3JCqE|!WR7WnG=oAf3
zp(OJh@L7htN(-fN;bDN9krfQNm=-;^dGBk3_wi!LPaUCy^<`y(r3Uu}FYRZWsDo^5
zr5e&fp9bzpzLwlj#7Rp`R@d`VYi!G%uVif>;=J16&nHRlpsnRO$p%ZVb)@0;>sGPs
z<g>ZX4h)Ejrr}B5wL<oDQj(#lr#6Py-Um(Aza&DUb@K;Hyr;t^2*pd5*n26QzA|hM
z=-q;QKkA-&$hD@pmH$h<+=KWw>>9oQaI{z~j=a)(h%a%P;971Nr$6Yp6^pp>@aTq?
z*(G|za&lx7F%`+&OF%X$WvR^fF+0@uzC<am=)y~p))lH+znU<!h4oi2ID=R_r<Pu#
z<M;1T@<t~}CQUBihY!a`yaspb0^y263IlX)fgU_K>cE{ZjCrBJmEsRu!k6avHRM1o
zz+MjjaccnT7DjQ0|I{iu{AcC<o{^kLGPU`0$EA9DvDZ!%ak4eZv>rv%`MvK`1|o&O
z;QIt!ZtVR|)bt%_l*YY{sBJ;|Di9JE)g>xx@SfcN7BwNTdTS1Cx#OQ7?@y!t(VIi{
z!#&QzM;NPi8ZWqx{&b@)S^36{?fW<1n$et_xA*tSCq2fBvv<4jYO1c1QX0)*@R&$;
zLrPAzl-x$1zP>rwrz>h;{7MTKB1r!*p8h+fFPH1T18ZNJmZLd5%ZVu(W@j=m$|GGT
z$y{6$E*vxAuoX0gt5yYFN6Yv#qx*ligYe_5lh5Dm`W!g#{vnQFrvK8@-msyMKItCE
z`_ZP{O{}4RkF)8*Ar@7ROZ9>i%kBOen27xs-Hm4~<I&?46-m_qptQJV%DP2BAc0<j
z>k@tW`RAX(KPBdCB45Lg_N6wO;m4VZA8}>+=G^za-*JNVg!awnf9N0o9@B}dN;GWb
z38`|nD@Z9n(G5R&{#_jch~a6^a1ScgA)|{MpCm=4ly=j!H@gV6XZY}b#Pvj{;$M1w
z*R@CNFAGS<Zu+u73&&>^vxfk|uO9y5-;;~vB6)cE<;9m5t(Scv#p_v7;4<^cp8I`5
zu7sW|<z{cW)=*oRtPX5&dy)Jixo8u5UFZ30meX{1iC(N;G5K0U3%a-Tmg{!HomksV
zH$$z%+9uKt(eeIVaVA;H@=J96__h1Jx0qR9{jjvEFVVw`i#7&=E*yS|9{%#;CH4N&
zU$be1#)VHqSJHl|?$XvAK!qTv;E&E_QH_Qr?M;ySwbfIceOKnYRxzW#jVDN2bF#?6
z_-sQ{zq){}cX9cpzZUBCx)PETTzsXjsLS*7_AWhdZ&S9GOvsFI{#C1_lKSKJtA`ie
zeYsA#+KxB%k{Cb``0s@ha<r79_TewReW=IYc`16Qec89unhRR-6kZr(2!IXfSWJsC
zkK71)>X0mKO$@Jqglp@D>@K0c3`ku`yL61sVLS5oi$}F*wRQZ4zbB1!_L61f5`F#)
zKU~oZ4+`JJu+R3cGxeiob!`E;34Hs=5`%vZCSO-sDc}!APYz8$GDIyA+w_i~yYWLL
z`Vm4@h?;O$09()L3;6NKJLH{-$X9}{OOh?9ee+{2uj$IiUfKNtO<P_?;R-198ntm&
zP{4aMH(<Z62Y9v+E@0wtAGgBZ{5gOsoc_V@P9QCnKD9{kV#Qez7{mGSCO`ftlf8AL
zbX%hx-e-Q*1~5BuZ@}DSCe)mw?L+f_;9ye!&{=RkK)=~_mPy5F0tm&fzv1`#{xl;a
zo}6n$8knX9WeeNa#gZ|pHbUhE3a&8CYfh|a^9<A6&Ea<MgXCsutaNp5`AW;I=Oe-H
zEg1a0*`n?PZ!*1*C->*aZ=OE7ero>l{p%<8A04@8f%du!Y9-BxF2N+!^;D97<`p&~
zItc8si`@6kr@hX7J^mM5YCd6!`9I9k@_*eWZC4_RUEKb!KJ8`h?{oix|Kwlx=`&88
zCmWI%x-8axv~h89aq-3HpTqxOTwHYj|KgXQeesirpMQSw#V`N;;<L{l{^a7}FF*g{
zi=Uv2`)GXZsfEP+Cl_~at2?-Vkmsl9wXP`*S$=xWb^Ib&3?StLr#E;_L~`^~6IWeV
zU<p8CL-HH|eO)2UGgJOz3k3-_-tV}~j(%#8^jL{bDo$4PoxwOo|Kl`4-<A0eq7_Y<
zYg7@Aa$1t)D0y=A-&c}xa`aR5m=y&p(eEE$p^S2Il&q;dhyT^xKT4KA@N@WI`@?2^
zuKvgVQ*6ughR_nHH+6+pG$-Qd=ZUzjj((mj@y*fC6IrPLW}L2%e*V9Yeu{pNIc2p#
zFP=OVM@hvQ1PmoKBluju&e>m%lC4NtM$V7^h55?-%+LIM`p^Fl00960^u6s70R9C4
DsMG_}

literal 0
HcmV?d00001

diff --git a/bootstrap/helm/cluster-api-operator/crds/bootstrapproviders.operator.cluster.x-k8s.io.yaml b/bootstrap/helm/cluster-api-operator/crds/bootstrapproviders.operator.cluster.x-k8s.io.yaml
new file mode 100644
index 000000000..78209b3c1
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/crds/bootstrapproviders.operator.cluster.x-k8s.io.yaml
@@ -0,0 +1,1475 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1
+    meta.helm.sh/release-name: bootstrap
+    meta.helm.sh/release-namespace: bootstrap
+  labels:
+    app.kubernetes.io/managed-by: Helm
+    clusterctl.cluster.x-k8s.io/core: capi-operator
+  name: bootstrapproviders.operator.cluster.x-k8s.io
+spec:
+  group: operator.cluster.x-k8s.io
+  names:
+    kind: BootstrapProvider
+    listKind: BootstrapProviderList
+    plural: bootstrapproviders
+    singular: bootstrapprovider
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.installedVersion
+          name: InstalledVersion
+          type: string
+        - jsonPath: .status.conditions[?(@.type=='Ready')].status
+          name: Ready
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: BootstrapProvider is the Schema for the bootstrapproviders API.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: BootstrapProviderSpec defines the desired state of BootstrapProvider.
+              properties:
+                deployment:
+                  description: Deployment defines the properties that can be enabled
+                    on the deployment for the provider.
+                  properties:
+                    affinity:
+                      description: If specified, the pod's scheduling constraints
+                      properties:
+                        nodeAffinity:
+                          description: Describes node affinity scheduling rules for
+                            the pod.
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the affinity expressions specified
+                                by this field, but it may choose a node that violates
+                                one or more of the expressions. The node that is most
+                                preferred is the one with the greatest sum of weights,
+                                i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node matches the corresponding matchExpressions;
+                                the node(s) with the highest sum are the most preferred.
+                              items:
+                                description: An empty preferred scheduling term matches
+                                  all objects with implicit weight 0 (i.e. it's a no-op).
+                                  A null preferred scheduling term matches no objects
+                                  (i.e. is also a no-op).
+                                properties:
+                                  preference:
+                                    description: A node selector term, associated with
+                                      the corresponding weight.
+                                    properties:
+                                      matchExpressions:
+                                        description: A list of node selector requirements
+                                          by node's labels.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        description: A list of node selector requirements
+                                          by node's fields.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                  weight:
+                                    description: Weight associated with matching the
+                                      corresponding nodeSelectorTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - preference
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the affinity requirements specified by
+                                this field are not met at scheduling time, the pod will
+                                not be scheduled onto the node. If the affinity requirements
+                                specified by this field cease to be met at some point
+                                during pod execution (e.g. due to an update), the system
+                                may or may not try to eventually evict the pod from
+                                its node.
+                              properties:
+                                nodeSelectorTerms:
+                                  description: Required. A list of node selector terms.
+                                    The terms are ORed.
+                                  items:
+                                    description: A null or empty node selector term
+                                      matches no objects. The requirements of them are
+                                      ANDed. The TopologySelectorTerm type implements
+                                      a subset of the NodeSelectorTerm.
+                                    properties:
+                                      matchExpressions:
+                                        description: A list of node selector requirements
+                                          by node's labels.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        description: A list of node selector requirements
+                                          by node's fields.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                  type: array
+                              required:
+                                - nodeSelectorTerms
+                              type: object
+                          type: object
+                        podAffinity:
+                          description: Describes pod affinity scheduling rules (e.g.
+                            co-locate this pod in the same node, zone, etc. as some
+                            other pod(s)).
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the affinity expressions specified
+                                by this field, but it may choose a node that violates
+                                one or more of the expressions. The node that is most
+                                preferred is the one with the greatest sum of weights,
+                                i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node has pods which matches the corresponding
+                                podAffinityTerm; the node(s) with the highest sum are
+                                the most preferred.
+                              items:
+                                description: The weights of all of the matched WeightedPodAffinityTerm
+                                  fields are added per-node to find the most preferred
+                                  node(s)
+                                properties:
+                                  podAffinityTerm:
+                                    description: Required. A pod affinity term, associated
+                                      with the corresponding weight.
+                                    properties:
+                                      labelSelector:
+                                        description: A label query over a set of resources,
+                                          in this case pods.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        description: A label query over the set of namespaces
+                                          that the term applies to. The term is applied
+                                          to the union of the namespaces selected by
+                                          this field and the ones listed in the namespaces
+                                          field. null selector and null or empty namespaces
+                                          list means "this pod's namespace". An empty
+                                          selector ({}) matches all namespaces.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        description: namespaces specifies a static list
+                                          of namespace names that the term applies to.
+                                          The term is applied to the union of the namespaces
+                                          listed in this field and the ones selected
+                                          by namespaceSelector. null or empty namespaces
+                                          list and null namespaceSelector means "this
+                                          pod's namespace".
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        description: This pod should be co-located (affinity)
+                                          or not co-located (anti-affinity) with the
+                                          pods matching the labelSelector in the specified
+                                          namespaces, where co-located is defined as
+                                          running on a node whose value of the label
+                                          with key topologyKey matches that of any node
+                                          on which any of the selected pods is running.
+                                          Empty topologyKey is not allowed.
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    description: weight associated with matching the
+                                      corresponding podAffinityTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the affinity requirements specified by
+                                this field are not met at scheduling time, the pod will
+                                not be scheduled onto the node. If the affinity requirements
+                                specified by this field cease to be met at some point
+                                during pod execution (e.g. due to a pod label update),
+                                the system may or may not try to eventually evict the
+                                pod from its node. When there are multiple elements,
+                                the lists of nodes corresponding to each podAffinityTerm
+                                are intersected, i.e. all terms must be satisfied.
+                              items:
+                                description: Defines a set of pods (namely those matching
+                                  the labelSelector relative to the given namespace(s))
+                                  that this pod should be co-located (affinity) or not
+                                  co-located (anti-affinity) with, where co-located
+                                  is defined as running on a node whose value of the
+                                  label with key <topologyKey> matches that of any node
+                                  on which a pod of the set of pods is running
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: A label query over the set of namespaces
+                                      that the term applies to. The term is applied
+                                      to the union of the namespaces selected by this
+                                      field and the ones listed in the namespaces field.
+                                      null selector and null or empty namespaces list
+                                      means "this pod's namespace". An empty selector
+                                      ({}) matches all namespaces.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: namespaces specifies a static list
+                                      of namespace names that the term applies to. The
+                                      term is applied to the union of the namespaces
+                                      listed in this field and the ones selected by
+                                      namespaceSelector. null or empty namespaces list
+                                      and null namespaceSelector means "this pod's namespace".
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    description: This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a node
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the selected
+                                      pods is running. Empty topologyKey is not allowed.
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                        podAntiAffinity:
+                          description: Describes pod anti-affinity scheduling rules
+                            (e.g. avoid putting this pod in the same node, zone, etc.
+                            as some other pod(s)).
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the anti-affinity expressions
+                                specified by this field, but it may choose a node that
+                                violates one or more of the expressions. The node that
+                                is most preferred is the one with the greatest sum of
+                                weights, i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                anti-affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node has pods which matches the corresponding
+                                podAffinityTerm; the node(s) with the highest sum are
+                                the most preferred.
+                              items:
+                                description: The weights of all of the matched WeightedPodAffinityTerm
+                                  fields are added per-node to find the most preferred
+                                  node(s)
+                                properties:
+                                  podAffinityTerm:
+                                    description: Required. A pod affinity term, associated
+                                      with the corresponding weight.
+                                    properties:
+                                      labelSelector:
+                                        description: A label query over a set of resources,
+                                          in this case pods.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        description: A label query over the set of namespaces
+                                          that the term applies to. The term is applied
+                                          to the union of the namespaces selected by
+                                          this field and the ones listed in the namespaces
+                                          field. null selector and null or empty namespaces
+                                          list means "this pod's namespace". An empty
+                                          selector ({}) matches all namespaces.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        description: namespaces specifies a static list
+                                          of namespace names that the term applies to.
+                                          The term is applied to the union of the namespaces
+                                          listed in this field and the ones selected
+                                          by namespaceSelector. null or empty namespaces
+                                          list and null namespaceSelector means "this
+                                          pod's namespace".
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        description: This pod should be co-located (affinity)
+                                          or not co-located (anti-affinity) with the
+                                          pods matching the labelSelector in the specified
+                                          namespaces, where co-located is defined as
+                                          running on a node whose value of the label
+                                          with key topologyKey matches that of any node
+                                          on which any of the selected pods is running.
+                                          Empty topologyKey is not allowed.
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    description: weight associated with matching the
+                                      corresponding podAffinityTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the anti-affinity requirements specified
+                                by this field are not met at scheduling time, the pod
+                                will not be scheduled onto the node. If the anti-affinity
+                                requirements specified by this field cease to be met
+                                at some point during pod execution (e.g. due to a pod
+                                label update), the system may or may not try to eventually
+                                evict the pod from its node. When there are multiple
+                                elements, the lists of nodes corresponding to each podAffinityTerm
+                                are intersected, i.e. all terms must be satisfied.
+                              items:
+                                description: Defines a set of pods (namely those matching
+                                  the labelSelector relative to the given namespace(s))
+                                  that this pod should be co-located (affinity) or not
+                                  co-located (anti-affinity) with, where co-located
+                                  is defined as running on a node whose value of the
+                                  label with key <topologyKey> matches that of any node
+                                  on which a pod of the set of pods is running
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: A label query over the set of namespaces
+                                      that the term applies to. The term is applied
+                                      to the union of the namespaces selected by this
+                                      field and the ones listed in the namespaces field.
+                                      null selector and null or empty namespaces list
+                                      means "this pod's namespace". An empty selector
+                                      ({}) matches all namespaces.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: namespaces specifies a static list
+                                      of namespace names that the term applies to. The
+                                      term is applied to the union of the namespaces
+                                      listed in this field and the ones selected by
+                                      namespaceSelector. null or empty namespaces list
+                                      and null namespaceSelector means "this pod's namespace".
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    description: This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a node
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the selected
+                                      pods is running. Empty topologyKey is not allowed.
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                      type: object
+                    containers:
+                      description: List of containers specified in the Deployment
+                      items:
+                        description: ContainerSpec defines the properties available
+                          to override for each container in a provider deployment such
+                          as Image and Args to the container’s entrypoint.
+                        properties:
+                          args:
+                            additionalProperties:
+                              type: string
+                            description: Args represents extra provider specific flags
+                              that are not encoded as fields in this API. Explicit controller
+                              manager properties defined in the `Provider.ManagerSpec`
+                              will have higher precedence than those defined in `ContainerSpec.Args`.
+                              For example, `ManagerSpec.SyncPeriod` will be used instead
+                              of the container arg `--sync-period` if both are defined.
+                              The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+                            type: object
+                          command:
+                            description: Command allows override container's entrypoint
+                              array.
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            description: List of environment variables to set in the
+                              container.
+                            items:
+                              description: EnvVar represents an environment variable
+                                present in a Container.
+                              properties:
+                                name:
+                                  description: Name of the environment variable. Must
+                                    be a C_IDENTIFIER.
+                                  type: string
+                                value:
+                                  description: 'Variable references $(VAR_NAME) are
+                                  expanded using the previously defined environment
+                                  variables in the container and any service environment
+                                  variables. If a variable cannot be resolved, the
+                                  reference in the input string will be unchanged.
+                                  Double $$ are reduced to a single $, which allows
+                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+                                  will produce the string literal "$(VAR_NAME)". Escaped
+                                  references will never be expanded, regardless of
+                                  whether the variable exists or not. Defaults to
+                                  "".'
+                                  type: string
+                                valueFrom:
+                                  description: Source for the environment variable's
+                                    value. Cannot be used if value is not empty.
+                                  properties:
+                                    configMapKeyRef:
+                                      description: Selects a key of a ConfigMap.
+                                      properties:
+                                        key:
+                                          description: The key to select.
+                                          type: string
+                                        name:
+                                          description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                          type: string
+                                        optional:
+                                          description: Specify whether the ConfigMap
+                                            or its key must be defined
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                    fieldRef:
+                                      description: 'Selects a field of the pod: supports
+                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                      spec.serviceAccountName, status.hostIP, status.podIP,
+                                      status.podIPs.'
+                                      properties:
+                                        apiVersion:
+                                          description: Version of the schema the FieldPath
+                                            is written in terms of, defaults to "v1".
+                                          type: string
+                                        fieldPath:
+                                          description: Path of the field to select in
+                                            the specified API version.
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                    resourceFieldRef:
+                                      description: 'Selects a resource of the container:
+                                      only resources limits and requests (limits.cpu,
+                                      limits.memory, limits.ephemeral-storage, requests.cpu,
+                                      requests.memory and requests.ephemeral-storage)
+                                      are currently supported.'
+                                      properties:
+                                        containerName:
+                                          description: 'Container name: required for
+                                          volumes, optional for env vars'
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          description: Specifies the output format of
+                                            the exposed resources, defaults to "1"
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          description: 'Required: resource to select'
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                    secretKeyRef:
+                                      description: Selects a key of a secret in the
+                                        pod's namespace
+                                      properties:
+                                        key:
+                                          description: The key of the secret to select
+                                            from.  Must be a valid secret key.
+                                          type: string
+                                        name:
+                                          description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                          type: string
+                                        optional:
+                                          description: Specify whether the Secret or
+                                            its key must be defined
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          image:
+                            description: Container Image Name
+                            properties:
+                              name:
+                                description: Name allows to specify a name for the image.
+                                type: string
+                              repository:
+                                description: Repository sets the container registry
+                                  to pull images from.
+                                type: string
+                              tag:
+                                description: Tag allows to specify a tag for the image.
+                                type: string
+                            type: object
+                          name:
+                            description: Name of the container. Cannot be updated.
+                            type: string
+                          resources:
+                            description: Compute resources required by this container.
+                            properties:
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                description: 'Limits describes the maximum amount of
+                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                description: 'Requests describes the minimum amount
+                                of compute resources required. If Requests is omitted
+                                for a container, it defaults to Limits if that is
+                                explicitly specified, otherwise to an implementation-defined
+                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                type: object
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    nodeSelector:
+                      additionalProperties:
+                        type: string
+                      description: 'NodeSelector is a selector which must be true for
+                      the pod to fit on a node. Selector which must match a node''s
+                      labels for the pod to be scheduled on that node. More info:
+                      https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+                      type: object
+                    replicas:
+                      description: Number of desired pods. This is a pointer to distinguish
+                        between explicit zero and not specified. Defaults to 1.
+                      minimum: 0
+                      type: integer
+                    tolerations:
+                      description: If specified, the pod's tolerations.
+                      items:
+                        description: The pod this Toleration is attached to tolerates
+                          any taint that matches the triple <key,value,effect> using
+                          the matching operator <operator>.
+                        properties:
+                          effect:
+                            description: Effect indicates the taint effect to match.
+                              Empty means match all taint effects. When specified, allowed
+                              values are NoSchedule, PreferNoSchedule and NoExecute.
+                            type: string
+                          key:
+                            description: Key is the taint key that the toleration applies
+                              to. Empty means match all taint keys. If the key is empty,
+                              operator must be Exists; this combination means to match
+                              all values and all keys.
+                            type: string
+                          operator:
+                            description: Operator represents a key's relationship to
+                              the value. Valid operators are Exists and Equal. Defaults
+                              to Equal. Exists is equivalent to wildcard for value,
+                              so that a pod can tolerate all taints of a particular
+                              category.
+                            type: string
+                          tolerationSeconds:
+                            description: TolerationSeconds represents the period of
+                              time the toleration (which must be of effect NoExecute,
+                              otherwise this field is ignored) tolerates the taint.
+                              By default, it is not set, which means tolerate the taint
+                              forever (do not evict). Zero and negative values will
+                              be treated as 0 (evict immediately) by the system.
+                            format: int64
+                            type: integer
+                          value:
+                            description: Value is the taint value the toleration matches
+                              to. If the operator is Exists, the value should be empty,
+                              otherwise just a regular string.
+                            type: string
+                        type: object
+                      type: array
+                  type: object
+                fetchConfig:
+                  description: FetchConfig determines how the operator will fetch the
+                    components and metadata for the provider. If nil, the operator will
+                    try to fetch components according to default embedded fetch configuration
+                    for the given kind and `ObjectMeta.Name`. For example, the infrastructure
+                    name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+                  properties:
+                    selector:
+                      description: 'Selector to be used for fetching provider’s components
+                      and metadata from ConfigMaps stored inside the cluster. Each
+                      ConfigMap is expected to contain components and metadata for
+                      a specific version only. Note: the name of the ConfigMap should
+                      be set to the version or to override this add a label like the
+                      following: provider.cluster.x-k8s.io/version=v1.4.3'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values. If
+                                  the operator is In or NotIn, the values array must
+                                  be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced
+                                  during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                              - key
+                              - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: matchLabels is a map of {key,value} pairs. A
+                            single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is "key",
+                            the operator is "In", and the values array contains only
+                            "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    url:
+                      description: URL to be used for fetching the provider’s components
+                        and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases
+                        You must set `providerSpec.Version` field for operator to pick
+                        up desired version of the release from GitHub.
+                      type: string
+                  type: object
+                manager:
+                  description: Manager defines the properties that can be enabled on
+                    the controller manager for the provider.
+                  properties:
+                    cacheNamespace:
+                      description: "CacheNamespace if specified restricts the manager's
+                      cache to watch objects in the desired namespace Defaults to
+                      all namespaces \n Note: If a namespace is specified, controllers
+                      can still Watch for a cluster-scoped resource (e.g Node).  For
+                      namespaced resources the cache will only hold objects from the
+                      desired namespace."
+                      type: string
+                    controller:
+                      description: Controller contains global configuration options
+                        for controllers registered within this manager.
+                      properties:
+                        cacheSyncTimeout:
+                          description: CacheSyncTimeout refers to the time limit set
+                            to wait for syncing caches. Defaults to 2 minutes if not
+                            set.
+                          format: int64
+                          type: integer
+                        groupKindConcurrency:
+                          additionalProperties:
+                            type: integer
+                          description: "GroupKindConcurrency is a map from a Kind to
+                          the number of concurrent reconciliation allowed for that
+                          controller. \n When a controller is registered within this
+                          manager using the builder utilities, users have to specify
+                          the type the controller reconciles in the For(...) call.
+                          If the object's kind passed matches one of the keys in this
+                          map, the concurrency for that controller is set to the number
+                          specified. \n The key is expected to be consistent in form
+                          with GroupKind.String(), e.g. ReplicaSet in apps group (regardless
+                          of version) would be `ReplicaSet.apps`."
+                          type: object
+                      type: object
+                    featureGates:
+                      additionalProperties:
+                        type: boolean
+                      description: FeatureGates define provider specific feature flags
+                        that will be passed in as container args to the provider's controller
+                        manager. Controller Manager flag is --feature-gates.
+                      type: object
+                    gracefulShutDown:
+                      description: GracefulShutdownTimeout is the duration given to
+                        runnable to stop before the manager actually returns on stop.
+                        To disable graceful shutdown, set to time.Duration(0) To use
+                        graceful shutdown without timeout, set to a negative duration,
+                        e.G. time.Duration(-1) The graceful shutdown is skipped for
+                        safety reasons in case the leader election lease is lost.
+                      type: string
+                    health:
+                      description: Health contains the controller health configuration
+                      properties:
+                        healthProbeBindAddress:
+                          description: HealthProbeBindAddress is the TCP address that
+                            the controller should bind to for serving health probes
+                          type: string
+                        livenessEndpointName:
+                          description: LivenessEndpointName, defaults to "healthz"
+                          type: string
+                        readinessEndpointName:
+                          description: ReadinessEndpointName, defaults to "readyz"
+                          type: string
+                      type: object
+                    leaderElection:
+                      description: LeaderElection is the LeaderElection config to be
+                        used when configuring the manager.Manager leader election
+                      properties:
+                        leaderElect:
+                          description: leaderElect enables a leader election client
+                            to gain leadership before executing the main loop. Enable
+                            this when running replicated components for high availability.
+                          type: boolean
+                        leaseDuration:
+                          description: leaseDuration is the duration that non-leader
+                            candidates will wait after observing a leadership renewal
+                            until attempting to acquire leadership of a led but unrenewed
+                            leader slot. This is effectively the maximum duration that
+                            a leader can be stopped before it is replaced by another
+                            candidate. This is only applicable if leader election is
+                            enabled.
+                          type: string
+                        renewDeadline:
+                          description: renewDeadline is the interval between attempts
+                            by the acting master to renew a leadership slot before it
+                            stops leading. This must be less than or equal to the lease
+                            duration. This is only applicable if leader election is
+                            enabled.
+                          type: string
+                        resourceLock:
+                          description: resourceLock indicates the resource object type
+                            that will be used to lock during leader election cycles.
+                          type: string
+                        resourceName:
+                          description: resourceName indicates the name of resource object
+                            that will be used to lock during leader election cycles.
+                          type: string
+                        resourceNamespace:
+                          description: resourceName indicates the namespace of resource
+                            object that will be used to lock during leader election
+                            cycles.
+                          type: string
+                        retryPeriod:
+                          description: retryPeriod is the duration the clients should
+                            wait between attempting acquisition and renewal of a leadership.
+                            This is only applicable if leader election is enabled.
+                          type: string
+                      required:
+                        - leaderElect
+                        - leaseDuration
+                        - renewDeadline
+                        - resourceLock
+                        - resourceName
+                        - resourceNamespace
+                        - retryPeriod
+                      type: object
+                    maxConcurrentReconciles:
+                      description: MaxConcurrentReconciles is the maximum number of
+                        concurrent Reconciles which can be run.
+                      minimum: 1
+                      type: integer
+                    metrics:
+                      description: Metrics contains thw controller metrics configuration
+                      properties:
+                        bindAddress:
+                          description: BindAddress is the TCP address that the controller
+                            should bind to for serving prometheus metrics. It can be
+                            set to "0" to disable the metrics serving.
+                          type: string
+                      type: object
+                    profilerAddress:
+                      description: ProfilerAddress defines the bind address to expose
+                        the pprof profiler (e.g. localhost:6060). Default empty, meaning
+                        the profiler is disabled. Controller Manager flag is --profiler-address.
+                      type: string
+                    syncPeriod:
+                      description: SyncPeriod determines the minimum frequency at which
+                        watched resources are reconciled. A lower period will correct
+                        entropy more quickly, but reduce responsiveness to change if
+                        there are many watched resources. Change this value only if
+                        you know what you are doing. Defaults to 10 hours if unset.
+                        there will a 10 percent jitter between the SyncPeriod of all
+                        controllers so that all controllers will not send list requests
+                        simultaneously.
+                      type: string
+                    verbosity:
+                      default: 1
+                      description: Verbosity set the logs verbosity. Defaults to 1.
+                        Controller Manager flag is --verbosity.
+                      minimum: 0
+                      type: integer
+                    webhook:
+                      description: Webhook contains the controllers webhook configuration
+                      properties:
+                        certDir:
+                          description: CertDir is the directory that contains the server
+                            key and certificate. if not set, webhook server would look
+                            up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs.
+                            The server key and certificate must be named tls.key and
+                            tls.crt, respectively.
+                          type: string
+                        host:
+                          description: Host is the hostname that the webhook server
+                            binds to. It is used to set webhook.Server.Host.
+                          type: string
+                        port:
+                          description: Port is the port that the webhook server serves
+                            at. It is used to set webhook.Server.Port.
+                          type: integer
+                      type: object
+                  type: object
+                secretName:
+                  description: SecretName is the name of the Secret providing the configuration
+                    variables for the current provider instance, like e.g. credentials.
+                    Such configurations will be used when creating or upgrading provider
+                    components. The contents of the secret will be treated as immutable.
+                    If changes need to be made, a new object can be created and the
+                    name should be updated. The contents should be in the form of key:value.
+                    This secret must be in the same namespace as the provider.
+                  type: string
+                version:
+                  description: Version indicates the provider version.
+                  type: string
+              required:
+                - version
+              type: object
+            status:
+              description: BootstrapProviderStatus defines the observed state of BootstrapProvider.
+              properties:
+                conditions:
+                  description: Conditions define the current service state of the provider.
+                  items:
+                    description: Condition defines an observation of a Cluster API resource
+                      operational state.
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one status
+                          to another. This should be when the underlying condition changed.
+                          If that is not known, then using the time when the API field
+                          changed is acceptable.
+                        format: date-time
+                        type: string
+                      message:
+                        description: A human readable message indicating details about
+                          the transition. This field may be empty.
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition
+                          in CamelCase. The specific API may choose whether or not this
+                          field is considered a guaranteed API. This field may not be
+                          empty.
+                        type: string
+                      severity:
+                        description: Severity provides an explicit classification of
+                          Reason code, so the users or machines can immediately understand
+                          the current situation and act accordingly. The Severity field
+                          MUST be set only when Status=False.
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False, Unknown.
+                        type: string
+                      type:
+                        description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                          Many .condition.type values are consistent across resources
+                          like Available, but because arbitrary conditions can be useful
+                          (see .node.status.conditions), the ability to deconflict is
+                          important.
+                        type: string
+                    required:
+                      - lastTransitionTime
+                      - status
+                      - type
+                    type: object
+                  type: array
+                contract:
+                  description: Contract will contain the core provider contract that
+                    the provider is abiding by, like e.g. v1alpha4.
+                  type: string
+                installedVersion:
+                  description: InstalledVersion is the version of the provider that
+                    is installed.
+                  type: string
+                observedGeneration:
+                  description: ObservedGeneration is the latest generation observed
+                    by the controller.
+                  format: int64
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-operator/crds/controlplaneproviders.operator.cluster.x-k8s.io.yaml b/bootstrap/helm/cluster-api-operator/crds/controlplaneproviders.operator.cluster.x-k8s.io.yaml
new file mode 100644
index 000000000..27e5dfce1
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/crds/controlplaneproviders.operator.cluster.x-k8s.io.yaml
@@ -0,0 +1,1477 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1
+    meta.helm.sh/release-name: bootstrap
+    meta.helm.sh/release-namespace: bootstrap
+  labels:
+    app.kubernetes.io/managed-by: Helm
+    clusterctl.cluster.x-k8s.io/core: capi-operator
+  name: controlplaneproviders.operator.cluster.x-k8s.io
+spec:
+  group: operator.cluster.x-k8s.io
+  names:
+    kind: ControlPlaneProvider
+    listKind: ControlPlaneProviderList
+    plural: controlplaneproviders
+    singular: controlplaneprovider
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.installedVersion
+          name: InstalledVersion
+          type: string
+        - jsonPath: .status.conditions[?(@.type=='Ready')].status
+          name: Ready
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: ControlPlaneProvider is the Schema for the controlplaneproviders
+            API.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider.
+              properties:
+                deployment:
+                  description: Deployment defines the properties that can be enabled
+                    on the deployment for the provider.
+                  properties:
+                    affinity:
+                      description: If specified, the pod's scheduling constraints
+                      properties:
+                        nodeAffinity:
+                          description: Describes node affinity scheduling rules for
+                            the pod.
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the affinity expressions specified
+                                by this field, but it may choose a node that violates
+                                one or more of the expressions. The node that is most
+                                preferred is the one with the greatest sum of weights,
+                                i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node matches the corresponding matchExpressions;
+                                the node(s) with the highest sum are the most preferred.
+                              items:
+                                description: An empty preferred scheduling term matches
+                                  all objects with implicit weight 0 (i.e. it's a no-op).
+                                  A null preferred scheduling term matches no objects
+                                  (i.e. is also a no-op).
+                                properties:
+                                  preference:
+                                    description: A node selector term, associated with
+                                      the corresponding weight.
+                                    properties:
+                                      matchExpressions:
+                                        description: A list of node selector requirements
+                                          by node's labels.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        description: A list of node selector requirements
+                                          by node's fields.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                  weight:
+                                    description: Weight associated with matching the
+                                      corresponding nodeSelectorTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - preference
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the affinity requirements specified by
+                                this field are not met at scheduling time, the pod will
+                                not be scheduled onto the node. If the affinity requirements
+                                specified by this field cease to be met at some point
+                                during pod execution (e.g. due to an update), the system
+                                may or may not try to eventually evict the pod from
+                                its node.
+                              properties:
+                                nodeSelectorTerms:
+                                  description: Required. A list of node selector terms.
+                                    The terms are ORed.
+                                  items:
+                                    description: A null or empty node selector term
+                                      matches no objects. The requirements of them are
+                                      ANDed. The TopologySelectorTerm type implements
+                                      a subset of the NodeSelectorTerm.
+                                    properties:
+                                      matchExpressions:
+                                        description: A list of node selector requirements
+                                          by node's labels.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        description: A list of node selector requirements
+                                          by node's fields.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                  type: array
+                              required:
+                                - nodeSelectorTerms
+                              type: object
+                          type: object
+                        podAffinity:
+                          description: Describes pod affinity scheduling rules (e.g.
+                            co-locate this pod in the same node, zone, etc. as some
+                            other pod(s)).
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the affinity expressions specified
+                                by this field, but it may choose a node that violates
+                                one or more of the expressions. The node that is most
+                                preferred is the one with the greatest sum of weights,
+                                i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node has pods which matches the corresponding
+                                podAffinityTerm; the node(s) with the highest sum are
+                                the most preferred.
+                              items:
+                                description: The weights of all of the matched WeightedPodAffinityTerm
+                                  fields are added per-node to find the most preferred
+                                  node(s)
+                                properties:
+                                  podAffinityTerm:
+                                    description: Required. A pod affinity term, associated
+                                      with the corresponding weight.
+                                    properties:
+                                      labelSelector:
+                                        description: A label query over a set of resources,
+                                          in this case pods.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        description: A label query over the set of namespaces
+                                          that the term applies to. The term is applied
+                                          to the union of the namespaces selected by
+                                          this field and the ones listed in the namespaces
+                                          field. null selector and null or empty namespaces
+                                          list means "this pod's namespace". An empty
+                                          selector ({}) matches all namespaces.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        description: namespaces specifies a static list
+                                          of namespace names that the term applies to.
+                                          The term is applied to the union of the namespaces
+                                          listed in this field and the ones selected
+                                          by namespaceSelector. null or empty namespaces
+                                          list and null namespaceSelector means "this
+                                          pod's namespace".
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        description: This pod should be co-located (affinity)
+                                          or not co-located (anti-affinity) with the
+                                          pods matching the labelSelector in the specified
+                                          namespaces, where co-located is defined as
+                                          running on a node whose value of the label
+                                          with key topologyKey matches that of any node
+                                          on which any of the selected pods is running.
+                                          Empty topologyKey is not allowed.
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    description: weight associated with matching the
+                                      corresponding podAffinityTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the affinity requirements specified by
+                                this field are not met at scheduling time, the pod will
+                                not be scheduled onto the node. If the affinity requirements
+                                specified by this field cease to be met at some point
+                                during pod execution (e.g. due to a pod label update),
+                                the system may or may not try to eventually evict the
+                                pod from its node. When there are multiple elements,
+                                the lists of nodes corresponding to each podAffinityTerm
+                                are intersected, i.e. all terms must be satisfied.
+                              items:
+                                description: Defines a set of pods (namely those matching
+                                  the labelSelector relative to the given namespace(s))
+                                  that this pod should be co-located (affinity) or not
+                                  co-located (anti-affinity) with, where co-located
+                                  is defined as running on a node whose value of the
+                                  label with key <topologyKey> matches that of any node
+                                  on which a pod of the set of pods is running
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: A label query over the set of namespaces
+                                      that the term applies to. The term is applied
+                                      to the union of the namespaces selected by this
+                                      field and the ones listed in the namespaces field.
+                                      null selector and null or empty namespaces list
+                                      means "this pod's namespace". An empty selector
+                                      ({}) matches all namespaces.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: namespaces specifies a static list
+                                      of namespace names that the term applies to. The
+                                      term is applied to the union of the namespaces
+                                      listed in this field and the ones selected by
+                                      namespaceSelector. null or empty namespaces list
+                                      and null namespaceSelector means "this pod's namespace".
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    description: This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a node
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the selected
+                                      pods is running. Empty topologyKey is not allowed.
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                        podAntiAffinity:
+                          description: Describes pod anti-affinity scheduling rules
+                            (e.g. avoid putting this pod in the same node, zone, etc.
+                            as some other pod(s)).
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the anti-affinity expressions
+                                specified by this field, but it may choose a node that
+                                violates one or more of the expressions. The node that
+                                is most preferred is the one with the greatest sum of
+                                weights, i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                anti-affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node has pods which matches the corresponding
+                                podAffinityTerm; the node(s) with the highest sum are
+                                the most preferred.
+                              items:
+                                description: The weights of all of the matched WeightedPodAffinityTerm
+                                  fields are added per-node to find the most preferred
+                                  node(s)
+                                properties:
+                                  podAffinityTerm:
+                                    description: Required. A pod affinity term, associated
+                                      with the corresponding weight.
+                                    properties:
+                                      labelSelector:
+                                        description: A label query over a set of resources,
+                                          in this case pods.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        description: A label query over the set of namespaces
+                                          that the term applies to. The term is applied
+                                          to the union of the namespaces selected by
+                                          this field and the ones listed in the namespaces
+                                          field. null selector and null or empty namespaces
+                                          list means "this pod's namespace". An empty
+                                          selector ({}) matches all namespaces.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        description: namespaces specifies a static list
+                                          of namespace names that the term applies to.
+                                          The term is applied to the union of the namespaces
+                                          listed in this field and the ones selected
+                                          by namespaceSelector. null or empty namespaces
+                                          list and null namespaceSelector means "this
+                                          pod's namespace".
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        description: This pod should be co-located (affinity)
+                                          or not co-located (anti-affinity) with the
+                                          pods matching the labelSelector in the specified
+                                          namespaces, where co-located is defined as
+                                          running on a node whose value of the label
+                                          with key topologyKey matches that of any node
+                                          on which any of the selected pods is running.
+                                          Empty topologyKey is not allowed.
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    description: weight associated with matching the
+                                      corresponding podAffinityTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the anti-affinity requirements specified
+                                by this field are not met at scheduling time, the pod
+                                will not be scheduled onto the node. If the anti-affinity
+                                requirements specified by this field cease to be met
+                                at some point during pod execution (e.g. due to a pod
+                                label update), the system may or may not try to eventually
+                                evict the pod from its node. When there are multiple
+                                elements, the lists of nodes corresponding to each podAffinityTerm
+                                are intersected, i.e. all terms must be satisfied.
+                              items:
+                                description: Defines a set of pods (namely those matching
+                                  the labelSelector relative to the given namespace(s))
+                                  that this pod should be co-located (affinity) or not
+                                  co-located (anti-affinity) with, where co-located
+                                  is defined as running on a node whose value of the
+                                  label with key <topologyKey> matches that of any node
+                                  on which a pod of the set of pods is running
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: A label query over the set of namespaces
+                                      that the term applies to. The term is applied
+                                      to the union of the namespaces selected by this
+                                      field and the ones listed in the namespaces field.
+                                      null selector and null or empty namespaces list
+                                      means "this pod's namespace". An empty selector
+                                      ({}) matches all namespaces.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: namespaces specifies a static list
+                                      of namespace names that the term applies to. The
+                                      term is applied to the union of the namespaces
+                                      listed in this field and the ones selected by
+                                      namespaceSelector. null or empty namespaces list
+                                      and null namespaceSelector means "this pod's namespace".
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    description: This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a node
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the selected
+                                      pods is running. Empty topologyKey is not allowed.
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                      type: object
+                    containers:
+                      description: List of containers specified in the Deployment
+                      items:
+                        description: ContainerSpec defines the properties available
+                          to override for each container in a provider deployment such
+                          as Image and Args to the container’s entrypoint.
+                        properties:
+                          args:
+                            additionalProperties:
+                              type: string
+                            description: Args represents extra provider specific flags
+                              that are not encoded as fields in this API. Explicit controller
+                              manager properties defined in the `Provider.ManagerSpec`
+                              will have higher precedence than those defined in `ContainerSpec.Args`.
+                              For example, `ManagerSpec.SyncPeriod` will be used instead
+                              of the container arg `--sync-period` if both are defined.
+                              The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+                            type: object
+                          command:
+                            description: Command allows override container's entrypoint
+                              array.
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            description: List of environment variables to set in the
+                              container.
+                            items:
+                              description: EnvVar represents an environment variable
+                                present in a Container.
+                              properties:
+                                name:
+                                  description: Name of the environment variable. Must
+                                    be a C_IDENTIFIER.
+                                  type: string
+                                value:
+                                  description: 'Variable references $(VAR_NAME) are
+                                  expanded using the previously defined environment
+                                  variables in the container and any service environment
+                                  variables. If a variable cannot be resolved, the
+                                  reference in the input string will be unchanged.
+                                  Double $$ are reduced to a single $, which allows
+                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+                                  will produce the string literal "$(VAR_NAME)". Escaped
+                                  references will never be expanded, regardless of
+                                  whether the variable exists or not. Defaults to
+                                  "".'
+                                  type: string
+                                valueFrom:
+                                  description: Source for the environment variable's
+                                    value. Cannot be used if value is not empty.
+                                  properties:
+                                    configMapKeyRef:
+                                      description: Selects a key of a ConfigMap.
+                                      properties:
+                                        key:
+                                          description: The key to select.
+                                          type: string
+                                        name:
+                                          description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                          type: string
+                                        optional:
+                                          description: Specify whether the ConfigMap
+                                            or its key must be defined
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                    fieldRef:
+                                      description: 'Selects a field of the pod: supports
+                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                      spec.serviceAccountName, status.hostIP, status.podIP,
+                                      status.podIPs.'
+                                      properties:
+                                        apiVersion:
+                                          description: Version of the schema the FieldPath
+                                            is written in terms of, defaults to "v1".
+                                          type: string
+                                        fieldPath:
+                                          description: Path of the field to select in
+                                            the specified API version.
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                    resourceFieldRef:
+                                      description: 'Selects a resource of the container:
+                                      only resources limits and requests (limits.cpu,
+                                      limits.memory, limits.ephemeral-storage, requests.cpu,
+                                      requests.memory and requests.ephemeral-storage)
+                                      are currently supported.'
+                                      properties:
+                                        containerName:
+                                          description: 'Container name: required for
+                                          volumes, optional for env vars'
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          description: Specifies the output format of
+                                            the exposed resources, defaults to "1"
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          description: 'Required: resource to select'
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                    secretKeyRef:
+                                      description: Selects a key of a secret in the
+                                        pod's namespace
+                                      properties:
+                                        key:
+                                          description: The key of the secret to select
+                                            from.  Must be a valid secret key.
+                                          type: string
+                                        name:
+                                          description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                          type: string
+                                        optional:
+                                          description: Specify whether the Secret or
+                                            its key must be defined
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          image:
+                            description: Container Image Name
+                            properties:
+                              name:
+                                description: Name allows to specify a name for the image.
+                                type: string
+                              repository:
+                                description: Repository sets the container registry
+                                  to pull images from.
+                                type: string
+                              tag:
+                                description: Tag allows to specify a tag for the image.
+                                type: string
+                            type: object
+                          name:
+                            description: Name of the container. Cannot be updated.
+                            type: string
+                          resources:
+                            description: Compute resources required by this container.
+                            properties:
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                description: 'Limits describes the maximum amount of
+                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                description: 'Requests describes the minimum amount
+                                of compute resources required. If Requests is omitted
+                                for a container, it defaults to Limits if that is
+                                explicitly specified, otherwise to an implementation-defined
+                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                type: object
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    nodeSelector:
+                      additionalProperties:
+                        type: string
+                      description: 'NodeSelector is a selector which must be true for
+                      the pod to fit on a node. Selector which must match a node''s
+                      labels for the pod to be scheduled on that node. More info:
+                      https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+                      type: object
+                    replicas:
+                      description: Number of desired pods. This is a pointer to distinguish
+                        between explicit zero and not specified. Defaults to 1.
+                      minimum: 0
+                      type: integer
+                    tolerations:
+                      description: If specified, the pod's tolerations.
+                      items:
+                        description: The pod this Toleration is attached to tolerates
+                          any taint that matches the triple <key,value,effect> using
+                          the matching operator <operator>.
+                        properties:
+                          effect:
+                            description: Effect indicates the taint effect to match.
+                              Empty means match all taint effects. When specified, allowed
+                              values are NoSchedule, PreferNoSchedule and NoExecute.
+                            type: string
+                          key:
+                            description: Key is the taint key that the toleration applies
+                              to. Empty means match all taint keys. If the key is empty,
+                              operator must be Exists; this combination means to match
+                              all values and all keys.
+                            type: string
+                          operator:
+                            description: Operator represents a key's relationship to
+                              the value. Valid operators are Exists and Equal. Defaults
+                              to Equal. Exists is equivalent to wildcard for value,
+                              so that a pod can tolerate all taints of a particular
+                              category.
+                            type: string
+                          tolerationSeconds:
+                            description: TolerationSeconds represents the period of
+                              time the toleration (which must be of effect NoExecute,
+                              otherwise this field is ignored) tolerates the taint.
+                              By default, it is not set, which means tolerate the taint
+                              forever (do not evict). Zero and negative values will
+                              be treated as 0 (evict immediately) by the system.
+                            format: int64
+                            type: integer
+                          value:
+                            description: Value is the taint value the toleration matches
+                              to. If the operator is Exists, the value should be empty,
+                              otherwise just a regular string.
+                            type: string
+                        type: object
+                      type: array
+                  type: object
+                fetchConfig:
+                  description: FetchConfig determines how the operator will fetch the
+                    components and metadata for the provider. If nil, the operator will
+                    try to fetch components according to default embedded fetch configuration
+                    for the given kind and `ObjectMeta.Name`. For example, the infrastructure
+                    name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+                  properties:
+                    selector:
+                      description: 'Selector to be used for fetching provider’s components
+                      and metadata from ConfigMaps stored inside the cluster. Each
+                      ConfigMap is expected to contain components and metadata for
+                      a specific version only. Note: the name of the ConfigMap should
+                      be set to the version or to override this add a label like the
+                      following: provider.cluster.x-k8s.io/version=v1.4.3'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values. If
+                                  the operator is In or NotIn, the values array must
+                                  be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced
+                                  during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                              - key
+                              - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: matchLabels is a map of {key,value} pairs. A
+                            single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is "key",
+                            the operator is "In", and the values array contains only
+                            "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    url:
+                      description: URL to be used for fetching the provider’s components
+                        and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases
+                        You must set `providerSpec.Version` field for operator to pick
+                        up desired version of the release from GitHub.
+                      type: string
+                  type: object
+                manager:
+                  description: Manager defines the properties that can be enabled on
+                    the controller manager for the provider.
+                  properties:
+                    cacheNamespace:
+                      description: "CacheNamespace if specified restricts the manager's
+                      cache to watch objects in the desired namespace Defaults to
+                      all namespaces \n Note: If a namespace is specified, controllers
+                      can still Watch for a cluster-scoped resource (e.g Node).  For
+                      namespaced resources the cache will only hold objects from the
+                      desired namespace."
+                      type: string
+                    controller:
+                      description: Controller contains global configuration options
+                        for controllers registered within this manager.
+                      properties:
+                        cacheSyncTimeout:
+                          description: CacheSyncTimeout refers to the time limit set
+                            to wait for syncing caches. Defaults to 2 minutes if not
+                            set.
+                          format: int64
+                          type: integer
+                        groupKindConcurrency:
+                          additionalProperties:
+                            type: integer
+                          description: "GroupKindConcurrency is a map from a Kind to
+                          the number of concurrent reconciliation allowed for that
+                          controller. \n When a controller is registered within this
+                          manager using the builder utilities, users have to specify
+                          the type the controller reconciles in the For(...) call.
+                          If the object's kind passed matches one of the keys in this
+                          map, the concurrency for that controller is set to the number
+                          specified. \n The key is expected to be consistent in form
+                          with GroupKind.String(), e.g. ReplicaSet in apps group (regardless
+                          of version) would be `ReplicaSet.apps`."
+                          type: object
+                      type: object
+                    featureGates:
+                      additionalProperties:
+                        type: boolean
+                      description: FeatureGates define provider specific feature flags
+                        that will be passed in as container args to the provider's controller
+                        manager. Controller Manager flag is --feature-gates.
+                      type: object
+                    gracefulShutDown:
+                      description: GracefulShutdownTimeout is the duration given to
+                        runnable to stop before the manager actually returns on stop.
+                        To disable graceful shutdown, set to time.Duration(0) To use
+                        graceful shutdown without timeout, set to a negative duration,
+                        e.G. time.Duration(-1) The graceful shutdown is skipped for
+                        safety reasons in case the leader election lease is lost.
+                      type: string
+                    health:
+                      description: Health contains the controller health configuration
+                      properties:
+                        healthProbeBindAddress:
+                          description: HealthProbeBindAddress is the TCP address that
+                            the controller should bind to for serving health probes
+                          type: string
+                        livenessEndpointName:
+                          description: LivenessEndpointName, defaults to "healthz"
+                          type: string
+                        readinessEndpointName:
+                          description: ReadinessEndpointName, defaults to "readyz"
+                          type: string
+                      type: object
+                    leaderElection:
+                      description: LeaderElection is the LeaderElection config to be
+                        used when configuring the manager.Manager leader election
+                      properties:
+                        leaderElect:
+                          description: leaderElect enables a leader election client
+                            to gain leadership before executing the main loop. Enable
+                            this when running replicated components for high availability.
+                          type: boolean
+                        leaseDuration:
+                          description: leaseDuration is the duration that non-leader
+                            candidates will wait after observing a leadership renewal
+                            until attempting to acquire leadership of a led but unrenewed
+                            leader slot. This is effectively the maximum duration that
+                            a leader can be stopped before it is replaced by another
+                            candidate. This is only applicable if leader election is
+                            enabled.
+                          type: string
+                        renewDeadline:
+                          description: renewDeadline is the interval between attempts
+                            by the acting master to renew a leadership slot before it
+                            stops leading. This must be less than or equal to the lease
+                            duration. This is only applicable if leader election is
+                            enabled.
+                          type: string
+                        resourceLock:
+                          description: resourceLock indicates the resource object type
+                            that will be used to lock during leader election cycles.
+                          type: string
+                        resourceName:
+                          description: resourceName indicates the name of resource object
+                            that will be used to lock during leader election cycles.
+                          type: string
+                        resourceNamespace:
+                          description: resourceName indicates the namespace of resource
+                            object that will be used to lock during leader election
+                            cycles.
+                          type: string
+                        retryPeriod:
+                          description: retryPeriod is the duration the clients should
+                            wait between attempting acquisition and renewal of a leadership.
+                            This is only applicable if leader election is enabled.
+                          type: string
+                      required:
+                        - leaderElect
+                        - leaseDuration
+                        - renewDeadline
+                        - resourceLock
+                        - resourceName
+                        - resourceNamespace
+                        - retryPeriod
+                      type: object
+                    maxConcurrentReconciles:
+                      description: MaxConcurrentReconciles is the maximum number of
+                        concurrent Reconciles which can be run.
+                      minimum: 1
+                      type: integer
+                    metrics:
+                      description: Metrics contains thw controller metrics configuration
+                      properties:
+                        bindAddress:
+                          description: BindAddress is the TCP address that the controller
+                            should bind to for serving prometheus metrics. It can be
+                            set to "0" to disable the metrics serving.
+                          type: string
+                      type: object
+                    profilerAddress:
+                      description: ProfilerAddress defines the bind address to expose
+                        the pprof profiler (e.g. localhost:6060). Default empty, meaning
+                        the profiler is disabled. Controller Manager flag is --profiler-address.
+                      type: string
+                    syncPeriod:
+                      description: SyncPeriod determines the minimum frequency at which
+                        watched resources are reconciled. A lower period will correct
+                        entropy more quickly, but reduce responsiveness to change if
+                        there are many watched resources. Change this value only if
+                        you know what you are doing. Defaults to 10 hours if unset.
+                        there will a 10 percent jitter between the SyncPeriod of all
+                        controllers so that all controllers will not send list requests
+                        simultaneously.
+                      type: string
+                    verbosity:
+                      default: 1
+                      description: Verbosity set the logs verbosity. Defaults to 1.
+                        Controller Manager flag is --verbosity.
+                      minimum: 0
+                      type: integer
+                    webhook:
+                      description: Webhook contains the controllers webhook configuration
+                      properties:
+                        certDir:
+                          description: CertDir is the directory that contains the server
+                            key and certificate. if not set, webhook server would look
+                            up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs.
+                            The server key and certificate must be named tls.key and
+                            tls.crt, respectively.
+                          type: string
+                        host:
+                          description: Host is the hostname that the webhook server
+                            binds to. It is used to set webhook.Server.Host.
+                          type: string
+                        port:
+                          description: Port is the port that the webhook server serves
+                            at. It is used to set webhook.Server.Port.
+                          type: integer
+                      type: object
+                  type: object
+                secretName:
+                  description: SecretName is the name of the Secret providing the configuration
+                    variables for the current provider instance, like e.g. credentials.
+                    Such configurations will be used when creating or upgrading provider
+                    components. The contents of the secret will be treated as immutable.
+                    If changes need to be made, a new object can be created and the
+                    name should be updated. The contents should be in the form of key:value.
+                    This secret must be in the same namespace as the provider.
+                  type: string
+                version:
+                  description: Version indicates the provider version.
+                  type: string
+              required:
+                - version
+              type: object
+            status:
+              description: ControlPlaneProviderStatus defines the observed state of
+                ControlPlaneProvider.
+              properties:
+                conditions:
+                  description: Conditions define the current service state of the provider.
+                  items:
+                    description: Condition defines an observation of a Cluster API resource
+                      operational state.
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one status
+                          to another. This should be when the underlying condition changed.
+                          If that is not known, then using the time when the API field
+                          changed is acceptable.
+                        format: date-time
+                        type: string
+                      message:
+                        description: A human readable message indicating details about
+                          the transition. This field may be empty.
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition
+                          in CamelCase. The specific API may choose whether or not this
+                          field is considered a guaranteed API. This field may not be
+                          empty.
+                        type: string
+                      severity:
+                        description: Severity provides an explicit classification of
+                          Reason code, so the users or machines can immediately understand
+                          the current situation and act accordingly. The Severity field
+                          MUST be set only when Status=False.
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False, Unknown.
+                        type: string
+                      type:
+                        description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                          Many .condition.type values are consistent across resources
+                          like Available, but because arbitrary conditions can be useful
+                          (see .node.status.conditions), the ability to deconflict is
+                          important.
+                        type: string
+                    required:
+                      - lastTransitionTime
+                      - status
+                      - type
+                    type: object
+                  type: array
+                contract:
+                  description: Contract will contain the core provider contract that
+                    the provider is abiding by, like e.g. v1alpha4.
+                  type: string
+                installedVersion:
+                  description: InstalledVersion is the version of the provider that
+                    is installed.
+                  type: string
+                observedGeneration:
+                  description: ObservedGeneration is the latest generation observed
+                    by the controller.
+                  format: int64
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-operator/crds/coreproviders.operator.cluster.x-k8s.io.yaml b/bootstrap/helm/cluster-api-operator/crds/coreproviders.operator.cluster.x-k8s.io.yaml
new file mode 100644
index 000000000..5e2ffb712
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/crds/coreproviders.operator.cluster.x-k8s.io.yaml
@@ -0,0 +1,1475 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1
+    meta.helm.sh/release-name: bootstrap
+    meta.helm.sh/release-namespace: bootstrap
+  labels:
+    app.kubernetes.io/managed-by: Helm
+    clusterctl.cluster.x-k8s.io/core: capi-operator
+  name: coreproviders.operator.cluster.x-k8s.io
+spec:
+  group: operator.cluster.x-k8s.io
+  names:
+    kind: CoreProvider
+    listKind: CoreProviderList
+    plural: coreproviders
+    singular: coreprovider
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.installedVersion
+          name: InstalledVersion
+          type: string
+        - jsonPath: .status.conditions[?(@.type=='Ready')].status
+          name: Ready
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: CoreProvider is the Schema for the coreproviders API.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: CoreProviderSpec defines the desired state of CoreProvider.
+              properties:
+                deployment:
+                  description: Deployment defines the properties that can be enabled
+                    on the deployment for the provider.
+                  properties:
+                    affinity:
+                      description: If specified, the pod's scheduling constraints
+                      properties:
+                        nodeAffinity:
+                          description: Describes node affinity scheduling rules for
+                            the pod.
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the affinity expressions specified
+                                by this field, but it may choose a node that violates
+                                one or more of the expressions. The node that is most
+                                preferred is the one with the greatest sum of weights,
+                                i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node matches the corresponding matchExpressions;
+                                the node(s) with the highest sum are the most preferred.
+                              items:
+                                description: An empty preferred scheduling term matches
+                                  all objects with implicit weight 0 (i.e. it's a no-op).
+                                  A null preferred scheduling term matches no objects
+                                  (i.e. is also a no-op).
+                                properties:
+                                  preference:
+                                    description: A node selector term, associated with
+                                      the corresponding weight.
+                                    properties:
+                                      matchExpressions:
+                                        description: A list of node selector requirements
+                                          by node's labels.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        description: A list of node selector requirements
+                                          by node's fields.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                  weight:
+                                    description: Weight associated with matching the
+                                      corresponding nodeSelectorTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - preference
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the affinity requirements specified by
+                                this field are not met at scheduling time, the pod will
+                                not be scheduled onto the node. If the affinity requirements
+                                specified by this field cease to be met at some point
+                                during pod execution (e.g. due to an update), the system
+                                may or may not try to eventually evict the pod from
+                                its node.
+                              properties:
+                                nodeSelectorTerms:
+                                  description: Required. A list of node selector terms.
+                                    The terms are ORed.
+                                  items:
+                                    description: A null or empty node selector term
+                                      matches no objects. The requirements of them are
+                                      ANDed. The TopologySelectorTerm type implements
+                                      a subset of the NodeSelectorTerm.
+                                    properties:
+                                      matchExpressions:
+                                        description: A list of node selector requirements
+                                          by node's labels.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        description: A list of node selector requirements
+                                          by node's fields.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                  type: array
+                              required:
+                                - nodeSelectorTerms
+                              type: object
+                          type: object
+                        podAffinity:
+                          description: Describes pod affinity scheduling rules (e.g.
+                            co-locate this pod in the same node, zone, etc. as some
+                            other pod(s)).
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the affinity expressions specified
+                                by this field, but it may choose a node that violates
+                                one or more of the expressions. The node that is most
+                                preferred is the one with the greatest sum of weights,
+                                i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node has pods which matches the corresponding
+                                podAffinityTerm; the node(s) with the highest sum are
+                                the most preferred.
+                              items:
+                                description: The weights of all of the matched WeightedPodAffinityTerm
+                                  fields are added per-node to find the most preferred
+                                  node(s)
+                                properties:
+                                  podAffinityTerm:
+                                    description: Required. A pod affinity term, associated
+                                      with the corresponding weight.
+                                    properties:
+                                      labelSelector:
+                                        description: A label query over a set of resources,
+                                          in this case pods.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        description: A label query over the set of namespaces
+                                          that the term applies to. The term is applied
+                                          to the union of the namespaces selected by
+                                          this field and the ones listed in the namespaces
+                                          field. null selector and null or empty namespaces
+                                          list means "this pod's namespace". An empty
+                                          selector ({}) matches all namespaces.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        description: namespaces specifies a static list
+                                          of namespace names that the term applies to.
+                                          The term is applied to the union of the namespaces
+                                          listed in this field and the ones selected
+                                          by namespaceSelector. null or empty namespaces
+                                          list and null namespaceSelector means "this
+                                          pod's namespace".
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        description: This pod should be co-located (affinity)
+                                          or not co-located (anti-affinity) with the
+                                          pods matching the labelSelector in the specified
+                                          namespaces, where co-located is defined as
+                                          running on a node whose value of the label
+                                          with key topologyKey matches that of any node
+                                          on which any of the selected pods is running.
+                                          Empty topologyKey is not allowed.
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    description: weight associated with matching the
+                                      corresponding podAffinityTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the affinity requirements specified by
+                                this field are not met at scheduling time, the pod will
+                                not be scheduled onto the node. If the affinity requirements
+                                specified by this field cease to be met at some point
+                                during pod execution (e.g. due to a pod label update),
+                                the system may or may not try to eventually evict the
+                                pod from its node. When there are multiple elements,
+                                the lists of nodes corresponding to each podAffinityTerm
+                                are intersected, i.e. all terms must be satisfied.
+                              items:
+                                description: Defines a set of pods (namely those matching
+                                  the labelSelector relative to the given namespace(s))
+                                  that this pod should be co-located (affinity) or not
+                                  co-located (anti-affinity) with, where co-located
+                                  is defined as running on a node whose value of the
+                                  label with key <topologyKey> matches that of any node
+                                  on which a pod of the set of pods is running
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: A label query over the set of namespaces
+                                      that the term applies to. The term is applied
+                                      to the union of the namespaces selected by this
+                                      field and the ones listed in the namespaces field.
+                                      null selector and null or empty namespaces list
+                                      means "this pod's namespace". An empty selector
+                                      ({}) matches all namespaces.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: namespaces specifies a static list
+                                      of namespace names that the term applies to. The
+                                      term is applied to the union of the namespaces
+                                      listed in this field and the ones selected by
+                                      namespaceSelector. null or empty namespaces list
+                                      and null namespaceSelector means "this pod's namespace".
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    description: This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a node
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the selected
+                                      pods is running. Empty topologyKey is not allowed.
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                        podAntiAffinity:
+                          description: Describes pod anti-affinity scheduling rules
+                            (e.g. avoid putting this pod in the same node, zone, etc.
+                            as some other pod(s)).
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the anti-affinity expressions
+                                specified by this field, but it may choose a node that
+                                violates one or more of the expressions. The node that
+                                is most preferred is the one with the greatest sum of
+                                weights, i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                anti-affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node has pods which matches the corresponding
+                                podAffinityTerm; the node(s) with the highest sum are
+                                the most preferred.
+                              items:
+                                description: The weights of all of the matched WeightedPodAffinityTerm
+                                  fields are added per-node to find the most preferred
+                                  node(s)
+                                properties:
+                                  podAffinityTerm:
+                                    description: Required. A pod affinity term, associated
+                                      with the corresponding weight.
+                                    properties:
+                                      labelSelector:
+                                        description: A label query over a set of resources,
+                                          in this case pods.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        description: A label query over the set of namespaces
+                                          that the term applies to. The term is applied
+                                          to the union of the namespaces selected by
+                                          this field and the ones listed in the namespaces
+                                          field. null selector and null or empty namespaces
+                                          list means "this pod's namespace". An empty
+                                          selector ({}) matches all namespaces.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        description: namespaces specifies a static list
+                                          of namespace names that the term applies to.
+                                          The term is applied to the union of the namespaces
+                                          listed in this field and the ones selected
+                                          by namespaceSelector. null or empty namespaces
+                                          list and null namespaceSelector means "this
+                                          pod's namespace".
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        description: This pod should be co-located (affinity)
+                                          or not co-located (anti-affinity) with the
+                                          pods matching the labelSelector in the specified
+                                          namespaces, where co-located is defined as
+                                          running on a node whose value of the label
+                                          with key topologyKey matches that of any node
+                                          on which any of the selected pods is running.
+                                          Empty topologyKey is not allowed.
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    description: weight associated with matching the
+                                      corresponding podAffinityTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the anti-affinity requirements specified
+                                by this field are not met at scheduling time, the pod
+                                will not be scheduled onto the node. If the anti-affinity
+                                requirements specified by this field cease to be met
+                                at some point during pod execution (e.g. due to a pod
+                                label update), the system may or may not try to eventually
+                                evict the pod from its node. When there are multiple
+                                elements, the lists of nodes corresponding to each podAffinityTerm
+                                are intersected, i.e. all terms must be satisfied.
+                              items:
+                                description: Defines a set of pods (namely those matching
+                                  the labelSelector relative to the given namespace(s))
+                                  that this pod should be co-located (affinity) or not
+                                  co-located (anti-affinity) with, where co-located
+                                  is defined as running on a node whose value of the
+                                  label with key <topologyKey> matches that of any node
+                                  on which a pod of the set of pods is running
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: A label query over the set of namespaces
+                                      that the term applies to. The term is applied
+                                      to the union of the namespaces selected by this
+                                      field and the ones listed in the namespaces field.
+                                      null selector and null or empty namespaces list
+                                      means "this pod's namespace". An empty selector
+                                      ({}) matches all namespaces.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: namespaces specifies a static list
+                                      of namespace names that the term applies to. The
+                                      term is applied to the union of the namespaces
+                                      listed in this field and the ones selected by
+                                      namespaceSelector. null or empty namespaces list
+                                      and null namespaceSelector means "this pod's namespace".
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    description: This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a node
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the selected
+                                      pods is running. Empty topologyKey is not allowed.
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                      type: object
+                    containers:
+                      description: List of containers specified in the Deployment
+                      items:
+                        description: ContainerSpec defines the properties available
+                          to override for each container in a provider deployment such
+                          as Image and Args to the container’s entrypoint.
+                        properties:
+                          args:
+                            additionalProperties:
+                              type: string
+                            description: Args represents extra provider specific flags
+                              that are not encoded as fields in this API. Explicit controller
+                              manager properties defined in the `Provider.ManagerSpec`
+                              will have higher precedence than those defined in `ContainerSpec.Args`.
+                              For example, `ManagerSpec.SyncPeriod` will be used instead
+                              of the container arg `--sync-period` if both are defined.
+                              The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+                            type: object
+                          command:
+                            description: Command allows override container's entrypoint
+                              array.
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            description: List of environment variables to set in the
+                              container.
+                            items:
+                              description: EnvVar represents an environment variable
+                                present in a Container.
+                              properties:
+                                name:
+                                  description: Name of the environment variable. Must
+                                    be a C_IDENTIFIER.
+                                  type: string
+                                value:
+                                  description: 'Variable references $(VAR_NAME) are
+                                  expanded using the previously defined environment
+                                  variables in the container and any service environment
+                                  variables. If a variable cannot be resolved, the
+                                  reference in the input string will be unchanged.
+                                  Double $$ are reduced to a single $, which allows
+                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+                                  will produce the string literal "$(VAR_NAME)". Escaped
+                                  references will never be expanded, regardless of
+                                  whether the variable exists or not. Defaults to
+                                  "".'
+                                  type: string
+                                valueFrom:
+                                  description: Source for the environment variable's
+                                    value. Cannot be used if value is not empty.
+                                  properties:
+                                    configMapKeyRef:
+                                      description: Selects a key of a ConfigMap.
+                                      properties:
+                                        key:
+                                          description: The key to select.
+                                          type: string
+                                        name:
+                                          description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                          type: string
+                                        optional:
+                                          description: Specify whether the ConfigMap
+                                            or its key must be defined
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                    fieldRef:
+                                      description: 'Selects a field of the pod: supports
+                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                      spec.serviceAccountName, status.hostIP, status.podIP,
+                                      status.podIPs.'
+                                      properties:
+                                        apiVersion:
+                                          description: Version of the schema the FieldPath
+                                            is written in terms of, defaults to "v1".
+                                          type: string
+                                        fieldPath:
+                                          description: Path of the field to select in
+                                            the specified API version.
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                    resourceFieldRef:
+                                      description: 'Selects a resource of the container:
+                                      only resources limits and requests (limits.cpu,
+                                      limits.memory, limits.ephemeral-storage, requests.cpu,
+                                      requests.memory and requests.ephemeral-storage)
+                                      are currently supported.'
+                                      properties:
+                                        containerName:
+                                          description: 'Container name: required for
+                                          volumes, optional for env vars'
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          description: Specifies the output format of
+                                            the exposed resources, defaults to "1"
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          description: 'Required: resource to select'
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                    secretKeyRef:
+                                      description: Selects a key of a secret in the
+                                        pod's namespace
+                                      properties:
+                                        key:
+                                          description: The key of the secret to select
+                                            from.  Must be a valid secret key.
+                                          type: string
+                                        name:
+                                          description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                          type: string
+                                        optional:
+                                          description: Specify whether the Secret or
+                                            its key must be defined
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          image:
+                            description: Container Image Name
+                            properties:
+                              name:
+                                description: Name allows to specify a name for the image.
+                                type: string
+                              repository:
+                                description: Repository sets the container registry
+                                  to pull images from.
+                                type: string
+                              tag:
+                                description: Tag allows to specify a tag for the image.
+                                type: string
+                            type: object
+                          name:
+                            description: Name of the container. Cannot be updated.
+                            type: string
+                          resources:
+                            description: Compute resources required by this container.
+                            properties:
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                description: 'Limits describes the maximum amount of
+                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                description: 'Requests describes the minimum amount
+                                of compute resources required. If Requests is omitted
+                                for a container, it defaults to Limits if that is
+                                explicitly specified, otherwise to an implementation-defined
+                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                type: object
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    nodeSelector:
+                      additionalProperties:
+                        type: string
+                      description: 'NodeSelector is a selector which must be true for
+                      the pod to fit on a node. Selector which must match a node''s
+                      labels for the pod to be scheduled on that node. More info:
+                      https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+                      type: object
+                    replicas:
+                      description: Number of desired pods. This is a pointer to distinguish
+                        between explicit zero and not specified. Defaults to 1.
+                      minimum: 0
+                      type: integer
+                    tolerations:
+                      description: If specified, the pod's tolerations.
+                      items:
+                        description: The pod this Toleration is attached to tolerates
+                          any taint that matches the triple <key,value,effect> using
+                          the matching operator <operator>.
+                        properties:
+                          effect:
+                            description: Effect indicates the taint effect to match.
+                              Empty means match all taint effects. When specified, allowed
+                              values are NoSchedule, PreferNoSchedule and NoExecute.
+                            type: string
+                          key:
+                            description: Key is the taint key that the toleration applies
+                              to. Empty means match all taint keys. If the key is empty,
+                              operator must be Exists; this combination means to match
+                              all values and all keys.
+                            type: string
+                          operator:
+                            description: Operator represents a key's relationship to
+                              the value. Valid operators are Exists and Equal. Defaults
+                              to Equal. Exists is equivalent to wildcard for value,
+                              so that a pod can tolerate all taints of a particular
+                              category.
+                            type: string
+                          tolerationSeconds:
+                            description: TolerationSeconds represents the period of
+                              time the toleration (which must be of effect NoExecute,
+                              otherwise this field is ignored) tolerates the taint.
+                              By default, it is not set, which means tolerate the taint
+                              forever (do not evict). Zero and negative values will
+                              be treated as 0 (evict immediately) by the system.
+                            format: int64
+                            type: integer
+                          value:
+                            description: Value is the taint value the toleration matches
+                              to. If the operator is Exists, the value should be empty,
+                              otherwise just a regular string.
+                            type: string
+                        type: object
+                      type: array
+                  type: object
+                fetchConfig:
+                  description: FetchConfig determines how the operator will fetch the
+                    components and metadata for the provider. If nil, the operator will
+                    try to fetch components according to default embedded fetch configuration
+                    for the given kind and `ObjectMeta.Name`. For example, the infrastructure
+                    name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+                  properties:
+                    selector:
+                      description: 'Selector to be used for fetching provider’s components
+                      and metadata from ConfigMaps stored inside the cluster. Each
+                      ConfigMap is expected to contain components and metadata for
+                      a specific version only. Note: the name of the ConfigMap should
+                      be set to the version or to override this add a label like the
+                      following: provider.cluster.x-k8s.io/version=v1.4.3'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values. If
+                                  the operator is In or NotIn, the values array must
+                                  be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced
+                                  during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                              - key
+                              - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: matchLabels is a map of {key,value} pairs. A
+                            single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is "key",
+                            the operator is "In", and the values array contains only
+                            "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    url:
+                      description: URL to be used for fetching the provider’s components
+                        and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases
+                        You must set `providerSpec.Version` field for operator to pick
+                        up desired version of the release from GitHub.
+                      type: string
+                  type: object
+                manager:
+                  description: Manager defines the properties that can be enabled on
+                    the controller manager for the provider.
+                  properties:
+                    cacheNamespace:
+                      description: "CacheNamespace if specified restricts the manager's
+                      cache to watch objects in the desired namespace Defaults to
+                      all namespaces \n Note: If a namespace is specified, controllers
+                      can still Watch for a cluster-scoped resource (e.g Node).  For
+                      namespaced resources the cache will only hold objects from the
+                      desired namespace."
+                      type: string
+                    controller:
+                      description: Controller contains global configuration options
+                        for controllers registered within this manager.
+                      properties:
+                        cacheSyncTimeout:
+                          description: CacheSyncTimeout refers to the time limit set
+                            to wait for syncing caches. Defaults to 2 minutes if not
+                            set.
+                          format: int64
+                          type: integer
+                        groupKindConcurrency:
+                          additionalProperties:
+                            type: integer
+                          description: "GroupKindConcurrency is a map from a Kind to
+                          the number of concurrent reconciliation allowed for that
+                          controller. \n When a controller is registered within this
+                          manager using the builder utilities, users have to specify
+                          the type the controller reconciles in the For(...) call.
+                          If the object's kind passed matches one of the keys in this
+                          map, the concurrency for that controller is set to the number
+                          specified. \n The key is expected to be consistent in form
+                          with GroupKind.String(), e.g. ReplicaSet in apps group (regardless
+                          of version) would be `ReplicaSet.apps`."
+                          type: object
+                      type: object
+                    featureGates:
+                      additionalProperties:
+                        type: boolean
+                      description: FeatureGates define provider specific feature flags
+                        that will be passed in as container args to the provider's controller
+                        manager. Controller Manager flag is --feature-gates.
+                      type: object
+                    gracefulShutDown:
+                      description: GracefulShutdownTimeout is the duration given to
+                        runnable to stop before the manager actually returns on stop.
+                        To disable graceful shutdown, set to time.Duration(0) To use
+                        graceful shutdown without timeout, set to a negative duration,
+                        e.G. time.Duration(-1) The graceful shutdown is skipped for
+                        safety reasons in case the leader election lease is lost.
+                      type: string
+                    health:
+                      description: Health contains the controller health configuration
+                      properties:
+                        healthProbeBindAddress:
+                          description: HealthProbeBindAddress is the TCP address that
+                            the controller should bind to for serving health probes
+                          type: string
+                        livenessEndpointName:
+                          description: LivenessEndpointName, defaults to "healthz"
+                          type: string
+                        readinessEndpointName:
+                          description: ReadinessEndpointName, defaults to "readyz"
+                          type: string
+                      type: object
+                    leaderElection:
+                      description: LeaderElection is the LeaderElection config to be
+                        used when configuring the manager.Manager leader election
+                      properties:
+                        leaderElect:
+                          description: leaderElect enables a leader election client
+                            to gain leadership before executing the main loop. Enable
+                            this when running replicated components for high availability.
+                          type: boolean
+                        leaseDuration:
+                          description: leaseDuration is the duration that non-leader
+                            candidates will wait after observing a leadership renewal
+                            until attempting to acquire leadership of a led but unrenewed
+                            leader slot. This is effectively the maximum duration that
+                            a leader can be stopped before it is replaced by another
+                            candidate. This is only applicable if leader election is
+                            enabled.
+                          type: string
+                        renewDeadline:
+                          description: renewDeadline is the interval between attempts
+                            by the acting master to renew a leadership slot before it
+                            stops leading. This must be less than or equal to the lease
+                            duration. This is only applicable if leader election is
+                            enabled.
+                          type: string
+                        resourceLock:
+                          description: resourceLock indicates the resource object type
+                            that will be used to lock during leader election cycles.
+                          type: string
+                        resourceName:
+                          description: resourceName indicates the name of resource object
+                            that will be used to lock during leader election cycles.
+                          type: string
+                        resourceNamespace:
+                          description: resourceName indicates the namespace of resource
+                            object that will be used to lock during leader election
+                            cycles.
+                          type: string
+                        retryPeriod:
+                          description: retryPeriod is the duration the clients should
+                            wait between attempting acquisition and renewal of a leadership.
+                            This is only applicable if leader election is enabled.
+                          type: string
+                      required:
+                        - leaderElect
+                        - leaseDuration
+                        - renewDeadline
+                        - resourceLock
+                        - resourceName
+                        - resourceNamespace
+                        - retryPeriod
+                      type: object
+                    maxConcurrentReconciles:
+                      description: MaxConcurrentReconciles is the maximum number of
+                        concurrent Reconciles which can be run.
+                      minimum: 1
+                      type: integer
+                    metrics:
+                      description: Metrics contains thw controller metrics configuration
+                      properties:
+                        bindAddress:
+                          description: BindAddress is the TCP address that the controller
+                            should bind to for serving prometheus metrics. It can be
+                            set to "0" to disable the metrics serving.
+                          type: string
+                      type: object
+                    profilerAddress:
+                      description: ProfilerAddress defines the bind address to expose
+                        the pprof profiler (e.g. localhost:6060). Default empty, meaning
+                        the profiler is disabled. Controller Manager flag is --profiler-address.
+                      type: string
+                    syncPeriod:
+                      description: SyncPeriod determines the minimum frequency at which
+                        watched resources are reconciled. A lower period will correct
+                        entropy more quickly, but reduce responsiveness to change if
+                        there are many watched resources. Change this value only if
+                        you know what you are doing. Defaults to 10 hours if unset.
+                        there will a 10 percent jitter between the SyncPeriod of all
+                        controllers so that all controllers will not send list requests
+                        simultaneously.
+                      type: string
+                    verbosity:
+                      default: 1
+                      description: Verbosity set the logs verbosity. Defaults to 1.
+                        Controller Manager flag is --verbosity.
+                      minimum: 0
+                      type: integer
+                    webhook:
+                      description: Webhook contains the controllers webhook configuration
+                      properties:
+                        certDir:
+                          description: CertDir is the directory that contains the server
+                            key and certificate. if not set, webhook server would look
+                            up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs.
+                            The server key and certificate must be named tls.key and
+                            tls.crt, respectively.
+                          type: string
+                        host:
+                          description: Host is the hostname that the webhook server
+                            binds to. It is used to set webhook.Server.Host.
+                          type: string
+                        port:
+                          description: Port is the port that the webhook server serves
+                            at. It is used to set webhook.Server.Port.
+                          type: integer
+                      type: object
+                  type: object
+                secretName:
+                  description: SecretName is the name of the Secret providing the configuration
+                    variables for the current provider instance, like e.g. credentials.
+                    Such configurations will be used when creating or upgrading provider
+                    components. The contents of the secret will be treated as immutable.
+                    If changes need to be made, a new object can be created and the
+                    name should be updated. The contents should be in the form of key:value.
+                    This secret must be in the same namespace as the provider.
+                  type: string
+                version:
+                  description: Version indicates the provider version.
+                  type: string
+              required:
+                - version
+              type: object
+            status:
+              description: CoreProviderStatus defines the observed state of CoreProvider.
+              properties:
+                conditions:
+                  description: Conditions define the current service state of the provider.
+                  items:
+                    description: Condition defines an observation of a Cluster API resource
+                      operational state.
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one status
+                          to another. This should be when the underlying condition changed.
+                          If that is not known, then using the time when the API field
+                          changed is acceptable.
+                        format: date-time
+                        type: string
+                      message:
+                        description: A human readable message indicating details about
+                          the transition. This field may be empty.
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition
+                          in CamelCase. The specific API may choose whether or not this
+                          field is considered a guaranteed API. This field may not be
+                          empty.
+                        type: string
+                      severity:
+                        description: Severity provides an explicit classification of
+                          Reason code, so the users or machines can immediately understand
+                          the current situation and act accordingly. The Severity field
+                          MUST be set only when Status=False.
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False, Unknown.
+                        type: string
+                      type:
+                        description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                          Many .condition.type values are consistent across resources
+                          like Available, but because arbitrary conditions can be useful
+                          (see .node.status.conditions), the ability to deconflict is
+                          important.
+                        type: string
+                    required:
+                      - lastTransitionTime
+                      - status
+                      - type
+                    type: object
+                  type: array
+                contract:
+                  description: Contract will contain the core provider contract that
+                    the provider is abiding by, like e.g. v1alpha4.
+                  type: string
+                installedVersion:
+                  description: InstalledVersion is the version of the provider that
+                    is installed.
+                  type: string
+                observedGeneration:
+                  description: ObservedGeneration is the latest generation observed
+                    by the controller.
+                  format: int64
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-operator/crds/nfrastructureproviders.operator.cluster.x-k8s.io.yaml b/bootstrap/helm/cluster-api-operator/crds/nfrastructureproviders.operator.cluster.x-k8s.io.yaml
new file mode 100644
index 000000000..ba0e175fb
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/crds/nfrastructureproviders.operator.cluster.x-k8s.io.yaml
@@ -0,0 +1,1477 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1
+    meta.helm.sh/release-name: bootstrap
+    meta.helm.sh/release-namespace: bootstrap
+  labels:
+    app.kubernetes.io/managed-by: Helm
+    clusterctl.cluster.x-k8s.io/core: capi-operator
+  name: infrastructureproviders.operator.cluster.x-k8s.io
+spec:
+  group: operator.cluster.x-k8s.io
+  names:
+    kind: InfrastructureProvider
+    listKind: InfrastructureProviderList
+    plural: infrastructureproviders
+    singular: infrastructureprovider
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.installedVersion
+          name: InstalledVersion
+          type: string
+        - jsonPath: .status.conditions[?(@.type=='Ready')].status
+          name: Ready
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: InfrastructureProvider is the Schema for the infrastructureproviders
+            API.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider.
+              properties:
+                deployment:
+                  description: Deployment defines the properties that can be enabled
+                    on the deployment for the provider.
+                  properties:
+                    affinity:
+                      description: If specified, the pod's scheduling constraints
+                      properties:
+                        nodeAffinity:
+                          description: Describes node affinity scheduling rules for
+                            the pod.
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the affinity expressions specified
+                                by this field, but it may choose a node that violates
+                                one or more of the expressions. The node that is most
+                                preferred is the one with the greatest sum of weights,
+                                i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node matches the corresponding matchExpressions;
+                                the node(s) with the highest sum are the most preferred.
+                              items:
+                                description: An empty preferred scheduling term matches
+                                  all objects with implicit weight 0 (i.e. it's a no-op).
+                                  A null preferred scheduling term matches no objects
+                                  (i.e. is also a no-op).
+                                properties:
+                                  preference:
+                                    description: A node selector term, associated with
+                                      the corresponding weight.
+                                    properties:
+                                      matchExpressions:
+                                        description: A list of node selector requirements
+                                          by node's labels.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        description: A list of node selector requirements
+                                          by node's fields.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                  weight:
+                                    description: Weight associated with matching the
+                                      corresponding nodeSelectorTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - preference
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the affinity requirements specified by
+                                this field are not met at scheduling time, the pod will
+                                not be scheduled onto the node. If the affinity requirements
+                                specified by this field cease to be met at some point
+                                during pod execution (e.g. due to an update), the system
+                                may or may not try to eventually evict the pod from
+                                its node.
+                              properties:
+                                nodeSelectorTerms:
+                                  description: Required. A list of node selector terms.
+                                    The terms are ORed.
+                                  items:
+                                    description: A null or empty node selector term
+                                      matches no objects. The requirements of them are
+                                      ANDed. The TopologySelectorTerm type implements
+                                      a subset of the NodeSelectorTerm.
+                                    properties:
+                                      matchExpressions:
+                                        description: A list of node selector requirements
+                                          by node's labels.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        description: A list of node selector requirements
+                                          by node's fields.
+                                        items:
+                                          description: A node selector requirement is
+                                            a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: The label key that the selector
+                                                applies to.
+                                              type: string
+                                            operator:
+                                              description: Represents a key's relationship
+                                                to a set of values. Valid operators
+                                                are In, NotIn, Exists, DoesNotExist.
+                                                Gt, and Lt.
+                                              type: string
+                                            values:
+                                              description: An array of string values.
+                                                If the operator is In or NotIn, the
+                                                values array must be non-empty. If the
+                                                operator is Exists or DoesNotExist,
+                                                the values array must be empty. If the
+                                                operator is Gt or Lt, the values array
+                                                must have a single element, which will
+                                                be interpreted as an integer. This array
+                                                is replaced during a strategic merge
+                                                patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                  type: array
+                              required:
+                                - nodeSelectorTerms
+                              type: object
+                          type: object
+                        podAffinity:
+                          description: Describes pod affinity scheduling rules (e.g.
+                            co-locate this pod in the same node, zone, etc. as some
+                            other pod(s)).
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the affinity expressions specified
+                                by this field, but it may choose a node that violates
+                                one or more of the expressions. The node that is most
+                                preferred is the one with the greatest sum of weights,
+                                i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node has pods which matches the corresponding
+                                podAffinityTerm; the node(s) with the highest sum are
+                                the most preferred.
+                              items:
+                                description: The weights of all of the matched WeightedPodAffinityTerm
+                                  fields are added per-node to find the most preferred
+                                  node(s)
+                                properties:
+                                  podAffinityTerm:
+                                    description: Required. A pod affinity term, associated
+                                      with the corresponding weight.
+                                    properties:
+                                      labelSelector:
+                                        description: A label query over a set of resources,
+                                          in this case pods.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        description: A label query over the set of namespaces
+                                          that the term applies to. The term is applied
+                                          to the union of the namespaces selected by
+                                          this field and the ones listed in the namespaces
+                                          field. null selector and null or empty namespaces
+                                          list means "this pod's namespace". An empty
+                                          selector ({}) matches all namespaces.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        description: namespaces specifies a static list
+                                          of namespace names that the term applies to.
+                                          The term is applied to the union of the namespaces
+                                          listed in this field and the ones selected
+                                          by namespaceSelector. null or empty namespaces
+                                          list and null namespaceSelector means "this
+                                          pod's namespace".
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        description: This pod should be co-located (affinity)
+                                          or not co-located (anti-affinity) with the
+                                          pods matching the labelSelector in the specified
+                                          namespaces, where co-located is defined as
+                                          running on a node whose value of the label
+                                          with key topologyKey matches that of any node
+                                          on which any of the selected pods is running.
+                                          Empty topologyKey is not allowed.
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    description: weight associated with matching the
+                                      corresponding podAffinityTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the affinity requirements specified by
+                                this field are not met at scheduling time, the pod will
+                                not be scheduled onto the node. If the affinity requirements
+                                specified by this field cease to be met at some point
+                                during pod execution (e.g. due to a pod label update),
+                                the system may or may not try to eventually evict the
+                                pod from its node. When there are multiple elements,
+                                the lists of nodes corresponding to each podAffinityTerm
+                                are intersected, i.e. all terms must be satisfied.
+                              items:
+                                description: Defines a set of pods (namely those matching
+                                  the labelSelector relative to the given namespace(s))
+                                  that this pod should be co-located (affinity) or not
+                                  co-located (anti-affinity) with, where co-located
+                                  is defined as running on a node whose value of the
+                                  label with key <topologyKey> matches that of any node
+                                  on which a pod of the set of pods is running
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: A label query over the set of namespaces
+                                      that the term applies to. The term is applied
+                                      to the union of the namespaces selected by this
+                                      field and the ones listed in the namespaces field.
+                                      null selector and null or empty namespaces list
+                                      means "this pod's namespace". An empty selector
+                                      ({}) matches all namespaces.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: namespaces specifies a static list
+                                      of namespace names that the term applies to. The
+                                      term is applied to the union of the namespaces
+                                      listed in this field and the ones selected by
+                                      namespaceSelector. null or empty namespaces list
+                                      and null namespaceSelector means "this pod's namespace".
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    description: This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a node
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the selected
+                                      pods is running. Empty topologyKey is not allowed.
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                        podAntiAffinity:
+                          description: Describes pod anti-affinity scheduling rules
+                            (e.g. avoid putting this pod in the same node, zone, etc.
+                            as some other pod(s)).
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              description: The scheduler will prefer to schedule pods
+                                to nodes that satisfy the anti-affinity expressions
+                                specified by this field, but it may choose a node that
+                                violates one or more of the expressions. The node that
+                                is most preferred is the one with the greatest sum of
+                                weights, i.e. for each node that meets all of the scheduling
+                                requirements (resource request, requiredDuringScheduling
+                                anti-affinity expressions, etc.), compute a sum by iterating
+                                through the elements of this field and adding "weight"
+                                to the sum if the node has pods which matches the corresponding
+                                podAffinityTerm; the node(s) with the highest sum are
+                                the most preferred.
+                              items:
+                                description: The weights of all of the matched WeightedPodAffinityTerm
+                                  fields are added per-node to find the most preferred
+                                  node(s)
+                                properties:
+                                  podAffinityTerm:
+                                    description: Required. A pod affinity term, associated
+                                      with the corresponding weight.
+                                    properties:
+                                      labelSelector:
+                                        description: A label query over a set of resources,
+                                          in this case pods.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaceSelector:
+                                        description: A label query over the set of namespaces
+                                          that the term applies to. The term is applied
+                                          to the union of the namespaces selected by
+                                          this field and the ones listed in the namespaces
+                                          field. null selector and null or empty namespaces
+                                          list means "this pod's namespace". An empty
+                                          selector ({}) matches all namespaces.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions is a list
+                                              of label selector requirements. The requirements
+                                              are ANDed.
+                                            items:
+                                              description: A label selector requirement
+                                                is a selector that contains values,
+                                                a key, and an operator that relates
+                                                the key and values.
+                                              properties:
+                                                key:
+                                                  description: key is the label key
+                                                    that the selector applies to.
+                                                  type: string
+                                                operator:
+                                                  description: operator represents a
+                                                    key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists
+                                                    and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: values is an array of
+                                                    string values. If the operator is
+                                                    In or NotIn, the values array must
+                                                    be non-empty. If the operator is
+                                                    Exists or DoesNotExist, the values
+                                                    array must be empty. This array
+                                                    is replaced during a strategic merge
+                                                    patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: matchLabels is a map of {key,value}
+                                              pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions,
+                                              whose key field is "key", the operator
+                                              is "In", and the values array contains
+                                              only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        description: namespaces specifies a static list
+                                          of namespace names that the term applies to.
+                                          The term is applied to the union of the namespaces
+                                          listed in this field and the ones selected
+                                          by namespaceSelector. null or empty namespaces
+                                          list and null namespaceSelector means "this
+                                          pod's namespace".
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        description: This pod should be co-located (affinity)
+                                          or not co-located (anti-affinity) with the
+                                          pods matching the labelSelector in the specified
+                                          namespaces, where co-located is defined as
+                                          running on a node whose value of the label
+                                          with key topologyKey matches that of any node
+                                          on which any of the selected pods is running.
+                                          Empty topologyKey is not allowed.
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    description: weight associated with matching the
+                                      corresponding podAffinityTerm, in the range 1-100.
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              description: If the anti-affinity requirements specified
+                                by this field are not met at scheduling time, the pod
+                                will not be scheduled onto the node. If the anti-affinity
+                                requirements specified by this field cease to be met
+                                at some point during pod execution (e.g. due to a pod
+                                label update), the system may or may not try to eventually
+                                evict the pod from its node. When there are multiple
+                                elements, the lists of nodes corresponding to each podAffinityTerm
+                                are intersected, i.e. all terms must be satisfied.
+                              items:
+                                description: Defines a set of pods (namely those matching
+                                  the labelSelector relative to the given namespace(s))
+                                  that this pod should be co-located (affinity) or not
+                                  co-located (anti-affinity) with, where co-located
+                                  is defined as running on a node whose value of the
+                                  label with key <topologyKey> matches that of any node
+                                  on which a pod of the set of pods is running
+                                properties:
+                                  labelSelector:
+                                    description: A label query over a set of resources,
+                                      in this case pods.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaceSelector:
+                                    description: A label query over the set of namespaces
+                                      that the term applies to. The term is applied
+                                      to the union of the namespaces selected by this
+                                      field and the ones listed in the namespaces field.
+                                      null selector and null or empty namespaces list
+                                      means "this pod's namespace". An empty selector
+                                      ({}) matches all namespaces.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of label
+                                          selector requirements. The requirements are
+                                          ANDed.
+                                        items:
+                                          description: A label selector requirement
+                                            is a selector that contains values, a key,
+                                            and an operator that relates the key and
+                                            values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: operator represents a key's
+                                                relationship to a set of values. Valid
+                                                operators are In, NotIn, Exists and
+                                                DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: values is an array of string
+                                                values. If the operator is In or NotIn,
+                                                the values array must be non-empty.
+                                                If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This
+                                                array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: matchLabels is a map of {key,value}
+                                          pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions,
+                                          whose key field is "key", the operator is
+                                          "In", and the values array contains only "value".
+                                          The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                  namespaces:
+                                    description: namespaces specifies a static list
+                                      of namespace names that the term applies to. The
+                                      term is applied to the union of the namespaces
+                                      listed in this field and the ones selected by
+                                      namespaceSelector. null or empty namespaces list
+                                      and null namespaceSelector means "this pod's namespace".
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    description: This pod should be co-located (affinity)
+                                      or not co-located (anti-affinity) with the pods
+                                      matching the labelSelector in the specified namespaces,
+                                      where co-located is defined as running on a node
+                                      whose value of the label with key topologyKey
+                                      matches that of any node on which any of the selected
+                                      pods is running. Empty topologyKey is not allowed.
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                      type: object
+                    containers:
+                      description: List of containers specified in the Deployment
+                      items:
+                        description: ContainerSpec defines the properties available
+                          to override for each container in a provider deployment such
+                          as Image and Args to the container’s entrypoint.
+                        properties:
+                          args:
+                            additionalProperties:
+                              type: string
+                            description: Args represents extra provider specific flags
+                              that are not encoded as fields in this API. Explicit controller
+                              manager properties defined in the `Provider.ManagerSpec`
+                              will have higher precedence than those defined in `ContainerSpec.Args`.
+                              For example, `ManagerSpec.SyncPeriod` will be used instead
+                              of the container arg `--sync-period` if both are defined.
+                              The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+                            type: object
+                          command:
+                            description: Command allows override container's entrypoint
+                              array.
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            description: List of environment variables to set in the
+                              container.
+                            items:
+                              description: EnvVar represents an environment variable
+                                present in a Container.
+                              properties:
+                                name:
+                                  description: Name of the environment variable. Must
+                                    be a C_IDENTIFIER.
+                                  type: string
+                                value:
+                                  description: 'Variable references $(VAR_NAME) are
+                                  expanded using the previously defined environment
+                                  variables in the container and any service environment
+                                  variables. If a variable cannot be resolved, the
+                                  reference in the input string will be unchanged.
+                                  Double $$ are reduced to a single $, which allows
+                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+                                  will produce the string literal "$(VAR_NAME)". Escaped
+                                  references will never be expanded, regardless of
+                                  whether the variable exists or not. Defaults to
+                                  "".'
+                                  type: string
+                                valueFrom:
+                                  description: Source for the environment variable's
+                                    value. Cannot be used if value is not empty.
+                                  properties:
+                                    configMapKeyRef:
+                                      description: Selects a key of a ConfigMap.
+                                      properties:
+                                        key:
+                                          description: The key to select.
+                                          type: string
+                                        name:
+                                          description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                          type: string
+                                        optional:
+                                          description: Specify whether the ConfigMap
+                                            or its key must be defined
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                    fieldRef:
+                                      description: 'Selects a field of the pod: supports
+                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                      spec.serviceAccountName, status.hostIP, status.podIP,
+                                      status.podIPs.'
+                                      properties:
+                                        apiVersion:
+                                          description: Version of the schema the FieldPath
+                                            is written in terms of, defaults to "v1".
+                                          type: string
+                                        fieldPath:
+                                          description: Path of the field to select in
+                                            the specified API version.
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                    resourceFieldRef:
+                                      description: 'Selects a resource of the container:
+                                      only resources limits and requests (limits.cpu,
+                                      limits.memory, limits.ephemeral-storage, requests.cpu,
+                                      requests.memory and requests.ephemeral-storage)
+                                      are currently supported.'
+                                      properties:
+                                        containerName:
+                                          description: 'Container name: required for
+                                          volumes, optional for env vars'
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          description: Specifies the output format of
+                                            the exposed resources, defaults to "1"
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          description: 'Required: resource to select'
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                    secretKeyRef:
+                                      description: Selects a key of a secret in the
+                                        pod's namespace
+                                      properties:
+                                        key:
+                                          description: The key of the secret to select
+                                            from.  Must be a valid secret key.
+                                          type: string
+                                        name:
+                                          description: 'Name of the referent. More info:
+                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion,
+                                          kind, uid?'
+                                          type: string
+                                        optional:
+                                          description: Specify whether the Secret or
+                                            its key must be defined
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          image:
+                            description: Container Image Name
+                            properties:
+                              name:
+                                description: Name allows to specify a name for the image.
+                                type: string
+                              repository:
+                                description: Repository sets the container registry
+                                  to pull images from.
+                                type: string
+                              tag:
+                                description: Tag allows to specify a tag for the image.
+                                type: string
+                            type: object
+                          name:
+                            description: Name of the container. Cannot be updated.
+                            type: string
+                          resources:
+                            description: Compute resources required by this container.
+                            properties:
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                description: 'Limits describes the maximum amount of
+                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                description: 'Requests describes the minimum amount
+                                of compute resources required. If Requests is omitted
+                                for a container, it defaults to Limits if that is
+                                explicitly specified, otherwise to an implementation-defined
+                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                type: object
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    nodeSelector:
+                      additionalProperties:
+                        type: string
+                      description: 'NodeSelector is a selector which must be true for
+                      the pod to fit on a node. Selector which must match a node''s
+                      labels for the pod to be scheduled on that node. More info:
+                      https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+                      type: object
+                    replicas:
+                      description: Number of desired pods. This is a pointer to distinguish
+                        between explicit zero and not specified. Defaults to 1.
+                      minimum: 0
+                      type: integer
+                    tolerations:
+                      description: If specified, the pod's tolerations.
+                      items:
+                        description: The pod this Toleration is attached to tolerates
+                          any taint that matches the triple <key,value,effect> using
+                          the matching operator <operator>.
+                        properties:
+                          effect:
+                            description: Effect indicates the taint effect to match.
+                              Empty means match all taint effects. When specified, allowed
+                              values are NoSchedule, PreferNoSchedule and NoExecute.
+                            type: string
+                          key:
+                            description: Key is the taint key that the toleration applies
+                              to. Empty means match all taint keys. If the key is empty,
+                              operator must be Exists; this combination means to match
+                              all values and all keys.
+                            type: string
+                          operator:
+                            description: Operator represents a key's relationship to
+                              the value. Valid operators are Exists and Equal. Defaults
+                              to Equal. Exists is equivalent to wildcard for value,
+                              so that a pod can tolerate all taints of a particular
+                              category.
+                            type: string
+                          tolerationSeconds:
+                            description: TolerationSeconds represents the period of
+                              time the toleration (which must be of effect NoExecute,
+                              otherwise this field is ignored) tolerates the taint.
+                              By default, it is not set, which means tolerate the taint
+                              forever (do not evict). Zero and negative values will
+                              be treated as 0 (evict immediately) by the system.
+                            format: int64
+                            type: integer
+                          value:
+                            description: Value is the taint value the toleration matches
+                              to. If the operator is Exists, the value should be empty,
+                              otherwise just a regular string.
+                            type: string
+                        type: object
+                      type: array
+                  type: object
+                fetchConfig:
+                  description: FetchConfig determines how the operator will fetch the
+                    components and metadata for the provider. If nil, the operator will
+                    try to fetch components according to default embedded fetch configuration
+                    for the given kind and `ObjectMeta.Name`. For example, the infrastructure
+                    name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+                  properties:
+                    selector:
+                      description: 'Selector to be used for fetching provider’s components
+                      and metadata from ConfigMaps stored inside the cluster. Each
+                      ConfigMap is expected to contain components and metadata for
+                      a specific version only. Note: the name of the ConfigMap should
+                      be set to the version or to override this add a label like the
+                      following: provider.cluster.x-k8s.io/version=v1.4.3'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values. If
+                                  the operator is In or NotIn, the values array must
+                                  be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced
+                                  during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                              - key
+                              - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: matchLabels is a map of {key,value} pairs. A
+                            single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is "key",
+                            the operator is "In", and the values array contains only
+                            "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    url:
+                      description: URL to be used for fetching the provider’s components
+                        and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases
+                        You must set `providerSpec.Version` field for operator to pick
+                        up desired version of the release from GitHub.
+                      type: string
+                  type: object
+                manager:
+                  description: Manager defines the properties that can be enabled on
+                    the controller manager for the provider.
+                  properties:
+                    cacheNamespace:
+                      description: "CacheNamespace if specified restricts the manager's
+                      cache to watch objects in the desired namespace Defaults to
+                      all namespaces \n Note: If a namespace is specified, controllers
+                      can still Watch for a cluster-scoped resource (e.g Node).  For
+                      namespaced resources the cache will only hold objects from the
+                      desired namespace."
+                      type: string
+                    controller:
+                      description: Controller contains global configuration options
+                        for controllers registered within this manager.
+                      properties:
+                        cacheSyncTimeout:
+                          description: CacheSyncTimeout refers to the time limit set
+                            to wait for syncing caches. Defaults to 2 minutes if not
+                            set.
+                          format: int64
+                          type: integer
+                        groupKindConcurrency:
+                          additionalProperties:
+                            type: integer
+                          description: "GroupKindConcurrency is a map from a Kind to
+                          the number of concurrent reconciliation allowed for that
+                          controller. \n When a controller is registered within this
+                          manager using the builder utilities, users have to specify
+                          the type the controller reconciles in the For(...) call.
+                          If the object's kind passed matches one of the keys in this
+                          map, the concurrency for that controller is set to the number
+                          specified. \n The key is expected to be consistent in form
+                          with GroupKind.String(), e.g. ReplicaSet in apps group (regardless
+                          of version) would be `ReplicaSet.apps`."
+                          type: object
+                      type: object
+                    featureGates:
+                      additionalProperties:
+                        type: boolean
+                      description: FeatureGates define provider specific feature flags
+                        that will be passed in as container args to the provider's controller
+                        manager. Controller Manager flag is --feature-gates.
+                      type: object
+                    gracefulShutDown:
+                      description: GracefulShutdownTimeout is the duration given to
+                        runnable to stop before the manager actually returns on stop.
+                        To disable graceful shutdown, set to time.Duration(0) To use
+                        graceful shutdown without timeout, set to a negative duration,
+                        e.G. time.Duration(-1) The graceful shutdown is skipped for
+                        safety reasons in case the leader election lease is lost.
+                      type: string
+                    health:
+                      description: Health contains the controller health configuration
+                      properties:
+                        healthProbeBindAddress:
+                          description: HealthProbeBindAddress is the TCP address that
+                            the controller should bind to for serving health probes
+                          type: string
+                        livenessEndpointName:
+                          description: LivenessEndpointName, defaults to "healthz"
+                          type: string
+                        readinessEndpointName:
+                          description: ReadinessEndpointName, defaults to "readyz"
+                          type: string
+                      type: object
+                    leaderElection:
+                      description: LeaderElection is the LeaderElection config to be
+                        used when configuring the manager.Manager leader election
+                      properties:
+                        leaderElect:
+                          description: leaderElect enables a leader election client
+                            to gain leadership before executing the main loop. Enable
+                            this when running replicated components for high availability.
+                          type: boolean
+                        leaseDuration:
+                          description: leaseDuration is the duration that non-leader
+                            candidates will wait after observing a leadership renewal
+                            until attempting to acquire leadership of a led but unrenewed
+                            leader slot. This is effectively the maximum duration that
+                            a leader can be stopped before it is replaced by another
+                            candidate. This is only applicable if leader election is
+                            enabled.
+                          type: string
+                        renewDeadline:
+                          description: renewDeadline is the interval between attempts
+                            by the acting master to renew a leadership slot before it
+                            stops leading. This must be less than or equal to the lease
+                            duration. This is only applicable if leader election is
+                            enabled.
+                          type: string
+                        resourceLock:
+                          description: resourceLock indicates the resource object type
+                            that will be used to lock during leader election cycles.
+                          type: string
+                        resourceName:
+                          description: resourceName indicates the name of resource object
+                            that will be used to lock during leader election cycles.
+                          type: string
+                        resourceNamespace:
+                          description: resourceName indicates the namespace of resource
+                            object that will be used to lock during leader election
+                            cycles.
+                          type: string
+                        retryPeriod:
+                          description: retryPeriod is the duration the clients should
+                            wait between attempting acquisition and renewal of a leadership.
+                            This is only applicable if leader election is enabled.
+                          type: string
+                      required:
+                        - leaderElect
+                        - leaseDuration
+                        - renewDeadline
+                        - resourceLock
+                        - resourceName
+                        - resourceNamespace
+                        - retryPeriod
+                      type: object
+                    maxConcurrentReconciles:
+                      description: MaxConcurrentReconciles is the maximum number of
+                        concurrent Reconciles which can be run.
+                      minimum: 1
+                      type: integer
+                    metrics:
+                      description: Metrics contains thw controller metrics configuration
+                      properties:
+                        bindAddress:
+                          description: BindAddress is the TCP address that the controller
+                            should bind to for serving prometheus metrics. It can be
+                            set to "0" to disable the metrics serving.
+                          type: string
+                      type: object
+                    profilerAddress:
+                      description: ProfilerAddress defines the bind address to expose
+                        the pprof profiler (e.g. localhost:6060). Default empty, meaning
+                        the profiler is disabled. Controller Manager flag is --profiler-address.
+                      type: string
+                    syncPeriod:
+                      description: SyncPeriod determines the minimum frequency at which
+                        watched resources are reconciled. A lower period will correct
+                        entropy more quickly, but reduce responsiveness to change if
+                        there are many watched resources. Change this value only if
+                        you know what you are doing. Defaults to 10 hours if unset.
+                        there will a 10 percent jitter between the SyncPeriod of all
+                        controllers so that all controllers will not send list requests
+                        simultaneously.
+                      type: string
+                    verbosity:
+                      default: 1
+                      description: Verbosity set the logs verbosity. Defaults to 1.
+                        Controller Manager flag is --verbosity.
+                      minimum: 0
+                      type: integer
+                    webhook:
+                      description: Webhook contains the controllers webhook configuration
+                      properties:
+                        certDir:
+                          description: CertDir is the directory that contains the server
+                            key and certificate. if not set, webhook server would look
+                            up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs.
+                            The server key and certificate must be named tls.key and
+                            tls.crt, respectively.
+                          type: string
+                        host:
+                          description: Host is the hostname that the webhook server
+                            binds to. It is used to set webhook.Server.Host.
+                          type: string
+                        port:
+                          description: Port is the port that the webhook server serves
+                            at. It is used to set webhook.Server.Port.
+                          type: integer
+                      type: object
+                  type: object
+                secretName:
+                  description: SecretName is the name of the Secret providing the configuration
+                    variables for the current provider instance, like e.g. credentials.
+                    Such configurations will be used when creating or upgrading provider
+                    components. The contents of the secret will be treated as immutable.
+                    If changes need to be made, a new object can be created and the
+                    name should be updated. The contents should be in the form of key:value.
+                    This secret must be in the same namespace as the provider.
+                  type: string
+                version:
+                  description: Version indicates the provider version.
+                  type: string
+              required:
+                - version
+              type: object
+            status:
+              description: InfrastructureProviderStatus defines the observed state of
+                InfrastructureProvider.
+              properties:
+                conditions:
+                  description: Conditions define the current service state of the provider.
+                  items:
+                    description: Condition defines an observation of a Cluster API resource
+                      operational state.
+                    properties:
+                      lastTransitionTime:
+                        description: Last time the condition transitioned from one status
+                          to another. This should be when the underlying condition changed.
+                          If that is not known, then using the time when the API field
+                          changed is acceptable.
+                        format: date-time
+                        type: string
+                      message:
+                        description: A human readable message indicating details about
+                          the transition. This field may be empty.
+                        type: string
+                      reason:
+                        description: The reason for the condition's last transition
+                          in CamelCase. The specific API may choose whether or not this
+                          field is considered a guaranteed API. This field may not be
+                          empty.
+                        type: string
+                      severity:
+                        description: Severity provides an explicit classification of
+                          Reason code, so the users or machines can immediately understand
+                          the current situation and act accordingly. The Severity field
+                          MUST be set only when Status=False.
+                        type: string
+                      status:
+                        description: Status of the condition, one of True, False, Unknown.
+                        type: string
+                      type:
+                        description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                          Many .condition.type values are consistent across resources
+                          like Available, but because arbitrary conditions can be useful
+                          (see .node.status.conditions), the ability to deconflict is
+                          important.
+                        type: string
+                    required:
+                      - lastTransitionTime
+                      - status
+                      - type
+                    type: object
+                  type: array
+                contract:
+                  description: Contract will contain the core provider contract that
+                    the provider is abiding by, like e.g. v1alpha4.
+                  type: string
+                installedVersion:
+                  description: InstalledVersion is the version of the provider that
+                    is installed.
+                  type: string
+                observedGeneration:
+                  description: ObservedGeneration is the latest generation observed
+                    by the controller.
+                  format: int64
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-operator/deps.yaml b/bootstrap/helm/cluster-api-operator/deps.yaml
new file mode 100644
index 000000000..1191f5439
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/deps.yaml
@@ -0,0 +1,7 @@
+apiVersion: plural.sh/v1alpha1
+kind: Dependencies
+metadata:
+  application: true
+  description: installs the cluster api operator
+spec:
+  dependencies: []
diff --git a/bootstrap/helm/cluster-api-operator/templates/_helpers.tpl b/bootstrap/helm/cluster-api-operator/templates/_helpers.tpl
new file mode 100644
index 000000000..36e0c4d49
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/templates/_helpers.tpl
@@ -0,0 +1,99 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster-api-operator-plural.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cluster-api-operator-plural.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster-api-operator-plural.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster-api-operator-plural.labels" -}}
+helm.sh/chart: {{ include "cluster-api-operator-plural.chart" . }}
+{{ include "cluster-api-operator-plural.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster-api-operator-plural.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster-api-operator-plural.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cluster-api-operator-plural.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cluster-api-operator-plural.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the secret to use
+*/}}
+{{- define "cluster-api-operator-plural.secretName" -}}
+{{- if .Values.secret.create }}
+{{- default (include "cluster-api-operator-plural.fullname" .) .Values.secret.name }}
+{{- else }}
+{{- default "default" .Values.secret.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the aws credentials file
+*/}}
+{{- define "cluster-api-operator-plural.awsCredentialsFile" -}}
+{{- if .Values.infrastructureProvider.aws.enabled -}}
+[default]
+aws_access_key_id = {{ .Values.infrastructureProvider.aws.bootstrapCredentials.AWS_ACCESS_KEY_ID }}
+aws_secret_access_key = {{ .Values.infrastructureProvider.aws.bootstrapCredentials.AWS_SECRET_ACCESS_KEY }}
+region = {{ .Values.infrastructureProvider.aws.secretData.AWS_REGION }}
+{{- if .Values.infrastructureProvider.aws.bootstrapCredentials.AWS_SESSION_TOKEN }}
+aws_session_token = {{ .Values.infrastructureProvider.aws.bootstrapCredentials.AWS_SESSION_TOKEN  }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the b64 encoded aws credentials file depending on if bootstrap credentials should be used
+*/}}
+{{- define "cluster-api-operator-plural.awsCredentialsValue" -}}
+{{- if .Values.secret.bootstrap -}}
+{{- include "cluster-api-operator-plural.awsCredentialsFile" . | b64enc | quote -}}
+{{- else -}}
+{{ print "\"\"" | b64enc  }}
+{{- end -}}
+{{- end -}}
diff --git a/bootstrap/helm/cluster-api-operator/templates/bootstrap-provider.yaml b/bootstrap/helm/cluster-api-operator/templates/bootstrap-provider.yaml
new file mode 100644
index 000000000..09683a89b
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/templates/bootstrap-provider.yaml
@@ -0,0 +1,6 @@
+apiVersion: operator.cluster.x-k8s.io/v1alpha1
+kind: BootstrapProvider
+metadata:
+  name: kubeadm
+spec:
+  version: {{ .Values.kubeadm.bootstrap.version }}
diff --git a/bootstrap/helm/cluster-api-operator/templates/control-plane-provider.yaml b/bootstrap/helm/cluster-api-operator/templates/control-plane-provider.yaml
new file mode 100644
index 000000000..6f8aafe24
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/templates/control-plane-provider.yaml
@@ -0,0 +1,6 @@
+apiVersion: operator.cluster.x-k8s.io/v1alpha1
+kind: ControlPlaneProvider
+metadata:
+  name: kubeadm
+spec:
+  version: {{ .Values.kubeadm.controlPlane.version }}
diff --git a/bootstrap/helm/cluster-api-operator/templates/core-provider.yaml b/bootstrap/helm/cluster-api-operator/templates/core-provider.yaml
new file mode 100644
index 000000000..de3495612
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/templates/core-provider.yaml
@@ -0,0 +1,6 @@
+apiVersion: operator.cluster.x-k8s.io/v1alpha1
+kind: CoreProvider
+metadata:
+  name: cluster-api
+spec:
+  version: {{ .Values.core.version }}
diff --git a/bootstrap/helm/cluster-api-operator/templates/infrastructure-provider-aws.yaml b/bootstrap/helm/cluster-api-operator/templates/infrastructure-provider-aws.yaml
new file mode 100644
index 000000000..f4fb49492
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/templates/infrastructure-provider-aws.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.infrastructureProvider.aws.enabled -}}
+apiVersion: operator.cluster.x-k8s.io/v1alpha1
+kind: InfrastructureProvider
+metadata:
+  name: aws
+spec:
+  deployment:
+    containers:
+      - args:
+          awscluster-concurrency: '12'
+          awsmachine-concurrency: '11'
+        name: manager
+  manager:
+    health: {}
+    metrics: {}
+    syncPeriod: 30s
+    verbosity: 1
+    webhook: {}
+  secretName: {{ include "cluster-api-operator-plural.secretName" . }}
+  version: {{ .Values.infrastructureProvider.aws.version }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-operator/templates/secret.yaml b/bootstrap/helm/cluster-api-operator/templates/secret.yaml
new file mode 100644
index 000000000..95406180b
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/templates/secret.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.secret.create -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "cluster-api-operator-plural.secretName" . }}
+type: Opaque
+data:
+    {{- range $key, $value := .Values.secret.data }}
+    {{ $key }}: {{ $value | b64enc }}
+    {{- end }}
+    {{- if .Values.infrastructureProvider.aws.enabled }}
+    AWS_B64ENCODED_CREDENTIALS: {{ include "cluster-api-operator-plural.awsCredentialsValue" . }}
+    {{- range $key, $value := .Values.infrastructureProvider.aws.secretData }}
+    {{ $key }}: {{ $value | b64enc }}
+    {{- end }}
+    {{- if not .Values.secret.bootstrap }}
+    {{- range $key, $value := .Values.infrastructureProvider.aws.credentials }}
+    {{ $key }}: {{ $value | b64enc }}
+    {{- end }}
+    {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-operator/templates/wait-for-provider.yaml b/bootstrap/helm/cluster-api-operator/templates/wait-for-provider.yaml
new file mode 100644
index 000000000..f81bf3437
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/templates/wait-for-provider.yaml
@@ -0,0 +1,31 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: wait-for-providers
+  annotations:
+    helm.sh/hook: post-install,post-upgrade
+    helm.sh/hook-delete-policy: hook-succeeded
+spec:
+  template:
+    spec:
+      containers:
+      - name: wait-for-core-provider
+        image: bitnami/kubectl:1.25.8
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        args: ["wait", "--for=condition=ready", "-n", {{ .Release.Namespace }}, "--timeout", "10m", "CoreProvider", "cluster-api"]
+      - name: wait-for-controlPlane-provider
+        image: bitnami/kubectl:1.25.8
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        args: ["wait", "--for=condition=ready", "-n", {{ .Release.Namespace }}, "--timeout", "10m", "ControlPlaneProvider", "kubeadm"]
+      - name: wait-for-bootstrap-provider
+        image: bitnami/kubectl:1.25.8
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        args: ["wait", "--for=condition=ready", "-n", {{ .Release.Namespace }}, "--timeout", "10m", "BootstrapProvider", "kubeadm"]
+      {{- if .Values.infrastructureProvider.aws.enabled }}
+      - name: wait-for-infra-provider
+        image: bitnami/kubectl:1.25.8
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        args: ["wait", "--for=condition=ready", "-n", {{ .Release.Namespace }}, "--timeout", "10m", "InfrastructureProvider", "aws"]
+      {{- end }}
+      restartPolicy: Never
+# TODO: have this job wait for the providers to be ready
diff --git a/bootstrap/helm/cluster-api-operator/values.yaml b/bootstrap/helm/cluster-api-operator/values.yaml
new file mode 100644
index 000000000..228f4f4d3
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/values.yaml
@@ -0,0 +1,32 @@
+core:
+  version: v1.4.3
+
+kubeadm:
+  controlPlane:
+    version: v1.4.3
+  bootstrap:
+    version: v1.4.3
+
+infrastructureProvider:
+  aws:
+    enabled: false
+    version: v2.1.2
+    secretData:
+      CAPA_EKS_ADD_ROLES: "true"
+      CAPA_EKS_IAM: "true"
+      AWS_REGION: us-east-1
+    bootstrapCredentials:
+      AWS_ACCESS_KEY_ID: ""
+      AWS_SECRET_ACCESS_KEY: ""
+      AWS_SESSION_TOKEN: ""
+    credentials:
+      AWS_CONTROLLER_IAM_ROLE: ""
+
+
+secret:
+  create: true
+  name: ""
+  bootstrap: false
+  data:
+    EXP_MACHINE_POOL: "true"
+    EXP_EXTERNAL_RESOURCE_GC: "true"
diff --git a/bootstrap/helm/cluster-api-operator/values.yaml.tpl b/bootstrap/helm/cluster-api-operator/values.yaml.tpl
new file mode 100644
index 000000000..3752460bf
--- /dev/null
+++ b/bootstrap/helm/cluster-api-operator/values.yaml.tpl
@@ -0,0 +1,13 @@
+{{- if eq .Provider "aws" }}
+infrastructureProvider:
+  aws:
+    enabled: true
+    secretData:
+      AWS_REGION: {{ .Region }}
+    bootstrapCredentials:
+      AWS_ACCESS_KEY_ID: {{ .Context.AccessKey | quote }}
+      AWS_SECRET_ACCESS_KEY: {{ .Context.SecretAccessKey | quote }}
+      AWS_SESSION_TOKEN: {{ .Context.SessionToken | quote }}
+    credentials:
+      AWS_CONTROLLER_IAM_ROLE: {{ importValue "Terraform" "capa_iam_role_arn" }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-provider-aws/.helmignore b/bootstrap/helm/cluster-api-provider-aws/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-aws/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/bootstrap/helm/cluster-api-provider-aws/Chart.lock b/bootstrap/helm/cluster-api-provider-aws/Chart.lock
new file mode 100644
index 000000000..f8a8c7a8d
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-aws/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: cluster-api-provider-aws
+  repository: https://pluralsh.github.io/capi-helm-charts
+  version: 0.1.9
+digest: sha256:c1ef36b6f6c60b9bedbd8fdfef4858e1135bbe7ad49fe511e8adc1347e633063
+generated: "2023-09-01T13:53:22.234271+02:00"
diff --git a/bootstrap/helm/cluster-api-provider-aws/Chart.yaml b/bootstrap/helm/cluster-api-provider-aws/Chart.yaml
new file mode 100644
index 000000000..8b2d64b0b
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-aws/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+name: cluster-api-provider-aws
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.4
+appVersion: "v2.2.1"
+dependencies:
+- name: cluster-api-provider-aws
+  version: 0.1.9
+  repository: https://pluralsh.github.io/capi-helm-charts
diff --git a/bootstrap/helm/cluster-api-provider-aws/README.md b/bootstrap/helm/cluster-api-provider-aws/README.md
new file mode 100644
index 000000000..a2f21819a
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-aws/README.md
@@ -0,0 +1,3 @@
+# Cluster API Provider AWS
+
+A helm chart that deploys the Cluster API Provider for AWS
diff --git a/bootstrap/helm/cluster-api-provider-aws/charts/cluster-api-provider-aws-0.1.9.tgz b/bootstrap/helm/cluster-api-provider-aws/charts/cluster-api-provider-aws-0.1.9.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..39d21c000952b68677244ad18c4c95c2418eddb2
GIT binary patch
literal 76423
zcmZ_VV{|7$*C_hf&cx2dwr$(CZ95a&wr$(yKbhFJo!ohz^WJ;UT4$a5*dKaT_v)@)
zd;fM3L_z%m`p@{G1fn*SP+~BakY$tc<YYBsR%0+xX0_B(=46vsQ)81=x3My`Gx1bW
zwC9yDwXp@d{Q7XlVQ-{}y_tKbR^WO`z50s$J<*6q;A?FyothlNo?3!}c4FuDQreFd
zKfHjHj%Pr^toL)1Cv?D=zQ@Cm{5j5PQfZVmT(n>T^mWZa8$$91W$u!E^chQbPVi#%
z;}YnMRddVqwIs|B`ES(ebqDYxA|Ram<Ky;lye{oUVeH`H<M;A#c)XPb52-_n(|?B`
z;PW{5mm#5?_;Y#O>O75n3G#6i-AK|=n2()azah*r-Q+DioH~#b5zktZ?RB9({+3Lm
zP#X?3;}M6RQ0gtTi9HO;SC*AMJ+z9hg<~y9(kJ7VmdO}SPSC-<iAEZdc8acDBpy3M
z5E9MBFA7c0;Mm^j>+6eSdL>1P!rN+$k#awz`aK3^t|?_)EwI_qv`Ziow%~v5WBciM
zk+<^TAGQ<}F5Us;HT(0RPM^0r_p>nYaP{_sl9%3umD4xIIkJ=-et;L^K=ejw&U9ia
zb?+#YUhL$WiAv+?7j2@41UT38h`GJbEIY*H^=u4Qh-UWjqt;P=xJe>Wj2ULk+*9%3
zkG^Ys-_qujpTLuhTNpqPI*es_BP*N8j?RcrA2A_rATcGlCz?7-WQb610Sa-TlANtC
zc0UaBAa<si@KJ3Qx0vks#Wc3|!lQ4*naf;B-`)t_fwpttqn9Be3;w%oRpgd9ZUV94
z=K^I6c5)o;#PaRw>SDt38C@RWg(*KyaY7kk7ezUNl^`OLd^3ifQbaQ%^OWH6&8%(o
z=Y+&l{E&Cf{wf;1u3_jKym`v-2J--gPRKEu&u?9jLKStxpJpl*sseadDmT7;9Dwdj
zHUU}TuPPz)_N6L!V<B~Xs58tl;!1M%mARNKRaqhKpO|fa)Q5y!kkn>B)AtaR6Hefy
zXEJsQm`W3$`?~Q*Cwb{3yPO?xrYD2VPC8^E7f9wn+ff#E{ebNy`AFz&-M?o)6-)Dw
zyM*GLXwOePsWMJZ;zVQ87j3J1Lh!&Kf>Zf=DHmzOlG*R@{=FrmE}E%#mpoc!%#z!4
za8E@Z#L!Vx*2Zn|N8&6|s*AmIqz{I8Q$13PjD(aCm*<s={B}9Q*rgry1R4&lsz?$}
zlY@bbWHti({N`tqGGeBC-dv|={Ms-^3ID)lEPf2fn}bKB%2UoS<I~N_%Zo4L^LgoQ
z#}6kDuV_p6;p_18@%?l3W9{SW{WI+Ds7vZ#!o=t8x-DxeZ}#a$n%EgT3VPzk0`4Q_
zP6t~gW|v^>^l9J%G`O7RBysFKc`IA51AgK}L{CteIhRYapD5iluFfqacb_EIbHL;w
zqk^#6Erdn5v8&5jz7%%WzDv;WZoeFuYst0P0NAS%^sKfFHdlj#Z|Q62`CGbiT8Sp&
z?~kqEV)P+#;+k2tz}&~r{l7PV{_*p<I}%lN_3=Z>N5Fsm<9YHa{6`Z6x0~30*!<Rg
z_r55H|Hl8l`Qh#Wiqu35OR&q91+`+f%R+^1Oq5EoSaibO>hQG3j9PVSiaYUyh3IrA
zvR^Y=4{t#K%t>k5>=ASw?~0fi-7w<)0wDml8cOi*3<LF|OX#=iZt^UJWHJvBY=oO1
zk(Z4HJpj&15kyup8dflVS31bgsjW!wJ35gC8R|r2XP!hb@pnf)2yad;5UcqOS!GS4
zw}{xj`NFKnAE!hV8aRZR3##a9upPySYs<_+O2JSC2bd6G4^Uf<Qq?l5*0X7%)$daz
zo6P2K{6^pkhl5Xgjp;l6LHG8Mg#uAT6kY4=vtIPs$u!WwDW}OpxT|k_#`hhgHn!AU
zmhA1!AFTo*dv5?1(|*~y)?XuG`c5<+65&>?&J=GQ{j4~*FZbWwMgE{g0meaYKmJ`7
zFKt_UVbSzy*%@v2K;xake>?>jO-ax{>Z6Sx?|v83$VHJDOe8>1<p(psEow769x7%H
zOhznOmG3yD0^04%m|tHT3a0uN`e5iJ;iWH%Fx`Avbk725j<664kf&0+aAHs18^vQ7
zEbU04;@-I;GFQc7c2#vV{4KI(#l8d?yD<hc-;~;{h{p3pKc+XjT4C$gX%;VWD|w~m
zKNOX=8yA{d2QuP7Z}1zJE;IWsA>ikIS1EA!y#slOAZIMNz=EZ0>LTT_gZ<eJzMUa=
zqIMi`QHlJzNUL@%g1$kr?DB8okqcRYfy2-AKFI{o@BZMi9cMZejH-g*nh!xNCPHbI
zrTangM3m^HC}0fRC+;K$2B?f#uYD(M{8$r5We<GI>-PwRjPNLa3WL(-hnR$rMl$co
z&@N1%q?8&BM6onvkB@?ZP1*7Uqal~t%zGbaLa_+_s9liJxTW2V^E<s0ynBjtl|A%*
znqmNu&wjqFnYVW4$pyZLUItquA51`F9LhdlJ^=#{>UCE4JA3Z*ZSOnu_Z2zo9P%N)
z^sM5FnPCoM6OfYW?`ic`O<hAd+LMXKE?Q6%X=;+5rM1Wk71uNo!_cX(e<|gqf>4l6
zn{Z(>FdAr_P&9p)!xHfON^=*yq!XtSIt*Ct@AXMii!kHNIQ8+1$X(GzO)&q~eG&4F
zdp|Ce$>$dp*zhSe@i}@a*FfXWK!b`|YR$7O%ya17UlVfiM8`^fC0tjR#h7-ssudAB
z+ioI$p!XW9h+?GoV|#Dn?Xzg_78#rTtgKy!TE7(5Y$Z$hlxGg;`z`tN?Fdp_YRTid
zf7=gJD8F!f6<k}8@&%(LF-LI$33AkY(Q9c#>|oDisOFDSlFH-;!568pkG;wcBqrnj
ze)`p3Ct6X_L?9a{&sG4dA0}>mU(7}|uLDW@e#K0KF=nA}EU;d}>7$dxEp<J^=+b$B
z+{yj;4b#;aJg;*B_=rOTvb0bl$~=(^<iEeFxsBo5C-0Mqj&u^Yt_%IFcplQGdIV_(
zZ*y9CYNhi)i0;agZkgv-WTRKg{>X7dLSdX6XLK5uc8gDGG>k?blmt<Sm#g~)DR8fx
zi!Oa^R<2QB6QSkg(wBcHbm2OQmQN|knFSlX@q?1BJMb;?Ow8PDlkkoh1Mq(p0}I{6
z%NzFT)^x3l=QMqw!>sBGFBjk(n1F%1IVqb<NSVYAKtq`l5}EG>nP_>DCBXeR)A^4o
z<(h$d251$ijb1KOvHfsMV^x>55oB2^=Dt2I_?#E3=vmD~$4QeZo@10=DaPL|rCzP;
zX_|7La!2Qwcn~0W5U@`eEWJu#si;IiH%r;O8=jG&0$SOYBVQ_rNTwq!C3hTE0qU{a
z5V3aZxi+pS=q3?Y;Qh>la<!v3abziV3+w2)soao494uii*)(@I*}#;t4TKSO&`&y?
z#OyAq57CFJ$^=6ANxQz<pobAb01K7o_<{jO@eC4lhIurg3iEY02>ZTwZ06yz^P0GM
zFdA~XXhwDNNy+Jx=<jPWR4r#|r20mbfv0|l$o?KfL=`vbZXr&^gTf%s-<XI{E(3ry
zV`jbg^63f}H{o6#^ytZy*1bhbB2T(!R44I8U%`{#*<-L&(71cPPnAIRaG04E8J}TI
zFnkq+_A&U6kaqhBG*z&gS1fG0PgGJSTJkv;4-+xW5>_GBo2jy*5oV#plV<1ZDzs>M
z;6+Hz<J0g3_{JoW|03|7O@_ohR1OFR<i1&|fn*|73>MdjbYgC0*`4!mO+)4AU-yIa
zm&`R!quBD>h^e8LYf1M|a!e@d;rv8F$B`N(M(wN-d3k&UH92A*0qSO!d@&BhTTvdt
zC)Rz1lTmAIVvuf`=$aYG6!Ap4XLa#}D6=i^l1{8W@4~$FvF|bVK}+dX1hhXbVHC~`
z8>lmAD2|DzbYi|}HG*r6=I6$Ar%$2my`ZyB1?u3i3){@+wh(}5%Z}Yb;P~e)p_R2D
zlCp!Q3wFvldmJ2qquxysV(<RcuU5c|MWsK(5a|6LKnoIci)I`qTF<JjULbj94=@##
zeA*`e<azMqNgV%#C%8Kwn49Sfbcri+yYoHJ<Z4rnm}0WlIE%kXjkC)$Rz>DRX9)#C
zKe|q=4%HKSPGOBx`0okkbKlw{=RN)`s~&4zTROG;*6gV}j1*E7JJ3!f)GKd;v{VBE
zCfJBh$~7fd*|n4!^|G#wYR<^Cn&Q#EDG4N%!Q7vLw&6Xn&{=bvT%kCM5E#7X3dce2
zB>SPVkP`uwq{2lJNzKr4t?`)jlwz>95KIr^h1NLku&apBJuREmBXZEH+4`#=V_dkv
zn*tkhg}+ekrt#}{_R*spykW;?47v$<x8l{iI_q<08*-I)aOMUc03p%VdHIQqBQlj`
zmNWX#(l1NjE`dW~8KwvrMq-Weg+2UE$oqsjSxD>s6-1q>mgskjo`Y?>{V#92yQM#L
z_+`qbX8jJZZQKrcyF5U{z&f$`(1B&!^V)jII{m3TG*B#nR_0?cRgjO8o<GaF_Abge
zTO_-AzaS#5IvFvU9qM`1vfCaWtwB^AkDbYh((-ilY2i=&!8oj5wFbH<d3%mHJcE^8
z)9-;<j@*?g9JAw&keZQ-W|iO~mEODdhpC4{N=*W9DCQs^5Mo~%>lk@P1!+X2)ki=v
z9UGhg>OI&>v8XJpQ?c`JVbQ~*+Gbie5u@fHTjkVi;)oP^fGv~jGcZP{KDM$R#Ygbm
zcGy~`9}IKG{cPAf>KFFBMo*wccX=G|%rrSnLl{^=W0&vem|UnmZW-k(t1h8F>TM${
zZ?RJXxUWJx3Jb0vecnR_wjE)xu_&t1{=Q%F9s8oOax=*=6o=uQ1wybo!>DKDc!p;%
zhVU6d>Rn5To8Hj@p8fr%r|xgV`hi-#0c90vW}=jT_9WN${0Rf3RCGb%98+t7s?72E
zVeRG?uEpZMgLYNu<S<Bjdm4MIzLM_`yz1^vv<Uv*FT6yE$%h*ORyp#xwpA{`%ImfL
z{>>K8kIA!Z!Wv|<^7|=ZC|p}$WOW|2$E_wCD%tYdr0%knCPa;#;k{0Xe=gaQi*3-%
zG+D`S!Dc!a-yrbj7k~RO!D*vLrJnfQfI940;^AO3Qz8KpI0!W~bt*|&!|Ja)Tw1lY
zAcle#sRn?@wCWtL&D@`%<tt*B3Jx~GV!hPuU#qe)Gsh&BeyVA&L)wGKPL9!9dH^_S
zNhi1H@0}favA+F<8_1%c&lBaF8v?}VSOosBkDH=%b;!JKwz=<BvSFagHZ><86dtxr
z4q|a;+_tSgv~^(CGI3rnbZLG-Q~~jy6*I3D4m87&My!2Br1IZoTANVDBgx2E_XhGV
z(unZKupRx259a~#92f0c2U=b6DGJCB-0fsn<L8GON7Mh}4Wa9Fvjk+AEGtF&PBGS4
z-VNim!F73rekWNIzMq{=>vCjr_OyhYK=nRUR|1?jX!QJ75W_rIQ+laZn^aD#9U)Fz
z?Yb=(DogjDb6Sa+G!YEhG^vRvg}QCJRUXoT7;+S8Y<D*Q;W1JuM(N4RD^CvGe7Xpc
zE5o7HT;6&<N#+H*yX@|x&(`s613@}+-(qch`xxGDRPK==LeT)sY9J$05=|~c_M=a9
zv<!H|B|<3K-M_wB4#YgVgHpO+<QNA~Uxn)#ZPAgHSzQ1^4b(y`nf#y<5yw_LkE#NN
z9a0yFG5OlMTG^?Mc0+tR*Lr<Ky1eKMJQ^l>y3v(0ed!i|+-}|D2PoM{IHBa_89I`b
z&=un<OFqA77At;Vkn5v^vD32E!M_)LzEl7L0g*IR3zbeNZR&0O$%r7)Meah(Q=A$G
zHLx@5P`IB7>{B&f(xspY5Z<Rp@i`Xxl3vZcUxtR!RB{Y64nD9O@kczAMqk2f&O2gO
z<)(K+h1__N2}dSk{J2F!r?(Vbf0h0D;`Cxusc&y05MF+Hge~m3FDQoes>^Iac26rc
zo?LXYfNQ|)F^9+F?vdhoO5lIB{MlQ`s}W;UTqc3iXl5y)lww5uM3F8EV*J$Q>=fHL
zt^0SAi&KL~b6LLA!FVVa^$@ti0PMA~;_JhBo7R3Cw-B-r!fcowjxpuwW8}G$kF_fw
z{Y1pY4!CRnwOb#(WB7gN4N>=uxvhau(;&JBPP0e%8gs0?uZGxTBp<9TXT(C8c?Jz!
z=qN`r7=}R5Whu2xYD>-$G2J4Dzm?0^X4*#RMwXnu?6v2EnW3q(8Phgjqj9Bc)T4-9
zfc4RW_AVM}_0hr;#>sOYifj#CVOho!dJbb@cM!7#6mgnJ-fL`EUGbIahJ3!~4)clG
z^Xl-AG|7=x$oQ%+#^@Oon;*P~$D2hio*a14cK?rzBOgydW#{vHiq(laeGr+wvcN}P
zwX&<SUnOx?ou;c5?hd?xZc^|?asgYVwfsC1iPU$C!rxi$w7f_HHFIuhxSSXoCvF_e
zXcv|<gO!Vz^~aH(V5mF=n@f`^EZC=A0V0<Lxmtus^tjm0Qay1OEYo6FqvrJ$@s;m3
z$u**M{A&A(Ze5&qW)?UY`=$p%NA;%fhO6qZ&7R(pUG-TllM{$`IV(KswB^pPfeoA8
zcowyqserXy^1*VQF1xz?Eb3B81Uc|M`}`|ItdT`hGua5^YeQS;)#B1MjxvDPEr`WQ
zi~5oC+$6@vd3%eTu~-Xpa9Q@^c48*HCrA9+R@Kr#I=;SV4^1l|4N-)Xt3d_L*lhVp
z2L2PIo#N|7eMOLc@kdD=PFh{U!V`mr&ranc#;)Bf{OP6n+M$kd$9APXn-8<jD0{01
zM!Y<r<P~zB5Cpc(<|`(Qgz6D7Ko90;ROmK+aKv&NalHsfy1Bo!gK^$h^|2*umgc**
zpV1r$!ZnNym&?2wf+RDKYa#tX2!#agSjwfdu4A3VnnU1U!HCyxK@4F4Wau7}cZK7V
z$y42ptI7OfYa%8TX2HbPleCtYC6_rjX*jYKANwqG)ojFA`6FsrBb^&YM>K#hzaq}>
zLRcl3hFpk|02y1G6xSJMDnufYJ|!HUV%3Z0BHz>&<Cqr3Lvnti&T411)bDoU&zXJy
z0G*F~?UbCI{IY<7Fi__Cc1josEzVca)Ev^cQ-8DT4e<qav{7y;No(%+E=9GrT+Nu*
zE9~k-$qU<=+5SyqDo%MLo$CmML-g0QPEN|w8!;ESmAPThG-_g!tFy@OVfpj!ysU{O
z1KL+!t~UT8{;DR$GAiRkw?rBb`FuPRLy=&9ua3cS2aTM%_2uy#$lQc>XYo4L8r<`y
z3`l;!jCy-ZLBgA2IuQD7bD*CTNsMD;yH!{%qx9>db+y6N-js_f@S^(*gL5@C^Htea
z?;nBk%Z-2p;A-*QOCBXx5K2c(0U~k3=7nB)eB1KhR$mkv4cV1t{;hN@P>+v?tLCoO
ztea=wd=_}NL~kfVVx`nGgh6{!J6F5hhg{`j7~=@zaJgA1FfCh3&e_&G+GmR#R@{|9
zP@CCmZ8yiy&?R^=(v!c0)~BN>6r52A-+bgc${PO)U;ImYD!<4O2sh~r%jsY;R5wlU
z!nrou%#3|8?1klbdoH_sbOR=a@>#QWfF4wxw`-rBttnR(%~5dlzvS+i!M^3zjAfIl
zgLPHJy(f)FdL<d~H1MKZurxM^bq3z$YNX*3R(^PNjG&bHAuVAcvT@1^l@QZnvqBz<
z#uaq=Rwfh+>a-Pc#wn2J=k*(1RLKkF=$i0R7r3NADbFdd5T4^p(1flAy;(>GE@nC8
zA!+ZVTsf#y5Ez1x`Kq(>TM(5?kC6F<?Z4eBu$9eu{J>6yU+3gTy(u>EzyRhZ9iSa&
zsStSl=jJ_Q<DSMgeXFTMG(*eEUXb5C!7^3*r?SX9iF}9&5tb{cDB(2_q6N-QA*G#3
z%4u2(;uLiE*$f%AQU^>25qIXLNTb%wDn(^0AOsKD4#+bVI=__1gN-sT`IiFE*?^Tx
z-}z^3!&kD7msc&s7)-FzOFZm~S|1nepmr`8p}iB350YSU23%4euw;dGI^?(^=MOKs
z*lOC=m@xuOZ@PiTvv<K%QS7V_>@p~*2T(2uPbQETy?Yd+XOPBNt4bQDoS3tE7*^u+
z+;`PyHp@@$S2p_}FxY1Mj^`{M=i<V=>k#<YZrJakA-wc<N|8{fyHaZb7OQs?qF4}V
z8DzdHyKB!QWFJ3oJX&4Za9wfg!eL@BLy8x<a2;i#8lNI+H`vfUUY2rxEbv)AsG%D9
z+93Ft8dA9Q)dx<jB5%BM6|&PnlfVZd)yjB0vK$(yDL@PvpXCt0=AMz%@GOk_f;<P3
zqUbABE~k}o6f8@4`i?rOoiBP@OCSSW2o0e@@-0P;XUdQ)PL7}`vcgJ1p<rFwObj}J
zcC<x)8U+n9jVOZU-Xd(Zdn;F3rtqxez+Hv;m(i_152hb;cZZsPg5ftnBafgxiL+bI
zh{&{fMd~|WA)2Yzi>l4NSi&{o!FLO}I9;}bq1^d|`7<>Dye@W=#?f`p(U(;}c76Qb
zkaW4vWliqzz1_j73nvOpjYw_ZwPbHRo%;;jK2?>nIBRdy3qNExbQzITGK-{Nyc8jR
z(<tHY5cHBAgdK{C>7W+b>;}zJ5C!b0EZcpX9Q`{Mh(e!?*@Fup5`TpTQZ;l#yr2aH
zc>UcAfm%mrVhoBrux4Afm+@Q3Qi~P4jB&1rxSB?)OKrdPcyYE%)h{kuhac2F0P9p^
z=58_nwnR)JKo~T&wH8gJDwUrhf+iy6_bEOMzy4(JR%Y&ToFY?KJbZ3xV5*7zE_*=o
zpJgx|U1L4D=ar8#ohO!~Cc02-rri<v<1~v_>KS_iwsjUr@Qz^pTG=~E=2QcU4J#sa
zZPArWd?>o|n}xZNmM~8+&Fs4K6Rc+>WaN!1X)89N#e}>xtn=V=O6w-fT*uM)_dGRE
z5d9yl1gB?IP54lamqwv}c?{I4SDc<6tW9m$V#MGS1r1WSo@L(TqNEFV1Gvh3utZEj
zj$lWw<!L`w6=BD;e{s7_pWC&{UeGgKImbD{M<J*b+fhnJ3zJJWg8Fv1@D%@=a(F|D
zorTcV$5R!;n{x==$2w?_H*O*%as#U8VA0z|;83dN!jW7a>l^|17>4HbW)IR<$o~bD
zQbqqUnduSK_ZV#aTr_|#dfy$vDrqwlTowrm1<u^4z>bj>eQv?}@s|qt@F5H1mll&c
z{7`rkNUtBm`XTYjh))7q&h|#j>Vli1HoO^JcxEA-?mYX);KM_si%~5S_#(RyU9bt-
zc(TbXn8z{>Hsh3+RH0|c@!A8g$lD%1F;i?|xpNtTD3W6FvnLq*!4u1@5b8T7J>`|S
zB?%V|SWXj@$*16S(u^lIOuXATOwb8q`r#&{2;y-Vwnu?%j<1kL`~aK;&=~{+L0--i
zlpznuS}g4nqr*=ZR&3p%T}Tf;k-a#3(cM)OmSH-S0i#en+Mu3~@A3X!cu`i(YqgB%
zO~<9#zYS;vk)qiFiA0U!nNz7OeSY?I%aX2eCA%-U)>WEhWgN-ReT9MO=n?p=eMI-N
zy?Z=y*~(b=2Up_^16X|Fv}l_pv#lOO4uSrdlWDgM!@AJIm(Ku-fBU3$3N@EOAHxi_
z8OcRv#sEFi0sSLdaW0X=>n_DmXDd*^*SAqkZ~v(Fl3X<2@lZ=B;HhdwCe3jD9tfgD
zcU|DZG6)@Cc;@dl;^UhT55TB@r%W1at0i;gD>=jvy^X<K71KppBxfWrH5Fk>sB&o-
z3q|2sdyDPdq{IYlNus&m(<$x&9+@E3?`5>jzrUzu!sNU@r{*ZhKKs^uX<0OM*ZV3y
ze<L3bwt)@}OB|Bw5kA>b?VVYLhd!{6r8iBPCR|@GmK6PN7eqtWNtL0r78;JR6Oq{S
z%OrMAh|cIKc{z3s)zEcT|CRFWej@+E?t2T%{AtY&sF}_?^Un$}fCJ3nfy#0@y;_co
zX#;>#ZsKY8a%3&4!A#;u1&x^cjI~-|U6|Qx&M+dheV7gnwEw3Sb^@(_$A~DQSlS4j
zOk1QMzC>dwn?5jap%$CVD~`Hh4mU@s(3S52Tv{TxRt8<4xpHQ$985UNK|H5Ld-P^4
zH%7ndIt3^dN1<SvL;OOqzmGCjl5FD%my|i%KvK+VSeDXXGNk{3p*lBTv|$)7yF9>=
zJ?F}{R+x;Wv_imR5|&mYjiYW`!UK>*%onabTF6UfbtSesGo=FJ2AKy%$bzUsI_cpm
zWjEP<!Dy2a#HZ&#7p@#?p&Ld(C_T_1qJY;Nve4bnX_godc7CzkU|4$+W+*~|l{Bd)
zDj74h8goSpT9)<iSH?;q<Gg@#Q_Fj_j^Tf@yCfRG6Na83(q$^fWEM%2PNYEpt$W5?
zMCX`eI=N<3LGw6{w1g*3fs{>tUc)XqjO&9fiNP;#H@ORpQ&ZGa_I=M=e71#Y3%{*p
zE3woTI%8mMIo>g{c?iBH3^a@Xo-sgL&#0qYc;1;mX}(=^s9e8JPzjYMPUflk>*1(Z
zKLWA|EmG$ODnxhg2mwk{qQ#M{$4PUDw4`nLy}sB4Q5N=0>gvEp$~5*N<>ehX)Pl`e
zt@yNp5KJ_he0XJ^DvNJPisb?a6u4gsN!k)_l}6W$CoR3@9P>kE5O4pveDBH9rnJEB
zvtne1qMyGv0xQEX6P=UuKw2g%JzQa}K!|haBUs1{Whh8)GSToG)ILBU;txn+v+Pxj
z5_5&~U^1ltz|DeEf<_Jd;4Bf}Gs;XcH3`!+T!rl*hk@l%a2v!L0!$~ALb=+G6nmeW
zM(&Y_Ii!emHt?znTR=8&N~S+uyRGC2?A7|Dvvl=V@wTDdJ#Tn09oi02UvxJH*QI)o
zZpsXps)wK}F1HCJdVW)FsbJHb$P3lFEJ#k34Y^GdJaGx*W)gq^5-pyIPADmryoiw~
z&yShPj!y5McZ9=Lgyy+@!%PLkhFiXjsP~V$@zUoNjyV>kv(SF@IyM0tr#CC($Dj4;
z?}xvB0oA91eB-$42y(&1zk${n!Wa6D5M!z^6&?yQbGx)qiT*7}bH0#7nZ+W!M%^26
z2DE~$7vPVDB~&!DA44)MST)NySt#iUyrw!AjOZHql!2R>GQ@u3_v=7&^U2fs_=MA_
zW!){u66Cjg(3cP#L@wel0A0Ue%kJ&DL+#+UKGOK@LpD!;S1m^t+<@Zk=tR&U{Een<
zqGSff;mR+&{jdlU8I|VVKx<f_t*Qy+PI)~+1lT;@7LpvbC_A5LZppdUPR&CR8jp2U
z=8wN+17IUNd$~60tRn*%uEpi*J5r7iUb3!LG7;VC>>=H4u}w<p!|FhMM(K_PuRmZT
z-3DBS5<Mn1QUyqqyLczg#NCPd{h1`_=sCb_Cj_TT(v@>R4?s0gv)sDbe2{XkUdQ4S
z&A%b_Z#TBi)^dV;x0qM+_*|Ras9jiEAlr)~O2=v;GAFsTs()V*(c8duLMDc7|FyUM
zc#k^Y*|3`rklrXJYs>(z7oi*wBHmU(nD>J?wsSMhpm}`yoT05QwEV)H$f{{Mx**jq
zHPtx3EuOkaslkPzP1P|oFjS&LL~=gAfR^ao#NSo%>n*4T>|lcoF^PYu;H)r^aJv`_
zPDllRD}vOvBB^!qmH?eQr<Lm(8?Pyez~ka#TbFxksuWX~m@WGSS=$0TfS6XULo%M~
zh7PZ!TAv4F)pmO^o(Dcx)0@}iV^E=r^TBNr&Q-ehUu>(kgjMDuc3oqB#Xx(nRFHYR
zb@~o<R&nzD06AT^C2fqAr)uZ;KtL~KmA+Kugo`^kTk*5ILR6>~benb~nOSJ8*sZ76
zf9x?Dno`C&SbRp3v#nxe-3O7D-bxz#tq~3v#47_3<n1{Vy$VwJzRAK%o)QP2T5aNq
zmjkI#2cZwDr*CW%UNvXakXQ|vH#&660yd#3o~+Y+37mh0n0`T<i73wNu7v#QHw-p_
zqCI4aro<maUv=8DmqKZwdHGR3B~~ea)f#btpw(fy6vO~sYH!YJ*+5+|p<qoue7#B%
z(7-B~a}N*}8N7883Iq=Y8R^L{6be)_{G00{{YRGa#6mgLAM>P7*XxbXk0bj6`ftOx
z!Y+ip;fJy~gZa(!6?;t>go7I(p^9>?@2L`c6-v;FBGx`#GiN7a7Rij3F9Nt$hPHyw
zadEfgv@uzD?JE^HOJ-~4l;F(M%_~srL+M1HTa1aG1(OVFK1}A9@=2@V32Sc1=|LG@
zQrKhy4+Wu|rxs1k!%BIr?^3NoBF>oKZR1@cNmc+AGr%8uwzggex5z@0M6P~VF|v#V
zEy1z!UHs9|<wNW9ccIUY59_@IJRKtUMQj|@&2US<#)C$XkqE~^g2+D;TP+OdF^Eaa
z>tn`Fw7$vW<46W7ND53l)32EKTY*<LBZ;+HKkuT6-PBzEKQyd2Pqn5Zx8~V2RT+V=
zi_Xx80Lfm)Z}=_+HaqOFj&q>x;TNpoYpmL4)@DFL%-_2IAuxA$4pJ2URdL{K@GGKS
zEJJejgBS6n$<-Pxq^%;APTX}|<FYx~1jsqb31@K{`VuowB=cpJjT$|;7ADMp3tHu1
za;DM{NkhP0MopJ0qt$%|LR0|Uu|$`8$8BJG6L+F?IR?LZys&H>SvDW6G;#5Q{Ju)p
z*7^FFG(}j^s3`b@*nDmWawkw27TbgMqY~CuFS^6wo0BF3mHLN3qKlS9Zq!%EW`c|U
z{2SCHyflco2Z6Z@SU;0PPfY5BfBVLj<Pd!4GgVz$W1SI})n99No}5l)^$@r5W@MDr
zlcX%BSTLko$BVTxX%^~Vifq5h`Wn4Y!#Pck|K#sF>&Xm!+7zx3F#!%Hqi6zcx-4|=
zzJI1A{<NPY2<c&FUg`R8{!|hnv2Z;POABQtSS?hCKt1JpC5Sp;i(8j5;-{uI`ykt6
zuZ<{>H6*cClVd%Z*;H6U%M_w)pr~VaJUY|?x|I0Utn@U~uOcAiX|vM@f&Y|Y9hzXL
zb_2GTw<sr8na*qB*AEOUx8CK(%vW`}lBi}cd@DV(d}ks~SS^Z=o__VS!!`zSfE8S{
zzf}$~QBUF2&7tmj7#6#Z$fMTfN7R@*&7)NRa0)NoF%`Q#PmE}g!!~$EO6LUrlPRdD
zM@MjA3sYHVE9Ln11RFY(2_lV=Uwy!1a>tWJrXE8;b0IM0HY?iYUFR=t+fysU7=Juu
zB`HR0nAU8%7?EYGy7W-b=UZe0`{WYIc6`12RrAbiCYZ46r=6AQheV`Qr2i(nT05As
z>Sfo}@>x8Go3#uTVj5;`SG44Nj|W|bup1gK8rON^G^h=hZz*08YV!X*oGg^k?KlDx
zUq~F~bO(QHk<}u+CnC!b3B^RFIXrckQ^WMJ<NABat!I`CZ_&d&>K^lQ6Zfop(RdtT
z-q)t74!??Ah3EbrEmb`7Uv4rm`5ZLy6U*ilR1Is)oClVOOx|hns(m>^hMj_e;~e&&
zV}}@0R>bGM0cw_|T|>jJby&W2EmD>w<V|4&BOwq__G^<Oy0%JG9d}gv*KY9Wj=FOh
zdL=UfvZJ_duyiR4Vee5V8KBx8YFkCw0+t}lB~ySXZafUc^%H-V82UbIFQNM|?m9{R
z;O~fTEU_yEe%1v_tTwyTyMW570!=ThKF^Q&F1n>K?*i7RR;2xmG;mjV+zmRS`HM-t
zd%Q*;Tj^iPY8o1i4t+er<uJD1#k5GJW-QT5v3pDcqXLXhxNj=u*CkREu)H$$w1S{i
z6P+aYCnA_aM5T3r;3=~KfPNlQYQn<3NPMUIK%B0)o$Q4ZezMQEb$iMXOs%D#MH~wN
zEmDpIE*Ml6%3>;5(upIZx!-0#2?870!|(HrcY6}1mao)SArLQ>Gsn`Y%Y@?YB&}#Y
zw`=^{#RHglORn6Ok$ATMjIPr4qLhm}r5*Xo=}N<;2D<>nvo<|xVnd8$ojNgge&$Sd
zir%&;W<HLc-8N@gKB={0yY=h-LG!_bHw_n$Oj1PzD(u}%vf;fQ{8coxjO7Oofu5+A
z&QOj{f2)VI-wO}>6vY4!-o?10MBVj=;=w2$F|i)(`lL}nCgWgu=P#tTqOgxiW#DXS
z@KT|4_RuJZbG9+t4cNJ(Gh3MVst=AIt9~k>@TYmDDc#kSpf!C&&jeL*m>i)qQiaOY
zIv(D2VHt;P-c`XCM%U@ts}v)~L6y087t^fU%e-AeKLLwgB|oF|{Pomo<<Z#)V5@4D
zWNquH9&lB6d}DW8_~DLap3{dR`Ep~Wxdqhivjr|V|BdKQ_O4|oqMy2tbL%vtP4LJt
zeYj~FvjxV^P%KAzSj^s=Eff#h%$iyTL6k5%=}537?FP?}rX1}!8el3s*y1pj@(o&v
z5U?=%)T~4-D~~#)4y+AW`em+CWhr*nTxMwx3ceP;8L3!d_p0=`b%UT@Vs_oPEYh{-
z^XA^Uqgk=zTf6F5yJ}iHrb)+uP+;q?B!2@anPWo`7pq#JH}9^A(VoQ4y*c-Kw6OGL
z<Sdy9nbF=RU2+xV5-L7wjz+Tk3T^pZbe8+0(&;L3AH3uvs|0UM4q~cx)2Hrcji3t(
zujqW4S+xoT5yZ>e53+;o5VbUs@CJv+D}D!Z!jVdXQJT_FaW3P`F@v6tCY`wS*E-T8
z7QM<wFn!)8smg(0o!6OTchs$DL-Z7dX$z$yt>oylk)d~nbS+%9Zr47lcfIPwo9P{p
zeC>Pw^>r|?y|7p2|KqFjb-tUldb}pq;y0j|u#=$d(1NKCjx?%T11m+FAdqQAUA&Zm
zx7o3Q>5q^JEsn~mxS@)kGrz{sVm5B|rq|=)c)0D8i;OCN5<QSb8QlqjzV)OO#dj$l
z8(~9}vh}_rYnY?D<Yrs?q|{n|;s*`vdbpXwR)B_jh#^3Xii)67IN$?}J<KFbos3E$
z495M)t!hH5GW?04Qs;JvMbfm4KyXthw-;}07KM<dbq)TI#d7faK>5n8Cx+)oroL*j
zV*DFBjkd*EOwNpi+@SL4pCCq03`@hv8qFG2K8$&@UP1m#jJHOx2R<hrR9gw*{h6i3
z%aqfK=ZW*%qKw9aapXx-S*~rq!{@A!jJla_!-jy*8=We7ZC*PUa(bdH{`FpNJNapw
z*w+)LCGjoRwAokE@r4eTalx`?{cb=>q?u|g$=)d>c793$1}lKZ?XpLe3pvTF2a&xV
z;SlPhAxy#Q-d9nneCMbGyGXrcIzXoZ2MxpNrQr@%6f$@CJbXW2=NZFhpB_4T(K0$6
zJxX%y2^Ky67i5T3h~%g6|A!7U-Uo%YE`^jdCDey54#p&ko|njXH~tBtpBHU3;%%9H
zi8MIU!VwtuRw`fID6<FRk;nk?8D4{A6ujVjF4<`M(ErAUK1#V)L|Js6zDgle*>IzO
zbM{`*TZyJTm4@HL8c+P>lnT)cQ%7JUt_dBJ_AAXEhZwn{5#kDid7n-mPLC`)GSOLN
z3x&(m{4w$TFz`fAy+>xx4+j8~YMrME1xO=VdvI~LiLpE+ao<`)x2JO}Q`G-~Lyrk7
zDdl7%{8!S{(V8KL)}vEw+oC>vv9P+L;Dx-HT~q1Q4Ux<B+ETG+#tLpuk}O(=EW83}
zqWH~0=hq`jvxo4Lhp$VwUit~h4*Cfu=?0Pyc{ZNBG|ynk-mAi{>62@NZzjRCH(ciT
zuH*1AbN}ihPB8t^JX(eYE3tj6Ox1Fl5(?@3?Bc)e0Ui_TVP4I{G{fExk6Z2M`b#vm
zPuR~!Vjp-^S!Q)w!ZT{tzsqN<Q){Es>c=Rm9`YTGzA(<8C2OJq>x$%B7?h5~g?|rf
z6<1X&<5GF68V~iRs@4gH{?ZWT<{RhE%YcFg9S0jb3xgi_72qoA)BNSej4&jc$^#8G
ze5)E1N(lx@2_8%a4N4{;bp*uoFs8Ya%vmmG&V4ndjAXJ1EufGpy?isbhzz(df{SS(
z)`~w<*d#RyGw^EcD0z0_pQ98(hPJJVmb6!C{=6csrg^;|?Xnl;`gb@<)_kydWx?Yn
zRzR8$B27Q@AhQW;-JG3wbYzRmzv5VUYlt<t6l*B&r+aI7uUacD*<>$S@$&dC<l{<R
zkLbx47YDo~D|3M~)zkwN2z~ui96ai}_0Tt1cT!{(V&!O5N7Au`!I{w-HI2T%Cp)FY
z-u2HT4bLX4I;Apj0P!V%AE;4No*{Il#}G$Y4XY7Ht1!*o>jsgj3@E>WS;FW4^<Sv}
zf5?}^-kW;@oJHYCLj=yt!hRf37unnE@};69SU(2@caC7o;R37&FTuj^TF7`3N+LmS
z>2~U(@0<jQO=80`mbiJaLZ!B+VW9DyKW0_6x)u=OZd%6d&9;-XsZow3o7ohIIUIcw
zeL~VuSQ94Ji4Lt50Rmv8U_>9r%7ybCZ(Q%enj9tt5KcuXOhb~aE(b7|)w?{YvrM+&
zPeJ$s8p&X~Nlp*dTW+kC`Cm<j9@&waF?z{YP08EHtqALhfMi{7CWQmPSCp29d1Phx
z;Bb8YX`bybpI6wIj>Scu`5%x1#3H2=HmQpEBGOs0HWNV5x|+rc<f1aYW0LWX?uwJO
z+OrTZEU=E9fMpgo1}Bl3c~>&)D3wo!uwy?%&1@1^-?`a+vmLBooSffNlsb$>Np4F9
zhAb>vx2o`D|06rQA=b2Wc2@0*#$g_KZc>|zWQlA<Erhon8L&dX9PQ@%{P-t@3^C$t
zGxtcc1opu%M*xDZaq4Z!s>VR-P}*4~NHM{)(Xobl|GIqJ%SO37s2D^&K34k!b~&m<
z#1Ie+CrnYyv+uoyuovloW<xfWTS>$C^iq<39)R}p7UAt9|7kMxP#O*=qn1S(c9iW4
zKM?iLMLs43AvYnj2eCB8vYYe_X`Qb<sS#@ZbvX#3gR_=*NY(~<vKtE>r81Nyb4;Ot
zt$aZ9GpA|Gq!D6`@YG%vWJ&8a$}YCjZcqhvl=$-61?$CCSSOBG5QQDa)3)M=4OH`=
z4>$u%YhZ4GpB?QH*Lk$<@3KWorm+4UO8T0JJkv!)Km(0Db$GJDb-mYb>y!Ft1tS<=
zb_vdu%x1&{Cy=SC(D5zM*%;-jiZJPuxS;<5K6se|`r=|OdS~(eN{5L>)tqpzMP)T-
z;pW&yfk-c@u3%mhOK|h9Tl^Zi+fL@$B|+(KCA?WFQRrv`FtUsO695(vR^;4#R-bO=
z=rUF}0q{Fe?%T%1={Kg);Lu`+`)B%|&SC(KsCsLTeV?0_Jv&S$N(;r)rD|T2t`Ggn
zfiu^9<y#DXxg8wgYU&g1161iF0!TgNTE)mh7ICj_<-RH)G|P;aGpk-zoHAJ^c3#EZ
zsnZ<xe0*g|PQ9cg_ih+0TY0>REtffFuWTiU=$LblI8(WUq7?b)W0_^mzmyr;i7s^7
zF}31b-Z@M7B<4%c8>S=B984H{Tr={7ttPhD89Qjq>+(YHJo0X0q@8AssmRvzR@+&>
z8Zmz^<%Ya<+iY%ACiUi#N#zKP9DO)}%|5tflSoFrD}=@+>38vqR}l$?a5qrR<Q(19
zjLq|4dZJg)q&{oYMDCA)Gw9sa=4*Twf6)RzKmK(O*QZI}&Ug#%si$w2(52>$R;Suh
zLX14!B#&r@<)S!vZc)fzlOO&(Z-=xovzI%o)A`dWPOGgXBE)c{sJ!vY4hf5=#q3WD
zY&K3Wm<EA1uuV;u3d{>|y&0kx{IX^gOlzJ_SGvhEXvn4NL>aOq0zkn28vbA<sO+UW
z84=SQvc6KqYjqjhK?)lGSL%h|Ud_jPYF|Uaq>DC$xUR{%`p-j!oUsm>BTZJ=u{GS3
zh{Z&IBYE#d%)}DoEgl0~ZN9Rf(MD=r<q`8{!?TAm`=c=Y#^~C-%#EapUMdjzpSzG`
zO*wp%n-yWW$o!UTPu`^>K^+$gAPm4n!2^CV;UV*5ktA7b*ew5Pc;X!(7kTn&=jz4$
zreA;M+vT}-fYEE7>D~1JVt-`^K$0i!jeop6UkSR559@P$>YwDECNpA6c9!^!pM2mj
zjUpidNmr)eBzqw@4a}0uz@SAs@{k3MeWP!e9k@`=DwM6AO}6~M@b5L{RnUpg-+doE
z);3)RnSQ8a#cQkgKk#>Df^)|5rJ1^@G0=@Xw^n-lzueDw_y2c4e9-@Kzw}uQGU@x0
z)LICVrs}6=+%Va$%R^T0hL5#t_7)<_j%r?A6X;q-7|cevC9=!htW8^<Ht5dBNWbom
z4yv>xB^f7F#S7du!nMC1rM<K{qp}L1d7hT@DxgKIERtAMpdB5bm!@`%S6CeHHXOcx
zF*%V43UgJpT~x=diJ4}>-V)3U$g<srgk1CNx~n(p+12@l@m<mpX+27-%t7~R_Lh&*
zmgLqIbT%094Wt(sahizPTNpMvgAWp>@9-q6HkK2HNvEAxG;(7V)w9MJN6ULU_u7iD
zHh=qjS9>1^=sI0Ct0d(Mr9-8od%Zl1<&m6?-fjwSy$Rk0IolFWL`+k5{DwCk1nqam
zSPD)c6gnk2grV?`p4m*`9k7%5m=w@T;2__%3sc^Uf%<**)`B!|=u*EeEUC<yAUfM$
zMdd<Fv9c#p4f6_+%zKev573y}wj2)1)I>_HHk>S<RFA=dwC=BH3pF+_3h{ilL9L3j
z)uE8Pxs$@Q7+GKJF8%poHCauAYpXhbR8rzCOig6#lk%P$95;M2EbTm3-q3;0=kYi5
z?OFABDwb>hp2FrohYluG**-2Eb*^&}845NXr9#zlDt<<}TeB&;>pkgc4fQVE$43dt
z*Z1(Nl5FJ4<fDlhO7YqX86zHiAs+147H8DI&iiEI<oE5ZtBSt-p^^9&7DR3QX~Mo`
z4}G^FN;~tX_;xQQ!>@P~OO6@EFi$d9MQMV1ZPmZPUz;L!D3o&`T(w%h+y?w8$N|D}
z31?>=aEnhVNYfwOjTI}RHz`kjXLW|6o2+M#ymQf~@<p@N?&Vh3EJv{>In!Eq(L0ww
z`Bl`5_NpKtGgXlB<~0aWoWwU`Y>2dQc!io8o4^m5PZw2j5kk+cp`spC$+~_gSfRnn
zAU-9(gY;}8&M}Y2*ecgOf^3{TTZ<KEe~Dm64!a6hduujal|@CUBH)yvGPk#(OW;6K
zFQn`@T$GpqaC3C}Kx<2bP|8I>?uN)F#i>K88Wza=P8~lDv}W?F>;p*$D(JGs_!J7n
zvr!(3=PjkG%N#Ek)p#~p^V*K|?FG(X?<=Qkce@*RwTDnViKL*>+K|1<IDVCdGu+Sx
ztW>!BZ1NNbedGJhlRdigJ83?N%2NvS&zsMVEA&9khu&$W2V2s%@!67{V?+O8Zcu1T
z$BsHVW%YtNCNY9RP4~;`U=?QEFD_k06wA^%>`td|G!l^FUKO=vecc6mkizQBw|@@B
z&@en3)**r^whz&PIBT+(fnZO2n3)gPTv0}u`OPwydqXsd_=1$+_)9d0`-@`IO4KS(
z94n`U;}3@=RHBXlP^BG#b&geSd2i>^j6qUfXCi)F88*uR$^lLMQPTh#*XN{Z8HUU3
zq>M6R@OZL59Js`oBiO(L=K1bsgDc|kIW|Y9tZNBT^s)gP)h-Z3y+U42AdF!iNJbg$
z1<OA}UMsB|WC`sFB%(K9?|QsqmJXyk^%J86(<G8vTs2R?kK^dfD4LtZe#)J)Yb_6^
z#7@jEWKHt+CX2YsP+JYc+CF{9Mv1(jo~L@0@wF#;ORJNjWTK;Y@RK%apKwvSG2Zsg
zK^kHJQ}`Yu9hpan@EnL1LRAtl(eXMSg?|eo{dP!M;z(AamwAXBN{)%0+{H+XSScO?
z0jCkiS}~mkzI?&3E}3QD&U7=nbV%0L*4Rqw=PEW$Z{-OPT+?E&zsb@#8B<7Y?K<@D
zoo29N%=fx+>N?euz3`J7WQfvEZ=!<hBrTk6`;*GYn;NQ87Qsw{&aui<%%w?*HNb*G
z>yW#7;3GWjZX#E=SE+R7Tr{z4$gNFnyT!3LS6Tr}Hukdqq}C>gg>Ixv#Uw<E_6{-0
zLCxz<Js{t&pLttGiGB!x9r?TuA?Y{A9v1#3$I5P3aFJsuarHo$xGI1AN;B?$B(og%
z&yQJ8{_DqlcHuYI98`?v?>6i}T4}tp!Z@I2I{FQsDJ)hpOd2`!6Dh29zp`x+%Pjv3
z$PirrH$VntLTE^koF!@mPOLDy3sbJJoJjAQH!C;Fy$_`PHIJ2}T<EL^1d)=+tC!}N
zV*$uIR?)q4%9Q^L$Sp^Cp2u=PQ}E>qX8Wj56uT3Mrg7{4S3VvD{~tasN+m6=xQ&cR
z`CoRdT*LKWJ7yeMkEzZ2P<?nr;6oO$z%Q3d=KRkQ3nM|9TnU_n%2pXc`%SHCDv=AW
z&u*??I_2O1Pf&(T4304wl*DqzmHPjKkEaG5(uwW`q0Lk>t<ahOYWgnLv3@UiHH3k=
z!;!x3ci>hsnuXJ)ktouLbuOBV>F#rJ)->@bYo-r6(+F}vkaOq$$B#S0@cv&ve$~Zc
zs5=1rzW4PGoknVA9VTrilHEaXJq#-$Isx)a!Z1Mu=I}l>he+!mb#RTSya=Mo^K46$
zAAr)ioR5AOKjeW>hlv}cXV5Mfe~K0O`xGP{5Fe_7V@}o6N#UNnsBP5KqTCo(8cKYK
zi4jDYEnhM1*n6+XpN}+SHXZqk7cC?|{4PYq3rC7!n7KxzNpClvT>{#OGG;HcWGeau
zrAZCXI8UlwcoUzsn=fXDWjThwg<}~qq@0cMH?zzVF}b-<ge58}G8MPV6zzMkkdp9F
zkkAN1_0p6VVmB}dDK?D6HCU{~;F8R_O5)Lg{;hYj3W?f9Og-#ZbkAq<8B7Emv#?bb
z1A@l7)JTn|9mEJPB!x<qeMy#n*zt^0VN&G3Y$?E+3P+%_K{GaVItp`NPS-DjG>6^=
z31g17!7a%vOmR9c1-4V=bAE}*Fl|1=eR)H5O-3OUL#3=QsE`=MWd(3K@tkq0C)y>M
z@0@ZKV%sWM%<{*(@!eS4#N~ixbis1*-h}1&ZpB_~M00Fvtp>9!wwQ=F&=f02V6WrB
z1sg@xnU!s3r`ItxfhmP&mSWNMQfLwi(j;k;`$6n2K)27j8sb+$9#%I)Jf5)nU#|}{
z#C2t5690)%nVAQMA~NxpYzYzX82PP=STFm8_lSkte;@n}NPQvd8=<of=PP_<I#6|(
zAwGO{)=qcs?fn~|QUq{+|L+jedv-Zep`_IE@9C}{&XseJ4n2VzEvn(gM*C@!;`~9x
zh}{2CXv6<1bRx+ArqKQ1YUfTKI>`}epzdh!lN-GKXvN%u61*Jr$?F%Ioi>@4ySiFV
zjv2|Z|H^9A*SVna%UKfs0^7;8M(NO~!qxXTWPSqfgCe5Vc<rr7T|NG7J~Pd9C-yrw
zP7_<ab*ijB0+ks58ffCBCGe$M{#|dUa}AQ+Li}=XlEk!l_%eu43JOJ$<!)Sss{%3H
zt6ueI@Dcu+WvwA7dKLDDvU+>_6Uma@=i8)~IZ!whLxCNY0RfD!lmblk5YXU)bjohZ
zAK%MU#`HR(p-$~N&ycyqJvfQyKJliT>YE9xnX1b)jZ#irRT_d+C<qD#>3ZyS)*r0@
zGczQ4W@~s~-c^Rt2x5KsO5SEqWHDY^*k4rNnkl7uh=_FyqUjz3^MU15J)d6`3V~bK
zg67-%`%loM*M+?Pn@^qYx?TVChHKge{l>pz$e}IX+|X7p51Qj1!4!b5AU_h0l&B@}
zvnjE1{*;{OcP<pUG7Dh+BFtX@fKw&EKbw@}rNiArXCcGcEpPSJ{(tZ(SY8!~a#*a8
zVHWarMM1CgXCMe1NNrdGb^asxnc4S+)I<VL52mfMRtvW{Bo#o{ZJ(Q_j`|SN{>%9@
zuocfC>q%As9B>|g!J}LkVGReQo0X`6`bst4-7vLEs=8A>!~ch@cMOuXS<^<_=4#uv
zZQHhO+gNSewr$%sR`+V#?$i6-vuEZzQ;`vMBeNpvM?IC17xE(DZ$(^t{XQW)N(|<e
zZ{?oH6dV4<(Q0G0?ZxA~On7WHJH>7$;6@3Ov#Al7Baq2XdXpUajQ@3sRA7nl4$?qe
zS8IHYV%h@zKO_M_w_g#<#TXdCEf|Wk0Iy6BCvo^f;<dxfB;@sVCz!uEzWGx($lpKs
z;O8RtcwJv_9V+1Y*+hY_$vM=~+P1TEwkg(Dd7M7gZp|-MPs}ah?ZuE}Vs&7dlU<tB
z#WsYPHBb3nQdl^g&6_{4KCl+;tA+GdU7FX>a1~ZfbYOaQ4HPv^aXy94dRjIHp!T}a
zp%2)7I$*5O2LgD(@ZQBgEY6}Lh<hR7Cp@&yLqXzo!(|s+^0DZU<udYcof@02E%dI?
znE1t@6J)u3hqHSdV)TGds<a?CF$@(3x79ny`cCwhy$q}xPs772Bu43c^BUiTAQdht
ziQAs&0a7ZeB3|(e(`puwF>k@6tKF4+)E@Y~SicriiqNO&(R(H_UEqP)$T6*OZajrm
zFSBb?cdEga{EWa<vBHslV2U1t?PbRRKY-1<R;7f&w!&sGFjz)yJI&-mS3+C@=8Dg)
zrPs-`d=GKSA_LGs3nQDoFtb4ed4=N+bE(Bm5SjJSzhTAJ6VNIAf8R_eAcU}?I8-ig
zmfR+(;rjwpdt8rQn9TRVz||%x_({4<8`Qunst$-(6d$J@dxE8bTkw;q6d=a3{fYE1
z8?IYRLG(5JLf4Z#uNz32VFuSVUSk=N1H9vcN&1A6){iIae&r&(IWXyuTRI66_jk0G
zpPJ6b#<7D7%73s<Fl2)Jb4*py59P_1L-$a~tWpMk%Mo1IzpF2U_C=(H5?;{Lew7Ih
zoPY%Oh!+=)UY*#Z@eEtMS;JrUtcl2tszr=r=<#fBCOforhPg(9eC6FLe*V@7bk*xo
zrIDknxzcqpwOGidpL~bVhqQPiEK&(a<eOsV6SO=f@bC8ChF=GO`UN|LZOE^k*kx&f
zeBx=jnq#Drb8h!d&7yyq(YnHW$LHf7L_M5o1Q)vGV9F{YH<hXsXP93NX=NksDPZ=u
zEw&B#lDcX@on$u1fCvy2As%Zcb6u_tIHo)gX({ElXqG<egHslP=+_dUner$_6z3AL
zZ&;rx)E~rlltRUg7td0WJ6QI3EL{g)qw&^(kl<IOsE_4`rlu}Uxkmib!1#Vwf0WAA
zLVV+}_blSoY$6&njqZRYcKBMqrSe$xns^9aL@Y~^f$LU(oO3ymb;Z%%(Z^!9vnQ+_
zp&+Tw8r$bjtqJYREldLOm@?!inmLxT6BvV)UoyA|!5c3`#N}2IUQ8UzX6z{E<QDLE
z7NXzcvyF?;OB<;jqFW3J9{K(Br<)&k5#^Dsjf)uw_7As<vKX*2uu3&ExfbQFd+3*z
zx{Okh*ri9gy1wua&wf`Yza{Q;)%fQ0d_UL&sXQJ|7js*3#op2o{vghrjD^m`+;p#{
z8m9|1{pIaJD^bBHs%o}%WQn*Z*4#JQU>WWIc~zp(?ac-S1#RTc#_D$cADfe7Iz1fU
zXENs-5(IgO-}iht-0n4Rf4=bXTz<Zr$hClD%pY!r?;y>OLb+U5d(mkOZdGd{@{~Pc
z(bifK;n%P2{TSZm(vUcB51X1$reTA@fSvkciX{{Pc(yZqa!Fxj*pnFP#gjpCx$+uR
zl0<zv9C>L+js=nnr!s@7rDWEKTX7!1(UbAfSn>{1ivB=hdjb=7(v!u~&saP}69-LV
zkjs|r5OdX{av&cxk)L{e2MI-H>{6B7!-p+SA&0@d4a1MFs^oX*(Tw5Ezg6n42$Hu+
zMX2sU(CIbR%Q`8KcuzFmqs=dFpmt8NokCfr(B95b7rUIB-S(HdP0g9Ve#5IUy-eD@
z%^v$$ZRp)`F>1;u9B}JaP5lah^I{V$l(8A?MJ$w_hw%*H_1RDmJgoN>qi&ggPd1V`
zsx*3lPN!w>4Y9laIS0B&DNUj;Z$wR{vxwS7rj{6I;LQI1OLt|p_F-u$AhRsTN<acU
zJ{I-%qhF7+0DpbE?Ej5>X$7;!)-yE9(q4GD!&AnUqSE#+^*UC25VM*xS#?R`*u*H0
zYWPw6fvwn>P~h`Ns*Bmr76l{o7$l=uc`Vm6v!_^4^(FjDOGIff@Oa@sOmt2Hn2bCV
zjberiToE85jjCoGpe4xqHz~T4ad^IPF+*Lauq!vw#i8ZLm$~9=M{~;c+XPlZ6n{bL
z%%jj(e7&>5cS4~@O!|W)DoUVoL$da|H0F;GT^=%2FSOz?CUaV7=U!o7l*-DdV9sDd
z`!xe2NG$;!#&QRz!b2rX<W<^CRY}b^*f|s|HDC%GJSj1476Tc3xe(H9C)84WL<g``
zGpuU4|9>Rj<}6OZwASk-M#hu0)8$QaMpLPifeP&#VX*m&f_K^%WQQ?D?}0O7XJ3U0
zeft|~Y@h&>dpeOnWEXbccL`vsUQ*nF)3d$?PDRqhuo|c8NmfqdA4SnWTo)7^eC>mk
z`*)i8DtX~`m_JbEY9|xRaZ9#0$P20{O7`b2pkO4=C{ZFQ{1%?fHN*(-KU|lkaiWke
zdgk{F>F!(4Y1@11<_k!W>a%+(k>hlDnt7WA`Zl%#y738#?ruK;^u@P{q6uRYqAazD
zz0HB+rxfN6BRl297Rk7zp#<U;v9YAj`wxXK3270bX{z)Z?$|j<rpJv{R4d44>3FDh
zO35Khe&#l1<^7NjKU>el__`nJFGArduHjbL{8=XrV~(a+JB7v`*F>aut@NuA(<X%{
zo3y|kOm@=2YY0FU5(@qbjY1}pQ_~QmF8XAifb^nhl@*<OykG@`TmgI`wXyC|95;t_
zzGOi8vxLj}I+B*1Uvz|J=K}ld;IFhNeUQh}NmeX`P>kqbn`G!T$?pc-$U+1ZjV4{}
z-+8p|^Er23HUf{fZvhg~^PQfK)h(9gdI&gA3ckRp6XTtYv_f<A;ID~r08>&YGckfa
zR2#Ls&pg5NG#Wn=Z^o*4?9LGm3h2@81QcdQZvk-cd|l?&?cte~6i=;{vpK6!OB_~}
zSS?azIQ&bEzmsxxDkFv_2yJl5y5xxX@4x55RhpXe^3sM^<W?MYuJc8!a0C~p(=PMf
zv@7^#_~eJR%0Af-gu4!Y^>{RaTG4~ithSLX>Co}8N(;A`Rtv$RL?HfY*FmcrTIm&l
zHNc6)FeA!-ZL)v~g3D2>n`g+vfNC&2(PN&>{*y*bKCkgnpIl`Tl|r10MB+OV$x955
zX%C(TG6)lBAOPH2WEB-JbUr9eN<cr@{I;@)$l}A>TUiM%I^6Q0pcBc@otu~9A3pbc
zoLTR6+Me!<-V%f|ZX=c}t0EHJQH&_z%qo3$WhaTpxpz-+w;?8Mqno61yPL&w7pHNX
z(M2kxXZsTF)y{3db$dD|Kg{!j@P{RL{tG-Ng&hkcBhGsr0ePNtOQ@Q2Wk*>>i+i_%
zro}R{dc&}?#e6;SpZB%@DV6#Dr}>}aAEpYLz0B&;QzLJ%SHB}}k|1ur$I{L3AB4E$
z`#2H}99-*rmhSeo<0}_ez=nsfH78eVR*vn=&u(_sDkniVSFTqftkvuhZr*G6@HoBo
z-Q(?gBlY>_VRhY#xV)yNpF1#wJO#u6XI^tfwmE|fDauR6REuhC1*)Mrkh=qAh;K&g
zeRSokzS+<E67QdIzG<oY)5z+3ZG%sf@1M%;?)+DP_GiS(hJ+PGr*$k(Gf#(q=vw2c
zH2(@3=Iyd(2ZzC74<v<dNkQR{hXU;_cn5XL=*jT>eNfP2F2y3>x7lE<jz;ttI89mX
z>>F{`<44V#!IH^#sqHh8b1yzjwY!3nk9;WoL0`<lS`sD$8jb7{&>rPs`*6NR5rh`B
zEL^=(f+H(hF_ef5m~<B>ps9$tcZ*qs@R=#5Hce?Jl8dccZXV3ByF^hXU->46hg5y&
zTi-Q-!Volh9?&pZqezU4h!-?1Rf-bJ#P1q)o`zj3Z1VEDK8udPRdutD_;ydmF`RL=
zEDY{s^1u$12>+)I1yG_sFGJGBOv3P^Htr;K9+`J~;@jhqU)u-EIlLEvbiV`VifJ)(
z0Yj&FH$T^fI6`ewpjp~mY3;O#9=a2Ht2hmLC@f9zKnYI7d~5T*HOfBiwMzA0L@w{(
zIaVxFk&b_Vu<4rD8d-tPYw#|E9Yb~uv}<dWjgX;P9%6sW&lLr{U$;F_NKp`}aThxn
zQRY`{6_8HkRg)HcGqroO5mF!JK`m9mAW+URuRPQmqiHpY$sE<7@+{!nyQKa|a|lwm
z#(#a!qz~qz=FKZDzo!>tHWS+1NIdK<NgBXP)xlCh=M9Z9)Ns)&90sAfPePTabk*Ar
zwe&ox9+lni+nSLsQIoA+vksx+pKJWpv6tKzcsHeA(H`lPHQ6D#R9>MsQS`_Fn})Y)
zAiQTuf8=K<Z(XgD`xk|Tdc~anIzUO~ByxwOT3g>z@rz6w7_QPEgU~sl#6)h6+cG5M
zmREh$wsonk=FUcYRZe%M!Sxg2Oj?NJOs->o*<@OCaoL@)zR1Ds9yg|ir&G^r{=jyK
zn!-zJO`A4me&61IBP0&-;zyhw{rgh0y?=$+_KomFO~nrhkWY(hWhJ7y+0dq1{XgN)
zPyGK^`CrZd6JjF&XPwPKZ||C!{70+55(7I>SMArVTdnTOPm#;BJ^K6WS8grVw+=y>
z3{hVz;@Yk#$WtmLj;(uoW?)$5H0MCrIdPd@MhSr7JTAX>H+ru(go8_S_Z8YBixzlP
zgkaZ*Q=qtcL(NV?asobs5}`yE(&=ZN8Lo2N*z~LxUUYTr$cos(ybm*Ha8h;R$clu~
zdC@+v7Fl$4q9{>It1RX};lJwvEwY&3JlV`m5Ic6Bo{l<*FV)6&afZXZy%A9QBg|BP
z&6hDVX4(urRK!Ri%BK-WM`k{dG@@r?=Evm@5^w(=zE3u~UH5Q(_mZKh+0D*_fH_~r
z%zu9OTYUNXrChw<N8WzP?doJ@_r4qWc|PuYipqVPc6>U2u`$md+7H@6a*6&(4nN8E
zpE_8vLWTAVH5qvIsAp7hnpD7TmIbt25YBkb%q!tGDuP<h@;1!=6IFBmckw^rhaF!k
z=gB#HGu+*G(=Ke;=Y1*f_v~QdHC!&<@&{k6E-tq1CtvT-@%ft{C*fww*Xtlxj_vu&
z$86<+lhF*_$J$}26_zvmUI!Pyom=8@wGS5-x19-Oz-_zBn#{_Utq&MF^K&UTP0Eyv
zO0-PjB%`jzG!Ag*K@~WSI{!&8h?!bla(wqY;idvCC9$q47w>-dl#Sjr9kFZO=o3;)
zoaVe<5-9;vsGIK__K)Wd<lFdd=1MficH6n9RsXuCeG6)q3=R7^_%CbDF9Pv!|0V!Q
zeEjKE8FNimFOeE(@9l}<BNR5Ibz#GlJ#L0F_dDUXt6U$lOX2eboo~!#v*>zj>xXq0
zGC5gE_Nb#;{i{=1{>=Q?t6yd-6*c#4FQceZ?3wypiRK-YN<iW>N^PHcblT1w@f;*>
zAp8GTy0qH-ka2<jhH{pEQ;PQtEGj=!P0QLdk;ki&)v4bF&#0bB&Ii}|YT#a9r)I!3
ze?!I&`w}3d>C6RRcx}#i6_QKar1-kntR+HMe=<H_(P%)*o!d!6Y|L2DlyT=8J+AO`
zO~!u8&ME2JMn#H98oo{m(d%N|=csH#vslSCB#pe4Q;VP&i~yLr1Z~f&`}B=GFst`+
zU@4qybbHy!!e~#MM_1NQ-IT0`7Up7ce^)rWDh3Q~;cT6BRxt=y<PxjxmGS);<h5xP
zO4Bpw075OtsvZSM^SHvMxcz}zXP0nBGaB&qe?y|kQL3qrtfulU)bgU-klxKqsJu3H
z);-){wH^_H-Z7bnY;3^D{5*ZRc$1kp*u)(aPTUn<Z?$|;-YqQu>c3B<_f@unrnok3
z?o`L0IBK^{N25TT89t9*J^sy)^b3t6nd%|v7hLu^p#CL(;P(@Jj!UL-APi&wQ5wAw
zjP3$KS`WGv9rQVFUJWv5A#p%1v6#|KajX)3P`TJl^O7qNTf*bKJQ_0*dEqUM1OgrY
ztfZ>65@sQs(Hnmgv2t0MYgOxm=H-e1-`wiwl}LQ)G@*Q4KlhdSHbGWV1-@#<=sIO!
z$`A-0tLip$e2Wk*D|nc`p``nyy+?1#zhU&vDY8`BHm}DWVZ6eE&}2`PL7M{StPUp0
z;fw_JziwdpOrDn35+{XTzRr+MIJ%XD=n1bqeBarjn*p}Up7twoytX&OcdBLj|I~!S
zEwnCtjW46?Xe^bJ<!9}YYc8-K(__ji{g@?c_x^9oot!^VDDymQI92b7zGYrHu*jaK
zKs#uIfI7u#@lHgAV7#oQusS|`!4Yd#7#u{)<ft`MA140%>6mBvwef^ofJKgt_;Vow
z0~kjpVM^~X+}!BG(K+u5whd9oLITP<xG=hIs(p_k%x14te4jf2M13}+vz9usBE5DT
zvO9aqIA?Hl8LF61om5Gjvh$9znx^t*TwsN8pE|$kQ2sPuMbK<9K^>Q4Ut6{#>C1xE
ztI`OO?~IjkP|2m;s<Cw0PB;XXfZ-tiu%a!(ls;2byb5m9=X_~-H~RdKI?V}1uU3zo
zPuuqZCAUPh)4wx~y793NYPZNRCyszw&7PYaK<*o$3rU9r=g_lzeG18hU*Hyz<t!=?
zUONA@m$aA#fA!DNorx}|6Yi_Q|Bkaw*mGAHrZ(iBuicG6<KSdbqRflqf`LTQ1Qg*m
zA!#R~)*+}O2=aC|mR*KE<*Di8HrQ)m{&x6N%TJ@nW!*ebMLt3A`wx*iPO=^jy{#2M
zb(Y%$AW*4bTg<=~6{OVBp#%T+Qe}oD)`QbO&{z9fC+A|y_aF@`H|=4FT-7Ij=rv1x
zbTTukWFTSSb(78YW&H5csLS^fV-Ir`GJS7rAT1SbMo;mwgA<W_acf<7eVX$qeXB9z
zGf#T4TLDa2l;W?*^vLBYAnHquKRDXqoJx00PN92%6Sh<W^x}l)i+?P#dW=RrF-LTF
zN%*mO{RC?8Z=S+6#*S|e&@hpKEK;S`$hqP_>Y%ruaFe!{)~wf#ZGxQdwK8d|gP_Lh
zk_nAQ58q$DjBhBhzI^DP$9%b-e&6nOZq6^KyMA~oy__$H%^pv^xIyN9;>%L3`~#yS
zt|Eu#p$9$hJ(z+(jqdP8U#<DAXTwSgNK2;PD;y?Xlw$7~u$lv780Wa4i$6{~9KrKx
zC%Cv9Q)qePG%kNOEI8{Y8YmBz0=9x9(suisZNzc}PC`{@x_dc83WF!p03czZj@V9j
z66t1zLFikXsQ4;Al|gr}V9Iqvm9Cb~_4CFgrZl9LY<_qF&>#G)Ej+N6L@)cN@|R?X
z)UdL#8%xb>GL}lE{?6r3_ZWDy0uYxnrJN9Z2$1y*)0VGJMjgwP2-{)izmE@Tj$1{Z
zz@QyDAbBJoeOEY!%mhl}YH>bFmd6pP2*wvExD;pX6yozqV$hNhVI$_i;r`*rmRe~F
zAm0wNFQku6YspDTK#I0vk~&FW>I0!rlL)#GYQd(w(dIL?!Tqpf->Q(au`c&tysC{L
znm}UCacB~LY;~aKp~^L_Zb$o%O?YGHipCgoD#hy4pd?K4FX=5aV)2Ng@8oj*&);7d
z-cFn8artt2lPwwWYbGI?DXU{w;LZPwA1k4@F}a0MQ7hw20=06g!4v;qzB)0plC9s5
z5{RfHWhcm>7%_GRSPfZZB2|9mURTE(o$&v#W2L);vZhYLjGWPNa7Dnq&SsD2C+8hO
zdkW_FbAYbtIX`GQ7uG+=|7EJ9)Yd0S#SfSw_yRM`K1kG6L<B!x*t<f{{nohrK^Bn#
z0w@P1V-cYk?1C02x@`Kg=ja^WGOq_;IJi3Be=?ilJr_cNcv1s_Axu^0;FY$Njh*mA
z1fPzX3q}Z5+UE+nL2mRIx_|X`<=Ra>405(TdG{ebo^$d_cPpdYpdFd?zJj};Lvk*!
ze$bRFnH2hPh`A8DF}KDIfbcHW3JS@oLpLj!BZ#wPktEH|+~fHpz0fV1Oz%o<DnuPx
zdOf1DZPr?cjvfywAB=UIkyn9!OFeF`mHo%Dky-~MvXxA~?7qa_+(nc{qzH0x{z_2x
zhEDNMxa@Bfox+-P;rD`<z=Ib~g}p9r=_kb9BUmbhcXdb%xHLL%w$**;GkS7%1-~B~
zN!`Z`*{-MJ_Jid}0scn}-VZs{q7EuPmHGA6DK3_r>z2lv@j(|!B`lnVQgfstsjupM
zZep-yU&@|yflHcrP?nZVq$PDD#yku83#(>_+-^d5`F*6rzc}Mg84uflLOktr2%Oe@
zv~V4$vo#&X<3*2i6ZX@LNvi&0ExL~ua-kPvBX4aJo1YL@Qm}~t@CV$JTS!HI7oCZr
zT?{>c&(&r;o$+CBa+bi#v>VP{Sz^`w@0U9DbpocI1QS9$=o}x-=BBY0iNTNa_qzfv
zEimpELTqJD&34c(#|tFX8>eNh-cFzk1y)^EcG#&nvPwDvw$vQY+|j2;czAFA<*5_x
zX6pU-v8A)H$9oSoA4w{k!E}Usc&U%hdH^L2gzUE=G|?xW<-l{uiqeU&v#WCEx9#j~
ztFmVLp07zx#v&LN4`<IXd#4u*_B>F^37&lrzRnYz@A9tuSfSuIfcffQmU;y468m~A
zrmY`eE}Ct+ItyEv&0P@9cbOT~TD85gRzOpiQPwTa(pj*>f4S;p{>xQ|AZH+d-Dlcm
zTF?ev=wG%vSM#QJfjFUm;XN;IZzj)le#|IxZr#Y(P&I`Un@v*LqvqUa@O_8N=(!&j
zSnM7m$U2^&BkL!}NU3=Ql>D@+t_@%tvLJ?~Ma->}>!v6gkO(DuilR=c=RBp)Z!Bya
zeQkyl^=veTDMh%SU;+2G{Ee<}x;tpOI=dBt17Tsz>%3ZVy%-vpbPGPL2kh(sWVfN`
zN96O;N-2KZR8fG)pQI>ZF>!o=!X>x{W`;tFxM|G7s%!Liyn)*<?N8ZcH!piY1R+z*
z9PBg7iOX*M?C7XG6_0;!Pvwj_|45$4YX_JPI=2$zV&^@lg>H405q@o0wy3XO(CE~Z
zR<f{um<9Yi`E(Suve5sFX$vmY#v)jN@mNR?xSnMJo=FkUJVNoO0;gkydS9xxK9DAi
zZcznPe7AdYYQ9FfHP^S32`Hb>*+>*@kKcpu1Y#Aka_A9Yf)i6z>GJ)2K553J__NeG
z#422@650TWhv)TCV>=RLhuH7Ci6%eJ`*#4qLh`s+-_er|5T4Mg00Rnt4S&v!c8WYX
zV|>QF?)#49JL%l80uuk;QBw;ATdSP@=ZW+3YUlK|dESw=zwj%^-*G5LI2-5X{mQRY
zLxBA-h;$dk#i}dXAHMBtp1JETd@_SG#5^vo<p?MY?-eCXDVIM+HE6%`dnZfEc_q_g
z^p<QKrv6w*pm7Jwd^?P#GVt0av8r_qNMibOw}w`FbN?Vx{`E%(v1tPnZw@i*lr^LH
zB-5TYXL7Npz021x_S}f9<-cax^(dNyFyO!#VnC>6QYkfO!stWAt46DuVpjMTJk8s;
zxOXiR0FiP0(X0C2##yCUG@p_#+*HXT^a+ShRa}jaqj}Pke%_%wAD4<OB{LcaOjVW;
zyST(_)|4wSfp5^^%)rG-dDx}d(ac&%C*Jl(-YhjVVOLG-<i&0X@VEGC5DpI|;dT;b
z;A=z7*N_^cs)Z#jM*p_encXCblGi@uFksY4mL-fLBc%-%9Qb{!UAiYER~;rZ<uo9|
zT<WMGO<<N|(eMo;n)W~3TCB785#QSE)vZ3Jz+xb;lt1m!U(0IJV(1=u&|zrxti0`Y
z@il53x%1B9Rwow6{BP<nH8JNlPg5ewv)k~P9$D)0VjD_8S+v-ME)7cJvCJHT8DO|1
zEsjXw8kN&clP(D9-ApUpdvy_N+uA+HhMU`Sk-hZ&$p4SM4j#z}(9HN7D?9^Fj}=Bi
z#<GF8qe7^jS&0N5i$@RF9|GrxzdWBpS$UnYE@Gpy&nG|rI=qM7h=#XF8r|pI=F3vP
zcZH{Ohe9+%f@bT-5K_MnLSPZfOP=P|&vZyF4TE@`f901#inWXl8s8BSqj<K2)t&Jp
zy`xM)=M;NO6dMBPZVUmaT0U#Fghf3ph>>A#LK=cNPH(JM7d96grYtW-;uKoTr$KxF
z%9`@}u~>gQFpKw&x-;CQPWbQ9?X#h_C2jnZH_x(09{zjWfc?AwNws4dzhxS4J^b+B
zJ=RF$zm3y`?bC$o9dS0O<NqEd|6Xhi5BbQ%W~#&INHEOOK5LOk+mIYMv*N`i-EWDO
zc0^tnWx*T~h~K{`i1}<=eua*7boVrkWH30DwC4Qs!4>BPSFK-Z>k!b_?LYg#stzN1
zb(l(cozuTqn0FdUx(OrOz=7XsDqhl<xmcNl>eCqYFO{B8P#I|=ul&wa^UG_MS5Dt#
ziY@85ic|PnwROq^7b6O<tNLSH7w#hrDbGF3t&B@f`CwvVmyLV}IfvZuDAkS3zuu=<
z<&qvyZLg5zGn5}AFVsUJ4D8tx`tUPz%+M~*FvB|<uke$%5cG_7AUjyo-a@1`6m*A}
z^Sqw&8*xQc$;sY!oSar|LmUWT5Cj~i_xSo@rpOp6GDW}UyE&>?3);R*5kKOP*;SrR
z-yIh=q%7@rpe%$`9;6c@(B}RRyc>6Ub+*1!6V<rQ)1*aw10J24UT)F*e%Ea2;pyP=
zTp>nM$!D;yd#0jv6U^d`xFS2EA>T;|X;nIh0Jb-|N`L@YKsC>QGJfOa)=26~m;uA%
z{I~u4Agc-NL+3sZ+wv2A%0m*@UkF`MY=PY(i>?$Q1HdL4v0LDzw9#=(Y$x*RK>*4Q
zWwAtp2FQG`v6)%RfB-okEre5FR0?}d^LJT*3~Vpdg{3}PmO?cccJX2#Z9go^A(11M
zXffxRRc_%;mFcq5pifNbiShC-93N5!hK;yt(_WN$|N0ydQ$CMlo!{B1iO>Z<>BqYH
z?7-iN)@BdM^#!RtHKoWM_pi}8C_+vBKVfEk@EZLP@i~j!f^Ds!=N9$V@D0`QckO3E
z>T>N$_7OOGu=shEnrca!hLj-V*>_<x7sN9H8}54x((D`Kzc*A9@WZ(h^HN$MJ*uAG
zmLt)`V#NMn7;NDG$r8pD+i$N<TiEr~Vleq<6o0L&O8?(s!PB}KLGg{}b-lAS5`7tY
zWakH!^jy=>)hf<&VQlJswbkBmNX*@0om{r&LOPxf>l#Gdk`cWVZ95TlaP13i1!(?&
zRYc5}a8;f$Cc|8Jqp7YQyW26$4u_!>8bu*Al0;w>G0S8uZ9!}?mS&jylikDoR}1;u
z_kYcjd~W;6HhyMI#4(tRr3v=*MNxd=8g$W#4dc8UA>R2apSX)5rmmZdB+j#JK1j>Z
zRX;|=7ol7_dgC_q!>sFvTGLO@#=)A7fiW2eVf?2g#G1AlGx|@t(MTXx5K@Mz2Xx~g
zgyQ<GSiLg3I(jPYtc!DJa`Z{alW6lmn5V=@T#u=!7Gq)c#7taI$uIPQW#->G%&8S_
zQ;)Tro>Eu2X>B~lwBwqxGEr37_(~@XkmHyTvO@y7oJG+$MmV~O@@v$`$2oApBA9ut
zh4<_JAVgP*7#^Q56Sv-MAxQ(G%*$Arm*|72CYz%NzujS0$r)q$tiM8B=mD&bNRACQ
zE-tR`^8>}l^UY1&-EL`^+?V6W^!#F}9|tGr+tba>rX5^tF1FwMCEMXm&O4kOEmMZC
zllyr~MfSTSZnNEMR@APcVgWwvU-k26Q9M3gdqsN0410i+KpDHcnyOe_`~!B-xK*iX
zyP2diFz$nZOaL$@g=N$v?0fed#mo|8>jcU!JOd_p%)3hDb#hT?)Y#g4j35BS6d;|@
zv&a3H6Z0w%cDCd&Tl}#CO|2AgRX=w6_X7-y#L6eBd$e<+x_NF7(J8&`zd0L@a+?#=
z>Y}mIjJ1V+C=%WJga`N&LZY}WmuCzy{X&eSy@_d~1d&X4N!}kXea2G&*Ta_JnMXvl
zvT%t8!RyH8vhOqNj(4_iJTskCbQBi%CimC1ZK6V~qY6HM_XJvzEsn5Fh{(f5<;M?1
zaOa!$ja(8y1+yz}Yy^SnHL9oETYOqtHR1V5cM!PU9}TXIT?e0y$cy}jX&g_x${`t&
zMfJL}er;F8FX%Wd+Rz&GtD|}7B=wQfSzf<me&yVW>*Okl7C+|KJln<$({3xS9X`YM
zE@8SfuI4+Kk6ySWr_U2!HHqtjf8{izh|1EE3YByaC~e1;+a621{LNm?wJO)%VH48P
zqa@Lj@j5QPJr_@3a;RPwb86JgtMZ_hWIY9ril5u&U_$+k-l0`mj>Ma1G?jf{5vG3(
zQrV`{Hfp$O&cd1lRhvR5V$^8bMoM-J(Q1aW@8qNljY!}e19k{p$%R$_tPND!F|QDs
zo-hsxZngo`EzDpytRje7A61^aZ~Z%MdZK{R_tr52(gqoaB)c_Zh1skFw+KxT69yL=
z>;Q8@6Qv4=$h>j<5oUkMG@HpFa~M5DgyykD3nfH`daOwi>VqY@@VWwG@`l+0x3JOL
zWFuoK)u$!k$~tf}9f-#{*QAfteDjq3%whS2P=hmTI0nHL&v1KFxw%_&Yz<<?=CjP=
zHQzZ}QfqcbxCKtx3~%Fc<m8x{<6LL8M7vsUge#*&c8zl^&x14^hMfOOAHNh4(g?8u
zHECwWXKwww1+K+{I{RQyioOnWG-ba$98A887&|<D2F6qBv`@kC3EQhBuUH6+3i=na
zK{C~9P1HE+F_@K6DRg~rlFZ~p6{ZeYNOV=oWUHO<&F`|Q8bwSg{67(`TF{hR!luLr
zRHgu(QCWtSiqM)8<AkQ382VYEV=3XF<2uip=Mt%-1X6|3Gblw?EbhMU1q8vNoX<5z
z4oKIT;UGloz#1)rEXEtlkXC>kun)Uu($)u<q`Dg8XGAIowp${Q3yKRNyJb0XCOriV
z=CJrv{C?8z*n+64_Dxgdu|+|VdQl$ZjZ$Pcm(oS6Qan4C-Qm5Om@596@<3)c@xdWS
zaTP^c$4^cw#+lIi6UdMKiV%=W<ttI4n9f2)?7<C^F|-Rw)Q%Yo>_*hVT3#;951<#W
zM1<=Z#oU|j(c{W!w2s(wX?4#ML%=x}do%6hwNyX8-vq=61e;`v>dvD6^^NqTfYFe8
z)#_swBL%Qm80i>W=#w?>Dd*Tw4&vr<<tB6saih?{(8i~O0-WC#o+@oXn0R`J6Mo-4
zR1z}Zbu3vRHbJ3V19_PlEKTrL!c*fa8I3+bhZl*thWbEUi^(qfhbgJgqya0?HHS6&
zEPUED-V7`D!Uz0Sa9i&@(QL-ny|}=ZK}KXDA=FGP4xErm4l+?MEKIUTh?``M+BAp$
zM+-6?I@k`ff+rrh@jT<`7*y;1Cx;OQv52hW?s-DuYWROVhJf`Oy_3V43mq!kd(476
ztIi5T7fb8aCHyqMBv}016th=Ua$0XM990{xrHZBO={XOht1(VO%}atr`58h8oR}50
z4N&V<K#k&6gt3DY6q2!+bs};;tWsu>gO(y_)16>sl`hzRMTU5m_Y4b((A0S+?{VBp
zT`-FIz;VU&_4PjvRbd!dRMeQJK}<4q$8o?)|8k^%N=4e8e)Sqol~RB*oL1y6c-GfA
zr~V^+h@nH@jBCbmq-es-44w=3mSi{#045QAz#S{pVdwz1yi+8olN$Z*>H&h6{~!}#
zG%lf_euJ@10qg`OuIC_2^g}7P!Q5Y<J!9|)$i!(+PFLm8WD{-MXXs$l&jHBJ!m}rD
zLTZJKlUA?Ole~a)3u+6;Sn(uGRgIjcMj94a`rx`BWEwAMceR93v^6ytE_T_3HsHt_
z!s0ow9PdD)4aAp|NGlCdE7PrU1(+PPd4;#EAU92&tfK5_=xV+TAK4GkZ97@jx;iB)
zPZ3WrgMB^ZbeA80+iTB%r1+qCZk!789}SR5SKXLEC6K8eAT}|FM}NAh3;QPaLcb`K
z@lq2z7kC@Og{4_D5JHWdnvxQtYm>p;aAvRuhc;hKX$#e9joHrbjHpTJ>U37o93#c!
zg=;ydn|Af#UaJA$eAMs6wO$Rn^sLiah4?4xsDA5r<@ujpvRR!D+p}w(&LGoTP35e9
z=Z?)9*uU1*aR0Lm-nF*>ishgAbzxyVKcDIbLRy|#1D=*3_x!T&XHMHga}(yvdCM1*
zgU!d`tJ(j}{&v-Q4fYW$ck5010bdBW2Kf?Hybe(<4)EA-H0&h`h%>EJ?<tDw^TI!p
znx^HdUG|sHm;2?WADGZ6M=ZYJo&X~;7EcTxcPR2lT@*bFd^6?)5Sxc2z8^~1m}F{Q
z?;*NVzpfZ=<?a>amnj6CjVdb;M?O>Q&pUfSZ#X-4`sdoOwYE9$ILE0C7w@uxmYIY|
z=e$s|+ML}|FVglEL^}qq2`lO}11DCh<>=z5I!H1Q{NZivburIqi^(@~#t4Q^s*mO^
zjC2UKan(UHGfxxYyEk~Lp#gTAK{%4-6WV41DA{@*_y9a_bj1OZDN4H5gsH4|uj~sb
zht_lJPess%1;x2ut=iV917H`#N<1fvCWdK*Ot#`$(R)d)z~Zyq{_XLTjpNE(gzH04
zwi&d(5E$-!&(mcZ>aD}bunhIIOf~Z}juWk|VTx{swd38f-^Hh&Q8U%o*K^q0L0GIG
z&gxOO_U)&^W}2_19-0O_m?g0@%f-`N^D+!>K#<tp9%5Uun122CTQ{J^g)RT!bIUUn
zb#d$EJrKLat2EbZz$HJTS)$QEO$Es?4Ow3PNHx@R?j=;aCZon=y6#C%6VQSSSkY~X
z>Q3M5VpWt&jcRa<TtGS5m}AE8rNaWLVBzG%GykV<Lu~4rM5Z|hpIM?Qk6Wa*wMV{Y
zD5Pk4*S0MdxUVQOG$efr?M}f06kG~G7;To-<eaJ(!}Rrpg8t08+4et&+e=#|7wth=
zeG-<G$VPP~W}`fbQ>@00C8D;rV0$vyHc=SA{1}7st1nqimeZsisF%Z0ID(d1>1`<z
zJ%Sg1?jIRj5HM?v!~>W4ta^z3F=06vSk{0XOE<KY^o7lBe>)^eCPp>R84YMAaFRd;
zS|ce7RciTlE;x(U_#B~9khhZpQMrm=Il58HWcm=_SvYvfvWbl!CPyw;EYn!lxM8dR
z^a!Izvkr#bWNM`e-M(IAfm?5A#o^mQhL#ve7e*Lo<T9AwSKjyJ^|J;0^Y8*7w;q&B
zEaf-mF$SlP^a)LId~4V>rK+%L{)q3Ms#BgPiVcN56k0P{jN+>m{H23%(p-T{fsIwM
zPZ{EBPq{A6Xw%$=l;@qK*@BPE!f_-><uF>>7X3JfDRJWUoU7%w_al_O2GktwX+gd5
zSGgu?;(=9Tc}*D{cQs<?;)L?X=?9CONBeQIw+}4Q2f69WgtSR>TF}DCB|82xHV&UE
zs+>Ln(wW@vLBHd`?%r6Uc&6IrOVH$<Jz)X1d+`scBE5Z_!qK_qg}nAQTwLfF0FZa$
z6$sF+WV7yRfw_anbh1t)mh?;~>rAN)ZktK0R9!8!^xn<<*&(<9Qt>Jy8HPmrBvB9&
z)JWu%S@_*LN?xc1*UtTplP*0z3@mXTUOEhLD2?}jB2FfviR%61@YT~h1dqnYf_k=|
zYy+ded3nA6zV(ZQ=+6EZ+uzPA^8sfLuMh?fA4Syps<_8V3ztJt%8^<p5wv9cB-Iuj
z1#U3F44GOFMiYSvMvs^dpIim&Pj|fSZ(`E00DeSuQ_|O9LxeZz0zQRO;;t1O=GsUW
zwrPG;)Zk%8IgF!rxINlrsg%GU>$27<^IZ9?C`2{jqELr&)pqR$a>6xO9OlG2_9e*X
zVHs>lOwDHrGAGFp-J7VUES8Nlc}#s>`Ic9JYbno|-JA$+TM2j-2c+g=o3i9-JW7^v
z(X`A+=i<w=N|5m3U(*Xsu0}@=Pls)VWS8aq^>>j;KYx1HHTn*VsUY7bU4iwYFe3w4
z;HevPFzejHl1jKX@<<`~`$dpC8a(HLLX@IY(eNCpCxMhTFn?`@Jz*pJ$gkY?g*>hH
zV7N>BSt=_sHo)?qG(6ZyOogKI4%+JPqQpMfOyzd3bcFY9r3Gmf-hcS?9q(c`;^*=~
z$CmX)QK0g8cs5>|@3+kG`l}KO7A4h5+R>DQ4y9e%UjEs?QU3bi>hE@%Oy4b|#3Ae+
zF?{D{rE{UMLGe?4A)nzE?u-rfXcozKh>+zNN%ycR1eio7B0*M^^%=)Vdg?7gbj<~~
z&$O2(j`N93@oQ`SRTxPOPX>y{SDc7usVI@%S#51pHnqQ$&`2p|5S7t?`cpmd&93u!
zWJ84~#`C&vzLll~Eh;406JEK|TwS)TartJ>JbpbDb!C6D$?3{{zbdm55~z8J@p$9@
zQN*!t_}ZhzAegsSnF*kin!oZQoH1zLZ<s<k-j-Ej?WH>}ds_338?1|*ma8<rBmHjL
ztl2|x<^k68h3;;0tPC4$m}9AwUxp*V@<f|Im~5QLJl~8B9YKF?C<l)#Q-Qa}oqde7
z3@gGY2@+xKq~pI0WW4!e>@+6J$aUb2I0!j?T#Syo&9lss$f`jZL&TKxw~b1<8jm;1
zL7vYy*ywXG>~^wOvipkHmwJXAeUD9v+&Oy|ADS-Fl;$cZmKd6`$CNZwL@p)2k^RJd
zi@ubQ<dr(MG3&xagtlq){fSh|Zt3s#n{C$IUIy)+C*=TlA6^6<d=n~i2gzMjm4di{
zzzGHiCLRw4-c{u{Zfq}3HS697BQKELT;c7!-iX|d`rMDH%TRuE8Wl^dp)63w9HP!`
zJkwaApR%a?10K5|HQaKR6xb1gHoWDpVuzIJz~U=HV`FN|Q3I^c19R_()!Y3OzC9_+
zSstX+)OqKAeWx~}-+1c+D@u7}UeYB|h?o+q3nYY?bR&d1*u<-mK~deaReak5Iyz^q
zkvm1uexx^~I&BuVyG78L_q*~kd>mHW_ujshG<MbZKEWG-p<@wh{5DM2!eWgv1p_Ww
z4WVh$Vp1A`RdB;^T6{#6r3cUPnzWCv&U1ukt0{0DE>Ldb&#=CiJVU)TDRiaR-nX8F
z&E^58z0jg6>esSk5k1G1-o-uaHCllm(Q4UZ+YvpvePPu^3q@s7BHk3jPpZPN6>iM3
zld_Kz{k{9x$P5x8noDm_^&^sQ%`*ft!NY(u#&E6)q^n<0C?&UX)gFzYg|n^!dafjo
z)bSo*!<|Wgx}iK#!B0uYH=3_ZLUJjpR|+6~LyTa-tJ)0KJYB4<-J*0mTLu)zL_QK;
zLt1+5d+9g7{=O~|vxit04k%yD!RNs9^I)cze?rkzkfqk{e<@;ux!8;h0xyGdmRr2)
zD_d(WA3&9p6P2~bJ?4m><bncF$rpB%fdVeF-e}s7%mfr`Gjm`t!yFz?4>#332DEOZ
zTy3oi($<b1Hjm92V#wRHl`4P`vsjCIV~fnW$#K0e)j$yn-|c>|PA7dI6}XpOkKz7Y
z>iJPG6RNc{cBnl)8x;?VjYP3A3B9g7!W=I(?4zthNa9E0WiMx7)#Q10t+^QU9@Q5y
z8WGP&<hSh+-e5v`H_SM$bw8k1a3td(4_!{xyVO5?{P7w<EV37;0h|F#uE=|!xJGN=
zL5Rw}y=HVUoJO5+;4?5h&ugGTj~lCHcB{HSVtKli4O?elcL83q06NXS<Rab#5KbXD
zL>M0y0&9!KK|XGV2v3UU)36yrt0q`VA)7T2ggToQVmR30$k>ja2yK-^btr@L3p^o-
zv$arsOWftuVOxqlcqaa!em(?eil_s%{PS&G-RKzoX@~TI4bQ3^#nZFCQ@Y=V1Tike
z9_8oOkJCi{mIOXeSK-(ThuQ?O+^u~A7Z}E{WA4^TtX%Dl6Fz;<XxVDVkyIL!hvzP_
zffKAW-qSz#6R54ZFRtZ(c8nute3ohDn#7TC8iJ*TU1b-oQo1D=;fWh8n!7N49f(*6
z<w-AIm9du=+DwnY5TU6(e~(2FZf0PrK75KyY|?*F))T5X9nRY{5kY<!THo0Z-H<Qz
zq(E->5rQc0qJrg^@-^z%04dVyHAI6K96P@i(ykeU#yMKVU^Cw>>vZe_Y5E_aLX;_y
z0vXUDuS6Siek!Pt;$35@>EA<bfMnP4dXC{{+0Wb_q<D8l`-h7P(A^Ax#af_)e9X@W
zSrV0C1dd~?<b|XroTt?A(Pd|9(N3x69@C8-v>z{BJ-B``y>hyF4(z1nHpZqp<;LFo
zc(QwWd_8%w`N8d)!q1w@^&a`w9`WWL$;KYx`W@-o9ogRTwh|eQ7-E7)?@`pShZIvQ
z#wxGgpKa>_6HJoG+-{UUxekfW35%vM!`hi|)RAXQe-Sx_vU~+P2gCN#gjg#rFvH2=
zf*U3mNlT(qjyS7A8&txM%E9KUx0*g{!Z^aPqg6QlVath%fFF;VCh(^l>?HQQsOy6?
zaN@yQ-e;QhNQ!p1K6GSPu3Sd7LG`mZ=D<brB#QRio@le9Xul1$wM5<l9f-Cf^Omo*
z^y1eiW1ItrX(R6u;m3F0B?3a2#7L?cK(=-ZWq}SAY3|e<bY^pI6e;8$(L!;vSNS=G
z5nE_#S87A|J%hcl#1`btAa;Xl_0Y9N;BA7)<AX}ixBmFU14buD`!r5W`^9=as~a>K
z_Ii5p_@IkCnK3c4dxe^RCu?8DqOAov+hIc%4>;lJ-!Nk4-+-G}1x|kcPg=tRoa6%i
zP@Q}L26Jw6YZvLi2Ke&C8(=rPJy?cw+Y%V`2p(E_wblqM`&cIz=A-#C3M`mcTFIN#
zeB+qh>6WkDQM~IrvcN3I$RgJ5%wZxiLGLQ&1Wg73LAbPMPn#ZZ00@4<6JJo{Gy(-=
zPmo;!jS#+rop*w+#{{!FJ%?V^Um>Y7h~8haQmLcndS_cf_w$%(tUtxyTeUuV^ToLj
zzqn<<YJG@KkubkOIeB2U5+bh^h|5fhd{VUAdWSNBxbVSb-8$cpXrrll`TRSC+b4*H
ziQOm2$ESW$o$wo8KOb2A1OS!OKLqZda1|VtQ{VcnDkiiaot||w2hga|9V}{^rtHTa
z20Uu|Cw+iH&jcPh@~`L6w{~?i>0865XYED)X&pKEdo;}g+_U#_!_mhAPaOc<zbyB0
z=U6#K<I(pQy;2F~*MBYnIBm!<7CqxDLm!2-q&#MYQkOKA5xCZ^#D>x35xW<KY5&=c
zn8T~Bp^dOrC&~^V7d<QwD&qJ3J#JjHqnQjtBh0U3)&>s>#Jo>%Bh^m0iK^_bdMbYJ
zvF<YA8r?UR&>UG;Q?gGuOFNGk^+}$f=DqA3LN`4YKdP<Gam0=O9hqAbHHbkZ6(1+w
z9L!bEX}b~^YzFEdQ8I%gSD0~3p<c1UC+1g@RHLDs6H$01ant7|a1&`(1P@>05%p#p
zW64`H#A3D4SWH2$DLtD`zO|_QmpE0_)?BxB=H(!UTzjjn$!60>f53oIKry8_t6D=S
z8=v~5GnrF|B3@cjxtg+I%5}*mc3QScg_3ZIh7bjjNMNE*P>ASs34-OaGY0w4+*|!S
zumlwO3l$b)m(h8eI$qEAp{;j5G=L=(3|k!_GvVy8HU>G0IGQaQ3Eaotx_(c?pWn73
z+ec~0otN2FSqz=1xnYH+^yIq&*0p)Ek3=R|+yg5kxrs;WLi?MDD}jqbk!sYSvALiL
zi%Y}agH2W;Jzt{(%-|Q>5%zd+P`xx-jGe^be!)3o^&lv#-14$rkCM+WR!}xlQI{OC
z(P6fDt;2e<6_p^?xs-#Qn^Y~PBmLdiX0&*%SjB$4rQOiM{Nac7TU%Gu6o5Aenbj(&
zoBto&yf$$1E5L}(*a<!|>LY;R?Zt9BIASONKRcHAVB}YKvC;Bdh_GuB!x-#4o_k!n
zOT6|i;>(!&R${42&G=P|lEU}wW#I&y;u65&F93wR{^9WWe}Kc?|6=eDfg{`k3VQ<}
z;{6l8gCOD|v^_H6+p}>413mlqUA8dd+rvX_{gd$gSLpVLfzX!e#f5J__%l;27cju9
z)c^~j4IJcZ;-~Ph=?&NZ7eD=<aFF-&;Ck_A3jdyKPAzUgr~4vopU#$#{B_^J>QX2Y
zKnIOSI2Oh4yCl)K+?bV!f6x||6;69>J>M7lz`oo0(b!#>*k>dDF^d5)Q<~_L=%#>+
zJO3T=?j0n8g8xEVzW!gN<zu&yEG#T+*VpOc;Z!dsCZ<Ql4-Xgb2WGkb!C82@Y;&|t
znLm$iR%}$bo|CyPH*YvF3U%DDi}K(2`Wmo&e((!{XHw?<3!f3gH7Bqv51$8s=SvG(
zrg}#FCNt|9#F)PUktI<GM}I*{M!9oJl}#<+AZEZQ@#61BwaIM}M}htdOjAW5xi{(G
zzHsI;^p)yUAee~j;>E<qjL6|41k!)J8Cm}ua`{&Nfm|~Gfm~Ssfm|?2q}~oO82nsP
zyeubqY^d0bFnAadZp6MR^Y#o-=ZWQTTWl<{BldnypLQjt4&)&f<bJe{@Gzk)?%`@&
zYs`2K{msc^oe1SBm9gQAJ%g*z!2KZz=;N3U>D|^Zw<xQunobbPs4zLqQt_rUrwoCL
zkY6MJATDpkoE$*;vMew3`G9NTt4G-DyaGdHQz3OGN_$P@RMpA4D?EsmGzFz4DVBZb
zL0Qs%=H|=>{qDmD7W?pJOqfYKk8EY1hum02*XOV)JCCd{P{8;#4;rgkhCpJ-MkLbX
zk`=$zit!}8Mj+Y3fCEXlXv2awXpdy+Y3|tl2^+gC`rz~{u^c&I+Ob2m;kb?+<u_~i
za)sJIo;<L>u*c?UR+mhdOq)LZLymGQe)H00S-x7TLbnRuVWrezM);5HwTzs{b9IL7
zxb=nXj@|uWfAwyQ6X{AZ0L<||M{2{ku-3ny)WA>znW8PtZyGN@<362Ym%Q#E?_<Yi
zll_Yv&_8@qzWLXA-d2C{@@Vi{3O#^7+dZo@zy>*%V(@vJ!R3BU;jvg=bH9VHld^^C
zp~hj(=Taj<+)jfvnACnY1R~T<;TQ37LEMfb2!1pKzx>+Gp$Wc7VhDbTzM=8?#$r-l
zg6J8gMj5gi^fIn2L;U1mRE?9hr~Z@NUZ7e*;{|%FMW6%ilxlK%e6ZX@>=QR<)ugjN
z$G^mNg6t})FVNEC=J>iHO1$bnk0a)8h1x3aBbuuqNvKv^cxY<JyF(Mxg_qRHE07DG
z=GD2=1n9i#$>i@0kH77w7<YB)s!XKrhUV19*Jq12z}1hA)z-%Yz~~vb?(1UC;dUfL
z8JjIy2F+9|+V{D4gg{qbiRWc+^&mj^yBICtW`_a7M;?O50Rr4QyZX2nI{Kz@5Am&k
z?iFC(rSO;UX&cuU(R`%L37h)oOK>h$<fxx`*W0;YcehrNVC`BH?X)zNuEDj>9B^&v
z$}8AZPExWgzZ0vabxs1wyDC2K(D}&)*nRoqu@c~099LVfTfqAg*%>_G%>je;+tVZF
z3_f1_bM<=w1~%EEdSbxzmS)qVepQ<PlTj(LDch45ZF5(Z66!)!8I`W-6hq!8*pN6&
zgj5DGb;|76ypbc&qcT=#9$@SK!RTRhVQ@?OeP1S+?Ur`IvwwNuBw@|VZws+qHbGk8
zdea|S;q<_V4dN_kN>c{|826@j14i^x#yLZTp(r*P0h}an2WmowCH|BU7&0qmLBR~h
z^c~o=L26Yw+DSRWe0tj{bgP0OmW}|J9LuD4h^x~$5Mr2P?i@#v6lo|erm=VR7^?<%
zaRA7C`~fV9g|xBgqBM~l#v>?hb^M45sI184Qv;-54mK{PWs~;?BW5&~43`lLte_Qc
zHf1hoe#P(U0`Xuk;G@c!_s;t?SK^9O&FqchOVsQEsEO<aT^G02@<AG|$DEKOOFBB?
zAumAR87$s;5>x4f;x>Xx?g{r_91$9EQxoIp(bLXvgK!v8^|wrk(@jM6#zHsJr=5)U
z`X^t6M~5=poJRj2TkjYhS=+U1$2K~)ZFFqgwr$(C-BHIz$F^<Tb|?AjzMtnE-@C`&
z^`|bbRe#o~b<Ja*=cI8>%t|p*-Nnq`RC`BaQu9L*1u5G4ttrLQa@tvPzLZw1Q_OSF
z(`<59=K3vbZH=IjoW+-$3BJEV&5{AlJX6$`HDY7|r)-O%^<hKD=X>`jA?waZj*NRr
z#52akcOv8D+72$P2{sLacKS3ZcXBYxR`LwsNnD^R`OZx@Cb7ww87qMF+{wkkepHWN
z5(r9pB@)C0#$791ix6`eL;!6Z)X71m7pYB!xZx4evoVXKj67^%HG`<^yM_k&vWWfV
zrMe1sA%#;3iTtNm8wxMvZR1vjzc$%#tA+bHm$rleu@1eZYJECx_&YA%9=OdP@OX{l
z#Pv1b*1ljD7k;YiJpcNwmjW|D9U}T$@Eg?lB|ze!LO6)k7JZocfLSZ3am;jV-DICg
zwOS>zKEq~aH}6a_l@y6;m;?ud!HP-&_b9On)kPgEWBoUu=|jrck?7v#Dh|5VXK&&}
z6Nb+I-&GUK)(wqTJ7<(@%A&5KGirGsI!-kfn`?Z}oI5CnskvdV;<Qbb=sJg8;xZs{
z_|J@-OhSj|%e^dc=b7zb@y@9*;Gl9h({Keg7qcFxtD^ae&uY5WGV=5ov9%;H=^r}D
zqEbtOgG%&5)_ZJZ+9uvk6c&3l_}@?|HZW8J&WF(xWnDx?wrgs|1NKdV>Q{{^)s*qB
zCmiJ4+pfgR)@AGo{@k4$#ed}tOO|bwJK;8TcEDFbd;PR9qUe`WrGcrtnSK&ceU%#%
zHBB^piHnk$pe=)Y3%gEA=0P*lQIR|%P@?P2vyre2P0DNzJy+DxYdG{4UJn_MD5<X4
zz?<kccrK^r_)!M<6RMx^)t8J6z0DkLZyv0B`P)tT(NBF|Prh7?U!Kig9Q6P7+)VG%
zN$=W9^X>He*h=-*N%h`J;nhj`fU<o7+S>kZG=Fph39<&Ys~MtE^<x-0UT-aN*p+K&
z5%3B#=)9WEYmFL7j<$p~G0rSFL(GD~Ylil>w$2y}v3;$u4x|J>P75z_WabABv-kBG
z4LIQ5ecfl-eMR8x293M<x4WDNJmTJahj$AQ9nb!!`Fuv;pRe`VNfBmGhLh4QT9G<q
zQRiZ#gT1*#c$B*SxKzaL?ujA%r;t36Y^~|7QMYEVltDJ^JPw(9atWQLo_toO()C;6
zqZSOcb?9-g(JqL`ny3-__0p7gc0mWDa?wv{3Xe#2kP8t~b&-YL!_TIXYW#{FWSotC
z`^vBj9y}jUJ`)MFcU2nv2TQac87YYFNG8{x7?{SoB=rEi=-(UaO<NIO+NURN?alj@
zc9$o>+RnYpHdu2VBg=z$j0V;St68!|JpX=!wwSrvK-f&#^e*GpvGwSMH-0sT%mh@o
zT}4@9ru@4RFb-)m1+1;S!1X^{?Ck+t{?{Zu2%!IE_U|&lt^Q}n|7tFHOCqjjfwmk6
zRR8?%RRB%T+9tqn`FAuDaMS<HY#3XgOQ(mcxP_6uK<5iLO?SVkEk_DsJf$%F*d+;1
zKMsp#WNu3^MY60+hf0Tt71V78`LU1!%P3Mz7}lROJ0AUlseoiV8a3=P7pu2w=ZlFX
z1{pF3Z0I6@iH9V1hxOmC3O{JS#Y5^dtT?7BMX-zpu3j;*fzor-(Sp<+h*^@zIXRe8
z+Z!Ef>AR5DzBPoBIME0Mh+H4-x<)5*?39G8E)-}Tighpu^gIFUXmgo5L~bUqoK*KZ
z(JoC?*6%8L9=Ub#I`*iiy#)@Q&mUXs&BK9#cN8vF{7}h_$A&dr9hLoQVSA|_WEQWu
zvEp<;MDn{2dgol8w9r;|wAEg;!yRq1qZBfDRfGOsQ8V{vb!TqZFn7Le)*$$9y-_XS
zzh7A;pJS(q)AB%b@euo1FCa<E?&W<gdDJz95kM{;0<*30fm+=MWbqV`BbJSUS}|iO
zBm>67b|C(l^b{}#I4S<S&U5v*|6gCO|1NVf?*O%O;y~BuwsN{F#bIsxLtj)86<T{X
zo&uJke2?U5k8(s6`^b-HO7Zr#0=dcv`&7}N4u~fMSr|Ru9dHahnESGJ?njXOn7G|V
zY)eER5Fx_U89&&e74LZnt0(H?0AAL^cX)kazIl0gXun@hU&rp;|JU0)FVElS?12Lc
z`S_lXFx+kTlcnT|n9?2G?e=P`lkOyOM_@h*W0wU?NXxP>#DvLz6QvX?p=CL}^XoA+
zB7pJq2zUk9U9u)*s$$HSGP%wIL3te%gOCe5x(g07MjleeX{Ug5J*v`=UO%BW6yX@-
zz_+7VKVUVoVrTPNRf}&mn6?!K#2-|u@)E@f_!92Og8s$?+LE&x93G4WBND{$!+5T?
z01rR#M4@#dj%D}&yj3pbJ2A`E=7!1=g2n%nb_E(iSUfx`ZsN<y$A!)BSrGS%6%BW{
zYLg(^+^v<S_qo?Q`+J(y{SR8#lzvsbMGEa%viacOCC%${x|gQv%^1_i(cUV8&&mMp
z@YF@_3II!$@uy&lPi>OQONu8T!1S>Yp<)OjxbTtuU)UKHRk2xquUlml0oXTh#BeY#
zabalZ+fM%?x{Ahlx80{{qJ1_c#-%!*y175=LgOFoEO3X&D%bHp*m*c_@BIZ?li;U+
ze-#hm>4~N;h3p13{UNlgzkbA`o}Abq7MS=xWeqnOx7(oUb3;il4Si!$#(XcRLwh>$
z6fPEI%rOm}+?_|FIIHcu));4?!hJg4)@@){iGXR5QWy|!(}pS3AE(03JvEJKl!Cc;
zy&U`vnyJ*MG6E$CI4aPv6kxl(EoF!d-DcVKfJ!miMz>FyV|aXh%ibW@AAQ0C*i)2|
zSg?xFm8SIVPFB570^9~G?MsqV!CRf(zp-M4v%<W7;PWOuKX~hll>RcCu|?$QuP|BF
z7-eY=_Uz;drOEkIFaTyX_<RWuYysXj97X;v78m7k?gXb`Wgp|`-%>xPOd71ilG$tT
zYM_+n)Z#YPGt{IR?=wXFMPYshF$sU((SHDufl?+dkll##D^7m4&!>6K-_1cGK&;{o
zQIrtTseI7DVcfm62+v__pm7a7oqr)FZvku)X!O2z4MNyj7gT_ZQl0ReG_C=;%+J^a
zu^1KC`$s*Y_az+T)+wd*U&-QmMXg^a$z9eGx{wmt+>;1#=XB(y7%LUyO*r9h6~A1W
zNA`XfH?UWE52v|IiCS%2x83}pAJH~hC`<gLVzKh63Bfi2!6%5Er3|kC#cVMVz;so)
zdm#sb>36VMMAhP*qZ&d;r)kN^AkY}o`Q0N}%To*{P`_BOdo~uukd{eDCE_h0Vb3^9
zz(zXhPjUL0;N~&L0k=egcV;(`H=3Dbjs6=pzpeEAe>nCN??Do62m(~_D^$$ySy%<g
z*?qh=8dbo#DPe?UO|mQ5|51bU!GpZ(&(0u)N#!BMAUCj7?7g>SkWh;(^nN~E$#S54
z7E-89GFqq&Kg`#dVuX7T+I~7|=qtGt(bt&L=nuSexhx?!xg4Rt=6#jwpPy&aW$Fy>
z`VH?VvQ6UT&djLmzs~^V9?S|;-{wTg-h?W_2VH#p6l70uj~)P(BXHNHWv<n`{Yjt5
zn2S~d4*EfUG%S;{<T-C;A^ql?e#u4)_aK1C8*{Y6d)0w<l3+0SaVM9eOtY3s8~*AX
z$~W9ZqkV6+ZJY^_I65FX>FZc8FY8%}&T2456>Xum*=8nW!Ypl>gtlf3mnN$SEwtSP
zWQ=r^I$`{0weE~fzLZu%lYC|_rfur9RjnaD3wP*V<)&A0L}0E=8mpK007JwdMB@Ft
z`TCEiZq*f4Sq@O4{xKDa<oF6}K!+W@W)#ftlQhX|)Tm^(eXHHYTlyutB<UZbU>(5e
zlPP4h%UrVxn}dl3zu?`0@u(P6sJoEHjDGqRug7MXv7(H>7vQ--CZN=zSG3EC;=9wf
zt#8Ui*Pc^;D!C6qO*tplH0hHC&7GrcwPwlnlz7Q^Aj3rG=^5N-+jd0dXLcJw;8{Zq
zWbH-J2wgY7vlv&36tf=9LBxu2#vATwwKSBkVd(Uiz%hmZ*~ieAamf~J0-{`ocbGUQ
zy0^kzLk`1v3%gmW)gr#Z${(Gb+;l;YP_FHDiVy#i;F6eYT}eR<C4uTJ;Ph)h6`aj?
z9c>LG-C0h>Q{&oLaSQdE>%ga<d(>0UscDsprWt%=nngv>(}Pj>2zZijc9(v}Ex|Pr
zA+PN5Z{LTZMK$%Gns;>yu-I%G<j-4=YCLWS0ZfqSW?WQQAJq;~D5ULBmD-D0Vn}O*
zlWbd4hcaJOMiBc|p@oa1vJR18Y|Ws&Y7=*zwe~CJV!EwFn^9{IyX_Z`k7J4ZnWDAq
zEXm0a<Kbm}jDP;Jh7GzkFS=W$6dy+asmSe8W%zN5b0pnCZ>QdiAQV%55NDEs|6;!Y
z8*B3M4-3X8o?YLo;0M*Cz?C=O$VLHkBOeVKqE+QU;QnD?(ZxG+e$%IWhc|;3c?c_&
ze7fd4;}Y4N2Tz3>o)YQ5pAxxoQ?tAnsVj5fw?OgkR><*H&H-{hbmr(7BR_4G{VjL8
zK}__}RpLb&G5sDj6m9bs)1(i|`;Oiyqgz1kIIIMP{&cx{aqdp3ibdFhQA?o|tpF9P
zBQA!YjG7${$o_NO5^C>AT)B|Yn|nbmD{}|yK-;U2h|WpvE^=Sb9Ao~$WY);KcFj1V
z35oyhrgpP+Z>^?uvlR%vPO)PK`o^cpad*cq<7u*MLwLw{@6aCdVqM<p?9`(CeKIw9
zhR{5MeKtM6#@L%rtxmz`XDPkO_fiS*(csSR@*X|8*Y*kJdH66m;!o-8<h}p!#^ST@
z%r9NRePX@<wdr^)pT4{8dvoA7n+UsTd$G*^Qo~Aid?u-`v?8daIimmyk<&lyi}S|(
z9~#%q{18fibBpw1(rnbor;Ty0F&CRKHk6^G(da?+ZOw?7pinXmO0`t7<f?rD^ez}T
zA~xd17=Nl&{Cq)S46kG#SJ^GCjTmGlulBe;yQy#HvQO9eCS}7tW}U|ks1NW#nv_+W
z(-NA(K58))ym`|<OOx-*em40{_{6^cJZ`EVu5!%JoQINm1N1IstRF_}_5xd`57Xg}
zHEFH?QLJ^E(#>PSFcWjxEND48j!+mXW<y6N(&dZdw(l$TLSbC%dZbKlLg8+~av?pf
zcX3KUA=q)kSctsi?xN6JE#BL^yBl9}sHVdu4Ek2jvXVUy&pn@?ei)`r|G15r#=saf
zq?~mZrT4}%T;m~1zUjU>&aOz)%|w$=Y-Cy~0sn20I)hc&AX+@0=1Bde2sqSH>mgI;
z-BE4NQTc7X&g1p6{8;!y_1ljmP+env%zx^HZ7UI_PekT0snlajy_3?2#DbbcIxCEW
z^-3eeSF`R(b6XSS%zDO~mspzUBPA?%AbTWGgN!OUDKzRXuNg!*;hgbn@wOb^*l~%H
z5F==zg^R-fV65ylVR98$Xo+Q!sQ{7~HV$vB?+#Nv{D$^Kk$u0uO+K(rvAV^g@l~1|
z;~`@f$MSEy`f#l3*a?S=a#5Xp-&)De+4eiWW;OSUpZ66>M)>+gH47@+e&{yeSOT~i
z70Ia*#sJ35CZ3{Z(6Y&QH?leFc4sEXC*ygSNc{VA?lYU0*w@WA!}r_A=^g*`vmYPs
z=he#h=7%Yq|KE`Vf1a<czX$vT{M#EJZ%1#4>KF`uNAdpOKd04KUI7kOer61QPgRF^
z2mXJ(L78sELl5R7M%E;XNs2cENo;c$#D9~A)_Suw0UY3NwI5mpBiBn?z!PChx5kdZ
zi12&rRnXdEOx6zCz<3%b%?V|>J`;V25OJFtf;CCaAZf;p!Fm;FBqXrMf)54`iUuge
z!$}e;x0#(zfi`;+3ynKrF80kYO55o$FLT6_mVm}*aZG_Iae&5mv4F-Q0vdn|Y=9^m
zXMhygfl}asOgAtv|2uqH2~3G|+rgCw++*DfC|?Efx8~m#_HD<%&1fIs<Bk7g1hCA?
z`x;K%JRl0Ypb(;r@)J%$5maRn2%SwpRMmY22;FrD;A*+P*`=$nR{Un2eW%k?1Mb<O
z+kVwo{bL{Y>h!?Vt1)A`5P|<#i=Uu7fT4K(nJE3W^?Wp5T^&P|qq-;YUy6lFCjMWF
zwS-G2V)7q~^(fX)c<3Y=r`^xM^s~~X?1See5ynT%%w()9dLllnJDR7%gc-Tsgg@#K
zUEj4_4<N7+*Ph%<HAV>c?0ALtnJmz4K!c7{nHWW`IIxAU^+*HW)jZ#9V=J`D3o>o}
zbarqVRcbd=^n{6Tr?8J+HHHiE5%V!l=@^-PF{?eklhSFV-xk~~XVH3~GoO7gFs)!p
zk|sf9yFoSIc7QZ%L7=CDciTxcpaR=R)5tII$|VFl>!?Y>ru+wGozWCdKCb{!)^zJX
zDC>&$KPanE^1mpHuk3$Nme1V}ctg%wXh0Ij|Btd*0Vqo=L8`Dk4(;7`D0?_En2(bW
zaW^HBkm_HQ#Tm;EKv{}}{|CxSMV96=I=Zq}o4?YmTj|DJL+(Zm^*O@4X=y-q$MD7j
zKhot9ElJ_CVyz4K!*rrcj@v2O?y%{JgCGdVPy#`N^sJ~^e8@fj*v4%4jKRgYW=>+d
zmn&ZRqchRGCuUU@cX@Sf_^T8shvw@_taycF=~kkdWB<;=$&cMvN6*g;sGASES3Hoh
zHxt33G!~SzH&ZPic-kd^<x{Gl0fKV@c)IBfYgY!6Q`w`Nl5-&f!e(e64g|fW*P*@4
z_ta*tf^DKDsOH`3mnKDP#Id6S@_`+RF9J|CsK5o#EEiDI*I4m1a6$7I98h&DZZB|w
zE06`-%)c{$MfyYn7Xe1=_i&V@pi$)?|9)A<_5u$zc|f2o01vqcFjc2vE66~iEzHCj
z!PrOXiUtReVZo-}{!XVA&`1hDl}r`!lp^_@5g7b4eZ+GAP>UFG?91f>`Y)rJjs2HV
z&FJz@Tj5{{&jU`lIF`hSr?G>|6s)1athn~4)b}<Aw}4N_Z~46*z*#r-8z112`N*(?
z%j^4|UQ|?MkBHa<08;;)d*!={!e2JsJ)AP<9<v9uTUD<%)$hx6hfYjlFmfFe!p^^e
z9*qIVYEa0%^x2Tcm(2F*2n}qTsi!&6&E?;1lY`?0DY;a6klgQqu=kO#!_EI;REt82
zak6l)AIR(v1;D~A29{=ky6j{;YBE-63I+i)qeX}WqpwO7#=!I`vjK_m1c-b-j2K+^
zb+(`JC!T0jP6SCzZ?BGE9$|Mz#ag1JS{b7MsEN>V!ZF#4hrzm%{uLAbJru;ESK`1i
zQLL^_6aGg`^jN;IiAOJL|BsmH|4p`*{vlfxhD1+s)Nz5>3;$tSv;SdQ)Fc`wm3TH<
zh>ngmm}t@uH^`3b?sE7@vj$t13rv51{DZW<KG9cN(VaDx)ammA|3O-U96>>pvlZSN
z{}B;QgA3u+xp`J}EUf2v0YP6&1ppcOQWyH5Z=_LsP?Zf#gxuLF7)38I=ro!P6C*QB
zR{!lOiD0m3@evzd*2ke3hx^OGdEWz+Rf7-EZp3e_<1L0w=%lL1N}(tMp*x-69N=0+
z1g!#IZ#7{ekm1pa2ARV4$(-nOIeZ6mbYvnTU92sL0cs@s7g*66DlWI0##M`wB+?^d
z)gVCVu0qi%JmKbgo=xk)66>z3J3w{EHWzgA1L%RTxAO+%;rg0aKILUya<L0mlE^tF
zLjiI7!*YOP8k<tSk%{c|4N8g#A#kF;HPlNzXCBn`&1$TG68obneme;`I&8u`DvJYY
zBr8?d_Z=?rJqhH!U3cts#N%9T%H?bV`>Bki;3bX2Pk&0ovM(Lo7^sVLq2Q`j@4<Pz
zh{x32NYpcVY)4&GjlHNXwOwIn+S5`_iR~y03WXRQNU%B=O6TxFCV>Y*lbXf#mUakU
zbIwEg6T5Dy?z$JaErwl$oRyqaBGkr({<Lv%PDWV5vmp9o*TakQZ~}Iqr4~MgN;m~U
zg0evFwGha_JuQUKS#g$fy$wt`dmG%=>PpW#dV+bwYkizia+Eo(#z57Xt~G@M^^d?b
zivyZcrC1{GMoMOhB1wx^%wzd6xA$6iUCDuTY0>I&VMHUF|6PPR&V6<SjuOPHGingA
z_lzSTcK3W818br3;ub{G1NH|qeCx~Qt%A?z3e=tATqY<EOD%*YcY!v^=k>MOnx}Q)
zdk?HHYg-6<wfx)L3s5q-s3_{|=Il<t8|TqKfB$Xro!?w=tp1}`5M1J`idvxa65|{q
zvxL<+dWz*fZYoVkXJ7;8?}md(XAVH_><9+_=!qYW>@6mT;s4#?Tb;b{M;yIoQoN%I
zR(4Ec<-JUarm8Kj`7}*lV9%vs39r=JjfZ|Mt1-JZ&M%=Lek$>SVp8gt<kf~s>p~G1
zg<A*n64hdfqN}H1x)z(|N+p*n-1riMSlhdu)V5yEvMZE@B*XO&)znHcN6gw}gUJD<
z4|@i=9-k$<(4-R;VxjF&EqAKq)1S=JSY3J|DpGjf3taFlRR&eYPe~}AqE~!b$3-2p
ztR4Ga?m=_u%CSPY>m`x-@RDMXR}TfgZm>H-AD5RSe(0>RTU(y%VC~yAcIVPK2bE^$
zDvVoPyfGJG49zDdt0`YY{GKw|5QT~aLIZV766Nbm$my=Xt%PnjK&C1c1}gQnneMgm
zMlWpJ#elS$+M>7X(UvbOO`Ji0ogDeOTa9roCPu|YKxVdwig|J{VQ<s?aLk@@kKJ`z
zT1I3<B{dNgQ5Lhy>5Tjb^@%kTNn?qCY2f-uSK#85F=bpLIJM(8iHlTedL`diU0o=u
zFLi-#pg$`jK3PDmo@c2c&erOIJZ)W&LW$s;rxP0iG8?-n^Ok#Li~+UQ-_`~HLV^v-
zBxG`dv!%~|sI(#~ig|9HzwE34s&oAnJM`8I({q8;840)&lTBywu)Z7_ovp7%>ENv!
z2&(SN%*n+rjv+6taBmtb)&E>O@|RV`u5OLa%K$uDEcgMA!zR6PuEnY?R5CxrcIjA!
zmN9{1HfRaZ-e@XI@bMN*5ocQi@{EUcAkhR3pcxHNODxpkIS|Q~Ld~@+=`(sYJh*;#
z_~1wGwjcRWBKkdLGY{u^$(y|f*Wi~53CpQL(}R2hp$nqmGwfQ0?)jSO<#F%uBn=)8
zlL6rgKMRF}6U6QLLx$5C&gC*`b#Zrc2b8nLYSV>gPdz5l;W-GtN;*;!F}qi-8}Zr7
zlIO6YBJHQ$?q-FG944%)4zvUym{LS{3^(QMF6vZd-klz6e$s&MGCb`sjabo+7PDS)
z8Q)g%TpZbS89PPd%CXZ*!hMA$?A746YG1Nq0M^4!**E>fsu4)5<&1oh?xNc7aq)BG
z73V3pNo&RUopC{941w<4itr>H%D%q>N+>vCL^ms>O4O*zomOR?*lME<eJ=_sKTLyP
z3=+&j$a@E}itkNOM@rI$%S7EcH`guamW+3SxOs?G-OqQXeSv4bx!b|=dcB!@6K7fh
zcoyXK<?SdCbK6vZI+pIj?VjGDu_%(kV3G%`@sQsvDmh=5Hk=8&&ZnDD8vrYUO$taa
z9^1i2%(XCYR^ucl<6vt$fMTO!2Ts!&&jM9s6=;V=Qt$1D*=^F^;eYnCx*6a5M^zyw
z+{-T6H!wSegs4*}1gh$mHyp`r4cV?WFUHhhF%)INFHzYbAd9M%_Z)3xu*ja5@py7H
zzdrwpATX69hJU5iZpcueAw4x|9c8%lfFVkhEql(kguBvaMUa-op_4%rJ~sdb7gJwa
zU*Qo*-A9k<Eo_0|%uYSU$yt(Mn2^!Bp<)BM5>z9HtI0cuJ5b5$<L32;c2GDU_4eem
z9mYB9T2}SZ<dW!U8gFE_4ONnzkc7y+M1`Hi+nmFVrXYlQszIjJxleDve5pHmV)h`V
zA*WrC`$Sl26%ZhQ&?2DhvV_^u%ZaPX{UsAE&D^L&K(kSuC03_<E?hq!E|tR1CJ64K
zKVk8U9j-f)9pQMBE<$C#W2Ug1QYyWdCN-ttCKuSlPzy_IVmTM|P4mak-<8QaOy;gR
zX2efM5rDW#SbWq)c<L<Z2y2U@$~%-Iq0(Y_HDh=&?IYfK-Rv0p)GrD9!-$2Yh<5mN
ztZPh`T*5-b$s&|-rA#*AEELzj8EA2asoM55do>nLRDbPCDmL5BoF$zVvE!~VB(-Tw
zdAn)|VojQg(|j~ZvxN;<T%Y?@TbFJYA>SdbPeD|u6cMmf$45CWZ|U>%bIz%`tsZ;(
z?go4AfMXOvB^IW^N}9(MM;ens<Ubn&9EaXC=8B8N#4kRJY2;JX`ImfN1X)u16pDXf
z8s=3zfa2&J`#SL87e56;$F{HZk50;7+?1Z==Cls*c6$3(Srm$mhclEpP5A(eJ;c2R
zEl6SL3wVRG@-T+g7;VJ}#xAqR2u{gC8Z$mHF@|v)z<Js6!5W{Uj5S%FCb9M2r5x22
znt&z%)G9I_BOp)sqiR&JBDlAsQ0jT==ht+)FMlmbv2g<)Z5NSNCxzFimPneJn&$Tx
z*C!?&9{mdC^l$nXV$66>X}23SHr(ZDh7DhOIX^l)z1>k3OEgrRS8v-LF<j{OzN+@!
zQ)M?#t7P%*l3j2lW|@Q*yWzo;<0OFs>1Qa6@8wdHX*Wh-MW_}!n7}Z7)1ilmJ#oun
z^%T2sXwdI}+6-51cT}gS;(Jcs5c|KS^V-?Z4<%svj>dce3Jrc-%?!(&c9;u%d$k<1
zAC#0{5u@LH^z-OvIW5=ENl?i_)$w7g<Q9R!0t8a^Ca#H9+Fo;JWi8I_3n*$uy4nM?
z+r~1yrr8<74f%AFZ@V?N269UeJO~QnkWNM0F6%##vr>9Zlh?jl*c(gF+NCElmHjJ)
zt@7pm2)9QL8ucA?SAW4sFQE;_)izZ~rZLZ-uK6RIQ>}E1$3RFoPRAN!`Ixge1t##u
zir{xE!?{hA$fL&jJ-Ro(%F~l8+Y-C)g%Rb;_B8-{>)!fLVV8Y5b0I~ppG<M%&D^xy
zRL_?9Ek~6*?fMlJ+kAq-vnA`D*Q>zdJHG08j;g242#)R4tzO|>R5>_I`@3;oE?U(s
z+cYE9^FV|LS<b``Pl)k1bpy;A4UF;E6-CO*x+h#svFG&b{yVxe?evLh`K+I%E#e2>
z=6!5`^|U$RO>H<@4UgB0s>3rcs-}@pm8HfYG=0+w>SZ;-!btJh=g+BErecCuNBkci
zpNehfto|13gX0W#?vyl?KP5?*{M?-bMA8$OjEg=)bT6E6+vf_=?WH1L=<x1LWr;io
zbBgFMs+x6(GIO>xtxlcNVS(%)iye5wkY7)p25l12MJimI4)W343w}55{>a2TF4xd)
z;u`#UbWL_(nG_`hMtpAFg<>1%3^yDAt1C?PI;Nt{89IMHu7K)l4xPYq*A_O*0A0!A
zlY2C2bV_Ri(b|X<CsFJ5offI@O`Uix<k@Hjkm-`q)v0R-Xg$?LKOb3@TSW3zF^X^i
zEAQEuH$>}ZZpN0P1Q;r&lX>e#ugO+VSFGsfr)SMb2zOHupi-FSCZYGlYHP99D{*Gq
z>O`4Ny&l-cq|gs8@r!bUX~fnfkB5_ytAb8fm~PB#Hn|WA?eT_vo$78*L_34?$PlUY
zeZ#TpV|J+`TPQa&TJlv56dIKOQiE3I1pLX^Zv|eX@h*Y!ijK#686C>}Nn?q*x{>!e
z5;tl1x^}rp%+ul2&zw_Zu>W~@I9OE?Fl-{Zvir@`roj(R1@rwiZ6F<Uryn&mI5#}z
zF?P^zRK_N)1sMXJ28ttt=tJjLWeGvJw|qcNG4{^=4V*fQ?hbk$STOH~v%?uYNcIIZ
z5dG$5L-}hi)KUi}D$}drkLrQX@ZN>A%H)w~xW3r|l-2iS8dDRI9(-__|2gik${`jB
zRFFmZLiZ1-=Zrr1bXtpHJBw&Xmu$rd%V*GKwmWn3+UR(jhNl$@^)TxG0j-y)dhFye
z;;>>Ft%Ykil3F6Tlv!{EUrdFus^lU-%42xBWLHF@B>K1#dFn0jY>|Y=<zT*bh7_*T
zA}=<ifp2eiqr^Nq3B|X{gP!&KGB-|EPf#82_s=$3z6R$)YLFqus`6{iHo7@Yk}%Ob
z8_2BlEgLqov0beM0TF;IfjP)4p3GcK_1eGRRqE_hj<b_4bAt}=f;uvXn7(l?ioD3W
z#S&{>P3s)paA8VM?P72wTNe)&U&*cqNDH0+x6F)9dV`oX`c5&CG<U<9Dp10@mXi&p
zw4<=x*BLe)X^PTF7OXPx8J(&iez5*Lh=F1nt6LC<d3ILB-{fN0=croFFw=|iI9Cz@
zsX7xHa@(CziEqm2S0W&S9HzQB<X_{7(%9ifM`&tICATP-=HQ9+X<>Fnyr9<l;{)B$
zn3nxs*S)zm1?>V+Oph8w@_(1bK6q63y<~{bh-dsjg>JXU_z4b(^l3>r!#6zzSlsdW
zfNiWi@B;^WJ_VrR>MmWryy)?$7hTLL$yT<raq1B?TPr~*>uj-Kpf*}M6xPG%$Q$k5
z2OsC2JvNuGA8ORjFBAJXINxg+R83C$uiAT6YwaNlNuk9y+Yt*-uOK=up1>S8*{`>T
zv$o>2=zP7PVp18O@7-G%MENU%Y>SHLJx!l~^*nT|bol+KBRChvnJp5To`kpvh|X(q
z#(beQ=o?k8Y{kt5y?buO<xg!(4>OMTHD0nh-xZPvUFEmJqCPgRda!zJPo2o?#{;eG
z&*ofL!I)!Ti_~vgp07izmt+a%otW3jksa}F;@bX{3yEks-w%D?tx`x4fPe3A8aEBo
zBO?zd-~Kh2!}HB=uVQHTd2=1$g_zm)(NK4#+815n-AV2db(dQp8_N%auhnXex_60@
zr|||g<bYu_6>FtF#W_NdHbjzSh6SGnj(VI_XWeGZ!%-;TLU#f445oKuNebQ;Hw6D0
zG0$@dH!rMTF6wt|aSgnZL@sGUOyAsi#FkuRnhR=@FWMCnze7r^ru{ogycx9xA`4TF
zWL&#=AA4~4+s|DTM78@Cq0u=}x{3TZ?ZiTcjYyu`Fs>)EdmvxK=OQl%7!u{xYhQiH
z5D`6b6Di1@fLT&Qb5=NEp%b)#@LE#ci%!rhlm~=~{BfU>EV)-L|AGjwox=z?g>f@y
z{;z<FP%ImC>*!aunjLdmz1s{XAe9ow2nOIL&rKiCGc20zKQ~!@q*f#^w-x(s-)2s3
zT3bf!W-sY~S`4F?Wi()^u@sy<{wRkRPinp^uNzs{R8Qp7>ua8CyFt~!P@Jv-hmV0l
zx50(HZ<LL^5<|3_wg~Q7PAT#202QIH&@NviRv7x4(0Rl}k8;utENY4Dv6?a?gU1o3
zE7_CjrJWH-<^bPP52w+)6nc3emWNqjUxRw^Ko3$QGqDgoLkQZYnIHN)rP;wiNtOR<
zTr~AfK9$xg<wlOsa2m20#2tdR`sMrVc$8(gml6APP7v)PC}QQ$Rts7`e_vFg8y^Jm
zvV=5lGlj(c85U!&ffgI!jvo;+#Dkkk(hIDi84UqX2@(*di8AfJ|I_RUMEdVxi+OWi
z&6?N<4Qa~n^*0TI`>IvVtk|>E1F$$<mY7ONai?3+C2N^|kmFG}^In=hbk!B$eC#W}
z*H7&x^Fz0(bC3af^h}(`Z#I={)G?`mT?nu{f2Tx6$>+%=Xi>tEN3l4nlu+EWOD%lD
z;b%d5&Gvuf)h^&9RR#cU^_;PA&%(5PQpq9YljsVu1$yB6QP)SdSG2JWPrblo`2!=#
zeCu1-qsvr?gq`c5{7xtN&1#HJAI#dv&P@$I4wis1vn0-C1-1CF#ei}zb9ZftH(64b
zyaI4}XbS{rt!qBSl7JQOgk&9>&=xq71z6fPACoz&wjw^2S_ltKNTWWTk*$*@dM=cm
zyDnW>Q5}5%EpTFg*V@4vn9US2iA%AXWL7UsGNpcuM`t#g3B-~%!Z~WNOz4KB5Q0|9
zMZ<oEAd|`XGC~j#bHjPv^~C~$g^MGnqrn5~d#lkfd>Ek`+dKu^F>^Gr?u6Z{Q?BRK
zkI#TgbuP5id5eka70Ad}Y(}cqs3u9#L73SGSme8c#Gb`ODk}n2g}z&(Ly&gT3c|+L
zC_v3ZVlZ<cIURWM8pA=LpAV#P49FX4ildCo@sykW9=H*#$mJ-$jbzD_kq&bRG78?+
z%GKAx_{ys$PD<4t0p+^qM(E9d62oBY(3?|#Fjk(2NNTk2D_LE7xH^JbDoLs+4Xj(J
zAZ_}QbY$B#x!aVA1v@YfpVY&rMhUO#VJa2*g<bwYcD{8o_<<y(lBk{qOwY6qaY1B8
zF|M=4rfFfY1!w9db>27!J-fw30&poBE6qkA$g1ejJpwI4cltqd`ly7>ASI_B2{m>o
z6gSrP0~UQ_zQ1>FZ|}9^ciAIf2<3Rsr>oB+M>Y6Jd&_$EzaqJjpe#B6MeuB+!V;aJ
z5cNyRuAk#jBlebqvfW6WAwX%%CcCQ(JR0zWF7G6p3ivl99Y?=BOXLL;QR??I*FC($
z(zA-z=rqOCE->K}&}TGT(BRLJtt%_~_@C+)3g_9kW?=kP8yU>7jvNGw#C`>#&~oZ)
z38<_(k+avviL=c=jat!R7OA}pr2gh`LKEq{;YKC(dbd()7<`PEXbf~ZygM32YMl~k
zDV*WhpXM;d@YIZsUuNuP*U{QRx3Zz6X*lJSc$V|+b>7=H02$lLSf$HMi_`Z5@U(XV
z@9>^)AJ+GcT7H7KujdN@M>Ey&zKieDA3k#betoGPW`mZ?1`!?~fC-hd&Q%SZfeY)H
z!^2KcBvZbBM=#JW8QX8h;CfoW>t_AKORM*wGDy?BxWamL{z|o@f#&&LvTQ&r^sIjf
zM=bgqKCsJ##(odu?ww9ndR81DWxNhe6N<n(a?CbboFQ*UkBf_joEOn|R8Vw!uN_;9
zUQtiJp<tl5znTO)3E{|$-_E*g;A=|y`?0-|JmKHP_tXClb0+%*Iuus8Z)TA!Fj_|p
z$2!YW4|N!LT_(Uyb!+v)|G<2mqgT$%&`u^3ZEk&c1tYFU>;;*^(=1MGf^grUeEQWv
zW?H1?{KNfJeH<wdc-Kv3Ws%|7uENv|YCjcNR%T|aFEN|5=q4YT&&>FK_U(wMr5c#<
zwoW{YIIliM>}cNjUWo12;GWTsg0PHgO_)AEFNEhM+mKSCKLk;2Lu-TDiTLyh3}iZf
zfQaokzt3u+^0r%~Z+;ZQNoEDE3IeQk)`R$bS$d9*9tv+Vs|h4AnM=U^!2wQEXy;Q7
zIfEvPj<R}q6A21<qU2=ah=Hr`FUju5@{=q!Lb}IUGqiAr5D{L4k>k6#bYlFRy2L7R
zdg;Xr9&4E?wbzH(HXz?!LBjn2vP>Q%>miQSsXjnJ+_Mvt%F`}n#my6FJu=u|7<6JO
zyOAT|Lh1t7Y3$fD<Q@8_+da%RsM9>(nCEMJ%~bt@MkY{x^@w$asIGhX23zSf`wZ!%
z^N`r}Rv_QEm5)#1B2>S8y&EZS>sDSb(^D_5Z3hJbdNxX~%A=OF$ZJ&swk?WUCvxf+
zbi&ccVGnhrmcQTQ>9^<G{`cRWc>K?I{p(sezH=w!Nj+*I1@cq>G!~UJ0>;|k?Z>k8
zm;9*6YTsnsne1yx<xQrGkC+FoN3_aZ<)!Zr-fV{$tf1A`vK921OgZDUy5-4MJ;j^e
zfB3vSPHZggBv#wC1zN9BYw#v`syBQRjZch>>^a;wz`wi9I=s}mr~gFx_)p}TC;LTt
zYTkN>xebDF@$Dy!Dvt#(R~sVg#|4w_tbh;Gw4j^~e<hPiw<r-WN|+Isz_!@)kIY>5
z+zu##KGiDr!{4jqirE#+<X&@f!(55I*6cN}VB`+8GL}cDREeh4W^6JDNeY_9u1GZ{
zx%=gX`b?SPWJtdKx;vJ=5hBKPzQl9W`|3|V9WGiba~I7kmlh7pgdjfu5RpI{ee$Zl
ztt~PW54%?`!+Q36o7oYM|E_O^gbDeFf7`G^$NO`9zs`)rzdZZ-d43Hn4Mpp}9qjnW
zJuI<(UA%PVuSM(g(s*tb=auo7{DH<dCrONR;LHzP|I-S?!n#p=B0X@DgWDIjvwauz
zWL_SY(y?Eb1Wq+^eQX!#s=0!M%$Fn@m&$P1ZYTmm+RVv+QmzpjS#&Kh)I{$-#dYI!
zj8#LSKk#G{<@_$*oxLfkvPCgcV)q7Ii)qT`n-o1@P6ir~5lFC#cZ~5eozsP;7$IUo
zCFfq5rrI7y)-Bp{X&Kf>S+ePEXYMYSw*}0oPhNyTdy}ZsmX2jnc_V4vsrj?NKZU(G
zBm;$m6l+Apkn7<Vz8S()Xu~Z^a7i&WMg_dX4a7(EFD(=*rIws9P(H`-l?%KrB7~|h
zyx;=*1~|KI;?E6WhDiUz7%1<!9+<y+7S#(9u@wam-ZQ9XL&e3>wiZ7}7~p<ldFLOo
zI!&yW(TJYuB3TZ0Oa1{5N}q~h|5-^6%nU+@2+OU@Uytue*V5N?KWe*&dOoi_B^6SD
ze0PX<(((uKA);*32KHr&|C+7G*Z$%qyAwaCBIYD%C|*qQQ!Z(lLlW8caer(w`k;~X
zw>?{kzWn~*;~cVl=3ifK(1(hhFq&eXq|q7b$!(h4sr~IBlNbjbk2`PFL@amR%TkCr
zOobSpB}Uv#rqK@SBzT%2xx!m&zS^VAu~xO&?nbu8CK7h<vl=0niA@DEbW7eunTF`w
z>?<_4v*Ng~dB<aFcZuC#Iq5jz@h?POof*jlwya~(FBy|gPW80|)pzy}Uzcp8W{mu~
zU3R0r^{O22H|AOU%R8zhFOL2Xp_SI6?gF%2WOL_FJAy(NnDv=H$tFHS{tx5&{Ph~c
zHPpR!0<n%z&4zr?zBE33WXZuC+~zAQz!!XVp$K8zD5Lu&g><ZYH=+8w7pPEDvzP|l
zbHiun#OTi3d2s~|lDa>I@D|-pQL0MsjErEeQ299eiW=E97Pme6%%nc}wC6-=CY7tx
zlUWu<k{=`!U&8^w`FhSyca|XEdgBu3G37z4J60e2tQXVUy4#&WF5X+>+WdTi7LZM7
zi1;U+zV}9}2ft96(*yVn6Z&%Q-+YEv86|CEmzbJR%AsAkm<P)Hzzf2-wkfxIdyp=p
z#LVKhk|-F|j*8o=`Ajz!DFQC}9g7&+NM84X=>Z|xIng{_p{7zmI>R7F&Tl;CQha;s
zzvhN^^nUHc<#zG3qCsi$8XnC|bhO!ZW5ikXte|4z+Ahi2Csemx&oe~r<kDwZqDPkJ
zb<S^w#218p=EaqhTfLWMZ6G~&a@8@{8HzskOwwvw=A9j`6(wm;*OTzq#X_d1K;P@1
z#{FxIW_(9BQ`qN&5)F&w@r5GHs9uE;%mB@bElIOYYRQE`0&|3aQKE}gNY=A7fM(wr
ze!@Qfn!IO)=#<$Bn~iR&1O0iJj>CIx-(+YI>k$qL3jsB@U&pSbb<$#)!+8oCn?sdj
z@knK1zJtc3_bV2!WDb5yLbkffb&Be}$0}I&irGOu<&juzyU>j6YFf(srGGT;+}6YL
zDWUs3M5&&;IXyPr{T!`29%7js^>qBgWQ4)4)`f`4*iO=f4uKYs!2pE2@xV%M#J5x4
zeIpu0X+Eur3|h1k`G}ov($>;{)ZQ(_EnF(UEvuh{pIvqa@I@kmc;BT^-RoJL6&`%-
zp?brpPO0cZju%gUXgoW(M_~cIHO*h<b!T7+Fc`l}(b7#uskGvEOHz4C1+8gx#`d7%
zio%(UUP09)+~Bmf_f8EvacJ36F-F#hN$e86A&HmEaSLl0BqlFMvMTOlnE1oCrKTSI
zn7Yty(bI%r1&2(e{owXWN>B~IJbUu2I?WH6?}8N>S=${pB-k$5U<d0-)+^=@Y?ou_
z0E|$a?KhgT=m^m@_>A@B8mlwN(DA8|MLAqM*?a}C@ObUD<`mRzTfm554ajpiC2Q6%
z@34{rSWpG4C}X3HG3S;ko!Iv}j60!BC%bFNQwdFRjR!~w6{XBM1pmTTIEZP3BF7eP
zAI)*`o^`DkZFnBbjwX(+4Sfk{)gpDegd$2`F}~L_i6a)u?-0=Xy*<a#7?mGhaM<%^
z-$eC21^=YBlf;XkOz>)aF{NS#wj6B<Tza)wkb3@@C-Sdt$IyRmJCNkS40&|2Zt!=8
zB388*^zC_V)|k=Xj4}^%BOR!J7rlWAk_=`QsgjZZ<JjRs_%OvaM=O%}7)qO7{kW!{
zU0f$q+4F=wx3&I%`F3!dzssd8S(R_aGjl~+0AbY;e#TPxt%_b1{a^*ZHDL{9W6lB}
z?-5=q2<yuy-FBdY%8rj@Yq|=O8pB|s*=@HIMJ7~xLk&SP(R<ts<>G8M+Nv&ThlsRO
z*Da4HY;MLpst4v3Df7lC@EN3#-?K!@ZOQqzt3PXmlJzq$n1NoUqxXI5Px=khuCH*9
zMN2?*_7E-M-pbh?TI7u$>-A#Vs<B9f_7ovf(iB`xA9(c>gu=Y62ArjH`Dy6^P;cG>
z&FddqQKWCTS+`B4SQ6C4+=a(1(=YM`%O{*<Ui>*X1wx=f-0W+lxzG7cgM9&~9ubqc
zHb?O`1JND*;!YZv^8J*cA?fW4h*9Q1edbs_C`itDVlYoK=q&-rz{}Rq%<d`K!)KTY
z`iyd|k%~Mph-s={J{+7DGO6{!zWV0%?XUn%D$tHfF7T3f`o@r*LLqIb<1BGbs%3A|
z5zk(lz6G+<6*)3$TQSvm0+b<hkQsABv89Lb0v=>{>dVS-MV)$?uyy+Iq8WD))|168
zh3;Z0bP)%b4Ut9|sml0!by)xoI6_K<2J}Maq*7MOyjFlud7rqMO2bVa^`3eNc8okC
z4;XWLQeClU)!c}Yn{x+Qy!i3q<b?ZC)p6pR1oqS$1)o&A(>RC8_4z7wV1%Rn3ph~j
zdJsCgaKb9V@sCOka~8*XI_sqmaIiJEEt!2xU{To^5H=!tAPfbOAqu$KaaN)1d3t1F
z<kU4)DPw369Y^_{Cv_FG(BEBnrb%lRDTG;3=n@R;KXH;cgaQh;DTh9nN(sgf5=xK*
zeql6gjgr;P6s6a#YX+Qm$-BG@8E=9$*o0b*y5wP1fg8~V1(0cWs2v~-0DFO`k6#1I
z?A8JuXN3`#*2=)a-rG&`g>EmnkUMpXVHoQj^P^!(Qw%1C+sKssrumCL*j}+O$_K*|
z9Pa`rCRow_Cubf#TCRNY&op~uLKd@Vmzxn&6yl=IpEt!e5eLu7Z?Q4r-&C<IVZGSR
zbF-7L02|Sz*d+66tHdat_)z!?CZWkL^%cgrvQed{)$2!TTz*%nOH`_=SExMqbzq#&
z%2%r)Au<IKoK2R1Eqw&tLrpz_%>^Kxa}n%{WZz(6yZ<o|Jv3yFoMD{Zzu8%kXt7K8
zhPtE_;CF!6bib)&HU9t`U8CS1>IHKvt-LVO>Pd@g8%W(mhjSda+KaAFF5T_b+&f|2
zPN@I%f>YOqj8HX~4EReYNL@_Zm#xEckd0UGJKD==3=AIe=rY`xQi^j@6^tGvG{h4>
znr9LN6gH~?3XCpFP&7XI>LdK6?s^sF0c4X_i;`%@YPUqWO&w6;_s;r5xB|!D$}xY3
zDJS%dGcZixi2O~^yNQ)pCndG$>WRzAlN@gHC4#(jG+23fmYxC<!Y?Rw1Cth1+yCCF
zU0$#3`(y72b}^+XMzoR3L(Vhh_oYk~r9Dc4&y8%!uh;ErG^Ho&JMXAh`SVMMAv{?y
z=tLL^&8j;z*lOCC+yRL6eKGj?(s#CibE7S*XiWWP3t<x><E}e5n9k{jl$rY~67LJO
zwN9QCfRePYC7!7GAtjLeEUL-^gxN$92*qMXnYxh`5om9NJW%6q2xTu{)T+hqW%z~>
z3L>}T_b=2ETf+qf=}C%8x%+t&;%kPH;%TcT$_Df7aXY4PGk1pdDWcpi8~xR5Iw8o%
zY0*8GwG>$N7Vo}4t?kFBi9hX=*(N3_WktR8(r9HrGFmaxkP!I659c%o)ksw#g?mXz
z%&l)!n|ESDMGNCe=&*HI`c=HeQnp}ly0Uz%)`>-2$bA>~MS!mg>`AP~IIS|Z?&Gv*
zc>BU^XJOfPLxWK8R6Eeod4<KiOsdHxVWBHX^fu{q@g~wocn(;t5Kt;bR#%fqP3j$l
zhb})0yo~5&u`@|gSWSqi6x^GlJe#Zl#%cTT>reC6qTRy{4JhAQo4az`vRk+HLbssR
z3TqH+g|?@fInen+cGVbjljf;<GA?)OGu2eBm@H&Dr;lb<0%I{^tO)BiMfj0Z8;a7{
zE%DtLDca=xLxiNDbyPZ)LFzLv@YB$62U4T7^C;K2Mv?~!v>IX_wauN}7j8Fm`n<;p
z-GEE~Y>s^n@0wB4;;P1B9l<ZU=C}tF&<;uYMq~2+N3%zL<S1-5_58)ER?yYdi~`@G
zL%#W`Zk>ns@GA84j?w5GpQwFn#>zbG6K0v4x&`Krd$~=qtx5BC7N#VN#JgT#sNRT`
zW!MPB;*Q->N3qYC+1UAZE!-_gf)i)cS#9h`p0)N{jVq{!N>OCjoK?k6AK|dar<EjZ
zZT%S_=O^v&LMvvm9vs>?(v#d}GGp4tALOpQ_5uP!T4^)(neI1E?6%GlREXU?7Puad
zCm#&*Rz7+}G5h}K>5_@UH5!HLx<&V;ZjYx;KPBC|#Lr*(9LY3DW$-R|Qxbz^lMxZz
zC{!=>+YQuu$p_d-xPgV^&aP)2Kwb9nnGE>;az_)Dtf84uA`J5eu5t{I?rv3+4y)Kt
zT?RO2o$whbvKVk(nytj26|V>?<Z+QOeskA^B`JT=8lr}VVm55%A*5}ml{2qUi#X^7
z_V%N$7R=`o==KENL6%({*>ahvHV0gW#l0V;o`4bJI-GBC$rsIO7QLK_lwkEu8G}?s
z@t<rOt4GzeqiyQDta#gd=)}AZK%&h>8VK)bFq*wL{~X=V)^=Ae!1g%Rmg*h(aXpmV
zSEioV6%b&>HXNNLv5_rQ@|R?~bvH|MW+jq!k^^`43@w#-wCquVxj<t{udw$2_0J=)
z?fEsjoE=3N(W)*4+;CNuMCUPUmulaK;$}stT`EH_ik27E3ENlv*C)$z;@0XFoSq8t
ztkq*#a`rfAMdbp|xbS7Lz=$aRz}{rV$X@WYF8y+uJBaV|l58jXF>#{Mo57ej<YmVo
z9h~H)3zzNIuV}Yzf~7b9!Pq*RW`M69V_%m>F6zMy)^-8<CySsQI+DeYIj}>!ZX=W7
z2ApA|q^*qEzcL{7MlpxU8N(nC`zSzLxYh)?x@0W{%0(s+bK+)lk(z@N78ZRe(d8a9
z>Zj^Xe_Mqc44dS2x<8nP;AeRY^LVH?v@kd)<z_Aq?@qRyKdU@c4q)&^ry#B=gD&bT
zfodA!P@V)kV#R3Im2ypG5b(6<(u4gCv1_=VRCU#(efJPtb%!b5_Z!bTX~Ff&udQc)
zq(Qv^CBGzcZn>VR&x(U|!Tx-XJ6ssWM%VN@A`pG8xW`JQbvA;@E{)asSwD~&C$yMT
z;w$&jTj2tZN2bAg@tW%Ph3)?LynebpwJw**FttA0<QZy~OT$$!!zUcGUzPoA)nuk!
zVf;tN0WS$_5(qDxK(WwC^3R?UMK}~0uW(9XL+384d>W0pZfFfiU}Cd13%R~qI;G$b
z2X3dXe({SCbzupb6Q7?!O>tkhp;#KShXw90^*+Kqd*QWXEt~jt5`2+Y&r$SE9OchM
zwy`Fg;|^P}L<blOzL51fS0AO+`e__fwv3zWxAi!bSvh;B)_&&$;J$ku`=aB;os%05
zL)m3i-Sq*>Jb95k2$C=i*=k`sy~sUPY_^Xo=F;wnqe02t{SWQntp35my#tS)q+ICc
zu}wYm(0+0h=IJI7Y>RcGOiPA|J>8>NaKX`<w=|R8J9+!5I1x6s%I8O>vIBKn8M!|_
zvu#+>0m4^KFswp}bj4TIcGzG3HZ7+OS-APx21}wk{>P-%l7>W-p4r8$cK7i$&0VRQ
zhB(0>^2<B9+itS*^vgS+&=@T}zEzhX1~nO8q8V0EF8bFf<P=D)<3bz`mwTtDL~BKg
zj~@9vKJN*avh*nlENvd0-;A*TA65SpWl0xq3%kim+qP}nwryLLwr$(CZQHK2ZU6bL
zy>{E@%$t~q%a|=%jQ1J6Cxm_+8sHB2{;gB|DRvOY_4!a!xqtjL{L&$-!shi!c|n-l
zSGp{hqrfBT$+hqiR$lc6|9GzbO0uaBFdj5~X24&u)kWDt(;Y3iURNFN`M!Tq94ym`
z7#ju5v)ckt^?r#Dq-0QD5$*ypWC_%wPFjwCgCXbf(p~ZlWtyWMs6e0sTr_7u4Cx~d
zcutz0I=JyGWO8#)j{Z;-&IsTHD&PPpI0MeGk5WQ+DU;ZO<Bp_=5WCcjiP#)D*`!Hd
z6F_W7Bspnh|5Pl3=kpDS-^|QO5LLaPI6hLQUnsmX7`~tS-r^bbmQARBBc{R@Uv~Nk
zvdMlAyJA7y;W8Af4&w8DNUQg`-1?)B`LJl?=-le`*9_e{2Yh%Nu7>0KBqTTvLcFwQ
z7Dzf{^dxA6#t$9W;qku_<sVXjMl#Op>BGw<<Z3YsOz{HC&wSK40U<cR?Pk$y8f~S?
zGp<lGQw!QgC<F(-*O~%n4wfV7+puB@kk<jS6LlJix}rbYDuK-HSvl5nrlVUxhL&L1
z16iUlXR=fju@-IhfLW{y6&xbmeE|C0zv&(dyMm^Les?TX_p<p!oi!I%!xSOyn|3V_
zx7It?L{+B(H~h=GhN7Nel!6DD9fc$h>CvCeSLgD&_j?Dx+0qLQ>hxS$5#)Lp)*%YZ
z)-mE>>Gb?-mYqu@Yy6_;s6Sc}uK}i$X2#Y|)56Xpgd8heSE+X&^G|w5bVjtW(7M5c
zd;g{wqxsA=EL9XI!O={dfw)dAS$4x7Gm7#3S>&tsWVSQ}|5s6WWe%KM1nmH%m4}2N
zp+>n3P5;dXG4jOJ|BtkKYxSnVCyv$@<DjYcBjeBoPf5zCQc5V&0<?~iie3~B8DC{<
ztC!ic05>MhUx)}7FQJvKSj?sR)%TOr#j7pth{C35;r-Wa;SdTS9JY={XmB?^e0Y^;
zapsa7%=UmxM23<_)aU2S`^#Vp_!^`Z8wvuVnRDrx_v|tm#Z${XiojPXI<}-TWH*Ne
zh0^EN&`^3AT>K+h0x_(P&F_|g5NgvAk2LU68HOf|Y!);-@DmeTv=_jaCCV@~=V2t$
zD^d^Zm4Gd?Mh>@%vOGkkC(1x)M^=54`{0HwlSjEXvHJ**8o80mxxv>nM8Fd0M44ey
zxQ*%>;milb_^qMUg%4C-?NWewE&nw%H%dxy>J)w|N(kbU?3HpJ72!w&n>f4~dZ++g
z^!pvGankw?(^nGg-(^_<4ngX%{*ZVKIr1xwnf=={gDaPA>j>e7NS=eF*wd~n`@k{w
z^TsXjf50+zg6F>Adjl`y;5;sJ=Mz-U>_m`8mCB@!9J#(;8kKqzw@ZDEaBAd`%eq-E
zRx++QMsm|!8Zi%KGsY(Tcb)*T-1Q#I`4{pM4D4`RUl_gIDff15!TOn5Say+qNUn)_
zh4g_L(lxH82X1N~1Ty(pQU=^di+GZ%#^8K4&!QuYO`Npp%;R98U|MG`LlUCXD?fZ|
z3HiaXm+QtAXH^Th$#uLa?B3Q;I$(rF%1$w-d7I2iIrXB|93A`-bv`K`i-hr_&`2UN
zXgI8GNb%2~kf7gyX8<OtRkBgiY`m$z)S6EYI+%kBc4neFDlaj%srN-H4*MPKF4I>L
zqqXW?^7}J)H6WH<Er|f1gLEQ8zpE#noK#Ca(ngD*ft1K->B39`rsw2KRf2Y^foNj&
z89JTywh6A9;B1U=bfxqzVA{JnZiOXSwsj(KOpMM=j-S>3Al1AR%eGtBGhPeI#emRG
zOi9P->hn=xepaFNJMhVK1%eKZnd;aq|8`8@#IJ-EG-;mt)@j2~y-`j%w5GEA&N-xE
z^Q6^tqS5&}cnfTKo{;jyo&v#XOA{L>X{FrUZ!356lrdP?9oYdGNUN=q^&OjyvHn%Z
zjf$pJb%D-2I-O*SEl~b|caUEN!$R?55B|WyYDKlbq(A%Dw9SI&$jzDm3HM8>NtgL5
zVo#bo)j8e~Cw1a~Y#>3XTv{>qb^+xdB;{^1B>;rZT{G@TfY?Uh);WoD`O4w$a990-
z3^%D?id4g^tf%Ld_Sk4P+yB+TC^W3?!mwmmDa3+^E`3-p{^S<4`}5Oi8N24hvTa}*
zJq50nrd-84?C9@tbemHMa+H}zSHtBp*``U9TrOkGYuD_$cNA0+tu!l&5kQ^)QD7)j
z%k`Fo<H$cbQEJ@cpdQ6y@vgxsLEUib3Gv!7=*jD+=DAya_v0~7U?Y%M#@!nR)ouqT
ztI9Gw(w|LxiJHXO?smos-o-FWQJa}U5^pUuscKL&V%<H)^2kTLnT+zlqf(VFA&a#z
zMOC4RO=3Mu4-etYo9WP_q#s2Z<X0_&uEjd`OOe+XBmD6(PeV1uJ8;u=8YZL<j_1g%
zU8Y2i&4%`&HkN{&PTR`ZPlwycti|t?$ajTPKH_&wex3Qx)c$TO?LxpuQ)QYZge}qi
z<v{0*t!E=$@LGU5sNpZS1M6(Rwl{eRMZ_i<d0F*#bKE(lDWZ`Dh^Chc=?@$7@Hu-k
zYR}?BY8<ev!$|7M;%KLJQ^s3SV3Sm(ImMzXx&EVr<pQjaVS9xYlEt+<5Si%>X8!<*
zu%Y)-L;~njd{r8kG?$A)ubqG2{8cmWZQLqyPd7V`Mz(W0YU&|jEhW_^`+umHo&Rhw
zR1#T<Spf8(^)KpO0Qp6|vcG}4@Z~|=xgy>QNv<VWa7f-f5CA7z5t^DH7uaL74PzWS
z*@qDvm6_J0igY3D92|D9WpRp;#6&R|M?YpaH<<@5@jeFZKfLeAf3uWGJn5#z@3k5@
z&1O>wDc0Mq*D0efmvq;=8_^M&0#PLFA>{9g@4nV=1P_A$ahWnFTm@}aM6-bSivpW7
zV{Z5AavbX=S4EplSR)=VH~+QdSk*8=CH5cUdcOwPy+;_n1Mh@M1+9_QE}UCM#B6`p
z6k(p^(H*-IYu!I|vSul8tsOykbC*joA&eaRrNU=^T85+ViAB}P4Kix0wY19i;~qzO
zaFt%<06Uu)(|bsx^`~LPmU&w)oeWtHbwzZ&T)gutu1lwTn`e<WdwT+;7;E9RTlDOp
z@c5S__p^i$jhM0MZtY53BlBjV-8iRbrPw#kpZ|6os_6&VRYt*3*=N7H9<I}5yPasG
zrq-Hz*m!P|y0FZQV;v|tj)>5V+fCa6wzd+q?KRI5peCwdVBiAsE7e=|<F+)#=*Q;I
z;Gs>q|Mb^^_UDZrCxVC2CQI+)YbUtp;;JSoPtA;F8G}rjLhtR<3TD@59i}E@6Xl4V
zUz6y(AX*T=Cm*m{fm^2#T(xEpwbM7v?+@u#qPsr&5W4-^U?qQ07|zHS>6Pc@#fXm0
zX>>DhHo6<xfR0N!M`$b`TWwGsCH4`h`;7Vv?k`xUd)E!N_{yWq>u|F;09uw%pq~AJ
zp_L{K2G{8OC1XNGVtbbD`Y#saAg&Z6@k<vkUW`J#)Hpf*%W~i#1{r~?5nby`9abUz
z9N~LEHRT&qBFHmr)WWhC+wM#5;niKLNh3BoH?n28OH)VQc<5jr-R@Vz*JoC(sCnh1
zofF58e*qENYhLxe-<+ydU#|$tiF&>`z3(X(R=2TuP)2Oh1+7Ztht@LhrXFx6!V83_
zFbv~ZPeIN%07;%$GMLBJ-2F56!iT5zPVZideZH$$B5eQ`^Sa^`ur&tg3sJ%DdAi7Y
z*Ji|o>brQ2+Id)hLqZm!$B%;uoY;80Sa_G?KfE}-=);v7vW50uZDiwI*myonKCGg<
zjnHSr5uU|~j8gziLTlKd?88LZi}8bp^LkX+xL@O2y}{u43;i6j)65)7O&{)2!K`hi
z>fi|^B3BVMg}t~jaJ@KqQQt-Vfiq9Y3=kG5;#pPeM@8>rj2dwMxR(qWh(P9SF}Zk=
z_6_Kb*7do%bkCq~_|Kr>{j<KlZi7#6tQXB$NsyhIJDb-2Nbix1a?-NBRmJVFy@z!=
z#+O1y)`68|X^txpGrzM_QK)W~F;1~^$|#8`#2r7Pwd(Fu&(jv~jz#|>(axS6*6<DC
zlvTw(4q~*obQXj?^e=MI6sPflZMdQuHAg=G%?0uRPbHg97E@~VlNLmm`gTK(j^S|n
zJF5RkHbhc1?4xM+>7!0i%=-Yu076<Ur~sKAsYgIPq$P-G>tB@~p#=dVnZYARe_@a=
zm!BC&WO6dye?`{A4N5w!dr|Bh<;@orzkK__FjuBcs55-ca6YZG94PuvvE?7b(OT7&
z!;+Jg7(gTEl&~mEG?akA;`Eb|AMhTk2EdAV?r?S7Z*tJf45i%?n$4NRR*UH@idt?Q
z9i{*z8{~RW4`?G(qVQbu8tqQ&^|89xhq#s<$l7%}4HdiGJb_b18*R4B-%8pYRWWTO
zk7^<0(IeH?wafu9S@%-Aaxt=H%ZqNut{X!g(dqX6Ve#I-4a2Yx`Vs@&8>(WZB^@*F
z=2*)*O}=)uW;&tbRB{<R<45zaolJX}JFBF!LKvIVE<x?CUgrqMoUOz|a&g3c6te_v
zU`gclAdxnrgl*yr1b?b=RkjD%#l5yZWp|_}*fgVaA2am>gPuKiSekY3yO^-L9P5<e
zHz>i3k6bw*w#NoA_0t9r73Kw=DT!mnS?+ACs$GQRs{M&lJGP*LNk_%#;?WB-I5+M@
z1hs&dCb57A(F`t_1fgj`Pgd&!rA}pG|Jb19j{sLpWrq9A;lK0?^4%Kp!Nbvk!|g6%
zdf(z`3DD?*jox3uj5E4ZTbM3$=3#a}6nJ-NQfd+|SCrMm_VDjnmtq^WPcxZOVMwU(
z<EC6X&=9mXb5`oQdFxv8W~t`Y;(n|s4-Te$v0nczET;_aUJs#DpRdy0IZ9~ANLcoq
zEju=*fhgDHRduV|E2?a>{9J~*VTk_cwd%<ORe9D6mO&S_T@f}~woTuDisMm1QJKKF
z*VW73&ee6UiC*hES_9lonFQtORI=ZfjOpk`s8c8A>p_=Q3*AZ;7n@m!jgzT?@(+aO
z4kn0NhSoMG5ViRGYvCV!)Uux95b->ugNcut{QmQZyjDsRjCg(vDCig#Am7D4>omyX
zZhEa(!cNzt8F^?;8<aeg;8B8q>p5DeL{cSMpKh{LM}%JxO9&`xTnc7{7Sjxwv7R2J
z-2@%yCnFX|*%y=6UvnaV%(OB+mj(u-c6@P@gZj%RKBnwjFxfV9f6(?}n$*GzdxHLb
zFcmeok(LRb>aWwKs%f^-Ux_U|XqrVmoi<KrfB_L*ylp^KEmD|DIG_AR-<PFMCdR{u
z4X31&469!*pMpS}3<vPTMqwUFZz9l;Mk-vdy^b3VY!AAOv(SzE6N~+#x#*_5KKF?t
z?DiHrZgLlogQS6g9%3Nt5<8(2{=LP&34|)bncf4)FHd4NqI}&uxQ(X2iGy<i|4vU?
z10aTQWQcs=>@1^7Q)N?JtQ&9Hu|9cD`gCWSx)~6fvRUh=x;#rUPqb-LHLp6{sv+Kh
z`k@=Wzg^K|spWW0pK^(c^Aqc7(Vw5RwW7@&m}UY3xd8H+fC`XbKNOC1z^1jVeCUQv
zH)e&YWWcC9K9O@S>W4fAIbgFpC*FG~@(CZaK$3&dh9e}MB9zJwp>c_v(qwW=w3Uk@
z+z|)W5&iC6=l;I1@Cef<j<n+R=NcJ!8A9=P&M1WYArtHBKso#({0<EBghBHDFX?i!
z`&ZuJ{K3JGdjad4A!a}CVN77hagEseV0OkvY~S9l4?fDDG*|j*{YdJvxIvnv6zz}g
ztS}ej#%vURf1BT3o@*`J;R`b(X`~4RHaVJOiyH?Hnw_(an&pk5q|o2DN7;%u&N%-t
z6`lP~WH6)3T=0}DTCtF-PmqE>Hg3(atX$bFo1f3}=~WA|CwJF-kiW_(TcR^0PvX}@
zzh@p4uU<9sgvQ`(_+ynhf?-ww(RjRP4YnHjL8#I-d5)rzr_ZlTvH23)Q-h77U5utJ
z9S;<9{?z##GA9j;Zp}zNyI`gABy$0^LfR#ot7HrF^i3bl4XtQmmK0bnMCs2qF@u>c
z-r-ipxb-TH6f}4ICE#PHfhLg;<fTvdvXI4PW*4gGc)z}}GcmCIx@qC>4xRaYGtSx=
zVdz(i-i6*;YtzXDH|xC}nh=wOabsxTDsx?rYWym1u#9X<pKO9J!H&O>$&W)(G}vsa
z;YThz;2}QklwG5F4cq4~B8CX-AkEI=O!4gFAF{wq50kpGc9&`MY^+J3(FziNeYKH9
zY<I4x6TuRoFQW=c1Ybn0ZVMT@-R0BG=TD*Q8oX3L)ZQjF6F$@kP^F&bG>Yj8>y-bG
zUS9#pgCx0r{u8fYB!DQfL-hZP&on(2jU9?V;05uQ*)V(zY(l^rgd6xV?WA83w&Y%y
zZ$X&H;(zEh2S;pDKt*yokVQ^mm~Q2pr*HzO3^?GeOjgjj7{DtI8=kJmUlFWT9i}wl
zXs6f;3F=*0S-A?SsgcWXqH>zG0v4o|f+%Q7Cv#bx#Z`hCr-bfF&Fc)Shx_d#D=F_u
zNQK4$2oG0!VGtpLBf!KT)?<ba@jjdMs-$~oAx2I;|2&gb;`wX127_)B8uQ;&Ne9i4
z{N~d}4bi_7kZl|j?YfdpRf{){EI|KMs(zOnG#D7Q{}B&qw1p~Cr;zJAOduKxUc$_+
zP@|plag3{iDiW-MOWoJ?NIntBoXUbw?<qrKvZ|efw1CrlS{`TEQshKGUE(!DCwOMG
z9-sIPYx*WNThW^1tHZQP*@g|Q_lO*5A&L;iWq(kUK){F{f!hP@EmsHtM*#SdrX)Q?
z8^@%#<0ImIUTe&hS~V=(K~j{YyYjANa#N_Lpc;7`v-=yZ3J)&_5^=m1oO6sUgOo_3
z&+w}TP*v0b^RldX-+r`?^+|59WI{!8CmYu!{nX|=!Z|1c#j>iq|BR>iVe_#5CgT9&
z9cb~6$g9d`dpl0Qpx{3E%t*A1S%^QofD)<n|E1VJ4bR`TIKd&qco*=g7kCe$^}hKI
z*)iO~l%tk+I%k|Jd$j2x;L%|sNU*YbTWqzPi!~0Z(GTJNzQL=_LC4|O@xSl{RdVMr
zY3jh(UEJta9_KBZ04Psx34zkR;DssipYlj4)E`gdh9b{HNb~R<yPPK;VNNIzAFqOc
z_7UgFa;}sWr}>rFX@$x<02)A)!JZ9jo=9OVV$pN)nj|)YDrur`hQhx|y!eC4c06Tr
zFpMZQr4StE3N@1vPB0aMCDvDY;N$|TCKow7SAL>sH3|%@vjw%02yF6B6&3M2<$Dp}
zV(~R5OyCVM%?bO`@^I!eP)ai}Fb%leEvU>y35oaYO03g71Fc;(crNnQ)}=hkIu?So
z(HOfOg?V8+044jH1pFA0;{IDO8fuuJdN_=Q&kCS5(%Ea;MHpjCf|m}Zmz<Ok3QEAr
zfYIgEchdlGckIw~D6CZdaim7L2JE;C#QGW&jOB@uBzr>;-Sasr|6{X#WN@7-&uFDv
z_Wkc&%Oh1TpG0No<n<3R_4>*ts_95Hq&ZdrPVa>wENhgX+D10#?MWnQqb?bHmu))*
z9f1{Y5yz0Q29ty8u2rgHy<jLX3HJfs`pC(_r6qJNKo0N69ARKb;}8(IQ$zI;F}pZ~
z(s2{s&7Fay-J-zB023u2DhAt2&%xB+`lubu8UpGO6bIXP^eLd`4+CQ7+gH@GvwlLs
zzz$MplUcq22DpAcuU>CwH@J6GOlvBQyxt<JxJj3s-`RBPDAY3_NXl}CGnOI?qvk$v
z#hQ{#QS?=0FvCYZoZ_O=WPkpMm6CZ{;^pPPN!ZO&3sIK{(sqrCj$vi@(`bZtUHtn)
zUVkD?tr56AqFb<RU+ytvp<t1zK&fhXblRBShb$YjrtXns38R~jI){{!1%X)wY!dCv
z)1?^+nM37`Klyu!LlSPhWUm*<>dHxe$n%M1*vX3F>cv1iTtFLBd3X@ndMHIisWtc6
zzzA6#v^^1&kcJ4yLyia-x}5{3LxEu;?Op%5sG(?b)_+2H_qF|gfBn~*3oGXPeIf@|
z$oKOgC-==z^L4vA`h%Y8`*HE38Ch##zkpn?Xi9}lIqjk-V$6hoI8yfZy$@1AUeq9U
zVU{QdKcxln&t)boM75WHCj_n)XHF}6PKS-ZwOh{(W|~FC7CV)SWHcJh`8oRF!D_BR
z+);=rWk@k*`(M<A0A+3>N%c<x5UByd8yaWu>!F1ZJBQ|^*cWxXdu$`(Kh*{CXe-fv
z__Z*L1=E<9P6!>o?s6Ww)ibIl_$XPQoUEMg_6#pRj?S(|C>(OY9pmdBw$Fx~P3*7Q
z(VJL0UmqtgpJ!nTBs@jv(IrF7i9!k!j#$-a!8&(Y^j1$MfDHi;lW5uKT#Hy_uC!qi
zH&OOTTj(~QJzHC9TZs&)!WZ?kTo9@9zHuSkNfYlMsP|+9P)HzrxdyBI==!izV1%HU
z2Y}L&6I!QNN`%)zgaRW*(bz1uSmjMjS78gsh>|eKguOCtkEj`Ar28tRD4?adIIIML
zuyWi$9`~go4RG07YukC9Wex2{C|EdbX<BJz*_K#MTgH`a!(Fo~rcPIlaT+ip*624{
zHc=U}U39f?drWfCJtt>lX!%$>{JahJS%>!s=D;8q7xB(sgSk)wfw%DT8an)$RNgo3
z#FVN^oF)t>mQyf=*vwA%uENK-P-1Iht5uY6kDSPnLx*6rvoyv!!5c7Y2yx0+-p+W(
zz^&`uhRY1n$av)yu?h8|mwwWgpXQF0P7lv_)CLC&DYcn#?${)isMzeOP*1<r=1@n>
z?`A6p>me#6)fU#?63t9|wYF>{M;oPngDk2Xj2)cQhjX=9y$B}&9-{8?UGD*uBVePZ
z>x?ZL)MCeI#`Rc@zslGU)*0$9TQpw~{BNG8ddbQSd{@`sxoT#<KfRruKcA@|sE5d9
z+sTBKy_8V>ibX%vrLzlk%Et=sA-URXd`hUQKl|B&Sk)BD8;(96x3AtDpeeE+6hCj>
z#&4jg_Nn%n3IyUnos8p#?Mhe4(i5?^uy{5))YC8!R&G$IE8dDuqmXh~RSLua9cgQY
z7p|TEdRMH~TATNy0vBG~wB1>0C^Az~dWl>-b%?3M$cr$O-}78b+^c-B!7O@8p`wfs
zf6J7Ah|dy+6oWC(ik3W|ou1Oaq`cKF^S+xG>;t(IJL9o*Tb5DG+UKs{=ZAGYz2-GS
zpu}KP^082l81_6x0GLjz#-o+1Usqll<96hC{^Tq9*f)4=a>d6*IKTYiBKO^sa6VYE
zw0@yRyPuQCfAWubCosWAcI45cy1%Gf_b&NFW-S{1`As4dmHYi?GpL7tU)=GHj7UEo
zvOSFY^0?o>-pSR@__lShe~@|KZ^}vF>Q(moczz;re3Y7z$Yof|J(VI?3n4KWu8Y?%
zN__4-p|4c&<<doGIW?eTxpy8xT+k`PP;4fYWr1KIY;tIobyNu<Lb<ueub(h+*rF%%
z$7^2ZK12;09j0+DRR_|#$#Bm8!tEF`y@5O9ijl_`FV=NQ>XX32{MIgcu_(rD-m}@g
z#)T``O#hcXRHi)7lV{xqa%Ew2n*ZSTOGk`;uPE<Lxjcb<@sOXb8Jq0QcKk}7v?x!u
zzu57Ku0dYyW2{yo_M`((NfQBy@|%YcaharC=_28-;RTJK{iY;?x@<#2e3ky9tY2ut
zF3bQ(L`tGw-%0em;cuv>0B_|ifq93cTYg5%-@2<+jxj#n$Y7pLJ<vynrW&vaObvmP
zmmDr>Y4*{`---k^J#<HqH+)Czb`$HW+#+WzVa#Sb#2SArvxhqw*~;?LC_$;geZ-br
z^;m1l3;c3-W92)Dy7O{UQv!8iZj;e=nrk9%!l_`Jy`H1dZqnTwn=c=x3nB7c2dT!g
zBT1EANzpG-nu2KEW~N2M59;SLuKL@_@$=m*iW7pyuiDgY-EuVogf!8vuqIZE;$|wQ
zDJp(U#u$sAnFHkMwa{O6gTDdEG)V>cubx5+L<8$;4Dr<Zyyd(T=;%xvvcsKhfJ*^r
zTt+jqF7DD13Uo!W8_g%DV&G%u336Xh`Po0`cwSSX{r}2s{1=|g!rpcCl14bn;PXR6
zIk2}%-^^XPU4BmZhx11np`Fy`j(K0+Mda3=)ab3zw`nxudK4vL0({A6)!83dL``>L
z(@z^pb7|i@$r`@;Z|xe2K3e`OdeG)_YSMS**KK5(=Uv;ZcfCR4S3eWZbYNtEVhza+
zLEsK~cJCgJ5P9@y?p6dF<WV$?%thDU_6b6lC-8O!t(D@6jFG@_il)%htsv^zjlRF0
zh02)}S0B_Pk*fCfnsj8PC9$I?iG<t8Gl_Xyh0`5*e7vh}jdsacMXQfCp9|(-#|^E=
z>h7-hO`(TA`8~*lEEu&s{2?9s$5vk+Mcm*0P~x2m6}Vql=jR2dDH6p|X)(~PeQlIQ
z>Tmd{8mBI&b6Xvz*Xg$dK@f=*?aB%c!?aY~)y^efn8k2N6|q=EQiih_WloK8LeBA#
zQeg<khj!FY!9kW_loev`SSRM_nUQX4<cnANBvQ-MWYS%ja*>%b>c$8&sG0y&be2b?
zY_m*po>#d-(y3#&FyRw}OAfO~p+nU|O0n{4=~sSS<Mjb~ezKLnbeqAemO*l5%S`*l
zC7?Ft?K&!2QzCeL&Ofu|ViZJyvM3}f0c%0NG(vC6dV(>EoxwpQfxI!wWs{Y6PE~^w
z_78@CnH07|sc4x+tuy=Y+T~KOJZ}==EF!<fla080Jn9QS?AwuO?lap)pL*dA#mE3C
z2$_WXK~hV5H6|GByC0DmI2q;x^u{`qNR*nnk(h&Xq}uPa+DgaiH!TUXu~O&HSp{=<
zSW;?Px<qE=!cH@NgLZc$b+zq+S~dW$Yw>f$-MwUX#ikf=32~a^5sN3%5O&5Qm9Bkq
zX?sxvDppF(q&z^(m3s<4Yp$L0?hCcjn#YWSLh!-QSc4S{$z(GM?dp@o21c3h=fUIU
zVR`tn@2JF|_?M3x<6u6i6``!}RmC5b)})4R1R2r9hsCqRdt@f)*Dkk<oW@iGeC?yZ
zmetqEh~=7mtP9Fd@xU>SPS}4jI3tjz)-xgKZj-XwTYDr16SHl|mV-!AqrzV%KE?`>
z$g&+IA*AF-(hiwlO)y$ZIyWqly^oBAHt4DYF@=Q1ZOysNQ)8D!m;ck-ut@=O9kk)`
zwcR1a0xgmvFEIa4Z~Ge-Wj;>)uin-<zrduB(slXBXI7}{VH|ByJ5f3St`(qmIg-`G
zUjXnB%uikOA(^ef;Oy}N)|3e+$pX*DRWXB6sBbu0svYI4@Q~aKT~YX>jEHRl5=w<q
z0mw2F7MWQXKN;!uyP@jcti1Qm{{Fc@9M?v`<eyqKBF76j!O^PGV+h13eEy3Le)Zz@
zY3A(ctWeyd-Y42d()a$z-K5>TQAQr#Dbg?BM*SbYt+tuoKejAkf*@x<k*XLm-k~1S
zBN9uH1wQbXoNbq9{g2pX`Pn8{qYO1u3SElDPP$Kd16PI|vNA+x{<$iNz{z8$_cgI4
z{ey5Myu^YTqs~f$nO^n6zNzN7)-1wy^{8<ddZEa>Gn|5JTWA>g$brL&xZSWiP3guL
zdf_5CSezS70<C+&ip~<RrT+wgoT!re!QJ{Jv=%eW`5{!|5>}BIiIx1B_Tx6_aTYD2
zqTkSVIANc}1DQDBuKRo=jFY|TatD`{3k>FVNsA($h@}n7gb|=enfyx)|67?{&ctFK
zXEn$7w&fz3LdNGae=bg)md^WUGKn0Lb8o@nAT=Jz*<z*mW+wLb#C&&!X!k{f7R|YQ
zgokp0V#B0rYTxrzQlgScO|aEpn~O@b#bv@d^hZ--Lx_LUw)$6Xg&3iw(pd+W8Q?!u
z|M_j;@PfRgBtZasan|vYfut!%;J+XgBub=N7b7rF0qDMMW9Dkeio+BlD0J?%Sg%XS
zJK)jj5LoQdgrGE0id_M)K<hV=R`0BA@ts)Io%BPNIF%lV=v6hyi_`pLDgh}l*Do&D
zO*ZIKzpS(J5;|?CbBmT0xQ+xuHURagN;;5IV@B5QC|H%?$kGsEUn+|NM^PXxDi6ay
zg&oSyp@rZ;%fvTYZP+__>-V-JP1~YGT_+ZJ<E)UG1-nbw2BlykAHh+Z8vz-o6~|8@
zRm4csHfFCWSpxK4{0A@HKvtJGb%G9xWud_IKfkT`W9(j#e}w4h*-BB{GBsYFdNW}$
zP2`k{HTec?M{>pGXw=gdQ;b+ATz%C8kcXsIXJ`nn_+e;^(BJ}#gVxrh+O5YQXR|u3
zS4)^z7p~ApdI<3kD5C5&sjQGOW+{7t^w)16?^6y!fDzV|mEOEtO^NJT*tJImRZCJ9
zU_=Ud&d;pJF(LyYKM7LI)Uuwb<OC5%0tEDyEeq22e|6m>rcgoE9lpfLW?0a&`BQ7<
z8>i3M7FqhEN8;m`o3~n8GhpYD*%x2>gr~Se|2t;~Vc}tApq6y4%rcws#GF;HiJ1qT
zoxBGN)ISSizn_a{cySKy4NzCp=o$+!6t!0y)kiLx2%Ln7k#G)Z7e#7)t2&I6IB!OZ
zWbh)N49QGRbxdC1H^CV)k3WDW3n15z#$;=v@4*sl<5p0dw?r*JeW<7dzD>oy7r-4X
z8`wW?7<Dbyqx>G%F@$q4T^76TT7+Gj=#3a*fG8G3s9wtOk3u+_6QR5(tOtVaD~>VA
z-&$9TI7;CiE_!fVtR(zMm1r#mqWQk(iTQis*dE#!1N0~~O>lAToqS{r2gu=hsskjb
zZ`9ENTk>Q?k;$bvp4|^$N=?R##Wl|GoQ>fVlZb-3SvzXq<Rb6tVhcNliEJG8fY>$8
z!qBshupZcj$AqZgmpo;vY|O63;fXT^U#vX!0M2t9gx?2`X@#FxaEfHY$i%xF=c10=
zNr>r}R_rjr=%1(>xt|TBe%>i(#315wP>K5T1~aG;7K3CCu57!2*CZxIG$69hzM)$i
zX)pmDb_!nF<o8VtT$HM$7|5;gAKy---g{kkhRYuR<=e~Y4M|P61?$+{qs$XbjuVE`
znaJe3PD<e@yPe6hN{HxBo)x#bhdX-}Tp8fVl$7`iEh9?QRSkVyV$ihf)y4}I?=1MF
zl^sWj3_X_fkax&r9(y*(e`$n8&Du}LFuGJ>IpB;OHJs|MD&ZI0Mf<XuMHyrTLa8D7
zH=f-?+Q;qz{%zWv$EVSzKyGH5n4Y=Pea1lb=Q%wwI~O!jTi-j?G@wsrcQL0yE~Qr}
z?>nxDH<(pUSTbb($G2;RI6c>S>$jDHU{A9f2hJKOfa$1T1np~GrslIa>=s!j2goPY
zU3FKeaX^lw$)4peNBy`tBgLZ_+ZjNZ89iE_b(1fqx9aSV4#Fb;*ntx^@DxtefO_f4
zxU<?Q5OONPSh^JWxz3d$aF}2>O4FD~S10G_53-&HW8Ml1gvV6qL`LAI<m2j8N-QdZ
zEF;jhNU4oJ7DJ#Qi%km{CWB*XAqEp0*p{X7;3>OJ6-($Qi9&}G3xl4=urkE%la?*h
zuIK5{b(<bysidgw>qR1M-Nh=gc~!}O_E9SL1X|a#K1$Cd$r2Q9YA`>f7o#ERd_K87
zQ?~v~SC(~F<QbP|9z>80Xz5glb$-7pBY~L|%Y~YtDRhG%9|y389Ig2G<mUP31Y`}J
ziI%W>Z-yX+8Dc&FT-eiYveT*i#rA92Mt0r}bvjFDQ{8tAEPijnc3Yq0`CkX#34&h>
z{mf4&$sx<&o|`;{4CZ}%%S&lJ&{c7Dw0Xs($-s86W+PYnDB47L2txb`_{x=!>L$~r
z8vSmvL8W{zQg(c*W2UFVw&3{j+(8h<U_CN3lOQ6<FW=TNQ0PZuCi*{oJB$Nr%Sm}2
zGsnv6|Br72A|bha2I!R3Kw4OLyr7Yh{5-OxEk*k8;}z_Ldn1y1;jk63DWN?QN&h{|
zm~OP=jS;P}J_`bDJLy_6tL@zs9^2-oVJaLH>o+=2Fn`9BrXqgGZvOqHF;|()+F0*#
z($pCgvf0085J&{X$zOdTzNgdeK1Jp(1N#N2UxB=WQ7v`n&#AZPl-J#>6s4X<F$FTU
zez$nwGDG*=u7)m#>#yH#*T*sFf=xr5K^1mytPy!vxx-15&Z46HTevO2ju1c!wHON8
zO(4Or&l=j^ub8<Q70F|KIRZ+qt=RtYn9gi2^LH-Vk3~mYCX_7LGi`>+vQ?LsPkzcl
z?Rv#P&^tx2nhlM*@mA#zk-F-k!Yt<`WOZ}X9Oh)@O5ul=VHq23-Ct30kaE5Dvh9Nr
zn$%FAC!K8V*JMwgC(4)WrP7{e(+Z-1Z&7>V6f&uWB#Qd)B+-qx71=%Wkd#{{$bT<f
z*g6qrIOzd>Dfr^9fkeq$^ACkjXvmtL3Iw40SIP1K)m#<kFc?i5M^<4$(U|a)QMV+K
z14t=u1ZhdRp%|?BF(J8oN%wO;ktd`u8``%SmfMV^9&*qXl!x_S(U;nnG~hVT3)>zX
zr;D??_ub-n?SvgK^eaMte;`~nz#Vr76#_5W{^ZzP1NtQBHMevy?iYFz+HTq_Ub0!K
zXU5EzLpWCW@h5_p=D97V<zXPS1`&&IWz2c?1EMh~92SC*Nt5u10(5Y!@UnMEE(gd)
z6G9ijq5TqWVR>_N1qw8#XaA9j+QYM4xVeabye{s)*+EcwnT0uwl2tZP*rKIo&i99l
zHSInM+!YeRF$Jc8ZpaD`^_6}ZCO9PL(w&haRGN!fCN<ccRhl&*KU37&F6WgkH7Os#
zG#edJa*xAgjqVzdJ@T8Y`ZUxC*MOuqg$^AL3$=N%e>z}zT&3PEjOkD$T>m579rqaf
z!t4yeGJ_#CS!)LQh49VB7I=%ib(A^+Vi1VaoICq7trDYJvF<B2L03@_mAAHpm#BF*
zb&kFCZ?G!hYHyOGq@F9mj1BS-pP&N>W)p(|%9KZ5jHPZ}$ble<I|LK*YuI)Z9}yMi
zvmjN0K=JSl8Affdrs@6OZCLHPdxb6ol>|k}-aXg?nqt1MQ?&nwaI3t9_zXtUo!PeY
z=p*oqZC|12n%gN}32k7Gx2+7j&;>>5@jsy&a%`^3sPt0PWpwJdHSZa*$uo1PY^~le
zi9x;(xRFFg+54oo?nSUED0vwHR$DL{xg!=p`&egS_(Tc$XjpBWmdB)A<Hmt<d5avo
zP?>+D!2-fG-Vm->uv-;<HOt;QF>-VZGnM6s&{QbmpuSy1X7%@JCxiA9UVhvtbvXj(
zH{T?Am}nqjtsJbEC$^4@D#gPE5EGoji*!T{)GlO$e|2dTPCD9q$p)yPIeeujHjxH~
z<3HIX?G=slb*wyVu0mdDlg~XKAC2prJRa^JAK}>>e(c63>i|q4D9wT^$;4kzW)GaA
z@2g6j{)yqi#Nic;bwK7>7mCf{6O1K8Qyfp%=3e(C4tSi$^+*c6#lsxB?`4OWFGSm&
zNFX~wW256TI9fVzd*B7q^ornlp*V61zj0&X6KuHP4eEYv$!%aUg||za;zbK<PE-SZ
z30|o$^Gs2xui^V?Ug~R>LVaTgc)WwrUuHYORxTGbkr|Te+sDW<%&&@>vg1F?e<=7Z
zujKE9q~cHoDw($=uKSO0Fa1BlE%W~WOSrQXQA+90=@Z-V{-P!#$Bwb!p_E3;wQ7QF
z@*}ky{t|BDPwl4vN4VAgmvC=AxBVZ&J@CJT8&Q14>E)MjKZiZhAns5Z3RMR6dOe{3
zU&4J(%h9n((lz)elT1+Z<;$vK#c5C&9(tktqMM&&y3i>o5tSc0mi>JsH7dj(qVF<1
z#*>SKhe6~*A>&U%8K!R;igDeX5Wib>yeHJ^lE?eVUOM4qdz(JOQ{WAyWU7+V40^P9
zil`r*msd@NNI7LWpc+XcY3ky^)A%L27QghBpHSLC8Ns#%$q@sr8mr%;s3uEk7#KPL
zN^F_q{g@p=qXPda48^@Hg_x_(>PI9J%CT*)23cRDdwZ<12v>Jh#a9{Q2A4bn=I+uL
zN$z@|++tPCp-8XK7Da$ZJuir)d#%(2if<5Zd7~8O5k|~oE-V1*`&lkmg#qGuSM&Mk
zubJ|Pq<??CtK3^ZbkOG#6=jaPrP)Oz4ndiCxuaRF!@*3zH=)J^)nM1%W4|{)`1kud
zdN{e=4Gavt_l3*F<>q@mt{gm>?d9O+_HwYl-LDKRorUXh|3=~b>-X)O?Bw5A3wyn#
z+U%q^Mx+LxU3lk7KN%HBo%ADCWRC0o*%qi&fwmRTo#?lWn6mr&uEkqo{c~(DMzfcg
z1%;X!bz6G>`lr%ul-M%i0;frEi9P?d4f={<g~{pDpeQ5ZUI^E@9ymhnUs)6?F^1j=
z6XT=>assqDQ_?PW6dc^>tSfxPZItk_(K0`Nfu@!!p^DyRCX1u80AajU$y;Qm5O%TD
z=OuXhe|5aJlRS1*Y(zkK6Nb03xy!z}*Z3fT=^zTYh>vA9Cb1}RxcLn4FeJ?J?+_j_
zygpm;qh8~f@@*A3)|jzHaR-2?#{G<yjZxbC_+kraSjDnYUj2{bBn8@CmUIspjtU#Z
z8D{YtaVgYDGo(xb0~;|T77b%WS<OrMY#DyzGVqk*4!;9cHq*`Z`SSQHe?Z!KIrXH`
zaGM$m;HJwURY1uy`JZFz_C7=RAn1|gPL)a&r?XE*B_GP^?)tO~48Wz!nh;4)X{}<s
z3ov~Z=~>=kMF4(AEj}p;M=u8VA8XC`_KG}K7)Rg&M13z7SQh-F^@+@6Q!$^brgP`c
z1kG%hxn{022D1F?JjHwg3aa*jhW3D-B+f<k3r|!+M*VS^aS;7EYDB*u`DO=CcewGh
zCZ<0zNx|9}okm@P81YX9+zyuVqK^!mY#NU-apM84c>`m|e!~tq^7R{F91>>j`WU-#
z<1pdR96C|<sMO{7bv-Y|SpbGe@O205pBt7goiGtbGG8H}JN+i@ZOi>~-W83fnx>e}
zIg^cND*h;t&}v;ST^UfUQmFIBvXAK#Ib=4HdPj$HfcT`j{)-LEouE$BrS6y$PVC0*
z&UZK0spEded<jzzMva}h&*Tr_81Xxdq|uS^`_9`g`uF!6kG|2l$#4``W^013tY$rr
zEF;diK$G3n&1KtG&;c0^cR)r_`VH=Hxd(Wquo=<7T4wTgQz;#x=7tumQkZr4_UILI
zk8cfE$g6*qhZ$_1F`7b`4_4)Tzi+Q5bFre*j&^e8`l9D><_{hun7;KJv%Qv<(?0G`
z@Mw3Mk=c8=?Y`d+w;#{1+@b6+L(xX31-r{HWE{7r%*KPGgh8CBE&$8e3|JwmW%UJB
zQX;|<<VDiC95<0!GLwPXjCI>Bv@MZGncZa)g11t0Ylee;)Dvm?($khe0snZ}315g_
ztWe>>G07w%VC>$n#yy=&;t70kJ|8q`_XGsmD4M6Yib&#l&pE``BcYzxd8R==byxt#
zp<U<u83Qd2y;Y5smpcj`1}wrCnI^+l-9n{0i-JOQKCC5J*(R(VXBk6@8&*<cuP1UA
zHQ2Nv-PDt5p0PjODq0~_!5r(DnVJ~OG8!uCD}S-~->Lvu8a2*LoIahyCaPTxU~gx@
z730^A8D>>k9z{RY^ouW)WyEjQv7pnQX8DiR>(kI$eV41n`etPa-4z=IE(B1kA>Zl)
z5?)#JIDW{F7acPr5+4{nvWBbvkyr12*X?F(TOYQmmQ9CBJB$kgb%YzY6CgARI{EEy
zk`$_0(%|RmiY(0|UH*7CTXp8A2({$vA+7W-#xF@T#e|TdKag$%`eR9|Lo*JUl9<kg
zO1m*dcywYGva>!COGg^4+3NGhLWDyGweH!K%cH9%HLpU$sG!1kRU<Bmbh4!j_zOT*
zb591j*=P}%9+5oHd}=%lsZY9Ry+$jO6TVuaslgp15`wOnYJr*!tomk~kL`S_)J5j5
zJL?+81<wMPdx_`XLwB@pwQShFmCHyj^oDiALE5`z_91-w-~KhIs8DEQ)ij8vqUyh;
z<wV0`-~L3a@Bb984iWd+<?`eIEWr~P+|@57V>g4hq=wa7C6y{lW_M>0ek99!i6Jp(
z=M+L^?WK(kgT8Q83qOib;RKHP$RvIS>XnxiM!0jEimwiB8Ebl!WLwN$#2!c>kh7KA
zz~0m3E1X{ztOZ656b!u|989vwRbaRtUM55{ztc&_%qF+0?m<<MS#qc)lovX4S@Z6Y
z+rdlIu+a1lW_4wI&>JXzjhNOtvo>QCNy@uhC4lZz(TZQ{s#Z$i2(Y+<URcv*H32lg
zzZ`oWH81UEZc987E#gSX2N+58-1`T74tT_)LQqtD2E;QW8Nk&!$J4tz{uzxV#0k5u
zxFpS}u#UO!<39LL0YeM_r+}fqUlFP@f8Y5$(X5g^#^Oc30Z;jG1q-e=A3Wx0OH)7`
z_E;_WpZYU72RxxBiDfWH(M`(pP9nt@juwPvc_{)+EdMIt65bN_wh^d-BWBnK{%-P~
zEw&QSb($0?XJC9N^69ZGA9lgegF&-{K%TeV(gU=@zo2Yt2ZKBkJA1FUnRks0?>Q#o
zrAOpuVa-M)qw&)UeoEW}3^*LpxL?f!d-J)-q2h>y0NcQuMHz68@J|}lBZ8$_vi0!9
zQV|;{o1(rvzmAxT7yU~jw9t|%PsX80AIx}~mTXxpW!wY&Q9pJ*2|g^>d8&$fVBB!3
zVc5r`dkyU{u<m8yV|t?HC&DAMnIE(jBD8gVfVLQ~^wg%M58_KCJDs$&y1{Rzl@PLN
z%6hk)O0kbZZ(2h0u!2c*7(KgO!Zm3B<Nyxfv>w5CGZuE6pxtC~?2GKOrzsdg0x0XA
zd!Zae+@KGkdb~@;u^pzl=C{HmZqRdV4`%lFz#|LI(ZzOA`*ZjFk~ru|MNv%<+1d!)
z;a<Imy5_KrzM##go^f&ZXxCxCsFD0oy#9hLFZ@Jn618&>mSV_2&|Ks&^%t8_UiGM^
zoXOnDol~(DgtffIalkBn{b$Z-%`}^5j^@o6saQ6*CrK_bcIRW~tB-y(YcHc&#?x}X
z70ieN#2jFJS((!4p*!$*o<X8BMsM|HsxV|rf|klIBQX#=w}<2m{aX=!%o(0#^LmE#
zxWXV<I>P$rAD;bwiT2w#`)WMv=q1x)46j{K64+&kF)=n9)x#HJi&lrLw1vANbeZ}S
zJ44-J(hz(3ZbYiVQr1L;M9fnq5H`e&*&^Ot6m|Lhyy6Nx?(*@)oa7>S&^f2uqasTN
zt0k!ks2*D7BTNitL&UL6A4a#CO%Cuhkyy<e7Aj&JyiE$bN}^r)-(YFAN8*yKtU5ot
z(T1qoB$8np?4uefV)Iq1l)^ZYPC+#oD7Z@OX$WEyrF#&cM!+f$iW&M;ve+R+VA;$(
z+0LSLEFYs4Nh@9{p1^f)kXn8(_R<^1R^+MBL~0)#MC})om-U|6B`fpsd>xkU!y}*`
zI7#rO)=^jl1MV`?(pn0;IpIosU|EB;hAnf_M35eN!6_CWT68%2%Zm}dLRO+}cPnq`
z==|CGAl8U@o6cTiV$%TZL5jLiid0zzvod8^1+t?C9+d=nHN0iJ>W=1G=3Eix+ckf>
zygZ@kW^DRfXw~`-xm?Vd$_N@{jZxYqTNZQh&KE^DEM6)E*+3H<7iuEb#1unIBcbfo
z-+k?dn^*fK6^6}LW@K{JA;(2GAl(Yn6q$j_kY{02!3#*q`9eOX+cs9|KK)zuJrk=a
z-J^txf3XGh4GxT}(cd$88QuRL^(dK-2P3QWhXr-+_X8TD7xp%4r`s#nu#-DKTY6Ae
z^1uoKc=J025J+5c58#`dBi2!yr1y**{gOGDwC<|6eX9$?5D}W^QOq08=Z_5<y<xW*
z;irl9I8$Te<W;TiP^fhaVbB5Wqww`ygWZ$}xbQGPFQ<P!7zhTROe~GFeoqMzh=s*7
zxkny9W)T}1Kcp>57BjWQ5T`K3q25Z}SL`LEUz3`amaW<`ccG@BNKckwV}l-ui-+G8
zH|iH#egw~VYXPJyhb^KqN%xpV88D>dph70eeM2tlH2-$g^7@z&yt6w41e2FbdzSLf
zDXGddJiFvw*yh#FZBj2u6QBbzFU@`VXGz0H$A6zKRe_D)0DwfOqU3is4L~_H?T|OT
z#YD*sh;XST(!^|5spLbv@C9f$B8&bFGM(2}yS?<<_CAx>54WGkdDi28(uzK^!k`k=
zj_g)mxLj{F?`Hea8l8&A{ynI)S|}p7Fl$~h*$juBZ?aYinu9<W@I<}gDlH2f(jSyf
zB0;IqZ$1affin)bBcEg%lwLNxN^7V|bc^EalCnm0gKNI)di2LIGvcDT4ocb@&n{56
zT?0JyjYCA$x=25tK=1aKyKGK_>_|9iMmA%Q5HGSFr?gRsfrW$3V3E{$6i+dy)xVa3
zW!nUmnra&p=SQ4RtLX`iMI&C!RprP)wZm-Rn2-^VUVC%_3w((KQs&@hp9_A<^M-tG
zp&f3CYY7=T!WFQAOd8&vTaz}>vZkn+?yo$pH{A$G!OrZ@F}7c}qp)PswrQ)}EYbO=
zF&s*mgpz$47j_USv1e54y{kNyW$v(Wy7@pfHLMcSZ;?Ur+sh4FU>LPOP}D*SS{Pra
zBJm}QE23d|=Z60o7+yS$r};{?l>uMF4IzOl;3ce3*<3oPAfy8`20ZREV4KL};v<iy
zRktben=+GN0%<C@3Uuu4#}hx<c9k<{zTj9KV;r4%z00uIr9!{F07~<KP6nR{%P8s_
zWsbPO|HiSx^o_>7YOS)pTu-KtYkpBYszZK!b=$!LN2s!8>E{aK#v#ods!Z{j6}D4J
z;xJ%COUmzEXB>rORil_g%~^)tK@Jy5y~j+P&RtR<62p`QE+`l#T<a(VhO!$?l(iKX
z1<B`aUjc<iK3J1jB6&g|8m~h2rFciDPp~eOwcaTYizZ(K82>w}D4*B?u?m4Y7&a3@
zLuvnAJQoZCRsh*UCzFxNHC%Y>JWCGWG?ZvktQ3bh@AZl$+Ud}KUtg&cYhtJlS}{49
z%V}TioN#Oi^~>UUqy;3XW6;rw0e4{oVRb7?;0km}+sLY~cZCg>Ct)+iA){h$(Tm-4
zor>0tM@om{uxB4bKas6-60QvoM~xoC%{X!-1Y<t|*|QcE3297j+~#N*bjQsf&4Oo6
zu?+T4Cy(G&ND)FZrbLGfR}LcjzY~j0xFlTcYhJ!3x7-m!66cuv%8`$ZXgMS&=|XOz
z6C1`(W+Gf~JxZHpE}SQDvVAO|zhION42uRK0mclVnWiJA2;qR?gb?P&uJo(nLNz*N
z8l8tkRkj6o;;e}a3S8i~Srx=~iqE3f^#I$<5Kl3LW@@;lmWi)o`;wyF5LkVh1#q_>
z%C=z<yh|}-YYyH*PT1%}EcWWJaS8n7R!>oR9AEgsj<o7g!987S?M+ADpXkR;^EK+U
zEG8TnN55fAXdt1ctBcnFS;NA9c1^@Qa)Q`WpjxV)nf1mB?3G-Xn<^ui%GTmFL}y+5
zQ>|)!J;Utd4n;^E6xQIN-z6oDF0(3*6VPR*$uNG!;rFxhV?B^$5+t(o<I6INnMoj?
zqL}I-#}a!(Do)&6Ox}uWW)nQ~7}%8T;m78p{K*q#7y)UHgP`ltzQm{O8fSYciOV=P
zs37j9u$&b%JPI_xIJ#(TS^$lH?HS)I#y2yTFn9rp_Ik6cgzj?l;W}X}vQ7*&L>6vi
zINcF+TF$8>B2{iXU|NIRa6lO#f>@T4lda&SNW@Z11^hPO^cSw`jlO*>SjqG_q@~^=
zuO#yZUNF~2nXMOKhK|b@eJ!w{aDe{jutt08^+VWSnF0XG<o0Nq=5{?7Y=2F<Z4oNc
zn(G<FWwGLf#m@|<cqL%St7}|r&yAk!$*YF_p8D!w+gxC6voR+DTW$NQvFtDYY;m4o
z{CDV3^#7mlDtod2=i~o7p<{#T-->&K`Tv}MKI^Bos`3A|_0>^vG~JtMa19Wg;O;Vn
z!Qn*%1b2tv?(Ps=f&{nV?(RAenBeX(xVz5se*62*p53#3`j0x@eQ#Brs_yD~o-5Y>
zBisJpr#eFi0(AkK^BApe@b+u}Z&5wMw6}`+H0b|xYtHb!Mez3eKJT?x-=Md;W!5_X
zALZ3O%>S2+KHwhpqV2s>v=g%bw356YX;t9$UF=;2Q0cuh<IVrO7lQwli-d)@`L9Be
zn~ZlcYu5KF4e9LlFXaKY`c5<|5M<o$zB)#fzxoG>IucgN7W~rz0vfD0Ga?>p12nU$
zny(MXHPpzABz`Xsa}>8zGhU&p0$hr+)V||(ox~ftoOJKhvH&U<95yEZ_6~j=HJA_c
z{V)&?z=R6%^OwHeZw@u28IlPHyiIIvZAFKKd@>{x^t(H`*kpEf1p7tM@55OblC8G=
zn>RjT1eRD55COCnQ;<!-soSAyX1o|Q4B##Oc%Z!UhX{PlkTgW`j_5o%{r=OtRO&>0
zn(PPfmc4^T9jju&lsavlW6V}h3Ug>C0YnDjuPP;2izQu?$XQaYNP*uo0s`gqx)k1{
zgV&pSAAQ?jGWH!;ii+P1R=)MySB<xa?$o`ZRSm__j_B$^BO<^CY75XUz`#>L0+PmG
z(pdcBKUx&paUp?wk%TrUaq$!$I=i8|-l|^8_Sdl~q#nr_qopg<7pFk+TQ6S^lme!}
z25mI7CTJa7G{Q45uCO`kHy>O8Of$W^{oZJkm`BnL0?RsBOHztoK5)F)$qmLko|_2_
zlH*yjS90_PQEf}NNQhkqeYzbI5xLzZ&siUlc#EKkU1Xw*)RH~`Dz&_bBrE;%MnNtN
z{hk2Dx@>hOD`DJd>3^NYd``vdlX~pXM~PQmUHx-6<U18pPi}@Ud(OyWQ?Oo`Kk-jP
zkb3in$gy>0t5H1FTSwePQ4X?6WFzJpc_*Rc_zhy}17LXg*aC*>ql%kk@`ZLq>+GCX
zk%D)VMo;rpgM&JFS5=iPL43*j8wH;l+1SOZr*MhvVY!Gg<(KN$sKyd2seaYk4#kuX
zMg@Y8h~VG;!teoeQGQdcWl6uuB{8@!Pb4yMCNo!m^^Vs!R4i;LDybOR^bKz-lS{Gy
z#VsfpY6hd$aND(_s9im4^{r{Kq_NeNKjVNvpLV2<cf5Iy&<K!@T|*rq!5Q&?E%9(z
zO344TPot4FbLhz2Zn9g{6bBq`R%Ja}EU1K@wAEpe=YDmp>|qKk@$|K#)}Gzp*!h~Y
zd`tP5@Lg@KH3r1HU^seCR#@wRSZ6Aoinp2|>6<p?DE8HNPwi%E<|?-God44w?Q|m#
z?23<GYNpznMXkpY+SeY#l7%pfbkPW3OS@llcmps6AM%nU2}8Rn6g#C0pUhzde{5=s
zIgDb_t0o$Y5ioBs)m=Lo38yw0Yz+ZFg0I7W=%(steg~FhA3RK^FgRbX-b`#P*yeL&
zGgAypn(=HF5-IfKU=EzHBbh#IyziPe2&N-w0B2kpN6VM-Gr1)Jz-~d{>*Ma#$<4{c
z-0s8e&Hg!k4VY9mKkJ|<??q`6;qV*!%^fctD0Y>;SUxN9Z(Wd|Qgl~;(av1Q`6Sy$
zmVUNEfUwuAy|<hD<MrXn^$v&xiwX7J^G#4mJH~3855AO7NFbJyY)lR#!ih<XZUkx>
zi-l;Aw_)ph|6mr$%_*#?8nR+obVL=ehG%F;e`H<!FjmD;0HC4FGBmT*ST?*#d7I;+
z_5~GOAPc#yvxUh7d`=ln!NWa1VMmD@yh^)bPK~5i3;3B7Q|~ATmm1pHcwHvOcFb3v
zGd*w8l8a`!1qSDKn3c=fgKR;Ix5#V>^+~vW2xwZaq1B3P0?b0C>dSxAhL^d5C6-6G
z*vR|I(y`E@kE@d)>p)sm%@*-XprE5gILcFsN{%nK&Afv)Kda_@;z_tq0v28><eOS=
z1uA@}(fn&YZ>jNP@a<Uh#b%tSG8)qwv!WowYzkV74Z5kZHr`4=qZ#KCMTbCZRh8>T
z;3{pIy};Oh-jTdTwsf+*J@Vbgs{W3Oc4o#*A_aI&DdYCxNNd@C;!CKngq8&7NQ2-P
zh=Z0h=vV1Q<j>DWPRlSg6>Oqx*OGsKWtA%~Ln<_uIx=1IW%rb+@IxrLNE4z7tf;hp
zliicis*kMa18j9-)vp&a05!#~r7KPgffA+z=n#%Xz2RdNw@Gp5&>RuBe^Qt#2{A{c
zJof$u#$=UCS8;ciDYrnXHg^52CFU<|Z#)+RKuvcQ@6<qRBueYb+w;}t<{?1+`8;}{
z@9p`s(%u{UsJOlTt5k}ONS2Bhp?t5c@${&+%cbljV)R7aesbVrME&nRPg{CC_PCgx
z^7N`h+^=%oiRuYU!U}H+aGa<YmN|6~$fslaFDiYS@f%u_Me!8(0346%sQTlKOzNcA
zcfbD$*xnj^UcjCIjghY>zyG}L8m6S$afO@laxa|0>ox>i`VdzHC=M~q-pg5W2Cs}w
z{OFCKbAoJv|ACtT63@lrD4S=n2%@$LCsO27%uOQo9O>8A@~S5Nu$FWQ>>2;bK_z`)
zcA3`0uS<E7CCxkG=<(A_c`4q5xv4+v_*b;Om!I?BHa@iDEXW9LTmJ6+Q{|EZ6!Q0x
zK4uJ4B>{UgXtBE>so#w)LGXJzh8HPi2{g`SZK<Mco9l%Re^YaB!%&q??#*N9N@JkS
zEZx!fPU@RzR{@AB-Vx&45Q2^MYgUdG+)ox=f~;PdK0Hs{#3Veud9CNkYcG^tC6%ch
zf$Sn!1S%k;q!}`K_b}U=wYH@dP|P%#Lw3GiD@SRN?bZcO4l}2uxvU<|lDvP*2o!oY
zA7mqUB-U3b&rcKX=UF@L*L6Dxg`C$2j_b{Zyy?3Y4ry_gj<iO(#n_*~mqWkRI^#xi
zKnuv3_X&d%MU4`$aXNjhnL&h=Q*yeTPh#kDL#&P^k>J2Ih8YK51QE#xown?;^ng3-
zc7i*NUxXdEy9HPpw-d7jVR;4U!3DHoKhfGA%|l%P4kL$|j8966T%w5uCRY6ljc~OD
z=`5|O&t+Nk&@~D|cO6E1?3>k1ci4O`0R*$$A4Z0}^%N$!4Q4M6$l)b8M1>wqcxg;#
zbGligUkS2U&@aBq?7NKWY5l-7%{IlxD0VM$`M9X)#p{YT@V%m=hrs1`KLw7{otW7J
zzt1n4zcoyD1$ZuJqPk)bE(xO5ZGr>eICPFF=di2%Wy?c<?hD4rFLh|8SPzYAi!h(c
z>v)zdZn6TsvxiE)-z`5HHT6w>a(-T9J*OL;!Y2x%C6v2nu>P&4*cY4Bz1kS|ZEn=p
z(8!ZHp?s*__L#Or=*d?NVm;uqmgrWTC=5_wTkjFfH{KA;NR=lMey4V6QFpP36bT4i
zhJOf#1r?+Q)XCYR+GZ4diL+{C3adx`Fjq~B>#R6=8G%M{XBT~LD+Yq?o3g~)!75aH
zGYT!z9zso}9VhwFAoRypbunMO<RXZ;{6`9~oZvoO$PC!@f#EQapXW0suZx=~DKU1$
zhrxVUCreRMrcXW`gZcHWjptu=m{xyT$}E}TUxXW_&%2L>Yx{}n$dl-y5tYFcM$$4E
zgOJf_YquCqqA+AGgFURIJ(l1or6OK}Xmr?*@*#Go@Z90cSM3Z2T8MMhdqy7fd2A%A
z%ny<n`u&0J4Bl1lzNpu-69O*hc~v;5E>W`$ca>#_HLzXZjLdJ0*wH;$Ggq4g$<B1b
zJ5sl*&0B3A*VdZ;5QcPT*YXd`K4=&!++bU2t2|aF{TbGCRa2`I_1iV@kP(J|xz}l5
z`sAW4`FNZBL-179Md1s5k0kFQz|+}^Gi&>+r71Q-W*~O<%#Y9ihN;lot7yxQ^-}CO
zRj()3kB*RielBpO1$=nWZ175F>HE#JoD77yrLDBKYHrM^u)`;MT8`6reKb(0zqz}g
zD4QN%MHad$@iG4^^}`pN$bW_5n+}5jx1r_tuyRb`5W>&${H2l!rZBw@j>DVqJ;xTI
zB}Xtr^%S@p&+Le?xB>vo0;!VIl!P!@-RMW4zU*}#swh{S(umo4>r{L_``OlZ;yHj@
zAAwtp=0+!?TL`a`u<>2(0sPhiLF?eCX#PiIHp;P{33rS@qO9_7x(b%&-XDE7=|7iz
zG<s&XwAxpSa`sHA2MGJOYweMUr(a%YO~a}HSnlkVzHITu)Gc#}x#AiKHwqfRJKn7X
z9N88f__c+WRiWX~a*>az3DR;7Zz2xs+0YFk&{j+y;CwQ6G7vs-XVglO5r>u0Q~$f`
zWW<@^))52!klyjJNvLjg@5^apNK<jm*+;@uGGUTTvi@ejDxRE`m8GaM(|K^xns^lX
z9*8wUsGm6%Ej0R$!r#Y+W2h{u`7@9C`Fuh~Z_MzihC1SODC*A?2c?`pmi0eYZ?zN-
zY#Q0T0ztM5f8$l?XHU{fILtqnzzreL>+NH)S(_6T1V(&A{_<QuWn45?F1+Llcw`C4
zNtr3UvdJhgk`1;gQajStBrtG2n-p3aH!+6S)yi449SwKW;6T#hpeFlG*RzPIc($HR
znTG|ikhV7-Jxh7~ow3KJ*@A;_t_wP$8WNa9u16k~w)6nxn0ItY&;OKl#-V|iCd^in
zE^#QCW12cUqr$(U*1d>`uCOjsV(px3?7^B^y}aDCzTfLu4stx`XihNCLM+8(xG1ux
z@ZF0!{rpT+?RJ$+duP;H=7S7F+FBx$@w=@*70~h#1Q+z@MH@%*Bc3D+mNZX3$zJxL
zm0Y>hAi+^wzNHJBjXK6J08CwOiksCJO14_9azhey*t1bL6b&Jgt^?k|WL{<ckn~9o
zJ0R!~+q}K{oO|AT*QP)wRr9-c^!`Vx9SC;|9%{HsDkO2~wq53Ss`@CuBYW`3CcYmo
z#_=&qReOaDx9_zeTgp&C*<%_kWx@;+QOJP#?2%THxj<N=Q?6XivZbF)6|fW7U8)_i
z4!HF(Rk*J3m2xBmLKGNzJ-l!b=MR(G_%8i2IgdsebUN?r>D*30!g4{|GsPXkvTy`^
z#bp{wOJ9r7G=H9C<dSU}14f%K4-{K~16e$)B$*4*hL%FF_0Ly50?Y^5@F&ev`#M7A
zcKWH67x3K>`HXh-C5eB{$EAr(w`JZo3S;+}5xAbn)Q9S=tH%nFnPA{~_7;};D3u7r
zb3)EoUR9HZ8j0+y(nkw?=LmN?6Ehk2T@wkZOUGwI(!f}J<`yjual2{*(HKHDZ<~}D
zPKX`Fi3W&{JAV*tF$6Azg2&YgU7EFAUvA_qkHpn2X2&zEWyKXddQ_H-C63ZVU*A_$
zkI45y_I7dGa#VR!cgEMg-j0OHF&fuUTVlvF3sFJG(~h^$H$@s>ZZZh7+cjlujKfYj
zfr>`^mn28rDunoVryNsML|o)jzLY%qhg{?)J1M)N9Q^G4q_8oo_!i_vNjP?eu+{ci
zdymhc2m{cP%G#Etlcq^ev67~qk@z0_^g`Al!orO0wg{XzA`!FDHRwr+@Ag+oN+Xwr
z$v{kh#i2BNG)lM9U{P7oOx~l#gH@*YW%icB3=~y>Y1k32`?0?6uo&fnDd$FX3RNtO
zxT<0qRb8Ior|OXh+e;>sZod3{pm+u>?v`~XX(0+GLf0kQ&aZ?138`^Hi-lD3(6%Zc
z(`&QA;A6BukF4V_w&gY1Sfo^kq>AhpHiHB_PHLcpD|h|rh*36E^)(rFa!pVfrf&R5
zWX`p&$UKa0|Ma6}<YQ7OqD?brF5W-ubgO8(oddxYN0mg5bML?FC<~4r96NV2z+X-a
zMLX5sS9uCKCpAzj=56`}DAXqGk5ZPuv`~G0NRq5FaNjFpl;=ZU(644%`UTf5I60JL
ze)9>pn~E9y`Oo3Tm?3XQ5x*goZ8Qk9TV#LZY3%*=Lik)hC*n^{uGgrX{!hb#n15FO
zDzsx%vdY^~!ym(paRhRq=b=N0M2S9p3wO_XFQ?kUGYr6tee-(10Gn(KWA2!<LBt^O
zj)Krh)BzZ}VnQ*Sn}bj0jjle#lf1bmd;bpr(zv*NCH<4ZmB-BfZ9wpN7s?@0m5KBl
z2px$IaWLqtgg^tHu9gy@JCr#}8PI{rI!dh31SGRj_$%{W*tY3tf_2_qc+T^c>)=K6
zn(#JGkslgqM=0WwQ@#NO39Kc(9QqAsCS81*W+Fr|=^sRkVG}^Cot&S4YOB8XewES+
z#ca$NDQHp!-H#16&bW|P-S(Es7a3?J8hbpt`57O_oX}Z3BWwD*Qn3$KNG+ekK8^|M
zOCep~gvj!$`1Rze>|wgD&$vg(0H*!V^QVs!Hb?~4R>L+7k#C8=9%J2d#ygCHiDLt{
zvGcf!vi&*zj4@+h+aes1<l`5xJwru!aQ%CXu_2ePu}A39mNWstEgYM~rSqP-PkhSB
zHfXsFA7{Vl`v{#*TrYX8rU92gw`^E1!*6z=k3C;a(kiM)$aDtAA#FV3{X(W5^YySN
z*On`mLj!f5`~+Ad+gn<Kq|wlW5fg{N1F3BaT!!}53dOyhXp!R<csT&>TW#+&<Pr$E
zfl~n7SylwjKrRDWy4hilZau#<97>$n{(i*lorPRt9*K2}&c!ARvlumbb$;*r;ClgI
z&lgXT*W}fVW!t6v$tS3q<j_y6_c&Gnf>^t}*v5{6-0>$vI7a>26V?=P1&Kx&W#b0f
zygdve75Jab6=<;sx+^!L$*c&H^D(v<<-#1pFY<wf;OsIjUdjAAdRJ0uv6`zK5Jv5C
zc*FcCL_MgpdsOqzxX}E}_ucPO*in0ZxTU;cy#ZWD9<V3+-<M04Tm^!9#u4nTm@i9h
zTW{ZX*1TI_A_2}v1~5YtGZp%)fZkRw-??b}-b<<Sa|+K@!8a0dENm}Rku!7|1G*Ur
z1Rt1W4`pvG(LIQ^G|8!Sm(|H&7tAjQagi&D{`d0h=j~q>3Ok7u;)<ps<S>jD1B#DK
zjHB>kB@8X8_%jlk+S2Jql8f3Md%~Np*Q+Ff-eNMqgmy1)n7L>ZvfiUT@imxZ$YqX8
zcHl9j&0+Jlsq75S#DV5X7-ngqq@5zKEB(RegSBA;wf|oOR+zKBX75xVXprT_-HnMk
z35>6)NHZLQL(c6a{K|*$`{I6|tLNOQjxip%(ae2C(JRR13=%MCkK}OaLvN>-uM!|T
z@H$p)9mjKB(4g4a;j)MJdUCT($kRSREN3N0^a1ji9QXh^)W0*>`P;Ml3Ui(L<+`@_
z5o;p7Z>^^+0PE~*19fmiYP~)11){Aazse-q<K>HCnH~5VyK4{Mx*@neCIv_c;Lg^C
zzcI{QCJ%&4Ik%wS^zcpi^+IDM9RRSR>ECm0;BrG@VnZE7ID4N49X>>KYxD<lDI27g
zRwKa0s@c&e_J$`{``tPRpnPC4&OMxqR@x3ycnS<ZPTP7aik=5QJq^)s1$mvZUW%n#
z$Jd>H4gD)~7LI~5U-AbaCeEF5pU%)Hn6nPGVc{{XfmTbRLY7R#!+3qRJ#d`wN$Fl+
zp5V6Yx6+glkB@?&L^vz~G&m@O44GR-WGCPn?@JM^9ATeJ1w`oe;fw`4(hE4kQ!h}7
zP?s7b1)z(+cb)XlZ`di9j}L=ajY+qB+h*RTM(a3XT;qL8j-ifn0kw3&i8|kDMInjZ
zmQhY)_}iObq1`a%CI}s9FFOR$MrFdVY1R)VsLC5tnte}xGE`Kf?Gxv^wf7&GtWQ1F
z743H!^YjYoy6^mYKT8Ay)sOJuuJ-PTc!^JKIXrp_Wf@wkeKPvF^<PV}K`c~hW|%&a
z<TaRYC%;bjR9O3fFa`6AbsYmPi?GJVW#1babv6vDmOiuly$thpb?ij8J(UfeTHJe{
zK#48A3acn`&R(GxhvWNTrf29@LrKKI8x$Ly!KF4LZmWz@+i)B`4I|(V8h))>?8#C%
zoe$7#?w@d=zAabP7Fh=7dn^O*OFl-nk7>eRuP%U}>GM=u%6SbJV!bn`X+00)CpDg>
zye9aXMD)kB)SkB1brx>_1EyBj<W;qpwclaeB?nxPjF=Fwr9@r9tlJTkoqVtg{kUCc
za>1&}CFm+r+1SOZUC+C$v*GulvZHW!>CAs_dgkiG$$O@{$Nul&Jm>48U=0iTPv%%s
z@w$>s^i}M8mQ#6E>{x$;z?tnnNeCYK2XSb&Ka2PIb&bTPW5gOE`vX5wjdKHePknAn
zcIE9nYF^w+{I;tR{MwbDUZhF|1afW7gttmtiQLF5XXKn7PeOgOYm0M5`e-g4pxqGE
zZx?M*D|Fk-27cvJ9U<rj(C+@aCcFFPe%>}e5P+bX^Gfm4CpL*UBM$=My8tRKV#lBR
z_OHx=InU7d#Y?bi9ZEqiNOAHnc+3ToBNy6ep|u~o-k*sg4uP$HaoNq7Nmt@cX+LJ#
zd3guVk)2w>W=noaHp`xCQhef!<G*E|pdeIT%W$d#0L|it6X_RqK|7_xlZH1JSW5}M
zEpx`nc?r^+RcM#5|3zp0n<1&Nk3c0f!cz{#UjidNArUd`q(Z?O)Ru!Oz-WVV>aUAi
z=rU}Vg!8bD3zznLiOl@xSyg)okEt^Fwfwrf{fptTwj*<yeM>IHJsYn@po<lqnMi&2
zcRoDL(U1DXNqKH2bax=~1ZV73j9%@J4;9omLd8><;&o~b6Al(o&>=?LkHUPb*)}KT
zxkZU*Fm=Ua2R%|xLr7-Lus@`D*_aWuS_TxSPqP@&w0Mg5_*4RkpXU5+ueQfSV{!eZ
zv>e7x=xgRxV;Rw%rf!zZ?N|W4YQ>&_*)KbxhKaVYC5WI)#cTGT+GW2vjuvl-#v!gl
zW<!PE<++(Zubvksccn%6mqgZ;4Bg_f4N#@?xmNh$EMInGSf?9tnSB{Nx%}|ZC&MQe
zCwuCMr71q(*yM+m1l~R3o*P-Udt4%jO8jqGqUdJM#H^$48*Q~VNwVT^&v@nQNA?zU
z>Nc-e^lCGEFBG;0OANtxjOHOoXM(X&9HCAgH{v6Whc6ex7BS=D#z~FufwIZkta<&X
zehwRtQ`la$iopm!r|SAglV~y$7_X8{|K&`7>h}9(S3&%woT;Asgn6ebOnwiA?8lk}
z^juv)y)G4a-&vi#28)4LsD$9zYfl>tuCiU-*#_x0gZ{R~GRmenIC44+s=w;}P4oDD
zBi2&$$G?|rR4G6Lx34}0-w|ViNM~IX_A%NSDI+;*S(w<-W<kHSl@_>QfHeR7c^Hk0
zz%$6dK^r_wFP{~8>6Agdc>K<{2;cr4c;{%oME>hRiW|qU|M(P~=kO}x^Hy*Ky?<H4
zhC)9pS-omzSyqmN5yJiCCxx008x=kg@2u04q>EEaA1n|ov}|4KL&G{|gf;_6Ny)oQ
zpP*#IBA%T8PRq`DC<+K6dqy;8teF<!Y$R;563VefAmY%Nva{BD$^w7@`pyP;xZUv*
zj(w%-Ly=8XmUHR}XCx`uQq1N!@#zdqOa@Q0<GOesyE;t&Mx+SiZ{lfoAi}?v?LS@2
zQeZs>gisT&55aeiK%X<y*s&_!Ho!>G^9Zl`d#Jxd$$*e|;Qd5fAJPjNuiH_O-#2zg
z?)2my&?fR5QWj9x711F}Aq4Qiv3E8=(dkr=!L~Jku#%(dxr0aY(jQ^f%nH63M&aX+
zfKu+O<@!8$yI47rLE$H}S;q_Is(OC5@r)KCVaPBjl~K}d#RK!3x8&Cu^86|McLQXQ
zt|lN;^Wq=NXRLlGKIkh}BSk7XLZ-0`E~I}kuFN(^@P}=Tqd(CkqQ*WiVplr0j0`{v
zkMeJ@A99g4&>wQKt^{G;EX?10iyv|`#@JDz4dT}tmm(wbxI?aqwI`EQC4jem?I9@i
zVsB=D1N|6EnNu@`NDyp>A{|W0yMEv<i_7zF1wL&Sq(Z8<gSfSmT{AV8<UDw-robz6
zA4h<bSvHYL7cG>Wh>YefA!_C5KO)<D%_}zwcPDeh|F4PPXUg^>lgKxy((r*DZWXrt
zro1e!oNPE%M#AOfgX`0^T5ZgUZ>*vgX#+x+NP0oScVCOnJQIpH!^9r$oY$n&0ca*g
zYP8>D07S|E=gBAh2}j555*h85Hy%jK;biVGw{O>VN!^dV9&M>lz<{R!k8Y`RCn@d8
zsok5H^O%_!G4FFu43u@vA?~~L>`M$REtxx!c;wu(61P{w9J1V;+}NFqGrOBdXiw!Z
zl&ss+-;v|rIoHj{@O1ECVlwdb_npznCeu1`CK2t!wSb!nMI-%(G?G?Kq{;6dJR(o2
z;@{ZQlV_3+9)^v+M{~HvDM9Pr;5*HUnUefGhVu^4*X6;+72xY6NFL48NH*a2TTa&7
z3_=b{dO$+f-PX3a7UH$G0cBBwMCT`ZoHK~Ydnh+1lLbH4<QPBw3)PK!xWC=j1Wa%k
zo{56Flej_$uo3x-MtKUIFRu5rTBMh{eMORTV*<5TAN5KC11Zp9zpav+Y=Je3Wun~O
zyHmHN?Vo|b0E;hCE^OHJ1=F!449*B$2~kgR?mu29dEAn490PmhV1aK=PuG_q(9-*u
zR5bKJ1-}TXJnrnC&oulTZ(!bUx<0!)i2$ttiuz{`cTY2OYu393RD0m(MqIu~Ya|)D
zOYD+UAI|B01NI4;a=skZN`P7Q^=>Is%VWH#ZN4I-nBxo}9sr-xsvucmyT}txgP@*a
zYrc(X260*Pe_XqR9fE_&evHr8mRDT(NPMBU9#e_~D-Rb;OPli0BD^-z5HWtw2PWjL
zPay*QXM>A)HlM$gfJ`Kv&}Hc#e$W+q;-I<wB4_`HR4DNy*^sj|W@InVHZoX?4du6Q
zXZBi=`WuqAR;Yh`Fv}|cONY{14}aw&ltR#lFAGY(%lHT_N%qC2fkl%RB2#!DGWMp!
z?c_gJ;x^<^w-VouI4QIw(OF!ERDu3K<U&}(5lSOScUe|+<P;vEzAFQ(;^r}jOy#Hg
z84N6=!RCz|z5L@a{$-MF<GEC0Llx8D8ubFo&{_A*Z&fUwJleZBlTjOcR$N9`n^v*5
z`C}Bjiyxc_;S8Nz6Q?8-PD20j(j!a}?+=M7hI?@T$23@+43AP5{l{1iBh>8L84LRf
zU;#p0yc+&KJ6zma8HGk#LL0qv8GO()7pcAPpA^cU0`e#VS4UCIdgz%kO?=yv2jKOn
zNrYXU>F^-Q<9D*ZYCIdP;9*q4qHERCaPkporY7w^m|VRrHQsPDVFk|lino16mgX0u
z!C698E;9awNid3Fs;in&mu%KQDRIj$KmFJ=eO67QV2bjq*ceN#C-K|8lp<W4zKjA5
zbrwzkAh;DPQ@)*OSBN;|F~aQ1bL5I4S^gp149=X!C_41b<QVcj-~%wfbQZ-0(3iNJ
zy7dxa@~_)NRi2>Jk*dx(VfJ`e9G#1MC~2&{Ee`oMzf!5zX^2{WgI;aSdBkqG<Z~9A
z6hB(38g^~Z$v7E?jFKqn`)h1t<FUp%rISf=1WWXn6HbLNu)JJk?kU2&@kQ2o|H{_e
zT%ntTQ2h*kBO1$#6Cuf%CtY4$2D3mtMFzJxhE7K_Xgox&NHBLuZPW>>q}ZBZ$}2_x
zId>|?GMk6AP&Qc6@oT}yKcFtGz+D~++2JRQppGUrH0J6r>~f{#r#tRjcoIA)l$F}7
z<cuF@gBj;f7b6rO+PY*JF_;yC{OXqR4wAx!r9(5M%R>nHs2<Ds1{U{rBn}j6j5x)M
zzS{S0C)29HF7SHRA>v*n{<U`}n-G4gQ)xD~oIP(*Szx=Y>Zg@<OC#>#6OElRi<8NU
zQrBhyq}dyFW;p1Lxp@UPAY5`jNe3(LZKv#p#}UKWMr){Gud38lsxg5av8KG)y{l#V
zgG8NMEv^<3B82j)rthHDbBsj@w92J%0^E%8yC7zS_9?+M`5E+rHPSeCy7(ug#^$ru
yWR)!(T<z*&rcW#bXxnc|;HVY0n`4V$Z*IYX|C~@m7#J8R^o!Y!4vYZ`%>M$J4*F97

literal 0
HcmV?d00001

diff --git a/bootstrap/helm/cluster-api-provider-aws/deps.yaml b/bootstrap/helm/cluster-api-provider-aws/deps.yaml
new file mode 100644
index 000000000..b7d40bccd
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-aws/deps.yaml
@@ -0,0 +1,7 @@
+apiVersion: plural.sh/v1alpha1
+kind: Dependencies
+metadata:
+  application: true
+  description: installs the cluster api provider aws
+spec:
+  dependencies: []
diff --git a/bootstrap/helm/cluster-api-provider-aws/templates/_helpers.tpl b/bootstrap/helm/cluster-api-provider-aws/templates/_helpers.tpl
new file mode 100644
index 000000000..d75b43dd8
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-aws/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster-api-provider-aws-plural.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cluster-api-provider-aws-plural.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster-api-provider-aws-plural.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster-api-provider-aws-plural.labels" -}}
+helm.sh/chart: {{ include "cluster-api-provider-aws-plural.chart" . }}
+{{ include "cluster-api-provider-aws-plural.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster-api-provider-aws-plural.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster-api-provider-aws-plural.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cluster-api-provider-aws-plural.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cluster-api-provider-aws-plural.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-provider-aws/templates/job.yaml b/bootstrap/helm/cluster-api-provider-aws/templates/job.yaml
new file mode 100644
index 000000000..879c41d1d
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-aws/templates/job.yaml
@@ -0,0 +1,64 @@
+{{- if .Values.job.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider
+  labels:
+    {{- include "cluster-api-provider-aws-plural.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.job.annotations | nindent 4 }}
+spec:
+  template:
+    spec:
+      containers:
+      - name: wait-for-provider
+        image: {{ .Values.job.image.repository }}:{{ .Values.job.image.tag }}
+        imagePullPolicy: {{ .Values.job.image.pullPolicy }}
+        command: ["kubectl"]
+        args: ["wait", "--for=condition=Available", "--timeout=600s", "deployment/{{ include "cluster-api-provider-aws.fullname" (index .Subcharts "cluster-api-provider-aws") }}-controller-manager", "-n", "{{ .Release.namespace }}"]
+      restartPolicy: Never
+      serviceAccountName: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider
+  backoffLimit: 4
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider
+  labels:
+    {{- include "cluster-api-provider-aws-plural.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.job.annotations | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["get", "list", "watch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider
+  labels:
+    {{- include "cluster-api-provider-aws-plural.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.job.annotations | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider
+  namespace: {{ .Release.namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider
+  labels:
+    {{- include "cluster-api-provider-aws-plural.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.job.annotations | nindent 4 }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-provider-aws/values.yaml b/bootstrap/helm/cluster-api-provider-aws/values.yaml
new file mode 100644
index 000000000..276dba016
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-aws/values.yaml
@@ -0,0 +1,30 @@
+cluster-api-provider-aws:
+  controllerManager:
+    manager:
+      image:
+        repository: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller
+        tag: v2.2.1
+  configVariables:
+    awsControllerIamRole: ''
+    capaEksAddRoles: true
+    capaEksIam: true
+    exprimental:
+      externalResourceGc: true
+      machinePool: true
+  managerBootstrapCredentials:
+    AWS_ACCESS_KEY_ID: ""
+    AWS_SECRET_ACCESS_KEY: ""
+    AWS_REGION: ""
+    AWS_SESSION_TOKEN: ""
+  bootstrapMode: false
+
+job:
+  enabled: true
+  annotations:
+    helm.sh/hook: post-install,post-upgrade
+    helm.sh/hook-weight: "-5"
+    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+  image:
+    repository: bitnami/kubectl
+    tag: 1.25.8
+    pullPolicy: IfNotPresent
diff --git a/bootstrap/helm/cluster-api-provider-aws/values.yaml.tpl b/bootstrap/helm/cluster-api-provider-aws/values.yaml.tpl
new file mode 100644
index 000000000..469243283
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-aws/values.yaml.tpl
@@ -0,0 +1,3 @@
+cluster-api-provider-aws:
+  configVariables:
+    awsControllerIamRole: "arn:aws:iam::{{ .Project }}:role/{{ .Cluster }}-capa-controller"
diff --git a/bootstrap/helm/cluster-api-provider-docker/charts/cluster-api-provider-docker-0.1.0.tgz b/bootstrap/helm/cluster-api-provider-docker/charts/cluster-api-provider-docker-0.1.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..142f0bd6764a400d20774df481b9624ba7443944
GIT binary patch
literal 9396
zcmZXaWl$Z;(ynoLcXzko?hxGFA-D#DyE_DTcPGI$xCEErzHk=4@bzWyI=Alm?wy)?
zs;8@a=GV-;Ro&!q2sjY`3@{@Ev$?zmho!tSuab|zCkt*J4lB)1b_SXPysA1nyvn+c
z_U6u3K3eK7BJ$RbP7oIX4jvo)ZM*))??`oiE&`_s3{#EM+FP5(?fKa^Ua4MdR|Q?m
zTg$L1$>E%cO^|Adg8A>4?blR;Q4ET0Z}P$DF-rSxu78IKKgvNo^6(4C$a~tnKqAJu
z98ZsgqpM(;5)5+Ia8Re_+Q!C)kf^X07<hT94c^%xCj(o1dwcV2?gWXX%|?yM4egl@
zY;Q$g>Tt19yiRTBkJYGLW#eS+7h)V_rDA3QL1sC4L1<w^yG8hvWL$Yj4;L_R&?ATl
zwAR6h*1NBc@dOf3H)J7*L?L*gXE8FdvJe$^@lp&z7r!sf{02GxoQv@C_Vq2afsZ+6
zF#3g{^_sy^ukb(L!7sKuKyVZTB`vn_J0cg#80UT|83d(LDYpzHxX37e;HtsD>hv(D
zf~R6}1VPDcS{)tYp3|CNLV7@t7mgxi4+Z<Hgq@>9L>hwZ0YNh;d4SQPg^ng1X$1BO
z!T)6wnj+E?XG1KtgbtzwIvUYJmtmR!FHTbt=7r(j5JDsJm|s>CCn4C3P$S6=s&ahA
zjG>$ac@mGB164oxbQjRrGYgw%!F4ILVMcMh!#9+>0;S>+nDs3nW#k4n!L5TJ<Zc3<
ziH%@CI=X-?X)!*6sI+C6fAE)z%IcGdlyH!=ZFqxPyre|7&v3Funm<frZ?cT98$l>k
zwm!hjs5qH&ZF#o;(b+xGzlPpZ7CTyDCOa%ElH<y47{D)0Z!XVGm4jc#qh}q!)4sEI
zx>a%$zmUtkRd~Tru9W2iS|+D<_4ZCKO;t|mP*YW2><gFKGa$!+yShUTB6IBhaT64h
z$`c87Gw8yNQyG0DUPep;%lrf$yg5e#?~tQ`dfz}4M~jt%?Y-^fn(|Z>Hu6pm;`C?j
zskfoq?P0TpeubhB65(`N6ithg+#!zr&@VE`StC#|2I)@}Lg;}D77=yNLnNG$)G!}u
z!ja*-PvY;x6WYAlyGdr1{m@FL(bBhHR3-dt__2eZ5x%n|;_re`M!iGTX(E(9Wfp-{
z%U*RJB1j}=;=(wQ%ttYIc_b1EYB@Ou84~$}QS3$&s3;gPxTgo>ZY0f*FNV_V;wEse
zaU$5mwx3}*aHz*oiGEj)By`jjm_s_dk%VzV5oWr&L*QP+t^Z7B-AKnwq!$RhoFW;k
zm|OrEuTTJd#K50_f4Q%CrNZX`WX<QpWD+@b)kn16yDIN$M8;$V=La3U2OS8d_uUt5
zDKtEPiNVOn%@CTX`sD7p%tV|z|8t463!qq=F~X%=d2C?<<~1OB(p13YkTyFG0tV;r
zc&+T%^C&QIMuC0R&UuM02xGqo&%)W$QD2{8575N7R&5MJqZ+jHZbqvEr>{e#eBear
zI}4b126<4CniVD^J563rHKo3b4FU;qt3n%m*$txOUk)O!#x;sl(uwAstOpV>O!9sD
zF<Dr<JVz>QI3(^+IQO7ZG18BZoewIuG(>FUS&)kGWNB-E^Ba6SYY=`lC)8!pMg9?v
z%rv$frxMNB;d1S+4;~%~A1b_%7Xpl_RHE4npIjXW@jbIk+9}~{Ol=GkHA#L5i3$qV
zOa_fbnSg_m_t(K@Ik$uUf4T>0h(cQZfBPX~afCu8y7x9R-?=^_JiT?A5<ro_Zd9ck
z%<~DJjeYz!#SLpFO@yGshU+xbXW)vgQ<yh^CrEg;L;3qej7s1TpFp|gkrM?$g(`$c
zLqxeZo{Bm*XC3+dv{~h-k2?$fz*pM0&d)YB(&_C+J^Z2P!NXXWsJH?<(Upm2ReKtE
z0coi$LY3F+k>N4~d(jr|z+zzx#lYcS_r)SRH#<gZZ_+?BXK8ftOt9H6XWjH+38Klt
zs3res@f3QzV&?FrXeS9XEv#zhGdmUy0h&)xyuwnH`tUZx>wLUB=gaxFDM&G$9)XEQ
z>8Sb!5MYkzuUWyldPu;JH$1>e7CKvKnx9dh=+vu)l7@%fLc#TozE<GR2>O@)0Dd3v
z<Jtb<z0(ICg!TOgap}ak55f;g?-;tHO29KLPOG|#)Y&wE5oLZs0vOaYS{x`W*1eO$
zMY0Sh__}xh+Me0}eh^iAerBe<qG8gMn!RSszHtW<3j{sh4sD#b>-OjOz22O?Tpqc6
z5$h2X0MGF!;!RxIey%IJ;#e2moOz$7L)F?U;-LC_f#n={a9oi->X;_2Ny}i;9Sp8S
zmF6ceIYvFCF^=)$6H~g!xhWU=sntzDTC7iIk!CD5L20IpxlRuWCN*5#%-O*Yu>d1^
z!$5E^2LgWn()6H@OFR<Mf;UWqD!YNuR;{N&p@N4C${<2x0{xo(JgjnrSkYIFMx#GH
z`9pvxzpIzq*w0qIADKQn8EAZ!ZW%=&4FN`0SE@o=FHQ`FnjYpOSW<@NNTpXwi_ld(
zMNv;O#pw_6{fL9PYIL3`#{n*`rZ3c}F81$d-)3sNR)^OtmNRGC5;!w$G4H`{-==g(
z_>7Z*ymo?pkW~(?Th>=}%KQvnc+s?34D&ZYl*kh(PNh<291W}+OoDY*8ryh1%J24v
zr4uj_7BHf7wXTsRENnUeI96FC!T?!It=4dPSKy|yLe5zy%;~@%aTO!hitexn>;%1|
zYY#izs4CzOAT;A8L+bf5zc?|X4&rrldT-={I#?IoaVuHIAscf20bCmP{yr4@5!3{F
znL7ugt1|(blVvuEMt<DPeL^?8SErx??}yBXxqA%SjlwFk{dV(=q{}kH-PhzJORI{3
zw}xe^sxk0<AgKDiHET^SIB;mnfb)*=NUzZc+pX<ThBY>LJR63Jihni#^PGsZjE+x6
z`li|~@<1LsZ6oQ}Z_t&1gf~|}5_7ep*8j}RQd9otyg$OhS2%Rpfe-uoZ&|BCMmjF>
zFeH=qXJfrtI(1z{8Wxz9%X))F;(x!`H%*T(4@<6RzxIPMF)J0jU2(jgjAcs*5(ZB1
ze-j^5jF;j}D*1ks`c*|j+?}3?yY+MK!1-N#ULGUj(OJzs20*Ztvvor9?XLK4v0)-@
zo~0g3adAaMoTwzNqXMN=*lTDo%+~@X3<*=VUSqc0>OSCoOKAFmXMx|6qrus~cQ{L_
zm7ryEiVQ-yjFBjW#8BfdPpB0bhER^8P_<P>-kV2jalD5@+i4e75uIn02mb1+?TaGL
zIOkT$gB{%Iu607kbgllOUx3cv$&Wt34wEO~YCLPTC==`6&Mt+RUy5J`#V}z^Aw9V{
z>Ng#hFPUP&Bco(CY@Fly$6W!$plq%?v%rwG9#%qco*YdTMt}+h2v+D2pvqaE97~1}
z%&7YWp{p2q96W1_Cl|>^J5HI8^(MDXyqf3^lXge}K?lVNWm#X{uW>aG!v-PMVw#Lu
z36JfHu&o(MbGeYB(f4G_k!4|?l$T7WAlsy8>xPlUEkQ^wZJW3cIkqTjwTFUSW*bNW
zYJ$qBx}%maadFSLZx0tH^&f^EvO4QglimrnR(MJkEwZcmqE4YHn)=k?@8_9c8$z^4
z)GniKQlwvk@Ey^jt3r51i#=MJaYWiSsKp{6_{#wda)DeLqy)5U4Vp6Umt@&gJZM*y
z0Y)V?f2Pj4wiK4;iB~M2tvREg16}E#3XD#-nq7G76zqT|<qRzILE-#1sU{I=?k8nN
zA`HxT2^;7*$KZ%1>Fpeu>XqtX&-J-s{kPkfnhr>b5PbyPz7l^Z`#n!p@ly#2r==sc
zsS>4j)LG^^rrNwczm^!UKUl6pL&cH%hx;V9%O)$_R2rl?88Wkw6?Mq+_-RKJ6LjBT
z<XS51Cg#fGHsw+!&oJzioA#Q+D;~WOZzj1y_-6<fWG5oEL)FX5z7UxHXs|{U3Gxuq
zwlWoKy9l96u?~hviKK!!h8p0nXx~h6#ub~D4=2D+{Wg2TDo>%WWe9CM0*f(eNxi%~
zhCHAt4}n5>)MNK)Jq8zof#+5Ku}`RFQ(Ip#_ETNK;ei92m^p%i79B-MwIEF#QnHpb
zo7sq5^6sh9rM-A|d6Uh)BQ1%s5unwv;<G+_baETy1Yve*e@~V@*h+7}t*)YGfQ)_8
zaSYCvkIkMlj<cLIw5(X=oFx;xEphVu7sJt3f>Gq5P3j3$Egpr~Ul2yexBAU+?gorV
zoblzGge63%a%mSx$rK7rR+Kik7o#xZMgAsjV$y&t^^#wd0|I+cgD2_K7<j~#J2D0@
z2mA__F{4@|VQxMjM0Tf&;wf&lq}8ldWL>#GTd1j#oWH2WKq7DX1oG>B)oTCt?c>MA
zk~W8z=(mUX&F`6sxIukUrMfOpk;W$FzM7oy)YAl-T;CA|CMne^^QVeaV3E`60KcA#
zp0gBVGobO@J?-o~iq%vI>{TitH^NOvlj9uV5Ou|k4$6q5yx}_`py<bu2yC#ZfQqSU
zI8x;+B?=N)R5V)C7|1^=EPwn}ZSCA;?WKZ3`w^RpGL3sEsnw|pw18s4<)e%~%KMC}
zUTN{s`jfhWNg*vcd|3^|`Cf)Tl1K(^6bC|~R2Je`%;aCLrjLIn+YDx+VBD@YS?os6
z5VNciX(n@vJF4waIAWGa`MJ_B2==p}`75$B&XMzof1I5v=9|SsC~7p@e(7SJ<A(9k
zb~1wMu`2HJZMXq2cTC|H3lu5Jo>t+nMq(czqAjN?oD30`8?ly`5&B?F%HWUSG-HW$
z9Ih}xVJLBrQ(z*<7<4z74cYR48$yut7;e)0`fDP++7TW1XZQRV&nP7xMLgxP`{=Vu
z|I!n(UAPHkgHOOHEp{b~m_+(;_;(l?0wf%EBcIRaTU@LxTwASz^peF?bo${FJSMhj
z$Jcf=z2KWO1B+;CMwT(;-Z&nIz&k#IJ6tY#;&mdGFl+h6&0i+WO+5FLMB)wlktUF^
zGtAf2>Plvo9a<48hrRO4C$PHijCu{|8R4qX_n35c@uA6d(7GWR8m`IhXldzkxg2TH
zB?#HbovsEita$?zqkIT?)0By{y56v(+2iaq;=H4w5^b(%f-;mZGXpengUE>(YR<#r
z>{5_$LDe#t{G-if(2UGQ$*BtQQX@8QROz_#!;u6g4WtS(@?nclijUn51h&p7+;I3N
zVYftSt3_S2Ey`i;_jxqPUt(|ajq(WV5#o&5CiEOcas;-hWYSWB)A3%vFz{o81c@c>
zsN5Tn=)I{n%6WcUFj^nLWh`>R;u^L}{_0Qj6c0zhRUDfmQrAZJQ>UxW6esL9U!ve<
zk@Ml+IX_R-sa5?MWq|80jBlh?LA7wPY!Bhh+h9z?d)&|$vBB<SZ0#Uc?v|0f8Ko(D
zTSh@@Z7{)6Ti??wYf#<o1@VMmDIK)|<3m#9ME!aIMOR&2o6k<KId%L{RzAG7__=-3
z+~b6lcia5nKajaWBL+6zoJH#L71Vd_k@6aP{ei&HBnW`Fl$XrqwmaSL@u)F)EEeaW
zdqFH9LJh(9GUetJKq1H-Juk3iYWrxBAO7+3#?RgkL6WV>*WU&~kYmA?#r3sZpXB@i
zy&^u)=mayJ1#di`+Af*;2I)ec6W*;^Q)M*dlbz#Ns+!`4y&vaw4SP#erfQaqrVt1)
zc>q0j<x;M&=a20VSKz~S6?zi2x2w0mtIPMBKnWoJec+(|zlKpFHV}V$9`GKz&929|
z&3=OWAgI$@^09>D3B-RBd=IS^34FQQp6!P7>^~8*>Sve@>!g)63-t<O^?{mtUwIl@
zyj3xfE9;eN&n9=5;wuA@`+|%AgYD%Ygqg2>cq5sK=;-Jq-PPaNeDllgw0mZ5{XOx<
zF~+?sqCY!(oGTA)cb??OITiUHm;4R+f3ff3$+n_O4h*}0=~+E4EEfd^B%i-h0MGPU
z3VsOT#U1Fz^)bAt9VRWUQ7S)b<ld^kpPs1f9-I34n&BLEvK&dhMx=fm&nD$#gB+NM
z4};p0gpNa;XTd!|{=#*E;M41;f#aaS<lB?yLJz7tpP~RV+d}x4PC!T>?}lElX)5~q
zirp-7J~vG7{qN^u8P3f!;rWfvDQY<n+{)=@$8)qgjHbkef`d__&vTXZ_%BwV+Z;-@
zHho=Fz2}XX^AH<aX-!W@$Z#mAP&KR2q6^U0)LvRFkD2I4m*~DAlkQMJrEQC|S;)-1
zb;7QwUYb5=EqJA>byR=T;Xa#{v@WFR6Hz_plHZiQI-G|-L=LMHud8teOc`z?G4$f3
z+K)f9y2Ncx`m;8#G6Y>tr)>gV1buum6>Ovm<ie0)-h_ubP)p@;Aw6#HN#+dfv(BA^
z{;Vudj>H@2(T0{1>(GZp_)c*l?rmQ!W%8kpi7KztpiUf5#~;_B&oX8o-Js7`at;++
zoa*QB9@r|kw)ERB0`nL)R1ADOUvWDx>8CaeXl;>K7kK%ey$uuEm;Z(1j?Q8{$VQ_-
zm5J0UML&7VxPWg*P-HE{i;w4R$v-C{eMJjW2oV9d!f2ql0}hgK;-L#+vnaxxLIZW_
zhS;DYlI<?|7aWQQO<6;@C=o9+L&DEFnhhqesbn*P-&?yw7HbXVhtAsBJKV!~im2Z&
zW4&EQ3bkDOkvNrY!|9n$46!Bit&`xwZt+K`iEbrEG0#=GNs2>SNq#dU3EIOXW`a_5
z?t52OQ9=C@$n|2`X6iq6WP&T#C(@LQg>SS(&f(smL+~fZD%=`H4Z#Z%97e$~v92~I
z>J=8wgo>8LDHmrpUFb*DTV|d-I>06lW+rdwW<Cr)728+1{f9=@%;Vkqv29;}^6{k+
z!z5xl(6V0AyQjU2$m7ZZ?)Sf7pYh%FN8OL>dumd7>ldgM9DCnbAOi>S2=fcp4TH%q
zF3|(tz*1>rao|~6a&i#x;3HrY>=E}G)Y#tWYmxxs17-|AZzMEkc3|xk9&R-xo|}?V
z2Q@YKf34*Ct|Mnxpf)%*>?c+WY853Et6l3hzPzjO)$Kpa(x9BJ<Z;sQP~7!D*3!-k
zw^p&CWE2=+a1%_!;SM8-$D|6jh8bW?%gLvU7&h<m)cRx?ElHclNcvU#v8Kev8BROt
znmi*J`Q4~?mp46iL7djXijcC+UFb)GBEt&<fxjv@l}`D(ui?^Hqos%uY?@nAHR6h<
zFbty3?;SdAR0ltQY$r8uE~ya?vlnG851eGAe-5$1#!?v9iZW9<V3BYqKrL+19E76z
z?k0bSlULU4NUGn*%BbU9YovyJ&tX60lp0D+t_#b;+KiC)POLV4F<4&d8aFbnhY)AS
za%x}xK4=jjrKglvdofb>BI%P!Q4;;#7;;W-I%48^gp0~G^tLsD^5};|yt>YrgrcpD
zKHfyuC_fA*9bcoph?1?d&0(DM%KUMG2}AxKQ^p-e*2$2L&*oJuf27$xbWAsGx?rJg
ztwsp{cb^hfg&wNr<w!fRj4#s)guZg-Wlu9T#zA{4o)>nEQUTT*!!HRftk_?P*_EOd
ztvXZI%y5Bxs+h6j8BoP&^EXff0wXDhRt#Bi>m2@{moO^HXD&I?s{Cna7hL{CeHM_7
za*X*+u;@GSyr%edEw&TE0I)xq5*uTvURe*#{v%k32n8+-JWf3R0)B20lIu6Lkn@ZE
zrh3r<kU%Sqrkv4D-HNIIqFz}XoVSR<d^YJ<!+;>L=HwfH0)Pv)@Mi3p@cgCHAnem|
z>5e=pOPKw2(Rpn;7Q4?$-nEf&X*&~M3-zwf8O)Ia*;wXUgp+iKEKbNz|JYb>MZw*~
z)7QPTX<;}cwcg<qJS%l}mwdK=m;54JCW>DD?{Z}lnvTGeT2@8*$Cx7bQunCr15AWY
z(Uh_p2Up6+WZk)JQk`{pm(+|j@&Yn3w3TNHmGM4Nk?<C<$+O%2vCm4=&qN`rM`}b!
z>;GbNpOk64`2V2xc<(>U&!cx}xInd=|BdSYd$jb%v0@9DQas(5zO?(hhR*ZbxIU7*
zIIgvvb9Rllt@odYl8hk3(wo56V5jLtL0p7h+Rbg|v7T0ksBNraws{y%Y02TB4>9%+
z7uPU_d%*8RyPmt-RdGpusE*AWrr>%2(#-5xQ56nEM4J&2pyZ{4*&b&i9n>vUX7icN
z`0R!)pT0KI*XnpZ0N`e{5eL{Z-F`pXGBu5Ub@;;k(I_j|o$*R6eAyY-YeowBRLS)*
zrRXkA;9;L*>-!zympQ-G9;!I`vhjxKl!fJXw;<saD%ki@q@0sx5d%Js#!DD<^yxlO
z0GL^e1I)Y&?1UTk>CXdA{R{1>%;QYIBk!Zw<1ge5Mp0X9QOv;RJ2Ihv(2YCbmt;&z
zzipXW`rGfKXRJZv1+_Bi+eJWcVlN=P#<PDLKiA}8A`|ttzanka;V9T?7VPWKLDJU%
z2nrApzJ4|(FA?_r&{a?tg|C~1Jogv~J<frC3|-LcHB5!q>2sNdt<4HHxdQk%Rg>*A
z9)+j3o?!(S0|1R&uX<?YQ#Xee0*7QK+yzp+r)O?!!=BdsNE!5&<_dyht<wX7u<jKb
zkU`dZG|X2hNp+6qsTanf>S4;+UUh&NM0|~-^sh`2tqAe>IckOy{Vwh1W55DHp(NXL
zSDgZHQfjhB{>wu7OO3gxE<I6^r~4)E>q=2N(J(r0M++8+8A{JSSj+?i*|xNiC{L9-
z3-;?9jAms~#ySZQ?+;X0pp30{@MrjrzCRS1GxA2b7aCIgHjwN^2f6?Q)aIge`mkk4
zj-M04vlIkPu?Js0ELjHk7ic>&5pZa6>PaJ75{>RT(B1^4>udM(pSELm;<bUpAQk_A
z@YXmQ12)@!-qdN5MB|@zLZbb&MPioPNJ%hrdvyVu{*_fqs$1Ghf@6asYG`0Lvg(W*
z!Yf5qP_CLy7qXqKyBo?0Rc+IS#Dz~dy=hs;`fl9BSn$;GlB5nYp7m%~ANr6tqv*3?
zd}DocxLAklk3i&ZV;>_=WtB|1aokg=oeEJyv<FD9w3FF<xX+G5xI;}&^K1O4zqTc*
zoklO<2F~d&_dnm%Uo-dT<PVd=99AII!0`h)6DK3;6A%E(SDm!Gp9D_(W=EqjY4(1u
z$V@5MN;eUH@CyH~kJtr96X1HM-vmSs@H86f5u^=4gdmi28q;VzGEuRf<;|RhXGI?j
z(e7GM&HccO_=fK0Reb~1NURTE$8Mf};$c^_W}K$hAY2<A?X6xEZ#ALEWcj^kM@O3U
zqA{eZGI!guJ`D}+&M!k?F<>ABo&OpVUUYW=p5!SQn%s348qI$|qW520jq$HvA{CwA
zRxJPDNCsST*P>W-{wh3j*CxVs|9`TpaQ;m?8-XXu+W$A1`TBot*B2Qa#_BI;@jf2f
zqe+gnD+T5Mw+x4<7bEu9%=o<&1@n{)@gG0LH6^4d&A@-V{)YZ_nmWi2Xuc)~Cy`vI
zK#RKXs*8SZ8@1}2%L;8gjq86v|LBr`XhsuV85|RQ(t{^I-xX^<oZ6a#+X-q(5(<K@
zd4E-fj~d#OIC@o$l8b752NjZ)2)}>|-Kp+&f^Ywwz70FUEu1W8@2NoXHNnfB&`H8j
zlNSI`BF3Vl@?N=0IJHuW!&+3eux4V+`lVx<9zWCWuS{*uZqr}o4^QL_O|aCnn?khK
zgph=Ulo<Dq`xEVfOWjY0nw4a_YP<3KkEa&zullAh9mNm(87!K3xt2U(9!mOTKFc--
zrcUNS3yXl^IK!=9c{*^`D}d|dknEyd^+4-j8z-zJ;xa@XzvKePCc2Z000U~<R^FX%
zc<0conQCXqJW{i_k}&>NN!v`b86rtO^b;7;PSO*Ak>RDuInJ(r?(QAxEsQb04*l6l
z=$dw7%~1nW?L?X?Wl5gPaDA22>52%?e|>@Oci7eG!x^thud##doELoeE1R0+2)gRd
zm)2p(NgF-Cy^Z1C^efaJUpiN3oo@c2#H$yKi5Tb~vp4YS;VxtU!K1N|PwV!j)37IS
z+q1y5CD0^hVIvT!<dX5yP+sasr`Of8eWQ-w&-L2n4c*$@n{A~tU8q!qmT{KxE4JBO
zm;8bY@owU?<DY6%qlz<~%QDrcGzVH)?vPRYL@-t~=vHw9s0IXZsRK*H70ga@w2G72
z@Hje)hw}26=-Hob#jDc1G*Hr<aJ#MLIpP6V?`wa>?ibr)wj)L78^6dul3Syhm$7NE
zv0~M^(38R`a|o(h+fd2~o*5!UD9*Qj^zQHfpXBXAJa)c5rLI5m%Tl~D?*OA3xJHP0
z?C95P%Scu_A|1t4o~@k>i(z;dOM-c>)Z-;@{!8+X=D!jPdP<XZPAQW!ef0=ip4aOg
z`c+qTeYAGlSAm=`*g~AJJ^qIa(Z%XsR<_ccx|ENLSL;?*w%wcBa@8j=Ms^gCJMeMU
z$j(~6@xDVK@oZ$Lk(DY+Jk+$fY^uEu1YcbONy&Atz+@z7p!fHkD26Lo)1NgQ*xc17
z%=4vQQ=rt*sy$g?WG0=16|J934`uhv<!bkils3^;)oNzW-VWh!4UZHxw-Jrh2vKnl
zX_(b-Xk&nEJjAn0sT%i-&Z_!vRZ_51q$(+M!2915q8$-bd7YLMh3oG1ffdiM2qW^p
z7JwjLy>lQ(isYnMroSVc4-&Jg<<}Uxvnn2k)zI1k5fS!Jd)t>tZrJu-e!`1%tO|*~
zP0UV}f{0R#A&p`z>_5TD&`lfX-n!4tJ{jyF-L8Bv-N>(;<33jA8Sv2F{Q2awnE(6B
zc;Vj?!HO`pQrqb(F0}iZZ{(Pm9HrFqUC@M^aVGqk4*}CwE|Jl@dFxxo$DjS(E8RkS
zbT}WtGU}*Feo_fktO*x9v8UY>rWcU}qcoMA$~u~V7$P0VXwaXC+8(DNBh<;)(E64v
zRjeS|7yDuJFG!obWQBrg8#nE2S1Y<?d13q8o(P~G?~kr9zp`!Z2v^PnZFp0i%!k7u
zwAIWH-AS-tV^U(xEqL#|I1@}>qIC;S=j-?lqo)9q#r=#Vw3au>e!#36QhzS0rL=~{
za$3>GhH>9-hQ)r4kRlIOk7+Xe6s_5NQn#o!G8_2->;Q8Yi*kOi>_pbi5y1}ci>0so
z1BUl&tbGKR9`s7}|2-lN%U>1|a7!<xS?A8itKbDhWzEuxuVka$ERA1Pbjv-2+OlDq
z!z%0&n&R|W;YH|Xc<4!@J1)%yHW$FOrk=Vp>$9y+xZ1TC);!3(BW<)5F~IGN{cy2a
zVYizTfuO?}Bb37D8Qrsh`G9lVgcjUg6!m-ci#+C#P0S-MMx3_5O!GZY{<cC8zNAg6
zt8iXX(Fsz$wYeI}esgeo-dLP!r(bpXO)h4Vw<gAf*hhRpMIv`{X;m^DcpZXus8AIX
zo(B={M^pZ$F^Dgv;mox{WGC{tb~Ls1neREN)ce;>T2WP!z$}L0XH=tdFe!=lT|YSr
z2(9N0gfWs1uEEk`yUnlt)GxNzAgcmm5nFr3a?fM_G=t!Odt;|ue*VF3wdDr_qk&A(
znO}o~fZntJbWr3!f*CCU-!(ud4_hT4R-hnhZ?cp1e)gD8dUOSF{$y98f8@`~IdO5@
z7vs72;^{E3skt2R9E7n~&Rw0KuZ)kLiP(3v<N2)Q*KTAf!tJ#FR$sp!6wd``I|N!c
zYa`u|sCqPuj$-4m{rZDk2-57j0Sm;t{b+`D)qb1(m=BBqlLMch3Zod$H^70DcIMr9
z1KK>tPQkNV!InBt#r44%O$;}Y;;M4r_+Z&eD;uYYPEKnjO&?UXx3B}W1wWupYWEgR
zx7Xh&%5&dLwUt)6A?xG8)f+*Hi9PSf5{iaKv+onPxGz3P<{~SyW$b!Fqd3sDgAzsV
zZ?(xpx$?HJ;u|U3tVs%rjM)B5ujDPWw8^zhyQ;)AT3?%in=8&6;6aoT!~(3zt5JX5
z%fDqh#kZa7r-#0N@GHd;u`6VRczhKPzHhT98QlY}p;84!#2#uM71@2?d?%}ShW+|J
zH_n(D(PA^61xI!t6v~L&u7JkE_dAl*DiA7#ZO!+b9(lr?-6US)4X{69Fu8n>+Rlvp
zCwU4Plwl@LZC9^{jr1avhd#*4zbyigV)-T^2;AGq6?!O3{X}mj93Nq*OZ|_7j)KYH
zKVr{$D6xs796b{n9D|(uy)Mv!xsQFQqt_K6Ckm|RTrT0ufLE~JPH-W`5YNHx+XX8S
yma&wHRVtVo2EI$M6nqBjLAHQ^>YLQt(f70;$Ig1x5B;}639MC!*$Qz53GqJ&j97pG

literal 0
HcmV?d00001

diff --git a/bootstrap/helm/cluster-api-provider-docker/values.yaml b/bootstrap/helm/cluster-api-provider-docker/values.yaml
index 2d3096ef6..e4e5aa49f 100644
--- a/bootstrap/helm/cluster-api-provider-docker/values.yaml
+++ b/bootstrap/helm/cluster-api-provider-docker/values.yaml
@@ -2,7 +2,6 @@ cluster-api-provider-docker:
   configVariables:
     exprimental:
       machinePool: true
-
 job:
   enabled: true
   annotations:
diff --git a/bootstrap/helm/cluster-api-provider-gcp/.helmignore b/bootstrap/helm/cluster-api-provider-gcp/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/bootstrap/helm/cluster-api-provider-gcp/Chart.lock b/bootstrap/helm/cluster-api-provider-gcp/Chart.lock
new file mode 100644
index 000000000..015b1361e
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: cluster-api-provider-gcp
+  repository: https://pluralsh.github.io/capi-helm-charts
+  version: 0.1.4
+digest: sha256:4a5070742fa6e34bf27a5ea29d590a5c86cdac50f56522b1b79671181907da82
+generated: "2023-08-23T17:30:41.21781934+02:00"
diff --git a/bootstrap/helm/cluster-api-provider-gcp/Chart.yaml b/bootstrap/helm/cluster-api-provider-gcp/Chart.yaml
new file mode 100644
index 000000000..e4fdd3588
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+name: cluster-api-provider-gcp
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.10
+appVersion: v1.4.3
+dependencies:
+  - name: cluster-api-provider-gcp
+    version: 0.1.4
+    repository: https://pluralsh.github.io/capi-helm-charts
diff --git a/bootstrap/helm/cluster-api-provider-gcp/README.md b/bootstrap/helm/cluster-api-provider-gcp/README.md
new file mode 100644
index 000000000..b25d117f6
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/README.md
@@ -0,0 +1,3 @@
+# Cluster API Provider GCP
+
+A helm chart that deploys the Cluster API Provider for GCP
diff --git a/bootstrap/helm/cluster-api-provider-gcp/charts/cluster-api-provider-gcp-0.1.4.tgz b/bootstrap/helm/cluster-api-provider-gcp/charts/cluster-api-provider-gcp-0.1.4.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e095ebf06b68dded838ab84974b915e9d2a1ea97
GIT binary patch
literal 17559
zcmaI71yEc~*RG9AaCZU(XCSz{ySoH;cXxujySv-q65QP(KyY{0IeDJ<`_B1~)ZbNe
zRd?^+duDdkmUXXteT{;{1pB9fXu#+UC6yVCCFR&<J-OJ7SkxI!RM;%FRk+v{)YaML
zG;FL4?MysXmF)Q>O>Jz!&b!~72)O3IuYwrzAgb0dPIK903dtw<){j?HDAtM=S|;OJ
zbMJ;c`oC&IC*oouEP+WgZ`AlcVn~9il^boAXMIPK9c<PeWJ{1FXZD8=aik>Q5y_r6
z9A9ILf%`h$?{a1l+m4v(fd+EeZtniudRt*Zn_FA8pYGn~&2Ix1_E$p|_U7jP?x3)X
zxzESxyRWm4-8z>E%%n^p!?!J4HQ1*Z^6dGi5QOnWNSAJwUzXbM&Y0)W8^Ph>@e8W`
zts?jC=-(B~(;?;XBzny-`Z35NaLGM{kQFgRkoK7=VByLvWkss32y{16TY{D9IiBZ>
zpH)hSAN*tXqQha)z=+QLn|q(SIzHWhJU@WQX-vkFr?-sdZ^$Wk4FVLy7uE>aqsG`G
zP-Y*&NN;HlT!hdgj8lZnJ$=QHXE8^D5QS4Er+3q@TRHn!`qdb+$z}V6abS<{F2D+K
z6(nsy4b)C##k9XzN#BD)@XDM#2hpYYr9S9{Ib+wR(ig1plkm9ENMjqYB|9LwHNsVR
z3z$+=QAEqao0^|-ghgDQ4`W{3t*WBO*=_(_m~~te^N`J;_m|7qw~wzu4o@snwYDED
zrN?fXqix^h$r2?am)cqnZG>7NfF1q2-q&CI(5V%0Jj89(vWsOE$DVJ&9GQ!RZ%rK@
zn&7B6oN(wD)jyx=(@|712AgzqkLY8XIEkCmLnk0zxcQ8oCL>592#*h;Cp<J!nM)C9
zFZNFedrd|6^U$#q5YUqpneF%;AzV;lEm+|^i!-7y0At{Zyx)Sm2yn>vMb#ea{84Ie
zi4G)D&eG`_<!*B*!nMNp0(bJ#qNPZ=<n^S_+|C6+Ws1>_4NRyZ`U~-dp`;V&S~Eo@
zpK6-w_6`ID!34}1EN-p^XDV1F(J~^Hr0;uR7Z(?Yi$^SEBiBoqM3p_i?vHKf5FcE4
z(^tW}O%pCgjB7!ZFW<+=Vj9Se&i1kgX?DosPc~bEkY7MP-XJlp&nug&i%ZWJ5a!9<
zQB5zhJbwviM0_^JAIHJcYYq#~zCU$3t*yZ`d12IKDw(LwbAv2_v|WLrVs6<(=+Lj!
zj-^(}Th>6~10Q!e&N4J1e`*E=;pSch|M?*?_MCYI3*)vxSv~TI#XQL4OSEdGkUQ*B
zEyC|}_IR-;$%&FQ8I17;*9wJaq3_DTd>D$^kPuD`DEJnVSmdfOffDjqsQzq=3JEfD
zyhLZ(*|;Q%_`~OO;e(Pf#E9e&0qEcbnq6{AO<ep;dO2J@ydI?pI}5@hc%cl%4@@|b
zBRTsw6>Th9l`MJZ-Sw}|5Ltkj-lvQJ&HaaWea7@){nr_Xxshx@N8%sd1=%#<2f$ai
z$(g1sBD*jKL>dYbu~9vpk9j<5eHD<=J(jK07CDqHD#b2cy^flO?i}M@KpcwXs*RnZ
z==|Iu+?xGb|FRpO9|Q7+wDtL|>7URr6hvVLsarJB5pa2zJs2f8*=m6M_fjwyO=6rb
zBo;w-Df7Za6+iJX#z!W!V^QUrQ~;iGWS0sRm{9xD3WWQ8>Z<Ic-0KXJS14Knv1<}U
z2gZ~&Ot@ys;eo0x_zSNtwaDI@8&oxo_k~5+R6-xC7G&h|!pg)Mofc=y;;tf0UvT@i
zAyt&wFidKMI`MyNC4m9V5t`-0XgB8LHpyv<ZLU>R4kBbAC6L$5*eAadbkkbIvmJ?=
z@q*(|_b;m1&4Ic++(XF{6Umi3(PS`5ohTZU)h4yDCET90g3p^~)#?m!fiB-qYE3Ir
zjx6Ukf+Oc+KLwLM_!2{2&<Q(27*={6S>F!Q3N<2qmU?@IwR6c=+)MYzD>mlYNyc1f
z-7qi2X4JL)EP+d9u+n_f{#@UY^{R&OL;D!sKzH3a<1hB^M?(nypWczGji5Lf4b}+c
zc=i!QY|&jf8K3wKelHsI>DmZ8`!I28B<r<u#s&+Xe5M;8e0-U-nrE;%lktXlUIf!&
zcn?feh>Eqf0?rjgkRZIA>V}1aZLOPwnzims;Ids*zMy5%bSEY#HQ_toz(vK#Yn&v0
z(?JlqyDO|)H3)}?2kQ+qZE^p5!#|h2{p@R5#p?LaUyl42DCBToe22zEyled~IQ{^L
zOPS<H!P_WKv)aq@XR&@Oa@o)IxSWu6nt*=dII5V6_kQ2Ve`DKE)@))+NW9KB$<P>S
z9}cx)*NfwGJRQ?Ez?<IYY;sR~(J_X3o8GD9$|o7^Ar8l~H6uZG4lXKUE$xi4s&V8S
z9Q9lN2C1)=k>{dZ_M$kPqSDQkiR}Ee0q(?O)?Tt-FhNH|Hfb)8A;L;H3{|xyEFmKx
z3%^XR%rpMI&Y$n4WYVJ+h1ubEOyCVG_Q1jeefT~r<^a50A!#hxCxXY%L)p>byjK4$
z2Gbrp>&XYVjvCG%d}>kH-gVpE-XDkidpjQQhxf<VxA&WCBSm*fdr3_b3j-WDu}NrM
zNAAks{)plxk5mx|c)R=D-ke`wNC9&+vgvhEsOGWHotf$V*|tYCr%?=?f<wgi5x<X0
z>+HFYpsXb885*2g*qj>qc-+HXL|}$h#eBZTrBNN3Q>9Vie2v?B-`l<2f8V?5Yz-?j
z2RfIdOr!?m6DD6KTPoOfIsn65M+q=5f4F#i*NY29m><VgQuNqd10Kd7ULWmCsSng~
z7pxOeNr$uL!g)xYX%<#QQ;(>Bj;&>45Kg>Y9pwGu=y*ktE7!&xAs?PVKyM^RhqY+F
z*q4Ma1601rDY$6OrV;`(zdH4mel+>h{caJXpp)O|VxJ~Q(DDgjh#Rg+v8z+<;9h@S
z=j=n%%Nnm-yuFFg{RJg0ElH(vaFESs(|mE8T23OgT-6J&IKTRvEvgCHbE2_$k{IDZ
zEGmV*U9z>-4|{-_$0m@EBLhjKzeF>`>|yDp{O~{z{kwCBke&#aya}*neh#laihD$n
zv#R5@=o^g@EhZZ|q>QzE#FywIl&MX!2imd9wVtD8P4g@FM{%j=Aj<r+u0u}pJsAEJ
z0A*J-Iucrjyc9LcEM6zv5&8J85qs_EEf_V^K7f+Wj(BOsTSG+|6_x>m+qc?~6rAOx
z){~_O|9fNW9)oU<76zfJVw$U^WT^bofH-!Q^<vFSUyZQ-tKvJAG~c;E6C<!)n0T`f
zX3-Ahd1KTW3EINz#`S!=N-B=rrrA%Z|5UzEa+?xK_DLjH0-<9^re{UPGLx?D{ysk&
zG5KNzEn^ie0WA`d?-PPt8Fr!e1_$BDISEv05laHaD<X^VW>+pitXFrG@4yAv*|%Pj
zmH*!KU0~y`Fn*6FCt0S#i}|*hMJVIYO%yHOXV)DglQUFh3~fQ$kwsLkz3atFiXMj?
z|FZW<$!LuTr)3mY9s`wVEM+zUd9Tpj`b(o}1~ZjZ8r>60!hWPNNZ(8fGYQh=?;Q-s
zylKoZ#q_}Zj^R#Y?S`EW2w~rR9i6pZzMKis$QX_5m7QcQZ8z!U$bNH{a95TSlL3R{
z-X!2MUsy|#!IWE+6=qit?K3BH^DwuXExS`RfA3fGejWOSFMxHLGgii0S%FT@Oe?zm
zZ32uGtudJ}KU;VXOluUw#VXtZv#(?1CVfE^-LE(~ll;nwCVTK6Mk>_qkTu&nUT;p0
zm6S=wOdahd&LBcPA^1JI4sTicGMI7`7Kh?OlZf?e`(Oi@E-9CsnXNBC0jm(g<%L4D
zuZy2s2%Ai0L5s9uQWWe(hL6j=$K_$~VGfr<bc@ligw(V}AHuXhm4*X>l30&iv!FlY
zv%vf;Y){1{QIw`A!iJDUzGCXzC-CD+**T@3rc5?x0(rK)0=DD#1Kh|7;h9J~+>uFw
zj+K^l;=s+x+h)|fd9!e9QIKk+6E}}+wostvvc>@77aeeOnw<j+h>&dh2A3`dwvLKd
zQvf4AdSMp3^-obVYJ5ECu4JowzH^sT7J1aH@*H|W9EaISAu4e&Qh8x^nd2)@Tj4!b
zc!(i6GEIN@SRl<A9vCK$M+B$RLm|M?it&d3m|kTvM|KT-6=$$-c{zHV_cnkYTTA#r
zIZywXJSjS=CR{hkLuPgj_0B<_B9N`I#Dv9#J@A4@Q`CP9<ui+7w??){o@7S5ym~M*
zQ_UvwR0(rXH4l?-T7iMVS?4EZTd8e=8m5UldEuDq7)6STC6*!r6Tl`lZ+$*~loEkf
zj2J199AOsi7yyPW{S6?6nZE!<v;!Rxw+M5$DyqJSDI(V8XHwfC_<J%_{&H;Q=1Vg}
zYgBRw#bI1{zAjUh>M2DQw`Xu;Nu}FP-|mEa8V44~lvS*wF+F{8Io_OMiJU<jRD-I&
zXpp4lum{W;iUb&r#%@Qw6P``^PspmTHS@QKbL3Y*y<f6(h!P15M)J>n(gFmfa9G->
zoWt-9jqWMP2RXH+;Z1_$)?l+!iKGM70rjxG6aZvB42Zp9tJbU|4GM?dMW4F+M<;ob
zDwuT2b_gMZy7?9^HZ}1;{R=TF9NZ+!-rDkN_sikr8|YMNqGZo%Ej@`8!Mqf}EH}+b
zQR=dlewbiU=1gVp+4TbE0_UFS8@JVAjcB|^$>b6=WG%i3HLa6;zwoS<(eFue;b;5>
zP1t+-xvP3I)mq(~3U+2OlZ5dDmQG!lN6yf(*#k=>htX1ac{8wOjm}X_@+@SM_CVj%
zwQFeluI5clTJ0P$+A$+vE@PuYu91mxdvV*d{HD1b!TCh;!HQ9XGme4MG1&{*Qx%4!
zYW}vv!ods^{3YK6Iawkg9v$Cr&T9JbPcABWNqLIvHf4FtgzdOEC!(}37|}QtmT&b1
zUe|_@^qQhU%8qcq&l$c31(Mb6hy)>H;9~nwV_~5?(=>A$!z*R^2$M_0a}Z+WV-QYX
zJaG-)6laTy>J(#{@0f_AVu#{mY(@>NAIgt#cLw|*;`v=gjbYOa7Xok0)F&kuo4#{Q
z5xW!-(mS|=B~|DsVCjZCat_mMd_gzkQJYjLJvX=*N!g)&Z%jGL8s(b6C2uBu(NDwH
zuOO9~M=W-p!6N(=Pomgo0kRVm_RBTG9`h};6}}V7JIG%NpjK(=nG%nfSEPXh*ZB?}
zQMKIp+0YYFD^{l>`R$Y0%rJ)0>UcJR-q5mE12PMn3Y}0a8xA~^G!@l)#16fRwBmy~
z4I3QaT1^UM(9tEzAq@l2GD~ewJ(sW0i2im9|9w84SET3y?6dWO#fUKGvjrpi(LWTW
z=mRWg;8r9`)}n^5px2Z;m(FlZ@dA=bUS()mnv&X=KCS5Z@3U_1<k<_w?FFEAUd#F^
z!^!hY9cNcm4I#2{JjT=!H*h-mPy&aoQaOR!!@(8*b$Z$HChk=JVqay01%YOCL3gI9
zsLj1MYsFD6%#dv(7`mlNtk0XZWIcOuEZHG(bzv*mmG$5rU*=X@LL-C}jh?P-{_4hR
z%?Fpmnd~T}=*d1NHSs(6AL44~v%+QJN_Xm1sUmKgPx8D;2p%FF>uTrOsf}=Xuaz^t
zS?3z{B{<z8hs{a&6@(VWFN=h8<?^kSk1fWLoD<~jgGuSx%hZENdRx3wsu3DYot^_`
z+CqWw35aOV@N!EnxJ`IA_Uj(12`Xj7=|viRSk#8-2?~D$blSZVbg-FQ5`zZ<d6l5{
z%xk<k2G5d4A+b|)MF+x7XW_%=OlI3rBkDq<663zZZYrGs5aFFE!?2E4*HvKWdQ7ZV
z^`&D~&iIP_mZ6J_myexGh55Q&kpiArtnLZ~27wm{yP6LJLL<6d#AZ>dcYROk3NS_M
zZ@rVu@&Mf9Wn6AQRnM&edxnYMr1;ioA~*bV-O?%%mafdGBoNo~4?E6+HD^rCoW%#4
zyTypwOC`_hL^gEknI8=Os5Y}@13Y#6Q=_G8PW2l@{UHWtd1%$Jy*0J~VcxoYzT^{`
zV43oE$2UTMD#;u`1RRbsjfAsXFgB-_x(rX){j3sIGL)<#%bx7w_zQz8ri?AJZ7SoL
zR1tAvxex33#)|q84Hc9;lSQCPJhd21wyK`^@@^Qm3p*@A=DZk^F^8>p4#W`K{R1~c
zn;C!dSFOH)Lif6P6RVn3>Fxza<jq{b1SNm-ubu2=eDU8(tXI4>Md!@)q-YDM*!nLc
z!1EGoJl*kO?2+n1)!^T!oh>mGCF{_J(`PtUvDcw?M6n8I((7y}8qu8i4J}L?dz~@k
zt;^_VI4VX$D_&(Hj{KP#(c1>Zb0%)NL)I~+x{bc93%uWVY440<4zB|8_%f49?;Ji9
zvyCqHW}kI2g{MdG2P<yW2C&TK8r_hj)@dZpB9t#fe@sZn2OU20$V86SP^3JxSu_6B
zEKt`Hr2vpoB$2ElB!?DjTNRlXUDF?D5T7<Ja{~+`HQhLgdbdTI(&fIKg>$W}y@g2*
zeLiabcC5If+dE%y%DLejTG!Iu4l51WDLW8BF_PwL?{ln%8ct$)q-(wT!c&(Wk`kYY
zs6<0+(t$zOUy$~cUh6!%$}iN>=wlT<HNlpy+>STGKG|3P2#8V)qR2Fqva^!s;5(*~
z<n<Lv;!k|&HvxW&SlTWHxuwC(DEld+oGsq|AhIstGw|Y04o%YxfS!uvx!*=L>0z4N
z&TD{9`O~rfd=*-HhFMk$nGnTnb@Dkb;T!L`iymS^*q<Jm#U#eA)s8z)n17EIK@2*$
z(T@uPtuMSE-RS>2`WLn;A-taxd%Z5V&)?%f{|l8;|Fs4vF2VO%H6qCO&noT25r5D3
zv=RS<vAtd|)Uo*fy<YYIp7VTP;SRq3=P*{pF(dvDwo`k({~r5a5Tk)i>n886zoUR|
z|AV?%8e!tkgB^WtKHT?-_MGm+n-p5A6lQC9J#G_&yTN?7&m;RF$Scm7<kP1>!?MtW
z!bf@f1tM2|_f%6$d=-e9RVq5QHL43|9k&yTM_12gs&kXO>it(Jh*9kueb2OrpTh8<
z_+n+72J0c7eX|K%+%T&gqz3@J$BvfG2lS`P)!UiD?Jo9yF66w%H-Wx#RUV@=<X|fu
zloF2c@w^EI=oFpXbji4gYRb5X`+qw3>7%9lObNsoo^gIj%w#q8D}0Ic3dCx!YDLlu
z(PgqOlc?7d;P`oYJpx_4FCL$#$9u>2MR{+^=EgSob7d|cal6+>hYAgrsrwzZ>e)7C
z8m_f&-vX>A=-BjG$4UVq`lKW_-P~D9tMW4p3ez*l+dl7a2M5o)ds*&bBVYB2d$@Rc
zxVd1lEG9$ptzs->F2G;w=hP1eVDK}2<&ji^7Z;TUfSob4_j^MM$1(Hz&FaPKM6dOR
zFz{;G7#=X<C*VIt;vE&yaWv;q4fGyir*!0rxC)4i8>5o$p2{Ss{sxOVIXQ%S+{REy
z9s4ru6A)U|lV~#N0pgU{$atpGh7)32VKH|}D`i)heA~piL_PdmpPc;uPraX2^U^!2
zi*4dSYDB44d4AwR%Ma_N2=cW;TM9%StzzIGd~2$i-&OtNKFz5WRF}TcM;y?yPrptd
zW4#T4u<HK@p7108_qm5wm}-We=Do_OB1~kFL}~OKtUBQ{j=ZUbokuS7=Q8fhfgnuS
zV|@_uai~;suVM|q-zTrAv<BYRmfuO)vF|HH#R=X6J<vfAVVf3g{&9nGU#WgDs!g9@
z<8OQO_P*Z!s|b$!Ke;_UKKbEZTy+2aoS$D^g6g}QI-h(%u+1N<!5TCe=yzXRt~S+O
z9kwNv&+_Dzu7B+HiV#<TAh&O>AKm`sZ>Hdj@Jl5IT-O^MoXrU$<bMlD%qF05lPzTh
zUt@8Y8^WLO9akhf_JjK>xTJ|~e-;)pQ6RqTw1kyOoxp>5qj&;MZ~toV`x$M4KCC4=
zE4}~$w}@Q(+8GGp;?2VfHeFz)=1qxkH{~Fn_=h$tUP^pV^679r@xqG-HzsHkT(}`v
zi+w7T`3Igg!(^3!&DtlCDk4c`?*oPGeF%X#ILj87*QN&Bqky7tQaCyKMZv~K;E?|r
zbqE=<uw*Pn20hBGz?jK&Ix?Vr&VPeXuIMlhEMCc`j?^!MLP-{RcJ4e)|8~acA-VSD
zpP<g%i<uQ@r*5?bH)@vacvpsc-)Oqacs}d&pTO=`&&}W=?BB=^iPKQ+s44a%$!G)x
zs{n5Xct+|J{^uC#=g|FpHOn(osqp7|{0<VEg<+NCVznCIrt@$~(N9FuG9?cS2)~|=
zd1(arjQMz{Q*lTWNaOs*oq_Flo3Ir;h-8%cFo+jLlCNJ>$9<j@Njl$`;o%!iU%9={
z$1gaUYuO!gi>7UGgYeVf&s>5tmVw-LiDg9+?s4g-E2N8bK~`+$0#A4Anq75Vjg`FR
z>LV__l2zIeyjp`Pa=!UBwrHBbB9C}UK$e#<ZsxZp{7#QLIQp!PxwV5p)}m%tt60^B
z3eupe=XUnQs^3xSpBJ}@8~0QwW(^fsL9wq+4g{KFW#X-t7e2fuvr%#%Aw&2=j6lAp
zKE^mqL}L{Jz-4A16Hw*FMTnW5ubJ~QG+Mv`Rj%DTXXA&pqMR-43S4bNg-Smgt5cZ)
zLDnlgL5>&n_M+P&><+ImYOEZer-!Tda?X$h@^t%xN5_Hqlprz9{=Ph<CJR)F8?U}G
zwR8sV=0?8!X4~!GKZW1Z#T%Kcvi?MNzh3Z8(?2?Haxp<@z58sd{dGqF^2dx82><5e
zAh4NOVr6>WH~Cae%a|}gE)EAp@zV5+)qSkwZ3O=QQnvG?kl!!=8AutM|J!N61gLjW
z5c@=zM__Fo^dh;Uv8+8oRI5nH|6Jp?1w7Ex*#a&FPi_Gp9BOO4w3nN%ehx|pha)C%
zaESeQpYt4KSFMA5yiQePk^p89Zz{ETYTgfIdo+<tM2Q|p0%8<3|19S7K4jo@LV(Lu
zHPP^SH3FuU6PbKB@spv^#v}HVbumI-LZoX|e;KVa9GSqEqEUeRO~B~~ZPkq9-S8<z
z#>eo$29E}bxpb)ZkL%t7ncp5bLQR9NcK}6bYfhy_T2)sCXG8kGAKG8k!+>}ZeqyN*
z<z*by&h)wL)0$WCdo0y%Orz$cg1s2`-~L##Ui4kuB#9Vwi6Q`m5;O#ukWYE2PN7OU
z3_0M?aD-&s(~0Dkyk%u2V6GIdaND2Cy#2k{JpH{W_&Nl-&q`IZdRhroY)@M$m+zZ=
zi8w0O7oC+{e^;;b&erXQE&*XS%r}>|y0kyrKVg=g6nN8zg0=oH9Q2JWfDYHzNj;AR
zjc*wXuD(z%?!jyXL7Z)y=*aN-7uEF6J!ZAdEtl42+1hs8A+?G@yKCzB+I8vK=7XkM
z#nyoKzkrr}v)fMry7zEAarJlqK<9~p-d}0Cqhk9*;ShVB?aH^Y;^DJw?(ukN%kJQB
z=X0y27j!~1kJAC7>0Mske%rtDy?x^6d+t`Se|QawD|ySEL~(uMU1O^#Tk0OLOjud=
zbzd0h0@-)Guyuj1dM@e`jH|ktuC_O9aO4>_i{DDBgm~QA>=$(**H??ZX)5eaf4?*?
zugb?+YfDMtt{$YA&myhqXxz>C!kQ_bcnz<~kyTSvus+c{PurpQ&(sX5yq|$SZa@f_
zXQ11OP@1lrh2G#4&+i&t^BeOu#+_bRzv)>Akeivv2N>ACM(&6(`B00~+z|;gO*)-H
zKe2hfh5o?oTw}s=6)%SYW7uE*R6m=N(PYkMq(n<a4|7H@kTliaTiZX4qEU>p8jJRU
z(TrY^Fn+UwYj#LGG9W8-DUo3#MLLYS?ckigJ6kH47>L#`lCxX{?-=cd`^8I}Muz$w
z?O3}4S(GqeDS&<6f?Aduezne4b1cqZfd3P|M0ys!A~oC!>>?dq*u01H$5;bFeoXpL
z&X$a=a(_Yf=MRZa<v$RQ1~3d|Bqj*JAM>*4NUgzAzsKobY3k###Uhl;2sR^fLP>=D
zuQ<?f?w@>Clzswk3<X(*>hvS?q1x9r{XUf6uJyFxRFGorua)yRac1;;Z5oZa%2PhN
zm%-Wh)U+>@rj|$S&VBWR9nKJW!G?)*0rTt1{+PZ*Fkj!jFwEZV#GWB+fQLy-{LOdv
zTD&8qH?kW_LYtAts*o~M>hIOcek$pka=Ub7isMp}g|FtA+J|-Nfvqu2#z;^t(D;%z
z90?MncSJuMFK#Qy5k`#bkX4w3XejWPv)sEQPaR+!a2kBY@VBrkT<$ay1;}^v;i~;I
zpJK@qzi)iawL;VW#oOHh*+R8JI^`^G$0w<=K6xx6))bZ`3FnKC9e-ZH?TLcJN%SMZ
zbSim?qenZ~&OUHq7-)*xl-7n^vryla&Fr<HZrjIiv*SlHaHz@6<hv@4nEdq%#B2ab
zNBF$gB7O}(FdHzTcJ_cq3Ydt+C~+ejuF)q5V;)GXX`=M*;!@`Db_q1s6KW}=Rk-{1
zUGwI9jEfqwLE|q@yd{8O8dk#>FgraEU01#%QfF&)6!yVuwBXS>Pi)2XCVMvU)vB%Z
zM=!uSwM_oUhF+EWVJgBHq9U0f6@H{gK%$ZXTiwod<>AtNcQQt!Bt_0*cZK?m(jk|#
zr9zG$cr5eG{A`$4wUVLp$$9XU#aL4$%0Pbvb~+%({AVUd7dwP$QhI3FUTtoMjpqh*
zN7emkdIAFr85+B5(Lw_^vCNb)41TR-rwLx9W+TlUp*}{)+}e)mk0inC$5Q+iJeWcK
zRCc85+|$$Nf*EEUAg%jB9~Fml&N@;Vo^SZvy1UxTj|;s{?#)t39N(*^+G&~gD!Quq
zm-W5OySHySv&)>4K!+-(_pg7GuZi4ko(CO4%5GuquGF!iKMe2av<&crFKvGjlFG>a
zi9<$VeluaX&p8p8EkT(LRTAaM)w+A_{rp(VW`Z<0a*Qr9ibi<2yEr}Gco5!{9pLJP
z+F1JFnhR$Bet>6J9^JJA*m(GY7hkqgg2qh+2B`j_jOt!UjgLm)Y`Ueeq&fHF!zSj-
z@uJPfeJ}QqQW1#zc?OJ715$9J&6{HuV_46^2>VJm)K8uUXTIjw))gw&qqukK-%xXM
zI`X<OIaI?n;cLvkRgiz%hW~d+gSfEb8u<Dnk@+(naJGOpop$ye>=H0N*TzYAo}<w;
z4eyn`L%gVP-*aaB1WGRyB^8S}7x<_}&n;GuGT6e6+?{G6u?p;sb&+ly?L6$6?B)DL
zmT(hem3wy#Nf4qI_1Ot7SN_hzO;I+joW7NRl3I`ZhR)llCE1T{bkYum?*w(y?RVjJ
z&bp9g18h>V$?Z_1RN-VqCt=1zR7vT8UpUDjtS!VS)-FNa@!SfUM$HC<gi08c;SX8K
z#62yJB-gi|Ex#OSB1W-iEdwHXl=#JUSU-`M91WaeF@z|(DZ?G6+mJk*23E>AT_6ia
z%T&XbPLWKd1u7`C`fUdyWapuU1cvV`SD~~hZ=%EVatov=4J|PUNi#)XvEhBq%n%?N
zDkB3H01?+g<mi>%JClQ)?Zq3ctt?pf=cz@=6MfG!(L*Sg_fpJ+)<;=4<0Q0BFjF(4
zUf)|WEJt086&_jVsCwe*DOs7^kt+1kB;kt3iV{@N`RO)Qio!D}#54o=3^;w+jCVzg
z0dx8O=0@e1<hh0LN{e5(fcyH22@-$AC_`N>OSPFQcoqPNEU|^rI-!$ztW<w=&Rp06
zjn+}af117gPSd(k-XmXU=GE@9({=Gvp|+D`(SrPGpFm=^l#2m4{Z$H#QaAU@WTR_j
zES9pc88|qw%8~hd;;7btp08Bsmu+uz)0292AX>|B0sMV+t?N>mq$~e)M_c%ANx)E}
zx`ddEO5EbV^Wyq`34y35jm4LXbzM#j>p%zIJs8K)-jz3AL8-abwF3AmCyT~;|DULC
z;2~C9{t+yZ;;E{&()NEWq8%$5S5N$BTZTl+1A$Kj6tS9F(tpNP9?g;e_Wu6RGwz3S
z=6}BNFFFM(&$sGEy%jTHQ#}8l&@y)CEwAo|L80}=SH#mCo>aMz@QS<2Kb*6IchU89
zsY4co499KdGI9BGC$0<SwDlgdMd5EQ+%seaDF@IVa{@L1GoN<Y8Gua6iAd!^^ySGf
zGOjRL0sUOYK^9_2CV!fCY3vf@&Upl{|1i+Vw#+D|I|7XdWu|bH3QhtdEL<Z`^Joaj
zKGF|PH)KRys<)$cKPnKEj^+aV-B?NF^qKsEJw=nW^qwYl66CrxC?DI(WdwBS$B&Vg
z+=UY1SicV;+-K%vhG`7)ztv2$AOJ+JHAO`w_aGG;r!-;YNBX;3&T1_nb7hRPHLpjd
z7gRQR2DK=q#41{u_YrEu)v+{)svBvyZY5^fHumergR}^XekQ5CE&Nh5WUqqGnWFg8
zKuJKO6ocUk;jcZ`c9S~I3Aev>XDGe+o*4DyN;z0$(h0Y()JRNm_76G}d8J#BD0s@q
zV<k=0x=&S1fXQv;^vRv$lXb@*8((ybD%)zuSV)XGQzlvg1&KG>SdJx4WmP4*2gP^c
zX|0jiV$k^{x)^r0&b%^UsF2fvU7`Vtf#}Xnia4?Xkn&^bqirObCfNYpY_U1raU*<&
zIVc2lo!_Wb%zM)Q(o6@DAZ5VdvT6;IJQQFzyqFw3MMFT|Mxs?Tf3)&~+SBUeq*y9T
ztY*f5!x~tw*CfW5$_LLP|ATq?`qJ)!!Z@kD*HVxppNhK`?l=;4alc+c)LeBJm*ytA
zWW28wZlr;sW{^P!Gs(jJoN%N)4V}3-yYCF-a=Hk%v@l!ED{Fky>}*GMWSx0$J#HFm
z{K^x-;7Lh7=HAc>7(Z1#!&3LyR{EJ?-AYqJT^SACj>B#3`jPb{#?&FbDi>rHEru1L
zjP=E!**XDF6_YX;)dX!RU!3cED>AZmf*jNfy~^#$hmM8Tacgl*vnpa}QpxbuR0HEX
z>c`m62o&M5BoyHrA!>d&(+7^PA-lnfylo#dNOn&`)P6ayuCEVuDqllxErh6t(jIY>
zg+E6Ay4<A5JT&!>paMA7XPvF`PQv^{0dtyIjsc$!SAllvqE{C@@27i5Ga{mia7gy{
z{uVOq*HC3H77-lTKTlH0qcH1lb;M8uKG+dGF#$JZb~W4z|A(gV)aouF5dHZ0Bl^+J
z?a}?oe|2kZ)3@OXa{W@{<3pK}{7}GVyR+u>PftSebI3oM!U$&wuQCYsF=OZA;#b76
zAZN*b5;;6$2K2su989KC+`pM$2cC44KnYlepdVp1)y&Co7R(2llDXhc+o6&ta1{Z}
zK+(jIlaEzEe7pmf?jNWbI1Rmm2<^-PRFtI#5SXpsXLOJ=ItD-z41sQlRH(I8Cr{v8
zW{4v;TJu~pSdb<5NM$bpwP0(j$f`%unj)~0h~Os_@w6nmt|<odm<8d<maa~to;_@l
zQaz6#wOf8~>6+p&o$(Zo??V{<MlYl)W!kB|FFXe6e(0CJX!qD3PiiqAD9N+r%2}Jl
z9o<B$xUfW)Dub_ZV-4g@2jH(%8IyROL3JFj_H=J9CX!1p=(}lJ=tKKpL{ok*6d)T_
zBKL2z?@gX*FD!g`nc5uxol6$@iCRaGVQmtYy0Dk6tKyU-V|@39su!0naA7maIWd3g
zv)tgXe2yqRkj0csz#2MA8r0;DxtuT4H2r5J{mYBBNGONu=zOS3llp_pf=TL7`pN+=
z$(igF4K7kV(shtL%EVLQ)hYKCR=-);EZ%r3%3xUYOFaA6dG)_~Lp=LGdV_6~=_`KK
z#b3RFpqkxa2|dZ)s56v89G*0RKS-x{u^&ke-0zp?Le)sP+ubeghgBz{YSReq#TJ~*
zh@H$3p@GE!a^|$grk;pz5RA3=8)IKEI}k!xeWOQ#(a^ttHMKJc!TRku81V|r#6qPE
zW2m$xe_$Q{6{0VU{Q+JWfRWFI+mKz?*Q-3O8kap^!6WI&X6{{Y)P510ao-oE*B50y
z>7HjWjNI?9CKSV7)2hYm6kjCg+nSV`KeB!)AbMRS*ZtGdn$g6T<B9;Y-3({r_X0Z`
zv`lJNN9&;O_wYvjqgPn9^+lGp`O+))(fLw&yt$~k4)b2p)VkDZeb!R@7{}J(XSTTW
z8{>~<JQ3@2{R<LedKiZoyVha;rN`G?CdGrEC5Z#f9P8K!tK*HmLGc=q*<sC!S7QGh
zCY7^EWer5Ni?**6spF-7BRTxAIkmV|>kYp44eF*rKqr6mb2Yxco*`U7*6Ya*J(Jc0
zdAq+&svIBN?-tFPR|bBk$yB+V%q9Hb^D_M>#l@^&N9?|PB==h;wgNc7fCcZlj`l~=
zS)&7IV_UgDo+sQiI@aw2zV!oP{^4spgxv#kJcQoy|LIX)Iou;l{0qsgonxZd|AyJ^
zKhriABmcES*6ZQ_+DH`Zd5b)<6#egFg%by#a*o%o-nln|?%oF2jPBkW_>Y)}!P=uM
zUB{)S`gWSz-MDGdmI5!|qOiS2uMbh%QVDkz8)EDaMz>qQ*mvacSu8F5iiTem?YP6~
zsd^FM?(Fmz4{AviWQSjb$nm0tu7$O{30N$!;qKs52=7W*Y}1?@p`x<T(Rxioz6))u
z9DJ!Ff}?1wM7KNDst=b>b8u&2?61t`UtOn-PPF>$TS|lP4{M4RH<`$Ytrd}}V!-it
z99cNj$qss~7W>4~`jVgP-J8<R@CBfeNIGn;Y3m$6vjua*BP0+6Q){VUgg%}}2x08a
z(()PM=(|d8X~PE^`bpWp2wwS0WG12VK#Z}F&=*X|JNhq36^Qp|lgIw&_}|H$EHJKn
zul1JH)6a;FSSmYPD?dIc*B+9f4t+EsYZ3w8%%LJJVwkD<&tki|i`X((>yalt{s!xX
z6;dQG-XR?xHvcUu&$ns)1&nU7*uyffm2|;4$~z0@|1ancEG3d2d@@%{%RCELOZ|A)
z-o|#<g`UfzdT-03Y^_#UmFgBCPTh?Jt;4fosbXz!6^H~*RYur-b7Y-bsS^H<zxneh
zeA~EZyDflCd!kH(P2=DLJYjX=A1yp3zV?99{@_K}96scN&OAW&?(SDFZVw;5IhzUo
zpsT+!i8pA*w7ioK^i<~OcQv;i6a2#D&HJwI$v*wj{khaOk9g*5Gu`IGUPWrMm}Pq)
z#MSCh_q4BjO$hacsDV?5+*8K1IABhXoTY=>LJXP2R@f+Y^8DKq2n~QYP~<O!?6bmR
zLh~t<^bQ$9i(5!Lp7n)wyK}L6E&%^kGk5o$Pe<|a$JZRp!{?=GD>>4D_mbRf9{rBj
zn^y~65@|vxctXIJiz!=n3PXcPC^}U}X``8Cl##OIK`2@_WYn_7Lp0F(r+Y=a^iHx$
z>9iEA#o}TxZ1jdRj+D;o56g<@a=x#?qoPOYj4Mpw5kpU|khfhz50m%i^JP!l<uc0+
z<e#<_@)@nKcoizJn3pIlc3x`TkE^z<EsoI`Mng^##d}I}Xy)z78X-t=%+*zkM7BqX
zL*6d|MOr+gj?<#SQl*O<6I_ASU@EX1J<IfPHpULsVYa`zDD>=!PU@qJqn|D!$Gwj1
zICHNyb5dj3J-asmfJkw+JT?E7T`GA*1C{I~OPs%XrIqwa#tsrvSX8LgUkvG#nFHCO
zx+?ep9AJ_ayn>h?*yxm1hS=@2RHJgrO&>Nao{PxdYS8QQfs&$52cGdAV){Y=EGxLl
zg_$D8E>0skc?G7<x%Lfm`<ikkp`4ira5|K7)d69eP{%(IwCHWZliuZ#(0LSa&$6k&
zNV^of+A)y7z8qZiO+!E=_zdu+$lbjfrYK~fMKTe!jBJ5J{12zN!KTK#C?XSq_$SX%
zfU6dUc_LAu(heC14aakmO!t4h6&319eVQ`0$<j-GPkTl0`Gw15$x(~ykA@--e+FQ*
z>%*Z+b_0?x|5__tzy0sl3WQga2)2QuWQV~%RpS3LR;VXZs~Pn@YmyE2VFig1PoZ>k
zR@+{>R5u|Ur$kvRC&ROAa{}?Au~-PZ2OGH6Z__xt$fQ^=Td%-4mpQX^e}QKSmsl8C
ziDBr`zcOK%WDa$V5>l~H$T~_-v6noC<Pn<&pVBi48DtLV?7}IGw9ivFDz#QG_{^Gf
z9kY>)C)e0FVVx+e(7-|bHB*=>*SLQeC*hQ#u#*>~`QtU!i<7Xq9FL~fv#wNu2kak`
zTMEjua}z_9*rQiXSoIcSsbP;*_%rJLuwuMUG+o})c1u6WS1lAeotd@Z2>{uCMB_>n
z^<F>~edO&7SO^Fn)xXb@VZ1h%I2N9!XVsgOKPKarRTx=QU?iL6OeozmM5G<N_;i<b
z7r=CzEB;ZDUKG+9`3#n>b28Q<BrCYfFIo_@25hbu6#AN<wLMEbpziMLz=JPtG!qYX
zztwzP)ET+mg#v$C)PU`cA1wCdgOgyh#+6E^581#7SAgYk`8Zk0QhC*ug8}1wq>b^F
z@xCuL^NFZhP04?RE+iYkb!MW$i>m?Gu<^eo9Qs)GbJBb1K{|iCh-7fB#=2jIb=#nX
zw?2lst%rNl9TJ07<zJ}=8lD7}a{uef!0+Ej8Hf-6yyN>ppM^4D<iFL6#ZAVLXQt_|
zd9*Bc=gkz5qD6_Mt$HKr7c+j+7O(u2o6EXKgF(b%va3CORCa~(U4cKhm;06Tb>sM`
zXK@WTOZ<LL2~;#&KJ`w+K9%@I`<GcP;X%<l5|Ro{-J;JNc~&E;-_L;hhf^DILms|P
zUM>M1pSzo@w6wjbIQuOkVt*gc=fmss<9$Nad?pMC;V;chH(<W27Ib&u22);@cRE)8
ze<@1`eQLgdqmFNT`Q!}s#iX%&rk}xw^kuQxiYUr!Lt`&*3q?tB5?9mH^05p#OhGU?
zX{vjy6A*a&tlUOY!orr2A}Z5`vNSgBqi^+&ez&jpIfX|X15E=fR3l$Uj;=me{MEE+
z3?%SL3$cHao-B`*xvei-*KoV;c!kyg=CvJSfJx?;YKEr#+7pWyPdz~@U-`Tyq#;i$
z=Db|Rqz#;E*!0?{Nrk@6JJHC^On>?7eeL(jI18##_S^Jk@d}2i3ZJtoyS?~!#mLRg
z$Ik)VXufV?FN|<Y_!5ZpPIvsF<Bfq6Ym8lKx+c}54yHBJnR4oQM*mY~dT|ALpkMQ-
za*t3Ya2TVMNhkGpL?YW-qIFqCM4m=;{wc0;TRSF5zAj?@bj6|>{={_nKVFiwguQnB
z(1z2g0CWm}n5^`gvrl9sSn6fVYz{m+M|Lr!At3(nh9dJoo$9uSO^to)tT2X1K)++g
z+sxm){!pM)44w{EM0NLN{hKa<G3j?Mc_^3NME0}k61(0$;eMeS*>B``m4GhvNpY{(
z9ckE77Zqn}fL%me1N*^WM@rlde|MoePC7!Fi8DL6!3~RTJPfEimRe<VoKBUTB}_pN
zf$##%ru@E@^2Lsx87<YM+{z|Jk$&D?D8!<jAm7G8_|7H}15E7K+$g3vYXlfwU9c2m
z40Jz6NzH(Vb7tD~x;T207%jmS_;H}_P@!j)9-1PzcaP#N-fzrb7V;V?(udFX-*a>>
z48~Qj*w(oPW{wpT$I;kKBG${eB2dMf5S_Cng~@&qsa6>3jy@HIldM1q;&dY_Q#L(_
z_n)><Sz!*J)*o!`x!0cHG=}qv2yaxTY$5JcP<BcEqKRd|CNI=X^r%=t4578Ew65kt
zS2gP}dq6;@5KR^O?ccRXKJ!)<asT)gCyn9_v6_s&z~6Jp4Ml=u&5Avgve42}$s?H+
zg%47xzw{WrdcUr@;q5CtTp-VrObb+f>e|L&1-A0ofr0beWOBnV&GkQ9JU9gbNfcjh
z=fMZNGrgIZs4^2=$!U?fF!~+sNA4r@MF^Ol5#^YNM!D;I+eQ}GDk6E<%e12XFhlZ5
z4AB}$ipb6sURR^2Sk-;NUS&rUEoFhbA~>hyQAy$hmasoJ@~;LmH_O<wE?qAa8i|>=
zD>>QeVpL@JqLYkUel^RR9#`e0aUP}URCvdf1?M_(cr3tUp8SA1Rt@6!{U+U-DSgQB
z&ef^pHP)z&zoRRMNEB?=B}xWu9B%~dq(;`XB9Y6>5_uyu^&&K`Z1u@}1cJQB;XN90
z9JK1^Gb0flq;%jtE#^oMW20s33<jz%s<)i*9fe4{Ln0C29S1}!fP<-&DjQ1`lLMh@
ztyB|@#F_RO7eyBA3&7aMjD{)J@N}yq*T3GQdN%8J-w6i&k%p?|65Wv6ivzg|m^!?;
z0w(GQNBn=BN9@~SP>zYiffgda^s-Xbj9hEnohA;7XzV_@?4vQNzsj|nyjheEeF*EC
z`c==p=ls!}jyo(K`}@4cEYp1BJd8*C8GqLRV_3AQ@0?ole>sl&@h;s<JlFnOj?{>a
zc^3|<7HOlXOCpm6;a`TzD@)kD*uQKC<(?Egs#Oo5mxh~$E!@2Eu|};GU(ew8N`jNp
zd;=qn;$dLQL*qI;R~ZN_^5d0naKlcESAri<m<S^tOm=b#-qVDSrZPX*u-n6O`@sZB
zM@oTLsH{5bLZu!OHQ^C=!W|ZUfl*91Q8w(csW%FflI3W_<Tu?d2cK#YO3`lFHeZA=
zF0^|>ka?d_jYC;QBvt*%{vlAstth?P|G={>><x#cbz#@kvtR<{YAma*t;ey9Wf>q_
zo3v^+HHYil^RQF@Bz-pIe@X<;Ud$FGxUnZ7@z%-Xo$@@>opZ$hc_%fG6AN;|9fu9{
zs}ahd4kTb+6c6IgSnn6wgkPEO=BHF$Xk@2etk{MBCSpDOq9z)ViVV-r=>n8MLI2`)
zqB-tA<#?a^J0>QR>`G>B(%{Um!(7%vx<4S<|I<oXNbm9_8rF3s66MQ-Pys)6bMgzZ
zP{A~_E*<kC%?g2B!O)8qeSeGH8MsHyjUGS?h9io{ey1($dZjlvS$I0~%*z(O`cB68
z0SJwiW$xlqoxw+`P|t0LpDs)6RqS{!p9K_*1?KbA4)v=4s8Kcpin75q+W=Vlt0Uyu
zIDTl&uO<#17(+9<Hil%b2j6SM)Xvp~Wth;!oY~O<kY0<kH+J!UM}2Y5=AL#wID~MY
zw9dX#VvynPJSuYZWvxvD>sswj-A=br>uDI8i-R#7=hSTR7hWvM7+6+=Z&}uUU!RR;
z>I)*Aa!icRoXDYD)#Y$bi7llSw5!Oo7X2gr@DP7Wy31KoWuf|uy;4PM>N^Bs%}3al
ziG1^K#TQ*zpbwa8NfmN6d`(xB_@A2;V*Qi<iM8|s9B*%*13l_@+a0=z<pqY6f@CdQ
zGmgS$urv8#cmA>9D2Z){t+~1dGAil?Ugws9daD5jfqO&kxyx5Ye6-3CD&F5eDNV*X
zE9xvWhi;TN23L5XIXH*!7<Jk>ie(f==Fr8+4d=I1NiGP6s+Rvia4PHGzy&V8(sNl4
z>6l|~X<VsjXitFb-QJQLJaTyQdEP-YPwpD;pp6;#E)a-jKJ5X-gLtqB(yw^i<}DX6
z1B7m$b%Eq_v5$IrHoRKPA3nZk`hw(<P<CJII%04Dv^;y;*k6e^xz14=7C6om=Q~5Y
ztyeokH(1x$bO)x%bVpduG4GyW1n#^0hEj4ABr5djY}EnRUiL8fB^7>AM1-QK#fDd~
zCTKz@UnK5{&nZfQD0%GnD&}?fDyMPo7v=)~;LYc+1@%$L!3@8LkOWH?v{CfrP~=Ih
zP0u@gdOX=5AzgK8Sw+odZ3mT>pW%SxPPY*uT6-AlBCMgDKc_3XYl1b3^Kzav5=R<z
z6H0Py^859&LSrg5_8hY7r_MeuK8Y+^H%?A!KTaYSe>x+&ju1~PmtiNagL@hHPG?tR
zwbVfP+#W;-4|Ac>EZB$jE0;pF>&&PG2Snqq(;j60zB=@Db^USt*w2&E$85`c%}xAr
zuX%hXbkVs_SvvCANNAxUAx;nVFw;)xe2L*YvZgQj2sd6~{0(il?Gb#lQ9}60DSae)
z0{X`^Cmj}0W()e$Ww4PO4Am>%+8u}0bMTd5<?_Q3qSmgBSoRO{=?-K*)Vz4|ug&MR
zU?^V6{M<@n@;^cl{{_YAM-!4j;9i>=8Zgr_&CAiQac$st5Ip0qm4i?1J^7kZq39-S
zoqNjVMWtSo_R+^`T$<Ojzj4r##NRs52j5XDPTixIZDi2Z<Md_J>02+)_xHD6g(O|r
z@3MgD{cOkAPCwn^(*r(priz<mzt7(Td0bPwnx@-=;C~gx+IlR=EX|m(me!|-TtBti
z?|OJ-+4H+r1qDAkDI6JD?Mna-w9N~SMm;m(A)w)PByLd-%}{4OC>y|a*<<~$Jj+jS
zQ6sXkjw$;CZ&|tT>gy+JT<w$*)r%I~y~_M1`RVPy8?{MA$$5DTLI?VYR-Y)K2WGxG
z-3&Hgn`UGT4R%GEmsS51h3vG=Ia4c#Z+ub2Tq6vZ?JX=#O|u)*y>-J41wck!bK6EL
z?=*EiOa;Dq5UOIQdt~H$P+dN{-N{UB)=@mHf`D`3b-h;`iw&TwtMe<3N6_5m@y~5g
z9$5{IU<}_C_)<W2XHUgNuW3~E=I_X<iM2VqSNk!DTuNKJS(}I_yG|Hh^(Ed&*pDdx
zW?Iq|qEBR7^#J1o6om!1ip@9RTFgq7iy?L?^3vBd@XLjE^~!3OU7<`jv!k;jneTR<
zfR1B2lOD5{ihD<EX^e2x3b!Y;lUr!>QYW<K6&^l2i9DBBX(a!Kh{|(5{R`fdmO-lQ
z(k-2vQ$UTspZnrW7~gQG_HnC^kNd-&ch0U}(DTCEQ`Ryk2*Iap!T;#R|83|8+o$#4
zI_|3(kU|3Ojs8K3<+ncCK!bM9+P`l@k-L<Z*QU_*wO|a@RwS`~0a;y=jiCOhwhFRD
z(bumjxGlBf+2>-W-I=tXHd!G4Gl8UlKX_a5W7!Q=hA$s4b{Vs1p!V*&cQMlsfv*?m
zFApHh3d}!v^yP~FPXE*`dl8-27>4;<*>O5$>=ZONsK-_zK~d=bt$lb%rIgmk3-#bU
zumSHbUm|b0oab{^*-&KDMpu5q<T7hshp{}`{YPfL>%m;s93(sqVBmv=<!bBmbUh-b
z&8O(8a9pTpP!VGBR0*$HL=QovGg^OygnEr{EWlf?XQV;8JsKJYl<p|^=CKM|6d+?f
zZj9OEbq_N+-YXKAsj4o0>q_5{;GjJ!@}nZ>7-jx`C?0lLzw*9PbcgX4bdUOB>|+B`
z3d~id4+s($mFNnGbQwn9eHnT;<EVk%C(t=??-zJ!xqK;)jf-a6BYhrGeW<yMF*ba9
zpC9~=LgP-W=12AJtk8a^*A#!2Xt7Vi*D)j=_{Zv2&OvDD>p@0-Ed02A*8Krg*<$Mu
zG8R?(Q3QT2^|t3i5=FM~Hl~DXmn|LQP019+w%(~B2!lNL)SWj>H9Y#-brVeQ5wzKT
zr1lQlnyzgH@rgNI_^W->w!7u|Y3Wb0xAldGuNZ!6>#hjDJwP0J*4&@e#Q7BXiQs%>
z{KsFS=!ovKcN2#g^hRE>@+v^4d+M+qCj7yl3cpzkqDJ!+-MSW1?ah~(K^SyxdtsgW
z6*sJ)`5VKO@#~09prsL}0=*Vez+jMwd`(+-nsgUgFNe@pXm-HWBiK*Q9JMfLjE@q}
z&9bFMkx%`-bn&MfF!vXKcL}wRtCy|O5r2Lu?QPH-zj>I%J(&AV_7k|jb&D%Yk-{l-
zi|!!$72IbN(^R(}GjQ^*+r#uTdh1Uo<AU!;pDE=n!;S#P0&hLkt>2FQ+J`d-zxDu&
z&jsJWHW$JD6Oz97_I2J*x>xV8x^DN?vXsSvPYs}A-37#HG{~z*<pE@O_4ZsxC1vZV
zhhj2Obv=`Ybk>MW=1Wt&r@++BDzeg=Ei9Q5kX4QAKY6*%zQrn0^tXiFk?~nT^(T^V
zDBu`{fLL9%VZkTMWbYN_ko?F02-E^A{m@y$_`Sty*ZP0HTe1I-_ILKY{r^eQU(gs!
zNq7Rcoa_14w<p6xdNi4#6o*%MMno|9i@E(gOEs&BIf-L5i`hh<Woa^dhB%3_q}K$L
z8|OPtqQPHKLT37E=O0r}rt}kubok@{`BQ-2CGisON=|i`P)az8X+nZQaD4IcLNZPU
ze?doVv0w>$e{_K&%Ecg<QMm>Gue(18CcpD7_<#FhKHF0NXa6a#ldYnn2@bEa6isPN
z#Ne-ixJd_p4JP<%@Yg^t)ZdKL+2F7L|KKm^J?4~U0-YY8h(VBY26xH^G$MFQXXorc
zgWy_(EFxQjFFm<EQsep$c_eb-w$5vxtEprCKOgOnD*ONT?vCI8pCmo-1E2SKp>rqL
z&h-q-c)}hw>R#!rK7`qp^-hmq+J|T0Q}OPl{k-zjW!`Ij(##*QOpAK%|7K<Ra(B8Q
zC^Ak_)naJg@-g@Fmqvix_b%<M1va~?N=R&8-?S5PI4i$@X>PDV<;OFf%glAL%i_bz
zJ?o{CmNbeWr5Y+dZ?DBruvEeO(znLfJ8_)O@vfe*J3QZMyXn4yLK4ZB_7S4|l_CnS
z9WuWB8s6$GRg50y<<3f-{vFT8cRZ`qe~?!_E0zBF-uQGyNz1&Aoox1fnwqEAY;8fG
zey%>ovHAo@xhZL0<tR0UE(po{ce(mN#FTM_VIxvSjT)XWpFSPE?i4ImsFb@KvPH@g
zb(S<W^dbw~a%SE}0E=jIvm5`c<gJ++{rzT6Di6R_s8pyNYIWY20|>mq1TW~6#d3Y_
z8p3OSgU97?92XrD0s4@jW3_lycOyp)0J7;fq0}L#QmN{O`#zT0i}rMva43<Q?g_gl
zXpsr2`&McD|5>Rse>liK?Z?T2UBfGQ2%~AHmZqJ=d~-M)pKf$d=)E7(K%Z~Fg)@;)
YKKbO+pCSG400030|1EwmMgY(P03R~Oga7~l

literal 0
HcmV?d00001

diff --git a/bootstrap/helm/cluster-api-provider-gcp/deps.yaml b/bootstrap/helm/cluster-api-provider-gcp/deps.yaml
new file mode 100644
index 000000000..03054048c
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/deps.yaml
@@ -0,0 +1,7 @@
+apiVersion: plural.sh/v1alpha1
+kind: Dependencies
+metadata:
+  application: true
+  description: installs the cluster api provider gcp
+spec:
+  dependencies: []
diff --git a/bootstrap/helm/cluster-api-provider-gcp/scripts/Makefile b/bootstrap/helm/cluster-api-provider-gcp/scripts/Makefile
new file mode 100644
index 000000000..3ac457f75
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/scripts/Makefile
@@ -0,0 +1,21 @@
+GCP_VERSION=v1.4.1
+
+gcp:
+# Clean current CRDs
+	rm -rf ../templates/*-crd.yaml tmp/ *.yaml
+	mkdir tmp
+	wget https://github.com/pluralsh/cluster-api-provider-gcp/releases/download/${GCP_VERSION}/infrastructure-components.yaml
+# This rewrites the data to stringData in the secret
+	yq 'select(.kind == "Secret") | .data."credentials.json" = ""' infrastructure-components.yaml > tmp.yaml
+# This removes the Secret from the yaml
+	yq 'del( select(.kind == "Secret"))' infrastructure-components.yaml > tmp2.yaml
+
+# This combines the yaml files back together
+	yq eval-all tmp.yaml tmp2.yaml > infrastructure-components.yaml
+
+	cat infrastructure-components.yaml | helmify -generate-defaults -image-pull-secrets tmp/cluster-api-provider-gcp
+	rm infrastructure-components.yaml tmp.yaml tmp2.yaml
+	yq -i ".appVersion=\"${GCP_VERSION}\"" ../Chart.yaml
+
+	mv tmp/cluster-api-provider-gcp/templates/*-crd.yaml ../templates/
+	rm -rf tmp/
diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/_helpers.tpl b/bootstrap/helm/cluster-api-provider-gcp/templates/_helpers.tpl
new file mode 100644
index 000000000..e6afac2ba
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster-api-provider-gcp-plural.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cluster-api-provider-gcp-plural.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster-api-provider-gcp-plural.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster-api-provider-gcp-plural.labels" -}}
+helm.sh/chart: {{ include "cluster-api-provider-gcp-plural.chart" . }}
+{{ include "cluster-api-provider-gcp-plural.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster-api-provider-gcp-plural.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster-api-provider-gcp-plural.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cluster-api-provider-gcp-plural.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cluster-api-provider-gcp-plural.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpcluster-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpcluster-crd.yaml
new file mode 100644
index 000000000..c1feccb19
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpcluster-crd.yaml
@@ -0,0 +1,597 @@
+{{- if .Values.crds.create -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gcpclusters.infrastructure.cluster.x-k8s.io
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "cluster-api-provider-gcp.fullname" . }}-serving-cert'
+    controller-gen.kubebuilder.io/version: v0.11.3
+  labels:
+    clusterctl.cluster.x-k8s.io: ""
+    cluster.x-k8s.io/provider: infrastructure-gcp
+    cluster.x-k8s.io/v1beta1: v1beta1
+  {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }}
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: '{{ include "cluster-api-provider-gcp.fullname" . }}-webhook-service'
+          namespace: '{{ .Release.Namespace }}'
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: GCPCluster
+    listKind: GCPClusterList
+    plural: gcpclusters
+    singular: gcpcluster
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Cluster to which this GCPCluster belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: Cluster infrastructure is ready for GCE instances
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: GCP network the cluster is using
+      jsonPath: .spec.network.name
+      name: Network
+      type: string
+    - description: API Endpoint
+      jsonPath: .status.apiEndpoints[0]
+      name: Endpoint
+      priority: 1
+      type: string
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: GCPCluster is the Schema for the gcpclusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPClusterSpec defines the desired state of GCPCluster.
+            properties:
+              additionalLabels:
+                additionalProperties:
+                  type: string
+                description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default.
+                type: object
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              failureDomains:
+                description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones.
+                items:
+                  type: string
+                type: array
+              network:
+                description: NetworkSpec encapsulates all things related to GCP network.
+                properties:
+                  autoCreateSubnetworks:
+                    description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true."
+                    type: boolean
+                  loadBalancerBackendPort:
+                    description: Allow for configuration of load balancer backend (useful for changing apiserver port)
+                    format: int32
+                    type: integer
+                  name:
+                    description: Name is the name of the network to be used.
+                    type: string
+                  subnets:
+                    description: Subnets configuration.
+                    items:
+                      description: SubnetSpec configures an GCP Subnet.
+                      properties:
+                        cidrBlock:
+                          description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time.
+                          type: string
+                        description:
+                          description: Description is an optional description associated with the resource.
+                          type: string
+                        name:
+                          description: Name defines a unique identifier to reference this resource.
+                          type: string
+                        privateGoogleAccess:
+                          description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses
+                          type: boolean
+                        region:
+                          description: Region is the name of the region where the Subnetwork resides.
+                          type: string
+                        routeTableId:
+                          description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.'
+                          type: boolean
+                        secondaryCidrBlocks:
+                          additionalProperties:
+                            type: string
+                          description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated
+                          type: object
+                      type: object
+                    type: array
+                type: object
+              project:
+                description: Project is the name of the project to deploy the cluster to.
+                type: string
+              region:
+                description: The GCP Region the cluster lives in.
+                type: string
+            required:
+            - project
+            - region
+            type: object
+          status:
+            description: GCPClusterStatus defines the observed state of GCPCluster.
+            properties:
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains is a slice of FailureDomains.
+                type: object
+              network:
+                description: Network encapsulates GCP networking resources.
+                properties:
+                  apiServerBackendService:
+                    description: APIServerBackendService is the full reference to the backend service created for the API Server.
+                    type: string
+                  apiServerForwardingRule:
+                    description: APIServerForwardingRule is the full reference to the forwarding rule created for the API Server.
+                    type: string
+                  apiServerHealthCheck:
+                    description: APIServerHealthCheck is the full reference to the health check created for the API Server.
+                    type: string
+                  apiServerInstanceGroups:
+                    additionalProperties:
+                      type: string
+                    description: APIServerInstanceGroups is a map from zone to the full reference to the instance groups created for the control plane nodes created in the same zone.
+                    type: object
+                  apiServerIpAddress:
+                    description: APIServerAddress is the IPV4 global address assigned to the load balancer created for the API Server.
+                    type: string
+                  apiServerTargetProxy:
+                    description: APIServerTargetProxy is the full reference to the target proxy created for the API Server.
+                    type: string
+                  firewallRules:
+                    additionalProperties:
+                      type: string
+                    description: FirewallRules is a map from the name of the rule to its full reference.
+                    type: object
+                  router:
+                    description: Router is the full reference to the router created within the network it'll contain the cloud nat gateway
+                    type: string
+                  selfLink:
+                    description: SelfLink is the link to the Network used for this cluster.
+                    type: string
+                type: object
+              ready:
+                description: Bastion Instance `json:"bastion,omitempty"`
+                type: boolean
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this GCPCluster belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: Cluster infrastructure is ready for GCE instances
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: GCP network the cluster is using
+      jsonPath: .spec.network.name
+      name: Network
+      type: string
+    - description: API Endpoint
+      jsonPath: .status.apiEndpoints[0]
+      name: Endpoint
+      priority: 1
+      type: string
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: GCPCluster is the Schema for the gcpclusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPClusterSpec defines the desired state of GCPCluster.
+            properties:
+              additionalLabels:
+                additionalProperties:
+                  type: string
+                description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default.
+                type: object
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              failureDomains:
+                description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones.
+                items:
+                  type: string
+                type: array
+              network:
+                description: NetworkSpec encapsulates all things related to GCP network.
+                properties:
+                  autoCreateSubnetworks:
+                    description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true."
+                    type: boolean
+                  loadBalancerBackendPort:
+                    description: Allow for configuration of load balancer backend (useful for changing apiserver port)
+                    format: int32
+                    type: integer
+                  name:
+                    description: Name is the name of the network to be used.
+                    type: string
+                  subnets:
+                    description: Subnets configuration.
+                    items:
+                      description: SubnetSpec configures an GCP Subnet.
+                      properties:
+                        cidrBlock:
+                          description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time.
+                          type: string
+                        description:
+                          description: Description is an optional description associated with the resource.
+                          type: string
+                        name:
+                          description: Name defines a unique identifier to reference this resource.
+                          type: string
+                        privateGoogleAccess:
+                          description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses
+                          type: boolean
+                        region:
+                          description: Region is the name of the region where the Subnetwork resides.
+                          type: string
+                        routeTableId:
+                          description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.'
+                          type: boolean
+                        secondaryCidrBlocks:
+                          additionalProperties:
+                            type: string
+                          description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated
+                          type: object
+                      type: object
+                    type: array
+                type: object
+              project:
+                description: Project is the name of the project to deploy the cluster to.
+                type: string
+              region:
+                description: The GCP Region the cluster lives in.
+                type: string
+            required:
+            - project
+            - region
+            type: object
+          status:
+            description: GCPClusterStatus defines the observed state of GCPCluster.
+            properties:
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains is a slice of FailureDomains.
+                type: object
+              network:
+                description: Network encapsulates GCP networking resources.
+                properties:
+                  apiServerBackendService:
+                    description: APIServerBackendService is the full reference to the backend service created for the API Server.
+                    type: string
+                  apiServerForwardingRule:
+                    description: APIServerForwardingRule is the full reference to the forwarding rule created for the API Server.
+                    type: string
+                  apiServerHealthCheck:
+                    description: APIServerHealthCheck is the full reference to the health check created for the API Server.
+                    type: string
+                  apiServerInstanceGroups:
+                    additionalProperties:
+                      type: string
+                    description: APIServerInstanceGroups is a map from zone to the full reference to the instance groups created for the control plane nodes created in the same zone.
+                    type: object
+                  apiServerIpAddress:
+                    description: APIServerAddress is the IPV4 global address assigned to the load balancer created for the API Server.
+                    type: string
+                  apiServerTargetProxy:
+                    description: APIServerTargetProxy is the full reference to the target proxy created for the API Server.
+                    type: string
+                  firewallRules:
+                    additionalProperties:
+                      type: string
+                    description: FirewallRules is a map from the name of the rule to its full reference.
+                    type: object
+                  router:
+                    description: Router is the full reference to the router created within the network it'll contain the cloud nat gateway
+                    type: string
+                  selfLink:
+                    description: SelfLink is the link to the Network used for this cluster.
+                    type: string
+                type: object
+              ready:
+                description: Bastion Instance `json:"bastion,omitempty"`
+                type: boolean
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this GCPCluster belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: Cluster infrastructure is ready for GCE instances
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: GCP network the cluster is using
+      jsonPath: .spec.network.name
+      name: Network
+      type: string
+    - description: API Endpoint
+      jsonPath: .status.apiEndpoints[0]
+      name: Endpoint
+      priority: 1
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: GCPCluster is the Schema for the gcpclusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPClusterSpec defines the desired state of GCPCluster.
+            properties:
+              additionalLabels:
+                additionalProperties:
+                  type: string
+                description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default.
+                type: object
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              credentialsRef:
+                description: CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not supplied then the credentials of the controller will be used.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+              failureDomains:
+                description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones.
+                items:
+                  type: string
+                type: array
+              network:
+                description: NetworkSpec encapsulates all things related to GCP network.
+                properties:
+                  autoCreateSubnetworks:
+                    description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true."
+                    type: boolean
+                  datapathProvider:
+                    description: The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation (DatapathProviderLegacyDatapath).
+                    type: string
+                  loadBalancerBackendPort:
+                    description: Allow for configuration of load balancer backend (useful for changing apiserver port)
+                    format: int32
+                    type: integer
+                  name:
+                    description: Name is the name of the network to be used.
+                    type: string
+                  subnets:
+                    description: Subnets configuration.
+                    items:
+                      description: SubnetSpec configures an GCP Subnet.
+                      properties:
+                        cidrBlock:
+                          description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time.
+                          type: string
+                        description:
+                          description: Description is an optional description associated with the resource.
+                          type: string
+                        enableFlowLogs:
+                          description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.'
+                          type: boolean
+                        name:
+                          description: Name defines a unique identifier to reference this resource.
+                          type: string
+                        privateGoogleAccess:
+                          description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses
+                          type: boolean
+                        purpose:
+                          default: PRIVATE_RFC_1918
+                          description: "Purpose: The purpose of the resource. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. \n Possible values: \"INTERNAL_HTTPS_LOAD_BALANCER\" - Subnet reserved for Internal HTTP(S) Load Balancing. \"PRIVATE\" - Regular user created or automatically created subnet. \"PRIVATE_RFC_1918\" - Regular user created or automatically created subnet. \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created for Private Service Connect in the producer network. \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional Internal/External HTTP(S) Load Balancing."
+                          enum:
+                          - INTERNAL_HTTPS_LOAD_BALANCER
+                          - PRIVATE_RFC_1918
+                          - PRIVATE
+                          - PRIVATE_SERVICE_CONNECT
+                          - REGIONAL_MANAGED_PROXY
+                          type: string
+                        region:
+                          description: Region is the name of the region where the Subnetwork resides.
+                          type: string
+                        secondaryCidrBlocks:
+                          additionalProperties:
+                            type: string
+                          description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated
+                          type: object
+                      type: object
+                    type: array
+                type: object
+              project:
+                description: Project is the name of the project to deploy the cluster to.
+                type: string
+              region:
+                description: The GCP Region the cluster lives in.
+                type: string
+            required:
+            - project
+            - region
+            type: object
+          status:
+            description: GCPClusterStatus defines the observed state of GCPCluster.
+            properties:
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains is a slice of FailureDomains.
+                type: object
+              network:
+                description: Network encapsulates GCP networking resources.
+                properties:
+                  apiServerBackendService:
+                    description: APIServerBackendService is the full reference to the backend service created for the API Server.
+                    type: string
+                  apiServerForwardingRule:
+                    description: APIServerForwardingRule is the full reference to the forwarding rule created for the API Server.
+                    type: string
+                  apiServerHealthCheck:
+                    description: APIServerHealthCheck is the full reference to the health check created for the API Server.
+                    type: string
+                  apiServerInstanceGroups:
+                    additionalProperties:
+                      type: string
+                    description: APIServerInstanceGroups is a map from zone to the full reference to the instance groups created for the control plane nodes created in the same zone.
+                    type: object
+                  apiServerIpAddress:
+                    description: APIServerAddress is the IPV4 global address assigned to the load balancer created for the API Server.
+                    type: string
+                  apiServerTargetProxy:
+                    description: APIServerTargetProxy is the full reference to the target proxy created for the API Server.
+                    type: string
+                  firewallRules:
+                    additionalProperties:
+                      type: string
+                    description: FirewallRules is a map from the name of the rule to its full reference.
+                    type: object
+                  router:
+                    description: Router is the full reference to the router created within the network it'll contain the cloud nat gateway
+                    type: string
+                  selfLink:
+                    description: SelfLink is the link to the Network used for this cluster.
+                    type: string
+                type: object
+              ready:
+                description: Bastion Instance `json:"bastion,omitempty"`
+                type: boolean
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+{{- end -}}
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpclustertemplate-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpclustertemplate-crd.yaml
new file mode 100644
index 000000000..c7e1694cb
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpclustertemplate-crd.yaml
@@ -0,0 +1,303 @@
+{{- if .Values.crds.create -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gcpclustertemplates.infrastructure.cluster.x-k8s.io
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "cluster-api-provider-gcp.fullname" . }}-serving-cert'
+    controller-gen.kubebuilder.io/version: v0.11.3
+  labels:
+    clusterctl.cluster.x-k8s.io: ""
+    cluster.x-k8s.io/provider: infrastructure-gcp
+    cluster.x-k8s.io/v1beta1: v1beta1
+  {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }}
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: '{{ include "cluster-api-provider-gcp.fullname" . }}-webhook-service'
+          namespace: '{{ .Release.Namespace }}'
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: GCPClusterTemplate
+    listKind: GCPClusterTemplateList
+    plural: gcpclustertemplates
+    shortNames:
+    - gcpct
+    singular: gcpclustertemplate
+  scope: Namespaced
+  versions:
+  - name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: GCPClusterTemplate is the Schema for the gcpclustertemplates API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate.
+            properties:
+              template:
+                description: GCPClusterTemplateResource contains spec for GCPClusterSpec.
+                properties:
+                  spec:
+                    description: GCPClusterSpec defines the desired state of GCPCluster.
+                    properties:
+                      additionalLabels:
+                        additionalProperties:
+                          type: string
+                        description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default.
+                        type: object
+                      controlPlaneEndpoint:
+                        description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
+                        properties:
+                          host:
+                            description: The hostname on which the API server is serving.
+                            type: string
+                          port:
+                            description: The port on which the API server is serving.
+                            format: int32
+                            type: integer
+                        required:
+                        - host
+                        - port
+                        type: object
+                      failureDomains:
+                        description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones.
+                        items:
+                          type: string
+                        type: array
+                      network:
+                        description: NetworkSpec encapsulates all things related to GCP network.
+                        properties:
+                          autoCreateSubnetworks:
+                            description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true."
+                            type: boolean
+                          loadBalancerBackendPort:
+                            description: Allow for configuration of load balancer backend (useful for changing apiserver port)
+                            format: int32
+                            type: integer
+                          name:
+                            description: Name is the name of the network to be used.
+                            type: string
+                          subnets:
+                            description: Subnets configuration.
+                            items:
+                              description: SubnetSpec configures an GCP Subnet.
+                              properties:
+                                cidrBlock:
+                                  description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time.
+                                  type: string
+                                description:
+                                  description: Description is an optional description associated with the resource.
+                                  type: string
+                                name:
+                                  description: Name defines a unique identifier to reference this resource.
+                                  type: string
+                                privateGoogleAccess:
+                                  description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses
+                                  type: boolean
+                                region:
+                                  description: Region is the name of the region where the Subnetwork resides.
+                                  type: string
+                                routeTableId:
+                                  description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.'
+                                  type: boolean
+                                secondaryCidrBlocks:
+                                  additionalProperties:
+                                    type: string
+                                  description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated
+                                  type: object
+                              type: object
+                            type: array
+                        type: object
+                      project:
+                        description: Project is the name of the project to deploy the cluster to.
+                        type: string
+                      region:
+                        description: The GCP Region the cluster lives in.
+                        type: string
+                    required:
+                    - project
+                    - region
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: GCPClusterTemplate is the Schema for the gcpclustertemplates API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate.
+            properties:
+              template:
+                description: GCPClusterTemplateResource contains spec for GCPClusterSpec.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  spec:
+                    description: GCPClusterSpec defines the desired state of GCPCluster.
+                    properties:
+                      additionalLabels:
+                        additionalProperties:
+                          type: string
+                        description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default.
+                        type: object
+                      controlPlaneEndpoint:
+                        description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
+                        properties:
+                          host:
+                            description: The hostname on which the API server is serving.
+                            type: string
+                          port:
+                            description: The port on which the API server is serving.
+                            format: int32
+                            type: integer
+                        required:
+                        - host
+                        - port
+                        type: object
+                      credentialsRef:
+                        description: CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not supplied then the credentials of the controller will be used.
+                        properties:
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                        required:
+                        - name
+                        - namespace
+                        type: object
+                      failureDomains:
+                        description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones.
+                        items:
+                          type: string
+                        type: array
+                      network:
+                        description: NetworkSpec encapsulates all things related to GCP network.
+                        properties:
+                          autoCreateSubnetworks:
+                            description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true."
+                            type: boolean
+                          datapathProvider:
+                            description: The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation (DatapathProviderLegacyDatapath).
+                            type: string
+                          loadBalancerBackendPort:
+                            description: Allow for configuration of load balancer backend (useful for changing apiserver port)
+                            format: int32
+                            type: integer
+                          name:
+                            description: Name is the name of the network to be used.
+                            type: string
+                          subnets:
+                            description: Subnets configuration.
+                            items:
+                              description: SubnetSpec configures an GCP Subnet.
+                              properties:
+                                cidrBlock:
+                                  description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time.
+                                  type: string
+                                description:
+                                  description: Description is an optional description associated with the resource.
+                                  type: string
+                                enableFlowLogs:
+                                  description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.'
+                                  type: boolean
+                                name:
+                                  description: Name defines a unique identifier to reference this resource.
+                                  type: string
+                                privateGoogleAccess:
+                                  description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses
+                                  type: boolean
+                                purpose:
+                                  default: PRIVATE_RFC_1918
+                                  description: "Purpose: The purpose of the resource. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. \n Possible values: \"INTERNAL_HTTPS_LOAD_BALANCER\" - Subnet reserved for Internal HTTP(S) Load Balancing. \"PRIVATE\" - Regular user created or automatically created subnet. \"PRIVATE_RFC_1918\" - Regular user created or automatically created subnet. \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created for Private Service Connect in the producer network. \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional Internal/External HTTP(S) Load Balancing."
+                                  enum:
+                                  - INTERNAL_HTTPS_LOAD_BALANCER
+                                  - PRIVATE_RFC_1918
+                                  - PRIVATE
+                                  - PRIVATE_SERVICE_CONNECT
+                                  - REGIONAL_MANAGED_PROXY
+                                  type: string
+                                region:
+                                  description: Region is the name of the region where the Subnetwork resides.
+                                  type: string
+                                secondaryCidrBlocks:
+                                  additionalProperties:
+                                    type: string
+                                  description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated
+                                  type: object
+                              type: object
+                            type: array
+                        type: object
+                      project:
+                        description: Project is the name of the project to deploy the cluster to.
+                        type: string
+                      region:
+                        description: The GCP Region the cluster lives in.
+                        type: string
+                    required:
+                    - project
+                    - region
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+{{- end -}}
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachine-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachine-crd.yaml
new file mode 100644
index 000000000..b4654dcb6
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachine-crd.yaml
@@ -0,0 +1,561 @@
+{{- if .Values.crds.create -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gcpmachines.infrastructure.cluster.x-k8s.io
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "cluster-api-provider-gcp.fullname" . }}-serving-cert'
+    controller-gen.kubebuilder.io/version: v0.11.3
+  labels:
+    clusterctl.cluster.x-k8s.io: ""
+    cluster.x-k8s.io/provider: infrastructure-gcp
+    cluster.x-k8s.io/v1beta1: v1beta1
+  {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }}
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: '{{ include "cluster-api-provider-gcp.fullname" . }}-webhook-service'
+          namespace: '{{ .Release.Namespace }}'
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: GCPMachine
+    listKind: GCPMachineList
+    plural: gcpmachines
+    singular: gcpmachine
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Cluster to which this GCPMachine belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: GCE instance state
+      jsonPath: .status.instanceState
+      name: State
+      type: string
+    - description: Machine ready status
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: GCE instance ID
+      jsonPath: .spec.providerID
+      name: InstanceID
+      type: string
+    - description: Machine object which owns with this GCPMachine
+      jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+      name: Machine
+      type: string
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: GCPMachine is the Schema for the gcpmachines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPMachineSpec defines the desired state of GCPMachine.
+            properties:
+              additionalDisks:
+                description: AdditionalDisks are optional non-boot attached disks.
+                items:
+                  description: AttachedDiskSpec degined GCP machine disk.
+                  properties:
+                    deviceType:
+                      description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".'
+                      type: string
+                    size:
+                      description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB.
+                      format: int64
+                      type: integer
+                  type: object
+                type: array
+              additionalLabels:
+                additionalProperties:
+                  type: string
+                description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence.
+                type: object
+              additionalMetadata:
+                description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider.
+                items:
+                  description: MetadataItem defines a single piece of metadata associated with an instance.
+                  properties:
+                    key:
+                      description: Key is the identifier for the metadata entry.
+                      type: string
+                    value:
+                      description: Value is the value of the metadata entry.
+                      type: string
+                  required:
+                  - key
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - key
+                x-kubernetes-list-type: map
+              additionalNetworkTags:
+                description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator.
+                items:
+                  type: string
+                type: array
+              image:
+                description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily.
+                type: string
+              imageFamily:
+                description: ImageFamily is the full reference to a valid image family to be used for this machine.
+                type: string
+              instanceType:
+                description: 'InstanceType is the type of instance to create. Example: n1.standard-2'
+                type: string
+              preemptible:
+                description: Preemptible defines if instance is preemptible
+                type: boolean
+              providerID:
+                description: ProviderID is the unique identifier as specified by the cloud provider.
+                type: string
+              publicIP:
+                description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup.
+                type: boolean
+              rootDeviceSize:
+                description: RootDeviceSize is the size of the root volume in GB. Defaults to 30.
+                format: int64
+                type: integer
+              rootDeviceType:
+                description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".'
+                type: string
+              serviceAccounts:
+                description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}'
+                properties:
+                  email:
+                    description: 'Email: Email address of the service account.'
+                    type: string
+                  scopes:
+                    description: 'Scopes: The list of scopes to be made available for this service account.'
+                    items:
+                      type: string
+                    type: array
+                type: object
+              subnet:
+                description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked.
+                type: string
+            required:
+            - instanceType
+            type: object
+          status:
+            description: GCPMachineStatus defines the observed state of GCPMachine.
+            properties:
+              addresses:
+                description: Addresses contains the GCP instance associated addresses.
+                items:
+                  description: NodeAddress contains information for the node's address.
+                  properties:
+                    address:
+                      description: The node address.
+                      type: string
+                    type:
+                      description: Node address type, one of Hostname, ExternalIP or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output."
+                type: string
+              failureReason:
+                description: "FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output."
+                type: string
+              instanceState:
+                description: InstanceStatus is the status of the GCP instance for this machine.
+                type: string
+              ready:
+                description: Ready is true when the provider resource is ready.
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this GCPMachine belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: GCE instance state
+      jsonPath: .status.instanceState
+      name: State
+      type: string
+    - description: Machine ready status
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: GCE instance ID
+      jsonPath: .spec.providerID
+      name: InstanceID
+      type: string
+    - description: Machine object which owns with this GCPMachine
+      jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+      name: Machine
+      type: string
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: GCPMachine is the Schema for the gcpmachines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPMachineSpec defines the desired state of GCPMachine.
+            properties:
+              additionalDisks:
+                description: AdditionalDisks are optional non-boot attached disks.
+                items:
+                  description: AttachedDiskSpec degined GCP machine disk.
+                  properties:
+                    deviceType:
+                      description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".'
+                      type: string
+                    size:
+                      description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB.
+                      format: int64
+                      type: integer
+                  type: object
+                type: array
+              additionalLabels:
+                additionalProperties:
+                  type: string
+                description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence.
+                type: object
+              additionalMetadata:
+                description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider.
+                items:
+                  description: MetadataItem defines a single piece of metadata associated with an instance.
+                  properties:
+                    key:
+                      description: Key is the identifier for the metadata entry.
+                      type: string
+                    value:
+                      description: Value is the value of the metadata entry.
+                      type: string
+                  required:
+                  - key
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - key
+                x-kubernetes-list-type: map
+              additionalNetworkTags:
+                description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator.
+                items:
+                  type: string
+                type: array
+              image:
+                description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily.
+                type: string
+              imageFamily:
+                description: ImageFamily is the full reference to a valid image family to be used for this machine.
+                type: string
+              instanceType:
+                description: 'InstanceType is the type of instance to create. Example: n1.standard-2'
+                type: string
+              preemptible:
+                description: Preemptible defines if instance is preemptible
+                type: boolean
+              providerID:
+                description: ProviderID is the unique identifier as specified by the cloud provider.
+                type: string
+              publicIP:
+                description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup.
+                type: boolean
+              rootDeviceSize:
+                description: RootDeviceSize is the size of the root volume in GB. Defaults to 30.
+                format: int64
+                type: integer
+              rootDeviceType:
+                description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".'
+                type: string
+              serviceAccounts:
+                description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}'
+                properties:
+                  email:
+                    description: 'Email: Email address of the service account.'
+                    type: string
+                  scopes:
+                    description: 'Scopes: The list of scopes to be made available for this service account.'
+                    items:
+                      type: string
+                    type: array
+                type: object
+              subnet:
+                description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked.
+                type: string
+            required:
+            - instanceType
+            type: object
+          status:
+            description: GCPMachineStatus defines the observed state of GCPMachine.
+            properties:
+              addresses:
+                description: Addresses contains the GCP instance associated addresses.
+                items:
+                  description: NodeAddress contains information for the node's address.
+                  properties:
+                    address:
+                      description: The node address.
+                      type: string
+                    type:
+                      description: Node address type, one of Hostname, ExternalIP or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output."
+                type: string
+              failureReason:
+                description: "FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output."
+                type: string
+              instanceState:
+                description: InstanceStatus is the status of the GCP instance for this machine.
+                type: string
+              ready:
+                description: Ready is true when the provider resource is ready.
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this GCPMachine belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: GCE instance state
+      jsonPath: .status.instanceState
+      name: State
+      type: string
+    - description: Machine ready status
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: GCE instance ID
+      jsonPath: .spec.providerID
+      name: InstanceID
+      type: string
+    - description: Machine object which owns with this GCPMachine
+      jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+      name: Machine
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: GCPMachine is the Schema for the gcpmachines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPMachineSpec defines the desired state of GCPMachine.
+            properties:
+              additionalDisks:
+                description: AdditionalDisks are optional non-boot attached disks.
+                items:
+                  description: AttachedDiskSpec degined GCP machine disk.
+                  properties:
+                    deviceType:
+                      description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".'
+                      type: string
+                    size:
+                      description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB.
+                      format: int64
+                      type: integer
+                  type: object
+                type: array
+              additionalLabels:
+                additionalProperties:
+                  type: string
+                description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence.
+                type: object
+              additionalMetadata:
+                description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider.
+                items:
+                  description: MetadataItem defines a single piece of metadata associated with an instance.
+                  properties:
+                    key:
+                      description: Key is the identifier for the metadata entry.
+                      type: string
+                    value:
+                      description: Value is the value of the metadata entry.
+                      type: string
+                  required:
+                  - key
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - key
+                x-kubernetes-list-type: map
+              additionalNetworkTags:
+                description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator.
+                items:
+                  type: string
+                type: array
+              confidentialCompute:
+                description: ConfidentialCompute Defines whether the instance should have confidential compute enabled. If enabled OnHostMaintenance is required to be set to "Terminate". If omitted, the platform chooses a default, which is subject to change over time, currently that default is false.
+                enum:
+                - Enabled
+                - Disabled
+                type: string
+              image:
+                description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily.
+                type: string
+              imageFamily:
+                description: ImageFamily is the full reference to a valid image family to be used for this machine.
+                type: string
+              instanceType:
+                description: 'InstanceType is the type of instance to create. Example: n1.standard-2'
+                type: string
+              ipForwarding:
+                default: Enabled
+                description: IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. Defaults to enabled.
+                enum:
+                - Enabled
+                - Disabled
+                type: string
+              onHostMaintenance:
+                description: OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. If omitted, the platform chooses a default, which is subject to change over time, currently that default is "Migrate".
+                enum:
+                - Migrate
+                - Terminate
+                type: string
+              preemptible:
+                description: Preemptible defines if instance is preemptible
+                type: boolean
+              providerID:
+                description: ProviderID is the unique identifier as specified by the cloud provider.
+                type: string
+              publicIP:
+                description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup.
+                type: boolean
+              rootDeviceSize:
+                description: RootDeviceSize is the size of the root volume in GB. Defaults to 30.
+                format: int64
+                type: integer
+              rootDeviceType:
+                description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".'
+                type: string
+              serviceAccounts:
+                description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}'
+                properties:
+                  email:
+                    description: 'Email: Email address of the service account.'
+                    type: string
+                  scopes:
+                    description: 'Scopes: The list of scopes to be made available for this service account.'
+                    items:
+                      type: string
+                    type: array
+                type: object
+              shieldedInstanceConfig:
+                description: ShieldedInstanceConfig is the Shielded VM configuration for this machine
+                properties:
+                  integrityMonitoring:
+                    description: IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                  secureBoot:
+                    description: SecureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                  virtualizedTrustedPlatformModule:
+                    description: VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                type: object
+              subnet:
+                description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked.
+                type: string
+            required:
+            - instanceType
+            type: object
+          status:
+            description: GCPMachineStatus defines the observed state of GCPMachine.
+            properties:
+              addresses:
+                description: Addresses contains the GCP instance associated addresses.
+                items:
+                  description: NodeAddress contains information for the node's address.
+                  properties:
+                    address:
+                      description: The node address.
+                      type: string
+                    type:
+                      description: Node address type, one of Hostname, ExternalIP or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output."
+                type: string
+              failureReason:
+                description: "FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output."
+                type: string
+              instanceState:
+                description: InstanceStatus is the status of the GCP instance for this machine.
+                type: string
+              ready:
+                description: Ready is true when the provider resource is ready.
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+{{- end -}}
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachinetemplate-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachinetemplate-crd.yaml
new file mode 100644
index 000000000..23ae05f74
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachinetemplate-crd.yaml
@@ -0,0 +1,446 @@
+{{- if .Values.crds.create -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gcpmachinetemplates.infrastructure.cluster.x-k8s.io
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "cluster-api-provider-gcp.fullname" . }}-serving-cert'
+    controller-gen.kubebuilder.io/version: v0.11.3
+  labels:
+    clusterctl.cluster.x-k8s.io: ""
+    cluster.x-k8s.io/provider: infrastructure-gcp
+    cluster.x-k8s.io/v1beta1: v1beta1
+  {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }}
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: '{{ include "cluster-api-provider-gcp.fullname" . }}-webhook-service'
+          namespace: '{{ .Release.Namespace }}'
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: GCPMachineTemplate
+    listKind: GCPMachineTemplateList
+    plural: gcpmachinetemplates
+    singular: gcpmachinetemplate
+  scope: Namespaced
+  versions:
+  - name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: GCPMachineTemplate is the Schema for the gcpmachinetemplates API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate.
+            properties:
+              template:
+                description: GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template.
+                properties:
+                  spec:
+                    description: Spec is the specification of the desired behavior of the machine.
+                    properties:
+                      additionalDisks:
+                        description: AdditionalDisks are optional non-boot attached disks.
+                        items:
+                          description: AttachedDiskSpec degined GCP machine disk.
+                          properties:
+                            deviceType:
+                              description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".'
+                              type: string
+                            size:
+                              description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB.
+                              format: int64
+                              type: integer
+                          type: object
+                        type: array
+                      additionalLabels:
+                        additionalProperties:
+                          type: string
+                        description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence.
+                        type: object
+                      additionalMetadata:
+                        description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider.
+                        items:
+                          description: MetadataItem defines a single piece of metadata associated with an instance.
+                          properties:
+                            key:
+                              description: Key is the identifier for the metadata entry.
+                              type: string
+                            value:
+                              description: Value is the value of the metadata entry.
+                              type: string
+                          required:
+                          - key
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - key
+                        x-kubernetes-list-type: map
+                      additionalNetworkTags:
+                        description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator.
+                        items:
+                          type: string
+                        type: array
+                      image:
+                        description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily.
+                        type: string
+                      imageFamily:
+                        description: ImageFamily is the full reference to a valid image family to be used for this machine.
+                        type: string
+                      instanceType:
+                        description: 'InstanceType is the type of instance to create. Example: n1.standard-2'
+                        type: string
+                      preemptible:
+                        description: Preemptible defines if instance is preemptible
+                        type: boolean
+                      providerID:
+                        description: ProviderID is the unique identifier as specified by the cloud provider.
+                        type: string
+                      publicIP:
+                        description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup.
+                        type: boolean
+                      rootDeviceSize:
+                        description: RootDeviceSize is the size of the root volume in GB. Defaults to 30.
+                        format: int64
+                        type: integer
+                      rootDeviceType:
+                        description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".'
+                        type: string
+                      serviceAccounts:
+                        description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}'
+                        properties:
+                          email:
+                            description: 'Email: Email address of the service account.'
+                            type: string
+                          scopes:
+                            description: 'Scopes: The list of scopes to be made available for this service account.'
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      subnet:
+                        description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked.
+                        type: string
+                    required:
+                    - instanceType
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+  - name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: GCPMachineTemplate is the Schema for the gcpmachinetemplates API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate.
+            properties:
+              template:
+                description: GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template.
+                properties:
+                  spec:
+                    description: Spec is the specification of the desired behavior of the machine.
+                    properties:
+                      additionalDisks:
+                        description: AdditionalDisks are optional non-boot attached disks.
+                        items:
+                          description: AttachedDiskSpec degined GCP machine disk.
+                          properties:
+                            deviceType:
+                              description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".'
+                              type: string
+                            size:
+                              description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB.
+                              format: int64
+                              type: integer
+                          type: object
+                        type: array
+                      additionalLabels:
+                        additionalProperties:
+                          type: string
+                        description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence.
+                        type: object
+                      additionalMetadata:
+                        description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider.
+                        items:
+                          description: MetadataItem defines a single piece of metadata associated with an instance.
+                          properties:
+                            key:
+                              description: Key is the identifier for the metadata entry.
+                              type: string
+                            value:
+                              description: Value is the value of the metadata entry.
+                              type: string
+                          required:
+                          - key
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - key
+                        x-kubernetes-list-type: map
+                      additionalNetworkTags:
+                        description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator.
+                        items:
+                          type: string
+                        type: array
+                      image:
+                        description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily.
+                        type: string
+                      imageFamily:
+                        description: ImageFamily is the full reference to a valid image family to be used for this machine.
+                        type: string
+                      instanceType:
+                        description: 'InstanceType is the type of instance to create. Example: n1.standard-2'
+                        type: string
+                      preemptible:
+                        description: Preemptible defines if instance is preemptible
+                        type: boolean
+                      providerID:
+                        description: ProviderID is the unique identifier as specified by the cloud provider.
+                        type: string
+                      publicIP:
+                        description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup.
+                        type: boolean
+                      rootDeviceSize:
+                        description: RootDeviceSize is the size of the root volume in GB. Defaults to 30.
+                        format: int64
+                        type: integer
+                      rootDeviceType:
+                        description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".'
+                        type: string
+                      serviceAccounts:
+                        description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}'
+                        properties:
+                          email:
+                            description: 'Email: Email address of the service account.'
+                            type: string
+                          scopes:
+                            description: 'Scopes: The list of scopes to be made available for this service account.'
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      subnet:
+                        description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked.
+                        type: string
+                    required:
+                    - instanceType
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: GCPMachineTemplate is the Schema for the gcpmachinetemplates API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate.
+            properties:
+              template:
+                description: GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  spec:
+                    description: Spec is the specification of the desired behavior of the machine.
+                    properties:
+                      additionalDisks:
+                        description: AdditionalDisks are optional non-boot attached disks.
+                        items:
+                          description: AttachedDiskSpec degined GCP machine disk.
+                          properties:
+                            deviceType:
+                              description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".'
+                              type: string
+                            size:
+                              description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB.
+                              format: int64
+                              type: integer
+                          type: object
+                        type: array
+                      additionalLabels:
+                        additionalProperties:
+                          type: string
+                        description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence.
+                        type: object
+                      additionalMetadata:
+                        description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider.
+                        items:
+                          description: MetadataItem defines a single piece of metadata associated with an instance.
+                          properties:
+                            key:
+                              description: Key is the identifier for the metadata entry.
+                              type: string
+                            value:
+                              description: Value is the value of the metadata entry.
+                              type: string
+                          required:
+                          - key
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - key
+                        x-kubernetes-list-type: map
+                      additionalNetworkTags:
+                        description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator.
+                        items:
+                          type: string
+                        type: array
+                      confidentialCompute:
+                        description: ConfidentialCompute Defines whether the instance should have confidential compute enabled. If enabled OnHostMaintenance is required to be set to "Terminate". If omitted, the platform chooses a default, which is subject to change over time, currently that default is false.
+                        enum:
+                        - Enabled
+                        - Disabled
+                        type: string
+                      image:
+                        description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily.
+                        type: string
+                      imageFamily:
+                        description: ImageFamily is the full reference to a valid image family to be used for this machine.
+                        type: string
+                      instanceType:
+                        description: 'InstanceType is the type of instance to create. Example: n1.standard-2'
+                        type: string
+                      ipForwarding:
+                        default: Enabled
+                        description: IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. Defaults to enabled.
+                        enum:
+                        - Enabled
+                        - Disabled
+                        type: string
+                      onHostMaintenance:
+                        description: OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. If omitted, the platform chooses a default, which is subject to change over time, currently that default is "Migrate".
+                        enum:
+                        - Migrate
+                        - Terminate
+                        type: string
+                      preemptible:
+                        description: Preemptible defines if instance is preemptible
+                        type: boolean
+                      providerID:
+                        description: ProviderID is the unique identifier as specified by the cloud provider.
+                        type: string
+                      publicIP:
+                        description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup.
+                        type: boolean
+                      rootDeviceSize:
+                        description: RootDeviceSize is the size of the root volume in GB. Defaults to 30.
+                        format: int64
+                        type: integer
+                      rootDeviceType:
+                        description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".'
+                        type: string
+                      serviceAccounts:
+                        description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}'
+                        properties:
+                          email:
+                            description: 'Email: Email address of the service account.'
+                            type: string
+                          scopes:
+                            description: 'Scopes: The list of scopes to be made available for this service account.'
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      shieldedInstanceConfig:
+                        description: ShieldedInstanceConfig is the Shielded VM configuration for this machine
+                        properties:
+                          integrityMonitoring:
+                            description: IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.
+                            enum:
+                            - Enabled
+                            - Disabled
+                            type: string
+                          secureBoot:
+                            description: SecureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.
+                            enum:
+                            - Enabled
+                            - Disabled
+                            type: string
+                          virtualizedTrustedPlatformModule:
+                            description: VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.
+                            enum:
+                            - Enabled
+                            - Disabled
+                            type: string
+                        type: object
+                      subnet:
+                        description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked.
+                        type: string
+                    required:
+                    - instanceType
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+{{- end -}}
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcluster-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcluster-crd.yaml
new file mode 100644
index 000000000..d807013f3
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcluster-crd.yaml
@@ -0,0 +1,274 @@
+{{- if .Values.crds.create -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gcpmanagedclusters.infrastructure.cluster.x-k8s.io
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  labels:
+    clusterctl.cluster.x-k8s.io: ""
+    cluster.x-k8s.io/provider: infrastructure-gcp
+    cluster.x-k8s.io/v1beta1: v1beta1
+  {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }}
+spec:
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: GCPManagedCluster
+    listKind: GCPManagedClusterList
+    plural: gcpmanagedclusters
+    shortNames:
+    - gcpmc
+    singular: gcpmanagedcluster
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Cluster to which this GCPCluster belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: Cluster infrastructure is ready for GCE instances
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: GCP network the cluster is using
+      jsonPath: .spec.network.name
+      name: Network
+      type: string
+    - description: API Endpoint
+      jsonPath: .status.apiEndpoints[0]
+      name: Endpoint
+      priority: 1
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: GCPManagedCluster is the Schema for the gcpmanagedclusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPManagedClusterSpec defines the desired state of GCPManagedCluster.
+            properties:
+              additionalLabels:
+                additionalProperties:
+                  type: string
+                description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default.
+                type: object
+              addonsConfig:
+                description: AddonsConfig is a configuration for the various addons available to run in the cluster.
+                properties:
+                  gcpFilestoreCsiDriverEnabled:
+                    description: GcpFilestoreCsiDriverEnabled track whether the GCP Filestore CSI driver is enabled for this cluster.
+                    type: boolean
+                  horizontalPodAutoscalingEnabled:
+                    description: HorizontalPodAutoscalingEnabled tracks whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, it ensures that metrics are collected into Stackdriver Monitoring.
+                    type: boolean
+                  httpLoadBalancingEnabled:
+                    description: HttpLoadBalancingEnabled tracks whether the HTTP Load Balancing controller is enabled in the cluster. When enabled, it runs a small pod in the cluster that manages the load balancers.
+                    type: boolean
+                  networkPolicyEnabled:
+                    description: NetworkPolicyEnabled tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes.
+                    type: boolean
+                type: object
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              credentialsRef:
+                description: CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not supplied then the credentials of the controller will be used.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+              network:
+                description: NetworkSpec encapsulates all things related to the GCP network.
+                properties:
+                  autoCreateSubnetworks:
+                    description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true."
+                    type: boolean
+                  datapathProvider:
+                    description: The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation (DatapathProviderLegacyDatapath).
+                    type: string
+                  loadBalancerBackendPort:
+                    description: Allow for configuration of load balancer backend (useful for changing apiserver port)
+                    format: int32
+                    type: integer
+                  name:
+                    description: Name is the name of the network to be used.
+                    type: string
+                  subnets:
+                    description: Subnets configuration.
+                    items:
+                      description: SubnetSpec configures an GCP Subnet.
+                      properties:
+                        cidrBlock:
+                          description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time.
+                          type: string
+                        description:
+                          description: Description is an optional description associated with the resource.
+                          type: string
+                        enableFlowLogs:
+                          description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.'
+                          type: boolean
+                        name:
+                          description: Name defines a unique identifier to reference this resource.
+                          type: string
+                        privateGoogleAccess:
+                          description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses
+                          type: boolean
+                        purpose:
+                          default: PRIVATE_RFC_1918
+                          description: "Purpose: The purpose of the resource. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. \n Possible values: \"INTERNAL_HTTPS_LOAD_BALANCER\" - Subnet reserved for Internal HTTP(S) Load Balancing. \"PRIVATE\" - Regular user created or automatically created subnet. \"PRIVATE_RFC_1918\" - Regular user created or automatically created subnet. \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created for Private Service Connect in the producer network. \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional Internal/External HTTP(S) Load Balancing."
+                          enum:
+                          - INTERNAL_HTTPS_LOAD_BALANCER
+                          - PRIVATE_RFC_1918
+                          - PRIVATE
+                          - PRIVATE_SERVICE_CONNECT
+                          - REGIONAL_MANAGED_PROXY
+                          type: string
+                        region:
+                          description: Region is the name of the region where the Subnetwork resides.
+                          type: string
+                        secondaryCidrBlocks:
+                          additionalProperties:
+                            type: string
+                          description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated
+                          type: object
+                      type: object
+                    type: array
+                type: object
+              project:
+                description: Project is the name of the project to deploy the cluster to.
+                type: string
+              region:
+                description: The GCP Region the cluster lives in.
+                type: string
+            required:
+            - project
+            - region
+            type: object
+          status:
+            description: GCPManagedClusterStatus defines the observed state of GCPManagedCluster.
+            properties:
+              conditions:
+                description: Conditions specifies the conditions for the managed control plane
+                items:
+                  description: Condition defines an observation of a Cluster API resource operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains is a slice of FailureDomains.
+                type: object
+              network:
+                description: Network encapsulates GCP networking resources.
+                properties:
+                  apiServerBackendService:
+                    description: APIServerBackendService is the full reference to the backend service created for the API Server.
+                    type: string
+                  apiServerForwardingRule:
+                    description: APIServerForwardingRule is the full reference to the forwarding rule created for the API Server.
+                    type: string
+                  apiServerHealthCheck:
+                    description: APIServerHealthCheck is the full reference to the health check created for the API Server.
+                    type: string
+                  apiServerInstanceGroups:
+                    additionalProperties:
+                      type: string
+                    description: APIServerInstanceGroups is a map from zone to the full reference to the instance groups created for the control plane nodes created in the same zone.
+                    type: object
+                  apiServerIpAddress:
+                    description: APIServerAddress is the IPV4 global address assigned to the load balancer created for the API Server.
+                    type: string
+                  apiServerTargetProxy:
+                    description: APIServerTargetProxy is the full reference to the target proxy created for the API Server.
+                    type: string
+                  firewallRules:
+                    additionalProperties:
+                      type: string
+                    description: FirewallRules is a map from the name of the rule to its full reference.
+                    type: object
+                  router:
+                    description: Router is the full reference to the router created within the network it'll contain the cloud nat gateway
+                    type: string
+                  selfLink:
+                    description: SelfLink is the link to the Network used for this cluster.
+                    type: string
+                type: object
+              ready:
+                type: boolean
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+{{- end -}}
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcontrolplane-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcontrolplane-crd.yaml
new file mode 100644
index 000000000..6e38d22f4
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcontrolplane-crd.yaml
@@ -0,0 +1,160 @@
+{{- if .Values.crds.create -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gcpmanagedcontrolplanes.infrastructure.cluster.x-k8s.io
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  labels:
+    clusterctl.cluster.x-k8s.io: ""
+    cluster.x-k8s.io/provider: infrastructure-gcp
+    cluster.x-k8s.io/v1beta1: v1beta1
+  {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }}
+spec:
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: GCPManagedControlPlane
+    listKind: GCPManagedControlPlaneList
+    plural: gcpmanagedcontrolplanes
+    shortNames:
+    - gcpmcp
+    singular: gcpmanagedcontrolplane
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Cluster to which this GCPManagedControlPlane belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: Control plane is ready
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: The current Kubernetes version
+      jsonPath: .status.currentVersion
+      name: CurrentVersion
+      type: string
+    - description: API Endpoint
+      jsonPath: .spec.endpoint
+      name: Endpoint
+      priority: 1
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: GCPManagedControlPlane is the Schema for the gcpmanagedcontrolplanes API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPManagedControlPlaneSpec defines the desired state of GCPManagedControlPlane.
+            properties:
+              clusterName:
+                description: ClusterName allows you to specify the name of the GKE cluster. If you don't specify a name then a default name will be created based on the namespace and name of the managed control plane.
+                type: string
+              controlPlaneVersion:
+                description: ControlPlaneVersion represents the control plane version of the GKE cluster. If not specified, the default version currently supported by GKE will be used.
+                type: string
+              enableAutopilot:
+                description: EnableAutopilot indicates whether to enable autopilot for this GKE cluster.
+                type: boolean
+              enableWorkloadIdentity:
+                description: 'EnableWorkloadIdentity allows enabling workload identity during cluster creation when EnableAutopilot is disabled. It allows workloads in your GKE clusters to impersonate Identity and Access Management (IAM) service accounts to access Google Cloud services. Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity'
+                type: boolean
+              endpoint:
+                description: Endpoint represents the endpoint used to communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              location:
+                description: Location represents the location (region or zone) in which the GKE cluster will be created.
+                type: string
+              project:
+                description: Project is the name of the project to deploy the cluster to.
+                type: string
+              releaseChannel:
+                description: ReleaseChannel represents the release channel of the GKE cluster.
+                enum:
+                - rapid
+                - regular
+                - stable
+                type: string
+            required:
+            - location
+            - project
+            type: object
+          status:
+            description: GCPManagedControlPlaneStatus defines the observed state of GCPManagedControlPlane.
+            properties:
+              conditions:
+                description: Conditions specifies the conditions for the managed control plane
+                items:
+                  description: Condition defines an observation of a Cluster API resource operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              currentVersion:
+                description: CurrentVersion shows the current version of the GKE control plane.
+                type: string
+              initialized:
+                description: Initialized is true when the control plane is available for initial contact. This may occur before the control plane is fully ready.
+                type: boolean
+              ready:
+                default: false
+                description: Ready denotes that the GCPManagedControlPlane API Server is ready to receive requests.
+                type: boolean
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+{{- end -}}
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedmachinepool-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedmachinepool-crd.yaml
new file mode 100644
index 000000000..f72afd38e
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedmachinepool-crd.yaml
@@ -0,0 +1,183 @@
+{{- if .Values.crds.create -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gcpmanagedmachinepools.infrastructure.cluster.x-k8s.io
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  labels:
+    clusterctl.cluster.x-k8s.io: ""
+    cluster.x-k8s.io/provider: infrastructure-gcp
+    cluster.x-k8s.io/v1beta1: v1beta1
+  {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }}
+spec:
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: GCPManagedMachinePool
+    listKind: GCPManagedMachinePoolList
+    plural: gcpmanagedmachinepools
+    shortNames:
+    - gcpmmp
+    singular: gcpmanagedmachinepool
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.mode
+      name: Mode
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: GCPManagedMachinePool is the Schema for the gcpmanagedmachinepools API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GCPManagedMachinePoolSpec defines the desired state of GCPManagedMachinePool.
+            properties:
+              additionalLabels:
+                additionalProperties:
+                  type: string
+                description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default.
+                type: object
+              diskSizeGb:
+                description: "Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. \n If unspecified, the default disk size is 100GB."
+                format: int32
+                type: integer
+              diskType:
+                description: "Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced') \n If unspecified, the default disk type is 'pd-standard'"
+                type: string
+              imageType:
+                description: ImageType is the image type to use for this node. Note that for a given image type, the latest version of it will be used. Please see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for available image types.
+                type: string
+              kubernetesLabels:
+                additionalProperties:
+                  type: string
+                description: KubernetesLabels specifies the labels to apply to the nodes of the node pool.
+                type: object
+              kubernetesTaints:
+                description: KubernetesTaints specifies the taints to apply to the nodes of the node pool.
+                items:
+                  description: Taint represents a Kubernetes taint.
+                  properties:
+                    effect:
+                      description: Effect specifies the effect for the taint.
+                      enum:
+                      - NoSchedule
+                      - NoExecute
+                      - PreferNoSchedule
+                      type: string
+                    key:
+                      description: Key is the key of the taint
+                      type: string
+                    value:
+                      description: Value is the value of the taint
+                      type: string
+                  required:
+                  - effect
+                  - key
+                  - value
+                  type: object
+                type: array
+              machineType:
+                description: "The name of a Google Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types) \n If unspecified, the default machine type is `e2-medium`."
+                type: string
+              management:
+                description: Management configuration for this NodePool.
+                properties:
+                  autoRepair:
+                    description: AutoRepair is a flag that specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
+                    type: boolean
+                  autoUpgrade:
+                    description: AutoUpgrade is a flag that specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
+                    type: boolean
+                type: object
+              nodePoolName:
+                description: NodePoolName specifies the name of the GKE node pool corresponding to this MachinePool. If you don't specify a name then a default name will be created based on the namespace and name of the managed machine pool.
+                type: string
+              preemptible:
+                description: 'Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances.'
+                type: boolean
+              providerIDList:
+                description: ProviderIDList are the provider IDs of instances in the managed instance group corresponding to the nodegroup represented by this machine pool
+                items:
+                  type: string
+                type: array
+              scaling:
+                description: Scaling specifies scaling for the node pool
+                properties:
+                  maxCount:
+                    description: MaxCount is a maximum number of nodes for one location in the NodePool. Must be >= maxCount. There has to be enough quota to scale up the cluster.
+                    format: int32
+                    type: integer
+                  minCount:
+                    description: MinCount is a minimum number of nodes for one location in the NodePool. Must be >= 1 and <= maxCount.
+                    format: int32
+                    type: integer
+                type: object
+              spot:
+                description: Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.
+                type: boolean
+            type: object
+          status:
+            description: GCPManagedMachinePoolStatus defines the observed state of GCPManagedMachinePool.
+            properties:
+              conditions:
+                description: Conditions specifies the cpnditions for the managed machine pool
+                items:
+                  description: Condition defines an observation of a Cluster API resource operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              ready:
+                type: boolean
+              replicas:
+                description: Replicas is the most recently observed number of replicas.
+                format: int32
+                type: integer
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+{{- end -}}
\ No newline at end of file
diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/job.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/job.yaml
new file mode 100644
index 000000000..09395b9ff
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/templates/job.yaml
@@ -0,0 +1,64 @@
+{{- if .Values.job.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider
+  labels:
+    {{- include "cluster-api-provider-gcp-plural.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.job.annotations | nindent 4 }}
+spec:
+  template:
+    spec:
+      containers:
+      - name: wait-for-provider
+        image: {{ .Values.job.image.repository }}:{{ .Values.job.image.tag }}
+        imagePullPolicy: {{ .Values.job.image.pullPolicy }}
+        command: ["kubectl"]
+        args: ["wait", "--for=condition=Available", "--timeout=600s", "deployment/{{ include "cluster-api-provider-gcp.fullname" (index .Subcharts "cluster-api-provider-gcp") }}-controller-manager", "-n", "{{ .Release.namespace }}"]
+      restartPolicy: Never
+      serviceAccountName: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider
+  backoffLimit: 4
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider
+  labels:
+    {{- include "cluster-api-provider-gcp-plural.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.job.annotations | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["get", "list", "watch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider
+  labels:
+    {{- include "cluster-api-provider-gcp-plural.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.job.annotations | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider
+  namespace: {{ .Release.namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider
+  labels:
+    {{- include "cluster-api-provider-gcp-plural.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.job.annotations | nindent 4 }}
+{{- end }}
diff --git a/bootstrap/helm/cluster-api-provider-gcp/values.yaml b/bootstrap/helm/cluster-api-provider-gcp/values.yaml
new file mode 100644
index 000000000..94f8da743
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/values.yaml
@@ -0,0 +1,26 @@
+crds:
+  create: true
+
+cluster-api-provider-gcp:
+  crds:
+    create: false
+  configVariables:
+    exprimental:
+      capgGke: true
+  controllerManager:
+    manager:
+      image:
+        repository: ghcr.io/pluralsh/cluster-api-gcp-controller
+        tag: v1.4.3
+  bootstrapMode: false
+
+job:
+  enabled: true
+  annotations:
+    helm.sh/hook: post-install,post-upgrade
+    helm.sh/hook-weight: "-5"
+    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+  image:
+    repository: bitnami/kubectl
+    tag: 1.25.8
+    pullPolicy: IfNotPresent
diff --git a/bootstrap/helm/cluster-api-provider-gcp/values.yaml.tpl b/bootstrap/helm/cluster-api-provider-gcp/values.yaml.tpl
new file mode 100644
index 000000000..4c2860c25
--- /dev/null
+++ b/bootstrap/helm/cluster-api-provider-gcp/values.yaml.tpl
@@ -0,0 +1,4 @@
+cluster-api-provider-gcp:
+  serviceAccount:
+    annotations:
+      iam.gke.io/gcp-service-account: {{ importValue "Terraform" "capi_sa_workload_identity_email" }}
\ No newline at end of file
diff --git a/bootstrap/plural/recipes/aws-cluster-api-simple-test.yaml b/bootstrap/plural/recipes/aws-cluster-api-simple-test.yaml
new file mode 100644
index 000000000..b5d7ce192
--- /dev/null
+++ b/bootstrap/plural/recipes/aws-cluster-api-simple-test.yaml
@@ -0,0 +1,35 @@
+name: aws-cluster-api-simple-test
+description: Creates an eks cluster and installs the bootstrap chart
+provider: AWS
+primary: false
+private: true
+dependencies: []
+sections:
+  - name: bootstrap
+    configuration:
+    - name: vpc_name
+      documentation: Arbitary name for the virtual private cloud to place your cluster in, eg "plural"
+      type: STRING
+      validation:
+        type: REGEX
+        regex: '[a-z][\-a-z0-9]{0,61}[a-z0-9]'
+        message: must begin with a lowercase letter, and can only contain lowercase letters, numbers or hyphens after
+    items:
+    - type: TERRAFORM
+      name: aws-bootstrap-cluster-api
+    - type: HELM
+      name: bootstrap
+    - type: HELM
+      name: plural-certmanager-webhook
+    # - type: HELM
+    #   name: cluster-api-operator
+    - type: HELM
+      name: cluster-api-core
+    - type: HELM
+      name: cluster-api-bootstrap
+    - type: HELM
+      name: cluster-api-control-plane
+    - type: HELM
+      name: cluster-api-provider-aws
+    - type: HELM
+      name: cluster-api-cluster
diff --git a/bootstrap/plural/recipes/azure-cluster-api-simple-test.yaml b/bootstrap/plural/recipes/azure-cluster-api-simple-test.yaml
new file mode 100644
index 000000000..3663ac323
--- /dev/null
+++ b/bootstrap/plural/recipes/azure-cluster-api-simple-test.yaml
@@ -0,0 +1,37 @@
+name: azure-cluster-api-simple-test
+description: Creates an AKS cluster and installs the bootstrap chart
+provider: AZURE
+primary: false
+private: true
+dependencies: []
+sections:
+  - name: bootstrap
+    configuration:
+      - name: network_name
+        documentation: Arbitary name for the network to place your cluster in, eg "plural"
+        type: STRING
+        validation:
+          type: REGEX
+          regex: '[a-z][\-a-z0-9]{0,61}[a-z0-9]'
+          message: must begin with a lowercase letter, and can only contain lowercase letters, numbers or hyphens after
+    items:
+      - type: TERRAFORM
+        name: azure-bootstrap-cluster-api
+      - type: HELM
+        name: bootstrap
+      - type: HELM
+        name: azure-identity
+      - type: HELM
+        name: plural-certmanager-webhook
+      - type: HELM
+        name: cluster-api-core
+      - type: HELM
+        name: cluster-api-bootstrap
+      - type: HELM
+        name: cluster-api-control-plane
+      - type: HELM
+        name: cluster-api-provider-azure
+      - type: HELM
+        name: cluster-api-cluster
+      - type: HELM
+        name: azure-workload-identity
diff --git a/bootstrap/plural/recipes/docker-cluster-api-simple-test.yaml b/bootstrap/plural/recipes/docker-cluster-api-simple-test.yaml
new file mode 100644
index 000000000..3f1d36d9b
--- /dev/null
+++ b/bootstrap/plural/recipes/docker-cluster-api-simple-test.yaml
@@ -0,0 +1,26 @@
+name: docker-cluster-api-simple-test
+description: Creates an Docker cluster and installs the bootstrap chart
+provider: KIND
+primary: false
+private: true
+dependencies: []
+sections:
+  - name: bootstrap
+    configuration: []
+    items:
+      - type: TERRAFORM
+        name: kind-bootstrap-cluster-api
+      - type: HELM
+        name: bootstrap
+      - type: HELM
+        name: plural-certmanager-webhook
+      - type: HELM
+        name: cluster-api-core
+      - type: HELM
+        name: cluster-api-bootstrap
+      - type: HELM
+        name: cluster-api-control-plane
+      - type: HELM
+        name: cluster-api-provider-docker
+      - type: HELM
+        name: cluster-api-cluster
diff --git a/bootstrap/plural/recipes/gcp-cluster-api-simple-test.yaml b/bootstrap/plural/recipes/gcp-cluster-api-simple-test.yaml
new file mode 100644
index 000000000..c5134b4f2
--- /dev/null
+++ b/bootstrap/plural/recipes/gcp-cluster-api-simple-test.yaml
@@ -0,0 +1,33 @@
+name: gcp-cluster-api-simple-test
+description: Creates an eks cluster and installs the bootstrap chart
+provider: GCP
+primary: false
+private: true
+dependencies: []
+sections:
+  - name: bootstrap
+    configuration:
+      - name: vpc_name
+        documentation: Arbitrary name for the network to place your cluster in, eg "plural"
+        type: STRING
+        validation:
+          type: REGEX
+          regex: '[a-z][\-a-z0-9]{0,61}[a-z0-9]'
+          message: must begin with a lowercase letter, and can only contain lowercase letters, numbers or hyphens after
+    items:
+      - type: TERRAFORM
+        name: gcp-bootstrap-cluster-api
+      - type: HELM
+        name: bootstrap
+      - type: HELM
+        name: plural-certmanager-webhook
+      - type: HELM
+        name: cluster-api-core
+      - type: HELM
+        name: cluster-api-bootstrap
+      - type: HELM
+        name: cluster-api-control-plane
+      - type: HELM
+        name: cluster-api-provider-gcp
+      - type: HELM
+        name: cluster-api-cluster
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/aws-lb-controller.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/aws-lb-controller.tf
new file mode 100644
index 000000000..a45301848
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/aws-lb-controller.tf
@@ -0,0 +1,261 @@
+module "assumable_role_alb" {
+  count = var.enable_aws_lb_controller ? 1 : 0
+
+  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
+  version                       = "3.14.0"
+  create_role                   = true
+  role_name                     = "${var.cluster_name}-alb"
+  provider_url                  = replace(local.cluster_oidc_issuer_url, "https://", "")
+  role_policy_arns              = [aws_iam_policy.alb[0].arn]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.alb_serviceaccount}"]
+}
+
+resource "aws_iam_policy" "alb" {
+  count = var.enable_aws_lb_controller ? 1 : 0
+
+  name_prefix = "alb-contrller"
+  description = "aws load balancer controller policy for cluster ${local.cluster_id}"
+  policy      = <<-POLICY
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:CreateServiceLinkedRole"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "StringEquals": {
+                    "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
+                }
+            }
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeAccountAttributes",
+                "ec2:DescribeAddresses",
+                "ec2:DescribeAvailabilityZones",
+                "ec2:DescribeInternetGateways",
+                "ec2:DescribeVpcs",
+                "ec2:DescribeVpcPeeringConnections",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeInstances",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DescribeTags",
+                "ec2:GetCoipPoolUsage",
+                "ec2:DescribeCoipPools",
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+                "elasticloadbalancing:DescribeListeners",
+                "elasticloadbalancing:DescribeListenerCertificates",
+                "elasticloadbalancing:DescribeSSLPolicies",
+                "elasticloadbalancing:DescribeRules",
+                "elasticloadbalancing:DescribeTargetGroups",
+                "elasticloadbalancing:DescribeTargetGroupAttributes",
+                "elasticloadbalancing:DescribeTargetHealth",
+                "elasticloadbalancing:DescribeTags"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cognito-idp:DescribeUserPoolClient",
+                "acm:ListCertificates",
+                "acm:DescribeCertificate",
+                "iam:ListServerCertificates",
+                "iam:GetServerCertificate",
+                "waf-regional:GetWebACL",
+                "waf-regional:GetWebACLForResource",
+                "waf-regional:AssociateWebACL",
+                "waf-regional:DisassociateWebACL",
+                "wafv2:GetWebACL",
+                "wafv2:GetWebACLForResource",
+                "wafv2:AssociateWebACL",
+                "wafv2:DisassociateWebACL",
+                "shield:GetSubscriptionState",
+                "shield:DescribeProtection",
+                "shield:CreateProtection",
+                "shield:DeleteProtection"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:AuthorizeSecurityGroupIngress",
+                "ec2:RevokeSecurityGroupIngress"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:CreateSecurityGroup"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:CreateTags"
+            ],
+            "Resource": "arn:aws:ec2:*:*:security-group/*",
+            "Condition": {
+                "StringEquals": {
+                    "ec2:CreateAction": "CreateSecurityGroup"
+                },
+                "Null": {
+                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:CreateTags",
+                "ec2:DeleteTags"
+            ],
+            "Resource": "arn:aws:ec2:*:*:security-group/*",
+            "Condition": {
+                "Null": {
+                    "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
+                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:AuthorizeSecurityGroupIngress",
+                "ec2:RevokeSecurityGroupIngress",
+                "ec2:DeleteSecurityGroup"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "Null": {
+                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:CreateLoadBalancer",
+                "elasticloadbalancing:CreateTargetGroup"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "Null": {
+                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:CreateListener",
+                "elasticloadbalancing:DeleteListener",
+                "elasticloadbalancing:CreateRule",
+                "elasticloadbalancing:DeleteRule"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:AddTags",
+                "elasticloadbalancing:RemoveTags"
+            ],
+            "Resource": [
+                "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
+                "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+                "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+            ],
+            "Condition": {
+                "Null": {
+                    "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
+                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:AddTags",
+                "elasticloadbalancing:RemoveTags"
+            ],
+            "Resource": [
+                "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
+                "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
+                "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
+                "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:ModifyLoadBalancerAttributes",
+                "elasticloadbalancing:SetIpAddressType",
+                "elasticloadbalancing:SetSecurityGroups",
+                "elasticloadbalancing:SetSubnets",
+                "elasticloadbalancing:DeleteLoadBalancer",
+                "elasticloadbalancing:ModifyTargetGroup",
+                "elasticloadbalancing:ModifyTargetGroupAttributes",
+                "elasticloadbalancing:DeleteTargetGroup"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "Null": {
+                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:AddTags"
+            ],
+            "Resource": [
+                "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
+                "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+                "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+            ],
+            "Condition": {
+                "StringEquals": {
+                    "elasticloadbalancing:CreateAction": [
+                        "CreateTargetGroup",
+                        "CreateLoadBalancer"
+                    ]
+                },
+                "Null": {
+                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:RegisterTargets",
+                "elasticloadbalancing:DeregisterTargets"
+            ],
+            "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:SetWebAcl",
+                "elasticloadbalancing:ModifyListener",
+                "elasticloadbalancing:AddListenerCertificates",
+                "elasticloadbalancing:RemoveListenerCertificates",
+                "elasticloadbalancing:ModifyRule"
+            ],
+            "Resource": "*"
+        }
+    ]
+  }
+  POLICY
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/capa-sa.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/capa-sa.tf
new file mode 100644
index 000000000..96cc73726
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/capa-sa.tf
@@ -0,0 +1,369 @@
+module "asummable_role_capa" {
+  #   count = var.enable_cluster_capa ? 1 : 0
+
+  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
+  version                       = "3.14.0"
+  create_role                   = true
+  role_name                     = "${var.cluster_name}-capa-controller"
+  provider_url                  = replace(local.cluster_oidc_issuer_url, "https://", "")
+  role_policy_arns              = [aws_iam_policy.capa_controller.arn, aws_iam_policy.capa_controller_eks.arn]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.capa_serviceaccount}", "system:serviceaccount:${var.namespace}:${var.capi_serviceaccount}"]
+}
+
+resource "aws_iam_policy" "capa_controller" {
+  #   count = var.enable_cluster_capa ? 1 : 0
+
+  name_prefix = "cluster-capa"
+  description = "EKS cluster api provider aws policy for cluster ${var.cluster_name}"
+  policy      = data.aws_iam_policy_document.capa_controller.json
+}
+
+resource "aws_iam_policy" "capa_controller_eks" {
+  #   count = var.enable_cluster_capa ? 1 : 0
+
+  name_prefix = "cluster-capa"
+  description = "EKS cluster api provider aws policy for cluster ${var.cluster_name}"
+  policy      = data.aws_iam_policy_document.capa_controller_eks.json
+}
+
+data "aws_iam_policy_document" "capa_controller" {
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "ec2:AttachNetworkInterface",
+      "ec2:DetachNetworkInterface",
+      "ec2:AllocateAddress",
+      "ec2:AssignIpv6Addresses",
+      "ec2:AssignPrivateIpAddresses",
+      "ec2:UnassignPrivateIpAddresses",
+      "ec2:AssociateRouteTable",
+      "ec2:AttachInternetGateway",
+      "ec2:AuthorizeSecurityGroupIngress",
+      "ec2:CreateInternetGateway",
+      "ec2:CreateEgressOnlyInternetGateway",
+      "ec2:CreateNatGateway",
+      "ec2:CreateNetworkInterface",
+      "ec2:CreateRoute",
+      "ec2:CreateRouteTable",
+      "ec2:CreateSecurityGroup",
+      "ec2:CreateSubnet",
+      "ec2:CreateTags",
+      "ec2:CreateVpc",
+      "ec2:ModifyVpcAttribute",
+      "ec2:DeleteInternetGateway",
+      "ec2:DeleteEgressOnlyInternetGateway",
+      "ec2:DeleteNatGateway",
+      "ec2:DeleteRouteTable",
+      "ec2:ReplaceRoute",
+      "ec2:DeleteSecurityGroup",
+      "ec2:DeleteSubnet",
+      "ec2:DeleteTags",
+      "ec2:DeleteVpc",
+      "ec2:DescribeAccountAttributes",
+      "ec2:DescribeAddresses",
+      "ec2:DescribeAvailabilityZones",
+      "ec2:DescribeInstances",
+      "ec2:DescribeInstanceTypes",
+      "ec2:DescribeInternetGateways",
+      "ec2:DescribeEgressOnlyInternetGateways",
+      "ec2:DescribeInstanceTypes",
+      "ec2:DescribeImages",
+      "ec2:DescribeNatGateways",
+      "ec2:DescribeNetworkInterfaces",
+      "ec2:DescribeNetworkInterfaceAttribute",
+      "ec2:DescribeRouteTables",
+      "ec2:DescribeSecurityGroups",
+      "ec2:DescribeSubnets",
+      "ec2:DescribeVpcs",
+      "ec2:DescribeVpcAttribute",
+      "ec2:DescribeVolumes",
+      "ec2:DescribeTags",
+      "ec2:DetachInternetGateway",
+      "ec2:DisassociateRouteTable",
+      "ec2:DisassociateAddress",
+      "ec2:ModifyInstanceAttribute",
+      "ec2:ModifyNetworkInterfaceAttribute",
+      "ec2:ModifySubnetAttribute",
+      "ec2:ReleaseAddress",
+      "ec2:RevokeSecurityGroupIngress",
+      "ec2:RunInstances",
+      "ec2:TerminateInstances",
+      "tag:GetResources",
+      "elasticloadbalancing:AddTags",
+      "elasticloadbalancing:CreateLoadBalancer",
+      "elasticloadbalancing:ConfigureHealthCheck",
+      "elasticloadbalancing:DeleteLoadBalancer",
+      "elasticloadbalancing:DeleteTargetGroup",
+      "elasticloadbalancing:DescribeLoadBalancers",
+      "elasticloadbalancing:DescribeLoadBalancerAttributes",
+      "elasticloadbalancing:DescribeTargetGroups",
+      "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
+      "elasticloadbalancing:DescribeTags",
+      "elasticloadbalancing:ModifyLoadBalancerAttributes",
+      "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
+      "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
+      "elasticloadbalancing:RemoveTags",
+      "autoscaling:DescribeAutoScalingGroups",
+      "autoscaling:DescribeInstanceRefreshes",
+      "ec2:CreateLaunchTemplate",
+      "ec2:CreateLaunchTemplateVersion",
+      "ec2:DescribeLaunchTemplates",
+      "ec2:DescribeLaunchTemplateVersions",
+      "ec2:DeleteLaunchTemplate",
+      "ec2:DeleteLaunchTemplateVersions",
+      "ec2:DescribeKeyPairs",
+      "ec2:ModifyInstanceMetadataOptions",
+    ]
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/*"]
+
+    actions = [
+      "autoscaling:CreateAutoScalingGroup",
+      "autoscaling:UpdateAutoScalingGroup",
+      "autoscaling:CreateOrUpdateTags",
+      "autoscaling:StartInstanceRefresh",
+      "autoscaling:DeleteAutoScalingGroup",
+      "autoscaling:DeleteTags",
+    ]
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"]
+    actions   = ["iam:CreateServiceLinkedRole"]
+
+    condition {
+      test     = "StringLike"
+      variable = "iam:AWSServiceName"
+      values   = ["autoscaling.amazonaws.com"]
+    }
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing"]
+    actions   = ["iam:CreateServiceLinkedRole"]
+
+    condition {
+      test     = "StringLike"
+      variable = "iam:AWSServiceName"
+      values   = ["elasticloadbalancing.amazonaws.com"]
+    }
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot"]
+    actions   = ["iam:CreateServiceLinkedRole"]
+
+    condition {
+      test     = "StringLike"
+      variable = "iam:AWSServiceName"
+      values   = ["spot.amazonaws.com"]
+    }
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:iam::*:role/*.cluster-api-provider-aws.sigs.k8s.io"]
+    actions   = ["iam:PassRole"]
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:secretsmanager:*:*:secret:aws.cluster.x-k8s.io/*"]
+
+    actions = [
+      "secretsmanager:CreateSecret",
+      "secretsmanager:DeleteSecret",
+      "secretsmanager:TagResource",
+    ]
+  }
+}
+
+data "aws_iam_policy_document" "capa_controller_eks" {
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:ssm:*:*:parameter/aws/service/eks/optimized-ami/*"]
+    actions   = ["ssm:GetParameter"]
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:iam::*:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS"]
+    actions   = ["iam:CreateServiceLinkedRole"]
+
+    condition {
+      test     = "StringLike"
+      variable = "iam:AWSServiceName"
+      values   = ["eks.amazonaws.com"]
+    }
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:iam::*:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup"]
+    actions   = ["iam:CreateServiceLinkedRole"]
+
+    condition {
+      test     = "StringLike"
+      variable = "iam:AWSServiceName"
+      values   = ["eks-nodegroup.amazonaws.com"]
+    }
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:aws:iam::*:role/aws-service-role/eks-fargate-pods.amazonaws.com/AWSServiceRoleForAmazonEKSForFargate"]
+    actions   = ["iam:CreateServiceLinkedRole"]
+
+    condition {
+      test     = "StringLike"
+      variable = "iam:AWSServiceName"
+      values   = ["eks-fargate.amazonaws.com"]
+    }
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "iam:ListOpenIDConnectProviders",
+      "iam:GetOpenIDConnectProvider",
+      "iam:CreateOpenIDConnectProvider",
+      "iam:AddClientIDToOpenIDConnectProvider",
+      "iam:UpdateOpenIDConnectProviderThumbprint",
+      "iam:DeleteOpenIDConnectProvider",
+      "iam:TagOpenIDConnectProvider",
+    ]
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["arn:*:iam::*:role/*"]
+
+    actions = [
+      "iam:GetRole",
+      "iam:ListAttachedRolePolicies",
+      "iam:DetachRolePolicy",
+      "iam:DeleteRole",
+      "iam:CreateRole",
+      "iam:TagRole",
+      "iam:AttachRolePolicy",
+    ]
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = [
+      "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
+      "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
+      "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
+      "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
+    ]
+    actions   = ["iam:GetPolicy"]
+  }
+
+  statement {
+    sid    = ""
+    effect = "Allow"
+
+    resources = [
+      "arn:*:eks:*:*:cluster/*",
+      "arn:*:eks:*:*:nodegroup/*/*/*",
+    ]
+
+    actions = [
+      "eks:DescribeCluster",
+      "eks:ListClusters",
+      "eks:CreateCluster",
+      "eks:TagResource",
+      "eks:UpdateClusterVersion",
+      "eks:DeleteCluster",
+      "eks:UpdateClusterConfig",
+      "eks:UntagResource",
+      "eks:UpdateNodegroupVersion",
+      "eks:DescribeNodegroup",
+      "eks:DeleteNodegroup",
+      "eks:UpdateNodegroupConfig",
+      "eks:CreateNodegroup",
+      "eks:AssociateEncryptionConfig",
+      "eks:ListIdentityProviderConfigs",
+      "eks:AssociateIdentityProviderConfig",
+      "eks:DescribeIdentityProviderConfig",
+      "eks:DisassociateIdentityProviderConfig",
+    ]
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "ec2:AssociateVpcCidrBlock",
+      "ec2:DisassociateVpcCidrBlock",
+      "eks:ListAddons",
+      "eks:CreateAddon",
+      "eks:DescribeAddonVersions",
+      "eks:DescribeAddon",
+      "eks:DeleteAddon",
+      "eks:UpdateAddon",
+      "eks:TagResource",
+      "eks:DescribeFargateProfile",
+      "eks:CreateFargateProfile",
+      "eks:DeleteFargateProfile",
+    ]
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["*"]
+    actions   = ["iam:PassRole"]
+
+    condition {
+      test     = "StringEquals"
+      variable = "iam:PassedToService"
+      values   = ["eks.amazonaws.com"]
+    }
+  }
+
+  statement {
+    sid       = ""
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "kms:CreateGrant",
+      "kms:DescribeKey",
+    ]
+
+    condition {
+      test     = "ForAnyValue:StringLike"
+      variable = "kms:ResourceAliases"
+      values   = ["alias/cluster-api-provider-aws-*"]
+    }
+  }
+}
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/certmanager.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/certmanager.tf
new file mode 100644
index 000000000..0d5657279
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/certmanager.tf
@@ -0,0 +1,39 @@
+module "assumable_role_certmanager" {
+  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
+  version                       = "3.14.0"
+  create_role                   = true
+  role_name                     = "${var.cluster_name}-certmanager"
+  provider_url                  = replace(local.cluster_oidc_issuer_url, "https://", "")
+  role_policy_arns              = [aws_iam_policy.certmanager.arn]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.certmanager_serviceaccount}"]
+}
+
+resource "aws_iam_policy" "certmanager" {
+  name_prefix = "certmanager"
+  description = "certmanager permissions for ${local.cluster_id}"
+  policy      = <<-POLICY
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "route53:GetChange",
+          "Resource": "arn:aws:route53:::change/*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "route53:ChangeResourceRecordSets",
+            "route53:ListResourceRecordSets"
+          ],
+          "Resource": "arn:aws:route53:::hostedzone/*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": "route53:ListHostedZonesByName",
+          "Resource": "*"
+        }
+      ]
+    }
+  POLICY
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/data.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/data.tf
new file mode 100644
index 000000000..0e2ce8dbf
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/data.tf
@@ -0,0 +1 @@
+data "aws_partition" "current" {}
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/deps.yaml b/bootstrap/terraform/aws-bootstrap-cluster-api/deps.yaml
index 23b38d48e..45d2baba6 100644
--- a/bootstrap/terraform/aws-bootstrap-cluster-api/deps.yaml
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/deps.yaml
@@ -1,11 +1,27 @@
 apiVersion: plural.sh/v1alpha1
 kind: Dependencies
 metadata:
-  description: Creates an EKS cluster and prepares it for bootstrapping 
-  version: 0.1.1
+  description: Creates an EKS cluster and prepares it for bootstrapping
+  version: 0.1.6
 spec:
-  breaking: true
   dependencies: []
   providers:
   - aws
-
+  outputs:
+    capa_iam_role_arn: capa_iam_role_arn
+    endpoint: cluster_endpoint
+    cluster_private_subnets: cluster_private_subnets
+    cluster_worker_private_subnets: cluster_worker_private_subnets
+    cluster_public_subnets: cluster_public_subnets
+    cluster_private_subnet_ids: cluster_private_subnet_ids
+    cluster_worker_private_subnet_ids: cluster_worker_private_subnet_ids
+    cluster_public_subnet_ids: cluster_public_subnet_ids
+    worker_role_arn: worker_role_arn
+    node_groups: node_groups
+    cluster_oidc_issuer_url: cluster_oidc_issuer_url
+    vpc: vpc
+    cluster: cluster
+    cluster_service_ipv4_cidr: cluster_service_ipv4_cidr
+    vpc_cidr: vpc_cidr
+  provider_wirings:
+    cluster: module.aws-bootstrap-cluster-api.cluster_name
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/ebs-csi-driver.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/ebs-csi-driver.tf
new file mode 100644
index 000000000..f622f8259
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/ebs-csi-driver.tf
@@ -0,0 +1,178 @@
+module "assumable_role_ebs_csi" {
+  count = var.enable_ebs_csi_driver ? 1 : 0
+
+  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
+  version                       = "3.14.0"
+  create_role                   = true
+  role_name                     = "${var.cluster_name}-ebs-csi"
+  provider_url                  = replace(local.cluster_oidc_issuer_url, "https://", "")
+  role_policy_arns              = [aws_iam_policy.ebs_csi[0].arn]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.ebs_csi_serviceaccount}"]
+}
+
+resource "aws_iam_policy" "ebs_csi" {
+  count = var.enable_ebs_csi_driver ? 1 : 0
+
+  name_prefix = "ebs-csi"
+  description = "EKS EBS CSI policy for cluster ${local.cluster_id}"
+  policy      = data.aws_iam_policy_document.ebs_csi.json
+}
+
+data "aws_iam_policy_document" "ebs_csi" {
+  statement {
+    sid       = "ebsCSIAll"
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "ec2:CreateSnapshot",
+      "ec2:AttachVolume",
+      "ec2:DetachVolume",
+      "ec2:ModifyVolume",
+      "ec2:DescribeAvailabilityZones",
+      "ec2:DescribeInstances",
+      "ec2:DescribeSnapshots",
+      "ec2:DescribeTags",
+      "ec2:DescribeVolumes",
+      "ec2:DescribeVolumesModifications",
+    ]
+  }
+
+  statement {
+    sid    = "ebsCSICreateTags"
+    effect = "Allow"
+
+    resources = [
+      "arn:aws:ec2:*:*:volume/*",
+      "arn:aws:ec2:*:*:snapshot/*",
+    ]
+
+    actions = ["ec2:CreateTags"]
+
+    condition {
+      test     = "StringEquals"
+      variable = "ec2:CreateAction"
+
+      values = [
+        "CreateVolume",
+        "CreateSnapshot",
+      ]
+    }
+  }
+
+  statement {
+    sid    = "ebsCSIDeleteTags"
+    effect = "Allow"
+
+    resources = [
+      "arn:aws:ec2:*:*:volume/*",
+      "arn:aws:ec2:*:*:snapshot/*",
+    ]
+
+    actions = ["ec2:DeleteTags"]
+  }
+
+  statement {
+    sid       = "ebsCSICreateVolume1"
+    effect    = "Allow"
+    resources = ["*"]
+    actions   = ["ec2:CreateVolume"]
+
+    condition {
+      test     = "StringLike"
+      variable = "aws:RequestTag/ebs.csi.aws.com/cluster"
+      values   = ["true"]
+    }
+  }
+
+  statement {
+    sid       = "ebsCSICreateVolume2"
+    effect    = "Allow"
+    resources = ["*"]
+    actions   = ["ec2:CreateVolume"]
+
+    condition {
+      test     = "StringLike"
+      variable = "aws:RequestTag/CSIVolumeName"
+      values   = ["*"]
+    }
+  }
+
+  statement {
+    sid       = "ebsCSICreateVolume3"
+    effect    = "Allow"
+    resources = ["*"]
+    actions   = ["ec2:CreateVolume"]
+
+    condition {
+      test     = "StringLike"
+      variable = "aws:RequestTag/kubernetes.io/cluster/*"
+      values   = ["owned"]
+    }
+  }
+
+  statement {
+    sid       = "ebsCSIDeleteVolume1"
+    effect    = "Allow"
+    resources = ["*"]
+    actions   = ["ec2:DeleteVolume"]
+
+    condition {
+      test     = "StringLike"
+      variable = "ec2:ResourceTag/ebs.csi.aws.com/cluster"
+      values   = ["true"]
+    }
+  }
+
+  statement {
+    sid       = "ebsCSIDeleteVolume2"
+    effect    = "Allow"
+    resources = ["*"]
+    actions   = ["ec2:DeleteVolume"]
+
+    condition {
+      test     = "StringLike"
+      variable = "ec2:ResourceTag/CSIVolumeName"
+      values   = ["*"]
+    }
+  }
+
+  statement {
+    sid       = "ebsCSIDeleteVolume3"
+    effect    = "Allow"
+    resources = ["*"]
+    actions   = ["ec2:DeleteVolume"]
+
+    condition {
+      test     = "StringLike"
+      variable = "ec2:ResourceTag/kubernetes.io/cluster/*"
+      values   = ["owned"]
+    }
+  }
+
+  statement {
+    sid       = "ebsCSIDeleteSnapshot1"
+    effect    = "Allow"
+    resources = ["*"]
+    actions   = ["ec2:DeleteSnapshot"]
+
+    condition {
+      test     = "StringLike"
+      variable = "ec2:ResourceTag/CSIVolumeSnapshotName"
+      values   = ["*"]
+    }
+  }
+
+  statement {
+    sid       = "ebsCSIDeleteSnapshot2"
+    effect    = "Allow"
+    resources = ["*"]
+    actions   = ["ec2:DeleteSnapshot"]
+
+    condition {
+      test     = "StringLike"
+      variable = "ec2:ResourceTag/ebs.csi.aws.com/cluster"
+      values   = ["true"]
+    }
+  }
+}
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/existing.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/existing.tf
new file mode 100644
index 000000000..eef978d70
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/existing.tf
@@ -0,0 +1,24 @@
+data "aws_eks_cluster" "cluster" {
+    count = var.create_cluster ? 0 : 1
+    name = var.cluster_name
+}
+
+data "aws_vpc" "vpc" {
+    count = var.create_cluster ? 0 : 1
+    id = local.vpc_id
+}
+
+data "aws_subnet" "worker_private_subnets" {
+    count = length(local.worker_private_subnet_ids)
+    id       = local.worker_private_subnet_ids[count.index]
+}
+
+data "aws_subnet" "private_subnets" {
+    count = length(local.private_subnet_ids)
+    id       = local.private_subnet_ids[count.index]
+}
+  
+data "aws_subnet" "public_subnets" {
+    count = length(local.public_subnet_ids)
+    id       = local.public_subnet_ids[count.index]
+}
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-autoscaler.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-autoscaler.tf
new file mode 100644
index 000000000..cd6fdf192
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-autoscaler.tf
@@ -0,0 +1,63 @@
+module "asummable_role_autoscaler" {
+  count = var.enable_cluster_autoscaler ? 1 : 0
+
+  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
+  version                       = "3.14.0"
+  create_role                   = true
+  role_name                     = "${var.cluster_name}-cluster-autoscaler"
+  provider_url                  = replace(local.cluster_oidc_issuer_url, "https://", "")
+  role_policy_arns              = [aws_iam_policy.cluster_autoscaler[0].arn]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.autoscaler_serviceaccount}"]
+}
+
+resource "aws_iam_policy" "cluster_autoscaler" {
+  count = var.enable_cluster_autoscaler ? 1 : 0
+
+  name_prefix = "cluster-autoscaler"
+  description = "EKS cluster-autoscaler policy for cluster ${local.cluster_id}"
+  policy      = data.aws_iam_policy_document.cluster_autoscaler.json
+}
+
+data "aws_iam_policy_document" "cluster_autoscaler" {
+  statement {
+    sid    = "clusterAutoscalerAll"
+    effect = "Allow"
+
+    actions = [
+      "autoscaling:DescribeAutoScalingGroups",
+      "autoscaling:DescribeAutoScalingInstances",
+      "autoscaling:DescribeLaunchConfigurations",
+      "autoscaling:DescribeTags",
+      "ec2:DescribeLaunchTemplateVersions",
+      "ec2:DescribeInstanceTypes",
+      "eks:DescribeNodegroup",
+    ]
+
+    resources = ["*"]
+  }
+
+  statement {
+    sid    = "clusterAutoscalerOwn"
+    effect = "Allow"
+
+    actions = [
+      "autoscaling:SetDesiredCapacity",
+      "autoscaling:TerminateInstanceInAutoScalingGroup",
+      "autoscaling:UpdateAutoScalingGroup",
+    ]
+
+    resources = ["*"]
+
+    condition {
+      test     = "StringEquals"
+      variable = "autoscaling:ResourceTag/kubernetes.io/cluster/${local.cluster_id}"
+      values   = ["owned"]
+    }
+
+    condition {
+      test     = "StringEquals"
+      variable = "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabled"
+      values   = ["true"]
+    }
+  }
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-externaldns.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-externaldns.tf
new file mode 100644
index 000000000..527d9b9bd
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-externaldns.tf
@@ -0,0 +1,40 @@
+module "assumable_role_externaldns" {
+  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
+  version                       = "3.14.0"
+  create_role                   = true
+  role_name                     = "${var.cluster_name}-externaldns"
+  provider_url                  = replace(local.cluster_oidc_issuer_url, "https://", "")
+  role_policy_arns              = [aws_iam_policy.externaldns.arn]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.externaldns_serviceaccount}"]
+}
+
+resource "aws_iam_policy" "externaldns" {
+  name_prefix = "externaldns"
+  description = "externaldns policy for cluster ${local.cluster_id}"
+  policy      = data.aws_iam_policy_document.externaldns.json
+}
+
+data "aws_iam_policy_document" "externaldns" {
+  statement {
+    sid    = "externaldnsedit"
+    effect = "Allow"
+
+    actions = [
+      "route53:ChangeResourceRecordSets"
+    ]
+
+    resources = ["arn:aws:route53:::hostedzone/*"]
+  }
+
+  statement {
+    sid    = "externaldnslist"
+    effect = "Allow"
+
+    actions = [
+      "route53:ListHostedZones",
+      "route53:ListResourceRecordSets"
+    ]
+
+    resources = ["*"]
+  }
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/irsa.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa.tf
new file mode 100644
index 000000000..33e5d4c9c
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa.tf
@@ -0,0 +1,6 @@
+resource "aws_iam_openid_connect_provider" "oidc_provider" {
+  count           = var.enable_irsa ? 0 : 1
+  client_id_list  = [local.sts_principal]
+  thumbprint_list = [var.eks_oidc_root_ca_thumbprint]
+  url             = local.cluster_oidc_issuer_url
+}
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/locals.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/locals.tf
new file mode 100644
index 000000000..7634fb7f9
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/locals.tf
@@ -0,0 +1,12 @@
+locals {
+    sts_principal             = "sts.${data.aws_partition.current.dns_suffix}"
+    create_vpc                = var.create_cluster && var.create_vpc ? true : false
+    private_subnet_ids        = var.create_cluster ? module.vpc[0].private_subnets_ids : var.private_subnet_ids
+    public_subnet_ids         = var.create_cluster ? module.vpc[0].public_subnets_ids : var.public_subnet_ids
+    worker_private_subnet_ids = var.create_cluster ? module.vpc[0].worker_private_subnets_ids : var.worker_private_subnet_ids
+    vpc_id                    = var.create_cluster ? module.vpc[0].vpc_id : data.aws_eks_cluster.cluster[0].vpc_config[0].vpc_id
+    cluster_id                = var.create_cluster ? module.cluster[0].cluster_id : data.aws_eks_cluster.cluster[0].id
+    cluster_config            = try(var.create_cluster ? module.cluster[0].config_map_aws_auth : tomap(false), {})
+    cluster_oidc_issuer_url   = var.create_cluster ? module.cluster[0].cluster_oidc_issuer_url : data.aws_eks_cluster.cluster[0].identity[0].oidc.0.issuer
+    cluster_endpoint          = var.create_cluster ? module.cluster[0].cluster_endpoint : data.aws_eks_cluster.cluster[0].endpoint
+}
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/main.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/main.tf
index 8a588bcdd..ec6329fd8 100644
--- a/bootstrap/terraform/aws-bootstrap-cluster-api/main.tf
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/main.tf
@@ -1,7 +1,158 @@
-provider "aws" {
- region = var.aws_region
+data "aws_availability_zones" "available" {}
+
+data "aws_caller_identity" "current" {}
+
+module "vpc" {
+  count =  var.create_cluster ? 1:0
+
+  source                 = "github.com/pluralsh/terraform-aws-vpc?ref=worker_subnet"
+  name                   = var.vpc_name
+  cidr                   = var.vpc_cidr
+  azs                    = data.aws_availability_zones.available.names
+  public_subnets         = var.public_subnets
+  private_subnets        = var.private_subnets
+  worker_private_subnets = var.worker_private_subnets
+  enable_dns_hostnames   = true
+  enable_ipv6            = true
+  create_vpc             = local.create_vpc
+
+  database_subnets = var.database_subnets
+
+  enable_nat_gateway = true
+  single_nat_gateway = false
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/elb" = "1"
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb" = "1"
+  }
+
+  worker_private_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb" = "1"
+  }
 }
 
-data "aws_eks_cluster" "cluster" {
- name = var.cluster_name
-}
\ No newline at end of file
+module "cluster" {
+  count =  var.create_cluster ? 1:0
+
+  source                        = "github.com/pluralsh/terraform-aws-eks?ref=output-service-cidr"
+  cluster_name                  = var.cluster_name
+  cluster_version               = var.kubernetes_version
+  private_subnets               = local.private_subnet_ids
+  public_subnets                = local.public_subnet_ids
+  worker_private_subnets        = local.worker_private_subnet_ids
+  vpc_id                        = local.vpc_id
+  enable_irsa                   = true
+  write_kubeconfig              = false
+  create_eks                    = var.create_cluster
+  cluster_enabled_log_types     = var.cluster_enabled_log_types
+  cluster_log_retention_in_days = var.cluster_log_retention_in_days
+  cluster_log_kms_key_id        = var.cluster_log_kms_key_id
+
+  node_groups_defaults = {}
+
+  node_groups = {}
+
+  map_users = var.map_users
+  map_roles = concat(var.map_roles, var.manual_roles)
+}
+
+module "single_az_node_groups" {
+  count =  var.create_cluster ? 1:0
+
+  source                 = "github.com/pluralsh/module-library//terraform/eks-node-groups/single-az-node-groups?ref=20e64863ffc5e361045db8e6b81b9d244a55809e"
+  cluster_name           = var.cluster_name
+  default_iam_role_arn   = module.cluster[0].worker_iam_role_arn
+  tags                   = {}
+  node_groups_defaults   = var.node_groups_defaults
+
+  node_groups            = try(var.create_cluster ? var.single_az_node_groups : tomap(false), {})
+  set_desired_size       = false
+  private_subnets        = var.create_cluster ? module.vpc[0].worker_private_subnets : []
+
+  ng_depends_on = [
+    local.cluster_config
+  ]
+}
+
+module "multi_az_node_groups" {
+  count =  var.create_cluster ? 1:0
+
+  source                 = "github.com/pluralsh/module-library//terraform/eks-node-groups/multi-az-node-groups?ref=20e64863ffc5e361045db8e6b81b9d244a55809e"
+  cluster_name           = var.cluster_name
+  default_iam_role_arn   = one(module.cluster[*].worker_iam_role_arn)
+  tags                   = {}
+  node_groups_defaults   = var.node_groups_defaults
+
+  node_groups            =  try(var.create_cluster ? var.multi_az_node_groups : tomap(false), {})
+  set_desired_size       = false
+  private_subnet_ids     = local.worker_private_subnet_ids
+
+  ng_depends_on = [
+    local.cluster_config
+  ]
+}
+
+resource "aws_eks_addon" "vpc_cni" {
+  count = var.create_cluster ? 1 : 0
+  cluster_name = local.cluster_id
+  addon_name   = "vpc-cni"
+  addon_version     = var.vpc_cni_addon_version
+  resolve_conflicts = "OVERWRITE"
+  tags = {
+      "eks_addon" = "vpc-cni"
+  }
+  depends_on = [
+    module.single_az_node_groups.node_groups,
+    module.multi_az_node_groups.node_groups,
+  ]
+}
+
+resource "aws_eks_addon" "core_dns" {
+  count = var.create_cluster ? 1 : 0
+  cluster_name      = local.cluster_id
+  addon_name        = "coredns"
+  addon_version     = var.core_dns_addon_version
+  resolve_conflicts = "OVERWRITE"
+  tags = {
+      "eks_addon" = "coredns"
+  }
+  depends_on = [
+    module.single_az_node_groups.node_groups,
+    module.multi_az_node_groups.node_groups,
+  ]
+}
+
+resource "aws_eks_addon" "kube_proxy" {
+  count = var.create_cluster ? 1 : 0
+  cluster_name      = local.cluster_id
+  addon_name        = "kube-proxy"
+  addon_version     = var.kube_proxy_addon_version
+  resolve_conflicts = "OVERWRITE"
+  tags = {
+      "eks_addon" = "kube-proxy"
+  }
+  depends_on = [
+    module.single_az_node_groups.node_groups,
+    module.multi_az_node_groups.node_groups,
+  ]
+}
+
+resource "kubernetes_namespace" "bootstrap" {
+  count =  var.create_cluster ? 1:0
+
+  metadata {
+    name = "bootstrap"
+    labels = {
+      "app.kubernetes.io/managed-by" = "plural"
+      "app.plural.sh/name" = "bootstrap"
+    }
+  }
+
+  depends_on = [ local.cluster_id ]
+}
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/output.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/output.tf
new file mode 100644
index 000000000..9d0b6d8ac
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/output.tf
@@ -0,0 +1,66 @@
+
+output "cluster_name" {
+  value = local.cluster_id
+}
+
+output "cluster_endpoint" {
+  value = local.cluster_endpoint
+}
+
+output "cluster_oidc_issuer_url" {
+  value = local.cluster_oidc_issuer_url
+}
+
+output "cluster_private_subnets" {
+  value = data.aws_subnet.private_subnets
+}
+
+output "cluster_worker_private_subnets" {
+  value = data.aws_subnet.worker_private_subnets
+}
+
+output "cluster_public_subnets" {
+  value = data.aws_subnet.public_subnets
+}
+
+output "cluster_private_subnet_ids" {
+  value = local.private_subnet_ids
+}
+
+output "cluster_worker_private_subnet_ids" {
+  value = local.worker_private_subnet_ids
+}
+
+output "cluster_public_subnet_ids" {
+  value = local.public_subnet_ids
+}
+
+output "worker_role_arn" {
+  value = var.create_cluster ? module.cluster[0].worker_iam_role_arn : ""
+}
+
+output "node_groups" {
+  value = try(var.create_cluster ?[for d in merge(module.single_az_node_groups[0].node_groups, module.multi_az_node_groups[0].node_groups): d]: tomap(false), {})
+}
+
+output "vpc" {
+  value = try(var.create_cluster ? module.vpc[0] : tomap(false), data.aws_vpc.vpc[0])
+}
+
+output "vpc_cidr" {
+  value = var.create_cluster ? module.vpc[0].vpc_cidr_block : data.aws_vpc.vpc[0].cidr_block
+}
+
+
+output "cluster" {
+  value =  try(var.create_cluster ? module.cluster[0] : tomap(false), data.aws_eks_cluster.cluster[0])
+}
+
+output "cluster_service_ipv4_cidr" {
+  value = var.create_cluster ? module.cluster[0].cluster_service_ipv4_cidr : data.aws_eks_cluster.cluster[0].kubernetes_network_config[0].service_ipv4_cidr
+}
+
+output "capa_iam_role_arn" {
+  description = "ARN of IAM role that allows access to the Harbor S3 buckets."
+  value       = module.asummable_role_capa.this_iam_role_arn
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/s3-vpc-endpoint.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/s3-vpc-endpoint.tf
new file mode 100644
index 000000000..2a25a331c
--- /dev/null
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/s3-vpc-endpoint.tf
@@ -0,0 +1,12 @@
+data "aws_route_table" "worker_private_subnets_route_table" {
+  count     = var.enable_vpc_s3_endpoint && length(local.worker_private_subnet_ids) > 0 ? length(local.worker_private_subnet_ids) : 0
+  subnet_id = local.worker_private_subnet_ids[count.index]
+}
+
+resource "aws_vpc_endpoint" "s3" {
+  count           = var.enable_vpc_s3_endpoint && length(local.worker_private_subnet_ids) > 0 ? 1 : 0
+  vpc_id          = local.vpc_id
+  service_name    = "com.amazonaws.${var.aws_region}.s3"
+  auto_accept     = true
+  route_table_ids = data.aws_route_table.worker_private_subnets_route_table[*].id
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/terraform.tfvars b/bootstrap/terraform/aws-bootstrap-cluster-api/terraform.tfvars
index 95fdccd3c..037036bdf 100644
--- a/bootstrap/terraform/aws-bootstrap-cluster-api/terraform.tfvars
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/terraform.tfvars
@@ -1,2 +1,43 @@
+vpc_name = {{ .Values.vpc_name | quote }}
+cluster_name = {{ .Cluster | quote }}
+{{- if eq .ClusterAPI true }}
+create_cluster = false
+{{- end }}
+
+map_roles = [
+  {
+    rolearn = "arn:aws:iam::{{ .Project }}:role/{{ .Cluster }}-console"
+    username = "console"
+    groups = ["system:masters"]
+  }
+]
+
+
+{{- if .Values.database_subnets }}
+database_subnets = yamldecode(<<EOT
+{{ .Values.database_subnets | toYaml }}
+EOT
+)
+{{- end }}
+
 aws_region = {{ .Region | quote }}
-cluster_name = {{ .Cluster | quote }}
\ No newline at end of file
+
+{{- if .Values.worker_private_subnet_ids }}
+worker_private_subnet_ids = {{ .Values.worker_private_subnet_ids | toJson }}
+{{- end }}
+
+{{- if .Values.disable_ebs_csi_driver }}
+enable_ebs_csi_driver = false
+{{- end }}
+{{- if .Values.disable_cluster_autoscaler }}
+enable_cluster_autoscaler = false
+{{- end }}
+{{- if .Values.disable_aws_lb_controller }}
+enable_aws_lb_controller = false
+{{- end }}
+
+{{- if .BYOK }}
+{{- if .BYOK.enabled }}
+create_cluster = false
+{{- end }}
+{{- end }}
diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/variables.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/variables.tf
index 76efb1ca2..c9529e214 100644
--- a/bootstrap/terraform/aws-bootstrap-cluster-api/variables.tf
+++ b/bootstrap/terraform/aws-bootstrap-cluster-api/variables.tf
@@ -1,10 +1,380 @@
+variable "vpc_name" {
+  type = string
+  default = "forge"
+
+  description = <<EOF
+Name for the vpc for the cluster
+EOF
+}
+
+variable "cluster_enabled_log_types" {
+  default     = []
+  description = "A list of the desired control plane logging to enable. Supported options are: api, audit, authenticator, controllerManager, scheduler. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)"
+  type        = list(string)
+}
+
+variable "cluster_log_kms_key_id" {
+  default     = ""
+  description = "If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)"
+  type        = string
+}
+
+variable "cluster_log_retention_in_days" {
+  default     = 90
+  description = "Number of days to retain log events. Default retention - 90 days."
+  type        = number
+}
+
+variable "kubernetes_version" {
+  type = string
+  description = "Kubernetes version to use for the cluster"
+  default = "1.24"
+}
+
+variable "vpc_cni_addon_version" {
+  type = string
+  default = "v1.13.4-eksbuild.1"
+  description = "The version of the VPC-CNI addon to use"
+}
+
+variable "core_dns_addon_version" {
+  type = string
+  default = "v1.9.3-eksbuild.6"
+  description = "The version of the CoreDNS addon to use"
+}
+
+variable "kube_proxy_addon_version" {
+  type = string
+  default = "v1.24.15-eksbuild.2"
+  description = "The version of the kube-proxy addon to use"
+}
+
+variable "enable_ebs_csi_driver" {
+  type = bool
+  default = true
+  description = "Whether to enable the EBS CSI driver"
+}
+
+variable "enable_cluster_autoscaler" {
+  type = bool
+  default = true
+  description = "Whether to enable the cluster autoscaler"
+}
+
+variable "enable_aws_lb_controller" {
+  type = bool
+  default = true
+  description = "Whether to enable the AWS LB controller"
+}
+
+variable "create_cluster" {
+  type = bool
+  default = true
+  description = "Whether to create a fresh cluster, or simply reference an existing one"
+}
+
+variable "create_vpc" {
+  type = bool
+  default = true
+  description = "Whether to create a fresh vpc, or simply reference an existing one"
+}
+
+variable "eks_oidc_root_ca_thumbprint" {
+  type        = string
+  description = "Thumbprint of Root CA for EKS OIDC, Valid until 2037"
+  default     = "9e99a48a9960b14926bb7f3b02e22da2b0ab7280"
+}
+
+variable "enable_irsa" {
+  type = bool
+  default = true
+  description = "whether to enable the irsa oidc provider for your cluster (only relevant for byok)"
+}
+
+variable "enable_vpc_s3_endpoint" {
+  type = bool
+  default = true
+  description = "whether to enable creation of a vpc endpoint to s3 to mitigate bandwidth cost (disable if one exists already)"
+}
+
+variable "private_subnet_ids" {
+  type = list(string)
+  default = []
+  description = "private subnet ids for your existing cluster (will be ignored if not deployed in BYOK mode)"
+}
+
+variable "worker_private_subnet_ids" {
+  type = list(string)
+  default = []
+  description = "private subnet ids for the worker nodes of your cluster (will be ignored if not deployed in BYOK mode)"
+}
+
+variable "public_subnet_ids" {
+  type = list(string)
+  default = []
+  description = "public subnet ids for your existing clsuter (will be ignored if not deployed in BYOK mode)"
+}
+
+variable "cluster_name" {
+  type = string
+  default = "plural"
+
+  description = "name for the cluster"
+}
+
+variable "vpc_cidr" {
+  type = string
+  default = "10.0.0.0/16"
+
+  description = "The CIDR for the VPC created for the EKS cluster and it's worker nodes"
+}
+
+variable "public_subnets" {
+  type = list(string)
+  default = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+  description = "Public subnets for the EKS cluster"
+}
+
+variable "private_subnets" {
+  type = list(string)
+  default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+
+  description = "Private subnets for the EKS cluster"
+}
+
+variable "worker_private_subnets" {
+  type = list(string)
+  default = ["10.0.16.0/20", "10.0.32.0/20", "10.0.48.0/20"]
+
+  description = "Private subnets for the workers of the EKS cluster"
+}
+
+variable "database_subnets" {
+  type = list(string)
+  default = []
+
+  description = "A list of database subnets"
+}
+
+variable "instance_types" {
+  type = list(string)
+  default = ["t3.large"]
+
+  description = "instance type to use in node groups"
+}
+
+variable "min_capacity" {
+  type = number
+  default = 3
+
+  description = "the minumum number of nodes for the initial nodegroup"
+}
+
+variable "desired_capacity" {
+  type = number
+  default = 3
+
+  description = "the desired number of nodes for the initial nodegroup"
+}
+
+variable "max_capacity" {
+  type = number
+  default = 25
+
+  description = "the maximum number of nodes in a nodegroup"
+}
+
+variable "autoscaler_serviceaccount" {
+  type = string
+  default = "cluster-autoscaler"
+  description = "name of cluster autoscalers service account"
+}
+
+variable "ebs_csi_serviceaccount" {
+  type = string
+  default = "ebs-csi-controller"
+  description = "name of cluster autoscalers service account"
+}
+
+variable "externaldns_serviceaccount" {
+  type = string
+  default = "external-dns"
+  description = "name of externaldns' service account"
+}
+
+variable "certmanager_serviceaccount" {
+  type = string
+  default = "certmanager"
+  description = "name of the certmanager service account"
+}
+
+variable "alb_serviceaccount" {
+  type = string
+  default = "alb-operator"
+  description = "name of the nlb operator's service account"
+}
+
+variable "node_groups_defaults" {
+  description = "map of maps of node groups to create. See \"`node_groups` and `node_groups_defaults` keys\" section in README.md for more details"
+  type        = any
+  default = {
+    desired_capacity = 0
+    min_capacity = 0
+    max_capacity = 27
+
+    instance_types = ["t3.large", "t3a.large"]
+    disk_size = 50
+    ami_release_version = "1.24.15-20230816"
+    force_update_version = true
+    ami_type = "AL2_x86_64"
+    k8s_labels = {}
+    k8s_taints = []
+  }
+}
+
+variable "single_az_node_groups" {
+  type = any
+  default = {
+    small_burst_on_demand = {
+      name = "small-burst-on-demand"
+      capacity_type = "ON_DEMAND"
+      min_capacity = 3
+      desired_capacity = 3
+      instance_types = ["t3.large", "t3a.large"]
+      k8s_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "BURST"
+        "plural.sh/scalingGroup" = "small-burst-on-demand"
+      }
+    }
+    medium_burst_on_demand = {
+      name = "medium-burst-on-demand"
+      instance_types = ["t3.xlarge", "t3a.xlarge"]
+      capacity_type = "ON_DEMAND"
+      k8s_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "BURST"
+        "plural.sh/scalingGroup" = "medium-burst-on-demand"
+      }
+    }
+    large_burst_on_demand = {
+      name = "large-burst-on-demand"
+      instance_types = ["t3.2xlarge", "t3a.2xlarge"]
+      capacity_type = "ON_DEMAND"
+      k8s_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "BURST"
+        "plural.sh/scalingGroup" = "large-burst-on-demand"
+      }
+    }
+  }
+  description = "Node groups to add to your cluster. A single managed node group will be created in each availability zone."
+}
+
+variable "multi_az_node_groups" {
+  type = any
+  default = {
+    small_burst_spot = {
+      name = "small-burst-spot"
+      capacity_type = "SPOT"
+      instance_types = ["t3.large", "t3a.large"]
+      k8s_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "BURST"
+        "plural.sh/scalingGroup" = "small-burst-spot"
+      }
+      k8s_taints = [{
+        key = "plural.sh/capacityType"
+        value = "SPOT"
+        effect = "NO_SCHEDULE"
+      }]
+    }
+    medium_burst_spot = {
+      name = "medium-burst-spot"
+      instance_types = ["t3.xlarge", "t3a.xlarge"]
+      capacity_type = "SPOT"
+      k8s_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "BURST"
+        "plural.sh/scalingGroup" = "medium-burst-spot"
+      }
+      k8s_taints = [{
+        key = "plural.sh/capacityType"
+        value = "SPOT"
+        effect = "NO_SCHEDULE"
+      }]
+    }
+    large_burst_spot = {
+      name = "large-burst-spot"
+      instance_types = ["t3.2xlarge", "t3a.2xlarge"]
+      capacity_type = "SPOT"
+      k8s_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "BURST"
+        "plural.sh/scalingGroup" = "large-burst-spot"
+      }
+
+      k8s_taints = [{
+        key = "plural.sh/capacityType"
+        value = "SPOT"
+        effect = "NO_SCHEDULE"
+      }]
+    }
+  }
+  description = "Node groups to add to your cluster. A single managed node group will be created across all availability zones."
+}
+
+variable "map_roles" {
+  description = "Additional IAM roles to add to the aws-auth configmap."
+  type = list(object({
+    rolearn  = string
+    username = string
+    groups   = list(string)
+  }))
+
+  default = []
+}
+
+variable "map_users" {
+  description = "Additional IAM users to add to the aws-auth configmap."
+  type = list(object({
+    userarn  = string
+    username = string
+    groups   = list(string)
+  }))
+
+  default = []
+}
+
+variable "manual_roles" {
+  description = "Additional IAM roles to add to the aws-auth configmap beyond the watchman user"
+  type = list(object({
+    rolearn  = string
+    username = string
+    groups   = list(string)
+  }))
+
+  default = []
+}
+
+variable "namespace" {
+  type = string
+  default = "bootstrap"
+}
+
 variable "aws_region" {
   type = string
   default = "us-east-2"
   description = "The region you wish to deploy to"
 }
 
-variable "cluster_name" {
+variable "capa_serviceaccount" {
   type = string
-  default = "plural"
-}
\ No newline at end of file
+  default = "bootstrap-cluster-api-provider-aws"
+}
+
+variable "capi_serviceaccount" {
+  type = string
+  default = "bootstrap-cluster-api-core"
+}
diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/deps.yaml b/bootstrap/terraform/azure-bootstrap-cluster-api/deps.yaml
new file mode 100644
index 000000000..8e5ac81ad
--- /dev/null
+++ b/bootstrap/terraform/azure-bootstrap-cluster-api/deps.yaml
@@ -0,0 +1,23 @@
+apiVersion: plural.sh/v1alpha1
+kind: Dependencies
+metadata:
+  description: Creates an AKS cluster and prepares it for bootstrapping
+  version: 0.3.4
+spec:
+  breaking: true
+  dependencies: []
+  providers:
+  - azure
+  secrets:
+  - /private_ssh_key
+  outputs:
+    cluster_name: cluster_name
+    resource_group_name: resource_group_name
+    cluster: cluster
+    network: network
+    kubelet_msi_id: kubelet_msi_id
+    node_resource_group: node_resource_group
+    capz_assigned_identity_client_id: capz_assigned_identity_client_id
+  provider_wirings:
+    cluster: module.azure-bootstrap-cluster-api.cluster
+  provider_vsn: "0.1.3"
diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/locals.tf b/bootstrap/terraform/azure-bootstrap-cluster-api/locals.tf
new file mode 100644
index 000000000..a59018e3d
--- /dev/null
+++ b/bootstrap/terraform/azure-bootstrap-cluster-api/locals.tf
@@ -0,0 +1,3 @@
+locals {
+  node_pool_name = substr(replace("${var.name}nodes", "-", ""), 0, 12)
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/main.tf b/bootstrap/terraform/azure-bootstrap-cluster-api/main.tf
new file mode 100644
index 000000000..042545576
--- /dev/null
+++ b/bootstrap/terraform/azure-bootstrap-cluster-api/main.tf
@@ -0,0 +1,214 @@
+data "azurerm_resource_group" "group" {
+  name = var.resource_group
+}
+
+data "azurerm_resource_group" "node_group" {
+  name = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].node_resource_group) : one(module.aks[*].node_resource_group)
+}
+
+data "azurerm_kubernetes_cluster" "cluster" {
+  count = var.cluster_api ? 1: 0
+
+  name = var.name
+  resource_group_name = var.resource_group
+}
+
+data "azurerm_virtual_network" "vnet" {
+  count = var.cluster_api ? 1: 0
+
+  name                = var.network_name
+  resource_group_name = var.resource_group
+}
+
+module "network" {
+  count = var.cluster_api ? 0 : 1
+
+  source = "github.com/pluralsh/terraform-azurerm-network?ref=plural"
+
+  vnet_name           = var.network_name
+  resource_group_name = data.azurerm_resource_group.group.name
+  address_space       = var.address_space
+  subnet_prefixes     = var.subnet_prefixes
+  subnet_names        = [var.subnet_name]
+  tags                = var.tags
+}
+
+module "aks" {
+  count = var.cluster_api ? 0 : 1
+
+  source = "github.com/pluralsh/terraform-azurerm-aks?ref=ea5c22775e0352ef6fe7a9abe2d94306029b6a6e" # branch auto-scaler-profile
+
+  resource_group_name              = data.azurerm_resource_group.group.name
+  kubernetes_version               = var.kubernetes_version
+  orchestrator_version             = var.kubernetes_version
+  prefix                           = var.name
+  cluster_name                     = var.name
+  network_plugin                   = var.network_plugin
+  vnet_subnet_id                   = one(module.network[*].vnet_subnets[0])
+  os_disk_size_gb                  = var.node_groups[0].os_disk_size_gb
+  os_disk_type                     = var.node_groups[0].os_disk_type
+  enable_role_based_access_control = true
+  rbac_aad_enabled                 = false
+  rbac_aad_managed                 = false
+  oidc_issuer_enabled              = true
+  location                         = data.azurerm_resource_group.group.location
+  sku_tier                         = "Paid"
+  private_cluster_enabled          = var.private_cluster
+  enable_http_application_routing  = false
+  azure_policy_enabled             = false
+  admin_username                   = var.admin_username
+  enable_auto_scaling              = var.node_groups[0].enable_auto_scaling
+  agents_min_count                 = var.node_groups[0].min_count
+  agents_max_count                 = var.node_groups[0].max_count
+  agents_count                     = var.node_groups[0].node_count  # Please set `agents_count` `null` while `enable_auto_scaling` is `true` to avoid possible `agents_count` changes.
+  agents_max_pods                  = var.node_groups[0].max_pods
+  agents_pool_name                 = var.node_groups[0].name
+  agents_availability_zones        = var.node_groups[0].availability_zones
+  agents_type                      = "VirtualMachineScaleSets"
+  agents_size                      = var.node_groups[0].vm_size
+
+  agents_labels = var.node_groups[0].node_labels
+
+  agents_tags = merge(var.node_groups[0].tags, var.tags)
+
+  network_policy                 = var.network_policy
+  net_profile_dns_service_ip     = "10.0.0.10"
+  net_profile_docker_bridge_cidr = "170.10.0.1/16"
+  net_profile_service_cidr       = "10.0.0.0/16"
+
+  auto_scaler_profile_balance_similar_node_groups      = var.auto_scaler_profile_balance_similar_node_groups
+  auto_scaler_profile_skip_nodes_with_local_storage    = var.auto_scaler_profile_skip_nodes_with_local_storage
+  auto_scaler_profile_scale_down_utilization_threshold = var.auto_scaler_profile_scale_down_utilization_threshold
+
+  enable_log_analytics_workspace = var.enable_aks_insights
+  tags = var.tags
+
+  depends_on = [module.network]
+}
+
+resource "azurerm_kubernetes_cluster_node_pool" "main" {
+  for_each = var.cluster_api ? {} : {for idx, val in var.node_groups : val.name => val if idx != 0}
+
+  kubernetes_cluster_id = one(module.aks[*].aks_id)
+
+  name                  = each.value.name
+  priority              = each.value.priority
+  enable_auto_scaling   = each.value.enable_auto_scaling
+  zones                 = each.value.availability_zones
+  mode                  = each.value.mode
+  orchestrator_version  = var.kubernetes_version
+  node_count            = each.value.node_count
+  min_count             = each.value.min_count
+  max_count             = each.value.max_count
+  spot_max_price        = each.value.spot_max_price
+  eviction_policy       = each.value.eviction_policy
+  vnet_subnet_id        = one(module.network[*].vnet_subnets[0])
+  vm_size               = each.value.vm_size
+  os_disk_type          = each.value.os_disk_type
+  os_disk_size_gb       = each.value.os_disk_size_gb
+  max_pods              = each.value.max_pods
+
+  node_labels           = each.value.node_labels
+  node_taints           = each.value.node_taints
+  tags                  = merge(each.value.tags, var.tags)
+}
+
+resource "azurerm_role_assignment" "aks-network-identity-ssi" {
+  scope                = var.cluster_api ? one(data.azurerm_virtual_network.vnet[*].id) : one(module.network[*].vnet_id)
+  role_definition_name = "Network Contributor"
+  principal_id         = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].identity[0].principal_id) : one(module.aks[*].system_assigned_identity[0].principal_id)
+
+  depends_on = [data.azurerm_virtual_network.vnet, data.azurerm_kubernetes_cluster.cluster, module.aks, module.network]
+}
+
+resource "azurerm_role_assignment" "aks-managed-identity" {
+  count = var.cluster_api ? 0 : 1
+
+  scope                = data.azurerm_resource_group.group.id
+  role_definition_name = "Managed Identity Operator"
+  principal_id         = one(module.aks[*].kubelet_identity[0].object_id)
+
+  depends_on = [module.aks]
+}
+
+resource "azurerm_role_assignment" "aks-network-identity-kubelet" {
+  count = var.cluster_api ? 0 : 1
+
+  scope                = one(module.network[*].vnet_id)
+  role_definition_name = "Network Contributor"
+  principal_id         = one(module.aks[*].kubelet_identity[0].object_id)
+
+  depends_on = [module.aks, module.network]
+}
+
+resource "azurerm_role_assignment" "aks-vm-contributor" {
+  count = var.cluster_api ? 0 : 1
+
+  scope                = data.azurerm_resource_group.group.id
+  role_definition_name = "Virtual Machine Contributor"
+  principal_id         = one(module.aks[*].kubelet_identity[0].object_id)
+
+  depends_on = [module.aks]
+}
+
+resource "azurerm_role_assignment" "aks-node-managed-identity" {
+  count = var.cluster_api ? 0 : 1
+
+  scope                = data.azurerm_resource_group.node_group.id
+  role_definition_name = "Managed Identity Operator"
+  principal_id         = one(module.aks[*].kubelet_identity[0].object_id)
+
+  depends_on = [module.aks]
+}
+
+resource "azurerm_role_assignment" "aks-node-vm-contributor" {
+  count = var.cluster_api ? 0 : 1
+
+  scope                = data.azurerm_resource_group.node_group.id
+  role_definition_name = "Virtual Machine Contributor"
+  principal_id         = one(module.aks[*].kubelet_identity[0].object_id)
+
+  depends_on = [module.aks]
+}
+
+resource "azurerm_user_assigned_identity" "capz" {
+  location            = data.azurerm_resource_group.group.location
+  name                = "${var.name}-capz"
+  resource_group_name = data.azurerm_resource_group.group.name
+}
+
+resource "azurerm_role_assignment" "rg-contributor" {
+  scope                = data.azurerm_resource_group.group.id
+  role_definition_name = "Contributor"
+  principal_id         = azurerm_user_assigned_identity.capz.principal_id
+}
+
+resource "azurerm_role_assignment" "node-rg-contributor" {
+  scope                = data.azurerm_resource_group.node_group.id
+  role_definition_name = "Contributor"
+  principal_id         = azurerm_user_assigned_identity.capz.principal_id
+}
+
+resource "azurerm_federated_identity_credential" "capz" {
+  name                = "${var.name}-capz-federated-identity"
+  resource_group_name = data.azurerm_resource_group.group.name
+  audience            = ["api://AzureADTokenExchange"]
+  issuer              = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].oidc_issuer_url) : one(module.aks[*].oidc_issuer_url)
+  parent_id           = azurerm_user_assigned_identity.capz.id
+  subject             = "system:serviceaccount:${var.namespace}:bootstrap-cluster-api-provider-azure"
+}
+
+resource "kubernetes_namespace" "bootstrap" {
+  count = var.cluster_api ? 0 : 1
+
+  metadata {
+    name = var.namespace
+
+    labels = {
+      "app.kubernetes.io/managed-by" = "plural"
+      "app.plural.sh/name" = "bootstrap"
+    }
+  }
+
+  depends_on = [module.aks.host]
+}
diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/moved.tf b/bootstrap/terraform/azure-bootstrap-cluster-api/moved.tf
new file mode 100644
index 000000000..09f41d181
--- /dev/null
+++ b/bootstrap/terraform/azure-bootstrap-cluster-api/moved.tf
@@ -0,0 +1,34 @@
+moved {
+  from = module.network
+  to = module.network[0]
+}
+
+moved {
+  from = module.aks
+  to = module.aks[0]
+}
+
+moved {
+  from = azurerm_role_assignment.aks-managed-identity
+  to = azurerm_role_assignment.aks-managed-identity[0]
+}
+
+moved {
+  from = azurerm_role_assignment.aks-network-identity-kubelet
+  to = azurerm_role_assignment.aks-network-identity-kubelet[0]
+}
+
+moved {
+  from = azurerm_role_assignment.aks-vm-contributor
+  to = azurerm_role_assignment.aks-vm-contributor[0]
+}
+
+moved {
+  from = azurerm_role_assignment.aks-node-vm-contributor
+  to = azurerm_role_assignment.aks-node-vm-contributor[0]
+}
+
+moved {
+  from = kubernetes_namespace.bootstrap
+  to = kubernetes_namespace.bootstrap[0]
+}
diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/outputs.tf b/bootstrap/terraform/azure-bootstrap-cluster-api/outputs.tf
new file mode 100644
index 000000000..efe752e56
--- /dev/null
+++ b/bootstrap/terraform/azure-bootstrap-cluster-api/outputs.tf
@@ -0,0 +1,33 @@
+output "cluster" {
+  value = var.cluster_api ? merge(one(data.azurerm_kubernetes_cluster.cluster[*]), {
+    host=one(data.azurerm_kubernetes_cluster.cluster[*]).kube_config.0.host,
+    client_certificate=one(data.azurerm_kubernetes_cluster.cluster[*]).kube_config.0.client_certificate,
+    client_key=one(data.azurerm_kubernetes_cluster.cluster[*]).kube_config.0.client_key,
+    cluster_ca_certificate=one(data.azurerm_kubernetes_cluster.cluster[*]).kube_config.0.cluster_ca_certificate
+  }) : one(module.aks[*])
+  sensitive = true
+}
+
+output "kubelet_msi_id" {
+  value = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].kubelet_identity.0.client_id) : one(module.aks[*].kubelet_identity[0].client_id)
+}
+
+output "node_resource_group" {
+  value = data.azurerm_resource_group.node_group.name
+}
+
+output "cluster_name" {
+  value = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].name) : one(module.aks[*].cluster_name)
+}
+
+output "resource_group_name" {
+  value = data.azurerm_resource_group.group.name
+}
+
+output "network" {
+  value = var.cluster_api ? one(data.azurerm_virtual_network.vnet[*]) : one(module.network[*])
+}
+
+output "capz_assigned_identity_client_id" {
+  value = azurerm_user_assigned_identity.capz.client_id
+}
diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/terraform.tfvars b/bootstrap/terraform/azure-bootstrap-cluster-api/terraform.tfvars
new file mode 100644
index 000000000..517bf31ae
--- /dev/null
+++ b/bootstrap/terraform/azure-bootstrap-cluster-api/terraform.tfvars
@@ -0,0 +1,31 @@
+{{- $tfOutput := pathJoin repoRoot "bootstrap" "output.yaml" }}
+resource_group = {{ .Project | quote }}
+name = {{ .Cluster | quote }}
+namespace = {{ .Namespace | quote }}
+cluster_api = {{ .ClusterAPI }}
+
+{{- if fileExists $tfOutput }}
+{{- $bootstrapOutputs := .Applications.TerraformValues "bootstrap" }}
+{{- if and $bootstrapOutputs (not .ClusterAPI) }}
+
+network_name = {{ $bootstrapOutputs.network.vnet_name | quote }}
+subnet_prefixes = yamldecode(<<EOT
+{{ (index $bootstrapOutputs.network.vnet_subnets_raw 0).address_prefixes | toYaml }}
+EOT
+)
+
+{{- if $bootstrapOutputs.cluster.cluster_raw.linux_profile }}
+admin_username = {{ (index $bootstrapOutputs.cluster.cluster_raw.linux_profile 0).admin_username | quote }}
+{{- end }}
+
+{{- else }}
+
+network_name = {{ .Values.network_name | quote }}
+
+{{- end }}
+
+{{- else }}
+
+network_name = {{ .Values.network_name | quote }}
+
+{{- end }}
diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/variables.tf b/bootstrap/terraform/azure-bootstrap-cluster-api/variables.tf
new file mode 100644
index 000000000..f5cb2151a
--- /dev/null
+++ b/bootstrap/terraform/azure-bootstrap-cluster-api/variables.tf
@@ -0,0 +1,635 @@
+variable "network_name" {
+  type = string
+  default = "plural-vnet"
+}
+
+variable "subnet_name" {
+  type = string
+  default = "plural-subnet"
+}
+
+variable "network_plugin" {
+  description = "Network plugin to use for networking."
+  type        = string
+  default     = "azure"
+  nullable    = false
+}
+
+variable "network_policy" {
+  description = " (Optional) Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created."
+  type        = string
+  default     = "azure"
+}
+
+variable "resource_group" {
+  type = string
+}
+
+variable "kubernetes_version" {
+  type = string
+  default = "1.25.11"
+}
+
+variable "address_space" {
+  type = string
+  default = "10.1.0.0/16"
+}
+
+variable "subnet_prefixes" {
+  type = list(string)
+  default = ["10.1.0.0/18"]
+}
+
+variable "admin_username" {
+  type = string
+  default = null
+}
+
+variable "name" {
+  type = string
+  default = "plural"
+}
+
+variable "os_disk_size" {
+  type = number
+  default = 50
+}
+
+variable "os_disk_type" {
+  type = string
+  default = "Ephemeral"
+}
+
+variable "agents_size" {
+  default     = "Standard_D2s_v3"
+  description = "The default virtual machine size for the Kubernetes agents"
+  type        = string
+}
+
+variable "private_cluster" {
+  type = bool
+  default = false
+}
+
+variable "min_nodes" {
+  type = number
+  default = 3
+}
+
+variable "max_nodes" {
+  type = number
+  default = 25
+}
+
+variable "namespace" {
+  type = string
+  default = "bootstrap"
+}
+
+variable "tags" {
+  type = any
+  default = {}
+}
+
+variable "node_groups" {
+  description = "list of maps of node groups to create. "
+  type        = any
+  default = [
+    {
+      name                = "ssod1"
+      priority            = "Regular"
+      enable_auto_scaling = true
+      availability_zones  = ["1"]
+      mode                = "System"
+      node_count          = null
+      min_count           = 1
+      max_count           = 9
+      spot_max_price      = null
+      eviction_policy     = null
+      vm_size             = "Standard_D2as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "small-sustained-on-demand"
+      }
+      node_taints = []
+      tags = {
+        "ScalingGroup": "small-sustained-on-demand"
+      }
+    },
+    {
+      name                = "ssod2"
+      priority            = "Regular"
+      enable_auto_scaling = true
+      availability_zones  = ["2"]
+      mode                = "System"
+      node_count          = null
+      min_count           = 1
+      max_count           = 9
+      spot_max_price      = null
+      eviction_policy     = null
+      vm_size             = "Standard_D2as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "small-sustained-on-demand"
+      }
+      node_taints = []
+      tags = {
+        "ScalingGroup": "small-sustained-on-demand"
+      }
+    },
+    {
+      name                = "ssod3"
+      priority            = "Regular"
+      enable_auto_scaling = true
+      availability_zones  = ["3"]
+      mode                = "System"
+      node_count          = null
+      min_count           = 1
+      max_count           = 9
+      spot_max_price      = null
+      eviction_policy     = null
+      vm_size             = "Standard_D2as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "small-sustained-on-demand"
+      }
+      node_taints = []
+      tags = {
+        "ScalingGroup": "small-sustained-on-demand"
+      }
+    },
+    {
+      name                = "ssspot1"
+      priority            = "Spot"
+      enable_auto_scaling = true
+      availability_zones  = ["1"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = -1
+      eviction_policy     = "Delete"
+      vm_size             = "Standard_D2as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "small-sustained-spot"
+        "kubernetes.azure.com/scalesetpriority" = "spot"
+      }
+      node_taints = [
+        "plural.sh/capacityType=SPOT:NoSchedule",
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags = {
+        "ScalingGroup": "small-sustained-spot"
+      }
+    },
+    {
+      name                = "ssspot2"
+      priority            = "Spot"
+      enable_auto_scaling = true
+      availability_zones  = ["2"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = -1
+      eviction_policy     = "Delete"
+      vm_size             = "Standard_D2as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "small-sustained-spot"
+        "kubernetes.azure.com/scalesetpriority" = "spot"
+      }
+      node_taints = [
+        "plural.sh/capacityType=SPOT:NoSchedule",
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags = {
+        "ScalingGroup": "small-sustained-spot"
+      }
+    },
+    {
+      name                = "ssspot3"
+      priority            = "Spot"
+      enable_auto_scaling = true
+      availability_zones  = ["3"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = -1
+      eviction_policy     = "Delete"
+      vm_size             = "Standard_D2as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "small-sustained-spot"
+        "kubernetes.azure.com/scalesetpriority" = "spot"
+      }
+      node_taints = [
+        "plural.sh/capacityType=SPOT:NoSchedule",
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags = {
+        "ScalingGroup": "small-sustained-spot"
+      }
+    },
+
+    {
+      name                = "msod1"
+      priority            = "Regular"
+      enable_auto_scaling = true
+      availability_zones  = ["1"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = null
+      eviction_policy     = null
+      vm_size             = "Standard_D4as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "medium-sustained-on-demand"
+      }
+      node_taints = []
+      tags = {
+        "ScalingGroup": "medium-sustained-on-demand"
+      }
+    },
+    {
+      name                = "msod2"
+      priority            = "Regular"
+      enable_auto_scaling = true
+      availability_zones  = ["2"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = null
+      eviction_policy     = null
+      vm_size             = "Standard_D4as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "medium-sustained-on-demand"
+      }
+      node_taints = []
+      tags = {
+        "ScalingGroup": "medium-sustained-on-demand"
+      }
+    },
+    {
+      name                = "msod3"
+      priority            = "Regular"
+      enable_auto_scaling = true
+      availability_zones  = ["3"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = null
+      eviction_policy     = null
+      vm_size             = "Standard_D4as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "medium-sustained-on-demand"
+      }
+      node_taints = []
+      tags = {
+        "ScalingGroup": "medium-sustained-on-demand"
+      }
+    },
+    {
+      name                = "msspot1"
+      priority            = "Spot"
+      enable_auto_scaling = true
+      availability_zones  = ["1"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = -1
+      eviction_policy     = "Delete"
+      vm_size             = "Standard_D4as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "medium-sustained-spot"
+        "kubernetes.azure.com/scalesetpriority" = "spot"
+      }
+      node_taints = [
+        "plural.sh/capacityType=SPOT:NoSchedule",
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags = {
+        "ScalingGroup": "medium-sustained-spot"
+      }
+    },
+    {
+      name                = "msspot2"
+      priority            = "Spot"
+      enable_auto_scaling = true
+      availability_zones  = ["2"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = -1
+      eviction_policy     = "Delete"
+      vm_size             = "Standard_D4as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "medium-sustained-spot"
+        "kubernetes.azure.com/scalesetpriority" = "spot"
+      }
+      node_taints = [
+        "plural.sh/capacityType=SPOT:NoSchedule",
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags = {
+        "ScalingGroup": "medium-sustained-spot"
+      }
+    },
+    {
+      name                = "msspot3"
+      priority            = "Spot"
+      enable_auto_scaling = true
+      availability_zones  = ["3"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = -1
+      eviction_policy     = "Delete"
+      vm_size             = "Standard_D4as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "medium-sustained-spot"
+        "kubernetes.azure.com/scalesetpriority" = "spot"
+      }
+      node_taints = [
+        "plural.sh/capacityType=SPOT:NoSchedule",
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags = {
+        "ScalingGroup": "medium-sustained-spot"
+      }
+    },
+
+    {
+      name                = "lsod1"
+      priority            = "Regular"
+      enable_auto_scaling = true
+      availability_zones  = ["1"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = null
+      eviction_policy     = null
+      vm_size             = "Standard_D8as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "large-sustained-on-demand"
+      }
+      node_taints = []
+      tags = {
+        "ScalingGroup": "large-sustained-on-demand"
+      }
+    },
+    {
+      name                = "lsod2"
+      priority            = "Regular"
+      enable_auto_scaling = true
+      availability_zones  = ["2"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = null
+      eviction_policy     = null
+      vm_size             = "Standard_D8as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "large-sustained-on-demand"
+      }
+      node_taints = []
+      tags = {
+        "ScalingGroup": "large-sustained-on-demand"
+      }
+    },
+    {
+      name                = "lsod3"
+      priority            = "Regular"
+      enable_auto_scaling = true
+      availability_zones  = ["3"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = null
+      eviction_policy     = null
+      vm_size             = "Standard_D8as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "ON_DEMAND"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "large-sustained-on-demand"
+      }
+      node_taints = []
+      tags = {
+        "ScalingGroup": "large-sustained-on-demand"
+      }
+    },
+    {
+      name                = "lsspot1"
+      priority            = "Spot"
+      enable_auto_scaling = true
+      availability_zones  = ["1"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = -1
+      eviction_policy     = "Delete"
+      vm_size             = "Standard_D8as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "large-sustained-spot"
+        "kubernetes.azure.com/scalesetpriority" = "spot"
+      }
+      node_taints = [
+        "plural.sh/capacityType=SPOT:NoSchedule",
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags = {
+        "ScalingGroup": "large-sustained-spot"
+      }
+    },
+    {
+      name                = "lsspot2"
+      priority            = "Spot"
+      enable_auto_scaling = true
+      availability_zones  = ["2"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = -1
+      eviction_policy     = "Delete"
+      vm_size             = "Standard_D8as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "large-sustained-spot"
+        "kubernetes.azure.com/scalesetpriority" = "spot"
+      }
+      node_taints = [
+        "plural.sh/capacityType=SPOT:NoSchedule",
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags = {
+        "ScalingGroup": "large-sustained-spot"
+      }
+    },
+    {
+      name                = "lsspot3"
+      priority            = "Spot"
+      enable_auto_scaling = true
+      availability_zones  = ["3"]
+      mode                = "User"
+      node_count          = null
+      min_count           = 0
+      max_count           = 9
+      spot_max_price      = -1
+      eviction_policy     = "Delete"
+      vm_size             = "Standard_D8as_v5"
+      os_disk_type        = "Managed"
+      os_disk_size_gb     = 50
+      max_pods            = 110
+
+      node_labels = {
+        "plural.sh/capacityType" = "SPOT"
+        "plural.sh/performanceType" = "SUSTAINED"
+        "plural.sh/scalingGroup" = "large-sustained-spot"
+        "kubernetes.azure.com/scalesetpriority" = "spot"
+      }
+      node_taints = [
+        "plural.sh/capacityType=SPOT:NoSchedule",
+        "kubernetes.azure.com/scalesetpriority=spot:NoSchedule"
+      ]
+      tags = {
+        "ScalingGroup": "large-sustained-spot"
+      }
+    }
+  ]
+}
+
+variable "auto_scaler_profile_balance_similar_node_groups" {
+  description = "Enable or Disable the balance similar node groups."
+  type        = bool
+  default     = true
+}
+
+variable "auto_scaler_profile_skip_nodes_with_local_storage" {
+  description = "Do not check nodes that have local storage, pods using it will not be moved."
+  type        = bool
+  default     = false
+}
+
+variable "auto_scaler_profile_scale_down_utilization_threshold" {
+  description = "The threshold in % under which a node is considered for scale down."
+  type        = number
+  default     = 0.7
+}
+
+variable "enable_aks_insights" {
+  description = "enable aks logging and monitoring (defaults to false because it can be quite expensive)"
+  type        = bool
+  default     = false
+}
+
+variable "cluster_api" {
+  type = bool
+  description = "Whether cluster is controlled by the Cluster API or not"
+  default = false
+}
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/README.md b/bootstrap/terraform/gcp-bootstrap-cluster-api/README.md
new file mode 100644
index 000000000..b914b3252
--- /dev/null
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/README.md
@@ -0,0 +1,3 @@
+# GCP Kubernetes bootstrapping
+
+Provisions a gke cluster with node pool, along with default networking etc.
\ No newline at end of file
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/deps.yaml b/bootstrap/terraform/gcp-bootstrap-cluster-api/deps.yaml
index 565f111dc..5d9b5adad 100644
--- a/bootstrap/terraform/gcp-bootstrap-cluster-api/deps.yaml
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/deps.yaml
@@ -8,4 +8,9 @@ spec:
   dependencies: []
   providers:
   - gcp
-
+  outputs:
+    cluster: cluster
+    vpc_network: vpc_network
+    capi_sa_workload_identity_email: capi_sa_workload_identity_email
+  provider_wirings:
+    cluster: module.gcp-bootstrap-cluster-api.cluster
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/locals.tf b/bootstrap/terraform/gcp-bootstrap-cluster-api/locals.tf
new file mode 100644
index 000000000..890ec9232
--- /dev/null
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/locals.tf
@@ -0,0 +1,8 @@
+locals {
+  # required for backwards compatibility
+  gcp_region         = "${split("-", var.gcp_region)[0]}-${split("-", var.gcp_region)[1]}"
+  pods_cidr_name     = "${var.gcp_region}-${var.cluster_name}-pods"
+  services_cidr_name = "${var.gcp_region}-${var.cluster_name}-services"
+  vpc_network_name   = var.vpc_network_name != "" ? var.vpc_network_name : "${var.vpc_name_prefix}-network"
+  vpc_subnetwork_name = var.vpc_subnetwork_name != "" ? var.vpc_subnetwork_name : "${var.vpc_name_prefix}-subnetwork"
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/main.tf b/bootstrap/terraform/gcp-bootstrap-cluster-api/main.tf
index f52ffb521..25eb8429c 100644
--- a/bootstrap/terraform/gcp-bootstrap-cluster-api/main.tf
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/main.tf
@@ -1,3 +1,181 @@
+resource "google_compute_network" "vpc_network" {
+  count                   = var.cluster_api ? 0 : 1
+  name                    = local.vpc_network_name
+  auto_create_subnetworks = "false"
+
+  depends_on = [
+    google_project_service.compute,
+    google_project_service.gcr,
+    google_project_service.container,
+    google_project_service.iam,
+    google_project_service.dns,
+    google_project_service.storage,
+  ]
+}
+
+resource "google_compute_subnetwork" "vpc_subnetwork" {
+  count         = var.cluster_api ? 0 : 1
+  name          = local.vpc_subnetwork_name
+  ip_cidr_range = var.vpc_subnetwork_cidr_range
+  network       = one(google_compute_network.vpc_network[*].name)
+
+  secondary_ip_range {
+    range_name    = local.pods_cidr_name
+    ip_cidr_range = var.cluster_secondary_range_cidr
+  }
+
+  secondary_ip_range {
+    range_name    = local.services_cidr_name
+    ip_cidr_range = var.services_secondary_range_cidr
+  }
+
+  private_ip_google_access = true
+
+  lifecycle {
+    ignore_changes = [
+      secondary_ip_range[0].range_name,
+      secondary_ip_range[1].range_name,
+    ]
+  }
+
+  depends_on = [
+    google_compute_network.vpc_network,
+  ]
+}
+
+module "gke" {
+  count                      = var.cluster_api ? 0 : 1
+  source                     = "github.com/pluralsh/terraform-google-kubernetes-engine?ref=filestore-csi-driver"
+  project_id                 = var.gcp_project_id
+  name                       = var.cluster_name
+  region                     = local.gcp_region
+  network                    = one(google_compute_network.vpc_network[*].name)
+  subnetwork                 = one(google_compute_subnetwork.vpc_subnetwork[*].name)
+  ip_range_pods              = one(google_compute_subnetwork.vpc_subnetwork[*].secondary_ip_range[0].range_name)
+  ip_range_services          = one(google_compute_subnetwork.vpc_subnetwork[*].secondary_ip_range[1].range_name)
+  horizontal_pod_autoscaling = true
+  http_load_balancing        = true
+  remove_default_node_pool   = true
+  add_cluster_firewall_rules = true
+  network_policy             = var.network_policy_enabled
+  datapath_provider          = var.datapath_provider
+  kubernetes_version         = var.kubernetes_version
+  filestore_csi_driver       = true
+  release_channel            = var.release_channel
+  regional                   = var.regional_cluster
+  zones                      = var.cluster_zones
+  cluster_resource_labels    = merge(
+    {
+      "managed-by" = "plural"
+    },
+    var.cluster_labels,
+  )
+  grant_registry_access = var.grant_registry_access
+
+  node_pools = var.node_pools
+
+  node_pools_labels = var.node_pools_labels
+
+  node_pools_taints = var.node_pools_taints
+
+  depends_on = [
+    google_compute_subnetwork.vpc_subnetwork,
+    google_project_service.gcr,
+    google_project_service.container,
+    google_project_service.iam,
+    google_project_service.storage,
+    google_project_service.dns,
+  ]
+}
+
+resource "kubernetes_namespace" "bootstrap" {
+  count = var.cluster_api ? 0 : 1
+
+  metadata {
+    name = var.namespace
+
+    labels = {
+      "app.kubernetes.io/managed-by" = "plural"
+      "app.plural.sh/name"           = "bootstrap"
+    }
+  }
+
+  depends_on = [module.gke.endpoint]
+}
+
+resource "kubernetes_service_account" "certmanager" {
+  count = var.cluster_api ? 0 : 1
+  metadata {
+    name      = "certmanager"
+    namespace = var.namespace
+
+    annotations = {
+      "iam.gke.io/gcp-service-account" = module.certmanager-workload-identity.gcp_service_account_email
+    }
+  }
+
+  depends_on = [kubernetes_namespace.bootstrap]
+}
+
 data "google_container_cluster" "cluster" {
-  name = var.cluster_name
+  count    = var.cluster_api ? 1 : 0
+  name     = var.cluster_name
+  location = var.gcp_region
+}
+
+module "externaldns-workload-identity" {
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  name                = "${var.cluster_name}-externaldns"
+  namespace           = var.namespace
+  project_id          = var.gcp_project_id
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
+  k8s_sa_name         = "external-dns"
+  roles               = ["roles/dns.admin"]
+
+  depends_on = [google_project_service.iam]
+}
+
+resource "kubernetes_service_account" "externaldns" {
+  metadata {
+    name      = "external-dns"
+    namespace = var.namespace
+
+    annotations = {
+      "iam.gke.io/gcp-service-account" = module.externaldns-workload-identity.gcp_service_account_email
+    }
+  }
+
+  depends_on = [kubernetes_namespace.bootstrap]
+}
+
+module "certmanager-workload-identity" {
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  name                = "${var.cluster_name}-certmanager"
+  namespace           = var.namespace
+  project_id          = var.gcp_project_id
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
+  k8s_sa_name         = "certmanager"
+  roles               = ["roles/dns.admin"]
+
+  depends_on = [google_project_service.iam]
+}
+
+module "capi-workload-identity" {
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  name                = "${var.cluster_name}-cluster-api-provider-gcp"
+  namespace           = var.namespace
+  project_id          = var.gcp_project_id
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
+  k8s_sa_name         = "bootstrap-cluster-api-provider-gcp"
+  roles               = [
+    "roles/iam.serviceAccountUser",
+    "roles/iam.workloadIdentityUser",
+    "roles/compute.admin",
+    "roles/container.admin",
+  ]
+
+  module_depends_on = [google_project_service.iam]
 }
\ No newline at end of file
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/moved.tf b/bootstrap/terraform/gcp-bootstrap-cluster-api/moved.tf
new file mode 100644
index 000000000..9578298d1
--- /dev/null
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/moved.tf
@@ -0,0 +1,51 @@
+/** main.tf **/
+moved {
+  from = google_compute_network.vpc_network
+  to = google_compute_network.vpc_network[0]
+}
+
+moved {
+  from = google_compute_subnetwork.vpc_subnetwork
+  to = google_compute_subnetwork.vpc_subnetwork[0]
+}
+
+moved {
+  from = module.gke
+  to = module.gke[0]
+}
+
+moved {
+  from = kubernetes_namespace.bootstrap
+  to = kubernetes_namespace.bootstrap[0]
+}
+
+moved {
+  from = kubernetes_service_account.certmanager
+  to = kubernetes_service_account.certmanager[0]
+}
+
+/** services.tf **/
+moved {
+  from = google_project_service.gcr
+  to = google_project_service.gcr[0]
+}
+
+moved {
+  from = google_project_service.container
+  to = google_project_service.container[0]
+}
+
+moved {
+  from = google_project_service.storage
+  to = google_project_service.storage[0]
+}
+
+moved {
+  from = google_project_service.dns
+  to = google_project_service.dns[0]
+}
+
+moved {
+  from = google_project_service.compute
+  to = google_project_service.compute[0]
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/network.tf b/bootstrap/terraform/gcp-bootstrap-cluster-api/network.tf
new file mode 100644
index 000000000..21461d144
--- /dev/null
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/network.tf
@@ -0,0 +1,28 @@
+resource "google_compute_router" "router" {
+  count   = var.cluster_api ? 0 : var.enable_nat ? 1 : 0
+  name    = "${local.vpc_network_name}-router"
+  region  = one(google_compute_subnetwork.vpc_subnetwork[*].region)
+  network = one(google_compute_network.vpc_network[*].id)
+}
+
+resource "google_compute_address" "static_external_address" {
+  count  = var.cluster_api ? 0 : var.enable_nat ? var.num_static_ips : 0
+  name   = "${var.cluster_name}-static-ip"
+  region = local.gcp_region
+}
+
+resource "google_compute_router_nat" "nat" {
+  count                              = var.cluster_api ? 0 : var.enable_nat ? 1 : 0
+  name                               = "${local.vpc_network_name}-nat"
+  router                             = one(google_compute_router.router[*].name)
+  region                             = one(google_compute_router.router[*].region)
+  nat_ip_allocate_option             = "MANUAL_ONLY"
+  nat_ips                            = one(google_compute_address.static_external_address[*].self_link)
+  min_ports_per_vm                   = 64
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+
+  log_config {
+    enable = true
+    filter = "ERRORS_ONLY"
+  }
+}
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/outputs.tf b/bootstrap/terraform/gcp-bootstrap-cluster-api/outputs.tf
new file mode 100644
index 000000000..553aa2ec2
--- /dev/null
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/outputs.tf
@@ -0,0 +1,12 @@
+output "cluster" {
+  value = var.cluster_api ? merge(one(data.google_container_cluster.cluster[*]), {ca_certificate=one(data.google_container_cluster.cluster[*]).master_auth.0.cluster_ca_certificate}) : one(module.gke[*])
+  sensitive = true
+}
+
+output "vpc_network" {
+  value = one(google_compute_network.vpc_network[*])
+}
+
+output "capi_sa_workload_identity_email" {
+  value = module.capi-workload-identity.gcp_service_account_email
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/services.tf b/bootstrap/terraform/gcp-bootstrap-cluster-api/services.tf
new file mode 100644
index 000000000..34d226e7a
--- /dev/null
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/services.tf
@@ -0,0 +1,77 @@
+
+resource "google_project_service" "gcr" {
+  count = var.cluster_api ? 0 : 1
+  project = var.gcp_project_id
+  service = "artifactregistry.googleapis.com"
+
+  timeouts {
+    create = "30m"
+    update = "40m"
+  }
+
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "container" {
+  count = var.cluster_api ? 0 : 1
+  project = var.gcp_project_id
+  service = "container.googleapis.com"
+
+  timeouts {
+    create = "30m"
+    update = "40m"
+  }
+
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "iam" {
+  project = var.gcp_project_id
+  service = "iam.googleapis.com"
+
+  timeouts {
+    create = "30m"
+    update = "40m"
+  }
+
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "storage" {
+  count = var.cluster_api ? 0 : 1
+  project = var.gcp_project_id
+  service = "storage.googleapis.com"
+
+  timeouts {
+    create = "30m"
+    update = "40m"
+  }
+
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "dns" {
+  count = var.cluster_api ? 0 : 1
+  project = var.gcp_project_id
+  service = "dns.googleapis.com"
+
+  timeouts {
+    create = "30m"
+    update = "40m"
+  }
+
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "compute" {
+  count = var.cluster_api ? 0 : 1
+  project = var.gcp_project_id
+  service = "compute.googleapis.com"
+
+  timeouts {
+    create = "30m"
+    update = "40m"
+  }
+
+  disable_on_destroy = false
+}
\ No newline at end of file
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/terraform.tfvars b/bootstrap/terraform/gcp-bootstrap-cluster-api/terraform.tfvars
index d229fb4d8..c4e168775 100644
--- a/bootstrap/terraform/gcp-bootstrap-cluster-api/terraform.tfvars
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/terraform.tfvars
@@ -1 +1,24 @@
-cluster_name = {{ .Cluster | quote }}
\ No newline at end of file
+{{- $tfOutput := pathJoin repoRoot "bootstrap" "output.yaml" }}
+gcp_project_id = {{ .Project | quote }}
+cluster_name = {{ .Cluster | quote }}
+vpc_name_prefix = {{ .Values.vpc_name | quote }}
+externaldns_sa_name = "{{ .Cluster }}-externaldns"
+gcp_region = {{ .Region | quote }}
+cluster_api = {{ .ClusterAPI }}
+{{- if fileExists $tfOutput }}
+{{- $bootstrapOutputs := .Applications.TerraformValues "bootstrap" }}
+{{- if and $bootstrapOutputs (not .ClusterAPI) }}
+network_policy_enabled = {{ $bootstrapOutputs.cluster.network_policy_enabled }}
+{{- if eq $bootstrapOutputs.cluster.datapath_provider "" }}
+datapath_provider = "DATAPATH_PROVIDER_UNSPECIFIED"
+{{- else }}
+datapath_provider = {{ $bootstrapOutputs.cluster.datapath_provider | quote }}
+{{- end }}
+{{- else }}
+network_policy_enabled = false
+datapath_provider = "ADVANCED_DATAPATH"
+{{- end }}
+{{- else }}
+network_policy_enabled = false
+datapath_provider = "ADVANCED_DATAPATH"
+{{- end }}
diff --git a/bootstrap/terraform/gcp-bootstrap-cluster-api/variables.tf b/bootstrap/terraform/gcp-bootstrap-cluster-api/variables.tf
index 56c4db213..7e72a2a9f 100644
--- a/bootstrap/terraform/gcp-bootstrap-cluster-api/variables.tf
+++ b/bootstrap/terraform/gcp-bootstrap-cluster-api/variables.tf
@@ -1,4 +1,367 @@
+variable "gcp_project_id" {
+  type = string
+
+  description = <<EOF
+The ID of the project in which the resources belong.
+EOF
+}
+
 variable "cluster_name" {
   type = string
   default = "plural"
+
+  description = <<EOF
+The name of the cluster, unique within the project and zone.
+EOF
+}
+
+variable "gcp_region" {
+  type = string
+  default = "us-east1"
+
+  description = <<EOF
+The location (region or zone) in which the cluster master will be created,
+as well as the default node location. If you specify a zone (such as
+us-central1-a), the cluster will be a zonal cluster with a single cluster
+master. If you specify a region (such as us-west1), the cluster will be a
+regional cluster with multiple masters spread across zones in that region.
+Node pools will also be created as regional or zonal, to match the cluster.
+If a node pool is zonal it will have the specified number of nodes in that
+zone. If a node pool is regional it will have the specified number of nodes
+in each zone within that region. For more information see:
+https://cloud.google.com/kubernetes-engine/docs/concepts/regional-clusters
+EOF
+}
+
+variable "daily_maintenance_window_start_time" {
+  type = string
+  default = "03:00"
+
+  description = <<EOF
+The start time of the 4 hour window for daily maintenance operations RFC3339
+format HH:MM, where HH : [00-23] and MM : [00-59] GMT.
+EOF
+}
+
+variable "node_pools" {
+  type = list
+  default = [
+    {
+      name               = "small-burst-on-demand"
+      machine_type       = "e2-standard-2"
+      min_count          = 1
+      max_count          = 9
+      disk_size_gb       = 50
+      disk_type          = "pd-standard"
+      image_type         = "COS_CONTAINERD"
+      spot               = false
+      auto_repair        = true
+      auto_upgrade       = true
+      preemptible        = false
+      initial_node_count = 1
+      autoscaling        = true
+    },
+    # {
+    #   name               = "small-burst-spot"
+    #   machine_type       = "e2-standard-2"
+    #   min_count          = 0
+    #   max_count          = 9
+    #   disk_size_gb       = 50
+    #   disk_type          = "pd-standard"
+    #   image_type         = "COS_CONTAINERD"
+    #   spot               = true
+    #   auto_repair        = true
+    #   auto_upgrade       = true
+    #   preemptible        = false
+    #   initial_node_count = 0
+    #   autoscaling        = true
+    # },
+    {
+      name               = "medium-burst-on-demand"
+      machine_type       = "e2-standard-4"
+      min_count          = 0
+      max_count          = 9
+      disk_size_gb       = 50
+      disk_type          = "pd-standard"
+      image_type         = "COS_CONTAINERD"
+      spot               = false
+      auto_repair        = true
+      auto_upgrade       = true
+      preemptible        = false
+      initial_node_count = 0
+      autoscaling        = true
+    },
+    # {
+    #   name               = "medium-burst-spot"
+    #   machine_type       = "e2-standard-4"
+    #   min_count          = 0
+    #   max_count          = 9
+    #   disk_size_gb       = 50
+    #   disk_type          = "pd-standard"
+    #   image_type         = "COS_CONTAINERD"
+    #   spot               = true
+    #   auto_repair        = true
+    #   auto_upgrade       = true
+    #   preemptible        = false
+    #   initial_node_count = 0
+    #   autoscaling        = true
+    # },
+
+    {
+      name               = "large-burst-on-demand"
+      machine_type       = "e2-standard-8"
+      min_count          = 0
+      max_count          = 9
+      disk_size_gb       = 50
+      disk_type          = "pd-standard"
+      image_type         = "COS_CONTAINERD"
+      spot               = false
+      auto_repair        = true
+      auto_upgrade       = true
+      preemptible        = false
+      initial_node_count = 0
+      autoscaling        = true
+    },
+    # {
+    #   name               = "large-burst-spot"
+    #   machine_type       = "e2-standard-8"
+    #   min_count          = 0
+    #   max_count          = 9
+    #   disk_size_gb       = 50
+    #   disk_type          = "pd-standard"
+    #   image_type         = "COS_CONTAINERD"
+    #   spot               = true
+    #   auto_repair        = true
+    #   auto_upgrade       = true
+    #   preemptible        = false
+    #   initial_node_count = 0
+    #   autoscaling        = true
+    # },
+  ]
+
+  description = <<EOF
+  The node pools for your cluster
+EOF
+}
+
+variable "node_pools_labels" {
+  type = map(map(string))
+  default = {
+
+    all = {}
+    "small-burst-on-demand" = {
+      "plural.sh/capacityType" = "ON_DEMAND"
+      "plural.sh/performanceType" = "BURST"
+      "plural.sh/scalingGroup" = "small-burst-on-demand"
+    }
+    # "small-burst-spot" = {
+    #   "plural.sh/capacityType" = "SPOT"
+    #   "plural.sh/performanceType" = "BURST"
+    #   "plural.sh/scalingGroup" = "small-burst-spot"
+    # }
+    medium-burst-on-demand = {
+      "plural.sh/capacityType" = "ON_DEMAND"
+      "plural.sh/performanceType" = "BURST"
+      "plural.sh/scalingGroup" = "medium-burst-on-demand"
+    }
+    # medium-burst-spot = {
+    #   "plural.sh/capacityType" = "SPOT"
+    #   "plural.sh/performanceType" = "BURST"
+    #   "plural.sh/scalingGroup" = "medium-burst-spot"
+    # }
+    large-burst-on-demand = {
+      "plural.sh/capacityType" = "ON_DEMAND"
+      "plural.sh/performanceType" = "BURST"
+      "plural.sh/scalingGroup" = "large-burst-on-demand"
+    }
+    # large-burst-spot = {
+    #   "plural.sh/capacityType" = "SPOT"
+    #   "plural.sh/performanceType" = "BURST"
+    #   "plural.sh/scalingGroup" = "large-burst-spot"
+    # }
+  }
+}
+
+variable "node_pools_taints" {
+  type = map(list(object({ key = string, value = string, effect = string })))
+  default = {
+    all = [],
+    # small-burst-spot = [
+    #   {
+    #     key    = "plural.sh/capacityType"
+    #     value  = "SPOT"
+    #     effect = "NO_SCHEDULE"
+    #   },
+    # ],
+    # meium-burst-spot = [
+    #   {
+    #     key    = "plural.sh/capacityType"
+    #     value  = "SPOT"
+    #     effect = "NO_SCHEDULE"
+    #   },
+    # ],
+    # large-burst-spot = [
+    #   {
+    #     key    = "plural.sh/capacityType"
+    #     value  = "SPOT"
+    #     effect = "NO_SCHEDULE"
+    #   },
+    # ]
+  }
+}
+
+variable "vpc_network_name" {
+  type = string
+  default = ""
+
+  description = <<EOF
+The name of the Google Compute Engine network to which the cluster is
+connected.
+EOF
+}
+
+variable "vpc_name_prefix" {
+  type = string
+  default = "plural"
+
+  description = <<EOF
+Prefix to use for naming vpc networks/subnetworks
+EOF
+}
+
+variable "vpc_subnetwork_name" {
+  type = string
+  default = ""
+
+  description = <<EOF
+The name of the Google Compute Engine subnetwork in which the cluster's
+instances are launched.
+EOF
+}
+
+variable "enable_nat" {
+  type = bool
+  default = false
+  description = "whether to create a NAT gateway for external cluster traffic"
+}
+
+variable "num_static_ips" {
+  type = number
+  default = 1
+  description = "the number of external static ips to expose"
+}
+
+variable "kubernetes_version" {
+  type = string
+  default = "1.24.14-gke.2700"
+}
+
+variable "vpc_subnetwork_cidr_range" {
+  type = string
+  default = "10.0.16.0/20"
+}
+
+variable "cluster_secondary_range_cidr" {
+  type = string
+  default = "10.16.0.0/12"
+}
+
+variable "services_secondary_range_cidr" {
+  type = string
+  default = "10.1.0.0/20"
+}
+
+variable "externaldns_sa_name" {
+  type = string
+  default = "externaldns"
+}
+
+variable "access_private_images" {
+  type    = string
+  default = "false"
+
+  description = <<EOF
+Whether to create the IAM role for storage.objectViewer, required to access
+GCR for private container images.
+EOF
+}
+
+variable "http_load_balancing_disabled" {
+  type    = string
+  default = "false"
+
+  description = <<EOF
+The status of the HTTP (L7) load balancing controller addon, which makes it
+easy to set up HTTP load balancers for services in a cluster. It is enabled
+by default; set disabled = true to disable.
+EOF
+}
+
+variable "master_authorized_networks_cidr_block" {
+  type = string
+  default = "0.0.0.0/0"
+}
+
+variable "master_authorized_networks_cidr_display" {
+  type = string
+  default = "default"
+}
+
+variable "namespace" {
+  type = string
+  description = "the namespace for the bootstrap app to live in"
+  default = "bootstrap"
+}
+
+variable "firewall_inbound_ports" {
+  type        = list(string)
+  description = "List of TCP ports for admission/webhook controllers"
+  default     = ["8443", "9443", "15017"]
+}
+
+variable "network_policy_enabled" {
+  type = bool
+  default = false
+  description = "Enable network policy addon. Cannot be used with ADVANCED_DATAPATH."
+}
+
+variable "datapath_provider" {
+  type        = string
+  description = "The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature."
+  default     = "ADVANCED_DATAPATH"
+}
+
+variable "release_channel" {
+  type        = string
+  description = "The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `UNSPECIFIED`."
+  default     = null
+}
+
+variable "regional_cluster" {
+  type        = bool
+  description = "Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!)"
+  default     = true
+}
+
+variable "cluster_zones" {
+  type        = list(string)
+  description = "The zones to host the cluster in (optional if regional cluster / required if zonal)"
+  default     = []
+}
+
+variable "cluster_labels" {
+  type = map(string)
+  default = {}
+}
+
+variable "grant_registry_access" {
+  type        = bool
+  description = "Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles."
+  default     = false
+}
+
+variable "cluster_api" {
+  type = bool
+  description = "Whether cluster has been migrated to be controlled by the Cluster API or not"
+  default = false
 }
\ No newline at end of file
diff --git a/bootstrap/terraform/kind-bootstrap-cluster-api/README.md b/bootstrap/terraform/kind-bootstrap-cluster-api/README.md
new file mode 100644
index 000000000..dc8a1ecf4
--- /dev/null
+++ b/bootstrap/terraform/kind-bootstrap-cluster-api/README.md
@@ -0,0 +1,3 @@
+# Kind Kubernetes bootstrapping
+
+Provisions a local kubernetes cluster using KinD
diff --git a/bootstrap/terraform/kind-bootstrap-cluster-api/deps.yaml b/bootstrap/terraform/kind-bootstrap-cluster-api/deps.yaml
new file mode 100644
index 000000000..9872cfaf0
--- /dev/null
+++ b/bootstrap/terraform/kind-bootstrap-cluster-api/deps.yaml
@@ -0,0 +1,13 @@
+apiVersion: plural.sh/v1alpha1
+kind: Dependencies
+metadata:
+  description: Creates a local Kubernetes cluster using KinD
+  version: 0.1.0
+spec:
+  dependencies: []
+  providers:
+  - kind
+  outputs:
+    cluster: cluster
+  provider_wirings:
+    cluster: module.kind-bootstrap-cluster-api.cluster
diff --git a/bootstrap/terraform/kind-bootstrap-cluster-api/main.tf b/bootstrap/terraform/kind-bootstrap-cluster-api/main.tf
new file mode 100644
index 000000000..139597f9c
--- /dev/null
+++ b/bootstrap/terraform/kind-bootstrap-cluster-api/main.tf
@@ -0,0 +1,2 @@
+
+
diff --git a/bootstrap/terraform/kind-bootstrap-cluster-api/outputs.tf b/bootstrap/terraform/kind-bootstrap-cluster-api/outputs.tf
new file mode 100644
index 000000000..31f1a1c37
--- /dev/null
+++ b/bootstrap/terraform/kind-bootstrap-cluster-api/outputs.tf
@@ -0,0 +1,8 @@
+output "cluster" {
+  value = var.cluster_name
+  sensitive = true
+}
+
+output "kubeconfig_path" {
+  value = "${path.root}/kube_config_cluster.yaml"
+}
diff --git a/bootstrap/terraform/kind-bootstrap-cluster-api/terraform.tfvars b/bootstrap/terraform/kind-bootstrap-cluster-api/terraform.tfvars
new file mode 100644
index 000000000..8502877c1
--- /dev/null
+++ b/bootstrap/terraform/kind-bootstrap-cluster-api/terraform.tfvars
@@ -0,0 +1 @@
+cluster_name = {{ .Cluster | quote }}
diff --git a/bootstrap/terraform/kind-bootstrap-cluster-api/variables.tf b/bootstrap/terraform/kind-bootstrap-cluster-api/variables.tf
new file mode 100644
index 000000000..02bcb7359
--- /dev/null
+++ b/bootstrap/terraform/kind-bootstrap-cluster-api/variables.tf
@@ -0,0 +1,7 @@
+variable "cluster_name" {
+  type        = string
+  description = "Name of your cluster. Alpha-numeric and hyphens only, please."
+  default     = "kind"
+}
+
+
diff --git a/bootstrap/terraform/kind-bootstrap-cluster-api/versions.tf b/bootstrap/terraform/kind-bootstrap-cluster-api/versions.tf
new file mode 100644
index 000000000..dece6ce1f
--- /dev/null
+++ b/bootstrap/terraform/kind-bootstrap-cluster-api/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    kind = {
+      source  = "kyma-incubator/kind"
+      version = ">= 0.0.11, <0.1.0"
+    }
+  }
+  required_version = ">= 0.14"
+}