From dacec883df1e1bb0739d81e505c5a0ac035c2702 Mon Sep 17 00:00:00 2001 From: chenzhiguo5 Date: Thu, 10 Oct 2024 10:57:47 +0800 Subject: [PATCH] Update to 1.2.0 --- Makefile | 2 +- deploy/joylive-injector/Chart.yaml | 4 ++-- deploy/joylive-injector/README-zh.md | 25 +++++++++++++++++++++ deploy/joylive-injector/README.md | 24 ++++++++++++++++++++ deploy/packages/joylive-injector-1.2.0.tgz | Bin 0 -> 14754 bytes 5 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 deploy/joylive-injector/README-zh.md create mode 100644 deploy/joylive-injector/README.md create mode 100644 deploy/packages/joylive-injector-1.2.0.tgz diff --git a/Makefile b/Makefile index c72a4d9..91bdaf3 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ repo ?= ghcr.io/jd-opensource -version:=1.0.0-$(shell git rev-parse --short HEAD)-$(shell date +%Y%m%d%H%M%S) +version:=1.2.0-$(shell git rev-parse --short HEAD) ifeq (,$(shell go env GOBIN)) GOBIN=$(shell go env GOPATH)/bin diff --git a/deploy/joylive-injector/Chart.yaml b/deploy/joylive-injector/Chart.yaml index 9bbc0c4..ccddbed 100644 --- a/deploy/joylive-injector/Chart.yaml +++ b/deploy/joylive-injector/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.1.0 +version: 1.2.0 keywords: - joylive @@ -26,4 +26,4 @@ home: https://github.com/jd-opensource/joylive-injector # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.1.0" +appVersion: "1.2.0" diff --git a/deploy/joylive-injector/README-zh.md b/deploy/joylive-injector/README-zh.md new file mode 100644 index 0000000..7c7ca00 --- /dev/null +++ b/deploy/joylive-injector/README-zh.md @@ -0,0 +1,25 @@ +# joylive-injector + +[![GitHub repo](https://img.shields.io/badge/GitHub-repo-blue)](https://github.com/jd-opensource/joylive-injector) +[![GitHub release](https://img.shields.io/github/release/jd-opensource/joylive-injector.svg)](https://github.com/jd-opensource/joylive-injector/releases) +[![Slack Status](https://img.shields.io/badge/slack-join_chat-white.svg?logo=slack&style=social)](https://joylivehq.slack.com) + +[English](./README.md) | 简体中文 + +## 介绍 +这是一个针对kubernetes的动态准入控制webhook,它可以用于修改`kubernete`资源。 +此程序监视`deployments`的CREATE、UPDATE、DELETE事件和`pods`的CREATE事件,并为`POD`添加initContainer、默认增加环境变量`JAVA_TOOL_OPTIONS`、挂载configmap、修改主容器的卷装载等操作。 + +## 特性 +- 支持自动将`joylive-agent`注入Java应用的Pod。 +- 支持多版本`joylive-agent`与对应配置管理。 +- 支持注入指定版本`joylive-agent`及对应配置。 + +## 使用方式 + +因证书签名已按照命名空间为`joylive`预生成,所以须指定安装到对应命名空间。 执行命令: +```bash +helm repo add joylive https://jd-opensource.github.io/joylive-helm-charts +kubectl create namespace joylive +helm install joylive-injector joylive/joylive-injector -n joylive +``` diff --git a/deploy/joylive-injector/README.md b/deploy/joylive-injector/README.md new file mode 100644 index 0000000..a7e5ecc --- /dev/null +++ b/deploy/joylive-injector/README.md @@ -0,0 +1,24 @@ +# joylive-injector + +[![GitHub repo](https://img.shields.io/badge/GitHub-repo-blue)](https://github.com/jd-opensource/joylive-injector) +[![GitHub release](https://img.shields.io/github/release/jd-opensource/joylive-injector.svg)](https://github.com/jd-opensource/joylive-injector/releases) +[![Slack Status](https://img.shields.io/badge/slack-join_chat-white.svg?logo=slack&style=social)](https://joylivehq.slack.com) + +English | [简体中文](./README-zh.md) + +## Description +This is a dynamic admission control webhook for kubernetes, it can be used to mutate kubernetes resources. +This program monitors the `CREATE`, `UPDATE`, `DELETE` events for `deployments` and the `CREATE` events for `pods` and adds the initContainer for `Pod` , adds the environment variable `JAVA_TOOL_OPTIONS` by default, mounts the configmap, modifies the volume load for the main container, and so on. + +## Features +- Supports automatically injecting `joylive-agent` into Pods of Java applications. +- Supports multi-version `joylive-agent` and corresponding configuration management. +- Support injection of specified version `joylive-agent` and corresponding configuration. + +## Used +Since the certificate signature has been pre-generated according to the namespace `joylive`, it is necessary to specify installation to the corresponding namespace. Execute the command: +```bash +helm repo add joylive https://jd-opensource.github.io/joylive-helm-charts +kubectl create namespace joylive +helm install joylive-injector joylive/joylive-injector -n joylive +``` diff --git a/deploy/packages/joylive-injector-1.2.0.tgz b/deploy/packages/joylive-injector-1.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..61762676a0ba6faa4ff44e5625a7375dbc9e9998 GIT binary patch literal 14754 zcmV;TIbFsdiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMm*dEFAn4Eh6`1Vmm0DBD1VFO7liMwyBnj{hCh-W6=%Z5= zL_`uG0*?g1XQ}qIJeF{=$$w!F9wb2~ z^HGnkw$>FNGKqNHxN#%yjT;g7Moio#F=zPLbS792UH_zNKtIecp-q10bp@KH=?BGP z{GX=j{r_~~LE(3p;`=o7phy=VFuy}H#p3(y?@;t>!{CN64MOPu4*kk??KkeXBtXvu z*bhwCDN{2x2R(1|$>iBQokKX#ebWo$s57d8iB0Lz7@;m)pPJ*5;kp(Dr=e@Z(9|Iz zODY*m7*V4o)pC~|bB3w2F?Pb7;o7)N8DZ!J<&%@K85+}3UU%)22|9K?>;&%A*YU~z zsLWY-Id^>&lyk>anwWE71nWxHaOvSP1wD_LI*icH&30S#Rg?T*RJg+bGf1X5c&!59 zX8vaj?-z>u{QrL8{kQ!8Cc-;Z4PU@138|#xW3JvG6#3jclx&y*Wd;_|*iR8UJcD>V_c6iLxqeVSLqIE@ag7Soax)D}6R*0=bQM)L(p zX;n0u0Hpu|5%d>o-MEyj(gfF96~u!oENG!bDixt7wh%3fs^WD0Wv> zPM>=au#3eI=*-AsWNCm}eLy%scu}H3al`=vR=^z+6hMpcq8*xmT|5}BS^=_KUf&YU z?nIdnS-PatjI0+>M*)PZ5=~T;1&l$WOGyEB$hHQfhBxWj z3wCIes#tF>1-UXA$z&xdpx3vUs=yl@;HIC)62qtTc?Ej+JwxT2j0^;TXi`Yq#JwcF zTaqHQpvCv9R?C3}-i0h_^alF8ACG0N(pOGveN`{^l{jxrqr+NXMSOqY)kG9Z@;QN4A+8FQ+z@ARD259!_MNw6NFDPNN!w3RsXu+uNsgM)v zJ$1ne99YUupBAjsQs1epdUC~->m{hxT5Yjl_=rcg4!R|H<`zX|SP%xvQdds; zgw{F4X#;nr);&j{TefZw+e1sJV+)=4<LkIFfZ*V8p3ro(6qZdmtCaD*?3HRa=x) z)pPp$!9Z-GhCVVv{8*bkeTkPYoS0SMqA>AewWebA|1*S4~(wj z6-N`^(G}6_vRz+R1P&+~FRyr@%0TKmJW=}IVpz~Dq!nmb&Wa%@R@tWO+XvhjLj|RX77SmSi&6zyW?CPY;YKpiJ8XniH z6K^!B3}q!Ks%qF1c+l1?zCBb3j}?Xy73NZLkTg_`bA>1c#At13wK$*(bKMMmrJz}A z?QGR+4BMbC^hWA%CQp=Nf5op9n`vW3tPO3h09ED^T3kV_8MG#a1;qi5rVvG38B389 zdOZ$Y_5lw7XSDjVRT9*GL6<^K?t79jP>Pxqateb6VhuIg1)f!&GC+?AfYcCjlRqSjROTyY0ePC*Q*v&k)yeAViY8vPs(zq)jlD- zXtj!py0{d`aM^7r1xX#VqB5KVE-18D{8F{XzF;wxE{AGLfo~`@F}t)Vib}IB@;vA( z94#qAMNxPnu{_XiM((PphX)>wR$T@b_|;H34b(cIvDKO@JZb7IUxX{r08DEl(xfjb znvGb7)mBK_wvx0rv)C;7iDuSiknt_!u-K80N z$PgJSpdbRHDzPm?DWD2a(Lgg#tC$F|YVjN_AlT*H;z-p7lG85;98-}Sgzj3U2Vl_h zlu4_t+lDK#UQt$CU4iwwnj^MgU0aIv79%*V!HDG*LDjm7!gnQZ+=c~fh6e)FNNcEr z7SkQHWJJ&mGC&!!G^5v>a}|(@$bC?RYET@~MFv%*{$pQh7F-FPp3K*Uy0}mjucxfEr3NZ(z@7FbRfBNC+fqSb@j$duVYt%g z-uZAMEQf4(j%AKj2ho@g0|8V@(yB>|6QFemqR}T_L8iN_UJWgD)q|pR+7jwU1Mvp0 z0j~sQWv<$uDlx#)ETdX=grUxWm2L}RzhJQX0GMKpr`wFkDmJ(j8Wpc=X&r1cU6toW zc>r31Oj>F~BtjvQ4T~D!1VII8rq{Iw9%vO*>$kg%(U9z--(G1&1%M);nM++Ux+4WG z`zkLejAp3LaMmfH6d34fH`p!h`Vw)&ASr|& z6;P{h@fC@VLmT|;-pH^+*L0?5Rof)^)n$ZFSWhE=2jA)}TFs-IqXM_0!G&n{|J=d2_)`h~95WE2P0q(X&=HDGB2tKI$iNW?GH+Cc z0#d~R-$PulkrSqM4*_bmcolpSM?^SKAey0 ze1H{AfQnJmYL$ju6Bc5lVu-v~99bXCx`Xk&T|fhsE3M?dH-W5Pl$f(3CVWk77`_ZD z6MfZ!9a>mIneWJKXkk#H)f%u-HC$-6$H=Qnt;-1mtpU_NTWUbMw31lT@6gNw@s&c= zLYI;(m~h}SU7$5Yn-qa1_H>0euz6b1CZsu{BELQh(Wy$)Nd z2$oimWYXvqc(H3m%Z0ORi)MGvI}RVEY4+H2s?ClUUjTRcLD(9 zjA$7%&>Na2$gN&i5dZ}GOeWqyi^c>k)5g$ZoPY&#K)XX5GHe(? zuQP(CmTH*Se4P=Ous-%hMx3h(aD}-C`zt;K12WeN-lgX7G%5(IPC;aJ_Jfk{D0GJb zj%;f^ae{nx&}wUrVQ5OLqDZGiRY6C#OM|}ETD1!#kQk$wTDo`c!HoE{L zV6}%UVpp z4_dt3@PKG97LfB;jc+l++_UsSr7aW?K)kY)2^e6x$&Qv`cf@-YR5LW78nQwgs=`-P zb<$e)3%n$+w4TfW0Wn$^aN+=4iz?tsbB%8`^+A`dPQVn|+5?$A9S#fKQdj03Mb$JZ znqUFn>D!1C9MG3IiykV%5Ie%KJ81R0wxKDqV0I_kWMrMLMxeFqa+=X*7ouV{+ZwA8 zxgIP>4Sp^Iokk5Z5oxU^^A%cD-GXWnW5j8e-0&_nySso~OMxqc6;?t|SLX}Vu-IPx zgSl#lE4|>Yuq8U+%R2E%TCWAh` z=!+|@rqkg}AfVZ|`mCt%tj>x((V7>8LTe^jpr|*HEOU!Mpj(5XRXRtC)$Y*rN@w_a zw|2JBiLnF?5Y2}JkpU*MJTOu$TCZyldOWvOY;oG-l%>#UiG9`RXh56cM!zUBsHGG* zS~5=`C`4=teeZH;H(5bpJml~-q@YW^9(p5XaVfDvVMJ@PWPwYWJ9T8WRFi7_xmYk} zBgHM~wBXBiK^yU;QZ*A*MpQ~%lW)m=snS<0qV|EvH@T2k_f?(q>1bEgIaewfRVS1D z0=tkcY{k2fOm-Jiw1_`c7BpauS>HNUHFnXH8KbJyc@8PO)EhMCZ+9X8W$i+$gMU@K zkS#=$N@f=_coBNb3TgE%a@ki(RgDc7Ron2PqL8Jz0cV~n)`U=_MN8nl3AT8rUl4|`x(ui~KOLrTn3zZJy>_=V8vIY+IXqgg}yd1 zoL5)|%mj{9tAxMo(?SK*#A|o10E>kFq>}Djd7=W4&?kJOPYWxN=0%`rRYWt@zKtB+ zYB{1ZjAY_Oc~2ssC`cY9B(K5Zpg9%8Y0IJG`b}Y8PHaxFwh!e7Y#^DQ;n*| zffABV>7m?`It6gqr(0~o^Ub+pwOZn;B}fW-P_>aWY6xc6D!D@oxybIW6k6cLLWR`; zD(ZDH1OqXW9SfD9Ubo&{NwmL)Bh%M^g-YQVD90*yge~XgRQ^EY%1P z-fM`HN;0SLhBe|z2pgK&bp&P@E!}`8cU1$5Op6`brSm>brmAh2BD?UbgbWp@VvbaS z)@m&ks(hn2&j zmCO$cq9wGtE5cMAi_ut)?$hE*bovZf^=FC?S5Lq3Fw!nF=&bjj;X#rpl z*&$Q$)P`s4b!IRE6%+CT5$b)mPY_TFTwAeP3&`+>WVNOvmJhJahmvZT+Q93HD(cHC zo=D5E)Ex+x0yINzw0unXXr7#@4WZN}NP+`VR9LSssGiYb#lALnOOPWabwWxbwzSk& ztxyI0C7e{I-2$nJgtxRBDgst32*8*`vP~ZV8ad#BP$0byElve?I2#Q}2qs!xq=|%B za6&MRMQxtKw2_GCS8UHA}cJrHX0ztfC>R{1O#EkXvPpIC0QQNf!sP52kvTA z8!tsxP`eg49}-XMvoxa+z1<&p0a}3&PsBPO%heVP$9 z8!WJFO!S&Kl?P&5tBbBaF?y21^t3wPQR+-fAYHmW_j(c_C2=4;&{acKxP{+caWozX z3#16PLink`x=UoC8stua!~?fYgYzB_W`LlY2D*&Mh~kcF&Ix>^_KOy&MXGtCThr}a z&c}%nM^L67KZ$KLR7_2SX>6J1W8JlF>>$cQpP0T-Z!!>mr8_k49R1Nm?iKz@EflHZ=?qe9>fYJ@<=*fRS3@Cr< zP_9E^XJ-1YV`C=_sJR&$6fwh);28D>mHSjM)s3k7uIZT8bcFL%^MYEsQwq7%96CEK z$rPJ9No&IxxeJ#NcWyf47&Gs6 zS$KJ+2iL(n)V(_eukW@jgqw4vpsw^t7D6WRF7|&{>_0cwc_%_o=A?YM2w&C4@HYGJ z5<~CVe?DLyJa}vW`6hyFK*x%wl4uSyogjpSn9i7b{Furoz5o$BQcs@buSQV@45$&t z&blB*(Nq;pAs16ZmiZj-`qVUlV|<_TNHh~tGcz#5moWj)4c)0v`8WY%1~D6>7%4G{ z++do^$??SPJCyDEn1UmBn#_S|@%vQhFUz?cMctzeOl&F$VK@yA0o&#oWOdkpQ_OIAc6_B3}?W&o`a$f;xIPIDR)c+Jlu;diQa5_~*{(%XDkR zGpTP;)TMFPrsE{ZMc@dNyL4}yecQMDZOW26`JFltP~WC}>=CGA>geAdQAZDtUYx01 z+jgA<)!+`OCK(f4qiHc87$-6MBoRrNmL;AT^~F`Mc9| zzq!W;aY>deH_|N;5BbAwiS;u_$K`|C3-rA5RqgI->$))1jk`B3Qh3&#Hl0_=hFb+saLYjD8hA;cQ;!;aaf`D=E1LD-)CE~ zo`3H;piZ_oGJS~X}CfEPj)kG=)I~l=&kGjQfXiRFT7uR ztN*`=u;c&DFlZ+ z@NLR59fX~bDn@YDXvG?;@48{6q2`ksqBtKqV@%!iU})T@?mdiBsXT8I9OUc79Z^RK z`X}Ew+LpO@VG=B)+U_XQ>ErV244L#NPs-G{qY3Ta8YT|Y%-^Q6XeNLYVf$5g_JME% z|0C=XcWGniRj-4%h5rjIyTAYU{sa2${SR*>WceR@UU0Gz0<}%|AC>}l(nQ~=M2J@8 zsjGMDRGz7E9hp?PhLs#V>^Yf7VXYG1v6XACN#SMa6$P>b`h|g0)VgKK8OgqCdMn+o z>arWi6t!_3&mb5Htl9Q6iAs8&xZ^y*GfZ|;spR^A9g44=)VEdbLTdGfohINOR(k^9 ztas1O9|~t(?pCk|W}WL{M-Zj+v+C_&_eSJ8T;p`U&5&F$kcAY-J z>f6J*bqI6=M?`AK^0~B^mU#CUi-rC81Z-`1Y*4^+B?yy4DN3>9A0fVUesAr%C27TT@Jj;*OQc6{yFV zg-e>2H{GMe!e>gha_N|Yo>}+ZsTY)~kEx?b|2?9Im^#`byi@->f$n;^oPHe%Yf7M_>$0R5 z>m=zqF|iXS{j;Y$ZYA@JcG9-gtxEmQRJj%=Cka^7b<%FiT{qWmZ|}(}e`(~phRu)_ z@yx{YE8Ruy_g7#d%w1eyJq*f};5s;t4NV)n({OJ}zJMl~`gpC7HOG$YC;8n`)Cg&3 z5wW|BxS6CoJL3mt)$7N$=b{%I)UR(qUpss~7wwGObW9$7LApOkzv_AG zZFoK52K~<;LH)Jd19^-7$3A%f!M^=pq4@Ux$2StP`d{4Pa2gt}Z>|n2f2rUWU4mah z*V{~3*~w}%e;uW>+GdW~q(l?V<^#_neQEQ#Ij!18ZRC6sHN*ZWTTMJY9mF6~1h2y( zqpNM>Ahum6z?rD^c4Ia!2w{jXreqWO0vJt0H_#zTtoIKh_O)+(?GVr;`XJCv*K8Gv z>wv>CcEZ%G;vnwH(RYSQ1ZO_SINbauX0ZM6qB&;sHT6&y$UIGat;nBTm<}Z73i}7! zu|eVWR+`wC9;z@)nuF9hK0eMJJf)L%_I1DPrB{T;6&X-59TW}8J4=z*gygkY2GdyS zNrlTnI#DmBP2Qz)-z8YY7g62ov2z1Caujt{roJF*uP*;@nEw-JjMtz6+;;w7VE51e zAH2`JJ^y33zcJ7~Sdd&2@!(ShWd#=Ae zsXD&0ITJ#EjKlLx?C!DuiyXs$)&2Bkg)97@H!!iyco*q))o~mDmkRsyfAM{qe#`%F zBD_PL!!X3Y6F=9G^gA^-utSZeCW(}L%7eNE$2i!$0ufBTnD3~-z=Tj^;*OGSMbjDI zr+iFcXwGoFqne3_4$8elId~i^!PM71A77XYjFR)|fAe0R>N#XdxlUX%LW%OQAN#52 zbNQO|Pzqfi=iZ@Gj|EVbC}jFUE~IJ>QL(CYLu6 zh9^mO-<{<0vp{zdKKX6XL$2_@$eq=?-0{lD+vqjbaohf1k$wNl`%lHU{(o;IymR0| zjgSA$$8|GoOh@sfDc}0~+E>@K$N9jBo#dkB{0O2kK1p&OM>&s2WQyP0=D)LV?|VB{ z#=a@n)|vo4NweJoI3LW$FN4q;d=O(M5vW^~6mQ|&LX9BGdOUGW=b>)E@OW;RA&#*4 zUE+@2kK*M2AqbZQe-ya72}uUK6ba)pA7_iud@q;#m~+O&42*AmJ)iPs-bU|H-=?1b z?32$w`wyT0;_sgQ$3M*F-g$@m{L?>q{^<{LU;NX5diLi(|NIx9eEy67_M3nIM^AtL z%dIQW^S}80r+@s@XPYQum0roPyhbuzyJOt&qbM>NqmICFaQ4Y zU;OIPd9U{9**|>x^pF42bj+~2HeLJmC*S$ar+@y%&;I7=U;i&p|M)MT|LM=4{`J3m z`oll}%^&{oQR@txJ(PRB&coih-0TU`qhEjWooCrcLuwCVF-eERff zzkK?iei{+v2mkQJfBo(kpMCcH@4ol!Km6eH&;Co)z=)vFzxT^$pZp|uOg;PY&!2t& zJ74_ae|!4JKYjY&|KQPjxWs#WkDmQsKYjY$ziq)8eEO>&KmTzA^V~%dkafwYfAbg5 zzxPMa{>%TdSMu{;{OQx5|MKate*By7{^0p%KYRYOzk2?oKgbqLKtKEbA3purVF*uu z_{UiYYs^3Y?4O?h_@~eQ<1e57;}3JWr~mmczxergKL6$a_WbYu-={zN!P9^EKc9X7 zd(Xf7lc#_7+0!5W;Q9altKa<3|93?76!fFt{PpiY|MCC&?2mr*&;R)SXW#qe^H2Zw zH-GhMg2dCGeea9^`rW60^xuQ(_J$m$L z1Op>>6pV!l1rb_HoXs5oJG_`rnbdSQTp5)U1e-ujEbvDuOql3 z+tv|R7@j(IHV_^?di2{cbHAQ&&HVrRCjUFk|L?!g?$7^p;qCt48wqdc|9|20e>(kB z-=;p!&iGq(AW_xdi{*Z8`&egg`(R(XQMTHCx(NF7ibsL|#wxckXfSn1P!YaJqr zMdpQ>zWA4zI#a}jXmbmk4NYh3R*~GK7Pyq__ewPJ`2*GlF&R}-%qd)D8fm1eIEy&8=v8&EldqLsl@p`wxQet zr8Y)UQT54%b0*$ig7AWsB;-&6jB=9c=;=Lk*bmJMGrqYaFvm_ztL;TYo{x{m*ug#w zF^c`V{TOh3QAbuE*l08HXf`uf+hs4yOBIEr%_)psj5iST6t}?oH1#sqUE78ZD*v{t zI9DWJ>J@qDBC?mAV{V!M3x)mtKbB_R+W)+n06j0><^Jg26&Brgp?iK6w(jV1MPpOsnO89tey3Tb)M6TZK3429WuCq^$O#$r? zPO+uH^;jvA%!zx2BKDRdx;L+FPNxYH(m!n0%J&{84tYDVPxgRL9WxZC52c18*Lte(uqQm^M6oB9Lw|~&OW^&!7mHGQu6Jw+g#E;z> z_MLe693aj?MD9YL-HaQgcM0H;>DY8`ZvIZ5H{19_xE^Zzjrlexf7O%gZ$Y?D|I1uu z`^t6PtpBlWk-1|3#T4J(|MEsc%#`IEMWqv3Vi^&!wTCG9~xRc^9S=3m)IS zFbVeKviTSd9ebhczew3>Xp$h`b zD7_Grn~^c5aE{G*;SjAqY`AVw76k7@8_!+edSNIjU0wq|2Oy;;U)O zz-+xva2PJPCjADUxf!<*SGRDO0UH?DSx&c~?gh*u7IMo+J3vv*v))L zY(9q5Ajr7P1mW1n!6nJKrXVxPfXpBg!dbDI?iFXFQi-$eD;$KGXYjMC}O7^ z^-%fb1bSwoi$?1`Qa+_m>600=b^?7TaTZc;0ruo1V&9Bo(YoY|6g;{2IR5d_L{HZD zm2TqF?=4;lkKGP`vkbcTIQ{w1fi~W$A&uXwW9@Leov10wjHZB; zZCrY-iM&o)vur$|FoDZ5wf>B^Xm$V^IGLQUZCQhhmb_Ae>1K7mJ9wgD5l7gj?z?;5 z!+Yavz4@~{xDJk_Y}UPDG_iw=bQpa=e~=wUR~wWClW9%t--O)M=^0;9l~U4eXtnJR zCXLy2Mw%y>o1t!O*=$XL4eVVS@9rWbS?$aHT;2XAW2~#KbH;LYXTYS=YbS0JTovK5ng3#2hWp*gb&1!pictFILrtgfNZd1Mn866VC4R&((s%M=>Pm&J< zpP7C*g<0~0rYI|CokQ6@-wm-IUQe!bu_trYYpP0T+1)X^nMZe`HxuqoY&tFPj_7FC z&8~Jb3e)v?X14$j_D{@Bk+PbpEcSCd05#39-GM3RGSb^z;f(;_(y7;JR)-IpLQ`&@ zb($LYP;Pd)o+6i-NXDnP)9s4eIrQ!L_K6J?^-Sz4=W8)2l`~h*=~Lgwj=t=~7w-F8 z1uzlXA`Z+*Khtq>vegX{NIpOV7~)BQ;3Tn8sg(OtBWI_s^Ft3a=o+lfhe@_1+d zDrW{(ygQPdXuJN-U2{9j^mvlb>#?PLeme{1<@hJTL9m8#9fZ)ebr{Cm94UYxEq(5~ zt1k-gYz6+5KgAn_vdBi-x2z{uBFIzqxq1cyUU|rYShl|#UJA!1V;upht!zQl)<0XpLl4JOnD0yXE z-Jy8ACUW3fAgxPup|{74K8DFVB(9J1K}s4wUvZ}n!iXaUVCf1-6 zw6=C}RX09X#y7EIy16!jBbaxf?gsh5fC!`fS_&jUw~;q9?rX2$ZUW^cD|vZ_eN7eK zk-cA2ZMO@9*HqDMqT@AF?+$|I%j~Z&lb>EE?Axc!*F>ee$h#ko=3a}xFQZh-_*kc;{Eki!oDOZ3H$M4+;qk-ht!Lzo3{eIgC2S< zj3{C3x?_UZYltiAg6U)Z>Ihw*_`<;2Tb$gTlr<+1pp8WwxMYU?eEQ=SXvuj{K6&LY zpEw5xc^;a?onc>0=K6azGq8A*VAVInTgT>|K<1@*^H#(cJ`Ri*gz0134RL<#`Fh^R z$jyrwx!ZLT46N5f!+Uq5;kD2(flG{%(J4oZ?s(l)`l@(k1F7SVxrL5n&k1qr#Jd(( zKpik}N|crO#k6!a%Ez6#JXAO}H%NO9nSnp`qK=O$kHqwT(F_lqU)czF37z&{2ihY9 zudI=iO~i}!!E|E!n(}LqFl^Jop%R)TSOd9tx8Vt=p^^8Yoi`D7Li1voulhLt35g0r z-N61GA>G1{FNW4G*9h@fGAPe|cd@Ktg2yn#cZQmXwiH}ihv?}E$QOi?*n{j0rpnZe zX28RMf~k}DZ8IOP*(o3DUS6)AZ~5z%{Iz;Dp0aMwcBWem=pd5x+Ri?6YG|F=hQ4~F z=*K5x&FnE&vZJ{+3cBXRuG&)snG+v!gY%vk{fLk4h&vve&iKh@n;XTZ8#k5XgxYzp zDae~0=-mUfui6;vD+t%w|7|?zUV{bTZTG(vuK0gGC^3b%_J408yhGKJH!x#ow!|jj z{y}fKAaP`KLj(Ji>0G$J4cD$;L^m!iT@Ru*sUMK00FZ^bv&}-9@G|{^&@N`Qs0ce)pTX4|lyo106aa z9Yyo{5ryz*I{xS=KG;6`X3U8nCfD6|%pk-L_LHOTkB+YD(CbyAk-v1~2g62*<8!3W z#vt;7>q$Gnj!wRrODfS_C&gQwlGsBx{Zw5aeRQM~|0tu;Y(tVU#EGr!A+$`}BguhJ zV#S;f$VG9o!LRBP*RQUjLBW*gccC*_O-Y^0?bQMu=)O%C=n&g1jV2PoBK@_yU?v_=Ji9WuSC8z;!b9 zl)NYJtuviBYvp6=$$O7|jM9?F$H%*%K7N-e<(X3Wt=;H%kBfA^NGF7STsVF5-eY|U zoiw$)&1}ExWU%1|Rqj0TlIsb86Js+awI|lf$M4R$#giwSVR0L&tBo^J;^dwdpzP`1qLm_}%bZ)Rq3A%CDdH zaRYB4d^Y`Ns_)ekzr+%;aJ-Fol-8SaEi(N>mDQSJ`8Xdb1;NQy9XmPDiW{M4?kd=? z7B~%g3>~&vs}+&xzSilQ-g<{;U$aRmk#iCM@;dvsnup`G44`ptWfx3cHS$-C(BR#ZPZ z*(7E}$CKlC%?OVVPxe9WR&T?+Cd+Q&jl`%zZ(Dj3 z`{cuuogBM`5Af9%#(~5qAD$d4k{N(Iy_`w7FiH3ls(F;%)bmN{c$YFTT!Q%cd%vq= zf&9&;!1q2pNq%P#OF+C9w#+I6ug;Uc>t-n!Bfgbw*|}yTHFtRV*vA)?k1q~LvYWGC z;r_KuK1oo@eR#674EyG5SpQvJ|NAI7Iq=TO!<`3BUT9nJmi2#;z4HENfi1kf|K*K@ z{nurnXX4GZ5m%pong*e3ul?}jokR1=yPwc;+%SDUFdo0D^8&&C@fbUKYdXTC`kljnh zC~Y0(UQnT729%FI9|zb8H@nBsN#82W?}3)EAAz9)!<`be-i4rith-~!Ty0#Mtx zO<`(%teZ&f^e<74RSh8bc#ocj0#dggK55GT2^%|`ERECzR~P0qlAFyjEa8N)Bo zJ<-5Ut^rIyB~9G+LVS6efhm!bBv7(ao9_A@jcstRpPsxZKBxUZsK367&q zxKnRs<>G$kguI!AwK%(`YqK0Ld05|JH-rPzj~F7prqR8)D&^MUFz-_vpX@I5BDuAn zxQ9$Nn>Xf2KdRjI;dsOQdshl>d^GPsH)`XzbPFDdg9&9iD84c$;M1aS6Yd{|QHvB2HLrbIod*I$~+IcuW_M*`myx wmf82q1vX!x3oOn2Tl#}CO&`5w$hYBbcpKh^->&fg1pom5|LAP^=>XIK0AHT