From 7e64d3cc831aff424e324444278277794d6bcd7f Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 4 Oct 2023 13:27:49 +0000 Subject: [PATCH] Deployed d45aada to v1.9.2 with MkDocs 1.5.3 and mike 1.1.2 --- latest/404.html | 6 +- latest/addons/argo-events/index.html | 6 +- latest/addons/argo-rollouts/index.html | 6 +- latest/addons/argo-workflows/index.html | 6 +- latest/addons/argocd/index.html | 6 +- .../addons/aws-cloudwatch-metrics/index.html | 6 +- latest/addons/aws-efs-csi-driver/index.html | 6 +- latest/addons/aws-for-fluentbit/index.html | 6 +- latest/addons/aws-fsx-csi-driver/index.html | 6 +- .../aws-gateway-api-controller/index.html | 6 +- .../aws-load-balancer-controller/index.html | 6 +- .../aws-node-termination-handler/index.html | 6 +- .../addons/aws-private-ca-issuer/index.html | 6 +- latest/addons/cert-manager/index.html | 6 +- latest/addons/cluster-autoscaler/index.html | 6 +- .../index.html | 6 +- latest/addons/external-dns/index.html | 6 +- latest/addons/external-secrets/index.html | 6 +- latest/addons/fargate-fluentbit/index.html | 6 +- latest/addons/ingress-nginx/index.html | 6 +- latest/addons/karpenter/index.html | 6 +- .../addons/kube-prometheus-stack/index.html | 6 +- latest/addons/metrics-server/index.html | 6 +- latest/addons/opa-gatekeeper/index.html | 6 +- .../index.html | 6 +- latest/addons/velero/index.html | 6 +- .../addons/vertical-pod-autoscaler/index.html | 6 +- latest/amazon-eks-addons/index.html | 6 +- latest/architectures/index.html | 6 +- latest/aws-partner-addons/index.html | 6 +- latest/helm-release/index.html | 6 +- latest/index.html | 6 +- v1.9.2/404.html | 789 ++ v1.9.2/addons/argo-events/index.html | 892 +++ v1.9.2/addons/argo-rollouts/index.html | 892 +++ v1.9.2/addons/argo-workflows/index.html | 893 +++ v1.9.2/addons/argocd/index.html | 898 +++ .../addons/aws-cloudwatch-metrics/index.html | 896 +++ v1.9.2/addons/aws-efs-csi-driver/index.html | 915 +++ v1.9.2/addons/aws-for-fluentbit/index.html | 955 +++ v1.9.2/addons/aws-fsx-csi-driver/index.html | 1000 +++ .../aws-gateway-api-controller/index.html | 935 +++ .../aws-load-balancer-controller/index.html | 1000 +++ .../aws-node-termination-handler/index.html | 983 +++ .../addons/aws-private-ca-issuer/index.html | 999 +++ v1.9.2/addons/cert-manager/index.html | 1000 +++ v1.9.2/addons/cluster-autoscaler/index.html | 892 +++ .../index.html | 1015 +++ v1.9.2/addons/external-dns/index.html | 903 +++ v1.9.2/addons/external-secrets/index.html | 894 +++ v1.9.2/addons/fargate-fluentbit/index.html | 990 +++ v1.9.2/addons/ingress-nginx/index.html | 893 +++ v1.9.2/addons/karpenter/index.html | 970 +++ .../addons/kube-prometheus-stack/index.html | 897 +++ v1.9.2/addons/metrics-server/index.html | 893 +++ v1.9.2/addons/opa-gatekeeper/index.html | 889 +++ .../index.html | 895 +++ v1.9.2/addons/velero/index.html | 1028 +++ .../addons/vertical-pod-autoscaler/index.html | 888 +++ v1.9.2/amazon-eks-addons/index.html | 1133 +++ v1.9.2/architectures/index.html | 1053 +++ v1.9.2/assets/images/favicon.png | Bin 0 -> 1870 bytes .../assets/javascripts/bundle.19047be9.min.js | 29 + .../javascripts/bundle.19047be9.min.js.map | 8 + .../javascripts/lunr/min/lunr.ar.min.js | 1 + .../javascripts/lunr/min/lunr.da.min.js | 18 + .../javascripts/lunr/min/lunr.de.min.js | 18 + .../javascripts/lunr/min/lunr.du.min.js | 18 + .../javascripts/lunr/min/lunr.es.min.js | 18 + .../javascripts/lunr/min/lunr.fi.min.js | 18 + .../javascripts/lunr/min/lunr.fr.min.js | 18 + .../javascripts/lunr/min/lunr.hi.min.js | 1 + .../javascripts/lunr/min/lunr.hu.min.js | 18 + .../javascripts/lunr/min/lunr.it.min.js | 18 + .../javascripts/lunr/min/lunr.ja.min.js | 1 + .../javascripts/lunr/min/lunr.jp.min.js | 1 + .../javascripts/lunr/min/lunr.ko.min.js | 1 + .../javascripts/lunr/min/lunr.multi.min.js | 1 + .../javascripts/lunr/min/lunr.nl.min.js | 18 + .../javascripts/lunr/min/lunr.no.min.js | 18 + .../javascripts/lunr/min/lunr.pt.min.js | 18 + .../javascripts/lunr/min/lunr.ro.min.js | 18 + .../javascripts/lunr/min/lunr.ru.min.js | 18 + .../lunr/min/lunr.stemmer.support.min.js | 1 + .../javascripts/lunr/min/lunr.sv.min.js | 18 + .../javascripts/lunr/min/lunr.ta.min.js | 1 + .../javascripts/lunr/min/lunr.th.min.js | 1 + .../javascripts/lunr/min/lunr.tr.min.js | 18 + .../javascripts/lunr/min/lunr.vi.min.js | 1 + .../javascripts/lunr/min/lunr.zh.min.js | 1 + v1.9.2/assets/javascripts/lunr/tinyseg.js | 206 + v1.9.2/assets/javascripts/lunr/wordcut.js | 6708 +++++++++++++++++ .../workers/search.208ed371.min.js | 42 + .../workers/search.208ed371.min.js.map | 8 + .../assets/stylesheets/main.240905d7.min.css | 1 + .../stylesheets/main.240905d7.min.css.map | 1 + .../stylesheets/palette.a0c5b2b5.min.css | 1 + .../stylesheets/palette.a0c5b2b5.min.css.map | 1 + v1.9.2/aws-partner-addons/index.html | 866 +++ v1.9.2/helm-release/index.html | 973 +++ v1.9.2/images/colored-logo.png | Bin 0 -> 106378 bytes v1.9.2/images/white-logo.png | Bin 0 -> 94617 bytes v1.9.2/index.html | 2062 +++++ v1.9.2/search/search_index.json | 1 + v1.9.2/sitemap.xml | 158 + v1.9.2/sitemap.xml.gz | Bin 0 -> 549 bytes versions.json | 2 +- 107 files changed, 38723 insertions(+), 97 deletions(-) create mode 100644 v1.9.2/404.html create mode 100644 v1.9.2/addons/argo-events/index.html create mode 100644 v1.9.2/addons/argo-rollouts/index.html create mode 100644 v1.9.2/addons/argo-workflows/index.html create mode 100644 v1.9.2/addons/argocd/index.html create mode 100644 v1.9.2/addons/aws-cloudwatch-metrics/index.html create mode 100644 v1.9.2/addons/aws-efs-csi-driver/index.html create mode 100644 v1.9.2/addons/aws-for-fluentbit/index.html create mode 100644 v1.9.2/addons/aws-fsx-csi-driver/index.html create mode 100644 v1.9.2/addons/aws-gateway-api-controller/index.html create mode 100644 v1.9.2/addons/aws-load-balancer-controller/index.html create mode 100644 v1.9.2/addons/aws-node-termination-handler/index.html create mode 100644 v1.9.2/addons/aws-private-ca-issuer/index.html create mode 100644 v1.9.2/addons/cert-manager/index.html create mode 100644 v1.9.2/addons/cluster-autoscaler/index.html create mode 100644 v1.9.2/addons/cluster-proportional-autoscaler/index.html create mode 100644 v1.9.2/addons/external-dns/index.html create mode 100644 v1.9.2/addons/external-secrets/index.html create mode 100644 v1.9.2/addons/fargate-fluentbit/index.html create mode 100644 v1.9.2/addons/ingress-nginx/index.html create mode 100644 v1.9.2/addons/karpenter/index.html create mode 100644 v1.9.2/addons/kube-prometheus-stack/index.html create mode 100644 v1.9.2/addons/metrics-server/index.html create mode 100644 v1.9.2/addons/opa-gatekeeper/index.html create mode 100644 v1.9.2/addons/secrets-store-csi-driver-provider-aws/index.html create mode 100644 v1.9.2/addons/velero/index.html create mode 100644 v1.9.2/addons/vertical-pod-autoscaler/index.html create mode 100644 v1.9.2/amazon-eks-addons/index.html create mode 100644 v1.9.2/architectures/index.html create mode 100644 v1.9.2/assets/images/favicon.png create mode 100644 v1.9.2/assets/javascripts/bundle.19047be9.min.js create mode 100644 v1.9.2/assets/javascripts/bundle.19047be9.min.js.map create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.ar.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.da.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.de.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.du.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.es.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.fi.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.fr.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.hi.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.hu.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.it.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.ja.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.jp.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.ko.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.multi.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.nl.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.no.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.pt.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.ro.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.ru.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.stemmer.support.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.sv.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.ta.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.th.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.tr.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.vi.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/min/lunr.zh.min.js create mode 100644 v1.9.2/assets/javascripts/lunr/tinyseg.js create mode 100644 v1.9.2/assets/javascripts/lunr/wordcut.js create mode 100644 v1.9.2/assets/javascripts/workers/search.208ed371.min.js create mode 100644 v1.9.2/assets/javascripts/workers/search.208ed371.min.js.map create mode 100644 v1.9.2/assets/stylesheets/main.240905d7.min.css create mode 100644 v1.9.2/assets/stylesheets/main.240905d7.min.css.map create mode 100644 v1.9.2/assets/stylesheets/palette.a0c5b2b5.min.css create mode 100644 v1.9.2/assets/stylesheets/palette.a0c5b2b5.min.css.map create mode 100644 v1.9.2/aws-partner-addons/index.html create mode 100644 v1.9.2/helm-release/index.html create mode 100644 v1.9.2/images/colored-logo.png create mode 100644 v1.9.2/images/white-logo.png create mode 100644 v1.9.2/index.html create mode 100644 v1.9.2/search/search_index.json create mode 100644 v1.9.2/sitemap.xml create mode 100644 v1.9.2/sitemap.xml.gz diff --git a/latest/404.html b/latest/404.html index 4924ee7d..68de1421 100644 --- a/latest/404.html +++ b/latest/404.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../v1.9.1/404.html... + Redirecting to ../v1.9.2/404.html... \ No newline at end of file diff --git a/latest/addons/argo-events/index.html b/latest/addons/argo-events/index.html index 0351dc14..f57f7ad3 100644 --- a/latest/addons/argo-events/index.html +++ b/latest/addons/argo-events/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/argo-events/... + Redirecting to ../../../v1.9.2/addons/argo-events/... \ No newline at end of file diff --git a/latest/addons/argo-rollouts/index.html b/latest/addons/argo-rollouts/index.html index 08eab7a4..76af2e96 100644 --- a/latest/addons/argo-rollouts/index.html +++ b/latest/addons/argo-rollouts/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/argo-rollouts/... + Redirecting to ../../../v1.9.2/addons/argo-rollouts/... \ No newline at end of file diff --git a/latest/addons/argo-workflows/index.html b/latest/addons/argo-workflows/index.html index bc99f9ee..51fdc706 100644 --- a/latest/addons/argo-workflows/index.html +++ b/latest/addons/argo-workflows/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/argo-workflows/... + Redirecting to ../../../v1.9.2/addons/argo-workflows/... \ No newline at end of file diff --git a/latest/addons/argocd/index.html b/latest/addons/argocd/index.html index 7d50a691..8418e1c6 100644 --- a/latest/addons/argocd/index.html +++ b/latest/addons/argocd/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/argocd/... + Redirecting to ../../../v1.9.2/addons/argocd/... \ No newline at end of file diff --git a/latest/addons/aws-cloudwatch-metrics/index.html b/latest/addons/aws-cloudwatch-metrics/index.html index 0b97e974..f08ccbdc 100644 --- a/latest/addons/aws-cloudwatch-metrics/index.html +++ b/latest/addons/aws-cloudwatch-metrics/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/aws-cloudwatch-metrics/... + Redirecting to ../../../v1.9.2/addons/aws-cloudwatch-metrics/... \ No newline at end of file diff --git a/latest/addons/aws-efs-csi-driver/index.html b/latest/addons/aws-efs-csi-driver/index.html index 9412c043..899f0631 100644 --- a/latest/addons/aws-efs-csi-driver/index.html +++ b/latest/addons/aws-efs-csi-driver/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/aws-efs-csi-driver/... + Redirecting to ../../../v1.9.2/addons/aws-efs-csi-driver/... \ No newline at end of file diff --git a/latest/addons/aws-for-fluentbit/index.html b/latest/addons/aws-for-fluentbit/index.html index e7c46d48..87706288 100644 --- a/latest/addons/aws-for-fluentbit/index.html +++ b/latest/addons/aws-for-fluentbit/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/aws-for-fluentbit/... + Redirecting to ../../../v1.9.2/addons/aws-for-fluentbit/... \ No newline at end of file diff --git a/latest/addons/aws-fsx-csi-driver/index.html b/latest/addons/aws-fsx-csi-driver/index.html index dce83edb..41259ede 100644 --- a/latest/addons/aws-fsx-csi-driver/index.html +++ b/latest/addons/aws-fsx-csi-driver/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/aws-fsx-csi-driver/... + Redirecting to ../../../v1.9.2/addons/aws-fsx-csi-driver/... \ No newline at end of file diff --git a/latest/addons/aws-gateway-api-controller/index.html b/latest/addons/aws-gateway-api-controller/index.html index 2e9d02c5..2c9f8c70 100644 --- a/latest/addons/aws-gateway-api-controller/index.html +++ b/latest/addons/aws-gateway-api-controller/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/aws-gateway-api-controller/... + Redirecting to ../../../v1.9.2/addons/aws-gateway-api-controller/... \ No newline at end of file diff --git a/latest/addons/aws-load-balancer-controller/index.html b/latest/addons/aws-load-balancer-controller/index.html index 77a85dd2..896c5a44 100644 --- a/latest/addons/aws-load-balancer-controller/index.html +++ b/latest/addons/aws-load-balancer-controller/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/aws-load-balancer-controller/... + Redirecting to ../../../v1.9.2/addons/aws-load-balancer-controller/... \ No newline at end of file diff --git a/latest/addons/aws-node-termination-handler/index.html b/latest/addons/aws-node-termination-handler/index.html index 3d6f129a..d6eaecf2 100644 --- a/latest/addons/aws-node-termination-handler/index.html +++ b/latest/addons/aws-node-termination-handler/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/aws-node-termination-handler/... + Redirecting to ../../../v1.9.2/addons/aws-node-termination-handler/... \ No newline at end of file diff --git a/latest/addons/aws-private-ca-issuer/index.html b/latest/addons/aws-private-ca-issuer/index.html index b4f62f0d..5ed7e37f 100644 --- a/latest/addons/aws-private-ca-issuer/index.html +++ b/latest/addons/aws-private-ca-issuer/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/aws-private-ca-issuer/... + Redirecting to ../../../v1.9.2/addons/aws-private-ca-issuer/... \ No newline at end of file diff --git a/latest/addons/cert-manager/index.html b/latest/addons/cert-manager/index.html index e7cd70b9..e8e60d5d 100644 --- a/latest/addons/cert-manager/index.html +++ b/latest/addons/cert-manager/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/cert-manager/... + Redirecting to ../../../v1.9.2/addons/cert-manager/... \ No newline at end of file diff --git a/latest/addons/cluster-autoscaler/index.html b/latest/addons/cluster-autoscaler/index.html index a15c83e6..ad505dd3 100644 --- a/latest/addons/cluster-autoscaler/index.html +++ b/latest/addons/cluster-autoscaler/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/cluster-autoscaler/... + Redirecting to ../../../v1.9.2/addons/cluster-autoscaler/... \ No newline at end of file diff --git a/latest/addons/cluster-proportional-autoscaler/index.html b/latest/addons/cluster-proportional-autoscaler/index.html index fbc86535..70b15e61 100644 --- a/latest/addons/cluster-proportional-autoscaler/index.html +++ b/latest/addons/cluster-proportional-autoscaler/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/cluster-proportional-autoscaler/... + Redirecting to ../../../v1.9.2/addons/cluster-proportional-autoscaler/... \ No newline at end of file diff --git a/latest/addons/external-dns/index.html b/latest/addons/external-dns/index.html index 4d42da91..98361bdd 100644 --- a/latest/addons/external-dns/index.html +++ b/latest/addons/external-dns/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/external-dns/... + Redirecting to ../../../v1.9.2/addons/external-dns/... \ No newline at end of file diff --git a/latest/addons/external-secrets/index.html b/latest/addons/external-secrets/index.html index c0954dc1..7f96aa80 100644 --- a/latest/addons/external-secrets/index.html +++ b/latest/addons/external-secrets/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/external-secrets/... + Redirecting to ../../../v1.9.2/addons/external-secrets/... \ No newline at end of file diff --git a/latest/addons/fargate-fluentbit/index.html b/latest/addons/fargate-fluentbit/index.html index 38d29ff6..f49ed828 100644 --- a/latest/addons/fargate-fluentbit/index.html +++ b/latest/addons/fargate-fluentbit/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/fargate-fluentbit/... + Redirecting to ../../../v1.9.2/addons/fargate-fluentbit/... \ No newline at end of file diff --git a/latest/addons/ingress-nginx/index.html b/latest/addons/ingress-nginx/index.html index 00d524d9..4d976f95 100644 --- a/latest/addons/ingress-nginx/index.html +++ b/latest/addons/ingress-nginx/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/ingress-nginx/... + Redirecting to ../../../v1.9.2/addons/ingress-nginx/... \ No newline at end of file diff --git a/latest/addons/karpenter/index.html b/latest/addons/karpenter/index.html index d8486193..41e02b67 100644 --- a/latest/addons/karpenter/index.html +++ b/latest/addons/karpenter/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/karpenter/... + Redirecting to ../../../v1.9.2/addons/karpenter/... \ No newline at end of file diff --git a/latest/addons/kube-prometheus-stack/index.html b/latest/addons/kube-prometheus-stack/index.html index 9688d497..061e8fb2 100644 --- a/latest/addons/kube-prometheus-stack/index.html +++ b/latest/addons/kube-prometheus-stack/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/kube-prometheus-stack/... + Redirecting to ../../../v1.9.2/addons/kube-prometheus-stack/... \ No newline at end of file diff --git a/latest/addons/metrics-server/index.html b/latest/addons/metrics-server/index.html index 31eabc2f..a593c4c5 100644 --- a/latest/addons/metrics-server/index.html +++ b/latest/addons/metrics-server/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/metrics-server/... + Redirecting to ../../../v1.9.2/addons/metrics-server/... \ No newline at end of file diff --git a/latest/addons/opa-gatekeeper/index.html b/latest/addons/opa-gatekeeper/index.html index b6b7bda4..16fe3a1d 100644 --- a/latest/addons/opa-gatekeeper/index.html +++ b/latest/addons/opa-gatekeeper/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/opa-gatekeeper/... + Redirecting to ../../../v1.9.2/addons/opa-gatekeeper/... \ No newline at end of file diff --git a/latest/addons/secrets-store-csi-driver-provider-aws/index.html b/latest/addons/secrets-store-csi-driver-provider-aws/index.html index a4a3f49c..4ecf4f02 100644 --- a/latest/addons/secrets-store-csi-driver-provider-aws/index.html +++ b/latest/addons/secrets-store-csi-driver-provider-aws/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/secrets-store-csi-driver-provider-aws/... + Redirecting to ../../../v1.9.2/addons/secrets-store-csi-driver-provider-aws/... \ No newline at end of file diff --git a/latest/addons/velero/index.html b/latest/addons/velero/index.html index 1d600549..a1ea47d3 100644 --- a/latest/addons/velero/index.html +++ b/latest/addons/velero/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/velero/... + Redirecting to ../../../v1.9.2/addons/velero/... \ No newline at end of file diff --git a/latest/addons/vertical-pod-autoscaler/index.html b/latest/addons/vertical-pod-autoscaler/index.html index 19f063ff..2bf47a16 100644 --- a/latest/addons/vertical-pod-autoscaler/index.html +++ b/latest/addons/vertical-pod-autoscaler/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../../v1.9.1/addons/vertical-pod-autoscaler/... + Redirecting to ../../../v1.9.2/addons/vertical-pod-autoscaler/... \ No newline at end of file diff --git a/latest/amazon-eks-addons/index.html b/latest/amazon-eks-addons/index.html index 2db1bde4..7f098486 100644 --- a/latest/amazon-eks-addons/index.html +++ b/latest/amazon-eks-addons/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../v1.9.1/amazon-eks-addons/... + Redirecting to ../../v1.9.2/amazon-eks-addons/... \ No newline at end of file diff --git a/latest/architectures/index.html b/latest/architectures/index.html index 3b8c6901..2575afc3 100644 --- a/latest/architectures/index.html +++ b/latest/architectures/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../v1.9.1/architectures/... + Redirecting to ../../v1.9.2/architectures/... \ No newline at end of file diff --git a/latest/aws-partner-addons/index.html b/latest/aws-partner-addons/index.html index 2eab6bc8..98076dc9 100644 --- a/latest/aws-partner-addons/index.html +++ b/latest/aws-partner-addons/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../v1.9.1/aws-partner-addons/... + Redirecting to ../../v1.9.2/aws-partner-addons/... \ No newline at end of file diff --git a/latest/helm-release/index.html b/latest/helm-release/index.html index 5bcde855..5907ee14 100644 --- a/latest/helm-release/index.html +++ b/latest/helm-release/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../../v1.9.1/helm-release/... + Redirecting to ../../v1.9.2/helm-release/... \ No newline at end of file diff --git a/latest/index.html b/latest/index.html index 5146d7d9..c64b5227 100644 --- a/latest/index.html +++ b/latest/index.html @@ -4,13 +4,13 @@ Redirecting - Redirecting to ../v1.9.1/... + Redirecting to ../v1.9.2/... \ No newline at end of file diff --git a/v1.9.2/404.html b/v1.9.2/404.html new file mode 100644 index 00000000..cddbe89e --- /dev/null +++ b/v1.9.2/404.html @@ -0,0 +1,789 @@ + + + + + + + + + + + + + + + + + + + + Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ +

404 - Not found

+ +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/argo-events/index.html b/v1.9.2/addons/argo-events/index.html new file mode 100644 index 00000000..e7fa42a2 --- /dev/null +++ b/v1.9.2/addons/argo-events/index.html @@ -0,0 +1,892 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Argo Events - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Argo Events

+

Argo Events is an open source container-native event-driven workflow automation framework for Kubernetes which helps you trigger K8s objects, Argo Workflows, Serverless workloads, etc. on events from a variety of sources. Argo Events is implemented as a Kubernetes CRD (Custom Resource Definition).

+

Usage

+

Argo Events can be deployed by enabling the add-on via the following.

+
enable_argo_events = true
+
+

You can optionally customize the Helm chart that deploys Argo Events via the following configuration.

+
  enable_argo_events = true
+
+  argo_events = {
+    name          = "argo-events"
+    chart_version = "2.4.0"
+    repository    = "https://argoproj.github.io/argo-helm"
+    namespace     = "argo-events"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify argo-events pods are running.

+
$ kubectl get pods -n argo-events
+NAME                                                  READY   STATUS    RESTARTS   AGE
+argo-events-controller-manager-bfb894cdb-k8hzn        1/1     Running   0          11m
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/argo-rollouts/index.html b/v1.9.2/addons/argo-rollouts/index.html new file mode 100644 index 00000000..30b31733 --- /dev/null +++ b/v1.9.2/addons/argo-rollouts/index.html @@ -0,0 +1,892 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Argo Rollouts - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Argo Rollouts

+

Argo Rollouts is a Kubernetes controller and set of CRDs which provide advanced deployment capabilities such as blue-green, canary, canary analysis, experimentation, and progressive delivery features to Kubernetes.

+

Usage

+

Argo Rollouts can be deployed by enabling the add-on via the following.

+
enable_argo_rollouts = true
+
+

You can optionally customize the Helm chart that deploys Argo Rollouts via the following configuration.

+
  enable_argo_rollouts = true
+
+  argo_rollouts = {
+    name          = "argo-rollouts"
+    chart_version = "2.22.3"
+    repository    = "https://argoproj.github.io/argo-helm"
+    namespace     = "argo-rollouts"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify argo-rollouts pods are running.

+
$ kubectl get pods -n argo-rollouts
+NAME                             READY   STATUS    RESTARTS   AGE
+argo-rollouts-5db5688849-x89zb   0/1     Running   0          11s
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/argo-workflows/index.html b/v1.9.2/addons/argo-workflows/index.html new file mode 100644 index 00000000..c009972e --- /dev/null +++ b/v1.9.2/addons/argo-workflows/index.html @@ -0,0 +1,893 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Argo Workflows - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Argo Workflows

+

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows is implemented as a Kubernetes CRD (Custom Resource Definition).

+

Usage

+

Argo Workflows can be deployed by enabling the add-on via the following.

+
enable_argo_workflows = true
+
+

You can optionally customize the Helm chart that deploys Argo Workflows via the following configuration.

+
  enable_argo_workflows = true
+
+  argo_workflows = {
+    name          = "argo-workflows"
+    chart_version = "0.28.2"
+    repository    = "https://argoproj.github.io/argo-helm"
+    namespace     = "argo-workflows"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify argo-workflows pods are running.

+
$ kubectl get pods -n argo-workflows
+NAME                                                  READY   STATUS    RESTARTS   AGE
+argo-workflows-server-68988cd864-22zhr                1/1     Running   0          6m32s
+argo-workflows-workflow-controller-7ff7b5658d-9q44f   1/1     Running   0          6m32s
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/argocd/index.html b/v1.9.2/addons/argocd/index.html new file mode 100644 index 00000000..8ce90f95 --- /dev/null +++ b/v1.9.2/addons/argocd/index.html @@ -0,0 +1,898 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Argo CD - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Argo CD

+

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

+

Usage

+

Argo CD can be deployed by enabling the add-on via the following.

+
enable_argocd = true
+
+

You can optionally customize the Helm chart that deploys Argo CD via the following configuration.

+
  enable_argocd = true
+
+  argocd = {
+    name          = "argocd"
+    chart_version = "5.29.1"
+    repository    = "https://argoproj.github.io/argo-helm"
+    namespace     = "argocd"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify argocd pods are running.

+
$ kubectl get pods -n argocd
+NAME                                                        READY   STATUS    RESTARTS   AGE
+argo-cd-argocd-application-controller-0                     1/1     Running   0          146m
+argo-cd-argocd-applicationset-controller-678d85f77b-rmpcb   1/1     Running   0          146m
+argo-cd-argocd-dex-server-7b6c9b5969-zpqnl                  1/1     Running   0          146m
+argo-cd-argocd-notifications-controller-6d489b99c9-j6fdw    1/1     Running   0          146m
+argo-cd-argocd-redis-59dd95f5b5-8fx74                       1/1     Running   0          146m
+argo-cd-argocd-repo-server-7b9bd88c95-mh2fz                 1/1     Running   0          146m
+argo-cd-argocd-server-6f9cfdd4d5-8mfpc                      1/1     Running   0          146m
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/aws-cloudwatch-metrics/index.html b/v1.9.2/addons/aws-cloudwatch-metrics/index.html new file mode 100644 index 00000000..e473b191 --- /dev/null +++ b/v1.9.2/addons/aws-cloudwatch-metrics/index.html @@ -0,0 +1,896 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + AWS CloudWatch Metrics - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS CloudWatch Metrics

+

Use CloudWatch Container Insights to collect, aggregate, and summarize metrics and logs from your containerized applications and microservices. CloudWatch automatically collects metrics for many resources, such as CPU, memory, disk, and network. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects.

+

Container Insights collects data as performance log events using embedded metric format. These performance log events are entries that use a structured JSON schema that enables high-cardinality data to be ingested and stored at scale. From this data, CloudWatch creates aggregated metrics at the cluster, node, pod, task, and service level as CloudWatch metrics. The metrics that Container Insights collects are available in CloudWatch automatic dashboards, and also viewable in the Metrics section of the CloudWatch console.

+

Usage

+

aws-cloudwatch-metrics can be deployed by enabling the add-on via the following.

+
enable_aws_cloudwatch_metrics = true
+
+

You can also customize the Helm chart that deploys aws-cloudwatch-metrics via the following configuration:

+
  enable_aws_cloudwatch_metrics        = true
+
+  aws_cloudwatch_metrics_irsa_policies = ["IAM Policies"]
+  aws_cloudwatch_metrics   = {
+    role_policies = ["IAM Policies"]  # extra policies in addition of CloudWatchAgentServerPolicy
+    name          = "aws-cloudwatch-metrics"
+    repository    = "https://aws.github.io/eks-charts"
+    chart_version = "0.0.9"
+    namespace     = "amazon-cloudwatch"
+    values        = [templatefile("${path.module}/values.yaml", {})] # The value `clusterName` is already set to the EKS cluster name, no need to specify here
+  }
+
+

Verify aws-cloudwatch-metrics pods are running

+
$ kubectl get pods -n amazon-cloudwatch
+
+NAME                           READY   STATUS    RESTARTS   AGE
+aws-cloudwatch-metrics-2dt5h   1/1     Running   0          149m
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/aws-efs-csi-driver/index.html b/v1.9.2/addons/aws-efs-csi-driver/index.html new file mode 100644 index 00000000..bc0f35aa --- /dev/null +++ b/v1.9.2/addons/aws-efs-csi-driver/index.html @@ -0,0 +1,915 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + AWS EFS CSI Driver - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS EFS CSI Driver

+

This add-on deploys the AWS EFS CSI driver into an EKS cluster.

+

Usage

+

The AWS EFS CSI driver can be deployed by enabling the add-on via the following. Check out the full example to deploy an EKS Cluster with EFS backing the dynamic provisioning of persistent volumes.

+
  enable_aws_efs_csi_driver = true
+
+

You can optionally customize the Helm chart that deploys the driver via the following configuration.

+
  enable_aws_efs_csi_driver = true
+
+  # Optional aws_efs_csi_driver_helm_config
+  aws_efs_csi_driver = {
+    repository     = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
+    chart_version  = "2.4.1"
+  }
+  aws_efs_csi_driver {
+    role_policies = ["<ADDITIONAL_IAM_POLICY_ARN>"]
+  }
+
+

Once deployed, you will be able to see a number of supporting resources in the kube-system namespace.

+
$ kubectl get deployment efs-csi-controller -n kube-system
+
+NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
+efs-csi-controller   2/2     2            2           4m29s
+
+
$ kubectl get daemonset efs-csi-node -n kube-system
+
+NAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
+efs-csi-node   3         3         3       3            3           beta.kubernetes.io/os=linux   4m32s
+
+

Validate EFS CSI Driver

+

Follow the static provisioning example described here to validate the CSI driver is working as expected.

+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/aws-for-fluentbit/index.html b/v1.9.2/addons/aws-for-fluentbit/index.html new file mode 100644 index 00000000..5ba073c9 --- /dev/null +++ b/v1.9.2/addons/aws-for-fluentbit/index.html @@ -0,0 +1,955 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + AWS for Fluent Bit - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS for Fluent Bit

+

AWS provides a Fluent Bit image with plugins for both CloudWatch Logs and Kinesis Data Firehose. We recommend using Fluent Bit as your log router because it has a lower resource utilization rate than Fluentd.

+

Usage

+

AWS for Fluent Bit can be deployed by enabling the add-on via the following.

+
enable_aws_for_fluentbit = true
+
+

You can optionally customize the Helm chart that deploys AWS for Fluent Bit via the following configuration.

+
  enable_aws_for_fluentbit = true
+  aws_for_fluentbit_cw_log_group = {
+    create          = true
+    use_name_prefix = true # Set this to true to enable name prefix
+    name_prefix     = "eks-cluster-logs-"
+    retention       = 7
+  }
+  aws_for_fluentbit = {
+    name          = "aws-for-fluent-bit"
+    chart_version = "0.1.28"
+    repository    = "https://aws.github.io/eks-charts"
+    namespace     = "kube-system"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

If you want to enable Container Insights on Amazon EKS through Fluent Bit, you need to add the following parameter in your configuration:

+
  enable_aws_for_fluentbit = true
+  aws_for_fluentbit = {
+    enable_containerinsights = true
+  }
+
+

By default, ClusterInsights will not enable the kubelet monitoring feature, with AWS for FluentBit integration, since this is an optional feature that is suggested to be enabled only on large clusters. To enable the ClusterInsights Use_Kubelet feature you'll need to provide a few more parametees:

+
  enable_aws_for_fluentbit = true
+  aws_for_fluentbit = {
+    enable_containerinsights = true
+    kubelet_monitoring       = true
+    set = [{
+        name  = "cloudWatchLogs.autoCreateGroup"
+        value = true
+      },
+      {
+        name  = "hostNetwork"
+        value = true
+      },
+      {
+        name  = "dnsPolicy"
+        value = "ClusterFirstWithHostNet"
+      }
+    ]
+  }
+
+

Verify the Fluent Bit setup

+

Verify aws-for-fluentbit pods are running.

+
$ kubectl -n kube-system get pods -l app.kubernetes.io/name=aws-for-fluent-bit
+NAME                       READY   STATUS    RESTARTS   AGE
+aws-for-fluent-bit-6lhkj   1/1     Running   0          15m
+aws-for-fluent-bit-sbn9b   1/1     Running   0          15m
+aws-for-fluent-bit-svhwq   1/1     Running   0          15m
+
+

Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/

+

In the navigation pane, choose Log groups.

+

Make sure that you're in the Region where you deployed Fluent Bit.

+

Check the list of log groups in the Region. You should see the following:

+
/aws/eks/complete/aws-fluentbit-logs
+
+

If you enabled Container Insights, you should also see the following Log Groups in your CloudWatch Console.

+
/aws/containerinsights/Cluster_Name/application
+
+/aws/containerinsights/Cluster_Name/host
+
+/aws/containerinsights/Cluster_Name/dataplane
+
+

Navigate to one of these log groups and check the Last Event Time for the log streams. If it is recent relative to when you deployed Fluent Bit, the setup is verified.

+

There might be a slight delay in creating the /dataplane log group. This is normal as these log groups only get created when Fluent Bit starts sending logs for that log group.

+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/aws-fsx-csi-driver/index.html b/v1.9.2/addons/aws-fsx-csi-driver/index.html new file mode 100644 index 00000000..805e3365 --- /dev/null +++ b/v1.9.2/addons/aws-fsx-csi-driver/index.html @@ -0,0 +1,1000 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + AWS FSx CSI Driver - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS FSx CSI Driver

+

This add-on deploys the Amazon FSx CSI Driver in to an Amazon EKS Cluster.

+

Usage

+

The Amazon FSx CSI Driver can be deployed by enabling the add-on via the following.

+
  enable_aws_fsx_csi_driver = true
+
+

Helm Chart customization

+

You can optionally customize the Helm chart deployment using a configuration like the following.

+
  enable_aws_fsx_csi_driver = true
+  aws_fsx_csi_driver = {
+    namespace     = "aws-fsx-csi-driver"
+    chart_version = "1.6.0"
+    role_policies = <ADDITIONAL_IAM_POLICY_ARN>
+  }
+
+

You can find all available Helm Chart parameter values here

+

Validation

+

Once deployed, you will be able to see a number of supporting resources in the kube-system namespace.

+
$ kubectl -n kube-system get deployment fsx-csi-controller
+
+NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
+fsx-csi-controller   2/2     2            2           4m29s
+
+$ kubectl -n kube-system get pods -l app=fsx-csi-controller
+NAME                                  READY   STATUS    RESTARTS   AGE
+fsx-csi-controller-56c6d9bbb8-89cpc   4/4     Running   0          3m30s
+fsx-csi-controller-56c6d9bbb8-9wnlh   4/4     Running   0          3m30s
+
+
$ kubectl -n kube-system get daemonset fsx-csi-node
+NAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
+fsx-csi-node   3         3         3       3            3           kubernetes.io/os=linux   5m27s
+
+$ kubectl -n kube-system get pods -l  app=fsx-csi-node
+NAME                 READY   STATUS    RESTARTS   AGE
+fsx-csi-node-7c5z6   3/3     Running   0          5m29s
+fsx-csi-node-d5q28   3/3     Running   0          5m29s
+fsx-csi-node-hlg8q   3/3     Running   0          5m29s
+
+

Create a StorageClass. Replace the SubnetID and the SecurityGroupID with your own values. More details here.

+
$ cat <<EOF | kubectl apply -f -
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: fsx-sc
+provisioner: fsx.csi.aws.com
+parameters:
+  subnetId: <YOUR_SUBNET_IDs>
+  securityGroupIds: <YOUR_SG_ID>
+  perUnitStorageThroughput: "200"
+  deploymentType: PERSISTENT_1
+mountOptions:
+  - flock
+EOF
+
+
$ kubect describe storageclass fsx-sc
+Name:            fsx-sc
+IsDefaultClass:  No
+Annotations:     kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"storage.k8s.io/v1","kind":"StorageClass","metadata":{"annotations":{},"name":"fsx-sc"},"mountOptions":null,"parameters":{"deploymentType":"PERSISTENT_1","perUnitStorageThroughput":"200","securityGroupIds":"sg-q1w2e3r4t5y6u7i8o","subnetId":"subnet-q1w2e3r4t5y6u7i8o"},"provisioner":"fsx.csi.aws.com"}
+
+Provisioner:           fsx.csi.aws.com
+Parameters:            deploymentType=PERSISTENT_1,perUnitStorageThroughput=200,securityGroupIds=sg-q1w2e3r4t5y6u7i8o,subnetId=subnet-q1w2e3r4t5y6u7i8o
+AllowVolumeExpansion:  <unset>
+MountOptions:          <none>
+ReclaimPolicy:         Delete
+VolumeBindingMode:     Immediate
+Events:                <none>
+
+

Create a PVC.

+
$ cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: fsx-claim
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: fsx-sc
+  resources:
+    requests:
+      storage: 1200Gi
+EOF
+
+

Wait for the PV to be created and bound to your PVC.

+
$ kubectl get pvc
+NAME        STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+fsx-claim   Bound    pvc-df385730-72d6-4b0c-8275-cc055a438760   1200Gi     RWX            fsx-sc         7m47s
+$ kubectl get pv
+NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM               STORAGECLASS   REASON   AGE
+pvc-df385730-72d6-4b0c-8275-cc055a438760   1200Gi     RWX            Delete           Bound    default/fsx-claim   fsx-sc                  2m13s
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/aws-gateway-api-controller/index.html b/v1.9.2/addons/aws-gateway-api-controller/index.html new file mode 100644 index 00000000..5e88f656 --- /dev/null +++ b/v1.9.2/addons/aws-gateway-api-controller/index.html @@ -0,0 +1,935 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + AWS Gateway API Controller - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS Gateway API Controller

+

AWS Gateway API Controller lets you connect services across multiple Kubernetes clusters through the Kubernetes Gateway API interface. It is also designed to connect services running on EC2 instances, containers, and as serverless functions. It does this by leveraging Amazon VPC Lattice, which works with Kubernetes Gateway API calls to manage Kubernetes objects.

+

Usage

+

AWS Gateway API Controller can be deployed by enabling the add-on via the following.

+
  enable_aws_gateway_api_controller = true
+  aws_gateway_api_controller = {
+    repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+    repository_password = data.aws_ecrpublic_authorization_token.token.password
+    set = [{
+      name  = "clusterVpcId"
+      value = "vpc-12345abcd"
+    }]
+}
+
+

You can optionally customize the Helm chart that deploys AWS Gateway API Controller via the following configuration.

+
  enable_aws_gateway_api_controller = true
+  aws_gateway_api_controller = {
+    name                = "aws-gateway-api-controller"
+    chart_version       = "v0.0.12"
+    repository          = "oci://public.ecr.aws/aws-application-networking-k8s"
+    repository_username = data.aws_ecrpublic_authorization_token.token.user_name
+    repository_password = data.aws_ecrpublic_authorization_token.token.password
+    namespace           = "aws-application-networking-system"
+    values              = [templatefile("${path.module}/values.yaml", {})]
+    set = [{
+      name  = "clusterVpcId"
+      value = "vpc-12345abcd"
+    }]
+  }
+
+

Verify aws-gateway-api-controller pods are running.

+
$ kubectl get pods -n aws-application-networking-system
+NAME                                                               READY   STATUS    RESTARTS   AGE
+aws-gateway-api-controller-aws-gateway-controller-chart-8f42q426   1/1     Running   0          40s
+aws-gateway-api-controller-aws-gateway-controller-chart-8f4tbl9g   1/1     Running   0          71s
+
+

Deploy example GatewayClass

+
$ kubectl apply -f https://raw.githubusercontent.com/aws/aws-application-networking-k8s/main/examples/gatewayclass.yaml
+gatewayclass.gateway.networking.k8s.io/amazon-vpc-lattice created
+
+

Describe GatewayClass

+
$ kubectl describe gatewayclass
+Name:         amazon-vpc-lattice
+Namespace:
+Labels:       <none>
+Annotations:  <none>
+API Version:  gateway.networking.k8s.io/v1beta1
+Kind:         GatewayClass
+Metadata:
+  Creation Timestamp:  2023-06-22T22:33:32Z
+  Generation:          1
+  Resource Version:    819021
+  UID:                 aac59195-8f37-4c23-a2a5-b0f363deda77
+Spec:
+  Controller Name:  application-networking.k8s.aws/gateway-api-controller
+Status:
+  Conditions:
+    Last Transition Time:  2023-06-22T22:33:32Z
+    Message:               Accepted
+    Observed Generation:   1
+    Reason:                Accepted
+    Status:                True
+    Type:                  Accepted
+Events:                    <none>
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/aws-load-balancer-controller/index.html b/v1.9.2/addons/aws-load-balancer-controller/index.html new file mode 100644 index 00000000..69147d90 --- /dev/null +++ b/v1.9.2/addons/aws-load-balancer-controller/index.html @@ -0,0 +1,1000 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + AWS Load Balancer Controller. - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS Load Balancer Controller.

+

AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. This Add-on deploys this controller in an Amazon EKS Cluster.

+

Usage

+

In order to deploy the AWS Load Balancer Controller Addon via EKS Blueprints Addons, reference the following parameters under the module.eks_blueprints_addons.

+
+

NOTE: In versions 2.5 and newer, the AWS Load Balancer Controller becomes the default controller for Kubernetes service resources with the type: LoadBalancer and makes an AWS Network Load Balancer (NLB) for each service. It does this by making a mutating webhook for services, which sets the spec.loadBalancerClass field to service.k8s.aws/nlb for new services of type: LoadBalancer. You can turn off this feature and revert to using the legacy Cloud Provider as the default controller, by setting the helm chart value enableServiceMutatorWebhook to false. The cluster won't provision new Classic Load Balancers for your services unless you turn off this feature. Existing Classic Load Balancers will continue to work.

+
+
module "eks_blueprints_addons" {
+
+  enable_aws_load_balancer_controller = true
+  aws_load_balancer_controller = {
+    set = [
+      {
+        name  = "vpcId"
+        value = module.vpc.vpc_id
+      },
+      {
+        name  = "podDisruptionBudget.maxUnavailable"
+        value = 1
+      },
+      {
+        name  = "enableServiceMutatorWebhook"
+        value = "false"
+      }
+    ]
+  }
+
+

Helm Chart customization

+

It's possible to customize your deployment using the Helm Chart parameters inside the aws_load_balancer_controller configuration block:

+
  aws_load_balancer_controller = {
+    set = [
+      {
+        name  = "vpcId"
+        value = module.vpc.vpc_id
+      },
+      {
+        name  = "podDisruptionBudget.maxUnavailable"
+        value = 1
+      },
+      {
+        name  = "resources.requests.cpu"
+        value = 100m
+      },
+      {
+        name  = "resources.requests.memory"
+        value = 128Mi
+      },
+    ]
+  }
+}
+
+

You can find all available Helm Chart parameter values here.

+

Validate

+
    +
  1. To validate the deployment, check if the aws-load-balancer-controller Pods were created in the kube-system Namespace, as the following example.
    2. +
+
kubectl -n kube-system get pods | grep aws-load-balancer-controller
+NAMESPACE       NAME                                            READY   STATUS    RESTARTS   AGE
+kube-system     aws-load-balancer-controller-6cbdb58654-fvskt   1/1     Running   0          26m
+kube-system     aws-load-balancer-controller-6cbdb58654-sc7dk   1/1     Running   0          26m
+
+
    +
  1. Create a Kubernetes Ingress, using the alb IngressClass, pointing to an existing Service. In this example we'll use a Service called example-svc.
    2. +
+
kubectl create ingress example-ingress --class alb --rule="/*=example-svc:80" \
+--annotation alb.ingress.kubernetes.io/scheme=internet-facing \
+--annotation alb.ingress.kubernetes.io/target-type=ip
+
+
kubectl get ingress  
+NAME                CLASS   HOSTS   ADDRESS                                                                 PORTS   AGE
+example-ingress     alb     *       k8s-example-ingress-7e0d6f03e7-1234567890.us-west-2.elb.amazonaws.com   80      4m9s
+
+

Resources

+

GitHub Repo +Helm Chart +AWS Docs

+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/aws-node-termination-handler/index.html b/v1.9.2/addons/aws-node-termination-handler/index.html new file mode 100644 index 00000000..9ce3d66f --- /dev/null +++ b/v1.9.2/addons/aws-node-termination-handler/index.html @@ -0,0 +1,983 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + AWS Node Termination Handler - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS Node Termination Handler

+

This project ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as EC2 maintenance events, EC2 Spot interruptions, ASG Scale-In, ASG AZ Rebalance, and EC2 Instance Termination via the API or Console. If not handled, your application code may not stop gracefully, take longer to recover full availability, or accidentally schedule work to nodes that are going down.

+

Usage

+

AWS Node Termination Handler can be deployed by enabling the add-on via the following.

+
enable_aws_node_termination_handler = true
+
+

You can optionally customize the Helm chart that deploys AWS Node Termination Handler via the following configuration.

+
  enable_aws_node_termination_handler = true
+
+  aws_node_termination_handler = {
+    name          = "aws-node-termination-handler"
+    chart_version = "0.21.0"
+    repository    = "https://aws.github.io/eks-charts"
+    namespace     = "aws-node-termination-handler"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify aws-node-termination-handler pods are running.

+
$ kubectl get pods -n aws-node-termination-handler
+NAME                                            READY   STATUS    RESTARTS      AGE
+aws-node-termination-handler-6f598b6b89-6mqgk   1/1     Running   1 (22h ago)   26h
+
+

Verify SQS Queue is created.

+
$ aws sqs list-queues
+
+{
+    "QueueUrls": [
+        "https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXXXXX/aws_node_termination_handler20221123072051157700000004"
+    ]
+}
+
+

Verify Event Rules are created.

+
$ aws event list-rules
+{
+    [
+        {
+            "Name": "NTH-ASGTerminiate-20230602191740664900000025",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-ASGTerminiate-20230602191740664900000025",
+            "EventPattern": "{\"detail-type\":[\"EC2 Instance-terminate Lifecycle Action\"],\"source\":[\"aws.autoscaling\"]}",
+            "State": "ENABLED",
+            "Description": "Auto scaling instance terminate event",
+            "EventBusName": "default"
+        },
+        {
+            "Name": "NTH-HealthEvent-20230602191740079300000022",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-HealthEvent-20230602191740079300000022",
+            "EventPattern": "{\"detail-type\":[\"AWS Health Event\"],\"source\":[\"aws.health\"]}",
+            "State": "ENABLED",
+            "Description": "AWS health event",
+            "EventBusName": "default"
+        },
+        {
+            "Name": "NTH-InstanceRebalance-20230602191740077100000021",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-InstanceRebalance-20230602191740077100000021",
+            "EventPattern": "{\"detail-type\":[\"EC2 Instance Rebalance Recommendation\"],\"source\":[\"aws.ec2\"]}",
+            "State": "ENABLED",
+            "Description": "EC2 instance rebalance recommendation",
+            "EventBusName": "default"
+        },
+        {
+            "Name": "NTH-InstanceStateChange-20230602191740165000000024",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-InstanceStateChange-20230602191740165000000024",
+            "EventPattern": "{\"detail-type\":[\"EC2 Instance State-change Notification\"],\"source\":[\"aws.ec2\"]}",
+            "State": "ENABLED",
+            "Description": "EC2 instance state-change notification",
+            "EventBusName": "default"
+        },
+        {
+            "Name": "NTH-SpotInterrupt-20230602191740077100000020",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-SpotInterrupt-20230602191740077100000020",
+            "EventPattern": "{\"detail-type\":[\"EC2 Spot Instance Interruption Warning\"],\"source\":[\"aws.ec2\"]}",
+            "State": "ENABLED",
+            "Description": "EC2 spot instance interruption warning",
+            "EventBusName": "default"
+        },
+        {
+            "Name": "NTHASGTermRule",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHASGTermRule",
+            "EventPattern": "{\"detail-type\":[\"EC2 Instance-terminate Lifecycle Action\"],\"source\":[\"aws.autoscaling\"]}",
+            "State": "ENABLED",
+            "EventBusName": "default"
+        },
+        {
+            "Name": "NTHInstanceStateChangeRule",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHInstanceStateChangeRule",
+            "EventPattern": "{\"detail-type\":[\"EC2 Instance State-change Notification\"],\"source\":[\"aws.ec2\"]}",
+            "State": "ENABLED",
+            "EventBusName": "default"
+        },
+        {
+            "Name": "NTHRebalanceRule",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHRebalanceRule",
+            "EventPattern": "{\"detail-type\":[\"EC2 Instance Rebalance Recommendation\"],\"source\":[\"aws.ec2\"]}",
+            "State": "ENABLED",
+            "EventBusName": "default"
+        },
+        {
+            "Name": "NTHScheduledChangeRule",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHScheduledChangeRule",
+            "EventPattern": "{\"detail-type\":[\"AWS Health Event\"],\"source\":[\"aws.health\"]}",
+            "State": "ENABLED",
+            "EventBusName": "default"
+        },
+        {
+            "Name": "NTHSpotTermRule",
+            "Arn": "arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHSpotTermRule",
+            "EventPattern": "{\"detail-type\":[\"EC2 Spot Instance Interruption Warning\"],\"source\":[\"aws.ec2\"]}",
+            "State": "ENABLED",
+            "EventBusName": "default"
+        }
+    ]
+}
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/aws-private-ca-issuer/index.html b/v1.9.2/addons/aws-private-ca-issuer/index.html new file mode 100644 index 00000000..16cc97ea --- /dev/null +++ b/v1.9.2/addons/aws-private-ca-issuer/index.html @@ -0,0 +1,999 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + AWS Private CA Issuer - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS Private CA Issuer

+

AWS Private CA is an AWS service that can setup and manage private CAs, as well as issue private certificates. This add-on deploys the AWS Private CA Issuer as an external issuer to cert-manager that signs off certificate requests using AWS Private CA in an Amazon EKS Cluster.

+

Usage

+

Pre-requisites

+

To deploy the AWS PCA, you need to install cert-manager first, refer to this documentation to do it through EKS Blueprints Addons.

+

Deployment

+

With cert-manager deployed in place, you can deploy the AWS Private CA Issuer Add-on via EKS Blueprints Addons, reference the following parameters under the module.eks_blueprints_addons.

+
module "eks_blueprints_addons" {
+
+  enable_cert_manager         = true
+  enable_aws_privateca_issuer = true
+  aws_privateca_issuer = {
+    acmca_arn        = aws_acmpca_certificate_authority.this.arn
+  }
+}
+
+

Helm Chart customization

+

It's possible to customize your deployment using the Helm Chart parameters inside the aws_load_balancer_controller configuration block:

+
  aws_privateca_issuer = {
+    acmca_arn        = aws_acmpca_certificate_authority.this.arn
+    namespace        = "aws-privateca-issuer"
+    create_namespace = true
+  }
+
+

You can find all available Helm Chart parameter values here.

+

Validation

+
    +
  1. List all the pods running in aws-privateca-issuer and cert-manager Namespace.
    2. +
+
kubectl get pods -n aws-privateca-issuer
+kubectl get pods -n cert-manager
+
+
    +
  1. Check the certificate status in it should be in Ready state, and be pointing to a secret created in the same Namespace.
    2. +
+
kubectl get certificate -o wide
+NAME      READY   SECRET                  ISSUER                    STATUS                                          AGE
+example   True    example-clusterissuer   tls-with-aws-pca-issuer   Certificate is up to date and has not expired   41m
+
+kubectl get secret example-clusterissuer
+NAME                    TYPE                DATA   AGE
+example-clusterissuer   kubernetes.io/tls   3      43m
+
+

Resources

+

GitHub Repo +Helm Chart +AWS Docs

+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/cert-manager/index.html b/v1.9.2/addons/cert-manager/index.html new file mode 100644 index 00000000..1d4120a0 --- /dev/null +++ b/v1.9.2/addons/cert-manager/index.html @@ -0,0 +1,1000 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Cert-Manager - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Cert-Manager

+

Cert-manager is a X.509 certificate controller for Kubernetes-like workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry. This Add-on deploys this controller in an Amazon EKS Cluster.

+

Usage

+

To deploy cert-manager Add-on via EKS Blueprints Addons, reference the following parameters under the module.eks_blueprints_addons.

+
module "eks_blueprints_addons" {
+
+  enable_cert_manager         = true
+}
+
+

Helm Chart customization

+

It's possible to customize your deployment using the Helm Chart parameters inside the cert-manager configuration block:

+
  cert-manager = {
+    chart_version    = "v1.11.1"
+    namespace        = "cert-manager"
+    create_namespace = true
+  }
+
+

You can find all available Helm Chart parameter values here

+

Validation

+
    +
  1. Validate if the Cert-Manger Pods are Running.
    2. +
+
kubectl -n cert-manager get pods
+NAME                                      READY   STATUS    RESTARTS   AGE
+cert-manager-5989bcc87-96qvf              1/1     Running   0          2m49s
+cert-manager-cainjector-9b44ddb68-8c7b9   1/1     Running   0          2m49s
+cert-manager-webhook-776b65456-k6br4      1/1     Running   0          2m49s
+
+
    +
  1. Create a SelfSigned ClusterIssuer resource in the cluster.
    2. +
+
apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-cluster-issuer
+spec:
+  selfSigned: {}
+
+
kubectl get clusterissuers -o wide selfsigned-cluster-issuer
+NAME                        READY   STATUS   AGE
+selfsigned-cluster-issuer   True             3m
+
+
    +
  1. Create a Certificate in a given Namespace.
    2. +
+
apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: example
+  namespace: default
+spec:
+  isCA: true
+  commonName: example
+  secretName: example-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-cluster-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+
+
    +
  1. Check the certificate status in it should be in Ready state, and be pointing to a secret created in the same Namespace.
    2. +
+
kubectl get certificate -o wide
+NAME      READY   SECRET           ISSUER                      STATUS                                          AGE
+example   True    example-secret   selfsigned-cluster-issuer   Certificate is up to date and has not expired   44s
+
+kubectl get secret example-secret
+NAME             TYPE                DATA   AGE
+example-secret   kubernetes.io/tls   3      70s
+
+

Resources

+

GitHub Repo +Helm Chart

+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/cluster-autoscaler/index.html b/v1.9.2/addons/cluster-autoscaler/index.html new file mode 100644 index 00000000..c6cdfa19 --- /dev/null +++ b/v1.9.2/addons/cluster-autoscaler/index.html @@ -0,0 +1,892 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Cluster Autoscaler - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Cluster Autoscaler

+

The Kubernetes Cluster Autoscaler automatically adjusts the number of nodes in your cluster when pods fail or are rescheduled onto other nodes. The Cluster Autoscaler uses Auto Scaling groups. For more information, see Cluster Autoscaler on AWS.

+

Usage

+

Cluster Autoscaler can be deployed by enabling the add-on via the following.

+
enable_cluster_autoscaler = true
+
+

You can optionally customize the Helm chart that deploys Cluster Autoscaler via the following configuration.

+
  enable_cluster_autoscaler = true
+
+  cluster_autoscaler = {
+    name          = "cluster-autoscaler"
+    chart_version = "9.29.0"
+    repository    = "https://kubernetes.github.io/autoscaler"
+    namespace     = "kube-system"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify cluster-autoscaler pods are running.

+
$ kubectl get pods -n kube-system
+NAME                                                         READY   STATUS    RESTARTS     AGE
+cluster-autoscaler-aws-cluster-autoscaler-7ff79bc484-pm8g9   1/1     Running   1 (2d ago)   2d5h
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/cluster-proportional-autoscaler/index.html b/v1.9.2/addons/cluster-proportional-autoscaler/index.html new file mode 100644 index 00000000..c8c2b82d --- /dev/null +++ b/v1.9.2/addons/cluster-proportional-autoscaler/index.html @@ -0,0 +1,1015 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Cluster Proportional Autoscaler - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Cluster Proportional Autoscaler

+

Horizontal cluster-proportional-autoscaler watches over the number of schedulable nodes and cores of the cluster and resizes the number of replicas for the required resource. This functionality may be desirable for applications that need to be autoscaled with the size of the cluster, such as CoreDNS and other services that scale with the number of nodes/pods in the cluster.

+

The cluster-proportional-autoscaler helps to scale the applications using deployment or replicationcontroller or replicaset. This is an alternative solution to Horizontal Pod Autoscaling. +It is typically installed as a Deployment in your cluster.

+

Refer to the eks-best-practices-guides for addional configuration guidanance.

+

Usage

+

This add-on requires both enable_cluster_proportional_autoscaler and cluster_proportional_autoscaler as mandatory fields.

+

The example shows how to enable cluster-proportional-autoscaler for CoreDNS Deployment. CoreDNS deployment is not configured with HPA. So, this add-on helps to scale CoreDNS Add-on according to the size of the nodes and cores.

+

This Add-on can be used to scale any application with Deployment objects.

+
enable_cluster_proportional_autoscaler  = true
+cluster_proportional_autoscaler  = {
+    values = [
+      <<-EOT
+        nameOverride: kube-dns-autoscaler
+
+        # Formula for controlling the replicas. Adjust according to your needs
+        # replicas = max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )
+        config:
+          linear:
+            coresPerReplica: 256
+            nodesPerReplica: 16
+            min: 1
+            max: 100
+            preventSinglePointFailure: true
+            includeUnschedulableNodes: true
+
+        # Target to scale. In format: deployment/*, replicationcontroller/* or replicaset/* (not case sensitive).
+        options:
+          target: deployment/coredns # Notice the target as `deployment/coredns`
+
+        serviceAccount:
+          create: true
+          name: kube-dns-autoscaler
+
+        podSecurityContext:
+          seccompProfile:
+            type: RuntimeDefault
+            supplementalGroups: [65534]
+            fsGroup: 65534
+
+        resources:
+          limits:
+            cpu: 100m
+            memory: 128Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
+
+        tolerations:
+          - key: "CriticalAddonsOnly"
+            operator: "Exists"
+            description: "Cluster Proportional Autoscaler for CoreDNS Service"
+      EOT
+    ]
+}
+
+

Expected result

+

The cluster-proportional-autoscaler pod running in the kube-system namespace. +

kubectl -n kube-system get po -l app.kubernetes.io/instance=cluster-proportional-autoscaler
+NAME                                                              READY   STATUS    RESTARTS   AGE
+cluster-proportional-autoscaler-kube-dns-autoscaler-d8dc8477xx7   1/1     Running   0          21h
+
+The cluster-proportional-autoscaler-kube-dns-autoscaler config map exists. +
kubectl -n kube-system get cm cluster-proportional-autoscaler-kube-dns-autoscaler
+NAME                                                  DATA   AGE
+cluster-proportional-autoscaler-kube-dns-autoscaler   1      21h
+

+

Testing

+

To test that coredns pods scale, first take a baseline of how many nodes the cluster has and how many coredns pods are running. +

kubectl get nodes
+NAME                          STATUS   ROLES    AGE   VERSION
+ip-10-0-19-243.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954
+ip-10-0-25-182.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954
+ip-10-0-40-138.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954
+ip-10-0-8-136.ec2.internal    Ready    <none>   21h   v1.26.4-eks-0a21954
+
+kubectl get po -n kube-system -l k8s-app=kube-dns
+NAME                       READY   STATUS    RESTARTS   AGE
+coredns-7975d6fb9b-dlkdd   1/1     Running   0          21h
+coredns-7975d6fb9b-xqqwp   1/1     Running   0          21h
+

+

Change the following parameters in the hcl code above so a scaling event can be easily triggered: +

        config:
+          linear:
+            coresPerReplica: 4
+            nodesPerReplica: 2
+            min: 1
+            max: 4
+
+and execute terraform apply.

+

Increase the managed node group desired size, in this example from 4 to 5. This can be done via the AWS Console.

+

Check that the new node came up and coredns scaled up. +

NAME                          STATUS   ROLES    AGE   VERSION
+ip-10-0-14-120.ec2.internal   Ready    <none>   10m   v1.26.4-eks-0a21954
+ip-10-0-19-243.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954
+ip-10-0-25-182.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954
+ip-10-0-40-138.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954
+ip-10-0-8-136.ec2.internal    Ready    <none>   21h   v1.26.4-eks-0a21954
+
+kubectl get po -n kube-system -l k8s-app=kube-dns
+NAME                       READY   STATUS    RESTARTS   AGE
+coredns-7975d6fb9b-dlkdd   1/1     Running   0          21h
+coredns-7975d6fb9b-ww64t   1/1     Running   0          10m
+coredns-7975d6fb9b-xqqwp   1/1     Running   0          21h
+

+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/external-dns/index.html b/v1.9.2/addons/external-dns/index.html new file mode 100644 index 00000000..3e583c9c --- /dev/null +++ b/v1.9.2/addons/external-dns/index.html @@ -0,0 +1,903 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + External DNS - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

External DNS

+

ExternalDNS makes Kubernetes resources discoverable via public DNS servers. Like KubeDNS, it retrieves a list of resources (Services, Ingresses, etc.) from the Kubernetes API to determine a desired list of DNS records. Unlike KubeDNS, however, it's not a DNS server itself, but merely configures other DNS providers accordingly—e.g. AWS Route 53.

+

Usage

+

External DNS can be deployed by enabling the add-on via the following.

+
enable_external_dns = true
+
+

You can optionally customize the Helm chart that deploys External DNS via the following configuration.

+
  enable_external_dns = true
+
+  external_dns = {
+    name          = "external-dns"
+    chart_version = "1.12.2"
+    repository    = "https://kubernetes-sigs.github.io/external-dns/"
+    namespace     = "external-dns"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+  external_dns_route53_zone_arns = ["XXXXXXXXXXXXXXXXXXXXXXX"]
+
+

Verify external-dns pods are running.

+
$ kubectl get pods -n external-dns
+NAME                            READY   STATUS    RESTARTS     AGE
+external-dns-849b89c675-ffnf6   1/1     Running   1 (2d ago)   2d5h
+
+

To further configure external-dns, refer to the examples:

+ + + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/external-secrets/index.html b/v1.9.2/addons/external-secrets/index.html new file mode 100644 index 00000000..a5727764 --- /dev/null +++ b/v1.9.2/addons/external-secrets/index.html @@ -0,0 +1,894 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + External Secrets - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

External Secrets

+

External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.

+

Usage

+

External Secrets can be deployed by enabling the add-on via the following.

+
enable_external_secrets = true
+
+

You can optionally customize the Helm chart that deploys External Secrets via the following configuration.

+
  enable_external_secrets = true
+
+  external_secrets = {
+    name          = "external-secrets"
+    chart_version = "0.8.1"
+    repository    = "https://charts.external-secrets.io"
+    namespace     = "external-secrets"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify external-secrets pods are running.

+
$ kubectl get pods -n external-secrets
+NAME                                               READY   STATUS    RESTARTS       AGE
+external-secrets-67bfd5b47c-xc5xf                  1/1     Running   1 (2d1h ago)   2d6h
+external-secrets-cert-controller-8f75c6f79-qcfx4   1/1     Running   1 (2d1h ago)   2d6h
+external-secrets-webhook-78f6bd456-76wmm           1/1     Running   1 (2d1h ago)   2d6h
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/fargate-fluentbit/index.html b/v1.9.2/addons/fargate-fluentbit/index.html new file mode 100644 index 00000000..2c188fe5 --- /dev/null +++ b/v1.9.2/addons/fargate-fluentbit/index.html @@ -0,0 +1,990 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Fargate FluentBit - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Fargate FluentBit

+

Amazon EKS on Fargate offers a built-in log router based on Fluent Bit. This means that you don't explicitly run a Fluent Bit container as a sidecar, but Amazon runs it for you. All that you have to do is configure the log router. The configuration happens through a dedicated ConfigMap, that is deployed via this Add-on.

+

Usage

+

To configure the Fargate Fluentbit ConfigMap via the EKS Blueprints Addons, just reference the following parameters under the module.eks_blueprints_addons.

+
module "eks_blueprints_addons" {
+
+  enable_fargate_fluentbit = true
+  fargate_fluentbit = {
+    flb_log_cw = true
+  }
+}
+
+

It's possible to customize the CloudWatch Log Group parameters in the fargate_fluentbit_cw_log_group configuration block:

+
  fargate_fluentbit_cw_log_group = {
+
+  name              = "existing-log-group"
+  name_prefix       = "dev-environment-logs"
+  retention_in_days = 7
+  kms_key_id        = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+  skip_destroy      = true
+
+

Validation

+
    +
  1. Check if the aws-logging configMap for Fargate Fluentbit was created.
    2. +
+
kubectl -n aws-observability get configmap aws-logging -o yaml
+apiVersion: v1
+data:
+  filters.conf: |
+    [FILTER]
+      Name parser
+      Match *
+      Key_Name log
+      Parser regex
+      Preserve_Key True
+      Reserve_Data True
+  flb_log_cw: "true"
+  output.conf: |
+    [OUTPUT]
+      Name cloudwatch_logs
+      Match *
+      region us-west-2
+      log_group_name /fargate-serverless/fargate-fluentbit-logs20230509014113352200000006
+      log_stream_prefix fargate-logs-
+      auto_create_group true
+  parsers.conf: |
+    [PARSER]
+      Name regex
+      Format regex
+      Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$
+      Time_Key time
+      Time_Format %Y-%m-%dT%H:%M:%S.%L%z
+      Time_Keep On
+      Decode_Field_As json message
+immutable: false
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2023-05-08T21:14:52Z"
+  name: aws-logging
+  namespace: aws-observability
+  resourceVersion: "1795"
+  uid: d822bcf5-a441-4996-857e-7fb1357bc07e
+
+
    +
  1. Validate if the CloudWatch LogGroup was created accordingly, and LogStreams were populated.
    2. +
+
aws logs describe-log-groups --log-group-name-prefix "/fargate-serverless/fargate-fluentbit"
+{
+    "logGroups": [
+        {
+            "logGroupName": "/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006",
+            "creationTime": 1683580491652,
+            "retentionInDays": 90,
+            "metricFilterCount": 0,
+            "arn": "arn:aws:logs:us-west-2:111122223333:log-group:/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006:*",
+            "storedBytes": 0
+        }
+    ]
+}
+
+
aws logs describe-log-streams --log-group-name "/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006" --log-stream-name-prefix fargate-logs --query 'logStreams[].logStreamName'
+[
+    "fargate-logs-flblogs.var.log.fluent-bit.log",
+    "fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-grjsq_kube-system_aws-load-balancer-controller-feaa22b4cdaa71ecfc8355feb81d4b61ea85598a7bb57aef07667c767c6b98e4.log",
+    "fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-wzr46_kube-system_aws-load-balancer-controller-69075ea9ab3c7474eac2a1696d3a84a848a151420cd783d79aeef960b181567f.log",
+    "fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-8cxvq_kube-system_coredns-9e4f3ab435269a566bcbaa606c02c146ad58508e67cef09fa87d5c09e4ac0088.log",
+    "fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-gcjwp_kube-system_coredns-11016818361cd68c32bf8f0b1328f3d92a6d7b8cf5879bfe8b301f393cb011cc.log"
+]
+
+

Resources

+

AWS Docs +Fluent Bit for Amazon EKS on AWS Fargate Blog Post

+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/ingress-nginx/index.html b/v1.9.2/addons/ingress-nginx/index.html new file mode 100644 index 00000000..e38a942d --- /dev/null +++ b/v1.9.2/addons/ingress-nginx/index.html @@ -0,0 +1,893 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Ingress Nginx - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Ingress Nginx

+

This add-on installs Ingress Nginx Controller on Amazon EKS. The Ingress Nginx controller uses Nginx as a reverse proxy and load balancer.

+

Other than handling Kubernetes ingress objects, this ingress controller can facilitate multi-tenancy and segregation of workload ingresses based on host name (host-based routing) and/or URL Path (path based routing).

+

Usage

+

Ingress Nginx Controller can be deployed by enabling the add-on via the following.

+
enable_ingress_nginx = true
+
+

You can optionally customize the Helm chart that deploys ingress-nginx via the following configuration.

+
  enable_ingress_nginx = true
+
+  ingress_nginx = {
+    name          = "ingress-nginx"
+    chart_version = "4.6.1"
+    repository    = "https://kubernetes.github.io/ingress-nginx"
+    namespace     = "ingress-nginx"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify ingress-nginx pods are running.

+
$ kubectl get pods -n ingress-nginx
+NAME                                       READY   STATUS    RESTARTS   AGE
+ingress-nginx-controller-f6c55fdc8-8bt2z   1/1     Running   0          44m
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/karpenter/index.html b/v1.9.2/addons/karpenter/index.html new file mode 100644 index 00000000..6d4831e0 --- /dev/null +++ b/v1.9.2/addons/karpenter/index.html @@ -0,0 +1,970 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Karpenter - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Karpenter

+

Prerequisites

+

If deploying a node template that uses spot, please ensure you have the Spot service linked role available in your account. You can run the following command to ensure this role is available:

+
aws iam create-service-linked-role --aws-service-name spot.amazonaws.com || true
+
+

Validate

+

The following command will update the kubeconfig on your local machine and allow you to interact with your EKS Cluster using kubectl to validate the CoreDNS deployment for Fargate.

+
    +
  1. Run update-kubeconfig command:
    2. +
+
aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
+
+
    +
  1. Test by listing all the pods running currently
    2. +
+
kubectl get pods -n karpenter
+
+# Output should look similar to below
+NAME                         READY   STATUS    RESTARTS   AGE
+karpenter-6f97df4f77-5nqsk   1/1     Running   0          3m28s
+karpenter-6f97df4f77-n7fkf   1/1     Running   0          3m28s
+
+
    +
  1. View the current nodes - this example utilizes EKS Fargate for hosting the Karpenter controller so only Fargate nodes are present currently:
    2. +
+
kubectl get nodes
+
+# Output should look similar to below
+NAME                                                STATUS   ROLES    AGE     VERSION
+fargate-ip-10-0-29-25.us-west-2.compute.internal    Ready    <none>   2m56s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-36-148.us-west-2.compute.internal   Ready    <none>   2m57s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-42-30.us-west-2.compute.internal    Ready    <none>   2m34s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-45-112.us-west-2.compute.internal   Ready    <none>   2m33s   v1.26.3-eks-f4dc2c0
+
+
    +
  1. Create a sample pause deployment to demonstrate scaling:
    2. +
+
kubectl apply -f - <<EOF
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: inflate
+spec:
+    replicas: 0
+    selector:
+    matchLabels:
+        app: inflate
+    template:
+    metadata:
+        labels:
+        app: inflate
+    spec:
+        terminationGracePeriodSeconds: 0
+        containers:
+        - name: inflate
+            image: public.ecr.aws/eks-distro/kubernetes/pause:3.7
+            resources:
+            requests:
+                cpu: 1
+EOF
+
+
    +
  1. Scale up the sample pause deployment to see Karpenter respond by provisioning nodes to support the workload:
    2. +
+
kubectl scale deployment inflate --replicas 5
+# To view logs
+# kubectl logs -f -n karpenter -l app.kubernetes.io/name=karpenter -c controller
+
+
    +
  1. Re-check the nodes, you will now see a new EC2 node provisioned to support the scaled workload:
    2. +
+
kubectl get nodes
+
+# Output should look similar to below
+NAME                                                STATUS   ROLES    AGE     VERSION
+fargate-ip-10-0-29-25.us-west-2.compute.internal    Ready    <none>   5m15s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-36-148.us-west-2.compute.internal   Ready    <none>   5m16s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-42-30.us-west-2.compute.internal    Ready    <none>   4m53s   v1.26.3-eks-f4dc2c0
+fargate-ip-10-0-45-112.us-west-2.compute.internal   Ready    <none>   4m52s   v1.26.3-eks-f4dc2c0
+ip-10-0-1-184.us-west-2.compute.internal            Ready    <none>   26s     v1.26.2-eks-a59e1f0 # <= new EC2 node launched
+
+
    +
  1. Remove the sample pause deployment:
    2. +
+
kubectl delete deployment inflate
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/kube-prometheus-stack/index.html b/v1.9.2/addons/kube-prometheus-stack/index.html new file mode 100644 index 00000000..fae67cd9 --- /dev/null +++ b/v1.9.2/addons/kube-prometheus-stack/index.html @@ -0,0 +1,897 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Kube Prometheus Stack - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Kube Prometheus Stack

+

Kube Prometheus Stack is a collection of Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.

+

Usage

+

Kube Prometheus Stack can be deployed by enabling the add-on via the following.

+
enable_kube_prometheus_stack = true
+
+

You can optionally customize the Helm chart that deploys Kube Prometheus Stack via the following configuration.

+
  enable_kube_prometheus_stack = true
+
+  kube_prometheus_stack = {
+    name          = "kube-prometheus-stack"
+    chart_version = "51.2.0"
+    repository    = "https://prometheus-community.github.io/helm-charts"
+    namespace     = "kube-prometheus-stack"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify kube-prometheus-stack pods are running.

+
$ kubectl get pods -n external-secrets
+NAME                                                        READY   STATUS    RESTARTS       AGE
+alertmanager-kube-prometheus-stack-alertmanager-0           2/2     Running   3 (2d2h ago)   2d7h
+kube-prometheus-stack-grafana-5c6cf88fd9-8wc9k              3/3     Running   3 (2d2h ago)   2d7h
+kube-prometheus-stack-kube-state-metrics-584d8b5d5f-s6p8d   1/1     Running   1 (2d2h ago)   2d7h
+kube-prometheus-stack-operator-c74ddccb5-8cprr              1/1     Running   1 (2d2h ago)   2d7h
+kube-prometheus-stack-prometheus-node-exporter-vd8lw        1/1     Running   1 (2d2h ago)   2d7h
+prometheus-kube-prometheus-stack-prometheus-0               2/2     Running   2 (2d2h ago)   2d7h
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/metrics-server/index.html b/v1.9.2/addons/metrics-server/index.html new file mode 100644 index 00000000..db081b61 --- /dev/null +++ b/v1.9.2/addons/metrics-server/index.html @@ -0,0 +1,893 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Metrics Server - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Metrics Server

+

Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.

+

Metrics Server collects resource metrics from Kubelets and exposes them in Kubernetes apiserver through Metrics API for use by Horizontal Pod Autoscaler and Vertical Pod Autoscaler. Metrics API can also be accessed by kubectl top, making it easier to debug autoscaling pipelines.

+

Usage

+

Metrics Server can be deployed by enabling the add-on via the following.

+
enable_metrics_server = true
+
+

You can optionally customize the Helm chart that deploys External DNS via the following configuration.

+
  enable_metrics_server = true
+
+  metrics_server = {
+    name          = "metrics-server"
+    chart_version = "3.10.0"
+    repository    = "https://kubernetes-sigs.github.io/metrics-server/"
+    namespace     = "kube-system"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify metrics-server pods are running.

+
$ kubectl get pods -n kube-system
+NAME                                   READY   STATUS    RESTARTS       AGE
+metrics-server-6f9cdd486c-njh8b        1/1     Running   1 (2d2h ago)   2d7h
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/opa-gatekeeper/index.html b/v1.9.2/addons/opa-gatekeeper/index.html new file mode 100644 index 00000000..87fb8d47 --- /dev/null +++ b/v1.9.2/addons/opa-gatekeeper/index.html @@ -0,0 +1,889 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + OPA Gatekeeper - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

OPA Gatekeeper

+

Gatekeeper is an admission controller that validates requests to create and update Pods on Kubernetes clusters, using the Open Policy Agent (OPA). Using Gatekeeper allows administrators to define policies with a constraint, which is a set of conditions that permit or deny deployment behaviors in Kubernetes.

+

For complete project documentation, please visit the Gatekeeper. +For reference templates refer Templates

+

Usage

+

Gatekeeper can be deployed by enabling the add-on via the following.

+
enable_gatekeeper = true
+
+

You can also customize the Helm chart that deploys gatekeeper via the following configuration:

+
  enable_gatekeeper = true
+
+  gatekeeper = {
+    name          = "gatekeeper"
+    chart_version = "3.12.0"
+    repository    = "https://open-policy-agent.github.io/gatekeeper/charts"
+    namespace     = "gatekeeper-system"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/secrets-store-csi-driver-provider-aws/index.html b/v1.9.2/addons/secrets-store-csi-driver-provider-aws/index.html new file mode 100644 index 00000000..8ead16b1 --- /dev/null +++ b/v1.9.2/addons/secrets-store-csi-driver-provider-aws/index.html @@ -0,0 +1,895 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + AWS Secrets Manager and Config Provider for Secret Store CSI Driver - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS Secrets Manager and Config Provider for Secret Store CSI Driver

+

AWS offers two services to manage secrets and parameters conveniently in your code. AWS Secrets Manager allows you to easily rotate, manage, and retrieve database credentials, API keys, certificates, and other secrets throughout their lifecycle. AWS Systems Manager Parameter Store provides hierarchical storage for configuration data. The AWS provider for the Secrets Store CSI Driver allows you to make secrets stored in Secrets Manager and parameters stored in Parameter Store appear as files mounted in Kubernetes pods.

+

Usage

+

AWS Secrets Store CSI Driver can be deployed by enabling the add-on via the following.

+
enable_secrets_store_csi_driver              = true
+enable_secrets_store_csi_driver_provider_aws = true
+
+

You can optionally customize the Helm chart via the following configuration.

+
  enable_secrets_store_csi_driver              = true
+  enable_secrets_store_csi_driver_provider_aws = true
+
+  secrets_store_csi_driver_provider_aws = {
+    name          = "secrets-store-csi-driver"
+    chart_version = "0.3.2"
+    repository    = "https://aws.github.io/secrets-store-csi-driver-provider-aws"
+    namespace     = "kube-system"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+

Verify metrics-server pods are running.

+
$ kubectl get pods -n kube-system
+NAME                                         READY   STATUS    RESTARTS       AGE
+secrets-store-csi-driver-9l2z8               3/3     Running   1 (2d5h ago)   2d9h
+secrets-store-csi-driver-provider-aws-2qqkk  1/1     Running   1 (2d5h ago)   2d9h
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/velero/index.html b/v1.9.2/addons/velero/index.html new file mode 100644 index 00000000..2f4b618d --- /dev/null +++ b/v1.9.2/addons/velero/index.html @@ -0,0 +1,1028 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Velero - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Velero

+

Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes.

+ +

Usage

+

Velero can be deployed by enabling the add-on via the following.

+
enable_velero           = true
+velero_backup_s3_bucket = "<YOUR_BUCKET_NAME>"
+velero = {
+    s3_backup_location = "<YOUR_S3_BUCKET_ARN>[/prefix]"
+  }
+
+

You can also customize the Helm chart that deploys velero via the following configuration:

+
enable_velero           = true
+
+velero = {
+  name          = "velero"
+  description   = "A Helm chart for velero"
+  chart_version = "3.1.6"
+  repository    = "https://vmware-tanzu.github.io/helm-charts/"
+  namespace     = "velero"
+  values        = [templatefile("${path.module}/values.yaml", {})]
+}
+
+

To see a working example, see the stateful example blueprint.

+

Validate

+
    +
  1. Run update-kubeconfig command:
    2. +
+
aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>
+
+
    +
  1. Test by listing velero resources provisioned:
    2. +
+
kubectl get all -n velero
+
+# Output should look similar to below
+NAME                         READY   STATUS    RESTARTS   AGE
+pod/velero-7b8994d56-z89sl   1/1     Running   0          25h
+
+NAME             TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
+service/velero   ClusterIP   172.20.20.118   <none>        8085/TCP   25h
+
+NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/velero   1/1     1            1           25h
+
+NAME                               DESIRED   CURRENT   READY   AGE
+replicaset.apps/velero-7b8994d56   1         1         1       25h
+
+
    +
  1. Get backup location using velero CLI
    2. +
+
velero backup-location get
+
+# Output should look similar to below
+NAME      PROVIDER   BUCKET/PREFIX                                 PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT
+default   aws        stateful-20230503175301619800000005/backups   Available   2023-05-04 15:15:00 -0400 EDT   ReadWrite     true
+
+
    +
  1. To demonstrate creating a backup and restoring, create a new namespace and run nginx using below commands:
    2. +
+
kubectl create namespace backupdemo
+kubectl run nginx --image=nginx -n backupdemo
+
+
    +
  1. Create backup of this namespace using velero
    2. +
+
velero backup create backup1 --include-namespaces backupdemo
+
+# Output should look similar to below
+Backup request "backup1" submitted successfully.
+Run `velero backup describe backup1` or `velero backup logs backup1` for more details.
+
+
    +
  1. Describe the backup to check the backup status
    2. +
+
velero backup describe backup1
+
+# Output should look similar to below
+Name:         backup1
+Namespace:    velero
+Labels:       velero.io/storage-location=default
+Annotations:  velero.io/source-cluster-k8s-gitversion=v1.26.2-eks-a59e1f0
+              velero.io/source-cluster-k8s-major-version=1
+              velero.io/source-cluster-k8s-minor-version=26+
+
+Phase:  Completed
+
+
+Namespaces:
+  Included:  backupdemo
+  Excluded:  <none>
+
+Resources:
+  Included:        *
+  Excluded:        <none>
+  Cluster-scoped:  auto
+
+Label selector:  <none>
+
+Storage Location:  default
+
+Velero-Native Snapshot PVs:  auto
+
+TTL:  720h0m0s
+
+CSISnapshotTimeout:    10m0s
+ItemOperationTimeout:  0s
+
+Hooks:  <none>
+
+Backup Format Version:  1.1.0
+
+Started:    2023-05-04 15:16:31 -0400 EDT
+Completed:  2023-05-04 15:16:33 -0400 EDT
+
+Expiration:  2023-06-03 15:16:31 -0400 EDT
+
+Total items to be backed up:  9
+Items backed up:              9
+
+Velero-Native Snapshots: <none included>
+
+
    +
  1. Delete the namespace - this will be restored using the backup created
    2. +
+
kubectl delete namespace backupdemo
+
+
    +
  1. Restore the namespace from your backup
    2. +
+
velero restore create --from-backup backup1
+
+
    +
  1. Verify that the namespace is restored
    2. +
+
kubectl get all -n backupdemo
+
+# Output should look similar to below
+NAME        READY   STATUS    RESTARTS   AGE
+pod/nginx   1/1     Running   0          21s
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/addons/vertical-pod-autoscaler/index.html b/v1.9.2/addons/vertical-pod-autoscaler/index.html new file mode 100644 index 00000000..09023ccd --- /dev/null +++ b/v1.9.2/addons/vertical-pod-autoscaler/index.html @@ -0,0 +1,888 @@ + + + + + + + + + + + + + + + + + + + + + + + + Vertical Pod Autoscaler - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Vertical Pod Autoscaler

+

VPA Vertical Pod Autoscaler (VPA) automatically adjusts the CPU and memory reservations for your pods to help "right size" your applications. When configured, it will automatically request the necessary reservations based on usage and thus allow proper scheduling onto nodes so that the appropriate resource amount is available for each pod. It will also maintain ratios between limits and requests that were specified in initial container configuration.

+

NOTE: Metrics Server add-on is a dependency for this addon

+

Usage

+

This step deploys the Vertical Pod Autoscaler with default Helm Chart config

+
  enable_vpa            = true
+  enable_metrics_server = true
+
+

You can also customize the Helm chart that deploys vpa via the following configuration:

+
  enable_vpa = true
+  enable_metrics_server = true
+
+  vpa = {
+    name          = "vpa"
+    chart_version = "1.7.5"
+    repository    = "https://charts.fairwinds.com/stable"
+    namespace     = "vpa"
+    values        = [templatefile("${path.module}/values.yaml", {})]
+  }
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/amazon-eks-addons/index.html b/v1.9.2/amazon-eks-addons/index.html new file mode 100644 index 00000000..5e9c2113 --- /dev/null +++ b/v1.9.2/amazon-eks-addons/index.html @@ -0,0 +1,1133 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Amazon EKS Addons - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Amazon EKS Add-ons

+

The Amazon EKS add-on implementation is generic and can be used to deploy any add-on supported by the EKS API; either native EKS addons or third party add-ons supplied via the AWS Marketplace.

+

See the EKS documentation for more details on EKS addon-ons, including the list of Amazon EKS add-ons from Amazon EKS, as well as Additional Amazon EKS add-ons from independent software vendors.

+

Architecture Support

+

The Amazon EKS provided add-ons listed below support both x86_64/amd64 and arm64 architectures. Third party add-ons that are available via the AWS Marketplace will vary based on the support provided by the add-on vendor. No additional changes are required to add-on configurations when switching between x86_64/amd64 and arm64 architectures; Amazon EKS add-ons utilize multi-architecture container images to support this functionality.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Add-onx86_64/amd64arm64
vpc-cni
aws-ebs-csi-driver
coredns
kube-proxy
adot
aws-guardduty-agent
+

Usage

+

The Amazon EKS add-ons are provisioned via a generic interface behind the eks_addons argument which accepts a map of add-on configurations. The generic interface for an add-on is defined below for reference:

+
module "eks_blueprints_addons" {
+  source = "aws-ia/eks-blueprints-addons/aws"
+
+  # ... truncated for brevity
+
+  eks_addons = {
+    <key> = {
+      name = string # Optional - <key> is used if `name` is not set
+
+      most_recent          = bool
+      addon_version        = string # overrides `most_recent` if set
+      configuration_values = string # JSON string
+
+      preserve                    = bool # defaults to `true`
+      resolve_conflicts_on_create = string # defaults to `OVERWRITE`
+      resolve_conflicts_on_update = string # defaults to `OVERWRITE`
+
+      timeouts = {
+        create = string # optional
+        update = string # optional
+        delete = string # optional
+      }
+
+      tags = map(string)
+    }
+  }
+}
+
+

Example

+
module "eks_blueprints_addons" {
+  source = "aws-ia/eks-blueprints-addons/aws"
+
+  # ... truncated for brevity
+
+  eks_addons = {
+    # Amazon EKS add-ons
+    aws-ebs-csi-driver = {
+      most_recent              = true
+      service_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn
+    }
+
+    coredns = {
+      most_recent = true
+
+      timeouts = {
+        create = "25m"
+        delete = "10m"
+      }
+    }
+
+    vpc-cni = {
+      most_recent              = true
+      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
+    }
+
+    kube-proxy = {}
+
+    # Third party add-ons via AWS Marketplace
+    kubecost_kubecost = {
+      most_recent = true
+    }
+
+    teleport_teleport = {
+      most_recent = true
+    }
+  }
+}
+
+

Configuration Values

+

You can supply custom configuration values to each addon via the configuration_values argument of the add-on definition. The value provided must be a JSON encoded string and adhere to the JSON scheme provided by the version of the add-on. You can view this schema using the awscli by supplying the add-on name and version to the describe-addon-configuration command:

+
aws eks describe-addon-configuration \
+ --addon-name coredns \
+ --addon-version v1.8.7-eksbuild.2 \
+ --query 'configurationSchema' \
+ --output text | jq
+
+

Which returns the formatted JSON schema like below:

+
{
+  "$ref": "#/definitions/Coredns",
+  "$schema": "http://json-schema.org/draft-06/schema#",
+  "definitions": {
+    "Coredns": {
+      "additionalProperties": false,
+      "properties": {
+        "computeType": {
+          "type": "string"
+        },
+        "corefile": {
+          "description": "Entire corefile contents to use with installation",
+          "type": "string"
+        },
+        "nodeSelector": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": "object"
+        },
+        "replicaCount": {
+          "type": "integer"
+        },
+        "resources": {
+          "$ref": "#/definitions/Resources"
+        }
+      },
+      "title": "Coredns",
+      "type": "object"
+    },
+    "Limits": {
+      "additionalProperties": false,
+      "properties": {
+        "cpu": {
+          "type": "string"
+        },
+        "memory": {
+          "type": "string"
+        }
+      },
+      "title": "Limits",
+      "type": "object"
+    },
+    "Resources": {
+      "additionalProperties": false,
+      "properties": {
+        "limits": {
+          "$ref": "#/definitions/Limits"
+        },
+        "requests": {
+          "$ref": "#/definitions/Limits"
+        }
+      },
+      "title": "Resources",
+      "type": "object"
+    }
+  }
+}
+
+

You can supply the configuration values to the add-on by passing a map of the values wrapped in the jsonencode() function as shown below:

+
module "eks_blueprints_addons" {
+  source = "aws-ia/eks-blueprints-addons/aws"
+
+  # ... truncated for brevity
+
+  eks_addons = {
+    coredns = {
+      most_recent = true
+
+      configuration_values = jsonencode({
+        replicaCount = 4
+        resources = {
+          limits = {
+            cpu    = "100m"
+            memory = "150Mi"
+          }
+          requests = {
+            cpu    = "100m"
+            memory = "150Mi"
+          }
+        }
+      })
+    }
+  }
+}
+
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/architectures/index.html b/v1.9.2/architectures/index.html new file mode 100644 index 00000000..5a2866b9 --- /dev/null +++ b/v1.9.2/architectures/index.html @@ -0,0 +1,1053 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Architectures - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Architectures

+ +

Addons

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Addonx86_64/amd64arm64
Argo Rollouts
Argo Workflows
Argo CD
AWS CloudWatch Metrics
AWS EFS CSI Driver
AWS for FluentBit
AWS FSx CSI Driver
AWS Load Balancer Controller
AWS Node Termination Handler
AWS Private CA Issuer
Cert Manager
Cluster Autoscaler
Cluster Proportional Autoscaler
External DNS
External Secrets
OPA Gatekeeper
Ingress Nginx
Karpenter
Kube-Prometheus Stack
Metrics Server
Secrets Store CSI Driver
Secrets Store CSI Driver Provider AWS
Velero
Vertical Pod Autoscaler
+

Amazon EKS Addons

+

The Amazon EKS provided add-ons listed below support both x86_64/amd64 and arm64 architectures. Third party add-ons that are available via the AWS Marketplace will vary based on the support provided by the add-on vendor. No additional changes are required to add-on configurations when switching between x86_64/amd64 and arm64 architectures; Amazon EKS add-ons utilize multi-architecture container images to support this functionality. These addons are specified via the eks_addons input variable.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Addonx86_64/amd64arm64
AWS VPC CNI
AWS EBS CSI Driver
CoreDNS
Kube-proxy
ADOT Collector
AWS GuardDuty Agent
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/assets/images/favicon.png b/v1.9.2/assets/images/favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..1cf13b9f9d978896599290a74f77d5dbe7d1655c GIT binary patch literal 1870 zcmV-U2eJ5xP)Gc)JR9QMau)O=X#!i9;T z37kk-upj^(fsR36MHs_+1RCI)NNu9}lD0S{B^g8PN?Ww(5|~L#Ng*g{WsqleV}|#l zz8@ri&cTzw_h33bHI+12+kK6WN$h#n5cD8OQt`5kw6p~9H3()bUQ8OS4Q4HTQ=1Ol z_JAocz`fLbT2^{`8n~UAo=#AUOf=SOq4pYkt;XbC&f#7lb$*7=$na!mWCQ`dBQsO0 zLFBSPj*N?#u5&pf2t4XjEGH|=pPQ8xh7tpx;US5Cx_Ju;!O`ya-yF`)b%TEt5>eP1ZX~}sjjA%FJF?h7cX8=b!DZl<6%Cv z*G0uvvU+vmnpLZ2paivG-(cd*y3$hCIcsZcYOGh{$&)A6*XX&kXZd3G8m)G$Zz-LV z^GF3VAW^Mdv!)4OM8EgqRiz~*Cji;uzl2uC9^=8I84vNp;ltJ|q-*uQwGp2ma6cY7 z;`%`!9UXO@fr&Ebapfs34OmS9^u6$)bJxrucutf>`dKPKT%%*d3XlFVKunp9 zasduxjrjs>f8V=D|J=XNZp;_Zy^WgQ$9WDjgY=z@stwiEBm9u5*|34&1Na8BMjjgf3+SHcr`5~>oz1Y?SW^=K z^bTyO6>Gar#P_W2gEMwq)ot3; zREHn~U&Dp0l6YT0&k-wLwYjb?5zGK`W6S2v+K>AM(95m2C20L|3m~rN8dprPr@t)5lsk9Hu*W z?pS990s;Ez=+Rj{x7p``4>+c0G5^pYnB1^!TL=(?HLHZ+HicG{~4F1d^5Awl_2!1jICM-!9eoLhbbT^;yHcefyTAaqRcY zmuctDopPT!%k+}x%lZRKnzykr2}}XfG_ne?nRQO~?%hkzo;@RN{P6o`&mMUWBYMTe z6i8ChtjX&gXl`nvrU>jah)2iNM%JdjqoaeaU%yVn!^70x-flljp6Q5tK}5}&X8&&G zX3fpb3E(!rH=zVI_9Gjl45w@{(ITqngWFe7@9{mX;tO25Z_8 zQHEpI+FkTU#4xu>RkN>b3Tnc3UpWzPXWm#o55GKF09j^Mh~)K7{QqbO_~(@CVq! zS<8954|P8mXN2MRs86xZ&Q4EfM@JB94b=(YGuk)s&^jiSF=t3*oNK3`rD{H`yQ?d; ztE=laAUoZx5?RC8*WKOj`%LXEkgDd>&^Q4M^z`%u0rg-It=hLCVsq!Z%^6eB-OvOT zFZ28TN&cRmgU}Elrnk43)!>Z1FCPL2K$7}gwzIc48NX}#!A1BpJP?#v5wkNprhV** z?Cpalt1oH&{r!o3eSKc&ap)iz2BTn_VV`4>9M^b3;(YY}4>#ML6{~(4mH+?%07*qo IM6N<$f(jP3KmY&$ literal 0 HcmV?d00001 diff --git a/v1.9.2/assets/javascripts/bundle.19047be9.min.js b/v1.9.2/assets/javascripts/bundle.19047be9.min.js new file mode 100644 index 00000000..0e09ba9a --- /dev/null +++ b/v1.9.2/assets/javascripts/bundle.19047be9.min.js @@ -0,0 +1,29 @@ +"use strict";(()=>{var Ri=Object.create;var gr=Object.defineProperty;var ki=Object.getOwnPropertyDescriptor;var Hi=Object.getOwnPropertyNames,Ht=Object.getOwnPropertySymbols,Pi=Object.getPrototypeOf,yr=Object.prototype.hasOwnProperty,on=Object.prototype.propertyIsEnumerable;var nn=(e,t,r)=>t in e?gr(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,P=(e,t)=>{for(var r in t||(t={}))yr.call(t,r)&&nn(e,r,t[r]);if(Ht)for(var r of Ht(t))on.call(t,r)&&nn(e,r,t[r]);return e};var an=(e,t)=>{var r={};for(var n in e)yr.call(e,n)&&t.indexOf(n)<0&&(r[n]=e[n]);if(e!=null&&Ht)for(var n of Ht(e))t.indexOf(n)<0&&on.call(e,n)&&(r[n]=e[n]);return r};var Pt=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var $i=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of Hi(t))!yr.call(e,o)&&o!==r&&gr(e,o,{get:()=>t[o],enumerable:!(n=ki(t,o))||n.enumerable});return e};var yt=(e,t,r)=>(r=e!=null?Ri(Pi(e)):{},$i(t||!e||!e.__esModule?gr(r,"default",{value:e,enumerable:!0}):r,e));var cn=Pt((xr,sn)=>{(function(e,t){typeof xr=="object"&&typeof sn!="undefined"?t():typeof define=="function"&&define.amd?define(t):t()})(xr,function(){"use strict";function e(r){var n=!0,o=!1,i=null,s={text:!0,search:!0,url:!0,tel:!0,email:!0,password:!0,number:!0,date:!0,month:!0,week:!0,time:!0,datetime:!0,"datetime-local":!0};function a(T){return!!(T&&T!==document&&T.nodeName!=="HTML"&&T.nodeName!=="BODY"&&"classList"in T&&"contains"in T.classList)}function c(T){var Qe=T.type,De=T.tagName;return!!(De==="INPUT"&&s[Qe]&&!T.readOnly||De==="TEXTAREA"&&!T.readOnly||T.isContentEditable)}function f(T){T.classList.contains("focus-visible")||(T.classList.add("focus-visible"),T.setAttribute("data-focus-visible-added",""))}function u(T){T.hasAttribute("data-focus-visible-added")&&(T.classList.remove("focus-visible"),T.removeAttribute("data-focus-visible-added"))}function p(T){T.metaKey||T.altKey||T.ctrlKey||(a(r.activeElement)&&f(r.activeElement),n=!0)}function m(T){n=!1}function d(T){a(T.target)&&(n||c(T.target))&&f(T.target)}function h(T){a(T.target)&&(T.target.classList.contains("focus-visible")||T.target.hasAttribute("data-focus-visible-added"))&&(o=!0,window.clearTimeout(i),i=window.setTimeout(function(){o=!1},100),u(T.target))}function v(T){document.visibilityState==="hidden"&&(o&&(n=!0),G())}function G(){document.addEventListener("mousemove",N),document.addEventListener("mousedown",N),document.addEventListener("mouseup",N),document.addEventListener("pointermove",N),document.addEventListener("pointerdown",N),document.addEventListener("pointerup",N),document.addEventListener("touchmove",N),document.addEventListener("touchstart",N),document.addEventListener("touchend",N)}function oe(){document.removeEventListener("mousemove",N),document.removeEventListener("mousedown",N),document.removeEventListener("mouseup",N),document.removeEventListener("pointermove",N),document.removeEventListener("pointerdown",N),document.removeEventListener("pointerup",N),document.removeEventListener("touchmove",N),document.removeEventListener("touchstart",N),document.removeEventListener("touchend",N)}function N(T){T.target.nodeName&&T.target.nodeName.toLowerCase()==="html"||(n=!1,oe())}document.addEventListener("keydown",p,!0),document.addEventListener("mousedown",m,!0),document.addEventListener("pointerdown",m,!0),document.addEventListener("touchstart",m,!0),document.addEventListener("visibilitychange",v,!0),G(),r.addEventListener("focus",d,!0),r.addEventListener("blur",h,!0),r.nodeType===Node.DOCUMENT_FRAGMENT_NODE&&r.host?r.host.setAttribute("data-js-focus-visible",""):r.nodeType===Node.DOCUMENT_NODE&&(document.documentElement.classList.add("js-focus-visible"),document.documentElement.setAttribute("data-js-focus-visible",""))}if(typeof window!="undefined"&&typeof document!="undefined"){window.applyFocusVisiblePolyfill=e;var t;try{t=new CustomEvent("focus-visible-polyfill-ready")}catch(r){t=document.createEvent("CustomEvent"),t.initCustomEvent("focus-visible-polyfill-ready",!1,!1,{})}window.dispatchEvent(t)}typeof document!="undefined"&&e(document)})});var fn=Pt(Er=>{(function(e){var t=function(){try{return!!Symbol.iterator}catch(f){return!1}},r=t(),n=function(f){var u={next:function(){var p=f.shift();return{done:p===void 0,value:p}}};return r&&(u[Symbol.iterator]=function(){return u}),u},o=function(f){return encodeURIComponent(f).replace(/%20/g,"+")},i=function(f){return decodeURIComponent(String(f).replace(/\+/g," "))},s=function(){var f=function(p){Object.defineProperty(this,"_entries",{writable:!0,value:{}});var m=typeof p;if(m!=="undefined")if(m==="string")p!==""&&this._fromString(p);else if(p instanceof f){var d=this;p.forEach(function(oe,N){d.append(N,oe)})}else if(p!==null&&m==="object")if(Object.prototype.toString.call(p)==="[object Array]")for(var h=0;hd[0]?1:0}),f._entries&&(f._entries={});for(var p=0;p1?i(d[1]):"")}})})(typeof global!="undefined"?global:typeof window!="undefined"?window:typeof self!="undefined"?self:Er);(function(e){var t=function(){try{var o=new e.URL("b","http://a");return o.pathname="c d",o.href==="http://a/c%20d"&&o.searchParams}catch(i){return!1}},r=function(){var o=e.URL,i=function(c,f){typeof c!="string"&&(c=String(c)),f&&typeof f!="string"&&(f=String(f));var u=document,p;if(f&&(e.location===void 0||f!==e.location.href)){f=f.toLowerCase(),u=document.implementation.createHTMLDocument(""),p=u.createElement("base"),p.href=f,u.head.appendChild(p);try{if(p.href.indexOf(f)!==0)throw new Error(p.href)}catch(T){throw new Error("URL unable to set base "+f+" due to "+T)}}var m=u.createElement("a");m.href=c,p&&(u.body.appendChild(m),m.href=m.href);var d=u.createElement("input");if(d.type="url",d.value=c,m.protocol===":"||!/:/.test(m.href)||!d.checkValidity()&&!f)throw new TypeError("Invalid URL");Object.defineProperty(this,"_anchorElement",{value:m});var h=new e.URLSearchParams(this.search),v=!0,G=!0,oe=this;["append","delete","set"].forEach(function(T){var Qe=h[T];h[T]=function(){Qe.apply(h,arguments),v&&(G=!1,oe.search=h.toString(),G=!0)}}),Object.defineProperty(this,"searchParams",{value:h,enumerable:!0});var N=void 0;Object.defineProperty(this,"_updateSearchParams",{enumerable:!1,configurable:!1,writable:!1,value:function(){this.search!==N&&(N=this.search,G&&(v=!1,this.searchParams._fromString(this.search),v=!0))}})},s=i.prototype,a=function(c){Object.defineProperty(s,c,{get:function(){return this._anchorElement[c]},set:function(f){this._anchorElement[c]=f},enumerable:!0})};["hash","host","hostname","port","protocol"].forEach(function(c){a(c)}),Object.defineProperty(s,"search",{get:function(){return this._anchorElement.search},set:function(c){this._anchorElement.search=c,this._updateSearchParams()},enumerable:!0}),Object.defineProperties(s,{toString:{get:function(){var c=this;return function(){return c.href}}},href:{get:function(){return this._anchorElement.href.replace(/\?$/,"")},set:function(c){this._anchorElement.href=c,this._updateSearchParams()},enumerable:!0},pathname:{get:function(){return this._anchorElement.pathname.replace(/(^\/?)/,"/")},set:function(c){this._anchorElement.pathname=c},enumerable:!0},origin:{get:function(){var c={"http:":80,"https:":443,"ftp:":21}[this._anchorElement.protocol],f=this._anchorElement.port!=c&&this._anchorElement.port!=="";return this._anchorElement.protocol+"//"+this._anchorElement.hostname+(f?":"+this._anchorElement.port:"")},enumerable:!0},password:{get:function(){return""},set:function(c){},enumerable:!0},username:{get:function(){return""},set:function(c){},enumerable:!0}}),i.createObjectURL=function(c){return o.createObjectURL.apply(o,arguments)},i.revokeObjectURL=function(c){return o.revokeObjectURL.apply(o,arguments)},e.URL=i};if(t()||r(),e.location!==void 0&&!("origin"in e.location)){var n=function(){return e.location.protocol+"//"+e.location.hostname+(e.location.port?":"+e.location.port:"")};try{Object.defineProperty(e.location,"origin",{get:n,enumerable:!0})}catch(o){setInterval(function(){e.location.origin=n()},100)}}})(typeof global!="undefined"?global:typeof window!="undefined"?window:typeof self!="undefined"?self:Er)});var Kr=Pt((Mt,qr)=>{/*! + * clipboard.js v2.0.11 + * https://clipboardjs.com/ + * + * Licensed MIT © Zeno Rocha + */(function(t,r){typeof Mt=="object"&&typeof qr=="object"?qr.exports=r():typeof define=="function"&&define.amd?define([],r):typeof Mt=="object"?Mt.ClipboardJS=r():t.ClipboardJS=r()})(Mt,function(){return function(){var e={686:function(n,o,i){"use strict";i.d(o,{default:function(){return Ci}});var s=i(279),a=i.n(s),c=i(370),f=i.n(c),u=i(817),p=i.n(u);function m(j){try{return document.execCommand(j)}catch(O){return!1}}var d=function(O){var E=p()(O);return m("cut"),E},h=d;function v(j){var O=document.documentElement.getAttribute("dir")==="rtl",E=document.createElement("textarea");E.style.fontSize="12pt",E.style.border="0",E.style.padding="0",E.style.margin="0",E.style.position="absolute",E.style[O?"right":"left"]="-9999px";var H=window.pageYOffset||document.documentElement.scrollTop;return E.style.top="".concat(H,"px"),E.setAttribute("readonly",""),E.value=j,E}var G=function(O,E){var H=v(O);E.container.appendChild(H);var I=p()(H);return m("copy"),H.remove(),I},oe=function(O){var E=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{container:document.body},H="";return typeof O=="string"?H=G(O,E):O instanceof HTMLInputElement&&!["text","search","url","tel","password"].includes(O==null?void 0:O.type)?H=G(O.value,E):(H=p()(O),m("copy")),H},N=oe;function T(j){return typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?T=function(E){return typeof E}:T=function(E){return E&&typeof Symbol=="function"&&E.constructor===Symbol&&E!==Symbol.prototype?"symbol":typeof E},T(j)}var Qe=function(){var O=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},E=O.action,H=E===void 0?"copy":E,I=O.container,q=O.target,Me=O.text;if(H!=="copy"&&H!=="cut")throw new Error('Invalid "action" value, use either "copy" or "cut"');if(q!==void 0)if(q&&T(q)==="object"&&q.nodeType===1){if(H==="copy"&&q.hasAttribute("disabled"))throw new Error('Invalid "target" attribute. Please use "readonly" instead of "disabled" attribute');if(H==="cut"&&(q.hasAttribute("readonly")||q.hasAttribute("disabled")))throw new Error(`Invalid "target" attribute. You can't cut text from elements with "readonly" or "disabled" attributes`)}else throw new Error('Invalid "target" value, use a valid Element');if(Me)return N(Me,{container:I});if(q)return H==="cut"?h(q):N(q,{container:I})},De=Qe;function $e(j){return typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?$e=function(E){return typeof E}:$e=function(E){return E&&typeof Symbol=="function"&&E.constructor===Symbol&&E!==Symbol.prototype?"symbol":typeof E},$e(j)}function wi(j,O){if(!(j instanceof O))throw new TypeError("Cannot call a class as a function")}function rn(j,O){for(var E=0;E0&&arguments[0]!==void 0?arguments[0]:{};this.action=typeof I.action=="function"?I.action:this.defaultAction,this.target=typeof I.target=="function"?I.target:this.defaultTarget,this.text=typeof I.text=="function"?I.text:this.defaultText,this.container=$e(I.container)==="object"?I.container:document.body}},{key:"listenClick",value:function(I){var q=this;this.listener=f()(I,"click",function(Me){return q.onClick(Me)})}},{key:"onClick",value:function(I){var q=I.delegateTarget||I.currentTarget,Me=this.action(q)||"copy",kt=De({action:Me,container:this.container,target:this.target(q),text:this.text(q)});this.emit(kt?"success":"error",{action:Me,text:kt,trigger:q,clearSelection:function(){q&&q.focus(),window.getSelection().removeAllRanges()}})}},{key:"defaultAction",value:function(I){return vr("action",I)}},{key:"defaultTarget",value:function(I){var q=vr("target",I);if(q)return document.querySelector(q)}},{key:"defaultText",value:function(I){return vr("text",I)}},{key:"destroy",value:function(){this.listener.destroy()}}],[{key:"copy",value:function(I){var q=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{container:document.body};return N(I,q)}},{key:"cut",value:function(I){return h(I)}},{key:"isSupported",value:function(){var I=arguments.length>0&&arguments[0]!==void 0?arguments[0]:["copy","cut"],q=typeof I=="string"?[I]:I,Me=!!document.queryCommandSupported;return q.forEach(function(kt){Me=Me&&!!document.queryCommandSupported(kt)}),Me}}]),E}(a()),Ci=Ai},828:function(n){var o=9;if(typeof Element!="undefined"&&!Element.prototype.matches){var i=Element.prototype;i.matches=i.matchesSelector||i.mozMatchesSelector||i.msMatchesSelector||i.oMatchesSelector||i.webkitMatchesSelector}function s(a,c){for(;a&&a.nodeType!==o;){if(typeof a.matches=="function"&&a.matches(c))return a;a=a.parentNode}}n.exports=s},438:function(n,o,i){var s=i(828);function a(u,p,m,d,h){var v=f.apply(this,arguments);return u.addEventListener(m,v,h),{destroy:function(){u.removeEventListener(m,v,h)}}}function c(u,p,m,d,h){return typeof u.addEventListener=="function"?a.apply(null,arguments):typeof m=="function"?a.bind(null,document).apply(null,arguments):(typeof u=="string"&&(u=document.querySelectorAll(u)),Array.prototype.map.call(u,function(v){return a(v,p,m,d,h)}))}function f(u,p,m,d){return function(h){h.delegateTarget=s(h.target,p),h.delegateTarget&&d.call(u,h)}}n.exports=c},879:function(n,o){o.node=function(i){return i!==void 0&&i instanceof HTMLElement&&i.nodeType===1},o.nodeList=function(i){var s=Object.prototype.toString.call(i);return i!==void 0&&(s==="[object NodeList]"||s==="[object HTMLCollection]")&&"length"in i&&(i.length===0||o.node(i[0]))},o.string=function(i){return typeof i=="string"||i instanceof String},o.fn=function(i){var s=Object.prototype.toString.call(i);return s==="[object Function]"}},370:function(n,o,i){var s=i(879),a=i(438);function c(m,d,h){if(!m&&!d&&!h)throw new Error("Missing required arguments");if(!s.string(d))throw new TypeError("Second argument must be a String");if(!s.fn(h))throw new TypeError("Third argument must be a Function");if(s.node(m))return f(m,d,h);if(s.nodeList(m))return u(m,d,h);if(s.string(m))return p(m,d,h);throw new TypeError("First argument must be a String, HTMLElement, HTMLCollection, or NodeList")}function f(m,d,h){return m.addEventListener(d,h),{destroy:function(){m.removeEventListener(d,h)}}}function u(m,d,h){return Array.prototype.forEach.call(m,function(v){v.addEventListener(d,h)}),{destroy:function(){Array.prototype.forEach.call(m,function(v){v.removeEventListener(d,h)})}}}function p(m,d,h){return a(document.body,m,d,h)}n.exports=c},817:function(n){function o(i){var s;if(i.nodeName==="SELECT")i.focus(),s=i.value;else if(i.nodeName==="INPUT"||i.nodeName==="TEXTAREA"){var a=i.hasAttribute("readonly");a||i.setAttribute("readonly",""),i.select(),i.setSelectionRange(0,i.value.length),a||i.removeAttribute("readonly"),s=i.value}else{i.hasAttribute("contenteditable")&&i.focus();var c=window.getSelection(),f=document.createRange();f.selectNodeContents(i),c.removeAllRanges(),c.addRange(f),s=c.toString()}return s}n.exports=o},279:function(n){function o(){}o.prototype={on:function(i,s,a){var c=this.e||(this.e={});return(c[i]||(c[i]=[])).push({fn:s,ctx:a}),this},once:function(i,s,a){var c=this;function f(){c.off(i,f),s.apply(a,arguments)}return f._=s,this.on(i,f,a)},emit:function(i){var s=[].slice.call(arguments,1),a=((this.e||(this.e={}))[i]||[]).slice(),c=0,f=a.length;for(c;c{"use strict";/*! + * escape-html + * Copyright(c) 2012-2013 TJ Holowaychuk + * Copyright(c) 2015 Andreas Lubbe + * Copyright(c) 2015 Tiancheng "Timothy" Gu + * MIT Licensed + */var ns=/["'&<>]/;Go.exports=os;function os(e){var t=""+e,r=ns.exec(t);if(!r)return t;var n,o="",i=0,s=0;for(i=r.index;i0&&i[i.length-1])&&(f[0]===6||f[0]===2)){r=0;continue}if(f[0]===3&&(!i||f[1]>i[0]&&f[1]=e.length&&(e=void 0),{value:e&&e[n++],done:!e}}};throw new TypeError(t?"Object is not iterable.":"Symbol.iterator is not defined.")}function W(e,t){var r=typeof Symbol=="function"&&e[Symbol.iterator];if(!r)return e;var n=r.call(e),o,i=[],s;try{for(;(t===void 0||t-- >0)&&!(o=n.next()).done;)i.push(o.value)}catch(a){s={error:a}}finally{try{o&&!o.done&&(r=n.return)&&r.call(n)}finally{if(s)throw s.error}}return i}function D(e,t,r){if(r||arguments.length===2)for(var n=0,o=t.length,i;n1||a(m,d)})})}function a(m,d){try{c(n[m](d))}catch(h){p(i[0][3],h)}}function c(m){m.value instanceof et?Promise.resolve(m.value.v).then(f,u):p(i[0][2],m)}function f(m){a("next",m)}function u(m){a("throw",m)}function p(m,d){m(d),i.shift(),i.length&&a(i[0][0],i[0][1])}}function ln(e){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var t=e[Symbol.asyncIterator],r;return t?t.call(e):(e=typeof Ee=="function"?Ee(e):e[Symbol.iterator](),r={},n("next"),n("throw"),n("return"),r[Symbol.asyncIterator]=function(){return this},r);function n(i){r[i]=e[i]&&function(s){return new Promise(function(a,c){s=e[i](s),o(a,c,s.done,s.value)})}}function o(i,s,a,c){Promise.resolve(c).then(function(f){i({value:f,done:a})},s)}}function C(e){return typeof e=="function"}function at(e){var t=function(n){Error.call(n),n.stack=new Error().stack},r=e(t);return r.prototype=Object.create(Error.prototype),r.prototype.constructor=r,r}var It=at(function(e){return function(r){e(this),this.message=r?r.length+` errors occurred during unsubscription: +`+r.map(function(n,o){return o+1+") "+n.toString()}).join(` + `):"",this.name="UnsubscriptionError",this.errors=r}});function Ve(e,t){if(e){var r=e.indexOf(t);0<=r&&e.splice(r,1)}}var Ie=function(){function e(t){this.initialTeardown=t,this.closed=!1,this._parentage=null,this._finalizers=null}return e.prototype.unsubscribe=function(){var t,r,n,o,i;if(!this.closed){this.closed=!0;var s=this._parentage;if(s)if(this._parentage=null,Array.isArray(s))try{for(var a=Ee(s),c=a.next();!c.done;c=a.next()){var f=c.value;f.remove(this)}}catch(v){t={error:v}}finally{try{c&&!c.done&&(r=a.return)&&r.call(a)}finally{if(t)throw t.error}}else s.remove(this);var u=this.initialTeardown;if(C(u))try{u()}catch(v){i=v instanceof It?v.errors:[v]}var p=this._finalizers;if(p){this._finalizers=null;try{for(var m=Ee(p),d=m.next();!d.done;d=m.next()){var h=d.value;try{mn(h)}catch(v){i=i!=null?i:[],v instanceof It?i=D(D([],W(i)),W(v.errors)):i.push(v)}}}catch(v){n={error:v}}finally{try{d&&!d.done&&(o=m.return)&&o.call(m)}finally{if(n)throw n.error}}}if(i)throw new It(i)}},e.prototype.add=function(t){var r;if(t&&t!==this)if(this.closed)mn(t);else{if(t instanceof e){if(t.closed||t._hasParent(this))return;t._addParent(this)}(this._finalizers=(r=this._finalizers)!==null&&r!==void 0?r:[]).push(t)}},e.prototype._hasParent=function(t){var r=this._parentage;return r===t||Array.isArray(r)&&r.includes(t)},e.prototype._addParent=function(t){var r=this._parentage;this._parentage=Array.isArray(r)?(r.push(t),r):r?[r,t]:t},e.prototype._removeParent=function(t){var r=this._parentage;r===t?this._parentage=null:Array.isArray(r)&&Ve(r,t)},e.prototype.remove=function(t){var r=this._finalizers;r&&Ve(r,t),t instanceof e&&t._removeParent(this)},e.EMPTY=function(){var t=new e;return t.closed=!0,t}(),e}();var Sr=Ie.EMPTY;function jt(e){return e instanceof Ie||e&&"closed"in e&&C(e.remove)&&C(e.add)&&C(e.unsubscribe)}function mn(e){C(e)?e():e.unsubscribe()}var Le={onUnhandledError:null,onStoppedNotification:null,Promise:void 0,useDeprecatedSynchronousErrorHandling:!1,useDeprecatedNextContext:!1};var st={setTimeout:function(e,t){for(var r=[],n=2;n0},enumerable:!1,configurable:!0}),t.prototype._trySubscribe=function(r){return this._throwIfClosed(),e.prototype._trySubscribe.call(this,r)},t.prototype._subscribe=function(r){return this._throwIfClosed(),this._checkFinalizedStatuses(r),this._innerSubscribe(r)},t.prototype._innerSubscribe=function(r){var n=this,o=this,i=o.hasError,s=o.isStopped,a=o.observers;return i||s?Sr:(this.currentObservers=null,a.push(r),new Ie(function(){n.currentObservers=null,Ve(a,r)}))},t.prototype._checkFinalizedStatuses=function(r){var n=this,o=n.hasError,i=n.thrownError,s=n.isStopped;o?r.error(i):s&&r.complete()},t.prototype.asObservable=function(){var r=new F;return r.source=this,r},t.create=function(r,n){return new En(r,n)},t}(F);var En=function(e){ie(t,e);function t(r,n){var o=e.call(this)||this;return o.destination=r,o.source=n,o}return t.prototype.next=function(r){var n,o;(o=(n=this.destination)===null||n===void 0?void 0:n.next)===null||o===void 0||o.call(n,r)},t.prototype.error=function(r){var n,o;(o=(n=this.destination)===null||n===void 0?void 0:n.error)===null||o===void 0||o.call(n,r)},t.prototype.complete=function(){var r,n;(n=(r=this.destination)===null||r===void 0?void 0:r.complete)===null||n===void 0||n.call(r)},t.prototype._subscribe=function(r){var n,o;return(o=(n=this.source)===null||n===void 0?void 0:n.subscribe(r))!==null&&o!==void 0?o:Sr},t}(x);var Et={now:function(){return(Et.delegate||Date).now()},delegate:void 0};var wt=function(e){ie(t,e);function t(r,n,o){r===void 0&&(r=1/0),n===void 0&&(n=1/0),o===void 0&&(o=Et);var i=e.call(this)||this;return i._bufferSize=r,i._windowTime=n,i._timestampProvider=o,i._buffer=[],i._infiniteTimeWindow=!0,i._infiniteTimeWindow=n===1/0,i._bufferSize=Math.max(1,r),i._windowTime=Math.max(1,n),i}return t.prototype.next=function(r){var n=this,o=n.isStopped,i=n._buffer,s=n._infiniteTimeWindow,a=n._timestampProvider,c=n._windowTime;o||(i.push(r),!s&&i.push(a.now()+c)),this._trimBuffer(),e.prototype.next.call(this,r)},t.prototype._subscribe=function(r){this._throwIfClosed(),this._trimBuffer();for(var n=this._innerSubscribe(r),o=this,i=o._infiniteTimeWindow,s=o._buffer,a=s.slice(),c=0;c0?e.prototype.requestAsyncId.call(this,r,n,o):(r.actions.push(this),r._scheduled||(r._scheduled=ut.requestAnimationFrame(function(){return r.flush(void 0)})))},t.prototype.recycleAsyncId=function(r,n,o){var i;if(o===void 0&&(o=0),o!=null?o>0:this.delay>0)return e.prototype.recycleAsyncId.call(this,r,n,o);var s=r.actions;n!=null&&((i=s[s.length-1])===null||i===void 0?void 0:i.id)!==n&&(ut.cancelAnimationFrame(n),r._scheduled=void 0)},t}(Wt);var Tn=function(e){ie(t,e);function t(){return e!==null&&e.apply(this,arguments)||this}return t.prototype.flush=function(r){this._active=!0;var n=this._scheduled;this._scheduled=void 0;var o=this.actions,i;r=r||o.shift();do if(i=r.execute(r.state,r.delay))break;while((r=o[0])&&r.id===n&&o.shift());if(this._active=!1,i){for(;(r=o[0])&&r.id===n&&o.shift();)r.unsubscribe();throw i}},t}(Dt);var Te=new Tn(Sn);var _=new F(function(e){return e.complete()});function Vt(e){return e&&C(e.schedule)}function Cr(e){return e[e.length-1]}function Ye(e){return C(Cr(e))?e.pop():void 0}function Oe(e){return Vt(Cr(e))?e.pop():void 0}function zt(e,t){return typeof Cr(e)=="number"?e.pop():t}var pt=function(e){return e&&typeof e.length=="number"&&typeof e!="function"};function Nt(e){return C(e==null?void 0:e.then)}function qt(e){return C(e[ft])}function Kt(e){return Symbol.asyncIterator&&C(e==null?void 0:e[Symbol.asyncIterator])}function Qt(e){return new TypeError("You provided "+(e!==null&&typeof e=="object"?"an invalid object":"'"+e+"'")+" where a stream was expected. You can provide an Observable, Promise, ReadableStream, Array, AsyncIterable, or Iterable.")}function Ni(){return typeof Symbol!="function"||!Symbol.iterator?"@@iterator":Symbol.iterator}var Yt=Ni();function Gt(e){return C(e==null?void 0:e[Yt])}function Bt(e){return pn(this,arguments,function(){var r,n,o,i;return $t(this,function(s){switch(s.label){case 0:r=e.getReader(),s.label=1;case 1:s.trys.push([1,,9,10]),s.label=2;case 2:return[4,et(r.read())];case 3:return n=s.sent(),o=n.value,i=n.done,i?[4,et(void 0)]:[3,5];case 4:return[2,s.sent()];case 5:return[4,et(o)];case 6:return[4,s.sent()];case 7:return s.sent(),[3,2];case 8:return[3,10];case 9:return r.releaseLock(),[7];case 10:return[2]}})})}function Jt(e){return C(e==null?void 0:e.getReader)}function U(e){if(e instanceof F)return e;if(e!=null){if(qt(e))return qi(e);if(pt(e))return Ki(e);if(Nt(e))return Qi(e);if(Kt(e))return On(e);if(Gt(e))return Yi(e);if(Jt(e))return Gi(e)}throw Qt(e)}function qi(e){return new F(function(t){var r=e[ft]();if(C(r.subscribe))return r.subscribe(t);throw new TypeError("Provided object does not correctly implement Symbol.observable")})}function Ki(e){return new F(function(t){for(var r=0;r=2;return function(n){return n.pipe(e?A(function(o,i){return e(o,i,n)}):de,ge(1),r?He(t):Vn(function(){return new Zt}))}}function zn(){for(var e=[],t=0;t=2,!0))}function pe(e){e===void 0&&(e={});var t=e.connector,r=t===void 0?function(){return new x}:t,n=e.resetOnError,o=n===void 0?!0:n,i=e.resetOnComplete,s=i===void 0?!0:i,a=e.resetOnRefCountZero,c=a===void 0?!0:a;return function(f){var u,p,m,d=0,h=!1,v=!1,G=function(){p==null||p.unsubscribe(),p=void 0},oe=function(){G(),u=m=void 0,h=v=!1},N=function(){var T=u;oe(),T==null||T.unsubscribe()};return y(function(T,Qe){d++,!v&&!h&&G();var De=m=m!=null?m:r();Qe.add(function(){d--,d===0&&!v&&!h&&(p=$r(N,c))}),De.subscribe(Qe),!u&&d>0&&(u=new rt({next:function($e){return De.next($e)},error:function($e){v=!0,G(),p=$r(oe,o,$e),De.error($e)},complete:function(){h=!0,G(),p=$r(oe,s),De.complete()}}),U(T).subscribe(u))})(f)}}function $r(e,t){for(var r=[],n=2;ne.next(document)),e}function K(e,t=document){return Array.from(t.querySelectorAll(e))}function z(e,t=document){let r=ce(e,t);if(typeof r=="undefined")throw new ReferenceError(`Missing element: expected "${e}" to be present`);return r}function ce(e,t=document){return t.querySelector(e)||void 0}function _e(){return document.activeElement instanceof HTMLElement&&document.activeElement||void 0}function tr(e){return L(b(document.body,"focusin"),b(document.body,"focusout")).pipe(ke(1),l(()=>{let t=_e();return typeof t!="undefined"?e.contains(t):!1}),V(e===_e()),B())}function Xe(e){return{x:e.offsetLeft,y:e.offsetTop}}function Qn(e){return L(b(window,"load"),b(window,"resize")).pipe(Ce(0,Te),l(()=>Xe(e)),V(Xe(e)))}function rr(e){return{x:e.scrollLeft,y:e.scrollTop}}function dt(e){return L(b(e,"scroll"),b(window,"resize")).pipe(Ce(0,Te),l(()=>rr(e)),V(rr(e)))}var Gn=function(){if(typeof Map!="undefined")return Map;function e(t,r){var n=-1;return t.some(function(o,i){return o[0]===r?(n=i,!0):!1}),n}return function(){function t(){this.__entries__=[]}return Object.defineProperty(t.prototype,"size",{get:function(){return this.__entries__.length},enumerable:!0,configurable:!0}),t.prototype.get=function(r){var n=e(this.__entries__,r),o=this.__entries__[n];return o&&o[1]},t.prototype.set=function(r,n){var o=e(this.__entries__,r);~o?this.__entries__[o][1]=n:this.__entries__.push([r,n])},t.prototype.delete=function(r){var n=this.__entries__,o=e(n,r);~o&&n.splice(o,1)},t.prototype.has=function(r){return!!~e(this.__entries__,r)},t.prototype.clear=function(){this.__entries__.splice(0)},t.prototype.forEach=function(r,n){n===void 0&&(n=null);for(var o=0,i=this.__entries__;o0},e.prototype.connect_=function(){!Dr||this.connected_||(document.addEventListener("transitionend",this.onTransitionEnd_),window.addEventListener("resize",this.refresh),ga?(this.mutationsObserver_=new MutationObserver(this.refresh),this.mutationsObserver_.observe(document,{attributes:!0,childList:!0,characterData:!0,subtree:!0})):(document.addEventListener("DOMSubtreeModified",this.refresh),this.mutationEventsAdded_=!0),this.connected_=!0)},e.prototype.disconnect_=function(){!Dr||!this.connected_||(document.removeEventListener("transitionend",this.onTransitionEnd_),window.removeEventListener("resize",this.refresh),this.mutationsObserver_&&this.mutationsObserver_.disconnect(),this.mutationEventsAdded_&&document.removeEventListener("DOMSubtreeModified",this.refresh),this.mutationsObserver_=null,this.mutationEventsAdded_=!1,this.connected_=!1)},e.prototype.onTransitionEnd_=function(t){var r=t.propertyName,n=r===void 0?"":r,o=va.some(function(i){return!!~n.indexOf(i)});o&&this.refresh()},e.getInstance=function(){return this.instance_||(this.instance_=new e),this.instance_},e.instance_=null,e}(),Bn=function(e,t){for(var r=0,n=Object.keys(t);r0},e}(),Xn=typeof WeakMap!="undefined"?new WeakMap:new Gn,Zn=function(){function e(t){if(!(this instanceof e))throw new TypeError("Cannot call a class as a function.");if(!arguments.length)throw new TypeError("1 argument required, but only 0 present.");var r=ya.getInstance(),n=new Aa(t,r,this);Xn.set(this,n)}return e}();["observe","unobserve","disconnect"].forEach(function(e){Zn.prototype[e]=function(){var t;return(t=Xn.get(this))[e].apply(t,arguments)}});var Ca=function(){return typeof nr.ResizeObserver!="undefined"?nr.ResizeObserver:Zn}(),eo=Ca;var to=new x,Ra=$(()=>k(new eo(e=>{for(let t of e)to.next(t)}))).pipe(g(e=>L(ze,k(e)).pipe(R(()=>e.disconnect()))),J(1));function he(e){return{width:e.offsetWidth,height:e.offsetHeight}}function ye(e){return Ra.pipe(S(t=>t.observe(e)),g(t=>to.pipe(A(({target:r})=>r===e),R(()=>t.unobserve(e)),l(()=>he(e)))),V(he(e)))}function bt(e){return{width:e.scrollWidth,height:e.scrollHeight}}function ar(e){let t=e.parentElement;for(;t&&(e.scrollWidth<=t.scrollWidth&&e.scrollHeight<=t.scrollHeight);)t=(e=t).parentElement;return t?e:void 0}var ro=new x,ka=$(()=>k(new IntersectionObserver(e=>{for(let t of e)ro.next(t)},{threshold:0}))).pipe(g(e=>L(ze,k(e)).pipe(R(()=>e.disconnect()))),J(1));function sr(e){return ka.pipe(S(t=>t.observe(e)),g(t=>ro.pipe(A(({target:r})=>r===e),R(()=>t.unobserve(e)),l(({isIntersecting:r})=>r))))}function no(e,t=16){return dt(e).pipe(l(({y:r})=>{let n=he(e),o=bt(e);return r>=o.height-n.height-t}),B())}var cr={drawer:z("[data-md-toggle=drawer]"),search:z("[data-md-toggle=search]")};function oo(e){return cr[e].checked}function Ke(e,t){cr[e].checked!==t&&cr[e].click()}function Ue(e){let t=cr[e];return b(t,"change").pipe(l(()=>t.checked),V(t.checked))}function Ha(e,t){switch(e.constructor){case HTMLInputElement:return e.type==="radio"?/^Arrow/.test(t):!0;case HTMLSelectElement:case HTMLTextAreaElement:return!0;default:return e.isContentEditable}}function Pa(){return L(b(window,"compositionstart").pipe(l(()=>!0)),b(window,"compositionend").pipe(l(()=>!1))).pipe(V(!1))}function io(){let e=b(window,"keydown").pipe(A(t=>!(t.metaKey||t.ctrlKey)),l(t=>({mode:oo("search")?"search":"global",type:t.key,claim(){t.preventDefault(),t.stopPropagation()}})),A(({mode:t,type:r})=>{if(t==="global"){let n=_e();if(typeof n!="undefined")return!Ha(n,r)}return!0}),pe());return Pa().pipe(g(t=>t?_:e))}function le(){return new URL(location.href)}function ot(e){location.href=e.href}function ao(){return new x}function so(e,t){if(typeof t=="string"||typeof t=="number")e.innerHTML+=t.toString();else if(t instanceof Node)e.appendChild(t);else if(Array.isArray(t))for(let r of t)so(e,r)}function M(e,t,...r){let n=document.createElement(e);if(t)for(let o of Object.keys(t))typeof t[o]!="undefined"&&(typeof t[o]!="boolean"?n.setAttribute(o,t[o]):n.setAttribute(o,""));for(let o of r)so(n,o);return n}function fr(e){if(e>999){let t=+((e-950)%1e3>99);return`${((e+1e-6)/1e3).toFixed(t)}k`}else return e.toString()}function co(){return location.hash.substring(1)}function Vr(e){let t=M("a",{href:e});t.addEventListener("click",r=>r.stopPropagation()),t.click()}function $a(e){return L(b(window,"hashchange"),e).pipe(l(co),V(co()),A(t=>t.length>0),J(1))}function fo(e){return $a(e).pipe(l(t=>ce(`[id="${t}"]`)),A(t=>typeof t!="undefined"))}function zr(e){let t=matchMedia(e);return er(r=>t.addListener(()=>r(t.matches))).pipe(V(t.matches))}function uo(){let e=matchMedia("print");return L(b(window,"beforeprint").pipe(l(()=>!0)),b(window,"afterprint").pipe(l(()=>!1))).pipe(V(e.matches))}function Nr(e,t){return e.pipe(g(r=>r?t():_))}function ur(e,t={credentials:"same-origin"}){return ue(fetch(`${e}`,t)).pipe(fe(()=>_),g(r=>r.status!==200?Tt(()=>new Error(r.statusText)):k(r)))}function We(e,t){return ur(e,t).pipe(g(r=>r.json()),J(1))}function po(e,t){let r=new DOMParser;return ur(e,t).pipe(g(n=>n.text()),l(n=>r.parseFromString(n,"text/xml")),J(1))}function pr(e){let t=M("script",{src:e});return $(()=>(document.head.appendChild(t),L(b(t,"load"),b(t,"error").pipe(g(()=>Tt(()=>new ReferenceError(`Invalid script: ${e}`))))).pipe(l(()=>{}),R(()=>document.head.removeChild(t)),ge(1))))}function lo(){return{x:Math.max(0,scrollX),y:Math.max(0,scrollY)}}function mo(){return L(b(window,"scroll",{passive:!0}),b(window,"resize",{passive:!0})).pipe(l(lo),V(lo()))}function ho(){return{width:innerWidth,height:innerHeight}}function bo(){return b(window,"resize",{passive:!0}).pipe(l(ho),V(ho()))}function vo(){return Q([mo(),bo()]).pipe(l(([e,t])=>({offset:e,size:t})),J(1))}function lr(e,{viewport$:t,header$:r}){let n=t.pipe(Z("size")),o=Q([n,r]).pipe(l(()=>Xe(e)));return Q([r,t,o]).pipe(l(([{height:i},{offset:s,size:a},{x:c,y:f}])=>({offset:{x:s.x-c,y:s.y-f+i},size:a})))}(()=>{function e(n,o){parent.postMessage(n,o||"*")}function t(...n){return n.reduce((o,i)=>o.then(()=>new Promise(s=>{let a=document.createElement("script");a.src=i,a.onload=s,document.body.appendChild(a)})),Promise.resolve())}var r=class extends EventTarget{constructor(n){super(),this.url=n,this.m=i=>{i.source===this.w&&(this.dispatchEvent(new MessageEvent("message",{data:i.data})),this.onmessage&&this.onmessage(i))},this.e=(i,s,a,c,f)=>{if(s===`${this.url}`){let u=new ErrorEvent("error",{message:i,filename:s,lineno:a,colno:c,error:f});this.dispatchEvent(u),this.onerror&&this.onerror(u)}};let o=document.createElement("iframe");o.hidden=!0,document.body.appendChild(this.iframe=o),this.w.document.open(),this.w.document.write(` + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

AWS Partner Addons

+

The following addons are provided by AWS Partners for use with Amazon EKS Blueprints for Terraform. Please see the respective addon repository for more information on the addon, its supported configuration values, as well as questions, comments, and feature requests.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
AddonDescription
OndatOndat is a Kubernetes-native storage platform that enables stateful applications to run on Kubernetes.
Hashicorp - ConsulConsul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime.
Hashicorp - VaultVault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing.
SysdigSysdig CNAPP helps you stop cloud and container security attacks with no wasted time.
Tetrate IstioTetrate Istio Distro is an open source project from Tetrate that provides vetted builds of Istio tested against all major cloud platforms.
NetApp ONTAP Astra TridentNetApp's Astra Trident provides dynamic storage orchestration for FSx for NetApp ONTAP using a Container Storage Interface (CSI) compliant driver.
Kong Konnect GatewayKong Gateway is the fastest and most adopted API gateway that integrates with Kong Konnect, the end-to-end SaaS API lifecycle management platform.
Kong Konnect Kong Ingress ControllerKong Ingress Controller combines the powerful features of the widely popular Kong Gateway with Kubernetes in a truly Kubernetes-native manner and now integrated with Kong Konnect, the end-to-end SaaS API lifecycle management platform.
+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/helm-release/index.html b/v1.9.2/helm-release/index.html new file mode 100644 index 00000000..bb401193 --- /dev/null +++ b/v1.9.2/helm-release/index.html @@ -0,0 +1,973 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + Helm Releases - Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Helm Release Add-ons

+

Starting with EKS Blueprints v5 we have made a decision to only support the provisioning of a certain core set of add-ons. On an going basis, we will evaluate the current list to see if more add-ons need to be supported via this repo. Typically you can expect that any AWS created add-on that is not yet available via the Amazon EKS add-ons will be prioritized to be provisioned through this repository.

+

In addition to these AWS add-ons, we will also support the provisioning of certain OSS add-ons that we think customers will benefit from. These are selected based on customer demand (e.g. metrics-server) and certain patterns (gitops) that are foundational elements for a complete blueprint of an EKS cluster.

+

One of the reasons customers pick Kubernetes is because of its strong commercial and open-source software ecosystem and would like to provision add-ons that are not necessarily supported by EKS Blueprints. For such add-ons the options are as following:

+

With helm_release Terraform Resource

+

The helm_release resource is the most fundamental way to provision a helm chart via Terraform.

+

Use this resource, if you need to control the lifecycle add-ons down to level of each add-on resource.

+

With helm_releases Variable

+

You can use the helm_releases variable in EKS Blueprints Add-ons to provide a map of add-ons and their respective Helm configuration. Under the hood, we just iterate through the provided map and pass each configuration to the Terraform helm_release resource.

+

E.g.

+
module "addons" {
+  source  = "aws-ia/eks-blueprints-addons/aws"
+  version = "~> 1.0"
+
+  cluster_name      = "<cluster_name>"
+  cluster_endpoint  = "<cluster_endpoint>"
+  cluster_version   = "<cluster_version>"
+  oidc_provider_arn = "<oidc_provider_arn>"
+
+  # EKS add-ons
+  eks_addons = {
+    coredns = {}
+    vpc-cni = {}
+    kube-proxy = {}
+  }
+
+  # Blueprints add-ons
+  enable_aws_efs_csi_driver                    = true
+  enable_aws_cloudwatch_metrics                = true
+  enable_cert_manager                          = true
+  ...
+
+  # Pass in any number of Helm charts to be created for those that are not natively supported
+  helm_releases = {
+    prometheus-adapter = {
+      description      = "A Helm chart for k8s prometheus adapter"
+      namespace        = "prometheus-adapter"
+      create_namespace = true
+      chart            = "prometheus-adapter"
+      chart_version    = "4.2.0"
+      repository       = "https://prometheus-community.github.io/helm-charts"
+      values = [
+        <<-EOT
+          replicas: 2
+          podDisruptionBudget:
+            enabled: true
+        EOT
+      ]
+    }
+    gpu-operator = {
+      description      = "A Helm chart for NVIDIA GPU operator"
+      namespace        = "gpu-operator"
+      create_namespace = true
+      chart            = "gpu-operator"
+      chart_version    = "v23.3.2"
+      repository       = "https://nvidia.github.io/gpu-operator"
+      values = [
+        <<-EOT
+          operator:
+            defaultRuntime: containerd
+        EOT
+      ]
+    }
+  }
+
+  tags = local.tags
+}
+
+

With this pattern, the lifecycle of all your add-ons is tied to that of the addons module. This allows you to easily target the addon module in your Terraform apply and destroy commands. E.g.

+
terraform apply -target=module.addons
+
+terraform destroy -target=module.addons
+
+

With EKS Blueprints Addon Module

+

If you have an add-on that requires an IAM Role for Service Account (IRSA), we have created a new Terraform module terraform-aws-eks-blueprints-addon that can help provision a Helm chart along with an IAM role and policies with permissions required for the add-on to function properly. We use this module for all of the add-ons that are provisioned by EKS Blueprints Add-ons today.

+

You can optionally use this module for add-ons that do not need IRSA or even just to create the IAM resources for IRSA and skip the helm release. Detailed usage of how to consume this module can be found in its readme.

+

This pattern can be used to create a Terraform module with a set of add-ons that are not supported in the EKS Blueprints Add-ons today and wrap them in the same module definition. An example of this is the ACK add-ons repository which is a collection of ACK helm chart deployments with IRSA for each of the ACK controllers.

+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/images/colored-logo.png b/v1.9.2/images/colored-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..d49129e3f81fa9d5b871804893bf6807489a1ecc GIT binary patch literal 106378 zcmeFa2|U!@+duvpgse^33dN9+Wf;qhEZHMTD0_x6mTbciQj8>HuP9{aR$55OS~0R! zwxm#Y3ZQAG@b+|cal=E9|BEyeCsUKxTq-ktpEUN8NeO#BjX4$c3)B$-C%N32S@PW{V+WNtlQoBQ#gbC0F#v%tn;(`zinhjD`-ie?v zR6;QSc4kJ1vM+^#3)dWGAXF0)crxyHM*a})& z6k7p&9UGyaP#q8}9bk2vFGks^G9B;Aj zE`~B+zc8C3P_fa@I#d4q`Ky;NyYy={tn40{omh0bZ%Z*-aQhOZ{B`E@K;@8dh^$SB zF5T?F{iaU_xqPkX)}ONP8Hv;VTFSiimA@TPt7l(sF3vH0V53*8*2U;4*<3_~#yPRN z?N62*hWaJuX;u5>p~54ou)wpDc{VuO>AgEPnEOzMW+3R}9nb2gqKvd8=g`4czokjF z1>MZ;5Xn*RoEHQg))JO7eN?2@zz9KFnIYnZ>b#$-c_b+GeAVlEs+qrH6;5dg*WTCI zpuyxo;`7FeT|cQIdb+ugUmPp_bT_{o<$&|)cmkW${exv}Dg^d9JI3^C(Yqn*>C_)E zZn6`6L5A5!nhV7;awmt)3Rdr-+ZZJ*@Q}=L0I~P1{2m$ONK=7>d-y-9c++6Qt#vBS z?s@>pp8R_HuC7c%$gKk^Pg#mJ%kvbsoYKi=e(c~Qb1{x9Gv%@O?JX+N3R$C%uQ{{7 zh*Q;UKvKqd7*MrtNU8c7jhkqR_3^mIn~3Wy*Xp+v9=c9@C*m`%^`;-)#t?1FdIdT^ z4FS8Y>U+!$%niHtcIUSi1@s{w?!)8Uut>mWo5$6_ecnJY>e9^ zy&;gSS*s|#F+x*zNBJ2Vy_O>({$G0mY|dV6#8v(LA0aprcOak(+(QvvTiztu4DvDuTx*ScegW3-?A zSXfVUhBlC$L^r4KFz`5S_T#ycWN>M7d(`FzQ>3EIc+zMxd$Q+2bMX@Kz`h@cJOMN(YOh(iPM!`dEr-` z@;pt|{s^*Ih@iKqF{s(E`Nx6Go3_Ju>jju`n~VG<1YKFLo%RipuNAr3{QUS)@jFQi z{CA>Mu3pK)XrlB{W<|zR365$E!%1GVsXm75M@26uP6b8waZHL0iSb^NGboqATf1Jp zka)rT+Ma6%uIY~7Qz&?MIqlLt?K>9pA#Cam`a7(5=sLxpF2el@mj!$Wak{Pc}*=s!FBs*7rWR_fp^IvzN`_ zu_vF?Qi@XUzsu{sF`+QwG7;XB(Il54mTrL}KCXG7IdI@rn;LV*d8BLq^`QNl`$L?H zM}?$u(r3-`I}1y5{jSc~O>(PFt9oY)s}3tG_R02H*fuFrN*|Oq?yvDow+-vp3>I2) zSUR@U23;m?hdI$kgs6vD(ag^tJ1$ritESYApT70{oqBX;xjLtM+{yftud4F}ogchC zlP@?kn$&W(#f2@*C}^zXF@xQRT~tjF%Z{+{FtgKYu>`XDmNuD0dB3(EO=7>+oYn=c zz7!{!{g@k)`tstcSEY_9zfi1@t5B<#a1>9v-l!)`6sc|?^;Z#~cO(6#8y^>r4KOeGqZ#!M|mJH;7p zIpNJ5tC}MoVJ=)t-`V`GspwJn8O7AejHP!Q?{6GDSCV^rubCvj`N+NNM=-aPy#l(K zhB?>mJbj4%x^h`$iMac-{ny@^B^CtT6FIieHRN#hqm$LeFxPSBgG{f&PK@_-zO&hH zE^X0YY&Um0jaQX3BC>#^n>&#+xJ$Ih{}pez=cB6Ro`l<1uGN-1v^qXS`w!iI_jy{oTRO2>wEIqIiDr3Dm2%l#{N;x&&AZf0|1kYzI%ldd z@uaudu5;F-ZGt!O?zG(7XWdqJXBJc+R(2nR9o+ZK@fm(zZ@y?otsvs+>)8wQ?l$>` z?q2U2XrIt7FbJ`gbe2DT#{Wdc)HtqV=eRCg!?w!Bv`IfnRt46BF{$-KLIkaVm#=5m z_s?u)ReEtWI`H}+L;JR){7(GRM>H;eyr`36a&g|u-l}4MlWJSXo4#XTb-TB*r^+c? z1n5thK6H8U`eb{&)5q56wDV~vf~3CmV7s$R0!MKz{YTh6Co4Ai3_j6biW=Q@cUOz` z$1w{|U`ICif%&~fH9Z@OYj@27hK zAGnq}o~2_{dhbmg^PH)h`P|Rd8|1xXp{4Q8bH5!E`FHoYoO@tfo0m*{AdroQ4(lHDNuySSK|`5j646E_;r7<4ukk zn&OVR;xG;fHB}~Me7t{r4a(lLwsCS5bD$k1auR)v@jnn*bwZ+P00A#; zj3;{fdgJh5xX^0rCi-X}1yFp0_MZ@>eH7rZswfvXH(#QUx1Eot_v!+F8t`91Vrt~H zI{$YleWVFaYoMa#;{IRruAl;j;XR1pIDnI~${_&C)cvo;tUf>Cr&IbDD8UD?W7MjP z2H$`&t)>9#m$lixUmVxq{r-7Pql{aw~zqkdUoTejd8!%}v@DLHz2 zyW9Dwy13gp;iU;4PRi0hh(FM$j`VTyal`+_4P-1k0(Cc^zf!+{aC4zL2qiZ=4{&Du zB^~gNcD`;t2vv166I%mMCr?`)7Y{o(TVq`fWofGAySe;T&Iq?ZtnNZU7 z##2wXsi&u#>WY*5aeW83ci`0IrQ`)f_u1iGJgB#NF=gpr*?!vZpP%qrc0PDjz^y2W zRFssJF_l3op%j&5<-w0iNaRmKR!06JW1pvki(|mwWXLF?dzag*({! z*!@#dejfW*Is5i08RI=1T&SK_)6I@ZR0S0cPe&zil9zY!_wRq>-|y`L!jhevmM6}a z>T>n8RDFG29F!E~wG~hpqykz&Q%6QdOG8~jTUHB=R@Bs1*VK?hDt?#03jg2c_(}Fk z5OeUvfhh>zZAQr+hjeg|lR-<`;T>coWn>iXB<+xna*}A29LCNbtU|#~;roO?3H#eb zdLBd{I}aQlYyxOo$^}f~fRV=`7335o?a(NDNjU|yyrexEg_lI46mS?vSw%UtJpQ}r zpVe_s;{<$y+_9dVL) z2MkV9P7Y696UI>ziIJ7Fb41DD6lK76|Hl4fO;mGS`3#W!t~Tn99l(zN73n{*uO{8| z-##2Gt6PPCwQ0Q9Ji{wue);}G#COI0q@17p4b_JL3)tgA1WqL2rw`w~nF-$Ouhj1! zfSaRwuYauLKQ#@ax{@7^YKN*sJ8({@>idcIW63KV)QMIGta3aY?By_MIY)U(w4x$j zQVwk|D`_tWj;x~t(jMuEk&(m6{we<__O<8mbH;o8>F;DPrZNgjNHlO)-+k4}N|r~h zErjUl=;LSSjaPR9UgDcO*87oy2&_0{#lO1a70G{PU3&_gGl(mA2UY3s=zS;r%CdTJ z`QM>EM>&)O%1%aB5+#qs0PQI#N@6fF_L9Jv%Hr(NijJ}lGT-<2uWL^hX^O-sQU9U_ zujOdoV*N5K>>}Ev_~NoB;_!UGLmRHIeSUGEXH02 z99=m(dHe5M{5Ov7N}?sNB(L!M=>8uG97qSWojqR80R#@D49F`K6^0eb|4AwB|4HNgsmS#I@_;(5+|IvS$+w%>uesNcTh~u!^d~w3%h}%# zlcQ#Q|4X*_-@j7+Q&o@^4gR*jmE?^2&y|bjU+V3oyv>*3;~YUJXNcO!lmxlH;Y^-q|8 zTK7+)zH7zE4HSU`t||T!9h)2K;7N$80d-Z2U>ChnpwL- z{#QYNE^XDxzpu>1&&~(utn2OROZXSp_D`zk+kU`l)Kzk#PD6!3RcoaOAh0sM!1Dad z3;ub~513bkP;vPohgwEeU8%c&V_K%H$)xG&<_RG5`DL3wM6acbzmE79t9(D0msd_) zhI<(T&3zVof7R`;V^-PBF9Ln2D3}=SH~og*^3VSS8`VB#kjOvHV0mUAD)k>TyL&p| zRjJGWHs|us|CkLIVCSLw%Z$skf6Pj4N`bDisvKrz!7J`fSLr+bA4>?pySaJ#sbb`$ zKsOrv`nL3M?*{tuzpj3TxF+-Jw)&?6!EcuB|9|X6t>P^HgAUYk`)_%@|Kxe{ z21Q?4dHHXer2e#~Ca6#^i+1wHgQ~WSJn9?Q%Fq9p&)&`VhqGD!VNIU@+gkrico-rj z7^xeY?l;sHkU=TR3uu1Z=TClT&4vF7(*HA`^7{yUdkFGNQ}Ab(@u!x4Qt5IiG4TQ& zSOGl`*Z(M$|C?b%UUtQguXL1kmHx#zg8G&z{@ZcnmoWA(h7t5H)Bi7wBmbGF>ECi7 zsPBj9UkM>{-C18Ge^&_k9x~*>`@jFJh+&`(-VFUKNrM4M8KmSuSM}SI z9bF}Ze&>@|EN9*E{{6iNH71*S^!Pez;bXxh#rW>sh&r|E(0D z4Bmw)fr6BSFAneh{Y4#k^Xukf?``KDAON1zQElljqkiO=RBr$8Z}JX-b~*L2i!69+ zE49M&w{JhQ{`u5vd7t2699|We;g1(!Kgg?cf&WO7 zi1}&UPjaXaES11RHR{E4`H2qT`5W!m@#fTLU2eY1<54TcC~0ubrUJCg`}6l-c`g0{ z@6X?V<^92WkXo|>VP<){U&udkQQv_oE#qebUYg^n1;bxSzm8rmgqi>ODi=6XB)CQ| zbN%{hRaT21tTOUcM1HXT^ywSx%1Qm{P581OU7>;(=isrs^q;TY*LJag+ROjIZ+`6Q ze?Zt;B7RS@7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMN ztI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e z!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZ zENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{S zf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA7BZ{Sf5WvZENc;e!?hMNtI~hNwJI!Y5r4zA z7BZ{Sf5WvZENc;e!?hMNtJ42VxR`$Y`SIWnNmW7kfj=F-Nqb`g_><)YaC?mRLC~@7 z5JU=vpf5|{->)Ia7YRXcun?q_1VP-M=WOeAAeh2#JuP)p{}*q2$IrKSl_(5gs=OAr zZK_s)V-e19b#Ay1y!td_rVxo=ofD9DYms)*+!b=pVC&)tTx z?a+phkpb&zY$EE2z9&DI}W;U zep5IRe4M4uXL&T`f`>A@Yxd4FDd9o~pSOxvDukG8&-5JG&V^+J%luj<=se`A-s1`Q z>Py93gzV2J^WI$H{M2JCP|DbhK&KrPy+qq$(8h;F4Y+T<C0n8JK0A)*&)>&w)DkBA$$B4rgL|D z2y*Ip@H4$8sfdB$h49&1vrEPTiiu2oCxo8VcOojz?^zx{;G-|bowbL}!&295&x}k3 zqT-M+6)<&z=K)kSY-|-WtU&(DxLTeK# zj}@S)Sxe#0Q#pt1SPm`Fzr1(o8`B-$-j_k_F~S3;FJ>*ZIwNT>X}0kZChC@yIUZIg zxDAaTD5!W0qfUTy$xVnFi+p+UeJac8Ojd0l)KEySoNb(-F~vdg}rnaiRxjhS9yH!8Gow%v;> z*wkw&Y{U*WnZ>oR5ADr~j{S2O4OlUGR*2(KHAj9<;HA$psKgN&o=3M5@_f=DITqh?{6PcOzQ9!sipo*XG+)sT&2uWmO}0_@oz89U>BIK6I=PGfL0dLy ztr)k>Hpsq=*w;<=#}$O;#6>N|78Ioxs}Y>91*!T)?@T?DjTvaXd96y-~n4;T#W5BtX^lJ zC$JMQni-k{plP=lXdN2Ac@5}ClBk%s2-d2#M(nOT1plB=;bi0LMVSVRL~~6~8Hq9! z#_iMkx&zTy7Qr}kI2@b?^^KnjP*ce~q(>vSEYS9;+wu`ZR~Xnx<*{&Q)Kmn|K!%Lh z*4{?h#KEx5*i%zM$0akn$+SWH+W4N{$;+tg)F{_MKnyn{3et*&lCksh4@ciCNcCH4 z`_Vnt;n=-ystZvuG?^?n`*4wR^XTq(#NO)}<6KXYZtqBb9vKo57d|ys;eJ@3Ht9jo z(apUd@;jjSn<7Ut3)U@2RA`j<&u75U>ElMq41W3hq=bg_H}=?bGL4c3TX9iF$cA2p zECO4eUqMRPNsLlOv&^fTgsqXUNG?{oohK$cMcEtkiWXl-D-lLzvm; zTVC0Sz8oFBko?7zg|d6JP+K$!7nov%W_YUD*{o5`*MH1S3j9wFfup`@EyPL+mdF`b zE#+7Tj-#OT2sf~wv8`II!Zd`Vomu{D9t8(S;2$hD_6+WGtlU70q+s60-&2^m9Z}Fl z34-$QmGc{zv1h{L?Jupk$H_)3@CoS2C+4BOUhUuC19A9Pvq|D zawgq|qJ^X@D0XDRmvO2+(FIbE>YR0_mY>AVo{^A1i)cbmimo5ac&;2Y{Y0lWn6LLy z0svu3awugCxbgeE6HxIBt=g!jyIkuwSvMY!B!>xi8K)%guZ38!+X~1eP5*Pr`8*_8 zi*M1Gl0_z{`2!FuU%1Pw6IzcFK~@ZSX8(p3lDi1Y=cgv%7Yz^aRVIv59NP zy)QE2K$^l zeZ3OY9q`<9>y`tMC=xQf6`avsM5KwVhPk?uX!HB$bIkk0?6IU59XT0%&-G(~7h2#N zzmYR8?uV~tqp$(P0eX31rAVn21MGwS2#Oyo56WhQ1dnmLasR+|NFE$Ohw)vlRe2HF zn6kjEpee?V(JW3mXg+W&Jma3PW?ctj0P?AYV#^aV!la0)ExF+|l;p31G?^cL=d%-r zL=TZZlraK+ayDl6i^jq&+q_*TIZ3!A?U|0|^9*iJMNpl_0}uxf)Zhc(TH*Dgcp;33 zWFnp`2XEVRGH_0mhFN%^tMHGqFUy5d64_{)$Bp>o!qOts7UAfkDs=@u0?@0?G@v; zhu93%rAD*6`3T~z+N68R@@+P3*pG)V824cc&SxEvYcS;=jpD8IPTUB??&fOqO+%^4 z_$+b47_!UOp>H$82ktPKYu4l|AO;eA5@`qSs1()1S@a`G5t1z_V@i+YpFo*3jb#4| z$-D=UkA0sp=n(|iQAA1l0cffnQNhMVkcvYQx6@M&M+-hOXkCZ-{Nk&4MdB&gK-4~; z*2)Xn13f+$apKHVml8e-R-~+t(Sq`7wZRTT9yJ|e;`6^ti>6ESd(Tf7jUwDBW<;N- zp6tVp7JFz(lTC=Bv`vXTG}^@I69)>+*+?&%YrOJVI`!%J$PB@hENe2XM3Tdxqw=IeHvSY;g>txlVQv-FVFv5Dv0qkjM)k`Jgt920XB_U9%fi}Elk z_F#m2M@T2i*-4WK>JX0LD5_mp*CK*4gWo($$1sH6g}pIPJGfoxbWR)p7W7GGcwxA&V?iAyq;r6~ zjlbcDG&@Dmdb)TUK{j%Pr^fy(@b^i1*A~ZU(U;FNq6Kts)7&|tMVb^wdRLg=iUVsq zH*5|=pG(}LL(q>L$@3Bf2k-b8_b@R6LVAH?J?V36AX+t&L|d@|R+!UIWyR*RsC`ak zM4wuu%VQrzAA({>A4LeKMrLDfeXGKF2*ga*mRohKg3RH4Hf>#R|2&)aUk# z)obI^JWQ^NA}2n9NP#Jzc_a27ARxf3?}IYW(h%6GHn%=HsaR&-GLpnU{R&)juq-qK zO^#XqDMH3_4I8+Jih=}#1X-c3sQVa01ge|dwdW-55iN)Z^}d&m%xJR{T)fj{bfppiz zM)E9&jng)WCo(vSgfo(BIKwqmWQ1gZ8VCpV10?BV-{vr)GcWaTgL*KBfsq{moAub= zQTH~76E?#`OxLYFFAVWy?wyIk&}$P}@PevQ1y~ON06KCsmqYO$`cf_tlomx$?BZ~bPX&xL zyJK-B=HVEL;xU=szf+JG;##ZkpBvXE#qqIH3&_^JMzML^$2-hdH}mL zps5L(dZx1TiCtvIbwnsSD80yWM1Z5&i;Wurk<>wiEvTiWUjR-A;HQW#+1zhKF^5eL zeLV$sLV729ari0oXB{TUD6G-=(N38{2G3IBo~?W|it>m|V`exsf{D#*Zi?Z#w6B^E z>S!ud0sDTTK?fPdfMBp!rZ5M%Oe#*N!x)hnFr2A=a`I?bXkuryAh^RYK!x(u@j`HD z_rb$6iai5|=SsU1&kgM6qIy7x|Lq5UdYuUky0_I^kH2t@wh&FCh03_UPjTKt>+ZPc z-Rcu3IA9D<$q8etk0%1Fd#%Yj%I+e-2;0kY2gLU)l3Eb-ELpd9mrP+O(6@l1 z284rE)=;|S!RT1Ww7eBB0rkXXV+_j)8GB*S)n^IDhoeH~$NIf(^-gNWXdv`2PrtbG0yTWBBw~5khYPX$7>0woAb>0AlIE$Us%Z~sTLPNk4p5@F2k!mE?W26m3> zVs_m7J#-Y-7{;!!#HS*!Y|w4%A!>QSOP>gbC}R@(VmE3jTz3~*vg8m@r|PUBEv{`_ zDLS5Rmw6;scDVL@F)c(H1b!!B1RU!F$1L<+YAO8SSR2hV>1x*8{-k@Ld}4Eo_EIl> zVFp-{VM@K_tSmwb;6(5Tm1_unYA5@`?D?i1ty*x^+5^_#96G6h+!!n1WVRO`ZPg#~ zk%~^k@=i6AbZdc@!$F|ft!z%$sT^IcLAP5p6R+sL&wV?vRrrV9p)xU{MjA!@hzP<`k3g2up+g>F!X-!QBA{{euKOaWcexFtHd;-!5J+H_ z(JSd(uqqv!|nhmU%K$IDUxth;%N@v8l-n+v%(+EK=`cy?;es8TP>hY+_SL^!rYS`El*f8); z{Q=nMIm5Tp4R3G79oDxqEx5lI0YOf=R8UL;Bxx#(0E7T;9X)jklc_y)*afEP)^;QP z0M1A!7}R38Eci)+u~aRE)f0G%CZAiUyb5?hex{5xW~zA}1~hs9=5+|FIg1!L#T$ZH z2PNJ0byNkYbdZC?hxc^#M>QQ6qUUMuK}M0QwpY`sJOGXx`)R6Yl$^AehFI&+K-!;+G}FgPglDq z{DTe)a!U+j(tE#PF?yaGpl8L=K15=CAo{Mt_e6;@ZGtyP)lF0@?x8yI|`*)o;u6+BPyRCP8$vgFJ;x_1WbTDGT zR9{S+sW5(D)%w|w;~B+KeGVg6@87iJ>aR@uxM15aL9wcBjru^EQ+}&BY`&usWOsUn zm(}%CDNU_2j5O zs5sI*|G5QG;dIP4eMuvl(_*(+(_rrj!vzwxCfQD87iGbM7J@{idLq}CO?ferLwgKI1W0Av)Om$xI?ZF-6Wo>B% z39@%?jvd;=5I&=XNRPDpcmZ5*7hd%{KX92+RH`~ zjkCAgI6q1CHs+rDP!@56Rc6cZ$Fh2%v=LC47$J#Sd}f}jLfF5`cb`6+3@WYJmVLKo z7bQ8`s!!aDCOg>|w#AS^G8kv9KdjA|cfsTA;{ahAWP?n=UbyKyyl4~FdbkZV(qhng zdckpp3m-fCeREvzGxuOqH^44uxAW~Ni7nVOf%94CoxcZNQ|9M|8w6#&9=%e`@QAk7 z-FUjdITXq^0(Lc(VUdlUTQGb4)RNKi9@3R23SW%hiy*U~%k*wE5^a#He;aVTn*}Fz z{>YeIgE~lX6XHRQGge8azEs=W^(^vn*vur{OAuc6%-8Xag45kk$cTHLVIE1li^pHJ zo+AbOXVKN88YHuKU4oZfNKWs67T6rjc=?RcWpEdcnb`Ucl(v0XG8#Z@G>VXM>_HFh z2y)y5PPnh9)5gb;#z;MhzGriu$b3Llay_>2sWIEiwq;v?*pU5n@7OU4oqX(4BHU~H z`q_peP+O*rwvPqXz8l-CRU}YTS9q?w4ALpUz4+mt;Ht^(7>HvE~5zXkW$bu8^;wNLRY$E6pvc&l0 z&V`ecc3NLIzfeK(FHI;W8+2O13onOx(Om_JiZ$Yh{b7XiLure`2VrFwe>^-6Et>M%0gbo^{`zVkp!-E>9&Q&nIEZN84DWKy(e z6u8>)slyw#z<0|BZG!b25u{oIW-t6{Zm`{W|2gdLjyBFlm8K@pyLycuxfRT|h(v4+ zr%~dW_$*FiSms4g9+y*`1uf&^4WydbD^q0u&G5u0*grZJPM>=nOUw|mms&slp6ZTZ zS9zxR8(B+L| zST}vK0=tREw(Fm5MyEi3>WjOE6DCi?vA`#DR}!eD(SZ(jCFqbM5L>62KXNCRb1&;JotygDlW-_&6{+s3{t|^y>)Hd7EjBPbdrV;Lm@9n(M-6AoqThb1Lkx)Vj}EV zowrfeB-2>BPOY!=8Lw?iJ80O{K}X+qJm^WsKDN`vWqqGIhib_FT#=(Z;g^DOi7v6O z`6+aK_Iz+ynPIg&Ogb*`xyWRK5y4 zf!L)-VBbF%JO0!w2K0xBW&Mv_7Lt>1)I#y8e&E5&=pE$D*Ws)!^la*vG1NM9LxE}( znPI_7yilc7N2O9X)dQ!am!9*w2No>#qJ0FFteg z0MaaNG|M@p-9kH<z;=9ea#U?;IxkA9 zJWvnP)rbPp1SpEnU#?GjPz~BWuPtUajm7hZc`Lj^rmges-exjmpUv#@=JsP7+><^~ zSAP8wR7l5xaXV@@Z*fkS7v!yDUTrP~hXBM>K-J##O@j z-db)19&8VXSgNlV2vDVcIxvsuM$mp^(zP`XAFs4RwDVqDZf(A`d&V72Tf;lN#MWS0 zt|DaN5Gr_b=&i8t$Xo&3Bwk4 z*3`&gW1(vQr0bt*0gGeS=TD-ZXM%xo`diq|I`uZ4M)-FmFmM^VsEup#UK`{iB$N zua5zNpHdhpzU$8i3e)gZR>r@v-q-^QkH0Eo;_)Hv2fTdQ%UoP0WfRjKG-?hI4EB1O5wr$=eXPoA< z04hT~fj0Iw;jq)lFi!*Tj_6iUu4$|YKheb5d!O*hM#(y!pcb|G0(N@ej)N1LW}hq2 zunui20Yw3EOaQSMU2*tO@ZhGGkEzuNt`m1GK5wGbG#!6ZYIJ@(Au?>L zh+w_5W|;n!&pmEfAgDhV=;rlkfcz6@dI6EADVDol`UJte^8_(EMwCQ+&;&Z=kD3_3 zgEVW_uccpg5;3vBd$F{OAo{dwLCi=^7J&^|M~#e={Wmg=^27#+;RR3Y9nq$w`z%16 zLQg?UoW-pFIVjAQ-1cs*5Q`1^eyOWch4cr(ne>yLo#UYsg@|9n5Fcc^H*;z+$;XhS9iI%^w+ zFZzGl3))yrBc$p_P1E&l`O*k`6;gkP2qOJ;)5Dw8!XWJyHOtTOEuod1Q^vv+i2G3r z&jhcC!7|S9{I|G1za^-}Q;?=h4_xEq!t#3>tl*}@8gzUQjH~&KLKnw66qCOoD^+=W zQU^-$TMKI-yJc4vjLJO)f(YF8(%r?4#sB@&?U3qyT z5Znn~>oH|ICI_S?@6Xv)`FU@AjAooWFv%iM<=YpO8ZJ44{q$Hm+}ySIj(nrOf+rt(YwetO)`FZa`*T`rV$&WzJ;9+a4+`e#3T^W3U1S=b zs6~gX^K&R!a?lITN^E5R0y9YC+jdZof zH@Ve825yVipQc8Y5nJn8cgfxWuOi`XN?CElFWcY*`$=4nHZf)F#hJy1P&AfFcB&$H z;tC;_IIF_vB3tL>bWq=7hS#G@yZy%VkWJ&B7is2`L7{W2C`F(%sW2v&@v6n07R_qD z`2bKsPs$FeI?}4o$=CYmN{p{pS>#00{qW>3pelg8SvTp6zIuMDY(t3r_P5}T3_&%9 zaX^3zK^h#RKFGrEozympp*HRCRJRAQq=4$II7(5bpn$Ejt@uz-Pe%8>4`Q^N`1@~Y zc5XHFJfvT~p+-310Y!BSobp`Ma$V=f=(8upX4)b%w*-UwXnxJ!5y)sAsEpQh!zGT| zYSo4|9lum8yL$&JBMkJBT4`%sVig;yy(IqTdE8M_yDPBh?S<0#`xg%1y%7r9Xzi#@ zCFm(I+8v$T$;I*>&O$>jj;c*fid=W0(%28J_j!v_JHmjgF|VO6!Ua>o#-Tb@01}RrWOU2+lTFF=O44u z8MYp0EfC{LGu9VcH(@766R4x(&i`3?i4FqUv(u9*{0GO(s(T>3Gpn{8WW!#T3EE^c zn0hnbqo<@EF z5+*o1cndZC5W3UY zBcP|cU>)shW5+j+z5`G4CT5=jSeST&s-kI4V{%WYNDl)8NgNpL^*Ng2aIY6qg4bp(MQ6&?f_&e# zL+D57C6OMEmvUR+2F4)zWbR~4ZPB0`ctJC7B;xjJ^C{Pq1M_jG`5>bmK*PN;u|&_< zPZ?cWwZ6wyjvdV6qqwLH1cw+#5mzyqqjJmD z&k>irq?7ze5Y9>wdG%q8WtY{oA?UL{9I2I?U{QtnB3V&-j0-L^KVj<%Dp;TT+C43qz0Rn) zctMJzWpIw3^l)|?kbc4}d%UX(bcbs;ciWyf4vH(-uq8HYy>7aJmz&F8v6R^l>zKRh zmn(Gy(~cklSWbPE5TRsYhZ|0erc)s&w~-GrZTWB=qKK(%g6V#`v$8Fa;9ENxm4`77 zNbtoqm8eE$vgIad`wPas%STOFvOq?PphQY}=rAIFH>BZ%#GH_K(pGlCu4mVSku-d9 z*&v6n<^eqx=9DJu$ZFqa(FI-598#n5=;24MkdOKMJW#2(bco^q*AQ{tz=^|_^HX$ZTudi zb$9fWTUFfaAX93+l;FJ}lkX{94Ywv^Z}GJ~DggG_23&lBJddEXO=12aI;t@szy*abOx{ z>NHN^#+mgXtft)sS78Y@PqG`^g>Dgs?a1nuO*IsvDY?xNq9Rz}4q>~NS9PhIFT7+! zwZlD5*e>w4AStd|p21DsjxJ&5#Z#F+hYv$-6;f8qd z9|{OpOX-WnaDa{qC&`tqeoTYTt(w`!_uabDEKS*NueY*LbTp{GVi|o>h93jt>M*9` zQKZPPE5Hmq=2MA1@!DBZi{#1+T>@=;h;a0TU!JQTVYiaIL1Jl;j0Yw8bFUJ(;>SO6 z-yC}byx9Zy6-yT1<}9H0SjTlFxG}(pr7ixo>PmGJzxp}U|ZmpdGvt3%u$M+s5s<`CB(=a^aSI}8M`!g(m*`a z3O(h_m_kFfXi&18?(JJUhv~~MTspG-2XriN}?DTKYq`ia681LBbrTnI`rE7VSH zMDVcmj-U&HpS}hFHFkpn#dDjQst>lLjDUVJI3m(5N5HMKqo5<-?apC(NM{e&IZ`h6 zCb;cX8JOCV?wq6B1;zzhku#OH2@OfhM2C7bVuK$(A2od=%MAmHOOm24Ez`k~x36y) z33g6h-KIMFLd8y_6W6QqLqhI=WNVk3EK!VpN+jp@Mi>+wPt^i>QHX{O+qVtgAO~84 zvEa}i_8Gcj;8=1Zv7=bdI+PN3*EB?BEN@{iU5{P-|3}rEheP@O|Ks=ALu#^3)>lKa zWJ_g4C|j0fiR>mqC5#ZV4JAXCHd#wZREWwR#$FjDLLnnHlr6~;;rG1t{(P_NcU}H; z&wZbBp67X<%j5AlX>!U4m4Nn3*zzM(0_C^x5Fyk^l#m5d=3H`EVrBw)4G))dN1fn@8{(O1K;?@!aL8mGmG3w zk*%D~G&)R68)^{(BLi*%qI43@NJ`}4!#f%tR+YXn3}>fN#Vn$rovexhQW)dG<| zL1|I)YUyR2lOelU%ZXv!hy;Kd5!~|)3i)t{v5bnciJctNCGgx1>bxb@d2)%tJ!Kq~ z_bclm?AXtX34CKR>5AZ#(a9&eF=X-9w}>aWuqNrM>mSbznUT1bdIEothI_x22P`_f z?2Lv8TY-(hAxf$8(+t?}S-YxA%HXYiWo%}%&0Kq7o0|zxlzHNi9w$GoCA{&R> z+W8T&jb+V_pW`0bsr>(*fo539N(#rLrx9ZjySH5W2}#lcm5bBz^YAqXb9|38VMlj! zmcQUTQZ}UcML`axr*d<8iWGyY?n1gxA^v*xr%M4nZrz*v(yG?qXnD4brL*9V&dCJY zueoTtEyEJ>KRwrvyj>{no%uV5F z$)8fqVp_1jjv%doU`CXJ(yF-IbW39_-X7(=EvC~qs=ucOI*InmU47%HqJ4{k95RU8 zY~71@l|Oh|wI()JE&vt^5g777pdU}%=7%-;4DOM7(}8Zc^XZ4K^&{@Zja+iB-LNuR zA|2IPDj0-pgbwWd=(OWv>Gp=NYK$~Tv;^>$!>c^#b^VSWY3Z}k!)S@8gbx#M?_O>J z9u;-mCm)irLEuU@$i?CKhlrP(M>9z*y>=rB-D2R zdT8i($-?+^(>Ro_mE`KP{50mmp7h9w`CF9Qdc+)=@*k$5rLl0>GK(n)Vy1@9-0@c} z?Zx00aE*!nPp&$9>YCkKERJX}KiStn^uFS37l-KkNWe6sCzkesm5LzMTSURUJJEbn zKH!(Y2*V9ep9}N+@!{^qc{%xh=}K?9HN>p7X&jYJMl6U@I5aWHpP+M?$iSzT(}r+5 z0}ZHSX8wCpBI?P@rRBhYvjGWFlWdDwCw5L~o?t-`Ak84>$3{hK>?nvUhdQK`TC#bS z2U`zsEB_)CZHt=gz-8}@7{TJ@GPjMRKnwae6fdaZ7;Nmov~Iryhd13CMxQ^t=uD$o zJLIBkq9_udYl}gMlBiu*`gFMjx{KHL<3;WJfk9xR6)Qi0WcE!pcpWO%hWh1xjwaSR-hU|N21=ebga_4ruqx+-_qt22kIrifBZ@w=t~ zaTcnx>pKghjy7~v!p`vp{ZJ%@Qnoo<2Xwe)mlc^Vm25}nX1`({tp(XQ3vSWM8L7B# z9a?Nlx<^)kMz7LA^i%B0@I>|vIVL=mg=JXLHO8+ny|0p#dU0u8y3X7N)?BSZ{;0>r z@aZBBpxSM|!0Ja*vyE{SxHhsdzz*({$Y@WUOkmxBEq6jYp!2yN^ z(eAK@e*_1~X7KW&a{|YIc)lBb1;Yyw1LBj_0@=abG_O zz&P$R)=KXv1tf4hc|OB6LQ9k8WbzZPnQP=n5VYfoJa8}KsDv)838(H~KiWJn2P`F+ zXt{Ck_EfqrK95u5Zq=x$I=GyC++6{JtAA&1fwg<_Ln@B|o_-Al!1;e~&@l4iG5^^Y z=L-WUKD}%%!4wV&Na|Geo4*Jmfr1JO9Oal`>uiDM`2lJ#qq_}f?XvLG_n`F5xBS5gZfkWRze$h%pEEP7NrqV408dwsLn@z* z=u!ESEreuDE+=}nsBx-@T8;`=EB=z3)kAJG!~n;WiB8h_HD61BN^MiY{v0Me-=9c2 z0UhjuXpSd6c7d*9%>B&cSq71^9cWOpc>-O5SH!@^){|qJQAxaGA>cxc@*jKLE~T=q z*7Trr_1)9^jbvV!ZSU+VT8Z){R@1PE(nZvwlu0k~OHd`RAWiYWJRl<>Y{g|Wt!3QB ztd|z8S;&Hn|D86jB|9)B`FR|bdmJyP-dR80ZL-5kO+V6JuFpJmNwl1LnP&={e_kGf zL)bU*DKH2kHyDxTtKDyx_WAL0Vk)!rSxn-qdW6(g#++1h4kSfRl5g6prw9CAmt!jb zeGEL3)8=-oy7`6&Oiuuib53IvCI=~f)%z=bucvRWKePW{{V4lV-ko4+4j_u)k;?!K z{db(&yu>4mFZnR2uNVoGsyw(Z?bN@&k_}f?fk$Y9|MPaGHrJtqq)S~|DNb(PF{6_r zCY3$gs*<8>m1sLqzGGH;uP!-2Wa#{`xB<^kH?7`d7^D@AE0qKQaZN%1rML~&fr74s z*yP4CrLFFwix}c6%AS8uXXhPs4IpSh#x{ev>((q(%qv06(kAwV$}-Vvna0akZX1%M zBf<3O7`xTfmRL#xM~OQVg6<*LQUS~oeN?OB$8~OSHey0pdPpa=(DdiXvb4LWi_$aY zqiCLjS? zZ7-GF!GF9@{9PaIDZ-90!MkV7QoJox=gTNGqax@8?^TN))CdOM|lEdykPm^JLEMi~H z2NMQm6NGr750CIPU*Vn6X~4MlQXa@o?_AF~^s=(A;c|kqO&s;pmU2kPVIh%LDAa&o zhY&R8Mw*-}=h8b0S=slhV{)fCwJ$D=j{$W=b$G#tPj6VMhilO{T>0M{&?PB}wr08T z^v?TZk=VJg;;tXP8x6Ff%(43Go?@3A@;f9OfI+=bm8(@?bNjD7B462qk$O0~QiYtq)KHSC!Z|d4>Jq&_nNN->u~BdQo-B=)RPq>IrN#m{*a+$%&o&Ap>^> zoju0o{S@-2I~JinlP`qcX;keykqG%1fV2BtRsO5K)5btv%N+^bqtZWBXv;*?eB7h`A zz2%49{NlFYj@u&XMor?Nm=F*pB0Ps6<&fjp+f^PhjTXY5 z%v%WgV&j*}QQ#Os`{}SF)MNUrb@;Pl^opYZZ0rYVE$N?S$TQI?kl~=iO5YE|Qhztn z|JK0O1esJ~`vJCj91;imF{c!Z!lwukP@@$L>-q}ymuJ%BPLg8Ks(*$_6=(<9WwzoV->4NF+t2F*A3;M!-xqKFjJc`GA;4m<2f z&8kFMA-8OGLrD<`at$h<@X#70>36|v`NwfR*+1azov5l35jm^Kyx_#rTV3bE=MFqg zgzbO-3*{U8i?2ivK=^sDZ#KzQE)OSM@L?9>md%4_Qn2#^mUA2-LQfTrs}FGq;V#WV zuUUV`g={Q_KS(m_N#Sa4V~k0@fFEvoW}hS^JT00Lyl{*!3v9jzjf?@13`6JQQf+#y z4OvE^?DFAq%}3_%`Qr1lgHprt#i&^1n4 z&LkmFh7%!(ZjMI%hd8xRvOxd_L_$OMCzc(VJ>st3iG^9-k9)rcVt?MNz!PH*&}8v_ zx9HsNSYN>7?uN&=Za%*1>(4cK7Vwz6SKrdgpO0Lev{bPs&&o1($wJKJ@f+}Pfb!yH zMMTiR4I!^VR*1ffA{P5V)+@SxJV~=0U89Dc!^!rAtBI$HTXhl?@Lw#U1qd$@+k8m~ z$)5|(Fl5AV(QK?~u&?bPCl{7zntK!sp-nSlCyM=dpP%3yzki(xN&IIF>(Db}y>}TG zU+3CjvV)QC`j&QFdawAE=&^>9&YYtFCItcj@joZ^V*da42)f8NIeM=F>RTV#(m{9A&qxf%xZhe!+&1{H=$9)Cx}N<#pd}MOy64%4k1=Y9`GxE|ADPZsVVkTOD8@diePVvF%7W z^p4=6)8M&8`9w*kbs+(^9*oP95dzWNV-O)>s4LGK{qzi5ba*q13J=*ZLZ8v*yeIoHf?GN=bCIrRHBlHLR z{5CC-bA4WeMH(r)+^^+~nGKJC^v@d-=LBO1}Rr5NbJKfn?qg@UJf= z{;Cv(7Ut3^zMCG+3em5S?u$>>>CCi-J!?^XJ z!gs&io=3-Smu9q7wD>U`5dD8M?Tb!<`{J|jS|Ws~^?|#|l9dp6nxcW{KE|Kig}KBiiPpI_S84xchR8Y}hSzVW zH+{?8cZpsv6pwsKJxvVwh|yf37k^A?E#)=s`Ml2JD)nE7cR{vag0;E;4= zzFEqAvk*agH$mytxmWy{KuGvX7uqIhyUmmPvbN0&4jsw|jHCh&ZBOQLcW)56xJ7If zKt1Lk2cuvsBV|=)v)!9BV{j|&>CZ*A`h%0=>y63~wRo?eHCQ+JJ7HOzm0N|r9yn5& z#d?Tx5+wyY7bx@X?b=r4{HEKXSAzEkCKLTN>O-el*5l>G=OKopbBlN-)e2m>kv0j^ z2C9zw&G{B@*$pa~%((uoM&2qWaPDV{E4qF%{--^|XbeTA{L*~42wkbno-91se*DK% zi?@J9?*}H*F$5?3@3{|gWOev?8_4r1Hpg;gpO$W5R`D^(N!6EI1xyd;AHXW#W;tvS zrgHT_$07fWD_LoJ&ESb($fuw)y#>+v_t}({Msl9ya`O5vC6Oz$)?s!Lrm~y+6)Z@l zw9Q2t9<2e4SB=G6kKu6yx8vX2$0^n`?0-sPW7^R ze}Sj>z5z$}LsKz?bY?AMT+Z+(>Me)yQoUhCvjraBg(F8*{+Pm(mE-kyS*Fei zU|~fbYt=1OjoD)e{F`5yKT5FN=X{FVYa`>r?hCro$l>NA_-!B z`5iICRx;m?N+KfZnS||qLXxWE%9D&W{PILa5Ti0YFvE?!xZ{+U>*<)0% z&n))^uFVxaGnU~hMMxZ*Ti-OFA5)JWK93Do2_Wq=OZu7%XV~e-I zhjl%kl7OR6fHcLsFonEO**uL?+U(S@e>?Ri&EZ@S2k|V^dK5U5#qN4NEhyrAirx5gs*Z`Fu)KveEp+so z#FJZT{e1)_>FX1m6Pj=i0y#wP0rNi}zGcBD^O+>941oqlchc>4nq`)t=8917vpX(R zqc{a!ZE(G^kUw(wXy5@_dx-o7E&l^Y2bN6{Dkvw=Qh+tfKBb6;B!AOy*W5OKVNdQ> z88rL3MMpL18LNLpibXLbe=e9*VA+DB&F_yRJKNl`aCad>8R^NsKMI~<`LzkpjxO*` zxo9>yY|*-W`X2KKI50q*$x@qLY3skmEL7xy`mHm#F@=?=_Grl`&vzWrm6lcwY)BHZ z?GiM`n$4~MTaJ?+0?u3$Ml#YcIo^cxBiUc(z-A^TO{CF=u7_D&Bb+af1 zTbkK^LC*ldo3mCyzC7mxu~_K)SHM^|D<23+Z1&$+4LB7h-^XbSFcg=~|B>^yV__PO zY48F*TMx8nR)G!l`I#e9fHrFpvdV-ymzQM2iM_8%X~iR=*pqsJWzXin7;)wTnGWT! zT`uClbsq*#L%id8w|`St#SkN^?dG{3i)1=)X#4xNA6*Se!n-Wq-pFWCT>q&2vVPeE zP)(C}>+2K62j7A0*qA*PTl`cCuX!xWS>c*WQHO#nX@NSb>9?Pjt3?}s+O@_sKCO=*51qbPF%uDlJJ2y%w&fn9(o?yxM`T?5 zDKLa8B$s2Y+%*N5mvEL&ddBkagdi!-)XYtn z1boxu{;dA9u+uZ4G)BC&Qqe!YmSnKTczKg{=Ah*KdVh!fNCL$tDRRxireA-;hMj8u zs)A=!FrBoQe-OIYvf_HAr+u#oaaCN4*&LZAZ0@vuevU?ePE73BYN>ji0uba^w%UT& zB0*`4=}QG(jFPo#b*p^NByQ5r`Q^SrbG`n+}H;V zyrywfR?zJnq#dT z-dD|3ofmL`Iu~?|Bi_xgic%Z`I!YDhvcA9 zG~U+x&b-P~TIgQ3a-0Fs?>!AG%ZtW#aR??Oios;)1bG;h6C0oDB$bZ1tK4!6EkLUV$Nfw@9%&!H7{y!$P>K!4gF6Yjq*e}TyAVR-Uec8pN{ zU(^-kO&H`+>Ci=I-T$6wL$2Zc(*D=JZhV&x-)-}mY$l)zgBpLs)0 zPK|wR*r$>ehw;2j9$w1KCi4*G591FVu>TJW%V&*fcPi6`bK4h4d&RN?A@ zKdVs9XQSJLj$iJN!8ldyT!{3oE0(suwG_M^u6O&y_sx~1dVee6A|HWDhT?v#uRL3L z>3XhM9A@T5T872jw}Ca6lR%0|hG|dEWIVIwLZR~pR3=1TYgDKBgP=r4_WL#|1<=5ut#+p1x}x$`nt z#0vus)qaOna3Sw+>yhdH?f`=aP8qb&|JY`HhXrL!KFg|zUk916=;M|7TQZ47Vqxsn z6N&mG6qeK+=>5}?jLKk{Z)jPezG^|CT6oa!JCzQ?Z4UF#>n~}gbV6f)a{ZGNWefcb zr1M#5Sk)?hfsf{O+@NlyV`|SwYiCKOMI93-_j2r9z9iZ8*@xT^Uyy!UpUIkYT2y3U zOs{Zha#Ebg9^w+6Y^_thl)lkjjxeNigH(>d_A3siRIOZ~5Ydm!TG zktzN(nM40Y#c$i^31GHRFu>#SDkvt6OYt?5@7KKnDpz}RLt@W;*W^>W1Zz{Y5PdP? zs_UuKPtuo5Z+L&$SeD~^kC~EJf#BOJNG39?tEJzCuHJgRdgA`2dNp6s8Li%#n;eyG zhhomzPquQ71PNiYawpkXNk)QeN&RbKZ!5s0a56yMP?WjDJX1mu-gdrz^4L<|4e#Aj z0V+A>S~PiwYSJkYRJ>8|xEic3*3^VEJj~?rkJss)8|M2@oNzZs>4_^B%F% zjH8FI;77|Op8(y`W`wxG91<)r%=H@4*`GASO4*ior+#%@0|K-2P@9%2xO36ms49+9 zpR3L|vx}dIfXdRVP*H4_(Kw`&R$AU2p#Mr~~^xWa|g!c%GjyMn>GeZ@1~wjBv#n1xeR$W&K3S| z$2rxni4G@7ExRkwAS!tVh@=og~dq073Y#@yG3UyD2Y*~D< zS@=00gge^QPbu>FNr>}6oDCNPtigntS>fRcp*cjNCyqSGINFxl^I}o?(TNr#me#%c z#|0hl;>puz82j)}$CwIw^}sZ2mdC6-x6E3N4thqjSvXKQr$IimtP$3sr7Z1_E_Z04S68mO=#_JRp(;}cuZ43&w^5f1@n5|Bm+JbyAc@EG z)o^W$iRUB#g>kY%gq{0Ni(qFMWxpSv`d5qu#NqQjaYV&K3u!e!Yl#o%bEDJ-KK78h z5L^~8GZQIY&Zhi7GFlOlXpkd38No6+Uspr5s(b^TXnhE7<=wq;ruWyJ9j!T;7W?8J zgy-?O3Xb^o5)$2`MHeR9_l)8~h_4{df>;7_3rH+bzQoB#clLp9VBE|^RDX62q(rGu z$pU?i)ctyF0q68evS<#`?2QbC&^;w1m^x<(FCY*oZJl2(CC?n)OReMUII?@ir3!+t zZ!r5Nvd~Swn>I;-_}^YSJ-r+{&tJ}VHvuZK761iY1_`{5d#po52P`)(MmDMujnHJS zR&FzCw$Nsu0?I%4P~fI`7?PR^$&#K#)SDTsNA}s`gGC%XUlg&aHMnFzpxw{49o1fG ztn#>pNSzfJp7&$*rIOoU8G8Q~kgtR|Rgvkw7W5SI$NW#WxZ+Y$1ccG^La7md?Xf{zSu9&xn8iuh|b z4@J*1jg`!(yJBJ-6&+(5)yR}Vu8BgeNO2%nMNTB04ik*~h9JuzFEMm10zUGK8c6U{sPVLK-Uj4yh-xbP^j&77AoGYiJQUoaRCs6#HA-V z^avZ-b*}+FS+f~;Z5E>iTbCdf?T2U`NTQ5GvEa@x_;% zPl$%OYoTS7-X1hK2q^_BSGD;a86nbo6L-}Egblo#=43LND|;XxHfSEVcnkFrHxTX- zNQLSF$tA3G=qWmh)VnAaV!YB(f+;?D3wq|-y`-?)0rQ8?t zFjz^);B#116FAdM<{PSIo6>zR3u=~w7bQh2x*xZUC-{b(x5J*Cy$N`}*<0$jn;)vB z^P3(U6`|JBay&23Lv{4yToDTNqO%yuKy>Ek&;LUOrUMn4L2bbhE!PxrBpy}Hsk&b6 zNFjdO*Hg!48Zo@N8msAT6>SxEZH*j2ijn{jsXq;khP|$2a!T|9ko&FJmk<7& zd5vb@^U&tvCy@@$Cc9_F_%Ek}J~Gp9fLJONDB)bO5JB6VL^z8eDO3|_;Y6t4g9e(t zgs{t@JL93O!0_g*+p`qhMf11~4NY$2k+nHPm`lP-h{8pNIh&w$aLLRFxGi9BF+a<- z;9EAuthnykht_e&D4cD};!+(Qox$zL{|r{yiOLRPu2mJkrL{pQxs`kcBpm%G!B8jH zB|%vb_WI#u3#g!4g61e2h<`li!;Ap>{X9VR^7tDJ3w2SClgh_R?|Ec@klVo>7@JzV zF(keh6X&^L*TFf=b(5+D^CG`6{Oz+|bIm(PKt9g@dKWvmxHo~XwMr0LQJb@~Cp#CN z9ZjD{&|N8T5nTm6U}z%>AqG&1&oYt`A8Nlc52Y6SiJJDXL<$I`fkGOzQuScZ$az%k zh^)F%)ZuTF%En5+UD0VWFL4sD@=W5(=H!$^HQ;xPpWqkrJk$&8-vy?Gh&l#VrGb^< zqG%2=jojg12UN1;#{1*w5B)~%c6_j>5O)Bq{F4QX+3+Dxe(biUFm|$KQS!)Uxk#Y} zlMgZ|;W<7rD>BvdEr3xx3uyf%A#D8nqbydwXC|QHRdBzNn5D8PPenlEMMd18xokgT z>LP}PegP+pMEj0{6-43ULd`Ox;XYQCvk+EFVZHtFzVjDHBh!yCn0gwVaBZVvEL6iKBM`(*go60*l{XB_%2;MZ`!H05)DyLY z(T>MCJ(3-Yw(w~q?qc%WnfvXmHLk1LlizW4$U+F&a{&F4{c()cR~Byz?_A`E3X$?{ z02lK6?iC&JG?H07FqX~nTp=QszSkPB)HgcsmWqNCaUTuMcNBg@HK{mg=F06Y zbP`{OGH98Dpdf`}3=3%+TE8J1tn0 zRsse(#_WpPkj}AvXg|>@c;^jV?!)nu8l-3@Cv@h=FP zuuzDfT?sLvo{&y={f+YX=IlU_DSp6$1^i)TSJG{;3#T}Nwj+C3z$i-J0<44h%kxDW z2mlwUjvrYy zx}URCa3g|8br3;P6JcsiC8ExMZ0`g2 z^PjX+VHRF)a{H7q`Q{tiLH~QqxTs*lbN=uLXA`?+@*H%VV<@SH@a`?$-I230ngxC* z)S;hp;3GlEUkQ%LXV`|bjOTils_Isr^Z1{&!j9u&23M7t=&uxVCJ!w+@WJoggx}F` zt|3{nA>`QaBcDGXixLKJJVdBY=3qOp&7#8A`9gG6{AGDP~-W{kj+yb;QFC-BqdbXK6 zY0u#89@A{3^|gLz1Id{yS%Gq=lZ;!RAk7h-%GmiEakG#J0+kH*sgiUYZZd!1yodtO zl7t<#BE8%ghg7n3n|mNYWT6*2Ejo@1nJXQD->@4wFsg%U(vdk@g#R9!I}#>@?bY!m z2XA-%Z{*hlulInSykv6%G};d><%2<-$703(@424m>o70+pWd9duDf?*lWZN(L!T^G z0p{R+9Fb&=FZhgxNID;AZasOE2TE?!hJG8AYrbq{Bh)B5jtk@vIpH_*!f&jLa5A93 z8j|>EOsa)F;G8b;m0Mug+_Dksb03_q9x@H&b~3^Y_=)(Qk)x6p&t$>-(P!_~5odIC zX%C@4qy;buaCQaPj$WxQ)KxlG#1S8D6G+^~)GLRoAt+T#*sJcq5HjG!j2vPiJj{>g z0Y5##pGAv=8qXa$4Am;gqK~}Cl!Qa|`)lf)q2GQv5=j-hz<1fGANRrn0M4QnI5Zz7 z*j>=4N#Iz902mf`c(yUTLiXvpv>7c@&(2f2|-O?8X z`S=d(iNY34Cj(zy?6>F{4@zfjv-+S}h?GR502{j<@HNDrBDwa024o(4Ii`7m{11Vd zHpg6Ufq%=i6L>&NVTRER!1FEy@UiRFA?pH0} z5BwW~WjhVtjf3WK=eM#kyPeFS1bR0LiuVK86SocZQi$(XM825x_N;; z`R{yl#=M~Rh-9`0w)pi;Ao&4cI3oQ<9bov!&;=)IrB&TwQl+gn?!ERH@C9~Q?rR)Icu=6if~W0kSFnFPE)5q&=)6@t@jYyXcYoO}5&QBs`!T%|(NC<)=Bk1%&r}>&b%atLn zF5uq9o(DvemNL7`=Pyv@M45nyPM=^GoNF=IIkZWid0u=e8<V}Z< zjsA`nl{0*okpehWTqb;m@}s^3?8Upy%hK588T;6d8=QFXsBERLE;H-aE<_3l5eR_&$NVIL{hIGfHB;|(dTofeC@+Ni=c2YUW3eu|ClF-XiMTcbbk`eUg?sHr-9hWi6xG9c+gCqt7f zK9Bc(+=I(pSZ+(_cZ8JYuOO}PE>&9%qyoCAa#ZaXk^p|-q2m~( zvb>XJ;N#xvL_ZKaHic2dhL?oMqoc^!+!v8uXIIqe@3TvtlFDj6ddR!l z)SGEtN0-#dVKgWzcmVM~cXEVfZM%0480E*`qPy%2-}z;xcac|>!~3Qc(Ni(9>*^7k zIE4PxzPhV+3-t46Tm?AC39uJMlF_-x@fp1Qg$CZ3!FEV&tmglGIFVi2b#>kz3t7ZI4Vdbk00VDZJS36@CZGdN^IDJ|AGb70i%Dre51q?lzQc(};TN}f zc8!xWgaAioq*Nw&8<%OoT;0@59 z9R%Ib7HxmgE^8M;Frzn@zX5n#{lr=TEl0b|&I4EL+9Qu#xRqf)m>a%$HKho`pP9>8 zr%;wh=fIKU8{6YW5^~gd9>HY?P@BbEsfc~HO<#4cY+#x(l0*U7%*!mUJsRPAAK8ai zy!qQ7xY5}t#Yeu0N+M4D6~Ov5lYY@2w>jf+$yUsvK`5$w`aWP| z%yxr&(U`qD?J8Mj8UtPf+C6+CZk_y?n0JB@Lz!K9VL!4wH?my5-8(OA+H`DiZ{75R zk3-7~K3acPwdJp$ZhNtB`cKE)4IEdO-&z=_=qJx#ByL6Cxvm9hU(ZUKmw9e8?hF?V z<5<#u)Y@H$G}-rrf7ez`;ZVYYlZeI<_N%t4^)huFkANGk{98!kW1i+ipRQy!#K*i4 z9vl7J`e?y8622VQL=tG?)Jt8=L^~LTKP6S{l{2S4!D6+-R*gIDzj{D#tk{_5I@HCi z_=So4l9Q8evv@cEOGQbh_@Ni;I8Oqu?Zrh3>qk#6WkQ^lzv$R{9Ngz6SITW4!CN}) zGL<=uQ_ol*H|XZ?l|On~6lq%m3BM$Y1x&YYb%xw3ORB)FFv!jP5_l{@s}d1kzM;+^>3Cj)GZf0RB0(F^}i_fGMd5z<~hs-1NDPwPmwB-MCqw`;P@lCfmB&c3yQkvHYo&XZbnKS~BX-7f`&r!_qx`_IwNJw`cLOY$3FHbq!wiudfB} z%T>AZ5~&DN(vumEb!4xW(ojTxl+kGUE<|Us9nZU>-r84@Y6AS*u1eo>EpT0i#%00k z#jlW2Xf}`O-dtbe#sk$Jz zHO+;jiS&oG-ApH2*Gv`{wE(Eg+N%L=7tF?hZolD7nE$4_-x<}!)bsViBOcv{33j@t zOwbi`W)7Xj5yfoe6TBN#aU5O$LjiNRy@5x-uv>G4qC30XGBa2 z&-qfc{e)X{V!V)i(&x_LRjza=q(fE+@c-Y6ADngj0~Q)DbTXM;>azRenrtW@Fr8XXIJS`Pu$iYqwbUYi`%;NE*Q~@mzX``#3~eK9#YeG^c<H;byWghYF zVas%5c0w)y$NFA`%>Yu;{`-hfxPqSqW1ireNS}zC5O|O2qyxAod;IT^ zCjcG-zjr;^5aHa3%Rla~8nr%k{W5vJQ|)@V&h*(+rY~@p9`X)3%x}nV!GDQW-IsJR zL5=PG3VGBqWuA25;`Ckgrln$j9#DAE<3JW|wH$Ppm_A19BCERB-X7O3w;g~I()can znLbE#CuG?V&~%Q6%0KjMWcJ{x!Y!JKcqdk5HD*x#6>q=V(RAclk*%~*kzod0G^CU^ zIY0aJ*4d7OX@9i24eCud?}#dvLk3(=gkrI9D_O+IiZG#E5Y_X%Ft!m(Ru|ZJ9PWE^ zfQ#QeG(cbw&bUxCR)uYQHx0tfBj^dOIy$kJtOEisIW@5zry(tVYk)PG5yLE`FF2YI z6b#}|K!X$!v2gcZ8TUQ0+BlUDs$;{3W=Px5_f9vxAU;-j2B0MegHwCQD`jwPQXy$+ ziYuOnpm?bJiZa6}?l?&GF1$&h*!=d1^do>JJqHm1>05;$_Pf*1Y!;S7d0}ZWYk}22 zDK|tdTz)5=?4E6ZaIn)DPxpXMBowF?Y7%ECGF;xNeIn%)iq_GJlQVYQ>i7BU#I>|y zTuWku&;wp%s`}z@Uq`WtW13ZAO?wPaPD2_W+i)N%cstp=P(6KOW^z!6Iff4E+z)$1 zwCqy>nVu(EFaQ@qO^sOFUT1!^TjkW~^jWeaN>_@%bQY?#u6bs}TdQnY!NWq>*C|cY zth6ggrk~e+G&1&uV%N->H0ym-F_E6P_u!CGd6w&GzoqP)PN@h&Ef%pfxXS*O-O}i$ zTiB{$=uEHMjLlrG#W5{;CruXO_I-ZCg6|H;QrIEuc{Q^G1#gXmcgjYbI)8a`(! z{2dvbItLTiLhXWp|KKw{ZM}o=5*2X|cR45@*UIZ@2OSHSKJ>e{<^KEe#L~M?8!ihb zJ8q9sE+S8Eq_wZVd<-8Yi7J%Y?V~D!=y(=r#;x$Y1Pib)9_sd(Uuh7dKuGK<`BTgYhGeXwdNSPt_8S)a> z|T+pBn8*Z+`s15`c_?91I9)Yd4KiN)sZO7ftXDZ}Osb0yfddW7kk zJFjz1dl8hkNjr?O+vDm$6#0RW=W53}H0o#UrJd#lGB9FtcDnvwxC>2sRqSakj-I(! zs1OIhF~^Kksv?Y|Fm};1U(ENX=WCm9zE|0WSu!ve0wP9iBxs$hEKLRK4kOOT@q>XrL|!1Qqg&izd8S zvGiG^nEL?Ep)OG~_44oF+s>IQaU&ydXaVkZ-?`xSIGEwHJg)Pf+8cGH({)nRuDS6K z`xXk^hjvJxc+bn5&0p6PqVBuBcJ$Dq;+kanukN^Hqx-{K6v!`SlA^}O0QF=-B0mtQ&@t(=s85%T-zv}tHh*=@>1@^sNQWT;5-LC8(igZcs%PwtKO;gHvqAo*+OEcdILSJRZY z1F$wd%?H>rXmyQ4kGS+Lhzhkf>ee{v4%=T%cH#(#MmwM$PvXmI-B%?eS7jY8|2h8& zzNR1jn)y$6u5}TDOg{_m48aaeg>L?OsfSdXrx+ zdB(P~o=xY`;Luf>^o;);891_)KdYadIb>@0ivhx3nF3wz?l^MB3e&A*Nt*31S0<=) zA^9I&3sq1%)^EN7&EDc%PX#9KCOw%Jr?WZmF~4)RIWh=YR%i{V;0*`~s|K1hTpA)i zP0S&B_ryI|QS+3#c8^hFEB&{;l^scxQc(@V48Nd-ZpWTLFHSXP@0`iw02QH3E-}+{ z{EiJn`Y@(|*R+6%>MNZp7lrbnDtJ^muhhmne)#R0EkdZLIV`gJqcf}fY747B=vCcF zIh}9VJ=6?Vh{}0%68X`J*!geEQsKOjnXOVP_A;dF$sF-5ybB;Bd)JV*s9W7} zJSnGY%XdYRpjv+UCJ4f+on}?3rW&xRWKcikr}z+Ut1O4d-neSxL3RL`?5Kv(8!Qbejpxe#07f5(bl_;@T zdu^XzT3Q#hLv=N{qUT7*U<8z$s_&J2m_0AIY=Ss$rM3TD{Ly;=o<3GMb*jp>(>})a zjb}awO{6smBxiOoBk|{FpT9xNmqLJP6KCL8#9rEN+sTb}?$Zyfw`N$at=<$jq`b39K98|@^I37Ue>m5ou zbfUJD15vU|Je!A&bkL_O0v&%}II6BfJ8jd>OyzT9{HPhTw|`8nb+{ZHBm{510{7g# zeL;IU0h%n&@;Ibs1F=JImB|66J}paUgkS~+|FlV|p!eapc#DjzNTNP8dsXDZB;1~n zf7bi!%8!07LlRRz3g89mIWXaL3ni7$C2)MTsM@?3Ou+B6tcJ;xdr|IwIA@3rk=r9< zuqD8Uatx0Xg*O!PXw6E163Rksm(yJ9e8VfF;zK=u1SY z!~L4NG)d(xsIXNi`WbElLMIdM=Tyx>eY~w4Brjc{4Fiqn+x--6F@DSa!lf2Qyl}nD^8Lj&e{d+6HQxYFLzDEenXl$A zHeYNc!Q_W4_1_Rc(ECh&4?`2CfA2Rt+3i^DeBI2on-=?3y{l=y7b4u<>p7&3UfG#ANoxXI=J?Q1DZ-dYPR}pE(Kns%j{kfn6&#vhM0G1`yTJSc3Gq( zN!XwwT;{%KUL%WR91*xJ3H`vEr8rf7WIFi(i=mp!>nWW}taTls`g;#nw?@}|5R{*+QbltS~^hg+!=#L_VR?YAFb3OyJ!f*f}M>F6HnD3NaME`*z=oNPCv|OL!U!dil#6Q^Ur$ zc>Ajl(gW4j*=lopo>AnJsJ}S&>eGL5IJ`XTjf(`iyN>hb@klU>q(q4Z(@Tj7pL7J`iJ{j6>B)!B8_6g(L;3Om2tK}lR5v{QewSH)x-|sRoV7_fh$3)=H_;}IbUdpzG%KRKK13dX6Jes{vD89p)V`D?@HS8@s33w z*mmN}Yb$0NOG;u#T^y!X2+(T}JvJ)kRQVdvE%`<=8Ip|Ho&y=n0(r(U+6O?5gOIKf z-C0}ibs~?R$qF2uP2h$Sym*`a%f$GcDs1Tixsd0_e>rf&hB^Y+8hca!wc2A9yO{%E zp)V2Tqn^m?{uE@r+VispY%06bT4PE2jXwV5%t@B9?6aLQymbsX%farEI(jmQ%RL$H z6#TsM1ehl5e9nDdKZebp*~bxom*?F{#=-N@t-NDVcf7yEO%5x&;DZJEi7MZ@JO9;` z%jCV<4(u3b3nSY$yMyF9K8k=_AEb7`TXa6VZaFw!IiPI^07~3f)0iskM2xG zwD~;?E#BrzZX4URyRe7=WH5vwd2p9(jN$!OZ-L%111v~fRLw2hvP`8a_-Rk0bPV<$kYsywi8*{! z{#l&2I^q5@(VI(jc)JuauSpg$%e8oW-QT{v_~8*&)4}q4vDtujY6W1)rDG{-L~a47 zJI1fK4jJv}%jL~BKH&%p8RXLF+UL9?e5miuSU&T9#H=X%|6}jX-=S>7|M7b)DMX4A zgF?za%1%fqTd3@0kYpK4_H2VBYoU;R$x_*6EEOX~N`x>OBFdiZ`|>@f=l%H}pMT+V z9Pjz%>39w^*L7d_d7bO)e4U^Bvbu5K>*M!R`v`?@f+j;9QzTJag7K~um6IDwMXNyVcMOaOV4Y90XzbXLni)Gnhko3svIU(m3pv&pVw(-ABjOR zagc(tGQaXu{qF5Aeh1LTy=jYbg9kGf%#*K5gAlf4|CL{pwCt}dQDe`(#_~-MZgA~L zli1W*z>1Zu$V~Pnl#6lIh1b*zxvJyGqVzh)0#VDXqHlNd)+l#|v}`%ipj(-+kNR91 zX^s=dyt|+S4t;-8asY~dYuIR`nX6@qCmq!AWAqb?&v0bFgu0rbWh2m?Ek&^MwS-Gu zUUAkN1~f47-B=DDx?)&MP=JGI!p?(Yay=EQS*DkK#P_NE+kRWyX!%tDG@#9)Txfci z91AfIpUFeZXXH{Z(Sya+Bw(&py5}|o^D$YTMk6ETT7olY_{)`6IF3W@Mz&!+^aG7m zRqo#f;7&qPLU%XEnrq9xsPrY{$Q|$X#nnAlJetBRP5t0F@m#mnuz~U#N2Z?12n0vr z&))^FR`l&Hjmal)ah^}sI0Zib^<1+2$EXtPmks0{ofu%b${8A?iJP9!j{X>hD??oP zkgW6kP(6;U?rFpGT6fqT5Fb}Tmvnn&khQ}2x+h=QM2!pe5&kHO`Id7+^$U0|kU?YR zvOz7I%9(G!A6R8FU{^>&+}KXrp%xS4xB2~_9!SEu3A|Bq>SpVxV!qG1PDb zrLdR=I2zJPnYjWdxt3$St~i;cRU>c<-O?A>7;Mk+RaA%VM^vtAeJ>DBfBk4*pXK1= zTsa;^lQlBveqt$HPt)jlCDXe3zP@TmpwmIo+OewP#NBVKfoVR}h>oV9ow=4DYq$qG zlL_!llEyXRpazV25slkoRQR!}tXT_fo601<09~lecpICCC(Z@W`e*n2R_Oje%RUZV81H>%}-g$hdSNNY`_)X`w||G^XvkORtab zK4jz^j7z-CVbu$#^OkZt*;{lNqdh*@=yXj98LHh!K~!3n@4m@5bb#r(CF=Usepc+~ zwRR4sJ+1NkM&T?XD$g)XKwmrp^RH5PRWBO|!V4>dVX} zreXcIqEvAsP(_s<_t@?xD>#;^0n)%D@aLeOdr891)3yG?&%qCt7gZxN)fO?t+_e#+ z!Z(>jVpC`O;w|_qcL^QgWfTkrM=AlA{KL${89|hwGEhiOwkX zg3`@dr~(r2vEr$(>R@!EcUuBWX8z{alncR)=L3Lob$hdlykT- z8j6pFnWw)$2;oYN&gO=jo_7epWfqNKj?<3p2h3o1cYoXxL)=9nOqA+Wkoj_WjmIlO zpbUhK-tVPLW<#V*)#0Vs1BK)ignG88kW2GgG(G5Kr@@45P)rF=YdYnRp(7G2*xP1I z?h0Q5q&$Kj63&+#H=F&cL$jhUX`B@f)N$4O@$qTV2-X)=D!;iVtUHi)-U)R2BmdMD z+MepF>h)T|4qAkiRp|cb@JwZ!0elhIeIjszc2FKKcAULQjgb(B4Kp{~D)u=3I!HSU zdLszvCMVey=~QiM#H~(oMbta}Fm%0UG=Avknk@nbF`Q&mgVfglJkP zj7xci8G7n-nfFTY2S*X_EEr1d+!JAoB23cgBCz9$kfj+4I zCVO6B$?PY>6aFpjQC`?2aJv2@V3EvNFMx|mvsmctotUwNeHXlA^ zD;nAM+~)IZ0?vN?h#`WBUCqeWPR56>M?Dchg=h7|}42vUrOIax2UFNm4h=&8w&ow4R_{+Ar0^I#^3NQ+OK^ z@J3&;ps>X>04#o^(=(;th~fJ2vInfhY5%Ka-)!w^-x7-c^Mp&*qTOY2o}z-J;a0kw zq{82&+*v|GO8UuRl1y^ZXEPc`-xzbwv1udIlPlc{(q=ASVaedYny9T=j2U34<*DnN z(Cnfa)-V_K0rt*)#alD*fL@L2^z36PqrP5&qHivrUGk3YCNy4PK!^)Zliib724FB@ z;q6jxu^-gLWKlIl|J2aA0{gz<5uV)qnnD;DScJ!YoH6=bZDN~T0jcO6f9PWYbB2LQ zp!oQ$D>R6qStK?g>Ec$X=k)V98-7QM^^MkQ=-_#4nD_hVVFVung*)45BX$az1QC$w zh<;X(|A%UR0s99-{_UrxfiHo+rIuoEUr7DxDC!r5FM74emJwk;jneqI zy051SJ<`7%R+G<>)-ZC^vHWPrf}_;{!SZgjhLc?}Y zs!#C`iK_#Ns#YpGDH zrYvJ(C)$1xrzHqkcEn`t-zrGa(?8#8lTluBRGy;}aXb<3*WDG`PGsFd|CMJJz^G%w?2vV*B)t z1-Lkhh5o!IInfN#<4E>)iJ@VK;(#>$M8Pd-d|Xz2Utb;zD$XkIrbKyJD@p1~R5P&2 zm9wD!Q43}p6@tm)GJnO<$&8y4bqhjT#jPY>@k-hD%TjI=CLsT@20aE06%fVx)pKJ5 z0FRx?qeUiYFBsd2QVI2efQB6xhjXy=&G<`#4oE;z$Hwmek6fOTP{3M1;Cm)UB9o^B z2B>H7a0u!zEWDO#=*6jo_Z9w#H5f>`Y6M|RQ40()1-%R8xXUskw-OL`piWCf_dmSQ zZ#F^ehW5DjIV6CqMQj41kT@VI{zpEj5*x&dBHn%r3Pt4f>fRlHN<@>wx8*WwE3jqf zWQ5@Bw=ezA&vInIX41jl`I>n+GX0P$q&V^=B`~c8-HQIcNU~BP6PEZrTtA$lJh}dp zSn!!Cp`-jZu-Iq!4FAg1rouwjQRma*{=Es+Smn&P~GOX)d{0r0W5AO~*EB}!;W^;h=nnx{6 zybeygAl*!6Pv_}z-m?3=d@avdF7zf{y1~Hty2aj7>pR5E*<$&ROIZJVD^idYB2|R% z$Cf*H$%|@F1T{cD$+qiQt24hriJ#RQZ^pt=o_vah`j3W7MfVC2I#UD@RG}GY2=2+o z%?ks)CjNIh$2h606ubAFX74D$pJQ7o6fA}i_p^|@5FL%-SbNb(P1Cs9y`Q@jqDun0 zliTf%3`0t#(=3P|f z)5%Nr;L9LR3K}>*ionzLz=hYZ+TFMIoF5T@cAIA+C9!Ty*xAjFtLB>5ow~~OTBVil z_;NF$kfJm%E~_e*rg>;Oa!83piUyy1949U>htqOu>Rcid3jKG*ldhJw6bu&}Zz+Pq zV>+L-ePXfe`#>si43DgX%ViC;*a97W#k0|z`j`M=7FltHzj{DMsWA%|m+H?L&m04D(Ir?%kx&wgGc=D|-W$abcD9d#Xaggvao=t% zD`;r6PO}A#O6+FZIJDbQDnW^r#k0e9YmnKAWycUCMyjWCT3E?o-l!3b4g-tI4&~r4 zuBy?PkfeF9rrh!L|~ICqeYMx)hrZ0p-Hk`9r*^bUUlX+)d>h0IWr0iZg#nLHGKB_ z@a|2nkkVfrYiE!2ewCHW5l`w(U$1vkUjs| z&VP>Ak*){XW)P10X9XQvnw)$FQ3>V*Y>=19?Ibfcd7`*#GNJ7!J6{eHxTc><8E6}h zI7s#JVpUnce#6zZN-c=cH++Hl!tBooxG%jMsQ}*w=L;zN%c;+?AZ%TBO!$Y8GIX!7 z)=Hw@TO;wPtLbP0dg)Kq339EJ(oB#N97)V@u$n#{xL+iQLQ|rVq7cZ+Yy(}gfNjOg zKULt^q?upOXF*+~*sFe6HkjO3JhlY66)0!{drE<=7*+OR$VuPUrVK?q7P3^ev|TI6 zYZHoIT1j0C|K4|I9qg}8^oIQS9v_&hf-wjz?q5lkLv}T-bgDo$W?y{n@X0NP%$LB& zr1xItbJmuM+Led?6v0?RiuFMlqjTj_;_CK8dygyQ^E6_7v(f_;ZEq23U&8f?ak}m(k?sEQ=Y}P`hVea}PiFsuA@Et*--pC+8q%Q6t==5? zW(%QT%9^FmoTK17$1@x@pEzJ-YedMdIeM7z_}`LZz+B9>cbXEEggLnXJjni-fXjOS z#reK9+zpsAe?)Iqw=H9w9!E~K{RUESgu9>6Qau%Wjc&aLLx4f`{&3T+tOKoB;E_ea z&R^^z{1IsrPav`%7&L%h+S-|BW$i9Q+n!?wL)>G{`fEOOZF73eBy>SC7$L5Uz@>Lq zrySS{Fi&%(tf>nj7w6B``%7d?K#x|2F>gxDZ?3%`KDjSJJU(W@&@Yqfncy&MV9-T~ zgINxO;O0{Tvb&_U6id?wh%8}OaQm7j=7iaci*}T75Om_ZH-8&E%wZRhIZ|1;{oC81 zXeW&Ql3jkZ5KM1?NbV7pRRs$rLC~}em{qi&frNIy9n<}rVpK(-6lYSzVL((@SD*cH zArOuCA6D98u35PWwHO#2fXvoYTapoP&9k z|14+AVp8yrX4RG3YDjR`Q%5t~-qKyM<|-q~(jA@rFp|d$qFLr>XK%Y7gg+LH#GLO* zPw3+e7;Y5xXwmdZWc^IP@laVE35EiA^%kr1jERI;{Yj`0#>{;k{A%{^+XwUtDr{l- zOY;Mvp&=dtsu_ci)8l^Y?&@1v$Q(0<#Ewc~<8Dp-``Xs$=eI5I|Fd07fdX}>As>sf!0+sxPgTvHYuWOHu$^E7_T74e?vP|i=8v)MwuEWcFEH!W=~4n!0@8`p>0c0 zd^>L0jm>T_vI4<($+4ki<_q@&6>+JUm_U^_tWGz7mOj3yRh32`7HQIu( zeX6in{$ktFpVIMco~9~FqN1KjQM-i8GGzyLNkj7=qn#Wz8qXeACO{2ma$AIoa)3bL z{L-mw=rSry5py#zZ8}-=R(JMQc!kw7`GydC30V8J4%?c*D4S!guc{?V9BTycopXt8 zrI>&*5ZJ-=49-Qj+xe7K4%Bfzo?xCGNIN6{j39-MyG~>1R2SC5^w%vY3=#ve@6%!^K2Vr zR3AlL6fU@3ssy8p>FU3rd`uQS7m{r$jh3(5pO$%C<7O&J&#lu^_JtbPcwp-pe3}URQOzIkkKT?+ z>tNQe0l&a{Bb?`)b8r;mQUK)Y)&WjY4KG(z6~{BcP$!6a4Bq$h{|&Fi0chulM@xvt zf+@DDK(6ru;u`+#ubq11n&YEIpv`NaRPWcQDJbt_e;5m?2^b8LEH|ezG4%=LF|n}n zdqmIfts_vSXNU&eqx{i8y8YRzJ6}GR@N2kkw5>4?7YwT&udUOd=}is(X-0mSdpwpB zMQZ$pCXj<%qch;SUQzO${oJUI1VG!A!1Q$*{c0e$aqUw^ZD*W$0V#QxKNNR&y}eBI z!cEl?|JWP*J~BC4k9@CEQG|2@Mm9b>MMa}43?tnCuI$}lo{Twq*MByT-iAS!rd z75bd*b*;4*48BhbLBWt|XJ^6cRFi03hZGf*PrkX@RX(Bd$3&OP6I=iL3Ck9>B6BEt ztxIJ69S!R|6{8BNp_`(Sj-ri=9@CWU2J!ax;kBl6ffRm9Z2*P?U7<%<+b`7o8CGS~ zFKqaTJr&vIky+YG2;P6F78-9>;;v=QPG_gB_)aqZA+%p! zTDAM}_dAo0e|-6aP`S$qS?WliF7XOT;@EdJ(b64X!8mtF#XJKsq9@q>7AvOH0Q~e@ za5WzSE#(1dl;Z()d7VO3!l`>}*n^n7)VN3xz3trO}Rv$R{D3O5`KyiR%aqj{vB9 z$hVn(eh&$^OWfVu@!$@<*f}oa{=Lj90V=dDB{*`jCQNs;l5{0|=Uim^_WW_B3)%a~ zv3DaWtXsq#fY}aocJ&5|44w#!pRSoQU!9owtK{+H#_5el&(|s?iO!prIY`k=K=9GE z_q7VAxW>i?3*B#-@C@>J?o5ua^6*PbDrJ#5fIapc_^ zIMdS8D8`nVGbv+1&R^ugh)x4(KDBIBd6+vzEf1;ZJe3^j3p)Bw?quoJmC6;ISnwPC zZZeQ5*eoq+L{B!R=L={1_YnR-YB}o_PGRi|g0^GyeY(S{ZF^pYqJ%m>*fW7b$lg?M zs@knmOx!ov<}mz@t0=MKgc}+XI{<{8@gz5(B5J0T!&KhJ)qUAe9Ewx=3tNV$_IVBU z2nPOn=lzoM*y!dW(0sfEq%%`>(F}tNe)A{|q^hkZ-1H3InS4n|k3xaLMxj5L(Uf0{ z-A}YQT$@3_1%GiXok}ktH>_BKcc7SkpuB%+&$K?*uC^?;#IzMkdB3#;$+gIrpW9$c z;ez*uV&h#D`mQ+;uaI)tiZk$O=4)B!u|Bi%sMeg9G}m9?$aV>*skghwr?~Izx{?Xv zTV+S^Lm7LWHm9Y$?N5ce14f7m7@kigG88#om=|bMtJycC276?+7a_P+-gK%*1}_flzdMifo|0jKadvg?^Y;WJUQL=mrEb1)XnR0> z|E+F(hQbll^_MIt^y3+}a@+jJlV`j3kJ3czcG;d7#9&pQB+T{iOp$^CFS3oy}v$tp#*0D^A ztE7o|+!jCon}1blFh*rTMEJ-MFF6 zmc9~X&-aJ2w$DRnfrH++Ir|eY>2?kJk{0h>Ov|6SMT-tTiE$#Y+Bvtd_mOf%%t(=>iaifd|Iyzs@ATIiGBs&_fP9_BN zZ>V#)UEhOir%fk9D$}J@$S_G4esh>hT&PYu;{Uc#^T)Dz%>WmQ9k4$3IC4WI9r=5i zF)wAz+E}ikV(T)13c}g3e;GpTrwFzyeqm#2H8_8veMQ|`H08jsN}OQSAg*{9_4^zN z99r@;XC0_#V=vhaT29j`Q%P-x464|B3MEeq#G98Swb%H2bXd!i)rpljvQL*K)BSOK zN^lT&vQMvE8N85HrKIDn*gcRyM^S;@P5Zim`W0O;<4gyzjGGapVcAX(q%jf;0L0kK z!DFqenYQBZSv#6sjv;V+gZ~^uc|;ON((gJRdy((4e-@@`&zpvQD#1xH8Ky;#h=1l6 zClhwynl;wP(SCc;XuK*vv~!zObBve5Svy8~5rhZte3(qNsk~u=I6B6iaTNlvqCOoOtLk>cwYp^bgCRN7 zHMTo^1l!-`nbBBzcvKy$h595K>T=jy?Vn$J%|^w+&tAKszFCh?Sri%ZQIX^_%80W2 zs>ze7^oD7XBSxkfr#AB7geehRpfHAJXQ#5if=f7}W}1g^ix+;e2X=Revb!`fB=fyd zv3`}68q#+~EcWHv4vSLHR#>+l|0J*q5hRp z+Y|66aONsMu>qKKZV31#mOeVh)X?B<>2w$Nr9Ujz9r5&}=`*LlZx7LKOKn&Ya9aYF zP7aB|>=D5bMZs{+SsgwqSy^-5W*6Mh8S3@VB15YsuA6_%gT1ooND%;8>-p2-DR3}u zvTlFDCAj$CZ#_6ER{8^?fFpa2QNMriFZkiz<$6uoUOY?OKN~m7B@0Q(@@o)@2J|Vm zC3+q_`~w1yb}!6G12`d8P8cA7X|*u-_q~CG1g_=FNO3>^}z-KI|&=UK<^jK2+gA(C^mtX)CVH%BWGgY2LzmpDIBc4ywfWn@y z*9v2<85(l;`(I7wYboo(Nns9hII_3EzH;x-$e>IPL83viI-MTtJmMjN@50@L~u7|?n;B^BH=NrJ}xA(KdC z#h9uX7 zsbF@P7e5X2qWxiFWsI%99P?FVwu5&lEI;@aZmU#0+dPW4U?NfAh({#m)ygX|j~)P~ zZX5ApM{a4}SYs%7DqH0FPI-ph5$vma>m*ysDygp~g-!?x)oM-5gUMHn-3HyA`3}@V zID)L&WR~LR;KuLaKtu1%Z|F#3Zg}6!g`A`=gfa_Tx-{2En?oH=(hH@|cajN#Pk&j~ z6P7%lBX2=~d%H|&<_cL*>x`;jvU09|GGavhWwh@k&HY^3134-PJ`pI!!A|$#&h?ux zWI1YFqx5lQTpXm<;!6$J&KY3l5A2yL{|xRIpSQn?Qj+M$F}vEi2bW^s_+R*ghLPE#y_{8kBr<81-Z$-wORyU*cKYZmw1Np3KlS zw>Z5KC-8i}2D=W%xZ`~j%jqq>0m2Sn8_!PY(8B(~Z&y*W*Ws}T+rS=< zO^dI(@}qnzy_*@akFNB1qxTNw;}OJUWw_ zb}uOUF@vW5^D0kVUDkt8YTadJMYbjRw%{%G4b`(mt{sr^C|uo$3*-$>fJlzx5k4tB zpT6^U@pL?&X8(_@Q*;iK!@~;JCOu-&}h-_hOImcR9G6-BfQ3SFTPw?Fa52 zCwZtMOmnx83z!9)(B(X0-&6q(iSJ}wSA2I9xK~jz?|9o1`O6ZwjZe$hW;v~W{qgI? z%R!5?F+>kq4-0^(n^8t)Rp=~gETDZ-eo=%iSD#6CxwhA5hjtq4FIEdfXkb`01H?9X zb4X!gAHx-UFbA%o_!e(=xbMi)rfN@eU3~=MF+E>5rB{dOMX=BKp<@5?q=p^IwiL&^0<@BBmwy@I7MK&UI@_jFC!a=^vnlygd{ zg;bjCll@0>Do|PZw_Q@hvP%!d3`w`C*Ux!yy6cP%5++ZtDyzM`P0VGi-5VU$ zWJMEoi?sxmBT@Tmly)y3#>VbD!p)Ec#KfVUhRH2p9nlVM_NE^FryxioafI3ON+EtnGi@;AMAPApE?p0hDo zN!+q?uA~2^eVV$+es`fGow{M#KjSF&ku520@*R`RLL+x&xItW4XYTE|W^*8)PAn~Q z8EZ0S3Ybf44U}A;-KcxK_?CSgu)jTAvR19!zjgYh=_l_8#hEQ9ZvNGo3t{P|?Dyez z>aR%tk53u7UdT>m|PqB=^Q+ZJWFTp6Z z0)(z7_p$$$T^ETOXD8rFqo#Jn<$D%ZmIio-&cFJ*`8WA$2&bQcmY>kR-N@WJ2j+5u zBfimmjp1?4lnWJ3y|QPiV|L))Zu74ovEy+!(|$Q5BcQBRtgk@Carhm~ zO}(-}Z>!@Ba-ntr8i9Xt?!-QHeGwAg_y?j>-=liA0dhbT9%Lm;lNqgcA$|#R;uSWKbrGa-hS)&gf@zjg=)NRu8z06phS9f{+gU7yiEs3|9L7vb%$s^bclY;#*I7?I z*D7{<_I!u-ZrCW0(mJXWAHHth`5N4K*@yX{><_;=^YC|rkFR(ffw9=L?YVp2n{Dqm zHf_c>sh-vC$|;WC+wIZZi3qJV^^CSn7gG{VnK`ewcvTUd0%?@(mF~W~2b5+?_G9O5 zO?s>n5ha4reuQ}M%bhSMbpLof*@Er+DW2hp&G{w0)?T5gxzaz+JcoFVX%I;d%MrWCgnbuK4|_pNUmD6 zUR)G#0aWXa8Gh!ysi_14t}~a6Ze7r?kz-#rbIAOa!9T*cH}l-G$cAxCs_lp-@lpdY zjzi{ydoT0DYB7S5N((A&WTUNFh}}PV{um13tL`wSA5SPHTkQVO;%2%~A;4(TnE%o2 zu$xrP9n|3$*1~q{Brq9}Kuo}y)*XR|)ZCmCIF#$Ve-*f>nqh=& z05@@h?FFU50Ey{fc)j5UGf8T%sMazw zbIB=G3kKR6pL+@Ze$HMitnRU$FD?XgKM)OUS}E2gFrslQZCy4LK-7BgkuXc)lDr}g zC8!)JRq5w|X*dO~6YQO6NJ4Y&g1EoZ>DZK)i~& z=@E_l8)E&{l%f4M)U#tUhsSQ5;0MildNX=heiqTMy0jzxvPISLoc5v`BgO?+unB%TUWmdsVns7ED#Y@dWGhSoSB#E! zL>PM-7{)=aNgV({x#=%n@PgucUJSnhMkZmSd*X{KX?ykhGI{B3oLj4ofib; zj1WKTeEo+UxDJVHj1K^9gqDl`W-}=i-i|91%9qp><3|xyikVF?aK&3CA>_Z#h^bux z%5e8{=VSM0?|MDnpEBzHcN`eBuK#hM2*fHJos80P^<*xW} z4f%0SLE@P+o42&210&P{dL%|hZ)Be60k(JYT~?V0;Qd;`3$%g&F+wJO-*do%c@Za$ z?}M}lEYl%PKQ4O$R*8bclP&Lk^zSeE8NdOBnxBBGy%2k3!%UyiVRpc{;zRB}vz4SU z!I)RUQ_z9x*>J$?B~D7W=0Le5?56Jf>y%QBLs2`S@%}+b5s$_DDMkQql0sH_ZVwZ( zJ@2xJHq(g(bT&70+2$<_Er=qWadGVTLIO-R$A@||fJm|5{SkX&s zd_;pNWU@0ioO#Vd&FOlKPV(44fruG2qrr&PUpmVY2hB7^H|K6N2VMZgD0;2ic)Roz zipXSfU0Nb&PIL@E&WpcL8X?{F0q^cFOho~t#gJYMpQ25flm8-1hj^Ks-q2)311+`p z&q9843B-+A&&faGStC-j*oV@|tiVe+sUdmKP9#ZGNeMrywWmcc)?8WqN-d5~%axle z`CFQ8CxG~XbFrA)UAFVQh8ep!m||DlCuZ^PwiGY+Jv7zWMDQc*o3bU?xC`)HSN_AE zQ{m0;!sOZ_-)%B~-MsW21uz7 z^-IOM{KtjRzBFiab-R2#w9YB>QU%SHeH?8wr1|-l3-?ptZ5UN(BS`s7MZ{9RXb~Nn z1M8OVu!d73gU(k6V}5>E9vTl?BHY1u9>iDxr}=)!TpO52<5^&$A10X=e_;UhIyFd1 z#xw(6Py!8NRn9&2Y+apIs-pG7vv7V!m`@wiUSKs$J(fR`R$5iA;Ko|j2IbMX%m0K+k zkMkvE9YUoP6y`s^bcAEe$bBqws6OR#lVFTBBkBFci!sdv<;;+Uo{)$N$O^2tbKqvS z5#&-uY^aH)ptHn}vCsQOgk3}E1KR%bBKR=M zQL=#n`LS|Zjg|)KNjqev<2(4;jlG;&m*Tx$SI-f)&7MaJs=U8zBwwGd`SZGgIv{R| z8bNo+x7EOg0anPAE1vGle*if$8tKbzX;i1o%%u`IlUco_%m<^u1ZwVwr2^t{yBT(= zh(hSh&6Q?bZxjJ#BvYMi-GdGV#FlXO*M=baxbRuS?v$p|#O=Z=Fv(!TCLr%emW2m}dG{i>MUj zH~_MTinGSHZ;GbNBmgZ37@>f_yC=ubkNp_dXD{k{uG6|q^A0sP!u(i8Lrg0>5Kf%gJdLn*puWA- zTzos4nI?(`(gMpfs^ML3)X8T3)3L1B1kb0>jKIjrq))iy!64|_PmoV%kihJV8kb$= z{cWu{M6I6&o>c@vrEbBu=8DY%vH!L$(^xkE)kQ~^nEk80Evaf_!M>9c&_IosR+`fi zeukX^cI_Wu84HJ&D$x8;OHjUW=!b_b*PcofI>t4lDzbFo+oeLml+{|hx2ia>eYMp6 zR>+7;Uj;QAAKbOP8NFhlCBLtHJZN$%Ug4n^nN;wk6UvZdPy%!WLzGUP%?sPE0h@1g zX+Ki?`R;=C9+5333WjS`>YH8yf_Ht(<;0)WXXd2(EZ@hTQQB}8ObIhEkHmjUnQ3}8 zC9P>_o5bl2W%}2*Q?{sxU*3S%Fq?LfI0XTfk-oc>ACueFY)KlZ(wQcWNUBY z?~~!w)Q_y*;HGr`qsxf*YLC$(R%=D#(h*(ornBKavB&5p{M8l|SF2cZpR3~+z>&oz zvm&VktWQx1LB+Y)aP%&E#TUlRXO8`lo>NB=lbw5p_}(0%wFMh~Qp~9Ds4#M=dir#; zlfkTAy8qFPhyuq9mzTB-x+zTNLqAPu9VwuAXNxk#J4ZQr8!p27N4Oi~gE}yy;r<&F z16evZ6S60{V)v$h>DwyNiDipt!YNf>?>Uq>8TCnC&t*X!qJ70)g`X<)+57q9S0tSix36pY-OM?V*!uvV(@7m` zfR~7l+7_e2CU0_~f}-d$k(5$g{T92Pdeb*J!pZ1=M>tE4p2T}GcG{-(RhZ{H*)|-e z)k)=i%?RxNCpKo}2aOIhlKM93Nj>bfQ9}=rlmf4M|9j)#brN#r98HRy^8f+MLzv1! zcUk_rJ(l)|r)B4RWv|2|Puf?QoAe5(v7>Q%*u_#QchY5Qd}Qr|0uG&Y_@-&G^VWw? zS{#T%MHG|CMfTxTQbDghL&`g|7P*j|&P#|Aq~!PM34cwM2>IktCIE4;~e6rs%Qh^INvb#YSG}AsH%(W z6w_(Ys=?yZ){2w#MA?$W09TiTFq8OOE!OYxuR4CjrDW>#J8?A$S%O0eS*ZRq%1T*} zct~)PMyXpFsZ637zlN8nP}E(#R!?^dg=Nfy*i}5=Sq(+`jd~NmqqO^wnuS-77r(0c zmX8g{w_Ve`ZqGUN8=sajQRAMMY<9mOKR%FMCEob>&wvlhK71ik88gp z9Y5l@%sUkLPJ?yc2Yw{5qVmcjh7gOaf0G8f_`h2or@VYwKa5BP5ImEq=PJETd(M`^b$1iK!8ZEmC-K1C!`6mXRY+VHEtm;`ILlJ@Y$TYeql{9DlAWIZZ#}dj7jPE}Mu&fXGslva^=mN2~OT99j zo}q|%=dm0620>S}5cK^x%*m*pS6XY|J~9}@*eLoRm3e-D_4{HF@>;ghb+mxKnbM4I zd-TctR}_X+QRzB9e=Q+a4Uw&khDL~*te!}`1ms}je|aU;N#f(l&t}Bz4=XlQI4AvL zw*B4(I)Cvy)v8+%)I6^qMtj7-=#esZ_`Mbpd`9fkDt^6$ZG|=+UIhJBVCZd(2CJLD z{1*wWz|XsX^R$^UE}e-1WkvR{Y`;qnCB86sKo1IKexzFU32J;GMuQH9aT-$_@9y5S z?Y3hovdgG>OR$>(b~4#V%xecY4TwW<5oeJ+ z0FwliH=I%at6DVZE`V;zSUhwdYf*0fy-w}OsUQR1z*N)(MY1&W>ZN~UHC zyfNJ3ZHtZ&^C03{i*+sZnp0@q`rVhCFA6h{4R9lCOT2SO-px%o@nRjJLZ2|#mibf? zPcJ!DZ-rBn*jR8%`lXu?F6n)X4TNDVv)?Oi>=E=zx_&?gt=r93omga9EywW^51-3- zqTD!j0eazNK%ASBZ2k54>Wyc>IgUl$cTW6e4NP*Oa+?cIX}=8WJ8lnlO2Y+imMxo+ zZaq0gq8{{Wcg$5_qP)zQf4_7w&2vqHTPP*$d`G7m@i7#IM24=N2bNde#W&*f;hnLT z(fq-eM>~w5kjdU57kCsxPDa?sR-EZ)h&-$(&(i7O0($+J@H3D&5C(UFb{3`)>X<2$ zCgtfEKP>SN3#E(++xE*_w#vCQe*FeNGawhpnQ>i~(SvTJ!PY2o4#i4ZtN-(y9WNML z7C2GonrLyE2D>QMJ#;!ifL``%fDX;qE-xn8MgH|VoJrm9+7Q%?VR}zvD8+ z_~zT2n)7C?gYJWOpU$arWYy>zi_{#Z#mp~loF%-m4Q}x2Vk7-bSrOruw^RNPXz~bB z0NQs39@fENt{B*NQ#^=2nqVIeGZT2kIu!MM^0=^8i6ar>r$=ed2}f7B08u&p*3jUvWQ?{R{^b006_5+W+p<%uN8x_Uj*1L`>0 zzlTu)H-`6Z*(Kyl;<>Jbo|ky1)FMLOwEV8&BbVLbu_4mN(*<>ct_nI*e@b->)AQLR zoGGe7X}806#t1)v>;9useVCRJK>h2Rs=p-L%G{UeYlr#Q{a~Ce>#Rd@YW{17>J(qr zmw-1izeKA)wGj|s>c%wZlr|UnyZQ|Ne5`4wO`4H+o?yNrD>bpCwORrqF>ZVh&Jt)s9Hq}{U)?E`-0!61~)XQL6PRQ^W6k)Qj=zKQe*r<;R%#Rg0) zB~Q5o5G^SV4;wXhr-_Km6BZ(hwf^qmS2ok8VpL5mH7RAGWrU!vmON_vwA9x{>>!ap zB_!6MN@uL4mvRHfl(K}=$He}tKA?Sf7R1_gI0n1*`aBSS&NRKmZ3TKVim4=W>z+Q0 zuyt$v&}y1sHTLd=&XAC$y<8&p{#m6jXXoD4QDm;bUCCIs6$gYwaZ)!#6W+u{XxGV+ zA5f!j#bmawmLL&s@pDQ)%~&ZwW4Ar^RuQPT>ivO|abg+`ObT>XYf@<~tYGWF<-JB@ z-Y#vF?cAl_Z3A+ra}r1&&-L>xyQ_^{)GmCm?G_o*ec3|~;0F|&kwQFHNc zElSz$*cAP^bS_eK>+N$q)5s@jt<2RE%*3C_gymPG=4z;xH%zwvyPDP-;I4eYq>DE z{W0sqMCKqBX+th3eomvsXXkEns%;8kO01(a@r`b!kqQ%gRg5V$Pt}jrVHp=8s;_|B zFQxxEaTq0(O1|;FnFr$s?~Oe=%C5e{!@e8;cHq6y$@x0>N$8A_n+-2vX6SBFK-|ig zc6cpivh4P>l`XdZWMX|`Ba?hnG*UZKafzqr|MCj5wc z0K4RHQ|PNm=?O^uAsEfTo(DZZo%`97%MP__mobOheL}Y$5)3^+(k8E z{y*ifi4T_7h)H$Rsx^=3-M$D7xyaD}#`{B4-I$4Dx(14CjG$?C##qZV5)!8HY58l$ zGQ>;p2p1d}A5*O>xs11j;~X=W{r9)!SNgBkLDw%(JyJdv*AZJ$fxOPn#MUev$8Myvpg$O~^On&0EOiXmZRo%^Q-Kk+1`VO)eg zX-fX9=oT$CqaD?@bbZ@@3n+l_C=TtE{~c{$XEaQF>3=U)7HMyOak{s~}Ol_bW^o%cW?@g3uc&_t9-kA1|Q=-+sFJPUOrY^6QS+MmsJuX>t=Zmer zjOTzA=ISq-jE|khi5zNqId!^WFOmvq^5KIW-Ly=DDqa_qq?D5x`CheEQ`LE{(bw3Z zT2#8w<)3NaRazag5QqI1aOf&8>~u!(kZqu25k4cgN{58gE=h2$m=?Y^E>dAip@I3J z4aexJ0xVSQL)^C8=A_%myIWqYt^b|stge-g%;#RQD^;H64eunJmllq`yOm+N0HrJqp};VrNk(sNecUf(O#^|TFzemeMIxclj+l>+vZv$oL* zP72z;UtnBbdZ3B@a5^oOZYDRjrWAQx_cqG{f)q&14AFt) z8|#d&CtG+GY<+$1lG!=TnRi8ZZ-+diY|KvQrVNe6|9!CcN~JPWCSE+6yXbCdBTTX# z7#}FTx^c5mP#uI726O$--wDhmW@H?#6Dr>FG%lQJY<&V1*pY;XJ{e|fjaeidJr)wG z|D7Cy_y7=9F?g71)uS;fVDR^x$E~^nZ|^MWof>h|i5DY(qJuBV$o|jo{_lVO_XPg; z1pfB~{`Um_Upj#ihA8Ni`tO5X7wgo!rFk@Kd-2WQ>hs{hpZ$%iYfN?-H@BV)?=^OA z-(8v#SM=R(aQAfM{QvC^GNPh%ZJqFDbxe<8Xk5<4+PoyyN%@BWKv+8a>xBBq@Qon8 z(kXDP{?9^dZhk?Pm(R`w*F(=vmIYhum%Me{Bv_SSV`4sEB8H8zG8ATx|BtNq4y1bj zAID#EOSi$Tl!no*6HY`)Ib=1&F~dbdlyD_`b>j&qKicLACz@8fCzmts`$LRkW5fi949#}$@%pNAM7-(_$$!x%X;^@texWenY>EfeBrAjzW`6-#$}~2lyK)0`beM01uT> z;j6y}D3p{5PZ9vI)eLK#q?p}niQ#Sf1r^sLb7VFA|D`^Wn3sfLS^I&9VPe=u#QG z{Jj0rG1;VMaDaqZS9yM|>EP*(K8We^E}p9NgRa(WlRPIkyB-XK8RSTf@Sq1gpu8_z zCEt-cjea$^$n!soC&E_{SxFQKiB$S6EZcA7)%{-JGw{H4!xIwf*x z^0Q=%3ES13()*w9KlLwGg16dlx|gZdPlXiAE$LBKT5YJki6|Sk&_TXx2u;1%YQY0^+2mt|o_x9xdpvEWg@ea< z8Qr^i^kZV9co)x9hKnNGsO1mse_>Vn*0L7yWXXM)voUM+&tG$vz<>}f9p-osk=>%wr7`$kIDT?s^2*m_Q&mWQ4gna@E z2_+rOyb`JK3c@?+iS}Qe;c(m}lB*vNq$4x6q~eAD^Vc6hyw5YQjVT{SFyBB_uC=Lo zs&DS*+8dN+96s8?1F#c5@>i!y$cJx7!0 zF^K~Igem<-%)+Tm%`6GG#?T!psQ)Uq_-MDTDgrOm=1+V%knw9bUXCbUb@-hRK%A$& zMx-V0Z>>#0>{2xpoL3^>7DoyKcwjpdfvy}i1~IXMBtg43Y71;F9?O>NtGty1ARV5r zFkA^p;s~-(xCOJ;6WeduM4S*;nKE7vsIgj9OAi#qccN(OUuCQtVXtP&HtUjszeTsl z|D7ouvV0m><23USEyFEtc(_46$?~r_5tgYTn1`csx8DHlHs-{lvy+bCyf_t8=DzTb zF(7f0+*~~9BZ}aNDD%oFmTHJPqbg`hq_T%-*v?yN|8WCor={Wj@xYNX0vn>=g5u-W z6kJIGY>)yWH2-t5mJM${SQOL!UWiVVF^@X1AhEN+aU^(2eQau_PY}+d{UHhxd+5IqeCMu-ogOiLDA(k7USNECu(WjB4-){v>0NZ{uHo}) zlB}dY@OWE>A++ekZU{qWKvGVDqzoK_F|X4R7bQ8WgS8R;#KLlIRB{}13Ax$P* z6PP%|+>*{yV7kBbnI)-^yBU;%O_PbNMZBnrf|-H&C^R`=QxSGR{sNzpeZ%KP=uJK_x-&LMp>u>O3E zFgLKwtOsLPl+oGU1dp2g7Q2wJXV#>Z(>*O>N-cZm0!qJgF=i}y0UY-YSUuO_LhGp$ zTPWKFOYu2jl%3Ih1Oh;BU~1*V(G3bT{L*E(e%v7UFmljO7XWC^xA0DwB{oKyoxD>b=P?bzyMQJ=%BnI0H2@{U**q1#Hy8gBP?WI|?y+ zVqYZY$QidU5WfU;jKkh)KWzM-f&Q-gljWnKob7QH(jXgm8TwiVz4LAq3_r=$(ePF; zIlfSitY~Lt72Nj|wU*-P-@pw?@KFfEe_DsSsxcLHb&IJ$1%Mr!g>b z886`&6g;$wtjV)&6YGB`& z|Fi5^I1xgr30B+o1&)V*$kF7$$Dk5TU<2?@Du9yq+7vnaX^iJV1!t>Blr-T{RQhtW z1%MB_=SmCL0zCx24Bq}$2ssi`G4P4_z76)BM@6y{jbpmCt2nkbi{V3hzD25#PwDAw zfUjGqy^V!fv^cP{Y)zAVO72?#fz$%PvIf{F8`0-N3W9;y%;4NB;;gZDi)esZynKb_ zm0}CQYLiaZ@Lf^;Pccx2Q~K3h2(W0#N5I5;f&M_{TR#wu{sz&kc!feeSCN3>GBZqM zwyoU@sD@!9G2*5Og=IA_y-Z;XGM3ri$A*o%;A=^v4NrJ(hTc%pz;}YuW=6)wA|qE` zfRr};pq=4;UWrDdMWug3`7PRr=5T?NJz`_sf8Mh|xO1uLs2e*KqXvqxYXhxDE->8M zk$EapcW0I5`a4+evC1RNlV3!C=2=>9;Pv!w_rOSac9gihJdo%41Lz!T!~^erbY`!{ zpzykB7!&(>V+W^yhbmaaDWQE<_$K_h!7)nj@#KF(4UREwo3lot_XS_b6`Egc+cCJU zpFrXOz;*dDXw66x#yo&ugWAoJE1F}=!ZQ!;%Xq~D2fu(R2PqZ$?vMmqnjD4W__g2; zU5=33ck*EBGN{)hiH28yv|qc|X!&jF65N_gYmPu6gpfWC{OP?^2gltlFx28hnXZ+_ zGA(;eRE`lyi)J1c&&#YUR^IPk+hudM2n4>&XEnIl+xXyl)X3cc2YUPTt}D}(buIX{ z@$YqFi>_k%Z=$DI?fk>~Q`0(TdDiRR@Ce6$VqKGn4VH5I1N2MKXxu%LBx)2YZY~H) z`dBmUoBAyy1B!|)r)3JVVoN7lj9f5jjlMc(P5%t6$xpJxap2 z5Fp7&-;pfW$Wl2+y1f>XU#r!UuafE8m50)wpRZnw{eho%Js`HPEmk*}PkMM*O4xM` zDe-w%_~+gD`wWR3x5K?RLJY1pag;XvZT?FZb*&t!m4{OpZ0gGL(Q`VYEuPmPkzIT0 zj+8>0LtCEJ#{N$$uR8gz2VV(pElKt0X24>`OyQXl~M|aEQ z>|3M{TF2X1eL}H+7JWMaZM*7$%BYwW(!qZroZ8u3IJ~`Orc2=8_u|yvOJts<@mu^J zCs|gG!nq#h0WYULn+W%!DNd^tu{pEIGLHA|GZuMQAG$_Yg#6s`)8ol834iJ>@rk$V zBJlp>gkWS!#vuV>}FTK?8qwpaVl zEzetuH$3n-@X-EED;#8F%zadO!owB1`Tv6pt0Gv1WZH}k4rNwygW4|*I?mng_a8B< z5}v1^e~$QP3P&xUo9(hTOex|hfll4igGB^*(Z!Q5Tshas?aui!YVrRwAD1I)~C+fT6+oBF|hisSMN_aA1nh? zVLf|SpHWOw8c}Ap^e?l0n`n{;>1!8}$=oP1FMRCVKeuEx(9a$Dbnn6@odg!}O6NjFZVoPW65?qr2wjBW|Cx?AQJs``d zKR61&i{)LE#vk9ahCejS(VXw+zRz->MN48@y@Lot6u}+jAd6xWsgh!W+gc>uCKlYM zYp#`%0j^nrlFIqs60Q{Ftw4L7A5SsK0J8T{cjm?Nba=5f*aN{$u&N_*>$zXkti zB9?mVmL-L~fqAPFUe+fs+>aH%FK>2e6A8%3HC1&~1Nk5AVW#H`xa8>o)(Fuq*>1qAnfw%}T z(0PL&oclD(XKn+)!SkERQ@uo|@FN?>3}T}LdNV69O7Zs0TE1`)rw%Or58wv8$h5TD zrC-E^w0{8+BUyO?|D+9|u$~&cZ2GUTRdnAn#=?3QBWT>F%>V&1hI&Mi7!K0GHv>y* zrH3XTtV}d=RR6cRyzcc}XW>ef#Gi+WU1K<}D6U!kJ*TwmZ*M)Jea&>M$yIT|+$~01 z!(Lns+aGs>>GszDw22bO2K&Ozo6RQtLR4&DJrxRXn7;DI`E5^Dzt{TBE-l03AF&+A za9o};&Ccnmk$I_+@?W+{oeK<_YOiQ=xG%JU9>n9r>%xTjwI%B{k1etFY9z@?TN&{L zOjhuQv_J}y#E#)^jLvqgtg?6Zrdnl^B-f^*2Qg3LB{ztj!uFTrS+$&?59&Ac*K4}e zh5}te`kt$e1fKJq+N9bpv+wP;ceB<9tW)MXvy$Im1Yf3HnnU%wNTuH_`=t$FeYz{b zd18^@r&pt?=4niOm+Hd46-SbN>|VYsm8p}JCR$<{n;9|rceP}SE9W+9u8~2hx6&jP~mG4dTGPSD&aWi6T3@oxcfJPmPE~* zKi*Dy2(I%6mfcYChKp1b|FI4`K`>$G+nCH2{yvDmsT9ASN?ufwuT3n>VsQ-bvn|c3 zJ3xv$LCB9_?aD}g@3RRR|JqBx$=_Og!*R04{j!!=ZjfV!lKI5$z3u-%rA%v(9tT1rhHodh5q*}r93LDxxyrNRr2M;uKhiv;6Gy<3E#MT#@c_Kvf<+M6pYjsE}+nw0$(Xc_s)lCk#z4Vd*sI2I$ zk*ino8(#&~vHnGeboN#+3B>7c%F&mM?m@hC zdh&Z``0m)IC|F4CpI^IXZsnay1}E$p&y!`Z3lSKUwq)R2`(M!94YU5}>dSS7?$7#6 zsuEAP=9!Rm@R_M(^9>6f$>vJ?Ibl#mJnoX18aY1Kqa4vz$MOP52bi2m;l zu?Xz$vk?j;?mM^s#qe50TSBT8T$HBRpy)Yu=)MQ%8)RB&8V)H*ffUC zdiw2ySeqF51QyD-N!#65Ru&V=;zXShpm9y!S_8Zn7f|;9Z!4)2XB~Xvm^wO20*4R z*q!6@zp}wHl;>ex1H#xEM_Jk;?ft$Gvrqg&&aqA8xLDanmL-a|?ActV)CILEt8-kX zFz4XrcH&ajifas)BBRJ=2Kp|ierLTC4!1c01U7{sQS%KT3Uf#)UW{AYF?ZpMp+*FC zjH4Y_Srl|G!e+Z=Ro{CZDjq#4NNap1=eXA7cdV*6)nqK$H0L_aGZ!dK9nEjg-Fe}( zg5C4J-n$ZRK+Sx|7)~(~moSjO>ZfSWrA_0a_b3-p7+lm$_1gSQsk3WN_+-s2Y+Wr- z60aNjySFHQ%H$06sEjP6&OVrf4sv$>4Y4 z#ETVlG5LQY8T`HW%IJIZ;U3#^n^#2U5h% z%u!$i1#N#d)vO44u3I0wz)cltu)x8QqQz$KBzp>~AI61yq@95f?;&q%?f(&zjfo8+=9H2r>`Fz&?Jg z8mvE0Y0`Q;OKA&mSBI!_n z2gjS9H{R}oF zQuz=w^vWdNieZp;hkyjcd3Mz1PlTP#UuX}<5cqs*T|xUc8LU5VX#eScF_w>Thdr^IcSog=aR$YGAG3J5AYKQuAKtKPf3&T!h>M&mjY#`J+ zXL+zS(E}W_xJv55T2*LXVTDX5KaN(%K^ay3*R}`aLsS*R=x+>7G^!EX5hRv*747u`3|02 zsRlI~RrVPHcH=Vg!ncS1YLNmhF;%*L-Q3^WeUk0Afk29Jh={utFN4U5qk8jy)RH8t zZP_Muc?tSWHSgq0T4J+=p_)Fvk$dfPOLzmPjKp^REA}CcaN`SaWzv8QeaVzMy)2_u zDU;Op?kk<6=S_Ar2iFlhJvvL3M4n$UJC#NzOq|V;RO`U7#hh*2 zurEq2rL@K*E3MUWOUkyHv9Znh%X zLGkT{qNR$qnVzwA<8UnwO2=!T1+GQ(ma=%aeAzMR0I34spNx1F#pi}~`URy!#b-&M z*rYOtO?e;PbhC<0nYlfb43;yS$6WA=fqy$lSJ0fA$yRT%hqKh4p*C{$?BiPuLP`K7 zSpnkDkrZ&oW>5%~hOZ8~yd8ANugRZOgeOtW)E=Qm>K4c}mMa+0dvzboNU>gx5xMj4 zG8hkc5_AV;TDnezE5zsKiM&xa_qXH}EXQ|VZ9G6qMCE%^-B=ymcz`xs;%sw9S6~$1 zA%!~vLV$vkk5oN7J)f{DhprkQ`KXyBp65t8nE1p%DsbCMi)8YKaV3=-b8=o!x$S$f zyjI8OkM)&xs~1UXq@i><*l7Nw@0xtbz4zp|i>+ksf?K3JIT5Uej$JVQ^Qa=CwrQW^yF9j%ljp>|5gQi=$Dy$CC4=NOQY z`FLqw!hwf{?gw4l3yOG-zyNM~S)W|Aog6i|5=9fZ`hHNqhe#o!AwKHoN`j?NJ zZ>+uLlXuwp7OmV=D{gCQFt+AZ0CN?t(t>6G!i)1JOYM39A4(wl1_ z3|wx&w(@QQb1X~zw@bq*)(|coHF@5rrKm~X&se1mM{?C{`Q^)664U3-;-^&iM$g8j zM$&tEo!Dx)*TgjfSgF|yCN>OjHszg&8ie~X?J-s8}GuPv)SQJj^~ z;87~A%k1nN+^3=?X3u~M<>wi#vHz}r`TjKPB^$n+G?Z9Dy=b79AX@Q)4Ht;9HZ~Aw zhZ^Nbj80p72g74?XmoklXN~7=z#UdgBNwv2e_NIZP_arKHl=cjQFX;<_+}+5y+(|l z9E*CaUiG0I#ri0i{rebdoih}4JosV4z%415tc26f_tLjYt+a$?y&Q`e?Fn8B&=-H5 zYV{ox03X0jn|mL)!Wo*p2-dcs*^De@Mw*c50Yi8NRUj(C7d(vjEF7Fr8F!vk%rHx` z;9Ip-6zF`rJL$USn~=$SB% zeE;a-#PrDGXWQ>M;ese4jdS& zmU}-P6r4e^dX1&(8EQG^{=p!@do3y;^^VTmEWqtjnGeg{U!@M5IKfso6iL?_AT9zOW`+(pB#G}8t#Q= zwYzA$7)z}VqwXt3^{HlazQ>I$YpD$sx7UIh3cijXtoqMNZw!Zen3oWkE`e*U{Q~(h z!KF9vfE79VZp&P<3O2p;RVl-$TD!Z7o6Ev#_IGEl-P+fBvDB&p+pn!UVsXjbUz(@j zDmbM+qDEN!!{0@-lm&B-R!W|i;DQM`RmkAPJ(har^_CrYn}CsOR9RMAM_-! z`00Q&r{WPR!w|#WZqCZNJPo45=f_dQ7M=u)206Co_phCLKLEPlt#QLHFH9`vi#Yt3du&PORZMV#dXq|IUnK-$j+=DN$ey(M zBOz!Db#OMr^DjsH69?#gzC>BlVl@)_$14mL*g4WGa|R|XeN3PtEYV+h!;{jj9pBQ? zFFSa>tm?&IjtOP82_{1GuMN?Kl&IG-fV`iGM>yZp_{-xqXPfAg8+}g(IMh zCvhU)^WdNgKwsPhes8qBZc|O8`-;4xeN+Qe-F20rJYABE{vUMxpS_bhn^u;j9PE|3 z;LUWLM@riEH4DY0s z1CixJu{1?%^Q^ZV17S~xs+&5wyo&Y{i^TiSbJARn?jDLx!vNOL?xS0Hlu2-5dxL!J z%q9;CuimL@zZLLjou{a7zvZ{G~Ink;tS0e?V|cDSN`3?=|#)8>~Nriv?EXGHQY<= zxXSKdDPj_@E#T|LWn8PVbkw1ulfKIYzgK2>p+qKmR5~j@sC`Jcf@S5?{RCtE?3jIQ z66Z?)A(e4j+`P*6p+znTF5PDNj3>36ab)$cfdh={adg3idpx@>yDNde!aO_V&5?>| zwpU|?N~}2%=hP#-+PFnoP~4kS)X9od@>*hN85(b-mdrn|S7n?9662UDxLXI_zYUO~ z@gkN*wZ1c zY9A1&dE3Dj?-eG&k`jj^Vc;5{ISnSn(i<|FF5GhBs(O(cVS10__f;gdPX4PJcK?;($fVeD%x} zWsz}~G4$@#~EMCJ9vHd6;SaO~1|Lw!uJQsLOdWj~A> z`+$VI^72ui+A#3{7V544ZQvZ4qby6B40BQj{Y(BK_s&)(nNIe_QZfzV)lZbkm! zmyRJ4pH_!H*V5B#5nikM`VkT=ZsyN5;)?8;=vEEqKk=L^uR(ys_`aB~AUorENkjjh zH#ukFIwW?*oORCm4-f7dlWwXheoY~KlcQUMQIfDjJx%;?V@WFEA?NnV4F(Wsh7%V*FWd z=cIe7qAcFx{4xPA?I{7L;u+9x_loBn`9M=3FLWy2wO||1i5H{Z2zja;==KNe=UyP9 z_ReDrTA(=dSG}!$jop_s5I@vmJ87IAKjw?>(W(C_@W^|fxY&xX;@wu8&<473J*}i$ z@!dDxxuU|B#6}u=;tf)RHvUCt*00I6O!Kcc@EH{}+v{hB_jp=y@K$Jywxd1vQ75+m zWO#zE@CkzYZA}tWFlQw@Qardd2Z^x-^$Jt+iVv**q(=jB+(6ydSQ8LUMkxodjr|AW zhh}Z34M;v1i5K=;|4I@c8u*wA`>(r^{KVIz_ck{Txl4F;R@R=AN!@_jmWn!>qw>Vl zVbnqqrgBBf6v8FMo^6{53}H|Z@#eK4FE4Y=a;aJILM0tTw{NRv*XO1anQ3OBhZCjLZ!D9?dxNimw<>gf=j?dp6xHX2k@%658ku6?_C9DJ&XZ-{4^TVO zDOkB2w55Y#QP`ki=Vuzvmi2>}$v;k3YIzx>wQ_d1)jL%nWzgGM}9ROSb0iq4$rE+Y|#WJ=TGpv9fO9L`@ zCtT#=*i-c;8fdP;J^}51@!K4lXr%j5ohN`6zuE_(3;U)fF;#O`|6by{goonR*0TPk zfgU!Qr!<*Oc?qU$ZxE>+o!gP_KHxbcL7B00YC}RnhP<*3l-VTbLY;Y<~!)@xM`r9%meYb@ZOoWgA!l2(l~DF$bX_N6^;`;5by50 z1n-m8ivMsOia7WAw`)QiNMCnZDkzYQQBq&DOK64{d<7>E2PhtR-hpX~Zc()Zbd^brX`lE^Dh@c8Nki5O#pQcF#$aH|yvKi$(tvIE=mj$&m(@Kk9 zDcX1Uoxz7o3=S|2C77h!(yS$%xM8|M^oK_$a9jPtgeqFnhTdBUVkfVXvMl#*tVW3mE$gRx%TMfl!idC>0_PCNrQYVcc1v|Cvywhigaz_8v0>$|tK;6O?*q%7<*-5IFIqSlg-vG@=7=2oui{WTM zR4E{4!Yw`3V4iFZr$#rOqP+B2IYeD@no zchIZ^iVnD9>Q!W|#y(=(-^OH48RyQ$gGnQo$q?}|H|)9({miUfZf07$A*x?QlIgOS z&#L6`cxX_?ldF4~tjrHI_AeAp*U?D)tCuv}Vf6^+Jlo?l4Jv=g4uAp|$%2SBO%Ot` zO=(9Ua5dumrQAV0&tBRk9Gn=Tlq7C+gfHP@6OVG;l zWbm*=+{v|b#O&{mfkggn!S8w!GP*S`*8{-wm|x_&22&C=4yVw}v+hT7p!gU&taofl zu5=fwVp@4(Qsq!s$luySsJh$yUKetY+2iA2(`5VY`zlw}2fhcg7GF~X=zmV*ChylV zyv`vxc8+@kU5TTRaeoI(cI(WEn9Zi4V&3_ZIcsZwO;a@nm}wzXPSIz~9ZX+aTJL2D z8u5Ko4g`~r4bFD8Q+%=8X&s2+m!gnDr_mpAe`6SAoRRjkdL#o z?;n;uN%7YQC^@-GFZ27*RNOS9UvxnX-(tt^gOupkc&K-*IH`k9+0ELl_kb5Gpi_67 z!j$cb66{!=H3wF2ytV9nrI#`G!^s+^Wl6%*X1=Vm=16<>G3`PcFLuFFE3g6YS4bLR z%&nmb;nH%0b&lG(+_k8{^6!rZgtFT1jr>rhO|%S4QGOAr+fTErQYxyn;+PqNMr}|k zO_y!(?HS8*4fx(s1g$8Tg5wB!Uj|Hltgy7?8BRz$a|>4kFTsS&=_<{3^TXZd%i*YX z8P@qHkXk+88}+KM5OhHD?*2l5y$p4?G|CjlJ_y%owQ!+)_N}hcd^c)ba47nD8ZRV@ zvN-hjIfXQA=fN`@@g4XUG&G<{bCK#*Kz~Kmh!*10^|z7}RHneYQc|}ePWSS|2CGni zvSLmZTf<}^QMvoJi2$Wj$SN0GUqe@5-miq1lyk6^PZPH|)C-!B^#yjYI+PYa2ELjq zNR9mVszg)KURKANHRIma)+_=^MnlnICk_7;t90+}${LDxX6htnvSoPR&oc*1hdLG; z?=~}YF@pxPc`_c>z**lP*a>%wZN>e2UX1U{DS94u9?b~jJyak=abnBN2a_s^W^H!P z1xX2CbY4^%8@p8i{ba_jYd(@SDc3Qm8t&NNkt2FIDDH|)OfeOou^0jFk zAU^)^cdF6{<9KEegYyl}K%xs}YisZfTDPe}eFZU{%q=tOk!TXLPVQnwZ7x8lyb<(I zz-+W;1oM)Uh@>C%G{}9jmnJ;;`uxDOsFXb^TUVpmd|C+YQEI=Z+ah9*-3X<*#7^vpFg;Xs|td%glR5F9&pr+acJr z>x1!eEQ4lgy7S{hDW6Y(l(&sO9m}^Ubv2%OW^%xdo4%yED|l9%x+O^`<=Uekf7iCq zpjF|+l5+Y1*ciC-$aW~kPGqXrtLFcLYLsj_MLQ%sMLAT@_aE-)vJBIXvNW*rquyNr zH-eK|X;0FKvEQfn$EWeHml{ zdeT_t`ArPr007H>bekt*ZOx_pl`1{9OhgRGpC0yRLA#*AIe;12n(wTM5b&jH?;QyR zY^{L;bNAmhx!5ms!nJ8{K4Ml5l(!He2SV>5|IlP%=iTO2R~tovD40uA;-$Z4#Lzx- zgtKIEDRN7!p99_ATe2`9Mc&aQF?VNu52~~ajgK1~Tvbmu?Z^*|puszZ@Q;)dwhlr? zHX;YGa%34zMFtH)pxWy*Ch4e{KZ%oKseghn?EOicWbt4S+t$|_%aSs;01KK{hOLP>))ftik>zudr(^DyhGj3x6m;8mAYEtcT#_uRMCsa$g4NBsb|fXJk9YE@7)9vyE8pP8!p!UlM^9Bc zhfb92o8mVaZilmM1xX*5S_XqN=~PtlAytc568Z6@w(6k7dqAg)O;yE#BynP!J9D>5 zm0A@O#o#q6`p!H>)$P#pS+>xC-0)*!Av-9Yg2wv=Qk+L8u{#!*?a*MMCabJDYxf-A z&~(sLRG=s#W4xzv2)YqjZ>;~Zh)cqV`D>*i-u2}$-Lym>8h9BQ#Z7mAWsw5DYahKL zrErL48RYxD$?`jlu2M_4eIay7;zYb1gL8b}?BB|F-*QT#vJf-Z^YC_N11H5@tu-O2 zCo1qfQk1QXtzQklV|5r6CKI{J&zXl_%R!D(Xou>;jgPRszm2Q(_rmsKrEJw8(+bp@ zZ9LtsPbJet-NZR6&q@qtv1RG!^^-{S*JNckGW%9Ok5Rh=!0{i03eQ2;(Wnn7@{U7S zKFds%1iv>Z;%!K%jU73g8k_QIH-@>M5Q^;&)@Cn=IaI1*$LkYqVO-Vj2|D54_!Vii zq-1{K(QgP`RlB})HtC8O2P$Z3S(RE-*lqGBrkNT^ll|07>=RuT-(>K&g;De1#3Qf{ zjKuh6L3kuF$+CR5&sE6(1MNEVp2I@Bf;z}Flwtzg<=s(WTVfvrPv<##?gH|CaPT}3 zyOXmWPlnnU?79BTG-ff&FO+fR->jR=x;12; zWenhrhL9^zs z?7_|8_Wi*NAX|-|sMBoDV}+wqY=XJER0+ebYj4oVJ+Vk{-DVaS`A<8*Ti)_{j<2K8 zj)k#v4RTe+LnF<{D-y~;@wblSJ)iX*s~m^Q#5m6o^+d2wiQ^j2m~rNoin?Qp>^5oC zWVXy;Co8B6Ieum(7>MGQ>RJM(jufTDOpMXH`W%RtxDTp=D!#D;lf(&Au;64j%*+31 zZczvILS|!2BkMl?kp*C4_55=}qCXOg*a(Ic>Lx;|LoPddV~YEn+(j$Su9mHFVM(Z< z-ZJI@H``EureWHiXKfs&=;>OH#;J#x|V#00U5@ z4Fo>9#~cODL%O~s2lZ!OVVW;pJIuFu)F;}7=3co)qAL*I3znQzrR-rODvqESKGp@x zC`3i#f-V|tsQFq@x3909#MB+~tNPAkm^^~UMn-1t&r)6uF9R6Jt}jk2eEYEm+;~l! zoXq}n0Ba&4h8_!ZYeK!Bdoy8o&R(>_974u^o;11JsKK5cZ1G0zjI3#BOxUAEV~|!I zWkv@fjt;bnh`s)n?reb3y)h0}o{dX0wFELj1%}OPEF>nQoiH?5(MA?6R%ra}w%GxQ zyRp9y0Ct%f?70;Mb#-c2w;)~T17=ZHlQ)MNC=Es1*p@Wa#4Qw7!9d9jNbm1xU7Brg zgNMjl!{xa-3b}yp)(oyF1D6|{Bb1C&n!XO6nXy9Y8Zg9=5LJr__w2k$PJ0r+5ns!F z)c1RJ77Z%-{cwWaFS%Z{jmgP#1adFPCn&xca|zGf4^%)|OZU8XKS)K~iW5d?E#tro zxqJTMMjtLEXM|-0Xm}U z-wDd#lsdGMImHwgV|rw=q}UL5@F#3_Dm17`2 zj!3+GDgshHTfWK`iF%xd5e7fqcMGe_=%Pek;%MJNkY)SMvq;VOIWsEK;LhX)^&&X++#s!VC3RW8OuWpALkhRkzGK){CRSI0+@c2LDhc4X zJr_md@(1uC-;|S4{{I6oAH~~`gL8kSW^?aSFAaTl941s5apY0WwZuYi7sw=uBOLs~ z2~BKB#hvF<`%K3*6&;njFux(hUK+R`7TA(J4P3bq)o+lo6WO=bVQgvE65de1*96{! z_w5C7;1?l{ZFnKl3R(`0Gqp^2*@_TvUiYlCiqd#|Qor4Hmq_tMsCIVj)lWDOAZYWapT4w>HQa`@ zLvB-xRGn&d!&Y`M>!D1+SjWOwKTgnc6OLw*0KMW-; zTGW@e2|+AdRh}{vM~f77KY~V`8CY8I!sHG6IDTzQfawE-Os}F<=VPV-JL_?K%Nxj{$tlQt6(VIr5UGvO#CEx4(B=5=?3!Y{d)dL2wL- zr}PH01Pq~`OJ5X0?lp?>mhWy>V+F8!ln~y-=UghPywpRyjEf)1s7>A2t7l77 zQ6rBUIFYu}?GaZ9tjJI(I1`T5v%*Od2$2iTPu^3s@xrVx^~@ubN!_cutp1CK*DtR; zt3D6$((Bda3$X2x;oC!!wD1&CZ*Qrb%8V3nB;kddzh}5^b^wVwC;YTC|p`6i#%&OIkr#YNaRjY5S;atdqIT}{< zxs{K0Y}wjC>)7~4VR74}NM)Jv4KAdfnWn~WBvmf`6gFJpM!NOB^H;xp*>Ty;mnY_1 z`K#$$kRMhb34y&XmtKK$x z8Oj&dPWHFAztlb}!;G}1fLwFyVp3g_hD@!8;t>nodB};hUYRvlD zlu4;LGqQ|Ur(r+lUp(KRkIM2%_kBp5Yi7J4%a{qhf_qXk-K66zY=P`_(UGWtj zF1F=VPK+st%u8303HL7k_p4L^5E4UvY5dhpk*+apV-_C1Z_-)fL|J5Ygwtyipya%s z4-^@OQ0DPHnSEq$BNf4kbX^aO2;0SiaOR`^#KxbNs?EWi-Tp5%hXp!M%p;!3e?Yc1uRJJ7lLfv7DTlkc$}EkC10X!_ot6* zZpf@GP{C03$7YlY5Y;BP)z>OhgE}`e@32tBpzN&jP1jA&wdpGb7t{A_K^8*LRdkgN zE(O)F9kLZ`&f$IrG~iw|B%wB?xAK=50wzS++{&>?yi@f(?N52AgxgwQG`@3}U2gaJ z!nqaUuKQ3G=j^=SM7+CV{%`b{NzYAmH`ib{GqYRnkwgeq#~|OBXXG)uXhQPzq}I6| z-)UqqKbO!R#qYVwy}l&zRd^i|T}AfjAanDM*6{FG&rQ1d{vHHY+&IT=8sppGrY-97 z3k#*4!fWmnVIX+e=(`K|&UM<>Dzm51BVeu0t>_>NFtxs%E^9$sNjHC`Jifgejxbf+ z#t8yW{rltZp&|%bGI_4?x@c{AeYrL^(vD?hIL0L?@?)N`=XxE_3jDtM70kt(gr^jI3fi6Nc6y)ywlJju6+_qH8(ejx!M^mZ3u1m+2 z9I!1Ej+lrW70owf^-i`F-AGgpx91$&4&YMle`m>#f(v&J2)S*g#Ix(iY~G^Bi*ap# zOOYi7@}CO2Oy2&U}S<#jYiS&-}PfxOm3xB12o=+;7yWiKoY zn*V27bt}x;1_B(8wUY`0Qy^FE`-1j$lV2ee=0na;_89GR*}7AK#c(o9k)4tWk#e@e zw!{TZF`BtVmIs7rmi>1GMF`r4vP^&@q@em0wTo;mAPAQ1;S>l|eNSkrHc(PYghVeL zt+$=VWC0?4wzPVqMdc<(f6t%(FEz68AQ_?+$ePP5=Z#ZVaghVq!2W@FI2r)eXuhKc z`HtYbYo2ikg<;*6PMs=-^Qk_g~}Hu6oY>JFH+MCK)}-|`_QEBI*aEX;2OQ~7K1)4L`AWem zJ6RSqRX_?L6$DpMe+W86!3x^P<0o`cc85kBy^9_|(M1oS#O(y&P6t)UFP4H00!e-z zKt=Z&2b?A1fI_fs3}lR%hiilsX@oG7P0?CA5z+@|G`YwBXbnh;7+a>mnW!AS-0_i) z3mcZ|p#AAO@dz2}WnxYc1boKt21>qGEi#0`jfyy)4q_90t~m(Uh96v#gB?2APvY=c00f;T(rZY?u!tq25?g8@rj&{%f^QFjNsF|OKJ3Fl zwN)brZB(18Oby=ZQ*ul*AMZ*OE5P;pU7|EvSVHkOXMa&#FP+e zxbw^mifhh+WA@KP9LIE59Oy*E=|v!k0pa>=87e}z2r-t@VIO1nb1{gRF&&Ifx8l4iSs~?=gO`M zU{qv@@K!=`3X*k$@$}+HkDHqoGLm9ivO4?*vt~gHNpSK3=7;7VQjeNQPL1O?R((Ma zLok`;wi$*+dt;38EA#CW3O-BsQFu@4e*i!JR3(EGCobm(<-qv}%1b?K@)Exf#$;+J z0d^RVy9qnAapQQ69%zMIe9+eY=zOIX#DTD^L^v-5&yW7;gGo9q#_`@3d<9}}Nj8^B zF4>VmQmU;YV7uvPk20-*W52>4faR^+MGZfI)Tw$7U zq*m-TR5}(4j{5%h<|u15lDnh9RfF5aX-kk#Re>u(-tEvP@_=bMPEuBte3S-!yKoQ3 zg)TUPqci~)On9P8`@S0|XuMT`5}nQ?wsODcj37zUZVYz{{qQ@-Td$y(_S*S02~)2# zef{kY8)2Xc6O!LPf1^DQ3j-llgSeF*jrlN4uY+8A@pOMWB4Y^xpz5bp@?9wZ*ctnK z3W~FZsdsSoJ-xIJ&HVfMO{W26+{wa7JzWay@UMBDVU}N2Y8k>Zm4<+DwN|*kzcw zVEW@Up=zo5!4(>KS|7+Mszc-oDFXMOOjB*&cOY>w(-N?2DukxWo7Fu&SVqy1qpEc5G(fx%2JB*x&0@XK6F|>6i4+b zlILhE^~uzcsz8^0Zg59El*pUH*0Rv8rMywOixMjjArq(sak70O1p+M^?mdAg>KFpB5vsBo;y45c_>~A zVMNrXUm%dW>~18)(0EK$E3)rorGREXLN-S6WxlKE`juP$#s# zNkc+J3bgHZbZFVZ*Jrd?1}9R1W_?L+k`2=# z?>Og^0Yo#ampr31VlF6&JfrP{5)Iciz)4uZRD~H$PT1ZV*M?y|P^8)ja;$g-^|X)U z%jrUPA=#vAsR>1uKYG|asQ0ks7XZ;I6jlC{J)WG6bgfBHJY=8J~GMLiPArWY&wEeJ$;Xf{0XNG z(3K)w&cPyDkV`;HUjs^$x&jEN;!jtwqNr*wesJ*4S$8PwKtGJTd;ov*L^yU2GI5G( zsl?;DBBT!)=@0TG1C*W?)^>j!$DSZRr^x~$^L1XhFw121B$5xp01A>ue@14VuDA)B z5ouo==xIS~0nj$reX^1Vt@VPW45-mTe9Y{GiYFTS<+(VAGFP{i*dY{U){N@<)=W_7 zuRQh>V<8<6j5zcyauu!c=8>91ZI zS}NYM8aQ4djqdW^;6SfnGhGtrH=?VCu)-xUMl}Nz?JY_2wGTP}0m`8`Szp?QuZ2h! zz1p4_2}PIL9;`%zVZ6E3bCFwCKaQ9GiEeLX?9rVd8b#7MD=Ja$JXJ@}7Rk1tkwUMg zfwY*k-OavdC^qKo?M3iYZA;rs=&B2MxB4CpX%uPT9RP>pObvSa%qL*4H%jl>U6DZ- z6>Y~_9G3aqPyiB(%yY3-r#>)IUeL{u3k%65V2T$8{9%B~U7LaT(;JLhom7qDlOsg5cVqTY;{vQ%bE*MBW4N9kiGy6gpt8M zt3L-@FeXoiHHuUkYhM3Q|OdC`PbYp#lrJObC{6$xYz5Uw`Lk= zIOl)<-{X9b^L@YbU*lUy0b~Q+mvY3_4KHG^;VU4og|13eP#y5H;p zE7x4Zl{w4OUS_C9j7#g)=b7#$P|5il7D)2ZG+O3(q1xG#aZ13W>!zP}2wUhHG(c}w zbn`b_3dq=1yPjPV>pF-p1H1O9O6J>N}(0oDy_e62>jxg<{$p|U5ZP_ zmudDxrBNR0Q($Q}^@e>Uoi+0YETZPLH!0D@`ek(Ay%pDPP_uwtNf?gJ>g_ONF`WTq zW%+M!Iw;S-7qoV}{N}-BUSl4#XD{qeoB>>T+jQRhcU)M#0zJxLZS?4`_V@(Jp+_I% zqAs?eQOo9ld)jFY zG!fGtp}`aWrk8H`Eilk-Fnr^>K#v0}<#KFlI~RcLRsStsI6QMFs4IOjQN|~B;x-#& ziJu1+tlufrq;L_dUtL9uG6xP-C=IaVW^9itQzbn%M z)gLl~&Xe&+r0L#;00Ds}Sp|?;dZ6HI9w6;|jZaV!q*=bv3_@4i5i@be!3`}L4vVG%n9mj?VZp^S!lG#2 zAca|JdCU5dnQ2vI8Y$NmERUgPg<8MzlY(*aWZV);j%CNr?)Ay^N3~DZK-opXEjSoI z(R_pX+}4@wCvsI1l-3GY6Bs*)Tp%@LBFnn~uxvaYBKeDC6b)&C?DpxZ>P%sr*;2JA ztFIWrZ9xKiIxZygp5CW6)dEAJ-zI_;>iYZcmIVe91wIs6)L!%*iU=Fcj`Uaf={2WP zBtEMh&nyhEeI3Onbn_q(MHbkrW2|%!#u&k72gB=IX)109@~b zl+}}@8}%FQl7OV`!kYl@V1kv#P7zLt7*kW>AAL~Yis;re65FM_A! zG@@7MO(|Qs{K{IW$nX*=s`JRR1%IhQ-RyUnj|uqLdp=}0x=_GLciO|^grLWOelQ+e zV;=e(fTHGlfcb1_XeJFg7OXCYPEK*1!t zcC;;19r+kfJ1)J3JIsSV#m%+WAa*0y*8IvK{Rhp(TgVQt0F&)D5bMTqY&xnHG2Khp z5pDqeb(kZNW=*6tt9KDSFWpY+^dy^uwxzExBmbu=Nl6EJm6TaA_1yl~yZuDSEBNbW z3GQyvVgcS1K?Nf=6iB{Lkzx3d)EF|8e!xX#neKlQ)^D(-H4A)TYD)lr0-Ohh zrfzFe4JQ&8uMnzB0&Q=kRC8EDW#DjG$DU+Qq*VagB^77(W|8ncfiuD`hyw{L96FS#MKHyj(+Op} z!NDls(K>;z5zkqj2ia-<$3eDkoU@Zr6J-3rQ~u$|p9x^DTv6hY=6~)5Y1$N8);S%d z;e4^9N_Z2{5wdZ6AV8ou?t|10XXrz@zk4a{odymAI=ts39#TumI++%*^qg}Z-;V>b z0>lwhJK4p=p44(w$2hrhHZ-3TU2=oh=)T+|-?3SW2p<5(*}v)F#45%8wdKG<#y#}y z2MZ|aE_3hdbY%;C3+Bz9u)SQ zpdlGaSDnUh89&hqinclIrqX=sb$f*o_0sJ`9c!RWnCUKIkJHzU^6zFormeV0Sr_!a z_-KGFUE4IultBSy@wOS@dSA6)g~~&C#f;Br<810m8+-@H5>|Hm+Jh0bbip}$b%i)9QeNhR#LwEjUntlbEt z2lOF!7Y@X(qj$N`yPoom$8x_zH(oQF01El}@WSsBv#FHUGL~C{vC8?$+JMromGpZ> zQFHjK4L`-prKdyFd-H{2)rn9D=gji(&we5v1>BBwvv^b!sG{BFXkGtc={A!&dPll1 zm8SKY;Ehqe%__utG6i4HQ3$t`Zl5d7sd^m$+ASlKP5Fjad&kSYPbreI#h8@GG4>?e z74={H>9}wl->w(hV`* z4}`z}3X=ORtf~KzOZO6++xT+s>dUq5=doMVd(11P1}Hvq_$^E?@t*SqQ%B=>kc!ZT zK~_X31RUydl$xnj_C3p2`cBg2`WYF*Z1f@Tx>Bc|Eh(cX}lI93tS zuKpXlSKE3$JUTx=n7TZ)OlmTh@>31$w=92h;`ZZRY_v|K2#-z*GS!D8z5^!11*Dr5 zXnQ9mHrBiQQICcCJ-_m#S}$ZV$SeW2!#|!_!fKgvsz1qRPW*}Rcox@Yt+3Xb^j#m^ zfv6uqI&1*IG5j<7BbfJ;yE~jj5A~Q5()lgmHl&RrM zr8R9}{E!vx3>GllbhfjyYxquJPJj+x?Coz-t-f~P#KLN;d{~# zQ+LVC)le|3;dI5$DocI;^ovP-_nIz7yC0cX4$l@DJUmsG)JQdVV(Y>@PBMEwU@Hl4 z42wzL^{i1juIk$CDQSvS?9aa4@NC5NpQau~(%`&ryYK)r{AhZc39ec$U)gu|IQ_xR M)pJX^OUTjx0+TocfB*mh literal 0 HcmV?d00001 diff --git a/v1.9.2/images/white-logo.png b/v1.9.2/images/white-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..004fcf1aef5560cd406ca76cb1e388638ed61ef2 GIT binary patch literal 94617 zcmZTwWmHt(*S<6&AR-|kAzgyBG)fK~Lr5wq-6^Fg2uL^53|-OnN;}_Rr-*eB|XUFqAdxBM!W$|#xaR30ogULy$0{~Vt0H9}JV}k$lX-j_<0Q>=% z)JwR>^!A*mzW$ldo}c&%L-vg#eDoY@GWNG2k@V?4eF=KPv~+qPwCyB63|F&3-^VWDr+pf zs4=rn;&E=VFdXa(5T6!{p0=1zAAH?1!#4r0=Kp_~KgeWH#lNkd{}yF-=j3Mh=h5l) zVLH)nfmcCR?!4;6P|CurQ(eW8l!~nVUBT_2Kf}WX&OArRg`Yo>mxn!tTVZ}22{UVM zjW>IzwKX-no=1Lej*gy^mwS|y!oqyK-sXrSsk8FaY=fX=y=m6dG0N|-I}xOKLUaB$ z*+x3gGrG0j;ox7w7Z@l2!0|;{zG1oApqn~WVaUf$`_<(FJv~`%9zxIe`Z9g~oo9Ds z(%B}(9lIb#U|)*&vi%(n_hD+zdxUss$@3%kJNt`Y0(WZ~xKo@h2Y0d`=dT0KP1{Y% z4_N#jHVW^I2ooN=TUSq?9d7+^AL{g3a#P-Omke~t_Y|4reAo&fD2>;Uq@x?*aaKV3 zS59o0mh!iLAGPZ1d;iuw z>tL&Vx=Ng$5&$F|4ZkQi@i2;=9Bm}kt4yY@awcf+2=MdO?ugEh&G2yxiB;FtRqeXH zzZOfkSMWNYBD{X7e7TlzYk=^}8yj;y>+73cTKpU|Hclt|?QEQX>VEI(FEbsRg@`bL z>&`Nx&{o;x9GLw7-sNOy!=~1B>abO}&cYr(@}XvFzNKwGX{w&VGR~DIBmBd*s<%a) zR?6T2XR$onB*iy91!v0lh9P6QqQ^z4!gv0$D1d(v3AKHlD2L!p8KH)fIJd?0qbHw< z%}$hpl#d^zq@{lQ=H58F`(vEsfqlXez+_OFbeFv9QFn9hFg1UpG*yqmXrTL-(~Zg8 z+iYzBai@IvzqOeSz2luAxJhr;=x<;EYdgM+fCeed!104V+M6PVE_c|HLsjB`Gx6qgT-lcd#uB)T3|K5jz z|EIXb?t#}$W#v(Cm&$Q!eyOcXvNKM4#7yetM4tor*U;x9=UmEJPDpcgw+~t#mX?;b z0ZP0zTUyuhLHf5OgV>s|L06(yf@Zc8zi3kcfXfI)=nAFl3N`8qEnn^rFXxdY#Lpq? zSqT;{FB?=Ym2wueF2hW!FN4y#$;+57{(Huc&e!bm6#ez5W!j^o6o_Zt69W8A-nQ_m z_zkMT@yYWJoYb@3RdoKq3=CaT1PxLwbl4Vzl+bEz88rY^+n> zmTGfcfM4_`KvHt7S_wm@=%zdI@f=nG$$!t1%KFNFm2f8Tr0-iwa#})7@8A2zE787w zmS!H-da|iwTIb8_Qp>4uYyf!5STZ}Fn|xQFQTKCrZbrPOe&g^c@nbI;Zn}}q?CgTa z{u^DHfg`TQuroEy|E#M%3LEhZs0wMU&nYqXed`$Z&`$rS#QDWk{YBVmb}Ex?I1;Y) z84Vzy*DX11-pHM`pWx$7P*(1Lenn8>RIlGs8Y9Ydgd?A|T*cxikAeEnssvGRaJ*hB zLma34nuEfc@KN=Hwxt6vwB<*SM)o<9e&k-qP-^%g}isZY$-^R}Iq5u!KKCgFRMdKwUXLqTbUV0ZV20lg<*VIr8$0sIV zRFY<8?`1@T(FptyutEWXwP@=Y`MS@$Ab{{02Zy~J+t1}C7eAR!Q~)lUJ!}&?wn<$> z9J?AGmTnMh{t?A$@#LZ=oN`Yr&a%48@b@{j+RlFq#Ln&0@0w_6xN7tkqo&q;I*CfV zFkbM7N8>`8n8gv6M4gw60=z^56zMv~ z3s4q%q)2#xF)4B3BN22(|G1oOS=RuOSfv zv&u|hB3piHGt)cVNZmcaR`rattgcQJErCC#ywM^--LKFzAI zK*W`K3!)9ApLvMf#?1LJRXE*GAKh@-%TxdW(}xLft`+or%gwI0>DlT((7YHP5r~em zyvpQ_Nx(<@w=e=S?#d(TU5Xc?KbW)@Q%MO@zooq{DW11i8A=kDUIPIA^8CcaEA_AO z`I#dYjP;$UhfqxDb=?j&#-#ga!v7MHd?eP?`X^&<$L;EZ5L17O#$#b|W4NQLFE2YQ z%Py-3OgpTMGG}eP8oT$w_<@Usin5y}kw`Tk?tX$#R_T;J+v0Oo?ZPNU7$)Pcpzby9 zes~zFM6Bt`rxXzP%lg20*&Y?Cf-%=I$9CR}&pNq5xnL1o!lN>0wI zQuXQh#YN}X#GPo@FQ!4*-EPTFYSn$`5t{s&p;b;5^stwt^ zvE}T1=Q$N*1zVdTB}$MjD=B%Of4O*qzv1PUx-M*}U!$Ep=rpT@1g`&PTkob0WF4+S zp0A}fG5bNn-`&4=@#M1R7ZYRN7J2d!6f+ep9HLnPd)Z}|`N&l5b100>fkj60!d~8j zVdm=Un3ClW)rMU9`?Oq%CF#+OBWj%z?~3hhE>jrd7?LR+{p7Jw{jnb=L|-ga*h&jy zDyOEc=-Wv=`Sy*YwIqXA6Urs2xK>f|Nk=@Ezz3X!^seQ5E-r4>kHN%5?75 zT}(AtQRCKwDi`(sKjkegf1b^1oDi}Rp%6c4GM#Rn6manJ4=2?{l5~=de+-hNArM52 zbup~+2@CM^H@mbAB^v4In`AvCI@>nuYt|5|@Kt0;u`@)J6Z>&pu+9LOlvKL>$j(PLb}CM>#b?ve{5L18XF zNlnzBv*I7BH|CuCgg z#FGr;xSTxq??IXi{*%alPa|VtgViW4?SpKL{-(w^0{nO4_*4oq4b>vO;ytFRLK~AF6ZdA>9ZY4{Q%LDo( zYz7Op3umyfl|4b(eA;iKXZZSrBwB;@OOvECk-FH9iAE!eMubhQnxKK@m+n~C~6OV3BRu4 z>t$RR3M{~UJ0Ims=R4l{l>?8Y`hxv=dG&|e79}CcUT84}K$CB};N?A034j(UYp?wtUFcaA9%uY?}A4 z;uD2oc03p3;!;{u7c1(&z(a<-VVcGD#cUl+PfttIQ&Hx*vO4kjgintuPs z0Y)zDTvavh{Lwo4c<+5T9*9sqXcPkK=$9>+1eRQW8QCnf+~^811N!^3&gFYNW~+OK z1_nnC-v9y*q$!0$sWa&V%gC59t&HsHj@Y!cGcH10<^aeS4R}WBglqTjspByxi1j)O zq{=_3bUtE3kZ9A6Y#~28(Z7fp;DCGDv6d%QCRJyP_*3D6g z7j&-54OaLVdzsq>Z=w+3^6(s`C4L&E9yUOcLRTt2eE?QyIVtzhBsTa3418^!eu)p& zKU55wiNI4eSX%ljMRSc*JXJx4jpmitSI4@b^~9L<-my~3Hw8=4lP3H$E}vz#4N@5c zBHNdc74M;r$VCq*Bx>earH*iULY*^*MxdlHGpsRaO}LvAL-)Ah{bgQ0tD~)rjTelI zz;O9d%!mt}>on-M{-4l#XhpAvQadD_4($E~+DG*HB!H9fw5Rdcy+Q!~Ho@@jPVj8I z|LDS7L<)t#aJ40{Sxrq%V0g}vPiEk2iK>#ZGf|wFQuK%Y-`^+2BuUlF1|H3I$q8mW zfhv@BMO-gQpFwqn-rjHUd;Y4^)6+smm96E+P~{}V1^n3tqxJFV&~N&kC;roNJek$q zxqg`=%kp@5>3@oO+e%98J><9vs7U9z0ykc5=1y$cGj8~E*Uj098w9_!&kswkJlXy|Dzbm1ib-TCT0}$C?o$gFbKj|!kSu7%3Q1T7d4t9qrg$Z|aua=$4o9l%V zD=8zQ&1tF-C1o38o3&s8lUjxL$6}E4289x`oR@~CXY=!(gkboS9deJSLYMeLyg=vh zyQ*5V*OW;jA}C*YKS(Tk%X_)ux})lc=Ss>Z8kC_zWeJRjK)3&yEwM}b7mt={+8v4W zk}`XTcmW@xk1>q6;a|hkb65f9sF|H9WX@|}=~~PTY_5A`XZ(~lwo}I6DI`AW85%n7 zjOJcH*u||Qy6Aj=R6y=3$F({une}1l;OeHyLkjy__R1AK6*jd-{LxFHs5*WyYat$o zXCd=0%a!ikm9V-c2cea4uZ@PpuPOI8$rId8Fr@lyJB z?Tsbi72`{b+xecJ!XOe{fK-56s3kvG=^EP|PhZid_zxXCMCiLKJ%P|oKwi+gP?U7p z#De1ChoO<={@URW9d0Y{w0U6RiUZL-q_1c3B;e{-PA__q>wf{$6J7no)|Ax5>5LuJ zA35L)uPwX&qISS)>r`dfe9Osx!xfCVk~93S<^VR2qzWCt)~M|5;_omUi&^dWm%d>lK*2(bpx6dBCz#A(}481^sIk8gVyP2IE?; zg@ECg@Rk6M2aAQ$d-Av4$J@o<#&G~`6`>eL2$`5Q*p~sXHg%5BXghdwtEJCs1fBO3l^$XqVPnVbqG=V5nPtUQlCHx(O zSrnitJMsK@P(?XSFV_}TVx9e2i3e}_wD=0gr+%e`^bpkt&4zwF1(+ZA7XO@*3n{J` zchV9FP1Q>;Ahy1g<&P|67R}I?dWI=Sd13R!94qw)$!05Hm4iD;Xj&EWW1t;qtdjd&9_kr zg`dA5d6jznI=pdWd|Z?sw7s=Umbe%WEY=3hk@wduA>}D{9s)mAro(I!_;)aNm7{u7 zV(z%(GN|s~SFlEqV;^3Hg6B1d@%eqBVHP=Xfq{y0s-T4u@N~@$SQ6=a!B>6|*y>O(YLkrv;Fz#6m&7tMIOc_jKp2?@%4QbdH+#A%iT%kZ3=4Uc z8TO0Ez!>nmH+I!K(vD8dQkDxedbNrF-QylGFOiH!RHXF&i!eGt+aZp8#k(LNLqAVe z#-d7h=Y742G}T72I;(^zYoS$)93O#*0n=sp$m_)ek83y@O&J6XuJbQZkc;uWN*;R& z-a-*BK|X~-l*N)+I~D)EdreUy(h!e#r8LO6yKzS~k1nkc{9)!>)B1~T4IxtZLl_1YkhsT*+E z2!A5#8`y}I;dIdbE8(3xKqF?5e4(~$74_E5_iao^k!=5MprSgSe)IUL$%zY5lbx;Y zoTMgjxW2m~4oi4wWc}WP&XPo1)9mj()E+>&SMNDHq#)-{KL%-=A zVqtHMfdKeO1I3|Tc7J&g;h+HFxa%r@K(*FX@~=SsR>8#j~HHz)ALS2w{< zbc5cb^5SzRUm+THX5f{<}GZ0jjPwsr%SLGK48w3bMEMx`;oZM01v=eIT5_)L< zzat}UE-7}sH%*=6MPz@DnLwo#98G(7wr`s@72W>V!9$7t3vV%*d2~{2^cuN}7u>}d z52ADdY_Z+v{x}_0Be#)mm_QVRpy2ZTS(GslR9fh>@xwF+t}$;2NZX-5e_TA?xX!vH z>|0SA!yDR`vf~lkf$A?}Oo(?EDvU={cZ1ijRK){)X=>xOwfaTvObSm2QD;}eQmRXK ztVeKvwl`Iid)Wbt#$a`=1iwe{1nMR?SeKx!r0?%ZuyhrZ(M6FE^BfShoV5i$h??;l z4&q<~UlfrfZjM4DL3I>`3K#PY`p6P0WKsu$yw00gvl`|?px<}ivBIl~ir$q}UK!&; ze6VmIR&i*yMl7Zb+A{ChHQbrcET`}cb}c7^5yF~R0>d?aAx51L2+Vjj1WzK! zjOkz3Ltadm0}$v6rS6K(egIH9f02v5x{n4l+0_mlQ_oV4y-m=%dmgM6@hf+n5WJj1 zP#@`n-}LRaZ6sv^OFt*LU_%fzC(|{c9A#?O1Js;oV(dIyl6cG~?8M^*OmDQcgx$8I~Y`(DQ zxUP5Q3$i{a5*|8~1NM$gsOYhK?3{U@QGog1duQo)C)SN(JqGIDOpRB8a#dcD?-r5u z`gYU?XbG?KD(7Bx0@}Y!d#-p5q`XN&S7ngJ-%;#Mc2ki_6^KW`&wzVx{WFwZ&Qyke z0)TxD$n{($$vCsQ%a^c3d8o z_k+v>c$&jtAI#(V0Qgx{SG=jYE9dX8&!O!Py|QpuLqkx#Mu<|;SW5zZk*ss?A9;1W zrpE2rpG@nI>)@$OUPAfgi#>e<{bfVa9a`nJ{7Lj|LA;LkX0H88+$c1CXI+KU^t> zL;qS3#G`Uy48SKNGbKq(cLs^)x;>m+r3^Inv3X!>cm)@_n556Z!E?Y&%u6EEdEHpVz01DEfLg1epvRn2e*$b6*XZ_59FlspDZ5o)>df_iFRl$jH=5; z$30zmeX2ot59n#j5TK#S7ChUk;sk!=yqFppyqHJT)7Sm0|03=k$geOA|L80~B+y=x zuzpWG1}+Q&6B~jizmi<}&MX-@FR z#k_Hitg&ST&A^Jr*NN)%A@74faM(aBYpp*qKJsWriGJcM19}Gt=GoQ*5^odkBR=r$p7hep^&J{E8SQ!5m7a69frWsr)SXWj)D( zxY5`Ej<3KQaA_)2^SV6HOEMTg!Yjrl=nJ1jv@+Fi()hdsH%w0xE`UHjb;x04%rh^b zU7Ukj@b$;WTRY-oD$(ssbiKD`>exWfFYpL6Hm7Bn{#g>CQh5WlgiZp)LC5beZcu&} z5hAfH)bXxMc}y&rHt_4zi@nh~!ur(?MTG(c#TpG}}moBJRc z2f0KXYtii5iXChGZChp~eL_T>zwX72uNdueAp!)tGNb+7$EU`eKiNIy4+E=u`XH=F z$AAPbt`{1r75IjLL!4n4?2_Fb?wII&XvA2(IpkZlMG%bX+xzBsed>UJk*2yKr2-$y zUf-(I#X89nd3s_ZW9J_=eKkr+RFr>)KwALqP~Yq|BO69XCQPv@ZnUr+x^Plxt*h(> z-cg_xSF3lXpR7pK+NIc$qop3U>X7`ncGOXYT+3r;!ALOy0?C^~H_=j#3j8sPYR9S{5h zU*42;GWetj7d^H*n9I5f`rHlTid$~El7MvT$a4AtWepXx|R;>Tf* z>s(w9fR6SIfgc$H0L{m+FqJ-M3*vU`#%OUF;ufNO} zRFo)fPS>XPOqv)?V|LjGXfD|0WMTF0(JMnyjH?$nx6h)nfFdojB7qR#9HQkyGej%L)>%nUY_ueM|!8NsJ-tQ;rJw0s;vB zFYN(fAkS>2=@+He#qmabD?`cVA~WmN(_k5d-fIKr5j+A#^1LHV*8ArMd4V!A>-bAn zHg?Y#Ix|gNU$jbZ0uuV*8AHeH;A?HY)g+VM__?w85Y|fEF)=o`Af5cM8$l_vj*iW5 z`TgT2sxRpbZ)pFUf%Rlb6*crm*PhEjH}6*0vOBV{DQYDUc%Zx4aH-KlWCMnG z=?mux;9c&xyBd6bpDOyc5z71WcQ;VAgSblvTb4;khJat|PPM*4xh=@!=H>)eYnGm7 z{R}rp@@E_^K8y1IbD1B0)2(+BXzs69wlA4Mj!UYi!o3?+~;(j|3Ps#YZu|?>N@9BE*>$l<#*&4_}c%+*!yQ38_TnnanHEM zj_INc@sZmegkf@HlcTz?NF}~Md-lv;-Qb6PoaXp$F3*=Oor&&t#0%bk&g!U2xIwW7 z(k=~EI9`73ZB2bCAE{-!D0UOv6tavt?VuPX)7deb5E*-0avdFF01;BiO}7ml1~;cK zPy_+L+KOH}I(iHHAYEs$v%5oGRA6scF5HX5De{G33(3y;PNVv*qWu#+k8E}g#l0?R8v+GLIs1jhq2t4z zkf3La1O?z}V%3eX&U{Xor9e~MSHqBfc`*p%r5)?rzUDRnoH82x7sx@mK^EH=HXh-- zx9U%#&x<(j!ROKiN85y(&waS#bEyIHPsmq-Al-gITjmTr_s4mL+y{z;6B0+g8$f zd2#4>{YjXT`27Mf$AN(WE|$?;QL#x*MJD?G`>LFz=a{dF-EEqm!l2uA9Ej{bQ{UXF zpPW1cIfXmgF114!n6#4BQCrOoDOI4%_=Lc$2=2=gunY5zYb>cqO-`$omV%tfj;HViU8daJHAH1qj&teMg@R|6`v&!Q zL4~v!tuG1|8Sh2rfo?M}I0VcS`18g%fVBP5`tYNG3+Yvm6X$`VX04((g2v$w*X=YwDrD>O>`u>*5r4*UC00|d_&5R}XXFaDu~ z5xkWr+I+4`cp$LbYnUFv(gb=47{mT}{nj-!oEJg*HZ_B6<5Rx5!wIOWhDTo`cD^iu z1bh6};)JIj8?uu4I4w?5qA=_)$U{sP4!!j+F(uL+g)XN5Rn*$xHV+b?$!vLVsq8 z7|b=VdMWot4*N$v=N($_KpD`Zn{ga@KeR8KYlX_J2o|)56 zWuQK(UX%3;m>lc_Uhe&_Y--vrEU*@ejJCUQbWulA!arPgc2U?3{;m=CTUkG#Dx2t? z!1>fUTAxH*sMbbp<<@b-!a|%rv9+vkFGZBib*9Wp?Zj48Jf~FswBo((fW-#-5|opk zb{-ZM+Ww}stb-#z^@nFOc@duEwq|=dj4gP(l08@@)n54u>NYI6pMw=Z>DwV;!ah#+ zl6dXy-kEyg)raPIuV_oqIhhOP3=9mM)t+MKBxJ|jh2X$BYG>Lv(TSfwcCusY|3dT+ z4cmNL3$pNPg?LfLrI|^TAJG57^qq%MY0WS)4r!Hzf&znvuX_i!Bu-u%nmg$;_j|WP zdwc(R#TSquC<+xPm~7Z5;4`l#?)=4I=9}_qc}@z%{bHlv-dL^$?~d5K#;T{>5)phk z#-a^27aZ!WVp>Nu(Z{Fhn|Yg01uVCqhuir2Mm>XLfSRwSmmgQh=0^OY5r484EN^a0 zZj^#fe{CpIXXz4Hk%!%ySMuHEb%nd1+1WK*!|4O&C8XXA>3KVYUGha|+^_ZXDwXJW z`X$x<&LI68>PG%V^|AiE* zkbfQ2{?qG-$%NjBsR!0pf?ZtsTEg8Y)(_Dg^ro|V)n)TfS7TV4dE@x-$mp>Ma0BLz zqqLSzAK>?!{v|T)csFvJf-cDc5rcnIJ{qYgDs!rNV&|40bYrk8CLwIcldk{sf!0AC>>_sb@ymH56Pf{(aa-TBQJ z-<0bFEM+{E^P3bGcP@t2v2p|kw1%FE89ytrsYtUBFQu#Rpkh(R>Y)`R8$65M>ovP_ zMpu9<_W8i$xxp5LYgiiN>#td17|-YcSXYUSg{ulq&AERBBZifoV4ncpOWOv0F+%oq z7w7o|IWofu0S7BnZKunweB3W`y1>Eaz>58@y^UQ$%}QRDU$2_#turAicHm3<)z=`g zw_Q?DHU>gc2M|M~j>7=sSry>}YnRXRony?bC9^7gEHTabBJrO>%IdO&0(m8Ogg_Bl zzT2me&^9`$d`QM1vwD2VwgV$ z(^WvCE)))Yd^@B^27w;*x#qXq+QRO)CqA!GG$b zxTV?Fl>mA?61RGpUFg&GR43Sw_edgq&T|htmWjro4B_8Hq0O9M>zT>-y)C`Ri4&JS~eq`gYjQpy(BMMSfaw zBFK@D{k=~DgJooU_8RjZ@i$(&Z}b5l9@BuLQ5@>LO9EJhb7%`}HMDyTOsUM-ka`rs z?zB+(MA}RofkR-4cs9i2oZ9-BB0Vtzq4I-scWAz|>;bspdqZSol<7S^Eay2;ak=u+ z);D)})~cF#s=!5`HKOZLhEr@og_n4BF>1lzrUx_|457BskuV8uSJ*?L5;IlPN zoUK{FXU7ci=Yo$O9~XEb^GX%D@|=)80#fwQv;W+^W3%Q6NOErcP#Xg(%`W0=Om@VG z)9yrtTYprF)6ilz2UwdpkLVf9z%vwTeLlK8jke@y75Kc-?Gsx79?JoOC z8ZYN;zP(Kk3)F=`74=nYtilHmkHpqo<|R5qVafi=A6GLW_03OOh0ghD)943H!j@Og zsa#j$2s(o?^}A=blylb={{D}TTf88ozHjP+Q-Mt%Mzr5(Ty6QFq`0`^6+oJ!FnIll zRoZiUS~wz7xg4Yv2An=wm1pDr?1YE_94Y#LO;l&7<-7Af?0fND<)tw}Fdb6|Pyl$$ zPQr_#O$$=Gq%E3uk&wzmohR+! z!rMFZm)?^XlWvJPYH0@d3j8F6Iujt)9Q0*K_LJ4{ki!+P{{sG$_Ja!}FEJ-0#L3G! z?30E4`X;Asx-K$20s+@iUW=O|AcSep$r|BWKP&d|ecJ#!WvC1Aa14BUH>gAk#7(N% zGxFH44_^Ti_Ab^;#3qM5mw4yU?deO#W2inA5Ujq<3OQ#jJk5(V%~yf|p|LOrK>?md zIbvGEFP9(4*9MRJ<*A7IPB4)Lg~-KrEU6L5i_g0CZ3KTU6( zfVbL>OG#O2Fy@V?2MEO9)8Mr9S4dwyM}=XnoV;>DQeI$~;TQakoqaSt9l>{Cjq;Io zMz2?~Q^2PKgoXSV`(uxYDos!>q?j1yxL&w;MVF#=Baw%gnwcU=f*5x%g*xv%B%?F= zgti5h>^sRmK%-c5hpeDNgSluwU#(QbT@nZ_?K zEy#J5*L%y{DwgqtQ%ZJ$3zWTom?-^SUDNU>n=rP^#VccLQ9*f_mDy&QsGYukN)1 zG}jUuOQ{c^5BaoYZoKIoKpb-(grfB@^nWjzUzq%{rM(g|A9pEUfSxmEHXHQfql67| zPZoS#s)(SmAXRkBH<2Nq$ccBSD5O7!!qQjkzM*3+K&XsMLGSPN^ViXM*axZS4T{#c zJaiTV1D}=}N7D{{>h)bE7)CF-8mn*C_u06*?>e;j{B?>?jUSc0jVdUw-=QJS5b0$r zqC&FNKzgxg+~M+O=Gczc@Y^Sv_xOZFz5n78bAa?*f9Y#(IY^k)Flq*=iuXGFJ^sb? zifQ*}9Gs0S>v+hAb^2!h5mO=bCAX6rYH_5g@0wzaNC>oLYHrL7yJ#P6Xs2yX=Qh)8 z*zmcAk${i-M=SG5vUqu6z0a4=kE-$!C+0{C2%52$v)`w*+Y^y!7&QT9P1d~R_Ow&} zlS|Ru;)Y;|ZE335Y@Y5+`Nol8lqYcaOq*CWspd30;HRIqCuq{LI^R>lk}A<4h) zp3g!>E{|uK zkk$odruSQEGnAoPZr_XKb+}vFHq(Xo{!0hPQi0Jowmt#bBpJ*QLeKihN*$6R_K-wW z38f!n8U=Qqk|A@bpkgb=O5(=YSbc#y-Nu8xSC^nQFRQ`Z$j8~*U^(-2bNW}Vh(&?4 z#qY~D=koHsWqA}UdrVN}5ptZNzTlF7wYt92x|D!M8z44!Xks`_YlX=l;EYpMwktug zLG%q`Q=@U!U_AQ;#>`4-&V%j+%K6=s=PQD&djI&{nE6E$Yv&W@l37xfEEM3&a|()Y zVhrLLa%_Dz81J2oAWeeN{VyU(;~$v~$7s6-=2#*kz05or_&4;xlLZy7(=hH&KKQ>~ zy~9`ok#cCXaHi1}ry7jUPKnMtMoi6ZYbRc42nBCQ(JIFS01uh_Z9>(i1A?oj%QlAo z@PJ_74ci(U@O>J`rKv(X@Ymm(0D8mMP{UK=ViZ_sZoZZP=o=dPw^6%`CsTYKg0Dn2e$i{qjY{V3#>6=h9_WRpO>3-A;cw{&H z`m1F)ckU6e|M-QgSBOi9zV=!H8@4s%;;ey$YN@KB$v1dO@G6hMAX!;3zQBa(qc{%C zWkeXHw~Oq>4i52m77i7Fy2qB)8&kmrnuZIboM09u3f3lZuDKzO zW~upCw{lC-D+Qv)GP5y7(7n#UfrLE;?+zddFk^FDEeNQ=8al@3gol(sCHoJ)<>i?B zncmn*i7AFX;G9DtD9!x4iB?Ahau4$?JJ@a3DGiVwF51m3I2h(5-c6(j>0Duf?;tEz zwOO?=7tOX4&NAxXEo}^n&?lni7r8;~If}g;cJtM?AAE!#5|kdZYoA1q?!kHIqR=Opo(ur4#UXge(8B|Nv);2kJG+u!*0FDQ?$-l{&nW1U zA#I1OWzL%DY)8dJnbf;UQS{1BmaPtIUu|h)Th;T1_1$UA*hk7h1%8U$o$*Pjch6yga;P5wy+(;)+`nKk5C5V#eJ@a+M8!C3RSQYsO;si! z(a;f>s&}jeJ&Z#>dw7RY(a_>!Wu%T&V8Hq(hkV1 zpnK^jFq2X=0i|sg?X<9dCGia+ZH=Qp-0HY$>y=O3HL6t`LN){8g~YVkA)S>?6@O{# z+bp2W($G;|(eRhC695(~MDM)&u#9Fin?d4f_V*Y-V0W(|m-@gf&k#94htPkmJ3T!k zms>|dnxu&87#lmWone*fl5Jvcfdie(UqqlsgF>`!htM!`Wj8_Rj3pN(eNMGEc2QL(o_SXy^p& zkeLjObwRK&@(m=|FWlz|`>T~c*d?~c3fI?KrTNp-UVv)MV4=9Jw zDad%GLKZd=V`nx@R(Y3d8e$E~{G~%OU7)hBKGUjV@uvmyN#jO{!iqQ=n=0yKG_CMEc$y%OYhtQ zY^r0O%WqF&35kicb7Pbpt81u>m^xKi2a-O2fgp7CW`fV41U#zH3`y&&pewENvqR(c zNaRZ|==Ae-Pi}L4nr;h1LAtD4D}Js~Lma#n)eSYfjG&E;Y%xuo;VOvdJ9$MEo>f7u zUTqx3=oX{z`TU*~B;Ug)1aAZ&F_sn@=0jcPw;7!hf5J(x=Q%z;?t{?Khnh8YTn3?` zX+!DHuXss!gQ*Hhv(|-%-BSvQ|EpWr9zYUc!e8`;pdmoDxOn!bjUn2YiM^7~vjQzD z3z*qG@XmnR=^4-gs=j}(QvUpEs9S0#|IL>lpbHh~l&=W)`pP@4su|3@qkX$%X=C;5 zDLBOm0JJ|V2Y=mBS-damI_}#hFVIR`Gg%T>5$be>B!Vn~gpOzNScB4skc;Mg%yfaI zeFa)5Ok*!n1tJYSU0l!Hqn;m_nohMU{@X06ugD%Bd_#<}qs%lZwwSJEGa_l#tt|>e zLfjlKNWtgYlU?0h8C676mixEe49*ohpr&)nKE@gk&GJRFrB7Xa)>LPlKKpRwO${xO z;Ps0cJp(r@jk`oRn@ZPksU5Pr@F|Us)h78fxH+ghX(@pii#o!?XiVjNV`hVe9~&rz zn(R4oS4*%`Z^V0gmPftExQ|{!#-uW$LpCuD?~Oez%Q)vFED>SZ5WJHY!YE~1OWTV! zX727-8D)FB}#KMAA9sUzcBUwsMO_-+TxMJxEu)j~sW0sW>>Kndxb>v$yd#)!g%^+Fu zPas#I0}YJOYl~g7cg-ObMIa;QQY>C24*)UU>B-9lY2==crL(JAISz2O{$GB%6>JhfBTvX;5h#&GD?3gdDfmf* zWTHdtTK@0FZ;8oi?{CPh!BMO_+RSgJ0CO0xj#OMo`|`m#tfUDlZ{?D8z!@)&XnoKm z@UWz+NhoMS^1y7B#0pl)-QUk?7p=hEY%+-ryJ=rSQ-nCyBg1A zj?}Bp6{mV1`p18Aq4-I@`W6gwr(qKf;Ak+GwzT2r_op&yW2(s^g*PnlJRNAB12i6; z7641uK^V&X=L=1sjL*4=HpJF>q?5!CCoY4>FXU5*0>uA@JXD4zk5z-)YOAYVZ~G^v z)!?U+rC*yaF#{73Se+nbn35~h*`{_cvn~E^37kUnPFaBl&c1laSl_lDgfNRm_sPK!zkDk zVKUB?n#>WUmKy|PR?8#y6eA++4SbeAf^%PaXS`>Pt&@?&F zw7a@~F6*gDH1i?A))iDFfy$>D7Hn3Cy}l>&0vz7)iNT2ts_N~ZF*s`ah%|C^U2!em zT6tSYAY~pippm4Fd)*VA$a3f`_XKbNK8e(b96>vQsLu6{Ls)|3iz9SK3=Lq-@L7s`i&)h z`y`m&nZ_S%0iXEg`|xZXc9PyOa91Ir8A6F2Qi;(+cORIid6|BJUKaY(PikH!It~UZ zX%s>C1ZPP>_mnv4rsH7QvEFl;Yg9gVDy{ANr#<}n&@N1=gaMu{5#R-lS@82hM6g_n z&VaIFf8@U#5++pxYC{S z#C)>e@|N zIBj^3)c{M;2@D+k`oGo2G<}SIXGqo=X9Q1E0co-9;H${09)hI}Y7tSXj}PS`J!e7F zqVU~!Rxl(ZnX$-s`J|wr zC;Lp3IUJIRt5XO;YCc%14m9=mKZn3e=-pYXR-4o$FeEItsdnw>qt{e~>N#+8BaM6N zgF<40K&W?B-8UesViR5(-(+9hPN-EWK zPk71uUEvuL%`?s$%@l2pcIIwTE5V?w_?(DGvj?AXP+t+VT(`k$$@=U4r_F*zhv z_Iiku7c`iXx%9EjZ~u5`^%~!>EW!NQo|I^Kn1qfFSO#XIb~-{8LIGY0IKrtJ%|x>C z#O;4KO%f8gO~^QIAlcLDI(zsY1tPYn^PGoow=$*zB=Z zLL_T}$0uD#%sa*u4vl`pY~MjdezZt=3YoC*f4O#%cGm8}n%8|+kagap*O@A=`AHoE z=OP2OqjJwz5TK?z8@Un{opiClu~y5>QPQ(i*e&uf6XYohW%Ho{oB}bf?{rcg#ib?A zf1BT!ul?2j@8tA5hE14+Jza@3%v_s4qqBXh!VuL<2`xZ03B{vJDnmgcziQFBelEd> zaeIJ%nY7;N&{$aO6R0z;kLr1ZwMG=w_3LkL#Bs10B&_J;4KRKm(yO6>yw9gy~ zi@m{KV@I@S zk{sM|tK6bE`!~p}8j+uWJ_9at1pMIy!h2d`AaiPmWThH737iF$Hd@-*;W;*}5Cw-2Y@3p*dOv5k9Ree!UL9heQy?n?D0&c{`A3;(>MAo<+ z9MTGK-s?=EccR>YGOT~-`i3yyucGWkxw6MP!z{T_lZzmA`dvfn^9@I1d^68r`uMJ& zI93~E7fs;euU<}T`iDFUs?5I@RHvXSvfi>IWKM&iHsrt1P5PFNS!s1lP4Qoo@@BQj z_8kXZ$r8w(B+@oVN`jNLl*A;Ex;C%uSYQeoX9iV!q0HG~VM?515vq}xY9Lwv7(&o( zJshfn5}_ewhJV$s!^4B%Tr6l$OQl3Bn=lBP7485_Vig*KMQoJcA0zq>fA_E`wj?i@ zfhwBRB4*ASQ)%Yo2WeDU(;eTzh$v&+F57U6P!;Ka7Q_bQgzl^Urz+hHu_Gqg{DydgSQ6wM@Cn({dNzebH>98Ed^>89GQ&t; z*lXQPC36Yv>#C1F6!NHR4&(p?A(553<FoB|Y`VHyta*tRDyr)f%?(l!@IfK94p;nsP z1kRms4&9?Mipc2>p%v{ty+=r4i0t@3p02}@>No0Nqo|Bh5;Ef2Dgohc=g-9-y)o)Lsd$kV(bp+zf2<1aZeEBF@Vxa4j_T3CSK>qRcwap-2 zJ??U>ysz)C?t=UL-pv`v5<-Yijb+bs8xkyr-+@g3Y9GCQjroz_1F32`*RHKU)mv>! znO6*Kpl$@dS2-ni=1i27{x8;Ov!0wPwoNqtBVQTXPRmHk%YS$q;@Rn>+?j~Ue9l}s zyA1IPg(8r?dOz%HH&_7b0fRZ;0OT|?GlomXEVEmVaVC|jS?Pu>jdKAyOpU~$5HEmJ z`S3LxRaTh4iS8j{Qe%jeF)X~N(2!G=zTk}K-$in9bjW7UGL-fws7$mNomtQ{?Q+AqU!?@)pD5`$H#MDhVwN@ zUUut0g=?97oWH4!zL)~u5AVI5#K4+e85PSTjymujl0xfAX2?Yr=R!UkwUBy3`Da~9 zZM2!Hp=z6xqx>gQU-rJ00XMm(p#=b|#T6_PmGyl9Ih0 zZVkNH;@FQhs|2LODvz=!c{WQ)2;Q>Lj}<3|oE!&`uu1z_spoT2FBhvt58s1tspoya zGP}Dy#`ez!It-Bngfyt78|;fjNZVO0SB~U_s+t6pR?M7$ zcGkg-u?QMlAsUB|KLk)pk+p^>7Q-YKm8wNVQb|{2NkFybI`)s?_U_Ac6~rHdJ~6== zx20Ww$rGxWB)ysaWw)h_0kIiAQ#@C3tg~cHuT~g{V1w8y=NRKwfkaV2*ewX$`Q&l; zt;(sNBkc&AnAGwHvK#|QOv&*k9<%Ite{`H?#Ol83eF~2+&(N`GL9crqu5os+?N+w% zTY~QSHdU)a0`t6xkdOMq>vMy|#u*nDcONOTo=ew9t;TC>9x-E!dHGsO&V_n(8J_92 zvmyEF`W9U)J6&+8p9Tf07GwatE5**sCFF5TPJT*KO=XEW2fuAS^3xBLJzo{ z$b(F+en#{KDSHLq#a7v8=YG&}opCKVVxizls@y81Min{&BGuGK$nK}zgVVsvE}Ytd z4gHT?N0t-Is!!4Srb|mydcbyv9amt)RaABjOR?6Ay=L`uyuj-m#ZCJrBGY)TqN7uK ziVB6Vf7-XEcSeA~{vUgfjtK72?PyZSa`2jgnVF~SWI>fk6Kz@qqU`9-_tA|wv)y}* zFw{59C?KcxD3GL)xmUN-pg=4c@D`N!?gi{usIXM0i;m zVbR6h;{Qmz_8w3^l0gVT18!DCS~*bEN3JpjWNNsM6gJE`GhNZ6s$1&R+q#q}VB+W{ zi>r+cN1hP^$(`ETY{&O1PuN6b4CwBXv6<&wwSV?{NV4XMi|x<8pT8h`n>1pVa%Yx3 zADgn~^O=Kz*6`h%#iJ;ZhEo~;7#uf2jC^(aeG>BHNeKfm$iu@Yfuk4?AF1^aNrbm9 zjqWL9Im>E2!om{lUb76)D}bU3IN|34Xao9ry~kGM?~;?~;QB3qwQPzuFs*XkW?*X^ zF9C>=LXl!%h{EDlyFptIu21Ep)+dhG!ot{k7g22>t!&Zd@zi;Rf@369ma$^XUuReX z@cv$@JV8Y;mZP|q)CKWJK*(r@y@?$`zxU zMY}Jg(qu5N@@%Y^akt0G@xPhXKrjr&55gYDN+a=QHs7z=tjquXRUWo%*FPp&u{#4^-q71 z5%~alX;A(XX%@<>!sMVVAtyuZ*TMWOa*9b{M{%>01$}yxLoa!BZ^#2qCDPH)(fd~N z$$|U*u`SJ!IDxa(Ugc^dhMZ?lxa>nH2QSH>g*EGBNAEGFuj1;De) zUY4$`%gm@OzU3=_zte=)rCX&nwukFQwxyrY9#c@zGtNT4|5?xDw9?a&oZ6SUq2Ih& zNDeikkUuo7=<33}Hy5#7NO7p9W^Q(6&xnR3RN}CY>&0_#_jkbdrnjVh*Ec7Yuk2EN zXJQn^YSnJ~db!CZNHJhExI*W7dBN||*c_2pToMCkOh~=tKT{TU*E&gecge{VAZmUa$3sFZEn*vIaou&PD zTdX@U413DLF|tkYpXI855h!FeX64VG1cLXMW*^jMEWWVpEFO?!r0qGcY34N3SnW=3 zA6i2vP03uByJ*FR)Xnxk&T)z}bNF|7svlGRpdrz+1Z; z<_-bRSZ#F~Jd3Wxua!<#=S-wD5%k=qs|h32z*nx;Fxr^bjf;gYg4ex1j0L#ETE z=-cJ>RlTVx%82`UL4pZuzL@G|?&9~{w!a?|wWo6wi&MzwzU32RK5s$mmbN_|oq`)2 z1OM=)e2?wy!G-nrK5<708g8@&yaP%KEw2~sgxAwSvl4QYT6bA%kJk8FpUEh!LSFK@ zQH}JW{1kqXit0ODAgY+OvIiHW@?j)|@8*_K>dz4K_nZs$%~dqpRH|fmqJlmtvlo|s zT)SgR=)`)R*qQ9z@926Dop_yH0c%Qs)U7b`?13PU4ZIGScz$@_{HsrEf6h4Y4a8q3B! zI??Y&L3izpu>MWe)bsQO$XN`+asJO8Plv4rUUr5d%REV9qBUaec2`z$5^8o^ML!$4 zRCGc>8`q)Cji&)h-K=?rq*gx^oSAiNqil8Fj)PR`GE%o~tEZHCn%ahr~-jRGX^$=eLe~ zQ>e7W{d}F*Cup871;cqMB9aXog#?e9!rHfvuhwSk;|>JeuC*#_jc6R1s-$%!cg*h4 zz128oPlRSwRe`Okjkut<{YxOu@(|rn_%JO)lA{ zoco8`rf(j}+DDzRada{TqR8_b(BeU@Zk89YRlU^yJ4DhxvyK1-pXV^`0axH+-Q!aLkCjuPDN< zBe^HRO-7ed#+J+F$EY}Of2VNY)#8#ejSt1YYrQ`r{K1HXQAIp`eZ}giDD$>A-lbPW zz;gTV|DCSa0#$QRatxak5B){la+G&73|Sx1>MU-sbyJJB75G3ttxMaqqCqYuox9es zd~RF;40F{i(OT-jr|6-*V6|H$T-Ogx6^jrt>zj2yBJX55ml}ail&o$;CbT+{5rUf! zav}h3xWQ68TO9QJAsA{~#%HG2Z`WEt^8aO(T}hlXxa^hwgZiwJ51gHPT81}~TD4HA zMIPfK#U_CnXxV(Y&{RMHjkKtuvRy=#q~#udavvSz>?)85z=sR_BbPDSm$oA#)DBbL zu9<3&S=x9cBxX7K1^46kV7CQ~xv%j`|8nI+j^u#=M;{?t*1f)GkG5J~E4;A!`Ps_% zL0SvZ5tqEkH^pJn%=4LO;S&Syq$Wh0z$4Rtr{RS`9jolc1?cTdm}^k%P$XxMZ5)8> zHh~WOGf9r_^hSZU-|wJMZvNUkil+F3Smm(C#DPC#_W z7miuNGV)%3!c4}3RJuH98f#k{lxcT;GVY^VBRtWDfY?dvk#aA&zSREIS-loN^zUzO z5)(F5Tdk1dZHB~SNHQ3j!QyLlb4>%z(aE+0iy>3_@$k1loWqg_Sthw`_P2q*AOp%<9-dq z2{_%3d>e6|@pa8idrYUDlS4&ZJecg}F9;IW!RO0otm)5KKfZ0-J^DAinU(`LnyoE$ zG0;zg={X{uaT(T!)ExTc@f^#6TC~#RQF7GS(b*=ijaJ=-+8B|%b7rnwZrlnCqk3mw zzv+~$NY=h|J%0^h=lvwi&AuDcF;)`nPJ6ybkR&2%)OV(e9=)hoWM>?LT*>W}1;(!69LnC>Pmr`6GMGH1aS-t7tT zOUU3Ut*R^+X0KeBP3o)GA4OusP43>MXRVx_hZ2LrWb>}s(5nwh+B$GMl}1;k;pU*> z&FZs0z`JdWWKFO?ThK!90ypkTc+wVjtAn<`eztr=>cERQj`u&a*zGiXR2dn-2g5!+ zwFE)t)xzX#Y5w&q4@%B^;xipelB&?mgeyX`J&UgYw8B4O{02PYv72+Aes|#vu0X)e z^$X2V7P<(URKiR0PNBc9t5}+BGs8`#RQ1;6(ZZ6>JHZd-om$R#>5B~9L8(+zkX81Gi?#0tXBXKdo}e@O z2xYLYf~*gCQ_}}<)8i4;OPlPdLn$+V%_R3XuxZwlTN8ajsz+TcyHZ*-bpu!Mbzloi zu1y3S)M9NDEq?o@Iu{;=#nIa5Ro@`(D~_^)GWh!HeIZG4MT^?!n$DBD z&k;5V+k=TGkv9ovCuWAHew}Xjxx{F>K(pZa?qU{t)^@ehIpZ?o&dn%_9k6|*aMQp_ z>wf`uy)QYq&e=-Rs<7NiF<6(+VZ#K7mT`B_V>GM0WvxrZ{hP%s%BD@@$!2RqdQIut`Plhsd;Z<;4 zcqvt1uz%oYbZC(4)fS&mb-AHU0!Lq=h;^5q{{GCOry+(_xdcYnt^&6hvaxKAPk8w7 z0pqaV*r+7#XGrC_N`6yv1Z2-y{=%LK)GviLqr;YrDj`aQeI)5+t|XglX&oI8rx0ml zc7a91FD0+`2YqTZjBK#HWr-uYR2*H!pc$H6oAUb0o!$MF@lOA|+RgloQz(P^O?t;y za3{2ZOn3MWvPE2nzDxyPIq^(5eS>v+Tl?Q%V)5xSFQ?5uh+ z&wWHa#jZf^sxMHJl|0ZN{B)?YjFX-KG-ENfiLS)7wDbEMT`xSc=@5AWj71|O56rC` zo;|g++}_YG1%_qs{CAmvPJ7RI|1BU%BAoem)sba-n~S#`sprOfbTklE5dn7nt@p>y z3~h?tMI}UD#HSoxyTc-x2O6A&cC-7(BB08~ z%bI5iNRL6#L3;Y?V%PI<3NJo`o6~W=h)Dz66G7gMs6A;mD_`|eh%M_XL05tNy-kG* zTb71-hC`c}EU8ZBBRCu_FPMujCkXLh7OQ<Outg=c8b)UE% zZBt^4=zvC`IqS$aEe&;3Nr*pU(&nKUU8dB!`@QwFtkg`lMGI8xJ9v(_ASo$NkW#Mf zdca>0Q?{drGn@orP@(k756+44uC6nr2qxYlnBzQ!Jk6 zGvc1(VPZYEux}fDj|cWqnp5Atu5_}G;PY%Ap3shXMDbwQPiG$g1SW$o--q_V)_Rok z0UNfQ42loodbCT+RQkvo{IN>HYSy~%-+TCktJ8Yt*0>x5psNJa1^9U5ND8a$R?NvmEHYkFyAIUD%|6d!dL>Bpq7+Zq0d0t3IVy%AKFarGxTNN8LPpz?c?Y@?w2>+h zQ|yD^ntbeCaCGVz!v@5l(X*JHkopcBh9-jV+e?vvd-D_P9k~9#Wv5$Tg3y3P99&V! z_v_>dlrP3@<+Z&-3I#~@ryNdq4!^TeOFiVXS-O>GewrL_jxvAFC$Y2IHYYzaqWgff zwEV2NOlCCjL(6=|PWj*GZrv}=tM$(l85~8=R?nMR%GtG#W?ob+C?L;Gu|YOkMTfj+ARv+n?X2jz6IScf_+NWe+c|2Pw0` zE~(Fg^bbrV%Bxt)BLHElO*LZC>!h>CnrEqN*4ee7;MEtleBPnN8adw;jSpRvfHJ0} zTp53q)l~IcYr8Q4gs9h?3PwZPXTuK`cFv)k5(`3P*+GRbxl$DI&wU>rF-=(W@rh5k ze^>^H%jXG9#{l`C^nbtu=r1h;b)01znlyFyNtNOvfs#5x+?p${*cGSZ6}S?95eygf z9br0@Sl;qIV9s`%*0KA2@>_v|8_;21<=3Vpmu0mMm6W-nXA0d}9KQDR1ipF{X$#e? zA69A;^%b?v{X3+j_Wlup>hVDC)YC!8hfuT$=b5(SR z|ACam29TydIl0;jx^qpACkObrOS78pi;fQt8`*y6^R*4K-=0x?)VW>fbNxRTAm-Uz znyP%=d}wQr0$Zd`ACoL{m$D)#Xvr9iu4L-NMg^u9KoQMh{pdiDKt;z}^FM$J3hWDo z{{*`iPc+}~HRpI#>o1LAtFJvXpDGS|O9s*wM`dvtV{s7)o~9=nrrN*ZTlS)fh1G?A=ljHuq-EKv0{5 z@N{JOfo>-p?f=FRA10d;U)QUyR(~cBkjCb?%5ZAH`{kRvf9$g2+USqJ}!DaLouq$VZ1*whrdG( z2Ia$XWi|(m-cym7UdrHWzVY|2dVX6$3C5&e4xS%2(2ePQM@oci}nE`O-2 zZoyldH(A2@Y%aG^KJmeBc_0ftwXHW*;tuV_{ti&=X3Hvs_%5Q$<6&DS~{{^ zrjk;5@V310&{E7+H@Vh>$ox;Qs_&E2&)4G80)O7`NIQR~XEaO2M&jf2QN9r5HGF)b z#GDV9&jrEK#Mg;sgVQ$A?{v9!^YX6}#WFKGy7ZL(ey+3Gp|RC>js&patB<;=&$x$- z?tu2#r&9y>$?o}zHeoPJILRSDeu*|wW>)_Bpy!8u&d^nuBi$w@pM<5Ho|~(BT~idc zvq)H&m|Y|FakTm-?Tgl!L_Iw@m!IS~t<^<9Aw(NUVgnd)Z?x?9A~b+{i`q=ZW{60| zu1zvkm|`AK$+&U6Z_}Ds21db%=4*`qmh`q=g<1QgB4hSSX5(JF#VSL? zpvJ=-G&5=UO_6_HdrqyJd)r_D1Z!kr^(969Rp1U_oF)Qak9engcAD@m!yG^y49~uj z@)#JJ{-b|kE0dlYaNkgz&m>>4!0uS#VhYp&K1K`1V6{jYm|9aL@3z*%Nx>zf^0z&? z(+9fU|b+@%j04^oIu%bN))m>DE>dlU;xS z6!0XP8I$5R@|Zfu{6BmQttsjNjk`4AiRKBv4qk5F`J?;Csx~oq2)DE z9=uB0861<~rdjf~dz*5c1Hq6uN2gsB1I zuZ?xflJ>zAhn1cM&yamyUZT2NyQ>z3T*}CPq>y@sc;jnzac3`j{u4-DNz&Idh3nEC zG#~a1Nz1=|J6YIFVmv7;rbObd z|12qC+z@WNzRs(LR-4B>M-UI@Tume;K5gpz?285~tBvThTjQ@lygpXTkf}!9xOd(N z%4;v5jPXJlm1g;ud52n^kb?u1vOl=@V&ZiU)ds%xhiONfIEr*gU7~YZE66i0jD*0p z9?JNZhB+UKh$o;3-R$h|dbFAtqJVoVYJ1>0GQS0O>UAb;AFEWr@<2C8;4gxCcMjlS z4|m@m*Co80+Q`8DWmx#GD%;ACH6&QgmAhEW63$_Gz6X`p5=x$3>=rZZZ7XO%;*b47 z*lGyZ4OEI2UJTWaJ{mB+`*b9+8e$XHYb65;Niwo51rQ-k;kVjHrv>kGk~aDT62Da_ z>iba{?(@R&@gr5$ZyP^Adh%4^$cSS!cF%I=)8W&=+pu=pHv|1H@_#u#bZ!9l_13(KV^iUsdYVe&=I&OQi*>--s=TI2Rj{#?E;|lL3?eRzp(;-+VN(fz;NRoeT0xP;1FMA{R~q}qifpuH>NJhdjG5M9NJded8u zSt^ja`%egP5WcN)*+7XCCP`dJZ;U0@V5_8Dq8WXYX$5jj3izuvTj_WW=PO&IA6>$! zgXEP6V8qBHPN5$AaDyh#o1KfagS@yGn}SjVQo?>e|78?*4bo2B7Z7jv>3k&t;bTb3 zp|1AXd*Cn8H5uI<{2G)GNE=I9K~Pib&f{?>JEK|EqHD;#x#f-fLqhRP$7J_bN!=?2 z+3p!gZ8twJoe~_funy-83yzJ5Ry$Lj`4sY)_Xq3~h`$ZD3ZgT`QN%x zM&8Wy40Zl$L|;$Km&``F2(~d2!SR4=Lj%e7=;{51mZ+Jh!F!i~+xQakQV*5Lcu&~3 zW~vjxh||pfjsz_(6!L}w@!UaL&i(3@m3p`6lB=P?AgD*{HiwnMwIN}tEa(2jor;)S z07|}=^p^#wNdc-PGbt64?adlh;UT#j1Htp;nve1>U9+8E5gkn{-Z0ot5Mdp7a12{;3Marlc6M40CnUWzH> zk3?hBUw&8as|rZEdZ|Xux7O-!Z}UfVGwZXqd#BUx(y&j_k_?o)(c7ySCf-Wu4<>ZX z9(RjXy;}Pt?S}$ifU4C!3FeCG?QL(|$~a%pG;Cm89qGhTmmIRxGp!i zt&%N!RVF?RKe<0e-QO4?V(A|aXXk>za5_~JdtL4HFI| z@#SF)|2%>FLqMcKE?Wu-Wr_A$-30cT{Y6b3qxo)RK)eui1PF)Lnc{jSYnY5JRcx_T zFWve1bB(v@nRDi-MT2mXxHmLl_p&{%ls!Os?$}EH(rdB_`phtN0}odJh?VU;P;I)> zh&K+Jn%Vr44|SoOH_}Th{`kRlNmBKW$B^g~qe+Pgn4`(xUJiEk`ET5?Co7~tSDZoSD&dlAqu7{n zM*BDMaGfU=6bu7~ePf`OANX2`UAnU=3LPG18DRs}=q(>cVSJC&wcBB4DrqlwNKNh_ zs~66%nNq-nSf$10FM-01-hQ`mHNiHKP(j&_nRoRfQ>P?Yz7s4s1t``M|TyNCU_19-3C;ZTwH7kV4=T0 zt)*7E20qGtTY9nGAJkyEeHhrnw=dWPm_QZruvi^-rHP}Ygz(%&OC_G3TjYF`a_ecv zlU#+CFcGE}8_v_eb#&Y@Kw$-@8Ar9h%D`DJiT##K0=5f*2-EZe7`Viw#Gt&E{My$a zc_t|KwyD=)Oo%ZjIwz@~G25#~CMKS-0+rn5C0nkoPtby+NYi`cSX{n?JlKkpL3ML@r(NLCu0r^W{y~TG(9=%ro&UTa`_NrB! zfD6K=Bp$J)GfMv;PW`!puG;IkqRSPAZD&VK1(KuSTp)=q!Q?vOxj~Z~`-1D2VJ9^5 zPWFn1BXL4S3ic4I0BN^Eh>sU&-Up-%i4db}p}|{Q`zR8tR6&PqCR>ZIb(H6V;kPOj zzcqrEo##lTl^Q&e^a)ql^s#AT|JhkrR?7Yl1w6(_ftAajjt78Dj;kR)tob(hirrw< z%%&sw%q0cN0o3pyLV3W4;Yxxzh`N~3Yf;T+415Oc1yHFmAv|Y3@$XHz7B^YgkcvQ# zLfz-8jmNXFI^_ukFHpG|O>sQEoOuiO3XzSfRPrUb0t+4k^|$XvMrK=@{13^A2jZ}U z?4&*oy|^%S2H9x8QWWsSx^RWf6P11lU&l&ejK}pOdF=&oKHWVTCC+vM`L( z?j4lGx$D3*zXqLI40M#{o24#P5x^R5g#H>YIr@@h#HnaPU!Gk0Uf$CAxn&ArFCUaM zVRsdQ(#1LWMw~h)qg9SgrNLjOs5vB5U2uQcho1HW>I>$ic;oF(J)cJEwDUFA)JDTr zieQX4Gu7+4?r{kA&M$U7hkZ(ieq@5d#`|5w4darZ{tQS`>GHAej>oA;bECMDwd2Fq zH$(>%YKDct*T>fkazdqG0VXKUs+?Z4hYtO6!4Novhb_P=0;kCVS#%K--uA4#S_{_dW9VRnGFF zNEWM{k!eBaP&jbmO&hm*9yP>Dv(kvlc*pe;RcK?2iN z&l|xj5y)FAdg^EM@SC%MDI^`fO2n9)+UHjM$AE5u@`n@4S@U7!uX8EhaoIB@1%FR+znw3 ztV~REe?hywIxjgaI1`%q)xXqta$P%tX6UH^2Ps*mx)*JD{LI2I$+C|VKA$vK@%w@~ zL#^9186UZ_0O4~3rMlUqQD0oYF=Z%@4{L-jXBt87Af^0E*Xz*hXHZk92`KGKfUw6n z5s(a2IF(G2K@T06577T4BR998AF%M81BYqMiQDQ!D~Q?n5&0qvpCgn!Vr4549nz>P zCyL0!r*x)x!4!&$Y)gAxDblLIy59EHJ~C$jlYI>VQ@wgvP~Zi)SKFWnr9cb6C|_or z?1Ylk9ZV9c{E{QEeH=ZsxE)vZTScQ@O7^HzKQOU3B1{1uIcXp)l-HpUoJWqmF`RL z#VW%&82%lO&s~Et%77CbJ@pyoUZi9K2$?_7IzDiP@!oAa9^-EOUgARDl6)luUy`FEtV7d3fupd2A42)Hh zn4_Vm%Vx~&1@A;kD_|GKuz^J(?ha37Ma4ZshS~EW77fR|LbP*TP0b&8;-~Mas$%;f z?c%{cfUz%b|H*LENSM9mZUQUP)6~gAsu020!@<1w%{m_yGV+7s%67ES-2rCX?Z^jt zTUP70Zzbx*$zK9b&k1Z^W2zQAK1Hi@Kk(?rB3UbZSQf)P+{s|dR|tj6%$mrhj;Gv? zXVk!ia01l6KdEld%t#C-YYR@OX}7U@t(M%JGDN{i;I#3z_RLD?QJJ7g5L~Nc6>r}W z?Rk8g<62g4+80X-w%hR|N7s7@>lBM<1KIF3l^L%$VCw2x<5B|#F@F1hjd2**oBYUk zewIESBTCnZV1xv~^XorUp3pC3bkT*Pd#y!;(@%LbNFD`M+vTT}=}6V{SP$a8!g)kN zSRb(^Hwq z=s*cms$fl~XYXbb>i`>wF$J7{HVBK=RlOauRjJcHtNxg4S2P~ zZUgjo;u1LczFQo!+un?;!yk!h_|2 zpid(18JEvXPKtw3KXw^H{MOtZTN#!4|gWoG|pmlgxB8xzC$LG`Vj)f(9))Z`V zxjWvp8>wlSZv+-F*{|U6t0(H*RnG;odr}DIob4*g4*saTd?Zg6zWC-+D zF#)fe3Epiyy^#nnOK_i5LKOP;1%QoySV{S_;3sk&_r9)_B;S3iV+ROE++WNpn11jh3(#Nf2m0usK5W?HOm z-=M-qc7%k1OgK4r1hitbz7ixaqXWOt0ajAe-iDOn4e;(BBaGZc*8$>Jf1 zodjixdKu|6jg=bM9d81d5U5rxV8Q*79YHa4K^<~m1~s2d@FpHMilPVA-TLMY5h9`L z0vl2@<0^iUVagSI;N1rq_B;rH*w^tjkvCyqJ!L#g^U>BzQu4`{K7FEvy}ttJHdJm& z>k>K%DG;o}lp~>pS`ZO?P>rZsmI6b(U<*3_1p;AY*MeV)z+`vt_`VJso9J%*C6SzDbXr)@Z5`Ebq(w_-rTLKo#Pj4Xg@u#EID5zw;N}fqy`Ut#btlmnaOj z3OtD`(C=-2s2dJJH%JOhz-|6nQ1qh#dN!;GEp&(bFrjko24WJN{o<+qA0=b z85K@EU9vW>M7`lhkV1GS$tQ@%Q+nb*(@L~b1`AXxA8WI62$)v!BZL(|Te&A8tN3G4 z=P*RZe^~DXdA(abT);mh(hs9}4;2{ePwsS+wfhS^}2)QLJ+G&jAe$PBAD9B0Xbh zch^q>>KESl+{T;Y@Gswp#W}7kT9DedeK^H~4TGR|;dXrN_6<%I)$X*(Uc|~MDQQe} z9Q`4LG9#1!J4U>V2qo{>s?2}hk|bt?Kc@Z4(jVc^LR~I)5c6u9{FC)1d|G{N!G9>+ zd)Yg0-yx4g`b)vWQp-EBw}Z^CfOm@19)8avD!YN5VwWXXB+5<4ucX| zf@WYtYt|~oP25x(#JSgEZmVt~kV317J)4gQm+JeXw9CvKldT`XOJaz)JL8S8VECBc zb|%!Dfnf?xKXrVvN&0;F8sDSVNWK&p%n0mw!6zG9)2tQ>GS9A36Jo-6Cs9UVy%)I;Me?CMDw*? z`?Hwnt|}`JsEuWy$i`xH7bbfRcvlYlD?E8iqw%_Ew|~CJ{h2Hew*90zSLwjWFBsCj z3Cs=*8odVr?=M~IvT6<{{EY#0k+vxr=bUU)b-d=RVXE!*u-=t~U_~8zTT$f~1hD7e z9I@x-Z%kdMWX*yI>$oXN+#g#l=5hed_y5yN+4&%h)K2=Dam)y#`O3<9yZJgP@5viI zFs5+#o8*TOe?IcW3@16Mf=Q@{sErQ29O62s6daQP`ATEQGKT^RU=jizT>3Vqeu~Q> zsI~6z=AZ%|!rb4+nxO_uhnE-ux-Ym(!9jfh0ORpbnt+dX^`^FB+4>9k&eDa`iae?M z_lFO~yZC_KshGu~7boMjbr*bL_Q%#0@C68Bqqy><>D$tueGxh*KHww%L=e8=$3YY#N@xL}vXNUf0q~&9@-s>_k-SePI>ZNin zX;yw-d;aqQZTZk+xEGdSodAlhT1lj?op9{ST?tgVPE8ZFf8JNdqK=Wq)0?;S&= zy8=D<>;#8Q_ZcPMPR4*rBop4(dmK{B0iFWA=I(l>pc-) zzh=}X%EMFc%|}MYch^a5#5}NJw&A;(Swft4iiMD&`;{;6HoD+>XYx8FTl0SN?>2tm zNSv-&sVSQSxpuEVF@ln}Gh_D}0QvD;L%H_k)APFKge=`V>8Wn_O9#z7S2V4re_%d- zr(>It=+9i25|ILo&Q;e&0+JCtz)X(b?(m=nzXfTqq1^=e97?vap(kx(A_zTaNeAJX zekU`l)bC48$cd%gyd@b`y8}9y>?GvkjR6s4;P#5FH_#2$-@l7Ek-#v%52daC2Hw!U zU9%bN0u{-;{(cTg3(fmblJR;#0r%bf0D^2n+yZ1E_!d3bYB?-R;9J@NbSK{e=6VmK0Nfq6J{mm_ZGU}3=uMJcJjM3sqF z7xMw#T`X4V`np3;;12-eq6Mc2#zF~ouHYxC+ers0B*X+}AzBv6iKRjWr}j}XL95DR6PcBm~gDUm^2Q^zo{rf~NU z5Nf0_j|I_za{##X?cLbk|CyR&Lo7$-+WeGJQeI$_I)IzD4|zA&h7WTryX$*#aZEP% zfOm(qm@nhF%_y!gHV`=fo8H3~QGseU?@$Qdx)FGCaE&iXC zrjBFvC+l7>9y62Qk#>NtXS=S=Kh^wgYz|FXwj2koJB!}Og@QbQ*Ez(S+^6K)K1lmi z%-zyT`!Nsom9oaYXM*RSf=-GU@0Y$g<>!w=OsT23zUqUM^U=_ zj~KuVHvnb2AcRef{usjx1{!MPgu38+>i}L=BQsSs^ylxZQ1k$bf47n0&G;`r>7po2 z#51?(QTf~ei;6@~XK-{JvD@B|H&$AHOmRgPUPyhI9cT7+*IUxx|MK(BA9(# z;sbx;xx+6P_5iAC#DBXCY>8522=le)w)OOK){sr`qPyf04dVD-b+E3`m1OCT}2M?9?YJdraI+bb&Ajkb?}UcL&3Kn9g7wH@Z->L}rvV?N_aATdJA2U_XY-o{e; zXWIDsA+lZ5(lnCdtI|OY*qoIoXBm(R5zMe!$Y&ZGJ*NFmrW!1c6s%(p=v~HH%N96& zv0ff~j?_$ZZ*>EiXX?GK&&H$UH*h3d&s(;*LRb1E*`_w0yEl~e2=ntl;BqL{NCafeSHg(9sVTX0ozEboG_y@*;w;hf zYjJVDQ-ozmbjR$%qSB>QfszD=v$%9#Z}C!Qg)hu!A>iBl?FtM z>r({WvI`0&tg|y)s=o5xA!)%Ad!$J7OQ9<~AF7LiL0sf*4+GmKk~c-cDBNGj5pwAC zLq1i@GXT^isjl3RZ*Pytjzz#`JMD#MOm(ylU%6*4al+pG+U_mlgPauR=JhwT(K7?L z+s0b~=`a6T{5J-4+Iy=XKduC&psY`SRxa&D?|Kj!EAsDLuCucB=~5dB?*dO2A(ot= zc0*>$ZH#BRM`H3rc`nZ09VPfIV1`p?ltpXWV`K?r#R-~R^U%p$0}Md=hTX9zp- z11W-kYt;EqC;tR#o$}H4NZ^Wdi2H3x-8arVV3Qr6jW4wEl#8PPM9`q958RNwqM2NH zNYTw0h{fxE7CO1UltP{w^-hgDzGQIzuxpQzHx14~&)zyi#bW5mz>-(#JWaL6a!x9JtBEacqih z5$w4x4}t#Sgu&^N|LbT#)>8j6kBi?^0!uP zkyPOzDss@E!F#d>;$a7Dv;l-1kAJ@&YwqjWUXK$BRz+7oC%9`DnqB~I9qJo5`e=WA z62743O(B~3PZe7Alw)-`FWQ=V1BI!a0A3;k!s3*8OnHdF%ZS= zw<6Sr#Hk?(Rffa-gpn^#04+pPY3yb<0A;MS3Nv2KZEwU^&A2w2NNe5jg&22W$rf04 zM~}YTp4`65_Z?s2@nci3glPOf2Xe({nfAz6w3T#{w~&c2iEfCEv1tvpq30ZRV#k7V z_%Z}jQ%w&pX)($`Fo(OO%K`(p8e3v7ZuPH(LT{k_(Q4+SH(A~DPbULlng+g@^_L*2 znFp@~(dg4ZS!0@43qrEtd44i8F;wGfUjx*dvQAc;=H#n*3+?}XZ2PK85OR0xi3wb- zdr}4Q@x-tGmm)rQ-V6TfkcVxp2nzh7E=$dT z?lQb>SIkt#G7lrF5M20Pv>Z)~w{7>YW3T%{7d`NE*Ttbm8su`YUrQ@YpXK+Lch<$x z(RlXDUtav4yTe0Ro(6Ptr)X{b$rJIu{lr31T#B#)MAa_mZyz|Ampe*YPqrg_ z_kQ3yfrxaRhIr!8ly4R1l;CZMO-u2x9CB84;N>z)VVkx#P+|-M?^|_IUOR}&ySYy1 zPW0rOxEU_%y~n4Gee-EQ#@XxwVp+rgKK60U<}66(y#Y{FG{{;rH5^L$w%VsrK+ z{E92b^CU4pgzxi$X&FNRZ!FOO=d@cM<*L)rd&nEh55ht_HkVwZ%_`q zIRr(2q!pQMuHgo<@swgLF z8_%Rrm;JmT@e;lck~)%`tRPmZ#d3a5=8)P5 z(!M0SdC}Wqp9Hi-BJaOE@NbQB?#*@&q%Y=eOEw#IbGTvf&~8*4ts@2`(yC|EN&!^F z4`&3=G4ugp1Q=irbxr^O;gx#+*rI5$TSwfP4!ScDk;LYJPp4mi&nWcY-xMF)pNnxm z=C*eG`+627gKL)5%b;TWtoGbewW`xv42|SN+jfcsE=vS)wd;H+Rrw}`Eykz)W^M-b~1xH~?I7#w}i*y!{ z7K!P{{_I@d^8VWT3d-_mqZ?6|&q@NH>w?}ObO)a7L2o~wua<9RvWmcPf13HW8z+r7 zX{P#le-vq&Uqjrer1-sEK^^c&>&1>v-vw8)L?U}qPR@@X&R?^3bP0=j+Fs`-{&W}K z0vX3wUfO0!c=7P?Ntof`pkS)&-~0|d82rK`5I9@IH9zipgvD@PHe>EHN>TV9n!dsz z>gW0U5CKt26zOgdknWH^q`Q$0X^xasLMiEPjxGsBkdQ{YJES@CLkkkWJ-*NL2i(rR zcV}lOUh|rFk6ME~&CKQ)q2hQx_v;$~C$CwaH@xHUBCKnw3EBJob?!Lgv&tQrk&^H1 zrOa@g_C2!balN7zz$sK8=YB)x9~L2y>6`szKnIQ3u4=_#G_^Hj2g(9;1_;7f3*%e3`3=u@lt-7cZ}$cUB^9 zMZQvn42&Q0Yf#=K5Emy3%WWfgJ3|>P?#~ugOWmOikb2YdVpKRt7-CR`*GfpQXZ1#! zZeQ7s*|)5pNWu|TwyH!xw@0od3V?i+C0fyKF&E#R`<_i7jc^;-Q^IReAbf8?91N;< zM|-COFF7h->n1hjSr=;uHy?dw{@#m43$@iIp`;@EpA5ib=%E(7N<^HVGWHiW%c#8O zTG<0eUX)%UcQNZfbf&F}Oigyszd;se%)6vm$vi=8Nw1ubo{CVZ#p23;u391TfQyb? zlc{|!3-vSZ_~UlD!n3yzOE5a`yHCDqg_V(pm&m&SB!^P=ZYGk`qwJ-4E&XA@$lydr zn!)qec8TMY8i{_$bg(Ar{F<=I`&~a>dxjB&m5MPm|zoOg1PhrWP4Y@vV71e)x49fRtICOj0{06Be4D{5r?hfaOeT#k!Y>p zMH}+eK`ZKV^rO$H=qLY5q=QXP25Us+F5hL3BOZh6x+J%X;_^S!(X%oaDqE^fwid6E z{4I_5`%XM4HzBkeQ?3+|SWx2)WaN{3hIJ2ePsFJRI{8S5umUBS*p}N(db5WH8vVat zl;WCh9WPu9ZB+TazaXKY-4C3(HyPih2#GJW!0P%pt}l@#!!p)ZbK5`a1h9=uJQ#VgrXQ{=h)5C{q!_jwtiAKp7N`qXU@^&wK!F7Rtg6?i zL;%$2a3aaEc#q;O9s&B`Jf)Mx8@{O8b@KH{2?-hC?2{L`Ap;<(IhxeI=RMusp@l8# zJn471?>#9fdbGCwW%p3i1uw*45_1uIa0OcuF<^;@VxeO78zzyaP-3OT1PKp(r9;I+ zT}PLHkQ-wDriR|VpY0o5yMDrst-@%^3YtW3kYxWm$zHGK1xMV=H&bT6=jxX>Om>d@ z@g(j0UA1&3OD=Z3um8iK`zyHh?{W$uq~-2fVweWx zfU?%jz*iqD>n*_tIFOttM;`y0EA}%n8hqBQpmN-?Oplx#21#iSR%?V@mlYFHuhfm^ zor4d$3i-e4X}M!Nj+KzRV`CWQO=#bxws8*>H^G<9U~D(}af#1x!a|xjtyx%nuxraI z3H{w>w*fJ^X!WeUCk0>@k8fc@x7W@PJlln1wujGE|GVilGz7Ei*fa%m#NGelk{5hL zeu=iC;?6v@$U_m#|M{$L;NL1f5ZMPJiI-d6Pu}{Qnnu}aM=xfb1={e&uQA_HaF=-) zZTy!A@ILIRiiJ9d;v=gocF}{|;-UhI;Z!emjG-u;gyTCq`Z13&PHh9sxwp=~BCr<{ zz-(wL%t>^$p|hkRQA@rJz<2*bu4k+@^kW!niPc7e)>K!xHh1QtC}WD=S$TOS`ZnOk zY<{CO=x=WA>4c%BE)+rAPX6yC^M@TY%@~!aNfoP6`{>gne!JmNA3| z!IKH^I0*uTe8iRi%`g=SA2QNmw1eR+M~2SGWiTRv~LT)4`16x^*^vypu@_P=pVqe%8`JK>>SKNW zxMIAZ)9jnRQ+`b%?P57WuJY>s`TJC*Gx=QB-fosvUL;}|UB3Kp^|CxdzmZEak^$!iYi{#OR@scQM{ywx$FgvF)aeQuSH0OdOHk$7(!zAtE zb`kjV|CQ8lto=^Cmro+zh_R63VHknkmr#E4B*K5J6nkuT z#-}WM?&>3sm9oDC80bQ0!cXvxxdRSkoiSEdmQiFx{(tL`{S)`I-qhj&{$e#=Q z)JrElJw5EN3a{7^^%1l7{%p2^mF^xFSoqe}KSV7#HTkH}@(V;YMUSPCK>mi3@c&g3@5@ju?{&j350jH3WwP@=7sm?BJNvwhd2arB%S%J~6 z7zo8xJMks&a26e9pTaH5Q+-l!v*Ljed%pQh7!#l$)YCFDXDLH7-$97_g+G+2S7bO5 z?bLm#^?vsYkRV_`w8t?z3oiEh=Gm3kwi<1Q-esd;zu@G)|1)leRtRvSeepA54iF|oy;_i$sujbO3?euMHC z_t>P=e_~cDqTkLi$YG2SNF@g?<6X9{AkmlK7R?bmVeI7gjt(^KlAOR#odkMq5e1^3 z9>xHH@G;Pq{i!Xdi0q2nyI$55gV}<|kE(rj#$Z}kMGMueq(WR*+7npwm~>b)&*w>; z=8WC_3yi-nTL$#?zmONuem)#XZF^d3B#3al_~=vi8ELewl*!*2JH=Fjwy`MFwRzpX zi-TpU$&cxoszw>~XYoLNz!1bt2N*xt8hYmrBVn!u8Iw_;<{A6%!l}%c1wwAO@s4yY zn$`y%U}2={_>^HHY*35yFXasgi~tgvbZg+qH#ISs6YGm%M!{;X@MzLRD`U&5?li)B z5n?$1YveyB@@Q}oFtg&0m*eyuY#hW#i!Xhc+3%>i>07tA*ZD`HIxixbS6%}NQd=C6 z+a(lal?!31yl3#AhPb1EkZLAlRrGznuF@wCBCJY{{Sk6GtJfk&1UJGSXQ zkp0fqi_=lLOLc=$uL<~h{GrjR%JBMmW86H^j%2>(E{q;JSi)(13W4xDAx#qNlj_;M zgQ61HcHeb--k0t0HJ6_^+Tf4lE+Q=iG*RnpmQIJXMuh&0?KfpbhVd6x^8U;?7qwvh z-a!tP!kt77UH!8sQx`udthH}xVYCp)`eoFQuRjK+nbD@Emb@bs!Ycn0eB+{MoMxPt z2i%Mpm;mxb=?g8I(%0=es@IGL^(&rPM{o5H#5BQ8%osFQ4G@yuPYIK+pR$+;iZ&Oi zAaZfI7SK%IexG=1Y|<*p2pWXNaKg64&Qm&h#aqA1CQ6BuGIJ)?KQnOID=Gb*54NZ? zMPmsX22@g2p9*hXrxd-syd1qwpEgW?{#^>SH>j(>TI}&E_TBJmZpopr%ei!Z&sJLy z?S{G)wk-)l%zhA)@oE!)5PL3#jGAaLu%P)qTV1_4G5HfkF1 z0(?#kP07p4JIHCzeFFFb=%uyEG*OsP2zZ{X}JaIOpf{9NPefhbFhE=#C6idwFLrZF2}-Q6l~eRhP@aWXql>KW^z1JIotX zmU*nG1AGOTZp_R5W(PDa%*tYblh(^zY$h)k>QpzHo{_MWBK%Y)V3?JctpS#2kBnp+ zxnG`oasQGNa|-?EVr2<;ZFl#jWWoYq!LULIb-TOxy2gSYv3|GKnnsehp%bRxHkV{B zP{7LU$-C#y0t5X?4-jIL{0f#*C#w}x7f*G9_;k&lEh_-aw(8aa&L9@)iqN*r{b6Pb zkbLv4P3g&{p|weGeL`RFB41IEkPNs%fJBJ z-(owPEWz1JhgBAI#JCqYU{$c@GbA{1dCq$3djv2;o8?v1?~OAIl{=smS9MWu#8_QX7On zmr<$A4GbN1a#1m9z(hbW8OuL&@deep%HnmV~4U@H_i|nvI#>p85M=5q+$K4gR`> z)NMEInj~#_>j|fDw|@+n?nJAnYj|FR|5WOfeYdB?#zud9Wy&~@B^0nZK4&4p)6jDF zdujyCG}Rb@v-#5L`DK0RqkNZ3aUCR)0v6BeYg8A)Rz5rRj7Q&qTW+?fyg6YL?d>cF z4*|H;F3FPf-CE91Rjx03XC`Ki$=S@c@l@%I<`kFKS5=ZvI1d6il&qM4Vo0{)wR+F{H1mNGYMEaBsjDFh!Fq*YX2<0#CEeuz2Soy7fMcokFd5JV5Pf|<`a3Us{Koi-Bx4e zVhFb%c2jMAJ9dG3F*-V)cTgcLW7uBjZ+7)uvak-f>=&DQSMOhu?l^CHwI~*W+hxSq zs7!9DmFEPU?l+oTJgj_RjZRIhTL~&@8B{X`#lgQ~$YYgY8zqJ9u47hCR5Rn&v`@dlW*9K1ZRl?Sy?y~loxTLPL*bldTS$Be$3H+`u$XMP;N z=?jn!1KUCh`WC}=Gq(v%MuG~-?QGvs6`B=0iD)W-zx^2f;{q9S)3to8ZmXbmSK)o7 z0R`RH!@!q(b#*K>I_VZZ^db4@D_55fFs7aj*Tu@sYX-rZ<+hi_9Tr^8X*fU)We+%h zEaKJ(jq;ZgrO`K&D@u2%YU}+>2U>UnQyj=1Swa4Bs~X({hS42iKM!Y#s7vehjjbV8 zza+3YD|;DVJkG}YX0o5$;AO>}L2J6+r+bW0BN!+#hyUndd$~GT!Ga%|UilQ>reS!5 zMS%UO=iuD;%e|+A*5A+SuU^59=%BPrF7D|eoGow3o|j-z{zLlKq#6BJ+ACN#C0x@k^~g?es)6+ z0s|AJ$1$;8?);g+y>j@CG^0R_YlFg)6oFK{uUNn*AZ2jlG8>rYtbXp=H!uP6WsBMZ zacKgn=cAa2jGqN41q8hFG=hib&yv}>caD*->1(;R$qZ3`9$AG1bFS3y#hg{lIKvo3 zH@zT3cs`~DvMWE>S| z?~aXwjeGL`^)lQo9l`J;ZMCMk1THN|eDHw-tc)})#5cY3)6PuEl@B0+eBg>Nn2eNw zag%bzZ@;EK2;tYZ_XNgF*Q-oDkdgAqIh{!T;6TF?o~&E{=!>|DN_l^hdB@>ZUsE*s zY0pN?N~6gB;77%Rj4Tb>F4?3jS@b)%!7a#su@!0d?p2Uhh&88q@ znB5^Ep&*XxG{kuDx>AaZmAT^kxQsK1u9Rdzj~Ie|S}HbUxKPTWAkt@jc7K*KHyr}W zF=B|feZu;}kA(Hh(Ol;o_@s79V})gY?zFEkvN6&!l=jAK zjs?P(N1;Ou(Un=Z6f7ip%uFQ;G>bdxS4v%z-*~frB{6=$bAl4JXg2OU zw%C*&S_ks8NDqr6dJzcZbWM7?B){DFwCF2*r(ctUhq3DGm0PDq3ghIZ8pb0F&zci% z7@x~&me~8G(oh=@2Fq(fgm!Y=mQOlJf^xSX_d65%g&YJ$-8)&leasaz@4`Dp*xA{< ziT8VvDpBwe90cy$A`7!s?%ZyLekFNpze z8l?zYqPW#ro_Iq@L4eAcq+57ISqoI83lAp@sMEumPT4qBq=%wDiKq73R7MO_C;3#f z3E!=M%WDJh!L`ax|B6~oLD~3wa~m^ulDxs}9T}^=f|3vNS|g&s2w~J0ts8)C+6wXh z2LY$RTvF_v;T0alT?TR4tJ7V2qXVWqo(?=n#C|IJv*Q>KQ)jvhGz-#idI0kqHJUgb zv^jMH!(J%Pms6>Wqu4-3;E5Tn(L+} z-Nos%9*7Rwb2;ReqTH0tdVYM%sMIpr02!i1etq0Lg#i3nD3Cz^nSDLnuOCLUL2zbJY;2>fcezCQRK?}` z>e2{TbuzG}i(XI+%KuE|6_I{XBXud9hkwhdr2PABj?|FgVn7c47qyKQMw_11F)pVk ztQOwhT~!lJ-e81B?<2XXCwfPtfVpgh5b0lPb6!bpNX9?zE4|J13O9fMVLxA!H^(VV ze=d4#uoKh^^spp#@6&P#W$(;f?PP}p6L0+@OPjzWnw4Ylwl=!Xy)K?+gUMY{S7#W( zF3VqYPHA&Af)qfh%?ZqE4HHw@E&9=OIq=(Qut}}u+PeYJ%gV-fXaoa3`)QaK)`cL7-t#0) zztm6Rw8E`>t;JyBICbu<{P?4XbUFRJmbM!>>Xqzaw1-lz0|j-azij#fq<&d&xplwf zV-uRYDx!l54$94yu4i#afR~w;R1ZvRFb9@tg!<>AKL#tYALhdkrYwYM2|Btrf;24A zamQ%_r6ePuw$?LG1wO0s6zR|W=lHepoR_RG(VU&Nba#zd$s3UUq9gEs=;f+@;wy^* z-4vD$TV-GCb_gTwEdZ^dO&*vDmLrZ#AZT-4)igD&7P;m^1-rT^8S{`?bVFq=)T@NF ztP`!qlo|N&v<3oicH(q^1*!vvlz9toy4Y;DqseL*llT05zm4}p&+o<>0~*hj@K?nA zE;Yyv2q_Re5qn((u0+7t;sJ)Z)57AmPuKuckhHAI%=2F{?ma&1zpLX9_2{{8k0a*oV_yH zfs%?rcVB69U%5K|xyA#__Z=r((?2EX>7ALO2g_$~dG2psYtq{L^w9go*@gA4R-_)% zB6e!PdwFWLIkE>^>R{^Q;Nv^0fIV7x8P9xFv6shEgjC_mhMIY|18Zqo&}(haVFXy> z{Q8i_ax$`|j`C1Q5$J1%cYzaa-m0#?{*l^b;4RGK>~yrP)4JNyH{LF6+v|<45oj!s z;pYy>iVJ5XmhnD1r(Rz_x$J-|5a*k()rd+M>uZq?ev;KrDq80h0&c;TCIE8slo9*Q zB5zM$2p_3}+UUE_#RA|(B znlCkZaya%gi@f^hsmSywo)F-U?sFCSW!3F^vTcI^J2Izf=bW-Phg*Vu7OmigdI6b% z)vdvL3ZpG*=4fOFGG2pWfGbhw)%!U@yQ@fo*8E7!Zd8q1V_@ixZuh&*4+O|;NY+kGH*he=fl;$6z$%G>PS)CD?wFmq zP+CpV$eg0XJ-p94!)=>W$Abd~+Qvux#G>9Vr+9yFDmkn%LeaqxRAe;E85axiW{yRG z=rYFynWHbaIhDE+t#RL-GAK5*d6B(@-+z!0NvSazcs^@SOqp*^{Kj(_!O21?8?(ah z71vp2?cw2X$$c_4=bsll8b5ux5}^Tm*y{kZH%o#sgC4SAAc-AxB>_p?e%@BGmEb5^ zptw(JOGj}5tz@BHuB}+MxU?pkPoH2>CsYe{&ePV;CpFpd*_e0~+_A!{DIRGCtZM8;86&swq1%Fus)@SYW)YZ9W-xIc z`~~#&cmb>ZW3~b6*+60Tkd~E~_g@qYgb}B#T`QLmR+7wpadN>aV8X|dysMu}1-#<% zM)=AmeGERC(_=+E{KZ7(ILwY;l_gcN&&$tcf=JB@cssFf4I+jS?3`d#CdFUR$7UDj zt7pAur)Ls69?1?JA3wej1Bcykz1ml#JGuSlHDc)ju!K_q9&ZDS!_EEtGL;AbOY;LuwJh}0=Sy|zXmSG9#c+wCjsARfJe#!E%T|B?X;e+V9MRFy zqr+S&;`GJT6U#VAK42+7jrTcQ=r!oR4;)gO0A~;G7+OvOXsj|*FSNPyJ+s;j32UZd zUEKGN0b_FlTi9N*d+ULZ$>?h1G#>dL-h8H<$C4Cm(SuuTFY$f|_e)L5TW1-|$yR#I zSK(2+(LRseUC6dfY62M6|f(yTu_BkhFw?Ag!PX zDj^bgf0;{rFr*zk)f+~5R9?>xe=gNcOZ!3rDs~RP2iPMEg>y?995`$P)jApA0SOaj z$nox`v?p}U%sn>0-}ua*AT!{Nkc4~Xmrrv|!>ylQ+Rh*Y#d-5}nys0mN-H5i$$gcC ztifpWBH!*4`}6W)e68y83UB0Ikq`IKH-8*@`1`-!?T4QOV*&OkYhL^J>eyK5P(o#C ziHb$tIxjbOz3f$P-Q?sqh^I93h?j+XpQ(_z>&B#&09K92*Qo`J+ogooXcH_Rg+aP9%PdNj5?>?Ofu=)=R*eb}4xmLb7@RA)g*#4aC1Z)YgN%;`hdG?5 zXl~^d4aXRvk0RFx8rodqs-i(r|L)sn;k|PZ*M!U{PSAd6T?70P#K<_`2}S|1mOrxb zM=>H4!FB>!-D;v&wJk0FGCtKoJ0a|_3*a|>U*)A{AyrlB2uh-b(KO+|Q|KNBLONH5 zzR+B8Qe9O6vQ9)Lywpk*g;i{AJ6;exZ&MvjP}U{%?Zs|d?F|ec1$YY z;!}A>tP3ouMeurJyvfze5;?fQqPIA;dmq%*qIJ#3jp|HSmc=#vO<5N8B`}Q!pqG^p z+(s2^okPJ=!mG>b45JuH`z{T=d0ho})Y$tROCxTjrPt}|OK8w2KzFzMUGd!q+pT<*!P7lDN{7Kvl zu79>s|9#VPKkCyH^pEAD1W0e^ayRO3XO6^V;8P4T6MzpkZRs#G?Yn$Wjby+80GSkh z$R!;;I={d(;M99r;#AZg)JsG{(I7qDCMzw|wfx5HEuAo1(nXx_*$>0Yc@r^4hkeF0 zB4Y2%9RwxS{-?iJC)XiQ$BH5)sPI~*X5KU>s)c8irrkj4D1a-(x>U;_t`#MwS1~nT z{C4|sHGzh|iww&oHj~rv(v`Xp4j;=@#x1rwYQCP4(UVwz_jNCY){EmyU62;y;yUg- zPw0w)N$Z;e2YIZB3^>0Rligyi@N2n9)%BTu!Hal6R0j(%3Ctgc^&YmKcjN>z9O+?l z8UauV00vm@FJvAc!blfBh41)X(qYJgz7v<=)3W^9pY>}SCvC;O975EWuj8WSBchai zSrHn_07tA+$#;${rEyBeR)aDK)jm*xblTeOabR6akUky()?#Y5i7tJM*_>(hi8N16 z%yM^H>vNow5j@9%&h?3xh@errqMxmjSCcEiDdNbCfO)QnbFm!9QBW~#s78QRh(PKQr={X zTEl15)$&9rAJfqG%fjy zx0>Er6;W#Me;5K%AphJ<3bF&1TKOuqwNH#$h#H^2`|kJoQAEGp@YPE#oZhvDlwjPN zm8kSYqzgaxFu%I6@h%=5QP~!3I^yIP=>5d?umNYRtfXL{N(;-#XQ$-H^i$KI0456YS*b)+{=>`6q>HN?6pts) z<8#sO9A4FEVAKsQ37Q<{`^Yh;w4DB{ED z^91dJ7;t|GwQu*p2*ilU;HJ`dq~Y>>6WV(7F;XOnCu7y@!0cE`)2t!E3}Eyf(!(b+ zm&rE)V~XBsa>Cf^b0%aG(EJsA{BHWDDh!-*$AU;tcDFo5K_PSl+o^XbQRDAR%#Wj; zJ&dhU;Ecd+s5)hKl$A8LNnC=dEs8ONkrr)Ad7U zzyR(x?PJ@2Wpw;BJR>RT zf?bxDOSY$*Bi0Ta0%B~!a;iWGw8N9Y6+r=$^p{k5U}9ICxnVar6F*cam%FK=$BHJ#FDBQ1-(8pz?0R~p96 z9MOr9x094MjyY-6!5uw9=%4Gh#b-LepEm4>o`E}6RGnPo(&X3GIO3Lke0q89Pr`P3 z_a_dCcO=#~{Vvoh&5}slydlcxg5aWkO3atOuZ*NAYk~g+HI4A6Qtgiaii&L>wWYcpYl>}2VN0JHsNgeJnOmU;)t>RymWu%DIhSSC0lt;P5vm;fXh2pQMTlk50 zBkBZ|-%jeob{qSW$^hD%k+Z^q>knV(q~84)E#8xTnU6<2>5ef5<^B(Y6k0XpOz4|i zUc>$!08zBSgzb-~*~m~BJmcT5kxl+0v{6%f4`|EWQSKnsReTu_&n#BFLSaGyo=-=58-m7AC6sw=#7{`Yzev$+<; z>WqVb#6oP}9D&jH$N-K%E?bqU&fmq}taL@fEvWA4ko<#B!8LtzMB1-bUv;I3t7u6v zNp;Y=NzW7I4Kh;}t(xvp#(fu-lkK+JMpunL{hE3@Li{;+R8eX8pbpf)Q@v&O}>B+tb#E0LuKb9p6f@JfB z1-c&hi*(Kt0gjpnzPFEL&#u{bQH?>k#~AoRphn~_Otakvq`y33{kJE_IXMF)!*hAZ z1W$Y$uzj?bXVewqOf8Tg0ELZy;4>8P|61Gkh!%cG6#*iGi|X^|Z~h$(X=w5VKdTqs zzoTF3HXR;N%HJ{N`3xPZc-faj58!@V@(hs-LPD3=a7rIgi}k)DPovM|S5e5-5oY^- z5obm;*${NHMVt5yAd^xTu4@jtcOZQIEB`GpPU|q|kl({r8>z_<&&oRI1>jMw4)d$x z(i!$M zs0C=YxDx;x*#PMBlUm5z{5{bBZCu6QyCd_GwTz4#HE6UhQpSfg@Wg^z2;ugnq9^(y z&dWv%Sq6uOj807Oy#OMj1`qtxP9@9WC!0{_(_+Mbqf&H4vI!s<3Vy*Q03OV(^90`r zViadKB*-Bogr35fFov~$L?J{<*ByKCTj#>tbhdvaBqhF|?0PEKTfI$Rzo0^l)Hn%h0X!4GGELu}&aZQUE`qb9pL|&*{M(E$Xnakqf z9>j||eb8eIBs=90k1mBhZ^D0Dw1lyQeKi|6AI5iIgL+up5l-TcT5PoNvGFf$ri{$ZF)15!S<@Kak` z+dEfY)p`ggT73gA>$ICV(pt`N=U<8cr(YH|i{3Rwhh!z8S#_RSJG9NO((?Bizr_1* zca}jq-2|oO}>K5I)$vC>Y+yVfJ3kEcKIRs z#%*0hwm{0uNYqcNbI}W4{{XJC8VlLh^Hskh^m4=Vq4QJTE-6|ymJ2tfbJ?up0H-3O z?dT#>5;8?EY$(oHF%lo#Stkc&kCdI0m|8oWL?+Ck(R-e+J_d3k@nbGuwCs_YJcTgo z8E)4Ah4m=go#TP~H;Ni}lqVepmy;ieqVDa};IsSf;w{>2_n z|IIE;Ydg3O{m(6GWUpEO-@>d~VNOBbwIQ}E5^l^-tQ|(D1llaC?*zQy;dWuvon2kc z(Y>TPS`HnY>JZV{?`*eH$<~`qa6+H0lS?T&64`OjtA$sHu&D~S&6hBX!QHhcuI&fb z^6kY6{qOpvd%rFp;_6KE%^+2FfQ2gh9{W~6w8md)TXZ(4DS~Bwbv*ERl)sWk$C#Zt za0=>#CQy59wA(cFAP8Q#<(mlWkOx%)-*Cb-epeUY&^k#DqKxtDb(76z&B|Y?evY1Pj1nnA};H5bAicuarwy()ji^dBkAQC`|~}lI7me} zKuCe9#7|;1KW(0-21U@3$+i=Q=3wXv(lf&ed}0#~h?MMdF_5t&{u5e2jfxqb_71Us z*ckee9hrIN#@?1gR?eoHmZ-{}t;s76T|Y|1mE!EuT~a=cP1yV%i*8fOpE_`npmiWD zEks?jzd6Al>p}E;ePRQ|Yitp7S^ufUJ#PLKUEdluA-T)IuEZ9nO%!|DC6w=5anQa! z6U^OnVrfM_!l&YLiK~}N)DPnQ$3TR>p56w6!Vs$90*0yAQ8Bi{NVB=Zo=)ru>q1ve z>6ATR)BFz84v{n+Ite}aY85&q$mMD-&l0&!tkM2aw*UPrB17@9DYfha4{>=k$ed~I z?12cs^Q}l3{+bJ*FH?B%Rz8GYi?|LVZ;v?O!AJSFCog|HusT-rg|1y5iRK%_&3~1O zzubq8U1ztx`d5TGWC_dUhk%SvuGSdu9WtL3t4XA0-vq$qLw5jP*xLBL%?gR1;)U!W z(Lp`}WSeq7P%6qR(c~dm??CN>tq$e-qPw2EUxoz_iuoIXdw!nXEOGT#+Ll;QWen{t z9iW;<0h>0bp{FA$naiI#+w~L5QD^7j(e_5cR1;CzFnKI0aV^4h&R|J^n9mAupUo9i>2&{MiX3HU=&woy)5lL_c>K43!A# zC*?-|JM2Z5!Cr<8=Hk7s1Cy*}G_NWR=xJoM7LxxdKp!?q;YuH@q9>0rFf?4)WhuQNsD_~WZ#B#Ww-$2$V#4>B z2Qy`JW$qtn)onGV=VofyO5tx5FCmyAYKdA?-6Lp~%_#m?dw(EXgAV{v*s)k0Ao7`!+=mo$G+ z=hjJBz2l-xv!7?k{AKG4Jb+V7SCb(V~2b$;Sc#~kR=DDK{?!5ia%Fy45@9BSK*O+ z?RQjXBlsl@PzKn~O=ZO!GUm{!Yb&|-B6*}NCvRl0OQOzU1UEoBscQW?oY_AY24ETi zKKuX+OG{n}$-v~8tekw_Kl)(eS!jSA*P@cXGaD3fz;T*MOhnK5s~c)E`4!}XMqj^u zI5zwHS|ThdMe(~ZkasQY|AaX-2@ExJkHgG2A2;v^q@1@Ol`1SthW0KrOkdF;gY?+% z(LVmrH9LR+2gJ93EO$uLFGeYx+5B4rMER&U4B%)S^bS+>g#rN$O*Qyb^uIRYGj1Lu zN^hS7ypVFNk4+nRA5}V}E`T3&4cy&Pm!>k{`fSgfYHKq+*FO~J_PW=3BxZyFBbHwH zWNB)4@_pp`ntmupq;kxQKLjZr`pb$DzhpDSxV>VzZIG#yuO0#8VoNiq>z6C+%@s1% zK~JA2CG;SrRYzCG)8YF}kIuRW^GLCJ6gA%RmjsViBgpl@n>ztAgR!Xw|H+i%=JgH? z{aXO!L3Efsp;IQdm7cLAe^`Lh{~08;m-q6!3GdqU4WA(DkM8XJ7v5hsjtUZG&mqSO zp6|2Z{l6ZquBtD~ujZnGk;$!8u_Hghi|rI=Wz&U>wx|;UP^Nj3wmE@Qh|eD?^u*9d zD#hDqknT~UvlN7mr~&f$-KL`zWha#$^V)o3mX%X>CPN%z`p z#grbW8-sd3^Uk+OV|;kJ_s(WcYBhHU`-7@YCY|K-v5&oQ61#rpg=aD( zD16P|S}@uDxb%I}`4;y#DHt^4cVGekA@jvZo#yM$G--_DK_PwXxtU^1JX0QT;vT7Dte->L_Q-7TcK~!Xw-8xkqI;TWW4r&y(5YDA zYAz57^XGYB@3TADz8Y5#I(y=aa*lhD(Gm+$_j$>s=RnG7aO_I?`U9qk2>KF|aZ0?I7;0PdZzNVTHW%ka1zc@iu`U>zm^g%YU`fUuy zuB6!5(&G0Scq@(RFKmH{F^`0E6hT9>^o;nSa7L{;yv&&Ex5}oUy|>##Y$+U3>HrOf z(+%+go-NmUI!86}o`xo&QVzQlqJ0uz<#g{0Iw zwNf&j6G^|Og3@z|W8~>0g4ECXc@OCweqo1yhWZKbqq;tR_;DA5v2xa}e6TROrs~5K4 z{>|IasBj!MNoqw>fol@KBY zdklv+gOVbZE(mXMHYoS?7&foGb$pyeppuh3u6Csf5;1!Yf-Mcurx995?1+4kSvq46 z`fi-Hl>AmlE}zhX;E zzmBo#Y&78u1Hukd;{%8^e)gU(sS!?|Fuwqg?A%k^g2Zn)V;H0B>xbUaFez-gIiVdW z73fT=RK7Z11sR9CgD)yRVHP*ba~=TBOfj{it*ofe;52*y*s+ zi_=&84`aFNzy4X&Xs!}5tzQd(It9f35`S*4>}{>y_>U39(mR0v_{HoxU(y<*vOCw~ zZr9?1eWpy@yxO_i00r=`n3*fXpp??Jw46s`V0UH!DvLS@9MTLKVkWbzz;bzHB;?7U zT(mY}vbL!C@PEF5#D7sajYjH98gN3*UZkge(KaL^PmgJND`_biac{xQg3=c)B2+H% z_8;2m>FVm1RXQ+zna{j(N7&otuPX~B(+aU)9@dD`x5n}b>F7*fYksV@+)BRb1t~%j z*>*2Q;fjnek8O3IPCA2OH(x-{eBYxCyyQTuGyj~`B)5))VMLO(&`59 zw>aZ4KpUt#^a5W;TL*Pa_5kQ&8?r!y>}{2yPgJo6HMlr%{aXjEerj|!rGn;0WPc18 zuh^mis{4yGF!&FUPCG;*OhAaslv#_jz4+_TrAuXHU}WBRM&E>~2M!zulDo+q!|Wa& zXBi26Xa)6V<6{c}MVo>vV_Rqr%F|n-G8-y~74z9_H;dhjg;q$kCjZ=5wST1Pq{jL> zV_OwO1Z&W*mMtNZkEFHL^&J=ypAw$Sc{~OmQv({&;AF8083(sCzfr;Nx5$&W1xYyj z0a(#1kO$)86XRraNb>Z!@TmLl&cj1#TUJ^jzFk}@8e^!beN%=+(m|a-jP$~nQ*`_U z7g4!@%LovXM`K9*NXxFJ)YWp+X?ARMPt2_!h&N18|?G-={N0 zCZ`2o@%Z`!r`8HI=Q<4TVk@LyFBpWV1xx0-$ItrW>gY&VHQ#K>+Hj5>nz8#@T3XTz z@Q84E=ABGz=O&r^f!vYY<8T&MHxWxg;#o8g#Fvi!>O!k^hxdr=$ny4e!n=RhdB-&$ z@{UEvC=uD>puKi{a#7gB-^;?(-;@&%D?}IenomwxXt+gPoV}`a*a{X|kXqYJ{liH6 zA1WPrEIzW!18kVt!1q?FjZe=J^&BN&ztAB}jDnMA*p=mh50H-|ybB^>fo$bL*3_ES z#rc3!ys`3l&D%fu3`Lt3Z?><`E(R`To2$AFG5~Xut5h|wcBQ4|o$h8)@R7;{QSELk zq#ZQWLO~-)&^#=dgap=r9{djs76J5{sUR(=jPsezu?%KSjLh=h48glVt)t$D7c`r{rP8=@BL3S zR6xAzZ!hxGQ&_Ci?qMF6gNj#5f|MaM?zjefej0Jq`9IvV5pbgO_^x2NxO^hmSu_ zL2rv^r1;_NBb;1;l&sPDbKU>`B4B+?>6v`~2@e5XQWY4$hC*UuVdr_w-N(O45j_m? zXY5Pod|4?!CRA!jf{KNrJuhNhnSR^zwI;#a9s%G>gfvrMrj9+0?fw7r1``k1T(ma0PRogZCkId0GOlYRWk+-i3)wkp@q>!(OJyuG z2Z4j}=cW12)U%op>1n)Y1d)Z+pw;RtP>OcDhcs!asRlF~s*z4R{3*?*qHf9d z+~92sv1b@-F%;3XXR6_oX=jlC_n*Kl#Ww27tUz>KP^bf&Da;0O{`it_OIh$=b%)WP zx0+FwzMwx3tn{3K;6fH3r=g;1C`*{n2}NfYh@$*DW3FDg$!i}gRg|64CBdbzwI+D* zbaIOFCGAQ~yl^W|xJ8?dhrW7?;uUp$=lZ~x7X1pU7<8a?~%TUCH;fZy_y*cnw1z0`@EY9x+k)<6;J^kw#(&dj7Hbe%|9rCvmde#695E%O_JH}+pOAQZvO&_)wQ~pkiSxV?>%JUS6@$M zRX~$iA_Xc!V05wV@k5$E)`i;SU@08yA?&CaCZfqUsfs}uO7BL!Fuu54Y2Yp^dxcME zGz!Fvo=}!u*`?qij0Ty>_0=bY_;Yj}ct|%AZoSz1Y`q@Uv3rKD7bGEFxE&k-zVu_q z#%F4^SEcZ}y~8mys<5}OdUd!1qiz|7IsV}op+f$1ee&dqaWwNoShrojZ{#@|M5j_$ zqgH)ly8{Wgq$gT;aH2ImL!stxRx12I_WtrM>gRhL#}^e$K)ORZq@ZSbQ3KM4F}gCUicX&f-4f_92M+$OQL6d)(o)jcK@*A?en)MeO*uxoLI-I*A-|&-XFU2 zzE3%1rNs#w)Ee?@VUNhs;ljwl|Bh3Sb<5du`Fv*hxvreDy^%{XZ@$l}Jl}x`DRsQ02h9f`IgDHoDZacQ zsTaN_Oj0AZko9yAL~4si0J!G2OO6&sj<)T%**hX5m(PgVaRa+dE9Yc>+4G9FuWT^f z{|5J}u(%?b1qoh9{OA;JeFz=gUCU(weJnczHj8H#rNMr*PZdtqENwxdm4TDgcF5eZ zi@obhE9P=uO~WZF6`Owfz=7-27>D;-)j}&v+4p3DyCA+?xY zd=B&#I2{<3Qq529)3UBiJWa~}I! zUQQ(g!za&M!+QHT`G%i^TE7n&q|rDs-nnyfSvtGBXwC?NJ>}%YRN`56wQjk~e4Y0? zi9dZE;?bgbJUMjm0QdFcx0>2?O9rvlUGU7gsuSjWS$F5ukUJQHoJ>D2o(tatk*XxI zuPKy%_QTMzO^kpYfC3i}R&;lH2c^*kh8}wvzdPR~^7Hru-h>v}V*}tG%2hU%V9&z9 z75N5+5A)v}o|x~yO|D)(#J}?%hYN(^S5fcqAglfY18eal)_mv!v~Hm7x|`o^+GwD1 zC3t;1_i~H7TR$xc1q5Wn4ZK2;?3{OK>_vCs890Jpz#@av~Yuji9u z#sHZ_LW;qA@id}ssi zZju*Zp#HSZ?}2AA1T**lM0qpZooHUHv>rId0{v8QWgALKqj4C${pgzSU4Y}PAeVcR zc0dfd>1f6`M{q7)h(w#kYl>3#8Q?Cx+^kRyz@f2a;%}vSIrwx!!L>DPqG1?FxVt+c zI;^~v4CFn~a&9bmh4k+a>hFWTgaijeU7hDm&f4gq`NX%kT0PifFRSVI6*$+|-aUujgRsmB&DyQT3 zSxcQjsIoOzCWr{>ql46!pd==-3X_<2%m7o3ah~hPpH$e4i*Fi@4hkHH1!$_1)_w^&30y=OZ=` zO*|m^3V46^#IvCiqdwQo=EBY@5mcR-UoEU~1flpV>y#TuOv?`s0SE9xRtp!1vd#KP z7=XrOc38c?RfEcaV_hIq`o6vjdh+MPY|O|(-rTQu&#$mS7cS;+E!zN&=+MM&{l+ly zY{@beG_u;&=R3mUEeNfriz6FPpE%3rD!2BFa&Ljqrh>-tiHJJCJa6Uy!}w8bY`Kpn zl2FpHQ@Bxi$N(gn4qWhkI{y-D{+sS_WwccWXyh@F=hnS}xEnU&n4>~mT3TA+o=x8! z{(fNp+X6qOsG5vm>u7OliNE~)kG4Rutb}#qdh(5Ju$oFU~Q+Qio;Fc#Dk6;8IbBO&;_4g+Mn zxg#>oer#Q;15`YV(^Hd5#-yz)Eroo_&(9ZGuY{6NB%krHNqI&ORiVFZ-a&ouU+{^= z`IHbNE+HrE7naz}*YaY#wHJ6Hvn&cn(tYSEa3fKd%iu1MHRz@?dZ?cRVqxn~jFD=> zq#f?xW8YUeG5Vuxq-%TiQ@BuCq^7ZV@zS#p-_2}DeSE7qCoq8wxWU6n)rvLljl@CZ z+03t0I=obqzx%l0xcEG+TXDF^i5m3U2smMJt#_bV-Mm9fhi^-^Uu_7OJm9RtCO8~; zYW8@O8gQ<#@7&s^E7(5h+wS2^-Wkl7pPy>)=C1f%Fi7U`QI|d8pt5{u(->MFh9(uoy=MPSF!7*^uL}_U7e7|D%-n z=@+;;R-cp!U*@T^EE7&i1xOCRxbHZ`Ai4Z_@XPz&Xb$&ii_QbW>7Z1w%l5?n(}-wB z-Dr-<%BQ{Y#qQK&$1V>T7$YZO<#k6$vBA^5yA>@pryk?T4L#46E%PRP?(E!GgAf%t z+>i7JV-mGIJWa2eyzOIh&3&ZX9;L_G2q@$E?+v|5O}k>%{j%2R`s=Hp4%yxi!&pf1 zPe*<}0cTw@?xUfhN<(c8H7)vw7>`O2X=z=3hDUy>_ecen@=ULaehKcWF&?z{2{ok0 zihbO3iHV8l>P&lGuy}pi-LF=HjN!B~&*kff{!CbDwjOWn?8Hf(LplZQ z^h`8c_h!ct6Acy#ukLX3B_->5Kty~xcBel184J1`gsL!^r{1~*=a^X(<|_BQXBE4f zKtF1yLjODs{?^eLre_{3T+eeChf0JkB(mIjdN|?@-bZic^a4?K&pk19^8xodO^n~{ zt{a;{m3Xc5!d^$x=VGU?E?ApzB1JJ1?+>H%^E&H>K9ST~u58-%#BvQv#qj!!c9VZ8 zYFvG{RNdFm*tB5wJ-%i>!i)fah<6nV5BA%ta%)d2>!oJktE+a=!;7S38t6iO85rQ4 z6$jmZx}U=9x>1PS;gfVAh76lGmy|*vQjJ)UwV|BGj!^gBIW{SrP=7@&ZzT=v<~A$F zVT%hR|;a`N)v+lt`~Pv6uE4+s01daNcMH%1Q)D=&daX-PQs z-;;`PY$a@SOGd-*9g<%j9A#dGV0=GL*SpSqvw}hcofD&EvhK zFoJCs$(Oomb@mN}I9bE~NmCbn=e@qVOq7&CI6n{wYN#o$pL+wlH_vUXpY>$CbH(cR zP81SCOSmO>>UknWFWgF>K5NuW6EU)2lsq8kHQ%H-#HHbiD*=_Nn3y;s`?hCXCl&l+ zV}0wD*M+*rpCrh zFk8bE)2q%%%%Wkoh(#h--TRT3t9=Gu0lIJy7w3M?S-`k$lJOcy%`mfE$mcGMJ**F_i?+Gq%d`9+(!^y$N0;{P+nm%)N;67G04pw-+;Tadp*|8 zD>^>jB}NleurQF4qW!_!dK_!=;kmvJI){Y1E_?g$u3^~Z zsE8Q-8kbq)LdB`1PX>#Z6*)P@H18UxOANNun`*1gXm8o{qvG>j!mGW5Vx21c;`h&l z#VTyqgxNuADvPMR@^uaWr&xQ%r9eiefA1m0Gyo)9+}9AooV0t7zVo*YO+U<^yZPC( zXNCsaM(`)(zRk`Qb$x^!+>eCVEMN&{KVUf!NQTVvZxEr%(6F6yD9$@41yL?C3GpQ* zEl_qTkkvHj3u#;p4#f(cLM9fCU&y7qG3@sZm4ZUu;8YSe7&ou5!IOkL18m%kry#zcRI7spX&;8u_>cZ-pq% z*@_?+9USPl97*~G27_&YgH_)yRBGY|xsmFuSg>(*ab`(PZUpnvQOlOLD;`1&eRE)z z&)&98wye#M&CJYHC8v+A>pH#53<;fx|V@gj~6hLbZxQ~XnlHKnMR z)60pIi$u{nR_BSmF5^))o5c;`m0zA8^r0@7D*L)>UEvv2bX2kllU0s(>|poJYPk%_ zLRJX_`zK_7^MxRYqR}6oMiBbb6C?_7DKva*C4}G%_+H zWPwlCOwQ8!HYuuM{sVOWcdu(kZtYcu0_L?JsdE9BBVtichWAlPs89%$0htYHqXx5j4&R%I^;cJP)yIZkN)M9j+$Qs+feKx6b?-ejh+o>0={{U}J^ziN z!@!hF$Hzj!%3U-4cZ?s#$ISBjkLE6jCQ}_hV+VBo#;(xEb;}%%`-U^9+j49)q=LtT zrZ`Yi8u2%g4(^VKUqrYUM{k#t()f4noQty48X9`NgK)l0hUcB`B!mHrIhf4rx=%$% zN_r1|xf(k@kXXmJ<6z*O{OFiZO4;YHL9&BxIZ}LuK zM|Ym&rMt_Tzocqu@xJ1%BEGEX!o*rh^RQm!lBnF@XLNSfp7JgrbX$1g+LqIJaU#=u z0Evr_KZ$w9EE)Y0Fwhl%U30GGoM}Gl%v>o-n01Ap33fkfj!a2O(X+PU5@c|sEYqnn zu2gv-o4{kzF{7rT|HhbE#c*(2Lg!$#x;mY>BvRje(CFaDqU-@s$+!{@;eIz&6Habe>XA4ZKCM5)Dv_W7zw1;FsV#YOlCWb!sd5u9 z^IF_946b&_Z8=wFJ<4$-D@$Ifd$M)g{)!R+A5NKAs8DN@lZ)gj51!Yre_iJHd3mzS zD2y~MUIr}RWYb%Pxix84Zha;Tv#ZPBHiG?yr3JPpjI5*vZ>Fa_X(p?kjo-ZK01jCE z2n9YY7DKtjHFFP>@pg5dt4_8R=+abgHsG-zP&WwbzH^`b#xd+gC;8&dn<*tSAw`Hs zPDRCUWeNRM5FX(3i5<=c@uDLFzmD+uyjdmT95Xy%+++AN2@JyH%EUyPF;f3@azldG z0##YDR%BD!HNx$nsi9?%Bw&JIHWTy1GyfH<>#L!!re#)SVk#!NvFYj7|LxogIM6hS zJ9Owzt6LOoYHSLyjsI|-7#y;(@o;V-24vXPMkYk#1ymIjA%MRgPk1)rk3i)M`!4iM zh3Tz^C8r${!|oQ?c#M7a%@@^k)|G?*+1%OL8I*8XT&_+OT6MXtz-6!YcHkFL`k;hY z=8vkXDiz{@5iM=s95MUCFKg|ftkyc3q=S=Y{$zn^l)Tw=`kdo(25S|nE!g}AVkdan8@=7HR=Viz*}H~?0Zjd8HEr8dOa6?E1_ra#eb|!rt1pynXG_J90{#64 zC@Xrkx69{)K?G=cXo?J+gS@?dgRqtst;KDJ`bG8Nn#9zBW#C7bB(E zfEOT({X7_OO*i1x?$f#ZOL-_<-A8W;U-khUiK>`slM=i2bBySe73=$*D8-Z>_Rw@0geeL@eRx@?-&bHw8>(Z;50+`nWWkDfLQV>r=eF-T+c_H^7VxX0Y1K3Y$yFPof_llcfbRg z2V{aK9m!QyB@;B0g@sm_fEhD6EooHO* z*`#*KtkdA|oL-90P?k}F%g;=rt??ZD1rAhir~Mo&!y8dqKSap)}l0#5}WqO)^yW*L5i zxM@2=$sBt>=dkZ`NvPYyTzVxp0Un$_I8&!EH|4xEV8;eV?icm$vbs-CyLgKG*wo(2 zU!8xU-Py_IWM?wn7c2(coHu<8!ZPsixae)Py>74 z7ohS4=&gpE3H#Gm$~ouyl@Uh5chk0%)QW*nKB@x zr8T=AswWEpVn>iXz%25bocu!DtO9AtAkbx-3Sd(_)($kcav6kwP6HNROvcnnlpTTK zVqsx3C_h^$%gZrqQDy?sZZND`XNRSqko3|RLQ$JaZz6U)o!EsmeLiR@BfeMPANFnE zyvFHAV|RHLD#-Ds0b$emAUL9?w#M1>SC>3&4hE~T?MzbwHsYwXI2_5BbJ_hyM|-!K zAB3=9T!a>rb>pY+798;M_iEd9rSN#p*#-MtBXm1wQtG`}T5;d9NWbQFKw++xE2%wK zS9csov;>^=8J+Dxl@gz=)Mz~e(QjjMEY*%ihzi$Tys%Bp`lAkP0_=SE3o0uC84@tQ zw%pf=#vsrm2(mNG)3GC^-DnDm-ka;ljmH_(RluU6N)_u2C!sQESdBt=b$2(kzr=j2 zL6$7OM&jt8J=0_}_~{GaP=#+P%#pEsw=8n(o6e$`geU5KZ?HrBYhjaax~y2&CC#HmeAiMoiTQ&`0dB zhKE7J7=R}B2qz&-SMG~S=c7l`*TH>|?8W3DQt6<6murnYV32eg2MlbPD3y)f=EH{_ zr}u-nA6_>$HhK^o4xdtY!E08d`qha!-W+!yogezj9$ohe8jKS#z9@S&_}#ZNzC=V@ zJ59v*2~XB!%vjXbWqm9 z@A)%RGtp+uZm!vTEsda^aV4RYkI&`w{u2C-Q7bkLK*b$Y-8CzVaaTWCMD zvP?x+bn@XepgXQK*NQ0WcHPW(Kerb#DJO~}xx%XN_~ETXkR4E~q3Y1-$~6w;$WXwz zuhsEI7<~3@eQX=JN@Cb_Iv-`B3`D54Qc4O7itH?vouZjbPfo&%P9MyA!<$MsRc0hF z>)GuYkf$hQTe`}nSWQg=1%B#8dtOh^g9nPi1n9ZiJQuObg^ChKtz}!Ux3Gie!Tv#m z{ff|SGichiy+|j%o=oH`1dZSoM@;S@>TJ_FB9}(o;~R*p;M1WX+ITRU!9ljnAIFlz0LL<$O07a9h(h&n*P%*d$mo$XjI$8_3E zl>~HMVn2G<x~wiWa%`cMVoW{&RRr$_+&zl(lW zGDkEY2glNJ=3k)!foK(Ge2_b3@_ocKKv+iVVL~bD5{Q~HiJp%jh>*C{?!r8t7hcEy zirCm;J3;PCLCOcxs`U~wQ{4n*y!P)b7oCl+FgyU?P=s@2WQ?(~>Xb^f+3|2JkGNE) zYGLbPeCZ_|NXLUSlHW`QB%9IP-08atV|HowoDMgj@!i~LaowJCoR>JI0!LS%=NF2< z1cY;ldKJIDax4Q(j0zE9{5A@usZp7Crg0v$3tT_SkxNISX+-QDrXA6jpDwdP2z*@^ zryOa0rv?l>cYWSXm#T?R*!eoYzH8+cK(o?7{Y8vF>yI{wHLY>S)sBh@6;$7+P%WW3DMsek`DQcoE+_r{(8P%(i$@=;=HGT0RQtb8} zm_x0IaM_WZk!yA_VijcxognEanzhd<=ipou)W0I*GDPYQin%-+D0XM+i5J6ff9SAi zI`*CAyN?_t&FR8K`iYk6wHpZlw>;g@hsH5j%6hG`lPgI_SJ|N%_8SXaCH?I+oLbBralE?)aq2 z{#;(YI&C)y!r8uIIy9Wb67AZ)@;l7lM^8qhc$y?9B)+}754pG}<%@srI!9M|gVPUh zY07I`>ePoRJT&n!^AJr?r5UDbO${d}4I+5#P`FY~f6dKVdMBea-{Vp(mQ&1UhgZcZ zgxNf57qux;eD7vpv>R=o0_LchbJ0?SE7@|BJ^l8m?&0y(m#+NBMRyKG4Y04q-_hgI z2k9uZ^}&LC3C>+1Lob0^RM&u|v^lS5gmEmtr32#+^r znA|PC8HM#2tuQW{f;*wkX*EjCj zJ>3ZlJ|?n%=BPmFHUGQvA5|DCzykY%0N;JhpZUnJsZzZ;{|%j6(kRF_M%a;Yx1$4r zuGbv9>A=sJ5V_mH5w4PoXT}~O)6ZKXT)!Y}{#h_RsD97Mk#KO9IskH<7+9TbN_6uD zskFV@Wk9Cs&uAOo5WOM~4K8Dl^T@G*o}PaquB`FYmMP^;LpL&fgFO3rNQ9j6>L$2p zL4SngXmk17lg&GJY+E72?sb zx6Xo.BRXzlo$`T4B{_Pe$Shl?IHu;|wF7S;*MPGhD5yH4I#b~@`ctFRbHfzCP4 zIj%1^c)8iy7j}JEl+8H;9V4`*T@|6hblE>pkif&~!lm^Q5i=lb{TgJeCwzfI!h2s_ z|FguTI$-@5aumK143g)q=%sy`-mzq(>Es1~-y9g#DN$fVi3O>)ZDQBi>ARKJ;aqz0XDpInw3iokwh!@R2D6Ak>_ z`$?wT+`@$Onx3i34We&Kl+>rm_SXAT^=cEj(RcL|1}*{%OQ`JkM2upUZiYqr>{>OD zU=CYIujFo8ij`$i)bn^73=%{11{fP5f{Dl1J7!=5{v+s8#E1-Y15LdqKq8}J1GT2& zo@X121N5ezDe%b8HDJA>Bts^GYut?Vg(kDIC`dKLZ1IS;RG1;A^vIi$fBe1J?qK&LSH!3`bQ+yRi5ca3(q&Ug;%GC(wjgjiEMha3YsORtot^xzRBr1xBc{lKH|%3nrgioN&q}bp;=WNxupC>~adY?w z+J+-%F}*W!9+NMj|E6>*gQ~A<>n_Fw);GD3Jn|^1$HQdYz%ClNZF&u|4PYL`VAlJM z3`>?x-XaQlvLJoU*p?T>f43wc(wxQhY>_1=L$m5}mNbllf{JP>fq(y!Sv(UoqL5>b z2-)1h22{3i)2CS1cdPJTpyJ#$(CaTt92Ke7ZU5L+b{{xRbNyaN@*`V2%A9o&Ra{4K8PG<*a4BNoRK!V6%q&u>^=9l zHyz@d$o=;}ZVxAQa_f~=QzAXvIverw&B-t0nf zJW5iZRbvH<^d9j3`qp90`)7RzKCDUXo0;58b?-y|;+8B7l(Ony!v2v7G0w)69RH zanCHC)w{}_7iO+EXVPMFe=kg9K|VhSt4@|}!yVNcCTF(r?Q;1WQv*E;07r>GArJP< zsuIsEQ+)p5Ew{mhJL>Lzux}p+{bqn-AF~8E%EGqfFXq6)IQxJeNltl z@`(&|&AwU=L}DO4kxMg6MSaMd^~O?MUTc09T%|3iXa=2}1xd|5@@`%^S7?CRnWBD( z*|wH`1e%3T6?&$nrz8)Ch6@p3=a4L(#nw#&H=Y6T+ae0+yfRPmt$dSnpZ2~J|B-}* zLOQ(BW#n@2>I#qKbSLCj_4s7kP2&VQ)ZkXxVb&r7Aor6{i$|@n=#Z{=gMX;e|2BJG){G0gC3pA z=?gnCoaD943EX&i^m>#jmxqAY6oX^ur@`eRan+6{qjL7na;ZIixUq$ZsM3o^{Yl*W zi@G)N@wrf0Xs~nKHEMZOYTe~}o6lJWI&e(LH`Rp?oRqRV2 z9lKTe#EunquzWujue(`}$fS367yb73D(Xir`JSNcXb8g1Do7mgJYocB-8@kS)cFC>M2&Vu>G1NX8o2X=g)!2*GaRG*Em90C_{z$V93gl2HMWnyQWF zU>GA>Jw%IfKz5CBeP=raAY7x_--dq6grn12eFs?bs!A)Vf)I?96n+7ZDJL(e#wt=7K42j4iXnWk(MdMx|%w8H^%5oCKWO3m9D+!)`DxkmM2f zt2KkC z=pt+7y%C@GiS%J2!jf$(uw&@NlEpfh-9OCU-p)B?fITcT<=2`4a}|#4&th*0C!&EF zBFtfGUn}hn-a&L#A~O97xklVxFw+CBS=Wy(srNcA45^B!mF+JL&zFFC9v>ge=_!Fv z(qmtHmixRF`1%EXP64y;j@+f-@FD3(sn^|j%iKqq4pJHKFvpLa<(&8#gImO4I&;*= zm`e5=Z*51m#VJOoRXQ3vaimx1RXR3C-BoMf8OL(;hDOWa%5-1a$*B&kEt#G`rJt|L zWx63~WV^SGLO#3ODR0z7`L1zPtW877<(SaMl<60VEZ^O=Q~JmqkJowwfn}0C|2>`g z?l%k!EuphMH3(;Cp3W?3T$|kQ;{IywqKT_NFL9V-6!Pxq79sJAtpM@-)IR zBByim_*8nO(Kk??U4jskeeON~qxr_ED}TYZPfZep0SGAl0Zj_29CJxvjBe9X-{!Er z&vYDM3l*7#Zm$A7dz+$F#p|R-)wg*}1o=##Rg|DJui4~SvmBO2bhP@$^|wy@Lq&`7BLz%#3X&MELv zsz*yy-0i2EsCW11G7)TiDGai(=nAiD-@URbO91lH0C+nuV?1WWF5jH;Mpi`{5Maxv zRw0T3oHEDZmEh9}2)N4QcTM7W`ys^s_+pwR&9lgI$*gRA*67U0eh-Dre1ATdFEQt} zBku{WvD}!)nv2?1u0JWE0@R9%k*jZt?>nV!d8EPyP}~~;EG<4lAR(`J-aX7cRr?}y zU&C{RrYwS;xp3(qDzkp?h(PuDtT}&TFV3c_{Ls;m^)qR0P19151XTdUQI628B&-M9 zVyUNFJas3{>VziyUN1c-#iUe|9iY9-%2@youXPPlAI zoZP9wiD>}YS1%kn^WfKPQiG>Xw{;M7xrbb%~$gI)BPt!iuo%YZF} z)OJ+3RnByHZ*=geYeEIb;I%DsTrUfuQxv}Y>5@syQ6)v!9U6P1MY&V}TR4?JsYzgf ztuRA4P7G6o>0^rxaO@oU)&am zMghNba`$}G^P9kTmznd9{8>+h&Qp*Lbb>f<)%Q)~Uy1dja4p&MM(p1n7tRgv>Tvay z)|N8ji>(HBTqIej^^JV7a)|-E-mt2z-C$l^biB$vEXxuapS|5or;VSMECRPhNBOm- zx6jtnsV``IpoekxC$L*o@Gn0AM?ZFX?uq7K-=Z}vM7?)6G{mzotIQJ=F~1XRDKt)X z+)0sXKE45Na<_|>Xl4i|nIkb%LC#<41W8Ur<>JJnCr0((6| zeB8;^nR9tiUyn@8pK4@a6P%@5v5}ac{mNjtB?7q^R{fqxQG*nA^2z(Yxx?|BMv}Rb z$pC3i@J0KQv*)~C~JjIcA!0$ua3Tabj|_SNdz;!J$4jlW&=@V=E^G`nRjx|2)JL_zOp z>x?>j(e>vHG`jFFvx4U3La2-`&shw#GM7XYsK^Al&Oe)&=DXR_b?eaeoky5^PyW0aCH0@Ai2;gl zU&FkAJM8{a)>UTsZZ?|-9GSR`lVn1`n^n>%apB>mBc%%v4Hfv0mq8Lw4?4v^mh34x zOgNr;MoU)0$59BTB?Ni(!jDAj;{H!;0m*EebqTFi-Z+_SHc^*1kqU`0m2@ zbMI9L%JluFf6@rLlq574cP`oM-?J)0D3tt|L^T+N_Xbcnd$If6ctouqL$2dJoZHQr zk>F6yH6w+VR`jDf zhxG7W<1rmIBFw5e=C~V5aVN=a49&u(Gkn05Jz5`>cIH`=MBsHy(ULZrCWOE>L#G?R zztxg(8gj4-I1!p)O00HAUNs57aOKPKzl@N|(7wCakRJOlm_}-w34~`JeEU5weE|&( z1qnY}1&S5S2{K2^bgqPhYnGJ@ZWzZ8Mt3rY9I)u*<;@NcgE}wYfg!k{9OS{tSw@|% zYD7@Q1Yh0Yo9Vyh3+$2W={uo*G24Gd&lPy^!BYj$lHz{oXhd&7L{U3am%6>NsiK2Pk1ib__2V!JD zwYYtE0Fpli5q~gj$awXSzW8lHM-2}?NoAX&nqhbvBI4+={8^*2C6S=x(J<)ET>{MPqQ+Bu#yHag(wY%P9Zan_m+)smuBW^a> z_lu!^Xcx_CJd8xY{g7BL{p=;`Y&)d>+GvxZnOK1bE&=eW1qQH0;C{$k`U$44kA2MyniW%Ch?*J!UGqlsm^p@h7a{qj#- zIlF*^xwpbKmId;Pcl73V%7QmjnJJyqKEEj<&jO$B%KT&CZYE%XWvWxuzf!)!+{JoUI4t`DdqTjV808nfb!w zjy&6@)ow`P&Q=!pj%Fs=4LKHwN2e(W_pub@4ASo*RX^2j!F|Lw!)pLi8+*_GCH1w- zLw9pZ>$iZPH?F}phaKIEmH-}vXEyU*@f7{i_L!fE!9<_awYi}qXwn4Vj;SH$dpCd8 zva-1Y^A{dr^N;s4?{h}w*AsCTe-5?`d64-dKQL3E@;)KopCe^1nO&sXsEwwp^Un0? z$sr%DFkOp=>-d2?)bPs4u#92kJQaSJa+m@yYnA!xt-q(6m!1*7Q}fD;xj{!`le1Lg zXY|8B>zjoDeufHaipIzde+cD+7|4IcX1r%J4#@~i587Sc^-(OfZt96g2j<^MGtj!# zO?6|a|7f#Aex)!@dgAr%3e!n_{}!hfb^p8^?a?A%CDR*z2im?Z-uUy2#PUyARCEqn z`71Uv=^^4W=py+=Fbt`j8nV-LS!jT^$o!}IfDcS$0#+rYOg=o4zNPlFc{s3q0c&|+ zYcRfOrdxH5m1!BLh=*6I@)cdr4Ql{jJXT@zaKprI;F+&>4=jzsGW*%5QfTFv@wxP8 z*rEUcdAPi4*Lb#mK}#NvD97s>B}zun8%AP9Lm z+aAaE#zQ;`=f4m9V6Rcl=X~=WlKmlN_y+s;{(PxJ#puU9m$`i9m1lbBIWOo;Jf82= zE*RwU-#4JpuMeJ{4!ea^S-xg7bl`vymC@E1N+^ZjP6fUJt0Wr5y;;+v2d(AsY#XS3#* zuXC{ttc(03CBayT|D-&GWcEj7a;f0|&xmQ;3*2pRl`6m+CBgFX3euXHcTVS$xnhf& zRd_t$f998=MN_4fD-!RV|2OJv9Ovb;4gYq9rD+anjZDmX=MF-l6K(8k8dJ!*B^eYN zii8mTZy6&mmkR@jKq2GabAunAWa9JxVNcWJ^tI>{{gSpS7!GWPDtBiyhWyoa8UNQs zx13PbVC?vFIJ@D4HMpz>qeJU%%L?-*>mfTioz8wn%wSgZuvXb(Cptdv|2h(lwK+%4 z&$BNM@lGT2(8?N&9)Bzh9OJjg%$XqeFAM|Zuqj9?-~6u^{Pdpq!OWjT%q?*~bZok} zjN%mvfkZ}`TYM1vcX;r5*qY44fp`D6TntQ_qNfaDC19(8r%ajAwitwBU`5DDzECc1 z%J%wUaHyg#|NoE&$vBt2&&wc+`1Bg8aRJVI!n{H^!GCz`SgYwSGbHh%L*b78^J@vo z!z}ms-&ag&Np+ODK|~SkemiQ2bW~E{%Q63Q7Oliy#_R@eA2H?@-5O8OA7_!#E^rV+pKC+K%BP7>;by*{*lP(DAtB<`}2N9e`)o?r@^-c zz2#>8KQKXfF0%%kZd-e81$_$p@QnQ?9t<#QP)17ouqnJn7sZL5=x>wB9=H^qj7N!} z7w_*S2Z$XNEM_c6F-ohmafEJfq-!lr2M}TpoptQVNbxvR_L0dyGJ41VpKj$A*Jv^S z=Kl2D?bPLkxA7&rtGll6%zQeT}JI<{l$5cNwCa)htSX_h&qu? zspBos=fns}#t+rY^i!WX4uj3^^OT>HC-1eI_x1e8*>BfPYhG#n?(jbl#z)^; z3zR6VWae7arUc%V3;8*x`yVS+-#5M}+*#&h{$X zi?z|p5?L5+m|a^!*=$y0SO`NegVujn!DwgmEr04(?z(Fm+wtXWqEE!`o;i2Y8qOu3 z>mHB7jL1upoX@4zg}E4}3D^nOgAz~qZtt5?!iEx!vWJM^rvHurK_Io%9&OYMWxbYn ztfIhe%N1Ln4REItA_Z+j-5&;Hed8nni$#Q3?Q%#&Meh;BU2I!Oa?(aZPc&&Zvr2opI ziTIU4`4OGgO{fzHcItMYwAJ-{xIRts!H(0>VM|0CWYQ{EjFht`U=6W2(`?d5@BQ@G zn2U!e(G9K zIJhkV8dFcMncmG6_Y@K?|4WXmd`COIw4*NguQ<7-2GBKZHEGniFtOjb+`xU6sJ;S3 zLZqA)gOtqOtC*;%_*^RnUL!x&PU#J80G zEvkn_4VC8>RS*6X%q9N=@b3*&y# zRMwNR$=a9T>}Gn!Xf+@p{OBut_kv zzzW+Rdc;M?S0!JO%Hj@fm*RhpJE+xiV=v1{`6+?5#uq1=jDtyE6T(x6ua)jX5^Wl;lnq-RLB)6- zStjWLAaZ}yD!1y_D6Uq6@l=WOd((i-yr4{8tRCIk8Ea zF$m}quk<9h$+N97#}!+8AK5IcsxbLq>%^J+j2i8ZTr7)O`(bU5KVptnJEy*n=heyh zZ*{*Ejt@jPK|<&*NQc#PWX}C8BB99e#3#g| zSJR@WqRiprV)E7P`wZJ*NkBy_4)KV%|D22hMXg>_{`dMUWnV<1nLiIMJb4g6Ru%qK zB@_!hlRt7I$D(i_c4=I<+)5`MU z@Va>K;N7wy?1{H{EJNCa*=ToCHyX92#wWi-5yVO!TEGkK0?&OT`gemB)Ge3uFt5;R zOBhrCdGK7&Gf!fID4|f&frcxaJN=f69BeDIr_OZuO`2W{zLL{9P2JeHKG6X{~ zHzZ`tVrwiK3fzIjF0`E&_+6A(H4{%nbC~;+0k5NsZ?yd^vkPg^f9HN=*9X@e*{gLGbQf zX&ySpkk!XB@+p|9zUa||>aRkXcNF@^5&XMxtlwS9i~h41;%V24ezsjR_*-JIV!^Ol zmfBYMJ36nxt=1?rW=mO??I0^ORr-_QNSzSjt)!}vs9|nEtDwGR&%qd7y%Vg*2F=X= z?Os}u8r4T$HQQ6!e(drbLNYSH)nL)cppz%Xcb8&s`w9|d(2v#@1+lzX_5Ckdd66su}VM#$cq;m=BT6$^t&P9LU{Zlz{&&)jYOq{(c3hYudud+V*)2%2i z{C6PvoXj1eFI^WD+9Si_X@m3ZeWSsw=h?neiTU2cn`xWD{V!fu3h;Wi=Nv1M>$r9IN|ltZ0p-v!*+BXs)!D zOc73C72H?v167m{l%mVbR|cVQr`6xK5-2oCz0x5^r?iI7Cp!6?edSP9s_J0=LLrl1 zxvS9jg^Qh6BH47GT)cm9yV~XOu2mb0>Q@;+V7`!GrTZPJ6--0CA~pU+e$-*HnI)RY zT1m_yn-x}IaKqJPph(EC+z)%UWIyZjA3yDK=6)KkbB!$VefL`u82zDk4Wd5<_GuzM z{wl%iVo37#*u2;O&O6|-fAVQ;C1E7GH1gn@o(Ue4ZiOn3k26pHSyPJLzY>-L1I|j2bN`0shqu-6T=kibsy-2FAOdJJ6O8linXC4AYj!b+@REGAxctTYF5!>rt2{{@ngIV^>N}(S=sc74HE!2AIQ3o2|M0yj z&|L*#Z01)*K=?~Lp~{;g@*34KC9^rHb;nqf3>|IHBza$#ZWsOAP@StUhB~hI*G#7P zMxbiK%n1Jrive_9BR^4&{@+XfM_8ysA1}#2-WNR0S7mMJ8Bf9!R1$?)P`Q#oWHsC` z3-%Ntx%rl1&Mqi+PYPN>e34O4y!0!lrTmM{zd4M`)vGbLom>2vr8sZaV8327^A3;X z3F6hl4$EIKe=kqv8Fb~b6~o8sA~sE#f=>bVX(iwJb3U)yz%gpxze%Q^yxLz%2B0h3 z^WP3w8cSlRa;g zzKs@)?v`yk{F6Q%{|HNFj@=AR1(`?I2V+I|F_BTOBelFrqJn{f3k;8VE|egnh(xL1 zJO_ELL;gaNtH1XzixuKfhQWeICQ3E^+fw+uyr|Y3ZSkSJHAgfCA z63Acr{7&qTRm?cP>R_G^wTEwr0^7RM84JP-m*-!vsPB^(36%oFiv+60O^tk2@2a1X zi0xD5wF%^}dGUL9+f2Q517C6dhDU1kjnQr2%zcz*+~-128jje;23lV=KWCtpHvZq? zG-MWZ@+&m%m z^Ef@`@Urv>gaBDHkIox~|2UAtOAt+W_s42weGif5ziD1MX5q$PU7}y8_%gD|y_3Is zjLU6~&2JY+8moWjmS~-9xbjjeBD+?wLw~Z)f@~@!rn22iqhel%>mQ-n2vErqnc*r~ zm}g!Mcq;MaF)u1O=_86Q>*qmqk!rKiT6Bk?eu{UTa>GFEI-Q4a4_$KNP;x$?@!-rq z4srJ#A$+$#Q2%|?-hh!sOiPz$3q{7$kMC{VWF%GFu{zr3rw^E2gSP5Y{OxH5rN3?+ zECf(eQ_5v+oLcu!k^`{xz5K5knL{0xn9%koi&wPMWE1xhigV1#CIg=xm9t)Z6K?V; z;+QK6Mp-@~{15r0crJ%~pcLiy9geUhaR0Rg?;|^;5eUb0nn%}KWeE&qo=Rg=uHQQ~IrDEmX_%41>SXK{&w0L&HjA#c)o%h#c`#v$d;h5!t zW_60>k1JuNj-{^}!+vQKGQP&_PVV&URJVo(nfRToKyn+&;Nkm2Ua_ekaY9xB&$r91 zrS8Q4D%Y{^S|nS7Joc}Xl%NS6;2I$xb$uN+Y$C@20%!7*b3>f1Si>h@YeDLf2PvZOswN z+V_h8ruso0KX-$->LAPg-u(s@Su4(1D(hmKb`w(-2{y)<1Gxi~98JTtWq{>+=bf9P zb#4rKKs9p9+PZ;8UA*E+v)sY1dca*vL-zMQjd;|H_eDx;!A)Wp2=A^?5Jr}WA&w8^VGZvxQXA~L7Nejno+*;k2pzw zEo`o_GRQU8L*k{inUo2lDI&?WBioWrEj14>&c_5UVE>C~P%pF~2*Xu;wbfR$EwjwH zGE+`QjZFd~#_`lA_HHyS+I_ZR8g=>}>FrF(wYo!&IwB9ncOCyHz^_WluHdU{K8neg=eIA^5z?!#R1 zH(S3`F0FJ*v-xEpm4!Br*8dZf_(osy6OUyJArpd5#i4e5fB17*ASQJyQk+5euVCo- zXTFI4PcF~XG#bYACz0dAwMw^TzbBYX&TxgSHvQ(Q>67n=0+NOc&60#SzH6jNbWbH- z6mh@_V7T|WRl`;bWQE3Y|FXwWa&_#mR;Tq^P~VB~POhc=Zu~@_-%@5M{!JGCxyelu zWgNnJ7Np;ZRu9oqASbzAU39DHHZ{@bGO+0hpndiVaLZS~evm0P(DQ`RBpIRHTkt_PK@T8Y^?yu!o|K(#|z zeokZotkXoV>P_*^YU%+#U8*m07N9_ptY<{pf1?+pS@n|TYcBJ57y*}lb>TBlRq({4 zuQFB>ngx3qK2eHc7b{rSF%?@vS0+<(#-2XvhqA+=J%cli5{%7xL?mk#CZPz@Qy~0^ z9N>yw{Tre=yaWl`4>O-xGfOYNe$GQz(e|$Gbi2ePh_20c*ZxbqjH|IlAZ1Nl7LF<_ z(QS5jSp(1asG2wG`&XQeC{Sb`{Z;OfTTuy;et*w(zmegUz)Z7~iT2z&!BdF~%Fp%4 z6E^HdZPW&N&BFx4A2tJjpLRi%$K9{ZeOLi(GVZ@UeL)RdVZvB^?xKUvS^m(QLBs-ukBSRN;1I$w!Y%UzYosptb*dJz)ApmR?CX z*rpgK@W;zcTTH{u^tEq@jVa%Gmp>{&qJ=m9@P7#U%K}vcKwS7Vf6Oo}b41Ga7O8Tr zr&0BA{(un2$|sX>x=tSupfiN}w~XD^s81YMBTSQW8s|7sk7V(BR6h~(l9O{6KP~I8 zh%`*}B2S)p*_bY-ydlJlXIdd z$Yw2<(r;gF%$~MQn786N(J9riT-Y^_uvC3$j{V~Par6F0shnV$p;9A6s+ct5e40ES z>veknbtjB zgfnp~*x;?=9nMbtAni>%ho7j;#Fw`5r|w)T*XDZzGYuKK{Ig6(oMuuvwnh}$A(;3PXJb>Yq{S(Jd>5yt<>H1RD8Fo*x=y7>*_@XmBs`uSv?aIKApAiD zC&^vshDFh;jw#0j+>oJ{pCdX9%|okiZI!!v;LSI}ZLo=x>f5C{mpp&X^81E>xVkg-cYJAq8XQzT zJ=dl1yxTFTsq6D3<^W#~k_e679-^PkJlu}48d}$^@91k$whVuVQaHSNdOu6AI>G{n zBM@%_;J!5>GhGny7O8oljH1wVu#^;}tFJ zszU2i%P*g{*HJO#A{WDa)g31J14yA%g-YE5A+=qyz4pnwYQr+yWOW;q<0tywE+*z6 zh|mZ(y{S!degs#uHY4-*Yjj*~!!y%EA}HQGVN8??#<`hY#*~vF90jwE7EQ~jc-y5AZYVO?(R7ai!I>5da!6?3{ez$?Ev-o+}x?y^Lmlso{wfmv-F3=2j#! zRt7OMLlGzb4hRn`C%D&TpX;uh|CWvO0G}EIJZwU#2gtx?f%0i<<@re$=Qn7xMrZ(^ zwO!0J)6e7g)VI-`hiA<*t+)B|Sz9tj6@%6a?=hO+#YlRwgh%8hm+GURT=U&j>N?mP zXF`e|pZ4<;qM;^0EBP>kp?|aoS!hrROY|47 z+~Px?DSCBc_aDqh8a53WHW9Tz;k8TE=1nj1MUTi#1YT25Qh8fZT%V-_@m(ud z0GQ3O)nlEiHhYjlX`bQ%PYq5`rjflY=z+)?+xK<4^ZHHDd3r~7QAkIsDcx%9AmfnC zllZ!tEN-}t&BnE-Gw&jw50egl%wFx8>t#57YvX?weimQm^21E|+s+SDa2SoUqX&fO zuW%;f6%@lEvwqROqvI(Ixqok`(H9%I9@8P{BqGRU)BO;`%m*ksm3Vd3>G#s(F`hz7 zF(>w6pLVTTOVg2rkB-p@^BTiT+~RWJgM10Iw&d;;8-uP=k{)L@_E1a~eK`Y-mV3m# zN$+s_^RUaP!`c{R;#g${mECm?1q#Szr~ME-S#Mm}cuj>OUC_uD@BQKGl$Ub~X2y4@ zI?LOI&rbaVh@pVk#y#}0mesI&ny;FoH?C{~@-i;x_KL?0^HD>HccRTXp&`}4&wD-B zZ90jPOo}py8<&XVscH~wMU$#+_G*=YO0&u1gjdK#rdK~)#r%wG{Tc0{faDH1Rk*9^ zd3l}h#TJ>w+WT||Lrd)fah034A+Bc_okCi_l4y026QS#i#)BjXcU;-F z*_yfJt}nLk8E>nbmAtkKA?h&kKcc-C5vybQZ39}ZR$^Y!Og1!YRes5B9d zA1-uJv;UH)9QyE0m4|0ICfD0BbI^O`71sm5>ayZBj45X#1W$iRm+aCo)PHD@c#M9x zmke?^p(6IeO`Mu9K$X`DXb9+1YFUPlBQ%XS=a1=~_;uGN;iSz1JZPQpv1}4w_I%`R zZJ%v^6U88lWI=(2Ojv^XqGQcp_4AQ-0Rod~(?6kFSl1gJIuzzqftEIc_!7jNcU_e`%TF$}4w9mHVi z=3gC-M3P2pbNj`yRj*Rdb>~J=nH0G}TChR)N52an%mfdN< zw`zN><4<)Wq=Sl*Y?^(`AhqIR{arkGr(m^x1z# z3<;~$s)aY~=G1vwcEC@-U{R^znGf>5N$o}G6Ae}8EdRn~`F?AP%^tEWxj%byz`vZo zjX#m{6Zq6GJ`F-#_;$HkAZ;s8d2mzsd}i|OTO_Pv-Bn_3<&#c(NkN##`WDSG$Z~H^e5DjQUZgx*sIj4_^S@gCLkWxa9RYevUp6HUdo zeNp$ckw;wGcV`OsK!PB-1o3wF`SFJR$N!-Htj?L=#}&)=Hynrfp@jFGqSFQITp?2Y z8B8Fbx=I7j`$s3URa>ONG1etHI`=JOHQ{z~`$Sag#|>5 zoEdVTOsbd23;F3yx>?G7!m0=cXZ$s4Vw7G%bq@TIqWt>b3NH8`gf`6bLqVS%$x|Fz zUL4iG%kf$hBViRyPK4u7+3Cu_PN$raDZ8=A?3z*6528c{K@goorf&0c9ok|)xR7*Z1+j=*x=>-_wem)=LSvYtP0G;pGthdp%+IQ^ z6lh<#0v3Sebi{w;AItFCdukW7nSD6?d4mv=P4X_|99at&+C~c%JJ8>yxK)#BHiB(IhGJfUVy@p(B`R0SuOWB$?fFu-OPyA4cSmHSA6RoNsqS2qlg)Gc;b=~n;7pv zo4a?NG~UM^U-or;O~i{i6s{q%E7_odB^u;H@m{zbCk=zQ7mgCk0FrqK>WMA;vRNl( zE}0P@Jf83fd^hk+3;(4;bQj{FXZNZ-OpuSN7TRzih6PCfod{E~t}5eN3W9zO5URL7 z1hX2wFChR#``$RDTKU=GRi$u0`#_C4Ng6T}fh?_To zC!+-@WP5o^C=FI6MS2nOpno{RCniCmU$)5$j?)^g|T4VdG-z4hxrk_?lCp0=M$ux?mSX{-xA~#U3MxZrGEKgl+z6g|gL_llX z#|syrgyXs67L&a?;KK70#!e&kFUcLSJgq!_hS?J9s;k9&h64puT7te@1r2tyw#mCQ zxi*mOrkQ|D8empaPj=tTgwP{~5Fo3y{YC@|+BgxO3a|X+g2f@h$|1avm>xJttzuh$v7 z`!ODzFcorgnzLJcHhe1uAWkagRjv5Q+RDeA#c7hl(^p(5g7CxG6eEmOpr7`{WuMG1 zh;DXR02#q73kB=hoB3SZNp}GNPkw-Bew^+fb7kQX)n@6~wqOaXsJ)B#RBsUwo50 zH#}tOo!@e28uAVCoF?=PPVMy^0G(_g?bPAfkbnELGmr}D8ma=g);VUM(>KCpvE!G0 zuX>z_a*d!T=}Isby-D$GFESsuiF(eCpE|o!oL80>Tj29laiAD5R6&n(XD@#jeEAlDYwI6IUSO4u|8;TZ+!HB7^zcDJZv)y6)bcn)awi3yZYOdtFQ-7J}=z{;K4 zWpg97KpLu3+3$Le5?Ad6coA5gRaNs)vn$5D_1&97tYl^UkN&H|clTk`rC5|f*&RZ31IfRiEo11XP zLy`6VxtrlupZxp?H;ylw2z&*PEk3#DxKy-87M+d*)C-!SzxO$|?XO|^+4 zdYlRvdDBt#u)ybWHv-F!4vr97agU+W&8iEK?3On|9ki-w95xn>awN_KhlzFbyO1&U zdY^de&@z2LCh38orP8Z9K0@&QfCq*$UjVW~=X+LNui|UJJHP#YQ?Dm1QOTGL_=7&t z=VLdHUIKe5DmC;H621?9(c2v4?%Fk4U+FH*5W-vTBKuRroCyf6;;yC?V3`n|-Zagh zPoTTE#WFVnRK;OFUq~`(jt8RZ^LF6;%E!U6-Qc+EY;5p6CC7{Kp{1Qs(#R_8M#mp0PjtlD zNA?6dJy-iQeALthool4%AV{qIkzM@hL4E6b+(TGtzgPy6NjarHw-v&WPJZ^)~~>r|t}73agXh|K)sJW#%dl zquv9Y<9Wt4>%W(J0e2qwyTcK zRN|CQ{+3p_P*WCA7SAB5H0+7XsOO2+NZ6YYH)UpRR~4PfIsMJmu_ri?(JWcEOVim? z^opR<5Ntwqt=D+NB-BqazT^045EX>N>SC{x(>4&DYr!eAg#*!JPuLLkchs?~;<=a- z_xUfbdnsFQL~~_u%%Ap9p|wcko{4a)_uY(c8#)Kr|n$!o6I4f29i!t!X~jK`HOL8Ok7M-9!N zQ8{b#-nYPoUEjMfJ$S_Uo4i~QbwwO#uheW8&I)xfI+oIj7}g9Fp*hcm7!=tF9pznSe&FkGXQ_ z!t<`#t5+m+s#ZvwKiy$RJqP{v>S*ij{;D-o7xETW&>k?po4AEIB;MkP1R8V1P69kQ z9=56AC&3!(fXe+FB)uu3b0nWcbGoDOAkunbdI%3v9KQ@-m&ws9c~lU{0q-PDQnWpR zCInEL_+Tf{@HcV=q>VJ&3zX)=s(Duy;`(MmSiE3)RpN0~88J&mU5A3SH`mq|uXO@$ zL`BY8vyw@(TQV@7i|csOO22Ey3dX??jjB-8JxtbBm`^B>Q1KA`BK@>K&S04}`TH5_^8-dNVQhUUNPksK#)|D>jLi!d|fQgk-?(_45I1vn-o~ zkS`!>FQSbjFzqQb5$+6E?sD{;^WE=BZKJGBCX4hF52TzZ?Ltv0<_PDHVK0w zh4Gf}8DJcqt`P*|8`b!l`fO zJ?gIR*5LKx3?(s6`YK#e)mGZ}gE>GQQG&H6?8!YTQr+!Clpuu&L5i}RT`^lc3?2IQ zZ_ICoxSP8J@(b$4{oWg2S5f@Ao9G2RhECAyY&$2Ov-$&>V>DqY(uu?1*2RxOQQAB| z)6?iSM2-$&)YRtttk9c&T1Z@`*oHDdeJ(LQD)$-! z1*|AZp}`)0QlKxV+hA9cd)T2>A43T#{`ztW@9`GoOE;30>7!E`w9v2i#~j`$otEu- zd6Roqx4{!xD&9>mVb3!3@uxeM7g2}PsCJU98te!FYJQBlm z8btdwxT%se#g2z9xOQ~chtlRdRjej|Tzu2XqI4>Hzep!zgC|b5`&U%!{JPUCoza9C z1L3~olVwAnmSd&h$)WwkHO~nO8+pP;U!vxOeOujGK9e?oZskg+Q*3YBd$zS^qCG3cfzV|sp_SsY>Eh15Aqc&Yh zi{0f#2Nt+zsiz%s2e*!S&BQXB%94+V&pLW)!HphqZ0*8gGH1%!^jWYBS-Y8YMb#$m z*_kM-*L>}#1AFcb`&T=YD~nHxH`gtWr7rXspVc&-?8uyf-WEMny-Y(qwxyf7xR9zjt+?Bf#xmQ|xrT$_4T^aPkc_rICa#Q99i&UM z^)AflF(b#GhVe0G)^esL9GGvz1MMZ*WA>PNZL^{9 zPx_nli!!roIYsGz23g-CU_DXsc7Y_U>@i1Xh8dr$__oWHV1tJrUrq7O3xp|dNLUddMqwwi?W_XBAn||{XE=YD3O@f`;hQ6}1_Iv;2 zY{XhCo`n$3RdrnU*HiqKVV?otbYk`CWG8@R*Mr5avFD(jG=C1-@Yp&zQr=?UK8sfh zShVZhg!=;xY2ei+dD%%aUW;AxO#dTeH#Kw_np(v51$PZK^1P*MK7T)OS?*!ih=u-k z7D$W=+Z75AGiwyE^P}f9ro*z`fF#yS9>VV~u58K{R zg$=q*@5_dW)apuD%B@Mo}E~^8UXR!u3|mTkW(y=n6X9^A_Nw z(OjW>L4mST(rla0kqA*QcDPi_1wor`7Q=ie+w)ol=wIIdQ<~8Jj#dn1wo9h|0paQA zWvbA|k`>k>@duf#2~O^9F&lha>bs*{-liavdIJ4;amd&fD=bqTY4HE!c|I$<$~36T zD1XA9PBW+<`4VSoM~fXkm7kci<*6c@SnUDgXh(vtL_Zf(B#-l{)RW@ zwSmNd*$L%Z^}%B%Pl;;-*<(e*YD|U{i5sq~gp8hpzm9(bia8|t3&g@k4 z#k`sI<9$-xxfxH@SdsCl&$iFjb-)>k2uZce zl5*QLK+{A32kg1Q z-vtMXS;Py5uOt2{VxDt(-+{EOI0C)`evIe#TQNrVijlbr#VhidmCLHt1n|A3evSVW zD-txfop5SFIxS%5cZ$mKhb>I4l&z=GtR4ArThvvDzcVzp_q5t&vZm$S;cEvMMsl1a z;`)=fF%=31GRw0?9}NrFm!5&@KD-Ute!Nf$t=ESB+=Z779>0X?F#H%beoh9eyq#+_ zK|8volKkxgUYd4ig}Zh9$U|ikwEqPmj-w0S+7J{z{mA5Kz>sJC1jBg!oWOw5zArc# zP@ZXniLNA_wNX}Np&2go2}d=V&*@y8bXzFYrg3X$qc1_!Bb4%disDj&&I>K>qL%sp zwf8fpl@!J=)ZJ;ShAdN64)-h2zx1TSr){$pad!;ow7{B?l$v=%UfLx{8;!cV8Z0dI z|Js9lTQ(6cWDy}=B_~YUVk(7--<&Q_J*TMH>A_Q-XIpP7+d7Z}$2H&|wdUhf8F;(k zsn#2r6Qw_xzi8`A{8#c;-*SA4o*da9acXcuRNCTp;=f~Wx_5`ofo9QILqOACx%rNq zfE@nvuWOe)Vfqa}vJaY7Ts_BrG8r6)yPmd>s5e3h-wj^>RlU>WA+_aatySz>pDsY5 zc7)u*K4(KY9{1Ihb^oWmzI5iwu6wdr(ZoWKk$}nNr5kl}D~%+%u5@0f&iwDyi>IuQ z;{e0mmJHs_R0Bz}6DLXx9GAln^;L559*XMRGe#KlnL+TAg z^PXF({%P^YN4YjHNgfhs(~uJJON=~6jMzzVCny;q^Mg&0n zs4kVTaQNs^vJ)78qD!ts?x3j|@;rt@x3c3DRzJ5eY|?;!oXS|Co5K9rhAtz!a9iuG zjljf}!EtZ3kc7GFeFkH+C^Qwx9G)aHrxfcorf(Tj%A3#pcl^FSwqx1Opg)#GrL!}Q z`B1?00zr#A#?Kry8G2~TyRm!PWPsmnBrkuPz5H#vXz`8v(lE>4otITdpgTX6nT`gR zne}JO2tT_(FnqA~W#zQy`8$vBxp%kImYZndrR(mfq>7&m_D^hE#Le48pPLPVdwNlr z?Fu5ZGIQLappSOyYr+^?72;KhHowBv^~i=Ov%_?x(*orCPWMSq3*tA3;YR0NBXrsNfzS@NYp>wlx zY7WoRuy5{L>eopAogfmt_XLlRd6d|e4ZXpscjjY>GJ)hoCvi(RmjNqjUl>-&4IYib)xz$I= z>|AC|3pZRyH23#C;VG5E4a`xWfNlH;?Cm8&)P&kC^asN#lY?4kk>u;ec#BaB-__1$ z-v6mjz}R%(u*bKDzRKJ&xP_MxIY4{cY+(?+T|ft8oiD~DSsP8!+EfwzYi!kNcv{)j z*Uk%DxiQg$_72wPH2LAj5B>JM_C2u1zH4<1Bj3=UZ>djoZk}x$_kfBW>x8t{!L)H=7bJ?carreBi*~AJeNc7hZ1pbU3M9busrX0o zfjE9V;*F zv^n=#^6L%d4^HckMN~|pIuilS)c-IZWUbO3ZYUCAYc0$RDh!bC&m?U$*}^O0h06nm zZpmuIUx$F@-xVkx%WGIu(vRKFXRicVdiIR3xlF?J*Vm5?;#PD%WtKgFr9Sn0^`95@a@hxhBvUu0MGbS?j zbiKLqIt1b6?2|cT9b-2QCsmx+G|vgeVg^?E)%s`>&j61J24S!0KJrYNA2OI4ckU|l zr~0z%@hfyByK++&0nW&XK%IQqE?gmeQF&PWwX=qrl&JuqUEuDW($rY^1}fA?O8W8<(s;*Y?{mgZTh zpj9qs7M`IJpF>q2xw|&Csznni@XXdGN?o<)y%ugJ3qcYHRsxw_aiJnS1H+CpJL^SI zl?0;K`aZ2M|B7GPo_V5?Z}Ss_P%Pwj*F2utKl-sKa&@#irSd+v-LavVE##Y|N~fuR z9L2J~sXtO|{^ObZ&AzF#ir$N2RC02`ViWQsdUZAP4I@=*Z;Hyg17p?Ss@4x0Gf~>Db zd_$$CGg~u7oAnN8WmK&`%)AC6H%3g|M~JldXYNWB9nOtDMJFur>#wO@f)>{<&GsYp z^hDAPJaqIgfZIX7lGW4tqh$O;E@pGzf5m#A3;@NnVz>g~O^-WaC{)ba0}Jkm&Y+5; z?A=Nk0r>97U4Y1~KA31E({e9ubrY)~*DcnR)} zw{~+1oYYRKAHotjR>_j>W2RLVN<8O!^<)h4fwF;Cz-JJsevg!{`%6_D(ylB`u3Y$Qy;+aYTGq{aF=6h4; zXIT|Ae2dk#mwOTx*Bc zssjtWuKnN-CCb$3>M~E7%ZjFB4_^|*!+&0vGBhZ++o6J@lDK(4dXVbbpq4KH~mwu)xVZ^HTFA+6e9gg=7FGM6NCH0wK{UR9^b@ z`i^p%Hnt&z{jofIARhl*)G9t zZu6LKIAGnNNh>@P=2|Zh?h|m91TLCM^-}m0_>ZI7`fBi*Io<3Ybi!T!Gaj&lIRb8M z`A%iBxQT3!xz5&cOeG$n?w%P5bYhhIk|1d9FV}c+M2$k(W|O6x48Oco`UHg7^Y*2u<5E_DK}P zrRo^X@hfKeYol&&{1BdMh2B4#fTMP!*Y6p!1EB=;m8=a`{bJ;J%s^^%y0P;)z&ObA zmhQ!NqN9oj5N49QfgNY{bwS6oRAanwKhzF2;J7pq$m8cQk2ws84^)2#1Ke+2vWfIE zgAx`cKJ_xQ)5OT^s;`ECA-Vd4K~VJ*>0KYKd9;i9J#)JjY_Pu6@}rvohZY0yG1a%w zWBe|rYvmfT9&7wug~>cHUe={hiwm7`TaGGb3#J3R-UtUO zN>*7|nsdKokB~DS4jp~p!Ty|Et)POB*`HO`Q|;VPzN;8}CXbBkMnt8rX^VQ8S=phu z227D9x$xP49g~IecQ+110`)y39FESTWH7y%dJ4d0;+lrIsr7Afp$BROD5iIZRrOu4 zLikeBYAjTx$l8BVB~Ry(VH~)B6_{6b?vHAfa8KP{&B<6lOR~a^Bs^}6;c0Kz6?ljN zZ9})4x!L$D<0x_Mh+t=-jth8TB7hMCJDs0|K2?nKmWjvxSV*>FgGB}TgCBC5-KRNu zCjX|G--RUmKRIxsiw41K3k(&)aft3Y1MCwQ*uZlRtC|4O0ZT|4v`spzH@!YSGsW!r zn>TRB_Z8B?_Tvx=^eC>%#j=+Jyv_LTt0w)OCH1PaT~`ixsSV+@t%l~?*jwrgFmO~9v0ax!7&4<8%EuI87x?|;|1{zI&fxhc@kG}CNY zELG!vi0lluYSZi&qow^5{Gu~#l}vLCRlf*8d<@L;#ogT>WtoRL%z<=nmPtl3pUww8 zH9i_Lb1GX+YOVg09V->?xiey4(f|+eeaE7bxPzsMRF%*CqRN!tPFIfu{oa^}m}RSG zwLA?;X0)15X+8_1IG_HN^IhCeOM&qJK&h;(L4wl&EV%rFtiMBt0)2dW^#kaO_edFo2s5vsH9=0 zr!C_KzLXwzt&Sf~%55Z`d0BqM1;BT2%yYS2HNPU2ccjX~dQg4P1hZF@^kd;H7Tg*G z&oDdJpVd9HrlFch(~zMw@3zunek%aL8(a4##s*<*IArl~c$M+mRHE&OJar3JA&B5( z&_SbPcEws-9=T>>uycHomztK44h<0jREK;}uE6^;TXVe9!<vS*|ej z_)4la>Fq4UdL7}{#^KlW*noxJjr=|>(H@VFnEz#~Eo|q#Oj*O;XSWzn?piK?8{Xm6 zrCFKgTBdhrOKFPx9r@ZjzgKDSCkh+k!MHsecJ{K%47RO>4D)95{58ovrc_J=<~i!{ zNZ;uD4PD0#B1Z=ynb?}yl1D=~$GZnqLEa$UQd4bnFfned zK+$yMM~=$*Xk6+!DmP=lWDiYxZ|r9lkM9|>@5|UCui!y$Dd0?{N2`pqIQ>0O37NS| z&wNFC7Ho6m&j;GkNs1j7s2jRSMTw|JW{i;aX-;a>#eh|PC&qt!r(E0vVP-E!5o4~O zihL&pzxmGx>l&=*roAI^*Qpo9bsVHJH^MHG@IX8tUe80L0j1t&lQ$AJkUD5Kf$+b5 z6|+THBS`|o8}$2=X~#%&EYOozM}AnKD*TyQy7Ig2g^!H6j<95^E-6}HU=)WOhF{#> zDYG9omp;exeiym-xDa0YGeFREM62p`>$$2dQzj)J%IWsnXbM0(fwQhFy(WEC`r6pW zQN>CtH)*fc${S*HJ2wu;__N-^W1+_%q90zl2Xygik{oZv)moqiZ8Qz4;ZibiK^^hU_{IueKK+xAthe zb+g90dL{RgX{%G6&*|W6(jvFs_OY*>YdRcheu}V*EMqgE`e_&*17frtAgq= z8=KcFC3=1R*k=o`Q}@y2TlKYy1j2d`U}J{`Jx#LnIi12I01 z!+VgHh1RDHylR=K6I#J$21C-B=r?Z1m8D-8JR^5s?%)Z zeq1jdOd<&C5|f*_DA^cxG=H8uq{BGBvvq#=iN!^@|72IXsGrqIG87N>>x*KC+jQ$s ziLdsTnh`DCjI;jky6Up{w=z19gYR#AngEL*?8J9ua2Tl#J&|y`S?80T-r&^;6OuQJ zKi1|8IVAzRcM&T6xguKrdACQ6n;lNNPY-}&X9fZWuC>{+J&&z=YJwnmH~wAZd`IT= zYskot02Az_MoTq?$+-XE?t8mDEB*;ji{8s@&bb_I!$>#5tYbm&Y9G=WZ(e}%1a$TG zL7>aunhN3Kqbfu9Jx~9+lCO%tn-`Y_QQR<%w2wcpj6?8wb@J|$12@y@qb5{Uj9$Ca z?-$utTRyn8#^aP3kmnl=?V$WY8AxSGqHONkC4Afmn3>OC6V@k5d69dV$52MY3(wuIhnFmN=JL3_dtayyq)@;fU|o2mNR>a8=wE8jrx zm7;Tx1VhnCV3JXRlBN!+N$6^v^#!i@$d_bq@9LS^Z-8t@;#M@E{LRB23r$(Iz~Qd_ zue|_KbG#}Uqh&gx{g(Wx2?mLG^Ulp4ma4*)jL_5xSS+G$3=$!^G~@yvK04Ep5?XOp zA=d4=#yF42EW+g04Y&JnF)|ooBX%OjhD*VXKXw8`Pfpy##h5LQ#eto>pRL zk3`_(O@m=LCg+ z%n9P%E3>>1Wi)@JrOH4?*=?XJo@zbOcdC9-5spVw-}-|6lF{0=R?s*Ng~1Npf>N7T z#y$Cj_l(48SNe$fNYOu}J!8=p=Nq?5B_6-Q*gjS*Lg>+x)g2k^{wsCv?u_mthVyp{5!S|H2zJ9#JFwSE#2<6}A zC8u4h)N#RKcxu1=5Wn}d0% zQ-@Oy(ltFLdM@)_!UGJiSP)tWw8ZrOM#zX(QCFTGp(XE)I7 h_a_5Est~}zy=2sKoNxx{G=cw1LN0#ScJ5z=e*jZv9Ekt` literal 0 HcmV?d00001 diff --git a/v1.9.2/index.html b/v1.9.2/index.html new file mode 100644 index 00000000..dd47e9a1 --- /dev/null +++ b/v1.9.2/index.html @@ -0,0 +1,2062 @@ + + + + + + + + + + + + + + + + + + + + + + + + Amazon EKS Blueprints Addons + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + +
+ + + + +
+ +
+ + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + +

Amazon EKS Blueprints Addons

+

Terraform module to deploy Kubernetes addons on Amazon EKS clusters.

+

Usage

+
module "eks" {
+  source = "terraform-aws-modules/eks/aws"
+
+  cluster_name    = "my-cluster"
+  cluster_version = "1.27"
+
+  ... truncated for brevity
+}
+
+module "eks_blueprints_addons" {
+  source = "aws-ia/eks-blueprints-addons/aws"
+  version = "~> 1.0" #ensure to update this to the latest/desired version
+
+  cluster_name      = module.eks.cluster_name
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider_arn = module.eks.oidc_provider_arn
+
+  eks_addons = {
+    aws-ebs-csi-driver = {
+      most_recent = true
+    }
+    coredns = {
+      most_recent = true
+    }
+    vpc-cni = {
+      most_recent = true
+    }
+    kube-proxy = {
+      most_recent = true
+    }
+  }
+
+  enable_aws_load_balancer_controller    = true
+  enable_cluster_proportional_autoscaler = true
+  enable_karpenter                       = true
+  enable_kube_prometheus_stack           = true
+  enable_metrics_server                  = true
+  enable_external_dns                    = true
+  enable_cert_manager                    = true
+  cert_manager_route53_hosted_zone_arns  = ["arn:aws:route53:::hostedzone/XXXXXXXXXXXXX"]
+
+  tags = {
+    Environment = "dev"
+  }
+}
+
+ +

Requirements

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameVersion
terraform>= 1.0
aws>= 5.0
helm>= 2.9
kubernetes>= 2.20
time>= 0.9
+

Providers

+ + + + + + + + + + + + + + + + + + + + + + + + + +
NameVersion
aws>= 5.0
helm>= 2.9
kubernetes>= 2.20
time>= 0.9
+

Modules

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameSourceVersion
argo_eventsaws-ia/eks-blueprints-addon/aws1.1.1
argo_rolloutsaws-ia/eks-blueprints-addon/aws1.1.1
argo_workflowsaws-ia/eks-blueprints-addon/aws1.1.1
argocdaws-ia/eks-blueprints-addon/aws1.1.1
aws_cloudwatch_metricsaws-ia/eks-blueprints-addon/aws1.1.1
aws_efs_csi_driveraws-ia/eks-blueprints-addon/aws1.1.1
aws_for_fluentbitaws-ia/eks-blueprints-addon/aws1.1.1
aws_fsx_csi_driveraws-ia/eks-blueprints-addon/aws1.1.1
aws_gateway_api_controlleraws-ia/eks-blueprints-addon/aws1.1.1
aws_load_balancer_controlleraws-ia/eks-blueprints-addon/aws1.1.1
aws_node_termination_handleraws-ia/eks-blueprints-addon/aws1.1.1
aws_node_termination_handler_sqsterraform-aws-modules/sqs/aws4.0.1
aws_privateca_issueraws-ia/eks-blueprints-addon/aws1.1.1
cert_manageraws-ia/eks-blueprints-addon/aws1.1.1
cluster_autoscaleraws-ia/eks-blueprints-addon/aws1.1.1
cluster_proportional_autoscaleraws-ia/eks-blueprints-addon/aws1.1.1
external_dnsaws-ia/eks-blueprints-addon/aws1.1.1
external_secretsaws-ia/eks-blueprints-addon/aws1.1.1
gatekeeperaws-ia/eks-blueprints-addon/aws1.1.1
ingress_nginxaws-ia/eks-blueprints-addon/aws1.1.1
karpenteraws-ia/eks-blueprints-addon/aws1.1.1
karpenter_sqsterraform-aws-modules/sqs/aws4.0.1
kube_prometheus_stackaws-ia/eks-blueprints-addon/aws1.1.1
metrics_serveraws-ia/eks-blueprints-addon/aws1.1.1
secrets_store_csi_driveraws-ia/eks-blueprints-addon/aws1.1.1
secrets_store_csi_driver_provider_awsaws-ia/eks-blueprints-addon/aws1.1.1
veleroaws-ia/eks-blueprints-addon/aws1.1.1
vpaaws-ia/eks-blueprints-addon/aws1.1.1
+

Resources

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameType
aws_autoscaling_group_tag.aws_node_termination_handlerresource
aws_autoscaling_lifecycle_hook.aws_node_termination_handlerresource
aws_cloudwatch_event_rule.aws_node_termination_handlerresource
aws_cloudwatch_event_rule.karpenterresource
aws_cloudwatch_event_target.aws_node_termination_handlerresource
aws_cloudwatch_event_target.karpenterresource
aws_cloudwatch_log_group.aws_for_fluentbitresource
aws_cloudwatch_log_group.fargate_fluentbitresource
aws_eks_addon.thisresource
aws_iam_instance_profile.karpenterresource
aws_iam_policy.fargate_fluentbitresource
aws_iam_role.karpenterresource
aws_iam_role_policy_attachment.additionalresource
aws_iam_role_policy_attachment.karpenterresource
helm_release.thisresource
kubernetes_config_map_v1.aws_loggingresource
kubernetes_config_map_v1_data.aws_for_fluentbit_containerinsightsresource
kubernetes_namespace_v1.aws_observabilityresource
time_sleep.thisresource
aws_caller_identity.currentdata source
aws_eks_addon_version.thisdata source
aws_iam_policy_document.aws_efs_csi_driverdata source
aws_iam_policy_document.aws_for_fluentbitdata source
aws_iam_policy_document.aws_fsx_csi_driverdata source
aws_iam_policy_document.aws_gateway_api_controllerdata source
aws_iam_policy_document.aws_load_balancer_controllerdata source
aws_iam_policy_document.aws_node_termination_handlerdata source
aws_iam_policy_document.aws_privateca_issuerdata source
aws_iam_policy_document.cert_managerdata source
aws_iam_policy_document.cluster_autoscalerdata source
aws_iam_policy_document.external_dnsdata source
aws_iam_policy_document.external_secretsdata source
aws_iam_policy_document.fargate_fluentbitdata source
aws_iam_policy_document.karpenterdata source
aws_iam_policy_document.karpenter_assume_roledata source
aws_iam_policy_document.velerodata source
aws_partition.currentdata source
aws_region.currentdata source
+

Inputs

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescriptionTypeDefaultRequired
argo_eventsArgo Events add-on configuration valuesany{}no
argo_rolloutsArgo Rollouts add-on configuration valuesany{}no
argo_workflowsArgo Workflows add-on configuration valuesany{}no
argocdArgoCD add-on configuration valuesany{}no
aws_cloudwatch_metricsCloudwatch Metrics add-on configuration valuesany{}no
aws_efs_csi_driverEFS CSI Driver add-on configuration valuesany{}no
aws_for_fluentbitAWS Fluentbit add-on configurationsany{}no
aws_for_fluentbit_cw_log_groupAWS Fluentbit CloudWatch Log Group configurationsany{}no
aws_fsx_csi_driverFSX CSI Driver add-on configuration valuesany{}no
aws_gateway_api_controllerAWS Gateway API Controller add-on configuration valuesany{}no
aws_load_balancer_controllerAWS Load Balancer Controller add-on configuration valuesany{}no
aws_node_termination_handlerAWS Node Termination Handler add-on configuration valuesany{}no
aws_node_termination_handler_asg_arnsList of Auto Scaling group ARNs that AWS Node Termination Handler will monitor for EC2 eventslist(string)[]no
aws_node_termination_handler_sqsAWS Node Termination Handler SQS queue configuration valuesany{}no
aws_privateca_issuerAWS PCA Issuer add-on configurationsany{}no
cert_managercert-manager add-on configuration valuesany{}no
cert_manager_route53_hosted_zone_arnsList of Route53 Hosted Zone ARNs that are used by cert-manager to create DNS recordslist(string)
[
  "arn:aws:route53:::hostedzone/*"
]
no
cluster_autoscalerCluster Autoscaler add-on configuration valuesany{}no
cluster_endpointEndpoint for your Kubernetes API serverstringn/ayes
cluster_nameName of the EKS clusterstringn/ayes
cluster_proportional_autoscalerCluster Proportional Autoscaler add-on configurationsany{}no
cluster_versionKubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.24)stringn/ayes
create_delay_dependenciesDependency attribute which must be resolved before starting the create_delay_durationlist(string)[]no
create_delay_durationThe duration to wait before creating resourcesstring"30s"no
create_kubernetes_resourcesCreate Kubernetes resource with Helm or Kubernetes providerbooltrueno
eks_addonsMap of EKS add-on configurations to enable for the cluster. Add-on name can be the map keys or set with nameany{}no
eks_addons_timeoutsCreate, update, and delete timeout configurations for the EKS add-onsmap(string){}no
enable_argo_eventsEnable Argo Events add-onboolfalseno
enable_argo_rolloutsEnable Argo Rollouts add-onboolfalseno
enable_argo_workflowsEnable Argo workflows add-onboolfalseno
enable_argocdEnable Argo CD Kubernetes add-onboolfalseno
enable_aws_cloudwatch_metricsEnable AWS Cloudwatch Metrics add-on for Container Insightsboolfalseno
enable_aws_efs_csi_driverEnable AWS EFS CSI Driver add-onboolfalseno
enable_aws_for_fluentbitEnable AWS for FluentBit add-onboolfalseno
enable_aws_fsx_csi_driverEnable AWS FSX CSI Driver add-onboolfalseno
enable_aws_gateway_api_controllerEnable AWS Gateway API Controller add-onboolfalseno
enable_aws_load_balancer_controllerEnable AWS Load Balancer Controller add-onboolfalseno
enable_aws_node_termination_handlerEnable AWS Node Termination Handler add-onboolfalseno
enable_aws_privateca_issuerEnable AWS PCA Issuerboolfalseno
enable_cert_managerEnable cert-manager add-onboolfalseno
enable_cluster_autoscalerEnable Cluster autoscaler add-onboolfalseno
enable_cluster_proportional_autoscalerEnable Cluster Proportional Autoscalerboolfalseno
enable_external_dnsEnable external-dns operator add-onboolfalseno
enable_external_secretsEnable External Secrets operator add-onboolfalseno
enable_fargate_fluentbitEnable Fargate FluentBit add-onboolfalseno
enable_gatekeeperEnable Gatekeeper add-onboolfalseno
enable_ingress_nginxEnable Ingress Nginxboolfalseno
enable_karpenterEnable Karpenter controller add-onboolfalseno
enable_kube_prometheus_stackEnable Kube Prometheus Stackboolfalseno
enable_metrics_serverEnable metrics server add-onboolfalseno
enable_secrets_store_csi_driverEnable CSI Secrets Store Providerboolfalseno
enable_secrets_store_csi_driver_provider_awsEnable AWS CSI Secrets Store Providerboolfalseno
enable_veleroEnable Kubernetes Dashboard add-onboolfalseno
enable_vpaEnable Vertical Pod Autoscaler add-onboolfalseno
external_dnsexternal-dns add-on configuration valuesany{}no
external_dns_route53_zone_arnsList of Route53 zones ARNs which external-dns will have access to create/manage records (if using Route53)list(string)[]no
external_secretsExternal Secrets add-on configuration valuesany{}no
external_secrets_kms_key_arnsList of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secretslist(string)
[
  "arn:aws:kms:::key/*"
]
no
external_secrets_secrets_manager_arnsList of Secrets Manager ARNs that contain secrets to mount using External Secretslist(string)
[
  "arn:aws:secretsmanager:::secret:*"
]
no
external_secrets_ssm_parameter_arnsList of Systems Manager Parameter ARNs that contain secrets to mount using External Secretslist(string)
[
  "arn:aws:ssm:::parameter/*"
]
no
fargate_fluentbitFargate fluentbit add-on configany{}no
fargate_fluentbit_cw_log_groupAWS Fargate Fluentbit CloudWatch Log Group configurationsany{}no
gatekeeperGatekeeper add-on configurationany{}no
helm_releasesA map of Helm releases to create. This provides the ability to pass in an arbitrary map of Helm chart definitions to createany{}no
ingress_nginxIngress Nginx add-on configurationsany{}no
karpenterKarpenter add-on configuration valuesany{}no
karpenter_enable_spot_terminationDetermines whether to enable native node termination handlingbooltrueno
karpenter_nodeKarpenter IAM role and IAM instance profile configuration valuesany{}no
karpenter_sqsKarpenter SQS queue for native node termination handling configuration valuesany{}no
kube_prometheus_stackKube Prometheus Stack add-on configurationsany{}no
metrics_serverMetrics Server add-on configurationsany{}no
oidc_provider_arnThe ARN of the cluster OIDC Providerstringn/ayes
secrets_store_csi_driverCSI Secrets Store Provider add-on configurationsany{}no
secrets_store_csi_driver_provider_awsCSI Secrets Store Provider add-on configurationsany{}no
tagsA map of tags to add to all resourcesmap(string){}no
veleroVelero add-on configuration valuesany{}no
vpaVertical Pod Autoscaler add-on configuration valuesany{}no
+

Outputs

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
argo_eventsMap of attributes of the Helm release created
argo_rolloutsMap of attributes of the Helm release created
argo_workflowsMap of attributes of the Helm release created
argocdMap of attributes of the Helm release created
aws_cloudwatch_metricsMap of attributes of the Helm release and IRSA created
aws_efs_csi_driverMap of attributes of the Helm release and IRSA created
aws_for_fluentbitMap of attributes of the Helm release and IRSA created
aws_fsx_csi_driverMap of attributes of the Helm release and IRSA created
aws_gateway_api_controllerMap of attributes of the Helm release and IRSA created
aws_load_balancer_controllerMap of attributes of the Helm release and IRSA created
aws_node_termination_handlerMap of attributes of the Helm release and IRSA created
aws_privateca_issuerMap of attributes of the Helm release and IRSA created
cert_managerMap of attributes of the Helm release and IRSA created
cluster_autoscalerMap of attributes of the Helm release and IRSA created
cluster_proportional_autoscalerMap of attributes of the Helm release and IRSA created
eks_addonsMap of attributes for each EKS addons enabled
external_dnsMap of attributes of the Helm release and IRSA created
external_secretsMap of attributes of the Helm release and IRSA created
fargate_fluentbitMap of attributes of the configmap and IAM policy created
gatekeeperMap of attributes of the Helm release and IRSA created
gitops_metadataGitOps Bridge metadata
helm_releasesMap of attributes of the Helm release created
ingress_nginxMap of attributes of the Helm release and IRSA created
karpenterMap of attributes of the Helm release and IRSA created
kube_prometheus_stackMap of attributes of the Helm release and IRSA created
metrics_serverMap of attributes of the Helm release and IRSA created
secrets_store_csi_driverMap of attributes of the Helm release and IRSA created
secrets_store_csi_driver_provider_awsMap of attributes of the Helm release and IRSA created
veleroMap of attributes of the Helm release and IRSA created
vpaMap of attributes of the Helm release and IRSA created
+ + + + + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + \ No newline at end of file diff --git a/v1.9.2/search/search_index.json b/v1.9.2/search/search_index.json new file mode 100644 index 00000000..ff85c6e2 --- /dev/null +++ b/v1.9.2/search/search_index.json @@ -0,0 +1 @@ +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Overview","text":""},{"location":"#amazon-eks-blueprints-addons","title":"Amazon EKS Blueprints Addons","text":"

Terraform module to deploy Kubernetes addons on Amazon EKS clusters.

"},{"location":"#usage","title":"Usage","text":"
module \"eks\" {\nsource = \"terraform-aws-modules/eks/aws\"\ncluster_name    = \"my-cluster\"\ncluster_version = \"1.27\"\n... truncated for brevity\n}\nmodule \"eks_blueprints_addons\" {\nsource = \"aws-ia/eks-blueprints-addons/aws\"\nversion = \"~> 1.0\" #ensure to update this to the latest/desired version\ncluster_name      = module.eks.cluster_name\ncluster_endpoint  = module.eks.cluster_endpoint\ncluster_version   = module.eks.cluster_version\noidc_provider_arn = module.eks.oidc_provider_arn\neks_addons = {\naws-ebs-csi-driver = {\nmost_recent = true\n}\ncoredns = {\nmost_recent = true\n}\nvpc-cni = {\nmost_recent = true\n}\nkube-proxy = {\nmost_recent = true\n}\n}\nenable_aws_load_balancer_controller    = true\nenable_cluster_proportional_autoscaler = true\nenable_karpenter                       = true\nenable_kube_prometheus_stack           = true\nenable_metrics_server                  = true\nenable_external_dns                    = true\nenable_cert_manager                    = true\ncert_manager_route53_hosted_zone_arns  = [\"arn:aws:route53:::hostedzone/XXXXXXXXXXXXX\"]\ntags = {\nEnvironment = \"dev\"\n}\n}\n
"},{"location":"#requirements","title":"Requirements","text":"Name Version terraform >= 1.0 aws >= 5.0 helm >= 2.9 kubernetes >= 2.20 time >= 0.9"},{"location":"#providers","title":"Providers","text":"Name Version aws >= 5.0 helm >= 2.9 kubernetes >= 2.20 time >= 0.9"},{"location":"#modules","title":"Modules","text":"Name Source Version argo_events aws-ia/eks-blueprints-addon/aws 1.1.1 argo_rollouts aws-ia/eks-blueprints-addon/aws 1.1.1 argo_workflows aws-ia/eks-blueprints-addon/aws 1.1.1 argocd aws-ia/eks-blueprints-addon/aws 1.1.1 aws_cloudwatch_metrics aws-ia/eks-blueprints-addon/aws 1.1.1 aws_efs_csi_driver aws-ia/eks-blueprints-addon/aws 1.1.1 aws_for_fluentbit aws-ia/eks-blueprints-addon/aws 1.1.1 aws_fsx_csi_driver aws-ia/eks-blueprints-addon/aws 1.1.1 aws_gateway_api_controller aws-ia/eks-blueprints-addon/aws 1.1.1 aws_load_balancer_controller aws-ia/eks-blueprints-addon/aws 1.1.1 aws_node_termination_handler aws-ia/eks-blueprints-addon/aws 1.1.1 aws_node_termination_handler_sqs terraform-aws-modules/sqs/aws 4.0.1 aws_privateca_issuer aws-ia/eks-blueprints-addon/aws 1.1.1 cert_manager aws-ia/eks-blueprints-addon/aws 1.1.1 cluster_autoscaler aws-ia/eks-blueprints-addon/aws 1.1.1 cluster_proportional_autoscaler aws-ia/eks-blueprints-addon/aws 1.1.1 external_dns aws-ia/eks-blueprints-addon/aws 1.1.1 external_secrets aws-ia/eks-blueprints-addon/aws 1.1.1 gatekeeper aws-ia/eks-blueprints-addon/aws 1.1.1 ingress_nginx aws-ia/eks-blueprints-addon/aws 1.1.1 karpenter aws-ia/eks-blueprints-addon/aws 1.1.1 karpenter_sqs terraform-aws-modules/sqs/aws 4.0.1 kube_prometheus_stack aws-ia/eks-blueprints-addon/aws 1.1.1 metrics_server aws-ia/eks-blueprints-addon/aws 1.1.1 secrets_store_csi_driver aws-ia/eks-blueprints-addon/aws 1.1.1 secrets_store_csi_driver_provider_aws aws-ia/eks-blueprints-addon/aws 1.1.1 velero aws-ia/eks-blueprints-addon/aws 1.1.1 vpa aws-ia/eks-blueprints-addon/aws 1.1.1"},{"location":"#resources","title":"Resources","text":"Name Type aws_autoscaling_group_tag.aws_node_termination_handler resource aws_autoscaling_lifecycle_hook.aws_node_termination_handler resource aws_cloudwatch_event_rule.aws_node_termination_handler resource aws_cloudwatch_event_rule.karpenter resource aws_cloudwatch_event_target.aws_node_termination_handler resource aws_cloudwatch_event_target.karpenter resource aws_cloudwatch_log_group.aws_for_fluentbit resource aws_cloudwatch_log_group.fargate_fluentbit resource aws_eks_addon.this resource aws_iam_instance_profile.karpenter resource aws_iam_policy.fargate_fluentbit resource aws_iam_role.karpenter resource aws_iam_role_policy_attachment.additional resource aws_iam_role_policy_attachment.karpenter resource helm_release.this resource kubernetes_config_map_v1.aws_logging resource kubernetes_config_map_v1_data.aws_for_fluentbit_containerinsights resource kubernetes_namespace_v1.aws_observability resource time_sleep.this resource aws_caller_identity.current data source aws_eks_addon_version.this data source aws_iam_policy_document.aws_efs_csi_driver data source aws_iam_policy_document.aws_for_fluentbit data source aws_iam_policy_document.aws_fsx_csi_driver data source aws_iam_policy_document.aws_gateway_api_controller data source aws_iam_policy_document.aws_load_balancer_controller data source aws_iam_policy_document.aws_node_termination_handler data source aws_iam_policy_document.aws_privateca_issuer data source aws_iam_policy_document.cert_manager data source aws_iam_policy_document.cluster_autoscaler data source aws_iam_policy_document.external_dns data source aws_iam_policy_document.external_secrets data source aws_iam_policy_document.fargate_fluentbit data source aws_iam_policy_document.karpenter data source aws_iam_policy_document.karpenter_assume_role data source aws_iam_policy_document.velero data source aws_partition.current data source aws_region.current data source"},{"location":"#inputs","title":"Inputs","text":"Name Description Type Default Required argo_events Argo Events add-on configuration values any {} no argo_rollouts Argo Rollouts add-on configuration values any {} no argo_workflows Argo Workflows add-on configuration values any {} no argocd ArgoCD add-on configuration values any {} no aws_cloudwatch_metrics Cloudwatch Metrics add-on configuration values any {} no aws_efs_csi_driver EFS CSI Driver add-on configuration values any {} no aws_for_fluentbit AWS Fluentbit add-on configurations any {} no aws_for_fluentbit_cw_log_group AWS Fluentbit CloudWatch Log Group configurations any {} no aws_fsx_csi_driver FSX CSI Driver add-on configuration values any {} no aws_gateway_api_controller AWS Gateway API Controller add-on configuration values any {} no aws_load_balancer_controller AWS Load Balancer Controller add-on configuration values any {} no aws_node_termination_handler AWS Node Termination Handler add-on configuration values any {} no aws_node_termination_handler_asg_arns List of Auto Scaling group ARNs that AWS Node Termination Handler will monitor for EC2 events list(string) [] no aws_node_termination_handler_sqs AWS Node Termination Handler SQS queue configuration values any {} no aws_privateca_issuer AWS PCA Issuer add-on configurations any {} no cert_manager cert-manager add-on configuration values any {} no cert_manager_route53_hosted_zone_arns List of Route53 Hosted Zone ARNs that are used by cert-manager to create DNS records list(string) 
[  \"arn:aws:route53:::hostedzone/*\"]
no cluster_autoscaler Cluster Autoscaler add-on configuration values any {} no cluster_endpoint Endpoint for your Kubernetes API server string n/a yes cluster_name Name of the EKS cluster string n/a yes cluster_proportional_autoscaler Cluster Proportional Autoscaler add-on configurations any {} no cluster_version Kubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.24) string n/a yes create_delay_dependencies Dependency attribute which must be resolved before starting the create_delay_duration list(string) [] no create_delay_duration The duration to wait before creating resources string \"30s\" no create_kubernetes_resources Create Kubernetes resource with Helm or Kubernetes provider bool true no eks_addons Map of EKS add-on configurations to enable for the cluster. Add-on name can be the map keys or set with name any {} no eks_addons_timeouts Create, update, and delete timeout configurations for the EKS add-ons map(string) {} no enable_argo_events Enable Argo Events add-on bool false no enable_argo_rollouts Enable Argo Rollouts add-on bool false no enable_argo_workflows Enable Argo workflows add-on bool false no enable_argocd Enable Argo CD Kubernetes add-on bool false no enable_aws_cloudwatch_metrics Enable AWS Cloudwatch Metrics add-on for Container Insights bool false no enable_aws_efs_csi_driver Enable AWS EFS CSI Driver add-on bool false no enable_aws_for_fluentbit Enable AWS for FluentBit add-on bool false no enable_aws_fsx_csi_driver Enable AWS FSX CSI Driver add-on bool false no enable_aws_gateway_api_controller Enable AWS Gateway API Controller add-on bool false no enable_aws_load_balancer_controller Enable AWS Load Balancer Controller add-on bool false no enable_aws_node_termination_handler Enable AWS Node Termination Handler add-on bool false no enable_aws_privateca_issuer Enable AWS PCA Issuer bool false no enable_cert_manager Enable cert-manager add-on bool false no enable_cluster_autoscaler Enable Cluster autoscaler add-on bool false no enable_cluster_proportional_autoscaler Enable Cluster Proportional Autoscaler bool false no enable_external_dns Enable external-dns operator add-on bool false no enable_external_secrets Enable External Secrets operator add-on bool false no enable_fargate_fluentbit Enable Fargate FluentBit add-on bool false no enable_gatekeeper Enable Gatekeeper add-on bool false no enable_ingress_nginx Enable Ingress Nginx bool false no enable_karpenter Enable Karpenter controller add-on bool false no enable_kube_prometheus_stack Enable Kube Prometheus Stack bool false no enable_metrics_server Enable metrics server add-on bool false no enable_secrets_store_csi_driver Enable CSI Secrets Store Provider bool false no enable_secrets_store_csi_driver_provider_aws Enable AWS CSI Secrets Store Provider bool false no enable_velero Enable Kubernetes Dashboard add-on bool false no enable_vpa Enable Vertical Pod Autoscaler add-on bool false no external_dns external-dns add-on configuration values any {} no external_dns_route53_zone_arns List of Route53 zones ARNs which external-dns will have access to create/manage records (if using Route53) list(string) [] no external_secrets External Secrets add-on configuration values any {} no external_secrets_kms_key_arns List of KMS Key ARNs that are used by Secrets Manager that contain secrets to mount using External Secrets list(string) 
[  \"arn:aws:kms:::key/*\"]
no external_secrets_secrets_manager_arns List of Secrets Manager ARNs that contain secrets to mount using External Secrets list(string) 
[  \"arn:aws:secretsmanager:::secret:*\"]
no external_secrets_ssm_parameter_arns List of Systems Manager Parameter ARNs that contain secrets to mount using External Secrets list(string) 
[  \"arn:aws:ssm:::parameter/*\"]
no fargate_fluentbit Fargate fluentbit add-on config any {} no fargate_fluentbit_cw_log_group AWS Fargate Fluentbit CloudWatch Log Group configurations any {} no gatekeeper Gatekeeper add-on configuration any {} no helm_releases A map of Helm releases to create. This provides the ability to pass in an arbitrary map of Helm chart definitions to create any {} no ingress_nginx Ingress Nginx add-on configurations any {} no karpenter Karpenter add-on configuration values any {} no karpenter_enable_spot_termination Determines whether to enable native node termination handling bool true no karpenter_node Karpenter IAM role and IAM instance profile configuration values any {} no karpenter_sqs Karpenter SQS queue for native node termination handling configuration values any {} no kube_prometheus_stack Kube Prometheus Stack add-on configurations any {} no metrics_server Metrics Server add-on configurations any {} no oidc_provider_arn The ARN of the cluster OIDC Provider string n/a yes secrets_store_csi_driver CSI Secrets Store Provider add-on configurations any {} no secrets_store_csi_driver_provider_aws CSI Secrets Store Provider add-on configurations any {} no tags A map of tags to add to all resources map(string) {} no velero Velero add-on configuration values any {} no vpa Vertical Pod Autoscaler add-on configuration values any {} no"},{"location":"#outputs","title":"Outputs","text":"Name Description argo_events Map of attributes of the Helm release created argo_rollouts Map of attributes of the Helm release created argo_workflows Map of attributes of the Helm release created argocd Map of attributes of the Helm release created aws_cloudwatch_metrics Map of attributes of the Helm release and IRSA created aws_efs_csi_driver Map of attributes of the Helm release and IRSA created aws_for_fluentbit Map of attributes of the Helm release and IRSA created aws_fsx_csi_driver Map of attributes of the Helm release and IRSA created aws_gateway_api_controller Map of attributes of the Helm release and IRSA created aws_load_balancer_controller Map of attributes of the Helm release and IRSA created aws_node_termination_handler Map of attributes of the Helm release and IRSA created aws_privateca_issuer Map of attributes of the Helm release and IRSA created cert_manager Map of attributes of the Helm release and IRSA created cluster_autoscaler Map of attributes of the Helm release and IRSA created cluster_proportional_autoscaler Map of attributes of the Helm release and IRSA created eks_addons Map of attributes for each EKS addons enabled external_dns Map of attributes of the Helm release and IRSA created external_secrets Map of attributes of the Helm release and IRSA created fargate_fluentbit Map of attributes of the configmap and IAM policy created gatekeeper Map of attributes of the Helm release and IRSA created gitops_metadata GitOps Bridge metadata helm_releases Map of attributes of the Helm release created ingress_nginx Map of attributes of the Helm release and IRSA created karpenter Map of attributes of the Helm release and IRSA created kube_prometheus_stack Map of attributes of the Helm release and IRSA created metrics_server Map of attributes of the Helm release and IRSA created secrets_store_csi_driver Map of attributes of the Helm release and IRSA created secrets_store_csi_driver_provider_aws Map of attributes of the Helm release and IRSA created velero Map of attributes of the Helm release and IRSA created vpa Map of attributes of the Helm release and IRSA created"},{"location":"amazon-eks-addons/","title":"Amazon EKS Add-ons","text":"

The Amazon EKS add-on implementation is generic and can be used to deploy any add-on supported by the EKS API; either native EKS addons or third party add-ons supplied via the AWS Marketplace.

See the EKS documentation for more details on EKS addon-ons, including the list of Amazon EKS add-ons from Amazon EKS, as well as Additional Amazon EKS add-ons from independent software vendors.

"},{"location":"amazon-eks-addons/#architecture-support","title":"Architecture Support","text":"

The Amazon EKS provided add-ons listed below support both x86_64/amd64 and arm64 architectures. Third party add-ons that are available via the AWS Marketplace will vary based on the support provided by the add-on vendor. No additional changes are required to add-on configurations when switching between x86_64/amd64 and arm64 architectures; Amazon EKS add-ons utilize multi-architecture container images to support this functionality.

Add-on x86_64/amd64 arm64 vpc-cni \u2705 \u2705 aws-ebs-csi-driver \u2705 \u2705 coredns \u2705 \u2705 kube-proxy \u2705 \u2705 adot \u2705 \u2705 aws-guardduty-agent \u2705 \u2705"},{"location":"amazon-eks-addons/#usage","title":"Usage","text":"

The Amazon EKS add-ons are provisioned via a generic interface behind the eks_addons argument which accepts a map of add-on configurations. The generic interface for an add-on is defined below for reference:

module \"eks_blueprints_addons\" {\nsource = \"aws-ia/eks-blueprints-addons/aws\"\n  # ... truncated for brevity\neks_addons = {\n<key> = {\nname = string # Optional - <key> is used if `name` is not set\nmost_recent          = bool\naddon_version        = string # overrides `most_recent` if set\nconfiguration_values = string # JSON string\npreserve                    = bool # defaults to `true`\nresolve_conflicts_on_create = string # defaults to `OVERWRITE`\nresolve_conflicts_on_update = string # defaults to `OVERWRITE`\ntimeouts = {\ncreate = string # optional\nupdate = string # optional\ndelete = string # optional\n}\ntags = map(string)\n}\n}\n}\n
"},{"location":"amazon-eks-addons/#example","title":"Example","text":"
module \"eks_blueprints_addons\" {\nsource = \"aws-ia/eks-blueprints-addons/aws\"\n  # ... truncated for brevity\neks_addons = {\n    # Amazon EKS add-ons\naws-ebs-csi-driver = {\nmost_recent              = true\nservice_account_role_arn = module.ebs_csi_driver_irsa.iam_role_arn\n}\ncoredns = {\nmost_recent = true\ntimeouts = {\ncreate = \"25m\"\ndelete = \"10m\"\n}\n}\nvpc-cni = {\nmost_recent              = true\nservice_account_role_arn = module.vpc_cni_irsa.iam_role_arn\n}\nkube-proxy = {}\n    # Third party add-ons via AWS Marketplace\nkubecost_kubecost = {\nmost_recent = true\n}\nteleport_teleport = {\nmost_recent = true\n}\n}\n}\n
"},{"location":"amazon-eks-addons/#configuration-values","title":"Configuration Values","text":"

You can supply custom configuration values to each addon via the configuration_values argument of the add-on definition. The value provided must be a JSON encoded string and adhere to the JSON scheme provided by the version of the add-on. You can view this schema using the awscli by supplying the add-on name and version to the describe-addon-configuration command:

aws eks describe-addon-configuration \\\n--addon-name coredns \\\n--addon-version v1.8.7-eksbuild.2 \\\n--query 'configurationSchema' \\\n--output text | jq\n

Which returns the formatted JSON schema like below:

{\n\"$ref\": \"#/definitions/Coredns\",\n\"$schema\": \"http://json-schema.org/draft-06/schema#\",\n\"definitions\": {\n\"Coredns\": {\n\"additionalProperties\": false,\n\"properties\": {\n\"computeType\": {\n\"type\": \"string\"\n},\n\"corefile\": {\n\"description\": \"Entire corefile contents to use with installation\",\n\"type\": \"string\"\n},\n\"nodeSelector\": {\n\"additionalProperties\": {\n\"type\": \"string\"\n},\n\"type\": \"object\"\n},\n\"replicaCount\": {\n\"type\": \"integer\"\n},\n\"resources\": {\n\"$ref\": \"#/definitions/Resources\"\n}\n},\n\"title\": \"Coredns\",\n\"type\": \"object\"\n},\n\"Limits\": {\n\"additionalProperties\": false,\n\"properties\": {\n\"cpu\": {\n\"type\": \"string\"\n},\n\"memory\": {\n\"type\": \"string\"\n}\n},\n\"title\": \"Limits\",\n\"type\": \"object\"\n},\n\"Resources\": {\n\"additionalProperties\": false,\n\"properties\": {\n\"limits\": {\n\"$ref\": \"#/definitions/Limits\"\n},\n\"requests\": {\n\"$ref\": \"#/definitions/Limits\"\n}\n},\n\"title\": \"Resources\",\n\"type\": \"object\"\n}\n}\n}\n

You can supply the configuration values to the add-on by passing a map of the values wrapped in the jsonencode() function as shown below:

module \"eks_blueprints_addons\" {\nsource = \"aws-ia/eks-blueprints-addons/aws\"\n  # ... truncated for brevity\neks_addons = {\ncoredns = {\nmost_recent = true\nconfiguration_values = jsonencode({\nreplicaCount = 4\nresources = {\nlimits = {\ncpu    = \"100m\"\nmemory = \"150Mi\"\n}\nrequests = {\ncpu    = \"100m\"\nmemory = \"150Mi\"\n}\n}\n})\n}\n}\n}\n
"},{"location":"architectures/","title":"Architectures","text":""},{"location":"architectures/#addons","title":"Addons","text":"Addon x86_64/amd64 arm64 Argo Rollouts \u2705 \u2705 Argo Workflows \u2705 \u2705 Argo CD \u2705 \u2705 AWS CloudWatch Metrics \u2705 \u2705 AWS EFS CSI Driver \u2705 \u2705 AWS for FluentBit \u2705 \u2705 AWS FSx CSI Driver \u2705 \u2705 AWS Load Balancer Controller \u2705 \u2705 AWS Node Termination Handler \u2705 \u2705 AWS Private CA Issuer \u2705 \u2705 Cert Manager \u2705 \u2705 Cluster Autoscaler \u2705 \u2705 Cluster Proportional Autoscaler \u2705 \u2705 External DNS \u2705 \u2705 External Secrets \u2705 \u2705 OPA Gatekeeper \u2705 \u2705 Ingress Nginx \u2705 \u2705 Karpenter \u2705 \u2705 Kube-Prometheus Stack \u2705 \u2705 Metrics Server \u2705 \u2705 Secrets Store CSI Driver \u2705 \u2705 Secrets Store CSI Driver Provider AWS \u2705 \u2705 Velero \u2705 \u2705 Vertical Pod Autoscaler \u2705 \u2705"},{"location":"architectures/#amazon-eks-addons","title":"Amazon EKS Addons","text":"

The Amazon EKS provided add-ons listed below support both x86_64/amd64 and arm64 architectures. Third party add-ons that are available via the AWS Marketplace will vary based on the support provided by the add-on vendor. No additional changes are required to add-on configurations when switching between x86_64/amd64 and arm64 architectures; Amazon EKS add-ons utilize multi-architecture container images to support this functionality. These addons are specified via the eks_addons input variable.

Addon x86_64/amd64 arm64 AWS VPC CNI \u2705 \u2705 AWS EBS CSI Driver \u2705 \u2705 CoreDNS \u2705 \u2705 Kube-proxy \u2705 \u2705 ADOT Collector \u2705 \u2705 AWS GuardDuty Agent \u2705 \u2705"},{"location":"aws-partner-addons/","title":"AWS Partner Addons","text":"

The following addons are provided by AWS Partners for use with Amazon EKS Blueprints for Terraform. Please see the respective addon repository for more information on the addon, its supported configuration values, as well as questions, comments, and feature requests.

Addon Description Ondat Ondat is a Kubernetes-native storage platform that enables stateful applications to run on Kubernetes. Hashicorp - Consul Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. Hashicorp - Vault Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Sysdig Sysdig CNAPP helps you stop cloud and container security attacks with no wasted time. Tetrate Istio Tetrate Istio Distro is an open source project from Tetrate that provides vetted builds of Istio tested against all major cloud platforms. NetApp ONTAP Astra Trident NetApp's Astra Trident provides dynamic storage orchestration for FSx for NetApp ONTAP using a Container Storage Interface (CSI) compliant driver. Kong Konnect Gateway Kong Gateway is the fastest and most adopted API gateway that integrates with Kong Konnect, the end-to-end SaaS API lifecycle management platform. Kong Konnect Kong Ingress Controller Kong Ingress Controller combines the powerful features of the widely popular Kong Gateway with Kubernetes in a truly Kubernetes-native manner and now integrated with Kong Konnect, the end-to-end SaaS API lifecycle management platform."},{"location":"helm-release/","title":"Helm Release Add-ons","text":"

Starting with EKS Blueprints v5 we have made a decision to only support the provisioning of a certain core set of add-ons. On an going basis, we will evaluate the current list to see if more add-ons need to be supported via this repo. Typically you can expect that any AWS created add-on that is not yet available via the Amazon EKS add-ons will be prioritized to be provisioned through this repository.

In addition to these AWS add-ons, we will also support the provisioning of certain OSS add-ons that we think customers will benefit from. These are selected based on customer demand (e.g. metrics-server) and certain patterns (gitops) that are foundational elements for a complete blueprint of an EKS cluster.

One of the reasons customers pick Kubernetes is because of its strong commercial and open-source software ecosystem and would like to provision add-ons that are not necessarily supported by EKS Blueprints. For such add-ons the options are as following:

"},{"location":"helm-release/#with-helm_release-terraform-resource","title":"With helm_release Terraform Resource","text":"

The helm_release resource is the most fundamental way to provision a helm chart via Terraform.

Use this resource, if you need to control the lifecycle add-ons down to level of each add-on resource.

"},{"location":"helm-release/#with-helm_releases-variable","title":"With helm_releases Variable","text":"

You can use the helm_releases variable in EKS Blueprints Add-ons to provide a map of add-ons and their respective Helm configuration. Under the hood, we just iterate through the provided map and pass each configuration to the Terraform helm_release resource.

E.g.

module \"addons\" {\nsource  = \"aws-ia/eks-blueprints-addons/aws\"\nversion = \"~> 1.0\"\ncluster_name      = \"<cluster_name>\"\ncluster_endpoint  = \"<cluster_endpoint>\"\ncluster_version   = \"<cluster_version>\"\noidc_provider_arn = \"<oidc_provider_arn>\"\n  # EKS add-ons\neks_addons = {\ncoredns = {}\nvpc-cni = {}\nkube-proxy = {}\n}\n  # Blueprints add-ons\nenable_aws_efs_csi_driver                    = true\nenable_aws_cloudwatch_metrics                = true\nenable_cert_manager                          = true\n...\n  # Pass in any number of Helm charts to be created for those that are not natively supported\nhelm_releases = {\nprometheus-adapter = {\ndescription      = \"A Helm chart for k8s prometheus adapter\"\nnamespace        = \"prometheus-adapter\"\ncreate_namespace = true\nchart            = \"prometheus-adapter\"\nchart_version    = \"4.2.0\"\nrepository       = \"https://prometheus-community.github.io/helm-charts\"\nvalues = [\n<<-EOT\n          replicas: 2\n          podDisruptionBudget:\n            enabled: true\n        EOT\n]\n}\ngpu-operator = {\ndescription      = \"A Helm chart for NVIDIA GPU operator\"\nnamespace        = \"gpu-operator\"\ncreate_namespace = true\nchart            = \"gpu-operator\"\nchart_version    = \"v23.3.2\"\nrepository       = \"https://nvidia.github.io/gpu-operator\"\nvalues = [\n<<-EOT\n          operator:\n            defaultRuntime: containerd\n        EOT\n]\n}\n}\ntags = local.tags\n}\n

With this pattern, the lifecycle of all your add-ons is tied to that of the addons module. This allows you to easily target the addon module in your Terraform apply and destroy commands. E.g.

terraform apply -target=module.addons\n\nterraform destroy -target=module.addons\n
"},{"location":"helm-release/#with-eks-blueprints-addon-module","title":"With EKS Blueprints Addon Module","text":"

If you have an add-on that requires an IAM Role for Service Account (IRSA), we have created a new Terraform module terraform-aws-eks-blueprints-addon that can help provision a Helm chart along with an IAM role and policies with permissions required for the add-on to function properly. We use this module for all of the add-ons that are provisioned by EKS Blueprints Add-ons today.

You can optionally use this module for add-ons that do not need IRSA or even just to create the IAM resources for IRSA and skip the helm release. Detailed usage of how to consume this module can be found in its readme.

This pattern can be used to create a Terraform module with a set of add-ons that are not supported in the EKS Blueprints Add-ons today and wrap them in the same module definition. An example of this is the ACK add-ons repository which is a collection of ACK helm chart deployments with IRSA for each of the ACK controllers.

"},{"location":"addons/argo-events/","title":"Argo Events","text":"

Argo Events is an open source container-native event-driven workflow automation framework for Kubernetes which helps you trigger K8s objects, Argo Workflows, Serverless workloads, etc. on events from a variety of sources. Argo Events is implemented as a Kubernetes CRD (Custom Resource Definition).

"},{"location":"addons/argo-events/#usage","title":"Usage","text":"

Argo Events can be deployed by enabling the add-on via the following.

enable_argo_events = true\n

You can optionally customize the Helm chart that deploys Argo Events via the following configuration.

  enable_argo_events = true\nargo_events = {\nname          = \"argo-events\"\nchart_version = \"2.4.0\"\nrepository    = \"https://argoproj.github.io/argo-helm\"\nnamespace     = \"argo-events\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify argo-events pods are running.

$ kubectl get pods -n argo-events\nNAME                                                  READY   STATUS    RESTARTS   AGE\nargo-events-controller-manager-bfb894cdb-k8hzn        1/1     Running   0          11m\n
"},{"location":"addons/argo-rollouts/","title":"Argo Rollouts","text":"

Argo Rollouts is a Kubernetes controller and set of CRDs which provide advanced deployment capabilities such as blue-green, canary, canary analysis, experimentation, and progressive delivery features to Kubernetes.

"},{"location":"addons/argo-rollouts/#usage","title":"Usage","text":"

Argo Rollouts can be deployed by enabling the add-on via the following.

enable_argo_rollouts = true\n

You can optionally customize the Helm chart that deploys Argo Rollouts via the following configuration.

  enable_argo_rollouts = true\nargo_rollouts = {\nname          = \"argo-rollouts\"\nchart_version = \"2.22.3\"\nrepository    = \"https://argoproj.github.io/argo-helm\"\nnamespace     = \"argo-rollouts\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify argo-rollouts pods are running.

$ kubectl get pods -n argo-rollouts\nNAME                             READY   STATUS    RESTARTS   AGE\nargo-rollouts-5db5688849-x89zb   0/1     Running   0          11s\n
"},{"location":"addons/argo-workflows/","title":"Argo Workflows","text":"

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows is implemented as a Kubernetes CRD (Custom Resource Definition).

"},{"location":"addons/argo-workflows/#usage","title":"Usage","text":"

Argo Workflows can be deployed by enabling the add-on via the following.

enable_argo_workflows = true\n

You can optionally customize the Helm chart that deploys Argo Workflows via the following configuration.

  enable_argo_workflows = true\nargo_workflows = {\nname          = \"argo-workflows\"\nchart_version = \"0.28.2\"\nrepository    = \"https://argoproj.github.io/argo-helm\"\nnamespace     = \"argo-workflows\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify argo-workflows pods are running.

$ kubectl get pods -n argo-workflows\nNAME                                                  READY   STATUS    RESTARTS   AGE\nargo-workflows-server-68988cd864-22zhr                1/1     Running   0          6m32s\nargo-workflows-workflow-controller-7ff7b5658d-9q44f   1/1     Running   0          6m32s\n
"},{"location":"addons/argocd/","title":"Argo CD","text":"

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

"},{"location":"addons/argocd/#usage","title":"Usage","text":"

Argo CD can be deployed by enabling the add-on via the following.

enable_argocd = true\n

You can optionally customize the Helm chart that deploys Argo CD via the following configuration.

  enable_argocd = true\nargocd = {\nname          = \"argocd\"\nchart_version = \"5.29.1\"\nrepository    = \"https://argoproj.github.io/argo-helm\"\nnamespace     = \"argocd\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify argocd pods are running.

$ kubectl get pods -n argocd\nNAME                                                        READY   STATUS    RESTARTS   AGE\nargo-cd-argocd-application-controller-0                     1/1     Running   0          146m\nargo-cd-argocd-applicationset-controller-678d85f77b-rmpcb   1/1     Running   0          146m\nargo-cd-argocd-dex-server-7b6c9b5969-zpqnl                  1/1     Running   0          146m\nargo-cd-argocd-notifications-controller-6d489b99c9-j6fdw    1/1     Running   0          146m\nargo-cd-argocd-redis-59dd95f5b5-8fx74                       1/1     Running   0          146m\nargo-cd-argocd-repo-server-7b9bd88c95-mh2fz                 1/1     Running   0          146m\nargo-cd-argocd-server-6f9cfdd4d5-8mfpc                      1/1     Running   0          146m\n
"},{"location":"addons/aws-cloudwatch-metrics/","title":"AWS CloudWatch Metrics","text":"

Use CloudWatch Container Insights to collect, aggregate, and summarize metrics and logs from your containerized applications and microservices. CloudWatch automatically collects metrics for many resources, such as CPU, memory, disk, and network. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects.

Container Insights collects data as performance log events using embedded metric format. These performance log events are entries that use a structured JSON schema that enables high-cardinality data to be ingested and stored at scale. From this data, CloudWatch creates aggregated metrics at the cluster, node, pod, task, and service level as CloudWatch metrics. The metrics that Container Insights collects are available in CloudWatch automatic dashboards, and also viewable in the Metrics section of the CloudWatch console.

"},{"location":"addons/aws-cloudwatch-metrics/#usage","title":"Usage","text":"

aws-cloudwatch-metrics can be deployed by enabling the add-on via the following.

enable_aws_cloudwatch_metrics = true\n

You can also customize the Helm chart that deploys aws-cloudwatch-metrics via the following configuration:

  enable_aws_cloudwatch_metrics        = true\naws_cloudwatch_metrics_irsa_policies = [\"IAM Policies\"]\naws_cloudwatch_metrics   = {\nrole_policies = [\"IAM Policies\"]  # extra policies in addition of CloudWatchAgentServerPolicy\nname          = \"aws-cloudwatch-metrics\"\nrepository    = \"https://aws.github.io/eks-charts\"\nchart_version = \"0.0.9\"\nnamespace     = \"amazon-cloudwatch\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})] # The value `clusterName` is already set to the EKS cluster name, no need to specify here\n}\n

Verify aws-cloudwatch-metrics pods are running

$ kubectl get pods -n amazon-cloudwatch\n\nNAME                           READY   STATUS    RESTARTS   AGE\naws-cloudwatch-metrics-2dt5h   1/1     Running   0          149m\n
"},{"location":"addons/aws-efs-csi-driver/","title":"AWS EFS CSI Driver","text":"

This add-on deploys the AWS EFS CSI driver into an EKS cluster.

"},{"location":"addons/aws-efs-csi-driver/#usage","title":"Usage","text":"

The AWS EFS CSI driver can be deployed by enabling the add-on via the following. Check out the full example to deploy an EKS Cluster with EFS backing the dynamic provisioning of persistent volumes.

  enable_aws_efs_csi_driver = true\n

You can optionally customize the Helm chart that deploys the driver via the following configuration.

  enable_aws_efs_csi_driver = true\n  # Optional aws_efs_csi_driver_helm_config\naws_efs_csi_driver = {\nrepository     = \"https://kubernetes-sigs.github.io/aws-efs-csi-driver/\"\nchart_version  = \"2.4.1\"\n}\naws_efs_csi_driver {\nrole_policies = [\"<ADDITIONAL_IAM_POLICY_ARN>\"]\n}\n

Once deployed, you will be able to see a number of supporting resources in the kube-system namespace.

$ kubectl get deployment efs-csi-controller -n kube-system\n\nNAME                 READY   UP-TO-DATE   AVAILABLE   AGE\nefs-csi-controller   2/2     2            2           4m29s\n
$ kubectl get daemonset efs-csi-node -n kube-system\n\nNAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE\nefs-csi-node   3         3         3       3            3           beta.kubernetes.io/os=linux   4m32s\n
"},{"location":"addons/aws-efs-csi-driver/#validate-efs-csi-driver","title":"Validate EFS CSI Driver","text":"

Follow the static provisioning example described here to validate the CSI driver is working as expected.

"},{"location":"addons/aws-for-fluentbit/","title":"AWS for Fluent Bit","text":"

AWS provides a Fluent Bit image with plugins for both CloudWatch Logs and Kinesis Data Firehose. We recommend using Fluent Bit as your log router because it has a lower resource utilization rate than Fluentd.

"},{"location":"addons/aws-for-fluentbit/#usage","title":"Usage","text":"

AWS for Fluent Bit can be deployed by enabling the add-on via the following.

enable_aws_for_fluentbit = true\n

You can optionally customize the Helm chart that deploys AWS for Fluent Bit via the following configuration.

  enable_aws_for_fluentbit = true\naws_for_fluentbit_cw_log_group = {\ncreate          = true\nuse_name_prefix = true # Set this to true to enable name prefix\nname_prefix     = \"eks-cluster-logs-\"\nretention       = 7\n}\naws_for_fluentbit = {\nname          = \"aws-for-fluent-bit\"\nchart_version = \"0.1.28\"\nrepository    = \"https://aws.github.io/eks-charts\"\nnamespace     = \"kube-system\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

If you want to enable Container Insights on Amazon EKS through Fluent Bit, you need to add the following parameter in your configuration:

  enable_aws_for_fluentbit = true\naws_for_fluentbit = {\nenable_containerinsights = true\n}\n

By default, ClusterInsights will not enable the kubelet monitoring feature, with AWS for FluentBit integration, since this is an optional feature that is suggested to be enabled only on large clusters. To enable the ClusterInsights Use_Kubelet feature you'll need to provide a few more parametees:

  enable_aws_for_fluentbit = true\naws_for_fluentbit = {\nenable_containerinsights = true\nkubelet_monitoring       = true\nset = [{\nname  = \"cloudWatchLogs.autoCreateGroup\"\nvalue = true\n},\n{\nname  = \"hostNetwork\"\nvalue = true\n},\n{\nname  = \"dnsPolicy\"\nvalue = \"ClusterFirstWithHostNet\"\n}\n]\n}\n
"},{"location":"addons/aws-for-fluentbit/#verify-the-fluent-bit-setup","title":"Verify the Fluent Bit setup","text":"

Verify aws-for-fluentbit pods are running.

$ kubectl -n kube-system get pods -l app.kubernetes.io/name=aws-for-fluent-bit\nNAME                       READY   STATUS    RESTARTS   AGE\naws-for-fluent-bit-6lhkj   1/1     Running   0          15m\naws-for-fluent-bit-sbn9b   1/1     Running   0          15m\naws-for-fluent-bit-svhwq   1/1     Running   0          15m\n

Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/

In the navigation pane, choose Log groups.

Make sure that you're in the Region where you deployed Fluent Bit.

Check the list of log groups in the Region. You should see the following:

/aws/eks/complete/aws-fluentbit-logs\n

If you enabled Container Insights, you should also see the following Log Groups in your CloudWatch Console.

/aws/containerinsights/Cluster_Name/application\n\n/aws/containerinsights/Cluster_Name/host\n\n/aws/containerinsights/Cluster_Name/dataplane\n

Navigate to one of these log groups and check the Last Event Time for the log streams. If it is recent relative to when you deployed Fluent Bit, the setup is verified.

There might be a slight delay in creating the /dataplane log group. This is normal as these log groups only get created when Fluent Bit starts sending logs for that log group.

"},{"location":"addons/aws-fsx-csi-driver/","title":"AWS FSx CSI Driver","text":"

This add-on deploys the Amazon FSx CSI Driver in to an Amazon EKS Cluster.

"},{"location":"addons/aws-fsx-csi-driver/#usage","title":"Usage","text":"

The Amazon FSx CSI Driver can be deployed by enabling the add-on via the following.

  enable_aws_fsx_csi_driver = true\n
"},{"location":"addons/aws-fsx-csi-driver/#helm-chart-customization","title":"Helm Chart customization","text":"

You can optionally customize the Helm chart deployment using a configuration like the following.

  enable_aws_fsx_csi_driver = true\naws_fsx_csi_driver = {\nnamespace     = \"aws-fsx-csi-driver\"\nchart_version = \"1.6.0\"\nrole_policies = <ADDITIONAL_IAM_POLICY_ARN>\n}\n

You can find all available Helm Chart parameter values here

"},{"location":"addons/aws-fsx-csi-driver/#validation","title":"Validation","text":"

Once deployed, you will be able to see a number of supporting resources in the kube-system namespace.

$ kubectl -n kube-system get deployment fsx-csi-controller\n\nNAME                 READY   UP-TO-DATE   AVAILABLE   AGE\nfsx-csi-controller   2/2     2            2           4m29s\n\n$ kubectl -n kube-system get pods -l app=fsx-csi-controller\nNAME                                  READY   STATUS    RESTARTS   AGE\nfsx-csi-controller-56c6d9bbb8-89cpc   4/4     Running   0          3m30s\nfsx-csi-controller-56c6d9bbb8-9wnlh   4/4     Running   0          3m30s\n
$ kubectl -n kube-system get daemonset fsx-csi-node\nNAME           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE\nfsx-csi-node   3         3         3       3            3           kubernetes.io/os=linux   5m27s\n\n$ kubectl -n kube-system get pods -l  app=fsx-csi-node\nNAME                 READY   STATUS    RESTARTS   AGE\nfsx-csi-node-7c5z6   3/3     Running   0          5m29s\nfsx-csi-node-d5q28   3/3     Running   0          5m29s\nfsx-csi-node-hlg8q   3/3     Running   0          5m29s\n

Create a StorageClass. Replace the SubnetID and the SecurityGroupID with your own values. More details here.

$ cat <<EOF | kubectl apply -f -\nkind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n  name: fsx-sc\nprovisioner: fsx.csi.aws.com\nparameters:\n  subnetId: <YOUR_SUBNET_IDs>\n  securityGroupIds: <YOUR_SG_ID>\n  perUnitStorageThroughput: \"200\"\n  deploymentType: PERSISTENT_1\nmountOptions:\n  - flock\nEOF\n
$ kubect describe storageclass fsx-sc\nName:            fsx-sc\nIsDefaultClass:  No\nAnnotations:     kubectl.kubernetes.io/last-applied-configuration={\"apiVersion\":\"storage.k8s.io/v1\",\"kind\":\"StorageClass\",\"metadata\":{\"annotations\":{},\"name\":\"fsx-sc\"},\"mountOptions\":null,\"parameters\":{\"deploymentType\":\"PERSISTENT_1\",\"perUnitStorageThroughput\":\"200\",\"securityGroupIds\":\"sg-q1w2e3r4t5y6u7i8o\",\"subnetId\":\"subnet-q1w2e3r4t5y6u7i8o\"},\"provisioner\":\"fsx.csi.aws.com\"}\nProvisioner:           fsx.csi.aws.com\nParameters:            deploymentType=PERSISTENT_1,perUnitStorageThroughput=200,securityGroupIds=sg-q1w2e3r4t5y6u7i8o,subnetId=subnet-q1w2e3r4t5y6u7i8o\nAllowVolumeExpansion:  <unset>\nMountOptions:          <none>\nReclaimPolicy:         Delete\nVolumeBindingMode:     Immediate\nEvents:                <none>\n

Create a PVC.

$ cat <<EOF | kubectl apply -f -\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n  name: fsx-claim\nspec:\n  accessModes:\n    - ReadWriteMany\n  storageClassName: fsx-sc\n  resources:\n    requests:\n      storage: 1200Gi\nEOF\n

Wait for the PV to be created and bound to your PVC.

$ kubectl get pvc\nNAME        STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE\nfsx-claim   Bound    pvc-df385730-72d6-4b0c-8275-cc055a438760   1200Gi     RWX            fsx-sc         7m47s\n$ kubectl get pv\nNAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM               STORAGECLASS   REASON   AGE\npvc-df385730-72d6-4b0c-8275-cc055a438760   1200Gi     RWX            Delete           Bound    default/fsx-claim   fsx-sc                  2m13s\n
"},{"location":"addons/aws-gateway-api-controller/","title":"AWS Gateway API Controller","text":"

AWS Gateway API Controller lets you connect services across multiple Kubernetes clusters through the Kubernetes Gateway API interface. It is also designed to connect services running on EC2 instances, containers, and as serverless functions. It does this by leveraging Amazon VPC Lattice, which works with Kubernetes Gateway API calls to manage Kubernetes objects.

"},{"location":"addons/aws-gateway-api-controller/#usage","title":"Usage","text":"

AWS Gateway API Controller can be deployed by enabling the add-on via the following.

  enable_aws_gateway_api_controller = true\naws_gateway_api_controller = {\nrepository_username = data.aws_ecrpublic_authorization_token.token.user_name\nrepository_password = data.aws_ecrpublic_authorization_token.token.password\nset = [{\nname  = \"clusterVpcId\"\nvalue = \"vpc-12345abcd\"\n}]\n}\n

You can optionally customize the Helm chart that deploys AWS Gateway API Controller via the following configuration.

  enable_aws_gateway_api_controller = true\naws_gateway_api_controller = {\nname                = \"aws-gateway-api-controller\"\nchart_version       = \"v0.0.12\"\nrepository          = \"oci://public.ecr.aws/aws-application-networking-k8s\"\nrepository_username = data.aws_ecrpublic_authorization_token.token.user_name\nrepository_password = data.aws_ecrpublic_authorization_token.token.password\nnamespace           = \"aws-application-networking-system\"\nvalues              = [templatefile(\"${path.module}/values.yaml\", {})]\nset = [{\nname  = \"clusterVpcId\"\nvalue = \"vpc-12345abcd\"\n}]\n}\n

Verify aws-gateway-api-controller pods are running.

$ kubectl get pods -n aws-application-networking-system\nNAME                                                               READY   STATUS    RESTARTS   AGE\naws-gateway-api-controller-aws-gateway-controller-chart-8f42q426   1/1     Running   0          40s\naws-gateway-api-controller-aws-gateway-controller-chart-8f4tbl9g   1/1     Running   0          71s\n

Deploy example GatewayClass

$ kubectl apply -f https://raw.githubusercontent.com/aws/aws-application-networking-k8s/main/examples/gatewayclass.yaml\ngatewayclass.gateway.networking.k8s.io/amazon-vpc-lattice created\n

Describe GatewayClass

$ kubectl describe gatewayclass\nName:         amazon-vpc-lattice\nNamespace:\nLabels:       <none>\nAnnotations:  <none>\nAPI Version:  gateway.networking.k8s.io/v1beta1\nKind:         GatewayClass\nMetadata:\n  Creation Timestamp:  2023-06-22T22:33:32Z\n  Generation:          1\nResource Version:    819021\nUID:                 aac59195-8f37-4c23-a2a5-b0f363deda77\nSpec:\n  Controller Name:  application-networking.k8s.aws/gateway-api-controller\nStatus:\n  Conditions:\n    Last Transition Time:  2023-06-22T22:33:32Z\n    Message:               Accepted\n    Observed Generation:   1\nReason:                Accepted\n    Status:                True\n    Type:                  Accepted\nEvents:                    <none>\n
"},{"location":"addons/aws-load-balancer-controller/","title":"AWS Load Balancer Controller.","text":"

AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. This Add-on deploys this controller in an Amazon EKS Cluster.

"},{"location":"addons/aws-load-balancer-controller/#usage","title":"Usage","text":"

In order to deploy the AWS Load Balancer Controller Addon via EKS Blueprints Addons, reference the following parameters under the module.eks_blueprints_addons.

NOTE: In versions 2.5 and newer, the AWS Load Balancer Controller becomes the default controller for Kubernetes service resources with the type: LoadBalancer and makes an AWS Network Load Balancer (NLB) for each service. It does this by making a mutating webhook for services, which sets the spec.loadBalancerClass field to service.k8s.aws/nlb for new services of type: LoadBalancer. You can turn off this feature and revert to using the legacy Cloud Provider as the default controller, by setting the helm chart value enableServiceMutatorWebhook to false. The cluster won't provision new Classic Load Balancers for your services unless you turn off this feature. Existing Classic Load Balancers will continue to work.

module \"eks_blueprints_addons\" {\nenable_aws_load_balancer_controller = true\naws_load_balancer_controller = {\nset = [\n{\nname  = \"vpcId\"\nvalue = module.vpc.vpc_id\n},\n{\nname  = \"podDisruptionBudget.maxUnavailable\"\nvalue = 1\n},\n{\nname  = \"enableServiceMutatorWebhook\"\nvalue = \"false\"\n}\n]\n}\n
"},{"location":"addons/aws-load-balancer-controller/#helm-chart-customization","title":"Helm Chart customization","text":"

It's possible to customize your deployment using the Helm Chart parameters inside the aws_load_balancer_controller configuration block:

  aws_load_balancer_controller = {\nset = [\n{\nname  = \"vpcId\"\nvalue = module.vpc.vpc_id\n},\n{\nname  = \"podDisruptionBudget.maxUnavailable\"\nvalue = 1\n},\n{\nname  = \"resources.requests.cpu\"\nvalue = 100m\n},\n{\nname  = \"resources.requests.memory\"\nvalue = 128Mi\n},\n]\n}\n}\n

You can find all available Helm Chart parameter values here.

"},{"location":"addons/aws-load-balancer-controller/#validate","title":"Validate","text":"
  1. To validate the deployment, check if the aws-load-balancer-controller Pods were created in the kube-system Namespace, as the following example.
kubectl -n kube-system get pods | grep aws-load-balancer-controller\nNAMESPACE       NAME                                            READY   STATUS    RESTARTS   AGE\nkube-system     aws-load-balancer-controller-6cbdb58654-fvskt   1/1     Running   0          26m\nkube-system     aws-load-balancer-controller-6cbdb58654-sc7dk   1/1     Running   0          26m\n
  1. Create a Kubernetes Ingress, using the alb IngressClass, pointing to an existing Service. In this example we'll use a Service called example-svc.
kubectl create ingress example-ingress --class alb --rule=\"/*=example-svc:80\" \\\n--annotation alb.ingress.kubernetes.io/scheme=internet-facing \\\n--annotation alb.ingress.kubernetes.io/target-type=ip\n
kubectl get ingress  NAME                CLASS   HOSTS   ADDRESS                                                                 PORTS   AGE\nexample-ingress     alb     *       k8s-example-ingress-7e0d6f03e7-1234567890.us-west-2.elb.amazonaws.com   80      4m9s\n
"},{"location":"addons/aws-load-balancer-controller/#resources","title":"Resources","text":"

GitHub Repo Helm Chart AWS Docs

"},{"location":"addons/aws-node-termination-handler/","title":"AWS Node Termination Handler","text":"

This project ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as EC2 maintenance events, EC2 Spot interruptions, ASG Scale-In, ASG AZ Rebalance, and EC2 Instance Termination via the API or Console. If not handled, your application code may not stop gracefully, take longer to recover full availability, or accidentally schedule work to nodes that are going down.

"},{"location":"addons/aws-node-termination-handler/#usage","title":"Usage","text":"

AWS Node Termination Handler can be deployed by enabling the add-on via the following.

enable_aws_node_termination_handler = true\n

You can optionally customize the Helm chart that deploys AWS Node Termination Handler via the following configuration.

  enable_aws_node_termination_handler = true\naws_node_termination_handler = {\nname          = \"aws-node-termination-handler\"\nchart_version = \"0.21.0\"\nrepository    = \"https://aws.github.io/eks-charts\"\nnamespace     = \"aws-node-termination-handler\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify aws-node-termination-handler pods are running.

$ kubectl get pods -n aws-node-termination-handler\nNAME                                            READY   STATUS    RESTARTS      AGE\naws-node-termination-handler-6f598b6b89-6mqgk   1/1     Running   1 (22h ago)   26h\n

Verify SQS Queue is created.

$ aws sqs list-queues\n\n{\n\"QueueUrls\": [\n\"https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXXXXX/aws_node_termination_handler20221123072051157700000004\"\n]\n}\n

Verify Event Rules are created.

$ aws event list-rules\n{\n[\n{\n\"Name\": \"NTH-ASGTerminiate-20230602191740664900000025\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-ASGTerminiate-20230602191740664900000025\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"EC2 Instance-terminate Lifecycle Action\\\"],\\\"source\\\":[\\\"aws.autoscaling\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"Description\": \"Auto scaling instance terminate event\",\n            \"EventBusName\": \"default\"\n},\n        {\n\"Name\": \"NTH-HealthEvent-20230602191740079300000022\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-HealthEvent-20230602191740079300000022\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"AWS Health Event\\\"],\\\"source\\\":[\\\"aws.health\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"Description\": \"AWS health event\",\n            \"EventBusName\": \"default\"\n},\n        {\n\"Name\": \"NTH-InstanceRebalance-20230602191740077100000021\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-InstanceRebalance-20230602191740077100000021\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"EC2 Instance Rebalance Recommendation\\\"],\\\"source\\\":[\\\"aws.ec2\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"Description\": \"EC2 instance rebalance recommendation\",\n            \"EventBusName\": \"default\"\n},\n        {\n\"Name\": \"NTH-InstanceStateChange-20230602191740165000000024\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-InstanceStateChange-20230602191740165000000024\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"EC2 Instance State-change Notification\\\"],\\\"source\\\":[\\\"aws.ec2\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"Description\": \"EC2 instance state-change notification\",\n            \"EventBusName\": \"default\"\n},\n        {\n\"Name\": \"NTH-SpotInterrupt-20230602191740077100000020\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTH-SpotInterrupt-20230602191740077100000020\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"EC2 Spot Instance Interruption Warning\\\"],\\\"source\\\":[\\\"aws.ec2\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"Description\": \"EC2 spot instance interruption warning\",\n            \"EventBusName\": \"default\"\n},\n        {\n\"Name\": \"NTHASGTermRule\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHASGTermRule\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"EC2 Instance-terminate Lifecycle Action\\\"],\\\"source\\\":[\\\"aws.autoscaling\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"EventBusName\": \"default\"\n},\n        {\n\"Name\": \"NTHInstanceStateChangeRule\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHInstanceStateChangeRule\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"EC2 Instance State-change Notification\\\"],\\\"source\\\":[\\\"aws.ec2\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"EventBusName\": \"default\"\n},\n        {\n\"Name\": \"NTHRebalanceRule\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHRebalanceRule\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"EC2 Instance Rebalance Recommendation\\\"],\\\"source\\\":[\\\"aws.ec2\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"EventBusName\": \"default\"\n},\n        {\n\"Name\": \"NTHScheduledChangeRule\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHScheduledChangeRule\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"AWS Health Event\\\"],\\\"source\\\":[\\\"aws.health\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"EventBusName\": \"default\"\n},\n        {\n\"Name\": \"NTHSpotTermRule\",\n            \"Arn\": \"arn:aws:events:us-west-2:XXXXXXXXXXXXXX:rule/NTHSpotTermRule\",\n            \"EventPattern\": \"{\\\"detail-type\\\":[\\\"EC2 Spot Instance Interruption Warning\\\"],\\\"source\\\":[\\\"aws.ec2\\\"]}\",\n            \"State\": \"ENABLED\",\n            \"EventBusName\": \"default\"\n}\n]\n}\n
"},{"location":"addons/aws-private-ca-issuer/","title":"AWS Private CA Issuer","text":"

AWS Private CA is an AWS service that can setup and manage private CAs, as well as issue private certificates. This add-on deploys the AWS Private CA Issuer as an external issuer to cert-manager that signs off certificate requests using AWS Private CA in an Amazon EKS Cluster.

"},{"location":"addons/aws-private-ca-issuer/#usage","title":"Usage","text":""},{"location":"addons/aws-private-ca-issuer/#pre-requisites","title":"Pre-requisites","text":"

To deploy the AWS PCA, you need to install cert-manager first, refer to this documentation to do it through EKS Blueprints Addons.

"},{"location":"addons/aws-private-ca-issuer/#deployment","title":"Deployment","text":"

With cert-manager deployed in place, you can deploy the AWS Private CA Issuer Add-on via EKS Blueprints Addons, reference the following parameters under the module.eks_blueprints_addons.

module \"eks_blueprints_addons\" {\nenable_cert_manager         = true\nenable_aws_privateca_issuer = true\naws_privateca_issuer = {\nacmca_arn        = aws_acmpca_certificate_authority.this.arn\n}\n}\n
"},{"location":"addons/aws-private-ca-issuer/#helm-chart-customization","title":"Helm Chart customization","text":"

It's possible to customize your deployment using the Helm Chart parameters inside the aws_load_balancer_controller configuration block:

  aws_privateca_issuer = {\nacmca_arn        = aws_acmpca_certificate_authority.this.arn\nnamespace        = \"aws-privateca-issuer\"\ncreate_namespace = true\n}\n

You can find all available Helm Chart parameter values here.

"},{"location":"addons/aws-private-ca-issuer/#validation","title":"Validation","text":"
  1. List all the pods running in aws-privateca-issuer and cert-manager Namespace.
kubectl get pods -n aws-privateca-issuer\nkubectl get pods -n cert-manager\n
  1. Check the certificate status in it should be in Ready state, and be pointing to a secret created in the same Namespace.
kubectl get certificate -o wide\nNAME      READY   SECRET                  ISSUER                    STATUS                                          AGE\nexample   True    example-clusterissuer   tls-with-aws-pca-issuer   Certificate is up to date and has not expired   41m\n\nkubectl get secret example-clusterissuer\nNAME                    TYPE                DATA   AGE\nexample-clusterissuer   kubernetes.io/tls   3      43m\n
"},{"location":"addons/aws-private-ca-issuer/#resources","title":"Resources","text":"

GitHub Repo Helm Chart AWS Docs

"},{"location":"addons/cert-manager/","title":"Cert-Manager","text":"

Cert-manager is a X.509 certificate controller for Kubernetes-like workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry. This Add-on deploys this controller in an Amazon EKS Cluster.

"},{"location":"addons/cert-manager/#usage","title":"Usage","text":"

To deploy cert-manager Add-on via EKS Blueprints Addons, reference the following parameters under the module.eks_blueprints_addons.

module \"eks_blueprints_addons\" {\nenable_cert_manager         = true\n}\n
"},{"location":"addons/cert-manager/#helm-chart-customization","title":"Helm Chart customization","text":"

It's possible to customize your deployment using the Helm Chart parameters inside the cert-manager configuration block:

  cert-manager = {\nchart_version    = \"v1.11.1\"\nnamespace        = \"cert-manager\"\ncreate_namespace = true\n}\n

You can find all available Helm Chart parameter values here

"},{"location":"addons/cert-manager/#validation","title":"Validation","text":"
  1. Validate if the Cert-Manger Pods are Running.
kubectl -n cert-manager get pods\nNAME                                      READY   STATUS    RESTARTS   AGE\ncert-manager-5989bcc87-96qvf              1/1     Running   0          2m49s\ncert-manager-cainjector-9b44ddb68-8c7b9   1/1     Running   0          2m49s\ncert-manager-webhook-776b65456-k6br4      1/1     Running   0          2m49s\n
  1. Create a SelfSigned ClusterIssuer resource in the cluster.
apiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\nname: selfsigned-cluster-issuer\nspec:\nselfSigned: {}\n
kubectl get clusterissuers -o wide selfsigned-cluster-issuer\nNAME                        READY   STATUS   AGE\nselfsigned-cluster-issuer   True             3m\n
  1. Create a Certificate in a given Namespace.
apiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\nname: example\nnamespace: default\nspec:\nisCA: true\ncommonName: example\nsecretName: example-secret\nprivateKey:\nalgorithm: ECDSA\nsize: 256\nissuerRef:\nname: selfsigned-cluster-issuer\nkind: ClusterIssuer\ngroup: cert-manager.io\n
  1. Check the certificate status in it should be in Ready state, and be pointing to a secret created in the same Namespace.
kubectl get certificate -o wide\nNAME      READY   SECRET           ISSUER                      STATUS                                          AGE\nexample   True    example-secret   selfsigned-cluster-issuer   Certificate is up to date and has not expired   44s\n\nkubectl get secret example-secret\nNAME             TYPE                DATA   AGE\nexample-secret   kubernetes.io/tls   3      70s\n
"},{"location":"addons/cert-manager/#resources","title":"Resources","text":"

GitHub Repo Helm Chart

"},{"location":"addons/cluster-autoscaler/","title":"Cluster Autoscaler","text":"

The Kubernetes Cluster Autoscaler automatically adjusts the number of nodes in your cluster when pods fail or are rescheduled onto other nodes. The Cluster Autoscaler uses Auto Scaling groups. For more information, see Cluster Autoscaler on AWS.

"},{"location":"addons/cluster-autoscaler/#usage","title":"Usage","text":"

Cluster Autoscaler can be deployed by enabling the add-on via the following.

enable_cluster_autoscaler = true\n

You can optionally customize the Helm chart that deploys Cluster Autoscaler via the following configuration.

  enable_cluster_autoscaler = true\ncluster_autoscaler = {\nname          = \"cluster-autoscaler\"\nchart_version = \"9.29.0\"\nrepository    = \"https://kubernetes.github.io/autoscaler\"\nnamespace     = \"kube-system\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify cluster-autoscaler pods are running.

$ kubectl get pods -n kube-system\nNAME                                                         READY   STATUS    RESTARTS     AGE\ncluster-autoscaler-aws-cluster-autoscaler-7ff79bc484-pm8g9   1/1     Running   1 (2d ago)   2d5h\n
"},{"location":"addons/cluster-proportional-autoscaler/","title":"Cluster Proportional Autoscaler","text":"

Horizontal cluster-proportional-autoscaler watches over the number of schedulable nodes and cores of the cluster and resizes the number of replicas for the required resource. This functionality may be desirable for applications that need to be autoscaled with the size of the cluster, such as CoreDNS and other services that scale with the number of nodes/pods in the cluster.

The cluster-proportional-autoscaler helps to scale the applications using deployment or replicationcontroller or replicaset. This is an alternative solution to Horizontal Pod Autoscaling. It is typically installed as a Deployment in your cluster.

Refer to the eks-best-practices-guides for addional configuration guidanance.

"},{"location":"addons/cluster-proportional-autoscaler/#usage","title":"Usage","text":"

This add-on requires both enable_cluster_proportional_autoscaler and cluster_proportional_autoscaler as mandatory fields.

The example shows how to enable cluster-proportional-autoscaler for CoreDNS Deployment. CoreDNS deployment is not configured with HPA. So, this add-on helps to scale CoreDNS Add-on according to the size of the nodes and cores.

This Add-on can be used to scale any application with Deployment objects.

enable_cluster_proportional_autoscaler  = true\ncluster_proportional_autoscaler  = {\nvalues = [\n<<-EOT\n        nameOverride: kube-dns-autoscaler\n        # Formula for controlling the replicas. Adjust according to your needs\n        # replicas = max( ceil( cores * 1/coresPerReplica ) , ceil( nodes * 1/nodesPerReplica ) )\n        config:\n          linear:\n            coresPerReplica: 256\n            nodesPerReplica: 16\n            min: 1\n            max: 100\n            preventSinglePointFailure: true\n            includeUnschedulableNodes: true\n        # Target to scale. In format: deployment/*, replicationcontroller/* or replicaset/* (not case sensitive).\n        options:\n          target: deployment/coredns # Notice the target as `deployment/coredns`\n        serviceAccount:\n          create: true\n          name: kube-dns-autoscaler\n        podSecurityContext:\n          seccompProfile:\n            type: RuntimeDefault\n            supplementalGroups: [65534]\n            fsGroup: 65534\n        resources:\n          limits:\n            cpu: 100m\n            memory: 128Mi\n          requests:\n            cpu: 100m\n            memory: 128Mi\n        tolerations:\n          - key: \"CriticalAddonsOnly\"\n            operator: \"Exists\"\n            description: \"Cluster Proportional Autoscaler for CoreDNS Service\"\n      EOT\n]\n}\n
"},{"location":"addons/cluster-proportional-autoscaler/#expected-result","title":"Expected result","text":"

The cluster-proportional-autoscaler pod running in the kube-system namespace. 

kubectl -n kube-system get po -l app.kubernetes.io/instance=cluster-proportional-autoscaler\nNAME                                                              READY   STATUS    RESTARTS   AGE\ncluster-proportional-autoscaler-kube-dns-autoscaler-d8dc8477xx7   1/1     Running   0          21h\n
The cluster-proportional-autoscaler-kube-dns-autoscaler config map exists. 
kubectl -n kube-system get cm cluster-proportional-autoscaler-kube-dns-autoscaler\nNAME                                                  DATA   AGE\ncluster-proportional-autoscaler-kube-dns-autoscaler   1      21h\n

"},{"location":"addons/cluster-proportional-autoscaler/#testing","title":"Testing","text":"

To test that coredns pods scale, first take a baseline of how many nodes the cluster has and how many coredns pods are running. 

kubectl get nodes\nNAME                          STATUS   ROLES    AGE   VERSION\nip-10-0-19-243.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954\nip-10-0-25-182.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954\nip-10-0-40-138.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954\nip-10-0-8-136.ec2.internal    Ready    <none>   21h   v1.26.4-eks-0a21954\n\nkubectl get po -n kube-system -l k8s-app=kube-dns\nNAME                       READY   STATUS    RESTARTS   AGE\ncoredns-7975d6fb9b-dlkdd   1/1     Running   0          21h\ncoredns-7975d6fb9b-xqqwp   1/1     Running   0          21h\n

Change the following parameters in the hcl code above so a scaling event can be easily triggered: 

        config:\nlinear:\ncoresPerReplica: 4\nnodesPerReplica: 2\nmin: 1\nmax: 4\n
and execute terraform apply.

Increase the managed node group desired size, in this example from 4 to 5. This can be done via the AWS Console.

Check that the new node came up and coredns scaled up. 

NAME                          STATUS   ROLES    AGE   VERSION\nip-10-0-14-120.ec2.internal   Ready    <none>   10m   v1.26.4-eks-0a21954\nip-10-0-19-243.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954\nip-10-0-25-182.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954\nip-10-0-40-138.ec2.internal   Ready    <none>   21h   v1.26.4-eks-0a21954\nip-10-0-8-136.ec2.internal    Ready    <none>   21h   v1.26.4-eks-0a21954\n\nkubectl get po -n kube-system -l k8s-app=kube-dns\nNAME                       READY   STATUS    RESTARTS   AGE\ncoredns-7975d6fb9b-dlkdd   1/1     Running   0          21h\ncoredns-7975d6fb9b-ww64t   1/1     Running   0          10m\ncoredns-7975d6fb9b-xqqwp   1/1     Running   0          21h\n

"},{"location":"addons/external-dns/","title":"External DNS","text":"

ExternalDNS makes Kubernetes resources discoverable via public DNS servers. Like KubeDNS, it retrieves a list of resources (Services, Ingresses, etc.) from the Kubernetes API to determine a desired list of DNS records. Unlike KubeDNS, however, it's not a DNS server itself, but merely configures other DNS providers accordingly\u2014e.g. AWS Route 53.

"},{"location":"addons/external-dns/#usage","title":"Usage","text":"

External DNS can be deployed by enabling the add-on via the following.

enable_external_dns = true\n

You can optionally customize the Helm chart that deploys External DNS via the following configuration.

  enable_external_dns = true\nexternal_dns = {\nname          = \"external-dns\"\nchart_version = \"1.12.2\"\nrepository    = \"https://kubernetes-sigs.github.io/external-dns/\"\nnamespace     = \"external-dns\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\nexternal_dns_route53_zone_arns = [\"XXXXXXXXXXXXXXXXXXXXXXX\"]\n

Verify external-dns pods are running.

$ kubectl get pods -n external-dns\nNAME                            READY   STATUS    RESTARTS     AGE\nexternal-dns-849b89c675-ffnf6   1/1     Running   1 (2d ago)   2d5h\n

To further configure external-dns, refer to the examples:

  • AWS Load Balancer Controller
  • Route53
    • Same domain for public and private Route53 zones
  • Cloud Map
  • Kube Ingress AWS Controller
"},{"location":"addons/external-secrets/","title":"External Secrets","text":"

External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.

"},{"location":"addons/external-secrets/#usage","title":"Usage","text":"

External Secrets can be deployed by enabling the add-on via the following.

enable_external_secrets = true\n

You can optionally customize the Helm chart that deploys External Secrets via the following configuration.

  enable_external_secrets = true\nexternal_secrets = {\nname          = \"external-secrets\"\nchart_version = \"0.8.1\"\nrepository    = \"https://charts.external-secrets.io\"\nnamespace     = \"external-secrets\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify external-secrets pods are running.

$ kubectl get pods -n external-secrets\nNAME                                               READY   STATUS    RESTARTS       AGE\nexternal-secrets-67bfd5b47c-xc5xf                  1/1     Running   1 (2d1h ago)   2d6h\nexternal-secrets-cert-controller-8f75c6f79-qcfx4   1/1     Running   1 (2d1h ago)   2d6h\nexternal-secrets-webhook-78f6bd456-76wmm           1/1     Running   1 (2d1h ago)   2d6h\n
"},{"location":"addons/fargate-fluentbit/","title":"Fargate FluentBit","text":"

Amazon EKS on Fargate offers a built-in log router based on Fluent Bit. This means that you don't explicitly run a Fluent Bit container as a sidecar, but Amazon runs it for you. All that you have to do is configure the log router. The configuration happens through a dedicated ConfigMap, that is deployed via this Add-on.

"},{"location":"addons/fargate-fluentbit/#usage","title":"Usage","text":"

To configure the Fargate Fluentbit ConfigMap via the EKS Blueprints Addons, just reference the following parameters under the module.eks_blueprints_addons.

module \"eks_blueprints_addons\" {\nenable_fargate_fluentbit = true\nfargate_fluentbit = {\nflb_log_cw = true\n}\n}\n

It's possible to customize the CloudWatch Log Group parameters in the fargate_fluentbit_cw_log_group configuration block:

  fargate_fluentbit_cw_log_group = {\nname              = \"existing-log-group\"\nname_prefix       = \"dev-environment-logs\"\nretention_in_days = 7\nkms_key_id        = \"arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\"\nskip_destroy      = true\n
"},{"location":"addons/fargate-fluentbit/#validation","title":"Validation","text":"
  1. Check if the aws-logging configMap for Fargate Fluentbit was created.
kubectl -n aws-observability get configmap aws-logging -o yaml\napiVersion: v1\ndata:\n  filters.conf: |\n[FILTER]\nName parser\n      Match *\n      Key_Name log\n      Parser regex\n      Preserve_Key True\n      Reserve_Data True\n  flb_log_cw: \"true\"\noutput.conf: |\n[OUTPUT]\nName cloudwatch_logs\n      Match *\n      region us-west-2\n      log_group_name /fargate-serverless/fargate-fluentbit-logs20230509014113352200000006\n      log_stream_prefix fargate-logs-\n      auto_create_group true\nparsers.conf: |\n[PARSER]\nName regex\n      Format regex\n      Regex ^(?<time>[^ ]+) (?<stream>[^ ]+) (?<logtag>[^ ]+) (?<message>.+)$\n      Time_Key time\nTime_Format %Y-%m-%dT%H:%M:%S.%L%z\n      Time_Keep On\n      Decode_Field_As json message\nimmutable: false\nkind: ConfigMap\nmetadata:\n  creationTimestamp: \"2023-05-08T21:14:52Z\"\nname: aws-logging\n  namespace: aws-observability\n  resourceVersion: \"1795\"\nuid: d822bcf5-a441-4996-857e-7fb1357bc07e\n
  1. Validate if the CloudWatch LogGroup was created accordingly, and LogStreams were populated.
aws logs describe-log-groups --log-group-name-prefix \"/fargate-serverless/fargate-fluentbit\"\n{\n\"logGroups\": [\n{\n\"logGroupName\": \"/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006\",\n            \"creationTime\": 1683580491652,\n            \"retentionInDays\": 90,\n            \"metricFilterCount\": 0,\n            \"arn\": \"arn:aws:logs:us-west-2:111122223333:log-group:/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006:*\",\n            \"storedBytes\": 0\n}\n]\n}\n
aws logs describe-log-streams --log-group-name \"/fargate-serverless/fargate-fluentbit-logs20230509014113352200000006\" --log-stream-name-prefix fargate-logs --query 'logStreams[].logStreamName'\n[\n\"fargate-logs-flblogs.var.log.fluent-bit.log\",\n    \"fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-grjsq_kube-system_aws-load-balancer-controller-feaa22b4cdaa71ecfc8355feb81d4b61ea85598a7bb57aef07667c767c6b98e4.log\",\n    \"fargate-logs-kube.var.log.containers.aws-load-balancer-controller-7f989fc6c-wzr46_kube-system_aws-load-balancer-controller-69075ea9ab3c7474eac2a1696d3a84a848a151420cd783d79aeef960b181567f.log\",\n    \"fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-8cxvq_kube-system_coredns-9e4f3ab435269a566bcbaa606c02c146ad58508e67cef09fa87d5c09e4ac0088.log\",\n    \"fargate-logs-kube.var.log.containers.coredns-7b7bddbc85-gcjwp_kube-system_coredns-11016818361cd68c32bf8f0b1328f3d92a6d7b8cf5879bfe8b301f393cb011cc.log\"\n]\n
"},{"location":"addons/fargate-fluentbit/#resources","title":"Resources","text":"

AWS Docs Fluent Bit for Amazon EKS on AWS Fargate Blog Post

"},{"location":"addons/ingress-nginx/","title":"Ingress Nginx","text":"

This add-on installs Ingress Nginx Controller on Amazon EKS. The Ingress Nginx controller uses Nginx as a reverse proxy and load balancer.

Other than handling Kubernetes ingress objects, this ingress controller can facilitate multi-tenancy and segregation of workload ingresses based on host name (host-based routing) and/or URL Path (path based routing).

"},{"location":"addons/ingress-nginx/#usage","title":"Usage","text":"

Ingress Nginx Controller can be deployed by enabling the add-on via the following.

enable_ingress_nginx = true\n

You can optionally customize the Helm chart that deploys ingress-nginx via the following configuration.

  enable_ingress_nginx = true\ningress_nginx = {\nname          = \"ingress-nginx\"\nchart_version = \"4.6.1\"\nrepository    = \"https://kubernetes.github.io/ingress-nginx\"\nnamespace     = \"ingress-nginx\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify ingress-nginx pods are running.

$ kubectl get pods -n ingress-nginx\nNAME                                       READY   STATUS    RESTARTS   AGE\ningress-nginx-controller-f6c55fdc8-8bt2z   1/1     Running   0          44m\n
"},{"location":"addons/karpenter/","title":"Karpenter","text":""},{"location":"addons/karpenter/#prerequisites","title":"Prerequisites","text":"

If deploying a node template that uses spot, please ensure you have the Spot service linked role available in your account. You can run the following command to ensure this role is available:

aws iam create-service-linked-role --aws-service-name spot.amazonaws.com || true\n
"},{"location":"addons/karpenter/#validate","title":"Validate","text":"

The following command will update the kubeconfig on your local machine and allow you to interact with your EKS Cluster using kubectl to validate the CoreDNS deployment for Fargate.

  1. Run update-kubeconfig command:
aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>\n
  1. Test by listing all the pods running currently
kubectl get pods -n karpenter\n\n# Output should look similar to below\nNAME                         READY   STATUS    RESTARTS   AGE\nkarpenter-6f97df4f77-5nqsk   1/1     Running   0          3m28s\nkarpenter-6f97df4f77-n7fkf   1/1     Running   0          3m28s\n
  1. View the current nodes - this example utilizes EKS Fargate for hosting the Karpenter controller so only Fargate nodes are present currently:
kubectl get nodes\n\n# Output should look similar to below\nNAME                                                STATUS   ROLES    AGE     VERSION\nfargate-ip-10-0-29-25.us-west-2.compute.internal    Ready    <none>   2m56s   v1.26.3-eks-f4dc2c0\nfargate-ip-10-0-36-148.us-west-2.compute.internal   Ready    <none>   2m57s   v1.26.3-eks-f4dc2c0\nfargate-ip-10-0-42-30.us-west-2.compute.internal    Ready    <none>   2m34s   v1.26.3-eks-f4dc2c0\nfargate-ip-10-0-45-112.us-west-2.compute.internal   Ready    <none>   2m33s   v1.26.3-eks-f4dc2c0\n
  1. Create a sample pause deployment to demonstrate scaling:
kubectl apply -f - <<EOF\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n    name: inflate\nspec:\n    replicas: 0\n    selector:\n    matchLabels:\n        app: inflate\n    template:\n    metadata:\n        labels:\n        app: inflate\n    spec:\n        terminationGracePeriodSeconds: 0\n        containers:\n        - name: inflate\n            image: public.ecr.aws/eks-distro/kubernetes/pause:3.7\n            resources:\n            requests:\n                cpu: 1\nEOF\n
  1. Scale up the sample pause deployment to see Karpenter respond by provisioning nodes to support the workload:
kubectl scale deployment inflate --replicas 5\n# To view logs\n# kubectl logs -f -n karpenter -l app.kubernetes.io/name=karpenter -c controller\n
  1. Re-check the nodes, you will now see a new EC2 node provisioned to support the scaled workload:
kubectl get nodes\n\n# Output should look similar to below\nNAME                                                STATUS   ROLES    AGE     VERSION\nfargate-ip-10-0-29-25.us-west-2.compute.internal    Ready    <none>   5m15s   v1.26.3-eks-f4dc2c0\nfargate-ip-10-0-36-148.us-west-2.compute.internal   Ready    <none>   5m16s   v1.26.3-eks-f4dc2c0\nfargate-ip-10-0-42-30.us-west-2.compute.internal    Ready    <none>   4m53s   v1.26.3-eks-f4dc2c0\nfargate-ip-10-0-45-112.us-west-2.compute.internal   Ready    <none>   4m52s   v1.26.3-eks-f4dc2c0\nip-10-0-1-184.us-west-2.compute.internal            Ready    <none>   26s     v1.26.2-eks-a59e1f0 # <= new EC2 node launched\n
  1. Remove the sample pause deployment:
kubectl delete deployment inflate\n
"},{"location":"addons/kube-prometheus-stack/","title":"Kube Prometheus Stack","text":"

Kube Prometheus Stack is a collection of Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.

"},{"location":"addons/kube-prometheus-stack/#usage","title":"Usage","text":"

Kube Prometheus Stack can be deployed by enabling the add-on via the following.

enable_kube_prometheus_stack = true\n

You can optionally customize the Helm chart that deploys Kube Prometheus Stack via the following configuration.

  enable_kube_prometheus_stack = true\nkube_prometheus_stack = {\nname          = \"kube-prometheus-stack\"\nchart_version = \"51.2.0\"\nrepository    = \"https://prometheus-community.github.io/helm-charts\"\nnamespace     = \"kube-prometheus-stack\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify kube-prometheus-stack pods are running.

$ kubectl get pods -n external-secrets\nNAME                                                        READY   STATUS    RESTARTS       AGE\nalertmanager-kube-prometheus-stack-alertmanager-0           2/2     Running   3 (2d2h ago)   2d7h\nkube-prometheus-stack-grafana-5c6cf88fd9-8wc9k              3/3     Running   3 (2d2h ago)   2d7h\nkube-prometheus-stack-kube-state-metrics-584d8b5d5f-s6p8d   1/1     Running   1 (2d2h ago)   2d7h\nkube-prometheus-stack-operator-c74ddccb5-8cprr              1/1     Running   1 (2d2h ago)   2d7h\nkube-prometheus-stack-prometheus-node-exporter-vd8lw        1/1     Running   1 (2d2h ago)   2d7h\nprometheus-kube-prometheus-stack-prometheus-0               2/2     Running   2 (2d2h ago)   2d7h\n
"},{"location":"addons/metrics-server/","title":"Metrics Server","text":"

Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.

Metrics Server collects resource metrics from Kubelets and exposes them in Kubernetes apiserver through Metrics API for use by Horizontal Pod Autoscaler and Vertical Pod Autoscaler. Metrics API can also be accessed by kubectl top, making it easier to debug autoscaling pipelines.

"},{"location":"addons/metrics-server/#usage","title":"Usage","text":"

Metrics Server can be deployed by enabling the add-on via the following.

enable_metrics_server = true\n

You can optionally customize the Helm chart that deploys External DNS via the following configuration.

  enable_metrics_server = true\nmetrics_server = {\nname          = \"metrics-server\"\nchart_version = \"3.10.0\"\nrepository    = \"https://kubernetes-sigs.github.io/metrics-server/\"\nnamespace     = \"kube-system\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify metrics-server pods are running.

$ kubectl get pods -n kube-system\nNAME                                   READY   STATUS    RESTARTS       AGE\nmetrics-server-6f9cdd486c-njh8b        1/1     Running   1 (2d2h ago)   2d7h\n
"},{"location":"addons/opa-gatekeeper/","title":"OPA Gatekeeper","text":"

Gatekeeper is an admission controller that validates requests to create and update Pods on Kubernetes clusters, using the Open Policy Agent (OPA). Using Gatekeeper allows administrators to define policies with a constraint, which is a set of conditions that permit or deny deployment behaviors in Kubernetes.

For complete project documentation, please visit the Gatekeeper. For reference templates refer Templates

"},{"location":"addons/opa-gatekeeper/#usage","title":"Usage","text":"

Gatekeeper can be deployed by enabling the add-on via the following.

enable_gatekeeper = true\n

You can also customize the Helm chart that deploys gatekeeper via the following configuration:

  enable_gatekeeper = true\ngatekeeper = {\nname          = \"gatekeeper\"\nchart_version = \"3.12.0\"\nrepository    = \"https://open-policy-agent.github.io/gatekeeper/charts\"\nnamespace     = \"gatekeeper-system\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n
"},{"location":"addons/secrets-store-csi-driver-provider-aws/","title":"AWS Secrets Manager and Config Provider for Secret Store CSI Driver","text":"

AWS offers two services to manage secrets and parameters conveniently in your code. AWS Secrets Manager allows you to easily rotate, manage, and retrieve database credentials, API keys, certificates, and other secrets throughout their lifecycle. AWS Systems Manager Parameter Store provides hierarchical storage for configuration data. The AWS provider for the Secrets Store CSI Driver allows you to make secrets stored in Secrets Manager and parameters stored in Parameter Store appear as files mounted in Kubernetes pods.

"},{"location":"addons/secrets-store-csi-driver-provider-aws/#usage","title":"Usage","text":"

AWS Secrets Store CSI Driver can be deployed by enabling the add-on via the following.

enable_secrets_store_csi_driver              = true\nenable_secrets_store_csi_driver_provider_aws = true\n

You can optionally customize the Helm chart via the following configuration.

  enable_secrets_store_csi_driver              = true\nenable_secrets_store_csi_driver_provider_aws = true\nsecrets_store_csi_driver_provider_aws = {\nname          = \"secrets-store-csi-driver\"\nchart_version = \"0.3.2\"\nrepository    = \"https://aws.github.io/secrets-store-csi-driver-provider-aws\"\nnamespace     = \"kube-system\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

Verify metrics-server pods are running.

$ kubectl get pods -n kube-system\nNAME                                         READY   STATUS    RESTARTS       AGE\nsecrets-store-csi-driver-9l2z8               3/3     Running   1 (2d5h ago)   2d9h\nsecrets-store-csi-driver-provider-aws-2qqkk  1/1     Running   1 (2d5h ago)   2d9h\n
"},{"location":"addons/velero/","title":"Velero","text":"

Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes.

  • Helm chart
  • Plugin for AWS
"},{"location":"addons/velero/#usage","title":"Usage","text":"

Velero can be deployed by enabling the add-on via the following.

enable_velero           = true\nvelero_backup_s3_bucket = \"<YOUR_BUCKET_NAME>\"\nvelero = {\ns3_backup_location = \"<YOUR_S3_BUCKET_ARN>[/prefix]\"\n}\n

You can also customize the Helm chart that deploys velero via the following configuration:

enable_velero           = true\nvelero = {\nname          = \"velero\"\ndescription   = \"A Helm chart for velero\"\nchart_version = \"3.1.6\"\nrepository    = \"https://vmware-tanzu.github.io/helm-charts/\"\nnamespace     = \"velero\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n

To see a working example, see the stateful example blueprint.

"},{"location":"addons/velero/#validate","title":"Validate","text":"
  1. Run update-kubeconfig command:
aws eks --region <REGION> update-kubeconfig --name <CLUSTER_NAME>\n
  1. Test by listing velero resources provisioned:
kubectl get all -n velero\n\n# Output should look similar to below\nNAME                         READY   STATUS    RESTARTS   AGE\npod/velero-7b8994d56-z89sl   1/1     Running   0          25h\n\nNAME             TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE\nservice/velero   ClusterIP   172.20.20.118   <none>        8085/TCP   25h\n\nNAME                     READY   UP-TO-DATE   AVAILABLE   AGE\ndeployment.apps/velero   1/1     1            1           25h\n\nNAME                               DESIRED   CURRENT   READY   AGE\nreplicaset.apps/velero-7b8994d56   1         1         1       25h\n
  1. Get backup location using velero CLI
velero backup-location get\n\n# Output should look similar to below\nNAME      PROVIDER   BUCKET/PREFIX                                 PHASE       LAST VALIDATED                  ACCESS MODE   DEFAULT\ndefault   aws        stateful-20230503175301619800000005/backups   Available   2023-05-04 15:15:00 -0400 EDT   ReadWrite     true\n
  1. To demonstrate creating a backup and restoring, create a new namespace and run nginx using below commands:
kubectl create namespace backupdemo\nkubectl run nginx --image=nginx -n backupdemo\n
  1. Create backup of this namespace using velero
velero backup create backup1 --include-namespaces backupdemo\n\n# Output should look similar to below\nBackup request \"backup1\" submitted successfully.\nRun `velero backup describe backup1` or `velero backup logs backup1` for more details.\n
  1. Describe the backup to check the backup status
velero backup describe backup1\n\n# Output should look similar to below\nName:         backup1\nNamespace:    velero\nLabels:       velero.io/storage-location=default\nAnnotations:  velero.io/source-cluster-k8s-gitversion=v1.26.2-eks-a59e1f0\n              velero.io/source-cluster-k8s-major-version=1\nvelero.io/source-cluster-k8s-minor-version=26+\n\nPhase:  Completed\n\nNamespaces:\n  Included:  backupdemo\n  Excluded:  <none>\n\nResources:\n  Included:        *\n  Excluded:        <none>\n  Cluster-scoped:  auto\n\nLabel selector:  <none>\n\nStorage Location:  default\n\nVelero-Native Snapshot PVs:  auto\n\nTTL:  720h0m0s\n\nCSISnapshotTimeout:    10m0s\nItemOperationTimeout:  0s\n\nHooks:  <none>\n\nBackup Format Version:  1.1.0\n\nStarted:    2023-05-04 15:16:31 -0400 EDT\nCompleted:  2023-05-04 15:16:33 -0400 EDT\n\nExpiration:  2023-06-03 15:16:31 -0400 EDT\n\nTotal items to be backed up:  9\nItems backed up:              9\nVelero-Native Snapshots: <none included>\n
  1. Delete the namespace - this will be restored using the backup created
kubectl delete namespace backupdemo\n
  1. Restore the namespace from your backup
velero restore create --from-backup backup1\n
  1. Verify that the namespace is restored
kubectl get all -n backupdemo\n\n# Output should look similar to below\nNAME        READY   STATUS    RESTARTS   AGE\npod/nginx   1/1     Running   0          21s\n
"},{"location":"addons/vertical-pod-autoscaler/","title":"Vertical Pod Autoscaler","text":"

VPA Vertical Pod Autoscaler (VPA) automatically adjusts the CPU and memory reservations for your pods to help \"right size\" your applications. When configured, it will automatically request the necessary reservations based on usage and thus allow proper scheduling onto nodes so that the appropriate resource amount is available for each pod. It will also maintain ratios between limits and requests that were specified in initial container configuration.

NOTE: Metrics Server add-on is a dependency for this addon

"},{"location":"addons/vertical-pod-autoscaler/#usage","title":"Usage","text":"

This step deploys the Vertical Pod Autoscaler with default Helm Chart config

  enable_vpa            = true\nenable_metrics_server = true\n

You can also customize the Helm chart that deploys vpa via the following configuration:

  enable_vpa = true\nenable_metrics_server = true\nvpa = {\nname          = \"vpa\"\nchart_version = \"1.7.5\"\nrepository    = \"https://charts.fairwinds.com/stable\"\nnamespace     = \"vpa\"\nvalues        = [templatefile(\"${path.module}/values.yaml\", {})]\n}\n
"}]} \ No newline at end of file diff --git a/v1.9.2/sitemap.xml b/v1.9.2/sitemap.xml new file mode 100644 index 00000000..e9821a41 --- /dev/null +++ b/v1.9.2/sitemap.xml @@ -0,0 +1,158 @@ + + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/amazon-eks-addons/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/architectures/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/aws-partner-addons/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/helm-release/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/argo-events/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/argo-rollouts/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/argo-workflows/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/argocd/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/aws-cloudwatch-metrics/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/aws-efs-csi-driver/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/aws-for-fluentbit/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/aws-fsx-csi-driver/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/aws-gateway-api-controller/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/aws-load-balancer-controller/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/aws-node-termination-handler/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/aws-private-ca-issuer/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/cert-manager/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/cluster-autoscaler/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/cluster-proportional-autoscaler/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/external-dns/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/external-secrets/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/fargate-fluentbit/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/ingress-nginx/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/karpenter/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/kube-prometheus-stack/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/metrics-server/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/opa-gatekeeper/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/secrets-store-csi-driver-provider-aws/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/velero/ + 2023-10-04 + daily + + + https://aws-ia.github.io/terraform-aws-eks-blueprints-addons/v1.9.2/addons/vertical-pod-autoscaler/ + 2023-10-04 + daily + + \ No newline at end of file diff --git a/v1.9.2/sitemap.xml.gz b/v1.9.2/sitemap.xml.gz new file mode 100644 index 0000000000000000000000000000000000000000..ff20d18956f835385a3023b70d561f97bf5a7c2d GIT binary patch literal 549 zcmV+=0^0o_iwFo+XdPt&|8r?{Wo=<_E_iKh0Nt3ulAACLhVT0n8SaK8?V;OA*jt~V zeE`K4;KA6eWFXt8ubgB$d4YCj#RY838h;}pesOxcPGPqqu}|?_9qN6x!)TN9u|HS8 ze*Q4us<-y#v`}EoJ28%Yu7;fF?@hC9Tg^V>1T)u(`iAWw18yFZ&AxuE+LxVN#lijQ zcAY}9ZSlh51~xVx>fYyJxzs*28Hu1vG?}u5Bb!TDa3&u!8*nZ~Zq`HnS|6KJQ#?I8 z2F_D*?QwtnVh($=|0*VrxhFF_KX9Udn5o#M^rvGBQZ z$PN;Cn-{{*jv@v#P>x6{LNj2P3}HZE{N$0jkAV7Qa78iD!$T>Av}hvQ5{+F*n;sRdUo=FrIl)LMGXm%>)s8EkI%6 zT>6kDC$Yy%VeZB-v literal 0 HcmV?d00001 diff --git a/versions.json b/versions.json index 9c226b51..45b503c7 100644 --- a/versions.json +++ b/versions.json @@ -1 +1 @@ -[{"version": "v1.9.1", "title": "v1.9.1", "aliases": ["latest"]}, {"version": "v1.9.0", "title": "v1.9.0", "aliases": []}, {"version": "v1.8.1", "title": "v1.8.1", "aliases": []}, {"version": "v1.8.0", "title": "v1.8.0", "aliases": []}, {"version": "v1.7.2", "title": "v1.7.2", "aliases": []}, {"version": "v1.7.1", "title": "v1.7.1", "aliases": []}, {"version": "v1.7.0", "title": "v1.7.0", "aliases": []}, {"version": "v1.6.0", "title": "v1.6.0", "aliases": []}, {"version": "v1.5.1", "title": "v1.5.1", "aliases": []}, {"version": "v1.5.0", "title": "v1.5.0", "aliases": []}, {"version": "v1.4.0", "title": "v1.4.0", "aliases": []}, {"version": "v1.3.0", "title": "v1.3.0", "aliases": []}, {"version": "v1.2.2", "title": "v1.2.2", "aliases": []}, {"version": "v1.2.1", "title": "v1.2.1", "aliases": []}, {"version": "v1.2.0", "title": "v1.2.0", "aliases": []}, {"version": "v1.1.1", "title": "v1.1.1", "aliases": []}, {"version": "v1.1.0", "title": "v1.1.0", "aliases": []}, {"version": "v1.0.0", "title": "v1.0.0", "aliases": []}, {"version": "v0.2.0", "title": "v0.2.0", "aliases": []}, {"version": "v0.1.0", "title": "v0.1.0", "aliases": []}, {"version": "main", "title": "main", "aliases": []}] \ No newline at end of file +[{"version": "v1.9.2", "title": "v1.9.2", "aliases": ["latest"]}, {"version": "v1.9.1", "title": "v1.9.1", "aliases": []}, {"version": "v1.9.0", "title": "v1.9.0", "aliases": []}, {"version": "v1.8.1", "title": "v1.8.1", "aliases": []}, {"version": "v1.8.0", "title": "v1.8.0", "aliases": []}, {"version": "v1.7.2", "title": "v1.7.2", "aliases": []}, {"version": "v1.7.1", "title": "v1.7.1", "aliases": []}, {"version": "v1.7.0", "title": "v1.7.0", "aliases": []}, {"version": "v1.6.0", "title": "v1.6.0", "aliases": []}, {"version": "v1.5.1", "title": "v1.5.1", "aliases": []}, {"version": "v1.5.0", "title": "v1.5.0", "aliases": []}, {"version": "v1.4.0", "title": "v1.4.0", "aliases": []}, {"version": "v1.3.0", "title": "v1.3.0", "aliases": []}, {"version": "v1.2.2", "title": "v1.2.2", "aliases": []}, {"version": "v1.2.1", "title": "v1.2.1", "aliases": []}, {"version": "v1.2.0", "title": "v1.2.0", "aliases": []}, {"version": "v1.1.1", "title": "v1.1.1", "aliases": []}, {"version": "v1.1.0", "title": "v1.1.0", "aliases": []}, {"version": "v1.0.0", "title": "v1.0.0", "aliases": []}, {"version": "v0.2.0", "title": "v0.2.0", "aliases": []}, {"version": "v0.1.0", "title": "v0.1.0", "aliases": []}, {"version": "main", "title": "main", "aliases": []}] \ No newline at end of file