From 2289586a6ebaee2370cd7d81eb15c59081f59c5a Mon Sep 17 00:00:00 2001
From: Yancey1989 <yancey1989@gmail.com>
Date: Mon, 6 Mar 2017 20:37:34 +0800
Subject: [PATCH 1/3] init kubernetes service tutorials

---
 README.md                                 |   2 +-
 kubernetes/networking/service-network.md  | 181 ++++++++++++++++++++++
 kubernetes/networking/service-network.png | Bin 0 -> 27791 bytes
 3 files changed, 182 insertions(+), 1 deletion(-)
 create mode 100644 kubernetes/networking/service-network.md
 create mode 100644 kubernetes/networking/service-network.png
diff --git a/README.md b/README.md
index 6a0584a..11cb4f5 100644
--- a/README.md
+++ b/README.md
@@ -1 +1 @@
-# tutorials
\ No newline at end of file
+# tutorials
diff --git a/kubernetes/networking/service-network.md b/kubernetes/networking/service-network.md
new file mode 100644
index 0000000..b02c2de
--- /dev/null
+++ b/kubernetes/networking/service-network.md
@@ -0,0 +1,181 @@
+## Service
+Pod的IP是动态分配在**docker0**所在网段的,当发生重启，扩容等操作时，IP地址会随之变化。当某个Pod(frontend)需要去访问其依赖的另外一组Pod(backend)时，如果backend的IP发生变化时，如何保证fronted到backend的正常通信变的非常重要。为了解决此类问题,Kubernetes设计了Service的概念。
+
+这里docker0是一个网桥，docker daemon启动container时会根据docker0的网段来划粉container的IP地址[Docker网络](https://docs.docker.com/engine/userguide/networking/dockernetworks/)
+
+
+在实际生产环境中，对Service的访问可能会有两种来源：Kubernetes集群内部的程序（Pod）和Kubernetes集群外部，为了满足上述的场景，Kubernetes service有以下三种类型：
+
+* **ClusterIP**:提供一个集群内部的虚拟IP以供Pod访问。
+* **NodePort**:在每个Node上打开一个端口以供外部访问。
+* **LoadBalancer**:通过外部的负载均衡器来访问。
+
+### ClusterIP && NodePort && LoadBalancer
+#### 1. ClusterIP
+此模式会提供一个集群内部的虚拟IP（与Pod不在同一网段)，以供集群内部的pod之间通信使用。
+ClusterIP也是Kubernetes service的默认类型。
+
+![Pod-Service](service-network.png)
+
+为了实现图上的功能主要需要以下几个组件的协同工作
+
+* **apiserver** 用户通过kubectl命令向apiserver发送创建service的命令，apiserver接收到请求以后将数据存储到etcd中。
+* **kube-proxy** kubernetes的每个节点中都有一个叫做kube-proxy的进程，这个进程负责感知service，pod的变化，并将变化的信息写入本地的iptables中。
+* **iptables** 使用NAT等技术将virtualIP的流量转至endpoint中。
+
+下面我们实际发布一个Service，能够更清晰的了解到Service是如何工作的。
+
+##### 1.1 发布一个rc，并指定replices count为3.
+
+```
+yancey@ yancey-macbook kubernetes-1$kubectl create -f rc_nginx.yaml
+yancey@ yancey-macbook kubernetes-1$kubectl get pods
+NAME                     READY     STATUS    RESTARTS   AGE
+k8s-master-core-v2-01    4/4       Running   0          8m
+k8s-proxy-core-v2-01     1/1       Running   0          8m
+nginx-controller-6bovu   1/1       Running   0          4m
+nginx-controller-iowux   1/1       Running   0          4m
+nginx-controller-o7m6u   1/1       Running   0          4m
+yancey@ yancey-macbook kubernetes-1$kubectl describe pod nginx-controller-6bovu
+Name:		nginx-controller-6bovu
+Namespace:	default
+Node:		core-v2-01/172.17.8.101
+Start Time:	Fri, 17 Jun 2016 15:22:20 +0800
+Labels:		app=nginx
+Status:		Running
+IP:		10.1.13.3
+Controllers:	ReplicationController/nginx-controller
+```
+
+##### 1.2. 发布一个service，并指定步骤1中的label。
+
+```
+yancey@ yancey-macbook kubernetes-1$kubectl create -f service_nginx.yaml
+yancey@ yancey-macbook kubernetes-1$kubectl get svc
+NAME            CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
+kubernetes      10.0.0.1     <none>        443/TCP    9m
+nginx-service   10.0.0.252   <none>        8000/TCP   4m
+```
+kubernetes为nginx-server这个service创建了一个10.0.0.252这个ClusterIP，也可以称为VirtualIP.
+
+```
+yancey@ yancey-macbook kubernetes-1$kubectl get ep
+NAME            ENDPOINTS                                AGE
+kubernetes      172.17.8.101:6443                        9m
+nginx-service   10.1.13.2:80,10.1.13.3:80,10.1.13.4:80   4m
+```
+查看endpoint信息，发现nginx-service一共有三个endpoint地址，分别对应nginx的三个pod。
+
+##### 1.3. 查看iptables，观察其NAT表中的信息（只截取了部分和这个service有关的信息）
+查看iptables中NAT表的命令:```iptables -L -v -n -t nat```
+
+```
+Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
+ pkts bytes target     prot opt in     out     source               destination
+   37  2766 KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */
+   33  2112 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
+```
+在PREROUTING链中会先匹配到KUBE-SERVICES这个Chain。
+
+```
+Chain KUBE-SERVICES (2 references)
+ pkts bytes target     prot opt in     out     source               destination
+    0     0 KUBE-SVC-GKN7Y2BSGW4NJTYL  tcp  --  *      *       0.0.0.0/0            10.0.0.252           /* default/nginx-service: cluster IP */ tcp dpt:8000
+   18  1080 KUBE-NODEPORTS  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL
+
+```
+
+所有destinationIP为10.0.0.252的包都转到**KUBE-SVC-GKN7Y2BSGW4NJTYL**这个Chain
+
+```
+Chain KUBE-SVC-GKN7Y2BSGW4NJTYL (1 references)
+ pkts bytes target     prot opt in     out     source               destination
+    0     0 KUBE-SEP-7ROBBXFV7SD4AIRW  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nginx-service: */ statistic mode random probability 0.33332999982
+    0     0 KUBE-SEP-XY3F6VJIZ7ELIF4Z  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nginx-service: */ statistic mode random probability 0.50000000000
+    0     0 KUBE-SEP-JIDZHFC4A3T535AK  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nginx-service: */
+```
+这里能看到请求会平均执行**KUBE-SEP-7ROBBXFV7SD4AIRW**,**KUBE-SEP-XY3F6VJIZ7ELIF4Z**,**KUBE-SEP-XY3F6VJIZ7ELIF4Z**这三个Chain.最后我们看下**KUBE-SEP-7ROBBXFV7SD4AIRW**这个Chain做了什么
+
+```
+Chain KUBE-SEP-7ROBBXFV7SD4AIRW (1 references)
+ pkts bytes target     prot opt in     out     source               destination
+    0     0 KUBE-MARK-MASQ  all  --  *      *       10.1.13.2            0.0.0.0/0            /* default/nginx-service: */
+    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nginx-service: */ tcp to:10.1.13.2:80
+
+```
+这个Chain使用了DNAT规则将流量转发到10.1.13.2:80这个地址。至此从Pod发出来的流量通过本地的iptables将流量转至了service背后的pod上。
+#### 2. NodePort
+Kubernetes将会在每个Node上打开一个端口并且**每个Node的端口都是一样的**，通过\<NodeIP>:NodePort的方式Kubernetes集群外部的程序可以访问Service。
+
+修改kubernetes/service_nginx.yaml，将Service的type改为NodePort类型。
+
+```
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-service
+spec:
+  type: NodePort
+  ports:
+  - port: 8000
+    targetPort: 80
+    protocol: TCP
+  # just like the selector in the replication controller,
+  # but this time it identifies the set of pods to load balance
+  # traffic to.
+  selector:
+    app: nginx
+```
+发布这个service，可以看到已经随机分配了一个NodePort端口。
+
+```
+yancey@ yancey-macbook kubernetes-1$kubectl get svc nginx-service -o yaml
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: 2016-06-18T03:29:42Z
+  name: nginx-service
+  namespace: default
+  resourceVersion: "1405"
+  selfLink: /api/v1/namespaces/default/services/nginx-service
+  uid: e50ba23a-3504-11e6-a94f-080027a75e9e
+spec:
+  clusterIP: 10.0.0.229
+  ports:
+  - nodePort: 30802
+    port: 8000
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  sessionAffinity: None
+  type: NodePort
+status:
+  loadBalancer: {}
+```
+观察Iptables中的变化，KUBE-NODEPORTS这个Chain中增加了如下内容
+
+```
+Chain KUBE-NODEPORTS (1 references)
+ pkts bytes target     prot opt in     out     source               destination
+    0     0 KUBE-MARK-MASQ  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nginx-service: */ tcp dpt:30802
+    0     0 KUBE-SVC-GKN7Y2BSGW4NJTYL  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nginx-service: */ tcp dpt:30802
+```
+
+可以看到流量会转至KUBE-SVC-GKN7Y2BSGW4NJTYL这个Chain中处理一次，也就是ClusterIP中提到的通过负载均衡将流量平均分配到3个endpoint上。
+
+#### 3. LoadBalancer
+待补充。
+
+### 服务发现
+当发布一个服务之后，我们要使用这个服务，第一个问题就是要拿到这些服务的IP和PORT，kubernetes提供两种方式以便在程序中去动态的获取这些信息。
+
+1. ENV环境变量
+在Pod其中之后，kubernetes会将现有服务的IP，PORT以环境变量的方式写入pod中，程序只要读取这些环境变量即可。
+2. DNS，程序中可以使用server的名称对服务进行访问，在程序启时候，不必预先读取环境变量中的内容。
+
+这是两种方式的详细说明：[http://kubernetes.io/docs/user-guide/services/#discovering-services](http://kubernetes.io/docs/user-guide/services/#discovering-services)
+
+###  附录
+1. [iptables文档](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-fireall-ipt-act.html#s2-firewall-policies)
+2. [Debuging Service](http://kubernetes.io/docs/user-guide/debugging-services/)
diff --git a/kubernetes/networking/service-network.png b/kubernetes/networking/service-network.png
new file mode 100644
index 0000000000000000000000000000000000000000..ddaee8d7a11732148595106b63702b7e65ac4b99
GIT binary patch
literal 27791
zcmeFZWmMH&_xB6ijev--NkzK5rDIEXDV>6JNk~hBbax{m(%qrbDWEin(%qeB?dyNt
z&vT#W&3SWPoEK*dhGWR)w|*<;Tx-tH{H`6Uq9l#^i0Ba#5)!7YjD#8z5+nx+3E2Vd
zA^1&cJ<&K45;>Br#LL%i2D_Q4zwjhy>*Xc7p(!x^?hO2H-w^*W{+6{sV*(Cir5nbu
za_cDaurQd@h_O;p%7dO4Z${osB;M<t+P2L_aP12U>o5G&|1iZ*8uO*RyqR&~RtUc^
zh1+tRI*%Me`CmWJU@2k{ZmMyQNVE{&|Mf#dj$9o4Uw=gz!+?xFs^G9~`rpsu<XAoU
z@BgRb#2^jhH5kzT_ZyIldH(-~{`Z9ZzdlDA&XD{4`&&^iu(n)p`(i#3N?sBo!}?Ob
zX8YV(E>4&0w?r(KPKCnn&}4kqDwGoPh;hL(IjquKQ^q(!h(sL?UJe)(LaE`nOLw~s
zi#t;`*Jr!9g}>%|8G2v8QZy}0F%DZZqh7b4g2o*`lH>3cy}zm1-6j!mmN{gR6L<@n
z7%yAM_P**@5WPLwY^U!2b$^_FpCWp9(W$^S%+1hFBPyFL=1c0ak-J8Af6@E)SG3?B
zpVP(PkG*LMv<fLkE(`B9xm<R%1Yx&#*ZXFdtI51m`mUL`_d$dP7i=#)uQorYKfn?i
zm5&6kJ~nIKEaVDjZ7xba`Lyc35-a^UU>ST$ey+mg{KC)8(j!Q2Wi{E5C*7|3i~IS4
zt8M#wmZzQ5;)iqh?T>j<k(^{cH&y&wMR||9B~v4nbC{QVD?0A1G;}O!j>qNM>fmV(
zJ<o<O*R$>G7rn2wf}=_*+GiCq_^O88Ps&^NIP;{Vc?b=?sy2Uqj&?trG1vXwHt#t2
zY|Z$tEmnp9oHtIY%-pDMh;uOIbC$=z!TH`oOFHjwx6UE%p9&&|@q@K;6mZu$Ti%-A
z9^2YgAr?1l>GqHB>qi8(Q(h?x*X@P5-`}1O)27=P8@T;NVH#&`J5f9S?YW=294-2L
z6b{Sb{-kZ5IZ=+gVqNI8K4KQdzgBcjQYJb7t`l>2R(#+umBe7cDz4P^en-dct6TxU
zY6bG*`+F*1Nz=`O<a#pm6O5~qx+w!|C80x!xphI8os_5ew+G3F-W=g9^;%1{3GjCG
z1k;;$pSHr7%Gqm%IKwlsHrci-I@+6#M+8lVIe6#a1>{B(dmVgx!E_E@!;8UE8}m%m
zyA|I~*yDtqF5{j5Z9M;ds(Dt`_jAMhtK`eM#XEwQSaP%mFy^EtQ5Q&=5d1Dl&r!C7
zq))Kf|2)%ifZ;!LW62kQip9fJS}7(^Gw(8II|&&eoTbb5G6n;E>NI1TJj2)d5v#$F
z0?JGxxKkN$E4UQTR+VnwK67)i99{qIIPt{~q2uY1i56G;xvxya>&{sZp74Ej-kqHo
zP0jK;l0632k*4o5)7^SDYi;(`7kO<ZUYV!nhe*p`rl>_&KQNc_nGfd+WisBtM$7Pn
z;dIO4p`13YhdpPD7tM3_9k->I-s_pJ^-F0dvd5poS*_gbHQcd(p>5mN&-AojZIuKW
zs>Nv7GYvxH2s%C$gqz}o)7}0;m$;fnA=ERvyF2fg6NwB;@Ls;+{G9}*X(ozfO3x|s
za;v0bXg%A<E<7s8?Cx^C!KY&-PJX9LXutJ14cO?cP2GeBOOgsN0mn0zsxBOtR=$-O
z@yC;DJ@n`MlFQm>H%VaGAPJWoSF!bA6guLV#yF~4womevjTjbO7e5T^SeKcitPtqh
zym|P9*kZ47`H7(6c=kg~qPOdcdV7QhZn^Har&GhgzD&zPPEvL4+a~U0|8&NlkCSbR
z4o&4tlXY{3PbAz)y8)lHy(9IxaS*(J@|<Vr?9I_v;{N$)Wa~tAjjD&~I=3B@dQqxd
zU_+_5TvjX~_WC7IvJSdnj;Xm3$G@JzwZZ!85pwfx{oJhF-b6_<zD0;2(OvZ*tM!6`
z7fo4J50Q)S=P?{Y3R!Voufy))NZ#KT&)G1Y{ZI%hAtz1iSvB8(g}yLHE})>e+K_-s
zFhCO4&u6XK<}Rv?D9J5Ptjn7U@jINQ#wmAM8s^6%o^pI|W>1+0{z`VeH_S6P#4|h0
zyEy+RYJaYw!hIw6qYc&SIf?81n2XMUI2|=h7xU)NM%a(KfdHiL+0K=Vjl5_LeI;yX
z<)WH*rm66)E|?ehmBanrEoKritq3z8Q+cCtIR5HSWzjmyg!Uon#nD`GTT$<WZ>YLg
zN22$a%3O0cHL1XM7E0@9tz4G!e8!bw)nwimxx48KW+#?C50fwtl|)Ek^;(9P=bcXk
zhYE*#*97-lO@6A=Kk=)MAXD-cIh!^)Gl}p%nbfsUozOH~Ao56&PQ@)5_Tyb}j?e66
zue>?v#40rG@Sc3y*(z;Fr6}@<qn#bqM2~W$s+ZJSf2Z93a86C0#dLb{t6raw!s6w5
z$Gxpt%A1Gc9TLxt=5zNsq&ZQIDNOHZ6rCZ#g#k|l`p$Gq8-`|_hF>H%9StxIgPm{8
z?7kvnkOP||*eG`OcI6uEO}4O{O5@+Xf4cT5KB}RqJlu8~;Ww}Lkf0tvD9mt_W5RJL
zsA-QIkVYC;y?FGD%Pb;S{LiN~>nJv=b{(x`v2_P)+DxR#_CO{7ApC8V{db0Z-18RA
zN*9OkrRn&ucWQJeQ;$g71KrpnV?)vZ4iQe*{#3Fq%kx@LB^cnho9DY`HD?G-JKq#S
ztk-G?Hf<l*2%ib3wL>2Xx!ugW?NO<x+;{^oeXpd1qKNs&!G6tBKkAjg^xnu=9PbFZ
zU#jbe$n_9&bswb$@lov4-NBPF;j`(^N3Tn1wO$*zui{_(g(EE(1z_$#xAd+R61=dF
z$3nuNPz-cQi|Tvs)(wwIlPxSEGe|4qbtIVL<Rn_dzX;Fr9h2RDnI-P)$aa~vJPW|c
zmHJv7`WNk6sKsih&BFVsy1_q%Ssqq`yfq3Bm$7<C=-`{tc24XcV9Nuz%0h3}6`50+
zDq5=*$*if5g^#(MsL4LqWuuZ}U(x^ItS~;!zZdBIc{*ii=z8z!)U>^><Ya_xVkqsr
zK)2_5^n12CVCnp!2{>$E)+Oc5#dY+Qebc*bfBZ3KADLCU7QT1od45>MbFdn09ns(O
z;`O{8w*ir$@nHy6RAmQ0p;ujZ=Z)0I+_CBa9!5s@$@fp&ABToB`MocI3NXdvVsbPm
z<Rle&A9fS&QcIzJ=Oohqqp)7APO9l5!D{F^w)%*I+d1(il!(F?B^ce`lm{w7VSq|2
z(~3d%;UxCfsO+&<>3DKz02)o>X}*?VN@L3F!>^4ZBhWzsds?9$dcxul^GDA$C`vgW
zbyKJ$VQKO1AB^=hOReeaEoh0Lmks+dzX@ec4eyck+5@)0gBc-%rcs(PG^HhVh{i`K
zG`KLYCZJRazc~EclR={2zBX>W*M7a%vU_9D#7jMk3d<X+(Nf*)Ejzupa^k-gYEI=B
zkZy^TJ}vcRQ7Wm({HcaEYGn;4!672Sj1T@kg@+95nR-H?BJms->c^MTW0^C-oTJKQ
zj_1DmL}0v==)2A<|84e=S>8pj8p(GWxH-<G0*Qlp>Aoq{{bZT374U|fCN<wlMl47I
zI*c%fIj2tW@g)1*&zIvAk9};Dk(n^9yEl`^@+LQY6sWbR4g=?X?r(WGW*-`$mFAqh
zI6vI@-9;-lS+U^sL)ZnUt9cVzR1;wo`=+{3wE8Y0+B|8RU85@NNd+dZ(PyPhg$BEY
zS=K<~5O@#Nsto!4jD_tJ3E%2P<Cfj}nz6&Rs)xAy$ON)i1WsG->zU^3#uD@f--=KY
z>atal<pdgMHnX25ROXMPR#}W^zpF7J|D-&g?J!}YU2tFhJFR^L2Z_081v8w13^yU~
z_Z`{pda13cEM!tk>(INkK*`tG*Vwj%Ip-PgJh#DA8q)hUdm`cZN84oD%P&p3X1^U`
zGRv8LGGbY4SoEH&e)y|t8AfHR4bRii5Ww6#>h2L>Z^ucsz>aCW_!O^EfRYd_?;g^7
z4XZBIelz^o4t^w;HUXt4nA2I!eXN95<JLSIt7iF2acrD99HY$QG)}{Nfk=7YPny&{
zU%#-k2W2vtLy8=JxnaU-Lc)KW*chU~oS6v0+onB)B`P?E=uGu$Q$;bwo*S*ck$sZR
z^OP;*M=$Md#{K?G&F9@~=2TV0?mHj&dbpUdtYC5t&a=fq=EP0j${zM7F|X{WD7MuJ
z1(g01ZZtGWaZN?YbtJFvBh@j9<$-D+ksWhV$g4@Cai2pR<J~S?Kk}8l=%%cuXW~(F
zqAzDpl&^@%e9#QW-*!5*-7cOw9r+Dr7CanUMblbKEIP+y@gME}gYQTmgi_1Wz?q3m
z*fjS=F3&}9Y2&fYp2M5GNS<m)!uwS2*F?6-tok~@A`EKHkXLzs|0N<Uhbr82Z^=zb
zoZQd62;a;K9-Jc1^nW7umF26)>!YO+yk+ZRNAe<dQYbwM()ouv&cJ!}r36I?_meXA
zB~FpbT)!77(9-x5dFCYOWQYlgL&u>*NKk$?+i}Y=CpqoH!vG7R$>8eCZ;_HAug8mT
zT<7<_u(y{&jO(hvQDuuh3TEmG?YTdQ#D<avOsS&NucuL88vX7%_C@OA3XvzK=x>3Q
zj5)zKYtR%+i<nW3Qc0XBkR9X&N?RmQC9Z4IHQi~qctkhz<9Ey$&0my#zL&n{w^rl8
zYl3TMAibA=|Ec97d}3hxhb;rtLYQy5PrTdYZ&B++h`#fU^n>V!66EO*rc-~*6eZeO
zTOLN}GQx!>>koo7Qyc2Xi!?|DIG%s5EidJ11Ho}*?fPhTZpGj4B`!Z7-G<f(ImBLL
z2W41m*)lIJRy8NA7AB0&CiF!2Ti4d{S56L_2nCQwoQY2wQ*A6gRo;*vDwwe2ak@=4
zWjzg)x)Mzbh<9OJ^!te7ryDH)h8n(YssCcBQHtz)8458<z#xSZs*-PcWwaH9!DfPC
znR3(_kwBF|9@7*5T;aj|d|r5>=F-4q;C;C|8UM^921!w?v$Uyeclgb?<dagx&ZVU%
z{j84K<3la9G2EMswlK7G-=64`Ey8dHYi@_U>jSa;<e#$)PUZB{ja5A@k6%J+AJ>&~
zdQjz{cRiP*p@tMt<s9ZYtCvF>#Nd$E!{Sh5>`^GrgQQPkzGw<k@a2z0foM0;zR)6_
z0JJW0m85`t6LQtpFl;{obQ#}Cbh$CPmvBfe-bASwcmOa1?sQ)fqjdcT9zI!!4D$<5
zLh?NBsG>|$1*NG9R00l_$Uy?xC5DRZfU!4PUr<tZvx<^Ljs<kU5m#+&OY+k831ACr
z@1}Gy<UqqY_@8aU;ZM*kZu(x*&|@@FkRzw17pq8x!Qr?vFe_PiJU=g-(Tmt09;)SO
z;@|=P`O`^%oKdLSXxOWINpe&uxA#g8PD0Q;Hb`?7)#<4u$#c;2(dzPr!r&t4pjq=a
zdd*?b>@4w~hxJQz3kZWnH^Urd%mYL+tb#ruW``I@A!9-;C72ntKpizwN%Cw&vo!_@
zC2OEr+b6DVbvaPy80VKvN;3q0#E4h@-+GG}HXJHOn}anSW36c#E)R!rvvPEU#2ouS
zKQa>FcQ6rQJsyZ-Zem%Fx&iD!8qP~`Y4Rl@Oc@O9;(Za$TN&_2;?o|9Xi%^;(nk2j
zOVpGqPm!-cV4Zfp=(Bk6*&mHN{HtlQz8S4z+FO_3?(1fzFZc10Vf6IKkz^=kjlMMt
zO-|-N%XE1=v$a2dM;kp{?oC(ClS&1l9EY`(M>bk5_8+Pc_(yd_*ZlavK)Z4a8nv-E
zez&!3E_QVM{ZSeKwV3QWZ5P7@^Rcn@YE3fd3-~i`{0;+yAYZ5j$*>sfg#bB&+!l02
zOrE65fE@A-tP#v+f}q~W@f%_NR>EO5Y?Ri&dZKZF333M(_n=pe0Y4l5M(?0ox(p`}
zvAAe;MVujUC-9*KnBN!Kz-W%O*#;8-p;B-os57qG|BN441X?yJ!G9(abUWnV`DJ^7
z+%zhuf6Lg4MooE;eSg!NMK$04;aXyI;|&bW4|EmrlDAS|Qn`M4#G*l^!KA)ZFNV;N
zgGQ0ENLk2`70FjioD#L5Ua--Nzv21g=>PQ?u8djHDJ2Xo3b@>#;@2p0aL^L6kg$#j
zBn>{Gxz1RHc0rkQ*hwf`fC~XujcuiB+85zV8#AP`ElG(@3|8cu`j<xuzMv-%H;-B`
zD7Rli#fZ8w>_8HD9$TCo9Tb9-L-Fg=K+H4HlhoYFa0zlgV3__TYWVcXph@V#NzuQY
z?w7pL#%S&t@n~MONb_%LJY}dq0Cz+-6U86}`VVr7Q3efOmJ+Tqeg=y(XxUA#OR0hc
zX-5Bol$g(K_U}}vqJh~KFOmcy8*r*+X{W~RvP)_(CkQullmn}y#3VI?;|IYWy-@X)
zQzPJ_0v|rJYNLmOk&FF*=E48*I|x-ydJLpQ1)mNEW=!JZr1F1}O|%fW9+(h^PzLWW
z=zT#NTU(lcCCOpP3xNs1rk+HAg+UluKEj~%+vW5TK72^EGOIqb1n6d@yuzWpBAAUY
zC5AzSeiFb5sK0;y_y9}>kycPK-zM0H;#ds}SRoX+!2TU~i)|dhuGvFVcu_zLcA;Mr
z72m_*lwdt^{{HOrgT)|WmWruoID<_{Hn~EL&@TpTP-smq>h+CaJ(h7^-KZg4?mwN3
zBnv&*{QDJbPY*S68I_uW_2ds~ehG*7fsO>~wJ_@bJGS<J$IA`>6NszC9#5;t*-Pqa
z^FVnU215%6W7InRGXB4LFMJPla;-fq;hPXF27^VpF1IxVUWIl8AQ(^Q?ra^CMvrd)
z?$IC{nSyqhN{qvD4?acu`&Cs)EvrHpHRN6z93(6+!A7qNp@<^G$%(8F?#YTrvW-a3
z!twi#i{=1f@G2-mqEx{~e6HjhOdWAFogucujA22ln|73-3!zXVZwe}l2nB8~Ml33Z
zC*^MALgAQ%G;AXOD$7xxybGPWp)!#Jh86)2S(Xm@P9HtYDlvkS<8EU)@X8K7kk4<0
zpq`T!;s-->xIt5Wx>_|8)Ta&Mj%HDGA7Jsrri+>XuF)ew&W`8+#iKkSo)&C=dEd3F
z0tV$K8tf%#obL2M3fN@HyAG)&-X!#z5mK6?j|$auugd;&h5;v}_#KG%iG9GN6C<_;
z`cKEH|8+7H@|f380m`s5n^4z$aeIB<P>{*z@JZV&)pX~5!2{GMwfAR$Hl#=r>i-hD
z+Q>8e8$?(xXZk%5-3)-v7bd+?W$vT*omiqaS7*D{2407fH7DcppQX<IF<9C41pXZD
zFH6euU-t#<b5p}V;HrDP#6=qmB5)4+@{Tfw3PQ0M_-lhd2Z3+!lMs0Fl>$dl)BWA`
zKfFgn+Z3OPcCNwRKI_Aob`4-3DVhfE-3o%cwd&R<fUB^3?zc6#15#ltkoaaiUlxJH
z%zhQAuEmHy;Q$P?_&n+G_IxqDW<+2xY#k&Znvhz|?>ITX({pehrvhW@t1GDvg*PKs
zE>33+K`m>#33O{i28GY(f1Yej3_j{YfR7=N9BKS&0}OF(r{)Kbq4#A0ehgYazJ}H}
zJ&(--vrw8Ob}jgnmI-DJFjg((Mg$U#rIJo-T1y+$*pepu@K(dX-PCD0k~i(el-|!m
zUVv0)7K1ULn|a?|nmcu3@}^7~cn<41_S2XFJjc^<dzOx0rX`Ohdh?D8P=vX4SnmXM
z&ttpHoWRh_fvcC;Ddo%OtXX2WKYqW7UaO7#=3L^SKv#)oPkem=70ZBsuXvHD0zG<(
zFp4ki->n))#V}F<iX2D4#4y=A?|FybRFMx?DP;}6XHT}Lemo`>n%0qW$X)&<x>MO%
zTIU41P-A=qMqjsg`7+?4_TP`btLK`AA0~8Et7=6MH2dP<uNhzgFXrr8Y{TcsG%xWr
z_1^5Y?2Bx-8#;93m(dX9&g4mB9RvQF1{P{c#~9XV-*%d`IbJYmNQ5tsVwPq}3-HWT
zO0?+RGy=;0CNlVc9LkF*&&(G&XnmMG(_eKcs=N(c7v2Y-CS(e{=gjsx3cWn+C9@^=
z?yc^R3kIloj`+jLm|0af0au&nd41Ao6p0{FAj^*r00NpNX`6AZ9A`L<aFmqQr!`%!
zrI-1>UrKmiG|1Xw6Fx{>!kDBj!R-HZ&;pQfO!w}ACXj}wNAk?}-2m8M|3;C2HK9=a
z;}e$1odKqbT5D|@xbD6yII^B5CxrWBBlZq757SrBN6P=K0#bn*%qC>OZlO8#hv@x0
z@%vw@Yrr@g%8!6u{n+WaztdoDKmYBi&P!4C8;62uAuw<PXPd_E!m=>6hq+<i(Z^C$
zi@RS`LxZ`r@dSO!(5LNhmp@&W+jo)kU$2z42WkCiAR&Luv)p?gy@jxPl$M~WYLcRl
z*0+>EE#@Nd#GyK9V7Dpqkc304DX^C={)+on`=K@PK98_#S|#{dW3Fti--Qw-BXoNL
zVy;ZL#??z)COZFUl3gu<&}i$-#lkcz#$&(<Q^D@KD0DI^z6J<#wcP~*QkQQ_#E^oT
z#-vrhy%x8_u}SEANF2#=sjxn<>0y1>g$YV8SV_8Ved;jkK6%W@yweXB42vN<YGfkZ
zluya&@DN;?ChOM)gnm1qm);lHIU_p#52>K}H9SwAadv$j(q?oh5!Ac{D8zbUB}Bbz
z2`rqYBqhNQ1o~{AtIDd*N>F^c+#B6sEv-+k$Xr^wE`-Rz1m6wUJVWR3SW7jZeeqdK
zRhs~AkmY@4*)p~Xz;a!Bo)t>dpY82eI60>dYRs@og!jCz15wBfSizeE3V5y$V616a
zA{SrvKAcXlth-S%H_Td<^h<0GvUS*?P?mc@_Rc??&Gfe3p3Q0aQpz}_)|h0j!%}wA
z*3syg^H|9}G(m-?Md>(Jnv}!P=eDkCvoL+<hmEf>o$#a@lztoD8}ZD<$AnObV002<
zYBXFt>0AH1f*M})%=LuepRn664w0AK5g|>g=xyF;KD)pq{LqHna0Qblev_nQ#jri#
z`aBH#i<V+l6s5r>mZmqCKU?l%MC+8tXQ)M%mAE_Xe?m?_e{6V;gBcxahv@md6H5Q7
zVNL(6Dsxr>4UyI|f9GSal#2GNfgzCkDzaolEnXdNuTqYBK`5F>)0EZuvHcve(KczR
zUA{PJ&}!(HMmF|@6TSQCMBk?CNyLJhp24Rlvej-c#ZLoIf2qHZ=SK{}gke=vdL~L0
zaC}9O+29#Ru7dS?gF@enS%r)S`y4|G!km+7MpGC))DN3BM$A`(R+1bJkt7v;*H9Br
z{1;INn{yH%)OS|(<S}0#$=szS3pxRDL}9N6LpYoQ4bL6I05vjIgF<Lkx(-35>8{ck
z*P71UIqEs@$dJHx=~?+HChz>{9{akG(%pjepLz<Hrfg8PIg4@oJsc}dd=@ornz@Dm
z{8*pY=atHT%)j|avQzH%B(CG;Xt0dE{PAhmb77BKVZE&7l*YIkjUqY&Q~tQ>SR_R`
zl^@~oZ|Hcy)A<}t4Wa%NDz%3X&abAcOoqV;VsbAL;fN%d?$Q{a**W#$Q6AXNM}Kp7
zecRvLQ65=!)-<brkVzHA=Ml=qf9Vrt;IUKHyQ3;QZ{&Q`Pp50m{BgGB>uH8<_wtQu
z`SHs1=M7br#K?*)w~2w+TG;hU1~*%K))cFoA$6h>0~($!gh8^PC<YO#NIny7bXsVd
zYl<hK7|`D!?u)w6d-n}RH;U?rCSpG7_;2S&U3n&RhvpIv{nO@v4Su66uXiN0V$P#E
zFL@qaN?15%SvZTU>K@Lg=CHM$#I-HAC85-2xt%8D#jb6IJ5lW`Z9hXFt?gr6AV<eD
zg`nfKKca!4(8UxKnUnrU3vhn;0E3P|WYW#}v@349Kt7qkRgf~lB=pm_&+J#Aa#;Ef
zQ6n3EiAr)pi0pB5*sH7Q!{QghzB)T1hhbq_^CiL+6tU7l6*vurK<jG;Akk}nsH8<(
z{uR6ix~mrX&#qVI`>ubwNkO<Vi{-eqAnw_4f0PRUP&g9wNXXmkWK4Q;c!ZYfZiU^Y
zytr$88kE(TBuav~17WD0SfoO3oXBBC%gjpaX%#~l*1YafBv<qAUNgP!SuVe5JDVMB
zzI3>yG9vRjc<EVh$^Gj&+m%9{Blm2?&p-1P242E+$Xg)C`j2C2psgIz=7R#;qz?YV
zo=cRr*p5wgKdlRw3Lu&~ZMSroZ(b`lR-uQT=4x3m{a6tKC+P53zXxUS5W9-?B-~WU
z6;=3ovDURaAk*pKOdYn9FfJ>>IPEF%s)AZ<cltq#g602B!s(wOOW>DVt=maYSJmTk
z1W(|)wzR}mzu?wJS8-``>bO>wCV8RlQmKX5JB98pmd_Z6b#irto}TP4E+R@TYoKVz
z1&*QC4_=6vsVfA=Vt3)OEbH5|ErFAB=*HmEkG?V!q;XWNdMHVL4n2B@8z-pI-!$i-
zT~m(hdR>@qXXSCWWBKE>l=m$Kyq~LOPdi)oPVXy8$5I$mTCVs<9SmAAoGE_6r5Ty`
zKNWdr^3vW_Oob8F6-GVd>M^2uZw=pXJ2x0CJPI4}Snh`~Vpz1@${b4MD1scvmQoE0
z5_%$Nny~jDgY`bjhLNAUTRlsg^ScgAY?#P8P3WPSt7v`Tpe|jVraR)dnPzwDf=MeR
znU>~jIWbsAlM3%dT_8&BX001`?k<bb#QfE!@wk^cUZ`L}-|iRj8k7ycc6f#>ia8Rw
z(z(u6?R%B~rPiNrbO)W<?JHvr8dM=ids(_nH)6g@j(FZ6x}{BLB9I<L|4{K2X5_Tq
zq(Y(9BzO&N%sfQ32PAJ>v@xd_e%lDVQQz?N&1q?CH<~JL?*c2bj;p$7G(GYb$rl_v
zKVw**2ZVuuWK{zs9WNl-QDl1rRO@zhhKUVNFN?~sgJQ8*+kc|P)-dO^>xPbFq`{ML
zWk$)>`C#-Ee#|{sQR+(sR8QjUw+X1o)UiLYAARd~B|_vIrweik2BXmG6uAGxqVJ*b
zQ1pC$??&AS?932lo~7FN;jz)hAicQ!vm_XaNFc84Xyn)|AeKtxF9Tlv1p`pfS(eU2
zbRzD5cLG|pukq>Re^OJ4oJYuuycB=!)`^uT-K)pw_gJJv7#SqqtOSJbbAyx!d8;Ln
zUie=Nm5GI)5Kwi|0as89^8_zv4yKRrdUu#96_P;%|ImO_K*;S^t7q|2{GXRI`{e_E
z)ZX1EUB~xkg^HzMj0ZVt{1J_eZ?IZCqcknZDY?FtCWpXdpm7momh;9d52~R>SYfB1
zDUfwUnY!`(a?q$#;r@`^?;ttsq8;tKh+Sims=~-YmH0}9tPL0b{#xxXuEkpjdUlu`
zJ%myP%a3nanxNt7M7()7%&!)4qDX3NK9nUNf#Ogj;md*Lc>_6(BGX<l{`KzVNe-GD
z04-a{pW^7T{5<Glj<8i_K_In7Gdg(@d&(kpx~6+5L5>NG*HT42?Hi7TH3Yr>4`T|*
z+KnM~J<(PTPZ38#JV^;RIA*E6J8-c5K+1|V{K}S|t%(jGiEBo+hmzzC(Beq4Iy;V8
zpovi2|J^oRS~HS1cSLVO850N+790-`U^xFEx-Dw#HuNt?1XOp~RFOQ>Mh|{g7>Xib
z*-wCt1YT)y!{`x*>(WH3BlADmo{9<tG%V%@q#(^^{WQtkKnO!`v6)~CE6N5<-<ION
zf=1{aSV2MX6Nzn<x!$thZcXZa@x}?HB(s9^+EXB%u})LuUHEmfGxO7VZ@wuu|1<&(
zFAh9SQKFb?M*!Yu7CYrBnbQcJXOU|Bv*>gGfos9}XR5k}cDIfYkmp!0>^`DY;Q{kx
zTH=t%`@bkhLfBVubX)X9liBYzt&=)|V?P~{64^1%g4_W!J%Rv40A<I_>ftJH@_;o=
zkV=q01h0EqiKh;gll!`09JtZC93@zawmV)BzByf$r)}hiGBjhJ&Eo1QI~N>wD+=Ce
zg-MAW0DAjaD~u6BL#+b5h&k(r@Oeh6_toZb428IyjFcpSUq65f#gZZL$KVkTBZgwM
zgb<`&`pD<J<=qQW*t>u(3TuScWnr*3<~$Q{E=uLLjDuQ)&IX0)q$B9_M?jweRzZMi
zI69hyJ;(QjyPoIv(~6SYr8QCbSs^N};jul@INWIXRd(PN@AK3oVC(|HvXKbn9E2n|
z+Z#n<U6yszf0;>K@)~p!UF8KS?1Bs#U8U~fzYZ4i5{%h-kfk97=vWpj=i0J#BR=s`
zbh~AOx5j`O3Mkb;STShwD=+eb@k)BpI1?9`G0v&>0n&6|J&UT?O~6`(kSE=j?0RSW
z1(bQ7zi<p6Lx``mYptis4-{S_!DIm0=4N;)Y{&>YT2O3<uK|r{=|=k-iq!pR_Oo(!
zupP(vMeaiy$UPuQ#gpU^4m1l$D6+h&WX@M8BN#elU|5p4<ktp^6p`qodGdt!`=D=a
zRO<eKGeL0>oQcv%;eWPS8=kHCCMWSCz-I#$u>hikaF2$mSB+ETpi`5S%c(<;;5l`=
z5eU*y@lyc@5UkwK=Hdu~r4v~!^aVk%7!7DxA&L|#KUk!8=NgnVcma5VG5Yx;z|-qg
zM!72lc>1AbkL_2A*3|^In=Eeci<}~EF+kOc<P?jEQvo=SLpN)afU419w{>p-^+8R;
z)2f!XNwC{-<{x&VN*2H#foW8+Qd|8WB5n~62fae5u$Y9j*ZYO{MCNxVI6tMw%$AZ$
z(jzP!N4*}{8*nRAnjGDT0i9z;R|5pMsxwQd(8B@TDtY3QLMU7jGGWKD^t1qh2y}!!
z&vs@Gs^lE1wrTSlyYNKcf(4+MDj!(O1UBZHFQ)=kqe2+)x?Q&CUeha2*Sf$L-fzQn
z*#`N+D>F1>s*~9O;XG0&8;C@EO{L-<4odwW-r934v0qBra~!?YS^kI>CP#$_+Rgoy
zKM;$Kz_vz{@)9`|h>c?DYUurx{*?3nZ(%Oi7UmpG^;}ZM|BNOr19*{Ru-r@NIJs}4
z)6R6&T9)Ttl@AU$Ek*1&j$+Lt$wcTGBUQk}|GR^8`@QwoW`p@Pqk~fkA>cvy`18pR
zj)sC7KfG_RQh~yVz0M?YYh=ZT%IYQr084RNuqp@>`3*4RVbp8%Ft|9BPh%6HpUO|T
zhy9EEoj=QtyB0?N9=Sgv5<PnTd_cYiOe{~!!;?EP7~qdZTWV$xXuh&Yfr>-N`v%d|
zU$0UThetsV78zcm6g{v-@h`H8;s`&1(2Wl1MtJ2+D9ZeI*FPeNBvcN`_4?v)xvU#E
zSrD9Q>W(dQ$pF{PH_bgLdxS3!ZH1wU`BwkYqY#8F_e2ivneuza>sf57hg>;$*rcaA
z#vM|6gpUD1kFkvPq_(;305GSg!EU&5S7p&jsy;-rSFdjE`)LcI7CadN9`Z6k{n3rU
zuNppHif>PA7}bWPdc#9;>CymT8qyKg-Vep+_9#`G1P8Ve>C#26_jaD?uWYHj+b?&#
zZwa~Rk%`p0-%dfdeBz&53=Hviq37Qb#Mmj+RXAUoWqRbDZrX7;_A*jP9KQ>X#qtJd
zF><m7E6Y@l3c)5#t-hfT5*ee0gi`~2$r@0*RPv!fvYvmlr|d`TqVY<AF+iE~9%tXG
zA}j*|tgMY-Y5K<baT<B)6QCZUgXCowR)&_bwo1(oTQz8)i#bo1E?}RtKCm-e{}ZgR
zSX<lW%u~4dHa-RE_7bNIQ~Ru@&fD~OJK<C9e6R>Aj~#A`zyp;`p8xZJXGxUm9kw7m
zVri}jAXkTH`S^yrOf1#IvJG`t%u8T4>4W*aix#gep4oneAqZ&wwm!!l;IB`x8yv;|
z?=LC4Ds>4TOS3Mw<e7gbjvybNLuy47U5DbgJn54}h^K94m9Xv6s~$jAIsEV_ch61{
zB^lCHpbGt&a<)5%D#p^$T~zvG(vD+msv^6sSNH^bNm0h~d~S43qHXmb&e~RI2#XH2
zDM-{nAnel1>&5%uN85m=+ORgQ;B;mKJYA9|@PoB>RBWvv*?<$Y{VIUJ@2(0A^9=8_
zM+Z7?Whi=c5Wo*O#!%&(P8|b9vIQV}7{+_0@CM{gyfr{7mj);#h0E#<Xq^Wkrkb%T
zDYH5|w+b~zd3*CmD%<jN=Hy-G;n$#N<{4udK6jU9*Sif3?$nJOpUd1%@%-~5Wz2W$
zrpoCxfLI3}5&5aa=UL(8gG0mA(^2=amt*4A?KZ<FpCwu(#A?ryK=ILCOBwauOh
zHasEb8@-zYbkt;S2$XWH2mnGYHqB;#<39r)9tL@^^;!2vGVke=-MOjOi=}WgAmlt7
zIRF%g3!#9#ygB}{>*fe_vvXe8X#WcoKc^meJBmPue?O9?A(-RMuDwqULnO!?l!&o}
z4&cK|Umd8FMK1F*oq-N%>!DN3tqH=K@Wh>SyG>&>Zn$TsKz3t8M_g)+HVT4(g;pQ|
zGh0p6<XO*fikd+v3V{^O_8}JOd<>GL!Xa|lS4XibQW1qDzzOYOISP%MdJaLUrb*gE
z`LgkkJAj7qYHdVtpL@Hk!5|!|jLtxKzhkF*a0rwl-wbAI7<t`*z`ryk<hOAxfWKO<
zf~TN%xn66KJ?Jdnj{arrIG3&UK#Yl5I-1n>8aw$(Y2Bob8A5SrjAP#ok}>Q08MEhe
zu9rq71Q#iDAmkYiz!K4_V;iq{`1q-jR3wq<6aE!!r>!raJ#48?w7WRS^yHbV0-Nrx
zwuk%avgfU`mfw;`9&(Ia{|sS5o+VeOg9|!u7=eI|)fy!g;0`*V?4j+Vk0)+$`Qz;l
zhOv{p05GP#lHe})F_7e?nndyUfX#kE>7jG0&)sqMKh(5kr#d{7{v2ozj{&Qkd(yY~
ztTi1bwu9urFZa*x1ZJ8r{wp9RXUVd@SY1B1+lG^m<T^g>16pshmhei60|bv*w{Bf>
zn|IlFu7CVcXZtZ=o?s<(kedKTo9T}YwFT+tnMuNlf#>dvYkQ!x79ASm`e9QUp$F)2
zeTNS)k2OR+p)oTP1@Dcl0EwWB4RWx068i3+0IVzp-+F?5gkpC&*i#gj{8G}(MA9Gi
z{4-TMI#`^lI-&v?f|=`1Zhp=d2?2Wx`y+=NnOS?o|Iq#u)!7df25qHq1i%~iIvzF$
zE65C>?0yPZn7MieDD?*z(=u>TD-<%wyT})l?4CPSA2UrZN1yRK=4WQ36Q6c_c>uUS
zTcRf$Eux&`b5P|0nErJ8vJkZwd@Q;u353yq>)8&4mKr%n&k^{M%VL!L8aGMrY9Az|
zf4YCBCe%cqZ3|+ek3I|)aD9sD60gX^0nY2%8Q|z(?QViET0x!Waf9dR2Jfr|mDA~j
zX8LN9?uZaL((1X!WME0aue0&9x%KoeZj{8$<C=j+csIY7@DGr}PZ*WQ3lo41UH(5C
z`scBBY!6`7&6$l>DCWrByTgmA*sz=v!Sj27lt1AoBecY)cB50k@U5+LU$z>5kq~l0
z6b}SwJ3x9rYhKwmnhmJ5{9H$Bmxi8$<hD!1BNb-45OwAkUPa~YS6dI|Y3!^ZCQrob
zG+Ge^CyJ&uyDAt<msaxVD=HgVr$Xt<VJKZzr3u#ZB!Ic8a*1(->tTVYt6xd9*G?P2
znIwD7LgvaW+sPy|C!uh34#N8pgEl#`6_ep-76%riSQnM~_8j(<wAv;L>EcL7RUy8s
zuCt=HPvp0ce~8)#W0Bd-QGS?ix~&>t_WL6q+pc`yg)?{)PLtj43gE+Rv;>s(wnjdg
zwe0M<$XjL6TW4*!ZZ0+Q?4QwX+6P1@pkQP!IDimvzY`zbNXggg2;%Fe6#Ek%i5|qX
zmIQ>@1jt)@4yCB?S%rDgt6g@B@}f8uqDpoDT32dQY{Gw*dR=?jhv0@Ni^z`4<$b7X
zk0@XTNtI_h1kaT{>FLyYWl`h3`FO66iR#<9&a}R_&)$DK{??x#vSIQaRDFI7QHC=c
z(@FQBOH}G+Yi#;g=sl1#t9pGjHuL4xX9DC|9idW5X5{bB1I|}JXM1ykL3fbYr+6I}
z^I0>JeM{)Q^@;N+Ib}8=DU}N`xDx@1XZ~TDSi!TUi`d#lKn{pQpXS?-?Ny15XH~T9
z32d|EV2v7ZtYCj!tg@-j_j^C&B{SBZD!-}g^_bGeeGefKme=j0OY&(Y@WLL~%;Yo8
zFj8`{R;nuId_ryv>pHQWWp_7~eY}j`lMhnAg?iD}Y&UUz@<lZB2$>UYG71KBGWUbb
zV5miaL?%*!ABV#j`OJ>*pDuh?kc4TuA`##cu_B)n8cG74TXOR@+L&xK8%G2A^C{%a
z!c+=ylqZ{mI)UCp%Wmbo4-|i}O&f<lr9)CP-hJb0;v@93hTw7ZLqmfCec!Jk)S#Ap
zu>*pYjv5b3X-}+61x9dmZ87Qh#6-kWe_j0P`t%IbZs-esh1%<8Q!%d-WA_ESmff9v
zSzinj`7{W3<ds6nu4$rO$nwW%k3wNeM(vWw3F15qd85h|E_35==22e2h>GpRjI$&|
zq<ATs&Xj%ru3)rAO<d7lR_LLQ=ncp53!#kYZt^^CDd6z3pyWnx+_>zM2wAd(_Zffa
z4*$z^@n?sLt$jQe$u{QgYu|Bp2Xl_pG52ZM;9Fmm1k6VYDt4p2!Ws<lyv#zif3Bgp
zkUT?{x2{wAWdt)8ML0AD#lI06aOih=V_1iz68dIZ&`nKd%QqzSd%_ZAw}}gX6{s8c
zV4t<bDvd`tdWnPcGA=gW24MT+3_hAvrA-GS+kxf|cRFNibW&JpPUA+Ne?=Nnnckds
z|4bx*-4aJ=%^)EmmET2#Ec0S+=~$#jS9jPTPHwFj(P^rNL5&=5*I}o$a19;`qL?&Y
z+2da674jGIxoug!t4v9#HS#7jG2UBlv1eS?OK<z8hx5fcvKuI>41uch+cq3j;&;9a
zPd}0iAN5g{O~fs-lmA_F{Vg|@tmQetfC<Wbn&AhMrFP(e<RNPffD7y#lV^(uKjr|u
zpi$fEOF=6S6In)^S)aHuP7bD6DP9hBKu}z8Xrf=oA}E-ixe?M*FPUt15gRr=tWBDW
z?uRllmZJ(3q_bP^LToDO-y`O+sO8{3^63&3C;6q$;ZF<0#*NBPMqj$b_`wB+*}ISe
zoNs*s?B=&d;t+W~Q09U$&12_<sOil%qNIjs;dJ)W?g{7x-i-9T9Di%viL=y7reGYR
zD<Y>YI+=tdIjuoD7>w4#Sqn;x&!fDIcXjLBexZw{V!fUWskXx$#7bw935cGTLk_c8
zb8Uciy0#UnX15=wy!QZmpvcyYHq)jqn#>dywiCN};1Q`1;fVT3FRm?V)qq~Vj@kTi
z?e%|ZU`M%qy;OASqdt1%iaie}oyIFJeb#J~BFUwIoKaz}VN?FZ=jb~v)!GV(fX>+l
z|GJUFhG*>~RNN%AA9ZRinJflljc7NV*Z-zNo+Zd7>d?f^*-Jt7HaYsX`cX2lf{FHF
zl+{uR+PQza%*MM!0+l<m!+|NX?biU#(=i!ow|o!mPd4Hb3n3wA?FG_>#>eAf*&5fM
zqN@TDL;Hh3ssH2)LYlAiPC=rSj;hij*kn8<q0-k_|IHFb<zUkNbVyerT9k=N1CzB7
zEF9X!Ko-^bmvLb^aou+kCn@Bu%M#ZZ<vU&6oK{@x&oxVxGn=5`T#sANlqa~2=SqQV
z{p<Zki^0!g<;BY(&Nl2`EW^`?hG-E9Lx(|A?4*#UBKi*?nka*>bVm7JXDYUq_DX?@
z-K9+4?XeIfUjI1px!Z!2aZ>KVn5^NNN&Huw=U2QRqP+b>-ZEhMVQD{BO!SN9Pg<3D
z;2yFjEUSCm%`Z#pCCY@nm2N>T+@8Z1)<tsW1!@^{RI=lGu8GDDJ5WW7lhy|A<HFi-
zW%Av#?zcdU(lISEJ*#BHOdbd-fqQH!4o&KIeB?Oh*Uj7up6_5i{LgE3Fez<d?REfM
z)(u@>R+K4<GSiW(WO0klo~BA={Zx7da4A*93p`DMd-aFj;iQ(6le&lg<fI(fe-X97
zPlE=P#z%%VN)BjMqO!jA6P&m=dv^MNws$~<tbP)E-g0M>$@puW|MM8h$w!ob(vfZh
z`=Qp^-|t~Yc@O06yejAh{VRIHndy1&NhnTqMUE=n9Pcc+55Dz(Bwjyvl+fV<$~vyi
zhNC?p&BrZgTGWv*P|h`D%YT<jM7>Ck>dQ98Y*a!wZEO(O7Fb)3P!zuTqT&T1Vhc0;
zc$z>S=pCM(RW~}ZX1-=WTOIvA<Mf~upYDgi=P}2A$Si#mj>u>9?&-Xj)bO8{HxvqQ
zH)9ygiiz0nbnJmgY&FcBD1!`*uh&~X1RwXg*h8$o0<#@Shz*a4YmL7lgrf2228Y4L
z3h{u?zYqMxey{X}C1<|!D+kNo*#nn>>g9y5dnzOQ%NuwjyDOyHF3Hu;d>6{*Bfi2g
z6TfAWOzQ}_EIZtYmn}FD&wPKP2N7K2508k%trIilpT_>i|8Y-AC#uBgoW@#fewbw?
zng)4?uT<!uS%KBJQCvEtMQa(6)m9)UVL@H`$CLHbGTi%PEq30nwu+2AL{#JM)$kS%
z=P|Sf`#EIxXsPcq#dlq&-+WBkW@PKQar9KDxirtL6U>Y6*atcWpP5k!(e)mJ5ek}j
zD~}JSU(W0B^LdBrAMQ|=6B{;0#k}H0%Ru`YEUN^upuQ;nA@w_R${eU#yr!H?@4Kyr
z4lRcInJrEJQ|B~SDxZjEoP!G=N`ZU?D|vk-e4`sb(Xx)9qVAGcw&i4)Ulx?Obmfo-
zp72YMgh%mz|AwwI>Gv+1*;;s-WspOL81q{d^SoKt*kj_3ue9h-awUf(yPsnuZBmzY
zJ2^C}m8K!BE>7onX?qjjejO1ydbP{Ct+NV$9cLcMY@B*ixqKSIHBza0?4b0Fgb+47
z;$@c-Vn9WUtkdEd#OHTGq!3rQY~pJ=#U~aYkhd`7w|6BJ_3Ez{SCmff!ZF2D;a5|x
zLT>EO9P)|G!<sP|Q>OVsvZze-MAz5w%P*;wiI2bc9w0JOx|ij5%MAb+xp8(8pY|N8
zX1pAj)qXO+-YO<R_2V@YTkkx3`@3L<<>#Lgo#bH!#P*$Lk0m%!J?+6|O&1&IbJN~3
zL$cFn=b7%&WI!`flT~tRs8sNd7X{RAFC*R4LFx8h=azo9L3i7pH7ngS@3vOQ(~8NU
z>~cyUd(7hbX@Aq0(1mxoGvt>dXQ}eiJDv8ulFX8Rem^Z0iwi@q!=N@6zy9!^unD|#
zoco?s6V`X@HlXr4ELAsxN)-um>z`RHGGC3ImO|<3^^RA6Pw4Pp_%G|cbiKjF#f!&@
zC%J#qRIp5$!=IfX`z32w6_E#%F#a1A(AgT=^)fyXrc*lj8<a?f@rW$=CY12&so}`R
z`*mYA+QmZ|Cm@(QlM}sS&w2#%0LlUARx6&HPKwNCxSQ_A;!3J-9S+aQo6@-BA+G4U
z3`d_AWIZElVSm;Zv8Qi5>yD1>wO+$Ah+#nmcqL5njOG-aB2|Uad8ro{rl{=e1iUzL
zljc<WL)Tou5!<(#H0~oOzX*n8VbO^s>1<1n@t2jk?J1}T1?*9#S`mzTEKQ{OEU0Hj
z)~gz3JpbTB^dnKp7ZUq2xyKy{g{GHd8Go!wKtUc-*X^%{o@HI{alUs;h+(07*ccVv
zY2^^@#P{AB^%o}vEE;(mREsMc*j@+M54`lE)qT=qHtwkLI!evhxC;_dhi0uJ3?fPu
z<)%D`|1hZNv(+n!lRu{$b;)*W#X>2WoR?A3Y4gGUA>vwgpqe}Bsb*_zBDPA@Q3SG2
zYmm0O5F05hF{-vcMO-thE0hXi*#Ev2{<Ql;A5P%L#nM1{^2g}6bb+uIy_j#(Y@3ep
z81m5v?c`~fNcJbcFvvjoq-(9wj5y}En{>d`;5*^3t4uk@YHmwUY&CO|lA^A838j6`
zbV<u}Dmne>vE1aUk?!-{)>DL^Hw|_1N1~dqKuBZdr>W&8pI%|*2fdD3?lN3<jLf*I
zQy=Q&zC`rGf51nmKk7aiq}tXlCUH^pP<X8+>d;2wG{kX6RH<XFW|jDW=@Bl@o-l13
z;&!eXemJW!o+jDHQ%BuLtPS<xEYB(9)Vw48H#quG&*s`jOQ3W`ytlIPW^Zg!-`%S>
z+>vs3Be7*{u`(rw%+CIAu>s-5u5-xHf3yIuA};!dWvw5&^>4$waibrxzQ21rEMRwR
zwJPb$2Kbl84yBs*gRs?v`=<{ozwfo3|DG&}M(S1@=yjy>yL$Wh`&Gi^oAbz(lGGmv
zanMdfxn1$8au);X<A&P8YEtXdy!xdo(u}&FL$O|6W4sw3$**kM4(GY*))uAa42d$H
z4~JK*Q^V<$GKL^wd~aj9K4HD`;x>9=#J+~{rEV^wxZBC~dre<98y|rR6>(~Uj_%6-
zWH}#(OkG$7ExgKcDawRo1Cb8$8oYj}N2(>%$kmV*RLAKZLh@BpT1}uI{ldl&<SfyW
zFT#y}p=1Z6a5LJKpsURPEv>Op+&DxIeLi0n5FY1}9;`L@;VUxgbhJhid8JgFhC3`U
z!nV}OJQYUP(6!nuRtg`X^6w2^m7Vylt882I7%7?NIS+QdgI(blx?9SgF-4iv37r?n
zVJ}166Y6!`Y0ZUiLwGfNoLon1HVG>rgN`7F;c0<|imZsW9qQe9tSw&2+^{A6ION!C
z`5DHBtV01`5MbZ)UNh1m%qZ%zRbDT`x9T=o#!7!wDYB$PMgFKtO=7Bew4eRn<dV8_
z4J91K(6CPLO(G<r=f~Ak0Zc>ZQdAnFAk#SGabuPeUFonoD51VC@T5_V)KgCvs8@Z(
z26U|zt6bS>f^;dwlwK8iOVA)e?*#^Z5<wT4#>j@EbmPp-Y4}8vFRv-Mv&)-N32QTm
zuL`SX7s1}xZbX|ok?@!p2=~l%&L~Kvk+G384n^wSWQVm-^&E^=_Oy+)l)4j=jmWb$
z<%2ub`la28rqHorikUjrHU<`m$aUGE37DX<hZsJqX)8LnMb)hnOW=0sebsA(>cKiS
z9TgC@<PN?HleR-Q^Ri1`hI?*4y5U#j>ojmCDE*ZA9^jwxwpR`qr_VO{&!B@8OObQ$
zrcJ$pM0Tcvru{&B)R4vC_1o%8RM%(mI6q=U?6_SDxh(%I^^){bhrW*+#wf+i!)<f}
zE?9s>BNC5}3rj+EfmIJ?zA#wX1zNp2L9?o6_P+;8%=ETFfcEN|mfr|V5b7Wj+w+<B
zPq-<9lR=RIHcL%_;Q);isU`0md9dESX(l&izh)~yzzrzs1xVeIA?JQrub9~sd~F^X
z@6r&6&oA0M`joxjxEwXf8ET3f{g4um4fC?+Re)qXM<53Z29|ZZbz*>Q5{GX!7ilFc
zzF$cCJwR=>^5IV(JWHN-?nh<6v|Lg0gwm7EvzzT0N4%|;zBzI*lxh$H_3Sc|!+4E*
zIVSz=+xjG=Zm#|wz1HZl$d0m8Dy1}sV;YScom&<w#qIz&nWHs4@0MktqRtJtV7}(N
z&)@jVcvS713kY(ElMeu}R9I8$UFdfA8j~D(d@xq0{bVm*Sp?|$;vXid(l+ZHe#(3}
zh;o==>enAi^=jVEc^(OXla>#dhF%J2XmbN@tYl-3jZtChG(;Nu@71j(C8w97oc*3`
zF|*jdNc(3>lYr*E=<q^hPIHx(D$4a6lkdS&UMv^#W&j%1luuRgRn)r0sH?X9CeMB4
zvsnGLu|G;ZDL|6CV{iBKPm->kWf@25ScIL>QYTI_H6+$|Do}qXBwc5fob);S{K%!n
ztd^Y{8-W(YgkYKca}YO9kuq~_#;dT6bt<Blk$=`qp8Lt^2U7RUF5xYqmj3YGzED3i
zY|x7cxLLRknbQ%y0(pS$nmW(#i7k88W$e%95eSLOUB&#y`jI9RsfJFVBQVW=X-%Sx
zIjaiGdjl)vG@g0t&HJ-CdzVNJ;q-u|_K#dIF9lZKc}AHO^9D{MZ?Uw56aKqR*H{=5
z8|f>zoRd_*%+M5=%~Tsa>zq?EQm2bES9ME>BUmCHOpKSGx7j8#=wyc|Cka(5_+q^i
zDRMY<qCm~c*GcD?^N=3%#&Wpn`?N?<mi4pG9--X$X~E!E_zZvtUG@K?3{x#~S=5sr
z5VVP4ddc2KrrmR$N67O>iRtob@y92>i4aw)bOX=OLgN1}uymEB{F^9NoFx*>tmW&L
zh;&?SF?qhmlSiG730+O9D{5TRjt-OOe%;^&V9b>*&n*+8N;OlPN&XuL(G`yWqbp@s
zD=J>|M|v0oSFSF7HL{^h(hh?SbtgIe1#)MT*uBy9Tl~*Bgm=*p#jDr5Ep`wPG&N(~
zFNXXd4P{+*vHalg&S3o>wT$>01B3Bz!7MyZl^o%U+PQ(CA&)Kogez+^euVsGc8EZ|
z(iKq!(|GwWrP92X3%79^k9?I)EFPqrg)7sD5;d%up;NiwGB;yV)tJiA|72+m`(j&H
zoLF?}my^L(ZpbAN|3EEZy2kNG#Kx!=IC5?EkC5vsD$^vXPW!)|5?l5H%in17h^0#B
zo8u0gO8~cvv}}b2$GOL|tA`A!_T!Lj19fDxLGdb~meEPurmjLyL%uUrPA%I;sTuLL
z41Rxb>6B_4UTpFd1eZ`wpvM1lDt?B+e2C4DN&|mjZQsQ5#C0b5Mc{_mpuB!FG7sCO
zs>lttg>&mymLIk%#3Cc#epAdB;vFf<c<Y3#S%w2w|5E0he%Jys!Xm<(Op5oujp`K0
zM9EsWhcxhQbM^cb*<OtKBM^j}U^g%XA?kEybI;??KHE6WUCsGp=eR?PTLTplcO`a+
zUTum|{IPr0jJWe$rC5s2GHWYGBr0YZ$@mcql&TS>*>S|}wzOi6mrgRiCh3T8#_&uZ
z2gN437R4``6$WOYz&d<dr3fy?O&28;6atxzEs;lCV+bhz<5f*2td9aw#;c`iT08Jh
zA>vCGPBzA<8X6cZZ_vtUiiKoB(V7-W3*@E2eVNT-J(Lj+WPm;T3K6P2g%oy*bHtza
zIhd$Taw3#F{Elsv;2w(~Uej5^IX3#QX2npG^hU){CXr*u^thgAY~7rJU-Y0TFV(-<
zqy}UPY6Di9xft-ABOaP4+wUwtqzYQ+3-b^2z_%-D4<Rn{{Bu|9pG$4E=(R5C<6;;r
zZ_P3sq<#W5WNnS=i~p;=D-VZy?fWxhWY98$oK%M~7&DfVrBV(<V=b}^Eyym4qG+2z
z3<+t-mPVHBm0jr2QK7UbDoK)@N{b~O%BlBzThckt^IXsM{_$SVd%f3tU0p8C&+qrU
z@9%Oi-~03V%%8;Fdfq}t_38w$h^}>(kn|M7hbU+MZgmbEMD-v@KMd?z?p<Ez7pnl4
zjtU$gU&^8S%Ljl<rMUeJ{l-hV_^Kydy*k1Cy5fy;oBxjUSWN^FfK?Y%(B82>0lL1m
zN%_LCO#HkYmji&6c*CD1LKg<WfLp#-q8byISVa#U>}>P1bO40^{G(_6F2A-^uDl*+
zJ*+Ss3iemta*STvCI>{Kn#r*sK$Y-PkPVF-4u)vULLa0%a$6JD!SnKEI)#~JQCwTK
zsqqU#s!ic(F@$^4RWNycO8~A<<O#gg1BP2O*zSbX6>rnmz`(<)hdWqHr~*+`c8VP5
zYCtZ0!c{-wYMT>cfdy}h^Afn%CK0q_io)5jhF!kfs(t)<?RD<<lK>bH2hZ)F2G)GQ
zw_i3jULzfRK|yYd6Euy#M9Xd46pn`c3$8m?-TMJ;w1IC?G8{iPDOEmlF{q;F+;F6y
zM&zWLH;y@`MvN8Z;h3>%f>;b@a03WsIIFod5k^7cB@NKu9Uouczky(wMdj@#?oiZJ
zvoh0k+m_RAY82>fnVkTHOl4#J!sH{+?9b2htP$U|+t+00^_W%5J)dQ65Gd=gbxc`{
ztVeSwR{Yfq9BX>2q<vv5ko6F=PlUY%zqV4aY7(d&-rD26d<VlU>(QTcjyas<gLqwf
zfWPp-5rn9?X_X(vAPK66peUtuR*s}21lKgI*ApjL>R>}7d2(2_rmqVMOH|<iGc+aS
zO@7<u!4jWJIQh8`N3?49H>std{aAMKaF+C~5SlrdjBQ&KowyLZ^%@w86mwTxbss4c
zY44=K$uQ7Ajz7&Ve;%>S;itm@bn+cmKO$C>l(_#HfH9^iLI4cfH&(ERa#w}@%GU&7
zB4?p;y8Bk&@s)l-kKKMMgH@5E#X10e&Pqo`Jj)W$C;xzC0m(0wK{<-~7Vua&rXGOY
zZE$+w8#k40a<@g#K*6$D&RQ4WY6g7Ox5|u{(*)NcGad{#u+p#k<<?hNscC>3#|ziN
z4fP%j0H54Opq;u<?lj1e-6z87$^8h2sA-5EHGhdp!))4hQVIa<11v;`>kf7)%c$g^
z4*m8DFofJBFs2s}X9i%BOn$pM2T_Q6a@9MmtrC;sgtnW3@m?0~PrR%Pzbpv7zY{P+
z?nAwe10a^M1~jUyZu**}?JA9`H}%TTNm7NhOmN)(E?XTex6!IYA#Y}YTtK49W7izn
zRrNGz!LwXzvjBxa4nn#V*(B06;K})!HdiS`E%vK%i^0`7h@64APPeqbyoL2ou3$!#
z(3b6}CB+95>#(RLjQcXsk|ajOa2DiUpZ~7=unO5RwpuPzjQs<|XAY$4uuSJoy(!&D
zMZua5MoTK~vUz2IkU1u1ccNH?a*ZPo_NFCtk9ZqqLclM`q1wc5f=}7534#E<V)Ekg
zZ+_Ns09(NdUjqp_p(AYJ7DkFV7E$(mfwDIRf>b5%xhg3CsJ1r_R8KDV*uwBvT-nvS
z>&nD{`$>KAd%h-t7S`EyNZ!q-jkW_if&Mwgzy<Gl((v(uOSU$-4+swi^)@Q=nQVbq
zU&Mc%9NnDu2L$!C6=Bc>*ybx&(c!V)xktZ!&4qzW8JGc=Zk`iZDzD<#U432Z_Ty6`
zJk3I)n>>o)(QP`dX9!R@i5uptnnZL5KwPf#k$87EGt6ti*92BBm207X89eAqiC>1(
z1_-g3fdl}_o4Kqz05PiSX}#uaGQ~Ai^%V=eqQtyi%IdVAh^FF*Lz-+3kZ2h-gmFn7
z7#2=%56PEUA5=8)dGLbios3^hlVE;DC}o8oP|B<iz(M4<K`7-qQ6rzp-bd8#5u_)E
zGP-TQ?bI!Gc6E_c(B?Op&a|izqLB}dzDPIG8sEB+{BBq#B&{8|V7{04y>>yh{xV44
zR77P0LRCnl6yT5-wrmKU!Xe*P;WC2>*}t&4k=Z5+xR)~V*T$d2e2z4DK%2?~qD-v}
zpde{T$f^i{_O{&5b*6wL=H5t>Kr2H;U8GkbBy)h{0k=(fCYi)mx)JA4MRz8>T%GgS
zJ*^GW0H~16#Ps&x&^t}@FVXC0agidNgQ5wGLf)^=@wrgnd2#O%q`KCfTMmGP12yP9
z{b9BLh*xfwU?Xm!pCt@#wYLCLxf=ma)tnkIWeD^dJdkoj=)QrTrE@tf0#a=3wslD6
zZBG6tRLMt^+Os^#)HXp;>Z7OM(&w2E^1l5Y2IH4qU97zqju2A=JMC{=mtN^{CNK%%
zQ0wdD=^iUnhSE9sJP)49id{JS%XhC*^V_2s69m~B!4`pH?<%_gF44Z-2teXDk)NBY
z&{>!ulqI~f?yk_yds&8Q^xWjDNQlL~xT3RkLU&W;?q@w(aHQPna-5R^4lEq_05#FS
z^CxZh$Xs1C12eg<;Nf^O_?yddWp~MgZ&#HyiEK;;uFBO?^q40h<t5Kf1(XcRNf;(z
z+Llyrx7!8d#I+Kgm)r5F#^jYRBJVumCJ4#Ip6G%nI5fQkbf8zr*c&(gK3Jak!Dz1S
zV|)mpAw|hwU?Wt_Vj2bT(>-{U@r$eykkE36e7@Ler356(SanoeD;|l{{@h#yFrEQ`
z(w5uqXy33$^j{Mw2|-N7&UWCXcB4`4Q*e{N8|yVFt$8UIg|FIqJsDJr?)BJeyyRL@
z{ep}&<!>{DV06mG*ceA_B(H>Zdbo`$iEx_Ha~;K<bkEvKuLucu&oWi8@`qo)^(Z0G
z7HnhHx77w!xFq~4wZGdxck@|ocL3I`{`2#g8Ysb4CRyMmSA0f_SPtv|c(PkZkqV?r
z$H5FKb<cRsp$5L<9~hOCd658DxMKtx17FAPuhpL~RQCxT^v1mZ0<6k=K%GoQ0(Ah!
zC~T~cl@n(RuQ3zN6W^lOP@6X>AbFr6+GXx^J#Y6p1nmz_V}wQ&0~NptKeG0SHH>66
zFO$lAmXHo^`O{&2B^`L7h)n5*nIlsMJo^*rysZm-<ElN;FFFc`MO|wrW8F^4Em*D`
z2!tBPKlTGCy;zPrYDTKmigXM3mn6#c`MsU#E;gXL#?dG4lt7?q=?h?;3?xw3X0XiH
z^~kqB_dn6Qv?u7*-NvtHe!qAG7V<3v$vb0L!Rc;(4OPQz)T~wWc5P|2A~togSG_y|
z7o5%r#T4ps09M@}Jn8vvwOrF<Smti+NPN3tiN8DjoJipylA()T_l8z$A!Ij!M1np&
zJ9<=6{25@X3ew_l|MJIHMP^o7{6z<s`lbbOECXx1c}l7MQi_V=wp%}k16j3ak4qy`
zu{wJY&{nrV2-5ZF&L|9J9AS)bDXimH+B;&2R7qTQQiZzNsXrPuZ+|HT%vCDCTfNK@
zTyO>>lwB0cVes(LD#+@B!g3Hnc?!F&Mx<jNHH1A$TVMdVnd9|$BnK%g_AvVZm*n^K
zP1A46ch2_n-IQ71b!nf7)WdbZUYhuQ7S(}d-lk5=pAMnZ@@)^JzMqy~^z0irpN_|`
zT0dZa5N+?ePVsfWKiKrfJ<ZpBv~fKl`?rJsHBif|&f%{+dmNK6Pb&S?K;s{yBD^b6
z3iUieF=w3MWt=q-OjOwCVx;{2P&?Br5*8Q`G(CKq4lhvi$Y(y#oS|Mm{pZxneIRkD
z^4}m|=8jI2FV8&(NyEw{^P-&U!C;-60uE1Vq|Vd7^e+GXuzgb^rY*FzhcuskZWFl?
zW2eg`lX3d6u&6Qh0#GHeonZ21Y6OC9mKI$Am|)<|RO4{D$N@ury51r-r!a%{<?z|V
zpH=}Yt8y`qV96x=*ab_nTS|h%oj!8t%$319<Go>RGI3fiR{-U-7txf|A7ieWg@msK
zeIj1bpzK9qNny{5JwVBF^igQ6KRdedFka9cpu-U}ItAQ#hMJ$=2)m}@33rQVl%iHX
z=0w`&qRi^{Lf`nls@5D_aZa4$nZ4^z|1+AV5BA<?bR6u4)eghwZB8}WIJ2%{@>K8z
zPjkbc)PYcDkg~f4pO4|CsT0_X*H2~T0lG@DR<JMyByv(dj`@+AvFvj-cLP|P>|xV5
zzLM?!EWAI90wLFzx+y4luegT=pI^wroc%tVvtBZ`ltt0rFR-{`4;u_>!AB;~2^KBF
zw$803gnkag=tX3$X_Om(b=nS~wl6=qaHXOM?|DbQi7f6CAzYo^q)<&c&LYTCfk8|<
zr(&}89$l75@pu=yIWv>ivIhwoggZJaq!9X#gWy5rZs#W74Q~T<V5EI3J-poL4lpkL
zn{+=G-JgV$`?t?Orax&JOF>xBr;G3Cj)0bDO@8HQUB&@W1E`F=xp%p!T|lQ$@im!m
zkk?n9C)038pTWF-3m~v3^HzNxNT;b~NCNu_Z`r~PLnLBNZ?haR_5esXOb*dwv?qr)
z9K25y__el7NAvXkZ7D4a_r-eky^_1#-~UZB<TZl#8_M~Ikpvp;GU{LZ$$2YF8vf#c
zM*fDjeq3n5E)8H`62G8%1gRg`HU$LA2X`HKaY9ssaW-Alt?9*YB0NcFh5VtZe(&&6
z$RzYbGe8i<xj!g<k(73KPehY_`g`w9b_d^+Ll!1`{J!p?GleMt!j)Md&3aGB^0w#+
zKbp5<#(Gh1U{Uw*_M13|&04qV*My?4C0zu_pTou#zn`EAURf*O686CZxKq<A3jUC_
zS0QVgNo;^QoW08Vd5mDld@@I;d@^d_BghP=KMbl2{9^8=rIZA7m4>j=MV98f^80TS
zQ#-Z}ja|=b@n18^A<5hV#oAXdwGW(4A8nU|HLRs*tD!XFi;LmvROvV@B10R&7^^bb
z+ZYCTM2^+%zI`PVtpg2RrWr59W%sYQs-Rj)#MO4$XGNt+J=DQ{Y7~%~yqVgD&a6f<
zZb%*NP6w8BaZiTz?lQBmz4af=6f^Li4z7tMGpWQRh>cORI~7(TswAriRxd$^X+A1I
zmUPX!Ge?zluTssZ4Lfosu=A3SPL0VZh*y*?JNX&5)d^<x!v*!pf%%3%2U_1;*J-ex
z`TgkU@JZ`+Gpm1dRh$<g%Nxht_M!ViZ1VAWN=Y!`T<SC^X)jt_aBahuPp~`R^ZTD3
zXAiqS9SFzr&D-)v&EDT0E{pTHv-ZXOTA!mZP*iwbqV7Yd7YIXHZ<Bv7e%|i}qkV&#
zg67kFT&SKY>R-!`N9s({pu!e~x<zMv8-KCre%0<Bwc2GKcQTai|4NulcoF-E^bKa+
zRL}r!k?aURSZ`aGrxAE7dDW*!vQ_gwf?{RGxl6#A?CjeH={e9Ox>-F=YlM>m1(#c~
z>)(4mJY8C&U~Ck&H(_%8fGzF;&{Zs!!qO}!-+Qq&EdQt7XalIVNG;q5sFs$kZ{4<J
z^{!;iK8_5vP`)U;`gKj#6@V!R8BW5s)>>`*zACNS4~DVJAD6b|cP{+Y3EMxhV3&9D
z&OkmY@3i(iZX(j&n=Y%Posozc)3xy8MxZ?OQrOJDm`z15M6^RsD#1dj$GH3by+f$z
z`oM6b)zTbLA%HqwtCg-kuVqF(#ng{#vqS2KZ2+9j1_(P!h_V}yF2EE6^DU~j&N49J
zResKjJ1N8^kOy(ZV-}KW+fbo;^iezae76Yj5n7aY!7c(PGd*Cn?kxMRg7WX=Tc-Dz
zp-7V_w6Oh_knEIjkkRZIP5yvKdM~b$6c79F@4I&_X;zS>A4&NXbc=g*SNqqrId;bY
zy>?1Z2kHVd!Z@hSuiBVVy|12MhJsJ$G2@d=vKA7RdESu#L+*quX!x8RJGWIMlBL9J
zdtOo{&V@QpsBL<wGES2W7X=b|O8pT~d-5yLlYm4uCF|$Oy|loO7=sv+_Mm=^_YWdv
zqDHf_U!X%4W@0WL06JvqYiu%O#Mtmy%7cUv+F#y@_e6S1{HSpEujI|9jid+jfvJ)7
z!_%!vE1-t7Z$cq(W<xer#uS1O^cF$nyRDv6j5<z(D;{c(#x_d06R-{U<)&vS%E676
zwzWdaxa~-1E7T$i4?=J1@zK_+N)ZQa+3k?ygm5G17pI~?RRd|RSp<ZXaG~_dg#v>o
zX-E&GsD6quktM?G*w)$6Cl`P{9`EUNWRjU6U8DyEkbDccb|T^a-W*xz6t|;9?>Orx
zxK`(6O<|*2L^j1HW*3myS|ZANC^%`P2If*+u<3_Znv!#hf)+dA>p)WKITS(#QH7Gc
zINxPjm#9CD<)_!W|4-Wf$Efa*RMqo?tb7g>;2b_v$ryhSloO9k>H{e{rr;~8Y=yvg
zf*(g0dOc4`AEeNdV_4T0X%L`-YO{>Uj(}!)5z-_@uq2i1o|EQkM8pWhq8c4FKH}nQ
zX)yWJ2XGq@If*}z9Vz6W>bh8j2S7|L$dv|`9*~PzIe9Q7PHW*$iQOaKBh@2MjL9nk
zStf49fX#bvyernGmdIWLMsAwEp_EmyfCJI^T|)n^782zOemgcWNs8xJKN@&$In;Qj
zjlp5uh1Er@4{sX=!&i*HBOt6~`{LVcur<ACBBPi~qI<OhixVnM!Jobc(b70&xT9kU
z#MM$c5c~rduV6wer8^5+xl6&HGu11kNM?6QXvudzXDZ{ty#MS?)2d4G>!C~Z{Wj<3
zYn+6@5Pd$_F*EZ(>B-yxy5d$8m{{Ws;&~b|W{aX3ufhM>?Q5`D4#c0$USw=p#?A&y
zBwg47nP479WPd{;;PV$hOgYXRx}TRCF~>MXR7d0=d>*)479CHdXIc{3r4Yv!ovC&;
zh2SFVcX~f+CpP2IHyup5l@S2VYmrdkC(#taz;4CCiH_nZ#EgvKEJTkLvK4Q#i6L<B
zboGeM$6tx@!rM>i%?^i9kRw~c?J0eoH>U@M>7U?C<d^UNR6*)3mF`y$m7Tdyp{6(Y
zpZ|Z*f8Iu4by5x;-eKdPrw8Bhfic!MW0vSSg&tBT)D_W$_}R-vhG2o+c-Qn?zR?y>
zeTC>WE0rDEdkoBF@3nJ8aYULdR%$`0o-IBlf`Jtr2hfhwEAdSFM1zE`MR<~dq%?+Y
zO&IqiX5(U+WDNGji}B}SnU3MPulYRi`Xq;?!QmLZrF3tWZoJT15jF--6f0-ng`b)C
zNJJcw1>Xrlrj6Li_Y-jX(!Db`e|o{^VM~j?+ukgLC&vq+23R+MR3f=Sh~Jm2j>YSH
z?!&`#;e7-K2KSZNo4f1i8`XCSWLi7bEQHAVekq@by2fwa#5~j+bJMEHfU$?bXpq8H
zYfV_4=HhW)qC*q8Z_DkIH0q(mCsz525PjA5XNgD*zK_b{anfkRx;!oXq2)TEYwS*+
zr<N(wLn-S&WzUEAl2_xjm*OuqN>d07o;@x`N<Cgx)alr{TNRrhgHgN)PQ<%pGKPH-
zzeMM1f=v1%=(P3&iW@Y}MVh5c6gHr+8FWFFBQWLBKkk65>inoTM@bE29vyyhhHK$+
zhHIt3LWlD7TcNW}dYCY>cnlNAwiI!iq`6gCdD_xE`A~;*<yg9m<M7K>xI)+%yGNVo
zbnI%RL-zbxbGVu`+(;``<2UI$Mq%-2)`2JO(fejE_aDcEQg)2#`azrL3-*@AOCL&z
z08yOr16Dzeh2d|{8)0-$Qg$VTV(=rT@au=q())?cYS`;>S`QZnZ%l=|y{<Mb!V<(H
zF!OYs3!-E6$orx10d{h(G<_T)TFm*B7`SscZV7&(L@GdlttIL-*}V5%d{wp}nU+A^
zGzsD03}zF{Eoi3U0}NTiGW%`xA}nQDJR{O-V_ghxg38j3{~vkrbi^Fk%t|Y*zu+SD
zXg(It-^TadILJ-}=rw8S&sb>;_8FnKwAb;3r6eKS5bn6Y)6`@_hQ({%aVA~{B0~mx
z8`E$~39m(N7=NxSXBj>h@k1vt^VqvJOoGWEnFOl2TTWTdr2w&+1GY2hH5SK75}hW8
zcp`K?Pk7kfR|Eo<Fm8YeYp7b9qeV1|!@MvIDKe%Xg|L|@6b-;*39d|t4VfWXVeBG;
z%8>)+QDV|_nQ};mrTe|X!!o~gW^;Amxsx4&n&3}W3Ye92AmJEG034>3$BZT-cdD<$
z>CMIm`<qOI>ErTnRZ)gHx8@Ul{cQ4~@S%t>%$azjnbcAmpGmD=$gHSS+cQvxTQBS9
z#}S*k@K~!!*@bL9@I7tc*vSbF^nipFSq?`ckzg5}Kx1Qa{A#ewKi)b|H+S54Iqn#>
zVcg=?8<|lOgbf8JyB1IGU4)&FJNhOefkF0#O!N|!uh$|m%=`0KHw#0^(XsPGHw~X!
zix)Cw4QJi$FdUHivBgX9UmwWHu^C;^c{F|mLwYn@`NsbQuC#(^P3e>OCy1qj$ukS%
zZW%&2atQIgvw6dS0Px~-gW-a<_nlSHk156c{--P*{2u$E^DF3r_;xB7@*i7>*Z<$u
zIcTv8VKRTC365P315vhV`o|F_r2Y9W@=D0lT)3)wZF3)yrjA`vsrXk<LP*RE&Hu(M
z-~WzCQ-e`G#pi74hS`WiLo5Y8WU}xu9M3!t-kbtnZ{7NZ`}2><ITs4kQvz~M>n4n@
z#X#5jx8FSlkLJKAMk0|LA&I|x%G@1NLG_`w+h5+pgbz6w!G&{whhhJl=$~skHw6<q
xGZW0+Pdo|HPho`q*hStgh<~?|!>xaL&s<XcA2H=OVG9Sv`lmO&4S!sO{1*#DqK*In

literal 0
HcmV?d00001


From ee07a5739dd7b55a338225dde4bdf99b0c6c1e6c Mon Sep 17 00:00:00 2001
From: Yancey1989 <yancey1989@gmail.com>
Date: Wed, 8 Mar 2017 09:57:03 +0800
Subject: [PATCH 2/3] update

---
 kubernetes/networking/README.md          | 0
 kubernetes/networking/service-network.md | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 kubernetes/networking/README.md

diff --git a/kubernetes/networking/README.md b/kubernetes/networking/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/kubernetes/networking/service-network.md b/kubernetes/networking/service-network.md
index b02c2de..888c583 100644
--- a/kubernetes/networking/service-network.md
+++ b/kubernetes/networking/service-network.md
@@ -8,7 +8,7 @@ Pod的IP是动态分配在**docker0**所在网段的,当发生重启，扩容等
 
 * **ClusterIP**:提供一个集群内部的虚拟IP以供Pod访问。
 * **NodePort**:在每个Node上打开一个端口以供外部访问。
-* **LoadBalancer**:通过外部的负载均衡器来访问。
+* **LoadBalancer**:通过负载均衡器来访问。
 
 ### ClusterIP && NodePort && LoadBalancer
 #### 1. ClusterIP

From 2e8d2379b316288f12e37e312443465d9fe3c6d1 Mon Sep 17 00:00:00 2001
From: Yancey1989 <yancey1989@gmail.com>
Date: Wed, 8 Mar 2017 14:58:07 +0800
Subject: [PATCH 3/3] update

---
 README.md                                |  4 ----
 kubernetes/networking/service-network.md | 13 ++++++++++---
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 5fab223..a9a2836 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,3 @@
-<<<<<<< HEAD
-# tutorials
-=======
 # Kubernetes实战教程
 
 * 一个运行Paddle Job的例子
@@ -64,4 +61,3 @@
    * AI开发平台
       * ServerLess服务
       * 大数据和AI
->>>>>>> 9b4d60bfd4a264633cc3edaaa8b26df9827e3a83
diff --git a/kubernetes/networking/service-network.md b/kubernetes/networking/service-network.md
index 610c894..9bd77a0 100644
--- a/kubernetes/networking/service-network.md
+++ b/kubernetes/networking/service-network.md
@@ -1,7 +1,10 @@
-# Service的网络模型
+# Service网络模型
+
+## Service简述
+### 什么是Service?
+
 在Kubernetes中Servie是一种抽象资源类型，在逻辑上通过[Label selectors](https://kubernetes.io/docs/user-guide/labels/#label-selectors)的机制定义了一组Pod以及对这一组Pod的访问方式。
 
-## 为什么要有Service
 在Kubernetes的Node上，Pod的IP地址是被动态分配在**docker0**所在网段的,当发生重启，扩容等操作时，IP地址会随之变化。当某个Pod(frontend)需要去访问其依赖的另外一组Pod(backend)时，如果backend的IP发生变化时，如何保证fronted到backend的正常通信变的非常重要。为了解决此类问题,Kubernetes设计了Service的概念。
 
 在实际生产环境中，对Service的访问可能会有两种来源：
@@ -14,6 +17,10 @@
 * **NodePort**:在每个Node上打开一个端口以供外部访问。
 * **LoadBalancer**:在某几个node上开放端口，并通过负载均衡器来供外部访问。
 
+## 什么是Endpoint?
+上面讲到每个Service定义了的一组逻辑上的Pod,这些Pod的IP地址被称为endpoint，通常情况下endpoint是通过[label-selectors](https://kubernetes.io/docs/user-guide/labels/#label-selectors))自动选择的，但在一些特殊的场景下，也可以人工制定一组endpoint。
+
+## Service的几种类型
 ### ClusterIP
 
 此模式会提供一个集群内部的虚拟IP（与Pod不在同一网段)，以供集群内部的pod之间通信使用。
@@ -48,7 +55,7 @@ ClusterIP也是Kubernetes service的默认类型。
     ```
     能够看到Kubernetes为名尾nginx-service的Service创建了一个clusterIP,地址为10.0.0.252.
 
-    在本文开头处提到每个Service定义了的一组逻辑上的Pod,他们的IP地址称为**endpoint**,通过`get endpoint`命令能够看到这一组endpoint的IP地址,分别对应了nginx的三个Pod的IP。
+    通过`get endpoint`命令能够看到这一组endpoint的IP地址,分别对应了nginx的三个Pod的IP。
     ```bash
     yancey@ yancey-macbook kubernetes-1$kubectl get endpoint
     NAME            ENDPOINTS                                AGE
