From 671ddc4c3d762942004ff6869d2efc077d2fc171 Mon Sep 17 00:00:00 2001 From: Alban Crequy Date: Tue, 18 Dec 2018 16:01:27 +0100 Subject: [PATCH] README.md: add goals and architecture image --- README.md | 11 +++++++++++ karydia-architecture.png | Bin 0 -> 17038 bytes 2 files changed, 11 insertions(+) create mode 100644 karydia-architecture.png diff --git a/README.md b/README.md index 353fa08b..f1541bab 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,17 @@ Status: alpha, work in progress +karydia is a security add-on to Kubernets to help with good security practices +and assist administrators in keeping their clusters safe. Is is implemented as +[webhook admission +controllers](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) +and configurable through its command line interface and Kubernetes resources. + +While it has been written with [Gardener](https://gardener.cloud/) in mind, it +can be used on any Kubernetes cluster. + +![](karydia-architecture.png) + ## Installing karydia See [installing karydia](docs/install.md). diff --git a/karydia-architecture.png b/karydia-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..118a86c2a18dbc1653471bb9067c54741cc4d08c GIT binary patch literal 17038 zcmbV!1yq%5*X;{fqyo|@3M!!>0@5m*MiD`}LqJj*X{k*cfCvZ@(%qesA_&sbNOw2f zwa@q8@sI!B@80{5d&W5D3~}!_o@cGO=9+Uo1U!2xNr*>{had={v=r(&f?##Pzj&7} zz)#{|8Qq2dowI!`t#k?galK@ShCfr;iL2TvTD`P$)Uz={j4iD!j5ur!Y>bR7ZB4A~ z)^KV?5QGttMmh{xwzhCWc4n=69=arD=-jeumApQY(F0p)76OUTr{F8 zM(UlB(GR$9uHLu(Hq$!dZO!PT@&5MF!O5eMDr_4se2VQY_iERslTh0@7cctGgSdn% z#8||{#MSRYOK=#Om{>1IaR#8#y>&j)C{*$V7C9y+CLT^b5@Oo=>L!7XS^+X+(X7w8~1qB6kP>^DIb3+3*hkDV&7+#BC74~NLO?%E&R8*)3 zMxoK#Mu9!rWx8{nUsUsSvD{B~RIZl1Vq;@Fcj3a+7ss(j-WLdEZarpVN*s~l(2Ems zqn>UFYq6?5NqN6nRaM3LX4`~-k`ux6eSF;ro@gfZJLyYJP1@#Ax}X=C%48Md>7j=^ zOVj=g?z%zntTIXgEFD{OU5za*7vbTUUz|rC>gX`wle5>YPd3UH(K9idz)-V8~ra#D_P!(ear(wRee` zDe+TGGwJNk(m;2SsiM%EZK;n<jdfh}$O4?|t#>CV^8Dih|=FOX_Lx+Lox99PT=q|t}pS%Bov-V(?=E+q>CgmK>HsjAIl#+SV)2M)efWZ=r7#988 z#PabX;;O1qC5?gkNkmi>I*8)#D?tKyoR+{ZoVnW7837MuG@YEvO2jai&QitQ zs`tJq_2fyP5)>2RAZn!%G&H9VPQ%vNLR)E zJu;%H_&U67^C}xLafEP_OjLh=e{^8dcQtkOSAysMxnBflNN}*Ov2kj;s!VuHOw51W za`3lIyDZb@`uZ=2OYr8QWP*CUR%4o^ufuOqP*5mktH1c8cZFDiUwPSQC|&X9lkWYlt;NU=c z&k+63PJQx}AYnl|qPTEMN=l+xpI)Es{DN;_AW{fRJ@s3)p{Sss!ExLzHGL}ZC!_<; z1%h7=lql5phhM4<=R8H+4jDN)pM4Z3m;NGPpJzEL@XrnJ5{IzJA^WFCYu#n94W3YB zmSnuhocg5W?)CZe=YD;-^rx_9(v*Mz+})Kw7a_u*P-uOXiC~?C;IOu{W8bO3BtXiB z53ZqT7bM56s9t5t3I@;#XZ=EwOZsiM5M_`(rWP<8i#NVlF4A+wF{T&gXKj}!n*_l(AqZn z3$LX*U89%ELLXne(=7gnq5KyvHwOoym>)qsY(}6`LW!Y~(d5xuZOi-Xl6m$^%Dovc zWdB?vCRV_e{zQ;${PM3rj$&|V-{aAP^+_?i`Ckbm%s-5^0I#3K@HU;E92L{y!82Wd zb+aQ?KE45BLo$q>qs>W1+|^a6!hXr`x@4${VEAL{Cr>!K7x<$;L`9{oTtTDnKh5^} z91-CQXhkdPUX?t3n`dERVSQ_>@#JW)m@ZJA*L=`(K--0IZ*`Q-hU!NohZvwJ59JF> zKnPT&!-`Vq$2+4HJ`FaUw6=e$~9{V_hDtq+oiUXirKUk&I3H($LWG^Kgmm?@(I) zw=+LJnf(Jn(|B@GiYaoBWMpJazbEp-SP2O7wepS>;tbz4vmJvLCU93pGMs`CHe62 zOoRCbD=VIehzKVS&x@R*@YvYk@83~yH3@UpL75&i(~n1FThpOo`1u0KbZOSxa)Sc?HtilxFta3^l-7+d|&1# zn>#D;m0u9uCOUtG} zGGcoAQ16SE^$#{@0Ii$&#$9m`)hZ{hsp;u_n;99oI3X(8Pj|#IIr#D?HTu%-+IU!@ zaaY5@0L5Had`kqI$~r*Eb$Cj6f+$fB5xFN%^sKDH4z}h#En4!RP|Pd7_!K_Az7fi_ z>J)IZOqJZogY$&!?CkH}zxRTV8T|VC=-I8Sz7^wu{pIBjP)rcRt|#X`;l5a{V<$7t z`T6-}HZyq0#81BQbMLCJ|J+*ICn2uR+I$iz@crd%DM3V^es}@mV}incz@^T(RBAOI8C2qcG4mrvBY zcb@zEPRNk0AXXh91v0U^O2p`r_bxa0?&0==H=sr%EEn*kG_6WrMEB%y2k{IKzq-9N za2d*|a{Bd~rliExa_~BiYhxTgAGG^yZpLLQX9s%WT$}>FF<9d!hhtp`I+PL9b~6~9C)Cl=$48|MxW52LsYE_g22KZKO?g7T1~Rq6Nc-Ie*p#o3Ck?rvhBhjl}R z#*@p-!Gtutbxlp@k%@^3PYCHmy+*&mDrfG*#6-+9I=y*=-8yD$_ou|dX*z`O3KdmA za`FuV8eRe&*9~78&Dq)62TtpZv9Yl-lOG|k=MUL@jrSdO`m<(hKUk7et8iI{WK%r7;~LpAT!Mb%A5Gp;MK^Qfeg_1Zq&ooIF$`hh)snGWaA*vV$qYP>V|#@|oE<)Lf@gnARI=g9=Bh+@W0 zzV7d-*-d>`L=#Y5MA8aR5IX__+fi8*vp1gCY87nv;1Ll?04+W~Il)j5So_C1I<=^!V8LUy zf;bkju4ZzUV&N+u+gIY2|KNU%F5aq^Z0Wt)d?$ysC3y7JbfAuk)Ej{hcfa`O7n+GU z&T%-5-w_%vAx=L-iM7-rEUP=uHnL0gG{x-gbdNWZoXTEv#AzSV;Q3-pFOD@@o|1Yrx{E_s1pFkVgtl(lad1pNm=adKZ>5#iHDy$6 z^n;v$>fSk=i$vei#MgfTL$UBrR)8WjSZT_)O-S(To0W=%KaMAd+?#-zEW0Ap-z*qh z#IPn_b4sWV&-G)}=IrX#i`TF-iE?p}INIT`tlr)Rib&F=MC;m={G&a_*&jnv<@8u> zQj#wp3z38}i2n`GZ$*bGYVSD>D5KmqMKJ4>oWjU9bNj>H*rsgLwaK;w9h-=lh;X!j zO#d}Deq6Nx+*WjucTF*eoN#r)_*}gk>p%=d{p~0JHCc-PkHS->rF?gH`Mp& zMII`vt0#yAeNyY}vW6-becu$DkB_e-mY=k{yIVa}j=On>CLqkukMZ!3!@@uDJ9!E< zbV?bTF+6N+nZI->c0?kzjtjibNQ@x{ph~60>Igw5*{zOHrCZWdAMi_u)cF4WL4hD- z0<~B;E$zQDbwh#&ThO8omy}nwwB2sA-Nu#Al@!_%z`D$La;dEqft^zx&wTd!M(nY$ zpkI#g#Dg~^_u_<_8-Fh8^(EkMv$JC%RPy?-=Z?e?&%pY%hLTdzf}Y>6jW;yE)18tz z*6I-a=%@SoOW{dBS;fxVlXvgWSUPSZNapUB_ja>ar-)9lj~pc)CM0=xB;U9ZdpJG5 zr4{(Xcm|iDuHcDevV{2Ku8ha9CdOKVZ_ceqUiJzNC9<=#`Ih}tHxDr z=0qHYnrOT%`dyO2%_rqa%v1>9SlxVglAful+TSj@m^c;|3Ri{O1`V!$XluQVPw3F6 ztC2&6U9P*UqxhFEU#??5TkUCRHPwnP8}QcaTYeFmB~TTL*+qx(99PnpJqNYcZhz~9 zx`uWMJ@q19`35%D)!aiEH@0!V(;bkJ|5R_(YrPd=M)LFoOZthgp1rXW0d)WKlvIs+ zf6qZqdj_{$eosw@d;O+y#L@CN6_%C(={$AJ!|^*VC;CC;7S=8snubDe(8*iIu;BO` zwG4jAsgK6Th*|6x$;+Q!r{GhX?K!Z(T;6YYAg$*_dwGXrj>3 zg@Wyr{qd!HvyQ!7R2NiD43F8&<@bG@ush&e9%=MRZm7ArnRQ$q!U}~-BZ>m9EN*Sh zIp#b^H>1Cq@V*pFh`qln)bQm*TdpV$!fLmWBV^fkKqxd)L?k_T`gnNs4`-eu`~KXo zI>hg3XP$c!MV8LqZ98^{leh0&4}?D4jcXK*cf+Pr6pNjJ?|vU?(@H#ti3+TTNbq~47)bIrHRqf#Y%*j`y%C0t-< zg*9Ut}NaDUHy{sOl+?b@iZ#tcAb25D~ zY<*?9=|R;Iqdr4(Vxob#-E!Y~F_z2z>E(-E-J*O+TxX5t51i*OQ&LhVx`l;G{WRz+ z?hRLB|FT86Ycb}1RJxY%Hk(JidhCLjm_$QLqDB6=!J{b7_$}7s^M@H_Zb!UGU0od_ z?6Ql3Mc4K?*%2BTAT(iMB*-Kf@4d}6QKrm%>Fgaos;r1S%i)2dA~-^X6c+3MFA8IjY| zQ|OlNu>ngdc`!|^nu4FyTpz=#kjc+QEucAPS}*eG-sY7<7qkZx2m<> zY|1S4b)2UR!oD-2xqe;=Sja^E=tauj+gHL?=Z?Fh(NBJOv=^?*x5&5b7HeP`=1Mr; zoxQ`$afZv+Xr;Tb8o|69XNxI>nZW8y26E`$zI`im%>Q(`M(e!xmf;z_lIzkJ&8~SF zVA7uAh01v*{dno!rPfQ+ZBmsdm-Y8neY9#BDIX|fy&HXNt5uOR7{=5=<19ANgZKHh zJmi)TBO9qiPI0)_Z{)uAT;@|0hWDSlc=0;Ca%kxJJ#CY>04yS!LUdMDLpZO);&p@9 zI5qiQsDeZe@Dh#&u#m{k1M;&G^xK5@*P6ScgD?E7wmz=oVm~w#x$~vQb7wre$&OsU4+piSa*^|-P33%p7R(A$i>qnf23mYM<+azs`a=WV0^0dSww;4d6Lz& zm-Tab3kw&wSbip0sSqEQkiB;}VwibIx7Gaf>o2~C!=eghM<fi<9D>!lJio-cbGBu;q7G*f)Hf9S;ViYMhALD7vr&Dm)F1 z?NCWB@uX`xA2c_}+WNs>O2@`ESmTrKpSmgV zNBcBQz=Ay3%;lk;$tAk$22oBTPQ9J4#T#Uup-EyiPS{I00|MJD z4i2$%^IwfK4-|c1B~3|a_c47nV9@`SOUPYBdBR@cf?wX22fo9p6;u+VA0>I_L%Y5M zz`L@QtC5Kk{UnJ+J4#-1qQ>To7dImc=16{*lNuw2qI|hZL-f!%=jBd$R-TR2FBo_v zO8L2j`A|@_WW-B^Se89!a<263PH_5mEB%~0_$EyU$(F39ev@BW)@=G@=QTh{Pv+&8wGBQtq0L$`*EKOj1Ej34gfcuU?e_3? z$jZvTQsF^&NU-UjT}`*Wy`!hogmofGP}eicre}COKBD5E5xTE8PF=LvbAjb0OPa1( zNR8D|lEaAr>rQlZjQ-EbkadqzQQ8dt#|cTEu<&*}YoQFg*N|E&(F%7?-N%Cci27I zJWkD>IHmEemk&bEGta%63ZL6Z3m0?>KTQr#x?MZSEc>4xM;<)PJeg6N0m7|CYT>Vt zVRu#B>gGL&g6c$8s===xyh2JEZ}I(?@BD`^(#5$Dp)%f1+o+ZCN-+5O7Uv@Qu6yOV zF}IV6sXo;|li|?nC7S&Z+~gw3v=ap}hVM2>bum zYxytl`Twyr|A()nU%Pe<>(Qe}7-6)$od3HacwF?D?0p#U*W@mGNWQ!3f zh2lSac-x&M+1TGt4o&y`NI5q=ZLf&O(XPez${z~&Szb{Qs@DC)dT&*0<^W`g#|h7L zC+fV?RP&i=>FBs@XXQG+2vXd+bEo~D)kxX3^WS_8@0is)p@?}6Kb#Rv~Xa^(tRN=iz>o1It0#BJ^EBvw{dTwGl5L4jNt z$c>+0Sdaz@ikXAs2@2I5Om!VewwY<~`T7V4i_y~3^27W03KIueS?s1GW%l6lki;2l*u9J@I{{3*!2tQ5S zRCCAVmK5Q1bBK3!wJ?Z={$Pw5Y|Z{`&-sDT%n*_N37oQu3XEzE(ku>wl9Zf=k4VYN zih*FOXK6`JIr1cOE{Q>Z^njhm8&<~pe4$h+|Hb6Q$j(ECed-@AVO zdUvgdN0v^l$hevN{^Uhy5576oQ%p4Y;$xKehK2^2B6?N<;`%Rwj+`$$C^62#&SGC9 ztREJ#y1I&Z4i2jBA0A?qO(G(q^_?AGSY1s`&9Aw+VelO$NGOEUsQqfy+3As#oE-bQ zE7&OrV%DGKWhg4s2y!~|&^hOU&4s&KOj?rNicM)L$|&Hg~+eryks2%*M8I%D~9 z7+sVmbv#adK>&;uawb8nPmi5J<-eWF(V8IUzdju%$^`E+Zk8e+AG$PXI39#>N2YaJ^4O2MYmV zdwsQXZEE&sOqyCD%i=(8SeNJ-t;_DRS9-ds*PNi;JOa)REE+wmfVHDziytA)uViV` zBCGM5!L@ALxlW9@SXEv9{`2PmE`#Q)l^vgmNm(Ljy8bZ(Z)rqIhSDnV4}dY0nA@3cfcqJl53Gg3JSuNK8$=2{LfR9jyv9`j#Y%1PXO)O{3iA zTUmK|!29>_dvmljBJXHr2$kwL;myo9LevM8mzNXJK6v)w!-w#J2mJif#jpAd!Fba* zFu49AL+O2P&7ll)2^d!arKP1%Q3Jtr0*PF$=lAc3IYmW9qXr+`=jqRxG1*Gaq23xm zdef#UA3&|#WiJPcu^7nSe|ysvqff5*CK)b>@+TQ4B_%Cb-W&U$vjD|_igo0$!XUYU zeEPlEY~UT(tx1w$4PZ58s~0z{)t-fdTNx|tLJl&v_3PJI2x!C?>+9>moWS(@sB;(t z2~^zV=ewX0Ju80o0%L801xCsu_l%zb78E?~BrxQi_Sdg9hcSe~3t_d!<&AxlrNG1_ zm`A>GarEHGc$@xCxxE%IV9yF6bkWVt?Y_nERgdG1ivsqGK1X|NnY~+o+ek6;Q>oQ> zGZ;C2tLiL?A6k5*XJi0S8JYH%a%&4#NnpIB3A=Et29Tb1Y z3DW>zG(-AuzMev5X;qSg#H?EUDnh0_-u>`)D7|ptk56}#99D)^Yh26Qf4RU@U~H7y z<4yb;u)C2ufL|;`Hj@33zCIKA9Zhtj|K(}W+yTFu!9w5IUQoPo^QHkH66Pmh8ol0M z*JD>Ny0o#e0put^h8BeEdN3j|0SN${aYIyw3HInBCbMC8O2lqcL~*8Twwb<$<;R0> zVP0go!~!2tEitEh{`|R;x)FFlkLBbDUJc|Bs;HEgwU zGx>9sTw0o%>qExz>9mC9+O!V_ zSiWxkTi59ui9JoCY-yUWU%&POV}OK|R3THDLn%v@82Od*gvN+svGBU#=;$ahDXBLg zTRmVV28SvuU2+okp>89dfBzaT4;SNu>EX0eJkT3>+n9a?yaz19yFJxzM-G&flo)3K z2m>c4=R+7tunE=bJg%Ob`^7IHkO=650V8l-atq3MtA*lpOy^#tS5_G`B-`9HW{v<{ zVGEmKSArn`f7r0wVe+sXARC$VXHi`sp!5V3ON2^@4hvJcZM)c;ZZcBF^{PJ$YV{?| zj0rh8`Ku;wo4-;Rm*j8j`}N&jznB;r%aJlKFwPpFqB*ZZS-?OhKp)qu-dj;IF$VC# z@^-~rSNA8pFTVrA#BV!$^>8bpUB`w<7C+Y(9# zY^x3)xv!!&Z{X8?7CBZ&8})ZxEFH0PQC*HLhx_}wP^&n(xf`KKC#0tOrz@t;%J|jP z)RZ}{(F62g3R_3KsLqNLEiLW(R+nhf>*?kPwzCANbCA(>Fs>3Y;Ci@_O37zQ3tqwN z*$ygTJ_g`><&~Cp6?V9v945T{8NCmsz$PU5+vXA=>|nluzj8@ePxBNdCZB80PF<3d zlM#eo#1-x1b56*0|5^4CzKdJH@2PNdrXK9h#@;x5iaVDODt;To^nsIQ&GDWBaHO%m z-m^Lwt9J2aO@f!Z0WB!H_X;&NjPZDZmq-fu`4;#m1}<7#r6QIhHy7kd>} z)eCIrp7v&IP(0jKx&hw-U@`!w9hA-XM`q)$TZC8fd~NCmfcYdmyA`gO(9_d{fr-IC ze;Q$+fJ381=?>w6c`SHizTVzA%gf73oj5~U-@p|E#`-I=gfX8v)Bp ze|az;6IlXKdl@T_NLrsVcAf6+Z%iX!Y12|xnJD>RLz|tk?5Q}|#04&$FTL=auK>fU zweG^O45>n?mh1;W$R5FjmNjOl0c%7==s&VNc~11z1$N?pcaC#x65fN+ZZKSAYHefF z;E9D}z0}WPK2oNTt=gNo!g7Z=;*LWb`ID!gW&!siT7-mzP&zs~5K7{xWTPLE&&zF$ z%57!>VK%IF;diPy{2jnG3)6vPTYtKuB)AyRE|9S)Uj^clUs4i@A>#d6pD|??Ed?VN zknHHf!a|#*1!mdEOUS`|Qkc>dEuW=k+(t}vG%#*Fyyr_N?t7z-z_34mz75ED1&Cb$ z44kn=&Q%(!UQq@`ANvL}=tLC8ZJVR)hlMzn_k7Huw3K;tkdYR@VXIZf!6+7G86H7}$7_%DM zG@#NiPQBnGM9^~43fNtOMxYTW@Hg`|ate?|?SSxtnVEJx!x4B}G36`tjAei<`T7B& zp)l1W%t}555 zx%AJ$5Ca#qMB8iQ3_ym&VRXnEmJJyS7-($7!5G|7jPo#MjG8(T-td(N@7)F;>APP5 zM)aUhg^{|uHdKzQBah6@&GX|ufPY-)G zYijX1y5h@E)C>xo$P0wjK9Iqfo?e{wIyW~dRDS9MaTjo(fwJD;BoHSJWe^R8Dnhoj zmGDWYbFCYydBkr$ZF_UQ=bs~?J%BzBWAJ07g>T=OUESPX#8uv4X4Zr84o*HkNvH&Q z7Jqmn?!|p+U0GfxfXPtI^6Kg7r9saIoyx?*LI8{xv8_=-Zv*QV{;}sS%ss;U*7x>a z1p?FnZ-HTR$WT!B#q;Ouhli;#Y6VQpY?eb?bBsenLqk9>q^br{UWy@eP_-K&4`ALx z(ODF%WS@Uc={y5CQ`OKgXnl9B{SYlB2;@%gcVA!AfQ|r`_6a4_WeqLT!Z@s-YfUz`ob;%o%eKaPdeQ@Qbd>rc8 zvnz}J*+DRK0U(JD=0Gz+mRjKj=pEmNgtrgaY(`DBjd~d}+3E_0qU;3n#u=Vxz!*z^} zi~>G>{8+U+Y{tYy!oYABDD~9p>Kz#WBqM&`C2}NZRAAeAZW+clh>4vy{|3PDMj(Kc zjs6z!g7coV{5F8~7|#%kkm#5)G4aOU9tC0p!^6bHn7>8}tj0y)R_ha9ATuodN)X!+m74_M6K{fE z#~Gw4V39n!hKA=H9UUQPZV!Z3y`H`RZB=)+1|KCA6&3;|H{6(?pR|*MgG0~4A_V?? z>l1;kgTsY)CskZ`f2Yc~K%~ReNtR|iTMLYm>B1Be1Wy9&Cnn%)wtm^LXkVt}e8|7Y zZrroG^|9J^s<^n=HzI-z1c|-GumH3SCG@tY8YSlSFyjJG<3oI1;w#Vs)~-z(5=D31 zMK%799kw;@r#nII3ou%PQ9B?&rl5LbdIGR_2$1#l^}4=H72wg>nCORug1M|^d;I=%cV&pV|SGV4l(XVAH5KQ|0bB|5tv}3d}$gu^0N*4+X~pKH?b; zX6Ex?jxsB|4^hrN4G)7HM_Mf>i%q(*Z$6E!g9}EC<^UJIgopPSAOHw5uB2p(YbhIR z22@Dsgz(Oew=P#Wu7yGzGjek)elCN-$xt8!^)N|D#;WuX=6!8wQva!;+S=L}h5{|% zMMf9lpDa(J|3+I$o-@3gm=E1GrmKW$x?!T!4t1bi@V7ot8teM|OHhlt_#fMgV3Q_6 z`jCLRL=XIa6jA0N!c1C^x|ep9qrff350qA-mxVskeU3xNvA1G%neZXS%$??4e@ z&Ch`b6AG12em)llU0|taj%pm%#zFvi67`z`IeB>{fOSN~sAVeZ$jIP?InGSUx1vSDnD9t>cUp@MHV=GX{k&0rN^Y*2}Q38;xonCzn75RDE4jOE5JRz$Z4vodeM`S^DES&;6q#Sx^L_O=<_U7r)`+4h=;qyoHpm?pGLJ zlLsq4*>bevLu4ci6BBGO_QR2pksA*lsFnv5WoBk7WhhDCyLS(TG6YVK{jlcr(2TfE z_@)!U81_RLUi{{~HLDNKB*2r+$}kTx@ldr(De?{iwG|-Z8#D{p5Bqa<;^&Uu06A=G zYm)}s`1|;{4m7dfpz&*WZaCk^2Vx!;BWMVb@V#5(2AxNrIrZKm?*JgAV3Pr&Br&QB zR7WPJO&FrMgbYFNb1#L6PN21L;kL15fw#AJFrA<>HLv+C#1K>uCZ>B9|Mxtl5nk3^E-nQE0)k`^yfG-xG}LAW>;tnK($dnHg$170z6H_< zF|ye$$q*nlNirKmzBT`+G#7d1PITU_EATDu$9b|wAGP}wcQmiKxVT_3#>K^vVDQM7 zLpARq^7p_B9+m0C7fu-5jLRGWEe0QUvK5> z#3N(U_$#Bu_=ZcDum1nNgSKebwDpi)1O~4SiB7fw-*Mz7j%KiQQx{(oDIHvLz zohBs9o+fhO*kST$qsk;9GD+CK0R96y z%H*iy_|Gk#2+_^A=UGQaN3jriag34-lc3PL11HYxAA1K)sMGd5F@~6elwE86N(r*# z^+FGGtf&Y5!`+lNn8%d>XuTH+PlchbpafuA4!Gb}?3@dfP3Y7yvzV~4^%&9uUQ6+k zEl4#rH6jkHBLUFABSTvf;~r;j;7Bxp&H}TmFbS&&LVJe|`C{v5MK=)PkRcrVJK9yM z6ULG8#vfOLYK+C7|1G)QEejJw5^yt~=gLn@6#aiFrnAtB5H0_rGKiPiWW0S%HU^FNOpLl0a6$ zV!j7vcDwTNhTJFfM>`=f=Eu+2^82^q&`Hei9ey}YF>?U3VS$emuGrezLWqT;(IZvP zijX6yglAHau-{>#fJ!Vh_RdhOfVjpFtB|KM71n$s1b}L5;5I%Q;zsO z@ZmrpVbCJTKum?>_}Q>)RVcx+h-(-&HZ{cr^2U>z9n0Y&X@D|j78aJCL~;Cu?j(Pi z2KKZX5YVW&^nHM+20;IC|vqfAXr?>TQ8=9iXIfG}>_o#<=hlK*z`4iSr7V&WvX9P1W_s%pH#G;sgY zFB&lVAObb&J2-CME_w5Kbw}>ZVXffg`s=NTE=FK~+x7%wz)yCVzjX z9`!SZPbHEcR6;C9ICBuQsj972z@J@}m&X|~eZEia89w*z+tQ!_e*%Nat}ZeReJ}j5+f9n8CCFS@UvpjG7Rz1$9*dNG7u(udI^D{dP&d^^Bvc; z0ZPiDOl8Ja+5_}xLc=LVb8n7M@6fp^yAWtQ2)K2y1l@(k@)-N<=TAbd3cEJPyHA*U z;K%~&mfvLtA`pgxskkqIUglL=$_HK?cp8_GC?RKH2lp_oH<%?~A)H$~I#5zlQVEM7 zBY|CW4h-sbI3iTDK0MWLs;~bRxH!ll_$Iw+#LyrA%6P$6wbQTR8~7P5a~Y_+Ge%i~ z<-oL(z=!JF+wp*AqQ-07unZl|;Ki?>(kYHV~x;HcPQjf4THXOxylG!pSpjx-2E_oU!t(mp8{l)b+j%Wuld)3jLp2HyV=ZX=}T25e^9n zrOoXkI;1;O2317&I6?S{OuM~#^T7C2sm|`y%Ih`LYfKQsaQ?TcC&i4fXkqvX9Eyy1 z0P7qvpos473{5xlS5`=0Uf4odi{Z^kYLD*~7``{?9(vd68%vh+xL-Z)| zobK;HhF*73@qo{1SqAtYrGDIr6$sdPbn-s>!&^PY6#cq1F4j2>hsEG@+uDX%(WjI9 zD@PAr?_GQ8R!V?a|D6*?dyvFrc2tB=8+7^pctAoG0w2Ui?ABl;f3VsV2V~=jfmO}; zFI5$_LpsjpLsk4vc4r`ead5h|m8yFDrEGRT7M)*6-{W&o&}U&?f+grFaMRO>&{x1VTG8A*el56iysWcj;*hyR-LtW!6^9KmQb-hzCzOMn97Sp zXH^%CnchfgI=L%@-!=D;qpeP(Rw#x#n8DuZF01BQgy?eR}WZQfdHo zt(ux_;pFN+_s}XpsrL)sqWn>^=2!fMZc5+a#f9VKZz=jsZyyj9Wuj(zzDnJY^?f;fdHtH;X z1tXwW>yuirk$%_ebGWbN5hOp1o{5>C3gNWwc%Z7L(fGZCV9esrBPf*>IetGiz7{Cj zC*QbfaN5E!W!WLh$;B;pv?|hWw!O2XXS{|W4^EEq9}grfLR41S1Nc06qCcJ&?No7i?GvUB#YfetLSl zJ%@k;wg`!;27+K;!u(zUByQCTrHEiMb^Gc=L~G6V!03#AniPq&DSc7>uYo3!U-qRV4J%3mt$U^&UmExH{i z7<+fKa+T?#LqDgnKa+CS{PjV~do?xr8Vmm(9`D`4uc0f}3mrO?LV6?;a$izbtYv&d z5=1gSQ^Vm-))q{qXd1ax8z^ghioLG0$4*QZj42d_Zlmgmr}4*>wArb|854B-W!M81 zDG7-S4pzswh{h+BZ&QRjS{u`J4>}%L!SOJqI~dF3|MrUy{u|K!zy7X-fAf{ESBSeE wu7H4QM2DFIMZNkrpZS0N3Wk4urSS}lC57bLAk#WTHiAftKSkv{)_waw016A4k^lez literal 0 HcmV?d00001