From 4f7a9fb4dfa8e8a32ee5689dd44670804fe9f4b6 Mon Sep 17 00:00:00 2001
From: yourh3ro <nornikbiz@gmail.com>
Date: Mon, 16 Sep 2024 18:35:38 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=97#12=20=D0=A3=D1=81=D1=82=D0=B0?=
 =?UTF-8?q?=D0=BD=D0=BE=D0=B2=D0=BA=D0=B0=20=D0=B8=20=D0=B8=D1=81=D0=BF?=
 =?UTF-8?q?=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5=20?=
 =?UTF-8?q?CSI=20=D0=B4=D1=80=D0=B0=D0=B9=D0=B2=D0=B5=D1=80=D0=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                     |   1 +
 img/image19.png                               | Bin 0 -> 38141 bytes
 kubernetes-csi/README.md                      | 100 ++++++++++++++
 kubernetes-csi/csi-s3/Chart.yaml              |  11 ++
 kubernetes-csi/csi-s3/README.md               |  41 ++++++
 kubernetes-csi/csi-s3/manifest.yaml           | 121 ++++++++++++++++
 kubernetes-csi/csi-s3/templates/csi-s3.yaml   | 129 ++++++++++++++++++
 kubernetes-csi/csi-s3/templates/driver.yaml   |  10 ++
 .../csi-s3/templates/provisioner.yaml         | 116 ++++++++++++++++
 kubernetes-csi/csi-s3/templates/secret.yaml   |  18 +++
 .../csi-s3/templates/storageclass.yaml        |  26 ++++
 kubernetes-csi/csi-s3/values.yaml             |  50 +++++++
 kubernetes-csi/yc-s3-pvc.yml                  |  12 ++
 kubernetes-csi/yc-s3-sc.yaml                  |  22 +++
 kubernetes-csi/yc-s3-secret.yaml              |  13 ++
 kubernetes-csi/yc-s3-test-storage-pod.yaml    |  18 +++
 16 files changed, 688 insertions(+)
 create mode 100644 img/image19.png
 create mode 100644 kubernetes-csi/README.md
 create mode 100644 kubernetes-csi/csi-s3/Chart.yaml
 create mode 100644 kubernetes-csi/csi-s3/README.md
 create mode 100644 kubernetes-csi/csi-s3/manifest.yaml
 create mode 100644 kubernetes-csi/csi-s3/templates/csi-s3.yaml
 create mode 100644 kubernetes-csi/csi-s3/templates/driver.yaml
 create mode 100644 kubernetes-csi/csi-s3/templates/provisioner.yaml
 create mode 100644 kubernetes-csi/csi-s3/templates/secret.yaml
 create mode 100644 kubernetes-csi/csi-s3/templates/storageclass.yaml
 create mode 100644 kubernetes-csi/csi-s3/values.yaml
 create mode 100644 kubernetes-csi/yc-s3-pvc.yml
 create mode 100644 kubernetes-csi/yc-s3-sc.yaml
 create mode 100644 kubernetes-csi/yc-s3-secret.yaml
 create mode 100644 kubernetes-csi/yc-s3-test-storage-pod.yaml

diff --git a/README.md b/README.md
index b70f9e1..624e005 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@
 [ДЗ#9 Сервисы централизованного логирования для Kubernetes](kubernetes-logging/README.md)   
 [ДЗ#10 GitOps и инструменты поставки](kubernetes-gitops/README.md)   
 [ДЗ#11 Хранилище секретов для приложения. Vault.](kubernetes-vault/README.md)   
+[ДЗ#12 Установка и использование CSI драйвера](kubernetes-csi/README.md)   
 ## Tricks, Tools, Hints
 
 ### k9s
diff --git a/img/image19.png b/img/image19.png
new file mode 100644
index 0000000000000000000000000000000000000000..a209ffe67c85d0df9ee534b119fe0c023046bcc6
GIT binary patch
literal 38141
zcmb5VcTiJZ_Xdg;5i1s6L_kGAx^zQTQRyx8uC!2tlmtSH4N;I@LJtC=geF~TC@O>&
zr9&W5Ap`;;2!t3y;PSrT+?o5=Z{}tulXcG7S?BE8Yd@<!=e?=1&e_w~PIGW@oYm8P
z1mxg24&vZAl5^_h;TbOsyXx@gNDxrxAxHJd^_9be<Ddsd4>&k#6S?=Eoj5$^dai35
z#KCc{_uuc4KL0W|4vw@Gy+;o$LY=7doDrA5;=BHcZQl||L*F_IJpPdP=ELKcuW;$s
zKGPB3Z8nv9p?DExV|xF~t6Md1d9qL6I(f6~g>Gu$(W4RtKop~0t-d}a95F~b$}7`F
z%fWeoK>mYN>N-_ZMS*{!ETG=)$l)_^aNK|7CKvgi#PNuuo9{pA#i?8Oj{PTHc<}F}
z{{7r~_w&qu!u{hHbN~0(cQ;-s{CA4u;^qG|rhYqd%h~sw_;(e=^`?E}0k2g4Y~Pf}
zn>O%+v#JuDJc&6D|BX*Fy8{S%Y4$Q}Ez)E#3Xr+p^`WrDYzz%6gZ-!Z#fQhwmyQ<c
z59R8aenV!*Wb=-kmpyx}pv|YkN*Tacs?CCi*>ahS<)xDT9p4qbUWrypM^6|q64z{H
zbr@{X7{)$2<{}`P4B|F;{>02OcSjN6^)`vG{AYhzGvTgw6WByuM61RY^tQ*~gj?)Y
z8PB)AZ98kJQS4pNwEVwHe?AO(A_6*%@DryC=1E%Ol_wnYbdX6;ItVEhIh{UE7d1OD
z*^=*%VHC7~DLRM_BPCPUXFT5GM&gBr)1zt4irV5;U^$BtyFvT1R#~UC46&X|_y6!#
zcYR19z(me6d&1!UgRVN-T+0^C%~_2aBTHLGK5fp+C(kU`u!_EY7|Z*;7@f0QncFqg
z^H?i1qjb~a#j-<Mp?LU|q-Ng_?TLg;xu&1wILc^KpEe(KZKj<C@m>wR>8Ugu<}ZxT
z`e-^$w#PyL_#!(!_L$WT+qsI?9-Yrod?Q2SAUR9IeE86r80{xR3W_?_p?aG62k+aV
z!#7h?0cAmEcElKW+BF*BDi7zRLW?rv9$mniVKJ~ZS)E<vo)8sZpPL{*n)PkIrBgU$
zVvP)lF$RY>V(EdhjGUWQj)Q(+LMr7+-ULi~nzaK$nv{m_RGBsz+^8zKH)z0QCyhhu
zG%#lXLM_dBozbe9s8oN=3dM|;)~|OIs1`8Rw+_*%8O&a5a21>~c)p<uI?--T*pU+3
zQ1TsM|HzmPHyzpg=TxWGN&Av;JC??7ls~7c498Cgy%21cdb9-P{?Nr$hvt<WSRI4G
zms0Wcgt+4>m$;b$$uBv6OHipsGkmM+lDpOWluXfKL*vh7sh=k7U58ok>yaVOJ{mb#
zeIE_#=p(S+u_gV$4}8y=sBdRCJwN7p+)>}eo%c6tWE(wf+b~P1^ecdtM5gm&sR&Y&
zg1Omn7!@xn-B*SCS)#x?Gl!3a#Ob)}qdMe4HtkZwVFBaQ=Da-mhN(-fG_C9B(AUhH
zW%7nh2ViQ07V_2O#=NUbHI0{5v^5hF(lf7`L*%EKx4b?#!tKa+RvUPqN8EWubG=mQ
z7m%gL0^-+tX0+P++a^H)*fvYjx`{z{dqd`yAIGmbYhiaC_QyK6{wsAYz0}QZOgAp_
zqn8YWQE|t%^lbWhs~FcP@KSxhqlpWJ_f!4IY}SzZ2?PK1K`RZhqRtWj%~4w2$9ng`
zmJ@-_t2gUJ4AQXi>MVz}UB)kZ{n9{^!O)AoLo-|c#gw6|{Asn}%aP3C<5}_VkeMu|
zk_`1o*WKVcqL9X=oLeQkbxP~@d1%nEf2MKEGA=k*iRdlbOUjcJ5$$}%cgpA!L*N}-
zz`u4<n9`q;)D(v)=B#2wBKdR!_Gx#xmqHo>{eEc(L27qiPljo2{0Y!|&wL(DuGja=
z!fWPB<_u&W>9g};3;8b{T1#~2K7l65P<+{B={@zSt!*-Oa<!u`e1I(%@}2QKhQ2Fi
zlrg2ha&b)iiBvA{VtthG^8P=*S>jr$cbJ2AKre+wlE%MAq|Xp|h_#!Cz-K;-x#3N;
zA(kZ?IUp=WeAu1nksPSvRBkX?cH^AGJ{5)Gu;f*m8EN$(JX8z#vEqMJflc)beEX6Q
zen9t@G_r@LXts^8Ynqb_(U-+XWHn<`dCwgporL(M<sK6fV9-Lub6oM46_#tr7yd2i
z`d39h8DvGfLn5}P)49UJG(K!QE!jCjW&!Ez88|9Ct(mbncR5~m*{*L%{-&lA$oUQn
z1VpTovd4VfcK&v~EGw|MJJ;xE5puKa$C91+9>WE;MSI>jHlZyDo&yRlH}s!zeizn%
z0QQp-aI$fEi~9oE^dwbo5`RxASUwf?<I3lVZtafuk{=dK@~-=o#|5Ur=3DjryyI8J
zjX$&Uc{?r|U-1k8zcB}P|HBCIIPlyq4f5VE%S<OrZJp4YgWBM5Tth>ZycMNB%;9GF
zdOIiarIw3=<y(Vnuajyxh4-e>8=Ye*-=KQst(ElS{6PKPIsQzp=3*}63r~}sKsaa{
zZr}J+HAbwfpy|-6MJ>!kW=bt$Y2=6|@|Z=Fr8wQc_KZ(iQ+N<e9~66;Z@#A(h!=W|
z;bhxm2gpOMYOIH6`3TSA^9)J#=MM3~*<<t{vI1;asyS=X{Ix&iM{oX=ec#s&wtDU5
zt`@|4ih|17EJ?K}9)S-5Wls&69wxfob)vn0|I9ZB{}jD^Vs|LrRwerg^_^k+x>d_o
z%%jyu-a0hPfH{912U$e6^&R`R2}Hu`W_Xm>ZiU^4ImbtiHxg^XR)e-;Q9iS!6AeY~
z^QWxM9z)>8r>lyAflJ&zQOw0~pBCtq<YKwWy_$d}%=hf(bU-&n6<uq#+1R-4F{yeW
z+2XjW@-3Ud?D;cm8C2aUBk@eS%~7Gg^2cO@BfWuAQcv3x+^Kn-U{aly$r#&@mN3O;
ziOcIm`19>z{WcpQuB&*cZk=LAMpVritH7o4{+7-8Mvtyd<U~2qG}qa1z!txz?UMtO
zYO{6;+xH>V*r%N_HqIbuTI>2$$&$p}y(VjS$eue#zA`H(c+1TLMJb4DyITR~3%In?
z!N(;}{BEG9Bvadt{|380v6QBaH6u;b?n>y6E+y==b`vt+PUS(u?;3aMobdQ9mR05=
zG50ce1B^KCqcMJk?YpWFIX|-b4>;bO*PFj8z;U?dJ;eiOslNO7-uo84sx~Hs7-YPm
zg}mMf)(0p5g4LZ+7wTx&Y;HHjp1DTYiVwl0=@g21n9JpnpN|NEy=P@=WVh`{fIb-b
z14QKtc(^8g&o|G$dV+kEzME(zZAiL@P5B+F<_+;4&gBU!7f4)z(8PjBKQy#Omf$Nb
zate6O^ew;Gt$O*7AHGDGVtqNu4s(yM4*C1#ojo_0c~Y8GwR-a8-kBUJy=}F=>2YPL
zPhlUGM#42~vuJUbnIAtJJ7p`}N5jW}cIOOCej4Rrj^>dua;v{xsP$$_DX$~?&ZhpD
zY)4ag)!y3DL`=VrMqC}NtZo|llts&YihSG!aRNzW?CUg4%mcq|4bltml&kxhy+fMq
zHnS6Uh2619J)47hA^kxIZ>)OygQNuU&m51XeNwox8romCaS6cwaP9BB9b!ZkzZEIH
zP}S}zPK4J%q`s7>U(HQ9D^@AfHe$BMAb8spiogFU?YAl|of@dNSpO~ZBTs!*fcC`a
zgvmX%>>R@!e{9x$RA`5Y$oSbBRnVNrur+2NoA&)G78+)u1;gmOw*2mTVj_+)sho1G
z{sz;30wa?&Ia^WcF|m8hcwN3c#4f8-JfIo}7-_NKwvdn{LG{E}G<^0oV^YIeB~nyR
zXO%OEnkw2AWZ-Z<ExC&(ZOSE1gJGJKh&|Pj;@E4|KW&>%KMqZt7nvlF*>_ed;MynK
zs??F%D<=afH8eU|XcuD4n+48O<IcIM0ut<QPDd~xBdsS0Li`Q7r*{Qi23S`=Zl<N2
z-q859UwQCpXJUM(uWJ5L^*<=!%M33Fy!=gEi{J*ubJ)OndT`V(9;LH?T^ys9*dZyW
zVj_2p<AT$Q1i-wiDzXR~O1wHBV&TVlvtIFZ$Qq}DP%>Xy@iswAXPfGOFLOy7;hk^&
z@`&l(i5AM%9uNxQJgGWhM?UILpOW{<i@X@|wd|`VeNGnO1s}E-Z!0xug{C3%;*2z^
zCQOQy%><|5!w!xxvVSd(7$}d0<((e#ZJdO6?$=p5zvUj>FEXcmHFkW?8q{}Nsxk^D
z=FgrR>hHe2LUY*j%X4jtCK06TKJ9_k@{D)f$0TOfnbc=5BGzX(e1iASF@c2ICRo`x
zXz94eI4Hx7K94Y>4C43YSz~P)-ta<VZ-Jio{j9>iuNViD*0Q)-ZAtp4Y=rI=zWs8D
z2st9bt4wj-_0M>2J|li8$GtfwP&Bv69O$F-Rp15yv4^O5B`a~a=#?Dhw?0IoYIFP^
z$#?d3K#AFr{Dz|nv0+B{45;@~1Ql6b)%I(hiGm(AowIaF#Oa~WJ8jqV+<w_t=U5zW
zaSdeIBbk;+y&4OgPP|T{No`_>+4t}vi#qNrvF)X?6|API3!VoN)om(wi!$nMkl!c+
z8`01|QLOf-oF0#&l25?uQDM2a&;D^zSM4hbYAZgf(4Ek?eJ}89+-QSEo$vl{h167I
z%L$|QNI?rK&pqn#N}3xI$%tI=^*89#qRZy32L-?dGR-jWl#@+@G?OTxd!D05*_zE2
zQgQlfNJLQ6&Xrl1Xj1Vc!(cx5pno8W)5zEpsD;DG2-6+kk(SAmpKay$wf((n?h^y_
zjGr#GnQi`65W;?eOxAwFT>+ebbi!l*?*M2<;Q+w1UB6LTpAYWrz+E-tbE5pMg||f6
zyX;0?UsM2kePwARIfcxH#9!VIH|u}NH~c>B^D%{3h<dKfUQ+JpF>7p36_j6jb(qn3
zTXQ+`0BrVh#K4Jgm^Tqv2YL)m4^!{Zk&EY74xG>u?}I9*+j=Ed<i2P=yA4q3d2i+s
z$)0#F0J36i_*>;)dSg?5OlF{d7lTT87qpuKKDPMlo6)26P5#d3`GytS$WTH0##i7x
z-g1op`$mhX{2bY|S-v^zkp#{D1U=$4PF!~4l^-JQZO)CJ2j!i5pueI0Ttn&<;!c6{
z(<f#`Vd^Ammv9<vY&%eBhVT;IXfUj)38IQ!T36=E@i%SEZ=Cl}r8^E6sJra`W?#=g
zn7`eQ@_?v}GjxvBP)1eKyFOTN_>p$XE_DF}s=~{ui61*T?Rjankorh=$}C907p~6K
zN<H;?2vs+8TL3OwUlX*>@YM-=c3`h2kohMnq;)Z3oRNK$qvuZX&kv_RmGLN`jrc6R
zJy<3qDj$q21MD`zK_=pSmh*a~a*p9fDq$4X-R>Q0hIS5BJ0JG=<oUIy^PWxL#h&Pl
za+q(At1|o40fuiOKH_FVt7d`2V%-&-<z9KR=fY=~cp7aIM^glYl~k_=zHYj@x>yB%
z=jz-}aJ!x&D0kj|RqIh@I454A!l*D80{C4KM(q_vm4!7KiIlhtn=6j%Yi(rDTwN+W
zm`}qPN3TDDS>z|<zqGt~-ubXXU$0zBWbyIppzO9y-T`P5KYNabx1F`xBFzggJs?v5
zj0D=Mf8(-g99ysmKNcYI`MJHU#$4NbzM8nvw<XJ)CW|7e1O{ebextGBHCMTrh^7Vh
z{8z0{zs@C<jov2LjeltS<4i`#9EgdD8|R0`k9qpXoD&Gv(#Z9itg^3R#fBY7{9U*%
zD?ue_j`&DgR~NFL{krZ1&*>B**R}Rs1R?kFVYHEe=`q4s#rk*G>*6@EVUm@`k_RAt
zfVteFbbxRX3IYeF6%OVYbbpl8(6QRtb=)2v?g986TSrc;H^=0Wwp&|T<~|02CsnZL
z+G4v8f^$xn3y7Ih@OqX)M1bHtBH`aHJq<BYYN7N8@*O<h7~K1Ak;F+b9POq*aa{ZP
zn<_hl$G2#;(X}ksyGp=w+bw?<Qd;v~KSe&nTeDUeEmr5_j9F1mqPmygp3Fh|LDLs!
zv+qR8{^>Y-ex&^9g=KZj!;&-2sdcp|rS+=s_`LVADGr08{nOxPJ;T+h$}_~1E|J%|
ztVL94LLU*1GjmzI4xjJzgOZmWK^pTHI&k0SR?b;(C#CNGH6wz?#{PcDJvMu|n>GDJ
zs#EC7OW_aCtQ70xXJ|?TUkVmq=1`}r>bAq@@#q8lz7+**zBfPAk~@4hQxvBQd=<i9
zF;c4fWqEW7f-b89I=ns5Bn0JuC!g}U#$c3|2-|_Lh%8Netv=ay4eG@JT~0D%V%v{A
z6w|GkZ+lEp<vvrqtY}>xBjje&D=7c%%oV<Q=WI2V)!Lna1ul6{=iPQjG!9N}(fp2V
z1F6|Mvbi1*84>0Jj|I`-5<T0^dyQ0{Wrea83plJ4eb3tEoaI^ak-TeCa{TJZ)?ap@
zilBre?`N(qc66-Q??oeLK|k|$F*U*%UL|on_Vn4|h+G^^JnI+JZ?tuJC!|;Fw}S@y
z21QZqv?Hic6B%~wEZTgEqgVaqc@PnTo>F_|C#hoT?OCaZYp>S3#wrrt2;V@<gbe%p
zjrxZhj2Ca(auS6EUS`;uRBs;7U&Ga~AF&>eF)r0QJj3vk+sqN~CXmT|)vZ0ZIc~H+
zY~>G`%`!u|SU^M%bUZl2-ZTy18EueSvh{@c1+^XUK~IhZ`3ZZnRrKcQvUX4)gFSN-
zb$?9LpJyOl#OPu9Piq&kcNBQ$8`syk;cVHl&e#ddb+B`qlN=hkjxUTXbu7}4zc-u7
zea+EI!Ti*A77Sjx0S+V|HROd^183BYB4k9{F|Qu!7jVSGpNgi9-u|_CTywH22n-lo
zYHtd3$L!t%b-@nSUwofQ8{)DQ2KDKa?u862by$qg@M>t`?5y+(*I7y;Yik8dzl|Zr
z&rX1NHB!H|Rt&F;7!3tfA643I4xvltlpfEsE^xim?Qky)9_?6OVG97N8Rz2dLW(li
zd)8Mp1dmBd`;QOHmRfy4FlR=UJ|ZfH`N(g{+2?sF+z~WZAR6#_;*)`EZc_>S``W1o
zn!PC>HIpSxv;}TtTZvES`P@CP$9d(3u4=DXarBD1b2%#{@V>~kV0zRyjfs<6Y_o#D
zr0S=E=V?bQgIi{_s?^dHwYZUxouJ~pPOP)tsyK@!wG2wzG&fExX4&gT&PWh3zvh0F
zTEoVgN96nrdv^C3X)h$vM_Wr&-wZV+nCE>8HOPPCLd1_e{(juQE12<5OB3sf!cP!l
zKIoMjx}IF1Kd+eKB%B+R<*53N3w_yv(Wwq?NCjO}(_KCO=Fx5@6CHUgTFLm-KnhDd
zD?PF?f-?6;pL_NCoWse|&45U=u1l>O&qw^$ePr-&3TXHl#~o?th^K4Bt08@F{8u9O
zBr&!$*NZG&O;N?B-22qvOIM6P1l$BdP&s?MP^NVkQs8=n&d31PGOMV6d#dsDUDXHQ
z=h!I`uiR@<xtkFqfcwR<<jYqJBC}N?B&+(f78mIB@a*t`$Ie?7=<nIrXq|Y^28NoR
zWwU;yJq$TrjIL8dy|oCJp|pul@89dM|8*3@X%B&c_wV||Nmc}#P9^{6>h{Jjxu0no
zN_&z?D)TrITxk{Q-)v8w5zFJL&8Hc2^xwGY_^j+n)P#BFsDULMhysoNR=2t9`Th!-
zbNp9z+^N#cYI33Ql_MqdmSeZ2;&)*f4hynO?LzWCtHI)mV-%8kbVs=);}x#M4Zamk
zW{;|xGhk>L0P*RRZF8N9y<;r#>?{3Mh58UF%U9hY_>*Asr`2anJA_R#r;6K?<BuP3
z7~MXMRJ@&^n5}-4;Yqtc@h(@Lehrjo2`Q~7r4^fPS>qo=M(Re2-HexW`9HXsn1#l)
zmNoe2&!KJ+6e4p3+J7`xJB<LISp-aVdWGx+AxG~CMc+T+EfWxh+Da?fIvsij!24BX
z50142Y8mGeH`*=LE8@nU6sB}8$bAx^ABe@DzMerhhbsa=*cs)S$0xJ6_h?AZf+<N7
zmGEq)Ak21&;(gUF33u0&|DVpa8_7ZS7H$P?mtB`rTEEz-_}G(J&FYAal}jaC5kE-B
zhK94fw`X%Nfz4D_BO{s&hAvEz*{>X#lOCN0RlSnKxE@d*yRso10{8Y2dlmKMrejnw
zWq4Zt76!-Qaw@?gN^0~+v)(}R@3gj;g0+k~e(;UNPy2>UpwjpY%=n3nrOvl^rn~I3
zzdB;umN%=by>i{{^0#DNCF{PX@my`0PpjrGel_>}&NRS4=s`wAeoz7#5YGMf-GPbG
zerGJbQ_CN_Fe9&Q%|FHZr0OFSG~(Ae<<n$J2<a{wfpxZ)HUMv|Q-2@uIS_|GoW5aS
zRJ{}~{6alG*z|F8Oas+RLzW?zv>U#)&r#aemi>O-I~f(@nDy<_@pOY?oD3}_i_uQa
zJyvO8Y_ic0GfeTZKfV{WvD@DvXw+_E7ffqgN8ewam;IAkl^hAS@H+yqoSA6phUuGs
zV*fc}@?D{k@%^!8j+WtCkx%yayOn(JpJQxW$-^)%NP{NA#t$o7uPcdL0tf1qtsQBz
zCFpv5{gD^XxmPH<Cv0LJASk}m@#xd2SE_wLf?CP<$y^&+79|2;jlerc5y&MdGv1(}
zF~8JyprzxQBI4pw&x+fzQo?IGiU3WdJ3s#2;jA9tnkoCpXI3!A#Liit?dH_wlH>&a
zMY}e-`9|W2x?PI7CP>x|-Q5<wMclZIw2qIPaqc=shdXOf<BAKh@|sqSoF8Mul}!P+
ziX#10$3Tb(nV>J7k7<(4FqtD!-<jwfRL+I7M)pCj5R<}4^Xk~vR(SuXkjme68xXP6
zR*v93&*~wXKtWmgf{A5eS?l(uIACF}yWBb37@v4l3DCWU&aw(XfB$?;QU5S$ITv#O
zk<zI(#eJWHLRV`AAj~_rw`2d;1tBe4f8L3f3U&8fuKZHDGT;$^qNh$oMdzCINPAm_
z`T0lXH@VyJs9)o?C9*vxET@Mh>d1GMhfRm8Q5vGfTginxav`5Q3--@wrmEoanEnc;
zK=3Q+l5-u}My!PTTw4C*mhHSt>`b$Y{?HW|M52JB4_j}11((h})OmM^{G$LAtiD@|
z)NQ!`R)%|g9Q>|2U!=o1f<XD*ff-4tToGq(&Bv;jUthprdyPs~3ZTh947OqF)1ZIQ
zu^mRgaY>!0%|q+=QImSN_RkzWelwp;*NB3YU#0q4OMef^_2%uC5wF)TIpZ&T9zWA<
z@X|_mCjy~KJ$_S_lO>hEQ&}G#j@d7(h#p?0WVzA<Z0|MQzlKcKklM|X?xe~2ITp7-
zp86Yyj-5fizgqWv(tM|Ld9JU@?7d}v$!1=Uya8+ODI58;DH?KpSg4S(P%4IYl_vGR
zh-`0uNLXRzo@q)j5W8`=_K8y#Dq$?Kb(Q&{DZ!d$6_O4%oYO=MrDsLv*H7Wf^@Caw
zrC;8R0Ys!Nj#cjTo}SxMqJnI;I@on!dBU0btzOd=z<^?>ch+A$_m-YwQa_JRBr$C!
zpXaFT>RUhFk;EyQwh_V?Z8o3=g>k}1=r4m=`1TkT_rgXeO1Wt_f$>_^kI7c+s5~+m
zO4fhO)#SL>V&GUNGhizwkQvzx%2oSb^>$vm=dUyVc)0&QK`xT-pdO|*A{XAjtKLq|
z^|3Nm!uRGLb3@T>vxDBu62EB)J7NNxzUr^C9w?>w`^Dj6C@bTgq%=oMmX*FSL>@$p
z94nPD-SC?jQdMC#of!XFMWd21MEQ8O+;sRq9>YbAp@UV;J88S-6SA)(C%YMaPY2Jm
z`)!A39V8PnD49@wMmbHC?10|U3wO*%oS#_56b|!o@Cg@7j#3AkmnnMIDv>J1C!-7|
zC?qeRB{CN3+TE=f*4eTwe?-JtK@9tBbfHx=iZ?^UP++EgDehy8cdxP5vj<nWs@%}0
zv0aT}VMNhg)d9LzMU>NFm7tK03hr3tzWGUX$>S6G)`Ux^m*HQ-71`E-*1zpxaOi>y
zrTi=r{RU|nSPzr6rnB`hyphZzyBK7Iho#P1irl&}dowaTHsU}`>BQJ_a{dl2p+#tn
zhQ+*We_|9C3+5{OCK=WqCd96k9IMPZ+Gr`)4Ze@*abv57pf1x5fF|?)Wth*YuQgCJ
za|Kr&O7kxi%-WwiFLu93M*S9FrrCJwy|Ww@DT*WJS=Z6o$phvKxp5*&!_4aO$YD~q
z^ICADrWPgAy8(vBoJW(GS8xl;Z35yf8<uUD;tocSu7w;*kL>V%=cdN97qQr!*a9c5
zR^jBLMOp{%;P$prKToc10U^um5{)G(F$04Rf7+@$@v1*{i8()FLg~{hIzQp+Kl}pf
zu<iOSep?{%WkcFJq;3E{sDqprjtiO>RZ;SCfh;vyYsh(PUo_!AN{PtXm8(X-nkIk4
zBR-^Nh~?|i6%2D6hdr{RSU#w})CaGgl~Y8T9rLAfFuUVtN_FhWuuG@P3MPXx+clOv
zuMq<>><LpeJxHs-`LP1`yCWgxVCn;E=>x4e_k0M{pJrDTd8~nAGeP!kL_*=x{h;y3
zYyS5qY|wN;q0<Ctu061ZpOkH`HQ4^9-j}tUV&Bdxl*$lvq{_;hOo;lW%p_bYj@{zZ
zmF^H~p5*26qWP!0x}uWxDoS0-DKV`B3nY~l=Cqbbna`_Ih{S_~=8-EZ-&!aA^<Hdc
zYF*mc%&PHj9>}M08kJ<pziC9Ff&g+KKR5~D06joJQ%dAIkUWz4=px&+`QdJ4Xo-0r
zIO3<6F4|kn80E*(u;96(It2Y2{GHM9)lLh<UEvP%w&DYII*yiBZ7DfZ=xI~R4+uG!
zyh&C-ehfKEOXp-L|KFx7bY^=K)Z881PCnK0+oNUd`aoNorUzSv(~EE|Ocg`~TE@>=
z+INWRD&tUbvms;F!+;6NpB3ui5Q$eEoF?<-mt&`#dH3qiwH|gjJ#GXU_5KmrZfZ#M
zierLjmsMrfAYLvtFguZ*BR|hX@7?jE7mH5ZcwT1Vm7|oZ4Nq$-ib4>8J`42^_&FWs
zf170`9oX|-t;xUtvmy#1hT06NDV}}dVz&^fgotV7O;gg=GO!ld8ZV>g1HEd<f6}~W
zEVrCsEhAPizsgcujN*x~w4Iq#J9qr-?eJx-4b*_wi%6DtHokq$(PU7%?d0*jHErTm
zZ&>5vbP~hOYG(r+H>5kic1Pk=(ckmPv*aJs=;8$PhdL)-&7op))eri@KyF;Zjk4|I
zi<uExihlzvFoV57-^F`VQ3YU!s(hlW>O?@+b7t6z&{N{+2u*z-A)kNSmm-LWgNPTA
zfQ^O~fb0oP<7|U9Bd(Oc>09F;WhTQdo9A|fzjZv+5}Z%5!wBo_BdjyVTNLun5=;8B
zkp8bD-|~@gye0ih(^Z?$A#-{07#4%Q%>@N>Z`*R>tw%8e*#@N}I_`67`!AD!A|IFa
z71(>PmTa1{G|yKysLQP!^J?}>`l6n<kHfS6d1@(9(8m|$T;|%Iwzjerr8|b&7krJ=
ziQH$9oio<ic9ELLz=JaOyC?JgH~jK<Rm<sK;k$9c5mx0!m-Zq{>5=dfyh!98ZUP-V
z1+?wxvG3E^rY7&etcN8VSCQj=<y0H9I%EE8n@siTz{6I%jI|MB7F6}^1b%<TzGU|U
z_}_jlg0eb6zh9)0I@Wk_?0#7E^<1-m=?c+<jf&dkYIPw+Q7)H8I)a39AKV6X|6^IF
zqj3`}V93P@+6Q~@8$(1x$_1LAACKt)eV}VPU`93U3=VEVpUJ%xgI^lZ9pVHL{|WxF
zUPS7+#eI7{nj>DysTd4{)y*{qy$Ft&pNDeG6XxZA9$XtJzsSILAx95R1rvW7F8j$G
zvM1acf=_^wm{;<VM#g9>f!-TAZpj)(uaxe-(+$#kFmQ3COSgboDl$slEVghIL;?(F
z$(H~ctczai<JHMgAI&gt;i3Naj#A-7l}qjpnDfW>CC)kwtpP>c7q`#9)NeYx#iMiG
zS=@#zOr|@g^yAn1RA-rFOm=9#(F;REOEDnIHdjnFItTqb?J9kGo%>@X|G&hOdsC-I
z9G-4|T}nD6o**GBheg4qF9lM8H~xIa{>%B`;NW{HPviaPilNzqE0&bUCu~LyjEYJ`
z?*2!H>1ug^{eSr}g^T|O8RpURe<?s595-H_8u?G)cy!_aV%FTDWC`L#a}@tKcBHn<
zstSK8_lOM7j~_oaja&-(j{bYa?WBdze*(w<hj;V;_g4QWiRb@R7VACH8d;}z?4Gu5
zJvlYP`kUT5PrQi#4};tGn#odtwSdyZxLoxcfu2(j0CfxYfKTqNxvJ0HAKecQZiq<D
z^nCl@?6Qt@^Zk@sl!~ajT)mri86EoGjjQ(h?8?}!aJa^u@X7X@eLH);fw;5(V-_Vb
zO{=)>X(J|tWJq{=@~!lT=ZEf48ojS6Rb_MjtMKRVC(lpnidot%QI!7xE5rCwgO<kC
z$J@u%|65O9u~!QBRTsqxx&uvX!Y#2`AMToN0k<r+{#zi2h{N@{2}Ie;U{(UK8G~+b
zlCw**RYW}hr&;@T*Zp@E^rGh(nOuv@#>w$q0z;;M-Gg6ueU)vqIL#|_t0jn>B4t}>
zD8rFUG)5X{2<s#a<ZHB%Xz+cdmO~}Kw4a|m_0s#Z%5}e?H!ftf776)PW5_hr-Qu|@
zDB(J=+5rH7u9fYvXvTox<)mEWrSYRbdy+&X^f#A=B@s?`hJi~%B00)_DXx8qIkkrx
zL5bc*_pe!476n~7j5z8>nkhzyotP*y!ZynT@O<OOOFj<X%MfF8vN9yWoU95NIkenU
zV)`Q-UUx2Tbw+JN?3`M$w?{YF@LSF@%E!v5JN66KZ2o@YJB|Es2T+8TFLzFxFyiKL
zI5XgAX@$5@9DC_d0fM`3acKNaXcid4N8(aAU@**!nGX?4;hN$Wa@4LNX}ZxZ!*ThE
zIvgiDp3gF!i$mrrCAW0sUtZa-z>!x9L}-K#r=lh$>5oc)t&vvIq8vM-)aaJL2npIX
zGZ^BY>&CTZR`*Lb_0&UYb7@vY!L<WR%#CARUmxaejklaX+)553w$GO^tEX3@Uba>Q
zAGmyl-oq@){Fp9&<zw1)`{DP(SiRz#<L)}yVG@`8hB!WFmIVo#6d%t1*X1T<(9RPr
zStO(CX6F^T-y+pUuhvbhHH0cE17uevbkW5I4*ax**YmLOBInc-kp?ru4jzO_E6x6k
zpFeysM|q`9K*q#fdn<StYk_$~@`_G8)suP%T&275m^eLZ$%ZD@EEssbDI*+tnH3T1
z06Hs>=qF9(Ui#$3s%}i6tgGAZ*SLrCg{?laodLw;_qaaMe$VnWL*tKRnU^Kv&NX)M
z_38MG$vjBCm^d-=P8mcQuNK#msZW&T_-y0$rKJW|&ku3!g$l2RyVD37yI9j8%>K9b
zLo9G8>#+zdNtN0-?g1T)Flj3ga0`3*VS;#DJbQ>0j#@u)y5{p%3E*XxBN1DOGH_ql
z4Byx-DqVYYLG^AB#Tusw+_%lz&vkSmoe;ZQ&r+M(C5VsV%hWtr?CF<T3w1CokZE7K
zb=;;ptjf{%_Xc+}cDj`YJEpMi-fVX}b;nN^qIM%_;OfJAS&~7{qs-_!Uyd$j&7P$-
zmK&!fHk_k^co=<paIPf?V*14FFs}_e%fa#ac{FNq=)?OzDV4YQ!V7P&C+|Q@EK;#t
z9U^V%yY;sGEfEi2-R5mRsmz=FdEJOEdAT$#u5IyyihoSH%rlhnVAp3g_ZH`izomzT
zQks2cC*Gv74LJMT-XlUw5N}#}7<#sObNm9b+`H&;ai7kRRrO}RqAJGINm=w?FpK@S
zs$#*`XCI2qI<jf*qLr87b@n#+A)mNcJb%?&trn->JZo(`e8;L_){Q)HQhJ$h%uz6>
zn{m3@*V37#p{(Pehh8B|+g{0#1(~!I1rljjxsfz*{iU%=42kG&zPK76g&KYlEMeCi
zt=NKo;f8a%FC%TIYwQQJB4jVI6S|^HC#6FSW_pR(H2>!8+#oRr5s<}qQmstlN{W2y
zf*AHK5w7Cu8_j(sWh751wI`YzJ1ysG{^1brc;9|X%Y{vqv&JaUR8y<CpbAS5T9)R-
zvUt`<mhIx#mDJ$x?z?H^;;(vbA_U7k|CG0o)v#83!2=*!Z8AaH6?iM!DmckeHGM+e
zy}W$eVoM?KT;@MPxr`uZ?bK6JF_$u#6>;Z=?x@}^nq%dK5DuXwP1Bd>bJCo%2-`8N
z;z8blzQNb*AHaG$%W|uU3Cp;QWjiGl#l3H6^@W0&4Mly{I^W098J!^`g5d3VWK26S
zQr`QmNKD|i#G-!yOJA*W?;W~$?Qnri7_47Xb))c=Cc5~8jNaJVlbQOEn)a;`8^@F<
z9aj%+JF|x;w`FcS5p*8T>Je&MxglGrd`v&X6Xv_*meoM}+)($eoJWN)!YFh%hZ0ki
zjXiG@SFUY7cqrCFIKvwB-@S=J3TgYyF}@gDe&r^oj$Mqf3%iZTGuvmC*Q?`86H8Y&
zCaiD)T)BsZnR#J9S)!zYj;1X8ZDNwOlh93JqDc~9H7MJfBP;dvmogqX^p_8X`q<#*
z?+-X#EUeq00(qrJ761H6rTbWR9l8^T&>r(Dz4UWt?@?2_bCMH~eEIJKH6=Xpc6#HB
zd^fFp&>kfEq<Dy>m`)*mmo0Iz*e*%IWCfD?#ZSt!l;kdn$u<7kXjWrZu2QwlP{nBw
z%j(*wj0N;n(o)srcKV`jL)`uAQNOHOSO|kfD<223^k4P9vLSSFw32(&N5xYSC8(#n
z5$-(YpFdqY4!(81WBj3hO{nfkV`=ZrM@@6zEj2r-z!|lUw)TBTO@LW(#@yt-sF#gI
z;$o6{;2N@VlltZ$^-JVT@weBqx)o#2gD(=J#>dtxMjtq})@Qr1%j4QrJ3ghG+j-AV
z7=x=EEH<Br7>vKys9Vo@DIfLY*r?z0fEnU~QC5;d#iOs#bj@1kB9TvaU|ML40uz_c
zzkVw|j@cxh&PLKmS<M#j)s<*%BGvj)j<+_pJBf>>IAXdu=C7vy6kOntTK4HfE1=nT
zYOq>HMQijS#mVe@eH4FZq|P_#dzA>s5a(AQRV5@##<m<0S*R=A(yXmrZYN*kw1X{z
z58%uRX}Ik=*F^#^IKyWv6uF8deXrS^D9`||qry@cechY0yab@$@V<&J_}<^>ZRXQj
zY%MXQu_`gk&ofdylUmOj?3CXPZ=@EI244Ft4nDZ#9;K}Ilx<L7E&t~&FvYz$xPBxG
z51Nu-hV7Le(NZD$jdqjkYYn=BQ+FOW+0cFoXMr+GkK<L)8oMcT!dm@xb3cGpHZs_N
z-A{WR5hW4wRFIx0<3ogV(YyQ@#@4oF*$<7){`hp1r!p(ZRtr=a@p&=HX)5HJAOhv#
zsNYBvag<<-#Z3tyB$TQ%dZJ9k@%5Dz?K`wfo6i?wfy#+?4D-Of8dS<%N|0@`5?ze-
znbDD|!{{G58|U^LWZ(v}Xe(e<&o+gm2O-X>-mup|<|sJIl?R7&dRdk>T&~+uYoy7r
zR3DU7tKQM`LuPy>g}|B`S@p~Uw}l(5ypG{@w6m4|<xfq`O1`v^PNeN8*8zfTM*nYh
z`WkM0cL-XQC$>OmCFuWw3GHriW+{a=%_N{uP&~d^Z$ch;8>EaC6<cg*oL6RVH{Kqy
zt14v>X?r-{b@u+FWYJNSkGVLT<+h>~fQs@LsKPy8Ea0U#lym7cmYk#FS6&Qeh7cxt
zq0dY51g*BLUtSBbERo3*nusLR4}-v-i!MKse%dwucy>0q71O^>fVlYwbHXILk9#bt
zy|0(aaL*CEAg*RAVM)7z)0i_nKWiEPs6@;5iOCf1xQFjTaDn@7*;U|HL+hz(QP;JL
zx8TvHA7IPYn*nnZbtvWylc!J4X}K^O#TE%Zl6ngvMo+)J<J(5&dDdHCgiyw%iQBDb
zG=qWX@q}dlA)l@Gz34sKvN$X_L2!I9fA2;0_F@)vSJJ?I{#<|VIjX8BaHZ&|?E1Q4
z?n)ibnM6up(UNlF)-opQ#Rd<CnGci~t8PjQ!A-Ms)unBNNXhDeJaa3{l~5mu_#y3e
zambrf^bl!n*Q?#;_i%9t98bx>xKPMoZ7!w#S%;_&6blwPZ?Sd*rzkCACMn7~?vds@
zX+%h-AC#6_&bPx;MdFn53dxaGO0*g=+l8gU-<L?FR#up9%u%uJ&={I(Z0<;k`DV6z
zoP#uiG%qtqE`tqaFvGdAO2ex9gO^I_b@OB8%zJ|bGiG4R_O@(_A|%#nC)?awmu<z+
zPdE22u@%t~q=hB2sPEjcdA)W7Dccr>HV3Ch)FI6YJa_YozF@LIMFeuUFoWu=4N2WK
z9ZCn@0D-Yy^Zj_dOwJ=x%`K%I0Lv8y`v|pNRU$x|n%P`4ZcRAK+>gN3W6k=ti;Id)
z?-})Gg)X$T43exIt$U>Y1W`q17!=v(U~7$Dv%SMbsXy?-TyEVrUI~nWT*53$cKFR9
zOLI<N(2Vpsfo+Vcj+*}<-LjZ%b)JH=s`ANK-)SwI(y&sfS<61CH8e0xk)@Ms&7fp;
zkprnZMvH9JknBYDojWsdz42aT#8%t&_Pvu{5R(D1bFD3m4n8d*L{FoCayUPlDiA?D
zd}Dz85)!5w?pXN@NA@rYshl_#2rn93{5zU8>Ekijvp_;UXbUekI<nd(<pV|fQTKgc
zQA0Q-2$Ff=n%j>V)#D2ttUL`Nolma%RpI-wazNU)cUI2b$8Zm(H?dkvfxHE_TXf!n
z)g;07zv$yReQXv^8&t{Uk*c$q?guHhb>8r+fEH=Jl1lYk2<7EF8iEx<Pca6t&W&}3
zx9#v^wy=Tww?0XAmi9~H$naQlZmB%Lf{X7;s2TP9JrU12zoD{c6Ho6RMr<3QHJLbl
zvG;+mcpAg{Uv>Hw*YX**lOXf{N}>7d6`(t3SEim&i0DCtt{kY9|Ly8Z;cx*}`iD}s
zzWUSI+!blY@*dIs=Q|12D?@e_gK*+g+nJVEc{hFBe$Gpr8GG<{`Ipov^gbLmz|!v2
zozVb#el60Z>71|%Yu;c-&wX@m`)1r11ppHG=8Xjv=!$j3{WMyGmSZvndVeX{t*==$
zT@$Ss-==m6)Vj7cF*2*7+sMP|zOXjswi#04Hc<$W51Un;G5hIV9?*MpOTr%8X0K;B
zspU3kR;u_gcf3O)W{<Vt$%lE`SZUMwFe8GQ9I+eEO17RFn6E+)qU=2eGR1eyP51IN
zTTM+WS~bM>me{>H^2Rt8f7Tz5l)aRQ77O3(d}X7OK^=eNG+Y&<$%Ppr?=f)>;5Ki_
ztI(Y~?vSr&MhF9C4>{HXW!qM1tVIjL(ZH5-Huzln{zj&X&Grv}JjwG%#qE-I$G|1s
zvA{rjx0XATr_@Xu9*v4(@uLPthBs?I8^HFY?f3g7+`XaWDogfYPthODrU7JIUd{Of
zzk_&nOkhmz=gM|PjdkfCsaLQ36Lz;LZI2bR^-is(VJCjhHdSN_W8gO4$Gr`;QC;xM
zdNz-{ioPJ+*jzaQqih+DI6ADiY#FbFhP#&A4V-Jx0<t8;HyAuHa=kx&wUgzU?%SY=
zmxMh30&TUaJmU@2H{So7++Mr!&W+e%7S-g`=E5{H3)0iv=*Wi-H~DUkl@={l9S?WX
z!X4;NQsYwQm>pCk>KpS689XNzW6VU<an;fC)r(7mCcj!=^s=vg^T;n#x@OqUrDI7g
zOCzv$kH^v&P4J9*qx<+18yxayFYx_Z28NLTv9FDx27j3-ZlA%%^pF3jzwO1;N8&1d
zrCD19d6v-@%mndw_&_gzutJZzS+)4B;!zWPUgz70lN6`P`$qyqkdfAtUD-YJltGmw
zd&{3#5fZbf!h$t9dY355-0diDwMYnu-?JWHsAEr5IvQ}g>>2cz9TNDx4%12*^=GF?
z-Zg|xff*z?QYP)O0SG&d$FKZKZpr0zO&sfe4U$d$>inT$6w1206a1RgdqQiV`4Ve+
z>Rz6=#ox!NR%4L|RFM4L>JFv7h*&X|7Qh&zsr4Eyf@Ft$kiU{)vjF}l?M9Hps&~jb
zJ+Q<iO`L7F@{0hg$5t#gQn}GRbCW*K!6lJ)9-zTn2Xj8>@%SD!zq!T1N^4HSzkbFy
zs~VXdTwU&tc6T;BM;g8fSbTS#Il_Nxn6aun1CeT8lw7aMuCEz*Jz7iAV}5M~XsrRx
zE~ez#Cief)Ft$~Pe?|TFVHo%(Al-MDg@PMnzMsfuI51h5J6QYT626@QyUzGCLOba7
zk~wH}Xs?PTDWf{l{imdOAG>qwg<IR^NmzStUSLRHU$LzoYp$@Y;Oo2wCstB>Z6#y8
zsbcxFfEpzi)KSe0%i3$lWTtsL;I2u?o_DY`+{gco-}{M%{)SSP!iyu{4{uI<(GUl3
zGT5KZpjT>c#jiSvn~Y0J+eYc75H<RuXEm`vDUSkjBraZBdZx}DF((?8wyPX)Ik|+P
zh=_#`r6CUJRVRzy)cIf6XvdR-B3*G&fIP88{|l1V7sbsB(=OK#3<X2?9<Kzl9|%kX
z%qS;e(7&ej335O=ox|FP7p8lxMMBrN<|@#g(PQyC3~W|=UKh9jT7$-T>+&)0{^k_i
z8MEKPS)Kk0UXz5JRDIC!lLa0x7ZxSee71;Mg>~#{w_)zW2F};93L0rwJ01`C&j^PH
zA<|VH*VDq+*Y3Qokz8l~>j6-cz6iK+Mp6Y!L-afWR@x3J4}lvcE`&!R8mlQzBOvHw
zK{|{#sV=0GI+GBIUP3HZT1EYtQ@z^|(&Ud-5n0X6+pM{q_Has22~eIV>wCickgYL=
zmB5&U8+6VhjL7BeZn*P+?qPPPkNeBoU4<Q~kSU+q|GOZsaQx7+Z$IN6xwoIGuKyOZ
z`TiX6_~ydrXPW~oV%E(*@2o#d&ta~VlM1;h+2G}VuLrN?UpfF7uPvrZzsH8c#QIw$
zcD7wfsmNo9T&{0~t1nB>whJW9<f;bT-`Njaui*WkIo2(QPp_ra*Ribs9!*iha{(HN
z<q1HG)<$tz06bfYcJNy$sb9j@!LR1;taOg1vk072E-|d?;I}#23nw&+z>SlIWA^X%
zI+ZHl)=kXEQL3qA!pX$c+4);48FP|8gb2IDxE!iL^G@&i#W4~~#2yO-s^gqy8V314
zpdo$nK(STTEairn{PpB3>-w1pz3yC{#m_CZ+w|9a8&gNH_I23~)(TG~cnLE0ooDtw
z|625AU=P4|B-EDJNJwh-=Jg!c9~QPvMW53A!b-=bKRa6CHZTD7n`%qYop%4Wa7WF%
z-OTZ(_Y05koTSNz{2~FPAv|R;`XK~UITQ4D);d*IrGwlNQhkYWEUMdlo0ZB{b>Huy
zw$Oqk2V2sU_o{p%woQj%;NQld`IJ+*?mFAC)4AdCxeV_cjJYKF%0<a1g0baNFcqUT
z>+tQmr7d&>My#P`h8-s~IY?Cw%=eX<y$^1kum0z{FHt&O4RKu~*N!U_<34|hHc;1L
zdmH2w;<`P7dP;Buw9>@HI~O(hl!6-fQptfWd!r74e-kzGaiY^vh)6~-pJrIgnvBJR
z0fe-;^<~2<MXTok?(`p)N!J-<EJ~}sLv=8W=$gMBA&3t5=wit)^alX)U7SC$9cesR
z;l9PcH_3As)*@~OKBb;v{vt*MLblp&&!#;!XT3h?OiRv?wl6X0E%P=6qv!eP4WcUa
zYlnq-265~h&ryySTPD-56}qB5aM>z`5_b=F+#gb3>G@>w77nIb_1CcCuveO!Qo^Dw
zR^E>SF$R7ultrOUJOWBD_O*5r`=OK3U#YjRA{OLMC)%PO(RGFzZs`n+BTlC0={V&j
zrM|zk*a*Ylw$Edc$}_j;3}?4w94qP-#mm8`xDBG)Tu8HfYNQ$=WxOm`v?@Md^VWd?
z_7*yss7W7e)lb?J87yfR_HWmG=)|w47p1ixf5)wPUA!p8q+hG8zQ0qVs@Mc|RP`XZ
zb`wa=4+L&58Z*`8o_~Kj!N3eA9K9kU+VuG{ey1Yhk8{C|gnp3;{(e#pCha}<Uax4v
z{N{)WX7E>Gw1~HB%9jH&xa}*PRR-j>Ht5Y5Cbg!1OuHt2%aZ?c8g<L^>79*TRHMJ4
zW3%HqCq7}5ud@(~pow-J!D^fP=MHLBpXz;#AW0Y`w_^j{4v_M&F(|;PwMl*UCs3j3
zQ<~Q(5S$3rFV0O{P<Vo!CdCwg8O|eh`n03ufddlQN&9!IO^%56&zqB+#ZR8mln;fN
z#XsjDkw<yN1(LM;EM9b(zZL1~w703Q3`w+T-ELT$SsL#?yQq@Y20<>OFGvcYon6jW
zL^dZ_^tTx7J9u#BF+`10YK3D4lad$QHk4_?zkzs~uO*7@I8i)AK*=*v7Xw-T-4(j1
zCAaR=fw*{R+-i$=Q^r+m=R&P|%eXx)e^w}XtnlMy`zD)7s<<d=R%3C7m=;00HaJ#m
zt@qJybrFwTTTr8KMN_wb%xunZIuGs|R3p^dru`<$*uNf?Q#MVN8aw0(B}O}dF9#QA
z&;r*ED8@!PDicf){*)XCM}O{Nf57Wr6B#tqLNQTD`!ilQE-$O8)nE2T$jv^PA2rY2
z>;5-Mtl07We4WRnnEc?D4QswGY_^!gq;p2Nz7Ln44k)BI)O7BlKkO3yfCquZr`mzP
zJ#j|RWfkY0cKASG)!gp3&t#Z}WTK;F-9pZB7>)7WV0^-cS>c<2zB8OJaMOS1v)+Ke
zo%BI=K=<MLnn8KXBoi^J7KFCu*#7LQz%OB}zUmIW*~xxs79vs{Nf8r3rO~Ej-RTJq
zz_q%$&AwR^^D1;Qd)k8uwb-CIS<C!2)Xcv7Kr?F{?z-F-`NRglKTKA|`dL51?kAz&
zx*^Jp>LK<r<=mbAWssbmt()S6%2K6uOV~=aH_*55Xx8R0eT5FH+n<xIv4$8Oif$H$
zxBtU?{B81wKPemb$}MR35T98@<saO@n4E|RIf_`*=a))I)q`J6z9!I$m98#$QNyf*
z_CCPcl3^W!CQoRH#+;6tjuIDlaeI<od8EAi^Ka#oiWGPiY5+U2Ic!0@)OeW~$q0Mz
zXX_}#W`$>|DUi&M%<mZH-rRyZi9*(?6^wbE3injF_H>9jo|Xor`X|3V5i+pJhdds6
z+S1P0k8p>x20j_#L8pUU;2xdGX3hLIg6Kpn`u^~>_wbMsDNQpynm>9r1Fbw&6U1E(
zb&HOWi;As4TX>VXYu4JxgYU3fSd2A6CXZGrfhtWzl=BB3Ld0&iwVTug$EUClO%fN2
z^al=8r{7{mI~G1bljpz%i*!+PGXCEh#ia}#uVcKgO$93=o8*80nE@w<r$KkGi<{eC
zb0dmMMwuMQZlcGZRHc-<^-+ku1n`^e5bEGLEE=L_XdHGWBXB|{-CS~NFeBLVhm`b`
zLyjX9*&Qyy=!zSqqy6M*%m8`(rNx1N_*$p}-HdpJ`Oetvree1PpY**tvFD#8Ey}AF
zetZVGji+P!C2Qcx&+uYOpe9;AGYXMm=jfEOQ|f`Or^);f$<n8?0Y9PE__}AE9h>G7
ztMheJcfCIQ$L5=amW$m&`Ib#d=aMzAyjYoI$|<;MrDMGkzrhMq58v-W&ixxeNZHnu
zTc9v{$4>qJu7%Nm87P+`@_ab19=ci9KiMLSEf@ZnR(elCL_aNQIA_f4ir8_Kent`%
zk5ja{XtTpsBhfktQ0r0Q)ntuL9EP>{{N&so1x8cPQGS=uPk=+QoxwHusG0N;hQ(?%
zIFL9zOxl&7ac9lRZDO6F^rR1I$#}xW2;#jlYDJmXLAs;Ph~|qcp#n82C$H2ECZNpS
z>HiON?;X@s_xFo}*gypZ5kV<Rldgmg0Urf~&;&xSN|P>~(5+Z#5<)Lh1EKfc6zNS$
zD4|J<bRj?tA<5n7^Zw3z&zw1P=FXkDcmKg3O!i)Dx3%{Av~S5px%a0%?1^qi_{PVG
zA|@e&*ibl3$rZj7=$F?pJ6<z$#kN_<a^752sX=>)zv(4nx#A6O#&7wju1TXI*hbvM
z6FVqkP-r;r`u!$2K)F@}M9!vdi2K8D=z5-23s?Adqi01LEIKtZuju_)@Gh>)$i44J
zD_m2%Q^pE1xUh+EWaPh>V22>xVCgBcqa>Phd376Yo7T$_qCtY}SYH#wGXdB#zA}9%
zX<-IH|Gx;>^wrS-<g~(+!UnGe>5lmc%?Xmb3)em29)($r^-ejg4iQG}79I3y`?>Vx
z%GR)Dr=et%#@n}Fu=)(@V-=~W!k*ufp~-<e6&Y1uV2V<GIS!DegV?iS(KlrUVYu|h
zM?<IX=M;FQ%i#e6_4NgSt-VO9tP6KZJdWM841KH}zSm*>u-On`#SL&W^IKDuW}?j!
zugoB4!!(uu!___WI(z<A(G*U-MQDk~?|o-%?N8oVkqou?n}>CyT`Jlfmu0IqKHr?$
zExtJ^ZlRr4CVrcXdpcED&<K^|4keTMm)JmO!}>q}wo8Eg_@ZJvdvw4DT!Dp6AbCRc
zHY;;#PZD={$jnB$&7+n1P`}>HhvCcK;>c@MEN90%BT&6LkpAWVBn_qYqsiSRdto3U
zVv1Xa##~ukP-f|Qi0)vTe1dJy1MYSz(Tk{EtMSf@yr-$D?yCY<2KbHK-{=dq*0Qq>
zB_UwTw^mPhwM%2lJ;eGpUC3LPT7^0J<KV~k-CqNO%`ry(_aU_{*TmAagZVtb$fTQ}
zRxQq|eSM1TkJ*~H121ohZPjz;k69ko0GLknF|QCZ@{_;~O&Tr^pOq-fTD1f77Lj_6
zxw~4HgnfqsZykpELURuI#-vzE>&@GoqJ6G!U*LedaKcD;2YuPE%5&O#@RGLwj!D)^
zc@lgj^il9D{@c`m>+axa%qKRb<myzVcPeX*flE*%v{3gO@?$}jPV~nHzqlaKZ+b`b
zEy4Px5U+atI0c?iBA?#{v*7mGFoN8RK9cPHS#Bhi4}WT2&32FzlEfXLaMCE%eVNw)
zU02J#WM}0p<njB;`$l|NzrTcKtb5H{yt4WX_tt^4%dR-Mece^`w#RJBw25Ql?k{3&
z(1sFYD8_5gk=|W+?fq|m$BK%QDpo!8vdnsKCA^`}C$Ke!0zUe5e1(}?j88#SlA;|`
zSF*b**&Dp)^rcvj+;ty!+3}vBC5KRz^5S;Lz%mt92_Ujhy0pp^9}A)sv_*K1YR@_!
zY+KJJd{LSrRsM2(rJ*b}fTQg{J@G)$o=LXKHvjlaE*p<l?4yvHfN#!yG+iW(y^~`A
z0un=GfS67pPb*AmI#sVtNCYd{`StCeHu#|G!wmqv(aBd@qT*oMY%GifzY;+=xL&-R
zMl%jZ@o+TRdoA36)e~@ul;3v{C91?TBcYArD!F^K^M`gLafRu}^ZZQS_?~XXz273*
z%_4u=3;T6mKLu1X2TNOs=w`^vs2LgYZMz8DXrl#f`V>867D#Wh<m(r(_G}^(NO8xw
zuf!4Ql4ft>FX<_x{7(wU`&#y!Po|{7rRpEAPBwMr49={LOh85-z3pA@BHf_<D>;$z
zdO|x`bdRJ?j7o{?_Bo<Zla$VkuWF{yH+Zp~7sa8U!ad_+TYNm<6_J(Hdr>HULh}Cc
z?A~Nq{hn9+ohhlp(vF=n@zM{U+ybF7{Lxo~7nDeHE3FkM;emgql6ceH@jn^siE~j6
zjim#aEI~)R(upaKKT-^;%V&YM6`YP_6?7Z|+V_?2lE&D7V|Y9{K(v^_0E^|LP2>tb
zNk~)sy!K6avlaQ4Q#?TwXNXugYYRx}X|(g`-a?;_<sm|6_zS_nJOXT&>48I5IeCp}
z2T@*+DWnM}1nbRmkZogU@kYL=egBfi@yLYbMZTRhIld=_(-lq2NA3U?rSMoX%fa@S
z83kUmvK1?rYf2wW&s)@SRIvAG%vsz4sdo4_+xv#ZIYF>++Su1bJ%JZY(D>t#A{Ef=
zEIK%KCULfx=!F2&|LFtQMSzIBQvWD<+mK|xx45q^ZrG*I2Qh!(h&cbbT%yQqV%-z-
zY9l?a?$Wleo!cjV!H+ks2rpoZv8^<*#bXDaJB6d(Hf`A)MO<g_d_CPQt?T6(E&KIF
zeYy`hLgfExVVyDWt?SIyh=Pn1k8(EzE*~A=4h`YvZX5z}|5YUoT0#raTW~G8izxL%
ze&_DpD@%61HK1tXaRBi~1^I<SMbWp1dwOo}++PI@;^ai=dcKQ=47(2f7BVk<4^@;g
zx<*2MXrg)-6&3H!$TV>I<h-~*=k<G7|E%b{8~`y1n}vsIR1sM)vMpk-@K`3$qpdBX
z0*fS^w*PY#?&n=wUC{JDCZa)}Mw9~k^MC%k@C708>fa0?mJ9z$1Nz?ziT+2lkZ!SQ
zt&Y?h$XC53NH6F4t)5uk!XE19Qra1cyp8xx#H(}kiK)N-=U!{{u$}_l_b*sdXE!?O
zMA!w+@#H_fp}KuXxSiF2^uXXN)nyLtYQB^Iw!IM(b{(XWQ5s(TBiXW5{C`14bq8gz
zaoEFmY2g$LJG;m{4_|U-w}8o_xZ~vK%s7$2T-$;4+2y?LvG+_BFx)khebVizmL*R3
z1)x6*LAn*nw2tGbTx~J48qE;%8gt~6zq8ZB=c;Gy<>tIf`zz5l2kRLt9X)V+&Gib0
zKE833g^-qwjop_Ho%6#dr-l6_SMA*U?n!ClEi-)j(3Q^~nWju(UJyhg5UZ3CUwU5P
zZg&1e!9?NO*uH~%oo2F<(X|%$N88P)KB0MI0uI^T7#N+TuwX7u%tI2@EQ9jW#=t()
z5$C=L{HiY-zZytM83{u6P!Bqgu?F*^9t(b}K2+i_>3Z*om`%@1-qT73A_?Zj!lOBG
z%LR;*TrxBZH}wsYpzo7FnR)u78O=_5<_9HCIpH_eapCGT!G`@}6UPBiEHySB7{efH
zqw#6BzrVo5i$_BF7|tieVZY>*c;yCOktZGWKkz*zQ%cA%3bu3hp3I?o4X3LM`aRd!
zP!&P<S}LmEQZX_ktIKu1{Gok+VlHm1Ziu|YodgO*t8nH3Q}{xv9-y`|eF_9eiN;Ae
z4R(|yd%clM?^ZBew~D8uPrL1`sr~8utQKAO^+u-<;hwF{{q2$iTbB}-L#pThlnoVX
zv)Fl3+eWm%I;&RiY1I2pdT!6#W)3zH!JK9Y6SU4oNw4%E^yU0Q#v+<!zOP<<ex>K4
z>tNHbW3Rov%kxKhYaTVD7^trOxDks}b5V#7!Ipft-rP>sa{`{vtieNI11U6Ab!e6p
z!P8cU5K(e=ECW~9Zf9d_<59lx;b3|-21>BL$6k@xR&=e#UNG+#byr0oZyvVQlT=hM
zzRU=B076!TzTzS(^TZrHEh|<VA0uPm_9K>$<OKAJS~{QuVk@2f2!^y^OWDJcju{1&
z*rK3d;hUISv7-lt@g`D(M%yIUto`c2R|8`U?pr*o_mDa0>l5UqEPRsR$_8Pa2iY?c
z6%9{J;oGo%q3C6Yj+9#~FZJZECsi1tD*`6_Jb4%piIXt<&yhh=t(8B)q@`F!+!KQW
zhcv(Nf*&f*%5130EnVkgFZD|Zq{t_Zd(A+mi10{Xz?LiDgzt>pHMc|AYpFOdzm4i*
z=$8N`U3nJFKSu~%Mw~Z@y~tGhi>TMGQT6ru#_sR}w~zTe&Zfbe#-mcYJ4GLb%UW2x
zskqvjTFc^7hS;Du5s+i%P?dCugwYWp=+=9eEki50l0NshF^Vq+3sF@?xa^4LSs<p0
z|D&q8*c+ep-5vxZF62y_rbkE|xA<;@nVpL$UKY(8i9;<~oU?MG?5FyHiE()2D*XJa
zKy<eC#)fIh*JjQ+3!VfQqJN2tV0LGayT}rwGi-b;Y@(B%an!MNC?KO~`0-PXm2$oD
z;w9h2;F<L`;<=f;!IsTdmm!6Ld$D`RKW;ABkZK+VL@!}pxk<l{23Csz3mm4IFc{ry
z!9Kk%sD)aN2%Kr7Cgr%zPJ4P?pxB=i<%mnAe*RtKXoj}GNf_xp|D0uHO>U5fQQ-w^
zR~gj{RxTG!>&|I?l@k1g{yWu5pE_K_b6Wr(etq!!<VkQ=G!mTqP1{;kHc?o8hcNGN
z?5QYtVg6`3Q1~QXpnCHSUQCikCe+~9S^H&IBWqRKG8+N3Vm9jIZ-6xhvKpQ=`o!*A
z_qIjoJ;!;h?S$IoD9=7+guINaSdzbucTLbv)3R1IRM(t;D#xq%f;Bh&qSdo-+aMYc
zgnq;LnahEG3yY6N!5ZG?=c$L|D_UL;k>;Lykqi|g$8<hu?^7Vi2UuW2A$CK0>r%)I
z)|C&s8HrcLRUesba3<<*&t?_IomEhRxYZxDG8rlzkZ%8kNs0*2(Gf-Y7d&i>cltx4
zUN@QJL-Jo<_XVN{Y>rQXddGM7LK}k%gB^$>3ETYOpQr7wN(L{u1^{Usdz0VcEnQ(L
zJ`txCLjmpf`*EelC7DUzhyJe9RVqqJJq4&``hH=H22G^FeN{k;V~{H93*_IKkNJ)t
zLt=5$YwssyTc^*CJea3qNy*sD`dqVCX!Y7A`4^AC>xY*}AK}}YQ9(2Ruz?pvVoT+)
z;_{dbe%seVtp^;S+ilgWl2*cFEG-B9Wj2MluRGk|?G^3o*6HAnr2^uwR8QD~7f9n5
zu!Rb9DTqf(611Vdh|BY4@;i!1JS|-49%gx*s41sQTHgt<An`Ifs~)^_TxY{a^i)f-
z&6)=!dw0?MhFYz3ZN1J6DX&F>pLwRo{vbv-t`^9FAa2s6VHe^gt>GEQXJ-BdzJYUh
z*Fd{jLr3!S0!Ar{;txi`qU<SYTT_RFWOLj75i0DX#zs=bjQ#6a&sMdKCOIQYt+`LL
zq$qfT!At+<qrszVsa1D6aP?-c8C-7%h>Ajfc&X$ja3f`FNrBzPWb-CY^|R}`OG=<2
zhj>AoUb<4M>nLXbA$(6po33H@vSl;zaMS>i`pBV>TzjE)l-I^`Q~Lfncc?n+w}Qd3
ziR9I%fUdVq#kKc5uKIWo;aF1|vsGIzKAtmsEit6sM;$$|Z)bo0d;)2Y#B|Afoc^FM
zkN=sC4_P`IWn9;rVIP7rA04$&=)8jv#*sv`5PErHJH>Z#(q9#OQ(Am*Go3uIvlg(e
zU-!z@dm5G0qrYzZw!cgpZTN|z9VGuGljNuOR{*E@5BJ=Xmsk5^`BF4{J$ZU}RE;$a
z=yD^GV>WNNkvZ?3(@yPl`FaG7pSjq!JoyZAxoGT_WoGL9{9YBtE038B9cSD*!lij?
z`)h}lFq)^&y1#MQZ`q+i#Hy1(bX!eM1JXuiHn(JdwtQxbFj|`JvdZuC**x0wAsYYI
zVrbAD9xc7`1R~+Gb_=|REgKcZ_d_(V{KA(gU#O&i5iL!e7C_)0x%|R&xU>{-cGcX+
zTw=|BUHEBUJXb;fZQe`i-Y9l?@At{B7~h{iJ~9KVNS1Q8r?t0n6&)St>f6n6dFs&e
zz-&qtQI*06)+e1|mH{1#mHAE>rkmN!Uk>_tTtOhv1f)_zjI4iNB{-3Tl4@o-N{$Xs
z%V!qH$!kIkeqCn$32Mf^yia+#A#CO|C&i}RA`yI0n6KVVJ=#UskcJKUa5M(@Z1C9y
z4>Bab#{2eUPadNi2F_0%R?QiuT75>4^2EN@CcjpqSgq-!ux?%4eicYa`d9fGtBT~Y
z!EN=YJIOcfjKAjT$s&BK#yzs+yz+meti}BNCc1)94QDaeEc3jFx_IpnX%OUTopDC?
zxLk?V`b;N&#}cb8u+JgKZYt*m4zR19W&7dB1?>2G`sXhiD*DjN-sM9ZR%b4j9dAin
z6$WORyu*5x79PC1YXpgYwEwy9IV<5?ExKX?<8UMtzTxzdqkiC%<=A$bw-p3d;~3iN
zQ`T^FreCJ7$$g*bRZ?|zh+qTVy*k>E*5l!Fp$T}zQU6#oKTnc$j^{9R?T@=-@W9AU
zFU?7K5*7ewLk9h7|7O9Kuy8T#qvfx4&0hVIl&IF+E{B#@HeMf}4+9)=9QVxCxR>hs
zxbi!J7>wBHp;RHtjNW5kN`na*w^`QGDple)pRXu2%HzV2(sE2r>)*ts?uYEc2#-mE
z1cdzS(FfNC1A5t5#Cq=WIY+|V2(E~WPT~VI9ngd~HW!Sg)0TLr1neX+`xe_$!77q-
zYveNx#ro@?G4uAJ0s4HVMEyl6=kx$&z;_w?Zf+<&JwJpLqKB1(j&n7pCCR4ab|i%|
zqy;dNLdf;CM?>z`o`#S!M({IT>-z~X?*6chcAD^?ZpEzHKWcqP0-Et>_kMyh&dy$I
zQC*L9qqYERlvXln3d&TpYBu#=?6zG)_gjcB`L3z-Bza}&0`U%wt-?1c5&JjowuW-G
z(DIEzgV8(t21Ku>>Y>4SYIdcI4OTfJmIJ&KLlyYvpT<XA?z=mu;w!f)iTK^a+gttQ
z^_G^z1-U52F<kXTPcr`Pt6S+q!3A8MdJbJ<(1Ij~oV~S66}wgwA~sX5e3=q(ycT5n
z(t97~55K1JDlNx1hP}pwo1?aUoexQ+ts$X0Nl(57lYbu-TLw&LdX2%Jma#t3*zpkF
z(;eP=`%AB#WxS?8x-Wj?33HeSM@BIURDa`wFGulKTu!|)fLlHHxR5CaAIa}=B4E}z
z6DPZ|i{D5;O<+ak^KUL)wltD|Q{#3cBdffNouKS#=ql*v7ox`T9CBHwtnaPt2T^xX
zEB0DOO3<Bqtpusjx^i_L9ir43_XtEvvcwfq;}RhI@#zsk*FCVeF5myj_IcbW71^mK
zg$&Vu(^JC#iaq{44LGvazsiSgOXMKnL#Mm}QB9lmbYLio2X$Yq=IagwvAyns8XF;+
zI5%JSqfxg|z>ZrvT`V7L1+OrGy(@)-sy}N_eOO;hyW5R+ODn$d#c_3Y!)Xl{@X&}R
zcP$fgSte3&ieA!ldyK~YLT%DPUJ8_|-feVa^ZUMPJ%&lsRfyfP&N9_OP|AO!o+|PN
zw~cq)9f#1CMSI7!R5?HI30~(}Y*%l&Q>Y=ft;qB9C#J~rO((ZFc;LXh*-4JVH?dsq
zcPLpfrum%xQEvbKA&g*~E}WS$#4hmi`Ukpeh?qPPdG%U)<}E$Xy~_RTi-BcId*y<)
zu`cYP8B?qrC9VPLRhHrLh^-qtaa-u$o*7C&Oi*%7OZvW88cT9qS9y2fKeac$XjF@3
zzr5??G%*%QJyAX)cs&~;Sm5gbHI3AF{hr_A#AU4Ib?;-q=8Dyfk~dWyRhpcKGCi4q
zF!zFqM~|Ex3>;X=+&*JBFg&E0!akmBx(_(K9$3^HCe(oc__lzYO+{SSHhO2ojBP7P
z`0L`<+4Ey?rPu>Rvr}q$cy)xSr%QLBxKQK;7xRl_ir6{M8De%ZV7Jr2j9U30@|Ui9
zhPLWeAcu%+lL=#`1YcSjpBJU8!F?sv0*8K-W2f&1MLv)N{DJ0u1l{9cp9o3#xCjS=
zme6|OQfVPs*ejw`qFtHBkqV}`?&zd(I=co*&0>w`ai~g8qT(DTltLdV7bOTmJ3d@_
zHQur%E<ncO_Vq9}f5S|VS$9Gko#ur8I^6QG#<c}D1oClT4rP)D&LrAidt)#?;1nE{
zw=8;TNmOJ>p}8j$bsxMxoZWDB;M<3Vi_bqjrcNHw^}5ZG3afeK2iuC2Ug=Qxdj-$z
zNf${`z>UH8)_*~J3uwA8x3sgauW-i>F0UR0E!;?Le<NBAfM>@9FQ4k#3(l0zZ@sXH
z8oIiCUwf!Jz!|FotHAip$(n~s<LdQ^uf*wJg4$GaI(i(hFbr0;F40d_5&Q^_FsEoQ
zO^aec#$K{%Anxe&*@2I``_5r$`iZ%0D8u0W&4taW+^;AOwcaqR5o#({l`~F?#MbEk
znBu@8tb*%E7;p}{Jr~=PVtGa3QTQ1lT+xAX^AR=%h=pSW{kNsMEs>sW_9W_gkYDhA
z_H?2yl%_2%epluB*}8YOZx<r6PDxz4ArV($R~lC|Rhcp~20Tg+q}=Cje{8W*wmw1h
z+RlUnja}&haE+5ye;A8a3m`rMw*S4O?0;eN`V7F?ka*GC1RVC>LrVlIE>7-J3BAl;
zjBDX(eDz^uG+uhGGV9dc+D_(J3;9apS!%e@2<o9qfi4IcCkj_VO$c%kfcMN?)(cXu
zfm4r4mF4L@lK0(w4U-Iuh}+p01JDlp6AcLfR$u&LS-ci|YHs8nDn~PE<aQ{TH}-O?
z1{ou!S5VO%DUBVqNTF9*Y0<Xxe*eduM-}!_cg#kN66-SJpn^!%rDkCcBiJ8`%GOcd
z#R=*^#s-71VMSJrvpBih=}UV(A<oIHyRFHo`*(Py6@A`U^|_v9co)G=C@lJQK^9S8
zpS2$)MWc$n<xrupaBR4^EJ5JA_x<9VM`_cNS|_31RN~>B2_n)3xQBqg;6>dl5LwO_
zl}}{q%oQ`<vmt)i)0YJ;xRV6e6u=4E=-`$tg&cj+a6brE8lOnLu=wf9-&@i)MH^V1
zcd(%xfBYPRH}J`e_(9j-Z<ejmo?o(Z3T{-;a1k6Y?CdW6B1y?Nz%pC@)L*=e3w}PZ
zht*Gjbv!=8$w>8#W5}^v!l0MXV=g385E=j(i~ySaiI}T5mupQh!pe3kx<!tj@sEeZ
zja6G=9i}x}At{RX9GwLrt!lOAy7t{QrFtp^;lYd7h0c+0@7PAi`W5+HCRoZb2r&Ng
zA<Hpbab^?R{UW!PDpr{0xZA|i8pOr@*z*r;ES^!8km`XUPq?xB>qed`<cbW%LSLC4
zHsjZ{Gq1ZG?d6S5Moiear@S6RtnuY;&J}!-tU(70Le4oaGc*F9d@vI@>8nghSRd^t
zX5^M_Bui;IQ*!Tqi`z;Yjkrxp_fUyU9E7rmQ3u)H!>Qk@4m!F10NT<w47>!8j(mPe
z07H5qCn;Ke_)O0$d<|KBsD0folwy^G4{Yr{_b>#p&bL!(x3R+QJnJU;RlF=#^wMbS
zRBphprNIV=gh5tvVMOqO5p2r#0K9!^dCVa9N!;)1J?+CSapIDdU0mVS7)a|qA2@48
zlb(qfHmyqtB0>Gv%PAVb%8{xIJ>Wffx8)kTJ^JFh9}+T=lYrd(Afy&MVmQjOh8Q)o
zaI9YI>uDRkR%)SkPABTBIO{j3>GrFIf$g@;_|pb#$x^O{YS{V8wbYmuCRmZ5ipSIY
zC#MJ)6ytuhCmFH}uCHqxl=KPWeFV9sYx46kNZm9iIA17PVHJ_-T!-ed>~UwbY?bFV
z@!kA%jc@ASV=lfzccS>-V!*8NuMp7Bau-DHttX>|S}pE`M;chB_ERdNL&c-GXKrV^
z5&>cl*y?27h{)jPL%Y1K5HTM4Z6BT7RVB|Cp~MOf9Rv-ou@?bN`l+6AfyVHGQT+;c
ze7|LmG${9JA)yUf-Zdj$J}upo40~z<Oda(tJCY4_-)qj!sfKl}suR%T{`@nz$;<G3
z3ybtdQ?dKeMtwL_9>3(bu23_HOe1~N9nQqD`8>d>2W+C+CknDiilshpAyQehK>W->
z-8}l{@R9)$M0Op_cU(8Og0_l!W0ntY-QF08aau3}(-ypCHPo>&ebQVh2nt2`!;z@V
z0}bsLJ4(lwf-e>=gDjVg3ha_U)K{d<YDYLUX|x~AO%&MWuzvmy9I-5RuQqP@Z;bu(
zaym?Q6#^LD(Cta5LaHO7m-(tyL*;!dG_rEAy3^#|8FO7X*=D28LDIx>4z$o!r9R+5
z?mb0>6kTY@YyTD@vxX@Xd(N?_JAHCCF@)E}%Mp7^_!}!JQ;oJg3`ignqET+N{uegY
z>eX5MxQx8x0963{7{iC?nE!R?o`(aY?Nx)|9{Q1EL8Xvd4Xi<avW}6@-VQXojhyRp
za$Mj#@jWR<UwwzFi8G|)Gp^<b{G!!-m@fqF(H}pqjCR1tY$w0Uv3h$BI2I)D{)<%m
z?u39|xS%Ty*V2{L^1nI!F-fnRP4&41e`i5DPp_ZvKiLNuOQ&RM|1}?T-Te<R@2x$Z
zN*yC>8!rXS1$CNiQqS(#^;rs-R60o47s&f8zIK^wQn?n~s#de}yK6bU{=VxV^!JHh
z)Jz2aJaZuF*Yrs^KtazvLdY{9)V$aIga)Yl^@o;Cx+Rl+3dFusZ?tN%Q66wG<hi)4
z4&w8fs<eYUjh7(u%FD%{Eb=?Bf9`R)bSj~F!?9k8BEF_1)w67CIG*boZMITjFw~P@
zI_iJX>hZt|IfR*aqbhT+eSL;+$hq-=-~xSbR1%w5T7rfFt+u_1$l#$))dy@@bp6Lw
zK`Lr5SXG*}n=Q4Fd9A}U#Ag@YH&>Rj_V)kx$ZIGAtj<FN_IdO+XjAABKAQIj&SPY$
zuTb-38hrjFd-)HT%j=N7_1(fUaA_ch2IPi1Jpj@H3zX7xKJgsXv_(luCVa;Qsu_T6
zZ}91k=pXBRaSHi2D*B>p!TvkgKSnsh7gI`*xG5P?;#nZcm)9eaq}W=0wZ`fhX7Zn>
za$D7m<160@UzaWAjfg|*bjE4Ta|5}h)s_Qe=WU#8k48K!dSmY$dd_AQ!6e|GHmkki
z6N$ohQ_YN{xOu9be{8K*F6lkDfPrj_s#bATewSj42)t%EB9K8HmsIr_i8m(9;qjFU
zvOA`*$^zCZnT;kOTYqYzPm*F|m@vA2&7|+=Mo2<Z0t$UF^^Ta6%rVWilo8ae|0N%9
z<h7D_Q*O;eT%fe0#lKnmTnZYkt2(%IM-mWo`CB-g<h}RQ0`&_X#BMm?`$t(1v6g(I
zr^j<w$`W!NTyZ9xmOM)tp^DZ$QVT(bpNA6A_!0Y!V|?NeL2SzlnSc*m4J!%}Fyx@*
z#el!)9ju7i?)w~i><{IajJSOeJ;xS9tmcOwnPQ<k44jQlhwwApB?(Urr$ZGB%`PG?
zH9P(EST|-zH?{WnZW99o^(J~^XG-qBO)b>Nyj_FswAW-7*I%qD(JEPLJj=og@WnDn
z=naqqBjA?y&aBe);)4$J#%*iz0;bp<)t;rHAReX(c9to>;;Yx?RBASi-UUg9w(x{V
zsl{^apOr-O^7TGtwvK5K4|>9omhgyDO9S$JZ1ARn2GoV_uUsv+q%SxwT;lb>JaMiE
z@?Ukp6iHweY_Dv%P9deW^>bR8EE(K=wERIAm$O|kDz_!|ELOeyD!BA_!iM@tptg0V
zd}smby|D0nS5tUs@x*w7CHz`9pX8lvyJZ%+Tb}z~&dDbUv#leKSGil3Z7cYT=jL17
z8NZeMwmStf!*&<>$bB`%7NIFW=Gyw#OSe1#QLjXyGh<T9(dGoq?Q-1SUR#Q~cyTOU
z!F!1V03x1ZV@H!LB$epz0@Vt(o{36&x4xVKxwUA+eB$7ImzVnWPXUPOkbf#ZwqX$Q
z1`Yedl&HHWF-DyIB1zOb`<&b;pc`C^vVH(N0cCyjc&ogSu9z+_3ni*$xKnUQ+#7~<
zcSRVCY_9YCL46VCnTZUjO&udXyi+~JcBvxjE5^r^9loJyt@<6u>Ky7-xHA(B;M3(%
z<LMt)PjI*m!431d!I0p(q45IOuK{cRC-=0XFi*1B$91F|g0pz_@e-g)x$UvuaRvTB
zSw%&?#E!|<r53}Jci^n&de~Tjj$l)G{?5&Bb)2~Q!^&xfEA3qK?PfPOQNN$5DR!$$
zgV;K~fDQ>nV*INjZ!ZhFyeX!K#V`edgh}1YJ%?D@@`u8qW=ouC+|G0ka<F^=VLV&A
z>P0#49CYse$fq<7+uu9*UbT&<8VGT{*_^<dp2d6GW=dQ8P0&V=S>Kc__$h}3t~Pun
zt%)zw;hC1aF-H}8_plG$8}~y_!`4Q_Il1-$(TDuq)RU-Ds^;!Meq^fFPgB}c<~Fbr
zH+Y>_-KIbHAb*h&w|o~Yx-KTa(Ucj=mFgB+gFZyfSYRQazKd+W&VvX~Wz^3W{4(`P
z63?pRAObk3!V*WQebeBDe5VSX%c72Ik92R9+&?sMTQ*Iv)J&zk)$o*;KOlZKRm||1
z;0%dNGMdV?UN}ap@R`ipG-vmJj^0m|m+#FJM^S2JAL)$Nd(J;#H?9q}|LL;&UBAWf
z6+tn<55I0@93)ZGz)h0{?hCZSDvDmH<%s>ZnwV-LW;pbSa#r_Ag@W&X&by<*S#pF!
zL;g3XobD|v|5sb;8ORV(C9n3HAJ<v)h?N5Y2Ukhs&dq+`=&8(REzF8D$7(Y@opR_j
zzoT!8TAp?Y`xr*ofAbh81bTfRTAlZ}0c7xBNtB2m7qC+-g5U#Y2;KKQ%ClR@$#Auo
zv~^c!f@ZXhOZOCe@;?UUt~xZ>GTqfpU5J<vB)<F}Zo(;9%%neMF&I}?#@sq{Rd-jv
zcOSgdQ?J;sXJ%U1pr&Ui*Hktc5vXpOu4ZzZ|0?ksVV1`&*@jVcFxnSfa+lV*vDJ+c
z`(8CV{{rTF`cTbJPkyddBPHQCPxMR<d{ufTor#bg7S3TzzyTfqKFj1U`Otd>>lM{4
z>Wf*Q;;c_4J7+Dw=(z1WZH#;1?s%Y^CF@ISEIrVQ3vIz|1p9$!tdPtG2D+`CaUJTO
zT1#7-ApJ4|3Wd0UWjJJ~AcFawqcx^T^V`|>srY`ZuvKJbq3@A)<*y&}n=Gc#1I-K%
zuj%A_GND!1*nvU=5Or2FwW0dTY#_?{OKNskBEdpLC>7_h&CFL0NlxKBS5lDKdNDYk
zt5a(}ptrS~J5NkrF)l#vyVYB)E-%zjof(t?;P<hrg1<eYYva_jv07RAYkjA2V7G*t
zi*JIP8XAX4ki|Q|`-uauK>JL2H?$z2cD}Xzs6yag%5j{tC>&8zi%zTz73Y7hcoHB2
z2AFu3_dkFBd{--r`+^(l>3e8-@8OzX&8X1&B6sSTis8>Ors#k^iknD&IG-hpPy#t7
zzwnwY4mM({WT2-S>9y`vm_i#|(Xt*OdqDJyHAqM=(-8CTJZLn0dM!RChZg<Z(OJe1
zOjzn>te=6PtnxQ60Qo>fch>_W)6t2t5yO#&JCTko5cPMo=nb*Tqd7aVvUv7fjn%|O
zMd~8A-TeObaYGi}cvo~4o)6Pk?RMTKU9H~Sz{TuLBGfVRL1nDM8b(Z?*JbQY_PCdp
z{Jd#+5t{hk)c9enO;Loh^9)z3tBvc&#3SE(JGl2p-*gjPWS%x7&61Pw>l&o#z~I^)
zAB=*4%QLZi(c2&zAl)j&#z$}=J7g`$g0h}cr1-!mVE9`>(TYh%xdXADM2_G0w|*-m
z^A2aAxPcq5zNjG`lem}gQ$c#1zAFsVs}|yTTe?8c86~*L0JEEC7}EH`a?K1|?7BC8
zJiq+>8{bGnPV&>w)$_t5?NRneH%B$>0-_wTGTw(m2F!Y?u$17zbg5rK&BRueYP~K5
zhzK)csUAGnj1Cr(z9ug+VG46%l-wygC*7O+WOr}<3ygXwX}zf;$Rf76&pnOXiex!t
z$})QRExVcr^+V^-<B6_;re9a*H1^(v>{;xqbv==Qf+EXLqu5HLc>(Pk4gxtcehr69
zQ)sNx*p9q?^>~3X(s};ZO{;>S37A2G-zw&xtlVnlbrk1IZL`stXYoIT{oWw(5j#P#
zinW~u*8Mk~X9@>$VypYh(F^?np?zB#P?>MN(!^k=O`Gj9pMGHvcCQJuQQ21XodWlV
zxo;8DdPwt;#!JPxuS*teiEYNc8<$cuAn|u@`K+VkSwZ$mslzx?RdW;SHrdajYMZg*
zg|@xF4)@B^L{_3Rt|1N18GOqz^=5W-{va@qn;n&N_xUJr_~xTaT%ynni$;s@PQT5p
zW@HTwsFOLbBeK@^BVE5tKrbiCNW!EOK>1|X?On!>*TjQb^&fO?eO@c<^c#CKeGkX0
zXMU~4QXdH=pA?KDG-tqBapCJ$T!jN6MjW7VubkIwLJe{aU{2&@<!DWB(z7x5m(6KU
z4Ssc{XEe_a8d)so=r=W&TV(W+B|Td%I!{6y$e+*Uw3`Jt=e`y8)&2d$w|s98?u~gU
zAjwQjuY4mcT&sUA<;L*)=B<#&M&KWgl=IkHq-LlUxedYfL6o9A$0nnEmO+BGK`_fA
z*CVE+#oEXrh{S;m$eguT%^$0Jb?%7#ApI~XxX^KZ*TC;53NAQgq2;~c3?DszJGm_a
zHBD%9MoX|4!BTKDjrDp!G|a5+%d{&u-0>di#<{QPsB?)kj*d%CU;E>nJ_W$HT8_ws
zpky-HBN?C#1iNDzTsc!l<XfxZ9NK2bC0|eo)s)xH7R=*@Q5F#U+<kw7s`Dg$e?Has
zUkcP4oM(0c{39Uxc|w)Xg^Eie<N-pSz_3(Rj=?k&Ho>siwAX=x|KuIIPFtXlY0<tY
zx$_jj-Kd0Lpzad<9Jb=|;D2Z=TFtHAt;E!nQ1xO;XT>7Z-9<@I)%bWhcPlZXldH2d
z9+Y6NSQDtCDyFV$WM%+|4HwjBi5y7WFA}YB1Hz%-S&ZZPn=Mhg$_6O^hf(*f7%Y~}
zX07a-eG{8V!w(#7XK$`0FG^b8+i^|YZ#3uG$kXyvcKZ32Zi}!^Yq#nn*lqpt4m0%f
zx8$M3?2*pXw?25AI`I#7pDq|7$&+mPqcgN93fbvnnWr4r<6(Xi0eSw7#?smAoj&hE
z#JiGNl2ZhoL~LW2-k4^K_KrJaA*{%)OzGB2rjQyL>CBztvX9^0KgO2Vdu!9Jv*=~i
zoL;uq=RJ)DA^S6G8*G0<v(pC&nmz(w<x#fjU~P)twzvvqf*Gu@7T8jo)KURqIn<+G
ztU5zGU82j|bJJB}%UISxv(%)%P16}=`&&85<Dc^@GxY=eq29qdvPy5`{2vO+&nv-5
zA<7;G)dxnl>*k|p`!I~S#EmZ6iEQ=>KS^4nm`9{%m4j6XP~{w`Lc+O9^WJ>r$85%2
z{Kr9Oeho^OH>^}*va1j@#7*<S{hiU7H)r!-3$hlr@+V{3Dfg*MK4XT->0jU25T&p*
zc)I`G*7W}6`Ls)oBA-_Ep8vc`QsxV$wh`^v^!RFbjNMU>zTT+(CCKZ=sPhPmI9Z+8
zISFg>VFC}D_1At6cdA2194~?_vK|bX`5as@X3^5hoteC@W4W@OuyLD$UP&cec@u*9
zC^qW9gHjzoi-~^Yj%OD$Ej8GAf|id?c{*K~6P;dbO2(%9L=s#oW>~rATYjf;NgJ;b
z=hKQamUGZv$dKZ3@MwQ!G1SA+Z`$4xD|p+@ouTnanfO$l5gER<EnpF9v24rQnsF0!
zkC=rC@y-uW_TM;gH0nB19QKLCabtH1NKP2l87)g~myN2Ln-R4l)FcU!)Ok&7qo|zH
zj*m|KUs^I#pANEazwKm4nZko_swSmaJYpx!hdfO!eY{FcU&9ElQ(n-3TbiV!1bVOj
z?(jWI2^;p-DNr@|HkO3mhCbY^<H}i@nNp)TJ^lX8+@&;`+|lQ0I*+6YY6;y`4Jr1J
zJcaNt1~S?+ght1*&qqg9Te^qxn>l!m`XL5AU#4(xzIHm-L;k+{PISvAwAA;o$dJUR
zZSYTSamU=$M9!=7Xd`B8Jx_e)jh~m^@cWNpZs;a2oUS7){BXVedvL(f?V-7GjVtCB
z_ng0mpOUCqdP&nC;#wvg%FKD7oENv+dybng_s+{!|NfLr@IZHiW4ib;jYZZM*I=aO
z2=?I3s*%-B>C?u>06KGL)X|q4+#{${*7`e7jGJoPHB(H<-BcUNrY+s8I#v_o++Paj
zy@p_Oh3j*}^)@^;V}#wYq?}uWDz&qn-^5(Q)pl4i64KcPjb#r51Bj}`Pgnyh!>!YI
zXjZI4#}{7YIstIv!Dms}64ae&ml{lD>mJ_bYpW=Kh@zIwUFaqUfYZ}|3gbRELE|p0
z;ViNl2AJ$}YOCFwxfl#8GtL^d_Sq7zPcK02_OVquxHpOpGjY$93VE-t8~KjY$GhlX
zQYKumYmu~l;wRr>?iP_W;Yft}uHmb!#<hLE&fH&l7ZD<+!mO{t?suUp$HkBxi&Q1O
z%#cqzi{ghGW;U$)!fQ=7Cs6krNR@5(H;$()JGD4AWZy#HU$+P*czXrA9h|=7Z8OTg
zLLz+4`N&4W-zKbw(;Xc<Nvj@b!Q^ZL38-D|z~KEdi(<l&$+|Au$-huIz17&WC5!D|
zh-HIhV;9ra3VCG1XZASgm`z#Q*(&|op4W1?HA?0$Xd|1Fg^``%M$^#gxR8RxJ`C3{
z*Biy5?KQV}9YiHCew)Lt-F28xwEw=sqSlcOlf2Mt8~iYi7%Tgh!q89jxe}d(pKpPh
zaU}Pxg*V5t6QW5=3MgFALcmkKl}Y1zb;_w}Wm8|np}jKqxWWU1uGMmMi#7uQ`k*RI
z7~YF(aY*=Y1nTtMNP66fEwCbg5N+*giP^EOF>y+s%b)n_c1I8K(}OLs^Mo9)h+>r=
z8#d<f2dVFvJ;Y$J;Z`5=3>S;Cg-1vX2OBg>meQ9E4n}x1WXB^?M`)eu{GZ{PU7I*4
znQq+&4r||k_otsiqMjWYZb?Y@cg-OZ0hJ*1o<ZMOSDM8REz9c#?4Z2nTAz^Vw9f5-
z;Z3piYHhAr#dG{>yIFSNt{BlP+#j2Xc}$<{9)h(S>f>s|l|M-Dr()fmJZtxl*TOcd
zS}LJoJbtar=?7D@2OP7}2UVEhHv+e8{Map@r^m%5lMi>}vf=&5UG!W8Pn6`WL%3ZL
zo)ZPs-{`Yu|3?s6C|>A;c8KBJ`Hp$4^aSFApUxzW)!w2?N1q0K4_`-<|AoD@WIaYG
z_aYtp{zJz-$F7t6^Do3a_Y6Ut8jSo80Vx212-xiem`<mYZ{J_z<C3Y~naKz>5zHm(
z>FGR8iJ@S;H=PBq+Z^aAH0L!SN+CUyI`-<WEr+AYn-gO@du3N|$cir9d(H>7`6)Ir
zC0LrfH@D%pCQ>b>c;j#+q+4OcYa3eHY&Q{hmH28p+S18WvxSo_6ivOk&uP^@rK2+a
zj9p0^ob&5Km(*!d`;$eZn*I6z#`O{C;7kpslG(ZDQ-!u8V+DNJ{>!P<VQOk3GD|o7
z)wS-FQeRfP0SgRq5Ew3QL6YRCk{Ik_0ay`W;CKMRt<Pr_#B16&0ciov$=X^BR5F}N
z>nBRJZ>^cQ`{@}~_ZO|uL)U0xL}~Zxd?KzSQj1Fim=nvV{>PrG|C1p2P~TfSP3BgL
zwEOoLNn7%%s@sD%c^v@Uk;<0uZ^!=yY@71Y|Ek~rNAcA=8$f;2ed)D}`uWe)9iR85
zjnvJ4^|Wau=5{bM^BT<^@8QvxR+*^=-!Sq*x>pBM{!8TD{VNvqU3x}vc0R=7DMkwM
z<=Y2HX4Y*<_k6zct!+^0N&5hV>u>k$d7ewIspq2vqV108rve+rc!nb-*Uoo55o}I+
z4vV6!$(O}Oi7w(_qsI0?H28+3eSNbn-9LLTWFa!!lcZ(?)>`O#i;RE0Q5d86fRD*x
znH4aSP99XNiGDFhrwIDEIaz7#Rw=OmD;>Lx^>K5)QKrSsgJaOvqw{}Q&9Dn*Z_hYD
z+f)pmn6_9~Z_ZX*oO?P}Ciu_NX?th^8)Bl4^w1u40n_K&*>g_rffpnsW!P*nFMf>h
zw;zkl<0v1ZEu3D6|995Qd#JGpI<&$}X@ZMst42+UMFHls?syvXx$40qg}HW3)(;-y
z;9ITZ(Xn+>TU){d(n@{9{_1tp97}3Vxy2Fv2!oT@K(8Zo%nY9u(YvtQ!YGm2%EPq-
zDA{N1;DhjqcRfk+%a7BxBn32G#3w1t0nZ4Jxa2L%iUu@(q0T?ar~`5wP~QQjgoAei
zM0iV}96NQ02{q^sD;|R9r&%qtzOMu?<D|5r390HMr?ipE0jiC<i2s{PU&bMN#4y*6
z5!ny-M0^N11=4N=rA(BdN&6|>;Pj2{b*Ob`VK{yN<|h@6gkE!trz$*$eb+ZA78Pwk
zVaa35==r=6qZVFH(ciiZm{^~HT^8<vGL<v-zM>U-(UV_`ul3{vciDA5<G+iG_6r&L
zCy#%5q@d`i)zy8!(f5~1k4HC;Ffw)p6UBFzn~BHG+Q+$xgPWj@AqDXLjYS1aRIGZQ
zs$e-YaHhJ)bb?1dqr@38krItjnOtY+IP&$qR|7&1e#FJ7M~1#<!|cEI-=Lg*e^k)K
zQ)ur7RQ2#Eg-$FT%a%quk9G~l_zMlKv)8N!mx6bizwcIjE={Wy(y6#w9ZRz`-M1&K
z8*qHznPXgY?&B!Gi9ofbSWhKw^NJjau5a}=<3w;RcxT#6IeylKSIT&FAC1%fCu4c>
zc9)Hr#-QaWk4dD|9obj=|7N$^Dn1dDU83)o+3Kq+cmg;eO1(Ic;LyGBhKvxw$?xss
zThat61F+f|lhnblC2x2}#!CnF?;OoNV?+m9Jc&<u<ZZ2b#vrvVV)1owIwtf>PLYvj
zH4P}-sw_PCXIn(~bV@odDZ03lwm*nR>F1L_Pw4Yo=bfK-Dgm|A?$R4TI@g|Jd`C+4
zw+8ZKB~k4QzXHEP8IrR#N;;}N5dE@lM>^Y5@4fw}+1Yl*n)PS)U3ZensS4V;dA25n
zPent0J~f7xdj%ca<55A(4*cexJaak3_qF{a|MFl@fVTLItyK-IJmruBtQ0|=ABc&4
zCLe(~d)nrKGPOda)YSVZ{ahd|@Lob6=29HX_H_2>KL|x08r01iMy=eGS#)W4rSyA?
zLEa3_P+n6c-C;z6ww$D%V)qX>5BpaagA@>-hi7Zm^}(oYO->VI2SOtHzO?-xp9PiZ
zO@IZgT6=m<N$)~`zI6l}vO&?$cUZ@vx2`Q>MBVTw`LRWAL5jA#WlX*-%1VzTMb;#m
z6K14RV7AB!mJ%61H&Btc#xpS1R#U=Qn;BN+1Tu~<{6ROgMu?P-?B$uO7}mbtWfOQN
zzhc=(9Z4^)%nOPBv_=ss#<^slL^{I%aNATYAIc=p&ycqKEwt3nSl--j(>&rpuq&D+
zEAhB5Ys5<Dx!sj*8T;+mdn{PmL`myWk953Tcj(IK2NQxVeBu@-H{TzH!VPuMF-zQ?
zfCUh{`Na6X+Ox~oPwptdoU1S#ZqDQq1-X{?xq)JGC8@-JPyiJb36#WKa<>$G!D?6C
z?~k+jFWR5yUvq2*f<h)ea*}GX6r3m!EqBGNh2+qHepKsJm{&i%R%|SE;}ulnlz8R;
zG@hR~tL9Sy7Yme_xeJ&V<rn?-P3O^Ob?5{H7ynKhNjk=WB}ZKPFX<OU7{2>Q?LhUv
ztlRy6=+yZ?D+2!i#lil)n&B!_km?+tTE&w&k=HN%K?Q8q6V!PPQv;W9!<Q*bw;0f|
z2qB&-ghl9QDbr3h!7BeNRr!gCEWleb;5T?z1ep;JR1CQC3Y6!c7qSY;74HE%p{%k;
zoc=Je0IO;MT-)!F?r74LXrS;>uIiGRx7B-Bzl`l@|E5<CK}&}WYavH7ybqZc?SPU3
zuNAzH<6wX%7})NwvY;0<UubBolMx14K30UC`7J))3J0v{RHH`D<L|M0WyZ8=SPsqx
z;{t2F7D(U0qkq2#!f=oN+P{v93O;M#YptXo*5J=wL=0?%jyM_=uSJRauCay(2L0^p
z*?)a(s03M@uBxr1$`O#0Gi_1Vlz4d3d{{qMQ9GbydX`)j_!wyvB+sw1pi+Hr2^vZ#
zp(x>a&f(<U-knII-U4k@k1k`Pb}LG&d&J3G!6^z2ilqoA!DdD|bsBk$RCZ=ZFtitv
z@1*Y=FBZt2%-f+M4Y$Dv(=4SUR!p)^6@BdP$4o=!hLGKn6}`!1yEN&gNPqQ~8OWHk
zfJg4$=|s0k$)Ohk>C_WG8_b^TABtngFE(tsHE4b4*WY;+hW-}ux6(W?Ko_Hd`Y7uH
znnYi6p*#>w23x1qa&6d0J0fafvk=nJ%Y<taFbC18D#`2y9b5k;lAO^Q>(tMktGpWD
z=qWP-qZwwrl!AruzmsDSZa7)vob)J(CDpoXPzC*)TTaJRBzA3uQaRe2#kpVgF+Tap
z!`f6J8W%ihX=wu6ebpm?{+8rk&(st92)Riyr5{y7q&{sJmoqT1OeN=N6G{qMt$xKc
zi3cWe%pu>32$D#(89n(Ldr3D>E;<#!%>&v2y0(0zm~6b5aj`~cK2lm18VI7ze!CtE
z0=~jld(3vX6x372wHd-Y1!S4pDy94CjIe6_LIj6OsXgVEO~ZB3jROzE(3*~F)>6yd
zt;i6|Yx~7da#c+UluFBNPkGa|CBY|2&sOXzkNiww8B<Hn^L!o&g?du$kRAW7NVsjQ
z&u)O!Ez1)4CG>vq{;!DdyRqgo5aYh<wVSxBqlhX?rRjCfXy%^G3rckW1qpU9@ANAJ
z9oJ5+F^k*X4<#&P&G~3pX#TtT7NG3TnC3+hjE`of{$cFAcnG!9+v?3nf(p8v3xU5L
zPR1*RfV;fPiDM0Uiksb=MY7Ab`3M1(>=C!(e`kRLoNjS_n)9NrHb5;;DLlaxUp-)z
z{Ms{mjX|6=Hv2hY$$O6LU8N}b1#9VE`kJ?O=Xr_Q#MZ44`o^%B`G!3G_-Bst)^FVl
zxc*$|=Ywx}Wte79;K4_>rNAfXp#C_b*RUWDX8<UBPV*xS0dg+T&vn8eH7}Y?I0X=2
z;$&_V&q>mLWNLi8)gaS;qcLziqCDIk2;B-S%B&C@D62&DL8F$=jOqxTXB0bp)lN)W
zk#SzINEqYXErtwEZZO%s6oa&_r7mc>jp9uv9?MdTfPSwV@%{B|-oAC>MLbeLe1MhB
z-;uwgUl1SS1n<>P3wQuuhc=k!W;LMT0g;Ro#kGU-Ag`P*ui4^lgQQgnbYoT4OjD=!
z92q8E0GlqUHmDD6(hT*=?Y}MqRg7vh#WI_go8h+x?izb<-qERua4dqrp>SW?af7IC
ze)wjHDfwvP$Ve;Q8<DzO)OQ*r=6ozdYCK1ao;;ra8o$ca5yFq*DM|FRI0uz2@~V~K
z<SA9C(nmh@sKz}m9(bemSHhzFz!-4kQ?nkt<^zbAY61Nkh?a$cfJd*wRHIiT3{m{}
z-uV48u-ms<tL}%StvfH0MfdrobJ4320QRP00IJZataA|&(KR}@dwEmTnZoZ8O!?IO
zeW&+j%NfnQuSrN$fbGGl8d;E*qS`xn+!OjnaPs|)io-m4TZ)mszN?q22=}n}AUyX}
zX<;oXMFNxhy-6qT%eNO&f7VP~I9g(M6*KY@+jvO?s%1G3(w`p-5|n|rsD=$`rfGwD
z1N4<((z}ds8-2pWPLim*<}6^XK2-IKVR0t&x;FzeJ?+5CRzuG~qm@><@FS;<*m$|L
z2DNYBO3%4885KKcBrffJ-Jm^f62tdjQ>pncK=TJslP8ZH7p^B}L3967?YfkG>e;Ya
z;Q9IxfP#<u-wpG6^`8OE@$%$+e6^4*;pI4>-JzSz*KYp%RkH9j0f0fMY_$P@7jU$&
ze*TAl-!I_E69505ZvP+m?D4-2W??#J5rH!w5i!8fEiGGssqlRREc0eBQg=W5pQ;@^
zxir{Ovt{d}HSqWuu==TN@UTCBU-e)2aFWjC%RlQ{Kks^-!)-<rU=W>Z1Z^?ilVqE}
zeKL`stYDchwA`)FtkZbQ*P(ufpkY6E7#9@7UD#7QaQ(Vik3n(A-ZUd#Pgb6Z>aUiw
z`}G&}s-{aL(VOy$tg{h&S8y^5B_bfmo}Z%VRK`*IQeursh}pZfYKDvsO51Db1G2Iu
zL&a(T3_)T20!5cjxtq53jlPX=3giR6&@7Tw5hz;aW<x~P$;VocERCI?#=z*@7bVcy
z&ZMh<b_2c(YMiuY=c5w9@_s$FaK+)Tkr<_%LSX?xD$wFCy<Ux;h~sE+!XT!}x0)w{
zwFs#{_Io%IzD7&Xn%?U<U`%*C4S~Y(i~%2|$C!9MT&K-Qc_TuZaEUUID~Js;^C;K0
z^TsZaP}#kmSG@A$ShnbjyD?7m$-$N*lCML<a41NbKI&rvOr@x!G@-BHL#XkRo*r&p
z@mX?2>!9s3XItx;`zGnUko2-uSoY0NG_huTN#)zS?eVPmV@~vu$=ctAEqE@3B)D-P
zmI5PwaE7P5e!Rf?*Om>usm?vD%n`6UE3w&vDyL1OYJUCv{O(sI)wQ5UQ-b4~>n_6O
zf%q0w;JmNIi=^Cu;iZ!}daqByrUA-W^+FZ#=Ht-Yf*dwIe$(3@mnDN!<bPL4A6dw&
zWi89_l=fTN54aa>f=vEQzUr+dfD#6n|Lv-^4G=6yr2>6lwQs<*u<N@bBuPG-MpvU5
ztv{ETObQ4rIi%P&i=xbqzp17DRaJ{40o~q725N+d-1uPxpq4c7^Mrf{Fc6eRPflr$
zrqjBH->mzc(b75o3uYVCNwUM+n8n<ZZNIp>uDRGBr3zdguG;H2Vbz~!8Pp|Vx$e~P
z8j_4#qGaopin)u0`@^3`a{_Jz{vNV-U0ySK)cw&_PR%IIt66i}&m0+-R9ij1bk1Zc
zbXazFIdci=-5c+jlsT0@q2lvrY4W#|NxHyCD1h%bwp*$EU+rCKR1;Ym#lZn_fff*D
zx3v>MR;3M)$f`8b2_OWO&4@NjgN8Lx5CsKoMMXAQLI6cJSrZlkLlZ;<L%^^EM34~H
zU|3WZ2_Tqx3GK|BIdl5V{ObPE^|MZ$Q?IJN_kG{J_1?WtG)Eor4iFz0Ny>k39WmXk
zwS#mdrKwK_qMF*JX9A1xk)|8xnbH<4gTAu`F*8f;$#sLFX0!|S+J<*d54)!?-g-bw
zVdWfYUd8f)r%lhOc|^6N^V0X7G*Dd>^N!RB?wjzsGUL0BUx!v@tAM3)+vBeN*MLRC
z27&<5L3{=r6~8Z}C;CQk+E{y;s2>TTY-Q;9M7c3E%dk_@{~0Ib{5cj3=|)_GzSMSp
z{eyE|J%z@qe`C~O82nM=?*Q5cBQ_A`Ot#6_pIcEZN2ppWv=(0>I-l-O6c*E=%W~kh
z^G@eK;h;S<lJ8H@5{6HdS5tK`j*qGvmc80H_$vSV+gS3nL*1d419`I%Cmy9$A|ICq
z9Wfzz@D7)oi<wa0=0w$o#<1$w=KbIz6}ihB%Nq4S9dy#kaKNm7bYbbf(Z|5K-50wM
z{;-Vl8&s5VdIp4Vb`1a!T48pHNx33#X{_>=>lm%j^K{-ZAM+VdT;8X83OY8|ZnPd4
zT`a#+l8g{5czE|{H2+mRSE9})H?O@-CetGLP*qBJf`htC-5YaEZvj*wBT-&najJci
zJs8WST4hlwE(y$#fD!FQ$9oG}z;go}=?|VSs?WGHrUUzis|_eozdFt9hE6HL5?u4q
zI}2)-@XKS~{?P<)nUQgLABejZ+W3r0T<Yn;S$QcBS(RKN?jYC!Mr{Dw{-UbZjwhoQ
zQT+Kf)BR%;O*wr71M;=5dDP`OBz=J@!wR$5VV7`8bbR5I&PA2Z4E<tC9U_*-b~Q-V
z(9wy=q@sdIwsB2UtQc8QdD4++>3?7Fe;{WJmGuac>s}`9rA`hobx<_xS2q&IETP@V
zCs@pkW47*$15mSZ$$Hil;aaVq`=8x%{>$Em-Rln`BC`FDfS|uu6CZAsVB9ZpME2vj
z*k6QSRU|G=;P0bGTyT!24xi9)EY3NPsdZC%-;131^t2*MvKxR^XQ_NIHX{NONH^5K
zuhKKdX{gH$hUhQNs~sSJK!I#b_YeuV^B-~^t^u5e@a!DWS$Z8ETibBhbAIIku7h(=
zhesHA2GEDL#7|<xtPY`g5Bkn>+t2EOs!0b#MU=iaG!m`>c>svc9pm?wP!04F1K|Kr
z=E0Lzn{B!-oiWcC>{>nO+}9^bU+pW7ITWv3Yb#1#UxN(Vm-9k&x%j?6bC0s0KC~Gb
z<fmD-pb#CFOUdwQ+x2rykuPLXpcm8vw1OBsPeAu!zS^=Zqe>G(kgoCs%_5Y|t(4;O
z*Ytw3u^l5N-0rQ2mV5~t%aX{Ki+<9)B^|=-FHcrmEiV{gwWTK7&%}f@y4;jL!Nz#e
zX9vyDZbZqs>rVz0J(H5cfwUZQQy){*`(ND{_M0~n&5!rlUeHKOxMVm0H?og^zr*Hv
zQO_Ny{Sq>fthHh;r+vy7@8wjBlry|Wh+(&`zJjCA)?aqvRZQ~t=~bZZYVD;i#&P#@
zoUh2F_T_MDEpfP_F?9lUBK6koYNxr3s?U2uZP*_bPXlFnrBFBi@gX4I;VS&}Ly_MI
zvL_7}ff!^iwq<72;>dyp`g2kEGAx4d^g73!X_{%=G5Nt@t;mKw*X=I<g}$jMxH-D*
zowB!@BbSKrrxRHSS~h(2lKka&IkwSCaW$~mDW9;){n(NFtg~xV50Ot_e7fAIz$^Ax
zeyaiz&)`~Q|JZcMzw27}+?E01Fs^P9G*6oKYYx>0fcXGeC_zdb$6OYWwx1iOSp@2&
z-8Piz%P%s}@nrTw)D2@T+pq?F1W0JJl(1fp9j4>5VS&%h=)TM5yyMP_$9J@3{(x`s
zsc#a26CL)e5|&pSt`VvG;>k!U;q1S<1ueLt98hOKbGQtkUbQdc#i(-Rg~@|ld-pVJ
zElm$;jD9-IOK#0ey1>wHMW(a@*-!(o)!yZKi~E*7#m_JHOqJFq9qb{+_G6{;tnR%a
z;!J0gohcuRew7$N#nsrQ<JV!=&PU`bqeMf`^!JXg`jgxH<#T7RH{?~eY$RlMpk2}(
zA*a&l=t9{$4EAo(o2RqU1wNm;p@_~|g#58_vaO$w2`!C11;=XYGWjQ6@&)=|)8aQw
zbNHG!FOJ`@>m*qRZBLBHFcsc4-$W;dv~EpYM@u^k$>7I@Su=Np@+lcX8OUdT8T}ic
zTkV3u>f2I#x&3o*+CboguIzQ=IgjZXU7CQ)R>$ie?N;h(-vhYLuAamb7fRi?sU9a_
zVyxZ;Hj<8s)&sAby_pG!P|Oz#xdr^B)iOQa(8kWdxS_x+H&f|gOAe6CFvz-VEv{E)
z-|=jnXsXe>K4afs`0dd1rs;A>;S2$E!moRhKnBtVd_&$mdekqQgK`@zB~}_4pBzl3
zG>ql6Cv&7)5T4;lCkOeAv0IYGhOwklCO2FI&N)oTc%|H02rbDh{`RHSU0$nHo3ZI`
zhmiX)K`;T1W((u7v>uCHRkYCv(4K&rqy&DPF!#q)A7ITeJSqdk(VG~%^?^W);Cf--
zetUC=tkww&7>VC9mR>)Jo7CteuCxFHpH!ux)!)hiC=p@+9{K$<H%&2r6ZwfV`Mreu
r=Pd<)jqLy5wD{LM`-9)vu6VxqL&cOd<SVj;VE$TL+8!yjaF6^4$|H$P

literal 0
HcmV?d00001

diff --git a/kubernetes-csi/README.md b/kubernetes-csi/README.md
new file mode 100644
index 0000000..1b9fdb8
--- /dev/null
+++ b/kubernetes-csi/README.md
@@ -0,0 +1,100 @@
+## ДЗ#12 Установка и использование CSI драйвера
+
+### Задания:
+- Данное задание будет выполняться в managed k8s в Yandex cloud
+- Разверните managed Kubernetes cluster в Yandex cloud любым удобным вам способом, конфигурация нод не имеет значения
+- Создайте бакет в s3 object storage Yandex cloud. Он будет использоваться для монтирования volume внутрь подов.
+- Создайте ServiceAccount для доступа к бакету с правами, которые необходимы согласно инструкции YC и сгенерируйте ключи доступа.
+- Создайте secret c ключами для доступа к Object Storage и приложите манифест для проверки ДЗ
+- Создайте storageClass описывающий класс хранилища и приложите манифест для проверки ДЗ
+- Установите CSI driver из репозитория
+- Создайте манифест PVC, использующий для хранения созданный вами storageClass с механизмом autoProvisioning и приложите его для проверки ДЗ
+- Создайте манифест pod или deployment, использующий созданный ранее PVC в качестве volume и монтирующий его в контейнер пода в произвольную точку монтирования и приложите манифест для проверки ДЗ.
+- Под в процессе работы должен производить запись в примонтированную директорию. Убедитесь, что файлы действительно сохраняются в ObjectStorage.
+### Запуск 
+- Создать s3 object storage Yandex cloud, я делал это ранее в ДЗ kubernetes-logging
+- Установить yc-csi `helm install --create-namespace yandex-csi-s3 ./csi-s3/`
+- Установить манифесты yc-s3-secret.yaml, yc-s3-sc.yaml, yc-s3-pvc.yaml
+- Запустить "Полезную нагрузку" yc-s3-test-storage-pod.yaml
+### Описание решения
+s3 object storage Yandex cloud и аккаунт к нему я делал еще в ДЗ kubernetes-logging, по этому я просто заново сгенерировал ключ:
+```sh
+urhero@urheroComp:~/otus/homework12/yourh3ro_repo$ yc iam access-key create --service-account-name bucket-acc
+access_key:
+  id: ajeh6rd4bj4sdbeq55j9
+  service_account_id: ajeka3kirg39l24ouqf7
+  created_at: "2024-09-16T14:37:57.423849035Z"
+  key_id: YCAJEEk4qXN_sO0yM5WJ-YlGJ
+secret: YCN_rF2gbEDttu3qhgkPBC_BolC********
+```
+Далее по интрукции установил helm chart https://github.com/yandex-cloud/k8s-csi-s3  
+И создал необходимые ресурсы:  
+```yaml
+# yc-s3-secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: csi-s3-secret
+  namespace: kube-system
+stringData:
+  accessKeyID: YCAJEEk4qXN_sO0yM5WJ-YlGJ
+  secretAccessKey: YCN_rF2gbEDttu3qhgkPBC_BolC********
+  endpoint: https://storage.yandexcloud.net
+---
+# yc-s3-sc.yaml
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: csi-s3-existing-bucket
+provisioner: ru.yandex.s3.csi
+parameters:
+  mounter: geesefs
+  options: "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
+  bucket: otus-backet
+  csi.storage.k8s.io/provisioner-secret-name: csi-s3-secret
+  csi.storage.k8s.io/provisioner-secret-namespace: kube-system
+  csi.storage.k8s.io/controller-publish-secret-name: csi-s3-secret
+  csi.storage.k8s.io/controller-publish-secret-namespace: kube-system
+  csi.storage.k8s.io/node-stage-secret-name: csi-s3-secret
+  csi.storage.k8s.io/node-stage-secret-namespace: kube-system
+  csi.storage.k8s.io/node-publish-secret-name: csi-s3-secret
+  csi.storage.k8s.io/node-publish-secret-namespace: kube-system
+volumeBindingMode: Immediate
+---
+# yc-s3-pvc.yml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: csi-s3-pvc
+  namespace: default
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: csi-s3-existing-bucket
+```
+После применения этих манифетов я смог создать вод с "полезной" нагрузкой, в который подмонтировал yc s3:
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: yc-s3-test-storage-pod
+  namespace: default
+spec:
+  containers:
+    - name: yc-s3-test-storage-pod
+      image: busybox:1.31.1
+      command: [ "sh", "-c", "dd if=/dev/zero of=/data/storage-test.img bs=1M count=256 && sleep 3600" ]
+      volumeMounts:
+        - name: data
+          mountPath: /data
+  volumes:
+    - name: data
+      persistentVolumeClaim:
+        claimName: csi-s3-pvc
+        readOnly: false
+```
+И увидел в консоли yandex cloud созданный файл:  
+![alt text](../img/image19.png)
\ No newline at end of file
diff --git a/kubernetes-csi/csi-s3/Chart.yaml b/kubernetes-csi/csi-s3/Chart.yaml
new file mode 100644
index 0000000..d9940af
--- /dev/null
+++ b/kubernetes-csi/csi-s3/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+appVersion: 0.41.1
+description: Container Storage Interface (CSI) driver for S3 volumes
+home: https://github.com/yandex-cloud/k8s-csi-s3
+icon: https://raw.githubusercontent.com/yandex-cloud/geesefs/master/doc/geesefs.png
+keywords:
+- s3
+name: csi-s3
+sources:
+- https://github.com/yandex-cloud/k8s-csi-s3/deploy/helm
+version: 0.41.1
diff --git a/kubernetes-csi/csi-s3/README.md b/kubernetes-csi/csi-s3/README.md
new file mode 100644
index 0000000..71abd1a
--- /dev/null
+++ b/kubernetes-csi/csi-s3/README.md
@@ -0,0 +1,41 @@
+# Helm chart for csi-s3
+
+This chart adds S3 volume support to your cluster.
+
+## Install chart
+
+- Helm 2.x: `helm install [--set secret.accessKey=... --set secret.secretKey=... ...] --namespace kube-system --name csi-s3 .`
+- Helm 3.x: `helm install [--set secret.accessKey=... --set secret.secretKey=... ...] --namespace kube-system csi-s3 .`
+
+After installation succeeds, you can get a status of Chart: `helm status csi-s3`.
+
+## Delete Chart
+
+- Helm 2.x: `helm delete --purge csi-s3`
+- Helm 3.x: `helm uninstall csi-s3 --namespace kube-system`
+
+## Configuration
+
+By default, this chart creates a secret and a storage class. You should at least set `secret.accessKey` and `secret.secretKey`
+to your [Yandex Object Storage](https://cloud.yandex.com/en-ru/services/storage) keys for it to work.
+
+The following table lists all configuration parameters and their default values.
+
+| Parameter                    | Description                                                            | Default                                                |
+| ---------------------------- | ---------------------------------------------------------------------- | ------------------------------------------------------ |
+| `storageClass.create`        | Specifies whether the storage class should be created                  | true                                                   |
+| `storageClass.name`          | Storage class name                                                     | csi-s3                                                 |
+| `storageClass.singleBucket`  | Use a single bucket for all dynamically provisioned persistent volumes |                                                        |
+| `storageClass.mounter`       | Mounter to use. Either geesefs, s3fs or rclone. geesefs recommended    | geesefs                                                |
+| `storageClass.mountOptions`  | GeeseFS mount options                                                  | `--memory-limit 1000 --dir-mode 0777 --file-mode 0666` |
+| `storageClass.reclaimPolicy` | Volume reclaim policy                                                  | Delete                                                 |
+| `storageClass.annotations`   | Annotations for the storage class                                      |                                                        |
+| `secret.create`              | Specifies whether the secret should be created                         | true                                                   |
+| `secret.name`                | Name of the secret                                                     | csi-s3-secret                                          |
+| `secret.accessKey`           | S3 Access Key                                                          |                                                        |
+| `secret.secretKey`           | S3 Secret Key                                                          |                                                        |
+| `secret.endpoint`            | Endpoint                                                               | https://storage.yandexcloud.net                        |
+| `secret.region`              | Region                                                                 |                         |
+| `tolerations.all`            | Tolerate all taints by the CSI-S3 node driver (mounter)                | false                                                  |
+| `tolerations.node`           | Custom tolerations for the CSI-S3 node driver (mounter)                | []                                                     |
+| `tolerations.controller`     | Custom tolerations for the CSI-S3 controller (provisioner)             | []                                                     |
diff --git a/kubernetes-csi/csi-s3/manifest.yaml b/kubernetes-csi/csi-s3/manifest.yaml
new file mode 100644
index 0000000..1a62728
--- /dev/null
+++ b/kubernetes-csi/csi-s3/manifest.yaml
@@ -0,0 +1,121 @@
+helm_chart:
+  name: cr.yandex/crp9ftr22d26age3hulg/yandex-cloud/csi-s3/csi-s3
+  tag: 0.41.1
+requirements:
+  k8s_version: ">=1.13"
+images:
+  - full: images.registrar
+  - full: images.provisioner
+  - full: images.csi
+user_values:
+  - name: storageClass.create
+    title:
+      en: Create storage class
+      ru: Создать класс хранения
+    description:
+      en: Specifies whether the storage class should be created
+      ru: Выберите, чтобы создать новый S3-класс хранения при развёртывании приложения.
+    boolean_value:
+      default_value: true
+  - name: secret.create
+    title:
+      en: Create secret
+      ru: Создать секрет
+    description:
+      en: Specifies whether the secret should be created
+      ru: Выберите, чтобы создать новый секрет для класса хранения при установке приложения, а не использовать существующий.
+    boolean_value:
+      default_value: true
+  - name: secret.accessKey
+    title:
+      en: S3 Access Key ID
+      ru: Идентификатор ключа S3
+    description:
+      en: S3 Access Key ID
+      ru: Идентификатор ключа S3.
+    string_value:
+      default_value: ""
+  - name: secret.secretKey
+    title:
+      en: S3 Secret Key
+      ru: Секретный ключ S3
+    description:
+      en: S3 Secret Key
+      ru: Секретный ключ S3.
+    string_value:
+      default_value: ""
+  - name: storageClass.singleBucket
+    title:
+      en: Single S3 bucket for volumes
+      ru: Общий бакет S3 для томов
+    description:
+      en: Single S3 bucket to use for all dynamically provisioned persistent volumes
+      ru: Общий бакет S3, в котором будут создаваться все динамически распределяемые тома. Если пусто, под каждый том будет создаваться новый бакет.
+    string_value:
+      default_value: ""
+  - name: secret.endpoint
+    title:
+      en: S3 endpoint
+      ru: Адрес S3-сервиса
+    description:
+      en: S3 service endpoint to use
+      ru: Адрес S3-сервиса, который будет использоваться.
+    string_value:
+      default_value: "https://storage.yandexcloud.net"
+  - name: secret.region
+    title:
+      en: S3 region
+      ru: S3 регион
+    description:
+      en: S3 service region to use
+      ru: Регион используемого сервиса S3.
+    string_value:
+      default_value: ""
+  - name: storageClass.mountOptions
+    title:
+      en: GeeseFS mount options
+      ru: Опции монтирования GeeseFS
+    description:
+      en: GeeseFS mount options to use. Refer to `geesefs --help` command output for the whole list of options (https://github.com/yandex-cloud/geesefs).
+      ru: Опции монтирования GeeseFS. Полный перечень и описание опций смотрите в выводе команды `geesefs --help` (https://github.com/yandex-cloud/geesefs).
+    string_value:
+      default_value: "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
+  - name: storageClass.reclaimPolicy
+    title:
+      en: Volume reclaim policy
+      ru: Политика очистки томов
+    description:
+      en: Volume reclaim policy for the storage class (Retain or Delete)
+      ru: Выберите политику очистки томов PersistentVolume при удалении PersistentVolumeClaim. Retain — сохранять том, Delete — удалять том.
+    string_selector_value:
+      default_value: Delete
+      values:
+        - Delete
+        - Retain
+  - name: storageClass.name
+    title:
+      en: Storage class name
+      ru: Название класса хранения
+    description:
+      en: Name of the storage class that will be created
+      ru: Название класса хранения, который будет создан при установке.
+    string_value:
+      default_value: csi-s3
+  - name: secret.name
+    title:
+      en: Name of the secret
+      ru: Название секрета
+    description:
+      en: Name of the secret to create or use for the storage class
+      ru: Название секрета, который будет создан или использован для класса хранения.
+    string_value:
+      default_value: csi-s3-secret
+  - name: tolerations.all
+    title:
+      en: Tolerate all taints
+      ru: Игнорировать все политики taint
+    description:
+      en: Tolerate all taints by the CSI-S3 node driver (mounter)
+      ru: Выберите, чтобы драйвер CSI, который монтирует файловую систему на узлах, игнорировал все политики taint для узлов кластера.
+    boolean_value:
+      default_value: false
diff --git a/kubernetes-csi/csi-s3/templates/csi-s3.yaml b/kubernetes-csi/csi-s3/templates/csi-s3.yaml
new file mode 100644
index 0000000..9732b6c
--- /dev/null
+++ b/kubernetes-csi/csi-s3/templates/csi-s3.yaml
@@ -0,0 +1,129 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-s3
+  namespace: {{ .Release.Namespace }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-s3
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-s3
+subjects:
+  - kind: ServiceAccount
+    name: csi-s3
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-s3
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: csi-s3
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app: csi-s3
+  template:
+    metadata:
+      labels:
+        app: csi-s3
+    spec:
+      tolerations:
+        {{- if .Values.tolerations.all }}
+        - operator: Exists
+        {{- else }}
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - operator: Exists
+          effect: NoExecute
+          tolerationSeconds: 300
+        {{- end }}
+        {{- with .Values.tolerations.node }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      serviceAccount: csi-s3
+      containers:
+        - name: driver-registrar
+          image: {{ .Values.images.registrar }}
+          args:
+            - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
+            - "--v=4"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration/
+        - name: csi-s3
+          securityContext:
+            privileged: true
+            capabilities:
+              add: ["SYS_ADMIN"]
+            allowPrivilegeEscalation: true
+          image: {{ .Values.images.csi }}
+          imagePullPolicy: IfNotPresent
+          args:
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--nodeid=$(NODE_ID)"
+            - "--v=4"
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /csi
+            - name: stage-dir
+              mountPath: {{ .Values.kubeletPath }}/plugins/kubernetes.io/csi
+              mountPropagation: "Bidirectional"
+            - name: pods-mount-dir
+              mountPath: {{ .Values.kubeletPath }}/pods
+              mountPropagation: "Bidirectional"
+            - name: fuse-device
+              mountPath: /dev/fuse
+            - name: systemd-control
+              mountPath: /run/systemd
+      volumes:
+        - name: registration-dir
+          hostPath:
+            path: {{ .Values.kubeletPath }}/plugins_registry/
+            type: DirectoryOrCreate
+        - name: plugin-dir
+          hostPath:
+            path: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi
+            type: DirectoryOrCreate
+        - name: stage-dir
+          hostPath:
+            path: {{ .Values.kubeletPath }}/plugins/kubernetes.io/csi
+            type: DirectoryOrCreate
+        - name: pods-mount-dir
+          hostPath:
+            path: {{ .Values.kubeletPath }}/pods
+            type: Directory
+        - name: fuse-device
+          hostPath:
+            path: /dev/fuse
+        - name: systemd-control
+          hostPath:
+            path: /run/systemd
+            type: DirectoryOrCreate
diff --git a/kubernetes-csi/csi-s3/templates/driver.yaml b/kubernetes-csi/csi-s3/templates/driver.yaml
new file mode 100644
index 0000000..c3095e6
--- /dev/null
+++ b/kubernetes-csi/csi-s3/templates/driver.yaml
@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: ru.yandex.s3.csi
+spec:
+  attachRequired: false
+  podInfoOnMount: true
+  fsGroupPolicy: File # added in Kubernetes 1.19, this field is GA as of Kubernetes 1.23
+  volumeLifecycleModes: # added in Kubernetes 1.16, this field is beta
+    - Persistent
diff --git a/kubernetes-csi/csi-s3/templates/provisioner.yaml b/kubernetes-csi/csi-s3/templates/provisioner.yaml
new file mode 100644
index 0000000..d8c4eb3
--- /dev/null
+++ b/kubernetes-csi/csi-s3/templates/provisioner.yaml
@@ -0,0 +1,116 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-s3-provisioner-sa
+  namespace: {{ .Release.Namespace }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-s3-external-provisioner-runner
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-s3-provisioner-role
+subjects:
+  - kind: ServiceAccount
+    name: csi-s3-provisioner-sa
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-s3-external-provisioner-runner
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: csi-s3-provisioner
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: csi-s3-provisioner
+spec:
+  selector:
+    app: csi-s3-provisioner
+  ports:
+    - name: csi-s3-dummy
+      port: 65535
+---
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-s3-provisioner
+  namespace: {{ .Release.Namespace }}
+spec:
+  serviceName: "csi-provisioner-s3"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: csi-s3-provisioner
+  template:
+    metadata:
+      labels:
+        app: csi-s3-provisioner
+    spec:
+      serviceAccount: csi-s3-provisioner-sa
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          operator: Exists
+        - key: CriticalAddonsOnly
+          operator: Exists
+        {{- with .Values.tolerations.controller }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: csi-provisioner
+          image: {{ .Values.images.provisioner }}
+          args:
+            - "--csi-address=$(ADDRESS)"
+            - "--v=4"
+          env:
+            - name: ADDRESS
+              value: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi/csi.sock
+          imagePullPolicy: "IfNotPresent"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi
+        - name: csi-s3
+          image: {{ .Values.images.csi }}
+          imagePullPolicy: IfNotPresent
+          args:
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--nodeid=$(NODE_ID)"
+            - "--v=4"
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://{{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi/csi.sock
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: socket-dir
+              mountPath: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
diff --git a/kubernetes-csi/csi-s3/templates/secret.yaml b/kubernetes-csi/csi-s3/templates/secret.yaml
new file mode 100644
index 0000000..7ff48f9
--- /dev/null
+++ b/kubernetes-csi/csi-s3/templates/secret.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.secret.create -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ .Values.secret.name }}
+stringData:
+{{- if .Values.secret.accessKey }}
+  accessKeyID: {{ .Values.secret.accessKey }}
+{{- end }}
+{{- if .Values.secret.secretKey }}
+  secretAccessKey: {{ .Values.secret.secretKey }}
+{{- end }}
+  endpoint: {{ .Values.secret.endpoint }}
+{{- if .Values.secret.region }}
+  region: {{ .Values.secret.region }}
+{{- end }}
+{{- end -}}
diff --git a/kubernetes-csi/csi-s3/templates/storageclass.yaml b/kubernetes-csi/csi-s3/templates/storageclass.yaml
new file mode 100644
index 0000000..e40d699
--- /dev/null
+++ b/kubernetes-csi/csi-s3/templates/storageclass.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.storageClass.create -}}
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: {{ .Values.storageClass.name }}
+{{- if .Values.storageClass.annotations }}
+  annotations:
+{{ toYaml .Values.storageClass.annotations | indent 4 }}
+{{- end }}
+provisioner: ru.yandex.s3.csi
+parameters:
+  mounter: "{{ .Values.storageClass.mounter }}"
+  options: "{{ .Values.storageClass.mountOptions }}"
+{{- if .Values.storageClass.singleBucket }}
+  bucket: "{{ .Values.storageClass.singleBucket }}"
+{{- end }}
+  csi.storage.k8s.io/provisioner-secret-name: {{ .Values.secret.name }}
+  csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }}
+  csi.storage.k8s.io/controller-publish-secret-name: {{ .Values.secret.name }}
+  csi.storage.k8s.io/controller-publish-secret-namespace: {{ .Release.Namespace }}
+  csi.storage.k8s.io/node-stage-secret-name: {{ .Values.secret.name }}
+  csi.storage.k8s.io/node-stage-secret-namespace: {{ .Release.Namespace }}
+  csi.storage.k8s.io/node-publish-secret-name: {{ .Values.secret.name }}
+  csi.storage.k8s.io/node-publish-secret-namespace: {{ .Release.Namespace }}
+reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }}
+{{- end -}}
diff --git a/kubernetes-csi/csi-s3/values.yaml b/kubernetes-csi/csi-s3/values.yaml
new file mode 100644
index 0000000..d53b880
--- /dev/null
+++ b/kubernetes-csi/csi-s3/values.yaml
@@ -0,0 +1,50 @@
+---
+images:
+  # Source: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
+  registrar: cr.yandex/crp9ftr22d26age3hulg/yandex-cloud/csi-s3/csi-node-driver-registrar:v1.2.0
+  # Source: quay.io/k8scsi/csi-provisioner:v2.1.0
+  provisioner: cr.yandex/crp9ftr22d26age3hulg/yandex-cloud/csi-s3/csi-provisioner:v2.1.0
+  # Main image
+  csi: cr.yandex/crp9ftr22d26age3hulg/yandex-cloud/csi-s3/csi-s3-driver:0.41.1
+
+storageClass:
+  # Specifies whether the storage class should be created
+  create: true
+  # Name
+  name: csi-s3
+  # Use a single bucket for all dynamically provisioned persistent volumes
+  singleBucket: ""
+  # mounter to use - either geesefs, s3fs or rclone (default geesefs)
+  mounter: geesefs
+  # GeeseFS mount options
+  mountOptions: "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
+  # Volume reclaim policy
+  reclaimPolicy: Delete
+  # Annotations for the storage class
+  # Example:
+  # annotations:
+  #   storageclass.kubernetes.io/is-default-class: "true"
+  annotations: {}
+
+secret:
+  # Specifies whether the secret should be created
+  create: true
+  # Name of the secret
+  name: csi-s3-secret
+  # S3 Access Key
+  accessKey: ""
+  # S3 Secret Key
+  secretKey: ""
+  # Endpoint
+  endpoint: https://storage.yandexcloud.net
+  # Region
+  region: ""
+
+tolerations:
+  all: false
+  node: []
+  controller: []
+
+nodeSelector: {}
+
+kubeletPath: /var/lib/kubelet
diff --git a/kubernetes-csi/yc-s3-pvc.yml b/kubernetes-csi/yc-s3-pvc.yml
new file mode 100644
index 0000000..c976b9a
--- /dev/null
+++ b/kubernetes-csi/yc-s3-pvc.yml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: csi-s3-pvc
+  namespace: default
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: csi-s3-existing-bucket
\ No newline at end of file
diff --git a/kubernetes-csi/yc-s3-sc.yaml b/kubernetes-csi/yc-s3-sc.yaml
new file mode 100644
index 0000000..068759a
--- /dev/null
+++ b/kubernetes-csi/yc-s3-sc.yaml
@@ -0,0 +1,22 @@
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: csi-s3-existing-bucket
+provisioner: ru.yandex.s3.csi
+parameters:
+  mounter: geesefs
+  # you can set mount options here, for example limit memory cache size (recommended)
+  options: "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
+  bucket: otus-backet
+  # to use an existing bucket, specify it here:
+  #bucket: some-existing-bucket
+  csi.storage.k8s.io/provisioner-secret-name: csi-s3-secret
+  csi.storage.k8s.io/provisioner-secret-namespace: kube-system
+  csi.storage.k8s.io/controller-publish-secret-name: csi-s3-secret
+  csi.storage.k8s.io/controller-publish-secret-namespace: kube-system
+  csi.storage.k8s.io/node-stage-secret-name: csi-s3-secret
+  csi.storage.k8s.io/node-stage-secret-namespace: kube-system
+  csi.storage.k8s.io/node-publish-secret-name: csi-s3-secret
+  csi.storage.k8s.io/node-publish-secret-namespace: kube-system
+volumeBindingMode: Immediate
\ No newline at end of file
diff --git a/kubernetes-csi/yc-s3-secret.yaml b/kubernetes-csi/yc-s3-secret.yaml
new file mode 100644
index 0000000..84ba3ac
--- /dev/null
+++ b/kubernetes-csi/yc-s3-secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: csi-s3-secret
+  # Namespace depends on the configuration in the storageclass.yaml
+  namespace: kube-system
+stringData:
+  accessKeyID: YCAJEEk4qXN_sO0yM5WJ-YlGJ
+  secretAccessKey: YCN_rF2gbEDttu3qhgkPBC_BolC********
+  # For AWS set it to "https://s3.<region>.amazonaws.com", for example https://s3.eu-central-1.amazonaws.com
+  endpoint: https://storage.yandexcloud.net
+  # For AWS set it to AWS region
+  #region: ""
\ No newline at end of file
diff --git a/kubernetes-csi/yc-s3-test-storage-pod.yaml b/kubernetes-csi/yc-s3-test-storage-pod.yaml
new file mode 100644
index 0000000..a2f76aa
--- /dev/null
+++ b/kubernetes-csi/yc-s3-test-storage-pod.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: yc-s3-test-storage-pod
+  namespace: default
+spec:
+  containers:
+    - name: yc-s3-test-storage-pod
+      image: busybox:1.31.1
+      command: [ "sh", "-c", "dd if=/dev/zero of=/data/storage-test.img bs=1M count=256 && sleep 3600" ]
+      volumeMounts:
+        - name: data
+          mountPath: /data
+  volumes:
+    - name: data
+      persistentVolumeClaim:
+        claimName: csi-s3-pvc
+        readOnly: false
\ No newline at end of file