From 159d42a9c5cacc18cb7686027a6607ca8443ecee Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Wed, 25 Sep 2024 12:45:06 -0400 Subject: [PATCH 1/3] docs: update readme Includes quay.io build status badge plus some enhancements --- README.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 1ca380a..2861c87 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,11 @@

- CrowdStrike logo + CrowdStrike logo

# Falcon OpenShift Console Plugin +[![Docker Repository on Quay](https://quay.io/repository/crowdstrike/falcon-openshift-console-plugin/status "Docker Repository on Quay")](https://quay.io/repository/crowdstrike/falcon-openshift-console-plugin) + This is a dynamic plugin for the Red Hat OpenShift console. The plugin provides additional visibility to the Falcon operator and Falcon-protected virtual machines. @@ -15,10 +17,41 @@ The Falcon OpenShift Console Plugin is an open source project, not a CrowdStrike ## Deployment -### Build the image +There are two ways you can deploy the Falcon OpenShift Console Plugin: + +
+ +Pull directly from registry (recommended) + +### Registry + +The Falcon OpenShift Console Plugin is available on Quay.io at [quay.io/crowdstrike/falcon-openshift-console-plugin](https://quay.io/crowdstrike/falcon-openshift-console-plugin). -Before you can deploy your plugin on a cluster, you must build an image and -push it to an image registry. +You can pull the image directly from the container registry. This method is recommended for production deployments. + +### Deploy the Helm chart + +Install the chart using the name of the plugin as the Helm release name into a new namespace or an existing namespace as specified by the `plugin_console-plugin-template` parameter by using the following command: + +```shell +helm upgrade -i my-plugin charts/openshift-console-plugin -n plugin__console-plugin-template --create-namespace --set plugin.image=quay.io/crowdstrike/falcon-openshift-console-plugin:latest +``` + +> [!NOTE] +> When deploying on OpenShift 4.10, it is recommended to add the parameter `--set plugin.securityContext.enabled=false` which will omit configurations related to Pod Security. + +> [!NOTE] +> When defining i18n namespace, adhere `plugin__` format. The name of the plugin should be extracted from the `consolePlugin` declaration within the [package.json](package.json) file. + +
+ +
+ +Build the image locally + +### Build and push the image + +You can build the image locally and push it to a container registry. This method is useful for testing and development. 1. Build the image: @@ -32,7 +65,8 @@ push it to an image registry. docker push quay.io/my-repository/my-plugin:latest ``` -NOTE: If you have a Mac with Apple silicon, you will need to add the flag +> [!NOTE] +> If you have a Mac with Apple silicon (M-series), you will need to add the flag `--platform=linux/amd64` when building the image to target the correct platform to run in-cluster. @@ -44,9 +78,13 @@ Install the chart using the name of the plugin as the Helm release name into a n helm upgrade -i my-plugin charts/openshift-console-plugin -n plugin__console-plugin-template --create-namespace --set plugin.image=my-plugin-image-location ``` -NOTE: When deploying on OpenShift 4.10, it is recommended to add the parameter `--set plugin.securityContext.enabled=false` which will omit configurations related to Pod Security. +> [!NOTE] +> When deploying on OpenShift 4.10, it is recommended to add the parameter `--set plugin.securityContext.enabled=false` which will omit configurations related to Pod Security. + +> [!NOTE] +> When defining i18n namespace, adhere `plugin__` format. The name of the plugin should be extracted from the `consolePlugin` declaration within the [package.json](package.json) file. -NOTE: When defining i18n namespace, adhere `plugin__` format. The name of the plugin should be extracted from the `consolePlugin` declaration within the [package.json](package.json) file. +
### Configuration @@ -62,7 +100,8 @@ NOTE: When defining i18n namespace, adhere `plugin__` format - `client_id` - `client_secret` -NOTE: This configuration assumes any user with access to read secrets in the chosen namespace should +> [!NOTE] +> This configuration assumes any user with access to read secrets in the chosen namespace should have access to the API client itself, as well as the related data from the Falcon platform. If you have multiple namespaces with VM workloads, you will need to configure a `crowdstrike-api` secret From cf4626832ed82978aa6a404d00d6aee550f346d8 Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Wed, 25 Sep 2024 12:56:31 -0400 Subject: [PATCH 2/3] docs: update deployment --- README.md | 57 ++----------------------------------------------------- 1 file changed, 2 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index 2861c87..c1a3d35 100644 --- a/README.md +++ b/README.md @@ -17,20 +17,10 @@ The Falcon OpenShift Console Plugin is an open source project, not a CrowdStrike ## Deployment -There are two ways you can deploy the Falcon OpenShift Console Plugin: - -
- -Pull directly from registry (recommended) - -### Registry - -The Falcon OpenShift Console Plugin is available on Quay.io at [quay.io/crowdstrike/falcon-openshift-console-plugin](https://quay.io/crowdstrike/falcon-openshift-console-plugin). - -You can pull the image directly from the container registry. This method is recommended for production deployments. - ### Deploy the Helm chart +The Falcon OpenShift Console Plugin is available at [quay.io/crowdstrike/falcon-openshift-console-plugin](https://quay.io/crowdstrike/falcon-openshift-console-plugin). + Install the chart using the name of the plugin as the Helm release name into a new namespace or an existing namespace as specified by the `plugin_console-plugin-template` parameter by using the following command: ```shell @@ -43,49 +33,6 @@ helm upgrade -i my-plugin charts/openshift-console-plugin -n plugin__console-pl > [!NOTE] > When defining i18n namespace, adhere `plugin__` format. The name of the plugin should be extracted from the `consolePlugin` declaration within the [package.json](package.json) file. -
- -
- -Build the image locally - -### Build and push the image - -You can build the image locally and push it to a container registry. This method is useful for testing and development. - -1. Build the image: - - ```sh - docker build -t quay.io/my-repository/my-plugin:latest . - ``` - -2. Push the image: - - ```sh - docker push quay.io/my-repository/my-plugin:latest - ``` - -> [!NOTE] -> If you have a Mac with Apple silicon (M-series), you will need to add the flag -`--platform=linux/amd64` when building the image to target the correct platform -to run in-cluster. - -### Deploy the Helm chart - -Install the chart using the name of the plugin as the Helm release name into a new namespace or an existing namespace as specified by the `plugin_console-plugin-template` parameter and providing the location of the image within the `plugin.image` parameter by using the following command: - -```shell -helm upgrade -i my-plugin charts/openshift-console-plugin -n plugin__console-plugin-template --create-namespace --set plugin.image=my-plugin-image-location -``` - -> [!NOTE] -> When deploying on OpenShift 4.10, it is recommended to add the parameter `--set plugin.securityContext.enabled=false` which will omit configurations related to Pod Security. - -> [!NOTE] -> When defining i18n namespace, adhere `plugin__` format. The name of the plugin should be extracted from the `consolePlugin` declaration within the [package.json](package.json) file. - -
- ### Configuration 1. Create a CrowdStrike API client with the following permissions: From 4cfbd17da66af2dd1a7f56d759af5f2be15e9b34 Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Wed, 25 Sep 2024 14:55:36 -0400 Subject: [PATCH 3/3] chore: remove old logo --- img/crowdstrike.png | Bin 21097 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 img/crowdstrike.png diff --git a/img/crowdstrike.png b/img/crowdstrike.png deleted file mode 100644 index 3ef837ee8d1d5b7f23b3031fbd3b0c0183e3196b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 21097 zcmYhjbzIZm8$L{ z^~~S%`u?8hkHzc#-p=lG?sLw4-Pe7cMeFIPJtBERf`fzeNc|N^9|s423;Vv|0TK53 z37(`j_T{1bD`PJl91hBV58N3UNig;zgSW~XZv(e?-hOXA?Qs13`~)3boxE(`y4wl5 zdD`co<)7f-JjGE5y#V{??k)Ib&O=bhqk}B%G7iK;&UaF5gRaj$Ic`B7r!E3YVB&-- zD!4SbDg@LPgsHqw9(G9aOcZ}0ARy!XLp|X7{OKRdY_e@+7O z<==~XjcJQ!Wd$9yZVt2q&WNYPr558v`si)`&y#-2uQ>FKi5z;Sk=y!zmrvg@h@TY3 zSWL*)-z_(C|G%Ha-aIwTD*2OeKulXXgsN^@^VJPf{$D#ROsT-g@~X?DKM2tNekMHe`CLY zT59)y%@Je>M=j zOUJwQ|KD$na+99Eb<+-eu^dSg_PVGORy}sh`ulTjw35XC>?pk$sJaZRABxPAf7c_K zF7F)c{l8mWxnum}QKJGE)^-{m{flcN9YVqgaLBfr$*xPQB+~)}KJ!xgch&tdekpE~xuQY9;fGF_plS)H zsnzfkv473+1OWB%gK_B}R^gr!e!@wXUuU;^d%Q%5yheIMZiVlhKa2FG!gT1iaInsd zhx{52^uNPrJ$0Dtr`;}j0W!qxd=N+2$8pb0O4c2sPM>-6=HVsI1>sxVLu@P45!2y3 z$X!^Q@Uh$XQy@^Eu!>ataC_H>?3=7G{Y4vdc+h_HibWYKZfwNWb1`B3%&eOWABaoL zHA1-WR23+SH}mk4^4p8!uj8Y8d=+el3$6_O9uHs1sOXIPdX-PSnZzE|R$2 zP#iRjW#ayMsh05*tI$$L;4z_C*UfmvhkJ$XE@au3j@R^OS4IKy+|07Q$ zHQNpzx#l_F*B=BIGShar&q|{NFg$S1yO|-Gp*%GAu4nM4^nY@}d11GItS#7XJGmEx z`;uR8--8{6SU)%>Rv|kwf`lwh2YYe?gH|LXm0Mpz$~L4kY&>#wOWpxosrK;a`(|#| z!@5df2cE>3zkPc3i=e#{c2FW!G7lZ_3x6BYV`jFsk_xSQ$g~om$ULHt%26iEZSUHrx8Bo{ zFN6u5ojwKpVSK~g9jq~uT0^(>T+^io_kq-feEi+lcj0@wHfxj#DPnn#lVq*JmY-UY zDr)DEx;%9K?#1o?88(_geL)30#`~te2Ul^#z00}rC-j$}7CKCO4kE&l!zacI!mm`# zSEh28a~C@V@AbApbBS}Agg@drRqX7Aizupr$ivMP8QV@nAh#*CSL@0kf@#%8L95KN za2KzDyyyXMv#D1y#suwIH~tL%gOb!2?T`qD0?QzRgvJ-?f-5FBvd+lB;;>(x8hV}DMB%pPORR{9z)HCk}We^w6 zSWv#M+C}9~O((IoB%KApr)w4jX)PY(#VLj|DJKGdRjZ;{3uBf9r$J#iI=o}|v9$qo zb!_Vr3=zc!3{hFfP8|+3=?1HNSwbD{CeCd{Ee;+22+*?x8q8yT;|alcrpU!H!)<2+ zHmIz-0qe`4r`mpjZ=nNyKv95S|FPh*@T$=0cY(gp@Hw+U1CS0~63T`^=gw940W(p{ z5x}&LHIq0XOC^-+v9AZYpq%XqQe;B>v7cuW?}l4BSKok?>Azu^za5VYkd;6$1@c17S)O*bI^kiF}C#zlRvL8i0HoJ{QHD z1kGcBrNiK}!2ywBjRewDRQ5aZcOOYTncNUs_j?@zj~+SXrb5U749|dND>}ntMF>aC z_8b}96m-W4%qdaG5)~)&8^UBm=Q)6kr3yvL(1B@po*Rl)TDOuL+(in%FZZ6u_KI9q zRb9kPh=pcgy~#)E{d1(t1P%Mko5m)3($igVQ;X%<6P&$=X81p8le|=HZHK&u)IEt$ z?B>;dWSAtYh;In}A)s@uAkoqqYS^?KsFFT}Q?W;d(6(GTv?Wa{ z)g<^Fxw)6Y6{r?I^~&G8Sh!TK%sMw&Wx~@U9Q`8hhep&Z99BW+p8>y4hF6{3Zv@caBLZ zS@eMP^3cHBB|`FVpZD_rHa@R)aWvuJy#nv$jrUDl)5Sf3m@l^n=B-m7Je;q1xfPUL z^Z>1SF%0y4Gn>L=@Sog*z%~^Cu+0tJT#Xq_y{3ukga_>ysMxX=;8*Tgo4qX?x6UPR zDQmgr)oZZ(G15*yjbmYe8U(DSe(glIggXpI2M*f);oM#^TB}D5b#M(#hu_Bx@T7lo z23}GgHbQgRfguz5af9aieCxieQ$!|2OvNxSU?0D!Oj#LNO7}Xdt=A^rd-Cs}(1c)V z>-~D^hgvC6ruf~EC)eb!o_&a@R9UCxmo!%l;b?59$a*aKtNcWBRcqL5+7OQFxHDT zy%nhq6qVi|%#4{PHWEI53y3zh{Ykw^*=_XWU@HoS@n6rh_CODa}eS3=C zNF2UaCUTqX_BkiIwQHnOqcX{yQ_szS+Z1L(K<+YyB++w;R#miNY=S>2wU$ALDQ;xBqOmrJJ9kojUK4;!|ugA0?Sn?5!*FOY+kSNB7-bU5!}z6$nCK?%b;ZsXs0g3(3js>nQ)6GzL&tnwQ-cbO zk*3SbS{*-~&W|^w8LQJd58U&ixf$o6p_x$lb{&MfiWmqC{7im6Nu=AOBE@cBzjc$jC zNHDISL~YnCm59y+<-rp(Lnr>>2shYH71k)#7o?|6??y~=)Ao{(6Y>QnpAW|Znr!@d zIb2(*lB&Z^Jt92=D^pTf4oZdXxp_3cbE@>Ci6!F!wLd~wFS~&KP>-P}>y6Sp*>pP} zy$k>keFz=h%m7~#UB6A@3Sm}aVp#yvqxZk$ls=r?cD~aRX~r9U6-2o~WsfhX79UU# zyA$*L8S{D^kJ)Nwk0Awe>4B?jZp`83_79ju_6e#1>t$T))++HlW#lwLI@qt;@#32$ zQA?9>Rk#LASt;l!oxKF`Y>@U>!zZT_&&f|`A0#bye$gu+PG7XJAb@Lt{%gcWCv&KQ zR^9J*T(it`4z1b~1HiU`k&I?KbnnIbp5}5OMBrTSs}Y}n1i7%c?^=Nhye+)!{3X1o zq-LeudNl*PpAy3phN^yBlq+G-G7GU)y2$HgENY$qR5|3RxT^(_=}hG2DywP<#NvyW z;rsY;jF^1*#Zk)aL(3xtSK`meh6tNeNeDcUagK=onhv**-=`Y62$NO9&J~L?3U`m$ zl&z8Ey+-wqLaA+EjKaUN_f@`95g5mvrM*yM@vjaqGsHD&jH^IgCvkj0$ec&YUMB za6L1A&s)L2Fek~Jfge@A(}+#o0;^p>w*8IVzZjzjaF$i)`$G7u;a}WY)#8kkVk`=4 z&lgh@>a!QiR(xtmkNLa7Z7@uZTTd{o6ALswY7w7CLBL^lfGfr2$^_4n09MTi zo+-Z&axS0^w15OsGeuA{;>VVo+x!U~-O07wkZ84a>U-dkyz?D#^`w?Gp?qf#DH4d- zKWcdkk1F#R>Rke(CStXDW<<90t$=_en+P`*@}O+kBBRW^-ecb({mFTMDif_Vn+3ne z_-IREN3crqf3XA4mUA07Uw?UrGgl5~1@`79EBDy8j@8ahi$OnhF z>!4(8&b!StF3*6wflr*ctsuHKKD{wLy&k2|;JQrQWR_*8t1O+-4Lm=b%~eST9VDcw z^FfC1llrr9o72%aT!Xf~Z@kIH!b_~cs1B+N3w!yaY(on%dyH=HEhmj50vo+_o8#%_ zCgzGKPVB3!gY5Hhn;Ydk7X8&pX_I;$Sn5?$-Wr0Aclcm1w^jXxm&XvA5VxoAgiI~V z{y9XcTcA_RKjc}b+tr35SMt|E_}*s;h>s=YHVc+t1`9JpSyt{u!vep-;=kJ=nBsy2 z1dgb~Xx+nMf+ynnB8r!t-L|r9KolIr@!D`ia8&Sy>+k@mYOE`E zymte5WH%RN4C;Jw;QV(Y#WXw*e0JN&t^dOJnJ*5Y0(Vp>l(%C7M%`?{j5+lY0Q?#6 zk*=GV>*&?2Vg9IN->D8!B4O$Yc2ooWK|nX@eDDgQoWiTYXNnN>#mNtlGjmACYsf{f zz*HDsyE*8FBBBHA;|j2$r|J#_)(6g}l-my4FEt^zpl_9a&_t3hC^t`UuLU7jyf*lA z5mSNJw&_Aa*N?49A5Rh@V1h5s8sF+RUq@2v>o3JL5+q_;M@pRcyH-A<_w( z^Ko)CW-{Zs$UI<|*;Y!*>3QC*HaGX0%6cpe;|Q>E{$RTI5iGd9&$y~{eIi0|aV1P^ zwCv5etoh@%ee36e$~r4-))46xVxG4(%CuartXq>J`JN6sP!N8A(}nlxuLy|Ns4heU zcZC&s8xrL$?C!fvpFtVg&>{8 zeL$3{Dv`fAk%f@!w4?zttWg45ai@=ur9FpzZ(3oC z=2kx=;bZkyAdbFn-%c3OZAfZjE8&er84d+*7a*y2b!Rm0Sh1nTC0=0s!{em9@JV2l zf+mD-<=`YwKX~cE)U5NXlg11Jg$FIq`M^qmtDx4#x0-?E`MJm9i^z~d3M14)GQusv z*DUvgDM$HE805?ZqM#0$?%Drx|HQw)$4rsnod0WYz-zEi5iI`$pI(!&^%e%0e{Hb3 zD1v^^b7*Ac1*tYdQGw5hAbAsiGRz?^uTf!@JDjjUVKitNXZdL01pVF=@P}<|^P^&< zxg}^yaP_JV8w+SmwaPQWTV|(ii<|1a=LPN+tCqys`q@M3go;Am-=81)MKN8jccA^v zToUu!2+h92Hm~B`cynNi;c}Tg8yb$CF;_L#ZBKzd$VWd$JTcs^)mC^9+qSA*vqKBM zC<%sgT)ohAx&3?)M=w%-S@$1CQty?UE$ar(5>971EMqf(0Q+q<)@|^iAZ0R-XzfSBhQ9?Q(ke2?u@~&mC zg+#*CuW{a&Cn{#0V)++s_w-ugFuf1FUSaNM;oqHS*f4d zy#cKE!5xdOd&t0H_XfgBD2d0ix5_qVEug853vMEuA-xC@`1D_AWo8YhfQlPu*RF7{ zBSB}rX5J$M_;T6A%bZfnxE*7bPqKw!@5T+VfvAb4?^p*!aQRkar50~WU5BNk(M=y^ z2a^T7Va$+B8QVtk!8P`Ut}-=cG$uk>pwu-;6AC6xS-&Jwg2IV=OxbQ6QOqC+t0p zjF0DAmJuPrxUd6X$iC%ZL?duBd@f7gnMIWLvaMzhmB9{H(GC52TYfZ?O{5Xp?0we{ zF7m~ctbbbYXw3R+pPWv<7K)sdRQC5pLqBQD$Nim4hs$}22=q2dO7ntM-a^c)VD@Y1 zn~nPA(8n`|kV%aQe$KiW!kXj*s^mu{i5CTkK5~Av{wq!1n}ot4*n>AU>iH2XVot}Irs-2OeYJR zcs}E6!n$Unl1)>-!*SfT_&N>}VSXGu8pOsm5&agK0zB@prTQ%g>Cl5j!FIA?*&Asr z25iaTzx309>zG&BS;jQ%twg?d>)*O`YoxOttkPgp+3bz&{*_JA(IJMv&FM*Jk+g9~ zynjZ7PJfg=#=`Ty&ZWG@V+_$DBEE~@MzmGaOfNPIo5098#XW{4UZ>SbrLqu^8=&4- zY{Fzor@8ny9!@@i4;^1U2;t2+s5lP&v8z0u7rbO}K`I)nyHE;aC5nGtGulV0pmn^I zPF>W@)IN?^Ao&6x%}8ymwwu?#TFQX?O`Mp^&p)4m-Ot4iI0nco?w_9fT8^DiPfW}i zB>y&$&X#6)iG$dpqNqt>ABwpRklD9TM@~WjWX!q7+Yk-~~RDS;bEOG?sj`hpl|$X2`rZds)NS zSWfS;G}b0YG)+{lhUKA+o(iYFGu$F|Rn&#puaVI93X{=e<7@#JTH%TYwOWIt1xT7! zS(gIVduVuxl=6vmR{nr*T5S8`oF~w`0np*ScW9tyNsGUW!6a}yV}aCvbTX0AZf-W; ziMjQ>Ilph%sOmafGlD7@;wbgHih)hF)342DQRprtnwt6wzm-Pj^ldS8J*cY-JTZSk z?AiH}^+k;X`g&Q1R{09ilsY(g^+Qf&NpzZ+EAn?fg>;5l^@lnB;MbrBc-@-f+(r`Rvl8N5@Q#`fsMGcza!HRn0McB7vJNDGV&OO(B?}dkXi;GS{1)DD+o3R6DKemTE zXoN))`j=kJ@W%#M$L|(<&>z-8#TX1+cUyLhtu_S8+9`%lVA-GP$%?zhkJYkny(`Bj{2nnj@q?S+VHg&7^TO6k zahw_ai?$$BPz`0$BZK^u3g=DAGB34(^e=q{e&P6&&-R=Y(=d3<;eCCasFxVl2cC#p zHk!^<7pI_3JKL9?0tv@7?2!yelDf3$;<3#~aO%Es3oxn|yTqq<&nzG=(bRmbew3T> z&WmBAgJ)@p+++xD0XBrb}yk7MDewtX1r2=nD|huik^f6gjX@DAu!(D)7{=D|u-L1bwyYXM4F- zefF}L0S_SM+K)-_vwtk}y;^%!eHmC{DPD}La}9D<(a8Na=1t+4xl_l=B3%b;7>lEo zC;9ciyA$n4ZAg2m?()`U6c}@vH^eb)8dJlm^UJtZ1K0o(;3R1L7zSa8J9fpqeX4R%!UCtB zZg%OymSTsZpr>m!XBQ^-O6WW( zQyEO#L3aS;lMcNRPw1y82@ey>|4Hns&eJ@Yw;&_LMtG3>C?IIV6zYo7Hw}|nSfcn@ z;Mn}`{B-TH46~nGZ^o}bWV$U=@p7Y+{vV)TJHP4KK6y-a)36TxRTJ1YB)Buc9gF_u z=I8j4z889SP%*Bwn^@NTa$B#$95nSKjBx2IZWv<=dTG{>?+%o_ia_+!Gn?CVjFCzb zXRJ_}ytwZJHvy!Xw&1TJ@xJ(Xd_dw71ppOF*z>+d^wTM}bY#ReJ*?#*_X5Gl0Lj)seJs7~#t3y_L5lCT_`zuuu_fG%$ zkv7%y*QBS;Ia+wnFFml-WugjZd}G_lNwR@a&~Ac#!7rd0>v~7Vm{y_on3ipCp*}ih z1I2VarDun&A{Gstw}B7{=O`1Y!h#dKvs`(IELi2jyrZK-up2bC#=-&QbLIG0wRqPK zOFvQgtN(cIhjWQ_eibZ?xbvl5ZZWAlrF#cWq8R5o7-F7?CGkd8al*8)%+UZLX1t}W zLva5>CNjlDHU7FJ!`LTI%zo!(_p!@Sn5Y!V%29gTCoxife>$hKS#)G3P2N{nWNFgH zg>1@bTFWL~&P7n9?zG)CskW7KA;QW7xpsnF-q$G}dWkrX4 z{6Z2<6rV-hMZ_1nFEEVMywi5iYMB8gIdVa}MWs!B?(0mDgN&>hNE!8AM25F5@N2hS z!5!Vq`?}g_@2^Z2wIcerq>3d*D4vhi9~VL~!H+{H=UCqhnU%w04=w4-ZyUo%t>Bw= za{`2}Wa7SVlxrc#;p;5eBC!^Z#kq*Z!x<{L{Jwgo#lFDuZXWfy_}`TYTl}Ts;w{3! z5ge{MY5SpLeLTMsABd2o=kiB7kDzL1#4(B76#M&G!DTIexeW(e;UALan%O4j4h&JP zxcvtL*8JlgCBG_n#LZ%V#vYk23kxh!0xStVJ`eT-t->H7|G3cq9`#6G=|h6=d$17( zYBsTAA0|;-voimsAN>QSZD5kV)o)1ypS)h~e)9A_)5s`{Wv%~WcY9^fd@AKZ7_W@% z;brNmHootfdj?F5r^hTH=EX22q>n`As@Gns*;8Q2U8pnfa6eKJ=C~g*ykr6N zw8c`k)iIWZ_#q9DjPaG>awLy{&syj~2O*q>AB%j;ryv^~kBV zy4{OYE6Ab`@Sy=M9-Gt_{^5dKSEZ2Z*e9Pik!NP{n1>XMA%IdBsSDuM6n-U|R zrR*A*7?lf}iv2lT7#KgRDAh&NI zLO6XmOGNpk%wpjMr3$zPzqoL7Dt2}qbbk=kvAZi{UGCB@Fz%F-O&dM*C+{{J$tKXG z{hfBZXG6SmMk?nIXxWmj&u9iQRu7xT8cM!@R0k7_$U6+m7DV3V_lcGquvvvbI)p2{ zmQxM{ADADR2md4mFg$dA!Uj%((dLC#!Zafo<$rQFMl0L|4m5jowimPy(&dMx#*q(~^&b_`)ISP+RU8jdxwE3Ec%Y>&rwi)DRyqQyYI#Ue zUaB`L2DoQD9bi6latSL12LlbCp zhz3^N%VZD&j2{}=3N&ss*07iF48t%A%cSs;fnA>c-ZqzG#)1vpvQ=_Qw04jvR}3x^ z#c5$#{^j!a3oN0z!Zx8O_WIM8y+2A~TfY)MNmXq~xFUEA(x=2FSU9)po@Y|H{zcj~ zcF4Nf_ADwWg3q+A>~C^Q-8g}D=+W%U{CT z_)#jj=SO4L8h2{16mwcXa1+a{jnd#WSP%z zink#cxvDC&eonSFitvHY_9}F-;m8zEC^9C(bNSf0>;7kT^+DZJ!wH}ho!MOa6dpU8 z3y7e(G&8`c;wQwu`W8kP9Y)B~Wo}uB7-@T-42-o`C7C9YM+f{=AB2~b62kd1h+#Xi z&np&>nooTxlI3FRct0sI^60z(`?SFhq z;c$c@)5&2C#i1X7fnMZYEwycg;@+*4;!osT@31%}D}{N#M`m zoqo|134hIy6lJ>8XMT6Lvu1=wM+`b(P;fl4NJEKE5U5R|DFG`;qfM%X4){_QPKU(Y z#qP=}Mm|^Y4f-bQo&fcplPG-ExdU9crUP90{_rnIX;-Yp`2-@7F@|(3s%h)^Y1UC< z&H_qhbjT!55H&hvh0@k%DZUZs8$w-Pk7mC&-;DswwdRcuhL6fWU)zeI7xk%)@W*7jRt zcvp$58GM!V^Jh)R?9zhrfji`X&tDUqW@42&7Wqn^^S%lSZy@&gmiX~_8=DMH)b5aM zw>V(Es5|T7(?j|iHR}@U_?edw?(!WBQg1ou(jg-)AqnYHbf*RJA%EP!Jk$%UfBVCq zIS({{ok2nLq=i~H;3RL7qwqIcz{1IoCzcy1hkva~auEZg&5k~gUROBhTBcsMM;eIK z{4L+P2cJ>E#V?mA%iOu2$MJ!=;=Pg&cnhu~5JNOQ7$jSgb=H_E!QNNc2rQehGqP*+ zb?apvlt9i(BEqjNszzj8JaF+Z3r?Vyrg=}+i_Hn~eaVq`&B(mOPoi9vm{*z$@Fl5f zluyoGQf{dwVK4yBJ|=yQr{EGwkTm}m!8-FUvOtj%t_vb66DiY6mW!NTgB{&-dR|tC zPvXb3Hawkrx?BL9cr3z&1N0Pjw^;u+P59(Okfe)+svEoa2P^98p#q*)KyC$kKPS`! zfiK;Ae_7iZETA27Pp+JMuj-Iubv4NqJNl4Y!owW;BWQ+-?SvO!e!Zrrdph(qfqFPt zBjTWZr%UPTp;0P^8?c#(d&dQ=1jYTS{HTDHe+C$*xj#@i*m>ZtitQmJj&(`sxA&*f zEKDD9$gCu3?y&_SCglZLrf99NbAsOy_{;@@t*pu>>Lz_*jTyKSnH)~JjvT`^^*bJx z!`0;qDdp3cxIcftYE*mE3O&tCdRjv-|>JEM@o{AVYR>9hc>DoD1s&SX)8N z$>y1TJn2`zvj$gw*>ez9*tmu#aFz6QFFw7boBrOwXb&BzTTkyk z+n*xTWVtMK4c0Eds`{rK%`V;MhIvZAReIbHwPkUxVDt;neEBkgH3k+)g%(#Ra2(;r zosL}mPPuuF?1~UskoT6y3YeTJJrx~ZqfWw8*gyTm2~(f_5RgVK5d8B3u0S6-_v4R* z?PEX%Wm1DX_t&~w3o~Z_8-1Dmk&=r5BXrL~9v>mqWd3s*sw74DbnwsB61Vc5%3iWW zv)0yjMAR}G+Qko)qo(4c8{9BW{M0Fhjf0_r{&_~#Rk?rcmau(_5l zyf$o?jeEweiE1b_uazmy;@$fe$9bPGWxemCJnHb?YmH;%9oKS9L?p1V|J$3TOsV?N zf_#=L*a`T|eLf@4EViGCOp7+jB{0|)JIb2yRVum_{j?xaCjTmZzF^qSL3EDjLO6nv zLHP-HmIP7>w4T7Gh}}P!=XcMv#Eq1%4`!Id|?F2UDGu z9I_4z&ysClv%L7sn6`X&pajxo{XC#q@(>EuqD&fRz+0frIIo9mWRh4ff9WCORa1J_>+30DBj6Av%~J#!PtZ~+W#z%T-fm4-8b zb(KM57?qTKAY6lL<;9DbsE(v=gSjSPv8qJ`}=`afxIVqulo?%Y=@HJ(f%H|4(*V+bazaA{%Dv~geVv$AGUM04;Lwt6rhoXR- z`CA29nUH^N35)hO2caJ)-5#4?LI<7!WGq1WJt0@JncccLK7-a`PXL4X5HzR510d7VQ^j*mtgD}wpEI?0YVXBrb-O3y!aQPz1+FbiW zfd8da(ST5>dW@$9;RfEbv|T*Am!K&u)97K$`@J&HZ?&!XuT@cK#D1~bhH(+ERAfVlAu6DJS>9Y`PCzBB^ah5@b|Jdf{q(c)*i$ajSIXvKpvJ2CdQZ_wGbF37y43+xdZAS|sHgas_Fib!oFH-70cA zH`N#$jc}L_o0(Bke0=n;FXQW~kWI?kzZM8hx$AgG67~f%y9e(q7T_as+BSb--IKQkDQP1r+b@PcS)I&owwFiK=DL1hZ5f{w(za; zGPfsyo)5Mc3Kqc-ZaTSFo>5oKg>&ht5oV>Z3XAW6q-}V!1zR3elXMJKxZdxGG=X=Q z{F-C;U7>|2e8WnSjJoa~eRL+oaG^u40_MM5n_CH@$GS+2!fZIck)vm41S2*lvpOJW zH3K3M?+em4%Xh}``?p@}7mJ@pANxVh>X|m`X@%3Ib7rKdP!cml&% zu<2^mz&?(WAuJ(Yf{lE@>BlXWw;zy32n2Tl1)!Bd8rlD50Z#v(jEUW?f`1&>1gjw^ z`qF|Qa_m2AhT8l7GRIz?$)*gA8XtPGRgCpzEHQumW#&7Aw4ogd`@ z&$w;E%T#RV8o5{h)FH1Obn#|PK*u@?+UVb`QIJc4A1Cmj)7KR{z$IaF5a=4+4Z1IChuu-?ag#;Adgl42pMkdmdWXW7r%Gye`gPf#%qik_Ry4_8<7yxm!Swc-m%$^-U_ z%IKkpJs8vKstB}FS;(2RFZ63`%ooJ>{R#t&lxU@k-3lVdTH>oN(p~?gW&innzc<~d zN?F!4m9AeRG*;;(opH2==nzZAVne8$b{JRpd@xqa$qrP~3IcYP?=&HmCi02DK>%Y4 z`2MrgpumWNiXBa!zA(y6fQZHSjxj{Ct((@d%sYzuHwP!4$%OG>RJ&XiN9@OjTipuh zg>-E01RL$~S%$96E7xCX=_zrbFCweMu~IlA4}C1z^IKe7$ryZm|CDA5lD3J>Ir8YO zObY6b5Kjmc zrG&E><&Ge2Ap&LE!E46JJ4}3KM^sYlAX1FBe9#*dGHn{qiv3SlN@mm5|v5|FWH5;^{X0GirtFea1p~W&ki@CY}fc3q3%J9rmzO~6!>u@3ayPI~Nu~?ah+=~RxZilv*yDxSkLZg+8Edja| zhA34l#$~VuVrv?2KBHX2OYzVo=4hHGDchPz4;2+r;GeCF)dtRJLa@p$01hOC)F?u! z(MjP<@jxTa+Jn{V!hN{c2^or&4wiG=bLRb*T>68fSH*@ID83w%k~QJUTchX5&xqR< zM_+55`WuhAu(aZcjKr+?Lsd0cVG?`Z?M-dUP8`foO1lfl2ib*c`aN<{cv0Z`5Ao{u z9vPOOc1qOT+f^8o?A5|*u{JD$eRyhsfhJ{@c+SRqPhl9f`8@BF3PNPfU|O<1t(U2%BDS!ZYiR=7dg$0BWDgknacw7Q8)1_UR_;8>T zz#?*!dAa{}HUK-Fu#wCiWf{~!yX-XBr#Yxj+rq{t-aqS1!oaN{#SU+vA2v%JUSbfjP8@6XdE&hB)2}k;35Aij(&1cuITc=@7UZ6@_Ge}FQe7Ew z<&Khv-wX63`P!OBJOt-Sx&I*Z--AS*jqVM_SkLmE3iy&H&$RdhJECts6@sHik9WMK zK?f%_@)4%RkyagJnsZ`EL-j{AZpq?T`|hO4i^U9npZRSU9vGA+pQo3pkx0>B8e>$mZGo~O?3qGIPBFYa1q5Ks1p>IZAA#c6mMIC5MCx_9_+{`!~hF0X7t z(Iq7hFE$x4iO5tDNCzp@=XT|?_^gPB4Thog&}|~TjD>=+a^q%=&q`5dZ}cX`_h;e;$l-*JuUx5=iL~?OzPwFAvt%~fARf=; zf4P(Q@|F7Lkj3w*dy6)Rx?R9@R_j{zS-IOW7-v+oeROVbg+XSDj~eXeZSS37seWBG*tfC zvgjSYT*Xd>y2_oWr$nfj?*{Jup|nK;xQW64$H_NCrkciQ?)burz6z9(5b{ePx?y`Q zvyR=LY^GcCt5!{NrDCjVB?@KMlE|+Md_gsyC;pbwEsk;y|NM8I> zYVSBU2#fw&dm{qt$(dImb}oZ0z2cKofn;zQ+cM%@6pIj#rQ_PKNYXB8V$VtK-Q-F) zdBWVwny`Cxq>N1qssjv~f-*H!rJ}IYyXm4d7`z}K5(XG8f=i|0l5Aq@24S|}%bWTy zvn~A`H?+bq9~4~}@w6Q9{r@dPa2X9Vj>|I&oZ;9N&j}Jo>M!sn}jbt~$ zu~Fz}m2C?!IQ9dCrnTM9w&!!TO+Pu7?}W)RWa3ay6tvT{Y=3Kp>C_vXjB=_NlRvfK z{k2nsU+!oKsU_;e?dt2G9qJ8pce(e~h$#X8$H;T6AR?jyF>ugLn^)`nHR+zdn4e#Q z96^r4+A3h5oC)6uLqfoiu9#g<(P%tVgsLQ|(WxsVzm&EfmBtNCQHLGNJ(m9ZcY$zhtkN_{jKW~|*S9}nT+?J| zr57r?Jqy$1YBH}f-dW`S152)~8<@UOnwFIGVc@mGJma+qEU*+S7T1Cte7|LoA|{uh z@^hq#goPHv>~SoSdF4Udc1+=T6e~M;!93^8Gvmole7zR9|M_=}z3g-ATNsu&;>Twp z=p>HQM}0_krRCIxSQ?^wJaRsF5m;yjXygTuOOw6VL-FnXp1&-FO}a~HS)FNyN#ehseDN~F(0b4y(?_e~>-%590{XGx0O*Y{T`5PmMpCJmtCq4Of#$ZiSAI+F&R`BfH z*8Pis)qke(yZRoS?hn4T!O&k|8GVjp9&4%y92~&nzyAf;%z*Zj4ClU#~0i;bdLL@R%S*#lP~^Y#ovZmVm|0`++dmu z&Z0M1xFC8vXW>xIh{%aL3KYK_k$Q&`*Pb)4-;1mSGHYNH3{$6Fw|~bYT0$N`&Qz^5 zt%w96M+L|WkJ#fp$eAPLQP8m^HsrqWG-;qh{}_y-UG_E`y8_Scaa0^!l<#~;I>LY7 zF(%9O9TTC4&q`sksu11Rs0zSZ*^d2Q($bRwbZw&i&iB8I3HWfn#p?ZgFPH< zmGn^x=FxNotacWclT8Mqqyp*3`|2)XSOaw4{jCB=6n5b@<6r~XHI4V9{?w`<(B&uKU{N+~;$hFWwb-gJZx?OUC!m+lx;-N|xdW zhGdzV+tbaXjZzw7cgo9)ULLaWPv!iu$hxL;W2NBCI3)z!vXA}r^=*9H^J!y* zXk-4S)10ep2Pjz!xI{f8So)GE|I~2(y!nkU^p0lKq6Xq$J$Baj5lNHJc)9lApp=v+ zQA61_?y(8+jE{ReydL)whbRks-bHx7XylSwFr*L^(obBpoB=BDQhd-D&IL(23a5JX zZk=@lm?0b!r3?9HVp4dVG5tq45ggnYfrSNBv4;?Q;=L7#^EdpQc6(TzANZQE`Jqi% z!=tC4M)Ewgv>GT=n5M+v6f}$5X-hgX*16|s-M!a7tt~;GH^~5fHDQqFlr&)yYy63d z#S#*9uL{-x0Va6qH~{y3pgsLZU>#|YW;I-l;C2h5A4CP`(EFA2SxvRO z`LV3i62W$w;SIs{tR3h6@(sxB2#$`eo=Tm0kw3HyH2rRQe7@EX5qe%R0Emwlq}q%R3xq2R91T;)?q4qjuGcOn!4Vg%*_#ny{Kz>a0B zz<_tS;hK=tX>uqv^sHNVIi@guiHx zHlT|B`b{17f=zAPOTCMu*-?@#+j(*%eX?hRJ zz7-rqs9OwAbo;}7LB_xzwZ}BqJAZW5`^{Qgweg=7=@qwjg%8S4yyiDvM0mSVj%>hL z^2KfboOEy5=UaqG`aPMy3>?z$j)Va{zrG(P-s>&!>fDNE8FG7)`@vWU_{`6dx1_BE zLqoP#wW760 zCYmHVH*+y}N2i>TZW&I8YY~d`7iU)Q0FOej_|(GY%&AU9i~U?dP#q2Mv6mfj)b)f0~VDby8&0r zqZM=+#{{)Js6S2(#hu#65FG;Er*AVH9-=y-IwaP(<_;Lk&WC=Mzg9DJ=3=ncCze*H zC1#73$DhtS+Gy!oZgOguEP`R}-b@@zS(~@|=G*y%HSQhcZ)ynif~XLbwMMXH${^&4 z5yFWxEQ>)PFh3jkF7}ix3`E#^p-ua{st<2dw4;f)3HBR7jA6C?w7)Oh@5&V@){{&h zZ@Jr-EMUTR`?$b2trNIPpYk@Pp0ACrmhXl7R;=%0!gDJg`~=$H;_SH8{)9(gjx1ga z1zaY3UxAd@F#Tet)1^0DR=QgYBnMexzFMcylNi5kp?4)slU~f_?*~Mt*psZxKS^zQ z#x9RTA!?!NXKlIAArW@&RT&$tG8m3g!q&rbcd56AUkTL=I+-!f4~eo>Mr?20gZ-tr zN$&$KUKXpWVt%sJLXn?d_8- z0KfkypDfP7ADx-t2%7go)-1R@;y*Tq{3Mt2Ul-u(K3L^hb3krCk_{}`}l=SlXnPZ z&!;1IpL}gdi?XY@pPfx1A{1QKm&>%K)ox?t0B$6fqw2y8;Ynqzmro6qBtxKB)l&%R z0mZ6SS&X4?_BDoAN3{c%;MxL_X8z9&LXFxlhV<7Nt2AkU>_PK0#Ms>O=a?M5rXDVCnTpFLRtP&7+{ZgrYHV*KOaD*a{P z^?Ls+v}LoJhux#rPPDhTlfq^E^3#@(45B!_Ax?a9)O@*wjS1Vo@z~LHACZ#nlLFUI zul%!cOIbuAiKEV+<2&TT>=&bX-YU}u#o@BsxSUz!E#J~VXiEU?67n(T zl%wA-{k{kra|>1fOh)|bY3+R2(KAiP8k+sAHxo0jTi_)h8Ll9qGR_lm`9^zH#x_mJD_r+XC zraKDZJ=9c?wHLQ?$WS>LV=yEv2gH zmTL1Yrnm!5Wk|%U1ECFuwdv}+7^3rnqcTaZYC&?67`E&{m4ZGyfed&WW2X?|w*A8J z+kyM@@^!^H*6Ty+1vU3Mq1J{8mNE~Xme8;opuu14Tv4xRO(&4_7cS<~(kUEFF){J% z5vOTJ5=r%J>p_wsFA6uTFTxuo9W+(b!ixX-kC>?u64o@QC2lj0MTV0CO6r12oJ#f1 zFri0;IQi5r9`~yZPyDg=7)LyNc+YOsMsa(K~SizFwJDIqSE&MazOSEMQDD$k?}AyvQ7uJ zh6zP)yVHoj;Sy=;ge~GEY#Z_H9(iEgY3I!|SJ%&}(0yH#iZ}=LYeLVXTCy__G*dCg zpUbj|gzZ}3Fk&}-{ylbr7&frOD66RVu*e@(@*n=-0BZ@SQhIJ)2!fT>FfnJ{-SNw6 z7_+x+tIuH#`Xkx@oYxc``!FPm4y~yk-HjN=8AxbYr)IZ;tFo$w(gnDfAl6v%rHAN% z?lJiGc#0H11&tYySW8muGGGt-C6B$IQxt)iZGLm>fsmnaSn+H}dEpf%iciNF?{~Ah zzR}ck{elCn(ANm18Edx_PC?eY5=0F9u+pI9I2W|UE$&b@<&wY?phJ|(M2z|}lEIPR3&APIo_6{W?7ATI#J_ayE7Xiq#LD zM%k%gC*LnnyFK@>qJbl9~!+w$?X2a2PCDG-_dX=~>&CueHFw=6E95Ku*mU z>eaA!q?zY27mr`@zzk=%&o7!vVHlT+r8y3L$4f09T2 zQnB__(EZ_ECluq6INYJ*vgT%%;$<3hSRrYdTm2HuGkB3a2Fvj*MuSC{u53$|2z2o> zbF99chdE1Flt0k28;_xNq^T^vL}#CgXB1oaHV;QS9aQli*$dRt1SFA>>mAc^6St(j zaDi~7d3`fSRpuZHgh2q@K~A`%cQEpT$4I=0am9J9G7V2VLFVErAmPAKy=!BkF=>q^ z=J%htI++OR)t1G1ItU#Ma{^|$V5>B}Uj_qzq79!wYGsWr`Iu(guXZuV^K=z-4ZO2# zoK)KNM?%1p8e`czA!%H)uV=79Ar77gq^uH_;>orDVXYbv>DynP8x7_aEgK=kL{P303zT%lhM5OCTLcTPFw9DJD1}9mLw=gH< zvAg4k?+jjVb`Ssg?!ul}3S3=^k`PpNVBqpZ@g;W|oS+?s_B@+0oi8opm^09{z+dR$#@AR>>i@qt;rn(SNXGJ z>cVzPlcS9RL;OlPQwv?9X&8CRcL#vIk%h&QjXzMO;TD?n_kVbEC@qH5dK`P2IZz5X zQ>C@R!ESvEq;3tPYz$>7*Av&6LprMXJaN9Mu!h!4rUMR&t*ylR|9`A-ezq)QVb?9) hSnV?w#C%*@x6jJ{tY3k8A{od04TYHKy}f=n=6_f!B;^1A