From 5442da76fcc9434927f4c490bcf872d69ecaa4a8 Mon Sep 17 00:00:00 2001
From: Chun Chen <ramichen@tencent.com>
Date: Sun, 27 Oct 2024 22:57:35 +0800
Subject: [PATCH] KEP-4933: Support adding label based indexes to apiserver
 cache

---
 .../4933-cacher-label-index/README.md         | 867 ++++++++++++++++++
 .../apiserver_cacher_event_flow.png           | Bin 0 -> 61887 bytes
 .../4933-cacher-label-index/kep.yaml          |  41 +
 3 files changed, 908 insertions(+)
 create mode 100644 keps/sig-api-machinery/4933-cacher-label-index/README.md
 create mode 100644 keps/sig-api-machinery/4933-cacher-label-index/apiserver_cacher_event_flow.png
 create mode 100644 keps/sig-api-machinery/4933-cacher-label-index/kep.yaml

diff --git a/keps/sig-api-machinery/4933-cacher-label-index/README.md b/keps/sig-api-machinery/4933-cacher-label-index/README.md
new file mode 100644
index 00000000000..20a1d9faf85
--- /dev/null
+++ b/keps/sig-api-machinery/4933-cacher-label-index/README.md
@@ -0,0 +1,867 @@
+<!--
+**Note:** When your KEP is complete, all of these comment blocks should be removed.
+
+To get started with this template:
+
+- [ ] **Pick a hosting SIG.**
+  Make sure that the problem space is something the SIG is interested in taking
+  up. KEPs should not be checked in without a sponsoring SIG.
+- [ ] **Create an issue in kubernetes/enhancements**
+  When filing an enhancement tracking issue, please make sure to complete all
+  fields in that template. One of the fields asks for a link to the KEP. You
+  can leave that blank until this KEP is filed, and then go back to the
+  enhancement and add the link.
+- [ ] **Make a copy of this template directory.**
+  Copy this template into the owning SIG's directory and name it
+  `NNNN-short-descriptive-title`, where `NNNN` is the issue number (with no
+  leading-zero padding) assigned to your enhancement above.
+- [ ] **Fill out as much of the kep.yaml file as you can.**
+  At minimum, you should fill in the "Title", "Authors", "Owning-sig",
+  "Status", and date-related fields.
+- [ ] **Fill out this file as best you can.**
+  At minimum, you should fill in the "Summary" and "Motivation" sections.
+  These should be easy if you've preflighted the idea of the KEP with the
+  appropriate SIG(s).
+- [ ] **Create a PR for this KEP.**
+  Assign it to people in the SIG who are sponsoring this process.
+- [ ] **Merge early and iterate.**
+  Avoid getting hung up on specific details and instead aim to get the goals of
+  the KEP clarified and merged quickly. The best way to do this is to just
+  start with the high-level sections and fill out details incrementally in
+  subsequent PRs.
+
+Just because a KEP is merged does not mean it is complete or approved. Any KEP
+marked as `provisional` is a working document and subject to change. You can
+denote sections that are under active debate as follows:
+
+```
+<<[UNRESOLVED optional short context or usernames ]>>
+Stuff that is being argued.
+<<[/UNRESOLVED]>>
+```
+
+When editing KEPS, aim for tightly-scoped, single-topic PRs to keep discussions
+focused. If you disagree with what is already in a document, open a new PR
+with suggested changes.
+
+One KEP corresponds to one "feature" or "enhancement" for its whole lifecycle.
+You do not need a new KEP to move from beta to GA, for example. If
+new details emerge that belong in the KEP, edit the KEP. Once a feature has become
+"implemented", major changes should get new KEPs.
+
+The canonical place for the latest set of instructions (and the likely source
+of this file) is [here](/keps/NNNN-kep-template/README.md).
+
+**Note:** Any PRs to move a KEP to `implementable`, or significant changes once
+it is marked `implementable`, must be approved by each of the KEP approvers.
+If none of those approvers are still appropriate, then changes to that list
+should be approved by the remaining approvers and/or the owning SIG (or
+SIG Architecture for cross-cutting KEPs).
+-->
+# KEP-4933: Support adding label based indexes to apiserver cache
+
+<!--
+This is the title of your KEP. Keep it short, simple, and descriptive. A good
+title can help communicate what the KEP is and should be considered as part of
+any review.
+-->
+
+<!--
+A table of contents is helpful for quickly jumping to sections of a KEP and for
+highlighting any additional information provided beyond the standard KEP
+template.
+
+Ensure the TOC is wrapped with
+  <code>&lt;!-- toc --&rt;&lt;!-- /toc --&rt;</code>
+tags, and then generate with `hack/update-toc.sh`.
+-->
+
+<!-- toc -->
+- [Release Signoff Checklist](#release-signoff-checklist)
+- [Summary](#summary)
+- [Motivation](#motivation)
+  - [Background 1](#background-1)
+  - [Goals](#goals)
+  - [Non-Goals](#non-goals)
+- [Proposal](#proposal)
+  - [User Stories (Optional)](#user-stories-optional)
+    - [Story 1](#story-1)
+    - [Story 2](#story-2)
+  - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional)
+  - [Risks and Mitigations](#risks-and-mitigations)
+- [Design Details](#design-details)
+  - [API changes](#api-changes)
+  - [Changes of register trigger index and cache index to resource storage](#changes-of-register-trigger-index-and-cache-index-to-resource-storage)
+  - [Major struct and field changes in cacher](#major-struct-and-field-changes-in-cacher)
+  - [Changes of event processing flow in cacher](#changes-of-event-processing-flow-in-cacher)
+  - [Metrics](#metrics)
+  - [Test Plan](#test-plan)
+      - [Prerequisite testing updates](#prerequisite-testing-updates)
+      - [Unit tests](#unit-tests)
+      - [Integration tests](#integration-tests)
+      - [e2e tests](#e2e-tests)
+  - [Graduation Criteria](#graduation-criteria)
+  - [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy)
+  - [Version Skew Strategy](#version-skew-strategy)
+- [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
+  - [Feature Enablement and Rollback](#feature-enablement-and-rollback)
+  - [Rollout, Upgrade and Rollback Planning](#rollout-upgrade-and-rollback-planning)
+  - [Monitoring Requirements](#monitoring-requirements)
+  - [Dependencies](#dependencies)
+  - [Scalability](#scalability)
+  - [Troubleshooting](#troubleshooting)
+- [Implementation History](#implementation-history)
+- [Drawbacks](#drawbacks)
+- [Alternatives](#alternatives)
+- [Infrastructure Needed (Optional)](#infrastructure-needed-optional)
+<!-- /toc -->
+
+## Release Signoff Checklist
+
+<!--
+**ACTION REQUIRED:** In order to merge code into a release, there must be an
+issue in [kubernetes/enhancements] referencing this KEP and targeting a release
+milestone **before the [Enhancement Freeze](https://git.k8s.io/sig-release/releases)
+of the targeted release**.
+
+For enhancements that make changes to code or processes/procedures in core
+Kubernetes—i.e., [kubernetes/kubernetes], we require the following Release
+Signoff checklist to be completed.
+
+Check these off as they are completed for the Release Team to track. These
+checklist items _must_ be updated for the enhancement to be released.
+-->
+
+Items marked with (R) are required *prior to targeting to a milestone / release*.
+
+- [ ] (R) Enhancement issue in release milestone, which links to KEP dir in [kubernetes/enhancements] (not the initial KEP PR)
+- [ ] (R) KEP approvers have approved the KEP status as `implementable`
+- [ ] (R) Design details are appropriately documented
+- [ ] (R) Test plan is in place, giving consideration to SIG Architecture and SIG Testing input (including test refactors)
+  - [ ] e2e Tests for all Beta API Operations (endpoints)
+  - [ ] (R) Ensure GA e2e tests meet requirements for [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
+  - [ ] (R) Minimum Two Week Window for GA e2e tests to prove flake free
+- [ ] (R) Graduation criteria is in place
+  - [ ] (R) [all GA Endpoints](https://github.com/kubernetes/community/pull/1806) must be hit by [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
+- [ ] (R) Production readiness review completed
+- [ ] (R) Production readiness review approved
+- [ ] "Implementation History" section is up-to-date for milestone
+- [ ] User-facing documentation has been created in [kubernetes/website], for publication to [kubernetes.io]
+- [ ] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
+
+<!--
+**Note:** This checklist is iterative and should be reviewed and updated every time this enhancement is being considered for a milestone.
+-->
+
+[kubernetes.io]: https://kubernetes.io/
+[kubernetes/enhancements]: https://git.k8s.io/enhancements
+[kubernetes/kubernetes]: https://git.k8s.io/kubernetes
+[kubernetes/website]: https://git.k8s.io/website
+
+## Summary
+
+When using kubernetes to run big data jobs such as Spark and Flink, the master pod of each job will list and watch all subtasks of this job (background 1). When there are thousands of jobs running in the cluster, the apiserver will face lots of pressure pushing pod add, update, delete events to them. What's more, it may not be able to push the pod creation events to the scheduler in time, causing the pod scheduling speed to lag behind the creation speed, resulting in the cluster's pods not being able to be scheduled in time and the cluster utilization rate being reduced. This KEP proposes a solution to create a job name label index in the apiserver cache to greatly improve the efficiency of processing pod watch events.
+
+## Motivation
+
+![apiserver_cacher_event_flow.png](./apiserver_cacher_event_flow.png)
+
+The current event processing flow in the cacher of apiserver is shown in the figure above:
+
+- phase 1: The pod change events sent by etcd to the apiserver are stored in the cacher's input channel after some processes
+- phase 2: The cache watcher is a data structure maintained by the cacher for each client of the watch request. The cacher divides all cache watchers into two categories, allWatchers and valueWatchers. Each of the latter is a cache watcher that watches based on the field selector which matches the cacher [trigger index](https://github.com/kubernetes/kubernetes/blob/v1.31.2/staging/src/k8s.io/apiserver/pkg/storage/cacher/cacher.go#L293). After the `dispatchEvents` goroutine obtains a pod event from the incomming channel, it determines which allWatchers and valueWatchers match based on some fields of the pod, and then writes the pod change event to the input channel of matched cacheWatchers.
+- phase 3: After the cache watcher's `processInterval` goroutine takes the pod event from the input channel, it calls a `filter` function again to determine whether the pod matches the cache watcher's label selector and field selector and other filtering conditions. If it matches, the pod event is put into the result channel, otherwise it is directly discarded.
+
+The matching and filtering in phase 2 and phase 3 are to determine whether a pod change is a change that a cacheWatcher is concerned about. The reason why it is divided into two phases is to optimize the performance of event processing as much as possible, with coarse-grained filtering in phase 2 and precise matching in phase 3. Since the current cacher only supports one trigger index for event processing of the incomming channel, only filtering according to a hard-coded field selector is supported, which is the hard-coded [`spec.nodeName`](https://github.com/kubernetes/kubernetes/blob/v1.31.2/pkg/registry/core/pod/storage/storage.go#L91) for pods. For the optimization effect in phase 2, please refer to Implement first version of indexing in cacher PR#27277
+
+In a k8s cluster that mainly runs online applications, most of the watch requests are initiated by kubelet and daemonset programs, most of which watch via field selector `spec.nodeName`, so setting the pod's trigger index to `spec.nodeName` is efficient enough. But in a k8s cluster that mainly runs big data tasks, the situation is different.
+
+Each production k8s cluster in our company may run thousands of spark or flink jobs in parallel (the number of jobs may be roughly the same size as the number of nodes, or even higher). Each spark/flink job will start a master pod to create/list/watch/delete worker pods, which is Spark's `Driver` pod and Flink's `JobManager` pod, respectively. We found that this will cause a lot of pressure on the apiserver. In extreme cases, the number of pod add events sent by the apiserver to the scheduler per second will not keep up with the speed of pod creation per second, resulting in the scheduling speed not keeping up with the speed of pod creation, causing resource waste.
+
+Because a Spark or a Flink job only lists and watches the pod change events of itself by applicationId label, and the number of list and watch requests from these jobs is also comparable to the number of that from daemonsets in a considerable cluster. If we can have a label index as a cache index and trigger index, we can improve apiserver performance for running Spark and Flink jobs a lot.
+
+Although [PR#115918](https://github.com/kubernetes/kubernetes/pull/115918) has added namespace indexes to the apiserver cacher, this is not so useful in scenarios where a large number of jobs are running in a small number of namespaces. Most events are still sent to each cacheWatcher through the cacher first and then filtered, causing high CPU usage on the apiserver and delays in event delivery.
+
+### Background 1
+
+Each job of the big data computing engine spark/flink will start a master pod to create/list/watch/delete worker pods, namely the Driver pod of spark and the JobManager pod of flink.
+spark:
+list: https://github.com/apache/spark/blob/branch-3.5/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/scheduler/cluster/k8s/ExecutorPodsPollingSnapshotSource.scala#L77-L92
+watch: https://github.com/apache/spark/blob/branch-3.5/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/scheduler/cluster/k8s/ExecutorPodsWatchSnapshotSource.scala#L63-L67
+
+flink:
+list: https://github.com/apache/flink/blob/master/flink-kubernetes/src/main/java/org/apache/flink/kubernetes/kubeclient/Fabric8FlinkKubeClient.java#L207-L215
+watch: https://github.com/apache/flink/blob/master/flink-kubernetes/src/main/java/org/apache/flink/kubernetes/kubeclient/Fabric8FlinkKubeClient.java#L251-L257
+
+### Goals
+
+- Improve the efficiency of processing pod events of watch requests in apiserver when running Spark and Flink jobs.
+- Improve the processing efficiency of list requests with label selectors by adding label indexes.
+- Reduce the CPU usage of apiserver when running Spark and Flink jobs.
+- Indirectly improve cluster scheduling performance when cluster load is high when running Spark and Flink jobs.
+
+### Non-Goals
+
+- Improve the efficiency of processing pod events with none label selectors.
+- Improve the memory usage of apiserver. Since we add more indexes to apiserver, it expects to increase the memory usage.
+
+## Proposal
+
+Since the apiserver has a watch index of `spec.nodeName` in cacher of pod storage, we also want to add an applicationId index. Considering that the label name may differ in different scenarios, such as `metadata.labels.app` of Flink or `metadata.labels.spark-app-selector` of Spark, this KEP propose to add indexes to apiserver cacher based on certain configurable labels, so that the pod event of each job can query the matching watchers in the cacher's dispatchEvent, without having to broadcast to a large number of unmatched cacheWatchers first and then filter them out by cacheWatcher.
+
+### User Stories (Optional)
+
+<!--
+Detail the things that people will be able to do if this KEP is implemented.
+Include as much detail as possible so that people can understand the "how" of
+the system. The goal here is to make this feel real for users without getting
+bogged down.
+-->
+
+#### Story 1
+
+#### Story 2
+
+### Notes/Constraints/Caveats (Optional)
+
+<!--
+What are the caveats to the proposal?
+What are some important details that didn't come across above?
+Go in to as much detail as necessary here.
+This might be a good place to talk about core concepts and how they relate.
+-->
+
+### Risks and Mitigations
+
+<!--
+What are the risks of this proposal, and how do we mitigate? Think broadly.
+For example, consider both security and how this will impact the larger
+Kubernetes ecosystem.
+
+How will security be reviewed, and by whom?
+
+How will UX be reviewed, and by whom?
+
+Consider including folks who also work outside the SIG or subproject.
+-->
+
+## Design Details
+
+Since this feature is relatively large, the entire feature will be controlled by a feature gate `CacherLabelIndex` in the early stage.
+
+Considering that daemonset and spark applications coexist in a cluster, and they watch based on `spec.nodeName` and `applicationId` label respectively, we will support both usage at the same time.
+
+In reality, a single filter condition, such as nodeName or applicationId, can already accurately match cacheWatcher, this feature still considers supporting only one triggerIndex for a watch request. At the same time, since the following prerequisites guarantee that OR operations are not supported, filtering events with a single triggerIndex can ensure correctness
+- Label selectors and field selectors in a watch request are AND operations.
+- Multiple requirements in label selector are also AND operations.
+- Through a [`RequiresExactMatch`](https://github.com/kubernetes/kubernetes/blob/v1.31.2/staging/src/k8s.io/apiserver/pkg/storage/cacher/cacher.go#L574) check, a set-based label selector or field selector that supports OR operations on multiple values is considered not matching trigger indexes in cacher.
+
+### API changes
+
+Considering that label names may be different in different scenarios, such as app label name in Flink and spark-app-selector label name in Spark, this feature will add a commandline parameter to the apiserver, allowing different label names to be configured as the trigger index of the apiserver cacher.
+
+```
+--index-labels. Index labels settings for some resources (pods, nodes, etc.), comma separated. The individual setting format: resource[.group]#labelName1;labelName2, where resource is lowercase plural (no version), group is omitted for resources of apiVersion v1 (the legacy core API) and included for others, and labelName is a string. It takes effect when watch-cache and feature gate CacherLabelIndex are enabled. In addition to built-in indexes such as pod.spec.nodeName, apiserver cacher will create additional indexes for these labels to speed up list and watch requests.
+
+# e.g. for spark
+--index-labels=pods#spark-app-selector
+# e.g. for spark and flink
+--index-labels=pods#spark-app-selector;app
+```
+
+### Changes of register trigger index and cache index to resource storage
+
+In order to passing the commandline label indexes parameters into resource storage and cacher, we'll add a `IndexLabels []string` field into `Config` struct in file staging/src/k8s.io/apiserver/pkg/storage/storagebackend/config.go
+
+We will parse the commandline label indexes parameters in `Store.CompleteWithOptions` and register them into `Indexers` and `TriggerFunc` of `StoreOptions`.
+
+### Major struct and field changes in cacher
+
+Currently `indexedTrigger *indexedTriggerFunc` is a single function field in cacher to support field index. It is assigned to the `spec.nodeName` function for pod resource.
+
+We will update it to `indexedTriggers map[string]storage.IndexerFunc` to support a single field index and multiple label indexes. Multiple field indexes is not supported as before and is beyond the scope of this KEP.
+
+Then we will add a `triggerIndex` struct and change `valueWatchers map[string]watchersMap` of `indexedWatchers` struct to `valueWatchers map[triggerIndex]watchersMap` so we can add `app`, `k8s-app`, `spark-app-selector` or any other label names as trigger functions. 
+
+```golang
+type triggerIndex struct {
+	indexName string
+	value     string
+}
+```
+
+### Changes of event processing flow in cacher
+
+In the process of filtering cacheWatchers in phase 2, for a pod change event, currently only the unique field triggerIndex is judged. We will modify it to try to match all registered field and label triggerIndexes. And then send the pod event to the cache watchers corresponding to the value watchers matching these triggerIndex.
+
+### Metrics
+
+For better observation, two metrics are added
+- `watcher_counter`, records the number of watch requests matching different indexes, resource and index labels. The more watch requests with index!="", the more efficient the event processing
+- `watch_dispatch_event_num_watchers`, a Histogram indicator that records the number of cacheWatchers matched by each watch event in the coarse-grained filtering in phase 2. If most events are sent to only a few cacheWatchers, it proves that the filtering in this step is efficient.
+
+### Test Plan
+
+<!--
+**Note:** *Not required until targeted at a release.*
+The goal is to ensure that we don't accept enhancements with inadequate testing.
+
+All code is expected to have adequate tests (eventually with coverage
+expectations). Please adhere to the [Kubernetes testing guidelines][testing-guidelines]
+when drafting this test plan.
+
+[testing-guidelines]: https://git.k8s.io/community/contributors/devel/sig-testing/testing.md
+-->
+
+[X] I/we understand the owners of the involved components may require updates to
+existing tests to make this code solid enough prior to committing the changes necessary
+to implement this enhancement.
+
+##### Prerequisite testing updates
+
+<!--
+Based on reviewers feedback describe what additional tests need to be added prior
+implementing this enhancement to ensure the enhancements have also solid foundations.
+-->
+
+##### Unit tests
+
+<!--
+In principle every added code should have complete unit test coverage, so providing
+the exact set of tests will not bring additional value.
+However, if complete unit test coverage is not possible, explain the reason of it
+together with explanation why this is acceptable.
+-->
+
+<!--
+Additionally, for Alpha try to enumerate the core package you will be touching
+to implement this enhancement and provide the current unit coverage for those
+in the form of:
+- <package>: <date> - <current test coverage>
+The data can be easily read from:
+https://testgrid.k8s.io/sig-testing-canaries#ci-kubernetes-coverage-unit
+
+This can inform certain test coverage improvements that we want to do before
+extending the production code to implement this enhancement.
+-->
+
+- `<package>`: `<date>` - `<test coverage>`
+- k8s.io/apiserver/pkg/storage/cacher
+- k8s.io/apiserver/pkg/storage/etcd3
+- k8s.io/apiserver/pkg/server/options
+
+##### Integration tests
+
+<!--
+Integration tests are contained in k8s.io/kubernetes/test/integration.
+Integration tests allow control of the configuration parameters used to start the binaries under test.
+This is different from e2e tests which do not allow configuration of parameters.
+Doing this allows testing non-default options and multiple different and potentially conflicting command line options.
+-->
+
+<!--
+This question should be filled when targeting a release.
+For Alpha, describe what tests will be added to ensure proper quality of the enhancement.
+
+For Beta and GA, add links to added tests together with links to k8s-triage for those tests:
+https://storage.googleapis.com/k8s-triage/index.html
+-->
+
+- <test>: <link to test coverage>
+
+##### e2e tests
+
+<!--
+This question should be filled when targeting a release.
+For Alpha, describe what tests will be added to ensure proper quality of the enhancement.
+
+For Beta and GA, add links to added tests together with links to k8s-triage for those tests:
+https://storage.googleapis.com/k8s-triage/index.html
+
+We expect no non-infra related flakes in the last month as a GA graduation criteria.
+-->
+
+- <test>: <link to test coverage>
+
+### Graduation Criteria
+
+<!--
+**Note:** *Not required until targeted at a release.*
+
+Define graduation milestones.
+
+These may be defined in terms of API maturity, [feature gate] graduations, or as
+something else. The KEP should keep this high-level with a focus on what
+signals will be looked at to determine graduation.
+
+Consider the following in developing the graduation criteria for this enhancement:
+- [Maturity levels (`alpha`, `beta`, `stable`)][maturity-levels]
+- [Feature gate][feature gate] lifecycle
+- [Deprecation policy][deprecation-policy]
+
+Clearly define what graduation means by either linking to the [API doc
+definition](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning)
+or by redefining what graduation means.
+
+In general we try to use the same stages (alpha, beta, GA), regardless of how the
+functionality is accessed.
+
+[feature gate]: https://git.k8s.io/community/contributors/devel/sig-architecture/feature-gates.md
+[maturity-levels]: https://git.k8s.io/community/contributors/devel/sig-architecture/api_changes.md#alpha-beta-and-stable-versions
+[deprecation-policy]: https://kubernetes.io/docs/reference/using-api/deprecation-policy/
+
+Below are some examples to consider, in addition to the aforementioned [maturity levels][maturity-levels].
+
+#### Alpha
+
+- Feature implemented behind a feature flag
+- Initial e2e tests completed and enabled
+
+#### Beta
+
+- Gather feedback from developers and surveys
+- Complete features A, B, C
+- Additional tests are in Testgrid and linked in KEP
+
+#### GA
+
+- N examples of real-world usage
+- N installs
+- More rigorous forms of testing—e.g., downgrade tests and scalability tests
+- Allowing time for feedback
+
+**Note:** Generally we also wait at least two releases between beta and
+GA/stable, because there's no opportunity for user feedback, or even bug reports,
+in back-to-back releases.
+
+**For non-optional features moving to GA, the graduation criteria must include
+[conformance tests].**
+
+[conformance tests]: https://git.k8s.io/community/contributors/devel/sig-architecture/conformance-tests.md
+
+#### Deprecation
+
+- Announce deprecation and support policy of the existing flag
+- Two versions passed since introducing the functionality that deprecates the flag (to address version skew)
+- Address feedback on usage/changed behavior, provided on GitHub issues
+- Deprecate the flag
+-->
+
+### Upgrade / Downgrade Strategy
+
+<!--
+If applicable, how will the component be upgraded and downgraded? Make sure
+this is in the test plan.
+
+Consider the following in developing an upgrade/downgrade strategy for this
+enhancement:
+- What changes (in invocations, configurations, API use, etc.) is an existing
+  cluster required to make on upgrade, in order to maintain previous behavior?
+- What changes (in invocations, configurations, API use, etc.) is an existing
+  cluster required to make on upgrade, in order to make use of the enhancement?
+-->
+
+### Version Skew Strategy
+
+<!--
+If applicable, how will the component handle version skew with other
+components? What are the guarantees? Make sure this is in the test plan.
+
+Consider the following in developing a version skew strategy for this
+enhancement:
+- Does this enhancement involve coordinating behavior in the control plane and nodes?
+- How does an n-3 kubelet or kube-proxy without this feature available behave when this feature is used?
+- How does an n-1 kube-controller-manager or kube-scheduler without this feature available behave when this feature is used?
+- Will any other components on the node change? For example, changes to CSI,
+  CRI or CNI may require updating that component before the kubelet.
+-->
+
+## Production Readiness Review Questionnaire
+
+<!--
+
+Production readiness reviews are intended to ensure that features merging into
+Kubernetes are observable, scalable and supportable; can be safely operated in
+production environments, and can be disabled or rolled back in the event they
+cause increased failures in production. See more in the PRR KEP at
+https://git.k8s.io/enhancements/keps/sig-architecture/1194-prod-readiness.
+
+The production readiness review questionnaire must be completed and approved
+for the KEP to move to `implementable` status and be included in the release.
+
+In some cases, the questions below should also have answers in `kep.yaml`. This
+is to enable automation to verify the presence of the review, and to reduce review
+burden and latency.
+
+The KEP must have a approver from the
+[`prod-readiness-approvers`](http://git.k8s.io/enhancements/OWNERS_ALIASES)
+team. Please reach out on the
+[#prod-readiness](https://kubernetes.slack.com/archives/CPNHUMN74) channel if
+you need any help or guidance.
+-->
+
+### Feature Enablement and Rollback
+
+<!--
+This section must be completed when targeting alpha to a release.
+-->
+
+###### How can this feature be enabled / disabled in a live cluster?
+
+<!--
+Pick one of these and delete the rest.
+
+Documentation is available on [feature gate lifecycle] and expectations, as
+well as the [existing list] of feature gates.
+
+[feature gate lifecycle]: https://git.k8s.io/community/contributors/devel/sig-architecture/feature-gates.md
+[existing list]: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
+-->
+
+- [X] Feature gate (also fill in values in `kep.yaml`)
+  - Feature gate name: CacherLabelIndex
+  - Components depending on the feature gate:
+    - kube-apiserver
+- [ ] Other
+  - Describe the mechanism:
+  - Will enabling / disabling the feature require downtime of the control
+    plane?
+  - Will enabling / disabling the feature require downtime or reprovisioning
+    of a node?
+
+###### Does enabling the feature change any default behavior?
+
+No. It's purely a performance improving feature. 
+<!--
+Any change of default behavior may be surprising to users or break existing
+automations, so be extremely careful here.
+-->
+
+###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
+
+Yes, by disabling `CacherLabelIndex` FeatureGate for `kube-apiserver` and removing commandline options `LabelIndex`.
+<!--
+Describe the consequences on existing workloads (e.g., if this is a runtime
+feature, can it break the existing applications?).
+
+Feature gates are typically disabled by setting the flag to `false` and
+restarting the component. No other changes should be necessary to disable the
+feature.
+
+NOTE: Also set `disable-supported` to `true` or `false` in `kep.yaml`.
+-->
+
+###### What happens if we reenable the feature if it was previously rolled back?
+
+The expected behavior of the feature will be restored.
+
+###### Are there any tests for feature enablement/disablement?
+
+Yes. There are [tests in cacher_test.go](https://github.com/kubernetes/kubernetes/pull/126284) that verifies the list and watch results when interacting with apiserver that has the `CacherLabelIndex` feature enabled/disabled.
+<!--
+The e2e framework does not currently support enabling or disabling feature
+gates. However, unit tests in each component dealing with managing data, created
+with and without the feature, are necessary. At the very least, think about
+conversion tests if API types are being modified.
+
+Additionally, for features that are introducing a new API field, unit tests that
+are exercising the `switch` of feature gate itself (what happens if I disable a
+feature gate after having objects written with the new field) are also critical.
+You can take a look at one potential example of such test in:
+https://github.com/kubernetes/kubernetes/pull/97058/files#diff-7826f7adbc1996a05ab52e3f5f02429e94b68ce6bce0dc534d1be636154fded3R246-R282
+-->
+
+### Rollout, Upgrade and Rollback Planning
+
+<!--
+This section must be completed when targeting beta to a release.
+-->
+
+###### How can a rollout or rollback fail? Can it impact already running workloads?
+
+<!--
+Try to be as paranoid as possible - e.g., what if some components will restart
+mid-rollout?
+
+Be sure to consider highly-available clusters, where, for example,
+feature flags will be enabled on some API servers and not others during the
+rollout. Similarly, consider large clusters and how enablement/disablement
+will rollout across nodes.
+-->
+
+###### What specific metrics should inform a rollback?
+
+<!--
+What signals should users be paying attention to when the feature is young
+that might indicate a serious problem?
+-->
+
+###### Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?
+
+<!--
+Describe manual testing that was done and the outcomes.
+Longer term, we may want to require automated upgrade/rollback tests, but we
+are missing a bunch of machinery and tooling and can't do that now.
+-->
+
+###### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?
+
+<!--
+Even if applying deprecation policies, they may still surprise some users.
+-->
+
+### Monitoring Requirements
+
+<!--
+This section must be completed when targeting beta to a release.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+-->
+
+###### How can an operator determine if the feature is in use by workloads?
+
+<!--
+Ideally, this should be a metric. Operations against the Kubernetes API (e.g.,
+checking if there are objects with field X set) may be a last resort. Avoid
+logs or events for this purpose.
+-->
+```
+apiserver_watch_cache_watcher_counter{index="spark-app-selector", resource="*core.Pod"} 2
+apiserver_watch_cache_watcher_counter{index="spec.nodeName", resource="*core.Pod"} 10
+```
+By enabling the feature and running workloads to watch by `spark-app-selector` label, an operator can find the above metrics of apiserver telling the feature is enabled.
+
+###### How can someone using this feature know that it is working for their instance?
+
+<!--
+For instance, if this is a pod-related feature, it should be possible to determine if the feature is functioning properly
+for each individual pod.
+Pick one more of these and delete the rest.
+Please describe all items visible to end users below with sufficient detail so that they can verify correct enablement
+and operation of this feature.
+Recall that end users cannot usually observe component logs or access metrics.
+-->
+
+- [ ] Events
+  - Event Reason: 
+- [ ] API .status
+  - Condition name: 
+  - Other field: 
+- [ ] Other (treat as last resort)
+  - Details:
+
+###### What are the reasonable SLOs (Service Level Objectives) for the enhancement?
+
+<!--
+This is your opportunity to define what "normal" quality of service looks like
+for a feature.
+
+It's impossible to provide comprehensive guidance, but at the very
+high level (needs more precise definitions) those may be things like:
+  - per-day percentage of API calls finishing with 5XX errors <= 1%
+  - 99% percentile over day of absolute value from (job creation time minus expected
+    job creation time) for cron job <= 10%
+  - 99.9% of /health requests per day finish with 200 code
+
+These goals will help you determine what you need to measure (SLIs) in the next
+question.
+-->
+
+###### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?
+
+<!--
+Pick one more of these and delete the rest.
+-->
+
+- [ ] Metrics
+  - Metric name:
+  - [Optional] Aggregation method:
+  - Components exposing the metric:
+- [ ] Other (treat as last resort)
+  - Details:
+
+###### Are there any missing metrics that would be useful to have to improve observability of this feature?
+
+<!--
+Describe the metrics themselves and the reasons why they weren't added (e.g., cost,
+implementation difficulties, etc.).
+-->
+
+### Dependencies
+
+<!--
+This section must be completed when targeting beta to a release.
+-->
+
+###### Does this feature depend on any specific services running in the cluster?
+
+<!--
+Think about both cluster-level services (e.g. metrics-server) as well
+as node-level agents (e.g. specific version of CRI). Focus on external or
+optional services that are needed. For example, if this feature depends on
+a cloud provider API, or upon an external software-defined storage or network
+control plane.
+
+For each of these, fill in the following—thinking about running existing user workloads
+and creating new ones, as well as about cluster-level services (e.g. DNS):
+  - [Dependency name]
+    - Usage description:
+      - Impact of its outage on the feature:
+      - Impact of its degraded performance or high-error rates on the feature:
+-->
+
+### Scalability
+
+<!--
+For alpha, this section is encouraged: reviewers should consider these questions
+and attempt to answer them.
+
+For beta, this section is required: reviewers must answer these questions.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+-->
+
+###### Will enabling / using this feature result in any new API calls?
+
+<!--
+Describe them, providing:
+  - API call type (e.g. PATCH pods)
+  - estimated throughput
+  - originating component(s) (e.g. Kubelet, Feature-X-controller)
+Focusing mostly on:
+  - components listing and/or watching resources they didn't before
+  - API calls that may be triggered by changes of some Kubernetes resources
+    (e.g. update of object X triggers new updates of object Y)
+  - periodic API calls to reconcile state (e.g. periodic fetching state,
+    heartbeats, leader election, etc.)
+-->
+
+###### Will enabling / using this feature result in introducing new API types?
+
+<!--
+Describe them, providing:
+  - API type
+  - Supported number of objects per cluster
+  - Supported number of objects per namespace (for namespace-scoped objects)
+-->
+
+###### Will enabling / using this feature result in any new calls to the cloud provider?
+
+<!--
+Describe them, providing:
+  - Which API(s):
+  - Estimated increase:
+-->
+
+###### Will enabling / using this feature result in increasing size or count of the existing API objects?
+
+<!--
+Describe them, providing:
+  - API type(s):
+  - Estimated increase in size: (e.g., new annotation of size 32B)
+  - Estimated amount of new objects: (e.g., new Object X for every existing Pod)
+-->
+
+###### Will enabling / using this feature result in increasing time taken by any operations covered by existing SLIs/SLOs?
+
+<!--
+Look at the [existing SLIs/SLOs].
+
+Think about adding additional work or introducing new steps in between
+(e.g. need to do X to start a container), etc. Please describe the details.
+
+[existing SLIs/SLOs]: https://git.k8s.io/community/sig-scalability/slos/slos.md#kubernetes-slisslos
+-->
+
+###### Will enabling / using this feature result in non-negligible increase of resource usage (CPU, RAM, disk, IO, ...) in any components?
+
+<!--
+Things to keep in mind include: additional in-memory state, additional
+non-trivial computations, excessive access to disks (including increased log
+volume), significant amount of data sent and/or received over network, etc.
+This through this both in small and large cases, again with respect to the
+[supported limits].
+
+[supported limits]: https://git.k8s.io/community//sig-scalability/configs-and-limits/thresholds.md
+-->
+
+###### Can enabling / using this feature result in resource exhaustion of some node resources (PIDs, sockets, inodes, etc.)?
+
+<!--
+Focus not just on happy cases, but primarily on more pathological cases
+(e.g. probes taking a minute instead of milliseconds, failed pods consuming resources, etc.).
+If any of the resources can be exhausted, how this is mitigated with the existing limits
+(e.g. pods per node) or new limits added by this KEP?
+
+Are there any tests that were run/should be run to understand performance characteristics better
+and validate the declared limits?
+-->
+
+### Troubleshooting
+
+<!--
+This section must be completed when targeting beta to a release.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+
+The Troubleshooting section currently serves the `Playbook` role. We may consider
+splitting it into a dedicated `Playbook` document (potentially with some monitoring
+details). For now, we leave it here.
+-->
+
+###### How does this feature react if the API server and/or etcd is unavailable?
+
+###### What are other known failure modes?
+
+<!--
+For each of them, fill in the following information by copying the below template:
+  - [Failure mode brief description]
+    - Detection: How can it be detected via metrics? Stated another way:
+      how can an operator troubleshoot without logging into a master or worker node?
+    - Mitigations: What can be done to stop the bleeding, especially for already
+      running user workloads?
+    - Diagnostics: What are the useful log messages and their required logging
+      levels that could help debug the issue?
+      Not required until feature graduated to beta.
+    - Testing: Are there any tests for failure mode? If not, describe why.
+-->
+
+###### What steps should be taken if SLOs are not being met to determine the problem?
+
+## Implementation History
+
+<!--
+Major milestones in the lifecycle of a KEP should be tracked in this section.
+Major milestones might include:
+- the `Summary` and `Motivation` sections being merged, signaling SIG acceptance
+- the `Proposal` section being merged, signaling agreement on a proposed design
+- the date implementation started
+- the first Kubernetes release where an initial version of the KEP was available
+- the version of Kubernetes where the KEP graduated to general availability
+- when the KEP was retired or superseded
+-->
+
+## Drawbacks
+
+<!--
+Why should this KEP _not_ be implemented?
+-->
+
+## Alternatives
+
+<!--
+What other approaches did you consider, and why did you rule them out? These do
+not need to be as detailed as the proposal, but should include enough
+information to express the idea and why it was not acceptable.
+-->
+
+## Infrastructure Needed (Optional)
+
+<!--
+Use this section if you need things from the project/SIG. Examples include a
+new subproject, repos requested, or GitHub details. Listing these here allows a
+SIG to get the process for these resources started right away.
+-->
diff --git a/keps/sig-api-machinery/4933-cacher-label-index/apiserver_cacher_event_flow.png b/keps/sig-api-machinery/4933-cacher-label-index/apiserver_cacher_event_flow.png
new file mode 100644
index 0000000000000000000000000000000000000000..05de9dcc6cebff3dba3b181f00746ae709115b74
GIT binary patch
literal 61887
zcmeEv2_Tef+kc6Sgc(Z<Bl{kWv5k_(*b5P|mh8ql*@?0Yq3jVUDJn~}*%Mi^6ta~F
zS)vdrsVwooA7;v_^S<YN-+SKk*7twUQZvtTKhJ$%%l*54*LB|$uC1j?w}ExTnl)?a
z)YX&@tXV^WT(f5F4cK~c1g^GmC-`fv+W}SFn!IM@=$bXQ2i%nn-JQH`@Q&7N_#_lp
zKJlSZb}nx2d=g50Xf)mn?|>KcaxoXPba4XT!AU0<E4&Tf+G^zjGzu*#DvlCG%jk(q
z@JT30$$&p3&|*?jQpPLSo7-ADlUmbs@x?njn)9Jmq{L95DM3whOT4qYi<=#v1P**x
zcXqdS1b>6W;LrWK;15Iazc|WFT*^#F2z*o^5FD)ytS$E8-Jw<_WW*$-!C}FDYI>R)
zd}u}R*%9wx4gONKwsdfTZc(&zb#VemRK(G;Vkqcea8TFW#@rRZstKrP*6!xEE4|Y2
z@>KAYaW*`N7WHz%*%Q>%r1V#M<7w^chIer$bzWRdS`6HY=95t7Ln(kJp#LNkt?=fy
zuI6C8P|oJy(aR&rr!2##pa}g3Is{#&EX$`L&WDp)X%|l#PYWka6$gC<MLUfHDB}a3
zE=K!}ZNGm2`7uu3s;=e)J53j><x#WpUU`x@3Jt~t>X4Ps$`NT4croaJtt<IC;1$RR
zbn(8VcN8aI=7G1eb|ba6a-qA6i=#W9@Y{oyF3!%@mL%blS~Pccb@BS`Wi~F3q~4LP
zApo8DP3zDBT}yMvACDT~t=xfjK)Q%Q%dET$bhVl_-qw!%WN~TPl`~G}<cmo?akDeG
za`9TZfBDdAL9L7<c{E*JTtIuP<hc4Y`64H8MQcY$MaknxdJfQ}|M|UNN5l22h5Rec
z>B`s|$e1}w>F?KfP_>jY+N*A*Eh<BLh?~0)d33F<z+jWUy12UAx!Afmn>#9hJBo94
z@o=_Uws4@$xNp~JxVR9&Sc-##_SWw1J|xXC_i%RshwR*)97$)bz47jb;4?~03Y>tx
z8Lc{_1Su-iGIT--($VEF&hD;0%Qr!1pfAupC^4DkCZO-%?pyvwzLBgH-$s$#XBQ7w
zOOi_c?%-e~R_=8-ceS-9Dbw#>C_|D9G<4vlz+KCa_~+X4O=ncCfd>K|0D9wU?P%_f
z_gviy8f8wh7u&Db{nn%WsEMnOK#p761^7|WJlO@vNUrn@8YA!tO}1?EliZevhIAL?
z2>w`s|KO2m3DRJa9w~tV%|b1cAGtEf|BFXT0GFu(d>wgk{`shru3k3NKf3Y<YyPLg
z_cV9(Ajxf|XRB=Lo5euJ;bn(+x7H<?FDsuH@X_GdD(e7qh&vv5I|WC)Ei{w3LskXm
zKWMZF=0B)0bh$NIu+UZiyjv@Bf|TOxh<(!wjEoqDWF2JHkR{DPUf(>eq_nJ<1j*Uj
zt#-8Jd4w#})e8G(bm*@ajwETSTO}Mtb4xpG*I!md;utaM-<pyn$@{F5kc7DS?@9<Q
zLAv%Qk`Spg-%AK6yMej;FD)t=j2HmD%XUlldSpktN>-9GlD{h}Ss5|$?|kHc-k!+)
zStYH1&5~B`{`a~y2`Nc28PZUa1R*X(`o2mKQsQE0lCxXw)qXycA*;o&B?QSIg&_Sa
z3t>fb|CtOxbU}a+fu)Zl9sp)ni9eqEEmoklh6NcaTbNrq*e=6|{T}Y18K^x7L%6L(
zW#SO}b#-wEpm90sl!c(OISDv8TH65Biu-*$;b?AQ?WpbIh9}+Wx)Lyby;|eD^A;}d
z?jXhoNX5k!@9X01ZVtU7^tivngwZl+F$`wqNhA{%6(@aPWx^7_W4~yic%;KW&#Xrd
z!B=6#zccOvQX@xQ-(s+D@zbA)yZ(J)7s)C7Vbp~t&8>f9)b*bMv7`a{XRZdY4uE|D
z&f$-O3v)NZ3MFHM_l83Fzr}jRe?&sEklrmrqgCdMmLVTpJpq3^`t#WDkDzs>Gpp_S
zrxpnsCG~wA@r#RuL}~oGRstxJ@8gAETqGn5|Aj>&jru=kB|q{ZznbI1{18?D;#NXp
z(tcelkr4mCHkXhhi&Y}QJA(|T6W$qQ+fbHv<{+^J(mVi|p;pcKfQE(QtyNSmITEu3
z2@AkE{uqln;jOHo#0$>V8boyF7RyN(D5xSpjQuk2FNNciQUXVyGzvND17F?TU0ock
z6<r)%K)XuLE>L8M1F2fa?+&fJ<-eC;LH}rzz;XVF@5ISm%4&E=KKAo~J5siAmGlWN
zRzTF&o=_t0zfvbB8>D`i93^F-eBAf29z!CXe{QLhso7Ox|3TK)&Q=Og0{ffAS(&@p
zEvG^uQf8IqL&vqv-GS9ZDIAbfK|$=#iqRU7QYj!+^Ib0W_Y<R#KUmI%LIeNx3q*tb
zQ~G5ki3hF%-T2+i)t?QtN%rus$JwhwJ*nT(3G%VOCkZO?qtim8rN8Pg*&Y4$sZeo1
zM*~mz^`GA++(0%!M)K=96jTfXO*7=z`DN3j;-rqOGB0zeR6^Pjnlmk2!6#ej(_fPG
zSsAl`@1!RoAtfeB!fxcO0=W=iwW9wrS%p6lK>v^O*nf)<K+=Xh<B)`a2Auf!GtjS-
z+W8Y9^Uo&)$sdJ4&ZPa4mhfYcyyCTfWoHFyE?3NgY$oJ_oL^BwWa@v_WU|t^Rngc_
zPKo~ro*`WDqwD&{ey@hl-;R=j!GFFsK;lnKApcE?{$<5lXh~3o_1lyv0F^&XeZQ9y
z6_=FwI&1z!`tv8|zMtEu(I`;w{aZIHAqD74QlPcU(|)txpWdo}oD6?4R}1A;zQc&W
zzEpmB(ikoMEifWMl3!mcq_psA6!NWZUg=w<yz;lB-!VYnuKAm)=>g<eRZkDGSj)xr
z--<zgQ%t{nPTSfQ4+_>HLi=B2p#F4)JsDg4>m1bILoT7o#YtqeElUDN<mvXWr<KrT
z@`3zF^5Bvm`O8vAl0O0iyfeWAQ1Smw#e7{kLL%kSlHUh<666HSD)<4)1eYn2)!>7C
z8ChNa^8tm_k8%eqxGe2{#2>(&F4rpp@3o49|0}a^E6@Bhj3Q9Vm342VY#z9Cd9?q9
zWf{_-LL4J5C5w?jV`R`6DH0?j8@jBln5?X{ELsL5AuTH-B}tlvejY(e|0u{GW%yH<
zOG!xmkmCO3(TX%ljeZ8S@-?gVyD6?^)L}?Yetlc}_Z7PQBeVhvS^qk)LdGC}SeQyy
z_g@99h@-{H#1q-2NJ@W=TFGwY-+)*^4dQpvG6wy_bAMUbLSA+JpRuoHBu`pd`}5U!
zlTG9gZHc^6^;fYa32Drq(CNS4mLyRUf8x2ntSyoGo4?tXps8kg-T`C#pNo>oHt>hW
zLSDQ3s~C%v_}7Ae(!?VnBQAy^aa-hx=hs!*AF0!yD1Q0fk|463{jjL~ua9a_VrUE~
zidv3C{~l6Cl$0$YE0&9mjT_k4VfhXI>;?z_@!bY~OtOKZPl$_K?#3$r=xXQUWZ?ly
zNdIU_(8`^ECba$Ehp>{UA7}}X?IcI4tC$J$V)oxK6Ov!o{*guZpC>0|NM35yh(m5y
z_h;TY<+roga?G{N?tTrre#7<tL%mo*FaM;l@Xt?JBp&KlnXn|Keo*7@_c8f5Ks)sJ
z50(6$tNV4Q$R8{1oxwg!U>mWYhv@tLiISXv`+oP8UwWb>p)gVL?;zN(I8&0V&R5k4
zDdF8L&0Rq$KU7h>%5ndE6?GWd@1nV{CckQ~Bolb6=SuSY`SVPa<e+4g9DWeMf6IdY
zva%qlAE&5ax+;h~zphdruvW?gRE_^P`$yjL?CS<z(2keiF{)&!u*z?UlNDmM;~-!6
z6FH6_7um0%0tuBL9LP@<>@4pjN}55*ggS~OmQ`Yq`L=v&wIF^%4^E0XSIwCJ4RuHx
zXp$?D|CpO2Y4fiV>WGtrII;#yf5)Eu^?{DKG)d9OkNn;z{jy;W=FcR+zpX8_bToH!
z!(0Bgn&BHr{TjGK)b!ViEh8vD`Ypo$Cn?ddnbbd-9{SB1$KNh&1UiAjfcO00a|Pse
zVSl3mt@6R-C5NjWF!|WuLrO|YlQ<Bv(yvsDd|UDN*V~yCd8sSuk>cdaG4kC1>)P3m
zjQbBzVbvPm|F7(fG&KLe+8O!>XpAP)&t$d#>n-i;#>!;lCi@ohBYy=;({fiq?{kt>
zLThO#8%a7VD62~1MSon)YXR+F4R-zqo4EsW#o7^UGX}P%_?~Kk;LqP)s`tAL9)|2I
z{uTxgP0p<SJ+lh>w@B*$LgtH{7G6aJkXMhp5zL(-rTe;xz4TEJXt#cx<;wOb&`&S8
z+FA&LnHKte1@d1)%fJO?12(f1wJ~?XI|3_(E>*L3^t6Vy;9hlpW#<*>tT>tg@+AQA
ztlUU?D0Ifz#nlPg74z#kPw*oW=Adz~AE&vy2cRuh+W&{wS(+36(IsA_eYT<Jfb9WR
z9^wdg*|&BT1>Fa~lL3C4;`^6yaV3DQYDi5&yG?+bp-pN;NtLnC^`uQg$!DOAN}=E5
zfKH*v9bLZ1-4!%t1G-3l&hm~k;4%QGmVeR#x`p%*FBey<-@ew@wnV+GEgbOfqRVZr
z?1v#r0%X5==C_ScMZc3GS_(KHNRF#NkYu^ss+F~+i|g`^sG{z6cuNOoYd6vu;GMyC
zr(_X*f9)zs{?qGLz0Pm0vvG7WCyg9wJ09?kR(Lmpqd7^j@XpISxS~;9cqal_=>c?O
zStw+6CGUZ->`Iq^8w8DleCYD;gg{b;ez|1%04Y6!TD64&$Y8J7!OA`gKX_iKyWnYm
zu=)Hy1oA&r1pM!l!9Uih|K4`YV8>T+(#|8R(fQv&k1Qwo|G^J_kP865{j|#Jfml9E
z{(YB~6QmoUU(s3Fn!jH0%GEV%IM=8vDd>40esh7knEAo`k0u)hEwDOD%9L)Kbacec
zl*K7FSkw?LaLjPjp&MIuYQloTWKU68sN7iVwnj$}b!c6f>=Amu7dIA*9v@2Vy(4i~
z;?AABF1sK5w7B{1EbDFmqNVTggu?Ar^M!H7xD!kBFP^sP?%zGUaAJBXdFg_-LC0x0
zoI;%E=9iDpO=uU*7UwT6E!Z~ZX8Uq+Qnp3hr#Q+;zn^z;=EjMwS@k^uh0mSu?$kib
zWaLv^IZm^d3r-){$gpwgrIGCg>-m5auavP>=Gkqyv^Ydq2;pWc7G3sPQ@Q4H+}VgZ
zG0Mvd0bkaN3Q(*aP_5x%b<{rvSCgQKWsK6eT)Cb*D0U>v-~|!86W%{m!^Ggr`#v_x
zM`s5S+W}L;VHQHyR>E7ud?WNO!ZYb8(Vq|%XFF=^rS@`Zv%$_NVKQ1XBb6`fYzX8<
z)OUERJ&)ymZ@&*#a|+u^R7}B@F{O8hU~_r;KP3rV^gA%pWo)*Q^@Khr{2W0oM~7uP
zPXQJffyHu2vxsYsWx!!XtYFpJu4m>a*<b2!gLRLIe0X*7L@C3bg%;7mXBN&6SPb0h
zSS1C0V>%v8U+K_sAM(992%j<-Z}n6o2Ea2lC@Gle_e*E=U2hB*yV4mGOe<D=|ANm*
zvd5Er=icsKzv(9DoZLd;?6KUUzV4Z^Cy&_OTNIRc-#BT{ur@ZTJH;)sxD*ak!YD~+
zJG50tg+?xp<=pW6)Z-Q%EZCU3`}qa0KA*{2HW&A|_dcbX9G@MoK8T+QBM?J#M>yc4
znX`PHYlOE11`!pl(t~Veg7TI=wC~S5I#fG3H-5wGB)g~Kp~yW;3wL&X`Ow~b>EyOC
z=^lb&dq9utBT;&%`pLU*Cqp-G9o%F}Q1~=a^rF-<diPV!BvhqSVV8~b{eZQ3iYMt+
zFw)(2JTgw*lJm0t0qc4mY&LUz?6)}kYO;oDfBx(IGh5}nZ#uMJjbz*Ho1g41KmSIe
zs0Bw`;&9`hbPystVy_}LBfZT=;|mML(n;(+@TQ87UN*_RaA$M88JHq&8EWD`^Tdq;
z?J=fT)ULIw1i_<H%&&Q_IPcKiQir^fT93(|F7R&0RT#xeUNU}aQDi9D^|q{C^P+q&
zqWgGThPnzXr%)Zc*LmfOJvJ#$rguFjdfN8wn9!0PW|lcRsN^*evYGX0$yj#I>6dSA
zKN3?hof3%a;HThbFOYr9>S4{Jy<@=eNFdcqPUEg=6W6y~RCYWqJ0%^SZnyP!srXWe
zpa`qFcJa79ah+(Ly1<2(iN^LqpFr2Q$Oaf<w`gGoD0#S-KG*FT!}S+AJ%7sX)+m0p
z;hB58W@N_o(y{EQo*<FyH-nPh`+Q!pd(94?y=!#GrlBkUWpeJq21DHq@Po6{nTQU0
z3Ll!2k3%ls-&JsDi)$n^MeAi{TAAYu-bHoWjy399y{wN_LAThS_w2@xD3#VQ?lVj-
z_n$BI|J2)=Td_E2Losl0-&L$dl-zqYi3ZM?Xt6`3Nqf|aoO?&cA5INa_ja0{a2h#l
z;&QK`P(V5ThGIZ8x9n{PU<?njoB{(=UN4v$P0hC2Jvp*tX>r~~!UcJ>1~CbSF;}tw
z%cmDIOpjDK{9lIBv5g$|9-#69!(E&xYQk!6=yGr7v^y4i*ndX9sDVEPGltV$ix?1S
z$9FJANj){J*5J3(lk*9*(%!+(hKOP{CC+T@s-tT2Fv_LniaAc{%1EDlpl#1l^^fog
zil~cTy&h+uI~DadW*nWWq)rJRUYvg`)1;bnFt>-rz;xj7u?Z<%w@;((br<|Ub~)d;
z_YvrE(RsF=?wNPrme2QWwLNb>!uaqdH!{gsFuEQ8w(njqP-&Z)p?x?LZlrp%pLIT;
zlcRNGysr@D2oJL0<9p#X`U7XzoJJ*^y0<EOgaB)^y<2ko{X>zvpu-)Kn_yOJ54a8|
z7?d`|3*0q3@#Trm$2yJ^`M2#9KX%z(oXvaSOGn+Dj!E<c&&tc4e!S-ea2NIOb}Vuy
zIrHK;nbt1Ip1~Y&z`-)u0%u{=-I2!VD^tq%CJLW-i-x<xu7&~OJt}Z{QI2dnX&;|+
z(@tQj?!F6;?(z8v85y?`4Yv<gbpAkVoRh5+Z#m?_H!X(lfSsV_Hm$pon{dz=UtSm_
zcLQAz5}+YcAoYUP$(kF*Fpw!Vv0nF}b5-jNvpt_4?WlN`us<BQ{s%mqqN?wnjjD6S
zP*P08qxQBr`@MUx`D*Pen|1Q*VYjy3{FE-v31<=Cc6{lJmsfuvwXv0kYk=RUUN2A4
z>5^BecW(CdRHdal(osJ~Je&vKL;707;+Of9a~u_vWA_Et`i$omZRgx%L)A!KLUFK_
z!P$Q5ftGAu0OOTuFjyYDeLvjvMH#_OaNLwc>`|E7BORo(?_L;h2$p>yQ*t7-B2WFp
zUgSpE`lH4#$6nIO^c<1l<z%PK4I&V}yg%>Oe9MrbCgi?PES-Hvrp|~<j3#D1J<`r9
zSnzBTBj<YWDkc|-xZsBsI_WA01)?G;b02QL8S$JQ&Vo7&6f0NsxbMd|_~wKpp0L}=
zJ8m94a7tkU7Pwax+i4}@zy8URy-HdXK`+iTnC2aEX!g}bFB8XGA+r|<N0=5_C8!KU
zxYpHsbRM!j`2{F|qe4a)N96>KAMKPxK#~<BeV)tUu>iNr`^7x#xlSfs4bD7!YDanT
zF`&hV>Y~^u=3X@jTzn(l=RH)mHV6Dk$0M?T&zJm}R~@?hJ(gx4pV*#C)DV8M0DcWm
zohJ>Jq0W={k%%Qwo+jv>^W=#q_{}^qaPG1`TYzxe71Z(!4y&)~JNDM8LO@RXQc<{G
z$;WPo=LK3}Cr^ZCCM6TsQLCP3xfAl4u_x_5@%HP>r&wDJ-I}B{b8u|4KrY*?sL{kU
zDIXyF-Xw8LB}~u_{RC!;KzL?;^fheo0WL0WDwv+!K>fx*%`HxO&bSTeFX*XvTXuO~
zPgYAbb!{lc>NRr62%s*4j$gd#*i(FT(^{t4m+|{G#sfDE51izXW}>xWb56!0QKK(u
z4MQ5%bI?nQawGMpp4!2(RIttIS*hDR@<I`)DxGjM%DxPo-}(ifFjsYyFon|Y#m_@F
zdHr5B$FX+<Ur;SFCLKVf_ZxtZG_|g?1jmx$MCSzkgW`3%lG|cv7UZLLjtPDOB1t+J
z@{BRVQ6P`<T%zCF99U99Gy&_$sTsoy>HZZS&R4B%;(ByAPI}5s-tQX(nlcXHF9q%%
z;Ixu%6{QK*v_PRxGj3uF3V2HyWI4KyLGFmp&f={>qg1!=F9AQ=y&!q}f{M>3UD^pw
zIFnjs73~hkrN^3^!y>%44SRuMMZ^fE5Xu(bKT<iU_Pn|2+)(tMzVnCqa9G%x&;Xb!
z{_`lF3%;3x_PobaBe$%wwzzzss!En8Z!4Di@@Y+v%~U-xl%zhj{dT?I+H1ugLHi%r
z=j0w#<#b(pT6gr=+k3BAWt<()#c>|cxS!2&{Bxz0<Fl6Iyin^=SU!8FeH;b$aEeit
zv_Tqbt92C{p+4j8^KkB=&!ysuk*5rkh-6cp^F5fRnxs@O=i8<(ki1C|m|*~X3Z^&M
zw5ur<p6N*`oJi1{ud(yPaoST7JU_~->2zKwoO@XpTewx{1Tnyk8);0Xf9gJffWz{0
zuX#?%rP!!nzW7-badR@5L7tFnTp-MbG?mx`;RJ*#65+t1gs})QNT3b83^zP7KT&ki
z1TUi(!J4%#Tb7c*%I_#w+1IvR{ey%i(Q@g_Cok1)K33OtxvLN&W!a`M<`6J$IyXlz
z?ZpPj$(qLUi*KVgO_6qbBm6!e-@aY=%}w*_?Mcr&vUEl3qAE6Ms`*ir-2>ou@|k6H
z0rqIjCX1qcmlu5&cQgQ2fSjo3h4ZCh&vCn8;a`dmu;-h$9FG&c>Gifxnm^AK_~G%y
zn=$<!$#D*HB6-D^@tBsY@Xeu0!8Hk7b#R<}pNVtHgQ_p>UhkO#HRXFyj~(w$6i&WQ
zk1l+7fJ6MKTr4(+^03=T<E`?xr#M<stH2LR7~z2l9gYy}2Ur+EDLTtugNDL%M&%fx
zT~nq6!h@RUBpYyjOc`{xmh}`q-o}NF_*>c-KUur*$F5KG4YrPQ&T^EvZ1Z`E@B+5q
zC52y9xhZ>_#_iC#BLunX7wRwTI%nqJR=5~61t*GhJO(JK&ndrEC8}70@&?akF&$?v
z<z!YQ{i5km3DC<(0z87lwendwkD^aKQ{_9A(_044N#X}fJtxNUN=8^u?T%+C0>G>+
zPkyitYr&~ivGD%X6V2;v-KMq|Jhro}3ExmDB2-n$*zx4qnX<64Q26H^6hI?3=%2z$
z54>)<6wK}mqvlr%JTHrkk`G{`-b4M?^SP64!)#bAPFt2Z-f1UV-=H{&465g9IwvKe
z37fb?*9Cx5FR+2h=G~uq?hm7BRP&BcmX7Bo;<wzc$-RE|uy4a{CR?VcliPd+UwOBn
zuozCI7}~t}_|q}3O0KAEvKr$lrvuQ8dMJ?aa*W~lmJZbs>%25qhmC%j(f!BZD2|6q
z016i^C;)(v2UC4g?!=k|7d#C#%lx$7WgMcOADKCSk0x-P-{ak%B&GK7ucfcn2sE4u
ziP~CCdvb@YFXnv1$MFj~oyHELkGM~(tZ}OiWplPOo3mpKN_@nNESYOCkD`I$f{)Dg
z*Q!eoq`fGq9rDN6G$xs!W1|=n{|JDCN#==01-lb+CEWXC1i&4^PbsPf#-~}S#;R+G
zPkD7SH^1knQw=HC7%PN_tyznRf?@SoMwK{I2p>Sius{Rfk7;3jQ#=%v$Z>LAQkm?h
zzGF9%ccAWI#ip#Wv{+Xx<0tdO4IA|t2Ks5sb+2hnBcjq)hEm$8yQ7h@e2*1p?GBz4
z!ja~Bscp_7R(%H=c#&{{Mv0f(s*vlJQQR0zHE+?oD%NM5ifKJD_`O|NnRK}PkXKuw
zlL;cqy<B)K0j@>~-c9MqL7rhOCv2b}{t9&x^?BocI{}p_B%Wq&YPA1mE%U7x$LC92
z%4cf_^jOcRQHmOb5n|ZvBBh?9;_1KKSBT$U-$h)ftCjZ-&bxzS0DHGm-^fqAejl*{
z7Eb?ek3tSpBB4L&)c!i)Q0!QlGz>D>i-AomV;;Wa&eY_JVWd>T96%$+R6fA4m@;*q
z7nSO5^7T|Fxp9~Glz(pZ>qqWAu$x}fkC_l5w=h*b@n}zqT7OLm7_v@0hEOZFv@pHy
zEN$C<Nq7>zSTlH2kRrRlL01avy?O5-xGqamcScB8V?H1Y#wCD|7sZ^poV(^CiWods
ze_La{^};T>t1<B77xj?z-3je>AKsp^XQsHq$yued!PmFY9)7=Wt?I*(rj*AL{Bi3B
z)zl9Ts6?_RIF%*wVeX4RKSH0p`&c1+e;@Oi-dlb{4Kiy66OL#FB@wjUhBv>UZ&ZH(
z;}=w8o^h23-5I|L5tV^3IEG6*4tl)dI=n*Xphfvs(Zw-^H3B*d!o`Oax5J%}6RbDq
zp5m2(>~JfN^AK<}VT23^<!l)r1gFOQ=XXO*r*Uuz<dLK931I{~I)HbuSYkS(jk-TG
z1&&jaq78(S8Vs;NLj-&vjODPt7(iwvaQJ}W=J)mnu$Qeng?&;IL&0S7Bn+60RC9K%
zUIVP7EHt=mGb5l41{DI5whc2PqFlLdc!mT>A`|t-v#zDyK7m*ieHEIiEJT@273erP
z`9fqVYIaE=RQ&*VRV;Ixy()}SG0jF2xir^Vv0X}L5Al$Sl5~(LV*(?^EIdGa%9$%w
z!>Ym{^|fwoMX)-Y0YRT@!WAP%nVm|w*%jLq7nzr&8D*OljAY>!95pT*)0~CZ^Rt@w
z(ZM1*{g|h<*0UGDRJAkov|zl!SbZk?`k<xv8}4wuZv?2!&PTXDMIlJ|VoZca8u4D#
zfiNp|dfNAR_{436;Pr_N!981v-Tb<CX9nw3C{V60F_xAf04Uskjn#yZ5uaMrzxz~?
z)z!kAhE;H7_7D}JDjgWtmqRe#Q`jerQI1kBaKl!M7}cTj`N=!g$G^;U7M(s%$0qF#
zriP;&Cl+oU1BXP<yLaXt63y!DcDTWwF*f@!CdINQ43XFp;mft@WsO~1M)*8%?7f@K
z{LF>gFP>QRd9<h=a}9u!o0)~)YL+>TJ|ezVmcA_x8`Il9ztg#2hrLyErQAG%P?HbS
z%Y_Rv24?dj4_iOFx<yItfJg0C+a&&A-osWyrsg3m@8#!4Qd~+wEcoOQK!qw4&AZ;p
z?K`wh4~nlJ)pV7(*?IvGyX8{705PBc(9TQO8$1H>VKs&d%9isS2NEP*6kf@Ux*`W3
zoD*=Hk+P?V?+S&fw&f^J&;-sQGIv%D=ocusU5r6|0Ep1jYF_SL4U=N-=6q&&0_f8V
zbkt<obn}dS^oDJ@_1venTkujbschl8K65{CU1VC!-m(}w#}dTe`7)MsovvSYi#aKo
zW+)QVO+}O^HU##-^w<ZE#M5L?hHTdWL`5%{K5XQL4z^&^vN&T8ewyrcJ17CDilWZL
z$4a*C_T8cm&Uqt!UtdZT^MCW~mQPOWvkg4wYkfp|#^0Y2tX0~2^_qD>oWj_q0a#Gn
zLs;NTc&2a_!bZ1js)}~v{&9fcn_MpI0Yb;N$NBEW2$-70I&WFl`DF7Xd<G2JI28YT
zExfBc+kIwtG}E}u3qQ*V>r=Ixkb{y<CR2w6%+TT0Y;+sSk>>1W)0bkEF2-M^DG;O-
z-W-_CjZ~1?qNegVb$2iAj<SB^d^<$fn@Bd9W<TsyO8tkm3U_Y3t7S`hp>hUy&*^#L
zg}MPPOWJ4x>xih|jre2S8)J7|F<8uY(teSHbE4{H*zhF1f)>zpbQJoEm@3Bz(=T#>
zMmls>?9gQe@$^K%1U@;xt7Ia`^w>nf)sQ62QHz&Ot@M^YgW&=_{3(tWGY*aqDorPS
zMDjWt<XCDojO?Q?JMJT<cXYK(<2a2evqK4#GpQATLg~5lSblsG=(k;LV`i@Pqr^#|
zLGDnrWMZA5|7Of#{^Nut-UT3nt66~^c8*sRO!It1ay#G2vxnBJw#Ezk%PL_mCn272
zQC?O|6Nag7(cgYlBJb|x&Z3#8CaNbb4r(ffZoHLd{@DrMo-Y5YS#W3Tbt8#Ki1sX9
zfyi7+>?0|c2eqz3=9z&Un&${Dw=%<UdNY*k_fdraN^W!DIc}t#wC|@$C!O6x%;%L%
z3hb?AP3U*ML3QSu6k$^CjF&;k<`^()$wI~$vAQx*@O?7BT}$K=ct_R(9^05c6=mkj
z*#c@8^;KZ7z$%y?)c|acCA59y@t&nO#SaigX$o9>1v?Gcr0kg;+yGs8^8sUJcs^_0
zQxI}Pl#Sl-v-J$y96O8Kg@-Zu>D;ozua6nO()q$jfybs@1u%(v(7I+|`?=l8N}S5^
zL3lprSrAWeXWm7htsWT(e_OLD++@r1a}IfUokQ`gCUMiXqC#qT<15IMg)miPgWx$n
z%Du~D*FtBX9w~jB(`<pQ2<h`Ob~1jy{LyGY1NCSceR(8y_j>O^b$dr8P31drMBd$n
zysw-<03|V4TY-;9mFwty+?`o_TRUZ#b6?0@Mg?u4u?i>iz|^*v_;rofO2s;MNPD8M
z<bioHBqDLaYw&2yY{GM4^?E=IIlbEx$NC)fynhk^6W-8~xNYDqRjSG%zN)~vcPC<d
zwIo3D>qQe-C~#?Tic2)qEQ1@9`2%5y3pceZU^LAmQL|jmTsNNqZfc_T^j0P>-Gh5t
z519FmUa6^7IirgU7T{8k7H#ku>i&?S9?wmO-TdS{0Ma2DV+ab|8p;T6<k5^cG3%W{
z=kx$y$+quYt;dt%kmo`fXHQI)yc%?VI9B)OK1+{1(xm;WW@NGc&@)zPN4s-3l{X)f
zjP+o=ia<o6?6R(d$t?t)xuFWtF>>rftEx%p)1jzcd2lhlC4WG=7Mci~`Mpza@L<Va
zqpNe0p1mhcAvoLB@$O`44jbwSRzE7z18rG*8mDVoSaG(Rf%`SJ5|{SF)=xP9wih8-
zQ66m;BG2oy&mv{|>>9e`rgHi}F2{~p<JDI$G2G?6Q9frsea)_~%m=h2m`y2@Q|ogK
z#45e7Thptxd@P33cP>=BW3r`{F;!`Kw{e`uDeWT&X-=GeQj655L<<caU(17t*}4CI
z;E3++&x5B_Q}add4grev&hryXUo_XH-D263JDenQdvOxj?E|l!BLd4!N(f(u>+d$7
z18rhqFI9mZQdiTKmcTiJH|9`2jMx{pJ)&amtnSAixBYc2ZN-$Ttq|Gh4}6`Lr3l@y
zYm*87UeqT%jGDeneb$LeDti4^kCxqBYKMe*0EQTa>Cp|qO2u8V$L{(J)kf}9Mdhrw
zFz-jrwW@M#rP&EZh`!^wn@v8CHDB13!hdD|MS0JC%9bL|dmqWVJea{GUqczZcW%0{
zOD1-`GKMkGC=wQUn^Rkg$dk!IE$D`Uh;C=VipB<)k6ukNc8&*l@!43aynm?)h*nN-
zOfw2U@OmjzCw;rg_05sF7~-SdpxK?t*Wx5|l(G`SZs%FW92CK&l_D}(t12a_dbi9P
zJ9Oq<81K7xEaNK6pdX<r7Cw|rAzlo~KvCOT^rP)e4G}>{CV;kYs&~B8B%PC^Ye~!C
z^3@+F1AnYzFZ22&OjYR4C0i)$(_<Nc-4S<XiOtEdqij(-BWzl7LCPVKO~%=@IlEbI
zTH~ZHcjfJ3%>xk{=P|8FIxh5~yPg+r2uF%yO7Z84`tNC#TWO;K-#&=y4I?n`V)NC4
z)c`<)puaH;8+)m8L@Xa^<#`VTcN3=sua^OkJNbDiTBhj%;7|{~9in6hS~`yGG~DI+
zW=o-v$O(|nz}&vpcF@0wO|o!qKy$o|r9hC;yPk<6-@VLCXJ1D*9UgNzmFtNB<zCe^
z5E2-+y&Jz#Q3}Q+r6f4#x+?Oh5~p4`y{zLi)G1TnX4zMUN3uC_k}dICI~y9g{O3PP
zoowTL4}#)SF2&Gdh}-O@V|=b?nZnVvH>rqo{1VdIPmHfGL6DFBHdhs5cw?5>@{Fa9
ziI`=r))04ptu15ykh!jjL9d?8rR<i8&u~I71QN8a0@C9W<g>SPJnHp&G2#2+^}yVx
zw=SdY)%Ad;AA!8>arXRMAZt}3TGZ1v#^qA~;>6N~&Er%jBc+SS=kO4l&cm8?oPN*3
z6iU;`C^8rQO7w%0z!bJ4BY3WP=lFF)=gRtwxcfocOgK(T3Vn6VmI?uOM;mhs7@>a8
z)ctjn$+oFSL44&QVcVQvooc$7x7!{hK4N3FF6>l}J8&M!1>eH0RSp>RM1yrkAX(E3
z@ST$qv86ABv7IW}ZTX4yJ^V)euUS6e{3FhlSrrLX>DaCR;KdcQokD*fCZP4i?hroq
zF5Q6IO8|_9H*PG_h<L{*ROrTPa;v^+-n4Cclje<6H?ExVdbG={-M3>Txe*agVBS;V
zdjM7w2ti#2L!lH)WLl0Emo^;?i%j($6Jp!IT8wMXNVS`C$>Lb6Fvau@?9f!jYRWy^
z@?~U8NEUa==z)DWPJftpJ8bu(<3*gj@Qu7emj@7x18Ogfb)xOrpsDqEwnRnaf{o$x
zN7(eu6z@3KtbLbJ9<!czY#Z>+k(pym6j!*k<B92#^&j$qYfT6MaRXmt+??S)5S(<h
zIXYa&rGbEAAoEhgQ*99n5K%@X@p~Kq)9g)f0a00FI0Rb;KGmGMVZRy792(&B85(aX
z5z6-<&boAk3wRfOZV+)Lv}Y^mqd?@tBIh$!3LZ5JVwjdOz=GkhM4m&_m-=7;4k5q=
zh_zYvM642MNQp8d8%!R{fl`Kpd<PpBXi|#vA2#`ZpoJCmAqe#0O5>S1A#kA}WyS!E
z>g)#Ez-Lg*#BQ;CyDStlQIFZ{!aCADdH{R>N*)lRfhcYf-uI7BEJ|qmurN|UY#lA=
z@N%$(bp{Q!JOngdnlNZ6^CA98n(!8Ic0;P1$00Brz8yuh+xthFFNlNznof-dbVMi_
z=Aj5q*&$*=d5q=sQ{aLu;En@`j%m<#1|#^ar*&$lel_T7$J9%Q*SNHEP}?J2Po4=Q
zz}da$rDlvk13};dW}+Gu5qlYY;@wch$^=G52t=B3IAg$y9|1=xtJSYSIZhNfD(qO*
z(VMLbLdUUdhU=Iq3c|sNI5po@xo{YqZQCU?mJ9^I2L-|u-oARU8c6CJ)3W!181Z2=
z_&oaxyBkiC44Spu4aB0I06ysr=i6(uKvWFX{?t+^@`OU&{GCKBkmi6|r(dQF=#>%?
zT%d%_W?dyqFdUn~aEzW~m{Eb6r2G9Q58s6?%)eOjgrZF3(!n^0dVSh^VsZN7EiV%y
zk7wAE05}XH83l{=3}I(D*6x?Y<bzb>{Ch7!C5G3#GJ-D_s{?l)7Otbi6|;tdMG+(a
z<%8}gVAUm1ir61;mU+NT^YHCgodLr^NO3AmHgRp>V+z=(2@8DB-QQ3P;FwWg)R~r@
z#>woS&nm@3)d__o<XQj>O*~AMCO$(o1iKNIagMM6ytgw51SdZ}ckzOPMZ~Em2Thu!
z@NG3;KpJimM6U#h$2tbmuf0*bCSTL<e9Z|ZYHHWSXERfbV$+Q2bzB%D;xYQP2S*Kk
z#zNqN?13GOQTxP7YM`819;gnOj8UW)$HnenT$tYP1rSat@bG<2=VjYF3g+M3*+2R^
zb3IoKnlgJB&N86ZRdv9Nh^2sKL=leclpPG?=>gt&5Q-R!2140FgUlB`zk{%cigsS{
zV1)ML?3+-gUme+|9<|5$J+s#rb&D&7M648NjBu6ss=%yRq8XEJ=hwO%o6*NNKD%Xk
zDo>SRL!czENQASr5~gb4N*j*Tneu=l2Kexa!d_1kuPPdWV!*4*#~u9yh%x`^CYebP
zHbi8U+h<cAIJoaN$UEyV5CBrryaZFll<676Y9g`rFzR!W0De7NkiN`31|lh^HwIIe
z-?%Y)d;#gj5pNSZ>Z9<oZ1eLVAhVe}VZG|n3YffmAC22_V0IRN|87vJ6ilb30;%3r
zPPZHQV>`{VSo#2nnS@gI`*+XiU7_dFt5C+^DihQOifI&jW&|kWSP>NZM658ZPB`bf
zg@M`gA{P$Ye2`Z6*ikkWq#?5PHHg`7ckIo}Pvj1()r1Y^RlICCNQFzQg$wQ)C<bHP
z17O$YyKc63Y?|IU9G@uY%)2GjyxSB;T@-+l88EzCxt=Yl))FdI0DN=`o4j9fa&ZjP
ze!14%^0~1Qv!UVPvu2)vN6o@V11@Sf(ZpHyE=xz=p<N<q@2MlIY@Z{vIhK|{0>$wD
zwRQBE`;psrcZ=StVVnd2%S)!uJDn<U(1k}e${m2sr1^#E$Gsqx<>*$cc?Hxuq~+~N
z=J9=X!K?Ar$uxpPZb9PE&Y6QIPQ(2BQym{Wmd}nnjRtM-%uFA4Kqw9IQy%TSI7fAb
zena3HF1X0Rk#(ZX<w@0HY<#_?9;aAX>6^gI_FVu;?puYrLJ4j#CP61CF91-H2jD_(
z&A)%NW8w(^oF#<A!DKu-(wJ-+_;j292OS>D!>AJzfH}?s6EyuRQ$Lrm#SKTjfr|8s
z-F;(`5n_AS>+K{6WrTCwvaTe$j$gkM^~AqPs&mVwepboxfM-G<PAy_t6A%01J3$O5
zaq<vI2tVC({M9gU2oe+}AU*J0-);^z8c2lF33K~+jmI!!ndt|1OBHNUkaWhuy}o1}
z)*d?#SL33%#S}I7o_}iQ`Au`hyXD;gg&Gd{d>%MCA+oEvKJ*qn=itNL1D^peExLUH
zq%WH4hCw>OHG0otaqQZ9>h9=j`dy8eOKs*9ysO?pbs4phY<EF!q^6#>C<rq(yStle
zFdH!8%n;zJQZO3KfC@Se$~;b+;H+nBwc<kC?FH$<-JQ3s_sMuonic^F%a;7Q?aDrO
z#*RB6K<n83m?P21W@~$g_O>bovoNg`PmU;iS!6Y)uy*%I@p$y-1U(O2+881%fe^55
z$Gx*}h?*c!$=>z8o~IYMi*37FUig2y;Lv(GB$h2)LX(2}Gl(r52-roG_0*C`ZhoA@
zlk5ccr=XUm91#JcP{(c0IFU*LU*6n#{N@w!>?>ml8{imcYb3Y8H-u5Tf^^gq1pR&r
z5Vmb=Kke;CO{8L?V}&p7GHHpkvKK~Gph7j=8lYstImUV>nKPUcVK7y6&S4_Y*7Hvy
z;F(I476Qo3h?Af`0W)<coVuJ%rq?}wmcYyPc`MxX^a+PUoJdN8>JI^B0GrvQa*A*3
z=BJ;$_o?ssg=3Q?SBIa0!Vypp5ThJ7YRyD1xphbR=gYCIlFX@U-gI@Rw@UP6=j4sO
zM?`^|pejjjJ5@PzACSyqZ+?*M_Nh_gu_1?e!S>?*psO@So?X_xL>i_ZP%5A=PULCi
zIz%%rooT~mS7K3z^!oDP<G#l<fyT<5k^|U%2<d7bHhVFJkmkUk_9Kiz_Frz*ZF2)0
zh1TT~y`lk4VdPwrj27@K66SIrS`?qU<OvU*4u3%#K8<OSprTWiuUbnJpq<8|aBL>}
z#6tDVWbg9}t`CK54hSh>qGU(5be8$JNd&f1YshuT0#Mx^;H{7nB!L=6HEGkI)N9<+
zvp1WW4oq)yHzL3v#n}hBw6{}Sf>B4l<YAcc;B4<|IUAh+;Z0ZjZV3AVwo9aN=~C(t
ztq&-=u`$l_c*hzAaCHN{T^NU3;2nP40%JZ?45jlOt9|~&bqAn%w2MbGMcRXXm#1XK
zhMTX(-291__hz2nNfD{BZfIOMb=4Zw7){TttJACB_@&M?G?_}ks=M3m@otf-3_u+`
zelA#rV93kXhcTbR+EpP6xip0Bl+oeqWehlxezC3|;!y!+C3E4y!u-KdO#cRzoma--
zq?O+qEk9SU_6($GO=Yyss~Z@aQ=JqF7P(~}!o~~SD7vkxHo9xw$!14Qb^jS$=xa6u
zkCKVF{ix1?eL*kO<zEd+ekOcQ5quEy@#be${nSrqF5-%s(9daoTc|}1-WUQO{p|Rt
zESGi;tVRn{)}HwyAKfI5+3d;|cw@Af>IGfLd%r{b79XoiUhLO(19Y!REwILWMZ*2U
zG6Pe_^7{)#sPyU)24`pO`a=!iZuTv~@<2asMciGqn7{Ihh|T2&z7fV)ABLep+MBnx
zoV<Y2o1@I(?mv@pyh_};2Xivi64+m^TlaPM#)s+{PB!xbN__Qm2jQcQqPz+Wb7{jH
z3eLWLd$iNcvEsvdc&0w31s~Fnon?-DaHMMR)Q)XFZG~@WdVOA95XG_>@bk?uMcLP0
zL)P$w2Qx&n@Qddm75l|Qpz5_)ExsC|uu%Tj-XO*33IA=23fSRI>ze&d15fWe>^sUg
zZ~Uq-<mD1Pv*5#r<9+e`NW1khD0%pU>pJ@}oUCwqjWEo5RUw57Cc)c2C_G}>6<R#L
zqtFb5v>n0})&j^ikM&iY1!`D4&yN??B)o3Fwm-Ld+HYvnfSQevk|qY_aWrHWOxQ&?
zCwl4!d~d_*7N&)&VjEcvL~xvf6j{K+FLIaio`c1OD+`&%^OkHmx|MfH5rhKCPvBAm
z{Too>V`61fxVx2ZfYp6Y$3A%F$bs0<p%c@>ziGvNlLY~Undb!LIt9|<diN;{xX1Wp
zcY>w@v|kQC{J7Jq9`4rn1x!@iH$4JekYnH5;vxF!S6u6<DVbGYNOhXF@4O%~zumx5
zo!P7BXq}PRmdo+3_nG=d%?i8r%4EgVM|q=7Eo&WdFt5A>rh|uxmVGj&M8#dH5U9=K
zLf*$M(pk723FdFJ5~|`q9W1C6`X)UN<a6E`$=<$qxv8o~%BFG4JWe26(0{f+m|^=d
z(PYb6dx2x3UA9KFv$r3&ov5c$N>`2EmUu3;<&~0p(^;oPtd;uS4pw?K$>it;4#l9I
zeiwyf0iR1PWSysk*{iVs@rJ<H2sM_0Bi>2{WdP;88Bc^IJb=;MQ&ZQX)a~8d5Sb=`
zRJT3G*RrKVUyX17@l6_QVgf*2TsN%lysX>yV3fEqOksbT^m%_b>x;?`A=S4YFHr;r
z9znmFz1`$F{xmm<Pyd624kP{hYB(B7QhMe%j9xigsQvD<o8Gxlp1r2;HKSmvt&a`@
z5NHTj12q2`%2e*Vf+O&}ra^61B}|QW=N<8Ql-T66Z3=T|o}%GVu2#pCgB5BG;yxmx
zkWG}lZUBthNLTJz8<>QZt3SLiqt&#_Hk=q?1Z&4#jp5)20s!S;(yc<_?~eepG;1<g
zcac|(WlNl5sP=o)JvW%+H+0kGJ+rZmj`Fnt6t#-p3{7AgT#awwh#IkWWKGo#%b`da
z>4I4RqVUrGRi<v7O`t}To~=Ae_9iE5W(o)jrrNZ#0<Uo)hwDGifpRdm*nVo=HPa6|
zeE|v93sM~8w;u!M{H`;U7;-GU9thsBH3n`*Wd`??2s5NLvW|TDNZKSjOYBWsSRA26
zI%`ew6$+zjM`9PvfsY_NU$gBbPv%zM7Yc6`O9d39@9!n@ys_8!;ezj=$l^mLSJ(DE
zHbBPW)YGFjun#yypBaNA-prc%CxCpLd=<jB&_J!Wnqkiy=aS(~64Wv3iCct{^if$@
zq&Nd1vkySc$vsQ6(f&=Z9?I|AnvX<QefIzG_Qi`!Q~{YIkEB!bpNiO5RldQA`CT>T
zJ`v{^eZA!9zAaU;IXmQGM`HTTbxtc2c{VWXpM;0e2S#uryQ-C09@#K@p{~3>qGhHz
zgNVZ1xpz6C+v1dHV^{2r4|LMc?&mY+hp!t2M{KAC>0@8I4LD%TPCx~PJeQPWl%;#!
zb&rLzi2*G-I47FmnwNnh@~FW+6xV?nLZ&L)3`SH;<EBwXnneyA$ysO%86?ysPb8EA
zNhrGcDk%o`053P<73{MncRedzBh}%taRwXK{KH)%ai(21%9seVyWGeJme&M8?tq|0
zOjj{b;Hrw1+@4B+bMR`ZM-V<&C*RWZ9hBa~0r=)TjVGd%*&HB}9=kYno=1aipx<}<
z2*SC!M(8Ml{w;h|g7;Wl<<coajcoetc%u3hx#Apst{8^3Ac0B8rOizt?{QaPQ}Wih
zNBG6+TW4}^>x4@pb-1#8iC8Cy(@2@lbG${<bc}z%8(<+*kVu)x-VxpjAB^jN9Z{j4
zt`hmi3o7E2ZKvmum$TjR&X$YG5oEo_Qyav>%xKLA!~46l^>frz*oXv5AtrTO3O#N*
z)ip7CN-$n1fg5z>T2@wmvfk}m1BvU7>R*-)B<4o1lhn0Dc+yMIP#bubgt!67{G8=T
zZCLyEB3IbxV-|CZ2&`OKT#AVI)(JOJ0C3J0WH?bOKjItaMh<tpwi*Hfn`c3G89Zz=
z7#Ht%nobkLyvQD0rCIQ2wppS#dvahy#M-#i*>B6Hqe33ON;?6{1bYBdH@TUuadQ8L
zvxC90{%htJb{HJ;NZ>oqBL)i`3lmb5L)@U^IzNBb?D%N&o+ZC!ob|qP?Yi}b81K9d
z?W(CEnK7ABA`e~~bOE*Pm3?*IQi+m|+MvFKdt;aE&}oV77k1-pY^s)+jyRn?<asMB
zH)adt0OENlVN@xw=|h%K#yvIRAiGMM1sCwzX=+&jxvvMGtO#0%L_h}^<fa040S>1r
zA1*M^zou?0OFR`Zn3phH^>V(t!$H#T^w|UXY^Oz22vF%LRHH5VUa^_O;xv{*5aKZJ
zvNpb@Arw6|cG%j*l`fX-&f)u-i*4OwEF&!J<Uz{m#%;&mn9snwIo`Vhx}R-;b4(Z$
z6L~f)7ak2l{ANiJf%Al*SoygRz+4S$4v+Ehhz`8s;_drTZ3vKP22a>}|71|Q$9=^W
z$GH_EZYpIxa<Q1OF`sVyH6yrK`MDi;-=JxW9|WqM->CO7i4*Nl)1oo;MAO)v-ZjW+
z87&^48--A?8;JhOuB51fFvHfY8BU9fiI<>Kt)*w*Y53((sr#+ZY*xhK@f1T=tB=YO
z;`lb+`BHuZ*y0AOz$+Y3W|HBN>BRN?w!NM$>-mtU_e8;xx`;y|n-AZtFXm0(1*rb*
zl)K8eoOXG7-6)iADRMn!T;&T{45*8AXw?%hIU@FspG9qhbr}P!IBJV{)fAC{)dC@)
zKy_lVK)*tU0ebwh@+Iedq@9%A(*1P|?m5?QM}T7U4}KWM?O`}t*@iR!U^Kiv<f$Pp
z&ekemhZ#K!y<glFg^jSysj~^uS?lhsv0Cej6=U{;htjj#TPnF#UaB*YZjOM*0x#RM
z_~3kC>BSx1<@a0NK}{ZaqR7b|^G^)SdgDGS1bwEs#*R*ZKTN-s`vg5dQDYWxGj4^|
zfvll~8YzV?V(?;|>iW2Rkb_R%N=dB~#%!2w#3{@6EKWT6Rpr^n5=?*%6TKSGGeuVP
zgLy(@l6W;?W)T%HuwR;qsXNNiToZK>&Y3UVb)Y_jadYT{ry^B4+g+Ebe_+CL#aGJ@
zGF~|v0PkXY*U+XtoUYT4<yQ8y$>0Cbr)ogA$_;g?(t9lH+8Da*a$KEz<=dTJlaA%E
zSE<MHhHegdCG)e?Qyr(xT=4&r{~Q#VgRqCQykk~al_#Lu>gv?eY_~ekK-$}+J>`pY
z4m|MBW&~8wy5dV~71{%8DJ};TW|<T@hrUx`bCTp3IMP?2eR`x`;HIKw&BWP86X9fH
zuwyB)@Y7Xz>I1#ti)ui|O-3wBTM<zm6}4k&@JvC7Otde(Jih(pmZ%UYrq_RXb~<jK
z7~aT8_O$lB_(eGrPGmBEVwQU(O)))S`<+I#4L4W3(ACZPTlXw}PEWSieqswokCLBK
za!YbtFFpSzNl|1}aurLf-$X_NAuaax^P(HF)_sI(Iu9k<c53;}F|hMHpBFgT+K4s^
zd^S0alx+)x88f2!6&a^)alT`x8PAONP2QK!1M0J99jDfsi*auK?0=-{lIZarRfyhW
zSI+?!^fLzqivs5M4St)PtS@Jcv*?c(<fGJRqQ7u(Y#>(WfH23o`Mm7a%QvD4R(;z7
z32@VgOq=&(%J!_M4Bg>I|LD0(g};1N;K&ew9Wrr2WgsH=2=7HdZ&1Y)YX;788SKJy
zB1;<Kr(=Wr%%ZJ(`Y7A3?dO<2Ht_IG>aodDevPCf#Z$-f9^&@4U=ca%G&pI_R5Ax^
z@8AtJl`Mf#yERX23JaGBHea-GZaLF0xq(JWF-{a;`kwXWp#*h4*j|v7i&IRqfKhAt
zo4y0s%*8Jwy>28rTb`~<C_bgI&7^8JzM6_-O_0u|wu{nE=d7J)s6FKARN+;Xm7%($
zU@?b{4ZIQd+2Kf)4^$MP8ZdtAO!XyZ3ECpG_UMpzM7u4#D)6mpxo6v6OjYBy5k58K
z%Rn~%h5m)`e(#8@)l7+|G@vwqR(EqZy@t#wu~NHAXOOsnIB38zQ$t|k!;89Y{S~cN
zQ^WPOry^f4A)4F?lqgNY_*yz@{9uW6L}9=VD~^h)oOua{rl{!Hebtp7ni}gG+YQY8
zt)rO)g2vDGNDdsNn%G{@ap0;^pr5zvI`ILAlpCKoiI#vV@_Bw~!eWp>sVZ)${?u9M
zmRwK)ql*wn`MtQXdy>d^c{ESND66=&#fjC_EDxpb@9n0n*3vc|_D9mwJ2ndT1i{!s
z?r6VA+Kl8e0hO8_(^OH3>s%G*KeJ*z;pYW6n-VHZZ+yae*e>2H_q;tG?t5BcepH>>
zxMVN-%e%gT@wHiXw~FHC#HtYP9@)@j6BxmT>@ucjh|XtwAbQ4i{i1MQU8|hFSe3$C
ze}1F4Zp=+#gSmXU;?hB<jfp&D8D55|iiw_tZUGfygM@b7gkazmh8q)njoDy&%mejL
zUDfXDu$|INXQp@n5%L@DeN|vJC$SF@Q5w*V??g`vIy7s9j;!-jHmVq7q=4$ZT1uh3
zN!lRnWT&fMY3GU3M1}l&@8mc1*>bt%2{(+QjP>+P+5p$i8(G}VL@~poeUw;zLi7|N
z!v$}9%_Ev;tMQyl?zSsXIwHUM^qhVUOmE{ry<8)venEft?9mK|Q5)3|O@p@`DaIf@
zlb&c}Vwp=xDI7%joMu*1AHtx<JBV0vWl9d?uq=SH19HFBJnI}0%M8)tL@p-thbn7L
zb33>s)N>o%XCifp>2o7`JlT$v2h=gQn*<ct=_D>Ni-=yfG){~~%D1DL##FPw+n$L?
zOWjP-$_?0Oo$amlp-SCRgPX%Iu9NlK6n!aGgBnUABvH@cVBVAm6fg^1brm`z4)Av^
zxXly=r@*jIG~ZK6)uMc;g^A;&QqPZV9{pl=qb!T~e7D^WUR+u?lwA3^_339}y1?6r
zsLVzIg|#Q$t@er{OS|YVo;JH0mnNbzEX)oDW$#6WnTl?>+Ia%6rsQpb>zne~kDrd1
zGIF|+Q_BS5j^$E>Fpj_)m}*J5iYS8N!K1LH2STc}$>mzZb`{U0!()dE93DK?X#{21
z57MsM60v?TUL2<Fy1ts*i@_AnC#HDVXOR~Pc8nsOyZEbg@HwVmay_BQU;d6r_7_Q8
znkyGEy1q@=?uA{qEiDDJ?F%Xrr=uRnM@m*GhS=1+rPArciF90rsd5ol5|X#zQTfUH
zgK(^MXAN(S(8>C(zfdr?!$6e!npwL#;+lPB?wmofilGQhX)mS?D+wsl9VvIIHk+c}
zA{U`_1t^wr2NmsV&1fA2!wCug>$SWRpEt2@WW^U8+~kxSdB>Pu3lU{(Qo?!zp0qiz
z9;T{y(%qlw10ZfNFl7LKr#B4|mH=ni0~TJ$m?f9Ey(+B?roNk#SNagjy-Y%A0GdNg
zz&aKlfo<yjmmZjYf${pQ)kWIHy%cIF9IVxxp$)Xhrdd_RzO3vft%uoSUM~Pb5ilb*
zv-?d|PJ+rCPmvpCx5uB|O5X)I-5yY*aOkaRC_B$EpcHL9`n+EFPumH`ZDfzyWP2%O
zld$gvfGUde)Z_V;_b|v>wY#*WDYSZY%mo9<+*kw5@>Y91w9p`eA8Fns0B}HV3Mfo~
z*z2aid@z4HgJnzZ*DiRTi*x{0QqEw3P0><$e-LdC$Xr|4FdUZw9D@wtc{<Zo8RmCA
z{xI>p6Cx^|KTi!nxu(e^%c!FeW}_<f1q(wo9TYe~R%6_`eAcE2)Mu5lITu$#xeXOG
zyj~T=3`l<w-sFt*@)|;_Bea_5;FTf+TmHm-gI6m-oyd?USoHJ>kowH5-F_!jnJBj&
zg8(|aSI<Dy?vI85%bqEl33z9H_RvTnNO$-=Jn#3uA<tv{sq~Hq4+GY&>p8GbbQsW-
z9oqUWp8)fg>8u&zi%|{%vDL+m-^K#R6m?Un+UuO+M<7s7+f<*c_|2FP0N(rT$^=kY
zoQE2eftRQ3^vHgWzjmP~48ikeycASqOoAe)qfl|#c>A?zFzPQFH=@C^zRrphC%nMd
zUF9`g3><z_fw3F92LhmU{I1cAc#YtrbEDTD2Xho1n2PiUAA6;rJ2Gu~K9|qlWyN!+
zEyE?T3{(|E>l>93QC)Xz@3I^;tZdYB?1mQO^Z;hwY{vjLJwDP>k7(JzclJ8ZRRw_v
zk15jXLy6ZsS=&M8ejy*EQKK)UGE*GoghvqG+^nWo*%%=!$Ayd`+Fta3S_{>!&AWbN
z4cC<E?Z{_<7I7lNJSVzK!0Mk47_~9|L+f*T(l7knpqjBQfeM^_<9T=U3SzsO0aY;3
z0?1O6@u}sc3mAn_h`t(E6pz!CgR0rQfCcQj(IqI*mF5Ja-V(ITJ40(cTQ;Rx<AOhc
zDh%Vzb<rGeLE)k_kMm(p;TWtWuiaUw%+m{6f{-j>3srX91+u7x)(xm^>NK)tZ|7FP
zOyw$!y927DRR5sSgY4&^D<ka$Z4P3b6xJV*7dH?MAbnRow-zy6vCCu3%KsyA2rLVg
zY@@l=11e8?uADtQ1|?Fe*&{mvIn=m=+G%t5rbd_G^>nV+1E-sJJw9~w0gFn8@64F>
zp3}kQAQSmG57ZGBZfoNQ7W5d9`^(GJ;M5d>FjeMvlAIg;gr<kXuNOQuF0Awd3qtc*
zfsS8dhbNh$l8>x6vIyt9zWpSqzVC;#O4*-5#A!4*zXFYV-6(q>!6sp&aY&rL2N+CG
zn7UA0_^IfG*qm|;n6c28_r!G+o}i4S7`Uq!^pjAs6=n=EH4xxoO@mfZ;%S{?&jJU~
znS1YJw@PXsAVqh^Z=jaN8Nt@^M#=VqQlQfW!aTKZ*CDT7>ywy_07d!s44gl-ymcOA
z22bDDUeELlB;?E~Z9cqiorKbHCy}mU_%f82PnE(F7aYzux5hls&O*%cxRGv*w&W4G
zh#HgChUqqFiB~th+5}iiW9|<vW5|_z8T%p^L|Rv>4tGo!Fe^x^Gsak%C~KB&W2BG@
z#d1~+h|`SAC2Latzuw+Ep2|P|8@C-J95Op`>>VMFNXOnK6*414s6$zy?2(a?Ei0sC
zOUYi@tH`Kql94S+b-%7YpU?Mu-;dw_zaITj=Un4`uJL}2=XguqdPu+#t_7El>9sTm
zw74AgrQBbhCxYI=E&v@sk}38(ljSuV@qw0-&T7QB{CaglBmqf{#osLD+J_1oRg`c1
z$+DP&vUU})Jo86Jg<}nNjDH*chnEN`pMi6u_i>KiSVm)Cb9#m7gQb06+Jcd}t9qD3
z2e9>`2>1!y*vSN$Ta%v-ov@4!#|91XxWT*)A3ERQR^L$z&&Oc|;OEmLxVhxJrcdjL
zG#9hK-p*q7qQ99%pQ<hPCGm`ZiZdXs8j`Uv>y2kT@ea_d-+8CI=c7eS*~j}((eS!q
zz=pDn2@Oh(wGv&R@Rqb$Bzf4BY=}=AAMcXr^sCT<+dvx?%!8rr)m*S;qTgP~^z-54
znwj3X0RWXB`!;h-7Ws`khf)U7_W_^V%YShCc*i?v){nXt&R%OW7H<?)!?BT`#8pq+
zC>p$dIjg$kPoMFFH&auFU93b=q)(LuhX;=zu9K!*YKjSBR(2Y!_wjtskv-lVMj=f)
zFKYH4E^Br`lYFx3vH01L(<kfkxI!8?6fu7A1zxP;@iT$a|F{5;HBz~HvHK=?!zEsK
zywG5hSF>R7K``NJ3nIH-Jn4hys38twX-yB8?BKrE5mU^INvR!tjz7Urr8MQc9gU{T
zNYov<!>pi*;E{iyi}n)YGlFC{r~(FqTZ5R4KE_4<?Nt;k?{UN+T2_@P)zh(n2=_NQ
z!;7Nxo^kqpv#~TKo9w-thIk#x`s}aM*shylr14U~BtHMS&gRRP!MY#IMWh4nY}c=p
zHQxzd%x)<AmdZVHhP#V)i&^%n$>LQkCgoBlFxJEF_X<DFurao6#)y+Gl4`N;+dAEK
zL(|=SmR*e3Z6W?v%J#(3|FtqsGHhmh6Z+U`=PB+<4QFZNB<%te>{)-1Zq5&WF`^1a
zAE79SfoL>T#ri0SfM*#D#%C0=Zqq0oXE-l&!oie{X^~ro*Wol42$97!zgnC-(sFx&
zJaNIO<$^e+4cplSzK#rAvj90p=A$I1qQEEMiODRQ%!y8vF6y$e#mMj+#<oYSGD@9Z
zoqq}d+n>r<ZXEk!BnL-c{g3WoZjRJlFO^X31*qKUhmV}c3$0RVmFJN*l4G2>U8X6U
zXCEL0fSZ2JcS0PA73)i*)@=cq>%z?hGtq7XlGq|c<8bourHQY~Ajeh4C+Dh;Qy#w)
zs{pjw<+lUe54Sgg=r#lFZ|ed~iQ+}Bf@3JgKhZ`sQgPnmd+^T7sYG~_1=MBN;I~7(
zW88_TLROVy2V?P<ux7ZHcZ&cTJH%8uy!C3x-~b4hK^;d@KPkdTc7rn@o=P*L?a8M~
zCZouN&sMTFB@1qZx9H4IVdtKH_O)ln$aAB7e_apt>ChyxxnRZc(s%!MLik5cT$Vk}
zn)RN_ivPNnQYr}aEqvbUB?vR<%W%bpnUh#6rw5Qa+8an?%-O93yaQkJ#9lnSKp-qM
zel@G%2f*`N1BK&RA#ZBa6I$sZ-F)LlISoteK;*%(vd<I>%w7-~(sHx*e%DOAc&qzp
zcYluy(@jT$0vY8w?JdaI+aA`SG!NN|$hjFP0y?QEqpxd>M745D^%Au{693@KSP;$E
zy?EPT*9989t&165#Z21XP``w8d7@+XPa4svU};GpZ`FD4afxOKCB6BmJ(*;4F;j;p
z%(}z0WGmBml=W%8xnIxdiIspX$rbLU8O|#6qbV@VqrWa6M^bvgyf2Y#ZVX*?EsSa%
z;8~*)`gq~gd$9zy{^Y8;i#mT4bBbgz(xnZQeiDJ4-;{e218eWgc2(ytl>+x{BnHnD
z%p2YIB>qsQyBtN6YPWPTRtm`9923FL_^Xlic8@|&?tAi~zM}5FrW9vw-%oHBeenA^
z9k;<6icbeeB)x4<{wHfE)Vydh0mo7?N_XLvaqIS!^`%YM9nmB1Z~ey5Q^6*pc|_qC
zQ|7Q7Y1wl}Oiw&G$^XCOhZ5tF?nmxi^txd`U;OX4w8j^lE-13N#yjS=G2RiE7PiKi
zP`ckd^3VBA;{W&jkD>{D>WXSI?`nhRs8=k%p~Ltw!E1ssDCJIu+!DsVM8aAdMmb&C
z-s~m|8Wrtt5A7bkCN+QlC3clrg?p$L4SU<%jV(?F&P*alG6x!wL>*k<o`Mjah#-)=
zzM{l7{uFcEe!s!b5q4f3<DNuUbAu>gwd~triD|EtH5KK7N9V)}(;7NAOYapTj}Ey<
znVfmX$5cgiYarH@m2vhIM(r+t6Xt>i`ghh+Q69<x2)n#b>4%KE*j4Xb+3MS<#WL<p
z(>>Qm!NWJTEXq_hm0$hj3$*r8F~9@T+~dCVp!ImVe!+W7@ku4B2C{b-rMBPF)<1a9
zhyGI73gPYk?{V>l{n?}ya&dC*8LF;xMpjxBHCDJnZ7t2oV_VIje&#2q(gZw9{2^VO
zl{QmT7&+Re%TBdm;qR$+_yUt?-o1i(<8hGT$M*;=@2Cd$a&W8XE0ez9UcnH-I#V56
z1+J%E7ha~c(lJqw-{R)rd&(Pd{2&NRIjnh)9YrRPq!LWpq9SlT4@!k?{R8lCuqd^x
zClMz{$KWNO#RAig7=(>6Sj#2i<p*_I2D5Op<#(7bSPOjJpmaW|T$Ib{d@?v_sT7)|
z1mK9goc9EVx+{`j^M9-bQAso|R-g53lzDJa-raq->~@F2>;SuQe(NcODsvB`)In>{
z#<&<aED^2-%-m*vEw0;%+7-n%KMN6bn!BtC$Q$y>$qBW4j)_0QH4O~oKa@YS8seGm
zlUf+|I(mC7?oo`vwryoSlvus<n;;iRrGE=qr2YM%OGuL8dqxYj<cGuZ-v52@lsEmv
z6#}AIfPlu#%>vR7*Lt7tvW>B4_QqO$@q>Y6afPTbx!WqV36hEYc5kQxbGm`=w{ahJ
ziEL&gAyNCp{_%9<95uT%2kzK)nz7QXLe*MURooJ9@NBne>5JQ(>SpCIkT+CJ0%Ht6
zcD~Lb3306-iS>pn?sZ?F0O>e@PoF@#GuKJ+>7|pgC-9lxeEVEGs_b9+6%bw$i3f&M
zVGqq|4zwRQldavp%5cd5IFwopCjO!#i94sJwZl9`5>*}eR<i9yyI3dAXx-`a&1Tlc
zZH*vhRmxe)n0%l@7yYuGk~)9_X7z>(un-oDD56m@PyUi+fKX9bLwDD!GHjml&piRh
z>S&HX2L8{=;7)skNFFVdcGZ+H92%dLTG)S&jB4D{D)okGmNiO~qhz#_r-<s$vTv)*
zb5r#ul;)s5zc|)WRl7%T_~zMVnw8(+Fu*RUy)V*shE(}`sEnib`{Cr*Uo@dC)=_Cf
zQ66997gvwYn9o+n#jBaQFsopbuLua=4^i<G-Ca-Az*WgTIz4yS5@{eEpP5#-yRE(L
z!b~3|o4C&seB;FN02l{smG@c5@7Hq*MBwfo+-hZ}8+p9Cf!O$cDCcO~^T{o4gKxWC
z%pU;~z%deuL=YYw`>sV~%&(ID0A0w7i8?8b@k;A>5zXIM`J}<FbO0&L!4qSW#Iv~k
zEe8dIbx%b4%=XibT0}JMQr1inqm^9~oGxS=wvgro^{rddruDlBEd=?B7km<r*lgT5
zX_u(z`W#5H3<2J7Rr>Nj%>hIAJ8j`FNe)~|`3Z3M`35q$YBDFKr&KfDkT1A?M_4qu
zVJbY~mF2(_`tl-kpM#8umtpLIXh{l3OI+yp@_4<LyFLg(1990nDz3>P``Xk(lEc%Q
z%&m9;^8b-yNEE*TTgVL%Zg-?cQGhV@84CaP6R)R9zP!XDtWKm6aJwMyyWBM|mRyz2
zt!pvzZ|mW;L>d8}wy7cE45dL5e!0;q9{spES{k1ihWaY2#(Up@_x|##wVGH+8wQvK
zH-QW2@qOxkV~B}h{Tav_`M#oZ4+fJxo@~6iM8$1z6R|kSyu-&{C@6;F!C0d&9)M-i
zOC^anOFTUhTOZ7B)qu{ur6o$0L`VSuD>)$b|2%VWaVtOX3%eGHx6$B(tC`%F<aZew
zF#lmx#27USK|*e_iXw_uquPWgE&ffW(l1EkzkPk0RsAE=YnIA$_<|-o_hvzsZ}1Zg
zT5Y>8XD^7)_|*g>_>aUU5RU$MF5FP#kU31jbR_0EKPOzc^NbaUDCryY$lWP11poYu
z4%Q%ZL3l?h%mokSIAVQ;zitj}ARv*u7Z(Fh1cDM(u`|$hQgIJ9{`u__siVVohp{d0
z1E)AO2l4+GC{oNWW4!}aW2a8RBi=xVlJTv$Fwy4mGnpd=rXlzREDUS#m&`{sb)3lc
zfDxPXw~GfrI`A2>SU~i6aGfpfDVmk50P8Bb|L1qX6*ed`7tVGi$15ceqPWgZ9yxw`
zSWC6Q>*)}?w7p5eI3j!yuNqXjxi#MfWQr1L7tQLcv+^K>j3(M$9lx#A((Lu_u0=!q
zEak{-ZT3l;06nrTMmp;JQ}Z>bFc#M|bmuFjllOgrBoK3q4<HzmOaR2}yYZxf1;o+n
z4Ucxf<RiBnbV{d7npA}B`!gI<ZEAi6hPFao!iTZV@tcp+?3Ey$xgynZ6SPq!P%kXL
z&?y+#)2^((_!FNtMY5}p>U{`yOsxvR`QjwcWI4naWO!q5`Q`p!_=#+A1e0LeSJEsR
zEj2&kuS4;%zDMHyAF6|#>hpASP_feTLIKT0oNw^8z18tWQk5llEsA?wDTLR%E$gBY
zguE-H>5DI)HBbe(@qo!v_BBVo;{X|(OWmjivVIi_Qk);(`F&Sx*NX}D>`To_Lo1!T
zHUx&EYly28qn6o2VTv3}tzLMY(h>;M+s%M+P_<DuckKW@T27zp+>`yJZ0@c{G7U~V
z$3l#<f1e<G7lBu9iPLx&_f}u>@%tjnMA87EUWVQLypGM`r>S9O(`*xU-rG&83lrl1
z!4UNW`D+$T<0!>G5g{_eFsPy9WZ%VA>r1*<KBr4O9-tF3Va8?PSWC=PabeG{m<|;X
z&w$dyNoi}=v{FVA9?5*Ui{mC!{5l3vC8JRz&EP%%skzFjt<0zG_i4o9swR_!sR(Dp
z$Zn7Y7zDRoGyF!{_-Splb7D}E7vFS0@n<?W`VzYjvtvYgT*1SPF=b;?m23(Ip$7#2
zNaI&Ysvo&qE|7{|RDI!1rg%m7_V8R<79TN|Oa*HoGqYjE<xK61E*IwG2X`axVvk__
z7Ru}C$Gq=}^P10DLhvr!28=VEGUZUnQAVWuf+*kv&xnH)DG=QcISsY%NxVF%%8}0?
zbR<9v6ufO9v#rt|eXoMmM|o|(7<CAD$aC}<X61%{JmTFp+kC$xe;0D?o5Y0z+_5qw
zlK~%o!bW^&NN=1+J)#USL4|QWXtey&rMcK>&b-687pW2aL@`pmm^vUEWjoc)opHKx
zPEh~V)xa3d1%Q2kn{Gm->G55PN^3FnlD090ZkYKgK>szdKY0WHlva81jhxlx$YIc8
z2~eZbyrh~C$}7Tm`5{C_NUKl*wunlA;`+<KHYSLUq5x^ffBiZ-4GG`hZTJvqL<(2L
z3^D{b9|Os$X!t<?d?SU#KmY#^I=@m38O7gi3LOEVym9x(DX;(b=>iZXj<)}XI_jTo
z@cO)fs=R+++6;2rzx({l8vr>O3=8?}1_w0s(=zWJvHWizDFiwRsx$@h$=_`Z-oppO
zJ3CGr|Lqg63{<thbk=`=UYZ8rBn3~cf<OiHcb`~VfGfJDUl{%UDe&2_4193v%rB0*
z|KBf(K^zR$VfewnCkCMnGs)%iI8Y+ezXIvBX2_`GE~34t{_|(F@weTdAAcU^pS&zW
z_Rr9>dr{7fzxHCd<`E0R!pTcAGhRr~88I320A^!G5TyOpW*}Do^r_~yYJg#(WE)9*
zb0g8Z^7jOTC2x@1|9da^d75gzLyB`{bl~)g*iR}QC6P43C%}HcK_}D=vGd{yZe=<`
zUxL!$Z#c1B`OkROLhuEle;_w|@oJ)iDF)hnuRj!<)o#vp)FSPW<9<6sH^<7X|LQHi
zWZaHX0Q&7`sI-?rRlLUOyP=FQtC0@$Xo3E*(FQ*s#AWL>C_!qFP<{{4+UW^s$p4i|
zK;tMibS^L9oZG9(yG3Vwz~8I}hy-V3KEy^NijXmLlT(IEZ+HHEWKjXsDnzq0r#KJ#
zJ7H+h@$4xEwD_;afRuuk05iEe;3{>9bKc5mX;!P4+mJeI4XdSBb2Mbu`j1bKAn{5=
z3nBae?W>~?k9f4NBh+e7p!U=vOw<@c2BC$j1Z>ANWD6ytytb*ZIz?y-c|@v<yjiBo
z*@I!;pa`XeAN=_<f3mraEoqA+_>sMOrz2Vej)L!fCCk_W_3lH&hZ+KdcMbZ}Fa6bM
zK(oCTm?MA1fAt58=_TNISK__BxcDW&gH$Sz!WQ@r0biyPqE(*fHZecX{_oKh(I9fd
z7u<isbpyl_&@P{!c<J;7p=P8-&$NaOsNy6aUS<3`Qk0x(b=rLy$Or!BpP(&^*egl}
zZh`648~DZSGaC>Ue4~!ZosgW_a6VGO-KW9ac$_2c-}@elZ>X%~L3IFu?<?X4cGf`<
z@o_ud;)*oW@10ZJRC@(DOj-?@;Yq+?e)=tnCzb{Ca_L4o8(oU~pP{N@lijh*!K6%G
zkV1YtQNLp-=l5ghKn6+6!sLUi9fn$Fwwv9@z|-bEf-v0#VUR2MQC1+5+|TC}*5*MZ
z=yO{s#Qa6gVwyS=-MY6Z<&cOklMLTKGfMbzVx<XbKdzp0xWE{;tZ3j;_niVS7j$pr
zM_~~2<o%*^94pH?xH)b6X7+(7MX~Iy8gdpByquwq#s%ho-;H9PX;p16u1<iNwa=wA
zPBOVSmGO0CSN}JCJUSKtfG|okW;|9t|C8>ewSVR_M6B~{p->Cxb=;lR3YS~+oM``N
zl0xPrqS^ghof+{v6_<Se`P?8HwJ&{{BL-6mOqFO|%WHq7Zm0k^WagxFFa6Cun0#KY
zv}$|7Bo`ENe}~r{jTip9<Tq8H9w>uhuY3kyT29=s`sd4c!T6FpJMgAh6fS+_!N`YG
zG#Un0%ZR)0{yPc72C*;7#(y!->`U;3RD8^L%pGC<=h88N!XB$<a}iDVCF5QHQ|s~P
z^#6`B0_EkRnM3yU)Op-d{VK-fS3ku5nU5S*unNB3B@H8rGt+73xQ&tuv@cuzca`$c
z0V<1$X#yA>g{-&yMM_|WiiK`QK99jvjcH}@69%TD;Vz@b5WFx7paHog#~SrW7Q})x
z|B~H!2E3Ou@ylAv)>3-BpqII7sQ>&pqJA5`Zu-ozrP=xRugg4SH;xBDf4c@zFayTm
z<ZiG7RDKJ<G}Yrm|LaKnkHHr8<lj1@tcCg;7!j3yflSr!6*OgQfj2*jNN4tH5u{@c
zOg6rOR!TPhkuKudNSWg>)!;XIuZ-Roo_HiF6@6ZMR|{VDKishr^jG>A=|aRuSGdW3
z(+7amqZ=grK<xz^yjyBBfakbj_TdS4g&N+&p)ePVf!~!=3!a*v;HkD*d&qIB`#6{n
zXkaq^_OARy$ar&LFLl9Kz*zI=?#dUC!m<{LW`Vpj)8-78Y>OxMe9wi1VBT+Hm8M}}
zA<M84COZ+X$J7Zju;XbDk%_dl@%O~zyUWkM0gmbE^rAcznS<9hGz-o>UPi<X-vOC;
z4F%C>ttKeX9NHFMRQ9_e{*gbSPx~2hf*jy>5dZsXUhl_v4k}ZQPqCOf<al2NAoWX>
zdA4_U!_Cicpzbj1w*UvyztxAXM155pkBm@j7`-R(IRcPq@CojK<1aQT+i;L=XRHi8
z2^)zt%7dx1fIG(*GU4JW1c`M#Z3T?g73p+4Kw>`wgKRa)!sE(!Fg&T19#DM$87PV$
z?En1!Wr576prAo4GZeuCM#0Im`;l;>%-V7hLpXDQIoB=^rd*|@I|Tm&Jq8$yIh41b
zzzSg7gJqj~k)?``%Wo&nQ58#qbgZ4mEAl@Aqd7{C&?$j<SU_F*s?`TXO)@-9`eguV
zzYFgG<Y@+!GjgJpAaQ<;D2t#1c~7^ihqNL-<wl;k!AD7=Y^LY~GQzZHPa(c&#6oYH
z?iHeSgXgKM>Nxn6xgrv*QS;l;AE8&Gr>knAC=DPiFD<A%YU5bm5)TCu<#YvHdg=K7
z?c+P|v=Lu44`7GCIfes9Ry2V23NmsGY;S`aJ3vR`bS>}P`KEVg=azFAfbn2%pP0sn
zIat-*JRe{RG!)frfMq>4tbl6jt<a&|*ez0&l0|0vP+xYujqVnmTW2dY2W|5ffEZb&
z$`wr>JO{cNX`T(h@X|e|;a7P)&2W1V$G9%x3I)_h>)(Ly_m3*M-vT)uB7j^h3b?oe
zz;!QoBI!La&ybo`{l$Q)Is#&rXJ|St>a<9`gl?GF!CoNYm==|7NcqN`{;616J$VOt
zEX!e}0EPT~tg5qE74Zz%Cx#v*Ay&XZ5aYr8X;%qWEe%2blfo=%Wt&chWl3R0Q1qXO
zWvonP7c``t!%kDmgslzcsD9z4nG9>?dW&<hkxEtcu1M7=02_pXqhg5sE{yA5$}Q7D
z9j_yl0<^u-OagiY2Xo2Y><a;fcsj{cJZ&LOvv0gU4h$K!x5)#<Y^fJO*!pK!zHqh&
z*kz?DM)vuMMroy1QN$N%^8}0=Up7GFf;YCuU6~`s)QXwoejl&DG=JC^5NUl&JLO~)
zMp+P}&T^&ASHQ@^{qiVytw<|uxHk?P>awGo&ecM(nf8`g<s>8le^sNrF*ut{gz@*p
zxYRO6EWxtJ-#)N<Grf}~!+6LPhRK#QvN6Hf%a4d+Q|%=K2*=2`sRcMu%^;bS1LrT^
z@&TovY~Cth{c$ZV9dfUM+q&&cbST=<piT0Fj<dh52k<us@Ajsh0vDRaDNf?QG-^lO
zjt45>fT0Of0aInVH$=Y@$=j5aa$yQFk5VxE$J2=ER?=_2={h_inN0AX^Nr9Zo1&<q
z{)7t1v$c%u<HI24%8nvP7WZBQ<34=hW_de{bmIf(fKL3~SiSe{&=^?*17h3x0^Q^j
z_5#h`kABZNRRCLH^mAFWV&Jnc@aoEFUdAYT$GE~Q^`pRL#xr%)=FE(LEMiWnp@V2f
zc`wzjRz#*oNvdkM=CJCZ<{@yZ2CJ@zGIT}|Es|!Ol-55EqRJPygWEQl!gNqAh-i{S
z#^LI3x)dfMN=N)4ZrVRWgO7El$+>mrh-<S%+gVboneR2W;Cfqej2o(EyTPif6x>?u
zwo5=)aYtbJGyVE3zGo%FuC_EEl5#6Yl3r*UKWf-wGI)njB=FNzEI3GNr)R1mhm-6+
zV`mRyg|*h1mz%5uodADS7%FTMJb76IfMqjbti(ZGMLs@y$#qO^&VM|l0`Wk3Ohu7(
zMDKWCx*UD5<iMPCz<c3WijsYgM215sNGeqQtnMA;e|By@Bo=mn+~gNFmNNXoXy(xy
z=|$BD@gdcC!#WOPzrk5}Q+P0UHUEpSZ86B%HCH3`5FIxJS4f3tfRbkR&p$z!?g2F!
zI7wRB-uSn`3jSxjB>!$rQVt~<_(}Zaxk&n7s)FpX!}8w&A)!Lkp<~8aQ$f%F?<TNE
z&a3|ph+l<*4B)4R&f)(u@xOaKxKD#Bu7{Gw_z)*U1n0X!O3cX06FgSRkA^{_>L-!H
z<2&4fD=H<0A$Ml$qSijXqQ7+N;ItG|Ao*RPP?bDk#1K=AyjBgOEflxgj~jvE{RyJ?
z65REdc+!D$v}{W`;WTkH;q)(|X6Yz~v>!d1S$i58^B_%h)g)g#kDvGOJ0LLW9`yik
zNb={W|MAQ$?aAXP+y=le7~jrAG_$dO2-Mv9b7z0u8GY$Ail5VFn(+df%(d~J+r-?+
zHCiI?5|g<xEc6{>do37l_tA}kOQ1>jHzWl?BBFI`=-=pT807i&UHcI(rB9rV^YOZ3
z{5acLXwki7J<4sjkIcaADn2_)){RfT0V%)t{i|mepT2?er{KgXoN${lFah2ZvfXQd
z&+-Z0k{e&&(x2He@JTwl{OXfiWKbVmfp0fEW4R07_Kx1_l|~o|3O|;fe1>VUxB(J?
z5j0iRX+*Z1E`2>lVJSQ4g}79q{Y|AD;t}K)tHltdy#uz?yS*rQj>kSjUVSryKZyY1
z?A)K<8~?0fse&l!tA9oQ3O_RsN_hezL`0I7kB}y9f4jV@|NF6E>n4~QJFy3WRB8<p
zr>Aeq%hosK_VCO35=cxBA|POQwdYWBwadph>9-oj#o?u{_5@3fXCI~zck4Z=J<+{f
zU!V6-aXDRie8A=l213OR0O$_E*xbHBch(bOI@QA4`57@K2gj22H=gS^eRw$F&N3!h
zo}ggPdxMmLEVSOO-~QtQG(&@nE6+<mnOKlz52=NKc;zGq#CxABAnF$N1ifqxBwp_j
ziFXO4n>WFZrcyOCc^W3evg8QWv<ie^F@qya<G(`=$U*!SxKobj$FPO1G!kY#N#fCE
z8zhE;&)OhsaPx8G7LBEu2yHUB2jIxw)<fv7B8~$MN{B1yC`<=+zYx~T%JP%OST+=k
zDeLkiuzX(hftx}H4Bfiq`atHMR3x-BM01*-G7#U-R*@Ra*n=F_eQB_n?(@ZS^6mQI
zZxc>#8&tov*};VXESWyQw{VfLp|>vWd1<^kG(U9!uJdpA$d!_ic*)CRi6y~oAnC<R
zM6Xv%ue9IPI|TV>HJS!R|5JcVzDoD36&QlA94m0j4A2|A)i`RmuD|Lx+;Q+Xb%A)*
ze{U>(%!>P1tf)-OPC|WDy;<;+wh*XMc>IYu2Lv#6ZDP*Bq(2Lv#JC}LPQVDvx<Bax
z;o#=CPc<6YeG)G?^L9hqfu0CFys`De4k|z|vJIx>A@-i(_gyXTh%)zu!g0^0Wx_Eb
zxejuqZ|~2aJ=GGB6!d$$VqsYh{78|&kJA!Ta{wAy)sL|}tbC@B#r<EqdyI|nRPbPk
zKSV!3!D0p*!9i!j9v+pUhT!#V?Kp58pRds)*73FQ5U%-k+@~#Wg2;KD>q5G7Ma1#h
z5P&(td<B^IRF&cne|J*S2NPAa4uA~X?EBCzv^HKN27f;)AbA@59q}RMo<WkI%+w@V
zPJo&sECyi2rAE<5!xiXo=YTa@%nkhh#yBG=jN$q)gQ4Mn*M~3}Ogw~VM%*($(zNzG
zNMi_)+&D!f-02$u>TTQiH#SCM9}+h5n`l~QGKD9@0A*y?a4>jcGn)eGjG29^U9U`Q
z&s$@<cdu?uod%iMl!Lg}Ge1AY$|e#T6Tg(m!8BXy-QR#8{6E)0^;k5Y)j?hBcwh~w
zp?@lI?$8@|r}wz4Kky2%w@RsJTbnzmIo>%>(d`+a0zB)W9kKlxlHFM(lMrC(Rk~HT
z8Jg<2Z_*9+ta}2PKlkSzt_9J}s4gKSHJ5cA(PEjYlxAW#-j)lq501_Vp__;vg2$|7
z{oRrBFU~D-2dBy*>!|^fdgpL(<@JFQA9-jw*h;8_u6eHk>AL%hVUL0d&>grirJt$0
z>hj~YabBqhH=0jG%7-RLm9m!3bdKCQk2CP8zA@502={gisb)WqQcp1XUMWlN&SShf
zQy9*m#Sq}kMc(@cNfzoWf0L3)wM;hMYx^0~<q2+u_8+EiIVf(eT~<bci~-C!9->iX
zHvW4yh|W=9bHWgGwdxL5V@yLO*%4Q#+Ok@maBge*!|7MD1TntOr*3{4L-30|Au@ex
zQ~C+?jF7AH1HvQJRsW7w20F|MZ&%z-xjL9Mq<;g`PAN)5=K{<GW^7D}8{>NcZ;1Fb
zdfyG4W2(Mj$>$vFAhJ<}hw6-w{rM_W^JIkn(LWepwIzB1=#Y?hnE0NSq$;<zK5gn;
z-rlPu+JgR{AJ`I5Kq9Df*oZxvVm;(sCRlDvC}w67x4%?XvC5tjyuEfgbzRYi?I-a)
zw$#8N`Ex727;8F9ct!MeyVu>&F%TR2daE7Ou_F6jn`kwwSI|;BP$AlXnByB9G&P5#
z=~CA14dcj*bmhFaKf{B`FVRFial{UN3r<T;HLvN5jB$Cp%4fTVx6qS}aJkAFFy~4I
zA9V&GQ3Ho4E7FOU^}<yO5M<i&2HEvXGHhi#=E2vXFx%sA)n^ZmrbwU@(dgyHT?*mG
z40q`E2>3^jd?#jXS!WIdu<ZgBcPt-C&8*%AchJ{1nly5y2Xz!9PD+EJxqgMWO1pi(
zY^FB3CeX+0ZFd1%dFHgos>v(L+^^Ff7JDyEel#m}-BUR;tZ9X1hqVJFt?2hES5s6O
z==KCq`qiOxz!$9kA=x)w`}SVsv<y9+Vi69*U!n!kgE(r*l|@bogIF;fI1{Fy9NE}{
zh=VLJF%AUldj-=>LkOR#i^W&AuoPNw0e2tVLcQR$QBgorwF8f%$7bj?rJYNMd-_sV
z8z`3_QA2aXK$dJ!CR@Eds%Pz##HvDy57lIQGpB87H>M47w_JQ^?nCpFJ1r7Q1-`-8
z&uF$?0jTS(VV-Td&ng;Q3U9<fuc+^QqVCbKxyH^FQ|Bt(K`>w?j=6{!#zJma=<-iC
z=S^A`G;0;`%G1DzOIP#Kvwym4dEf{Iq4AQKn!CzB&7kMU{(iD-Im7Yzf47N|VxkMI
z!<sWEUZN*yTQNvE-0BltXI?-0ikNQ`n_Vx;Y2IVul;M+%(qspZy5}f~7iS;c!6p7Y
zMKh{&`-_};rtNR3FN1$R|FNXB!uje7_Z4XHoCv-j;wS9T|5I$tzQm<*?}?N0srG2R
z{Pz>+7&5A`DbzUGoNb(|#F%O6)BvyNcN(<%pZvazm5s>z3;U!)f;PdQq&0bt=UWe)
zrqErp$e%I!_Ovxa*>%-|2Sdd`CvbvkNhR!34Qu|yKs0`_;Mg8fkMB^cQqch_)L-xz
zL$e<GD=O5g#BieaLB|RG^Y;DM_I_R{%*ymKC>f@=L&v00g`Ld{^gVL@yrQ>qc+GhV
zd~Q4XV<2IYY>>x`CdVsc<a|Yy4e1rTYVB|<m8AyYN+#7s)sdjA?~R&VJJLf|3*=if
zuSrAxujPpoQ>zkRY*u<ag;>n2P7a_0V#~JpBJV;x6UQAJqNVDu2JPaNehRnQ*tX|}
zc?{3ANWUcp=C5BD_A$<newp_3m<F#I7u|(n-WD|PjL=?WN@t3#2LG?qt{d8>AD}T#
zlcP_j$g_ZU`wlIcSCSvwehSXZT``XM#BQX;rq+3j$AR&8I^hjaZL1efD0eDvKw<S7
z!Tz_xV^_lm=f>F?f~wMY#sYVq8L<D!MQ=(_3y;otLQQYB@0I(K@g}<sF|7V00yG>$
z^%jv9A;hCiL-IUWvi8)+8f{wLRPGhH5cjsq2JPNR9rwEM<3+zAUWQYSV(#mVGvRTB
zquVW(&}2xu6-@fLFEjR2NHC#p{&;{)Z1l)=0kIv-vq^5@;Gu=7Y%-ES67JdTS*wNz
zL0a+GXx?RE?Q-u~`=z&sPSd~pvMR-382>pgJpk|QAQ6ZnTL6m%kNH;XOsc*N0pZX=
z&CSFl0ovJR-IG4X=6)CI+j;TJA%%V&I^2MVo<zskSejHki}w!;O0~7Owp$*4rXkyj
z#+%Om2)@&Sa0TVx@2*dsb-rkn`65ybE5#Lmu0~1Q%~}13z<{c2U0K63n-5xJ<#GPh
zv()Toz@w=}>E?nqpE`@~Vydm5W2|9#(4pgURx@80f#ZYW%RTP?U-@IFKt4@6BV;cH
zRkVa|zpBQtVLs$>1)N-e%?Ue?YH`>}9rFNrLf#_cucK+NZpgI``I!8Qj+-<85rLH%
zo5hpPKN-?&4t)Zvf<Dk}bt^u}7gE1jziY%R21<BBbGm$f71KP(7(+`N+19jT8!q2X
zE$j<RjM2>BI~!47lyZ0tJk78eXmz}{JAVAsjZ3yG>8-?Bq{FkRfm{?Z1x$kHWFF25
z1rzD!-FREW{O6$_{Ok)+{FQWzd?Jm}zJ8+WXRb_nfkn%;v?Gh`_cMgZW&@wC1J6V#
zUDa{etNnnPjeJpiG_FlKaVO<Qc|G6WiS@J0iytCUnr$GQXC;ZrK`f5aWgHFX*Ac~u
z#Y4_By*a}@P(<1O<~UT+v8Ek6c&e9bXzcRtTBMtzwoBb_T?HK*Rgo3o<`3i~3SACL
zjQ$E|bU-VD!Z$}~hVD`_eG0365RIX$;qBvj5(_61+LSMUJ89(eQ@i9#8HXu4h7Cn|
znIhsPUgL6xO3lF#EOpd56$GJS=;q^TV5m()S+X*D@287G_-rhgJ`WZ{@9wW36ZoMn
zZ}Qb_vOGz9ajUKab33X}j;_rW_3I3Dq&~qaRxFyk@+(nhOz4-3d?&B+I16<JiL~4-
zdM-vbd(T)Zo#y8xnBeK*S}>Owh)QxbW?sdu7q?~wIlcH~XaaB>hL2B#*~cT@{Ba1*
z4_V_0l$qMj&LD5&{~G;@ZN#==lkuz_hzCx60hatRO)6ari?)p>`2%3)JjnmutFvw4
z1D%pv76}6SJT7Ocr((4f9ue%U_ez3m3l>Ru7{cCGH59Z~3$~!SXHY%_29vKKZxkNS
zDQzI%L~PZdPda)8gBx5uz(u_k#>LDI1T3F<R_+IhcpROuV~g^aCljj!z>0~iB%X=9
zxG|C=KI`4aUxQKL<{*2+%fLz8iygRsxEbbndvMZKVFhvF&h`R~$aJaXGSAnmhhVi#
zSSnxS@wkv)q_g~plMbf$y%I^}uK0toz+RVRLiF~cYsc~H&9$>EfuZ6x^YQAGE7b4L
z+T5W%CfiF_pZ8WnvdH=Rh@@ZtiDQf8BKePduLo7Jt6lDPzfsci);hOmRU$Z4C?8ab
z?pRdd&Y8+wU&^yFT{wlxh7BKX(`AsN%psC?8q?4khO_)tmdbP8w)9y2QTrhtYeuA1
ze0#RnMMfrh_kc*f-jh6yz$`*TV%?uzc$&?2eaj_+K*onTIyarE=<PO%7qJ#dXJaX>
zm(Q3>Qu6y@GHf^zX?o=GXU_)w$r*wI|Fd$mXWp0zPfZ#9Hi`NvPvwantHY{P(G>au
zv6g-&cG;UVXPT}H7GB9Wn5yieSnwl}{Uet<%xKDG6JQ@wG`17qP>Yn(Q%_E{UD96q
zGxS8W7HJEAMnG1mY2A@EFUF)D><5L=?X34%1JlvTp@l`3@7!FH8s@Uo&r7oh6V&QG
z+v}?@-QPr!jcYzAJ@Y-my1yPQ%9T#Jvt2#VK^*>9qE9vn41@W2&zU%<_w>@^u;fFb
z#rcJ+F=k^?@`u;^(wGs0;F*!}odmXHqxTM$?XJb><VxKN{(62e`9p%Gm8ZbwMwrYi
zt@zjw7Sm3*pJbQ6jE;IvP5sCi1Rr)|UUmkG*+zV3y>>fO4APXx<ky6_LlKuY9`Xme
z=RJKn?3%`hX()S*M%R)xz*Z0P5GCn$GmDXQ0?l_oiP_LR5{w5o!UI}=cDm%=?w9W<
zXPvhF49;S2hKU&*Hf9Uh+2~>Yr%v=)q+bhsA$O$IO^qI_4aY`$P*$9etp@DZFSF$6
zL~US6Bj1O_2_en^w^a*kbE@a@1W60!n-R9>oD3>r>mBVGA4(?Z-=i*hDiHTHuvDR8
zugph~d)~JhEgMmO2AsG&jwj!L5-+*Ub~*jP()3=Ia4Z#_==r<S5tQ7Eh`7E@o=Q2g
zX=0Y)2+!{B<L{?BUmE+;BHf38HB?`gKCVJvgzPadpMt#rSs=B%vNY+;bp3Qw>3N+q
zQK_tDEr&8!n~2hRTl(gvX~wO^_OltLg1?7`H}4!%QE}#E6j9;XKQ{Npb6<0&)D8N3
zAJBBOCDRzX@lJQuXASkDOTSrdGcOnTqVgQqyF*kiGsf7+VDe9(<27AzWYJIY-c1ih
z_Kp002~O~(Gwprj%Y!}!3xz^Nxofzqi5*vOdyF)#nM8H8`G8#-M(R)h>8>Q-YYQ9g
zp1e9P=l!m=J!&^ksK*t~uheo~=YHB=797-y^e?vW&=*qxmll&^J?MLsQFhD54)BmF
z&*Qnl>ofpj`$wQ?p<X=yQO=}ihq9P<UDTAm+dF}p<AU$S@M4u}y9x!S$FKh{yqc_I
z+`Q$KZ?}C9;(9$WZ+fde#%zH9AzmIu`Gj`j<_N^^r#PY3flppu+TH;N-E-<kOey_7
z0WM<>tlibA*CD?*-P`Pwf(a;SrYXji$BpcOnyY-Z;DYvGvf%T*Lct~DDmnT6AcfmU
zW@};U@f_n$49@Nr96T0g$*|d<l4|FdWPHBqz@$)O*vF(LAd8}n^&(B+Lv+IlT#^dz
z^|;~GsZAkYdF&a)_AE}h%GE*E>#P(N<s!ODdX*~0s#E`wKCX$~&_76q41rDVM01>y
zYMD8E2b-QJgMH^*ZM$ya&{d~>qIZ(nw&ZewBI?n#b?WUnftJlFcl3P7_Az_ep$%P8
zt>X=1dkY}O9K9LSChlzSdu8)-axj5mlRv3#OiPC%j{2?{Pv?Hm<~uNg_&wP9k|Lr!
z(DWDJhtyKN@!f}rXEXSRxbI&kOY9|;NN})KvRVq&0_FI9(joWF#HOjB*j2Jo)yn4e
zq0Ve&A@JbAg2e`E#-DA*tcBjzI?HeG87~G`wH1`r6-aZ!VUbabJm$-x(sq&#Xf8?)
zkHp7m%RCsb4eWo_4Yw#oTIl&C`RCd#Ka&F`2}!v^KkW0&<nl}`Q+sF)5H3d@Wh!cq
zQFvuc;jk6AAGZ+`_ow4txH7!FF(MKpu)I89L}PX`#tj_VB{b=h3;8-t!=H;=osWGv
zM?dH5#K7p!%g+Y{VTuc$u9-h@QLc6KcRd+4{RT8;q*e;ov%lQ3<@^ncAS`aqbVju*
zHzE{JUXD*UW;PZDXe!3-(^Dx>9rh^7=4C8d&E$g0L=tvxFPJp25-ReKlK~NeW~~AC
z)L{lyK|7ROOtaCFMkT*y*IxoR^<!~5u(>A>?Xe6gPJs+`=l6bF`F!EDxxCxHX?NwE
zeOeCBgsNB<L%T{@uT;AZT3@;Y%h)n}_66UwM^c&vV$!_5Et8HDswb`D(rlI9Mcui<
zQ}xs_C?VA}_2fyGxrgiBXBt=5`X5&geE#xjd;caI#y#uT{;FU9K_;|1Yjd7-*Y}<+
z{bkoMiw<9|6rH*q6Uf`)ds1N4*C|7`fM0Q`jK%EoW#;|WU?xG%DpV(Vk4`LA62&SO
z-&9`qBlL&4#(D9#`YZY8O1-CXY&(X>J@luYj@8E1@kzLR7dc%wOzFhw@i;qr|E7xC
z)Wn3TpR(NIL+hmCidPGFpS_AzG*MAL_OZ(GNpo+R0{Q0cjayo<qR_>uBe+x*NpF42
zw&1?X9;f<VRwZJIYin;V%euR1FYx(&q_infuB>+~XNfE=$6C>CxZn-=ygII3Ave<s
z(jz#x($Fgqw=AcRmO7XIs;&vBOBy#(GVZ~d*aTj*G5E5Oa__2wfEdc80VP#4mUQEN
zgYQQ-m+lBN%a7NMKmABf+GDwfaiJqTnI;I~3?3cvO;NMfv3PaU;_CNScuIy9IL-br
z9Hq|XEnIs(mPTDpynayjbCL1tm|U@LK#(1??=O|$nYJ-3qlXGM*Ex1uw(|3dgZVjh
z^=m2{XKLa1?V85iyW0~jR4EIcWp&)nD{vw)oHLiH$ugeLKuzz?<Bi0~lp|yIVZp`E
zO|}RwXvwwEb_!kD@Wt?>_EYASG}|*PKSHQi7!TbUo;14$rgDAMLN~Uw^${#IOSS^5
z6~`uDS?|cNo^D~8u>LL~zN>yPuHHOjLKqWK!d1>RN#kN|6f%l}N&BYtB4Rs%j#Ma7
zT~&4I2~*3ne!G@5rT!28sh{)UM^&7)R`RtFe`>qe2uOKgxyFu8GF9B^8Dsyk6V`%r
zUTL>JzHmu5UsEeDmV18SB35-_O?BcU^TKsj@~~^o0kh7`0{w3O5gfXVW8X|1TB_y5
z(x*2>)TDa#G-EIqN<B?@%w5bvrijD@5j^~6Vy~X{Ua`T=@zIYlPqKbkn91oKE4$2=
zOL|fVt7y*WeDX7_V)QG9p4Dz5X=tqaO8S<N>~G!3B+hj9qo3<8_<1bcolK=aaWisP
zKI>3OudUdBx~W35#O1DKdLUuI<emStg99b8rN)>W(z;$|KN7-cqQfA|@$n|wn9rEH
z@>a+W|Idl+zWv1o_Tjsti`;M7n+q7Ga$?D*FyTjV+}BvuPbSdhFa*EMOVKkQadFCV
zzbw(?s@pW6&{<7>PptANMo_rcDEOYG(Z(yhni|gIhqp2|O~{gVVPRpJHD1Cx9gET4
z+-gc|TyvvKaxU8@9}=IzJ}B!xFii2Qtasg7px=t5mvdHiMVs&D<mRf-i`4=MYzK}z
zZm{s^73S!*KE%+-bW*Zk+_b9fjZ$InV!(~ryJN!_U$~UYx`^3Zo*gK$sZMtPBET?T
z*;8sK`}2*SwHl3Pfb{r)|219S>I5DyCKBT2)T8BO96Dpk^j{3f7)6AIhs4XmO_xs1
zROz%G!w2h-p;SA+_)_J(Ko2^>q6Qo>$Lu{yg;yKAU5u|C97bKcX7{7s`k1KP=%2Y4
zbm6Kdxsv@1Y2!~L?5!v}Z00qETu>(FtnIc6vc9QzkEy$Dy%k=rabBmF_$53)p6KVY
zI3<j$8@$E$aEiDih*M$@R@PaP7iS<@%obZciqBK8JIrA~57O9JgNt&5skwzkvC}V;
z{^oJoeU7&kF`FI!Q<O<J2x)fu`q3xGr+X<eiVK1v<8o)$dK%uQq*};}vaDFgT)iDm
zpb2<T6Wp21z!`qd)Y$mx(}Y=PG)k2$l|$M->c<Z(pVy-V<IH>O?LyzrbXLb1$KGib
z{g}@`vQq!SV7-D|)Bd9n4$~K*LV-au!Rmp}%f+#@SXlxKndM%15pf6JOxnBQW^-`N
zMLQs{|NK#DY@lSRSATam9--u;nTNJoSIxMOc+SZA|9G;+5LVdaMx!#++QpVLSY8*Z
zmBGNH+`b`XOS@%}zOHQ2xut8c7Oh)zA+^+XhPmD2&0P;>5!ohziv-)BWfuszj58<d
zSB}d@s$XH0lzUvfPGogADcjF>0M-y#wqAK6A5jxLP-07)KjnJoV6~eCgN@|(<D;hQ
z*rp|Y1)0zfLsw^yhRQ1#<AGTWy0gwz`c}&7Y~O)GsvLXA$04kYf!^ZS^zRndH%0kn
zSIszoy_0U2&9WHcDm54Hz2~uTOp{lpSGvEwvPY5Tf<Sjiy(1&JCjNFeo|15Q6>C9j
zkMFZ9Kf=%iHqejcL+#BiCSPDsx5%O{lhz2!)}7o=iySynnwR^ywEQ}&>H320^^cYu
zLpRzq7NrvcTayX~4#$(|v)VT*Pz+71K{Z!+2Q!9ca~RJ57*^RHa#gDJ#YZmjTPxOX
ziLV$C)b7}nUE#x%98eh$2%)jCM#FrqgfK2w&e9o873)t)aumafJxN0qtmhv%$43~A
z(@^EqG}0u2UEpt=0KQqd8U2;2`)wRplVD9nd4BU0&@sWDXGso}RxiHHQ(=11NYz%P
zh1DYgdS>$8+DBbzDP+K^iPv?L#Nt4MBx54LvkvA;EAMJOZ(ZN5z%ptbBc_f?;N^V#
z^{!*O`KkofYXN^y8QtZ|*|p$T8&N0w49-VEfvwD!l2l3LQS%DcvX@!tID2}329dS!
z`w#AcW@_lyZ=4)TkWRw1N^4-Vxkh5H<6&}lw~ny5_{har^yGcO6F4TgzBJQfaAgh6
zxXstkpX&^;p1!jbyJ%H^_a%I-s_~Fh9QZMb0H|C<_@dBAj{e{d4Z$98FqV0wu!StQ
zv>P@u(`KI`cN^NyUma^5E@mnD*#e|!DtPWJ=jl5RubWJcQMIMuuN9%5F=E&>PshCV
zlCAt&&P&*sR<_`5j%YRMZ~EGa>#+mFBq`s0!kNbF!1otnfhBasMU6`y0mf`WP7>S-
z9Igvf*XMlzy|!DMc=-ca*9lp(ba#Fp#91rjc*IYR6Tc5>c^BA72)BkFVZ!KzPjTPf
zTc0XDz$#+Jz$EVlB`=VYAKtk96&5J8tiAKq&>}G4wKWeh<A#QRAa5j7^5r^x%pwml
zD_Ioym<RLo^H*GLCV8ndJz!L9`ZdRGe;Za&yL)#nfRxe}T66Nrm$10lTfYwvwm|ao
ze0L67Viz?B0E9MSIbmKnI^#eb&T1laRbSp?HRTXI2zGTvU=lYpGZO{CX!ykJBU{uF
zj5*Hl$DJBj1$bu)mR}SRJeNTT2(XI<pYVCJbHx6`S8!2@t$SBXF7>i_#FJr|Bm-OP
zUUL%}y)fYhJSquFQDkuoaR9YPnBvprZk4oL1+?M_HC-hc$w^nBQg;J^x~g4+;0q}0
zo1>(E9>OXsMa=wWgeFZg8<G|Z82i0=;5_TX@>461HLS^%f5L=y9>tPuLK1yN&QKH=
zB|$lGRcrOr^$s4DZ0_cA-vhU=ABxkPCM4bFwRYE=4Bx`DJ(5Ktao<Enis|=c$~1!c
z0rU3UeFMsF*+5bf5;H5~VpD!V3iA-(Ww)KB3oadCI5Bd+b=5FuI=qw2M%qTXDRNA!
zcpBf)M=YHxINok!JFdkTjt+2cF8A8BVJ6wXQth02`cAde=sAQ%xZA@f;}A<tk4tEQ
zv~Rk3w?1V0HLx>AuH1oj@0W$r9B2GZ#$MgZ`VoOoX`(`wSzF#efCWLjz`sNQoQNNR
zamh1YCw29Z(@$;K?Pl8|(zsaI_8%G$+8pA`pQ-a-?LW6^b3|_;{sH^(2Qj(*7md!5
zyeZ0i^Tre~z&s_4K=alh*rx3cl<Ai_G-*D8d+^3KXdw;O!`88|csx8j>`<e%!Rq+2
zy7<Ib$v7gaF(%0(a$IWlix)43NDResQTe20btF!YgrsAMsF1&S$mr-jP|>}-OWW=W
zyMd&HJzwfIA|k34Z8hafQb4R--=&tA*^c<kOU#IczX2CfDUUPvHO-RAsAFg!*^5&L
zlAb-vRrg*C`-ZIU^mFxBl+Nr_YFR{Np;wMHt=oq^&7!|e9fO&3;k5O4x~h5Kv@GPG
z35{<$$sf&fLa9X<_bKLxE*u{fK_rgh4zNGPHyuty9>yCh7D}dtHHUd|X3O4%&p-&K
zDix}&yD*AehU{q}Y7ZkFk_MPf_cc0bwEf8*X!{2~N!hs~2fsUey6pN}Q7wNm9z48i
zBtcCAvHs-5)O0i^y*ea(pei|v8DgiY4koLEBW-}r9obY9Hg!{Np@_p<!uJ_i7-%^k
zz8T$PeeKCbn3Z|kg9b_x@ELH*Ht(IWJsHOAX|1`!$^pJuBG`e7P0fS*GMNz0@YJVO
zF)F?=B63Z)xAAARDPiDuqNIJaNg{ah&2g`}?ZOz(!Qo~|d%wlu4dHNn?zZEldC1|G
zJ1eaCVhJSUfvp*<t6#=egP+)Z*TOQwVR=r{I+MYC&q@NU$T*ODX<fOJ%GQi5wT-~!
z`4tt0=Q40J`D}~a#Ee2Da8e%p^+fm)zfpKwJOSGrZ~cN}zZT8&TW9eye5?#t36&<<
zBS_3h&>=F4F^~9g<Y~$kHY%JTzIg^COv4BFBpzRo*gCAbq7mD6MV9I{H+&Pys|zPU
z#o?<HgFZwv%v6dnZos8)6~tL;knkBOlB62ZnaVwoqkEA`=8Q5Rj1AgY!aeI`kVHP`
zk>+zoQO)z?o13Xr;8y68&>k}XzgO5_lw>TEnmD#bf8_G`1rbU!*UcatRu6{k0heLb
z>!ch!xfH~_G8^Z;s07b+3;w9}-nM5pa$J%SRG@kdw`?X}pob^m5!#=t9eTw~5;7HG
zBe>#s_xbFYGCzyM)1|4r?{$(YFBw1KC)CTxNX80*6h8+?=eXX6ffLE2n%>0iNgTo&
z<F_3{JSnNXkfWlHR>E6#n1!DxJ{C$wPPtCaxB)k^RY7zSt`!b0!kiVue3MxqSsh&4
zjs6Gn@K_4r&ZUwb#nka@H7URoxc(v~flSLkFeos{lbC8BIV=-Kf;T{hX*&5#@}+l*
zf5tuU!%l~;bC>yIZ@_bP6!WZsc+A@hKJ>MoQ|F7l`S-)G4Wwf}XOS%p=1%d&y8Zo7
zxRHF!j|<rnKgZ7(>+$zP$41Jr`#$i`y<RVJs=Q46J2Fj}FQ%UY@5<;}x(uDs<LmZ}
zWiS+Ls;F@o@*!oNX}L|vC!pT!q6Xx@U=R|IA_OzUFH{#2*bKkD@hzZ01F^)Mkz*Oi
zE0(bQoJ3Eu#H;6!8Bw!JKh1!P+$~5{d!FPTYTs{YHbe;~Z+WkcY@?q*5$OcgiWm^F
zN>(Rc>LPIn^yZ1cg3#Vx?E59tH+t$QrlD+;hp~(Y1{D&S3WLID8#KrHEqw&z3}nrQ
z1c2+#l{Ego>kZWR1&DUZK)_N#%zIz@!upKLoZxxdoZ|}V!Fz~TzdYH`+^y=(JY%M#
zqhmYr{PGqkce(&o=9T+I2ttUS0F4U)!7*+1bFK07q9XTkTO`nS@;-Dp!)kFSZc+a3
zj*vJeW0H>n3vU+DOoaoZmI(1^An5|wnEF&Wz8A1CJOKP*0oIgD1R~qBa3mIhMAK4f
zf132A@16BYi%joD_OI{qBlXf`w1F^S4H;4*Q1kJ?y*&ZK^CU_xUjy}C;PHq<z<vaG
zrwbMj5xQ8QcY%hcTeTh>m6Cz#)(r+#Lb&+T*5jpGFnfi!NtU7cz=XMkyaPBmMMhx|
zYldlJAOmAYACq;C1(eeW$#9@2d^xAw<)iF)g<Ygd5bD|U=kcI#DY_c)uro(BEU&K4
zT<Oo@ZHwH1=_YqdI!r83^z?z)^2Dy0BhdCxXQ>rk>fQO_Z6w^;y0?+V{GdZ8h~vPc
zM=Xq<i)G)CjYbn9p&jIN6@(d;fZJceIwhw+f4>sgNm92a>n@rMfB4Y-<e`!XlIj87
z`)fRHl5W(r|5a~reA+?c*s@_C(ARSBX94xj7Z!Z0BB<GTl%us_x`-Q&vuo7C;z>@B
zcYuWq|Kro{@AzXu?Jz=v^wci`k+|S&nGIstCL(k-e;>TQY!|u{Csa+;AuF@G^=z!>
z_ET6>;3A?)*d6NR$Nkt_69tm{y9G8ru~PiTU<-OW&wA(?%zkk{gz-dtSI@&Ew+RTc
zQ@&SM>r)b*Tqtj`Qc)q-pygBHv1aNG=}z9|A|toY?xWAN{DZy%wR`7JSrK`E4(Nkk
z{qRN1Hn)KKv$PI4#)qxyTT>;vBB?BN`|e_vbtXw-S9r>zvg?XU8`1(>?}=={bOK?f
zRa(RzrV~lBL+TiFSKPEuz;QvKBYqWj#g#<`u9cTrPJf35Mmv{BiWWZI9vI0_BBx<-
zxDA3O5ugoUj&p^sbKxI~cWn_&?#a|*#~EZnAdn~q+4&!OlIxIZim1ef(z55)nwR}-
z7dTkBdXaKF9&ZRUHJ=^dI6X46n@E_Nz^Z36l#ZX@yo8m^e?Q{nly_4@xSh;c0qfc|
z$now(P<*s1A7M6%LFoNw?*L}U)%P(+m6BQJo}mfmuqt{q7C#I}RdZ1r<75mcCT?)}
zbDYmDyxG={iB}ckpOk7d)Iq+e4RzgSbk=xxl12zTT9-5e*RTO>=<I2DwukQ6UF21P
zZFxwW?PKv7a5xCQjtv#XLs*E+(XLlTwXjAo-wEMtPFatS{XZ`RGIegIl{>o}MMhzL
zbc}*AoE@fM>X;P$E3$GVup5sg%9(_!Et-g&l3erCqS!|>UzjJ`xk#)1$!s7W2nyu&
zNJu(z;xxSTx%9-x@FbfM!l4jrywbzMnhwJ)*Yw{_z|&GWPgH3?alZNK^~um;&rw@y
z2~V*rhFeH%zaKTO%1D4XF=v$rksF;c)uKkiH;98nzGXj234w=><k!#dqr7uH-Q9*=
zVIQI|(J3fc5W)8()0>8jS_;IzGXp6ndEIkKSvXNAOy%C)qb&O)3&VGII4MCD+ayfZ
z`wnjOuOGV?BQ@g_zDoQ+^_+Y6Gkw0?cB%y)XSCAo4_c6X_%D#xMQtX`+a|>d$;2ym
eubLT<{ib9$7^c#Fn@vmvf3(%lsg<Z)4g5cNYIi39

literal 0
HcmV?d00001

diff --git a/keps/sig-api-machinery/4933-cacher-label-index/kep.yaml b/keps/sig-api-machinery/4933-cacher-label-index/kep.yaml
new file mode 100644
index 00000000000..19e1b93a05c
--- /dev/null
+++ b/keps/sig-api-machinery/4933-cacher-label-index/kep.yaml
@@ -0,0 +1,41 @@
+title: KEP Template
+kep-number: 4933
+authors:
+  - "@chenchun"
+owning-sig: sig-api-machinery
+participating-sigs:
+  - sig-scalability
+status: provisional
+creation-date: 2024-10-29
+reviewers:
+  - TBD
+approvers:
+  - TBD
+
+see-also:
+replaces:
+
+# The target maturity stage in the current dev cycle for this KEP.
+stage: alpha
+
+# The most recent milestone for which work toward delivery of this KEP has been
+# done. This can be the current (upcoming) milestone, if it is being actively
+# worked on.
+latest-milestone: "v1.32"
+
+# The milestone at which this feature was, or is targeted to be, at each stage.
+milestone:
+  alpha: "v1.32"
+
+# The following PRR answers are required at alpha release
+# List the feature gate name and the components for which it must be enabled
+feature-gates:
+  - name: CacherLabelIndex
+    components:
+      - kube-apiserver
+disable-supported: true
+
+# The following PRR answers are required at beta release
+metrics:
+  - apiserver_watch_cache_watch_dispatch_event_num_watchers
+  - apiserver_watch_cache_watcher