From 51b783db2d7a5d00b1a7da94cbae82e8b4a2979f Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Wed, 5 Dec 2018 17:13:23 -0700 Subject: [PATCH 1/4] adding note that Rancher load balancer shouldn't serve double duty with for other apps --- .../air-gap-high-availability/provision-hosts/_index.md | 2 +- .../rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md index aa911439019..f91022f7f26 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md @@ -26,7 +26,7 @@ View hardware and software requirements for each of your cluster nodes in [Requi RKE, the installer that provisions your air gapped cluster, will configure an Ingress controller pod on each of your nodes. The Ingress controller pods are bound to ports TCP/80 and TCP/443 on the host network and are the entry point for HTTPS traffic to the Rancher server. -Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. +Configure a load balancer as a basic Layer 4 TCP forwarder. This load balancer should be dedicated strictly to Rancher traffic and no other applications (if you need load balancing for another application, provision a new cluster and load balancer for the app). The exact configuration will vary depending on your environment. **Load Balancer Configuration Samples:** diff --git a/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md b/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md index c9d51f538d3..e0f8947f17b 100644 --- a/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md +++ b/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md @@ -17,7 +17,7 @@ View the OS requirements for RKE at [RKE Requirements]({{< baseurl >}}/rke/v0.1. RKE will configure an Ingress controller pod, on each of your nodes. The Ingress controller pods are bound to ports TCP/80 and TCP/443 on the host network and are the entry point for HTTPS traffic to the Rancher server. -Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. +Configure a load balancer as a basic Layer 4 TCP forwarder. This load balancer should be dedicated strictly to Rancher traffic and no other applications (if you need load balancing for another application, provision a new cluster and load balancer for the app). The exact configuration will vary depending on your environment. #### Examples From f37f64d2e77946f3e94585a58edcf5cc654af041 Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Wed, 19 Dec 2018 18:40:06 -0700 Subject: [PATCH 2/4] updating note --- .../provision-hosts/_index.md | 2 +- .../installation/ha/create-nodes-lb/_index.md | 2 +- .../load-balancers-and-ingress/_index.md | 4 ++++ .../ingress/_index.md | 9 +++++++++ .../load-balancers/_index.md | 6 ++++-- src/img/rancher/no-ingress.png | Bin 0 -> 34723 bytes 6 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 src/img/rancher/no-ingress.png diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md index f91022f7f26..0a505545646 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md @@ -26,7 +26,7 @@ View hardware and software requirements for each of your cluster nodes in [Requi RKE, the installer that provisions your air gapped cluster, will configure an Ingress controller pod on each of your nodes. The Ingress controller pods are bound to ports TCP/80 and TCP/443 on the host network and are the entry point for HTTPS traffic to the Rancher server. -Configure a load balancer as a basic Layer 4 TCP forwarder. This load balancer should be dedicated strictly to Rancher traffic and no other applications (if you need load balancing for another application, provision a new cluster and load balancer for the app). The exact configuration will vary depending on your environment. +Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. **Load Balancer Configuration Samples:** diff --git a/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md b/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md index e0f8947f17b..c6643161b36 100644 --- a/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md +++ b/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md @@ -17,7 +17,7 @@ View the OS requirements for RKE at [RKE Requirements]({{< baseurl >}}/rke/v0.1. RKE will configure an Ingress controller pod, on each of your nodes. The Ingress controller pods are bound to ports TCP/80 and TCP/443 on the host network and are the entry point for HTTPS traffic to the Rancher server. -Configure a load balancer as a basic Layer 4 TCP forwarder. This load balancer should be dedicated strictly to Rancher traffic and no other applications (if you need load balancing for another application, provision a new cluster and load balancer for the app). The exact configuration will vary depending on your environment. +Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. #### Examples diff --git a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/_index.md b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/_index.md index 8b8dffba926..d7daae72068 100644 --- a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/_index.md +++ b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/_index.md @@ -41,5 +41,9 @@ Your load balancer can either reside within your cluster or externally. Ingress Ingress can provide other functionality as well, such as SSL termination, name-based virtual hosting, and more. +>**Using Rancher in a High Availability Configuration?** +> +>Refrain from adding an Ingress to the `local` cluster. The Nginx Ingress Controller that Rancher uses acts as a global load balancer for _all_ clusters managed by Rancher, including the `local` cluster. Therefore, when users try to access an application, your Rancher connection may drop due to the Nginx configuration being reloaded. We recommend working around this issue by deploying applications only in clusters that you launch using Rancher. + - For more information on how to setup ingress in Rancher, see [Ingress]({{< baseurl >}}/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/ingress). - For complete information about ingress and ingress controllers, see the [Kubernetes Ingress Documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) diff --git a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md index b7f03267f10..0166a9ce3ea 100644 --- a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md +++ b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md @@ -7,6 +7,15 @@ aliases: Ingress can be added for workloads to provide load balancing, SSL termination and host/path based routing. +>**Using Rancher in a High Availability Configuration?** +> +>Refrain from adding an Ingress to the `local` cluster. The Nginx Ingress Controller that Rancher uses acts as a global load balancer for _all_ clusters managed by Rancher, including the `local` cluster. Therefore, when users try to access an application, your Rancher connection may drop due to the Nginx configuration being reloaded. We recommend working around this issue by deploying applications only in clusters that you launch using Rancher. +>
Don't add an Ingress to the local cluster.
+>![Don't Add Ingress]({{< baseurl >}}/img/rancher/no-ingress.png) + + + + 1. From the **Global** view, open the project that you want to add ingress to. 1. Select the **Load Balancing** tab. Then click **Add Ingress**. diff --git a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/load-balancers/_index.md b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/load-balancers/_index.md index 486fa0126f0..0fae999588e 100644 --- a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/load-balancers/_index.md +++ b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/load-balancers/_index.md @@ -42,6 +42,10 @@ RKE on DigitalOcean | Nginx Ingress Controller RKE on vSphere | Nginx Ingress Controller RKE on Custom Hosts
(e.g. bare-metal servers) | Nginx Ingress Controller +>**Using Rancher in a High Availability Configuration?** +> +>Refrain from adding an Ingress to the `local` cluster. The Nginx Ingress Controller that Rancher uses acts as a global load balancer for _all_ clusters managed by Rancher, including the `local` cluster. Therefore, when users try to access an application, your Rancher connection may drop due to the Nginx configuration being reloaded. We recommend working around this issue by deploying applications only in clusters that you launch using Rancher. + ### Host Names in Layer-7 Load Balancer Some cloud-managed layer-7 load balancers (such as the ALB ingress controller on AWS) expose DNS addresses for ingress rules. You need to map (via CNAME) your domain name to the DNS address generated by the layer-7 load balancer. @@ -55,8 +59,6 @@ The benefit of using xip.io is that you obtain a working entrypoint URL immediat ## Related Links -#### External Links - - [Create an External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) #### Tutorials diff --git a/src/img/rancher/no-ingress.png b/src/img/rancher/no-ingress.png new file mode 100644 index 0000000000000000000000000000000000000000..fa1a0a0fdd2fba85049cc03812b3008b0d8a1d1c GIT binary patch literal 34723 zcmb50^K&M=7wDhbwr$(iQ)BzoHnz5H+qP}ncDHuByS2M*@B6(o_Yb(gB$>%fPUa*z zIp=dSiBeILL4wDJ2LJ#_vOq~S000c{zxDwv^nWGKJG%3K6_|^fj5wfvp70U?5CzCe zim7{o{po|r)SK`s*G+jqbe_+G6h#HN%$EY$BH`87`Q;3J>}>5so(*X9MHcjZ`V1=C z%ygU0w1YIvsHLL#g1|`G#ZGcLsL#7@bcK+R1IZ%ca1~ILl0q&oh5eNB_(6uB-!B!l zsN%mSlPD7I1!_Jc3}xk|N%4ZrAm=?Hx3hJ1n&SzDeOuewp1AwlG74<`bp$1@Nxl-k z(Y^{q-crQAl3L9mlhJ_Eg#r|fXL%mOZJPQZgvr#0PlH8an@q|OSsX6g#-Cklczdw1{UII;m(kk{4K3h1O0Z0Vw2<>?5k#fVMD zb0UzX`Iv$|c~0@C+`XWoAWi24W0m*d2@TL!!_!GJg~mDwm7l;KfBBH*NwGIugr!VY zfEKFlzq0w^0!x6x74bBYJ=_$Y-dIsibyCPp#e^4h9V-gXzKhoe_AgJ*60%#>&V`|< zg^aVkJq#%Ved1J^?#JYp9Ig6i90wdihtHTanLGYhmlz8|dE?Qc% zSI{t=RpRgu4EHv*aftN|G1C9qMbajmQnIB?C@66&f=z%5PNs<3wAYe z*B*TSD#wgKQDi|bk#jDgntp)S>e7RiVhCOZ;P;p35f|``9Efo5Tc3$FAjy6ZwZ}0QY+lc?QHX9m%Cv7cep2OEc6&CEHJ(KZ;T)W7Fh+De6#=uDrC!od-jf=<`38<}< zcAJJT$kxXXC;cl3PxC-1`f%IBrApuJ?Q5JFtHX(aif)#gN*Rr^!4;9$+mGtpnPuDI zP8sZdx0n3Gd>odNGzD*=YNl`2*r|i8x|VMdl^9y``AP)_fXFZvBIG8tM*jYYqd1(eqB_K0tq}{m70sm`%4QZB2fGV{G=m;B^}V5P zZo-wlx~{iJRxX|v?5Ps|Q*AAtIW?Tc9NMK71sT%7QitfnYcYQt?D$f9c`dDUz3eDl@q0wAZbPTHtQaVye!EK$(JefB2@EONs`9) zbr!@14%{$LJSWfC9G3RHIi z8&qdB*$Sy`r>$Zn%)=Nb-G6#&cPz%Bi9hqYy|cK{n4yS(up24MfKL_uk&8&80;|nu)6>aCSiC53zp^a+XVZNy+N6!`@8$7vU>X|0OC-{W7{DrVwU+^ zOJ)vhMgV7RB`)c-l#nfQPGkT+Qc!QY)%C>2#!|z$BTV)7-^?i}?x-UOLXXlSCIvB@ z=$F&36z)Rl|17h=n||F$D#PA3alh^j|E*qRWM48@iN3FHoyc(OZGvHOw9QOz35U|xNT zx9I{-N<`A{-bgo$_6pva>txD(ALY&7>>}5Ak%LWZTZj9 zP4UF1-&YFiAoX>fkYoYuksK@w(I*oLmQwjA(CZ@mMhan`;TOU1-c>m(WbhM4%ag|x zg8VaQsOEl^7{2uo0}o2$A{0xg)9F@{GMkKojSxgdk=PLI7BP-uh9cVWyCaT0Dkw)J|-839UMx*@hl9CPG+wuLl%bpPi@ zEyhh_cM$jAHG}u4@I!PFyPen?-egqABzB$fXDt1~9Pc2WW-Ao&S{jpX zWfzsPxV6D+%|?Rso;j^r82yj#AR;u|)IfItfZ>@Z%o<4IL1At6#r=3-W=-?CyYf{Y z5WLb@yyG}mN*Gu}wHjm+d}LKx92Yp-UNU#LE$w|%BO8>zp>R~BB+!iaV*KB1?kDwp z6?vDKq{P|CbzEGzZ{~t%lFn7w-{|}qe;*jQ2KU?qFFT?jyI{;bh(p9^xs_rzyYEf< z{xjEF*o$Iw`p}&sb_me&cWWT`k%tByTKI3Zu=NQ=-q5Qy^8kb{Rwa zE}9Zlk6;Iu!z-Od+^C09pw5zvFLU8fF|c`g_)LE6;$S3RdL*2TB9~D{)i!Db;CNr;@+dJ!W9N>UHQPd?F;ifTe74Aq5US^aD=f>=O9d`HVMLQx<+h>+KK?=<0^sZgH@=ak)6vDj+dS|;Ax+<zpWcXg>W|D8?p!H^Qk|-(99e<9X`zz?QdO{ZySu-IijOm@npqiyQD8 zwZVgoLGwy)!r_HeflzS5Fpn%SuzzT!fi<_oT$rM8!((~l(VoJ4Kv@>DUSNM_-!0jO zsm^+?zCohj@SWxHGx_FXgEKg51GJfl-G*n4o10%#{>{~?E(?i{5oTE`&^_? z!i;aZh<&H;Xneaez6)98tSFj9{T_#tE9?8jjLPQyaN;Ht#L@>yozmAUf63B0{S8$w zX8gFYdliV+_CE0L@;P6-#GMg8Q=!Y5-NK(|4vFpV-Yc$g>|Ac)uofZ!qe6(%3OK(@ z5NNka7`;yFPQUnO2TOSr8pT5jlJrAs(DCq%@W+n1pD8tTbUM>I%RK`ZWbPmJ*!!4B zP*-;5b07P9XSGxD$A#eA8Se7^*5d@VP2F-)M9UX%yGA1Y;pQ!$SVtq9_xt*Yp1$3D z-%%MA2gZTu1<9uPb_A3W$TH(Ge^LsR-)FaeC~!c zvf6{&9oXs_pJN@(?kZSM*5VYoAjb?6ITU8lw4X?-cTj)XLnrZrzQf{I%fv*Q)sLq#RtZGI1aR=_(1$ju>*l{tJbh?B@i52>EQ$~813kT1@y zgY)RNtWOn06z$_2U{x5VZwITFuGtD!Jv|JwdumE}W8_zF z-~$Ku)p>NYD~MY+Pi(><5^(3{cN5O#D1ZXZ1shrl>uW?KNb&gl0k34Ioq4X7c(J!} zJ!5nR50C&>sM>$2(MULLJq;c=>nJ@&#CGmqG&;f^m}=tDqqMK47aQ89bNQ_!Ifnmw zpy#(K)%r>Xdr=@bWsdBJtAwsq4r&8-s7fA8n{Qprx1v-JLaA{>`N|n#P|nM71I%$l z(GKJ|98yruo1WGVsfVd4yP-B*z+%rw^!{E7xg(f)doMk_eO#~KlgK}>MntTyhEk0} zcM-_T87qK`-V!aW^fyws8JxpTojEF z@9(JYq%;8W%3)4;iMZXw(IbABWB9?0>FsH{Y20Cr16PDpuLlYBM;O4A@Yj!|wikhn z+$Q<|9A<@#@R|=8TSc~6FN(pt*YNFI@<2yalZ~*UZ!&~~E!8btYKi-=``~+(i0oVB zbimpguV7i?5sY!-nlQ*sb(@Wsa{@glN>KM_<@tYoTpIy%V>OYnT4%u8;Xep z;zzaYqVBkUIkNpZmfSz;shm}}*x=rKU?T6O+y2e&IIqs;{&=T1$_uG~c~W`$^_z-x zWhOydO-)Hk(~E$mMADczy`p0^v;fVc6(S?RD=df18wP?nVX$V^MbMtrn6}VZqYIC* zJO&Jt0g_P+v>mY~bt&om>O8y9U{B!>*T^5N!>QK2`!m7(HDH@0HlgH7=k?qDGvD7I&Vk%g%HGs*EiInh1j$k$aA8xRwwK+Dzm$$F!w3az_G5=`OF&H36 zEzzL0ykA}a-hl~9gEDb}wbuyepgj{Ff|(V^lK3X=^fVOBkti4@SXp6d5pe3%R6bbGV^&qC4G_ICo`2burXE84aM`4lgF-zufm zKnwha=W5o%NEuM)3s-hDR2g)lj2nUUTz^@%1pmn27C(!xi8n+R3K!x`>Yv0(>MSCr zr0;UCgCeV9Gpr=wz{x-;zbO9;znI^pR@hMwPDz~)$n>NNrHeqDc3QElucItW%1Yh? zAN-1TKiex64b`%1-K0uyvO8u$-G`1CPNCgfKYaSQ|Cmd0IY2+%<_SdtsKo};D0k>Y zmz^#JRR^9+h7~6SPl8_`8Zq@^1~4@3An>#xyQweghhTDJadZ~4urW_sk+T%- zSZAB>SfeLi*2#=h3Wr*6?y7S<@J!}_SKuR)dZkJj`JV(gHzrc5)l5Bqzjm8eip&)O zss^=+a%l6PlMv)4Thw51Qiu?$kt~zsJ%#V>%{?8ZTr!7)msJ0ndQNULj+TE<>VXqe zg}IH9AkZ>KOe|GMSCz%;`=g>yEt3Cmz(%{=LAPZ@3by1MeS)fFoFdgBs8Nxv1pg`_ zhO;EOnl!dygG&XU(|R`@uHH?ndmP|aFds6QZ3A`awf@^bR}>)&a&j~_uB|2AjFmiH z@ox7u^iwZ^v@IifqX`1q#C9aFNBqyKupqV%g=+&Le7649Bw3`QLP9oD=|R0XnfkbQ zJ2ccI{!$Te&U(y9ATvrT(~d%!jVQ;Wa5^c0K9#B;Q%BNND=$S=9a=?1m`v!2u8!kM zq>sxir$*DVa=xAbqJEupcPGXHOrX0zm>Cg#RMztMbubJ@8qDaa_wNEj6gj-0h`OUh zr??&u1Nz(<%SYAcQ1$-Ah#Fh#^f^)`%d6DTCzUE-+PC+>uQnEwRWeYG-AXG;Drw62 zTTus=lrEmDDGD@W0m^?gio;cc{|ObN=3^;BRFL@Rw4*_)*w0ofYyq|EqlK{F1&}Tn zds|0WDvwa!SkdDJuuXyl2~#s?K9!+*}uz8_TCfZ9+wFawzi8-i|lg)yy9oXQNIXf^~iS zM7cO;4T4ezr9`@QG3gX2h~C3YKQ~ZvvB3(U$6=dkrpcKSp(tX2DS<381HmMe{_3Zf zMH_Slz*WMlb!U%NE6efiXJFvPgRTG@ZP&{{1I^q1zj}-Y#%ds-v(`7s!*OLl{J-@) zwL12f#(-Zh#<59PdtDc{gr#85%EME+VKDe_u*Ic{sh_55m>0TgGdA<)#+E~QR_|OL zG5$E`PJFxrVCdhE8lcx%sWP^oMyyw{Q+fH6DA%~`8;T{Ae;$W2S*udjRN<@{keqYl;X%`G^_2JC4`}i;>*MIOASCT3@FC#fNHfiXT^*H> zq-`hGEjsk}MZwaJ9H~sA`j_7u+fl*2>Ea3NJGvB`Mu8FBndG^!%hDf6>qp=^JXiP! zUP70jqp@vj;yRdCgPQC;aw+@Th|3}21e4SNF_T%i{vT+SUYt5VId3@~Ws@Y1jYh9< zhb%pCJm2c64@QNIhxgPd$_KE7{it6~9r8@QwN}EP2_Vp6PpOX90=Uad>mM1S6FVgI zA+)1lZY`!jmL2iI{eUuyB_u}{{&k_QCT3>$KEI7bkuludn8^|Wb4O$~3Ejt{D$(Z3 zphmlpTUN_!g2eg{GFFFdX<_WuYHJ{)Eh%4}>0fg8l^yWO!>PbAFu6k7zSv=QPNd(d zgahak-0E~|ysXsFQrQt6kVdM&eUzpZAK^6~353~Gbe9>&YkW$uyoVFJ)OMRr87e40 zkixG*InA^4+>M_e(s9btYAtHwhE*zp0#h9}5ZpH_cx}nFH5k1#tEXJV~55waEMmW^4(t)>%Q>p|=44 zo@D&Rr`HZh6WjX{9A^52_@53Vd7RF%f)S$^8O(K&UaIOpAZwXQbyzj01NwT&<rWEF33z9&ID38@6b z4tMt7 zB2)b)^v@s_cq9ka#K|y#_+6a3G%J#h>*O5ZVGc?K=8ub5aC5~8N4@nVEj+FJ;el(; zEQuG#_ni?^V)$9*551hpVb2l*tl*bpxYGTBnZsd#30%OO_lES0gZMQ6a2OMj07kNA z|Jg5wYAwmCBL^G+5L^`R6Bi6}Gy%<-V;s-{=XUx>ZtZdZ!gk%i_+KsjxnE)q^Vvb6?Nh zb04w682^e+9AjoX0M3joD4HduQ}#RSTWb&d;ej6NLZN(Q2Sr1ZV%aicVffgSxh#K! z_e)ff>Kr0a#aIEr-1Q--eN*1T+X@>uk=v8PTQG6pKAy@W`7}7jkEz4;PCfx7FuP_L9?lut|exXW+-+KsGeP5Oo1 z@8hYDWo{Cy#{xglUkGju6CtFo^@hLHidX*^mfVJEVfVLHmb}i345?}cKc2vt!(3-I zR`g1?=tiOcD*F~@n~3aI62C=DTf70y;!>>%ijiSw!)1f< zY@Cz$d!tqG`bjrzvnygs0CdvYidNx0ZcGySo_JYv{1Xy}Q;KEKg_tj*zcJK}?7WWB zXfKDU(``xvo7$TJI*K9`YB_-0nSzB3iY_ZtWMfxfT>HxkRWQ0bIXNz!&d&o<7_bISf68PV?06us@ut3lgBTLE?DME|Ps>3GVn|hD*4*wAleDz2CkFr7d0O z*gHt6dg{6_D;qI)hU^n;I&7j__ z1w~9PeK18ZSLiZHJm>+pdWhrPQz&3Rm#|M`*04fn;%9`J9?CoUk|BN!T8#q z6!ZSQac`mwn6J*{iL)F4@l(mt0yPl597I<#}P=P>4T;61?Sz_7XFR zN$WR_J@D)qaZG^;V#`Jm1}=qsyg2r-@FZRA@vxL`#lBIc0;nuQgfR!O=bOu22|JXtjqiG;D0-BFz-&8)W_?NnzVRT>hep$eV~pgX?t zC69>ESia6%NQp7TCZL1p0nVE|rBl<}0kmJCTS&9dWq&THa^7qIFGu%qkvGb_k&@X% z=Ide&di~0-2Buf%zq%xj+2YT7Y>iPNfm~wc-%q_x(IENH_}t^^o;>Ft8C}(SSQXn{ zdA43aswcSaJI6T>CknptKrbrp=aZoxMhk0nrRBLZ}M;+EQC)V{>aQsA%W81VfF|%n? zjkNWV@U&1LWW|xV=BI!cqmThZf{iWF=OTpn*CwV{U)&wXMw3xVgFJqv`Ua#96`t7g zK6q~VOZ=PsUM>>zhiJ-{TLi9E%1VP*g^VoP|C;#dTOyo#qBjyB``g+VndI% z&DY*~OAUK4hIdDHZ=U9Kgp(3wh1UuxNq%!4JSULek%mo~c{v2AS#5lMU*cs5Ku@f- zX*5y(LCM#qf){h*v_6qeVq+9WX!=`&o^7B}pjR*=IS%2$EpU9{ZPS%k^*(76B)%Nn zhJ7hth^ZhAA$`x}4c((6rGxPk&K^9;)Gpp6?`c}AvO0Zz(>>Nu>@%eX9oJdAiXR0( ztRIH8Mv9ZYZw!*M&L&WnMgYY106xnst@i@>DtIdv1%Hpy zyEnws%cba9Zxb^gT*3JF5YaO;FN#-)p-~tcp%FrHXU~67oG4RNA9kPIABfQ|o3hj8 z|8XytSq29y*_wdyj%bk_QCWQ9=y5Y!e6enycWItE$S`SM^F6alR%c9eQcBrOTGAOn zA(+rR;fYY+ZHcBU!e|%Qx4E25grXAZq!OMMh25va! z_W?QNRlsoWN+dami#=V8T`JA)F1c#6%c^v5^fAQi0E5Jo$-dlM&ss9KDyL{#1`NO|0UPK|Br?S!} zPV_K8A7!=2c>j)wyNz}F0;;&mt5|;)GbZ@JEY6Y~Zz7b2^YEq%=KsKMLl0lzqp~|G zbDkO9D|k;>09IMhigKV7YBzK6yc2byX(yR-pcl!`)G52c9ei+}^cCTM_ag>SjLW5I zZa|j}wyK}J_4+TXQ8*d|#-fL5K+iSF!AEc998#roR1s`GQT}60&>6LVqVzJ&VC%}H zS*kD-F*0M$fGQzn-b#xD<1cv|;nLOqqa=w_wAcOP&WBC=#k={=mN?*bm;NXfF*TK9 zvP{Xl=qO+l}_4?5#}UkDl-hl86b+X9Q0|GlK47+;VG6bRs$= zHT=-wQ_o#t`N=<4A9Y>N>{2BMlQ8chJOhZp*U{YO%3)lt`Y>DMZY+GpNM=~HF+E&gp&cQ*1Rm~q zWjAl|djH-JDQ#>@w6ff&?ER+fy6prkWVLq-y|1T2Y}Xfcp7BtFaRQ_xT(MGkNDKvK zd*j4LcGEnOoSOvmNsEho zQ*Y`)B`BgqpR0Twn|=8-Y`@Q!^56vl`9;bd5|GJ`g@X^nWqkmKdBRXM= zb8*-xratT7)Yb6LB<2658?_WHgR&3*8uJoDu*^}pkd#|Pkfc>BOkC1${C)=Xe90Uj zssD~uO=fZC$rHm3&L3$wl4ZQ3+qgxWXDbM6pz}+(g4WLwc-idB-uanOBKCxft4FC61OJbOP_lE~pO@oaBgfuRbwp zOatuD*Q=c>Y=t*2XdnUdKfE>lxvZUW~0qAqpn&{U%?uc`Z zE^I1vP~)yboI2q5-brD`x=@M2ejl(S!>q+O1WQLj&7 z=7*Y2i`o2`GjJH@v>4xDfs=uQ9QmxXc0#&_;g*i7e#9#s7!Rn`QC(Umo``Ural)Ck zJwaDC_bAmrtHE{DEYvu<JpsRJqJiAD%q@P z8C4Xq4_?@TOGhSpiE7!SmA+v~hi40_eXDAxUXTCz{E(=hy0wDUR13TNmL-~XqnE1V z(wB1^)T$oFwr$RJ@kd>*KcPL#O_H-qS~u=ECVp+wgGqpEDaklkFzJ#!{)41~dt$&t znKJUCK95f4bzzwKoSdM2v-au*&!6<+sFgsT0KS^5`z_+g%7{(~6nuOa{&xQpP~I<0 zG>NF?HYIgd-+^!Bg^KD0K}?y$lU4AVQL0Ac>*i#h``-mSkC`VBy1BR_5j%@T_+(Hu5ByE~VeWL6CPf4!WD`ph*{2>8UVzPT% zs#5B=kaUvJtIROk>yLyRKvVI?0G*3DukM7}7(c%Baliu1*gj#oW?}z8nP!v4Ih~Aj zoQp)Za)((!A>j2!gXNSz_~JEg2Ve09O9>&g$vEp&S-~u)CXXWVR?R^=c2FELiEndo zRT}j1H~tNz@cPdoD?%eh(obX*Lgd|pCY41Nf$7Y7HfbH1$lM%6)2W6J{tyBe<6Q6o zGVP}U*R@%npp@qmNZNU{o75eiM4mU{x^%x7Aj3NSN@{%ePg~zR!7CreiH0?#HTkCoB5B3UPp})5WuJZOg!n5q z`i;DG+25Ypz4S*|iId6#Owy%+xCF#lNl+E~wjaeNS3wJ83d~oA`XH+y-!Lg{WdmkA z--yqyPn(vFW}pr{t%9zaT&F%gkq{Jglm*=}CveB==yV2Gnh#6em#!Ymu`FqpN2uM^ zUlt6UZIA*`5r`n3$7*8};o4wLZ zYGLV3*!`=6pH@gKN%b`HJ2zLnw0Hx7_YBev2+hwy^3s=obk3F`N|iuyYWQm}7IZne zpQ_bt;5!75dh;klwKRTLp8MzTPnVQgu~2v)iJ* z=9$qV$P1(}M@l7=%rAHQ%tVrSam^PB=akofVeCmxm3E$fvHoQoS1Uz!Ag`qRGvs`D#{%AN))$R^splj6se}aPJej)N;7Nai1wzbp2E;dQvZkzN#<$9Zl}CpS6G8J zSJg@O=*pHI2pg-X$Tv3x)mRK|Oy+5k9m0~5XZfD;1~riWk=oHjTC!Ggn+R)#HqxCE zXR|`BjXc{a>utXpD*JQwtjMDKX`1>)sjHZ8Z?7+Fl#v#*IH{K|QhS)h>huVH*z0lOw#m$u?8!%v!L;{v$E= zXexE;>f;kyq_6)qvbF5^*qMEU`p9K*n1cKdon$^JGXQOws^Yfw!v3R6is!Q)8*4Jp z-1ZCaNzWmMhT%mWFQvnf3msLqi8u(DZ_R){s}_rB?^zDw%GN#bkH~DHs{C`Wd2JD& za7Y{<0?5TrdDJ)Cy8(k@7uEwigL5~LHzgd!wE27HP=fzSU@o(sQeGGv@yu3B=W&E$ zT00ve$!g1`rteJCjhx7a-pzq=q3zS_swcyN6XYawRvef0>mrfACn#c_k3Tr|Fm$!M zsG^SA;M4Qbg>9oA;e7;k+$E7T_e9xY)HZW0{Rj%2P}G|8XBzoz96NTPQwOFBwXyg& z9PwQD(+nEj+N8`UAt1eh?dQ-AhsV(03*U;T%IJa9)M)Kb^iiA<3RxY3t42&WQKJ`O z%Er093WS0Bm+YJklj;o=ndR-c1KOB5S5#q%GL-=NNqR4Jm;Lk*v>k(e?U?TLWV2%P zD@s}EhCz*fQ(+UTv3RDk{)(KKPoCSAUQUgzUKbr% ztw`5%A7}^sa@HhE&yCn(tD@BeE2sxmM>Hc4%I?X|Ps-iAoUCnV?8#dd_h!=Rti<2i zsX0lo{q-HpohKTA>8(ty(A@%S2|>yKrdm;RYuI- zOS$RrI(w<)BYE-?^Q69%I}^1uSq^Y!6tqu6($vvlW(?V4R6aIIWlNZb9?YhDrnA)c z_3$uL!dY%pi0>>g+WJCT;o9Vj5+mO>y3CUOnHJ1=oUHWjhVW9hlD#*%F6$h${iqS2 zjM)B@=xApNCdg4kE3qcY^RGg3Q*v;iS)u8K1u?NbpB%fK3wqUSrBCKDc~f-}hFRQu8wT_8(0%*BH#W0utG$#QJGhs)CM z?!Y_8cx3fNzB{M)ttrXu(>fLARzJ6tHXFPK(~ zs1e~|SgJ`a9N7s-be$%h7z&KVq7ezrXinMemfQF2q1WSB`su~Q#yLDzN`K51&6;|7 zCje6=A)j%_J5KtU5hHKfSU6f2`nr*!E?t1nN9L6agR42$LEY_~p;64%l22{mVT?nc zInR~2sHK%$B9{c7mpk>llJRUjOMX5V^zl1tg+9JmVcUeJhMcr>GSz)=PZMTIFBnHL zy7GqCx4)e|lrLJ@AoGkQoris0VMdE9u%g+(`usa%C&tqHkrBt0Q7e)<8;cVwExJnk*m1Dmf?{Phy<>x()G%Sb` zNG@(xGFzu+uOEXlAu1-BnYaaDEertR!wvg7bF;;~oGe>>tL(3?{q^%yg#2sgsi+U^ zDZxUJ+AQ9-QK7|tIPL_eHb=sBp}_!je@B`#{Nz99`L@gJ~w!TC{ ztPN%OAZS4dgqDhJ!P5q!ziZm;HH0tX*fLErdL=+ip&4D#f<_4wTGyICJAaQF4mmm7I5P>bsFLTi%aZjVs2 zj5O*X1*}EjlQ(0ZFRwc_C|Th{h5a{YUA69nV6B2xpGn6MPA1v4d`9}jfxysc-Yhl^ z+rY2y*qf(Mk?TS2(!Y#wE~qsmH11b)wNm#A*bD-JW_K8YYPOMEPnZJ^Wy3=rDxa>w z9Am>3Q}LFK2bPlzwOCh%RbF*oI=72M3xjC=&*j{iFSQ>@gdXkLu zR6x;)u6DrP+88MEwyVi7J~N%iLwoLq0GWrB?{r*^dE!&($fRrss3@9EU;2j`*|+vb zoj5-q{&7i49^6db;UhU;1gIi4QGKXa+B=9GcWk2?ogn_eT))VT8f*NJjVLGJcOuO< zc_%C`|1}<3eU%m~_G@}E{Qv~(d+*TQF;o8u$(nMCPhXg~Wi)cspUtRanf$Go$G2Xx z8@k=ppR?%~)RmIw;e~Xcv@eyECG@_-ILn5FMgttUW@^;R2n{)ZWN-8+ypb>(|5UGm zOQT|^qFmC^S(+koM5tlh>Iuovn6);t{&t)Fz@n_PRk`$sC&hKEgJt5P&-&Um3a_ zMBbCU5aP&QZ3_N0mTSoKwf6BaQo@`48SBeApfHdcX&~x`)@m<9m7VA*xWP5AlFwuT*@Y3bb<)@__`=FaLPI%isO` z4j;!H7@mq!Nzn3O<~VA(YHjF6lCJ*9RYI3N77kQGT~!Z7=8Th-%$KlXXb{Dy@{r2% zH%cV!ocqYs%_y7f6gr@Pz7*^6|B>K_r5L_HxtyQEt)6joHF5oP<1c!V3uC1W_i$)d zq!&r3FqBA|jnsOw>LGM-cFm-@UG5pz7KirLVxO|7s!3M4e2DublfOt%1KMmz{0SxQ z<_-rI$p8KkD`Qi6h|t=qRj7J5H+fuI_4JM}cF{>j#LMI!eK;@*$1Fb1i&+88Fa5bq z`_sP#AizcSqGXZ@j!LIWa48yy(`iN8&%<*h#8Dfa7o7zfP-t5b^W6JUo?M^YAF<*- z&40*qW!O|#$q}7GtVxAe_q}yNAF01X&9rNUi5ccj0X8TBwV3`kLXjkJC6d?&}6CWAP0LCX^QY>aIcRt=q>Q~rfM23Vz6%{ZiPOh7KqlPzao)Y z10BZ&#w}w9OA+eoBl;cMxSF|0Uy>x<%dC6l4$@3 zuV!sNw&K@cncs>aYqKV5p6_9>ruGcqfPmszqY9_Cv8b{#iQcI#`o&sq}ykWAj7x zlWXVqb4eW=TE;?iQkO-6TZ3c%WmnyeQZF`74dsO&-J2)zSM1A9p8w;^jTz?TE8*j& zTLlS>Wl=#aao^Rt(%?^UB)6W0W8g9(sC0oM&JiEi1OX&H&pIO8 z>7&{c(^I($Oq%zOS#^>tr_+bdyjWLEwBZ;2T@YGtOIOWop@jL}Opt@-kF^{XjP!xaydbYChuJKA!(PNXFL z{VX2s*P0~t`q2z?+~r{VrvW!@gHB|Q-wCuKH4bqpoCu9u(e$?i1|sMNn-=TbtHjtZ zZlOe(FJ^Q$Nh$j~T+FLsn0y==HzvW)*A>&j8nL!)P6OS2NNF|va=76PTH)(&ehBM4 zh9stBwWNLJ25sIi@Zt`CtYQo8E+nv)OH8YN6s|Lrfy24$|5lua%6B13@uh%TTa$Et zhT^3mT5Rpa-B33Oq(Vgfl^|gb<{PFK(=$N7S$kN8uULMO+E69N-vr3B7I?TUpkMk0 zi2Y)ZxzI%3-%!Z2502S)vEPZxdWU{5wydkGK-j8*E!SzDeWrocfzfm15LGYaFlrlp zn{cWQ)Yfaw6l;2HJouy^Drd2;i8I$!-)j8>H|Wd_QD=@h$@?!jSePuG@J)DWEkQi< zYnv)05}P?xol>8gUK#>L4z40JqOQB>wVG>Ke|**nLl;)bY*=~hiaiLb7;?~h!P~{T zyQglv^Z_%yj81{OP8dBZ948ZJbJq2&Cy5~`VL996R8~m7 zF7u%4nhdK#^;|?x9}5Cz%P5LD0`~m%a>RLLA@cIxWo|!0d&e+SGw7Fy2I(HhT9}1- z2!9)VR{IYJof`Veugx3zi6jI(Yhx7jGz8Q6Tk_R4;4kS$&#{gudl#Iv6Zs-h;hMPuyPbR7K)SKy^|ii0`{oGcuY#)3OKbn&X|^*W(8 zt;k9jI6ziaexR|8ufMR&kkZ1DZqh+&eyVraV!rSZEc3sT(smfuHD8D7gO^rKB11Dwdu{B#kbdv%$=FQRsMQ0#YPjS`g$2II(f!PN3i!kt%I zp2&XR9F=$&suG<0+0BLFG#Lva?%sz9_)*4Qu-wTP!r#nhdCd1M2dsK3?{>L!mVdj} z=2%S7_=gyKOeCMm7)7P7-T*OPKhw$K{^4Fq)g+6hoc?j{IAZc<)5xXa)`*~K1mNYQ z%}8SZ%nu#W_G`qeFQV09ye_@fGiDa}*Djsx#3eb1FE(B~6!zrE?FGFr;RJ##5(g8~lew{#M0v5wDuxVij70vf`em#vs%C1)~2`3DrX$3kR1mfnNO=kEAJLvP6N1;TTN*-mvF@zS@r?i zL{sXI>gH^#cq(v2eOn^FVI9pTLl44u4zn2mqXpo!54YiYNSl{qwo*V_W83Jo4c5cX zuyyI9-I|wsu795?Ty0`c67zI8Skw5w4D}U`m_&bXu!$Io3l&$L9B_@DCzo|TbSOXn zRvoY~mR;U{WI0(`(lH;d$~#%b!ej=YEFZ?gJNz@9>dXB&MAmd)>gDx0sqalB%o77= zsghnL3eGm=Vb3?pcn!fXeYMpq_f)dH;2Faq>3!X50HstX}f=`VEZ#b^faTe!%fMcS@d6e8SLq z|9UK|9@VNfRfMZl^v4{t%jozYt9dwhnxGMP{h4&LZM$Y$YQWOdU?!EV*{-5*mR{z0 zeQU_SYa5Y;1C94NGCUY|nuOekxx8zH#57Hb{IArp7n%iuf4RlKs0Ix^>K5c*&TG& zWAsr#*M-$1VLuT^n>Cz*$rrXYHDgS(o8u2k12-Lk(cz_IP(fOPfmZAQa+yumTeT@O zy$FYP*Hee$MAhaE?!^d&XeRNhiFNj2+n>v)no}7AD`A`bCjR)h7)L3hiTNT&w5!C< z6#Y+7?k6()SqiI*&%foqwp&X|SIhH_Wb;oarr_+}mGe8oevP%Y9^JMJ|DzrSG5XHe zm9_HL;+Dd~8XZ%?jBw}_t4nj{PFQmEs_cw_x8h=pYM1WmR78S!SJXujWQ*~AH-FH@YH)=xS_bgzRX!i z9VdLPh%H8R8kyKZC_PBzb~zq&_Y%x~iY2S*8GiRl!vhyGuZe&0$qQ2(zvoNbcwB?z z@a3K_ISxbfheNsLbiuV4mSNomac&NZ^(d3|-2D;8H^%gLmWh;fKqMtqGDl_|5FCBW zIpp0o``#2CUGe9=$jc9E)1ADR0k6m)cdUpKoDfCMW$M_j0AM z!oDhI&K}!qjp}#qsQrR%6{0mn$jD7!jbM5Hg;>$|oX~_Fpt@hRoVZ86+?Bwy;z0gd zv^DDg`wIYx7ttOH$mC;tO*8{h@ql{yV)8}6U~y$#Z$8V05lEHphLef7Vd)N-K_`f< zYAIRgsj+weDW_Nt&!uA^ZZIP0FxwRWe*nBdL%-MPtJec6tiT6z!bI&bicUWB#+t2d zE<5itOxmxJU&h_zN*0;kq_Y0bSJq*S(<$M2tx$TF3P260A1wgQJ5+8|rP{9rMsn))LcaRm*A6z6(XVF@jHlxCD0g)V_Jg8;7H6BvjCpPMR(b_RE;6k zke{q+j70AgEKqVJ7Jn05AAxK68Cmq@2qe69xqk+KnJsV#_d^PgWDyv=H=N&#cAEO2 zDSF^qj9z|6XEtM`jE$0aF|I}{N&^dF<$gpRTx7gE5;D)hO}b>Y-@6B^8O(lkA$yW zfntiT{QqYWd=1C^DoMOdDPb7E!#L0}3~>j39IKX<5e%Btk44_aUDb3NTCiNi=7rHJ zvI9;l#*49Hb|FET^h&Q*{cZe?>Y(Oy`5dJ#7pw5&LVmv;!q4opS+lAsnV7HIXQ4Fazmv&IQyw-To5%)gWQUq z&62m92X82+7LJ7b!A;r9Q;%O4MuC&D6d2h1e8OOkQqqmgGfW5#x#00#Hxk zRA*GQsW9DPC2sY%cny{2hlD7shg0$f-H8?5zkz435}j5nNlf#bs8)K-8E`{N1*XU_ zfX~8m@*<=33|6&cLCI-(@21&sF&;&l0pmE2gm!k^)isl=#+mNH=1p$N_GddPs^)bqVS=PYu9B@hjQNcP z+|2u&|6ISFaUkP>b>(q* ztYEQ#V7&{F2436VNTtQ9=$!UhsxeL+uQY+*0;&a@R%qrQB@HbdE;hZ2V@5kbVZ-56 zh{A=#&HhHJ0%n~PuWOCO;4D-NrCAzv7K>djNhdhpe~bLKYXAl%6wU2Q6($|uz%Ka< z;*7?Wp`rkg@-=e-q$%wt?`WX{V04#P@-n4`T)@+qydPOd^fvx5@&Z} zgtb6vu42pLD(x!WW|KTifRTeL1!#R9-m9OPTJ&|mTmoIk!`VoqO2dMm0CT1-1)QmW z&-6Q)bX>*}zxuy8sdZNC!gGwzMDkJ+)zJHc#GHH|RYd;_OOPsh%LBM`wy^8(V~3U_ zG4+C8oQm@NiVI^O@0rz3bE}ihNtJF~B8t=<-b#NIf16K56ZTCIm1eTn6@D-i*?P^o zmdmp^!Ihls&qzSdXk8OlnFz_qXeA8Ir~0L+!kG}t3~g2{FyCxB=aW!YjGqh8EMQTq zW=LvEFzTf%32ROnB_LHtxdlzEE*d4QIdC0NJCVb3M^~Mbt8hVi4xP*#69Lj(G^$_6 zu*}F-fMszv-vS^#yV-MbD1zpD`{+2m-&mb6aNYbP#t11CwO_>NCV~rNtY@@Vxq5^{Np+KPS^rw!ARP;}NOomTigWro z9RREZd1Jde&ZTbN@;Uk1>4@LV0~scV`DnWXGU?G*N|69{*Eb#GLy)XPa8}cN+{ofJ z!;m^WnZS+nQqSmziR9H|PS^kd~mclipu_au}NP9ln` z9(a$Ey(XrzlB0{%MV1PtB#}7M*93e;46IDmtxi>wFj-Xez2O|DTZld_>4($Hza2xt zTA)^vQyO!V(o8MUt6Jl4-)GH-Jpbi6D-CKSko=yF^Q6hsNhA@;@@I)BYhj*TkEgYO zEtq!&T++9g1{o8@3)}-0WHL@&aw2rLc+(H=jDEMDU@F|jm#@Gv4GG|<@HH=Ns|lY$ zg<43#cXv9Qo1i+li%zSCu|pDn?)=TD5u1)!<*_9?l$o7h-x>o4FF~a_rO|oTWz1T) zgWSXhH_pNbMX%qLsB918$vT_AO(x|vHG3Xp_goxVGcCHPQAWc4K`*=Avp%!5>IfQK?71 zM)T^pGP#)CSoT)`4l~(BiI1DpjBF(W7qAOOz?3Ytq^k??s_`XAKAOmD<1>rTj(?QY zHUl*OOsddD+}p=5Bmp-Pmy*Eys!*p4=IP%^ODm=W*#IDqMsl)3=pp)Pzf6l?r1Ykk)Jhi;37PkPNp{m+B4TzjWXfuuZGsSP3rO0ho@x7i@Ywr#qgopS{jJ zka4Ekdf}-!Ih<5_vd)IDc@EM3Yi}P5Gm#>uv)J9K3)x{fB#N;{Lzl9Wv~Kub%H$2; zupq4&O)bS31%80&U>(cc-NB|4no`06cGiC(o885DD&LBqhl#Q;AFGKv<&-DCqDflS zNmJ@=Gja$3Z9+W9^R=)UKq&}A03jup<1tT|uT}4?N~y2OrJQe?=aW$8d|GW%L3|RO zS%Dj~8@o{KH8cKUmI}m=)e;gLoP#x9G>VG{Pj$ote$C~ePlV8$rN2$f&h&Ya>^Ebg$7@yez9oK#a37`;F&(L@t3~uo5~ioNs-`#4Q*cS&WIRtC znDjdX>vzV1j5D+s=HLlW(R7iDtM`&&?sBAjCm1~-t;f?r$l&~;MB40lXicg=Kj9w}NI3ZZ|8d1EX>cQZP@WUioe3zZmE zKV0Y?P1Gipias>(2v5*IlV7`-l~69`_wkq~2;~JVgfyY7Q=F=bDG^*~N?lKq?sE(~ zyA=nF8*RJ+1aGExx7;oE#xR4|>%K$>TDgh_m1P}QO0acYlKIno%5`wwI zbI>w3DdTUMm@RD$VQ+X&3}=qU0iYc%K4{-7)Y} zK1%6C^R*n4F=f{Cwlt0DPL<520j&4VBwow0qIGzr@$Vk}(|*tI&5|CStzUjQ13~8O zjAMMr{3GA->z9}kvnf_R&`0D}Ov!hU)^iq|Pu_%zHC$?uxy~!c#Z~>Lu)g zZeL6ByDn14L(})A#8_GGMUKp%O3&Nf<~8KabPo`yjh)&Cz-H&<#e34+E|8R9B{Cot zY>5QE8^%m5hVn!9*V^N&sJyTMY3##rSG^U*-PwJ09GA{M9|-Sd6v%XZAl;ver+;kD zaV;c@#a|gRB&sNn;M%_JwIkuPbIQY2c;~JnC4=O!leC4MT%b{^F*SqgmHs43Jnyz= z<(q|>SyJx=legF5hK$D5J%0%V^n!L{JUW9~V67aYAOdpyUL3D@?4fe8B>B(#>G`9^rx{O1{W$RaSPE+ z-u%FtxRnaP(?}3UcYnU)LiXNkA*Lo5QX&^TG9Bh%EOf>@J&MP!;R>oto;%$fTTi7t za1r-yZsM!(9+tF@pY;%6JohfFMOG(}Qvy4p^kE;ARD4FJoe=SqJf(UCV8Z}RbgslF zXT?y3UtL%ptx4t~(zl7OpS2dxeKs#})_Q(sC(bC4@s^zQebE%(-QjMc?CSh6d9l9s zU%!4d`jp5W=t{1>&jt@SW2_VAP9zyK^SOweGe+tj!y@zcZlb(PDJctyt9iI1N8!3s zg}N5-Qs;je5&f%gRmR#zH$a{$p;+;9e@&`Xth=)opz%m3X&)LBh(CkWp#O&Ec_ki$ zC?lb~4?-E044FI%*6qxgg?V2_um1fgU8~iA!xueTTDRG#aM}9`| zOqtyA;$=mf0nTw)f(33HlEa&jxbKiphPNWPq#u=I;eGmJYKOa#mQ>?RuOTovhG*L1 z^Y>isU+@}AmV%nSLs3&S&(@_S#ssWCm*K z%~OyXk_e&~2_<0RUX;dE_sYoIsd_2k`kq{s^`wmFG6#*k znAZ_t`l7}8+*dniU))e9*T^W4>DYfKLZ7wviy2e%<;%#Oi;7}pz*i8hAGoj#zN9dU z*$UP*O@t-j2^&RpL~>Or0Yxi}0F*X)o2=UaJ1Y^mV6Q->(c9F;H<7rUUz(3uo5}z5 z#+q0h&HC4J1Jh$5VMh}+F;8#@`mkiQ0W8`pM{nUpuqV@jHHBN56q{$RR=(jZRLR0RNDD0(>i>dG zAuMPPK*O4i5#AERX52SEN$ZZeTLhMlQ{5d-b;h_R)t?s#GW^H4j>V+dm&3~#m7R`x zQWfeL^OVjT{H}R}$?a<*F6%Z4YC6*`-&==o3yI4iUUfQiv8p0$CQq_Cew7Zq52LFk zNj0Y%{rwiHHqAGqPl@7!J+?&&BEBHP9Pa7f_T=5=jECoC$hzOS2wjO1kRWJEOH)fI z$uK~QoRS##l_KtYlGEU@_VS zpY+1kTBII=0acY^$5Q_~4soIKkBP|dAQi=(sAj(QGYR6Jv=q1ycZF3;uUi2m=Klfw zls_b;HGP{0SxKgbfsG7+=8uNN?%Resg-XE! zSAB>%a9KR7kQR(swgib8=HxU4sMz@JrY$GqPAq8r2&>WfvIbHrXsOAKW_N=qmk~w% z5FrY4N8k_Bo;O$v)#$S97}9VXem_&VhLT7nBEWJ8W0PA;h|Z$&V*!hHFD7ZzYaS&U z&&UYlBD8x01)Z%4W?o840ow*LojULCqVf@t1?RY|o-?^4q>TH!LA#bRLQFsw>NY}r~$ z_OX~M_h9laX<^all01ooP#spR6Ve4_Xn|h6=EwaSAqq+^*TWSJg0H!Hf|UYN1hCeh zE8%1$lZVR3u*(}&tR+l${$)r+TCP6C4zDyIp{qIGEO?LN8ElSUd4`QOf5M{o8iJHb$v0E5P2UxPOx3NL-ET4ZE9I{0wiSM~8XOT^O<+UF%$YIb%V_hmxN3=VIXA@0#|@ zTFWNJG7YHSqksP5QB<2^{9UL+jo80~L|KhU3D5&9u(rsN=qo!3ATSbI-e4D!#bFkU z=3YYzj3Ls}qjg5JvQ1vd!ez!lJ&)J$KfZ}~GPQ>0p%y3!-99}hY$N7r(RTb-3LB$@ zB#2nHchOEtpKuO~&CBh`)u^JaK}C85j_EDb3{BDkO1k;l???hmnhGvgAt7|vna=A8 zO6iP)_Q80f?RXA5MoK429-5@<0TRb$2o)P7(dCIWNvG0Mq>z!!Yv!%}9ZcSqdDS8AWlY|mq>AGufP(pT zO_r_HVAad9i1eDd^U-1kvrETC#3Hk{v$cMVCmM|dp2gF)le6~%q@3}TwUva{Deu!4 zm1ClA2+t8oz8LQ0PP~T416rzZ>6oWy;d0Db{5CO4*F*SD2E2?UR;tlc_DMc}4zMz! zS};jBhgyK~$J7n_lV}n*akj^Gbpbmz;6p5BYc85p70TSGDjJfY3TK}rb@h@qg@oTJ zp|b}VGbKKTC^{r6&8gm5Lgwf2QCgnNt80?=-YDqCWzTB!z8v4wKWFt)=j`Me2Qu&3 zGtSwVo$-ZTfCk`QNydM}2VTIN_Zvic>)wCo)DqO5JQfV95qwGkIzlD8b0N+v5}QUd zH?w=27SwEYtM^gM2-U_6`etC$+GDB+n~Ps5z{P6plkryHSy7F;l^1TqGNsAen5R)l zEXMNO&LW%us5!xpLK3}*%JpPBDNGkmXaY#una=74mNC(5w>!>s=@YxC1QLC7lxE%r z6n7jY`kIT$TSV=WhkFucUYpj52fTOjG4xkSV2Mp?6Xe_Q`P(z=b zQdXA|PAwtOl9(65F}#iQ+<2@>PR!#wA+H4+cXCPIIf5F=ybV#f2Cl|*7NzhO=~NYd zZw2T1&($?CbDasZJ2ubN(V6ZeGfHDxh@Lppbv(b|q7+wxUy(_=^nWqAmRq_7>6Osr zo+NXvq+syrfn!t?fRLV>T@bk~y^NRQuqb$b6i;cx6zunjchd2y{qQvp!e^0Lo$lH= zW*o?LTvT1V)pL7vdgAMo^2LP}Va-IG=%|78O==72?R&!{J#EQnf+dAD7ODW2LKd1* zjf8S`6I*$f8Q#d_LhO<1#zwqdwWbJ0`h;|B*7*4-Wl*en^gPxf7o;`B&Ce|-^XR&x z;hC*C1fqVlQ#|qO5nOns<)*is>C*l3*(rtSjA+s-32nmwlsx!9h79OGBVej%q@>KnAW039D;|5g~X6B5LzPftKW;37Z+k~b}oEP zW2}j-=da1D#F>+@hVmkLVLTxUt1x*#!{RjE!*T$}z(KieI(C zd0R)>oHQmZuVVK$ca18BD#S?C0z(%hhxbEDXl2HOu-dds3^Vi=>3YTC7 z(*I`3Xm}l@7ZZ(tsV0ec>OyiFpxR6M5-WO0a7GSvTbW6?S^bL!R_hwX%+>+pwDT>v~;BKn{~_7oDf zeqYrsUIPF#&y4w9OsC*Em6X(ks)-@eax@xen{?qfV~&iNo{ahYN0{E{gcvOysOJWZ&j`TAOT7ga(fudae$4{obZzuLn`(5HRv>cuh+ zWSr2pltPgHEA?Kc|LYE|I&?WcEVHm8y#$Byt>woEY|IPy&n}ME9YJC^5{y17mAK*- z5O`_A>tfW0{AlvVxet@~N=)8sNLZ!EZZZ1DUOb77VzyGGK-HT~usevK$`$}_>E1Rx za^X%uga(3%j2Y4a&?jc~1786bAsdq0;7^_L^gtd1AetCmuE;29>mOM&++4^e^|H%? z@qlX#h+{I4o0~||`q>CXlQ(?LJ$S7C={19+n)BDM9t%I;ToXeQMk2ZBUsJ-4FHaLA zlG*WH*w%}dl05|1Yl&nAS(m7P*aiKy?4Wco?!CYw@vfp!U5Ihf?}cot9uRr>@!MsM98kicCl+9!znGIT;qQ!is;@7;VaoJoKY zI|n3ywvSKdNiqW+_S+v!defF;`LzW^dE@E(6HMNJ|K`!?19K^n(i4ZER^a_x$AXO} zZvrn;3{Ls&~_ef;PKDj5AuiyAFbzU`GJ)F2W=von3i7C7r#;OlSjrN@pC% zIB6pKJCDzU<__mVwu+&CAx3#Wy1qIRzrT#XjZSv!@vYfM^tRH=G3?EyN(X#NHAxFr zO%2=)e;;MlzkAU7&qOAZ*Vp{ECnPuT!gxyFDn;!exs}D-bn8EgN@h}Yc^Au%6p}0o z!6sUaJl-sMCha!ixlISaC)S!L*=mf%n)zg!@i)N|h3W*hM6X$0@+)9mvrs{5kY?)f z99EUFZuRieR>)=|npym3%F_sV!u)=$TZRQ_J~tYB2xxMIYLW20QS>iHFVd$+$prx= zI@68Q-vzW0?B3ehNE}rorDu#<&yR_}m8^OyUG?Q7Nv?HfBal%bBhWj?{TZO3|A9|U z$z~|tyq_Y<+qz1RV)FiT5}WI9b2~pr>avk6G9jQ97}K4RM^)i$0D!2xC3$bbc2(mJ&$WTE1kRBkLW(;YMksjbn+D zi0YGdqm0EeJi?k#i*XFJG>aa|<{wrqN?#{+_4DmtM|a@1i~^bX7CC- zqzcHrMjD1}R3nS!84BQioG-k~`##n7$?WDaP+R7K%s_n--MBC3Wgb9qSu}a)Q_QU{ ze0No4cz$ax{xzj|66fQmVljCF2XielZw5J%WwE@C2P&kVtRSJ(V~BykGrS6}2B2Bn zo{C~F-pD0FQY>Ny78P&_my^xiH8hSoXJR#@xcsat=6~WLB2B=h#j-iSPBE}!(Go$o_A!}!NWmhc;q#C0&><;Q~`yExcfe;GN z*>mXbdjl0*(&LeFAfsD-(oP)#LAQy2JSW+M1}x1N;!HC3oyF+TaUZh;!GT8Ha^1_^l8!M-_QZ;FKL}J=E%?pEkg&9 zT(;o!_tG{}I3N*yc5YeByeF~TF^%Y{cX0l`lgfTGaOZW#flPWT4s`TS-)C2Ur-<9O zFr8dAe|jyoys4}7AS%=&nuV4` z5_GF7qzGrDp^Zb5qfu3wIfQBm@GJXkTjO=C5jA&IUbu_wd2%xHIq7tvUA>p{;rM|I zE$=NOQd6Y@K# zGkWG~h6WF!gklYBQz|H}G$82|k;7&rzAaURE9}FIShKhx0H%bnFr2*0TUd<*tS?l0|oV8Ao#pgdo&8EM)We9bavcexd zdpLY!S!MLFy$Ll+&c?J0PI2A*5mI6pfIwlAaII4N01{QH5vWR6lX*`PS2fC%qTgFt z6_ZPSeqI^x7e=r;Q@@*mI`n6JUv8QlJTT!UH3}Ig$)v?gcip6&*$99$7=+qlLh;|b zVo*%CDKNZ>)#q2{lPHT^GnNrq4dGh}i5thbeV_#?)uWN5+UslW`#9!%4{B^c3yd?=)YdI%BGc=P7&pZrL@L!xwANrGEkx#b?sT4 za`XV+G&2%pPI*Ad8(kU!RT(klPAU%=mhi~hn(+U=e3-Jeh2fr=rI8$71K6MqMdv&- z>RIz>(Wd%X6=1>WB7AdFelQ8RbZO|%%Y!otWR8oLJgNZ<{CzSJRW~(xTg&@5FRh>s z6lHIz<^4y`9SRF^z?;bXShk~s-s?LWP^B7U&808Qs|bS#PiV%Zod8VlJSyk4^Le1o z>5KxIQyyvh>74RG^2V8tfGU*3I1lgO8AAt0p5-Sv^Swq^z6tOwnyxJncQ1K|Cr~jU zF-f24$adj4AHV=^83{6}XCm$o@Tb#96VH*<Ij?-z%-N~+NFE{ zlF1nv0mpqHx5Q6oAV1x1-kSo8l8qq)axY0cngahnl5JL-WCdUA}x4S-_k2?u|dS%a$Gge(tbg zp=7~=P`YqoD7*UVkW*4}{Ilf6`8NUy$ed@-yk^CUaOAPaLgnkPhqk)9PVc?|RmddZ zh5XLrx5S-kH~o!UUJNZTyuiFz^#DyBKaCy4N&)NGFMbh!vhwpo`L)-Eira1rrI%bn zEvAg50lCwpb$0|3km>HoWzhGOT8=&YY&i7LL!n{QrW1NDvruZ~=s;kX> zHMM|EC0=~~RP!SswR!F5o{K+uqeg{cpZ;_hbjKYbJC9I>q@5Qdkbukpe$0}!$DVm6 z?EB_7L-YRq$L~}KsQ^@l7`Q6_QrSLaN8@MBofXo1Uwk_~1`~Kx$!eJJ0+RW@j z9t$@z9B}E5D%8^W4ZQ$?Ca&pM=u+^G|n*8uGl zlF0Hss!8uBHTk~4H3rYOSvit*B(JwY8xUhrQOCn&V#-pj3za$p$43reEozTZTG<6K zRq^|TrphySZYaTlu4v}W_>)^val#>;{n3mBQontB^cJqcA+L7zYRpJY5xCNTQ_8so zz6wC6vnCPkF&nub)wAkFi^A4F_=7OvfBw&qTUy%LSCaQKXaqWc>KSwc=WAC_1{gV! z830T^zdLI>%%yq{zSF*O$pNlUJ0X4^dRlW9FIEpi#9>rOL z2G?H4`vS=%q?6)KB%2c6n_Wyv7Nn#qj;|xcVe9YwPMG-De;x9M4o!DC`JI6ykbq1E zKC}ohkfeqK*j&6bQ9C*#cja6(9ZRwvXHt+T2Hk#p81}#ey&h+j1JDh+`R4f3h;Pop zAN(L3ee%iZlqcA%21Jxx#&tqQD~Wj@N;LY`G;H1+w*BEBhDm?__lZQ4f%7!o<<7Ug z^ry-1em4Sb@Etq;^iM<0+i%Cdoep4>Ue>UvRgVN1C6@{SVEXsI7smen@Ao>uoIF?t zPmcNR-wreW^FPDjd+s?7a&kfM!0E^fo!lgaRrw@^ZF(s008r(gl9rhxkbq2vJ-0nL zvDGYD5_^3*fYDkM7cxL&%NsW?Ou_o3nK*ys$oO7g{i8}X=F49WQ}Ev@oG~L_wjRKH z2LL<(;GEnftf!z>4Qf}bYBkNn&m=7~M<4;240>)yo_Z=A!O701f6Du*Ncy#Ctw~#r z^2Ux0Q@`t)~r0+kWNPa z+OI`IH@n?(v>Rz=D?H4}{Zn<)#GSs6egFEep?1xhbA1cR^}9F%3CMJDz|O_ttt>)4 zc>^kt%^hAZ+tW3DP%h}OK#x4}MA*{~Qm6Y~Uwu|~*=1q!KmKDd_l#{n_qMGQ-bFIl z`;Bmk>bLVR{vtG2SNBynlk4=t2%LVV_QC~{Q}lcU4t)2!p<&CGcp{zbI`cPaXy;x! zUhNd1dHnIPn<(i1(h4U}4wK=SROf8_1=CJ|#>j51QMM*B`0f9K-;ceNhta9+BpONRNq_S zpU?%J?y_;lvu%Y4*8JYFNd!-94>M48+6z#g%;9uAK6%}LMj!#1{_`wO=}9%dFllqO zk;|$L9h-|xfJw_QT?QJQ-1^9v3EYCG$+xqyE?V$MQbaXGlx73sj?bpEYYBL?CwWEV`#(R`|pqUqa>rJ z^2tqgG3};)5H&K9W=4txDOp{6oA>fB0wAm%bG8DX(HP6vCV~9h+wRk?p*cWVmrsN$cMukbq1-eLjbN z`qS7m`G>TM(6OrmOnUk0O>4Ar1(JY3V?Csn!c6WY_y9>3?#K;}@pSvPCc=x}J< z)NtrP)$!v)HhwfYDX!x9n-^alihuu)L+#)Ee^gv+js7Rb0-5N$V@rDmzf1ZBbM;zn zva+Ei6#x2fbv&$ZUk{rYvZqW7t(!N-T*R93b;?V(!T8N=YyZOpUNJjg`orXRzZroO zXIj7M*7?&B7fmzjz>`b1gs(rpHvGo2SHcW#|Nn3A+QXwNvi#|gbdnC_0eMUk2qcOk zK|x+31`yveI-lr_vnx2xy1NeQeDlw)j;{W}?l{gjyE{AII_i#&nwA2 zkpz1Gie1FmaAJj!(9(rHj@rAVpz*M3x>GQ4`X)40jy_+ydjjDD8>RVi?dKUs;KZY1 z!e#Q`0Gb|8Xn1=UX4D>cSnI^q-PSM>3qJpg-1N~3$2y(vbEebCx27fsel_T{fANKI zV>?6clYjvk7xalT0Pt^Ydz~Z&LPOK`B?M$s?=VoGI7(_qje+SvUk(oB^}6O~hhuBu zWwK%bK(i1)bL%H79qV+u&zVeXhIUq+nv2$ic3MyumVc>Q8-te9Zeq;Z9|IKm@$P0Nslg`=dbfEvwx;>ROOtmw~2!w7pCXcm6{ruaJKtCB%LBoHx8V-e5RgCG@PnQ&`(Ms*SJ3VjYn%q14HuVtd+oIpeB zuC7*R^UqxpFd*Zi{>bbMX)<;#hAdhm-yMlhfmWj*&FC92F3l_7pOP*&O-dC4&gQ~7 z%17gm!WnD@nz>uwkh$-?AUP=sn3XHyi}y(WNUx+M#z_xAg8-9)w6VBfazaScAPn%p z6dtwHCE3sPjgZ__Y^RHKf=dE2^G0E7+mz4J)C@O6nOAFOw#pCwprerMa^U3kCUz_D}pKC(=#NO_q-jwh15J zDLKhfRoy1Vi*J;~8Kb59*FRH3-_&TFhPU}36KFV(rW?GZZ+K0nVjfM-cYh@F$ET># zF^-VEu=$vz0&IRbZL~s_5xDREo&QqI8C}R3RZro0~`fqLE%VgK^;e0{PM=m zM!Ej{RJkC_D~B3;WXq9uxi}|L2#klD)1`fNiX?Zos-bLqYjr?%e`BLP%Y1f$1dJx* zf=SUHDf*$&={#$Pr*F(?`PVy3l^fxjG)*LOBa4z(O_oYG=m+IC!a)pyGL2`TcyzE)LkLVAK+dtNHa#mla`E_oSc z4x+Atbgyiw?vR(ZHAq`RC~BTli}lPIf3sy`qO%xGY78V`Kqdx4@9UO{{?I}|yFZ5I zb(FZKo}m2Z^(r|~-y~dy5Dn2~QJj?|e3)nF`{eu#uN3DbK}$%Gj_x2dg>Lz{V2m8mN_CO-bB?bEeC5Go#bWBH`lS1fB~7<%D>m${m=m7FzsJ!E!IqJLV5i? z3Sgq~#qj%lyYnG^`Ljl8fSHsO9|z4sX*pjgPp-K~)s!z@#F-WAdn z@W>BK{|mcSMz7J7RILYq1!eO!cPXtT9i~nkZt(7&7CGA5qck*rW?Ncerj^1cqcyh? z(6$IHJL=dzMiKSM@tO|Vj)OqCxSP&mtpC&vP@h8oG$_Y~O)5*4xpaX949K{k6Eq9$ z2}$DX>~{1!=!Yw*r&9&bwys9j-|z3tQ64Kx@_{o0X5kQv_3Q|HP;{ZIGMz)8B_qCH( zr}L~q*?^2yD(<<~FG%-rGz>Y>YJO9El4?Eu7k1JU&f=k2WONM9C`u(XnpN|cMJDX+ z#PBvZlCzTr8a-j}s%`6K!KT%67`~V0&Hx}kUA+o zJ>8yVKD$5yC-#^Nm>RAu97{@7O}EbO)w0kN&iFa2^_bFTxSmNJ03LOQS;WVU&)k_h zDvGXGCqB>6@9n8f;a?;eUF9o;NSgnryCJA^~GAxu7HH z2N{FevxieLfvtYGP?O=ofZ3X?AX5}*lKN30tw-nc96%iyN(v#2HRCj|_f456uVJ3c z;m?~6PBvWrO@zCFuyRrJ{>ay?a$q9;F^n}s@`m@+Rv*ki*GRyC zOpLpN8VEt=hH2xa`sR7k^hBBBh;L_WxCg$$>5riQ;XA3Fa@XH3=*_vpBb1UBAJFK)S2SZvHvdVkD@vA8ci%H$t{Qh95*kZvnRV4QE7UWgd2K+3 zQg9y`ka0<$c)jtGJ$15#+?yDEv4IR7y$ocsh7tX&K-0GN74bo%$y;{f&I-}6RbN%1iV<|}4sRV}hXs-^yfB*T zOqoHJz*&0j4RR~af!h%qyb}r~4x6-*`ilbRZ)%d(FL$b0w46!X>p(qRY-F zu@65S^8J9%zMR1tXtXo9?xmOH&@<1TGGDE`_ef7|osx-Dv_K6q9*le?VLxp{?vsE4 z85i}52O2=i)TxRiK0Gv~tYnSJdwjzNYu2D%r(bv7fPkic%^Il=@9!Ng!;Kp^Mv6KG zR@Wfon><-OmiWJsFPV#&OTd6k%)6jB1HS3gRRRZ!?E#wT^o;B^^!D2lw8Z@FUCY`3 zbUHv&^Sj?g#UMep@vXO1S!za3fz`Fs*N0sv4Y^YS24q~;FQc&StfqR0IVqXpn7007 z$E4+xPju0koE6YK^w6oBPA|SF(Ev^Jr=Lo9O^s@sZnw3edXqb*r7c)s%`(?6l7Imj z7j*_%Nh~OkqzgjfCJ8cjlWB})v-zW|SI3%E~=br1A|9bdwNc@pzS+=EB ziTI~MCb6(k6330x$>!`b2^f%ZS%;7vY6v8?*O1L5;@lbiz;z%xf6M00s%$L(5oq#% z`qNX_XaJHmeE?0{_U+QPWs7Ro7-(vF!en-rIo8NkugH1=6m% zO6_6IJ0Ep0nR4+~*VFWB;7GM=JA==$NX88}oB%XVBV;FxI`siGN1lFKHG}QU!_JX* zst)g@$-TbQ7cH`9o6jzifB_j7b%tgoJ|jcY=FL+dX%gsZ^E#h9CuWDuhmIXPq~Xth z)>$z<+kxgw%nTj~&>V-ew*#BCk=RcAdL_m?)}|7DG2X1Kn6}&8ynhK8km+AOG0V+d zvLtfv!(E|>d65KMa9?OW2jwV6YkJ@ab_3aghVy8m2AbdhUb^e+rTWPyRZ}=q)Jcmu z64qi^Xv}T5sj}vudnI5%#-)9eJaM9=%$cLOqXXEwTLBXp`k^3fMliPR!N(t$Al~q9 zAS=+2qmu!R_P5lnS|xk##bV5Gtlome#0Ze;c2TRV4TFpibBcV$#X8HJT`B&qrW2UNHA@W+PT)dJr}sju zAsv1Gd1-v_J$3Dde;GI4DER{b8n%b+vJ+$3G=xXn(yqKxe3K^Gicf!N(qR#jv&(r2?7<9*A0_A;56oC+%<2 z^|0N0!`hq&W@7d|_vkEhcEKu=!Tv7lNz4AY-Ne@VHotVtiTWJW7(u`c?$W}R)SaL@T zlU2@oPfI8D67!aaQyvBjLyWBhE_a*3ynzpUXiKp20^S~ zDrCt%8(3sF_nB7@b;jao^fG_ZC|48lwLkzu>K2$j(h0ZKiGb5QJTp&`E$m7DtEbeg z0g`6LTy$w-EPd!@fr=qPT}DIfXu0C{an7jdk5M0@Ps_xkO6TogO$70`3%s^6HMJRI zO<2f&ly|K?W_K3+R(b&=Swjdp)jx4EsHqC^L8jP&yuOYiat84Y;)`f@`)hQ6r7{_3v44*SLtt9&?Qlr-*# zH*K(Hkz)-knzk9a#%aP&=<$8>*;zS(z%1o>&Rzu@^Y&MoO}0wU-GLhJ3EUx7DL{*hV zVX<8{$!;p>uvuBoN9i+Us?gxPMxb?dk#LDu5+p8X6fAhlK4*QnG3H2v}eVfBN94 z<#Wsk7Ycfyy2Js8`nW(y3#3I*khBuy_9kWu4J0K}m?m>6b!S zi9nULtxeR2ts6*EYq48J4MUa`*LV&Bc%V#OH|ej2x7ocZ)K^oJFY3Bx1npj&buA^A zOt0U+*$iWJpi(}4GR(UGb-oX8l~i;~kN(vG(SF9-boYiysL{}8XC%xg=ci!*+D?0$07)% znu@sKpyRSc6{(btp21l7Oqnf+RLr-x-OY5||4fcC7bZH|f~VJfxBRBR(zdac9PQ-P z_5FH#xcNHz`|$POQ}<+!6d&AIO6L$+BX_hfOtQ5) zeS1cQz|~u5UNYI=M?DvS(=cZ?m+DvYn5IzFr%6^=xAU0UC%p zU~va$sWLB=k8<5xFUP2G2&p?vGrzs5S~JqI`u@E@u_|!2v|LBBI1ZI%a(%&bSzvv3 z7(|vDaQV><A--buW>Vv9* zjrCph!fjs<-=9rrt1rCnv;@8y@9ZqBENwCMD@^AuHw4wQtgNWM4yOT^5+Vov~Y z2pCC!W2SYrmb)nxXwBrUsA?jY1TnF%UtoI+&PvyJUt83?EBT7(Dm}MWux9@IQY1lR z)B0nhF%`u3R8R`C`NrzZ4T@n;o#;eB=5FbzhD#Yf(QbeYy}T>TH`qO#oj)+M Date: Thu, 20 Dec 2018 13:11:44 -0700 Subject: [PATCH 3/4] updates to note --- .../air-gap-high-availability/provision-hosts/_index.md | 5 ++++- .../v2.x/en/installation/ha/create-nodes-lb/_index.md | 3 +++ .../load-balancers-and-ingress/ingress/_index.md | 9 --------- .../load-balancers-and-ingress/load-balancers/_index.md | 4 ---- 4 files changed, 7 insertions(+), 14 deletions(-) diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md index 0a505545646..4c72e4dccbb 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md @@ -26,7 +26,10 @@ View hardware and software requirements for each of your cluster nodes in [Requi RKE, the installer that provisions your air gapped cluster, will configure an Ingress controller pod on each of your nodes. The Ingress controller pods are bound to ports TCP/80 and TCP/443 on the host network and are the entry point for HTTPS traffic to the Rancher server. -Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. +Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. + +>**Important:** +>Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend 1) dedicating the `local` cluster to Rancher and no other apps and 2) deploying applications only in clusters that you launch using Rancher. **Load Balancer Configuration Samples:** diff --git a/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md b/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md index c6643161b36..99edb3c1aa8 100644 --- a/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md +++ b/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md @@ -19,6 +19,9 @@ RKE will configure an Ingress controller pod, on each of your nodes. The Ingress Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. +>**Important:** +>Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend 1) dedicating the `local` cluster to Rancher and no other apps and 2) deploying applications only in clusters that you launch using Rancher. + #### Examples * [NGINX]({{< baseurl >}}/rancher/v2.x/en/installation/ha/create-nodes-lb/nginx/) diff --git a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md index 0166a9ce3ea..b7f03267f10 100644 --- a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md +++ b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/ingress/_index.md @@ -7,15 +7,6 @@ aliases: Ingress can be added for workloads to provide load balancing, SSL termination and host/path based routing. ->**Using Rancher in a High Availability Configuration?** -> ->Refrain from adding an Ingress to the `local` cluster. The Nginx Ingress Controller that Rancher uses acts as a global load balancer for _all_ clusters managed by Rancher, including the `local` cluster. Therefore, when users try to access an application, your Rancher connection may drop due to the Nginx configuration being reloaded. We recommend working around this issue by deploying applications only in clusters that you launch using Rancher. ->
Don't add an Ingress to the local cluster.
->![Don't Add Ingress]({{< baseurl >}}/img/rancher/no-ingress.png) - - - - 1. From the **Global** view, open the project that you want to add ingress to. 1. Select the **Load Balancing** tab. Then click **Add Ingress**. diff --git a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/load-balancers/_index.md b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/load-balancers/_index.md index 0fae999588e..77afd316aa7 100644 --- a/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/load-balancers/_index.md +++ b/content/rancher/v2.x/en/k8s-in-rancher/load-balancers-and-ingress/load-balancers/_index.md @@ -42,10 +42,6 @@ RKE on DigitalOcean | Nginx Ingress Controller RKE on vSphere | Nginx Ingress Controller RKE on Custom Hosts
(e.g. bare-metal servers) | Nginx Ingress Controller ->**Using Rancher in a High Availability Configuration?** -> ->Refrain from adding an Ingress to the `local` cluster. The Nginx Ingress Controller that Rancher uses acts as a global load balancer for _all_ clusters managed by Rancher, including the `local` cluster. Therefore, when users try to access an application, your Rancher connection may drop due to the Nginx configuration being reloaded. We recommend working around this issue by deploying applications only in clusters that you launch using Rancher. - ### Host Names in Layer-7 Load Balancer Some cloud-managed layer-7 load balancers (such as the ALB ingress controller on AWS) expose DNS addresses for ingress rules. You need to map (via CNAME) your domain name to the DNS address generated by the layer-7 load balancer. From d6d96d0c1b992ffbe7ba23916d5016a44b444f04 Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Thu, 20 Dec 2018 14:39:44 -0700 Subject: [PATCH 4/4] updates per Denise --- .../air-gap-high-availability/provision-hosts/_index.md | 2 +- .../rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md index 4c72e4dccbb..1048763f0d8 100644 --- a/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md +++ b/content/rancher/v2.x/en/installation/air-gap-high-availability/provision-hosts/_index.md @@ -29,7 +29,7 @@ RKE, the installer that provisions your air gapped cluster, will configure an In Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. >**Important:** ->Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend 1) dedicating the `local` cluster to Rancher and no other apps and 2) deploying applications only in clusters that you launch using Rancher. +>Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend dedicating the `local` cluster to Rancher and no other applications. **Load Balancer Configuration Samples:** diff --git a/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md b/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md index 99edb3c1aa8..a062c9b1108 100644 --- a/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md +++ b/content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md @@ -20,7 +20,7 @@ RKE will configure an Ingress controller pod, on each of your nodes. The Ingress Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configuration will vary depending on your environment. >**Important:** ->Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend 1) dedicating the `local` cluster to Rancher and no other apps and 2) deploying applications only in clusters that you launch using Rancher. +>Do not use this load balancer (i.e, the `local` cluster Ingress) to load balance applications other than Rancher following installation. Sharing this Ingress with other applications may result in websocket errors to Rancher following Ingress configuration reloads for other apps. We recommend dedicating the `local` cluster to Rancher and no other applications. #### Examples