From 2720c889e4df9ad3cc9c33ea8c461fa577e7b510 Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Fri, 10 Nov 2017 09:20:59 -0800
Subject: [PATCH 01/13] Adding running on k8s.md

---
 docs/img/k8s-cluster-mode.png    | Bin 0 -> 55538 bytes
 docs/running-on-kubernetes.md    | 496 +++++++++++++++++++++++++++++++
 sbin/build-push-docker-images.sh |  67 +++++
 3 files changed, 563 insertions(+)
 create mode 100644 docs/img/k8s-cluster-mode.png
 create mode 100644 docs/running-on-kubernetes.md
 create mode 100755 sbin/build-push-docker-images.sh

diff --git a/docs/img/k8s-cluster-mode.png b/docs/img/k8s-cluster-mode.png
new file mode 100644
index 0000000000000000000000000000000000000000..12a6288ed58235b497d838350d17b482cff3b609
GIT binary patch
literal 55538
zcmbrlbyQSg+c!EWQVI%4Ny$iecPI>9BHi8HIfN)3(hbrvbT<Oh-OYe>ch|S|dEW28
zbKbMoS*+Ou!=AnGxPEb6_q~HZ%Za0-y+Z?mK<JVZkS`$6vm4-ri1G~h<kfiIHt>dI
zAT167J^lUp*^(ave1d8xq3#F*y~O_eLI5SF;sYNdJ4wolBCo#0K;i+b7sX0~K<`14
zkWWf(^ZQGtUYZ+oNXMF*)8$5emCftcR4zn(_Ng2Dh$wF)@cqg)sbOJXG&Fu<Z%a%2
z#cTh}&CUJz9Pt?{LS>yjR*!nbfm>HZvypnG(ZPc^_a}w*mY@TzCtbl_Q+{4v@hC=t
zErQ~Y?>_>K0Aar+%>VoT!})(dsv`sE=so-M=Pd}N^@_7pJ2VDlI9drS!wv4rzI|IT
zg8%~g2EY1u+W-6YZUat$`{}9uVNXsqp9nI0x;&6;f}&7BXyRUoib9lBv=+^oS7L`X
zYh|dhoZr1N?&{(u?BxZ4>@wRV>a|Shxj92Qs<CE?hUc)jQ!6fazk#FFz&or-{5Drt
zH#y*nS^cVT3G-)}pRovT1lqo_ytpa{+U^m@2lW^m&y8}pxrU<hOyq@MB`_~?M_jRh
zKw<QGjNgK+RA3V}2@o-~Z^CUOc+EmnP{|)kl!}E@j~{<3!<>22GGW)xK2>Wl1cy1z
zT6v@~o_i;;QU=h3_iXi0k{`eL+E_$Ol0iz7;K`p}IxJTxlNT1eYR4_s(s~y|YiMBP
zz=P?WG(^m+ZP%a%R_N)$#;oEz_njk>ld&o$XB}TV!N2ebog>otDV!S;JK)ZrK4if`
z@al5e(hQuPl@%)`m|<I`5l&1ju#9LVhlfcpzmP-$uHY7?$I$K|id3UTzkYB@DG|v(
z^Jp2Y37RqU@I<Ap(V&fSZ_zOn7gsek-BvhpYnJmTTe<4_-6h(;VY<85$%tHu0nBI)
zqOd+NI0nJL=cj612XMjty~EQvdGpq_2ZUU#3r@Nn62rZ~HPz^GF^#vj680Af?hSww
zHgRx~Y#nZ(tuf+}oRgExKDZ3pQV`ENt0W$u*3aaX3s%m`%25vPz_oSC>KdC<%@uwZ
zz>12vJ=oo<+3@ItzR>zx@}UQacwRN84$pr3Mj$FW$R<Za{XT02fljH2z;O#rG;2l2
zbayu*As*=&0&XaW=ZQg_2Jvkp1|D8rDi8MKi@^=tw>T{7A*&Z2TxGgPS2rECzyN)h
zv4~Gh=B44{s)x`=y=BmT=fUrtVLO1QORZeA<G6KsjYS?6RfWfZmKIc0n7O*`_uTKJ
zZ;(U2ylVGvB1T5JzTVH>zuzcWDq{Z~BGAdT7v=VB@$?^JzQm&MexWmFPD4X}AK!Db
zL=9}nW$?N7B<QkEy}GF~sZgWWmX?O8z`}yZfFZ(t`)x{WP`x>^XUlW(a5SD#i;>H8
zo?XPVX~{&fr|0a&*Ymy@LQ6|)6*|lf99%J)IGY66=DK7CTnK2qRADNwq1evj17vb+
znFJe89CA=n!k9mC;K1^N^;15q>dZ+t{3CTLyR*d?kH$G8i-N-7;84S_a)#C=b4JnP
zqJ`L4=hoIsx>ko_1Tv%g5wesCn)LC9pG@Dg=F4D)KuGGE^0K}LDcRc#Mh2Rv8BXps
zwIOl_b|Mm6s;X)$$9<$8OlGBEp~xLDDuNZE;id>#;wB7S+<Dm~Se7SX{Y5<Gdth2D
z+n-4q<qYib*PD*KDMHvSDx!@fHl%fCt*q+83f9VGCI~MiAfU$`IB+1IZ{m7`VkVyv
zPxtmql1xmr11tGn`Rso5Qqx6AiGJ6vh6cvroCxGZQj#qsBuJuEX}(w`N{uKbQ38_R
zKafNVj$9DPE(ns;upSyBi3~(VtBH$iZxXeChpy=VMdeG!Vq?gg;Al2hEX6PHEG+8z
zNve{DECdu)XYf%*GerafI)2B-jv8j`vkz^)L>zn$OhunrF|5d7w;KRW1uCjc`0&_s
z<iupQ){j3p&7&zfIN0~>8WxMzdiLbf-f27&nMMHE&g6?ux^ONy%ir@-t*J5K^H+tk
z*Lg8v`&QuSek00kh0@Q=>K2F56oW_|K`4|g-wsO!ppBlR`cj4@iQ(N<g<pp#!AZjH
z_erVo-Ru^tCvJn-CojG(Td;ohlucvtcmKtn#<P$kR(9plB4hkT%EZLb+FC?b_9`of
zl>l2@qh@}kgG@X`r9_38bY$%ePs=4qp{xv6WMOG@Xy~b~^!DsMpHPPTFCzYle%fA>
z8de<9HR8Xa92WL1hkWysj92qclhT+b`sc_2|D^ZDuIvdTrqSpVE;(F-=*fp)3BH<#
zVQJX5^9S7@Hu-$iO@$v!t+jI>Ts|z+u^nhb4D4OJy&c5FuA&0Jn*L(R!3=hTPm#P3
zA;FYQ=T)Z0qEVv#E;Z$~DMM;_#@v^8CyfGAdpB<;`IpO?^^?N7ONWPZ&d-Z!6vI5A
zW`TLk(Y?JS3855Nn}X8iL&YOohOJJb2KM>w<+gj%nEWexoVzE(s%@Uux9c$^mIjTy
ze4(!UKj_}7H#F>CyG5y`#>e4Up+hg7p$WSHvZ1L3%in5gFuK$70s^?hDfxtS$#JR3
zDW+7FFXFkaabKRT>^bjsJBy?ubX@;!5^H}*sC;akv$IR3TJhHgNB=lvgtm+ukNAEg
z$lDT?fwm^}w_-8L{cC3cXWy>(nV!Y8e}s6XMFeHV_HX}ql#NnQXs3<OWT~!W)2HBI
zV^bUJ*l=hfB{|bbw1~Vs`l6trqGIQ-$K@$$M1J<mh#iTL;l;v4>VSv|+u0-y0fEe_
zm*0Dy57|9yuWG%%bai1yDN!0GuON!TrU1%#gHoN!<9PlH!G!GSp33;}mc^7lu{4qJ
zdwT+N!EK2>;>EvCJoEE~Z_&}wsJqP>Kg+b6-=9NvIik#pxV+3ccLHkwpUUMclH;;5
zXf!7L{9MSWS<_F7!fdHoqhVr{JTW!ZXKpSWWd=koW%k(CMF<5}rbIP#t$S5T+O1`I
zH-?I8Yol;&jj7?*B4w(7)!~D2<>nEVe+?{jM@)y=m2sll_^vygm^V!)A5hM@o10)7
z8k>YrrZ*DCmD$J`0Dn^FIslCt{3Xm!64}SHbf*uf$L;Pe0GmP?mz^SI#z6laTDY3#
z!UMN|NrDNJ)^_=Vs6j=~0Y(cvmcuwiIG5Gc<+fQTZ+LL;f;Bv*QHFApLMDUF)Imq*
zo5cBsI4NKnN;Irf#bS7jrMw&}Cu~f0ItouuN4>58*_3U+E-OLzb85`4-(4*5(V_5g
zK%=}fB9mTbDZ|h&`O%E)=0aTe?Re8<M$K)l1#~p}i%;v9JnO72rz{=>Gqf@RT|fbY
z!#rAg)(AGorj?Y4m>6mntc0T^2(Uk>QuC9@+kGZYm{8YI*}S?@qmP%M$5?KmU23W;
zE$Ux$VH0^PWz1@+iZ?;DU{lqQDpvu?3JVSn3vp=DitCBs;No=g*#)S^l8&xLhbgoR
zD+J>A@n?2^=?=tba*r;O_$7&$r={h|a9So|Vpz8?+~;x-<-2xT8uHb?e#G>eO9r<W
zcYWEws-6pvmX?;L`i@IOqDWl75hu(!OHQmC&9dMHVE(??;WxhgKCp56;@ODnTI;!A
z;q^{MCQC{uCfaw%x)ZN>?T6}*)a!QKf*EC=s_vV;o?2biDLao@iR1Tvzdj~kv3@_l
z3rU<=UPwZXpIAd0Z1wj*g{K&+>Mph1jG?q$9Y2wRK&{9+Wv;$gDYuCV?MG*G;$~ul
z%+N5T$)2by7iRx=nr6Ob1@IZc>N8HMEk~Jl0eV1bKLYIf|9spgyiI)$(t3NF&Vjum
zyqYSsx^4DL?JMvN=BQN?T;Tov9&q?yj{hVb^#9?g<yFu9f>|wYb5kV{bqi>i7^Dai
zM;rWU+K(ltW6|sPtnV3cw+{y9`>_f`y!C;=*n+SL{$2V1cSC;J>7_f?ySWoHIw~vv
zI_fFJPeDX0Waq#I8UncNfDS`vrIw30Mca--{3<o8%N)<LkBbN(BVyl7<g{z*o8~a5
z)E_KeMs>CV>XHzIHn?&1-!@fZ{2KKiR)m#Chl1_oy1$It^FMSYaKC2uYE(qmsiV@j
z*c^4Sr7!sb8HlApZNWLLo{f3wXqVpeqFNRSkr-d|Q+~rlPS_i{(BN)Vzt!2>KR(k!
zC;dNMeV)?uL*YxK;;TpSGj_RCH$M;JkE4DpcuqFM!@TpQJv@FabS-Ad^nyrR2!M0=
zgdBkH^qb#{y*-ihYFL>Y70?D0Uf-Y3S5t8pqMR41#bJvs`K%OVrtS*meFG=qO~KUe
zVsd>xZId(Um~<OAba?qV8^~9H8`;o3;DfGw6E$5qy(xMn+rBHE#crBXdIa^<9uFgO
zgtdB2=onjce7#c%6mUKZPQLwP*dKeHx*;k+qIsiwS5zBUe;_w>-dAPYM(c#5Sl_cs
zuid0xq%zoc*Vx^Ovx)lve3dI+C6z}j%Jl-Q-b`B$wG@ROELWy(I3{fh0wX6b1TQQT
z=)^;v2+5Oea-m5WF|6gkUR6E4#%IiMJ@zmAJ$Cy2ssw`p8JN2_PH&v_QeUL`z)v(C
zr9E$(&A-%CmR_69HI}H}-==?^N_aDNg5K2V)SXu5MI8|jqsnC`ExUpH`)Ij6q03mD
zGzuKSADn=mtalKpd&%V2maMmg8}HRFw_J|MEY6)xQzh@j)QA@aNqFYa((jo?DwROD
z<;U?itdH(Xdki(7e$(NkgenufyU2;Hl&@8>p+nVf+A5J}#lxLE5CVuR$n0@xh8SKB
ztEe_;hr$}3EvMHBp4@qblBi)XwgNYs;(I;Ryn#kJWc9Rn2X0_D9##_1H{N^sM59@E
zQR{QBL!N*&*8aLRntDTq%>tb4=-vIyh!})O41|z8EvJvAnOW<_0X%Q8p8{OBbW^73
zQ*#$yBQs5wC1<@*ZJAJdy#$qE814~r_a4#AFk)a-l9vK5U2_AGWyZ%;m}|7w6}pQo
zvPS+|7gH@>q;mh*YCc2H!OqSm31;6e80UcLddOtOx(b!=YUcudeW{}B(N%V2g0bIu
z_rzqCk}O~>?c*@8&sVxTS^Hh3g<NJxDUX~8Ue1^3yy#+jF)X4kZGx6-uv8du-~$yR
zV>-*5$yg8l2AQ-gzxR24Z+|C!r2B9l>5n7#@~BOJd1=PQV!>nY@<r!2Z#5u@QFxDA
z?tPrNgA3N2*v_bQ$(wJ&sg5+C#v4fCUdxr@wtRORzgOu!?9eged}<<t-zMDeUz*P_
zqS~bD#L7eR;vKDLl?jr8K2c<i{{DqX49t|~@~v#-r@)|ot^;F7ZfS1^$Kzj&4_&W2
zYNMz(9FMfRHtiaFqIPB&4#o)*X(_-(vtRa|Jx^5`O)!>^&KP{|<tVq`DD)REp1a@R
z!1rAj(gv|ImH3YiEj{T8K9@cB{ptVn`I_XVv191d#m(l{W6cw3M($8bJg=w4^q&qr
z6upj+&$Jki1PL)>5FqAdrX>@T&27f^_Nw!6TQW0qE6&L=S?av;cO_}`N4A;Orv=Zc
z>Xwoke!f2s?x;?)2paz#An4pNIj9%&E`XJzwQeb2i^r#jj+6vmugL~wjY$Ph^~cUN
zKqfU5#355nQZUyzq&lFTI(0pxqaDp3jivZgI@=eX|D%sj$lWaxHK(PoADxan%j6FD
zoxD0r*9cwgZ<@23N>OV|c1Xmp!DJJVZVP7U#oz*mXMf`NBByYZc_U~Er_<VDu%Efv
zel6cs^M&MebjLES+`XV~js|A!XCemDl|3MGcg{{>wZv+VzqK!iOS{KIviQpMF}mmV
zO&qy<IQP*OL~+Xubnr0kU+_0`{SU0a{^)`+Lidpq1TUY9h&XDWRQQv6)d1LvHd$wG
zsYu23-0lXtW9`a1#h{t)S!W_Y*Kudt+h!t}qag{|#DxMR02NA;U~JjBph8Dycxqka
zBJ{c1Bt8;cGDJtyCEuUi?ZBPqMPgB325>U9PXl8T%qtTRfwX&CM_GJt$bIlbFZ;Q<
z*&*x+@Gk-)@wMQ-&sG({HH4d`F{~8&(+sMN-p7<+*1B|S$Lz8x4fHK6G3W^kSc-O#
zEGt<c@WWL9i>nfouNasd83j961nyumUGlI2$rR_kxFISF4Cu9UWD14M(Ed2VEA*ju
ziun)9nXWyzaTR)v5{xB_Dh>t{f&iPgryrxbC+XA$x|4kZz&bpS{PfnU?D;>MN8x4u
zgp%`T6Pu$6ejU^RU32!N<vgOws^4cfdEPd1wQ;oUq+tayGBaB~?PwEqFkhYu4U)hm
zH9Xo!>yDZZxh-M3H(il$*>2}hNS@U$D?>+T|5Rnu5IwYNb-$FN&HEhFdFNG1`pw-+
zs}xUab6hB_HXi?7@|g-F8e@jb(3e(;`kkFRO}gDA3V=7`N)~pnZf?zl5I<mKaQp|p
zP--=(B=lq~`ihf8yG`Uh4v!3O*+A8GJ4ewg^eR6I#sdqkW`{oLAF~Eg)3;Khu%}ym
z$JdrSAL_hrXLaG~XKstJPIXI#WmAmJKF&MyLuvE12+*k$cRFuZ_}vx%(pnn5a=_-i
zkkDyYnU1I9#)m=0{E-1uk8pG?ptn-X3%z)#j*NU<Dw*^;&IgW>UMG7qPtJQWQ5Lx~
z8?`C)0LthxpeRSk|K-(0GoUUOUdF#{SKfSKls0pKDIuEl676f9XHXCo*78MrMt|G9
z<rqP(Mc2A<l|MAQ5*Kf|?Xe8N*^*2CN803Sw>)~CxE~2qxop=^LC!$O3%1t~iXxGW
z((Pf(MKX7a24>SCSmc5%Zd2cQ%h?TZm9^=7Wox08TD~}%lNhEX?G~6)@edZuGVe{l
za_x}AW=h+QKgYk$7e5FWau;_{8h&c`Ptk!bD_hu%VJm3KX=o^TGh1n&RxR9M7OW6B
z1Jz02Dv<x_PLjWP7&;InMW0N49QRuDrY8yU#7265^EBf(`;1KF;Xa6@==2oUqcDW0
zRkFMEQ*T<O8sHzjaiY{2MfhtXKaPF^e!+j^bq@N9@qYW)ch@1u$m<rtROJ8u(=WKN
zuCE9b@EWKPenNiZ1OojdmH+$8C*)7aVj)XLb9a}GpN6KG?SRNnB$y2Bv|#3lSNSIU
zsh|7yCc<yf0O7v@ZFh3Jn^YG*&&lYcl!u@TNUWyr{Rs2RxySK4z!9AXUOnmBji0_}
z%y^n((lOX<0<79UJ@mD!@f@(YjAdxHy+{-g&hJvGsUc^i8nR$kKB7g}O!3^fM`>`{
zf<1NSLjK#a?e+*&p}~e`YA2-Niadj}I-NSx6MwD~(T?#NxD)*6_OP<}%n|-dm^O3K
zaTMY|TV*JHu*?cAxvbQ^XRbFoTG#^!Ng~Ub;s`odXuTHtjb~tMLx)GG-VaD2HS0=R
zuL~9q-_mU;GG-*y)H7EP0y^5mweO%|RTP%fAf!cb873Ec(A#Joo{OVXr<oM}x%?Ij
z5UJMJr`xv&e;t8~&G2bf_MR&MyEq!uOhO}uq&}Qu4DaiU)1IT>94+O5<ou^)1ARkX
zUQx{EVlH-lfY0DLhKD~jUZ|GfT!7t;&Q6k<ydUNtT?GxN8xMxBj@(Vo9G@y(HH=PJ
zZg~%=B3sKJgH^va+4}4}$df?Z3#?<hdf4OBy{@Kp-S@ZhUU1ZH!y9%^v~9h9Z&n(g
zusC;#128HBz%bK;xocSi+@^sJw;W&z7~Vf;vFeQKrL((V2x#Qdax!wO>9yW7#J^s)
zBG*M;9gwdTqm?kgK+t*nz^g6ev7)B*Znu(qUV9%;H8+(RW`$i!Oy#y+w-;-c8gVY)
zZ@Eg(c*kgQ=jvTh06_!*JF%f$??RW<(2*M`N=~r(2({{~mam7mJ*AX%IxPr!=O+m!
zNy?E5oo>m>x5csY)zx8QM0&US2PMX4CkgUMVS9RY9#RN3P!v-*f6*T<Obc|%f4Al^
zZl})lesb?W0gpeP%f`*XsT@FQ)j+S)g-8qr1Wocgk4sF~(HW3-pO#$~QRO1~V_-6P
zo^!TJxH&zz0FFUR2J%<ADETXRQjH^*aThBU7pB!TqM8g4u$_W}n6MZ<^ulKjcq;T=
zBgMC!JpnJGEH8z+yw$JU&}&`+co{A$>F<>BK^k<s_UcUZUi=9E@P}^zAU+Ck51NdT
zs%cjT6f4+KqNe9SC9#REfqARB#!E*_F8Q*T20Wf-u@d?%b0`&H{bPA;=MUK8oR5z~
zju}EORG7}})#q;C0KDu|N>4{80kJoTRS4*&afTIo9!tPSFc_TD{%s(n_&;XGE*`!`
zI(a#bp%^(A6!aC{7`#4St{i3Y;_R2TD^}FZ21{Lapv@1hMC?V%!LbpSH)CTLd=aH^
z%*N)Ltk#+=!E={5@^>*_WP70Z+wZqQsgX=r7#5!D%^^XJP66c`Hcc@!Axv1TQ$m^O
zzKu>|l>N+Pg~xdt-!0=`ukQe-Od!kU45v5#alQJ^SVkv!c~SL5ty#z6<eo4b^pY3%
zXA8hhz<h;~DZF!zoXh2kvM|okP}lXMcj63YO#9?o#G-FOi3w;eFjDBq{Xo6E#=2eK
z_D{YE5U)kn6q&}H@hZ)Z6Keu4UAz_cb?~hL%?35xGPH+;I)^9;Mh18_ms7D(;G8g|
zKh{l4<$oxr>f4tJzzTehQ66e>R8AN!U!5sq<H?pby}s{LeGr7F@|99%-CHK0<^Cy4
ze?VrlkDJm%vrhh?(C?^9Z$@7-d$aqLSUp*2y>LFbaI0ahC1-K9#aro(tV{liusJZO
z-b-hA<E+_6-b~m)=LN66w%v90e=$S>)$s<@P%gBjM}>O{r&Qf$j35;L&}=fIZ(qHb
z#a79)Pv;Gl*H93QF|qO5NC04P54Uv##J6%g3@{X#X?+O*L^>yx?+>?fNuk(e3CWu0
zUQx$@l45akzQ^PsqUWmH2HLrOA_k-q@v)^3c}@qLD+lG><7mcG9cm;GH{f<O#An<u
znW;0<dE9=_GFKXdf%*M52VZO~E9AK7{yxUWYLCjud8=^%+<Sl5ltd4yTwmD#Gc6kN
z!0hO#)d4frx-n8<_0DAN)INiw`u>+1u;Hgqv!mQV$2?RE8$`?cM}f4(s-$4+)IIYB
zXGVcJuSdVNYyTf*bI}`th+;#Vu@sH-{>kg*?xiu3!qdC^K?T6GlxaWyq7Z6=ULL5f
zCSO_um4)02MX@rkdv5=ium6hD`&e2LHuJtgAa6sel2c1?0Ds9N|2EYGF*gtioJIW*
z8{(gfi8&EVr35h5;mb~DS;yPi_uLY%G1F%2HK}p7bgK~Y&cBNM*B#<J;x5)T0-?_B
zJ5&$YFsT_E9lNJpgyn$eM*s1T_4Nf*xr2=t{YyS~W~n4kepj4QQy~bKhJj-NubKW?
zO#IOJ`*o9pC`F)vU=>|xPgY{4@mM3>nRgB(egDqzb(|%VyE5TjdvTi-S#pIXhwv}(
zK{9&RZ~c!1wr5jiMpw({q$y2_`Lers2owc{9A14w{#WT3wkwz~<id;^IeJ=I@aHBo
zeDf9KZ;9ts8hr0VR>!ycSn5F#|7Pms4&4Q@<DW?sUXX9`b7p!r>@~bR@>Tw@PjR;x
zsfeINiBV1hphEMXHOg+P#m;9S-_W3$qq7%YI&C9+SMK+MW$+$j$Dp8214lJ0lE48|
zN1lCz2n76XCk=Frs+l9gNtR=7{u&9!)lfU0f7c0sO<5FhaMUfxs?>FE+TT8Z^mYwi
zIo%L06nhu*K3GNit(MB`tB<_e@l2M|gN%DWUen8x)X}>K_;z-32>-2i;S<^Zf}3zC
z5!Qs8qz&y6?H^*4E$DMpYoJ4Z8&|B6kHy4Enpbj@Z0#p(CY4^6$&(&mH+S;%dMLt{
zTMdm(6k<PyNCy-@2Z2U~e15@ab72QorCfCwY(d|;DNAy-EzP&=>&+|c7q^vKI-ARO
zAn*$jgY?fdKd_?atl63lTC7d%7iN?XT4|v+sgU4-z<-xYpbYiaoe0JVbdT-7x^B)7
zn^)}C3G`4!%T=Ys(J7@#Bu)76(mXWVG4ZlS#Y^MqAU^NIlICT-S9;m5bZJWUn;JgA
z7=b_nY`l$^TnSt*JB*VEC_K%94rLy0yULa6$%L>E>ofT{+8HWJ@TtqiD0!jM1-x3n
z&b`OV+V#9X>91G4e?1w<H>h{hnZ&HLfYkzd{Eu6#k+`{F<2jxrmU5eBo@n<Ybj+VC
zZ=}t3gb*p8!YOXfcxlP$K6?F`*2I|azvbrp6Xg3`YvrSiMGbwkX5UYy4JNm>uyg{6
zQPf6qmZv=&d1rWT|7dS@0208Dp!!*NujR76*Rj<~5lYY3Gm}WtE;Di?L)<&s4-+Xu
zb?fd?bD5j{hHVa5v=+yFJ=K^oxLcMd(kT6xR$n99aUwCw(Mm=QxDjE<y^tZtt%Dja
z)rpDEd>43?`}wxLGUH_+FRxrY{o}#+*QLv+TH75Mfen3G@{86G)Bo8E5L;vy7v;PH
zcBpT-NGVEI?3Rm!M^>>Q@^gBAk{a*dr>}v8RUu%1Oc}a%Uh*S*mBjYvk@;-et-^qt
zLMuAa$ME*PJg>j!!nv2Xm)EXhbYb5%o~US_84ELo`nwnHsq}Mi1i2v)cM$z=8~qB+
zhwAKBecR3?WuBPQ3|0bDr0yC;v4i1mR@;@1r&Gz$uof1mcO(p$XrunMDa=#9*t6f~
zdqR8<)@I`8Y$j<vTcUyVM#PENMd!p!M|^rNO}Pk9xd=1#r$H#LWk^gPiGME-;*uPn
zO~<KnIwg~&DpIfi@ev4<M%IL3)T%^8`QMl?OW80vnjBcdw5kri>#pnGeLh69@j0`|
z746oE=YD{(<+f8S`?mEJ$;WlAhD5%vmJMJLH?4Vah9guh2vDrtX#c8ATtwj&!Igc~
ze7MX&w8BD*<*aK}_!8pyY;DXQ`Y?;i3vrSZ_9nHoCfQQVeM-5QGh9fCywaRZ4m-Zh
zqzoldB~nMGtXB<vt+9C6?7NljOYB-K1`+#p7X<JBohC1@vij}U^|;l}?2MDaKGBGh
z=;=p|-AUIP?Y0~FI-4hHsH!Gu%24DGs-}U1hW%KSvmSV1!Y;3M;;roC!gH5qKJg#P
z_pUGYA?KnSG-*=-*w5C!cUi+7Zhr_d2Y65cfsNF9lGi<+b<yTkyKk630+iOJGTDpm
zBm2HTW%lwiXF{Ee;)57p*MH7t`@{Ndd2apW`d(LMYQ^eT{mO|u*Hm2CcOBJC1F(_*
z{PNCOvz^mJvAoaY+>Wj1;(LxS#JBlOE1kLG(|)J}+ji{9gU_-$d<jhr+3BzNg17Y)
zLtlTuX?H7^_H;VmJSAf7TS0zJp2eo}pv|WXZShjPQr4GEOe4W#6sW|IQNuYPhQtyd
zuRwXEvieBHTNx8z%d^2%2!>kfn$Dy#A-W$`Mn3N*je`w^n%B2pZ<KDg7A@JJJ+K)_
zsH5HbF6T1`;1kP%zhDNS6N#Q6_|Sz;=vSH2;&2l(n<QyZNBcQ9_eXc_5m8nxJhl*P
z-o1w<e<NBpoG67-UllDQsZa9^5Aa4k!(0Xd1EcTmB?yj2`r#}V6?+f)W?!Hmc30bw
zRd?CT+Pa;-zwuPET<DmXM;m>mb4G+|ZOMzv3GdkE(YGSH?glvMq4hXVkP_Ltf}rzj
za!{xTF%Zn#5c&=`-fXI8`JnD*0HV{Ai)%&3sP0c1r$J#%jg-!pBdrfJOlM_=@upr}
z*UJt==h?*hofcA!1JPZMv#I^VnTsD_`;)b^VGk~RBN5~LTz3(oCk;^B+7ceGR(Vv?
zC)udKyJ3VE7A9xjc(Jwy1v%jKX{zuOYbAoiZ>(-&Y}&3IWZMZ~-b2%P9)m0c922BN
znimTqq|G(Qe&@ZjvrmhdOe&WGkFt@iR{T!3!>57~$9+4nqv6(KxP45pnc`YzIR#Br
zh1=^e`f7w1AYYc8x$!Zpo$c0Cf^TAEv6r=L<KLPGI9@<v$rS_^6|wcejg-d2`-#OR
zssb@21kw<SnHIP0#<phOr{#8%bxj=jH#q|w3wy7__Pr;Er&u~9EGId9!p?4$h?Ubd
zax-bJ4j`)ofea-g<9NAD8ND3aBlnu-zvS%ty*)irTxd!-PWeixEKCsE1<t}vQ6P)W
zlQ0Z$>1=L=9klGGxyrWY+!gWcN<L@Wk~iM#U{(B*lRPBMf%tbxMdow<P{|VVWYmeM
zJkGKV#C!|BI5(qF(NxnsXA*lN3j1Ob7!a1iid#J=%a}nmYnM;W$@i(4JPT{75c#rI
z89qh1iRz<ixAve|S`QGKg4N~yMccl$*&2y}=H&@R@C}rm_izRe9a-4)!DyXY@t70e
z9wic3TT&sifgP@j^Q2%;EB0;L1FXHMtoyY3J$p~6c<y1duZ#(PJ}H0sAfP7hFtaWl
z3BTU$rt=|O+*qik1v}jGx1$zWk!)cjFE7k!kgXp_Qxr{ps*PshW~j5d3mszn&5|aM
zPe?j@r!w22q;B<<{hck~y+EME#9|xql%ZL}BDc!*mX!>hwj*Rd-R0@G%g`NQu&xen
zG`FMa)%g{1s;LF9Y+oKyW%bLIw40+YnK({hf^YZF>qNF=oI7US1}-yyr(t(@Po-q+
zwXW@76E&m%H7|M{yoO^JwH6H~9>*sE-Tq7d7;6)^e@5GFU&+0kFo#W<SXFNan-zi8
zy&emG4<Z3bxme(77H`t*Pq4anu4yn{Y4RGgTRD}LcRs?&z>6Uf=uN8qC)(XH6M54l
z2^ozyL!%hWDI>8L3cUdV&)a)utRL5+B0RuFoOO$p528Nre;GSY=Zw6z`5Ey8o?i1U
zXrCni1Xu*|gK^f;-`@wriM-n26)CVG2FqH(Cx2ol*Rru-9J)=a^*;j4QvVDcBY)%w
z?7-s49%o{Kzu*Y>_Yj$DJEE5N@yS#l+Z?cKNkC{TP!WeF@SFo+gM4>7K*DfSSdL;c
z&Zh&t-lqzV>}{kh3)DbGzpNI;&V6Sg$n4RwwgF=6M6}cI!8%SrFf@^_84TrY)CDp@
z&@afe(Ud1Lr%+hs6`9NSy=1SD*5z5o{vGnf%-@NT98a`z|8u@w%}2%5<ak=SVuDE)
zWyTGJK#%jCVCjN5M2nM3CkN#KWtxyh)y>%?3ja(vj50?8@E*q=O@5+~7keZR1unYB
zBYR)AE)|9=zum8_nduv8tk0deX;^h5UpC(WQ5Re=WW(A>4>`}+C5E-SUv646VdQ_w
z7YE`bOc`!F8XWOsDX|K1$VrTF7ntpp4omi{dFBQHY8%*u(?+S*rffotThYJoNm8hE
zGgRKrha?5L)Wrrq-T;Ep;tfBXK9y0w7nn<EaXwASlnv$pQ_`@9a!j}pd0~Fo19|DH
z5y?&NYI3u>Z#BMd5qmC&^6RSmPwhf8^kOj`H|^c+*4=>j<H~ZKU<nh3c0H}}CE?4%
z*N-<!J5Np+inFQfKtro0;8;=Z?nMw++Ip`du)C;({&xHb@r{#H8+0yJS`p2D2O!B-
z)sB6wsioIgQ6pBY-sifhZ+wqr6JQx6GV*e|(B&r;jH8TD(pCz`vD&<BlR5#(ER85F
zZsjPV#g)X>^MM|&SN9;BKCSaL8r5%%bCYWC;$y_(XO61e)6DYxi=Q92IB-nz^+(zp
zIow5kNk#WPidkA1vGaO;ba#iB@RS_%?5!SVsCqp;nXS68PUJ#QD2^~jSr3V(Bo?q<
zp{^g}Ivn|u^tUZg!Z4d&t>l@>9X7V{3!j8>@)R4;R1RMuSjXr;`%}2)w#)4TfsiiP
z899^+6Eyy|tx0u1Z=G;0u~$(|zw-Z>xn8)Yc2DAAQGV@}&Ktq715-uO1OuBckWPG9
z!C7#BQ|TNn<yVaCGO5KA@X<~Hh)44`7Rx<C4d#0<N!se*&jbW@uL#B(tcC%WyS|*?
zda|9ie$u+Pvm<dJ(0!{x^;_*t3U=d~5T4NemFVk3tsAQ=hQQ(p^RC<{@1HuzluEx9
zmhQ^kHnk|J5xoR8`vjL@BW&TeZoBo>S2NfOoe!?R@2~T-?w^4jR8(sPuVOV9@EboZ
zy!2tVor6Fs=~Tqv-mc8b-2IU|Pmjsjm8n7XMfex~LU<!dBY*6IdcBK_ABGaNolWyk
zld5aTS6pUFbxIqr^yhG3K?NI0RM_d>=|RapPtukrBqmj}84pq}T~a2}ZJq6r@?q}V
zEDG&|RmSne<1LQ{+Z8v&5se(G-S^jHy#p%OgL#b{barF<Sw_UJZ41l?R>Nu+NckKp
z<VUTaQd-Um$7{xfcap<iz_^6)rjco-ai6-s-kEkAvHFxsCCP^Fv<mppDH$(jIEr44
z$6Mw-0j5BkVFP&{2G_a%1rP&-T{)`RaifZfMDyuS#YmuT`-H7EE|7?RJ9Bvlb~sZf
z!oU^>S2|Lh;Z}Tr%=eIDEYa_DajALvjadEZUGFH~|CXO&TfY_W%XDu@2j&vGG;ITe
zU8Q4G;fyjPVZB3FNwP9EQsdILXOs5cur3W332qwASlypDXE5}u<#$$-gMZGjpROGs
zHiDS$P9?R^?*P=PX2vpV^&1i6W-w`c(O^0s%<sB#bF(&V=GHZ!<<6Md#gc~h4&mVp
zPBvfHO$asi+14P!ys#dR@hEd|tgl5;umi1`;kPzzfkDmQ@R5)wNyrn|UabURN74nG
zU91mCz#f0iUyESd{mhAh=ytR+O;wppa=YQxy+E(ABMD$h%$8{*;XQYyNI~k4zt5)t
zt_AGy0JE;Ms?Qqz^Gb}5^}Y*B=P+>r2937PPY@QNNApQ%u3$8i$`9Z~idXXDcS+($
zSDFk(o}?;^c67QiL{X}GLJri$?A~7Bv!54pa9$XlI#C2O-^|iD1agWqb3AE}ka0Aa
zebw}CcNP<~@JXjfnR<gx)%E`FV6@t3u3@U#I0n9ha_yzP(5A3x2g@<T3>|r0zx1br
zN9I9sCSDfu*7@KafI_<_Lej<wm@NP;^QXseu+RNWZS(bqoq9<?kWVCJs9znOxV*FP
z((fp*w|)+<*IUX?ppXOdV8ByKLf!@ME~jox<!w%AHws?PPkZf06jSKG^nA&?W!t&a
z`XkBX8KAU`pt@QzFkgbX4z?9VXK-ww3Gv>efQ)SL&A>$np$$b=&_2ylRfM>!ixJyU
zhAs!RrTx5%SNx_zFNh4>HU%C`rXNfmv>H^VezB93NdbVX=KiE^%e&M1M#{dkWIqT+
za!h!j)O!58bQ1AFPybhA4?griJ8Ve@P;HY4nPGX^*9;SlK6Qt2TlSgyUn`olpTlSO
zu2@9K*dD#kCrk$f4_(XT_d=UY)5r{M3eaO_wz_~c0Rf*#a;&3X_rCThz5}vuZq7>>
z*6R6DAbi7ENX6uOMY~JZwVdKh7kZtTwrkAJz{t66E79@IEG8HX#Ct{Cwe>dR;OTqK
zIrp2ssn1&l^pU;8;aXmWHExl>bYLd6-Tv9P?V05U1Ju~j|7xum*8V*pxCa~mw(b$M
zFtl$AtM=3em+D=M!)jcBJPW;zC~)MvbR<yR;kK9OABqUFvm{)2ycJi~u5oG~Cvkkv
zrQyuE+Pe<Ln>{(I8`8D?QKrGrW<a3{4%cw@hn05UUj*p6nEO056J82h3R#;q)>?)1
z4&#iZ(j^H*HuxDY-{MsDAC+TA!Acteni{zy>M01Y!$fiUKq}CdVLuTB)X~Q!vX1&%
z_etY41Mbek@cjPM9vP4A`+Mw7lNe@CsmPSzQ&W7wdoIl2ybR*%$r9`B)y{-Y)N3yi
zZP?>cnRDqA^+g70#Ro9J8bB-Urj$cZUtXWQ%bPoG(7t{cd_P-bsW}))YJ75|FtY@K
z)QV8FFQrW>e~oq0Y3^26#kL9?Btj~smvM`F7G<16xVxNQLoSW$BcZEkXv3gn%+G&O
zgh_udUv)IfGg#uX#%{c;WZeH(2Q%};e|N3`RRNIy+v6KGqKNxl%jYCqx-o-Jmxrro
zxq5k<U2X1s^GQt-00XIb{0w{zH%<`OuIqLw_+4VX?#<O2apy#gnbfMqr0e`VbVS}`
z$9kfB<erm`Nl<~`QSNTfNB<rCyxX=$?eZ{4%Y|oxx2JhyV5MkyL@)&SlMf8OnR1mO
z6f)HL>Nb3zrz=Qg#e>MK5G>|#tw$DkrL;N(9SI`Y{p=|lS6Db_LJsE9WoO{Ej_~-R
z3s18e_LTN{cR#UdFX+C~(oT|tua2yatXIw}qzS8ERrw_4u|MLCb9^(e<0kgdi@k)r
zQI$X((#xc`EB#DRcR}|FUn3Gr>PI?-#0c8s4z-ZUe06%z;(T|!X?oaQm#zCQw~0n@
zmHxoe6F%AIPzpFfdw4y4<s%<ty$EIlz2vG8y2An3>Fif_`#CQD&Q1bCx54x(s#xu>
z6gE5z^6gpv;hBD}7S)#QF5Kk`1)A7pj+<zp<Q07)`Vj9ZJ{`RkQOx$b(t`FY-LL-u
z>;bM@MNAvqoBqd@+Y0%zNi$gsJ)Z|FxbCc(k_q50bDuL~`&BD&CGHVw?dMCEch!*s
zzaRuAY>}mL8L8b-eGe+3uvW_I;ckuQ{KNP-fZx1iS?%j>to_&4Pgc-r@`&U$Uth3X
zeh5sg5rlEj6RKYxRuj|U$TO{5MhEvUjlZR5bF&hNM`d0Pzpnl)l<r{Mwy<wmay?c$
z(-A=Qij|vziAekDDr5-Ad?jqz6jJ%T(~mEUDFh<+CXlOVJ^?g=b{8d*+0x_xoFLGi
zW3u5LutNa}*zV4beSEXu(|=n}wc*N5@9BE!g%4fs+l9%%a(h@iBhdA}63oTZ4Pc#C
z8l6CG&+M04fjn)>mXxt-q19yX?1}4a`YvB<>?;0hlm2yzA?!(YNW5kE3h_+8J*Wad
z`yH+0J}!;i3(%_&C(u<e(#ePPp&k3_k)O~Koad;#ugc(8DI%m+(<D1wIKjy7@>1U<
zhk=@m77C)8iHH-_-DWPrc!NT;BwrD|#Gac0#9VLtfLXFSTP)zvm6zYh)vnJCO(#9@
zu>Oq03|Q6WrLwCrqOI&kXo9VW#peU(diq+Rhzt0p6%yQ6-{B)HuGHbY&iRbfYl3Cj
z&f?NvDPbP3NUF*PCNDckgQ&UhSwLZ!Us@A;Rz1XQh*m!kU(mIBY##3>%oZO<dFn7d
zRn~FxLYbQmm`LHrcO5B>WvmU>R|npP<uAlS*Xs{~ItMP#qF*J_Q*CFk^L(G6?Z{dy
z_W`&`lr~zUTT9T9J8^CRL2nR>Q!)FluxOb*TJ|U=r|1yaG9*|$$5#Ce4qF~GoQ^u{
z+C{n1J5vmi3Ezt-er`zj=dJ3Ui>mwUsk=oTaP&nBG+#~tsR{!WW=vB#8#TnMUzN;8
z%U2_kzTCc29lI@e!F@QqUhuo!B(3^ULmtp~FVexwkM`lV;@_{-vPZT^2dRWLwS>hO
z<lci`X%*3@Z}*}grD?L_Ui@&Dk?o|Z?Oq%=oNk~nTpf$J^{bnSIu!+W`fE8E5!e4}
z<^Kb9uCn}$N!2@zvr`@V4a_I^0rcuKVgf0ZLajz1AHw2b;$WbIYOw_EdZlOm$g&L=
zdj9dI&OBdPpISMs^Kc+XldfRv>faQI$K2t3^;##B6!-ksLGIJO{cDD8=2r{_=`VcS
zB_qNJyvaiUIH=|h9<pqYmggJ4xm<RX>Rnv|FslXB_WC8`$oAgv{rY~nff+f5i!X<o
zM$Ez;4q~R>Q9$iv$~oHPX2I;-eaJbqy_&$)Zu@@Bz33K<l|ZPD%t&6B@Tj^^U_yp#
z7&{QGUkTEClZE&t=_Bi)@U0x-M3!Qp;<c5tiqMFlZ@>sp-RFF%+X|FwKcTmM3Dma=
z?dn7H{ghNBMQnl!o!Kk+unv{iTb`+)iJk!8-Ktqu5ZsZJB}HY+w0{?y_Iqg#p>@U&
z;AEde@NMr?&P8`5`CPSNV|U51*(IN+!%-bgx@{{sX5r}A_MKe32s>x2eiY7j-ud+`
zOeq%wQ=M;vge#-R^|gz*DQHIjZG#<}9=#7$#jGQCo|Pp(f2y#}{H1UzwG=T~n}DUH
zPMuUNT@2b*&jvse_)19=*%LMr88d4|46@>_f{tpYTr<g<w+yB>9dEUaff@ZFR{kY0
z=ox~FX%jD{0^hMVH;|F5t62#z5^&(+rUZEq$>ZwL_kJNKvEVayQ4iGW$h>^F2~@ov
zv!#9Jp#DCL-fn#Xx>ua~Dy~4>`ouq0*R^U3Ej<l`Li@v{!XkdGV);DTy?!}-^XE87
zd6$_NY3@vmEaZI_Ml*wWO!_P&=dI|9(l7i64TFkMv4T^>s>@zfL&M0qjk5utCD*l-
z(eN3a+fef0qMjPk>3tHtQT?h}$3Io}P@n`aT*>?V=;$iUDoGp3cy{n7bl@`tQ-Rpt
zjz=swv>=I_2$zln?F^%1HjXipwD2}^E7E&@?UY{qej1jp9>>~rw4_Roci6Bg4-Aus
z7U6r3e1|<yB)NDJ|Gkb0uu9c=I!9LKoTJ%~_>8_vhvWEQ?L#hF=C9ud8J`vjh?VKn
z1F6|GXx9Hca)g<`#5xnpNu4r3^U%zFEA>=$p3kQ$=qWypmHYW!t%dCEJyY5B0rG(N
za!(>JeU`3Vo6Y;ccH;`uZuxHGme0rT$PkE%>B@vi`WW@xC@x{zDF5+6f=NyZUD;v>
z)*|t*x7Z(S*`z;0q{pM}Y4yUSe~6iiQA|5wSl$)^>UOE=$R@yReS7bzo9n4*C6?B?
zesMPmcDHpcZfw$0w3ELyekxcTzcO*e%6nDiL+}cD*V)(135ZO}7TP!X5Vl$AaYc8l
zOMBchtWRD!2c{<}K_9TuHZ8F1IQ8~5li8t(u9e=J<t8hHKz<Djmr1t~2LCqmZMb60
z+hlVVg8H8TK*+*%fROD|_Q17#LnB4`wzw}v7;;nv4s-K~NM-wdlS=#v;yRSry|#i&
z7WSMU!&US)6@}5Kmx5p8K4Rv`kc4kB`_xfxi}}H9#u94v=0h~ov`ps|1VEA1IjwUL
zHA|IAc~fy>Y!oT1wtUt{KUj0j&XjzzvcAloycDDzoz6>#X~^GEPqq=tD4!;<PJqK{
z8Og76zZ#Fd9Qd?GZF!6xCB(cq!mHZb+shg0c(J+V6rr;vhv)cRHE(Fu{<Cy=@pHV%
z0+n6rN$WqorDXfp6Yf=%uq+1p%TTMn8T!mLX8gf7>T3J)Y8^9k2CBX$mRR20A4s<l
zyAu%2&+mU1ip(nPOUmyymRKEy2-!N_+_QgJdIIV}cwUdcOXIOc1QV}{Tun+IPO`g>
zm>E0|=N`l&q4Oi&ZI!bLxx=x?EUlg21Iyhj2rc7yUy&u;U3WB)5;4G4TyHJo^$0bY
zX;#8fuiqlHy{Rw-?IW;O&X!o|FjPPh{=C_nPc7batm45Je$$=FudLCuq-1PHG+LLe
zn`JkwFo%cIvNfMu@yBJur`fO2w_!6yh;c^d$UdxHuzHTqcJ|bia;{mk=D~-<6U~tI
zj>OAd-#{?W|06K?BW5qXyz~Z@cM;cyBhm7Qq~-3<jg*Z&#d++5yF?#`KeABKe&ok6
z^{^TYS9D~rlt{(FZ^NaMt!g0FkoF{9fHdY&6Q8Y@?(Bn@oEpCS?E1%F2`2#BPq2@$
zZzDjU@qO*w{T74whGnOr=&cqvKupKe-g^YOmmch4Qfa_Oh_N;u{<eV)-ogn&V!8a8
zP#EV&Fo`M+)<##i9yM_y3S61~a*DvwHH}AOti&a7EAq=69yPJ3m+nX$wZ_i8AHQhm
zP(5tpTNu;ji+fcHyZ{a?sW&u8ZUt7jo<KLhVpL*;p^9nh8P4ICOrkzDP`(+ImHJKb
zygso)eLuJFMSoE5!w}U2f>0<otEqQ2R6mC=Wy+HZDP|?epX;akjd%Ik#tKAZWaMVG
zg=Zkp?gu}{RmkL=WE4xi4&V$Ziyx-fNNO~qF$*UVKqxV!F=UriN=gG+`;HBd-g#Om
zKgwuMV@Om5lyBRlu}-%Ns94xMyp`&h@STFT=PDy-jOc%yh(e597TU(*p(?tIM-_dD
z(J<Cc2x?Bf%-<V?S>(z&37?^;?1DgVqDBT-cK<kqOX4a{f{^dn#A55Y1-MS!Z>|Hl
zB4ep(tmTj_-M_R?<UYOBwscwWIXP&WQwRo@+Y+|rULf!6h@?W?-RJ3FMT7wcq<33+
zw_FWD*5o1xZ|~eg-ZlA^OV4p&Pkq5}NeUVV0;Jd9?1v0O#<?h*s>yGg{oSbU)YDCN
zwpvQ!_+A<v7Cy5bTn_QiNb}CVLn56yAiQ?m5X)zrTt{~&dJhCw6xVzluke_JoU!xY
z_0;4>MPj7Lkw{A}L?EC(g_vxt|7SgQE%Z>vLDR5ui8Z!Km^f>R#KqM16V;GY220kr
zAofj7e)>>JHO}e}GC#zaBnAl!)#rfc7{mqvD3hCnsYw&J3_Wi8bpm@0zy{d4KjcNd
z&3`fdq96hxM}41Vpm%{qx=eEHTXR>@dX8TxGEcCE!OEyx2lV4!>5G#tjL|+;M*i#s
zM+91%yl|uclaq7^Q)sqYRmIq)$wC}=4{o5TRMVm~BF1+-k3Uf;RLnhcYq<V7w-b$Y
zpMa!Q)%yXw*z&F!<ow2yP1EgHkEW{5+^D&SogA4*W~W<bnDyCuDnFFfwVbauwAN#8
z8VE?t7i!C(0TBrOA0sD0CG3mnI9<LU9bH<hgZ2BV+vJPY@0je;7<rElT_PW(h|{Jn
z#~=Mo@-3x)oi+Iyvov5j1(1B~^MS!1V|-<W{l+(^xum4*<@AVxWo?M|kwYVwa<Q!s
z__p6fMQ)r|XqmRXeE#*-#0Ozpp*Z%CpkAJnxjNYfcGbAAKiMKywwAhb8z$OHysCMV
zBlU8JVQ`XNhlbN<=}pgEyi&u0!hElyd@pcnbE+FICSsK9lU}R^QNrdAu&OO%km{kg
zM%DoqDu$|>H5GIFm6t$F_YPDzJlkrNwZF$y@77hK)3I|{=s*jLp^o`r$eN91{0#N)
z<IiEvr2C{LNUa~#3aj#0Wm+oOlJDz2Y==>E+#I3J>KX^P74UNisr%>kGe_iX#CtAz
zWtTp6vwTHq;*}gQp)=?TnX~6fW0cl5b+mM>9(U3t6~SP2^Hy)%$+YNtNm83MWI!d6
zHL-z8!^*LF1gMO?p%R_5Qt*6K(d12I<G;1sQ6%@@#)!>T>gmq~mlKpZglJRIzpZKi
z&t8DPtHdutae8}&Jgnft3EGoa@yW&SIPVtixD}q6(=uGv;vqK5=Ht<AHKsE1wkb!B
z5^9<~K)VOiSXo+0sW9%XT7$v>(M&m*ka?HH;v9w{E|RbQQ3>B}Ejm14!<!0|*vjHW
zKL?Djs<At9ht7*>py}l0xQ!*EX*Cq}_2bV#cYo7@DwBe$Mkd#V4>eS{7#8%T0IXQ_
zfv!yUnO=L%1ie)rTmA%@LwLQMoK2p5Z@<3h(6Aex2CU`kuq$n{PnldcsgJMI;?gny
z_$dO>YE2o~yWxuK!gnqzF0Ug7VANfpP%;@TUq)Cs9)>}MS%}h!6p?l9n-Roo<&uhq
ze+T$S=ee-yiNY;G$9h4|{J=<*;K7{Fb?D67Z!iP**6cje?%NkJm#z*0Q)M{dRyaup
zjvNt(jDsqNsiUJag802tjqvxpbmW}X{W1@<VvGdgaf)v5O-&@tvWdh_*Ngm+iNOZ;
zUi5OhPcL6tSLDmfwJQU?JXu{@TFd@ICGjoeOE#*ulwLDpTL1W5CbaC@OLchBHaA4B
zFpJG_er$9>IZ8?-XPo)?XJ>3T-uW4ytSe<hCM)vHGoX8o8fiYJUDpKwH|y0eeT|_I
z#WkF42xF|>7^aJOvydnhS7A-VL*;L&SV@P3<AhXt;bdVcf>zpF4?Hn}4fpgEhlxy3
zEAN7Si4JePQ6@><C{H7NCPg&I;Xd77uB%ef7fzD!vyf9U(*|4I1)X*q<(nM%&r9Ox
zJm~=;G*&Jj(<XzYfu#;Zg_7a6ws|h8@7Z6FL1L+$l%>}$r3+9SUk0EXO~;_Xg--D#
z09k9BJ^51;dX`RV-e9zrm(z6<RQYx{jK)@kjH7PfJb}l60MfQ|U;cKkk*W{E|AcF(
zq&BKhu;B5MH>`TmA+uL-R#R0goooLS9GJVIsApAV?`BYdk%<30(b7CaYlihgApE|c
zit4<4?Az3a3zca7w<x?}WYuG<$NZ+GcF4CpxG3dv#Eh@3g%JVkw;B!zkd>6cFf%CZ
zt%&A+-*ZP1ak>a;fiz`1xA%2PvsP^q76g+MFG7vc^DwJM1`2t-bVR`Tc%wR|9q$gL
z(hyYcpMlP$;i+n_{7lsblq}g|F&v{wrdbB_*#`6Bjk9^lGMcLEA6-^orkRpLxKkfw
z1?(T01nQ>V;_PD}{dJ!$O`g@X&WK(@w9X*CoNCS-cBND<BVDQCzWUgJ_W112bu^RK
z{!;&kr>_i%vg@K%KtejDhL(_S7)rWZx+J6<hHi$G2I&+5hc4-Eq+6uBLAv2Syx+a|
zKb+^pj<wd_=ZqkHzsZ};;;TQKQjK!4FU?t|T~$&>vPYI0`<se9xi4GalU6)9a=Dim
zPepyA4dm50R5Ki9b-Thka7pY)kgrTIzF_Ox=@NT{F64|z6roT9xOG^yDRM8E|EXGH
z;CIHNs&OwrVt_FUf_AjV{Enh)@6{It0Wj5L(+J|16%quC>HTIQtc;^Ey~?7MwQt5z
z;tQK7yW06D+8e+u^hFZsR!zy?zaq3Bhw-an5xer~8;zF2Q{%Wcq5Uq8E6pD)HkTqs
z>%FxPbzvEsVqVG2z@0v^Akp1$Y>k6_9wus)1EqySmK3Jnz;#sKv}CG>SwKg2(}WHJ
zK27jbZG|cAVZpd)%%?X;Rs^j2*2a5W?0rDTjRI$4@j~yLo%^coB8a$m<OH%J=STYm
zd>j<H@^xV@3xe4ae0fh}Ur~1)@#WgP?dO|aB;Mlvut1sOj2LM7GL;+CX~XqLPW~Ta
z=vT_!PsyVgpn}k}36~#UJo8Od;zg)4J}J6)mW_+8OI33DGqYxQkEB%2{1RD5)*-~y
zwA2S3sq9|gz;D?PiuYPj+?w!smneU;{@c}+{%{}@Ng%c2be&s`;evK$`UL<zYmG}m
zzu{|+2&^1sp?{KvnkB}K;MW3eiU-kzF|r;6nNB5SMq~Q(qZ~Bf^Mw2o*gjpFKp8pu
zOS3&z*Joyy<%E7+Nt*;%d}CvHzcdeGKprp^{FPC3bTCdDgT-+@HKD6l2>=HJ^XySI
zsU^ehgxo446@_`HiW;fG7nML{WTE*4c>SNv%7~%scOfx+Od77+!z@Jex546!kROqw
zm2z34*wStxb>!AI3Vo8K?f(RP*ZDsAS844Ju;@|hR7%99lQ}joSrC^ZUAf!M1F~;;
zcuAycX`5t{QAe^&t5k6QL+WY%^W8A5xwNvLjf8#MS+c;b?4Y5q_s+W<Z8tkqf}wTC
z@8t&6Y4yN=p6)N$g|%^)-?Oa>FGK``u(2Pz?|V3R5Pb}XM$0w@95yL|vdVRd2v)q)
zk@qlj@v*$u4GLBK2hA0#Z2mCnMDO$rKnzT6U+!qZ67|v?j`iQ4<=Hj#6yE>KUCpS~
zv~R7O<Nfx;pKyq&@2C2g5Heno1_`2t<ZSoam56f0_oZrd!jJ~>?7o6&y(rGq{=34S
zAF>*Ry1)xGES2tVF|!{BH@>S$w>kg1Tk8+<KjR(*N^j-N8R6mNIX^x3?8?_|$v<U-
zmEscYZ%zbucw&^NA8xq`a>h!d2SywyP1Z5Kc25AsvhYP8sxtx7VO`bE(!zdn^DgNw
z^|7yS%{jJ^j}@->7sO*Ddp7{#KK$oF^R~cJiYq2~u%fMdjs_`5^%EN>6>km-7iok<
zk`Y#Xmb}DSNjWuDg&$nZy7jpSBU+Y3k4gTq=i&heeF?@GTGp-{(Od%m(e6juCgP;o
z(CKmAw6*$5)t?Z!ys0fbocNWo3Eua;1ttR?0CjP^(z>^X<Z~a6H2j>7XVI6Fu(vbq
zeyp##fjhkrqcT|!-(L=EeEX$i$L4uKezZ8zM-fMl=~94n=ZWN}N$I`2`@?mPkD}Tl
zu5t|@>8-{byN-0-x-RW5m(Z=co>c^WJH=@%E3h;g)MViNaTRk05kNpWD&~55?E~I^
z7#Ybns_OEYcpEMMsvEDcM^Q;0i}U<h16_8EzFXtoS4hn7vzow&u@oanR!!3+P&&}i
z66#zY=83)T{%xJ#&G2dPOCs)RySM&<FubS!{$A2yB(^_Qk-_vtCe{Ndz`<|6RBHz|
zOi!VIn_u|?+x(L>MNKvVbe14mUlekYvob?cNz__yBxYJMGlcKy|5QZw?tI-Dw%Auy
zAeqIEuW912T?rVQyIX(0Eh7M`Ll2P}--FUx{?z1$MOchdQfY~2=`9SX_j~@;H9&`S
zmD;NM1%8?10bYv;2W;<mzRi0o!<Nv!FmAI1&#x~<>*141peP%2wqckbSfV1esfcL~
zqN+Y#S$de>z^#^|BXp%*@qf=N7Vx~Zq2--e_|!8!o|`{dDmzU2&2{-x29eKqfS4Ko
z#2L%v{}wX31H_h2M#!=5F!{TsiYW3&Eq%5`=6I>HCQ9oW^x4Peg%zLqe48yP2B4^n
z-KaEoSyxe?zvLja@Ooy-X<3n8)EbP9qBc3TY~;U;DclzDQe~$)(_>Z`r=&V@#|(`k
z&lxZ)CCfS0pJiC)Tnolf#t8(bHYYQ(%a4_>3Uj#<NZ8SM&$Bn0X_p%HG9SlI03|Ak
z;oVmQZ#*cjmzE1Y=4ZS(efz#{oy3Q<dYRO32G89y-Au`isI$JgB7i;Q;Sa=Mp__5m
z*Rj_UgoV=rFC8Fcp_Eo}G;g{7ZTvC%)@++xwXZ&Aaw<e~Un1O&nnc<pktA5Be-Yd6
zAo5Un0|Ag%cZp}@vKF?_`8JAxM;a{0pU)jY&%V-+<EB72fwKlXa5@$cz?4m$_@2j>
z(~x*nx1XQW6pm{ZGk6qFzSdm?{hfp>Af>v_qo+sx-mvdgRU!hJfy|jgW(?kqRg^bn
zmzI`?2fRfNqTsc&vSLUg@G5kly8q3crr_s~290z1OKTT1c2Hr)kw!bFaNe@>=z}3@
zEwysJVtBjN>!jPmH%qGMY%h@{Dowxq)V!tV3OYijOwJME1t(kDOCUQ@mG-BszBajg
zEyCaXWHkNzz{4qVU^zR6*YGrJh!7ex_nGbUS@8wN?JqRD%(5J=8GevZ+4GR)O<|#u
znMs*TEb9e1PM9mEYuLE50I?~ZV&f~izcm4*NU{9|g`+{Pv8vsZNaW}(TW-rg%-mEe
zkF7cI3N%TO#WZxIu+DPYW$sq<U!x|=*tc_D1v8^z3V7UDK(V9=SiH|zTVw|p!|5lY
z9xCac#VQP8<>^Ak%Iy^C@#GC>b-6PK3M=L0heh~mt7YytBk3fSpJfLgGY+47^QhY?
zpwP7W$$MU>eAC8>swbCi>4)A72qrSf0SC<eW!_wjj=N|8B8Egcy&U(M3vwf-AtO;T
z^$fK#=scd4ncDR1pnhf4U&HSgfuO!qY?Sb!(KL9EK*Nf?^?2%X@IGkTH94n!9z%f;
z?DbQGQ^0Y{`g9$Cy_Yd+!Mkla2un>%11$%<og$(fmyUh8uZNts)|KeTX+h$iKfNFL
zD1un7KN24z-PS@xDZ$0N?}{L8UgP3?QvZx^u7qp8BR6Z8RJ!1C6w==QN({--;)2G|
z09@9tXT8|9Wlgt}d=qhRa4n4zRAd>&E*vda>?E1}N#$n{or=|rm;_x8ue7v6aWE%_
zE)rpi5y4wuw;qj<1fiknyxuTP!~U-^;(X=gyIRS3#HfEPw;<@(6{x`R_&I;*+e%o<
z67TnK<(MFNw~Kew_dRIWnj&V8p!eC14D8qAf9zxLN-7p^nOws7d$5FZ*skK?{qB{3
z<op!FFYDD+<=+Wn^W@oLH^0=VvYx%ZT3X|o?^HJkLNp{#VxDiu(pU!uX#VOdh`>+K
zv^!gr&hb9)sXmjuyBo<I!9bDpYOT{LXKFK{h;J2gEn?nS5Z!%cPvxrrcVddb4wAS_
z!!VZy4p$P6wc(=8ap&p_p_>*zYeWhpLUXJW{1*If!2funX?NAXDb0fMgQvw*TD9Tr
zu73u`w_i_ccLPyYE*mDLqz~%_AbbsX0BWNnWSYFIBHuXa_s~>+E%d~QW5W5Plfw1Y
z_O{#?(QK<{q(GUpWUbZ3Crr&}`}vCVXk9w?8hzruV((XK{leZJd8ZEVEpi}xU6~b5
z>e_dT#(U)g!aWBbhX!~dZD5o_j8#~`_$e{hhrG1$JOQsJ-QC;+MG%YD0hM}KsFE<R
zuw4pW2ke^S<AKMAFxG@JUo04W!1!xgoL_3Lr?o=@Ub-RERf^OQDjXYw)}Lm?d4kg<
zKS<F6P+!$ztcvMd@6-GiEG)zTEF|?~s8{d@r7_xY8x5A=Zt!H`JO29oB4+R=N?~CP
zQ{nuKzv`|C9-(vDBdMz}QW<;$K}tH9WalIJ{fm8dd{mav7(`QZKWd|=spe)VN$MrW
z%oE@LQ<x=8jbqcla}t_1?Hju3G7b(vH8$D5Ijx$TJ);YYy?LPht$jPlhsFU6Qz@=2
ztv!>rS6DXGy+M+|F&3?7trjNONng{~Kb?p2_GlAT<H8htOUi->j3Zy^u)mnvr<7Es
zxl?UHyIw^}E!_Tj{}r(R_w?x|Bf2U5G)8Wc2hMs5NicC-g1OH=i_2IJV2pqTIAbC*
zMA7f8u?zBjejcy2_G7VWtdH_BjA*1?9oc{vD!>80eKo-H6%;`{VQA6TWMl0t(Y99Q
zN_j%eL93T_VU6Wu?^c;Q=1$qJlJ~%fhmAcIPq{Pd;X_i!CbQ%z=TyPvnd^-VhxNSw
z3ZAa)MLVWnf82fL7N=E^_7;T3Nn?=%vd9xxZLm^t^w96Vfr=TqAP*;wZLD>@Dud_4
z4U$;Nbi;zFPn1?z&Qe1i33NHWwQf;%ax!{GaLkVA91d$|4%NXR{~NZBjj-}AGU_VS
z<{UgaOJ|W1<1Zv6sb0%Yl{!M%y}sY?&(&p8!EB0tiG+@c(1j1Di{wb`J>=Rd$5^P8
zN_c<xx^rJ2<MHCp`$v}r?&rmPyQ6%|-t*JPphJ(A7F7qjaU=!MD=5Zi`Q7QHFO2EK
z0$y@v8_cfsZyib$xrEVUZ9cmUoRVV&%2=iQEVIN0f9)9w^Z><n#=vSQfSy&L%)Bnm
zILOa%*!l%56oMrN*edGey!*(u1Y#B9r%+7Hd9;hc@V?IfHYs^m_QBa|^rL&Y6KYC{
zVw#^69vj~ixzq%n9n%h{YT@WNfnmPJsv#=}Z^HQBBw=R}uPi|){mHOktiS#-7aOKX
zV~Gc6d^UwHvkDge5H<H3Dp=8YC+cP=s#z)_i3&BhG3WSBTO%o<@ynVJVWvi4fu-7f
zy4VWYEY;opm~2fa-2eP*?q|81utQ{wLTLzUpIsm~(^!Y!52cF9f2YRZ^S)AD$SCIx
zP|W7oZ`*mwIGX;&XI^0cTuJT9VR|~O{ht+eT#5)FRIFdvs^?K-F>spaWMbt7m-9lj
znS6iB_J^W$a^1FwlOYZ6<U#_fO!}wUw`!<+TFFZ=GwG~)&%4T6Vo%=j>1Q@s)Gefe
ziQzL{-mR;ZfS@t%xtfu~V6Qu*t7v6u<q|@)R4cPuraG&xxu_rU%u=QiO2T17h_x7O
zq0Nklds@hpRaoa6re(g<+pW5~rxZ|}FQq#UTk;Y-4t$Fv)1B;Slw8oxZ+l|9YhR2<
z+tJ_TZTu3Go=gF^TEcBfy6gSWWNzVbsJg&T+^6+P`a`N_t@alwVQh&geD3sB9X=lq
z<T$I}Ag5mx8Gm-aKAXZCANbH;gWjfSmj=*dQdWI)28<f}Etc3)ZkK`VI}=K1P>2!%
z6@_by#M^5`jc>zjN6%QKv++q9VEadMCU(Ng<aC-1b$2$1WtYj8R6VeqYuxMZ_Xt2b
zV(%vI9yLKKR5EAs(|W=mOvs7ap+i;D0Pf?6O@H|L&fW5`ePW3ULK}ua4P`O4MHtd9
z7Y(VTg}OKj3J;`7ihkVnKzcNo+^@DO6q6>N;jsFBi-HG6&O5G?0ly_|jE0GKzbg(B
z!}rbNxU*^&WMMcb)t9tKUKDB;XpS5-mY!fdSD#1DyT-usUnwioP^n$N1^fqa%q!IQ
z&Bi}shLvf~anY#{;SgcQENf`%D#(f$@&D$PnrB|;ZGbLZp#~oYxes>J_<s4Agv6x5
zaEYhZHRqR%X(=a#?6CWGt$^6vfk#`2Ats|t1V%&?$({j~Q;^^3KdxgaioXk~8Gqoa
zTQ)!Xc&*s3n~)TM^*8pEz5y;XnjlY{Nm$I%YLW&BUksq=ZIF;Doe}X^Om-a`H-v2%
zOW27UQi?-=#6ep~gqA8shB}913Hoft#tz~5ewz9@SpwQCUy(VYK64i)to7^?d-c^6
znkAE^h`Lm(a<=|MmP14pwX41R#u1$l`)wYp&UaC0ft+}uWN7gC>!?~@8ZP}|wwK`6
zQ()klSU@#(Q4%+x*`~5(pKk$#g?T)2Rh2GyU~z<@@n8psRg3-&eIBo8vZp?NQWg?Q
z=<bK075sT0Z$FM~dY7r1SkphIo{c^{_jrBx1RKH48+f(IzMVK46m_X%-e!GVz#_3d
zHPTx?%-rC0qsi(NY%Bs<zBQ6<>vO<qu;lyMhP78>XZ*klFMt&uXAE`f{InVP7$?)w
zdz{w&cz4}3)2M|P3tDWs*9fB7jVGG2Y&@qOA~$jGg9{laifT^7cO<KV_h{+2P)v!0
z0$Bwb*BLNlkZLkJ;c`}+aC)+9g*qhzy5@rHiZ%=13SzJ@yThMVF5&^po9Ha<(tQc0
zem=Gk7Vjgp7zya3ANKXO?G@nOcCABMiXiH#d@3<$(DmC$z0hwtCSoE4=?Z&dSX&Oc
zH!9gluRp*OcWE1hYxJ&LqHE!80(-$Bf{hG%WpK1RKZR`$wkX=hyOqCN+{E>Q!o*F}
zeS`(E_@>D>$^RhD5n6&eUN5|LRiJ_Z76f|4D~qnn9zSA!Key#%Ke|l{tDU3mQ`b$W
zlL=bZZQK2<xD=S~)mwSSbaWgrZXE8Ei$>2P)565>WUn8kj)5lDk2;=sQ&7_wEY#V@
ztY6Lp+%p>YAMh3a0fSMa*tjdJhxG~Gwos0Wpw?mlpMF}3nyi8)(wnxn2FBK?e2>y7
z$-PQRydV(~l(1zS$M(u_xIk9l`5R3e$}F#>pPc!VP}A`Ecuxa%iAdkljfW8<kMK}C
zjup{i<%|H0d6!GwkRtC=ez41+QlKQlsTy5gIypyV%>}^{i?>%-?<ZJ0b<UsNJ3^)l
zm)rFLKx<`x9UN%wr|(H+pJQ=)W=2<^&MpkUWsBEQSU@g`ci*blbSFC7WIt7OZYj{l
z)CBO%H&_T`rO&}1e`Iz@Y1LWU$gl|~4}c|J2ipr*uCLnXJ;zxOkQ*op$10VF9*igk
z{4uM~*RuMfzR#ytWZLoXjO9o?r$kxf09(u|z7)v%E6W{Y;dLp;yE^~jD@PXVg5C8!
z9rNh&MU`E&D};>l3d#2~9zFlkXYrx`;Ub~bRIonJ@9@68nGzt3@z|+O#Q;$*8)R{w
zxz6NzBFGZO_DZbZB18$mmQ^g|%&uxKk&BM7g2q`IwSHU$5HZkIJh&rtwB|U|h*BB4
zWeC{)B$ZCZa_2i#cCY87kR~7`)3wi<^{v}jIJ)64;K`wK{^|1yegzC$<k$@aihnBV
zNR&M$d*b=&Q6&yX=%<qd1Pxb<>(d=r4fqNQSw&iBmU+Qg3E`Dt?;J&1v?#ERx1#TM
z>TGPkIIJ<%Qj!->1Nh4)zHL;6GY^+|X){|4$-rSBA=K3~@;?k_NvZ+(r`0RISGq_a
z2g+gRPeMV_z(Wu|3j49W2sLkQE*V!o**(ZSibp6Z=SdJ9OuWY+C?YVgqz+zng$IU?
z$&RT6?j-}+PbuBGQz&Fq#Xk-P+j!d3GXIBAoU0OY3Iy%f<sZkv9gsg9kh8?oTA5iP
zmj)vT9HxQKm_O0(NB5?odB0-4o+(bZm35)xi+FW8M>yX9AxED?H_uER>9L0C5AM6W
zR$uFyY}P3#8t5n*`ZxLnnT~a#&J|*XGarpafblhS?|+iZm1cl@FYj1mu)B$a$;rJx
z3u`g;%x*eI{oc03kHDgmk%;3tnfwo@-B17=Wb@lzAxLOrim_|sVClM;1Z`JCzhr|n
zOM4@tTZt}bDi$44;Wab$$Aec=ZNddp3%ky;ak~fVP3Yvs?Si7?YkX-{H_2fL?!&7;
zB&*4qBEDk%bssg)#Y_cvgcp(GKx6u;E97iiGEIEs+%LEkBi+OmP~Ut1gaL0coq5W0
z(c~!e#f5DV)LyBEeIV_jnKGbo!%rkR<F8lR7*`#<xMEetGRmn=YkgCQ!KN0&Td#@;
zj|{@>{oJw7qHts#(d5?M4Is=c^dz^&UtL#k)x)HSXC__w0iJ;^1`b+SBEYtuB*lAG
zwvqn_D7KXjZDcn5a5%~r7FO`l`k8-k=rj)mU?u&@1+V6XbZ|<u_i9UXKGFDGEEZhe
z#)Me^h=AAMuIcGh+-vW0STIw<n82n}F686E4Hz)LVeN;&+r|6sJoueK=6>X+lNoo(
zChr}mnvK(0;S908S<;y1G_bA6Yq8xq@NEUeneYA>1(?31^18-*PKEQ#MtwV7!$3Xm
zrs_ytpe6~S!aWdt)Q9%+)(&m#eP#gPE<SG20ud|(aGeG|fD%vzYY#bmW*z=~!Z2gU
zI1WK4;yIado*&TsfsqnDyVaNl!v%A`p_ITVS(|R&V`d=1997&7r||6Qra(4?>~X2*
z0cb+ad90y*Ton1&?0aJJuW*R(t1*;CK!R;jRO*E2b#9(P?VC*c1-THP|I+@?21Eao
z{{1(5hxhiIa*tKqQ~bOZE^Y(|b@;os_?QyNOPM3_;cUDQv$ep3haC}O{nTJDUCDeL
zw|Xh!950nTvwLX&49PEyET7R0n^oPcR6RbzpoowNn0WqwIJhtNlTkLs1>Sn~#GT-1
zG>oVFerXD*%ysPj{PsOk9l#A!=StqtmkCeP65(#Nc2BcszcHP#2!4HF86IYXUmL?Z
zIo(aKw&PHL9_?F-jAJL1x1dvcph4WmCw0hLf9qDy4cxeLq$;L-{v9M(cBd;n7O<K<
zok@j}@-KYsq^uA_Q9E<-rlIByI45}aR909(jE@WA=T6NlLiBv&_kyPS=r@d`MX9;~
z>#SSG0AlD3oOr7!{+nBbPELCij02erLuk!q_8C4v(EyCW4GbwGk)i6E0Isv5eD$g}
zMp>mKS4l(QN$9WU$LSCBnIXvvUmQGT{_W^_0PNu4oDcp(aQeR%8Q`X2rep=xaA|%K
zQ{jZ&3umVAFtpvzWgOg@s~!OqskNpoED9dau0LK~RozV3#zn=KMa45;iz-jjM<UQn
zn1>sjfBW&-)Ob*&f?us(0uV2ayXkGLgX4~rmZnunhMDy~RHD{vB`u+MaDf<Sw*p3d
zM!t)JjpW|_MsWE%Zs=#R&nEk35*vEt*Z`rGLI$;bT)wZm%ki#FS%4W97%MY0Zlx;1
zYH8mAH0+=G-z}$^f+-*!rnyaQKruxB;YG9e6{*T{lWoedhrP%GM{&WwI9~@;aIyp2
z`f&5-y#5SJjJPY{C2%979Q>0!TYWRRMgs7ySFDA<c&cDt)u#-hMC((mzfFjRj=$E<
zD01}edzJi$E0*UNriw!Z1K*aLje`v_aMdlo5a{j4w$>QwX_vH{BJQ+#>a&pix>EID
zF8rnbo`}-yFC4I`tm1~>X6+N26x=V+FwR>%3^~>5II3nD6+y({TYY}QfZa_OPg`4S
zeEs1Klu~2GR{&Tk>|I07<KVv>mRs&dZP4ctLzeWZ#{K`l5r9~A$XkE5VOruM+71`+
z&V=nV_ZDyJTTo`1a+Y5oZU{!x^7NYXFG_5?W#2oh^@HeG%3IRfnCot~M>&U&$a!V4
z$bb<XFkCFZHkl&eE;B!DL4Da#Ir_I13`0DMIwmdyfRSQGJHLk<mM8DpfGMhydndiG
ziISl1gz^Ia!O4@IZt<wMK6XN)<0Irvp=hzsT8|q#1|C?bl&*E1+pKUeM(}M{w&iRX
zZEAK4Kue~xvSUZ@=P8vbAhsLs@x31Yn2rSU<iu01b_f)=K0bjkCw&Ho=@ed$CSRCs
z!Lf%jKI<25S5<@v8mhzVuMO}Yy4Sw)m?pj)*GVvi$ISbw(7OuA1zvbkqD!RE_xvIa
z8Bnu<pWXXWz(9y~^i6FHzO&!9w96CI9|bY`WY*H6b$Xm_$%4+asDrhuD4B#p90|N2
z%tlmQ!h8~c_AdaX>6J&pIE-n46Blgd`6ipuHBLDl+{em@V$;rp@%bo<noS^vd{_~b
zu87(=e|nSqS4F$T->;dLJK@X!)Pa8-({idB6AERa4vXuod-7>+p(B(+*Yar@;KY63
z9zec{O}Va>9*?~Te<A)B#|qs%KYitsb=sW=3$DSsF1{I#>IK5M?i&s55^3bi59n@C
z05dPK!<#X_^1%Gv82|(lfJI~MDUC4vhe6c1`iNfCnItLh+i9yy%)@isYmyu{uD;F!
z4Bh?`z@wOCEOu!1WhL|lf`e1P6j4KG$JUV>fIJ_N!ZuCfTIHAwWcukvPO|BVsSkJ|
z?gJGg$7@dL*(^&^q7AY;=jF+kQ*P#fxDXo_0dtwN9Zi5~{oZ*nt-lI3LZ+SH!@;iO
zKz;ijJ|N}u`~)Y{XgApFuNa_G;5pi25D{pd1n<lNs2D$CO!UA56^$B#pl@qV#X?|$
zoM#+uti_)Har?4{PhYzo?o~x@5pzou*TSb=iJrOsA`Oqg@jUvLGM<T>X<kK;S(=YM
zPAfvd?5S-VpS{5^0LNHJ7~QH)sqd=1iKrP5a^(>lh>b0ftkyKI;$;SMhF!UGAPoMM
zp?I@k`JH~9j<j-x7456S7;GK=e0D0mGQ3N7*|l|d?$5{#nE>63G-oV~0kDfL`&?{n
zR`INZkSIW<gLejhaq_uuxy+6=&He;*pcQVj^JI({hr!UbPROuHh*D-Bj$_*rvrJ0a
zG|fl@SMN%#a6v2^^vh^ky0zal=d%;MJ!&BS2hooyyD_PHRidtfocCb%uyOy!zd1`e
z?q~Hk98~rQ<SF%^u&@uMGyZPV<{lg`{sS5)nH+{HscFLIkU>xt3zwvcY2&I3V-$2@
zzdl9kq`gg-8&*e#Rg{KgVE(!xmvx(fx{+vP1K>SCbco>41XyGSMXtNwIo;8db3d=p
z%dr=k0uf`!o^4iN6nV|o_jm1jz$%%;UCa?WN?%d+A6iq#^09Tg<7>=APR)oz%c!sN
zWl(>lxz}wmHcqKre#N@a<2(BRG$(GNXCVQ$8%yk5ZN872Ne>$F;+tbq%IiR7pinHV
z`#k{7TV!`BpiK)@(QR+O7R080LMkGo#3OSbS=_gd;7JC-0irFTn*xYBmUT<0CP8aL
zOz5KVCFYm;;)&7ozJ3N6>NlM$mPhYx=a<oA3BVff|8H)#|4;PM{yKO@nhKVpcnNYT
z9Y1hBAJg~@esar9D)=wY15ER|QF?*fY_(d|rD7y*bAW;%s~mU+fldso<@fhA@zy!+
zCb=BQ-+U4Soi_>~z0awX!!*`_vSaXeIHf!&0#MY5RfrmF%}U$E8ME^>HcQRwvJwOV
z-ENga{dI>+h>~bF0Hg3<LdLR%M`{{)@+ScsL?OP9tA3hR4KD_3@+Z_cD^C<?>SZc_
zMXR8-Ha@*pJz=DE?)pQtL)08ZhKvI$t0l@ndkH`<6shZ!zfi2-2<UZuhH6CyEMKwZ
z!-9=N!=YXcugWvtH0a8Dgq^~y;L(8$kL1`8<Z8J;EN4EZXlx;|0moA3DI}uWccC8u
z7(dzXe;+@;sPOqE9dYGASXXv%{qlA8&W0NzMx~cmRR6wkaOZJJO&uF8VAjdz0`Kk&
zx^aa8=#&6O8b{Tzif3x-QBtT3=7f8h96f+OzDaV9fV~Pg3A{_j_cWjkNbtM;gy!LL
zrGYjbH~@CMsm;g!?gpGIG9Yleg1?FXCb?AhEAw;;E4;E+?HnV+Dor<MO(cDBAqg*V
z3!pGt53Fc{1OXX=4RYw{d*+EplhX`Gs7?nUH7z<&2AH?7YKltxn;p<Iv<b6*gjqxU
zIQ&io?OT!{RlVDaWG~JV;aV>>n?1&5=Zc@E@-ESN5VcL$LE1y!&P2w{=95V@Ed8~5
z7=OY)jOF*yn%&aKd$KJh+`nCoQ2~@50{~q=-kfIP*kCN(U=<tkosz_+?stQLS9R$^
z%+c)W#&_J$U+fPv-++v+LV<S)C&g_dgO(EjgVquI_R(A#KnX!f<tLm1NB}S(Ce39J
z{t&;vl(9%<8?K+XU1<T_E<t4DO9s$n#|IqQIC_ro%c2a=93hGU<-SY258n=sTAb|P
zTB^VLN0VNXs2G9~N`%8X)M`abEn5d$=XXEs`+J_2#jGj?a8tZ*2!%25KPE={Mt5A#
z_@huPLDw(HHf-Yo61H9D3(e-xw=cTDi$pPhJaT&~4AB>GSmX;srAB*225tFJRxsO=
zU&K}2o6$xMYi4PS(-eg4a7OFVRAZ=iQ0SvwtvN;jqSeNf+fPPh-F`b`LRcd92*3jX
zN%J=okLdUQ=aQ!#LuS$M)ZYL-na5^-d_>eZ?sW$>Ai?iXS{<R!nKJ=!Bu5p{GuMJ+
z-sod0Ab+*v5+>WlP({D(P6bR&8pH5&lAp$m90)c|4Fv#+R;>y`g!Nwr77|~d)Jj|!
z{ENK}+hIm%rI=>`9ttG9YAG!)-CrF~7&8_w)?*fbf6u^0g~K5#R>Z~hX%pho!JU$i
z22xDClSZNSwqN!x09z}t$uqHS(rs|!&LdN@kcba>T`{~Ei!ePB{3r3(b;;j%W3mgQ
z%Nzb<MAzI+CgC#!UphXlIbDjkPVM#^FsrgBvR3iaprKlVcugGA%C-2b!9-=gpUkih
z0Njr)_N^=lq>K#MvLpGXhLw0L4o_I6t$_qqi@Zf)M(EaCiQm(E79MaFS*w>|40<vP
z%6JBk2LMz9nf6x?v_HdrW*l1|iWMf`;TVmq-R%sA5YfheM4=|#(aXcU+2$X+dI@=$
zX(SZ^E*4|zdQB7qoZYlyM3e6&l;5-c!4>?2Yx@$=s})B`pmCbr6##s}2a7%D)waN~
z5&)7eHhvo?VP$rmV^%2Ay95mYZ~_PGS!$(NxE9y}*i=FLGS~R~kSbz^)dRlQw1uMp
zPBy1CjAv>@xiPrS9P$2z>06#0&USzDxa0!}`W*(AEv^N~k=Z>Z@<l}Nil*h_b@Cbg
zWpm!~HW6RyXM1$>S48PK6HM-IZ>Q5Voi}PSA08yVk!$w)+bytJ)eRr0MMK^7IaliK
z4cHX0T54=#PTbR&*WF0%Sofpx2oXJEhrreXwXCa<7v(486<`SsZvahm!zUPv3fT~-
zjUjZB>|=7^f<^P*l4FCRQXM`!J+Lj|)CeA`;e@fRZ&tvfKIvs!d98`!MyS3L=g~}+
z-uJordiCiS8D;Gy!s$a<OO)k9-kZfP-CtSti<}wofNvZJbOvx6a6_UjXS%)?S?nRd
zgw54T3|33mULS43V<N!kT?vqEvB~I8Y-1X|0(IgOyg;ds)QCP=RZCNBoDedjK57}7
zb%R^gU1AOZBN0&I5t%tWaQ@#~NC)$-{nt;7lF19)AM#-1D6tOzKzXKjy+^p;wBda*
zNxxG!09iOi&Y5&ip0F4jzHKxWKyZufiQ-7_M5?0bPP^Uk50G(sWp$AA&ZN8vcwcOp
zRt0ZaKdZ+~3J~S4vWzJqQQxD0!l93~wp1q&{H0B8mG$^QFjMj)nOXGL<6zS^Fn4H$
z5<g4Q!zDvjI$P=B7Ep*p+IBhlz4NJF9Tx8~7q_;QW4DbS1SF8-;O`8&C2lI{tP~AM
z=C1NV-QaaKMq^Uji6!EBmRL^o{@41iOO2zm4SF{Neh0#EiFzj0Ee}wZLNR9+zPchr
zAm}r35@_Luvc}?q;DJ!_l9lY?V5apmwBSX%O1g$J`vm1^v^=-f0~s?ApkO<q%)jow
zq{auw)ne*eJP^(j0<53(ZI(MP(B|+>`sDf4*rXe&ILpG-m26g>(L;|6hbg<Ok6GzI
z&LQkNfUDqAdN}UEUjW2+cd5S5mAt_>@^?6#W4AK9lRp9094_C?_q|>PF||STAnM&q
zJtI2!dCfx8`90O4Z7>-n4Yo1BYkS2GyTy9|nE+`t(d(@wV%3u?=U6q<f5?n>7x_3m
zU1=^W=kEz;!SaPyM!nhh08x6@p16N}o(gAM*p?uiW2iJ*&p{L-?Ms;^8$0@0<@<t0
zsh(iSV-E*eN;H<($>H2FGd1tYjGwPuJ!KB3NVM<22M9>noc6z+7qc-~myw6pN>MzY
zRmw4s<4MSQL-pnN1t*1TDsGx~$&}Lq2_ek7NfCjKs$-4_9Y`@z^aNs-AMHFWUtcTp
zo;TS3phZK@yWciwRM5Ns33xJzuu2-FtI3^AzyH-LfhD((r0KBCie$>Cy7b&*RL91@
z(?lWq<pkw9*w`t$D3@U$4;ru)6hP4NN<>O1P%tnM2nKTUyZ&$uhZ5a;`kGzRnxxAI
zGeK2Ex;L*DgSPhv6`TW@JGDbQv#~13$;C$M@m^q&U>hP!wrWRZd2M&n#||9rZesTT
zMg_`|=vAdaff%6o=VW$Ht-`da__XFA7|l@&s%|=bKt`@AO0yodG_4a`utZ^;6gQGw
zvkxWh91{<b#X+LW=p=eqz=Vw1a2ybH)`!t*>Z)H^W}TXU>>ZdEMTVht4>i~N`2-P2
z!LeK&G7Cb--6eTeUSyO8%xDeRFbM^+gq)6ox}#Z%a@kVc<}V^>@8nBC0ZGhgj9nDd
zbS8~R{PAitCT7*S0RiouB}nV^(h7vD-XHF?gMOPixK>)Bv}X-m{`#L)2RXClYGL=8
znZJ#(Op)ZiH9xUe>u2Yt$qj5&&poOFxSIf_QBrm^mL+H$T%PwLoEMWUc>^^&(lVMO
zWB~oV>hJ}M<MS(>%8TU0OE@?aaPv~g#Hj)#;6vE@rY%4#4GvTYqkxK)R#n+Y>9~CV
zW>8)*psNN%<bE&7Yijq@E}2yWetbu{Uc-z!FsDs}M&aL_BEjx=#p@l%h}Cd69oPJE
ze`KlH<1V4^h}$%hhKJUrdkz|V)4Fm+)D;gu)|rw6MiSrlFm$q?24b_-xq|fo_&5Vj
z2BWWVu@vXEmwne;uF$ZS6|)#8p?^yWt<r|eWZb@eAKpDxP-UB}tbCmdN#!6=@27N8
z{{tkcjt13*72Q9&{2%GjXT79wWoCv%riMg<vDWv+gJx=e6nj$QWHA*p(3d9m!cp%K
z50j*7xpHS7l!7Qi%j)(D>04t|&~b{J0^LYWC2!>&q6W`)?pzb)n-nH`yL9UA2Hij0
zE7ck75+3KH&D#H9cw{Ren}z9xH7nI+VG@K}NSjOCh6T;OK4h0t@5kUneY6+GlS6!!
zfrh<LcC;E`-Jr$E_fuUB567`VkRU921IO>9LO|5*k3X<O0SZ>4aSYDIoQ~#&M>qGI
zqvVL74Y9%+Z69)?bKw!kcJoT3lEXQ)DN~kpWZ*_CNq<3Cu1q_Ye>nwLu_W>Q`aczB
z@vN}Tf^IN(w@4YUN_21}E2CcwMjVT5>fkkjxR`kS((h%m85MH&AJbOI37Z?X!Wm&$
z32))QJmD}H*<KMeJ-7lLC7g|%xj!&2$sEY{jR}RU*>de?IxxA5dIZ}G5)1X7C@YX^
zy!7BxCrY?%Z$55OmDQMixKI0*Jw0UiU-u5bK7PPg73}nLA;_;*JL^`>qB#<@q;7Hs
zG;vY_fdINl+@V55WgO=+#sr~XMHz_r`A>u0Y_^&bUdc>@jQtN$>uOU0L55l!6#cmH
zp=>M}pdQq4+^_;!lhPP|*?4bjRA9TM9y_%O4+{Sr;>p(bqch0HziT39x#q^i{-9Pd
zM?#ONMY#UCA)GoKe@IQtBs%hk7Ph8Ay4~<w($y61aFH3){8&XL%$N-Fj4jP>$p6}a
zav`*-n3&iCV-04nQ7!VAF;S?31+88K<+W8R>b#bcy0&)3vZ<I;t%$ER-IAT0UFzbJ
zqJ0rN8O7AYN2CG@IAN?ATvIlEEuWlpgvawJBdTIOYje2hIA-|7OOQwEhT4l=m1Me<
zF(P$HMMkJYKZ(ch;H8v!>xQ}(vyYbZ^(DLwE*!+!fT#8XcNNPQQ9}PdUe(<`vR#ca
zY~KQM+ljEKATUWXHb9zxRh}=;=~(yZJoGt5>g0h`S9nx0Nx~eV|D=?^d`jSk+`Q%=
za^4U1rHToGhAI^7$hm^W%?VS(N!=N)#Vtn#sld1q`2>mg^55IqeS%!g%>Owl{iKK+
zOl@xLnN~3~27YVCKO=IQ%0ju=HVU7FLY||PN%PYcvJ(HINS`wJBRvxGw_wiRwWYMS
zKZ?o7q6Z3s4o6eR0y{Vb8xe&s1<8o1?!ddQ?M{}tX9l$SRDT?}F3tWO=7>=_WMtIs
z`zaD{F7Yo*mm=KwC&@W`6WU|-kr;91a+ya?ros|G{jHeH$#&M>7Rs1t^=vamjK-WM
z68G!p9kcG0J~lSG*0&7I(qs|hHFEhiHNTucT{`QhD=y-3D7rONrkVz9qp=ue=41wy
z5py7=`1H<eQ+nY;-CUM!byd`EKlb9cwsFuR5EpS3Y{(%e{nkQT3BlgqVemkg&Rc2X
zp%309bpNjDC@BuVEuu4;xE#XRTkVGm#4A#cD#7>Wg9&HUoPu9EWFsGbRkajWc)}HJ
zG9>)bDs*UIH;K&hMMR#V`-ZgKTB!%Cnf$~k!qHu}Uho@_Thi{^kHGYwm=w4OPYgCA
zeVezo1orpS2mVR#TJ@_(iq|9lVH##}y{nC>sPU}0>hS#UsFm{dRkg-7*#oEG#dcxC
z3)v&OrWRgol6lAe|NbEL|NX#Zq|51P-$4K8vA?DA(ZoucncK;9)O>C1%gSlbv<BL>
zgZkC7`$el*@0W8T)b3*i1Hzu`jDM7NyAJoiU<!&#W~b}GuSA?|J}V7>nST2zf9|ny
zcZfL!L$8gC&e^)qHo@Hn^iYsu7({NQ2UM|64(arNAih&JW*xd1_;g+zIEw)h(I@MW
zu_D@kI6j+b3god~FMY#<`fPbzsJJ(zO*plHCW7%C1ASl_>1aGgtVu~n5^#un-*lcj
zcU6B}D!eTChda<MCcOLktg!z?DSPaJ`ANUCsfR!1PLJifUN`1;dORXCH4OREJtf9)
z*Pa3vQCfTPY1__Wq$xJmCDrIwKEI|{e`0Oc`8>_Ofl)qr;6bDdzvn)r@4m6}3Uj)m
zrhl%;l|{D|D8RIy=c;h5iYGDd`~BqSuDb37I!n&TZ$^G#_s>`A+z8b8)q{n{Z0{?T
z49b7HEU>fMw%@pP6EVXw{=}Z%M#r*5kCOGK`a5ly%6}hG&%giG{p+y|_tIcfJhFm?
z?9g3GY(@J<yf1R6s0`FgLN04`B?l}y+6(?tUOdA6`6*zwN*1uXpFyq@oerbhGLLzA
zD65R5_JZEuFCU=(QDIXlOKDsV(+<y$$J8*<?GVFJ-O`!{6mM(glv=I)2n;n3puK?}
z8l!sb!*PPi?x$9B^rq|^Zo%C3Z04-;?ir()rJ+QhJpY08<CSz#Y0LXj!JcNn%HSU|
zo2|gdBjgpcAf77pME_7^A{YH`Ej5&<p#BNS@n%e%2x8%}F3Usy9k%(A({*T&riIk!
z>vdKjm7qM+z(gmM6<WVANn^Q$IE*!|*lq;4H7Ii~k49$fLWD;>EoL9l#7AsTN14v)
z$%8vp*2{}QwK1qpzW~++Xrmq?AH-^Yt$!}69s>yvpU>Oaz2Vi47O0c6w@la)I@OW<
zbsy!KW9}i}I|h&2I$%QTqF3YWWP#ot%oO!I6J)>a*5*n|XMR0#fSk8d$fSUbTyv*J
zxxtRIeJ_&GHf+05aBMyf7DfVS3Y%0D7rc=s*{672_Zv12(N*0AV{nO|-_cY42`{_N
zmr4fT#(9De?{I!-oR7?@;>;Qf=6IegFk<3lyXDDOOwj$uPNt!?c&_sZ&qaO4`bprM
z{T!Nqz4m4%kG@{DY0nyrS;|bMWXL`ns~z<YY3D*pf#R2bl0^)Fk9^?q^X8rQQnQ^?
zl2^ax*BmZ92^=UZuiW<Y4z;^$ceoeYR_h?3<k4~4v&mjqg<j9#so;VXO?o(z7NQ&u
zl$3zK^w)UUWXrRXbxod6|EjL5%x1h$V6-GrK@D{lPmC&nD^pw4sR5=MoAuD6iLO9x
zQtoKjb2*cT_Oq@X*mcaROK6Fj<jZ8Bb}9Z4a-fC41c$6-;=oX-+4pW#<k-eJE-`^T
z+q$mc%lBYYz!Fq_lf>*lvDz7bD(rp<VdoZY>6ee3S1H)@OoAfAK14R8Ey*V(%1yCA
znUXo?w~6EX-Fi*(!R6DNWcje8uQEg5V~)g^fSPKE?i)z)Uyb$&0FkwIT+h(;AJt`0
zst1`89nW(uLU!`%?L}_9E<a|J`4-Bp57#N&aLmT+Z`fD6e(B+`7$KN}w|hCPY@?N5
zHBqVNPPJEShADne->-_RTrJ(-3<hGOT?0{FIrGVOG}gZkw<i%l;d5PqQ3*oX24lnM
zG`1r<fNm@L(JhdnDnBV4CGN?s8FGNNu%_77{DpOJpr)s)WI6q)D%Im&wKpBD%&v$h
z-;#7o#>Ry+GuI21{dFMhBkr%~)c@X{L~S0Kb)&d#yFjGX^?BlYAxYCUZ_7DVtw_r7
zt!37MBMesKhL{QtNTDWIYgj`I#4<57oJE%1Tj75;UA`XE4i(lOT?boteK%uq8)Ed{
zTy}aK9}53^)v{VCT`zyRg_XCwq7t=O;h*sM8KieuDw1{mIQ7np1a!RD3(Eg^pdWUi
z01^?d1E-)<qj|84L%odb^1Po6W6Cq1)1f*d6&{0szAng={C;3b8|tIm^oCd=#_(jF
z7cy9zo;`r%vwwX`>?T0e%e84TiN|YvoUAy;UAK!A<4)feY|N7tVe++)q?uLINw>qU
z^c;{6oWCY!;f4V16c0DR@huNya?_;^W0{o4aj9s|h3ZRZ6wf)Y4PpSnpknNgW%f_!
zZ%SVo=)w;~C{5b{I+G}+Wm2wEGRLpL?!qFMCDpUWxgx?yV|+fmvK^}HV7d(BG5UeJ
z8KHk#g~^@Fv1iuR&o7wS-Q({}l^pz;JdNVtw>=VD4ZX^iC`sFjBYlLnQSKMYp$cs8
zAD9uZB#zDS$0x^8>N0l+So1mV5Q*ZP>e5P|qcXeJ&0SP9o#tbAGGL%Hn2=OE6auAy
zS=g?1B`&-$@Q=2%mq*_%z{m5t?mKk(dI&^YshDh_^UrP1_ci2#&O<hJPz<r3UL7q+
zniL`(dpSCimiu>q4`q-{k*4~KmM1;tc7U%srRttY>>~-J{v~93h=7%hmU<2;>A-#q
zpRWhPv8?F%=YEE3yDOO}MN$VYU5-?o)zlf@0eMZUcZ7nWHFDbeqGvMI*30WFW}LyU
z9iGz-|D;6Nx37Sc^(p@?JS58Ecl!A&Q}*ozfDgtL^$ytJE<U=XHHxh(2Fx;8wp$()
zRJ?m|lC+JHs?fU!xJ`o}=a<Aic4ZvtS_bdn+b5LQ#u$w6&YhH?^bJ-GHm-~TVY<JW
zIenRw4}2L=bA}9UMB;Sv=RiCMV*z;-?@En9aVdY!2FY@~hH7-`&z)jEVO6%nF4~ep
zkSVdlMBekcX^Fqi2w@G+wDvUCPQb#N%_kzwqIAtIIGkW$1RcAX_9TsXwkr|{$o#Fg
z^&q2ti&(a?<>R!dam)hv#heSQem<u2V@j<>%|E-Z**r^6=F7f1lqmImBT-kVp1)l0
zn|Ivxvh1JJYYg*_9f<euOrA_DvX`EYLzYa+$BkiJoLAh*EyAYxS)fDK+*Gw$1Bc|9
zE>o9>#vmuM^Y2$51Z1~s2Ua&Sm*jJJm!6&uk=$qBJ(y1(ss!FdOyxY+--T<WYyn8_
zP2`YZ=DGQDtMWVBdFR`I^nE_{ExUUp_BA!#hyQAM&7YEGt-bQr6Xw4ckuTiBFBcKj
zC5ojo#pF^i8fDfU_gWo9Es!he(SAO6{t>}H+4DR@>U}s}q*<_5qhmuQ(Rq^etnGC#
zAi|w&%lDA1fHhEQTRX_7e>{PvgBV8?aheD`SF~}KN*WfXw$EkGOGp@s1K$mlDmj6U
zt}`hhW_?b|v}CAXq+kEH7mkj-(8Nym0ZW7(g8z6^ka^j>Wx>SkMK<b5<4g1<SDO%(
z@**q>{~&Su#t8w4Cx5sShOY|O%5#Y2ZGSO&_+JJ0{Xz-zQG;~Y%0rC?Zel%kq<@vM
z1JA<LMN0JF$VQLwt)xMo?LFfQI<Y$NmjTRSuukeVoYS^e_sqLx9z>P$co9u-rS<>b
z1vm@e-bQVWrdwcS*3&U)Y|VToJfF$AW<BIyz_E!BI!069i7KO%L=O3*&4F9lh*`v3
zK)#a3b+WTPxilN&a<chGO>`A7YUI2Os-kS2NAo0lkH@w8)N2!Q<oKkgsbcss^CkPs
z86@=-rkGKaROg%C0&#N!n27X%xn~*8tFmA$F{5mR7q1f7`(Vw4j>v;50(h-H!KiT+
zH4)*)8&JwH6eA<##NZ0f;9Xd@E4Emmpelv(kC_86>0NdTs3FU(c|^1l_Hf8($a0^9
zbxelca1w3Qc`CV`u(U2T5OA8){rXVIK9*kq^u$B)XlGlEGq1a!-#ew19@mg}`+|XR
z66Re?O?Iv&U;o^){=S5j{T&$C5llTU!gkT*%|*(iPgj@PC8`&OPw<}Ac+rL_9Ul!K
zHi*~UX{_6Ay!V|}l!<0t6zZNyq=Z%<L-XS2YHoMepS;xxbPddZ9m?5!eJyrretT_B
zLia|}>vRlHp}QOi$2%_oiXR{l$t3<MO@BD_KjzQ*8X1lAEf&li6e9Gq0Kaa$9IS*M
zlb?0_T1=Alb<d4#jTnvx9}?w-^I%;p%P}?jbi!^afOOHe@5v1=uSa&=>?#BXA6zss
zYg>(~=5}eK;SwfAJnvjwb|OY1&M-k^ujv@7s~6<Tl0?jx&568h!P|h_4w)7b%`9Jx
zo3U#R^fyY?o69-s*Kq}gRLRIaE3Em~X_6b8mTEY0E@wm9MWh`~W<(4>+=j}^M8=Et
zZk5eQ^Kc|5B-2CEi%_3U>r@BU_=U800$O@Flq}pl{sIXtS%BPL$Y@a~f9AmC;YSJX
zSyZPKPPV_Mj2Ohf#A<fo_n%CPY!R{DjP#8$0$=`*KLI=>oO<q9&A0B4ntkVR89ygi
z&-t7Q58WRN(Q8kA{-fP?2w)kG#74rd!jPhX+1Kh8TrxlphCY1~nnxo{Tz7~w1*OMa
z?~41Ipwqs~lw=$<pc05wh416TyDNYk107F?f6jGSKR^=D{nm=|y4v4p@p<%?e6Rjt
zT002q&a0Cgw|7ncdyUi&pg*?an;(#+`e|h5KL7}2kt3UzRnRxHza_V9(%Qa#YrWV0
zHmwM?E;Yu}TIHf1_{`La_?z{<W?^Y$=EuGFO^F|M+<jBbRcMiYY97K^SwLdQ@iNbL
zOR||E{(L)Y)498E;?t-nfnp1tvVS%)VJ{8V?+>w=H$Q(<8SEA|SSj&BO3kqm9icP@
zyq9n#NPmw-&a$lx+EV16>MslFc1wi_LLaNo9FX(0#_V~C=>V?*I5yq~77^!lYA<;w
zi;*UyWxkrb5jNx1eP|1|6`;tLhX$3#A<&Bc)|}V%1<uMwO$8xmYs9N#&SliVW`B6y
zQB(oWP*EfH(xemsSvG`CvlulEHQRxv<f)S0)0l2df6s&FCufRp(zMLO7kH*h5W~vH
z2yS6jP#!-r@Y5Q7RGN28i+6RaGv3O@Wi=?76B^e&6xSCEP{ajGsYkKXxkAw?fb1R%
z+-1+FYF%=({yqOb-}fe7t7l~o81O4KQo6jN`;Drhgr0;y|M`k))U83-3d=z`c`r#0
z%O4Y>d#df*-dh2F?VX_L*!l{XnexUj%v_c0mAi8r^Ecs0$TR7|6&WE*gw)-D?TS49
zQJ|j1bW3ubp@KeHuHkX4ZPhH)>3(H&AE<}WF}KPR^yw0294)nfYAc5T_qs}l;nb1-
zIp5g=os_2M-HLE{WCEA4ne{-x5J%3)73#ywHSL*I^b2eJU4G2zz)@l3xFxhTIC1f`
zsTDO|cC1KqDFbeCAJcN}HLrC3j*Uy?F4T$45nU2vue6A92*G57m_T-qT<|Jz21*gq
zw8FGCk~*g@@<+5{BXukCzUsEtq1JQTLHaZefB)&*z0tgmfBLN+0OTF~<{zwPM2Auc
z`uP1d?MW-=3xy4EOnn|wzCY{QF-fZ3?Tq<+ar-uDuaZ%nB8-~6cYX1DPOs*e+yFkY
zU&-%GZIGAx1JXaQ`IxX$1N^kS#6L`|?X1^UWiMsZs1W(q5yaqcCN#0itp(eov9~wh
zh)V$opFD&mr7)KlQ*YGrynBDK0a&ZyUk&9Istgt?TR9`CF?2qj-#M&a+1icI__Uy)
zCoLBy_c?NRZanR_By1e=v4)e{nxFgDmAcPg0Q6{hGtwTVJk)e>w5gC5bGzJ!vl0CS
zSnAJX2TA0zm@!V!IdFew0@Jp@oqgi#HM#HesJH_^6Pt|M9pFRhZRfGcrvu1&Y1n&f
zqvfyjskp2s<$9sN63yq9Ze^=)bbF4+<`xX*_{CeJrA~?sW&{rIEi7eEflyp)qKCyl
z!=?4m7tR2{UPQCi%73bJHGbC*$NVBsw{gFiWH^=Tv_@~&bQrxrdC1SJ4+Cfw&sAr8
z^Ech%<sXuOR*O~CPY}Jiw}b1*fwEPe_eT^maw~<01?Ul?i5{}-TB!th(OBtJ5lhX7
zA%O65X&II*VX-3M33S!2ZIIiS2(c$)DnH+ieI3wFWU~QCp^nKAkip1FBK@pCR258i
zNp$kYGy}~eO|~27|A(@#@T&6pz6J{vq(h`cy1OnQ(jY0_-Q683CEZ=p-Q7xecXwR6
z8{XmbUB5rzeU?k{a-W(xbI#uToSDgbEo3KYIjE2|HN+=Dy&3QKDEONsV9nZR1c02B
zptOgzF(T4@6?9%Rk1_R^Ohr6(H*v9cdN;>+iQkZFq5-v2{TS8!nXJ1=N+NyjG(Gn8
zz=7OC0sZ&;@J%05E)UV+s|l52f_Riq%y&MQrTXiW;&4v5wa)<Y>l;-6r~bayW;ai#
zhw!zo-@zhdu|z&K>X7@5ys5I12jolEWzXY_g^{dH#&N~Y!9QjyIQfM893$#Ah3S74
z7e!%{-1@UrT8{NL8&$XEt6LOT3l1%xdE^iN*>?R}ZIPSdrb2?p)A;0Cqs6DVjN*^Y
zmOo@3mVFmN*HG)(8TFBk$9RRjI!%u9vnwk86<UR2bIru3&9JPM4s}wlC;vg+#A>2z
z_?zJ3&*Xuj3G1cZ&@7F5=Je?0OyEqik}Z3a%snfAp5*ME*yc~;*6>Y6&a=-<!5U16
zJwJ$OdT{ilWN$qrNkLl?2&DbyxED<q96+z8aw{r%pMdrmV>x*zlCkul+LD!3RsGFB
zcQ3Bjm?3<(K!cb@c)Ye>#kv)5);byg)iWUUJpn-Vqe0J+eL;>*Y7D0-@TW<=B4n_Q
z*ayflS(3B!`G>VfA8f2I=c1FEJTIVuFc-6FCeseB&#vY*B*r5vL@EvV+s3<Nu8GOb
z;t#y}DN{-yNDDJ|w3V^Gtqk_}Xg1&GX>FM=*=PNLm;&{jE2(pNqNa~=KTD_<4K4pO
zVFIX3AeR})dG5gMb_J87GYL#w)~af-2*UHY+@39`UDuwNm}*DQ(zZ~t3+sQ-6SNMl
zrt<VV$>znjXx=-X_tDH{msw2Yn|syZvRwEqkv4?0cQKX{7*ih>*-+R=dh1RB^*Q4^
z{->hu<b&8W6}uI}oZ`+n!FfbXG&^5rfl?PKAhOQPVB()GLy22?PA$_jJ`!cgT#Y|r
zga3IwlYzO}gP{jHl5DGwhg9<FmLCr*=<Q$BwYlZc;6Ax7uk1O8J=Y5Y2z|7zo;x`3
z(YL`%dObl7KgO<POOKcLfW7s`pi;s6AI-vrzFW4+{zkLNa?n*AfIv4u)0;x3lB!Zl
z{h;tUMy>}jg@xP{D)?{_wD{h!>wYg$FKH}pyu8XB>+!y-`U>A=*j5^t`E>Gyp`K;U
z@ImW6^ABR~8QIIpU*zHtGigWp)cyE)#%=}{V(vvuaU~W^jrVL5!~pX9s|{Nfa-BTo
zEJ#?nP@PQy(LqtELNmoP&P47iXO)h5^xl3o_H~3DZ!zS0I@tl(2QLeT)CyR0@rS*_
znt9r7^XVw(tOJ<Ej{?eQ|6=dRIL^B$bgcTn{Uu@fyRrqKolJ6G#uV}n^;N)WnG`im
z@D5#@%|(2L(6|nUiG6}~`dN^3=@D2=KDbmB|Dr=%Z^LQRg8Y1*RG*Dk#=Di%?_0Qj
z77ZCh&*f#G4Am_;4!U_7Hm(Fz_5OIRr81@3(4VOw&7rkPr{Mvp(KAJ6g|L9|Fa#VC
zAW;4*FF^;u#P6r$9hbzrx~b1pM4!x$DzK*>PW?<4*pqyDV_cHT&ubDV9`kqlyNK+Z
z%78FQS9)yQ%Qk)hZX7B3d4c*avA8DQ`ZKKh&(gQ}gp&|3`^j2MdIQe=1+Bp_Q7fsX
z>(~Y7H}Gvs_|T`EOJ{(W@;)&TeZBk&MbrDI@{%9ucR%WtQSE#Uo4KPpP)nvDraX-0
zdL_&={kR^V9Bksno)P5X#?5~mj-V83R)c5Pr|k^%bVu2Z0Z}XwZeELn3nRYs?Tli&
zhraeqDBKVpsR{i82Rn<&<^|701wUHo@@*KP5ZF|7LG}D^m!E!4bb`hM=&$zT6rSp1
zQ*>i0-GQha&&ZZ(apu&X`|(vDc6BHaUtjN*xxc=C1!-<}xoT{X1I8sC(J`h|+%><p
zT`{e?NGL$@<*T81QIT|_TTSH@iv}m}KvQOxL0GT8jgN3C?)M-WxU<jcsWXhZ`=%+<
zg-A<r6%1X{-*6CV_WR;<-w3rvHvWS?(jW$%Ae3i297?5nmDLYS{Ov)OcHnr1@D_bb
z5j96O0<FTks=ZQkN!LMKW{y*7no$h>VBrWQe|Z2s?@gcNsVjdRL|@OYngAr(+@p7&
z1?ntYj0bPi`d|G-{oG3t$T;_FV$TD-*ftIPb3U2#jIQF!OHlS!vYXfSe1m+JE0trJ
z*vR(p%%0b|$!EbxfT|yjhlt%`Teau3%|bhAsL@{~9)^F!Xg0b*cwKAZ`N^Std`pOj
z^XE$`*{tH8NNQP$To=$S$OLzvp6-k!f)wY8mQ?R;gVXGRSuLeKtfX$z#}9Q>(w=W(
zh!xG~<JjbwpDr2DC##%I-DcGf-A;XM>^;--|AQBgC!P9uf5WVm?RDpGQQe(@#~@~&
zy%G7leVO~L7BIXryOYX(J=^^r5g!>(<$_&>=Z9)7x}T@6#})o=J3{qF|3jkj<d?@4
z`sVY<BX>0(U(FlM`BJ93o(UISoUqN8AzupLsB$GcEx&R8OvNu}h`OO8oa?&c9@eB)
zs9&xO7(&tES!R>*S-l2`R!@bTmwmHVv<Jx+2x&v%9iM#eIqucgjFO>wAII{oLI*vV
z>|$0-eK*anI`|^IeHtVuxg;UGxd!y0q^OR=&BlIezpN?>U*V;m=6l9Z?e=C-<JW&=
zE@q)UI$1)qcIBn{YRo`N2*z1A)Y4J%_~(y(wTO~@tUBxT)Ka&6uD}NNP_fvZN+QTD
z+<$fUphUibZ%!xhp@Gx!R!`1yOL;>y_myzISO&N+HI2bthLIrN7sBnL;K61hlGUoU
zF^XH~Bym%3v+kz6>amrtE6^ePDa750;=ZM2DNSvMw8)Y<?7&u}t(&-u39I`H)i)WV
zLpPqiX;y*BfhcQh`+z0VUDUE5Ic)joHgg=X|GS5&%#=h5l#iU#JO~dT%q0DSpf?y!
zx{SuVt}gA}p3F)n>id%j3xAI+*12`WnHT$V<f8a>94MajqkC3Qiq1{p5{_u<RKMQ1
zhusH>`&&xK3zd3QQMeu6Txj@=Sl;0DH(WT84|_e`>XLw%oSvjLic3)v;(p|^igVV+
z3?JBm>X$UoSJ^)P&T^jH>&gx(=n|s;TSi(w(K5{RmEPfS{V9=jmC~UphlkQw$aq!&
ze0o6(7No;XWRbEzd80dbK^H5682wdh(?J?XSA{~htI9x?0pqwmMsJt(Iu$aQEo|?&
zWI^e&%zF@BKkM)TWn4|`?Qq!P%ej1lYqj2*n+UmJ+7Wg<SMl`2WdPv^+XhSY8_;qR
z{@mL>uD=pGHNR$|{P~@5(B&18piI_ob}CKiOzVB=6~2enJ}i$a{;C<T%9kuKSK+qL
zV6pU*EZi}rtGvK~)1y+S^fQ5yN__&#8t?%Rl1Ba0Ex8jWQV#N?T*?Q#dhU}LTu~*c
zYTtS&e{!`$CIwAWV0B+bPy>iDKW*>mv9=H=-h%T<zI%=?cIi<n%&=!BW6bmfvoK&&
z{Y{Jy$JFI_D2pYXy&pWQUDT8H-c9~84{*wBF9!{L1N-NpQu@9mJ+FQOa?o}Bv7frW
zpfy{BSzl2Ky`6!;`!!{M1ds^*_&R4=>mEKijX(&jpjDU8RrOMT!ajT)eFUm_8s$Cm
zgL3+z^wZ^)BXoESP)qe4iz+!EYr%aBs!?a>+ujlQ>6PI6+jH$MPlwiag(i^p)N2hb
z7jP0G<T~gh$i4d8@R_ihxG{J>y16UZCUR_e`60QTh?Md{T9OpE)G#Xy^){{T?R2DK
zfIFgALYjstv_l+}<GLfTrsMR_<G)Lxz9L6V{K&NNRW4sHbexl0C&Cn3Ud+XSs05jF
z{HH?bY^7J81d8)2$VGUvKy2jLd-=4W{)YF<ABX)%<A$+`dM5%fZRBt6idx5Ot`zu)
z4NLOH_ryK~-?U6sryM7IZeL4H#3x~$*rE2W{f;TGAA-!~oNr3)UTt)vHtgJ;a;PgI
z=l^c^YIFQ`D_T#i6Dz0APB*{(Zt1oI<3Lu9{CiiQbQdbjHQFP0#CRCx*1IQ0z4bY<
zN;&V0PVP~lIoQmwL~}CpN3|wDIWr7f0p+EAw_mt8;};p7TW8q%JqOXV5Wn!gwnI|-
zeIU}-ot4_TJ<PO8o34=gP`4fX>$8V#A^m$Iz0Mu9QAQti>`$aNvT!QQsr{O6R(;P}
z0mui^KfzYkRO|6kp*)qHb0&OE#*91$#*oWog?sRn2!He8OZn-Vtenw09^DHVLgMhF
z`{lk1u`>cOEyvBrj<2&}d{a9Pq$#X}?Tf_)1dK}2C@8Unv8Jssy={2|4e!&&z>a@|
zmM)_d6(cw3(-^9{5y{++1X5bJJJB(S-Rk+{7><fg1-H2Vjrza-lGr#)8Am=aYJngZ
zUj(qFmzEa8SRSPw(KjU&s&}@xjNpa1J=!tf^5am%E<T$BAXwrawC@~v3Aa10#n0Nu
zIvh6*fy{JzYbL3QTpJsfF`!+>@ORp?qDgD-xzcdxO8Z)>g$UGMNGkav@%Id6xuw^h
z4B9Odn$ohH{p;!G1Q8&uVU>++b>K776Tlx&1=l8mgpt0IS*Uba5SM`)4kNu&Nr|qe
zqQ=KG1Fo<d4F)-?&q!Vd5<_VfQ!~5ymV#vPO?qSdPl|*%qy8IZ8eC#J9}F2dD%a+`
z^Tp%U8QwWOscrItG?E2YW0&D7NDZV7H4U1&kcdBqm$wy3<DvgrD5@LcSa~p02J0L=
zkFFu1KBrTw&C_@j#wjRS(&DS9dgHzO#bK2L*5c7U&uHwyo7GvPcTak(0gJ)k1*5Ew
z1DeX;ZgJjdx&s2~U+D8K#c({p3k;)$;lb?K*kIY*o0`Loa}8-w)ezDf&l_K(pG6qy
zU9Y%TmQtXF4k|&^mwEfCKoH`!yVFaPCn!T4Bd2`mz3fxqZFRi+H=W>fTpE}}gdWV{
zXa3?qYy?6FDy`XbpKIck?j1SoY;@#qZT+JTi{Tz0M>`*owkM>ikQZE6j$(Ctg28Z#
zo!KS64d<Q`6t=&$dp)Ev<kB%3e`V~ac<8n1#oCQ$I^s0+RChRnizGdWAx0z6xHea`
zzjmw>DrfZIKOPHN*e;Js<5sJhTvc5H^jFADD@!eNe%zGie)T*XT$y7lD4#|1G36?D
z*EQx1Ha?hM@Hb9}YjVRnp5$WX1R1CSOx$zeeeS|qj;x{hCi~23?MX9?PP)f|?MHw>
z0<Ei`8*4*G{6;VLi-Yq(L?X(I8Z$4$`a0%|LW!M~`DV=;JL+|XrrUp^0BWzwREM#Q
z#E0Ci(KfJ~{a3o@tLncwu;;ZaP4A)RG&WVJMu$&e5)qk}Bwnlj#e7d8Myl~-+UZL%
zWJjHE%hY;%P?je#UC2$7L%;FYXwoJx19lwCGXRkc8GMt_oS4oEr?qT(N25miV|^}|
zC_=7s9)!%r>3+u<*J>G?*`Y$kd;(*)TT@gi@pFs|=<ERiQ||ha_}fIw?MeT^T1kXw
zCz%LS!Yp6_2BtuF5f?ik=UL1hlWsfsHB7~iHkREKiSK%SA_MU4Q0EhL&3?!fbDejA
zije*|4Co^esc}0Qmnoi>rl14kzE6yfdD@}Wve^=E(KtBQ?k*})tYV&wFS6slwcvEZ
z)=sAs0o;B&cG#5x(&~gKUUbqw+>uKsAs~JEf9t`dkqMz4oa?Dx1UmKy1wZ%+n`-RW
zjOKh&#b8=%*P$S0(b4VZ{*Jb~@G>%5)7V1i@b324Xti%C;r?~?WP=jM5k2lrxZW<2
z4ITd2ZUx5n9=X|MZozFL0%n|uQ>ZzuTL_(ywyEfgQ=TTpy}F5sdLuSC*dJC=L?PYD
z8n+#$k~8JeGf(xiu4eFLoMVRYvrTV@HS77<W_KqIi*i~IEIzi!&l`6~e8gZK69{mj
zqjw?SIKAO;;-*_?M9eSt`Z@6jb=j(nLD60N6}X4oe{N>|hh1DbP`!(W8fy^U$<%jD
zs!nRrqB@E1I>V6R(~e=cD`#HhI&RmIIyOw|{?NlYD|o~zoHz0z<D#L~7LFt_#S>;7
z8%_ujit0oi=SM4kZ_=L^1~T&olZK!)Yuk@3WJd<=C-13P6LYVp6615-w{0W|D(S(b
z9`8^yB?5tjhVC9&wZbG9l-Oxb`5w(q$Y`p`AuszGa$PbuuC{<o2$CKFb*#b#ONavV
zYBH$TXrebrr~TJm##yL<LA9qxu!$`TQf2<C{Z9%f=uvq_i0K11IA^$Rk<d4D-JZ!n
zb^*j_5J|f73k{UfA>?2bQMEYt9%xI?OmuCG{;Bv&UslKH#vkL2DChK2<|0OSxxW(=
zVnO<nNQD1BJ^N!}P-tk|7ug3&dW^b5w!?_1Kh!4C)G$z;4bRpxb0WbR!JRxT=nfbJ
z=<)uJr*`$|>WYA<N!8UFu7Y|Z!nC$L?3^FWQbB&J8QKdtV!reeYG&d)90oh)%`8G_
zcU=Q+31F&RI^~!%n5ElRqHC+X{&xZ_s^r!ByYb-r>fIH*C%f0HplTpr{Xiv(8+H=D
ziDJv<*(Q@`xSd)<Dy-)yniNJSdgmC$7<byK?q2lnYx-fWR<!}mU=@B#+-iLHo1QKU
zd4td7Ri&kb@-r?DS$j^zxAb|0vJ9M}Fd{vd&4Im3`3`=pekq+0TqkD=E&?yp*H+W(
zZBLC!t&lk4i*6KtobPo%`gaa7z_bwtVktbfOK*APsyP={Gei^O`Z2-Wfkrv~s0E_|
zgCWuO8eT4`n2wO!9;9LH_JCPRBrE|kxK0j%J^LB_v6=6LoGN%a%ZvKXINiSudX!Gs
ziuFvO*0U5~3VA<m(-8rBOL=N5O%yGbZY&oA=k<}LPa*`y8h<=RXKucgNVE6Pzi`^v
z4*mJ%pJE*pa7NuXjiV$H*r}nMIs*rTq10UrTjH7c!7eYo15`j_sChdPe@tMlYw1Iw
zXV21=>K8vE4NTtl(Qrs?*oQVlVZ%>aorP7QU_q1>U9hT#SG{lTp3UmA<u-i}LmWrW
zfTWH2-X{4vm{s-)=EvJdb-s<60T=(X!?nDk?^(ZzeLzWKY&S=|_Qwy-h|KL{3#J30
zqVperxp=p`gL|sEytuy{N%@UVzFu1Vwy;s?S>6&#EXNj+Lzy2d<aKX1C*To;{j*J{
zN1u?^@1QTRPAj;JG&)I!_{DQ7&Z1`P-*UvA#Pv)5eXTAbITLjH^H2#!JH{Y@nU}YA
z`iF4Z&9%m2KEZ(u!!WN3UcF7l%`ha%w-w^ip5njsaaSiTt!Ap=taNhkQKP<9V{$nk
z+B!n)q|H#~l5kk{L#XnT<y>t{Yv?9?nj(G?fpOH^7gq40t*o9ovxNX#%ofe3aXie5
zBHuyJ8;gWTk#;AZTCVMK8?@37o$CBZK@IgA;n1`2Aw=ock;y-#B3eaRqBb`z#7DmG
zUbg%GY?ap1;Y9KpRPp*#AN(Dq{B2kkeJ$o*<>pv=!@p3eiy!U3CTN0LdB1eWdF3>H
z+Zzz=VBfGij!2>h>#2n5r4-b-yxk&S4`6zh1?D`+_nvB<4s9gy=LrZ;KfihL@5ibR
z$tNq=e;E|7VgKoVuTmzIFIFs^ESQ8&%Bk_F@>F+1M+>tt!<Ob$vz2A!srpbiC|}5a
z{R{sKC74?l{?!XcpI1kO<A*t`I<E+S?A@)d!x<V$lbNlhE*Gg(`srF2L&7y0GepqV
z@UjCk%^Qw--w~{ztk$uIE!Aguq)_9%*jAO?JsF$5OK7w-Nh<b&#-DhPY?0XuAb3P2
z*7$i&%giqc&NK~7q&H$4)eC&B$vfX4$J45wq^+ve8<1XjI9j^bs>&CHBYKL{KNG|2
z4o=MQT&7cUNG)v$@M1RzR_B;fTYv57x3%2#_|G3lq`Gu`e!%3;=Y~g<%CcZ7>q1O9
zl(@U8PYR!9V5)3?P;}$b^V9N|xbnZib9pc<_IYQWnG=wSeDgdgzt=*?rmwh|tcdj0
zYi>=w*9?n`)}T6Ije-q1S;I$EMeA`pP{DV5l(ZRU<K2JwdD%}#$nn}Dt?Umw>YoS3
zLUX@W<E^|n-LaG8@?azTXb(YpGLLRYQ>&8FLy4`Kr=2GoEBY@J{rPG<bu9LxU)1B2
z?r~nX1o9qN>^Te~Btu}1ef%jumIVg>UoAku8i(xwb3WD9V+cgWPTGp^amZ-!k+R=y
zAWv9ZRL{qaj%TZ}q!u+JPwbC}?21Y3q4(65#2oydQTbaWBKx&NFEzJs{o>?u!>{h8
zt;Byq*?6I6I#z3FMA3?BV@|3+!QvgTP1Bkg3TX<-GB$D!ru2K?_EL;e-(IJ+IBm&^
zZXhTB^7J@MGj|;}2~C2`!4r<5+b~zBH_b_bx?V5FUpdU94cq?291dW%=CxXbT&k~G
z_tZ#J?KT&`am+fd5JJl=6l;!0b$0Hrebip^LhVzt;X;zf1n-b>aBMC-PAfN@cMY4D
z@F5E}n{?RR-dm_zm;aKc^#*aA%A&=gamV7x+^>w+%T0P*)nT`})_7F|bb9GVr=M%J
z9J>7sbn@;HBZWVXeF!bmM6QEhYuFyXTecp~UX*rT3Dz#Qh95|ATiNS9x>$Y0$uHzh
zVi!w_-I2|U8tnS_^4s>wdbjrLftdNemvLMy@3d-(j}k=S*7NKR`7HUOVD@2*t<~(k
zKCL1-Lz0->N`o8|L<Pf0HY4Yzq!M6bbS$(BJZ>A;a!jAZ=kJhEC;1>j$uHo<N;baq
zlr%E`)q|YpohPMhndJ+a&L>f+?ajyF`?2`Nz>3^8t0p+y*P^xV&u@|7k2S6@X^#mv
zsYgv!2MsTa6R!Mq9&pmQa!w&Y?az)WzL3PXaK+HDYmS(+;>76B{(@b5alkOnNAY8O
zmBAK18G&)oet~6tJFi#Mp*0qwS)<SNHoxIf5nc)(W+W1rq63o+$W*nODO(b*WH|J(
z4#6w7UJ2bLhKL_(#O{9DVDGXxMgZAo{Yo2$v8|u4C`)bK1@59-wp@wt;$&y%2YMq|
z8|v~K!gM%i3{S<eA@D@ZJT-CkXCaA^p3@9A(Z#Vq*Y3z+zO&Z9^jJ4fHPTP}XC!65
z6pjL+hf!|7MG)`{6;|E&r1VY@gy_qGvP70}(jR$&=RcFnib?$g>Bz2jy=-;Qx^T|?
z0tW>Sns8on+~04X+S67ZBKZuTc^-=Id}0Cf<c~?r?YCz_S@)mHFKa#NTPb>6mO><4
zo$mzGP?x(91)liutly|^8!!#-(u-gx_+Ygn<!ZtH9cNq~O`BVe!kFjUw9<I61=GZ@
z1~;Ki%{Pqg=05Ot@xq5zE1^3PB>QuZv8lRIcOk+R*?Ff`PqYma-Fvj>lH7xMa4}-b
zcw8=@3Op=?H;R}0(=4JICZ;A2*%0Eg@2v>Ue%Uiwq%O)k<Nci4#X+t<-uP-1=!-f7
z2a}2f31FK3SGzo)E)+&`hSq-48x1;@&=7C&Y<@OZvQ>B_Bb>JB@}h|Psjq0A*e5Wl
zfLHXXCTz~0aw46BpTYPXC5iH(<v~;YU~R)ouM&e@p*6{UM`pCsb6)*i6wP)sNJZ&U
zVMI9q1)OhHXVX;LCFcNI5iVT;E^jW5gwTCt>IVv1fA+ksRI$WE&hjtW66ivN+uZuX
zR^BO#`Ks^q<&}*q_1oPhiz5WL(utol`jTvqB=o2SJtX$F7w{txo)_i4f6?p5DMVdl
zMvmrR(x{6tDl=YLt)NcN{XNe$N$TR+thszTM!(v6;zwjyGL!<N<V&(JN!Hnr%x{sy
zkfvL=*=na-k3023$_5Oo2<?%fk$d-%+{}xRw1UXvUo)VsNt7NUJUE<#MTU+HbnB~X
zr=!F+45X|WjJ@rjM7*0eu|2=F+WnfxNgS?DwLKrgyeDPJVhp`2@$$a2*KD7di+rE(
z<Z^5z8rv@_{w^TcL7zSolBmOKGP30h4cW#|Le#4#YeCX~1;)jP59`4$Lu85%Ej;x(
zJHXP~s%2(X3AIx0s$vAA)fLmkjHXWRP#_S<&ilOp0VS~B0k_1#8#Dvk7AP5!JqrJo
zs_FP%sw$^YOfEVw{^;XRrO4@--uC=mQUq1t1ATt>bKLc*qv#Ou&31$#RIN5FUmB_K
zhpL$5=CqTqw3kg_MA4^vhu=}m6Or3%!mO;1b#(tkODOsQ7Vi1*$y1%(gNnHE5Xlv*
zMbD1M@v5!pwoxODkeaY?ACb1<2w8VL0l8}akKh!M?~DY_#;kqS>R@>kGXd73WnEZm
zQtP9uBx;CYL?L7`xHx$C%|nU*x6i{4$DktHzDoYUwSgFos-ls=i6^&~!V>NGrfeWm
zf~1jY!hJq_^C8!q#V0$&5lATtnM4XJEQ>Xm^2L0@@?j5$EP8qW<MGTq&vzYDixV}a
z){a)tAx6HQ#Sw1BVfW6^k=`nyP+0HT#$)@+>d_K1#7zBvR$*}FXNPaNl@cyIq3qXJ
z04bCX&W*PwUgQ&F&D_1mOgf8Cz6tf*?jPe)=rhuEv2YtdzfPIK$q~uk9_E^8m3Y@K
zT*^z{ljilvsm%9M1cB*8I`U!7#02kf3e#WfU)f+QbEd{=61<fv<r3K)IT7WZkgNzw
zcp`&1Q=8L&!Y<S;R3QDa3q@BkrdHd_q-H`ZIGc+(Z7IYTGomBF&J)K`G^q*}`EZKJ
zVIYb8hJq2a3}Zf`9S<8;gssAM<c4=gpoE26RLsx(vot<=(5IPw<0X?Aj*dKhDDlj*
zM;vctdId~!ibc{JLq4i4sn4g&B4!cb`<&<5Gy9=Nkga%GdU~nR{B3n|r0m2WQ;7xJ
zeJl27V;5A=zqJiGav^km(8%2d0Al1}Om#P`V$3U)|GjS1&)hf9e+kWI2d|OWB01|Z
zr$}6E%nakLk4_N1r{~D^><#a_=52kS0OmA6o7`xt=O);uM)rXv_!kZuymPUibx<+t
z{%dh)c8J%J@@(VZZB-u7j9%@jrLl^!);>|wj4+7}bFf*7l6%xEM^Ktud~oJL7nyBg
zobx~&*LRq!{TLT|Q{wi?LbRklg_deOry#<9>jhkEddnWvrJKxq3Kq<hqW^szSOiy`
z@$a}}bd)dEa2<>mzvhl6nN)>kI$`g&El5jdH?p^JBrYrI>x@%A9a*2Qk1EfB0I{X;
zj|0pI<nQrn`uWuc^u;dop!!u+`%959e0^3M20W2tT@+EF=|ayaN-j-Z+`2bpd{a@o
z?WF5L@+UjCn}fnC{o>}{=_Q^h!+O!FqsI)C#`s{NQHF)Oaf+TIN>74_)Y6ILWBCQF
z#a0!y40p?<09QSd6wXE0wUuS7N#4~|k{+u)_w!%NN^$%bgzH}h*kb?pQteUTX=}Y&
zmoNB*mvuO~&%L9eFFfTgf?W2QDH_I$G;z6e)!)Bdm6{@wWT?h9-!=h7Z=f;0YEd*s
zPZyjPs0j@ZFMlN;R~J@6?q5y!>H!~9+4+w7ZD%n#pp21@lO;lew}U;hecZ(KCeP%!
zG4LY~dPZ9oPTDUv;6@-|fgbJaGnw1F1HV51F+U?FRS*V$6_^=lZ*`U9kL8D_)ed^0
zFBV#vLHCbFl|Bj^$>PNNC5z$t>qHgpn3%-YZU*(eqP?)qUP}lrYQTUR^Q=!x9QZ%9
z?VU|Q!o^X*dO^d+TNKG}iusmgNec2JC;IOqdIaHcWN`FCXci>RHD_0A2-%*Rn{R4w
zD-zjkc+E>Py%9}r*@y=hIWEtY9?Qgt8$5q(n!yt#@TXE!d5nBEJ&5M9h$P1M5tgy1
zeb0%`artK=4fEj~H1Vj&;NYNkOI&D5%HmK8m)3F8FD*D{*dC12oKVGbiMgWiZ(RBZ
z-(37F<Vs}o<f*bU1xTZI^%qewG<e<({wT2$9oJ(<lo0;VHaqmP>gEWambRjX%*9M?
zJJT^+eJOuu2P&U051cjzQ-ajgWacgtg*{owzp+U|&R-@|<FoiMKP$v%kMlOK*u>0?
z+|)psRerd`7w8UjUp{|iy<7gBuW&}_A1L(uuB&_lYDljkL&$}2%dY~P@LPw(q$KII
zFYlMv<Ax$h#s9+pE%V{aWHz?%ae4Y>F_bwvY8^)A86hKz!OX)((H4i4eESOK`2g1V
z-vPSwzXMqNe+Mv>{|;a?|NEi%<$wSF|9&4VH~HUr|GWONtqHn#!P)g-n=3<S5Fc5@
zJA`j)rnr84a9LjopKtJxnN!!4Q|CUGv0|jW8q-WJXz=1b7j^nPq`2SQo$N>cTTJJ@
z0nDfON8E+)Fqv*j8$*{Q`?|br_g$<kwM<rZxd!&%cs{?=AKt3K4qlo?BC0}9MNBq?
zz04{1(Itwv@0aT?$5v~R&4uAR%^@;!>PS;v>T?7(<R@LsMGTH-KP#fu#@T38(VeVU
zBcw5yTqY9f{nEVQs*qq{1d`}tzJ;ruCYye#)>XPM$<*E;a4CYi)?jW4Ykcq7KnQhT
z!`LwBV0C~$cHf?tZj>)bmTUc09dNY4TqLP1qZ%W(kBY@&aD&G-+}35(Hjq+?$>j3g
zeU70Lw@3#ThM_7z_3SnOZ}#4s1Z1j!RdV0g*~04Me5Ydb9cZ4qv3W&_{F$nCa}YSU
zs2+VE83Et2L(A+@W2EUt*j8Dhs5r9ikq`F%Fw*LusnCznt!e^D?aA7S{zf^I3e#E8
zi}e((D@FE@ASkI#qiCty8BAGp5_5ikTOwj#I!E-kQiG;GF3}&w6l)5*GgrkeWZI|_
zg`c+iJ?UE<Nq$sc;p%g1Tln)11tOnsQFiCgwC4PNh6EyK)z<V?zz#hG3|4)MEq%#*
zlMYr^7WSKF{_6@KAro0Cut-Jz4$D?T<G^KS+IKpO*0@BG^zSLZnto#|>2LIt$a3)_
zL*z=shM<jxZA~n1Qg+V!istdS#6x*XDZUgJmuJh7(FaPmlfn~aXH=39W#;5HiBB4A
z=^tQhbZRrQLiV}>IO?kwIcL-|moGw8K>t--ew2<b8<0fdFaFH<Y_vc4e6nhOPFnQf
zeJcKJ)0X<QFieHVO(>@<bKBolipf-;5akf}Er!sI_DX_(rZx>)sp8sI6y5$kP~;R@
z7fJgf+<nL1bH6&A$LypTr(1WNSnmT(PQZJmPZ*o2V)0cR&bP4!i)M;c5QOy-Y>jUS
zLD$h;e~eO^KIL1;Ohc|@&&G)LXteCm77K@XqJF?locDZS8&*#nTq8H^Ji13B(r2?Y
zSIZ>fy-Wm80v=#>lzn$aI@7$4RcMnb0E0-Mbyi4V@0CYIQ)81^zC~HeE!vucKAOpS
z1O4803>lj`L@vzhLU^h-2m$HId++e85mX^-ds(s%Jd%chdpQMnqfT1$li<A(ValZ1
zV9;l$cup1cEz+vcx&k)OZ6~?uf$f>+hn&MD)hH-A?}--+^5(qcF8{N&?VwdX!DhYh
zg7L9>!&X>Wf1t@*tt{tXbqtw7T<$ipk0?fk-xT9oqLj)Pk>*!!_B1?QKY`;|iOEq>
z){;{n&6Z6F-b9nL_LX=P{Y<(idorH<Ax|DZ#kGs(T}a@wN1%0hkMYr=DybRPzxcbI
zxP^CFS&?|Q?%6=Vj%b459Ay+UCvkvDx$Nld5(UmbU0M5l+3(|e3UL*gmDx3XalL=#
zOxq@ZqA=N2v6ZhDAZzy_`L-|?e$M<ln_dP?VS!&Jr8`XXij=>{ZE|5?eH+euaC7W(
zW)RLkA^1w_A!xAjEBsqq@gYx)$K~TFyDKZ*vUno5smG?n{tl02dX9TBAz@F?eb(Gh
z^xTJv`Wv|-T^w(uQk$K4e1#8W^COW{K(GES->&z&rov3wt|iDA$rEo~4tXC#m}GBo
zbfWhCZE0!pyhs$@3qaS3i49Af;FIwx?gY%wg64^56t{Fx)7FM)#d@0R9+C>(qz4vT
z-!3bprXE4&husW}3-fx%+IIs8@8=!~QTZ*?Vd<B)l&(@yVif%StU8906eBoH2baL>
zd}*?eADT!i_b`yOxv75OJtgCmvo|^6YGr0&PpG~VxENBk*%IH!kUyd+5(IW*cj>u-
zw;zInhG6Qcd^_Cl7Fry<H0=~Mr4`E2Y+9RDqw}x{zmFF<dwwK>w!5bH)Zsbk_f7{m
z#oxkfjfn)m6@`z8BYJ&2p(hBA)X;aDW3~t>ez<Rd+y9{yK^Ft<TSE7>nGQe`N6xKn
zW7qXK8!uQq2#Jg_x?25L7pisBK8BA~QX?LE)PZ~sS^|0<b1jUPuwShkdNk+TJZZkU
z%XGAY_0c;O48PIriHkU5c*3ue-*0vm8U-$ks@(@Eb+=r(k%R`+c^wAb(<aa6IwG~4
z2o#)pgD-58K>s+>k`O{PQk=T`#$UI_iOd8aw!GRsl9XcBOlxo@;5QC8PKor9ND%zk
zVDY+!_SyN)y5vafEL<o?%=~Dtx%_y9%0^6oYdR#|YUtth@3$GmZrk*}Z-MzO#z$7?
zZ8&9{$exWKlH%7&m8Th{4Sv^4;`Nhcu}$?JnCbB30|-Uy%hLyBuxX-?^;vW=RQgw{
z{GGsoFN@bZuv0c>*T6av21ul~7*M9<=MMI*RKMgsMXyXYx}CXkY0~zt4eW4=s(5yl
z3REwV+~&H37?Uo~(5<B6v3s-`jSkfx&Kl^WkW&ubN#ew^o}2OX*AC4ZbAc09O1_dU
zr(RJUZaVo4H^Q<5Lgz2l?2NPgk2fo|jk<gx)2Fq+U#p|zmK@#s#yJsEi}jo<fAB$Q
zRvPRq)bJRQA!<sBe#le#mi`?CsU+o$FD9@61pK8I)V=O)tJ_;D+>&y!LK2EoO^mj4
z87@ClL#BQ3WDns(e!uK&dQ)<pA`+LnP`tkrJntCa^{4e>@(rMm^7ddz6#`S5hhv++
zaiP#ZjV9(bBH)!ag1WSDfu%eT{^o;=N5%PF7p01fW^biPHq|_JcX*JOxBp>}Pmb85
z7fDtv58^b{H@+6uAbUxK(YX5+zt#43%D~b}QUD%Pvo6*B`240AE)H+`!ao|76?j4E
z<px9|{To%}lGoeXR@_MMQx_?eiKj5)f?ij9nJ|4v=g)hz#GJx{O^TH_z$VAP4-h2t
z_qfAh3@BY!0%1<=yV3+T3GiEwl=t-0gPIRi=~1aA5l)BW39islHh7}c-2TO^{f5RE
z<-HGyNh8%V-#L`2fGb~5lgh-Fun>FApC>@o&w*8Vc>fiC^5lpZ<2MQjQM@KL44OS>
zYPI3Y1klFH^BF%4D$MBzt2gBKz2hJ8{`2|GC`ZHOWSBtJA}=IY>~wIt{<H;yWeSEg
zhyu<>6WGs?&3O|ndVMk@z@eA?t4Y-qw}dbNZ6o%Wj8m;{#<e&;%H<wx1keEnZe^M0
zV|uak2fBvnDcO0H3M1Ok`#;PVOA9Ts@?<@?k8K@7R#aRNgkf^KMf?|RwEtM8RWa_r
z2Fcr!FwKrE2>MH8?8u(TQ1#H}Q_@|*C-LdKCsa|?sZjI<wFKe@bdUZRJVK(S_Yglg
zf=>rf>f@&07FkCZ-n$TprJs_kesFqyz->i}`kYkycPp)L2PGJ&{1&=z`SZdi-yZ;Q
zShjFK{~=Rc2%b{^l((6fI88Z>pNzNlV&tKSe|pxF*~#+{!Ps5f-}fc!%T^c@#vjx*
z3OV8Kw2So)HggP&D7hf0`~#K<bq_FiKjSllClJbcg=f>R3lWT24)*MkF6pG7Lek<%
zsnEGcaly70Fh5qi+S{1!n@Wb((S7CL;1kKq*(3ME13z-OOd-LEmo0BE70;fc?3y<~
z)qy7Rpqa^-!`iu-Q2`Y}%a<M9McK)JbUZ_{+!Y}%tOz<eQ(Zqv!S<-8YK*tO2y+><
zF~%W84xt`$7cwv3MVbl)jWO7E8%_LOaEH-Xcys2=H7RF3J!0hZhXlcIdLsc8)U=~U
zl@mNT&<s8|THr>KHS0xa@=nxh%Z`4eZ*#GX<-rp@g#?v3m9cM+Z}N2SNbsN~*xR^u
z^i|#+Yt&T&cf2?1O-e%{1TXf~GAc$C<&-bqu~)sIEcH1Gg@0^0DIiAjd>e}@utf0|
zMCWDeCnBrJN>?}>HI+|38?v+3uI_x#0J`c0vfga&nsn)$<UNU>R~U*ZS|GfL_}?6-
zm_RAupc^gI8_ZydFe*)2Z<|Tun2+TM8nJey2|taki;4v=e{AP$InQ<a$x{_<WjZVX
zub{tChz$mF@UjC&n8i0CBY>Vs-rX#&H{!h{-%b_#WQ&v#f=f+>p6BK6BLjZf>n}y@
z!*Ll4Po$%ha636(=qTd%h$^{o<AfvM-MXws44_GUm4?T~E28sHVPVgae`+kr)^#)0
zP{+ggx+{(X=wQyINa98gtS+8=L`~xaMA5bzM&A>(fvbQ`TE;{$E#nCo`mC8Vsshjx
zS^^Etb<#hpN9&ViIVF_Y3^gH1FP8wQtA=Q`bv1Z_?Zxl(MNKYA#!u+00J53Sl}4l%
zloz}q%Ca)&NG8x)nTCb=N_{+lEb_`sJ)=PK9dl@>jIn%n2J_8`$%QBaT0#>b9*2`q
zoXWYUFNnzQkP=2(MJkLP9NO_Fny%Mwzze3?as<vOlF?8|a-wB-8}8x)0B*9JiW&3v
zS4}Ykh~OZuJ1nJKrz{r-&H|Sy8PEQp%eOn(Om2Aah=S0EOFjgkX9|NA1k@dQWqe6;
zSns$g*IYk=Xn%KC74Wr&Cf>{leNXA$CO2F~(eTurdcds>P+Y|<ycB-RR@dG32l!s4
zOM)~fYlL#-Jxke|nB1UrM=@BY(9Xcutia`~*3A^aiSLGs(JQBZw2>_4*0>H(sgcua
zx8$#{dN@thbGYxDR`UDo12A2^5t@0f)Ze7VZ&4Lz8KrZ#5&()VI~hgv=;z{S0-J#^
z1Q)$woaVUX21q}<1l0+4dNEayj2&UGQKZ{R)WFt+D<z+Oi&cbe`16&-3#&+krHLsS
zB8ealaU-aSvzS{uWe@e)_067t=75Izar7S&qNucZgU#KHL+TgL!K(0AuQDCKC>2^^
zn3^u1q=HnyrkRwp1?hIKR^i$8&!pv;3APO(t?CpAEZk1~OmP0tdVlr-6cvW!DpBAE
zd6H2mO2N9)n$Al*(2$K{oB&#9HVW^y$YdO<0!NOalxKC8zpg~&bKHpd{d~3v@X9Z>
zn=1ij(#O%wp;}@_Ok4XJ(x0Qi&A?!y<w>^wP3_(3Zr5F4r-nqfe>1%Bkd*A*j7#OC
zLQXHgiIK#qQX80<=z9@MAjJU*<j)*hY~76u(Gu~qWWr@vq_eQfLs50*SgoSgJQ}Qz
zv!%A2UmZZ-wo!%UmReU_J&?bueAjxa>~m%4zpvuv;<Pb3iyKhDaoIHMHf^>$(F>e3
zN*}kUrrr;B7WRLQMOq}4S0!PpXPun~%UL2_AFPF^PN-w>Q^srQ+7AoGxjq{s-UbgV
zu3-;fn`f74?*Wgq6bA625s^=hl?v#J4#jNd3u_4{<Lfs*;nma5pdWW+O*cdMdGr*4
zy^XD{?8}{a-Po${1A}-<ZD<1>#^SzyFYt7B)=(-{I`>Q%KS$Z%-TrES8nMNWL7lcA
ziX-gwu)W^d4>6RQVhT9VZ$Nxz-|Zoc1X8!=iiZiW{J%<bZ|}+GmmKgq@D^I{UNxff
zXE5=Z3Rd|B(IT+}Cx6g~-94CMfyiN=%bo*zSd#Pf>=*IV->^HjauUFHKs2N53DO(Z
zJEQqVXVlcf6x}19gq<R4F!G+mJej<Vo0t%J<6Qzbh~dKXb05`?=^Y;lrZ1nuUGAGg
z!niJVda@4^x`*YA<!Ox?ys?%@wkK`ij!5*^NZN*&JwTV97|ByY076w5#ydb+xw-r~
z_$~pD3+A4^X&r;*^|mBiIZnGnrINJKfP<4VzEjz?tZL?;SpH1c(qwUU*78+P6uUnZ
zUnFJc{|p<}``!}!6me?^-{Y`VZCnp=y-oNgM6URE=-(0+9ov0J5n1~0u0MrJz9{b&
z?&&N9wU(;cor<9Cxz}qKn|(VTf{uD6jo!eXvBnQ{1CAPe%~Ls7Etpoy+FKsvY4R+r
zq8XG2zCaLyMlp?ANK75!&+XrzbShD@K;3d%D8zbDu%bsl*e6fSbolj`S9V<8mZ)hP
zTaMAiYO@Y+sT2ip32sPEITHgGFJKpi+T88DTH2Rb=S})HA#&~w+c1A-zu$XE7$NUr
zw}p5t4X4K~3-^N-gg%>ih^L3v812W279UlmWw-g9^k_Ec@Oe5j&gSk-1{3Vi-$H;F
z%k2H@3jBIXiF;@{D{r+FQ|SPA{p9mZxxQdp0kH)!c_CXCQ{!8VxWO5+#XmKDv%r3!
z_V59T!RS`TxQZ))Ju4%}spT%1y|-S0<O`cqWku#V(MXhzzKkpFym4@T*&i1DVby)O
zHh*lOB$ZTpkkh`S3zTkby8GbWX`i|amX0GgtY-ZNyl^}NJqi&<>z*+nBL}aIs&ATr
zLW0UX-8gjVMme7fyE3VhxLaqEGt8*Md~-I;d(>^QJ)D-t<wR#cEWVv>-?12*cq@X&
z@JRg|b$Y_4Ay=KMaA<uxP7%j?=1bwW3vHS=itF+G;$_a1Sdh^v+2g8)wn}gYbWHvm
zX8(fVa=Zag=cN0>Ol-rOf5nkGP)L8kIzVrc&gHQF2Ph0;a}+MeY9{R->GhR^`(DMk
zJWEJKS%t%8CysHfwNp#^;jGmS{!(Xm6#EfbgQk&{=?RSdJp;WB#eApNHrV~{7+_}}
zz2VB#HL8c^d`K8Q)`aaMKDfcylGkU?OcB~KR6mKe;g(%lhu%b<X<j)Pm=Ek?f_(C7
z^@o=^NQxtOFvs_0V}u6TyzlNIJR?(6v9YmJGc&(YKJvJp@0GSn<&Lvzj?By$o0}Jv
zmI7E|Zf<U7#>~n(>5Oyj@VE3?1#A*bt<^FTJ>;}9H@`n_N0yY3FdR(0SaLgRzFKno
z`SYhb-POER>%)Aw`(biS%w)aY_Hmk8tz~sZMc>enXH7_iC`p><Ev38Mvv{d(&2+9C
zB`z+WE1mXuyeh!XUP~$-TUTG-yLmb=F!1~L?~A=@gjc^F?yg#UF0b$Iu(7Z_FD8|a
z4PJn=f%yMYC|`akjrVD_-Jj6w{^arDjxw5ej@NE$z@R@?GJ$FH@6VUuq4@ZCl4)&E
zH+rMUrN5k!iIJex|91iJIHDTA3$LduFH%y{rKKf*B>c}lNL~N_!FH?o`}^}Mr1<*!
z=I7_TxVU`FuBe@^s;)LLG|b7#`Bm|s_BsL?M#b}Q1T8>N+Vb>xr&OvL5*BuJ0zKXA
zcd)mYm6HpI48o?jtygz)a`N(e3P2~ftzW1#da6NJ5D_uDIo-UwJYZ&IJORhm6+0s%
zQHC8j37q=s1*~Uw4Cej>49v>r2u%^a<d6#iD*%kZq_3mHa)pSZYA4u??^n>NC-;B=
zx2N?$AF(~RuNYBRtkv6LV`Oq~Z<Y0_)`uf(4O8cLvCih^CXtV;dImrI?%v*&V?LMB
zaO!&m1kk%7zkh#Vw^Vm<xY$nfBEZ7(Ls6|eF12$n(QN*RkKgS1;A&*FeS3R*{Crr0
zpF4xFxi~nUdta@_+yvOcsz2eeB|Q-Guz3$t=UsbFZb-zV0~0?RmZUWpwhTjEq}{Ac
zY^Cmpj#xzSKTeu-?eV42bmP1b)3;TSvJrB91fkY1d{8d*o`!}(Vfg$3k+WJCyMIBy
z_eA4iujp_S1RG|j60(Ze{zSC^V!^L_h{7AT^(`$e<>e=T_inD&!*=amzkLhz_I^o+
z`0kypz5PA-Y<nO<U|+nnw6xWFwJn*`?l_H`fS!hihK<efWUUkQVt*{{-Tm1xE-r2y
zt=b!8br|D(3vF9rq|U5DAWZ^zBRD+J$9ZAqmf2xv(z9Zos<y*Y(%7EnU0%n{)4C%I
zB^KNJ)t<J}mS4Cn<Y!sZ)6*S53dj2%vkgcP9AaCad<H9zRZqI(FGN3E6ctc5L}OKN
z1x?!cAFI$w@o55FK}HDSvD=0!ZH%&<UnW;77yVR<jE`5=(jvsd0-K)rfPI`yl$Dh|
zJUmoYKYj-TQ{wr<++6Zs&iXJrHXRSU)0MbaJh^>9wc>3yy@H|c<-ls3_E^0NauY?f
zp@x3j-+C!9x^HXZ2Gqx>INudJX*eQvCpe%o-=E#~)gPtYwzYNEaPy>bERO#+gR-<!
z@2-URcBWk}ssJ(CePQd9;POm3L)~^`rQxCaL9J!F#OF<NL)6j}P1f2SS=Gw2M@$#U
z`(~bPWWq0a&R`so!l$>jwQcst6~=+#y5<#7&EUZJ3g)X73&NfpamF^`93(yk0+c5l
z8bkcnicqZpWCIds4}+arW?rf$>&1g&6M_EI*X3gG5*9XxJ23!wRh+;C5ezLs-FdY^
zol37P9)0U|0ij=kygeE@Mfrdv2<nripM3z{Rp9K@D4?U3#zw$SI)p+meKFj}q7tI2
zZ($`=b$1y{Kn_EahG-}v<=Am0zrWGX$1FFUUpdy+Y-lO$cjQ9etJs@7#!}8lN49b?
z3Lq5L$dMbnheNqNO>9H?$#NNYkYH0kLd4|BC<3LU#0}mgN1$WBHfz$0`zC~!>MKn;
zzEeuBd#D@a!7Uh&k_MO3+XHbq!L&I*WGrTOJ>T(1CX9`a=HTMG+A720^=!)DMQ?#~
z?w@S;M{aa8cIHlX)inrN)P#XK7wwBk13b#C^u)WyH%6saO=#`!;1L=AeLllsgWps-
z^930#l2j1K9^O8)F+K^8SxViWx|3U1+BTP?sKIUoBLH14t}Uq3(HY`^qyYVkj<dYK
ztrLrAf-F|B_$DKr-&nWZpe+8rkiDX%m0`O->^R_DgKE;(LgbLl0M|zHJqI!UQ78+*
zwhsrUf&F^y_~Bw%KoHdUrqH_?46x&o`yJ(%SCY65@&(W)F8iF++w?17S|DA(aCo~i
z4G}sqfhWQxylSl)O7MwLAMZFm0%Cr^``W{yhx-{bK_9ueZ<rul_iiG-M4JEIZ-NyF
z9<zY3B9<^I`okkn2;cUM+B@68Ai8WyE)2oVcM11#A$I_**0oZNdG&w6By6xEKBT8b
z-N4e*`4%1Cqo0&tdV*dFpuh)Jt!pLzy@7bf^^O4afPerV(-hG5L-CB>Qn~Ex>{lKr
zuM`=$9QSAHY>0zpVHm!4{7P&Tn+3XZ!LY8%78y_jel0{QM#O`x4oJ7eKY&ySpA-<e
z#q>ssbAzXU$3%$Fzpf{JmykTj-0f}eBrPjxBNX?|;I9tQ7ES^lv*zPu#q=x0e;+;I
z`U=I#KCm}sj;5Yi-2i!dqgyj+!a|qF*d*V=7;B2_jnotcz4Wk_^9DK%4>i;2u;omg
z9aIVL-c4s-$40>d$Z0^__K_(R#j7?v>Ktxa?N9{_PaKWuh|IvvXAu5YpR>i)b&|lr
zUuL1E9X>r~^iIOOZl>49w6g>#w~EQTtZC5ZXtfU8n2O9ZPsL}g2^c(!pEA&X3zFC9
zVobxk-4=(bSjtyT-CYW719{pEC6+6q1<8QQNsjFm>p|t&cghK5RbICI4cjgsmvQeJ
zTJnfq4JrkoIfC8<E}8(rTUBVy?9OXtMvX3TfzJqvsv4DdGxw7aaI6loT3eGldfZmB
z+rn<FZ>G3_w?2|e2lX8pVM=L!%t$8&C<U|=;l>Hv8OA2&B;=^|=@A4>Bs`8X^Vy0+
z)IPVXLm~LVMAp3ka?SesdLp05$Vir|p)lS@WmVM%=aaRidtn$D`&<S(UqLdUV4{%b
zDjlRYv1EmMwL-$AIi$Am7x?QAtx}uf32+3=d2^UA_%Dk{O#y~}tT-{#EiIA@p9YDG
z20gH|h+sg#`>TV8q+4s+9+ELP%38pewaem5Djz`WfR^XMdbF6&f%PABaH434X7j0%
zT3q~gf5O^lkt_A-4Fhi4Tfm1h|GW{8f^xT<Nf6T5ALpi?>;^IyK7qUgMwyA2&VmC(
zj$V5lZLMIr!B=@1rC@XLpzya7=mRNLykr6#IXU&EOcEjZnCt~A@%n5{UETHrf;U53
zD$&^sXiAfgPaNKXe(#8McwT(;CMYv`t7!5DucrOH*JV^`9+wnYFyOTpvotjJWda63
zSjiTf1+<?V>&>EAk31FRVaiwMMDTNzx09z#>Lc#z1Z91)&gL$^`E>^K1z?bu4{Opv
zYvb<Ibo-L9z-WzG!v5)+?ugc8bMlMIlfe`-@5FPvFnu|&y*=OMeY$5xmB^H*x;mK0
z#=*%4L3hyRJuED2rbyW1#kAIN3fI-;yw!T!*w`3=bp4yBlZ9!n53+P|$hpKquq*i#
z(!)nz#s_(#7%neP%;@piSlB_v6Z@)nmD)`j(3sySQ~>mQlJq%3eQ?r>Sysw~41U#F
zhzwb9)}3!yB4E$6m2UtxKK|icD1vJsx#(mPBnf`^|6|SdxDyA-!MA5QaOSG~dLzIV
zv1{<ZG_LL;>mr|Tg#f*U5;Fz#D+)i-&s3nW42L!6q&t+E5drlgcJ9sRQ2paOux!x4
zcVgDQ$vA%$etnGselijGfI|ghpDx$>e63AMTe65=hx<GD^aidgT6K%bK@MTsiYyS?
zPzosNtd#m6$7F~E;RE^#+{Ph5+91VJkA5eF-%7>9w6$HW)pE9I)FkFLNOckXzMKmG
z-f)_IYT>h<v1NuOi>?^R%39@HSR*DE(J@i56l8bT0Y?P_x<|s-_8w@VTL#llkbBFP
z&A&5w+zH}}X=WX6>ttj3f1RCoP*aH-#c`FYGz(x5G=S7#utX6Aq*~}r0g)CUEGz<%
z7NjUeKuSPF7PG)20s=}=F?0keD$+xZfb`y^gc9I=_{M+U%$qm+?thuw<lf0G=R4>8
zlF;*h_gzxepG$1$BB~W`_XqcR1jp3s{C#uqC}ufOKUz@1%+fOD$&-<Z30cAqTV`fv
zU%^h$p_P@Dw6rwmKmJHIVNKFeavQ1vU>gJ-ma_74DM?A4zhqlGJ9)UdtA-cfxe%kG
zqAs6sh56RgGdeu{fi<UhM~o)5HV}al-d=TWO^2A|C?^BRCf4$}WpXkRZ6~Od*KA+D
z(xGvw7-~%(!SyS)6JsPXbd!A1sOLA2;&%$?e1$pC-@BJoR(;o?g{slIK>KP3lNX74
z^Wbl_0mIKBW{Vdcm1Vw18zPi6S)F!^WDL>pVEZ8%S!$6~-^IdRi`9abO|MnXq{=}z
z;d)2fc^kaOc9yyvd*hWYXLAU0`>-rXxTA9<zBt_`b>vZhzx%$3tUJ2rn**`9^_2Bn
zXNW0=U2>}8U7ECvgF_lY99ajDYO`ZC)h7iEj^2nuAd;SIZoRE6$$v)C6M>7ZL`x%Y
zxa5>^-*<R`wYW>avsy?0)2YIV*WsLnaG|h6lCtp2m6bg6V*J?G#6w~_wm97I-3C)s
z=a+aXvdcj3DZ}NJ6~ZOK*rDd`ZWDz$S#j}+u}0DkeOw8P#k$GagFAAjzRwanII`%C
zux>icrk=KtlUMQhstEWKI1JzW_E;$AJ3Z*oJ_d#Gl<opIYVWRSXg!Z1g{(mKLAiN4
zvMA%&y@u?+Y)}|3l}oy~6@ujHAw?9*P*Sev(p?*mNIuD6#&l3iIsf#RS~5_AoF;p6
ztV%?dCLh12tvVekV=EL~6WE(-Lsw)f6RhHK$Z~4ox(u#FxHy9ai3rLq;51d3K9%(O
zGE0cMuiOVaQQy+KwJis6Z+8kNWmSOEqy5<PDz$)(f_<BBZ@e?#l0GFAdyNH2pMOzX
z1x2iU3=<F(`+0BqJKxZB-rKkBVulMFdxF?DW8NPPu5NJI4<^kQ?UM@jyuO>W<nR@V
z;1)1`nCQ#2g@q#gD4WXF6I^`!{9d}g=Elb9`e%HW9imh?If-CHtL`(GRr?E=qKRFC
zZC(mDJPPUk!CZ(Q=~s{I{>Gw1R74?sYh}^HAeQQ<-R9_!xx%1|adenJ`C74GHtwD%
zlBN~tvkqG7Y!hBGP<{U_-r;D9ogy2OLeIBoFh_guB^c`z_*7de>#z>Czi};iEpaMA
zlN#Q$6ErZF9ibDfH`+*@GRp*bLP#M1G!=1+y1~$3%I^2AQ(T#4lAoUgPm23AvZ~>1
z_^LJ02Otv|t{_uFZb7<ltt>&pDPvoT=Qto+`a&Xy+bKfSZY27l4rBw`&P`KtN1+Z3
z<)FF(zlk}e6c%fy!#xP3dTLwn8v5<w7P+9<*0d{}Wsft>-u=d4b;8OeV1Sv`BV|a+
z7C&S30pZa5P`z(hHA|sU54Kp=*CoB|5`I_BE)Y7S+Jv?Y6#OIW`o@VWN-G;uB)6@T
z8>pJXAMS&ejfm;dhkjOYF6{K}2#07SK^{}e)da&#{<so^nVBswf$wOmN(rOR(!~(2
z-7uwQM0c9p#u%~0ac&25vGuPjySPZ^W*d7|W0YPshefKhXq#O!+_Gaoq9SLgyIDSs
z-hYVyRFm|JlW{!EVh;lX?B>HSkn>)&yu7YHo<7TcCY*w6^bL-=oA1?2#^oK4-lY!C
zU6?e;I!H?rc`7=orO?$=0f*G(FIgpkeV|%Mcwav+Cy5eYF_BFpPKK6L$@kiVf&%+w
zj@!&aTVcNO3I%HkytWLf=MW+8VX(UVJ;r*LQ`r{Z4a`NxOLNuOurJvK<PSCWT0qmF
zULqeVq(3(_H^vS+MsN*vn+gR#3tpKzOF3WgV$GnJk27=5`Vh_F&gb;mxP+!Q6Go^9
z8`_rwBFe{#-FXI8s}W9W=mOp#uDu*2Z1W+WCyoIPGv(9pbAldjn-}0CJHTUTBzi*s
z)7=U>i;LC!#l-K0^w+QAc(a%0@?WE-=Dv}aQm(#o)OVmThVCo^K?6lmW5IarClP&9
zOq8;v>)LTYHL7h=S&YYz>H#J}M2AbC%1YF|+miA5`IM%Bq3`74Sqdves4)A<zNdwI
zqYeOg1Wiy;0zLxkA|aXcRFf)(X0J+JbkFFAa5&6j$Jlm4bhjvY|3D3yQ`)$jKpRkF
zHfDRuCe+@?69je{DBas<D~XMUU`%Kt!_g1oI`+nKt5gRXFhzX!AT#e$YzrfUPn#%C
zEj}3$M1NGtlP|hog?!Im%p58ZQf4VGA5G!)!>qSV5}3(WNAOD{>Oz5SySe9hym^x=
z`{GF*)9Z@vB`}`SRd1D63iLmlJ2ul^-Xm*Xa%TE`tk;WcCdBPzyz|2FnRYP%cxqbY
z18WcTyycNn2?TF-uyXpXDfEG+&z`{Kl^gRJB1+kPKH2Dzbr<jYy80~($7J(fMeBa|
z%)ceDmR`b=Bi&0kYG)vt$tpDj0WNM@Z7;elkV`7}={)&-Pg>s$rdn;^Meqo|zGN1f
za+p(?%h=-5k)w>=haNU+@-LE!*zs{|hdU}^W0SX@USuRd6$c$d(HzIF%Oo6DDswOT
z89sOR2Mn!2RYk8{H5p_N2RoR9e`I$sE4^M8d~uYY=e{Buh7C?`!z)tkb{R(QfWef8
z=<q+v?D`4&oU|I9#4F|KZK7PEN2eT)uXmO=e;iX)Fm61)2qYU+8r~PfvCSWIL*{t{
z?BzXFwDk$vZp9_k6SlNaeW!{rv!#%votjvz*8G4tplWiAgse?g8MxFt2)?<cs>ID~
zxLV>f$H(g}gx@s<T~dVf<lVcbH8TAyF{RQE$%vawKRwa+QT7~u<}s8^C-UYZ?oXwm
zQ-v2Na!-4flw-6>AJ2h0nI+rn@p&a-n+*q^VjKWm>fO{uMQVz^)1e)%J9aPm;jseO
zf>~!>#m;~!r>s7|^PLvMg`Wf4vGcU6zZ*mYbabybWRQ&&^0@=98S>Pd$haKlf)Y41
zSBI)S$X-dap{kC2sIf<9EjM1@5>NQ@2#sseXu-{ym5bw<k@3(1970sYR@v}aHbMLT
z)W4D{?T*k#)+f{amn&G8GNA#BK;vXgn0CFQ*kL5se#hImO#<yrXl+yTM``zGf~1fn
z4X9B;2Eb3WJezDw^s#6dAE`IzFCm4365C0TGn`G%86jp$JyT!4GE)$>{}k&d*)Q$h
z+n$_*ac?Ei*W8rud}Q7F&b`w{kPvYD_t%OdIl0`kjABzsaQCm_R#N5mx48j!&uNH*
zV|$@{Zgt0h5f}X+dGEJG`kSI6VU>>7aAH26BrrD8C~-f)5mc9RfYn*f{&OoxEVK1o
zyIZ?fy+Y+i6(qYK?xzUbzM*9oLmU8@PU@xvzF9=JdHE<_g_*hoKB)T!59CO2kBHCI
zJWefQ65HnQPm~GRh@lpRR_$q36(<PqvV2U8xyT9#2`=c=u(z(>wD05D@3^JpgA02<
z5azUD#B9kanL36Tk{_wN{q2vsmYz46(S==W{m)6tyHxA4`lq?VFC4Y)$!0QFx#C%&
zq01XRWy8SmkSCvWKf`@oP-^jKKr=%fhC95f7#L)}GE_qS1k3+|V}HS}0C@jj>;Iy0
z{~LV!pYQ)`eaNVPZm&#EZ^MgpJ>Be$E$g52=~!Fa<)HzJK{FqU6P~{$^;IK3*=cLH
ziD8oZiSx>sKfs`VzVx4N@}I8%YZrg<#C$q*rPR-l8~nVJx^{Qqn!1i!u8LLQzW|ZK
BjY<Fj

literal 0
HcmV?d00001

diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
new file mode 100644
index 0000000000000..8a554bd4353a1
--- /dev/null
+++ b/docs/running-on-kubernetes.md
@@ -0,0 +1,496 @@
+---
+layout: global
+title: Running Spark on Kubernetes
+---
+* This will become a table of contents (this text will be scraped).
+{:toc}
+
+Spark can run on clusters managed by [Kubernetes](https://kubernetes.io). This features makes use of the new experimental native
+Kubernetes scheduler that has been added to Spark.
+
+# Prerequisites
+
+* A runnable distribution of Spark 2.3 or above.
+* A running Kubernetes cluster at version >= 1.6 with access configured to it using
+[kubectl](https://kubernetes.io/docs/user-guide/prereqs/).  If you do not already have a working Kubernetes cluster,
+you may setup a test cluster on your local machine using
+[minikube](https://kubernetes.io/docs/getting-started-guides/minikube/).
+  * We recommend using the latest releases of minikube be updated to the most recent version with the DNS addon enabled.
+* You must have appropriate permissions to list, create, edit and delete
+[pods](https://kubernetes.io/docs/user-guide/pods/) in your cluster. You can verify that you can list these resources
+by running `kubectl auth can-i <list|create|edit|delete> pods`.
+  * The service account credentials used by the driver pods must be allowed to create pods, services and configmaps.
+* You must have [Kubernetes DNS](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/) configured in your cluster.
+
+# How it works
+
+<p style="text-align: center;">
+  <img src="img/k8s-cluster-mode.png" title="Spark cluster components" alt="Spark cluster components" />
+</p>
+
+spark-submit can be directly used to submit a Spark application to a Kubernetes cluster. The mechanism by which spark-submit happens is as follows:
+
+* Spark creates a spark driver running within a [Kubernetes pod](https://kubernetes.io/docs/concepts/workloads/pods/pod/).
+* The driver creates executors which are also Kubernetes pods and connects to them, and executes application code.
+* When the application completes, the executor pods terminate and are cleaned up, but the driver pod persists
+logs and remains in "completed" state in the Kubernetes API till it's eventually garbage collected or manually cleaned up.
+
+Note that in the completed state, the driver pod does *not* use any computational or memory resources.
+
+The driver and executor pod scheduling is handled by Kubernetes. It will be possible to affect Kubernetes scheduling
+decisions for driver and executor pods using advanced primitives like
+[node selectors](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
+and [node/pod affinities](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
+in a future release.
+
+# Submitting Applications to Kubernetes
+
+## Docker Images
+
+Kubernetes requires users to supply images that can be deployed into containers within pods. The images are built to
+be run in a container runtime environment that Kubernetes supports. Docker is a container runtime environment that is
+frequently used with Kubernetes. With Spark 2.3, there are Dockerfiles provided in the runnable distribution that can be customized
+and built for your usage.
+
+You may build these docker images from sources.
+There is a script, `sbin/build-push-docker-images.sh` that you can use to build and push
+customized spark distribution images consisting of all the above components.
+
+Example usage is:
+
+    ./sbin/build-push-docker-images.sh -r <repo> -t my-tag build
+    ./sbin/build-push-docker-images.sh -r <repo> -t my-tag push
+
+Docker files are under the `dockerfiles/` and can be customized further before
+building using the supplied script, or manually.
+
+## Cluster Mode
+
+To launch Spark Pi in cluster mode,
+
+    bin/spark-submit \
+      --deploy-mode cluster \
+      --class org.apache.spark.examples.SparkPi \
+      --master k8s://https://<k8s-apiserver-host>:<k8s-apiserver-port> \
+      --conf spark.kubernetes.namespace=default \
+      --conf spark.executor.instances=5 \
+      --conf spark.app.name=spark-pi \
+      --conf spark.kubernetes.driver.docker.image=<driver-image> \
+      --conf spark.kubernetes.executor.docker.image=<executor-image> \
+      local:///opt/spark/examples/jars/spark-examples_2.11-2.3.0.jar
+
+The Spark master, specified either via passing the `--master` command line argument to `spark-submit` or by setting
+`spark.master` in the application's configuration, must be a URL with the format `k8s://<api_server_url>`. Prefixing the
+master string with `k8s://` will cause the Spark application to launch on the Kubernetes cluster, with the API server
+being contacted at `api_server_url`. If no HTTP protocol is specified in the URL, it defaults to `https`. For example,
+setting the master to `k8s://example.com:443` is equivalent to setting it to `k8s://https://example.com:443`, but to
+connect without TLS on a different port, the master would be set to `k8s://http://example.com:8080`.
+
+If you have a Kubernetes cluster setup, one way to discover the apiserver URL is by executing `kubectl cluster-info`.
+
+```bash
+kubectl cluster-info
+Kubernetes master is running at http://127.0.0.1:6443
+```
+
+In the above example, the specific Kubernetes cluster can be used with spark submit by specifying
+`--master k8s://http://127.0.0.1:6443` as an argument to spark-submit. Additionally, it is also possible to use the
+authenticating proxy, `kubectl proxy` to communicate to the Kubernetes API.
+
+The local proxy can be started by:
+
+```bash
+ kubectl proxy
+```
+
+If the local proxy is running at localhost:8001, `--master k8s://http://127.0.0.1:8001` can be used as the argument to
+spark-submit. Finally, notice that in the above example we specify a jar with a specific URI with a scheme of `local://`.
+This URI is the location of the example jar that is already in the Docker image.
+
+## Dependency Management
+
+If your application's dependencies are all hosted in remote locations like HDFS or http servers, they may be referred to
+by their appropriate remote URIs. Also, application dependencies can be pre-mounted into custom-built Docker images.
+Those dependencies can be added to the classpath by referencing them with `local://` URIs and/or setting the
+`SPARK_EXTRA_CLASSPATH` environment variable in your Dockerfiles.
+
+## Introspection and Debugging
+
+These are the different ways in which you can investigate a running/completed Spark application, monitor progress, and
+take actions.
+
+### Accessing Logs
+
+Logs can be accessed using the kubernetes API and the `kubectl` CLI. When a Spark application is running, it's possible
+to stream logs from the application using:
+
+```bash
+kubectl -n=<namespace> logs -f <driver-pod-name>
+```
+
+The same logs can also be accessed through the
+[kubernetes dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/) if installed on
+the cluster.
+
+### Accessing Driver UI
+
+The UI associated with any application can be accessed locally using
+[`kubectl port-forward`](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/#forward-a-local-port-to-a-port-on-the-pod).
+
+```bash
+kubectl port-forward <driver-pod-name> 4040:4040
+```
+
+Then, the spark driver UI can be accessed on `http://localhost:4040`.
+
+### Debugging 
+
+There may be several kinds of failures. If the Kubernetes API server rejects the request made from spark-submit, or the
+connection is refused for a different reason, the submission logic should indicate the error encountered. However, if there
+are errors during the running of the application, often, the best way to investigate may be through the kubernetes CLI.
+
+To get some basic information about the scheduling decisions made around the driver pod, you can run:
+
+```bash
+kubectl describe pod <spark-driver-pod>
+```
+
+If the pod has encountered a runtime error, the status can be probed further using:
+
+```bash
+kubectl logs <spark-driver-pod>
+```
+
+Status and logs of failed executor pods can be checked in similar ways. Finally, deleting the driver pod will clean up the entire spark 
+application, includling all executors, associated service, etc. The driver pod can be thought of as the Kubernetes representation of 
+the spark application.
+
+## Kubernetes Features
+
+### Namespaces
+
+Kubernetes has the concept of [namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/).
+Namespaces are a way to divide cluster resources between multiple users (via resource quota). Spark on Kubernetes can
+use namespaces to launch spark applications. This is through the `--conf spark.kubernetes.namespace` argument to spark-submit.
+
+Kubernetes allows using [ResourceQuota](https://kubernetes.io/docs/concepts/policy/resource-quotas/) to set limits on
+resources, number of objects, etc on individual namespaces. Namespaces and ResourceQuota can be used in combination by
+administrator to control sharing and resource allocation in a Kubernetes cluster running Spark applications.
+
+### RBAC
+
+In Kubernetes clusters with [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) enabled, users can configure
+Kubernetes RBAC roles and service accounts used by the various Spark on Kubernetes components to access the Kubernetes
+API server.
+
+The Spark driver pod uses a Kubernetes service account to access the Kubernetes API server to create and watch executor
+pods. The service account used by the driver pod must have the appropriate permission for the driver to be able to do
+its work. Specifically, at minimum, the service account must be granted a
+[`Role` or `ClusterRole`](https://kubernetes.io/docs/admin/authorization/rbac/#role-and-clusterrole) that allows driver
+pods to create pods and services. By default, the driver pod is automatically assigned the `default` service account in
+the namespace specified by `spark.kubernetes.namespace`, if no service account is specified when the pod gets created.
+
+Depending on the version and setup of Kubernetes deployed, this `default` service account may or may not have the role
+that allows driver pods to create pods and services under the default Kubernetes
+[RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) policies. Sometimes users may need to specify a custom
+service account that has the right role granted. Spark on Kubernetes supports specifying a custom service account to
+be used by the driver pod through the configuration property
+`spark.kubernetes.authenticate.driver.serviceAccountName=<service account name>`. For example to make the driver pod
+to use the `spark` service account, a user simply adds the following option to the `spark-submit` command:
+
+```
+--conf spark.kubernetes.authenticate.driver.serviceAccountName=spark
+```
+
+To create a custom service account, a user can use the `kubectl create serviceaccount` command. For example, the
+following command creates a service account named `spark`:
+
+```bash
+kubectl create serviceaccount spark
+```
+
+To grant a service account a `Role` or `ClusterRole`, a `RoleBinding` or `ClusterRoleBinding` is needed. To create
+a `RoleBinding` or `ClusterRoleBinding`, a user can use the `kubectl create rolebinding` (or `clusterrolebinding`
+for `ClusterRoleBinding`) command. For example, the following command creates an `edit` `ClusterRole` in the `default`
+namespace and grants it to the `spark` service account created above:
+
+```bash
+kubectl create clusterrolebinding spark-role --clusterrole=edit --serviceaccount=default:spark --namespace=default
+```
+
+Note that a `Role` can only be used to grant access to resources (like pods) within a single namespace, whereas a
+`ClusterRole` can be used to grant access to cluster-scoped resources (like nodes) as well as namespaced resources
+(like pods) across all namespaces. For Spark on Kubernetes, since the driver always creates executor pods in the
+same namespace, a `Role` is sufficient, although users may use a `ClusterRole` instead. For more information on
+RBAC authorization and how to configure Kubernetes service accounts for pods, please refer to
+[Using RBAC Authorization](https://kubernetes.io/docs/admin/authorization/rbac/) and
+[Configure Service Accounts for Pods](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/).
+
+## Client Mode
+
+Client mode is not currently supported.
+
+## Future Work
+
+There are several Spark on Kubernetes features that are currently being incubated in a fork -
+[apache-spark-on-k8s/spark](https://github.com/apache-spark-on-k8s/spark), which are expected to eventually make it into
+future versions of the spark-kubernetes integration.
+
+Some of these include:
+
+* PySpark
+* R
+* Dynamic Executor Scaling
+* Local File Dependency Management
+* Spark Application Management
+* Job Queues and Resource Management
+
+You can refer to the [documentation](https://apache-spark-on-k8s.github.io/userdocs/) if you want to try these features
+and provide feedback to the development team.
+
+# Configuration
+
+See the [configuration page](configuration.html) for information on Spark configurations.  The following configuration is
+specific to Spark on Kubernetes.
+
+#### Spark Properties
+
+<table class="table">
+<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
+<tr>
+  <td><code>spark.kubernetes.namespace</code></td>
+  <td><code>default</code></td>
+  <td>
+    The namespace that will be used for running the driver and executor pods.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.driver.docker.image</code></td>
+  <td><code>(none)</code></td>
+  <td>
+    Docker image to use for the driver. Specify this using the standard
+    <a href="https://docs.docker.com/engine/reference/commandline/tag/">Docker tag</a> format.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.executor.docker.image</code></td>
+  <td><code>(none)</code></td>
+  <td>
+    Docker image to use for the executors. Specify this using the standard
+    <a href="https://docs.docker.com/engine/reference/commandline/tag/">Docker tag</a> format.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.allocation.batch.size</code></td>
+  <td><code>5</code></td>
+  <td>
+    Number of pods to launch at once in each round of executor pod allocation.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.allocation.batch.delay</code></td>
+  <td><code>1</code></td>
+  <td>
+    Number of seconds to wait between each round of executor pod allocation.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.submission.caCertFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the CA cert file for connecting to the Kubernetes API server over TLS when starting the driver. This file
+    must be located on the submitting machine's disk. Specify this as a path as opposed to a URI (i.e. do not provide
+    a scheme).
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.submission.clientKeyFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the client key file for authenticating against the Kubernetes API server when starting the driver. This file
+    must be located on the submitting machine's disk. Specify this as a path as opposed to a URI (i.e. do not provide
+    a scheme).
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.submission.clientCertFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the client cert file for authenticating against the Kubernetes API server when starting the driver. This
+    file must be located on the submitting machine's disk. Specify this as a path as opposed to a URI (i.e. do not
+    provide a scheme).
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.submission.oauthToken</code></td>
+  <td>(none)</td>
+  <td>
+    OAuth token to use when authenticating against the Kubernetes API server when starting the driver. Note
+    that unlike the other authentication options, this is expected to be the exact string value of the token to use for
+    the authentication.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.caCertFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the CA cert file for connecting to the Kubernetes API server over TLS from the driver pod when requesting
+    executors. This file must be located on the submitting machine's disk, and will be uploaded to the driver pod.
+    Specify this as a path as opposed to a URI (i.e. do not provide a scheme).
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.clientKeyFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the client key file for authenticating against the Kubernetes API server from the driver pod when requesting
+    executors. This file must be located on the submitting machine's disk, and will be uploaded to the driver pod.
+    Specify this as a path as opposed to a URI (i.e. do not provide a scheme). If this is specified, it is highly
+    recommended to set up TLS for the driver submission server, as this value is sensitive information that would be
+    passed to the driver pod in plaintext otherwise.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.clientCertFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the client cert file for authenticating against the Kubernetes API server from the driver pod when
+    requesting executors. This file must be located on the submitting machine's disk, and will be uploaded to the
+    driver pod. Specify this as a path as opposed to a URI (i.e. do not provide a scheme).
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.oauthToken</code></td>
+  <td>(none)</td>
+  <td>
+    OAuth token to use when authenticating against the against the Kubernetes API server from the driver pod when
+    requesting executors. Note that unlike the other authentication options, this must be the exact string value of
+    the token to use for the authentication. This token value is uploaded to the driver pod. If this is specified, it is
+    highly recommended to set up TLS for the driver submission server, as this value is sensitive information that would
+    be passed to the driver pod in plaintext otherwise.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.serviceAccountName</code></td>
+  <td><code>default</code></td>
+  <td>
+    Service account that is used when running the driver pod. The driver pod uses this service account when requesting
+    executor pods from the API server. Note that this cannot be specified alongside a CA cert file, client key file,
+    client cert file, and/or OAuth token.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.driver.label.[LabelName]</code></td>
+  <td>(none)</td>
+  <td>
+    Add the label specified by <code>LabelName</code> to the driver pod.
+    For example, <code>spark.kubernetes.driver.label.something=true</code>.
+    Note that Spark also adds its own labels to the driver pod
+    for bookkeeping purposes.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.driver.annotation.[AnnotationName]</code></td>
+  <td>(none)</td>
+  <td>
+    Add the annotation specified by <code>AnnotationName</code> to the driver pod.
+    For example, <code>spark.kubernetes.driver.annotation.something=true</code>.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.executor.label.[LabelName]</code></td>
+  <td>(none)</td>
+  <td>
+    Add the label specified by <code>LabelName</code> to the executor pods.
+    For example, <code>spark.kubernetes.executor.label.something=true</code>.
+    Note that Spark also adds its own labels to the driver pod
+    for bookkeeping purposes.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.executor.annotation.[AnnotationName]</code></td>
+  <td>(none)</td>
+  <td>
+    Add the annotation specified by <code>AnnotationName</code> to the executor pods.
+    For example, <code>spark.kubernetes.executor.annotation.something=true</code>.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.driver.pod.name</code></td>
+  <td>(none)</td>
+  <td>
+    Name of the driver pod. If not set, the driver pod name is set to "spark.app.name" suffixed by the current timestamp
+    to avoid name conflicts.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.submission.waitAppCompletion</code></td>
+  <td><code>true</code></td>
+  <td>
+    In cluster mode, whether to wait for the application to finish before exiting the launcher process.  When changed to
+    false, the launcher has a "fire-and-forget" behavior when launching the Spark job.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.report.interval</code></td>
+  <td><code>1s</code></td>
+  <td>
+    Interval between reports of the current Spark job status in cluster mode.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.docker.image.pullPolicy</code></td>
+  <td><code>IfNotPresent</code></td>
+  <td>
+    Docker image pull policy used when pulling Docker images with Kubernetes.
+  </td>
+</tr>
+<tr>
+   <td><code>spark.kubernetes.driver.limit.cores</code></td>
+   <td>(none)</td>
+   <td>
+     Specify the hard cpu limit for the driver pod
+   </td>
+ </tr>
+ <tr>
+   <td><code>spark.kubernetes.executor.limit.cores</code></td>
+   <td>(none)</td>
+   <td>
+     Specify the hard cpu limit for a single executor pod
+   </td>
+ </tr>
+ <tr>
+   <td><code>spark.kubernetes.node.selector.[labelKey]</code></td>
+   <td>(none)</td>
+   <td>
+     Adds to the node selector of the driver pod and executor pods, with key <code>labelKey</code> and the value as the
+     configuration's value. For example, setting <code>spark.kubernetes.node.selector.identifier</code> to <code>myIdentifier</code>
+     will result in the driver pod and executors having a node selector with key <code>identifier</code> and value
+      <code>myIdentifier</code>. Multiple node selector keys can be added by setting multiple configurations with this prefix.
+    </td>
+  </tr>
+ <tr>
+   <td><code>spark.kubernetes.driverEnv.[EnvironmentVariableName]</code></td>
+   <td>(none)</td>
+   <td>
+     Add the environment variable specified by <code>EnvironmentVariableName</code> to
+     the Driver process. The user can specify multiple of these to set multiple environment variables.
+   </td>
+ </tr>
+ <tr>
+   <td><code>spark.kubernetes.driver.secrets.[SecretName]</code></td>
+   <td>(none)</td>
+   <td>
+     Mounts the Kubernetes secret named <code>SecretName</code> onto the path specified by the value
+     in the driver Pod. The user can specify multiple instances of this for multiple secrets.
+   </td>
+ </tr>
+ <tr>
+   <td><code>spark.kubernetes.executor.secrets.[SecretName]</code></td>
+   <td>(none)</td>
+   <td>
+     Mounts the Kubernetes secret named <code>SecretName</code> onto the path specified by the value
+     in the executor Pods. The user can specify multiple instances of this for multiple secrets.
+   </td>
+ </tr>
+</table>
\ No newline at end of file
diff --git a/sbin/build-push-docker-images.sh b/sbin/build-push-docker-images.sh
new file mode 100755
index 0000000000000..efedc5024cc2c
--- /dev/null
+++ b/sbin/build-push-docker-images.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# This script builds and pushes docker images when run from a release of Spark
+# with Kubernetes support.
+
+declare -A path=( [spark-driver]=dockerfiles/driver/Dockerfile \
+                  [spark-executor]=dockerfiles/executor/Dockerfile )
+
+function build {
+  docker build -t spark-base -f dockerfiles/spark-base/Dockerfile .
+  for image in "${!path[@]}"; do
+    docker build -t ${REPO}/$image:${TAG} -f ${path[$image]} .
+  done
+}
+
+
+function push {
+  for image in "${!path[@]}"; do
+    docker push ${REPO}/$image:${TAG}
+  done
+}
+
+function usage {
+  echo "Usage: ./sbin/build-push-docker-images.sh -r <repo> -t <tag> build"
+  echo "       ./sbin/build-push-docker-images.sh -r <repo> -t <tag> push"
+  echo "for example: ./sbin/build-push-docker-images.sh -r docker.io/myrepo -t v2.3.0 push"
+}
+
+if [[ "$@" = *--help ]] || [[ "$@" = *-h ]]; then
+  usage
+  exit 0
+fi
+
+while getopts r:t: option
+do
+ case "${option}"
+ in
+ r) REPO=${OPTARG};;
+ t) TAG=${OPTARG};;
+ esac
+done
+
+if [ -z "$REPO" ] || [ -z "$TAG" ]; then
+    usage
+else
+  case "${@: -1}" in
+    build) build;;
+    push) push;;
+    *) usage;;
+  esac
+fi
\ No newline at end of file

From 4ccf59b7e8f32e53235450627eb7a67dceaf8de2 Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Tue, 12 Dec 2017 10:50:20 -0800
Subject: [PATCH 02/13] Address comments

---
 docs/running-on-kubernetes.md    | 30 ++++++++++++++++--------------
 sbin/build-push-docker-images.sh |  2 +-
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
index 8a554bd4353a1..affee80b970ac 100644
--- a/docs/running-on-kubernetes.md
+++ b/docs/running-on-kubernetes.md
@@ -5,7 +5,7 @@ title: Running Spark on Kubernetes
 * This will become a table of contents (this text will be scraped).
 {:toc}
 
-Spark can run on clusters managed by [Kubernetes](https://kubernetes.io). This features makes use of the new experimental native
+Spark can run on clusters managed by [Kubernetes](https://kubernetes.io). This feature makes use of the new experimental native
 Kubernetes scheduler that has been added to Spark.
 
 # Prerequisites
@@ -31,7 +31,7 @@ by running `kubectl auth can-i <list|create|edit|delete> pods`.
 spark-submit can be directly used to submit a Spark application to a Kubernetes cluster. The mechanism by which spark-submit happens is as follows:
 
 * Spark creates a spark driver running within a [Kubernetes pod](https://kubernetes.io/docs/concepts/workloads/pods/pod/).
-* The driver creates executors which are also Kubernetes pods and connects to them, and executes application code.
+* The driver creates executors which are also running within Kubernetes pods and connects to them, and executes application code.
 * When the application completes, the executor pods terminate and are cleaned up, but the driver pod persists
 logs and remains in "completed" state in the Kubernetes API till it's eventually garbage collected or manually cleaned up.
 
@@ -68,16 +68,18 @@ building using the supplied script, or manually.
 
 To launch Spark Pi in cluster mode,
 
-    bin/spark-submit \
-      --deploy-mode cluster \
-      --class org.apache.spark.examples.SparkPi \
-      --master k8s://https://<k8s-apiserver-host>:<k8s-apiserver-port> \
-      --conf spark.kubernetes.namespace=default \
-      --conf spark.executor.instances=5 \
-      --conf spark.app.name=spark-pi \
-      --conf spark.kubernetes.driver.docker.image=<driver-image> \
-      --conf spark.kubernetes.executor.docker.image=<executor-image> \
-      local:///opt/spark/examples/jars/spark-examples_2.11-2.3.0.jar
+{% highlight bash %}
+$ bin/spark-submit \
+    --deploy-mode cluster \
+    --class org.apache.spark.examples.SparkPi \
+    --master k8s://https://<k8s-apiserver-host>:<k8s-apiserver-port> \
+    --conf spark.kubernetes.namespace=default \
+    --conf spark.executor.instances=5 \
+    --conf spark.app.name=spark-pi \
+    --conf spark.kubernetes.driver.docker.image=<driver-image> \
+    --conf spark.kubernetes.executor.docker.image=<executor-image> \
+    local:///opt/spark/examples/jars/spark-examples_2.11-2.3.0.jar
+{% endhighlight %}
 
 The Spark master, specified either via passing the `--master` command line argument to `spark-submit` or by setting
 `spark.master` in the application's configuration, must be a URL with the format `k8s://<api_server_url>`. Prefixing the
@@ -170,7 +172,7 @@ the spark application.
 ### Namespaces
 
 Kubernetes has the concept of [namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/).
-Namespaces are a way to divide cluster resources between multiple users (via resource quota). Spark on Kubernetes can
+Namespaces are ways to divide cluster resources between multiple users (via resource quota). Spark on Kubernetes can
 use namespaces to launch spark applications. This is through the `--conf spark.kubernetes.namespace` argument to spark-submit.
 
 Kubernetes allows using [ResourceQuota](https://kubernetes.io/docs/concepts/policy/resource-quotas/) to set limits on
@@ -250,7 +252,7 @@ and provide feedback to the development team.
 
 # Configuration
 
-See the [configuration page](configuration.html) for information on Spark configurations.  The following configuration is
+See the [configuration page](configuration.html) for information on Spark configurations.  The following configurations are
 specific to Spark on Kubernetes.
 
 #### Spark Properties
diff --git a/sbin/build-push-docker-images.sh b/sbin/build-push-docker-images.sh
index efedc5024cc2c..c7db9c539a427 100755
--- a/sbin/build-push-docker-images.sh
+++ b/sbin/build-push-docker-images.sh
@@ -64,4 +64,4 @@ else
     push) push;;
     *) usage;;
   esac
-fi
\ No newline at end of file
+fi

From 14bee00fb439ff3087bbc04e4ad5f6fb9d5e2082 Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Tue, 12 Dec 2017 11:42:01 -0800
Subject: [PATCH 03/13] Adding links to running-on-kubernetes.md

---
 docs/_layouts/global.html       |  1 +
 docs/building-spark.md          |  6 +++++-
 docs/cluster-overview.md        |  7 ++-----
 docs/configuration.md           |  2 ++
 docs/index.md                   |  3 ++-
 docs/running-on-yarn.md         |  3 ++-
 docs/submitting-applications.md | 16 ++++++++++++++++
 7 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/docs/_layouts/global.html b/docs/_layouts/global.html
index 67b05ecf7a858..e5af5ae4561c7 100755
--- a/docs/_layouts/global.html
+++ b/docs/_layouts/global.html
@@ -99,6 +99,7 @@
                                 <li><a href="spark-standalone.html">Spark Standalone</a></li>
                                 <li><a href="running-on-mesos.html">Mesos</a></li>
                                 <li><a href="running-on-yarn.html">YARN</a></li>
+                                <li><a href="running-on-kubernetes.html">Kubernetes</a></li>
                             </ul>
                         </li>
 
diff --git a/docs/building-spark.md b/docs/building-spark.md
index 98f7df155456f..c391255a91596 100644
--- a/docs/building-spark.md
+++ b/docs/building-spark.md
@@ -49,7 +49,7 @@ To create a Spark distribution like those distributed by the
 to be runnable, use `./dev/make-distribution.sh` in the project root directory. It can be configured
 with Maven profile settings and so on like the direct Maven build. Example:
 
-    ./dev/make-distribution.sh --name custom-spark --pip --r --tgz -Psparkr -Phadoop-2.7 -Phive -Phive-thriftserver -Pmesos -Pyarn
+    ./dev/make-distribution.sh --name custom-spark --pip --r --tgz -Psparkr -Phadoop-2.7 -Phive -Phive-thriftserver -Pmesos -Pyarn -Pkubernetes
 
 This will build Spark distribution along with Python pip and R packages. For more information on usage, run `./dev/make-distribution.sh --help`
 
@@ -90,6 +90,10 @@ like ZooKeeper and Hadoop itself.
 ## Building with Mesos support
 
     ./build/mvn -Pmesos -DskipTests clean package
+
+## Building with Kubernetes support
+
+    ./build/mvn -Pkubernetes -DskipTests clean package
     
 ## Building with Kafka 0.8 support
 
diff --git a/docs/cluster-overview.md b/docs/cluster-overview.md
index c42bb4bb8377e..658e67f99dd71 100644
--- a/docs/cluster-overview.md
+++ b/docs/cluster-overview.md
@@ -52,11 +52,8 @@ The system currently supports three cluster managers:
 * [Apache Mesos](running-on-mesos.html) -- a general cluster manager that can also run Hadoop MapReduce
   and service applications.
 * [Hadoop YARN](running-on-yarn.html) -- the resource manager in Hadoop 2.
-* [Kubernetes (experimental)](https://github.com/apache-spark-on-k8s/spark) -- In addition to the above,
-there is experimental support for Kubernetes. Kubernetes is an open-source platform
-for providing container-centric infrastructure. Kubernetes support is being actively
-developed in an [apache-spark-on-k8s](https://github.com/apache-spark-on-k8s/) Github organization. 
-For documentation, refer to that project's README.
+* [Kubernetes](running-on-kubernetes.html) -- [Kubernetes](https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/)
+is an open-source platform that provides container-centric infrastructure.
 
 A third-party project (not supported by the Spark project) exists to add support for
 [Nomad](https://github.com/hashicorp/nomad-spark) as a cluster manager.
diff --git a/docs/configuration.md b/docs/configuration.md
index d70bac134808f..1189aea2aa71f 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -2376,6 +2376,8 @@ can be found on the pages for each mode:
 
 #### [Mesos](running-on-mesos.html#configuration)
 
+#### [Kubernetes](running-on-kubernetes.html#configuration)
+
 #### [Standalone Mode](spark-standalone.html#cluster-launch-scripts)
 
 # Environment Variables
diff --git a/docs/index.md b/docs/index.md
index b867c972b4b48..657d4dffa1f81 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -81,6 +81,7 @@ options for deployment:
 * [Standalone Deploy Mode](spark-standalone.html): simplest way to deploy Spark on a private cluster
 * [Apache Mesos](running-on-mesos.html)
 * [Hadoop YARN](running-on-yarn.html)
+* [Kubernetes](running-on-kubernetes.html)
 
 # Where to Go from Here
 
@@ -112,7 +113,7 @@ options for deployment:
   * [Mesos](running-on-mesos.html): deploy a private cluster using
       [Apache Mesos](http://mesos.apache.org)
   * [YARN](running-on-yarn.html): deploy Spark on top of Hadoop NextGen (YARN)
-  * [Kubernetes (experimental)](https://github.com/apache-spark-on-k8s/spark): deploy Spark on top of Kubernetes
+  * [Kubernetes (experimental)](running-on-kubernetes.html): deploy Spark on top of Kubernetes
 
 **Other Documents:**
 
diff --git a/docs/running-on-yarn.md b/docs/running-on-yarn.md
index 7e2386f33b583..23a150611c27f 100644
--- a/docs/running-on-yarn.md
+++ b/docs/running-on-yarn.md
@@ -18,7 +18,8 @@ Spark application's configuration (driver, executors, and the AM when running in
 
 There are two deploy modes that can be used to launch Spark applications on YARN. In `cluster` mode, the Spark driver runs inside an application master process which is managed by YARN on the cluster, and the client can go away after initiating the application. In `client` mode, the driver runs in the client process, and the application master is only used for requesting resources from YARN.
 
-Unlike [Spark standalone](spark-standalone.html) and [Mesos](running-on-mesos.html) modes, in which the master's address is specified in the `--master` parameter, in YARN mode the ResourceManager's address is picked up from the Hadoop configuration. Thus, the `--master` parameter is `yarn`.
+Unlike [Spark standalone](spark-standalone.html), [Mesos](running-on-mesos.html) and [Kubernetes](running-on-kubernetes.html) modes,
+in which the master's address is specified in the `--master` parameter, in YARN mode the ResourceManager's address is picked up from the Hadoop configuration. Thus, the `--master` parameter is `yarn`.
 
 To launch a Spark application in `cluster` mode:
 
diff --git a/docs/submitting-applications.md b/docs/submitting-applications.md
index 866d6e527549c..3f2b0f287e43d 100644
--- a/docs/submitting-applications.md
+++ b/docs/submitting-applications.md
@@ -127,6 +127,16 @@ export HADOOP_CONF_DIR=XXX
   http://path/to/examples.jar \
   1000
 
+# Run on a Kubernetes cluster in cluster deploy mode
+./bin/spark-submit \
+  --class org.apache.spark.examples.SparkPi \
+  --master k8s://xx.yy.zz.ww:443 \
+  --deploy-mode cluster \
+  --executor-memory 20G \
+  --num-executors 50 \
+  http://path/to/examples.jar \
+  1000
+
 {% endhighlight %}
 
 # Master URLs
@@ -155,6 +165,12 @@ The master URL passed to Spark can be in one of the following formats:
         <code>client</code> or <code>cluster</code> mode depending on the value of <code>--deploy-mode</code>.
         The cluster location will be found based on the <code>HADOOP_CONF_DIR</code> or <code>YARN_CONF_DIR</code> variable.
 </td></tr>
+<tr><td> <code>k8s://HOST:PORT</code> </td><td> Connect to a <a href="running-on-kubernetes.html"> Kubernetes </a> cluster in
+        <code>cluster</code> mode. Client mode is currently unsupported and will be supported in future releases.
+        The <code>HOST</code> and <code>PORT</code> refer to the [Kubernetes API Server](https://kubernetes.io/docs/reference/generated/kube-apiserver/).
+        It connects using TLS by default. In order to force it to use an unsecured connection, you can use
+        <code>k8s://http://HOST:PORT</code>.
+</td></tr>
 </table>
 
 

From b18d1ba8b6447dbaccca03bea9f2c3470057905f Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Wed, 13 Dec 2017 07:03:27 -0800
Subject: [PATCH 04/13] Addressed comments (round 2)

---
 docs/index.md                   |  2 +-
 docs/running-on-kubernetes.md   | 39 +++++++++++++++++++--------------
 docs/submitting-applications.md |  2 +-
 3 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index 657d4dffa1f81..2f009417fafb0 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -113,7 +113,7 @@ options for deployment:
   * [Mesos](running-on-mesos.html): deploy a private cluster using
       [Apache Mesos](http://mesos.apache.org)
   * [YARN](running-on-yarn.html): deploy Spark on top of Hadoop NextGen (YARN)
-  * [Kubernetes (experimental)](running-on-kubernetes.html): deploy Spark on top of Kubernetes
+  * [Kubernetes](running-on-kubernetes.html): deploy Spark on top of Kubernetes
 
 **Other Documents:**
 
diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
index affee80b970ac..464349d043da4 100644
--- a/docs/running-on-kubernetes.md
+++ b/docs/running-on-kubernetes.md
@@ -15,7 +15,7 @@ Kubernetes scheduler that has been added to Spark.
 [kubectl](https://kubernetes.io/docs/user-guide/prereqs/).  If you do not already have a working Kubernetes cluster,
 you may setup a test cluster on your local machine using
 [minikube](https://kubernetes.io/docs/getting-started-guides/minikube/).
-  * We recommend using the latest releases of minikube be updated to the most recent version with the DNS addon enabled.
+  * We recommend using the latest release of minikube with the DNS addon enabled.
 * You must have appropriate permissions to list, create, edit and delete
 [pods](https://kubernetes.io/docs/user-guide/pods/) in your cluster. You can verify that you can list these resources
 by running `kubectl auth can-i <list|create|edit|delete> pods`.
@@ -28,12 +28,13 @@ by running `kubectl auth can-i <list|create|edit|delete> pods`.
   <img src="img/k8s-cluster-mode.png" title="Spark cluster components" alt="Spark cluster components" />
 </p>
 
-spark-submit can be directly used to submit a Spark application to a Kubernetes cluster. The mechanism by which spark-submit happens is as follows:
+<code>spark-submit</code> can be directly used to submit a Spark application to a Kubernetes cluster.
+The submission mechanism works as follows:
 
-* Spark creates a spark driver running within a [Kubernetes pod](https://kubernetes.io/docs/concepts/workloads/pods/pod/).
+* Spark creates a Spark driver running within a [Kubernetes pod](https://kubernetes.io/docs/concepts/workloads/pods/pod/).
 * The driver creates executors which are also running within Kubernetes pods and connects to them, and executes application code.
 * When the application completes, the executor pods terminate and are cleaned up, but the driver pod persists
-logs and remains in "completed" state in the Kubernetes API till it's eventually garbage collected or manually cleaned up.
+logs and remains in "completed" state in the Kubernetes API until it's eventually garbage collected or manually cleaned up.
 
 Note that in the completed state, the driver pod does *not* use any computational or memory resources.
 
@@ -54,7 +55,7 @@ and built for your usage.
 
 You may build these docker images from sources.
 There is a script, `sbin/build-push-docker-images.sh` that you can use to build and push
-customized spark distribution images consisting of all the above components.
+customized Spark distribution images consisting of all the above components.
 
 Example usage is:
 
@@ -95,14 +96,14 @@ kubectl cluster-info
 Kubernetes master is running at http://127.0.0.1:6443
 ```
 
-In the above example, the specific Kubernetes cluster can be used with spark submit by specifying
+In the above example, the specific Kubernetes cluster can be used with <code>spark-submit</code> by specifying
 `--master k8s://http://127.0.0.1:6443` as an argument to spark-submit. Additionally, it is also possible to use the
 authenticating proxy, `kubectl proxy` to communicate to the Kubernetes API.
 
 The local proxy can be started by:
 
 ```bash
- kubectl proxy
+kubectl proxy
 ```
 
 If the local proxy is running at localhost:8001, `--master k8s://http://127.0.0.1:8001` can be used as the argument to
@@ -123,7 +124,7 @@ take actions.
 
 ### Accessing Logs
 
-Logs can be accessed using the kubernetes API and the `kubectl` CLI. When a Spark application is running, it's possible
+Logs can be accessed using the Kubernetes API and the `kubectl` CLI. When a Spark application is running, it's possible
 to stream logs from the application using:
 
 ```bash
@@ -131,7 +132,7 @@ kubectl -n=<namespace> logs -f <driver-pod-name>
 ```
 
 The same logs can also be accessed through the
-[kubernetes dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/) if installed on
+[Kubernetes dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/) if installed on
 the cluster.
 
 ### Accessing Driver UI
@@ -143,13 +144,13 @@ The UI associated with any application can be accessed locally using
 kubectl port-forward <driver-pod-name> 4040:4040
 ```
 
-Then, the spark driver UI can be accessed on `http://localhost:4040`.
+Then, the Spark driver UI can be accessed on `http://localhost:4040`.
 
 ### Debugging 
 
 There may be several kinds of failures. If the Kubernetes API server rejects the request made from spark-submit, or the
 connection is refused for a different reason, the submission logic should indicate the error encountered. However, if there
-are errors during the running of the application, often, the best way to investigate may be through the kubernetes CLI.
+are errors during the running of the application, often, the best way to investigate may be through the Kubernetes CLI.
 
 To get some basic information about the scheduling decisions made around the driver pod, you can run:
 
@@ -165,7 +166,7 @@ kubectl logs <spark-driver-pod>
 
 Status and logs of failed executor pods can be checked in similar ways. Finally, deleting the driver pod will clean up the entire spark 
 application, includling all executors, associated service, etc. The driver pod can be thought of as the Kubernetes representation of 
-the spark application.
+the Spark application.
 
 ## Kubernetes Features
 
@@ -173,7 +174,7 @@ the spark application.
 
 Kubernetes has the concept of [namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/).
 Namespaces are ways to divide cluster resources between multiple users (via resource quota). Spark on Kubernetes can
-use namespaces to launch spark applications. This is through the `--conf spark.kubernetes.namespace` argument to spark-submit.
+use namespaces to launch Spark applications. This can be made use of through the `spark.kubernetes.namespace` configuration.
 
 Kubernetes allows using [ResourceQuota](https://kubernetes.io/docs/concepts/policy/resource-quotas/) to set limits on
 resources, number of objects, etc on individual namespaces. Namespaces and ResourceQuota can be used in combination by
@@ -198,7 +199,7 @@ that allows driver pods to create pods and services under the default Kubernetes
 service account that has the right role granted. Spark on Kubernetes supports specifying a custom service account to
 be used by the driver pod through the configuration property
 `spark.kubernetes.authenticate.driver.serviceAccountName=<service account name>`. For example to make the driver pod
-to use the `spark` service account, a user simply adds the following option to the `spark-submit` command:
+use the `spark` service account, a user simply adds the following option to the `spark-submit` command:
 
 ```
 --conf spark.kubernetes.authenticate.driver.serviceAccountName=spark
@@ -272,6 +273,7 @@ specific to Spark on Kubernetes.
   <td>
     Docker image to use for the driver. Specify this using the standard
     <a href="https://docs.docker.com/engine/reference/commandline/tag/">Docker tag</a> format.
+    This configuration is required and must be provided by the user.
   </td>
 </tr>
 <tr>
@@ -280,6 +282,7 @@ specific to Spark on Kubernetes.
   <td>
     Docker image to use for the executors. Specify this using the standard
     <a href="https://docs.docker.com/engine/reference/commandline/tag/">Docker tag</a> format.
+    This configuration is required and must be provided by the user.
   </td>
 </tr>
 <tr>
@@ -365,7 +368,7 @@ specific to Spark on Kubernetes.
   <td><code>spark.kubernetes.authenticate.driver.oauthToken</code></td>
   <td>(none)</td>
   <td>
-    OAuth token to use when authenticating against the against the Kubernetes API server from the driver pod when
+    OAuth token to use when authenticating against the Kubernetes API server from the driver pod when
     requesting executors. Note that unlike the other authentication options, this must be the exact string value of
     the token to use for the authentication. This token value is uploaded to the driver pod. If this is specified, it is
     highly recommended to set up TLS for the driver submission server, as this value is sensitive information that would
@@ -483,7 +486,8 @@ specific to Spark on Kubernetes.
    <td><code>spark.kubernetes.driver.secrets.[SecretName]</code></td>
    <td>(none)</td>
    <td>
-     Mounts the Kubernetes secret named <code>SecretName</code> onto the path specified by the value
+     Mounts the [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/)
+     named <code>SecretName</code> onto the path specified by the value
      in the driver Pod. The user can specify multiple instances of this for multiple secrets.
    </td>
  </tr>
@@ -491,7 +495,8 @@ specific to Spark on Kubernetes.
    <td><code>spark.kubernetes.executor.secrets.[SecretName]</code></td>
    <td>(none)</td>
    <td>
-     Mounts the Kubernetes secret named <code>SecretName</code> onto the path specified by the value
+     Mounts the [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/)
+     named <code>SecretName</code> onto the path specified by the value
      in the executor Pods. The user can specify multiple instances of this for multiple secrets.
    </td>
  </tr>
diff --git a/docs/submitting-applications.md b/docs/submitting-applications.md
index 3f2b0f287e43d..0473ab73a5e6c 100644
--- a/docs/submitting-applications.md
+++ b/docs/submitting-applications.md
@@ -165,7 +165,7 @@ The master URL passed to Spark can be in one of the following formats:
         <code>client</code> or <code>cluster</code> mode depending on the value of <code>--deploy-mode</code>.
         The cluster location will be found based on the <code>HADOOP_CONF_DIR</code> or <code>YARN_CONF_DIR</code> variable.
 </td></tr>
-<tr><td> <code>k8s://HOST:PORT</code> </td><td> Connect to a <a href="running-on-kubernetes.html"> Kubernetes </a> cluster in
+<tr><td> <code>k8s://HOST:PORT</code> </td><td> Connect to a <a href="running-on-kubernetes.html">Kubernetes</a> cluster in
         <code>cluster</code> mode. Client mode is currently unsupported and will be supported in future releases.
         The <code>HOST</code> and <code>PORT</code> refer to the [Kubernetes API Server](https://kubernetes.io/docs/reference/generated/kube-apiserver/).
         It connects using TLS by default. In order to force it to use an unsecured connection, you can use

From 9594462e20123f061cb88e7cf813ade5e77d534e Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Wed, 13 Dec 2017 07:22:00 -0800
Subject: [PATCH 05/13] review comments

---
 docs/running-on-kubernetes.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
index 464349d043da4..43ad2bad8f9d7 100644
--- a/docs/running-on-kubernetes.md
+++ b/docs/running-on-kubernetes.md
@@ -5,7 +5,7 @@ title: Running Spark on Kubernetes
 * This will become a table of contents (this text will be scraped).
 {:toc}
 
-Spark can run on clusters managed by [Kubernetes](https://kubernetes.io). This feature makes use of the new experimental native
+Spark can run on clusters managed by [Kubernetes](https://kubernetes.io). This feature makes use of native
 Kubernetes scheduler that has been added to Spark.
 
 # Prerequisites
@@ -71,15 +71,14 @@ To launch Spark Pi in cluster mode,
 
 {% highlight bash %}
 $ bin/spark-submit \
+    --master k8s://https://<k8s-apiserver-host>:<k8s-apiserver-port> \
     --deploy-mode cluster \
     --class org.apache.spark.examples.SparkPi \
-    --master k8s://https://<k8s-apiserver-host>:<k8s-apiserver-port> \
-    --conf spark.kubernetes.namespace=default \
     --conf spark.executor.instances=5 \
     --conf spark.app.name=spark-pi \
     --conf spark.kubernetes.driver.docker.image=<driver-image> \
     --conf spark.kubernetes.executor.docker.image=<executor-image> \
-    local:///opt/spark/examples/jars/spark-examples_2.11-2.3.0.jar
+    local:///path/to/examples.jar
 {% endhighlight %}
 
 The Spark master, specified either via passing the `--master` command line argument to `spark-submit` or by setting

From 679b5c77e0603490fc0dbbcb13a708e2a1ab90e0 Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Wed, 13 Dec 2017 07:34:46 -0800
Subject: [PATCH 06/13] Update to --name

---
 docs/running-on-kubernetes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
index 43ad2bad8f9d7..ec36f0091316e 100644
--- a/docs/running-on-kubernetes.md
+++ b/docs/running-on-kubernetes.md
@@ -73,9 +73,9 @@ To launch Spark Pi in cluster mode,
 $ bin/spark-submit \
     --master k8s://https://<k8s-apiserver-host>:<k8s-apiserver-port> \
     --deploy-mode cluster \
+    --name spark-pi \
     --class org.apache.spark.examples.SparkPi \
     --conf spark.executor.instances=5 \
-    --conf spark.app.name=spark-pi \
     --conf spark.kubernetes.driver.docker.image=<driver-image> \
     --conf spark.kubernetes.executor.docker.image=<executor-image> \
     local:///path/to/examples.jar

From 67abb930d0cbacf5114b61459e029d2ad3267c1d Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Thu, 14 Dec 2017 15:53:37 -0800
Subject: [PATCH 07/13] Review comments

---
 docs/running-on-kubernetes.md | 2 +-
 docs/running-on-yarn.md       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
index ec36f0091316e..62139f23f85ff 100644
--- a/docs/running-on-kubernetes.md
+++ b/docs/running-on-kubernetes.md
@@ -111,7 +111,7 @@ This URI is the location of the example jar that is already in the Docker image.
 
 ## Dependency Management
 
-If your application's dependencies are all hosted in remote locations like HDFS or http servers, they may be referred to
+If your application's dependencies are all hosted in remote locations like HDFS or HTTP servers, they may be referred to
 by their appropriate remote URIs. Also, application dependencies can be pre-mounted into custom-built Docker images.
 Those dependencies can be added to the classpath by referencing them with `local://` URIs and/or setting the
 `SPARK_EXTRA_CLASSPATH` environment variable in your Dockerfiles.
diff --git a/docs/running-on-yarn.md b/docs/running-on-yarn.md
index 23a150611c27f..90a271ae96b61 100644
--- a/docs/running-on-yarn.md
+++ b/docs/running-on-yarn.md
@@ -18,7 +18,7 @@ Spark application's configuration (driver, executors, and the AM when running in
 
 There are two deploy modes that can be used to launch Spark applications on YARN. In `cluster` mode, the Spark driver runs inside an application master process which is managed by YARN on the cluster, and the client can go away after initiating the application. In `client` mode, the driver runs in the client process, and the application master is only used for requesting resources from YARN.
 
-Unlike [Spark standalone](spark-standalone.html), [Mesos](running-on-mesos.html) and [Kubernetes](running-on-kubernetes.html) modes,
+Unlike other cluster managers supported by Spark
 in which the master's address is specified in the `--master` parameter, in YARN mode the ResourceManager's address is picked up from the Hadoop configuration. Thus, the `--master` parameter is `yarn`.
 
 To launch a Spark application in `cluster` mode:

From a7e0c4c31d2ae4310b26bb29e58921a0a5246c8b Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Wed, 20 Dec 2017 00:55:44 -0800
Subject: [PATCH 08/13] Update the image building script

---
 sbin/build-push-docker-images.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sbin/build-push-docker-images.sh b/sbin/build-push-docker-images.sh
index c7db9c539a427..4546e98dc2074 100755
--- a/sbin/build-push-docker-images.sh
+++ b/sbin/build-push-docker-images.sh
@@ -19,11 +19,11 @@
 # This script builds and pushes docker images when run from a release of Spark
 # with Kubernetes support.
 
-declare -A path=( [spark-driver]=dockerfiles/driver/Dockerfile \
-                  [spark-executor]=dockerfiles/executor/Dockerfile )
+declare -A path=( [spark-driver]=kubernetes/dockerfiles/driver/Dockerfile \
+                  [spark-executor]=kubernetes/dockerfiles/executor/Dockerfile )
 
 function build {
-  docker build -t spark-base -f dockerfiles/spark-base/Dockerfile .
+  docker build -t spark-base -f kubernetes/dockerfiles/spark-base/Dockerfile .
   for image in "${!path[@]}"; do
     docker build -t ${REPO}/$image:${TAG} -f ${path[$image]} .
   done
@@ -37,6 +37,7 @@ function push {
 }
 
 function usage {
+  echo "This script must be run from a runnable distribution of Apache Spark."
   echo "Usage: ./sbin/build-push-docker-images.sh -r <repo> -t <tag> build"
   echo "       ./sbin/build-push-docker-images.sh -r <repo> -t <tag> push"
   echo "for example: ./sbin/build-push-docker-images.sh -r docker.io/myrepo -t v2.3.0 push"

From 74ac5c9e5b495d0133e8e1378867a43f2bc1ff4a Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Wed, 20 Dec 2017 00:57:28 -0800
Subject: [PATCH 09/13] Add path to dockerfiles

---
 docs/running-on-kubernetes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
index 62139f23f85ff..3c1e7a56c046e 100644
--- a/docs/running-on-kubernetes.md
+++ b/docs/running-on-kubernetes.md
@@ -62,7 +62,7 @@ Example usage is:
     ./sbin/build-push-docker-images.sh -r <repo> -t my-tag build
     ./sbin/build-push-docker-images.sh -r <repo> -t my-tag push
 
-Docker files are under the `dockerfiles/` and can be customized further before
+Docker files are under the `kubernetes/dockerfiles/` directory and can be customized further before
 building using the supplied script, or manually.
 
 ## Cluster Mode

From d2358470e86ab44522371b8fd733a97527d95ec5 Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Wed, 20 Dec 2017 02:13:12 -0800
Subject: [PATCH 10/13] Test and update various options

---
 docs/running-on-kubernetes.md | 137 ++++++++++++++++++++++++++--------
 1 file changed, 104 insertions(+), 33 deletions(-)

diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
index 3c1e7a56c046e..b35098567d367 100644
--- a/docs/running-on-kubernetes.md
+++ b/docs/running-on-kubernetes.md
@@ -267,23 +267,30 @@ specific to Spark on Kubernetes.
   </td>
 </tr>
 <tr>
-  <td><code>spark.kubernetes.driver.docker.image</code></td>
+  <td><code>spark.kubernetes.driver.container.image</code></td>
   <td><code>(none)</code></td>
   <td>
-    Docker image to use for the driver. Specify this using the standard
-    <a href="https://docs.docker.com/engine/reference/commandline/tag/">Docker tag</a> format.
+    Container image to use for the driver.
+    This is usually of the form `example.com/repo/spark-driver:v1.0.0`.
     This configuration is required and must be provided by the user.
   </td>
 </tr>
 <tr>
-  <td><code>spark.kubernetes.executor.docker.image</code></td>
+  <td><code>spark.kubernetes.executor.container.image</code></td>
   <td><code>(none)</code></td>
   <td>
-    Docker image to use for the executors. Specify this using the standard
-    <a href="https://docs.docker.com/engine/reference/commandline/tag/">Docker tag</a> format.
+    Container image to use for the executors.
+    This is usually of the form `example.com/repo/spark-executor:v1.0.0`.
     This configuration is required and must be provided by the user.
   </td>
 </tr>
+<tr>
+  <td><code>spark.kubernetes.container.image.pullPolicy</code></td>
+  <td><code>IfNotPresent</code></td>
+  <td>
+    Container image pull policy used when pulling images within Kubernetes.
+  </td>
+</tr>
 <tr>
   <td><code>spark.kubernetes.allocation.batch.size</code></td>
   <td><code>5</code></td>
@@ -334,6 +341,15 @@ specific to Spark on Kubernetes.
     the authentication.
   </td>
 </tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.submission.oauthTokenFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the OAuth token file containing the token to use when authenticating against the Kubernetes API server when starting the driver.
+    This file must be located on the submitting machine's disk. Specify this as a path as opposed to a URI (i.e. do not
+    provide a scheme).
+  </td>
+</tr>
 <tr>
   <td><code>spark.kubernetes.authenticate.driver.caCertFile</code></td>
   <td>(none)</td>
@@ -374,6 +390,53 @@ specific to Spark on Kubernetes.
     be passed to the driver pod in plaintext otherwise.
   </td>
 </tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.oauthTokenFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the OAuth token file containing the token to use when authenticating against the Kubernetes API server from the driver pod when
+    requesting executors. Note that unlike the other authentication options, this file must contain the exact string value of
+    the token to use for the authentication. This token value is uploaded to the driver pod. If this is specified, it is
+    highly recommended to set up TLS for the driver submission server, as this value is sensitive information that would
+    be passed to the driver pod in plaintext otherwise.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.mounted.caCertFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the CA cert file for connecting to the Kubernetes API server over TLS from the driver pod when requesting
+    executors. This path must be accessible from the driver pod.
+    Specify this as a path as opposed to a URI (i.e. do not provide a scheme).
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.mounted.clientKeyFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the client key file for authenticating against the Kubernetes API server from the driver pod when requesting
+    executors. This path must be accessible from the driver pod.
+    Specify this as a path as opposed to a URI (i.e. do not provide a scheme).
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.mounted.clientCertFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the client cert file for authenticating against the Kubernetes API server from the driver pod when
+    requesting executors. This path must be accessible from the driver pod.
+    Specify this as a path as opposed to a URI (i.e. do not provide a scheme).
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.authenticate.driver.mounted.oauthTokenFile</code></td>
+  <td>(none)</td>
+  <td>
+    Path to the file containing the OAuth token to use when authenticating against the Kubernetes API server from the driver pod when
+    requesting executors. This path must be accessible from the driver pod.
+    Note that unlike the other authentication options, this file must contain the exact string value of the token to use for the authentication.
+  </td>
+</tr>
 <tr>
   <td><code>spark.kubernetes.authenticate.driver.serviceAccountName</code></td>
   <td><code>default</code></td>
@@ -427,6 +490,23 @@ specific to Spark on Kubernetes.
     to avoid name conflicts.
   </td>
 </tr>
+<tr>
+  <td><code>spark.kubernetes.executor.podNamePrefix</code></td>
+  <td>(none)</td>
+  <td>
+    Prefix for naming the executor pods.
+    If not set, the executor pod name is set to driver pod name suffixed by an integer.
+  </td>
+</tr>
+<tr>
+  <td><code>spark.kubernetes.executor.lostCheck.maxAttempts</code></td>
+  <td>10</td>
+  <td>
+    Number of times that the driver will try to ascertain the loss reason for a specific executor.
+    The loss reason is used to ascertain whether the executor failure is due to a framework or an application error
+    which in turn decides whether the executor is removed and replaced, or placed into a failed state for debugging.
+  </td>
+</tr>
 <tr>
   <td><code>spark.kubernetes.submission.waitAppCompletion</code></td>
   <td><code>true</code></td>
@@ -442,25 +522,18 @@ specific to Spark on Kubernetes.
     Interval between reports of the current Spark job status in cluster mode.
   </td>
 </tr>
-<tr>
-  <td><code>spark.kubernetes.docker.image.pullPolicy</code></td>
-  <td><code>IfNotPresent</code></td>
-  <td>
-    Docker image pull policy used when pulling Docker images with Kubernetes.
-  </td>
-</tr>
 <tr>
    <td><code>spark.kubernetes.driver.limit.cores</code></td>
    <td>(none)</td>
    <td>
-     Specify the hard cpu limit for the driver pod
+     Specify the hard CPU [limit](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container) for the driver pod.
    </td>
  </tr>
  <tr>
    <td><code>spark.kubernetes.executor.limit.cores</code></td>
    <td>(none)</td>
    <td>
-     Specify the hard cpu limit for a single executor pod
+     Specify the hard CPU [limit](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container) for each executor pod launched for the Spark Application.
    </td>
  </tr>
  <tr>
@@ -481,22 +554,20 @@ specific to Spark on Kubernetes.
      the Driver process. The user can specify multiple of these to set multiple environment variables.
    </td>
  </tr>
- <tr>
-   <td><code>spark.kubernetes.driver.secrets.[SecretName]</code></td>
-   <td>(none)</td>
-   <td>
-     Mounts the [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/)
-     named <code>SecretName</code> onto the path specified by the value
-     in the driver Pod. The user can specify multiple instances of this for multiple secrets.
-   </td>
- </tr>
- <tr>
-   <td><code>spark.kubernetes.executor.secrets.[SecretName]</code></td>
-   <td>(none)</td>
-   <td>
-     Mounts the [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/)
-     named <code>SecretName</code> onto the path specified by the value
-     in the executor Pods. The user can specify multiple instances of this for multiple secrets.
-   </td>
- </tr>
+  <tr>
+    <td><code>spark.kubernetes.mountDependencies.jarsDownloadDir</code></td>
+    <td>/var/spark-data/spark-jars</td>
+    <td>
+      Location to download jars to in the driver and executors.
+      This directory must be empty and will be mounted as an empty directory volume on the driver and executor pods.
+    </td>
+  </tr>
+   <tr>
+     <td><code>spark.kubernetes.mountDependencies.filesDownloadDir</code></td>
+     <td>/var/spark-data/spark-files</td>
+     <td>
+       Location to download jars to in the driver and executors.
+       This directory must be empty and will be mounted as an empty directory volume on the driver and executor pods.
+     </td>
+   </tr>
 </table>
\ No newline at end of file

From 702162b4ca9eab83adb0b362d5b4d9479b6b3d0a Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Wed, 20 Dec 2017 02:20:57 -0800
Subject: [PATCH 11/13] Add <code>..</code> blocks

---
 docs/running-on-kubernetes.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
index b35098567d367..00247e57a3234 100644
--- a/docs/running-on-kubernetes.md
+++ b/docs/running-on-kubernetes.md
@@ -500,7 +500,7 @@ specific to Spark on Kubernetes.
 </tr>
 <tr>
   <td><code>spark.kubernetes.executor.lostCheck.maxAttempts</code></td>
-  <td>10</td>
+  <td><code>10</code></td>
   <td>
     Number of times that the driver will try to ascertain the loss reason for a specific executor.
     The loss reason is used to ascertain whether the executor failure is due to a framework or an application error
@@ -556,7 +556,7 @@ specific to Spark on Kubernetes.
  </tr>
   <tr>
     <td><code>spark.kubernetes.mountDependencies.jarsDownloadDir</code></td>
-    <td>/var/spark-data/spark-jars</td>
+    <td><code>/var/spark-data/spark-jars</code></td>
     <td>
       Location to download jars to in the driver and executors.
       This directory must be empty and will be mounted as an empty directory volume on the driver and executor pods.
@@ -564,7 +564,7 @@ specific to Spark on Kubernetes.
   </tr>
    <tr>
      <td><code>spark.kubernetes.mountDependencies.filesDownloadDir</code></td>
-     <td>/var/spark-data/spark-files</td>
+     <td><code>/var/spark-data/spark-files</code></td>
      <td>
        Location to download jars to in the driver and executors.
        This directory must be empty and will be mounted as an empty directory volume on the driver and executor pods.

From 87261549dd41c6a8c97a5d2fc33119c0296265e4 Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Wed, 20 Dec 2017 16:41:38 -0800
Subject: [PATCH 12/13] Update instructions for spark.app.name, modify config
 type

---
 docs/running-on-kubernetes.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
index 00247e57a3234..0048bd90b48ae 100644
--- a/docs/running-on-kubernetes.md
+++ b/docs/running-on-kubernetes.md
@@ -88,6 +88,10 @@ being contacted at `api_server_url`. If no HTTP protocol is specified in the URL
 setting the master to `k8s://example.com:443` is equivalent to setting it to `k8s://https://example.com:443`, but to
 connect without TLS on a different port, the master would be set to `k8s://http://example.com:8080`.
 
+In Kubernetes mode, the Spark application name that is specified by `spark.app.name` or the `--name` argument to
+`spark-submit` is used by default to name the Kubernetes resources created like drivers and executors. So, application names
+must consist of lower case alphanumeric characters, `-`, and `.`  and must start and end with an alphanumeric character.
+
 If you have a Kubernetes cluster setup, one way to discover the apiserver URL is by executing `kubectl cluster-info`.
 
 ```bash
@@ -300,9 +304,10 @@ specific to Spark on Kubernetes.
 </tr>
 <tr>
   <td><code>spark.kubernetes.allocation.batch.delay</code></td>
-  <td><code>1</code></td>
+  <td><code>1s</code></td>
   <td>
-    Number of seconds to wait between each round of executor pod allocation.
+    Time to wait between each round of executor pod allocation. Specifying values less than 1 second may lead to
+    excessive CPU usage on the spark driver.
   </td>
 </tr>
 <tr>

From 374ddc850e06f9a5d5d83ddc32b3e28e5fbf1007 Mon Sep 17 00:00:00 2001
From: foxish <ramanathana@google.com>
Date: Thu, 21 Dec 2017 11:21:05 -0800
Subject: [PATCH 13/13] Better line breaks

---
 docs/running-on-yarn.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/running-on-yarn.md b/docs/running-on-yarn.md
index 90a271ae96b61..e7edec5990363 100644
--- a/docs/running-on-yarn.md
+++ b/docs/running-on-yarn.md
@@ -18,8 +18,9 @@ Spark application's configuration (driver, executors, and the AM when running in
 
 There are two deploy modes that can be used to launch Spark applications on YARN. In `cluster` mode, the Spark driver runs inside an application master process which is managed by YARN on the cluster, and the client can go away after initiating the application. In `client` mode, the driver runs in the client process, and the application master is only used for requesting resources from YARN.
 
-Unlike other cluster managers supported by Spark
-in which the master's address is specified in the `--master` parameter, in YARN mode the ResourceManager's address is picked up from the Hadoop configuration. Thus, the `--master` parameter is `yarn`.
+Unlike other cluster managers supported by Spark in which the master's address is specified in the `--master`
+parameter, in YARN mode the ResourceManager's address is picked up from the Hadoop configuration.
+Thus, the `--master` parameter is `yarn`.
 
 To launch a Spark application in `cluster` mode: