diff options
author | Kaspars Skels <kaspars.skels@att.com> | 2019-07-15 15:27:12 -0500 |
---|---|---|
committer | Kaspars Skels <kaspars.skels@att.com> | 2019-08-13 10:48:32 -0500 |
commit | d62d663a2daaf301c6ca5ae7d314e61b904af575 (patch) | |
tree | 0b6fbd14381b1fe38e834326382784d8476e00ad | |
parent | 6f42f8c81f7cffc41abd73f80731b73261ad35e3 (diff) |
Initial site reference manifests for intel-pod17
This includes cntt type definition as well as site manifests.
Change-Id: I4829c80199795af0c841419b8fd19557295fe244
Signed-off-by: Kaspars Skels <kaspars.skels@att.com>
136 files changed, 7971 insertions, 0 deletions
diff --git a/site/intel-pod17/baremetal/nodes.yaml b/site/intel-pod17/baremetal/nodes.yaml new file mode 100644 index 0000000..cd88a66 --- /dev/null +++ b/site/intel-pod17/baremetal/nodes.yaml @@ -0,0 +1,254 @@ +--- +# Drydock BaremetalNode resources for a specific rack are stored in this file. +# +# NOTE: For new sites, you should complete the networks/physical/networks.yaml +# file before working on this file. +# +# In this file, you should make the number of `drydock/BaremetalNode/v1` +# resources equal the number of bare metal nodes you have, either by deleting +# excess BaremetalNode definitions (if there are too many), or by copying and +# pasting the last BaremetalNode in the file until you have the correct number +# of baremetal nodes (if there are too few). +# +# Then in each file, address all additional NEWSITE-CHANGEME markers to update +# the data in these files with the right values for your new site. +# +# *NOTE: The Genesis node is counted as one of the control plane nodes. Note +# that the Genesis node does not appear on this bare metal list, because the +# procedure to reprovision the Genesis host with MaaS has not yet been +# implemented. Therefore there will be only three bare metal nodes in this file +# with the 'masters' tag, as the genesis roles are assigned in a difference +# place (profiles/genesis.yaml). +# NOTE: The host profiles for the control plane are further divided into two +# variants: primary and secondary. The only significance this has is that the +# "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph +# standby nodes. For Ceph quorum, this means that the control plane split will +# be 3 primary + 1 standby host profile, and the Genesis node counts toward one +# of the 3 primary profiles. Other control plane services are not affected by +# primary vs secondary designation. +# +# TODO: Include the hostname naming convention +# +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack, + # after (excluding) genesis. + name: pod17-node1 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this + # node. In the reference Airship deployment, this is all logical Networks defined + # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand. + # (what could possibly go wrong!) The instructions differ for each logical + # network, which are laid out below. + addressing: + # The iDrac/iLo IP of the node. It's important that this match up with the + # node's hostname above, so that the rack number and node position encoded + # in the hostname are accurate and matching the node that IPMI operations + # will be performed against (for poweron, poweroff, PXE boot to wipe disk or + # reconfigure identity, etc - very important to get right for these reasons). + # These addresses should already be assigned to nodes racked and stacked in + # the environment; these are not addresses which MaaS assigns. + - network: oob + address: 10.10.170.11 + # The IP of the node on the PXE network. Refer to the static IP range + # defined for the PXE network in networks/physical/networks.yaml. Begin allocating + # IPs from this network, starting with the second IP (inclusive) from the + # allocation range of this subnet (Genesis node will have the first IP). + # Ex: If the start IP for the PXE "static" network is 10.23.20.11, then + # genesis will have 10.23.20.11, this node will have 10.23.20.12, and + # so on with incrementing IP addresses with each additional node. + - network: dmz + address: 10.10.170.21 + # Genesis node gets first IP, all other nodes increment IPs from there + # within the allocation range defined for the network in + # networks/physical/networks.yaml + - network: admin + address: 10.10.171.21 + # Genesis node gets first IP, all other nodes increment IPs from there + # within the allocation range defined for the network in + # networks/physical/networks.yaml + - network: private + address: 10.10.172.21 + # Genesis node gets first IP, all other nodes increment IPs from there + # within the allocation range defined for the network in + # networks/physical/networks.yaml + - network: storage + address: 10.10.173.21 + # Genesis node gets first IP, all other nodes increment IPs from there + # within the allocation range defined for the network in + # networks/physical/networks.yaml + - network: management + address: 10.10.174.21 + # NEWSITE-CHANGEME: Set the host profile for the node. + # Note that there are different host profiles depending if this is a control + # plane vs data plane node, and different profiles that map to different types + # hardware. Control plane host profiles are further broken down into "primary" + # and "secondary" profiles (refer to the Notes section at the top of this doc). + # Select the host profile that matches up to your type of + # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the + # 'cp' refers to a control plane profile, and the "primary" means it will be + # an active member in the ceph quorum. Refer to profiles/host/ for the list + # of available host profiles specific to this site (otherwise, you may find + # a general set of host profiles at the "type" or "global" layers/folders. + # If you have hardware that is not on this list of profiles, you may need to + # create a new host profile for that hardware. + # Regarding control plane vs other data plane profiles, refer to the notes at + # the beginning of this file. There should be one control plane node per rack, + # including Genesis. Note Genesis won't actually be listed in this file as a + # BaremetalNode, but the rest are. + # This is the second "primary" control plane node after Genesis. + host_profile: cp-intel-s2600wt + metadata: + tags: + # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control + # plane node, and 'workers' tag for data plane hosts. + - 'masters' + # NEWSITE-CHANGEME: Refer to site engineering package or other supporting + # documentation for the specific rack name. This should be a rack name that + # is meaningful to data center personnel (i.e. a rack they could locate if + # you gave them this rack designation). + rack: pod17-rack +... +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: The next node's hostname + name: pod17-node2 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The next node's IPv4 addressing + addressing: + - network: oob + address: 10.10.170.12 + - network: dmz + address: 10.10.170.22 + - network: admin + address: 10.10.171.22 + - network: private + address: 10.10.172.22 + - network: storage + address: 10.10.173.22 + - network: management + address: 10.10.174.22 + # NEWSITE-CHANGEME: The next node's host profile + host_profile: cp-intel-s2600wt + metadata: + # NEWSITE-CHANGEME: The next node's rack designation + rack: pod17-rack + # NEWSITE-CHANGEME: The next node's role desigatnion + tags: + - 'masters' +... +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: The next node's hostname + name: pod17-node3 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The next node's IPv4 addressing + addressing: + - network: oob + address: 10.10.170.13 + - network: dmz + address: 10.10.170.23 + - network: admin + address: 10.10.171.23 + - network: private + address: 10.10.172.23 + - network: storage + address: 10.10.173.23 + - network: management + address: 10.10.174.23 + # NEWSITE-CHANGEME: The next node's host profile + # This is the third "primary" control plane profile after genesis + host_profile: dp-intel-s2600wt + metadata: + # NEWSITE-CHANGEME: The next node's rack designation + rack: pod17-rack + # NEWSITE-CHANGEME: The next node's role desigatnion + tags: + - 'workers' +... +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: The next node's hostname + name: pod17-node4 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The next node's IPv4 addressing + addressing: + - network: oob + address: 10.10.170.14 + - network: dmz + address: 10.10.170.24 + - network: admin + address: 10.10.171.24 + - network: private + address: 10.10.172.24 + - network: storage + address: 10.10.173.24 + - network: management + address: 10.10.174.24 + # NEWSITE-CHANGEME: The next node's host profile + # This is the one and only appearance of the "secondary" control plane profile + host_profile: dp-intel-s2600wt + metadata: + # NEWSITE-CHANGEME: The next node's rack designation + rack: pod17-rack + # NEWSITE-CHANGEME: The next node's role desigatnion + tags: + - 'workers' +... +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: The next node's hostname + name: pod17-node5 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The next node's IPv4 addressing + addressing: + - network: oob + address: 10.10.170.15 + - network: dmz + address: 10.10.170.25 + - network: admin + address: 10.10.171.25 + - network: private + address: 10.10.172.25 + - network: storage + address: 10.10.173.25 + - network: management + address: 10.10.174.25 + # NEWSITE-CHANGEME: The next node's host profile + host_profile: dp-intel-s2600wt + metadata: + # NEWSITE-CHANGEME: The next node's rack designation + rack: pod17-rack + # NEWSITE-CHANGEME: The next node's role desigatnion + tags: + - 'workers' +... diff --git a/site/intel-pod17/networks/common-addresses.yaml b/site/intel-pod17/networks/common-addresses.yaml new file mode 100644 index 0000000..1fe0357 --- /dev/null +++ b/site/intel-pod17/networks/common-addresses.yaml @@ -0,0 +1,155 @@ +--- +# The purpose of this file is to define network related paramters that are +# referenced elsewhere in the manifests for this site. +# +schema: pegleg/CommonAddresses/v1 +metadata: + schema: metadata/Document/v1 + name: common-addresses + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + calico: + # NEWSITE-CHANGEME: The interface that calico will use. Update if your + # logical bond interface name or calico VLAN have changed from the reference + # site design. + # This should be whichever + # bond and VLAN number specified in networks/physical/networks.yaml for the Calico + # network. E.g. VLAN 22 for the calico network as a member of bond0, you + # would set "interface=bond0.22" as shown here. + ip_autodetection_method: interface=ens785f0 + etcd: + # etcd service IP address + service_ip: 10.96.232.136 + + vip: + ingress_vip: '10.10.170.100/32' + maas_vip: '10.10.171.100/32' + + dns: + # Kubernetes cluster domain. Do not change. This is internal to the cluster. + cluster_domain: cluster.local + # DNS service ip + service_ip: 10.96.0.10 + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 + # Repeat the same values as above, but formatted as a common separated + # string + upstream_servers_joined: 8.8.8.8,8.8.4.4 + # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point) + # Choose FQDN according to the ingress/public FQDN naming conventions at + # the top of this document. + ingress_domain: intel-pod17.opnfv.org + + genesis: + # NEWSITE-CHANGEME: Update with the hostname for the node which will take on + # the Genesis role. Refer to the hostname naming stardards in + # networks/physical/networks.yaml + # NOTE: Ensure that the genesis node is manually configured with this + # hostname before running `genesis.sh` on the node. + hostname: pod17-jump + # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for + # the calico network defined in networks/physical/networks.yaml for this IP. + ip: 10.10.172.20 + + bootstrap: + # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range + # defined for the pxe network in networks/physical/networks.yaml + ip: 10.10.171.20 + + kubernetes: + # K8s API service IP + api_service_ip: 10.96.0.1 + # etcd service IP + etcd_service_ip: 10.96.0.2 + # k8s pod CIDR (network which pod traffic will traverse) + pod_cidr: 10.97.0.0/16 + # k8s service CIDR (network which k8s API traffic will traverse) + service_cidr: 10.96.0.0/16 + # misc k8s port settings + apiserver_port: 6443 + haproxy_port: 6553 + service_node_port_range: 30000-32767 + + # etcd port settings + etcd: + container_port: 2379 + haproxy_port: 2378 + + # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the + # control plane servers. Ensure that this matches the nodes with the 'masters' + # tags applied in baremetal/nodes.yaml + masters: + - hostname: pod17-node1 + - hostname: pod17-node2 + + # NEWSITE-CHANGEME: Environment proxy information. + # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section + # should be commented out. + # However if you are in a lab that requires proxy, ensure that these proxy + # settings are correct and reachable in your environment; otherwise update + # them with the correct values for your environment. + proxy: + http: "" + https: "" + no_proxy: [] + + node_ports: + drydock_api: 30000 + maas_api: 30001 + maas_proxy: 31800 # hardcoded in MAAS + + ntp: + # comma separated NTP server list. Verify that these upstream NTP servers are + # reachable in your environment; otherwise update them with the correct + # values for your environment. + servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org' + + # NOTE: This will be updated soon + ldap: + # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is + # relevant for your type of deployment (test vs prod values, etc). + base_url: 'ldap.example.com' + # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI + url: 'ldap://ldap.example.com' + # NEWSITE-CHANGEME: Update to the correct expression relevant for this + # deployment (test vs prod values, etc) + auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com + # NEWSITE-CHANGEME: Update to the correct AD group that contains the users + # relevant for this deployment (test users vs prod users/values, etc) + common_name: test + # NEWSITE-CHANGEME: Update to the correct subdomain for your type of + # deployment (test vs prod values, etc) + subdomain: test + # NEWSITE-CHANGEME: Update to the correct domain for your type of + # deployment (test vs prod values, etc) + domain: example + + storage: + ceph: + # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR + # used for the `storage` network in networks/physical/networks.yaml + public_cidr: '10.10.173.0/24' + cluster_cidr: '10.10.173.0/24' + + neutron: + # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and + # VLAN number are consistent with what's defined for the bond and the overlay + # network in networks/physical/networks.yaml + tunnel_device: 'ens785f0' + # bond which the overlay is a member of. Ensure the bond name is consistent + # with the bond assigned to the overlay network in + # networks/physical/networks.yaml + external_iface: 'ens785f1.1173' + + openvswitch: + # bond which the overlay is a member of. Ensure the bond name is consistent + # with the bond assigned to the overlay network in + # networks/physical/networks.yaml + external_iface: 'ens785f1.1173' +... diff --git a/site/intel-pod17/networks/physical/networks.yaml b/site/intel-pod17/networks/physical/networks.yaml new file mode 100644 index 0000000..d149b07 --- /dev/null +++ b/site/intel-pod17/networks/physical/networks.yaml @@ -0,0 +1,365 @@ +--- +# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1 +# devices) and Networks (i.e. layer 3 configurations). The following is standard +# for the logical networks in Airship: +# +# https://wiki.opnfv.org/display/pharos/Intel+POD17 +# +--------+------------+-----------------------------------+----------+----------+----------------+ +# | | | | | | | +# +--------+------------+-----------------------------------+----------+----------+----------------+ +# |IF0 1G | dmz | OoB & OAM (default route) | VLAN 170 | untagged | 10.10.170.0/24 | +# |IF1 1G | admin | PXE boot network | VLAN 171 | untagged | 10.10.171.0/24 | +# |IF2 10G | private | Underlay calico and ovs overlay | VLAN 172 | untagged | 10.10.172.0/24 | +# | | management | Management (unused for now) | VLAN 174 | tagged | 10.10.174.0/24 | +# |IF3 10G | storage | Storage network | VLAN 173 | untagged | 10.10.173.0/24 | +# | | public | Public network for VMs | VLAN 175 | tagged | 10.10.175.0/24 | +# +--------+------------+-----------------------------------+----------+----------+----------------+ +# +# For standard Airship deployments, you should not need to modify the number of +# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should +# need editing. +# +# TODO: Given that we expect all network broadcast domains to span all racks in +# Airship, we should choose network names that do not include the rack number. +# +# TODO: FQDN naming standards for hosts +# +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # MaaS doesnt own this network like it does the others, so the noconfig label + # is specified. + labels: + noconfig: enabled + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: oob + allowed_networks: + - oob +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR + cidr: 10.10.170.0/24 + routes: + # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP + - subnet: '0.0.0.0/0' + gateway: 10.10.170.1 + metric: 100 + # NEWSITE-CHANGEME: Update with the site's out-of-band IP allocation range + # FIXME: Is this IP range actually used/allocated for anything? The HW already + # has its OOB IPs assigned. None of the Ubuntu OS's should need IPs on OOB + # network either, as they should be routable via the default gw on OAM network + ranges: + - type: static + start: 10.10.170.20 + end: 10.10.170.39 +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: dmz + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: dmz + allowed_networks: + - dmz +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: dmz + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's PXE network CIDR + # NOTE: The CIDR minimum size = (number of nodes * 2) + 10 + cidr: 10.10.170.0/24 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Set the OAM network gateway IP address + gateway: 10.10.170.1 + metric: 100 + # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure. + # The remainder of the range is divided between two subnets of equal size: + # one static, and one DHCP. + # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets + # assigned), and when a node is commissioning in MaaS (also uses DHCP to get + # its IP address). However, when MaaS installs the operating system + # ("Deploying/Deployed" states), it will write a static IP assignment to + # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here. + ranges: + # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR + - type: reserved + start: 10.10.170.1 + end: 10.10.170.19 + # NEWSITE-CHANGEME: Update to the first half of the remaining range after + # excluding the 10 reserved IPs. + - type: static + start: 10.10.170.20 + end: 10.10.170.39 + # NEWSITE-CHANGEME: Update to the second half of the remaining range after + # excluding the 10 reserved IPs. + - type: dhcp + start: 10.10.170.40 + end: 10.10.170.79 + dns: + # NEWSITE-CHANGEME: FQDN for bare metal nodes. + # Choose FQDN according to the node FQDN naming conventions at the top of + # this document. + domain: intel-pod17.opnfv.org + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + # TODO: This should be populated via substitution from common-addresses + servers: '8.8.8.8,8.8.4.4' +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: admin + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: admin + allowed_networks: + - admin +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: admin + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's PXE network CIDR + # NOTE: The CIDR minimum size = (number of nodes * 2) + 10 + cidr: 10.10.171.0/24 + # routes: + # - subnet: 0.0.0.0/0 + # # NEWSITE-CHANGEME: Set the OAM network gateway IP address + # gateway: 10.10.171.1 + # metric: 100 + # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure. + # The remainder of the range is divided between two subnets of equal size: + # one static, and one DHCP. + # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets + # assigned), and when a node is commissioning in MaaS (also uses DHCP to get + # its IP address). However, when MaaS installs the operating system + # ("Deploying/Deployed" states), it will write a static IP assignment to + # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here. + ranges: + # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR + - type: reserved + start: 10.10.171.1 + end: 10.10.171.19 + # NEWSITE-CHANGEME: Update to the first half of the remaining range after + # excluding the 10 reserved IPs. + - type: static + start: 10.10.171.20 + end: 10.10.171.39 + # NEWSITE-CHANGEME: Update to the second half of the remaining range after + # excluding the 10 reserved IPs. + - type: dhcp + start: 10.10.171.40 + end: 10.10.171.79 + dns: + # NEWSITE-CHANGEME: FQDN for bare metal nodes. + # Choose FQDN according to the node FQDN naming conventions at the top of + # this document. + domain: intel-pod17.opnfv.org + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + # TODO: This should be populated via substitution from common-addresses + servers: '10.10.171.100' +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: data1 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. Even if switches are configured for or + # can support a slightly higher MTU, there is no need (and negliable benefit) + # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at + # 9100 for maximum compatibility. + mtu: 1500 + linkspeed: auto + trunking: + mode: 802.1q + allowed_networks: + - private + - management +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: private + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on + vlan: '0' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the storage network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.10.172.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10 + # 10 reserved IPs. + - type: static + start: 10.10.172.1 + end: 10.10.172.19 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: management + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the OAM network is on + vlan: '174' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the OAM network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.10.174.0/24 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Set the OAM network gateway IP address + gateway: 10.10.174.1 + metric: 100 + ranges: + # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10 + # 10 reserved IPs. + - type: static + start: 10.10.174.1 + end: 10.23.21.19 + dns: + # NEWSITE-CHANGEME: FQDN for bare metal nodes. + # Choose FQDN according to the node FQDN naming conventions at the top of + # this document. + domain: intel-pod17.opnfv.org + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + # TODO: This should be populated via substitution from common-addresses + servers: '8.8.8.8,8.8.4.4' +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: data2 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. Even if switches are configured for or + # can support a slightly higher MTU, there is no need (and negliable benefit) + # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at + # 9100 for maximum compatibility. + mtu: 1500 + linkspeed: auto + trunking: + mode: 802.1q + default_network: storage + allowed_networks: + - storage + - public +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: storage + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on + vlan: '0' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the storage network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.10.173.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10 + # 10 reserved IPs. + - type: static + start: 10.10.173.1 + end: 10.10.173.19 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: public + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + vlan: '1173' + mtu: 1500 + cidr: 10.10.175.0/24 +... diff --git a/site/intel-pod17/pki/pki-catalog.yaml b/site/intel-pod17/pki/pki-catalog.yaml new file mode 100644 index 0000000..d1f9935 --- /dev/null +++ b/site/intel-pod17/pki/pki-catalog.yaml @@ -0,0 +1,299 @@ +--- +# The purpose of this file is to define the PKI certificates for the environment +# +# NOTE: When deploying a new site, this file should not be configured until +# baremetal/nodes.yaml is complete. +# +schema: promenade/PKICatalog/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-certificates + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + certificate_authorities: + kubernetes: + description: CA for Kubernetes components + certificates: + - document_name: apiserver + description: Service certificate for Kubernetes apiserver + common_name: apiserver + hosts: + - localhost + - 127.0.0.1 + # FIXME: Repetition of api_service_ip in common-addresses; use + # substitution + - 10.96.0.1 + kubernetes_service_names: + - kubernetes.default.svc.cluster.local + + # NEWSITE-CHANGEME: The following should be a list of all the nodes in + # the environment (genesis, control plane, data plane, everything). + # Add/delete from this list as necessary until all nodes are listed. + # For each node, the `hosts` list should be comprised of: + # 1. The node's hostname, as already defined in baremetal/nodes.yaml + # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml + # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml + # NOTE: This list also needs to include the Genesis node, which is not + # listed in baremetal/nodes.yaml, but by convention should be allocated + # the first non-reserved IP in each logical network allocation range + # defined in networks/physical/networks.yaml + # NOTE: The genesis node needs to be defined twice (the first two entries + # on this list) with all of the same paramters except the document_name. + # In the first case the document_name is `kubelet-genesis`, and in the + # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`. + - document_name: kubelet-genesis + common_name: system:node:pod17-jump + hosts: + - pod17-jump + - 10.10.172.20 + groups: + - system:nodes + - document_name: kubelet-pod17-jump + common_name: system:node:pod17-jump + hosts: + - pod17-jump + - 10.10.172.20 + groups: + - system:nodes + - document_name: kubelet-pod17-node1 + common_name: system:node:pod17-node1 + hosts: + - pod17-node1 + - 10.10.172.21 + groups: + - system:nodes + - document_name: kubelet-pod17-node2 + common_name: system:node:pod17-node2 + hosts: + - pod17-node2 + - 10.10.172.22 + groups: + - system:nodes + - document_name: kubelet-pod17-node3 + common_name: system:node:pod17-node3 + hosts: + - pod17-node3 + - 10.10.172.23 + groups: + - system:nodes + - document_name: kubelet-pod17-node4 + common_name: system:node:pod17-node4 + hosts: + - pod17-node4 + - 10.10.172.24 + groups: + - system:nodes + - document_name: kubelet-pod17-node5 + common_name: system:node:pod17-node5 + hosts: + - pod17-node5 + - 10.10.172.25 + groups: + - system:nodes + # End node list + - document_name: scheduler + description: Service certificate for Kubernetes scheduler + common_name: system:kube-scheduler + - document_name: controller-manager + description: certificate for controller-manager + common_name: system:kube-controller-manager + - document_name: admin + common_name: admin + groups: + - system:masters + - document_name: armada + common_name: armada + groups: + - system:masters + kubernetes-etcd: + description: Certificates for Kubernetes's etcd servers + certificates: + - document_name: apiserver-etcd + description: etcd client certificate for use by Kubernetes apiserver + common_name: apiserver + # NOTE(mark-burnett): hosts not required for client certificates + - document_name: kubernetes-etcd-anchor + description: anchor + common_name: anchor + # NEWSITE-CHANGEME: The following should be a list of the control plane + # nodes in the environment, including genesis. + # For each node, the `hosts` list should be comprised of: + # 1. The node's hostname, as already defined in baremetal/nodes.yaml + # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml + # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml + # 4. 127.0.0.1 + # 5. localhost + # 6. kubernetes-etcd.kube-system.svc.cluster.local + # NOTE: This list also needs to include the Genesis node, which is not + # listed in baremetal/nodes.yaml, but by convention should be allocated + # the first non-reserved IP in each logical network allocation range + # defined in networks/physical/networks.yaml, except for the kubernetes + # service_cidr where it should start with the second IP in the range. + # NOTE: The genesis node is defined twice with the same `hosts` data: + # Once with its hostname in the common/document name, and once with + # `genesis` defined instead of the host. For now, this duplicated + # genesis definition is required. FIXME: Remove duplicate definition + # after Promenade addresses this issue. + - document_name: kubernetes-etcd-genesis + common_name: kubernetes-etcd-genesis + hosts: + - pod17-jump + - 10.10.172.20 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod17-jump + common_name: kubernetes-etcd-pod17-jump + hosts: + - pod17-jump + - 10.10.172.20 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod17-node1 + common_name: kubernetes-etcd-pod17-node1 + hosts: + - pod17-node1 + - 10.10.172.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod17-node2 + common_name: kubernetes-etcd-pod17-node2 + hosts: + - pod17-node2 + - 10.10.172.22 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + # End node list + kubernetes-etcd-peer: + certificates: + # NEWSITE-CHANGEME: This list should be identical to the previous list, + # except that `-peer` has been appended to the document/common names. + - document_name: kubernetes-etcd-genesis-peer + common_name: kubernetes-etcd-genesis-peer + hosts: + - pod17-jump + - 10.10.172.20 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod17-jump-peer + common_name: kubernetes-etcd-pod17-jump-peer + hosts: + - pod17-jump + - 10.10.172.20 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod17-node1-peer + common_name: kubernetes-etcd-pod17-node1-peer + hosts: + - pod17-node1 + - 10.10.172.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod17-node2-peer + common_name: kubernetes-etcd-pod17-node2-peer + hosts: + - pod17-node2 + - 10.10.172.22 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + # End node list + calico-etcd: + description: Certificates for Calico etcd client traffic + certificates: + - document_name: calico-etcd-anchor + description: anchor + common_name: anchor + # NEWSITE-CHANGEME: The following should be a list of the control plane + # nodes in the environment, including genesis. + # For each node, the `hosts` list should be comprised of: + # 1. The node's hostname, as already defined in baremetal/nodes.yaml + # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml + # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml + # 4. 127.0.0.1 + # 5. localhost + # 6. The calico/etcd/service_ip defined in networks/common-addresses.yaml + # NOTE: This list also needs to include the Genesis node, which is not + # listed in baremetal/nodes.yaml, but by convention should be allocated + # the first non-reserved IP in each logical network allocation range + # defined in networks/physical/networks.yaml + - document_name: calico-etcd-pod17-jump + common_name: calico-etcd-pod17-jump + hosts: + - pod17-jump + - 10.10.172.20 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-pod17-node1 + common_name: calico-etcd-pod17-node1 + hosts: + - pod17-node1 + - 10.10.172.21 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-pod17-node2 + common_name: calico-etcd-pod17-node2 + hosts: + - pod17-node2 + - 10.10.172.22 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node + common_name: calcico-node + # End node list + calico-etcd-peer: + description: Certificates for Calico etcd clients + certificates: + # NEWSITE-CHANGEME: This list should be identical to the previous list, + # except that `-peer` has been appended to the document/common names. + - document_name: calico-etcd-pod17-jump-peer + common_name: calico-etcd-pod17-jump-peer + hosts: + - pod17-jump + - 10.10.172.20 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-pod17-node1-peer + common_name: calico-etcd-pod17-node1-peer + hosts: + - pod17-node1 + - 10.10.172.21 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-pod17-node2-peer + common_name: calico-etcd-pod17-node2-peer + hosts: + - pod17-node2 + - 10.10.172.22 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node-peer + common_name: calcico-node-peer + # End node list + keypairs: + - name: service-account + description: Service account signing key for use by Kubernetes controller-manager. +... diff --git a/site/intel-pod17/profiles/region.yaml b/site/intel-pod17/profiles/region.yaml new file mode 100644 index 0000000..f8ac846 --- /dev/null +++ b/site/intel-pod17/profiles/region.yaml @@ -0,0 +1,53 @@ +--- +# The purpose of this file is to define the drydock Region, which in turn drives +# the MaaS region. +schema: 'drydock/Region/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: Replace with the site name + name: seaworthy + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the + # list of authorized keys which MaaS will register for the build-in "ubuntu" + # account during the PXE process. Create a substitution rule for each SSH + # key that should have access to the "ubuntu" account (useful for trouble- + # shooting problems before UAM or UAM-lite is operational). SSH keys are + # stored as secrets in site/seaworthy/secrets. + - dest: + # Add/replace the first item in the list + path: .authorized_keys[0] + src: + schema: deckhand/PublicKey/v1 + # This should match the "name" metadata of the SSH key which will be + # substituted, located in site/seaworthy/secrets folder. + name: airship_ssh_public_key + path: . + - dest: + path: .repositories.main_archive + src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .packages.repositories.main_archive + # Second key example + #- dest: + # # Increment the list index + # path: .authorized_keys[1] + # src: + # schema: deckhand/PublicKey/v1 + # # your ssh key + # name: MY_USER_ssh_public_key + # path: . +data: + tag_definitions: [] + # This is the list of SSH keys which MaaS will register for the built-in + # "ubuntu" account during the PXE process. This list is populated by + # substitution, so the same SSH keys do not need to be repeated in multiple + # manifests. + authorized_keys: [] + repositories: + remove_unlisted: true +... diff --git a/site/intel-pod17/secrets/certificates/certificates.yaml b/site/intel-pod17/secrets/certificates/certificates.yaml new file mode 100644 index 0000000..eb4382a --- /dev/null +++ b/site/intel-pod17/secrets/certificates/certificates.yaml @@ -0,0 +1,2525 @@ +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSDCCAjCgAwIBAgIUKYDWHOar6ZsQ9ppv2nhGUQcmXWAwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yNDA4MDMxNjIzMDBaMCoxEzARBgNVBAoTCkt1YmVy + bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQCpZGUxEqLrgHW4w3GA8Ix5pYUBvE/WinjcanDiTQOGDxaaqN24 + wMTWoYQQ7Bal4HZ3T42//G61PJJFEobelfKs0EwRKacKBKvfj89xz2FaMQ6UvITV + wxwSQYCZgZqGMd8/wWWcR4h9LQHEGuPXEOJAhtH8lASKu2KEM8W9AZQCNwdsWDLf + 2aG55tGm9U8IqlVho7YFcpSCsjOlxilnndAodJZPpnZ00stMWtfPp8ZgV9xJX1sS + /Yo/BmwcofVzmgAIy4qE6Qrd8CZuEJIGjG/VIigmsIrVixOu4+3aRDFkIugjOufi + yKUZ6cbaz/2un5bdgFqPqORB+f+ki4I+QD/TAgMBAAGjZjBkMA4GA1UdDwEB/wQE + AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRKoDdKith5IO42xJ88 + bx6fCL2bNjAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjANBgkqhkiG + 9w0BAQsFAAOCAQEAc/cYd90vM8g3/I8eCdT+oKiImfHiaIZtaUnjedSGqtriLY9t + Arl4Lscfsu7yQA51E2BW9qESU8+Gi1E3NKznOmNs83n3pmAmmKUo8+M4vsvgz4HO + wb5XbHBh8nvQDkBBr8XkD48ElAl5rJMeClj7AEqVJ9ZXUltEW7EjjqJQ0KJpwfy0 + k2WEQEwwyJ4Hi2UVDotabpIpfilCFdWz+uHGOWGi692PZA6tTP04Xx8uab9lWxDi + dkBIdqjf35ej34TdflW/pY+IpIT2J8cb1qvlO7TmoyOz4seGW7BXMI9Om72e8LP0 + w/Cy9UelgAcNzMIGIIynHQpaFwl6csJJIrDXcA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUjCCAjqgAwIBAgIUXRyYMUbFIX9w+JjAKebJAXB2reMwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTI0MDgwMzE2MjMwMFowLzETMBEGA1UEChMK + S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBEQbaKoG+0cD4/BYqufo9zgI26X2n1ragGH + X8fO0ONbOABevwt6sqaEA3qJSZ/9P5byD4kZjwpvTVSDl5ZDRY0cMWdquU7MBMwU + XDJoB2NRoaPW7oGx8AaiT7tcxyVGKUVCiM5C3BS3NU6U1tNQYWB90Y41GHXH2q0z + nWt8Pln4dRGC/4HhlLfWZbqG+uUdqmdT+FVdxgA3JdvQfbsO8GVkS7fv2LDOn0C0 + F6E1rcnCVDEza7jqocNUWTukhiDTiETVRbT29H7RHKfMXsVsMYC6a/jQG/Y1dwus + HB0VAUbiKKU+55cDjHQ9Mg4Rv41gQUX1yK7eF7l1/4H+E+gtJwIDAQABo2YwZDAO + BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUSkqk + mO9ScQrpng9HFA/0CMmeq4MwHwYDVR0jBBgwFoAUSkqkmO9ScQrpng9HFA/0CMme + q4MwDQYJKoZIhvcNAQELBQADggEBADiOSywzguhl/dNGoYWd5g94reGU8hjBemYd + UPusRbTZOmCwAdrs2SDu4mufPwXSWAcj4Apn/SdofnxhgSK/DgRlDxOe46Y33sce + gRbYAPu1TWuac2U06lI7ATstspEULC9DAyipdgYDTl6dMhufDDSY+T3GoSR5V+Za + S5N899o7+zRxXjVJGw/2FuW6YxgW6Czy30I3RfP1GOoJiRL0pUrxc3GzekL6YlI8 + SAoKvnUrRqJOzutepeWMbVSCxKw3KHZoeiJWTBAFqmSjaRE0R8Ts1IO/DNTERYg4 + bmqZdWXaFDU9gw1hwe5S+Kv/EHJRYIB3CrFJ/yQ0OU5Wdm6kRb8= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDXDCCAkSgAwIBAgIUGnkMT14tcuVvsnecVFwV0PFkfpYwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjQwODAzMTYyMzAwWjA0MRMwEQYD + VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC + ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKL8PFbG7CoYtT8vJZMkZAV5 + UNJx56cdlLVjJ6fZNOo198lQ5ysav/VpBRGDTXP57hwIQyowP+87W8fb4l8OnOrC + S8DQ6kU7qfuBgjTlQ1bWMDAW1pmsHCJmaW0edvSK7F0tt+ki+3AuTxYD7+If/z2X + TcLcruqfS7zggPI/5GNRcbzXcFH1ONnJlo92YY9QG3bgSnBqScq01u00gCCLfs8I + VTzT0ObsZCZVl/aVKv3dEbfSKKvv3E2TQeGH8RVBL/mVjACeWH1yD4N/yd4Ohzwn + NxuQ0+pGMCYHc75xESqUjoP5yyeKfT/Ywz47RQ05qko9BpTN7FqvF4UjnLS6zMsC + AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD + VR0OBBYEFIZCZKq3pZiIt7X1Y6CVvK6OCZjRMB8GA1UdIwQYMBaAFIZCZKq3pZiI + t7X1Y6CVvK6OCZjRMA0GCSqGSIb3DQEBCwUAA4IBAQAGdhNPduKFlI7gRumaZreG + Wnw0zddci9D54JweCV0Vm7inCTy/xLsXzdLwfR9RKp3fuAwSLTaBmrtlw7j69MY1 + g3HlUTNR9B7YgM7iKyChf0Vvsa0vZSn1Voy3yi5JrFqPrGQo5YcIpakwB8FAW5g+ + mah/D8FyHTBaqqNq1idrfscWCefnsjs2+FSVbyxIwPEHa/71ORnI+yo/5XsHNar7 + VDdRSyWbwXXcUf3oXUwb0c71qR/EFIcw5HVO1LTEVKDgPQmTsghDiyxGs71smWk0 + yH17RjNP2pQmkQw+1cz8tD5gpsyoQGJ3W/MFxE4n2Sz8wZd2wAHrZ6A8CwE45gDg + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSjCCAjKgAwIBAgIUZkqKs5BY/wzgvv5l8YhQpbWvP7YwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwODA1MTYyMzAwWhcNMjQwODAzMTYyMzAwWjArMRMwEQYDVQQKEwpLdWJl + cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBALbKO5hAK05sYVaZz3jsF/DN8dJ3MH7e++C8zUOafkYDAFXC + 32wOc5QWO3bs1RNfJcap/4OnRQl8++z9A20FCUH+PCeN+dElUIanFdiqfnQYQb73 + pWQ/CxmWjLPLRt5+ZWvsxBwSJsnN8YT80GeUmxAXY6mLL6qSqlHih5YxlYvA88QZ + sWkqJA2jbQM+8+Lvcav5mruRCsxiZ4dOsU4DYNX/TNiDoackXL2U15ywQp0U4Gw8 + sqExGuBMBHO/B3U126hHKCxPJwNxEEjoiSvNU7WVh3+AfXQzC/oUy/A9eMnQuVGH + e36x8Tz2vWPbPaJoAq1SbKbyhyEDCYnnwbkvEeECAwEAAaNmMGQwDgYDVR0PAQH/ + BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFG/YDADw6yQQ8uH6 + vaVmB9X8yo2MMB8GA1UdIwQYMBaAFG/YDADw6yQQ8uH6vaVmB9X8yo2MMA0GCSqG + SIb3DQEBCwUAA4IBAQCcw3UYZ1sD7Vx+neXZKiYgw7QqZL7eF1CQ4klL3HWb6lvP + AbcOGr7MoXyN2Df+uAoZ+GZZh+SrXFLacBXdYp+C4YaetZZ2tUGI39Ua+UvZ0LsD + /2h47hMK5DT0GK6MaKBX4+mZ/MfZu/qjfON5qH+FCs4N+dnCuwhCJgJM6AsoHOBw + kXrAbtsay7d6YyheJpVALNTrFCv+z9SBHINHDb6VXDHVAPobgsTu9gW/QrMTv1a3 + 935rCW2gG/5uREK1M+1qfDDYcIvXbKGt+6+aHelkesmFheheXbD9G162bU9sCe1J + Angeom5UY2YlSkjkexXBScmiX4dqoFdshuqP8vNr + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVDCCAjygAwIBAgIUPGN7DgZ0kZUBtBPpGSojEKhC6AEwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yNDA4MDMxNjIzMDBaMDAxEzARBgNVBAoT + Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG + SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQa57iWnyX5JVRNyuhjx06VLrSiLCHOqvt + JdyDBNgmrfW71LG6G/mE1pIIBzZkZRFO2eF36tQyHpcxdY2P1zse09Xsnnb5u/7U + eFhQWi1jQ/TJafcEB+MKPZMbccpoaGpXc0uePlqkzcPH1AiBtCquLEzslCY0VYw+ + a1bDT3xqIDn0jBssTTIpPLgradpC4T7uJJl6JMwBPh5n3858B9K4jVh+Q+3Ul6cM + 0MdxNJlWH6lxybsdW0aMd/qyQh7GBUf4zs8fOnFfWQf23dCDml+xGoIvyJk04cGl + PfWj0vqT9KHM/hPIkW/nnqs5wbzS+1CPk5FJOUleIIZ5ZdA13MRbAgMBAAGjZjBk + MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSv + APyGdVXJeVcR6Q7O3jk1ILVLhDAfBgNVHSMEGDAWgBSvAPyGdVXJeVcR6Q7O3jk1 + ILVLhDANBgkqhkiG9w0BAQsFAAOCAQEAhW0xsLPrmKaXtpuc1hDNaift5UDnGLDT + vSZQd+fdV4l5rvnK85TOY3Z+Qij+p5fvX2uGi6Ge7OVUYiPDi+fmCoxn5fIfu3e7 + QNLw9qMMwyauLFBeNWL1iEe9YBcCn0GDS637I62B2gIOU7AVvOkrwwvRMMFJXae/ + uX9SPL7ohjnwWyPjp89KVhhaxEkoM/Jv0MaOU8gIKZqrgmnuR3qs7vYgnw3zMMJZ + Pg7fHZ1Jq4nDrvqMKjMBd2Gx+T+4pX7aJqvjTk3lddtWdSXLg96sFVoFSI5QDRpH + 3tdkWPZ2hwHLasSIuDi2gKlMklEUUkePpU+KdlVceeuMvanRTNMSKw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAqWRlMRKi64B1uMNxgPCMeaWFAbxP1op43Gpw4k0Dhg8Wmqjd + uMDE1qGEEOwWpeB2d0+Nv/xutTySRRKG3pXyrNBMESmnCgSr34/Pcc9hWjEOlLyE + 1cMcEkGAmYGahjHfP8FlnEeIfS0BxBrj1xDiQIbR/JQEirtihDPFvQGUAjcHbFgy + 39mhuebRpvVPCKpVYaO2BXKUgrIzpcYpZ53QKHSWT6Z2dNLLTFrXz6fGYFfcSV9b + Ev2KPwZsHKH1c5oACMuKhOkK3fAmbhCSBoxv1SIoJrCK1YsTruPt2kQxZCLoIzrn + 4silGenG2s/9rp+W3YBaj6jkQfn/pIuCPkA/0wIDAQABAoIBAAy2y12Wj4Hrn2ph + yQgrhe+ve784mil5NT8eAiEKNMSAJ2suV44BcgTGFLqMbdq/cUTdRL9vPAQAat4i + WNsmGBPegocbQD1hQmFCUwiwzxbM7dI+IB5HSbkZD4T2FFoULjSD2JOVTupOUX6d + ohJHYyQCuoohtgGPtQJFPIdGMgzEY050cFUeniu8KIhl3Xa1BdLQWuHtNtOSPmbX + 6+9SaN+6pR5VezmQXwwS0wDX8r3/fuSW5E1D3heg/ISj9Fh4H2tRWR3poAN47cBO + Mf4N6mQ5ObbBYKV80QQUs0f9RFpN2hlg4kJ6RzvAXae9AdG4bA58dSQFaPnga1p4 + BY0mFXECgYEAxgOlYpzU6G7TxmlB93J0VI1n0jrHB+8FOe+6vhn02nwUd+Ixazfz + XMQrnka2evpjqoMl5qbkhEwD0n04JqY0y/WcCYjvm3SDfcc+hWfzpy4AOSnhWFqC + qhPdB89mVuw/gh0UH3SMiq6rAgQbVR1FKkYII6PFRn3yMd11S2gGbykCgYEA2v8Q + cztRk4ssopr+PUZ0orELJCeCjVEOjsIMu1U9iFLVlotMeSaD6H9yqymM0iQAvhP8 + 7y8K2VKOo/JYbRhqxyA1XLJYyDE4jVEbuhDwtqOCbLmDTCUV6uLPJEAGsH3qJKVa + KxXjv8IgQB+VZ1HmboWk4w4a1YqAlXkN/YdLopsCgYEAuaQ9b4BdUzRkM0YHZHfX + fFW+Giik5FlAaxrH1uX62sMtZV+YuU6RSE1aH19oQU9yFTAzXlTlNOsXQkXHWOTF + 5tnzWjUZfoLzq/4aLXRRyFCmQPF0pSLmEZHhzSqyZZfDyrZ8YSkhgftTs+YpwdhZ + OdLCWrd1gisd34YiK3nxXlECgYEApOEww3E/w/Qe0PYcwImROwRMvRW6JyeF7FmR + OGG/CCpFgSizlOs4mQ2Lie6ohXZx0Ko/3tzuMB0GI81MYibmDbHkOzxTt7XHPC56 + z6X9daS5h55MikHJtKS7DDHgV3UVmi2cK6A5bqB7o4uj8rwo38FjGUf/UBMNKHyR + 2fXJLk0CgYBP4hiCgEGFZkmaVzOCbgH8zNBVb3vc8Yau8Yf/q27pEOnnU3dy6NJ9 + zzp6cliLnAILmNfTNruTRWWgHs94MNReSSRe9yyEzyGdC4t5fyg2UcJTOVSjR3CL + HM76WBcoqsshKzn2NcY6kCLLiVNZC5sJOIbaLDlXmAriGWDrmDVR/w== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAqBEQbaKoG+0cD4/BYqufo9zgI26X2n1ragGHX8fO0ONbOABe + vwt6sqaEA3qJSZ/9P5byD4kZjwpvTVSDl5ZDRY0cMWdquU7MBMwUXDJoB2NRoaPW + 7oGx8AaiT7tcxyVGKUVCiM5C3BS3NU6U1tNQYWB90Y41GHXH2q0znWt8Pln4dRGC + /4HhlLfWZbqG+uUdqmdT+FVdxgA3JdvQfbsO8GVkS7fv2LDOn0C0F6E1rcnCVDEz + a7jqocNUWTukhiDTiETVRbT29H7RHKfMXsVsMYC6a/jQG/Y1dwusHB0VAUbiKKU+ + 55cDjHQ9Mg4Rv41gQUX1yK7eF7l1/4H+E+gtJwIDAQABAoIBAFW1jhk7UFwdiaft + +gNl3t3kMHIhXlPQjkzbRrxz22bv638dwTPQmNwuyzgy73yamL4rLnr5wg0Ol0Bq + j0lpGhmIIw6W3Phv1N/Fa8Sw+Bh8cA7szRmJDsOHvpLGzEPLIIK/jXTTK4mtDtmi + n4kG7wEaAlAyI6W7uxYsKhxnyk7JI5XzFM24seF8VAtFRxkD46DZ1JNkoR4RMRMc + aArRNOEhc+3clMEs9QPpUqGXdJEYuJsOaMY5vZdpgWdmF4Mv9/6NTYEpTJVDXnux + YXwHqN98aS7OAMHxBQRi0PFGsqyfXK8wxWsn3HsSOOoZPdHPi6BFPmio+XmTRJfr + t4813EECgYEAyAniEezx0HzajgCIwuRtxc0Bl2/FkklvA+8lfhW+1GePSnmsx31z + 3jyo7kdR8R9K+fTb3UX82CE0hBntgsv8sbjSd7ZTW5tM0mtzGH7l6eZYI25fDUim + fjGwu1iF+oIHbNzL8Wkx41VVdZ22abKrNXm9cKMUjvilBDzpQ1kgXfcCgYEA1xV0 + JIv00xRazAlkLcXlChlA/W6GamNJvgjR132PfrPdlXen9fU6t1w3q7+oLfTdKrlD + 0AXCanTcYkdd8xXkYS6dhPUn/jrZJSqBNpkipXUzN1vKJIBb/p4CTvYdqw4B+Nal + OlhgzwA17VbF7M91SD1gq2ZYvdwszPooOpO0nlECgYEAxqix//VdbR0he9bh+xMa + RU9EHl3dS1tsSe7tQBteadjzABZ4VaGsOW/qoMDpitn1/uiClWyVHxtS6UJKkxP8 + P496TXMfs6E2mN4m7pPPxwuASqeo9CtLVZYJmvTeEZuiviVE0NoUtl0fwu++oZfT + 2gat8Te0Cgy67MuFKOJRd58CgYBD0DDRQQtM7fL+t8tNH0LqnzG9dfaNXoamkvNO + ZPk0MpOfh51+T/ZWT44B6ail7Lk6ujTmRpqYpAXEOsolVXavKVpizETyxC0oqbEZ + vMiOsFgYkSk3vvzCV6FUsgaCoyT+BvcLYUgMm/1kumInGvXYc/mhsOAz5FJ/wjOi + 3GUrMQKBgQC7tv2DEH81u6tU2ZB/3E3QQtUmctEqARvaV5ZO/fHCGOq16X3OGi/S + IgysS3v8zInt3zTydTjeGp2SFcs8FnKEDu9jGLBIm7zsSfiJUbdevnaM2Wj9Eqn9 + hRDMoo+tSmEhnN9O8K52eA5syOQ0N++CYTxHN1FaPV+uhMyN0JEQFA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAovw8VsbsKhi1Py8lkyRkBXlQ0nHnpx2UtWMnp9k06jX3yVDn + Kxq/9WkFEYNNc/nuHAhDKjA/7ztbx9viXw6c6sJLwNDqRTup+4GCNOVDVtYwMBbW + mawcImZpbR529IrsXS236SL7cC5PFgPv4h//PZdNwtyu6p9LvOCA8j/kY1FxvNdw + UfU42cmWj3Zhj1AbduBKcGpJyrTW7TSAIIt+zwhVPNPQ5uxkJlWX9pUq/d0Rt9Io + q+/cTZNB4YfxFUEv+ZWMAJ5YfXIPg3/J3g6HPCc3G5DT6kYwJgdzvnERKpSOg/nL + J4p9P9jDPjtFDTmqSj0GlM3sWq8XhSOctLrMywIDAQABAoIBAC0FTcmOozexoYc1 + h8SQXcyhSTEIY7vm0OgV3qNfvV0g0TRb0681cWbhvpOq2F8734kAw0TJFTAJDn4z + f+FQEQpL5074pm2/YGHn0Ua5OZOoEKGH/XlvcEoUTfTlYGiGY2oNseqFTj0bnZ7w + MXgd7Ixf2gwEl5CZtfsTbKr9+SFxsgamsbPD0btDHctWV8S61OPE8O5qiFFrfuQK + rYhA0VmsubAG7TurKwQK1pxgfhMP9WNx9ZQIEqYvISZY8SPD7ZO53lSgW+6xMeWb + z5Y6oI/7ZPsEnekOTZy11hSvAFsT/zP10OvYOJ4S/w0LiDuCoTYr1HrgmFNYZkKV + I1o8vrECgYEAyyLikrjmSMFz7bqjc7FYXZJagOyGfp7Db+sACPYpHSnAZb3i4Alr + ffwZk0oIHB/vthT9ELEVum74BHd622O58fcla5CFnKJiYo0KdnssMWNBB88pGTcQ + bJsZXj9P3urs+McrXwQe3iEiesR6a3ZY0EY7uxmWBi0Behu7ek6KctMCgYEAzWZ1 + NQNPCItR1y4cNTkZllhXnruSW44WFJ0hBvgtf6Hi0fGsze2FGn+8HXXvkvsy/1u9 + OQrZz8Ly+2G8FzJTiWp0gnyWeGpEthnNMm+8TFXv6h0F/FH/6x+/KoRyFX+N3z6f + i7FBchcCr9HUzKZEGWZX1JXcCMwULFaQnzDcUykCgYAPio23F/pWWqaZ64uR0GGo + VwghkPcBPPhK2bnY9axTlNwpbIutBEt7CgyS3jkcnbzjO1vZKRM2fkLvZIy7uDeD + sZrlTdtLDolkbNH+GpJY/PT+ufS0/yd8h6k7MrDTpzmWFvbUgCY0bGiM5/dNvXIy + DQ2I1P5LXqocQ37mbpfdDQKBgEN1ZwEmOQrBVvuo9TK1siWilgRX7lWLcM0MXhB/ + 6dGFRY1WJj7rx09QrGOwnCJVxgYAB0F4wthtWogdLT0hFjaHdAR3DqQ1oqN8DdyG + vf0ELGtjZNfdxoNeRdac8SsGXX34f0XNzYS+8e70p0MfSDZfWnFDVqS9AdMeCxl9 + Xp8hAoGAd9DwL85VnZxfy/Ri4LegqZ9ZkB2pvjhcvaFdlHshpq+VI+pIu82oAiAk + EV/EFH1mn/7dlF7kL8JPS2dJSoVtRdfMIMuU+xbEg0PhjmwZAQ9e8S5H4NSKBAFR + 4W0KcgMpttk1CqAd6JXuD7P93cA6zn9k7XqNo453w4y5t8hhaFk= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtso7mEArTmxhVpnPeOwX8M3x0ncwft774LzNQ5p+RgMAVcLf + bA5zlBY7duzVE18lxqn/g6dFCXz77P0DbQUJQf48J4350SVQhqcV2Kp+dBhBvvel + ZD8LGZaMs8tG3n5la+zEHBImyc3xhPzQZ5SbEBdjqYsvqpKqUeKHljGVi8DzxBmx + aSokDaNtAz7z4u9xq/mau5EKzGJnh06xTgNg1f9M2IOhpyRcvZTXnLBCnRTgbDyy + oTEa4EwEc78HdTXbqEcoLE8nA3EQSOiJK81TtZWHf4B9dDML+hTL8D14ydC5UYd7 + frHxPPa9Y9s9omgCrVJspvKHIQMJiefBuS8R4QIDAQABAoIBABFsb4fQvhAIprKh + kLQ/FP0gNGfScq31RV8jwBEsndLAoHyMSc28BupbwClS4/CnxisMs01yWVNRNZZe + e8AdlcdTm5pNnz1/aBCdxqhTgCBC26l/Y6WNmNpEjn7o5oV42OQTupHObSIZXmdF + zfvBn5JGGHrlyJJizpdll3UKnu2mOnEmv9Ckf8B/w9d6PNTCxnyHk1Tt3iFmM4cA + ip1uO/QQkuyuFlc/JYPwoKW6IBiVahs08yz6m6nFO1WvAEbzVva9WOFKk4l/AWCk + kAHiHOTNS/VQGGUjWQpcWT6Kf0FJKAzfHG4yxYeM/ciTsLNUxF0rKHMOeuU50dwG + 7P5l/p0CgYEA6+bLlG78gmLxweSpXzvxKOdxshOpS6xos3VCDBvZl5mIbMXv92NJ + C4eKCnj8TCURAB9FM02Ec5pyWO+swHWR2ZuFsNFwLBNU7OHd/Ee/7t23zxAnUO2l + CiufyYAc0QOPSG5QpZdvvrEh7fBNpShz/XxNri5FP8mZFDmPVL7nzucCgYEAxl0H + 6pjhMDGzaqYE0+zMPOl99NjeJ6cx2TsRNbEAYYEf6reE/ld3S6zgm/MHSBy7hM7+ + M83ieXEriwXCH2oKIgK+cwajm5NEy5j09+lVcgBOIzP3cwrEAs1LL3qrgLrOMT63 + FuznzrTfH6AUHtkMQHNiW3Sp65mblMWjVe8M5/cCgYAfgMLPH8M45l3CtvancSnT + fJUCYv3IzU1uKcqYM1/rjuVZIVXag7fNglw86ctHn+uVSJfFMiTuC0IZ/mfji8/e + b5Z69n00ZaCBwegTOMG49IMHc/DMLfBMW2cLUcCHaSJJWfILKx4RKTaOv/iehbh3 + sZHuIN++lP2MZeNuPdBXIQKBgHjqSqIRcOtc0H5JFxZL+S+EMRhoffrz6un9HH97 + Fr1Y5ajBF5umm3yQtBW77gtiIFhTiRbxAIWAm8dRykQ18llLDOa2/FIgUkY9Rc48 + +K3WS8sfqU4CGPuQQq19fD+rH3dbQGYEIUWacYwomzs2mUZMT39qPQ31g6YLV4ZR + gq9/AoGAJck7HiHVlC7iDQt8ODD01kYLZNf7TVEa7NFKfJTUXqPNTF2XBaHtdMmc + 647rhCDPr4yYsm6iV81KdLpRwo4c6wLKYklzbk4kjE9Q/LGD+5VK8h5u1V/mwnT6 + F2shi9uzLjSc/d6b6z5bP1WS20X5PqMl4JG4PDpYqH81/NmzxDM= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA0Gue4lp8l+SVUTcroY8dOlS60oiwhzqr7SXcgwTYJq31u9Sx + uhv5hNaSCAc2ZGURTtnhd+rUMh6XMXWNj9c7HtPV7J52+bv+1HhYUFotY0P0yWn3 + BAfjCj2TG3HKaGhqV3NLnj5apM3Dx9QIgbQqrixM7JQmNFWMPmtWw098aiA59Iwb + LE0yKTy4K2naQuE+7iSZeiTMAT4eZ9/OfAfSuI1YfkPt1JenDNDHcTSZVh+pccm7 + HVtGjHf6skIexgVH+M7PHzpxX1kH9t3Qg5pfsRqCL8iZNOHBpT31o9L6k/ShzP4T + yJFv556rOcG80vtQj5ORSTlJXiCGeWXQNdzEWwIDAQABAoIBAGwuQFUbRKqOslZq + fZIpN7GMQ0B+RKqccJryWQgEnrFNAEzTdMC2PoiN21ShccEgmKBGBXr5/9RX/oBk + lOsBe6VfrR1Zj0XHJ9le8fAbLo3kuw1EnDuSYG1zUoUfRkF1WSU1Kh3kHaaHS0TQ + sO2p97FaOz9dEot9kALiMjHEcz6dtSLYbKNTJBPvAxsZll8EZFpuHyOMGwDY6p3k + oafELM+NMAyxVqjZn0pBL1svp9SU8UEyICNC7/Bu9H81mAyXzh7HweNC6LPiydsd + 7LxvQiiuXz83u1+vcmeElKR+RkfEaWgHWv3uxw0LVQqJQnreU2epewkdefVUwDwB + vgFL5okCgYEA1nK3XfZVVJVwMWk120nRZ5OxEmDYeVOnYWIrZ4bU3uJjVHMv77Yi + WCAA3A+OMqEvwmlrAxcvfS9ZCi2FIr0Gu2UO0L4pYri5xQLgtXwBMhEitvgke1ID + byTJ7OM9mEaCOgCYBr5xw+Ivuh5KD5QXpvlXLR9d9EmZ7Gh0kIsAT60CgYEA+M3p + PiwWtcvTo0mZcC07QP/t4B1cMqv+df02weE0ZKAjM1fGzpP6BaYTNY8Y6U4bvZhu + PeMvCUD0AZfMzS3VXvW0agiPGsa3HqpE4uaTaqiJITNzD2N/iTqCjrc+rNgBAfcv + Cc0lJpfCWwBu3yHZawDvd2MV4Z+E6W0MiV+TRScCgYEAnMUEM9avDsSoXhbR3lua + kCOyIQNXfWqgRFrl7CrvV3kcsFH8yzrU5KOQvU9J3s1jArbaGkpK1zNT3lLkrz6M + u1XnfMZnrtnoRJQT/diHbziDrkq9MMIF7KxySZDeKIHzFb/1Y4i51j92MJOQBM94 + cwJ4rm3t23Yq5l5+SGS1d4kCgYEAnZ1sLeumM2K9XsroPg0ZZXL8Eabn2l3k5IAV + qTrugvSDeCoaEpHhqKRttNdDE8Fch35CEEiUaotQSJYOsshfTDnhIe7sIS1TokSB + QTCKoN3FiVfbgxsoFxoOzTQ+qyZndQRPMylXaJxpDlc25Xm/Dy9XhE0r9nOksm9X + qsr2M68CgYArF+luAV8WEg1dsJgoxmPCAaSKKTMxBww+8v5vrV4kPZymiEHV71WY + PB9CF8SXuktUQuvVmkrE1snyyi9wthX6MEjSFgQviBS31BjbZxYYh3RzkbQXkm5u + eIvo+HBgEQeothVECvxWlG1SakjIkPNWzRUdJenVGESe4SO86/j6vw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID8jCCAtqgAwIBAgIUJKkGA1FUkVoSQ/B44+qGdnlPXNkwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMBQxEjAQBgNVBAMTCWFwaXNl + cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8A3Rr6WMB6VdM+ + q8UwAdEArvznVCwlTtj+7ApI1ItuGyu0LxOYendUr99L+/Xob0WSGp8+sY4IYkOZ + qiGu9qIHmTJ04fY+xplmcIBhzqekEstGdCCnH8G42MJQKlpb5WZXLnkbLiLv0ze9 + MsLCaISYAnxPBcEryHvWpSJ1X/iFaU8jU771PyXYC95C1/Dy5d6C44pg+/0H7c88 + dBSt502xRnmCDyrPMxkwY2MmhiZCSwNV9Jq5C/REAYG70RjOBEATLC0sqhaH2128 + TYiXg/kwRcT9pWz9jr0jyLRhN6HR0f0DGkXs/tski6Yj+9foJQiC0S2TgjMcaTB+ + UVdzwlUCAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUVluFZ3v8 + cr998QFxiMewu7XN42UwHwYDVR0jBBgwFoAUSqA3SorYeSDuNsSfPG8enwi9mzYw + gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz + LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm + YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy + LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQBmgxaxacnu5/xc + isA4UmydL7jvM/5JGrU0rqcyOZYdOK8Auz1iTdCpeRAwd477Y+IcKrSDvWQmA3yv + neOME5/ffNFek3iPx8vBf+rwwbD+tC/YHky5pllR4WlEa90+KXKBiOYVoz8RGLIr + dilJtU51NY+EnKIllCVzRtxeky/5kOV1oraWEk5vPhOpyYfJ+Yx9VVQXvSs6LzdR + QMkSmzPVeA1AXHauWyx6Cp61TtnuekCEbPAxrBPbJb+GkW2tFbYIAZBJfR5IiMJA + pBQI4JDeD6jkDLBp58gW3XJCYr0zcfQVaQVHsopOZKH5PoFIf+vAKcQAK/SmCSS+ + tbq3nLaW + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDjjCCAnagAwIBAgIUatMa/27XHBWZivkFr9aiuvo2liUwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDgxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEfMB0GA1UEAxMWc3lzdGVtOm5vZGU6cG9kMTctanVtcDCCASIwDQYJ + KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJhsnUwfqTp20kHzpc+aMZeivyVKYWIE + 4Y0PoKVWbUuQZQjktGHHzO88ZzeohszvUVZy3bdGwPI4HwPjfa8LB/f6nDx1aqEr + dssV50tQydl1t0gQtKUuUDGk5FWIGcluX7MXktFZoJe2rtODpLQ/9nTO3wqqvKfr + u/tAmP8fhIw0T3fv+er02NDRvxhbyJpCd9R+gpm0gw9dduN3s2PlqiTPpEdQSQZz + QlV1yF6lrJ7R0hPns7xbcGSj+6karLzX3r+lT08QRgW7+10k5PpHoaEbwZoQ1xdR + CvZt0+G5xkAOoqB3BWBbfAFv9dwb38h/+VOo4cZeBVjbyo0ihBReDUsCAwEAAaOB + nTCBmjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF + BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFPUBkcdySUw3bF1vawtgT9ba/8m + MB8GA1UdIwQYMBaAFEqgN0qK2Hkg7jbEnzxvHp8IvZs2MBsGA1UdEQQUMBKCCnBv + ZDE3LWp1bXCHBAoKrBQwDQYJKoZIhvcNAQELBQADggEBAKMoJGGPPlFd3X3F2lHI + LMReBe0j2VyuVykPSCbpaujcnTFZse+EVaFMFLWO1VhD45qji9bWg8BkHpw7TJZI + hz+xw0HdFRYLSwLQRNoi5tGD/6fHsWhyyxJ1bYHJl1GbYcd4hpIAkRIYj7tiLDD1 + 21027+1jls+MARdGd8y1hZB9YQCK6IzBoz8n+LNRe2YolAYykIYIRLAQt/x6LCP8 + plhpVBAUxxecnulDJUHZLnSe1t7+S+dIyFucvgCT1eOATWh8TYIrxK5e97fkN5vt + 1sYa65trF/dLAbL56GhHL7JOI8BNsBbjOPKbEpYNS/aFPSosw/8MyxeR08vSOwZB + q1k= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDjjCCAnagAwIBAgIUOASPsyDJETFZ5lCi6z/UkwzZ2WYwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDgxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEfMB0GA1UEAxMWc3lzdGVtOm5vZGU6cG9kMTctanVtcDCCASIwDQYJ + KoZIhvcNAQEBBQADggEPADCCAQoCggEBANja6HreKd9S1RYKWRMrJDL/EDA5yX9s + var2MOB/75ZXayQ1jzCnvol3hsopPXPBy8fikvU7Fu+MluFxSFBkbwHSmt/FrkAK + avaSzBHzhysm3SmySCu+6xkDjVcYrNKHVZNkuiRDcTRwsJC/mWQH9azayOKclaE7 + 15OwIlSp30j3Mhd0POys6oQ/486KKBOQPeOZRxgp05iifGz+oTzqYl2ihlnvLtg9 + tfqqP5DIJ9CnoJRRUIRZ9SHFH6uYsSZXuHzWVOZnSnqgWB6zy9rx3BZqND6fZQ6f + 1wp6Xa7OEFVCZy1EBQ+8ZtZsrCNAggrlzUGe56+Pd4ranIfMl8OhNkUCAwEAAaOB + nTCBmjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF + BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKAoSxgiR2V5RhhoQM7qQtEi7zow + MB8GA1UdIwQYMBaAFEqgN0qK2Hkg7jbEnzxvHp8IvZs2MBsGA1UdEQQUMBKCCnBv + ZDE3LWp1bXCHBAoKrBQwDQYJKoZIhvcNAQELBQADggEBAEtbZOsFzGN9ot4MWlZL + R2MVrmVQpwHY3SCofpVxUMlkZg3FFSDydRTIiQXaxfa3Zczl2dviNkAIUJs7nd7p + YBhgGI9ezHhvS7t5pO5nG4Hyk1myw8WPV+Q/mU+i5DoES/apAw+9Zsqfw2xSnysi + QH1GTe5Tse7pqat5dMeAl5u2dGu3p9qe2Rd+q08Ts386njSxZuCEbmvglWSxUjva + hp+2deeqgTd9FaWlFvToiEDlZJ2s8d7l9Be3P0UbxuKwhHXBwkFjW8/KL8QIrJ7S + yCEGTmFajwa1HFsws+6Jxgo1BBLj9n4O7Y7oinNyw3ygDkn1jlkgcz/rPrAEe1Yi + DmI= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-jump + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUeZ/tqTn4wiSSReN5fEEcMBZBP9MwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTEwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr7ZsgQOHGrJ7AwWv5JdUgl01JQvxd + LsHZ5HiXlUZOkHHBKbQV2snRc93MG0bNnsn7QPP5hT8ScveVcwkZOusH/hQggUrX + 95Ua3Fic9nybeNorHhsWpRApBz58XU6l9GWQm+mmb2yCvW9rb2SvbRdIZixWSMUP + ltdlG8K0dH5yZJPaAEFpVtX6wSSH2zPxgI8ZCeK10c4egECpKXCKyNBHMAH7HDsU + wnYAizKHPlax2qCIzBhcCfhBJwX9/SubDRv/vSsyFCNRj0IG7IGx00GQd49tf9TY + ofIP5tFtMNxmCCXm+1N6gg8oaWRhav1e1CrayXWfKNZbP4SmXm1dssZbAgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQHeh4XFT8hjpRNLiPGcXEm7SO/ + szAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw + b2QxNy1ub2RlMYcECgqsFTANBgkqhkiG9w0BAQsFAAOCAQEARB6DNhJTNe+cZxSd + Vt5ja8fYl3IjAApy97ZUKhQOFY3WPVAru+uv9OQ8VFDQzD3jsZ86pnvT6gOnH2z3 + QuO9IKyb/Mzd2StwMAej25QN+PNE7jYvsW021cBrMmhKsGw5t9WAUu81pY9zhzpf + AywQXZz68GSyn160lz9C80UKLaDEdy+xrivh5Jn/XkzJkdI0X97nA/N0JPrllmjM + Duw/JQQb7FQcAkTa5ZvfjapOHR9hSblDJc3xTcYhav6yZ4qMCz1BCvpFXFrvAwJE + M/QMQOfw7DvyJj2B3JqsuQGVK1J5Ph6gEy5qAlj6zC0cb/C3j8pih53PHQi6nlbu + py8GrQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUZEh0TD3e+gQCjtZMnO9BgJRelIMwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTIwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcgX/YKhGzS9xYf6eMgXWxjQZ9igUh + IY4eW8U5kFOmslRKQLHvHTqeK3vvsYzlWSeE3bvSyM51xiYJR+kJ+0iuHKzArT76 + x+17sp6Whg3nOIgEpwrkKW08GOJfhD4b5owY90JqrYZwyggLiIn1HusAwxGkFfOX + HA9xvOYpkB/PIgwBV4R9YeG6tRQCDoQC64Uj/AVwtocX5LgWUZ3HWfsmk6GTjRvz + 1LnMUhi94R9SL02jCcPlKF7i9FkAILd1D0I2xoEr86n/evvHtN1130A7kT+ZnP2x + j3QMyYh77iHMDLYKeicPR4WqAp05tLIUwv7IR8+cNfckdzOcJTuvPSAZAgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT9O6b1bnmbT9dm+4+NcFUZ5EXf + FDAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw + b2QxNy1ub2RlMocECgqsFjANBgkqhkiG9w0BAQsFAAOCAQEAd/4jX1X1PqLQr7iX + tS5L7bE/QJD5z5wKERFkVks2MMZ3xC7OoqNiguZBteNzYqZ2vcCktMv1QiAb08kb + jn2DBOxg8F6RuLqGGJ+4hdbHV4ewlZviH7R0MdH/BANbqVoAOtujB+9tq3nkeGHA + E/75SkDwXaxEKrypwbpelUdh+SnxI6IosxPLNbyHesXpP5WeGFajitUYvqPzi6XN + WD7tOfPIarnzryPB+3J+Om0djawNCVMecHgVRZwCRUTNUfq734+2bp18hGLP8UuS + WZljv4KM6EA4ZaeNCQ/heytZE6jiYSJJ6ZQEKr/6O1PKe3SoOhO9N+zqDfS4ALQq + GsbDmA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUdIZhQJbEXfJPmo7+MBg40oe7dZkwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTMwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVPYu1B0MjSdlhS1F99ovPC15owcEW + 7cbA9mDWix93nthaE1UZo98kVOAr7wY4C42YS0MHZlT5AOrPrwJpHwwC1W1zgDc5 + +OlKnd3Tum+e2vvFW9PhFoSkZ4ZwliTIOyYIoaD5xAKcmOaFSbItg3mPbBTrXw6U + FHGbJypN9NvE/H8aMeRrQJ+DA6MqMKh0lmXHEptdYrVGTaxwT4AxsaDYpGgY1WHr + 07Bcgd1no4coWnHYN9Vg/f80tE+uNebeRDgvH+gC4OEjD3+kV/CCfjkFYHLlU2so + YTu8WEfpG8HCxZrrpvB7EdX8kyaqANjeQhEgzycfHaDJyyf8Zrw0C3uhAgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDsLIMg506lEk+MFaD2Ie5YRdN + XzAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw + b2QxNy1ub2RlM4cECgqsFzANBgkqhkiG9w0BAQsFAAOCAQEAWiPWzQNzOZvjVvHH + TQ1zW3rHKv1lKZ8gHb7s9aiUeuq/7PKUZpUBzOxYdxZLEiKp1ZRHfuO3BlUDFC/R + V7L6N4eco3bfvYpAd8NUrKX6ruyydvHqbKWF0Xo8MfcUZu9EIrHh2l/CmrCZ5eUP + kJlSD+mNvsmaAL6teOpnyj9RVEvk/mTbyCj4e9e7MpPNE/0kB7cFtrUdIHJc9bsy + WZJc/ISngSmnVoWMfaqxGX99iFW032aWuLWUrSTKOkvtZqIPDDMUAsFgwUKWmtOP + R1tOBXJrj4C/wdO/fgDEgO5F8O/KfG0jtwcTPi4kmR1FgzJUdv+cDbI5gylFhtS4 + mixiFw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUKFO+qu84cEUT6dxT+eXiHyC91AowDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTQwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBib5O3QeE2WVARl8aGz0ll4AsyD2o + JNiNCccEM7nRsAT6ShXqPjWmO4OGPhNUe52DSmXcU/2GblCzeZ4iIPpYncDqC1e9 + G68iBvArw6dwr1ENM+7eQ3DIWRt1zExgTRfbaw+aCPFEJMNqaYxVYky48WY39aa1 + q/nfUuac8WHLtNz8fpaNfdfCmfk9fPyHiggSCCD4hZ4+kvwBd4QG2KFkrmpMH3hZ + DYcwxZkbeYopyqHVc+QeoQ3azWDRfYgKX2zWSgleCRJtkWt5miXELGsLgCiIykUs + fVM3OOBoEVTZnF4xz5Xkzf54xABInKcZjkgw8kMRiJPHRRrUdsjgVp3RAgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTGvOFfJ0ZcijahG5L1R+uzmmEj + qTAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw + b2QxNy1ub2RlNIcECgqsGDANBgkqhkiG9w0BAQsFAAOCAQEAN9WXZk1uwjwhVN0X + EExOpYSTBs87AAmW9SM0xp+eTLB3M91jUro5Bq9hqPC+e5eQqWzJcPwdpXUHlUCG + 0Q1q8B5ldBn4HFyhKU994ZX+nMudIV0ZX3L4eC/Q6GDrGblpDCxeoqX+sRBPpitQ + GH//wS1/oB9ggXqHqYlkcWqUwzJCfZ3UZs04/o3X8+TQXaGcHhA8IK1ftyvGj3RU + likT/E54fmkCHvE14QKBSlipd2xQJDlUYs/be/yDHN7OwVoHWj+90GBTDWphAlON + QnJuHAx2OlM6c8Q4NRhvnjE1id41pctLZaUNjOf+MKbYS8r4Hhf5E8esCjHpG8j0 + Tz1sfg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node4 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUXfIj3ULerEYZxEkv17nlBfVO5FAwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTUwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZbzwDTSIQhMJQvYbNVKvjpMf2NBGV + QXSC1CUlQlK43pIG0GC9EOLrHzKMDZMi35848NTEj4YtuSuesQHIHiSaKaLSNVpo + 3uj2Kf8JajsNucfE+SyOeKANtfMZXveIdp4qhrbUsyoIg4vBaqDpftFv+bjBOYbW + 9T8NzwUJG0GjphfgLIGZZib8BpbadwrcFENGXR3BFyS3KVN6XJznlUPX+p9Rfib+ + YbzZCGVUYLgO0SrbPAyYmWLJC0Hj0KF3q0sjrQpyYMhnRFfz2B+kY90Dir5dC1ZX + uVmVHI1IS3FuprlizzygnVrRLJDFHPIM4LeXSY1wQmtuc8Wb4enC0WhDAgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTwn3d4InIiDPBmY9i/1Kje+vUv + 2DAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw + b2QxNy1ub2RlNYcECgqsGTANBgkqhkiG9w0BAQsFAAOCAQEAK2gKG8ShPRiTdplU + 6G7q3uopwfmfKaiQVYEKQQ9OLNtlaUOF9MAtsdgxmt1g54hyEkuLMZrZRohqInbE + O9waS6KvFYdxUPUHRgNh2DpUXunWPORwcf7VNwU0c4MHd12UK0UBAwuzDekTp7eh + 8aFvS9Ig8iCP7c+W/x7HnKqNaEHtVEkbn8sdE6EzvPNwErjlGn6CuGwSf90EL92c + b5DgA/RZi6pxXIDM19n3O3MpeM8r7HT4ScUO3NWJDxIepWXnWGZ5hHsYqPoFxkU3 + If0UfjkJh2n4xfyFyn+S6EoWl1Eldf7vSa78eb4HjcAJddCqHVpULTsSNxZyBVEJ + 0O/wBw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node5 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIUVkBkvmk1zxhXmntTkCrIzW5QNdgwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl + bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + AN+kUGrLcFeX+HP1Dg039vHOp8yIypTn5aLWycD3o0kmgUpMQEwWZMn8BuxUq+fe + BirCJz62pPBs0Shuw5ugP8vp+4h2Me3DIggQDaWYYfZrhMSGbiH6W9F6QhWwWCjf + 9JPCa0xI+vVRv19p6Z6Q2PGCL9op1q2kpEqB91ALI3trMmYc2O4zIE8JWEBUeQEC + gt6GLP6ts0v0b1eU14cjszHz1rZK90xOZ8a6dbVj7C6wF/RkjbT+hAvG1nZjFhJt + W9csKDiRQyYLkd786u5gqKvEppUrVqN4daZHMuBSoHG+o/C5NX2I5hTCKuJLt0QE + 0NWQeW6N/XyLUQHkxKqWPoECAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud + JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW + BBTKVr0D3u4EXt670HQwXkvHK80IfTAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88 + bx6fCL2bNjANBgkqhkiG9w0BAQsFAAOCAQEAhrLFJ5mYiSMxNE9qKmPD7I3Ck39j + H7ELOVQ55WcKosSw0bxxN6uFdtPe46YL/IBWLrOUtxojni0MOTe2eRT/WxOri0tX + UcUrb8aEbHySUxTljRntKKKUUBY0SFgSUWGv6s/XbBTugl+SKk59zTXFApLXkHXR + FWuT1cyzDGyCINQTNU6sW4I1P6RptwUiHLsHvsvQzRGLXEmenhQtyQOgIdlWkBEa + XugbOB7MrVA2Okknm60tY6MjdhzLuLpsfrfgVPbOhhJgx4s5R9jUPYkJt2+AM91F + AatvYzGF8PXZ42AD86koVQMaKVkkik/+B84hC1WLJyi6j6q2XlNlbPI2IA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDXzCCAkegAwIBAgITUnedsZPFK24+0RLcQnBCy6sfaDANBgkqhkiG9w0BAQsF + ADAqMRMwEQYDVQQKEwpLdWJlcm5ldGVzMRMwEQYDVQQDEwprdWJlcm5ldGVzMB4X + DTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowKTEnMCUGA1UEAxMec3lzdGVt + Omt1YmUtY29udHJvbGxlci1tYW5hZ2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A + MIIBCgKCAQEAx4qVolEaF1s0eKEqkCYybqL9v4ODiX+GAglz7KIQxXZzaF+RSVcH + xrbeMJV1eD57tpIdm6kbcjllTsnytTef5iaJeEyJu5cxyr6xhwyQNnuWlbHl9H7L + lF12eaNv94WAJ/S1I1bhjt3gj6vvXbFuridLydC9v/ELzVG15d70drVsfDvrRGbB + TPBTt1HX0pPD6uvaKLUwy5vLqx1uP+l75+EhmE1BmVy5c4SnuUdL+/8zqoPFI/07 + wWY0Jq3+G9zSNeweVIxOv+vmgsUwNlNFsiu9XzzI65ngwaVHvelT1JT1ahMeO97o + qOd+XgYFNrKphJzvoLNVtt6/GdnAzjv1/wIDAQABo38wfTAOBgNVHQ8BAf8EBAMC + BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw + HQYDVR0OBBYEFOne9MK3El73DSrS0A1Uz4SQhjP+MB8GA1UdIwQYMBaAFEqgN0qK + 2Hkg7jbEnzxvHp8IvZs2MA0GCSqGSIb3DQEBCwUAA4IBAQCdho1eaIcOFSzyCgkx + vYuL3nwFmofMQh9P5t//dCIrs1YGmMC+i/paYK5LcBlqRfR5zV73y/Fvw4njIz+J + 5dR1PC2lNmEXXyy//yhy4fw0G6zdY9dZ927znS7t7aeDf8XbUg2bnnOSj2vBTMXK + +SKZYSzYrhaYpem1Xv7pZpEGVhQ2kti6SkXmgrhbiFlzTqBK8IqrV63q4UIW1tdd + vPfg61tF44lUweAfDqe0qTra1HyHRscI9uXJSShY40U8O+UZX5BVhGlYbKP4rWyp + tx7vCUcRPNWsGVDw0YXiRzhZVl6edL92PTd56Y8zc24ELAbCodVFUoGIbKiBlC9+ + giRY + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUXVDbDAa6v2oTEGQolp4wy4+bNiIwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBANFOOJFFMQ2i1rnX6rtQAjdh3KtvjXv6Pfkd5bMY+7tKAHsy0x6H + TlwrN44dx4E4lGLJ1ZEqCRD9F6Vznrhjro2/Bq7MA2GmDbe0w0LCar9gXdKg7RMN + p/Prm+KAxWPF7r7KVBCc+/FZb8e97Cd7riFxAwD8z+IcIN/PwOnELauEmF9svL52 + qSlcnWSaI3A5Sj5XYBDtrgb809e2jwRcYx72tWZ5+BnAkXqgmylh+ARedlQALTM2 + gIR6iJblbTY5b9nWI+/0DW0kLkWrnbU8kq8R1mVKImq4TI5xlBqRVeJvrerxHSdc + szjybwbG9m8crW5c+Hdk3iJUEjskonGa3O8CAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBRojpJQ8kbw/zd+BkCuQY8dbfeA0TAfBgNVHSMEGDAWgBRKoDdK + ith5IO42xJ88bx6fCL2bNjANBgkqhkiG9w0BAQsFAAOCAQEADbQMLo5fAELUbK1o + prklo9UUoD5dQQyMB3/kR9n+aPDT/EQvp2oj3wJQfBoHYxorCa4UThd1GYON0nt3 + /AmiGmIcPmlX2XzeuIS4C5xRr+8rTx4umEqzg+ykdNwKV7Ed7QJkdIX9ExTbkfws + d85tmAeL8Js0GW0oWL3N8NKZNNu4ygAb7Ha67ZwtpHiJ1LIyd5XaZE1sxhtRCYEu + 7GRQRJkX3qXCb3BoptHmjYrBR6AIKjKnRG0GE25z709wXS8cmbwFWS+NTOWo/5W2 + J/TfCe0+RnIO2Mj/898hk7DImvav7PKuPraAV4G1ClGq1FqtVqa48hL/3tma85LN + PTZlCQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYTCCAkmgAwIBAgIUciDyPOzv2gb4bPSoKHoupoallj0wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQCxoEU4+cHjqNFCs1PcBHC6q5iw5K4vhXJDn7JljpaAGwB7UTul + n5WMxdbl6Sj0OA2EtukQP5c+sQEcW2ZbvYkUajmeubsuP6+a/d/xr4kveCTTuloU + sBYi4+Q3Rz5wFO86Pyh2uoLh2HYGMBuQlo6IeT/DanL25pLmoijAaBN6jluLwvjL + S83uCNWcfRpAHhUarr58ldb1m3dwGHJh+Lj8oDmPI39WU88W8lOQCOSx7F62uk2v + 9kVaxFCJIVtPGWkki8Zna12ZEQS2x/A8JiCL79jILWkIBHk8Xjzxdidy58Aab8Qm + 65ozGJOaaGdtpUiGOBKYWecWFS5f68AjhPMzAgMBAAGjfzB9MA4GA1UdDwEB/wQE + AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw + ADAdBgNVHQ4EFgQUpLt0EVpJCPlGVnPdiPJKGl2W01QwHwYDVR0jBBgwFoAUSqA3 + SorYeSDuNsSfPG8enwi9mzYwDQYJKoZIhvcNAQELBQADggEBAEwaNNwVUgZ8OIcM + h0RQ8Ly6HWsTODBcpRQW20lPDjpOde68zrnxI2pLdAV7KgcfdhvxrEUU67K4BS8k + 7djFfLPOnuOty4imvIGaha8OXCqlP7gplFehbKsCDUwZibNm8FcQXTeVVqzGEFwO + WEdsKaYlHGMn0hPUvCG/qtvXTH+vY+q696+nDqIirCfRbNmUYTypKhdzDSiVFoTN + U5Ek6GKXBSv8rs7EoCJqiFD5dN5zpT7ErF8xgMkW0DVw/09u1vtRV4D9u/NlTIrh + 5WtDiyRlFeRZeXnJz2CTgzItr1Lt6eoTh3/64hYQl2+ThDFTQz5WkrlHGfkRQWj+ + QIpMP3Q= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUDCCAjigAwIBAgIUXLNalbN5I1hNhCAPUaS4nLXTZG4wDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowFDESMBAGA1UEAxMJ + YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3C7GPaX+ + CBwPz0rAbWorFholDrZqV4Q5yOoxPfrTRJsKkjpNPG9Wot3wZNukGWoUzm6uTwu+ + tasfaOGHUH1EmwhHXtKavWhfuzJziXXPL2DWAoWhdrIkM0c5oYHqNSIiQk0Ld805 + jtI8L467Sn0Sy21oSwIbPGVpcQeYtI0rOHLxev5Pw+KkmqUBImjv4otLtIScRlcV + LiOFqitIQMX6QtJ+0sQTmPye4ezaYg4o0kT6R7xuaPdPHH25ksh/yzQTYpileV9T + VSv5IhRrilqS+TGVNT/5MnIuMj6cDX8T7ZM03/uU5mVVLHlxURDZACAhad8d+t+q + RkfIuc20PQt2pwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI + KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFiawe/1 + NzSv3p4ojD4mBlLnDopxMB8GA1UdIwQYMBaAFEpKpJjvUnEK6Z4PRxQP9AjJnquD + MA0GCSqGSIb3DQEBCwUAA4IBAQAfE27rBTdIC69SOCs6KM+2p9Jlmv1H6bdcfV5o + oIQV6PgR7PUnazlXf/Qw7t5vt07oAlNuyQnDLAbz5qC8/Yjvk9rNXZD/ROQgXSK1 + QnjTWJ7zCRzcmvF2OD5GDI8n9YdGjgbI2lJwOYlsP8c0eBKlOhG6tfRt3x8FRfw6 + x4dTKKiCdC/PcYbKeGENAvhiBR7spm1d/BZ+gtmlApOJCUDXquUJOuXMbxcnbr/z + i9Ps7+rf8eMqF/HLw9SzM92UnFJuL8apL2xBgZSFSRaLoHD2Qyvu9ZFpkHBj02Af + uLuIRTUPpsCGtjN8ZXLryg5iGvgyJIkJL9ZC3aTIdVtlktYy + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTTCCAjWgAwIBAgIUZsDwxAyPFvCBD2qAoDt7LbN+gBMwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowETEPMA0GA1UEAxMG + YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLJuWpNsBvXt + Nny+kzFW3BPOVt7hkgAMRtKtykDNev6PawxZoo5tuL4tRb/htj/htig1uI+eCKCo + 4TBPS9GdVgvnWN8wUzqs7DQcGKlPrGlvg74Mnh4jOh913gdOSZRDQgqcOSE0tAOW + HVGUhFSFgdmqzCL7d5XVpqjLDleAM2OgSmhf8juqQmjtcoLg0Ioso5QzZO+MUIq8 + qWoo8bfFHry+Dy0PVZyDm1tLDBCcFrjNndrvxh7gCdvbN0wHTUR/RUwFLGcT1OUT + LN7aS9379l2ROHjSs+T8JpjIwYYZ0/XzKc7WofUeO1wTNjrrWsNNa8Syw75io3Lu + LQcTMu9CcwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB + BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBCxp8LnC1Ft + 4yBb//j1AyxclY/lMB8GA1UdIwQYMBaAFEpKpJjvUnEK6Z4PRxQP9AjJnquDMA0G + CSqGSIb3DQEBCwUAA4IBAQAR85WvVUHHukLczFgOv3jwlTY+bJLDjJd15ITEsNMK + F12kiCDdyUor1deiMnZzr1UMlVUV7zlxB+hVudboxbv/2E9gwixnXlIiuRkNxnc/ + VlUp44GgQS1uSYcrMxUOUgPkyAswTIXTdmbSsAz5m8q+0cjKThglt8djNQTtR86n + OW+aYjmPhCh9ndyeoakPj/I+ICDgWKRDgLeoxgQiDt/m4F4QFV7UWCc9Wa5t5tcY + KJV4i3dLLY/Wnrt5jLI6ds7hyvsO/3qBbDnpkbLH6cXjtG18zcNGQb0bRwxNITL8 + ZmRKx9GqVVeJF0e+RlrjfXLiwjW9dF3jDBbffgD+NgvX + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDwzCCAqugAwIBAgIUToZl7A7yvof8fxse7GAoLdpZglQwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowIjEgMB4GA1UEAxMX + a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw + ggEKAoIBAQCj/8sNN4HKAxqKkMcrOPHPUZwyAsn938pTql/ZKrd7zvyU4r3DQSKq + 9WkkYOrlHfgepGpemBC7G9MeggrhOaQzMj1AsZOca2BO+jnuow/ffcSV/4SDKP+b + 2h43DOmfLeVogAwXPOOKTeYjVoSYyrrl2c+IztKuu14IN18z7DrwpVMxs3/NLR1p + 4WLOhCPKt8QxL9+Fc3SWIo+ayVz9RZNbBj+bOiq0AcMpSU1YyA0OeSkUQf7KcTvk + zLaZq3uffuK00V3Vx9ykGPPOBBlbqsafa1eWuP0RZribWRs2qoS44fyYr1TGPaDG + JjRoodYS++hjvLhu3e4wqGR1hsixNRZnAgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBSFBe7lFhSQb9E/duHuKEx+GlG0FTAfBgNVHSMEGDAWgBRKSqSY + 71JxCumeD0cUD/QIyZ6rgzBhBgNVHREEWjBYggpwb2QxNy1qdW1wgglsb2NhbGhv + c3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2Nh + bIcECgqsFIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAb+hyTabp6x0d + PwzV+9DLh79EBJVvzDhDVeGg7L5a4efa9x1otEQ3tBQqSPv6s3iGj3TM4VRhJGmO + 4nnOLQRt8IH9SRiEa5D78PjhrO0Oc3Zy60lib1fHoSQ5qhqmHNgdtGETk9bcO28e + fxIdKsjyGU+NQG+b/IGi9sGb+62M+NVxN3z/XnGOuEF3OrwQvf1r2Co00a2r6oX2 + ZSjv6ebQH4R7XZPU5Rl7QKXbnsL3Id6sPEPQ/zaCB87i3YWR4dz4ntsubc00XHyc + RVqg4xiEErn4kHdxB3Z0nbA9VlMNmIsy67gvS1WwV+WjUXBXKKH9p3mz0wGF6w9G + cJyDTKUeGw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDxjCCAq6gAwIBAgIUCidfjso0k+ZOmAVeFEEHhPW2BK8wDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowJTEjMCEGA1UEAxMa + a3ViZXJuZXRlcy1ldGNkLXBvZDE3LWp1bXAwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQDorb8oyJ1+JiQihjFDPpIIuHLb02qSoUKhnCBJ8ERpdjArAGoP + w2B8fZ+v3ZFksbo5NcjasQ56FLaqpFAQ8Vl2bypF336ZsnQSB0ZtvopoaIhWC+ft + GcMTggQU7iHyFlmEvyvHIQOMEACdS2xo5uzyxNY1ZlMbC7/4vyiTY39uqyeWPDsm + JtSUa56fAiukTKPRJueiCvA5zfNTBn1Ubjo0YmTse01QU5J9zaaSD6X670o0eUpz + lKxx3XByFkqCenHcYodjsxQg2SZbw5pj/5hX8o0MSSnSmi9OhwfG1uCR+z/n3/70 + NZH6cXt0/dFkv0Ih+Z0wgKiKy+bgaGVq3A6VAgMBAAGjgeMwgeAwDgYDVR0PAQH/ + BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E + AjAAMB0GA1UdDgQWBBSX7JQjFdBoydobT5N3r9cg1xYZlTAfBgNVHSMEGDAWgBRK + SqSY71JxCumeD0cUD/QIyZ6rgzBhBgNVHREEWjBYggpwb2QxNy1qdW1wgglsb2Nh + bGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5s + b2NhbIcECgqsFIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAfIRL33lN + y2UV7JSd28g/FuHftVSAakz3OCAYykMlE4Dn52f/DazBqOap50W4HgJZNXW9RgqV + yAFaRTGBblx/3lq3pgi/652NSdMVMbLtUAWqfN6eQvpW4S8J9TKtF2PJmFjCmO4L + QYugCIofZrcSuqyBDOrzgSgB7hD5weMlNPdASicvpeiFu2sfIMi2D2t8rA1KwQxO + cf/r8RJ/Lc7QyL9bNoOq/64dFdnPNh13AKkaORhEXDHEdQvlu8th3T3HHRh+qImq + sIis3mp4LsDmQkCM9H33AsjbG+4eLMgCxvPjXtHwGMATSFOwdIuO41DQrUooTAoi + TmB9tl94BzthHg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-jump + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDyDCCArCgAwIBAgIUMHqI/4QsQFGrhEYLBFA+kS/1nYgwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowJjEkMCIGA1UEAxMb + a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUxMIIBIjANBgkqhkiG9w0BAQEFAAOC + AQ8AMIIBCgKCAQEAzV5tuExTU+9A/tNkCqoVhBtYsZeNWrvuGiYWXc+6CXYKAhLo + eqVbDNTtxwsQA+KPRJtiJlTS1+EYeFd7ZTQHAj/vt8NSdFmIVSpaJdkDBTBLX/D9 + 9b3hdx1u+4ZR3jiU7VDsezci/apB69oBuihLcvCmm3m2EhgFFf0cUAa83Z0U/Pdy + Hg1VRSiLcMxxU5QATKuDNUpt+NG5rVP+dkVjYzp+Vmzxws4pY9T9xJSYup/rdb0T + gWpPFi8uNIazNCbUXRwHFM5VXq3S0ueNCCVIdA24M21QwrG7NZCsoG6n2d4yhLv3 + 89uSBzY4UQ30Y7Uqpi1vjn5QmqkYLrEuc/5FmwIDAQABo4HkMIHhMA4GA1UdDwEB + /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/ + BAIwADAdBgNVHQ4EFgQU4Q3H82QjIU2oyn7tG1HUbWZ1k7gwHwYDVR0jBBgwFoAU + SkqkmO9ScQrpng9HFA/0CMmeq4MwYgYDVR0RBFswWYILcG9kMTctbm9kZTGCCWxv + Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy + LmxvY2FshwQKCqwVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBnSTl4 + ymVkF5dAwrEd1A+YsB7BagB3kT9QSPNVzckyc114vJmGeUbpQsJ4q0sSZxw3bRNe + sf/ZS4XIaCVwPDhjNxVmOu9OPE16z55qeAHqt6+sGB5gz0EdT/sdGMbaHTiTlOwL + 3NUBeCWoG7EByRxYhlKino3CB2Ozt7ol7XKddaOUOjcWCpRZOFwDQ+KgT9Ep6/K+ + jYadGMMNQaKQied/tS3sDWMLa55kmbVOyAHYK9L3gnoli4+ZeEuXZuNvW+zemqZs + AwzuWB4zEahwOVJkCYwAMPOlzPlflRtoUArUHIgiSLa0BrjOeXEF8YRXcjEbRvjw + 694njClwubBNq4sd + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDyDCCArCgAwIBAgIULkPrqYtWovpB408xMGMkFt9/UTowDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowJjEkMCIGA1UEAxMb + a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUyMIIBIjANBgkqhkiG9w0BAQEFAAOC + AQ8AMIIBCgKCAQEA5U4DMNAvkkGBgR6CJddKECt1+Y8VBVMbGQs9hC7Z8qRQHnqf + AFEs3N5rq+CASmoTdx1/ZjRqJnwoNVF3j1KUY8WNBtx84M0DTY3M2j6FXmOmmESJ + LHdxBYiNcs8C/j5517/yuHERs0aYxGOIK7SORw65159yQ2cFlXBW4+BGUkIKUkUj + R2TuoyBYRO943CWZRMHTN+eK98TuSdEaxk1vqNzXsvs6dk3ppetXa1pnHPs0KZm3 + CrOZCg5CWEG5J0gK3vojQaR6ygrRV+sGN85q8433tsfMRy/hmahJbAQVwxhm6Oza + +cL6voHCuBkKju8JdZTl5b/91YbaF+pUKVS9CwIDAQABo4HkMIHhMA4GA1UdDwEB + /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/ + BAIwADAdBgNVHQ4EFgQU0GzAO+78ztY3or5VLtICWSFJWUAwHwYDVR0jBBgwFoAU + SkqkmO9ScQrpng9HFA/0CMmeq4MwYgYDVR0RBFswWYILcG9kMTctbm9kZTKCCWxv + Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy + LmxvY2FshwQKCqwWhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQA1vb/3 + hu45aT8BeMWTHR7REtfxZ7dwYp2WF0i5nfOZLxkrptaK2b/mjDo5L+FrJm6MjmeZ + P74O10UutDtSvZKOVeGc1+etvqEKymXL/HKOmxmT+1nG5ON4JaD01Tl56btFXSJX + J3GTUAX3S3RSTolvPYekc8klaVQi/YD6AY42SAFqrk9/DQJTPZosJwUoyirfapE1 + 5jf/jkwmrmIW6g3hORGYFihMwfw9FU7VfBF9M6QjdRTNyv4V+0l4FSd6AvdsN1ol + 2SKJEQsLxpbXwjjM2spp4reAB0Mn1Mr0dEXRv4cJ59OQY3mSb3qhhsJAthrvRXkA + SRjyOHnfoiHvbIMj + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDzTCCArWgAwIBAgIUbYHkC2Uah5N6oh4pji29G5LqntowDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAnMSUwIwYD + VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEA5LKMumJCGGvh2YiPaih1JqfObaxIKLbTEvtqrj5g + fSMiF/mlOe8hoV0ce8edR5uhGGzY+MaRmZ4tbuxBSD+u4mjx02ggc007stMW0M+I + zhy1/EFveKznz8orA9Z/HwoIOnqJsRhRd5qKjAoo8a5rg/+PTKjTBQt4Ndzx9q3H + x1AhDvN4ViYswqe2z2vn73wOH/QAcT4ZZ3snTb2oGroYuZHo4aTRSZVGk1nZzNZP + OAZLookgNgdIEuWGIUwY+dXoXPfTsjuJ1EijjjtA3VwjfAKKrU5sUFJ/3IiXJE5N + 0Ll4zhQ3eG19aDCv0jIpShyOR1XIeM3uz+QX1X49/hCU+wIDAQABo4HjMIHgMA4G + A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD + VR0TAQH/BAIwADAdBgNVHQ4EFgQUC7NPtIAgMaINmbjzLknt4duM788wHwYDVR0j + BBgwFoAUhkJkqrelmIi3tfVjoJW8ro4JmNEwYQYDVR0RBFowWIIKcG9kMTctanVt + cIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNs + dXN0ZXIubG9jYWyHBAoKrBSHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEB + ABQpwlULulZFJsfcKqRqMKzilPXpNARygcjfXnkOCvs95OsuKnUUaSjPtC4CFGhE + o4+e84VyjeUlnywbfEbBrUjLns7MBPmUb92M+0dadCCa4JilgXI8ZOcswko4gx4P + YrUAASog/VO9XYJnd/Ch+KrY46qyfis21inFmWrroz9pg1+glhV/IbybAJMWg+OT + lGblWWiL6DpeE3DaQzP/eYdeVlVYPaExjSsN5D0LAWOy/Rgz9+n3zLsuSLB6h9mY + 2pJuy5eikkl28Q8OxMdxWQhEamny7rlgYP7W3DI2iP3VDYZrf1hXNlOtque1J3xr + WVwSS5clRh8ar1rxYU1ByEI= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0DCCArigAwIBAgIUBFKTOX2Sdx7PAY7wD1OsBC2yCwEwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAqMSgwJgYD + VQQDEx9rdWJlcm5ldGVzLWV0Y2QtcG9kMTctanVtcC1wZWVyMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx84cvFlUdir2iio1iPlFxQ67x2PqGCr1/jRj + 1ptPjnlnXfLnAbypA0jpbKS9r1lnSUsJtK+TNG78jFtmfnT2DLX+J9tZm4qI1Z+q + rWhM0qlYyPuGqXuSDI+TR5wbz973/2IioTAbSo6E32cTHHWhEaCT4o+iD/K9jZB0 + LToWX2k6+iQFBg61rFFAk7SOAO4/8CcsgMBw3Qnl/Ewn8WNCHcInkLqhgSOF21yM + lcBsoPv1IAARkhXmF5tr8RGmV13K70lv5IhusGuznZ2FYF9gl07VxQ+kWNIdRgYw + Pgb2qKpT2pbljzBX074rc4GUJ3gTimchGLROukOm5rMxRkYMhwIDAQABo4HjMIHg + MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw + DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUa/Kd3D99+S8L5HyI8VKXwCJE7pswHwYD + VR0jBBgwFoAUhkJkqrelmIi3tfVjoJW8ro4JmNEwYQYDVR0RBFowWIIKcG9kMTct + anVtcIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3Zj + LmNsdXN0ZXIubG9jYWyHBAoKrBSHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQAD + ggEBAIj7MoexxflrK9Q97t95eDIaacwupUT8LeVRP627xGWcyzAk+wR2sKt52ra8 + VLTMNThCF6IbMDyGZ2r1TNPKBEENStL/BGhm/1WYxEs81/GGolnZAbcNie2kB0RX + oDc71m/RJAI6Zm0h80yuT9U8hviuhN1gdfU5IbsB9wX9ZhUf69Fggtw5aOYXoxYn + SUIJpEd0fECTCwwbbxr87FbCj19MfnM2wo+NjCjQHDMf/09Z/QEHoxuDyfWiZ35U + XsYbvpfte6ssV5I8FARyc33U8igdWssuIz4PeDKqDVWZ5WxRw6cDqAlJhculAVAH + peRFZDYSAcQ0xLHuPkHD2e0Eq4c= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-jump-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUeh4Ggm8kIMINi0ZI7cwvYcUCi8QwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjArMSkwJwYD + VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTEtcGVlcjCCASIwDQYJKoZI + hvcNAQEBBQADggEPADCCAQoCggEBAL4FvXvuaXsBx5nxFEybOSeJEGgKr1y6WIqx + wGm41csuMERhLhiul5+RWpfCRJYq3zz8bbK7sDSdKvLMD7C+OAsWXb/jD8JUuR6z + RZCqP1hwk+j/gzJWoKYaf54A9kmGrK2HP3xtUmDm3FtH5kJfdaHgRF7ed83ULQWZ + Hsfdl5r4jH9RewTZcg7isxp4oFpdvc48p6N3qpjQn0gZUmir2enn72h7GZrGa8r4 + g7WftL9E0nZCouglDiZYflMEaLbI9PkMxS0vdwgAqWJQUvP7K7vHucT+KsDH1E9U + Mmh2l/ayk3NOEU78hx9LQ2ABn0c4Hk5iUF/sk6mXVTnvFqyy+h8CAwEAAaOB5DCB + 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC + MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFNlE95sWo6M8GR87C2km+fIb2/yMB8G + A1UdIwQYMBaAFIZCZKq3pZiIt7X1Y6CVvK6OCZjRMGIGA1UdEQRbMFmCC3BvZDE3 + LW5vZGUxgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z + dmMuY2x1c3Rlci5sb2NhbIcECgqsFYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAKyk87UAyZNGaRyE30opnPNvd2GhgmYQn0mHQgZqK+5lEHnsokhEj2p2T + AnprYIKczHtjZONKFSeFQImOgky/wImJl2mg006FzbbZ3cvRmW5faJiqxc8aLjSj + Z9dTxYEnLTnRIX2MgzAL1w5ZhA31FwoMN9Ch4UCXS9PsFbjJLSGmnrVMRilg8+En + 7tl6oL0ZfA6SoRlTHf58HW5BopctG/zYVjykLFBBaDxl0jtJRQ81Tdq3lb5PxYKh + i+1w1vxOPE+27UpjkVDrG9fFc56Y/tYT2nJGhT2kl+ycsLmHTvLFniqnvh5QNIit + /Y1hFk8t/IGKnX53p0TCTTHkuBWlIA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-node1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUIyUyrm9IjcFUKYyrg/aRTyx4GB8wDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjArMSkwJwYD + VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTItcGVlcjCCASIwDQYJKoZI + hvcNAQEBBQADggEPADCCAQoCggEBAMEZup7AAKbOGQ24RMtIuciVk7uPRa3Vxf2C + oIR61dRXCFpG+RC6gT4yHEikqF/Lh8X0IAsVWMW/zdPOjombO5WxWU9AyscTShp0 + UYe5V5MSHbFY7A2YC23ni6+svC94LfJcAgffzI3xQjF2/dOfYl+99ywusjw2dw89 + LzBCc8UtppzrL5bWO8QuOLfMoD9FHnj2D+DGj11xcoz9Np+GZEiv0TVrDb2s7DKU + 3Yxt+9F36zbnt4pVm3RqvCK0y4iEVGfK0GYQHlRvLDXVgocXIvPWKUsPYegCqSfZ + AtTRHyf1S1w1+gK96XyXf18D9FMfDC9o8bgRGoVRFm5as/TTJA8CAwEAAaOB5DCB + 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC + MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFC7YjLWMGWn8PP8J5UiXUd/r4aj6MB8G + A1UdIwQYMBaAFIZCZKq3pZiIt7X1Y6CVvK6OCZjRMGIGA1UdEQRbMFmCC3BvZDE3 + LW5vZGUygglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z + dmMuY2x1c3Rlci5sb2NhbIcECgqsFocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAmjbfjuh0fx7FmvbIMPRXq7z36Vjhe+Kwk5w1KItL7hjTdyD8602snqY0 + IytOKEKz91CaswvYTd2HekxXrAJhUIL90w4DiPyxttY7Fk21gJvbamogscHQyENE + 22X5egWUdRFikmg83k+EJBNixsioIUyA7BkWBz/1302GkR/j0CmYNRSEEX3YJ8YP + VV5wKr5zEgQDCPcwpRP898sk6QICCCDb8GpanjLurk1l0sgil8Ib3OH5vNO+Zb0i + urVbp2Y4GqONRqEOZE/4et4y8kStQvIcWph7hEGBObL7kVYo176foJXAxyob2zaj + p0vbKl8WELAGXPWRm5FdBhUyJyocXw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-node2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSTCCAjGgAwIBAgIUAOnApTHu98LW7syQYeJa6PqRDngwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjARMQ8wDQYDVQQDEwZhbmNo + b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqPUZqx8Y/a4ZOAU+ + Qfi0bbKGrR1n2FZCabpnmDY7UYt9HMFek4bUT1U2O3vsS4qKTejKynCEGFHh+2u1 + hU5KqTbrSkTEotHMJqt3mL8PZOU+PcpdoZVhQLK3kwZzAAggJ6yZsieqawtWl6D2 + 6zpoyPnFDX8JcJqPBh0WVEn4jAG0Y4YaY+vYQ/YE3AJgvJySGeNVsb9f+fUJjBqo + 3nxwE+cg9PWdQKRqL6RjJzbxa5sMn7kaUU0JS9UmfrEV/scGWU5WdQnOsrg7n4EA + 61aBUKawsmwr1KSV1lfnsmt94btuEalxwwA1HT8jnB0WFXOiMhMmkZqjldS1iKDO + 13DPAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUdnux2j1q7sBcGWNT + 3E/GPe8v9ikwHwYDVR0jBBgwFoAUb9gMAPDrJBDy4fq9pWYH1fzKjYwwDQYJKoZI + hvcNAQELBQADggEBAD89WTs/MKIpZ/MDAfNm/hpCXXWg4zRSTgakWIsO/kpNvBop + KkVQ4S0tGPDIGgWyv9RBfVBsZknom6Qk5SkGhjtSMrgY/um0hsHTlIQuo6F+stZq + HAGdTbjfE1bXgvD+0TNwfx8ypHPsPFs6zxPz8zkS68kBawRBCjFcKvM/cFgP/vYd + x7qKmh0M/llWz7csJLG8dbAVv640mkN6MJGO6M2nsyUDmo8hp90FL3zahFwTiGEl + rttIRuHfHfH6o5lf/RoYIc1kP4APW5bz5oycdlVX4v27D0aqFPoRsjv8WiND2pwo + Y361cWrEapeM0AgkT5A7XISmfl8ksDoXRKOCFFg= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDjzCCAnegAwIBAgIUVrrClpDO5jsxeOtpQGdSQctKmeswDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAhMR8wHQYDVQQDExZjYWxp + Y28tZXRjZC1wb2QxNy1qdW1wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEAtT29xK+8i3lxNgWG/YYmE1mNmVuWHjZrB+K112+ix7CDldYF0fJgPwR+urDg + TiQFN5cLL7GcTGIYmgArdBZcvUmeUsPjxxUuik/w/WaqyJQJc4Evsl42owqpfjpY + L5u/n5o9azsx6OTxZP3b+rmtPqSCafgkZ/VcJawIDc+jhGAKvhVzJj6zjmvb77XF + R4eUjmBGVwO64lrsH7juVt6n6EnwsvMPVoxQGGAL1C2Q00kyfjLTDrQScp8Ez7N3 + YhzzeH/W4pr84NCJ9n8Cg9GkIDpP9dLzmNYbCUC+OzA5Egge3tfun/Daf+JgJ8Mh + L0YcjX4CxdlX0t859fmD06d7CQIDAQABo4G0MIGxMA4GA1UdDwEB/wQEAwIFoDAd + BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV + HQ4EFgQUkrbIAriRvwk6kUGHkoG6hQIcl7swHwYDVR0jBBgwFoAUb9gMAPDrJBDy + 4fq9pWYH1fzKjYwwMgYDVR0RBCswKYIKcG9kMTctanVtcIIJbG9jYWxob3N0hwQK + CqwUhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQA9wrXnfllZHiKZdpEo + 1IDr6IqkK+8Ub2kXgVhaW9wAsWedgaPRuedWleIu8mYZYYuQWn0w49wJlOqVhGsq + l8dpBPH85AAWfyrcM7k3wOdJz6TVAQcRk5qLXrawerjCakY2jFpi+Gd1sbRNd0b+ + dSlVo+7bjxhuq+EBS6OoFQQqx0SYLZEIPt6xW0yMEOQw+53IANN2Aeql1Th7C+p7 + Avt5vnSNAEywVg/b4d47ffvbVF4hE0fGjDsYzNh/U6FLm+WKF/DP+zHPjXfeMC01 + mqjTLmFrg+4qWOeW3CMiCFKYiTcbqa9QbJ17I2zWy0d1n0VkrX7ROF5WCCO+acNA + yK89 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-jump + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkTCCAnmgAwIBAgIULrHOif0uejOAG1EFl8cJsNKAqMwwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAiMSAwHgYDVQQDExdjYWxp + Y28tZXRjZC1wb2QxNy1ub2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC + ggEBAOuhXhDZaqedGuUyQ+aocfkaLWITmxAOXhmLQhHbe57RG/KCSE0TlaurzMul + DtApeyCTgayKUeZkpoZfkIrErHnJ/FR/YcAuTYQlNDyHHBgL39Gf9vGBF7VhYrRm + pwucIDrRPqed7wjuUfLdS5t2BpimWgCk2C+CMpVQi9HtrIazLAdP6CgDGD/VmMYZ + vc6EgzsTjBh8iEbmYflxD3lq1nCvsFQclaFl/kcZgXsyA71ovp2euiBVWLeTw4Xl + YDL/c+676zXTLOewk+WC+I5D/CX+Qw+CWDT2+pP5+Xcaic9PVYbyjzfOpGQagFOj + nOq/ttOo3LG5mMbmq66l1U7KU6ECAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw + HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD + VR0OBBYEFJiDwOkvLBXAXAu7IbvYt8dDAkTeMB8GA1UdIwQYMBaAFG/YDADw6yQQ + 8uH6vaVmB9X8yo2MMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUxgglsb2NhbGhvc3SH + BAoKrBWHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAE/Yw0XgzVFuFNyY + b//eOHV2oj+rZXFBwEQCx5hMcct/bZdPqjjvHt+Df/gCp5/A+1KuHl3C+bCfRvWo + XtFn8WyMXWprAu0GbaGI+8Y/auh5bgTmvfqTPerWK36OtDVXzrxLVlXTHm2d8yGd + ydXNbh6FqsBXVN9VhBdP2EFDvuR/7u08ckHptgFa6RY/2iaSQhLAKBtyrIfj8/DJ + zoVl4rBOZb0uHz6k+njb2DmY79FWB8YIOTL1xcAfhS4dVPRrY0GTf0H7r+gGfhhv + egqMyMoLabwh7zYi2WgWicXX8/BZBG+Fw5IPEtY1cGzG7o8/2hwax9hlGLCI7nQQ + 0S3uB4s= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkTCCAnmgAwIBAgIUSK5lrtrbA4UUnOPEI5//XPigjQwwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAiMSAwHgYDVQQDExdjYWxp + Y28tZXRjZC1wb2QxNy1ub2RlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC + ggEBAN7hAskLB6wk2AqOz/yrhTUV6ak+Yf0TeXPAsQVSra9vfTR9PnuFugZBm7ha + 49SPppGCY7UkPAQC+dw9g3+09vSDRy/G0qSpu77OFYao23e7cSVy7ci1W0Nf5pqC + n07tGmSdZ5V2dqS/LQnRdpUQUuWAFSZS/wC+tu+5diVlHXku2bC4ilnVnhkM9jFz + qb0B5cAdNN16v5CHF0jsiZ6Du9lNRiL1h2f5XN6bFc7Vofms7WN05W7n+uu6IQgm + oiVg9hFZeUOh4WmgMfPitxuC2yZMyvmDSv6eP163TEczTeVNCmnOPn92iME0d/tv + 9GPDAMuRm4iM+ieJqb9HwF/oyfcCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw + HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD + VR0OBBYEFGtr+u9MwT/VqB2yDySDzuecjWObMB8GA1UdIwQYMBaAFG/YDADw6yQQ + 8uH6vaVmB9X8yo2MMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUygglsb2NhbGhvc3SH + BAoKrBaHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAKz1v7MdVWW3mrvi + qP5KWatJT9CXl1R6e36wwR/atSx87h0141YAT/PS0muW73fFZDcBobnhtb0r/phK + Q+73QwrsQijSLj1FQZDE+p+MYVbn1NGxOUhO7ZSn290wCURpr5hWCU2G481ki+Y7 + AKXe2VHEl8Z1tnxM1Bq45Y6p41yfvFWTV1NjvEkUdMhPWzdoyco0cdF+8bAMrA4R + uGnarof4HirEwS+QCoVWA+PPQnDA/8zM1VmKDb5pEwv5cah3k4b4hW5Eatu5YMx2 + APtgfWgEQAqnjJwBexbrTjb3Lbq5gSDbdy/KUABS0FKu5w4SnARznOU8ncYfQiCc + /bMmUV8= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTzCCAjegAwIBAgIURv1P/PZ+Gznq1ZZ0BjmlKIjEHLcwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAXMRUwEwYDVQQDEwxjYWxj + aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDlAyYrTSe + y4izRLv548RXhItJJ5VO9CQoV/Nt20rQJrcFsJbCRsH3LCvY9VfqC5jvtPYfFpTI + k664JYVDb7CMi/A4VjQN7hLuDgYe77zyg/BQoCnIcsViq2fa8avRNdJQNbdR4JWV + dlzvIpwbTzP4H3i5sGDp91E7jUIpJ3CNL3CwGoI3s+4QSiA6ii9T45Y5o9Xg0vwT + g6olYqIXRfPcG4SRk6sIE/yFf0a7egHYd03GhMYhz5/mk5ltYW/Fhmc1d5UtoMNx + i3/I5cpagCdzVtpp4eRB91IekzlwN1f8X0lUNQS+L+FGmFpOfTnOuIumUNS/fqrA + LrRJlf/Ll1sZAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUVq41W6/V + cLmdtvwks4AS1R4v3w8wHwYDVR0jBBgwFoAUb9gMAPDrJBDy4fq9pWYH1fzKjYww + DQYJKoZIhvcNAQELBQADggEBAK2Y2uxccfaaZQxHPtg8rw6NG/QVaLRhGqVhZg/c + l8KOE+Dm+wrgMLRlkIERRcKn6r8DxUIqFV+ghWW7GUDAdeuxrSdHuCXFZJoGA834 + ksUTOSCOQjHQhWBcJUgAXtHk8hm9zaN28mbx+YS7va++mzw1pu5MK3Tu3XxgbGHR + EWg8To4p0iMJprypnlwIMwSw0XO5AUdzw6ClvJpdjU/aF8jBeJ/mubdu+MG84EaM + EskUFBQV2FzgcVAg5zh+5ZwRy+hWaOM5zGB0K0wF+hVcCuJrxtzZxoG5tFIN0tRy + TG/WnKaHw7Uj/hE5HT6KbFd3Wboxr6uzlqExaOSZOLq4h4w= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmTCCAoGgAwIBAgIUSWqXl4uMdAv5loIW6a5TbNVxLiswDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCYxJDAiBgNVBAMT + G2NhbGljby1ldGNkLXBvZDE3LWp1bXAtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBAL+L5bQ3kN/cbHz8Jky9rz/XBUeYyjztaacS4VNzz5+/hNaI + yZSqzN2yRagTJZH/m6MdBSmI3KIhEoHvHZNEO47tnL9J9sX8RtwV53mfWroHhuCQ + 5Z1FuswnR2I9yhaPvcXVQhPGxpCszf66Cm2S6JctZzKMUkRlPb2XV/KCWluK9Dxe + 7khQqpZOVJvL3uHrKfBQXIgLlZXxMLTz2s/jMDeqDsrhxBi91770YwRiVw5HX4Lj + R8gMJ0Y1NJ9fdeWOJyllfP8yfcTdUQ8JQIzk2vDKpjRopqYYUT23brQN7EqGK8uk + ub9AyHgmuZOKFg+FXmkmXRi7qZZJaTAHaccEoQUCAwEAAaOBtDCBsTAOBgNVHQ8B + Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB + /wQCMAAwHQYDVR0OBBYEFKvkppVjL5NHRRPR1+MXWvg63lMCMB8GA1UdIwQYMBaA + FK8A/IZ1Vcl5VxHpDs7eOTUgtUuEMDIGA1UdEQQrMCmCCnBvZDE3LWp1bXCCCWxv + Y2FsaG9zdIcECgqsFIcEfwAAAYcECmDoiDANBgkqhkiG9w0BAQsFAAOCAQEAmXcd + NMysKMi+YHPGipz9+Zj3P/c8bYxGML5eWKoYwrrbHGNNknwTKhvRTSlpiT6+u0xY + 0aUrUHazM0fuum/hlNf0PZaIUDPfi73Gd1Xq+BxEMBpmewEuHIbnZdsP3OQ9z8Kz + JYpGfpIXb3Iy9Y9+O4KYAH4YUfLjBKg8JoACrrzYC96sN32SzbLOy7aGojuDCZ7v + VZttvHJ6VkpakR0bZjWmqMxb7XsAcyjk+/2uZickt2QJrixKsx/cHby7/c+ywhwt + QAAA40sqJOYUeqhqDPLDnl6gXyfJ3JCbMzKsvu/FRgGd2GbKgNCMDVpSElVTDNuA + GTW2U8c1AII6JfKdzA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-jump-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUMM0JvwRtsl6bVW2TrQkK+QUhPu4wDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCcxJTAjBgNVBAMT + HGNhbGljby1ldGNkLXBvZDE3LW5vZGUxLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQC0UDXQP1pR78DZh86E2fOXKiAVcorEfg75dP/pFQwgj7D8 + 9N6bdclTTuVy1U8xj6HlJA+7WeGPq42WOnVPNKldX495PRCHMKUamYRguBUvgDHk + hYBXhhh8rFs6PqvcUN0y0jkUcy9rrSqRyK093h1BDPVF/xicjw2XJ6wTevDYrUOD + zw731Cs2bmlVgqPH76uMznrXKaEYIm14IMW/YCSD6s5BT3oZQlKhbfPYIHSyJUCV + TCffhLF0RiEbznsq6gaS5ymvUdf/nnOeYqtWJS8OV9y8B/HM/C2fWIfmzV8ZHIno + z0sNa0XMtHGzryXN5g2kH6Cv6iFypHzOrX8J6WRtAgMBAAGjgbUwgbIwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBSXthiFCby/8efbtyXaBlB5Y5aMGDAfBgNVHSMEGDAW + gBSvAPyGdVXJeVcR6Q7O3jk1ILVLhDAzBgNVHREELDAqggtwb2QxNy1ub2RlMYIJ + bG9jYWxob3N0hwQKCqwVhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAB + uRVBVY7ACmusaDqmVMWGwOc4TlCOufFxj7MZULoPrMQbYSdAZpVdSXjy24eAZXdG + HXouitQgAPTu/M7tMFfQCUP8XYHaMl/SCcOLsTlEOQeeYmWjst/02ymswFL8Y8X5 + +x2m3FSzO6QxCj/i5gXp/xmUXTn0qshvAUaM/mK1PiR94Iue1cHzjA+VoGi5/nsM + e7sTjwM3JBrojwr9cNmCPlMBAVymIYlc8d1bNst4bX/3uTJRudKK0zdTVNHFa83T + F/NVsDwzIRzuy1srNGkOu6U7+l9Hu6x/0SsTH4nGKBMldA42FflJK1ho+hnV8PjC + K0N8RChJ4jkljGCAHePB + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-node1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUSkpRUJYqQ/QIbowiYY1EVFFYT5kwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCcxJTAjBgNVBAMT + HGNhbGljby1ldGNkLXBvZDE3LW5vZGUyLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQDA6m3jH0jFh6fTMg/Mv5T3CY4mWzAnH+RgaA7UcgKpNSqf + GRWs7Ju913jBZUk00SvTCG+sKIOUtsd+fKDJfCRALU+1X0cRQHDXgAg+NIXoOGG8 + WiVR4rQ96TjinudePgrW3tyu3V7E/gmKC3LgMB73valxrAdKqSDShP/mYwqqO6Ht + 2xG410Vp42APOOW9VsZBbtZ6f4WMJ2zpXCw9gBs6aA5xs2wGm0JfWLOfBcunUvSx + GNHFbEU/OZUjZ/l4Hu2xK3aaCyg65k9NBsvuLXd4bOWqw6oTFavX38uVVosv9A4/ + /kGYMaDorYUHcF+M6YeJjixj4RDpb1uaB3Re52VxAgMBAAGjgbUwgbIwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBQQe5Y4COHamJ4Sc3YlW94B/wCfzTAfBgNVHSMEGDAW + gBSvAPyGdVXJeVcR6Q7O3jk1ILVLhDAzBgNVHREELDAqggtwb2QxNy1ub2RlMoIJ + bG9jYWxob3N0hwQKCqwWhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAA + +hOEObAmt9cN3bz5nUNqUTmoc/FihiJnFq/2/iu0SMTuuEPJtLWPxgt+7pNV/zen + PJp5ttyRNWFX/b5RzNC4piso8MJDiFh3if+4niGlQ1MKEXlNWQgUQgQeQQ3onrhJ + fcSMHZ6iJ+O0gDfQQtv/ZsqBMS3w/lOFJBLsTPsnk31dcoFl0EU7/R/5OVMUoxzM + A+OA6s/TafxzmauLPUDyaMuhEUcRFJ+vnoz/HzojD3sADXMJIr0vDOQm8ly39sxm + fbyW5Bav66J8m4NmFzFV32qILvrXOt046+WKW1W+zMfP/lQyU8PIdSuJp3n8mI7v + Q6f94camDu5jpUjj+Pc6 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-node2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDWTCCAkGgAwIBAgIUQolLUlVe9jtOatwQegOgwBX+eE4wDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMBwxGjAYBgNVBAMT + EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEA7xv2/Y36/LeeUMFWWJ6ztNHw1BIEK8EVjQumZgl3fk7yXquv9NFbto9LXQo9 + Yib8741Q6BFtZ4ID4n3h/c65atA66V4zWnaVivs7UVsIoHGLz7lwrb9plkHIN118 + o56ipWWcojiUfulAHC7wMIklEI9F9zOhRlzgvZbGpy5dSGQ6ZjqRlWkOQNxVnvY8 + qqJnrrC6ucPGZqibhUo7UaLS4qlf0Yp/TjGsJjYsNwTACFUZOMpyZZuqoC8vLVWr + NYMAZrMSoUalP5NNrKCQVGBj4saOIFDNcoWAF/Xdd21TTnYHyENrEaLrfBEdiKL/ + Qjl0/l3YXVZ6IMNLcn8PVQQ3NQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD + VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O + BBYEFL4u6Gx5hZrTzP+wWpzj7STuOi3LMB8GA1UdIwQYMBaAFK8A/IZ1Vcl5VxHp + Ds7eOTUgtUuEMA0GCSqGSIb3DQEBCwUAA4IBAQCulsqsgGGw8DxUyrujvxdOSNqK + G1RRsLdhLFVbgAZT6W8EHE4sfGTkhSZY9zpV4O1TWzfTxH9RsUa6VprE5mqn8Rpm + 0mCtgII7wEtLHMKtoTYrBaWO3tfx6SgBB0DxDrr/kZWQ9tfMpMpKbhGMZa+HacEi + wBwARUinvzoOYBwuPOtzWH+Yc04j4aMcqZZGw9IiCQcC9tnXMhsBslyFhmLjoFla + dUSdQPwpVCdMwpNU26rnxtWjUUpX3pT2BkATvfY22Z5e6ZZsaX1zTY6hqMhPSHiq + rjjAEbBvbGCaD5obp+9+orrBH4fg9ljRekJPmiSFEXorqlDiUzYtg9URuA5A + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEArwDdGvpYwHpV0z6rxTAB0QCu/OdULCVO2P7sCkjUi24bK7Qv + E5h6d1Sv30v79ehvRZIanz6xjghiQ5mqIa72ogeZMnTh9j7GmWZwgGHOp6QSy0Z0 + IKcfwbjYwlAqWlvlZlcueRsuIu/TN70ywsJohJgCfE8FwSvIe9alInVf+IVpTyNT + vvU/JdgL3kLX8PLl3oLjimD7/Qftzzx0FK3nTbFGeYIPKs8zGTBjYyaGJkJLA1X0 + mrkL9EQBgbvRGM4EQBMsLSyqFofbXbxNiJeD+TBFxP2lbP2OvSPItGE3odHR/QMa + Rez+2ySLpiP71+glCILRLZOCMxxpMH5RV3PCVQIDAQABAoIBAQCJ68JV+qtrtn5h + Z+j0FSu5TjKa+q1pxVVoyy+3w0JPSM19Ghpn9Sm/ViztbPL8EN1xFP6KNly0tYLM + CBT/SubxN8/S5i8XZM4cI5HSfELj9/kf3zyyZ0Qt5sJeEdPvNrGKgHcN1w/7VMtA + CIoy2AiLR0neMmE0po7wmm+2wo6KSzvAOg/84NImL+NetMzuFzE/ACi7vl2KIbPR + RmXHBM8h1tThMt50Zkzs/Ax87cMme4EAFd84+7dJNZqYGDqE+I94XkZiDIbPwmxY + mbH9AyeO+sOYI1mrQgOFg8/M2U7SkzUKizOsqr3OtsRNMiiDC28wRrJAgYSAuX0A + 09ofBRaZAoGBAOWoXJUIe2JQwccMQqBUNW5vXrgtyQ8/kJIit/zv/NoE+NPobMrf + 3jxexNAvKuIgWzmaboUwaPTcqrQsr1BmjA++cTu/bJhwCbSKNd2DYypU6H+oqugj + ui0Tx3OSsKGnfVZz2ByXUHiEXEy3mbIoaxxs1YNgrUNryTqYTK1b0lGzAoGBAMMT + o/WqRO7FCbELz9gd+8rFTpP2fELwo+gk97ys1QZkMvynJn8/jDFdzKT96DD2jeJq + NU3lRwTCOYjmcmJbYsEuzUZIUxy9z8iegD/AQ8MI5Pq0MZTwEZhc9ye8vdI4Dq2R + PF38fqy7+FF4FDyiWqeVE1gsV3mZtLdUxa9E9cfXAoGBAMEGOAJ/JY0lySjukhVF + kb8nVhpBSUtKps1c5v1uDDyGj0k0gjQl4xkkohFEg6uZfHM27It/e8fKrKNRJ2zR + NAmLjIqmQrUA/fdDbzCmXLPYt62Ma1E/rhxzEmF+On00VDFUnqCxQU56GUXVzxWh + yR0UEIUivZ38Ox7HoTLYCTbnAoGAWghriMtf6y9HTM4dzCnyduBfZszBBwgXLeI5 + 8Ht4Ce4e1hqzGtGSe4pGE/QXwNlaHKBWH7Bs+ZZGhZeOPTTePDjEhuaEbWRxTK9S + k5nB7Hbjb43QwGOYS1DExTNIDIjQxWydhucs874BWmBoPp/T5TpZZj141eeJz38x + ibXzFZsCgYEA1rxRbGrErVcrUBLMWIkmwMH7O5WH7ECfiFllHp7cMIISPxSepCFc + bONruM1Pbc0Vh3DGjpmCwTlgQ1pcgzZnKWyjuzYeWt/1cTiejodxORVdpEmIbCVC + 5484mvHCqBhF62eNJsVvPKhVfFFt3QgC04vUR3GsfvVqYsXKD40XIhE= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAmGydTB+pOnbSQfOlz5oxl6K/JUphYgThjQ+gpVZtS5BlCOS0 + YcfM7zxnN6iGzO9RVnLdt0bA8jgfA+N9rwsH9/qcPHVqoSt2yxXnS1DJ2XW3SBC0 + pS5QMaTkVYgZyW5fsxeS0Vmgl7au04OktD/2dM7fCqq8p+u7+0CY/x+EjDRPd+/5 + 6vTY0NG/GFvImkJ31H6CmbSDD11243ezY+WqJM+kR1BJBnNCVXXIXqWsntHSE+ez + vFtwZKP7qRqsvNfev6VPTxBGBbv7XSTk+kehoRvBmhDXF1EK9m3T4bnGQA6ioHcF + YFt8AW/13BvfyH/5U6jhxl4FWNvKjSKEFF4NSwIDAQABAoIBACtk8LtVYDZ20ZFZ + LmGWQnwrJ0QUkvj27sfcJR4tJtyWdU0832XfHicWCUS9Q/NgRsXX2ettx0yuUZYn + 1AZbm58ryAMmYn8UArP6vmigzXaNnupzZxqHvukDSsZXAxBnzfMMyQ20+JV4uvkY + x3FRrHbA1psQ1Ljx0gjL8ULg1Dmd0m/E2zL35Iw7imNl1q62VwhRg6Xzo+AvbYYb + x3seb1mpyyh40G93UyNZ5ACmy+OKURUY5N/dwiKR5SBRrG2KevtvTIydR9nXKqnv + YNLm+6u57PhwOtZSNyVteiUAAmi5t19udXoLWap7z56iwanWDQhydOpMf/2ux9R1 + OvDZ7NECgYEAxKh3gsdM4MLD8S2DsVVZSPH3C0rql8o2oDzH97gfIhW+IH6mJT9q + HsV0K9lfe7jqDljKY1S1w6AWYfAE6BNUhf9Sd2UWYvIN/iS9Wo4vVo2nIVhJ86J5 + P0W4fPZv6/D2KcXYcugGvNk5U8yEdrJatUOV4W4Gur59w5ZwMBDGPD0CgYEAxmsn + oy9bzGvm6ViGH2Jeanp21kobJc4J3Uxb9dyYQk08F6lTtvD/K1/AFyX8qxbwrKkr + EARiHUXNIZwDgm36+88HPilXJ1XhroDnYR6FXVeZDvpGnD0YX1RVFM5yD/leAcw+ + E3b5njrTZ2Kfqo2oCguGpdVRFfDL/cD6ugMkYCcCgYB5aLg/mOMxb4ygfMTs2hBB + JICsDBhAlaqbymp52MX/uQSj8wyHulq9nJFX8N8t9r8pFE/+evGsUE0BMbkVvblU + 8IftBg+IDn/tAqmUGmvHN7SStXsSWqAYG+cF3u7B7wVKTMaQSga+2Cy4O28cCIhP + l+YUQmUNLUVfVqT0R6ba0QKBgB193dVee6mFvDugwca2a0wuSa2ONDzJRCQVbnG7 + yRHJww3NSDkf1v2ObNHD/qs7bKhtOI5X6HFrZ5MASnE/gZed7PirUl3xYOr8E+gW + jkISfBiC0K32UsIQmdjO2ptPOE7SGcPw4idHnRZ3zT2fcoOTtP6/Fx9IvDlKTroJ + L4XvAoGAA7RWLfFfZH6LtoO0VLxaUN3TJ3bQ8JPGOxbo3tbJEwj/Hzm2Svh+z+ut + 5bIh0UFvVvanC03Z8LXe514gvHrsTklCcWidKOIsj+ncxqqMRSMvnFTeIJqqZ0Op + aDGADTQC0Nc2VvRq9CwRhO5FmVKPQvFcp3Fu0hVMUnk0wbakFz0= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2Nroet4p31LVFgpZEyskMv8QMDnJf2y9qvYw4H/vlldrJDWP + MKe+iXeGyik9c8HLx+KS9TsW74yW4XFIUGRvAdKa38WuQApq9pLMEfOHKybdKbJI + K77rGQONVxis0odVk2S6JENxNHCwkL+ZZAf1rNrI4pyVoTvXk7AiVKnfSPcyF3Q8 + 7KzqhD/jzoooE5A945lHGCnTmKJ8bP6hPOpiXaKGWe8u2D21+qo/kMgn0KeglFFQ + hFn1IcUfq5ixJle4fNZU5mdKeqBYHrPL2vHcFmo0Pp9lDp/XCnpdrs4QVUJnLUQF + D7xm1mysI0CCCuXNQZ7nr493itqch8yXw6E2RQIDAQABAoIBAAaTJIdNIxHdTg6c + A7VcEn3lU9VSezR81IdRbYvw9Q+m2N3BLfU4sMM0N4b7lxxiXM5TpUcAIqLirVRq + fdnKIb95Zi6wrKbOag3Nx5gnvQpm5D+2Yw/IexJIFEn2uo6rgcG1RRuCW/VOEVxi + IsFwqFc0TvDn9HVt/gxBQ9kzSUzJ+5IXItJQ28d6E7wLQ7HFau59ywt2nu/LBFPD + QZyaTG4e3JNnzpc2R3tCoQu3WGHr+mwadpRinvQ/RdpLd8ZI2t/Yv6DqBhXZKnlf + 72T04c3ZuKO7dLIH0PFc4or7PjSvfcFCxQpVjXV2JEO5CGG9xbWNlfyWQuuWGve4 + 820EuQECgYEA9x2LZVNJdj6HvuVtKUiunXqNZHm5LcX25I/brKtl2GV5uLEay/Iq + 0bDcKVwuHTuAOlcHomb9Mb5MggtXHEPG9rIqKNVcs19ECAwitSPqieSn5WPnMLp6 + fW0m3nTH3DsPZqBB9oo+ouTtd0ukeGFL1WVmwmfajjF8aXr/uP3DfMECgYEA4KbY + 4LA744twWr/Bruig3BLjv2nJ4WvdLh3d2ajZT0tZzPsbgU1KEtuigBC8Cq1UMMLo + MOd7gvyhL8iKfqDG+iHQs2OrxBZusetY8gKe3V+OtbywKVCZ841fXLcnKWsE81AA + FdoPotSPWK0vBx1oDNGd25AU1H8+LSVKNb385oUCgYEAkVDrZyNqIMG2u9hYsB1Q + qcSmnv5Bmhw/CrtaGBkWpAFQaf6j3mjDK1pQrXXKnGAgEK6bC7J6lCTvAs4+ZJ2q + w+mThz2o7MZJ0F2qj1DWnE49OVTdYDdYzqdAYzLTULveW6BECgHTwaDT0AJIbo3w + tUWS/yFpUZLiMXkmJhf8PEECgYA9VbBe4B7pyDc7v6D8xSyuCUY/C33/2rg/kA3z + EEOMf7Eb4u8mhViU/3xFZMxCSgJzcbN9LqYtJBZJ+oG9gt3wiuz1HWBXIBzG3M+i + +44uOJm5CrQ6A3SU52NC6Ap8J2jpmUz8qlWcilY8ysPNOH0hCtYDjTnyrm7mWokB + VUbIFQKBgQC6TOhoriorfTk5sz44+QpjePB+vcZWvV7NjXn7Ky6xBwvryUo+yhIB + DlCToms8q1JZB68kLt95r9xWJFrDmLvKy1yMNmLJ9qF2HuGmtEgr15rlKL+ea5Xz + Y3cMY7J1tfL0+/+3rSSeot3CrhBBAUo0m8yTWejKq5KpKFltsdUARA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-jump + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAq+2bIEDhxqyewMFr+SXVIJdNSUL8XS7B2eR4l5VGTpBxwSm0 + FdrJ0XPdzBtGzZ7J+0Dz+YU/EnL3lXMJGTrrB/4UIIFK1/eVGtxYnPZ8m3jaKx4b + FqUQKQc+fF1OpfRlkJvppm9sgr1va29kr20XSGYsVkjFD5bXZRvCtHR+cmST2gBB + aVbV+sEkh9sz8YCPGQnitdHOHoBAqSlwisjQRzAB+xw7FMJ2AIsyhz5WsdqgiMwY + XAn4QScF/f0rmw0b/70rMhQjUY9CBuyBsdNBkHePbX/U2KHyD+bRbTDcZggl5vtT + eoIPKGlkYWr9XtQq2sl1nyjWWz+Epl5tXbLGWwIDAQABAoIBACsQuWq61dMOKjXe + PU2LTHd9br6LKOuuaqBJums92P6U7+mSqKlQxHzSqRwXOQUIYU+uVW6LEeFtKtck + mYLYX0cBPclmmXi/a3nu98NZepz3CK8EO4TQk9uzFNPSC4FGVqqCY2RtRKD7Eo22 + uWG30b0w2qpCUBo3jnylF4BcLdA5N/zojnloq1qslv7BCQi0H2u+ynQwzr97CSGS + 1d1VD0E1FOZBkxcsrvtggQh6ZI4iY0wqwSte9Y/y9cTj28HgYLDp9Szpro0mO5lo + 8WiDbSM8cErTGEolRsp/PqrwrbZL3DCbrAS7WMNVMICKEWlp2huKv1TS/FBBIEN2 + 4ZZrLwECgYEA396fEWu4TX/xquFIC45mU8rthy4YsaE/zRp4Nd0jt/gycMqjAKf7 + T1bja4LZU4KsdZ0ICBPUzNnygFmv/4OU4lHR63vsIuDjQVolBue2j9hw06pBNRyK + Iurx2YhQoCjbi95MW72QSucA82ggv6nj8LeWfgiWlqCVGirjKJgHad8CgYEAxJqP + a1gUulSC2Ulhof9XfC4zdy348NHu+dkcJ3aU7gsOMHN90r2focvYvOWGvi+SMy1r + B3QesufSH/e88Z3EiUD3IWnSvTb1uNIiofC2Dm8E7ozMTHDHM7OVgvaZ/MEEZDG6 + /zeW+6r71+7lKHGk0cHQPXVZl4HRFRPShPBi6wUCgYAbEHvkjERMwkICKZgfJYkD + ak4LAKyllNv0vNV5lZGC5TOb5TONmcFNFzEJR1lkujCFS4W0DEm2tkaV88HOPycZ + sVCSinnCwbNXrEE7s3mjrEP/ot6dQCUHEaZJaSxuIGJiZ26NzL4MAB9iTd1frndL + G7bK59jkvucnsbWiq7aBuwKBgHmiLgz5Z4mH85Q+5Bp3gUagxtJ7LMLA/xqwicyY + frdvO44aRcP18ScGmMb1MhHEGK108fygiMWiystgWBMbypYoDT0s3WaW9BsuVqLd + 66SuZty3W0YHmBaSinOF4esP94mNguWXHOAC/uCvOjN1a8UiJZWAXrdvZ02k/9+j + YW+JAoGAR1BbnZ3F3sxMtFZBFmOvjrQGCDofrI3onAt5rSxtTj6G3IAgqMbG5es+ + MtTvb0rLW7fnOvg3N+Sma33MAgAO/eSVO/M4pg+yqOPuFEROiY95pKvNadJDB9UW + +iYyU/0//f96gq/V7YemZpC0lFylbeGYmISNpgmB5rHdh/RMVKw= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAnIF/2CoRs0vcWH+njIF1sY0GfYoFISGOHlvFOZBTprJUSkCx + 7x06nit777GM5VknhN270sjOdcYmCUfpCftIrhyswK0++sfte7KeloYN5ziIBKcK + 5CltPBjiX4Q+G+aMGPdCaq2GcMoIC4iJ9R7rAMMRpBXzlxwPcbzmKZAfzyIMAVeE + fWHhurUUAg6EAuuFI/wFcLaHF+S4FlGdx1n7JpOhk40b89S5zFIYveEfUi9NownD + 5She4vRZACC3dQ9CNsaBK/Op/3r7x7Tddd9AO5E/mZz9sY90DMmIe+4hzAy2Cnon + D0eFqgKdObSyFML+yEfPnDX3JHcznCU7rz0gGQIDAQABAoIBADDGp1puWg/gH68x + Mb23hz+rrQ8pGcomlA1gGoqDMZ7tSxnNKedU27T55mlgk4HTFF7zYBskXDwWYjpY + QAfNWexxoWF3XP55mskHdSeCZgje9H1Gtj0/r/yf4MVWCKlXY+hP/1IR/KlgPbui + dSSA20rkgLX75Wv94c5Xyf/AHDnIbNBiHpdKvMk1FE12eb21l0g5p7RDM84ANzOi + 4HkC9UbGLUz6WvxTpqsBkb40+1NJnYfsphS9mo/nEpGlpZe68EMu3d34Ip+W8vyw + opik+BuUuuVjcXYI2uXhoe+Y2aoE8Djal2HPHECT8PnkkRP6ANF2HEW1tUrocB7s + zmRbuVECgYEAwWdlMMpifq7PVkLOm1oLv11nfjMkMCiIdewEunab2KPCI+MDUNbw + lG2aqgkIhEQt+djucz73kO4TpmOSFppj++4+AlCjW13fSW1QjTf0oeRMFjDCgRah + mlWxUwJ52XQUFBvSMd6HtI3wEJhCA2ReYP1OSBx4x5J0lTsWonO4670CgYEAzyjk + 0OSNNEvu/0deMzuNJpm8TGiWnNuU/uyLx84vzIiQypGyfZvS+ZTouwBqPXmbflwL + 352iVKMMz24RLQnWzdVVrvaC/5W+ggpU4YQZDw/OJg/FwgkiNFMIHjJQ2/RFXE90 + tGYfvHVFp5e3Dcmigpn+e8HXfnMRaHRsJVTofY0CgYA25s8G5qzHIYCiEBzuZMVo + 8W7rmEDxmtACCZneBMWA3hvCbDMIw7tPpz18f0v3oBMdFcO622kTr0HMvf8+g11W + qu7XYWS+DwvPoER5kiTTwCcJNZZBZtdBJIpN8in83MLGYo9ssKr9Sj2XuGEk7V0N + U1rhhZOTs7N8mWV3gDpCUQKBgQCJapYGH2WvaCNcgSnykDE8hsRKZyJpYJtAUwcR + /irk4T4ysV0WR1Q2rNmImmje6JkFw+c4aWdx/0qTGm8YUiuEFFynF+yjv+BEgLf3 + dFnvDMvxoYrMAKUI0n9TEItkrG+KIUbIF+o7aAtRdak+4x8CxUXzMA1TWt8UTA4k + 4WLrTQKBgB47ULCLv3eRs4+2bFddQkP9H51QdLBvk5EkPdTaPLFQ+mziNEOzLZYV + eTbk8+cRvjV7GxVitPv58EqipYUL9Z8PP9KQqjUEzxJgU+YvnFpPTbLIG2s1WNRF + zEsXkNrhSB4tq+dAVL6rZbZXGv6wPm/W/wNk9X6Kc8qK4SP1xT8U + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA1T2LtQdDI0nZYUtRffaLzwteaMHBFu3GwPZg1osfd57YWhNV + GaPfJFTgK+8GOAuNmEtDB2ZU+QDqz68CaR8MAtVtc4A3OfjpSp3d07pvntr7xVvT + 4RaEpGeGcJYkyDsmCKGg+cQCnJjmhUmyLYN5j2wU618OlBRxmycqTfTbxPx/GjHk + a0CfgwOjKjCodJZlxxKbXWK1Rk2scE+AMbGg2KRoGNVh69OwXIHdZ6OHKFpx2DfV + YP3/NLRPrjXm3kQ4Lx/oAuDhIw9/pFfwgn45BWBy5VNrKGE7vFhH6RvBwsWa66bw + exHV/JMmqgDY3kIRIM8nHx2gycsn/Ga8NAt7oQIDAQABAoIBAQCYcbti26I/pBfn + 2nST3KHujm4b7gggYDRq1rg8KJGCbui03IVGI0TvME5imiqT/o5nhcaRj7LHoMQ9 + XRwYEr3/eJ0aqVrR8wS0908SgoIxytObMB61F+gTsH8IFg6Nptt16Daw2FQVp6mF + OD5NE2TgB6Cc9AP0EPl2tfUkbhx/IcT5FxP/BwzNAz6CpUzMzFxmT7C7xiylyy8u + I7dcon/ixyif4QLpUJqPDtfM3xGhVMCRqNMbOIIFb/+tfno9K2Ut87Y+a9JfJ40T + sjby2KDryBLsi+VmEkk3j4WYqObZSJKVGjFl0uG9CeKSw9dX81Q7ZxoaTMjHWoce + UjOaj+xRAoGBANu0wU7Mg3PTVxNQRvnZF8HvFESPrG/MJgKDm9Ck1zGlzwWotqsD + /12r5c3HlUTfkYzttWBZqHEUPB+GHkokbcrdJUETxYgJoj1J1c7xjgUB2mHlZ7o7 + 8M4VIEMQ3reebK/fUQJ+fjj6Ey7UWPgFE7MkH8xq4IRRNMnZyE0mNXajAoGBAPh3 + XIlY6f+UkoMZS+JlERdF13DFgAW5JR+GWyN+ovuSsw1KwlBM8CsWq3Q1VrhOCf42 + UhXjlG2jWrhVY1hL6iDcQexyTCX2NMgpEuQlFLnWDsLh+/wvYtDenrE+iHIZbCb3 + 5WEPBYeMLFlUtrUBmahTkQKHcJvvUDI+Xm3Cp1zrAoGAHfXbOoynDF9wi2CyHRYe + qEKbB/JzuFclg8hAskYYVlvfDE2Cg3WrGDH9x38E+vxl08sCpd30G1+AB2h5rvCi + zDw1/Vbd4/w0VJlB/9Nu433qMtleuMW9w8ybtqmRRYbkGWOhn25ydgCcJxGsBD5k + /lPZxj142nJceX4qU2L3fXMCgYBpYJ4zdi1QAyAcT9c6PmkAONPFdU31n29aLm5q + 4GOZVL9xrLo6ulbFv4iZ8aFE63wbf8hSlkG2OijYswY+RXwX0bJ36IXZN9Fs7taf + QgbHRjzedF+dti8vrKsbOw09bwDKiiqTfn523YFVpbMTk4kqtb5zlyOwTs/xbzg3 + Tu4SXwKBgQC9oIiWyXsasqOcQHoD64dAziSFWvcDoPu6feFOGiMSwcACRJGVU0r3 + 6U8dlqVmaKRa1Vy1OlWs4W7qHutZLWCzqhB8YQv+iJi1wPt7WWxbO454dJMOBV1H + 7dQlpucItzhIq05+Al4FbJoVsyVrPrOan514/8iBpsNE2J1hX6yIyA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAwYm+Tt0HhNllQEZfGhs9JZeALMg9qCTYjQnHBDO50bAE+koV + 6j41pjuDhj4TVHudg0pl3FP9hm5Qs3meIiD6WJ3A6gtXvRuvIgbwK8OncK9RDTPu + 3kNwyFkbdcxMYE0X22sPmgjxRCTDammMVWJMuPFmN/Wmtav531LmnPFhy7Tc/H6W + jX3Xwpn5PXz8h4oIEggg+IWePpL8AXeEBtihZK5qTB94WQ2HMMWZG3mKKcqh1XPk + HqEN2s1g0X2ICl9s1koJXgkSbZFreZolxCxrC4AoiMpFLH1TNzjgaBFU2ZxeMc+V + 5M3+eMQASJynGY5IMPJDEYiTx0Ua1HbI4Fad0QIDAQABAoIBAQCaTlRpVFjWVu4f + XPweOHF8M1qCWfSuxxHRAWantwYEZS7Sz5bBeHAV5YVr1rpatWRUdVDZZi3QrMuz + DNhDpb90P/K7p+eAYz4zBw0eF5S8h0s8F5fvph2Z31HBje2nKlBHJQj/avnRtu4H + Pbghq4o4Ol+hZj5QwpkqsVIk919dpaTYnU3Z45mD3+wxxQsoTx4pV6hNyB+11VKI + j6/kNLkVcokEQ9YvbPp+lf6Rqg3k/rwrxN9KLNlllE0SG7Y8rxSWV+fGIF4KTSZC + xgIAF4DodrXrlUuTNzCSqzG8PRGGoldKMq5Tnvj4NRZpLpVK+9MguYGTpPcp5ew2 + QOU1jDpBAoGBAMXx7XMbgfNeOBGnND4Co7+Mw9pfdw2iFlTFYfCjEjKp9ElHVNyp + 3CZKsB9hDhsh4BLK7VxoQwn72OjQ92ZxevkSjOpaQTMaU1aLUJMRK5oPM5FKXSGw + 84EbH79z6pIQnUZ8nPsRHgK41c4xHKU1D7wqmSkiIOZzR4kUpDpqX491AoGBAPpM + 7r4rkEk+Gg96m02hwVmMZCcPB9/4jNa/v3Z79InrfLLoO+NqCblD6d2jGIUBEt1h + BeXX0bhKrFZrhYWjwzB120VlX/JmX5wsIqEc0kmRb9CsItRindmqTC2EtQxp7jC2 + G+2YQw76jjv6MnfcYCQi+gX6vUi4jwevagHgjEVtAoGAHp4KJWjW0+b58zkSqpjL + 7T//t1JW3uP4YkpZmNgQY4fIQmFnLe6UH9Qjo+bmQKoft6htyIJUBEJRTcmsysq4 + w7fr1f/538atp1BLOURJoz3AszN2blSphYnFgl6SpN8vBI0X1vnR04f1gjw0exVX + BrrsD+G4hwzDvt9Te7miaFUCgYEAto0hmsU/CIwoiZ2MY0RUNjF0YiBOSAWJAp76 + zzl8kpKTchB6jVQrH1nu2V04Ztjvn1JB8O5E4Lplkun8igl0NIXglG5pWetcVBTE + dOkGXe2atYC2Llx2b+gKgzBEs3cW56QKHnFshyIqVogWAuFRpUl1PKMxJjak6p// + Grtg0skCgYBnOPDHBUabmeeDTGZGJyuZgWVNFR5vuDSXgA7lR0At+4XXpCGq1s4w + AN5qDf4ORr++YlYmdTBHkMXRTMO9U/JBs73klKeczCMR0CIxVT76qIW7wsbRhfN2 + SHn6rRNZdkQLy9d7x/0r+aA2Z0TSL7NZtDOyaXgOj3tu/7WjBcZvrA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node4 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2W88A00iEITCUL2GzVSr46TH9jQRlUF0gtQlJUJSuN6SBtBg + vRDi6x8yjA2TIt+fOPDUxI+GLbkrnrEByB4kmimi0jVaaN7o9in/CWo7DbnHxPks + jnigDbXzGV73iHaeKoa21LMqCIOLwWqg6X7Rb/m4wTmG1vU/Dc8FCRtBo6YX4CyB + mWYm/AaW2ncK3BRDRl0dwRcktylTelyc55VD1/qfUX4m/mG82QhlVGC4DtEq2zwM + mJliyQtB49Chd6tLI60KcmDIZ0RX89gfpGPdA4q+XQtWV7lZlRyNSEtxbqa5Ys88 + oJ1a0SyQxRzyDOC3l0mNcEJrbnPFm+HpwtFoQwIDAQABAoIBAQDI+oFNR+GhxSTb + fqP4bThIvco675wFCzCHsVH4Y5qU2N2/QKL6f35P+FE/lViYVn0VI753RXawEsWX + 9GMCN6J7gNrIVJqR7uEEkIL1j+Sv5jYaAnvF4QeIRNNEczx4PbQq+MRMTKMgpX7r + tASybw9l4jx9FhBl5uB2ghFUfoYonSya0BrV5pvamszDF7wumtCU/xpiokCiEOnx + CsLldLIFSL71b5friKXo6HlyZmEsKzcGLVyjTNKJYtUl0bVwOR7RMqXjwOATLGRD + YxRvhNxVm6gFJCwvkvkZkGynt1FENw5IeSOWGzHwyN79DA89k8etgv2TVKhrC2No + kdiHqI4BAoGBAPDXnnf2rg/Ld7DW+zLodCF5Y2b+pfuI7XIg0Mw0NUo/AMBkLiTJ + J7gn81m6f2kOliY5PB07E/LInowRZtBlLJBleNzpAux/7zAA4hcoBTwTfOuRuNPT + w4t7/f5Eao/lVDGlGn1hSpbg5XTl+ijJt5Wu/EQHp2ZScapQGCEzk5NDAoGBAOce + eflU4vGLGATRTC989oLfkSs5yEZpIkqpnRu/8Mtvz7LBfH6Xji+sG0b28TIvfzva + Rq8Hm8Bp4jIcX6bp5+pDZ/0US0T5ojLqomRzOBNDLhLkJ1OwHO9rBqfDHV0szgrO + BnHA8NB5Gsh1atsJ3kwBgMsOubXeUl2LHTi//QcBAoGBAI9lEakDamdlEYJsvWt2 + E47Ko3BzNYgp4pYNC8RJYWEvWdcyznaAffGbd7x42dtHIAbqFOyifCIVaLCku75g + PsRKZkfBREhjc5n1LKf04AkA4WOwg4c7kjW+QV/ehEPgmtxkHP2Bq9NhW7zaILOg + RnoMkY4/sF+vvpVU0skR2E/ZAoGAHZ2sJ6UXB7i5NTTUvGkY9aBMa+uVnGAwgrzF + Yx7vbkI/rTpaB6bIE5fMTwWp1rJ7bWIFGLyy2q82yxETuMHUdBJ7KtUE6CvM+xVS + Bek10FIVf1o5J+IzcwKV8b1w79Wj+YJ5FO6SbUR3iCRzsunK0JaIuHyEk6ePimkf + L3x6ogECgYA/yUTbteFtcPsoXbdk0ooD3RuwSTlfURKwxFvrmJfrUkP8FFAENRvq + S4jbm4OnuNoeYb4Oxf2bAEY1qWvS1FeDDRzFi2TWMKCGNjeDh8CBgkzC43K5dzZP + 5WJiUB8BUhcNbGrkQzJdr/nJYSNk3um6HxFwlSWhM7V6QR3/v69p6A== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod17-node5 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEA36RQastwV5f4c/UODTf28c6nzIjKlOflotbJwPejSSaBSkxA + TBZkyfwG7FSr594GKsInPrak8GzRKG7Dm6A/y+n7iHYx7cMiCBANpZhh9muExIZu + Ifpb0XpCFbBYKN/0k8JrTEj69VG/X2npnpDY8YIv2inWraSkSoH3UAsje2syZhzY + 7jMgTwlYQFR5AQKC3oYs/q2zS/RvV5TXhyOzMfPWtkr3TE5nxrp1tWPsLrAX9GSN + tP6EC8bWdmMWEm1b1ywoOJFDJguR3vzq7mCoq8SmlStWo3h1pkcy4FKgcb6j8Lk1 + fYjmFMIq4ku3RATQ1ZB5bo39fItRAeTEqpY+gQIDAQABAoIBADvZ2peqGEeo6RoH + VBpfhtwRxUBsv2J4aTFaMCZPX8ic4G8E1xRFzfVsWGH5CwSDm7zntt8GvD+Hr7YV + Zo4IpeoplWJg113dIgdsXGqbzGPJRH/fxiubt+ToxjTNu9o8jVTZ7CM/SMJMfV3I + l3gTJawEfk/xcH2KGVnDTG+Ee5t0hbYu2FoksvD+b0FYLzy+FTXbAycdpmDXNGeb + gILCizTd/q4puNfg9812UUJ45GWCHVQZcE8hZsP7PT6EX8DiNBFwK6jBcGRqnK8U + RzenzyDD+fTEZratcB/4Vpc4CemZxM1nVkmnkEkkSGuomyDSXBVY7VmSgvj5ioFq + l4/EvpECgYEA8SMvCSnI1RdqjO0E1pMCkrtWeSfELbSosAMe9WUJ3j9o00lUK90a + W/KJVyGEWaAK9cU5wfVwGqxEmum3FfRcbU4N48mTOSheLUZ9iNrIXeByRe4q1FBG + 1tu0tmzo2Teipg7FIBipp/0K3lAc0GKIQuUjl9g+rTputgMscy0QnaUCgYEA7W0S + /pdt8QwiGLtB9s97aBps6w3xMTCEQnplnyIwDCiEKOuqmm08T+1/6ba9tipr0TeE + /lRwrlVztM1pML9pU3yxijugn0gHjR5qtfYCIZiGqiWtA0AsR/Bax4oSWJRj+TlW + glqGjtAksDCbt+8GSLqfyDKEyRPDBcQDZpOK/q0CgYAxBkItzrzx9czH0fhF16WS + R1wRTbBoym3xOvE0WtJiyOl661GdiVouj2S0vi+2OP+BcBOKB2g/Q/6+r/11DTUt + U80nHng8CqT693XWOQS7cUJKTV2PxLJiRFC9Ne8xGkqLED2rhNgZOyzWfdsd0qp5 + TzSpTmGPvm17u7FxyRuzsQKBgBZJjubnQCLIiMrZiS+p+mOjV2YZQPLlIwU6iB+Q + DgKWKxHMTY+BgY/fM4q05Moc4VIabBmTw6AZ1Wq7fYxd630yz1eykTligZL1r/60 + wS52Ku3962fKtl1qapsgkuhNxbS3dS93X/o3/7mqVnPFtElPe4BHfb+CY2Q/KjKO + 1xVhAoGAaog5dsq4XVRhTaMJJG+iOqMCELRFbaKRRneForcaJZzTvKfWI+G/x7lY + hTg7VoROnJHUvfJ5u4GKNaJBvXE1miWZ7Xct5DF9VTlGkiyG0qr4NuwLS4tklGxj + WXVjL8jecK8AkQp7km8HZCRJOk3OU/LgJloc096HcIp28GZCUIY= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAx4qVolEaF1s0eKEqkCYybqL9v4ODiX+GAglz7KIQxXZzaF+R + SVcHxrbeMJV1eD57tpIdm6kbcjllTsnytTef5iaJeEyJu5cxyr6xhwyQNnuWlbHl + 9H7LlF12eaNv94WAJ/S1I1bhjt3gj6vvXbFuridLydC9v/ELzVG15d70drVsfDvr + RGbBTPBTt1HX0pPD6uvaKLUwy5vLqx1uP+l75+EhmE1BmVy5c4SnuUdL+/8zqoPF + I/07wWY0Jq3+G9zSNeweVIxOv+vmgsUwNlNFsiu9XzzI65ngwaVHvelT1JT1ahMe + O97oqOd+XgYFNrKphJzvoLNVtt6/GdnAzjv1/wIDAQABAoIBAGV8gqZPgWmnpYRE + 1BUEmFnU5CHnjZr9FPcsP512v/juSbwn/wjCDt5uW4tyOJCzltBAeHaXB7KMpo3w + AFVSuSyhJQHeS57xQw3O9xOsvBw5t1jjZgV4B6qp7nvnOCc36vpnZ0lWAtpa1r+7 + vr50Y8qHifBXDmr0+f+vM0h6oPNOZIxapny6V0XUCmlJD1BrkpPes0RLM6yz/ALT + 1EprK1LUGAXXOdExwEHiAaL8RyMBVrIUhQ/uXeLytqieP2lDUu9xVKPYBN+YU+/q + Xx3Lweu3WFmchG+8Vn+JAenhdUxiass4BZsk7XnTpIEcRnUr1RA3XJpwX9Dljouu + YuBOzsECgYEA2S6UWp+5vDehgtGKmS/LUDQzcgh/a/DbKhBgLB0pVItu+3Kykp+8 + Vtcd7zryyffDb45y7BYw3qf6IZEPoJXs9aO0W+/TXr5+x6tAiQEmGECpnOwPRuwp + cdFVKc6ghC3L8ISYFklzK3Hh0yZKEiL5A4VqyQDF7yzE3vsy1T7F/OkCgYEA6zTW + hBVDRwJ7JRgia7FKv5l2wxle92RDZ/Mn/ZwyHbrjLmVjJGNvCSdOJbsFQvOMVbO2 + OhFtg2YJSqAGscO6IO90ZwT9cLsBBBzOur7BOayq7I3t5i2D3Nw5nix0iKP95YxW + MKDWJxcAhT2QsoVIszTkskUEBlduZNNwdmZP6qcCgYEAlbU+Hpor9kqC0yKOX7pK + dCcHr3ucGlQVP5G6Oa6AZv8Wqc4OunPR6CqxP89qvT5FQgj3vzYsyc8Q5UKReyje + BxWpphZTpeO6kPjDq61XDTDFup4eic0RZJvgEMmWbIcFJe7Ax9wpv7Do8hxawtXI + wVyel6Ao0Q4TR4HxMH3tDMECgYEAkIHpHkOWDyW2FSdL1pCZ1TfrYJjQ4Pwn8dDS + DB4QKHXvKE1AaVXyHVSZzdKmu+i4mtsMJYcZmrZxFPlWw5b2X0/fW4AUWlN6n1U3 + qkKSouW0KhxVQqtKLcLcX5L+kgj3cDYVqlDW4jNerX4SzavX68qei+ydOWw0Nhw2 + J3hat1cCgYEAzaThgGbFLplA7X5Fz5fC9QrZRzYHRQPMATcaFmmRQSAT4cOgsf3O + Fg4pPyw9zRE4T2/BMPIj/ScJ5Z+jKoblNnZ1FKvYIp8pQQoSA/2vkeprOrXlhukZ + kK6ghUCh/s/gHNDxIiAdHQmnWxj6QMDeCkm2Yt0IZdDZGRo+SvEbb1I= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA0U44kUUxDaLWudfqu1ACN2Hcq2+Ne/o9+R3lsxj7u0oAezLT + HodOXCs3jh3HgTiUYsnVkSoJEP0XpXOeuGOujb8GrswDYaYNt7TDQsJqv2Bd0qDt + Ew2n8+ub4oDFY8XuvspUEJz78Vlvx73sJ3uuIXEDAPzP4hwg38/A6cQtq4SYX2y8 + vnapKVydZJojcDlKPldgEO2uBvzT17aPBFxjHva1Znn4GcCReqCbKWH4BF52VAAt + MzaAhHqIluVtNjlv2dYj7/QNbSQuRaudtTySrxHWZUoiarhMjnGUGpFV4m+t6vEd + J1yzOPJvBsb2bxytblz4d2TeIlQSOySicZrc7wIDAQABAoIBAGN7Bx3cwhTWGbLY + 8gM3YuZJyCVfbuLHLJ9z21IFhNgesx3bKUbwTok2LUCJ3OIJL1XI0o4daZO+h3em + /YBsOHG8ooOACfdmgkyXSNs5Jp1xQwayYBvXOMWRbVT5mVfzoqbh6ZS/2Gt888j+ + 9vhJK5lPansUrgWtEt7tkqZJDN/g2BgDiQNt6xkSMz/CdkLVUwD+xQ5Fn0Z5bxsA + zzo231TFiYUny/9Kx7q/LQIYwAD5e1M1xCMbdKEG8U8yFNe04Z0zXkLtOhf+dkcb + xzd4IuJC/bIW+pDZIAiuzmzCfW5BJd3t/5bZQl+a0+1bsyiplyC1PvqGxjkVuTxh + 6KtvwzkCgYEA+WTqjbATD5n/aGwUrARmeL1qb/Ax+3bTXgeileax0RfU4rGmTURw + EBI97wWlEMV7tXUQSGYktKFUcWRXUzTa/L5GZmTieMSlf9CAORSpT4MbQRq9PWv/ + JBc7X5gsNsQY5/o9VgWqx1FDfFsYULUS5HfjvWdvvGuYbuW9MHw0rL0CgYEA1tl5 + E9H3fRD8HDVmC/giW+SzZCYiq+4R07sfExHlgFHdVdxWzStwSVg4Ze0aVt08ra7b + lTSPndfLVIxEBObdyRCfaulQrKeR3p0gsJj8kngoldMjKEYJzLDIuYnf5agLYAeI + 1v6k4pHhRAyfi63aJuYEVRvcLInvG7XD+j6CCRsCgYEA8syo/iB5rirDWao/xejS + yqG+ShSS1LqutVDBnSbn3yVQgRNrULZcU4ku+tGIDnf1JIg/vfyTp7eZOnvx+HPw + 7zdf2rhFNEZeybz32Jqg62Q82Hlr26yUzVJA36SLBxaLGO2rYWBLD5myFhOp7Ikd + R4jhE7jsM4ic8vp/4gBKWBECgYAb1FWbnKHrIE0Xtk7+k+iXcJtQCKSLEq5ad62B + wdqxcWkzGvRfZRYJWhUMFtdHkyat9K1auVE1B+O9kuGopOLrjWyo44ngo2AAruey + GE73Bftz1MKED/Zq/icx6UsIK2k1yiQOfTOMaYr9TolIBX/xc+/xukcducwwEa5N + 9tTPKwKBgAzgaU0mhI6/42sMgU4j9zuOvjWvtaPGTgG7NCozoZWFcQCB9Gp1RN7B + N3okwosJCKnrqLiXkgDMRTZxC5iTkTczN7S+U84NZd1E3GGIsos28xAoC3Cw3sNj + UrhnQYn5LZS81ZmUcpwAUeViid1MpIUX9MY+xY6ezhVjSFC5z6Ci + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAsaBFOPnB46jRQrNT3ARwuquYsOSuL4VyQ5+yZY6WgBsAe1E7 + pZ+VjMXW5eko9DgNhLbpED+XPrEBHFtmW72JFGo5nrm7Lj+vmv3f8a+JL3gk07pa + FLAWIuPkN0c+cBTvOj8odrqC4dh2BjAbkJaOiHk/w2py9uaS5qIowGgTeo5bi8L4 + y0vN7gjVnH0aQB4VGq6+fJXW9Zt3cBhyYfi4/KA5jyN/VlPPFvJTkAjksexetrpN + r/ZFWsRQiSFbTxlpJIvGZ2tdmREEtsfwPCYgi+/YyC1pCAR5PF488XYncufAGm/E + JuuaMxiTmmhnbaVIhjgSmFnnFhUuX+vAI4TzMwIDAQABAoIBAGGDtl0IKJyeUnvG + zXQNcAHbMNF0SfhGz6s2Yg8FD7S2njYVK6TKjqSg/FBuB5DDsRA6BotoDdVaAV0b + BH+69yWhB48PMia6yeJSG/6oOq03zSf7t3aCETUIXYLHdwy7QXZ9s+4yiKYKWwkc + ohVnwkpEHnBe4UyQ2vcI8UxoFsGBuZtKiJFfxjcmxXNwJBSA62ydZHwwfmCNuz4c + 817q/LeUIZgynezO4gqrr6sWizrDP2HB9id64EgmEU3lL342yXbZCX/yfel8/eio + jwXA1IS3ae9swt0KzrUM720sLTqBtzi8E8BYVyAEMwQ2Af6++dpMv510n/0JDX1B + ZUsldOECgYEA29OSj8vOhnObi2d3G3gEzUmYLyi6+9ngQc38wX4gqMTZNWdEFj83 + 1l8dxfOSq2zCO7Np4bdzO2S4Ky3Xe+WGKNuXyduNIIcuUXg/7sQ9NqLIszQCDraZ + 8Xe/aM9hnTVeSa3SI1+Tir5PUaVA2YVYq24MuLuIY5eof1Mu2ITA/UMCgYEAztr1 + 3BLj59I444hL1cAdjNoybCq6lYrFcyckDhnTL1QyZDPL3wIroE6Y9d9qN88ygNeE + a7RP1tSnLVjomOIR9kR7Krl6HRRtJzm7dV3ed3GTBhSm24LgbMYU44ef/TmqqhId + Vh9S08rM3Wbe1bsKD3LtZigCwygQ+oMUayf6W1ECgYAGQk3n/juRJHWHUJjZlV89 + oRzOKvC3/wodlYne0IKJi6FLnfcYUxB58Bde7YJ9kwksvf0Dyj9jr4h24kVCZ9Sc + ETSPMMsh4/dzpmLbn4bGqXfhclekp5pWf7xZdZ4n5b8bhfF3xF7lEmobvwLLrrpJ + l0aRc/V8MHNBvNKWo6EDFQKBgF4OE3KQqE4VOUbEB29WnlkYMYsbVqF+as80QeGj + fnHrv8nt/0oUa4/FjSlm/54GuTj6RbzPTOoq4STuYzx4tqAafUJs+YhVbFhEmOcB + 2pDG9In0Q/ZVqQPsgTz/wxBZ8y7Hc81gCsJAWSxmhPX7yNRDdoxXrwHbqvStO1CJ + 6f0xAoGBAJErnksoLP1Kl2bznS2a1AeQV+qdKTpdVYwP6pgouPItwBQ89vBT2234 + N6on1lRfewIx8Cz6xZjcSQgNoK4zXaVhLydFLEB4GHPgDqqR1gtNcfV+JyE8Mn8m + fvMbANbHnzFqDMF7xLnpTaDQ2Cx57K66tJFAJLMDPSm5zBXcn4M0 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA3C7GPaX+CBwPz0rAbWorFholDrZqV4Q5yOoxPfrTRJsKkjpN + PG9Wot3wZNukGWoUzm6uTwu+tasfaOGHUH1EmwhHXtKavWhfuzJziXXPL2DWAoWh + drIkM0c5oYHqNSIiQk0Ld805jtI8L467Sn0Sy21oSwIbPGVpcQeYtI0rOHLxev5P + w+KkmqUBImjv4otLtIScRlcVLiOFqitIQMX6QtJ+0sQTmPye4ezaYg4o0kT6R7xu + aPdPHH25ksh/yzQTYpileV9TVSv5IhRrilqS+TGVNT/5MnIuMj6cDX8T7ZM03/uU + 5mVVLHlxURDZACAhad8d+t+qRkfIuc20PQt2pwIDAQABAoIBAQCgDEgBi+VJ08wS + LA4P+npzSHHjbemC0BSI3OMKYIated2HSWXXJj9dh+I0DgwMhTW2kHGX97uaplbg + j/8iHMx/vNbUMFZWk8XydsvRAZemosctciFZ/EegFofnxF2QXc11UDejz8Ok82DY + WPH/RUciI9cJnvBZSIYKqTDxHSRrlJfBCgfghaqBaYqk/21iBivKQc1m0jTY9TsK + MvxLrhFRSLYLeg04xBVpvvUVQ77l/YZ8HbrsLy23fdeDPPP/XaYxM8JmV6KBYjor + vESBR9oFUK8Lf+md/mYjliCKzEH2CCBhPve/iYsIAkgZ/vazhJZuVMNmqpXYo92t + zBABPHxRAoGBAN1vziOth69Jsst/gqFdzx6uTJLaHdBr3eAMuBZ//1TCv0XDPi8J + U7dvM7itkTChZvVT+OAk4qQOsGzovw/HtpwQ2IAG4su1bV2tX0JKDyE5FW1P2PWE + UvxY9AWJAmanbBwPMyPfspPD1vP9HLYp6g+wMiWMRREQ8IU5HLMAF1LTAoGBAP6M + 3FBFnZEvQzQ8eTRcin16vLViCXbpiHctXKHZI5vicucY9YEQqx3+ZglcOTGICi3e + 5sJ6lPban6jEMb7g8uXoqNusnuV9OAxUI8PAiNxOzb/Qba7GDpP5v4BBB68OfWNg + Ob/Y5TEGt0ZqlSebLYOq7yKF7/GBS+xRqSj56CBdAoGBALs6zsyB7Ej9Ao1oChbQ + z9C8RYihnjXdDqRjfL+hiE2twLaG6CwzMbLW9p9/OlUpE3n5f2ReK7fVp7zearY4 + AiIhaD2QFPFzPL7JWdMd9X782i4sJmEpelVeDS4k83/CrflnrLD3cvHX1AdHC6DG + /d43956h5MASV5v9d1Oujwn7AoGAB09QPFXjcnni+isKaACIUZYmuSa5ktqd+p4o + 3NT5es6D8jL7SduKrm/Ryk8FrXB0qmCOS+NtR7F7iEMqEosvLn8B6l0Iqxpvc5su + 874hsAHrUqjPnYc+f+1aHHrBl7tYynPG9MVrv36r4K/K3LpOEkvkVh92hn7qCT1H + GFAk5FkCgYAnvm8VVMCnwmzPfGAObxo786P3kkQAGMP0vfew/Fyz7hCdE/H3yq07 + +42aE/jfDo+tLKMYMleLvHJFMDtJFBM/ohTPnD1bV14a8SFJ4kd2V6TZzkVfd335 + 4E2+iFyyhFQYgS0km/xeVPd+Vo6e3suznqhX9Sr9mEEVJw5XOkTjyQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAsLJuWpNsBvXtNny+kzFW3BPOVt7hkgAMRtKtykDNev6PawxZ + oo5tuL4tRb/htj/htig1uI+eCKCo4TBPS9GdVgvnWN8wUzqs7DQcGKlPrGlvg74M + nh4jOh913gdOSZRDQgqcOSE0tAOWHVGUhFSFgdmqzCL7d5XVpqjLDleAM2OgSmhf + 8juqQmjtcoLg0Ioso5QzZO+MUIq8qWoo8bfFHry+Dy0PVZyDm1tLDBCcFrjNndrv + xh7gCdvbN0wHTUR/RUwFLGcT1OUTLN7aS9379l2ROHjSs+T8JpjIwYYZ0/XzKc7W + ofUeO1wTNjrrWsNNa8Syw75io3LuLQcTMu9CcwIDAQABAoIBADQKeWIH5Vsvd0wC + 9YYYlAKBetYvErSTewoo5rKY32wIKWlX29Z6qGou6NqQJwQsUGf788aF1f+ogdTB + C7nC5NoA64RLR8pbj66JsnS4+RRIgWWFxeWT7sAhn+9iq3YUSrLauSRCWWljXQUJ + j/phgmi6GQnCi9musZxCPnvc3Y9EnRri4G2/hZqIkyEdBEzXuYjUcibRJ8dTrPVN + va/bMHk6BqauuORYyuNBTk/taal+Os/gdnClhR/dxPhae9rz27DEUvcIfEIouQoa + 1kZcFWBj+FieByW4Q8NzQtHDVe7gvRrAlhTfIT3GoIkQV46ioFmdu3dybMOsMQLF + WB9NO+ECgYEA1Tf/oNEtKij+pfGLf3qh32Oc1svn3iSvWxyGiFAiMGMnVAEPt97N + eHKNpxzbS6ZpsxXi3tnNzrgKwRn/rjVJuqAPi+TEEDHOA1Nww89HuTT5wHJW7ZZq + tTRorBe0v9bELrDS9OELPe1pkBgdCje90F/agkbH1Sz/bPj9kPt5WskCgYEA1CZ9 + SV9/uIubK7V8QWaDIKcZP6Q031EvmLX+q6vWkJAMW3usnOTyprt2KghAkQsdXSLI + a/Hcb92RscKxin35kOKrbzwvWEWuDp5Asn7IqcZwPw9rB5NQFN6EzhtmI3MDS2pz + sAZlHQKJTpMBCae6MgCB9JPNnty/kkyzjarNlVsCgYBeqUXsd/G9TgYAVoTATAmh + y+/NzSlcDp1rrfZsfmcvZFYJjY8U6u3+E52gG8eghnlW8NiQZ9JffIYJxSkmhrH9 + ESLV0PLa3cHA6EKgLF6Dc2mObzT4tlcZq/LstHmi0g63S/ncji0XiVfciVgbOTQk + VuoD/LirhBbCoqiwvXTbQQKBgC1Oevssde5Hgj/3Zi3hYqeah/3bZ585i1yloVmw + PQZqfPkclGR9UITjC/01/fP7162IPB0xbc5GF1NLLPdSp/WVMt9yjvnfB6j/ivmT + se7v/hC5jjXz8+pBC0Oo/ksbyNxWQ5aYBwgG/qPVKSeStmTvTtGYrxT6N79aug3L + KFR5AoGBAJdQB9VA3++LtKvCqrAcemKXismdYMMSQfswFoSe1xRzo2FtQWiTjHvN + iekPwH2K0z47Kso/UkcpFuv2RuY3p3M4kPebAKp0PDXoHYjQxbnJ+K0m5b7g2kvb + Af+t2zTKsM8Bi0YaTVhnca5NekSLnz2d3Ln9YQ/eEvl2MTM9w0Xc + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAo//LDTeBygMaipDHKzjxz1GcMgLJ/d/KU6pf2Sq3e878lOK9 + w0EiqvVpJGDq5R34HqRqXpgQuxvTHoIK4TmkMzI9QLGTnGtgTvo57qMP333Elf+E + gyj/m9oeNwzpny3laIAMFzzjik3mI1aEmMq65dnPiM7SrrteCDdfM+w68KVTMbN/ + zS0daeFizoQjyrfEMS/fhXN0liKPmslc/UWTWwY/mzoqtAHDKUlNWMgNDnkpFEH+ + ynE75My2mat7n37itNFd1cfcpBjzzgQZW6rGn2tXlrj9EWa4m1kbNqqEuOH8mK9U + xj2gxiY0aKHWEvvoY7y4bt3uMKhkdYbIsTUWZwIDAQABAoIBABttv7cxLmrsA/di + 6XzIJGFJQ/d1UfU9BajimO9IXrG9V69LEPPkI/k13GTyNLcnQQVW+Fdj1YCF0dSL + aWhr7JOHdokoagjCSLRM032fFhuJ/GQd/Tq2k7GsVFtetIAj+/dzWxJT47aQ+sm0 + Qa8QURv6RuSZutDwk3SKVkjn3J+8slQi7aBhNkMT1UAjF+CSH3QSFG4Ets7zwWBd + IFw3bFbtzNGrDcwfm7/kWE6hbh9mhwrdRxgb54CC9dBYcSBbPIvLipXNIcrnl9kX + GfFBfRxwnIWi+u2P3ygLmKdO/vuDZcwfR2NkzRrMuUC8zRnE6lhzWm72ClDVnJk0 + SXUhwFECgYEAyIFYwBKsokoZFueQoeUotT4zPGlWyl6PCPiBh/OzqQ24thviYrxH + h40sHWeeRCwp+B3GU/f6D8Ftaur1KJY6YDLlG2Afwd41JipHlFWtyKWwxRt4+OUj + 4fAcwWt1JdQH6/JSnY1o5w6TjMRnDEX/L6fMX2/HWFywRpLao0LfEb8CgYEA0WPV + 9HVHpFcEGjPIaoaSZc3K2tV1R6QkmlHhDQkzi8AjhsD/jnBZbVhtbqb4BRM/Uo/x + 3t9hk9+tV5wpdMQsaL7g+FI1pgqLzi8lknHJjfzFgOORR8ZFq9A8l2JxmQmOzmbD + ZefaV64MPhZL+1MSKMkSWyNHOnbOQOZRjtkc1VkCgYAMD2utMfJcWKSlsgwLEOOf + 8zvVuGhWB9YGrhvsd4Yo9wBTQ94cHkMXLjCnHCJy600i9XeGeXX7GKFiOvvAEzkz + rBwHx4JhgOIlh4mCrJylYwH8+SgPoIjGAFFaeQI04koPsSWzAFx8+W16nB2uqU8u + KKOsYebVs82OkSrBgzYztQKBgEPtvIJi7cv9wsHxXKpaX/IQ8idOKo8ETC+YMod1 + HbjPq3bS89U0034qus2z8zBKTzespQ3lsBU18llCuxw7bCDLE9bbbLYiI7rPBsRc + j8O1ZilrKj17sCyOEKoX8LxyIlcJdYiA0A+z0hruRtYQ3ApJOOBCMKBh3IWncnwC + KV15AoGAYty729Ip7dg2YJx/izNoGyralRcVF9NmvExH7LNoLRgfuO3oDBrk+4n4 + TD7nB5Er5B73/G0zGMoL1++PQAamYqidmPX1QOLkW5CHU0qWpYzaE/o2kzXxc1fA + l/hzyKzeCn6BV0vHcsDI2O2aAQxzdHihm0YvmkB6v3G3S/uPxcc= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA6K2/KMidfiYkIoYxQz6SCLhy29NqkqFCoZwgSfBEaXYwKwBq + D8NgfH2fr92RZLG6OTXI2rEOehS2qqRQEPFZdm8qRd9+mbJ0EgdGbb6KaGiIVgvn + 7RnDE4IEFO4h8hZZhL8rxyEDjBAAnUtsaObs8sTWNWZTGwu/+L8ok2N/bqsnljw7 + JibUlGuenwIrpEyj0SbnogrwOc3zUwZ9VG46NGJk7HtNUFOSfc2mkg+l+u9KNHlK + c5Sscd1wchZKgnpx3GKHY7MUINkmW8OaY/+YV/KNDEkp0povTocHxtbgkfs/59/+ + 9DWR+nF7dP3RZL9CIfmdMICoisvm4GhlatwOlQIDAQABAoIBAHhaXtWOp4A35FsD + RHn+5HSkS60PN0HvLdMAOedk404VtyaXCUVsDv110WKbXfhSwfuTqXgNO2rEShQL + 9+o7nMXZDGmmCAsiNk2Y+8IKW/dTkqnHcMjAmZn+l3PoFSDulJFIfTF8DySkply2 + RbYhNJECZbarXfNQaZUV87wBLEomO1CqDOIJtWojr/urWJTKzklqtv2C+p5tmsKD + yF6w0eazppTVOOpXUSjk6ymQNzEhClycWmXSx5m6KnkuzaakTVMqIFbLsl4ld8TK + VRGgOxeObSrSfv9jNwPkxpD/w4pWUwGzFuwumYD8T/r+Gs7IViJ6dBG2CFycYO+l + lP81W8UCgYEA9CguvlMdQnR2paypebZNNS2PrZbvAWCeBpBUWhJZNTBZn2ssG680 + MTq836pFZapm1f8S0D041vX/Xw34u5hTOwc+XccpMnCGEzJwyA5j1La2O54F4zih + SY+OOFnd5i5UdLCHEM0cq4qFN3Rp/QiwbtZ812yPkLz7VCUPUOMhdxcCgYEA8/cI + aJt/JF4R8L4fevlOudieqYeSQRuJOVfHwIGyif/zvMtPtZQZ+BIbOIMCADRRTJJT + 8fINCtV07fxCqWc2S6RWe/cGSCsiRJYXjFoN4dqaYs494pffCXFXLLUwOSq/2SYw + WXo9OCa7WFRbY3fJhdB4j9/KzfjmZNTeigIeczMCgYEA4+gKUgCVZG4APoAgpotE + IKqJ3njwWvHMMMZS5s0P1nVugz/wKVtvNbDlk0aGhvL8ES+LaTRstUNlgF4zWzFC + J+yIC9OXogylKpA/9I5yI6H2E0pbppE7BMZq9DD20CFZFp+dRFKiO4IO/ge908Nj + peKzIAenL20okZASbufFWjsCgYEAgoNBaFTna5k3l8beKHd++kU8fA0e3N3SR28C + WaYI0XKv/ev2NHmKev+UuGK9i0Zxx7jwV5raB1WyPC6bquygS08bRS4dmjYZGwAA + kQEMNCsyNHGJAdOlafPMYwp7Rdns0Epxyyxt28A8sUBPs6K9mGyyUqWyZQYmmwKW + GtaPW6kCgYB6Nk8fOoBbKEJxPzWS9dewTDVsMBc+l7VJf1kBm2pHq86y/V31RuO/ + KYHUGJKtiY/UYnG+eHEhkbkhK56T/PxKtKbJNAzTNz8Xz6JWCIupK3VPN9e/dKPb + 5Ik+g8avEUjTy4l2Bi77HBs/lD1vB0fE3ZAPd+xzNu1z0R705efcrw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-jump + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAzV5tuExTU+9A/tNkCqoVhBtYsZeNWrvuGiYWXc+6CXYKAhLo + eqVbDNTtxwsQA+KPRJtiJlTS1+EYeFd7ZTQHAj/vt8NSdFmIVSpaJdkDBTBLX/D9 + 9b3hdx1u+4ZR3jiU7VDsezci/apB69oBuihLcvCmm3m2EhgFFf0cUAa83Z0U/Pdy + Hg1VRSiLcMxxU5QATKuDNUpt+NG5rVP+dkVjYzp+Vmzxws4pY9T9xJSYup/rdb0T + gWpPFi8uNIazNCbUXRwHFM5VXq3S0ueNCCVIdA24M21QwrG7NZCsoG6n2d4yhLv3 + 89uSBzY4UQ30Y7Uqpi1vjn5QmqkYLrEuc/5FmwIDAQABAoIBAHSrE2viuGfzgJoD + n07LpyOAoZdqQFxubOqf/o7Wxpo/W5ooAbhDHgGhKV+tMjDy0W8pUs3x3EHV15/u + GuS4dM7bYaSkqr/8aQ3w3Hup2CRndjqP3sZvU5nmt7jear3yqPBUy7OH9DHlOkPx + eo+1+n7Wpd+nej63NJR0UVRJL5w5bxzKEUgx8jdrvPGdTneAmi9r2tKMX2inv4We + oHOspopKqb9A7e4+uyCwW2rmtZRhkccg+LWb63LBT4Xnl21bn9Sr9necB3WtTq+U + 2Z647G0PULthTNXmD7mYn7UikRUyXqBvKlaQ7aXGWqwOl7vfiKhKBJZtp+zvN/x1 + xp8QsUkCgYEA7PAKnk9MLRqvuZQO/5JCWb+0EB4nlWjukMJKgC1CtBz5H0v//hQu + ipW0a5r7S6rN3aovkMjgOUb4MH1Qhu9Yem8ct+SVtiN8azSIWLxYbaaEUzs0PTgO + onBpB3V7SdAJTCRHNUfrFumIMvAugspeJXKh+reNDrXunKmL7d6y2f8CgYEA3eQy + h19QU3DcnYpZpUrBehqlZ1DfWf0XOwGd53jW0//fDt4ECytXseWcvmTa8Vso48Hk + y6oMH5+rQx0SXgte3Ni0KuSYes3jEGlFlTybf3ETuFtamGXoAO71X2tc8JaILASm + OJN6yj1woQxKGUKK3lbnQHEGWbp8/bZaC6qpvGUCgYB8ghuiW1tVbGuhYruK88no + LcQqoB3+9rg+28qYlrAxw/PpzV9Fnkdizg6UaUna1nP+IvuB4v1pO/EaUg/qCIZ/ + ODpoLDe8EePE1kM8FiWF4XYx4q+t5/JQzC91Gvhhrm/kUkAVMKjKTogi9HIMitl0 + ZkvWW3RFobc1HieJJXjo8wKBgEHw0uNP+/sQCz/2IXXxpVW4HXd6nSWNBR5P+LEV + RCJ0Y8FzURhQpRsE9XPPXRFk2d31fRzZSAkN1kN3nEG+d06CR+iHTpkQHm5+GmOj + Q0K4Q/gBjgbEIhJE8T6OFWyaD5WlPBCMI21+nL3/fPXMxKAWi1qnPA/mT8bGLjRR + X2fRAoGACn02YKqBiL3reJorvVmTZsefzbv2EInz2qf878D6wSLO53XxdlxqTi+5 + s8os57XwO9XwhYtcJIjsIoCHJjWwtAz2jdc8tNCZzVF+0sgjzQxQR7roTedpSSNr + Fl4kffJOD5rsc//eBDIaiq2QESGyF+x0TM6VhASPB9xJ/ECMGFs= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA5U4DMNAvkkGBgR6CJddKECt1+Y8VBVMbGQs9hC7Z8qRQHnqf + AFEs3N5rq+CASmoTdx1/ZjRqJnwoNVF3j1KUY8WNBtx84M0DTY3M2j6FXmOmmESJ + LHdxBYiNcs8C/j5517/yuHERs0aYxGOIK7SORw65159yQ2cFlXBW4+BGUkIKUkUj + R2TuoyBYRO943CWZRMHTN+eK98TuSdEaxk1vqNzXsvs6dk3ppetXa1pnHPs0KZm3 + CrOZCg5CWEG5J0gK3vojQaR6ygrRV+sGN85q8433tsfMRy/hmahJbAQVwxhm6Oza + +cL6voHCuBkKju8JdZTl5b/91YbaF+pUKVS9CwIDAQABAoIBAQCcYarNZH28+g2v + GDZcRkoNYwZvLwSAACBv4PmQJz+eOi8lyiyb08CL1OiLbG0x0sv5pVVYR5DJNE1b + p3apeQEYVgcK0d4cldSV1IoLoS3lpIJeQAdpGwAqbOlCjimVaNhBqneHEB2pLRFM + hjC81cNedI2LnwMXMrBdLSMk/7QVrgeqqldJGJ7WoK1qe7akgoeTA+MR/qWDLGux + Bogsh3i8h97aQdNGNRs9ZBUUmUidN84TLelM2mZ1lkxI2fXf1qGLTyf9AxHQGPfs + FoJ0YATQidF8xH6xZZ86RXl9xS2b3pEOU/nolwPxKYLhFuqNrL1lGb0F2wNJmZLV + Ktjq4LcRAoGBAPmwAX3m9gkElFSviyqqiUlO6kxOHug7Lv4qZVNvBOkVufTSRMBS + apfeGcGfdAo3p0Y7vGlfJpugU+M55Az5M7ujqClj0qPWq2O+IdoTQPysoNUtyNL2 + rUpPIfRTKv8H/TBKtcun8M6rNWm1G4fIN8ef8KZnbviY95rKXScCfWc5AoGBAOsa + FoAfBH5gPOoAsDJm02UvILiOU0WiPo0TnWtqpR5KUnhIzHCY/pqMWg0FRbGTvuSJ + KmmuEpkwici8mpx7Q1fgC47QiuLCoB9cIVpn+fJmkvI8WQ6B9KSu4DxkXTDGRjqX + +jgAE1bJMMY2d2SQna67DYRTXTsqSIHwywSZ4mJjAoGBAOeQYBHP3WZHpPlVRI/x + URl34ruZx/hAyzhVQVu7nqY8zBVN3Q0wYkMubFyx8QB41N3CEN74q+mxK5uU2Pdf + NqdTBGY+eeAQ+yqp7uM88AxmXVLX/2QH+nbsJOVfLIURd7MN1sRloGNLTWIX4Mxw + 16p/nsP1MWnFE/2up+3B1WOhAoGAYdcnigZejmFquE+1BCS60R891NCWYyJUOc3x + 82Qcd3CixaA2RJ3HR3Yle8m36WD9Toqu9fAVmV8T2FB1X64Epqt84+ByDFDG5oYm + 80LWSETb3qeywFDhCTAl7bwu9D9vtq7M2UVexv1PqQ29vkJY/QCnbWxsHlVIe5tE + QhPwnNUCgYAc45f8x9pUcacz8NynFxAG/C7KwLboz+ssHPOYOBHVo09LtjBI3sdy + 98ot/ERtr/G5hhCUWUXX2spnbjYLrk/AKFVP5JmaRv2TOz2GKo54DNwsYLb1Ctsd + /b7kCHLgoJZQxbqiKmNM74LTLv9D7b06P4BiYqJdgNCe2FBXCOthEw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA5LKMumJCGGvh2YiPaih1JqfObaxIKLbTEvtqrj5gfSMiF/ml + Oe8hoV0ce8edR5uhGGzY+MaRmZ4tbuxBSD+u4mjx02ggc007stMW0M+Izhy1/EFv + eKznz8orA9Z/HwoIOnqJsRhRd5qKjAoo8a5rg/+PTKjTBQt4Ndzx9q3Hx1AhDvN4 + ViYswqe2z2vn73wOH/QAcT4ZZ3snTb2oGroYuZHo4aTRSZVGk1nZzNZPOAZLookg + NgdIEuWGIUwY+dXoXPfTsjuJ1EijjjtA3VwjfAKKrU5sUFJ/3IiXJE5N0Ll4zhQ3 + eG19aDCv0jIpShyOR1XIeM3uz+QX1X49/hCU+wIDAQABAoIBAQCU1aqGZgnz0Mn0 + A06qXNgZJx5N+9AeRxVJBjxgV5H9/o5iogKomHr/hBRUbg1qm9sUhUoTZU8+dVXG + GZVGysMq7/dpiRuNTlcqwvvXOykiUkcRexhrpcNbVIv3/HFQpvvB6xuPGG90civ2 + hWouF0A7cGc3Eav7XYKHM1p5GpGooL8+g9tHKt/DX597fDbf6hYh15OeyJlVdclw + pVYscKMomvEMcAS5dMR1CYacEx3Nzep5LkuzLnZKvckucytJXaFsE+ZXUbjvbMIO + qIBHcEeXZOVK4u02Xy2BWR2Uybl7NZb7AKFZHbZfxZs+/ngJR7KjaJqjjzjYlutn + EzmWDpBBAoGBAPk+LXfnYiQIHL8tu8hKjjycXXDqmSzNwU6kkc6YBim/pe6BspB8 + 7bm+tVRCkD1WkvwdKb2GweCEUG+HiuYG1qojJOTtmAsEzNdXVhdW+gMic+lINKr/ + Mqj5sbmsY1xqR+1o1IxteSVUtYHK3p5FlNA0BlKuzyvYSoNkq7OFDg/hAoGBAOrl + x9JUYRBtkwLZXDj/LahW3hFxBeIUCcQqrRopYRNS+10e6wN0PTQehh3ZNE9frCZb + d3L0KdbtN/n/qfvsfbwbGMQMkx6sG8JyQ/9V91dKOwicMYqRqeoyseXgytwM/Ht9 + +ukpP0pmcZmk//x1+sBOv67bZXmRPukdJFXA7vBbAoGBALpqd+V7aRrb+mw/D3kh + 0jqhFP5UaNZq2g8w5WEosUtebQPze5O37LIFYmgwFOPbsbnhMgvwE2gSbnrMXOXo + 7Xt5J6oVzqdHItJZHyn7wqi/hwRPHh1bHA/oGbZuqi4/y6ZUxsx1QKvcLJl0G4cz + Mbd7gdMrrgX0Et8tV4LAnKDhAoGAPNLnHRVwVNqquJAkCzY4UmC7+/QyO8pIhR0v + 2ZhhZKmWIRTCchCFUJueytfVbcAuSXhhw8hplRez6O5Ey9D+9dhmX02KQuT6Ay2n + YdSWyWmVQ7N+OI1jXBtoaUf9/2D1d9y1Pe7KTq+cNta82liKZ4V8qQBylDoB+kbr + g7EDrgUCgYEAqVKWBVLF37tClQt1jkz+bWEAqnE2e75p8FKz33lO3Aosuu3wL9po + MgmaaocFWJm/RSo0vNL3cMGblkoDPXgw5ot1blF80jaJswiMjE14VwFRdf2AyHPl + 9RSeTOcub++IQs5eMDdTWWqpjvNfy6POO6gcATVhNobOCsvqrCxiIiU= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAx84cvFlUdir2iio1iPlFxQ67x2PqGCr1/jRj1ptPjnlnXfLn + AbypA0jpbKS9r1lnSUsJtK+TNG78jFtmfnT2DLX+J9tZm4qI1Z+qrWhM0qlYyPuG + qXuSDI+TR5wbz973/2IioTAbSo6E32cTHHWhEaCT4o+iD/K9jZB0LToWX2k6+iQF + Bg61rFFAk7SOAO4/8CcsgMBw3Qnl/Ewn8WNCHcInkLqhgSOF21yMlcBsoPv1IAAR + khXmF5tr8RGmV13K70lv5IhusGuznZ2FYF9gl07VxQ+kWNIdRgYwPgb2qKpT2pbl + jzBX074rc4GUJ3gTimchGLROukOm5rMxRkYMhwIDAQABAoIBAQC6rJkwaA1/cdhx + ccoetTY4S/Go8nKOLeUyoWP955FGvaqTnhOyDb+isAZWWPxXzaGwWokw5TEVNfSC + dgqmb0RKz+Yq+scXiTEa1VgzN1U/JLUs4cMIqcjkL2gc6X8akWkGk3tjOXzmBY2i + 47x5RHU98Nb6P9PcLqBmmOXSM4kfjZzKHV+JKLAG1dzN1oBpS2XS+Ak0fARq4Qe9 + eaBfmTR6V4SeqUmP5PBbxLhJqSKNaXPtsrErI/3sqoamsngybM15HqN/vbQuBGwR + YNEsbCDcUTpAJbq6he0Mu7nZkG3FRBMmap56CL9eq9+Z6Rzg63uVJ9B1Ys7tKuDZ + MJVYOxERAoGBAOAMgwAraaEdvc2PMWnR7cIVm/21PzAlteXH4TAAYpL+Yt+CNb8M + rlzKuSh1qNjDAAEfpuaoJyTBcAjS87bgk29CQs3ghy+n0gGKxJfkMBC0CuEWr2jV + OEvyN8T0ChU6PwSnkEgfqDU8RDpvFrxrvGKPvrkU3NVjPjFKNF9m+e3TAoGBAORM + hPDs6AVU9n1DIRJfordoPsmhXTWMmd7QQvDP25lCDrO5Vi6vf8D/feeH/+mZe74e + 6JRGTUYatL4qWIHCpUPcia/C07uPdXRnxGwFUJQpMh4RHzCZyEL0ZMWxUJgwyuJi + OLDVJADyH2XEZ2cU3H42FqbB/qPPaJtIDQDpuRH9AoGAMUbPMSRbMRJngmRyC8Ie + Nsel7WEFqsNAhG83ueT7yTSl7l6nD4PsfYAgxSNLpZEN2TFq9eQZ592blHVBIQG3 + q4q5QqqVUQfqCmjI4FdRsvrGQcdJgRcUMK/vUCQUa6LJ5W4tL4+24S6GGwv/xiUz + 48GVwwMxpsUTEqgtaKYvZf0CgYEAzwdRG0ZLFeK5cFh62jWd0mKXZbOOWiw5sSP9 + QHHOO4n62SJ+M/H0kWlfnKHpAcasv3k6ApRKKQO42iZ+gpWn1wVcWuX7qj/rDHe5 + WRfsvZ8qErgGJ8WdJJKJ+/jTFGBS676UmE+AydbHgDr+Zi010sJsAic0KwrAWuiY + 2jYZHWUCgYARWuy/Vm3kfBR84Kbr8D1RPUP6C0Q1sj4CC5GFpnnCULKy5hP9hzFo + PFCCH6oAidnz4yf6KB2oYs2kbWQ/Ri+r/ap/vmeunsAJFmaHr4OWiiiGYOYdSM8K + faOKD3Spe7A3vhandsyPRdNOhtch8ETR+bzaH7D9BPaBvGRPUenDww== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-jump-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAvgW9e+5pewHHmfEUTJs5J4kQaAqvXLpYirHAabjVyy4wRGEu + GK6Xn5Fal8JElirfPPxtsruwNJ0q8swPsL44CxZdv+MPwlS5HrNFkKo/WHCT6P+D + Mlagphp/ngD2SYasrYc/fG1SYObcW0fmQl91oeBEXt53zdQtBZkex92XmviMf1F7 + BNlyDuKzGnigWl29zjyno3eqmNCfSBlSaKvZ6efvaHsZmsZryviDtZ+0v0TSdkKi + 6CUOJlh+UwRotsj0+QzFLS93CACpYlBS8/sru8e5xP4qwMfUT1QyaHaX9rKTc04R + TvyHH0tDYAGfRzgeTmJQX+yTqZdVOe8WrLL6HwIDAQABAoIBAFfXn3ijBe/vKq5n + W9LuDsXP/t2Z0ucy3at/8ErvPyXl/DogEocmbsE9GHv/OmWQ/BHdP3jYeuRXo3sK + ClbSGGZHuJ70AFz9fXZLuWTeztm7cSTMuYGTukAPD9+i4jerIjg1xYtnniVdk5A+ + 9JrKNj7WxcR1YzyrUQS9fBU4wtTINLAEYH2T6cVadm5p++idLHAAI9YHj9YpuB2V + sJHpk1JktURre0ouZXTs3EES46S4zCpBXQ4WDWqeBdbuv5na1bZV4nMSmMVrN3T2 + RTDHJcoQtVueoEk2yvc+PygMjp1GY9DCRQ05+qQHSKxFd3g/u4VGfSPW0lc9nzQC + CnhXU0ECgYEA8R5TF5xzz1UEOzznPpeRUKsinms6qYLvtlBWwuYi/EZugrJmTPWF + D9NS6krqiUUFTQZ9utiaWD0WhvHCDyrNSiZrnUIQYlm9MfnYtnSuNncqdelHr455 + q8HjEfcMYHf56+gLDNDwLL4KGu9EWKfWYmTwBExeQq6Ese6jlSFrtdsCgYEAycAY + 82DsgKUl0k50szJUMP9Ng7nMVWbIQC1ilaoykHlKt1TvJhmDNFNte0jqQ2k+OraR + IYZsZXY91sFHkT5s988VfQSy9NdUmHZ6xTNIK6zu7ixCCqT2T6RHxO1tz5Qs+/uy + PM6ioNXqUfvxXRXBbF9SxnrQlFOPpJCS+MUPmg0CgYEAnVV4StPgDc4f8LeQ/RrR + y52f/Vdi8/FokcJimtKoyYz713SppFYg+W6fkBpKaEANcXFm4WEtdZ6G8I8YXeVE + B7qCRh8xqbt85PtvGb+RXiDsJ/yMtlV1t0nQ7YwTG2+uOO01KKu9zLREy8aNBnye + O545r9RVPZW7KI/bVhh0vDkCgYBzQx5+HYfAz5lWF6CwqDZVb+aXNVU6DWim0cca + /ou44rL/HrUqrTS6dld8MeI09TGqVZeA8c2IAg++W9pJbsLOqS77p+2d2E/qcvYd + J/k5iqlOxVZNwoU+Zvrh1UwBZgR1Sg1AlEVxYgVnJWt15PIGukcOQihcNYlBWZ++ + JMePGQKBgDEorNejlcFoPuc81GadTbdnhWAAIuuL6vkopPF6R9wHc0ETDhNfCWWU + SvYIEesjdLRRs2Cyr8mFL4/Lgu97zZx4pc3nZVvS1W1I4Zt0XdIRm+mRMyvFatQ9 + iiyyDmCz/16Gwqv+1mgF2exDi7M/JjWZFPs4SlDxNMbEbKGjF3es + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-node1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAwRm6nsAAps4ZDbhEy0i5yJWTu49FrdXF/YKghHrV1FcIWkb5 + ELqBPjIcSKSoX8uHxfQgCxVYxb/N086OiZs7lbFZT0DKxxNKGnRRh7lXkxIdsVjs + DZgLbeeLr6y8L3gt8lwCB9/MjfFCMXb9059iX733LC6yPDZ3Dz0vMEJzxS2mnOsv + ltY7xC44t8ygP0UeePYP4MaPXXFyjP02n4ZkSK/RNWsNvazsMpTdjG370XfrNue3 + ilWbdGq8IrTLiIRUZ8rQZhAeVG8sNdWChxci89YpSw9h6AKpJ9kC1NEfJ/VLXDX6 + Ar3pfJd/XwP0Ux8ML2jxuBEahVEWblqz9NMkDwIDAQABAoIBAEnlhr1pzNYI2R2e + /vSsiCxy0W5djdTQkkxJyRPpzhrMk624q2fzd7JNivVhze2a/gKLQhf7u1Ux6Zq8 + 2V9fwJWwoPTrXq6Ae0NUcD74dsMZk7NizDMHlJginBpGiF3CKBMvkrdgte87/JDh + cJGj1Qm+sPB/jkXssfNq/rwBMjyqaEeQCpzRf2+lk6WTPkSwtD77oCBsYMX2Y+Kq + 40piL+BT5Wll02IEKashyhZ1HdU8gTUCDieBQNYDxjkeGG5akkNXCKax4vt0G3LX + g1fTbXGL/YJP+iniJ02P5EY5baPpYKCmV323MXQwtPC006FSLllHlmi3q1RQsFZv + LKf+zcECgYEA+tA6R5vsvlO5miafqb5ZRUmO11SdpqCzv0yqLFWia0u9KaUR8UUS + WilamDYoBAMlPmcekB1TG+OoG1sEc5zQcdpmAJ7QBoHkPRNGwpywWv6wqehbhKBG + GkENPY8j3g0nOyCW3nYPeXfYwE3S527ngCJNYxzUyWzikfGxz/Dv7mMCgYEAxRf6 + Ib6wCl7ZBqZWKUvFn1+/GEBAvcLK1BE4RuhAodUkPpQSQ6s8oBaqf46gPRwzlDeK + aGkDuD57n5Y9wq9ThXuUNu+6J9rMrjogcoKLT3XTcLROJ1Neo3uBMoz8/tMzRhtg + eVV+WV1SnmOmGsrX7ZkXejBIR4Aty92X9K6ZvWUCgYBiZbSniU2Msa4cAtEat9mv + 7BbE9aZPy7YY88vDTulEbNdOcjsiy3VSt+yZ0I1MXauL2srLwSVsyJiX+tI5RSkl + sYfY8HUuSGExcNGO4gfx+v91+PmGg5ZdEG5QW0q3/7MHaFan+etCPTlk4GNAdmsO + AucXXiVAzJ3qocafjKekfwKBgGFn0Sm+OPhXGcDskeaE2R1Dz4hnsNdXnrAh9oMs + o0yXrvryaPhid2rS6N5zmYO6HU+iB1hElh8HWkdrlAhUZ92vTne8EG9D9iYg+go9 + tCXIIIAxy/IphLsc/aQDA8HYlR2PyCUO+Iun0H4Q13WkTATTxUOQ+xfDJF79m+zE + IZz1AoGBANvc+XYrf7qzV79oPr/dAsqWb9sfrMlJAjAKZ2hGgK4FsjWJslbeAaMe + hV6aL7jBtPeQnlwTLXtNnmYWAUpI7GYetf7nNVlk39oovW+ls4KUigaW5+/YnPin + TxD/Q3tz4K8IKoL9HJgsZuGrQ/YgBIFTN+4QJsnx3pe3W3JfZBZj + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod17-node2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAqqj1GasfGP2uGTgFPkH4tG2yhq0dZ9hWQmm6Z5g2O1GLfRzB + XpOG1E9VNjt77EuKik3oyspwhBhR4ftrtYVOSqk260pExKLRzCard5i/D2TlPj3K + XaGVYUCyt5MGcwAIICesmbInqmsLVpeg9us6aMj5xQ1/CXCajwYdFlRJ+IwBtGOG + GmPr2EP2BNwCYLyckhnjVbG/X/n1CYwaqN58cBPnIPT1nUCkai+kYyc28WubDJ+5 + GlFNCUvVJn6xFf7HBllOVnUJzrK4O5+BAOtWgVCmsLJsK9SkldZX57JrfeG7bhGp + ccMANR0/I5wdFhVzojITJpGao5XUtYigztdwzwIDAQABAoIBAH6dkhM0OYNCGxwM + yx8QtSOwS4bOA4YbJIxrguf/LyU9b98oKXMwwxTbsx3kbiG3Phc0jGWAYpAutvmR + nqzzNU4BU4Sn+nNlVYBApHC7++zA77AJCg4Dpx+bb7zxMRS7TkwFA3KYkgNHHgdl + wf/QL+q0SVNgmwL270TzxTre2G60wv3XQ/2nw/IL2YdaEcf2/mD4ZH1qY1IzFoZS + U/EVUItzhPksCihk3nGw1PBw5GoAFcOTmHLn/BbhoXJ4JWfKwqMG5hkXWrp853VF + cOZsLGE49WmNb1Uwx2hMW9pokh9V5rp24Z01SH83uxcJoQ7n0+G9fKMWm3RrhpIl + xKqlUpkCgYEA1tBpV3iPlRGG9jlpBy+4L9YbXSx6HzhbT5qplZ29+urOjird9f+R + z4HWayr5xo+oViBoO3lgMziOiMq6hahFs6Bpau9tx8izw+QlEytAPg0nLDGRsg5b + wCdWobS1uCHB+uiBkBichW2C+g7zRXnFaJRSftHIdzGxm1kLQ9JhOtUCgYEAy2Fb + SRAXH0+AwQpHSqPef8iGsLa2+g0v8MicmWFG269Wf6ZuK1mZ4hKKb/lXM6PiHOJa + gLokn8dZIUTpvyC/cFutkzIOCO+Vsmg/bw/mGfUcTrHDGvzgRHRKpnf005/Pi3LZ + DkEhxjVsjAcb4cZFIUT9nT9AJUbnJBOddaqTRxMCgYA7CfSp0bzEn5iUO5seGoNo + wlOq+/pkcjzGWB+bu0rnl3lFoYp3fdI5Udn4gks7w2fko+uBzQ4fhb/G4ND6wxDF + GaVfeoaVjhe6Ew4NgqmZZEwL3WPJqCCXYzhwIRaAkOabayOQ0vLRyRNiXpGF2r3i + zEEQEeAiwkmqBIMQFNYcMQKBgQCRmAyFbWNgIsYFa5pFsLHjwGXLs8GhmDctpC+X + DbBwLEE7+KT9m5Mx6Bv6tQDcEwIXs2MerCLzzv3bdz3ueT8S7E6CBV9OvlTn9wES + PMt44aN2IoONmmHiH24hZdZ6ePlW1szUC4RmJHCkfaJUKl/qxTzZiSIejXeCuBgM + 2CO+yQKBgQCIsLHu3FGfzgz01riFjLLPKL1MV7W6/jSlIDKrznBPo6/XT6C7pyh1 + k4r5gDGPHUXpRNjVufzd0BweHPs5RdZsmqeM2IQsvsjwwRjfnFG9amjLIc4omh4F + vUTBAdxlYifwrsYAOG+GCJ2Q3T3X4YlXClarhivtSx5RHJLjoVcvtw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAtT29xK+8i3lxNgWG/YYmE1mNmVuWHjZrB+K112+ix7CDldYF + 0fJgPwR+urDgTiQFN5cLL7GcTGIYmgArdBZcvUmeUsPjxxUuik/w/WaqyJQJc4Ev + sl42owqpfjpYL5u/n5o9azsx6OTxZP3b+rmtPqSCafgkZ/VcJawIDc+jhGAKvhVz + Jj6zjmvb77XFR4eUjmBGVwO64lrsH7juVt6n6EnwsvMPVoxQGGAL1C2Q00kyfjLT + DrQScp8Ez7N3YhzzeH/W4pr84NCJ9n8Cg9GkIDpP9dLzmNYbCUC+OzA5Egge3tfu + n/Daf+JgJ8MhL0YcjX4CxdlX0t859fmD06d7CQIDAQABAoIBAE8LsYNh/gJ6odSk + zn4uDtcrnKVBG5TruPyEdTiTuNQM+SbVZE5vvmhdpoP39qw964SWPMu9U+TAd+ha + oJkN076+p+2DAAnpBBZQzVNHfr7iScj1k/7gNkYftVKXUbTZ4dZTJ+xnsdnYWCvq + yBFu/88tYq+jCQXKLjlD8XNMlw15NfCkX1nJE6zT75MskNI/NaqLt2nmjsRCwCoH + Fttt/5lK1m4Ge4cqXaMKLiUi2ym04FZI3m+DBDqqO6QxEgpCrz7IveZsiVOF0B5x + 9413Qxem6zm9cmy4X7lPyNHgEO26jQSy5IZDHS6zz5wjXYEsNn9RpCGHVjr8fWR5 + cpLg1A0CgYEA1b08rl3vn4XEsQ+a1PbY2FmCMM3SvFZudUK1BjLUh2JGKQ4rSIJg + knqT0SDau66cDxDRTxz3vr02CzZCTrfGl01drAbAp1YuQ13PRYhaM+IPSNLAwS/D + zZdgKw4a3WMcfJbnkVJFUxEgp7csoacK+8aI4+atK+oVTpfJc/8pQl8CgYEA2ROQ + EeLur4a3qVjs6XcYnkIzO5O5bgKgdzbxpVJTz5UH24TjNICyy6yc/eJF2iUUOdEX + Ip708Uo3TyWYC5uiKYiu0jUHDjiujJjdZdeEcCdvy8b3eDlPGCqLTNOsSKKJ129S + Jey9CzEFP6wqeDgMDmlvDr1k1OnGxbc04UNQy5cCgYAChIwmcazU8Dp0634jbBT5 + 13QVJxeIaGw8rWB8hjTCs4GoEiaoYADLOO5s1Do/Y7sq4kPU7r5sXMY6M5VsX/XS + 6nJkCGBUmEtLN9utMgH+Anezn+ftXqar0VCssSnX2ccIIK7xo0p1xAnib+HytYkH + ljselCUOE1/U4SzaVPMjeQKBgD6VAz4E3KdCAYUTHAoaycAmebq9VgI/Q5/a+UOe + PodkAcXpw88JI4LQmtoe9+ByPCiG/VJ/3UILEXMB9ZmzHsc2np//pa8V7EygbYPE + 5GupEvP+wq2oaAMhkNNvWwX9xhuT/mzsmXu2gDrhGcVa8y7ceqYXOBCh7SpnLRmc + XJi1AoGBAM7o7NRNSSeY8U1D/tgnaSR1lsSQh6F0gJc4hLSigVMsGaFnqD6pQHK/ + Zxg5rNkPjZHHq5KRG80bKjyOwEhx3BQDwemv+XoCX8A6NzlgNWR8MlkEwlC6Twhz + 5eBy0x372FZpPSr1Tps6RHUZIqQbFFcUeNUH2I10HbVLEo+BuLso + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-jump + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA66FeENlqp50a5TJD5qhx+RotYhObEA5eGYtCEdt7ntEb8oJI + TROVq6vMy6UO0Cl7IJOBrIpR5mSmhl+QisSsecn8VH9hwC5NhCU0PIccGAvf0Z/2 + 8YEXtWFitGanC5wgOtE+p53vCO5R8t1Lm3YGmKZaAKTYL4IylVCL0e2shrMsB0/o + KAMYP9WYxhm9zoSDOxOMGHyIRuZh+XEPeWrWcK+wVByVoWX+RxmBezIDvWi+nZ66 + IFVYt5PDheVgMv9z7rvrNdMs57CT5YL4jkP8Jf5DD4JYNPb6k/n5dxqJz09VhvKP + N86kZBqAU6Oc6r+206jcsbmYxuarrqXVTspToQIDAQABAoIBAQDMumIupZlDlP8/ + UNMqYATW+OWhp4M9Ch68dwCq31ajgPCVXplPTsrmY9kGv50FRGVUwpUSwwOx+JWv + fuzphUSOdO8mw569Cf4T6Pdf98xzIC4Rxrka0J023SyTrfVJ4xclw5R6soBz9A2D + xL7ijkPg8fiVQqULckZc8aTqe2VBilSTqPM+dpGQ5Wy2cqjjK70MCPdIMevZlmIH + bogNSUpsfKZ2lqboE3I2AaJJiGau1/1RF3cV4L+NK9wSUJNJ/MkPzgw9Ll+SKf9d + vPhGEsE8QUhT4jPyeWA5CSa4K7QfgLRH6P7VgjVanNKolPhSQCvmyIOj5ZYpU2TS + njrN0e6BAoGBAO03EPy6o8zand0eHJjjcvlHVX1gGfYxsNnffMZcKfaD7XUEEMk7 + 90ez3gsaYPdclpCuV2zWYBlS8AKO9om96JiAejsqnt5wgi0NS79ms0P0Uv6zVYnT + RbpzH8/Ydbk3pPd7NdoaNEO7iYVwaYUC526G6td6+fDGumkxnd94dxcZAoGBAP5K + LJBPFuBA+iIgB5PUmH4u4VEQaE6cr0CzKy6CSTqtmMtKKRq1t4jvqqtVYE04Vnji + Q5+gw4I1yXxnHknH+4kzJlgQesnPWtlvTyQQhjGFryqxWaFNu+uflSvMeNzOfhpI + R+c278tAEKoCwxzGCw6tYdYmYy1lYmgQc+Xr/dnJAoGAChDlIqRU4ROB0Wk+s2or + bdKOGSTj1SOkqoomRFCS40gT4nxKrg9iXeOPD4+N/9Eo/ni3cwHh0BFJ6AHjClNJ + tHb3ON2FIlFJ5NmEllmoT8DlaLN5dMDHW7MY7Xv0+ugWkv3ieh/Uie9CVaxAfgly + gqks+/nW81WrgV0+osX837kCgYAZhfRnH6kaJSt2FWTtT59muuneqxjtGwj0I4eo + CWe0PgxiCzWI+shLNFMbE1yxI4B6bat/8DDvdtqcY/VETpBOuxWULUNF0kw6GtQE + uKvfeJ2WWWq3qAe+pKviU4mmEAvUM4EUEg2LhwilJ9XRo4ckl/6D8iJuQgjYjR40 + 67T1EQKBgQDn86z6ryZs7L6lnZuPNaQ7TJiyv9EXeOQsQ2o5qBu/fVNDwYlJjab9 + OJa49Sbv2ATAnp4ftkkleF/gFtqVFObiclkAhJXt4PqmY1JklLbaWKAxLv1QGRot + XHnidwjx1VXbKTbnfXY1EXPpAdsnGmgyTfrr4+LW4TeLaJBNfj/Kkg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA3uECyQsHrCTYCo7P/KuFNRXpqT5h/RN5c8CxBVKtr299NH0+ + e4W6BkGbuFrj1I+mkYJjtSQ8BAL53D2Df7T29INHL8bSpKm7vs4Vhqjbd7txJXLt + yLVbQ1/mmoKfTu0aZJ1nlXZ2pL8tCdF2lRBS5YAVJlL/AL6277l2JWUdeS7ZsLiK + WdWeGQz2MXOpvQHlwB003Xq/kIcXSOyJnoO72U1GIvWHZ/lc3psVztWh+aztY3Tl + buf667ohCCaiJWD2EVl5Q6HhaaAx8+K3G4LbJkzK+YNK/p4/XrdMRzNN5U0Kac4+ + f3aIwTR3+2/0Y8MAy5GbiIz6J4mpv0fAX+jJ9wIDAQABAoIBAFkg4lxDbO4KTdrr + AYGplbuE58wmhkkOYKNJi4D1bz+Y9hjnfPUopRubYQp4TmPSjmniGr11oAp6pjDM + 6KlJVPizBuS0PchbmBjVkQYowJtA+h5ft3dsDvMChtWDJvIJH2TdDW9X0FpRmVEz + 0pgJzxy3+703s4I4wi9bm0OZDBBJTPgbQ/MJmI59YxAszEByxOc2zsQCbICwvr/f + E2mZvJUBSzC7ySLZQ3LkYiClp50bRVYNyDA8xPQbJHMw268zWJUWgmHYwAxZ00Ke + +OVQte6qfaEP2rMcKQc6MCrZha1223NDQ1Nwg4KiJL4Aj9O0uADmDajjZ0HA5l5O + coPfiwECgYEA7X+gC/87W2I5Mr6VEnVqsvuH7O0iGUA75w8aCmGpxRoJBktoYxa1 + a1DfRLH5aWIKF4W/xPMVgYuQZzVU2wDvDSkIwsWYT4zaKCadO50t9Tmvh44ImU4q + +O34l77Ybfb4Af0m/YU5Tz8mf8JBndPkApbr4GGoxNLPYUC9fJVUaTsCgYEA8D3U + s/oyXzxlQKjKTvH0SzUnChlwPoIFLUAYU2RrkGQD21QzfgpJgihh5vGmEI47CUWb + 00vzFm/KdnrHAUfujT2ATsqqhy9ahA3L7xrWqepsEZt7/F209DMi0E1++N5ss54N + juZaYfS3AFlTFkkvNfIWbcyz6fMfyoim24ZC9nUCgYBDEiPUv4O3zwlwNzpKODal + zTsZwe47S1SfcDhebi5Pp4ac7HbSZPtfDzu+XrSc+j73XaJGsI+GQi/Jtdn870qT + YN9EgiD9dj210RHeYAk2k8/qbEYpZVXlbu8hi5f7lh98EE4Okq0YoDDzK5z0QX7G + 7HA4sdvDmfVO9cWNhW6NOQKBgBv7B5gCrvU6ooxaXF2/fnV39lkNx23wVMwFaA/m + ZUTG8VANSYYHirI3I9fzEyVge23EBrcgZGqbkJgmCqGSkC0xGY2TuzLNiBxTQwpR + NOlLXVTbqCAnhdjfT9G1BPHVbhGpeejH2YUJLHtE7BFvaqk8zfHx4o5/+5bqPYzZ + 4Vi1AoGBAJtzPKVdiFlP4QHxU62Hbz5jVUIsBjvWENNOH5uMxqV0RabQxEr1me4q + 4N3RlJLsjwEmQ34bwZoztUK9ugDCts7E3BoaQ1CSST4IwTePxooZR74Ootxhco9u + ZrSLRT1UspjJhevPc4zg61grlm2Y7hx3LqWEHulumNwvnLC/4Qg0 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAw5QMmK00nsuIs0S7+ePEV4SLSSeVTvQkKFfzbdtK0Ca3BbCW + wkbB9ywr2PVX6guY77T2HxaUyJOuuCWFQ2+wjIvwOFY0De4S7g4GHu+88oPwUKAp + yHLFYqtn2vGr0TXSUDW3UeCVlXZc7yKcG08z+B94ubBg6fdRO41CKSdwjS9wsBqC + N7PuEEogOoovU+OWOaPV4NL8E4OqJWKiF0Xz3BuEkZOrCBP8hX9Gu3oB2HdNxoTG + Ic+f5pOZbWFvxYZnNXeVLaDDcYt/yOXKWoAnc1baaeHkQfdSHpM5cDdX/F9JVDUE + vi/hRphaTn05zriLplDUv36qwC60SZX/y5dbGQIDAQABAoIBADqXthZffa49J90d + MHuy4vWdPeVSuIaI2fRENSeqVQV7M8W+m8vkSuP0FcbP6eCyTMUzn7C8oSJeLC/6 + /auwYGIa4oLeQIYT1xP+m5LVG/RD1tEwypPE3qGq3FhZorHwv+tLzHn5IJdAeKMj + 6US9O8KQGyj2UHKHp4yBy1ps+GkzUSOQ5NAdfbTNk9xP6AtKaQsyuN5MDmmD7Tll + 6dfR9h3W6Tk+60a/t7goYVIwBB8m8L4uhojsQ3jPMrnHt+BIF5Tmpq+2JoKEgHY0 + dDnomqJ4TgJ9vNbaAxpge/5QF+OCeG9bmlMx0oBUFRyORr9R6L08d/H1xNzZM/E7 + eIc8mKECgYEA2zZa+xjDRZwqwGrZkGEb0K66Pr83bpXrP2XavGfrMRRqTwRtTukO + /AOAVxeXaYXbr3X3oly8HA5r4Assu08J7lMVr+P3rZeC5zAdgJWN0CprmCbyINcv + gmxgYzZXR46upDyTeRZ9NO0H+itT9n0W3SNMBtrtp3F18/ILID0usZ0CgYEA5GZY + pfUBAsFSCJxLdnX+tkQ4XmZp0G+3xzoNhth7GPEW5X4F8GaJT8i99V6opby6cWvP + wfYd94JGMDsVkr64c5qQDsWYNeRSJapSBbqpUVNCZxJ2W0h6ViUm/jEqEZS/vovA + m41A9FjaLm0FE65ahCXAO1wA+k2FcnhAPk/IZK0CgYAfcDk2H8QJnK8I74oKSdMK + Z7SwQQ47HuchLYNkV+cEH/BrKrBei9ApVns2glyltpveGyYLtA8KWwsfk5qztk8v + Td0jX6dqzvroGx9wDILNIvhRVuyMxy+6Hb7pG6cCzTTAuytPR2lniMMHHuWoySHZ + TzGdHhLNW9lVxhXQZtXmhQKBgQDEMcZkiJldrIKzMs7/60vpdaCWNpMeoVjUomGM + O9lCC5cHe8HOR8Yb6uyCIdXsyLm/REUq8Ce9vQJd2+MkMwBvDY5Boiql4INQJ4Zd + tYJMgaDAuXNB5nhwF2nvYHwqrgQnwhSpiiUJwGlrB+schODsMyF13Apa+MxxECrf + W9lf4QKBgQCSNYrSjf4eszLBtcLO++6KUf8NbH0t/zEO2jwGpvO3t8UHti+KeqhC + 8wjbghrf8q1Vpf0/drxRdv2cES1BlZWfan7861CTmyLLGjZ9h84Eqv5d7C7BH/zd + MkFOORTjA3VA1FZU7ZmCHuKDH9vtmgNaFEeszikJmK6nlLeISPazHA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAv4vltDeQ39xsfPwmTL2vP9cFR5jKPO1ppxLhU3PPn7+E1ojJ + lKrM3bJFqBMlkf+box0FKYjcoiESge8dk0Q7ju2cv0n2xfxG3BXneZ9augeG4JDl + nUW6zCdHYj3KFo+9xdVCE8bGkKzN/roKbZLoly1nMoxSRGU9vZdX8oJaW4r0PF7u + SFCqlk5Um8ve4esp8FBciAuVlfEwtPPaz+MwN6oOyuHEGL3XvvRjBGJXDkdfguNH + yAwnRjU0n1915Y4nKWV8/zJ9xN1RDwlAjOTa8MqmNGimphhRPbdutA3sSoYry6S5 + v0DIeCa5k4oWD4VeaSZdGLuplklpMAdpxwShBQIDAQABAoIBACW8OsmRNNJVS24o + AqeVquPJyXl8aUMthmXqu0dEhn+zLElTc1r9dxSp3T0qYHltwMyWmADBvK2YFFxS + riHoDE+xEfNBcAM7Gv6athpowWfqubCd+w5LwWwcxNxezeQ59yn1RGo++7lewcpP + /mPt0DKQOEdmC4L76vjhyuq0sXZdBoSXc1V8j6A36JSfcCMN6tmGKuzAPLCam8+4 + 3nU8/D6bRG47TO9YsOPYg3T6ZZwKVluU9TpVrx+J6nIWlflLf4q2P/1voVhWu6p/ + e/mFfYgYrTpNpds1kwiedGTuMEpPfD6KWcdwKwTjFfPqTlamd5hMIPmx7B/ConUp + gsR4iEECgYEA/fVcyt0qIvE1kLL2XLHCjbm+gQNhn44f1AM8QYj5Hu1ULYR3TmS5 + hbnkpykZVUy5vcLP8EB2FLvLGrE8TYdguV6LPgDkqq6TwGfoLe/D8rZBUxBZzL/Y + fUNVY/w46yzROSbWPXXIkC/EzDpSJawcEs8vbQ40Sesj89vn3GKGmjECgYEAwRYX + 2f8cCeFDqEdLZB54jw7z9TJ5MfQ92lucO4INeIsLST5U0vYmnkSQDhLizSnUfUnB + W0+dBeLOoTydu8WhgWsCAdmR9UVv2llhYrL9WrlaPx1rB1QMbczeL19eF1VZSqPh + +Fr1gRcblJQLECdbIhshSPQgCJH4L8GI+r6f6xUCgYEAqr7wT5jZfrrMd+hLSdFe + bGmJEzbRyTQGZEZ0md9dF5UbtqrMiFGihq2QdW9lj/tRGqvDoNXGTnRgvyaQ09OE + jb1qQxrYo4VS49c4vMHq7eHqE833gnkuNjIyVFI9dqkgVputCY+KdJ8ZYvKHTrrj + +SWBzoHxWA2Xk5qzznIT69ECgYAiW9oWsqy8nVc6xKUHxdxSKKkEwtyKJRo0lwSw + Gi5neuahO/RALgklNLIlrvqo436qZMuBgiNA/uEiE/VFip94th//UEYGzTpgMnN/ + 6rXmxQDoJkX7YdtsVn5bE69cm5VuEMePODBjrkb8I3PshfRTl1xO7RIeNEtjxB6p + 7+3pGQKBgGX+29mUiK1VJBbt6/yEHU1lMeOVQIMIdiJT+iYtYUKWiwu6K6YNW2gX + 06PbpNxRWWw9mErExz/HET2onW20wMe5HRJ6uIF8AvjDkofCh3JXg3SGy6uXjOsL + 331DfZUA+0vXMSnnK3ZOPlgPkUsS4qT/5dqcRpA43mfNu6O1Skz6 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-jump-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtFA10D9aUe/A2YfOhNnzlyogFXKKxH4O+XT/6RUMII+w/PTe + m3XJU07lctVPMY+h5SQPu1nhj6uNljp1TzSpXV+PeT0QhzClGpmEYLgVL4Ax5IWA + V4YYfKxbOj6r3FDdMtI5FHMva60qkcitPd4dQQz1Rf8YnI8NlyesE3rw2K1Dg88O + 99QrNm5pVYKjx++rjM561ymhGCJteCDFv2Akg+rOQU96GUJSoW3z2CB0siVAlUwn + 34SxdEYhG857KuoGkucpr1HX/55znmKrViUvDlfcvAfxzPwtn1iH5s1fGRyJ6M9L + DWtFzLRxs68lzeYNpB+gr+ohcqR8zq1/CelkbQIDAQABAoIBAEqWm4wniM84JEhX + 22AtYIx5iogUt76MftlGQs5CPKADkK0zBhq84Kkri9Ky1m2kAs5s2m0fwyTRTGKG + kBxRpnXPn+QBFKM3xjR4qL/xpiHeH8VuTCboe5ynF53CawlaEgaB28bP1x/tpBxm + LPPYu7U7DQMFgULSEkcizBXK13JplxomiIeJa8Tf64ecu1e1kznshqlM5qK9C7ci + 1SrMYT9FO2nZC5iK51rHavTAs4rWbK/w7d083Z2dhrgTkkRWETkIuZXZ+p/h3Vrb + OfdSrj6CM3sq2EK8kBfURAGO0dB6PdgD2UAeCQluQhe1VAEJb2AGS0ROaQsZjnP6 + piii0ukCgYEAwFENTvJg6HLJq/UTIyNj3Pw9U8gfHwNRbDSQS7aTsyQjrp5LNpu2 + +OmRmhNTj87qUppr/tyvsavp3a9yrx0j6B+oKF5nf741wNC/t9yr2+vOTzKCb+HH + voiZe432TKj3MqZMZAAEV9Pim/VdqUoc+nvnrSrlKlqS2D/J/qk6MDcCgYEA8AWf + aKw7r5BVSE6CoAIeIH87YripGDqEE/DDS84MaM2dSNrSDQvAWHmHkuW40MJs7OZo + JDGMlQP0MsAsB/YMxpT+9PC20bZ6kmNXLC8dEhSJ38EGQkbeqikedkLxhLSDQgxj + DHwZiut5Uhbchym+APTB3RiitReNpxMK6lDslnsCgYB3wkFiVycnuUuCzJOFPyWR + 2HWsNaPDoUJT+oucym5BkRCzTZmSwPb5HCHya3SOyhA7LjRwOicioeZ5iScGi0Pv + 6b7CnL8g2mcI0jWBHmbbBYWs5cw6NcQ4D0JcoXOuG04MeWh6oVQTCTxFWE9h+2f+ + R6hmup6IeGyXQ2nbLrCwkwKBgAzlMHBOOJKxHXPaC/iOxJGYZFdkdmk/05LCr6tl + 8ZK74URlxT1AMWBPfzIsN2a322RK6LNxGg1zfe4wFu2CkaMlpCECwb+4nxM4VRmh + ml07T0D/PNfYuOPJe8J8zD8F97tXsQadsD2fcxAu/EAixPuGKtg3F57FGi4svrxi + BqP7AoGABlD3ZSAnEew3XcsfelU1I8XEDur8FZYJYdrKiuIgwYbeNQ4XS4PzMFBU + pkjM62EXAEIkCyDMk9uyAyUgun6wzm5hZJdLbMraRZp7Jvn0n50lLLLbQIswRlDc + iSb0ttXSpu8elbF6rmJAtBhmz0oqQVpliNWr4o/Tujmm512q4JI= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-node1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAwOpt4x9IxYen0zIPzL+U9wmOJlswJx/kYGgO1HICqTUqnxkV + rOybvdd4wWVJNNEr0whvrCiDlLbHfnygyXwkQC1PtV9HEUBw14AIPjSF6DhhvFol + UeK0Pek44p7nXj4K1t7crt1exP4Jigty4DAe972pcawHSqkg0oT/5mMKqjuh7dsR + uNdFaeNgDzjlvVbGQW7Wen+FjCds6VwsPYAbOmgOcbNsBptCX1iznwXLp1L0sRjR + xWxFPzmVI2f5eB7tsSt2mgsoOuZPTQbL7i13eGzlqsOqExWr19/LlVaLL/QOP/5B + mDGg6K2FB3BfjOmHiY4sY+EQ6W9bmgd0XudlcQIDAQABAoIBAFVe6OYbkA6p66DQ + hKFtHrT764YZ0INf36ayJe3pzjenKYdiiG8P/hPS6MNc2TqgXi5zi0e6XhBPmpTk + /hpr73bfFmkDEuYViFo1dHBiued8G/RISD+mfXDwZpYTD/xqpE1WLn7LxAaVDQ+j + 5WBEq0+jBPsiz89AbR/8b2o65htSp2XSH/Y0tOALYjEuxJEeS7ybumpgMT5+qrM7 + VIqJMS+k2iqw7KcRmU1XsuX9KltiAEWSv0+NMNI+0+3j4ZXX43UrHdixqiFyRtMm + Gvua/b06UcapXBSApgDFbCNNsle1+duzb+DRxXN3Q2N+D1XlRDEVmowq2KvODvhM + iA3jv2ECgYEA6u1XL5yns+zEjkw01hJhTXuLZX5QgynaBkQwFlmhs9EW72YbxYnO + vzWK6WJMavn9JheXIBj5fnMhZIS95w69gtL6If8nH+DnkTiEU1RFH3tyDRLXvq77 + F9fxwZ8izJ3v1rAKkGL9UQ4KxQE4r3KFMuV5vaiwZu/wIuVspWRhhf0CgYEA0jhg + YhAj0aL32uJFxXylGnmp09Qjm7PYxLTUvFm2FbOWM+8W2lZUJPicce9UIRCnNmQY + KyXZpJI6WUnEpVAIuutW/rzlhqNcgBEcpFUlSnsib14BriaSx4loAIcyDYGmAG6O + jnHm2A+gaYfoibTFO3+k09Zh7cKRrkKQh+HlvYUCgYEA4MzsOOs2rr1J+MCDbrV3 + 1qT55szQTjKmJojpWvm5+k+CGuMigAw2glHB80HUzikZTHIWcuhzFcUllwJOleNN + BPrNz+pQjfiwng3u0a451r5RjKETQaw/KbnB5P1aV2JqNo2ODkwrCnzdYVah34E+ + ZE2iCRJ6eoXuy/Wt2TYM/CECgYBKvqzWcTKrKSzDcMyqCUWTAks1/CmlBO9AEaPK + TIOHd9EiKhKQEz3b32GQyS26i/dISZKmVNDryOpiMO5wcOKJw3+tF3DszEzpZCww + 6e1WbC20N1KVnzV1KRAHkApl7wEdCjI5x5nynKvGmgI+ZD30h9ANWh57sUCnGxfU + mKddGQKBgQCtXb+6zdcuWS7Vri1lTE49831NZjC/DobwRhE5QJRnLmPFiCzOfnsr + +htnsJe/fGns445qhlaHH7VDRkTZlDZs6oJviECkMTk56Y3K72YUAQXknDswWUtM + HP+8NaFAWaxm8joIG2iD/etVlt2OEtflCk6M1ZXviNoKogM69cFlyQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod17-node2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA7xv2/Y36/LeeUMFWWJ6ztNHw1BIEK8EVjQumZgl3fk7yXquv + 9NFbto9LXQo9Yib8741Q6BFtZ4ID4n3h/c65atA66V4zWnaVivs7UVsIoHGLz7lw + rb9plkHIN118o56ipWWcojiUfulAHC7wMIklEI9F9zOhRlzgvZbGpy5dSGQ6ZjqR + lWkOQNxVnvY8qqJnrrC6ucPGZqibhUo7UaLS4qlf0Yp/TjGsJjYsNwTACFUZOMpy + ZZuqoC8vLVWrNYMAZrMSoUalP5NNrKCQVGBj4saOIFDNcoWAF/Xdd21TTnYHyENr + EaLrfBEdiKL/Qjl0/l3YXVZ6IMNLcn8PVQQ3NQIDAQABAoIBAH0vnvjRRP7bA8Az + +Qkczel1oSjm5dgily3pU41Il49BthNqwAzlL6c9Dq//lHO3BeZFjn5x4V237GDA + l3lSqjEKJE3aS/io7VJ+hmfpyXJ3AEQZSq0s8hMBDdouz/q6K118/azRAq4PYMlg + qdA/fXBWEsOB/IXiSqf4MLmGxMAI9nZqJNnoPXZ4FCktIpWQfgOTYS8H865/uD5l + JdVxQzln4qw+MY5C6zL1vDvmivjhpgJRH9aXn06SdZ4AesaM2YxBpbT9Qq+i6YBK + QVEb1DHujr1qXmvT8X922NXQZSNN0Imn5/DUvZ9kiwpModbJIgUSrB2UqsTgDR3/ + rqSLpQECgYEA74+HYaNg8/A0NUh9EK99o64Hik/8+Z3ZyH+2qIVitBZ1y0GtAcbg + 7onHpG3+4PCFHONZZdGNw1QkUD9zrTpZg+AuYkj8dph3UHRhOxE1t5A1E/f9dgZ1 + gRaUxZwS4sMTD4pYgm8XDBHvBndwD8d0TFmH8QuC3T0XxkE/gqV/9lkCgYEA/4SB + cXPBI5OGcWJXa5Z8xzIDGk+Qs+f/xwnkt4vLbRZ9Q5hGUXInEV5ZhsIjXZNFhM9F + OO2mPerMWL+FDYHR7I0AG6xeD4Td2IwzJRHERPXaWcb3g2zhZmskoKBA3w7qfdOc + WRSxm1cEWPiM6dfrl2/6IAVcagYl+/w1ueWyJD0CgYEAqT4hSt19tVjRyYL4uD0C + 6gwcz55K/p6CKZ/wj4YMgWYMuhgf/c1fQ6abIJOFKa1CnXIQyloNaR2cugTZ2FwM + uZo7qrwdgDuer3xI5M33wUNj/EOLEULm6NfnKuRkg0eFw8jdVujcw244C719segb + RYVLAQQ848gxb6LRF5+Mk6ECgYBdIZ/IiUdZPzkedJimdzhNplXpLhzw5dudYWbC + 26ouvaa0j3j50KCavQfmjTY0siwBh0aUxFH2eXE3276UOMAZ9x6V95JlF6mAd0Fg + /oPKGs4WMOYgOfxBx0WXYjGi253udMWk1l0R4HqOLzG1PeT50m+ZYjrXzhvkJ34x + np36hQKBgDH1Jua/aapQZ39JltZ8dGoqGnXRxE37+fOnCiMphjNABP5dOvkbwmH4 + X4s8t70KPzTNsCMPBk9ACxSoKDfT2vrzVIFc5Sy9eqO/Tufbis5EkVLx/AR8gPtT + PxcyBbm9ERRrR3Wv51myK0CReM28uuDAg0RpXvn8fH4PezKRoRxy + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VjcwV4weIFgFq25/aMn + gxvHW3elx7bXr7G1HI2EXsFVVUniJ4TfONkVpKMf9KLezrScLJL8LZJBo+kXtGDb + PWmL3VJtfEmshSk5EyESDAvg35sspToOaLbi0OE8uJa/9zE5phuMxVlMPwJgdKZ4 + 7edqnL6JcZWJWLGtqknS98AfVvkKqzMkO4H2QTcZz9EjKhyHi62jwd1zj1WWUgbT + WZY5ynWT0d4I6jkAcs/R/ih3eAHUHY7ru370+1PkcFjBcNOeI65UiL4oXpbqFRKE + 16eVFULPpFYJ00thNGwgKFDuddrSV8ApXxliFgvmsRRdKhmNBU8fTcG7nzdl9mDf + wwIDAQAB + -----END PUBLIC KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PublicKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA5VjcwV4weIFgFq25/aMngxvHW3elx7bXr7G1HI2EXsFVVUni + J4TfONkVpKMf9KLezrScLJL8LZJBo+kXtGDbPWmL3VJtfEmshSk5EyESDAvg35ss + pToOaLbi0OE8uJa/9zE5phuMxVlMPwJgdKZ47edqnL6JcZWJWLGtqknS98AfVvkK + qzMkO4H2QTcZz9EjKhyHi62jwd1zj1WWUgbTWZY5ynWT0d4I6jkAcs/R/ih3eAHU + HY7ru370+1PkcFjBcNOeI65UiL4oXpbqFRKE16eVFULPpFYJ00thNGwgKFDuddrS + V8ApXxliFgvmsRRdKhmNBU8fTcG7nzdl9mDfwwIDAQABAoIBAQC4blNn9LSJ05BP + 7Hiq7O8zUb1pYrgf+HtOQFvikDMod9SFd5q0KPfRIVF0SfHCqs797uPAPJsqknjS + tPlpBpKHuj7NRiHhVuWzV8kcBvYaVdsKNiEa5ar8rkWLr/VCg4fv4tf3KiRz9zGH + YgPrCowo1HY5gkfI3XXLq2Z6kE9lBsb2m/H9rJx4g17B6KDEaaOI/J2FNqy+SMSG + XLYx9Oqm6YUWUSbPXd8QUd/4axHgvecniz2KCg2YoGP7Oi2ercp4eXVrJ+FdoJSf + IUI1derpjMrd00VaFk3RfmKDzbrOlBp5lAkpGPydGbLmVAOaAsK9whb4BvR98ruv + Ph6xQsfhAoGBAPK+8YtQe5+LCn/9v8qsuP4DdRQ1lWpmxF/VbdOHupy4RhfRe2fd + MlZx+FjyU9UzYLBmq7VGTH1Z6v1obqqEpRbIuX1HYmbw3tXjnAVR8zD1bj5hvIFK + /puOmnTN85x27PYZG1rK4MfZE5O6KF0tHaxxD1HtV18SPjHpyY7ivpbpAoGBAPHe + oi1DsviS+QFdznCPtMBOZb7aEmylendMqfEPPVswQjsExSRJwFlh2tvurTFIflol + U/Ve+uRE96ZWvUYoTo6ZMxiv7nyXOz6L7u2M/95iIhQ1c9AMINyuJ/sRqtXNeN8p + wtgfIZcP/l1JMVXSZB3PXuc7sLFftLoM+M3ITm3LAoGBAKJI8Wb4CY3iAMUMubof + uxVm7lDyec/GoKaJI4F1jlbUA1hNHjmT8eFFFIkyiMVSMeP83/Ky6tQq1yVPOh0Z + zNzsmMWegbTcd717C4WrAfDLREbERKgToSASOES6o5EJGOZ2ZolOdPRmteXfYLja + PqpYc6uMBwtyQM5RxASYpl5xAoGALw0dRWrvDPYiZIaoGzOJeQOHPXpUrTf/u+d5 + A8DwMaYQrESASU/jkD++AJzMqlKs6cJrM8d3TSKxfnVPOq+qoIji7MGExk3xI3i7 + URDl0ZALixze27EQT329n1TPg+oFwnvwQHTF5wogdGtBoq1b9oSZtKfi9o5krPDL + EdUOlMMCgYEAh4cP2xvxy+hxI7pHb8/EmcSW5b1t+ib7OyDaLCi0jrPQlUTp+67y + 1GqNopNX2qjquaEs2G2WBMnyNi706ykmbO3OdtEGnXG3TVMnrAVxDytoZ5/haE6j + J5TG1WP0RMYgOOh1sLtsfUjKr0bbiciOenQxhtuCDfkkuHoftIWEZPU= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PrivateKey/v1 diff --git a/site/intel-pod17/secrets/certificates/ingress.yaml b/site/intel-pod17/secrets/certificates/ingress.yaml new file mode 100644 index 0000000..b799fdb --- /dev/null +++ b/site/intel-pod17/secrets/certificates/ingress.yaml @@ -0,0 +1,135 @@ +--- +# Example manifest for ingress cert. +# NEWSITE-CHANGEME: must be replaced with proper/valid set, +# self-signed certs are not supported. +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-crt + schema: metadata/Document/v1 + labels: + name: ingress-crt-site + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +data: | + -----BEGIN CERTIFICATE----- + MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO + BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ + MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu + ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP + ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC + r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs + F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV + bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1 + eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO + k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG + YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9 + EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC + gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF + MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv + bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t + gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y + aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH + BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV + HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE + BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw + WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/ + X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX + vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk + JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm + ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF + DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N + w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc + VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg== + -----END CERTIFICATE----- +... +--- +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-ca + schema: metadata/Document/v1 + labels: + name: ingress-ca-site + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +data: | + -----BEGIN CERTIFICATE----- + MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO + BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS + MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC + AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE + OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V + o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0 + YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT + fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI + GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+ + T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB + d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j + mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd + BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB + AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx + 2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM + EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+ + zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9 + XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+ + d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO + TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI + XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40 + +g== + -----END CERTIFICATE----- +... +--- +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-key + schema: metadata/Document/v1 + labels: + name: ingress-key-site + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD + OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv + 5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4 + 8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1 + U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9 + Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl + MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R + g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC + DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w + qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif + qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft + 3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6 + ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf + Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8 + uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH + g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc + PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz + +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS + HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk + X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC + wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA + GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE + mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6 + mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM + ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx + E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE + 7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC + 1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8 + 6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+ + TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5 + QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C + pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB + /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ + pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a + dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5 + 2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS + gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3 + -----END RSA PRIVATE KEY----- +... diff --git a/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml new file mode 100644 index 0000000..e21876e --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml @@ -0,0 +1,13 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: apiserver-encryption-key-key1 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ +# use head -c 32 /dev/urandom | base64 +data: n9VBwseT/JjV7r9vbUR/MvCobe01Bdh9XtWgsNF5zLY= +... diff --git a/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml b/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml new file mode 100644 index 0000000..7201502 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: 7b7576f4-3358-4668-9112-100440079807 +... diff --git a/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml new file mode 100644 index 0000000..9a9af1f --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_swift_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml new file mode 100644 index 0000000..0b49b62 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml @@ -0,0 +1,13 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ipmi_admin_password + layeringDefinition: + abstract: false + layer: site + labels: + name: ipmi-admin-password-site + storagePolicy: cleartext +data: root +... diff --git a/site/intel-pod17/secrets/passphrases/maas-region-key.yaml b/site/intel-pod17/secrets/passphrases/maas-region-key.yaml new file mode 100644 index 0000000..73d4a69 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/maas-region-key.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: maas-region-key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# openssl rand -hex 10 +data: 9026f6048d6a017dc913 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml new file mode 100644 index 0000000..c5f866c --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..bb19957 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml new file mode 100644 index 0000000..9bf0217 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml new file mode 100644 index 0000000..5122192 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..32f8dae --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml new file mode 100644 index 0000000..b22f898 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..040e657 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml new file mode 100644 index 0000000..5d76ba7 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml new file mode 100644 index 0000000..26565db --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..b1ac8ff --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml new file mode 100644 index 0000000..0739069 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..57db752 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml new file mode 100644 index 0000000..d103c27 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml new file mode 100644 index 0000000..93ae0f2 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..496fae3 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml new file mode 100644 index 0000000..3352d4c --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..074e688 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml new file mode 100644 index 0000000..39f1327 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml new file mode 100644 index 0000000..5777ebb --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..74e2a99 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml new file mode 100644 index 0000000..36db28b --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_stack_user_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml new file mode 100644 index 0000000..58129ef --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_trustee_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml new file mode 100644 index 0000000..7c78d45 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_horizon_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml new file mode 100644 index 0000000..78c265e --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_elasticsearch_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml new file mode 100644 index 0000000..9232de7 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml new file mode 100644 index 0000000..6d5f49e --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml new file mode 100644 index 0000000..bd4e573 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_session_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml new file mode 100644 index 0000000..52dbe16 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_nagios_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml new file mode 100644 index 0000000..64f78e1 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_openstack_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml new file mode 100644 index 0000000..9c68e9d --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml new file mode 100644 index 0000000..f134f46 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml new file mode 100644 index 0000000..b3df5f6 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_prometheus_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml new file mode 100644 index 0000000..9f64719 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_access_key +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml new file mode 100644 index 0000000..3e06f91 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_secret_key +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml new file mode 100644 index 0000000..97c7d23 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_access_key +... diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml new file mode 100644 index 0000000..60f0134 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_secret_key +... diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml new file mode 100644 index 0000000..6c3f446 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml new file mode 100644 index 0000000..2edf0f2 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_ldap_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml new file mode 100644 index 0000000..07b2206 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..aec85c0 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml new file mode 100644 index 0000000..be716f4 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..ee7e4bd --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml new file mode 100644 index 0000000..4d0b157 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..4ac42c9 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml new file mode 100644 index 0000000..6be02b9 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml new file mode 100644 index 0000000..dd0b2b6 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..9e8ff8d --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml new file mode 100644 index 0000000..37d5c62 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_metadata_proxy_shared_secret + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml new file mode 100644 index 0000000..2cd60f5 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..487bcc5 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml new file mode 100644 index 0000000..13569ba --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml new file mode 100644 index 0000000..4c2223d --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..7a885e6 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml new file mode 100644 index 0000000..11747a7 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_cache_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml new file mode 100644 index 0000000..48df9ee --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml new file mode 100644 index 0000000..61b4144 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..e7d97e2 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml b/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml new file mode 100644 index 0000000..c72b59a --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_placement_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..a3b5a2b --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml b/site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml new file mode 100644 index 0000000..af90ec0 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_tempest_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml b/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml new file mode 100644 index 0000000..18bd485 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: tenant_ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9 +... diff --git a/site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml b/site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml new file mode 100644 index 0000000..4d60468 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ubuntu_crypt_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# Pass: password123 +data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml new file mode 100644 index 0000000..33c4125 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml new file mode 100644 index 0000000..8a1d648 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml new file mode 100644 index 0000000..866efcc --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_armada_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml new file mode 100644 index 0000000..cb2da22 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml new file mode 100644 index 0000000..95a76ed --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml new file mode 100644 index 0000000..5ee27f2 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml new file mode 100644 index 0000000..e63319b --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml new file mode 100644 index 0000000..b8083b5 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml new file mode 100644 index 0000000..2eff525 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml new file mode 100644 index 0000000..91f74fd --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml new file mode 100644 index 0000000..a9cb153 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml new file mode 100644 index 0000000..402c129 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml new file mode 100644 index 0000000..96ec574 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml new file mode 100644 index 0000000..b513af4 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_openstack_exporter_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml new file mode 100644 index 0000000..b3c1325 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml new file mode 100644 index 0000000..95d6c0e --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml new file mode 100644 index 0000000..546de05 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml new file mode 100644 index 0000000..abdaa5b --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml new file mode 100644 index 0000000..2176e71 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_replication_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml new file mode 100644 index 0000000..ac40d1e --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_promenade_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..6a2aef9 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml new file mode 100644 index 0000000..181a52a --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml new file mode 100644 index 0000000..de0eed7 --- /dev/null +++ b/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod17/secrets/publickey/grego_ssh_public_key.yaml b/site/intel-pod17/secrets/publickey/grego_ssh_public_key.yaml new file mode 100644 index 0000000..2ca157f --- /dev/null +++ b/site/intel-pod17/secrets/publickey/grego_ssh_public_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/PublicKey/v1 +metadata: + schema: metadata/Document/v1 + name: grego_ssh_public_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOyMag93evkxOvIKFryNGuaIqzuWdji7wyqoYNzTP7JI3SvEAdv/6yEo5Ca7/OxHWvKOfD8BaBINljMdHk3cj47LA47s4BFUpYxaYd6x5JqjSVFcX0JzB8FO4i/RE9q2HmqJJ9XuOc9ZZZC8CANFajqG9uvY0ChHLMifEtzi7KCPnQfDSSB5dogz3kdaukuUC9dtpUX04v29C9Mk9JaW4gmECYqPnwRZq0E+XFI0ipKtB5LtGY191p04AYMWHq+vZXo7F5k2RKl3PRiIEBIGJjIK64NhzIhV4g/8nRABeNO7C7YbFHbNbXW2ztzZA4Avt/nPVn5goDuaY7kus1kWG+RRy1oQrFRL+MIbuJkFV4hkxa9SonUSTPNj8rk++E94ysVxundWRxhT9eKU/tDaVYg+KxoUApdk0UfwpbUNl/FtiEGu44hutYfON4EMYgHIc5lbfXQ2dSQq82jTdEeP2/LcRl+W6Au9chlzly7B39rCzi9hSjezb7r2uJ5ZhdXLfQfPaBg3hS+4Tt/QmBkj+1dZZVyJ77KAabd3ppr+KURwUEdwqP0Www9yExdhbO2ff92ZzkBe+9dUKaVv/yFapQYCgguwuRqG7a0tTvF/5aLx0IVghp6qBA9t4ysgpq5KqIB1aTuo546ftfSGnZZvbJhND1qMMqT8shTqaBkctGEw== greg.oberfield@att.com +... diff --git a/site/intel-pod17/secrets/publickey/kasparss_ssh_public_key.yaml b/site/intel-pod17/secrets/publickey/kasparss_ssh_public_key.yaml new file mode 100644 index 0000000..3cf2601 --- /dev/null +++ b/site/intel-pod17/secrets/publickey/kasparss_ssh_public_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/PublicKey/v1 +metadata: + schema: metadata/Document/v1 + name: kasparss_ssh_public_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZBgcufBr6msHHnAxW96vYgFhDHqjYi3oWsg/E7BeoTT+962mSeU0roKJG9XN3WY++D83T5dUcv6PAje1Upzq9O0tX9daKET89ZeYEtZ5cwIQvf75caDIgfilNVFbIIc831ardHZVte68SRrtyToXdXJdiK0KHZyuMauZvU/T1Icth91fHYuY2Lo2G2+15A9VqKKW4v+Luvj8qJR98s0uMslkJozZH1xWbX2HbXzLLZuQZk93Z9V9QDCv5qKd9VBz6xDQ4d69Hf++qkHnKHznhq3mA1dIrSRNG963IM/sueoGCDDTLKPchZeZ4kWWH3vr0iM02NVcUV/R9kamoUzz kaspars.skels@att.com +... diff --git a/site/intel-pod17/site-definition.yaml b/site/intel-pod17/site-definition.yaml new file mode 100644 index 0000000..1952cae --- /dev/null +++ b/site/intel-pod17/site-definition.yaml @@ -0,0 +1,17 @@ +--- +schema: pegleg/SiteDefinition/v1 +metadata: + schema: metadata/Document/v1 + layeringDefinition: + abstract: false + layer: site + name: intel-pod17 + storagePolicy: cleartext +data: + site_type: cntt + + repositories: + global: + revision: v1.3 + url: https://github.com/airshipit/treasuremap +... diff --git a/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml new file mode 100644 index 0000000..00053a4 --- /dev/null +++ b/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml @@ -0,0 +1,127 @@ +--- +# The purpose of this file is to build the list of calico etcd nodes and the +# calico etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which calico etcd will run and will need certs. It is assumed + # that Airship sites will have 4 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis hostname - pod17-jump + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod17-jump + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod17-jump + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod17-jump-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod17-jump-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - pod17-node1 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod17-node1 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod17-node1 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod17-node1-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod17-node1-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - pod17-node2 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod17-node2 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod17-node2 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod17-node2-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod17-node2-peer + path: . + dest: + path: .values.nodes[2].tls.peer.key + +data: {} +... diff --git a/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml new file mode 100644 index 0000000..365b3d0 --- /dev/null +++ b/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml @@ -0,0 +1,131 @@ +--- +# The purpose of this file is to build the list of k8s etcd nodes and the +# k8s etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which k8s etcd will run and will need certs. It is assumed + # that Airship sites will have 4 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis Exception* + # *NOTE: This is an exception in that `genesis` is not the hostname of the + # genesis node, but `genesis` is reference here in the certificate names + # because of certain Promenade assumptions that may be addressed in the + # future. Therefore `genesis` is used instead of `pod17-jump` here. + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - pod17-node1 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod17-node1 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod17-node1 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod17-node1-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod17-node1-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - pod17-node2 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod17-node2 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod17-node2 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod17-node2-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod17-node2-peer + path: $ + dest: + path: .values.nodes[2].tls.peer.key + +data: {} +... diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml new file mode 100644 index 0000000..eb921b8 --- /dev/null +++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml @@ -0,0 +1,26 @@ +--- +# The purpose of this file is to define environment-specific parameters for ceph +# client update +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client-update + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-update-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if + # your HW matches this site's HW. Verify for your environment. + # 8 OSDs per node x 3 nodes = 24 + osd: 3 +... diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml new file mode 100644 index 0000000..e1e8ecf --- /dev/null +++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml @@ -0,0 +1,100 @@ +--- +# The purpose of this file is to define envrionment-specific parameters for the +# ceph client +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to + # change if your deployment HW matches this site's HW. + osd: 1 + spec: + # RBD pool + - name: rbd + application: rbd + replication: 1 + percent_total_data: 40 + - name: cephfs_metadata + application: cephfs + replication: 1 + percent_total_data: 5 + - name: cephfs_data + application: cephfs + replication: 1 + percent_total_data: 10 + # RadosGW pools + - name: .rgw.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.control + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.data.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.gc + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.intent-log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.meta + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.usage + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.keys + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.email + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.swift + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.uid + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.extra + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.index + application: rgw + replication: 1 + percent_total_data: 3 + - name: default.rgw.buckets.data + application: rgw + replication: 1 + percent_total_data: 34.8 +... diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml new file mode 100644 index 0000000..8cf291a --- /dev/null +++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml @@ -0,0 +1,30 @@ +--- +# The purpose of this file is to define environment-specific parameters for +# ceph-osd +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-osd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-osd-global + actions: + - method: replace + path: .values.conf.storage.osd + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + storage: + osd: + - data: + type: block-logical + location: /dev/sdb + journal: + type: directory + location: /var/lib/openstack-helm/ceph/osd/osd-sdb +... diff --git a/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml new file mode 100644 index 0000000..db6ef66 --- /dev/null +++ b/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml @@ -0,0 +1,72 @@ +--- +# The purpose of this file is to define site-specific parameters to the +# UAM-lite portion of the divingbell chart: +# 1. User accounts to create on bare metal +# 2. SSH public key for operationg system access to the bare metal +# 3. Passwords for operating system access via iDrac/iLo console. SSH password- +# based auth is disabled. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-divingbell-global + actions: + - method: merge + path: . + labels: + name: ucp-divingbell-site + storagePolicy: cleartext + substitutions: + - dest: + path: .values.conf.uamlite.users[0].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: airship_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[0].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: ubuntu_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[1].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: airship_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[2].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: grego_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[3].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: kasparss_ssh_public_key + path: . + +data: + values: + conf: + uamlite: + users: + - user_name: ubuntu + user_sudo: true + user_sshkeys: [] + - user_name: airship + user_sudo: true + user_sshkeys: [] + - user_name: grego + user_sudo: true + user_sshkeys: [] + - user_name: kasparss + user_sudo: true + user_sshkeys: [] +... diff --git a/site/intel-pod17/software/config/common-software-config.yaml b/site/intel-pod17/software/config/common-software-config.yaml new file mode 100644 index 0000000..6122372 --- /dev/null +++ b/site/intel-pod17/software/config/common-software-config.yaml @@ -0,0 +1,16 @@ +--- +# The purpose of this file is to define site-specific common software config +# paramters. +schema: pegleg/CommonSoftwareConfig/v1 +metadata: + schema: metadata/Document/v1 + name: common-software-config + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + osh: + # NEWSITE-CHANGEME: Replace with the site name + region_name: intel-pod17 +... diff --git a/type/cntt/bootactions/promjoin.yaml b/type/cntt/bootactions/promjoin.yaml new file mode 100644 index 0000000..1178c10 --- /dev/null +++ b/type/cntt/bootactions/promjoin.yaml @@ -0,0 +1,32 @@ +--- +# This file defines a boot action which is responsible for fetching the node's +# promjoin script from the promenade API. This is the script responsible for +# installing kubernetes on the node and joining the kubernetes cluster. +# #GLOBAL-CANDIDATE# +schema: 'drydock/BootAction/v1' +metadata: + schema: 'metadata/Document/v1' + name: promjoin + storagePolicy: 'cleartext' + layeringDefinition: + abstract: false + layer: site + labels: + application: 'drydock' +data: + signaling: false + # TODO(alanmeadows) move what is global about this document + assets: + - path: /opt/promjoin.sh + type: file + permissions: '555' + # The ip= parameter must match the MaaS network name of the network used + # to contact kubernetes. With a standard, reference Airship deployment where + # L2 networks are shared between all racks, the network name (i.e. calico) + # should be correct. + location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.private.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %} + location_pipeline: + - template + data_pipeline: + - utf8_decode +... diff --git a/type/cntt/deployment/deployment-configuration.yaml b/type/cntt/deployment/deployment-configuration.yaml new file mode 100644 index 0000000..bfc6c0c --- /dev/null +++ b/type/cntt/deployment/deployment-configuration.yaml @@ -0,0 +1,41 @@ +--- +# The purpose of this file is to provide shipyard related deployment config +# parameters. This should not require modification for a new site. However, +# shipyard deployment strategies can be very useful in getting around certain +# failures, like misbehaving nodes that hold up the deployment. See more at +# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy +schema: shipyard/DeploymentConfiguration/v1 +metadata: + schema: metadata/Document/v1 + name: deployment-configuration + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + physical_provisioner: + deployment_strategy: deployment-strategy + deploy_interval: 30 + deploy_timeout: 3600 + destroy_interval: 30 + destroy_timeout: 900 + join_wait: 0 + prepare_node_interval: 30 + prepare_node_timeout: 1800 + prepare_site_interval: 10 + prepare_site_timeout: 300 + verify_interval: 10 + verify_timeout: 60 + kubernetes_provisioner: + drain_timeout: 3600 + drain_grace_period: 1800 + clear_labels_timeout: 1800 + remove_etcd_timeout: 1800 + etcd_ready_timeout: 600 + armada: + get_releases_timeout: 300 + get_status_timeout: 300 + manifest: 'full-site' + post_apply_timeout: 7200 + validate_design_timeout: 600 +... diff --git a/type/cntt/network/KubernetesNetwork.yaml b/type/cntt/network/KubernetesNetwork.yaml new file mode 100644 index 0000000..1124d63 --- /dev/null +++ b/type/cntt/network/KubernetesNetwork.yaml @@ -0,0 +1,97 @@ +--- +schema: promenade/KubernetesNetwork/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-network + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext + substitutions: + # DNS + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.cluster_domain + dest: + path: .dns.cluster_domain + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.service_ip + dest: + path: .dns.service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.upstream_servers + dest: + path: .dns.upstream_servers + + # Kubernetes IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.api_service_ip + dest: + path: .kubernetes.service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.pod_cidr + dest: + path: .kubernetes.pod_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.service_cidr + dest: + path: .kubernetes.service_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.apiserver_port + dest: + path: .kubernetes.apiserver_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.haproxy_port + dest: + path: .kubernetes.haproxy_port + + # etcd IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .etcd.container_port + dest: + path: .etcd.container_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .etcd.haproxy_port + dest: + path: .etcd.haproxy_port + + # proxy + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .proxy.http + dest: + path: .proxy.url + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .proxy.no_proxy + dest: + path: .proxy.additional_no_proxy + +data: + dns: + bootstrap_validation_checks: + - calico-etcd.kube-system.svc.cluster.local + - kubernetes-etcd.kube-system.svc.cluster.local + - kubernetes.default.svc.cluster.local +... diff --git a/type/cntt/profiles/genesis.yaml b/type/cntt/profiles/genesis.yaml new file mode 100644 index 0000000..54c5276 --- /dev/null +++ b/type/cntt/profiles/genesis.yaml @@ -0,0 +1,49 @@ +--- +# The purpose of this file is to apply proper labels to Genesis node so the +# proper services are installed and proper configuration applied. This should +# not need to be changed for a new site. +# #GLOBAL-CANDIDATE# +schema: promenade/Genesis/v1 +metadata: + schema: metadata/Document/v1 + name: genesis-site + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: genesis-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + labels: + dynamic: + - beta.kubernetes.io/fluentd-ds-ready=true + - calico-etcd=enabled + - ceph-mds=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-rgw=enabled + - ceph-mgr=enabled + - ceph-bootstrap=enabled + - tenant-ceph-control-plane=enabled + - tenant-ceph-mon=enabled + - tenant-ceph-rgw=enabled + - tenant-ceph-mgr=enabled + - kube-dns=enabled + - kube-ingress=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - promenade-genesis=enabled + - ucp-control-plane=enabled + - maas-rack=enabled + - maas-region=enabled + - ceph-osd-bootstrap=enabled + - openstack-control-plane=enabled + - openvswitch=enabled + - openstack-l3-agent=enabled + - node-exporter=enabled +... diff --git a/type/cntt/profiles/hardware/intel-s2600wt.yaml b/type/cntt/profiles/hardware/intel-s2600wt.yaml new file mode 100644 index 0000000..07836ef --- /dev/null +++ b/type/cntt/profiles/hardware/intel-s2600wt.yaml @@ -0,0 +1,109 @@ +--- +schema: 'drydock/HardwareProfile/v1' +metadata: + schema: 'metadata/Document/v1' + name: intel-s2600wt + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # Vendor of the server chassis + vendor: Intel + # Generation of the chassis model + generation: '4' + # Version of the chassis model within its generation - not version of the hardware definition + hw_version: '3' + # The certified version of the chassis BIOS + bios_version: 'SE5C610.86B.01.01.0019.101220160604' + # Mode of the default boot of hardware - bios, uefi + boot_mode: bios + # Protocol of boot of the hardware - pxe, usb, hdd + bootstrap_protocol: pxe + # Which interface to use for network booting within the OOB manager, not OS device + pxe_interface: 0 + + # Map hardware addresses to aliases/roles to allow a mix of hardware configs + # in a site to result in a consistent configuration + + device_aliases: + ## network + # $ sudo lspci |grep -i ethernet + # 03:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01) + # 03:00.3 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01) + # 05:00.0 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + # 05:00.1 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + # 05:00.2 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + # 05:00.3 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + + # control networks + # eno1 + ctrl_nic1: + address: '0000:03:00.0' + dev_type: 'I350 Gigabit Network Connection' + bus_type: 'pci' + # eno2 + ctrl_nic2: + address: '0000:03:00.3' + dev_type: 'I350 Gigabit Network Connection' + bus_type: 'pci' + + # data networks + # ens785f0 + data_nic1: + address: '0000:05:00.0' + dev_type: 'Ethernet Controller X710 for 10GbE SFP+' + bus_type: 'pci' + # ens785f1 + data_nic2: + address: '0000:05:00.1' + dev_type: 'Ethernet Controller X710 for 10GbE SFP+' + bus_type: 'pci' + # ens785f2 + data_nic3: + address: '0000:05:00.2' + dev_type: 'Ethernet Controller X710 for 10GbE SFP+' + bus_type: 'pci' + # ens785f3 + data_nic4: + address: '0000:05:00.3' + dev_type: 'Ethernet Controller X710 for 10GbE SFP+' + bus_type: 'pci' + + ## storage + # $ sudo lshw -c disk + # *-disk + # description: ATA Disk + # product: INTEL SSDSC2BB48 + # physical id: 0.0.0 + # bus info: scsi@4:0.0.0 + # logical name: /dev/sda + # version: 0101 + # serial: PHDV637602LL480BGN + # size: 447GiB (480GB) + # capabilities: gpt-1.00 partitioned partitioned:gpt + # configuration: ansiversion=5 guid=ea7d0b6a-c105-4409-8d4c-dc104cb38737 logicalsectorsize=512 sectorsize=4096 + # *-disk + # description: ATA Disk + # product: ST91000640NS + # vendor: Seagate + # physical id: 0.0.0 + # bus info: scsi@5:0.0.0 + # logical name: /dev/sdb + # version: SN03 + # serial: 9XG6LX48 + # size: 931GiB (1TB) + # capabilities: gpt-1.00 partitioned partitioned:gpt + # configuration: ansiversion=5 guid=27f17348-e081-4b00-8d4c-5960513a40cd logicalsectorsize=512 sectorsize=512 + + # /dev/sda + bootdisk: + address: '4:0.0.0' + dev_type: 'INTEL SSDSC2BB48' + bus_type: 'scsi' + # /dev/sdb + datadisk: + address: '5:0.0.0' + dev_type: 'ST91000640NS' + bus_type: 'scsi' +... diff --git a/type/cntt/profiles/host/cp-intel-s2600wt.yaml b/type/cntt/profiles/host/cp-intel-s2600wt.yaml new file mode 100644 index 0000000..1eca33e --- /dev/null +++ b/type/cntt/profiles/host/cp-intel-s2600wt.yaml @@ -0,0 +1,96 @@ +--- +# The primary control plane host profile for Airship for DELL R720s, and +# should not need to be altered if you are using matching HW. The active +# participants in the Ceph cluster run on this profile. Other control plane +# services are not affected by primary vs secondary designation. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: cp-intel-s2600wt + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: cp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: intel-s2600wt + + primary_network: dmz + interfaces: + dmz: + device_link: dmz + slaves: + - ctrl_nic1 + networks: + - dmz + admin: + device_link: admin + slaves: + - ctrl_nic2 + networks: + - admin + data1: + device_link: data1 + slaves: + - data_nic1 + networks: + - private + - management + data2: + device_link: data2 + slaves: + - data_nic2 + networks: + - storage + - public + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var_log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + platform: + image: 'xenial' + kernel: 'hwe-16.04' + kernel_params: + kernel_package: 'linux-image-4.15.0-46-generic' + + metadata: + owner_data: + openstack-l3-agent: enabled +... diff --git a/type/cntt/profiles/host/dp-intel-s2600wt.yaml b/type/cntt/profiles/host/dp-intel-s2600wt.yaml new file mode 100644 index 0000000..e05a2c7 --- /dev/null +++ b/type/cntt/profiles/host/dp-intel-s2600wt.yaml @@ -0,0 +1,103 @@ +--- +# The data plane host profile for Airship for DELL R720s, and should +# not need to be altered if you are using matching HW. The host profile is setup +# for cpu isolation (for nova pinning), hugepages, and sr-iov. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: dp-intel-s2600wt + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: dp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: intel-s2600wt + + primary_network: dmz + interfaces: + dmz: + device_link: dmz + slaves: + - ctrl_nic1 + networks: + - dmz + admin: + device_link: admin + slaves: + - ctrl_nic2 + networks: + - admin + data1: + device_link: data1 + slaves: + - data_nic1 + networks: + - private + - management + data2: + device_link: data2 + slaves: + - data_nic2 + networks: + - storage + - public + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + # - name: 'cephjournal' + # size: '10g' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + # datadisk: + # partitions: + # - name: 'nova' + # size: '450g' + # filesystem: + # mountpoint: '/var/lib/nova' + # fstype: 'ext4' + # mount_options: 'defaults' + # - name: 'cephosd' + # size: '>100g' + + platform: + image: 'xenial' + kernel: 'hwe-16.04' + kernel_params: + kernel_package: 'linux-image-4.15.0-46-generic' +... diff --git a/type/cntt/software/charts/kubernetes/ingress/ingress.yaml b/type/cntt/software/charts/kubernetes/ingress/ingress.yaml new file mode 100644 index 0000000..be61953 --- /dev/null +++ b/type/cntt/software/charts/kubernetes/ingress/ingress.yaml @@ -0,0 +1,31 @@ +--- +# The purpose of this file is to define the environment-specific public-facing +# VIP for the ingress controller +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ingress-kube-system + layeringDefinition: + abstract: false + layer: site + parentSelector: + ingress: kube-system + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .vip.ingress_vip + dest: + path: .values.network.vip.addr +data: + values: + network: + ingress: + disable-ipv6: "true" + vip: + manage: true +... diff --git a/type/cntt/software/charts/osh-infra/elasticsearch.yaml b/type/cntt/software/charts/osh-infra/elasticsearch.yaml new file mode 100644 index 0000000..3621e75 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/elasticsearch.yaml @@ -0,0 +1,34 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: elasticsearch + labels: + name: elasticsearch-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + hosttype: elasticsearch-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + master: 2 + data: 1 + client: 2 + storage: + requests: + storage: 40Gi + conf: + elasticsearch: + env: + java_opts: + client: "-Xms2048m -Xmx2048m" + data: "-Xms2048m -Xmx2048m" + master: "-Xms2048m -Xmx2048m" +... diff --git a/type/cntt/software/charts/osh-infra/fluentbit.yaml b/type/cntt/software/charts/osh-infra/fluentbit.yaml new file mode 100644 index 0000000..1d176cd --- /dev/null +++ b/type/cntt/software/charts/osh-infra/fluentbit.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentbit + labels: + name: fluentbit-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + hosttype: fluentbit-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + fluentd: 1 +... diff --git a/type/cntt/software/charts/osh-infra/fluentd.yaml b/type/cntt/software/charts/osh-infra/fluentd.yaml new file mode 100644 index 0000000..906b26d --- /dev/null +++ b/type/cntt/software/charts/osh-infra/fluentd.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentd + labels: + name: fluentd-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + hosttype: fluentd-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + fluentd: 1 +... diff --git a/type/cntt/software/charts/osh-infra/grafana.yaml b/type/cntt/software/charts/osh-infra/grafana.yaml new file mode 100644 index 0000000..d12f7d2 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/grafana.yaml @@ -0,0 +1,23 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: grafana + labels: + name: grafana-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: grafana-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + grafana: 1 +... diff --git a/type/cntt/software/charts/osh-infra/ingress.yaml b/type/cntt/software/charts/osh-infra/ingress.yaml new file mode 100644 index 0000000..96753c9 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/ingress.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: osh-infra-ingress-controller + labels: + name: osh-infra-ingress-controller-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: osh-infra-ingress-controller-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + ingress: 1 + error_page: 1 +... diff --git a/type/cntt/software/charts/osh-infra/mariadb.yaml b/type/cntt/software/charts/osh-infra/mariadb.yaml new file mode 100644 index 0000000..ddb4424 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/mariadb.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: osh-infra-mariadb + labels: + name: osh-infra-mariadb-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: osh-infra-mariadb-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 + ingress: 1 +... diff --git a/type/cntt/software/charts/osh-infra/prometheus.yaml b/type/cntt/software/charts/osh-infra/prometheus.yaml new file mode 100644 index 0000000..4b02c04 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/prometheus.yaml @@ -0,0 +1,35 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: prometheus + labels: + name: prometheus-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: prometheus-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + prometheus: 1 + resources: + enabled: true + prometheus: + limits: + memory: "4Gi" + cpu: "2000m" + requests: + memory: "2Gi" + cpu: "1000m" + storage: + requests: + storage: 50Gi +... diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml b/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml new file mode 100644 index 0000000..8d47efd --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml @@ -0,0 +1,28 @@ +--- +# This file defines hardware-specific settings for neutron. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. logical network interface names +# 2. physical device mappigns +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: neutron + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: neutron-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + wait: + timeout: 1800 + test: + timeout: 900 +... diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml b/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml new file mode 100644 index 0000000..32f94b8 --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml @@ -0,0 +1,25 @@ +--- +# This file defines hardware-specific settings for nova. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware +# changes. +# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC +# slotting changes. +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: nova + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: nova-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/type/cntt/software/charts/osh/openstack-heat/heat.yaml b/type/cntt/software/charts/osh/openstack-heat/heat.yaml new file mode 100644 index 0000000..de5bd51 --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-heat/heat.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: heat + labels: + name: heat-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: heat-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + test: + timeout: 600 +... diff --git a/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml new file mode 100644 index 0000000..3f5bfba --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml @@ -0,0 +1,23 @@ +--- +# The purpose of this file is to define envrionment-specific parameters for the +# ceph client +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-client + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: tenant-ceph-client-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + osd: 3 +... diff --git a/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml new file mode 100644 index 0000000..8937fdc --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml @@ -0,0 +1,34 @@ +--- +# The purpose of this file is to define environment-specific parameters for +# ceph-osd +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-osd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: tenant-ceph-osd-global + actions: + - method: replace + path: .values.conf.storage.osd + - method: merge + path: . + storagePolicy: cleartext +data: + values: + labels: + osd: + node_selector_key: tenant-ceph-osd + node_selector_value: enabled + conf: + storage: + osd: + - data: + type: block-logical + location: /dev/sdb + journal: + type: directory + location: /var/lib/openstack-helm/tenant-ceph/osd/osd-sdb +... diff --git a/type/cntt/software/charts/ucp/comps/chart-group.yaml b/type/cntt/software/charts/ucp/comps/chart-group.yaml new file mode 100644 index 0000000..02236b5 --- /dev/null +++ b/type/cntt/software/charts/ucp/comps/chart-group.yaml @@ -0,0 +1,14 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-drydock-scaled + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext +data: + description: Drydock + chart_group: + - ucp-maas-scaled + - ucp-drydock diff --git a/type/cntt/software/charts/ucp/comps/drydock.yaml b/type/cntt/software/charts/ucp/comps/drydock.yaml new file mode 100644 index 0000000..1343340 --- /dev/null +++ b/type/cntt/software/charts/ucp/comps/drydock.yaml @@ -0,0 +1,25 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-drydock + labels: + name: ucp-drydock-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-drydock-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + network: + api: + ingress: + classes: + cluster: maas-ingress +... diff --git a/type/cntt/software/charts/ucp/comps/maas-scaled.yaml b/type/cntt/software/charts/ucp/comps/maas-scaled.yaml new file mode 100644 index 0000000..531a9f3 --- /dev/null +++ b/type/cntt/software/charts/ucp/comps/maas-scaled.yaml @@ -0,0 +1,32 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-maas-scaled + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-maas-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .vip.maas_vip + dest: + path: .values.network.maas_ingress.addr +data: + values: + network: + region_api: + node_port: + enabled: true + pod: + replicas: + region: 2 + rack: 2 +... diff --git a/type/cntt/software/charts/ucp/comps/maas.yaml b/type/cntt/software/charts/ucp/comps/maas.yaml new file mode 100644 index 0000000..d22cf55 --- /dev/null +++ b/type/cntt/software/charts/ucp/comps/maas.yaml @@ -0,0 +1,29 @@ +--- +# This file defines site-specific deviations for MaaS. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-maas + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-maas-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .vip.maas_vip + dest: + path: .values.network.maas_ingress.addr +data: + values: + network: + region_api: + node_port: + enabled: true +... diff --git a/type/cntt/software/charts/ucp/promenade/promenade.yaml b/type/cntt/software/charts/ucp/promenade/promenade.yaml new file mode 100644 index 0000000..e245bd9 --- /dev/null +++ b/type/cntt/software/charts/ucp/promenade/promenade.yaml @@ -0,0 +1,50 @@ +--- +# The purpose of this file is to provide site-specific parameters for the ucp- +# promenade chart. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-promenade + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-promenade-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + env: + promenade_api: [] + # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here. + # Otherwise comment out these lines. + # - name: http_proxy + # value: 'http://proxy.example.com:8080' + # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here. + # Otherwise comment out these lines. + # - name: https_proxy + # value: 'http://proxy.example.com:8080' + # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the + # IPs / domain names which the proxy should not be used for (i.e. the + # cluster domain and kubernetes service_cidr defined in common-addresses) + # Otherwise comment out these lines. + # - name: no_proxy + # value: '10.96.0.1,.cluster.local' + # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here. + # Otherwise comment out these lines. + # - name: HTTP_PROXY + # value: 'http://proxy.example.com:8080' + # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here. + # Otherwise comment out these lines. + # - name: HTTPS_PROXY + # value: 'http://proxy.example.com:8080' + # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the + # IPs / domain names which the proxy should not be used for (i.e. the + # cluster domain and kubernetes service_cidr defined in common-addresses) + # Otherwise comment out these lines. + # - name: NO_PROXY + # value: '10.96.0.1,.cluster.local' +... diff --git a/type/cntt/software/config/endpoints.yaml b/type/cntt/software/config/endpoints.yaml new file mode 100644 index 0000000..12bc7da --- /dev/null +++ b/type/cntt/software/config/endpoints.yaml @@ -0,0 +1,1088 @@ +--- +# The purpose of this file is to define the site's endpoint catalog. This should +# not need to be modified for a new site. +# #GLOBAL-CANDIDATE# +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .ucp.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .ucp.shipyard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.physicalprovisioner.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.maas_region.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN +data: + ucp: + identity: + namespace: ucp + name: keystone + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + public: + host: iam-airship.DOMAIN + admin: + host: iam-airship.DOMAIN + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + armada: + name: armada + hosts: + default: armada-api + public: armada + port: + api: + default: 8000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + deckhand: + name: deckhand + hosts: + default: deckhand-int + public: deckhand-api + port: + api: + default: 9000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + postgresql: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + postgresql_airflow_celery: + name: postgresql_airflow_celery_db + hosts: + default: postgresql + path: /DB_NAME + scheme: db+postgresql + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + key_manager: + name: barbican + hosts: + default: barbican-api + public: barbican + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: "http" + port: + api: + default: 9311 + public: 80 + airflow_oslo_messaging: + namespace: null + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /airflow + scheme: amqp + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_messaging: + namespace: null + statefulset: + name: airship-ucp-rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + physicalprovisioner: + name: drydock + hosts: + default: drydock-api + port: + api: + default: 9000 + nodeport: 31900 + public: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "http" + host_fqdn_override: + default: null + public: + host: drydock-airship.DOMAIN + maas_region: + name: maas-region + hosts: + default: maas-region + public: maas + path: + default: /MAAS + scheme: + default: "http" + port: + region_api: + default: 80 + nodeport: 31900 + podport: 80 + public: 80 + region_proxy: + default: 8000 + host_fqdn_override: + default: null + public: + host: maas-airship.DOMAIN + maas_ingress: + hosts: + default: maas-ingress + error_pages: maas-ingress-error + host_fqdn_override: + public: null + port: + http: + default: 80 + https: + default: 443 + ingress_default_server: + default: 8383 + error_pages: + default: 8080 + podport: 8080 + healthz: + podport: 10259 + status: + podport: 18089 + kubernetesprovisioner: + name: promenade + hosts: + default: promenade-api + port: + api: + default: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + shipyard: + name: shipyard + hosts: + default: shipyard-int + public: shipyard-api + port: + api: + default: 9000 + public: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "http" + host_fqdn_override: + default: null + public: + host: shipyard-airship.DOMAIN + prometheus_openstack_exporter: + namespace: ucp + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + ceph: + object_store: + name: swift + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /swift/v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_mon: + namespace: ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6789 + ceph_mgr: + namespace: ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7000 + scheme: + default: "http" + tenant_ceph_mon: + namespace: tenant-ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6790 + tenant_ceph_mgr: + namespace: tenant-ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7001 + metrics: + default: 9284 + scheme: + default: http +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.image.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.cloudformation.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.orchestration.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.placement.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.network.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .osh.dashboard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volume.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev2.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev3.host_fqdn_override.public.host + pattern: DOMAIN +data: + osh: + object_store: + name: swift + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /swift/v1/KEY_$(tenant_id)s + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + prometheus_mysql_exporter: + namespace: openstack + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + oslo_messaging: + statefulset: + name: airship-openstack-rabbitmq-rabbitmq + namespace: openstack + hosts: + default: openstack-rabbitmq + host_fqdn_override: + default: null + path: /VHOST_NAME + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + openstack_rabbitmq_exporter: + namespace: openstack + hosts: + default: openstack-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + oslo_cache: + namespace: openstack + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + identity: + namespace: openstack + name: keystone + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + public: + host: identity-airship.DOMAIN + admin: + host: identity-airship.DOMAIN + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + image: + name: glance + hosts: + default: glance-api + public: glance + host_fqdn_override: + default: null + public: + host: image-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9292 + public: 80 + image_registry: + name: glance-registry + hosts: + default: glance-registry + public: glance-reg + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9191 + public: 80 + volume: + name: cinder + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume-airship.DOMAIN + path: + default: "/v1/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev2: + name: cinderv2 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume-airship.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev3: + name: cinderv3 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume-airship.DOMAIN + path: + default: "/v3/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + orchestration: + name: heat + hosts: + default: heat-api + public: heat + host_fqdn_override: + default: null + public: + host: orchestration-airship.DOMAIN + path: + default: "/v1/%(project_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8004 + public: 80 + cloudformation: + name: heat-cfn + hosts: + default: heat-cfn + public: cloudformation + host_fqdn_override: + default: null + public: + host: cloudformation-airship.DOMAIN + path: + default: /v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8000 + public: 80 + cloudwatch: + name: heat-cloudwatch + hosts: + default: heat-cloudwatch + public: cloudwatch + host_fqdn_override: + default: null + path: + default: null + type: null + scheme: + default: "http" + port: + api: + default: 8003 + public: 80 + network: + name: neutron + hosts: + default: neutron-server + public: neutron + host_fqdn_override: + default: null + public: + host: network-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9696 + public: 80 + compute: + name: nova + hosts: + default: nova-api + public: nova + host_fqdn_override: + default: null + public: + host: compute-airship.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8774 + public: 80 + novncproxy: + default: 80 + compute_metadata: + name: nova + hosts: + default: nova-metadata + public: metadata + host_fqdn_override: + default: null + path: + default: / + scheme: + default: "http" + port: + metadata: + default: 8775 + public: 80 + compute_novnc_proxy: + name: nova + hosts: + default: nova-novncproxy + public: novncproxy + host_fqdn_override: + default: null + public: + host: nova-novncproxy-airship.DOMAIN + path: + default: /vnc_auto.html + scheme: + default: "http" + public: "http" + port: + novnc_proxy: + default: 6080 + public: 80 + compute_spice_proxy: + name: nova + hosts: + default: nova-spiceproxy + host_fqdn_override: + default: null + path: + default: /spice_auto.html + scheme: + default: "http" + port: + spice_proxy: + default: 6082 + placement: + name: placement + hosts: + default: placement-api + public: placement + host_fqdn_override: + default: null + public: + host: placement-airship.DOMAIN + path: + default: / + scheme: + default: "http" + public: "http" + port: + api: + default: 8778 + public: 80 + dashboard: + name: horizon + hosts: + default: horizon-int + public: horizon + host_fqdn_override: + default: null + public: + host: dashboard-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + web: + default: 80 + public: 80 +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.grafana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.nagios.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.base_url + dest: + path: .osh_infra.ldap.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.auth_path + dest: + path: .osh_infra.ldap.path.default + pattern: AUTH_PATH +data: + osh_infra: + ceph_object_store: + name: radosgw + namespace: osh-infra + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 8088 + public: 80 + elasticsearch: + name: elasticsearch + namespace: osh-infra + hosts: + data: elasticsearch-data + default: elasticsearch-logging + discovery: elasticsearch-discovery + public: elasticsearch + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + prometheus_elasticsearch_exporter: + namespace: null + hosts: + default: elasticsearch-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9108 + fluentd: + namespace: osh-infra + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + service: + default: 24224 + metrics: + default: 24220 + prometheus_fluentd_exporter: + namespace: osh-infra + hosts: + default: fluentd-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9309 + oslo_db: + namespace: osh-infra + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + prometheus_mysql_exporter: + namespace: osh-infra + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + grafana: + name: grafana + namespace: osh-infra + hosts: + default: grafana-dashboard + public: grafana + host_fqdn_override: + default: null + public: + host: grafana-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + grafana: + default: 3000 + public: 80 + monitoring: + name: prometheus + namespace: osh-infra + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9090 + http: + default: 80 + kibana: + name: kibana + namespace: osh-infra + hosts: + default: kibana-dash + public: kibana + host_fqdn_override: + default: null + public: + host: kibana-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + kibana: + default: 5601 + public: 80 + alerts: + name: alertmanager + namespace: osh-infra + hosts: + default: alerts-engine + public: alertmanager + discovery: alertmanager-discovery + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9093 + public: 80 + mesh: + default: 6783 + kube_state_metrics: + namespace: kube-system + hosts: + default: kube-state-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + http: + default: 8080 + kube_scheduler: + scheme: + default: "http" + path: + default: /metrics + kube_controller_manager: + scheme: + default: "http" + path: + default: /metrics + node_metrics: + namespace: kube-system + hosts: + default: node-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9100 + prometheus_port: + default: 9100 + process_exporter_metrics: + namespace: kube-system + hosts: + default: process-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9256 + prometheus_openstack_exporter: + namespace: openstack + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + nagios: + name: nagios + namespace: osh-infra + hosts: + default: nagios-metrics + public: nagios + host_fqdn_override: + default: null + public: + host: nagios-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + http: + default: 80 + public: 80 + ldap: + hosts: + default: ldap + host_fqdn_override: + default: null + public: + host: DOMAIN + path: + default: /AUTH_PATH + scheme: + default: "ldap" + port: + ldap: + default: 389 +... diff --git a/type/cntt/software/config/service_accounts.yaml b/type/cntt/software/config/service_accounts.yaml new file mode 100644 index 0000000..751f1b1 --- /dev/null +++ b/type/cntt/software/config/service_accounts.yaml @@ -0,0 +1,435 @@ +--- +# The purpose of this file is to define the account catalog for the site. This +# mostly contains service usernames, but also contain some information which +# should be changed like the region (site) name. +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + postgres: + admin: + username: postgres + replica: + username: standby + exporter: + username: psql_exporter + oslo_db: + admin: + username: root + oslo_messaging: + admin: + username: rabbitmq + keystone: + admin: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + oslo_db: + username: keystone + database: keystone + promenade: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: promenade + drydock: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + postgres: + username: drydock + database: drydock + shipyard: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + postgres: + username: shipyard + database: shipyard + airflow: + postgres: + username: airflow + database: airflow + oslo_messaging: + admin: + username: rabbitmq + user: + username: airflow + maas: + admin: + username: admin + email: none@none + postgres: + username: maas + database: maasdb + barbican: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: barbican + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + armada: + keystone: + project_domain_name: default + user_domain_name: default + project_name: service + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + username: armada + deckhand: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: deckhand + postgres: + username: deckhand + database: deckhand + prometheus_openstack_exporter: + user: + region_name: RegionOne + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + ceph: + swift: + keystone: + role: admin + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: swift + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.keystone.admin.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.cinder.cinder.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.glance.glance.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_trustee.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_stack_user.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.swift.keystone.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.neutron.neutron.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.nova.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.placement.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name +data: + osh: + keystone: + admin: + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_db: + username: keystone + database: keystone + oslo_messaging: + keystone: + username: keystone-rabbitmq-user + ldap: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + username: "test@ldap.example.com" + cinder: + cinder: + role: admin + username: cinder + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: cinder + database: cinder + oslo_messaging: + cinder: + username: cinder-rabbitmq-user + glance: + glance: + role: admin + username: glance + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: glance + database: glance + oslo_messaging: + glance: + username: glance-rabbitmq-user + ceph_object_store: + username: glance + heat: + heat: + role: admin + username: heat + project_name: service + user_domain_name: default + project_domain_name: default + heat_trustee: + role: admin + username: heat-trust + project_name: service + user_domain_name: default + project_domain_name: default + heat_stack_user: + role: admin + username: heat-domain + domain_name: heat + oslo_db: + username: heat + database: heat + oslo_messaging: + heat: + username: heat-rabbitmq-user + swift: + keystone: + role: admin + username: swift + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-oslodb-exporter + neutron: + neutron: + role: admin + username: neutron + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: neutron + database: neutron + oslo_messaging: + neutron: + username: neutron-rabbitmq-user + nova: + nova: + role: admin + username: nova + project_name: service + user_domain_name: default + project_domain_name: default + placement: + role: admin + username: placement + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: nova + database: nova + oslo_db_api: + username: nova + database: nova_api + oslo_db_cell0: + username: nova + database: "nova_cell0" + oslo_messaging: + nova: + username: nova-rabbitmq-user + horizon: + oslo_db: + username: horizon + database: horizon + barbican: + barbican: + role: admin + username: barbican + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: barbican + database: barbican + oslo_messaging: + barbican: + username: barbican-rabbitmq-user + oslo_messaging: + admin: + username: admin + tempest: + tempest: + role: admin + username: tempest + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh_infra.prometheus_openstack_exporter.user.region_name +data: + osh_infra: + ceph_object_store: + admin: + username: s3_admin + elasticsearch: + username: elasticsearch + grafana: + admin: + username: grafana + oslo_db: + username: grafana + database: grafana + oslo_db_session: + username: grafana_session + database: grafana_session + elasticsearch: + admin: + username: elasticsearch + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-infra-oslodb-exporter + prometheus_openstack_exporter: + user: + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + nagios: + admin: + username: nagios + prometheus: + admin: + username: prometheus + ldap: + admin: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + bind: "test@ldap.example.com" +... diff --git a/type/cntt/software/manifests/bootstrap.yaml b/type/cntt/software/manifests/bootstrap.yaml new file mode 100644 index 0000000..e015410 --- /dev/null +++ b/type/cntt/software/manifests/bootstrap.yaml @@ -0,0 +1,39 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: cluster-bootstrap + labels: + name: cluster-bootstrap-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: cluster-bootstrap-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + release_prefix: airship + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - ucp-ceph + - ucp-ceph-config + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock + - ucp-promenade + - ucp-shipyard +... diff --git a/type/cntt/software/manifests/full-site.yaml b/type/cntt/software/manifests/full-site.yaml new file mode 100644 index 0000000..2cb0c84 --- /dev/null +++ b/type/cntt/software/manifests/full-site.yaml @@ -0,0 +1,61 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: full-site + labels: + name: full-site-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: full-site-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + release_prefix: airship + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - ucp-ceph-update + - ucp-ceph-config + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock-scaled + - ucp-promenade + - ucp-shipyard + - ucp-prometheus-openstack-exporter + - osh-infra-ingress-controller + - osh-infra-ceph-config + - osh-infra-radosgw + - osh-infra-logging + - osh-infra-monitoring + - osh-infra-mariadb + - osh-infra-dashboards + - openstack-ingress-controller + - openstack-ceph-config + - openstack-tenant-ceph + - openstack-mariadb + - openstack-rabbitmq + - openstack-memcached + - openstack-keystone + - openstack-radosgw + - openstack-glance + - openstack-cinder + - openstack-compute-kit + - openstack-heat + - osh-infra-prometheus-openstack-exporter + - openstack-horizon +... |