summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaspars Skels <kaspars.skels@att.com>2019-07-15 15:27:12 -0500
committerKaspars Skels <kaspars.skels@att.com>2019-08-13 10:48:32 -0500
commitd62d663a2daaf301c6ca5ae7d314e61b904af575 (patch)
tree0b6fbd14381b1fe38e834326382784d8476e00ad
parent6f42f8c81f7cffc41abd73f80731b73261ad35e3 (diff)
Initial site reference manifests for intel-pod17
This includes cntt type definition as well as site manifests. Change-Id: I4829c80199795af0c841419b8fd19557295fe244 Signed-off-by: Kaspars Skels <kaspars.skels@att.com>
-rw-r--r--site/intel-pod17/baremetal/nodes.yaml254
-rw-r--r--site/intel-pod17/networks/common-addresses.yaml155
-rw-r--r--site/intel-pod17/networks/physical/networks.yaml365
-rw-r--r--site/intel-pod17/pki/pki-catalog.yaml299
-rw-r--r--site/intel-pod17/profiles/region.yaml53
-rw-r--r--site/intel-pod17/secrets/certificates/certificates.yaml2525
-rw-r--r--site/intel-pod17/secrets/certificates/ingress.yaml135
-rw-r--r--site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml13
-rw-r--r--site/intel-pod17/secrets/passphrases/ceph_fsid.yaml12
-rw-r--r--site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml13
-rw-r--r--site/intel-pod17/secrets/passphrases/maas-region-key.yaml12
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_glance_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_heat_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_nova_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_placement_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml12
-rw-r--r--site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml12
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml11
-rw-r--r--site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml11
-rw-r--r--site/intel-pod17/secrets/publickey/grego_ssh_public_key.yaml11
-rw-r--r--site/intel-pod17/secrets/publickey/kasparss_ssh_public_key.yaml11
-rw-r--r--site/intel-pod17/site-definition.yaml17
-rw-r--r--site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml127
-rw-r--r--site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml131
-rw-r--r--site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml26
-rw-r--r--site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml100
-rw-r--r--site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml30
-rw-r--r--site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml72
-rw-r--r--site/intel-pod17/software/config/common-software-config.yaml16
-rw-r--r--type/cntt/bootactions/promjoin.yaml32
-rw-r--r--type/cntt/deployment/deployment-configuration.yaml41
-rw-r--r--type/cntt/network/KubernetesNetwork.yaml97
-rw-r--r--type/cntt/profiles/genesis.yaml49
-rw-r--r--type/cntt/profiles/hardware/intel-s2600wt.yaml109
-rw-r--r--type/cntt/profiles/host/cp-intel-s2600wt.yaml96
-rw-r--r--type/cntt/profiles/host/dp-intel-s2600wt.yaml103
-rw-r--r--type/cntt/software/charts/kubernetes/ingress/ingress.yaml31
-rw-r--r--type/cntt/software/charts/osh-infra/elasticsearch.yaml34
-rw-r--r--type/cntt/software/charts/osh-infra/fluentbit.yaml22
-rw-r--r--type/cntt/software/charts/osh-infra/fluentd.yaml22
-rw-r--r--type/cntt/software/charts/osh-infra/grafana.yaml23
-rw-r--r--type/cntt/software/charts/osh-infra/ingress.yaml24
-rw-r--r--type/cntt/software/charts/osh-infra/mariadb.yaml24
-rw-r--r--type/cntt/software/charts/osh-infra/prometheus.yaml35
-rw-r--r--type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml28
-rw-r--r--type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml25
-rw-r--r--type/cntt/software/charts/osh/openstack-heat/heat.yaml21
-rw-r--r--type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml23
-rw-r--r--type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml34
-rw-r--r--type/cntt/software/charts/ucp/comps/chart-group.yaml14
-rw-r--r--type/cntt/software/charts/ucp/comps/drydock.yaml25
-rw-r--r--type/cntt/software/charts/ucp/comps/maas-scaled.yaml32
-rw-r--r--type/cntt/software/charts/ucp/comps/maas.yaml29
-rw-r--r--type/cntt/software/charts/ucp/promenade/promenade.yaml50
-rw-r--r--type/cntt/software/config/endpoints.yaml1088
-rw-r--r--type/cntt/software/config/service_accounts.yaml435
-rw-r--r--type/cntt/software/manifests/bootstrap.yaml39
-rw-r--r--type/cntt/software/manifests/full-site.yaml61
136 files changed, 7971 insertions, 0 deletions
diff --git a/site/intel-pod17/baremetal/nodes.yaml b/site/intel-pod17/baremetal/nodes.yaml
new file mode 100644
index 0000000..cd88a66
--- /dev/null
+++ b/site/intel-pod17/baremetal/nodes.yaml
@@ -0,0 +1,254 @@
+---
+# Drydock BaremetalNode resources for a specific rack are stored in this file.
+#
+# NOTE: For new sites, you should complete the networks/physical/networks.yaml
+# file before working on this file.
+#
+# In this file, you should make the number of `drydock/BaremetalNode/v1`
+# resources equal the number of bare metal nodes you have, either by deleting
+# excess BaremetalNode definitions (if there are too many), or by copying and
+# pasting the last BaremetalNode in the file until you have the correct number
+# of baremetal nodes (if there are too few).
+#
+# Then in each file, address all additional NEWSITE-CHANGEME markers to update
+# the data in these files with the right values for your new site.
+#
+# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
+# that the Genesis node does not appear on this bare metal list, because the
+# procedure to reprovision the Genesis host with MaaS has not yet been
+# implemented. Therefore there will be only three bare metal nodes in this file
+# with the 'masters' tag, as the genesis roles are assigned in a difference
+# place (profiles/genesis.yaml).
+# NOTE: The host profiles for the control plane are further divided into two
+# variants: primary and secondary. The only significance this has is that the
+# "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph
+# standby nodes. For Ceph quorum, this means that the control plane split will
+# be 3 primary + 1 standby host profile, and the Genesis node counts toward one
+# of the 3 primary profiles. Other control plane services are not affected by
+# primary vs secondary designation.
+#
+# TODO: Include the hostname naming convention
+#
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack,
+ # after (excluding) genesis.
+ name: pod17-node1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
+ # node. In the reference Airship deployment, this is all logical Networks defined
+ # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
+ # (what could possibly go wrong!) The instructions differ for each logical
+ # network, which are laid out below.
+ addressing:
+ # The iDrac/iLo IP of the node. It's important that this match up with the
+ # node's hostname above, so that the rack number and node position encoded
+ # in the hostname are accurate and matching the node that IPMI operations
+ # will be performed against (for poweron, poweroff, PXE boot to wipe disk or
+ # reconfigure identity, etc - very important to get right for these reasons).
+ # These addresses should already be assigned to nodes racked and stacked in
+ # the environment; these are not addresses which MaaS assigns.
+ - network: oob
+ address: 10.10.170.11
+ # The IP of the node on the PXE network. Refer to the static IP range
+ # defined for the PXE network in networks/physical/networks.yaml. Begin allocating
+ # IPs from this network, starting with the second IP (inclusive) from the
+ # allocation range of this subnet (Genesis node will have the first IP).
+ # Ex: If the start IP for the PXE "static" network is 10.23.20.11, then
+ # genesis will have 10.23.20.11, this node will have 10.23.20.12, and
+ # so on with incrementing IP addresses with each additional node.
+ - network: dmz
+ address: 10.10.170.21
+ # Genesis node gets first IP, all other nodes increment IPs from there
+ # within the allocation range defined for the network in
+ # networks/physical/networks.yaml
+ - network: admin
+ address: 10.10.171.21
+ # Genesis node gets first IP, all other nodes increment IPs from there
+ # within the allocation range defined for the network in
+ # networks/physical/networks.yaml
+ - network: private
+ address: 10.10.172.21
+ # Genesis node gets first IP, all other nodes increment IPs from there
+ # within the allocation range defined for the network in
+ # networks/physical/networks.yaml
+ - network: storage
+ address: 10.10.173.21
+ # Genesis node gets first IP, all other nodes increment IPs from there
+ # within the allocation range defined for the network in
+ # networks/physical/networks.yaml
+ - network: management
+ address: 10.10.174.21
+ # NEWSITE-CHANGEME: Set the host profile for the node.
+ # Note that there are different host profiles depending if this is a control
+ # plane vs data plane node, and different profiles that map to different types
+ # hardware. Control plane host profiles are further broken down into "primary"
+ # and "secondary" profiles (refer to the Notes section at the top of this doc).
+ # Select the host profile that matches up to your type of
+ # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the
+ # 'cp' refers to a control plane profile, and the "primary" means it will be
+ # an active member in the ceph quorum. Refer to profiles/host/ for the list
+ # of available host profiles specific to this site (otherwise, you may find
+ # a general set of host profiles at the "type" or "global" layers/folders.
+ # If you have hardware that is not on this list of profiles, you may need to
+ # create a new host profile for that hardware.
+ # Regarding control plane vs other data plane profiles, refer to the notes at
+ # the beginning of this file. There should be one control plane node per rack,
+ # including Genesis. Note Genesis won't actually be listed in this file as a
+ # BaremetalNode, but the rest are.
+ # This is the second "primary" control plane node after Genesis.
+ host_profile: cp-intel-s2600wt
+ metadata:
+ tags:
+ # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control
+ # plane node, and 'workers' tag for data plane hosts.
+ - 'masters'
+ # NEWSITE-CHANGEME: Refer to site engineering package or other supporting
+ # documentation for the specific rack name. This should be a rack name that
+ # is meaningful to data center personnel (i.e. a rack they could locate if
+ # you gave them this rack designation).
+ rack: pod17-rack
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: pod17-node2
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.10.170.12
+ - network: dmz
+ address: 10.10.170.22
+ - network: admin
+ address: 10.10.171.22
+ - network: private
+ address: 10.10.172.22
+ - network: storage
+ address: 10.10.173.22
+ - network: management
+ address: 10.10.174.22
+ # NEWSITE-CHANGEME: The next node's host profile
+ host_profile: cp-intel-s2600wt
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: pod17-rack
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'masters'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: pod17-node3
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.10.170.13
+ - network: dmz
+ address: 10.10.170.23
+ - network: admin
+ address: 10.10.171.23
+ - network: private
+ address: 10.10.172.23
+ - network: storage
+ address: 10.10.173.23
+ - network: management
+ address: 10.10.174.23
+ # NEWSITE-CHANGEME: The next node's host profile
+ # This is the third "primary" control plane profile after genesis
+ host_profile: dp-intel-s2600wt
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: pod17-rack
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'workers'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: pod17-node4
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.10.170.14
+ - network: dmz
+ address: 10.10.170.24
+ - network: admin
+ address: 10.10.171.24
+ - network: private
+ address: 10.10.172.24
+ - network: storage
+ address: 10.10.173.24
+ - network: management
+ address: 10.10.174.24
+ # NEWSITE-CHANGEME: The next node's host profile
+ # This is the one and only appearance of the "secondary" control plane profile
+ host_profile: dp-intel-s2600wt
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: pod17-rack
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'workers'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: pod17-node5
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.10.170.15
+ - network: dmz
+ address: 10.10.170.25
+ - network: admin
+ address: 10.10.171.25
+ - network: private
+ address: 10.10.172.25
+ - network: storage
+ address: 10.10.173.25
+ - network: management
+ address: 10.10.174.25
+ # NEWSITE-CHANGEME: The next node's host profile
+ host_profile: dp-intel-s2600wt
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: pod17-rack
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'workers'
+...
diff --git a/site/intel-pod17/networks/common-addresses.yaml b/site/intel-pod17/networks/common-addresses.yaml
new file mode 100644
index 0000000..1fe0357
--- /dev/null
+++ b/site/intel-pod17/networks/common-addresses.yaml
@@ -0,0 +1,155 @@
+---
+# The purpose of this file is to define network related paramters that are
+# referenced elsewhere in the manifests for this site.
+#
+schema: pegleg/CommonAddresses/v1
+metadata:
+ schema: metadata/Document/v1
+ name: common-addresses
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ calico:
+ # NEWSITE-CHANGEME: The interface that calico will use. Update if your
+ # logical bond interface name or calico VLAN have changed from the reference
+ # site design.
+ # This should be whichever
+ # bond and VLAN number specified in networks/physical/networks.yaml for the Calico
+ # network. E.g. VLAN 22 for the calico network as a member of bond0, you
+ # would set "interface=bond0.22" as shown here.
+ ip_autodetection_method: interface=ens785f0
+ etcd:
+ # etcd service IP address
+ service_ip: 10.96.232.136
+
+ vip:
+ ingress_vip: '10.10.170.100/32'
+ maas_vip: '10.10.171.100/32'
+
+ dns:
+ # Kubernetes cluster domain. Do not change. This is internal to the cluster.
+ cluster_domain: cluster.local
+ # DNS service ip
+ service_ip: 10.96.0.10
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ upstream_servers:
+ - 8.8.8.8
+ - 8.8.4.4
+ # Repeat the same values as above, but formatted as a common separated
+ # string
+ upstream_servers_joined: 8.8.8.8,8.8.4.4
+ # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
+ # Choose FQDN according to the ingress/public FQDN naming conventions at
+ # the top of this document.
+ ingress_domain: intel-pod17.opnfv.org
+
+ genesis:
+ # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
+ # the Genesis role. Refer to the hostname naming stardards in
+ # networks/physical/networks.yaml
+ # NOTE: Ensure that the genesis node is manually configured with this
+ # hostname before running `genesis.sh` on the node.
+ hostname: pod17-jump
+ # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
+ # the calico network defined in networks/physical/networks.yaml for this IP.
+ ip: 10.10.172.20
+
+ bootstrap:
+ # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
+ # defined for the pxe network in networks/physical/networks.yaml
+ ip: 10.10.171.20
+
+ kubernetes:
+ # K8s API service IP
+ api_service_ip: 10.96.0.1
+ # etcd service IP
+ etcd_service_ip: 10.96.0.2
+ # k8s pod CIDR (network which pod traffic will traverse)
+ pod_cidr: 10.97.0.0/16
+ # k8s service CIDR (network which k8s API traffic will traverse)
+ service_cidr: 10.96.0.0/16
+ # misc k8s port settings
+ apiserver_port: 6443
+ haproxy_port: 6553
+ service_node_port_range: 30000-32767
+
+ # etcd port settings
+ etcd:
+ container_port: 2379
+ haproxy_port: 2378
+
+ # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the
+ # control plane servers. Ensure that this matches the nodes with the 'masters'
+ # tags applied in baremetal/nodes.yaml
+ masters:
+ - hostname: pod17-node1
+ - hostname: pod17-node2
+
+ # NEWSITE-CHANGEME: Environment proxy information.
+ # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
+ # should be commented out.
+ # However if you are in a lab that requires proxy, ensure that these proxy
+ # settings are correct and reachable in your environment; otherwise update
+ # them with the correct values for your environment.
+ proxy:
+ http: ""
+ https: ""
+ no_proxy: []
+
+ node_ports:
+ drydock_api: 30000
+ maas_api: 30001
+ maas_proxy: 31800 # hardcoded in MAAS
+
+ ntp:
+ # comma separated NTP server list. Verify that these upstream NTP servers are
+ # reachable in your environment; otherwise update them with the correct
+ # values for your environment.
+ servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+
+ # NOTE: This will be updated soon
+ ldap:
+ # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
+ # relevant for your type of deployment (test vs prod values, etc).
+ base_url: 'ldap.example.com'
+ # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
+ url: 'ldap://ldap.example.com'
+ # NEWSITE-CHANGEME: Update to the correct expression relevant for this
+ # deployment (test vs prod values, etc)
+ auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+ # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
+ # relevant for this deployment (test users vs prod users/values, etc)
+ common_name: test
+ # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
+ # deployment (test vs prod values, etc)
+ subdomain: test
+ # NEWSITE-CHANGEME: Update to the correct domain for your type of
+ # deployment (test vs prod values, etc)
+ domain: example
+
+ storage:
+ ceph:
+ # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
+ # used for the `storage` network in networks/physical/networks.yaml
+ public_cidr: '10.10.173.0/24'
+ cluster_cidr: '10.10.173.0/24'
+
+ neutron:
+ # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
+ # VLAN number are consistent with what's defined for the bond and the overlay
+ # network in networks/physical/networks.yaml
+ tunnel_device: 'ens785f0'
+ # bond which the overlay is a member of. Ensure the bond name is consistent
+ # with the bond assigned to the overlay network in
+ # networks/physical/networks.yaml
+ external_iface: 'ens785f1.1173'
+
+ openvswitch:
+ # bond which the overlay is a member of. Ensure the bond name is consistent
+ # with the bond assigned to the overlay network in
+ # networks/physical/networks.yaml
+ external_iface: 'ens785f1.1173'
+...
diff --git a/site/intel-pod17/networks/physical/networks.yaml b/site/intel-pod17/networks/physical/networks.yaml
new file mode 100644
index 0000000..d149b07
--- /dev/null
+++ b/site/intel-pod17/networks/physical/networks.yaml
@@ -0,0 +1,365 @@
+---
+# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
+# devices) and Networks (i.e. layer 3 configurations). The following is standard
+# for the logical networks in Airship:
+#
+# https://wiki.opnfv.org/display/pharos/Intel+POD17
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# | | | | | | |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# |IF0 1G | dmz | OoB & OAM (default route) | VLAN 170 | untagged | 10.10.170.0/24 |
+# |IF1 1G | admin | PXE boot network | VLAN 171 | untagged | 10.10.171.0/24 |
+# |IF2 10G | private | Underlay calico and ovs overlay | VLAN 172 | untagged | 10.10.172.0/24 |
+# | | management | Management (unused for now) | VLAN 174 | tagged | 10.10.174.0/24 |
+# |IF3 10G | storage | Storage network | VLAN 173 | untagged | 10.10.173.0/24 |
+# | | public | Public network for VMs | VLAN 175 | tagged | 10.10.175.0/24 |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+#
+# For standard Airship deployments, you should not need to modify the number of
+# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
+# need editing.
+#
+# TODO: Given that we expect all network broadcast domains to span all racks in
+# Airship, we should choose network names that do not include the rack number.
+#
+# TODO: FQDN naming standards for hosts
+#
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # MaaS doesnt own this network like it does the others, so the noconfig label
+ # is specified.
+ labels:
+ noconfig: enabled
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: oob
+ allowed_networks:
+ - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
+ cidr: 10.10.170.0/24
+ routes:
+ # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
+ - subnet: '0.0.0.0/0'
+ gateway: 10.10.170.1
+ metric: 100
+ # NEWSITE-CHANGEME: Update with the site's out-of-band IP allocation range
+ # FIXME: Is this IP range actually used/allocated for anything? The HW already
+ # has its OOB IPs assigned. None of the Ubuntu OS's should need IPs on OOB
+ # network either, as they should be routable via the default gw on OAM network
+ ranges:
+ - type: static
+ start: 10.10.170.20
+ end: 10.10.170.39
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: dmz
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: dmz
+ allowed_networks:
+ - dmz
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: dmz
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
+ # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
+ cidr: 10.10.170.0/24
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Set the OAM network gateway IP address
+ gateway: 10.10.170.1
+ metric: 100
+ # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure.
+ # The remainder of the range is divided between two subnets of equal size:
+ # one static, and one DHCP.
+ # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets
+ # assigned), and when a node is commissioning in MaaS (also uses DHCP to get
+ # its IP address). However, when MaaS installs the operating system
+ # ("Deploying/Deployed" states), it will write a static IP assignment to
+ # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here.
+ ranges:
+ # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+ - type: reserved
+ start: 10.10.170.1
+ end: 10.10.170.19
+ # NEWSITE-CHANGEME: Update to the first half of the remaining range after
+ # excluding the 10 reserved IPs.
+ - type: static
+ start: 10.10.170.20
+ end: 10.10.170.39
+ # NEWSITE-CHANGEME: Update to the second half of the remaining range after
+ # excluding the 10 reserved IPs.
+ - type: dhcp
+ start: 10.10.170.40
+ end: 10.10.170.79
+ dns:
+ # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+ # Choose FQDN according to the node FQDN naming conventions at the top of
+ # this document.
+ domain: intel-pod17.opnfv.org
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ # TODO: This should be populated via substitution from common-addresses
+ servers: '8.8.8.8,8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: admin
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: admin
+ allowed_networks:
+ - admin
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: admin
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
+ # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
+ cidr: 10.10.171.0/24
+ # routes:
+ # - subnet: 0.0.0.0/0
+ # # NEWSITE-CHANGEME: Set the OAM network gateway IP address
+ # gateway: 10.10.171.1
+ # metric: 100
+ # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure.
+ # The remainder of the range is divided between two subnets of equal size:
+ # one static, and one DHCP.
+ # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets
+ # assigned), and when a node is commissioning in MaaS (also uses DHCP to get
+ # its IP address). However, when MaaS installs the operating system
+ # ("Deploying/Deployed" states), it will write a static IP assignment to
+ # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here.
+ ranges:
+ # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+ - type: reserved
+ start: 10.10.171.1
+ end: 10.10.171.19
+ # NEWSITE-CHANGEME: Update to the first half of the remaining range after
+ # excluding the 10 reserved IPs.
+ - type: static
+ start: 10.10.171.20
+ end: 10.10.171.39
+ # NEWSITE-CHANGEME: Update to the second half of the remaining range after
+ # excluding the 10 reserved IPs.
+ - type: dhcp
+ start: 10.10.171.40
+ end: 10.10.171.79
+ dns:
+ # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+ # Choose FQDN according to the node FQDN naming conventions at the top of
+ # this document.
+ domain: intel-pod17.opnfv.org
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ # TODO: This should be populated via substitution from common-addresses
+ servers: '10.10.171.100'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: data1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater. Even if switches are configured for or
+ # can support a slightly higher MTU, there is no need (and negliable benefit)
+ # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at
+ # 9100 for maximum compatibility.
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: 802.1q
+ allowed_networks:
+ - private
+ - management
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: private
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on
+ vlan: '0'
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the storage network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.10.172.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+ # 10 reserved IPs.
+ - type: static
+ start: 10.10.172.1
+ end: 10.10.172.19
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: management
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the OAM network is on
+ vlan: '174'
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the OAM network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.10.174.0/24
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Set the OAM network gateway IP address
+ gateway: 10.10.174.1
+ metric: 100
+ ranges:
+ # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+ # 10 reserved IPs.
+ - type: static
+ start: 10.10.174.1
+ end: 10.23.21.19
+ dns:
+ # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+ # Choose FQDN according to the node FQDN naming conventions at the top of
+ # this document.
+ domain: intel-pod17.opnfv.org
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ # TODO: This should be populated via substitution from common-addresses
+ servers: '8.8.8.8,8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: data2
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater. Even if switches are configured for or
+ # can support a slightly higher MTU, there is no need (and negliable benefit)
+ # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at
+ # 9100 for maximum compatibility.
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: 802.1q
+ default_network: storage
+ allowed_networks:
+ - storage
+ - public
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: storage
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on
+ vlan: '0'
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the storage network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.10.173.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
+ # 10 reserved IPs.
+ - type: static
+ start: 10.10.173.1
+ end: 10.10.173.19
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: public
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ vlan: '1173'
+ mtu: 1500
+ cidr: 10.10.175.0/24
+...
diff --git a/site/intel-pod17/pki/pki-catalog.yaml b/site/intel-pod17/pki/pki-catalog.yaml
new file mode 100644
index 0000000..d1f9935
--- /dev/null
+++ b/site/intel-pod17/pki/pki-catalog.yaml
@@ -0,0 +1,299 @@
+---
+# The purpose of this file is to define the PKI certificates for the environment
+#
+# NOTE: When deploying a new site, this file should not be configured until
+# baremetal/nodes.yaml is complete.
+#
+schema: promenade/PKICatalog/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cluster-certificates
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ certificate_authorities:
+ kubernetes:
+ description: CA for Kubernetes components
+ certificates:
+ - document_name: apiserver
+ description: Service certificate for Kubernetes apiserver
+ common_name: apiserver
+ hosts:
+ - localhost
+ - 127.0.0.1
+ # FIXME: Repetition of api_service_ip in common-addresses; use
+ # substitution
+ - 10.96.0.1
+ kubernetes_service_names:
+ - kubernetes.default.svc.cluster.local
+
+ # NEWSITE-CHANGEME: The following should be a list of all the nodes in
+ # the environment (genesis, control plane, data plane, everything).
+ # Add/delete from this list as necessary until all nodes are listed.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+ # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml
+ # NOTE: The genesis node needs to be defined twice (the first two entries
+ # on this list) with all of the same paramters except the document_name.
+ # In the first case the document_name is `kubelet-genesis`, and in the
+ # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`.
+ - document_name: kubelet-genesis
+ common_name: system:node:pod17-jump
+ hosts:
+ - pod17-jump
+ - 10.10.172.20
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod17-jump
+ common_name: system:node:pod17-jump
+ hosts:
+ - pod17-jump
+ - 10.10.172.20
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod17-node1
+ common_name: system:node:pod17-node1
+ hosts:
+ - pod17-node1
+ - 10.10.172.21
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod17-node2
+ common_name: system:node:pod17-node2
+ hosts:
+ - pod17-node2
+ - 10.10.172.22
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod17-node3
+ common_name: system:node:pod17-node3
+ hosts:
+ - pod17-node3
+ - 10.10.172.23
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod17-node4
+ common_name: system:node:pod17-node4
+ hosts:
+ - pod17-node4
+ - 10.10.172.24
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod17-node5
+ common_name: system:node:pod17-node5
+ hosts:
+ - pod17-node5
+ - 10.10.172.25
+ groups:
+ - system:nodes
+ # End node list
+ - document_name: scheduler
+ description: Service certificate for Kubernetes scheduler
+ common_name: system:kube-scheduler
+ - document_name: controller-manager
+ description: certificate for controller-manager
+ common_name: system:kube-controller-manager
+ - document_name: admin
+ common_name: admin
+ groups:
+ - system:masters
+ - document_name: armada
+ common_name: armada
+ groups:
+ - system:masters
+ kubernetes-etcd:
+ description: Certificates for Kubernetes's etcd servers
+ certificates:
+ - document_name: apiserver-etcd
+ description: etcd client certificate for use by Kubernetes apiserver
+ common_name: apiserver
+ # NOTE(mark-burnett): hosts not required for client certificates
+ - document_name: kubernetes-etcd-anchor
+ description: anchor
+ common_name: anchor
+ # NEWSITE-CHANGEME: The following should be a list of the control plane
+ # nodes in the environment, including genesis.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+ # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # 4. 127.0.0.1
+ # 5. localhost
+ # 6. kubernetes-etcd.kube-system.svc.cluster.local
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml, except for the kubernetes
+ # service_cidr where it should start with the second IP in the range.
+ # NOTE: The genesis node is defined twice with the same `hosts` data:
+ # Once with its hostname in the common/document name, and once with
+ # `genesis` defined instead of the host. For now, this duplicated
+ # genesis definition is required. FIXME: Remove duplicate definition
+ # after Promenade addresses this issue.
+ - document_name: kubernetes-etcd-genesis
+ common_name: kubernetes-etcd-genesis
+ hosts:
+ - pod17-jump
+ - 10.10.172.20
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod17-jump
+ common_name: kubernetes-etcd-pod17-jump
+ hosts:
+ - pod17-jump
+ - 10.10.172.20
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod17-node1
+ common_name: kubernetes-etcd-pod17-node1
+ hosts:
+ - pod17-node1
+ - 10.10.172.21
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod17-node2
+ common_name: kubernetes-etcd-pod17-node2
+ hosts:
+ - pod17-node2
+ - 10.10.172.22
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ # End node list
+ kubernetes-etcd-peer:
+ certificates:
+ # NEWSITE-CHANGEME: This list should be identical to the previous list,
+ # except that `-peer` has been appended to the document/common names.
+ - document_name: kubernetes-etcd-genesis-peer
+ common_name: kubernetes-etcd-genesis-peer
+ hosts:
+ - pod17-jump
+ - 10.10.172.20
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod17-jump-peer
+ common_name: kubernetes-etcd-pod17-jump-peer
+ hosts:
+ - pod17-jump
+ - 10.10.172.20
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod17-node1-peer
+ common_name: kubernetes-etcd-pod17-node1-peer
+ hosts:
+ - pod17-node1
+ - 10.10.172.21
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod17-node2-peer
+ common_name: kubernetes-etcd-pod17-node2-peer
+ hosts:
+ - pod17-node2
+ - 10.10.172.22
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ # End node list
+ calico-etcd:
+ description: Certificates for Calico etcd client traffic
+ certificates:
+ - document_name: calico-etcd-anchor
+ description: anchor
+ common_name: anchor
+ # NEWSITE-CHANGEME: The following should be a list of the control plane
+ # nodes in the environment, including genesis.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
+ # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # 4. 127.0.0.1
+ # 5. localhost
+ # 6. The calico/etcd/service_ip defined in networks/common-addresses.yaml
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml
+ - document_name: calico-etcd-pod17-jump
+ common_name: calico-etcd-pod17-jump
+ hosts:
+ - pod17-jump
+ - 10.10.172.20
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-pod17-node1
+ common_name: calico-etcd-pod17-node1
+ hosts:
+ - pod17-node1
+ - 10.10.172.21
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-pod17-node2
+ common_name: calico-etcd-pod17-node2
+ hosts:
+ - pod17-node2
+ - 10.10.172.22
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node
+ common_name: calcico-node
+ # End node list
+ calico-etcd-peer:
+ description: Certificates for Calico etcd clients
+ certificates:
+ # NEWSITE-CHANGEME: This list should be identical to the previous list,
+ # except that `-peer` has been appended to the document/common names.
+ - document_name: calico-etcd-pod17-jump-peer
+ common_name: calico-etcd-pod17-jump-peer
+ hosts:
+ - pod17-jump
+ - 10.10.172.20
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-pod17-node1-peer
+ common_name: calico-etcd-pod17-node1-peer
+ hosts:
+ - pod17-node1
+ - 10.10.172.21
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-pod17-node2-peer
+ common_name: calico-etcd-pod17-node2-peer
+ hosts:
+ - pod17-node2
+ - 10.10.172.22
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node-peer
+ common_name: calcico-node-peer
+ # End node list
+ keypairs:
+ - name: service-account
+ description: Service account signing key for use by Kubernetes controller-manager.
+...
diff --git a/site/intel-pod17/profiles/region.yaml b/site/intel-pod17/profiles/region.yaml
new file mode 100644
index 0000000..f8ac846
--- /dev/null
+++ b/site/intel-pod17/profiles/region.yaml
@@ -0,0 +1,53 @@
+---
+# The purpose of this file is to define the drydock Region, which in turn drives
+# the MaaS region.
+schema: 'drydock/Region/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: Replace with the site name
+ name: seaworthy
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
+ # list of authorized keys which MaaS will register for the build-in "ubuntu"
+ # account during the PXE process. Create a substitution rule for each SSH
+ # key that should have access to the "ubuntu" account (useful for trouble-
+ # shooting problems before UAM or UAM-lite is operational). SSH keys are
+ # stored as secrets in site/seaworthy/secrets.
+ - dest:
+ # Add/replace the first item in the list
+ path: .authorized_keys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ # This should match the "name" metadata of the SSH key which will be
+ # substituted, located in site/seaworthy/secrets folder.
+ name: airship_ssh_public_key
+ path: .
+ - dest:
+ path: .repositories.main_archive
+ src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .packages.repositories.main_archive
+ # Second key example
+ #- dest:
+ # # Increment the list index
+ # path: .authorized_keys[1]
+ # src:
+ # schema: deckhand/PublicKey/v1
+ # # your ssh key
+ # name: MY_USER_ssh_public_key
+ # path: .
+data:
+ tag_definitions: []
+ # This is the list of SSH keys which MaaS will register for the built-in
+ # "ubuntu" account during the PXE process. This list is populated by
+ # substitution, so the same SSH keys do not need to be repeated in multiple
+ # manifests.
+ authorized_keys: []
+ repositories:
+ remove_unlisted: true
+...
diff --git a/site/intel-pod17/secrets/certificates/certificates.yaml b/site/intel-pod17/secrets/certificates/certificates.yaml
new file mode 100644
index 0000000..eb4382a
--- /dev/null
+++ b/site/intel-pod17/secrets/certificates/certificates.yaml
@@ -0,0 +1,2525 @@
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSDCCAjCgAwIBAgIUKYDWHOar6ZsQ9ppv2nhGUQcmXWAwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yNDA4MDMxNjIzMDBaMCoxEzARBgNVBAoTCkt1YmVy
+ bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQCpZGUxEqLrgHW4w3GA8Ix5pYUBvE/WinjcanDiTQOGDxaaqN24
+ wMTWoYQQ7Bal4HZ3T42//G61PJJFEobelfKs0EwRKacKBKvfj89xz2FaMQ6UvITV
+ wxwSQYCZgZqGMd8/wWWcR4h9LQHEGuPXEOJAhtH8lASKu2KEM8W9AZQCNwdsWDLf
+ 2aG55tGm9U8IqlVho7YFcpSCsjOlxilnndAodJZPpnZ00stMWtfPp8ZgV9xJX1sS
+ /Yo/BmwcofVzmgAIy4qE6Qrd8CZuEJIGjG/VIigmsIrVixOu4+3aRDFkIugjOufi
+ yKUZ6cbaz/2un5bdgFqPqORB+f+ki4I+QD/TAgMBAAGjZjBkMA4GA1UdDwEB/wQE
+ AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRKoDdKith5IO42xJ88
+ bx6fCL2bNjAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjANBgkqhkiG
+ 9w0BAQsFAAOCAQEAc/cYd90vM8g3/I8eCdT+oKiImfHiaIZtaUnjedSGqtriLY9t
+ Arl4Lscfsu7yQA51E2BW9qESU8+Gi1E3NKznOmNs83n3pmAmmKUo8+M4vsvgz4HO
+ wb5XbHBh8nvQDkBBr8XkD48ElAl5rJMeClj7AEqVJ9ZXUltEW7EjjqJQ0KJpwfy0
+ k2WEQEwwyJ4Hi2UVDotabpIpfilCFdWz+uHGOWGi692PZA6tTP04Xx8uab9lWxDi
+ dkBIdqjf35ej34TdflW/pY+IpIT2J8cb1qvlO7TmoyOz4seGW7BXMI9Om72e8LP0
+ w/Cy9UelgAcNzMIGIIynHQpaFwl6csJJIrDXcA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDUjCCAjqgAwIBAgIUXRyYMUbFIX9w+JjAKebJAXB2reMwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTI0MDgwMzE2MjMwMFowLzETMBEGA1UEChMK
+ S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
+ 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBEQbaKoG+0cD4/BYqufo9zgI26X2n1ragGH
+ X8fO0ONbOABevwt6sqaEA3qJSZ/9P5byD4kZjwpvTVSDl5ZDRY0cMWdquU7MBMwU
+ XDJoB2NRoaPW7oGx8AaiT7tcxyVGKUVCiM5C3BS3NU6U1tNQYWB90Y41GHXH2q0z
+ nWt8Pln4dRGC/4HhlLfWZbqG+uUdqmdT+FVdxgA3JdvQfbsO8GVkS7fv2LDOn0C0
+ F6E1rcnCVDEza7jqocNUWTukhiDTiETVRbT29H7RHKfMXsVsMYC6a/jQG/Y1dwus
+ HB0VAUbiKKU+55cDjHQ9Mg4Rv41gQUX1yK7eF7l1/4H+E+gtJwIDAQABo2YwZDAO
+ BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUSkqk
+ mO9ScQrpng9HFA/0CMmeq4MwHwYDVR0jBBgwFoAUSkqkmO9ScQrpng9HFA/0CMme
+ q4MwDQYJKoZIhvcNAQELBQADggEBADiOSywzguhl/dNGoYWd5g94reGU8hjBemYd
+ UPusRbTZOmCwAdrs2SDu4mufPwXSWAcj4Apn/SdofnxhgSK/DgRlDxOe46Y33sce
+ gRbYAPu1TWuac2U06lI7ATstspEULC9DAyipdgYDTl6dMhufDDSY+T3GoSR5V+Za
+ S5N899o7+zRxXjVJGw/2FuW6YxgW6Czy30I3RfP1GOoJiRL0pUrxc3GzekL6YlI8
+ SAoKvnUrRqJOzutepeWMbVSCxKw3KHZoeiJWTBAFqmSjaRE0R8Ts1IO/DNTERYg4
+ bmqZdWXaFDU9gw1hwe5S+Kv/EHJRYIB3CrFJ/yQ0OU5Wdm6kRb8=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDXDCCAkSgAwIBAgIUGnkMT14tcuVvsnecVFwV0PFkfpYwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjQwODAzMTYyMzAwWjA0MRMwEQYD
+ VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
+ ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKL8PFbG7CoYtT8vJZMkZAV5
+ UNJx56cdlLVjJ6fZNOo198lQ5ysav/VpBRGDTXP57hwIQyowP+87W8fb4l8OnOrC
+ S8DQ6kU7qfuBgjTlQ1bWMDAW1pmsHCJmaW0edvSK7F0tt+ki+3AuTxYD7+If/z2X
+ TcLcruqfS7zggPI/5GNRcbzXcFH1ONnJlo92YY9QG3bgSnBqScq01u00gCCLfs8I
+ VTzT0ObsZCZVl/aVKv3dEbfSKKvv3E2TQeGH8RVBL/mVjACeWH1yD4N/yd4Ohzwn
+ NxuQ0+pGMCYHc75xESqUjoP5yyeKfT/Ywz47RQ05qko9BpTN7FqvF4UjnLS6zMsC
+ AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
+ VR0OBBYEFIZCZKq3pZiIt7X1Y6CVvK6OCZjRMB8GA1UdIwQYMBaAFIZCZKq3pZiI
+ t7X1Y6CVvK6OCZjRMA0GCSqGSIb3DQEBCwUAA4IBAQAGdhNPduKFlI7gRumaZreG
+ Wnw0zddci9D54JweCV0Vm7inCTy/xLsXzdLwfR9RKp3fuAwSLTaBmrtlw7j69MY1
+ g3HlUTNR9B7YgM7iKyChf0Vvsa0vZSn1Voy3yi5JrFqPrGQo5YcIpakwB8FAW5g+
+ mah/D8FyHTBaqqNq1idrfscWCefnsjs2+FSVbyxIwPEHa/71ORnI+yo/5XsHNar7
+ VDdRSyWbwXXcUf3oXUwb0c71qR/EFIcw5HVO1LTEVKDgPQmTsghDiyxGs71smWk0
+ yH17RjNP2pQmkQw+1cz8tD5gpsyoQGJ3W/MFxE4n2Sz8wZd2wAHrZ6A8CwE45gDg
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSjCCAjKgAwIBAgIUZkqKs5BY/wzgvv5l8YhQpbWvP7YwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkwODA1MTYyMzAwWhcNMjQwODAzMTYyMzAwWjArMRMwEQYDVQQKEwpLdWJl
+ cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
+ ggEPADCCAQoCggEBALbKO5hAK05sYVaZz3jsF/DN8dJ3MH7e++C8zUOafkYDAFXC
+ 32wOc5QWO3bs1RNfJcap/4OnRQl8++z9A20FCUH+PCeN+dElUIanFdiqfnQYQb73
+ pWQ/CxmWjLPLRt5+ZWvsxBwSJsnN8YT80GeUmxAXY6mLL6qSqlHih5YxlYvA88QZ
+ sWkqJA2jbQM+8+Lvcav5mruRCsxiZ4dOsU4DYNX/TNiDoackXL2U15ywQp0U4Gw8
+ sqExGuBMBHO/B3U126hHKCxPJwNxEEjoiSvNU7WVh3+AfXQzC/oUy/A9eMnQuVGH
+ e36x8Tz2vWPbPaJoAq1SbKbyhyEDCYnnwbkvEeECAwEAAaNmMGQwDgYDVR0PAQH/
+ BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFG/YDADw6yQQ8uH6
+ vaVmB9X8yo2MMB8GA1UdIwQYMBaAFG/YDADw6yQQ8uH6vaVmB9X8yo2MMA0GCSqG
+ SIb3DQEBCwUAA4IBAQCcw3UYZ1sD7Vx+neXZKiYgw7QqZL7eF1CQ4klL3HWb6lvP
+ AbcOGr7MoXyN2Df+uAoZ+GZZh+SrXFLacBXdYp+C4YaetZZ2tUGI39Ua+UvZ0LsD
+ /2h47hMK5DT0GK6MaKBX4+mZ/MfZu/qjfON5qH+FCs4N+dnCuwhCJgJM6AsoHOBw
+ kXrAbtsay7d6YyheJpVALNTrFCv+z9SBHINHDb6VXDHVAPobgsTu9gW/QrMTv1a3
+ 935rCW2gG/5uREK1M+1qfDDYcIvXbKGt+6+aHelkesmFheheXbD9G162bU9sCe1J
+ Angeom5UY2YlSkjkexXBScmiX4dqoFdshuqP8vNr
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDVDCCAjygAwIBAgIUPGN7DgZ0kZUBtBPpGSojEKhC6AEwDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yNDA4MDMxNjIzMDBaMDAxEzARBgNVBAoT
+ Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
+ SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQa57iWnyX5JVRNyuhjx06VLrSiLCHOqvt
+ JdyDBNgmrfW71LG6G/mE1pIIBzZkZRFO2eF36tQyHpcxdY2P1zse09Xsnnb5u/7U
+ eFhQWi1jQ/TJafcEB+MKPZMbccpoaGpXc0uePlqkzcPH1AiBtCquLEzslCY0VYw+
+ a1bDT3xqIDn0jBssTTIpPLgradpC4T7uJJl6JMwBPh5n3858B9K4jVh+Q+3Ul6cM
+ 0MdxNJlWH6lxybsdW0aMd/qyQh7GBUf4zs8fOnFfWQf23dCDml+xGoIvyJk04cGl
+ PfWj0vqT9KHM/hPIkW/nnqs5wbzS+1CPk5FJOUleIIZ5ZdA13MRbAgMBAAGjZjBk
+ MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSv
+ APyGdVXJeVcR6Q7O3jk1ILVLhDAfBgNVHSMEGDAWgBSvAPyGdVXJeVcR6Q7O3jk1
+ ILVLhDANBgkqhkiG9w0BAQsFAAOCAQEAhW0xsLPrmKaXtpuc1hDNaift5UDnGLDT
+ vSZQd+fdV4l5rvnK85TOY3Z+Qij+p5fvX2uGi6Ge7OVUYiPDi+fmCoxn5fIfu3e7
+ QNLw9qMMwyauLFBeNWL1iEe9YBcCn0GDS637I62B2gIOU7AVvOkrwwvRMMFJXae/
+ uX9SPL7ohjnwWyPjp89KVhhaxEkoM/Jv0MaOU8gIKZqrgmnuR3qs7vYgnw3zMMJZ
+ Pg7fHZ1Jq4nDrvqMKjMBd2Gx+T+4pX7aJqvjTk3lddtWdSXLg96sFVoFSI5QDRpH
+ 3tdkWPZ2hwHLasSIuDi2gKlMklEUUkePpU+KdlVceeuMvanRTNMSKw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAqWRlMRKi64B1uMNxgPCMeaWFAbxP1op43Gpw4k0Dhg8Wmqjd
+ uMDE1qGEEOwWpeB2d0+Nv/xutTySRRKG3pXyrNBMESmnCgSr34/Pcc9hWjEOlLyE
+ 1cMcEkGAmYGahjHfP8FlnEeIfS0BxBrj1xDiQIbR/JQEirtihDPFvQGUAjcHbFgy
+ 39mhuebRpvVPCKpVYaO2BXKUgrIzpcYpZ53QKHSWT6Z2dNLLTFrXz6fGYFfcSV9b
+ Ev2KPwZsHKH1c5oACMuKhOkK3fAmbhCSBoxv1SIoJrCK1YsTruPt2kQxZCLoIzrn
+ 4silGenG2s/9rp+W3YBaj6jkQfn/pIuCPkA/0wIDAQABAoIBAAy2y12Wj4Hrn2ph
+ yQgrhe+ve784mil5NT8eAiEKNMSAJ2suV44BcgTGFLqMbdq/cUTdRL9vPAQAat4i
+ WNsmGBPegocbQD1hQmFCUwiwzxbM7dI+IB5HSbkZD4T2FFoULjSD2JOVTupOUX6d
+ ohJHYyQCuoohtgGPtQJFPIdGMgzEY050cFUeniu8KIhl3Xa1BdLQWuHtNtOSPmbX
+ 6+9SaN+6pR5VezmQXwwS0wDX8r3/fuSW5E1D3heg/ISj9Fh4H2tRWR3poAN47cBO
+ Mf4N6mQ5ObbBYKV80QQUs0f9RFpN2hlg4kJ6RzvAXae9AdG4bA58dSQFaPnga1p4
+ BY0mFXECgYEAxgOlYpzU6G7TxmlB93J0VI1n0jrHB+8FOe+6vhn02nwUd+Ixazfz
+ XMQrnka2evpjqoMl5qbkhEwD0n04JqY0y/WcCYjvm3SDfcc+hWfzpy4AOSnhWFqC
+ qhPdB89mVuw/gh0UH3SMiq6rAgQbVR1FKkYII6PFRn3yMd11S2gGbykCgYEA2v8Q
+ cztRk4ssopr+PUZ0orELJCeCjVEOjsIMu1U9iFLVlotMeSaD6H9yqymM0iQAvhP8
+ 7y8K2VKOo/JYbRhqxyA1XLJYyDE4jVEbuhDwtqOCbLmDTCUV6uLPJEAGsH3qJKVa
+ KxXjv8IgQB+VZ1HmboWk4w4a1YqAlXkN/YdLopsCgYEAuaQ9b4BdUzRkM0YHZHfX
+ fFW+Giik5FlAaxrH1uX62sMtZV+YuU6RSE1aH19oQU9yFTAzXlTlNOsXQkXHWOTF
+ 5tnzWjUZfoLzq/4aLXRRyFCmQPF0pSLmEZHhzSqyZZfDyrZ8YSkhgftTs+YpwdhZ
+ OdLCWrd1gisd34YiK3nxXlECgYEApOEww3E/w/Qe0PYcwImROwRMvRW6JyeF7FmR
+ OGG/CCpFgSizlOs4mQ2Lie6ohXZx0Ko/3tzuMB0GI81MYibmDbHkOzxTt7XHPC56
+ z6X9daS5h55MikHJtKS7DDHgV3UVmi2cK6A5bqB7o4uj8rwo38FjGUf/UBMNKHyR
+ 2fXJLk0CgYBP4hiCgEGFZkmaVzOCbgH8zNBVb3vc8Yau8Yf/q27pEOnnU3dy6NJ9
+ zzp6cliLnAILmNfTNruTRWWgHs94MNReSSRe9yyEzyGdC4t5fyg2UcJTOVSjR3CL
+ HM76WBcoqsshKzn2NcY6kCLLiVNZC5sJOIbaLDlXmAriGWDrmDVR/w==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAqBEQbaKoG+0cD4/BYqufo9zgI26X2n1ragGHX8fO0ONbOABe
+ vwt6sqaEA3qJSZ/9P5byD4kZjwpvTVSDl5ZDRY0cMWdquU7MBMwUXDJoB2NRoaPW
+ 7oGx8AaiT7tcxyVGKUVCiM5C3BS3NU6U1tNQYWB90Y41GHXH2q0znWt8Pln4dRGC
+ /4HhlLfWZbqG+uUdqmdT+FVdxgA3JdvQfbsO8GVkS7fv2LDOn0C0F6E1rcnCVDEz
+ a7jqocNUWTukhiDTiETVRbT29H7RHKfMXsVsMYC6a/jQG/Y1dwusHB0VAUbiKKU+
+ 55cDjHQ9Mg4Rv41gQUX1yK7eF7l1/4H+E+gtJwIDAQABAoIBAFW1jhk7UFwdiaft
+ +gNl3t3kMHIhXlPQjkzbRrxz22bv638dwTPQmNwuyzgy73yamL4rLnr5wg0Ol0Bq
+ j0lpGhmIIw6W3Phv1N/Fa8Sw+Bh8cA7szRmJDsOHvpLGzEPLIIK/jXTTK4mtDtmi
+ n4kG7wEaAlAyI6W7uxYsKhxnyk7JI5XzFM24seF8VAtFRxkD46DZ1JNkoR4RMRMc
+ aArRNOEhc+3clMEs9QPpUqGXdJEYuJsOaMY5vZdpgWdmF4Mv9/6NTYEpTJVDXnux
+ YXwHqN98aS7OAMHxBQRi0PFGsqyfXK8wxWsn3HsSOOoZPdHPi6BFPmio+XmTRJfr
+ t4813EECgYEAyAniEezx0HzajgCIwuRtxc0Bl2/FkklvA+8lfhW+1GePSnmsx31z
+ 3jyo7kdR8R9K+fTb3UX82CE0hBntgsv8sbjSd7ZTW5tM0mtzGH7l6eZYI25fDUim
+ fjGwu1iF+oIHbNzL8Wkx41VVdZ22abKrNXm9cKMUjvilBDzpQ1kgXfcCgYEA1xV0
+ JIv00xRazAlkLcXlChlA/W6GamNJvgjR132PfrPdlXen9fU6t1w3q7+oLfTdKrlD
+ 0AXCanTcYkdd8xXkYS6dhPUn/jrZJSqBNpkipXUzN1vKJIBb/p4CTvYdqw4B+Nal
+ OlhgzwA17VbF7M91SD1gq2ZYvdwszPooOpO0nlECgYEAxqix//VdbR0he9bh+xMa
+ RU9EHl3dS1tsSe7tQBteadjzABZ4VaGsOW/qoMDpitn1/uiClWyVHxtS6UJKkxP8
+ P496TXMfs6E2mN4m7pPPxwuASqeo9CtLVZYJmvTeEZuiviVE0NoUtl0fwu++oZfT
+ 2gat8Te0Cgy67MuFKOJRd58CgYBD0DDRQQtM7fL+t8tNH0LqnzG9dfaNXoamkvNO
+ ZPk0MpOfh51+T/ZWT44B6ail7Lk6ujTmRpqYpAXEOsolVXavKVpizETyxC0oqbEZ
+ vMiOsFgYkSk3vvzCV6FUsgaCoyT+BvcLYUgMm/1kumInGvXYc/mhsOAz5FJ/wjOi
+ 3GUrMQKBgQC7tv2DEH81u6tU2ZB/3E3QQtUmctEqARvaV5ZO/fHCGOq16X3OGi/S
+ IgysS3v8zInt3zTydTjeGp2SFcs8FnKEDu9jGLBIm7zsSfiJUbdevnaM2Wj9Eqn9
+ hRDMoo+tSmEhnN9O8K52eA5syOQ0N++CYTxHN1FaPV+uhMyN0JEQFA==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAovw8VsbsKhi1Py8lkyRkBXlQ0nHnpx2UtWMnp9k06jX3yVDn
+ Kxq/9WkFEYNNc/nuHAhDKjA/7ztbx9viXw6c6sJLwNDqRTup+4GCNOVDVtYwMBbW
+ mawcImZpbR529IrsXS236SL7cC5PFgPv4h//PZdNwtyu6p9LvOCA8j/kY1FxvNdw
+ UfU42cmWj3Zhj1AbduBKcGpJyrTW7TSAIIt+zwhVPNPQ5uxkJlWX9pUq/d0Rt9Io
+ q+/cTZNB4YfxFUEv+ZWMAJ5YfXIPg3/J3g6HPCc3G5DT6kYwJgdzvnERKpSOg/nL
+ J4p9P9jDPjtFDTmqSj0GlM3sWq8XhSOctLrMywIDAQABAoIBAC0FTcmOozexoYc1
+ h8SQXcyhSTEIY7vm0OgV3qNfvV0g0TRb0681cWbhvpOq2F8734kAw0TJFTAJDn4z
+ f+FQEQpL5074pm2/YGHn0Ua5OZOoEKGH/XlvcEoUTfTlYGiGY2oNseqFTj0bnZ7w
+ MXgd7Ixf2gwEl5CZtfsTbKr9+SFxsgamsbPD0btDHctWV8S61OPE8O5qiFFrfuQK
+ rYhA0VmsubAG7TurKwQK1pxgfhMP9WNx9ZQIEqYvISZY8SPD7ZO53lSgW+6xMeWb
+ z5Y6oI/7ZPsEnekOTZy11hSvAFsT/zP10OvYOJ4S/w0LiDuCoTYr1HrgmFNYZkKV
+ I1o8vrECgYEAyyLikrjmSMFz7bqjc7FYXZJagOyGfp7Db+sACPYpHSnAZb3i4Alr
+ ffwZk0oIHB/vthT9ELEVum74BHd622O58fcla5CFnKJiYo0KdnssMWNBB88pGTcQ
+ bJsZXj9P3urs+McrXwQe3iEiesR6a3ZY0EY7uxmWBi0Behu7ek6KctMCgYEAzWZ1
+ NQNPCItR1y4cNTkZllhXnruSW44WFJ0hBvgtf6Hi0fGsze2FGn+8HXXvkvsy/1u9
+ OQrZz8Ly+2G8FzJTiWp0gnyWeGpEthnNMm+8TFXv6h0F/FH/6x+/KoRyFX+N3z6f
+ i7FBchcCr9HUzKZEGWZX1JXcCMwULFaQnzDcUykCgYAPio23F/pWWqaZ64uR0GGo
+ VwghkPcBPPhK2bnY9axTlNwpbIutBEt7CgyS3jkcnbzjO1vZKRM2fkLvZIy7uDeD
+ sZrlTdtLDolkbNH+GpJY/PT+ufS0/yd8h6k7MrDTpzmWFvbUgCY0bGiM5/dNvXIy
+ DQ2I1P5LXqocQ37mbpfdDQKBgEN1ZwEmOQrBVvuo9TK1siWilgRX7lWLcM0MXhB/
+ 6dGFRY1WJj7rx09QrGOwnCJVxgYAB0F4wthtWogdLT0hFjaHdAR3DqQ1oqN8DdyG
+ vf0ELGtjZNfdxoNeRdac8SsGXX34f0XNzYS+8e70p0MfSDZfWnFDVqS9AdMeCxl9
+ Xp8hAoGAd9DwL85VnZxfy/Ri4LegqZ9ZkB2pvjhcvaFdlHshpq+VI+pIu82oAiAk
+ EV/EFH1mn/7dlF7kL8JPS2dJSoVtRdfMIMuU+xbEg0PhjmwZAQ9e8S5H4NSKBAFR
+ 4W0KcgMpttk1CqAd6JXuD7P93cA6zn9k7XqNo453w4y5t8hhaFk=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAtso7mEArTmxhVpnPeOwX8M3x0ncwft774LzNQ5p+RgMAVcLf
+ bA5zlBY7duzVE18lxqn/g6dFCXz77P0DbQUJQf48J4350SVQhqcV2Kp+dBhBvvel
+ ZD8LGZaMs8tG3n5la+zEHBImyc3xhPzQZ5SbEBdjqYsvqpKqUeKHljGVi8DzxBmx
+ aSokDaNtAz7z4u9xq/mau5EKzGJnh06xTgNg1f9M2IOhpyRcvZTXnLBCnRTgbDyy
+ oTEa4EwEc78HdTXbqEcoLE8nA3EQSOiJK81TtZWHf4B9dDML+hTL8D14ydC5UYd7
+ frHxPPa9Y9s9omgCrVJspvKHIQMJiefBuS8R4QIDAQABAoIBABFsb4fQvhAIprKh
+ kLQ/FP0gNGfScq31RV8jwBEsndLAoHyMSc28BupbwClS4/CnxisMs01yWVNRNZZe
+ e8AdlcdTm5pNnz1/aBCdxqhTgCBC26l/Y6WNmNpEjn7o5oV42OQTupHObSIZXmdF
+ zfvBn5JGGHrlyJJizpdll3UKnu2mOnEmv9Ckf8B/w9d6PNTCxnyHk1Tt3iFmM4cA
+ ip1uO/QQkuyuFlc/JYPwoKW6IBiVahs08yz6m6nFO1WvAEbzVva9WOFKk4l/AWCk
+ kAHiHOTNS/VQGGUjWQpcWT6Kf0FJKAzfHG4yxYeM/ciTsLNUxF0rKHMOeuU50dwG
+ 7P5l/p0CgYEA6+bLlG78gmLxweSpXzvxKOdxshOpS6xos3VCDBvZl5mIbMXv92NJ
+ C4eKCnj8TCURAB9FM02Ec5pyWO+swHWR2ZuFsNFwLBNU7OHd/Ee/7t23zxAnUO2l
+ CiufyYAc0QOPSG5QpZdvvrEh7fBNpShz/XxNri5FP8mZFDmPVL7nzucCgYEAxl0H
+ 6pjhMDGzaqYE0+zMPOl99NjeJ6cx2TsRNbEAYYEf6reE/ld3S6zgm/MHSBy7hM7+
+ M83ieXEriwXCH2oKIgK+cwajm5NEy5j09+lVcgBOIzP3cwrEAs1LL3qrgLrOMT63
+ FuznzrTfH6AUHtkMQHNiW3Sp65mblMWjVe8M5/cCgYAfgMLPH8M45l3CtvancSnT
+ fJUCYv3IzU1uKcqYM1/rjuVZIVXag7fNglw86ctHn+uVSJfFMiTuC0IZ/mfji8/e
+ b5Z69n00ZaCBwegTOMG49IMHc/DMLfBMW2cLUcCHaSJJWfILKx4RKTaOv/iehbh3
+ sZHuIN++lP2MZeNuPdBXIQKBgHjqSqIRcOtc0H5JFxZL+S+EMRhoffrz6un9HH97
+ Fr1Y5ajBF5umm3yQtBW77gtiIFhTiRbxAIWAm8dRykQ18llLDOa2/FIgUkY9Rc48
+ +K3WS8sfqU4CGPuQQq19fD+rH3dbQGYEIUWacYwomzs2mUZMT39qPQ31g6YLV4ZR
+ gq9/AoGAJck7HiHVlC7iDQt8ODD01kYLZNf7TVEa7NFKfJTUXqPNTF2XBaHtdMmc
+ 647rhCDPr4yYsm6iV81KdLpRwo4c6wLKYklzbk4kjE9Q/LGD+5VK8h5u1V/mwnT6
+ F2shi9uzLjSc/d6b6z5bP1WS20X5PqMl4JG4PDpYqH81/NmzxDM=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA0Gue4lp8l+SVUTcroY8dOlS60oiwhzqr7SXcgwTYJq31u9Sx
+ uhv5hNaSCAc2ZGURTtnhd+rUMh6XMXWNj9c7HtPV7J52+bv+1HhYUFotY0P0yWn3
+ BAfjCj2TG3HKaGhqV3NLnj5apM3Dx9QIgbQqrixM7JQmNFWMPmtWw098aiA59Iwb
+ LE0yKTy4K2naQuE+7iSZeiTMAT4eZ9/OfAfSuI1YfkPt1JenDNDHcTSZVh+pccm7
+ HVtGjHf6skIexgVH+M7PHzpxX1kH9t3Qg5pfsRqCL8iZNOHBpT31o9L6k/ShzP4T
+ yJFv556rOcG80vtQj5ORSTlJXiCGeWXQNdzEWwIDAQABAoIBAGwuQFUbRKqOslZq
+ fZIpN7GMQ0B+RKqccJryWQgEnrFNAEzTdMC2PoiN21ShccEgmKBGBXr5/9RX/oBk
+ lOsBe6VfrR1Zj0XHJ9le8fAbLo3kuw1EnDuSYG1zUoUfRkF1WSU1Kh3kHaaHS0TQ
+ sO2p97FaOz9dEot9kALiMjHEcz6dtSLYbKNTJBPvAxsZll8EZFpuHyOMGwDY6p3k
+ oafELM+NMAyxVqjZn0pBL1svp9SU8UEyICNC7/Bu9H81mAyXzh7HweNC6LPiydsd
+ 7LxvQiiuXz83u1+vcmeElKR+RkfEaWgHWv3uxw0LVQqJQnreU2epewkdefVUwDwB
+ vgFL5okCgYEA1nK3XfZVVJVwMWk120nRZ5OxEmDYeVOnYWIrZ4bU3uJjVHMv77Yi
+ WCAA3A+OMqEvwmlrAxcvfS9ZCi2FIr0Gu2UO0L4pYri5xQLgtXwBMhEitvgke1ID
+ byTJ7OM9mEaCOgCYBr5xw+Ivuh5KD5QXpvlXLR9d9EmZ7Gh0kIsAT60CgYEA+M3p
+ PiwWtcvTo0mZcC07QP/t4B1cMqv+df02weE0ZKAjM1fGzpP6BaYTNY8Y6U4bvZhu
+ PeMvCUD0AZfMzS3VXvW0agiPGsa3HqpE4uaTaqiJITNzD2N/iTqCjrc+rNgBAfcv
+ Cc0lJpfCWwBu3yHZawDvd2MV4Z+E6W0MiV+TRScCgYEAnMUEM9avDsSoXhbR3lua
+ kCOyIQNXfWqgRFrl7CrvV3kcsFH8yzrU5KOQvU9J3s1jArbaGkpK1zNT3lLkrz6M
+ u1XnfMZnrtnoRJQT/diHbziDrkq9MMIF7KxySZDeKIHzFb/1Y4i51j92MJOQBM94
+ cwJ4rm3t23Yq5l5+SGS1d4kCgYEAnZ1sLeumM2K9XsroPg0ZZXL8Eabn2l3k5IAV
+ qTrugvSDeCoaEpHhqKRttNdDE8Fch35CEEiUaotQSJYOsshfTDnhIe7sIS1TokSB
+ QTCKoN3FiVfbgxsoFxoOzTQ+qyZndQRPMylXaJxpDlc25Xm/Dy9XhE0r9nOksm9X
+ qsr2M68CgYArF+luAV8WEg1dsJgoxmPCAaSKKTMxBww+8v5vrV4kPZymiEHV71WY
+ PB9CF8SXuktUQuvVmkrE1snyyi9wthX6MEjSFgQviBS31BjbZxYYh3RzkbQXkm5u
+ eIvo+HBgEQeothVECvxWlG1SakjIkPNWzRUdJenVGESe4SO86/j6vw==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID8jCCAtqgAwIBAgIUJKkGA1FUkVoSQ/B44+qGdnlPXNkwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMBQxEjAQBgNVBAMTCWFwaXNl
+ cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8A3Rr6WMB6VdM+
+ q8UwAdEArvznVCwlTtj+7ApI1ItuGyu0LxOYendUr99L+/Xob0WSGp8+sY4IYkOZ
+ qiGu9qIHmTJ04fY+xplmcIBhzqekEstGdCCnH8G42MJQKlpb5WZXLnkbLiLv0ze9
+ MsLCaISYAnxPBcEryHvWpSJ1X/iFaU8jU771PyXYC95C1/Dy5d6C44pg+/0H7c88
+ dBSt502xRnmCDyrPMxkwY2MmhiZCSwNV9Jq5C/REAYG70RjOBEATLC0sqhaH2128
+ TYiXg/kwRcT9pWz9jr0jyLRhN6HR0f0DGkXs/tski6Yj+9foJQiC0S2TgjMcaTB+
+ UVdzwlUCAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+ BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUVluFZ3v8
+ cr998QFxiMewu7XN42UwHwYDVR0jBBgwFoAUSqA3SorYeSDuNsSfPG8enwi9mzYw
+ gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
+ LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
+ YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
+ LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQBmgxaxacnu5/xc
+ isA4UmydL7jvM/5JGrU0rqcyOZYdOK8Auz1iTdCpeRAwd477Y+IcKrSDvWQmA3yv
+ neOME5/ffNFek3iPx8vBf+rwwbD+tC/YHky5pllR4WlEa90+KXKBiOYVoz8RGLIr
+ dilJtU51NY+EnKIllCVzRtxeky/5kOV1oraWEk5vPhOpyYfJ+Yx9VVQXvSs6LzdR
+ QMkSmzPVeA1AXHauWyx6Cp61TtnuekCEbPAxrBPbJb+GkW2tFbYIAZBJfR5IiMJA
+ pBQI4JDeD6jkDLBp58gW3XJCYr0zcfQVaQVHsopOZKH5PoFIf+vAKcQAK/SmCSS+
+ tbq3nLaW
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDjjCCAnagAwIBAgIUatMa/27XHBWZivkFr9aiuvo2liUwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDgxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEfMB0GA1UEAxMWc3lzdGVtOm5vZGU6cG9kMTctanVtcDCCASIwDQYJ
+ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJhsnUwfqTp20kHzpc+aMZeivyVKYWIE
+ 4Y0PoKVWbUuQZQjktGHHzO88ZzeohszvUVZy3bdGwPI4HwPjfa8LB/f6nDx1aqEr
+ dssV50tQydl1t0gQtKUuUDGk5FWIGcluX7MXktFZoJe2rtODpLQ/9nTO3wqqvKfr
+ u/tAmP8fhIw0T3fv+er02NDRvxhbyJpCd9R+gpm0gw9dduN3s2PlqiTPpEdQSQZz
+ QlV1yF6lrJ7R0hPns7xbcGSj+6karLzX3r+lT08QRgW7+10k5PpHoaEbwZoQ1xdR
+ CvZt0+G5xkAOoqB3BWBbfAFv9dwb38h/+VOo4cZeBVjbyo0ihBReDUsCAwEAAaOB
+ nTCBmjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
+ BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFPUBkcdySUw3bF1vawtgT9ba/8m
+ MB8GA1UdIwQYMBaAFEqgN0qK2Hkg7jbEnzxvHp8IvZs2MBsGA1UdEQQUMBKCCnBv
+ ZDE3LWp1bXCHBAoKrBQwDQYJKoZIhvcNAQELBQADggEBAKMoJGGPPlFd3X3F2lHI
+ LMReBe0j2VyuVykPSCbpaujcnTFZse+EVaFMFLWO1VhD45qji9bWg8BkHpw7TJZI
+ hz+xw0HdFRYLSwLQRNoi5tGD/6fHsWhyyxJ1bYHJl1GbYcd4hpIAkRIYj7tiLDD1
+ 21027+1jls+MARdGd8y1hZB9YQCK6IzBoz8n+LNRe2YolAYykIYIRLAQt/x6LCP8
+ plhpVBAUxxecnulDJUHZLnSe1t7+S+dIyFucvgCT1eOATWh8TYIrxK5e97fkN5vt
+ 1sYa65trF/dLAbL56GhHL7JOI8BNsBbjOPKbEpYNS/aFPSosw/8MyxeR08vSOwZB
+ q1k=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDjjCCAnagAwIBAgIUOASPsyDJETFZ5lCi6z/UkwzZ2WYwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDgxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEfMB0GA1UEAxMWc3lzdGVtOm5vZGU6cG9kMTctanVtcDCCASIwDQYJ
+ KoZIhvcNAQEBBQADggEPADCCAQoCggEBANja6HreKd9S1RYKWRMrJDL/EDA5yX9s
+ var2MOB/75ZXayQ1jzCnvol3hsopPXPBy8fikvU7Fu+MluFxSFBkbwHSmt/FrkAK
+ avaSzBHzhysm3SmySCu+6xkDjVcYrNKHVZNkuiRDcTRwsJC/mWQH9azayOKclaE7
+ 15OwIlSp30j3Mhd0POys6oQ/486KKBOQPeOZRxgp05iifGz+oTzqYl2ihlnvLtg9
+ tfqqP5DIJ9CnoJRRUIRZ9SHFH6uYsSZXuHzWVOZnSnqgWB6zy9rx3BZqND6fZQ6f
+ 1wp6Xa7OEFVCZy1EBQ+8ZtZsrCNAggrlzUGe56+Pd4ranIfMl8OhNkUCAwEAAaOB
+ nTCBmjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
+ BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKAoSxgiR2V5RhhoQM7qQtEi7zow
+ MB8GA1UdIwQYMBaAFEqgN0qK2Hkg7jbEnzxvHp8IvZs2MBsGA1UdEQQUMBKCCnBv
+ ZDE3LWp1bXCHBAoKrBQwDQYJKoZIhvcNAQELBQADggEBAEtbZOsFzGN9ot4MWlZL
+ R2MVrmVQpwHY3SCofpVxUMlkZg3FFSDydRTIiQXaxfa3Zczl2dviNkAIUJs7nd7p
+ YBhgGI9ezHhvS7t5pO5nG4Hyk1myw8WPV+Q/mU+i5DoES/apAw+9Zsqfw2xSnysi
+ QH1GTe5Tse7pqat5dMeAl5u2dGu3p9qe2Rd+q08Ts386njSxZuCEbmvglWSxUjva
+ hp+2deeqgTd9FaWlFvToiEDlZJ2s8d7l9Be3P0UbxuKwhHXBwkFjW8/KL8QIrJ7S
+ yCEGTmFajwa1HFsws+6Jxgo1BBLj9n4O7Y7oinNyw3ygDkn1jlkgcz/rPrAEe1Yi
+ DmI=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-jump
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUeZ/tqTn4wiSSReN5fEEcMBZBP9MwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTEwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr7ZsgQOHGrJ7AwWv5JdUgl01JQvxd
+ LsHZ5HiXlUZOkHHBKbQV2snRc93MG0bNnsn7QPP5hT8ScveVcwkZOusH/hQggUrX
+ 95Ua3Fic9nybeNorHhsWpRApBz58XU6l9GWQm+mmb2yCvW9rb2SvbRdIZixWSMUP
+ ltdlG8K0dH5yZJPaAEFpVtX6wSSH2zPxgI8ZCeK10c4egECpKXCKyNBHMAH7HDsU
+ wnYAizKHPlax2qCIzBhcCfhBJwX9/SubDRv/vSsyFCNRj0IG7IGx00GQd49tf9TY
+ ofIP5tFtMNxmCCXm+1N6gg8oaWRhav1e1CrayXWfKNZbP4SmXm1dssZbAgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQHeh4XFT8hjpRNLiPGcXEm7SO/
+ szAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw
+ b2QxNy1ub2RlMYcECgqsFTANBgkqhkiG9w0BAQsFAAOCAQEARB6DNhJTNe+cZxSd
+ Vt5ja8fYl3IjAApy97ZUKhQOFY3WPVAru+uv9OQ8VFDQzD3jsZ86pnvT6gOnH2z3
+ QuO9IKyb/Mzd2StwMAej25QN+PNE7jYvsW021cBrMmhKsGw5t9WAUu81pY9zhzpf
+ AywQXZz68GSyn160lz9C80UKLaDEdy+xrivh5Jn/XkzJkdI0X97nA/N0JPrllmjM
+ Duw/JQQb7FQcAkTa5ZvfjapOHR9hSblDJc3xTcYhav6yZ4qMCz1BCvpFXFrvAwJE
+ M/QMQOfw7DvyJj2B3JqsuQGVK1J5Ph6gEy5qAlj6zC0cb/C3j8pih53PHQi6nlbu
+ py8GrQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUZEh0TD3e+gQCjtZMnO9BgJRelIMwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTIwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcgX/YKhGzS9xYf6eMgXWxjQZ9igUh
+ IY4eW8U5kFOmslRKQLHvHTqeK3vvsYzlWSeE3bvSyM51xiYJR+kJ+0iuHKzArT76
+ x+17sp6Whg3nOIgEpwrkKW08GOJfhD4b5owY90JqrYZwyggLiIn1HusAwxGkFfOX
+ HA9xvOYpkB/PIgwBV4R9YeG6tRQCDoQC64Uj/AVwtocX5LgWUZ3HWfsmk6GTjRvz
+ 1LnMUhi94R9SL02jCcPlKF7i9FkAILd1D0I2xoEr86n/evvHtN1130A7kT+ZnP2x
+ j3QMyYh77iHMDLYKeicPR4WqAp05tLIUwv7IR8+cNfckdzOcJTuvPSAZAgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT9O6b1bnmbT9dm+4+NcFUZ5EXf
+ FDAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw
+ b2QxNy1ub2RlMocECgqsFjANBgkqhkiG9w0BAQsFAAOCAQEAd/4jX1X1PqLQr7iX
+ tS5L7bE/QJD5z5wKERFkVks2MMZ3xC7OoqNiguZBteNzYqZ2vcCktMv1QiAb08kb
+ jn2DBOxg8F6RuLqGGJ+4hdbHV4ewlZviH7R0MdH/BANbqVoAOtujB+9tq3nkeGHA
+ E/75SkDwXaxEKrypwbpelUdh+SnxI6IosxPLNbyHesXpP5WeGFajitUYvqPzi6XN
+ WD7tOfPIarnzryPB+3J+Om0djawNCVMecHgVRZwCRUTNUfq734+2bp18hGLP8UuS
+ WZljv4KM6EA4ZaeNCQ/heytZE6jiYSJJ6ZQEKr/6O1PKe3SoOhO9N+zqDfS4ALQq
+ GsbDmA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUdIZhQJbEXfJPmo7+MBg40oe7dZkwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTMwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVPYu1B0MjSdlhS1F99ovPC15owcEW
+ 7cbA9mDWix93nthaE1UZo98kVOAr7wY4C42YS0MHZlT5AOrPrwJpHwwC1W1zgDc5
+ +OlKnd3Tum+e2vvFW9PhFoSkZ4ZwliTIOyYIoaD5xAKcmOaFSbItg3mPbBTrXw6U
+ FHGbJypN9NvE/H8aMeRrQJ+DA6MqMKh0lmXHEptdYrVGTaxwT4AxsaDYpGgY1WHr
+ 07Bcgd1no4coWnHYN9Vg/f80tE+uNebeRDgvH+gC4OEjD3+kV/CCfjkFYHLlU2so
+ YTu8WEfpG8HCxZrrpvB7EdX8kyaqANjeQhEgzycfHaDJyyf8Zrw0C3uhAgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDsLIMg506lEk+MFaD2Ie5YRdN
+ XzAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw
+ b2QxNy1ub2RlM4cECgqsFzANBgkqhkiG9w0BAQsFAAOCAQEAWiPWzQNzOZvjVvHH
+ TQ1zW3rHKv1lKZ8gHb7s9aiUeuq/7PKUZpUBzOxYdxZLEiKp1ZRHfuO3BlUDFC/R
+ V7L6N4eco3bfvYpAd8NUrKX6ruyydvHqbKWF0Xo8MfcUZu9EIrHh2l/CmrCZ5eUP
+ kJlSD+mNvsmaAL6teOpnyj9RVEvk/mTbyCj4e9e7MpPNE/0kB7cFtrUdIHJc9bsy
+ WZJc/ISngSmnVoWMfaqxGX99iFW032aWuLWUrSTKOkvtZqIPDDMUAsFgwUKWmtOP
+ R1tOBXJrj4C/wdO/fgDEgO5F8O/KfG0jtwcTPi4kmR1FgzJUdv+cDbI5gylFhtS4
+ mixiFw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node3
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUKFO+qu84cEUT6dxT+eXiHyC91AowDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTQwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBib5O3QeE2WVARl8aGz0ll4AsyD2o
+ JNiNCccEM7nRsAT6ShXqPjWmO4OGPhNUe52DSmXcU/2GblCzeZ4iIPpYncDqC1e9
+ G68iBvArw6dwr1ENM+7eQ3DIWRt1zExgTRfbaw+aCPFEJMNqaYxVYky48WY39aa1
+ q/nfUuac8WHLtNz8fpaNfdfCmfk9fPyHiggSCCD4hZ4+kvwBd4QG2KFkrmpMH3hZ
+ DYcwxZkbeYopyqHVc+QeoQ3azWDRfYgKX2zWSgleCRJtkWt5miXELGsLgCiIykUs
+ fVM3OOBoEVTZnF4xz5Xkzf54xABInKcZjkgw8kMRiJPHRRrUdsjgVp3RAgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTGvOFfJ0ZcijahG5L1R+uzmmEj
+ qTAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw
+ b2QxNy1ub2RlNIcECgqsGDANBgkqhkiG9w0BAQsFAAOCAQEAN9WXZk1uwjwhVN0X
+ EExOpYSTBs87AAmW9SM0xp+eTLB3M91jUro5Bq9hqPC+e5eQqWzJcPwdpXUHlUCG
+ 0Q1q8B5ldBn4HFyhKU994ZX+nMudIV0ZX3L4eC/Q6GDrGblpDCxeoqX+sRBPpitQ
+ GH//wS1/oB9ggXqHqYlkcWqUwzJCfZ3UZs04/o3X8+TQXaGcHhA8IK1ftyvGj3RU
+ likT/E54fmkCHvE14QKBSlipd2xQJDlUYs/be/yDHN7OwVoHWj+90GBTDWphAlON
+ QnJuHAx2OlM6c8Q4NRhvnjE1id41pctLZaUNjOf+MKbYS8r4Hhf5E8esCjHpG8j0
+ Tz1sfg==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node4
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUXfIj3ULerEYZxEkv17nlBfVO5FAwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTctbm9kZTUwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZbzwDTSIQhMJQvYbNVKvjpMf2NBGV
+ QXSC1CUlQlK43pIG0GC9EOLrHzKMDZMi35848NTEj4YtuSuesQHIHiSaKaLSNVpo
+ 3uj2Kf8JajsNucfE+SyOeKANtfMZXveIdp4qhrbUsyoIg4vBaqDpftFv+bjBOYbW
+ 9T8NzwUJG0GjphfgLIGZZib8BpbadwrcFENGXR3BFyS3KVN6XJznlUPX+p9Rfib+
+ YbzZCGVUYLgO0SrbPAyYmWLJC0Hj0KF3q0sjrQpyYMhnRFfz2B+kY90Dir5dC1ZX
+ uVmVHI1IS3FuprlizzygnVrRLJDFHPIM4LeXSY1wQmtuc8Wb4enC0WhDAgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTwn3d4InIiDPBmY9i/1Kje+vUv
+ 2DAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88bx6fCL2bNjAcBgNVHREEFTATggtw
+ b2QxNy1ub2RlNYcECgqsGTANBgkqhkiG9w0BAQsFAAOCAQEAK2gKG8ShPRiTdplU
+ 6G7q3uopwfmfKaiQVYEKQQ9OLNtlaUOF9MAtsdgxmt1g54hyEkuLMZrZRohqInbE
+ O9waS6KvFYdxUPUHRgNh2DpUXunWPORwcf7VNwU0c4MHd12UK0UBAwuzDekTp7eh
+ 8aFvS9Ig8iCP7c+W/x7HnKqNaEHtVEkbn8sdE6EzvPNwErjlGn6CuGwSf90EL92c
+ b5DgA/RZi6pxXIDM19n3O3MpeM8r7HT4ScUO3NWJDxIepWXnWGZ5hHsYqPoFxkU3
+ If0UfjkJh2n4xfyFyn+S6EoWl1Eldf7vSa78eb4HjcAJddCqHVpULTsSNxZyBVEJ
+ 0O/wBw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node5
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDVzCCAj+gAwIBAgIUVkBkvmk1zxhXmntTkCrIzW5QNdgwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl
+ bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ AN+kUGrLcFeX+HP1Dg039vHOp8yIypTn5aLWycD3o0kmgUpMQEwWZMn8BuxUq+fe
+ BirCJz62pPBs0Shuw5ugP8vp+4h2Me3DIggQDaWYYfZrhMSGbiH6W9F6QhWwWCjf
+ 9JPCa0xI+vVRv19p6Z6Q2PGCL9op1q2kpEqB91ALI3trMmYc2O4zIE8JWEBUeQEC
+ gt6GLP6ts0v0b1eU14cjszHz1rZK90xOZ8a6dbVj7C6wF/RkjbT+hAvG1nZjFhJt
+ W9csKDiRQyYLkd786u5gqKvEppUrVqN4daZHMuBSoHG+o/C5NX2I5hTCKuJLt0QE
+ 0NWQeW6N/XyLUQHkxKqWPoECAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
+ JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+ BBTKVr0D3u4EXt670HQwXkvHK80IfTAfBgNVHSMEGDAWgBRKoDdKith5IO42xJ88
+ bx6fCL2bNjANBgkqhkiG9w0BAQsFAAOCAQEAhrLFJ5mYiSMxNE9qKmPD7I3Ck39j
+ H7ELOVQ55WcKosSw0bxxN6uFdtPe46YL/IBWLrOUtxojni0MOTe2eRT/WxOri0tX
+ UcUrb8aEbHySUxTljRntKKKUUBY0SFgSUWGv6s/XbBTugl+SKk59zTXFApLXkHXR
+ FWuT1cyzDGyCINQTNU6sW4I1P6RptwUiHLsHvsvQzRGLXEmenhQtyQOgIdlWkBEa
+ XugbOB7MrVA2Okknm60tY6MjdhzLuLpsfrfgVPbOhhJgx4s5R9jUPYkJt2+AM91F
+ AatvYzGF8PXZ42AD86koVQMaKVkkik/+B84hC1WLJyi6j6q2XlNlbPI2IA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: scheduler
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDXzCCAkegAwIBAgITUnedsZPFK24+0RLcQnBCy6sfaDANBgkqhkiG9w0BAQsF
+ ADAqMRMwEQYDVQQKEwpLdWJlcm5ldGVzMRMwEQYDVQQDEwprdWJlcm5ldGVzMB4X
+ DTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowKTEnMCUGA1UEAxMec3lzdGVt
+ Omt1YmUtY29udHJvbGxlci1tYW5hZ2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+ MIIBCgKCAQEAx4qVolEaF1s0eKEqkCYybqL9v4ODiX+GAglz7KIQxXZzaF+RSVcH
+ xrbeMJV1eD57tpIdm6kbcjllTsnytTef5iaJeEyJu5cxyr6xhwyQNnuWlbHl9H7L
+ lF12eaNv94WAJ/S1I1bhjt3gj6vvXbFuridLydC9v/ELzVG15d70drVsfDvrRGbB
+ TPBTt1HX0pPD6uvaKLUwy5vLqx1uP+l75+EhmE1BmVy5c4SnuUdL+/8zqoPFI/07
+ wWY0Jq3+G9zSNeweVIxOv+vmgsUwNlNFsiu9XzzI65ngwaVHvelT1JT1ahMeO97o
+ qOd+XgYFNrKphJzvoLNVtt6/GdnAzjv1/wIDAQABo38wfTAOBgNVHQ8BAf8EBAMC
+ BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
+ HQYDVR0OBBYEFOne9MK3El73DSrS0A1Uz4SQhjP+MB8GA1UdIwQYMBaAFEqgN0qK
+ 2Hkg7jbEnzxvHp8IvZs2MA0GCSqGSIb3DQEBCwUAA4IBAQCdho1eaIcOFSzyCgkx
+ vYuL3nwFmofMQh9P5t//dCIrs1YGmMC+i/paYK5LcBlqRfR5zV73y/Fvw4njIz+J
+ 5dR1PC2lNmEXXyy//yhy4fw0G6zdY9dZ927znS7t7aeDf8XbUg2bnnOSj2vBTMXK
+ +SKZYSzYrhaYpem1Xv7pZpEGVhQ2kti6SkXmgrhbiFlzTqBK8IqrV63q4UIW1tdd
+ vPfg61tF44lUweAfDqe0qTra1HyHRscI9uXJSShY40U8O+UZX5BVhGlYbKP4rWyp
+ tx7vCUcRPNWsGVDw0YXiRzhZVl6edL92PTd56Y8zc24ELAbCodVFUoGIbKiBlC9+
+ giRY
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: controller-manager
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDYDCCAkigAwIBAgIUXVDbDAa6v2oTEGQolp4wy4+bNiIwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl
+ bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ ADCCAQoCggEBANFOOJFFMQ2i1rnX6rtQAjdh3KtvjXv6Pfkd5bMY+7tKAHsy0x6H
+ TlwrN44dx4E4lGLJ1ZEqCRD9F6Vznrhjro2/Bq7MA2GmDbe0w0LCar9gXdKg7RMN
+ p/Prm+KAxWPF7r7KVBCc+/FZb8e97Cd7riFxAwD8z+IcIN/PwOnELauEmF9svL52
+ qSlcnWSaI3A5Sj5XYBDtrgb809e2jwRcYx72tWZ5+BnAkXqgmylh+ARedlQALTM2
+ gIR6iJblbTY5b9nWI+/0DW0kLkWrnbU8kq8R1mVKImq4TI5xlBqRVeJvrerxHSdc
+ szjybwbG9m8crW5c+Hdk3iJUEjskonGa3O8CAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+ AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+ MB0GA1UdDgQWBBRojpJQ8kbw/zd+BkCuQY8dbfeA0TAfBgNVHSMEGDAWgBRKoDdK
+ ith5IO42xJ88bx6fCL2bNjANBgkqhkiG9w0BAQsFAAOCAQEADbQMLo5fAELUbK1o
+ prklo9UUoD5dQQyMB3/kR9n+aPDT/EQvp2oj3wJQfBoHYxorCa4UThd1GYON0nt3
+ /AmiGmIcPmlX2XzeuIS4C5xRr+8rTx4umEqzg+ykdNwKV7Ed7QJkdIX9ExTbkfws
+ d85tmAeL8Js0GW0oWL3N8NKZNNu4ygAb7Ha67ZwtpHiJ1LIyd5XaZE1sxhtRCYEu
+ 7GRQRJkX3qXCb3BoptHmjYrBR6AIKjKnRG0GE25z709wXS8cmbwFWS+NTOWo/5W2
+ J/TfCe0+RnIO2Mj/898hk7DImvav7PKuPraAV4G1ClGq1FqtVqa48hL/3tma85LN
+ PTZlCQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: admin
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDYTCCAkmgAwIBAgIUciDyPOzv2gb4bPSoKHoupoallj0wDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl
+ bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQCxoEU4+cHjqNFCs1PcBHC6q5iw5K4vhXJDn7JljpaAGwB7UTul
+ n5WMxdbl6Sj0OA2EtukQP5c+sQEcW2ZbvYkUajmeubsuP6+a/d/xr4kveCTTuloU
+ sBYi4+Q3Rz5wFO86Pyh2uoLh2HYGMBuQlo6IeT/DanL25pLmoijAaBN6jluLwvjL
+ S83uCNWcfRpAHhUarr58ldb1m3dwGHJh+Lj8oDmPI39WU88W8lOQCOSx7F62uk2v
+ 9kVaxFCJIVtPGWkki8Zna12ZEQS2x/A8JiCL79jILWkIBHk8Xjzxdidy58Aab8Qm
+ 65ozGJOaaGdtpUiGOBKYWecWFS5f68AjhPMzAgMBAAGjfzB9MA4GA1UdDwEB/wQE
+ AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
+ ADAdBgNVHQ4EFgQUpLt0EVpJCPlGVnPdiPJKGl2W01QwHwYDVR0jBBgwFoAUSqA3
+ SorYeSDuNsSfPG8enwi9mzYwDQYJKoZIhvcNAQELBQADggEBAEwaNNwVUgZ8OIcM
+ h0RQ8Ly6HWsTODBcpRQW20lPDjpOde68zrnxI2pLdAV7KgcfdhvxrEUU67K4BS8k
+ 7djFfLPOnuOty4imvIGaha8OXCqlP7gplFehbKsCDUwZibNm8FcQXTeVVqzGEFwO
+ WEdsKaYlHGMn0hPUvCG/qtvXTH+vY+q696+nDqIirCfRbNmUYTypKhdzDSiVFoTN
+ U5Ek6GKXBSv8rs7EoCJqiFD5dN5zpT7ErF8xgMkW0DVw/09u1vtRV4D9u/NlTIrh
+ 5WtDiyRlFeRZeXnJz2CTgzItr1Lt6eoTh3/64hYQl2+ThDFTQz5WkrlHGfkRQWj+
+ QIpMP3Q=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: armada
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDUDCCAjigAwIBAgIUXLNalbN5I1hNhCAPUaS4nLXTZG4wDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowFDESMBAGA1UEAxMJ
+ YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3C7GPaX+
+ CBwPz0rAbWorFholDrZqV4Q5yOoxPfrTRJsKkjpNPG9Wot3wZNukGWoUzm6uTwu+
+ tasfaOGHUH1EmwhHXtKavWhfuzJziXXPL2DWAoWhdrIkM0c5oYHqNSIiQk0Ld805
+ jtI8L467Sn0Sy21oSwIbPGVpcQeYtI0rOHLxev5Pw+KkmqUBImjv4otLtIScRlcV
+ LiOFqitIQMX6QtJ+0sQTmPye4ezaYg4o0kT6R7xuaPdPHH25ksh/yzQTYpileV9T
+ VSv5IhRrilqS+TGVNT/5MnIuMj6cDX8T7ZM03/uU5mVVLHlxURDZACAhad8d+t+q
+ RkfIuc20PQt2pwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
+ KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFiawe/1
+ NzSv3p4ojD4mBlLnDopxMB8GA1UdIwQYMBaAFEpKpJjvUnEK6Z4PRxQP9AjJnquD
+ MA0GCSqGSIb3DQEBCwUAA4IBAQAfE27rBTdIC69SOCs6KM+2p9Jlmv1H6bdcfV5o
+ oIQV6PgR7PUnazlXf/Qw7t5vt07oAlNuyQnDLAbz5qC8/Yjvk9rNXZD/ROQgXSK1
+ QnjTWJ7zCRzcmvF2OD5GDI8n9YdGjgbI2lJwOYlsP8c0eBKlOhG6tfRt3x8FRfw6
+ x4dTKKiCdC/PcYbKeGENAvhiBR7spm1d/BZ+gtmlApOJCUDXquUJOuXMbxcnbr/z
+ i9Ps7+rf8eMqF/HLw9SzM92UnFJuL8apL2xBgZSFSRaLoHD2Qyvu9ZFpkHBj02Af
+ uLuIRTUPpsCGtjN8ZXLryg5iGvgyJIkJL9ZC3aTIdVtlktYy
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDTTCCAjWgAwIBAgIUZsDwxAyPFvCBD2qAoDt7LbN+gBMwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowETEPMA0GA1UEAxMG
+ YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLJuWpNsBvXt
+ Nny+kzFW3BPOVt7hkgAMRtKtykDNev6PawxZoo5tuL4tRb/htj/htig1uI+eCKCo
+ 4TBPS9GdVgvnWN8wUzqs7DQcGKlPrGlvg74Mnh4jOh913gdOSZRDQgqcOSE0tAOW
+ HVGUhFSFgdmqzCL7d5XVpqjLDleAM2OgSmhf8juqQmjtcoLg0Ioso5QzZO+MUIq8
+ qWoo8bfFHry+Dy0PVZyDm1tLDBCcFrjNndrvxh7gCdvbN0wHTUR/RUwFLGcT1OUT
+ LN7aS9379l2ROHjSs+T8JpjIwYYZ0/XzKc7WofUeO1wTNjrrWsNNa8Syw75io3Lu
+ LQcTMu9CcwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+ BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBCxp8LnC1Ft
+ 4yBb//j1AyxclY/lMB8GA1UdIwQYMBaAFEpKpJjvUnEK6Z4PRxQP9AjJnquDMA0G
+ CSqGSIb3DQEBCwUAA4IBAQAR85WvVUHHukLczFgOv3jwlTY+bJLDjJd15ITEsNMK
+ F12kiCDdyUor1deiMnZzr1UMlVUV7zlxB+hVudboxbv/2E9gwixnXlIiuRkNxnc/
+ VlUp44GgQS1uSYcrMxUOUgPkyAswTIXTdmbSsAz5m8q+0cjKThglt8djNQTtR86n
+ OW+aYjmPhCh9ndyeoakPj/I+ICDgWKRDgLeoxgQiDt/m4F4QFV7UWCc9Wa5t5tcY
+ KJV4i3dLLY/Wnrt5jLI6ds7hyvsO/3qBbDnpkbLH6cXjtG18zcNGQb0bRwxNITL8
+ ZmRKx9GqVVeJF0e+RlrjfXLiwjW9dF3jDBbffgD+NgvX
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDwzCCAqugAwIBAgIUToZl7A7yvof8fxse7GAoLdpZglQwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowIjEgMB4GA1UEAxMX
+ a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ ggEKAoIBAQCj/8sNN4HKAxqKkMcrOPHPUZwyAsn938pTql/ZKrd7zvyU4r3DQSKq
+ 9WkkYOrlHfgepGpemBC7G9MeggrhOaQzMj1AsZOca2BO+jnuow/ffcSV/4SDKP+b
+ 2h43DOmfLeVogAwXPOOKTeYjVoSYyrrl2c+IztKuu14IN18z7DrwpVMxs3/NLR1p
+ 4WLOhCPKt8QxL9+Fc3SWIo+ayVz9RZNbBj+bOiq0AcMpSU1YyA0OeSkUQf7KcTvk
+ zLaZq3uffuK00V3Vx9ykGPPOBBlbqsafa1eWuP0RZribWRs2qoS44fyYr1TGPaDG
+ JjRoodYS++hjvLhu3e4wqGR1hsixNRZnAgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQD
+ AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+ MB0GA1UdDgQWBBSFBe7lFhSQb9E/duHuKEx+GlG0FTAfBgNVHSMEGDAWgBRKSqSY
+ 71JxCumeD0cUD/QIyZ6rgzBhBgNVHREEWjBYggpwb2QxNy1qdW1wgglsb2NhbGhv
+ c3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2Nh
+ bIcECgqsFIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAb+hyTabp6x0d
+ PwzV+9DLh79EBJVvzDhDVeGg7L5a4efa9x1otEQ3tBQqSPv6s3iGj3TM4VRhJGmO
+ 4nnOLQRt8IH9SRiEa5D78PjhrO0Oc3Zy60lib1fHoSQ5qhqmHNgdtGETk9bcO28e
+ fxIdKsjyGU+NQG+b/IGi9sGb+62M+NVxN3z/XnGOuEF3OrwQvf1r2Co00a2r6oX2
+ ZSjv6ebQH4R7XZPU5Rl7QKXbnsL3Id6sPEPQ/zaCB87i3YWR4dz4ntsubc00XHyc
+ RVqg4xiEErn4kHdxB3Z0nbA9VlMNmIsy67gvS1WwV+WjUXBXKKH9p3mz0wGF6w9G
+ cJyDTKUeGw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDxjCCAq6gAwIBAgIUCidfjso0k+ZOmAVeFEEHhPW2BK8wDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowJTEjMCEGA1UEAxMa
+ a3ViZXJuZXRlcy1ldGNkLXBvZDE3LWp1bXAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQDorb8oyJ1+JiQihjFDPpIIuHLb02qSoUKhnCBJ8ERpdjArAGoP
+ w2B8fZ+v3ZFksbo5NcjasQ56FLaqpFAQ8Vl2bypF336ZsnQSB0ZtvopoaIhWC+ft
+ GcMTggQU7iHyFlmEvyvHIQOMEACdS2xo5uzyxNY1ZlMbC7/4vyiTY39uqyeWPDsm
+ JtSUa56fAiukTKPRJueiCvA5zfNTBn1Ubjo0YmTse01QU5J9zaaSD6X670o0eUpz
+ lKxx3XByFkqCenHcYodjsxQg2SZbw5pj/5hX8o0MSSnSmi9OhwfG1uCR+z/n3/70
+ NZH6cXt0/dFkv0Ih+Z0wgKiKy+bgaGVq3A6VAgMBAAGjgeMwgeAwDgYDVR0PAQH/
+ BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
+ AjAAMB0GA1UdDgQWBBSX7JQjFdBoydobT5N3r9cg1xYZlTAfBgNVHSMEGDAWgBRK
+ SqSY71JxCumeD0cUD/QIyZ6rgzBhBgNVHREEWjBYggpwb2QxNy1qdW1wgglsb2Nh
+ bGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5s
+ b2NhbIcECgqsFIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAfIRL33lN
+ y2UV7JSd28g/FuHftVSAakz3OCAYykMlE4Dn52f/DazBqOap50W4HgJZNXW9RgqV
+ yAFaRTGBblx/3lq3pgi/652NSdMVMbLtUAWqfN6eQvpW4S8J9TKtF2PJmFjCmO4L
+ QYugCIofZrcSuqyBDOrzgSgB7hD5weMlNPdASicvpeiFu2sfIMi2D2t8rA1KwQxO
+ cf/r8RJ/Lc7QyL9bNoOq/64dFdnPNh13AKkaORhEXDHEdQvlu8th3T3HHRh+qImq
+ sIis3mp4LsDmQkCM9H33AsjbG+4eLMgCxvPjXtHwGMATSFOwdIuO41DQrUooTAoi
+ TmB9tl94BzthHg==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-jump
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDyDCCArCgAwIBAgIUMHqI/4QsQFGrhEYLBFA+kS/1nYgwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowJjEkMCIGA1UEAxMb
+ a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+ AQ8AMIIBCgKCAQEAzV5tuExTU+9A/tNkCqoVhBtYsZeNWrvuGiYWXc+6CXYKAhLo
+ eqVbDNTtxwsQA+KPRJtiJlTS1+EYeFd7ZTQHAj/vt8NSdFmIVSpaJdkDBTBLX/D9
+ 9b3hdx1u+4ZR3jiU7VDsezci/apB69oBuihLcvCmm3m2EhgFFf0cUAa83Z0U/Pdy
+ Hg1VRSiLcMxxU5QATKuDNUpt+NG5rVP+dkVjYzp+Vmzxws4pY9T9xJSYup/rdb0T
+ gWpPFi8uNIazNCbUXRwHFM5VXq3S0ueNCCVIdA24M21QwrG7NZCsoG6n2d4yhLv3
+ 89uSBzY4UQ30Y7Uqpi1vjn5QmqkYLrEuc/5FmwIDAQABo4HkMIHhMA4GA1UdDwEB
+ /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+ BAIwADAdBgNVHQ4EFgQU4Q3H82QjIU2oyn7tG1HUbWZ1k7gwHwYDVR0jBBgwFoAU
+ SkqkmO9ScQrpng9HFA/0CMmeq4MwYgYDVR0RBFswWYILcG9kMTctbm9kZTGCCWxv
+ Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+ LmxvY2FshwQKCqwVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBnSTl4
+ ymVkF5dAwrEd1A+YsB7BagB3kT9QSPNVzckyc114vJmGeUbpQsJ4q0sSZxw3bRNe
+ sf/ZS4XIaCVwPDhjNxVmOu9OPE16z55qeAHqt6+sGB5gz0EdT/sdGMbaHTiTlOwL
+ 3NUBeCWoG7EByRxYhlKino3CB2Ozt7ol7XKddaOUOjcWCpRZOFwDQ+KgT9Ep6/K+
+ jYadGMMNQaKQied/tS3sDWMLa55kmbVOyAHYK9L3gnoli4+ZeEuXZuNvW+zemqZs
+ AwzuWB4zEahwOVJkCYwAMPOlzPlflRtoUArUHIgiSLa0BrjOeXEF8YRXcjEbRvjw
+ 694njClwubBNq4sd
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDyDCCArCgAwIBAgIULkPrqYtWovpB408xMGMkFt9/UTowDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MDgwNTE2MjMwMFoXDTIwMDgwNDE2MjMwMFowJjEkMCIGA1UEAxMb
+ a3ViZXJuZXRlcy1ldGNkLXBvZDE3LW5vZGUyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+ AQ8AMIIBCgKCAQEA5U4DMNAvkkGBgR6CJddKECt1+Y8VBVMbGQs9hC7Z8qRQHnqf
+ AFEs3N5rq+CASmoTdx1/ZjRqJnwoNVF3j1KUY8WNBtx84M0DTY3M2j6FXmOmmESJ
+ LHdxBYiNcs8C/j5517/yuHERs0aYxGOIK7SORw65159yQ2cFlXBW4+BGUkIKUkUj
+ R2TuoyBYRO943CWZRMHTN+eK98TuSdEaxk1vqNzXsvs6dk3ppetXa1pnHPs0KZm3
+ CrOZCg5CWEG5J0gK3vojQaR6ygrRV+sGN85q8433tsfMRy/hmahJbAQVwxhm6Oza
+ +cL6voHCuBkKju8JdZTl5b/91YbaF+pUKVS9CwIDAQABo4HkMIHhMA4GA1UdDwEB
+ /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+ BAIwADAdBgNVHQ4EFgQU0GzAO+78ztY3or5VLtICWSFJWUAwHwYDVR0jBBgwFoAU
+ SkqkmO9ScQrpng9HFA/0CMmeq4MwYgYDVR0RBFswWYILcG9kMTctbm9kZTKCCWxv
+ Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+ LmxvY2FshwQKCqwWhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQA1vb/3
+ hu45aT8BeMWTHR7REtfxZ7dwYp2WF0i5nfOZLxkrptaK2b/mjDo5L+FrJm6MjmeZ
+ P74O10UutDtSvZKOVeGc1+etvqEKymXL/HKOmxmT+1nG5ON4JaD01Tl56btFXSJX
+ J3GTUAX3S3RSTolvPYekc8klaVQi/YD6AY42SAFqrk9/DQJTPZosJwUoyirfapE1
+ 5jf/jkwmrmIW6g3hORGYFihMwfw9FU7VfBF9M6QjdRTNyv4V+0l4FSd6AvdsN1ol
+ 2SKJEQsLxpbXwjjM2spp4reAB0Mn1Mr0dEXRv4cJ59OQY3mSb3qhhsJAthrvRXkA
+ SRjyOHnfoiHvbIMj
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDzTCCArWgAwIBAgIUbYHkC2Uah5N6oh4pji29G5LqntowDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAnMSUwIwYD
+ VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEA5LKMumJCGGvh2YiPaih1JqfObaxIKLbTEvtqrj5g
+ fSMiF/mlOe8hoV0ce8edR5uhGGzY+MaRmZ4tbuxBSD+u4mjx02ggc007stMW0M+I
+ zhy1/EFveKznz8orA9Z/HwoIOnqJsRhRd5qKjAoo8a5rg/+PTKjTBQt4Ndzx9q3H
+ x1AhDvN4ViYswqe2z2vn73wOH/QAcT4ZZ3snTb2oGroYuZHo4aTRSZVGk1nZzNZP
+ OAZLookgNgdIEuWGIUwY+dXoXPfTsjuJ1EijjjtA3VwjfAKKrU5sUFJ/3IiXJE5N
+ 0Ll4zhQ3eG19aDCv0jIpShyOR1XIeM3uz+QX1X49/hCU+wIDAQABo4HjMIHgMA4G
+ A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
+ VR0TAQH/BAIwADAdBgNVHQ4EFgQUC7NPtIAgMaINmbjzLknt4duM788wHwYDVR0j
+ BBgwFoAUhkJkqrelmIi3tfVjoJW8ro4JmNEwYQYDVR0RBFowWIIKcG9kMTctanVt
+ cIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNs
+ dXN0ZXIubG9jYWyHBAoKrBSHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEB
+ ABQpwlULulZFJsfcKqRqMKzilPXpNARygcjfXnkOCvs95OsuKnUUaSjPtC4CFGhE
+ o4+e84VyjeUlnywbfEbBrUjLns7MBPmUb92M+0dadCCa4JilgXI8ZOcswko4gx4P
+ YrUAASog/VO9XYJnd/Ch+KrY46qyfis21inFmWrroz9pg1+glhV/IbybAJMWg+OT
+ lGblWWiL6DpeE3DaQzP/eYdeVlVYPaExjSsN5D0LAWOy/Rgz9+n3zLsuSLB6h9mY
+ 2pJuy5eikkl28Q8OxMdxWQhEamny7rlgYP7W3DI2iP3VDYZrf1hXNlOtque1J3xr
+ WVwSS5clRh8ar1rxYU1ByEI=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0DCCArigAwIBAgIUBFKTOX2Sdx7PAY7wD1OsBC2yCwEwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAqMSgwJgYD
+ VQQDEx9rdWJlcm5ldGVzLWV0Y2QtcG9kMTctanVtcC1wZWVyMIIBIjANBgkqhkiG
+ 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx84cvFlUdir2iio1iPlFxQ67x2PqGCr1/jRj
+ 1ptPjnlnXfLnAbypA0jpbKS9r1lnSUsJtK+TNG78jFtmfnT2DLX+J9tZm4qI1Z+q
+ rWhM0qlYyPuGqXuSDI+TR5wbz973/2IioTAbSo6E32cTHHWhEaCT4o+iD/K9jZB0
+ LToWX2k6+iQFBg61rFFAk7SOAO4/8CcsgMBw3Qnl/Ewn8WNCHcInkLqhgSOF21yM
+ lcBsoPv1IAARkhXmF5tr8RGmV13K70lv5IhusGuznZ2FYF9gl07VxQ+kWNIdRgYw
+ Pgb2qKpT2pbljzBX074rc4GUJ3gTimchGLROukOm5rMxRkYMhwIDAQABo4HjMIHg
+ MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+ DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUa/Kd3D99+S8L5HyI8VKXwCJE7pswHwYD
+ VR0jBBgwFoAUhkJkqrelmIi3tfVjoJW8ro4JmNEwYQYDVR0RBFowWIIKcG9kMTct
+ anVtcIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3Zj
+ LmNsdXN0ZXIubG9jYWyHBAoKrBSHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQAD
+ ggEBAIj7MoexxflrK9Q97t95eDIaacwupUT8LeVRP627xGWcyzAk+wR2sKt52ra8
+ VLTMNThCF6IbMDyGZ2r1TNPKBEENStL/BGhm/1WYxEs81/GGolnZAbcNie2kB0RX
+ oDc71m/RJAI6Zm0h80yuT9U8hviuhN1gdfU5IbsB9wX9ZhUf69Fggtw5aOYXoxYn
+ SUIJpEd0fECTCwwbbxr87FbCj19MfnM2wo+NjCjQHDMf/09Z/QEHoxuDyfWiZ35U
+ XsYbvpfte6ssV5I8FARyc33U8igdWssuIz4PeDKqDVWZ5WxRw6cDqAlJhculAVAH
+ peRFZDYSAcQ0xLHuPkHD2e0Eq4c=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-jump-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0jCCArqgAwIBAgIUeh4Ggm8kIMINi0ZI7cwvYcUCi8QwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjArMSkwJwYD
+ VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTEtcGVlcjCCASIwDQYJKoZI
+ hvcNAQEBBQADggEPADCCAQoCggEBAL4FvXvuaXsBx5nxFEybOSeJEGgKr1y6WIqx
+ wGm41csuMERhLhiul5+RWpfCRJYq3zz8bbK7sDSdKvLMD7C+OAsWXb/jD8JUuR6z
+ RZCqP1hwk+j/gzJWoKYaf54A9kmGrK2HP3xtUmDm3FtH5kJfdaHgRF7ed83ULQWZ
+ Hsfdl5r4jH9RewTZcg7isxp4oFpdvc48p6N3qpjQn0gZUmir2enn72h7GZrGa8r4
+ g7WftL9E0nZCouglDiZYflMEaLbI9PkMxS0vdwgAqWJQUvP7K7vHucT+KsDH1E9U
+ Mmh2l/ayk3NOEU78hx9LQ2ABn0c4Hk5iUF/sk6mXVTnvFqyy+h8CAwEAAaOB5DCB
+ 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+ MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFNlE95sWo6M8GR87C2km+fIb2/yMB8G
+ A1UdIwQYMBaAFIZCZKq3pZiIt7X1Y6CVvK6OCZjRMGIGA1UdEQRbMFmCC3BvZDE3
+ LW5vZGUxgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+ dmMuY2x1c3Rlci5sb2NhbIcECgqsFYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+ AAOCAQEAKyk87UAyZNGaRyE30opnPNvd2GhgmYQn0mHQgZqK+5lEHnsokhEj2p2T
+ AnprYIKczHtjZONKFSeFQImOgky/wImJl2mg006FzbbZ3cvRmW5faJiqxc8aLjSj
+ Z9dTxYEnLTnRIX2MgzAL1w5ZhA31FwoMN9Ch4UCXS9PsFbjJLSGmnrVMRilg8+En
+ 7tl6oL0ZfA6SoRlTHf58HW5BopctG/zYVjykLFBBaDxl0jtJRQ81Tdq3lb5PxYKh
+ i+1w1vxOPE+27UpjkVDrG9fFc56Y/tYT2nJGhT2kl+ycsLmHTvLFniqnvh5QNIit
+ /Y1hFk8t/IGKnX53p0TCTTHkuBWlIA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-node1-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0jCCArqgAwIBAgIUIyUyrm9IjcFUKYyrg/aRTyx4GB8wDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjArMSkwJwYD
+ VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTctbm9kZTItcGVlcjCCASIwDQYJKoZI
+ hvcNAQEBBQADggEPADCCAQoCggEBAMEZup7AAKbOGQ24RMtIuciVk7uPRa3Vxf2C
+ oIR61dRXCFpG+RC6gT4yHEikqF/Lh8X0IAsVWMW/zdPOjombO5WxWU9AyscTShp0
+ UYe5V5MSHbFY7A2YC23ni6+svC94LfJcAgffzI3xQjF2/dOfYl+99ywusjw2dw89
+ LzBCc8UtppzrL5bWO8QuOLfMoD9FHnj2D+DGj11xcoz9Np+GZEiv0TVrDb2s7DKU
+ 3Yxt+9F36zbnt4pVm3RqvCK0y4iEVGfK0GYQHlRvLDXVgocXIvPWKUsPYegCqSfZ
+ AtTRHyf1S1w1+gK96XyXf18D9FMfDC9o8bgRGoVRFm5as/TTJA8CAwEAAaOB5DCB
+ 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+ MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFC7YjLWMGWn8PP8J5UiXUd/r4aj6MB8G
+ A1UdIwQYMBaAFIZCZKq3pZiIt7X1Y6CVvK6OCZjRMGIGA1UdEQRbMFmCC3BvZDE3
+ LW5vZGUygglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+ dmMuY2x1c3Rlci5sb2NhbIcECgqsFocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+ AAOCAQEAmjbfjuh0fx7FmvbIMPRXq7z36Vjhe+Kwk5w1KItL7hjTdyD8602snqY0
+ IytOKEKz91CaswvYTd2HekxXrAJhUIL90w4DiPyxttY7Fk21gJvbamogscHQyENE
+ 22X5egWUdRFikmg83k+EJBNixsioIUyA7BkWBz/1302GkR/j0CmYNRSEEX3YJ8YP
+ VV5wKr5zEgQDCPcwpRP898sk6QICCCDb8GpanjLurk1l0sgil8Ib3OH5vNO+Zb0i
+ urVbp2Y4GqONRqEOZE/4et4y8kStQvIcWph7hEGBObL7kVYo176foJXAxyob2zaj
+ p0vbKl8WELAGXPWRm5FdBhUyJyocXw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-node2-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSTCCAjGgAwIBAgIUAOnApTHu98LW7syQYeJa6PqRDngwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjARMQ8wDQYDVQQDEwZhbmNo
+ b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqPUZqx8Y/a4ZOAU+
+ Qfi0bbKGrR1n2FZCabpnmDY7UYt9HMFek4bUT1U2O3vsS4qKTejKynCEGFHh+2u1
+ hU5KqTbrSkTEotHMJqt3mL8PZOU+PcpdoZVhQLK3kwZzAAggJ6yZsieqawtWl6D2
+ 6zpoyPnFDX8JcJqPBh0WVEn4jAG0Y4YaY+vYQ/YE3AJgvJySGeNVsb9f+fUJjBqo
+ 3nxwE+cg9PWdQKRqL6RjJzbxa5sMn7kaUU0JS9UmfrEV/scGWU5WdQnOsrg7n4EA
+ 61aBUKawsmwr1KSV1lfnsmt94btuEalxwwA1HT8jnB0WFXOiMhMmkZqjldS1iKDO
+ 13DPAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+ AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUdnux2j1q7sBcGWNT
+ 3E/GPe8v9ikwHwYDVR0jBBgwFoAUb9gMAPDrJBDy4fq9pWYH1fzKjYwwDQYJKoZI
+ hvcNAQELBQADggEBAD89WTs/MKIpZ/MDAfNm/hpCXXWg4zRSTgakWIsO/kpNvBop
+ KkVQ4S0tGPDIGgWyv9RBfVBsZknom6Qk5SkGhjtSMrgY/um0hsHTlIQuo6F+stZq
+ HAGdTbjfE1bXgvD+0TNwfx8ypHPsPFs6zxPz8zkS68kBawRBCjFcKvM/cFgP/vYd
+ x7qKmh0M/llWz7csJLG8dbAVv640mkN6MJGO6M2nsyUDmo8hp90FL3zahFwTiGEl
+ rttIRuHfHfH6o5lf/RoYIc1kP4APW5bz5oycdlVX4v27D0aqFPoRsjv8WiND2pwo
+ Y361cWrEapeM0AgkT5A7XISmfl8ksDoXRKOCFFg=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDjzCCAnegAwIBAgIUVrrClpDO5jsxeOtpQGdSQctKmeswDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAhMR8wHQYDVQQDExZjYWxp
+ Y28tZXRjZC1wb2QxNy1qdW1wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+ AQEAtT29xK+8i3lxNgWG/YYmE1mNmVuWHjZrB+K112+ix7CDldYF0fJgPwR+urDg
+ TiQFN5cLL7GcTGIYmgArdBZcvUmeUsPjxxUuik/w/WaqyJQJc4Evsl42owqpfjpY
+ L5u/n5o9azsx6OTxZP3b+rmtPqSCafgkZ/VcJawIDc+jhGAKvhVzJj6zjmvb77XF
+ R4eUjmBGVwO64lrsH7juVt6n6EnwsvMPVoxQGGAL1C2Q00kyfjLTDrQScp8Ez7N3
+ YhzzeH/W4pr84NCJ9n8Cg9GkIDpP9dLzmNYbCUC+OzA5Egge3tfun/Daf+JgJ8Mh
+ L0YcjX4CxdlX0t859fmD06d7CQIDAQABo4G0MIGxMA4GA1UdDwEB/wQEAwIFoDAd
+ BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
+ HQ4EFgQUkrbIAriRvwk6kUGHkoG6hQIcl7swHwYDVR0jBBgwFoAUb9gMAPDrJBDy
+ 4fq9pWYH1fzKjYwwMgYDVR0RBCswKYIKcG9kMTctanVtcIIJbG9jYWxob3N0hwQK
+ CqwUhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQA9wrXnfllZHiKZdpEo
+ 1IDr6IqkK+8Ub2kXgVhaW9wAsWedgaPRuedWleIu8mYZYYuQWn0w49wJlOqVhGsq
+ l8dpBPH85AAWfyrcM7k3wOdJz6TVAQcRk5qLXrawerjCakY2jFpi+Gd1sbRNd0b+
+ dSlVo+7bjxhuq+EBS6OoFQQqx0SYLZEIPt6xW0yMEOQw+53IANN2Aeql1Th7C+p7
+ Avt5vnSNAEywVg/b4d47ffvbVF4hE0fGjDsYzNh/U6FLm+WKF/DP+zHPjXfeMC01
+ mqjTLmFrg+4qWOeW3CMiCFKYiTcbqa9QbJ17I2zWy0d1n0VkrX7ROF5WCCO+acNA
+ yK89
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-jump
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkTCCAnmgAwIBAgIULrHOif0uejOAG1EFl8cJsNKAqMwwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAiMSAwHgYDVQQDExdjYWxp
+ Y28tZXRjZC1wb2QxNy1ub2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBAOuhXhDZaqedGuUyQ+aocfkaLWITmxAOXhmLQhHbe57RG/KCSE0TlaurzMul
+ DtApeyCTgayKUeZkpoZfkIrErHnJ/FR/YcAuTYQlNDyHHBgL39Gf9vGBF7VhYrRm
+ pwucIDrRPqed7wjuUfLdS5t2BpimWgCk2C+CMpVQi9HtrIazLAdP6CgDGD/VmMYZ
+ vc6EgzsTjBh8iEbmYflxD3lq1nCvsFQclaFl/kcZgXsyA71ovp2euiBVWLeTw4Xl
+ YDL/c+676zXTLOewk+WC+I5D/CX+Qw+CWDT2+pP5+Xcaic9PVYbyjzfOpGQagFOj
+ nOq/ttOo3LG5mMbmq66l1U7KU6ECAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+ HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+ VR0OBBYEFJiDwOkvLBXAXAu7IbvYt8dDAkTeMB8GA1UdIwQYMBaAFG/YDADw6yQQ
+ 8uH6vaVmB9X8yo2MMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUxgglsb2NhbGhvc3SH
+ BAoKrBWHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAE/Yw0XgzVFuFNyY
+ b//eOHV2oj+rZXFBwEQCx5hMcct/bZdPqjjvHt+Df/gCp5/A+1KuHl3C+bCfRvWo
+ XtFn8WyMXWprAu0GbaGI+8Y/auh5bgTmvfqTPerWK36OtDVXzrxLVlXTHm2d8yGd
+ ydXNbh6FqsBXVN9VhBdP2EFDvuR/7u08ckHptgFa6RY/2iaSQhLAKBtyrIfj8/DJ
+ zoVl4rBOZb0uHz6k+njb2DmY79FWB8YIOTL1xcAfhS4dVPRrY0GTf0H7r+gGfhhv
+ egqMyMoLabwh7zYi2WgWicXX8/BZBG+Fw5IPEtY1cGzG7o8/2hwax9hlGLCI7nQQ
+ 0S3uB4s=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkTCCAnmgAwIBAgIUSK5lrtrbA4UUnOPEI5//XPigjQwwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAiMSAwHgYDVQQDExdjYWxp
+ Y28tZXRjZC1wb2QxNy1ub2RlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBAN7hAskLB6wk2AqOz/yrhTUV6ak+Yf0TeXPAsQVSra9vfTR9PnuFugZBm7ha
+ 49SPppGCY7UkPAQC+dw9g3+09vSDRy/G0qSpu77OFYao23e7cSVy7ci1W0Nf5pqC
+ n07tGmSdZ5V2dqS/LQnRdpUQUuWAFSZS/wC+tu+5diVlHXku2bC4ilnVnhkM9jFz
+ qb0B5cAdNN16v5CHF0jsiZ6Du9lNRiL1h2f5XN6bFc7Vofms7WN05W7n+uu6IQgm
+ oiVg9hFZeUOh4WmgMfPitxuC2yZMyvmDSv6eP163TEczTeVNCmnOPn92iME0d/tv
+ 9GPDAMuRm4iM+ieJqb9HwF/oyfcCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+ HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+ VR0OBBYEFGtr+u9MwT/VqB2yDySDzuecjWObMB8GA1UdIwQYMBaAFG/YDADw6yQQ
+ 8uH6vaVmB9X8yo2MMDMGA1UdEQQsMCqCC3BvZDE3LW5vZGUygglsb2NhbGhvc3SH
+ BAoKrBaHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAKz1v7MdVWW3mrvi
+ qP5KWatJT9CXl1R6e36wwR/atSx87h0141YAT/PS0muW73fFZDcBobnhtb0r/phK
+ Q+73QwrsQijSLj1FQZDE+p+MYVbn1NGxOUhO7ZSn290wCURpr5hWCU2G481ki+Y7
+ AKXe2VHEl8Z1tnxM1Bq45Y6p41yfvFWTV1NjvEkUdMhPWzdoyco0cdF+8bAMrA4R
+ uGnarof4HirEwS+QCoVWA+PPQnDA/8zM1VmKDb5pEwv5cah3k4b4hW5Eatu5YMx2
+ APtgfWgEQAqnjJwBexbrTjb3Lbq5gSDbdy/KUABS0FKu5w4SnARznOU8ncYfQiCc
+ /bMmUV8=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDTzCCAjegAwIBAgIURv1P/PZ+Gznq1ZZ0BjmlKIjEHLcwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkwODA1MTYyMzAwWhcNMjAwODA0MTYyMzAwWjAXMRUwEwYDVQQDEwxjYWxj
+ aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDlAyYrTSe
+ y4izRLv548RXhItJJ5VO9CQoV/Nt20rQJrcFsJbCRsH3LCvY9VfqC5jvtPYfFpTI
+ k664JYVDb7CMi/A4VjQN7hLuDgYe77zyg/BQoCnIcsViq2fa8avRNdJQNbdR4JWV
+ dlzvIpwbTzP4H3i5sGDp91E7jUIpJ3CNL3CwGoI3s+4QSiA6ii9T45Y5o9Xg0vwT
+ g6olYqIXRfPcG4SRk6sIE/yFf0a7egHYd03GhMYhz5/mk5ltYW/Fhmc1d5UtoMNx
+ i3/I5cpagCdzVtpp4eRB91IekzlwN1f8X0lUNQS+L+FGmFpOfTnOuIumUNS/fqrA
+ LrRJlf/Ll1sZAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+ BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUVq41W6/V
+ cLmdtvwks4AS1R4v3w8wHwYDVR0jBBgwFoAUb9gMAPDrJBDy4fq9pWYH1fzKjYww
+ DQYJKoZIhvcNAQELBQADggEBAK2Y2uxccfaaZQxHPtg8rw6NG/QVaLRhGqVhZg/c
+ l8KOE+Dm+wrgMLRlkIERRcKn6r8DxUIqFV+ghWW7GUDAdeuxrSdHuCXFZJoGA834
+ ksUTOSCOQjHQhWBcJUgAXtHk8hm9zaN28mbx+YS7va++mzw1pu5MK3Tu3XxgbGHR
+ EWg8To4p0iMJprypnlwIMwSw0XO5AUdzw6ClvJpdjU/aF8jBeJ/mubdu+MG84EaM
+ EskUFBQV2FzgcVAg5zh+5ZwRy+hWaOM5zGB0K0wF+hVcCuJrxtzZxoG5tFIN0tRy
+ TG/WnKaHw7Uj/hE5HT6KbFd3Wboxr6uzlqExaOSZOLq4h4w=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmTCCAoGgAwIBAgIUSWqXl4uMdAv5loIW6a5TbNVxLiswDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCYxJDAiBgNVBAMT
+ G2NhbGljby1ldGNkLXBvZDE3LWp1bXAtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD
+ ggEPADCCAQoCggEBAL+L5bQ3kN/cbHz8Jky9rz/XBUeYyjztaacS4VNzz5+/hNaI
+ yZSqzN2yRagTJZH/m6MdBSmI3KIhEoHvHZNEO47tnL9J9sX8RtwV53mfWroHhuCQ
+ 5Z1FuswnR2I9yhaPvcXVQhPGxpCszf66Cm2S6JctZzKMUkRlPb2XV/KCWluK9Dxe
+ 7khQqpZOVJvL3uHrKfBQXIgLlZXxMLTz2s/jMDeqDsrhxBi91770YwRiVw5HX4Lj
+ R8gMJ0Y1NJ9fdeWOJyllfP8yfcTdUQ8JQIzk2vDKpjRopqYYUT23brQN7EqGK8uk
+ ub9AyHgmuZOKFg+FXmkmXRi7qZZJaTAHaccEoQUCAwEAAaOBtDCBsTAOBgNVHQ8B
+ Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
+ /wQCMAAwHQYDVR0OBBYEFKvkppVjL5NHRRPR1+MXWvg63lMCMB8GA1UdIwQYMBaA
+ FK8A/IZ1Vcl5VxHpDs7eOTUgtUuEMDIGA1UdEQQrMCmCCnBvZDE3LWp1bXCCCWxv
+ Y2FsaG9zdIcECgqsFIcEfwAAAYcECmDoiDANBgkqhkiG9w0BAQsFAAOCAQEAmXcd
+ NMysKMi+YHPGipz9+Zj3P/c8bYxGML5eWKoYwrrbHGNNknwTKhvRTSlpiT6+u0xY
+ 0aUrUHazM0fuum/hlNf0PZaIUDPfi73Gd1Xq+BxEMBpmewEuHIbnZdsP3OQ9z8Kz
+ JYpGfpIXb3Iy9Y9+O4KYAH4YUfLjBKg8JoACrrzYC96sN32SzbLOy7aGojuDCZ7v
+ VZttvHJ6VkpakR0bZjWmqMxb7XsAcyjk+/2uZickt2QJrixKsx/cHby7/c+ywhwt
+ QAAA40sqJOYUeqhqDPLDnl6gXyfJ3JCbMzKsvu/FRgGd2GbKgNCMDVpSElVTDNuA
+ GTW2U8c1AII6JfKdzA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-jump-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmzCCAoOgAwIBAgIUMM0JvwRtsl6bVW2TrQkK+QUhPu4wDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCcxJTAjBgNVBAMT
+ HGNhbGljby1ldGNkLXBvZDE3LW5vZGUxLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+ A4IBDwAwggEKAoIBAQC0UDXQP1pR78DZh86E2fOXKiAVcorEfg75dP/pFQwgj7D8
+ 9N6bdclTTuVy1U8xj6HlJA+7WeGPq42WOnVPNKldX495PRCHMKUamYRguBUvgDHk
+ hYBXhhh8rFs6PqvcUN0y0jkUcy9rrSqRyK093h1BDPVF/xicjw2XJ6wTevDYrUOD
+ zw731Cs2bmlVgqPH76uMznrXKaEYIm14IMW/YCSD6s5BT3oZQlKhbfPYIHSyJUCV
+ TCffhLF0RiEbznsq6gaS5ymvUdf/nnOeYqtWJS8OV9y8B/HM/C2fWIfmzV8ZHIno
+ z0sNa0XMtHGzryXN5g2kH6Cv6iFypHzOrX8J6WRtAgMBAAGjgbUwgbIwDgYDVR0P
+ AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+ Af8EAjAAMB0GA1UdDgQWBBSXthiFCby/8efbtyXaBlB5Y5aMGDAfBgNVHSMEGDAW
+ gBSvAPyGdVXJeVcR6Q7O3jk1ILVLhDAzBgNVHREELDAqggtwb2QxNy1ub2RlMYIJ
+ bG9jYWxob3N0hwQKCqwVhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAB
+ uRVBVY7ACmusaDqmVMWGwOc4TlCOufFxj7MZULoPrMQbYSdAZpVdSXjy24eAZXdG
+ HXouitQgAPTu/M7tMFfQCUP8XYHaMl/SCcOLsTlEOQeeYmWjst/02ymswFL8Y8X5
+ +x2m3FSzO6QxCj/i5gXp/xmUXTn0qshvAUaM/mK1PiR94Iue1cHzjA+VoGi5/nsM
+ e7sTjwM3JBrojwr9cNmCPlMBAVymIYlc8d1bNst4bX/3uTJRudKK0zdTVNHFa83T
+ F/NVsDwzIRzuy1srNGkOu6U7+l9Hu6x/0SsTH4nGKBMldA42FflJK1ho+hnV8PjC
+ K0N8RChJ4jkljGCAHePB
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-node1-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmzCCAoOgAwIBAgIUSkpRUJYqQ/QIbowiYY1EVFFYT5kwDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMCcxJTAjBgNVBAMT
+ HGNhbGljby1ldGNkLXBvZDE3LW5vZGUyLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+ A4IBDwAwggEKAoIBAQDA6m3jH0jFh6fTMg/Mv5T3CY4mWzAnH+RgaA7UcgKpNSqf
+ GRWs7Ju913jBZUk00SvTCG+sKIOUtsd+fKDJfCRALU+1X0cRQHDXgAg+NIXoOGG8
+ WiVR4rQ96TjinudePgrW3tyu3V7E/gmKC3LgMB73valxrAdKqSDShP/mYwqqO6Ht
+ 2xG410Vp42APOOW9VsZBbtZ6f4WMJ2zpXCw9gBs6aA5xs2wGm0JfWLOfBcunUvSx
+ GNHFbEU/OZUjZ/l4Hu2xK3aaCyg65k9NBsvuLXd4bOWqw6oTFavX38uVVosv9A4/
+ /kGYMaDorYUHcF+M6YeJjixj4RDpb1uaB3Re52VxAgMBAAGjgbUwgbIwDgYDVR0P
+ AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+ Af8EAjAAMB0GA1UdDgQWBBQQe5Y4COHamJ4Sc3YlW94B/wCfzTAfBgNVHSMEGDAW
+ gBSvAPyGdVXJeVcR6Q7O3jk1ILVLhDAzBgNVHREELDAqggtwb2QxNy1ub2RlMoIJ
+ bG9jYWxob3N0hwQKCqwWhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAA
+ +hOEObAmt9cN3bz5nUNqUTmoc/FihiJnFq/2/iu0SMTuuEPJtLWPxgt+7pNV/zen
+ PJp5ttyRNWFX/b5RzNC4piso8MJDiFh3if+4niGlQ1MKEXlNWQgUQgQeQQ3onrhJ
+ fcSMHZ6iJ+O0gDfQQtv/ZsqBMS3w/lOFJBLsTPsnk31dcoFl0EU7/R/5OVMUoxzM
+ A+OA6s/TafxzmauLPUDyaMuhEUcRFJ+vnoz/HzojD3sADXMJIr0vDOQm8ly39sxm
+ fbyW5Bav66J8m4NmFzFV32qILvrXOt046+WKW1W+zMfP/lQyU8PIdSuJp3n8mI7v
+ Q6f94camDu5jpUjj+Pc6
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-node2-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDWTCCAkGgAwIBAgIUQolLUlVe9jtOatwQegOgwBX+eE4wDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTA4MDUxNjIzMDBaFw0yMDA4MDQxNjIzMDBaMBwxGjAYBgNVBAMT
+ EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+ AQEA7xv2/Y36/LeeUMFWWJ6ztNHw1BIEK8EVjQumZgl3fk7yXquv9NFbto9LXQo9
+ Yib8741Q6BFtZ4ID4n3h/c65atA66V4zWnaVivs7UVsIoHGLz7lwrb9plkHIN118
+ o56ipWWcojiUfulAHC7wMIklEI9F9zOhRlzgvZbGpy5dSGQ6ZjqRlWkOQNxVnvY8
+ qqJnrrC6ucPGZqibhUo7UaLS4qlf0Yp/TjGsJjYsNwTACFUZOMpyZZuqoC8vLVWr
+ NYMAZrMSoUalP5NNrKCQVGBj4saOIFDNcoWAF/Xdd21TTnYHyENrEaLrfBEdiKL/
+ Qjl0/l3YXVZ6IMNLcn8PVQQ3NQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
+ VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+ BBYEFL4u6Gx5hZrTzP+wWpzj7STuOi3LMB8GA1UdIwQYMBaAFK8A/IZ1Vcl5VxHp
+ Ds7eOTUgtUuEMA0GCSqGSIb3DQEBCwUAA4IBAQCulsqsgGGw8DxUyrujvxdOSNqK
+ G1RRsLdhLFVbgAZT6W8EHE4sfGTkhSZY9zpV4O1TWzfTxH9RsUa6VprE5mqn8Rpm
+ 0mCtgII7wEtLHMKtoTYrBaWO3tfx6SgBB0DxDrr/kZWQ9tfMpMpKbhGMZa+HacEi
+ wBwARUinvzoOYBwuPOtzWH+Yc04j4aMcqZZGw9IiCQcC9tnXMhsBslyFhmLjoFla
+ dUSdQPwpVCdMwpNU26rnxtWjUUpX3pT2BkATvfY22Z5e6ZZsaX1zTY6hqMhPSHiq
+ rjjAEbBvbGCaD5obp+9+orrBH4fg9ljRekJPmiSFEXorqlDiUzYtg9URuA5A
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEArwDdGvpYwHpV0z6rxTAB0QCu/OdULCVO2P7sCkjUi24bK7Qv
+ E5h6d1Sv30v79ehvRZIanz6xjghiQ5mqIa72ogeZMnTh9j7GmWZwgGHOp6QSy0Z0
+ IKcfwbjYwlAqWlvlZlcueRsuIu/TN70ywsJohJgCfE8FwSvIe9alInVf+IVpTyNT
+ vvU/JdgL3kLX8PLl3oLjimD7/Qftzzx0FK3nTbFGeYIPKs8zGTBjYyaGJkJLA1X0
+ mrkL9EQBgbvRGM4EQBMsLSyqFofbXbxNiJeD+TBFxP2lbP2OvSPItGE3odHR/QMa
+ Rez+2ySLpiP71+glCILRLZOCMxxpMH5RV3PCVQIDAQABAoIBAQCJ68JV+qtrtn5h
+ Z+j0FSu5TjKa+q1pxVVoyy+3w0JPSM19Ghpn9Sm/ViztbPL8EN1xFP6KNly0tYLM
+ CBT/SubxN8/S5i8XZM4cI5HSfELj9/kf3zyyZ0Qt5sJeEdPvNrGKgHcN1w/7VMtA
+ CIoy2AiLR0neMmE0po7wmm+2wo6KSzvAOg/84NImL+NetMzuFzE/ACi7vl2KIbPR
+ RmXHBM8h1tThMt50Zkzs/Ax87cMme4EAFd84+7dJNZqYGDqE+I94XkZiDIbPwmxY
+ mbH9AyeO+sOYI1mrQgOFg8/M2U7SkzUKizOsqr3OtsRNMiiDC28wRrJAgYSAuX0A
+ 09ofBRaZAoGBAOWoXJUIe2JQwccMQqBUNW5vXrgtyQ8/kJIit/zv/NoE+NPobMrf
+ 3jxexNAvKuIgWzmaboUwaPTcqrQsr1BmjA++cTu/bJhwCbSKNd2DYypU6H+oqugj
+ ui0Tx3OSsKGnfVZz2ByXUHiEXEy3mbIoaxxs1YNgrUNryTqYTK1b0lGzAoGBAMMT
+ o/WqRO7FCbELz9gd+8rFTpP2fELwo+gk97ys1QZkMvynJn8/jDFdzKT96DD2jeJq
+ NU3lRwTCOYjmcmJbYsEuzUZIUxy9z8iegD/AQ8MI5Pq0MZTwEZhc9ye8vdI4Dq2R
+ PF38fqy7+FF4FDyiWqeVE1gsV3mZtLdUxa9E9cfXAoGBAMEGOAJ/JY0lySjukhVF
+ kb8nVhpBSUtKps1c5v1uDDyGj0k0gjQl4xkkohFEg6uZfHM27It/e8fKrKNRJ2zR
+ NAmLjIqmQrUA/fdDbzCmXLPYt62Ma1E/rhxzEmF+On00VDFUnqCxQU56GUXVzxWh
+ yR0UEIUivZ38Ox7HoTLYCTbnAoGAWghriMtf6y9HTM4dzCnyduBfZszBBwgXLeI5
+ 8Ht4Ce4e1hqzGtGSe4pGE/QXwNlaHKBWH7Bs+ZZGhZeOPTTePDjEhuaEbWRxTK9S
+ k5nB7Hbjb43QwGOYS1DExTNIDIjQxWydhucs874BWmBoPp/T5TpZZj141eeJz38x
+ ibXzFZsCgYEA1rxRbGrErVcrUBLMWIkmwMH7O5WH7ECfiFllHp7cMIISPxSepCFc
+ bONruM1Pbc0Vh3DGjpmCwTlgQ1pcgzZnKWyjuzYeWt/1cTiejodxORVdpEmIbCVC
+ 5484mvHCqBhF62eNJsVvPKhVfFFt3QgC04vUR3GsfvVqYsXKD40XIhE=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAmGydTB+pOnbSQfOlz5oxl6K/JUphYgThjQ+gpVZtS5BlCOS0
+ YcfM7zxnN6iGzO9RVnLdt0bA8jgfA+N9rwsH9/qcPHVqoSt2yxXnS1DJ2XW3SBC0
+ pS5QMaTkVYgZyW5fsxeS0Vmgl7au04OktD/2dM7fCqq8p+u7+0CY/x+EjDRPd+/5
+ 6vTY0NG/GFvImkJ31H6CmbSDD11243ezY+WqJM+kR1BJBnNCVXXIXqWsntHSE+ez
+ vFtwZKP7qRqsvNfev6VPTxBGBbv7XSTk+kehoRvBmhDXF1EK9m3T4bnGQA6ioHcF
+ YFt8AW/13BvfyH/5U6jhxl4FWNvKjSKEFF4NSwIDAQABAoIBACtk8LtVYDZ20ZFZ
+ LmGWQnwrJ0QUkvj27sfcJR4tJtyWdU0832XfHicWCUS9Q/NgRsXX2ettx0yuUZYn
+ 1AZbm58ryAMmYn8UArP6vmigzXaNnupzZxqHvukDSsZXAxBnzfMMyQ20+JV4uvkY
+ x3FRrHbA1psQ1Ljx0gjL8ULg1Dmd0m/E2zL35Iw7imNl1q62VwhRg6Xzo+AvbYYb
+ x3seb1mpyyh40G93UyNZ5ACmy+OKURUY5N/dwiKR5SBRrG2KevtvTIydR9nXKqnv
+ YNLm+6u57PhwOtZSNyVteiUAAmi5t19udXoLWap7z56iwanWDQhydOpMf/2ux9R1
+ OvDZ7NECgYEAxKh3gsdM4MLD8S2DsVVZSPH3C0rql8o2oDzH97gfIhW+IH6mJT9q
+ HsV0K9lfe7jqDljKY1S1w6AWYfAE6BNUhf9Sd2UWYvIN/iS9Wo4vVo2nIVhJ86J5
+ P0W4fPZv6/D2KcXYcugGvNk5U8yEdrJatUOV4W4Gur59w5ZwMBDGPD0CgYEAxmsn
+ oy9bzGvm6ViGH2Jeanp21kobJc4J3Uxb9dyYQk08F6lTtvD/K1/AFyX8qxbwrKkr
+ EARiHUXNIZwDgm36+88HPilXJ1XhroDnYR6FXVeZDvpGnD0YX1RVFM5yD/leAcw+
+ E3b5njrTZ2Kfqo2oCguGpdVRFfDL/cD6ugMkYCcCgYB5aLg/mOMxb4ygfMTs2hBB
+ JICsDBhAlaqbymp52MX/uQSj8wyHulq9nJFX8N8t9r8pFE/+evGsUE0BMbkVvblU
+ 8IftBg+IDn/tAqmUGmvHN7SStXsSWqAYG+cF3u7B7wVKTMaQSga+2Cy4O28cCIhP
+ l+YUQmUNLUVfVqT0R6ba0QKBgB193dVee6mFvDugwca2a0wuSa2ONDzJRCQVbnG7
+ yRHJww3NSDkf1v2ObNHD/qs7bKhtOI5X6HFrZ5MASnE/gZed7PirUl3xYOr8E+gW
+ jkISfBiC0K32UsIQmdjO2ptPOE7SGcPw4idHnRZ3zT2fcoOTtP6/Fx9IvDlKTroJ
+ L4XvAoGAA7RWLfFfZH6LtoO0VLxaUN3TJ3bQ8JPGOxbo3tbJEwj/Hzm2Svh+z+ut
+ 5bIh0UFvVvanC03Z8LXe514gvHrsTklCcWidKOIsj+ncxqqMRSMvnFTeIJqqZ0Op
+ aDGADTQC0Nc2VvRq9CwRhO5FmVKPQvFcp3Fu0hVMUnk0wbakFz0=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA2Nroet4p31LVFgpZEyskMv8QMDnJf2y9qvYw4H/vlldrJDWP
+ MKe+iXeGyik9c8HLx+KS9TsW74yW4XFIUGRvAdKa38WuQApq9pLMEfOHKybdKbJI
+ K77rGQONVxis0odVk2S6JENxNHCwkL+ZZAf1rNrI4pyVoTvXk7AiVKnfSPcyF3Q8
+ 7KzqhD/jzoooE5A945lHGCnTmKJ8bP6hPOpiXaKGWe8u2D21+qo/kMgn0KeglFFQ
+ hFn1IcUfq5ixJle4fNZU5mdKeqBYHrPL2vHcFmo0Pp9lDp/XCnpdrs4QVUJnLUQF
+ D7xm1mysI0CCCuXNQZ7nr493itqch8yXw6E2RQIDAQABAoIBAAaTJIdNIxHdTg6c
+ A7VcEn3lU9VSezR81IdRbYvw9Q+m2N3BLfU4sMM0N4b7lxxiXM5TpUcAIqLirVRq
+ fdnKIb95Zi6wrKbOag3Nx5gnvQpm5D+2Yw/IexJIFEn2uo6rgcG1RRuCW/VOEVxi
+ IsFwqFc0TvDn9HVt/gxBQ9kzSUzJ+5IXItJQ28d6E7wLQ7HFau59ywt2nu/LBFPD
+ QZyaTG4e3JNnzpc2R3tCoQu3WGHr+mwadpRinvQ/RdpLd8ZI2t/Yv6DqBhXZKnlf
+ 72T04c3ZuKO7dLIH0PFc4or7PjSvfcFCxQpVjXV2JEO5CGG9xbWNlfyWQuuWGve4
+ 820EuQECgYEA9x2LZVNJdj6HvuVtKUiunXqNZHm5LcX25I/brKtl2GV5uLEay/Iq
+ 0bDcKVwuHTuAOlcHomb9Mb5MggtXHEPG9rIqKNVcs19ECAwitSPqieSn5WPnMLp6
+ fW0m3nTH3DsPZqBB9oo+ouTtd0ukeGFL1WVmwmfajjF8aXr/uP3DfMECgYEA4KbY
+ 4LA744twWr/Bruig3BLjv2nJ4WvdLh3d2ajZT0tZzPsbgU1KEtuigBC8Cq1UMMLo
+ MOd7gvyhL8iKfqDG+iHQs2OrxBZusetY8gKe3V+OtbywKVCZ841fXLcnKWsE81AA
+ FdoPotSPWK0vBx1oDNGd25AU1H8+LSVKNb385oUCgYEAkVDrZyNqIMG2u9hYsB1Q
+ qcSmnv5Bmhw/CrtaGBkWpAFQaf6j3mjDK1pQrXXKnGAgEK6bC7J6lCTvAs4+ZJ2q
+ w+mThz2o7MZJ0F2qj1DWnE49OVTdYDdYzqdAYzLTULveW6BECgHTwaDT0AJIbo3w
+ tUWS/yFpUZLiMXkmJhf8PEECgYA9VbBe4B7pyDc7v6D8xSyuCUY/C33/2rg/kA3z
+ EEOMf7Eb4u8mhViU/3xFZMxCSgJzcbN9LqYtJBZJ+oG9gt3wiuz1HWBXIBzG3M+i
+ +44uOJm5CrQ6A3SU52NC6Ap8J2jpmUz8qlWcilY8ysPNOH0hCtYDjTnyrm7mWokB
+ VUbIFQKBgQC6TOhoriorfTk5sz44+QpjePB+vcZWvV7NjXn7Ky6xBwvryUo+yhIB
+ DlCToms8q1JZB68kLt95r9xWJFrDmLvKy1yMNmLJ9qF2HuGmtEgr15rlKL+ea5Xz
+ Y3cMY7J1tfL0+/+3rSSeot3CrhBBAUo0m8yTWejKq5KpKFltsdUARA==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-jump
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAq+2bIEDhxqyewMFr+SXVIJdNSUL8XS7B2eR4l5VGTpBxwSm0
+ FdrJ0XPdzBtGzZ7J+0Dz+YU/EnL3lXMJGTrrB/4UIIFK1/eVGtxYnPZ8m3jaKx4b
+ FqUQKQc+fF1OpfRlkJvppm9sgr1va29kr20XSGYsVkjFD5bXZRvCtHR+cmST2gBB
+ aVbV+sEkh9sz8YCPGQnitdHOHoBAqSlwisjQRzAB+xw7FMJ2AIsyhz5WsdqgiMwY
+ XAn4QScF/f0rmw0b/70rMhQjUY9CBuyBsdNBkHePbX/U2KHyD+bRbTDcZggl5vtT
+ eoIPKGlkYWr9XtQq2sl1nyjWWz+Epl5tXbLGWwIDAQABAoIBACsQuWq61dMOKjXe
+ PU2LTHd9br6LKOuuaqBJums92P6U7+mSqKlQxHzSqRwXOQUIYU+uVW6LEeFtKtck
+ mYLYX0cBPclmmXi/a3nu98NZepz3CK8EO4TQk9uzFNPSC4FGVqqCY2RtRKD7Eo22
+ uWG30b0w2qpCUBo3jnylF4BcLdA5N/zojnloq1qslv7BCQi0H2u+ynQwzr97CSGS
+ 1d1VD0E1FOZBkxcsrvtggQh6ZI4iY0wqwSte9Y/y9cTj28HgYLDp9Szpro0mO5lo
+ 8WiDbSM8cErTGEolRsp/PqrwrbZL3DCbrAS7WMNVMICKEWlp2huKv1TS/FBBIEN2
+ 4ZZrLwECgYEA396fEWu4TX/xquFIC45mU8rthy4YsaE/zRp4Nd0jt/gycMqjAKf7
+ T1bja4LZU4KsdZ0ICBPUzNnygFmv/4OU4lHR63vsIuDjQVolBue2j9hw06pBNRyK
+ Iurx2YhQoCjbi95MW72QSucA82ggv6nj8LeWfgiWlqCVGirjKJgHad8CgYEAxJqP
+ a1gUulSC2Ulhof9XfC4zdy348NHu+dkcJ3aU7gsOMHN90r2focvYvOWGvi+SMy1r
+ B3QesufSH/e88Z3EiUD3IWnSvTb1uNIiofC2Dm8E7ozMTHDHM7OVgvaZ/MEEZDG6
+ /zeW+6r71+7lKHGk0cHQPXVZl4HRFRPShPBi6wUCgYAbEHvkjERMwkICKZgfJYkD
+ ak4LAKyllNv0vNV5lZGC5TOb5TONmcFNFzEJR1lkujCFS4W0DEm2tkaV88HOPycZ
+ sVCSinnCwbNXrEE7s3mjrEP/ot6dQCUHEaZJaSxuIGJiZ26NzL4MAB9iTd1frndL
+ G7bK59jkvucnsbWiq7aBuwKBgHmiLgz5Z4mH85Q+5Bp3gUagxtJ7LMLA/xqwicyY
+ frdvO44aRcP18ScGmMb1MhHEGK108fygiMWiystgWBMbypYoDT0s3WaW9BsuVqLd
+ 66SuZty3W0YHmBaSinOF4esP94mNguWXHOAC/uCvOjN1a8UiJZWAXrdvZ02k/9+j
+ YW+JAoGAR1BbnZ3F3sxMtFZBFmOvjrQGCDofrI3onAt5rSxtTj6G3IAgqMbG5es+
+ MtTvb0rLW7fnOvg3N+Sma33MAgAO/eSVO/M4pg+yqOPuFEROiY95pKvNadJDB9UW
+ +iYyU/0//f96gq/V7YemZpC0lFylbeGYmISNpgmB5rHdh/RMVKw=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAnIF/2CoRs0vcWH+njIF1sY0GfYoFISGOHlvFOZBTprJUSkCx
+ 7x06nit777GM5VknhN270sjOdcYmCUfpCftIrhyswK0++sfte7KeloYN5ziIBKcK
+ 5CltPBjiX4Q+G+aMGPdCaq2GcMoIC4iJ9R7rAMMRpBXzlxwPcbzmKZAfzyIMAVeE
+ fWHhurUUAg6EAuuFI/wFcLaHF+S4FlGdx1n7JpOhk40b89S5zFIYveEfUi9NownD
+ 5She4vRZACC3dQ9CNsaBK/Op/3r7x7Tddd9AO5E/mZz9sY90DMmIe+4hzAy2Cnon
+ D0eFqgKdObSyFML+yEfPnDX3JHcznCU7rz0gGQIDAQABAoIBADDGp1puWg/gH68x
+ Mb23hz+rrQ8pGcomlA1gGoqDMZ7tSxnNKedU27T55mlgk4HTFF7zYBskXDwWYjpY
+ QAfNWexxoWF3XP55mskHdSeCZgje9H1Gtj0/r/yf4MVWCKlXY+hP/1IR/KlgPbui
+ dSSA20rkgLX75Wv94c5Xyf/AHDnIbNBiHpdKvMk1FE12eb21l0g5p7RDM84ANzOi
+ 4HkC9UbGLUz6WvxTpqsBkb40+1NJnYfsphS9mo/nEpGlpZe68EMu3d34Ip+W8vyw
+ opik+BuUuuVjcXYI2uXhoe+Y2aoE8Djal2HPHECT8PnkkRP6ANF2HEW1tUrocB7s
+ zmRbuVECgYEAwWdlMMpifq7PVkLOm1oLv11nfjMkMCiIdewEunab2KPCI+MDUNbw
+ lG2aqgkIhEQt+djucz73kO4TpmOSFppj++4+AlCjW13fSW1QjTf0oeRMFjDCgRah
+ mlWxUwJ52XQUFBvSMd6HtI3wEJhCA2ReYP1OSBx4x5J0lTsWonO4670CgYEAzyjk
+ 0OSNNEvu/0deMzuNJpm8TGiWnNuU/uyLx84vzIiQypGyfZvS+ZTouwBqPXmbflwL
+ 352iVKMMz24RLQnWzdVVrvaC/5W+ggpU4YQZDw/OJg/FwgkiNFMIHjJQ2/RFXE90
+ tGYfvHVFp5e3Dcmigpn+e8HXfnMRaHRsJVTofY0CgYA25s8G5qzHIYCiEBzuZMVo
+ 8W7rmEDxmtACCZneBMWA3hvCbDMIw7tPpz18f0v3oBMdFcO622kTr0HMvf8+g11W
+ qu7XYWS+DwvPoER5kiTTwCcJNZZBZtdBJIpN8in83MLGYo9ssKr9Sj2XuGEk7V0N
+ U1rhhZOTs7N8mWV3gDpCUQKBgQCJapYGH2WvaCNcgSnykDE8hsRKZyJpYJtAUwcR
+ /irk4T4ysV0WR1Q2rNmImmje6JkFw+c4aWdx/0qTGm8YUiuEFFynF+yjv+BEgLf3
+ dFnvDMvxoYrMAKUI0n9TEItkrG+KIUbIF+o7aAtRdak+4x8CxUXzMA1TWt8UTA4k
+ 4WLrTQKBgB47ULCLv3eRs4+2bFddQkP9H51QdLBvk5EkPdTaPLFQ+mziNEOzLZYV
+ eTbk8+cRvjV7GxVitPv58EqipYUL9Z8PP9KQqjUEzxJgU+YvnFpPTbLIG2s1WNRF
+ zEsXkNrhSB4tq+dAVL6rZbZXGv6wPm/W/wNk9X6Kc8qK4SP1xT8U
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA1T2LtQdDI0nZYUtRffaLzwteaMHBFu3GwPZg1osfd57YWhNV
+ GaPfJFTgK+8GOAuNmEtDB2ZU+QDqz68CaR8MAtVtc4A3OfjpSp3d07pvntr7xVvT
+ 4RaEpGeGcJYkyDsmCKGg+cQCnJjmhUmyLYN5j2wU618OlBRxmycqTfTbxPx/GjHk
+ a0CfgwOjKjCodJZlxxKbXWK1Rk2scE+AMbGg2KRoGNVh69OwXIHdZ6OHKFpx2DfV
+ YP3/NLRPrjXm3kQ4Lx/oAuDhIw9/pFfwgn45BWBy5VNrKGE7vFhH6RvBwsWa66bw
+ exHV/JMmqgDY3kIRIM8nHx2gycsn/Ga8NAt7oQIDAQABAoIBAQCYcbti26I/pBfn
+ 2nST3KHujm4b7gggYDRq1rg8KJGCbui03IVGI0TvME5imiqT/o5nhcaRj7LHoMQ9
+ XRwYEr3/eJ0aqVrR8wS0908SgoIxytObMB61F+gTsH8IFg6Nptt16Daw2FQVp6mF
+ OD5NE2TgB6Cc9AP0EPl2tfUkbhx/IcT5FxP/BwzNAz6CpUzMzFxmT7C7xiylyy8u
+ I7dcon/ixyif4QLpUJqPDtfM3xGhVMCRqNMbOIIFb/+tfno9K2Ut87Y+a9JfJ40T
+ sjby2KDryBLsi+VmEkk3j4WYqObZSJKVGjFl0uG9CeKSw9dX81Q7ZxoaTMjHWoce
+ UjOaj+xRAoGBANu0wU7Mg3PTVxNQRvnZF8HvFESPrG/MJgKDm9Ck1zGlzwWotqsD
+ /12r5c3HlUTfkYzttWBZqHEUPB+GHkokbcrdJUETxYgJoj1J1c7xjgUB2mHlZ7o7
+ 8M4VIEMQ3reebK/fUQJ+fjj6Ey7UWPgFE7MkH8xq4IRRNMnZyE0mNXajAoGBAPh3
+ XIlY6f+UkoMZS+JlERdF13DFgAW5JR+GWyN+ovuSsw1KwlBM8CsWq3Q1VrhOCf42
+ UhXjlG2jWrhVY1hL6iDcQexyTCX2NMgpEuQlFLnWDsLh+/wvYtDenrE+iHIZbCb3
+ 5WEPBYeMLFlUtrUBmahTkQKHcJvvUDI+Xm3Cp1zrAoGAHfXbOoynDF9wi2CyHRYe
+ qEKbB/JzuFclg8hAskYYVlvfDE2Cg3WrGDH9x38E+vxl08sCpd30G1+AB2h5rvCi
+ zDw1/Vbd4/w0VJlB/9Nu433qMtleuMW9w8ybtqmRRYbkGWOhn25ydgCcJxGsBD5k
+ /lPZxj142nJceX4qU2L3fXMCgYBpYJ4zdi1QAyAcT9c6PmkAONPFdU31n29aLm5q
+ 4GOZVL9xrLo6ulbFv4iZ8aFE63wbf8hSlkG2OijYswY+RXwX0bJ36IXZN9Fs7taf
+ QgbHRjzedF+dti8vrKsbOw09bwDKiiqTfn523YFVpbMTk4kqtb5zlyOwTs/xbzg3
+ Tu4SXwKBgQC9oIiWyXsasqOcQHoD64dAziSFWvcDoPu6feFOGiMSwcACRJGVU0r3
+ 6U8dlqVmaKRa1Vy1OlWs4W7qHutZLWCzqhB8YQv+iJi1wPt7WWxbO454dJMOBV1H
+ 7dQlpucItzhIq05+Al4FbJoVsyVrPrOan514/8iBpsNE2J1hX6yIyA==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node3
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAwYm+Tt0HhNllQEZfGhs9JZeALMg9qCTYjQnHBDO50bAE+koV
+ 6j41pjuDhj4TVHudg0pl3FP9hm5Qs3meIiD6WJ3A6gtXvRuvIgbwK8OncK9RDTPu
+ 3kNwyFkbdcxMYE0X22sPmgjxRCTDammMVWJMuPFmN/Wmtav531LmnPFhy7Tc/H6W
+ jX3Xwpn5PXz8h4oIEggg+IWePpL8AXeEBtihZK5qTB94WQ2HMMWZG3mKKcqh1XPk
+ HqEN2s1g0X2ICl9s1koJXgkSbZFreZolxCxrC4AoiMpFLH1TNzjgaBFU2ZxeMc+V
+ 5M3+eMQASJynGY5IMPJDEYiTx0Ua1HbI4Fad0QIDAQABAoIBAQCaTlRpVFjWVu4f
+ XPweOHF8M1qCWfSuxxHRAWantwYEZS7Sz5bBeHAV5YVr1rpatWRUdVDZZi3QrMuz
+ DNhDpb90P/K7p+eAYz4zBw0eF5S8h0s8F5fvph2Z31HBje2nKlBHJQj/avnRtu4H
+ Pbghq4o4Ol+hZj5QwpkqsVIk919dpaTYnU3Z45mD3+wxxQsoTx4pV6hNyB+11VKI
+ j6/kNLkVcokEQ9YvbPp+lf6Rqg3k/rwrxN9KLNlllE0SG7Y8rxSWV+fGIF4KTSZC
+ xgIAF4DodrXrlUuTNzCSqzG8PRGGoldKMq5Tnvj4NRZpLpVK+9MguYGTpPcp5ew2
+ QOU1jDpBAoGBAMXx7XMbgfNeOBGnND4Co7+Mw9pfdw2iFlTFYfCjEjKp9ElHVNyp
+ 3CZKsB9hDhsh4BLK7VxoQwn72OjQ92ZxevkSjOpaQTMaU1aLUJMRK5oPM5FKXSGw
+ 84EbH79z6pIQnUZ8nPsRHgK41c4xHKU1D7wqmSkiIOZzR4kUpDpqX491AoGBAPpM
+ 7r4rkEk+Gg96m02hwVmMZCcPB9/4jNa/v3Z79InrfLLoO+NqCblD6d2jGIUBEt1h
+ BeXX0bhKrFZrhYWjwzB120VlX/JmX5wsIqEc0kmRb9CsItRindmqTC2EtQxp7jC2
+ G+2YQw76jjv6MnfcYCQi+gX6vUi4jwevagHgjEVtAoGAHp4KJWjW0+b58zkSqpjL
+ 7T//t1JW3uP4YkpZmNgQY4fIQmFnLe6UH9Qjo+bmQKoft6htyIJUBEJRTcmsysq4
+ w7fr1f/538atp1BLOURJoz3AszN2blSphYnFgl6SpN8vBI0X1vnR04f1gjw0exVX
+ BrrsD+G4hwzDvt9Te7miaFUCgYEAto0hmsU/CIwoiZ2MY0RUNjF0YiBOSAWJAp76
+ zzl8kpKTchB6jVQrH1nu2V04Ztjvn1JB8O5E4Lplkun8igl0NIXglG5pWetcVBTE
+ dOkGXe2atYC2Llx2b+gKgzBEs3cW56QKHnFshyIqVogWAuFRpUl1PKMxJjak6p//
+ Grtg0skCgYBnOPDHBUabmeeDTGZGJyuZgWVNFR5vuDSXgA7lR0At+4XXpCGq1s4w
+ AN5qDf4ORr++YlYmdTBHkMXRTMO9U/JBs73klKeczCMR0CIxVT76qIW7wsbRhfN2
+ SHn6rRNZdkQLy9d7x/0r+aA2Z0TSL7NZtDOyaXgOj3tu/7WjBcZvrA==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node4
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA2W88A00iEITCUL2GzVSr46TH9jQRlUF0gtQlJUJSuN6SBtBg
+ vRDi6x8yjA2TIt+fOPDUxI+GLbkrnrEByB4kmimi0jVaaN7o9in/CWo7DbnHxPks
+ jnigDbXzGV73iHaeKoa21LMqCIOLwWqg6X7Rb/m4wTmG1vU/Dc8FCRtBo6YX4CyB
+ mWYm/AaW2ncK3BRDRl0dwRcktylTelyc55VD1/qfUX4m/mG82QhlVGC4DtEq2zwM
+ mJliyQtB49Chd6tLI60KcmDIZ0RX89gfpGPdA4q+XQtWV7lZlRyNSEtxbqa5Ys88
+ oJ1a0SyQxRzyDOC3l0mNcEJrbnPFm+HpwtFoQwIDAQABAoIBAQDI+oFNR+GhxSTb
+ fqP4bThIvco675wFCzCHsVH4Y5qU2N2/QKL6f35P+FE/lViYVn0VI753RXawEsWX
+ 9GMCN6J7gNrIVJqR7uEEkIL1j+Sv5jYaAnvF4QeIRNNEczx4PbQq+MRMTKMgpX7r
+ tASybw9l4jx9FhBl5uB2ghFUfoYonSya0BrV5pvamszDF7wumtCU/xpiokCiEOnx
+ CsLldLIFSL71b5friKXo6HlyZmEsKzcGLVyjTNKJYtUl0bVwOR7RMqXjwOATLGRD
+ YxRvhNxVm6gFJCwvkvkZkGynt1FENw5IeSOWGzHwyN79DA89k8etgv2TVKhrC2No
+ kdiHqI4BAoGBAPDXnnf2rg/Ld7DW+zLodCF5Y2b+pfuI7XIg0Mw0NUo/AMBkLiTJ
+ J7gn81m6f2kOliY5PB07E/LInowRZtBlLJBleNzpAux/7zAA4hcoBTwTfOuRuNPT
+ w4t7/f5Eao/lVDGlGn1hSpbg5XTl+ijJt5Wu/EQHp2ZScapQGCEzk5NDAoGBAOce
+ eflU4vGLGATRTC989oLfkSs5yEZpIkqpnRu/8Mtvz7LBfH6Xji+sG0b28TIvfzva
+ Rq8Hm8Bp4jIcX6bp5+pDZ/0US0T5ojLqomRzOBNDLhLkJ1OwHO9rBqfDHV0szgrO
+ BnHA8NB5Gsh1atsJ3kwBgMsOubXeUl2LHTi//QcBAoGBAI9lEakDamdlEYJsvWt2
+ E47Ko3BzNYgp4pYNC8RJYWEvWdcyznaAffGbd7x42dtHIAbqFOyifCIVaLCku75g
+ PsRKZkfBREhjc5n1LKf04AkA4WOwg4c7kjW+QV/ehEPgmtxkHP2Bq9NhW7zaILOg
+ RnoMkY4/sF+vvpVU0skR2E/ZAoGAHZ2sJ6UXB7i5NTTUvGkY9aBMa+uVnGAwgrzF
+ Yx7vbkI/rTpaB6bIE5fMTwWp1rJ7bWIFGLyy2q82yxETuMHUdBJ7KtUE6CvM+xVS
+ Bek10FIVf1o5J+IzcwKV8b1w79Wj+YJ5FO6SbUR3iCRzsunK0JaIuHyEk6ePimkf
+ L3x6ogECgYA/yUTbteFtcPsoXbdk0ooD3RuwSTlfURKwxFvrmJfrUkP8FFAENRvq
+ S4jbm4OnuNoeYb4Oxf2bAEY1qWvS1FeDDRzFi2TWMKCGNjeDh8CBgkzC43K5dzZP
+ 5WJiUB8BUhcNbGrkQzJdr/nJYSNk3um6HxFwlSWhM7V6QR3/v69p6A==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod17-node5
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEA36RQastwV5f4c/UODTf28c6nzIjKlOflotbJwPejSSaBSkxA
+ TBZkyfwG7FSr594GKsInPrak8GzRKG7Dm6A/y+n7iHYx7cMiCBANpZhh9muExIZu
+ Ifpb0XpCFbBYKN/0k8JrTEj69VG/X2npnpDY8YIv2inWraSkSoH3UAsje2syZhzY
+ 7jMgTwlYQFR5AQKC3oYs/q2zS/RvV5TXhyOzMfPWtkr3TE5nxrp1tWPsLrAX9GSN
+ tP6EC8bWdmMWEm1b1ywoOJFDJguR3vzq7mCoq8SmlStWo3h1pkcy4FKgcb6j8Lk1
+ fYjmFMIq4ku3RATQ1ZB5bo39fItRAeTEqpY+gQIDAQABAoIBADvZ2peqGEeo6RoH
+ VBpfhtwRxUBsv2J4aTFaMCZPX8ic4G8E1xRFzfVsWGH5CwSDm7zntt8GvD+Hr7YV
+ Zo4IpeoplWJg113dIgdsXGqbzGPJRH/fxiubt+ToxjTNu9o8jVTZ7CM/SMJMfV3I
+ l3gTJawEfk/xcH2KGVnDTG+Ee5t0hbYu2FoksvD+b0FYLzy+FTXbAycdpmDXNGeb
+ gILCizTd/q4puNfg9812UUJ45GWCHVQZcE8hZsP7PT6EX8DiNBFwK6jBcGRqnK8U
+ RzenzyDD+fTEZratcB/4Vpc4CemZxM1nVkmnkEkkSGuomyDSXBVY7VmSgvj5ioFq
+ l4/EvpECgYEA8SMvCSnI1RdqjO0E1pMCkrtWeSfELbSosAMe9WUJ3j9o00lUK90a
+ W/KJVyGEWaAK9cU5wfVwGqxEmum3FfRcbU4N48mTOSheLUZ9iNrIXeByRe4q1FBG
+ 1tu0tmzo2Teipg7FIBipp/0K3lAc0GKIQuUjl9g+rTputgMscy0QnaUCgYEA7W0S
+ /pdt8QwiGLtB9s97aBps6w3xMTCEQnplnyIwDCiEKOuqmm08T+1/6ba9tipr0TeE
+ /lRwrlVztM1pML9pU3yxijugn0gHjR5qtfYCIZiGqiWtA0AsR/Bax4oSWJRj+TlW
+ glqGjtAksDCbt+8GSLqfyDKEyRPDBcQDZpOK/q0CgYAxBkItzrzx9czH0fhF16WS
+ R1wRTbBoym3xOvE0WtJiyOl661GdiVouj2S0vi+2OP+BcBOKB2g/Q/6+r/11DTUt
+ U80nHng8CqT693XWOQS7cUJKTV2PxLJiRFC9Ne8xGkqLED2rhNgZOyzWfdsd0qp5
+ TzSpTmGPvm17u7FxyRuzsQKBgBZJjubnQCLIiMrZiS+p+mOjV2YZQPLlIwU6iB+Q
+ DgKWKxHMTY+BgY/fM4q05Moc4VIabBmTw6AZ1Wq7fYxd630yz1eykTligZL1r/60
+ wS52Ku3962fKtl1qapsgkuhNxbS3dS93X/o3/7mqVnPFtElPe4BHfb+CY2Q/KjKO
+ 1xVhAoGAaog5dsq4XVRhTaMJJG+iOqMCELRFbaKRRneForcaJZzTvKfWI+G/x7lY
+ hTg7VoROnJHUvfJ5u4GKNaJBvXE1miWZ7Xct5DF9VTlGkiyG0qr4NuwLS4tklGxj
+ WXVjL8jecK8AkQp7km8HZCRJOk3OU/LgJloc096HcIp28GZCUIY=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: scheduler
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEAx4qVolEaF1s0eKEqkCYybqL9v4ODiX+GAglz7KIQxXZzaF+R
+ SVcHxrbeMJV1eD57tpIdm6kbcjllTsnytTef5iaJeEyJu5cxyr6xhwyQNnuWlbHl
+ 9H7LlF12eaNv94WAJ/S1I1bhjt3gj6vvXbFuridLydC9v/ELzVG15d70drVsfDvr
+ RGbBTPBTt1HX0pPD6uvaKLUwy5vLqx1uP+l75+EhmE1BmVy5c4SnuUdL+/8zqoPF
+ I/07wWY0Jq3+G9zSNeweVIxOv+vmgsUwNlNFsiu9XzzI65ngwaVHvelT1JT1ahMe
+ O97oqOd+XgYFNrKphJzvoLNVtt6/GdnAzjv1/wIDAQABAoIBAGV8gqZPgWmnpYRE
+ 1BUEmFnU5CHnjZr9FPcsP512v/juSbwn/wjCDt5uW4tyOJCzltBAeHaXB7KMpo3w
+ AFVSuSyhJQHeS57xQw3O9xOsvBw5t1jjZgV4B6qp7nvnOCc36vpnZ0lWAtpa1r+7
+ vr50Y8qHifBXDmr0+f+vM0h6oPNOZIxapny6V0XUCmlJD1BrkpPes0RLM6yz/ALT
+ 1EprK1LUGAXXOdExwEHiAaL8RyMBVrIUhQ/uXeLytqieP2lDUu9xVKPYBN+YU+/q
+ Xx3Lweu3WFmchG+8Vn+JAenhdUxiass4BZsk7XnTpIEcRnUr1RA3XJpwX9Dljouu
+ YuBOzsECgYEA2S6UWp+5vDehgtGKmS/LUDQzcgh/a/DbKhBgLB0pVItu+3Kykp+8
+ Vtcd7zryyffDb45y7BYw3qf6IZEPoJXs9aO0W+/TXr5+x6tAiQEmGECpnOwPRuwp
+ cdFVKc6ghC3L8ISYFklzK3Hh0yZKEiL5A4VqyQDF7yzE3vsy1T7F/OkCgYEA6zTW
+ hBVDRwJ7JRgia7FKv5l2wxle92RDZ/Mn/ZwyHbrjLmVjJGNvCSdOJbsFQvOMVbO2
+ OhFtg2YJSqAGscO6IO90ZwT9cLsBBBzOur7BOayq7I3t5i2D3Nw5nix0iKP95YxW
+ MKDWJxcAhT2QsoVIszTkskUEBlduZNNwdmZP6qcCgYEAlbU+Hpor9kqC0yKOX7pK
+ dCcHr3ucGlQVP5G6Oa6AZv8Wqc4OunPR6CqxP89qvT5FQgj3vzYsyc8Q5UKReyje
+ BxWpphZTpeO6kPjDq61XDTDFup4eic0RZJvgEMmWbIcFJe7Ax9wpv7Do8hxawtXI
+ wVyel6Ao0Q4TR4HxMH3tDMECgYEAkIHpHkOWDyW2FSdL1pCZ1TfrYJjQ4Pwn8dDS
+ DB4QKHXvKE1AaVXyHVSZzdKmu+i4mtsMJYcZmrZxFPlWw5b2X0/fW4AUWlN6n1U3
+ qkKSouW0KhxVQqtKLcLcX5L+kgj3cDYVqlDW4jNerX4SzavX68qei+ydOWw0Nhw2
+ J3hat1cCgYEAzaThgGbFLplA7X5Fz5fC9QrZRzYHRQPMATcaFmmRQSAT4cOgsf3O
+ Fg4pPyw9zRE4T2/BMPIj/ScJ5Z+jKoblNnZ1FKvYIp8pQQoSA/2vkeprOrXlhukZ
+ kK6ghUCh/s/gHNDxIiAdHQmnWxj6QMDeCkm2Yt0IZdDZGRo+SvEbb1I=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: controller-manager
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA0U44kUUxDaLWudfqu1ACN2Hcq2+Ne/o9+R3lsxj7u0oAezLT
+ HodOXCs3jh3HgTiUYsnVkSoJEP0XpXOeuGOujb8GrswDYaYNt7TDQsJqv2Bd0qDt
+ Ew2n8+ub4oDFY8XuvspUEJz78Vlvx73sJ3uuIXEDAPzP4hwg38/A6cQtq4SYX2y8
+ vnapKVydZJojcDlKPldgEO2uBvzT17aPBFxjHva1Znn4GcCReqCbKWH4BF52VAAt
+ MzaAhHqIluVtNjlv2dYj7/QNbSQuRaudtTySrxHWZUoiarhMjnGUGpFV4m+t6vEd
+ J1yzOPJvBsb2bxytblz4d2TeIlQSOySicZrc7wIDAQABAoIBAGN7Bx3cwhTWGbLY
+ 8gM3YuZJyCVfbuLHLJ9z21IFhNgesx3bKUbwTok2LUCJ3OIJL1XI0o4daZO+h3em
+ /YBsOHG8ooOACfdmgkyXSNs5Jp1xQwayYBvXOMWRbVT5mVfzoqbh6ZS/2Gt888j+
+ 9vhJK5lPansUrgWtEt7tkqZJDN/g2BgDiQNt6xkSMz/CdkLVUwD+xQ5Fn0Z5bxsA
+ zzo231TFiYUny/9Kx7q/LQIYwAD5e1M1xCMbdKEG8U8yFNe04Z0zXkLtOhf+dkcb
+ xzd4IuJC/bIW+pDZIAiuzmzCfW5BJd3t/5bZQl+a0+1bsyiplyC1PvqGxjkVuTxh
+ 6KtvwzkCgYEA+WTqjbATD5n/aGwUrARmeL1qb/Ax+3bTXgeileax0RfU4rGmTURw
+ EBI97wWlEMV7tXUQSGYktKFUcWRXUzTa/L5GZmTieMSlf9CAORSpT4MbQRq9PWv/
+ JBc7X5gsNsQY5/o9VgWqx1FDfFsYULUS5HfjvWdvvGuYbuW9MHw0rL0CgYEA1tl5
+ E9H3fRD8HDVmC/giW+SzZCYiq+4R07sfExHlgFHdVdxWzStwSVg4Ze0aVt08ra7b
+ lTSPndfLVIxEBObdyRCfaulQrKeR3p0gsJj8kngoldMjKEYJzLDIuYnf5agLYAeI
+ 1v6k4pHhRAyfi63aJuYEVRvcLInvG7XD+j6CCRsCgYEA8syo/iB5rirDWao/xejS
+ yqG+ShSS1LqutVDBnSbn3yVQgRNrULZcU4ku+tGIDnf1JIg/vfyTp7eZOnvx+HPw
+ 7zdf2rhFNEZeybz32Jqg62Q82Hlr26yUzVJA36SLBxaLGO2rYWBLD5myFhOp7Ikd
+ R4jhE7jsM4ic8vp/4gBKWBECgYAb1FWbnKHrIE0Xtk7+k+iXcJtQCKSLEq5ad62B
+ wdqxcWkzGvRfZRYJWhUMFtdHkyat9K1auVE1B+O9kuGopOLrjWyo44ngo2AAruey
+ GE73Bftz1MKED/Zq/icx6UsIK2k1yiQOfTOMaYr9TolIBX/xc+/xukcducwwEa5N
+ 9tTPKwKBgAzgaU0mhI6/42sMgU4j9zuOvjWvtaPGTgG7NCozoZWFcQCB9Gp1RN7B
+ N3okwosJCKnrqLiXkgDMRTZxC5iTkTczN7S+U84NZd1E3GGIsos28xAoC3Cw3sNj
+ UrhnQYn5LZS81ZmUcpwAUeViid1MpIUX9MY+xY6ezhVjSFC5z6Ci
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: admin
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAsaBFOPnB46jRQrNT3ARwuquYsOSuL4VyQ5+yZY6WgBsAe1E7
+ pZ+VjMXW5eko9DgNhLbpED+XPrEBHFtmW72JFGo5nrm7Lj+vmv3f8a+JL3gk07pa
+ FLAWIuPkN0c+cBTvOj8odrqC4dh2BjAbkJaOiHk/w2py9uaS5qIowGgTeo5bi8L4
+ y0vN7gjVnH0aQB4VGq6+fJXW9Zt3cBhyYfi4/KA5jyN/VlPPFvJTkAjksexetrpN
+ r/ZFWsRQiSFbTxlpJIvGZ2tdmREEtsfwPCYgi+/YyC1pCAR5PF488XYncufAGm/E
+ JuuaMxiTmmhnbaVIhjgSmFnnFhUuX+vAI4TzMwIDAQABAoIBAGGDtl0IKJyeUnvG
+ zXQNcAHbMNF0SfhGz6s2Yg8FD7S2njYVK6TKjqSg/FBuB5DDsRA6BotoDdVaAV0b
+ BH+69yWhB48PMia6yeJSG/6oOq03zSf7t3aCETUIXYLHdwy7QXZ9s+4yiKYKWwkc
+ ohVnwkpEHnBe4UyQ2vcI8UxoFsGBuZtKiJFfxjcmxXNwJBSA62ydZHwwfmCNuz4c
+ 817q/LeUIZgynezO4gqrr6sWizrDP2HB9id64EgmEU3lL342yXbZCX/yfel8/eio
+ jwXA1IS3ae9swt0KzrUM720sLTqBtzi8E8BYVyAEMwQ2Af6++dpMv510n/0JDX1B
+ ZUsldOECgYEA29OSj8vOhnObi2d3G3gEzUmYLyi6+9ngQc38wX4gqMTZNWdEFj83
+ 1l8dxfOSq2zCO7Np4bdzO2S4Ky3Xe+WGKNuXyduNIIcuUXg/7sQ9NqLIszQCDraZ
+ 8Xe/aM9hnTVeSa3SI1+Tir5PUaVA2YVYq24MuLuIY5eof1Mu2ITA/UMCgYEAztr1
+ 3BLj59I444hL1cAdjNoybCq6lYrFcyckDhnTL1QyZDPL3wIroE6Y9d9qN88ygNeE
+ a7RP1tSnLVjomOIR9kR7Krl6HRRtJzm7dV3ed3GTBhSm24LgbMYU44ef/TmqqhId
+ Vh9S08rM3Wbe1bsKD3LtZigCwygQ+oMUayf6W1ECgYAGQk3n/juRJHWHUJjZlV89
+ oRzOKvC3/wodlYne0IKJi6FLnfcYUxB58Bde7YJ9kwksvf0Dyj9jr4h24kVCZ9Sc
+ ETSPMMsh4/dzpmLbn4bGqXfhclekp5pWf7xZdZ4n5b8bhfF3xF7lEmobvwLLrrpJ
+ l0aRc/V8MHNBvNKWo6EDFQKBgF4OE3KQqE4VOUbEB29WnlkYMYsbVqF+as80QeGj
+ fnHrv8nt/0oUa4/FjSlm/54GuTj6RbzPTOoq4STuYzx4tqAafUJs+YhVbFhEmOcB
+ 2pDG9In0Q/ZVqQPsgTz/wxBZ8y7Hc81gCsJAWSxmhPX7yNRDdoxXrwHbqvStO1CJ
+ 6f0xAoGBAJErnksoLP1Kl2bznS2a1AeQV+qdKTpdVYwP6pgouPItwBQ89vBT2234
+ N6on1lRfewIx8Cz6xZjcSQgNoK4zXaVhLydFLEB4GHPgDqqR1gtNcfV+JyE8Mn8m
+ fvMbANbHnzFqDMF7xLnpTaDQ2Cx57K66tJFAJLMDPSm5zBXcn4M0
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: armada
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA3C7GPaX+CBwPz0rAbWorFholDrZqV4Q5yOoxPfrTRJsKkjpN
+ PG9Wot3wZNukGWoUzm6uTwu+tasfaOGHUH1EmwhHXtKavWhfuzJziXXPL2DWAoWh
+ drIkM0c5oYHqNSIiQk0Ld805jtI8L467Sn0Sy21oSwIbPGVpcQeYtI0rOHLxev5P
+ w+KkmqUBImjv4otLtIScRlcVLiOFqitIQMX6QtJ+0sQTmPye4ezaYg4o0kT6R7xu
+ aPdPHH25ksh/yzQTYpileV9TVSv5IhRrilqS+TGVNT/5MnIuMj6cDX8T7ZM03/uU
+ 5mVVLHlxURDZACAhad8d+t+qRkfIuc20PQt2pwIDAQABAoIBAQCgDEgBi+VJ08wS
+ LA4P+npzSHHjbemC0BSI3OMKYIated2HSWXXJj9dh+I0DgwMhTW2kHGX97uaplbg
+ j/8iHMx/vNbUMFZWk8XydsvRAZemosctciFZ/EegFofnxF2QXc11UDejz8Ok82DY
+ WPH/RUciI9cJnvBZSIYKqTDxHSRrlJfBCgfghaqBaYqk/21iBivKQc1m0jTY9TsK
+ MvxLrhFRSLYLeg04xBVpvvUVQ77l/YZ8HbrsLy23fdeDPPP/XaYxM8JmV6KBYjor
+ vESBR9oFUK8Lf+md/mYjliCKzEH2CCBhPve/iYsIAkgZ/vazhJZuVMNmqpXYo92t
+ zBABPHxRAoGBAN1vziOth69Jsst/gqFdzx6uTJLaHdBr3eAMuBZ//1TCv0XDPi8J
+ U7dvM7itkTChZvVT+OAk4qQOsGzovw/HtpwQ2IAG4su1bV2tX0JKDyE5FW1P2PWE
+ UvxY9AWJAmanbBwPMyPfspPD1vP9HLYp6g+wMiWMRREQ8IU5HLMAF1LTAoGBAP6M
+ 3FBFnZEvQzQ8eTRcin16vLViCXbpiHctXKHZI5vicucY9YEQqx3+ZglcOTGICi3e
+ 5sJ6lPban6jEMb7g8uXoqNusnuV9OAxUI8PAiNxOzb/Qba7GDpP5v4BBB68OfWNg
+ Ob/Y5TEGt0ZqlSebLYOq7yKF7/GBS+xRqSj56CBdAoGBALs6zsyB7Ej9Ao1oChbQ
+ z9C8RYihnjXdDqRjfL+hiE2twLaG6CwzMbLW9p9/OlUpE3n5f2ReK7fVp7zearY4
+ AiIhaD2QFPFzPL7JWdMd9X782i4sJmEpelVeDS4k83/CrflnrLD3cvHX1AdHC6DG
+ /d43956h5MASV5v9d1Oujwn7AoGAB09QPFXjcnni+isKaACIUZYmuSa5ktqd+p4o
+ 3NT5es6D8jL7SduKrm/Ryk8FrXB0qmCOS+NtR7F7iEMqEosvLn8B6l0Iqxpvc5su
+ 874hsAHrUqjPnYc+f+1aHHrBl7tYynPG9MVrv36r4K/K3LpOEkvkVh92hn7qCT1H
+ GFAk5FkCgYAnvm8VVMCnwmzPfGAObxo786P3kkQAGMP0vfew/Fyz7hCdE/H3yq07
+ +42aE/jfDo+tLKMYMleLvHJFMDtJFBM/ohTPnD1bV14a8SFJ4kd2V6TZzkVfd335
+ 4E2+iFyyhFQYgS0km/xeVPd+Vo6e3suznqhX9Sr9mEEVJw5XOkTjyQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAsLJuWpNsBvXtNny+kzFW3BPOVt7hkgAMRtKtykDNev6PawxZ
+ oo5tuL4tRb/htj/htig1uI+eCKCo4TBPS9GdVgvnWN8wUzqs7DQcGKlPrGlvg74M
+ nh4jOh913gdOSZRDQgqcOSE0tAOWHVGUhFSFgdmqzCL7d5XVpqjLDleAM2OgSmhf
+ 8juqQmjtcoLg0Ioso5QzZO+MUIq8qWoo8bfFHry+Dy0PVZyDm1tLDBCcFrjNndrv
+ xh7gCdvbN0wHTUR/RUwFLGcT1OUTLN7aS9379l2ROHjSs+T8JpjIwYYZ0/XzKc7W
+ ofUeO1wTNjrrWsNNa8Syw75io3LuLQcTMu9CcwIDAQABAoIBADQKeWIH5Vsvd0wC
+ 9YYYlAKBetYvErSTewoo5rKY32wIKWlX29Z6qGou6NqQJwQsUGf788aF1f+ogdTB
+ C7nC5NoA64RLR8pbj66JsnS4+RRIgWWFxeWT7sAhn+9iq3YUSrLauSRCWWljXQUJ
+ j/phgmi6GQnCi9musZxCPnvc3Y9EnRri4G2/hZqIkyEdBEzXuYjUcibRJ8dTrPVN
+ va/bMHk6BqauuORYyuNBTk/taal+Os/gdnClhR/dxPhae9rz27DEUvcIfEIouQoa
+ 1kZcFWBj+FieByW4Q8NzQtHDVe7gvRrAlhTfIT3GoIkQV46ioFmdu3dybMOsMQLF
+ WB9NO+ECgYEA1Tf/oNEtKij+pfGLf3qh32Oc1svn3iSvWxyGiFAiMGMnVAEPt97N
+ eHKNpxzbS6ZpsxXi3tnNzrgKwRn/rjVJuqAPi+TEEDHOA1Nww89HuTT5wHJW7ZZq
+ tTRorBe0v9bELrDS9OELPe1pkBgdCje90F/agkbH1Sz/bPj9kPt5WskCgYEA1CZ9
+ SV9/uIubK7V8QWaDIKcZP6Q031EvmLX+q6vWkJAMW3usnOTyprt2KghAkQsdXSLI
+ a/Hcb92RscKxin35kOKrbzwvWEWuDp5Asn7IqcZwPw9rB5NQFN6EzhtmI3MDS2pz
+ sAZlHQKJTpMBCae6MgCB9JPNnty/kkyzjarNlVsCgYBeqUXsd/G9TgYAVoTATAmh
+ y+/NzSlcDp1rrfZsfmcvZFYJjY8U6u3+E52gG8eghnlW8NiQZ9JffIYJxSkmhrH9
+ ESLV0PLa3cHA6EKgLF6Dc2mObzT4tlcZq/LstHmi0g63S/ncji0XiVfciVgbOTQk
+ VuoD/LirhBbCoqiwvXTbQQKBgC1Oevssde5Hgj/3Zi3hYqeah/3bZ585i1yloVmw
+ PQZqfPkclGR9UITjC/01/fP7162IPB0xbc5GF1NLLPdSp/WVMt9yjvnfB6j/ivmT
+ se7v/hC5jjXz8+pBC0Oo/ksbyNxWQ5aYBwgG/qPVKSeStmTvTtGYrxT6N79aug3L
+ KFR5AoGBAJdQB9VA3++LtKvCqrAcemKXismdYMMSQfswFoSe1xRzo2FtQWiTjHvN
+ iekPwH2K0z47Kso/UkcpFuv2RuY3p3M4kPebAKp0PDXoHYjQxbnJ+K0m5b7g2kvb
+ Af+t2zTKsM8Bi0YaTVhnca5NekSLnz2d3Ln9YQ/eEvl2MTM9w0Xc
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAo//LDTeBygMaipDHKzjxz1GcMgLJ/d/KU6pf2Sq3e878lOK9
+ w0EiqvVpJGDq5R34HqRqXpgQuxvTHoIK4TmkMzI9QLGTnGtgTvo57qMP333Elf+E
+ gyj/m9oeNwzpny3laIAMFzzjik3mI1aEmMq65dnPiM7SrrteCDdfM+w68KVTMbN/
+ zS0daeFizoQjyrfEMS/fhXN0liKPmslc/UWTWwY/mzoqtAHDKUlNWMgNDnkpFEH+
+ ynE75My2mat7n37itNFd1cfcpBjzzgQZW6rGn2tXlrj9EWa4m1kbNqqEuOH8mK9U
+ xj2gxiY0aKHWEvvoY7y4bt3uMKhkdYbIsTUWZwIDAQABAoIBABttv7cxLmrsA/di
+ 6XzIJGFJQ/d1UfU9BajimO9IXrG9V69LEPPkI/k13GTyNLcnQQVW+Fdj1YCF0dSL
+ aWhr7JOHdokoagjCSLRM032fFhuJ/GQd/Tq2k7GsVFtetIAj+/dzWxJT47aQ+sm0
+ Qa8QURv6RuSZutDwk3SKVkjn3J+8slQi7aBhNkMT1UAjF+CSH3QSFG4Ets7zwWBd
+ IFw3bFbtzNGrDcwfm7/kWE6hbh9mhwrdRxgb54CC9dBYcSBbPIvLipXNIcrnl9kX
+ GfFBfRxwnIWi+u2P3ygLmKdO/vuDZcwfR2NkzRrMuUC8zRnE6lhzWm72ClDVnJk0
+ SXUhwFECgYEAyIFYwBKsokoZFueQoeUotT4zPGlWyl6PCPiBh/OzqQ24thviYrxH
+ h40sHWeeRCwp+B3GU/f6D8Ftaur1KJY6YDLlG2Afwd41JipHlFWtyKWwxRt4+OUj
+ 4fAcwWt1JdQH6/JSnY1o5w6TjMRnDEX/L6fMX2/HWFywRpLao0LfEb8CgYEA0WPV
+ 9HVHpFcEGjPIaoaSZc3K2tV1R6QkmlHhDQkzi8AjhsD/jnBZbVhtbqb4BRM/Uo/x
+ 3t9hk9+tV5wpdMQsaL7g+FI1pgqLzi8lknHJjfzFgOORR8ZFq9A8l2JxmQmOzmbD
+ ZefaV64MPhZL+1MSKMkSWyNHOnbOQOZRjtkc1VkCgYAMD2utMfJcWKSlsgwLEOOf
+ 8zvVuGhWB9YGrhvsd4Yo9wBTQ94cHkMXLjCnHCJy600i9XeGeXX7GKFiOvvAEzkz
+ rBwHx4JhgOIlh4mCrJylYwH8+SgPoIjGAFFaeQI04koPsSWzAFx8+W16nB2uqU8u
+ KKOsYebVs82OkSrBgzYztQKBgEPtvIJi7cv9wsHxXKpaX/IQ8idOKo8ETC+YMod1
+ HbjPq3bS89U0034qus2z8zBKTzespQ3lsBU18llCuxw7bCDLE9bbbLYiI7rPBsRc
+ j8O1ZilrKj17sCyOEKoX8LxyIlcJdYiA0A+z0hruRtYQ3ApJOOBCMKBh3IWncnwC
+ KV15AoGAYty729Ip7dg2YJx/izNoGyralRcVF9NmvExH7LNoLRgfuO3oDBrk+4n4
+ TD7nB5Er5B73/G0zGMoL1++PQAamYqidmPX1QOLkW5CHU0qWpYzaE/o2kzXxc1fA
+ l/hzyKzeCn6BV0vHcsDI2O2aAQxzdHihm0YvmkB6v3G3S/uPxcc=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA6K2/KMidfiYkIoYxQz6SCLhy29NqkqFCoZwgSfBEaXYwKwBq
+ D8NgfH2fr92RZLG6OTXI2rEOehS2qqRQEPFZdm8qRd9+mbJ0EgdGbb6KaGiIVgvn
+ 7RnDE4IEFO4h8hZZhL8rxyEDjBAAnUtsaObs8sTWNWZTGwu/+L8ok2N/bqsnljw7
+ JibUlGuenwIrpEyj0SbnogrwOc3zUwZ9VG46NGJk7HtNUFOSfc2mkg+l+u9KNHlK
+ c5Sscd1wchZKgnpx3GKHY7MUINkmW8OaY/+YV/KNDEkp0povTocHxtbgkfs/59/+
+ 9DWR+nF7dP3RZL9CIfmdMICoisvm4GhlatwOlQIDAQABAoIBAHhaXtWOp4A35FsD
+ RHn+5HSkS60PN0HvLdMAOedk404VtyaXCUVsDv110WKbXfhSwfuTqXgNO2rEShQL
+ 9+o7nMXZDGmmCAsiNk2Y+8IKW/dTkqnHcMjAmZn+l3PoFSDulJFIfTF8DySkply2
+ RbYhNJECZbarXfNQaZUV87wBLEomO1CqDOIJtWojr/urWJTKzklqtv2C+p5tmsKD
+ yF6w0eazppTVOOpXUSjk6ymQNzEhClycWmXSx5m6KnkuzaakTVMqIFbLsl4ld8TK
+ VRGgOxeObSrSfv9jNwPkxpD/w4pWUwGzFuwumYD8T/r+Gs7IViJ6dBG2CFycYO+l
+ lP81W8UCgYEA9CguvlMdQnR2paypebZNNS2PrZbvAWCeBpBUWhJZNTBZn2ssG680
+ MTq836pFZapm1f8S0D041vX/Xw34u5hTOwc+XccpMnCGEzJwyA5j1La2O54F4zih
+ SY+OOFnd5i5UdLCHEM0cq4qFN3Rp/QiwbtZ812yPkLz7VCUPUOMhdxcCgYEA8/cI
+ aJt/JF4R8L4fevlOudieqYeSQRuJOVfHwIGyif/zvMtPtZQZ+BIbOIMCADRRTJJT
+ 8fINCtV07fxCqWc2S6RWe/cGSCsiRJYXjFoN4dqaYs494pffCXFXLLUwOSq/2SYw
+ WXo9OCa7WFRbY3fJhdB4j9/KzfjmZNTeigIeczMCgYEA4+gKUgCVZG4APoAgpotE
+ IKqJ3njwWvHMMMZS5s0P1nVugz/wKVtvNbDlk0aGhvL8ES+LaTRstUNlgF4zWzFC
+ J+yIC9OXogylKpA/9I5yI6H2E0pbppE7BMZq9DD20CFZFp+dRFKiO4IO/ge908Nj
+ peKzIAenL20okZASbufFWjsCgYEAgoNBaFTna5k3l8beKHd++kU8fA0e3N3SR28C
+ WaYI0XKv/ev2NHmKev+UuGK9i0Zxx7jwV5raB1WyPC6bquygS08bRS4dmjYZGwAA
+ kQEMNCsyNHGJAdOlafPMYwp7Rdns0Epxyyxt28A8sUBPs6K9mGyyUqWyZQYmmwKW
+ GtaPW6kCgYB6Nk8fOoBbKEJxPzWS9dewTDVsMBc+l7VJf1kBm2pHq86y/V31RuO/
+ KYHUGJKtiY/UYnG+eHEhkbkhK56T/PxKtKbJNAzTNz8Xz6JWCIupK3VPN9e/dKPb
+ 5Ik+g8avEUjTy4l2Bi77HBs/lD1vB0fE3ZAPd+xzNu1z0R705efcrw==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-jump
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAzV5tuExTU+9A/tNkCqoVhBtYsZeNWrvuGiYWXc+6CXYKAhLo
+ eqVbDNTtxwsQA+KPRJtiJlTS1+EYeFd7ZTQHAj/vt8NSdFmIVSpaJdkDBTBLX/D9
+ 9b3hdx1u+4ZR3jiU7VDsezci/apB69oBuihLcvCmm3m2EhgFFf0cUAa83Z0U/Pdy
+ Hg1VRSiLcMxxU5QATKuDNUpt+NG5rVP+dkVjYzp+Vmzxws4pY9T9xJSYup/rdb0T
+ gWpPFi8uNIazNCbUXRwHFM5VXq3S0ueNCCVIdA24M21QwrG7NZCsoG6n2d4yhLv3
+ 89uSBzY4UQ30Y7Uqpi1vjn5QmqkYLrEuc/5FmwIDAQABAoIBAHSrE2viuGfzgJoD
+ n07LpyOAoZdqQFxubOqf/o7Wxpo/W5ooAbhDHgGhKV+tMjDy0W8pUs3x3EHV15/u
+ GuS4dM7bYaSkqr/8aQ3w3Hup2CRndjqP3sZvU5nmt7jear3yqPBUy7OH9DHlOkPx
+ eo+1+n7Wpd+nej63NJR0UVRJL5w5bxzKEUgx8jdrvPGdTneAmi9r2tKMX2inv4We
+ oHOspopKqb9A7e4+uyCwW2rmtZRhkccg+LWb63LBT4Xnl21bn9Sr9necB3WtTq+U
+ 2Z647G0PULthTNXmD7mYn7UikRUyXqBvKlaQ7aXGWqwOl7vfiKhKBJZtp+zvN/x1
+ xp8QsUkCgYEA7PAKnk9MLRqvuZQO/5JCWb+0EB4nlWjukMJKgC1CtBz5H0v//hQu
+ ipW0a5r7S6rN3aovkMjgOUb4MH1Qhu9Yem8ct+SVtiN8azSIWLxYbaaEUzs0PTgO
+ onBpB3V7SdAJTCRHNUfrFumIMvAugspeJXKh+reNDrXunKmL7d6y2f8CgYEA3eQy
+ h19QU3DcnYpZpUrBehqlZ1DfWf0XOwGd53jW0//fDt4ECytXseWcvmTa8Vso48Hk
+ y6oMH5+rQx0SXgte3Ni0KuSYes3jEGlFlTybf3ETuFtamGXoAO71X2tc8JaILASm
+ OJN6yj1woQxKGUKK3lbnQHEGWbp8/bZaC6qpvGUCgYB8ghuiW1tVbGuhYruK88no
+ LcQqoB3+9rg+28qYlrAxw/PpzV9Fnkdizg6UaUna1nP+IvuB4v1pO/EaUg/qCIZ/
+ ODpoLDe8EePE1kM8FiWF4XYx4q+t5/JQzC91Gvhhrm/kUkAVMKjKTogi9HIMitl0
+ ZkvWW3RFobc1HieJJXjo8wKBgEHw0uNP+/sQCz/2IXXxpVW4HXd6nSWNBR5P+LEV
+ RCJ0Y8FzURhQpRsE9XPPXRFk2d31fRzZSAkN1kN3nEG+d06CR+iHTpkQHm5+GmOj
+ Q0K4Q/gBjgbEIhJE8T6OFWyaD5WlPBCMI21+nL3/fPXMxKAWi1qnPA/mT8bGLjRR
+ X2fRAoGACn02YKqBiL3reJorvVmTZsefzbv2EInz2qf878D6wSLO53XxdlxqTi+5
+ s8os57XwO9XwhYtcJIjsIoCHJjWwtAz2jdc8tNCZzVF+0sgjzQxQR7roTedpSSNr
+ Fl4kffJOD5rsc//eBDIaiq2QESGyF+x0TM6VhASPB9xJ/ECMGFs=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA5U4DMNAvkkGBgR6CJddKECt1+Y8VBVMbGQs9hC7Z8qRQHnqf
+ AFEs3N5rq+CASmoTdx1/ZjRqJnwoNVF3j1KUY8WNBtx84M0DTY3M2j6FXmOmmESJ
+ LHdxBYiNcs8C/j5517/yuHERs0aYxGOIK7SORw65159yQ2cFlXBW4+BGUkIKUkUj
+ R2TuoyBYRO943CWZRMHTN+eK98TuSdEaxk1vqNzXsvs6dk3ppetXa1pnHPs0KZm3
+ CrOZCg5CWEG5J0gK3vojQaR6ygrRV+sGN85q8433tsfMRy/hmahJbAQVwxhm6Oza
+ +cL6voHCuBkKju8JdZTl5b/91YbaF+pUKVS9CwIDAQABAoIBAQCcYarNZH28+g2v
+ GDZcRkoNYwZvLwSAACBv4PmQJz+eOi8lyiyb08CL1OiLbG0x0sv5pVVYR5DJNE1b
+ p3apeQEYVgcK0d4cldSV1IoLoS3lpIJeQAdpGwAqbOlCjimVaNhBqneHEB2pLRFM
+ hjC81cNedI2LnwMXMrBdLSMk/7QVrgeqqldJGJ7WoK1qe7akgoeTA+MR/qWDLGux
+ Bogsh3i8h97aQdNGNRs9ZBUUmUidN84TLelM2mZ1lkxI2fXf1qGLTyf9AxHQGPfs
+ FoJ0YATQidF8xH6xZZ86RXl9xS2b3pEOU/nolwPxKYLhFuqNrL1lGb0F2wNJmZLV
+ Ktjq4LcRAoGBAPmwAX3m9gkElFSviyqqiUlO6kxOHug7Lv4qZVNvBOkVufTSRMBS
+ apfeGcGfdAo3p0Y7vGlfJpugU+M55Az5M7ujqClj0qPWq2O+IdoTQPysoNUtyNL2
+ rUpPIfRTKv8H/TBKtcun8M6rNWm1G4fIN8ef8KZnbviY95rKXScCfWc5AoGBAOsa
+ FoAfBH5gPOoAsDJm02UvILiOU0WiPo0TnWtqpR5KUnhIzHCY/pqMWg0FRbGTvuSJ
+ KmmuEpkwici8mpx7Q1fgC47QiuLCoB9cIVpn+fJmkvI8WQ6B9KSu4DxkXTDGRjqX
+ +jgAE1bJMMY2d2SQna67DYRTXTsqSIHwywSZ4mJjAoGBAOeQYBHP3WZHpPlVRI/x
+ URl34ruZx/hAyzhVQVu7nqY8zBVN3Q0wYkMubFyx8QB41N3CEN74q+mxK5uU2Pdf
+ NqdTBGY+eeAQ+yqp7uM88AxmXVLX/2QH+nbsJOVfLIURd7MN1sRloGNLTWIX4Mxw
+ 16p/nsP1MWnFE/2up+3B1WOhAoGAYdcnigZejmFquE+1BCS60R891NCWYyJUOc3x
+ 82Qcd3CixaA2RJ3HR3Yle8m36WD9Toqu9fAVmV8T2FB1X64Epqt84+ByDFDG5oYm
+ 80LWSETb3qeywFDhCTAl7bwu9D9vtq7M2UVexv1PqQ29vkJY/QCnbWxsHlVIe5tE
+ QhPwnNUCgYAc45f8x9pUcacz8NynFxAG/C7KwLboz+ssHPOYOBHVo09LtjBI3sdy
+ 98ot/ERtr/G5hhCUWUXX2spnbjYLrk/AKFVP5JmaRv2TOz2GKo54DNwsYLb1Ctsd
+ /b7kCHLgoJZQxbqiKmNM74LTLv9D7b06P4BiYqJdgNCe2FBXCOthEw==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA5LKMumJCGGvh2YiPaih1JqfObaxIKLbTEvtqrj5gfSMiF/ml
+ Oe8hoV0ce8edR5uhGGzY+MaRmZ4tbuxBSD+u4mjx02ggc007stMW0M+Izhy1/EFv
+ eKznz8orA9Z/HwoIOnqJsRhRd5qKjAoo8a5rg/+PTKjTBQt4Ndzx9q3Hx1AhDvN4
+ ViYswqe2z2vn73wOH/QAcT4ZZ3snTb2oGroYuZHo4aTRSZVGk1nZzNZPOAZLookg
+ NgdIEuWGIUwY+dXoXPfTsjuJ1EijjjtA3VwjfAKKrU5sUFJ/3IiXJE5N0Ll4zhQ3
+ eG19aDCv0jIpShyOR1XIeM3uz+QX1X49/hCU+wIDAQABAoIBAQCU1aqGZgnz0Mn0
+ A06qXNgZJx5N+9AeRxVJBjxgV5H9/o5iogKomHr/hBRUbg1qm9sUhUoTZU8+dVXG
+ GZVGysMq7/dpiRuNTlcqwvvXOykiUkcRexhrpcNbVIv3/HFQpvvB6xuPGG90civ2
+ hWouF0A7cGc3Eav7XYKHM1p5GpGooL8+g9tHKt/DX597fDbf6hYh15OeyJlVdclw
+ pVYscKMomvEMcAS5dMR1CYacEx3Nzep5LkuzLnZKvckucytJXaFsE+ZXUbjvbMIO
+ qIBHcEeXZOVK4u02Xy2BWR2Uybl7NZb7AKFZHbZfxZs+/ngJR7KjaJqjjzjYlutn
+ EzmWDpBBAoGBAPk+LXfnYiQIHL8tu8hKjjycXXDqmSzNwU6kkc6YBim/pe6BspB8
+ 7bm+tVRCkD1WkvwdKb2GweCEUG+HiuYG1qojJOTtmAsEzNdXVhdW+gMic+lINKr/
+ Mqj5sbmsY1xqR+1o1IxteSVUtYHK3p5FlNA0BlKuzyvYSoNkq7OFDg/hAoGBAOrl
+ x9JUYRBtkwLZXDj/LahW3hFxBeIUCcQqrRopYRNS+10e6wN0PTQehh3ZNE9frCZb
+ d3L0KdbtN/n/qfvsfbwbGMQMkx6sG8JyQ/9V91dKOwicMYqRqeoyseXgytwM/Ht9
+ +ukpP0pmcZmk//x1+sBOv67bZXmRPukdJFXA7vBbAoGBALpqd+V7aRrb+mw/D3kh
+ 0jqhFP5UaNZq2g8w5WEosUtebQPze5O37LIFYmgwFOPbsbnhMgvwE2gSbnrMXOXo
+ 7Xt5J6oVzqdHItJZHyn7wqi/hwRPHh1bHA/oGbZuqi4/y6ZUxsx1QKvcLJl0G4cz
+ Mbd7gdMrrgX0Et8tV4LAnKDhAoGAPNLnHRVwVNqquJAkCzY4UmC7+/QyO8pIhR0v
+ 2ZhhZKmWIRTCchCFUJueytfVbcAuSXhhw8hplRez6O5Ey9D+9dhmX02KQuT6Ay2n
+ YdSWyWmVQ7N+OI1jXBtoaUf9/2D1d9y1Pe7KTq+cNta82liKZ4V8qQBylDoB+kbr
+ g7EDrgUCgYEAqVKWBVLF37tClQt1jkz+bWEAqnE2e75p8FKz33lO3Aosuu3wL9po
+ MgmaaocFWJm/RSo0vNL3cMGblkoDPXgw5ot1blF80jaJswiMjE14VwFRdf2AyHPl
+ 9RSeTOcub++IQs5eMDdTWWqpjvNfy6POO6gcATVhNobOCsvqrCxiIiU=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAx84cvFlUdir2iio1iPlFxQ67x2PqGCr1/jRj1ptPjnlnXfLn
+ AbypA0jpbKS9r1lnSUsJtK+TNG78jFtmfnT2DLX+J9tZm4qI1Z+qrWhM0qlYyPuG
+ qXuSDI+TR5wbz973/2IioTAbSo6E32cTHHWhEaCT4o+iD/K9jZB0LToWX2k6+iQF
+ Bg61rFFAk7SOAO4/8CcsgMBw3Qnl/Ewn8WNCHcInkLqhgSOF21yMlcBsoPv1IAAR
+ khXmF5tr8RGmV13K70lv5IhusGuznZ2FYF9gl07VxQ+kWNIdRgYwPgb2qKpT2pbl
+ jzBX074rc4GUJ3gTimchGLROukOm5rMxRkYMhwIDAQABAoIBAQC6rJkwaA1/cdhx
+ ccoetTY4S/Go8nKOLeUyoWP955FGvaqTnhOyDb+isAZWWPxXzaGwWokw5TEVNfSC
+ dgqmb0RKz+Yq+scXiTEa1VgzN1U/JLUs4cMIqcjkL2gc6X8akWkGk3tjOXzmBY2i
+ 47x5RHU98Nb6P9PcLqBmmOXSM4kfjZzKHV+JKLAG1dzN1oBpS2XS+Ak0fARq4Qe9
+ eaBfmTR6V4SeqUmP5PBbxLhJqSKNaXPtsrErI/3sqoamsngybM15HqN/vbQuBGwR
+ YNEsbCDcUTpAJbq6he0Mu7nZkG3FRBMmap56CL9eq9+Z6Rzg63uVJ9B1Ys7tKuDZ
+ MJVYOxERAoGBAOAMgwAraaEdvc2PMWnR7cIVm/21PzAlteXH4TAAYpL+Yt+CNb8M
+ rlzKuSh1qNjDAAEfpuaoJyTBcAjS87bgk29CQs3ghy+n0gGKxJfkMBC0CuEWr2jV
+ OEvyN8T0ChU6PwSnkEgfqDU8RDpvFrxrvGKPvrkU3NVjPjFKNF9m+e3TAoGBAORM
+ hPDs6AVU9n1DIRJfordoPsmhXTWMmd7QQvDP25lCDrO5Vi6vf8D/feeH/+mZe74e
+ 6JRGTUYatL4qWIHCpUPcia/C07uPdXRnxGwFUJQpMh4RHzCZyEL0ZMWxUJgwyuJi
+ OLDVJADyH2XEZ2cU3H42FqbB/qPPaJtIDQDpuRH9AoGAMUbPMSRbMRJngmRyC8Ie
+ Nsel7WEFqsNAhG83ueT7yTSl7l6nD4PsfYAgxSNLpZEN2TFq9eQZ592blHVBIQG3
+ q4q5QqqVUQfqCmjI4FdRsvrGQcdJgRcUMK/vUCQUa6LJ5W4tL4+24S6GGwv/xiUz
+ 48GVwwMxpsUTEqgtaKYvZf0CgYEAzwdRG0ZLFeK5cFh62jWd0mKXZbOOWiw5sSP9
+ QHHOO4n62SJ+M/H0kWlfnKHpAcasv3k6ApRKKQO42iZ+gpWn1wVcWuX7qj/rDHe5
+ WRfsvZ8qErgGJ8WdJJKJ+/jTFGBS676UmE+AydbHgDr+Zi010sJsAic0KwrAWuiY
+ 2jYZHWUCgYARWuy/Vm3kfBR84Kbr8D1RPUP6C0Q1sj4CC5GFpnnCULKy5hP9hzFo
+ PFCCH6oAidnz4yf6KB2oYs2kbWQ/Ri+r/ap/vmeunsAJFmaHr4OWiiiGYOYdSM8K
+ faOKD3Spe7A3vhandsyPRdNOhtch8ETR+bzaH7D9BPaBvGRPUenDww==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-jump-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAvgW9e+5pewHHmfEUTJs5J4kQaAqvXLpYirHAabjVyy4wRGEu
+ GK6Xn5Fal8JElirfPPxtsruwNJ0q8swPsL44CxZdv+MPwlS5HrNFkKo/WHCT6P+D
+ Mlagphp/ngD2SYasrYc/fG1SYObcW0fmQl91oeBEXt53zdQtBZkex92XmviMf1F7
+ BNlyDuKzGnigWl29zjyno3eqmNCfSBlSaKvZ6efvaHsZmsZryviDtZ+0v0TSdkKi
+ 6CUOJlh+UwRotsj0+QzFLS93CACpYlBS8/sru8e5xP4qwMfUT1QyaHaX9rKTc04R
+ TvyHH0tDYAGfRzgeTmJQX+yTqZdVOe8WrLL6HwIDAQABAoIBAFfXn3ijBe/vKq5n
+ W9LuDsXP/t2Z0ucy3at/8ErvPyXl/DogEocmbsE9GHv/OmWQ/BHdP3jYeuRXo3sK
+ ClbSGGZHuJ70AFz9fXZLuWTeztm7cSTMuYGTukAPD9+i4jerIjg1xYtnniVdk5A+
+ 9JrKNj7WxcR1YzyrUQS9fBU4wtTINLAEYH2T6cVadm5p++idLHAAI9YHj9YpuB2V
+ sJHpk1JktURre0ouZXTs3EES46S4zCpBXQ4WDWqeBdbuv5na1bZV4nMSmMVrN3T2
+ RTDHJcoQtVueoEk2yvc+PygMjp1GY9DCRQ05+qQHSKxFd3g/u4VGfSPW0lc9nzQC
+ CnhXU0ECgYEA8R5TF5xzz1UEOzznPpeRUKsinms6qYLvtlBWwuYi/EZugrJmTPWF
+ D9NS6krqiUUFTQZ9utiaWD0WhvHCDyrNSiZrnUIQYlm9MfnYtnSuNncqdelHr455
+ q8HjEfcMYHf56+gLDNDwLL4KGu9EWKfWYmTwBExeQq6Ese6jlSFrtdsCgYEAycAY
+ 82DsgKUl0k50szJUMP9Ng7nMVWbIQC1ilaoykHlKt1TvJhmDNFNte0jqQ2k+OraR
+ IYZsZXY91sFHkT5s988VfQSy9NdUmHZ6xTNIK6zu7ixCCqT2T6RHxO1tz5Qs+/uy
+ PM6ioNXqUfvxXRXBbF9SxnrQlFOPpJCS+MUPmg0CgYEAnVV4StPgDc4f8LeQ/RrR
+ y52f/Vdi8/FokcJimtKoyYz713SppFYg+W6fkBpKaEANcXFm4WEtdZ6G8I8YXeVE
+ B7qCRh8xqbt85PtvGb+RXiDsJ/yMtlV1t0nQ7YwTG2+uOO01KKu9zLREy8aNBnye
+ O545r9RVPZW7KI/bVhh0vDkCgYBzQx5+HYfAz5lWF6CwqDZVb+aXNVU6DWim0cca
+ /ou44rL/HrUqrTS6dld8MeI09TGqVZeA8c2IAg++W9pJbsLOqS77p+2d2E/qcvYd
+ J/k5iqlOxVZNwoU+Zvrh1UwBZgR1Sg1AlEVxYgVnJWt15PIGukcOQihcNYlBWZ++
+ JMePGQKBgDEorNejlcFoPuc81GadTbdnhWAAIuuL6vkopPF6R9wHc0ETDhNfCWWU
+ SvYIEesjdLRRs2Cyr8mFL4/Lgu97zZx4pc3nZVvS1W1I4Zt0XdIRm+mRMyvFatQ9
+ iiyyDmCz/16Gwqv+1mgF2exDi7M/JjWZFPs4SlDxNMbEbKGjF3es
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-node1-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAwRm6nsAAps4ZDbhEy0i5yJWTu49FrdXF/YKghHrV1FcIWkb5
+ ELqBPjIcSKSoX8uHxfQgCxVYxb/N086OiZs7lbFZT0DKxxNKGnRRh7lXkxIdsVjs
+ DZgLbeeLr6y8L3gt8lwCB9/MjfFCMXb9059iX733LC6yPDZ3Dz0vMEJzxS2mnOsv
+ ltY7xC44t8ygP0UeePYP4MaPXXFyjP02n4ZkSK/RNWsNvazsMpTdjG370XfrNue3
+ ilWbdGq8IrTLiIRUZ8rQZhAeVG8sNdWChxci89YpSw9h6AKpJ9kC1NEfJ/VLXDX6
+ Ar3pfJd/XwP0Ux8ML2jxuBEahVEWblqz9NMkDwIDAQABAoIBAEnlhr1pzNYI2R2e
+ /vSsiCxy0W5djdTQkkxJyRPpzhrMk624q2fzd7JNivVhze2a/gKLQhf7u1Ux6Zq8
+ 2V9fwJWwoPTrXq6Ae0NUcD74dsMZk7NizDMHlJginBpGiF3CKBMvkrdgte87/JDh
+ cJGj1Qm+sPB/jkXssfNq/rwBMjyqaEeQCpzRf2+lk6WTPkSwtD77oCBsYMX2Y+Kq
+ 40piL+BT5Wll02IEKashyhZ1HdU8gTUCDieBQNYDxjkeGG5akkNXCKax4vt0G3LX
+ g1fTbXGL/YJP+iniJ02P5EY5baPpYKCmV323MXQwtPC006FSLllHlmi3q1RQsFZv
+ LKf+zcECgYEA+tA6R5vsvlO5miafqb5ZRUmO11SdpqCzv0yqLFWia0u9KaUR8UUS
+ WilamDYoBAMlPmcekB1TG+OoG1sEc5zQcdpmAJ7QBoHkPRNGwpywWv6wqehbhKBG
+ GkENPY8j3g0nOyCW3nYPeXfYwE3S527ngCJNYxzUyWzikfGxz/Dv7mMCgYEAxRf6
+ Ib6wCl7ZBqZWKUvFn1+/GEBAvcLK1BE4RuhAodUkPpQSQ6s8oBaqf46gPRwzlDeK
+ aGkDuD57n5Y9wq9ThXuUNu+6J9rMrjogcoKLT3XTcLROJ1Neo3uBMoz8/tMzRhtg
+ eVV+WV1SnmOmGsrX7ZkXejBIR4Aty92X9K6ZvWUCgYBiZbSniU2Msa4cAtEat9mv
+ 7BbE9aZPy7YY88vDTulEbNdOcjsiy3VSt+yZ0I1MXauL2srLwSVsyJiX+tI5RSkl
+ sYfY8HUuSGExcNGO4gfx+v91+PmGg5ZdEG5QW0q3/7MHaFan+etCPTlk4GNAdmsO
+ AucXXiVAzJ3qocafjKekfwKBgGFn0Sm+OPhXGcDskeaE2R1Dz4hnsNdXnrAh9oMs
+ o0yXrvryaPhid2rS6N5zmYO6HU+iB1hElh8HWkdrlAhUZ92vTne8EG9D9iYg+go9
+ tCXIIIAxy/IphLsc/aQDA8HYlR2PyCUO+Iun0H4Q13WkTATTxUOQ+xfDJF79m+zE
+ IZz1AoGBANvc+XYrf7qzV79oPr/dAsqWb9sfrMlJAjAKZ2hGgK4FsjWJslbeAaMe
+ hV6aL7jBtPeQnlwTLXtNnmYWAUpI7GYetf7nNVlk39oovW+ls4KUigaW5+/YnPin
+ TxD/Q3tz4K8IKoL9HJgsZuGrQ/YgBIFTN+4QJsnx3pe3W3JfZBZj
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod17-node2-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAqqj1GasfGP2uGTgFPkH4tG2yhq0dZ9hWQmm6Z5g2O1GLfRzB
+ XpOG1E9VNjt77EuKik3oyspwhBhR4ftrtYVOSqk260pExKLRzCard5i/D2TlPj3K
+ XaGVYUCyt5MGcwAIICesmbInqmsLVpeg9us6aMj5xQ1/CXCajwYdFlRJ+IwBtGOG
+ GmPr2EP2BNwCYLyckhnjVbG/X/n1CYwaqN58cBPnIPT1nUCkai+kYyc28WubDJ+5
+ GlFNCUvVJn6xFf7HBllOVnUJzrK4O5+BAOtWgVCmsLJsK9SkldZX57JrfeG7bhGp
+ ccMANR0/I5wdFhVzojITJpGao5XUtYigztdwzwIDAQABAoIBAH6dkhM0OYNCGxwM
+ yx8QtSOwS4bOA4YbJIxrguf/LyU9b98oKXMwwxTbsx3kbiG3Phc0jGWAYpAutvmR
+ nqzzNU4BU4Sn+nNlVYBApHC7++zA77AJCg4Dpx+bb7zxMRS7TkwFA3KYkgNHHgdl
+ wf/QL+q0SVNgmwL270TzxTre2G60wv3XQ/2nw/IL2YdaEcf2/mD4ZH1qY1IzFoZS
+ U/EVUItzhPksCihk3nGw1PBw5GoAFcOTmHLn/BbhoXJ4JWfKwqMG5hkXWrp853VF
+ cOZsLGE49WmNb1Uwx2hMW9pokh9V5rp24Z01SH83uxcJoQ7n0+G9fKMWm3RrhpIl
+ xKqlUpkCgYEA1tBpV3iPlRGG9jlpBy+4L9YbXSx6HzhbT5qplZ29+urOjird9f+R
+ z4HWayr5xo+oViBoO3lgMziOiMq6hahFs6Bpau9tx8izw+QlEytAPg0nLDGRsg5b
+ wCdWobS1uCHB+uiBkBichW2C+g7zRXnFaJRSftHIdzGxm1kLQ9JhOtUCgYEAy2Fb
+ SRAXH0+AwQpHSqPef8iGsLa2+g0v8MicmWFG269Wf6ZuK1mZ4hKKb/lXM6PiHOJa
+ gLokn8dZIUTpvyC/cFutkzIOCO+Vsmg/bw/mGfUcTrHDGvzgRHRKpnf005/Pi3LZ
+ DkEhxjVsjAcb4cZFIUT9nT9AJUbnJBOddaqTRxMCgYA7CfSp0bzEn5iUO5seGoNo
+ wlOq+/pkcjzGWB+bu0rnl3lFoYp3fdI5Udn4gks7w2fko+uBzQ4fhb/G4ND6wxDF
+ GaVfeoaVjhe6Ew4NgqmZZEwL3WPJqCCXYzhwIRaAkOabayOQ0vLRyRNiXpGF2r3i
+ zEEQEeAiwkmqBIMQFNYcMQKBgQCRmAyFbWNgIsYFa5pFsLHjwGXLs8GhmDctpC+X
+ DbBwLEE7+KT9m5Mx6Bv6tQDcEwIXs2MerCLzzv3bdz3ueT8S7E6CBV9OvlTn9wES
+ PMt44aN2IoONmmHiH24hZdZ6ePlW1szUC4RmJHCkfaJUKl/qxTzZiSIejXeCuBgM
+ 2CO+yQKBgQCIsLHu3FGfzgz01riFjLLPKL1MV7W6/jSlIDKrznBPo6/XT6C7pyh1
+ k4r5gDGPHUXpRNjVufzd0BweHPs5RdZsmqeM2IQsvsjwwRjfnFG9amjLIc4omh4F
+ vUTBAdxlYifwrsYAOG+GCJ2Q3T3X4YlXClarhivtSx5RHJLjoVcvtw==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAtT29xK+8i3lxNgWG/YYmE1mNmVuWHjZrB+K112+ix7CDldYF
+ 0fJgPwR+urDgTiQFN5cLL7GcTGIYmgArdBZcvUmeUsPjxxUuik/w/WaqyJQJc4Ev
+ sl42owqpfjpYL5u/n5o9azsx6OTxZP3b+rmtPqSCafgkZ/VcJawIDc+jhGAKvhVz
+ Jj6zjmvb77XFR4eUjmBGVwO64lrsH7juVt6n6EnwsvMPVoxQGGAL1C2Q00kyfjLT
+ DrQScp8Ez7N3YhzzeH/W4pr84NCJ9n8Cg9GkIDpP9dLzmNYbCUC+OzA5Egge3tfu
+ n/Daf+JgJ8MhL0YcjX4CxdlX0t859fmD06d7CQIDAQABAoIBAE8LsYNh/gJ6odSk
+ zn4uDtcrnKVBG5TruPyEdTiTuNQM+SbVZE5vvmhdpoP39qw964SWPMu9U+TAd+ha
+ oJkN076+p+2DAAnpBBZQzVNHfr7iScj1k/7gNkYftVKXUbTZ4dZTJ+xnsdnYWCvq
+ yBFu/88tYq+jCQXKLjlD8XNMlw15NfCkX1nJE6zT75MskNI/NaqLt2nmjsRCwCoH
+ Fttt/5lK1m4Ge4cqXaMKLiUi2ym04FZI3m+DBDqqO6QxEgpCrz7IveZsiVOF0B5x
+ 9413Qxem6zm9cmy4X7lPyNHgEO26jQSy5IZDHS6zz5wjXYEsNn9RpCGHVjr8fWR5
+ cpLg1A0CgYEA1b08rl3vn4XEsQ+a1PbY2FmCMM3SvFZudUK1BjLUh2JGKQ4rSIJg
+ knqT0SDau66cDxDRTxz3vr02CzZCTrfGl01drAbAp1YuQ13PRYhaM+IPSNLAwS/D
+ zZdgKw4a3WMcfJbnkVJFUxEgp7csoacK+8aI4+atK+oVTpfJc/8pQl8CgYEA2ROQ
+ EeLur4a3qVjs6XcYnkIzO5O5bgKgdzbxpVJTz5UH24TjNICyy6yc/eJF2iUUOdEX
+ Ip708Uo3TyWYC5uiKYiu0jUHDjiujJjdZdeEcCdvy8b3eDlPGCqLTNOsSKKJ129S
+ Jey9CzEFP6wqeDgMDmlvDr1k1OnGxbc04UNQy5cCgYAChIwmcazU8Dp0634jbBT5
+ 13QVJxeIaGw8rWB8hjTCs4GoEiaoYADLOO5s1Do/Y7sq4kPU7r5sXMY6M5VsX/XS
+ 6nJkCGBUmEtLN9utMgH+Anezn+ftXqar0VCssSnX2ccIIK7xo0p1xAnib+HytYkH
+ ljselCUOE1/U4SzaVPMjeQKBgD6VAz4E3KdCAYUTHAoaycAmebq9VgI/Q5/a+UOe
+ PodkAcXpw88JI4LQmtoe9+ByPCiG/VJ/3UILEXMB9ZmzHsc2np//pa8V7EygbYPE
+ 5GupEvP+wq2oaAMhkNNvWwX9xhuT/mzsmXu2gDrhGcVa8y7ceqYXOBCh7SpnLRmc
+ XJi1AoGBAM7o7NRNSSeY8U1D/tgnaSR1lsSQh6F0gJc4hLSigVMsGaFnqD6pQHK/
+ Zxg5rNkPjZHHq5KRG80bKjyOwEhx3BQDwemv+XoCX8A6NzlgNWR8MlkEwlC6Twhz
+ 5eBy0x372FZpPSr1Tps6RHUZIqQbFFcUeNUH2I10HbVLEo+BuLso
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-jump
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA66FeENlqp50a5TJD5qhx+RotYhObEA5eGYtCEdt7ntEb8oJI
+ TROVq6vMy6UO0Cl7IJOBrIpR5mSmhl+QisSsecn8VH9hwC5NhCU0PIccGAvf0Z/2
+ 8YEXtWFitGanC5wgOtE+p53vCO5R8t1Lm3YGmKZaAKTYL4IylVCL0e2shrMsB0/o
+ KAMYP9WYxhm9zoSDOxOMGHyIRuZh+XEPeWrWcK+wVByVoWX+RxmBezIDvWi+nZ66
+ IFVYt5PDheVgMv9z7rvrNdMs57CT5YL4jkP8Jf5DD4JYNPb6k/n5dxqJz09VhvKP
+ N86kZBqAU6Oc6r+206jcsbmYxuarrqXVTspToQIDAQABAoIBAQDMumIupZlDlP8/
+ UNMqYATW+OWhp4M9Ch68dwCq31ajgPCVXplPTsrmY9kGv50FRGVUwpUSwwOx+JWv
+ fuzphUSOdO8mw569Cf4T6Pdf98xzIC4Rxrka0J023SyTrfVJ4xclw5R6soBz9A2D
+ xL7ijkPg8fiVQqULckZc8aTqe2VBilSTqPM+dpGQ5Wy2cqjjK70MCPdIMevZlmIH
+ bogNSUpsfKZ2lqboE3I2AaJJiGau1/1RF3cV4L+NK9wSUJNJ/MkPzgw9Ll+SKf9d
+ vPhGEsE8QUhT4jPyeWA5CSa4K7QfgLRH6P7VgjVanNKolPhSQCvmyIOj5ZYpU2TS
+ njrN0e6BAoGBAO03EPy6o8zand0eHJjjcvlHVX1gGfYxsNnffMZcKfaD7XUEEMk7
+ 90ez3gsaYPdclpCuV2zWYBlS8AKO9om96JiAejsqnt5wgi0NS79ms0P0Uv6zVYnT
+ RbpzH8/Ydbk3pPd7NdoaNEO7iYVwaYUC526G6td6+fDGumkxnd94dxcZAoGBAP5K
+ LJBPFuBA+iIgB5PUmH4u4VEQaE6cr0CzKy6CSTqtmMtKKRq1t4jvqqtVYE04Vnji
+ Q5+gw4I1yXxnHknH+4kzJlgQesnPWtlvTyQQhjGFryqxWaFNu+uflSvMeNzOfhpI
+ R+c278tAEKoCwxzGCw6tYdYmYy1lYmgQc+Xr/dnJAoGAChDlIqRU4ROB0Wk+s2or
+ bdKOGSTj1SOkqoomRFCS40gT4nxKrg9iXeOPD4+N/9Eo/ni3cwHh0BFJ6AHjClNJ
+ tHb3ON2FIlFJ5NmEllmoT8DlaLN5dMDHW7MY7Xv0+ugWkv3ieh/Uie9CVaxAfgly
+ gqks+/nW81WrgV0+osX837kCgYAZhfRnH6kaJSt2FWTtT59muuneqxjtGwj0I4eo
+ CWe0PgxiCzWI+shLNFMbE1yxI4B6bat/8DDvdtqcY/VETpBOuxWULUNF0kw6GtQE
+ uKvfeJ2WWWq3qAe+pKviU4mmEAvUM4EUEg2LhwilJ9XRo4ckl/6D8iJuQgjYjR40
+ 67T1EQKBgQDn86z6ryZs7L6lnZuPNaQ7TJiyv9EXeOQsQ2o5qBu/fVNDwYlJjab9
+ OJa49Sbv2ATAnp4ftkkleF/gFtqVFObiclkAhJXt4PqmY1JklLbaWKAxLv1QGRot
+ XHnidwjx1VXbKTbnfXY1EXPpAdsnGmgyTfrr4+LW4TeLaJBNfj/Kkg==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA3uECyQsHrCTYCo7P/KuFNRXpqT5h/RN5c8CxBVKtr299NH0+
+ e4W6BkGbuFrj1I+mkYJjtSQ8BAL53D2Df7T29INHL8bSpKm7vs4Vhqjbd7txJXLt
+ yLVbQ1/mmoKfTu0aZJ1nlXZ2pL8tCdF2lRBS5YAVJlL/AL6277l2JWUdeS7ZsLiK
+ WdWeGQz2MXOpvQHlwB003Xq/kIcXSOyJnoO72U1GIvWHZ/lc3psVztWh+aztY3Tl
+ buf667ohCCaiJWD2EVl5Q6HhaaAx8+K3G4LbJkzK+YNK/p4/XrdMRzNN5U0Kac4+
+ f3aIwTR3+2/0Y8MAy5GbiIz6J4mpv0fAX+jJ9wIDAQABAoIBAFkg4lxDbO4KTdrr
+ AYGplbuE58wmhkkOYKNJi4D1bz+Y9hjnfPUopRubYQp4TmPSjmniGr11oAp6pjDM
+ 6KlJVPizBuS0PchbmBjVkQYowJtA+h5ft3dsDvMChtWDJvIJH2TdDW9X0FpRmVEz
+ 0pgJzxy3+703s4I4wi9bm0OZDBBJTPgbQ/MJmI59YxAszEByxOc2zsQCbICwvr/f
+ E2mZvJUBSzC7ySLZQ3LkYiClp50bRVYNyDA8xPQbJHMw268zWJUWgmHYwAxZ00Ke
+ +OVQte6qfaEP2rMcKQc6MCrZha1223NDQ1Nwg4KiJL4Aj9O0uADmDajjZ0HA5l5O
+ coPfiwECgYEA7X+gC/87W2I5Mr6VEnVqsvuH7O0iGUA75w8aCmGpxRoJBktoYxa1
+ a1DfRLH5aWIKF4W/xPMVgYuQZzVU2wDvDSkIwsWYT4zaKCadO50t9Tmvh44ImU4q
+ +O34l77Ybfb4Af0m/YU5Tz8mf8JBndPkApbr4GGoxNLPYUC9fJVUaTsCgYEA8D3U
+ s/oyXzxlQKjKTvH0SzUnChlwPoIFLUAYU2RrkGQD21QzfgpJgihh5vGmEI47CUWb
+ 00vzFm/KdnrHAUfujT2ATsqqhy9ahA3L7xrWqepsEZt7/F209DMi0E1++N5ss54N
+ juZaYfS3AFlTFkkvNfIWbcyz6fMfyoim24ZC9nUCgYBDEiPUv4O3zwlwNzpKODal
+ zTsZwe47S1SfcDhebi5Pp4ac7HbSZPtfDzu+XrSc+j73XaJGsI+GQi/Jtdn870qT
+ YN9EgiD9dj210RHeYAk2k8/qbEYpZVXlbu8hi5f7lh98EE4Okq0YoDDzK5z0QX7G
+ 7HA4sdvDmfVO9cWNhW6NOQKBgBv7B5gCrvU6ooxaXF2/fnV39lkNx23wVMwFaA/m
+ ZUTG8VANSYYHirI3I9fzEyVge23EBrcgZGqbkJgmCqGSkC0xGY2TuzLNiBxTQwpR
+ NOlLXVTbqCAnhdjfT9G1BPHVbhGpeejH2YUJLHtE7BFvaqk8zfHx4o5/+5bqPYzZ
+ 4Vi1AoGBAJtzPKVdiFlP4QHxU62Hbz5jVUIsBjvWENNOH5uMxqV0RabQxEr1me4q
+ 4N3RlJLsjwEmQ34bwZoztUK9ugDCts7E3BoaQ1CSST4IwTePxooZR74Ootxhco9u
+ ZrSLRT1UspjJhevPc4zg61grlm2Y7hx3LqWEHulumNwvnLC/4Qg0
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAw5QMmK00nsuIs0S7+ePEV4SLSSeVTvQkKFfzbdtK0Ca3BbCW
+ wkbB9ywr2PVX6guY77T2HxaUyJOuuCWFQ2+wjIvwOFY0De4S7g4GHu+88oPwUKAp
+ yHLFYqtn2vGr0TXSUDW3UeCVlXZc7yKcG08z+B94ubBg6fdRO41CKSdwjS9wsBqC
+ N7PuEEogOoovU+OWOaPV4NL8E4OqJWKiF0Xz3BuEkZOrCBP8hX9Gu3oB2HdNxoTG
+ Ic+f5pOZbWFvxYZnNXeVLaDDcYt/yOXKWoAnc1baaeHkQfdSHpM5cDdX/F9JVDUE
+ vi/hRphaTn05zriLplDUv36qwC60SZX/y5dbGQIDAQABAoIBADqXthZffa49J90d
+ MHuy4vWdPeVSuIaI2fRENSeqVQV7M8W+m8vkSuP0FcbP6eCyTMUzn7C8oSJeLC/6
+ /auwYGIa4oLeQIYT1xP+m5LVG/RD1tEwypPE3qGq3FhZorHwv+tLzHn5IJdAeKMj
+ 6US9O8KQGyj2UHKHp4yBy1ps+GkzUSOQ5NAdfbTNk9xP6AtKaQsyuN5MDmmD7Tll
+ 6dfR9h3W6Tk+60a/t7goYVIwBB8m8L4uhojsQ3jPMrnHt+BIF5Tmpq+2JoKEgHY0
+ dDnomqJ4TgJ9vNbaAxpge/5QF+OCeG9bmlMx0oBUFRyORr9R6L08d/H1xNzZM/E7
+ eIc8mKECgYEA2zZa+xjDRZwqwGrZkGEb0K66Pr83bpXrP2XavGfrMRRqTwRtTukO
+ /AOAVxeXaYXbr3X3oly8HA5r4Assu08J7lMVr+P3rZeC5zAdgJWN0CprmCbyINcv
+ gmxgYzZXR46upDyTeRZ9NO0H+itT9n0W3SNMBtrtp3F18/ILID0usZ0CgYEA5GZY
+ pfUBAsFSCJxLdnX+tkQ4XmZp0G+3xzoNhth7GPEW5X4F8GaJT8i99V6opby6cWvP
+ wfYd94JGMDsVkr64c5qQDsWYNeRSJapSBbqpUVNCZxJ2W0h6ViUm/jEqEZS/vovA
+ m41A9FjaLm0FE65ahCXAO1wA+k2FcnhAPk/IZK0CgYAfcDk2H8QJnK8I74oKSdMK
+ Z7SwQQ47HuchLYNkV+cEH/BrKrBei9ApVns2glyltpveGyYLtA8KWwsfk5qztk8v
+ Td0jX6dqzvroGx9wDILNIvhRVuyMxy+6Hb7pG6cCzTTAuytPR2lniMMHHuWoySHZ
+ TzGdHhLNW9lVxhXQZtXmhQKBgQDEMcZkiJldrIKzMs7/60vpdaCWNpMeoVjUomGM
+ O9lCC5cHe8HOR8Yb6uyCIdXsyLm/REUq8Ce9vQJd2+MkMwBvDY5Boiql4INQJ4Zd
+ tYJMgaDAuXNB5nhwF2nvYHwqrgQnwhSpiiUJwGlrB+schODsMyF13Apa+MxxECrf
+ W9lf4QKBgQCSNYrSjf4eszLBtcLO++6KUf8NbH0t/zEO2jwGpvO3t8UHti+KeqhC
+ 8wjbghrf8q1Vpf0/drxRdv2cES1BlZWfan7861CTmyLLGjZ9h84Eqv5d7C7BH/zd
+ MkFOORTjA3VA1FZU7ZmCHuKDH9vtmgNaFEeszikJmK6nlLeISPazHA==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAv4vltDeQ39xsfPwmTL2vP9cFR5jKPO1ppxLhU3PPn7+E1ojJ
+ lKrM3bJFqBMlkf+box0FKYjcoiESge8dk0Q7ju2cv0n2xfxG3BXneZ9augeG4JDl
+ nUW6zCdHYj3KFo+9xdVCE8bGkKzN/roKbZLoly1nMoxSRGU9vZdX8oJaW4r0PF7u
+ SFCqlk5Um8ve4esp8FBciAuVlfEwtPPaz+MwN6oOyuHEGL3XvvRjBGJXDkdfguNH
+ yAwnRjU0n1915Y4nKWV8/zJ9xN1RDwlAjOTa8MqmNGimphhRPbdutA3sSoYry6S5
+ v0DIeCa5k4oWD4VeaSZdGLuplklpMAdpxwShBQIDAQABAoIBACW8OsmRNNJVS24o
+ AqeVquPJyXl8aUMthmXqu0dEhn+zLElTc1r9dxSp3T0qYHltwMyWmADBvK2YFFxS
+ riHoDE+xEfNBcAM7Gv6athpowWfqubCd+w5LwWwcxNxezeQ59yn1RGo++7lewcpP
+ /mPt0DKQOEdmC4L76vjhyuq0sXZdBoSXc1V8j6A36JSfcCMN6tmGKuzAPLCam8+4
+ 3nU8/D6bRG47TO9YsOPYg3T6ZZwKVluU9TpVrx+J6nIWlflLf4q2P/1voVhWu6p/
+ e/mFfYgYrTpNpds1kwiedGTuMEpPfD6KWcdwKwTjFfPqTlamd5hMIPmx7B/ConUp
+ gsR4iEECgYEA/fVcyt0qIvE1kLL2XLHCjbm+gQNhn44f1AM8QYj5Hu1ULYR3TmS5
+ hbnkpykZVUy5vcLP8EB2FLvLGrE8TYdguV6LPgDkqq6TwGfoLe/D8rZBUxBZzL/Y
+ fUNVY/w46yzROSbWPXXIkC/EzDpSJawcEs8vbQ40Sesj89vn3GKGmjECgYEAwRYX
+ 2f8cCeFDqEdLZB54jw7z9TJ5MfQ92lucO4INeIsLST5U0vYmnkSQDhLizSnUfUnB
+ W0+dBeLOoTydu8WhgWsCAdmR9UVv2llhYrL9WrlaPx1rB1QMbczeL19eF1VZSqPh
+ +Fr1gRcblJQLECdbIhshSPQgCJH4L8GI+r6f6xUCgYEAqr7wT5jZfrrMd+hLSdFe
+ bGmJEzbRyTQGZEZ0md9dF5UbtqrMiFGihq2QdW9lj/tRGqvDoNXGTnRgvyaQ09OE
+ jb1qQxrYo4VS49c4vMHq7eHqE833gnkuNjIyVFI9dqkgVputCY+KdJ8ZYvKHTrrj
+ +SWBzoHxWA2Xk5qzznIT69ECgYAiW9oWsqy8nVc6xKUHxdxSKKkEwtyKJRo0lwSw
+ Gi5neuahO/RALgklNLIlrvqo436qZMuBgiNA/uEiE/VFip94th//UEYGzTpgMnN/
+ 6rXmxQDoJkX7YdtsVn5bE69cm5VuEMePODBjrkb8I3PshfRTl1xO7RIeNEtjxB6p
+ 7+3pGQKBgGX+29mUiK1VJBbt6/yEHU1lMeOVQIMIdiJT+iYtYUKWiwu6K6YNW2gX
+ 06PbpNxRWWw9mErExz/HET2onW20wMe5HRJ6uIF8AvjDkofCh3JXg3SGy6uXjOsL
+ 331DfZUA+0vXMSnnK3ZOPlgPkUsS4qT/5dqcRpA43mfNu6O1Skz6
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-jump-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAtFA10D9aUe/A2YfOhNnzlyogFXKKxH4O+XT/6RUMII+w/PTe
+ m3XJU07lctVPMY+h5SQPu1nhj6uNljp1TzSpXV+PeT0QhzClGpmEYLgVL4Ax5IWA
+ V4YYfKxbOj6r3FDdMtI5FHMva60qkcitPd4dQQz1Rf8YnI8NlyesE3rw2K1Dg88O
+ 99QrNm5pVYKjx++rjM561ymhGCJteCDFv2Akg+rOQU96GUJSoW3z2CB0siVAlUwn
+ 34SxdEYhG857KuoGkucpr1HX/55znmKrViUvDlfcvAfxzPwtn1iH5s1fGRyJ6M9L
+ DWtFzLRxs68lzeYNpB+gr+ohcqR8zq1/CelkbQIDAQABAoIBAEqWm4wniM84JEhX
+ 22AtYIx5iogUt76MftlGQs5CPKADkK0zBhq84Kkri9Ky1m2kAs5s2m0fwyTRTGKG
+ kBxRpnXPn+QBFKM3xjR4qL/xpiHeH8VuTCboe5ynF53CawlaEgaB28bP1x/tpBxm
+ LPPYu7U7DQMFgULSEkcizBXK13JplxomiIeJa8Tf64ecu1e1kznshqlM5qK9C7ci
+ 1SrMYT9FO2nZC5iK51rHavTAs4rWbK/w7d083Z2dhrgTkkRWETkIuZXZ+p/h3Vrb
+ OfdSrj6CM3sq2EK8kBfURAGO0dB6PdgD2UAeCQluQhe1VAEJb2AGS0ROaQsZjnP6
+ piii0ukCgYEAwFENTvJg6HLJq/UTIyNj3Pw9U8gfHwNRbDSQS7aTsyQjrp5LNpu2
+ +OmRmhNTj87qUppr/tyvsavp3a9yrx0j6B+oKF5nf741wNC/t9yr2+vOTzKCb+HH
+ voiZe432TKj3MqZMZAAEV9Pim/VdqUoc+nvnrSrlKlqS2D/J/qk6MDcCgYEA8AWf
+ aKw7r5BVSE6CoAIeIH87YripGDqEE/DDS84MaM2dSNrSDQvAWHmHkuW40MJs7OZo
+ JDGMlQP0MsAsB/YMxpT+9PC20bZ6kmNXLC8dEhSJ38EGQkbeqikedkLxhLSDQgxj
+ DHwZiut5Uhbchym+APTB3RiitReNpxMK6lDslnsCgYB3wkFiVycnuUuCzJOFPyWR
+ 2HWsNaPDoUJT+oucym5BkRCzTZmSwPb5HCHya3SOyhA7LjRwOicioeZ5iScGi0Pv
+ 6b7CnL8g2mcI0jWBHmbbBYWs5cw6NcQ4D0JcoXOuG04MeWh6oVQTCTxFWE9h+2f+
+ R6hmup6IeGyXQ2nbLrCwkwKBgAzlMHBOOJKxHXPaC/iOxJGYZFdkdmk/05LCr6tl
+ 8ZK74URlxT1AMWBPfzIsN2a322RK6LNxGg1zfe4wFu2CkaMlpCECwb+4nxM4VRmh
+ ml07T0D/PNfYuOPJe8J8zD8F97tXsQadsD2fcxAu/EAixPuGKtg3F57FGi4svrxi
+ BqP7AoGABlD3ZSAnEew3XcsfelU1I8XEDur8FZYJYdrKiuIgwYbeNQ4XS4PzMFBU
+ pkjM62EXAEIkCyDMk9uyAyUgun6wzm5hZJdLbMraRZp7Jvn0n50lLLLbQIswRlDc
+ iSb0ttXSpu8elbF6rmJAtBhmz0oqQVpliNWr4o/Tujmm512q4JI=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-node1-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAwOpt4x9IxYen0zIPzL+U9wmOJlswJx/kYGgO1HICqTUqnxkV
+ rOybvdd4wWVJNNEr0whvrCiDlLbHfnygyXwkQC1PtV9HEUBw14AIPjSF6DhhvFol
+ UeK0Pek44p7nXj4K1t7crt1exP4Jigty4DAe972pcawHSqkg0oT/5mMKqjuh7dsR
+ uNdFaeNgDzjlvVbGQW7Wen+FjCds6VwsPYAbOmgOcbNsBptCX1iznwXLp1L0sRjR
+ xWxFPzmVI2f5eB7tsSt2mgsoOuZPTQbL7i13eGzlqsOqExWr19/LlVaLL/QOP/5B
+ mDGg6K2FB3BfjOmHiY4sY+EQ6W9bmgd0XudlcQIDAQABAoIBAFVe6OYbkA6p66DQ
+ hKFtHrT764YZ0INf36ayJe3pzjenKYdiiG8P/hPS6MNc2TqgXi5zi0e6XhBPmpTk
+ /hpr73bfFmkDEuYViFo1dHBiued8G/RISD+mfXDwZpYTD/xqpE1WLn7LxAaVDQ+j
+ 5WBEq0+jBPsiz89AbR/8b2o65htSp2XSH/Y0tOALYjEuxJEeS7ybumpgMT5+qrM7
+ VIqJMS+k2iqw7KcRmU1XsuX9KltiAEWSv0+NMNI+0+3j4ZXX43UrHdixqiFyRtMm
+ Gvua/b06UcapXBSApgDFbCNNsle1+duzb+DRxXN3Q2N+D1XlRDEVmowq2KvODvhM
+ iA3jv2ECgYEA6u1XL5yns+zEjkw01hJhTXuLZX5QgynaBkQwFlmhs9EW72YbxYnO
+ vzWK6WJMavn9JheXIBj5fnMhZIS95w69gtL6If8nH+DnkTiEU1RFH3tyDRLXvq77
+ F9fxwZ8izJ3v1rAKkGL9UQ4KxQE4r3KFMuV5vaiwZu/wIuVspWRhhf0CgYEA0jhg
+ YhAj0aL32uJFxXylGnmp09Qjm7PYxLTUvFm2FbOWM+8W2lZUJPicce9UIRCnNmQY
+ KyXZpJI6WUnEpVAIuutW/rzlhqNcgBEcpFUlSnsib14BriaSx4loAIcyDYGmAG6O
+ jnHm2A+gaYfoibTFO3+k09Zh7cKRrkKQh+HlvYUCgYEA4MzsOOs2rr1J+MCDbrV3
+ 1qT55szQTjKmJojpWvm5+k+CGuMigAw2glHB80HUzikZTHIWcuhzFcUllwJOleNN
+ BPrNz+pQjfiwng3u0a451r5RjKETQaw/KbnB5P1aV2JqNo2ODkwrCnzdYVah34E+
+ ZE2iCRJ6eoXuy/Wt2TYM/CECgYBKvqzWcTKrKSzDcMyqCUWTAks1/CmlBO9AEaPK
+ TIOHd9EiKhKQEz3b32GQyS26i/dISZKmVNDryOpiMO5wcOKJw3+tF3DszEzpZCww
+ 6e1WbC20N1KVnzV1KRAHkApl7wEdCjI5x5nynKvGmgI+ZD30h9ANWh57sUCnGxfU
+ mKddGQKBgQCtXb+6zdcuWS7Vri1lTE49831NZjC/DobwRhE5QJRnLmPFiCzOfnsr
+ +htnsJe/fGns445qhlaHH7VDRkTZlDZs6oJviECkMTk56Y3K72YUAQXknDswWUtM
+ HP+8NaFAWaxm8joIG2iD/etVlt2OEtflCk6M1ZXviNoKogM69cFlyQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod17-node2-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA7xv2/Y36/LeeUMFWWJ6ztNHw1BIEK8EVjQumZgl3fk7yXquv
+ 9NFbto9LXQo9Yib8741Q6BFtZ4ID4n3h/c65atA66V4zWnaVivs7UVsIoHGLz7lw
+ rb9plkHIN118o56ipWWcojiUfulAHC7wMIklEI9F9zOhRlzgvZbGpy5dSGQ6ZjqR
+ lWkOQNxVnvY8qqJnrrC6ucPGZqibhUo7UaLS4qlf0Yp/TjGsJjYsNwTACFUZOMpy
+ ZZuqoC8vLVWrNYMAZrMSoUalP5NNrKCQVGBj4saOIFDNcoWAF/Xdd21TTnYHyENr
+ EaLrfBEdiKL/Qjl0/l3YXVZ6IMNLcn8PVQQ3NQIDAQABAoIBAH0vnvjRRP7bA8Az
+ +Qkczel1oSjm5dgily3pU41Il49BthNqwAzlL6c9Dq//lHO3BeZFjn5x4V237GDA
+ l3lSqjEKJE3aS/io7VJ+hmfpyXJ3AEQZSq0s8hMBDdouz/q6K118/azRAq4PYMlg
+ qdA/fXBWEsOB/IXiSqf4MLmGxMAI9nZqJNnoPXZ4FCktIpWQfgOTYS8H865/uD5l
+ JdVxQzln4qw+MY5C6zL1vDvmivjhpgJRH9aXn06SdZ4AesaM2YxBpbT9Qq+i6YBK
+ QVEb1DHujr1qXmvT8X922NXQZSNN0Imn5/DUvZ9kiwpModbJIgUSrB2UqsTgDR3/
+ rqSLpQECgYEA74+HYaNg8/A0NUh9EK99o64Hik/8+Z3ZyH+2qIVitBZ1y0GtAcbg
+ 7onHpG3+4PCFHONZZdGNw1QkUD9zrTpZg+AuYkj8dph3UHRhOxE1t5A1E/f9dgZ1
+ gRaUxZwS4sMTD4pYgm8XDBHvBndwD8d0TFmH8QuC3T0XxkE/gqV/9lkCgYEA/4SB
+ cXPBI5OGcWJXa5Z8xzIDGk+Qs+f/xwnkt4vLbRZ9Q5hGUXInEV5ZhsIjXZNFhM9F
+ OO2mPerMWL+FDYHR7I0AG6xeD4Td2IwzJRHERPXaWcb3g2zhZmskoKBA3w7qfdOc
+ WRSxm1cEWPiM6dfrl2/6IAVcagYl+/w1ueWyJD0CgYEAqT4hSt19tVjRyYL4uD0C
+ 6gwcz55K/p6CKZ/wj4YMgWYMuhgf/c1fQ6abIJOFKa1CnXIQyloNaR2cugTZ2FwM
+ uZo7qrwdgDuer3xI5M33wUNj/EOLEULm6NfnKuRkg0eFw8jdVujcw244C719segb
+ RYVLAQQ848gxb6LRF5+Mk6ECgYBdIZ/IiUdZPzkedJimdzhNplXpLhzw5dudYWbC
+ 26ouvaa0j3j50KCavQfmjTY0siwBh0aUxFH2eXE3276UOMAZ9x6V95JlF6mAd0Fg
+ /oPKGs4WMOYgOfxBx0WXYjGi253udMWk1l0R4HqOLzG1PeT50m+ZYjrXzhvkJ34x
+ np36hQKBgDH1Jua/aapQZ39JltZ8dGoqGnXRxE37+fOnCiMphjNABP5dOvkbwmH4
+ X4s8t70KPzTNsCMPBk9ACxSoKDfT2vrzVIFc5Sy9eqO/Tufbis5EkVLx/AR8gPtT
+ PxcyBbm9ERRrR3Wv51myK0CReM28uuDAg0RpXvn8fH4PezKRoRxy
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN PUBLIC KEY-----
+ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VjcwV4weIFgFq25/aMn
+ gxvHW3elx7bXr7G1HI2EXsFVVUniJ4TfONkVpKMf9KLezrScLJL8LZJBo+kXtGDb
+ PWmL3VJtfEmshSk5EyESDAvg35sspToOaLbi0OE8uJa/9zE5phuMxVlMPwJgdKZ4
+ 7edqnL6JcZWJWLGtqknS98AfVvkKqzMkO4H2QTcZz9EjKhyHi62jwd1zj1WWUgbT
+ WZY5ynWT0d4I6jkAcs/R/ih3eAHUHY7ru370+1PkcFjBcNOeI65UiL4oXpbqFRKE
+ 16eVFULPpFYJ00thNGwgKFDuddrSV8ApXxliFgvmsRRdKhmNBU8fTcG7nzdl9mDf
+ wwIDAQAB
+ -----END PUBLIC KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: service-account
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/PublicKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA5VjcwV4weIFgFq25/aMngxvHW3elx7bXr7G1HI2EXsFVVUni
+ J4TfONkVpKMf9KLezrScLJL8LZJBo+kXtGDbPWmL3VJtfEmshSk5EyESDAvg35ss
+ pToOaLbi0OE8uJa/9zE5phuMxVlMPwJgdKZ47edqnL6JcZWJWLGtqknS98AfVvkK
+ qzMkO4H2QTcZz9EjKhyHi62jwd1zj1WWUgbTWZY5ynWT0d4I6jkAcs/R/ih3eAHU
+ HY7ru370+1PkcFjBcNOeI65UiL4oXpbqFRKE16eVFULPpFYJ00thNGwgKFDuddrS
+ V8ApXxliFgvmsRRdKhmNBU8fTcG7nzdl9mDfwwIDAQABAoIBAQC4blNn9LSJ05BP
+ 7Hiq7O8zUb1pYrgf+HtOQFvikDMod9SFd5q0KPfRIVF0SfHCqs797uPAPJsqknjS
+ tPlpBpKHuj7NRiHhVuWzV8kcBvYaVdsKNiEa5ar8rkWLr/VCg4fv4tf3KiRz9zGH
+ YgPrCowo1HY5gkfI3XXLq2Z6kE9lBsb2m/H9rJx4g17B6KDEaaOI/J2FNqy+SMSG
+ XLYx9Oqm6YUWUSbPXd8QUd/4axHgvecniz2KCg2YoGP7Oi2ercp4eXVrJ+FdoJSf
+ IUI1derpjMrd00VaFk3RfmKDzbrOlBp5lAkpGPydGbLmVAOaAsK9whb4BvR98ruv
+ Ph6xQsfhAoGBAPK+8YtQe5+LCn/9v8qsuP4DdRQ1lWpmxF/VbdOHupy4RhfRe2fd
+ MlZx+FjyU9UzYLBmq7VGTH1Z6v1obqqEpRbIuX1HYmbw3tXjnAVR8zD1bj5hvIFK
+ /puOmnTN85x27PYZG1rK4MfZE5O6KF0tHaxxD1HtV18SPjHpyY7ivpbpAoGBAPHe
+ oi1DsviS+QFdznCPtMBOZb7aEmylendMqfEPPVswQjsExSRJwFlh2tvurTFIflol
+ U/Ve+uRE96ZWvUYoTo6ZMxiv7nyXOz6L7u2M/95iIhQ1c9AMINyuJ/sRqtXNeN8p
+ wtgfIZcP/l1JMVXSZB3PXuc7sLFftLoM+M3ITm3LAoGBAKJI8Wb4CY3iAMUMubof
+ uxVm7lDyec/GoKaJI4F1jlbUA1hNHjmT8eFFFIkyiMVSMeP83/Ky6tQq1yVPOh0Z
+ zNzsmMWegbTcd717C4WrAfDLREbERKgToSASOES6o5EJGOZ2ZolOdPRmteXfYLja
+ PqpYc6uMBwtyQM5RxASYpl5xAoGALw0dRWrvDPYiZIaoGzOJeQOHPXpUrTf/u+d5
+ A8DwMaYQrESASU/jkD++AJzMqlKs6cJrM8d3TSKxfnVPOq+qoIji7MGExk3xI3i7
+ URDl0ZALixze27EQT329n1TPg+oFwnvwQHTF5wogdGtBoq1b9oSZtKfi9o5krPDL
+ EdUOlMMCgYEAh4cP2xvxy+hxI7pHb8/EmcSW5b1t+ib7OyDaLCi0jrPQlUTp+67y
+ 1GqNopNX2qjquaEs2G2WBMnyNi706ykmbO3OdtEGnXG3TVMnrAVxDytoZ5/haE6j
+ J5TG1WP0RMYgOOh1sLtsfUjKr0bbiciOenQxhtuCDfkkuHoftIWEZPU=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: service-account
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/PrivateKey/v1
diff --git a/site/intel-pod17/secrets/certificates/ingress.yaml b/site/intel-pod17/secrets/certificates/ingress.yaml
new file mode 100644
index 0000000..b799fdb
--- /dev/null
+++ b/site/intel-pod17/secrets/certificates/ingress.yaml
@@ -0,0 +1,135 @@
+---
+# Example manifest for ingress cert.
+# NEWSITE-CHANGEME: must be replaced with proper/valid set,
+# self-signed certs are not supported.
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: ingress-crt
+ schema: metadata/Document/v1
+ labels:
+ name: ingress-crt-site
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+ BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
+ MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
+ ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+ ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
+ r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
+ F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
+ bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
+ eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
+ k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
+ YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
+ EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
+ gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
+ MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
+ bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
+ gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
+ aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
+ BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
+ HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
+ BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
+ WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
+ X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
+ vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
+ JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
+ ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
+ DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
+ w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
+ VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+ -----END CERTIFICATE-----
+...
+---
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: ingress-ca
+ schema: metadata/Document/v1
+ labels:
+ name: ingress-ca-site
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+ BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
+ MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+ AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
+ OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
+ o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
+ YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
+ fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
+ GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
+ T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
+ d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
+ mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
+ BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
+ AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
+ 2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
+ EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
+ zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
+ XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
+ d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
+ TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
+ XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
+ +g==
+ -----END CERTIFICATE-----
+...
+---
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: ingress-key
+ schema: metadata/Document/v1
+ labels:
+ name: ingress-key-site
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
+ OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
+ 5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
+ 8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
+ U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
+ Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
+ MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
+ g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
+ DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
+ qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
+ qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
+ 3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
+ ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
+ Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
+ uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
+ g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
+ PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
+ +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
+ HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
+ X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
+ wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
+ GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
+ mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
+ mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
+ ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
+ E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
+ 7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
+ 1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
+ 6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
+ TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
+ QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
+ pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
+ /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
+ pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
+ dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
+ 2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
+ gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+ -----END RSA PRIVATE KEY-----
+...
diff --git a/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml
new file mode 100644
index 0000000..e21876e
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/apiserver-encryption-key-key1.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: apiserver-encryption-key-key1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
+# use head -c 32 /dev/urandom | base64
+data: n9VBwseT/JjV7r9vbUR/MvCobe01Bdh9XtWgsNF5zLY=
+...
diff --git a/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml b/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml
new file mode 100644
index 0000000..7201502
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ceph_fsid
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# uuidgen
+data: 7b7576f4-3358-4668-9112-100440079807
+...
diff --git a/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml
new file mode 100644
index 0000000..9a9af1f
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ceph_swift_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ceph_swift_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml
new file mode 100644
index 0000000..0b49b62
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ipmi_admin_password.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ipmi_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ labels:
+ name: ipmi-admin-password-site
+ storagePolicy: cleartext
+data: root
+...
diff --git a/site/intel-pod17/secrets/passphrases/maas-region-key.yaml b/site/intel-pod17/secrets/passphrases/maas-region-key.yaml
new file mode 100644
index 0000000..73d4a69
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/maas-region-key.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: maas-region-key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# openssl rand -hex 10
+data: 9026f6048d6a017dc913
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml
new file mode 100644
index 0000000..c5f866c
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..bb19957
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
new file mode 100644
index 0000000..9bf0217
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml
new file mode 100644
index 0000000..5122192
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..32f8dae
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml
new file mode 100644
index 0000000..b22f898
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..040e657
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
new file mode 100644
index 0000000..5d76ba7
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml
new file mode 100644
index 0000000..26565db
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..b1ac8ff
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml
new file mode 100644
index 0000000..0739069
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..57db752
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
new file mode 100644
index 0000000..d103c27
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml
new file mode 100644
index 0000000..93ae0f2
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..496fae3
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml
new file mode 100644
index 0000000..3352d4c
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..074e688
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
new file mode 100644
index 0000000..39f1327
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml
new file mode 100644
index 0000000..5777ebb
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..74e2a99
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml
new file mode 100644
index 0000000..36db28b
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_stack_user_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_stack_user_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml b/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml
new file mode 100644
index 0000000..58129ef
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_heat_trustee_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_trustee_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml
new file mode 100644
index 0000000..7c78d45
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_horizon_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_horizon_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
new file mode 100644
index 0000000..78c265e
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_elasticsearch_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml
new file mode 100644
index 0000000..9232de7
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_grafana_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
new file mode 100644
index 0000000..6d5f49e
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_grafana_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
new file mode 100644
index 0000000..bd4e573
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_grafana_oslo_db_session_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml
new file mode 100644
index 0000000..52dbe16
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_nagios_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_nagios_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
new file mode 100644
index 0000000..64f78e1
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_openstack_exporter_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
new file mode 100644
index 0000000..9c68e9d
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_oslo_db_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
new file mode 100644
index 0000000..f134f46
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_oslo_db_exporter_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
new file mode 100644
index 0000000..b3df5f6
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_prometheus_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
new file mode 100644
index 0000000..9f64719
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_rgw_s3_admin_access_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: admin_access_key
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
new file mode 100644
index 0000000..3e06f91
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_rgw_s3_admin_secret_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: admin_secret_key
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
new file mode 100644
index 0000000..97c7d23
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_rgw_s3_elasticsearch_access_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: elastic_access_key
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
new file mode 100644
index 0000000..60f0134
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_rgw_s3_elasticsearch_secret_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: elastic_secret_key
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml
new file mode 100644
index 0000000..6c3f446
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml
new file mode 100644
index 0000000..2edf0f2
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_ldap_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_ldap_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml
new file mode 100644
index 0000000..07b2206
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..aec85c0
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
new file mode 100644
index 0000000..be716f4
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..ee7e4bd
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml
new file mode 100644
index 0000000..4d0b157
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..4ac42c9
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
new file mode 100644
index 0000000..6be02b9
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml
new file mode 100644
index 0000000..dd0b2b6
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..9e8ff8d
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
new file mode 100644
index 0000000..37d5c62
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_metadata_proxy_shared_secret
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml
new file mode 100644
index 0000000..2cd60f5
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..487bcc5
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
new file mode 100644
index 0000000..13569ba
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml
new file mode 100644
index 0000000..4c2223d
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..7a885e6
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml
new file mode 100644
index 0000000..11747a7
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_cache_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_cache_secret_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml
new file mode 100644
index 0000000..48df9ee
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_db_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml
new file mode 100644
index 0000000..61b4144
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_db_exporter_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..e7d97e2
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml b/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml
new file mode 100644
index 0000000..c72b59a
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_placement_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_placement_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..a3b5a2b
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml b/site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml
new file mode 100644
index 0000000..af90ec0
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/osh_tempest_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_tempest_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml b/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml
new file mode 100644
index 0000000..18bd485
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/tenant_ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: tenant_ceph_fsid
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# uuidgen
+data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
+...
diff --git a/site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml b/site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml
new file mode 100644
index 0000000..4d60468
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ubuntu_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ubuntu_crypt_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
new file mode 100644
index 0000000..33c4125
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_airflow_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml
new file mode 100644
index 0000000..8a1d648
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_airflow_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_airflow_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml
new file mode 100644
index 0000000..866efcc
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_armada_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_armada_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml
new file mode 100644
index 0000000..cb2da22
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_barbican_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_barbican_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
new file mode 100644
index 0000000..95a76ed
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_barbican_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml
new file mode 100644
index 0000000..5ee27f2
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_deckhand_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_deckhand_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml
new file mode 100644
index 0000000..e63319b
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_deckhand_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_deckhand_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml
new file mode 100644
index 0000000..b8083b5
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_drydock_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_drydock_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml
new file mode 100644
index 0000000..2eff525
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_drydock_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_drydock_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml
new file mode 100644
index 0000000..91f74fd
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_keystone_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
new file mode 100644
index 0000000..a9cb153
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_keystone_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml
new file mode 100644
index 0000000..402c129
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_maas_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_maas_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml
new file mode 100644
index 0000000..96ec574
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_maas_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_maas_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
new file mode 100644
index 0000000..b513af4
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_openstack_exporter_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml
new file mode 100644
index 0000000..b3c1325
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_oslo_db_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml
new file mode 100644
index 0000000..95d6c0e
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml
new file mode 100644
index 0000000..546de05
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_postgres_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml
new file mode 100644
index 0000000..abdaa5b
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_postgres_exporter_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml
new file mode 100644
index 0000000..2176e71
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_postgres_replication_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_postgres_replication_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml
new file mode 100644
index 0000000..ac40d1e
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_promenade_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_promenade_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..6a2aef9
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml
new file mode 100644
index 0000000..181a52a
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_shipyard_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_shipyard_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml
new file mode 100644
index 0000000..de0eed7
--- /dev/null
+++ b/site/intel-pod17/secrets/passphrases/ucp_shipyard_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_shipyard_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod17/secrets/publickey/grego_ssh_public_key.yaml b/site/intel-pod17/secrets/publickey/grego_ssh_public_key.yaml
new file mode 100644
index 0000000..2ca157f
--- /dev/null
+++ b/site/intel-pod17/secrets/publickey/grego_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+ schema: metadata/Document/v1
+ name: grego_ssh_public_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOyMag93evkxOvIKFryNGuaIqzuWdji7wyqoYNzTP7JI3SvEAdv/6yEo5Ca7/OxHWvKOfD8BaBINljMdHk3cj47LA47s4BFUpYxaYd6x5JqjSVFcX0JzB8FO4i/RE9q2HmqJJ9XuOc9ZZZC8CANFajqG9uvY0ChHLMifEtzi7KCPnQfDSSB5dogz3kdaukuUC9dtpUX04v29C9Mk9JaW4gmECYqPnwRZq0E+XFI0ipKtB5LtGY191p04AYMWHq+vZXo7F5k2RKl3PRiIEBIGJjIK64NhzIhV4g/8nRABeNO7C7YbFHbNbXW2ztzZA4Avt/nPVn5goDuaY7kus1kWG+RRy1oQrFRL+MIbuJkFV4hkxa9SonUSTPNj8rk++E94ysVxundWRxhT9eKU/tDaVYg+KxoUApdk0UfwpbUNl/FtiEGu44hutYfON4EMYgHIc5lbfXQ2dSQq82jTdEeP2/LcRl+W6Au9chlzly7B39rCzi9hSjezb7r2uJ5ZhdXLfQfPaBg3hS+4Tt/QmBkj+1dZZVyJ77KAabd3ppr+KURwUEdwqP0Www9yExdhbO2ff92ZzkBe+9dUKaVv/yFapQYCgguwuRqG7a0tTvF/5aLx0IVghp6qBA9t4ysgpq5KqIB1aTuo546ftfSGnZZvbJhND1qMMqT8shTqaBkctGEw== greg.oberfield@att.com
+...
diff --git a/site/intel-pod17/secrets/publickey/kasparss_ssh_public_key.yaml b/site/intel-pod17/secrets/publickey/kasparss_ssh_public_key.yaml
new file mode 100644
index 0000000..3cf2601
--- /dev/null
+++ b/site/intel-pod17/secrets/publickey/kasparss_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kasparss_ssh_public_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZBgcufBr6msHHnAxW96vYgFhDHqjYi3oWsg/E7BeoTT+962mSeU0roKJG9XN3WY++D83T5dUcv6PAje1Upzq9O0tX9daKET89ZeYEtZ5cwIQvf75caDIgfilNVFbIIc831ardHZVte68SRrtyToXdXJdiK0KHZyuMauZvU/T1Icth91fHYuY2Lo2G2+15A9VqKKW4v+Luvj8qJR98s0uMslkJozZH1xWbX2HbXzLLZuQZk93Z9V9QDCv5qKd9VBz6xDQ4d69Hf++qkHnKHznhq3mA1dIrSRNG963IM/sueoGCDDTLKPchZeZ4kWWH3vr0iM02NVcUV/R9kamoUzz kaspars.skels@att.com
+...
diff --git a/site/intel-pod17/site-definition.yaml b/site/intel-pod17/site-definition.yaml
new file mode 100644
index 0000000..1952cae
--- /dev/null
+++ b/site/intel-pod17/site-definition.yaml
@@ -0,0 +1,17 @@
+---
+schema: pegleg/SiteDefinition/v1
+metadata:
+ schema: metadata/Document/v1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: intel-pod17
+ storagePolicy: cleartext
+data:
+ site_type: cntt
+
+ repositories:
+ global:
+ revision: v1.3
+ url: https://github.com/airshipit/treasuremap
+...
diff --git a/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml
new file mode 100644
index 0000000..00053a4
--- /dev/null
+++ b/site/intel-pod17/software/charts/kubernetes/container-networking/etcd.yaml
@@ -0,0 +1,127 @@
+---
+# The purpose of this file is to build the list of calico etcd nodes and the
+# calico etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-calico-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which calico etcd will run and will need certs. It is assumed
+ # that Airship sites will have 4 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[0].hostname
+ dest:
+ path: .values.nodes[1].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[1].hostname
+ dest:
+ path: .values.nodes[2].name
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis hostname - pod17-jump
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-jump
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-jump
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-jump-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-jump-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+
+ # master node 1 hostname - pod17-node1
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-node1
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-node1
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.key
+
+ # master node 2 hostname - pod17-node2
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-node2
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-node2
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod17-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod17-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.key
+
+data: {}
+...
diff --git a/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml
new file mode 100644
index 0000000..365b3d0
--- /dev/null
+++ b/site/intel-pod17/software/charts/kubernetes/etcd/etcd.yaml
@@ -0,0 +1,131 @@
+---
+# The purpose of this file is to build the list of k8s etcd nodes and the
+# k8s etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which k8s etcd will run and will need certs. It is assumed
+ # that Airship sites will have 4 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[0].hostname
+ dest:
+ path: .values.nodes[1].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[1].hostname
+ dest:
+ path: .values.nodes[2].name
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis Exception*
+ # *NOTE: This is an exception in that `genesis` is not the hostname of the
+ # genesis node, but `genesis` is reference here in the certificate names
+ # because of certain Promenade assumptions that may be addressed in the
+ # future. Therefore `genesis` is used instead of `pod17-jump` here.
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+
+ # master node 1 hostname - pod17-node1
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod17-node1
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod17-node1
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod17-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod17-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.key
+
+ # master node 2 hostname - pod17-node2
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod17-node2
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod17-node2
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod17-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod17-node2-peer
+ path: $
+ dest:
+ path: .values.nodes[2].tls.peer.key
+
+data: {}
+...
diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644
index 0000000..eb921b8
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
@@ -0,0 +1,26 @@
+---
+# The purpose of this file is to define environment-specific parameters for ceph
+# client update
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client-update
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-update-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
+ # your HW matches this site's HW. Verify for your environment.
+ # 8 OSDs per node x 3 nodes = 24
+ osd: 3
+...
diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644
index 0000000..e1e8ecf
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
@@ -0,0 +1,100 @@
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
+ # change if your deployment HW matches this site's HW.
+ osd: 1
+ spec:
+ # RBD pool
+ - name: rbd
+ application: rbd
+ replication: 1
+ percent_total_data: 40
+ - name: cephfs_metadata
+ application: cephfs
+ replication: 1
+ percent_total_data: 5
+ - name: cephfs_data
+ application: cephfs
+ replication: 1
+ percent_total_data: 10
+ # RadosGW pools
+ - name: .rgw.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.control
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.data.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.gc
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.intent-log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.meta
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.usage
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.keys
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.email
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.swift
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.uid
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.extra
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.index
+ application: rgw
+ replication: 1
+ percent_total_data: 3
+ - name: default.rgw.buckets.data
+ application: rgw
+ replication: 1
+ percent_total_data: 34.8
+...
diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
new file mode 100644
index 0000000..8cf291a
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
@@ -0,0 +1,30 @@
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ storage:
+ osd:
+ - data:
+ type: block-logical
+ location: /dev/sdb
+ journal:
+ type: directory
+ location: /var/lib/openstack-helm/ceph/osd/osd-sdb
+...
diff --git a/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml
new file mode 100644
index 0000000..db6ef66
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/divingbell/divingbell.yaml
@@ -0,0 +1,72 @@
+---
+# The purpose of this file is to define site-specific parameters to the
+# UAM-lite portion of the divingbell chart:
+# 1. User accounts to create on bare metal
+# 2. SSH public key for operationg system access to the bare metal
+# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
+# based auth is disabled.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-divingbell
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-divingbell-global
+ actions:
+ - method: merge
+ path: .
+ labels:
+ name: ucp-divingbell-site
+ storagePolicy: cleartext
+ substitutions:
+ - dest:
+ path: .values.conf.uamlite.users[0].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: airship_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[0].user_crypt_passwd
+ src:
+ schema: deckhand/Passphrase/v1
+ name: ubuntu_crypt_password
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[1].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: airship_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[2].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: grego_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[3].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: kasparss_ssh_public_key
+ path: .
+
+data:
+ values:
+ conf:
+ uamlite:
+ users:
+ - user_name: ubuntu
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: airship
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: grego
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: kasparss
+ user_sudo: true
+ user_sshkeys: []
+...
diff --git a/site/intel-pod17/software/config/common-software-config.yaml b/site/intel-pod17/software/config/common-software-config.yaml
new file mode 100644
index 0000000..6122372
--- /dev/null
+++ b/site/intel-pod17/software/config/common-software-config.yaml
@@ -0,0 +1,16 @@
+---
+# The purpose of this file is to define site-specific common software config
+# paramters.
+schema: pegleg/CommonSoftwareConfig/v1
+metadata:
+ schema: metadata/Document/v1
+ name: common-software-config
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ osh:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: intel-pod17
+...
diff --git a/type/cntt/bootactions/promjoin.yaml b/type/cntt/bootactions/promjoin.yaml
new file mode 100644
index 0000000..1178c10
--- /dev/null
+++ b/type/cntt/bootactions/promjoin.yaml
@@ -0,0 +1,32 @@
+---
+# This file defines a boot action which is responsible for fetching the node's
+# promjoin script from the promenade API. This is the script responsible for
+# installing kubernetes on the node and joining the kubernetes cluster.
+# #GLOBAL-CANDIDATE#
+schema: 'drydock/BootAction/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: promjoin
+ storagePolicy: 'cleartext'
+ layeringDefinition:
+ abstract: false
+ layer: site
+ labels:
+ application: 'drydock'
+data:
+ signaling: false
+ # TODO(alanmeadows) move what is global about this document
+ assets:
+ - path: /opt/promjoin.sh
+ type: file
+ permissions: '555'
+ # The ip= parameter must match the MaaS network name of the network used
+ # to contact kubernetes. With a standard, reference Airship deployment where
+ # L2 networks are shared between all racks, the network name (i.e. calico)
+ # should be correct.
+ location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.private.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
+ location_pipeline:
+ - template
+ data_pipeline:
+ - utf8_decode
+...
diff --git a/type/cntt/deployment/deployment-configuration.yaml b/type/cntt/deployment/deployment-configuration.yaml
new file mode 100644
index 0000000..bfc6c0c
--- /dev/null
+++ b/type/cntt/deployment/deployment-configuration.yaml
@@ -0,0 +1,41 @@
+---
+# The purpose of this file is to provide shipyard related deployment config
+# parameters. This should not require modification for a new site. However,
+# shipyard deployment strategies can be very useful in getting around certain
+# failures, like misbehaving nodes that hold up the deployment. See more at
+# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
+schema: shipyard/DeploymentConfiguration/v1
+metadata:
+ schema: metadata/Document/v1
+ name: deployment-configuration
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ physical_provisioner:
+ deployment_strategy: deployment-strategy
+ deploy_interval: 30
+ deploy_timeout: 3600
+ destroy_interval: 30
+ destroy_timeout: 900
+ join_wait: 0
+ prepare_node_interval: 30
+ prepare_node_timeout: 1800
+ prepare_site_interval: 10
+ prepare_site_timeout: 300
+ verify_interval: 10
+ verify_timeout: 60
+ kubernetes_provisioner:
+ drain_timeout: 3600
+ drain_grace_period: 1800
+ clear_labels_timeout: 1800
+ remove_etcd_timeout: 1800
+ etcd_ready_timeout: 600
+ armada:
+ get_releases_timeout: 300
+ get_status_timeout: 300
+ manifest: 'full-site'
+ post_apply_timeout: 7200
+ validate_design_timeout: 600
+...
diff --git a/type/cntt/network/KubernetesNetwork.yaml b/type/cntt/network/KubernetesNetwork.yaml
new file mode 100644
index 0000000..1124d63
--- /dev/null
+++ b/type/cntt/network/KubernetesNetwork.yaml
@@ -0,0 +1,97 @@
+---
+schema: promenade/KubernetesNetwork/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-network
+ layeringDefinition:
+ abstract: false
+ layer: type
+ storagePolicy: cleartext
+ substitutions:
+ # DNS
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.cluster_domain
+ dest:
+ path: .dns.cluster_domain
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.service_ip
+ dest:
+ path: .dns.service_ip
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.upstream_servers
+ dest:
+ path: .dns.upstream_servers
+
+ # Kubernetes IPs
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.api_service_ip
+ dest:
+ path: .kubernetes.service_ip
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .kubernetes.pod_cidr
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.service_cidr
+ dest:
+ path: .kubernetes.service_cidr
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.apiserver_port
+ dest:
+ path: .kubernetes.apiserver_port
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.haproxy_port
+ dest:
+ path: .kubernetes.haproxy_port
+
+ # etcd IPs
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .etcd.container_port
+ dest:
+ path: .etcd.container_port
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .etcd.haproxy_port
+ dest:
+ path: .etcd.haproxy_port
+
+ # proxy
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .proxy.http
+ dest:
+ path: .proxy.url
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .proxy.no_proxy
+ dest:
+ path: .proxy.additional_no_proxy
+
+data:
+ dns:
+ bootstrap_validation_checks:
+ - calico-etcd.kube-system.svc.cluster.local
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - kubernetes.default.svc.cluster.local
+...
diff --git a/type/cntt/profiles/genesis.yaml b/type/cntt/profiles/genesis.yaml
new file mode 100644
index 0000000..54c5276
--- /dev/null
+++ b/type/cntt/profiles/genesis.yaml
@@ -0,0 +1,49 @@
+---
+# The purpose of this file is to apply proper labels to Genesis node so the
+# proper services are installed and proper configuration applied. This should
+# not need to be changed for a new site.
+# #GLOBAL-CANDIDATE#
+schema: promenade/Genesis/v1
+metadata:
+ schema: metadata/Document/v1
+ name: genesis-site
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: genesis-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ labels:
+ dynamic:
+ - beta.kubernetes.io/fluentd-ds-ready=true
+ - calico-etcd=enabled
+ - ceph-mds=enabled
+ - ceph-mon=enabled
+ - ceph-osd=enabled
+ - ceph-rgw=enabled
+ - ceph-mgr=enabled
+ - ceph-bootstrap=enabled
+ - tenant-ceph-control-plane=enabled
+ - tenant-ceph-mon=enabled
+ - tenant-ceph-rgw=enabled
+ - tenant-ceph-mgr=enabled
+ - kube-dns=enabled
+ - kube-ingress=enabled
+ - kubernetes-apiserver=enabled
+ - kubernetes-controller-manager=enabled
+ - kubernetes-etcd=enabled
+ - kubernetes-scheduler=enabled
+ - promenade-genesis=enabled
+ - ucp-control-plane=enabled
+ - maas-rack=enabled
+ - maas-region=enabled
+ - ceph-osd-bootstrap=enabled
+ - openstack-control-plane=enabled
+ - openvswitch=enabled
+ - openstack-l3-agent=enabled
+ - node-exporter=enabled
+...
diff --git a/type/cntt/profiles/hardware/intel-s2600wt.yaml b/type/cntt/profiles/hardware/intel-s2600wt.yaml
new file mode 100644
index 0000000..07836ef
--- /dev/null
+++ b/type/cntt/profiles/hardware/intel-s2600wt.yaml
@@ -0,0 +1,109 @@
+---
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: intel-s2600wt
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # Vendor of the server chassis
+ vendor: Intel
+ # Generation of the chassis model
+ generation: '4'
+ # Version of the chassis model within its generation - not version of the hardware definition
+ hw_version: '3'
+ # The certified version of the chassis BIOS
+ bios_version: 'SE5C610.86B.01.01.0019.101220160604'
+ # Mode of the default boot of hardware - bios, uefi
+ boot_mode: bios
+ # Protocol of boot of the hardware - pxe, usb, hdd
+ bootstrap_protocol: pxe
+ # Which interface to use for network booting within the OOB manager, not OS device
+ pxe_interface: 0
+
+ # Map hardware addresses to aliases/roles to allow a mix of hardware configs
+ # in a site to result in a consistent configuration
+
+ device_aliases:
+ ## network
+ # $ sudo lspci |grep -i ethernet
+ # 03:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
+ # 03:00.3 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
+ # 05:00.0 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+ # 05:00.1 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+ # 05:00.2 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+ # 05:00.3 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+
+ # control networks
+ # eno1
+ ctrl_nic1:
+ address: '0000:03:00.0'
+ dev_type: 'I350 Gigabit Network Connection'
+ bus_type: 'pci'
+ # eno2
+ ctrl_nic2:
+ address: '0000:03:00.3'
+ dev_type: 'I350 Gigabit Network Connection'
+ bus_type: 'pci'
+
+ # data networks
+ # ens785f0
+ data_nic1:
+ address: '0000:05:00.0'
+ dev_type: 'Ethernet Controller X710 for 10GbE SFP+'
+ bus_type: 'pci'
+ # ens785f1
+ data_nic2:
+ address: '0000:05:00.1'
+ dev_type: 'Ethernet Controller X710 for 10GbE SFP+'
+ bus_type: 'pci'
+ # ens785f2
+ data_nic3:
+ address: '0000:05:00.2'
+ dev_type: 'Ethernet Controller X710 for 10GbE SFP+'
+ bus_type: 'pci'
+ # ens785f3
+ data_nic4:
+ address: '0000:05:00.3'
+ dev_type: 'Ethernet Controller X710 for 10GbE SFP+'
+ bus_type: 'pci'
+
+ ## storage
+ # $ sudo lshw -c disk
+ # *-disk
+ # description: ATA Disk
+ # product: INTEL SSDSC2BB48
+ # physical id: 0.0.0
+ # bus info: scsi@4:0.0.0
+ # logical name: /dev/sda
+ # version: 0101
+ # serial: PHDV637602LL480BGN
+ # size: 447GiB (480GB)
+ # capabilities: gpt-1.00 partitioned partitioned:gpt
+ # configuration: ansiversion=5 guid=ea7d0b6a-c105-4409-8d4c-dc104cb38737 logicalsectorsize=512 sectorsize=4096
+ # *-disk
+ # description: ATA Disk
+ # product: ST91000640NS
+ # vendor: Seagate
+ # physical id: 0.0.0
+ # bus info: scsi@5:0.0.0
+ # logical name: /dev/sdb
+ # version: SN03
+ # serial: 9XG6LX48
+ # size: 931GiB (1TB)
+ # capabilities: gpt-1.00 partitioned partitioned:gpt
+ # configuration: ansiversion=5 guid=27f17348-e081-4b00-8d4c-5960513a40cd logicalsectorsize=512 sectorsize=512
+
+ # /dev/sda
+ bootdisk:
+ address: '4:0.0.0'
+ dev_type: 'INTEL SSDSC2BB48'
+ bus_type: 'scsi'
+ # /dev/sdb
+ datadisk:
+ address: '5:0.0.0'
+ dev_type: 'ST91000640NS'
+ bus_type: 'scsi'
+...
diff --git a/type/cntt/profiles/host/cp-intel-s2600wt.yaml b/type/cntt/profiles/host/cp-intel-s2600wt.yaml
new file mode 100644
index 0000000..1eca33e
--- /dev/null
+++ b/type/cntt/profiles/host/cp-intel-s2600wt.yaml
@@ -0,0 +1,96 @@
+---
+# The primary control plane host profile for Airship for DELL R720s, and
+# should not need to be altered if you are using matching HW. The active
+# participants in the Ceph cluster run on this profile. Other control plane
+# services are not affected by primary vs secondary designation.
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cp-intel-s2600wt
+ storagePolicy: cleartext
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: cp-global
+ actions:
+ - method: replace
+ path: .interfaces
+ - method: replace
+ path: .storage
+ - method: merge
+ path: .
+data:
+ hardware_profile: intel-s2600wt
+
+ primary_network: dmz
+ interfaces:
+ dmz:
+ device_link: dmz
+ slaves:
+ - ctrl_nic1
+ networks:
+ - dmz
+ admin:
+ device_link: admin
+ slaves:
+ - ctrl_nic2
+ networks:
+ - admin
+ data1:
+ device_link: data1
+ slaves:
+ - data_nic1
+ networks:
+ - private
+ - management
+ data2:
+ device_link: data2
+ slaves:
+ - data_nic2
+ networks:
+ - storage
+ - public
+
+ storage:
+ physical_devices:
+ bootdisk:
+ labels:
+ bootdrive: 'true'
+ partitions:
+ - name: 'root'
+ size: '30g'
+ bootable: true
+ filesystem:
+ mountpoint: '/'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'boot'
+ size: '1g'
+ filesystem:
+ mountpoint: '/boot'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var_log'
+ size: '100g'
+ filesystem:
+ mountpoint: '/var/log'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var'
+ size: '>100g'
+ filesystem:
+ mountpoint: '/var'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+
+ platform:
+ image: 'xenial'
+ kernel: 'hwe-16.04'
+ kernel_params:
+ kernel_package: 'linux-image-4.15.0-46-generic'
+
+ metadata:
+ owner_data:
+ openstack-l3-agent: enabled
+...
diff --git a/type/cntt/profiles/host/dp-intel-s2600wt.yaml b/type/cntt/profiles/host/dp-intel-s2600wt.yaml
new file mode 100644
index 0000000..e05a2c7
--- /dev/null
+++ b/type/cntt/profiles/host/dp-intel-s2600wt.yaml
@@ -0,0 +1,103 @@
+---
+# The data plane host profile for Airship for DELL R720s, and should
+# not need to be altered if you are using matching HW. The host profile is setup
+# for cpu isolation (for nova pinning), hugepages, and sr-iov.
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: dp-intel-s2600wt
+ storagePolicy: cleartext
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: dp-global
+ actions:
+ - method: replace
+ path: .interfaces
+ - method: replace
+ path: .storage
+ - method: merge
+ path: .
+data:
+ hardware_profile: intel-s2600wt
+
+ primary_network: dmz
+ interfaces:
+ dmz:
+ device_link: dmz
+ slaves:
+ - ctrl_nic1
+ networks:
+ - dmz
+ admin:
+ device_link: admin
+ slaves:
+ - ctrl_nic2
+ networks:
+ - admin
+ data1:
+ device_link: data1
+ slaves:
+ - data_nic1
+ networks:
+ - private
+ - management
+ data2:
+ device_link: data2
+ slaves:
+ - data_nic2
+ networks:
+ - storage
+ - public
+
+ storage:
+ physical_devices:
+ bootdisk:
+ labels:
+ bootdrive: 'true'
+ partitions:
+ - name: 'root'
+ size: '30g'
+ bootable: true
+ filesystem:
+ mountpoint: '/'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'boot'
+ size: '1g'
+ filesystem:
+ mountpoint: '/boot'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'log'
+ size: '100g'
+ filesystem:
+ mountpoint: '/var/log'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ # - name: 'cephjournal'
+ # size: '10g'
+ - name: 'var'
+ size: '>100g'
+ filesystem:
+ mountpoint: '/var'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ # datadisk:
+ # partitions:
+ # - name: 'nova'
+ # size: '450g'
+ # filesystem:
+ # mountpoint: '/var/lib/nova'
+ # fstype: 'ext4'
+ # mount_options: 'defaults'
+ # - name: 'cephosd'
+ # size: '>100g'
+
+ platform:
+ image: 'xenial'
+ kernel: 'hwe-16.04'
+ kernel_params:
+ kernel_package: 'linux-image-4.15.0-46-generic'
+...
diff --git a/type/cntt/software/charts/kubernetes/ingress/ingress.yaml b/type/cntt/software/charts/kubernetes/ingress/ingress.yaml
new file mode 100644
index 0000000..be61953
--- /dev/null
+++ b/type/cntt/software/charts/kubernetes/ingress/ingress.yaml
@@ -0,0 +1,31 @@
+---
+# The purpose of this file is to define the environment-specific public-facing
+# VIP for the ingress controller
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ingress-kube-system
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ ingress: kube-system
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .vip.ingress_vip
+ dest:
+ path: .values.network.vip.addr
+data:
+ values:
+ network:
+ ingress:
+ disable-ipv6: "true"
+ vip:
+ manage: true
+...
diff --git a/type/cntt/software/charts/osh-infra/elasticsearch.yaml b/type/cntt/software/charts/osh-infra/elasticsearch.yaml
new file mode 100644
index 0000000..3621e75
--- /dev/null
+++ b/type/cntt/software/charts/osh-infra/elasticsearch.yaml
@@ -0,0 +1,34 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: elasticsearch
+ labels:
+ name: elasticsearch-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ hosttype: elasticsearch-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ master: 2
+ data: 1
+ client: 2
+ storage:
+ requests:
+ storage: 40Gi
+ conf:
+ elasticsearch:
+ env:
+ java_opts:
+ client: "-Xms2048m -Xmx2048m"
+ data: "-Xms2048m -Xmx2048m"
+ master: "-Xms2048m -Xmx2048m"
+...
diff --git a/type/cntt/software/charts/osh-infra/fluentbit.yaml b/type/cntt/software/charts/osh-infra/fluentbit.yaml
new file mode 100644
index 0000000..1d176cd
--- /dev/null
+++ b/type/cntt/software/charts/osh-infra/fluentbit.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluentbit
+ labels:
+ name: fluentbit-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ hosttype: fluentbit-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ fluentd: 1
+...
diff --git a/type/cntt/software/charts/osh-infra/fluentd.yaml b/type/cntt/software/charts/osh-infra/fluentd.yaml
new file mode 100644
index 0000000..906b26d
--- /dev/null
+++ b/type/cntt/software/charts/osh-infra/fluentd.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluentd
+ labels:
+ name: fluentd-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ hosttype: fluentd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ fluentd: 1
+...
diff --git a/type/cntt/software/charts/osh-infra/grafana.yaml b/type/cntt/software/charts/osh-infra/grafana.yaml
new file mode 100644
index 0000000..d12f7d2
--- /dev/null
+++ b/type/cntt/software/charts/osh-infra/grafana.yaml
@@ -0,0 +1,23 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: grafana
+ labels:
+ name: grafana-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: grafana-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ grafana: 1
+...
diff --git a/type/cntt/software/charts/osh-infra/ingress.yaml b/type/cntt/software/charts/osh-infra/ingress.yaml
new file mode 100644
index 0000000..96753c9
--- /dev/null
+++ b/type/cntt/software/charts/osh-infra/ingress.yaml
@@ -0,0 +1,24 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: osh-infra-ingress-controller
+ labels:
+ name: osh-infra-ingress-controller-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: osh-infra-ingress-controller-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ ingress: 1
+ error_page: 1
+...
diff --git a/type/cntt/software/charts/osh-infra/mariadb.yaml b/type/cntt/software/charts/osh-infra/mariadb.yaml
new file mode 100644
index 0000000..ddb4424
--- /dev/null
+++ b/type/cntt/software/charts/osh-infra/mariadb.yaml
@@ -0,0 +1,24 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: osh-infra-mariadb
+ labels:
+ name: osh-infra-mariadb-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: osh-infra-mariadb-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ server: 1
+ ingress: 1
+...
diff --git a/type/cntt/software/charts/osh-infra/prometheus.yaml b/type/cntt/software/charts/osh-infra/prometheus.yaml
new file mode 100644
index 0000000..4b02c04
--- /dev/null
+++ b/type/cntt/software/charts/osh-infra/prometheus.yaml
@@ -0,0 +1,35 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: prometheus
+ labels:
+ name: prometheus-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: prometheus-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ prometheus: 1
+ resources:
+ enabled: true
+ prometheus:
+ limits:
+ memory: "4Gi"
+ cpu: "2000m"
+ requests:
+ memory: "2Gi"
+ cpu: "1000m"
+ storage:
+ requests:
+ storage: 50Gi
+...
diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml b/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml
new file mode 100644
index 0000000..8d47efd
--- /dev/null
+++ b/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml
@@ -0,0 +1,28 @@
+---
+# This file defines hardware-specific settings for neutron. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. logical network interface names
+# 2. physical device mappigns
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: neutron
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: neutron-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ wait:
+ timeout: 1800
+ test:
+ timeout: 900
+...
diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml b/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644
index 0000000..32f94b8
--- /dev/null
+++ b/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml
@@ -0,0 +1,25 @@
+---
+# This file defines hardware-specific settings for nova. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
+# changes.
+# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
+# slotting changes.
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: nova
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: nova-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
diff --git a/type/cntt/software/charts/osh/openstack-heat/heat.yaml b/type/cntt/software/charts/osh/openstack-heat/heat.yaml
new file mode 100644
index 0000000..de5bd51
--- /dev/null
+++ b/type/cntt/software/charts/osh/openstack-heat/heat.yaml
@@ -0,0 +1,21 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: heat
+ labels:
+ name: heat-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: heat-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ test:
+ timeout: 600
+...
diff --git a/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml
new file mode 100644
index 0000000..3f5bfba
--- /dev/null
+++ b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml
@@ -0,0 +1,23 @@
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: tenant-ceph-client
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: tenant-ceph-client-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ osd: 3
+...
diff --git a/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml
new file mode 100644
index 0000000..8937fdc
--- /dev/null
+++ b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml
@@ -0,0 +1,34 @@
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: tenant-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: tenant-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ labels:
+ osd:
+ node_selector_key: tenant-ceph-osd
+ node_selector_value: enabled
+ conf:
+ storage:
+ osd:
+ - data:
+ type: block-logical
+ location: /dev/sdb
+ journal:
+ type: directory
+ location: /var/lib/openstack-helm/tenant-ceph/osd/osd-sdb
+...
diff --git a/type/cntt/software/charts/ucp/comps/chart-group.yaml b/type/cntt/software/charts/ucp/comps/chart-group.yaml
new file mode 100644
index 0000000..02236b5
--- /dev/null
+++ b/type/cntt/software/charts/ucp/comps/chart-group.yaml
@@ -0,0 +1,14 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-drydock-scaled
+ layeringDefinition:
+ abstract: false
+ layer: type
+ storagePolicy: cleartext
+data:
+ description: Drydock
+ chart_group:
+ - ucp-maas-scaled
+ - ucp-drydock
diff --git a/type/cntt/software/charts/ucp/comps/drydock.yaml b/type/cntt/software/charts/ucp/comps/drydock.yaml
new file mode 100644
index 0000000..1343340
--- /dev/null
+++ b/type/cntt/software/charts/ucp/comps/drydock.yaml
@@ -0,0 +1,25 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: ucp-drydock
+ labels:
+ name: ucp-drydock-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: ucp-drydock-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ network:
+ api:
+ ingress:
+ classes:
+ cluster: maas-ingress
+...
diff --git a/type/cntt/software/charts/ucp/comps/maas-scaled.yaml b/type/cntt/software/charts/ucp/comps/maas-scaled.yaml
new file mode 100644
index 0000000..531a9f3
--- /dev/null
+++ b/type/cntt/software/charts/ucp/comps/maas-scaled.yaml
@@ -0,0 +1,32 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-maas-scaled
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: ucp-maas-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .vip.maas_vip
+ dest:
+ path: .values.network.maas_ingress.addr
+data:
+ values:
+ network:
+ region_api:
+ node_port:
+ enabled: true
+ pod:
+ replicas:
+ region: 2
+ rack: 2
+...
diff --git a/type/cntt/software/charts/ucp/comps/maas.yaml b/type/cntt/software/charts/ucp/comps/maas.yaml
new file mode 100644
index 0000000..d22cf55
--- /dev/null
+++ b/type/cntt/software/charts/ucp/comps/maas.yaml
@@ -0,0 +1,29 @@
+---
+# This file defines site-specific deviations for MaaS.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-maas
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: ucp-maas-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .vip.maas_vip
+ dest:
+ path: .values.network.maas_ingress.addr
+data:
+ values:
+ network:
+ region_api:
+ node_port:
+ enabled: true
+...
diff --git a/type/cntt/software/charts/ucp/promenade/promenade.yaml b/type/cntt/software/charts/ucp/promenade/promenade.yaml
new file mode 100644
index 0000000..e245bd9
--- /dev/null
+++ b/type/cntt/software/charts/ucp/promenade/promenade.yaml
@@ -0,0 +1,50 @@
+---
+# The purpose of this file is to provide site-specific parameters for the ucp-
+# promenade chart.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-promenade
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-promenade-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ env:
+ promenade_api: []
+ # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
+ # Otherwise comment out these lines.
+ # - name: http_proxy
+ # value: 'http://proxy.example.com:8080'
+ # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
+ # Otherwise comment out these lines.
+ # - name: https_proxy
+ # value: 'http://proxy.example.com:8080'
+ # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
+ # IPs / domain names which the proxy should not be used for (i.e. the
+ # cluster domain and kubernetes service_cidr defined in common-addresses)
+ # Otherwise comment out these lines.
+ # - name: no_proxy
+ # value: '10.96.0.1,.cluster.local'
+ # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here.
+ # Otherwise comment out these lines.
+ # - name: HTTP_PROXY
+ # value: 'http://proxy.example.com:8080'
+ # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here.
+ # Otherwise comment out these lines.
+ # - name: HTTPS_PROXY
+ # value: 'http://proxy.example.com:8080'
+ # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the
+ # IPs / domain names which the proxy should not be used for (i.e. the
+ # cluster domain and kubernetes service_cidr defined in common-addresses)
+ # Otherwise comment out these lines.
+ # - name: NO_PROXY
+ # value: '10.96.0.1,.cluster.local'
+...
diff --git a/type/cntt/software/config/endpoints.yaml b/type/cntt/software/config/endpoints.yaml
new file mode 100644
index 0000000..12bc7da
--- /dev/null
+++ b/type/cntt/software/config/endpoints.yaml
@@ -0,0 +1,1088 @@
+---
+# The purpose of this file is to define the site's endpoint catalog. This should
+# not need to be modified for a new site.
+# #GLOBAL-CANDIDATE#
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_endpoints
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.ingress_domain
+ dest:
+ - path: .ucp.identity.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .ucp.identity.host_fqdn_override.admin.host
+ pattern: DOMAIN
+ - path: .ucp.shipyard.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .ucp.physicalprovisioner.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .ucp.maas_region.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .ceph.object_store.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .ceph.ceph_object_store.host_fqdn_override.public.host
+ pattern: DOMAIN
+data:
+ ucp:
+ identity:
+ namespace: ucp
+ name: keystone
+ hosts:
+ default: keystone
+ internal: keystone-api
+ host_fqdn_override:
+ default: null
+ public:
+ host: iam-airship.DOMAIN
+ admin:
+ host: iam-airship.DOMAIN
+ path:
+ default: /v3
+ scheme:
+ default: "http"
+ internal: "http"
+ port:
+ api:
+ default: 80
+ internal: 5000
+ armada:
+ name: armada
+ hosts:
+ default: armada-api
+ public: armada
+ port:
+ api:
+ default: 8000
+ path:
+ default: /api/v1.0
+ scheme:
+ default: "http"
+ host_fqdn_override:
+ default: null
+ deckhand:
+ name: deckhand
+ hosts:
+ default: deckhand-int
+ public: deckhand-api
+ port:
+ api:
+ default: 9000
+ path:
+ default: /api/v1.0
+ scheme:
+ default: "http"
+ host_fqdn_override:
+ default: null
+ postgresql:
+ name: postgresql
+ hosts:
+ default: postgresql
+ path: /DB_NAME
+ scheme: postgresql+psycopg2
+ port:
+ postgresql:
+ default: 5432
+ host_fqdn_override:
+ default: null
+ postgresql_airflow_celery:
+ name: postgresql_airflow_celery_db
+ hosts:
+ default: postgresql
+ path: /DB_NAME
+ scheme: db+postgresql
+ port:
+ postgresql:
+ default: 5432
+ host_fqdn_override:
+ default: null
+ oslo_db:
+ hosts:
+ default: mariadb
+ discovery: mariadb-discovery
+ host_fqdn_override:
+ default: null
+ path: /DB_NAME
+ scheme: mysql+pymysql
+ port:
+ mysql:
+ default: 3306
+ wsrep:
+ default: 4567
+ key_manager:
+ name: barbican
+ hosts:
+ default: barbican-api
+ public: barbican
+ host_fqdn_override:
+ default: null
+ path:
+ default: /v1
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 9311
+ public: 80
+ airflow_oslo_messaging:
+ namespace: null
+ hosts:
+ default: rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /airflow
+ scheme: amqp
+ port:
+ amqp:
+ default: 5672
+ http:
+ default: 15672
+ oslo_messaging:
+ namespace: null
+ statefulset:
+ name: airship-ucp-rabbitmq-rabbitmq
+ hosts:
+ default: rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /keystone
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ oslo_cache:
+ hosts:
+ default: memcached
+ host_fqdn_override:
+ default: null
+ port:
+ memcache:
+ default: 11211
+ physicalprovisioner:
+ name: drydock
+ hosts:
+ default: drydock-api
+ port:
+ api:
+ default: 9000
+ nodeport: 31900
+ public: 80
+ path:
+ default: /api/v1.0
+ scheme:
+ default: "http"
+ public: "http"
+ host_fqdn_override:
+ default: null
+ public:
+ host: drydock-airship.DOMAIN
+ maas_region:
+ name: maas-region
+ hosts:
+ default: maas-region
+ public: maas
+ path:
+ default: /MAAS
+ scheme:
+ default: "http"
+ port:
+ region_api:
+ default: 80
+ nodeport: 31900
+ podport: 80
+ public: 80
+ region_proxy:
+ default: 8000
+ host_fqdn_override:
+ default: null
+ public:
+ host: maas-airship.DOMAIN
+ maas_ingress:
+ hosts:
+ default: maas-ingress
+ error_pages: maas-ingress-error
+ host_fqdn_override:
+ public: null
+ port:
+ http:
+ default: 80
+ https:
+ default: 443
+ ingress_default_server:
+ default: 8383
+ error_pages:
+ default: 8080
+ podport: 8080
+ healthz:
+ podport: 10259
+ status:
+ podport: 18089
+ kubernetesprovisioner:
+ name: promenade
+ hosts:
+ default: promenade-api
+ port:
+ api:
+ default: 80
+ path:
+ default: /api/v1.0
+ scheme:
+ default: "http"
+ host_fqdn_override:
+ default: null
+ shipyard:
+ name: shipyard
+ hosts:
+ default: shipyard-int
+ public: shipyard-api
+ port:
+ api:
+ default: 9000
+ public: 80
+ path:
+ default: /api/v1.0
+ scheme:
+ default: "http"
+ public: "http"
+ host_fqdn_override:
+ default: null
+ public:
+ host: shipyard-airship.DOMAIN
+ prometheus_openstack_exporter:
+ namespace: ucp
+ hosts:
+ default: openstack-metrics
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ exporter:
+ default: 9103
+ ceph:
+ object_store:
+ name: swift
+ namespace: ceph
+ hosts:
+ default: ceph-rgw
+ public: radosgw
+ host_fqdn_override:
+ default: null
+ public:
+ host: object-store-airship.DOMAIN
+ path:
+ default: /swift/v1
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8088
+ public: 80
+ ceph_object_store:
+ name: radosgw
+ namespace: ceph
+ hosts:
+ default: ceph-rgw
+ public: radosgw
+ host_fqdn_override:
+ default: null
+ public:
+ host: object-store-airship.DOMAIN
+ path:
+ default: /auth/v1.0
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8088
+ public: 80
+ ceph_mon:
+ namespace: ceph
+ hosts:
+ default: ceph-mon
+ discovery: ceph-mon-discovery
+ host_fqdn_override:
+ default: null
+ port:
+ mon:
+ default: 6789
+ ceph_mgr:
+ namespace: ceph
+ hosts:
+ default: ceph-mgr
+ host_fqdn_override:
+ default: null
+ port:
+ mgr:
+ default: 7000
+ scheme:
+ default: "http"
+ tenant_ceph_mon:
+ namespace: tenant-ceph
+ hosts:
+ default: ceph-mon
+ discovery: ceph-mon-discovery
+ host_fqdn_override:
+ default: null
+ port:
+ mon:
+ default: 6790
+ tenant_ceph_mgr:
+ namespace: tenant-ceph
+ hosts:
+ default: ceph-mgr
+ host_fqdn_override:
+ default: null
+ port:
+ mgr:
+ default: 7001
+ metrics:
+ default: 9284
+ scheme:
+ default: http
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_endpoints
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.ingress_domain
+ dest:
+ - path: .osh.object_store.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.ceph_object_store.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.image.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.cloudformation.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.orchestration.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.compute.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.compute_novnc_proxy.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.placement.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.network.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.identity.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.identity.host_fqdn_override.admin.host
+ pattern: DOMAIN
+ - path: .osh.dashboard.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.volume.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.volumev2.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh.volumev3.host_fqdn_override.public.host
+ pattern: DOMAIN
+data:
+ osh:
+ object_store:
+ name: swift
+ namespace: openstack
+ hosts:
+ default: ceph-rgw
+ public: radosgw
+ host_fqdn_override:
+ default: null
+ public:
+ host: object-store-airship.DOMAIN
+ path:
+ default: /swift/v1/KEY_$(tenant_id)s
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8088
+ public: 80
+ ceph_object_store:
+ name: radosgw
+ namespace: openstack
+ hosts:
+ default: ceph-rgw
+ public: radosgw
+ host_fqdn_override:
+ default: null
+ public:
+ host: object-store-airship.DOMAIN
+ path:
+ default: /auth/v1.0
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8088
+ public: 80
+ oslo_db:
+ hosts:
+ default: mariadb
+ discovery: mariadb-discovery
+ host_fqdn_override:
+ default: null
+ path: /DB_NAME
+ scheme: mysql+pymysql
+ port:
+ mysql:
+ default: 3306
+ wsrep:
+ default: 4567
+ prometheus_mysql_exporter:
+ namespace: openstack
+ hosts:
+ default: mysql-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: 'http'
+ port:
+ metrics:
+ default: 9104
+ oslo_messaging:
+ statefulset:
+ name: airship-openstack-rabbitmq-rabbitmq
+ namespace: openstack
+ hosts:
+ default: openstack-rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /VHOST_NAME
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ http:
+ default: 15672
+ openstack_rabbitmq_exporter:
+ namespace: openstack
+ hosts:
+ default: openstack-rabbitmq-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9095
+ oslo_cache:
+ namespace: openstack
+ hosts:
+ default: memcached
+ host_fqdn_override:
+ default: null
+ port:
+ memcache:
+ default: 11211
+ identity:
+ namespace: openstack
+ name: keystone
+ hosts:
+ default: keystone
+ internal: keystone-api
+ host_fqdn_override:
+ default: null
+ public:
+ host: identity-airship.DOMAIN
+ admin:
+ host: identity-airship.DOMAIN
+ path:
+ default: /v3
+ scheme:
+ default: "http"
+ internal: "http"
+ port:
+ api:
+ default: 80
+ internal: 5000
+ image:
+ name: glance
+ hosts:
+ default: glance-api
+ public: glance
+ host_fqdn_override:
+ default: null
+ public:
+ host: image-airship.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 9292
+ public: 80
+ image_registry:
+ name: glance-registry
+ hosts:
+ default: glance-registry
+ public: glance-reg
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 9191
+ public: 80
+ volume:
+ name: cinder
+ hosts:
+ default: cinder-api
+ public: cinder
+ host_fqdn_override:
+ default: null
+ public:
+ host: volume-airship.DOMAIN
+ path:
+ default: "/v1/%(tenant_id)s"
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8776
+ public: 80
+ volumev2:
+ name: cinderv2
+ hosts:
+ default: cinder-api
+ public: cinder
+ host_fqdn_override:
+ default: null
+ public:
+ host: volume-airship.DOMAIN
+ path:
+ default: "/v2/%(tenant_id)s"
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8776
+ public: 80
+ volumev3:
+ name: cinderv3
+ hosts:
+ default: cinder-api
+ public: cinder
+ host_fqdn_override:
+ default: null
+ public:
+ host: volume-airship.DOMAIN
+ path:
+ default: "/v3/%(tenant_id)s"
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8776
+ public: 80
+ orchestration:
+ name: heat
+ hosts:
+ default: heat-api
+ public: heat
+ host_fqdn_override:
+ default: null
+ public:
+ host: orchestration-airship.DOMAIN
+ path:
+ default: "/v1/%(project_id)s"
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8004
+ public: 80
+ cloudformation:
+ name: heat-cfn
+ hosts:
+ default: heat-cfn
+ public: cloudformation
+ host_fqdn_override:
+ default: null
+ public:
+ host: cloudformation-airship.DOMAIN
+ path:
+ default: /v1
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8000
+ public: 80
+ cloudwatch:
+ name: heat-cloudwatch
+ hosts:
+ default: heat-cloudwatch
+ public: cloudwatch
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ type: null
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 8003
+ public: 80
+ network:
+ name: neutron
+ hosts:
+ default: neutron-server
+ public: neutron
+ host_fqdn_override:
+ default: null
+ public:
+ host: network-airship.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 9696
+ public: 80
+ compute:
+ name: nova
+ hosts:
+ default: nova-api
+ public: nova
+ host_fqdn_override:
+ default: null
+ public:
+ host: compute-airship.DOMAIN
+ path:
+ default: "/v2/%(tenant_id)s"
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8774
+ public: 80
+ novncproxy:
+ default: 80
+ compute_metadata:
+ name: nova
+ hosts:
+ default: nova-metadata
+ public: metadata
+ host_fqdn_override:
+ default: null
+ path:
+ default: /
+ scheme:
+ default: "http"
+ port:
+ metadata:
+ default: 8775
+ public: 80
+ compute_novnc_proxy:
+ name: nova
+ hosts:
+ default: nova-novncproxy
+ public: novncproxy
+ host_fqdn_override:
+ default: null
+ public:
+ host: nova-novncproxy-airship.DOMAIN
+ path:
+ default: /vnc_auto.html
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ novnc_proxy:
+ default: 6080
+ public: 80
+ compute_spice_proxy:
+ name: nova
+ hosts:
+ default: nova-spiceproxy
+ host_fqdn_override:
+ default: null
+ path:
+ default: /spice_auto.html
+ scheme:
+ default: "http"
+ port:
+ spice_proxy:
+ default: 6082
+ placement:
+ name: placement
+ hosts:
+ default: placement-api
+ public: placement
+ host_fqdn_override:
+ default: null
+ public:
+ host: placement-airship.DOMAIN
+ path:
+ default: /
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ api:
+ default: 8778
+ public: 80
+ dashboard:
+ name: horizon
+ hosts:
+ default: horizon-int
+ public: horizon
+ host_fqdn_override:
+ default: null
+ public:
+ host: dashboard-airship.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ web:
+ default: 80
+ public: 80
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_endpoints
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .dns.ingress_domain
+ dest:
+ - path: .osh_infra.kibana.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh_infra.grafana.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - path: .osh_infra.nagios.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ldap.base_url
+ dest:
+ path: .osh_infra.ldap.host_fqdn_override.public.host
+ pattern: DOMAIN
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .ldap.auth_path
+ dest:
+ path: .osh_infra.ldap.path.default
+ pattern: AUTH_PATH
+data:
+ osh_infra:
+ ceph_object_store:
+ name: radosgw
+ namespace: osh-infra
+ hosts:
+ default: ceph-rgw
+ public: radosgw
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 8088
+ public: 80
+ elasticsearch:
+ name: elasticsearch
+ namespace: osh-infra
+ hosts:
+ data: elasticsearch-data
+ default: elasticsearch-logging
+ discovery: elasticsearch-discovery
+ public: elasticsearch
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ prometheus_elasticsearch_exporter:
+ namespace: null
+ hosts:
+ default: elasticsearch-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9108
+ fluentd:
+ namespace: osh-infra
+ name: fluentd
+ hosts:
+ default: fluentd-logging
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ service:
+ default: 24224
+ metrics:
+ default: 24220
+ prometheus_fluentd_exporter:
+ namespace: osh-infra
+ hosts:
+ default: fluentd-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9309
+ oslo_db:
+ namespace: osh-infra
+ hosts:
+ default: mariadb
+ host_fqdn_override:
+ default: null
+ path: /DB_NAME
+ scheme: mysql+pymysql
+ port:
+ mysql:
+ default: 3306
+ prometheus_mysql_exporter:
+ namespace: osh-infra
+ hosts:
+ default: mysql-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: /metrics
+ scheme:
+ default: 'http'
+ port:
+ metrics:
+ default: 9104
+ grafana:
+ name: grafana
+ namespace: osh-infra
+ hosts:
+ default: grafana-dashboard
+ public: grafana
+ host_fqdn_override:
+ default: null
+ public:
+ host: grafana-airship.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ grafana:
+ default: 3000
+ public: 80
+ monitoring:
+ name: prometheus
+ namespace: osh-infra
+ hosts:
+ default: prom-metrics
+ public: prometheus
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 9090
+ http:
+ default: 80
+ kibana:
+ name: kibana
+ namespace: osh-infra
+ hosts:
+ default: kibana-dash
+ public: kibana
+ host_fqdn_override:
+ default: null
+ public:
+ host: kibana-airship.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ kibana:
+ default: 5601
+ public: 80
+ alerts:
+ name: alertmanager
+ namespace: osh-infra
+ hosts:
+ default: alerts-engine
+ public: alertmanager
+ discovery: alertmanager-discovery
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ api:
+ default: 9093
+ public: 80
+ mesh:
+ default: 6783
+ kube_state_metrics:
+ namespace: kube-system
+ hosts:
+ default: kube-state-metrics
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ http:
+ default: 8080
+ kube_scheduler:
+ scheme:
+ default: "http"
+ path:
+ default: /metrics
+ kube_controller_manager:
+ scheme:
+ default: "http"
+ path:
+ default: /metrics
+ node_metrics:
+ namespace: kube-system
+ hosts:
+ default: node-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9100
+ prometheus_port:
+ default: 9100
+ process_exporter_metrics:
+ namespace: kube-system
+ hosts:
+ default: process-exporter
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ metrics:
+ default: 9256
+ prometheus_openstack_exporter:
+ namespace: openstack
+ hosts:
+ default: openstack-metrics
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme:
+ default: "http"
+ port:
+ exporter:
+ default: 9103
+ nagios:
+ name: nagios
+ namespace: osh-infra
+ hosts:
+ default: nagios-metrics
+ public: nagios
+ host_fqdn_override:
+ default: null
+ public:
+ host: nagios-airship.DOMAIN
+ path:
+ default: null
+ scheme:
+ default: "http"
+ public: "http"
+ port:
+ http:
+ default: 80
+ public: 80
+ ldap:
+ hosts:
+ default: ldap
+ host_fqdn_override:
+ default: null
+ public:
+ host: DOMAIN
+ path:
+ default: /AUTH_PATH
+ scheme:
+ default: "ldap"
+ port:
+ ldap:
+ default: 389
+...
diff --git a/type/cntt/software/config/service_accounts.yaml b/type/cntt/software/config/service_accounts.yaml
new file mode 100644
index 0000000..751f1b1
--- /dev/null
+++ b/type/cntt/software/config/service_accounts.yaml
@@ -0,0 +1,435 @@
+---
+# The purpose of this file is to define the account catalog for the site. This
+# mostly contains service usernames, but also contain some information which
+# should be changed like the region (site) name.
+schema: pegleg/AccountCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_service_accounts
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ ucp:
+ postgres:
+ admin:
+ username: postgres
+ replica:
+ username: standby
+ exporter:
+ username: psql_exporter
+ oslo_db:
+ admin:
+ username: root
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ keystone:
+ admin:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ username: admin
+ project_name: admin
+ user_domain_name: default
+ project_domain_name: default
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ keystone:
+ username: keystone
+ oslo_db:
+ username: keystone
+ database: keystone
+ promenade:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: promenade
+ drydock:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: drydock
+ postgres:
+ username: drydock
+ database: drydock
+ shipyard:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: shipyard
+ postgres:
+ username: shipyard
+ database: shipyard
+ airflow:
+ postgres:
+ username: airflow
+ database: airflow
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ user:
+ username: airflow
+ maas:
+ admin:
+ username: admin
+ email: none@none
+ postgres:
+ username: maas
+ database: maasdb
+ barbican:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: barbican
+ oslo_db:
+ username: barbican
+ database: barbican
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ keystone:
+ username: keystone
+ armada:
+ keystone:
+ project_domain_name: default
+ user_domain_name: default
+ project_name: service
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ username: armada
+ deckhand:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: deckhand
+ postgres:
+ username: deckhand
+ database: deckhand
+ prometheus_openstack_exporter:
+ user:
+ region_name: RegionOne
+ role: admin
+ username: prometheus-openstack-exporter
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ ceph:
+ swift:
+ keystone:
+ role: admin
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ username: swift
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_service_accounts
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.keystone.admin.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.cinder.cinder.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.glance.glance.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.heat.heat.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.heat.heat_trustee.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.heat.heat_stack_user.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.swift.keystone.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.neutron.neutron.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.nova.nova.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.nova.placement.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.barbican.barbican.region_name
+data:
+ osh:
+ keystone:
+ admin:
+ username: admin
+ project_name: admin
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: keystone
+ database: keystone
+ oslo_messaging:
+ keystone:
+ username: keystone-rabbitmq-user
+ ldap:
+ # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+ # authenticate to the active directory backend to validate keystone
+ # users.
+ username: "test@ldap.example.com"
+ cinder:
+ cinder:
+ role: admin
+ username: cinder
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: cinder
+ database: cinder
+ oslo_messaging:
+ cinder:
+ username: cinder-rabbitmq-user
+ glance:
+ glance:
+ role: admin
+ username: glance
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: glance
+ database: glance
+ oslo_messaging:
+ glance:
+ username: glance-rabbitmq-user
+ ceph_object_store:
+ username: glance
+ heat:
+ heat:
+ role: admin
+ username: heat
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ heat_trustee:
+ role: admin
+ username: heat-trust
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ heat_stack_user:
+ role: admin
+ username: heat-domain
+ domain_name: heat
+ oslo_db:
+ username: heat
+ database: heat
+ oslo_messaging:
+ heat:
+ username: heat-rabbitmq-user
+ swift:
+ keystone:
+ role: admin
+ username: swift
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ admin:
+ username: root
+ prometheus_mysql_exporter:
+ user:
+ username: osh-oslodb-exporter
+ neutron:
+ neutron:
+ role: admin
+ username: neutron
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: neutron
+ database: neutron
+ oslo_messaging:
+ neutron:
+ username: neutron-rabbitmq-user
+ nova:
+ nova:
+ role: admin
+ username: nova
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ placement:
+ role: admin
+ username: placement
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: nova
+ database: nova
+ oslo_db_api:
+ username: nova
+ database: nova_api
+ oslo_db_cell0:
+ username: nova
+ database: "nova_cell0"
+ oslo_messaging:
+ nova:
+ username: nova-rabbitmq-user
+ horizon:
+ oslo_db:
+ username: horizon
+ database: horizon
+ barbican:
+ barbican:
+ role: admin
+ username: barbican
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: barbican
+ database: barbican
+ oslo_messaging:
+ barbican:
+ username: barbican-rabbitmq-user
+ oslo_messaging:
+ admin:
+ username: admin
+ tempest:
+ tempest:
+ role: admin
+ username: tempest
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_service_accounts
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh_infra.prometheus_openstack_exporter.user.region_name
+data:
+ osh_infra:
+ ceph_object_store:
+ admin:
+ username: s3_admin
+ elasticsearch:
+ username: elasticsearch
+ grafana:
+ admin:
+ username: grafana
+ oslo_db:
+ username: grafana
+ database: grafana
+ oslo_db_session:
+ username: grafana_session
+ database: grafana_session
+ elasticsearch:
+ admin:
+ username: elasticsearch
+ oslo_db:
+ admin:
+ username: root
+ prometheus_mysql_exporter:
+ user:
+ username: osh-infra-oslodb-exporter
+ prometheus_openstack_exporter:
+ user:
+ role: admin
+ username: prometheus-openstack-exporter
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ nagios:
+ admin:
+ username: nagios
+ prometheus:
+ admin:
+ username: prometheus
+ ldap:
+ admin:
+ # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+ # authenticate to the active directory backend to validate keystone
+ # users.
+ bind: "test@ldap.example.com"
+...
diff --git a/type/cntt/software/manifests/bootstrap.yaml b/type/cntt/software/manifests/bootstrap.yaml
new file mode 100644
index 0000000..e015410
--- /dev/null
+++ b/type/cntt/software/manifests/bootstrap.yaml
@@ -0,0 +1,39 @@
+---
+schema: armada/Manifest/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: cluster-bootstrap
+ labels:
+ name: cluster-bootstrap-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: cluster-bootstrap-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ release_prefix: airship
+ chart_groups:
+ - podsecuritypolicy
+ - kubernetes-proxy
+ - kubernetes-container-networking
+ - kubernetes-dns
+ - kubernetes-etcd
+ - kubernetes-haproxy
+ - kubernetes-core
+ - ingress-kube-system
+ - ucp-ceph
+ - ucp-ceph-config
+ - ucp-core
+ - ucp-keystone
+ - ucp-divingbell
+ - ucp-armada
+ - ucp-deckhand
+ - ucp-drydock
+ - ucp-promenade
+ - ucp-shipyard
+...
diff --git a/type/cntt/software/manifests/full-site.yaml b/type/cntt/software/manifests/full-site.yaml
new file mode 100644
index 0000000..2cb0c84
--- /dev/null
+++ b/type/cntt/software/manifests/full-site.yaml
@@ -0,0 +1,61 @@
+---
+schema: armada/Manifest/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: full-site
+ labels:
+ name: full-site-type
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ name: full-site-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ release_prefix: airship
+ chart_groups:
+ - podsecuritypolicy
+ - kubernetes-proxy
+ - kubernetes-container-networking
+ - kubernetes-dns
+ - kubernetes-etcd
+ - kubernetes-haproxy
+ - kubernetes-core
+ - ingress-kube-system
+ - ucp-ceph-update
+ - ucp-ceph-config
+ - ucp-core
+ - ucp-keystone
+ - ucp-divingbell
+ - ucp-armada
+ - ucp-deckhand
+ - ucp-drydock-scaled
+ - ucp-promenade
+ - ucp-shipyard
+ - ucp-prometheus-openstack-exporter
+ - osh-infra-ingress-controller
+ - osh-infra-ceph-config
+ - osh-infra-radosgw
+ - osh-infra-logging
+ - osh-infra-monitoring
+ - osh-infra-mariadb
+ - osh-infra-dashboards
+ - openstack-ingress-controller
+ - openstack-ceph-config
+ - openstack-tenant-ceph
+ - openstack-mariadb
+ - openstack-rabbitmq
+ - openstack-memcached
+ - openstack-keystone
+ - openstack-radosgw
+ - openstack-glance
+ - openstack-cinder
+ - openstack-compute-kit
+ - openstack-heat
+ - osh-infra-prometheus-openstack-exporter
+ - openstack-horizon
+...