summaryrefslogtreecommitdiffstats
path: root/site
diff options
context:
space:
mode:
authorSridhar K. N. Rao <sridhar.rao@spirent.com>2019-10-18 14:35:14 +0530
committerKaspars Skels <kaspars.skels@att.com>2019-10-28 17:44:13 -0500
commit799182f0c40730e41253dc5c861857d219291c3b (patch)
tree5138ae74cbbffb8aaf47929d063254c0043773d5 /site
parentc053e71f295dc91ee60bbdcbcf99d909923af3b0 (diff)
Site definition for Intel Pod-10
This patch adds site definition for Intel Pod-10. Updated publickeys of luc and trevor Updated site-definition Updated divingbell Modifying common parts - FOR TESTING ONLY - Will be removed Trying with only 1 disk (bootdisk) Trying with 2 disks - /dev/sda as bootdisk, /dev/sdb as datadisk Change ceph config from directory to /dev/sdb (OSD-data only) Change ceph config from directory to /dev/sdb (OSD-Journl too) Reduce footprint of osh-infra (reduce disk pressure) Move ceph to site specific manifests Fix pod10 host/hardware profiles to be site local Fix Nova/Neutron parts to be site local Fix glance cirros image pull Fix type to site layer names for moved files Rename pod10 hardware/host profiles Move ceph fully to /dev/sdb Disable SR-IOV configuration Optimize disk storage for Nova VMs (use root disk or 3T) Signed-off-by: Sridhar K. N. Rao <sridhar.rao@spirent.com> Change-Id: I2160e56744917510d4627cefca32031904188f77
Diffstat (limited to 'site')
-rw-r--r--site/intel-pod10/baremetal/nodes.yaml193
-rw-r--r--site/intel-pod10/networks/common-addresses.yaml164
-rw-r--r--site/intel-pod10/networks/physical/networks.yaml327
-rw-r--r--site/intel-pod10/pki/pki-catalog.yaml289
-rw-r--r--site/intel-pod10/profiles/hardware/intel-pod10.yaml105
-rw-r--r--site/intel-pod10/profiles/host/cp-intel-pod10.yaml105
-rw-r--r--site/intel-pod10/profiles/host/dp-intel-pod10.yaml112
-rw-r--r--site/intel-pod10/profiles/region.yaml60
-rw-r--r--site/intel-pod10/secrets/certificates/certificates.yaml2456
-rw-r--r--site/intel-pod10/secrets/ingress.yaml135
-rw-r--r--site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml13
-rw-r--r--site/intel-pod10/secrets/passphrases/ceph_fsid.yaml12
-rw-r--r--site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml13
-rw-r--r--site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml12
-rw-r--r--site/intel-pod10/secrets/passphrases/maas-region-key.yaml12
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_glance_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_heat_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_nova_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_placement_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml12
-rw-r--r--site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml12
-rw-r--r--site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml12
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml11
-rw-r--r--site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml11
-rw-r--r--site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml11
-rw-r--r--site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml11
-rw-r--r--site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml11
-rw-r--r--site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml11
-rw-r--r--site/intel-pod10/site-definition.yaml17
-rw-r--r--site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml127
-rw-r--r--site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml131
-rw-r--r--site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml34
-rw-r--r--site/intel-pod10/software/charts/osh-infra/fluentbit.yaml22
-rw-r--r--site/intel-pod10/software/charts/osh-infra/fluentd.yaml22
-rw-r--r--site/intel-pod10/software/charts/osh-infra/grafana.yaml23
-rw-r--r--site/intel-pod10/software/charts/osh-infra/ingress.yaml24
-rw-r--r--site/intel-pod10/software/charts/osh-infra/mariadb.yaml24
-rw-r--r--site/intel-pod10/software/charts/osh-infra/prometheus.yaml35
-rw-r--r--site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml22
-rw-r--r--site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml72
-rw-r--r--site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml46
-rw-r--r--site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml26
-rw-r--r--site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml100
-rw-r--r--site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml30
-rw-r--r--site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml83
-rw-r--r--site/intel-pod10/software/config/common-software-config.yaml16
-rw-r--r--site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml70
-rw-r--r--site/intel-pod17/software/charts/osh-infra/fluentbit.yaml18
-rw-r--r--site/intel-pod17/software/charts/osh-infra/fluentd.yaml18
-rw-r--r--site/intel-pod17/software/charts/osh-infra/prometheus.yaml33
-rw-r--r--site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml22
-rw-r--r--site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml72
-rw-r--r--site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml46
-rw-r--r--site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml26
-rw-r--r--site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml100
-rw-r--r--site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml30
-rw-r--r--site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml70
-rw-r--r--site/intel-pod18/software/charts/osh-infra/fluentbit.yaml18
-rw-r--r--site/intel-pod18/software/charts/osh-infra/fluentd.yaml18
-rw-r--r--site/intel-pod18/software/charts/osh-infra/prometheus.yaml33
-rw-r--r--site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml22
-rw-r--r--site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml72
-rw-r--r--site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml46
-rw-r--r--site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml26
-rw-r--r--site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml100
-rw-r--r--site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml30
144 files changed, 6736 insertions, 0 deletions
diff --git a/site/intel-pod10/baremetal/nodes.yaml b/site/intel-pod10/baremetal/nodes.yaml
new file mode 100644
index 0000000..009a0c4
--- /dev/null
+++ b/site/intel-pod10/baremetal/nodes.yaml
@@ -0,0 +1,193 @@
+---
+# Drydock BaremetalNode resources for a specific rack are stored in this file.
+#
+# NOTE: For new sites, you should complete the networks/physical/networks.yaml
+# file before working on this file.
+#
+# In this file, you should make the number of `drydock/BaremetalNode/v1`
+# resources equal the number of bare metal nodes you have, either by deleting
+# excess BaremetalNode definitions (if there are too many), or by copying and
+# pasting the last BaremetalNode in the file until you have the correct number
+# of baremetal nodes (if there are too few).
+#
+# Then in each file, address all additional NEWSITE-CHANGEME markers to update
+# the data in these files with the right values for your new site.
+#
+# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
+# that the Genesis node does not appear on this bare metal list, because the
+# procedure to reprovision the Genesis host with MaaS has not yet been
+# implemented. Therefore there will be only two bare metal nodes in this file
+# with the 'masters' tag, as the genesis roles are assigned in a different
+# place (type/cntt/profiles/genesis.yaml).
+#
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack,
+ # after (excluding) genesis.
+ name: pod10-node2
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this
+ # node. In the reference Airship deployment, this is all logical Networks defined
+ # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand.
+ # (what could possibly go wrong!) The instructions differ for each logical
+ # network, which are laid out below.
+ addressing:
+ # The iDrac/iLo IP of the node. It's important that this match up with the
+ # node's hostname above, so that the rack number and node position encoded
+ # in the hostname are accurate and matching the node that IPMI operations
+ # will be performed against (for poweron, poweroff, PXE boot to wipe disk or
+ # reconfigure identity, etc - very important to get right for these reasons).
+ # These addresses should already be assigned to nodes racked and stacked in
+ # the environment; these are not addresses which MaaS assigns.
+ - network: oob
+ address: 10.10.100.12
+ # The IP of the node on the DMZ network. Refer to the static IP range
+ # defined for the Admin network in networks/physical/networks.yaml.
+ - network: dmz
+ address: 10.10.100.22
+ # The IP of the node on the Admin network. Refer to the static IP range
+ # defined for the Admin network in networks/physical/networks.yaml.
+ # This network is used for PXE bootstrapping of the bare-metal servers.
+ - network: admin
+ address: 10.10.101.22
+ # The IP of the node on the Private network. Refer to the static IP range
+ # defined for the Private network in networks/physical/networks.yaml.
+ - network: private
+ address: 10.10.102.22
+ # The IP of the node on the Storage network. Refer to the static IP range
+ # defined for the Storage network in networks/physical/networks.yaml.
+ - network: storage
+ address: 10.10.103.22
+ # The IP of the node on the Management network. Refer to the static IP range
+ # defined for the Management network in networks/physical/networks.yaml.
+ - network: management
+ address: 10.10.104.22
+ # NEWSITE-CHANGEME: Set the host profile for the node.
+ # Note that there are different host profiles depending if this is a control
+ # plane vs data plane node, and different profiles that map to different types
+ # hardware. Select the host profile that matches up to your type of
+ # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the
+ # 'cp' refers to a control plane profile. Refer to profiles/host/ for the list
+ # of available host profiles specific to this site (otherwise, you may find
+ # a general set of host profiles at the "type" or "global" layers/folders.
+ # If you have hardware that is not on this list of profiles, you may need to
+ # create a new host profile for that hardware.
+ host_profile: cp-intel-pod10
+ metadata:
+ tags:
+ # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control
+ # plane node, and 'workers' tag for data plane hosts.
+ - 'masters'
+ # NEWSITE-CHANGEME: Refer to site engineering package or other supporting
+ # documentation for the specific rack name. This should be a rack name that
+ # is meaningful to data center personnel (i.e. a rack they could locate if
+ # you gave them this rack designation).
+ rack: pod10-rack
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: pod10-node3
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.10.100.13
+ - network: dmz
+ address: 10.10.100.23
+ - network: admin
+ address: 10.10.101.23
+ - network: private
+ address: 10.10.102.23
+ - network: storage
+ address: 10.10.103.23
+ - network: management
+ address: 10.10.104.23
+ # NEWSITE-CHANGEME: The next node's host profile
+ host_profile: cp-intel-pod10
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: pod10-rack
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'masters'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: pod10-node4
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.10.100.14
+ - network: dmz
+ address: 10.10.100.24
+ - network: admin
+ address: 10.10.101.24
+ - network: private
+ address: 10.10.102.24
+ - network: storage
+ address: 10.10.103.24
+ - network: management
+ address: 10.10.104.24
+ # NEWSITE-CHANGEME: The next node's host profile
+ host_profile: dp-intel-pod10
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: pod10-rack
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'workers'
+...
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: The next node's hostname
+ name: pod10-node5
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: The next node's IPv4 addressing
+ addressing:
+ - network: oob
+ address: 10.10.100.15
+ - network: dmz
+ address: 10.10.100.25
+ - network: admin
+ address: 10.10.101.25
+ - network: private
+ address: 10.10.102.25
+ - network: storage
+ address: 10.10.103.25
+ - network: management
+ address: 10.10.104.25
+ # NEWSITE-CHANGEME: The next node's host profile
+ host_profile: dp-intel-pod10
+ metadata:
+ # NEWSITE-CHANGEME: The next node's rack designation
+ rack: pod10-rack
+ # NEWSITE-CHANGEME: The next node's role desigatnion
+ tags:
+ - 'workers'
+...
diff --git a/site/intel-pod10/networks/common-addresses.yaml b/site/intel-pod10/networks/common-addresses.yaml
new file mode 100644
index 0000000..183cf91
--- /dev/null
+++ b/site/intel-pod10/networks/common-addresses.yaml
@@ -0,0 +1,164 @@
+---
+# The purpose of this file is to define network related paramters that are
+# referenced (substituted) elsewhere in the manifests for this site.
+#
+schema: pegleg/CommonAddresses/v1
+metadata:
+ schema: metadata/Document/v1
+ name: common-addresses
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ calico:
+ # NEWSITE-CHANGEME: The interface that Calico will use. Update if your
+ # logical interface name or Calico VLAN have changed from the reference
+ # site design.
+ # This should be whichever interface (or bond) and VLAN number specified in
+ # networks/physical/networks.yaml for the Calico network.
+ # E.g. you would set "interface=ens785f0" as shown here.
+ ip_autodetection_method: interface=eno3
+ etcd:
+ # The etcd service IP address.
+ # This address must be within data.kubernetes.service_cidr range
+ service_ip: 10.96.232.136
+
+ # NEWSITE-CHANGEME: Update virtual IPs to be used for deployment.
+ # These IPs are imporant and tied to FQDN/DNS registration for the site, see more at
+ # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#register-dns-names
+ vip:
+ # Used for accessing Airship/OpenStack APIs (ingress of kube-system)
+ # The address is selected from DMZ network specified in
+ # networks/physical/networks.yaml
+ ingress_vip: '10.10.100.100/32'
+ # Used for bare-metal deployment (PXE boot, fetching Drydock bootactions)
+ # The address is selected from Admin network specified in
+ # networks/physical/networks.yaml
+ maas_vip: '10.10.101.100/32'
+
+ dns:
+ # Kubernetes cluster domain. Do not change. This is internal to the cluster.
+ cluster_domain: cluster.local
+ # DNS service ip
+ service_ip: 10.96.0.10
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ upstream_servers:
+ - 8.8.8.8
+ - 8.8.4.4
+ # Repeat the same values as above, but formatted as a common separated
+ # string
+ upstream_servers_joined: 8.8.8.8,8.8.4.4
+ # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
+ # Choose FQDN according to the ingress/public FQDN naming conventions at
+ # the top of this document.
+ ingress_domain: intel-pod10.opnfv.org
+
+ genesis:
+ # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
+ # the Genesis role. Refer to the hostname naming stardards in
+ # networks/physical/networks.yaml
+ # NOTE: Ensure that the genesis node is manually configured with this
+ # hostname before running `genesis.sh` on the node, see
+ # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#genesis-node
+ hostname: pod10-node1
+ # NEWSITE-CHANGEME: Address defined for Calico network in
+ # networks/physical/networks.yaml
+ ip: 10.10.102.21
+
+ bootstrap:
+ # NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in
+ # networks/physical/networks.yaml
+ ip: 10.10.101.21
+
+ kubernetes:
+ # K8s API service IP
+ api_service_ip: 10.96.0.1
+ # etcd service IP
+ etcd_service_ip: 10.96.0.2
+ # k8s pod CIDR (network which pod traffic will traverse)
+ pod_cidr: 10.97.0.0/16
+ # k8s service CIDR (network which k8s API traffic will traverse)
+ service_cidr: 10.96.0.0/16
+ # misc k8s port settings
+ apiserver_port: 6443
+ haproxy_port: 6553
+ service_node_port_range: 30000-32767
+
+ # etcd port settings
+ etcd:
+ container_port: 2379
+ haproxy_port: 2378
+
+ # NEWSITE-CHANGEME: A list of nodes (excluding Genesis) which act as the
+ # control plane servers. Ensure that this matches the nodes with the 'masters'
+ # tags applied in baremetal/nodes.yaml
+ masters:
+ - hostname: pod10-node2
+ - hostname: pod10-node3
+
+ # NEWSITE-CHANGEME: Environment proxy information.
+ # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
+ # should be commented out.
+ # However if you are in a lab that requires proxy, ensure that these proxy
+ # settings are correct and reachable in your environment; otherwise update
+ # them with the correct values for your environment.
+ proxy:
+ http: ""
+ https: ""
+ no_proxy: []
+
+ node_ports:
+ drydock_api: 30000
+ maas_api: 30001
+
+ ntp:
+ # comma separated NTP server list. Verify that these upstream NTP servers are
+ # reachable in your environment; otherwise update them with the correct
+ # values for your environment.
+ servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+
+ # An example for Openstack Helm Infra LDAP
+ ldap:
+ # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
+ # relevant for your type of deployment (test vs prod values, etc).
+ base_url: 'ldap.example.com'
+ # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
+ url: 'ldap://ldap.example.com'
+ # NEWSITE-CHANGEME: Update to the correct expression relevant for this
+ # deployment (test vs prod values, etc)
+ auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+ # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
+ # relevant for this deployment (test users vs prod users/values, etc)
+ common_name: test
+ # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
+ # deployment (test vs prod values, etc)
+ subdomain: test
+ # NEWSITE-CHANGEME: Update to the correct domain for your type of
+ # deployment (test vs prod values, etc)
+ domain: example
+
+ storage:
+ ceph:
+ # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
+ # used for the Storage network in networks/physical/networks.yaml
+ public_cidr: '10.10.103.0/24'
+ cluster_cidr: '10.10.103.0/24'
+
+ neutron:
+ # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the interface name and
+ # VLAN number are consistent with what's defined for the Private network in
+ # networks/physical/networks.yaml
+ tunnel_device: 'eno3'
+ # Interface for the OpenStack external network. Ensure the interface name is
+ # consistent with the interface and VLAN assigned to the Public network in
+ # networks/physical/networks.yaml
+ external_iface: 'eno4.1103'
+
+ openvswitch:
+ # Interface for the OpenStack external network. Ensure the interface name is
+ # consistent with the interface and VLAN assigned to the Public network in
+ # networks/physical/networks.yaml
+ external_iface: 'eno4.1103'
+...
diff --git a/site/intel-pod10/networks/physical/networks.yaml b/site/intel-pod10/networks/physical/networks.yaml
new file mode 100644
index 0000000..ac2509e
--- /dev/null
+++ b/site/intel-pod10/networks/physical/networks.yaml
@@ -0,0 +1,327 @@
+---
+# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
+# devices) and Networks (i.e. layer 3 configurations).
+#
+# The following is reference configuration for Intel hosted POD10
+# https://wiki.opnfv.org/display/pharos/Intel+POD10
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# | | | | | | |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# |IF0 1G | dmz | OoB & OAM (default route) | VLAN 100 | untagged | 10.10.100.0/24 |
+# |IF1 1G | admin | PXE boot network | VLAN 101 | untagged | 10.10.101.0/24 |
+# |IF2 10G | private | Underlay calico and ovs overlay | VLAN 102 | untagged | 10.10.102.0/24 |
+# | | management | Management (unused for now) | VLAN 104 | tagged | 10.10.104.0/24 |
+# |IF3 10G | storage | Storage network | VLAN 103 | untagged | 10.10.103.0/24 |
+# | | public | Public network for VMs | VLAN 1103 | tagged | 10.10.105.0/24 |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+#
+# For standard Airship deployments, you should not need to modify the number of
+# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
+# need editing.
+#
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # MaaS doesnt own this network like it does the others,
+ # so the noconfig label is specified.
+ labels:
+ noconfig: enabled
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: oob
+ allowed_networks:
+ - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
+ cidr: 10.10.100.0/24
+ routes:
+ # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
+ - subnet: '0.0.0.0/0'
+ gateway: 10.10.100.1
+ metric: 100
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: dmz
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: dmz
+ allowed_networks:
+ - dmz
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: dmz
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR
+ cidr: 10.10.100.0/24
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Set the DMZ network gateway IP address
+ # NOTE: This serves as the site's default route.
+ gateway: 10.10.100.1
+ metric: 100
+ ranges:
+ # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+ - type: reserved
+ start: 10.10.100.1
+ end: 10.10.100.19
+ # NEWSITE-CHANGEME: Update static range that will be used for the nodes.
+ # See minimum range required for the nodes in baremetal/nodes.yaml.
+ - type: static
+ start: 10.10.100.20
+ end: 10.10.100.39
+ dns:
+ # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+ # Choose FQDN according to the node FQDN naming conventions at the top of
+ # this document.
+ domain: intel-pod10.opnfv.org
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ # TODO: This should be populated via substitution from common-addresses
+ servers: '8.8.8.8,8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: admin
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: admin
+ allowed_networks:
+ - admin
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: admin
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
+ # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
+ cidr: 10.10.101.0/24
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Set the Admin network gateway IP address
+ gateway: 10.10.101.1
+ metric: 100
+ # NOTE: The DHCP addresses are used when nodes perform a PXE boot
+ # (DHCP address gets assigned), and when a node is commissioning in MaaS
+ # (also uses DHCP to get its IP address). However, when MaaS installs the
+ # operating system ("Deploying/Deployed" states), it will write a static IP
+ # assignment to /etc/network/interfaces[.d] with IPs from the "static"
+ # subnet defined here.
+ ranges:
+ # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+ - type: reserved
+ start: 10.10.101.1
+ end: 10.10.101.19
+ # NEWSITE-CHANGEME: Update to the first half of the remaining range after
+ # excluding the reserved IPs.
+ - type: static
+ start: 10.10.101.20
+ end: 10.10.101.39
+ # NEWSITE-CHANGEME: Update to the second half of the remaining range after
+ # excluding the reserved IPs.
+ - type: dhcp
+ start: 10.10.101.40
+ end: 10.10.101.79
+ dns:
+ # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+ # Choose FQDN according to the node FQDN naming conventions at the top of
+ # this document.
+ domain: intel-pod10.opnfv.org
+ # NEWSITE-CHANGEME: Use MAAS VIP as the DNS server.
+ # MAAS has inbuilt DNS server and Debian mirror that allows nodes to be
+ # deployed without requiring routed/internet access for the Admin/PXE interface.
+ # See data.vip.maas_vip in networks/common-addresses.yaml.
+ # TODO: This should be populated via substitution from common-addresses
+ servers: '10.10.101.100'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: data1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater.
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: 802.1q
+ allowed_networks:
+ - private
+ - management
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: private
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the Private network is on
+ vlan: '0'
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the Private network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.10.102.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
+ # reserved IPs.
+ - type: static
+ start: 10.10.102.1
+ end: 10.10.102.19
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: management
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the Management network is on
+ vlan: '104'
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the Management network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.10.104.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
+ # reserved IPs.
+ - type: static
+ start: 10.10.104.1
+ end: 10.10.104.19
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: data2
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater.
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: 802.1q
+ default_network: storage
+ allowed_networks:
+ - storage
+ - public
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: storage
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the Storage network is on
+ vlan: '0'
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater.
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the Storage network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.10.103.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the remaining range excludin (if any)
+ # reserved IPs.
+ - type: static
+ start: 10.10.103.1
+ end: 10.10.103.19
+...
+---
+# The public network for OpenStack VMs.
+# NOTE: Only interface 'eno4.1103' will be setup, no IPs assigned to hosts
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: public
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the Public network is on
+ vlan: '1103'
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater.
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the Public network
+ cidr: 10.10.105.0/24
+...
diff --git a/site/intel-pod10/pki/pki-catalog.yaml b/site/intel-pod10/pki/pki-catalog.yaml
new file mode 100644
index 0000000..b66ea64
--- /dev/null
+++ b/site/intel-pod10/pki/pki-catalog.yaml
@@ -0,0 +1,289 @@
+---
+# The purpose of this file is to define the PKI certificates for the environment
+#
+# NOTE: When deploying a new site, this file should not be configured until
+# baremetal/nodes.yaml is complete.
+#
+schema: promenade/PKICatalog/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cluster-certificates
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ certificate_authorities:
+ kubernetes:
+ description: CA for Kubernetes components
+ certificates:
+ - document_name: apiserver
+ description: Service certificate for Kubernetes apiserver
+ common_name: apiserver
+ hosts:
+ - localhost
+ - 127.0.0.1
+ # FIXME: Repetition of api_service_ip in common-addresses; use
+ # substitution
+ - 10.96.0.1
+ kubernetes_service_names:
+ - kubernetes.default.svc.cluster.local
+
+ # NEWSITE-CHANGEME: The following should be a list of all the nodes in
+ # the environment (genesis, control plane, data plane, everything).
+ # Add/delete from this list as necessary until all nodes are listed.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml
+ # NOTE: The genesis node needs to be defined twice (the first two entries
+ # on this list) with all of the same paramters except the document_name.
+ # In the first case the document_name is `kubelet-genesis`, and in the
+ # second case the document_name format is `kubelet-YOUR_GENESIS_HOSTNAME`.
+ - document_name: kubelet-genesis
+ common_name: system:node:pod10-node1
+ hosts:
+ - pod10-node1
+ - 10.10.102.21
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod10-node1
+ common_name: system:node:pod10-node1
+ hosts:
+ - pod10-node1
+ - 10.10.102.21
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod10-node2
+ common_name: system:node:pod10-node2
+ hosts:
+ - pod10-node2
+ - 10.10.102.22
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod10-node3
+ common_name: system:node:pod10-node3
+ hosts:
+ - pod10-node3
+ - 10.10.102.23
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod10-node4
+ common_name: system:node:pod10-node4
+ hosts:
+ - pod10-node4
+ - 10.10.102.24
+ groups:
+ - system:nodes
+ - document_name: kubelet-pod10-node5
+ common_name: system:node:pod10-node5
+ hosts:
+ - pod10-node4
+ - 10.10.102.25
+ groups:
+ - system:nodes
+ # End node list
+ - document_name: scheduler
+ description: Service certificate for Kubernetes scheduler
+ common_name: system:kube-scheduler
+ - document_name: controller-manager
+ description: certificate for controller-manager
+ common_name: system:kube-controller-manager
+ - document_name: admin
+ common_name: admin
+ groups:
+ - system:masters
+ - document_name: armada
+ common_name: armada
+ groups:
+ - system:masters
+ kubernetes-etcd:
+ description: Certificates for Kubernetes's etcd servers
+ certificates:
+ - document_name: apiserver-etcd
+ description: etcd client certificate for use by Kubernetes apiserver
+ common_name: apiserver
+ # NOTE(mark-burnett): hosts not required for client certificates
+ - document_name: kubernetes-etcd-anchor
+ description: anchor
+ common_name: anchor
+ # NEWSITE-CHANGEME: The following should be a list of the control plane
+ # nodes in the environment, including genesis.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # 3. 127.0.0.1
+ # 4. localhost
+ # 5. kubernetes-etcd.kube-system.svc.cluster.local
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml, except for the kubernetes
+ # service_cidr where it should start with the second IP in the range.
+ # NOTE: The genesis node is defined twice with the same `hosts` data:
+ # Once with its hostname in the common/document name, and once with
+ # `genesis` defined instead of the host. For now, this duplicated
+ # genesis definition is required. FIXME: Remove duplicate definition
+ # after Promenade addresses this issue.
+ - document_name: kubernetes-etcd-genesis
+ common_name: kubernetes-etcd-genesis
+ hosts:
+ - pod10-node1
+ - 10.10.102.21
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod10-node1
+ common_name: kubernetes-etcd-pod10-node1
+ hosts:
+ - pod10-node1
+ - 10.10.102.21
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod10-node2
+ common_name: kubernetes-etcd-pod10-node2
+ hosts:
+ - pod10-node2
+ - 10.10.102.22
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod10-node3
+ common_name: kubernetes-etcd-pod10-node3
+ hosts:
+ - pod10-node3
+ - 10.10.102.23
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ # End node list
+ kubernetes-etcd-peer:
+ certificates:
+ # NEWSITE-CHANGEME: This list should be identical to the previous list,
+ # except that `-peer` has been appended to the document/common names.
+ - document_name: kubernetes-etcd-genesis-peer
+ common_name: kubernetes-etcd-genesis-peer
+ hosts:
+ - pod10-node1
+ - 10.10.102.21
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod10-node1-peer
+ common_name: kubernetes-etcd-pod10-node1-peer
+ hosts:
+ - pod10-node1
+ - 10.10.102.21
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod10-node2-peer
+ common_name: kubernetes-etcd-pod10-node2-peer
+ hosts:
+ - pod10-node2
+ - 10.10.102.22
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-pod10-node3-peer
+ common_name: kubernetes-etcd-pod10-node3-peer
+ hosts:
+ - pod10-node3
+ - 10.10.102.23
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ # End node list
+ calico-etcd:
+ description: Certificates for Calico etcd client traffic
+ certificates:
+ - document_name: calico-etcd-anchor
+ description: anchor
+ common_name: anchor
+ # NEWSITE-CHANGEME: The following should be a list of the control plane
+ # nodes in the environment, including genesis.
+ # For each node, the `hosts` list should be comprised of:
+ # 1. The node's hostname, as already defined in baremetal/nodes.yaml
+ # 2. The node's Calico IP address, as already defined in baremetal/nodes.yaml
+ # 3. 127.0.0.1
+ # 4. localhost
+ # 5. The calico/etcd/service_ip defined in networks/common-addresses.yaml
+ # NOTE: This list also needs to include the Genesis node, which is not
+ # listed in baremetal/nodes.yaml, but by convention should be allocated
+ # the first non-reserved IP in each logical network allocation range
+ # defined in networks/physical/networks.yaml
+ - document_name: calico-etcd-pod10-node1
+ common_name: calico-etcd-pod10-node1
+ hosts:
+ - pod10-node1
+ - 10.10.102.21
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-pod10-node2
+ common_name: calico-etcd-pod10-node2
+ hosts:
+ - pod10-node2
+ - 10.10.102.22
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-pod10-node3
+ common_name: calico-etcd-pod10-node3
+ hosts:
+ - pod10-node3
+ - 10.10.102.23
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node
+ common_name: calcico-node
+ # End node list
+ calico-etcd-peer:
+ description: Certificates for Calico etcd clients
+ certificates:
+ # NEWSITE-CHANGEME: This list should be identical to the previous list,
+ # except that `-peer` has been appended to the document/common names.
+ - document_name: calico-etcd-pod10-node1-peer
+ common_name: calico-etcd-pod10-node1-peer
+ hosts:
+ - pod10-node1
+ - 10.10.102.21
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-pod10-node2-peer
+ common_name: calico-etcd-pod10-node2-peer
+ hosts:
+ - pod10-node2
+ - 10.10.102.22
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-pod10-node3-peer
+ common_name: calico-etcd-pod10-node3-peer
+ hosts:
+ - pod10-node3
+ - 10.10.102.23
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node-peer
+ common_name: calcico-node-peer
+ # End node list
+ keypairs:
+ - name: service-account
+ description: Service account signing key for use by Kubernetes controller-manager.
+...
diff --git a/site/intel-pod10/profiles/hardware/intel-pod10.yaml b/site/intel-pod10/profiles/hardware/intel-pod10.yaml
new file mode 100644
index 0000000..9d1764d
--- /dev/null
+++ b/site/intel-pod10/profiles/hardware/intel-pod10.yaml
@@ -0,0 +1,105 @@
+---
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: intel-pod10
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # Vendor of the server chassis
+ vendor: Intel
+ # Generation of the chassis model
+ generation: '4'
+ # Version of the chassis model within its generation - not version of the hardware definition
+ hw_version: '3'
+ # The certified version of the chassis BIOS
+ bios_version: 'SE5C610.86B.01.01.0019.101220160604'
+ # Mode of the default boot of hardware - bios, uefi
+ boot_mode: bios
+ # Protocol of boot of the hardware - pxe, usb, hdd
+ bootstrap_protocol: pxe
+ # Which interface to use for network booting within the OOB manager, not OS device
+ pxe_interface: 0
+
+ # Map hardware addresses to aliases/roles to allow a mix of hardware configs
+ # in a site to result in a consistent configuration
+
+ device_aliases:
+ ## network
+ # $ sudo lspci |grep -i ethernet
+ # 03:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
+ # 03:00.3 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
+ # 05:00.0 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+ # 05:00.1 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+ # 05:00.2 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+ # 05:00.3 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)
+
+ # control networks
+ # eno1
+ ctrl_nic1:
+ address: '0000:04:00.0'
+ dev_type: 'I350 Gigabit Network Connection'
+ bus_type: 'pci'
+ # eno2
+ ctrl_nic2:
+ address: '0000:04:00.3'
+ dev_type: 'I350 Gigabit Network Connection'
+ bus_type: 'pci'
+
+ # data networks
+ # eno3
+ data_nic1:
+ address: '0000:02:00.0'
+ dev_type: '82599ES 10-Gigabit SFI/SFP+ Network Connection'
+ bus_type: 'pci'
+ # eno4
+ data_nic2:
+ address: '0000:02:00.1'
+ dev_type: '82599ES 10-Gigabit SFI/SFP+ Network Connection'
+ bus_type: 'pci'
+
+ ## storage
+ # $ sudo lshw -c disk
+ # *-disk
+ # description: ATA Disk
+ # product: INTEL SSDSC2BB48
+ # physical id: 0.0.0
+ # bus info: scsi@4:0.0.0
+ # logical name: /dev/sda
+ # version: 0101
+ # serial: PHDV637602LL480BGN
+ # size: 447GiB (480GB)
+ # capabilities: gpt-1.00 partitioned partitioned:gpt
+ # configuration: ansiversion=5 guid=ea7d0b6a-c105-4409-8d4c-dc104cb38737 logicalsectorsize=512 sectorsize=4096
+ # *-disk
+ # description: ATA Disk
+ # product: ST91000640NS
+ # vendor: Seagate
+ # physical id: 0.0.0
+ # bus info: scsi@5:0.0.0
+ # logical name: /dev/sdb
+ # version: SN03
+ # serial: 9XG6LX48
+ # size: 931GiB (1TB)
+ # capabilities: gpt-1.00 partitioned partitioned:gpt
+ # configuration: ansiversion=5 guid=27f17348-e081-4b00-8d4c-5960513a40cd logicalsectorsize=512 sectorsize=512
+
+ # /dev/sda
+ bootdisk:
+ address: '0:0.0.0'
+ dev_type: 'ST3000NM0033-9ZM'
+ bus_type: 'scsi'
+ # /dev/sdb
+ datadisk:
+ address: '1:0.0.0'
+ dev_type: 'SSDSC2BW18'
+ bus_type: 'scsi'
+ cpu_sets:
+ kvm: '4-43,48-87'
+ hugepages:
+ dpdk:
+ size: '1G'
+ count: 32
+...
diff --git a/site/intel-pod10/profiles/host/cp-intel-pod10.yaml b/site/intel-pod10/profiles/host/cp-intel-pod10.yaml
new file mode 100644
index 0000000..55cbae7
--- /dev/null
+++ b/site/intel-pod10/profiles/host/cp-intel-pod10.yaml
@@ -0,0 +1,105 @@
+---
+# The primary control plane host profile for Airship for DELL R720s, and
+# should not need to be altered if you are using matching HW. The active
+# participants in the Ceph cluster run on this profile. Other control plane
+# services are not affected by primary vs secondary designation.
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cp-intel-pod10
+ storagePolicy: cleartext
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: cp-global
+ actions:
+ - method: replace
+ path: .interfaces
+ - method: replace
+ path: .storage
+ - method: merge
+ path: .
+data:
+ hardware_profile: intel-pod10
+
+ primary_network: dmz
+ interfaces:
+ dmz:
+ device_link: dmz
+ slaves:
+ - ctrl_nic1
+ networks:
+ - dmz
+ admin:
+ device_link: admin
+ slaves:
+ - ctrl_nic2
+ networks:
+ - admin
+ data1:
+ device_link: data1
+ slaves:
+ - data_nic1
+ networks:
+ - private
+ - management
+ data2:
+ device_link: data2
+ slaves:
+ - data_nic2
+ networks:
+ - storage
+ - public
+
+ storage:
+ physical_devices:
+ bootdisk:
+ labels:
+ bootdrive: 'true'
+ partitions:
+ - name: 'root'
+ size: '30g'
+ bootable: true
+ filesystem:
+ mountpoint: '/'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'boot'
+ size: '1g'
+ filesystem:
+ mountpoint: '/boot'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var_log'
+ size: '100g'
+ filesystem:
+ mountpoint: '/var/log'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var'
+ size: '>100g'
+ filesystem:
+ mountpoint: '/var'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+
+ datadisk:
+ partitions:
+ - name: 'ceph'
+ size: '99%'
+ filesystem:
+ mountpoint: '/var/lib/ceph'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+
+ platform:
+ image: 'xenial'
+ kernel: 'hwe-16.04'
+ kernel_params:
+ kernel_package: 'linux-image-4.15.0-46-generic'
+
+ metadata:
+ owner_data:
+ openstack-l3-agent: enabled
+...
diff --git a/site/intel-pod10/profiles/host/dp-intel-pod10.yaml b/site/intel-pod10/profiles/host/dp-intel-pod10.yaml
new file mode 100644
index 0000000..d0e63a3
--- /dev/null
+++ b/site/intel-pod10/profiles/host/dp-intel-pod10.yaml
@@ -0,0 +1,112 @@
+---
+# The data plane host profile for Airship for DELL R720s, and should
+# not need to be altered if you are using matching HW. The host profile is setup
+# for cpu isolation (for nova pinning), hugepages, and sr-iov.
+schema: drydock/HostProfile/v1
+metadata:
+ schema: metadata/Document/v1
+ name: dp-intel-pod10
+ storagePolicy: cleartext
+ layeringDefinition:
+ abstract: false
+ layer: type
+ parentSelector:
+ hosttype: dp-global
+ actions:
+ - method: replace
+ path: .interfaces
+ - method: replace
+ path: .storage
+ - method: merge
+ path: .
+data:
+ hardware_profile: intel-pod10
+
+ primary_network: dmz
+ interfaces:
+ dmz:
+ device_link: dmz
+ slaves:
+ - ctrl_nic1
+ networks:
+ - dmz
+ admin:
+ device_link: admin
+ slaves:
+ - ctrl_nic2
+ networks:
+ - admin
+ data1:
+ device_link: data1
+ slaves:
+ - data_nic1
+ networks:
+ - private
+ - management
+ data2:
+ device_link: data2
+ slaves:
+ - data_nic2
+ networks:
+ - storage
+ - public
+
+ storage:
+ physical_devices:
+ bootdisk:
+ labels:
+ bootdrive: 'true'
+ partitions:
+ - name: 'root'
+ size: '30g'
+ bootable: true
+ filesystem:
+ mountpoint: '/'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'boot'
+ size: '1g'
+ filesystem:
+ mountpoint: '/boot'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'log'
+ size: '100g'
+ filesystem:
+ mountpoint: '/var/log'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+ - name: 'var'
+ size: '>100g'
+ filesystem:
+ mountpoint: '/var'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+
+ datadisk:
+ partitions:
+ - name: 'ceph'
+ size: '99%'
+ filesystem:
+ mountpoint: '/var/lib/ceph'
+ fstype: 'ext4'
+ mount_options: 'defaults'
+
+ platform:
+ image: 'xenial'
+ kernel: 'hwe-16.04'
+ kernel_params:
+ kernel_package: 'linux-image-4.15.0-46-generic'
+ intel_iommu: 'on'
+ iommu: 'pt'
+ amd_iommu: 'on'
+ cgroup_disable: 'hugetlb'
+ transparent_hugepage: 'never'
+ hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+ hugepages: 'hardwareprofile:hugepages.dpdk.count'
+ default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+ isolcpus: 'hardwareprofile:cpuset.kvm'
+ metadata:
+ owner_data:
+ sriov: enabled
+...
diff --git a/site/intel-pod10/profiles/region.yaml b/site/intel-pod10/profiles/region.yaml
new file mode 100644
index 0000000..e714ca4
--- /dev/null
+++ b/site/intel-pod10/profiles/region.yaml
@@ -0,0 +1,60 @@
+---
+# The purpose of this file is to define the drydock Region, which in turn drives
+# the MaaS region.
+schema: 'drydock/Region/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ # NEWSITE-CHANGEME: Replace with the site name
+ name: intel-pod10
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - dest:
+ path: .repositories.main_archive
+ src:
+ schema: pegleg/SoftwareVersions/v1
+ name: software-versions
+ path: .packages.repositories.main_archive
+ # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
+ # list of authorized keys which MaaS will register for the build-in "ubuntu"
+ # account during the PXE process. Create a substitution rule for each SSH
+ # key that should have access to the "ubuntu" account (useful for trouble-
+ # shooting problems before UAM or UAM-lite is operational). SSH keys are
+ # stored as secrets in site/seaworthy/secrets.
+ - dest:
+ # Add/replace the item in the list
+ path: .authorized_keys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ # This should match the "name" metadata of the SSH key which will be
+ # substituted, located in site/intel-pod10/secrets folder.
+ name: sridhar_ssh_public_key
+ path: .
+ - dest:
+ # Increment the list index
+ path: .authorized_keys[1]
+ src:
+ schema: deckhand/PublicKey/v1
+ # your ssh key
+ name: trevor_ssh_public_key
+ path: .
+ - dest:
+ # Increment the list index
+ path: .authorized_keys[2]
+ src:
+ schema: deckhand/PublicKey/v1
+ # your ssh key
+ name: luc_ssh_public_key
+ path: .
+data:
+ tag_definitions: []
+ # This is the list of SSH keys which MaaS will register for the built-in
+ # "ubuntu" account during the PXE process. This list is populated by
+ # substitution, so the same SSH keys do not need to be repeated in multiple
+ # manifests.
+ authorized_keys: []
+ repositories:
+ remove_unlisted: true
+...
diff --git a/site/intel-pod10/secrets/certificates/certificates.yaml b/site/intel-pod10/secrets/certificates/certificates.yaml
new file mode 100644
index 0000000..758ee56
--- /dev/null
+++ b/site/intel-pod10/secrets/certificates/certificates.yaml
@@ -0,0 +1,2456 @@
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSDCCAjCgAwIBAgIUUhe1JxgE7Yh1iqSJOSEGx3ZAnhQwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yNDEwMTUxNjE3MDBaMCoxEzARBgNVBAoTCkt1YmVy
+ bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQDPD4hcsqHA2H35EynaEia5xR7J53zeMZRxTA/dZ7Ajr5KiE3df
+ YBn2XH41x2tnYnSeeMaEA9/0MUdMfL8cfuLOc00SV583X+NRV099zSwVk0t+0qxM
+ zZILWhkYSVU6LScaDHSWsKotdb5srQ4jXEKQLJGKcCVdZfKtOpd3L5oNAgFWMb1+
+ L1dj6bzMemKY0jyhOwkhzq9HIKDVF9UgGrQG39c853R1OyLCuV7GvGwZTLSYlQE8
+ kdzJPJxphHI5HJ07qFnVHfZTINKCSp4CzcR69P2ebNkYYxMMjMJcKcGBQZeD8IYP
+ 3Lj7JRb9tYMMsCnvckOYesmM6cLd2/N3J+CvAgMBAAGjZjBkMA4GA1UdDwEB/wQE
+ AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBR70SVxO0VZs5uQBJZ8
+ FtrinOnDhDAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDANBgkqhkiG
+ 9w0BAQsFAAOCAQEAO3HxeNV8py70HXWx0t3d/H67LazOn8GPXaGb1t/LJP6Im4aA
+ Iz/86KERBZtnPca4ViZSGg+24X5jEVuneu0Cb2PXTI19rPTk46z+xjOYvg7QKAC7
+ Zy8bIyxHRcOJWXZtfldjjarD+6Z+SpUy30IW6QBhhKXkgWcBJHuzvsRy34cn2Dor
+ 3kMYjMl8eVB9MIEe06W68XWcqs2W1qxbwyhVtiYkDhAdJLezCX5gMzASkrrXOlgc
+ 8I5bdpNHBcWdWozLYyo8FfcxQ3kC4u0oBFPcltU4wSNze5b6FEgsvFbj0VHYMpPe
+ YCe9NKOUGXFRmWQCu9r51TOL3ei9EDLojqWUJw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDUjCCAjqgAwIBAgIUd4gluEvZnIC6MSa2COXMpzTNRPcwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTI0MTAxNTE2MTcwMFowLzETMBEGA1UEChMK
+ S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG
+ 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozkTZtGGpJf40KQWe8JCifaJ7UXZo6aQudcf
+ WwKi8+R5VH9piFTGvEHQ4ynacogKKlJANdzNBfFIiwGbzBJzrIRXGxefsGJaqMYg
+ 0DAgJphHIbmaMZNhOt/8gptQE4J/1PoIiilzbMVhpI/kSeBqmeiJQirTc6Y8vQYO
+ qESCk8i3XjCAM9Dslei1KgfKXyquBoVDRNFs2WVJc1COJQR2EK0mwd1VWU2XgCSu
+ U014uRGINtuzobO/9Xz6cmG2Yr9JNmjnI1KmjIizBvCmnkNDBAUiohq3/PwNgC1t
+ SdKilbsTJpmFjnf32QmnnfNdRIEZW1aDCTerLF+hkulo42PRrQIDAQABo2YwZDAO
+ BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUHUaL
+ MQ/jLVbeUFCYtasaMoE4hXowHwYDVR0jBBgwFoAUHUaLMQ/jLVbeUFCYtasaMoE4
+ hXowDQYJKoZIhvcNAQELBQADggEBAGMzXFyfW8dPmjmNrDCoMhERDHY/xqgjZgG6
+ 2Rd50k/ZKa5dTac0m1tybZ0KGBQvsYTsDGPhXOEMzBpHwDN+G+Gh8LUpCbpY2xZT
+ WTvCeHBNgcgr3o454TEMVd5XSmNDqDalEm9A1ZX0w0DP1As4zzsqfiriuSvQEqtL
+ 1LdyA/9gFVNCl3O2Zamx/QJyZirC1+KJX4skI+Rofbw5NDRYilp1ddJGlOYIqTq6
+ 8Fw94OfFfpLadEOkkyyz7PLYUQv7IXubjl09L7h6roGLySs1000tXPr/00W413ny
+ gyQ8qPfwVTAc8IwPCxLrgCxuQ9Rnsjw8UpNFaj/IKDHLultyimk=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDXDCCAkSgAwIBAgIUNKOS1pqRdd6/c6oVMOysQzCDdWMwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjQxMDE1MTYxNzAwWjA0MRMwEQYD
+ VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC
+ ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6jvdox9yfGuKdpZ6oFEac8
+ KYIScvvZtw4d+YWxFg+U0VIh7MDcaIZW6NO9QW76XsaCgMOwv1m9m3VQ6SXpwXn5
+ uzgqIfHEaypizAIxAZFiSSVi++gArl5SZXzxPNIv8wdUubLKi4CQR+aCwfK9+FsV
+ GJ1S5rVmoCNma3ftOQAZiDUZsu4mX+UPzvofsMvMmYo+gk9P1VrHehlvUyBSsfvf
+ cZztJCNp4FIIXpoD8MjDad3nL6fwWDl/YNjqqpYHaWb8lHME8G9hM+MnMxyOhu/N
+ V0UJEujY64aq7GuZSYt3hgwDf1EQNmMfYP//Jq9gqTCSIl617cVeylZOBFy886kC
+ AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD
+ VR0OBBYEFFWqeaecOQWXBemv652P0prSyi9tMB8GA1UdIwQYMBaAFFWqeaecOQWX
+ Bemv652P0prSyi9tMA0GCSqGSIb3DQEBCwUAA4IBAQCT77h1WAEhxbRloCZJ0Gah
+ eaUk0fVaTSCHJzbGjV1BojrXtsEnHskq1uuB4zym9xOSz7JYc7UeY1+vMYpy8M+o
+ JqzlvSpz1JYDd8ukwJOvcdaepsYpj7G8nrbgDTglJ8KnsBcsCe5g7emKXxysGXU/
+ PgW2jZAHMO2gxgzEvh0PoXRMqn6TGHjrdl9cktNJ7Lv9uXM7e0FrkRUB1xoDia4O
+ l3m7T/VitUF8qnn1edkfCyGE333OQGkBJoTwsMJEh+myeUdEN3h92od3HGut8SI8
+ aaxl195+em6PgVNQJxFSrj0Pw1zKNcxTxHnjwSXpcrYawIHkI4vdb3gVsxk6QhAw
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSjCCAjKgAwIBAgIUD4Z/gmizWB80oApCHL838JSV1lgwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkxMDE3MTYxNzAwWhcNMjQxMDE1MTYxNzAwWjArMRMwEQYDVQQKEwpLdWJl
+ cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
+ ggEPADCCAQoCggEBAL+goMwNsaMtx8tjddFR1/iIr44iUCnJz2kwkV+G1ppFMUBx
+ NLUXzs26mxJ2BdNbMgFpWAe7gShIgvp4SYL1oD0Tvf0kEvRyym8jeSHVUIhT5T93
+ KmG6IB4gxVZLp0htO+673Byi+Y3t6rKICsDYH7+UtZcjgpjuOfYWLPxwke57x9y1
+ SNIj1QIo0YQT2bGwBz3x/s0hj2awSO8PqheY8nJLEKnnks3nzIFUp96IKFx0sB/j
+ ftQg1IuS0ak7mYSo3D9M1DOR3URG9yNXAN4bAZtndy+3zH9BAt60/4/vKoNdbYZT
+ dF1q+KY93yv7gW4/Ru6AZm2h/rEmgFWqst/UyokCAwEAAaNmMGQwDgYDVR0PAQH/
+ BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFKo/GpJZkwjxsI8Q
+ VNhp2BB2FK1cMB8GA1UdIwQYMBaAFKo/GpJZkwjxsI8QVNhp2BB2FK1cMA0GCSqG
+ SIb3DQEBCwUAA4IBAQAuJAZN8CUjK9tXYtr0Cofz26nuQmAxScR9deStaYVyIKPE
+ ASWbQVMdlGEFeWyaEfK9b5mjBJ4KV4cUig5Ki2WeCI9j4SXJnp404fjwFww+hnXU
+ 4cEValu5SrMehGa9aXrYWPi2417QP+AMsXda2GItQ+b5WSuD00G+9/sZZvdmQYJT
+ UDQBpDsEgmHnVF2Qk4SIcl6MC2zXWroXcRZ7dHkgDCUMLs8bzIBD+7lVhrVXMOjJ
+ 7Yc+XT2r4oeWlG6ssQloC8I7u09DmvcqPKTouCQNdEOMqJJjsPxGss848Ozgxabg
+ HnW1VpAUGAEVtIXOBC5hiP3a6SNbnRPFzM7wzI+Z
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDVDCCAjygAwIBAgIUe8pGbUVr4Np9evhV65xWfe3EAucwDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yNDEwMTUxNjE3MDBaMDAxEzARBgNVBAoT
+ Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG
+ SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTTZoqqSSE5JeIimYlOa+5fV+I/ZKOvuOa
+ 3mAHMCeEbct2VFAlKR84ZRK+0V8kl7H4a/heq5raC20I06nm/hko7FYfZ/XisgNQ
+ LuHrMIiwuc6S8pGBmXAn2dn8Dai+i9PFTPllNvSSoSjPpRZHRz13g0fjm+7KKOPm
+ K5CxH4C+pTMQjSxGjW/4NYZzY2ApvG7hyV5Fk11vNUMRPkVhVVo+cO7Kyw6skw2U
+ eksVdNEQmKPTGqXE4dK2awc5MpmFkIpVuNnohJWYWH6N7Ty0uWSe0qyi2g3GJwtq
+ fi8k5GDsMMmql9K9xEm28vQVKmmIGph8c1EcWB88EqD2bV6qGRqPAgMBAAGjZjBk
+ MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSw
+ f1hEf9YG8SVpf9jlxbHGtSQ4xzAfBgNVHSMEGDAWgBSwf1hEf9YG8SVpf9jlxbHG
+ tSQ4xzANBgkqhkiG9w0BAQsFAAOCAQEAfWmpgeHmgrN947AhQSgVuGspdJVaOGO0
+ eVdur/QfNw4ddGL2qDFzzr6r1YqjfsSsBbKRRbvFks74ngJ8soJfS3ta1y0cqvIl
+ TVQwK63mB8zhkwIF2qFLKZfUp5DYR0ORFCh0FArWkkgaRkSYcSQRK2MhAEqwUE6w
+ q2cBle0y17+d6jcoNjxXuHpyfXjoDX8wHb7earVLwm/+xHOANAjhUoGkb6yKV0Wy
+ DYMWdxgtJccg3qk9w4tO7Ma1fd1D1XxSs3r25nrrg4w3p+C+T4Y6/5CddCdy6/wV
+ BpszyMe/S5koRHxidecwW6rim6Mkf0+BjrgOxplygc4SZZ4QGNjorw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAzw+IXLKhwNh9+RMp2hImucUeyed83jGUcUwP3WewI6+SohN3
+ X2AZ9lx+NcdrZ2J0nnjGhAPf9DFHTHy/HH7iznNNElefN1/jUVdPfc0sFZNLftKs
+ TM2SC1oZGElVOi0nGgx0lrCqLXW+bK0OI1xCkCyRinAlXWXyrTqXdy+aDQIBVjG9
+ fi9XY+m8zHpimNI8oTsJIc6vRyCg1RfVIBq0Bt/XPOd0dTsiwrlexrxsGUy0mJUB
+ PJHcyTycaYRyORydO6hZ1R32UyDSgkqeAs3EevT9nmzZGGMTDIzCXCnBgUGXg/CG
+ D9y4+yUW/bWDDLAp73JDmHrJjOnC3dvzdyfgrwIDAQABAoIBAFVeRg5R57ami2mB
+ qSOrkCPPTZ5YvnatYlJD1damxUwxOvdvpyu/Z3TXNYHesj1xrjsX+GC9aDw5hPfY
+ BsMs3T3Y89G4JoCiHAqRQMjRKnfKvrmPClKv/qKHhwkoUuclbpWixP7L353Wiags
+ wUN66kae2XKGQiF7ws4A9inBinYJu3jJSwD48SEGk8gavwZsqv+bqICGpdgeHV7L
+ Mk3sxxKFAgN8F9yk53MuAdv8LIfVtm33juInLPqPMb2Ifv32mWmiS3xTCcIWq8Xa
+ 55FiNWMUD/yNNf+hgZDcSMJaxVgUSy5CRngfkOqA3XmWjcADF4/HvC92BzDM8wei
+ zhxNTcECgYEA80PkTiHctYmq2KYvpoaVHyWNqNCk1ePWIpOa4MyD7Hr3SShaQ2x+
+ D3HLzoExt+I6EwWBzE8r8HvkWNX/P7FpzVPaeVfYLF+w2cnMgW1UTkWKQf+ne29H
+ fz0W6km2NMvX2faGeB9rV0XVxi7+UQuj1hqXhECQOXNeWWgRqMbCx3kCgYEA2eZy
+ ifs6n3v1Zk2k03sklO89k5dSCU1soAOiKOFV7UL0TFxZFpMO+Mlt6etJqpbIEIre
+ yTSWtLCFlkMxjUWqVDRmBrQWPseCfGklpQNv7FL2qR7HT/iyqi+DjDal9OaWxSVL
+ ii7+M0OGClUGe+Fu8RSRQ4nrowWb5i0pGHub12cCgYEA42h3N7ceDTLp3GfWqbSs
+ GJbRi5uoTC8V0fLsWPO2682z99baMqdsXOHDZYOOx9ia84c1ZJoqeEBJIebDG3at
+ cn3OAZtmAW1e9OlZ3TAoHJeTfMkSdyh6zO59yn0n8MkSOrbj082DWe11vzPVGExq
+ V086jy6P5LT94VSRFZbhJPkCgYANSGH1DU5+iFTmPpdsmNYbChZr186VaJXVj0Mk
+ UNAnHWy89ugrWx2Pht/fYYtlDbn2YDDCfSUusJAEH+Z2YSfH6EXL5NByVUEcCmDU
+ FUiOVGRa3NhzhIqHm0vekTo+movYSrS3ILQ4NcaG/LXfeVeE9KcCQfcOQfpF5rzZ
+ lDdkwwKBgQDbDNH8G55BaV+oH47NwMqCBVHavctPts9GoZ12U/o26WjbRKDeXN1v
+ btePDtQNcxf6J6esFJX4/6AF13e+JfIE/0ePIkXrvSjNdmKeDeRh1FlPi748NhHY
+ N68vI9hGtCkyEjR/H+eXQt5fO02KqMdaEoOe1rZVcLngQz/f8n1tPw==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEAozkTZtGGpJf40KQWe8JCifaJ7UXZo6aQudcfWwKi8+R5VH9p
+ iFTGvEHQ4ynacogKKlJANdzNBfFIiwGbzBJzrIRXGxefsGJaqMYg0DAgJphHIbma
+ MZNhOt/8gptQE4J/1PoIiilzbMVhpI/kSeBqmeiJQirTc6Y8vQYOqESCk8i3XjCA
+ M9Dslei1KgfKXyquBoVDRNFs2WVJc1COJQR2EK0mwd1VWU2XgCSuU014uRGINtuz
+ obO/9Xz6cmG2Yr9JNmjnI1KmjIizBvCmnkNDBAUiohq3/PwNgC1tSdKilbsTJpmF
+ jnf32QmnnfNdRIEZW1aDCTerLF+hkulo42PRrQIDAQABAoIBAQCOlXNvZCV8bw16
+ JX1Gi0JZBrciQNyIax8OWPAZLspux+19dPgZkgUxu0TgzFT5rAFFSyiwZLvtLwOx
+ +qvAr3XBBLKbBh4HlUOhH8LWWtQbIvcwbNRX7mkHZ1dMOKTRBjTpNap0FxWvtRVB
+ Djncl2BIJqyQ0px48IUqkroHICH5Of3o9m6Q6l9pdnq/3QK0FBYGz9+JB8uFP1pL
+ uMzPcCzr6p1ZR+cafgu+oNIPMt4hpfOz+dBJ4mfnss0msosj6jFhBzvQ7feZBLu1
+ MAJqbLOZyRvL78lToNun1WJz4p5qFIrShFWLtqsEC6HFhKmC/wJXTCrBv2/kmam7
+ +K4PtUkBAoGBAMIsWcPc9PEZQ49Naqd4++yBuh1zhMrem59yy5xDQyygzNhhSGtD
+ GdsBFDidnQaTe5d9E30TwE+A3rUAFx54udwId+uX+DnOx0wxgCxkzB19kxmDcqIY
+ qU4IZC0BJ4ZlZiSWX00Z/i45PdIRKWp1x8f113qZ2F0fMFC604bWtsRhAoGBANcx
+ 34COhI1Hun6TvIrb/iYk2duX+eoQ/Wlh42jqSpmBXwj4JV9pRUgo5xXY3iYXXZeJ
+ AgMUH4V7CUzRYtkilMfbvcmqzrqowVqOF250B5auhFOO/EV9ibB8Iwfq/gDq8iZd
+ SmFzVsfQgdIg5VGwErerfhyOxWcFVav8dvYt0pDNAoGBAK8KGhWlry1U8AFT8axt
+ NPUccPGxvGjBShrv+jqwq/KkNmVtNUJ0Z+90Ro1PEEnoU8bZWuMrFfbVnm4eWbj/
+ bdS70ZcRFRTPofu+t+PNLe/7zsp2I7Wac61DhULIwp+18uFSqTCxGOEEewVOsT4m
+ VOWeahQ8cb5oqj5sXNk13+ahAoGBAI7ZHHRKJtNh+fpsN4w13M+VRsjuaYdnH9EE
+ meDbJgogRuW9U5GyX7s2668k9tJyUD53RE6m3QXOVq4XkHZy7jB9Pc7RA8oEm9Vw
+ 3T0E6MSttEmDcRLv8qakwNxQsawKShQNeYKW/dRGJOdHzvIa31HtFRn/7Com8Gfq
+ f02LvWtBAoGAR5MyEje+Og4ihfyR+gS6KdRmBUUGua0PGkl6MDJWumtL3Snfzhtp
+ uPldgwtkO+NNYr4oTln1YcfFdtYY0zFJJ9t9TwiMmaLvbd75hr474BygDM2/mGSf
+ bITJztZ4cDKeiFTEJAYx/geWsen+2x61WDd39KhhJoyu9VIUPQJ+K7g=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAzqO92jH3J8a4p2lnqgURpzwpghJy+9m3Dh35hbEWD5TRUiHs
+ wNxohlbo071BbvpexoKAw7C/Wb2bdVDpJenBefm7OCoh8cRrKmLMAjEBkWJJJWL7
+ 6ACuXlJlfPE80i/zB1S5ssqLgJBH5oLB8r34WxUYnVLmtWagI2Zrd+05ABmINRmy
+ 7iZf5Q/O+h+wy8yZij6CT0/VWsd6GW9TIFKx+99xnO0kI2ngUghemgPwyMNp3ecv
+ p/BYOX9g2OqqlgdpZvyUcwTwb2Ez4yczHI6G781XRQkS6Njrhqrsa5lJi3eGDAN/
+ URA2Yx9g//8mr2CpMJIiXrXtxV7KVk4EXLzzqQIDAQABAoIBACsR/hRorbdguERM
+ uAq8G73b0FsINWdBLeKHZOb0zkBZKHgSEiLwzeiSXN0laWoUTYTa1rPzNy8hUjHV
+ t4LrgiRGZTuDrKeT5TJkfVlHlagT8GMWiqME4VNPoU+1iJPW4rT4d+xIQ2N8rz/g
+ qURLTGTPtN211dihl2dJhcTtcSAP0fpcSTMY+YrgyHo3y7Il1sj/Q8kG8NanfOJa
+ hV02UGVLBmSOB3aXLMdfhkxNSXEtlrR1gVu49mExQU07sEPYoIqgvT65ZYAd+QhN
+ QSfpCoFqypP21b73QFk6ctMQfEH/46hNjNrIb/oFrHrtaBuhLra3ksD60RfZ7r2q
+ XPuqMgECgYEA0Kedp1hvVewzptfpMRkP+c+d6UiGmHHaMRlbFrBPfK+8Qlfdel1+
+ /x7EB0qHzBUNwDKUq2pL93s/7gjDSsgKn4xU+Wz7udfwPWhqrgelnp9q4hitd8kE
+ tnxnSmS2KqpI7dyZ2BCFdgR5sLtCENs/47jpamhCOp2ydS4xPDD6SVkCgYEA/YcR
+ +vRaX0iAo3eXUM9E49FNhg4oCBsSQDHw29CSSH7S1GwIxCYLzOmSfx6Kp1EmooJj
+ bJq0AX/PaAv0vvEg6eCgthhtb2KtSWvZzZ/Zy2gy2yWVq6hRjw/os4o8aivXwXyH
+ BGzlZ8q2qIk4RKlMux/VhOb65RsFylT+rAWLYtECgYAkNYJBYTJo+cV45a0dDRld
+ o67mpeRdnhxcOuc4x73ziFemN7NCoekBAujHzyJDwz+Qo/ZyzM6EEwpkF3c0igR1
+ 7ZdtdYE1ngidz3n7223dWhLlS50G1YaQ2IPgQBvwyX5AcPDtsuhGM76ecdCkNjgf
+ H566DX+4xlcKyMpYhLNaeQKBgQDcdr59+ks0HHowrGhbD0Ka0YGWl2zcT545ULRg
+ kikC/bYcnq2o1GTiliKchFSSVxE/tB79bDIoM5qKogr8l/bFKl7Wurs/ZxHFjRHj
+ q6PbLAs9YpuaoE38GBuFNSqAMQv353AJuyBqd28Lc/gITSi6eF5Wqf13iV4pqmuj
+ 71ZcYQKBgEiFCXt1Rh0usavU7B8SNG2lPzsKctnMt39+95ZFnMqlyQ726pZu/3Ov
+ F6BUQ37XM+lbPqKpXV21m0Q2ApYRUjGQKFpO6S0wndy9FYGvygHspq93g3cJA8hX
+ S2mPvSy2oIp1BmS/4DsY/XHbYUO5xoniZb97EqcNHwj+M/D+pI5w
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEAv6CgzA2xoy3Hy2N10VHX+IivjiJQKcnPaTCRX4bWmkUxQHE0
+ tRfOzbqbEnYF01syAWlYB7uBKEiC+nhJgvWgPRO9/SQS9HLKbyN5IdVQiFPlP3cq
+ YbogHiDFVkunSG077rvcHKL5je3qsogKwNgfv5S1lyOCmO459hYs/HCR7nvH3LVI
+ 0iPVAijRhBPZsbAHPfH+zSGPZrBI7w+qF5jycksQqeeSzefMgVSn3ogoXHSwH+N+
+ 1CDUi5LRqTuZhKjcP0zUM5HdREb3I1cA3hsBm2d3L7fMf0EC3rT/j+8qg11thlN0
+ XWr4pj3fK/uBbj9G7oBmbaH+sSaAVaqy39TKiQIDAQABAoIBAQC1kOzKau81Pdtg
+ ywyHGJUZ1+j/M2PhNGZhtLMJYClWYtkXxiu6qqQ4Kedkxo8eg/oNfFL8gJ0QHiR8
+ ThzZCQKa3GnXwKZ1F47XXzUW6Zc0lMlSKQbvMfvckBBqg6Qs69MtkLIuL/1kjVkj
+ b+NAdYcfbzffzLWhUZd5o+lcBw0+eEQlozmoTNT/l/wskTFnzVmT35VyiIHxU+k4
+ M7jhpT/FpEP+jGeS8VEimlXnRIgTOr7ThfdUtIq5Me0HCSkDEboWaKvtapZDfC7A
+ BTeYcVwjPy8qvwBhT+Mse+l0e2E+Dnqabbq0s4h7AGsAxYXPHJbnyyqV7p2gof1I
+ 3mZGYXUBAoGBAMfaF5rxgnXAdUhzWyoMmYs59kv+Ot9WsKYZjp8E4fBxEGfySrxk
+ gChrnnKd2TBxsZtc0r15JG/XZOorj9lsCxY1YIJzgKWiKYCwnAygKZBZRdc+i+bY
+ oCZZf2glOJCP84Yqf6jKjon/1oxfghFLjB5QZCVDyMfq8xPjHn+p6h81AoGBAPV3
+ Alc4qdOQJJzE8Qa+fQzdKNgiWhp8N/2MXUmEcRT1AmtcUa5gEUeF/5bN7o8SIURT
+ 9w0aKXKyemUcvySjbD9gQao/JmBGJ0gogZny+RM+MWE8o9Y24xGzc+bEmZ7LC71e
+ sgBVZDHF1Lryy90m+j3GAlJPJTAdeH6snMKX1sSFAoGBAL7eRNMfOwi40YprWbL0
+ K6Szq83yNUneIoHQQM0QvbSEVzXfSo9YsKlp9v7iUG6a9xQ5d6+rxifmoCOhjRYK
+ wR/pxI1yQHhwQpD8m1zXjjqleDVVMAo9894MdckCW159jQgjCJ8tLSsRI1gXU0Kv
+ U1gUUUDh1x1P/+2LaTJmFgrNAoGAAb7Q43Hhs0FpITw9QoEEPp0r9y13WozbkQ/4
+ cddhPnbnh3/mjMjeFpYbVSUttxK37dZzAULYXJpsSF/F9Cq9UE4M6Xr9eN3G1bqE
+ AWY64yokC770o0dMogmWn2NyfDCRas1LkrkIt1niw1mKnY3zZZEM3yz05Lyw6KWt
+ j6youEkCgYEAnsRcauC2Z/4ReRDIjYmypqerkLwS6xmRQOGqY7vWghxAEkXSjqUH
+ BMQBS5mi82R2pwnkPLd2RvQwwdeJ2are8JazDOQrRqavu79FyZgH5ranJNrAQw7a
+ HNE+UE6dpgHBDIf0Ps/izdTIjEUeaUp8nsRR40mopVR8a2QMeOOFoEk=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA002aKqkkhOSXiIpmJTmvuX1fiP2Sjr7jmt5gBzAnhG3LdlRQ
+ JSkfOGUSvtFfJJex+Gv4Xqua2gttCNOp5v4ZKOxWH2f14rIDUC7h6zCIsLnOkvKR
+ gZlwJ9nZ/A2ovovTxUz5ZTb0kqEoz6UWR0c9d4NH45vuyijj5iuQsR+AvqUzEI0s
+ Ro1v+DWGc2NgKbxu4cleRZNdbzVDET5FYVVaPnDuyssOrJMNlHpLFXTREJij0xql
+ xOHStmsHOTKZhZCKVbjZ6ISVmFh+je08tLlkntKsotoNxicLan4vJORg7DDJqpfS
+ vcRJtvL0FSppiBqYfHNRHFgfPBKg9m1eqhkajwIDAQABAoIBAQDGkvYfw0brkLuL
+ eKzXrOekRNtELTDO7zuMbhEGkE2C2X/M2x1aXtPVNr8wDikAhYKd+DG4HkLvSK+W
+ DPxtdTwFxlyFNTjRawNMFlL/qGO82VD1rfnqNl09RjDh+6AqOdOxZk41vTiIl+V3
+ hihyodN0/i3QC9mTqGvMAgL/QaDHB1kMkstpZ54cilAxrGJUNmXPkzeIUCKbNXU+
+ SaBTNR5m4UZpYNHPNH9SQoHUhjY1vF7Sdm5AvgJuxSaut4i8xllnIHFY4PywrNEJ
+ aAhk5LTC4E2S7lF9cgSX2mUv6D8kO5ItHdbKCMrT8JdBdsT8+JiBumrd58sXcGCJ
+ HCVYH3ExAoGBAPcXb9jZR5Ssk+5yXZVbJbrQ+hJ4w7Qlg1+q5qXTHgG0bYw3JqdU
+ a9Gfkr8Eq4QH/IgAnk90M7L4ff+MNnz9yMgd0Fpr62USdtTHfGkM0/gEX1I8GlVs
+ imZJFHA0W0kPFN6/0B19C7UNsP/2jGPatv28UvdVmSxYbkqHP/stR8L3AoGBANrr
+ 2f5PxPEt4GnR+dmvYdXt8sa5h7gr0jujCHvEnJGUd+fK6D8oit2KclsgM/OjXYur
+ F7lZaX1dotqTynR5Yrx69n/jePcfNjJmttl2gMhA7g/fb5NB9XRaf+q7bM2kRvlZ
+ npy7z87rxhQEWxlo4cej6WouWagtgscHsByDQucpAoGBAL4s+rfTG+XRIhaPTXnr
+ 6lEsEJzw9+eKS9/xAI62u8yiGwKlXAnDzyxK/j4pEP2QzAu9Nht/G19vJELwnut6
+ xPNJBxjhIQ7stCs20olkBy1H6Dm56qa+4JKzQpjNo0jK48xBo6NeoAkc3ZNUJl+g
+ ceE+9jhJWJgqA9E24can5iinAoGAQZscoRHWu1A8SHocnhfpAetlLhi7i33WavjY
+ uf6ZzSbpKBWus/66Xtn2m0hzSThT+F81pN4etuswusA/k9gstr9Cz+Cjh6ta2o/d
+ jB3vShPrQ+Z50W+a11unqfixCo+IlYE9/0ppZGFT4vvLMTo1L1b3xFJPnA7Hek3b
+ gS/1BMECgYAmxjernEQ778QGg5sYdwCovW+tdN6NdxEIiPu6sJITcLy7iihtpfrE
+ gxYk1ZOAq6j9pROftDYlSr1+hhZ8zOTYS48plgDYvmJS7qRaJRUWeRRfB0OzBqhB
+ jWI22NajXD0OWdYliX/CtyI0wLKTJgJ7rbVjix5sk2Wdxnr3tya5/Q==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthorityKey/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID8jCCAtqgAwIBAgIUJ5FyERxyN6BatXR8Gk83s4OT4XcwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMBQxEjAQBgNVBAMTCWFwaXNl
+ cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVnnsLYUUBY2OrZ
+ 7HtKRftkmkEeXJfG0A174VA8IwUx949ja+htZ98FWcReYdSHyqxJQpqp+PuH7O8q
+ 4yQ1h87FQ568PqSjs+FV8JkxPjs1PxHT68Yq6ajkIDEmL3JeYimWzGpGmdRssgN9
+ nxz2oRjHyK5UMpxHVDMl3OE6SrHitqdtXSyNg7ImiRDgGLVx0pOr4Z81LAaUaHaj
+ G20czWxhpG46UjWRNR8eNaPLnI2AlpK+L1pHFT8HcQvWHf7DO+KaGCgg+rlvINeg
+ R16ie/hk1VR+3KTVs0ngO7MhXVqMtJlwP0Y6v6CQtGO3G2B116/7unuyPQLCp6Ys
+ q9ZIQ30CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+ BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUHtshtomJ
+ suG51xMiTWsthHNeZhEwHwYDVR0jBBgwFoAUe9ElcTtFWbObkASWfBba4pzpw4Qw
+ gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz
+ LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm
+ YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy
+ LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQBhvzAvLiUgxJCN
+ mzttQC7Uf+D8fXKkCe+e4tXZNA3r/jsEurfVxVt5Otd7Nl6Mwd24TJYblY9j7vbu
+ rXSsCwGI7UvcayrXJFmtguY8HpQtpKNuSC/YO0x7txC7AGHbNp5+j7BywRixjTCc
+ p2/BJe5J3rGm1xbQA9jvEdoOkiiRxHG2XcjFT/I/BkUMLLtRuCGo+MkK70/4hf2I
+ QOshTOarkX1w5Nz65zvNKoFRMyBSC0AEI8Zkxh/e3ZPodzoSebcTyXYU9bUIheOw
+ qTG50vd38cIlzRFV5NSw3wYr94Re444qkGldC3055uacu4vhHqpnUq0cMWhDhebY
+ 3dNkgJhS
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUaNxYoWg1GWgZ1ViNRLFEsYnDp2MwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTEwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDimT9nSR0zlA0wK7WvMRrUZDcBHP35
+ hAWranzbexBMAaBXlCPVxs1lGHo9AOTPjKsYpc+aAvlJi6efQsOcKagZRldyinBd
+ Ii+Z4hvia2Vqnk5s3YYEPFGo8krnXDpEL70TKH/GwfarSOsqycfolKYPpl1C6zQU
+ wH2U+u9hZ3oCtNPAh1oV+7faKQjhlRIURi8PK5qrbgqSrzWXOFVp/Eu1fjyrr26n
+ ZAGRyKFvScN4YzwujVgBvPKE5y/ZIpRtogZlS1if5Y3xp2VL98vKm7T1bX0J6NOc
+ BWqnh03CD4MWSZd8eqzMTV4kNgoZ93a47dhQwHJNz9FfPL3616OHmoeRAgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRBjw1gj6HCZjOT4ZfovXDapCUc
+ 2DAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+ b2QxMC1ub2RlMYcECgpmFTANBgkqhkiG9w0BAQsFAAOCAQEAc69fXJcmm9DrmHdH
+ 4fXyb1ymgRu4DtHzuSorr6hlCr2KUU7dlGTneoJPw3hPJy6E644P2dwd6qhFnbn3
+ 2/REy9ccg3xjrjaAwY2h3+haTSCzuQMr5MWIo/Hmzsr/dS2qvPTM+BVEPVlrHCc4
+ mhoNF+3L/tHHVBKmr3+KGSkyB0YJ0tg/AoGlHIHWlR83m2B5dQmpBBzlOjYEHft1
+ WnArQppis7EMhfeT30bl0+Q21zKQNmxU4fG47lkqpxmUQohODlJw1bH/dwot2Ku4
+ dmvf7QL3ynG36KazDk0i7NYSuTXdYAKnJI63JZeI8liwyCCSyJzCpnzIaUvKAILx
+ o4d+EA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUOYi/irJauZY4ZgueasRxWi7XsyYwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTEwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWZ/MNcpshsYrkIoFffSNgt7lTlJv+
+ WB50oHQ5dppwGy/5sv8sFOGfsfKjEwBNGvlmHwcz9t0MQ4+ojLBCyouN2CV1wnYY
+ ilb6Ag601t8mNs5EFzsNikJXHu1KUujzj70bapmV+G6y/pkb25ns2z/g+Ph5Zixq
+ DGGMk4ibeKJzkyCJSO7FhM2RNdjyWmaz72l2XuS7H9en+LeGmTpVP3xd55TlZ5Xf
+ aWua2u5ROrFvRcNlQGIToTislWaitQCh0xoX+SZPwxUSaSE1oj1TigO4CrLPoYzZ
+ tRTz6zAqgMJumgxSArgcGuPICoAM5SGfFulP3UziVL0EqXoqlKihGvn/AgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRDnT5+jSsT2cP22wRYxt8mTNKW
+ GzAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+ b2QxMC1ub2RlMYcECgpmFTANBgkqhkiG9w0BAQsFAAOCAQEAUOw+JO20NnN8RvAI
+ H6oiOQEGQU37vDCkSE0M1gWqm/MXY0d0kjL5nXQ5mFbwNquL1M/wzPm3HjDdlBQ+
+ LfN3AGDpHXpkUsznKqVFHdYz8gSA8MWIg+JWB5gJriykkZLndqfinqTkYF7gsa5g
+ 8sE0s3S7NaIrQhOSNC1AsZ3WhO0VxBDsXSDzm3lEPo1altUsMgnieaCi3OcFaCPs
+ cM7f9jEEelbY5j1YEbnc30AHYwlxs2GYTj6QxnNknCF7drt+CQIKeKcW/3ATc/Xh
+ xaC/B2+C90l/1Sc2fE71B8bVOk5TDnLA7jEc/f8HKAq1R7Qgs3m51lOAWUrQA/Ly
+ UwgQdQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUEII7MvDGMZ0KTZSIpAbPbMW6dU8wDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTIwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWc8mDp4C1z5UnF2EJaeUOar1gDrpY
+ NAKsI4aOUiMWdYOVeQ4ui5vzoTkVTjNPqupaix5UOaiXr32Nx73vAU0DelUyBr0O
+ 3fX/q0ivGQD7FqqErBIpRkAkk14qe8XLNC5yqAfb6jAb+Y05XaaNFULYN600F0G4
+ Ca7SFxoenCWCe3hmJKnbG0xTKPp9oqax3Q1kurAB0TRzxSQgmU/IPInvO6vPyv2R
+ 7O+vprKnGYcW2tdZ0JtKBQ1YIpxfJrHU9Le1+lkWCp+JiHaEipMxBZd+7nVBR7gq
+ n4N2gJ67C5vJuWA/RYcpvsWiBfj+CuQtNXItpo5svPyYIBMZS1LXFrrBAgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTB3mg0P0vfM+VX1n8U34fda+sH
+ 2DAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+ b2QxMC1ub2RlMocECgpmFjANBgkqhkiG9w0BAQsFAAOCAQEAHBcbm6PrvQGh/hxu
+ VZi4cadAJi+qQCd6AqKesy/4dRyce4pi+dHMYwPHmxAkY/egddyUnK4hLpBwT6fM
+ l6qx8mWJTWY/luLRXTT72tMm8M1J8IVdLmAicEq54O/Nw7pSzi85X1OdHvFlNPjI
+ R/CsGDpOd1wqlzALaDFntkhOO0pPrYq5xHf7BUCcmaSLSIPxzwLnS6VH0sWgTJyg
+ QPOmvKVp/keZXzUA2RcdA2/aThzVduWO5I902qQ7TgJPGGNfjlFBgbaWX5imwRVh
+ L4g6bL17b192xt9FccE/pmjl/ra3TQtFC7r9LKcsNSsu2XRvTqQLta2192OfEhHD
+ 9Hyvyw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUbt66tcCie2zOYsHlXxp6GlnTnbAwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTMwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvbZnKaJzZl6pITVwuX2oKmZQl9I/1
+ y0Vc4xnpbn0H5eVKS5Hl1XkPte7/Gm+pBlYpm/8Adp3fDEbO1uGnet6TsFLuAOIe
+ iFRbgH7NHf3+QTCwYmHR4IX+Keceubj0QE4qu6WF0BJJkuaLq/aW9BXzg2QVnQp0
+ bLlGJb1fQJRKwyM6bX3NFX/nMZNzXeiebhMdlSsMKcVgxRft2TA65ffFnMkubqjU
+ fe8be7S7kM09z53K7vUTSNfGOFXAandnnWqt+Rw5it5LBpkZ4Kf9Wjg0bco/3B5S
+ LO3uT0nIRlEM/FjxdtxR5ehNHZnutENEHU9LrNSPe4if7Bn2Mu/9wOrrAgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSGdK2bmMlbaM/YV4Jyv3ROslkF
+ YTAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+ b2QxMC1ub2RlM4cECgpmFzANBgkqhkiG9w0BAQsFAAOCAQEAdS2rAtqpgiz4Aj77
+ NxhXZqZPdStyeQnQ2jAnnFXS93Kmdt7y5eCsoN9ij+wOqHHzxR+IlB7CkC2bgrm5
+ k8yVB1tWpWC+7ePyuw5dRVApxypZ9nghecmu6bXdTPltZrHEG/E3ohylFSjhJLNO
+ isiSBwQiK2FkRu1VKIC9L//jhf+Q3Z7szDl9pGfKzAGnFMhtBDZ6M09zAnM6kwkr
+ p25bJ4MEjCkNvTVzRVZLEensXQ/MfF71PVBZfsLMbi1uhT6JdtWXQk1hZQMXuPxn
+ MPyTJnTu8Q8HQWNOU7jGL1zywqfj2s49uZEH20nIcPJ4FY9u5ZyAuYmYRw9fhvNH
+ VcjxuQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node3
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUNn1tWrWhNwIi13l8vM+CRUGQYcUwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTQwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVgADSn5f32qiThjV17aPbHwucu0H+
+ ftF6bH1aGy2VjImhWUDodAur396xVl6XPxNPQGsGXlrX5kNTRdDydJCVJV0T3Irl
+ k+Ram28ZsQpTedNBqK3JM+RA3axLDzBVigTIANilrNfhI9wotIzTIrItEZoeMGOv
+ QEd1MesoCs7xl6vZqnoLfIffDrzZc3exur7dobt2hHQ4wpgZq6Ir43/sJ9skRo5q
+ KgJwhjM4+RjY85dMYKbn7kstU0ohT2+B9J9IIvD7idT2HuerxP++PyH7k3a6p5hk
+ XEmH65w3EY2g8a1zp0I7csmZEZ8v3e6x+XCTPDPp5LVnsq63QwBGnPZZAgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQxP0KuMS5rKOGy1DoVaA4Fu0fz
+ kjAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+ b2QxMC1ub2RlNIcECgpmGDANBgkqhkiG9w0BAQsFAAOCAQEAIRG9uublm+qeQ5Ig
+ xkjVHGyoenjp13iYeaYcDK+7s5zmsbzji/3Bc4tjrQA8mbDS62gLpsR0IRZ/KkVk
+ gI9L7uCKQ8n/xicaZisPTxs7WqZBfaaDSSyPn9mttPKsxitR6KnpxpDTZS+vqRSm
+ ncrYTP+6h1pmoNarRZLlMdISrCB2weuNFNhYyGUxGeeNukXtnMUWmn9LI7Cf8C76
+ Iqn8NqmFZ44Z+nsi+W+nFOrr7wubO8PbgIrt9iE4Z9EevqYLR1rpxDJZOpu3B0eZ
+ wRSNb2H8tx3Q18Zzcaa4OD3Lpf3TdwXawUEJL9rFoNxcTlEE4BBkxN4Q6s33Q10F
+ 8kSsVQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node4
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkDCCAnigAwIBAgIUDtJG6OzUZWIGHm16Wbow3uvuPA0wDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl
+ bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTUwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Ln82iQhbQiqGgVowLxQYvCZAC1Eo
+ DpoPfE5L8NssIohTJVp+QGG+fGXhumg9AE534pbj7FnCLjZfGDo1k8CL3ftra+LA
+ NDH993nwHANqoem7DgDdY1Fw8pzpyQU4St61AeoCdfvftzGwmjGaQ2g+920Dy3Bv
+ bTm/mnnZD1L/Su2OWSXq7TZtK/dzfu4B1FkNIxG/ZFWdIoAhpKHBVV0ID0WO7+gN
+ 1uhQQo2UY1kNbtjXyJds1yalH1/lNKh/MRae/agEWCiteAyE4AGO3hHqwAIIEvbc
+ aein0tAZEkNWsW1K2bz5v9mHsLT7tqOQ4JDPmEjn+h7KdqdvZR0YcLP3AgMBAAGj
+ gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ/qe1NOaAH/1trOjRCge/BmeGI
+ xTAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw
+ b2QxMC1ub2RlNIcECgpmGTANBgkqhkiG9w0BAQsFAAOCAQEAl7kdfxqLX1JFbW2w
+ 0pW0Mw3ZH0ZFrGbafAgeaajFFVBRhbYBirdYivtpbSRnS4ej0CTH2+FOZiujQ2El
+ 9Sx10/M1G+huXqfuJObJgS+ZfqEIaCA9Br5msvXMqNOFQ+7vKugxZRO3yUGRFGua
+ HmbZL10SDgGpVoPrkDlDvPa7VZ5X0YmrDFycXMvIwkfcEEBW/+yejsqJP5hohc8S
+ If0pzD4BRbcVRwn1dUg9V1NrUioph2LUxme0KNKPAc34Bzuc3Of8k8lf6Io3qdSQ
+ i9tKsgPF7gVbY7KtPsWbCGsF0/cqQktDnHvCcYVuXrlBFroneUNVQzsa0QclcdYp
+ WEXAkA==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node5
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDVzCCAj+gAwIBAgIUCTl3ZdVKIsJO4PAhIrcu+nf8crEwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCAxHjAcBgNVBAMTFXN5c3Rl
+ bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ AKssrd7LwuamKrzdV113nojOL/Q7tnQTyZUnx+MAYm2/lhKTEG53CsP8YSn0TiNn
+ 2pwZCPqln+Lsa80+3Pid8bpERZXODpIpaj9SToKr2NIsbL0+8loaCkGqx/NG3imK
+ 7YyZKlpOqJpGEpuQVuQEN1xcbLV49FtbY2YtSskfz0TpFaGQdwVgplHzDA8cvrZ5
+ bQY30zHaun/+fNTRMrPXn3Ufd4+FRM9J/ZPmM9ljq3RxYdGGeqEZqf++BjiDx7sG
+ 4fFKTjgz9+rHkTdzefoAUbZLQbFCe6lceb520IF+za9Y5e4kDWoXgCq9sb/zdKD/
+ KLKhrKDbou9+LfM7APyeXicCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
+ JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+ BBRI7fcRT6Sx7NhiMw0M5koeoX94dTAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8
+ FtrinOnDhDANBgkqhkiG9w0BAQsFAAOCAQEAKYB/2XnusXh0cF0D6JJhh3lVK/s+
+ hy1hrrtz4yFF0YCMtqC+tRO3H0kjlHVwIAvoSVSbemNA9u/F/Dao1sPEiWEHc9cV
+ sFiJoG2t+PyiODrY8iHKyVXTBdJ5quwwA1c0dpuMhk2R7T0aXQcZqZ7eeYTWXDoc
+ AtFquwY1z345wgviC4SGUyB38isQRK25QH3jR351KHgB4EJhBlksga6xl9IpI/Qr
+ 6+CdYX5FunW8hJ82YEqR/7c3O0VHPIGrKNRhRDdogX6NJ2hAdMeJcDFig3T0s8yW
+ DUe8RPMdozo5tDNtaaSALlJR2w8u2XUfFGRkmXaMreBP9gkqaSmYFNQH1Q==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: scheduler
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDYDCCAkigAwIBAgIURKIFNGDT+hLdQCde9Mg9Z7q0MxkwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCkxJzAlBgNVBAMTHnN5c3Rl
+ bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ ADCCAQoCggEBAPNHbnKDsWomx308B5xDo/eNK7Gs/CCe5efhP8qTe6xgWJcTFCfd
+ mkX69A8nEja4tvfGeCU/p00+A2C7mQFPYlyS6zw8/1Mq8gH/NMdIQd9OmS3VosAF
+ R7IdZolVQTtMLsEz/IejLwJQCCcN9gHmYUsX8J4xMftaN2fqUn15JsaOWIfHl/3Y
+ Uz14ih2i2HZ72xye6mpqCuSuTBUz0C/gr8X41cd/CU4L0ECvKMobxs5g8o6ZvjhQ
+ 4yDMfPNUh59eHlEFy9vXRyHwPNtYt92GIJ7e5+tuMGEvffaTJGZ0gmnuu5g7tQY/
+ TV5df6EUkV3ciq8EN59MVhLVAhAYWjVVQ+ECAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+ AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+ MB0GA1UdDgQWBBSauMISeLsycyvW2xr2A3eZJlN3izAfBgNVHSMEGDAWgBR70SVx
+ O0VZs5uQBJZ8FtrinOnDhDANBgkqhkiG9w0BAQsFAAOCAQEAzBqjE2TU9oAxJwzN
+ k+JHS1SwlAwC/5FAAD0SB8gEf51Ebl7dvV7MAyORMCn3jnUAl40s/VtmS0AQVp9+
+ O7OoSaNig0moBpkqAcvvwy2aXatlRGrRh9Au0Hn0Gqtoc2xSaYkJq/nCRVD7Ed8d
+ Acc8bi8GvGBfWAZSZe/1aYCbIX/hxcPE5jCmQINpZfxKLrg/UBqRASenIoucrytO
+ LULwLT/qDww8YsaCXFmT7X7jBh1LpgxZKA17K5sKrZAXNqGAR9kQ2VgVRGtpgXJF
+ CQJCQTrt7zTB197JEKUuGHbAr9EYWU/224QDJ3c8D7gKvMHcPBjrGHYQHGZCHQSv
+ gqA+kQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: controller-manager
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDYDCCAkigAwIBAgIUBcujHyne30Pg1L92sIdDfXKeVnUwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCkxFzAVBgNVBAoTDnN5c3Rl
+ bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ ADCCAQoCggEBALQVzTxmTMFGFGbZK58l2QvdOhTeVvw5JMbrTO0chawPmvbWyw3H
+ LyAi52lfE9TgN5pAW5kW2fKkdDC0FsWeqvT5xHUomQFktQ3dV0Bg1tWaSHvuG1t0
+ wZshHAczE9te/wtTzj8dtYtewHmzswRunOlFqZQVYOXQxCObA/gfuWJ9EAJ6Wnd7
+ qHYtBoo4tFHUNahp4pQsMKUel6ORp84C4ZsHzv2foIojXwUvNbL5A5VVcjYk+KZg
+ Bsr21j0OG87QwCFn98LzRjQOv/MELTO8J1zb++zonH4fJCrG5CdJ5APmO5RpD0in
+ bJ6qNGd2cI1hgUYlvib8ADWsmUzTdYNpkBkCAwEAAaN/MH0wDgYDVR0PAQH/BAQD
+ AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+ MB0GA1UdDgQWBBTJItDFrppdwDLNMaVcb3CRb5XAeDAfBgNVHSMEGDAWgBR70SVx
+ O0VZs5uQBJZ8FtrinOnDhDANBgkqhkiG9w0BAQsFAAOCAQEAAAED+AsZhAlZtnq9
+ GL9kWoX7ywFfGaQtH/JqZOEFbLtlWKViGsx2UiRE3vSyzVQi1Pa4dwqqu1w8mSHW
+ +sTDVSuha9Cceo7/Oqxvyw0N7sKv/COzizaayv9WNiAaxE64LJMlMikKl+dmsJUL
+ KUQrKW8oryafN3K6gwsKKamSc3oRxLopXuoxJ9kirTnC9jLTgVIMD3B9hKexKKCv
+ oXJVE21ebVsb8LbIG2jWQqigVKqXAQ7x0pKzDW/7WHsRrDTdlZXSFTe/HAJYwknW
+ urgvnRdgPXPyzpraYObL+SWwoz4SKmz8eyMjPpWtNAYA7HbnWOtjScW4RJZzZCUw
+ Wbq+Mg==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: admin
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDYTCCAkmgAwIBAgIUdVEU1C64lfj6ivzvIITcF4E4/SkwDQYJKoZIhvcNAQEL
+ BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe
+ Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCoxFzAVBgNVBAoTDnN5c3Rl
+ bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQD36hk0C5V6NHwTZIGBkygpr9WwHpd0ppv3r14Kh5du0HyQ4BnN
+ yxP5PJ6vj3NlA6SfbGqNk2O9e/KaA0HyZZeaTQChdc4IoUcV5AsVgItlAozkPQKX
+ FTbA1ZeAglKGHY5pt3RRnam8mJcKk/aq+k07xA7eXBk6+6S9DhWOfZpffKnEgXaK
+ EBJeRKdqp8AJl84HLKqhCdkFNxbszy5CKi+TsZhZGIKXFSShbPGVjCI4KOt7adDR
+ enp0O7VyjEi6/09Lzr73Ge8fqBWskAcX4DrJJ/ug4o9B6TwWigXY1CrWixzzGJN3
+ M9VtQfkkgBnKZQP4HrnteEP8Ed3Bl0ztnonhAgMBAAGjfzB9MA4GA1UdDwEB/wQE
+ AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
+ ADAdBgNVHQ4EFgQUAc7WIsQjqd65vvN3nZGghhFa1hMwHwYDVR0jBBgwFoAUe9El
+ cTtFWbObkASWfBba4pzpw4QwDQYJKoZIhvcNAQELBQADggEBAKVApC4Z0BcGyGZ7
+ leD7nfzBaPHq95L7uWLBK6HGa27ySYGDLMHU7bp5oe7OLhjtAcZxLLmyjFYIOlS1
+ g+iQktbNlN0d3V1r/HeChqBitFtMrqhVEPcOuxj5PAvOHHEGJ9a0k39Evqwad2/r
+ 7bItvNGuOa0ehod1nSVHuMDZelEmQE4nwQwP7YTXapQODAA4AY7ZfbbFis0ZqS83
+ rwiqIKjq+/xxh6fq50cQ97mMnfcIyoLO+eeWOi0k/n5PWWX4s1r4tYojeKMSUqnp
+ +rDc4JaA9bqp93rYDIdgzX2Pl0lrq+rNtHsQ86mrlyJyEg6bLKVq5oix0cOwc+9u
+ hNYttho=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: armada
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDUDCCAjigAwIBAgIUPkC++mJRMu/V+FuXB9nQytpI/UEwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowFDESMBAGA1UEAxMJ
+ YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVG2vk2H
+ rfw0j61+zm+3BYqhEwvuo+x9mrS0N/bevmGv77KeV3dQrZIZ1I/uQNUO6lrA+QNk
+ Lmytgq82c8ynqUYRBScxVUKk8Qog1vppqYkSLAhNClMr67ctP67Qtu2nCU41nO6o
+ 1FP7H0SyOyZWBzq2k4ltdcb7A5qBiOhTnRqYo0xFxRPuytrEo1W+nrkzNmmfYD57
+ Dip3hg9ezSUyhBpEGv1mkPCVripSNVrceBboRH0WbMgZ+Sv2sElfDpIA1IJpzPn3
+ BNNgnqkZmt9z5JiXQckV5dvf97ITL6spsccCoJLOaimJ/vNLEK/ZDJWu/h3X861B
+ QMdL5YLg/OVVmwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
+ KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFF9nQw6N
+ Rfke5rjfyJGMDsHEQ8byMB8GA1UdIwQYMBaAFB1GizEP4y1W3lBQmLWrGjKBOIV6
+ MA0GCSqGSIb3DQEBCwUAA4IBAQBLDihLu77b2e+3L81ngW87czG+GkXfe4oFIpE1
+ dYy/nIS2YsH9FLKBFzFZIWbM27uixqqX3oJWJeCtLAZ4n71D3QfZ4n1710S9QBdL
+ 7/UFVaRRzItd+r6EBdNmBqFYeccrxos+YGmT2SrAbr9FSFPmrg4SF8pcTIeiQghS
+ wKivz29hksJWJft/l837v+NZcYEXO9zYPWOGnG96QGayJ8OldzMU85kYmOdXhuIT
+ /mHiIlfzeFQBG4Zh5C4R55LfuSBPpA/FJiCIgvrL6KeeHCXE7KjWw69BMq4yEiDB
+ Zn1U0HxWHYUtoTCM3X3fNoZ51j8gYA83blImLoHGhdb70/nG
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDTTCCAjWgAwIBAgIUY+qFJRXo2kmhARyR8joalXToknwwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowETEPMA0GA1UEAxMG
+ YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DP2rGbvI5pG
+ /ILMScRlFWlZ33v0YIv8X1AugHItpCyykSSug5EW66o5n+JPwEbtJVVYR/FvN0OM
+ 9uFcU7ZHWTGpX6qfv4icr9GW74fPyS3SZMDejvC23gmGodh7N7k8Aq0rFHNzK8B7
+ ZA5cl9ecCs9kkJdSHuKh4DeSZupQvjBaOdCyrvSkQ94Y1ABKxm9/ufKc4uAyIyLO
+ vLxoxpYvS1CWJhYOTqr910GTIULDp6CtUG/gJvFjafCLwwLgo5WbidLZoNudwhx4
+ hgv/ZZjx1GaUGFHxKucqV20GTRNrYSwUwxEOWV8TGwSFAPvZ8E0TugwgxrEdidHW
+ +9rxTyL1+QIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+ BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7XhiJEpDFW
+ Quji0xB3GhhTwqHUMB8GA1UdIwQYMBaAFB1GizEP4y1W3lBQmLWrGjKBOIV6MA0G
+ CSqGSIb3DQEBCwUAA4IBAQBNJLqDCv/zi+Uiwx2xThKd0Z0gWzZGXDw3HcZccrg5
+ sWtIoIFv14qbIa7yPqiD0JcDcpEtWNtHJpJ30ZLEnpM3mo5KVTU8bI9Z3i9DEVis
+ PWrdT4rQOiMs02a1hXse0u+GgC4VX1g9OUQ38RkAXMFp9yUBzpYviX64TFiU6U2F
+ IeNrxqHL2YAqP8m6mJgBRL6BIyRLBOsaXUziBRRZwqrQdIX5oxxwJamZMmTLrG6W
+ cz4s9vHgcpq9NNHE9azRI5sC1QnhJnQXU1w3J13pBB8TZI1PPdiPshtaWE97CVYH
+ QeMb++iM3hpG9tOkIRTjC9PWPbh9gvVEd7iGUIA49c7z
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDxDCCAqygAwIBAgIUUpBa3I4qjirh/2H95xwmUj2I28MwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowIjEgMB4GA1UEAxMX
+ a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ ggEKAoIBAQDc91dCGInlH79UmOHsW+1+/gP6Ug+KoYl0bZHJAHQk0jY4Xq5nSCMC
+ PZH2C6Pev9ItfrtTJ5Nd4BbUg+XG+3JklJ9hckW6dMKkdS0ecKnO+wyEWkPar3Mt
+ vfIc2aJq8LfWDmaiDsVSjH1c9o+8mub1m+iwE2t124asQTpGiRJs5tcLaDTyzieN
+ rArkGxKeCwGbgy5JT7ny3lnc257WtzZJCQbMrsCEoWRTOkb2/o4K5bvweVs1ZnDe
+ maFYr7bH2U79HChCbVEPPndvKecOSieo1JaP8U1HBVNqlyktofC2gq5kKBNXu97j
+ eAsWpAkuu4hEi164RjX0aqGun6Dnnc5pAgMBAAGjgeQwgeEwDgYDVR0PAQH/BAQD
+ AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
+ MB0GA1UdDgQWBBQOTCuwI4CKILuPp+fH14jfTVYSfzAfBgNVHSMEGDAWgBQdRosx
+ D+MtVt5QUJi1qxoygTiFejBiBgNVHREEWzBZggtwb2QxMC1ub2RlMYIJbG9jYWxo
+ b3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9j
+ YWyHBAoKZhWHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEBAKKlTC48CNFE
+ B4zyhhX1Jz2ipF3KpW9bOa3bryUxcxZFUAl8eBudzdsIGoJ7LXDgoaum9sy8sIqf
+ uYCs7P3ndrESGkKrvkGLECi9i7cKa6a25Mo9+q1SoQ2nTlZ+dz8Sj9crrWWzxkX2
+ UoIdPKUVcOsFA70X31KBn0Cq2X/DCPsPr/qrCRnkDYG6Qr8xDxGl6kGe53M50YmA
+ tmOmoyuTOuFWMIX1tppyKJLqTbRhoU9CJrrXYqftrc/Izf5KSiDP56+PYdiH8Aii
+ CMF8ew4tfCFXBJi4lD/5iVJxt4ht9/5JMcgB8nm3vvnJX1SgsatwxacjVaSoniD+
+ QXVlXKf3Ymo=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDyDCCArCgAwIBAgIUJA2hPpbo0YEzmTtEy/vHc6SvZ6swDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowJjEkMCIGA1UEAxMb
+ a3ViZXJuZXRlcy1ldGNkLXBvZDEwLW5vZGUxMIIBIjANBgkqhkiG9w0BAQEFAAOC
+ AQ8AMIIBCgKCAQEAx5f4HlWaQXO3kmc/fa5C2T4uhCGnH4zyrmXDtU6A0KB8TqQ+
+ Uol3qVCNaaiZ6UQ78C5D8HKUyQiNul9lu2IeUDBn8TXaaZsiONSLsRZRzwQu5faV
+ 7S460Rd5/kFHQg6hDGHc7ao5zusFgD2BmW89GfANTtwvYqZrfhMbrmPzd1KZ2hun
+ gWTP9pdohClbSzSj+HkGzFI/YmLLGYtT5WBEbo0ly+Zv/dTKcx8wgYoGSDdjxsPq
+ 6ez1jULyWCAnie49FSZywClB5TnBHiGMS9ZBkWUkEt2Y3u/E9/lw2MZZn9qh9cur
+ /QC7QzxpLTeS8goa6WGkejSU4kFQEX7ypSGObwIDAQABo4HkMIHhMA4GA1UdDwEB
+ /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+ BAIwADAdBgNVHQ4EFgQUn1kykpRvV4TYuGPIPCF4yMxtjMwwHwYDVR0jBBgwFoAU
+ HUaLMQ/jLVbeUFCYtasaMoE4hXowYgYDVR0RBFswWYILcG9kMTAtbm9kZTGCCWxv
+ Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+ LmxvY2FshwQKCmYVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQA1F4X6
+ YQv6OlUQ3i0Z0/Q0mpQJig3CWNWNS+dZS6JFZcGTE05CrTUsESA6qv4kM1r3GHpg
+ 62BOtkQQOn0LEIyKNjIlakZx8CXvFfuupq76a3Hud1Z9WpTgXcuoCqipsULEIke8
+ 2AwNvjbQXhF2p23XGENhF/WjEDhbUcb4Gv3UKHIVH12WAvPZplBaVMF5eNENVv8s
+ Lo+kKUPVEDUwq6J54dXSINf42aWhrms7mapx4dWPL5a7BDMqmcWDfaQd2+8zZ+NW
+ MJees2lrvk0wBmYHFvTXjMLo/OyJ4ZeVbML6MqsPfd+lgmSNdGZap7E5npn+LHL+
+ OzKpW7cXcjOmWt+i
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDyDCCArCgAwIBAgIUOGgzLb4e2DZz84SYKnI72MS6yRwwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowJjEkMCIGA1UEAxMb
+ a3ViZXJuZXRlcy1ldGNkLXBvZDEwLW5vZGUyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+ AQ8AMIIBCgKCAQEA3tvAtpBBiu07O2qcjGuipY2GkfrSsrG3TJnYBSs+uIrDmBsy
+ K7JXwowvUhsnrxRrqZ0QhHsByLveD2gnNzApSKXRe+KdBRxCsd8HUHqiFn9wHCpb
+ mwKWSwUKz1ab+QgkWZKuH1cJxUK8zx/F7o4gh191glqAhKgXL9eTUj3c5SguyLay
+ 5TBIa0dOjfOc3kixUJ6TXSeJ0+lMjFzal8zgysT4GvjQs2wK9k9cPDobNwsKsW2Z
+ FQw+kO39cSyhdyvLvtk4RiyG/9zMVFn54NUhJAspzq+PnM07UJB7D6ZM0XkGjk/6
+ nqUgJlNo1kR4Zo+kpy4J/mUDmMjZZ1n1sfJ8wQIDAQABo4HkMIHhMA4GA1UdDwEB
+ /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+ BAIwADAdBgNVHQ4EFgQUYRrUlrcVBcu4EOLS2U3NFBSLNHkwHwYDVR0jBBgwFoAU
+ HUaLMQ/jLVbeUFCYtasaMoE4hXowYgYDVR0RBFswWYILcG9kMTAtbm9kZTKCCWxv
+ Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+ LmxvY2FshwQKCmYWhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQB4u8hL
+ x44Lmz/lHyvIOEKNrXXAKoYFRyZis01mVfvEWnPsgQ/i6/vt8AuZ2u6R57e8nnkc
+ tsa1EPYwmUQ0KSTwXkTkG5WD5bI7/haD2guSy7eWRaGz9LSHmXPhJMVeWpYJUyz7
+ eLbyuhNwW0gMHq+VnlM9kDfggX3TF2AZbM9YMgyeH5e6WHytjFzKQmMe7FoIyBGY
+ 141YuzZbXQLj3uSfZrCfk1BxySS1d//SN//kM0Ox0fIHeiUSAiAM/V5PwIzaIe1n
+ e0HXLi2uQRXXeRcqR05V/XQkoHwYyrARKED/2xWif77uMBHoNrdHC+2bKaG3lQk+
+ 2V9DoxOZ57myyrBH
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDyDCCArCgAwIBAgIUF4DiWQyndf/Q8HgoSC4bf++sh4IwDQYJKoZIhvcNAQEL
+ BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l
+ dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowJjEkMCIGA1UEAxMb
+ a3ViZXJuZXRlcy1ldGNkLXBvZDEwLW5vZGUzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+ AQ8AMIIBCgKCAQEAylRr2g9O+zU99x4MBWLjWLf38Vrwjh+fdTGDpnx3Tw5jTWS8
+ RwAzzdDkIQ4GG8q9wiAw5usElaUVs2wre5+/XBdmT6/h8vN4SMT7QHkKdE1cEpoh
+ jxLMeDkahxcThoWVlwNj4vpAlm82pp6e23bZlEpDeqy6jOCQHH3Md7RRw9Ubkcrd
+ QnaEl6cZ4IBLMky5Q9G9wRYEAJF0ffXTmK+3UD85fGxROTiLSrUc+o1JrwaL4QLi
+ q2jbA2v9hvURQtV5WTKvH1b2zbjP0FxK4GJreNVdeW7qWS/BV06NugyqKWp+6niR
+ 19JK1n4B8jqmuhFYSHjx3UMMJN5HNRPDJW1cFQIDAQABo4HkMIHhMA4GA1UdDwEB
+ /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
+ BAIwADAdBgNVHQ4EFgQUsSfyEGwiJjZvb9gE20kGgP5DjP4wHwYDVR0jBBgwFoAU
+ HUaLMQ/jLVbeUFCYtasaMoE4hXowYgYDVR0RBFswWYILcG9kMTAtbm9kZTOCCWxv
+ Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy
+ LmxvY2FshwQKCmYXhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQB31yuz
+ qVEC7Idh6wa68xC45tUeZaU4jMbqPY9zGaOlMl7RNMSqZluSsn/CmY7Iy7Jw/DOT
+ sxXWY8xN6IVKmsU/lhzmwEQneyRpxaCXa29hKp+ZDYhgUm7iC6LFYodl8xTs+g0E
+ SyFCXijs0Z/nhq3rp0q+k1pH4rroHy/Mx32hAsVLfh26ZDAHmwwnT8Fe/NHJfz68
+ HJ+Iv9Jbzqo3m+XB35y/o/fN2gUeyRkuQOs4wCItKn41E89HIR8WJ3HvBBjm1MLx
+ VIi4wmEPBhLXB6HGEHfOgSfyGXDzXv3/HYLMPRQRbAxdCFfe9E3UxYV0U+ZErtgq
+ DpL4g2ploCmjEElR
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node3
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDzjCCAragAwIBAgIUCqK8rbRNnED8bIclYLhk7pTurjMwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAnMSUwIwYD
+ VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEA9Qq5Oz3BmRI4kmkFHIZoLbkf4/wF3RkiDWpYUAqa
+ ggvaXan1OHLcCoFnw5v6Pjtf8U4p0n5FAUOdRA7U4ICym2poVG2UCjsySCNjSmL0
+ DjpVn9Dj88LjQ6OTUiQlSg+wzsMIhuakD6o1Gf1UZ/F+FxtU/TMMjtKOSJD4Rpyz
+ c0hNvBWi29+qt6lF6pBuxRE2WVr9t0wnzp+qL/Ng3R2VXu9q9EVBRoUjwJpmcvkC
+ FS+b5va7ZsvPwAQ6gO7oXOGtQE9YqRLAu7KasnHhqw+NmrJCumPW84q3ddG1M9DY
+ vU7LNHyF7FHsMkEy/1PIWg7Edp58fny7dCzm2zZklyE5/wIDAQABo4HkMIHhMA4G
+ A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
+ VR0TAQH/BAIwADAdBgNVHQ4EFgQU6vDh3UHnTaExJmPKeTy8lF4Gfg0wHwYDVR0j
+ BBgwFoAUVap5p5w5BZcF6a/rnY/SmtLKL20wYgYDVR0RBFswWYILcG9kMTAtbm9k
+ ZTGCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5j
+ bHVzdGVyLmxvY2FshwQKCmYVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IB
+ AQBIE0LN5HH59d/iSKoF9J3Pt+qxkeYH5pa+b3JnD8WY5RDiHO7jFeABD+5HJ+5U
+ 1tiwU14WwjjI/FYwnpw1jK0dN6mzrd1yYv2KFOtv6JjGwq47qe402jUDZg7IBb2v
+ bcjEKjt/alJ9L9L4k2b6o8piopIkYaaUtcNZV4kU2jjnFNPf7vabqoi+Iw9JKFfy
+ 2vMCyrqwiXMmPun7Prt7eOkv3mDAuWqciiXTSqVDg2KZH/7Dw31pkXsdSRLWRKH5
+ 22jBwdJQXJVvnK8zN325CTS1bJ1+/prE2Yc9eO2GMMm+NXyX1RrZqPHs5o7n7NM4
+ w9/okm+nZlnQfCagnD3vteO+
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0jCCArqgAwIBAgIUMd3JiDWI722+AW/USFb9EaloddYwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjArMSkwJwYD
+ VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTAtbm9kZTEtcGVlcjCCASIwDQYJKoZI
+ hvcNAQEBBQADggEPADCCAQoCggEBAOJ+qXuoVt+sxYtGXLdRwvxJ290XT3+ZEmVQ
+ yJYzm9XrJmT62YHjBaRRxto+GDpCaxlgnuGIi7pv200AX/yupPKmKOKl8o4jwydF
+ DILPDROWGY3M8D5mR+wSrrvaJu94b5sVtNLtowxx3/mX/L1snauMDbNv0cc/S+O+
+ rm9OfivexBmLGOx4wLQNSnx54Q58Nj4/57JiaOCJTUszNILGFkWa9+4WkwpSCvmL
+ myLEFfOqxl9Jv+kYeY/OWuwPDmRbuNC7cC8YOeSAz6asas1ich55eMG2ElnWzu2Q
+ insRokpTIyG5PNjWu2MLxOnnVk5AzA5TGfWp0YDIdvun6OvteaMCAwEAAaOB5DCB
+ 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+ MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHLcpNrMF/rvKOuEkFnzsG9cNYYfMB8G
+ A1UdIwQYMBaAFFWqeaecOQWXBemv652P0prSyi9tMGIGA1UdEQRbMFmCC3BvZDEw
+ LW5vZGUxgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+ dmMuY2x1c3Rlci5sb2NhbIcECgpmFYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+ AAOCAQEAv913Pc6RiKTNUCXxb2t0Ybz6Yv/ABy/VOumHsVghR1ePXN76mn3FV5vk
+ 1OgiCXmzISzuFMXpoVVgBcDD1N4/LP5gJCMls84aRYXolllRgz6tkqqq4J9gRl6M
+ 2xtnXaPJRWckX2U83JtnHJlpnaCkGV+90O/WNAETJYFCSricr2rl6M65cBbaG8Sv
+ bn8XuD/S+RaSTNmTet3Cuyqq5d/8IdepjjvHc9h0tV1j+8+z/4u6JgRc3y5k8VVf
+ nQ3LN7TmI84C/J+S9mJm8dBk4EDroZvkdWGK99LRtC6m+2HBkGrtT8p5Fd+cN7BS
+ cr1M/wQ+7OucyGKPZPYjErLxznHebQ==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node1-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0jCCArqgAwIBAgIUV0amgQbImMxceXp2j6lBOC63Wz0wDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjArMSkwJwYD
+ VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTAtbm9kZTItcGVlcjCCASIwDQYJKoZI
+ hvcNAQEBBQADggEPADCCAQoCggEBALwgAWkPBRg9YKE/lSldqkDWta1I0SsYWyZ4
+ Cfe2kN9jMzNCatoXYfA/3gzh1+gDlLgEpNaKiuau20jiKGXhd0qq062qYUaTmtV1
+ 2t+ZH9nw9QtRhqNlXsONR8x0B7dPl/uLhb9+XEuj4FB4lt5opvaUR7hEMSAJPXmJ
+ 7QxrRYRLOB2aWBsQ2V66/mwfAm2AomrYf5+U51ixJ+7Okt8dvWwogZNZnc6hYlOZ
+ 1byCH2cscF/3yojLZIEk8fcce1CF/YXFyOWA0SlDZKEXeLgbdgzNBrjFMIswvAGl
+ pgpvF7m6YsIbKjfwILMq7cc+rMMl6ZM9syTsI/LrniS7i304GkkCAwEAAaOB5DCB
+ 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+ MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFC8x/+GIJopTZIcbI9SY2Ktfdj2jMB8G
+ A1UdIwQYMBaAFFWqeaecOQWXBemv652P0prSyi9tMGIGA1UdEQRbMFmCC3BvZDEw
+ LW5vZGUygglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+ dmMuY2x1c3Rlci5sb2NhbIcECgpmFocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+ AAOCAQEAiDqZ3mRkqWA9GVaIWEp+ae7gbDY2XUpnPF6CvaBg3LjlZS2rh54ALCyO
+ OKuiYP9TVdJJpmlXv12ImZZGAQYtp36jRmbQeWL7rWyFug35iu2sn6086xAVMD4/
+ jFroFNK+o2k5RMPhLPvbZxUOXtRBxW12ARAZABdjZKUIVKPvNhYSUkliDRuzool8
+ /jAky4H/2DftT7OgaHoLHSi7ixjgiOkDpnE9TM7ReN1Pb4qS0boVlnZPtnv4DnnN
+ DJr4mtZmVWLZYNhOh3jtCZYdN+nIv/t0zeleUIuqFb/iVFWcUr7a2oZ5TQjl5o0o
+ 1Ou1m0mQAoCMpTq6f0SI2ZW3Jiq19g==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node2-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID0jCCArqgAwIBAgIUJ1SC1Sayet9jm6JuYgkfeIaHPXMwDQYJKoZIhvcNAQEL
+ BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l
+ dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjArMSkwJwYD
+ VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTAtbm9kZTMtcGVlcjCCASIwDQYJKoZI
+ hvcNAQEBBQADggEPADCCAQoCggEBAM4M13fN2oj1tKWMQumtHx3LRlQiBQJIFwLx
+ S9GGDJaAyV4ZEWWJDkNhXFcbjd+vOpSbpJH8PJimdFPqI29StyewUlNBvhmmIOjj
+ u/bVkQmdDn4tW6aci+bs0s/X7aoFRn6D16KWeH4bDKJG0WdYCj6uOBQIXus2RRu+
+ mUoD1rX6ojvGwT7KExLMJXCvoKNL3089GxqfKYNFUV8UqhanHaDuK/UFhf5eaL4D
+ kVAY5/V1en9TsvSYH2B/2DJ937kMApRjRlahzEQKkm84jpC0ebqVJCTGaS7gP+Yu
+ pBD4yuqZLYfRFnNUXp+3onpYr7Y242ZaNoVxEVi42i/7WYBff6UCAwEAAaOB5DCB
+ 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+ MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNeKsmFcTFXYLZauQcodS/QPn+3FMB8G
+ A1UdIwQYMBaAFFWqeaecOQWXBemv652P0prSyi9tMGIGA1UdEQRbMFmCC3BvZDEw
+ LW5vZGUzgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z
+ dmMuY2x1c3Rlci5sb2NhbIcECgpmF4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF
+ AAOCAQEAnj62SHgtxrqrZiuQmbtanbgEB7UPULZySZNljs+8oVL1ctfu97RfXC4M
+ D8r++wEz6W3tapL/KFSKHV7K+0R2U9q2pQp6trYlxGThJmcjObYtRwDTIwyFznN/
+ IPgqgW/nDuZhd6jIfQiuujxc/zF1VhydA9t0swC+eAH1FPKJTdc764nT96GcJi9u
+ woGndhygBof+rvPjifsVp30GE0Oc/MfjwsyDe94t36zSlokWf6FHbzGplLpIAsJA
+ vfbS8XQJYhpDj/5A6NRThRgdm/YuP+qIqxbARS1qbJh1N8DUaamqMX5kgijOm4C6
+ wvg3z7CiiDfHxBiL2B6hQ0FFjV9RWw==
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node3-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDSTCCAjGgAwIBAgIUDqvS+J3DONi9XCRrzdHofiHMij8wDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjARMQ8wDQYDVQQDEwZhbmNo
+ b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG1/aDpS5pQF9f9bk+
+ olKiSH7c/l1/YPC0QRLRrXNb4t5LH5svo9Pt2VUNGOMLqBUDEWVjYavg6SWmovLr
+ 5WPgyK6kslOHFxbBUtsJbFOvtst7uk2+RQQVKZYDQe51lJ96KOKv+/deV5N9Xlk9
+ fH/Q5d13nbcP1wn5e43UT0WcwdkagnnEgHPxj0+aeTomLR1Oe4Hok28/ibSnlQHP
+ GCksZBIRwktBBNuzbf+hbO2DJzwSkGK1S5yFKmY/zskX+yWnYTNsM5MpW//eK7Lf
+ krWmW7KM2WWQbXdYHhFHsx2oec+OfEHTYA6lezoKu3JvEgYwfDrbk69BzER5aKeM
+ RkunAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+ AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUpOuUxnxLW8TRhYF0
+ VVfMWkLhs24wHwYDVR0jBBgwFoAUqj8aklmTCPGwjxBU2GnYEHYUrVwwDQYJKoZI
+ hvcNAQELBQADggEBAA8jL0G7wYz2B3xY5DHIZZVnbGwxqF6MKr8ua1bYs/8CCyhG
+ rdiiAOGjs/Fm4T5giPpwreMsI7khnl/l1po5uaKHpCEE+WYSSa5+wi37cDz2rLqc
+ kmY5RVOHQqYngcR/dB8lghvYXXKdTxJhIHtKLRRsDtEtJmmXMyQU3kpEadSVr12J
+ nNI8qFnpUMYnelvnrUYXnFQj5si2O8am/PswMuQYyvGB4bcRf+CizITL9A8aFCYO
+ 8LFoV2DX6GFQhF/6SsR1ZGEeIVLvHNvClvyBv0r8hrwwoHw+MHE4ZqMs1qwR6zWf
+ IM+zdeSIE8L4NewgTsDIYjm21KWnXxSWdN+eBa8=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkTCCAnmgAwIBAgIUWTP7KBAIEqpE1HXxAuxdi9v5mmQwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAiMSAwHgYDVQQDExdjYWxp
+ Y28tZXRjZC1wb2QxMC1ub2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBALo9lW4d/QSYC8UHr4Aj26OAETW9fb2g/PYQ+9RLo0aHXE5xv/lAC333BQrQ
+ ntsZcAX2nV6VUj0dIYf9KJ6ILlxfl4LqJcHla3HnCsCdw5EojKHghYgOLOcUUK3u
+ vugXoqf+qCjTuw/eXi6yxrshkz3iVonyD0SYi4HHMbz4hF3+V70L67Ecyo2N8/Jb
+ DD/xd0Fi8YaY3qCE79tEqVhn11u4Hl5KyUG6BRokGAvSmr5p6fyXCY8TxYoIUSPQ
+ 7/8GZHpxda1M/DdeMMzwGWAXbMCclJbNH/xca2BR7gAnyR5hoFGabLrDDjMzILnQ
+ w1R7nLjLdeimC5rGSr/0kEf1QssCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+ HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+ VR0OBBYEFFrEyajxD7rMLNbSnDPBb7z5rVEAMB8GA1UdIwQYMBaAFKo/GpJZkwjx
+ sI8QVNhp2BB2FK1cMDMGA1UdEQQsMCqCC3BvZDEwLW5vZGUxgglsb2NhbGhvc3SH
+ BAoKZhWHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBACQi2nq0OqjiLuBp
+ ooBrpCHf6BIKGsfuMxFyCUS0NkM3aiTghBUQJeHmknbA/UKqbogFb46la+lz0Mku
+ 7ZSQaYoApxFc/VFLEiMzBgC+f24ihlWcQ9U0r1y2Frw2dyCVstN5oBhluRFWJEk1
+ FBB4R3D94C5+ROVI5W9KOCNoIDj3BfJMh1eQ8dowwjjZxJvskgOi+dA/x22GXJuu
+ dgBn1Y5S7RVJLFvvHX+p3BU7mzQP2G85EU6BRMMwBot7K7ab0noG1M/fqInrT2rk
+ GPMhGiv0VzB5GBwr/nS2GYvIVHvMVVNrXflKHaJLU24I0U4M93Y2NHD71FSzA5oC
+ QGc/aOA=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkTCCAnmgAwIBAgIUUglgv2X0gCKMQ5HQ7/CWxForGzswDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAiMSAwHgYDVQQDExdjYWxp
+ Y28tZXRjZC1wb2QxMC1ub2RlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBAOKJqlpcr2mO2CUHCXokm0TKnvYlt+4AKAsunYFbcrnOTARWg9i/GdWSQ/r6
+ N4/CdChq5kcjP3Brhf9eX96bqQ04sOa4whs7jnJWcZxNNA6I0cXMjUDWkHuLQUvU
+ M06R2vsAGXnvOUYu9+m0Zk3ORI6qyP8uaaLfbaJaf9/skCGXjQeAl7JqBPH3yoa4
+ iPf5qY1T7t9AxdQGrJplTEmVERyILBHm6owQwTdiyuFyn5LPW4jf1NPr4S0KwJ5n
+ xPdpQxnFEszqdI0qJyfSxslFU8oN9mKXqEbYhSjYV0NCQUIpOC/u2t1sH5Vuq5Ok
+ uXEYplqVpSt6bYMk1sXpU2fPzdUCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+ HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+ VR0OBBYEFLMgGkKlgS4a6QmZ5llbTZ6VGsa2MB8GA1UdIwQYMBaAFKo/GpJZkwjx
+ sI8QVNhp2BB2FK1cMDMGA1UdEQQsMCqCC3BvZDEwLW5vZGUygglsb2NhbGhvc3SH
+ BAoKZhaHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAFtsllXKD/IgVDhl
+ 8MU355y8SrYyH3aWG57ihza3DJc2Z0YdTGW//iCM1GplROZl+dcI6C1thtuEU44d
+ uNLMscnkk3pPiOxLRkzbAJKYrPX3QFLPvFjYqCJZlb5HMKpMX9X6WuG2lSTSexTZ
+ 6I9K7vsZW33MC/9r19kbyUdjUtDKWZwDxeQSlJ7Mz/OTEDwXPWVjVzk3V9IIbLuq
+ cve6BPVvyFF5APDl5Q7KaZZpRRAyRbI5wgslmgtWKsA8L5rZrl+Ncajj50x15Rjc
+ YYRhJWRRR7p3OkDF0h5DBB25w0pR6LtJOR2whGNwC6U9QbwWxRktd3C/gX3gYwl7
+ pfoR2Vk=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDkTCCAnmgAwIBAgIURMN4JfeDfqua+8kFaFcs4C0IKwUwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAiMSAwHgYDVQQDExdjYWxp
+ Y28tZXRjZC1wb2QxMC1ub2RlMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBALwIJ8y/31e7tk1FfWUshWRMSKvdJQDv6kUDlGpm/pCtu1w+cov4ci5JTXe5
+ qwrwMkzIisjwOqYMJEZ1hBAJ/+1YxcePMuUGZbxFaG7NeSk9h9mPmCXKn8pwejR+
+ siICGbDO6KflwRkNnrMvyYg8JWIlqe4wQ8RbC3TtIkZlj6Uyb6muhb5BhXzpDrjo
+ cI+TZADfdYn3dYAqgozd37TlMBfGDBToJX1U6w0m2mLzj5GMxyQzOYLqLezB3vJQ
+ wdzrDFl9XUZ3ZaGQ8Vw9is42osLuKNQSBnTxzbP9cCmO8K1xdsDLqLWOYR6JauIw
+ nhgVXXiG/yor47WHwYQUPhvsceECAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw
+ HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+ VR0OBBYEFD8Q5S9CdHXw278L6X10EVQSUK9uMB8GA1UdIwQYMBaAFKo/GpJZkwjx
+ sI8QVNhp2BB2FK1cMDMGA1UdEQQsMCqCC3BvZDEwLW5vZGUzgglsb2NhbGhvc3SH
+ BAoKZheHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBABPV3yFn2rWNsWsO
+ hC76deReIoSK6wdRgu8/txq1lHLjmnqbNWkdjhH7Y/JEFX5H8CBDX6zsu7aobEC5
+ tT6j/pcYFrpcdCF1vmfYvJ4+TFhOxsebtWvQa+08U37EXYKLVsDgFXj8h+/gvNqe
+ 9oM3Ak6QQEVIDXZPi/Q3M0SQqKvgTi/nxxbZcLNu7freLnC4zuDMNaOS2CsH1dx7
+ NjQe8wKTafD5SCgDL/rwoJ6C+uHfuLsexJ/ZfkmO7HuHM8hjhVpnB4XXtL5R3tvT
+ bDVocpVaDtmPqYAH73n36KLyEuppWU4H2Z4HXzOgJ6APQpQM1t+Ge9DcOO/XRXyO
+ wKVpvtU=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node3
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDTzCCAjegAwIBAgIUFQ7v5fmB/wdoO29od0eBq+uM1yMwDQYJKoZIhvcNAQEL
+ BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw
+ HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAXMRUwEwYDVQQDEwxjYWxj
+ aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTN/w6HQGi
+ ZFcAvPPZRoYMhMu4Pcks7j9zmuYYpoKRRft+AYOUZfhlgkIvwv7+Zp4RQp3zj2u2
+ KHYGXKOUSCfeZtLf//wgDZtv9XQf61vwB2c49kbBKGsdBl7q0u1+NOZnUWP9JzkD
+ X/GeuqiwRbrMlLyNAdKqxHuFp7gac1hR6UZDFpBzjYp5tyFDZaZy6/Q1RR+DRwHe
+ 3UtTSaXjJ5YRDjfHDc7Xy5RzEK5AYXBAEHCBHv7hU1BXkiAi8orNTETOMRG4rUf7
+ L/lMNoFq87PLovVadUkjuGqK8LsBEjFZrXVPqZmnKMdcIuPVbQgdwFOrGM6so1A5
+ KA/f91kuHhSXAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
+ BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU3u7nIdoq
+ F4QoImLLuyhcnliy8DMwHwYDVR0jBBgwFoAUqj8aklmTCPGwjxBU2GnYEHYUrVww
+ DQYJKoZIhvcNAQELBQADggEBAIDQUfdsC3Apqi8VGz9J1EHF4j49fBe26oOV+OnU
+ /cijGAy2u6RnQkTygTjAHrqW+F3dN04K36+lCIONvNYOTdMoOchdvGYsx3nOGB33
+ hVKAUq4HASTDxlxjGTPlpyldX+ll9Vnrx9gzC8yRllSQ5WCAIiN2bOlDJWXRVvSo
+ dzNLh3T5Ob4cA4wevuZGv4k4i2gHJd2dW8V+S5zs8JG+JweZxjIJ2EXkoK1kKRJf
+ 6ylK/ddCLqyE4+cRpKwSusHsaYZjmCWmJTLS5pePORabG5dJz/BPGgKh1B/7i8vX
+ gHxyMrsINjLqeEE2pH3dpeuYHcjDK7YKXi+d3JoYKa2F9JI=
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmzCCAoOgAwIBAgIUSal1qO83HPfl18bY7yZfWp16p6MwDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCcxJTAjBgNVBAMT
+ HGNhbGljby1ldGNkLXBvZDEwLW5vZGUxLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+ A4IBDwAwggEKAoIBAQCrRWGRiwZAQzLpQHywYHODyufvU59LGTpRtBj8jeUjQIMB
+ zMIcLVhnNX0trtOQIf/7RJSahhsOpXQRgzDVY225yho3AlnoKhocJzLQ8YBf/mF7
+ fv6MYblVRpSlnkvJuweTyfkS/J6pLKpO+ZSTovAuirfUUgnmx5HXD/GkxP2AsLxU
+ H2765eTOjCy99Qcpsfm3rUd+rC/dQEyQYXK4mqylcDa42CEPWSOTQh7Pynzx2QSw
+ yp8/CUiBEzZBdtWWGt3eBcb4YNypD4XmKksy2w9z3I30dsl+RBWS2GIue+5s4Tir
+ Ai3WQ1PLCw8qBduohqK5Cwvqos42/M7C6QM615EtAgMBAAGjgbUwgbIwDgYDVR0P
+ AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+ Af8EAjAAMB0GA1UdDgQWBBRMLQSPn1nJOXgtOqc3evonuEfKlTAfBgNVHSMEGDAW
+ gBSwf1hEf9YG8SVpf9jlxbHGtSQ4xzAzBgNVHREELDAqggtwb2QxMC1ub2RlMYIJ
+ bG9jYWxob3N0hwQKCmYVhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCC
+ /vuDwGuKPrroU9LrsMVPFLys3gxGWy2qt1Olofvman5C4D0TDEH4pzX/kjdY6oWJ
+ Z4yxxLFwhDWRTxWdSX30Hm/IDJg61Tt5pFyzZ0D6FohQmG/cb53oC2TGKtSFRkcB
+ I+1/gC2UK3nuEkoJUqGtNG/H0EOkC/0ModPMxUob6oOU9zyeIVYdzcfqriKFhuV0
+ FIscDEs3R+Ej3fWYsjQcK9d03lk+yquv4Qia57gASjH0nhokFYevrAqy/3rb/Ygx
+ Y5gKaDtg419AvBcGCKxUlp97Nw1K+NJCO2C2gFsV0+bgspG3xCG1tTTXTjGg5acs
+ SvBDma2J8yDT2JpmZAY1
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node1-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmzCCAoOgAwIBAgIUIE27U9sJvyGBQbL4VOBZAPEwZsUwDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCcxJTAjBgNVBAMT
+ HGNhbGljby1ldGNkLXBvZDEwLW5vZGUyLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+ A4IBDwAwggEKAoIBAQCy4CW6/cdplqFr6RShHQkSqrMDpMcIvEizQLlK0YCwWY+Z
+ zECCSQY7lpw5g4Q2xpv4XUIGo18L8qLPcnPdSLdQ7aAVJCSsb99M10c5k7ZBe6Ud
+ br66CfqN0+SUpwcjrAy98h7AHOg3lDkMTmAM2wJY/CMPloeD7JxLVJKIr3zkX511
+ xwB/ZMrmjFbdUP3UWQouiuXgKMDm2BSBdW4bOPsg+4WV2hiGvLO2jv85AG83YDbq
+ I9sm0MU541oT9aGX1LP3n08h67yCFe7v71xLhscsCVaLJSVQj3v/K7/qj2Odz1xi
+ yGmqT0Mt4FPCugetRm2dS//Nr1UbPbLA3KWbWllvAgMBAAGjgbUwgbIwDgYDVR0P
+ AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+ Af8EAjAAMB0GA1UdDgQWBBQYB8+dWJrIG7gxXg0gynxYPEE7tTAfBgNVHSMEGDAW
+ gBSwf1hEf9YG8SVpf9jlxbHGtSQ4xzAzBgNVHREELDAqggtwb2QxMC1ub2RlMoIJ
+ bG9jYWxob3N0hwQKCmYWhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQBy
+ EYb3InTzandUK/mONyhEHPGEMv0Gif/sKVCA7LU+mahaWe6CPcHaZfZZAQq2sVbw
+ fCLNWp57m76qSt28nw4UU2EQSwEVCNn+GNUL32DQH8wHdg1Gd19ethbd4D+hcJR/
+ gH7MbjrK5zOvAICbl+HqjEXJAQDxov0pEOZuO3xy6q/Ox5ws0VL2UbyUXfErjesg
+ rZAydMkAHJJZYNVLzniGi2kpSC8PvLh2zlW34VeDDqvRUWXAyL/qMt8DXqPTsZMq
+ PDg0XOzWEmUQh+ocTNYrV2BUcC/JmeiiUnEnDT7ufEKjtYjE/99wAzBBA/7kr5bG
+ Kwhuc//VlhqrYJSYUXsY
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node2-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDmzCCAoOgAwIBAgIUULCurM8R6OTRfkb4xLv8Sw8K4lAwDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCcxJTAjBgNVBAMT
+ HGNhbGljby1ldGNkLXBvZDEwLW5vZGUzLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA
+ A4IBDwAwggEKAoIBAQCmvXnsSmQi+dHtw+tl98ddJnxdJYth6bzXplr37vBUfRgU
+ jOm7866nznnPVPTrYzrsBnQUyi4Hiu6Rh+NW6+Q2ndm4ovPHCALZMDqCRLv2raQV
+ kNT+23UStBYXc5kYQoIVFlI/4gitMkEqM2V43T8rxT6Nd3GQZL78dYAWNSCeGL28
+ TLFcbRmnxvheCriieDG5lr7/jHhlmPceuHXEbd3RB9towAncBd8wimmmAqpwtjng
+ UC5eHpgLXwGeigT7SVn/1Rwd2ZVVEY48gpsf3fD62SQA2/OuSXOZU6V1q069VlV0
+ ZkJWTeXwBPzKQDtrDRadb6Yh0dczt5uCQoWJNlCBAgMBAAGjgbUwgbIwDgYDVR0P
+ AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
+ Af8EAjAAMB0GA1UdDgQWBBTSMkQI4yhamhQcrP3ipAJWIMx7azAfBgNVHSMEGDAW
+ gBSwf1hEf9YG8SVpf9jlxbHGtSQ4xzAzBgNVHREELDAqggtwb2QxMC1ub2RlM4IJ
+ bG9jYWxob3N0hwQKCmYXhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCj
+ x2sYdrTfabx3BRDR4qsONTQ6XNyyAe8/uah04UWNj2DyFNxAQxMUyqQrt3dobKuq
+ 3akP3aTLPMOAIDUS+zyF3VsVJfsbT68ZaWvL9EOR+ltifPGSFhWYc724Tc/6QuXe
+ 841VzuqaDYLG524PAo8Ze1m4Y7Wtb0xMx7Yr3GS697sN8a64pJhOIVrD7gr8XElF
+ cBTY7ywIK08g8EVY9USJ2TO+1/t5tSQNYWg7HRMjVPmeSCmHi375gIX+1ZVYbw0i
+ MbjIw7asTGCL1FqpMvnOZcoLUaRUacdWdAkoJpRh8bXYofrasy55H/ofcRakgTCf
+ btgEabN3iOueYG0otNOB
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node3-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIDWTCCAkGgAwIBAgIUchUy7dPcL88FTyFjx/X3Rj8o8G0wDQYJKoZIhvcNAQEL
+ BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt
+ cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMBwxGjAYBgNVBAMT
+ EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+ AQEA3XRbVi3T64Oz7vzCrjyvNTH7gApdErHeOEVgPl32sX3CwxJRXgPwehQhoGfo
+ CYRtGBEzhED0hoinP/kWPdgKnYh4IF/G/NPV9yWRGzNdUV3tgVJcdZv/FFKMOvkh
+ JAYNqHACdf18YxuHWaAikAjIhuom1OOZQrL0ywgwgyAWUj3CAxcmrrMJDXJ2plkz
+ dgwkLNvUkyFJWLvisbDooaonSUipfUegbtOZdy6VWlBW5jkrlAu6UgRolxyTfRXl
+ 4i7zBeJoKdS52ejf6vGirybwc5Ef27X89ZI49Ger37MNrU1wP3V7dggX3dI3hPIJ
+ 6Y2mSehw5EkPQd0B6BpE5L2s7wIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD
+ VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+ BBYEFKlrKwASnw1F87mpiqHnhHZE9riqMB8GA1UdIwQYMBaAFLB/WER/1gbxJWl/
+ 2OXFsca1JDjHMA0GCSqGSIb3DQEBCwUAA4IBAQAJT/Dd774W+HwBJbi92UwWzeE8
+ KLCo+qIxiHlLg3l3Egrgy+2dV8gMQTmzW2y9znxFIeNg2eBciZ/UECARraoyOpge
+ UUxnmEFSR/ZC5L6fqSby3Mo8p7STKd95L+UqjsBw2lJg06jmjCBQMIAk6rYFPr9k
+ hT3g2zwbxvyJliYyzVFPKZ69tG/lVcbTnERtQFgdWAHPw/9SJJn0wFuTFAe5eZwx
+ v6DTF8YkJiQZXUV/eWlPAS+M9epY2YA3vTuVkOMTIMpYMYoAzOPBtFgSoaii+2mS
+ 5fBNwgV2m5ht2Yjx5uvEtdY1qJM7eS/wAXf8QhPUkwB48q3hjioXUMzAUdYi
+ -----END CERTIFICATE-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA1WeewthRQFjY6tnse0pF+2SaQR5cl8bQDXvhUDwjBTH3j2Nr
+ 6G1n3wVZxF5h1IfKrElCmqn4+4fs7yrjJDWHzsVDnrw+pKOz4VXwmTE+OzU/EdPr
+ xirpqOQgMSYvcl5iKZbMakaZ1GyyA32fHPahGMfIrlQynEdUMyXc4TpKseK2p21d
+ LI2DsiaJEOAYtXHSk6vhnzUsBpRodqMbbRzNbGGkbjpSNZE1Hx41o8ucjYCWkr4v
+ WkcVPwdxC9Yd/sM74poYKCD6uW8g16BHXqJ7+GTVVH7cpNWzSeA7syFdWoy0mXA/
+ Rjq/oJC0Y7cbYHXXr/u6e7I9AsKnpiyr1khDfQIDAQABAoIBAH1g672+Kb6MdKVG
+ c9HbyVHxwU8Q74WcoQ/LAI2LR2f9+1ybJQLhhG1bT2o3qXKcdU7Tm/YSdt4Q9ftu
+ TxUu/iNVcm0IXCWOqFhzjW/zpoRSvENVJui+vZkkrmUx8h5XpYSZvG+UGzzav5ud
+ aqYxoGRWvGjvvuxiW+3RCPyqqsfnQBSARWI5CDuqVCS1BAa42BHTJLhqSolhOfJ/
+ s7fe/5DK1zmWaS9fFwbbN66TbzMSpqlx3kuSpJ2nJZ4v0agg91klt0jXtdjy92nr
+ 0fekUIuFmuuxINQzzNkKGJw3X9Wux/M56MUZBDJ8CkonQlpy87fn4BjzDORFWZIc
+ ge/+eGECgYEA3CGx2DF6Loi7Xc5xWIAz3Gccjl1CiriU4WA0gRaAVup503FQ6wzi
+ CjwEcPE8wG5Kwh7UUPnVgygHjjny5g/WIMvVNjdAHq2rb6i+mFoRhmnxJbvsVZgc
+ 9MUAqbsOagAX/PRk4uTmT7MU9wj2gZlquSAYdq7HHjOtphYy8Z+HKBMCgYEA+C1U
+ X3c61gIYP4fxfDUM0qA5pZ/HvWra26/fRQaLEuKkDZgiPm5BBe8o4kJBN+Ii/UZh
+ R8L/RAGKDM3PHS3wJB34Gdo59dafd8JoOggWkcZCfwaKd0Utine+Gmknj6ScaYyr
+ 3AqDV2/0gDLnPUUetIltjpRAPM/rDdpLL7t1eC8CgYEAgnMBRkHDyxHCHwv4xV5r
+ 3T/Jf2Aqz7Qkng557smb0mXvPesX7cLbrP72DswWmV6CtNi6LyZubePp3lHe7JET
+ 7ql8Nz20pLl8L5ZLJFOzsPjVK+xaWDrlZfPcubidCRn3HTLjGkZVaYORd/d6xUBa
+ K0ym0qYuX2p2jEb5d5B28rsCgYEA2ZVUbcZozQxVGg4jyBPyxA85u13UjttKOmV9
+ SFUuRUZzMn/5NecQFxXRMF2KNGaM6qVz0KjDiGoZEJS4SwrliaTEylWrjz+13BeT
+ rZ09vFyoHBot99esz8Of5iPfTW6yu09btbV55YUARg1a8zrQatQ6O1D66NYZbLHA
+ TX76xH0CgYEAkdPCT+GYFqzXSulgGatpc9aDZfIb/2JqbBU+WICWwT4XRq8hs6DP
+ 6d/+SpXR4OC22E71erARwxlWN3FkKJ5ZexSXrG0QP1+FkgMjBpwFEBHklHdfxwex
+ SOybZUAWYuVnl+c2iuRgoEBi9YZZA83lkLhWuWz4RSZehimVTLPQe1c=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEA4pk/Z0kdM5QNMCu1rzEa1GQ3ARz9+YQFq2p823sQTAGgV5Qj
+ 1cbNZRh6PQDkz4yrGKXPmgL5SYunn0LDnCmoGUZXcopwXSIvmeIb4mtlap5ObN2G
+ BDxRqPJK51w6RC+9Eyh/xsH2q0jrKsnH6JSmD6ZdQus0FMB9lPrvYWd6ArTTwIda
+ Ffu32ikI4ZUSFEYvDyuaq24Kkq81lzhVafxLtX48q69up2QBkcihb0nDeGM8Lo1Y
+ AbzyhOcv2SKUbaIGZUtYn+WN8adlS/fLypu09W19CejTnAVqp4dNwg+DFkmXfHqs
+ zE1eJDYKGfd2uO3YUMByTc/RXzy9+tejh5qHkQIDAQABAoIBAFQBTCgWSuUcNedt
+ zOUt5yxmGp4nCWC/OPrbd35GmTwUPkU5fi96jBq2gFqtQiZPl/6DOft2rsQ9Kd84
+ +RujtdXo5fJosE9WpR7/XCcMeYSVO63QUiav1fY0HOC4qEEvEYFQuk4NCk1lswkh
+ 1SK8OPQEUP7GA4DN+8CHZsdNfUYS4K+5XNPvNR4iahsnQb0Ee2KBMpAyMe9sEMQN
+ 500LhVgS4Ud/KTY+IsYROjduj67fRUZOxsNuCb1hxXjzWqR3MiRyrFNN12SFw9l9
+ aYXaO55cv0XwkimdaYjPds561svQ9Opb1C6Vr8zObulSPqnDRNtzhOEktG9XpsCS
+ 03cWryECgYEA45SFhMJDpmjtGLSECYkzf4vb23aYb9EiuJNMrOBWpfmkSahPyEhs
+ 7q7oq6mdmhOUE7oLyp+mGnNHwTlPCROvxsc8xcZR6tC7I86RRRro1Qrc4e+0epQS
+ n+g+OaW+iUYa/0XJkoas0uYSBqF0a4DMsfaYeTszNM2EH0vTEljnUksCgYEA/uVY
+ 8e5a/y24RNUiQxUUnr/JPrpjyRm9tsFXsAI9206FIrLIwbWgPZQvyH/efo621nZ8
+ hog5RANXE/ra1wyLl+s4H032p2cVzwbeyBBYEykbYNO8kLnlm+YM0AXgePE6Tb9S
+ 9kDNfU7ZdXA9Khzh3BpXgtgCzRRq689euAWKxBMCgYAEzI78O7R9f9zwFm5qXRBO
+ 8j4SpK+WPAzFY6XMR3bMTTVfsELucEiLx/h0FkGSjDMlL1ksTq2MBT5QHstB375n
+ LLBlY0c68mff221IzcZ3J6F8yjc+Fn1GDfmx8YLRFj9ffrM/ecOPNvbOWP1BfxfR
+ 8OdKNytfQ64zkr/CtUk7fQKBgG19KKqrPw0zn155ysDT8kqKiTBXsfs1AmfZPwhM
+ vjNQ1CFmeJO0p8Mrvya5vmHQfbs7pBvJsgeEA8iCTbRoICI+mJnhzFx2DEkkY1e+
+ pYZ9dtQtv2bPY1CHDePhUl3BCNFSqJk8lsgHsaMfdjZ7t4zrB8IddX6QEal/JumW
+ /9dfAoGAQJ65SHMkIDaaTbi0ndCEIagJvxtt0fIty36lIskegnm5Mg17WNkEH76b
+ i/nldW6vKS3+2GOIcgp/eGNVtoF4MAYCvKXz2oEiEe65DxcGgYBbPYUXFFm8jUdQ
+ +VuBloiUTgYfS4LUs/OOfPf/Yv13951CNlOUqAenAn9exQ7YkhE=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA1mfzDXKbIbGK5CKBX30jYLe5U5Sb/lgedKB0OXaacBsv+bL/
+ LBThn7HyoxMATRr5Zh8HM/bdDEOPqIywQsqLjdgldcJ2GIpW+gIOtNbfJjbORBc7
+ DYpCVx7tSlLo84+9G2qZlfhusv6ZG9uZ7Ns/4Pj4eWYsagxhjJOIm3iic5MgiUju
+ xYTNkTXY8lpms+9pdl7kux/Xp/i3hpk6VT98XeeU5WeV32lrmtruUTqxb0XDZUBi
+ E6E4rJVmorUAodMaF/kmT8MVEmkhNaI9U4oDuAqyz6GM2bUU8+swKoDCbpoMUgK4
+ HBrjyAqADOUhnxbpT91M4lS9BKl6KpSooRr5/wIDAQABAoIBAQCkiBioVS5e6NPg
+ xenp0Sn46oQ5c21R/WVBsm/+ONnC9doXEBlpRozt86xzH/23Ld/9UgpBAkwXQTFY
+ 8r3AQ5ZcP2Zfu97MbjzYlgObGtkbhis7bWhPt625FW6a/ozte3xvMZqyz3aDvYTZ
+ L+grLwUSK3ziDFpA90dUjVLjm+tuLC2cmZDiji+4QwEfEiTfxKfumJzG0DXwt+wP
+ EYT/Tdyq13ewsmGtyB3rE/or0t8xlV5BJd3ur/ezB38jaB4Hifb3IHzSqFS+xMcn
+ 1QsLs5Ep2oibNZnzc4aywPrMDN8yu8IJpJ7I7CYnoAzEkzGDCsmbYUKSnOAWL+pf
+ BkoInOpBAoGBAOI61Jb1mxPelY/7JxLnG58LMy0XagY2ka999nxmeCEascP/T30/
+ dhNTKiccplDw6Fql9wlcMLSm+qcAMX3d0iD7zawsKlTinq/v1WgSS8DiHk5yiI4K
+ g/wilEXPEn4xWGDqzXKbpAtnD4uik9Q3RP5JL0xc46E4+kqWZVRY9385AoGBAPKe
+ zbNGCEvRHPgkUwzaMl6XEQby6OuvBqiLnE63XJVEiHLkDCcKJRapDDFuIpVzU4js
+ 39cN50USDJjFZWOyRPIuhJkNMZBShOESgnB2srjclUEhTmWGk50CvLaIbjBebhfw
+ 5YkIHYFlu8rqjUu+swGyg0ERCk/iU2pjF0cDDwr3AoGBANmShOSOX0/TsPmhLOoU
+ FE94YQaLzy8cii5CMa1gi0YjOzXptFQblX5ubErjVdzgZEbR+O0qmbkUIlo8aFzJ
+ 2g5YvWxJqYirzrwcJ50Ig4yEq2r84fHhkSALTZh51ypAYOQMzfvcTf+dZakAebYO
+ Va9NSUzixRVIDAdx7xAY5CaZAoGAJmH5KONrbJMoghk9Ckt6rHw5tV+4eZC2/PMZ
+ R1q6yuKMs6BgS8zPEUatJyTFU99q176hquQIMmUomQKhh6QsRCQX1h7AOJTVcMX8
+ 3M3qeFRtSGB8hpNDxxMnx7jNtdk6kY8KwSMHh/EQRInW0KTarOoQ2bpYZ0rm523F
+ wPY66wECgYEAqQylR7EkQwMvAEh1gGxnoVIHLoLBVp1mtCXurDDakDzyMw0DHkSi
+ l2D0dvlhOcHhrCKGCWhcJq2kO6Dz3upjTbBR20JREWyG3OQSz1I2G1rJ794bGQ+S
+ tkk91P8VtFzrAQY1553FBvwke9qmuEoEzurCMNU9d+DBqc04RoHGU5E=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA1nPJg6eAtc+VJxdhCWnlDmq9YA66WDQCrCOGjlIjFnWDlXkO
+ Loub86E5FU4zT6rqWoseVDmol699jce97wFNA3pVMga9Dt31/6tIrxkA+xaqhKwS
+ KUZAJJNeKnvFyzQucqgH2+owG/mNOV2mjRVC2DetNBdBuAmu0hcaHpwlgnt4ZiSp
+ 2xtMUyj6faKmsd0NZLqwAdE0c8UkIJlPyDyJ7zurz8r9kezvr6aypxmHFtrXWdCb
+ SgUNWCKcXyax1PS3tfpZFgqfiYh2hIqTMQWXfu51QUe4Kp+DdoCeuwubyblgP0WH
+ Kb7FogX4/grkLTVyLaaObLz8mCATGUtS1xa6wQIDAQABAoIBAQCxerYFjTTKQvev
+ mHuobMkyu0frHYU+xhyIFgaf9n4vciXqKHuCLextHrq9VTDF+C9nq8b38ZgDoSsJ
+ kYsxKCRygmXLtyP0D+ItK7ZFoy3an5GTp0yIeClRm9zM0A6L862VGlcWu6QBIvCr
+ z0OtczEU/E8N00mCZBEYsiHdv2CTsNO7XsarSVuBsZTKpUyqdMlAmqDcDHJmQGkS
+ k1+YWQLJ7HMHTHxxAI3dxpIlI3ZOyoWS1VVBTyKwdpfkjE3MBTP5B7sKGdrCuajH
+ ABg8yNRjEnVt6nqXzcwUa4THkaSEZKy/u9hXmaWFHbB9kd53641G6weDOpTIuUNf
+ 5e3R4/R5AoGBAOZXxx0x1/wsxvORSWy6Roxm8lGdGTSg6mG63sae91xILhrNoU2L
+ fjYv+tfNi2ChUXz3b54gq78de7uQWwYuI4MTNyZ1p3rfjMelc97hGm7zRyI5GPyW
+ 99ijncKipxLP/NkSlU4K+AgEIuF8hnQ62963zYWm9s8uc8ireyQPSle/AoGBAO5W
+ 47yzTo1fO/G9NJMb6kZTTJE5VhsN7OpaCjxg6loXUMrxMTZgOEyz3MD5+6yeEURF
+ C33VXEULxt5DWUub2lCrzqq4rmmoRcUDp5dWSRRh5aTfuUKwOkTkFme+Yao4/Mel
+ oRc0krPrG+chS4PAphvfr60XXM83LcvCXCsBX41/AoGBALIlZSuhJwgzoVMzJHRg
+ xLtFy1dvhtT7NwqKuk0nGOxYLsAwFPaiUeSaywgoQglj+mAKBltnrSzMIqv3g06O
+ VIzFSbwG9pbDWl/2CF1x/z2cDYHcYwTHxbvZHuQvY8Pa9BT2mF6ZgSbB/DAkXOB7
+ vRzNTrh1XyDxLj8e0Mgcw0SFAoGACVqHnYQ79Phj1dzjD1LtIs1qF9j0NCObxKa7
+ +Bqll9uKZCyLDeNA0mHMrBYjdmbNrqw3Az04Xc1UhKyH+JupOblEZxbQYX0lH9JA
+ 5YORYqdk58+P6boYz1NUPcYO9ys9YGhzpgF+MGltsuhvmkAZRMbGkjh0f/1eYrzB
+ +T4YjekCgYEAxH4teGtPH66+wiyfV1dDrjFhv5lV1PfO9agQQGffmwis74ZaQcil
+ mRrxmb7CHM6Y8DivG1SFiix+mbF7mQuuR6CxsxXRhpOnz8T6t6ZHShUW2RMfvGQ6
+ jBD2RORqUQLvLu6VcgJ/tnMBF4Nm3Y40eGmIhx7P36fG9tHiCfkTbxI=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAr22Zymic2ZeqSE1cLl9qCpmUJfSP9ctFXOMZ6W59B+XlSkuR
+ 5dV5D7Xu/xpvqQZWKZv/AHad3wxGztbhp3rek7BS7gDiHohUW4B+zR39/kEwsGJh
+ 0eCF/innHrm49EBOKrulhdASSZLmi6v2lvQV84NkFZ0KdGy5RiW9X0CUSsMjOm19
+ zRV/5zGTc13onm4THZUrDCnFYMUX7dkwOuX3xZzJLm6o1H3vG3u0u5DNPc+dyu71
+ E0jXxjhVwGp3Z51qrfkcOYreSwaZGeCn/Vo4NG3KP9weUizt7k9JyEZRDPxY8Xbc
+ UeXoTR2Z7rRDRB1PS6zUj3uIn+wZ9jLv/cDq6wIDAQABAoIBAEO4SHz1Y08wGADv
+ NB2GobXT0XfRb91PicgwtukAyO1KlvfWMk0J2kDxV4BM4TvbgVlwqcCxCYJ4B8GC
+ +/seGFvk3i6YUrG8qOvlr41Y/Zqv6a69W8ucI72YyWp4AWjwhfxDEcOVLeoO9kaG
+ rJtbQDoPx4v8YnPNILxuhysFD/nHtLUn6qX/7ShPDkp81J9ZR7asFoCzR4Pe720f
+ t0WAUQhqWvFakW4mdhPnSMrXCXoB17cRIw3FMZ6oKdsgeX8RFavOI4DyHzFac+ls
+ KpoxJJnl8LE5B6KiIrDPnoahX889lhzaKTXYdH5ngpJgek1uPZSvWhUsIir39CwS
+ xI8btOkCgYEAyTrZCmK9lFKPg3XV8WfTsoN+bRiD0zB4vDpNjqlyZMIS/pd9TSTK
+ +PesgAtAANGlIvYGpROGWAMd+erqKs2JxNsaOKTXAgTT6CIEm5fLkIZsuAuzWQ5p
+ OWEYqJwgcPOkuA4IOYG6pwLb/dqTNKxByM5eBVV2qTj6sqgDRbWINY8CgYEA3yz1
+ CdhPh68FbLxDMiy87trfXoL+8LWzypg5BqJieliyFN2ovx5FLatMgId6Js4F+S2a
+ D6x1NNUltP/dsOp57ENVu7YUKU4f8CmX8oyZTWCmNPNeyX9y0i42mx5oSrn/TnRs
+ mfgXeqfteHswvqJLeLK01NPGUuYq6xrVPuaZ3uUCgYAm0SVA7Z8oV2y7rSVh9edO
+ TjM7FDmJqZYAqTaAyIr6iL1lQw+2q9xDfnNWF9V20voJ7m+FtGh73c4QgZI+Q3vJ
+ 74H1X0bias/9vWIqKXPpIyUhs5AbI76EhQherg9L+pPRtVM81JuOz+xj4Z/3zyq5
+ c6WLXdsP9Z/WirZm4geuXQKBgBbRtPhdurwH5Eka8s/1jRfrHz29rS2Vlp2XdPU9
+ s04JNaQ2ieOIx9AEnNzjfVTsaeXxiLgjjRRq2uEn7FYDk5XZyLFZy7PxfgiDaDrv
+ r1kfEb+GRuHZezcMbJ7tvAIwBG/ULaqMmHH9K6XPCsvjMk5UD3NXeAbP7AGAC9/T
+ mlYVAoGAYqoc2o9BIs+ujC8NEr4WQ8cgKhkcFjv5JcaopAO50N28eO0Zx+bI7jCy
+ hZn5TkoGSBUJbLo8rdKCtviqqdT4i5qFvZmtdwyZrIg2ytGMWlOvZp1OZxzc9j4y
+ 3l3WAmiULssGSLFVxE8ww5vtfgJUcoKvlZXXnw4t6Vekybmgr+M=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node3
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA1YAA0p+X99qok4Y1de2j2x8LnLtB/n7Remx9WhstlYyJoVlA
+ 6HQLq9/esVZelz8TT0BrBl5a1+ZDU0XQ8nSQlSVdE9yK5ZPkWptvGbEKU3nTQait
+ yTPkQN2sSw8wVYoEyADYpazX4SPcKLSM0yKyLRGaHjBjr0BHdTHrKArO8Zer2ap6
+ C3yH3w682XN3sbq+3aG7doR0OMKYGauiK+N/7CfbJEaOaioCcIYzOPkY2POXTGCm
+ 5+5LLVNKIU9vgfSfSCLw+4nU9h7nq8T/vj8h+5N2uqeYZFxJh+ucNxGNoPGtc6dC
+ O3LJmRGfL93usflwkzwz6eS1Z7Kut0MARpz2WQIDAQABAoIBAQDGrW6WklN+H+n+
+ FseLLZDs6XAJ8yyPov5XGbxw7Je38mdlUcSYTN1LnXIDvycZQmY6uuydqZKKFUqT
+ pIW0Cos9b961C+fpin3XX4u88cZ1NgpEsK7AbNy9DEw4MTM+dsjKQhdZ3YWrio5n
+ BtWB6Wi7jgTIkSlCveOBiOmXgq9fm5uCwWSeGG7Mx6osPMVNQkT+jusLDH59LXSF
+ 00L2loAyunC6yK06hPzXMnfKRoOapYhutY7vqN6cfOfCNXs9IfHMdA3TutBydWBt
+ 2GdsMpyZ2eUI1454pnTgqSlBxMGBC6LJLz77QaWfu7WPcGxl63aAr/UWjffJgPWs
+ gS/INMSNAoGBAP3tdg874A6n01Ig9oCEHFiatHCoQ2hRu1rCj9a3SawsGfGy22N9
+ w/LpYLaaaan4u+Y0ocyLlP+hqiymMiY/k+7KZHZoLxUg8ASF+/cSeoDtFapkc8zs
+ KyvxPuRHAwzZvMuxN5bbPLlxHO1Qk+0QdvP0R/f/gcdGKWPtA0eqlS3jAoGBANc+
+ E1FFSGQ4+wV9yfbfJFTr+2kUOvQYTvt5a7jx0nzKm9GalTtfgTniodZG/ypu3EAl
+ gEsOsqtq54lwXQEMoF8qN2CbGcCyQWqB1vbyNDTw3M/L8nlxabsWOjuq57L6cBkt
+ XKhhfSM8ocP2nHGsFpojTqBe6o3BhnmMrcoxEH+TAoGBAPtxqPZs0/GvPhKVkYKx
+ T2Bt0T+9XwJt7JhzEPwNg2Z6RTaRZa2fW+muL5aiUP9+zpGmjJF/pot8CocsC3zU
+ eCh9Qf3+LKE/fGz+QALoyWXhXxLbZdAGDLn2qdBigSK4ebs6QVGgxwDagUp9//0/
+ 0IrB2oI5AMnTMClDCXxt7ksBAoGBANMwjiWstAXaPro5nOOEOBK25BxLBDkibMSj
+ c0WoyB03csGrSgdSgun361DiolTRJ3wtD38VscstfnbE8AwqhmQ5eNJp/E+s1zCY
+ qwHrzbuwJQgiFQyBcftmKMcIvoRG45xgfMydsvnS8Onk28VQ03Bzeh8yYjOqkbZL
+ iO2dTJHPAoGAIQczJcKVagyvmr3r9y6922mZ8135folIESu3EoAY/5QHXOCs4ZLF
+ yz579h0j5NDpsJzPeStAsL+bP75Jj+Dr60gjVnsF6rEQC26KfYT19VMcTxzvImOK
+ QNnP8oLunlbjEpYc9/F0AuTxBstSW83IMZFU2TWffSi2it7M5A+fN24=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node4
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAvy5/NokIW0IqhoFaMC8UGLwmQAtRKA6aD3xOS/DbLCKIUyVa
+ fkBhvnxl4bpoPQBOd+KW4+xZwi42Xxg6NZPAi937a2viwDQx/fd58BwDaqHpuw4A
+ 3WNRcPKc6ckFOEretQHqAnX737cxsJoxmkNoPvdtA8twb205v5p52Q9S/0rtjlkl
+ 6u02bSv3c37uAdRZDSMRv2RVnSKAIaShwVVdCA9Fju/oDdboUEKNlGNZDW7Y18iX
+ bNcmpR9f5TSofzEWnv2oBFgorXgMhOABjt4R6sACCBL23Gnop9LQGRJDVrFtStm8
+ +b/Zh7C0+7ajkOCQz5hI5/oeynanb2UdGHCz9wIDAQABAoIBAE28gk2SeqtgxBnd
+ Dub4vZsxJfx0nZNEHLCfQtbuILBZekUUsy8Szqu9uU+HlEr5jO6CXAhhWj3yvHj+
+ SOzwHyLAKDMNsy2kC4/QyOww99Kr83Xzw7ZBZCQhAlytOEojZ1sCZDyL7NaSjsnY
+ aMLpFcJEqTcZyaYFK64VCeaQrJbRFJHGFhsrIIfWlht2JAb2WSQs8sljTzQAyze9
+ uFjAory9ib/o/oq0VejQ1XVo20Noz4AZzO2M9/eJPgrrKB+R/F4QUyDyUz3k2ejR
+ 7ZattMv2ek2hm7f4j7lFsmcESq2fXf5NTa+HNAIy+GQoRHZmLeGroCoDIRn1OfYR
+ eWnuC8ECgYEA6ND/gw9we6sccZis9a9p+DMiUaBPKCEBlr+Ymlv0KhCCgmk8nsXF
+ G+rYJp1mqCr7xToOx8lXhrfc2Rjd4BRWo4BUUgA8CnZk6WadJD+vIpupg92wzmNj
+ g+n9boCVauMhZ2CP/nTwi6mCO33p/NbfZnyEj+ecx2kgKxDwzYRYGMsCgYEA0jgj
+ EjTbOWJ2htWNpuJ+W/xMTscuJkRo2rLjX1TYwATXyT5EZq5Vk9vvruq05y3hfNH5
+ UiSEkTRWiCQ/izcv8zwNKFpJk0LoyumUWEUBycnKu008y0+PRefSCo1Hkc3sSi8K
+ YN1MY1+c9yfe3BNv3tsEVZNHBhjNzVdZzR/5qAUCgYB0MmNkQR9tyZ//niis0mi8
+ RKEbRjxbleWaHHQIjl5VZDoO5oEn6SMQZOyOkT58Lj/MVsartfSmOzvRapTKUrxP
+ DCyJZK6StjZ1Ow6w2cwKJNC9DLdCut4fJ3iiXzCz0TqJwur7H9gyjF6AXL6cv41u
+ NDVhMULRT8mLVQAqQqRJcwKBgGmpt88V7D7qw+LAAmQoohTAOua57PNlHUMX+XtY
+ XV4e0QuhFaZ66B7axJ2p8WXlxNoFfIkSO+P0Z64kciAajCp5O6/VufegAPzE7UB0
+ 5xIzMIh2qSEUC1K60/Nj0d5yn9sly9SmRxgH3hDI5Ja/2lIsyf/teByTaRZWWpfl
+ A4q1AoGAJbpn6E7/eXYrwvw1AQkssNmLOyZGlcMLAwRtsjvT+VmEoden1wSsXi/+
+ tTnnNb0Ja7vucEwDWQLzzsH7/94JQJei9bDgIP8zu7QkUCGYquad2o15FFIhPsif
+ vwY0J9Gj7c8wNj61FRh2/eQP/vmbXrnpkC3Clr/Vd0O3jEnCD4k=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubelet-pod10-node5
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAqyyt3svC5qYqvN1XXXeeiM4v9Du2dBPJlSfH4wBibb+WEpMQ
+ bncKw/xhKfROI2fanBkI+qWf4uxrzT7c+J3xukRFlc4OkilqP1JOgqvY0ixsvT7y
+ WhoKQarH80beKYrtjJkqWk6omkYSm5BW5AQ3XFxstXj0W1tjZi1KyR/PROkVoZB3
+ BWCmUfMMDxy+tnltBjfTMdq6f/581NEys9efdR93j4VEz0n9k+Yz2WOrdHFh0YZ6
+ oRmp/74GOIPHuwbh8UpOODP36seRN3N5+gBRtktBsUJ7qVx5vnbQgX7Nr1jl7iQN
+ aheAKr2xv/N0oP8osqGsoNui734t8zsA/J5eJwIDAQABAoIBAAPQNv9joq/ou8MB
+ W1TluU5q6X6TZfkoB7Ge9UEFXSv8vKclR5Ruanr7QF7i5mq7gY9Ar4aF8g3oHm6w
+ G9QeEKiJpNM1h/WRnqBSgRVAJtBn1PRSVqvTMK9N0q6EwaZDRg9/ygXBAtiM/xUg
+ Hg9uWJ1iIbnZO/hdDNXV5HiekMuELHd3ROCeGxQfbqSAt9oZTE95Xx3rkvyu9/SO
+ qWbsrG7zHO7zKDHDofRWOl/7CIjLLuPWO4cIqlCBJ0qGE4xU2ZjU5BxrM3mW0T5D
+ Tz0Ocyonxxh78tECxJQ9/CGqVwYfBVkVUrIjQkOzzE6YyvycrjnKcxoNzEXpYlaL
+ 3ILUdQECgYEA0LX7ybRnv4i2XJoV1csoCVwq5SJfkmwT1vbo16McNfQReJATmXVL
+ TOK3+p+Z+O61B7J7JOZN9rs7QcdP3JMX5lEjwe42F64eICI8VoMvo1qAwlaN8lOt
+ jRbg8bodnZ2jWXPiJeK0XFeJaTBAbRY6T70StIYI2xMjSY6BPK11P4cCgYEA0fVy
+ P+wnPsSWrV1K4Wlc4+Ep7uLSqzBUcVjjzc/XlFqPEZK3QUh9r/8AKLT7Z4GTumF6
+ Q0WiFUEY5XaS8QvPFUgLB4AeKFbpeJvIDw9q8ZV9IJ+baOdKWYphM7S17sLMFe2D
+ 3zT799IkJnnDlax+NoJqV2cda1SzOJHt1V8fVGECgYEAg+AZYo/tZia6I7Twyw/9
+ Ejz8lZ+sh9ZmitOkuGxF7Ql06JsQ50wn8kLnQSMLpTEfjeeGzAABjz8q6BtKKPOA
+ jHUEhQtBfqD0RBWdzoRB25PZ+/G46z9YT+f+5n5VLDxo9KK2aH3gvOBK4P4uFz+O
+ RMgRQ6PVgKeNCnNS0cZAaY0CgYEA0H0ApIUmO2gPj7uSPd/Yg9j1QOgv9hoZ4Cw6
+ mgcHtaNvai3cl5Eabgez6rg85X2AapWdSOv+lUh9Jm7mX0IwsptFiH8qczhKwp8+
+ u+W9doPRKvIS6sqxw9RrzWJnPt5ktmmSh7Ufd+lOSH6lPx14fzxlyMD2L7x983DF
+ URoSDEECgYApmr7kFai9BY3xC9qZdhNDnjo9fwNuEN1Z5B0sfI234BDts8L38BHc
+ P571HBKjMeT+pRfM2bY5VrUW86FTQxlVKRP9pEdZh+xvQs1G07EJHLpPA1ycsil/
+ oobD7qMtBGx43RoQhHAcLcezI0AmRTx1QgrW1HCtLGP/+aYSDipp2g==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: scheduler
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA80ducoOxaibHfTwHnEOj940rsaz8IJ7l5+E/ypN7rGBYlxMU
+ J92aRfr0DycSNri298Z4JT+nTT4DYLuZAU9iXJLrPDz/UyryAf80x0hB306ZLdWi
+ wAVHsh1miVVBO0wuwTP8h6MvAlAIJw32AeZhSxfwnjEx+1o3Z+pSfXkmxo5Yh8eX
+ /dhTPXiKHaLYdnvbHJ7qamoK5K5MFTPQL+CvxfjVx38JTgvQQK8oyhvGzmDyjpm+
+ OFDjIMx881SHn14eUQXL29dHIfA821i33YYgnt7n624wYS999pMkZnSCae67mDu1
+ Bj9NXl1/oRSRXdyKrwQ3n0xWEtUCEBhaNVVD4QIDAQABAoIBAQDcoqMDjnZf7G2u
+ IbxRN3NEty6yhE1hlFq0MzA0nA9k5ThTQ4VbJnqdDx07hNba9ClUjBY4ygMEZcKQ
+ f3Mjogh2JvTa/AMgPWmg8ADA38KGMPVxgTiKZ/9/BXUSBlUT32Lj7C8SIKgos8bB
+ DMNZM8R3Y23hOoK3EDoBr51CmJbXKUtJZ/rJJGxGa5f3RQ8TOi+D3JTXthy/+h+s
+ ZbkC10Yzxtxg6ttXTZsrP0J17txVfOzw1P+m8G9mv1PH2J8dpnu+SYVZcmIIcC/0
+ BlFKxs9uUN8UEJeI7+8kwY0jMxUptSIr//NyChGdv0X6lml8/htA425thRnRVDoQ
+ BRYZYqcFAoGBAP/FnBk3BV0DtTMPZVMQbWV5YIZzZtVT5j8gIUcgU4LKHOiAswUR
+ NrwSq1zBmaoezwZTw/4ZgtorPCvwNjRiFXgxZg74Y/OghfcDOwWWFK8p8fBg2Xv4
+ qR14YSJpJ59yhzHYvqy7Q+Lfj7uk5V/6o9krdSbV7xBaZ721wmYIZV8jAoGBAPN+
+ +Dxems8AcM93CSrCWypanyD5wIVNWskoRNuJ91LUdkHty111R/sqM4MZwJ6cmtUQ
+ JdJDFCTqbCf+vrrKAI4n1iEVkZ/boVvUuIn24g8/AiA+V7faCB5pJeAL4hdH+K/v
+ G2J3S6Hv1tvnJZnJAhZRHZyDSBNj6/Qs7PE9iaMrAoGBAOalcaW/WyPMwysfWBT2
+ vGAEe4njKTl4pioItFmqigRodHcqD8WjB0PEZimIICUsES64fQZ4ROqukF1jCc5l
+ IM05ZrpbPe8ls4jTrfbUpyRqY9WL0LOdwgtkUduxDd0Yb1gBB7lGSeqeBcSF556M
+ rBKbwNJbm3CYxfJqpLpUGe4XAoGBANVi6vY0ziQkNbiKj90KEEywuA108dOgM7Rf
+ duCSKs1K5gvm8baIZjllBVmZwuT9Ru77RLncERY83eW66LjW99+cZ5n8xe660dCh
+ PcuiMP+9bwaEu+ihyUWlTgznPQ68AuNjfrMu6ngSsE9sZNY9gne+RF356rsbcRc+
+ G7NaA3mbAoGAZ9l8DjMtTF34XkQcnJFd2MEtFrGofG8ZOf+8IE1irSjwdLD6VyQa
+ 5O4HPPl0XExz2o5tAM+5HoHTuNBIuZp0ZEragznY3dn2y6ihacYCBmBpVuZLWx8d
+ 9DwT1i72dyoGlDDvi2e4iljwZLrt6oy5vOCdU4bS8AYLdlI963Me2ME=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: controller-manager
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAtBXNPGZMwUYUZtkrnyXZC906FN5W/DkkxutM7RyFrA+a9tbL
+ DccvICLnaV8T1OA3mkBbmRbZ8qR0MLQWxZ6q9PnEdSiZAWS1Dd1XQGDW1ZpIe+4b
+ W3TBmyEcBzMT217/C1POPx21i17AebOzBG6c6UWplBVg5dDEI5sD+B+5Yn0QAnpa
+ d3uodi0Giji0UdQ1qGnilCwwpR6Xo5GnzgLhmwfO/Z+giiNfBS81svkDlVVyNiT4
+ pmAGyvbWPQ4bztDAIWf3wvNGNA6/8wQtM7wnXNv77Oicfh8kKsbkJ0nkA+Y7lGkP
+ SKdsnqo0Z3ZwjWGBRiW+JvwANayZTNN1g2mQGQIDAQABAoIBAF1ryfKBZ2QEROUt
+ 2BFRgw1CkLTuutVRl6CRxHBlEXs3BT70IpZdNDdJpB7nsdQHFREyPdJnJl1Xrubt
+ JbsTGsDHKYFVtDoi0kIFBxRgqFJbHSsdVJfXM/CT9oRNnQl6eHiZ2y6m7N0GJHd+
+ H2o3L7Nb7iLiDEhsSrPl4ONBIdzTAPc/uoxPmT1CfbCxUSNuwQ39/fXrU72S8U8d
+ 2mwvt6is46sOHZCd4m14bD4MucelPo7WjmOHQfU3wH5519CAmWHCDP4fwMcwXZRT
+ VVPw2SUYEoe1/C3O7qUj2TS2WIw+/xvNBizXZjj6Svgy0MEDKsjhlmc68O51P/j8
+ rhwtZuECgYEAy15scnDUbuahoWI79BW01uircEuVzvMxfszmlBafzwt6O/AMCyu7
+ JKfMGREBlWGTF1HbRTDlfs+yS4Zc+4PP9feSU4R55bds9YEN8+ybJ2oo5OpYF9Qd
+ kh/bPEFd7zSmT4GivWiq6IjVQkLcNUaes3xZVvwcjQwypCmMMZFRm7UCgYEA4rDK
+ I6HMGCq4xyfniHaOFd6UDb7fKvI52Ybu9GB2GBWvi+pHNgUuuN8HoFOHPKcnby0y
+ 2KApF5Za1ReCG4gRLO/232mN6VuB0DFZSgPAHM2JwPm8U+b9VdVZdB5ebkL8q5yd
+ fj3qwKcQU6LGOpW/7dHl1ETXOd1F3N/04WspiVUCgYBmoE+5sJaDIH+QITKACjQn
+ /2IEWSBQPwlLI7t4H7KlmPUmKgzp1jeqV8L3I03ZRFQmAHjWgcZOKCGhWzyw7+OS
+ DE0bOE8LTXT+rxGLdmsViMz6OAgcfj4t70WDMrlkbP1AQfsN+jPFBMgZmAPoHqsX
+ iDjNXIxL4Uvs68qDeQHlwQKBgFLk7PX8q2JG9Qy2ld7741cx7hfcrUTKEMdvpR+t
+ ymFiRLA4OlQRrxUhUWuaP8C5Kx1nfMlkP8KFU6/KieRBbG5vTWpC8gbcVGrqMMl0
+ 96JQssfjSq+vrwHdI3nnxQYy7qxed+T7BUXvkXPT+QLhUa7Ia2+kwMNDG9H5/1US
+ 17yFAoGAf0nmnwF2Q16Uaxajr63xcPYPKOEcZGLW1jXh0ui4Rg+ylpGRgnquRs2O
+ /tCa9TbmIpoJdp7iaO923zr51jaryA8+nYhhggQCoHucHcFAGmwG+zGcr2PYbIlx
+ 9NElPAY3jgtSVMn2RHLjM0QenMD5hmGpt/YRNwxO6CAuxZ5Hs94=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: admin
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA9+oZNAuVejR8E2SBgZMoKa/VsB6XdKab969eCoeXbtB8kOAZ
+ zcsT+Tyer49zZQOkn2xqjZNjvXvymgNB8mWXmk0AoXXOCKFHFeQLFYCLZQKM5D0C
+ lxU2wNWXgIJShh2Oabd0UZ2pvJiXCpP2qvpNO8QO3lwZOvukvQ4Vjn2aX3ypxIF2
+ ihASXkSnaqfACZfOByyqoQnZBTcW7M8uQiovk7GYWRiClxUkoWzxlYwiOCjre2nQ
+ 0Xp6dDu1coxIuv9PS86+9xnvH6gVrJAHF+A6ySf7oOKPQek8FooF2NQq1osc8xiT
+ dzPVbUH5JIAZymUD+B657XhD/BHdwZdM7Z6J4QIDAQABAoIBAHRVPKhoeycSM9rh
+ wces5x7QrQRtBoMtn2iVuRpV0CCm4p0VG+au0duVr50QQoT3Nau9sy5mKFqFLC1L
+ NAnr1D0Kvy4E2r6/91x1WyIm5MJsdPKxEmMVCFFqqSIbhV/7xJUlCgc2ZazjKZVE
+ I27N76oI8TU0oH5GEWLJliH8HJGLQKq5FaXOe5opdLqL8J93z97dE2UdeRseFW37
+ /2k3IgoEZSamjQVOfsV2wGSlEb6KRpMQRJqBqH35XlpLtboFM7OZT6Q2ak2BhTKG
+ D5W2ZG5KpMEEB+fS3eHNibIT0S0lkgRb1ppKVX0g7rmqFSIthFNcvfQ9eJdys235
+ FyNgNbECgYEA+mU0szNb+rC2JAmf9i589+RX7g87j4t6nfvMxBUR7o/N5dRU46mv
+ mBvZU74vFq0oVS9Py7E6wyxFNdP4sJxIMRIXVbklHdGzP2QMm4QyJRZSy+JDrwQt
+ W0iMdaz4e2tk8s5dInYPAsbeqFbqwUkeLaEe501z2V6sZLEHJ9kji+UCgYEA/Xat
+ Q75KhwlKftm8om2cSUgf7b16BpNoNVjJOzEHFCD6xWojC8ldSlwgCJko5dp3feMo
+ SFBi/ISj+eHv3rJIShi+UX8aP4MEfUdLvMqhJ+G07/uMckbzbeOhYg6xi4hLfWV0
+ ninItx4KC8wWKtfx4fYxxDc3y8cdpIuzkpEcPk0CgYEAiqb0Ea8E5cJoeXgi7a08
+ YgA9eINS1d/EXCsMbh/EuDdFKljzUMWriC0ToL2VUZc82D7EjuRqx5yCDpZ8BT/k
+ 8dc0uLE3DlYKTbXXDV6cbdD4tBFsrUNA4mU/8gF/7se/NHx1MhnxofYBYXIPuEwG
+ u/mWJTrMRbeY+oDUl4ozlskCgYEAiYMtladT/9dGl3PCJ82YERoUWIOIBLFMxESb
+ SIXc9Uq/QwPGZ8qj1ogMyR1vVuUkFyR64mDak23TGOs/nG7VUX4DI2v17adDdESO
+ DqtQq7aE1/59wDJGN8Rb9jtKkA0uB6ZXksfQoaimgqgDDtOB47oSXgYnO2OX7YHt
+ twMLc7ECgYAMMTyIw7w7s0eTd/waKgWbw9tX/Tu8C/Hwx6+AALSSoHX8B9bfqd/o
+ irZfbipDPiTXvm6ibcvjDLdXlk+4g5chjcTnjA9BPybYJ4HwCJ3ZodqGROYXJHEU
+ WnLF25e+cwxqJxGCvOdJKHdpVMZJt8XLTtXXj8pjJPANqRNRgbAchQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: armada
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAmVG2vk2Hrfw0j61+zm+3BYqhEwvuo+x9mrS0N/bevmGv77Ke
+ V3dQrZIZ1I/uQNUO6lrA+QNkLmytgq82c8ynqUYRBScxVUKk8Qog1vppqYkSLAhN
+ ClMr67ctP67Qtu2nCU41nO6o1FP7H0SyOyZWBzq2k4ltdcb7A5qBiOhTnRqYo0xF
+ xRPuytrEo1W+nrkzNmmfYD57Dip3hg9ezSUyhBpEGv1mkPCVripSNVrceBboRH0W
+ bMgZ+Sv2sElfDpIA1IJpzPn3BNNgnqkZmt9z5JiXQckV5dvf97ITL6spsccCoJLO
+ aimJ/vNLEK/ZDJWu/h3X861BQMdL5YLg/OVVmwIDAQABAoIBAC9NotA8I2xur9jU
+ cpdGqHUxPFkgCVTSFj6xGhlaNYcPpLSTq37Y9S9YMFgAwEWIdr2fmoI5paMdLLtx
+ S5+WuPPlBkNMwE/J7BHiSheJ0yfXfp/PP9W7q4ViUrefPA30bODWHHx6teQstQIE
+ s+jD/y7j0ojakccQyUlnVifjZkjF/anNXaB6/Vo6GhNSG82HNGvB4Mwx2x8dHPWf
+ T8oChvpdF3Rn+dxhQwRtkHX5gn/iRh/FxIc6kMCSOrTk1vCLC7VjZ5efxTAWzs0Z
+ MbwI5qFqpvsqiREtaEZ2fNOo/Opyi6IGVWmOm9cdP3NBIVH4AH+333HIfoqVi+mO
+ 0/ys2OECgYEAxXXNtlVH7oOoH05uftD45TY5gwSW/pqOC0/Oxk9EMGXsYqIkOIiy
+ OHGTs8SN3+7EraCvBudvfeCn649egcj65ewQX1uhvTcuoDGuPBSAF+ml6tgDfCgR
+ vL1VoVkg8m1uLvRqzPFZeIaXXCIB7vd48QdeowlcaEzK8i9QL+0Jgk0CgYEAxsXX
+ MVGbG4I0KUoDRA/0PVozswuN3pXXuYJQh8NH8+005agOBbdG1Ebci6huru8NlRzk
+ vq6hsA9cwPKis0V2vbgxqUVx/iXQHbYOyGQnuDjrLF1lU0z5+g6SFaQGo2WTV/7H
+ 14p8pEMen3ecSIr+BWywh+XpIGwCJIxIGBNxm4cCgYA/X+HYRWLC0IqjEZ8xIIzh
+ tBedT1nO+XfhdYnd6A7woaXOuk95vZXFu9418j2+w3loaIwEYT9NXU9HsUoZyZGN
+ Pci7ckNk4VMboxZSvhmmkxznVNE5hfq7YuEa2epTJIAaneOxRzz6C+iEb33DXrX4
+ Ve8v0I9SAmOYe0r3NtK4eQKBgGgn4RQJw/INLxH3o3B1v7CqZG7MfiGFeQ3O+C27
+ qSdrQ42XmwlpuSagnw5bSuxFfWOGSWKVlUnxMtQ0EAdKPec57mPZbNsUq1H2RRbC
+ TIHe6XRM2DxnGJHsMqY+VfAm2KeCbOtHuPpF5XUAMxdcJbFn+7SqR5dioVjPXTOo
+ dJ5fAoGABnpF+2mMzoG5ZLFgAxiAl8U0D/Vk5mpmE0OSZ6nematWmAtMdLWToyzd
+ D/+hnKaApu+Ka21yam/ijX1jfU+Ux4IZziraf6bxc8r1eoSxIIjuSdvSfh1NpvoE
+ ojNmkcl0hUccgARJo3GnFNsCUokM6vzgSoK24h2TI5/DFEaLyQQ=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: apiserver-etcd
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA1DP2rGbvI5pG/ILMScRlFWlZ33v0YIv8X1AugHItpCyykSSu
+ g5EW66o5n+JPwEbtJVVYR/FvN0OM9uFcU7ZHWTGpX6qfv4icr9GW74fPyS3SZMDe
+ jvC23gmGodh7N7k8Aq0rFHNzK8B7ZA5cl9ecCs9kkJdSHuKh4DeSZupQvjBaOdCy
+ rvSkQ94Y1ABKxm9/ufKc4uAyIyLOvLxoxpYvS1CWJhYOTqr910GTIULDp6CtUG/g
+ JvFjafCLwwLgo5WbidLZoNudwhx4hgv/ZZjx1GaUGFHxKucqV20GTRNrYSwUwxEO
+ WV8TGwSFAPvZ8E0TugwgxrEdidHW+9rxTyL1+QIDAQABAoIBABctTcXqwDfNQ++U
+ gaeU8c1y4kQMj9Zzs67dXRbeYanKz/4WWZE5KZ23y+9wknFXzdMEDU5eSl1o3V6h
+ oqnqAMT3LZ6rTiNnUmXJqIik9sbsYExs3GIUXITH2ZKXyG1/p9RLAaeMLIoczd1R
+ zD8xZ3OuzzcTr/57ll6c8zqWYRdEkcl+LIk7KYtLRmfPIfhLeKHNJFYPNZhmMi8u
+ x0P/0XywOFUZ1Iw2UJUcZdGr30uvhwBszne62WuNIqibm4drIEdnC8nHiHbdl9PS
+ H3UzpOwuZc3J0cOxl4s0s5NYpyWhCQBQvBlWWBCIPvcH4pLOV5iQWPqACQHqaD3C
+ f2FLcGECgYEA7ehaU/7JBai/Zl9JImCAtzWe8pToTYevoWemY0CJzNovqZkncbRQ
+ T/8jv1FU7PtKkYaU7steuT5b6/dumQqkhVYRlxaJeoGhBJl4K6yC0NivpW5hnd7z
+ p5mdfLWNJEvI+wNEJ0NyWhFtKtC4VAIG1ps0F75bWHCHqedeM54CNYUCgYEA5Fcv
+ oJZJtIx/s0aGT9Stuxh4WrjZE52IHTBt16VpGomsXiluKMwJG7t4WVprQ8UORP2T
+ vXr/j7C/GsL8fdnLZvBT7AhzGoLbxtixwG860YWApI3FI2PdXTtn3WviUSixeR6o
+ DP47o9VvmbtI1JZVUR2zknrQ0Ploto0zYjbtnuUCgYEA1J3VLEAF06Lt+0WpDKoG
+ HrYzKUTfH3rmAW+qigVBoexUsFOJptqo8/VnMzIyneAu0kPeklL6gr8yU348P1X9
+ lpRHACpKD0wOZRfrB80S1CbzQvuVDgwU4XIuBygRzaBVK8/NdvGWHtx4Hc2PDrUI
+ +36VXarn4/AdrkByNds+yikCgYBGgHDxKVYKjBLlvJG91lHp4a1PfaFwwAQF1y0j
+ FyxziCyTSkF8ETuCt4h6NkPGQfKc9JqIN5DuwcjPr4KcLQHzf6K5zwYTGnJXXBLN
+ 8sn7ZTgKFsfWnH/9yFjScfwHyQO6/O8wS9MIS99QXRYopV4kVIJcaNVOoKNnMgO6
+ gHEvzQKBgQDtyP2cYLeaMjhq2b04zYN0mAOs4abBQgrDC/6yvI0dKgPu8gDdLFM2
+ gqD9fuZdATUI2u2dyIm8uPlJHTdgz38ZAkNMit4KX3lia8fxag/jQ//VPrjLwsuF
+ STkVL6X7kgHFHIuJOaN0o9r3pC4CoMjNkqdQ30w3B/B3RluvJCiNqQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA3PdXQhiJ5R+/VJjh7Fvtfv4D+lIPiqGJdG2RyQB0JNI2OF6u
+ Z0gjAj2R9guj3r/SLX67UyeTXeAW1IPlxvtyZJSfYXJFunTCpHUtHnCpzvsMhFpD
+ 2q9zLb3yHNmiavC31g5mog7FUox9XPaPvJrm9ZvosBNrdduGrEE6RokSbObXC2g0
+ 8s4njawK5BsSngsBm4MuSU+58t5Z3Nue1rc2SQkGzK7AhKFkUzpG9v6OCuW78Hlb
+ NWZw3pmhWK+2x9lO/RwoQm1RDz53bynnDkonqNSWj/FNRwVTapcpLaHwtoKuZCgT
+ V7ve43gLFqQJLruIRIteuEY19Gqhrp+g553OaQIDAQABAoIBAA65UJAv8GhbIDWz
+ 5kIIsh+nL36rnyt+rhka//7jz9lwRHqnHHn3XZXVondBuU6re4bajgLxfSlhOEQ6
+ 8cG7mZjIKoKkya6t/xZUVIhVu4r2QZREK4dT75nZsVtoySDVH3rdBMvBrjZc9DGQ
+ oG1R6Rfupqes85kr4qJxyj9O/PJSo8EOEynXNl9knNiXTBvxcoA+doHtJ5u8ZXi9
+ mFHqAxt8AcB4Mcr6FNJCxsvbpYUIIhKDl2lccTdCexHqWaKlyhJm96btUickvOgZ
+ WavINeSBvqPeJGA2/erphDXheBPmwbKglJOSYQt606Beysy1Vc0QuZFb1BxGEgjo
+ AkOCuP0CgYEA+NI9ujkK9GY2L7pynvCdgXVcMwQkHAE4ChgqXxKSdmYv37wNn9R+
+ gBJgLIRTJaOSmO6/E/2/hp6LKAK0PN34svA03pdP6XMMCQDAxMlQU/H9WhiTViDk
+ 3EyQc82VcTqQh+kge+TVjdE6vJKI0iWsokOwGRSuBWxWO7dCqZVWcNMCgYEA41dd
+ s6bsR+3lGwxWwEgY4j2pXslhsXinls89htgdL6XvECy2VVHwXymaUd3cvraZ8gUW
+ uodTwYaYkRzrQ7BYRb+UVc8rLRQkmADkBJll06wTX4ttqWVbm0rYn/R/SAGr0/pH
+ 1Cv4ZQLFXGXVRQQ+SxoXcG2FskFBG8C5sgAXnlMCgYEAhF3T2K1f1oRJbzqQn10B
+ bU0xrzIUw5EibrxMTidjIvlZnnw8AzrX0On1n7kFQpCx/AmGPOxQZx0Qikhl+btc
+ AlUmywNTz60USfXMluNBiGbDkJpiRv9YwJk6f2Buj73IBYVPcplZwgf8ZzTM9H52
+ SBwaIj2OFfR8K2hiXjTDt2ECgYEAjDdlZpmsn8ydgupAU0Xkex226exhIdmd28kk
+ VJfUoH/CjAJXzxXDoJ4DPT0Oml37Yyc6Vn+C7Bi83rusa0pHl3VK4wXsxlfnHg1m
+ lWObR0uZg1N2poUKVCR8qWNeYaYOOabjSHx6Lqrf2VZBjNjKJv4HuOMEE+ZlZt2e
+ aqfd6VsCgYEA4eBDJdEQaZABhGjg1VAHYrKc1wdMAm22kx0FbNygkP4OdVJ6mwjB
+ qiHz/9PDRODmjzfJvvrjYAnOV3ly24IjVAuDjdUTUG356ApvAfZZWe+4gIDQYbD2
+ nZlaBtFwq3pMDEReidsBWaD+cYtogWo0rx17ECZpmBgnoL0Xdzk9wRE=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEAx5f4HlWaQXO3kmc/fa5C2T4uhCGnH4zyrmXDtU6A0KB8TqQ+
+ Uol3qVCNaaiZ6UQ78C5D8HKUyQiNul9lu2IeUDBn8TXaaZsiONSLsRZRzwQu5faV
+ 7S460Rd5/kFHQg6hDGHc7ao5zusFgD2BmW89GfANTtwvYqZrfhMbrmPzd1KZ2hun
+ gWTP9pdohClbSzSj+HkGzFI/YmLLGYtT5WBEbo0ly+Zv/dTKcx8wgYoGSDdjxsPq
+ 6ez1jULyWCAnie49FSZywClB5TnBHiGMS9ZBkWUkEt2Y3u/E9/lw2MZZn9qh9cur
+ /QC7QzxpLTeS8goa6WGkejSU4kFQEX7ypSGObwIDAQABAoIBAQDAkt/SZMVwYTW9
+ C+E2YewdruEym0WkK1n66jTpudSPdkh5l/6JpBjQQ+gtCX92kV9DXWAvnl3vmVEl
+ gOWm5gRZWlrvYAZb3lImguxE8EP+eQrG1iPRs8kL9Jq/tjwKgBLi34lJxfQAsMGd
+ +boRUEKjw/kTHV6az/bmrYkHuWguts26yBLViK7lAZekHSDNA0EJoQMgzdEjEiYO
+ 5Cc5j5cIxBIyPoa23rwX6o/5W3af0qztjnE8VRJiTCiqweVtQrICuxDCFWLYqwKq
+ rpntQyaAfKtsm8jxdjnaNWlSOXQNdgU1Bm3TQhmURdICPSkDo3tBJYurbfdRJAO1
+ v7uReOgBAoGBAPeQSaoT49tREcr/JNxNVpUgHarLxhd1agNsrvbN8Knt1ZvnSQzW
+ h2kTLp2Q6OTz1p3F+iLRWZ+tvoq0jSlWLzVANz/qiaLE5AiCwCGwHOc77ht0RkOz
+ iqRJYaZBA6u8Km6vHDD1dBItlH04sKqVD6P24LXRkrrZLdnNAgJ/E7gdAoGBAM5l
+ MpUlXCTqP6tb3VnEt6cmNf75e6FAAMaBSgHDx+SCa8UCWDvP1LAujW7HQVMZARxJ
+ GTQZ2HVCoeYe/zwyjB5aMXOfkwjqYk6LHcUvCh1trcl9IwjwD/bmHC6T/f1ocObs
+ d+PdYTUsEkK5Y35iXnw9gzZc/4IzdZR6oMEuIhL7AoGBAKcq+XMtZymLfrZSv7M7
+ TgH448+XNjZVBLc3RpZFzgMRJLLX5M4Udu+PEmU3muwvc3aqXxPvxdM7YXUMIl4N
+ YmdU63nvh+0vgsP0doTJBVtnbot/YosIy8/P9W5sbGwk7Yo8GI8+z5gOyzwbccBe
+ U2dmp6pez/P3/ywZcQf6g3hJAoGBAMNIDKwBRUXIPaWsraqZ7gpApSYydz8Ch7lJ
+ 6vPwgdk7bSxiI4m0AtEPutHtxWkSZ3KT1zzsl1mbSgOpoGUcjmbJf7Cec0gkPA+E
+ oQ5Ii5F8jMnvlI6IVRKOdmu7qr1xbCGR6321oJvmrwBi2DhkanGy4cs2Aqr2dXGe
+ 9SrSs3qxAoGAas1h2dgSQM74dBto0+M2O6A3GsS1WtbZbYbEcXFKJWD3MQuE6Yrh
+ iqJSlb80N7jMeUIVgvNKyv6tBfvhfZh6nRNlsjBwdmo8Qa32FVsxpJKp4AE5psNh
+ aEjjPry793/0wW0udCcTDUaoL3eGztW1zvXlNwLOElaqsyVpJQn5uM0=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA3tvAtpBBiu07O2qcjGuipY2GkfrSsrG3TJnYBSs+uIrDmBsy
+ K7JXwowvUhsnrxRrqZ0QhHsByLveD2gnNzApSKXRe+KdBRxCsd8HUHqiFn9wHCpb
+ mwKWSwUKz1ab+QgkWZKuH1cJxUK8zx/F7o4gh191glqAhKgXL9eTUj3c5SguyLay
+ 5TBIa0dOjfOc3kixUJ6TXSeJ0+lMjFzal8zgysT4GvjQs2wK9k9cPDobNwsKsW2Z
+ FQw+kO39cSyhdyvLvtk4RiyG/9zMVFn54NUhJAspzq+PnM07UJB7D6ZM0XkGjk/6
+ nqUgJlNo1kR4Zo+kpy4J/mUDmMjZZ1n1sfJ8wQIDAQABAoIBAQCPFE9Z5qvt4flR
+ YFU54jD+USrAtmRnzal9SJhkWStfl9eT5IIFg+7MPOx0rnJ/+YBV2T0tkTvIALXE
+ 9n2W9RjMR4mDHC7rhQVc5W/wv4spHpB/xMIjdzm+2HHkRBrHe+66g22/OUZQm1RV
+ NnUBf8Zqo2LyWeCBStn4IVO4TXdwt3RHTSxMAJITEBYTzEj4CTeqDvhkQixcrbfB
+ f2ptrh0BGAynCiy5VO9O0dOlbC0sUgGlQtPZ7hMAKa8BRoPTRABTGNEuN3lv4FM5
+ QF6kZcmmyQjjBVP0YPIYFFOdGEy6mDZg5MB82atN8p/TwO4QTiDEPCwuTVitm7W6
+ hG2D6R4xAoGBAP+0d4/O+eMaPEkmCAWc8IAzHS6bPoTcfcHvI9VkTpAXiugEOYBc
+ uSIyyAVBPULEgmdoTI5QRc5GYPNC015NeyUTJIJ4YoEsWgtH7hrrZLK6To/A2fG/
+ YJ7QQBfrpnC/U0D20AJE9N+GT7m6SD9hkTCCgMlMyH96HrkOK/MIpSSbAoGBAN8d
+ lUrMJmTOx1uI9JdA2C53iTcU7qMwEFL13OGW7kXmOwaUI2N+rKBc6tah0XxUQ3wV
+ VlVInu8lXCbnqj+4c5FhpEfz8gjliJ/w02abqF6Q85SzF8uCtxE2/xqVaPWuF79z
+ wRZZF130D/ae/Hq4vsgj0bsw1eJoSAc+Uq+Y7oPTAoGBAPZLSKJ+9Ri3S3wVosJt
+ UQXatfAPXl+w1Xy4L+a5sCaAVq52a0Blj3kOOrU9CpnGF+ksgBjP3vz5syZ8poT9
+ 0nB6iL8W36KWKsEU7paFR0ATzdoPIp4E/TbbVfD0bSPKVZGMafzVmJu4jhBSCobq
+ HmQAP7YlPDX1VaRfrxtvp0mjAoGAYzjLwMTDOkd+/uUMKQusWBXOztEfQzFHwS0X
+ urcdZbZ6f3V3u3KFIJfR0/uIpuruTAtNJoYyMBYEQkT6QHYt5vRuU5VYCL7TIJW/
+ 3bzRhqSdvn5a0aVi9mPn1RGm6MMwSnMW5nJeYuj8BGg1zfnE1kqfpciVBafsiFQd
+ /3tabwMCgYBF6qmf8hSUuAGk4tdgleT+CRm+MkVaA49l2JUEWI0LrQg/uz/HDASa
+ JKzqvD55qrYTwVfi5sHV0UarT13HcPAd4GaY+Xk0KQsyiBgGbg7jDJUMEQfRqZql
+ 35tMywbffrFtx4igKPjXdnvIJFDX4Blz4nM3UjHUPvjRF05HDy8fxQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAylRr2g9O+zU99x4MBWLjWLf38Vrwjh+fdTGDpnx3Tw5jTWS8
+ RwAzzdDkIQ4GG8q9wiAw5usElaUVs2wre5+/XBdmT6/h8vN4SMT7QHkKdE1cEpoh
+ jxLMeDkahxcThoWVlwNj4vpAlm82pp6e23bZlEpDeqy6jOCQHH3Md7RRw9Ubkcrd
+ QnaEl6cZ4IBLMky5Q9G9wRYEAJF0ffXTmK+3UD85fGxROTiLSrUc+o1JrwaL4QLi
+ q2jbA2v9hvURQtV5WTKvH1b2zbjP0FxK4GJreNVdeW7qWS/BV06NugyqKWp+6niR
+ 19JK1n4B8jqmuhFYSHjx3UMMJN5HNRPDJW1cFQIDAQABAoIBAC58IN9TnxDGFbt9
+ 0sM2CgerFLMF8rikeU1Cl/2bIQovww7X8w3Y9Q33TUJu52ZhOSGtpa6YFlCPQiIb
+ 2w2nER8GXUI3pZDc8Si+4P7aEFXSJDI96THm3sVMUVTyL1E7xbeRVtSiLE6jtImp
+ bdP8RVb1jPVVU/Lj8RgqqtxhuFtmZOojAGA2sFC/zQGOaZvmFFM+8Fb/V9yPLT/P
+ wMaqiPxdUyqUBIjxOnETbykF1tiZAZ8lQdfNNaSB16+W8YztdavDOplzonKjGQXX
+ 8omuIy3HNnSeW0Jy9Nw0HXY7gxmXVr7gR1yWJo3+CWSVmoO7PYq3WZcJDCFCI2hD
+ D1E/aeECgYEA9pgsa+jxBYM2DcsLQjoOl8yAMrpORJuYYzj41brpn/lsNrflAVFc
+ nBlrIbyCfriRQadim8utsSI+6/53HbZXTKHvsYLhdFkBH6iQoAda2eTQvpTlGR1J
+ 7Fa+n8SPIVJVDoq00kXthFZZzoE3pmif3X6luZrg8T5JRyE+imrl5KkCgYEA0gwI
+ mEw5ignqU7lzsGaTCQL4DSCYQ2Zq3ZEBIVNSG+oXP4AtWjFP4cF383KYdMnzBDVC
+ NGRHPGqp1+OLWLrxPAORkWpd8kp1SKo4CDIGG9/XL+xUF8dhBhFCOAOV5JCEiqww
+ QFzfXchOGr5wbMBnI0M0YZ5nj1e1jEUHZt3y840CgYEAxsNn4t8TDydw9XM5MvuK
+ 8a5jkv/6wHBOR4QPhm8visPIBt75VrOXGzed08aXxL7OToY2BHALI+D/qMcmiiuE
+ eH96rbFaOqbXMgZz9JmZEFLQMx3e//xMrpRI+Iy99dTgPGVvVKIKzgWwQ7SB/78L
+ RMSlnlKJh8p11ECmoXmCrmkCgYBm1GVQyeBRZ9FD88JjVZQeEUoGgzKHrJgcqGR5
+ QCUubUe8Wq/ZO9Lznpduo2dnpYZHRRuIMp99QGqtukP5yGtZChY1rnEXsMQCMvMD
+ cBn1g3wBhh0VFxK0ubZFXdv/7ZA1o15r5AumCe3SwfCgDQFxDfGS6M2iKzpB1Xlu
+ LrJF8QKBgQDtTSB/DavOp+hXl2CyRJBc2plXGfXjSoN5kvbTyCfQPkwArJ4Kkj9r
+ mm1pgM7fJU62zwbqyaGyK+ewlenw5ZEbGft4Y4c/vqhOxMgZNwWTbdmITU0RBLDq
+ 2dtSSIRkhlYONk4IJ5PhmDVygexVJjidm0GF5HsrazmDrSOkR1xWGw==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node3
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA9Qq5Oz3BmRI4kmkFHIZoLbkf4/wF3RkiDWpYUAqaggvaXan1
+ OHLcCoFnw5v6Pjtf8U4p0n5FAUOdRA7U4ICym2poVG2UCjsySCNjSmL0DjpVn9Dj
+ 88LjQ6OTUiQlSg+wzsMIhuakD6o1Gf1UZ/F+FxtU/TMMjtKOSJD4Rpyzc0hNvBWi
+ 29+qt6lF6pBuxRE2WVr9t0wnzp+qL/Ng3R2VXu9q9EVBRoUjwJpmcvkCFS+b5va7
+ ZsvPwAQ6gO7oXOGtQE9YqRLAu7KasnHhqw+NmrJCumPW84q3ddG1M9DYvU7LNHyF
+ 7FHsMkEy/1PIWg7Edp58fny7dCzm2zZklyE5/wIDAQABAoIBAQCLTp9jyIYpiaxT
+ wBTB1L+hTt+Mcxi6S7GKQu0WBBE24ZoxKZBZmSLzbgIZuLEZdBPlUXSBUHvWbiQY
+ Lv5i64eex22soedJscGyNTwbbAonlI5dHxqY2DDvoSz9w8LXSfhQc5yDZNfcd/1c
+ WyMDPM1cQZOdpsn64EU3iAM90ZRLcrC4f/gzjhZmNS5ceZQmrIRswD07MaXgBc8s
+ XvhppkdBre+uUHkdG5oCoROoLgaUkWLzyxLBMib7cKgxiTOcEANuLaTweaHuIznJ
+ AoxxaTy4QQXY9scrU2TYXhfh45kwFc+jkpX6P5+siV3Jb5jpRHU/6QTFmbEXPDk3
+ bmXOZFlRAoGBAPWC/QhmhmS/226wH59Uh6evO3NPsXaW58sINnEpAXiD/Xzye3LG
+ n58pFoJBQH8EEgqxhTv+kWN5ptMW+UUBz4tuxKSK4LNx3LxqTtykzzr0x7ni1Bvl
+ KMEiBZ2qYde+Xe4wdNKdEEHaeYYd2JYipikDZjVEbiVjqzNksJHGczvTAoGBAP+C
+ mO9qMC9cP1GB0S3DV5VxwzxTk3vtqimmQoDbL/a1LH0kYDsM95hBTdeSBuerBrs1
+ wl2dGev+9r1o/O1gE1TFyPYClXj8db5Q9PXMbVO5NjKHTcSiNyQTfez21l0qbW/F
+ XW0cEfssHUyx5ZkjYImAHyq4ukm1HPuR2DLIscmlAoGAcpRxdwwySK7pwBzehUO0
+ E+RKQKS+0/PVtgHdNq7GivI+yaN5TbW5JVTNtnixmxXRPcBfyAIk5GIQI5AjQbt4
+ m0BU8d4GxHitZhnPOFaKiJ9Y3z4nc+VdQdWY/V5ZT5D+0X036Ft5DOLjuF4RiPAe
+ 0CFQACgxp61+ZvvlFAOkIBUCgYAUYOsntTVwoY/fRVZUqw7SOYeTySqrKLJ4re0B
+ 7/lsWNjahksyin844oR93AS293oK9mexJbWKkARH6Ra7K/1+tmOn017ujlwpuLVA
+ 4XQayFvdPdNjCnkRZIiXnLxOI/Mkhf5ElIeOm98eXdXtF9g8Pz69HoylEk/kdKZk
+ roMXjQKBgFqh/L7wI8B9pguSCp0N1FdoIjoN7gZCve3CBb4EdWaSc4llSsNJAsca
+ tG1r1V1fJR4m8naofSSXxC+chmKnwpqhoXu7CW5c1z8RE53PwKhEKALMwtU9D3+s
+ BCqEr4PL6r5h9KIjXWTqqpOFzg4bjxkDLTnsczyLJ+nQsxTWSbTV
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-genesis-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEA4n6pe6hW36zFi0Zct1HC/Enb3RdPf5kSZVDIljOb1esmZPrZ
+ geMFpFHG2j4YOkJrGWCe4YiLum/bTQBf/K6k8qYo4qXyjiPDJ0UMgs8NE5YZjczw
+ PmZH7BKuu9om73hvmxW00u2jDHHf+Zf8vWydq4wNs2/Rxz9L476ub05+K97EGYsY
+ 7HjAtA1KfHnhDnw2Pj/nsmJo4IlNSzM0gsYWRZr37haTClIK+YubIsQV86rGX0m/
+ 6Rh5j85a7A8OZFu40LtwLxg55IDPpqxqzWJyHnl4wbYSWdbO7ZCKexGiSlMjIbk8
+ 2Na7YwvE6edWTkDMDlMZ9anRgMh2+6fo6+15owIDAQABAoIBAFksu3f3WHTqZkCm
+ rFx08Ys5XTpYMjGvx+FiBAe3PBTmZ5B8f2S3SIJgvCUzK4DMo7QzKXrssu7tmW9g
+ xWoMLN9oclKCOdSi2fQ9KGbcNG7QuzDsTm6TAKA+3tMRWiEQzwhFbJNbgsWklCWG
+ JLlD6XQgSUirrvF+x1dcvPsP8Xc9mWQzvQ+VCB0EKm5BN4K8uO6bTeB7T7sbEhC7
+ hCW+Dlke0TmoCKJ1OOo/jHs6SUHEo2ajzTIPOjotp7Ny0OzsfQTXopDAD8lhte77
+ dP1D/wo8ogr6LaHjeI5iJIxLs3qknxNdStMRuxWlt4MyizMVxhjFuXBmZxrYiMpO
+ ksbrlvkCgYEA8gIC9l88RrWl1P+8uCktcaJpCCA35IrrJ7EcVHcFmXRr0UV4QEkZ
+ PU1hwoEzHXQK0mHJGTcMrej/fhvncFSaKKIcwSchVRL0diIbJXIE1iAHjyLIIT5E
+ JJWCRU+y3lRL+4WZGoBOf3eHyKooy14Tqu2h16xlOUfrwAeaoul7Rs8CgYEA75cK
+ FPdalLOVqwTA/eCXvh3vdB19SdgVzmpNbwoX0G6sdr+z60pQ8r5sjMtyTxnsHhBX
+ VJkPWruiU7B9nJ2Y4uchVWhu5ZkSNIEhfNRtA56wBG6ezaNnn02P3P26xzEl7G3l
+ /knDgzDoRL63hj/D85z3/vLsmOyPke2y1vmfVO0CgYAfeQl/lvUU0QzG/ZdCcAB7
+ 9b4pE1+RdkuMtujTR0NQKKbY6WrxGVCR+11KWVkXbH73y0XG5LTebR3E/cYEgswl
+ mqeYqwkXskZekqLrJL/iRPoWsFRMlndwNo1hjDLb3SSgikhV/Pe4dggPnal+gTaX
+ lR3mGYJ0h5juOU7v/uNMWwKBgBZAug/+dWxQTbtnoqEx5gYjc6UeRA/CwSu91dlV
+ X6bdUKlq3sQgz+nr49sj3kcYikS0kdfqq3Fq8gXB47jTLmsMupzbKUmr8PPtdnXI
+ qSNn7sNKnvdMkQhLxOvqqRltKC+QeYcnxL//n+Mar6MJcyLCVopYd78wYZlVMYIk
+ Bzd1AoGANlZtruc7w5iiQJTQO4kHWPnN9Ti9H4d9w8AihAljQtl78eUvoA3oEbXL
+ voT4lvDOJzmk7U2A/7xCeTFxe3cqaIh19EtmcP00KhfA+mM9EB0J7E36ETkNYBnG
+ 6lY74Wg/luHzY3Ey7YpB74nnrzAyT0+UtBogTRtue/4BLKVK0QA=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node1-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAvCABaQ8FGD1goT+VKV2qQNa1rUjRKxhbJngJ97aQ32MzM0Jq
+ 2hdh8D/eDOHX6AOUuASk1oqK5q7bSOIoZeF3SqrTraphRpOa1XXa35kf2fD1C1GG
+ o2Vew41HzHQHt0+X+4uFv35cS6PgUHiW3mim9pRHuEQxIAk9eYntDGtFhEs4HZpY
+ GxDZXrr+bB8CbYCiath/n5TnWLEn7s6S3x29bCiBk1mdzqFiU5nVvIIfZyxwX/fK
+ iMtkgSTx9xx7UIX9hcXI5YDRKUNkoRd4uBt2DM0GuMUwizC8AaWmCm8Xubpiwhsq
+ N/Agsyrtxz6swyXpkz2zJOwj8uueJLuLfTgaSQIDAQABAoIBACphW2/7fj5TtW0e
+ EdBb1Xr947fB6701o3MrH7O6YTCx/FrT35Z6JgolmTR1vFn8VIiQI0Jhu6D0S1pD
+ +K3a+TDNAxrgg0GPBxaHkmNE77P9YHbISviMYajULxSUHxjgyXBVoi/dm5U+uc3n
+ HLXGBbcO+Ik+c4KwEjVLKSffEq4WkDH5z8xQpQUCnJMh8DwAeFzco1i8TJUo8pDI
+ sjrU07C3y6v5ZjwBBb+zSwz7vBQkrFVfu7/qk6jk3h2Nybln+41oLPlPLCPhhlxh
+ 0d7PbhoUGDYme1sxqZrv/BWW69UCYrDtJXKZ+931M3HnECnGIXWIFyP9fPc1l/2Y
+ qdENmgECgYEA+pcoBFJMHN9oidfiJ8u/PcNW4mlXUBgrOsvtkBBR3PrpDQxhGB4K
+ OGhJWB7ayLhQmVUB0JWn3wtvgqLgTp3ijCRKLb1uNAYUCm9o7lGPKufma9csxbmz
+ P+Pdia5zZdujbbPlfTwX3TXMgKHpXBum4KTuYeQ6T2JpOmFH7VztcRECgYEAwC+l
+ Isfb8rTfbrkF7v1Lr77ukl5EKC9LvWNTQrHSNsQjtIxudjLbhS6BEBhMq18DyCor
+ tZGmi7YQT5cqxz29pMA6/hrA4pTDq4SPtOfyguG5ac5n6POG+Ra/vEV1iC9E8lzL
+ hFgrhQiwuteb4rUetcbRfZIt5SEBvqLpVAWrFbkCgYBl0OzNdLLAOHW9LB4TlVFK
+ wweWTr7PKELITPtlQXxBkSEH0DPTHMGCUb0bNM4oJ9t3sXZfTa87jOXt6kfBKZ1W
+ 25fYJdOVB7M02jeEPVcyU67nujHS1LTkDK2Ct4Ljq+4nMKTZ0YTQuH8y9JZgeku/
+ ksPYumaGwrGGqugSpWNEQQKBgQChwXhEJeNCDGpiTuhnllm1ugYiu6SyDdy5snfJ
+ ktFTtxI2TFxMr9GD7vhCC7G8K2SLfLL9R3Hd9YcU9i7TM2wC1qjQZsQh8QQfwJsT
+ sIW1Ezdzjn5220GnNTZ7yBp8XQyy0NeatHsspXvaRs61qawHYye/gOGQEI/fXE72
+ oS62QQKBgQCzHkb9Qd8Xpdq8lP1rxUjoZnCxXlkzHuYVtcvmPN0aytGavbekHQp3
+ pMxfRxjyIrZKpAFhS510decDzm7tRTDJZxUYpMTXsMxFuOKCHX/+liNboJIDCR+D
+ MgOrZYgMnJ/z5S5yBO9P2hodXZO1FFBGw2Ygx+OmjU3DDElfya7KHA==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node2-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAzgzXd83aiPW0pYxC6a0fHctGVCIFAkgXAvFL0YYMloDJXhkR
+ ZYkOQ2FcVxuN3686lJukkfw8mKZ0U+ojb1K3J7BSU0G+GaYg6OO79tWRCZ0Ofi1b
+ ppyL5uzSz9ftqgVGfoPXopZ4fhsMokbRZ1gKPq44FAhe6zZFG76ZSgPWtfqiO8bB
+ PsoTEswlcK+go0vfTz0bGp8pg0VRXxSqFqcdoO4r9QWF/l5ovgORUBjn9XV6f1Oy
+ 9JgfYH/YMn3fuQwClGNGVqHMRAqSbziOkLR5upUkJMZpLuA/5i6kEPjK6pkth9EW
+ c1Ren7eielivtjbjZlo2hXERWLjaL/tZgF9/pQIDAQABAoIBACvnOJHiXsoH8HHF
+ rQw1QwgKI/YROZf+3EhYOZtvQIdg8YcHOFm2Fj/tIsu8p0IeCBFaCHrCj/bGoMqw
+ fNRff38JZsEupN66MxDsVUSGxNyThl8EMx8RBA40L8bxb0Zm0VprpSqTfSEBinOZ
+ O00VyTkJzhEWp4LekWMT/X1zy/ACEWbywwCgPWQZnZo+rjhAw6kvzTdZfQBl/+9J
+ vj3fAoj7+9NE6VZl2z0ZjjEQPATjldnG0/4IS7q+I7AFWI8QV7/HjDogUSQhBeUn
+ /E7g50ET4OS8Ae5iuN/pDtp79PulbaLjpmYMdhy3bOmYo+xYtt+0fBxebwWcZ/Lz
+ G6iZ15ECgYEA50z2kZXwBdH8NPW0N56TC5laROjpBt+NQZvDftcPfa74HU1laKT1
+ RK5cpqmeUOtBTeFaRapiKGdKhlOwM89EFCnU7fZ6KyfgSqF4Zw1LpZBCl0oL0qN/
+ 9YhhIMufQJrkPHe+jn3CP+uWsXbbwR9kYFVOjTmh12XhwleY59l9WHsCgYEA5A2c
+ AwMQNOtTdvkImfM24qJjyFmgpIxYNhd4hRYjF/0iezLxD7jnKuZs2eH6wOQ5sn7L
+ yEdFst2/gUax8Q6mcMwZhzQlXpcaLw0TELpixsheGbZ8kvsMRCiHW3XX+TIcKzVy
+ pR0wzmJWAOhmdveucnxqHZWIxBqrbq50zWUT3l8CgYAj6varGu5/6ODSVIlczbol
+ 5fV3l/d/wr1Lv+V2z+yu5rnOyxMBUgRoWu82TkawaCfm8SS0hsXhYlDXVS2ajggT
+ XX+cSFcmVnXlAPgSgKULm8BLgAsf9ZXMShZTImuje6oPncSwmeTNSkdHXZ64eah7
+ sSOWmKmCKmcJZ9Ltxf9J+wKBgGq6T8w9D8WkaHBihfr+jy4rj4VBJOQ9Zj8SZu3p
+ +UyNxChiI90WzOEP69tgXekOJk559sbpTB40lx5aRoapM43QhxX2epK1JqTkeoq2
+ n+ml9hwUgmKLKSdwzEAqe4P9Rp+WKOxLJ/8+mD9ehC2jJrofrc3goJweWyK2dKV3
+ a4ADAoGBAK6dqRnelu38nbOBxrfSENoUoxS2+6BfP7dG3ezWmdxOXRPkiemFTZQh
+ iJ6zZ6/hIoNre26Qyt3JUGZcBgWw5upDdgeX+xS4j5a3Y6J6WDhkszdsPrVhRcym
+ y1j0l5I8TexLXUT2Jw9dTFyqoyHfZXl9LuyGRmZY/Zn/wcIPKXrr
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: kubernetes-etcd-pod10-node3-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAxtf2g6UuaUBfX/W5PqJSokh+3P5df2DwtEES0a1zW+LeSx+b
+ L6PT7dlVDRjjC6gVAxFlY2Gr4OklpqLy6+Vj4MiupLJThxcWwVLbCWxTr7bLe7pN
+ vkUEFSmWA0HudZSfeijir/v3XleTfV5ZPXx/0OXdd523D9cJ+XuN1E9FnMHZGoJ5
+ xIBz8Y9Pmnk6Ji0dTnuB6JNvP4m0p5UBzxgpLGQSEcJLQQTbs23/oWztgyc8EpBi
+ tUuchSpmP87JF/slp2EzbDOTKVv/3iuy35K1pluyjNllkG13WB4RR7MdqHnPjnxB
+ 02AOpXs6CrtybxIGMHw625OvQcxEeWinjEZLpwIDAQABAoIBAAVF8Omo1cRAysa2
+ s4TvtRVMquCddklMftWo7CDXYrnLGG4RloH67EHgg5rnUA4dFQGR0oiCLJa4WCFF
+ LQAIg0+QwuDnQcPRXu8djWWAk++S/252kF09Y1BUXAAWHYbMvDX3I5vbKMI9vFGU
+ 0PUKejFGB0uGyTYIU+Fj320D9SqlBWfw5j31POzzxYgV7z53QRGKmPDjh/3IGGPd
+ LdPkGBrBUSmZKYhuzZ2+JDs904L5pnnc6fr8Fz7LzCAlfwV1H7F86NCydtnyICKU
+ T8vGmYOAnXaMelFUQ5yjsEt07MWycpMJoHEVrUe8JXZlcBdjFdGS/ev2tN5ATg3I
+ Xo2HVqECgYEA8fM3ZKoVnvvjNiFP5PiG161/eP7jO6QwcHTgGqUmoapuk/pmR1dY
+ nGIac/4vC1nk2SXDCqNqg587Yt13xFfkC113K0tMnaHYoN/MlhlO9DS3QiOONcx8
+ g1KRq/NpfxEQ1rp6GbQWXq4KihsMolFq+OHw9uYzn1dH9zxWQGczQPkCgYEA0mPv
+ JJcbKXq5lFbF3ArQd5ebVndRNqdqCGbpriZrfak5jiixR7p9GwCk20SrXExwbGxz
+ ONup+Yp06qWP/06msZ5fh3MzB7vOeuBB5H6e45n7fvgt5Pe0IPYJwRK1aAAa3YHJ
+ q/6SGmaV7IrMyho9HbTxRLOWu9ECV4lPChGluZ8CgYEAnGg8AOkqvPHcedujCEPY
+ 94gDBbbQMnf7kFcdoFvu00eX4DVY9Pl0IPQSYbWJt+7Oz8lngnMNojTHcSv2BolC
+ tE4hgW1WA/jiT20dllKaBagmZ60Qe5rLSyGPZfce1bO0jPtTf1Y5t88OpSTDUBMN
+ 8gItgY5jBLipnxv0LgII0hECgYA8pRfK+U+YDksuKjEQc4GR536cVvpvAaT71QZo
+ 76QubbgsdShc37GuNepPViT7DwGdD0nLSu5dAv8eoCi41CgSrO8mcRt1kDo9iyUT
+ QzhzrPAksk8wYAJpOeKn58eoudcEoKPMUy40M/vlWkEbxKJ3TK/7OLUrYF0HdIn3
+ Ag0+SwKBgH/P4K0aWlYfxfybROHk9irzlr92b45MgCLd85cgxizQgI8NE4q7Rll3
+ IbEMbnbi2IeeYyz/vUxCqDWsD23wE/ZQMEaTDF910uj5ecThD/zcjenzN/r60CyJ
+ RZ4GKcENt8n/1sWRb27CH25pRVweriwSev24GQwORPiHI0FKaafH
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-anchor
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAuj2Vbh39BJgLxQevgCPbo4ARNb19vaD89hD71EujRodcTnG/
+ +UALffcFCtCe2xlwBfadXpVSPR0hh/0onoguXF+XguolweVrcecKwJ3DkSiMoeCF
+ iA4s5xRQre6+6Beip/6oKNO7D95eLrLGuyGTPeJWifIPRJiLgccxvPiEXf5XvQvr
+ sRzKjY3z8lsMP/F3QWLxhpjeoITv20SpWGfXW7geXkrJQboFGiQYC9Kavmnp/JcJ
+ jxPFighRI9Dv/wZkenF1rUz8N14wzPAZYBdswJyUls0f/FxrYFHuACfJHmGgUZps
+ usMOMzMgudDDVHucuMt16KYLmsZKv/SQR/VCywIDAQABAoIBACU7lpozKJg4hXHY
+ fX+Sq6BeRBKIVZEJlEjlUFM64+N/wDZ2izibUzDVp45n8ro+taSbjw6Pr6dEIaX8
+ OJipBQu2mKW1heLjqL1WwVGMuMJWZvcd2dQ/cT6pUw/SwRvJTd1kDd5LpgQgIpgX
+ aZ+TsMoYa9CcMe02yf0iA5GR5XScwvbm1iw9UUXeSkRSarJSGsaSU4gcyScr6g0V
+ pS42NOF82ZSA50cKGZxtrdHdugUO4BmZUMDS2hPNotRxBB95Uc48Mg6UDukfVKPP
+ b6SLG433dHWN3v2tNv/gGp/4jLYa98soxEHKs8o3EVdlQ1lc7Ub4Cayv+4mMnozr
+ pMtKmnECgYEAyQeWRa0u+6Uc/35U6tUOM+zTX8ijvLHYwomyRua3KDgjpBaK2rQB
+ m8BkL2Hp3U0mFWh9R9rmdLJ0KKiTiyBtUBcVf1Il05bBdcmnYAV057jhHqkR34VI
+ 6pvdK5teBcKLwUb8kIpltH6kJ+jzH00yPM8TQT4LvWcf5HWZT22a+rcCgYEA7Sq8
+ jdgX558FruHl3wx1qreuIFQ+zxZ44f7tgl+l6pUlW6ffRtT4wqIs0Hu6UUxbmzPm
+ 6MdzP3CJIDICuhbNk1J6PfiOka9hBiM1liUpVjubrpJwVCFVxB3YUgD/wW5dW06Z
+ 9rZEJzzYhoDwgDiE/sRf1nlpBhKqRC8xhgq0NI0CgYAVHbrnLr3UqQ9WtwpscFzB
+ j4rUcNriIzxFkvkrAWkTzHHR9pw3RNk2Zwse/wX1vPjXHtaqCZBTibsx2iNFZe6V
+ jxcu/I4En71KhhgSugABpyXedpvuAq4aFq0wu20w5bKQZsh41lDAmNzdZFbFXvJ7
+ +LRpEf9hscdj1AZ6lWTGGQKBgQCbGHmaIRjw5bOnvB7BkLpaXChJCA7TCpUe5cGY
+ osgz8jkuCUggYCIV1kyMQn2DsPWvN2/oBpa9g/CI12ulGkhx8Vvzrto9N32xr9DZ
+ UZAIzo5uyWEgA3S8/e97ISAf9PakQXC6QFOtfUL0ItokX9HJcc5iyZ7+07H5SQuP
+ 5uwV+QKBgQDGdS3i6cjRRmeKLdziCGNuSla6lAcAUddL8Gsq459LyiO0OI3DjvFo
+ BG+blPTePWl5OS+sUptM1EVk9WEigL2kmHFGTDtBCWUnG54IYie1kjWAMiXSmcl3
+ JG5Z9ry73YRsEaXzi1xQCiD3+guyv/dy/0f6sg2AWUCvliAg5wvnsQ==
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node1
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpgIBAAKCAQEA4omqWlyvaY7YJQcJeiSbRMqe9iW37gAoCy6dgVtyuc5MBFaD
+ 2L8Z1ZJD+vo3j8J0KGrmRyM/cGuF/15f3pupDTiw5rjCGzuOclZxnE00DojRxcyN
+ QNaQe4tBS9QzTpHa+wAZee85Ri736bRmTc5EjqrI/y5pot9tolp/3+yQIZeNB4CX
+ smoE8ffKhriI9/mpjVPu30DF1AasmmVMSZURHIgsEebqjBDBN2LK4XKfks9biN/U
+ 0+vhLQrAnmfE92lDGcUSzOp0jSonJ9LGyUVTyg32YpeoRtiFKNhXQ0JBQik4L+7a
+ 3WwflW6rk6S5cRimWpWlK3ptgyTWxelTZ8/N1QIDAQABAoIBAQCA0nBBOnu1tzlK
+ tRm6j56MG/0RVJmnigc7dKK0sOAosRuhS+FmHCYAwVBPJIL8CUQsx71zrqOgtkRY
+ 174ExNf5YMeYLHCVM+TpOCcbDvwPV9aSeKPKvzkiSCo1iNI0V9UC7yeNo3AabRMl
+ nySeEjICPzRViHsh15RswrH9EHVV49ptksa3Sr/2QNJDkryiGq/+udhOKF5JwEZF
+ WSfuXWtommJXc7Vkt4prwnC3N7xdGp7DcdBUSRBcM5p22fVUXyCQT+7sAjwCyuR8
+ i5Sr7zP8JUV5qL1tapc8qmjwmiL38p5c+2zncu48FiE2Tr5nlybikdLSAOA8Zwqv
+ +7O5A36BAoGBAOYLJzwD3jue6fCAHEYdfYVbGFCKKqlDwz30GXkmN4eVe6Z1tHSr
+ b5ccwmx0nS7DZXFTOU4Zc/DZwN0wXqCoZEXUWtSomQ5hrfW+F9sAbyJ0wxkUWLLg
+ QSGJ0lQkNR++wHZcT25ZQUYTmL+3LCVC9rENMU2nAAsP9lYS1RbYy3s5AoGBAPwZ
+ PwiUBWAxHXRxIWletQ8Ag9VzVWMi8ZRBBWu4JGasWZLeZtpGNE7RUBQr/Fm5W2Fx
+ rtpvcpqW6K9mT9aIooi4Elmlek/L+9rBaF9v5Ucnc+dJei1UEmzUuqH4evxLrPc+
+ d5jmGGa3aaB9X+Zf08UmwUIkT9XX1Wb16dCLArt9AoGBAKuzn3E4IeO2VT5hILlk
+ wY+L0rYqqnT0UwIm8+xtDf1xIX25VRvP6daMbMGuuLNyvIC9cYRNkzAuF7oApGCd
+ z1ofijw4KyWE2ucVH5Ei3dCF/ij1+s5oe7SgvhB3hf9PzS+K7u6aSBIaBmTyP00A
+ kkjMZARlpa6cF21fWRVYc2hhAoGBAINQPzYfrCEr1DToDMhPDa6vzPvtJIgMFpvr
+ toAincthcRMAh8CgmvSHMNghBURTOZcrWTHspVyCyNc8Ss/rwgXHI7/QY0KXdSvA
+ XLaBmYMTuNq7uklMJoDL2h8uSBmM7Z6nyjI5gHJYjUuMotxkA/IIutfSBEfWMhF8
+ fHslPZodAoGBAKAWhWrInzeDP+a0F5lme1KTi1UiDIUSnvckjPrc0oJgmo7+m3wk
+ /RDu/gVlqctdQCChNi0RCxY0eZRAC7a6jZT+Y+UvWrJEWRgWH8buLwRLOPObSXkE
+ A4iRLJSQuHcSJZ3E6BzJrKEgI7b4M4JmKe3NsLlRUg5jCF+rkQcy010Y
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node2
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAvAgnzL/fV7u2TUV9ZSyFZExIq90lAO/qRQOUamb+kK27XD5y
+ i/hyLklNd7mrCvAyTMiKyPA6pgwkRnWEEAn/7VjFx48y5QZlvEVobs15KT2H2Y+Y
+ JcqfynB6NH6yIgIZsM7op+XBGQ2esy/JiDwlYiWp7jBDxFsLdO0iRmWPpTJvqa6F
+ vkGFfOkOuOhwj5NkAN91ifd1gCqCjN3ftOUwF8YMFOglfVTrDSbaYvOPkYzHJDM5
+ guot7MHe8lDB3OsMWX1dRndloZDxXD2Kzjaiwu4o1BIGdPHNs/1wKY7wrXF2wMuo
+ tY5hHolq4jCeGBVdeIb/KivjtYfBhBQ+G+xx4QIDAQABAoIBABpEPWMRzp5P35iN
+ w4WVoZCwQ1qWyuuFmEFJzbrLZnZJfqnVI2VAMJscrFC0RBuEEFK/lPua62Z0vcCF
+ /AvNic3bH83PyDlMGnwhagRIect0B/0xXPyygH3kFn4s0K+FgZc8YC3MH5xjVa8M
+ VufMFyDNyB446c6NNV2BHs+csmNOGhTw2jObkWNJKfc1Lr9O0oK9xyE+0W2b3FWO
+ qgwmvbkI9tbPPdNEaWY8mmGjKYCtN5AqJVTE6SHjJ92fwBsVshCsZKR/c2pvXAwC
+ AOjT0tbk9Q0b40dVI1mZc8RtnpxuC87EDI9AnkLpgJl/COlVVLJk9GFo0SXSi9KC
+ XRpESEECgYEA20ThiEI87GKCkn/oJQuUxKODKczF2K4yAu8RtdyuOsRcgvF67cJU
+ q/i5cUDl7zDsbwt37ylWV/yRtj0hkkvZBnSBCOSW/vm3wO8NXyxlthrEwWt1kyWz
+ yv8qp8DCVV4Y2IHv3eB5ez/wVmUcmI8mnOijz2YTRf4VZXdI8ZW3g+kCgYEA24ez
+ QqbV5nPWjak9bE1lKtsLp5GEa3Qs2Ljr6ZApCUwtugYXYcW7aUHza10C/yXphCfI
+ pI97rbSQML0/lGCdxve8Zc5l15nRO/cEBPbUpx8CdASeHgtrrswQ5/RvWXS9+hSx
+ z5sGmDOq5/GcE9dyEKCedc2DnUd98jWAu5pimzkCgYAiMlruMk5oG3D7wiEFbgn0
+ pP+2zC3q/jfkhz5+23z8w1UeQuUGIbGs5GyfghyaMkodg29gCFVkAYsEHgKXW2bs
+ f80EAwqdl3qWB3JRbo4qWYBoHgdHPLEOrr8LTJ/CSpubYKB1PSYVF8K25qwQCvtd
+ q1ao6OWGm/rgSTtCGjR1yQKBgAE+JGqlLSLP1xAYPCvHyGHUuZ0qOritAK/9ZAB/
+ e2v9DWk3LZy1FNmEsQ8TiLfPDCJeY0ljMo0KL6LG/3wki+AbeOqOn4735PJU9KXe
+ i9eiWk4z1H1RDTwBFbtqa9Ly0TyAL32AYCouaLJFcN+/4XpsnlkGX89dHz5mxSLK
+ vfIpAoGBAMaHHBYTYSiDTfuzEbWDLsF6WKfIC4roSeg9NFfUePias4yichaT72E0
+ MCYHlfi3oIeyqxJPHr6bNAvxa5J17am4m+mzq6YcHmjkKMKnMaXI1r7taPTKv2/K
+ vhluRUGwZMxxQy6akqKzD9xRooV1bJrnEJTC4AZZ0ePFyzhf3ca3
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node3
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA0zf8Oh0BomRXALzz2UaGDITLuD3JLO4/c5rmGKaCkUX7fgGD
+ lGX4ZYJCL8L+/maeEUKd849rtih2BlyjlEgn3mbS3//8IA2bb/V0H+tb8AdnOPZG
+ wShrHQZe6tLtfjTmZ1Fj/Sc5A1/xnrqosEW6zJS8jQHSqsR7hae4GnNYUelGQxaQ
+ c42KebchQ2Wmcuv0NUUfg0cB3t1LU0ml4yeWEQ43xw3O18uUcxCuQGFwQBBwgR7+
+ 4VNQV5IgIvKKzUxEzjERuK1H+y/5TDaBavOzy6L1WnVJI7hqivC7ARIxWa11T6mZ
+ pyjHXCLj1W0IHcBTqxjOrKNQOSgP3/dZLh4UlwIDAQABAoIBAQCBco1VfFN1F/Ou
+ Ux9LaQpcf8JuvwcdT0J58lPUha/9ops4JWtjtn7ej09LAEHQ3kk/oMk27Q4BTJjQ
+ 21OxW+t7RR82Ayec6Vn66r5plY/58j+TzHOei8vhtPbVCcJdl8QhS+Nw0eoCJHnr
+ YtBhf8q0+O75qEVZPSPKzPhq1YgqYiT93IniVWgS5jtUEeB9PK5qoJT54oPYfez1
+ H7I6aMO/VkAoHOERAUDho8UdxQLWZ6ac13Lk+WB9FXMnMU0xl2ObIK/Xqk4H7sBz
+ +enJnTHJXXrndmGUXqSAc/ZsoPJICGEs1Fbjr0psiAsq6Y4xstkUbLOH/2fQeVOt
+ XDmBFc25AoGBAO5VuS1qGGCktaH9UKUqt8rvKL57mQ1jsgo8p+4enh63/S2QJUJA
+ yI0OpMpw0C26/Nzutju0WHfYyEr7ybUcXfc03z6ApKF5XLUWAzz+rp2msrh780EX
+ R/ZNSraUys/ju6aiIGXk7lukAlNEF59sBNfmkkuK7Vm4FkIcTu5c+jONAoGBAOLf
+ v0ahUNfqSsY0cDWO+E7VCO90M5aAMWIFYvxNtKJjkGcO19EqVOmiVNz8zQJt9li1
+ I6Djik78Zt93yLXa6so6I6DtloMRWy7ugAVe76nbmC7q4KLZMxoAUVZDlJEfmiK6
+ BM2MvShYCmLZcO+zVphvVFhVis0lXR1SqlfNXW2zAoGBAIT/2WJ6fjgQMju/fK1u
+ 9TmN1JLXrkVGiSglSSEcfOhvjB1M/z3FoST2Mwe1hLbATjOMEq2mqmfW1Y7ii2FB
+ /z3gh2P9reFeNFnpes0i4pafW8SPhuOf9kyAPV0+Ex+H2kPW3XV/F3SURafpq7UP
+ NnS0+palZGZY0DL8UR+7SvRRAoGBAIIHDMB1SjlFba+ldD4t/8BmtqVOqxZxyFvO
+ jIngG0wK1kNKrYSSx3HT+OFi/jiLP2pd/tqCLs3QOUGQjHc1zeUzZyIfqWjbNLB0
+ PulVHPT0B4e0VCThaTlYv0U6nFaEjzmh9Yi9RdhuhR1cVC79UP8yp1utQ00KQhDB
+ RSHncMmjAoGAH6UkdtKGlo0Iio1BF2TI5qt4wowdQ7aK+FAcVaaqpdwti1pkQtI2
+ lR8yZSDuLflieOn+Fs87eRkNsGX146UvZEvzkQh+88EDcBVRa3UG1vWwswsDzH3N
+ ngWG1+EDnm442HkNqgh+L4AdZEMc2hbdQ6yaLFR1uftJJskG2Y8Re6g=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAq0VhkYsGQEMy6UB8sGBzg8rn71OfSxk6UbQY/I3lI0CDAczC
+ HC1YZzV9La7TkCH/+0SUmoYbDqV0EYMw1WNtucoaNwJZ6CoaHCcy0PGAX/5he37+
+ jGG5VUaUpZ5LybsHk8n5EvyeqSyqTvmUk6LwLoq31FIJ5seR1w/xpMT9gLC8VB9u
+ +uXkzowsvfUHKbH5t61Hfqwv3UBMkGFyuJqspXA2uNghD1kjk0Iez8p88dkEsMqf
+ PwlIgRM2QXbVlhrd3gXG+GDcqQ+F5ipLMtsPc9yN9HbJfkQVkthiLnvubOE4qwIt
+ 1kNTywsPKgXbqIaiuQsL6qLONvzOwukDOteRLQIDAQABAoIBAEfPQUdauPY8tp3h
+ seXpqsU5T+GieAluvGsBTfCmNcqAA+2/Qiu6P3SWkrOSt5WZC9D4Qi4/yBxt9qpZ
+ DSKLG7hoKnGiBLw42tWvAbllaGPXLlwvNN77Ik/E1hJSuogMaPLoHgx96rAX0Bho
+ wIjeKkH5W3YkJ46hYl5/ituA1KEdyVk/nsstQr0GsrmHIprSQ2q3G8EEi3wk9aEc
+ OygpPnwzokbgF7NgKn9lpq4Wr3/bG59Ei+CZM1o/te6rYlGJanaCxXG4iVcBUDLi
+ Xiq5b0rbI3TvBgR8yc8pdgJl4j9bdUvLHSsPovqO3j5GkqjrrFLQedT3CWq7pkzQ
+ 2JBgaekCgYEA1Yk76WL2vGcbT/yQ+lWGF87BG0RXFqALWzdse3veqG2VmTmf27Zw
+ PrNduA69lxlzikILVMYC86YhebiMN+7Rf5Mq/B0CicpyFOzwzjbpmRwLaEchwMAB
+ Z2IbXbrl8vEyYJSzPqWjXLEDD23e98/KHkBOQ0IDpbllEnjXQwzzFV8CgYEAzVSA
+ 89HFU8xAScaI7HtuvFrlcRz7hk+OZv8EKvpI/Qftta2OjiudK5wfTMNsNb0q9OLB
+ WTgwr1e4XQ4rBW5iNMwVDvmSp3fULJHTA9vhHvN+Dy+vTXdyfXvkc+W2622xORkU
+ sm0B2DAFDCcPm8wU2Gi+KBpBvzc+LN2507ICuPMCgYBGSXnTBKQ6t6Wh2nzOKcCN
+ rZyaoRAZfmy+havLqaZMwmVvniwkYhToTpoWr6NwTQxfAgZAzTzDfneeXUSqVI3Y
+ 9FQ90D65pE2Q3b0V47VYlIacuG0/yPOtV/myDIcMRKBUch3eDR+MrydWuM+fumHJ
+ O1mHgf85WaEPR39zrpuE+QKBgGEaMnWb4ZbUhB6fnkc/xEmdLt6EV0rYOr7ooP72
+ KChJZJhDgKQpagWiqoax8G2ljTgMOGXKFfQGJvES7zN9VUIktVzEmB9MovGE8Obl
+ SBxMCHSEF4IqF+HSAmLw4sWJtYMMImaS+IlVhD2QB2ilZcJGHo92g1s7c9Lh9Kxx
+ haoTAoGAA1iEWLsD4lzqJytN6WmttfeMmfNMzBL42M8UoSTUkiUFebgiYH7oY45C
+ /ANx5zRXY1R5e+Vy8vw0K8JOxPVnhtzvNyghqUIHoO8BlCF/5F1oz5cXYKoXcL7+
+ Y9yzRYmMOlxAbQsx9vryfYo1GHX0Kl2RWdF/Bmrqwy5YpWBlztA=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node1-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEAsuAluv3HaZaha+kUoR0JEqqzA6THCLxIs0C5StGAsFmPmcxA
+ gkkGO5acOYOENsab+F1CBqNfC/Kiz3Jz3Ui3UO2gFSQkrG/fTNdHOZO2QXulHW6+
+ ugn6jdPklKcHI6wMvfIewBzoN5Q5DE5gDNsCWPwjD5aHg+ycS1SSiK985F+ddccA
+ f2TK5oxW3VD91FkKLorl4CjA5tgUgXVuGzj7IPuFldoYhryzto7/OQBvN2A26iPb
+ JtDFOeNaE/Whl9Sz959PIeu8ghXu7+9cS4bHLAlWiyUlUI97/yu/6o9jnc9cYshp
+ qk9DLeBTwroHrUZtnUv/za9VGz2ywNylm1pZbwIDAQABAoIBACiGoAW9eXBysB/C
+ runRqjyQb/5jVrSj89So1VIeJQnPQLmXjQX3hXH6rWpaYZoHZU7f0hWu7dnHHxvg
+ 0l9QGjg7ngksJyLqNa0zGO/yh1hOqxn//TYpDJsVZrRHI1bxo/Fk6ZKc+f+dlU80
+ co53EBEZDth5QjqhYMewYYKWP7V9kyqcBY2myx2bseL3mwIkk6vUktrlOEmFeCfW
+ gxucdFpkQxrg9NIEElhBwOSNTlhCWxS0zV7GhRj9zreqyGtwYLvckZVUrCmQ5RW0
+ fcXfQcM2+8M4/fIt9a+PuM6lxjCoMup2GhkEGvXLWUMCWN10zWQieYxNayzvO6mM
+ Z9JCkAECgYEA3S16pIBdX7XBWssynmutaRXCGyI2nX758vxzfSolHaHcunGBhgOg
+ gp4pdtlBUe+FLYEaFmmWpYWXX4xjUGcgo/17J0RE/8N8lZQzxCQ34qEePP66rnKX
+ 87IcKedawYkZ6+yxP8FyoyqdHYaZ9Xjf3EkZswf4xfznOhB3qzkVcLMCgYEAzwmx
+ C9RVViYxVpOcM2D0FK0OVPVBQX8UK8XbrvlcauVRCygjVgwPbUvpg0y+PKIM6QM/
+ P/ziVTreDXg8PyblgfkVlD8y2Xbs9WHpmnUnCXcubYKtwSg+kbkbByTinmJA9sKf
+ 6aYiWX9KrSjkARrJI6hWM7CgoxPzkImieMBvWlUCgYEA1HNF9dNTXYbxhmveYGuf
+ s2vx+iw/98KrBmrV6CleY3tB0VkMCBVdzXls7Ls80h5Xd2EmFNcxnCaZQ29PSkD1
+ CnCGJi6edGprNiaYHtSHVcpbiE1KNhzetnekM+AFvhcabhL6IvqHShG5v022fyKv
+ LSKOa/jBTjRiStTcjfyUCp8CgYAghd45BH7vTIqdlgyIiaduBA1nTSuWFVde1PMA
+ lo1tAV7syL5cSwK1YaJqDMkpjy9F/0uVSq1nRBsTtJqKNRsCgtVf91mOjb8FgP8I
+ U3TxaLZzX37aA+9oRtK3GZU72iVoXgRu2Lk2o+dgMjc28TU9k7kO36UsWPr+7pAG
+ NfyIDQKBgBZEUD/45yHu9Svkf5ZtjIMw3CK8/+U455LU0wlPO9wuo8BBpFqknptF
+ LSJhP4Cw78o1Im2PJ+++BgDFY6P93TCLMFB6jw58C43CTrLbdVXd3bLXp78sjgDr
+ AT1UKAgfJpCIiUMWxq0UZhYNSMfpamnv512JI3u3GTkuGzpqApjC
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node2-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEApr157EpkIvnR7cPrZffHXSZ8XSWLYem816Za9+7wVH0YFIzp
+ u/Oup855z1T062M67AZ0FMouB4rukYfjVuvkNp3ZuKLzxwgC2TA6gkS79q2kFZDU
+ /tt1ErQWF3OZGEKCFRZSP+IIrTJBKjNleN0/K8U+jXdxkGS+/HWAFjUgnhi9vEyx
+ XG0Zp8b4Xgq4ongxuZa+/4x4ZZj3Hrh1xG3d0QfbaMAJ3AXfMIpppgKqcLY54FAu
+ Xh6YC18BnooE+0lZ/9UcHdmVVRGOPIKbH93w+tkkANvzrklzmVOldatOvVZVdGZC
+ Vk3l8AT8ykA7aw0WnW+mIdHXM7ebgkKFiTZQgQIDAQABAoIBACHwl4y9Z7ym1VBs
+ fNH4qaAQYWgkaEa56TKMLiAhhtHr1Kb6N+mGJJsLsEe/p0rym9/HQIGq1cu7P+xn
+ mKLsyTtEzjiDEtQEkW/cHUy+6PPBTJEHNhPaX+46sfR8F0GU6B2auYs/WzzF6fXJ
+ GHKNtnoWYDEziu41U5rX4AalMcp8MqUnyE485U22DFOplwc/YQ4h8lWe5E1BOQu+
+ DLMh2jNb7lqzbNwT0kl8fabFsgaGO0SKMhPg7D4QURc089Owcrst5xBLe93tf7UU
+ 6l95s1SzSWQpDvM4t/D2glPJg0Z++DWTLSdtF9M/sCvqgqcLnyeCV6qSwZcK9hqX
+ 7LL9Z0ECgYEAzB/ZfY4si2aNDeWDcqsUMXJVpp5kgd7stiWfvI1XUcko+m2Uiwhu
+ odyxHX38KcUOLXpGyhze3wH77mKZvXTv3/YShR88RN3ajli7RBXVUcXN3edw1P3O
+ OM2/OWeRa1+Nc7ELZtE9s25yNYwJClxOEI/DLl9xtOGxlj/9rnaDPrUCgYEA0R1w
+ kH60Poa1O5M0ZViGTsbGRIaXnT/ekLW3nI937pHFNSNb3RluR7308r5Cqx2Q1QAR
+ tVojjIjM8hUO2VwMcDhD94S+s9hKxc723avsKo9rQzFl1yRl1ElEri311AOL9UAH
+ DuZuPqC/dvU9lx7mNOUJv759ryS5PKaiWW9jHh0CgYB+jEhT1K69BajxMpcZogJ0
+ 3UNIdu4srb3m9tBfHulBpQqopwLuZx3fb2jGtfJ9GtO9Ug9NAjUR4LMFiU9y62pD
+ WNUGfuTodPooQc5nWXnUpmMI7ZFAGtGc2cFxn0nCXYzeaqZ86b/s284mcFiyeaNU
+ FSyWNUnTMBDe63Eklgir+QKBgHZS/S2VtDGpEYV7PuuVkrGige+mZMXCrRIe8J0z
+ BP7GFtuBfWp3CFKp5p8wDxM58IjFuD9wmKrdgXH9fmB5WERrYfH9d9bVrUGOYVt+
+ +2v9qQjlO6Xn34KmTqlsMixcMWZ9a0EAHCNt28jY7ZfEESie7MxFYmKnGfV6qGSI
+ xYH1AoGACQz6U3u5IaMqcSynuSVcFpEFqvVGj8adpB8+7bNF4IrBQ+5HyX/EgOF7
+ VUuCT2QdVnnr79Bge4khX5iDVg8rDpTk2hHwz1q4s+YgnxRUHSiU9wUKfqRAB/T/
+ xpYQyZB8UCjzO4RX2JW1pqOAmexlfk+nMfVIbmj0q0sCj1HeI5c=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-etcd-pod10-node3-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEowIBAAKCAQEA3XRbVi3T64Oz7vzCrjyvNTH7gApdErHeOEVgPl32sX3CwxJR
+ XgPwehQhoGfoCYRtGBEzhED0hoinP/kWPdgKnYh4IF/G/NPV9yWRGzNdUV3tgVJc
+ dZv/FFKMOvkhJAYNqHACdf18YxuHWaAikAjIhuom1OOZQrL0ywgwgyAWUj3CAxcm
+ rrMJDXJ2plkzdgwkLNvUkyFJWLvisbDooaonSUipfUegbtOZdy6VWlBW5jkrlAu6
+ UgRolxyTfRXl4i7zBeJoKdS52ejf6vGirybwc5Ef27X89ZI49Ger37MNrU1wP3V7
+ dggX3dI3hPIJ6Y2mSehw5EkPQd0B6BpE5L2s7wIDAQABAoIBAETTNM/DzmkTtYhA
+ 5gBgu9M8hX11uxdkUDwM06yOZ20iOLWHq+IcN1C5kPnZUTQkBAPG1Mv1pAlrzw8C
+ yvbNff8Xur3VBnLtI0J8WmypugbfukDG6BVlNhGK1io94x7fAr+mkB07er0SgS5J
+ pnQ9RpUnkIn5clhYZdvz35/hCQ7lrl1MOD12SILRGu+vG9roE+px+AFIMm5gHUji
+ g1/t3cUeLiaHi09JfeyjwgBZZ4a/26bn51qK8t1VDV44Q12YLVJfvqimA+v114oB
+ JvK/3Tj5FGhfl6o8d+1sh0UGdi4g++LhoEkssgmFuTm9D+6wupFvDrFqEyfOSN2c
+ 5IfXkYECgYEA3lCI59hj+aP0noXpHdJ58dAnY62WGaUkty/f3WyZsNe+dw7vp1Br
+ mtPNVA4/u8iB8X3EbxcYEg/Je8HlhGdlfQLosBLj77A7ShGPTfldNC8Dlojvuyq8
+ dYUqu5WVCt/H/fQjLNwqUtNori2mv0y4cWWwgWeIMLvsJs5NpRj78zsCgYEA/wJ1
+ 18CbziQxQOPH0fGMYS/JH5yKvMp73/tIi0byU52hr0E5yPhWiLd3/xVsaNbV9wkp
+ jY/1nwWEBsw2MVfaA9r+VNeJELlXeH2SyLIVJe9okSXhALasT0aPVJ5oE2+3/2rs
+ 6bbc0wodFYOoeu4RnwuDWKgUq58PaiJfzWLU6d0CgYAN9lji1sBQqW9vlVFywglO
+ mpgetoQ60BhiOOuCaJOue55Gs/VxOKfJbYvzv4FZNdqTZCa2I2krmTo6P48+pY/G
+ LiyXAli2cQcIO9oYN5UW9ezvw2HrC2ASsW5hoZ9es3dIB9E9vAYcdZKZfdx/Hz5m
+ QNC5D9uJ1AOc3FAcElmgiQKBgCZkrW9VTV/k7RFy+eOu9U6wjhxXSkAQUEQxpgNq
+ JBPYuL4VGOkcEpM05DkgdZj3N3GhDIOGuBlAEFehqUsWiflooEAPz1AYR4YZid7z
+ iOGUQO8Rf+XGmvy4h93al5rNiCtJYu/xGyAe9rAFiXkwnLCQYC8Z5zrLkNuO31Oh
+ 3KJ1AoGBAJyJFMbU3ETUHUTgkp02ck9n+JlxatafcCSJd5XHseLkbWpsMSxLr8jN
+ NntobqsHoP148faV6mj1KPJzviqz9/8ZoCobGw/b8VH4hPb+VFKbQrGXNpvelAlF
+ 1RrGQ0ZBZVtoQFvRWGOGhaW6OPvWEHg4Dei68+rbY66fMX39gDzv
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: calico-node-peer
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+---
+data: |
+ -----BEGIN PUBLIC KEY-----
+ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlaGGSpuCcr1bz6NeB7a
+ as+6qWiFaVYyB3czsjSizZAWDprv2NkXwGLDDDhbBPZQ/7ufymaIZgaKOGHjifl0
+ LdfVePbvwQSs5N/mKHOrbb1t+xYkykP1Z8CdZdHEkzB6vXkWjzo2nWaCZGNQGuh4
+ SaWRpvMI3rbsJeKpe/JO95zIDWLK7QBQhVHhRCrq4QuEzDKDyp1bfia0TQkW+Qvc
+ gbOg2DOp3BYOL5rK2v4+IrZkkg6/w6y/muAQ9K0cVaBXS5PgWV5RVwgwzmz8L+gq
+ BvCtAOcAtNvQp/TRaQtLZpDfDhfk1VqT4vwZYnBFpwMFDwXhdMsUFuH0BmSlBcuA
+ EwIDAQAB
+ -----END PUBLIC KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: service-account
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/PublicKey/v1
+---
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEogIBAAKCAQEAnlaGGSpuCcr1bz6NeB7aas+6qWiFaVYyB3czsjSizZAWDprv
+ 2NkXwGLDDDhbBPZQ/7ufymaIZgaKOGHjifl0LdfVePbvwQSs5N/mKHOrbb1t+xYk
+ ykP1Z8CdZdHEkzB6vXkWjzo2nWaCZGNQGuh4SaWRpvMI3rbsJeKpe/JO95zIDWLK
+ 7QBQhVHhRCrq4QuEzDKDyp1bfia0TQkW+QvcgbOg2DOp3BYOL5rK2v4+IrZkkg6/
+ w6y/muAQ9K0cVaBXS5PgWV5RVwgwzmz8L+gqBvCtAOcAtNvQp/TRaQtLZpDfDhfk
+ 1VqT4vwZYnBFpwMFDwXhdMsUFuH0BmSlBcuAEwIDAQABAoIBADyZyws4tRLkbhlc
+ rJKL5Ha6+Ks8CMuvJMi8s7mB8cmRWw/N9vxc4n1Mj3BO5W85wviN2/OAWLYLzL0V
+ ohu9sNyW3epFQK/0VSPoGdPjqXn/5WcTK5OKfRNvog5FQeI/zMpV3O+GjT6i7Eb1
+ x8P0s40kZGGsZPmwsyMw5EM/E0ArVB3nxD88Q1bMH+GX2g9wvcTJ0YiUU2V4l2bo
+ FlerwnmdXHFEyMs6JmQy6CAacbc8jI512xGTITo4GXVP66DoNwTPDursTdyx9YdB
+ wnDNmqcbmd1yb5R9UhxoUCgOqJ82C4LcW/X1x6r+thmJ4fcWt449gNyqjVIbta8u
+ 1I3LzXkCgYEA0XIuZ8CZyfqb5lITmRf/226d7ANzWsx8hTAh8oCpy3UXPJ7HrqOx
+ SA3HGwEna000YURdF8WShOXO07EuUggHPHRiLFYs0DiuNJzUWrlN7qwW40H97jGm
+ HdNU9lP1meFhEf8kaPoAmtX8fdwWFKQQLzFQ6b+fTGei1NPHFIEQil8CgYEAwYg2
+ VdBI+7J9VFLRMmDNZFYQECzrpMJnJszPfgqlWATODcrghjo7N/J6ScooIJkA2K7C
+ l80hqVFPNtHDwOpN6so7Sh0vo4s2Nd3FPAoUk/95CMxzbRezFbMx8Lxn2x8o2n2Y
+ 0INocuye7IxyDvQ5cehkYQsU9ZMg34CgM0y0js0CgYAgD4pq92CTOnmC2C2H0dSo
+ klY6Ooz96S9mc+e+Z1OWgWX9MZD/eq84iGNiDtsp4beS7BQT/3pePY9beFPO2svA
+ xVAB2W8isIp6I0eeW59CWbVnNELao176Uc8/pbqCw61IQ/Ye26YcDYWI/peisTqI
+ /tOT9HE+EN8sFP70dI1DoQKBgCdntKiEYFffX+Vrd2zqiOeFHoAspU5Gxvn/ecAQ
+ KtphIBNu24h5EtWxaXTc1I7OmH2GF9kQy2nORHLFAzakfnjv9GKCztBd6AvPu/kd
+ lFMOEXbZKidsS+p/MgvyULMtBQR3zkWme/3qb/F6Jz8kOw4WY1nfB8V4z5iyd+v6
+ EkmBAoGAW3jvV9G2KXcTUb+X9D8OK+q2meFz8mpKVhu8uzOVAo1kihd/sZehP/rC
+ GzlJ0YSagqTaP1YOlWyxNg51LGUTgmjEpnOdcBJXR9+cKpm+nZWza7GWkhxK4pcu
+ Ve9GZBDmM+Z8rll3duOlOVzgLXBllsODiaTSdICcbsveqkxyihw=
+ -----END RSA PRIVATE KEY-----
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: service-account
+ schema: metadata/Document/v1
+ storagePolicy: cleartext
+schema: deckhand/PrivateKey/v1
diff --git a/site/intel-pod10/secrets/ingress.yaml b/site/intel-pod10/secrets/ingress.yaml
new file mode 100644
index 0000000..b799fdb
--- /dev/null
+++ b/site/intel-pod10/secrets/ingress.yaml
@@ -0,0 +1,135 @@
+---
+# Example manifest for ingress cert.
+# NEWSITE-CHANGEME: must be replaced with proper/valid set,
+# self-signed certs are not supported.
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: ingress-crt
+ schema: metadata/Document/v1
+ labels:
+ name: ingress-crt-site
+ storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+ BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
+ MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
+ ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+ ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
+ r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
+ F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
+ bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
+ eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
+ k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
+ YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
+ EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
+ gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
+ MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
+ bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
+ gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
+ aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
+ BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
+ HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
+ BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
+ WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
+ X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
+ vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
+ JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
+ ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
+ DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
+ w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
+ VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+ -----END CERTIFICATE-----
+...
+---
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: ingress-ca
+ schema: metadata/Document/v1
+ labels:
+ name: ingress-ca-site
+ storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+data: |
+ -----BEGIN CERTIFICATE-----
+ MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+ BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
+ MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+ AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
+ OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
+ o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
+ YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
+ fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
+ GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
+ T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
+ d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
+ mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
+ BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
+ AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
+ 2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
+ EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
+ zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
+ XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
+ d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
+ TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
+ XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
+ +g==
+ -----END CERTIFICATE-----
+...
+---
+metadata:
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: ingress-key
+ schema: metadata/Document/v1
+ labels:
+ name: ingress-key-site
+ storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+data: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
+ OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
+ 5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
+ 8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
+ U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
+ Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
+ MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
+ g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
+ DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
+ qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
+ qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
+ 3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
+ ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
+ Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
+ uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
+ g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
+ PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
+ +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
+ HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
+ X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
+ wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
+ GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
+ mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
+ mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
+ ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
+ E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
+ 7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
+ 1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
+ 6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
+ TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
+ QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
+ pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
+ /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
+ pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
+ dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
+ 2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
+ gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+ -----END RSA PRIVATE KEY-----
+...
diff --git a/site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml
new file mode 100644
index 0000000..e21876e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: apiserver-encryption-key-key1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
+# use head -c 32 /dev/urandom | base64
+data: n9VBwseT/JjV7r9vbUR/MvCobe01Bdh9XtWgsNF5zLY=
+...
diff --git a/site/intel-pod10/secrets/passphrases/ceph_fsid.yaml b/site/intel-pod10/secrets/passphrases/ceph_fsid.yaml
new file mode 100644
index 0000000..7201502
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ceph_fsid
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# uuidgen
+data: 7b7576f4-3358-4668-9112-100440079807
+...
diff --git a/site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml
new file mode 100644
index 0000000..9a9af1f
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ceph_swift_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml
new file mode 100644
index 0000000..0b49b62
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml
@@ -0,0 +1,13 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ipmi_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ labels:
+ name: ipmi-admin-password-site
+ storagePolicy: cleartext
+data: root
+...
diff --git a/site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml b/site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml
new file mode 100644
index 0000000..a355d8b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: luc_crypt_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...
diff --git a/site/intel-pod10/secrets/passphrases/maas-region-key.yaml b/site/intel-pod10/secrets/passphrases/maas-region-key.yaml
new file mode 100644
index 0000000..73d4a69
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/maas-region-key.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: maas-region-key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# openssl rand -hex 10
+data: 9026f6048d6a017dc913
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml
new file mode 100644
index 0000000..c5f866c
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..bb19957
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
new file mode 100644
index 0000000..9bf0217
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml
new file mode 100644
index 0000000..5122192
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..32f8dae
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_barbican_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml
new file mode 100644
index 0000000..b22f898
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..040e657
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
new file mode 100644
index 0000000..5d76ba7
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml
new file mode 100644
index 0000000..26565db
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..b1ac8ff
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_cinder_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml
new file mode 100644
index 0000000..0739069
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..57db752
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
new file mode 100644
index 0000000..d103c27
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_password.yaml
new file mode 100644
index 0000000..93ae0f2
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..496fae3
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_glance_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml
new file mode 100644
index 0000000..3352d4c
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..074e688
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
new file mode 100644
index 0000000..39f1327
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_password.yaml
new file mode 100644
index 0000000..5777ebb
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..74e2a99
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml
new file mode 100644
index 0000000..36db28b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_stack_user_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml
new file mode 100644
index 0000000..58129ef
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_heat_trustee_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml
new file mode 100644
index 0000000..7c78d45
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_horizon_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
new file mode 100644
index 0000000..78c265e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_elasticsearch_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml
new file mode 100644
index 0000000..9232de7
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_grafana_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
new file mode 100644
index 0000000..6d5f49e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_grafana_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
new file mode 100644
index 0000000..bd4e573
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_grafana_oslo_db_session_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml
new file mode 100644
index 0000000..52dbe16
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_nagios_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
new file mode 100644
index 0000000..64f78e1
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_openstack_exporter_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
new file mode 100644
index 0000000..9c68e9d
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_oslo_db_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
new file mode 100644
index 0000000..f134f46
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_oslo_db_exporter_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
new file mode 100644
index 0000000..b3df5f6
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_prometheus_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
new file mode 100644
index 0000000..9f64719
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_rgw_s3_admin_access_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: admin_access_key
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
new file mode 100644
index 0000000..3e06f91
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_rgw_s3_admin_secret_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: admin_secret_key
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
new file mode 100644
index 0000000..97c7d23
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_rgw_s3_elasticsearch_access_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: elastic_access_key
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
new file mode 100644
index 0000000..60f0134
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_rgw_s3_elasticsearch_secret_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: elastic_secret_key
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml
new file mode 100644
index 0000000..6c3f446
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml
new file mode 100644
index 0000000..2edf0f2
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_ldap_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml
new file mode 100644
index 0000000..07b2206
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..aec85c0
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
new file mode 100644
index 0000000..be716f4
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..ee7e4bd
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_keystone_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml
new file mode 100644
index 0000000..4d0b157
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..4ac42c9
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
new file mode 100644
index 0000000..6be02b9
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml
new file mode 100644
index 0000000..dd0b2b6
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..9e8ff8d
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_neutron_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
new file mode 100644
index 0000000..37d5c62
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_metadata_proxy_shared_secret
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml
new file mode 100644
index 0000000..2cd60f5
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..487bcc5
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
new file mode 100644
index 0000000..13569ba
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_password.yaml
new file mode 100644
index 0000000..4c2223d
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..7a885e6
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_nova_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml
new file mode 100644
index 0000000..11747a7
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_cache_secret_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml
new file mode 100644
index 0000000..48df9ee
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_db_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml
new file mode 100644
index 0000000..61b4144
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_db_exporter_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
new file mode 100644
index 0000000..e7d97e2
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_oslo_messaging_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_placement_password.yaml b/site/intel-pod10/secrets/passphrases/osh_placement_password.yaml
new file mode 100644
index 0000000..c72b59a
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_placement_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_placement_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..a3b5a2b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml b/site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml
new file mode 100644
index 0000000..af90ec0
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_tempest_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml b/site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml
new file mode 100644
index 0000000..8e7e839
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: sridhar_crypt_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...
diff --git a/site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml b/site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml
new file mode 100644
index 0000000..18bd485
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: tenant_ceph_fsid
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# uuidgen
+data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
+...
diff --git a/site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml b/site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml
new file mode 100644
index 0000000..6d5616b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml
@@ -0,0 +1,12 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: trevor_crypt_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+# Pass: password123
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
new file mode 100644
index 0000000..33c4125
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_airflow_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml
new file mode 100644
index 0000000..8a1d648
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_airflow_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml
new file mode 100644
index 0000000..866efcc
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_armada_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml
new file mode 100644
index 0000000..cb2da22
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_barbican_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
new file mode 100644
index 0000000..95a76ed
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_barbican_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml
new file mode 100644
index 0000000..5ee27f2
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_deckhand_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml
new file mode 100644
index 0000000..e63319b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_deckhand_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml
new file mode 100644
index 0000000..b8083b5
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_drydock_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml
new file mode 100644
index 0000000..2eff525
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_drydock_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml
new file mode 100644
index 0000000..91f74fd
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_keystone_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
new file mode 100644
index 0000000..a9cb153
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_keystone_oslo_db_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml
new file mode 100644
index 0000000..402c129
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_maas_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml
new file mode 100644
index 0000000..96ec574
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_maas_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
new file mode 100644
index 0000000..b513af4
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_openstack_exporter_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml
new file mode 100644
index 0000000..b3c1325
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_oslo_db_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml
new file mode 100644
index 0000000..95d6c0e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_oslo_messaging_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml
new file mode 100644
index 0000000..546de05
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_postgres_admin_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml
new file mode 100644
index 0000000..abdaa5b
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_postgres_exporter_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml
new file mode 100644
index 0000000..2176e71
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_postgres_replication_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml
new file mode 100644
index 0000000..ac40d1e
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_promenade_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
new file mode 100644
index 0000000..6a2aef9
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_rabbitmq_erlang_cookie
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml
new file mode 100644
index 0000000..181a52a
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_shipyard_keystone_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml
new file mode 100644
index 0000000..de0eed7
--- /dev/null
+++ b/site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/Passphrase/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_shipyard_postgres_password
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: password123
+...
diff --git a/site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml
new file mode 100644
index 0000000..36ab9b5
--- /dev/null
+++ b/site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+ schema: metadata/Document/v1
+ name: luc_ssh_public_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChnv1Yab1q0tchYZtNMG9oYb8kV8FNTcjR0rAnWqoEcQV0/yXCnp0GnfVq/l82JJ7D/D7J9rgTSTzL5zYUFoPVVO9S8UucEKquO+Pm3GJsZZLDo5bTvOaqypOiC5wU9Wl9qNrBWEQXTq6nRX96JLUfaCHgRr3b6ZkxDzCMXOQRTPnCJZU5UD5QPqY7I1dr1SuaAdpzQWFIH8Mog6HLkKQXs2nmHRHAF1OppySj7xvXtxzssmzXRSVw5ixAn8sLc7zZ7ZQg+Jx9XknV+46Pi+oSDUj1G3Zd7R5pBFny1fqfrcH1MIGgodNvdQyvvdIaGk5mB3ns5tYqLeNYVvgAN+xl root@node1
+...
diff --git a/site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml
new file mode 100644
index 0000000..26c300d
--- /dev/null
+++ b/site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+ schema: metadata/Document/v1
+ name: opnfv_ssh_public_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSQiblRR5dIEwaEUsVQ7CWNm3fJAhkwkW4afEsw3VokkVzAhB759iJZqyUvb08B/0mbn52qh6VO1ecr/XfyWiHvnm15EkxoLENw3diHK3vPy0Ce+hJWbuoy1Xy15iOCZSdXNj9PTB58BSKRruexvbn90Lh1w73fgmFw0lRy7dqJFEsLfCWZnzx9x/eC6/MO+vT7+8bbClqHH8XKF5L4g3Pt6/exyFKkzKEFYDTCpDelYynOnmzscrCAtFJ2xtLnW+3Ex4kOKpAm6D7MS/bE7k28fyxyYhT5sLy2Tp49LuOFZzFPrsh8lfVdPdV0qwnz2F4Y4iSE9rO0TwFoAV6LGOh opnfv@pod10-jump
+...
diff --git a/site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml
new file mode 100644
index 0000000..8ef987f
--- /dev/null
+++ b/site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+ schema: metadata/Document/v1
+ name: sridhar_ssh_public_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAm23hyhNJ1ewDL35DGg9agPMJ1VSI4elUKM/VMiRH0LBLfk55pJbZwmmLv6Z4E3hXPTvPxCS1j0kXqGiPLpMo6qPeK0EjYMCT6EdVFLh5yt3jWouRjG6lHG2D7Y5tjBhu/d3zKu3ZDblbbT2xIbw3OOFoK+9Bp4f42AMGY3etsNdbcRDLmXgL6Zi94okAuEf7t5HeKqXgWkk6az0EMm7v+FgHmlVHMzO9J0XpmFbYtI711PXQBCotVC/LsyYBQoQqtxZnikt6gGLooRHlrWOkhqv9ycBteqIDhh78NNVWya+L7Xj/TcQmyzuTkNdAFxwiEvMScal2oYy+TvoFdlxr sridhar@dike
+...
diff --git a/site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml
new file mode 100644
index 0000000..81de49c
--- /dev/null
+++ b/site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml
@@ -0,0 +1,11 @@
+---
+schema: deckhand/PublicKey/v1
+metadata:
+ schema: metadata/Document/v1
+ name: trevor_ssh_public_key
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChGgO/XhrpphaoFH6ZZnHOgC/y9ZDIK1hlxm+qQPsakYmYemQJXpVjeqAnyupEA//I4HQ1cXYmzvlKTN1Gj8DxPcmU1QPsvcMBeYIfwS+2JaDbFTJICEmN2pqGu9D55tY1NDx4kqxRTzcvIy3HaIx6m6DshhIe83hPFXdhzk2ScVNfX6EvMevLESbJWNHIKe60md/TEUI7sYZjk8Zi4qcVtEzxioMd8sCWEHdAjNYkCJVEgHZyaqzoAJrTXeAsQFvc6np1CLlkj6QytAmPXLDB5p+NJb1W6zQOz74tSV2oQVP8xTjWRw8FgHSZMwilgiEzyPQQkVf4q/u1UtGHqupf tcooper1@tcooper1-desk.amr.corp.intel.com
+...
diff --git a/site/intel-pod10/site-definition.yaml b/site/intel-pod10/site-definition.yaml
new file mode 100644
index 0000000..2c24965
--- /dev/null
+++ b/site/intel-pod10/site-definition.yaml
@@ -0,0 +1,17 @@
+---
+schema: pegleg/SiteDefinition/v1
+metadata:
+ schema: metadata/Document/v1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ name: intel-pod10
+ storagePolicy: cleartext
+data:
+ site_type: cntt
+
+ repositories:
+ global:
+ revision: v1.4
+ url: https://opendev.org/airship/treasuremap.git
+...
diff --git a/site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml
new file mode 100644
index 0000000..505f6c1
--- /dev/null
+++ b/site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml
@@ -0,0 +1,127 @@
+---
+# The purpose of this file is to build the list of calico etcd nodes and the
+# calico etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-calico-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-calico-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which calico etcd will run and will need certs. It is assumed
+ # that Airship sites will have 3 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[0].hostname
+ dest:
+ path: .values.nodes[1].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[1].hostname
+ dest:
+ path: .values.nodes[2].name
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis hostname - pod10-node1
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod10-node1
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod10-node1
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod10-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod10-node1-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+
+ # master node 1 hostname - pod10-node2
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod10-node2
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod10-node2
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod10-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod10-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.key
+
+ # master node 2 hostname - pod10-node3
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod10-node3
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod10-node3
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: calico-etcd-pod10-node3-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: calico-etcd-pod10-node3-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.key
+
+data: {}
+...
diff --git a/site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml
new file mode 100644
index 0000000..abc1498
--- /dev/null
+++ b/site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml
@@ -0,0 +1,131 @@
+---
+# The purpose of this file is to build the list of k8s etcd nodes and the
+# k8s etcd certs for those nodes in the environment.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: kubernetes-etcd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: kubernetes-etcd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ # Generate a list of control plane nodes (i.e. genesis node + master node
+ # list) on which k8s etcd will run and will need certs. It is assumed
+ # that Airship sites will have 3 control plane nodes, so this should not need to
+ # change for a new site.
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .genesis.hostname
+ dest:
+ path: .values.nodes[0].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[0].hostname
+ dest:
+ path: .values.nodes[1].name
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .masters[1].hostname
+ dest:
+ path: .values.nodes[2].name
+
+ # Certificate substitutions for the node names assembled on the above list.
+ # NEWSITE-CHANGEME: Per above, the number of substitutions should not need
+ # to change with a standard Airship deployment. However, the names of each
+ # deckhand certficiate should be updated with the correct hostnames for your
+ # environment. The ordering is important (Genesis is index 0, then master
+ # nodes in the order they are specified in common-addresses).
+
+ # Genesis Exception*
+ # *NOTE: This is an exception in that `genesis` is not the hostname of the
+ # genesis node, but `genesis` is reference here in the certificate names
+ # because of certain Promenade assumptions that may be addressed in the
+ # future. Therefore `genesis` is used instead of `pod10-node1` here.
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis
+ path: .
+ dest:
+ path: .values.nodes[0].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-genesis-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-genesis-peer
+ path: .
+ dest:
+ path: .values.nodes[0].tls.peer.key
+
+ # master node 1 hostname - pod10-node2
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod10-node2
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod10-node2
+ path: .
+ dest:
+ path: .values.nodes[1].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod10-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod10-node2-peer
+ path: .
+ dest:
+ path: .values.nodes[1].tls.peer.key
+
+ # master node 2 hostname - pod10-node3
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod10-node3
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod10-node3
+ path: .
+ dest:
+ path: .values.nodes[2].tls.client.key
+ - src:
+ schema: deckhand/Certificate/v1
+ name: kubernetes-etcd-pod10-node3-peer
+ path: .
+ dest:
+ path: .values.nodes[2].tls.peer.cert
+ - src:
+ schema: deckhand/CertificateKey/v1
+ name: kubernetes-etcd-pod10-node3-peer
+ path: $
+ dest:
+ path: .values.nodes[2].tls.peer.key
+
+data: {}
+...
diff --git a/site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml
new file mode 100644
index 0000000..ef0a42e
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml
@@ -0,0 +1,34 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: elasticsearch
+ labels:
+ name: elasticsearch-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: elasticsearch-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ master: 2
+ data: 1
+ client: 2
+ storage:
+ requests:
+ storage: 20Gi
+ conf:
+ elasticsearch:
+ env:
+ java_opts:
+ client: "-Xms2048m -Xmx2048m"
+ data: "-Xms2048m -Xmx2048m"
+ master: "-Xms2048m -Xmx2048m"
+...
diff --git a/site/intel-pod10/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod10/software/charts/osh-infra/fluentbit.yaml
new file mode 100644
index 0000000..5d2f287
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/fluentbit.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluentbit
+ labels:
+ name: fluentbit-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: fluentbit-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ fluentd: 1
+...
diff --git a/site/intel-pod10/software/charts/osh-infra/fluentd.yaml b/site/intel-pod10/software/charts/osh-infra/fluentd.yaml
new file mode 100644
index 0000000..3652a3e
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/fluentd.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluentd
+ labels:
+ name: fluentd-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: fluentd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ fluentd: 1
+...
diff --git a/site/intel-pod10/software/charts/osh-infra/grafana.yaml b/site/intel-pod10/software/charts/osh-infra/grafana.yaml
new file mode 100644
index 0000000..b35614f
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/grafana.yaml
@@ -0,0 +1,23 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: grafana
+ labels:
+ name: grafana-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: grafana-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ grafana: 1
+...
diff --git a/site/intel-pod10/software/charts/osh-infra/ingress.yaml b/site/intel-pod10/software/charts/osh-infra/ingress.yaml
new file mode 100644
index 0000000..d449881
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/ingress.yaml
@@ -0,0 +1,24 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: osh-infra-ingress-controller
+ labels:
+ name: osh-infra-ingress-controller-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: osh-infra-ingress-controller-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ ingress: 1
+ error_page: 1
+...
diff --git a/site/intel-pod10/software/charts/osh-infra/mariadb.yaml b/site/intel-pod10/software/charts/osh-infra/mariadb.yaml
new file mode 100644
index 0000000..335d4e9
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/mariadb.yaml
@@ -0,0 +1,24 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: osh-infra-mariadb
+ labels:
+ name: osh-infra-mariadb-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: osh-infra-mariadb-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ server: 1
+ ingress: 1
+...
diff --git a/site/intel-pod10/software/charts/osh-infra/prometheus.yaml b/site/intel-pod10/software/charts/osh-infra/prometheus.yaml
new file mode 100644
index 0000000..d00e96a
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh-infra/prometheus.yaml
@@ -0,0 +1,35 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: prometheus
+ labels:
+ name: prometheus-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: prometheus-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ prometheus: 1
+ resources:
+ enabled: true
+ prometheus:
+ limits:
+ memory: "4Gi"
+ cpu: "2000m"
+ requests:
+ memory: "2Gi"
+ cpu: "1000m"
+ storage:
+ requests:
+ storage: 20Gi
+...
diff --git a/site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml
new file mode 100644
index 0000000..85ec726
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: libvirt
+ replacement: true
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: libvirt-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ network:
+ backend:
+ - openvswitch
+ # - sriov
+...
diff --git a/site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml
new file mode 100644
index 0000000..38e3cd3
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml
@@ -0,0 +1,72 @@
+---
+# This file defines hardware-specific settings for neutron. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. logical network interface names
+# 2. physical device mappigns
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: neutron
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: neutron-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ wait:
+ timeout: 1800
+ test:
+ timeout: 900
+ # values:
+ # labels:
+ # sriov:
+ # node_selector_key: sriov
+ # node_selector_value: enabled
+ # pod:
+ # security_context:
+ # neutron_sriov_agent:
+ # pod:
+ # runAsUser: 42424
+ # container:
+ # neutron_sriov_agent_init:
+ # privileged: true
+ # runAsUser: 0
+ # readOnlyRootFilesystem: false
+ # neutron_sriov_agent:
+ # readOnlyRootFilesystem: true
+ # privileged: true
+ # network:
+ # interface:
+ # sriov:
+ # - device: eno4
+ # num_vfs: 32
+ # promisc: false
+ # backend:
+ # - openvswitch
+ # - sriov
+ # conf:
+ # plugins:
+ # ml2_conf:
+ # ml2:
+ # mechanism_drivers: l2population,openvswitch,sriovnicswitch
+ # ml2_type_vlan:
+ # ## NOTE: Must have at least 1 sriov network defined
+ # network_vlan_ranges: external,sriovnet1:100:4000
+ # sriov_agent:
+ # securitygroup:
+ # firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+ # sriov_nic:
+ # ## NOTE: Must have at least 1 sriov network to physical device
+ # ## mapping, otherwise sriov agent readiness check
+ # ## will fail.
+ # physical_device_mappings: sriovnet1:eno4
+ # exclude_devices: ""
+...
diff --git a/site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644
index 0000000..e64738c
--- /dev/null
+++ b/site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml
@@ -0,0 +1,46 @@
+---
+# This file defines hardware-specific settings for nova. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
+# changes.
+# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
+# slotting changes.
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: nova
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: nova-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: drydock/HardwareProfile/v1
+ name: intel-pod10
+ path: .cpu_sets.kvm
+ dest:
+ path: .values.conf.nova.DEFAULT.vcpu_pin_set
+data:
+ values:
+ network:
+ backend:
+ - openvswitch
+ # - sriov
+ conf:
+ nova:
+ filter_scheduler:
+ available_filters: "nova.scheduler.filters.all_filters"
+ enabled_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter"
+ pci:
+ alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}'
+ passthrough_whitelist: |
+ [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}]
+...
diff --git a/site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644
index 0000000..eb921b8
--- /dev/null
+++ b/site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml
@@ -0,0 +1,26 @@
+---
+# The purpose of this file is to define environment-specific parameters for ceph
+# client update
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client-update
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-update-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
+ # your HW matches this site's HW. Verify for your environment.
+ # 8 OSDs per node x 3 nodes = 24
+ osd: 3
+...
diff --git a/site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644
index 0000000..e1e8ecf
--- /dev/null
+++ b/site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml
@@ -0,0 +1,100 @@
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
+ # change if your deployment HW matches this site's HW.
+ osd: 1
+ spec:
+ # RBD pool
+ - name: rbd
+ application: rbd
+ replication: 1
+ percent_total_data: 40
+ - name: cephfs_metadata
+ application: cephfs
+ replication: 1
+ percent_total_data: 5
+ - name: cephfs_data
+ application: cephfs
+ replication: 1
+ percent_total_data: 10
+ # RadosGW pools
+ - name: .rgw.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.control
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.data.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.gc
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.intent-log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.meta
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.usage
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.keys
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.email
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.swift
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.uid
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.extra
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.index
+ application: rgw
+ replication: 1
+ percent_total_data: 3
+ - name: default.rgw.buckets.data
+ application: rgw
+ replication: 1
+ percent_total_data: 34.8
+...
diff --git a/site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml
new file mode 100644
index 0000000..25297d9
--- /dev/null
+++ b/site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml
@@ -0,0 +1,30 @@
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ storage:
+ osd:
+ - data:
+ type: directory
+ location: /var/lib/ceph/osd/osd-one
+ journal:
+ type: directory
+ location: /var/lib/ceph/journal/osd-one
+...
diff --git a/site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml
new file mode 100644
index 0000000..c60f25c
--- /dev/null
+++ b/site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml
@@ -0,0 +1,83 @@
+---
+# The purpose of this file is to define site-specific parameters to the
+# UAM-lite portion of the divingbell chart:
+# 1. User accounts to create on bare metal
+# 2. SSH public key for operationg system access to the bare metal
+# 3. Passwords for operating system access via iDrac/iLo console. SSH password-
+# based auth is disabled.
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-divingbell
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-divingbell-global
+ actions:
+ - method: merge
+ path: .
+ labels:
+ name: ucp-divingbell-site
+ storagePolicy: cleartext
+ substitutions:
+ - dest:
+ path: .values.conf.uamlite.users[0].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: opnfv_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[1].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: sridhar_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[1].user_crypt_passwd
+ src:
+ schema: deckhand/Passphrase/v1
+ name: sridhar_crypt_password
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[2].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: trevor_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[2].user_crypt_passwd
+ src:
+ schema: deckhand/Passphrase/v1
+ name: trevor_crypt_password
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[3].user_sshkeys[0]
+ src:
+ schema: deckhand/PublicKey/v1
+ name: luc_ssh_public_key
+ path: .
+ - dest:
+ path: .values.conf.uamlite.users[3].user_crypt_passwd
+ src:
+ schema: deckhand/Passphrase/v1
+ name: luc_crypt_password
+ path: .
+data:
+ values:
+ conf:
+ uamlite:
+ users:
+ - user_name: opnfv
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: sridhar
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: trevor
+ user_sudo: true
+ user_sshkeys: []
+ - user_name: luc
+ user_sudo: true
+ user_sshkeys: []
+...
diff --git a/site/intel-pod10/software/config/common-software-config.yaml b/site/intel-pod10/software/config/common-software-config.yaml
new file mode 100644
index 0000000..cc56f4b
--- /dev/null
+++ b/site/intel-pod10/software/config/common-software-config.yaml
@@ -0,0 +1,16 @@
+---
+# The purpose of this file is to define site-specific common software config
+# paramters.
+schema: pegleg/CommonSoftwareConfig/v1
+metadata:
+ schema: metadata/Document/v1
+ name: common-software-config
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ osh:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: intel-pod10
+...
diff --git a/site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml
new file mode 100644
index 0000000..2f7b3c1
--- /dev/null
+++ b/site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml
@@ -0,0 +1,70 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: elasticsearch
+ labels:
+ name: elasticsearch-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: elasticsearch-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ client: 3
+ resources:
+ enabled: true
+ apache_proxy:
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ requests:
+ memory: "0"
+ cpu: "0"
+ client:
+ requests:
+ memory: "4Gi"
+ cpu: "1000m"
+ limits:
+ memory: "8Gi"
+ cpu: "2000m"
+ master:
+ requests:
+ memory: "4Gi"
+ cpu: "1000m"
+ limits:
+ memory: "8Gi"
+ cpu: "2000m"
+ data:
+ requests:
+ memory: "4Gi"
+ cpu: "1000m"
+ limits:
+ memory: "8Gi"
+ cpu: "2000m"
+ prometheus_elasticsearch_exporter:
+ requests:
+ memory: "0"
+ cpu: "0"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+
+ storage:
+ requests:
+ storage: 10Gi
+ conf:
+ elasticsearch:
+ env:
+ java_opts:
+ client: "-Xms2048m -Xmx2048m"
+ data: "-Xms2048m -Xmx2048m"
+ master: "-Xms2048m -Xmx2048m"
+...
diff --git a/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml
new file mode 100644
index 0000000..1620f26
--- /dev/null
+++ b/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml
@@ -0,0 +1,18 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluentbit
+ labels:
+ name: fluentbit-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: fluentbit-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
diff --git a/site/intel-pod17/software/charts/osh-infra/fluentd.yaml b/site/intel-pod17/software/charts/osh-infra/fluentd.yaml
new file mode 100644
index 0000000..0032414
--- /dev/null
+++ b/site/intel-pod17/software/charts/osh-infra/fluentd.yaml
@@ -0,0 +1,18 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluentd
+ labels:
+ name: fluentd-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: fluentd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
diff --git a/site/intel-pod17/software/charts/osh-infra/prometheus.yaml b/site/intel-pod17/software/charts/osh-infra/prometheus.yaml
new file mode 100644
index 0000000..c4cd4bf
--- /dev/null
+++ b/site/intel-pod17/software/charts/osh-infra/prometheus.yaml
@@ -0,0 +1,33 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: prometheus
+ labels:
+ name: prometheus-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: prometheus-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ resources:
+ enabled: true
+ prometheus:
+ limits:
+ memory: "4Gi"
+ cpu: "2000m"
+ requests:
+ memory: "2Gi"
+ cpu: "1000m"
+ storage:
+ requests:
+ storage: 10Gi
+...
diff --git a/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml
new file mode 100644
index 0000000..f7092cd
--- /dev/null
+++ b/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: libvirt
+ replacement: true
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: libvirt-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ network:
+ backend:
+ - openvswitch
+ - sriov
+...
diff --git a/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml
new file mode 100644
index 0000000..6cced90
--- /dev/null
+++ b/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml
@@ -0,0 +1,72 @@
+---
+# This file defines hardware-specific settings for neutron. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. logical network interface names
+# 2. physical device mappigns
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: neutron
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: neutron-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ wait:
+ timeout: 1800
+ test:
+ timeout: 900
+ values:
+ labels:
+ sriov:
+ node_selector_key: sriov
+ node_selector_value: enabled
+ pod:
+ security_context:
+ neutron_sriov_agent:
+ pod:
+ runAsUser: 42424
+ container:
+ neutron_sriov_agent_init:
+ privileged: true
+ runAsUser: 0
+ readOnlyRootFilesystem: false
+ neutron_sriov_agent:
+ readOnlyRootFilesystem: true
+ privileged: true
+ network:
+ interface:
+ sriov:
+ - device: ens785f1
+ num_vfs: 32
+ promisc: false
+ backend:
+ - openvswitch
+ - sriov
+ conf:
+ plugins:
+ ml2_conf:
+ ml2:
+ mechanism_drivers: l2population,openvswitch,sriovnicswitch
+ ml2_type_vlan:
+ ## NOTE: Must have at least 1 sriov network defined
+ network_vlan_ranges: external,sriovnet1:100:4000
+ sriov_agent:
+ securitygroup:
+ firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+ sriov_nic:
+ ## NOTE: Must have at least 1 sriov network to physical device
+ ## mapping, otherwise sriov agent readiness check
+ ## will fail.
+ physical_device_mappings: sriovnet1:ens785f1
+ exclude_devices: ""
+...
diff --git a/site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644
index 0000000..b730f0d
--- /dev/null
+++ b/site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml
@@ -0,0 +1,46 @@
+---
+# This file defines hardware-specific settings for nova. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
+# changes.
+# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
+# slotting changes.
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: nova
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: nova-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: drydock/HardwareProfile/v1
+ name: intel-s2600wt
+ path: .cpu_sets.kvm
+ dest:
+ path: .values.conf.nova.DEFAULT.vcpu_pin_set
+data:
+ values:
+ network:
+ backend:
+ - openvswitch
+ - sriov
+ conf:
+ nova:
+ filter_scheduler:
+ available_filters: "nova.scheduler.filters.all_filters"
+ enabled_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter"
+ pci:
+ alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}'
+ passthrough_whitelist: |
+ [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}]
+...
diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644
index 0000000..eb921b8
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml
@@ -0,0 +1,26 @@
+---
+# The purpose of this file is to define environment-specific parameters for ceph
+# client update
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client-update
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-update-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
+ # your HW matches this site's HW. Verify for your environment.
+ # 8 OSDs per node x 3 nodes = 24
+ osd: 3
+...
diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644
index 0000000..e1e8ecf
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml
@@ -0,0 +1,100 @@
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
+ # change if your deployment HW matches this site's HW.
+ osd: 1
+ spec:
+ # RBD pool
+ - name: rbd
+ application: rbd
+ replication: 1
+ percent_total_data: 40
+ - name: cephfs_metadata
+ application: cephfs
+ replication: 1
+ percent_total_data: 5
+ - name: cephfs_data
+ application: cephfs
+ replication: 1
+ percent_total_data: 10
+ # RadosGW pools
+ - name: .rgw.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.control
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.data.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.gc
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.intent-log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.meta
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.usage
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.keys
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.email
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.swift
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.uid
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.extra
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.index
+ application: rgw
+ replication: 1
+ percent_total_data: 3
+ - name: default.rgw.buckets.data
+ application: rgw
+ replication: 1
+ percent_total_data: 34.8
+...
diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
new file mode 100644
index 0000000..25297d9
--- /dev/null
+++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml
@@ -0,0 +1,30 @@
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ storage:
+ osd:
+ - data:
+ type: directory
+ location: /var/lib/ceph/osd/osd-one
+ journal:
+ type: directory
+ location: /var/lib/ceph/journal/osd-one
+...
diff --git a/site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml
new file mode 100644
index 0000000..2f7b3c1
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml
@@ -0,0 +1,70 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: elasticsearch
+ labels:
+ name: elasticsearch-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: elasticsearch-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ replicas:
+ client: 3
+ resources:
+ enabled: true
+ apache_proxy:
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ requests:
+ memory: "0"
+ cpu: "0"
+ client:
+ requests:
+ memory: "4Gi"
+ cpu: "1000m"
+ limits:
+ memory: "8Gi"
+ cpu: "2000m"
+ master:
+ requests:
+ memory: "4Gi"
+ cpu: "1000m"
+ limits:
+ memory: "8Gi"
+ cpu: "2000m"
+ data:
+ requests:
+ memory: "4Gi"
+ cpu: "1000m"
+ limits:
+ memory: "8Gi"
+ cpu: "2000m"
+ prometheus_elasticsearch_exporter:
+ requests:
+ memory: "0"
+ cpu: "0"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+
+ storage:
+ requests:
+ storage: 10Gi
+ conf:
+ elasticsearch:
+ env:
+ java_opts:
+ client: "-Xms2048m -Xmx2048m"
+ data: "-Xms2048m -Xmx2048m"
+ master: "-Xms2048m -Xmx2048m"
+...
diff --git a/site/intel-pod18/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod18/software/charts/osh-infra/fluentbit.yaml
new file mode 100644
index 0000000..1620f26
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh-infra/fluentbit.yaml
@@ -0,0 +1,18 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluentbit
+ labels:
+ name: fluentbit-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: fluentbit-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
diff --git a/site/intel-pod18/software/charts/osh-infra/fluentd.yaml b/site/intel-pod18/software/charts/osh-infra/fluentd.yaml
new file mode 100644
index 0000000..0032414
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh-infra/fluentd.yaml
@@ -0,0 +1,18 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: fluentd
+ labels:
+ name: fluentd-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ hosttype: fluentd-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data: {}
+...
diff --git a/site/intel-pod18/software/charts/osh-infra/prometheus.yaml b/site/intel-pod18/software/charts/osh-infra/prometheus.yaml
new file mode 100644
index 0000000..c4cd4bf
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh-infra/prometheus.yaml
@@ -0,0 +1,33 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: prometheus
+ labels:
+ name: prometheus-type
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: prometheus-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ pod:
+ resources:
+ enabled: true
+ prometheus:
+ limits:
+ memory: "4Gi"
+ cpu: "2000m"
+ requests:
+ memory: "2Gi"
+ cpu: "1000m"
+ storage:
+ requests:
+ storage: 10Gi
+...
diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml
new file mode 100644
index 0000000..f7092cd
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml
@@ -0,0 +1,22 @@
+---
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: libvirt
+ replacement: true
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: libvirt-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ network:
+ backend:
+ - openvswitch
+ - sriov
+...
diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml
new file mode 100644
index 0000000..6cced90
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml
@@ -0,0 +1,72 @@
+---
+# This file defines hardware-specific settings for neutron. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. logical network interface names
+# 2. physical device mappigns
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ replacement: true
+ name: neutron
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: neutron-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ wait:
+ timeout: 1800
+ test:
+ timeout: 900
+ values:
+ labels:
+ sriov:
+ node_selector_key: sriov
+ node_selector_value: enabled
+ pod:
+ security_context:
+ neutron_sriov_agent:
+ pod:
+ runAsUser: 42424
+ container:
+ neutron_sriov_agent_init:
+ privileged: true
+ runAsUser: 0
+ readOnlyRootFilesystem: false
+ neutron_sriov_agent:
+ readOnlyRootFilesystem: true
+ privileged: true
+ network:
+ interface:
+ sriov:
+ - device: ens785f1
+ num_vfs: 32
+ promisc: false
+ backend:
+ - openvswitch
+ - sriov
+ conf:
+ plugins:
+ ml2_conf:
+ ml2:
+ mechanism_drivers: l2population,openvswitch,sriovnicswitch
+ ml2_type_vlan:
+ ## NOTE: Must have at least 1 sriov network defined
+ network_vlan_ranges: external,sriovnet1:100:4000
+ sriov_agent:
+ securitygroup:
+ firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+ sriov_nic:
+ ## NOTE: Must have at least 1 sriov network to physical device
+ ## mapping, otherwise sriov agent readiness check
+ ## will fail.
+ physical_device_mappings: sriovnet1:ens785f1
+ exclude_devices: ""
+...
diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644
index 0000000..b730f0d
--- /dev/null
+++ b/site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml
@@ -0,0 +1,46 @@
+---
+# This file defines hardware-specific settings for nova. If you use the same
+# hardware profile as this environment, you should not need to change this file.
+# Otherwise, you should review the settings here and adjust for your hardware.
+# In particular:
+# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware
+# changes.
+# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC
+# slotting changes.
+# TODO: Should move to global layer and become tied to the hardware profile
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: nova
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: nova-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: drydock/HardwareProfile/v1
+ name: intel-s2600wt
+ path: .cpu_sets.kvm
+ dest:
+ path: .values.conf.nova.DEFAULT.vcpu_pin_set
+data:
+ values:
+ network:
+ backend:
+ - openvswitch
+ - sriov
+ conf:
+ nova:
+ filter_scheduler:
+ available_filters: "nova.scheduler.filters.all_filters"
+ enabled_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter"
+ pci:
+ alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}'
+ passthrough_whitelist: |
+ [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}]
+...
diff --git a/site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644
index 0000000..eb921b8
--- /dev/null
+++ b/site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml
@@ -0,0 +1,26 @@
+---
+# The purpose of this file is to define environment-specific parameters for ceph
+# client update
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client-update
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-update-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if
+ # your HW matches this site's HW. Verify for your environment.
+ # 8 OSDs per node x 3 nodes = 24
+ osd: 3
+...
diff --git a/site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644
index 0000000..e1e8ecf
--- /dev/null
+++ b/site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml
@@ -0,0 +1,100 @@
+---
+# The purpose of this file is to define envrionment-specific parameters for the
+# ceph client
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-client
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-client-global
+ actions:
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ pool:
+ target:
+ # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to
+ # change if your deployment HW matches this site's HW.
+ osd: 1
+ spec:
+ # RBD pool
+ - name: rbd
+ application: rbd
+ replication: 1
+ percent_total_data: 40
+ - name: cephfs_metadata
+ application: cephfs
+ replication: 1
+ percent_total_data: 5
+ - name: cephfs_data
+ application: cephfs
+ replication: 1
+ percent_total_data: 10
+ # RadosGW pools
+ - name: .rgw.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.control
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.data.root
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.gc
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.intent-log
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.meta
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.usage
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.keys
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.email
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.swift
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.users.uid
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.extra
+ application: rgw
+ replication: 1
+ percent_total_data: 0.1
+ - name: default.rgw.buckets.index
+ application: rgw
+ replication: 1
+ percent_total_data: 3
+ - name: default.rgw.buckets.data
+ application: rgw
+ replication: 1
+ percent_total_data: 34.8
+...
diff --git a/site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml
new file mode 100644
index 0000000..25297d9
--- /dev/null
+++ b/site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml
@@ -0,0 +1,30 @@
+---
+# The purpose of this file is to define environment-specific parameters for
+# ceph-osd
+schema: armada/Chart/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp-ceph-osd
+ layeringDefinition:
+ abstract: false
+ layer: site
+ parentSelector:
+ name: ucp-ceph-osd-global
+ actions:
+ - method: replace
+ path: .values.conf.storage.osd
+ - method: merge
+ path: .
+ storagePolicy: cleartext
+data:
+ values:
+ conf:
+ storage:
+ osd:
+ - data:
+ type: directory
+ location: /var/lib/ceph/osd/osd-one
+ journal:
+ type: directory
+ location: /var/lib/ceph/journal/osd-one
+...