From 799182f0c40730e41253dc5c861857d219291c3b Mon Sep 17 00:00:00 2001 From: "Sridhar K. N. Rao" Date: Fri, 18 Oct 2019 14:35:14 +0530 Subject: Site definition for Intel Pod-10 This patch adds site definition for Intel Pod-10. Updated publickeys of luc and trevor Updated site-definition Updated divingbell Modifying common parts - FOR TESTING ONLY - Will be removed Trying with only 1 disk (bootdisk) Trying with 2 disks - /dev/sda as bootdisk, /dev/sdb as datadisk Change ceph config from directory to /dev/sdb (OSD-data only) Change ceph config from directory to /dev/sdb (OSD-Journl too) Reduce footprint of osh-infra (reduce disk pressure) Move ceph to site specific manifests Fix pod10 host/hardware profiles to be site local Fix Nova/Neutron parts to be site local Fix glance cirros image pull Fix type to site layer names for moved files Rename pod10 hardware/host profiles Move ceph fully to /dev/sdb Disable SR-IOV configuration Optimize disk storage for Nova VMs (use root disk or 3T) Signed-off-by: Sridhar K. N. Rao Change-Id: I2160e56744917510d4627cefca32031904188f77 --- site/intel-pod10/baremetal/nodes.yaml | 193 ++ site/intel-pod10/networks/common-addresses.yaml | 164 ++ site/intel-pod10/networks/physical/networks.yaml | 327 +++ site/intel-pod10/pki/pki-catalog.yaml | 289 +++ .../intel-pod10/profiles/hardware/intel-pod10.yaml | 105 + site/intel-pod10/profiles/host/cp-intel-pod10.yaml | 105 + site/intel-pod10/profiles/host/dp-intel-pod10.yaml | 112 + site/intel-pod10/profiles/region.yaml | 60 + .../secrets/certificates/certificates.yaml | 2456 ++++++++++++++++++++ site/intel-pod10/secrets/ingress.yaml | 135 ++ .../passphrases/apiserver-encryption-key-key1.yaml | 13 + .../intel-pod10/secrets/passphrases/ceph_fsid.yaml | 12 + .../passphrases/ceph_swift_keystone_password.yaml | 11 + .../secrets/passphrases/ipmi_admin_password.yaml | 13 + .../secrets/passphrases/luc_crypt_password.yaml | 12 + .../secrets/passphrases/maas-region-key.yaml | 12 + .../passphrases/osh_barbican_oslo_db_password.yaml | 11 + ...osh_barbican_oslo_messaging_admin_password.yaml | 11 + .../osh_barbican_oslo_messaging_password.yaml | 11 + .../secrets/passphrases/osh_barbican_password.yaml | 11 + .../osh_barbican_rabbitmq_erlang_cookie.yaml | 11 + .../passphrases/osh_cinder_oslo_db_password.yaml | 11 + .../osh_cinder_oslo_messaging_admin_password.yaml | 11 + .../osh_cinder_oslo_messaging_password.yaml | 11 + .../secrets/passphrases/osh_cinder_password.yaml | 11 + .../osh_cinder_rabbitmq_erlang_cookie.yaml | 11 + .../passphrases/osh_glance_oslo_db_password.yaml | 11 + .../osh_glance_oslo_messaging_admin_password.yaml | 11 + .../osh_glance_oslo_messaging_password.yaml | 11 + .../secrets/passphrases/osh_glance_password.yaml | 11 + .../osh_glance_rabbitmq_erlang_cookie.yaml | 11 + .../passphrases/osh_heat_oslo_db_password.yaml | 11 + .../osh_heat_oslo_messaging_admin_password.yaml | 11 + .../osh_heat_oslo_messaging_password.yaml | 11 + .../secrets/passphrases/osh_heat_password.yaml | 11 + .../osh_heat_rabbitmq_erlang_cookie.yaml | 11 + .../passphrases/osh_heat_stack_user_password.yaml | 11 + .../passphrases/osh_heat_trustee_password.yaml | 11 + .../passphrases/osh_horizon_oslo_db_password.yaml | 11 + .../osh_infra_elasticsearch_admin_password.yaml | 11 + .../osh_infra_grafana_admin_password.yaml | 11 + .../osh_infra_grafana_oslo_db_password.yaml | 11 + ...osh_infra_grafana_oslo_db_session_password.yaml | 11 + .../osh_infra_nagios_admin_password.yaml | 11 + .../osh_infra_openstack_exporter_password.yaml | 11 + .../osh_infra_oslo_db_admin_password.yaml | 11 + .../osh_infra_oslo_db_exporter_password.yaml | 11 + .../osh_infra_prometheus_admin_password.yaml | 11 + .../osh_infra_rgw_s3_admin_access_key.yaml | 11 + .../osh_infra_rgw_s3_admin_secret_key.yaml | 11 + .../osh_infra_rgw_s3_elasticsearch_access_key.yaml | 11 + .../osh_infra_rgw_s3_elasticsearch_secret_key.yaml | 11 + .../passphrases/osh_keystone_admin_password.yaml | 11 + .../passphrases/osh_keystone_ldap_password.yaml | 11 + .../passphrases/osh_keystone_oslo_db_password.yaml | 11 + ...osh_keystone_oslo_messaging_admin_password.yaml | 11 + .../osh_keystone_oslo_messaging_password.yaml | 11 + .../osh_keystone_rabbitmq_erlang_cookie.yaml | 11 + .../passphrases/osh_neutron_oslo_db_password.yaml | 11 + .../osh_neutron_oslo_messaging_admin_password.yaml | 11 + .../osh_neutron_oslo_messaging_password.yaml | 11 + .../secrets/passphrases/osh_neutron_password.yaml | 11 + .../osh_neutron_rabbitmq_erlang_cookie.yaml | 11 + .../osh_nova_metadata_proxy_shared_secret.yaml | 11 + .../passphrases/osh_nova_oslo_db_password.yaml | 11 + .../osh_nova_oslo_messaging_admin_password.yaml | 11 + .../osh_nova_oslo_messaging_password.yaml | 11 + .../secrets/passphrases/osh_nova_password.yaml | 11 + .../osh_nova_rabbitmq_erlang_cookie.yaml | 11 + .../passphrases/osh_oslo_cache_secret_key.yaml | 11 + .../passphrases/osh_oslo_db_admin_password.yaml | 11 + .../passphrases/osh_oslo_db_exporter_password.yaml | 11 + .../osh_oslo_messaging_admin_password.yaml | 11 + .../passphrases/osh_placement_password.yaml | 11 + .../passphrases/osh_rabbitmq_erlang_cookie.yaml | 11 + .../secrets/passphrases/osh_tempest_password.yaml | 11 + .../passphrases/sridhar_crypt_password.yaml | 12 + .../secrets/passphrases/tenant_ceph_fsid.yaml | 12 + .../secrets/passphrases/trevor_crypt_password.yaml | 12 + .../ucp_airflow_oslo_messaging_password.yaml | 11 + .../passphrases/ucp_airflow_postgres_password.yaml | 11 + .../passphrases/ucp_armada_keystone_password.yaml | 11 + .../ucp_barbican_keystone_password.yaml | 11 + .../passphrases/ucp_barbican_oslo_db_password.yaml | 11 + .../ucp_deckhand_keystone_password.yaml | 11 + .../ucp_deckhand_postgres_password.yaml | 11 + .../passphrases/ucp_drydock_keystone_password.yaml | 11 + .../passphrases/ucp_drydock_postgres_password.yaml | 11 + .../passphrases/ucp_keystone_admin_password.yaml | 11 + .../passphrases/ucp_keystone_oslo_db_password.yaml | 11 + .../passphrases/ucp_maas_admin_password.yaml | 11 + .../passphrases/ucp_maas_postgres_password.yaml | 11 + .../ucp_openstack_exporter_keystone_password.yaml | 11 + .../passphrases/ucp_oslo_db_admin_password.yaml | 11 + .../passphrases/ucp_oslo_messaging_password.yaml | 11 + .../passphrases/ucp_postgres_admin_password.yaml | 11 + .../ucp_postgres_exporter_password.yaml | 11 + .../ucp_postgres_replication_password.yaml | 11 + .../ucp_promenade_keystone_password.yaml | 11 + .../passphrases/ucp_rabbitmq_erlang_cookie.yaml | 11 + .../ucp_shipyard_keystone_password.yaml | 11 + .../ucp_shipyard_postgres_password.yaml | 11 + .../secrets/publickey/luc_ssh_public_key.yaml | 11 + .../secrets/publickey/opnfv_ssh_public_key.yaml | 11 + .../secrets/publickey/sridhar_ssh_public_key.yaml | 11 + .../secrets/publickey/trevor_ssh_public_key.yaml | 11 + site/intel-pod10/site-definition.yaml | 17 + .../kubernetes/container-networking/etcd.yaml | 127 + .../software/charts/kubernetes/etcd/etcd.yaml | 131 ++ .../software/charts/osh-infra/elasticsearch.yaml | 34 + .../software/charts/osh-infra/fluentbit.yaml | 22 + .../software/charts/osh-infra/fluentd.yaml | 22 + .../software/charts/osh-infra/grafana.yaml | 23 + .../software/charts/osh-infra/ingress.yaml | 24 + .../software/charts/osh-infra/mariadb.yaml | 24 + .../software/charts/osh-infra/prometheus.yaml | 35 + .../charts/osh/openstack-compute-kit/libvirt.yaml | 22 + .../charts/osh/openstack-compute-kit/neutron.yaml | 72 + .../charts/osh/openstack-compute-kit/nova.yaml | 46 + .../charts/ucp/ceph/ceph-client-update.yaml | 26 + .../software/charts/ucp/ceph/ceph-client.yaml | 100 + .../software/charts/ucp/ceph/ceph-osd.yaml | 30 + .../software/charts/ucp/divingbell/divingbell.yaml | 83 + .../software/config/common-software-config.yaml | 16 + .../software/charts/osh-infra/elasticsearch.yaml | 70 + .../software/charts/osh-infra/fluentbit.yaml | 18 + .../software/charts/osh-infra/fluentd.yaml | 18 + .../software/charts/osh-infra/prometheus.yaml | 33 + .../charts/osh/openstack-compute-kit/libvirt.yaml | 22 + .../charts/osh/openstack-compute-kit/neutron.yaml | 72 + .../charts/osh/openstack-compute-kit/nova.yaml | 46 + .../charts/ucp/ceph/ceph-client-update.yaml | 26 + .../software/charts/ucp/ceph/ceph-client.yaml | 100 + .../software/charts/ucp/ceph/ceph-osd.yaml | 30 + .../software/charts/osh-infra/elasticsearch.yaml | 70 + .../software/charts/osh-infra/fluentbit.yaml | 18 + .../software/charts/osh-infra/fluentd.yaml | 18 + .../software/charts/osh-infra/prometheus.yaml | 33 + .../charts/osh/openstack-compute-kit/libvirt.yaml | 22 + .../charts/osh/openstack-compute-kit/neutron.yaml | 72 + .../charts/osh/openstack-compute-kit/nova.yaml | 46 + .../charts/ucp/ceph/ceph-client-update.yaml | 26 + .../software/charts/ucp/ceph/ceph-client.yaml | 100 + .../software/charts/ucp/ceph/ceph-osd.yaml | 30 + tools/files/heat-public-net-deployment-pod10.yaml | 70 + tools/pod10prep.sh | 7 + .../software/charts/osh-infra/elasticsearch.yaml | 70 - type/cntt/software/charts/osh-infra/fluentbit.yaml | 18 - type/cntt/software/charts/osh-infra/fluentd.yaml | 18 - .../cntt/software/charts/osh-infra/prometheus.yaml | 33 - .../charts/osh/openstack-compute-kit/libvirt.yaml | 22 - .../charts/osh/openstack-compute-kit/neutron.yaml | 72 - .../charts/osh/openstack-compute-kit/nova.yaml | 46 - .../charts/osh/openstack-glance/glance.yaml | 49 + .../charts/ucp/ceph/ceph-client-update.yaml | 26 - .../cntt/software/charts/ucp/ceph/ceph-client.yaml | 100 - type/cntt/software/charts/ucp/ceph/ceph-osd.yaml | 30 - 157 files changed, 6862 insertions(+), 435 deletions(-) create mode 100644 site/intel-pod10/baremetal/nodes.yaml create mode 100644 site/intel-pod10/networks/common-addresses.yaml create mode 100644 site/intel-pod10/networks/physical/networks.yaml create mode 100644 site/intel-pod10/pki/pki-catalog.yaml create mode 100644 site/intel-pod10/profiles/hardware/intel-pod10.yaml create mode 100644 site/intel-pod10/profiles/host/cp-intel-pod10.yaml create mode 100644 site/intel-pod10/profiles/host/dp-intel-pod10.yaml create mode 100644 site/intel-pod10/profiles/region.yaml create mode 100644 site/intel-pod10/secrets/certificates/certificates.yaml create mode 100644 site/intel-pod10/secrets/ingress.yaml create mode 100644 site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ceph_fsid.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/maas-region-key.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_glance_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_heat_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_nova_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_placement_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml create mode 100644 site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml create mode 100644 site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml create mode 100644 site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml create mode 100644 site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml create mode 100644 site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml create mode 100644 site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml create mode 100644 site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml create mode 100644 site/intel-pod10/site-definition.yaml create mode 100644 site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml create mode 100644 site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml create mode 100644 site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml create mode 100644 site/intel-pod10/software/charts/osh-infra/fluentbit.yaml create mode 100644 site/intel-pod10/software/charts/osh-infra/fluentd.yaml create mode 100644 site/intel-pod10/software/charts/osh-infra/grafana.yaml create mode 100644 site/intel-pod10/software/charts/osh-infra/ingress.yaml create mode 100644 site/intel-pod10/software/charts/osh-infra/mariadb.yaml create mode 100644 site/intel-pod10/software/charts/osh-infra/prometheus.yaml create mode 100644 site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml create mode 100644 site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml create mode 100644 site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml create mode 100644 site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml create mode 100644 site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml create mode 100644 site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml create mode 100644 site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml create mode 100644 site/intel-pod10/software/config/common-software-config.yaml create mode 100644 site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml create mode 100644 site/intel-pod17/software/charts/osh-infra/fluentbit.yaml create mode 100644 site/intel-pod17/software/charts/osh-infra/fluentd.yaml create mode 100644 site/intel-pod17/software/charts/osh-infra/prometheus.yaml create mode 100644 site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml create mode 100644 site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml create mode 100644 site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml create mode 100644 site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml create mode 100644 site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml create mode 100644 site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml create mode 100644 site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml create mode 100644 site/intel-pod18/software/charts/osh-infra/fluentbit.yaml create mode 100644 site/intel-pod18/software/charts/osh-infra/fluentd.yaml create mode 100644 site/intel-pod18/software/charts/osh-infra/prometheus.yaml create mode 100644 site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml create mode 100644 site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml create mode 100644 site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml create mode 100644 site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml create mode 100644 site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml create mode 100644 site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml create mode 100644 tools/files/heat-public-net-deployment-pod10.yaml create mode 100755 tools/pod10prep.sh delete mode 100644 type/cntt/software/charts/osh-infra/elasticsearch.yaml delete mode 100644 type/cntt/software/charts/osh-infra/fluentbit.yaml delete mode 100644 type/cntt/software/charts/osh-infra/fluentd.yaml delete mode 100644 type/cntt/software/charts/osh-infra/prometheus.yaml delete mode 100644 type/cntt/software/charts/osh/openstack-compute-kit/libvirt.yaml delete mode 100644 type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml delete mode 100644 type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml create mode 100644 type/cntt/software/charts/osh/openstack-glance/glance.yaml delete mode 100644 type/cntt/software/charts/ucp/ceph/ceph-client-update.yaml delete mode 100644 type/cntt/software/charts/ucp/ceph/ceph-client.yaml delete mode 100644 type/cntt/software/charts/ucp/ceph/ceph-osd.yaml diff --git a/site/intel-pod10/baremetal/nodes.yaml b/site/intel-pod10/baremetal/nodes.yaml new file mode 100644 index 0000000..009a0c4 --- /dev/null +++ b/site/intel-pod10/baremetal/nodes.yaml @@ -0,0 +1,193 @@ +--- +# Drydock BaremetalNode resources for a specific rack are stored in this file. +# +# NOTE: For new sites, you should complete the networks/physical/networks.yaml +# file before working on this file. +# +# In this file, you should make the number of `drydock/BaremetalNode/v1` +# resources equal the number of bare metal nodes you have, either by deleting +# excess BaremetalNode definitions (if there are too many), or by copying and +# pasting the last BaremetalNode in the file until you have the correct number +# of baremetal nodes (if there are too few). +# +# Then in each file, address all additional NEWSITE-CHANGEME markers to update +# the data in these files with the right values for your new site. +# +# *NOTE: The Genesis node is counted as one of the control plane nodes. Note +# that the Genesis node does not appear on this bare metal list, because the +# procedure to reprovision the Genesis host with MaaS has not yet been +# implemented. Therefore there will be only two bare metal nodes in this file +# with the 'masters' tag, as the genesis roles are assigned in a different +# place (type/cntt/profiles/genesis.yaml). +# +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: Replace with the hostname of the first node in the rack, + # after (excluding) genesis. + name: pod10-node2 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The IPv4 address assigned to each logical network on this + # node. In the reference Airship deployment, this is all logical Networks defined + # in networks/physical/networks.yaml. IP addresses are manually assigned, by-hand. + # (what could possibly go wrong!) The instructions differ for each logical + # network, which are laid out below. + addressing: + # The iDrac/iLo IP of the node. It's important that this match up with the + # node's hostname above, so that the rack number and node position encoded + # in the hostname are accurate and matching the node that IPMI operations + # will be performed against (for poweron, poweroff, PXE boot to wipe disk or + # reconfigure identity, etc - very important to get right for these reasons). + # These addresses should already be assigned to nodes racked and stacked in + # the environment; these are not addresses which MaaS assigns. + - network: oob + address: 10.10.100.12 + # The IP of the node on the DMZ network. Refer to the static IP range + # defined for the Admin network in networks/physical/networks.yaml. + - network: dmz + address: 10.10.100.22 + # The IP of the node on the Admin network. Refer to the static IP range + # defined for the Admin network in networks/physical/networks.yaml. + # This network is used for PXE bootstrapping of the bare-metal servers. + - network: admin + address: 10.10.101.22 + # The IP of the node on the Private network. Refer to the static IP range + # defined for the Private network in networks/physical/networks.yaml. + - network: private + address: 10.10.102.22 + # The IP of the node on the Storage network. Refer to the static IP range + # defined for the Storage network in networks/physical/networks.yaml. + - network: storage + address: 10.10.103.22 + # The IP of the node on the Management network. Refer to the static IP range + # defined for the Management network in networks/physical/networks.yaml. + - network: management + address: 10.10.104.22 + # NEWSITE-CHANGEME: Set the host profile for the node. + # Note that there are different host profiles depending if this is a control + # plane vs data plane node, and different profiles that map to different types + # hardware. Select the host profile that matches up to your type of + # hardware and function. E.g., the r720 here refers to Dell R720 hardware, the + # 'cp' refers to a control plane profile. Refer to profiles/host/ for the list + # of available host profiles specific to this site (otherwise, you may find + # a general set of host profiles at the "type" or "global" layers/folders. + # If you have hardware that is not on this list of profiles, you may need to + # create a new host profile for that hardware. + host_profile: cp-intel-pod10 + metadata: + tags: + # NEWSITE-CHANGEME: See previous comment. Apply 'masters' tag for control + # plane node, and 'workers' tag for data plane hosts. + - 'masters' + # NEWSITE-CHANGEME: Refer to site engineering package or other supporting + # documentation for the specific rack name. This should be a rack name that + # is meaningful to data center personnel (i.e. a rack they could locate if + # you gave them this rack designation). + rack: pod10-rack +... +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: The next node's hostname + name: pod10-node3 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The next node's IPv4 addressing + addressing: + - network: oob + address: 10.10.100.13 + - network: dmz + address: 10.10.100.23 + - network: admin + address: 10.10.101.23 + - network: private + address: 10.10.102.23 + - network: storage + address: 10.10.103.23 + - network: management + address: 10.10.104.23 + # NEWSITE-CHANGEME: The next node's host profile + host_profile: cp-intel-pod10 + metadata: + # NEWSITE-CHANGEME: The next node's rack designation + rack: pod10-rack + # NEWSITE-CHANGEME: The next node's role desigatnion + tags: + - 'masters' +... +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: The next node's hostname + name: pod10-node4 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The next node's IPv4 addressing + addressing: + - network: oob + address: 10.10.100.14 + - network: dmz + address: 10.10.100.24 + - network: admin + address: 10.10.101.24 + - network: private + address: 10.10.102.24 + - network: storage + address: 10.10.103.24 + - network: management + address: 10.10.104.24 + # NEWSITE-CHANGEME: The next node's host profile + host_profile: dp-intel-pod10 + metadata: + # NEWSITE-CHANGEME: The next node's rack designation + rack: pod10-rack + # NEWSITE-CHANGEME: The next node's role desigatnion + tags: + - 'workers' +... +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: The next node's hostname + name: pod10-node5 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The next node's IPv4 addressing + addressing: + - network: oob + address: 10.10.100.15 + - network: dmz + address: 10.10.100.25 + - network: admin + address: 10.10.101.25 + - network: private + address: 10.10.102.25 + - network: storage + address: 10.10.103.25 + - network: management + address: 10.10.104.25 + # NEWSITE-CHANGEME: The next node's host profile + host_profile: dp-intel-pod10 + metadata: + # NEWSITE-CHANGEME: The next node's rack designation + rack: pod10-rack + # NEWSITE-CHANGEME: The next node's role desigatnion + tags: + - 'workers' +... diff --git a/site/intel-pod10/networks/common-addresses.yaml b/site/intel-pod10/networks/common-addresses.yaml new file mode 100644 index 0000000..183cf91 --- /dev/null +++ b/site/intel-pod10/networks/common-addresses.yaml @@ -0,0 +1,164 @@ +--- +# The purpose of this file is to define network related paramters that are +# referenced (substituted) elsewhere in the manifests for this site. +# +schema: pegleg/CommonAddresses/v1 +metadata: + schema: metadata/Document/v1 + name: common-addresses + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + calico: + # NEWSITE-CHANGEME: The interface that Calico will use. Update if your + # logical interface name or Calico VLAN have changed from the reference + # site design. + # This should be whichever interface (or bond) and VLAN number specified in + # networks/physical/networks.yaml for the Calico network. + # E.g. you would set "interface=ens785f0" as shown here. + ip_autodetection_method: interface=eno3 + etcd: + # The etcd service IP address. + # This address must be within data.kubernetes.service_cidr range + service_ip: 10.96.232.136 + + # NEWSITE-CHANGEME: Update virtual IPs to be used for deployment. + # These IPs are imporant and tied to FQDN/DNS registration for the site, see more at + # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#register-dns-names + vip: + # Used for accessing Airship/OpenStack APIs (ingress of kube-system) + # The address is selected from DMZ network specified in + # networks/physical/networks.yaml + ingress_vip: '10.10.100.100/32' + # Used for bare-metal deployment (PXE boot, fetching Drydock bootactions) + # The address is selected from Admin network specified in + # networks/physical/networks.yaml + maas_vip: '10.10.101.100/32' + + dns: + # Kubernetes cluster domain. Do not change. This is internal to the cluster. + cluster_domain: cluster.local + # DNS service ip + service_ip: 10.96.0.10 + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 + # Repeat the same values as above, but formatted as a common separated + # string + upstream_servers_joined: 8.8.8.8,8.8.4.4 + # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point) + # Choose FQDN according to the ingress/public FQDN naming conventions at + # the top of this document. + ingress_domain: intel-pod10.opnfv.org + + genesis: + # NEWSITE-CHANGEME: Update with the hostname for the node which will take on + # the Genesis role. Refer to the hostname naming stardards in + # networks/physical/networks.yaml + # NOTE: Ensure that the genesis node is manually configured with this + # hostname before running `genesis.sh` on the node, see + # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#genesis-node + hostname: pod10-node1 + # NEWSITE-CHANGEME: Address defined for Calico network in + # networks/physical/networks.yaml + ip: 10.10.102.21 + + bootstrap: + # NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in + # networks/physical/networks.yaml + ip: 10.10.101.21 + + kubernetes: + # K8s API service IP + api_service_ip: 10.96.0.1 + # etcd service IP + etcd_service_ip: 10.96.0.2 + # k8s pod CIDR (network which pod traffic will traverse) + pod_cidr: 10.97.0.0/16 + # k8s service CIDR (network which k8s API traffic will traverse) + service_cidr: 10.96.0.0/16 + # misc k8s port settings + apiserver_port: 6443 + haproxy_port: 6553 + service_node_port_range: 30000-32767 + + # etcd port settings + etcd: + container_port: 2379 + haproxy_port: 2378 + + # NEWSITE-CHANGEME: A list of nodes (excluding Genesis) which act as the + # control plane servers. Ensure that this matches the nodes with the 'masters' + # tags applied in baremetal/nodes.yaml + masters: + - hostname: pod10-node2 + - hostname: pod10-node3 + + # NEWSITE-CHANGEME: Environment proxy information. + # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section + # should be commented out. + # However if you are in a lab that requires proxy, ensure that these proxy + # settings are correct and reachable in your environment; otherwise update + # them with the correct values for your environment. + proxy: + http: "" + https: "" + no_proxy: [] + + node_ports: + drydock_api: 30000 + maas_api: 30001 + + ntp: + # comma separated NTP server list. Verify that these upstream NTP servers are + # reachable in your environment; otherwise update them with the correct + # values for your environment. + servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org' + + # An example for Openstack Helm Infra LDAP + ldap: + # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is + # relevant for your type of deployment (test vs prod values, etc). + base_url: 'ldap.example.com' + # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI + url: 'ldap://ldap.example.com' + # NEWSITE-CHANGEME: Update to the correct expression relevant for this + # deployment (test vs prod values, etc) + auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com + # NEWSITE-CHANGEME: Update to the correct AD group that contains the users + # relevant for this deployment (test users vs prod users/values, etc) + common_name: test + # NEWSITE-CHANGEME: Update to the correct subdomain for your type of + # deployment (test vs prod values, etc) + subdomain: test + # NEWSITE-CHANGEME: Update to the correct domain for your type of + # deployment (test vs prod values, etc) + domain: example + + storage: + ceph: + # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR + # used for the Storage network in networks/physical/networks.yaml + public_cidr: '10.10.103.0/24' + cluster_cidr: '10.10.103.0/24' + + neutron: + # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the interface name and + # VLAN number are consistent with what's defined for the Private network in + # networks/physical/networks.yaml + tunnel_device: 'eno3' + # Interface for the OpenStack external network. Ensure the interface name is + # consistent with the interface and VLAN assigned to the Public network in + # networks/physical/networks.yaml + external_iface: 'eno4.1103' + + openvswitch: + # Interface for the OpenStack external network. Ensure the interface name is + # consistent with the interface and VLAN assigned to the Public network in + # networks/physical/networks.yaml + external_iface: 'eno4.1103' +... diff --git a/site/intel-pod10/networks/physical/networks.yaml b/site/intel-pod10/networks/physical/networks.yaml new file mode 100644 index 0000000..ac2509e --- /dev/null +++ b/site/intel-pod10/networks/physical/networks.yaml @@ -0,0 +1,327 @@ +--- +# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1 +# devices) and Networks (i.e. layer 3 configurations). +# +# The following is reference configuration for Intel hosted POD10 +# https://wiki.opnfv.org/display/pharos/Intel+POD10 +# +--------+------------+-----------------------------------+----------+----------+----------------+ +# | | | | | | | +# +--------+------------+-----------------------------------+----------+----------+----------------+ +# |IF0 1G | dmz | OoB & OAM (default route) | VLAN 100 | untagged | 10.10.100.0/24 | +# |IF1 1G | admin | PXE boot network | VLAN 101 | untagged | 10.10.101.0/24 | +# |IF2 10G | private | Underlay calico and ovs overlay | VLAN 102 | untagged | 10.10.102.0/24 | +# | | management | Management (unused for now) | VLAN 104 | tagged | 10.10.104.0/24 | +# |IF3 10G | storage | Storage network | VLAN 103 | untagged | 10.10.103.0/24 | +# | | public | Public network for VMs | VLAN 1103 | tagged | 10.10.105.0/24 | +# +--------+------------+-----------------------------------+----------+----------+----------------+ +# +# For standard Airship deployments, you should not need to modify the number of +# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should +# need editing. +# +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # MaaS doesnt own this network like it does the others, + # so the noconfig label is specified. + labels: + noconfig: enabled + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: oob + allowed_networks: + - oob +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR + cidr: 10.10.100.0/24 + routes: + # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP + - subnet: '0.0.0.0/0' + gateway: 10.10.100.1 + metric: 100 +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: dmz + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: dmz + allowed_networks: + - dmz +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: dmz + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR + cidr: 10.10.100.0/24 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Set the DMZ network gateway IP address + # NOTE: This serves as the site's default route. + gateway: 10.10.100.1 + metric: 100 + ranges: + # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab. + - type: reserved + start: 10.10.100.1 + end: 10.10.100.19 + # NEWSITE-CHANGEME: Update static range that will be used for the nodes. + # See minimum range required for the nodes in baremetal/nodes.yaml. + - type: static + start: 10.10.100.20 + end: 10.10.100.39 + dns: + # NEWSITE-CHANGEME: FQDN for bare metal nodes. + # Choose FQDN according to the node FQDN naming conventions at the top of + # this document. + domain: intel-pod10.opnfv.org + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + # TODO: This should be populated via substitution from common-addresses + servers: '8.8.8.8,8.8.4.4' +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: admin + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: admin + allowed_networks: + - admin +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: admin + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's PXE network CIDR + # NOTE: The CIDR minimum size = (number of nodes * 2) + 10 + cidr: 10.10.101.0/24 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Set the Admin network gateway IP address + gateway: 10.10.101.1 + metric: 100 + # NOTE: The DHCP addresses are used when nodes perform a PXE boot + # (DHCP address gets assigned), and when a node is commissioning in MaaS + # (also uses DHCP to get its IP address). However, when MaaS installs the + # operating system ("Deploying/Deployed" states), it will write a static IP + # assignment to /etc/network/interfaces[.d] with IPs from the "static" + # subnet defined here. + ranges: + # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab. + - type: reserved + start: 10.10.101.1 + end: 10.10.101.19 + # NEWSITE-CHANGEME: Update to the first half of the remaining range after + # excluding the reserved IPs. + - type: static + start: 10.10.101.20 + end: 10.10.101.39 + # NEWSITE-CHANGEME: Update to the second half of the remaining range after + # excluding the reserved IPs. + - type: dhcp + start: 10.10.101.40 + end: 10.10.101.79 + dns: + # NEWSITE-CHANGEME: FQDN for bare metal nodes. + # Choose FQDN according to the node FQDN naming conventions at the top of + # this document. + domain: intel-pod10.opnfv.org + # NEWSITE-CHANGEME: Use MAAS VIP as the DNS server. + # MAAS has inbuilt DNS server and Debian mirror that allows nodes to be + # deployed without requiring routed/internet access for the Admin/PXE interface. + # See data.vip.maas_vip in networks/common-addresses.yaml. + # TODO: This should be populated via substitution from common-addresses + servers: '10.10.101.100' +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: data1 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. + mtu: 1500 + linkspeed: auto + trunking: + mode: 802.1q + allowed_networks: + - private + - management +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: private + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the Private network is on + vlan: '0' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the Private network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.10.102.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the remaining range excluding (if any) + # reserved IPs. + - type: static + start: 10.10.102.1 + end: 10.10.102.19 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: management + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the Management network is on + vlan: '104' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the Management network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.10.104.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the remaining range excluding (if any) + # reserved IPs. + - type: static + start: 10.10.104.1 + end: 10.10.104.19 +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: data2 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. + mtu: 1500 + linkspeed: auto + trunking: + mode: 802.1q + default_network: storage + allowed_networks: + - storage + - public +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: storage + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the Storage network is on + vlan: '0' + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the Storage network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.10.103.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the remaining range excludin (if any) + # reserved IPs. + - type: static + start: 10.10.103.1 + end: 10.10.103.19 +... +--- +# The public network for OpenStack VMs. +# NOTE: Only interface 'eno4.1103' will be setup, no IPs assigned to hosts +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: public + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the Public network is on + vlan: '1103' + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the Public network + cidr: 10.10.105.0/24 +... diff --git a/site/intel-pod10/pki/pki-catalog.yaml b/site/intel-pod10/pki/pki-catalog.yaml new file mode 100644 index 0000000..b66ea64 --- /dev/null +++ b/site/intel-pod10/pki/pki-catalog.yaml @@ -0,0 +1,289 @@ +--- +# The purpose of this file is to define the PKI certificates for the environment +# +# NOTE: When deploying a new site, this file should not be configured until +# baremetal/nodes.yaml is complete. +# +schema: promenade/PKICatalog/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-certificates + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + certificate_authorities: + kubernetes: + description: CA for Kubernetes components + certificates: + - document_name: apiserver + description: Service certificate for Kubernetes apiserver + common_name: apiserver + hosts: + - localhost + - 127.0.0.1 + # FIXME: Repetition of api_service_ip in common-addresses; use + # substitution + - 10.96.0.1 + kubernetes_service_names: + - kubernetes.default.svc.cluster.local + + # NEWSITE-CHANGEME: The following should be a list of all the nodes in + # the environment (genesis, control plane, data plane, everything). + # Add/delete from this list as necessary until all nodes are listed. + # For each node, the `hosts` list should be comprised of: + # 1. The node's hostname, as already defined in baremetal/nodes.yaml + # 2. The node's Calico IP address, as already defined in baremetal/nodes.yaml + # NOTE: This list also needs to include the Genesis node, which is not + # listed in baremetal/nodes.yaml, but by convention should be allocated + # the first non-reserved IP in each logical network allocation range + # defined in networks/physical/networks.yaml + # NOTE: The genesis node needs to be defined twice (the first two entries + # on this list) with all of the same paramters except the document_name. + # In the first case the document_name is `kubelet-genesis`, and in the + # second case the document_name format is `kubelet-YOUR_GENESIS_HOSTNAME`. + - document_name: kubelet-genesis + common_name: system:node:pod10-node1 + hosts: + - pod10-node1 + - 10.10.102.21 + groups: + - system:nodes + - document_name: kubelet-pod10-node1 + common_name: system:node:pod10-node1 + hosts: + - pod10-node1 + - 10.10.102.21 + groups: + - system:nodes + - document_name: kubelet-pod10-node2 + common_name: system:node:pod10-node2 + hosts: + - pod10-node2 + - 10.10.102.22 + groups: + - system:nodes + - document_name: kubelet-pod10-node3 + common_name: system:node:pod10-node3 + hosts: + - pod10-node3 + - 10.10.102.23 + groups: + - system:nodes + - document_name: kubelet-pod10-node4 + common_name: system:node:pod10-node4 + hosts: + - pod10-node4 + - 10.10.102.24 + groups: + - system:nodes + - document_name: kubelet-pod10-node5 + common_name: system:node:pod10-node5 + hosts: + - pod10-node4 + - 10.10.102.25 + groups: + - system:nodes + # End node list + - document_name: scheduler + description: Service certificate for Kubernetes scheduler + common_name: system:kube-scheduler + - document_name: controller-manager + description: certificate for controller-manager + common_name: system:kube-controller-manager + - document_name: admin + common_name: admin + groups: + - system:masters + - document_name: armada + common_name: armada + groups: + - system:masters + kubernetes-etcd: + description: Certificates for Kubernetes's etcd servers + certificates: + - document_name: apiserver-etcd + description: etcd client certificate for use by Kubernetes apiserver + common_name: apiserver + # NOTE(mark-burnett): hosts not required for client certificates + - document_name: kubernetes-etcd-anchor + description: anchor + common_name: anchor + # NEWSITE-CHANGEME: The following should be a list of the control plane + # nodes in the environment, including genesis. + # For each node, the `hosts` list should be comprised of: + # 1. The node's hostname, as already defined in baremetal/nodes.yaml + # 2. The node's Calico IP address, as already defined in baremetal/nodes.yaml + # 3. 127.0.0.1 + # 4. localhost + # 5. kubernetes-etcd.kube-system.svc.cluster.local + # NOTE: This list also needs to include the Genesis node, which is not + # listed in baremetal/nodes.yaml, but by convention should be allocated + # the first non-reserved IP in each logical network allocation range + # defined in networks/physical/networks.yaml, except for the kubernetes + # service_cidr where it should start with the second IP in the range. + # NOTE: The genesis node is defined twice with the same `hosts` data: + # Once with its hostname in the common/document name, and once with + # `genesis` defined instead of the host. For now, this duplicated + # genesis definition is required. FIXME: Remove duplicate definition + # after Promenade addresses this issue. + - document_name: kubernetes-etcd-genesis + common_name: kubernetes-etcd-genesis + hosts: + - pod10-node1 + - 10.10.102.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod10-node1 + common_name: kubernetes-etcd-pod10-node1 + hosts: + - pod10-node1 + - 10.10.102.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod10-node2 + common_name: kubernetes-etcd-pod10-node2 + hosts: + - pod10-node2 + - 10.10.102.22 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod10-node3 + common_name: kubernetes-etcd-pod10-node3 + hosts: + - pod10-node3 + - 10.10.102.23 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + # End node list + kubernetes-etcd-peer: + certificates: + # NEWSITE-CHANGEME: This list should be identical to the previous list, + # except that `-peer` has been appended to the document/common names. + - document_name: kubernetes-etcd-genesis-peer + common_name: kubernetes-etcd-genesis-peer + hosts: + - pod10-node1 + - 10.10.102.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod10-node1-peer + common_name: kubernetes-etcd-pod10-node1-peer + hosts: + - pod10-node1 + - 10.10.102.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod10-node2-peer + common_name: kubernetes-etcd-pod10-node2-peer + hosts: + - pod10-node2 + - 10.10.102.22 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-pod10-node3-peer + common_name: kubernetes-etcd-pod10-node3-peer + hosts: + - pod10-node3 + - 10.10.102.23 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + # End node list + calico-etcd: + description: Certificates for Calico etcd client traffic + certificates: + - document_name: calico-etcd-anchor + description: anchor + common_name: anchor + # NEWSITE-CHANGEME: The following should be a list of the control plane + # nodes in the environment, including genesis. + # For each node, the `hosts` list should be comprised of: + # 1. The node's hostname, as already defined in baremetal/nodes.yaml + # 2. The node's Calico IP address, as already defined in baremetal/nodes.yaml + # 3. 127.0.0.1 + # 4. localhost + # 5. The calico/etcd/service_ip defined in networks/common-addresses.yaml + # NOTE: This list also needs to include the Genesis node, which is not + # listed in baremetal/nodes.yaml, but by convention should be allocated + # the first non-reserved IP in each logical network allocation range + # defined in networks/physical/networks.yaml + - document_name: calico-etcd-pod10-node1 + common_name: calico-etcd-pod10-node1 + hosts: + - pod10-node1 + - 10.10.102.21 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-pod10-node2 + common_name: calico-etcd-pod10-node2 + hosts: + - pod10-node2 + - 10.10.102.22 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-pod10-node3 + common_name: calico-etcd-pod10-node3 + hosts: + - pod10-node3 + - 10.10.102.23 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node + common_name: calcico-node + # End node list + calico-etcd-peer: + description: Certificates for Calico etcd clients + certificates: + # NEWSITE-CHANGEME: This list should be identical to the previous list, + # except that `-peer` has been appended to the document/common names. + - document_name: calico-etcd-pod10-node1-peer + common_name: calico-etcd-pod10-node1-peer + hosts: + - pod10-node1 + - 10.10.102.21 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-pod10-node2-peer + common_name: calico-etcd-pod10-node2-peer + hosts: + - pod10-node2 + - 10.10.102.22 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-pod10-node3-peer + common_name: calico-etcd-pod10-node3-peer + hosts: + - pod10-node3 + - 10.10.102.23 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node-peer + common_name: calcico-node-peer + # End node list + keypairs: + - name: service-account + description: Service account signing key for use by Kubernetes controller-manager. +... diff --git a/site/intel-pod10/profiles/hardware/intel-pod10.yaml b/site/intel-pod10/profiles/hardware/intel-pod10.yaml new file mode 100644 index 0000000..9d1764d --- /dev/null +++ b/site/intel-pod10/profiles/hardware/intel-pod10.yaml @@ -0,0 +1,105 @@ +--- +schema: 'drydock/HardwareProfile/v1' +metadata: + schema: 'metadata/Document/v1' + name: intel-pod10 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # Vendor of the server chassis + vendor: Intel + # Generation of the chassis model + generation: '4' + # Version of the chassis model within its generation - not version of the hardware definition + hw_version: '3' + # The certified version of the chassis BIOS + bios_version: 'SE5C610.86B.01.01.0019.101220160604' + # Mode of the default boot of hardware - bios, uefi + boot_mode: bios + # Protocol of boot of the hardware - pxe, usb, hdd + bootstrap_protocol: pxe + # Which interface to use for network booting within the OOB manager, not OS device + pxe_interface: 0 + + # Map hardware addresses to aliases/roles to allow a mix of hardware configs + # in a site to result in a consistent configuration + + device_aliases: + ## network + # $ sudo lspci |grep -i ethernet + # 03:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01) + # 03:00.3 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01) + # 05:00.0 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + # 05:00.1 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + # 05:00.2 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + # 05:00.3 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + + # control networks + # eno1 + ctrl_nic1: + address: '0000:04:00.0' + dev_type: 'I350 Gigabit Network Connection' + bus_type: 'pci' + # eno2 + ctrl_nic2: + address: '0000:04:00.3' + dev_type: 'I350 Gigabit Network Connection' + bus_type: 'pci' + + # data networks + # eno3 + data_nic1: + address: '0000:02:00.0' + dev_type: '82599ES 10-Gigabit SFI/SFP+ Network Connection' + bus_type: 'pci' + # eno4 + data_nic2: + address: '0000:02:00.1' + dev_type: '82599ES 10-Gigabit SFI/SFP+ Network Connection' + bus_type: 'pci' + + ## storage + # $ sudo lshw -c disk + # *-disk + # description: ATA Disk + # product: INTEL SSDSC2BB48 + # physical id: 0.0.0 + # bus info: scsi@4:0.0.0 + # logical name: /dev/sda + # version: 0101 + # serial: PHDV637602LL480BGN + # size: 447GiB (480GB) + # capabilities: gpt-1.00 partitioned partitioned:gpt + # configuration: ansiversion=5 guid=ea7d0b6a-c105-4409-8d4c-dc104cb38737 logicalsectorsize=512 sectorsize=4096 + # *-disk + # description: ATA Disk + # product: ST91000640NS + # vendor: Seagate + # physical id: 0.0.0 + # bus info: scsi@5:0.0.0 + # logical name: /dev/sdb + # version: SN03 + # serial: 9XG6LX48 + # size: 931GiB (1TB) + # capabilities: gpt-1.00 partitioned partitioned:gpt + # configuration: ansiversion=5 guid=27f17348-e081-4b00-8d4c-5960513a40cd logicalsectorsize=512 sectorsize=512 + + # /dev/sda + bootdisk: + address: '0:0.0.0' + dev_type: 'ST3000NM0033-9ZM' + bus_type: 'scsi' + # /dev/sdb + datadisk: + address: '1:0.0.0' + dev_type: 'SSDSC2BW18' + bus_type: 'scsi' + cpu_sets: + kvm: '4-43,48-87' + hugepages: + dpdk: + size: '1G' + count: 32 +... diff --git a/site/intel-pod10/profiles/host/cp-intel-pod10.yaml b/site/intel-pod10/profiles/host/cp-intel-pod10.yaml new file mode 100644 index 0000000..55cbae7 --- /dev/null +++ b/site/intel-pod10/profiles/host/cp-intel-pod10.yaml @@ -0,0 +1,105 @@ +--- +# The primary control plane host profile for Airship for DELL R720s, and +# should not need to be altered if you are using matching HW. The active +# participants in the Ceph cluster run on this profile. Other control plane +# services are not affected by primary vs secondary designation. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: cp-intel-pod10 + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: cp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: intel-pod10 + + primary_network: dmz + interfaces: + dmz: + device_link: dmz + slaves: + - ctrl_nic1 + networks: + - dmz + admin: + device_link: admin + slaves: + - ctrl_nic2 + networks: + - admin + data1: + device_link: data1 + slaves: + - data_nic1 + networks: + - private + - management + data2: + device_link: data2 + slaves: + - data_nic2 + networks: + - storage + - public + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var_log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + datadisk: + partitions: + - name: 'ceph' + size: '99%' + filesystem: + mountpoint: '/var/lib/ceph' + fstype: 'ext4' + mount_options: 'defaults' + + platform: + image: 'xenial' + kernel: 'hwe-16.04' + kernel_params: + kernel_package: 'linux-image-4.15.0-46-generic' + + metadata: + owner_data: + openstack-l3-agent: enabled +... diff --git a/site/intel-pod10/profiles/host/dp-intel-pod10.yaml b/site/intel-pod10/profiles/host/dp-intel-pod10.yaml new file mode 100644 index 0000000..d0e63a3 --- /dev/null +++ b/site/intel-pod10/profiles/host/dp-intel-pod10.yaml @@ -0,0 +1,112 @@ +--- +# The data plane host profile for Airship for DELL R720s, and should +# not need to be altered if you are using matching HW. The host profile is setup +# for cpu isolation (for nova pinning), hugepages, and sr-iov. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: dp-intel-pod10 + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: type + parentSelector: + hosttype: dp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: intel-pod10 + + primary_network: dmz + interfaces: + dmz: + device_link: dmz + slaves: + - ctrl_nic1 + networks: + - dmz + admin: + device_link: admin + slaves: + - ctrl_nic2 + networks: + - admin + data1: + device_link: data1 + slaves: + - data_nic1 + networks: + - private + - management + data2: + device_link: data2 + slaves: + - data_nic2 + networks: + - storage + - public + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + datadisk: + partitions: + - name: 'ceph' + size: '99%' + filesystem: + mountpoint: '/var/lib/ceph' + fstype: 'ext4' + mount_options: 'defaults' + + platform: + image: 'xenial' + kernel: 'hwe-16.04' + kernel_params: + kernel_package: 'linux-image-4.15.0-46-generic' + intel_iommu: 'on' + iommu: 'pt' + amd_iommu: 'on' + cgroup_disable: 'hugetlb' + transparent_hugepage: 'never' + hugepagesz: 'hardwareprofile:hugepages.dpdk.size' + hugepages: 'hardwareprofile:hugepages.dpdk.count' + default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size' + isolcpus: 'hardwareprofile:cpuset.kvm' + metadata: + owner_data: + sriov: enabled +... diff --git a/site/intel-pod10/profiles/region.yaml b/site/intel-pod10/profiles/region.yaml new file mode 100644 index 0000000..e714ca4 --- /dev/null +++ b/site/intel-pod10/profiles/region.yaml @@ -0,0 +1,60 @@ +--- +# The purpose of this file is to define the drydock Region, which in turn drives +# the MaaS region. +schema: 'drydock/Region/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: Replace with the site name + name: intel-pod10 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - dest: + path: .repositories.main_archive + src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .packages.repositories.main_archive + # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the + # list of authorized keys which MaaS will register for the build-in "ubuntu" + # account during the PXE process. Create a substitution rule for each SSH + # key that should have access to the "ubuntu" account (useful for trouble- + # shooting problems before UAM or UAM-lite is operational). SSH keys are + # stored as secrets in site/seaworthy/secrets. + - dest: + # Add/replace the item in the list + path: .authorized_keys[0] + src: + schema: deckhand/PublicKey/v1 + # This should match the "name" metadata of the SSH key which will be + # substituted, located in site/intel-pod10/secrets folder. + name: sridhar_ssh_public_key + path: . + - dest: + # Increment the list index + path: .authorized_keys[1] + src: + schema: deckhand/PublicKey/v1 + # your ssh key + name: trevor_ssh_public_key + path: . + - dest: + # Increment the list index + path: .authorized_keys[2] + src: + schema: deckhand/PublicKey/v1 + # your ssh key + name: luc_ssh_public_key + path: . +data: + tag_definitions: [] + # This is the list of SSH keys which MaaS will register for the built-in + # "ubuntu" account during the PXE process. This list is populated by + # substitution, so the same SSH keys do not need to be repeated in multiple + # manifests. + authorized_keys: [] + repositories: + remove_unlisted: true +... diff --git a/site/intel-pod10/secrets/certificates/certificates.yaml b/site/intel-pod10/secrets/certificates/certificates.yaml new file mode 100644 index 0000000..758ee56 --- /dev/null +++ b/site/intel-pod10/secrets/certificates/certificates.yaml @@ -0,0 +1,2456 @@ +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSDCCAjCgAwIBAgIUUhe1JxgE7Yh1iqSJOSEGx3ZAnhQwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yNDEwMTUxNjE3MDBaMCoxEzARBgNVBAoTCkt1YmVy + bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQDPD4hcsqHA2H35EynaEia5xR7J53zeMZRxTA/dZ7Ajr5KiE3df + YBn2XH41x2tnYnSeeMaEA9/0MUdMfL8cfuLOc00SV583X+NRV099zSwVk0t+0qxM + zZILWhkYSVU6LScaDHSWsKotdb5srQ4jXEKQLJGKcCVdZfKtOpd3L5oNAgFWMb1+ + L1dj6bzMemKY0jyhOwkhzq9HIKDVF9UgGrQG39c853R1OyLCuV7GvGwZTLSYlQE8 + kdzJPJxphHI5HJ07qFnVHfZTINKCSp4CzcR69P2ebNkYYxMMjMJcKcGBQZeD8IYP + 3Lj7JRb9tYMMsCnvckOYesmM6cLd2/N3J+CvAgMBAAGjZjBkMA4GA1UdDwEB/wQE + AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBR70SVxO0VZs5uQBJZ8 + FtrinOnDhDAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDANBgkqhkiG + 9w0BAQsFAAOCAQEAO3HxeNV8py70HXWx0t3d/H67LazOn8GPXaGb1t/LJP6Im4aA + Iz/86KERBZtnPca4ViZSGg+24X5jEVuneu0Cb2PXTI19rPTk46z+xjOYvg7QKAC7 + Zy8bIyxHRcOJWXZtfldjjarD+6Z+SpUy30IW6QBhhKXkgWcBJHuzvsRy34cn2Dor + 3kMYjMl8eVB9MIEe06W68XWcqs2W1qxbwyhVtiYkDhAdJLezCX5gMzASkrrXOlgc + 8I5bdpNHBcWdWozLYyo8FfcxQ3kC4u0oBFPcltU4wSNze5b6FEgsvFbj0VHYMpPe + YCe9NKOUGXFRmWQCu9r51TOL3ei9EDLojqWUJw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUjCCAjqgAwIBAgIUd4gluEvZnIC6MSa2COXMpzTNRPcwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTI0MTAxNTE2MTcwMFowLzETMBEGA1UEChMK + S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozkTZtGGpJf40KQWe8JCifaJ7UXZo6aQudcf + WwKi8+R5VH9piFTGvEHQ4ynacogKKlJANdzNBfFIiwGbzBJzrIRXGxefsGJaqMYg + 0DAgJphHIbmaMZNhOt/8gptQE4J/1PoIiilzbMVhpI/kSeBqmeiJQirTc6Y8vQYO + qESCk8i3XjCAM9Dslei1KgfKXyquBoVDRNFs2WVJc1COJQR2EK0mwd1VWU2XgCSu + U014uRGINtuzobO/9Xz6cmG2Yr9JNmjnI1KmjIizBvCmnkNDBAUiohq3/PwNgC1t + SdKilbsTJpmFjnf32QmnnfNdRIEZW1aDCTerLF+hkulo42PRrQIDAQABo2YwZDAO + BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUHUaL + MQ/jLVbeUFCYtasaMoE4hXowHwYDVR0jBBgwFoAUHUaLMQ/jLVbeUFCYtasaMoE4 + hXowDQYJKoZIhvcNAQELBQADggEBAGMzXFyfW8dPmjmNrDCoMhERDHY/xqgjZgG6 + 2Rd50k/ZKa5dTac0m1tybZ0KGBQvsYTsDGPhXOEMzBpHwDN+G+Gh8LUpCbpY2xZT + WTvCeHBNgcgr3o454TEMVd5XSmNDqDalEm9A1ZX0w0DP1As4zzsqfiriuSvQEqtL + 1LdyA/9gFVNCl3O2Zamx/QJyZirC1+KJX4skI+Rofbw5NDRYilp1ddJGlOYIqTq6 + 8Fw94OfFfpLadEOkkyyz7PLYUQv7IXubjl09L7h6roGLySs1000tXPr/00W413ny + gyQ8qPfwVTAc8IwPCxLrgCxuQ9Rnsjw8UpNFaj/IKDHLultyimk= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDXDCCAkSgAwIBAgIUNKOS1pqRdd6/c6oVMOysQzCDdWMwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjQxMDE1MTYxNzAwWjA0MRMwEQYD + VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC + ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6jvdox9yfGuKdpZ6oFEac8 + KYIScvvZtw4d+YWxFg+U0VIh7MDcaIZW6NO9QW76XsaCgMOwv1m9m3VQ6SXpwXn5 + uzgqIfHEaypizAIxAZFiSSVi++gArl5SZXzxPNIv8wdUubLKi4CQR+aCwfK9+FsV + GJ1S5rVmoCNma3ftOQAZiDUZsu4mX+UPzvofsMvMmYo+gk9P1VrHehlvUyBSsfvf + cZztJCNp4FIIXpoD8MjDad3nL6fwWDl/YNjqqpYHaWb8lHME8G9hM+MnMxyOhu/N + V0UJEujY64aq7GuZSYt3hgwDf1EQNmMfYP//Jq9gqTCSIl617cVeylZOBFy886kC + AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD + VR0OBBYEFFWqeaecOQWXBemv652P0prSyi9tMB8GA1UdIwQYMBaAFFWqeaecOQWX + Bemv652P0prSyi9tMA0GCSqGSIb3DQEBCwUAA4IBAQCT77h1WAEhxbRloCZJ0Gah + eaUk0fVaTSCHJzbGjV1BojrXtsEnHskq1uuB4zym9xOSz7JYc7UeY1+vMYpy8M+o + JqzlvSpz1JYDd8ukwJOvcdaepsYpj7G8nrbgDTglJ8KnsBcsCe5g7emKXxysGXU/ + PgW2jZAHMO2gxgzEvh0PoXRMqn6TGHjrdl9cktNJ7Lv9uXM7e0FrkRUB1xoDia4O + l3m7T/VitUF8qnn1edkfCyGE333OQGkBJoTwsMJEh+myeUdEN3h92od3HGut8SI8 + aaxl195+em6PgVNQJxFSrj0Pw1zKNcxTxHnjwSXpcrYawIHkI4vdb3gVsxk6QhAw + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSjCCAjKgAwIBAgIUD4Z/gmizWB80oApCHL838JSV1lgwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkxMDE3MTYxNzAwWhcNMjQxMDE1MTYxNzAwWjArMRMwEQYDVQQKEwpLdWJl + cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBAL+goMwNsaMtx8tjddFR1/iIr44iUCnJz2kwkV+G1ppFMUBx + NLUXzs26mxJ2BdNbMgFpWAe7gShIgvp4SYL1oD0Tvf0kEvRyym8jeSHVUIhT5T93 + KmG6IB4gxVZLp0htO+673Byi+Y3t6rKICsDYH7+UtZcjgpjuOfYWLPxwke57x9y1 + SNIj1QIo0YQT2bGwBz3x/s0hj2awSO8PqheY8nJLEKnnks3nzIFUp96IKFx0sB/j + ftQg1IuS0ak7mYSo3D9M1DOR3URG9yNXAN4bAZtndy+3zH9BAt60/4/vKoNdbYZT + dF1q+KY93yv7gW4/Ru6AZm2h/rEmgFWqst/UyokCAwEAAaNmMGQwDgYDVR0PAQH/ + BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFKo/GpJZkwjxsI8Q + VNhp2BB2FK1cMB8GA1UdIwQYMBaAFKo/GpJZkwjxsI8QVNhp2BB2FK1cMA0GCSqG + SIb3DQEBCwUAA4IBAQAuJAZN8CUjK9tXYtr0Cofz26nuQmAxScR9deStaYVyIKPE + ASWbQVMdlGEFeWyaEfK9b5mjBJ4KV4cUig5Ki2WeCI9j4SXJnp404fjwFww+hnXU + 4cEValu5SrMehGa9aXrYWPi2417QP+AMsXda2GItQ+b5WSuD00G+9/sZZvdmQYJT + UDQBpDsEgmHnVF2Qk4SIcl6MC2zXWroXcRZ7dHkgDCUMLs8bzIBD+7lVhrVXMOjJ + 7Yc+XT2r4oeWlG6ssQloC8I7u09DmvcqPKTouCQNdEOMqJJjsPxGss848Ozgxabg + HnW1VpAUGAEVtIXOBC5hiP3a6SNbnRPFzM7wzI+Z + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVDCCAjygAwIBAgIUe8pGbUVr4Np9evhV65xWfe3EAucwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yNDEwMTUxNjE3MDBaMDAxEzARBgNVBAoT + Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG + SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTTZoqqSSE5JeIimYlOa+5fV+I/ZKOvuOa + 3mAHMCeEbct2VFAlKR84ZRK+0V8kl7H4a/heq5raC20I06nm/hko7FYfZ/XisgNQ + LuHrMIiwuc6S8pGBmXAn2dn8Dai+i9PFTPllNvSSoSjPpRZHRz13g0fjm+7KKOPm + K5CxH4C+pTMQjSxGjW/4NYZzY2ApvG7hyV5Fk11vNUMRPkVhVVo+cO7Kyw6skw2U + eksVdNEQmKPTGqXE4dK2awc5MpmFkIpVuNnohJWYWH6N7Ty0uWSe0qyi2g3GJwtq + fi8k5GDsMMmql9K9xEm28vQVKmmIGph8c1EcWB88EqD2bV6qGRqPAgMBAAGjZjBk + MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSw + f1hEf9YG8SVpf9jlxbHGtSQ4xzAfBgNVHSMEGDAWgBSwf1hEf9YG8SVpf9jlxbHG + tSQ4xzANBgkqhkiG9w0BAQsFAAOCAQEAfWmpgeHmgrN947AhQSgVuGspdJVaOGO0 + eVdur/QfNw4ddGL2qDFzzr6r1YqjfsSsBbKRRbvFks74ngJ8soJfS3ta1y0cqvIl + TVQwK63mB8zhkwIF2qFLKZfUp5DYR0ORFCh0FArWkkgaRkSYcSQRK2MhAEqwUE6w + q2cBle0y17+d6jcoNjxXuHpyfXjoDX8wHb7earVLwm/+xHOANAjhUoGkb6yKV0Wy + DYMWdxgtJccg3qk9w4tO7Ma1fd1D1XxSs3r25nrrg4w3p+C+T4Y6/5CddCdy6/wV + BpszyMe/S5koRHxidecwW6rim6Mkf0+BjrgOxplygc4SZZ4QGNjorw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAzw+IXLKhwNh9+RMp2hImucUeyed83jGUcUwP3WewI6+SohN3 + X2AZ9lx+NcdrZ2J0nnjGhAPf9DFHTHy/HH7iznNNElefN1/jUVdPfc0sFZNLftKs + TM2SC1oZGElVOi0nGgx0lrCqLXW+bK0OI1xCkCyRinAlXWXyrTqXdy+aDQIBVjG9 + fi9XY+m8zHpimNI8oTsJIc6vRyCg1RfVIBq0Bt/XPOd0dTsiwrlexrxsGUy0mJUB + PJHcyTycaYRyORydO6hZ1R32UyDSgkqeAs3EevT9nmzZGGMTDIzCXCnBgUGXg/CG + D9y4+yUW/bWDDLAp73JDmHrJjOnC3dvzdyfgrwIDAQABAoIBAFVeRg5R57ami2mB + qSOrkCPPTZ5YvnatYlJD1damxUwxOvdvpyu/Z3TXNYHesj1xrjsX+GC9aDw5hPfY + BsMs3T3Y89G4JoCiHAqRQMjRKnfKvrmPClKv/qKHhwkoUuclbpWixP7L353Wiags + wUN66kae2XKGQiF7ws4A9inBinYJu3jJSwD48SEGk8gavwZsqv+bqICGpdgeHV7L + Mk3sxxKFAgN8F9yk53MuAdv8LIfVtm33juInLPqPMb2Ifv32mWmiS3xTCcIWq8Xa + 55FiNWMUD/yNNf+hgZDcSMJaxVgUSy5CRngfkOqA3XmWjcADF4/HvC92BzDM8wei + zhxNTcECgYEA80PkTiHctYmq2KYvpoaVHyWNqNCk1ePWIpOa4MyD7Hr3SShaQ2x+ + D3HLzoExt+I6EwWBzE8r8HvkWNX/P7FpzVPaeVfYLF+w2cnMgW1UTkWKQf+ne29H + fz0W6km2NMvX2faGeB9rV0XVxi7+UQuj1hqXhECQOXNeWWgRqMbCx3kCgYEA2eZy + ifs6n3v1Zk2k03sklO89k5dSCU1soAOiKOFV7UL0TFxZFpMO+Mlt6etJqpbIEIre + yTSWtLCFlkMxjUWqVDRmBrQWPseCfGklpQNv7FL2qR7HT/iyqi+DjDal9OaWxSVL + ii7+M0OGClUGe+Fu8RSRQ4nrowWb5i0pGHub12cCgYEA42h3N7ceDTLp3GfWqbSs + GJbRi5uoTC8V0fLsWPO2682z99baMqdsXOHDZYOOx9ia84c1ZJoqeEBJIebDG3at + cn3OAZtmAW1e9OlZ3TAoHJeTfMkSdyh6zO59yn0n8MkSOrbj082DWe11vzPVGExq + V086jy6P5LT94VSRFZbhJPkCgYANSGH1DU5+iFTmPpdsmNYbChZr186VaJXVj0Mk + UNAnHWy89ugrWx2Pht/fYYtlDbn2YDDCfSUusJAEH+Z2YSfH6EXL5NByVUEcCmDU + FUiOVGRa3NhzhIqHm0vekTo+movYSrS3ILQ4NcaG/LXfeVeE9KcCQfcOQfpF5rzZ + lDdkwwKBgQDbDNH8G55BaV+oH47NwMqCBVHavctPts9GoZ12U/o26WjbRKDeXN1v + btePDtQNcxf6J6esFJX4/6AF13e+JfIE/0ePIkXrvSjNdmKeDeRh1FlPi748NhHY + N68vI9hGtCkyEjR/H+eXQt5fO02KqMdaEoOe1rZVcLngQz/f8n1tPw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAozkTZtGGpJf40KQWe8JCifaJ7UXZo6aQudcfWwKi8+R5VH9p + iFTGvEHQ4ynacogKKlJANdzNBfFIiwGbzBJzrIRXGxefsGJaqMYg0DAgJphHIbma + MZNhOt/8gptQE4J/1PoIiilzbMVhpI/kSeBqmeiJQirTc6Y8vQYOqESCk8i3XjCA + M9Dslei1KgfKXyquBoVDRNFs2WVJc1COJQR2EK0mwd1VWU2XgCSuU014uRGINtuz + obO/9Xz6cmG2Yr9JNmjnI1KmjIizBvCmnkNDBAUiohq3/PwNgC1tSdKilbsTJpmF + jnf32QmnnfNdRIEZW1aDCTerLF+hkulo42PRrQIDAQABAoIBAQCOlXNvZCV8bw16 + JX1Gi0JZBrciQNyIax8OWPAZLspux+19dPgZkgUxu0TgzFT5rAFFSyiwZLvtLwOx + +qvAr3XBBLKbBh4HlUOhH8LWWtQbIvcwbNRX7mkHZ1dMOKTRBjTpNap0FxWvtRVB + Djncl2BIJqyQ0px48IUqkroHICH5Of3o9m6Q6l9pdnq/3QK0FBYGz9+JB8uFP1pL + uMzPcCzr6p1ZR+cafgu+oNIPMt4hpfOz+dBJ4mfnss0msosj6jFhBzvQ7feZBLu1 + MAJqbLOZyRvL78lToNun1WJz4p5qFIrShFWLtqsEC6HFhKmC/wJXTCrBv2/kmam7 + +K4PtUkBAoGBAMIsWcPc9PEZQ49Naqd4++yBuh1zhMrem59yy5xDQyygzNhhSGtD + GdsBFDidnQaTe5d9E30TwE+A3rUAFx54udwId+uX+DnOx0wxgCxkzB19kxmDcqIY + qU4IZC0BJ4ZlZiSWX00Z/i45PdIRKWp1x8f113qZ2F0fMFC604bWtsRhAoGBANcx + 34COhI1Hun6TvIrb/iYk2duX+eoQ/Wlh42jqSpmBXwj4JV9pRUgo5xXY3iYXXZeJ + AgMUH4V7CUzRYtkilMfbvcmqzrqowVqOF250B5auhFOO/EV9ibB8Iwfq/gDq8iZd + SmFzVsfQgdIg5VGwErerfhyOxWcFVav8dvYt0pDNAoGBAK8KGhWlry1U8AFT8axt + NPUccPGxvGjBShrv+jqwq/KkNmVtNUJ0Z+90Ro1PEEnoU8bZWuMrFfbVnm4eWbj/ + bdS70ZcRFRTPofu+t+PNLe/7zsp2I7Wac61DhULIwp+18uFSqTCxGOEEewVOsT4m + VOWeahQ8cb5oqj5sXNk13+ahAoGBAI7ZHHRKJtNh+fpsN4w13M+VRsjuaYdnH9EE + meDbJgogRuW9U5GyX7s2668k9tJyUD53RE6m3QXOVq4XkHZy7jB9Pc7RA8oEm9Vw + 3T0E6MSttEmDcRLv8qakwNxQsawKShQNeYKW/dRGJOdHzvIa31HtFRn/7Com8Gfq + f02LvWtBAoGAR5MyEje+Og4ihfyR+gS6KdRmBUUGua0PGkl6MDJWumtL3Snfzhtp + uPldgwtkO+NNYr4oTln1YcfFdtYY0zFJJ9t9TwiMmaLvbd75hr474BygDM2/mGSf + bITJztZ4cDKeiFTEJAYx/geWsen+2x61WDd39KhhJoyu9VIUPQJ+K7g= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAzqO92jH3J8a4p2lnqgURpzwpghJy+9m3Dh35hbEWD5TRUiHs + wNxohlbo071BbvpexoKAw7C/Wb2bdVDpJenBefm7OCoh8cRrKmLMAjEBkWJJJWL7 + 6ACuXlJlfPE80i/zB1S5ssqLgJBH5oLB8r34WxUYnVLmtWagI2Zrd+05ABmINRmy + 7iZf5Q/O+h+wy8yZij6CT0/VWsd6GW9TIFKx+99xnO0kI2ngUghemgPwyMNp3ecv + p/BYOX9g2OqqlgdpZvyUcwTwb2Ez4yczHI6G781XRQkS6Njrhqrsa5lJi3eGDAN/ + URA2Yx9g//8mr2CpMJIiXrXtxV7KVk4EXLzzqQIDAQABAoIBACsR/hRorbdguERM + uAq8G73b0FsINWdBLeKHZOb0zkBZKHgSEiLwzeiSXN0laWoUTYTa1rPzNy8hUjHV + t4LrgiRGZTuDrKeT5TJkfVlHlagT8GMWiqME4VNPoU+1iJPW4rT4d+xIQ2N8rz/g + qURLTGTPtN211dihl2dJhcTtcSAP0fpcSTMY+YrgyHo3y7Il1sj/Q8kG8NanfOJa + hV02UGVLBmSOB3aXLMdfhkxNSXEtlrR1gVu49mExQU07sEPYoIqgvT65ZYAd+QhN + QSfpCoFqypP21b73QFk6ctMQfEH/46hNjNrIb/oFrHrtaBuhLra3ksD60RfZ7r2q + XPuqMgECgYEA0Kedp1hvVewzptfpMRkP+c+d6UiGmHHaMRlbFrBPfK+8Qlfdel1+ + /x7EB0qHzBUNwDKUq2pL93s/7gjDSsgKn4xU+Wz7udfwPWhqrgelnp9q4hitd8kE + tnxnSmS2KqpI7dyZ2BCFdgR5sLtCENs/47jpamhCOp2ydS4xPDD6SVkCgYEA/YcR + +vRaX0iAo3eXUM9E49FNhg4oCBsSQDHw29CSSH7S1GwIxCYLzOmSfx6Kp1EmooJj + bJq0AX/PaAv0vvEg6eCgthhtb2KtSWvZzZ/Zy2gy2yWVq6hRjw/os4o8aivXwXyH + BGzlZ8q2qIk4RKlMux/VhOb65RsFylT+rAWLYtECgYAkNYJBYTJo+cV45a0dDRld + o67mpeRdnhxcOuc4x73ziFemN7NCoekBAujHzyJDwz+Qo/ZyzM6EEwpkF3c0igR1 + 7ZdtdYE1ngidz3n7223dWhLlS50G1YaQ2IPgQBvwyX5AcPDtsuhGM76ecdCkNjgf + H566DX+4xlcKyMpYhLNaeQKBgQDcdr59+ks0HHowrGhbD0Ka0YGWl2zcT545ULRg + kikC/bYcnq2o1GTiliKchFSSVxE/tB79bDIoM5qKogr8l/bFKl7Wurs/ZxHFjRHj + q6PbLAs9YpuaoE38GBuFNSqAMQv353AJuyBqd28Lc/gITSi6eF5Wqf13iV4pqmuj + 71ZcYQKBgEiFCXt1Rh0usavU7B8SNG2lPzsKctnMt39+95ZFnMqlyQ726pZu/3Ov + F6BUQ37XM+lbPqKpXV21m0Q2ApYRUjGQKFpO6S0wndy9FYGvygHspq93g3cJA8hX + S2mPvSy2oIp1BmS/4DsY/XHbYUO5xoniZb97EqcNHwj+M/D+pI5w + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAv6CgzA2xoy3Hy2N10VHX+IivjiJQKcnPaTCRX4bWmkUxQHE0 + tRfOzbqbEnYF01syAWlYB7uBKEiC+nhJgvWgPRO9/SQS9HLKbyN5IdVQiFPlP3cq + YbogHiDFVkunSG077rvcHKL5je3qsogKwNgfv5S1lyOCmO459hYs/HCR7nvH3LVI + 0iPVAijRhBPZsbAHPfH+zSGPZrBI7w+qF5jycksQqeeSzefMgVSn3ogoXHSwH+N+ + 1CDUi5LRqTuZhKjcP0zUM5HdREb3I1cA3hsBm2d3L7fMf0EC3rT/j+8qg11thlN0 + XWr4pj3fK/uBbj9G7oBmbaH+sSaAVaqy39TKiQIDAQABAoIBAQC1kOzKau81Pdtg + ywyHGJUZ1+j/M2PhNGZhtLMJYClWYtkXxiu6qqQ4Kedkxo8eg/oNfFL8gJ0QHiR8 + ThzZCQKa3GnXwKZ1F47XXzUW6Zc0lMlSKQbvMfvckBBqg6Qs69MtkLIuL/1kjVkj + b+NAdYcfbzffzLWhUZd5o+lcBw0+eEQlozmoTNT/l/wskTFnzVmT35VyiIHxU+k4 + M7jhpT/FpEP+jGeS8VEimlXnRIgTOr7ThfdUtIq5Me0HCSkDEboWaKvtapZDfC7A + BTeYcVwjPy8qvwBhT+Mse+l0e2E+Dnqabbq0s4h7AGsAxYXPHJbnyyqV7p2gof1I + 3mZGYXUBAoGBAMfaF5rxgnXAdUhzWyoMmYs59kv+Ot9WsKYZjp8E4fBxEGfySrxk + gChrnnKd2TBxsZtc0r15JG/XZOorj9lsCxY1YIJzgKWiKYCwnAygKZBZRdc+i+bY + oCZZf2glOJCP84Yqf6jKjon/1oxfghFLjB5QZCVDyMfq8xPjHn+p6h81AoGBAPV3 + Alc4qdOQJJzE8Qa+fQzdKNgiWhp8N/2MXUmEcRT1AmtcUa5gEUeF/5bN7o8SIURT + 9w0aKXKyemUcvySjbD9gQao/JmBGJ0gogZny+RM+MWE8o9Y24xGzc+bEmZ7LC71e + sgBVZDHF1Lryy90m+j3GAlJPJTAdeH6snMKX1sSFAoGBAL7eRNMfOwi40YprWbL0 + K6Szq83yNUneIoHQQM0QvbSEVzXfSo9YsKlp9v7iUG6a9xQ5d6+rxifmoCOhjRYK + wR/pxI1yQHhwQpD8m1zXjjqleDVVMAo9894MdckCW159jQgjCJ8tLSsRI1gXU0Kv + U1gUUUDh1x1P/+2LaTJmFgrNAoGAAb7Q43Hhs0FpITw9QoEEPp0r9y13WozbkQ/4 + cddhPnbnh3/mjMjeFpYbVSUttxK37dZzAULYXJpsSF/F9Cq9UE4M6Xr9eN3G1bqE + AWY64yokC770o0dMogmWn2NyfDCRas1LkrkIt1niw1mKnY3zZZEM3yz05Lyw6KWt + j6youEkCgYEAnsRcauC2Z/4ReRDIjYmypqerkLwS6xmRQOGqY7vWghxAEkXSjqUH + BMQBS5mi82R2pwnkPLd2RvQwwdeJ2are8JazDOQrRqavu79FyZgH5ranJNrAQw7a + HNE+UE6dpgHBDIf0Ps/izdTIjEUeaUp8nsRR40mopVR8a2QMeOOFoEk= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA002aKqkkhOSXiIpmJTmvuX1fiP2Sjr7jmt5gBzAnhG3LdlRQ + JSkfOGUSvtFfJJex+Gv4Xqua2gttCNOp5v4ZKOxWH2f14rIDUC7h6zCIsLnOkvKR + gZlwJ9nZ/A2ovovTxUz5ZTb0kqEoz6UWR0c9d4NH45vuyijj5iuQsR+AvqUzEI0s + Ro1v+DWGc2NgKbxu4cleRZNdbzVDET5FYVVaPnDuyssOrJMNlHpLFXTREJij0xql + xOHStmsHOTKZhZCKVbjZ6ISVmFh+je08tLlkntKsotoNxicLan4vJORg7DDJqpfS + vcRJtvL0FSppiBqYfHNRHFgfPBKg9m1eqhkajwIDAQABAoIBAQDGkvYfw0brkLuL + eKzXrOekRNtELTDO7zuMbhEGkE2C2X/M2x1aXtPVNr8wDikAhYKd+DG4HkLvSK+W + DPxtdTwFxlyFNTjRawNMFlL/qGO82VD1rfnqNl09RjDh+6AqOdOxZk41vTiIl+V3 + hihyodN0/i3QC9mTqGvMAgL/QaDHB1kMkstpZ54cilAxrGJUNmXPkzeIUCKbNXU+ + SaBTNR5m4UZpYNHPNH9SQoHUhjY1vF7Sdm5AvgJuxSaut4i8xllnIHFY4PywrNEJ + aAhk5LTC4E2S7lF9cgSX2mUv6D8kO5ItHdbKCMrT8JdBdsT8+JiBumrd58sXcGCJ + HCVYH3ExAoGBAPcXb9jZR5Ssk+5yXZVbJbrQ+hJ4w7Qlg1+q5qXTHgG0bYw3JqdU + a9Gfkr8Eq4QH/IgAnk90M7L4ff+MNnz9yMgd0Fpr62USdtTHfGkM0/gEX1I8GlVs + imZJFHA0W0kPFN6/0B19C7UNsP/2jGPatv28UvdVmSxYbkqHP/stR8L3AoGBANrr + 2f5PxPEt4GnR+dmvYdXt8sa5h7gr0jujCHvEnJGUd+fK6D8oit2KclsgM/OjXYur + F7lZaX1dotqTynR5Yrx69n/jePcfNjJmttl2gMhA7g/fb5NB9XRaf+q7bM2kRvlZ + npy7z87rxhQEWxlo4cej6WouWagtgscHsByDQucpAoGBAL4s+rfTG+XRIhaPTXnr + 6lEsEJzw9+eKS9/xAI62u8yiGwKlXAnDzyxK/j4pEP2QzAu9Nht/G19vJELwnut6 + xPNJBxjhIQ7stCs20olkBy1H6Dm56qa+4JKzQpjNo0jK48xBo6NeoAkc3ZNUJl+g + ceE+9jhJWJgqA9E24can5iinAoGAQZscoRHWu1A8SHocnhfpAetlLhi7i33WavjY + uf6ZzSbpKBWus/66Xtn2m0hzSThT+F81pN4etuswusA/k9gstr9Cz+Cjh6ta2o/d + jB3vShPrQ+Z50W+a11unqfixCo+IlYE9/0ppZGFT4vvLMTo1L1b3xFJPnA7Hek3b + gS/1BMECgYAmxjernEQ778QGg5sYdwCovW+tdN6NdxEIiPu6sJITcLy7iihtpfrE + gxYk1ZOAq6j9pROftDYlSr1+hhZ8zOTYS48plgDYvmJS7qRaJRUWeRRfB0OzBqhB + jWI22NajXD0OWdYliX/CtyI0wLKTJgJ7rbVjix5sk2Wdxnr3tya5/Q== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID8jCCAtqgAwIBAgIUJ5FyERxyN6BatXR8Gk83s4OT4XcwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMBQxEjAQBgNVBAMTCWFwaXNl + cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVnnsLYUUBY2OrZ + 7HtKRftkmkEeXJfG0A174VA8IwUx949ja+htZ98FWcReYdSHyqxJQpqp+PuH7O8q + 4yQ1h87FQ568PqSjs+FV8JkxPjs1PxHT68Yq6ajkIDEmL3JeYimWzGpGmdRssgN9 + nxz2oRjHyK5UMpxHVDMl3OE6SrHitqdtXSyNg7ImiRDgGLVx0pOr4Z81LAaUaHaj + G20czWxhpG46UjWRNR8eNaPLnI2AlpK+L1pHFT8HcQvWHf7DO+KaGCgg+rlvINeg + R16ie/hk1VR+3KTVs0ngO7MhXVqMtJlwP0Y6v6CQtGO3G2B116/7unuyPQLCp6Ys + q9ZIQ30CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUHtshtomJ + suG51xMiTWsthHNeZhEwHwYDVR0jBBgwFoAUe9ElcTtFWbObkASWfBba4pzpw4Qw + gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz + LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm + YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy + LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQBhvzAvLiUgxJCN + mzttQC7Uf+D8fXKkCe+e4tXZNA3r/jsEurfVxVt5Otd7Nl6Mwd24TJYblY9j7vbu + rXSsCwGI7UvcayrXJFmtguY8HpQtpKNuSC/YO0x7txC7AGHbNp5+j7BywRixjTCc + p2/BJe5J3rGm1xbQA9jvEdoOkiiRxHG2XcjFT/I/BkUMLLtRuCGo+MkK70/4hf2I + QOshTOarkX1w5Nz65zvNKoFRMyBSC0AEI8Zkxh/e3ZPodzoSebcTyXYU9bUIheOw + qTG50vd38cIlzRFV5NSw3wYr94Re444qkGldC3055uacu4vhHqpnUq0cMWhDhebY + 3dNkgJhS + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUaNxYoWg1GWgZ1ViNRLFEsYnDp2MwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTEwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDimT9nSR0zlA0wK7WvMRrUZDcBHP35 + hAWranzbexBMAaBXlCPVxs1lGHo9AOTPjKsYpc+aAvlJi6efQsOcKagZRldyinBd + Ii+Z4hvia2Vqnk5s3YYEPFGo8krnXDpEL70TKH/GwfarSOsqycfolKYPpl1C6zQU + wH2U+u9hZ3oCtNPAh1oV+7faKQjhlRIURi8PK5qrbgqSrzWXOFVp/Eu1fjyrr26n + ZAGRyKFvScN4YzwujVgBvPKE5y/ZIpRtogZlS1if5Y3xp2VL98vKm7T1bX0J6NOc + BWqnh03CD4MWSZd8eqzMTV4kNgoZ93a47dhQwHJNz9FfPL3616OHmoeRAgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRBjw1gj6HCZjOT4ZfovXDapCUc + 2DAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw + b2QxMC1ub2RlMYcECgpmFTANBgkqhkiG9w0BAQsFAAOCAQEAc69fXJcmm9DrmHdH + 4fXyb1ymgRu4DtHzuSorr6hlCr2KUU7dlGTneoJPw3hPJy6E644P2dwd6qhFnbn3 + 2/REy9ccg3xjrjaAwY2h3+haTSCzuQMr5MWIo/Hmzsr/dS2qvPTM+BVEPVlrHCc4 + mhoNF+3L/tHHVBKmr3+KGSkyB0YJ0tg/AoGlHIHWlR83m2B5dQmpBBzlOjYEHft1 + WnArQppis7EMhfeT30bl0+Q21zKQNmxU4fG47lkqpxmUQohODlJw1bH/dwot2Ku4 + dmvf7QL3ynG36KazDk0i7NYSuTXdYAKnJI63JZeI8liwyCCSyJzCpnzIaUvKAILx + o4d+EA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUOYi/irJauZY4ZgueasRxWi7XsyYwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTEwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWZ/MNcpshsYrkIoFffSNgt7lTlJv+ + WB50oHQ5dppwGy/5sv8sFOGfsfKjEwBNGvlmHwcz9t0MQ4+ojLBCyouN2CV1wnYY + ilb6Ag601t8mNs5EFzsNikJXHu1KUujzj70bapmV+G6y/pkb25ns2z/g+Ph5Zixq + DGGMk4ibeKJzkyCJSO7FhM2RNdjyWmaz72l2XuS7H9en+LeGmTpVP3xd55TlZ5Xf + aWua2u5ROrFvRcNlQGIToTislWaitQCh0xoX+SZPwxUSaSE1oj1TigO4CrLPoYzZ + tRTz6zAqgMJumgxSArgcGuPICoAM5SGfFulP3UziVL0EqXoqlKihGvn/AgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRDnT5+jSsT2cP22wRYxt8mTNKW + GzAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw + b2QxMC1ub2RlMYcECgpmFTANBgkqhkiG9w0BAQsFAAOCAQEAUOw+JO20NnN8RvAI + H6oiOQEGQU37vDCkSE0M1gWqm/MXY0d0kjL5nXQ5mFbwNquL1M/wzPm3HjDdlBQ+ + LfN3AGDpHXpkUsznKqVFHdYz8gSA8MWIg+JWB5gJriykkZLndqfinqTkYF7gsa5g + 8sE0s3S7NaIrQhOSNC1AsZ3WhO0VxBDsXSDzm3lEPo1altUsMgnieaCi3OcFaCPs + cM7f9jEEelbY5j1YEbnc30AHYwlxs2GYTj6QxnNknCF7drt+CQIKeKcW/3ATc/Xh + xaC/B2+C90l/1Sc2fE71B8bVOk5TDnLA7jEc/f8HKAq1R7Qgs3m51lOAWUrQA/Ly + UwgQdQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUEII7MvDGMZ0KTZSIpAbPbMW6dU8wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTIwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWc8mDp4C1z5UnF2EJaeUOar1gDrpY + NAKsI4aOUiMWdYOVeQ4ui5vzoTkVTjNPqupaix5UOaiXr32Nx73vAU0DelUyBr0O + 3fX/q0ivGQD7FqqErBIpRkAkk14qe8XLNC5yqAfb6jAb+Y05XaaNFULYN600F0G4 + Ca7SFxoenCWCe3hmJKnbG0xTKPp9oqax3Q1kurAB0TRzxSQgmU/IPInvO6vPyv2R + 7O+vprKnGYcW2tdZ0JtKBQ1YIpxfJrHU9Le1+lkWCp+JiHaEipMxBZd+7nVBR7gq + n4N2gJ67C5vJuWA/RYcpvsWiBfj+CuQtNXItpo5svPyYIBMZS1LXFrrBAgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTB3mg0P0vfM+VX1n8U34fda+sH + 2DAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw + b2QxMC1ub2RlMocECgpmFjANBgkqhkiG9w0BAQsFAAOCAQEAHBcbm6PrvQGh/hxu + VZi4cadAJi+qQCd6AqKesy/4dRyce4pi+dHMYwPHmxAkY/egddyUnK4hLpBwT6fM + l6qx8mWJTWY/luLRXTT72tMm8M1J8IVdLmAicEq54O/Nw7pSzi85X1OdHvFlNPjI + R/CsGDpOd1wqlzALaDFntkhOO0pPrYq5xHf7BUCcmaSLSIPxzwLnS6VH0sWgTJyg + QPOmvKVp/keZXzUA2RcdA2/aThzVduWO5I902qQ7TgJPGGNfjlFBgbaWX5imwRVh + L4g6bL17b192xt9FccE/pmjl/ra3TQtFC7r9LKcsNSsu2XRvTqQLta2192OfEhHD + 9Hyvyw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUbt66tcCie2zOYsHlXxp6GlnTnbAwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTMwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvbZnKaJzZl6pITVwuX2oKmZQl9I/1 + y0Vc4xnpbn0H5eVKS5Hl1XkPte7/Gm+pBlYpm/8Adp3fDEbO1uGnet6TsFLuAOIe + iFRbgH7NHf3+QTCwYmHR4IX+Keceubj0QE4qu6WF0BJJkuaLq/aW9BXzg2QVnQp0 + bLlGJb1fQJRKwyM6bX3NFX/nMZNzXeiebhMdlSsMKcVgxRft2TA65ffFnMkubqjU + fe8be7S7kM09z53K7vUTSNfGOFXAandnnWqt+Rw5it5LBpkZ4Kf9Wjg0bco/3B5S + LO3uT0nIRlEM/FjxdtxR5ehNHZnutENEHU9LrNSPe4if7Bn2Mu/9wOrrAgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSGdK2bmMlbaM/YV4Jyv3ROslkF + YTAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw + b2QxMC1ub2RlM4cECgpmFzANBgkqhkiG9w0BAQsFAAOCAQEAdS2rAtqpgiz4Aj77 + NxhXZqZPdStyeQnQ2jAnnFXS93Kmdt7y5eCsoN9ij+wOqHHzxR+IlB7CkC2bgrm5 + k8yVB1tWpWC+7ePyuw5dRVApxypZ9nghecmu6bXdTPltZrHEG/E3ohylFSjhJLNO + isiSBwQiK2FkRu1VKIC9L//jhf+Q3Z7szDl9pGfKzAGnFMhtBDZ6M09zAnM6kwkr + p25bJ4MEjCkNvTVzRVZLEensXQ/MfF71PVBZfsLMbi1uhT6JdtWXQk1hZQMXuPxn + MPyTJnTu8Q8HQWNOU7jGL1zywqfj2s49uZEH20nIcPJ4FY9u5ZyAuYmYRw9fhvNH + VcjxuQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUNn1tWrWhNwIi13l8vM+CRUGQYcUwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTQwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVgADSn5f32qiThjV17aPbHwucu0H+ + ftF6bH1aGy2VjImhWUDodAur396xVl6XPxNPQGsGXlrX5kNTRdDydJCVJV0T3Irl + k+Ram28ZsQpTedNBqK3JM+RA3axLDzBVigTIANilrNfhI9wotIzTIrItEZoeMGOv + QEd1MesoCs7xl6vZqnoLfIffDrzZc3exur7dobt2hHQ4wpgZq6Ir43/sJ9skRo5q + KgJwhjM4+RjY85dMYKbn7kstU0ohT2+B9J9IIvD7idT2HuerxP++PyH7k3a6p5hk + XEmH65w3EY2g8a1zp0I7csmZEZ8v3e6x+XCTPDPp5LVnsq63QwBGnPZZAgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQxP0KuMS5rKOGy1DoVaA4Fu0fz + kjAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw + b2QxMC1ub2RlNIcECgpmGDANBgkqhkiG9w0BAQsFAAOCAQEAIRG9uublm+qeQ5Ig + xkjVHGyoenjp13iYeaYcDK+7s5zmsbzji/3Bc4tjrQA8mbDS62gLpsR0IRZ/KkVk + gI9L7uCKQ8n/xicaZisPTxs7WqZBfaaDSSyPn9mttPKsxitR6KnpxpDTZS+vqRSm + ncrYTP+6h1pmoNarRZLlMdISrCB2weuNFNhYyGUxGeeNukXtnMUWmn9LI7Cf8C76 + Iqn8NqmFZ44Z+nsi+W+nFOrr7wubO8PbgIrt9iE4Z9EevqYLR1rpxDJZOpu3B0eZ + wRSNb2H8tx3Q18Zzcaa4OD3Lpf3TdwXawUEJL9rFoNxcTlEE4BBkxN4Q6s33Q10F + 8kSsVQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node4 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAnigAwIBAgIUDtJG6OzUZWIGHm16Wbow3uvuPA0wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMDkxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEgMB4GA1UEAxMXc3lzdGVtOm5vZGU6cG9kMTAtbm9kZTUwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Ln82iQhbQiqGgVowLxQYvCZAC1Eo + DpoPfE5L8NssIohTJVp+QGG+fGXhumg9AE534pbj7FnCLjZfGDo1k8CL3ftra+LA + NDH993nwHANqoem7DgDdY1Fw8pzpyQU4St61AeoCdfvftzGwmjGaQ2g+920Dy3Bv + bTm/mnnZD1L/Su2OWSXq7TZtK/dzfu4B1FkNIxG/ZFWdIoAhpKHBVV0ID0WO7+gN + 1uhQQo2UY1kNbtjXyJds1yalH1/lNKh/MRae/agEWCiteAyE4AGO3hHqwAIIEvbc + aein0tAZEkNWsW1K2bz5v9mHsLT7tqOQ4JDPmEjn+h7KdqdvZR0YcLP3AgMBAAGj + gZ4wgZswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ/qe1NOaAH/1trOjRCge/BmeGI + xTAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8FtrinOnDhDAcBgNVHREEFTATggtw + b2QxMC1ub2RlNIcECgpmGTANBgkqhkiG9w0BAQsFAAOCAQEAl7kdfxqLX1JFbW2w + 0pW0Mw3ZH0ZFrGbafAgeaajFFVBRhbYBirdYivtpbSRnS4ej0CTH2+FOZiujQ2El + 9Sx10/M1G+huXqfuJObJgS+ZfqEIaCA9Br5msvXMqNOFQ+7vKugxZRO3yUGRFGua + HmbZL10SDgGpVoPrkDlDvPa7VZ5X0YmrDFycXMvIwkfcEEBW/+yejsqJP5hohc8S + If0pzD4BRbcVRwn1dUg9V1NrUioph2LUxme0KNKPAc34Bzuc3Of8k8lf6Io3qdSQ + i9tKsgPF7gVbY7KtPsWbCGsF0/cqQktDnHvCcYVuXrlBFroneUNVQzsa0QclcdYp + WEXAkA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node5 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIUCTl3ZdVKIsJO4PAhIrcu+nf8crEwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCAxHjAcBgNVBAMTFXN5c3Rl + bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + AKssrd7LwuamKrzdV113nojOL/Q7tnQTyZUnx+MAYm2/lhKTEG53CsP8YSn0TiNn + 2pwZCPqln+Lsa80+3Pid8bpERZXODpIpaj9SToKr2NIsbL0+8loaCkGqx/NG3imK + 7YyZKlpOqJpGEpuQVuQEN1xcbLV49FtbY2YtSskfz0TpFaGQdwVgplHzDA8cvrZ5 + bQY30zHaun/+fNTRMrPXn3Ufd4+FRM9J/ZPmM9ljq3RxYdGGeqEZqf++BjiDx7sG + 4fFKTjgz9+rHkTdzefoAUbZLQbFCe6lceb520IF+za9Y5e4kDWoXgCq9sb/zdKD/ + KLKhrKDbou9+LfM7APyeXicCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud + JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW + BBRI7fcRT6Sx7NhiMw0M5koeoX94dTAfBgNVHSMEGDAWgBR70SVxO0VZs5uQBJZ8 + FtrinOnDhDANBgkqhkiG9w0BAQsFAAOCAQEAKYB/2XnusXh0cF0D6JJhh3lVK/s+ + hy1hrrtz4yFF0YCMtqC+tRO3H0kjlHVwIAvoSVSbemNA9u/F/Dao1sPEiWEHc9cV + sFiJoG2t+PyiODrY8iHKyVXTBdJ5quwwA1c0dpuMhk2R7T0aXQcZqZ7eeYTWXDoc + AtFquwY1z345wgviC4SGUyB38isQRK25QH3jR351KHgB4EJhBlksga6xl9IpI/Qr + 6+CdYX5FunW8hJ82YEqR/7c3O0VHPIGrKNRhRDdogX6NJ2hAdMeJcDFig3T0s8yW + DUe8RPMdozo5tDNtaaSALlJR2w8u2XUfFGRkmXaMreBP9gkqaSmYFNQH1Q== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIURKIFNGDT+hLdQCde9Mg9Z7q0MxkwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCkxJzAlBgNVBAMTHnN5c3Rl + bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAPNHbnKDsWomx308B5xDo/eNK7Gs/CCe5efhP8qTe6xgWJcTFCfd + mkX69A8nEja4tvfGeCU/p00+A2C7mQFPYlyS6zw8/1Mq8gH/NMdIQd9OmS3VosAF + R7IdZolVQTtMLsEz/IejLwJQCCcN9gHmYUsX8J4xMftaN2fqUn15JsaOWIfHl/3Y + Uz14ih2i2HZ72xye6mpqCuSuTBUz0C/gr8X41cd/CU4L0ECvKMobxs5g8o6ZvjhQ + 4yDMfPNUh59eHlEFy9vXRyHwPNtYt92GIJ7e5+tuMGEvffaTJGZ0gmnuu5g7tQY/ + TV5df6EUkV3ciq8EN59MVhLVAhAYWjVVQ+ECAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBSauMISeLsycyvW2xr2A3eZJlN3izAfBgNVHSMEGDAWgBR70SVx + O0VZs5uQBJZ8FtrinOnDhDANBgkqhkiG9w0BAQsFAAOCAQEAzBqjE2TU9oAxJwzN + k+JHS1SwlAwC/5FAAD0SB8gEf51Ebl7dvV7MAyORMCn3jnUAl40s/VtmS0AQVp9+ + O7OoSaNig0moBpkqAcvvwy2aXatlRGrRh9Au0Hn0Gqtoc2xSaYkJq/nCRVD7Ed8d + Acc8bi8GvGBfWAZSZe/1aYCbIX/hxcPE5jCmQINpZfxKLrg/UBqRASenIoucrytO + LULwLT/qDww8YsaCXFmT7X7jBh1LpgxZKA17K5sKrZAXNqGAR9kQ2VgVRGtpgXJF + CQJCQTrt7zTB197JEKUuGHbAr9EYWU/224QDJ3c8D7gKvMHcPBjrGHYQHGZCHQSv + gqA+kQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUBcujHyne30Pg1L92sIdDfXKeVnUwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCkxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBALQVzTxmTMFGFGbZK58l2QvdOhTeVvw5JMbrTO0chawPmvbWyw3H + LyAi52lfE9TgN5pAW5kW2fKkdDC0FsWeqvT5xHUomQFktQ3dV0Bg1tWaSHvuG1t0 + wZshHAczE9te/wtTzj8dtYtewHmzswRunOlFqZQVYOXQxCObA/gfuWJ9EAJ6Wnd7 + qHYtBoo4tFHUNahp4pQsMKUel6ORp84C4ZsHzv2foIojXwUvNbL5A5VVcjYk+KZg + Bsr21j0OG87QwCFn98LzRjQOv/MELTO8J1zb++zonH4fJCrG5CdJ5APmO5RpD0in + bJ6qNGd2cI1hgUYlvib8ADWsmUzTdYNpkBkCAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBTJItDFrppdwDLNMaVcb3CRb5XAeDAfBgNVHSMEGDAWgBR70SVx + O0VZs5uQBJZ8FtrinOnDhDANBgkqhkiG9w0BAQsFAAOCAQEAAAED+AsZhAlZtnq9 + GL9kWoX7ywFfGaQtH/JqZOEFbLtlWKViGsx2UiRE3vSyzVQi1Pa4dwqqu1w8mSHW + +sTDVSuha9Cceo7/Oqxvyw0N7sKv/COzizaayv9WNiAaxE64LJMlMikKl+dmsJUL + KUQrKW8oryafN3K6gwsKKamSc3oRxLopXuoxJ9kirTnC9jLTgVIMD3B9hKexKKCv + oXJVE21ebVsb8LbIG2jWQqigVKqXAQ7x0pKzDW/7WHsRrDTdlZXSFTe/HAJYwknW + urgvnRdgPXPyzpraYObL+SWwoz4SKmz8eyMjPpWtNAYA7HbnWOtjScW4RJZzZCUw + Wbq+Mg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYTCCAkmgAwIBAgIUdVEU1C64lfj6ivzvIITcF4E4/SkwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCoxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQD36hk0C5V6NHwTZIGBkygpr9WwHpd0ppv3r14Kh5du0HyQ4BnN + yxP5PJ6vj3NlA6SfbGqNk2O9e/KaA0HyZZeaTQChdc4IoUcV5AsVgItlAozkPQKX + FTbA1ZeAglKGHY5pt3RRnam8mJcKk/aq+k07xA7eXBk6+6S9DhWOfZpffKnEgXaK + EBJeRKdqp8AJl84HLKqhCdkFNxbszy5CKi+TsZhZGIKXFSShbPGVjCI4KOt7adDR + enp0O7VyjEi6/09Lzr73Ge8fqBWskAcX4DrJJ/ug4o9B6TwWigXY1CrWixzzGJN3 + M9VtQfkkgBnKZQP4HrnteEP8Ed3Bl0ztnonhAgMBAAGjfzB9MA4GA1UdDwEB/wQE + AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw + ADAdBgNVHQ4EFgQUAc7WIsQjqd65vvN3nZGghhFa1hMwHwYDVR0jBBgwFoAUe9El + cTtFWbObkASWfBba4pzpw4QwDQYJKoZIhvcNAQELBQADggEBAKVApC4Z0BcGyGZ7 + leD7nfzBaPHq95L7uWLBK6HGa27ySYGDLMHU7bp5oe7OLhjtAcZxLLmyjFYIOlS1 + g+iQktbNlN0d3V1r/HeChqBitFtMrqhVEPcOuxj5PAvOHHEGJ9a0k39Evqwad2/r + 7bItvNGuOa0ehod1nSVHuMDZelEmQE4nwQwP7YTXapQODAA4AY7ZfbbFis0ZqS83 + rwiqIKjq+/xxh6fq50cQ97mMnfcIyoLO+eeWOi0k/n5PWWX4s1r4tYojeKMSUqnp + +rDc4JaA9bqp93rYDIdgzX2Pl0lrq+rNtHsQ86mrlyJyEg6bLKVq5oix0cOwc+9u + hNYttho= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUDCCAjigAwIBAgIUPkC++mJRMu/V+FuXB9nQytpI/UEwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowFDESMBAGA1UEAxMJ + YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVG2vk2H + rfw0j61+zm+3BYqhEwvuo+x9mrS0N/bevmGv77KeV3dQrZIZ1I/uQNUO6lrA+QNk + Lmytgq82c8ynqUYRBScxVUKk8Qog1vppqYkSLAhNClMr67ctP67Qtu2nCU41nO6o + 1FP7H0SyOyZWBzq2k4ltdcb7A5qBiOhTnRqYo0xFxRPuytrEo1W+nrkzNmmfYD57 + Dip3hg9ezSUyhBpEGv1mkPCVripSNVrceBboRH0WbMgZ+Sv2sElfDpIA1IJpzPn3 + BNNgnqkZmt9z5JiXQckV5dvf97ITL6spsccCoJLOaimJ/vNLEK/ZDJWu/h3X861B + QMdL5YLg/OVVmwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI + KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFF9nQw6N + Rfke5rjfyJGMDsHEQ8byMB8GA1UdIwQYMBaAFB1GizEP4y1W3lBQmLWrGjKBOIV6 + MA0GCSqGSIb3DQEBCwUAA4IBAQBLDihLu77b2e+3L81ngW87czG+GkXfe4oFIpE1 + dYy/nIS2YsH9FLKBFzFZIWbM27uixqqX3oJWJeCtLAZ4n71D3QfZ4n1710S9QBdL + 7/UFVaRRzItd+r6EBdNmBqFYeccrxos+YGmT2SrAbr9FSFPmrg4SF8pcTIeiQghS + wKivz29hksJWJft/l837v+NZcYEXO9zYPWOGnG96QGayJ8OldzMU85kYmOdXhuIT + /mHiIlfzeFQBG4Zh5C4R55LfuSBPpA/FJiCIgvrL6KeeHCXE7KjWw69BMq4yEiDB + Zn1U0HxWHYUtoTCM3X3fNoZ51j8gYA83blImLoHGhdb70/nG + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTTCCAjWgAwIBAgIUY+qFJRXo2kmhARyR8joalXToknwwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowETEPMA0GA1UEAxMG + YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DP2rGbvI5pG + /ILMScRlFWlZ33v0YIv8X1AugHItpCyykSSug5EW66o5n+JPwEbtJVVYR/FvN0OM + 9uFcU7ZHWTGpX6qfv4icr9GW74fPyS3SZMDejvC23gmGodh7N7k8Aq0rFHNzK8B7 + ZA5cl9ecCs9kkJdSHuKh4DeSZupQvjBaOdCyrvSkQ94Y1ABKxm9/ufKc4uAyIyLO + vLxoxpYvS1CWJhYOTqr910GTIULDp6CtUG/gJvFjafCLwwLgo5WbidLZoNudwhx4 + hgv/ZZjx1GaUGFHxKucqV20GTRNrYSwUwxEOWV8TGwSFAPvZ8E0TugwgxrEdidHW + +9rxTyL1+QIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB + BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7XhiJEpDFW + Quji0xB3GhhTwqHUMB8GA1UdIwQYMBaAFB1GizEP4y1W3lBQmLWrGjKBOIV6MA0G + CSqGSIb3DQEBCwUAA4IBAQBNJLqDCv/zi+Uiwx2xThKd0Z0gWzZGXDw3HcZccrg5 + sWtIoIFv14qbIa7yPqiD0JcDcpEtWNtHJpJ30ZLEnpM3mo5KVTU8bI9Z3i9DEVis + PWrdT4rQOiMs02a1hXse0u+GgC4VX1g9OUQ38RkAXMFp9yUBzpYviX64TFiU6U2F + IeNrxqHL2YAqP8m6mJgBRL6BIyRLBOsaXUziBRRZwqrQdIX5oxxwJamZMmTLrG6W + cz4s9vHgcpq9NNHE9azRI5sC1QnhJnQXU1w3J13pBB8TZI1PPdiPshtaWE97CVYH + QeMb++iM3hpG9tOkIRTjC9PWPbh9gvVEd7iGUIA49c7z + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDxDCCAqygAwIBAgIUUpBa3I4qjirh/2H95xwmUj2I28MwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowIjEgMB4GA1UEAxMX + a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw + ggEKAoIBAQDc91dCGInlH79UmOHsW+1+/gP6Ug+KoYl0bZHJAHQk0jY4Xq5nSCMC + PZH2C6Pev9ItfrtTJ5Nd4BbUg+XG+3JklJ9hckW6dMKkdS0ecKnO+wyEWkPar3Mt + vfIc2aJq8LfWDmaiDsVSjH1c9o+8mub1m+iwE2t124asQTpGiRJs5tcLaDTyzieN + rArkGxKeCwGbgy5JT7ny3lnc257WtzZJCQbMrsCEoWRTOkb2/o4K5bvweVs1ZnDe + maFYr7bH2U79HChCbVEPPndvKecOSieo1JaP8U1HBVNqlyktofC2gq5kKBNXu97j + eAsWpAkuu4hEi164RjX0aqGun6Dnnc5pAgMBAAGjgeQwgeEwDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBQOTCuwI4CKILuPp+fH14jfTVYSfzAfBgNVHSMEGDAWgBQdRosx + D+MtVt5QUJi1qxoygTiFejBiBgNVHREEWzBZggtwb2QxMC1ub2RlMYIJbG9jYWxo + b3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9j + YWyHBAoKZhWHBH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEBAKKlTC48CNFE + B4zyhhX1Jz2ipF3KpW9bOa3bryUxcxZFUAl8eBudzdsIGoJ7LXDgoaum9sy8sIqf + uYCs7P3ndrESGkKrvkGLECi9i7cKa6a25Mo9+q1SoQ2nTlZ+dz8Sj9crrWWzxkX2 + UoIdPKUVcOsFA70X31KBn0Cq2X/DCPsPr/qrCRnkDYG6Qr8xDxGl6kGe53M50YmA + tmOmoyuTOuFWMIX1tppyKJLqTbRhoU9CJrrXYqftrc/Izf5KSiDP56+PYdiH8Aii + CMF8ew4tfCFXBJi4lD/5iVJxt4ht9/5JMcgB8nm3vvnJX1SgsatwxacjVaSoniD+ + QXVlXKf3Ymo= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDyDCCArCgAwIBAgIUJA2hPpbo0YEzmTtEy/vHc6SvZ6swDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowJjEkMCIGA1UEAxMb + a3ViZXJuZXRlcy1ldGNkLXBvZDEwLW5vZGUxMIIBIjANBgkqhkiG9w0BAQEFAAOC + AQ8AMIIBCgKCAQEAx5f4HlWaQXO3kmc/fa5C2T4uhCGnH4zyrmXDtU6A0KB8TqQ+ + Uol3qVCNaaiZ6UQ78C5D8HKUyQiNul9lu2IeUDBn8TXaaZsiONSLsRZRzwQu5faV + 7S460Rd5/kFHQg6hDGHc7ao5zusFgD2BmW89GfANTtwvYqZrfhMbrmPzd1KZ2hun + gWTP9pdohClbSzSj+HkGzFI/YmLLGYtT5WBEbo0ly+Zv/dTKcx8wgYoGSDdjxsPq + 6ez1jULyWCAnie49FSZywClB5TnBHiGMS9ZBkWUkEt2Y3u/E9/lw2MZZn9qh9cur + /QC7QzxpLTeS8goa6WGkejSU4kFQEX7ypSGObwIDAQABo4HkMIHhMA4GA1UdDwEB + /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/ + BAIwADAdBgNVHQ4EFgQUn1kykpRvV4TYuGPIPCF4yMxtjMwwHwYDVR0jBBgwFoAU + HUaLMQ/jLVbeUFCYtasaMoE4hXowYgYDVR0RBFswWYILcG9kMTAtbm9kZTGCCWxv + Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy + LmxvY2FshwQKCmYVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQA1F4X6 + YQv6OlUQ3i0Z0/Q0mpQJig3CWNWNS+dZS6JFZcGTE05CrTUsESA6qv4kM1r3GHpg + 62BOtkQQOn0LEIyKNjIlakZx8CXvFfuupq76a3Hud1Z9WpTgXcuoCqipsULEIke8 + 2AwNvjbQXhF2p23XGENhF/WjEDhbUcb4Gv3UKHIVH12WAvPZplBaVMF5eNENVv8s + Lo+kKUPVEDUwq6J54dXSINf42aWhrms7mapx4dWPL5a7BDMqmcWDfaQd2+8zZ+NW + MJees2lrvk0wBmYHFvTXjMLo/OyJ4ZeVbML6MqsPfd+lgmSNdGZap7E5npn+LHL+ + OzKpW7cXcjOmWt+i + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDyDCCArCgAwIBAgIUOGgzLb4e2DZz84SYKnI72MS6yRwwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowJjEkMCIGA1UEAxMb + a3ViZXJuZXRlcy1ldGNkLXBvZDEwLW5vZGUyMIIBIjANBgkqhkiG9w0BAQEFAAOC + AQ8AMIIBCgKCAQEA3tvAtpBBiu07O2qcjGuipY2GkfrSsrG3TJnYBSs+uIrDmBsy + K7JXwowvUhsnrxRrqZ0QhHsByLveD2gnNzApSKXRe+KdBRxCsd8HUHqiFn9wHCpb + mwKWSwUKz1ab+QgkWZKuH1cJxUK8zx/F7o4gh191glqAhKgXL9eTUj3c5SguyLay + 5TBIa0dOjfOc3kixUJ6TXSeJ0+lMjFzal8zgysT4GvjQs2wK9k9cPDobNwsKsW2Z + FQw+kO39cSyhdyvLvtk4RiyG/9zMVFn54NUhJAspzq+PnM07UJB7D6ZM0XkGjk/6 + nqUgJlNo1kR4Zo+kpy4J/mUDmMjZZ1n1sfJ8wQIDAQABo4HkMIHhMA4GA1UdDwEB + /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/ + BAIwADAdBgNVHQ4EFgQUYRrUlrcVBcu4EOLS2U3NFBSLNHkwHwYDVR0jBBgwFoAU + HUaLMQ/jLVbeUFCYtasaMoE4hXowYgYDVR0RBFswWYILcG9kMTAtbm9kZTKCCWxv + Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy + LmxvY2FshwQKCmYWhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQB4u8hL + x44Lmz/lHyvIOEKNrXXAKoYFRyZis01mVfvEWnPsgQ/i6/vt8AuZ2u6R57e8nnkc + tsa1EPYwmUQ0KSTwXkTkG5WD5bI7/haD2guSy7eWRaGz9LSHmXPhJMVeWpYJUyz7 + eLbyuhNwW0gMHq+VnlM9kDfggX3TF2AZbM9YMgyeH5e6WHytjFzKQmMe7FoIyBGY + 141YuzZbXQLj3uSfZrCfk1BxySS1d//SN//kM0Ox0fIHeiUSAiAM/V5PwIzaIe1n + e0HXLi2uQRXXeRcqR05V/XQkoHwYyrARKED/2xWif77uMBHoNrdHC+2bKaG3lQk+ + 2V9DoxOZ57myyrBH + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDyDCCArCgAwIBAgIUF4DiWQyndf/Q8HgoSC4bf++sh4IwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MTAxNzE2MTcwMFoXDTIwMTAxNjE2MTcwMFowJjEkMCIGA1UEAxMb + a3ViZXJuZXRlcy1ldGNkLXBvZDEwLW5vZGUzMIIBIjANBgkqhkiG9w0BAQEFAAOC + AQ8AMIIBCgKCAQEAylRr2g9O+zU99x4MBWLjWLf38Vrwjh+fdTGDpnx3Tw5jTWS8 + RwAzzdDkIQ4GG8q9wiAw5usElaUVs2wre5+/XBdmT6/h8vN4SMT7QHkKdE1cEpoh + jxLMeDkahxcThoWVlwNj4vpAlm82pp6e23bZlEpDeqy6jOCQHH3Md7RRw9Ubkcrd + QnaEl6cZ4IBLMky5Q9G9wRYEAJF0ffXTmK+3UD85fGxROTiLSrUc+o1JrwaL4QLi + q2jbA2v9hvURQtV5WTKvH1b2zbjP0FxK4GJreNVdeW7qWS/BV06NugyqKWp+6niR + 19JK1n4B8jqmuhFYSHjx3UMMJN5HNRPDJW1cFQIDAQABo4HkMIHhMA4GA1UdDwEB + /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/ + BAIwADAdBgNVHQ4EFgQUsSfyEGwiJjZvb9gE20kGgP5DjP4wHwYDVR0jBBgwFoAU + HUaLMQ/jLVbeUFCYtasaMoE4hXowYgYDVR0RBFswWYILcG9kMTAtbm9kZTOCCWxv + Y2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVy + LmxvY2FshwQKCmYXhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQB31yuz + qVEC7Idh6wa68xC45tUeZaU4jMbqPY9zGaOlMl7RNMSqZluSsn/CmY7Iy7Jw/DOT + sxXWY8xN6IVKmsU/lhzmwEQneyRpxaCXa29hKp+ZDYhgUm7iC6LFYodl8xTs+g0E + SyFCXijs0Z/nhq3rp0q+k1pH4rroHy/Mx32hAsVLfh26ZDAHmwwnT8Fe/NHJfz68 + HJ+Iv9Jbzqo3m+XB35y/o/fN2gUeyRkuQOs4wCItKn41E89HIR8WJ3HvBBjm1MLx + VIi4wmEPBhLXB6HGEHfOgSfyGXDzXv3/HYLMPRQRbAxdCFfe9E3UxYV0U+ZErtgq + DpL4g2ploCmjEElR + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDzjCCAragAwIBAgIUCqK8rbRNnED8bIclYLhk7pTurjMwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAnMSUwIwYD + VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEA9Qq5Oz3BmRI4kmkFHIZoLbkf4/wF3RkiDWpYUAqa + ggvaXan1OHLcCoFnw5v6Pjtf8U4p0n5FAUOdRA7U4ICym2poVG2UCjsySCNjSmL0 + DjpVn9Dj88LjQ6OTUiQlSg+wzsMIhuakD6o1Gf1UZ/F+FxtU/TMMjtKOSJD4Rpyz + c0hNvBWi29+qt6lF6pBuxRE2WVr9t0wnzp+qL/Ng3R2VXu9q9EVBRoUjwJpmcvkC + FS+b5va7ZsvPwAQ6gO7oXOGtQE9YqRLAu7KasnHhqw+NmrJCumPW84q3ddG1M9DY + vU7LNHyF7FHsMkEy/1PIWg7Edp58fny7dCzm2zZklyE5/wIDAQABo4HkMIHhMA4G + A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD + VR0TAQH/BAIwADAdBgNVHQ4EFgQU6vDh3UHnTaExJmPKeTy8lF4Gfg0wHwYDVR0j + BBgwFoAUVap5p5w5BZcF6a/rnY/SmtLKL20wYgYDVR0RBFswWYILcG9kMTAtbm9k + ZTGCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5j + bHVzdGVyLmxvY2FshwQKCmYVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IB + AQBIE0LN5HH59d/iSKoF9J3Pt+qxkeYH5pa+b3JnD8WY5RDiHO7jFeABD+5HJ+5U + 1tiwU14WwjjI/FYwnpw1jK0dN6mzrd1yYv2KFOtv6JjGwq47qe402jUDZg7IBb2v + bcjEKjt/alJ9L9L4k2b6o8piopIkYaaUtcNZV4kU2jjnFNPf7vabqoi+Iw9JKFfy + 2vMCyrqwiXMmPun7Prt7eOkv3mDAuWqciiXTSqVDg2KZH/7Dw31pkXsdSRLWRKH5 + 22jBwdJQXJVvnK8zN325CTS1bJ1+/prE2Yc9eO2GMMm+NXyX1RrZqPHs5o7n7NM4 + w9/okm+nZlnQfCagnD3vteO+ + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUMd3JiDWI722+AW/USFb9EaloddYwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjArMSkwJwYD + VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTAtbm9kZTEtcGVlcjCCASIwDQYJKoZI + hvcNAQEBBQADggEPADCCAQoCggEBAOJ+qXuoVt+sxYtGXLdRwvxJ290XT3+ZEmVQ + yJYzm9XrJmT62YHjBaRRxto+GDpCaxlgnuGIi7pv200AX/yupPKmKOKl8o4jwydF + DILPDROWGY3M8D5mR+wSrrvaJu94b5sVtNLtowxx3/mX/L1snauMDbNv0cc/S+O+ + rm9OfivexBmLGOx4wLQNSnx54Q58Nj4/57JiaOCJTUszNILGFkWa9+4WkwpSCvmL + myLEFfOqxl9Jv+kYeY/OWuwPDmRbuNC7cC8YOeSAz6asas1ich55eMG2ElnWzu2Q + insRokpTIyG5PNjWu2MLxOnnVk5AzA5TGfWp0YDIdvun6OvteaMCAwEAAaOB5DCB + 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC + MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHLcpNrMF/rvKOuEkFnzsG9cNYYfMB8G + A1UdIwQYMBaAFFWqeaecOQWXBemv652P0prSyi9tMGIGA1UdEQRbMFmCC3BvZDEw + LW5vZGUxgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z + dmMuY2x1c3Rlci5sb2NhbIcECgpmFYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAv913Pc6RiKTNUCXxb2t0Ybz6Yv/ABy/VOumHsVghR1ePXN76mn3FV5vk + 1OgiCXmzISzuFMXpoVVgBcDD1N4/LP5gJCMls84aRYXolllRgz6tkqqq4J9gRl6M + 2xtnXaPJRWckX2U83JtnHJlpnaCkGV+90O/WNAETJYFCSricr2rl6M65cBbaG8Sv + bn8XuD/S+RaSTNmTet3Cuyqq5d/8IdepjjvHc9h0tV1j+8+z/4u6JgRc3y5k8VVf + nQ3LN7TmI84C/J+S9mJm8dBk4EDroZvkdWGK99LRtC6m+2HBkGrtT8p5Fd+cN7BS + cr1M/wQ+7OucyGKPZPYjErLxznHebQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUV0amgQbImMxceXp2j6lBOC63Wz0wDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjArMSkwJwYD + VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTAtbm9kZTItcGVlcjCCASIwDQYJKoZI + hvcNAQEBBQADggEPADCCAQoCggEBALwgAWkPBRg9YKE/lSldqkDWta1I0SsYWyZ4 + Cfe2kN9jMzNCatoXYfA/3gzh1+gDlLgEpNaKiuau20jiKGXhd0qq062qYUaTmtV1 + 2t+ZH9nw9QtRhqNlXsONR8x0B7dPl/uLhb9+XEuj4FB4lt5opvaUR7hEMSAJPXmJ + 7QxrRYRLOB2aWBsQ2V66/mwfAm2AomrYf5+U51ixJ+7Okt8dvWwogZNZnc6hYlOZ + 1byCH2cscF/3yojLZIEk8fcce1CF/YXFyOWA0SlDZKEXeLgbdgzNBrjFMIswvAGl + pgpvF7m6YsIbKjfwILMq7cc+rMMl6ZM9syTsI/LrniS7i304GkkCAwEAAaOB5DCB + 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC + MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFC8x/+GIJopTZIcbI9SY2Ktfdj2jMB8G + A1UdIwQYMBaAFFWqeaecOQWXBemv652P0prSyi9tMGIGA1UdEQRbMFmCC3BvZDEw + LW5vZGUygglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z + dmMuY2x1c3Rlci5sb2NhbIcECgpmFocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAiDqZ3mRkqWA9GVaIWEp+ae7gbDY2XUpnPF6CvaBg3LjlZS2rh54ALCyO + OKuiYP9TVdJJpmlXv12ImZZGAQYtp36jRmbQeWL7rWyFug35iu2sn6086xAVMD4/ + jFroFNK+o2k5RMPhLPvbZxUOXtRBxW12ARAZABdjZKUIVKPvNhYSUkliDRuzool8 + /jAky4H/2DftT7OgaHoLHSi7ixjgiOkDpnE9TM7ReN1Pb4qS0boVlnZPtnv4DnnN + DJr4mtZmVWLZYNhOh3jtCZYdN+nIv/t0zeleUIuqFb/iVFWcUr7a2oZ5TQjl5o0o + 1Ou1m0mQAoCMpTq6f0SI2ZW3Jiq19g== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUJ1SC1Sayet9jm6JuYgkfeIaHPXMwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjArMSkwJwYD + VQQDEyBrdWJlcm5ldGVzLWV0Y2QtcG9kMTAtbm9kZTMtcGVlcjCCASIwDQYJKoZI + hvcNAQEBBQADggEPADCCAQoCggEBAM4M13fN2oj1tKWMQumtHx3LRlQiBQJIFwLx + S9GGDJaAyV4ZEWWJDkNhXFcbjd+vOpSbpJH8PJimdFPqI29StyewUlNBvhmmIOjj + u/bVkQmdDn4tW6aci+bs0s/X7aoFRn6D16KWeH4bDKJG0WdYCj6uOBQIXus2RRu+ + mUoD1rX6ojvGwT7KExLMJXCvoKNL3089GxqfKYNFUV8UqhanHaDuK/UFhf5eaL4D + kVAY5/V1en9TsvSYH2B/2DJ937kMApRjRlahzEQKkm84jpC0ebqVJCTGaS7gP+Yu + pBD4yuqZLYfRFnNUXp+3onpYr7Y242ZaNoVxEVi42i/7WYBff6UCAwEAAaOB5DCB + 4TAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC + MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNeKsmFcTFXYLZauQcodS/QPn+3FMB8G + A1UdIwQYMBaAFFWqeaecOQWXBemv652P0prSyi9tMGIGA1UdEQRbMFmCC3BvZDEw + LW5vZGUzgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5z + dmMuY2x1c3Rlci5sb2NhbIcECgpmF4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAnj62SHgtxrqrZiuQmbtanbgEB7UPULZySZNljs+8oVL1ctfu97RfXC4M + D8r++wEz6W3tapL/KFSKHV7K+0R2U9q2pQp6trYlxGThJmcjObYtRwDTIwyFznN/ + IPgqgW/nDuZhd6jIfQiuujxc/zF1VhydA9t0swC+eAH1FPKJTdc764nT96GcJi9u + woGndhygBof+rvPjifsVp30GE0Oc/MfjwsyDe94t36zSlokWf6FHbzGplLpIAsJA + vfbS8XQJYhpDj/5A6NRThRgdm/YuP+qIqxbARS1qbJh1N8DUaamqMX5kgijOm4C6 + wvg3z7CiiDfHxBiL2B6hQ0FFjV9RWw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSTCCAjGgAwIBAgIUDqvS+J3DONi9XCRrzdHofiHMij8wDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjARMQ8wDQYDVQQDEwZhbmNo + b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG1/aDpS5pQF9f9bk+ + olKiSH7c/l1/YPC0QRLRrXNb4t5LH5svo9Pt2VUNGOMLqBUDEWVjYavg6SWmovLr + 5WPgyK6kslOHFxbBUtsJbFOvtst7uk2+RQQVKZYDQe51lJ96KOKv+/deV5N9Xlk9 + fH/Q5d13nbcP1wn5e43UT0WcwdkagnnEgHPxj0+aeTomLR1Oe4Hok28/ibSnlQHP + GCksZBIRwktBBNuzbf+hbO2DJzwSkGK1S5yFKmY/zskX+yWnYTNsM5MpW//eK7Lf + krWmW7KM2WWQbXdYHhFHsx2oec+OfEHTYA6lezoKu3JvEgYwfDrbk69BzER5aKeM + RkunAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUpOuUxnxLW8TRhYF0 + VVfMWkLhs24wHwYDVR0jBBgwFoAUqj8aklmTCPGwjxBU2GnYEHYUrVwwDQYJKoZI + hvcNAQELBQADggEBAA8jL0G7wYz2B3xY5DHIZZVnbGwxqF6MKr8ua1bYs/8CCyhG + rdiiAOGjs/Fm4T5giPpwreMsI7khnl/l1po5uaKHpCEE+WYSSa5+wi37cDz2rLqc + kmY5RVOHQqYngcR/dB8lghvYXXKdTxJhIHtKLRRsDtEtJmmXMyQU3kpEadSVr12J + nNI8qFnpUMYnelvnrUYXnFQj5si2O8am/PswMuQYyvGB4bcRf+CizITL9A8aFCYO + 8LFoV2DX6GFQhF/6SsR1ZGEeIVLvHNvClvyBv0r8hrwwoHw+MHE4ZqMs1qwR6zWf + IM+zdeSIE8L4NewgTsDIYjm21KWnXxSWdN+eBa8= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkTCCAnmgAwIBAgIUWTP7KBAIEqpE1HXxAuxdi9v5mmQwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAiMSAwHgYDVQQDExdjYWxp + Y28tZXRjZC1wb2QxMC1ub2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC + ggEBALo9lW4d/QSYC8UHr4Aj26OAETW9fb2g/PYQ+9RLo0aHXE5xv/lAC333BQrQ + ntsZcAX2nV6VUj0dIYf9KJ6ILlxfl4LqJcHla3HnCsCdw5EojKHghYgOLOcUUK3u + vugXoqf+qCjTuw/eXi6yxrshkz3iVonyD0SYi4HHMbz4hF3+V70L67Ecyo2N8/Jb + DD/xd0Fi8YaY3qCE79tEqVhn11u4Hl5KyUG6BRokGAvSmr5p6fyXCY8TxYoIUSPQ + 7/8GZHpxda1M/DdeMMzwGWAXbMCclJbNH/xca2BR7gAnyR5hoFGabLrDDjMzILnQ + w1R7nLjLdeimC5rGSr/0kEf1QssCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw + HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD + VR0OBBYEFFrEyajxD7rMLNbSnDPBb7z5rVEAMB8GA1UdIwQYMBaAFKo/GpJZkwjx + sI8QVNhp2BB2FK1cMDMGA1UdEQQsMCqCC3BvZDEwLW5vZGUxgglsb2NhbGhvc3SH + BAoKZhWHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBACQi2nq0OqjiLuBp + ooBrpCHf6BIKGsfuMxFyCUS0NkM3aiTghBUQJeHmknbA/UKqbogFb46la+lz0Mku + 7ZSQaYoApxFc/VFLEiMzBgC+f24ihlWcQ9U0r1y2Frw2dyCVstN5oBhluRFWJEk1 + FBB4R3D94C5+ROVI5W9KOCNoIDj3BfJMh1eQ8dowwjjZxJvskgOi+dA/x22GXJuu + dgBn1Y5S7RVJLFvvHX+p3BU7mzQP2G85EU6BRMMwBot7K7ab0noG1M/fqInrT2rk + GPMhGiv0VzB5GBwr/nS2GYvIVHvMVVNrXflKHaJLU24I0U4M93Y2NHD71FSzA5oC + QGc/aOA= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkTCCAnmgAwIBAgIUUglgv2X0gCKMQ5HQ7/CWxForGzswDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAiMSAwHgYDVQQDExdjYWxp + Y28tZXRjZC1wb2QxMC1ub2RlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC + ggEBAOKJqlpcr2mO2CUHCXokm0TKnvYlt+4AKAsunYFbcrnOTARWg9i/GdWSQ/r6 + N4/CdChq5kcjP3Brhf9eX96bqQ04sOa4whs7jnJWcZxNNA6I0cXMjUDWkHuLQUvU + M06R2vsAGXnvOUYu9+m0Zk3ORI6qyP8uaaLfbaJaf9/skCGXjQeAl7JqBPH3yoa4 + iPf5qY1T7t9AxdQGrJplTEmVERyILBHm6owQwTdiyuFyn5LPW4jf1NPr4S0KwJ5n + xPdpQxnFEszqdI0qJyfSxslFU8oN9mKXqEbYhSjYV0NCQUIpOC/u2t1sH5Vuq5Ok + uXEYplqVpSt6bYMk1sXpU2fPzdUCAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw + HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD + VR0OBBYEFLMgGkKlgS4a6QmZ5llbTZ6VGsa2MB8GA1UdIwQYMBaAFKo/GpJZkwjx + sI8QVNhp2BB2FK1cMDMGA1UdEQQsMCqCC3BvZDEwLW5vZGUygglsb2NhbGhvc3SH + BAoKZhaHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAFtsllXKD/IgVDhl + 8MU355y8SrYyH3aWG57ihza3DJc2Z0YdTGW//iCM1GplROZl+dcI6C1thtuEU44d + uNLMscnkk3pPiOxLRkzbAJKYrPX3QFLPvFjYqCJZlb5HMKpMX9X6WuG2lSTSexTZ + 6I9K7vsZW33MC/9r19kbyUdjUtDKWZwDxeQSlJ7Mz/OTEDwXPWVjVzk3V9IIbLuq + cve6BPVvyFF5APDl5Q7KaZZpRRAyRbI5wgslmgtWKsA8L5rZrl+Ncajj50x15Rjc + YYRhJWRRR7p3OkDF0h5DBB25w0pR6LtJOR2whGNwC6U9QbwWxRktd3C/gX3gYwl7 + pfoR2Vk= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDkTCCAnmgAwIBAgIURMN4JfeDfqua+8kFaFcs4C0IKwUwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAiMSAwHgYDVQQDExdjYWxp + Y28tZXRjZC1wb2QxMC1ub2RlMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC + ggEBALwIJ8y/31e7tk1FfWUshWRMSKvdJQDv6kUDlGpm/pCtu1w+cov4ci5JTXe5 + qwrwMkzIisjwOqYMJEZ1hBAJ/+1YxcePMuUGZbxFaG7NeSk9h9mPmCXKn8pwejR+ + siICGbDO6KflwRkNnrMvyYg8JWIlqe4wQ8RbC3TtIkZlj6Uyb6muhb5BhXzpDrjo + cI+TZADfdYn3dYAqgozd37TlMBfGDBToJX1U6w0m2mLzj5GMxyQzOYLqLezB3vJQ + wdzrDFl9XUZ3ZaGQ8Vw9is42osLuKNQSBnTxzbP9cCmO8K1xdsDLqLWOYR6JauIw + nhgVXXiG/yor47WHwYQUPhvsceECAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAw + HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD + VR0OBBYEFD8Q5S9CdHXw278L6X10EVQSUK9uMB8GA1UdIwQYMBaAFKo/GpJZkwjx + sI8QVNhp2BB2FK1cMDMGA1UdEQQsMCqCC3BvZDEwLW5vZGUzgglsb2NhbGhvc3SH + BAoKZheHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBABPV3yFn2rWNsWsO + hC76deReIoSK6wdRgu8/txq1lHLjmnqbNWkdjhH7Y/JEFX5H8CBDX6zsu7aobEC5 + tT6j/pcYFrpcdCF1vmfYvJ4+TFhOxsebtWvQa+08U37EXYKLVsDgFXj8h+/gvNqe + 9oM3Ak6QQEVIDXZPi/Q3M0SQqKvgTi/nxxbZcLNu7freLnC4zuDMNaOS2CsH1dx7 + NjQe8wKTafD5SCgDL/rwoJ6C+uHfuLsexJ/ZfkmO7HuHM8hjhVpnB4XXtL5R3tvT + bDVocpVaDtmPqYAH73n36KLyEuppWU4H2Z4HXzOgJ6APQpQM1t+Ge9DcOO/XRXyO + wKVpvtU= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTzCCAjegAwIBAgIUFQ7v5fmB/wdoO29od0eBq+uM1yMwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkxMDE3MTYxNzAwWhcNMjAxMDE2MTYxNzAwWjAXMRUwEwYDVQQDEwxjYWxj + aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTN/w6HQGi + ZFcAvPPZRoYMhMu4Pcks7j9zmuYYpoKRRft+AYOUZfhlgkIvwv7+Zp4RQp3zj2u2 + KHYGXKOUSCfeZtLf//wgDZtv9XQf61vwB2c49kbBKGsdBl7q0u1+NOZnUWP9JzkD + X/GeuqiwRbrMlLyNAdKqxHuFp7gac1hR6UZDFpBzjYp5tyFDZaZy6/Q1RR+DRwHe + 3UtTSaXjJ5YRDjfHDc7Xy5RzEK5AYXBAEHCBHv7hU1BXkiAi8orNTETOMRG4rUf7 + L/lMNoFq87PLovVadUkjuGqK8LsBEjFZrXVPqZmnKMdcIuPVbQgdwFOrGM6so1A5 + KA/f91kuHhSXAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU3u7nIdoq + F4QoImLLuyhcnliy8DMwHwYDVR0jBBgwFoAUqj8aklmTCPGwjxBU2GnYEHYUrVww + DQYJKoZIhvcNAQELBQADggEBAIDQUfdsC3Apqi8VGz9J1EHF4j49fBe26oOV+OnU + /cijGAy2u6RnQkTygTjAHrqW+F3dN04K36+lCIONvNYOTdMoOchdvGYsx3nOGB33 + hVKAUq4HASTDxlxjGTPlpyldX+ll9Vnrx9gzC8yRllSQ5WCAIiN2bOlDJWXRVvSo + dzNLh3T5Ob4cA4wevuZGv4k4i2gHJd2dW8V+S5zs8JG+JweZxjIJ2EXkoK1kKRJf + 6ylK/ddCLqyE4+cRpKwSusHsaYZjmCWmJTLS5pePORabG5dJz/BPGgKh1B/7i8vX + gHxyMrsINjLqeEE2pH3dpeuYHcjDK7YKXi+d3JoYKa2F9JI= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUSal1qO83HPfl18bY7yZfWp16p6MwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCcxJTAjBgNVBAMT + HGNhbGljby1ldGNkLXBvZDEwLW5vZGUxLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQCrRWGRiwZAQzLpQHywYHODyufvU59LGTpRtBj8jeUjQIMB + zMIcLVhnNX0trtOQIf/7RJSahhsOpXQRgzDVY225yho3AlnoKhocJzLQ8YBf/mF7 + fv6MYblVRpSlnkvJuweTyfkS/J6pLKpO+ZSTovAuirfUUgnmx5HXD/GkxP2AsLxU + H2765eTOjCy99Qcpsfm3rUd+rC/dQEyQYXK4mqylcDa42CEPWSOTQh7Pynzx2QSw + yp8/CUiBEzZBdtWWGt3eBcb4YNypD4XmKksy2w9z3I30dsl+RBWS2GIue+5s4Tir + Ai3WQ1PLCw8qBduohqK5Cwvqos42/M7C6QM615EtAgMBAAGjgbUwgbIwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBRMLQSPn1nJOXgtOqc3evonuEfKlTAfBgNVHSMEGDAW + gBSwf1hEf9YG8SVpf9jlxbHGtSQ4xzAzBgNVHREELDAqggtwb2QxMC1ub2RlMYIJ + bG9jYWxob3N0hwQKCmYVhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCC + /vuDwGuKPrroU9LrsMVPFLys3gxGWy2qt1Olofvman5C4D0TDEH4pzX/kjdY6oWJ + Z4yxxLFwhDWRTxWdSX30Hm/IDJg61Tt5pFyzZ0D6FohQmG/cb53oC2TGKtSFRkcB + I+1/gC2UK3nuEkoJUqGtNG/H0EOkC/0ModPMxUob6oOU9zyeIVYdzcfqriKFhuV0 + FIscDEs3R+Ej3fWYsjQcK9d03lk+yquv4Qia57gASjH0nhokFYevrAqy/3rb/Ygx + Y5gKaDtg419AvBcGCKxUlp97Nw1K+NJCO2C2gFsV0+bgspG3xCG1tTTXTjGg5acs + SvBDma2J8yDT2JpmZAY1 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUIE27U9sJvyGBQbL4VOBZAPEwZsUwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCcxJTAjBgNVBAMT + HGNhbGljby1ldGNkLXBvZDEwLW5vZGUyLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQCy4CW6/cdplqFr6RShHQkSqrMDpMcIvEizQLlK0YCwWY+Z + zECCSQY7lpw5g4Q2xpv4XUIGo18L8qLPcnPdSLdQ7aAVJCSsb99M10c5k7ZBe6Ud + br66CfqN0+SUpwcjrAy98h7AHOg3lDkMTmAM2wJY/CMPloeD7JxLVJKIr3zkX511 + xwB/ZMrmjFbdUP3UWQouiuXgKMDm2BSBdW4bOPsg+4WV2hiGvLO2jv85AG83YDbq + I9sm0MU541oT9aGX1LP3n08h67yCFe7v71xLhscsCVaLJSVQj3v/K7/qj2Odz1xi + yGmqT0Mt4FPCugetRm2dS//Nr1UbPbLA3KWbWllvAgMBAAGjgbUwgbIwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBQYB8+dWJrIG7gxXg0gynxYPEE7tTAfBgNVHSMEGDAW + gBSwf1hEf9YG8SVpf9jlxbHGtSQ4xzAzBgNVHREELDAqggtwb2QxMC1ub2RlMoIJ + bG9jYWxob3N0hwQKCmYWhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQBy + EYb3InTzandUK/mONyhEHPGEMv0Gif/sKVCA7LU+mahaWe6CPcHaZfZZAQq2sVbw + fCLNWp57m76qSt28nw4UU2EQSwEVCNn+GNUL32DQH8wHdg1Gd19ethbd4D+hcJR/ + gH7MbjrK5zOvAICbl+HqjEXJAQDxov0pEOZuO3xy6q/Ox5ws0VL2UbyUXfErjesg + rZAydMkAHJJZYNVLzniGi2kpSC8PvLh2zlW34VeDDqvRUWXAyL/qMt8DXqPTsZMq + PDg0XOzWEmUQh+ocTNYrV2BUcC/JmeiiUnEnDT7ufEKjtYjE/99wAzBBA/7kr5bG + Kwhuc//VlhqrYJSYUXsY + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUULCurM8R6OTRfkb4xLv8Sw8K4lAwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMCcxJTAjBgNVBAMT + HGNhbGljby1ldGNkLXBvZDEwLW5vZGUzLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQCmvXnsSmQi+dHtw+tl98ddJnxdJYth6bzXplr37vBUfRgU + jOm7866nznnPVPTrYzrsBnQUyi4Hiu6Rh+NW6+Q2ndm4ovPHCALZMDqCRLv2raQV + kNT+23UStBYXc5kYQoIVFlI/4gitMkEqM2V43T8rxT6Nd3GQZL78dYAWNSCeGL28 + TLFcbRmnxvheCriieDG5lr7/jHhlmPceuHXEbd3RB9towAncBd8wimmmAqpwtjng + UC5eHpgLXwGeigT7SVn/1Rwd2ZVVEY48gpsf3fD62SQA2/OuSXOZU6V1q069VlV0 + ZkJWTeXwBPzKQDtrDRadb6Yh0dczt5uCQoWJNlCBAgMBAAGjgbUwgbIwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBTSMkQI4yhamhQcrP3ipAJWIMx7azAfBgNVHSMEGDAW + gBSwf1hEf9YG8SVpf9jlxbHGtSQ4xzAzBgNVHREELDAqggtwb2QxMC1ub2RlM4IJ + bG9jYWxob3N0hwQKCmYXhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCj + x2sYdrTfabx3BRDR4qsONTQ6XNyyAe8/uah04UWNj2DyFNxAQxMUyqQrt3dobKuq + 3akP3aTLPMOAIDUS+zyF3VsVJfsbT68ZaWvL9EOR+ltifPGSFhWYc724Tc/6QuXe + 841VzuqaDYLG524PAo8Ze1m4Y7Wtb0xMx7Yr3GS697sN8a64pJhOIVrD7gr8XElF + cBTY7ywIK08g8EVY9USJ2TO+1/t5tSQNYWg7HRMjVPmeSCmHi375gIX+1ZVYbw0i + MbjIw7asTGCL1FqpMvnOZcoLUaRUacdWdAkoJpRh8bXYofrasy55H/ofcRakgTCf + btgEabN3iOueYG0otNOB + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDWTCCAkGgAwIBAgIUchUy7dPcL88FTyFjx/X3Rj8o8G0wDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTEwMTcxNjE3MDBaFw0yMDEwMTYxNjE3MDBaMBwxGjAYBgNVBAMT + EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEA3XRbVi3T64Oz7vzCrjyvNTH7gApdErHeOEVgPl32sX3CwxJRXgPwehQhoGfo + CYRtGBEzhED0hoinP/kWPdgKnYh4IF/G/NPV9yWRGzNdUV3tgVJcdZv/FFKMOvkh + JAYNqHACdf18YxuHWaAikAjIhuom1OOZQrL0ywgwgyAWUj3CAxcmrrMJDXJ2plkz + dgwkLNvUkyFJWLvisbDooaonSUipfUegbtOZdy6VWlBW5jkrlAu6UgRolxyTfRXl + 4i7zBeJoKdS52ejf6vGirybwc5Ef27X89ZI49Ger37MNrU1wP3V7dggX3dI3hPIJ + 6Y2mSehw5EkPQd0B6BpE5L2s7wIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD + VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O + BBYEFKlrKwASnw1F87mpiqHnhHZE9riqMB8GA1UdIwQYMBaAFLB/WER/1gbxJWl/ + 2OXFsca1JDjHMA0GCSqGSIb3DQEBCwUAA4IBAQAJT/Dd774W+HwBJbi92UwWzeE8 + KLCo+qIxiHlLg3l3Egrgy+2dV8gMQTmzW2y9znxFIeNg2eBciZ/UECARraoyOpge + UUxnmEFSR/ZC5L6fqSby3Mo8p7STKd95L+UqjsBw2lJg06jmjCBQMIAk6rYFPr9k + hT3g2zwbxvyJliYyzVFPKZ69tG/lVcbTnERtQFgdWAHPw/9SJJn0wFuTFAe5eZwx + v6DTF8YkJiQZXUV/eWlPAS+M9epY2YA3vTuVkOMTIMpYMYoAzOPBtFgSoaii+2mS + 5fBNwgV2m5ht2Yjx5uvEtdY1qJM7eS/wAXf8QhPUkwB48q3hjioXUMzAUdYi + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA1WeewthRQFjY6tnse0pF+2SaQR5cl8bQDXvhUDwjBTH3j2Nr + 6G1n3wVZxF5h1IfKrElCmqn4+4fs7yrjJDWHzsVDnrw+pKOz4VXwmTE+OzU/EdPr + xirpqOQgMSYvcl5iKZbMakaZ1GyyA32fHPahGMfIrlQynEdUMyXc4TpKseK2p21d + LI2DsiaJEOAYtXHSk6vhnzUsBpRodqMbbRzNbGGkbjpSNZE1Hx41o8ucjYCWkr4v + WkcVPwdxC9Yd/sM74poYKCD6uW8g16BHXqJ7+GTVVH7cpNWzSeA7syFdWoy0mXA/ + Rjq/oJC0Y7cbYHXXr/u6e7I9AsKnpiyr1khDfQIDAQABAoIBAH1g672+Kb6MdKVG + c9HbyVHxwU8Q74WcoQ/LAI2LR2f9+1ybJQLhhG1bT2o3qXKcdU7Tm/YSdt4Q9ftu + TxUu/iNVcm0IXCWOqFhzjW/zpoRSvENVJui+vZkkrmUx8h5XpYSZvG+UGzzav5ud + aqYxoGRWvGjvvuxiW+3RCPyqqsfnQBSARWI5CDuqVCS1BAa42BHTJLhqSolhOfJ/ + s7fe/5DK1zmWaS9fFwbbN66TbzMSpqlx3kuSpJ2nJZ4v0agg91klt0jXtdjy92nr + 0fekUIuFmuuxINQzzNkKGJw3X9Wux/M56MUZBDJ8CkonQlpy87fn4BjzDORFWZIc + ge/+eGECgYEA3CGx2DF6Loi7Xc5xWIAz3Gccjl1CiriU4WA0gRaAVup503FQ6wzi + CjwEcPE8wG5Kwh7UUPnVgygHjjny5g/WIMvVNjdAHq2rb6i+mFoRhmnxJbvsVZgc + 9MUAqbsOagAX/PRk4uTmT7MU9wj2gZlquSAYdq7HHjOtphYy8Z+HKBMCgYEA+C1U + X3c61gIYP4fxfDUM0qA5pZ/HvWra26/fRQaLEuKkDZgiPm5BBe8o4kJBN+Ii/UZh + R8L/RAGKDM3PHS3wJB34Gdo59dafd8JoOggWkcZCfwaKd0Utine+Gmknj6ScaYyr + 3AqDV2/0gDLnPUUetIltjpRAPM/rDdpLL7t1eC8CgYEAgnMBRkHDyxHCHwv4xV5r + 3T/Jf2Aqz7Qkng557smb0mXvPesX7cLbrP72DswWmV6CtNi6LyZubePp3lHe7JET + 7ql8Nz20pLl8L5ZLJFOzsPjVK+xaWDrlZfPcubidCRn3HTLjGkZVaYORd/d6xUBa + K0ym0qYuX2p2jEb5d5B28rsCgYEA2ZVUbcZozQxVGg4jyBPyxA85u13UjttKOmV9 + SFUuRUZzMn/5NecQFxXRMF2KNGaM6qVz0KjDiGoZEJS4SwrliaTEylWrjz+13BeT + rZ09vFyoHBot99esz8Of5iPfTW6yu09btbV55YUARg1a8zrQatQ6O1D66NYZbLHA + TX76xH0CgYEAkdPCT+GYFqzXSulgGatpc9aDZfIb/2JqbBU+WICWwT4XRq8hs6DP + 6d/+SpXR4OC22E71erARwxlWN3FkKJ5ZexSXrG0QP1+FkgMjBpwFEBHklHdfxwex + SOybZUAWYuVnl+c2iuRgoEBi9YZZA83lkLhWuWz4RSZehimVTLPQe1c= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEA4pk/Z0kdM5QNMCu1rzEa1GQ3ARz9+YQFq2p823sQTAGgV5Qj + 1cbNZRh6PQDkz4yrGKXPmgL5SYunn0LDnCmoGUZXcopwXSIvmeIb4mtlap5ObN2G + BDxRqPJK51w6RC+9Eyh/xsH2q0jrKsnH6JSmD6ZdQus0FMB9lPrvYWd6ArTTwIda + Ffu32ikI4ZUSFEYvDyuaq24Kkq81lzhVafxLtX48q69up2QBkcihb0nDeGM8Lo1Y + AbzyhOcv2SKUbaIGZUtYn+WN8adlS/fLypu09W19CejTnAVqp4dNwg+DFkmXfHqs + zE1eJDYKGfd2uO3YUMByTc/RXzy9+tejh5qHkQIDAQABAoIBAFQBTCgWSuUcNedt + zOUt5yxmGp4nCWC/OPrbd35GmTwUPkU5fi96jBq2gFqtQiZPl/6DOft2rsQ9Kd84 + +RujtdXo5fJosE9WpR7/XCcMeYSVO63QUiav1fY0HOC4qEEvEYFQuk4NCk1lswkh + 1SK8OPQEUP7GA4DN+8CHZsdNfUYS4K+5XNPvNR4iahsnQb0Ee2KBMpAyMe9sEMQN + 500LhVgS4Ud/KTY+IsYROjduj67fRUZOxsNuCb1hxXjzWqR3MiRyrFNN12SFw9l9 + aYXaO55cv0XwkimdaYjPds561svQ9Opb1C6Vr8zObulSPqnDRNtzhOEktG9XpsCS + 03cWryECgYEA45SFhMJDpmjtGLSECYkzf4vb23aYb9EiuJNMrOBWpfmkSahPyEhs + 7q7oq6mdmhOUE7oLyp+mGnNHwTlPCROvxsc8xcZR6tC7I86RRRro1Qrc4e+0epQS + n+g+OaW+iUYa/0XJkoas0uYSBqF0a4DMsfaYeTszNM2EH0vTEljnUksCgYEA/uVY + 8e5a/y24RNUiQxUUnr/JPrpjyRm9tsFXsAI9206FIrLIwbWgPZQvyH/efo621nZ8 + hog5RANXE/ra1wyLl+s4H032p2cVzwbeyBBYEykbYNO8kLnlm+YM0AXgePE6Tb9S + 9kDNfU7ZdXA9Khzh3BpXgtgCzRRq689euAWKxBMCgYAEzI78O7R9f9zwFm5qXRBO + 8j4SpK+WPAzFY6XMR3bMTTVfsELucEiLx/h0FkGSjDMlL1ksTq2MBT5QHstB375n + LLBlY0c68mff221IzcZ3J6F8yjc+Fn1GDfmx8YLRFj9ffrM/ecOPNvbOWP1BfxfR + 8OdKNytfQ64zkr/CtUk7fQKBgG19KKqrPw0zn155ysDT8kqKiTBXsfs1AmfZPwhM + vjNQ1CFmeJO0p8Mrvya5vmHQfbs7pBvJsgeEA8iCTbRoICI+mJnhzFx2DEkkY1e+ + pYZ9dtQtv2bPY1CHDePhUl3BCNFSqJk8lsgHsaMfdjZ7t4zrB8IddX6QEal/JumW + /9dfAoGAQJ65SHMkIDaaTbi0ndCEIagJvxtt0fIty36lIskegnm5Mg17WNkEH76b + i/nldW6vKS3+2GOIcgp/eGNVtoF4MAYCvKXz2oEiEe65DxcGgYBbPYUXFFm8jUdQ + +VuBloiUTgYfS4LUs/OOfPf/Yv13951CNlOUqAenAn9exQ7YkhE= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA1mfzDXKbIbGK5CKBX30jYLe5U5Sb/lgedKB0OXaacBsv+bL/ + LBThn7HyoxMATRr5Zh8HM/bdDEOPqIywQsqLjdgldcJ2GIpW+gIOtNbfJjbORBc7 + DYpCVx7tSlLo84+9G2qZlfhusv6ZG9uZ7Ns/4Pj4eWYsagxhjJOIm3iic5MgiUju + xYTNkTXY8lpms+9pdl7kux/Xp/i3hpk6VT98XeeU5WeV32lrmtruUTqxb0XDZUBi + E6E4rJVmorUAodMaF/kmT8MVEmkhNaI9U4oDuAqyz6GM2bUU8+swKoDCbpoMUgK4 + HBrjyAqADOUhnxbpT91M4lS9BKl6KpSooRr5/wIDAQABAoIBAQCkiBioVS5e6NPg + xenp0Sn46oQ5c21R/WVBsm/+ONnC9doXEBlpRozt86xzH/23Ld/9UgpBAkwXQTFY + 8r3AQ5ZcP2Zfu97MbjzYlgObGtkbhis7bWhPt625FW6a/ozte3xvMZqyz3aDvYTZ + L+grLwUSK3ziDFpA90dUjVLjm+tuLC2cmZDiji+4QwEfEiTfxKfumJzG0DXwt+wP + EYT/Tdyq13ewsmGtyB3rE/or0t8xlV5BJd3ur/ezB38jaB4Hifb3IHzSqFS+xMcn + 1QsLs5Ep2oibNZnzc4aywPrMDN8yu8IJpJ7I7CYnoAzEkzGDCsmbYUKSnOAWL+pf + BkoInOpBAoGBAOI61Jb1mxPelY/7JxLnG58LMy0XagY2ka999nxmeCEascP/T30/ + dhNTKiccplDw6Fql9wlcMLSm+qcAMX3d0iD7zawsKlTinq/v1WgSS8DiHk5yiI4K + g/wilEXPEn4xWGDqzXKbpAtnD4uik9Q3RP5JL0xc46E4+kqWZVRY9385AoGBAPKe + zbNGCEvRHPgkUwzaMl6XEQby6OuvBqiLnE63XJVEiHLkDCcKJRapDDFuIpVzU4js + 39cN50USDJjFZWOyRPIuhJkNMZBShOESgnB2srjclUEhTmWGk50CvLaIbjBebhfw + 5YkIHYFlu8rqjUu+swGyg0ERCk/iU2pjF0cDDwr3AoGBANmShOSOX0/TsPmhLOoU + FE94YQaLzy8cii5CMa1gi0YjOzXptFQblX5ubErjVdzgZEbR+O0qmbkUIlo8aFzJ + 2g5YvWxJqYirzrwcJ50Ig4yEq2r84fHhkSALTZh51ypAYOQMzfvcTf+dZakAebYO + Va9NSUzixRVIDAdx7xAY5CaZAoGAJmH5KONrbJMoghk9Ckt6rHw5tV+4eZC2/PMZ + R1q6yuKMs6BgS8zPEUatJyTFU99q176hquQIMmUomQKhh6QsRCQX1h7AOJTVcMX8 + 3M3qeFRtSGB8hpNDxxMnx7jNtdk6kY8KwSMHh/EQRInW0KTarOoQ2bpYZ0rm523F + wPY66wECgYEAqQylR7EkQwMvAEh1gGxnoVIHLoLBVp1mtCXurDDakDzyMw0DHkSi + l2D0dvlhOcHhrCKGCWhcJq2kO6Dz3upjTbBR20JREWyG3OQSz1I2G1rJ794bGQ+S + tkk91P8VtFzrAQY1553FBvwke9qmuEoEzurCMNU9d+DBqc04RoHGU5E= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA1nPJg6eAtc+VJxdhCWnlDmq9YA66WDQCrCOGjlIjFnWDlXkO + Loub86E5FU4zT6rqWoseVDmol699jce97wFNA3pVMga9Dt31/6tIrxkA+xaqhKwS + KUZAJJNeKnvFyzQucqgH2+owG/mNOV2mjRVC2DetNBdBuAmu0hcaHpwlgnt4ZiSp + 2xtMUyj6faKmsd0NZLqwAdE0c8UkIJlPyDyJ7zurz8r9kezvr6aypxmHFtrXWdCb + SgUNWCKcXyax1PS3tfpZFgqfiYh2hIqTMQWXfu51QUe4Kp+DdoCeuwubyblgP0WH + Kb7FogX4/grkLTVyLaaObLz8mCATGUtS1xa6wQIDAQABAoIBAQCxerYFjTTKQvev + mHuobMkyu0frHYU+xhyIFgaf9n4vciXqKHuCLextHrq9VTDF+C9nq8b38ZgDoSsJ + kYsxKCRygmXLtyP0D+ItK7ZFoy3an5GTp0yIeClRm9zM0A6L862VGlcWu6QBIvCr + z0OtczEU/E8N00mCZBEYsiHdv2CTsNO7XsarSVuBsZTKpUyqdMlAmqDcDHJmQGkS + k1+YWQLJ7HMHTHxxAI3dxpIlI3ZOyoWS1VVBTyKwdpfkjE3MBTP5B7sKGdrCuajH + ABg8yNRjEnVt6nqXzcwUa4THkaSEZKy/u9hXmaWFHbB9kd53641G6weDOpTIuUNf + 5e3R4/R5AoGBAOZXxx0x1/wsxvORSWy6Roxm8lGdGTSg6mG63sae91xILhrNoU2L + fjYv+tfNi2ChUXz3b54gq78de7uQWwYuI4MTNyZ1p3rfjMelc97hGm7zRyI5GPyW + 99ijncKipxLP/NkSlU4K+AgEIuF8hnQ62963zYWm9s8uc8ireyQPSle/AoGBAO5W + 47yzTo1fO/G9NJMb6kZTTJE5VhsN7OpaCjxg6loXUMrxMTZgOEyz3MD5+6yeEURF + C33VXEULxt5DWUub2lCrzqq4rmmoRcUDp5dWSRRh5aTfuUKwOkTkFme+Yao4/Mel + oRc0krPrG+chS4PAphvfr60XXM83LcvCXCsBX41/AoGBALIlZSuhJwgzoVMzJHRg + xLtFy1dvhtT7NwqKuk0nGOxYLsAwFPaiUeSaywgoQglj+mAKBltnrSzMIqv3g06O + VIzFSbwG9pbDWl/2CF1x/z2cDYHcYwTHxbvZHuQvY8Pa9BT2mF6ZgSbB/DAkXOB7 + vRzNTrh1XyDxLj8e0Mgcw0SFAoGACVqHnYQ79Phj1dzjD1LtIs1qF9j0NCObxKa7 + +Bqll9uKZCyLDeNA0mHMrBYjdmbNrqw3Az04Xc1UhKyH+JupOblEZxbQYX0lH9JA + 5YORYqdk58+P6boYz1NUPcYO9ys9YGhzpgF+MGltsuhvmkAZRMbGkjh0f/1eYrzB + +T4YjekCgYEAxH4teGtPH66+wiyfV1dDrjFhv5lV1PfO9agQQGffmwis74ZaQcil + mRrxmb7CHM6Y8DivG1SFiix+mbF7mQuuR6CxsxXRhpOnz8T6t6ZHShUW2RMfvGQ6 + jBD2RORqUQLvLu6VcgJ/tnMBF4Nm3Y40eGmIhx7P36fG9tHiCfkTbxI= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAr22Zymic2ZeqSE1cLl9qCpmUJfSP9ctFXOMZ6W59B+XlSkuR + 5dV5D7Xu/xpvqQZWKZv/AHad3wxGztbhp3rek7BS7gDiHohUW4B+zR39/kEwsGJh + 0eCF/innHrm49EBOKrulhdASSZLmi6v2lvQV84NkFZ0KdGy5RiW9X0CUSsMjOm19 + zRV/5zGTc13onm4THZUrDCnFYMUX7dkwOuX3xZzJLm6o1H3vG3u0u5DNPc+dyu71 + E0jXxjhVwGp3Z51qrfkcOYreSwaZGeCn/Vo4NG3KP9weUizt7k9JyEZRDPxY8Xbc + UeXoTR2Z7rRDRB1PS6zUj3uIn+wZ9jLv/cDq6wIDAQABAoIBAEO4SHz1Y08wGADv + NB2GobXT0XfRb91PicgwtukAyO1KlvfWMk0J2kDxV4BM4TvbgVlwqcCxCYJ4B8GC + +/seGFvk3i6YUrG8qOvlr41Y/Zqv6a69W8ucI72YyWp4AWjwhfxDEcOVLeoO9kaG + rJtbQDoPx4v8YnPNILxuhysFD/nHtLUn6qX/7ShPDkp81J9ZR7asFoCzR4Pe720f + t0WAUQhqWvFakW4mdhPnSMrXCXoB17cRIw3FMZ6oKdsgeX8RFavOI4DyHzFac+ls + KpoxJJnl8LE5B6KiIrDPnoahX889lhzaKTXYdH5ngpJgek1uPZSvWhUsIir39CwS + xI8btOkCgYEAyTrZCmK9lFKPg3XV8WfTsoN+bRiD0zB4vDpNjqlyZMIS/pd9TSTK + +PesgAtAANGlIvYGpROGWAMd+erqKs2JxNsaOKTXAgTT6CIEm5fLkIZsuAuzWQ5p + OWEYqJwgcPOkuA4IOYG6pwLb/dqTNKxByM5eBVV2qTj6sqgDRbWINY8CgYEA3yz1 + CdhPh68FbLxDMiy87trfXoL+8LWzypg5BqJieliyFN2ovx5FLatMgId6Js4F+S2a + D6x1NNUltP/dsOp57ENVu7YUKU4f8CmX8oyZTWCmNPNeyX9y0i42mx5oSrn/TnRs + mfgXeqfteHswvqJLeLK01NPGUuYq6xrVPuaZ3uUCgYAm0SVA7Z8oV2y7rSVh9edO + TjM7FDmJqZYAqTaAyIr6iL1lQw+2q9xDfnNWF9V20voJ7m+FtGh73c4QgZI+Q3vJ + 74H1X0bias/9vWIqKXPpIyUhs5AbI76EhQherg9L+pPRtVM81JuOz+xj4Z/3zyq5 + c6WLXdsP9Z/WirZm4geuXQKBgBbRtPhdurwH5Eka8s/1jRfrHz29rS2Vlp2XdPU9 + s04JNaQ2ieOIx9AEnNzjfVTsaeXxiLgjjRRq2uEn7FYDk5XZyLFZy7PxfgiDaDrv + r1kfEb+GRuHZezcMbJ7tvAIwBG/ULaqMmHH9K6XPCsvjMk5UD3NXeAbP7AGAC9/T + mlYVAoGAYqoc2o9BIs+ujC8NEr4WQ8cgKhkcFjv5JcaopAO50N28eO0Zx+bI7jCy + hZn5TkoGSBUJbLo8rdKCtviqqdT4i5qFvZmtdwyZrIg2ytGMWlOvZp1OZxzc9j4y + 3l3WAmiULssGSLFVxE8ww5vtfgJUcoKvlZXXnw4t6Vekybmgr+M= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA1YAA0p+X99qok4Y1de2j2x8LnLtB/n7Remx9WhstlYyJoVlA + 6HQLq9/esVZelz8TT0BrBl5a1+ZDU0XQ8nSQlSVdE9yK5ZPkWptvGbEKU3nTQait + yTPkQN2sSw8wVYoEyADYpazX4SPcKLSM0yKyLRGaHjBjr0BHdTHrKArO8Zer2ap6 + C3yH3w682XN3sbq+3aG7doR0OMKYGauiK+N/7CfbJEaOaioCcIYzOPkY2POXTGCm + 5+5LLVNKIU9vgfSfSCLw+4nU9h7nq8T/vj8h+5N2uqeYZFxJh+ucNxGNoPGtc6dC + O3LJmRGfL93usflwkzwz6eS1Z7Kut0MARpz2WQIDAQABAoIBAQDGrW6WklN+H+n+ + FseLLZDs6XAJ8yyPov5XGbxw7Je38mdlUcSYTN1LnXIDvycZQmY6uuydqZKKFUqT + pIW0Cos9b961C+fpin3XX4u88cZ1NgpEsK7AbNy9DEw4MTM+dsjKQhdZ3YWrio5n + BtWB6Wi7jgTIkSlCveOBiOmXgq9fm5uCwWSeGG7Mx6osPMVNQkT+jusLDH59LXSF + 00L2loAyunC6yK06hPzXMnfKRoOapYhutY7vqN6cfOfCNXs9IfHMdA3TutBydWBt + 2GdsMpyZ2eUI1454pnTgqSlBxMGBC6LJLz77QaWfu7WPcGxl63aAr/UWjffJgPWs + gS/INMSNAoGBAP3tdg874A6n01Ig9oCEHFiatHCoQ2hRu1rCj9a3SawsGfGy22N9 + w/LpYLaaaan4u+Y0ocyLlP+hqiymMiY/k+7KZHZoLxUg8ASF+/cSeoDtFapkc8zs + KyvxPuRHAwzZvMuxN5bbPLlxHO1Qk+0QdvP0R/f/gcdGKWPtA0eqlS3jAoGBANc+ + E1FFSGQ4+wV9yfbfJFTr+2kUOvQYTvt5a7jx0nzKm9GalTtfgTniodZG/ypu3EAl + gEsOsqtq54lwXQEMoF8qN2CbGcCyQWqB1vbyNDTw3M/L8nlxabsWOjuq57L6cBkt + XKhhfSM8ocP2nHGsFpojTqBe6o3BhnmMrcoxEH+TAoGBAPtxqPZs0/GvPhKVkYKx + T2Bt0T+9XwJt7JhzEPwNg2Z6RTaRZa2fW+muL5aiUP9+zpGmjJF/pot8CocsC3zU + eCh9Qf3+LKE/fGz+QALoyWXhXxLbZdAGDLn2qdBigSK4ebs6QVGgxwDagUp9//0/ + 0IrB2oI5AMnTMClDCXxt7ksBAoGBANMwjiWstAXaPro5nOOEOBK25BxLBDkibMSj + c0WoyB03csGrSgdSgun361DiolTRJ3wtD38VscstfnbE8AwqhmQ5eNJp/E+s1zCY + qwHrzbuwJQgiFQyBcftmKMcIvoRG45xgfMydsvnS8Onk28VQ03Bzeh8yYjOqkbZL + iO2dTJHPAoGAIQczJcKVagyvmr3r9y6922mZ8135folIESu3EoAY/5QHXOCs4ZLF + yz579h0j5NDpsJzPeStAsL+bP75Jj+Dr60gjVnsF6rEQC26KfYT19VMcTxzvImOK + QNnP8oLunlbjEpYc9/F0AuTxBstSW83IMZFU2TWffSi2it7M5A+fN24= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node4 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAvy5/NokIW0IqhoFaMC8UGLwmQAtRKA6aD3xOS/DbLCKIUyVa + fkBhvnxl4bpoPQBOd+KW4+xZwi42Xxg6NZPAi937a2viwDQx/fd58BwDaqHpuw4A + 3WNRcPKc6ckFOEretQHqAnX737cxsJoxmkNoPvdtA8twb205v5p52Q9S/0rtjlkl + 6u02bSv3c37uAdRZDSMRv2RVnSKAIaShwVVdCA9Fju/oDdboUEKNlGNZDW7Y18iX + bNcmpR9f5TSofzEWnv2oBFgorXgMhOABjt4R6sACCBL23Gnop9LQGRJDVrFtStm8 + +b/Zh7C0+7ajkOCQz5hI5/oeynanb2UdGHCz9wIDAQABAoIBAE28gk2SeqtgxBnd + Dub4vZsxJfx0nZNEHLCfQtbuILBZekUUsy8Szqu9uU+HlEr5jO6CXAhhWj3yvHj+ + SOzwHyLAKDMNsy2kC4/QyOww99Kr83Xzw7ZBZCQhAlytOEojZ1sCZDyL7NaSjsnY + aMLpFcJEqTcZyaYFK64VCeaQrJbRFJHGFhsrIIfWlht2JAb2WSQs8sljTzQAyze9 + uFjAory9ib/o/oq0VejQ1XVo20Noz4AZzO2M9/eJPgrrKB+R/F4QUyDyUz3k2ejR + 7ZattMv2ek2hm7f4j7lFsmcESq2fXf5NTa+HNAIy+GQoRHZmLeGroCoDIRn1OfYR + eWnuC8ECgYEA6ND/gw9we6sccZis9a9p+DMiUaBPKCEBlr+Ymlv0KhCCgmk8nsXF + G+rYJp1mqCr7xToOx8lXhrfc2Rjd4BRWo4BUUgA8CnZk6WadJD+vIpupg92wzmNj + g+n9boCVauMhZ2CP/nTwi6mCO33p/NbfZnyEj+ecx2kgKxDwzYRYGMsCgYEA0jgj + EjTbOWJ2htWNpuJ+W/xMTscuJkRo2rLjX1TYwATXyT5EZq5Vk9vvruq05y3hfNH5 + UiSEkTRWiCQ/izcv8zwNKFpJk0LoyumUWEUBycnKu008y0+PRefSCo1Hkc3sSi8K + YN1MY1+c9yfe3BNv3tsEVZNHBhjNzVdZzR/5qAUCgYB0MmNkQR9tyZ//niis0mi8 + RKEbRjxbleWaHHQIjl5VZDoO5oEn6SMQZOyOkT58Lj/MVsartfSmOzvRapTKUrxP + DCyJZK6StjZ1Ow6w2cwKJNC9DLdCut4fJ3iiXzCz0TqJwur7H9gyjF6AXL6cv41u + NDVhMULRT8mLVQAqQqRJcwKBgGmpt88V7D7qw+LAAmQoohTAOua57PNlHUMX+XtY + XV4e0QuhFaZ66B7axJ2p8WXlxNoFfIkSO+P0Z64kciAajCp5O6/VufegAPzE7UB0 + 5xIzMIh2qSEUC1K60/Nj0d5yn9sly9SmRxgH3hDI5Ja/2lIsyf/teByTaRZWWpfl + A4q1AoGAJbpn6E7/eXYrwvw1AQkssNmLOyZGlcMLAwRtsjvT+VmEoden1wSsXi/+ + tTnnNb0Ja7vucEwDWQLzzsH7/94JQJei9bDgIP8zu7QkUCGYquad2o15FFIhPsif + vwY0J9Gj7c8wNj61FRh2/eQP/vmbXrnpkC3Clr/Vd0O3jEnCD4k= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-pod10-node5 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAqyyt3svC5qYqvN1XXXeeiM4v9Du2dBPJlSfH4wBibb+WEpMQ + bncKw/xhKfROI2fanBkI+qWf4uxrzT7c+J3xukRFlc4OkilqP1JOgqvY0ixsvT7y + WhoKQarH80beKYrtjJkqWk6omkYSm5BW5AQ3XFxstXj0W1tjZi1KyR/PROkVoZB3 + BWCmUfMMDxy+tnltBjfTMdq6f/581NEys9efdR93j4VEz0n9k+Yz2WOrdHFh0YZ6 + oRmp/74GOIPHuwbh8UpOODP36seRN3N5+gBRtktBsUJ7qVx5vnbQgX7Nr1jl7iQN + aheAKr2xv/N0oP8osqGsoNui734t8zsA/J5eJwIDAQABAoIBAAPQNv9joq/ou8MB + W1TluU5q6X6TZfkoB7Ge9UEFXSv8vKclR5Ruanr7QF7i5mq7gY9Ar4aF8g3oHm6w + G9QeEKiJpNM1h/WRnqBSgRVAJtBn1PRSVqvTMK9N0q6EwaZDRg9/ygXBAtiM/xUg + Hg9uWJ1iIbnZO/hdDNXV5HiekMuELHd3ROCeGxQfbqSAt9oZTE95Xx3rkvyu9/SO + qWbsrG7zHO7zKDHDofRWOl/7CIjLLuPWO4cIqlCBJ0qGE4xU2ZjU5BxrM3mW0T5D + Tz0Ocyonxxh78tECxJQ9/CGqVwYfBVkVUrIjQkOzzE6YyvycrjnKcxoNzEXpYlaL + 3ILUdQECgYEA0LX7ybRnv4i2XJoV1csoCVwq5SJfkmwT1vbo16McNfQReJATmXVL + TOK3+p+Z+O61B7J7JOZN9rs7QcdP3JMX5lEjwe42F64eICI8VoMvo1qAwlaN8lOt + jRbg8bodnZ2jWXPiJeK0XFeJaTBAbRY6T70StIYI2xMjSY6BPK11P4cCgYEA0fVy + P+wnPsSWrV1K4Wlc4+Ep7uLSqzBUcVjjzc/XlFqPEZK3QUh9r/8AKLT7Z4GTumF6 + Q0WiFUEY5XaS8QvPFUgLB4AeKFbpeJvIDw9q8ZV9IJ+baOdKWYphM7S17sLMFe2D + 3zT799IkJnnDlax+NoJqV2cda1SzOJHt1V8fVGECgYEAg+AZYo/tZia6I7Twyw/9 + Ejz8lZ+sh9ZmitOkuGxF7Ql06JsQ50wn8kLnQSMLpTEfjeeGzAABjz8q6BtKKPOA + jHUEhQtBfqD0RBWdzoRB25PZ+/G46z9YT+f+5n5VLDxo9KK2aH3gvOBK4P4uFz+O + RMgRQ6PVgKeNCnNS0cZAaY0CgYEA0H0ApIUmO2gPj7uSPd/Yg9j1QOgv9hoZ4Cw6 + mgcHtaNvai3cl5Eabgez6rg85X2AapWdSOv+lUh9Jm7mX0IwsptFiH8qczhKwp8+ + u+W9doPRKvIS6sqxw9RrzWJnPt5ktmmSh7Ufd+lOSH6lPx14fzxlyMD2L7x983DF + URoSDEECgYApmr7kFai9BY3xC9qZdhNDnjo9fwNuEN1Z5B0sfI234BDts8L38BHc + P571HBKjMeT+pRfM2bY5VrUW86FTQxlVKRP9pEdZh+xvQs1G07EJHLpPA1ycsil/ + oobD7qMtBGx43RoQhHAcLcezI0AmRTx1QgrW1HCtLGP/+aYSDipp2g== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA80ducoOxaibHfTwHnEOj940rsaz8IJ7l5+E/ypN7rGBYlxMU + J92aRfr0DycSNri298Z4JT+nTT4DYLuZAU9iXJLrPDz/UyryAf80x0hB306ZLdWi + wAVHsh1miVVBO0wuwTP8h6MvAlAIJw32AeZhSxfwnjEx+1o3Z+pSfXkmxo5Yh8eX + /dhTPXiKHaLYdnvbHJ7qamoK5K5MFTPQL+CvxfjVx38JTgvQQK8oyhvGzmDyjpm+ + OFDjIMx881SHn14eUQXL29dHIfA821i33YYgnt7n624wYS999pMkZnSCae67mDu1 + Bj9NXl1/oRSRXdyKrwQ3n0xWEtUCEBhaNVVD4QIDAQABAoIBAQDcoqMDjnZf7G2u + IbxRN3NEty6yhE1hlFq0MzA0nA9k5ThTQ4VbJnqdDx07hNba9ClUjBY4ygMEZcKQ + f3Mjogh2JvTa/AMgPWmg8ADA38KGMPVxgTiKZ/9/BXUSBlUT32Lj7C8SIKgos8bB + DMNZM8R3Y23hOoK3EDoBr51CmJbXKUtJZ/rJJGxGa5f3RQ8TOi+D3JTXthy/+h+s + ZbkC10Yzxtxg6ttXTZsrP0J17txVfOzw1P+m8G9mv1PH2J8dpnu+SYVZcmIIcC/0 + BlFKxs9uUN8UEJeI7+8kwY0jMxUptSIr//NyChGdv0X6lml8/htA425thRnRVDoQ + BRYZYqcFAoGBAP/FnBk3BV0DtTMPZVMQbWV5YIZzZtVT5j8gIUcgU4LKHOiAswUR + NrwSq1zBmaoezwZTw/4ZgtorPCvwNjRiFXgxZg74Y/OghfcDOwWWFK8p8fBg2Xv4 + qR14YSJpJ59yhzHYvqy7Q+Lfj7uk5V/6o9krdSbV7xBaZ721wmYIZV8jAoGBAPN+ + +Dxems8AcM93CSrCWypanyD5wIVNWskoRNuJ91LUdkHty111R/sqM4MZwJ6cmtUQ + JdJDFCTqbCf+vrrKAI4n1iEVkZ/boVvUuIn24g8/AiA+V7faCB5pJeAL4hdH+K/v + G2J3S6Hv1tvnJZnJAhZRHZyDSBNj6/Qs7PE9iaMrAoGBAOalcaW/WyPMwysfWBT2 + vGAEe4njKTl4pioItFmqigRodHcqD8WjB0PEZimIICUsES64fQZ4ROqukF1jCc5l + IM05ZrpbPe8ls4jTrfbUpyRqY9WL0LOdwgtkUduxDd0Yb1gBB7lGSeqeBcSF556M + rBKbwNJbm3CYxfJqpLpUGe4XAoGBANVi6vY0ziQkNbiKj90KEEywuA108dOgM7Rf + duCSKs1K5gvm8baIZjllBVmZwuT9Ru77RLncERY83eW66LjW99+cZ5n8xe660dCh + PcuiMP+9bwaEu+ihyUWlTgznPQ68AuNjfrMu6ngSsE9sZNY9gne+RF356rsbcRc+ + G7NaA3mbAoGAZ9l8DjMtTF34XkQcnJFd2MEtFrGofG8ZOf+8IE1irSjwdLD6VyQa + 5O4HPPl0XExz2o5tAM+5HoHTuNBIuZp0ZEragznY3dn2y6ihacYCBmBpVuZLWx8d + 9DwT1i72dyoGlDDvi2e4iljwZLrt6oy5vOCdU4bS8AYLdlI963Me2ME= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtBXNPGZMwUYUZtkrnyXZC906FN5W/DkkxutM7RyFrA+a9tbL + DccvICLnaV8T1OA3mkBbmRbZ8qR0MLQWxZ6q9PnEdSiZAWS1Dd1XQGDW1ZpIe+4b + W3TBmyEcBzMT217/C1POPx21i17AebOzBG6c6UWplBVg5dDEI5sD+B+5Yn0QAnpa + d3uodi0Giji0UdQ1qGnilCwwpR6Xo5GnzgLhmwfO/Z+giiNfBS81svkDlVVyNiT4 + pmAGyvbWPQ4bztDAIWf3wvNGNA6/8wQtM7wnXNv77Oicfh8kKsbkJ0nkA+Y7lGkP + SKdsnqo0Z3ZwjWGBRiW+JvwANayZTNN1g2mQGQIDAQABAoIBAF1ryfKBZ2QEROUt + 2BFRgw1CkLTuutVRl6CRxHBlEXs3BT70IpZdNDdJpB7nsdQHFREyPdJnJl1Xrubt + JbsTGsDHKYFVtDoi0kIFBxRgqFJbHSsdVJfXM/CT9oRNnQl6eHiZ2y6m7N0GJHd+ + H2o3L7Nb7iLiDEhsSrPl4ONBIdzTAPc/uoxPmT1CfbCxUSNuwQ39/fXrU72S8U8d + 2mwvt6is46sOHZCd4m14bD4MucelPo7WjmOHQfU3wH5519CAmWHCDP4fwMcwXZRT + VVPw2SUYEoe1/C3O7qUj2TS2WIw+/xvNBizXZjj6Svgy0MEDKsjhlmc68O51P/j8 + rhwtZuECgYEAy15scnDUbuahoWI79BW01uircEuVzvMxfszmlBafzwt6O/AMCyu7 + JKfMGREBlWGTF1HbRTDlfs+yS4Zc+4PP9feSU4R55bds9YEN8+ybJ2oo5OpYF9Qd + kh/bPEFd7zSmT4GivWiq6IjVQkLcNUaes3xZVvwcjQwypCmMMZFRm7UCgYEA4rDK + I6HMGCq4xyfniHaOFd6UDb7fKvI52Ybu9GB2GBWvi+pHNgUuuN8HoFOHPKcnby0y + 2KApF5Za1ReCG4gRLO/232mN6VuB0DFZSgPAHM2JwPm8U+b9VdVZdB5ebkL8q5yd + fj3qwKcQU6LGOpW/7dHl1ETXOd1F3N/04WspiVUCgYBmoE+5sJaDIH+QITKACjQn + /2IEWSBQPwlLI7t4H7KlmPUmKgzp1jeqV8L3I03ZRFQmAHjWgcZOKCGhWzyw7+OS + DE0bOE8LTXT+rxGLdmsViMz6OAgcfj4t70WDMrlkbP1AQfsN+jPFBMgZmAPoHqsX + iDjNXIxL4Uvs68qDeQHlwQKBgFLk7PX8q2JG9Qy2ld7741cx7hfcrUTKEMdvpR+t + ymFiRLA4OlQRrxUhUWuaP8C5Kx1nfMlkP8KFU6/KieRBbG5vTWpC8gbcVGrqMMl0 + 96JQssfjSq+vrwHdI3nnxQYy7qxed+T7BUXvkXPT+QLhUa7Ia2+kwMNDG9H5/1US + 17yFAoGAf0nmnwF2Q16Uaxajr63xcPYPKOEcZGLW1jXh0ui4Rg+ylpGRgnquRs2O + /tCa9TbmIpoJdp7iaO923zr51jaryA8+nYhhggQCoHucHcFAGmwG+zGcr2PYbIlx + 9NElPAY3jgtSVMn2RHLjM0QenMD5hmGpt/YRNwxO6CAuxZ5Hs94= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA9+oZNAuVejR8E2SBgZMoKa/VsB6XdKab969eCoeXbtB8kOAZ + zcsT+Tyer49zZQOkn2xqjZNjvXvymgNB8mWXmk0AoXXOCKFHFeQLFYCLZQKM5D0C + lxU2wNWXgIJShh2Oabd0UZ2pvJiXCpP2qvpNO8QO3lwZOvukvQ4Vjn2aX3ypxIF2 + ihASXkSnaqfACZfOByyqoQnZBTcW7M8uQiovk7GYWRiClxUkoWzxlYwiOCjre2nQ + 0Xp6dDu1coxIuv9PS86+9xnvH6gVrJAHF+A6ySf7oOKPQek8FooF2NQq1osc8xiT + dzPVbUH5JIAZymUD+B657XhD/BHdwZdM7Z6J4QIDAQABAoIBAHRVPKhoeycSM9rh + wces5x7QrQRtBoMtn2iVuRpV0CCm4p0VG+au0duVr50QQoT3Nau9sy5mKFqFLC1L + NAnr1D0Kvy4E2r6/91x1WyIm5MJsdPKxEmMVCFFqqSIbhV/7xJUlCgc2ZazjKZVE + I27N76oI8TU0oH5GEWLJliH8HJGLQKq5FaXOe5opdLqL8J93z97dE2UdeRseFW37 + /2k3IgoEZSamjQVOfsV2wGSlEb6KRpMQRJqBqH35XlpLtboFM7OZT6Q2ak2BhTKG + D5W2ZG5KpMEEB+fS3eHNibIT0S0lkgRb1ppKVX0g7rmqFSIthFNcvfQ9eJdys235 + FyNgNbECgYEA+mU0szNb+rC2JAmf9i589+RX7g87j4t6nfvMxBUR7o/N5dRU46mv + mBvZU74vFq0oVS9Py7E6wyxFNdP4sJxIMRIXVbklHdGzP2QMm4QyJRZSy+JDrwQt + W0iMdaz4e2tk8s5dInYPAsbeqFbqwUkeLaEe501z2V6sZLEHJ9kji+UCgYEA/Xat + Q75KhwlKftm8om2cSUgf7b16BpNoNVjJOzEHFCD6xWojC8ldSlwgCJko5dp3feMo + SFBi/ISj+eHv3rJIShi+UX8aP4MEfUdLvMqhJ+G07/uMckbzbeOhYg6xi4hLfWV0 + ninItx4KC8wWKtfx4fYxxDc3y8cdpIuzkpEcPk0CgYEAiqb0Ea8E5cJoeXgi7a08 + YgA9eINS1d/EXCsMbh/EuDdFKljzUMWriC0ToL2VUZc82D7EjuRqx5yCDpZ8BT/k + 8dc0uLE3DlYKTbXXDV6cbdD4tBFsrUNA4mU/8gF/7se/NHx1MhnxofYBYXIPuEwG + u/mWJTrMRbeY+oDUl4ozlskCgYEAiYMtladT/9dGl3PCJ82YERoUWIOIBLFMxESb + SIXc9Uq/QwPGZ8qj1ogMyR1vVuUkFyR64mDak23TGOs/nG7VUX4DI2v17adDdESO + DqtQq7aE1/59wDJGN8Rb9jtKkA0uB6ZXksfQoaimgqgDDtOB47oSXgYnO2OX7YHt + twMLc7ECgYAMMTyIw7w7s0eTd/waKgWbw9tX/Tu8C/Hwx6+AALSSoHX8B9bfqd/o + irZfbipDPiTXvm6ibcvjDLdXlk+4g5chjcTnjA9BPybYJ4HwCJ3ZodqGROYXJHEU + WnLF25e+cwxqJxGCvOdJKHdpVMZJt8XLTtXXj8pjJPANqRNRgbAchQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAmVG2vk2Hrfw0j61+zm+3BYqhEwvuo+x9mrS0N/bevmGv77Ke + V3dQrZIZ1I/uQNUO6lrA+QNkLmytgq82c8ynqUYRBScxVUKk8Qog1vppqYkSLAhN + ClMr67ctP67Qtu2nCU41nO6o1FP7H0SyOyZWBzq2k4ltdcb7A5qBiOhTnRqYo0xF + xRPuytrEo1W+nrkzNmmfYD57Dip3hg9ezSUyhBpEGv1mkPCVripSNVrceBboRH0W + bMgZ+Sv2sElfDpIA1IJpzPn3BNNgnqkZmt9z5JiXQckV5dvf97ITL6spsccCoJLO + aimJ/vNLEK/ZDJWu/h3X861BQMdL5YLg/OVVmwIDAQABAoIBAC9NotA8I2xur9jU + cpdGqHUxPFkgCVTSFj6xGhlaNYcPpLSTq37Y9S9YMFgAwEWIdr2fmoI5paMdLLtx + S5+WuPPlBkNMwE/J7BHiSheJ0yfXfp/PP9W7q4ViUrefPA30bODWHHx6teQstQIE + s+jD/y7j0ojakccQyUlnVifjZkjF/anNXaB6/Vo6GhNSG82HNGvB4Mwx2x8dHPWf + T8oChvpdF3Rn+dxhQwRtkHX5gn/iRh/FxIc6kMCSOrTk1vCLC7VjZ5efxTAWzs0Z + MbwI5qFqpvsqiREtaEZ2fNOo/Opyi6IGVWmOm9cdP3NBIVH4AH+333HIfoqVi+mO + 0/ys2OECgYEAxXXNtlVH7oOoH05uftD45TY5gwSW/pqOC0/Oxk9EMGXsYqIkOIiy + OHGTs8SN3+7EraCvBudvfeCn649egcj65ewQX1uhvTcuoDGuPBSAF+ml6tgDfCgR + vL1VoVkg8m1uLvRqzPFZeIaXXCIB7vd48QdeowlcaEzK8i9QL+0Jgk0CgYEAxsXX + MVGbG4I0KUoDRA/0PVozswuN3pXXuYJQh8NH8+005agOBbdG1Ebci6huru8NlRzk + vq6hsA9cwPKis0V2vbgxqUVx/iXQHbYOyGQnuDjrLF1lU0z5+g6SFaQGo2WTV/7H + 14p8pEMen3ecSIr+BWywh+XpIGwCJIxIGBNxm4cCgYA/X+HYRWLC0IqjEZ8xIIzh + tBedT1nO+XfhdYnd6A7woaXOuk95vZXFu9418j2+w3loaIwEYT9NXU9HsUoZyZGN + Pci7ckNk4VMboxZSvhmmkxznVNE5hfq7YuEa2epTJIAaneOxRzz6C+iEb33DXrX4 + Ve8v0I9SAmOYe0r3NtK4eQKBgGgn4RQJw/INLxH3o3B1v7CqZG7MfiGFeQ3O+C27 + qSdrQ42XmwlpuSagnw5bSuxFfWOGSWKVlUnxMtQ0EAdKPec57mPZbNsUq1H2RRbC + TIHe6XRM2DxnGJHsMqY+VfAm2KeCbOtHuPpF5XUAMxdcJbFn+7SqR5dioVjPXTOo + dJ5fAoGABnpF+2mMzoG5ZLFgAxiAl8U0D/Vk5mpmE0OSZ6nematWmAtMdLWToyzd + D/+hnKaApu+Ka21yam/ijX1jfU+Ux4IZziraf6bxc8r1eoSxIIjuSdvSfh1NpvoE + ojNmkcl0hUccgARJo3GnFNsCUokM6vzgSoK24h2TI5/DFEaLyQQ= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA1DP2rGbvI5pG/ILMScRlFWlZ33v0YIv8X1AugHItpCyykSSu + g5EW66o5n+JPwEbtJVVYR/FvN0OM9uFcU7ZHWTGpX6qfv4icr9GW74fPyS3SZMDe + jvC23gmGodh7N7k8Aq0rFHNzK8B7ZA5cl9ecCs9kkJdSHuKh4DeSZupQvjBaOdCy + rvSkQ94Y1ABKxm9/ufKc4uAyIyLOvLxoxpYvS1CWJhYOTqr910GTIULDp6CtUG/g + JvFjafCLwwLgo5WbidLZoNudwhx4hgv/ZZjx1GaUGFHxKucqV20GTRNrYSwUwxEO + WV8TGwSFAPvZ8E0TugwgxrEdidHW+9rxTyL1+QIDAQABAoIBABctTcXqwDfNQ++U + gaeU8c1y4kQMj9Zzs67dXRbeYanKz/4WWZE5KZ23y+9wknFXzdMEDU5eSl1o3V6h + oqnqAMT3LZ6rTiNnUmXJqIik9sbsYExs3GIUXITH2ZKXyG1/p9RLAaeMLIoczd1R + zD8xZ3OuzzcTr/57ll6c8zqWYRdEkcl+LIk7KYtLRmfPIfhLeKHNJFYPNZhmMi8u + x0P/0XywOFUZ1Iw2UJUcZdGr30uvhwBszne62WuNIqibm4drIEdnC8nHiHbdl9PS + H3UzpOwuZc3J0cOxl4s0s5NYpyWhCQBQvBlWWBCIPvcH4pLOV5iQWPqACQHqaD3C + f2FLcGECgYEA7ehaU/7JBai/Zl9JImCAtzWe8pToTYevoWemY0CJzNovqZkncbRQ + T/8jv1FU7PtKkYaU7steuT5b6/dumQqkhVYRlxaJeoGhBJl4K6yC0NivpW5hnd7z + p5mdfLWNJEvI+wNEJ0NyWhFtKtC4VAIG1ps0F75bWHCHqedeM54CNYUCgYEA5Fcv + oJZJtIx/s0aGT9Stuxh4WrjZE52IHTBt16VpGomsXiluKMwJG7t4WVprQ8UORP2T + vXr/j7C/GsL8fdnLZvBT7AhzGoLbxtixwG860YWApI3FI2PdXTtn3WviUSixeR6o + DP47o9VvmbtI1JZVUR2zknrQ0Ploto0zYjbtnuUCgYEA1J3VLEAF06Lt+0WpDKoG + HrYzKUTfH3rmAW+qigVBoexUsFOJptqo8/VnMzIyneAu0kPeklL6gr8yU348P1X9 + lpRHACpKD0wOZRfrB80S1CbzQvuVDgwU4XIuBygRzaBVK8/NdvGWHtx4Hc2PDrUI + +36VXarn4/AdrkByNds+yikCgYBGgHDxKVYKjBLlvJG91lHp4a1PfaFwwAQF1y0j + FyxziCyTSkF8ETuCt4h6NkPGQfKc9JqIN5DuwcjPr4KcLQHzf6K5zwYTGnJXXBLN + 8sn7ZTgKFsfWnH/9yFjScfwHyQO6/O8wS9MIS99QXRYopV4kVIJcaNVOoKNnMgO6 + gHEvzQKBgQDtyP2cYLeaMjhq2b04zYN0mAOs4abBQgrDC/6yvI0dKgPu8gDdLFM2 + gqD9fuZdATUI2u2dyIm8uPlJHTdgz38ZAkNMit4KX3lia8fxag/jQ//VPrjLwsuF + STkVL6X7kgHFHIuJOaN0o9r3pC4CoMjNkqdQ30w3B/B3RluvJCiNqQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA3PdXQhiJ5R+/VJjh7Fvtfv4D+lIPiqGJdG2RyQB0JNI2OF6u + Z0gjAj2R9guj3r/SLX67UyeTXeAW1IPlxvtyZJSfYXJFunTCpHUtHnCpzvsMhFpD + 2q9zLb3yHNmiavC31g5mog7FUox9XPaPvJrm9ZvosBNrdduGrEE6RokSbObXC2g0 + 8s4njawK5BsSngsBm4MuSU+58t5Z3Nue1rc2SQkGzK7AhKFkUzpG9v6OCuW78Hlb + NWZw3pmhWK+2x9lO/RwoQm1RDz53bynnDkonqNSWj/FNRwVTapcpLaHwtoKuZCgT + V7ve43gLFqQJLruIRIteuEY19Gqhrp+g553OaQIDAQABAoIBAA65UJAv8GhbIDWz + 5kIIsh+nL36rnyt+rhka//7jz9lwRHqnHHn3XZXVondBuU6re4bajgLxfSlhOEQ6 + 8cG7mZjIKoKkya6t/xZUVIhVu4r2QZREK4dT75nZsVtoySDVH3rdBMvBrjZc9DGQ + oG1R6Rfupqes85kr4qJxyj9O/PJSo8EOEynXNl9knNiXTBvxcoA+doHtJ5u8ZXi9 + mFHqAxt8AcB4Mcr6FNJCxsvbpYUIIhKDl2lccTdCexHqWaKlyhJm96btUickvOgZ + WavINeSBvqPeJGA2/erphDXheBPmwbKglJOSYQt606Beysy1Vc0QuZFb1BxGEgjo + AkOCuP0CgYEA+NI9ujkK9GY2L7pynvCdgXVcMwQkHAE4ChgqXxKSdmYv37wNn9R+ + gBJgLIRTJaOSmO6/E/2/hp6LKAK0PN34svA03pdP6XMMCQDAxMlQU/H9WhiTViDk + 3EyQc82VcTqQh+kge+TVjdE6vJKI0iWsokOwGRSuBWxWO7dCqZVWcNMCgYEA41dd + s6bsR+3lGwxWwEgY4j2pXslhsXinls89htgdL6XvECy2VVHwXymaUd3cvraZ8gUW + uodTwYaYkRzrQ7BYRb+UVc8rLRQkmADkBJll06wTX4ttqWVbm0rYn/R/SAGr0/pH + 1Cv4ZQLFXGXVRQQ+SxoXcG2FskFBG8C5sgAXnlMCgYEAhF3T2K1f1oRJbzqQn10B + bU0xrzIUw5EibrxMTidjIvlZnnw8AzrX0On1n7kFQpCx/AmGPOxQZx0Qikhl+btc + AlUmywNTz60USfXMluNBiGbDkJpiRv9YwJk6f2Buj73IBYVPcplZwgf8ZzTM9H52 + SBwaIj2OFfR8K2hiXjTDt2ECgYEAjDdlZpmsn8ydgupAU0Xkex226exhIdmd28kk + VJfUoH/CjAJXzxXDoJ4DPT0Oml37Yyc6Vn+C7Bi83rusa0pHl3VK4wXsxlfnHg1m + lWObR0uZg1N2poUKVCR8qWNeYaYOOabjSHx6Lqrf2VZBjNjKJv4HuOMEE+ZlZt2e + aqfd6VsCgYEA4eBDJdEQaZABhGjg1VAHYrKc1wdMAm22kx0FbNygkP4OdVJ6mwjB + qiHz/9PDRODmjzfJvvrjYAnOV3ly24IjVAuDjdUTUG356ApvAfZZWe+4gIDQYbD2 + nZlaBtFwq3pMDEReidsBWaD+cYtogWo0rx17ECZpmBgnoL0Xdzk9wRE= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAx5f4HlWaQXO3kmc/fa5C2T4uhCGnH4zyrmXDtU6A0KB8TqQ+ + Uol3qVCNaaiZ6UQ78C5D8HKUyQiNul9lu2IeUDBn8TXaaZsiONSLsRZRzwQu5faV + 7S460Rd5/kFHQg6hDGHc7ao5zusFgD2BmW89GfANTtwvYqZrfhMbrmPzd1KZ2hun + gWTP9pdohClbSzSj+HkGzFI/YmLLGYtT5WBEbo0ly+Zv/dTKcx8wgYoGSDdjxsPq + 6ez1jULyWCAnie49FSZywClB5TnBHiGMS9ZBkWUkEt2Y3u/E9/lw2MZZn9qh9cur + /QC7QzxpLTeS8goa6WGkejSU4kFQEX7ypSGObwIDAQABAoIBAQDAkt/SZMVwYTW9 + C+E2YewdruEym0WkK1n66jTpudSPdkh5l/6JpBjQQ+gtCX92kV9DXWAvnl3vmVEl + gOWm5gRZWlrvYAZb3lImguxE8EP+eQrG1iPRs8kL9Jq/tjwKgBLi34lJxfQAsMGd + +boRUEKjw/kTHV6az/bmrYkHuWguts26yBLViK7lAZekHSDNA0EJoQMgzdEjEiYO + 5Cc5j5cIxBIyPoa23rwX6o/5W3af0qztjnE8VRJiTCiqweVtQrICuxDCFWLYqwKq + rpntQyaAfKtsm8jxdjnaNWlSOXQNdgU1Bm3TQhmURdICPSkDo3tBJYurbfdRJAO1 + v7uReOgBAoGBAPeQSaoT49tREcr/JNxNVpUgHarLxhd1agNsrvbN8Knt1ZvnSQzW + h2kTLp2Q6OTz1p3F+iLRWZ+tvoq0jSlWLzVANz/qiaLE5AiCwCGwHOc77ht0RkOz + iqRJYaZBA6u8Km6vHDD1dBItlH04sKqVD6P24LXRkrrZLdnNAgJ/E7gdAoGBAM5l + MpUlXCTqP6tb3VnEt6cmNf75e6FAAMaBSgHDx+SCa8UCWDvP1LAujW7HQVMZARxJ + GTQZ2HVCoeYe/zwyjB5aMXOfkwjqYk6LHcUvCh1trcl9IwjwD/bmHC6T/f1ocObs + d+PdYTUsEkK5Y35iXnw9gzZc/4IzdZR6oMEuIhL7AoGBAKcq+XMtZymLfrZSv7M7 + TgH448+XNjZVBLc3RpZFzgMRJLLX5M4Udu+PEmU3muwvc3aqXxPvxdM7YXUMIl4N + YmdU63nvh+0vgsP0doTJBVtnbot/YosIy8/P9W5sbGwk7Yo8GI8+z5gOyzwbccBe + U2dmp6pez/P3/ywZcQf6g3hJAoGBAMNIDKwBRUXIPaWsraqZ7gpApSYydz8Ch7lJ + 6vPwgdk7bSxiI4m0AtEPutHtxWkSZ3KT1zzsl1mbSgOpoGUcjmbJf7Cec0gkPA+E + oQ5Ii5F8jMnvlI6IVRKOdmu7qr1xbCGR6321oJvmrwBi2DhkanGy4cs2Aqr2dXGe + 9SrSs3qxAoGAas1h2dgSQM74dBto0+M2O6A3GsS1WtbZbYbEcXFKJWD3MQuE6Yrh + iqJSlb80N7jMeUIVgvNKyv6tBfvhfZh6nRNlsjBwdmo8Qa32FVsxpJKp4AE5psNh + aEjjPry793/0wW0udCcTDUaoL3eGztW1zvXlNwLOElaqsyVpJQn5uM0= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA3tvAtpBBiu07O2qcjGuipY2GkfrSsrG3TJnYBSs+uIrDmBsy + K7JXwowvUhsnrxRrqZ0QhHsByLveD2gnNzApSKXRe+KdBRxCsd8HUHqiFn9wHCpb + mwKWSwUKz1ab+QgkWZKuH1cJxUK8zx/F7o4gh191glqAhKgXL9eTUj3c5SguyLay + 5TBIa0dOjfOc3kixUJ6TXSeJ0+lMjFzal8zgysT4GvjQs2wK9k9cPDobNwsKsW2Z + FQw+kO39cSyhdyvLvtk4RiyG/9zMVFn54NUhJAspzq+PnM07UJB7D6ZM0XkGjk/6 + nqUgJlNo1kR4Zo+kpy4J/mUDmMjZZ1n1sfJ8wQIDAQABAoIBAQCPFE9Z5qvt4flR + YFU54jD+USrAtmRnzal9SJhkWStfl9eT5IIFg+7MPOx0rnJ/+YBV2T0tkTvIALXE + 9n2W9RjMR4mDHC7rhQVc5W/wv4spHpB/xMIjdzm+2HHkRBrHe+66g22/OUZQm1RV + NnUBf8Zqo2LyWeCBStn4IVO4TXdwt3RHTSxMAJITEBYTzEj4CTeqDvhkQixcrbfB + f2ptrh0BGAynCiy5VO9O0dOlbC0sUgGlQtPZ7hMAKa8BRoPTRABTGNEuN3lv4FM5 + QF6kZcmmyQjjBVP0YPIYFFOdGEy6mDZg5MB82atN8p/TwO4QTiDEPCwuTVitm7W6 + hG2D6R4xAoGBAP+0d4/O+eMaPEkmCAWc8IAzHS6bPoTcfcHvI9VkTpAXiugEOYBc + uSIyyAVBPULEgmdoTI5QRc5GYPNC015NeyUTJIJ4YoEsWgtH7hrrZLK6To/A2fG/ + YJ7QQBfrpnC/U0D20AJE9N+GT7m6SD9hkTCCgMlMyH96HrkOK/MIpSSbAoGBAN8d + lUrMJmTOx1uI9JdA2C53iTcU7qMwEFL13OGW7kXmOwaUI2N+rKBc6tah0XxUQ3wV + VlVInu8lXCbnqj+4c5FhpEfz8gjliJ/w02abqF6Q85SzF8uCtxE2/xqVaPWuF79z + wRZZF130D/ae/Hq4vsgj0bsw1eJoSAc+Uq+Y7oPTAoGBAPZLSKJ+9Ri3S3wVosJt + UQXatfAPXl+w1Xy4L+a5sCaAVq52a0Blj3kOOrU9CpnGF+ksgBjP3vz5syZ8poT9 + 0nB6iL8W36KWKsEU7paFR0ATzdoPIp4E/TbbVfD0bSPKVZGMafzVmJu4jhBSCobq + HmQAP7YlPDX1VaRfrxtvp0mjAoGAYzjLwMTDOkd+/uUMKQusWBXOztEfQzFHwS0X + urcdZbZ6f3V3u3KFIJfR0/uIpuruTAtNJoYyMBYEQkT6QHYt5vRuU5VYCL7TIJW/ + 3bzRhqSdvn5a0aVi9mPn1RGm6MMwSnMW5nJeYuj8BGg1zfnE1kqfpciVBafsiFQd + /3tabwMCgYBF6qmf8hSUuAGk4tdgleT+CRm+MkVaA49l2JUEWI0LrQg/uz/HDASa + JKzqvD55qrYTwVfi5sHV0UarT13HcPAd4GaY+Xk0KQsyiBgGbg7jDJUMEQfRqZql + 35tMywbffrFtx4igKPjXdnvIJFDX4Blz4nM3UjHUPvjRF05HDy8fxQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAylRr2g9O+zU99x4MBWLjWLf38Vrwjh+fdTGDpnx3Tw5jTWS8 + RwAzzdDkIQ4GG8q9wiAw5usElaUVs2wre5+/XBdmT6/h8vN4SMT7QHkKdE1cEpoh + jxLMeDkahxcThoWVlwNj4vpAlm82pp6e23bZlEpDeqy6jOCQHH3Md7RRw9Ubkcrd + QnaEl6cZ4IBLMky5Q9G9wRYEAJF0ffXTmK+3UD85fGxROTiLSrUc+o1JrwaL4QLi + q2jbA2v9hvURQtV5WTKvH1b2zbjP0FxK4GJreNVdeW7qWS/BV06NugyqKWp+6niR + 19JK1n4B8jqmuhFYSHjx3UMMJN5HNRPDJW1cFQIDAQABAoIBAC58IN9TnxDGFbt9 + 0sM2CgerFLMF8rikeU1Cl/2bIQovww7X8w3Y9Q33TUJu52ZhOSGtpa6YFlCPQiIb + 2w2nER8GXUI3pZDc8Si+4P7aEFXSJDI96THm3sVMUVTyL1E7xbeRVtSiLE6jtImp + bdP8RVb1jPVVU/Lj8RgqqtxhuFtmZOojAGA2sFC/zQGOaZvmFFM+8Fb/V9yPLT/P + wMaqiPxdUyqUBIjxOnETbykF1tiZAZ8lQdfNNaSB16+W8YztdavDOplzonKjGQXX + 8omuIy3HNnSeW0Jy9Nw0HXY7gxmXVr7gR1yWJo3+CWSVmoO7PYq3WZcJDCFCI2hD + D1E/aeECgYEA9pgsa+jxBYM2DcsLQjoOl8yAMrpORJuYYzj41brpn/lsNrflAVFc + nBlrIbyCfriRQadim8utsSI+6/53HbZXTKHvsYLhdFkBH6iQoAda2eTQvpTlGR1J + 7Fa+n8SPIVJVDoq00kXthFZZzoE3pmif3X6luZrg8T5JRyE+imrl5KkCgYEA0gwI + mEw5ignqU7lzsGaTCQL4DSCYQ2Zq3ZEBIVNSG+oXP4AtWjFP4cF383KYdMnzBDVC + NGRHPGqp1+OLWLrxPAORkWpd8kp1SKo4CDIGG9/XL+xUF8dhBhFCOAOV5JCEiqww + QFzfXchOGr5wbMBnI0M0YZ5nj1e1jEUHZt3y840CgYEAxsNn4t8TDydw9XM5MvuK + 8a5jkv/6wHBOR4QPhm8visPIBt75VrOXGzed08aXxL7OToY2BHALI+D/qMcmiiuE + eH96rbFaOqbXMgZz9JmZEFLQMx3e//xMrpRI+Iy99dTgPGVvVKIKzgWwQ7SB/78L + RMSlnlKJh8p11ECmoXmCrmkCgYBm1GVQyeBRZ9FD88JjVZQeEUoGgzKHrJgcqGR5 + QCUubUe8Wq/ZO9Lznpduo2dnpYZHRRuIMp99QGqtukP5yGtZChY1rnEXsMQCMvMD + cBn1g3wBhh0VFxK0ubZFXdv/7ZA1o15r5AumCe3SwfCgDQFxDfGS6M2iKzpB1Xlu + LrJF8QKBgQDtTSB/DavOp+hXl2CyRJBc2plXGfXjSoN5kvbTyCfQPkwArJ4Kkj9r + mm1pgM7fJU62zwbqyaGyK+ewlenw5ZEbGft4Y4c/vqhOxMgZNwWTbdmITU0RBLDq + 2dtSSIRkhlYONk4IJ5PhmDVygexVJjidm0GF5HsrazmDrSOkR1xWGw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA9Qq5Oz3BmRI4kmkFHIZoLbkf4/wF3RkiDWpYUAqaggvaXan1 + OHLcCoFnw5v6Pjtf8U4p0n5FAUOdRA7U4ICym2poVG2UCjsySCNjSmL0DjpVn9Dj + 88LjQ6OTUiQlSg+wzsMIhuakD6o1Gf1UZ/F+FxtU/TMMjtKOSJD4Rpyzc0hNvBWi + 29+qt6lF6pBuxRE2WVr9t0wnzp+qL/Ng3R2VXu9q9EVBRoUjwJpmcvkCFS+b5va7 + ZsvPwAQ6gO7oXOGtQE9YqRLAu7KasnHhqw+NmrJCumPW84q3ddG1M9DYvU7LNHyF + 7FHsMkEy/1PIWg7Edp58fny7dCzm2zZklyE5/wIDAQABAoIBAQCLTp9jyIYpiaxT + wBTB1L+hTt+Mcxi6S7GKQu0WBBE24ZoxKZBZmSLzbgIZuLEZdBPlUXSBUHvWbiQY + Lv5i64eex22soedJscGyNTwbbAonlI5dHxqY2DDvoSz9w8LXSfhQc5yDZNfcd/1c + WyMDPM1cQZOdpsn64EU3iAM90ZRLcrC4f/gzjhZmNS5ceZQmrIRswD07MaXgBc8s + XvhppkdBre+uUHkdG5oCoROoLgaUkWLzyxLBMib7cKgxiTOcEANuLaTweaHuIznJ + AoxxaTy4QQXY9scrU2TYXhfh45kwFc+jkpX6P5+siV3Jb5jpRHU/6QTFmbEXPDk3 + bmXOZFlRAoGBAPWC/QhmhmS/226wH59Uh6evO3NPsXaW58sINnEpAXiD/Xzye3LG + n58pFoJBQH8EEgqxhTv+kWN5ptMW+UUBz4tuxKSK4LNx3LxqTtykzzr0x7ni1Bvl + KMEiBZ2qYde+Xe4wdNKdEEHaeYYd2JYipikDZjVEbiVjqzNksJHGczvTAoGBAP+C + mO9qMC9cP1GB0S3DV5VxwzxTk3vtqimmQoDbL/a1LH0kYDsM95hBTdeSBuerBrs1 + wl2dGev+9r1o/O1gE1TFyPYClXj8db5Q9PXMbVO5NjKHTcSiNyQTfez21l0qbW/F + XW0cEfssHUyx5ZkjYImAHyq4ukm1HPuR2DLIscmlAoGAcpRxdwwySK7pwBzehUO0 + E+RKQKS+0/PVtgHdNq7GivI+yaN5TbW5JVTNtnixmxXRPcBfyAIk5GIQI5AjQbt4 + m0BU8d4GxHitZhnPOFaKiJ9Y3z4nc+VdQdWY/V5ZT5D+0X036Ft5DOLjuF4RiPAe + 0CFQACgxp61+ZvvlFAOkIBUCgYAUYOsntTVwoY/fRVZUqw7SOYeTySqrKLJ4re0B + 7/lsWNjahksyin844oR93AS293oK9mexJbWKkARH6Ra7K/1+tmOn017ujlwpuLVA + 4XQayFvdPdNjCnkRZIiXnLxOI/Mkhf5ElIeOm98eXdXtF9g8Pz69HoylEk/kdKZk + roMXjQKBgFqh/L7wI8B9pguSCp0N1FdoIjoN7gZCve3CBb4EdWaSc4llSsNJAsca + tG1r1V1fJR4m8naofSSXxC+chmKnwpqhoXu7CW5c1z8RE53PwKhEKALMwtU9D3+s + BCqEr4PL6r5h9KIjXWTqqpOFzg4bjxkDLTnsczyLJ+nQsxTWSbTV + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEA4n6pe6hW36zFi0Zct1HC/Enb3RdPf5kSZVDIljOb1esmZPrZ + geMFpFHG2j4YOkJrGWCe4YiLum/bTQBf/K6k8qYo4qXyjiPDJ0UMgs8NE5YZjczw + PmZH7BKuu9om73hvmxW00u2jDHHf+Zf8vWydq4wNs2/Rxz9L476ub05+K97EGYsY + 7HjAtA1KfHnhDnw2Pj/nsmJo4IlNSzM0gsYWRZr37haTClIK+YubIsQV86rGX0m/ + 6Rh5j85a7A8OZFu40LtwLxg55IDPpqxqzWJyHnl4wbYSWdbO7ZCKexGiSlMjIbk8 + 2Na7YwvE6edWTkDMDlMZ9anRgMh2+6fo6+15owIDAQABAoIBAFksu3f3WHTqZkCm + rFx08Ys5XTpYMjGvx+FiBAe3PBTmZ5B8f2S3SIJgvCUzK4DMo7QzKXrssu7tmW9g + xWoMLN9oclKCOdSi2fQ9KGbcNG7QuzDsTm6TAKA+3tMRWiEQzwhFbJNbgsWklCWG + JLlD6XQgSUirrvF+x1dcvPsP8Xc9mWQzvQ+VCB0EKm5BN4K8uO6bTeB7T7sbEhC7 + hCW+Dlke0TmoCKJ1OOo/jHs6SUHEo2ajzTIPOjotp7Ny0OzsfQTXopDAD8lhte77 + dP1D/wo8ogr6LaHjeI5iJIxLs3qknxNdStMRuxWlt4MyizMVxhjFuXBmZxrYiMpO + ksbrlvkCgYEA8gIC9l88RrWl1P+8uCktcaJpCCA35IrrJ7EcVHcFmXRr0UV4QEkZ + PU1hwoEzHXQK0mHJGTcMrej/fhvncFSaKKIcwSchVRL0diIbJXIE1iAHjyLIIT5E + JJWCRU+y3lRL+4WZGoBOf3eHyKooy14Tqu2h16xlOUfrwAeaoul7Rs8CgYEA75cK + FPdalLOVqwTA/eCXvh3vdB19SdgVzmpNbwoX0G6sdr+z60pQ8r5sjMtyTxnsHhBX + VJkPWruiU7B9nJ2Y4uchVWhu5ZkSNIEhfNRtA56wBG6ezaNnn02P3P26xzEl7G3l + /knDgzDoRL63hj/D85z3/vLsmOyPke2y1vmfVO0CgYAfeQl/lvUU0QzG/ZdCcAB7 + 9b4pE1+RdkuMtujTR0NQKKbY6WrxGVCR+11KWVkXbH73y0XG5LTebR3E/cYEgswl + mqeYqwkXskZekqLrJL/iRPoWsFRMlndwNo1hjDLb3SSgikhV/Pe4dggPnal+gTaX + lR3mGYJ0h5juOU7v/uNMWwKBgBZAug/+dWxQTbtnoqEx5gYjc6UeRA/CwSu91dlV + X6bdUKlq3sQgz+nr49sj3kcYikS0kdfqq3Fq8gXB47jTLmsMupzbKUmr8PPtdnXI + qSNn7sNKnvdMkQhLxOvqqRltKC+QeYcnxL//n+Mar6MJcyLCVopYd78wYZlVMYIk + Bzd1AoGANlZtruc7w5iiQJTQO4kHWPnN9Ti9H4d9w8AihAljQtl78eUvoA3oEbXL + voT4lvDOJzmk7U2A/7xCeTFxe3cqaIh19EtmcP00KhfA+mM9EB0J7E36ETkNYBnG + 6lY74Wg/luHzY3Ey7YpB74nnrzAyT0+UtBogTRtue/4BLKVK0QA= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAvCABaQ8FGD1goT+VKV2qQNa1rUjRKxhbJngJ97aQ32MzM0Jq + 2hdh8D/eDOHX6AOUuASk1oqK5q7bSOIoZeF3SqrTraphRpOa1XXa35kf2fD1C1GG + o2Vew41HzHQHt0+X+4uFv35cS6PgUHiW3mim9pRHuEQxIAk9eYntDGtFhEs4HZpY + GxDZXrr+bB8CbYCiath/n5TnWLEn7s6S3x29bCiBk1mdzqFiU5nVvIIfZyxwX/fK + iMtkgSTx9xx7UIX9hcXI5YDRKUNkoRd4uBt2DM0GuMUwizC8AaWmCm8Xubpiwhsq + N/Agsyrtxz6swyXpkz2zJOwj8uueJLuLfTgaSQIDAQABAoIBACphW2/7fj5TtW0e + EdBb1Xr947fB6701o3MrH7O6YTCx/FrT35Z6JgolmTR1vFn8VIiQI0Jhu6D0S1pD + +K3a+TDNAxrgg0GPBxaHkmNE77P9YHbISviMYajULxSUHxjgyXBVoi/dm5U+uc3n + HLXGBbcO+Ik+c4KwEjVLKSffEq4WkDH5z8xQpQUCnJMh8DwAeFzco1i8TJUo8pDI + sjrU07C3y6v5ZjwBBb+zSwz7vBQkrFVfu7/qk6jk3h2Nybln+41oLPlPLCPhhlxh + 0d7PbhoUGDYme1sxqZrv/BWW69UCYrDtJXKZ+931M3HnECnGIXWIFyP9fPc1l/2Y + qdENmgECgYEA+pcoBFJMHN9oidfiJ8u/PcNW4mlXUBgrOsvtkBBR3PrpDQxhGB4K + OGhJWB7ayLhQmVUB0JWn3wtvgqLgTp3ijCRKLb1uNAYUCm9o7lGPKufma9csxbmz + P+Pdia5zZdujbbPlfTwX3TXMgKHpXBum4KTuYeQ6T2JpOmFH7VztcRECgYEAwC+l + Isfb8rTfbrkF7v1Lr77ukl5EKC9LvWNTQrHSNsQjtIxudjLbhS6BEBhMq18DyCor + tZGmi7YQT5cqxz29pMA6/hrA4pTDq4SPtOfyguG5ac5n6POG+Ra/vEV1iC9E8lzL + hFgrhQiwuteb4rUetcbRfZIt5SEBvqLpVAWrFbkCgYBl0OzNdLLAOHW9LB4TlVFK + wweWTr7PKELITPtlQXxBkSEH0DPTHMGCUb0bNM4oJ9t3sXZfTa87jOXt6kfBKZ1W + 25fYJdOVB7M02jeEPVcyU67nujHS1LTkDK2Ct4Ljq+4nMKTZ0YTQuH8y9JZgeku/ + ksPYumaGwrGGqugSpWNEQQKBgQChwXhEJeNCDGpiTuhnllm1ugYiu6SyDdy5snfJ + ktFTtxI2TFxMr9GD7vhCC7G8K2SLfLL9R3Hd9YcU9i7TM2wC1qjQZsQh8QQfwJsT + sIW1Ezdzjn5220GnNTZ7yBp8XQyy0NeatHsspXvaRs61qawHYye/gOGQEI/fXE72 + oS62QQKBgQCzHkb9Qd8Xpdq8lP1rxUjoZnCxXlkzHuYVtcvmPN0aytGavbekHQp3 + pMxfRxjyIrZKpAFhS510decDzm7tRTDJZxUYpMTXsMxFuOKCHX/+liNboJIDCR+D + MgOrZYgMnJ/z5S5yBO9P2hodXZO1FFBGw2Ygx+OmjU3DDElfya7KHA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAzgzXd83aiPW0pYxC6a0fHctGVCIFAkgXAvFL0YYMloDJXhkR + ZYkOQ2FcVxuN3686lJukkfw8mKZ0U+ojb1K3J7BSU0G+GaYg6OO79tWRCZ0Ofi1b + ppyL5uzSz9ftqgVGfoPXopZ4fhsMokbRZ1gKPq44FAhe6zZFG76ZSgPWtfqiO8bB + PsoTEswlcK+go0vfTz0bGp8pg0VRXxSqFqcdoO4r9QWF/l5ovgORUBjn9XV6f1Oy + 9JgfYH/YMn3fuQwClGNGVqHMRAqSbziOkLR5upUkJMZpLuA/5i6kEPjK6pkth9EW + c1Ren7eielivtjbjZlo2hXERWLjaL/tZgF9/pQIDAQABAoIBACvnOJHiXsoH8HHF + rQw1QwgKI/YROZf+3EhYOZtvQIdg8YcHOFm2Fj/tIsu8p0IeCBFaCHrCj/bGoMqw + fNRff38JZsEupN66MxDsVUSGxNyThl8EMx8RBA40L8bxb0Zm0VprpSqTfSEBinOZ + O00VyTkJzhEWp4LekWMT/X1zy/ACEWbywwCgPWQZnZo+rjhAw6kvzTdZfQBl/+9J + vj3fAoj7+9NE6VZl2z0ZjjEQPATjldnG0/4IS7q+I7AFWI8QV7/HjDogUSQhBeUn + /E7g50ET4OS8Ae5iuN/pDtp79PulbaLjpmYMdhy3bOmYo+xYtt+0fBxebwWcZ/Lz + G6iZ15ECgYEA50z2kZXwBdH8NPW0N56TC5laROjpBt+NQZvDftcPfa74HU1laKT1 + RK5cpqmeUOtBTeFaRapiKGdKhlOwM89EFCnU7fZ6KyfgSqF4Zw1LpZBCl0oL0qN/ + 9YhhIMufQJrkPHe+jn3CP+uWsXbbwR9kYFVOjTmh12XhwleY59l9WHsCgYEA5A2c + AwMQNOtTdvkImfM24qJjyFmgpIxYNhd4hRYjF/0iezLxD7jnKuZs2eH6wOQ5sn7L + yEdFst2/gUax8Q6mcMwZhzQlXpcaLw0TELpixsheGbZ8kvsMRCiHW3XX+TIcKzVy + pR0wzmJWAOhmdveucnxqHZWIxBqrbq50zWUT3l8CgYAj6varGu5/6ODSVIlczbol + 5fV3l/d/wr1Lv+V2z+yu5rnOyxMBUgRoWu82TkawaCfm8SS0hsXhYlDXVS2ajggT + XX+cSFcmVnXlAPgSgKULm8BLgAsf9ZXMShZTImuje6oPncSwmeTNSkdHXZ64eah7 + sSOWmKmCKmcJZ9Ltxf9J+wKBgGq6T8w9D8WkaHBihfr+jy4rj4VBJOQ9Zj8SZu3p + +UyNxChiI90WzOEP69tgXekOJk559sbpTB40lx5aRoapM43QhxX2epK1JqTkeoq2 + n+ml9hwUgmKLKSdwzEAqe4P9Rp+WKOxLJ/8+mD9ehC2jJrofrc3goJweWyK2dKV3 + a4ADAoGBAK6dqRnelu38nbOBxrfSENoUoxS2+6BfP7dG3ezWmdxOXRPkiemFTZQh + iJ6zZ6/hIoNre26Qyt3JUGZcBgWw5upDdgeX+xS4j5a3Y6J6WDhkszdsPrVhRcym + y1j0l5I8TexLXUT2Jw9dTFyqoyHfZXl9LuyGRmZY/Zn/wcIPKXrr + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-pod10-node3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAxtf2g6UuaUBfX/W5PqJSokh+3P5df2DwtEES0a1zW+LeSx+b + L6PT7dlVDRjjC6gVAxFlY2Gr4OklpqLy6+Vj4MiupLJThxcWwVLbCWxTr7bLe7pN + vkUEFSmWA0HudZSfeijir/v3XleTfV5ZPXx/0OXdd523D9cJ+XuN1E9FnMHZGoJ5 + xIBz8Y9Pmnk6Ji0dTnuB6JNvP4m0p5UBzxgpLGQSEcJLQQTbs23/oWztgyc8EpBi + tUuchSpmP87JF/slp2EzbDOTKVv/3iuy35K1pluyjNllkG13WB4RR7MdqHnPjnxB + 02AOpXs6CrtybxIGMHw625OvQcxEeWinjEZLpwIDAQABAoIBAAVF8Omo1cRAysa2 + s4TvtRVMquCddklMftWo7CDXYrnLGG4RloH67EHgg5rnUA4dFQGR0oiCLJa4WCFF + LQAIg0+QwuDnQcPRXu8djWWAk++S/252kF09Y1BUXAAWHYbMvDX3I5vbKMI9vFGU + 0PUKejFGB0uGyTYIU+Fj320D9SqlBWfw5j31POzzxYgV7z53QRGKmPDjh/3IGGPd + LdPkGBrBUSmZKYhuzZ2+JDs904L5pnnc6fr8Fz7LzCAlfwV1H7F86NCydtnyICKU + T8vGmYOAnXaMelFUQ5yjsEt07MWycpMJoHEVrUe8JXZlcBdjFdGS/ev2tN5ATg3I + Xo2HVqECgYEA8fM3ZKoVnvvjNiFP5PiG161/eP7jO6QwcHTgGqUmoapuk/pmR1dY + nGIac/4vC1nk2SXDCqNqg587Yt13xFfkC113K0tMnaHYoN/MlhlO9DS3QiOONcx8 + g1KRq/NpfxEQ1rp6GbQWXq4KihsMolFq+OHw9uYzn1dH9zxWQGczQPkCgYEA0mPv + JJcbKXq5lFbF3ArQd5ebVndRNqdqCGbpriZrfak5jiixR7p9GwCk20SrXExwbGxz + ONup+Yp06qWP/06msZ5fh3MzB7vOeuBB5H6e45n7fvgt5Pe0IPYJwRK1aAAa3YHJ + q/6SGmaV7IrMyho9HbTxRLOWu9ECV4lPChGluZ8CgYEAnGg8AOkqvPHcedujCEPY + 94gDBbbQMnf7kFcdoFvu00eX4DVY9Pl0IPQSYbWJt+7Oz8lngnMNojTHcSv2BolC + tE4hgW1WA/jiT20dllKaBagmZ60Qe5rLSyGPZfce1bO0jPtTf1Y5t88OpSTDUBMN + 8gItgY5jBLipnxv0LgII0hECgYA8pRfK+U+YDksuKjEQc4GR536cVvpvAaT71QZo + 76QubbgsdShc37GuNepPViT7DwGdD0nLSu5dAv8eoCi41CgSrO8mcRt1kDo9iyUT + QzhzrPAksk8wYAJpOeKn58eoudcEoKPMUy40M/vlWkEbxKJ3TK/7OLUrYF0HdIn3 + Ag0+SwKBgH/P4K0aWlYfxfybROHk9irzlr92b45MgCLd85cgxizQgI8NE4q7Rll3 + IbEMbnbi2IeeYyz/vUxCqDWsD23wE/ZQMEaTDF910uj5ecThD/zcjenzN/r60CyJ + RZ4GKcENt8n/1sWRb27CH25pRVweriwSev24GQwORPiHI0FKaafH + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAuj2Vbh39BJgLxQevgCPbo4ARNb19vaD89hD71EujRodcTnG/ + +UALffcFCtCe2xlwBfadXpVSPR0hh/0onoguXF+XguolweVrcecKwJ3DkSiMoeCF + iA4s5xRQre6+6Beip/6oKNO7D95eLrLGuyGTPeJWifIPRJiLgccxvPiEXf5XvQvr + sRzKjY3z8lsMP/F3QWLxhpjeoITv20SpWGfXW7geXkrJQboFGiQYC9Kavmnp/JcJ + jxPFighRI9Dv/wZkenF1rUz8N14wzPAZYBdswJyUls0f/FxrYFHuACfJHmGgUZps + usMOMzMgudDDVHucuMt16KYLmsZKv/SQR/VCywIDAQABAoIBACU7lpozKJg4hXHY + fX+Sq6BeRBKIVZEJlEjlUFM64+N/wDZ2izibUzDVp45n8ro+taSbjw6Pr6dEIaX8 + OJipBQu2mKW1heLjqL1WwVGMuMJWZvcd2dQ/cT6pUw/SwRvJTd1kDd5LpgQgIpgX + aZ+TsMoYa9CcMe02yf0iA5GR5XScwvbm1iw9UUXeSkRSarJSGsaSU4gcyScr6g0V + pS42NOF82ZSA50cKGZxtrdHdugUO4BmZUMDS2hPNotRxBB95Uc48Mg6UDukfVKPP + b6SLG433dHWN3v2tNv/gGp/4jLYa98soxEHKs8o3EVdlQ1lc7Ub4Cayv+4mMnozr + pMtKmnECgYEAyQeWRa0u+6Uc/35U6tUOM+zTX8ijvLHYwomyRua3KDgjpBaK2rQB + m8BkL2Hp3U0mFWh9R9rmdLJ0KKiTiyBtUBcVf1Il05bBdcmnYAV057jhHqkR34VI + 6pvdK5teBcKLwUb8kIpltH6kJ+jzH00yPM8TQT4LvWcf5HWZT22a+rcCgYEA7Sq8 + jdgX558FruHl3wx1qreuIFQ+zxZ44f7tgl+l6pUlW6ffRtT4wqIs0Hu6UUxbmzPm + 6MdzP3CJIDICuhbNk1J6PfiOka9hBiM1liUpVjubrpJwVCFVxB3YUgD/wW5dW06Z + 9rZEJzzYhoDwgDiE/sRf1nlpBhKqRC8xhgq0NI0CgYAVHbrnLr3UqQ9WtwpscFzB + j4rUcNriIzxFkvkrAWkTzHHR9pw3RNk2Zwse/wX1vPjXHtaqCZBTibsx2iNFZe6V + jxcu/I4En71KhhgSugABpyXedpvuAq4aFq0wu20w5bKQZsh41lDAmNzdZFbFXvJ7 + +LRpEf9hscdj1AZ6lWTGGQKBgQCbGHmaIRjw5bOnvB7BkLpaXChJCA7TCpUe5cGY + osgz8jkuCUggYCIV1kyMQn2DsPWvN2/oBpa9g/CI12ulGkhx8Vvzrto9N32xr9DZ + UZAIzo5uyWEgA3S8/e97ISAf9PakQXC6QFOtfUL0ItokX9HJcc5iyZ7+07H5SQuP + 5uwV+QKBgQDGdS3i6cjRRmeKLdziCGNuSla6lAcAUddL8Gsq459LyiO0OI3DjvFo + BG+blPTePWl5OS+sUptM1EVk9WEigL2kmHFGTDtBCWUnG54IYie1kjWAMiXSmcl3 + JG5Z9ry73YRsEaXzi1xQCiD3+guyv/dy/0f6sg2AWUCvliAg5wvnsQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpgIBAAKCAQEA4omqWlyvaY7YJQcJeiSbRMqe9iW37gAoCy6dgVtyuc5MBFaD + 2L8Z1ZJD+vo3j8J0KGrmRyM/cGuF/15f3pupDTiw5rjCGzuOclZxnE00DojRxcyN + QNaQe4tBS9QzTpHa+wAZee85Ri736bRmTc5EjqrI/y5pot9tolp/3+yQIZeNB4CX + smoE8ffKhriI9/mpjVPu30DF1AasmmVMSZURHIgsEebqjBDBN2LK4XKfks9biN/U + 0+vhLQrAnmfE92lDGcUSzOp0jSonJ9LGyUVTyg32YpeoRtiFKNhXQ0JBQik4L+7a + 3WwflW6rk6S5cRimWpWlK3ptgyTWxelTZ8/N1QIDAQABAoIBAQCA0nBBOnu1tzlK + tRm6j56MG/0RVJmnigc7dKK0sOAosRuhS+FmHCYAwVBPJIL8CUQsx71zrqOgtkRY + 174ExNf5YMeYLHCVM+TpOCcbDvwPV9aSeKPKvzkiSCo1iNI0V9UC7yeNo3AabRMl + nySeEjICPzRViHsh15RswrH9EHVV49ptksa3Sr/2QNJDkryiGq/+udhOKF5JwEZF + WSfuXWtommJXc7Vkt4prwnC3N7xdGp7DcdBUSRBcM5p22fVUXyCQT+7sAjwCyuR8 + i5Sr7zP8JUV5qL1tapc8qmjwmiL38p5c+2zncu48FiE2Tr5nlybikdLSAOA8Zwqv + +7O5A36BAoGBAOYLJzwD3jue6fCAHEYdfYVbGFCKKqlDwz30GXkmN4eVe6Z1tHSr + b5ccwmx0nS7DZXFTOU4Zc/DZwN0wXqCoZEXUWtSomQ5hrfW+F9sAbyJ0wxkUWLLg + QSGJ0lQkNR++wHZcT25ZQUYTmL+3LCVC9rENMU2nAAsP9lYS1RbYy3s5AoGBAPwZ + PwiUBWAxHXRxIWletQ8Ag9VzVWMi8ZRBBWu4JGasWZLeZtpGNE7RUBQr/Fm5W2Fx + rtpvcpqW6K9mT9aIooi4Elmlek/L+9rBaF9v5Ucnc+dJei1UEmzUuqH4evxLrPc+ + d5jmGGa3aaB9X+Zf08UmwUIkT9XX1Wb16dCLArt9AoGBAKuzn3E4IeO2VT5hILlk + wY+L0rYqqnT0UwIm8+xtDf1xIX25VRvP6daMbMGuuLNyvIC9cYRNkzAuF7oApGCd + z1ofijw4KyWE2ucVH5Ei3dCF/ij1+s5oe7SgvhB3hf9PzS+K7u6aSBIaBmTyP00A + kkjMZARlpa6cF21fWRVYc2hhAoGBAINQPzYfrCEr1DToDMhPDa6vzPvtJIgMFpvr + toAincthcRMAh8CgmvSHMNghBURTOZcrWTHspVyCyNc8Ss/rwgXHI7/QY0KXdSvA + XLaBmYMTuNq7uklMJoDL2h8uSBmM7Z6nyjI5gHJYjUuMotxkA/IIutfSBEfWMhF8 + fHslPZodAoGBAKAWhWrInzeDP+a0F5lme1KTi1UiDIUSnvckjPrc0oJgmo7+m3wk + /RDu/gVlqctdQCChNi0RCxY0eZRAC7a6jZT+Y+UvWrJEWRgWH8buLwRLOPObSXkE + A4iRLJSQuHcSJZ3E6BzJrKEgI7b4M4JmKe3NsLlRUg5jCF+rkQcy010Y + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAvAgnzL/fV7u2TUV9ZSyFZExIq90lAO/qRQOUamb+kK27XD5y + i/hyLklNd7mrCvAyTMiKyPA6pgwkRnWEEAn/7VjFx48y5QZlvEVobs15KT2H2Y+Y + JcqfynB6NH6yIgIZsM7op+XBGQ2esy/JiDwlYiWp7jBDxFsLdO0iRmWPpTJvqa6F + vkGFfOkOuOhwj5NkAN91ifd1gCqCjN3ftOUwF8YMFOglfVTrDSbaYvOPkYzHJDM5 + guot7MHe8lDB3OsMWX1dRndloZDxXD2Kzjaiwu4o1BIGdPHNs/1wKY7wrXF2wMuo + tY5hHolq4jCeGBVdeIb/KivjtYfBhBQ+G+xx4QIDAQABAoIBABpEPWMRzp5P35iN + w4WVoZCwQ1qWyuuFmEFJzbrLZnZJfqnVI2VAMJscrFC0RBuEEFK/lPua62Z0vcCF + /AvNic3bH83PyDlMGnwhagRIect0B/0xXPyygH3kFn4s0K+FgZc8YC3MH5xjVa8M + VufMFyDNyB446c6NNV2BHs+csmNOGhTw2jObkWNJKfc1Lr9O0oK9xyE+0W2b3FWO + qgwmvbkI9tbPPdNEaWY8mmGjKYCtN5AqJVTE6SHjJ92fwBsVshCsZKR/c2pvXAwC + AOjT0tbk9Q0b40dVI1mZc8RtnpxuC87EDI9AnkLpgJl/COlVVLJk9GFo0SXSi9KC + XRpESEECgYEA20ThiEI87GKCkn/oJQuUxKODKczF2K4yAu8RtdyuOsRcgvF67cJU + q/i5cUDl7zDsbwt37ylWV/yRtj0hkkvZBnSBCOSW/vm3wO8NXyxlthrEwWt1kyWz + yv8qp8DCVV4Y2IHv3eB5ez/wVmUcmI8mnOijz2YTRf4VZXdI8ZW3g+kCgYEA24ez + QqbV5nPWjak9bE1lKtsLp5GEa3Qs2Ljr6ZApCUwtugYXYcW7aUHza10C/yXphCfI + pI97rbSQML0/lGCdxve8Zc5l15nRO/cEBPbUpx8CdASeHgtrrswQ5/RvWXS9+hSx + z5sGmDOq5/GcE9dyEKCedc2DnUd98jWAu5pimzkCgYAiMlruMk5oG3D7wiEFbgn0 + pP+2zC3q/jfkhz5+23z8w1UeQuUGIbGs5GyfghyaMkodg29gCFVkAYsEHgKXW2bs + f80EAwqdl3qWB3JRbo4qWYBoHgdHPLEOrr8LTJ/CSpubYKB1PSYVF8K25qwQCvtd + q1ao6OWGm/rgSTtCGjR1yQKBgAE+JGqlLSLP1xAYPCvHyGHUuZ0qOritAK/9ZAB/ + e2v9DWk3LZy1FNmEsQ8TiLfPDCJeY0ljMo0KL6LG/3wki+AbeOqOn4735PJU9KXe + i9eiWk4z1H1RDTwBFbtqa9Ly0TyAL32AYCouaLJFcN+/4XpsnlkGX89dHz5mxSLK + vfIpAoGBAMaHHBYTYSiDTfuzEbWDLsF6WKfIC4roSeg9NFfUePias4yichaT72E0 + MCYHlfi3oIeyqxJPHr6bNAvxa5J17am4m+mzq6YcHmjkKMKnMaXI1r7taPTKv2/K + vhluRUGwZMxxQy6akqKzD9xRooV1bJrnEJTC4AZZ0ePFyzhf3ca3 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA0zf8Oh0BomRXALzz2UaGDITLuD3JLO4/c5rmGKaCkUX7fgGD + lGX4ZYJCL8L+/maeEUKd849rtih2BlyjlEgn3mbS3//8IA2bb/V0H+tb8AdnOPZG + wShrHQZe6tLtfjTmZ1Fj/Sc5A1/xnrqosEW6zJS8jQHSqsR7hae4GnNYUelGQxaQ + c42KebchQ2Wmcuv0NUUfg0cB3t1LU0ml4yeWEQ43xw3O18uUcxCuQGFwQBBwgR7+ + 4VNQV5IgIvKKzUxEzjERuK1H+y/5TDaBavOzy6L1WnVJI7hqivC7ARIxWa11T6mZ + pyjHXCLj1W0IHcBTqxjOrKNQOSgP3/dZLh4UlwIDAQABAoIBAQCBco1VfFN1F/Ou + Ux9LaQpcf8JuvwcdT0J58lPUha/9ops4JWtjtn7ej09LAEHQ3kk/oMk27Q4BTJjQ + 21OxW+t7RR82Ayec6Vn66r5plY/58j+TzHOei8vhtPbVCcJdl8QhS+Nw0eoCJHnr + YtBhf8q0+O75qEVZPSPKzPhq1YgqYiT93IniVWgS5jtUEeB9PK5qoJT54oPYfez1 + H7I6aMO/VkAoHOERAUDho8UdxQLWZ6ac13Lk+WB9FXMnMU0xl2ObIK/Xqk4H7sBz + +enJnTHJXXrndmGUXqSAc/ZsoPJICGEs1Fbjr0psiAsq6Y4xstkUbLOH/2fQeVOt + XDmBFc25AoGBAO5VuS1qGGCktaH9UKUqt8rvKL57mQ1jsgo8p+4enh63/S2QJUJA + yI0OpMpw0C26/Nzutju0WHfYyEr7ybUcXfc03z6ApKF5XLUWAzz+rp2msrh780EX + R/ZNSraUys/ju6aiIGXk7lukAlNEF59sBNfmkkuK7Vm4FkIcTu5c+jONAoGBAOLf + v0ahUNfqSsY0cDWO+E7VCO90M5aAMWIFYvxNtKJjkGcO19EqVOmiVNz8zQJt9li1 + I6Djik78Zt93yLXa6so6I6DtloMRWy7ugAVe76nbmC7q4KLZMxoAUVZDlJEfmiK6 + BM2MvShYCmLZcO+zVphvVFhVis0lXR1SqlfNXW2zAoGBAIT/2WJ6fjgQMju/fK1u + 9TmN1JLXrkVGiSglSSEcfOhvjB1M/z3FoST2Mwe1hLbATjOMEq2mqmfW1Y7ii2FB + /z3gh2P9reFeNFnpes0i4pafW8SPhuOf9kyAPV0+Ex+H2kPW3XV/F3SURafpq7UP + NnS0+palZGZY0DL8UR+7SvRRAoGBAIIHDMB1SjlFba+ldD4t/8BmtqVOqxZxyFvO + jIngG0wK1kNKrYSSx3HT+OFi/jiLP2pd/tqCLs3QOUGQjHc1zeUzZyIfqWjbNLB0 + PulVHPT0B4e0VCThaTlYv0U6nFaEjzmh9Yi9RdhuhR1cVC79UP8yp1utQ00KQhDB + RSHncMmjAoGAH6UkdtKGlo0Iio1BF2TI5qt4wowdQ7aK+FAcVaaqpdwti1pkQtI2 + lR8yZSDuLflieOn+Fs87eRkNsGX146UvZEvzkQh+88EDcBVRa3UG1vWwswsDzH3N + ngWG1+EDnm442HkNqgh+L4AdZEMc2hbdQ6yaLFR1uftJJskG2Y8Re6g= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAq0VhkYsGQEMy6UB8sGBzg8rn71OfSxk6UbQY/I3lI0CDAczC + HC1YZzV9La7TkCH/+0SUmoYbDqV0EYMw1WNtucoaNwJZ6CoaHCcy0PGAX/5he37+ + jGG5VUaUpZ5LybsHk8n5EvyeqSyqTvmUk6LwLoq31FIJ5seR1w/xpMT9gLC8VB9u + +uXkzowsvfUHKbH5t61Hfqwv3UBMkGFyuJqspXA2uNghD1kjk0Iez8p88dkEsMqf + PwlIgRM2QXbVlhrd3gXG+GDcqQ+F5ipLMtsPc9yN9HbJfkQVkthiLnvubOE4qwIt + 1kNTywsPKgXbqIaiuQsL6qLONvzOwukDOteRLQIDAQABAoIBAEfPQUdauPY8tp3h + seXpqsU5T+GieAluvGsBTfCmNcqAA+2/Qiu6P3SWkrOSt5WZC9D4Qi4/yBxt9qpZ + DSKLG7hoKnGiBLw42tWvAbllaGPXLlwvNN77Ik/E1hJSuogMaPLoHgx96rAX0Bho + wIjeKkH5W3YkJ46hYl5/ituA1KEdyVk/nsstQr0GsrmHIprSQ2q3G8EEi3wk9aEc + OygpPnwzokbgF7NgKn9lpq4Wr3/bG59Ei+CZM1o/te6rYlGJanaCxXG4iVcBUDLi + Xiq5b0rbI3TvBgR8yc8pdgJl4j9bdUvLHSsPovqO3j5GkqjrrFLQedT3CWq7pkzQ + 2JBgaekCgYEA1Yk76WL2vGcbT/yQ+lWGF87BG0RXFqALWzdse3veqG2VmTmf27Zw + PrNduA69lxlzikILVMYC86YhebiMN+7Rf5Mq/B0CicpyFOzwzjbpmRwLaEchwMAB + Z2IbXbrl8vEyYJSzPqWjXLEDD23e98/KHkBOQ0IDpbllEnjXQwzzFV8CgYEAzVSA + 89HFU8xAScaI7HtuvFrlcRz7hk+OZv8EKvpI/Qftta2OjiudK5wfTMNsNb0q9OLB + WTgwr1e4XQ4rBW5iNMwVDvmSp3fULJHTA9vhHvN+Dy+vTXdyfXvkc+W2622xORkU + sm0B2DAFDCcPm8wU2Gi+KBpBvzc+LN2507ICuPMCgYBGSXnTBKQ6t6Wh2nzOKcCN + rZyaoRAZfmy+havLqaZMwmVvniwkYhToTpoWr6NwTQxfAgZAzTzDfneeXUSqVI3Y + 9FQ90D65pE2Q3b0V47VYlIacuG0/yPOtV/myDIcMRKBUch3eDR+MrydWuM+fumHJ + O1mHgf85WaEPR39zrpuE+QKBgGEaMnWb4ZbUhB6fnkc/xEmdLt6EV0rYOr7ooP72 + KChJZJhDgKQpagWiqoax8G2ljTgMOGXKFfQGJvES7zN9VUIktVzEmB9MovGE8Obl + SBxMCHSEF4IqF+HSAmLw4sWJtYMMImaS+IlVhD2QB2ilZcJGHo92g1s7c9Lh9Kxx + haoTAoGAA1iEWLsD4lzqJytN6WmttfeMmfNMzBL42M8UoSTUkiUFebgiYH7oY45C + /ANx5zRXY1R5e+Vy8vw0K8JOxPVnhtzvNyghqUIHoO8BlCF/5F1oz5cXYKoXcL7+ + Y9yzRYmMOlxAbQsx9vryfYo1GHX0Kl2RWdF/Bmrqwy5YpWBlztA= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAsuAluv3HaZaha+kUoR0JEqqzA6THCLxIs0C5StGAsFmPmcxA + gkkGO5acOYOENsab+F1CBqNfC/Kiz3Jz3Ui3UO2gFSQkrG/fTNdHOZO2QXulHW6+ + ugn6jdPklKcHI6wMvfIewBzoN5Q5DE5gDNsCWPwjD5aHg+ycS1SSiK985F+ddccA + f2TK5oxW3VD91FkKLorl4CjA5tgUgXVuGzj7IPuFldoYhryzto7/OQBvN2A26iPb + JtDFOeNaE/Whl9Sz959PIeu8ghXu7+9cS4bHLAlWiyUlUI97/yu/6o9jnc9cYshp + qk9DLeBTwroHrUZtnUv/za9VGz2ywNylm1pZbwIDAQABAoIBACiGoAW9eXBysB/C + runRqjyQb/5jVrSj89So1VIeJQnPQLmXjQX3hXH6rWpaYZoHZU7f0hWu7dnHHxvg + 0l9QGjg7ngksJyLqNa0zGO/yh1hOqxn//TYpDJsVZrRHI1bxo/Fk6ZKc+f+dlU80 + co53EBEZDth5QjqhYMewYYKWP7V9kyqcBY2myx2bseL3mwIkk6vUktrlOEmFeCfW + gxucdFpkQxrg9NIEElhBwOSNTlhCWxS0zV7GhRj9zreqyGtwYLvckZVUrCmQ5RW0 + fcXfQcM2+8M4/fIt9a+PuM6lxjCoMup2GhkEGvXLWUMCWN10zWQieYxNayzvO6mM + Z9JCkAECgYEA3S16pIBdX7XBWssynmutaRXCGyI2nX758vxzfSolHaHcunGBhgOg + gp4pdtlBUe+FLYEaFmmWpYWXX4xjUGcgo/17J0RE/8N8lZQzxCQ34qEePP66rnKX + 87IcKedawYkZ6+yxP8FyoyqdHYaZ9Xjf3EkZswf4xfznOhB3qzkVcLMCgYEAzwmx + C9RVViYxVpOcM2D0FK0OVPVBQX8UK8XbrvlcauVRCygjVgwPbUvpg0y+PKIM6QM/ + P/ziVTreDXg8PyblgfkVlD8y2Xbs9WHpmnUnCXcubYKtwSg+kbkbByTinmJA9sKf + 6aYiWX9KrSjkARrJI6hWM7CgoxPzkImieMBvWlUCgYEA1HNF9dNTXYbxhmveYGuf + s2vx+iw/98KrBmrV6CleY3tB0VkMCBVdzXls7Ls80h5Xd2EmFNcxnCaZQ29PSkD1 + CnCGJi6edGprNiaYHtSHVcpbiE1KNhzetnekM+AFvhcabhL6IvqHShG5v022fyKv + LSKOa/jBTjRiStTcjfyUCp8CgYAghd45BH7vTIqdlgyIiaduBA1nTSuWFVde1PMA + lo1tAV7syL5cSwK1YaJqDMkpjy9F/0uVSq1nRBsTtJqKNRsCgtVf91mOjb8FgP8I + U3TxaLZzX37aA+9oRtK3GZU72iVoXgRu2Lk2o+dgMjc28TU9k7kO36UsWPr+7pAG + NfyIDQKBgBZEUD/45yHu9Svkf5ZtjIMw3CK8/+U455LU0wlPO9wuo8BBpFqknptF + LSJhP4Cw78o1Im2PJ+++BgDFY6P93TCLMFB6jw58C43CTrLbdVXd3bLXp78sjgDr + AT1UKAgfJpCIiUMWxq0UZhYNSMfpamnv512JI3u3GTkuGzpqApjC + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEApr157EpkIvnR7cPrZffHXSZ8XSWLYem816Za9+7wVH0YFIzp + u/Oup855z1T062M67AZ0FMouB4rukYfjVuvkNp3ZuKLzxwgC2TA6gkS79q2kFZDU + /tt1ErQWF3OZGEKCFRZSP+IIrTJBKjNleN0/K8U+jXdxkGS+/HWAFjUgnhi9vEyx + XG0Zp8b4Xgq4ongxuZa+/4x4ZZj3Hrh1xG3d0QfbaMAJ3AXfMIpppgKqcLY54FAu + Xh6YC18BnooE+0lZ/9UcHdmVVRGOPIKbH93w+tkkANvzrklzmVOldatOvVZVdGZC + Vk3l8AT8ykA7aw0WnW+mIdHXM7ebgkKFiTZQgQIDAQABAoIBACHwl4y9Z7ym1VBs + fNH4qaAQYWgkaEa56TKMLiAhhtHr1Kb6N+mGJJsLsEe/p0rym9/HQIGq1cu7P+xn + mKLsyTtEzjiDEtQEkW/cHUy+6PPBTJEHNhPaX+46sfR8F0GU6B2auYs/WzzF6fXJ + GHKNtnoWYDEziu41U5rX4AalMcp8MqUnyE485U22DFOplwc/YQ4h8lWe5E1BOQu+ + DLMh2jNb7lqzbNwT0kl8fabFsgaGO0SKMhPg7D4QURc089Owcrst5xBLe93tf7UU + 6l95s1SzSWQpDvM4t/D2glPJg0Z++DWTLSdtF9M/sCvqgqcLnyeCV6qSwZcK9hqX + 7LL9Z0ECgYEAzB/ZfY4si2aNDeWDcqsUMXJVpp5kgd7stiWfvI1XUcko+m2Uiwhu + odyxHX38KcUOLXpGyhze3wH77mKZvXTv3/YShR88RN3ajli7RBXVUcXN3edw1P3O + OM2/OWeRa1+Nc7ELZtE9s25yNYwJClxOEI/DLl9xtOGxlj/9rnaDPrUCgYEA0R1w + kH60Poa1O5M0ZViGTsbGRIaXnT/ekLW3nI937pHFNSNb3RluR7308r5Cqx2Q1QAR + tVojjIjM8hUO2VwMcDhD94S+s9hKxc723avsKo9rQzFl1yRl1ElEri311AOL9UAH + DuZuPqC/dvU9lx7mNOUJv759ryS5PKaiWW9jHh0CgYB+jEhT1K69BajxMpcZogJ0 + 3UNIdu4srb3m9tBfHulBpQqopwLuZx3fb2jGtfJ9GtO9Ug9NAjUR4LMFiU9y62pD + WNUGfuTodPooQc5nWXnUpmMI7ZFAGtGc2cFxn0nCXYzeaqZ86b/s284mcFiyeaNU + FSyWNUnTMBDe63Eklgir+QKBgHZS/S2VtDGpEYV7PuuVkrGige+mZMXCrRIe8J0z + BP7GFtuBfWp3CFKp5p8wDxM58IjFuD9wmKrdgXH9fmB5WERrYfH9d9bVrUGOYVt+ + +2v9qQjlO6Xn34KmTqlsMixcMWZ9a0EAHCNt28jY7ZfEESie7MxFYmKnGfV6qGSI + xYH1AoGACQz6U3u5IaMqcSynuSVcFpEFqvVGj8adpB8+7bNF4IrBQ+5HyX/EgOF7 + VUuCT2QdVnnr79Bge4khX5iDVg8rDpTk2hHwz1q4s+YgnxRUHSiU9wUKfqRAB/T/ + xpYQyZB8UCjzO4RX2JW1pqOAmexlfk+nMfVIbmj0q0sCj1HeI5c= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-pod10-node3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA3XRbVi3T64Oz7vzCrjyvNTH7gApdErHeOEVgPl32sX3CwxJR + XgPwehQhoGfoCYRtGBEzhED0hoinP/kWPdgKnYh4IF/G/NPV9yWRGzNdUV3tgVJc + dZv/FFKMOvkhJAYNqHACdf18YxuHWaAikAjIhuom1OOZQrL0ywgwgyAWUj3CAxcm + rrMJDXJ2plkzdgwkLNvUkyFJWLvisbDooaonSUipfUegbtOZdy6VWlBW5jkrlAu6 + UgRolxyTfRXl4i7zBeJoKdS52ejf6vGirybwc5Ef27X89ZI49Ger37MNrU1wP3V7 + dggX3dI3hPIJ6Y2mSehw5EkPQd0B6BpE5L2s7wIDAQABAoIBAETTNM/DzmkTtYhA + 5gBgu9M8hX11uxdkUDwM06yOZ20iOLWHq+IcN1C5kPnZUTQkBAPG1Mv1pAlrzw8C + yvbNff8Xur3VBnLtI0J8WmypugbfukDG6BVlNhGK1io94x7fAr+mkB07er0SgS5J + pnQ9RpUnkIn5clhYZdvz35/hCQ7lrl1MOD12SILRGu+vG9roE+px+AFIMm5gHUji + g1/t3cUeLiaHi09JfeyjwgBZZ4a/26bn51qK8t1VDV44Q12YLVJfvqimA+v114oB + JvK/3Tj5FGhfl6o8d+1sh0UGdi4g++LhoEkssgmFuTm9D+6wupFvDrFqEyfOSN2c + 5IfXkYECgYEA3lCI59hj+aP0noXpHdJ58dAnY62WGaUkty/f3WyZsNe+dw7vp1Br + mtPNVA4/u8iB8X3EbxcYEg/Je8HlhGdlfQLosBLj77A7ShGPTfldNC8Dlojvuyq8 + dYUqu5WVCt/H/fQjLNwqUtNori2mv0y4cWWwgWeIMLvsJs5NpRj78zsCgYEA/wJ1 + 18CbziQxQOPH0fGMYS/JH5yKvMp73/tIi0byU52hr0E5yPhWiLd3/xVsaNbV9wkp + jY/1nwWEBsw2MVfaA9r+VNeJELlXeH2SyLIVJe9okSXhALasT0aPVJ5oE2+3/2rs + 6bbc0wodFYOoeu4RnwuDWKgUq58PaiJfzWLU6d0CgYAN9lji1sBQqW9vlVFywglO + mpgetoQ60BhiOOuCaJOue55Gs/VxOKfJbYvzv4FZNdqTZCa2I2krmTo6P48+pY/G + LiyXAli2cQcIO9oYN5UW9ezvw2HrC2ASsW5hoZ9es3dIB9E9vAYcdZKZfdx/Hz5m + QNC5D9uJ1AOc3FAcElmgiQKBgCZkrW9VTV/k7RFy+eOu9U6wjhxXSkAQUEQxpgNq + JBPYuL4VGOkcEpM05DkgdZj3N3GhDIOGuBlAEFehqUsWiflooEAPz1AYR4YZid7z + iOGUQO8Rf+XGmvy4h93al5rNiCtJYu/xGyAe9rAFiXkwnLCQYC8Z5zrLkNuO31Oh + 3KJ1AoGBAJyJFMbU3ETUHUTgkp02ck9n+JlxatafcCSJd5XHseLkbWpsMSxLr8jN + NntobqsHoP148faV6mj1KPJzviqz9/8ZoCobGw/b8VH4hPb+VFKbQrGXNpvelAlF + 1RrGQ0ZBZVtoQFvRWGOGhaW6OPvWEHg4Dei68+rbY66fMX39gDzv + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlaGGSpuCcr1bz6NeB7a + as+6qWiFaVYyB3czsjSizZAWDprv2NkXwGLDDDhbBPZQ/7ufymaIZgaKOGHjifl0 + LdfVePbvwQSs5N/mKHOrbb1t+xYkykP1Z8CdZdHEkzB6vXkWjzo2nWaCZGNQGuh4 + SaWRpvMI3rbsJeKpe/JO95zIDWLK7QBQhVHhRCrq4QuEzDKDyp1bfia0TQkW+Qvc + gbOg2DOp3BYOL5rK2v4+IrZkkg6/w6y/muAQ9K0cVaBXS5PgWV5RVwgwzmz8L+gq + BvCtAOcAtNvQp/TRaQtLZpDfDhfk1VqT4vwZYnBFpwMFDwXhdMsUFuH0BmSlBcuA + EwIDAQAB + -----END PUBLIC KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PublicKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAnlaGGSpuCcr1bz6NeB7aas+6qWiFaVYyB3czsjSizZAWDprv + 2NkXwGLDDDhbBPZQ/7ufymaIZgaKOGHjifl0LdfVePbvwQSs5N/mKHOrbb1t+xYk + ykP1Z8CdZdHEkzB6vXkWjzo2nWaCZGNQGuh4SaWRpvMI3rbsJeKpe/JO95zIDWLK + 7QBQhVHhRCrq4QuEzDKDyp1bfia0TQkW+QvcgbOg2DOp3BYOL5rK2v4+IrZkkg6/ + w6y/muAQ9K0cVaBXS5PgWV5RVwgwzmz8L+gqBvCtAOcAtNvQp/TRaQtLZpDfDhfk + 1VqT4vwZYnBFpwMFDwXhdMsUFuH0BmSlBcuAEwIDAQABAoIBADyZyws4tRLkbhlc + rJKL5Ha6+Ks8CMuvJMi8s7mB8cmRWw/N9vxc4n1Mj3BO5W85wviN2/OAWLYLzL0V + ohu9sNyW3epFQK/0VSPoGdPjqXn/5WcTK5OKfRNvog5FQeI/zMpV3O+GjT6i7Eb1 + x8P0s40kZGGsZPmwsyMw5EM/E0ArVB3nxD88Q1bMH+GX2g9wvcTJ0YiUU2V4l2bo + FlerwnmdXHFEyMs6JmQy6CAacbc8jI512xGTITo4GXVP66DoNwTPDursTdyx9YdB + wnDNmqcbmd1yb5R9UhxoUCgOqJ82C4LcW/X1x6r+thmJ4fcWt449gNyqjVIbta8u + 1I3LzXkCgYEA0XIuZ8CZyfqb5lITmRf/226d7ANzWsx8hTAh8oCpy3UXPJ7HrqOx + SA3HGwEna000YURdF8WShOXO07EuUggHPHRiLFYs0DiuNJzUWrlN7qwW40H97jGm + HdNU9lP1meFhEf8kaPoAmtX8fdwWFKQQLzFQ6b+fTGei1NPHFIEQil8CgYEAwYg2 + VdBI+7J9VFLRMmDNZFYQECzrpMJnJszPfgqlWATODcrghjo7N/J6ScooIJkA2K7C + l80hqVFPNtHDwOpN6so7Sh0vo4s2Nd3FPAoUk/95CMxzbRezFbMx8Lxn2x8o2n2Y + 0INocuye7IxyDvQ5cehkYQsU9ZMg34CgM0y0js0CgYAgD4pq92CTOnmC2C2H0dSo + klY6Ooz96S9mc+e+Z1OWgWX9MZD/eq84iGNiDtsp4beS7BQT/3pePY9beFPO2svA + xVAB2W8isIp6I0eeW59CWbVnNELao176Uc8/pbqCw61IQ/Ye26YcDYWI/peisTqI + /tOT9HE+EN8sFP70dI1DoQKBgCdntKiEYFffX+Vrd2zqiOeFHoAspU5Gxvn/ecAQ + KtphIBNu24h5EtWxaXTc1I7OmH2GF9kQy2nORHLFAzakfnjv9GKCztBd6AvPu/kd + lFMOEXbZKidsS+p/MgvyULMtBQR3zkWme/3qb/F6Jz8kOw4WY1nfB8V4z5iyd+v6 + EkmBAoGAW3jvV9G2KXcTUb+X9D8OK+q2meFz8mpKVhu8uzOVAo1kihd/sZehP/rC + GzlJ0YSagqTaP1YOlWyxNg51LGUTgmjEpnOdcBJXR9+cKpm+nZWza7GWkhxK4pcu + Ve9GZBDmM+Z8rll3duOlOVzgLXBllsODiaTSdICcbsveqkxyihw= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PrivateKey/v1 diff --git a/site/intel-pod10/secrets/ingress.yaml b/site/intel-pod10/secrets/ingress.yaml new file mode 100644 index 0000000..b799fdb --- /dev/null +++ b/site/intel-pod10/secrets/ingress.yaml @@ -0,0 +1,135 @@ +--- +# Example manifest for ingress cert. +# NEWSITE-CHANGEME: must be replaced with proper/valid set, +# self-signed certs are not supported. +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-crt + schema: metadata/Document/v1 + labels: + name: ingress-crt-site + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +data: | + -----BEGIN CERTIFICATE----- + MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO + BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ + MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu + ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP + ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC + r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs + F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV + bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1 + eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO + k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG + YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9 + EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC + gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF + MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv + bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t + gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y + aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH + BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV + HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE + BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw + WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/ + X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX + vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk + JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm + ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF + DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N + w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc + VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg== + -----END CERTIFICATE----- +... +--- +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-ca + schema: metadata/Document/v1 + labels: + name: ingress-ca-site + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +data: | + -----BEGIN CERTIFICATE----- + MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO + BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS + MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC + AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE + OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V + o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0 + YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT + fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI + GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+ + T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB + d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j + mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd + BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB + AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx + 2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM + EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+ + zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9 + XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+ + d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO + TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI + XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40 + +g== + -----END CERTIFICATE----- +... +--- +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-key + schema: metadata/Document/v1 + labels: + name: ingress-key-site + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD + OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv + 5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4 + 8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1 + U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9 + Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl + MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R + g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC + DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w + qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif + qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft + 3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6 + ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf + Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8 + uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH + g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc + PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz + +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS + HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk + X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC + wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA + GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE + mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6 + mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM + ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx + E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE + 7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC + 1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8 + 6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+ + TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5 + QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C + pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB + /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ + pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a + dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5 + 2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS + gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3 + -----END RSA PRIVATE KEY----- +... diff --git a/site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml new file mode 100644 index 0000000..e21876e --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/apiserver-encryption-key-key1.yaml @@ -0,0 +1,13 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: apiserver-encryption-key-key1 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ +# use head -c 32 /dev/urandom | base64 +data: n9VBwseT/JjV7r9vbUR/MvCobe01Bdh9XtWgsNF5zLY= +... diff --git a/site/intel-pod10/secrets/passphrases/ceph_fsid.yaml b/site/intel-pod10/secrets/passphrases/ceph_fsid.yaml new file mode 100644 index 0000000..7201502 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: 7b7576f4-3358-4668-9112-100440079807 +... diff --git a/site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml new file mode 100644 index 0000000..9a9af1f --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ceph_swift_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_swift_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml new file mode 100644 index 0000000..0b49b62 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ipmi_admin_password.yaml @@ -0,0 +1,13 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ipmi_admin_password + layeringDefinition: + abstract: false + layer: site + labels: + name: ipmi-admin-password-site + storagePolicy: cleartext +data: root +... diff --git a/site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml b/site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml new file mode 100644 index 0000000..a355d8b --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/luc_crypt_password.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: luc_crypt_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# Pass: password123 +data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1 +... diff --git a/site/intel-pod10/secrets/passphrases/maas-region-key.yaml b/site/intel-pod10/secrets/passphrases/maas-region-key.yaml new file mode 100644 index 0000000..73d4a69 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/maas-region-key.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: maas-region-key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# openssl rand -hex 10 +data: 9026f6048d6a017dc913 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml new file mode 100644 index 0000000..c5f866c --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..bb19957 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml new file mode 100644 index 0000000..9bf0217 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml new file mode 100644 index 0000000..5122192 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_barbican_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..32f8dae --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml new file mode 100644 index 0000000..b22f898 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..040e657 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml new file mode 100644 index 0000000..5d76ba7 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml new file mode 100644 index 0000000..26565db --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_cinder_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..b1ac8ff --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml new file mode 100644 index 0000000..0739069 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..57db752 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml new file mode 100644 index 0000000..d103c27 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_password.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_password.yaml new file mode 100644 index 0000000..93ae0f2 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_glance_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..496fae3 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml new file mode 100644 index 0000000..3352d4c --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..074e688 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml new file mode 100644 index 0000000..39f1327 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_password.yaml new file mode 100644 index 0000000..5777ebb --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_heat_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..74e2a99 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml new file mode 100644 index 0000000..36db28b --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_heat_stack_user_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_stack_user_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml b/site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml new file mode 100644 index 0000000..58129ef --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_heat_trustee_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_trustee_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml new file mode 100644 index 0000000..7c78d45 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_horizon_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_horizon_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml new file mode 100644 index 0000000..78c265e --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_elasticsearch_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml new file mode 100644 index 0000000..9232de7 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml new file mode 100644 index 0000000..6d5f49e --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml new file mode 100644 index 0000000..bd4e573 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_session_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml new file mode 100644 index 0000000..52dbe16 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_nagios_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_nagios_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml new file mode 100644 index 0000000..64f78e1 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_openstack_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml new file mode 100644 index 0000000..9c68e9d --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml new file mode 100644 index 0000000..f134f46 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml new file mode 100644 index 0000000..b3df5f6 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_prometheus_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_prometheus_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml new file mode 100644 index 0000000..9f64719 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_access_key +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml new file mode 100644 index 0000000..3e06f91 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_secret_key +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml new file mode 100644 index 0000000..97c7d23 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_access_key +... diff --git a/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml new file mode 100644 index 0000000..60f0134 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_secret_key +... diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml new file mode 100644 index 0000000..6c3f446 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml new file mode 100644 index 0000000..2edf0f2 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_keystone_ldap_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_ldap_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml new file mode 100644 index 0000000..07b2206 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..aec85c0 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml new file mode 100644 index 0000000..be716f4 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..ee7e4bd --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml new file mode 100644 index 0000000..4d0b157 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..4ac42c9 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml new file mode 100644 index 0000000..6be02b9 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml new file mode 100644 index 0000000..dd0b2b6 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_neutron_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..9e8ff8d --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml new file mode 100644 index 0000000..37d5c62 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_metadata_proxy_shared_secret + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml new file mode 100644 index 0000000..2cd60f5 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..487bcc5 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml new file mode 100644 index 0000000..13569ba --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_password.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_password.yaml new file mode 100644 index 0000000..4c2223d --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_nova_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..7a885e6 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml new file mode 100644 index 0000000..11747a7 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_oslo_cache_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_cache_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml new file mode 100644 index 0000000..48df9ee --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml new file mode 100644 index 0000000..61b4144 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml new file mode 100644 index 0000000..e7d97e2 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_placement_password.yaml b/site/intel-pod10/secrets/passphrases/osh_placement_password.yaml new file mode 100644 index 0000000..c72b59a --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_placement_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_placement_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..a3b5a2b --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml b/site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml new file mode 100644 index 0000000..af90ec0 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/osh_tempest_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_tempest_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml b/site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml new file mode 100644 index 0000000..8e7e839 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/sridhar_crypt_password.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: sridhar_crypt_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# Pass: password123 +data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1 +... diff --git a/site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml b/site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml new file mode 100644 index 0000000..18bd485 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/tenant_ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: tenant_ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9 +... diff --git a/site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml b/site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml new file mode 100644 index 0000000..6d5616b --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/trevor_crypt_password.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: trevor_crypt_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# Pass: password123 +data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml new file mode 100644 index 0000000..33c4125 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml new file mode 100644 index 0000000..8a1d648 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_airflow_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml new file mode 100644 index 0000000..866efcc --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_armada_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_armada_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml new file mode 100644 index 0000000..cb2da22 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_barbican_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml new file mode 100644 index 0000000..95a76ed --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml new file mode 100644 index 0000000..5ee27f2 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_deckhand_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml new file mode 100644 index 0000000..e63319b --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_deckhand_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml new file mode 100644 index 0000000..b8083b5 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_drydock_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml new file mode 100644 index 0000000..2eff525 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_drydock_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml new file mode 100644 index 0000000..91f74fd --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml new file mode 100644 index 0000000..a9cb153 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml new file mode 100644 index 0000000..402c129 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_maas_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml new file mode 100644 index 0000000..96ec574 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_maas_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml new file mode 100644 index 0000000..b513af4 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_openstack_exporter_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml new file mode 100644 index 0000000..b3c1325 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml new file mode 100644 index 0000000..95d6c0e --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml new file mode 100644 index 0000000..546de05 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_postgres_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml new file mode 100644 index 0000000..abdaa5b --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_postgres_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml new file mode 100644 index 0000000..2176e71 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_postgres_replication_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_replication_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml new file mode 100644 index 0000000..ac40d1e --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_promenade_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_promenade_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml new file mode 100644 index 0000000..6a2aef9 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml new file mode 100644 index 0000000..181a52a --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_shipyard_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml new file mode 100644 index 0000000..de0eed7 --- /dev/null +++ b/site/intel-pod10/secrets/passphrases/ucp_shipyard_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml new file mode 100644 index 0000000..36ab9b5 --- /dev/null +++ b/site/intel-pod10/secrets/publickey/luc_ssh_public_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/PublicKey/v1 +metadata: + schema: metadata/Document/v1 + name: luc_ssh_public_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChnv1Yab1q0tchYZtNMG9oYb8kV8FNTcjR0rAnWqoEcQV0/yXCnp0GnfVq/l82JJ7D/D7J9rgTSTzL5zYUFoPVVO9S8UucEKquO+Pm3GJsZZLDo5bTvOaqypOiC5wU9Wl9qNrBWEQXTq6nRX96JLUfaCHgRr3b6ZkxDzCMXOQRTPnCJZU5UD5QPqY7I1dr1SuaAdpzQWFIH8Mog6HLkKQXs2nmHRHAF1OppySj7xvXtxzssmzXRSVw5ixAn8sLc7zZ7ZQg+Jx9XknV+46Pi+oSDUj1G3Zd7R5pBFny1fqfrcH1MIGgodNvdQyvvdIaGk5mB3ns5tYqLeNYVvgAN+xl root@node1 +... diff --git a/site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml new file mode 100644 index 0000000..26c300d --- /dev/null +++ b/site/intel-pod10/secrets/publickey/opnfv_ssh_public_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/PublicKey/v1 +metadata: + schema: metadata/Document/v1 + name: opnfv_ssh_public_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSQiblRR5dIEwaEUsVQ7CWNm3fJAhkwkW4afEsw3VokkVzAhB759iJZqyUvb08B/0mbn52qh6VO1ecr/XfyWiHvnm15EkxoLENw3diHK3vPy0Ce+hJWbuoy1Xy15iOCZSdXNj9PTB58BSKRruexvbn90Lh1w73fgmFw0lRy7dqJFEsLfCWZnzx9x/eC6/MO+vT7+8bbClqHH8XKF5L4g3Pt6/exyFKkzKEFYDTCpDelYynOnmzscrCAtFJ2xtLnW+3Ex4kOKpAm6D7MS/bE7k28fyxyYhT5sLy2Tp49LuOFZzFPrsh8lfVdPdV0qwnz2F4Y4iSE9rO0TwFoAV6LGOh opnfv@pod10-jump +... diff --git a/site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml new file mode 100644 index 0000000..8ef987f --- /dev/null +++ b/site/intel-pod10/secrets/publickey/sridhar_ssh_public_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/PublicKey/v1 +metadata: + schema: metadata/Document/v1 + name: sridhar_ssh_public_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAm23hyhNJ1ewDL35DGg9agPMJ1VSI4elUKM/VMiRH0LBLfk55pJbZwmmLv6Z4E3hXPTvPxCS1j0kXqGiPLpMo6qPeK0EjYMCT6EdVFLh5yt3jWouRjG6lHG2D7Y5tjBhu/d3zKu3ZDblbbT2xIbw3OOFoK+9Bp4f42AMGY3etsNdbcRDLmXgL6Zi94okAuEf7t5HeKqXgWkk6az0EMm7v+FgHmlVHMzO9J0XpmFbYtI711PXQBCotVC/LsyYBQoQqtxZnikt6gGLooRHlrWOkhqv9ycBteqIDhh78NNVWya+L7Xj/TcQmyzuTkNdAFxwiEvMScal2oYy+TvoFdlxr sridhar@dike +... diff --git a/site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml b/site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml new file mode 100644 index 0000000..81de49c --- /dev/null +++ b/site/intel-pod10/secrets/publickey/trevor_ssh_public_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/PublicKey/v1 +metadata: + schema: metadata/Document/v1 + name: trevor_ssh_public_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChGgO/XhrpphaoFH6ZZnHOgC/y9ZDIK1hlxm+qQPsakYmYemQJXpVjeqAnyupEA//I4HQ1cXYmzvlKTN1Gj8DxPcmU1QPsvcMBeYIfwS+2JaDbFTJICEmN2pqGu9D55tY1NDx4kqxRTzcvIy3HaIx6m6DshhIe83hPFXdhzk2ScVNfX6EvMevLESbJWNHIKe60md/TEUI7sYZjk8Zi4qcVtEzxioMd8sCWEHdAjNYkCJVEgHZyaqzoAJrTXeAsQFvc6np1CLlkj6QytAmPXLDB5p+NJb1W6zQOz74tSV2oQVP8xTjWRw8FgHSZMwilgiEzyPQQkVf4q/u1UtGHqupf tcooper1@tcooper1-desk.amr.corp.intel.com +... diff --git a/site/intel-pod10/site-definition.yaml b/site/intel-pod10/site-definition.yaml new file mode 100644 index 0000000..2c24965 --- /dev/null +++ b/site/intel-pod10/site-definition.yaml @@ -0,0 +1,17 @@ +--- +schema: pegleg/SiteDefinition/v1 +metadata: + schema: metadata/Document/v1 + layeringDefinition: + abstract: false + layer: site + name: intel-pod10 + storagePolicy: cleartext +data: + site_type: cntt + + repositories: + global: + revision: v1.4 + url: https://opendev.org/airship/treasuremap.git +... diff --git a/site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml b/site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml new file mode 100644 index 0000000..505f6c1 --- /dev/null +++ b/site/intel-pod10/software/charts/kubernetes/container-networking/etcd.yaml @@ -0,0 +1,127 @@ +--- +# The purpose of this file is to build the list of calico etcd nodes and the +# calico etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which calico etcd will run and will need certs. It is assumed + # that Airship sites will have 3 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis hostname - pod10-node1 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod10-node1 + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod10-node1 + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod10-node1-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod10-node1-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - pod10-node2 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod10-node2 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod10-node2 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod10-node2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod10-node2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - pod10-node3 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod10-node3 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod10-node3 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-pod10-node3-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-pod10-node3-peer + path: . + dest: + path: .values.nodes[2].tls.peer.key + +data: {} +... diff --git a/site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml b/site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml new file mode 100644 index 0000000..abc1498 --- /dev/null +++ b/site/intel-pod10/software/charts/kubernetes/etcd/etcd.yaml @@ -0,0 +1,131 @@ +--- +# The purpose of this file is to build the list of k8s etcd nodes and the +# k8s etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which k8s etcd will run and will need certs. It is assumed + # that Airship sites will have 3 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis Exception* + # *NOTE: This is an exception in that `genesis` is not the hostname of the + # genesis node, but `genesis` is reference here in the certificate names + # because of certain Promenade assumptions that may be addressed in the + # future. Therefore `genesis` is used instead of `pod10-node1` here. + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - pod10-node2 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod10-node2 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod10-node2 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod10-node2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod10-node2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - pod10-node3 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod10-node3 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod10-node3 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-pod10-node3-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-pod10-node3-peer + path: $ + dest: + path: .values.nodes[2].tls.peer.key + +data: {} +... diff --git a/site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml new file mode 100644 index 0000000..ef0a42e --- /dev/null +++ b/site/intel-pod10/software/charts/osh-infra/elasticsearch.yaml @@ -0,0 +1,34 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: elasticsearch + labels: + name: elasticsearch-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: elasticsearch-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + master: 2 + data: 1 + client: 2 + storage: + requests: + storage: 20Gi + conf: + elasticsearch: + env: + java_opts: + client: "-Xms2048m -Xmx2048m" + data: "-Xms2048m -Xmx2048m" + master: "-Xms2048m -Xmx2048m" +... diff --git a/site/intel-pod10/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod10/software/charts/osh-infra/fluentbit.yaml new file mode 100644 index 0000000..5d2f287 --- /dev/null +++ b/site/intel-pod10/software/charts/osh-infra/fluentbit.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentbit + labels: + name: fluentbit-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: fluentbit-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + fluentd: 1 +... diff --git a/site/intel-pod10/software/charts/osh-infra/fluentd.yaml b/site/intel-pod10/software/charts/osh-infra/fluentd.yaml new file mode 100644 index 0000000..3652a3e --- /dev/null +++ b/site/intel-pod10/software/charts/osh-infra/fluentd.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentd + labels: + name: fluentd-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: fluentd-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + fluentd: 1 +... diff --git a/site/intel-pod10/software/charts/osh-infra/grafana.yaml b/site/intel-pod10/software/charts/osh-infra/grafana.yaml new file mode 100644 index 0000000..b35614f --- /dev/null +++ b/site/intel-pod10/software/charts/osh-infra/grafana.yaml @@ -0,0 +1,23 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: grafana + labels: + name: grafana-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: grafana-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + grafana: 1 +... diff --git a/site/intel-pod10/software/charts/osh-infra/ingress.yaml b/site/intel-pod10/software/charts/osh-infra/ingress.yaml new file mode 100644 index 0000000..d449881 --- /dev/null +++ b/site/intel-pod10/software/charts/osh-infra/ingress.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: osh-infra-ingress-controller + labels: + name: osh-infra-ingress-controller-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: osh-infra-ingress-controller-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + ingress: 1 + error_page: 1 +... diff --git a/site/intel-pod10/software/charts/osh-infra/mariadb.yaml b/site/intel-pod10/software/charts/osh-infra/mariadb.yaml new file mode 100644 index 0000000..335d4e9 --- /dev/null +++ b/site/intel-pod10/software/charts/osh-infra/mariadb.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: osh-infra-mariadb + labels: + name: osh-infra-mariadb-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: osh-infra-mariadb-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 + ingress: 1 +... diff --git a/site/intel-pod10/software/charts/osh-infra/prometheus.yaml b/site/intel-pod10/software/charts/osh-infra/prometheus.yaml new file mode 100644 index 0000000..d00e96a --- /dev/null +++ b/site/intel-pod10/software/charts/osh-infra/prometheus.yaml @@ -0,0 +1,35 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: prometheus + labels: + name: prometheus-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: prometheus-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + prometheus: 1 + resources: + enabled: true + prometheus: + limits: + memory: "4Gi" + cpu: "2000m" + requests: + memory: "2Gi" + cpu: "1000m" + storage: + requests: + storage: 20Gi +... diff --git a/site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml new file mode 100644 index 0000000..85ec726 --- /dev/null +++ b/site/intel-pod10/software/charts/osh/openstack-compute-kit/libvirt.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: libvirt + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: libvirt-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + network: + backend: + - openvswitch + # - sriov +... diff --git a/site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml new file mode 100644 index 0000000..38e3cd3 --- /dev/null +++ b/site/intel-pod10/software/charts/osh/openstack-compute-kit/neutron.yaml @@ -0,0 +1,72 @@ +--- +# This file defines hardware-specific settings for neutron. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. logical network interface names +# 2. physical device mappigns +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: neutron + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: neutron-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + wait: + timeout: 1800 + test: + timeout: 900 + # values: + # labels: + # sriov: + # node_selector_key: sriov + # node_selector_value: enabled + # pod: + # security_context: + # neutron_sriov_agent: + # pod: + # runAsUser: 42424 + # container: + # neutron_sriov_agent_init: + # privileged: true + # runAsUser: 0 + # readOnlyRootFilesystem: false + # neutron_sriov_agent: + # readOnlyRootFilesystem: true + # privileged: true + # network: + # interface: + # sriov: + # - device: eno4 + # num_vfs: 32 + # promisc: false + # backend: + # - openvswitch + # - sriov + # conf: + # plugins: + # ml2_conf: + # ml2: + # mechanism_drivers: l2population,openvswitch,sriovnicswitch + # ml2_type_vlan: + # ## NOTE: Must have at least 1 sriov network defined + # network_vlan_ranges: external,sriovnet1:100:4000 + # sriov_agent: + # securitygroup: + # firewall_driver: neutron.agent.firewall.NoopFirewallDriver + # sriov_nic: + # ## NOTE: Must have at least 1 sriov network to physical device + # ## mapping, otherwise sriov agent readiness check + # ## will fail. + # physical_device_mappings: sriovnet1:eno4 + # exclude_devices: "" +... diff --git a/site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml new file mode 100644 index 0000000..e64738c --- /dev/null +++ b/site/intel-pod10/software/charts/osh/openstack-compute-kit/nova.yaml @@ -0,0 +1,46 @@ +--- +# This file defines hardware-specific settings for nova. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware +# changes. +# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC +# slotting changes. +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: nova + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: nova-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: drydock/HardwareProfile/v1 + name: intel-pod10 + path: .cpu_sets.kvm + dest: + path: .values.conf.nova.DEFAULT.vcpu_pin_set +data: + values: + network: + backend: + - openvswitch + # - sriov + conf: + nova: + filter_scheduler: + available_filters: "nova.scheduler.filters.all_filters" + enabled_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter" + pci: + alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}' + passthrough_whitelist: | + [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}] +... diff --git a/site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml new file mode 100644 index 0000000..eb921b8 --- /dev/null +++ b/site/intel-pod10/software/charts/ucp/ceph/ceph-client-update.yaml @@ -0,0 +1,26 @@ +--- +# The purpose of this file is to define environment-specific parameters for ceph +# client update +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client-update + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-update-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if + # your HW matches this site's HW. Verify for your environment. + # 8 OSDs per node x 3 nodes = 24 + osd: 3 +... diff --git a/site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml new file mode 100644 index 0000000..e1e8ecf --- /dev/null +++ b/site/intel-pod10/software/charts/ucp/ceph/ceph-client.yaml @@ -0,0 +1,100 @@ +--- +# The purpose of this file is to define envrionment-specific parameters for the +# ceph client +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to + # change if your deployment HW matches this site's HW. + osd: 1 + spec: + # RBD pool + - name: rbd + application: rbd + replication: 1 + percent_total_data: 40 + - name: cephfs_metadata + application: cephfs + replication: 1 + percent_total_data: 5 + - name: cephfs_data + application: cephfs + replication: 1 + percent_total_data: 10 + # RadosGW pools + - name: .rgw.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.control + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.data.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.gc + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.intent-log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.meta + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.usage + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.keys + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.email + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.swift + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.uid + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.extra + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.index + application: rgw + replication: 1 + percent_total_data: 3 + - name: default.rgw.buckets.data + application: rgw + replication: 1 + percent_total_data: 34.8 +... diff --git a/site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml new file mode 100644 index 0000000..25297d9 --- /dev/null +++ b/site/intel-pod10/software/charts/ucp/ceph/ceph-osd.yaml @@ -0,0 +1,30 @@ +--- +# The purpose of this file is to define environment-specific parameters for +# ceph-osd +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-osd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-osd-global + actions: + - method: replace + path: .values.conf.storage.osd + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + storage: + osd: + - data: + type: directory + location: /var/lib/ceph/osd/osd-one + journal: + type: directory + location: /var/lib/ceph/journal/osd-one +... diff --git a/site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml b/site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml new file mode 100644 index 0000000..c60f25c --- /dev/null +++ b/site/intel-pod10/software/charts/ucp/divingbell/divingbell.yaml @@ -0,0 +1,83 @@ +--- +# The purpose of this file is to define site-specific parameters to the +# UAM-lite portion of the divingbell chart: +# 1. User accounts to create on bare metal +# 2. SSH public key for operationg system access to the bare metal +# 3. Passwords for operating system access via iDrac/iLo console. SSH password- +# based auth is disabled. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-divingbell-global + actions: + - method: merge + path: . + labels: + name: ucp-divingbell-site + storagePolicy: cleartext + substitutions: + - dest: + path: .values.conf.uamlite.users[0].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: opnfv_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[1].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sridhar_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[1].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: sridhar_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[2].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: trevor_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[2].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: trevor_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[3].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: luc_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[3].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: luc_crypt_password + path: . +data: + values: + conf: + uamlite: + users: + - user_name: opnfv + user_sudo: true + user_sshkeys: [] + - user_name: sridhar + user_sudo: true + user_sshkeys: [] + - user_name: trevor + user_sudo: true + user_sshkeys: [] + - user_name: luc + user_sudo: true + user_sshkeys: [] +... diff --git a/site/intel-pod10/software/config/common-software-config.yaml b/site/intel-pod10/software/config/common-software-config.yaml new file mode 100644 index 0000000..cc56f4b --- /dev/null +++ b/site/intel-pod10/software/config/common-software-config.yaml @@ -0,0 +1,16 @@ +--- +# The purpose of this file is to define site-specific common software config +# paramters. +schema: pegleg/CommonSoftwareConfig/v1 +metadata: + schema: metadata/Document/v1 + name: common-software-config + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + osh: + # NEWSITE-CHANGEME: Replace with the site name + region_name: intel-pod10 +... diff --git a/site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml new file mode 100644 index 0000000..2f7b3c1 --- /dev/null +++ b/site/intel-pod17/software/charts/osh-infra/elasticsearch.yaml @@ -0,0 +1,70 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: elasticsearch + labels: + name: elasticsearch-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: elasticsearch-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + client: 3 + resources: + enabled: true + apache_proxy: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "0" + cpu: "0" + client: + requests: + memory: "4Gi" + cpu: "1000m" + limits: + memory: "8Gi" + cpu: "2000m" + master: + requests: + memory: "4Gi" + cpu: "1000m" + limits: + memory: "8Gi" + cpu: "2000m" + data: + requests: + memory: "4Gi" + cpu: "1000m" + limits: + memory: "8Gi" + cpu: "2000m" + prometheus_elasticsearch_exporter: + requests: + memory: "0" + cpu: "0" + limits: + memory: "1024Mi" + cpu: "2000m" + + storage: + requests: + storage: 10Gi + conf: + elasticsearch: + env: + java_opts: + client: "-Xms2048m -Xmx2048m" + data: "-Xms2048m -Xmx2048m" + master: "-Xms2048m -Xmx2048m" +... diff --git a/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml new file mode 100644 index 0000000..1620f26 --- /dev/null +++ b/site/intel-pod17/software/charts/osh-infra/fluentbit.yaml @@ -0,0 +1,18 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentbit + labels: + name: fluentbit-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: fluentbit-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/site/intel-pod17/software/charts/osh-infra/fluentd.yaml b/site/intel-pod17/software/charts/osh-infra/fluentd.yaml new file mode 100644 index 0000000..0032414 --- /dev/null +++ b/site/intel-pod17/software/charts/osh-infra/fluentd.yaml @@ -0,0 +1,18 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentd + labels: + name: fluentd-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: fluentd-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/site/intel-pod17/software/charts/osh-infra/prometheus.yaml b/site/intel-pod17/software/charts/osh-infra/prometheus.yaml new file mode 100644 index 0000000..c4cd4bf --- /dev/null +++ b/site/intel-pod17/software/charts/osh-infra/prometheus.yaml @@ -0,0 +1,33 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: prometheus + labels: + name: prometheus-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: prometheus-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + resources: + enabled: true + prometheus: + limits: + memory: "4Gi" + cpu: "2000m" + requests: + memory: "2Gi" + cpu: "1000m" + storage: + requests: + storage: 10Gi +... diff --git a/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml new file mode 100644 index 0000000..f7092cd --- /dev/null +++ b/site/intel-pod17/software/charts/osh/openstack-compute-kit/libvirt.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: libvirt + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: libvirt-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + network: + backend: + - openvswitch + - sriov +... diff --git a/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml new file mode 100644 index 0000000..6cced90 --- /dev/null +++ b/site/intel-pod17/software/charts/osh/openstack-compute-kit/neutron.yaml @@ -0,0 +1,72 @@ +--- +# This file defines hardware-specific settings for neutron. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. logical network interface names +# 2. physical device mappigns +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: neutron + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: neutron-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + wait: + timeout: 1800 + test: + timeout: 900 + values: + labels: + sriov: + node_selector_key: sriov + node_selector_value: enabled + pod: + security_context: + neutron_sriov_agent: + pod: + runAsUser: 42424 + container: + neutron_sriov_agent_init: + privileged: true + runAsUser: 0 + readOnlyRootFilesystem: false + neutron_sriov_agent: + readOnlyRootFilesystem: true + privileged: true + network: + interface: + sriov: + - device: ens785f1 + num_vfs: 32 + promisc: false + backend: + - openvswitch + - sriov + conf: + plugins: + ml2_conf: + ml2: + mechanism_drivers: l2population,openvswitch,sriovnicswitch + ml2_type_vlan: + ## NOTE: Must have at least 1 sriov network defined + network_vlan_ranges: external,sriovnet1:100:4000 + sriov_agent: + securitygroup: + firewall_driver: neutron.agent.firewall.NoopFirewallDriver + sriov_nic: + ## NOTE: Must have at least 1 sriov network to physical device + ## mapping, otherwise sriov agent readiness check + ## will fail. + physical_device_mappings: sriovnet1:ens785f1 + exclude_devices: "" +... diff --git a/site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml new file mode 100644 index 0000000..b730f0d --- /dev/null +++ b/site/intel-pod17/software/charts/osh/openstack-compute-kit/nova.yaml @@ -0,0 +1,46 @@ +--- +# This file defines hardware-specific settings for nova. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware +# changes. +# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC +# slotting changes. +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: nova + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: nova-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: drydock/HardwareProfile/v1 + name: intel-s2600wt + path: .cpu_sets.kvm + dest: + path: .values.conf.nova.DEFAULT.vcpu_pin_set +data: + values: + network: + backend: + - openvswitch + - sriov + conf: + nova: + filter_scheduler: + available_filters: "nova.scheduler.filters.all_filters" + enabled_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter" + pci: + alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}' + passthrough_whitelist: | + [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}] +... diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml new file mode 100644 index 0000000..eb921b8 --- /dev/null +++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client-update.yaml @@ -0,0 +1,26 @@ +--- +# The purpose of this file is to define environment-specific parameters for ceph +# client update +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client-update + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-update-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if + # your HW matches this site's HW. Verify for your environment. + # 8 OSDs per node x 3 nodes = 24 + osd: 3 +... diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml new file mode 100644 index 0000000..e1e8ecf --- /dev/null +++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-client.yaml @@ -0,0 +1,100 @@ +--- +# The purpose of this file is to define envrionment-specific parameters for the +# ceph client +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to + # change if your deployment HW matches this site's HW. + osd: 1 + spec: + # RBD pool + - name: rbd + application: rbd + replication: 1 + percent_total_data: 40 + - name: cephfs_metadata + application: cephfs + replication: 1 + percent_total_data: 5 + - name: cephfs_data + application: cephfs + replication: 1 + percent_total_data: 10 + # RadosGW pools + - name: .rgw.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.control + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.data.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.gc + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.intent-log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.meta + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.usage + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.keys + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.email + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.swift + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.uid + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.extra + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.index + application: rgw + replication: 1 + percent_total_data: 3 + - name: default.rgw.buckets.data + application: rgw + replication: 1 + percent_total_data: 34.8 +... diff --git a/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml new file mode 100644 index 0000000..25297d9 --- /dev/null +++ b/site/intel-pod17/software/charts/ucp/ceph/ceph-osd.yaml @@ -0,0 +1,30 @@ +--- +# The purpose of this file is to define environment-specific parameters for +# ceph-osd +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-osd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-osd-global + actions: + - method: replace + path: .values.conf.storage.osd + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + storage: + osd: + - data: + type: directory + location: /var/lib/ceph/osd/osd-one + journal: + type: directory + location: /var/lib/ceph/journal/osd-one +... diff --git a/site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml b/site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml new file mode 100644 index 0000000..2f7b3c1 --- /dev/null +++ b/site/intel-pod18/software/charts/osh-infra/elasticsearch.yaml @@ -0,0 +1,70 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: elasticsearch + labels: + name: elasticsearch-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: elasticsearch-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + client: 3 + resources: + enabled: true + apache_proxy: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "0" + cpu: "0" + client: + requests: + memory: "4Gi" + cpu: "1000m" + limits: + memory: "8Gi" + cpu: "2000m" + master: + requests: + memory: "4Gi" + cpu: "1000m" + limits: + memory: "8Gi" + cpu: "2000m" + data: + requests: + memory: "4Gi" + cpu: "1000m" + limits: + memory: "8Gi" + cpu: "2000m" + prometheus_elasticsearch_exporter: + requests: + memory: "0" + cpu: "0" + limits: + memory: "1024Mi" + cpu: "2000m" + + storage: + requests: + storage: 10Gi + conf: + elasticsearch: + env: + java_opts: + client: "-Xms2048m -Xmx2048m" + data: "-Xms2048m -Xmx2048m" + master: "-Xms2048m -Xmx2048m" +... diff --git a/site/intel-pod18/software/charts/osh-infra/fluentbit.yaml b/site/intel-pod18/software/charts/osh-infra/fluentbit.yaml new file mode 100644 index 0000000..1620f26 --- /dev/null +++ b/site/intel-pod18/software/charts/osh-infra/fluentbit.yaml @@ -0,0 +1,18 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentbit + labels: + name: fluentbit-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: fluentbit-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/site/intel-pod18/software/charts/osh-infra/fluentd.yaml b/site/intel-pod18/software/charts/osh-infra/fluentd.yaml new file mode 100644 index 0000000..0032414 --- /dev/null +++ b/site/intel-pod18/software/charts/osh-infra/fluentd.yaml @@ -0,0 +1,18 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentd + labels: + name: fluentd-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: fluentd-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/site/intel-pod18/software/charts/osh-infra/prometheus.yaml b/site/intel-pod18/software/charts/osh-infra/prometheus.yaml new file mode 100644 index 0000000..c4cd4bf --- /dev/null +++ b/site/intel-pod18/software/charts/osh-infra/prometheus.yaml @@ -0,0 +1,33 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: prometheus + labels: + name: prometheus-type + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: prometheus-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + resources: + enabled: true + prometheus: + limits: + memory: "4Gi" + cpu: "2000m" + requests: + memory: "2Gi" + cpu: "1000m" + storage: + requests: + storage: 10Gi +... diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml new file mode 100644 index 0000000..f7092cd --- /dev/null +++ b/site/intel-pod18/software/charts/osh/openstack-compute-kit/libvirt.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: libvirt + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: libvirt-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + network: + backend: + - openvswitch + - sriov +... diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml new file mode 100644 index 0000000..6cced90 --- /dev/null +++ b/site/intel-pod18/software/charts/osh/openstack-compute-kit/neutron.yaml @@ -0,0 +1,72 @@ +--- +# This file defines hardware-specific settings for neutron. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. logical network interface names +# 2. physical device mappigns +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: neutron + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: neutron-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + wait: + timeout: 1800 + test: + timeout: 900 + values: + labels: + sriov: + node_selector_key: sriov + node_selector_value: enabled + pod: + security_context: + neutron_sriov_agent: + pod: + runAsUser: 42424 + container: + neutron_sriov_agent_init: + privileged: true + runAsUser: 0 + readOnlyRootFilesystem: false + neutron_sriov_agent: + readOnlyRootFilesystem: true + privileged: true + network: + interface: + sriov: + - device: ens785f1 + num_vfs: 32 + promisc: false + backend: + - openvswitch + - sriov + conf: + plugins: + ml2_conf: + ml2: + mechanism_drivers: l2population,openvswitch,sriovnicswitch + ml2_type_vlan: + ## NOTE: Must have at least 1 sriov network defined + network_vlan_ranges: external,sriovnet1:100:4000 + sriov_agent: + securitygroup: + firewall_driver: neutron.agent.firewall.NoopFirewallDriver + sriov_nic: + ## NOTE: Must have at least 1 sriov network to physical device + ## mapping, otherwise sriov agent readiness check + ## will fail. + physical_device_mappings: sriovnet1:ens785f1 + exclude_devices: "" +... diff --git a/site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml b/site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml new file mode 100644 index 0000000..b730f0d --- /dev/null +++ b/site/intel-pod18/software/charts/osh/openstack-compute-kit/nova.yaml @@ -0,0 +1,46 @@ +--- +# This file defines hardware-specific settings for nova. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware +# changes. +# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC +# slotting changes. +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: nova + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: nova-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: drydock/HardwareProfile/v1 + name: intel-s2600wt + path: .cpu_sets.kvm + dest: + path: .values.conf.nova.DEFAULT.vcpu_pin_set +data: + values: + network: + backend: + - openvswitch + - sriov + conf: + nova: + filter_scheduler: + available_filters: "nova.scheduler.filters.all_filters" + enabled_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter" + pci: + alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}' + passthrough_whitelist: | + [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}] +... diff --git a/site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml b/site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml new file mode 100644 index 0000000..eb921b8 --- /dev/null +++ b/site/intel-pod18/software/charts/ucp/ceph/ceph-client-update.yaml @@ -0,0 +1,26 @@ +--- +# The purpose of this file is to define environment-specific parameters for ceph +# client update +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client-update + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-update-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if + # your HW matches this site's HW. Verify for your environment. + # 8 OSDs per node x 3 nodes = 24 + osd: 3 +... diff --git a/site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml b/site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml new file mode 100644 index 0000000..e1e8ecf --- /dev/null +++ b/site/intel-pod18/software/charts/ucp/ceph/ceph-client.yaml @@ -0,0 +1,100 @@ +--- +# The purpose of this file is to define envrionment-specific parameters for the +# ceph client +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to + # change if your deployment HW matches this site's HW. + osd: 1 + spec: + # RBD pool + - name: rbd + application: rbd + replication: 1 + percent_total_data: 40 + - name: cephfs_metadata + application: cephfs + replication: 1 + percent_total_data: 5 + - name: cephfs_data + application: cephfs + replication: 1 + percent_total_data: 10 + # RadosGW pools + - name: .rgw.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.control + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.data.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.gc + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.intent-log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.meta + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.usage + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.keys + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.email + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.swift + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.uid + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.extra + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.index + application: rgw + replication: 1 + percent_total_data: 3 + - name: default.rgw.buckets.data + application: rgw + replication: 1 + percent_total_data: 34.8 +... diff --git a/site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml b/site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml new file mode 100644 index 0000000..25297d9 --- /dev/null +++ b/site/intel-pod18/software/charts/ucp/ceph/ceph-osd.yaml @@ -0,0 +1,30 @@ +--- +# The purpose of this file is to define environment-specific parameters for +# ceph-osd +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-osd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-osd-global + actions: + - method: replace + path: .values.conf.storage.osd + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + storage: + osd: + - data: + type: directory + location: /var/lib/ceph/osd/osd-one + journal: + type: directory + location: /var/lib/ceph/journal/osd-one +... diff --git a/tools/files/heat-public-net-deployment-pod10.yaml b/tools/files/heat-public-net-deployment-pod10.yaml new file mode 100644 index 0000000..1a35a5b --- /dev/null +++ b/tools/files/heat-public-net-deployment-pod10.yaml @@ -0,0 +1,70 @@ +heat_template_version: ocata + +parameters: + network_name: + type: string + default: public + + physical_network_name: + type: string + default: public + + physical_network_interface: + type: string + default: external + + subnet_name: + type: string + default: public + + subnet_cidr: + type: string + default: 10.10.105.0/24 + + subnet_gateway: + type: string + default: 10.10.105.20 + + subnet_pool_start: + type: string + default: 10.10.105.29 + + subnet_pool_end: + type: string + default: 10.10.105.99 + +resources: + public_net: + type: OS::Neutron::ProviderNet + properties: + admin_state_up: true + name: + get_param: network_name + network_type: flat + physical_network: + get_param: physical_network_interface + port_security_enabled: true + router_external: true + shared: true + + private_subnet: + type: OS::Neutron::Subnet + properties: + name: + get_param: subnet_name + network: + get_resource: public_net + cidr: + get_param: subnet_cidr + gateway_ip: + get_param: subnet_gateway + enable_dhcp: true + allocation_pools: + - start: + get_param: subnet_pool_start + end: + get_param: subnet_pool_end + dns_nameservers: + - 8.8.8.8 + - 8.8.4.4 + diff --git a/tools/pod10prep.sh b/tools/pod10prep.sh new file mode 100755 index 0000000..69982ce --- /dev/null +++ b/tools/pod10prep.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -x + +sed -i 's/ens785f1/eno4/g' ../type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml + +cp files/heat-public-net-deployment-pod10.yaml files/heat-public-net-deployment.yaml diff --git a/type/cntt/software/charts/osh-infra/elasticsearch.yaml b/type/cntt/software/charts/osh-infra/elasticsearch.yaml deleted file mode 100644 index f1f814f..0000000 --- a/type/cntt/software/charts/osh-infra/elasticsearch.yaml +++ /dev/null @@ -1,70 +0,0 @@ ---- -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: elasticsearch - labels: - name: elasticsearch-type - layeringDefinition: - abstract: false - layer: type - parentSelector: - hosttype: elasticsearch-global - actions: - - method: merge - path: . - storagePolicy: cleartext -data: - values: - pod: - replicas: - client: 3 - resources: - enabled: true - apache_proxy: - limits: - memory: "1024Mi" - cpu: "2000m" - requests: - memory: "0" - cpu: "0" - client: - requests: - memory: "4Gi" - cpu: "1000m" - limits: - memory: "8Gi" - cpu: "2000m" - master: - requests: - memory: "4Gi" - cpu: "1000m" - limits: - memory: "8Gi" - cpu: "2000m" - data: - requests: - memory: "4Gi" - cpu: "1000m" - limits: - memory: "8Gi" - cpu: "2000m" - prometheus_elasticsearch_exporter: - requests: - memory: "0" - cpu: "0" - limits: - memory: "1024Mi" - cpu: "2000m" - - storage: - requests: - storage: 10Gi - conf: - elasticsearch: - env: - java_opts: - client: "-Xms2048m -Xmx2048m" - data: "-Xms2048m -Xmx2048m" - master: "-Xms2048m -Xmx2048m" -... diff --git a/type/cntt/software/charts/osh-infra/fluentbit.yaml b/type/cntt/software/charts/osh-infra/fluentbit.yaml deleted file mode 100644 index cbe4121..0000000 --- a/type/cntt/software/charts/osh-infra/fluentbit.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: fluentbit - labels: - name: fluentbit-type - layeringDefinition: - abstract: false - layer: type - parentSelector: - hosttype: fluentbit-global - actions: - - method: merge - path: . - storagePolicy: cleartext -data: {} -... diff --git a/type/cntt/software/charts/osh-infra/fluentd.yaml b/type/cntt/software/charts/osh-infra/fluentd.yaml deleted file mode 100644 index 430f4f4..0000000 --- a/type/cntt/software/charts/osh-infra/fluentd.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: fluentd - labels: - name: fluentd-type - layeringDefinition: - abstract: false - layer: type - parentSelector: - hosttype: fluentd-global - actions: - - method: merge - path: . - storagePolicy: cleartext -data: {} -... diff --git a/type/cntt/software/charts/osh-infra/prometheus.yaml b/type/cntt/software/charts/osh-infra/prometheus.yaml deleted file mode 100644 index d7baf32..0000000 --- a/type/cntt/software/charts/osh-infra/prometheus.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - replacement: true - name: prometheus - labels: - name: prometheus-type - layeringDefinition: - abstract: false - layer: type - parentSelector: - name: prometheus-global - actions: - - method: merge - path: . - storagePolicy: cleartext -data: - values: - pod: - resources: - enabled: true - prometheus: - limits: - memory: "4Gi" - cpu: "2000m" - requests: - memory: "2Gi" - cpu: "1000m" - storage: - requests: - storage: 10Gi -... diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/libvirt.yaml b/type/cntt/software/charts/osh/openstack-compute-kit/libvirt.yaml deleted file mode 100644 index 5b35bdb..0000000 --- a/type/cntt/software/charts/osh/openstack-compute-kit/libvirt.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: libvirt - replacement: true - layeringDefinition: - abstract: false - layer: type - parentSelector: - name: libvirt-global - actions: - - method: merge - path: . - storagePolicy: cleartext -data: - values: - network: - backend: - - openvswitch - - sriov -... diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml b/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml deleted file mode 100644 index 6cced90..0000000 --- a/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# This file defines hardware-specific settings for neutron. If you use the same -# hardware profile as this environment, you should not need to change this file. -# Otherwise, you should review the settings here and adjust for your hardware. -# In particular: -# 1. logical network interface names -# 2. physical device mappigns -# TODO: Should move to global layer and become tied to the hardware profile -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - replacement: true - name: neutron - layeringDefinition: - abstract: false - layer: site - parentSelector: - name: neutron-global - actions: - - method: merge - path: . - storagePolicy: cleartext -data: - wait: - timeout: 1800 - test: - timeout: 900 - values: - labels: - sriov: - node_selector_key: sriov - node_selector_value: enabled - pod: - security_context: - neutron_sriov_agent: - pod: - runAsUser: 42424 - container: - neutron_sriov_agent_init: - privileged: true - runAsUser: 0 - readOnlyRootFilesystem: false - neutron_sriov_agent: - readOnlyRootFilesystem: true - privileged: true - network: - interface: - sriov: - - device: ens785f1 - num_vfs: 32 - promisc: false - backend: - - openvswitch - - sriov - conf: - plugins: - ml2_conf: - ml2: - mechanism_drivers: l2population,openvswitch,sriovnicswitch - ml2_type_vlan: - ## NOTE: Must have at least 1 sriov network defined - network_vlan_ranges: external,sriovnet1:100:4000 - sriov_agent: - securitygroup: - firewall_driver: neutron.agent.firewall.NoopFirewallDriver - sriov_nic: - ## NOTE: Must have at least 1 sriov network to physical device - ## mapping, otherwise sriov agent readiness check - ## will fail. - physical_device_mappings: sriovnet1:ens785f1 - exclude_devices: "" -... diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml b/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml deleted file mode 100644 index dd9c02c..0000000 --- a/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# This file defines hardware-specific settings for nova. If you use the same -# hardware profile as this environment, you should not need to change this file. -# Otherwise, you should review the settings here and adjust for your hardware. -# In particular: -# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware -# changes. -# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC -# slotting changes. -# TODO: Should move to global layer and become tied to the hardware profile -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: nova - layeringDefinition: - abstract: false - layer: type - parentSelector: - name: nova-global - actions: - - method: merge - path: . - storagePolicy: cleartext - substitutions: - - src: - schema: drydock/HardwareProfile/v1 - name: intel-s2600wt - path: .cpu_sets.kvm - dest: - path: .values.conf.nova.DEFAULT.vcpu_pin_set -data: - values: - network: - backend: - - openvswitch - - sriov - conf: - nova: - filter_scheduler: - available_filters: "nova.scheduler.filters.all_filters" - enabled_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AggregateCoreFilter,AggregateRamFilter,AggregateMultiTenancyIsolation,JsonFilter,IoOpsFilter,AggregateDiskFilter,AllHostsFilter,IsolatedHostsFilter,AggregateImagePropertiesIsolation,PciPassthroughFilter,AggregateIoOpsFilter,NumInstancesFilter,AggregateNumInstancesFilter,MetricsFilter,SimpleCIDRAffinityFilter,AggregateTypeAffinityFilter,NUMATopologyFilter,ComputeCapabilitiesFilter,DifferentHostFilter,SameHostFilter" - pci: - alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI"}' - passthrough_whitelist: | - [{"address": "0000:05:06.*", "physical_network": "sriovnet1"},{"address": "0000:05:07.*", "physical_network": "sriovnet1"},{"address": "0000:05:08.*", "physical_network": "sriovnet1"},{"address": "0000:05:09.*", "physical_network": "sriovnet1"}] -... diff --git a/type/cntt/software/charts/osh/openstack-glance/glance.yaml b/type/cntt/software/charts/osh/openstack-glance/glance.yaml new file mode 100644 index 0000000..2fc284e --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-glance/glance.yaml @@ -0,0 +1,49 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: glance + labels: + name: glance-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: glance-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + rally_tests: + run_tempest: false + tests: + GlanceImages.create_and_delete_image: + - args: + container_format: bare + disk_format: qcow2 + image_location: https://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img + runner: + concurrency: 1 + times: 1 + type: constant + sla: + failure_rate: + max: 0 + GlanceImages.create_and_list_image: + - args: + container_format: bare + disk_format: qcow2 + image_location: https://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img + runner: + concurrency: 1 + times: 1 + type: constant + sla: + failure_rate: + max: 0 + +... diff --git a/type/cntt/software/charts/ucp/ceph/ceph-client-update.yaml b/type/cntt/software/charts/ucp/ceph/ceph-client-update.yaml deleted file mode 100644 index eb921b8..0000000 --- a/type/cntt/software/charts/ucp/ceph/ceph-client-update.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# The purpose of this file is to define environment-specific parameters for ceph -# client update -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: ucp-ceph-client-update - layeringDefinition: - abstract: false - layer: site - parentSelector: - name: ucp-ceph-client-update-global - actions: - - method: merge - path: . - storagePolicy: cleartext -data: - values: - conf: - pool: - target: - # NEWSITE-CHANGEME: Total number of OSDs. Does not need to change if - # your HW matches this site's HW. Verify for your environment. - # 8 OSDs per node x 3 nodes = 24 - osd: 3 -... diff --git a/type/cntt/software/charts/ucp/ceph/ceph-client.yaml b/type/cntt/software/charts/ucp/ceph/ceph-client.yaml deleted file mode 100644 index e1e8ecf..0000000 --- a/type/cntt/software/charts/ucp/ceph/ceph-client.yaml +++ /dev/null @@ -1,100 +0,0 @@ ---- -# The purpose of this file is to define envrionment-specific parameters for the -# ceph client -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: ucp-ceph-client - layeringDefinition: - abstract: false - layer: site - parentSelector: - name: ucp-ceph-client-global - actions: - - method: merge - path: . - storagePolicy: cleartext -data: - values: - conf: - pool: - target: - # NEWSITE-CHANGEME: The number of OSDs per ceph node. Does not need to - # change if your deployment HW matches this site's HW. - osd: 1 - spec: - # RBD pool - - name: rbd - application: rbd - replication: 1 - percent_total_data: 40 - - name: cephfs_metadata - application: cephfs - replication: 1 - percent_total_data: 5 - - name: cephfs_data - application: cephfs - replication: 1 - percent_total_data: 10 - # RadosGW pools - - name: .rgw.root - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.control - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.data.root - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.gc - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.log - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.intent-log - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.meta - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.usage - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.users.keys - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.users.email - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.users.swift - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.users.uid - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.buckets.extra - application: rgw - replication: 1 - percent_total_data: 0.1 - - name: default.rgw.buckets.index - application: rgw - replication: 1 - percent_total_data: 3 - - name: default.rgw.buckets.data - application: rgw - replication: 1 - percent_total_data: 34.8 -... diff --git a/type/cntt/software/charts/ucp/ceph/ceph-osd.yaml b/type/cntt/software/charts/ucp/ceph/ceph-osd.yaml deleted file mode 100644 index 25297d9..0000000 --- a/type/cntt/software/charts/ucp/ceph/ceph-osd.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# The purpose of this file is to define environment-specific parameters for -# ceph-osd -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: ucp-ceph-osd - layeringDefinition: - abstract: false - layer: site - parentSelector: - name: ucp-ceph-osd-global - actions: - - method: replace - path: .values.conf.storage.osd - - method: merge - path: . - storagePolicy: cleartext -data: - values: - conf: - storage: - osd: - - data: - type: directory - location: /var/lib/ceph/osd/osd-one - journal: - type: directory - location: /var/lib/ceph/journal/osd-one -... -- cgit 1.2.3-korg