Separate demo and dev deployments of Airship

Separates and cleans up some documentation around the
airship-in-a-bottle usage for demo vs. development
environment purposes. Dev environments will deploy only the
Airship specific components, while the Demo will show a
more complete installation of OpenStack on top of Airship.

Change-Id: Icca614c4cc4aed426006720b924c105b15d9e510

deployment_files/global/v1.0dev/software/charts/kubernetes/container-networking/calico.yaml

@@ -0,0 +1,158 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.calico.calico
+      dest:
+        path: .source
+
+    # Image versions
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.calico.calico
+      dest:
+        path: .values.images
+
+    # IP addresses
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.api_service_ip
+      dest:
+        path: .values.conf.policy_controller.K8S_API
+        pattern: KUBERNETES_IP
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.etcd.service_ip
+      dest:
+        path: .values.endpoints.etcd.host_fqdn_override.default
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path: .values.networking.podSubnet
+
+    # Other site-specific configuration
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.ip_autodetection_method
+      dest:
+        path: .values.conf.node.IP_AUTODETECTION_METHOD
+
+    # Certificates
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd
+        path: .
+      dest:
+        path: .values.endpoints.etcd.auth.client.tls.ca
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-node
+        path: .
+      dest:
+        path: .values.endpoints.etcd.auth.client.tls.crt
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-node
+        path: .
+      dest:
+        path: .values.endpoints.etcd.auth.client.tls.key
+data:
+  chart_name: calico
+  release: kubernetes-calico
+  namespace: kube-system
+  timeout: 600
+  wait:
+    timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    conf:
+      cni_network_config:
+        name: k8s-pod-network
+        cniVersion: 0.1.0
+        type: calico
+        etcd_endpoints: __ETCD_ENDPOINTS__
+        etcd_ca_cert_file: /etc/calico/pki/ca
+        etcd_cert_file: /etc/calico/pki/crt
+        etcd_key_file: /etc/calico/pki/key
+        log_level: debug
+        mtu: 1500
+        ipam:
+          type: calico-ipam
+        policy:
+          type: k8s
+          k8s_api_root: https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__
+          k8s_auth_token: __SERVICEACCOUNT_TOKEN__
+
+      policy_controller:
+        K8S_API: "https://KUBERNETES_IP:443"
+
+      node:
+        CALICO_STARTUP_LOGLEVEL: INFO
+        CLUSTER_TYPE:
+          - k8s
+          - bgp
+        IP_AUTODETECTION_METHOD: interface=ens3
+        WAIT_FOR_STORAGE: "true"
+
+    endpoints:
+      etcd:
+        hosts:
+          default: calico-etcd
+        scheme:
+          default: https
+
+    networking:
+      mtu: 1500
+    manifests:
+      daemonset_calico_etcd: false
+      job_image_repo_sync: false
+      service_calico_etcd: false
+  dependencies:
+    - calico-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: calico-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.calico.calico-htk
+      dest:
+        path: .source
+data:
+  chart_name: calico-htk
+  release: calico-htk
+  namespace: calico-htk
+  timeout: 100
+  values: {}
+  dependencies: []

deployment_files/global/v1.0dev/software/charts/kubernetes/container-networking/chart-group.yaml

@@ -0,0 +1,15 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-container-networking
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Container networking via Calico
+  sequenced: true
+  chart_group:
+    - kubernetes-calico-etcd
+    - kubernetes-calico

deployment_files/global/v1.0dev/software/charts/kubernetes/container-networking/etcd.yaml

@@ -0,0 +1,135 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico-etcd-global
+  layeringDefinition:
+    abstract: true
+    layer: global
+  labels:
+    name: kubernetes-calico-etcd-global
+  storagePolicy: cleartext
+  substitutions:
+
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.calico.etcd
+      dest:
+        path: .source
+
+    # Image versions
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.calico.etcd
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.etcd.service_ip
+      dest:
+        path: .values.service.ip
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.etcd.service_ip
+      dest:
+        path: .values.anchor.etcdctl_endpoint
+
+    # CAs
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd
+        path: .
+      dest:
+        path: .values.secrets.tls.client.ca
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd-peer
+        path: .
+      dest:
+        path: .values.secrets.tls.peer.ca
+
+    # Anchor client cert
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.key
+
+data:
+  chart_name: etcd
+  release: kubernetes-calico-etcd
+  namespace: kube-system
+  timeout: 600
+  wait:
+    timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    labels:
+      anchor:
+        node_selector_key: calico-etcd
+        node_selector_value: enabled
+    etcd:
+      host_data_path: /var/lib/etcd/calico
+      host_etc_path: /etc/etcd/calico
+    bootstrapping:
+      enabled: true
+      host_directory: /var/lib/anchor
+      filename: calico-etcd-bootstrap
+    service:
+      name: calico-etcd
+    network:
+      service_client:
+        name: service_client
+        port: 6666
+        target_port: 6666
+      service_peer:
+        name: service_peer
+        port: 6667
+        target_port: 6667
+  dependencies:
+    - kubernetes-calico-etcd-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico-etcd-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.calico.etcd-htk
+      dest:
+        path: .source
+data:
+  chart_name: kubernetes-calico-etcd-htk
+  release: kubernetes-calico-etcd-htk
+  namespace: kubernetes-calico-etcd-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/kubernetes/core/apiserver.yaml

@@ -0,0 +1,138 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-apiserver
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.apiserver
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.apiserver
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.api_service_ip
+      dest:
+        path: .values.network.kubernetes_service_ip
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path: .values.network.pod_cidr
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.service_cidr
+      dest:
+        path: .values.network.service_cidr
+
+    # CA
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes
+        path: .
+      dest:
+        path: .values.secrets.tls.ca
+
+    # Certificates
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: apiserver
+        path: .
+      dest:
+        path: .values.secrets.tls.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: apiserver
+        path: .
+      dest:
+        path: .values.secrets.tls.key
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes-etcd
+        path: .
+      dest:
+        path: .values.secrets.etcd.tls.ca
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: apiserver-etcd
+        path: .
+      dest:
+        path: .values.secrets.etcd.tls.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: apiserver-etcd
+        path: .
+      dest:
+        path: .values.secrets.etcd.tls.key
+    -
+      src:
+        schema: deckhand/PublicKey/v1
+        name: service-account
+        path: .
+      dest:
+        path: .values.secrets.service_account.public_key
+
+data:
+  chart_name: apiserver
+  release: kubernetes-apiserver
+  namespace: kube-system
+  timeout: 600
+  wait:
+    timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    apiserver:
+      etcd:
+        endpoints: https://127.0.0.1:2378
+  dependencies:
+    - kubernetes-apiserver-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-apiserver-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.apiserver-htk
+      dest:
+        path: .source
+data:
+  chart_name: kubernetes-apiserver-htk
+  release: kubernetes-apiserver-htk
+  namespace: kubernetes-apiserver-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/kubernetes/core/chart-group.yaml

@@ -0,0 +1,15 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-core
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Kubernetes components
+  chart_group:
+    - kubernetes-apiserver
+    - kubernetes-controller-manager
+    - kubernetes-scheduler

deployment_files/global/v1.0dev/software/charts/kubernetes/core/controller-manager.yaml

@@ -0,0 +1,112 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-controller-manager
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.controller-manager
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.controller-manager
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path: .values.network.pod_cidr
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.service_cidr
+      dest:
+        path: .values.network.service_cidr
+
+    # CA
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes
+        path: .
+      dest:
+        path: .values.secrets.tls.ca
+
+    # Certificates
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: controller-manager
+        path: .
+      dest:
+        path: .values.secrets.tls.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: controller-manager
+        path: .
+      dest:
+        path: .values.secrets.tls.key
+
+    # Private key for Kubernetes service account token signing
+    -
+      src:
+        schema: deckhand/PrivateKey/v1
+        name: service-account
+        path: .
+      dest:
+        path: .values.secrets.service_account.private_key
+
+data:
+  chart_name: controller-manager
+  release: kubernetes-controller-manager
+  namespace: kube-system
+  timeout: 600
+  wait:
+    timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    network:
+      kubernetes_netloc: 127.0.0.1:6553
+  dependencies:
+    - kubernetes-controller-manager-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-controller-manager-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.controller-manager-htk
+      dest:
+        path: .source
+data:
+  chart_name: kubernetes-controller-manager-htk
+  release: kubernetes-controller-manager-htk
+  namespace: kubernetes-controller-manager-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/kubernetes/core/scheduler.yaml

@@ -0,0 +1,89 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-scheduler
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.scheduler
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.scheduler
+      dest:
+        path: .values.images.tags
+
+    # CA
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes
+        path: .
+      dest:
+        path: .values.secrets.tls.ca
+
+    # Certificates
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: scheduler
+        path: .
+      dest:
+        path: .values.secrets.tls.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: scheduler
+        path: .
+      dest:
+        path: .values.secrets.tls.key
+
+data:
+  chart_name: scheduler
+  release: kubernetes-scheduler
+  namespace: kube-system
+  timeout: 600
+  wait:
+    timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    network:
+      kubernetes_netloc: 127.0.0.1:6553
+  dependencies:
+    - kubernetes-scheduler-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-scheduler-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.scheduler-htk
+      dest:
+        path: .source
+data:
+  chart_name: kubernetes-scheduler-htk
+  release: kubernetes-scheduler-htk
+  namespace: kubernetes-scheduler-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/kubernetes/dns/chart-group.yaml

@@ -0,0 +1,13 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-dns
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Cluster DNS
+  chart_group:
+    - coredns

deployment_files/global/v1.0dev/software/charts/kubernetes/dns/coredns.yaml

@@ -0,0 +1,120 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: coredns
+  layeringDefinition:
+    abstract: false
+    layer: global
+  labels:
+    name: coredns
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.coredns
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.coredns
+      dest:
+        path: .values.images
+
+    # Zones
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.cluster_domain
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: 'CLUSTER_DOMAIN'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.service_cidr
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: 'SERVICE_CIDR'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path:  .values.conf.coredns.corefile
+        pattern: 'POD_CIDR'
+
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[0]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: 'UPSTREAM1'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[1]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: 'UPSTREAM2'
+data:
+  chart_name: coredns
+  release: coredns
+  namespace: kube-system
+  timeout: 600
+  wait:
+    timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    conf:
+      coredns:
+        # TODO(alanmeadows) this needs to be adjusted to use substition
+        corefile: |
+          .:53 {
+              errors
+              health
+              autopath @kubernetes
+              kubernetes CLUSTER_DOMAIN SERVICE_CIDR POD_CIDR {
+                pods insecure
+                fallthrough in-addr.arpa ip6.arpa
+                upstream UPSTREAM1
+                upstream UPSTREAM2
+              }
+              prometheus :9153
+              proxy . UPSTREAM1
+              proxy . UPSTREAM2
+              cache 30
+          }
+  dependencies:
+    - coredns-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: coredns-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.coredns-htk
+      dest:
+        path: .source
+data:
+  chart_name: coredns-htk
+  release: coredns-htk
+  namespace: coredns-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/kubernetes/etcd/chart-group.yaml

@@ -0,0 +1,13 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-etcd
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Kubernetes etcd
+  chart_group:
+    - kubernetes-etcd

deployment_files/global/v1.0dev/software/charts/kubernetes/etcd/etcd.yaml

@@ -0,0 +1,125 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-etcd-global
+  layeringDefinition:
+    abstract: true
+    layer: global
+  labels:
+    name: kubernetes-etcd-global
+  storagePolicy: cleartext
+  substitutions:
+
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.etcd
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.etcd
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.etcd_service_ip
+      dest:
+        path: .values.service.ip
+
+    # CAs
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes-etcd
+        path: .
+      dest:
+        path: .values.secrets.tls.client.ca
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes-etcd-peer
+        path: .
+      dest:
+        path: .values.secrets.tls.peer.ca
+
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.key
+
+data:
+  chart_name: etcd
+  release: kubernetes-etcd
+  namespace: kube-system
+  timeout: 600
+  wait:
+    timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    anchor:
+      etcdctl_endpoint: kubernetes-etcd.kube-system.svc.cluster.local
+    labels:
+      anchor:
+        node_selector_key: kubernetes-etcd
+        node_selector_value: enabled
+    etcd:
+      host_data_path: /var/lib/etcd/kubernetes
+      host_etc_path: /etc/etcd/kubernetes
+    service:
+      name: kubernetes-etcd
+    network:
+      service_client:
+        name: service_client
+        port: 2379
+        target_port: 2379
+      service_peer:
+        name: service_peer
+        port: 2380
+        target_port: 2380
+  dependencies:
+    - kubernetes-etcd-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-etcd-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.etcd-htk
+      dest:
+        path: .source
+data:
+  chart_name: kubernetes-etcd-htk
+  release: kubernetes-etcd-htk
+  namespace: kubernetes-etcd-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/kubernetes/haproxy/chart-group.yaml

@@ -0,0 +1,13 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-haproxy
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: HAProxy for Kubernetes
+  chart_group:
+    - haproxy

deployment_files/global/v1.0dev/software/charts/kubernetes/haproxy/haproxy.yaml

@@ -0,0 +1,90 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: haproxy
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.haproxy
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.haproxy
+      dest:
+        path: .values.images
+data:
+  chart_name: haproxy
+  release: haproxy
+  namespace: kube-system
+  timeout: 600
+  wait:
+    timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    conf:
+      anchor:
+
+        # TODO(alanmeadows) this should be substituted
+        kubernetes_url: https://10.96.0.1:443
+        services:
+          default:
+            kubernetes:
+              server_opts: "check"
+              conf_parts:
+                frontend:
+                  - mode tcp
+                  - option tcpka
+                  - bind *:6553
+                backend:
+                  - mode tcp
+                  - option tcpka
+          kube-system:
+            kubernetes-etcd:
+              server_opts: "check"
+              conf_parts:
+                frontend:
+                  - mode tcp
+                  - option tcpka
+                  - bind *:2378
+                backend:
+                  - mode tcp
+                  - option tcpka
+  dependencies:
+    - haproxy-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: haproxy-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.haproxy-htk
+      dest:
+        path: .source
+data:
+  chart_name: haproxy-htk
+  release: haproxy-htk
+  namespace: haproxy-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/kubernetes/ingress/chart-group.yaml

@@ -0,0 +1,13 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ingress-kube-system
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Ingress for the site
+  chart_group:
+    - ingress-kube-system

deployment_files/global/v1.0dev/software/charts/kubernetes/ingress/ingress.yaml

@@ -0,0 +1,70 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ingress-kube-system
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.ingress
+      dest:
+        path: .source
+data:
+  chart_name: ingress-kube-system
+  release: ingress-kube-system
+  namespace: kube-system
+  timeout: 300
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  values:
+    labels:
+      server:
+        node_selector_key: kube-ingress
+        node_selector_value: enabled
+      error_server:
+        node_selector_key: kube-ingress
+        node_selector_value: enabled
+    deployment:
+      mode: cluster
+      type: DaemonSet
+    network:
+      host_namespace: true
+      ingress:
+        annotations:
+          nginx.ingress.kubernetes.io/proxy-read-timeout: "603"
+    pod:
+      replicas:
+        error_page: 2
+  dependencies:
+    - ingress-kube-system-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ingress-kube-system-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.ingress-htk
+      dest:
+        path: .source
+data:
+  chart_name: ingress-kube-system-htk
+  release: ingress-kube-system-htk
+  namespace: ingress-kube-system-htk
+  timeout: 100
+  values: {}
+  dependencies: []

deployment_files/global/v1.0dev/software/charts/kubernetes/proxy/chart-group.yaml

@@ -0,0 +1,14 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-proxy
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Kubernetes proxy
+  sequenced: true
+  chart_group:
+    - kubernetes-proxy

deployment_files/global/v1.0dev/software/charts/kubernetes/proxy/kubernetes-proxy.yaml

@@ -0,0 +1,63 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-proxy
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.proxy
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.proxy
+      dest:
+        path: .values.images.tags
+data:
+  chart_name: proxy
+  release: kubernetes-proxy
+  namespace: kube-system
+  timeout: 600
+  wait:
+    timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    network:
+      kubernetes_netloc: 127.0.0.1:6553
+  dependencies:
+    - kubernetes-proxy-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-proxy-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.proxy-htk
+      dest:
+        path: .source
+data:
+  chart_name: kubernetes-proxy-htk
+  release: kubernetes-proxy-htk
+  namespace: kubernetes-proxy-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/armada/armada.yaml

@@ -0,0 +1,112 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-armada
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.armada
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.armada
+      dest:
+        path: .values.images.tags
+
+    # Endpoints
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.identity
+      dest:
+        path: .values.endpoints.identity
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.armada
+      dest:
+        path: .values.endpoints.armada
+
+    # Credentials
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.keystone.admin
+      dest:
+        path: .values.endpoints.identity.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.armada.keystone
+      dest:
+        path: .values.endpoints.identity.auth.user
+
+    # Secrets
+    - dest:
+        path: .values.endpoints.identity.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_keystone_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.identity.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_armada_keystone_password
+        path: .
+data:
+  chart_name: armada
+  release: ucp-armada
+  namespace: ucp
+  timeout: 100
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  values:
+    replicas:
+      api: 1
+    armada:
+      DEFAULT:
+        debug: true
+    manifests:
+      deployment_tiller: false
+      service_tiller: false
+  dependencies:
+    - armada-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: armada-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.armada-htk
+      dest:
+        path: .source
+data:
+  chart_name: armada-htk
+  release: armada-htk
+  namespace: armada-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/armada/chart-group.yaml

@@ -0,0 +1,15 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-armada
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Armada
+  sequenced: true
+  chart_group:
+    - ucp-tiller
+    - ucp-armada

deployment_files/global/v1.0dev/software/charts/ucp/armada/tiller.yaml

@@ -0,0 +1,63 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-tiller
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.tiller
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.tiller
+      dest:
+        path: .values.images.tags
+
+data:
+  chart_name: tiller
+  release: ucp-tiller
+  namespace: kube-system
+  timeout: 100
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  values: {}
+  dependencies:
+    - tiller-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: tiller-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.tiller-htk
+      dest:
+        path: .source
+data:
+  chart_name: tiller-htk
+  release: tiller-htk
+  namespace: tiller-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/core/chart-group.yaml

@@ -0,0 +1,17 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-core
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Common UCP Components
+  chart_group:
+    - ucp-ingress
+    - ucp-mariadb
+    - ucp-rabbitmq
+    - ucp-postgresql
+...

deployment_files/global/v1.0dev/software/charts/ucp/core/ingress.yaml

@@ -0,0 +1,69 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ingress
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.ingress
+      dest:
+        path: .source
+data:
+  chart_name: ingress
+  release: ingress
+  namespace: ucp
+  timeout: 600
+  wait:
+    timeout: 600
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  values:
+    labels:
+      server:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+      error_server:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+    pod:
+      replicas:
+        ingress: 1
+        error_page: 1
+    network:
+      ingress:
+        annotations:
+          nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+  dependencies:
+    - ucp-ingress-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ingress-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.ingress-htk
+      dest:
+        path: .source
+data:
+  chart_name: ucp-ingress-htk
+  release: ucp-ingress-htk
+  namespace: ucp-ingress-htk
+  timeout: 100
+  values: {}
+  dependencies: []

deployment_files/global/v1.0dev/software/charts/ucp/core/mariadb.yaml

@@ -0,0 +1,95 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-mariadb
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.mariadb
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.mariadb
+      dest:
+        path: .values.images.tags
+
+    # Endpoints
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_db
+      dest:
+        path: .values.endpoints.olso_db
+    # Accounts
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.oslo_db.admin
+      dest:
+        path: .values.endpoints.oslo_db.auth.admin
+
+    # Secrets
+    - dest:
+        path: .values.endpoints.oslo_db.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_oslo_db_admin_password
+        path: .
+
+data:
+  chart_name: ucp-mariadb
+  release: ucp-mariadb
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  values:
+    labels:
+      server:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+      prometheus_mysql_exporter:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+    pod:
+      replicas:
+        server: 1
+  dependencies:
+    - mariadb-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: mariadb-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.mariadb-htk
+      dest:
+        path: .source
+data:
+  chart_name: mariadb-htk
+  release: mariadb-htk
+  namespace: mariadb-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/core/postgresql.yaml

@@ -0,0 +1,95 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-postgresql
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.postgresql
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.postgresql
+      dest:
+        path: .values.images.tags
+
+    # Endpoints
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.postgresql
+      dest:
+        path: .values.endpoints.postgresql
+    # Credentials
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.postgres.admin
+      dest:
+        path: .values.endpoints.postgresql.auth.admin
+
+    # Secrets
+    - dest:
+        path: .values.endpoints.postgresql.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_postgres_admin_password
+        path: .
+data:
+  chart_name: ucp-postgresql
+  release: ucp-postgresql
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete: []
+      create: []
+    post:
+      create: []
+  values:
+    development:
+      enabled: false
+    labels:
+      server:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+  dependencies:
+    - postgres-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: postgres-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.postgresql-htk
+      dest:
+        path: .source
+data:
+  chart_name: postgres-htk
+  release: postgres-htk
+  namespace: postgres-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/core/rabbitmq.yaml

@@ -0,0 +1,102 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-rabbitmq
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.rabbitmq
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.rabbitmq
+      dest:
+        path: .values.images.tags
+
+    # Endpoints
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_messaging
+      dest:
+        path: .values.endpoints.oslo_messaging
+
+    # Credentials
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.oslo_messaging.admin
+      dest:
+        path: .values.endpoints.oslo_messaging.auth.user
+
+    # Secrets
+
+    - src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_rabbitmq_erlang_cookie
+        path: .
+      dest:
+        path: .values.endpoints.oslo_messaging.auth.erlang_cookie
+    - src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_oslo_messaging_password
+        path: .
+      dest:
+        path: .values.endpoints.oslo_messaging.auth.user.password
+data:
+  chart_name: ucp-rabbitmq
+  release: ucp-rabbitmq
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  values:
+    pod:
+      replicas:
+        server: 1
+    labels:
+      server:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+      prometheus_rabbitmq_exporter:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+  dependencies:
+    - ucp-rabbitmq-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-rabbitmq-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.rabbitmq-htk
+      dest:
+        path: .source
+data:
+  chart_name: ucp-rabbitmq-htk
+  release: ucp-rabbitmq-htk
+  namespace: ucp-rabbitmq-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/deckhand/barbican.yaml

@@ -0,0 +1,182 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-barbican
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.barbican
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.barbican
+      dest:
+        path: .values.images.tags
+
+    # Endpoints
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.identity
+      dest:
+        path: .values.endpoints.identity
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.key_manager
+      dest:
+        path: .values.endpoints.key_manager
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_db
+      dest:
+        path: .values.endpoints.oslo_db
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_cache
+      dest:
+        path: .values.endpoints.oslo_cache
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_messaging
+      dest:
+        path: .values.endpoints.oslo_messaging
+
+    # Credentials
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.barbican.keystone
+      dest:
+        path: .values.endpoints.identity.auth.barbican
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.keystone.admin
+      dest:
+        path: .values.endpoints.identity.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.barbican.oslo_db
+      dest:
+        path: .values.endpoints.oslo_db.auth.barbican
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.barbican.oslo_db.database
+      dest:
+        path: .values.endpoints.oslo_db.path
+        pattern: DB_NAME
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.barbican.oslo_messaging
+      dest:
+        path: .values.endpoints.oslo_messaging.auth
+
+    # Secrets
+    - dest:
+        path: .values.endpoints.identity.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_keystone_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.oslo_db.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_oslo_db_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.identity.auth.barbican.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_barbican_keystone_password
+        path: .
+    - dest:
+        path: .values.endpoints.oslo_db.auth.barbican.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_barbican_oslo_db_password
+        path: .
+    - dest:
+        path: .values.endpoints.oslo_messaging.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_oslo_messaging_password
+        path: .
+    - dest:
+        path: .values.endpoints.oslo_messaging.auth.barbican.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_oslo_messaging_password
+        path: .
+data:
+  chart_name: ucp-barbican
+  release: ucp-barbican
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete: []
+      create: []
+    post:
+      create: []
+  values:
+    labels:
+      api:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+      job:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+      test:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+    pod:
+      replicas:
+        api: 1
+  dependencies:
+    - ucp-barbican-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-barbican-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.barbican-htk
+      dest:
+        path: .source
+data:
+  chart_name: ucp-barbican-htk
+  release: ucp-barbican-htk
+  namespace: ucp-barbican-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/deckhand/chart-group.yaml

@@ -0,0 +1,16 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-deckhand
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Deckhand
+  chart_group:
+    # NOTE(mb874d): Find and add the dogtag chart
+    # - ucp-dogtag
+    - ucp-barbican
+    - ucp-deckhand

deployment_files/global/v1.0dev/software/charts/ucp/deckhand/deckhand.yaml

@@ -0,0 +1,171 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-deckhand
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.deckhand
+      dest:
+        path: .source
+
+    # Images
+
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.deckhand
+      dest:
+        path: .values.images.tags
+
+    # Endpoints
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.identity
+      dest:
+        path: .values.endpoints.identity
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.postgresql
+      dest:
+        path: .values.endpoints.postgresql
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.deckhand
+      dest:
+        path: .values.endpoints.deckhand
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.key_manager
+      dest:
+        path: .values.endpoints.key_manager
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_cache
+      dest:
+        path: .values.endpoints.oslo_cache
+    # Credentials
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.postgres.admin
+      dest:
+        path: .values.endpoints.postgresql.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.deckhand.postgres
+      dest:
+        path: .values.endpoints.postgresql.auth.user
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.deckhand.postgres.database
+      dest:
+        path: .values.endpoints.postgresql.path
+        pattern: DB_NAME
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.deckhand.keystone
+      dest:
+        path: .values.endpoints.identity.auth.user
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.keystone.admin
+      dest:
+        path: .values.endpoints.identity.auth.admin
+
+    # Secrets
+    - dest:
+        path: .values.endpoints.identity.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_keystone_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_postgres_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.identity.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_deckhand_keystone_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_deckhand_postgres_password
+        path: .
+data:
+  chart_name: ucp-deckhand
+  release: ucp-deckhand
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete:
+        - type: 'job'
+          labels:
+            application: 'deckhand'
+      create: []
+    post:
+      create: []
+  values:
+    pod:
+      replicas:
+        api: 1
+    conf:
+      deckhand:
+        DEFAULT:
+          debug: true
+          use_stderr: true
+          use_syslog: true
+        keystone_authtoken:
+          memcache_security_strategy: None
+  dependencies:
+    - deckhand-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: deckhand-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.deckhand-htk
+      dest:
+        path: .source
+data:
+  chart_name: deckhand-htk
+  release: deckhand-htk
+  namespace: deckhand-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/divingbell/chart-group.yaml

@@ -0,0 +1,13 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-divingbell
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Divingbell
+  chart_group:
+    - ucp-divingbell

deployment_files/global/v1.0dev/software/charts/ucp/divingbell/divingbell.yaml

@@ -0,0 +1,86 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-divingbell
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.divingbell
+      dest:
+        path: .source
+data:
+  chart_name: divingbell
+  release: divingbell
+  namespace: ucp
+  timeout: 300
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  values:
+    conf:
+      sysctl:
+        net.nf_conntrack_max: '1048576'
+        kernel.panic: '60'
+        net.ipv4.conf.default.arp_accept: '1'
+        net.core.netdev_max_backlog: '261144'
+        net.ipv4.tcp_keepalive_intvl: '3'
+        net.ipv4.tcp_keepalive_time: '30'
+        net.ipv4.tcp_keepalive_probes: '8'
+        net.ipv4.conf.all.arp_accept: '1'
+        net.ipv4.tcp_retries2: '5'
+        net.ipv4.neigh.default.gc_thresh1: '4096'
+        net.ipv4.neigh.default.gc_thresh2: '8192'
+        net.ipv4.neigh.default.gc_thresh3: '16384'
+        net.bridge.bridge-nf-call-iptables: '1'
+        net.bridge.bridge-nf-call-arptables: '1'
+        net.bridge.bridge-nf-call-ip6tables: '1'
+        net.ipv4.conf.default.rp_filter: '0'
+        net.netfilter.nf_conntrack_acct: '1'
+      overrides:
+        divingbell_mounts:
+          labels:
+          - label:
+              key: hosttype
+              values:
+              - "nd-global"
+              - "nv-global"
+            conf:
+              mounts:
+                mnt1:
+                  mnt_tgt: /run/hugepages/kvm
+                  device: hugetlbfs-kvm
+                  type: hugetlbfs
+                  options: 'mode=775'
+  dependencies:
+    - ucp-divingbell-htk
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-divingbell-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.divingbell-htk
+      dest:
+        path: .source
+data:
+  chart_name: ucp-divingbell-htk
+  release: ucp-divingbell-htk
+  namespace: ucp-divingbell-htk
+  timeout: 100
+  values: {}
+  dependencies: []

deployment_files/global/v1.0dev/software/charts/ucp/drydock/chart-group.yaml

@@ -0,0 +1,14 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-drydock
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Drydock
+  chart_group:
+    - ucp-maas
+    - ucp-drydock

deployment_files/global/v1.0dev/software/charts/ucp/drydock/drydock.yaml

@@ -0,0 +1,192 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-drydock
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.drydock
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.drydock
+      dest:
+        path: .values.images.tags
+
+    # Endpoints
+
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.identity
+      dest:
+        path: .values.endpoints.identity
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.postgresql
+      dest:
+        path: .values.endpoints.postgresql
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.physicalprovisioner
+      dest:
+        path: .values.endpoints.physicalprovisioner
+
+    # Drydock IPs
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .node_ports.drydock_api
+      dest:
+        path: .values.network.drydock.node_port.port
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .node_ports.drydock_api
+      dest:
+        path: .values.endpoints.physicalprovisioner.port.api.nodeport
+
+    # MaaS IPs
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        # TODO(mb874d): Can change once we have an accessible VIP from fresh nodes.
+        path: .genesis.ip
+      dest:
+        path: .values.conf.drydock.maasdriver.maas_api_url
+        pattern: 'MAAS_IP'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .node_ports.maas_api
+      dest:
+        path: .values.conf.drydock.maasdriver.maas_api_url
+        pattern: 'MAAS_PORT'
+
+    # Credentials
+
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.postgres.admin
+      dest:
+        path: .values.endpoints.postgresql.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.drydock.postgres
+      dest:
+        path: .values.endpoints.postgresql.auth.user
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.drydock.postgres.database
+      dest:
+        path: .values.endpoints.postgresql.path
+        pattern: DB_NAME
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.drydock.keystone
+      dest:
+        path: .values.endpoints.identity.auth.user
+
+    # Secrets
+    - dest:
+        path: .values.endpoints.identity.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_keystone_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_postgres_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.identity.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_drydock_keystone_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_drydock_postgres_password
+        path: .
+
+data:
+  chart_name: drydock
+  release: drydock
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete:
+        - type: 'job'
+          labels:
+            application: 'drydock'
+  values:
+    replicas:
+      drydock: 1
+    labels:
+      node_selector_key: ucp-control-plane
+      node_selector_value: enabled
+    network:
+      drydock:
+        node_port:
+          enabled: true
+    conf:
+      drydock:
+        maasdriver:
+          maas_api_url: http://MAAS_IP:MAAS_PORT/MAAS/api/2.0/
+        plugins:
+          ingester: drydock_provisioner.ingester.plugins.deckhand.DeckhandIngester
+          oob_driver:
+            - 'drydock_provisioner.drivers.oob.pyghmi_driver.driver.PyghmiDriver'
+            - 'drydock_provisioner.drivers.oob.manual_driver.driver.ManualDriver'
+  dependencies:
+    - drydock-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: drydock-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.drydock-htk
+      dest:
+        path: .source
+data:
+  chart_name: drydock-htk
+  release: drydock-htk
+  namespace: drydock-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/drydock/maas.yaml

@@ -0,0 +1,223 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-maas
+  layeringDefinition:
+    abstract: false
+    layer: global
+  labels:
+    name: ucp-maas
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.maas
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.maas
+      dest:
+        path: .values.images.tags
+
+    # Drydock IPs
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        # TODO(mb874d): Can change once we have an accessible VIP from fresh nodes.
+        path: .bootstrap.ip
+      dest:
+        path: .values.conf.drydock.bootaction_url
+        pattern: '(DRYDOCK_IP)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .node_ports.drydock_api
+      dest:
+        path: .values.conf.drydock.bootaction_url
+        pattern: '(DRYDOCK_PORT)'
+
+    # MaaS IPs
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        # TODO(mb874d): Can change once we have an accessible VIP from fresh nodes.
+        path: .bootstrap.ip
+      dest:
+        path: .values.conf.maas.url.maas_url
+        pattern: '(MAAS_IP)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .node_ports.maas_api
+      dest:
+        path: .values.conf.maas.url.maas_url
+        pattern: '(MAAS_PORT)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .node_ports.maas_api
+      dest:
+        path: .values.network.gui.node_port.port
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .node_ports.maas_proxy
+      dest:
+        path: .values.network.proxy.node_port.port
+
+    # MaaS Config
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers_joined
+      dest:
+        path: .values.conf.maas.dns.dns_servers
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .ntp.servers_joined
+      dest:
+        path: .values.conf.maas.ntp.ntp_servers
+    - src:
+        schema: deckhand/Passphrase/v1
+        name: maas-region-key
+        path: .
+      dest:
+        path: .values.secrets.maas_region.value
+
+    # Endpoint substitutions
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.postgresql
+      dest:
+        path: .values.endpoints.maas_db
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.maas_region_ui
+      dest:
+        path: .values.endpoints.maas_region_ui
+
+    # Account and credential substitutions
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.postgres.admin
+      dest:
+        path: .values.endpoints.maas_db.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.maas.postgres
+      dest:
+        path: .values.endpoints.maas_db.auth.user
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.maas.postgres.database
+      dest:
+        path: .values.endpoints.maas_db.path
+        pattern: DB_NAME
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.maas.admin
+      dest:
+        path: .values.endpoints.maas_region_ui.auth.admin
+
+    # Secrets
+    - dest:
+        path: .values.endpoints.maas_region_ui.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_maas_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.maas_db.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_postgres_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.maas_db.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_maas_postgres_password
+        path: .
+data:
+  chart_name: maas
+  release: maas
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete:
+        - type: 'job'
+          labels:
+            application: 'maas'
+  values:
+    labels:
+      rack:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+      region:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+    network:
+      proxy:
+        node_port:
+          enabled: true
+    conf:
+      cache:
+        enabled: false
+      drydock:
+        bootaction_url: http://DRYDOCK_IP:DRYDOCK_PORT/api/v1.0/bootactions/nodes/
+      maas:
+        credentials:
+          secret:
+            namespace: ucp
+        url:
+          maas_url: http://MAAS_IP:MAAS_PORT/MAAS
+        proxy:
+          proxy_enabled: 'false'
+        ntp:
+          use_external_only: 'false'
+        dns:
+          require_dnssec: 'no'
+  dependencies:
+    - maas-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: maas-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.maas-htk
+      dest:
+        path: .source
+data:
+  chart_name: maas-htk
+  release: maas-htk
+  namespace: maas-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/keystone/chart-group.yaml

@@ -0,0 +1,14 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-keystone
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: UCP Keystone components
+  chart_group:
+    - ucp-keystone-memcached
+    - ucp-keystone

deployment_files/global/v1.0dev/software/charts/ucp/keystone/keystone.yaml

@@ -0,0 +1,164 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-keystone
+  labels:
+    component: keystone
+    configuration: ldap-backed
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.keystone
+      dest:
+        path: .source
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.keystone
+      dest:
+        path: .values.images.tags
+    # Endpoints
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.identity
+      dest:
+        path: .values.endpoints.identity
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_db
+      dest:
+        path: .values.endpoints.oslo_db
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_messaging
+      dest:
+        path: .values.endpoints.oslo_messaging
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_cache
+      dest:
+        path: .values.endpoints.oslo_cache
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.keystone.admin
+      dest:
+        path: .values.endpoints.identity.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.keystone.oslo_messaging
+      dest:
+        path: .values.endpoints.oslo_messaging.auth
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.keystone.oslo_db
+      dest:
+        path: .values.endpoints.oslo_db.auth.keystone
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.keystone.oslo_db.database
+      dest:
+        path: .values.endpoints.oslo_db.path
+        pattern: DB_NAME
+    # Secrets
+    - dest:
+        path: .values.endpoints.identity.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_keystone_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.oslo_messaging.auth.keystone.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_oslo_messaging_password
+        path: .
+    - dest:
+        path: .values.endpoints.oslo_messaging.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_oslo_messaging_password
+        path: .
+    - dest:
+        path: .values.endpoints.oslo_db.auth.keystone.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_keystone_oslo_db_password
+        path: .
+    - dest:
+        path: .values.endpoints.oslo_db.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_oslo_db_admin_password
+        path: .
+data:
+  chart_name: ucp-keystone
+  release: ucp-keystone
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete:
+        - type: job
+          labels:
+            job-name: keystone-db-sync
+        - type: job
+          labels:
+            job-name: keystone-db-init
+    post:
+      create: []
+  values:
+    pods:
+      replicas:
+        api: 1
+    labels:
+      api:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+      job:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+  dependencies:
+    - ucp-keystone-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name:  ucp-keystone-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.keystone-htk
+      dest:
+        path: .source
+data:
+  chart_name: ucp-keystone-htk
+  release: ucp-keystone-htk
+  namespace: ucp-keystone-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/keystone/memcached.yaml

@@ -0,0 +1,72 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-keystone-memcached
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.memcached
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.memcached
+      dest:
+        path: .values.images.tags
+
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_cache
+      dest:
+        path: .values.endpoints.oslo_cache
+data:
+  chart_name: ucp-keystone-memcached
+  release: ucp-keystone-memcached
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  values:
+    labels:
+      server:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+  dependencies:
+    - ucp-memcached-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-memcached-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.memcached-htk
+      dest:
+        path: .source
+data:
+  chart_name: ucp-memcached-htk
+  release: ucp-memcached-htk
+  namespace: ucp-memcached-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/promenade/chart-group.yaml

@@ -0,0 +1,13 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-promenade
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Promenade
+  chart_group:
+    - ucp-promenade

deployment_files/global/v1.0dev/software/charts/ucp/promenade/promenade.yaml

@@ -0,0 +1,118 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-promenade
+  layeringDefinition:
+    abstract: false
+    layer: global
+  labels:
+    name: ucp-promenade
+  storagePolicy: cleartext
+  substitutions:
+
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.promenade
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.promenade
+      dest:
+        path: .values.images.tags
+
+    # Endpoints
+
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.identity
+      dest:
+        path: .values.endpoints.identity
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.kubernetesprovisioner
+      dest:
+        path: .values.endpoints.kubernetesprovisioner
+
+    # Credentials
+
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.keystone.admin
+      dest:
+        path: .values.endpoints.identity.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.promenade.keystone
+      dest:
+        path: .values.endpoints.identity.auth.user
+
+    # Secrets
+    - dest:
+        path: .values.endpoints.identity.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_keystone_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.identity.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_promenade_keystone_password
+        path: .
+
+data:
+  chart_name: promenade
+  release: ucp-promenade
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  values:
+    conf:
+      paste:
+        filter:authtoken:
+          paste.filter_factory: keystonemiddleware.auth_token:filter_factory
+          admin_tenant_name: service
+          admin_user: promenade
+          delay_auth_decision: true
+          identity_uri: http://keystone-api.ucp.svc.cluster.local/
+          service_token_roles_required: true
+  dependencies:
+    - promenade-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: promenade-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.promenade-htk
+      dest:
+        path: .source
+data:
+  chart_name: promenade-htk
+  release: promenade-htk
+  namespace: promenade-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/services-chart-group.yaml

@@ -0,0 +1,21 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-services
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: UCP Services
+  sequenced: true
+  chart_group:
+    - ucp-maas
+    - ucp-tiller
+    - ucp-armada
+    - ucp-barbican
+    - ucp-deckhand
+    - ucp-promenade
+    - ucp-shipyard
+    - ucp-drydock

deployment_files/global/v1.0dev/software/charts/ucp/shipyard/chart-group.yaml

@@ -0,0 +1,13 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-shipyard
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Shipyard
+  chart_group:
+    - ucp-shipyard

deployment_files/global/v1.0dev/software/charts/ucp/shipyard/shipyard.yaml

@@ -0,0 +1,289 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-shipyard
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.shipyard
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.ucp.shipyard
+      dest:
+        path: .values.images.tags
+
+    # Node ports
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .node_ports.shipyard_api
+      dest:
+        path: .values.network.shipyard.node_port
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .node_ports.airflow_web
+      dest:
+        path: .values.network.airflow.web.node_port
+
+    # Endpoints
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.identity
+      dest:
+        path: .values.endpoints.identity
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.postgresql
+      dest:
+        path: .values.endpoints.postgresql_shipyard_db
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.postgresql
+      dest:
+        path: .values.endpoints.postgresql_airflow_db
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.shipyard
+      dest:
+        path: .values.endpoints.shipyard
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.airflow_web
+      dest:
+        path: .values.endpoints.airflow_web
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.airflow_flower
+      dest:
+        path: .values.endpoints.airflow_flower
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_messaging
+      dest:
+        path: .values.endpoints.olso_messaging
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.oslo_cache
+      dest:
+        path: .values.endpoints.oslo_cache
+
+    # Database path
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.shipyard.postgres.database
+      dest:
+        path: .values.endpoints.postgresql_shipyard_db.path
+        pattern: 'DB_NAME'
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.airflow.postgres.database
+      dest:
+        path: .values.endpoints.postgresql_airflow_db.path
+        pattern: 'DB_NAME'
+    # Credentials
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.postgres.admin
+      dest:
+        path: .values.endpoints.postgresql_shipyard_db.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.postgres.admin
+      dest:
+        path: .values.endpoints.postgresql_airflow_db.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.keystone.admin
+      dest:
+        path: .values.endpoints.identity.auth.admin
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.shipyard.postgres
+      dest:
+        path: .values.endpoints.postgresql_shipyard_db.auth.user
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.airflow.postgres
+      dest:
+        path: .values.endpoints.postgresql_airflow_db.auth.user
+    - src:
+        schema: pegleg/AccountCatalogue/v1
+        name: ucp_service_accounts
+        path: .ucp.airflow.oslo_messaging
+      dest:
+        path: .values.endpoints.oslo_messaging.auth.user
+
+    # Secrets
+    - dest:
+        path: .values.endpoints.identity.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_keystone_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql_shipyard_db.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_postgres_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql_airflow_db.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_postgres_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql_airflow_celery_db.auth.admin.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_postgres_admin_password
+        path: .
+    - dest:
+        path: .values.endpoints.identity.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_shipyard_keystone_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql_shipyard_db.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_shipyard_postgres_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql_airflow_db.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_airflow_postgres_password
+        path: .
+    - dest:
+        path: .values.endpoints.postgresql_airflow_celery_db.auth.user.password
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_airflow_postgres_password
+        path: .
+    - src:
+        schema: deckhand/Passphrase/v1
+        name: ucp_oslo_messaging_password
+        path: .
+      dest:
+        path: .values.endpoints.oslo_messaging.auth.user.password
+
+data:
+  chart_name: shipyard
+  release: ucp-shipyard
+  namespace: ucp
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete:
+        - type: 'job'
+          labels:
+            application: 'shipyard'
+        - type: 'job'
+          labels:
+            application: 'airflow'
+  values:
+    endpoints:
+      postgresql_airflow_db:
+        name: postgresql
+        hosts:
+          default: postgresql
+        path: /DB_NAME
+        scheme: postgresql+psycopg2
+        port:
+          postgresql:
+            default: 5432
+        host_fqdn_override:
+          default: null
+      postgresql_shipyard_db:
+        name: postgresql
+        hosts:
+          default: postgresql
+        path: /DB_NAME
+        scheme: postgresql+psycopg2
+        port:
+          postgresql:
+            default: 5432
+        host_fqdn_override:
+          default: null
+    prod_environment: true
+    pod:
+      replicas:
+        shipyard:
+          api: 1
+        airflow:
+          web: 1
+          worker: 1
+          flower: 1
+          scheduler: 1
+    labels:
+      node_selector_key: ucp-control-plane
+      node_selector_value: enabled
+    network:
+      shipyard:
+        enable_node_port: true
+      airflow:
+        web:
+          enable_node_port: true
+    conf:
+      shipyard:
+        keystone_authtoken:
+          memcache_security_strategy: None
+  dependencies:
+    - shipyard-htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: shipyard-htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.shipyard-htk
+      dest:
+        path: .source
+data:
+  chart_name: shipyard-htk
+  release: shipyard-htk
+  namespace: shipyard-htk
+  timeout: 100
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/charts/ucp/storage_provisioner/chart-group.yaml

@@ -0,0 +1,18 @@
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-storage-provisioner
+  labels:
+    name: ucp-storage-provisioner
+    group: ucp
+    service: k8_storage_provisioning
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  description: Kubernetes Storage Provisioner
+  sequenced: true
+  chart_group:
+    - nfs_provisioner

deployment_files/global/v1.0dev/software/charts/ucp/storage_provisioner/nfs-prov.yaml

@@ -0,0 +1,77 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nfs_provisioner
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.nfs_provisioner
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.storage.nfs_provisioner
+      dest:
+        path: .values.images.tags
+data:
+  chart_name: nfs-provisioner
+  release: nfs-provisioner
+  namespace: kube-system
+  timeout: 900
+  wait:
+    timeout: 900
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: true
+  values:
+    labels:
+      nfs:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+      job:
+        node_selector_key: ucp-control-plane
+        node_selector_value: enabled
+    storage:
+      hostPath:
+        path: /var/lib/airship/nfs
+      persistentVolumeClaim:
+        size: '30Gi'
+    storageclass:
+      name: general
+  dependencies:
+    - nfs_htk
+...
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nfs_htk
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.ucp.nfs_htk
+      dest:
+        path: .source
+data:
+  chart_name: nfs_htk
+  release: nfs_htk
+  namespace: nfs_htk
+  values: {}
+  dependencies: []
+...

deployment_files/global/v1.0dev/software/config/Docker.yaml

@@ -0,0 +1,18 @@
+---
+schema: promenade/Docker/v1
+metadata:
+  schema: metadata/Document/v1
+  name: docker-global
+  labels:
+    promenade: enabled
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  config:
+    insecure-registries:
+      - artifacts-aic.atlantafoundry.com
+    live-restore: true
+    max-concurrent-downloads: 10
+    storage-driver: overlay2

deployment_files/global/v1.0dev/software/config/Kubelet.yaml

@@ -0,0 +1,25 @@
+---
+schema: promenade/Kubelet/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubelet
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.pause
+      dest:
+        path: .images.pause
+data:
+  arguments:
+    - --cni-bin-dir=/opt/cni/bin
+    - --cni-conf-dir=/etc/cni/net.d
+    - --eviction-max-pod-grace-period=-1
+    - --network-plugin=cni
+    - --node-status-update-frequency=5s
+    - --serialize-image-pulls=false
+    - --v=5

deployment_files/global/v1.0dev/software/config/versions.yaml

@@ -0,0 +1,479 @@
+---
+schema: pegleg/SoftwareVersions/v1
+metadata:
+  schema: metadata/Document/v1
+  name: software-versions
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  charts:
+    dependencies:
+      ucp-helm-toolkit:
+        type: git
+        location: https://git.openstack.org/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: master
+    kubernetes:
+      calico:
+        etcd:
+          type: git
+          location: https://github.com/att-comdev/promenade
+          subpath: charts/etcd
+          reference: ccdaceabf30c8cd42661a95e05f72a630b5310a0
+        etcd-htk:
+          type: git
+          location: https://github.com/openstack/openstack-helm
+          subpath: helm-toolkit
+          reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+        calico:
+          type: git
+          location: https://github.com/openstack/openstack-helm-infra
+          subpath: calico
+          reference: f402171e42356bc1e805782f1d7f090ce1f6ab17
+        calico-htk:
+          type: git
+          location: https://github.com/openstack/openstack-helm-infra
+          subpath: helm-toolkit
+          reference: f402171e42356bc1e805782f1d7f090ce1f6ab17
+      apiserver:
+        type: git
+        location: https://github.com/att-comdev/promenade
+        subpath: charts/apiserver
+        reference: ccdaceabf30c8cd42661a95e05f72a630b5310a0
+      apiserver-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      controller-manager:
+        type: git
+        location: https://github.com/att-comdev/promenade
+        subpath: charts/controller_manager
+        reference: ccdaceabf30c8cd42661a95e05f72a630b5310a0
+      controller-manager-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      coredns:
+        type: git
+        location: https://github.com/att-comdev/promenade
+        subpath: charts/coredns
+        reference: ccdaceabf30c8cd42661a95e05f72a630b5310a0
+      coredns-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      haproxy:
+        type: git
+        location: https://github.com/att-comdev/promenade
+        subpath: charts/haproxy
+        reference: ccdaceabf30c8cd42661a95e05f72a630b5310a0
+      haproxy-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      etcd:
+        type: git
+        location: https://github.com/att-comdev/promenade
+        subpath: charts/etcd
+        reference: ccdaceabf30c8cd42661a95e05f72a630b5310a0
+      etcd-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      ingress:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: ingress
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      ingress-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      proxy:
+        type: git
+        location: https://github.com/att-comdev/promenade
+        subpath: charts/proxy
+        reference: ccdaceabf30c8cd42661a95e05f72a630b5310a0
+      proxy-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      scheduler:
+        type: git
+        location: https://github.com/att-comdev/promenade
+        subpath: charts/scheduler
+        reference: ccdaceabf30c8cd42661a95e05f72a630b5310a0
+      scheduler-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+    ucp:
+      nfs_provisioner:
+        type: git
+        location: https://github.com/openstack/openstack-helm-infra
+        subpath: nfs-provisioner
+        reference: f402171e42356bc1e805782f1d7f090ce1f6ab17
+      nfs_htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm-infra
+        subpath: helm-toolkit
+        reference: f402171e42356bc1e805782f1d7f090ce1f6ab17
+      armada:
+        type: git
+        location: https://github.com/att-comdev/armada
+        subpath: charts/armada
+        reference: 2b714888c490a9f7c5a11383eb18b7226d1b1dc8
+      armada-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      barbican:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: barbican
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      barbican-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      ceph:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: ceph
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      ceph-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      deckhand:
+        type: git
+        location: https://github.com/att-comdev/deckhand
+        subpath: charts/deckhand
+        reference: 7385d077395dde975200a071f7ea503a9522e32c
+      deckhand-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      divingbell:
+        type: git
+        location: https://github.com/att-comdev/divingbell
+        subpath: divingbell
+        reference: 9e7028416e8b6798c1b2bf04770bd165e398b5c1
+      divingbell-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      drydock:
+        type: git
+        location: https://github.com/att-comdev/drydock
+        subpath: charts/drydock
+        reference: 506e06623a5f1c11c0d34f2089851cc8381f06ae
+      drydock-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      ingress:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: ingress
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      ingress-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      postgresql:
+        type: git
+        location: https://git.openstack.org/openstack/openstack-helm
+        subpath: postgresql
+        reference: refs/changes/80/569480/2
+        # Liveness probe is too aggressive right now, using ref above instead
+        # location: https://github.com/openstack/openstack-helm
+        # subpath: postgresql
+        # reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      postgresql-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm-infra
+        subpath: helm-toolkit
+        reference: 9f921f23fb2df702981a0b3d33062ff607350f75
+      promenade:
+        type: git
+        location: https://github.com/att-comdev/promenade
+        subpath: charts/promenade
+        reference: ccd372a97490971d4a5b2281424be7595c55c1b0
+      promenade-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      keystone:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: keystone
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      keystone-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      maas:
+        type: git
+        location: https://github.com/att-comdev/maas
+        subpath: charts/maas
+        reference: 3e4849e132353f22378fa7d10838f3e0c2f0eef2
+      maas-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      mariadb:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: mariadb
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      mariadb-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      memcached:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: memcached
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      memcached-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      rabbitmq:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: rabbitmq
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      rabbitmq-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      shipyard:
+        type: git
+        location: https://github.com/att-comdev/shipyard
+        subpath: charts/shipyard
+        reference: afc2ea501deda27083b951f14791c5ed6141d8ae
+      shipyard-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+      tiller:
+        type: git
+        location: https://github.com/att-comdev/armada
+        subpath: charts/tiller
+        reference: 35b426db32a7440d862c88e7ac3eef3a453acfc9
+      tiller-htk:
+        type: git
+        location: https://github.com/openstack/openstack-helm
+        subpath: helm-toolkit
+        reference: f902cd14fac7de4c4c9f7d019191268a6b4e9601
+  files:
+    kubelet: https://dl.k8s.io/v1.10.2/kubernetes-node-linux-amd64.tar.gz
+  images:
+    ucp:
+      armada:
+        api: artifacts-aic.atlantafoundry.com/att-comdev/armada:2b714888c490a9f7c5a11383eb18b7226d1b1dc8
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+        ks_endpoints: docker.io/openstackhelm/heat:ocata
+        ks_service: docker.io/openstackhelm/heat:ocata
+        ks_user: docker.io/openstackhelm/heat:ocata
+        helm: lachlanevenson/k8s-helm:v2.7.2
+        tiller: gcr.io/kubernetes-helm/tiller:v2.7.2
+      promenade:
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+        promenade: docker.io/sthussey/promenade:replace
+        ks_user: docker.io/openstackhelm/heat:ocata
+        ks_service: docker.io/openstackhelm/heat:ocata
+        ks_endpoints: docker.io/openstackhelm/heat:ocata
+      deckhand:
+        deckhand: artifacts-aic.atlantafoundry.com/att-comdev/deckhand:7385d077395dde975200a071f7ea503a9522e32c
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+        db_init: docker.io/postgres:9.5
+        db_sync: artifacts-aic.atlantafoundry.com/att-comdev/deckhand:7385d077395dde975200a071f7ea503a9522e32c
+        ks_endpoints: docker.io/openstackhelm/heat:ocata
+        ks_service: docker.io/openstackhelm/heat:ocata
+        ks_user: docker.io/openstackhelm/heat:ocata
+      barbican:
+        bootstrap: docker.io/openstackhelm/heat:ocata
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+        scripted_test: docker.io/openstackhelm/heat:ocata
+        db_init: docker.io/openstackhelm/heat:ocata
+        barbican_db_sync: docker.io/openstackhelm/barbican:ocata
+        db_drop: docker.io/openstackhelm/heat:ocata
+        ks_endpoints: docker.io/openstackhelm/heat:ocata
+        ks_service: docker.io/openstackhelm/heat:ocata
+        ks_user: docker.io/openstackhelm/heat:ocata
+        barbican_api: docker.io/openstackhelm/barbican:ocata
+      drydock:
+        drydock: artifacts-aic.atlantafoundry.com/att-comdev/drydock:506e06623a5f1c11c0d34f2089851cc8381f06ae
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+        ks_user: docker.io/openstackhelm/heat:ocata
+        ks_service: docker.io/openstackhelm/heat:ocata
+        ks_endpoints: docker.io/openstackhelm/heat:ocata
+        drydock_db_init: docker.io/postgres:9.5
+        drydock_db_sync: artifacts-aic.atlantafoundry.com/att-comdev/drydock:506e06623a5f1c11c0d34f2089851cc8381f06ae
+      shipyard:
+        airflow: artifacts-aic.atlantafoundry.com/att-comdev/airflow:afc2ea501deda27083b951f14791c5ed6141d8ae
+        shipyard: artifacts-aic.atlantafoundry.com/att-comdev/shipyard:afc2ea501deda27083b951f14791c5ed6141d8ae
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+        shipyard_db_init: docker.io/postgres:9.5
+        shipyard_db_sync: artifacts-aic.atlantafoundry.com/att-comdev/shipyard:afc2ea501deda27083b951f14791c5ed6141d8ae
+        airflow_db_init: docker.io/postgres:9.5
+        airflow_db_sync: artifacts-aic.atlantafoundry.com/att-comdev/airflow:afc2ea501deda27083b951f14791c5ed6141d8ae
+        ks_user: docker.io/openstackhelm/heat:ocata
+        ks_service: docker.io/openstackhelm/heat:ocata
+        ks_endpoints: docker.io/openstackhelm/heat:ocata
+      maas:
+        db_init: docker.io/postgres:9.5
+        db_sync: artifacts-aic.atlantafoundry.com/att-comdev/maas-region-controller:3e4849e132353f22378fa7d10838f3e0c2f0eef2
+        maas_rack: artifacts-aic.atlantafoundry.com/att-comdev/maas-rack-controller:3e4849e132353f22378fa7d10838f3e0c2f0eef2
+        maas_region: artifacts-aic.atlantafoundry.com/att-comdev/maas-region-controller:3e4849e132353f22378fa7d10838f3e0c2f0eef2
+        bootstrap: artifacts-aic.atlantafoundry.com/att-comdev/maas-region-controller:3e4849e132353f22378fa7d10838f3e0c2f0eef2
+        export_api_key: artifacts-aic.atlantafoundry.com/att-comdev/maas-region-controller:3e4849e132353f22378fa7d10838f3e0c2f0eef2
+        maas_cache: artifacts-aic.atlantafoundry.com/att-comdev/sstream-cache@sha256:70aa6cc9cdf0d07ed933c99f232ecc82cb89048ffdb030811e44a537bdfad67e
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+      keystone:
+        keystone_bootstrap: docker.io/openstackhelm/heat:ocata
+        test: docker.io/kolla/ubuntu-source-rally:4.0.0
+        db_init: docker.io/openstackhelm/heat:ocata
+        keystone_db_sync: docker.io/openstackhelm/keystone:ocata
+        db_drop: docker.io/openstackhelm/heat:ocata
+        keystone_fernet_setup: docker.io/openstackhelm/keystone:ocata
+        keystone_fernet_rotate: docker.io/openstackhelm/keystone:ocata
+        keystone_credential_setup: docker.io/openstackhelm/keystone:ocata
+        keystone_credential_rotate: docker.io/openstackhelm/keystone:ocata
+        keystone_api: docker.io/openstackhelm/keystone:ocata
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+      tiller:
+        tiller: gcr.io/kubernetes-helm/tiller:v2.7.2
+      mariadb:
+        mariadb: docker.io/mariadb:10.1.23
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+      postgresql:
+        postgresql: docker.io/postgres:9.5
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+      memcached:
+        memcached: docker.io/memcached:1.5.5
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+      rabbitmq:
+        rabbitmq: docker.io/rabbitmq:3.7
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+    ceph:
+      ceph:
+        ks_endpoints: docker.io/openstackhelm/heat:ocata
+        ks_service: docker.io/openstackhelm/heat:ocata
+        ks_user: docker.io/openstackhelm/heat:ocata
+        ceph_bootstrap: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+        ceph_daemon: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04
+        ceph_config_helper: docker.io/port/ceph-config-helper:v1.7.5
+        ceph_rbd_provisioner: quay.io/external_storage/rbd-provisioner:v0.1.1
+        ceph_cephfs_provisioner: quay.io/external_storage/cephfs-provisioner:v0.1.1
+    storage:
+      nfs_provisioner:
+        nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.8
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
+        image_repo_sync: docker.io/docker:17.07.0
+    kubernetes:
+      apiserver:
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
+        apiserver: gcr.io/google_containers/hyperkube-amd64:v1.10.2
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0
+      controller-manager:
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
+        controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.10.2
+        dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0
+      coredns:
+        coredns: coredns/coredns:1.0.5
+      haproxy:
+        haproxy: haproxy:1.8.3
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
+      etcd:
+        etcd: quay.io/coreos/etcd:v3.2.14
+        etcdctl: quay.io/coreos/etcd:v3.2.14
+      kubectl: gcr.io/google_containers/hyperkube-amd64:v1.10.2
+      pause: gcr.io/google_containers/pause-amd64:3.0
+      scheduler:
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
+        scheduler: gcr.io/google_containers/hyperkube-amd64:v1.10.2
+      proxy:
+        proxy: gcr.io/google_containers/hyperkube-amd64:v1.10.2
+    calico:
+      etcd:
+        etcd: quay.io/coreos/etcd:v3.2.14
+        etcdctl: quay.io/coreos/etcd:v3.2.14
+      calico:
+        cni: quay.io/calico/cni:v1.11.2
+        ctl: quay.io/calico/ctl:v1.6.2
+        kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0
+        node: quay.io/calico/node:v2.6.5
+        settings: quay.io/calico/ctl:v1.6.2
+  packages:
+    repositories:
+      - name: docker
+        url: http://apt.dockerproject.org/repo
+        distributions:
+          - ubuntu-xenial
+        components:
+          - main
+        gpgkey: |-
+          -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+          mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
+          ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
+          mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
+          TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
+          dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
+          X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
+          HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
+          NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
+          hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
+          65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
+          zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
+          tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
+          Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
+          AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n
+          Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I
+          1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl
+          uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv
+          0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8
+          L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD
+          YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR
+          7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc
+          jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP
+          HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL
+          MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ
+          TvBR8Q==
+          =Fm3p
+          -----END PGP PUBLIC KEY BLOCK-----
+    named:
+      docker: docker-engine=1.13.1-0~ubuntu-xenial
+      socat: socat=1.7.3.1-1
+    unnamed:
+      # nfs-common for the nfs provisioner - dev only.
+      - nfs-common

deployment_files/global/v1.0dev/software/manifests/bootstrap.yaml

@@ -0,0 +1,27 @@
+---
+schema: armada/Manifest/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cluster-bootstrap
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  release_prefix: airship
+  chart_groups:
+    - kubernetes-proxy
+    - kubernetes-container-networking
+    - kubernetes-dns
+    - kubernetes-etcd
+    - kubernetes-core
+    - ingress-kube-system
+    - ucp-storage-provisioner
+    - ucp-core
+    - ucp-keystone
+# TODO(bryan-strassner)
+# Excluding diving bell for now - crash loop on uamlite in this env
+# might be missing configuration, might be a symptom of running in a VM
+# same change in full-site manifest.
+#    - ucp-divingbell
+    - ucp-services

deployment_files/global/v1.0dev/software/manifests/full-site.yaml

@@ -0,0 +1,27 @@
+---
+schema: armada/Manifest/v1
+metadata:
+  schema: metadata/Document/v1
+  name: full-site
+  layeringDefinition:
+    abstract: false
+    layer: global
+  storagePolicy: cleartext
+data:
+  release_prefix: airship
+  chart_groups:
+    - kubernetes-proxy
+    - kubernetes-container-networking
+    - kubernetes-dns
+    - kubernetes-etcd
+    - kubernetes-core
+    - ingress-kube-system
+    - ucp-storage-provisioner
+    - ucp-core
+    - ucp-keystone
+# TODO(bryan-strassner)
+# Excluding diving bell for now - crash loop on uamlite in this env
+# might be missing configuration, might be a symptom of running in a VM
+# same change in full-site manifest.
+#    - ucp-divingbell
+    - ucp-services