From 22408cbeb5314763d123f0ea4474c33ad040edac Mon Sep 17 00:00:00 2001 From: Michael Beaver Date: Fri, 26 Apr 2019 10:41:41 -0500 Subject: [PATCH] Add new seaworthy-virt site This site is created in order to utilize the multinode development environment alongside the global and type manifests in Treasure map. To accomplish this, the new seaworthy-virt site is a copy of the airship-seaworthy site but with as many overrides and removed pieces as necessary. Change-Id: I6d19e1cf019c5d03f42343ab3c72971172879e4d --- .zuul.yaml | 21 + global/baremetal/bootactions/promjoin.yaml | 1 + .../baremetal/bootactions/promjoin.yaml | 49 + site/seaworthy-virt/baremetal/nodes.yaml | 58 + .../deployment/deployment-configuration.yaml | 41 + .../deployment/dev-configurables.yaml | 12 + .../networks/common-addresses.yaml | 132 + .../networks/physical/networks.yaml | 44 + .../networks/physical/unused_networks.yaml | 72 + site/seaworthy-virt/pki/pki-catalog.yaml | 279 ++ site/seaworthy-virt/profiles/genesis.yaml | 50 + .../profiles/hardware/generic_vm.yaml | 23 + .../profiles/host/gate-vm-cp.yaml | 173 + .../profiles/host/gate-vm-dp.yaml | 58 + site/seaworthy-virt/profiles/region.yaml | 37 + .../secrets/certificates/certificates.yaml | 2784 +++++++++++++++++ .../airship_drydock_kvm_ssh_key.yaml | 38 + .../airship_ubuntu_ssh_public_key.yaml | 11 + .../apiserver-encryption-key-key1.yaml | 12 + .../secrets/passphrases/ceph_fsid.yaml | 12 + .../ceph_swift_keystone_password.yaml | 11 + .../passphrases/ipmi_admin_password.yaml | 13 + .../secrets/passphrases/maas-region-key.yaml | 12 + .../osh_barbican_oslo_db_password.yaml | 11 + .../osh_barbican_oslo_messaging_password.yaml | 11 + .../passphrases/osh_barbican_password.yaml | 11 + .../osh_cinder_oslo_db_password.yaml | 11 + .../osh_cinder_oslo_messaging_password.yaml | 11 + .../passphrases/osh_cinder_password.yaml | 11 + .../osh_glance_oslo_db_password.yaml | 11 + .../osh_glance_oslo_messaging_password.yaml | 11 + .../passphrases/osh_glance_password.yaml | 11 + .../osh_heat_oslo_db_password.yaml | 11 + .../osh_heat_oslo_messaging_password.yaml | 11 + .../passphrases/osh_heat_password.yaml | 11 + .../osh_heat_stack_user_password.yaml | 11 + .../osh_heat_trustee_password.yaml | 11 + .../osh_horizon_oslo_db_password.yaml | 11 + ...sh_infra_elasticsearch_admin_password.yaml | 11 + .../osh_infra_grafana_admin_password.yaml | 11 + .../osh_infra_grafana_oslo_db_password.yaml | 11 + ...nfra_grafana_oslo_db_session_password.yaml | 11 + .../osh_infra_nagios_admin_password.yaml | 11 + ...osh_infra_openstack_exporter_password.yaml | 11 + .../osh_infra_oslo_db_admin_password.yaml | 11 + .../osh_infra_oslo_db_exporter_password.yaml | 11 + .../osh_infra_prometheus_admin_password.yaml | 11 + .../osh_infra_rgw_s3_admin_access_key.yaml | 11 + .../osh_infra_rgw_s3_admin_secret_key.yaml | 11 + ...infra_rgw_s3_elasticsearch_access_key.yaml | 11 + ...infra_rgw_s3_elasticsearch_secret_key.yaml | 11 + .../osh_keystone_admin_password.yaml | 11 + .../osh_keystone_ldap_password.yaml | 11 + .../osh_keystone_oslo_db_password.yaml | 11 + .../osh_keystone_oslo_messaging_password.yaml | 11 + .../osh_neutron_oslo_db_password.yaml | 11 + .../osh_neutron_oslo_messaging_password.yaml | 11 + .../passphrases/osh_neutron_password.yaml | 11 + ...osh_nova_metadata_proxy_shared_secret.yaml | 11 + .../osh_nova_oslo_db_password.yaml | 11 + .../osh_nova_oslo_messaging_password.yaml | 11 + .../passphrases/osh_nova_password.yaml | 11 + .../osh_oslo_cache_secret_key.yaml | 11 + .../osh_oslo_db_admin_password.yaml | 11 + .../osh_oslo_db_exporter_password.yaml | 11 + .../osh_oslo_messaging_admin_password.yaml | 11 + .../passphrases/osh_placement_password.yaml | 11 + .../osh_rabbitmq_erlang_cookie.yaml | 11 + .../passphrases/osh_tempest_password.yaml | 11 + .../secrets/passphrases/tenant_ceph_fsid.yaml | 12 + .../passphrases/ubuntu_crypt_password.yaml | 12 + .../ucp_airflow_oslo_messaging_password.yaml | 11 + .../ucp_airflow_postgres_password.yaml | 11 + .../ucp_armada_keystone_password.yaml | 11 + .../ucp_barbican_keystone_password.yaml | 11 + .../ucp_barbican_oslo_db_password.yaml | 11 + .../ucp_deckhand_keystone_password.yaml | 11 + .../ucp_deckhand_postgres_password.yaml | 11 + .../ucp_drydock_keystone_password.yaml | 11 + .../ucp_drydock_postgres_password.yaml | 11 + .../ucp_keystone_admin_password.yaml | 11 + .../ucp_keystone_oslo_db_password.yaml | 11 + .../passphrases/ucp_maas_admin_password.yaml | 11 + .../ucp_maas_postgres_password.yaml | 11 + ..._openstack_exporter_keystone_password.yaml | 11 + .../ucp_oslo_db_admin_password.yaml | 11 + .../ucp_oslo_messaging_password.yaml | 11 + .../ucp_postgres_admin_password.yaml | 11 + .../ucp_postgres_exporter_password.yaml | 11 + .../ucp_postgres_replication_password.yaml | 11 + .../ucp_promenade_keystone_password.yaml | 11 + .../ucp_rabbitmq_erlang_cookie.yaml | 11 + .../ucp_shipyard_keystone_password.yaml | 11 + .../ucp_shipyard_postgres_password.yaml | 11 + site/seaworthy-virt/site-definition.yaml | 12 + .../container-networking/calico.yaml | 160 + .../kubernetes/container-networking/etcd.yaml | 153 + .../software/charts/kubernetes/etcd/etcd.yaml | 163 + .../charts/kubernetes/ingress/ingress.yaml | 31 + .../charts/ucp/ceph/ceph-client-update.yaml | 18 + .../software/charts/ucp/ceph/ceph-client.yaml | 98 + .../software/charts/ucp/ceph/ceph-osd.yaml | 18 + .../charts/ucp/ceph/ceph-provisioners.yaml | 20 + .../charts/ucp/divingbell/divingbell.yaml | 53 + .../software/charts/ucp/drydock/drydock.yaml | 44 + .../software/charts/ucp/drydock/maas.yaml | 38 + .../charts/ucp/promenade/promenade.yaml | 16 + .../config/common-software-config.yaml | 15 + .../software/config/endpoints.yaml | 965 ++++++ .../software/config/service_accounts.yaml | 435 +++ .../software/manifests/bootstrap.yaml | 38 + .../software/manifests/full-site.yaml | 41 + 112 files changed, 7044 insertions(+) create mode 100644 site/seaworthy-virt/baremetal/bootactions/promjoin.yaml create mode 100644 site/seaworthy-virt/baremetal/nodes.yaml create mode 100644 site/seaworthy-virt/deployment/deployment-configuration.yaml create mode 100644 site/seaworthy-virt/deployment/dev-configurables.yaml create mode 100644 site/seaworthy-virt/networks/common-addresses.yaml create mode 100644 site/seaworthy-virt/networks/physical/networks.yaml create mode 100644 site/seaworthy-virt/networks/physical/unused_networks.yaml create mode 100644 site/seaworthy-virt/pki/pki-catalog.yaml create mode 100644 site/seaworthy-virt/profiles/genesis.yaml create mode 100644 site/seaworthy-virt/profiles/hardware/generic_vm.yaml create mode 100644 site/seaworthy-virt/profiles/host/gate-vm-cp.yaml create mode 100644 site/seaworthy-virt/profiles/host/gate-vm-dp.yaml create mode 100644 site/seaworthy-virt/profiles/region.yaml create mode 100644 site/seaworthy-virt/secrets/certificates/certificates.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml create mode 100644 site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml create mode 100644 site/seaworthy-virt/site-definition.yaml create mode 100644 site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml create mode 100644 site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml create mode 100644 site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml create mode 100644 site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml create mode 100644 site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml create mode 100644 site/seaworthy-virt/software/charts/ucp/ceph/ceph-client.yaml create mode 100644 site/seaworthy-virt/software/charts/ucp/ceph/ceph-osd.yaml create mode 100644 site/seaworthy-virt/software/charts/ucp/ceph/ceph-provisioners.yaml create mode 100644 site/seaworthy-virt/software/charts/ucp/divingbell/divingbell.yaml create mode 100644 site/seaworthy-virt/software/charts/ucp/drydock/drydock.yaml create mode 100644 site/seaworthy-virt/software/charts/ucp/drydock/maas.yaml create mode 100644 site/seaworthy-virt/software/charts/ucp/promenade/promenade.yaml create mode 100644 site/seaworthy-virt/software/config/common-software-config.yaml create mode 100644 site/seaworthy-virt/software/config/endpoints.yaml create mode 100644 site/seaworthy-virt/software/config/service_accounts.yaml create mode 100644 site/seaworthy-virt/software/manifests/bootstrap.yaml create mode 100644 site/seaworthy-virt/software/manifests/full-site.yaml diff --git a/.zuul.yaml b/.zuul.yaml index 4d00ac93a..834ff6a8f 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -19,6 +19,7 @@ check: jobs: - treasuremap-seaworthy-site-lint + - treasuremap-seaworthy-virt-site-lint - treasuremap-airskiff-site-lint - treasuremap-airsloop-site-lint - treasuremap-aiab-site-lint @@ -26,6 +27,7 @@ gate: jobs: - treasuremap-seaworthy-site-lint + - treasuremap-seaworthy-virt-site-lint - treasuremap-airskiff-site-lint - treasuremap-airsloop-site-lint - treasuremap-aiab-site-lint @@ -67,6 +69,22 @@ irrelevant-files: - ^.*\.rst$ - ^doc/.*$ + - ^site/seaworthy-virt/.*$ + - ^site/airskiff/.*$ + - ^site/airsloop/.*$ + - ^site/aiab/.*$ + +- job: + name: treasuremap-seaworthy-virt-site-lint + description: | + Lint the seaworthy site using Pegleg. + parent: treasuremap-site-lint + vars: + site: seaworthy-virt + irrelevant-files: + - ^.*\.rst$ + - ^doc/.*$ + - ^site/seaworthy/.*$ - ^site/airskiff/.*$ - ^site/airsloop/.*$ - ^site/aiab/.*$ @@ -82,6 +100,7 @@ - ^.*\.rst$ - ^doc/.*$ - ^site/seaworthy/.*$ + - ^site/seaworthy-virt/.*$ - ^site/airsloop/.*$ - ^site/aiab/.*$ @@ -96,6 +115,7 @@ - ^.*\.rst$ - ^doc/.*$ - ^site/seaworthy/.*$ + - ^site/seaworthy-virt/.*$ - ^site/airskiff/.*$ - ^site/aiab/.*$ @@ -112,6 +132,7 @@ - ^.*\.rst$ - ^doc/.*$ - ^site/seaworthy/.*$ + - ^site/seaworthy-virt/.*$ - ^site/airskiff/.*$ - ^site/airsloop/.*$ diff --git a/global/baremetal/bootactions/promjoin.yaml b/global/baremetal/bootactions/promjoin.yaml index c2dfefb7e..5fdd390b1 100644 --- a/global/baremetal/bootactions/promjoin.yaml +++ b/global/baremetal/bootactions/promjoin.yaml @@ -8,6 +8,7 @@ metadata: abstract: false layer: global labels: + name: promjoin-systemd-unit application: 'drydock' data: signaling: false diff --git a/site/seaworthy-virt/baremetal/bootactions/promjoin.yaml b/site/seaworthy-virt/baremetal/bootactions/promjoin.yaml new file mode 100644 index 000000000..b0cd5a169 --- /dev/null +++ b/site/seaworthy-virt/baremetal/bootactions/promjoin.yaml @@ -0,0 +1,49 @@ +--- +# This file defines a boot action which is responsible for fetching the node's +# promjoin script from the promenade API. This is the script responsible for +# installing kubernetes on the node and joining the kubernetes cluster. +# #GLOBAL-CANDIDATE# +schema: 'drydock/BootAction/v1' +metadata: + schema: 'metadata/Document/v1' + name: promjoin-systemd-unit + storagePolicy: 'cleartext' + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: promjoin-systemd-unit + actions: + - method: replace + path: .assets + labels: + application: 'drydock' +data: + signaling: false + # TODO(alanmeadows) move what is global about this document + assets: + - path: /opt/promjoin.sh + type: file + permissions: '555' + # The ip= parameter must match the MaaS network name of the network used + # to contact kubernetes. With a standard, reference Airship deployment where + # L2 networks are shared between all racks, the network name (i.e. calico) + # should be correct. + location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.default.ip }}&domain={{ node.domain }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %} + location_pipeline: + - template + data_pipeline: + - utf8_decode + - path: /lib/systemd/system/promjoin.service + type: unit + permissions: '600' + data: |- + W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy + PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0 + cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v + cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo= + data_pipeline: + - base64_decode + - utf8_decode +... diff --git a/site/seaworthy-virt/baremetal/nodes.yaml b/site/seaworthy-virt/baremetal/nodes.yaml new file mode 100644 index 000000000..2662b552a --- /dev/null +++ b/site/seaworthy-virt/baremetal/nodes.yaml @@ -0,0 +1,58 @@ +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + name: n1 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + host_profile: cp-global + addressing: + - network: gp + address: 172.24.1.11 + metadata: + boot_mac: '52:54:00:00:a3:31' + rack: rack1 + tags: + - 'masters' +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + name: n2 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + host_profile: cp-global + addressing: + - network: gp + address: 172.24.1.12 + metadata: + boot_mac: '52:54:00:1a:95:0d' + rack: rack1 + tags: + - 'masters' +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + name: n3 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + host_profile: cp-secondary + addressing: + - network: gp + address: 172.24.1.13 + metadata: + boot_mac: '52:54:00:31:c2:36' + rack: rack1 + tags: + - 'masters' +... diff --git a/site/seaworthy-virt/deployment/deployment-configuration.yaml b/site/seaworthy-virt/deployment/deployment-configuration.yaml new file mode 100644 index 000000000..bfc6c0cbb --- /dev/null +++ b/site/seaworthy-virt/deployment/deployment-configuration.yaml @@ -0,0 +1,41 @@ +--- +# The purpose of this file is to provide shipyard related deployment config +# parameters. This should not require modification for a new site. However, +# shipyard deployment strategies can be very useful in getting around certain +# failures, like misbehaving nodes that hold up the deployment. See more at +# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy +schema: shipyard/DeploymentConfiguration/v1 +metadata: + schema: metadata/Document/v1 + name: deployment-configuration + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + physical_provisioner: + deployment_strategy: deployment-strategy + deploy_interval: 30 + deploy_timeout: 3600 + destroy_interval: 30 + destroy_timeout: 900 + join_wait: 0 + prepare_node_interval: 30 + prepare_node_timeout: 1800 + prepare_site_interval: 10 + prepare_site_timeout: 300 + verify_interval: 10 + verify_timeout: 60 + kubernetes_provisioner: + drain_timeout: 3600 + drain_grace_period: 1800 + clear_labels_timeout: 1800 + remove_etcd_timeout: 1800 + etcd_ready_timeout: 600 + armada: + get_releases_timeout: 300 + get_status_timeout: 300 + manifest: 'full-site' + post_apply_timeout: 7200 + validate_design_timeout: 600 +... diff --git a/site/seaworthy-virt/deployment/dev-configurables.yaml b/site/seaworthy-virt/deployment/dev-configurables.yaml new file mode 100644 index 000000000..7a7d42f72 --- /dev/null +++ b/site/seaworthy-virt/deployment/dev-configurables.yaml @@ -0,0 +1,12 @@ +--- +schema: dev/Configurables/v1 +metadata: + schema: metadata/Document/v1 + name: dev-configurables + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + hostcidr: 172.24.1.0/24 +... diff --git a/site/seaworthy-virt/networks/common-addresses.yaml b/site/seaworthy-virt/networks/common-addresses.yaml new file mode 100644 index 000000000..29470c774 --- /dev/null +++ b/site/seaworthy-virt/networks/common-addresses.yaml @@ -0,0 +1,132 @@ +--- +# The purpose of this file is to define network related paramters that are +# referenced elsewhere in the manifests for this site. +# +# TODO: Include bare metal host FQDN naming standards +# TODO: Include ingress FQDN naming standards +schema: pegleg/CommonAddresses/v1 +metadata: + schema: metadata/Document/v1 + name: common-addresses + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + calico: + ip_autodetection_method: 'interface=ens3' + bgp: + ipv4: + ingress_vip: '172.24.1.6/32' + maas_vip: '172.24.1.5/32' + public_service_cidr: 'Nonsense' + peers: + - 'Nonsense' + - 'Nonsense' + ip_rule: + gateway: 'Nonsense' + etcd: + # etcd service IP address + service_ip: 10.96.232.136 + + dns: + # Kubernetes cluster domain. Do not change. This is internal to the cluster. + cluster_domain: cluster.local + # DNS service ip + service_ip: 10.96.0.10 + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + upstream_servers: + - 172.24.1.9 + - 172.24.1.9 + - 172.24.1.9 + # Repeat the same values as above, but formatted as a common separated + # string + upstream_servers_joined: 172.24.1.9 + ingress_domain: gate.local + node_domain: gate.local + + genesis: + hostname: n0 + ip: 172.24.1.10 + + proxy: + http: "" + https: "" + no_proxy: [] + + bootstrap: + ip: 172.24.1.10 + + kubernetes: + # K8s API service IP + api_service_ip: 10.96.0.1 + # etcd service IP + etcd_service_ip: 10.96.0.2 + # k8s pod CIDR (network which pod traffic will traverse) + pod_cidr: 10.97.0.0/16 + # k8s service CIDR (network which k8s API traffic will traverse) + service_cidr: 10.96.0.0/16 + # misc k8s port settings + apiserver_port: 6443 + haproxy_port: 6553 + service_node_port_range: 30000-32767 + + # etcd port settings + etcd: + container_port: 2379 + haproxy_port: 2378 + + masters: + - hostname: n1 + - hostname: n2 + - hostname: n3 + + node_ports: + drydock_api: 30000 + maas_api: 30001 + maas_proxy: 31800 # hardcoded in MAAS + + vip: + ingress_vip: '172.24.1.6/32' + maas_vip: '172.24.1.5/32' + + ntp: + # comma separated NTP server list. Verify that these upstream NTP servers are + # reachable in your environment; otherwise update them with the correct + # values for your environment. + servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org' + + # NOTE: This will be updated soon + ldap: + base_url: 'ldap.example.com' + url: 'ldap://ldap.example.com' + auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com + # NEWSITE-CHANGEME: Update to the correct AD group that contains the users + # relevant for this deployment (test users vs prod users/values, etc) + common_name: test + # NEWSITE-CHANGEME: Update to the correct subdomain for your type of + # deployment (test vs prod values, etc) + subdomain: test + # NEWSITE-CHANGEME: Update to the correct domain for your type of + # deployment (test vs prod values, etc) + domain: example + + storage: + ceph: + public_cidr: 172.24.1.0/24 + cluster_cidr: 172.24.1.0/24 + + neutron: + tunnel_device: 'ens3' + # bond which the overlay is a member of. Ensure the bond name is consistent + # with the bond assigned to the overlay network in + # networks/physical/networks.yaml + external_iface: 'ens3' + + openvswitch: + # bond which the overlay is a member of. Ensure the bond name is consistent + # with the bond assigned to the overlay network in + # networks/physical/networks.yaml + external_iface: 'ens3' +... diff --git a/site/seaworthy-virt/networks/physical/networks.yaml b/site/seaworthy-virt/networks/physical/networks.yaml new file mode 100644 index 000000000..6eb0a24d8 --- /dev/null +++ b/site/seaworthy-virt/networks/physical/networks.yaml @@ -0,0 +1,44 @@ +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: gp + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: gp + allowed_networks: + - gp +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: gp + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + mtu: 1500 + cidr: 172.24.1.0/24 + ranges: + - type: dhcp + start: 172.24.1.100 + end: 172.24.1.200 + routes: + - subnet: 0.0.0.0/0 + gateway: 172.24.1.1 + metric: 10 + dns: + domain: gate.local + servers: '172.24.1.9' +... diff --git a/site/seaworthy-virt/networks/physical/unused_networks.yaml b/site/seaworthy-virt/networks/physical/unused_networks.yaml new file mode 100644 index 000000000..6301de3b4 --- /dev/null +++ b/site/seaworthy-virt/networks/physical/unused_networks.yaml @@ -0,0 +1,72 @@ +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + cidr: 192.168.1.0/24 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: pxe + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + cidr: 192.168.2.0/24 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: oam + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + cidr: 192.168.3.0/24 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: storage + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + cidr: 192.168.4.0/24 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: calico + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + cidr: 192.168.5.0/24 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: overlay + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + cidr: 192.168.6.0/24 +... diff --git a/site/seaworthy-virt/pki/pki-catalog.yaml b/site/seaworthy-virt/pki/pki-catalog.yaml new file mode 100644 index 000000000..d93e81ead --- /dev/null +++ b/site/seaworthy-virt/pki/pki-catalog.yaml @@ -0,0 +1,279 @@ +--- +# The purpose of this file is to define the PKI certificates for the environment +# +# NOTE: When deploying a new site, this file should not be configured until +# baremetal/nodes.yaml is complete. +# +schema: promenade/PKICatalog/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-certificates + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + certificate_authorities: + kubernetes: + description: CA for Kubernetes components + certificates: + - document_name: apiserver + description: Service certificate for Kubernetes apiserver + common_name: apiserver + hosts: + - localhost + - 127.0.0.1 + - 10.96.0.1 + kubernetes_service_names: + - kubernetes.default.svc.cluster.local + - document_name: kubelet-genesis + common_name: system:node:n0 + hosts: + - n0 + - 172.24.1.10 + groups: + - system:nodes + - document_name: kubelet-n0 + common_name: system:node:n0 + hosts: + - n0 + - 172.24.1.10 + groups: + - system:nodes + - document_name: kubelet-n1 + common_name: system:node:n1 + hosts: + - n1 + - 172.24.1.11 + groups: + - system:nodes + - document_name: kubelet-n2 + common_name: system:node:n2 + hosts: + - n2 + - 172.24.1.12 + groups: + - system:nodes + - document_name: kubelet-n3 + common_name: system:node:n3 + hosts: + - n3 + - 172.24.1.13 + groups: + - system:nodes + + # End node list + - document_name: scheduler + description: Service certificate for Kubernetes scheduler + common_name: system:kube-scheduler + - document_name: controller-manager + description: certificate for controller-manager + common_name: system:kube-controller-manager + - document_name: admin + common_name: admin + groups: + - system:masters + - document_name: armada + common_name: armada + groups: + - system:masters + kubernetes-etcd: + description: Certificates for Kubernetes's etcd servers + certificates: + - document_name: apiserver-etcd + description: etcd client certificate for use by Kubernetes apiserver + common_name: apiserver + # NOTE(mark-burnett): hosts not required for client certificates + - document_name: kubernetes-etcd-anchor + description: anchor + common_name: anchor + - document_name: kubernetes-etcd-genesis + common_name: kubernetes-etcd-genesis + hosts: + - n0 + - 172.24.1.10 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-n0 + common_name: kubernetes-etcd-n0 + hosts: + - n0 + - 172.24.1.10 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-n1 + common_name: kubernetes-etcd-n1 + hosts: + - n1 + - 172.24.1.11 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-n2 + common_name: kubernetes-etcd-n2 + hosts: + - n2 + - 172.24.1.12 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-n3 + common_name: kubernetes-etcd-n3 + hosts: + - n3 + - 172.24.1.13 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + + kubernetes-etcd-peer: + certificates: + - document_name: kubernetes-etcd-genesis-peer + common_name: kubernetes-etcd-genesis-peer + hosts: + - n0 + - 172.24.1.10 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-n0-peer + common_name: kubernetes-etcd-n0-peer + hosts: + - n0 + - 172.24.1.10 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-n1-peer + common_name: kubernetes-etcd-n1-peer + hosts: + - n1 + - 172.24.1.11 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-n2-peer + common_name: kubernetes-etcd-n2-peer + hosts: + - n2 + - 172.24.1.12 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-n3-peer + common_name: kubernetes-etcd-n3-peer + hosts: + - n3 + - 172.24.1.13 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + calico-etcd: + description: Certificates for Calico etcd client traffic + certificates: + - document_name: calico-etcd-anchor + description: anchor + common_name: anchor + - document_name: calico-etcd-genesis + common_name: calico-etcd-genesis + hosts: + - n0 + - 172.24.1.10 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-n0 + common_name: calico-etcd-n0 + hosts: + - n0 + - 172.24.1.10 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-n1 + common_name: calico-etcd-n1 + hosts: + - n1 + - 172.24.1.11 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-n2 + common_name: calico-etcd-n2 + hosts: + - n2 + - 172.24.1.12 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-n3 + common_name: calico-etcd-n3 + hosts: + - n3 + - 172.24.1.13 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node + common_name: calcico-node + calico-etcd-peer: + description: Certificates for Calico etcd clients + certificates: + - document_name: calico-etcd-genesis-peer + common_name: calico-etcd-genesis-peer + hosts: + - n0 + - 172.24.1.10 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-n0-peer + common_name: calico-etcd-n0-peer + hosts: + - n0 + - 172.24.1.10 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-n1-peer + common_name: calico-etcd-n1-peer + hosts: + - n1 + - 172.24.1.11 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-n2-peer + common_name: calico-etcd-n2-peer + hosts: + - n2 + - 172.24.1.12 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-n3-peer + common_name: calico-etcd-n3-peer + hosts: + - n3 + - 172.24.1.13 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node-peer + common_name: calcico-node-peer + keypairs: + - name: service-account + description: Service account signing key for use by Kubernetes controller-manager. +... diff --git a/site/seaworthy-virt/profiles/genesis.yaml b/site/seaworthy-virt/profiles/genesis.yaml new file mode 100644 index 000000000..5947feb92 --- /dev/null +++ b/site/seaworthy-virt/profiles/genesis.yaml @@ -0,0 +1,50 @@ +--- +# The purpose of this file is to apply proper labels to Genesis node so the +# proper services are installed and proper configuration applied. This should +# not need to be changed for a new site. +# #GLOBAL-CANDIDATE# +schema: promenade/Genesis/v1 +metadata: + schema: metadata/Document/v1 + name: genesis-site + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: genesis-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + labels: + dynamic: + - beta.kubernetes.io/fluentd-ds-ready=true + - calico-etcd=enabled + - ceph-mds=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-rgw=enabled + - ceph-mgr=enabled + - ceph-bootstrap=enabled + - tenant-ceph-control-plane=enabled + - tenant-ceph-mon=enabled + - tenant-ceph-rgw=enabled + - tenant-ceph-mgr=enabled + - kube-dns=enabled + - kube-ingress=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - promenade-genesis=enabled + - ucp-control-plane=enabled + - maas-rack=enabled + - maas-region=enabled + - ceph-osd-bootstrap=enabled + - openstack-control-plane=enabled + - openvswitch=enabled + - openstack-l3-agent=enabled + - node-exporter=enabled + - fluentd=enabled +... diff --git a/site/seaworthy-virt/profiles/hardware/generic_vm.yaml b/site/seaworthy-virt/profiles/hardware/generic_vm.yaml new file mode 100644 index 000000000..530ac91d5 --- /dev/null +++ b/site/seaworthy-virt/profiles/hardware/generic_vm.yaml @@ -0,0 +1,23 @@ +--- +schema: 'drydock/HardwareProfile/v1' +metadata: + schema: 'metadata/Document/v1' + name: GenericVM + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + vendor: 'Dell' + generation: '1' + hw_version: '2' + bios_version: '2.2.3' + boot_mode: 'bios' + bootstrap_protocol: 'pxe' + pxe_interface: 0 + device_aliases: + pnic01: + bus_type: 'pci' + dev_type: 'Intel 10Gbps NIC' + address: '0000:00:03.0' +... diff --git a/site/seaworthy-virt/profiles/host/gate-vm-cp.yaml b/site/seaworthy-virt/profiles/host/gate-vm-cp.yaml new file mode 100644 index 000000000..df838a71f --- /dev/null +++ b/site/seaworthy-virt/profiles/host/gate-vm-cp.yaml @@ -0,0 +1,173 @@ +--- +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: cp-global + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: cp-global + actions: + - method: replace + path: .storage + - method: replace + path: .interfaces + - method: replace + path: .platform.kernel_params + - method: merge + path: . + storagePolicy: cleartext +data: + hardware_profile: 'GenericVM' + primary_network: 'gp' + oob: + type: 'libvirt' + libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system' + storage: + physical_devices: + vda: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '20g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + interfaces: + ens3: + device_link: 'gp' + slaves: + - 'ens3' + networks: + - 'gp' + platform: + kernel_params: + kernel_package: 'linux-image-4.15.0-34-generic' +... +--- +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: cp-secondary + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: cp-global + actions: + - method: replace + path: .storage + - method: replace + path: .interfaces + - method: replace + path: .platform.kernel_params + - method: merge + path: . + storagePolicy: cleartext +data: + hardware_profile: 'GenericVM' + primary_network: 'gp' + oob: + type: 'libvirt' + libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system' + storage: + physical_devices: + vda: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '20g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + interfaces: + ens3: + device_link: 'gp' + slaves: + - 'ens3' + networks: + - 'gp' + platform: + kernel_params: + kernel_package: 'linux-image-4.15.0-34-generic' + + metadata: + owner_data: + control-plane: enabled + ucp-control-plane: enabled + openstack-control-plane: enabled + openstack-heat: enabled + openstack-keystone: enabled + openstack-rabbitmq: enabled + openstack-dns-helper: enabled + openstack-mariadb: enabled + openstack-nova-control: enabled + # openstack-etcd: enabled + openstack-mistral: enabled + openstack-memcached: enabled + openstack-glance: enabled + openstack-horizon: enabled + openstack-cinder-control: enabled + openstack-cinder-volume: control + openstack-neutron: enabled + openvswitch: enabled + ucp-barbican: enabled + # ceph-mon: enabled + ceph-mgr: enabled + ceph-osd: enabled + ceph-mds: enabled + ceph-rgw: enabled + ucp-maas: enabled + kube-dns: enabled + tenant-ceph-control-plane: enabled + # tenant-ceph-mon: enabled + tenant-ceph-rgw: enabled + tenant-ceph-mgr: enabled + kubernetes-apiserver: enabled + kubernetes-controller-manager: enabled + # kubernetes-etcd: enabled + kubernetes-scheduler: enabled + tiller-helm: enabled + # kube-etcd: enabled + calico-policy: enabled + calico-node: enabled + # calico-etcd: enabled + ucp-armada: enabled + ucp-drydock: enabled + ucp-deckhand: enabled + ucp-shipyard: enabled + IAM: enabled + ucp-promenade: enabled + prometheus-server: enabled + prometheus-client: enabled + fluentd: enabled + influxdb: enabled + kibana: enabled + elasticsearch-client: enabled + elasticsearch-master: enabled + elasticsearch-data: enabled + postgresql: enabled + kube-ingress: enabled + beta.kubernetes.io/fluentd-ds-ready: 'true' + node-exporter: enabled +... diff --git a/site/seaworthy-virt/profiles/host/gate-vm-dp.yaml b/site/seaworthy-virt/profiles/host/gate-vm-dp.yaml new file mode 100644 index 000000000..63ba91f6a --- /dev/null +++ b/site/seaworthy-virt/profiles/host/gate-vm-dp.yaml @@ -0,0 +1,58 @@ +--- +schema: 'drydock/HostProfile/v1' +metadata: + name: gate-vm-dp + schema: 'metadata/Document/v1' + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + hardware_profile: 'GenericVM' + primary_network: 'gp' + oob: + type: 'libvirt' + libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system' + storage: + physical_devices: + vda: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '20g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + interfaces: + ens3: + device_link: 'gp' + slaves: + - 'ens3' + networks: + - 'gp' + platform: + image: 'xenial' + kernel: 'hwe-16.04' + metadata: + tags: + - 'foo' + owner_data: + openstack-nova-compute: enabled + openvswitch: enabled + # sriov: enabled + contrail-vrouter: kernel + openstack-libvirt: kernel + beta.kubernetes.io/fluentd-ds-ready: 'true' + node-exporter: enabled + fluentbit: enabled + tenant-ceph-osd: enabled +... diff --git a/site/seaworthy-virt/profiles/region.yaml b/site/seaworthy-virt/profiles/region.yaml new file mode 100644 index 000000000..861be487c --- /dev/null +++ b/site/seaworthy-virt/profiles/region.yaml @@ -0,0 +1,37 @@ +--- +# The purpose of this file is to define the drydock Region, which in turn drives +# the MaaS region. +schema: 'drydock/Region/v1' +metadata: + schema: 'metadata/Document/v1' + name: seaworthy-virt + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - dest: + # Add/replace the first item in the list + path: .authorized_keys[0] + src: + schema: deckhand/PublicKey/v1 + # This should match the "name" metadata of the SSH key which will be + # substituted, located in site/airship-seaworthy/secrets folder. + name: airship_ubuntu_ssh_public_key + path: . + - dest: + path: .repositories.main_archive + src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .packages.repositories.main_archive +data: + tag_definitions: [] + # This is the list of SSH keys which MaaS will register for the built-in + # "ubuntu" account during the PXE process. This list is populated by + # substitution, so the same SSH keys do not need to be repeated in multiple + # manifests. + authorized_keys: [] + repositories: + remove_unlisted: true +... diff --git a/site/seaworthy-virt/secrets/certificates/certificates.yaml b/site/seaworthy-virt/secrets/certificates/certificates.yaml new file mode 100644 index 000000000..e7b1c589a --- /dev/null +++ b/site/seaworthy-virt/secrets/certificates/certificates.yaml @@ -0,0 +1,2784 @@ +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSDCCAjCgAwIBAgIUCQVz/8ONRyMvXQYrD2ZR7oKlzZMwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yNDA0MzAyMTE2MDBaMCoxEzARBgNVBAoTCkt1YmVy + bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQDKqbIQ5kNXN/B3yILfwhjshIu8++rpkrPGFA642pgf9cN2m6ju + QL++gOMBV5fisLSHgCxzX9g1efsGj9sFjXeFCJJBHVeiBeIiX/f9GD6gwpeaSSRz + Lu205HcL8Nj7zRefSVR2OEzclT1otj7POL0X9eVtD8B9Tz4oMXt5HzmXQ/0VcvOL + 4xwQiRS3IUEkT7JUYimplb5fn37N+dEC+6dIUvWnarO0OKsB19iv9ASfjzj4HHRl + nIk/VPvXT0DbL57lNAxKJ3t84cflGvWkd2hQbKRM/ghKbvgE3WoXohQ8UoinWIu8 + biQGZL77Y2lYX6AFK+XqFJhelCESJPAnoPL5AgMBAAGjZjBkMA4GA1UdDwEB/wQE + AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQKZgnvLoc613L6vedD + eGE0LM9qIjAfBgNVHSMEGDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjANBgkqhkiG + 9w0BAQsFAAOCAQEAh6cV4+Q0siYqCrmADSOWG4J1uLp945Fc+bW55eTsYxXLTelf + K2anriWU2F89Nzt76wAIHXIrufD5hN8ACnUfc5doMfoOV24u4LaRBt1VO8KmIkHT + yEs/O7pVcHF6UZxMeOQr/KOk+Fm6O+XO0RWZlgJtSJN1SMgL0EsJxzjc22Je/04N + oyOT9APARFBo/7RmkVNDz2pJYRwgsbZE9rdrRrmTncVV+mDB4EGS4TDglbJ6Yd0d + je8nxp1WL9EHikRpRL+esGjW3AsWZUdCXvuPKMbjeTk5LmCXxBraHoRkcj+axfr2 + Dkw09jCqU5Y2M2SOWv0zpwx1ZqcecSYdRYANHw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUjCCAjqgAwIBAgIUO8crfH8g37+Ycsfg8I+48deMSqkwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTI0MDQzMDIxMTYwMFowLzETMBEGA1UEChMK + S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLbWUDLyDRJLpPZoPG6CiMRJl3sd+vY3UyH2 + GDodKWZvWt7Rr/aaFp7nlbBjauevnVlzme3TZMiHjAzWomph60eqvRnc7LDUKSNf + oz9O33IK9FrUoiVyFeVjJdpsOtD8n7SHY+cVSS65gHWa/SsRehyChwv99mkoDIHm + DQyJdY2FcBuxq0yPavd7CbLKqG2TaarCISejpFGAp2AM2FyM1zFT5aevabmR6poQ + 1IS1s8Aeo5t0c3ixrYLerz5TCR9USXEXeldy7Lj1hfnBYkxtTzY5JrmwTfdCotQL + XIRpF8E5YdpFFjb9cQuv1uhjj4W7CbkltaSrMRhQRmrYfO/TawIDAQABo2YwZDAO + BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU43OY + 94PlLN3mex/BeMwsM4kbuzkwHwYDVR0jBBgwFoAU43OY94PlLN3mex/BeMwsM4kb + uzkwDQYJKoZIhvcNAQELBQADggEBACeESuhun+h4SoeUJgfX6hxuSaH5zHDmeEZZ + 7/l6k5l8yK68BRHt9Ed//hIpFQ5OMyTlNA9Xkuo50qh44Kk2deSsZ56g7eLiXSHt + H1BnD8GT6zt6270RmsMg/JUFOkkAwVM8tTPn5K7oopuKhtzC2g1WggHh5KNuYO13 + jYP5is4x7GA8KH8Ldu2tqpAsFYkJY+67QVIx1L0PvMpXOAaCgpcrQqYI5DPlOCU6 + 3w+sQlPVBsMd0LR8TBeu2yWdBlNNp9AaU6ZBMl160+7YXfZ5p9FL5FM/xubBWW9S + 4IVggeduTd3r6GlEQrzarSr8jAgbliqctOB8B4mpTTJXL5Rzk1I= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDXDCCAkSgAwIBAgIUWVMdYbG38/6j4Lm7UDtDZGl4r8QwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjQwNDMwMjExNjAwWjA0MRMwEQYD + VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC + ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOR8HkZ2Y5WNZOvz4/Oq0b9w + J6I2twQJmrhlgcNLF6qm2FKXhb7kj1Dzrwswfq8wGWEDiyMO0UpLe++AgC8DzcLG + 8gtkiBMxN5gV25uqHDJUzrVybX5HB2kyT3YCfF32ZdAPy3zPLf6LCTT3FzapORRY + sBcOrtpHTe7WJct8jR7kDynSoWI2LEVqqf+dbyjliMEWWXZrhEtOuJFnK88VsyYq + IniPkBfVFJ7wQmKZdJuS0o73LV4G8Kf2DKUBk+Qv/+q6NXPFqL58Ex0EyIrxNAUm + cS1ddfqSJGd38tiwjZTaJrHthwgwYVATZ9pjgfHJF8PTtNm4ktGUGzcAmUxhYJcC + AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD + VR0OBBYEFHymZ4KhybMyT5d07GGPS7MCVqKJMB8GA1UdIwQYMBaAFHymZ4KhybMy + T5d07GGPS7MCVqKJMA0GCSqGSIb3DQEBCwUAA4IBAQBE03aufRuJrpFGFrKWTwhY + HJqKCFhef2nHiGdWnIXwt04G+e/QaY4mvnUZVKUW6hv5mvC0eoWdesJ0yjEXfTni + yBGgxCsdzsdb68FpKVIDYZj1XzIW9skXOJgX7J7Dl1unakK9oGyY3yIwP6IjC3/3 + DRds9ZOc4uoA5QbgQOyp4fNfw7E3bUShVdT6x6in2wIQxzGqDhnS6972OFxhGYeJ + +u7OniIeXFsEzNY6fprPmcgTqguOu6YJkR3MBiVm/2i7VTA7s77+uox1fK0L/5qN + ba6jLTTSA7y/donjtJpMU6GLxVvXy3O9/m9Vz42xSavwqVIycENQDQEQl6iXoZzp + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSjCCAjKgAwIBAgIUa3AsypIQhM0UgOLRlQKA9xCoNiUwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNTAyMjExNjAwWhcNMjQwNDMwMjExNjAwWjArMRMwEQYDVQQKEwpLdWJl + cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBALj2/iGDeHav8GVjBk0P+/qRPuZxo/qKMeNV5oBeLU3DPmJt + 6vGsWGzCI3g2ZreNQsfIHDEiLda1YemTBwyiYk3Uv17loHXuxnA6/9qqqUeS+lY8 + DcZg6eCVrvnVQiczHfYAk6rDN/V6vLHJAv53yhpqQ1lqt4xEp04LbXP5fNKkPmN+ + l6gtdJ/eaH2q+pniWUuJ5qDY4TRk2foCL9mJLQ6HPF8RUxL2CQ6jphTDv6c6AmN8 + /g7ol4rNkiYOx13RncqpBU3t8nbHnBa9zRUW45HhJLN+dbBAgdEmv+SJjAYO+rpA + KHZHsc1sW0+W2wnjkVEoPkK+4aB9QiGo3U/RWvkCAwEAAaNmMGQwDgYDVR0PAQH/ + BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFKGnqGJfvLi+vKm5 + zxVBcToZ9HTVMB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ9HTVMA0GCSqG + SIb3DQEBCwUAA4IBAQAcD+nHhxybGLiJtUEbiP2ddPELjbxf2B4iBMkwYbzkxYjA + bJCLoZjcQAV+XgozCZSySrIsZpLoRKucuEG/SCEsA02wJZUW1rdaTlxUYSwXpv28 + Vwgb8cZtiKprSZ/5q/1bso/2nhUnT9wyFKFeoYXsh0co3ZbxGQFEoMM9sAef1IJh + ypt+xYe2ka2gtKWlHwCYCLvcghuXtygv/WpE16gxkxtfGiUwBP7MH9mCWY0hLISm + S2THS7Kk1yfwyS5ID4ohK6UeL4Ewwr131O+JC/Tqv3SFlzKPiQC6cDIY7t/K7LxO + GoUBf0NOCse8nVyFVJufyDQjXjCNYUOgbLje1Rup + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVDCCAjygAwIBAgIUFsUpSoDtSZ+JcMMoqIPUGc2+MVowDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yNDA0MzAyMTE2MDBaMDAxEzARBgNVBAoT + Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG + SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHcdjBDa426WvCKmV3iNROiJ/dd+x1K5Sz + qtisx5YE+WKI9OHApsfMnFJWd0N5T8bZ6Te/cGIKmnUbLsA/FQhd12qwVoeJ8H9M + uIBa25WSH9LhYC8qTOqrUbr3B/nyRE1TuC9vgyOePClSmnhy5Ml9/kPm+UJIp49k + oG4eICHzFLpMBefa3MAB5nthYka1lzY4UO4An8toO3XQPb1Ibvel3hWi98gRE9rn + Ja3UkyL/2KzEtPnZYjSmASNI4+duABD96Y4fKG/U3w0YYgWSHGnw1NP7cikjvZH5 + X8zfv7isCJwVqQSrbPsZz7WJVks32M9IUwsEluXNZE2KohbeEF/NAgMBAAGjZjBk + MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRj + iKCZ10uDu8enjSUsGyEakhWmUTAfBgNVHSMEGDAWgBRjiKCZ10uDu8enjSUsGyEa + khWmUTANBgkqhkiG9w0BAQsFAAOCAQEAQfRILnEUGIckGtW3YAgI6kwH3yqK0wUL + 1Sz6x3743ZNP3u+ZK7lNmcb7UrWK6f4QcKEUUiVNq0rb7E4Ib1trtGRQRKiL44gZ + aGs/UTPBqAdl+3VoIJayP2SQaU4bbyl5/sV8BQajMrCK9YbXNlcEQW+rH3ObRiIv + hdDHBykRaVM9GsX9m2MQWfwR6Ei3V09O37oezzlL4aq00ddWd/IJr4gAANydFTDT + 8l1IHIhJJ3ChuHB4IkZGTc1WHnp5dAK92L0scffzyeN4scJr32XK6Ayki7KFxCd7 + 2SgaaHagiOdIYN60V+eQ2Jr87lB/ce9HCgDRsNFGbiK+eZSEfWlyBg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAyqmyEOZDVzfwd8iC38IY7ISLvPvq6ZKzxhQOuNqYH/XDdpuo + 7kC/voDjAVeX4rC0h4Asc1/YNXn7Bo/bBY13hQiSQR1XogXiIl/3/Rg+oMKXmkkk + cy7ttOR3C/DY+80Xn0lUdjhM3JU9aLY+zzi9F/XlbQ/AfU8+KDF7eR85l0P9FXLz + i+McEIkUtyFBJE+yVGIpqZW+X59+zfnRAvunSFL1p2qztDirAdfYr/QEn484+Bx0 + ZZyJP1T7109A2y+e5TQMSid7fOHH5Rr1pHdoUGykTP4ISm74BN1qF6IUPFKIp1iL + vG4kBmS++2NpWF+gBSvl6hSYXpQhEiTwJ6Dy+QIDAQABAoIBAQCxR+qVb+f+dteq + 4MLjW9YTqArZIYGoGwWZw1fxin7CjmkS6y3GZOuWiQaK2QXrbmotkgjQUEpA1Viq + r9KHM+4WeJ3/ydwrxnu/WDYFt1ypoi+d7letTqLvt18QGfqlog4E78+rrqpF12Ml + oy6kdNytBhRQ6BOZSmV0IX0CQjdNwsIjxVmZTBgTfcBcciMSARg4eCZGajMqOm2E + QJFiN7cGe07sfXBp/wfZwRlAYADSAFgJfqqrssXpb8fnEaY1uPRkNzE6WuVB6bsj + +hm7ZwfElApEqHptgn6zC2pKVDtPiK88K5mdRh6+sb46/AGh3xhMrrcyAuyqjiax + GkUl/oIBAoGBAM3BzWJtOnPH5/qn+EPs2lRTgjh18Fe43yP+hMDyPfbRu8MPOrVd + 1ER+WwmLMOFhmfyKpcyxjkf/xc5LYqpfEYOjwGSnAFCB7bi0npEjw1jTM9umWBVp + FKD5fUzsOaM9usDPd3NYdXg9FnjauEiiib+G2fwxcFooDV9i8YGrFCHBAoGBAPwm + eNbYTXCbFtIcZwVaIKSk9e+JvzIAc2Xy2sPdBq9cAZuK39SB82Fn9nPareK9D9hz + hkGzqkr/+Pw+gjOdEmkzDE8RKvcbIIM/ctVWiqbOqL4JtgPbpXmNEc+LEtKHrYmQ + cjbtBG/7OjO6CI5DBoAgHwQquXW3aL0bLP3Esy85AoGBAI+XOGYAJFK4p8PdhPyi + Rpuiy7XrWJdfhRnxfWPJqkSdiZNPBYGcwY4rQA0g/jPLkVMUzzBSmSDV9o1JPsn3 + HpnnpVSY1zdX9TZ5lk9jzegnPIGFTONkOek9M5yDHpY1dicoogv1J8WJnC0rNoA6 + LjdjPK0rM2U3nl17B1+erKYBAoGBALdvUYeS0jtySBbQnM3S9F5yt4vsnNBGba0k + EKxelidqeqzqSc1yQFmDZVKBKvEBc46W9HvFtcRcFYmD+/qKcUNg5Lp8ldIwxOVW + ejbjf3i8bRvbOrPxzZ7w1p0y4p2QINor4Ds/EHRawsuwsdq0vfzl4UqJvmP56tNv + +roep/BZAoGATU3JtrRUti1y5ayuNrGHWRVVHaRKGSlioqflkPWColL03J1x4QP8 + rB1kTA2aPPhquI7Y6YtNujXaUnCPwkevkmPFkwtoF1mduwQ/zguRpeg/MwhgLEcj + CeST5ur0G4YqX9fcNqGS12DCSgSsbXrhNNvvBYXXFceMnatwE2rBhVs= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAuLbWUDLyDRJLpPZoPG6CiMRJl3sd+vY3UyH2GDodKWZvWt7R + r/aaFp7nlbBjauevnVlzme3TZMiHjAzWomph60eqvRnc7LDUKSNfoz9O33IK9FrU + oiVyFeVjJdpsOtD8n7SHY+cVSS65gHWa/SsRehyChwv99mkoDIHmDQyJdY2FcBux + q0yPavd7CbLKqG2TaarCISejpFGAp2AM2FyM1zFT5aevabmR6poQ1IS1s8Aeo5t0 + c3ixrYLerz5TCR9USXEXeldy7Lj1hfnBYkxtTzY5JrmwTfdCotQLXIRpF8E5YdpF + Fjb9cQuv1uhjj4W7CbkltaSrMRhQRmrYfO/TawIDAQABAoIBAGaieTzAwgwPUWbM + 36hMg015O6bm6waqTp1rrnFRwShi2Zb1Xi/W51GQY/+hrewV5leY/4nVQvOqFN71 + t0ExuUzhWnaOa1o8+vYMyLRNlgbEOGAEJEggZF7UQZ4j2qVnwCcBSYVyPjqWss41 + CrSHfMOMGd7uA+QqE+23M9umTq64zWCaJ7W4//4HLHqYonXDHs7rgkMx28a8Pqs9 + XDBV8VDQZX6UJXelAZHW53WI9sVA2/l9+2NFgq/G3/qpIxYWAfOePzBTCqv00I3l + J/cYXdPjgjXLrJ6FmkDB9uvk3Sh/Fy7/FfwsFddoXXImFanBd9OxR383s9x/sy8j + GxT5jnkCgYEA07LsSfYVyyD9P0VQtULCELTl5RclN6tLci2By5pkrpfyuQRFP9yw + XmtTKZskixPvFnTWM5OzzZCmnu/Bqpw79AWUlVwCylHtq2MICM2BgFZCTcP7Y0Dl + UEUlCOSnay8J4Z7oxaBz6iWAab4mxMOvoAlGWMyI7/H4iaFG37zX3BcCgYEA315L + 7IVTvyglych+s92/Gzy+DM2wy7twqirn/torHqwdPsIwBdWOCGdoE3YVmK2yTUr3 + 64NhcalCzi4z5DUeNBHVgCrJTv/ZEmzcRCeLBdtslTkZGTPx4IyZzVtmZrX24DUf + tOhmn3FvRinUIb1MGBVI6fgqU0cHbQ/iEDAkM80CgYEApNg2VoFhBwNxL8txxTNu + mkPCoFkdifPAk/ALmddnfuyi/J7urYPTcjJwV32PPx0Ol5XzFcZ1xCRXGnvnekqe + BK4zvPog0hppz4MVxoT/ykdg6d0p62elKJQu+nXSSAwgzadH6lu+5xy8mZqP5bfb + Eesm9A6QswbgWYtT/PS3wZECgYEAgFzSSOP90pah0Kn1livSjTaFCRqThSD8h+4M + UHrT2NaUH+K8cj3dV5sFRlnP42O+WYjBnIht0UGx8IbAr16PMuEkznjIIywIdPw2 + QLxwujb02XRspf0h/ScPo+HooRHlA8fDptT/VJV9mtai35jHR/fDZSGGQUFKVTSR + dzgTNekCgYEAqzRwxe+/KoEGH04x1/CC0AsDrsbdonfeUSbocIE4GrfgRw+jGwwL + JuhhWJOZFsm89c/G9H94NgOdioecpLSNTw48b/0janUxKvOq0RJN0Mk90Z9BlmYj + +kUYlehcossSK2tXywxhV9omz0F1WvZB5XPaZRy+/YUCmcp13HAeVwQ= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA5HweRnZjlY1k6/Pj86rRv3Anoja3BAmauGWBw0sXqqbYUpeF + vuSPUPOvCzB+rzAZYQOLIw7RSkt774CALwPNwsbyC2SIEzE3mBXbm6ocMlTOtXJt + fkcHaTJPdgJ8XfZl0A/LfM8t/osJNPcXNqk5FFiwFw6u2kdN7tYly3yNHuQPKdKh + YjYsRWqp/51vKOWIwRZZdmuES064kWcrzxWzJioieI+QF9UUnvBCYpl0m5LSjvct + Xgbwp/YMpQGT5C//6ro1c8WovnwTHQTIivE0BSZxLV11+pIkZ3fy2LCNlNomse2H + CDBhUBNn2mOB8ckXw9O02biS0ZQbNwCZTGFglwIDAQABAoIBADbx4hXvwmLkbbCQ + JfEi0u3GesF3hutho+NUBbCBDl/rX3n9FhyhuhUthJqcPtrCJlg+EeeMWKgVHuip + bingMEr2rJ4wvshevY/FMdptPfqcilj3+3yyeAXEI3etgVrXNgSix7xr1hOwO7aQ + 9PQgHanW6gGhdkrnesZEmTIl8YnLucAClpsD3kwXPQNNayOdv7+gj8GxJGigj1+B + Qi5QiNqo5Q5Td+B7a2VyhJwnWeTtPr4n45BivV2nbvBsCPF+njVyzto+HlJndzgX + tuzJc4eaFsyRGXvWUiPPulY9qUqut8QAI6ueJqMu9BCl5MJYVya/nj/aHbaqtjtF + qfbkS4ECgYEA7GDmqcsS6g71vi41uIwekHyvwpP47bksh0kqowDSEv04wYj+gD6W + s8PHvw6Uh5bAtzZGXgUcZKMGafLGPNi5JxklLE4PD7HjcC80uMECy4y/LI6Y0eLK + 8DG1magmRgqE6f8h5/4B2R4BhJVImSUyJqOpPUjD9YigH6A+4JJNOyMCgYEA93N5 + gR2YUlO8PtB0u8snmO1UaBD0cDUCWt1obgsJSrs8wPsfpTnfUowu2Ns7aALirkOH + +lsnI8spIOEYXIrzmmCCg1j2ZM0WRV9n27xpEzTeU9iY4TgCO9elRRSZ4YZN65Dh + U/9/EFxXrsbkgLS537os/B+A/8YWVvnYP2kExf0CgYBCymai14SyqiN552i6iq0g + OnsXSeRul4Ijf+MSR+sT/oUI+oKfDhBbHxjTvXTukwRFQIrFikApl376dOTa0IoQ + qCQ+zpem4abYTh5hjfgSN+TU3D4GIEUjdYhQsJiP9ez0iWi1OqqfBMF9CwmGbGIt + VNU/Qc5NFJvaE9dwcSZtbQKBgD8tACxyvdzm+/ydg/AeIfHtRct76KxtHDjOpkbS + EoE95HjwpFeuutF8cMl0z2nysqUDIMhOVWPSDqISVgHqh982HJwkLmP16GW1wfJb + 3AfHS6vkdMOrZQaaO9uzMsZdX69wwdaMOIiYytoYdWZWvc3c3ndQI8Mpc7Ko/wjR + ayKRAoGBAKrpsVDari0GQyELjzeTMPH4Y66+AcMhPlMVzCo/MpldSIZlR9ny3Jii + izHcBtVWTKUdeYVWA95El75MlTCk9Yrt5eYiH5b5k2AJ2r02XteUvTEwgZV4TZZj + MOA7brdrMgb89OO10KGCepgKuRm9SG/eCpidMBkqB92Oohz8YnCf + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAuPb+IYN4dq/wZWMGTQ/7+pE+5nGj+oox41XmgF4tTcM+Ym3q + 8axYbMIjeDZmt41Cx8gcMSIt1rVh6ZMHDKJiTdS/XuWgde7GcDr/2qqpR5L6VjwN + xmDp4JWu+dVCJzMd9gCTqsM39Xq8sckC/nfKGmpDWWq3jESnTgttc/l80qQ+Y36X + qC10n95ofar6meJZS4nmoNjhNGTZ+gIv2YktDoc8XxFTEvYJDqOmFMO/pzoCY3z+ + DuiXis2SJg7HXdGdyqkFTe3ydsecFr3NFRbjkeEks351sECB0Sa/5ImMBg76ukAo + dkexzWxbT5bbCeORUSg+Qr7hoH1CIajdT9Fa+QIDAQABAoIBAG5H/d+3hoSlhBy/ + PQuHg0KzhSBbE10XNoWIOwXAoRxjU/fV96Yejx5RZlqPfRDlrbJ2UrDM4y3IOdfN + LP/QdfJX7b5EBTcrpa9WziPvazzcmlv+NGxabjfUp14YU/gRV0TMtT60ZNH9WzJZ + Wmqku6CiSQOwSD3e1S4ITDtAvrbL6UCef3g9Tstt4hhqu7xCYLcgXbYTzLJeAXEP + ujSTHFqB5m/nb6L6GUWrK56Lq0h3Mm/MqMHdIOmrJ396QkmOTYCX77KD0JB/o05v + AoMoe2K4pZG0uu/mmzlwfLHitxKUlWM/amnJLUvhxGKT938Lm6May2mFL82+a/wX + f9qfKl0CgYEA30NdJsb//SK7mXxpnCSQbfVuL5bRq6cQzPdsyzWf48cUpdPhQQQT + gMOMRCpzC4XKPTPQfON18AL8jW7xN7KRhLwV+WP409TNJkoYRQGbToGZZ5LEQg/b + 0ZgUcqn/Qc3oTNuwAOExqQ2NFWNGJCYwN1GpwrEM4Zqqz5kOy5evDwcCgYEA1BYF + 9p3+Tw396Dg8l4j3m2KTQueBQ+K6p7kxSM65KMya8hh/e/yYRqlxdQwr6Vj70Nq+ + /u3P4+xyd02yYv7WT3RqJnAfVJoaJP4gx158ASsq2e63v0fir6IMUbvRfe9aYJbF + 5Gvs+AQ+RKgKLjE3oOTLOuxiRCOhQq9CU0XXxf8CgYAoTQqlk0pmMTzX6eNOcjM4 + BhOLt5fFenTH6unSjK19+lO501NX3xp+Jc5OB7OYot/syEucH5sMZh2ckigsu6kU + 4ra8u9UQt9sITFuxKScVtsMwNQgEPMSbQu59/D29bSO/q/BLWFsUfwO2lqL0p4gQ + lEcmg7slhjvLGX/YNFs/RQKBgGl+lvLIPhJmvFDBgGpECB4zl1qlOyhgZEY/mSNF + KNcBh2U7CFbNG5WyfSwipMkKqR+HX5ABDPKrz3hGnqAdcM7O8moyRXNYv/58piNl + fTs7lLIYyy+Le1evvH7/dMI2x/bZqI/pm1L3EV4nVAEMHEac5/ZkVLDeJD2+Xbh8 + OktTAoGBAK8sPPVlqQFq3Hpfh8ykXyZtD+yS6pfffdgxtXJHQmvE+bSaxk+PNk40 + Vnt4UeC3KgV/0T6NSURElgQ0JX3sDrbyVlAGpQ3Xvr8YNHhQZdEWUI+8tn7jrCrh + +8IAdfgWyJFvkSWeXN2iEDCoKtO+k3mIUYRARFeFRaVFNLE2WOSA + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAx3HYwQ2uNulrwipld4jUToif3XfsdSuUs6rYrMeWBPliiPTh + wKbHzJxSVndDeU/G2ek3v3BiCpp1Gy7APxUIXddqsFaHifB/TLiAWtuVkh/S4WAv + Kkzqq1G69wf58kRNU7gvb4MjnjwpUpp4cuTJff5D5vlCSKePZKBuHiAh8xS6TAXn + 2tzAAeZ7YWJGtZc2OFDuAJ/LaDt10D29SG73pd4VovfIERPa5yWt1JMi/9isxLT5 + 2WI0pgEjSOPnbgAQ/emOHyhv1N8NGGIFkhxp8NTT+3IpI72R+V/M37+4rAicFakE + q2z7Gc+1iVZLN9jPSFMLBJblzWRNiqIW3hBfzQIDAQABAoIBADEN0EkTS1EYMjfM + Y651yfoS4nb/QvpCoM1b7PT6FezdRZ331PqkSqoJnLrFlKPmujrogJymUIbZHIp2 + AjTBwJAMJqJ+ddG4hCbjjjZKocwR5bUnChK2XlWKwZh2rsQmhnpb59beg0ks9ODr + O0rO+LvzaNILZoEmLT+LsenY72CwvcvIBGTTYbtDwjARAnM7ghC9Y4G5c9642Xwt + M8daS3lOwq9Rr73BgJfH77gAfPkYl/YlHjVVPITDk7qzOuA4e8ZRdgsQoUMvRecX + RLtP2vSDMp91aBXBNbuRTRwnGyTe4QOC+CjljfJlbC2Zv0+UUi0a2EHSospHO4gI + N61DHwUCgYEAze+9bzdGR+Yji/oAN5zgEGZPbHh7HuIDfEJsBQaVd81s7pN6vgYb + /hsDnffLOw4p8I4QxW5q4CusC5OqYtFc4Fi473MWmS9rBnwCYyZzUlUqjoXCZB3R + YpfDCz6dcn9SxDVZDwxsSgROYhNtY619qJ562A2bQ1cNopahafAqQ18CgYEA9+4Y + +0091uWo9guVKJ1owAN4gUahk1ElV5MEfq01vn1rUvTtk8eDlfGfK+UZhf3Cebhd + BD2uCZhEqbSjQBsttjscca+yKSvmlJbL2zyX2yvzFmxMyP20/OFluxQx1WnnIGcN + 8ZbYDXAa/W2Wv7gqTWBwKsJWEnp/zgxCHQw4eFMCgYByR2fIH9RQcdWoB8O3GMb+ + UsggWXt5V9K3UeS/pTesk8KvYgfrC1jdWgBX2Ppeey2q4CtOZEfKvnFquzcCP0xa + 8uEtf6A6waWSo55vhxbXyYskK/YDuMhI/g6uXsDgmOdFGpWhVDODn4AfzMgXWF8z + Az8IRgSzCcv3Pb+1GiFZ4QKBgQDVgg+1aoFUrRZiPPtIrLXmlZaTDbZbXUghMJRw + Ws2rq+pe2Fo4J1rkJ94BORxPzYZKuEAyRMO5s4197/eeX0lwY1tNdBajahD56RrJ + RFcqAaEnsEA33nScSacIAo4f0UGfH+BcKqEIgYBcuqFVnU2gsOoniJAC/cdONDRD + O6DtzQKBgQCqRhyj3G4qPlBx6vii+OeZ6T6E1HyvzPkzwxUUpJmJ0INluOvNoxg5 + 5f3mUSBIAFCGbFs4xgFSGQVw4vVSoVce615TuMdPb2mj2KJ/cuPtJPgVjL/Y64nS + ++4Ezi9LRa1MEWQbED62Edt6wM9g7U1w7ttG0TpaDev2JFuwJdhyLQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID8jCCAtqgAwIBAgIUK99RCpTdT8qqZKVamj+s2q4WdEgwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMBQxEjAQBgNVBAMTCWFwaXNl + cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUFx7DimhuzTWL5 + KeHcONCKVCB5GRITsurrFUwFZechVmdrIx7n5HtCeKFdlAXgxdNLn0nD4bgkCvxE + dSJ1U0lec7MdgHWswwpTFfTXHuuJUgMtqUEP+fytKJZXkVrUOW78adZeF9EdaJxZ + n1RUld9QpOxVjSmhmhWupxKRJ1z6Ky3cgEY61WJfmHGB4U4on+I2SV1gRXAC7lYo + Sk40HAL9z1N3rhRn5r+3kcCNHtMIejPjqe15b8f2XdVkl317IC83deGJGY35fu7L + ltnbbl3P07uBk1EVHJfAyNPmaqdTASatEY5DCr8t1TssWxI+2M/33PiEnnZ5HJhu + fRwaIQkCAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUZaMpYLtk + s3DqJwvc3RWvq2U9zNkwHwYDVR0jBBgwFoAUCmYJ7y6HOtdy+r3nQ3hhNCzPaiIw + gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz + LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm + YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy + LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQAUMAo7hWPTH5Qu + EGwov/rSqJyajaeh841YnNyeydS+bpSF4Dp5y+Opv/XQwqYxFJHRsgfwDew8IBVz + aMGs2UmGdRzQK/g4gbMS3u1+URfK1LQKkoNebbY3DKcJ03co7f0gFYTBCbW3tUKI + JhbVY9Oh0SVvZeLgqCHIc4P5arO49W8Dq/1IdoX7OJwF4XoWLlnj1l3Hk89asJIi + CdqZfsiGORGO7qMzC21XPLCjrtNZ4reMeWjNUfGJRcgaTUxUexSBe3JwG7esi2cs + ynvn5TAD9MnTgBhr+8lui+MC0wZ8+GF+aFz5rJ1Wzsx+Ty7m59Q1MSGN6r+Hs0U+ + lvUEX+tY + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDfjCCAmagAwIBAgIULfqNTHv8fSvrXYxtPIjhGemDKlswDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjAwggEiMA0GCSqGSIb3DQEB + AQUAA4IBDwAwggEKAoIBAQC4QmZAuPcdQnDvApJ5E3vFfiH7aE185JXqUZDjdy5a + I83xhGwVpGlMsCwsZLd473mvZfPEbi8EFbX1EHf0HIb6XlQ76YIkK9qUDvKkrAut + QA9wYJzNoBuC6pBBmfmv5qqCJontIHnqzMVxskHzlNVDn6ESxjBleic5Bq/UMsNm + Ul9xjg/lPtlYz4X+E4/j3S7uMDxQ3j2zmbY/N2hvZBscSwgPeRQ6nJgC2PurV/PI + i63qSCu2SAvEWEffLMNE+bvdANCS0DBn8yfQhhQSwrQ/S702RpL4QeSNatBjUGU5 + GP+1UeaaRSyN3wBbrmyNP4UsY0GUpBX52FgLqqkh2c6ZAgMBAAGjgZUwgZIwDgYD + VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV + HRMBAf8EAjAAMB0GA1UdDgQWBBT2ubpAxJzTDii0dk27uZ6SvxesCDAfBgNVHSME + GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuMIcErBgBCjAN + BgkqhkiG9w0BAQsFAAOCAQEAc1q8f+tZiDfOMSSOZrUyInMFQfYRJb10y/7wLv9u + 9fmFRgIevHeTwae0lUOuaKIffw13TQAEPlwxTjDRyk4vJ5uF+HSoZixL+NCKQduC + enC4uQJolJ29LbibPmsN88Agwh/6j0USzk9TMWFlLXY11Bbrun7JqHxsZ0dXm4Hh + N4UyDtxWUt+KSGd/5M/fLUYx+OOc3d5hUMJw8F8JHVeLEvbLR0A9fcBE5ZlaEZxz + uyQXDvVBEo/evYfnjI1z//2iGDmnz0rBNDHtU2h7BtNdGhVtonSEsGp8TYPhR54d + r1CDUSbxNjXW11KW5+QVl4CekyyT3GlRLWYK0EH7LKrMFw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDfjCCAmagAwIBAgIUOdTNLXCU2L551fO+zjizpz8s9QUwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjAwggEiMA0GCSqGSIb3DQEB + AQUAA4IBDwAwggEKAoIBAQDdTuE1jXJpNcKGzLSVeYnjWioBLLXEgLD+qToYWlBL + ze0VPleKJKwpd4f1KVuRvJKI1psbMD5aOLSmXAyPOPaweZXQFbHI4K7UaoXofoZQ + uzXbVcyt9XYcIKUzciMjwfrN3Oz4gxM7LwxpfZ+KdZOwihfRXfyQWd1WhAM3d0t5 + 6gM0IpSvOrpkDEMiWnbVuh/5Qn7oWYb9llwyk4pN4BEr0NDltdZ4wE6hqvVIK2QK + e1zcuLC8QjhmV4pjMw2E2vtzHwRl9v08fwGldy/ofK/B4Gk63V9XyLg/EAKTm5rw + AEScEHPzj18q6UhHrqxZaeVGvcYUPAvuLqMBd2BzuWiRAgMBAAGjgZUwgZIwDgYD + VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV + HRMBAf8EAjAAMB0GA1UdDgQWBBTuUQtmdvOMURCGn4VMzU4VZSLb6jAfBgNVHSME + GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuMIcErBgBCjAN + BgkqhkiG9w0BAQsFAAOCAQEANVoHlDY3lHxtXRC+hyNc1rwBPf0wQEzPI5rv9A/l + jOhPFu/j5fGPDSYUStGveTt79EX3exir+WkEY3m7f23NqWSRhAgI9VFJQFSyV12V + hqSqxo2GLFXFqfcgPmkbF59Nw6Cd9uPusAdBIGRgELZN3weKDkDq4KHFDThtFSfB + 8lGBDd5EYxWTmAkBtRJBewI6O2gQv9RnEzNMofYVkFOvyJwn+p06kb5QSIdZW+SY + IVBNzeAy8SuPO0m1X5CCJ1bpTp5YL4ejUIxwGKJV1UJ9E8SZU0q2G47xBs/hIXIj + jCNWP/lKl4UiqbYdRLofnyRvVhIVBY9nCxeG7rgCg7b7JQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-n0 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDfjCCAmagAwIBAgIUPDvVI8pdhRNdLE/sHERN2tx697swDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjEwggEiMA0GCSqGSIb3DQEB + AQUAA4IBDwAwggEKAoIBAQDMuEOO/r4par5zDNs9kO7y6t53a9Te5uAb4QN0iRFF + e2CTN8Wjp7rRWryZUGIqosVZL9mvp1FgxwT0RkY5iI8FN26Nk2Hyf196p8RtLuri + NCJXLpKV362eYL6IjU9G1Fe9f4wJpI/rV9XypCuvyn2frM48aQSpoEMec+YYxgyz + 2QXZ5T752p73tqfxtp4WjAFnMmizAqbGPxBvdXyxr4iA373wbPL8V5AYGJYgLFjK + 3Fc6gS7or02IsyXtHw91y348JhIwYceagkDa/K8LJk22Vd+tCtLR4IMAkFx+t5iU + cW2JGDpRUB18JnGSQfCwQ/veYbsVeYc14/8Av6YInTa7AgMBAAGjgZUwgZIwDgYD + VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV + HRMBAf8EAjAAMB0GA1UdDgQWBBTN6NdiyE8Cb8aYowyjhMdiwcvouTAfBgNVHSME + GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuMYcErBgBCzAN + BgkqhkiG9w0BAQsFAAOCAQEASsvpIPzf5CQZHLx2HWAn71EwlLU0w4hs5FlK8j7H + 9laeceu89cKSn5Orv77z+8+PjA/Dxx9626ICk2SyUMnyDH64RMzSNp7E78iSHOZJ + iNbPZfPoWw9UO57/lPmaDYVp5fuxVe7Qp88lKq9nQLXK6QKav2mkOA+a6jEKpqu/ + a6GvqDcFGURU190ezZ8DGB5NRq5nZ+bQz5zRGw5irRAReL9wANBcjeYN0tLlpDu6 + YT7KPPRv7BD9HgmUW1kDWknhWUdGuOw8GJyQkAGXKjzBKF9giSm5Lr4D9rd0OsoC + OqycknYmJ4x+3QuW7UDBuroIgRWfzuU09+RfobRp8ThSlw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-n1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDfjCCAmagAwIBAgIUG0R5tzB48xnYRCgjItQ8xrc5AAIwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjIwggEiMA0GCSqGSIb3DQEB + AQUAA4IBDwAwggEKAoIBAQDTVVCK23hE0co65WSVj4SOlgNYi9Flg1wyDlDVO1wI + ROSzVincehVlLenWV/wuyXVNej0a+d0XNahVAlfSmtfyQWC21P/nTkwd6zzjs5Kn + bM62ikeDY+iL0cRVdBwSX2IdiQiMQXseof515A9zb8NMwMp5u6g9OdbezzIFkkJU + jOOZQjsSVAPSFFs6+YCbSq9lopHmAQAIKaAYxMWkr2XyISF/din6Jq0Fa6N+QfGR + 7QDwQJMjKJgi6ZqsE38eDWyOWeFKDJILQZKl91ZgnUiPLwpX96Mo+ctGS09xoVV1 + apVHsA+As+uFtNAK/P5gut774HLXGv7qPQMTtqe/cCoxAgMBAAGjgZUwgZIwDgYD + VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV + HRMBAf8EAjAAMB0GA1UdDgQWBBQm87M/g8Nu19lSSwGuoj2Jsl1UCzAfBgNVHSME + GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuMocErBgBDDAN + BgkqhkiG9w0BAQsFAAOCAQEArszyMZtZDATC1EjgGJO/8TQVOmSriOAxJz+te64H + fq7eoOR144FNM9cIzIvP5k4F9tyuBy4uwWU6yRw/cWPNFOxU1qAkElhEMgJIl1LY + YQDQhVGZJSD5vBEuMBtx/alPlWzJduKZzp1UTlqYbrjDjNlJjMqlA0/NzsiEwJMv + ntRTwLDAayeQpdDoJDS0Q9jkzmc4dso9G5Wn4HQBn4ro8rfFLdxdYEuaKHcwFXbn + KSLuoD+QxTqPvkTUEJX3h4vSObE303Ptvq1JCdXbX8tKHgU6ZbyvE0YgbH58P48D + usmmUibn7rjoi6je9FGA1K1qqkNUJqj4xnK6lErUvE3iTQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-n2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDfjCCAmagAwIBAgIUMkYNYvBFm9vG93WfP+8Z8SQY1TswDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMDAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEXMBUGA1UEAxMOc3lzdGVtOm5vZGU6bjMwggEiMA0GCSqGSIb3DQEB + AQUAA4IBDwAwggEKAoIBAQDDBHW0RF45RpCc0/no9TeEqDSNs1q0rZHRG6mUWHYl + ZMMJZaZgFlH8x5w4VwJEDGtTUoDk7pRjxbPX6xcRMd/ih3An7LQp4fruO7g1YPNt + 6ZAYcP7MWkgo96Ks9LDGutcNd0WZmFGAVLXrCcRnvU7vCO8tfO7X7BmuEhDoC7bl + 1I3yLJ2ZBrtbNifntuZ9Qsxppr7AMlG81+TIrl3BR/t/yvAL56sKTWleMEEn6djV + d5tD+3YczFF1R7kiVyilr4H90WMNUG5E86ONhQG8ctF+1O+SfKvsYhBmyFN4ZYn4 + 6GMhh3r4lkSm7wQ6UQTwTezCU7UBw0klXtLKg/Ul8cJJAgMBAAGjgZUwgZIwDgYD + VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV + HRMBAf8EAjAAMB0GA1UdDgQWBBRobZ5d4u6GdeXkyf3iV/bB1glXAzAfBgNVHSME + GDAWgBQKZgnvLoc613L6vedDeGE0LM9qIjATBgNVHREEDDAKggJuM4cErBgBDTAN + BgkqhkiG9w0BAQsFAAOCAQEAFOC/jMY7N64ZvStGntjP9UnB9rcNG2pUNxqJyrw1 + kWdQtRubnDSMtyFGDjt7XbbBaZ77xHUtqzQR9cB8gEFqTIdug/lc961p0aFfOJ8h + 5M38uOhaw0Udy6A1LHB90alHsDnSZBOr9bpKsZQLsqQ96mPJ3ImnFCJ6LZBnhiBB + q/L3aD1LtlkZXiTs4N7KwZeJyzg9ZoM78hCDcDHPp39mp/0N1Yj6AeLqBfabnxG5 + lIfVRC9EtQc4eh2yPuGklka3Iu22T36x1Px+FTh6DXzX11W7hWbxJDFF/z3TzZWh + nrbZqvG5RFrFo4sznop2dIsxwU3HX/K7zJwz7JyJ/+Dehw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-n3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIUMHEjSsXFGHj6bvfoeovrNnlYJQYwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCAxHjAcBgNVBAMTFXN5c3Rl + bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + APforaUR+iErpH7UJLQLLRa3sj1HxTXvP5xFONKWeQfXYDpVkufxDoatMSRNiw+1 + ttJXjPxrFlxRRL5Xbryu7bniJo1VmhQEkaPbWxjBJTIWKo6zs25WyhvuUzTGGc2x + CV8dsEj2P2ljW22Ore0UqHMzzNPUPJlciUCwh6kQ5V//ElU3OhqQOKMbPffiD4R2 + i2GeNQomAUebmNHFYiH5tryu0hrKXoCt+d8VKTwmQo2RkrQ9qii3GJElEwzGYL8x + Ybb5h5dg09bxFVe8qTL8xpFxASMv9OIwixbRJosiqZVNesVPBiKzAe5K1sxAbhzG + XQynPrZbDhlnc08JTs9GUvkCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud + JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW + BBSEqJKQwsPtIwZjNSa1sVPOI3fIbzAfBgNVHSMEGDAWgBQKZgnvLoc613L6vedD + eGE0LM9qIjANBgkqhkiG9w0BAQsFAAOCAQEAuE78y1VeLVXl3bMAVD3pcvxPdBrg + iPuaS+K3TAorDRWXHMknalNgds+cWXtmE7K61pRf7h/7HkxdXJ1j/fzE3eB1YPv2 + k6WKG5+zozD4gUtSAg3J/VnV64pCN4cxexVKGFeUPfhPwdjMoEZPQ9kmXNvYWRiz + vHkSUekP2k0KLVEpDTjZxtSMLZeJxhkSejiFDEzMIZ0LbK4K8N48kXVxKQ1tGp6T + /gFp4hkju+5XPaW2fvnNrpWwTHB3gY5+7BPeVaejGCQ4FeadCKnYuymMyWPZFo6U + C3/Flsdx1xiDJsFMbfNJVPgU4mn0bxVZtASyHA1QfEmb7zhF527YcYCIjw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUK1f2+6HBrMBRZhbjLGu6b5VbOJcwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCkxJzAlBgNVBAMTHnN5c3Rl + bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAK3DZKjMmx4V94nmF6+0m547BFKGSXVcqvucxq9gyLBUY1uOZ985 + yDVAhldYh0LK/R6oa6ginuzS/HwXv3Lbby4/vqtSdpOhldxSNt0b5d186zgBRFvT + fcwQUNbNlCdVAXvYrQq8749zD4z3lwKim0OnB5chXSfYHCbhXXlQ4jrcG22cuyFq + qJfyfqP5pKCayqpUN0EtWmVsVCUOd1wDUeIyM/iZJTxf7fASq8vt7Olkvx/FpL5n + 2BqSXMCYeDXUUA2LkRcVaL6XzspQDEM0pAmE16Kx7OKPtNTXU4xm3HqgWd/V1w6A + 4Imr2uPXNrq2BKTGczOg2Z5sxmdd8MMjOCsCAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBQLCWOBhaiObRAvjvYKy3hbj6zcWTAfBgNVHSMEGDAWgBQKZgnv + Loc613L6vedDeGE0LM9qIjANBgkqhkiG9w0BAQsFAAOCAQEAIB5ZT58Cl80xoSN8 + 44v77GtYTB1JDNkvpoxpuywf8xMVwq3iY8Uj/FkmPoBd8PiDV6+GTYXFV/W3tJEj + 57hwDnIqi0kqkFPYJifmcxg96GNN9ThSHqwQA1bqDs3wyvfXO4NXrTpGejtgtFjB + 82Ie58xj5AsojoiuUR39MLNNQsbiCeV/UEjbFnJ75VxDizByN0SZtzQTuHdhkNer + pa4uUcI+oTY+yWJSSGzf73EupLpiyTo4xWWxsWauuThyLi4iE8TEEwSOaWDco+T3 + 8yhL+iJxlqE6VVQy0eBRE7MdIhLm9M5QLZVI05UFuSH2wpz4/iGjgtu4u+N4fXHf + Eu+9dA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUL4V5IRuNd8JuKFWvw8zyPbh59nQwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCkxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAKR0g7SYJjAkDaZ/2E6N4wSUzNuqg95wKIEvza6WqPf2GDpf7w6n + DXJY00i5Og9WbNsQUoPYO9ShFXH/cWDxr+Tj/9ErZjyR1QIE0Mo6tsCLEZbsv1BY + G98iMg+dSpBJAV35FA9GChF5QynkEeBREq71NcoiCm2Oua++pU7CGtcjRYe4oL06 + pMksqwpMoql9REHD9gAfeofdZ1TOBHEbRcQx6JjhAON6eJR2VQBPB0UT7bq1ZTk9 + JHB9RtxTWZdmVLrdcP8ZDExcaSf3omXng3rTNufqEvevJX9P12RyFvpwSdeqo+6s + LsLV3mL6W1i9b/p+Yl2RowO0usZbJBLpmnUCAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBRbsm8C2RQX1oW1b9dDlfHNNIUybTAfBgNVHSMEGDAWgBQKZgnv + Loc613L6vedDeGE0LM9qIjANBgkqhkiG9w0BAQsFAAOCAQEAe0Gi20AJpiqoD9gI + sH3NlRz8WwnI/28Bs3wAWdEYfnRZORL9viEPHkIZcTIOniuaniTyTOCiNelGArv2 + lLvGES6pAu6yt7xw6pCTyZTTAGC13b1OSuFQyQz+OaIbKQQGd6EKNr8JujuG+6YM + 4PXIHl28u26sf6idpfbFF//HI3OEeH03Yg1J+HMDPJoeF0BkaN6FH1OGWi79YMHb + BsrkfRm0Ews9h8xEkc7BH9Zku2VwH66MkPOZYcuLcMPZy6wVoaKbWRgQc8DSsSTH + KGnzrzeVZu+Op6nV7/zaA0TqEcCgHQZucNyclhdTi0mTcsnFhLGyX1wD7BVLa4iA + zmVc5A== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYTCCAkmgAwIBAgIUZp7Y9yLyCLwIdSK/DTEivPidc3IwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCoxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQCzs2FLT2M00/UMNBhD63efcVtsqVN2YUtUFFzINgkIjzOY7YPS + 9BU7TQ+X/Rln1bkLtCqC+ehs3BD0SSn6mTsW3l8xjluRtcZz7j9ysowHIO3W2QIs + y/XVHXFsYBg0bTxj02yprDQLtQhU3/WiNHqOVzr/gQUrk9P1r0qBYE1tvh8sPu6D + +oUPfgzX1cpZ5SjRTmmPFOyaYsbOTPi/QRKBUITNSHaPfHzMvOt2D10XJUgnO6nG + iZNigL5AFCNdP+PatRLNJKN8PE/jLxdoaZnvcm6sKgxjMlRiVWTHQmjZW15uXGaB + ElcnThi6NdH8JDJnVCi5qsjlsY+cdp8KAhldAgMBAAGjfzB9MA4GA1UdDwEB/wQE + AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw + ADAdBgNVHQ4EFgQUSNAmNOqc5RSeKosGYRyEIi2Bv3IwHwYDVR0jBBgwFoAUCmYJ + 7y6HOtdy+r3nQ3hhNCzPaiIwDQYJKoZIhvcNAQELBQADggEBAMYBSiHbuEtd+vZI + gVRNJW4LB+334oaf1NE/0zrFw1a3Czy6BHIxYTtEOaO6/Zf5C5giPd3t8qus58Ks + XDhjJ/V64ABEzKHtuNAFb26EfQfoQzPuO7UuORWpR9LE3XexW4gT03w8ftcY9zZ2 + 45Boh4c+fBOO5DpRd2kRyLC68q87dQ3s5+FfWXmZCgnTMIxa1mjBVyTTezi9T0rn + LjvoGDBgZhhK/3/YEpiScbsyORm0KQnTr/aiS9ww+8dNNRFMVUA6MgnVLRmSMuvf + fmWcX+vc3/orhEUooNIFp0OqelzxhaP1rpAq578EavpGZVLiKycPcwqmvhnAv/uh + Re2eXTY= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUDCCAjigAwIBAgIUfRto5+MCSvjBdda6LwiZpgr1USQwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowFDESMBAGA1UEAxMJ + YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBP+3Mpl + JOoeBwx8CQqJrTTKxSRwlI1GceaBpMvqfjfJHjBTvHEgfF44p1rwMuCHAWxwz5dK + XzfFL3tp/iKIGRDbwV+ahY+xJZnEHKET0sY9z7rSs6p6ymqoiZUdl32b37LIYGnP + rirl2Fuy6X8i1WHUwdZAX2czqZpReL0Dcc5W0n46nVJa4PKLXHKENJdm1dMq+BZW + maYElny8ifAtJURQMnfiaoeGJwTpCNi2uvUWDjq0KiOy+PFzgTtZClPdqBcp6cF3 + jL30mdAlA2xNqrsm1b+rATH9loh3zCxk/wSr711ToNHWTmr769n0EkPm5oChNJpV + 4lnW5h2/T3p6fQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI + KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAUAvrpI + mS+C+ZU7mGxAXP8kz30MMB8GA1UdIwQYMBaAFONzmPeD5Szd5nsfwXjMLDOJG7s5 + MA0GCSqGSIb3DQEBCwUAA4IBAQB6HxduxBbDq6KMT9JXAygj/UlpftNeCYk4yamF + fIoy0+njIR7fuhWLWCSyE6hleoK2EVH9k6COlzZl3xH3/5kohgYgs3I5QEum6pxu + IvRyutp6mzkIR++Qx+OCofmTTwWvyHaYOKxHgRqbDh7Wyay0THNMK785u7KjB/89 + QM2nNkBOdEZrWxKvmmOjGH4jxN7rU1v7COTkx1W4kNXJ/KT/Az1c6M0jNsJbBqB1 + KdNZUiW9/1wqajxuS+8BVrdrP9kTv1moWno2gNYfTGynLHmM3rRD7Kn6pY81/blo + DGhmNxv5cOUDz+8BtHLsPkIJronX3sOCe2VD8q6lU6NRSZnc + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTTCCAjWgAwIBAgIUaYZyaLTmvwdt0hUkZ+jObOszgQ4wDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowETEPMA0GA1UEAxMG + YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Ixzgthrvs/m + CjWiPXf3OJ8SC/n347R0PP48RnjW6xlpAfWGuoTKG1ARY6XQoSyGNmeS4Vk8Bvzy + QQWwYUXCBtqN2VBoYZkAHMsVP0If68CGlTj+uBOTPNmWhLZKq8aqK9ZgglhBvWJL + 4ef6h/L7rhhPkMvAiT980YtbH+IxNZewdOxmJ7pkxjewZTloDZaAqKaBfceM1J7F + 96fvZ8nlu3BBzcVW1+Coha1U0ZIL7my8WwN2pzbgqz9qT/06pBaKie3ZEg//bGIu + duPT2jugZMFvIYrAs/XfcevPitltOwhd8rcaXx2wqpTTIuUG8WUpndGu6lA+/QnM + 2c70FmcYBwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB + BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ3aKH+UR4s+ + 06P2jrSTnQgPVkWgMB8GA1UdIwQYMBaAFONzmPeD5Szd5nsfwXjMLDOJG7s5MA0G + CSqGSIb3DQEBCwUAA4IBAQC1UmBQx7RRLTBKLS1twnbASuJBYnoXlcO4prtB4P9s + Q0eGgzHDrhzXZ3Ah0Is2ek+sORQW7QLbucPHnMNjVhvDf22ijPDz7l2N2QfcB3P0 + FpFQ30goBv4fMqa/NBfk9zZ55BNv2HEn6KLzafgsl5Ht6k2kLflhM9mOiRNtmVze + Kzif3mv7uQrsGeK5mK17Q/OQ//0d3WTrrVJ8RgdWYd2KXzWQfQ4zQf/bnSNONsV0 + IQEciTCx3Yi+/6erVXAUk0Xy40K7xRvy0hMIROXfQtWe0u3ufeU8S/WrFHuSInk5 + dYgHFhH+5pIXOrU/oKGhyshcLugpbhWnhOU54q0wE8V2 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDuzCCAqOgAwIBAgIUY0qgiRYCs1/6AQY/9kcCnK241dEwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowIjEgMB4GA1UEAxMX + a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw + ggEKAoIBAQDCJWEvOQhXlm3OKjxuiIgUz6rLtBBqSoNlHRVVhEtY3SaIstUBG8pq + 2w23jDEmAP3kvxVHHavjn6HJhOHzws153OYbEBPeU5Vst7vlrvfb8+bH/xUKCFI5 + N+HW2sKAJxELU+A4TmXSoRK5EW0aiRV4OftnBDNxc+tm5+9/2iPFkP6DWo783XXT + jMMqN/ETLCMfzS7CPBETavtubek3kPaq7LSeKuWUTUDI7jj6ejyB320Rr2fjAo47 + Xdp4Vy8dhKTLXyV2jl9f+r8YpRVjvHGuIhF0aVX+s5bEaP9hPEJhYqmFyNhFOBxd + OlQHI7qbb3FbvO9aU0JtKWoE2qzGhQqvAgMBAAGjgdswgdgwDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBQBIWrTnVNv5qzAs3kQjFanW6im7zAfBgNVHSMEGDAWgBTjc5j3 + g+Us3eZ7H8F4zCwziRu7OTBZBgNVHREEUjBQggJuMIIJbG9jYWxob3N0gi1rdWJl + cm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBKwYAQqH + BH8AAAGHBApgAAIwDQYJKoZIhvcNAQELBQADggEBAI49+9igPkaUalTUI11eIJDP + Ty9098SU688uWAtzn8sb3KEDLpbLq2zdpvaRVk/wEo2AgmHBJ/Sb9N1GsCYwHePP + IOE5NQfBl71W1CYoJmA/vjJZHP5Lj4Yj5GlFwjnS44QkOK0np5H6dub12t3RWAMA + eh7gM1A9ChW+bCraTZNmPXHvZsPWSsUxAjZn2dVDvXLF1/nP6UQ9Qgfy0bNGsBFC + RHXblck1volVJL33fqeS2YBDhk3tYMEj19bK7p9mzV4as90ItyKLiJvnKdcuITBO + 8r+L0zzqfJDAgG+1hmriumC7HJiPORuEZJPHWK6k7nLZ2SLXLW7LvTTJ5dloVKo= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDtjCCAp6gAwIBAgIUKjw3fYJ+Y5nOmS8rnR7cIQaZ/iUwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowHTEbMBkGA1UEAxMS + a3ViZXJuZXRlcy1ldGNkLW4wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEA2ztVAxDkW33oU364dwIBbbsiXC3dAkzSHiJUrGUA8058Mbk4N2SadL5UKkXc + YS4g4SdYrIlhWMJHw/JVbLWkm9B5gyd+UZnQjD2w9edSMfrQUy8Kw25Clg9U4URW + wJNB4Nl8mxElRrJiHNkaimGC/yzId+TZwiXpiu6/ANxehVnjeni4yQ0GIrPbh+ex + iSp2oLIITWQPq4WgLgq56p+2uz9RbISfAdX7EyvQ0rOnrHokyEfGhXmOnbF/Cfmo + xMjM3sJfOp4h5QOCiRhqk/m+kCl9hEwBMVoIAkJLrQkhVlGIN0F/ooPrsNtzIPgw + Knjff1BwbPz6gRtRbThOm6VIBwIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIFoDAd + BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV + HQ4EFgQUULf/S6jOGjshbfXiNmDiIvh4ZJ4wHwYDVR0jBBgwFoAU43OY94PlLN3m + ex/BeMwsM4kbuzkwWQYDVR0RBFIwUIICbjCCCWxvY2FsaG9zdIIta3ViZXJuZXRl + cy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwSsGAEKhwR/AAAB + hwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQCm25OQTnOXyo3GEa+KUUJTmPUHclJO + su8iS1/d9O88HdeHG7hzj0hQpjsN+RuQYD96E+jEFfNd6mWEyVGQiWpZsAVmpfzM + QmkeJXSUQNDEV0MPnL36kwr/OSRgroRyl0Zmo3EnSMOMHFrfn6bUZzrTvSnFDqeN + iCkqMjI+JVMf21GFhDMKK6al6NxBXdH6BY3fK64hmwwgR1OyP50xvM6L2D6tkmXy + OD/HQUbE2dFWWrcaXoDsqWm9TSrrJHqM37kjGOXxo2hcRdZ+sXwekBez+RquiPVr + 23UOcZXbFJwHM4iNhAtaqx2amQonV2qoKE3+Ast5+dqizWVLafV/I808 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n0 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDtjCCAp6gAwIBAgIUMiAvopZunlB19wZifryOykRm3U8wDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowHTEbMBkGA1UEAxMS + a3ViZXJuZXRlcy1ldGNkLW4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEA2Vo39YGxPvLX31o4bTQQtpmNfRUlykRGgFx4q9Miagv+PsMXVWqRzGYvCJxN + +FYJ4nzDOTyFc8FQlarf0cK6M66Kdw5q65IZXP8k72Kwz1kvr7FHndYkPYDGy2CS + yIbIBQhZnypt3XQfvVDQOVz6tKYIQtL6V6NzbULCYrVdjgiu2ulPtfvUxi6LLhyi + kxkJdG0riqiRMXH2/nr6IZa1f70yK9/nDQFXKbGr9pPYcKddsRufs0RJV1Cr8RF7 + p2bl4WDhM7CbwtGRQpQmHSxiiaInUFpaPK+7I0GAyNef06UqdonxNuodHTe7h7MF + EBAKsX4KxqYLWH87UWLsuZsqcQIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIFoDAd + BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV + HQ4EFgQUonEdrg7QuVpXJlAcmQDfSo89J84wHwYDVR0jBBgwFoAU43OY94PlLN3m + ex/BeMwsM4kbuzkwWQYDVR0RBFIwUIICbjGCCWxvY2FsaG9zdIIta3ViZXJuZXRl + cy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwSsGAELhwR/AAAB + hwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBS8RQSWKJN6HUvqtc6aqYMyIi80zUY + 7LJQV08kAC/Dk9MIYdyaAeJ1zI0AN79l1GNUxrV1+ZcrNQU8x6GhY9DeCiMeyWOb + xTsHaylsuj8qh/OfofYEt6x/Yr01MghZzZe82XlHJRwWV1RMoqLuu3DxU3bx2ke+ + zEck75sORz6VwEZb6MN6V2D6C0qtQrHa5iljjjCIpE30+ZtXwMYYTJgxinfT77/N + q6o7XhLxNxhdL02i6Et2tjhsCF3XHZK0SXf6OlzWGdUPcWa6GfZvBEH/abr48rjZ + A4mXo5q8k19cstFDT+U9crQ33Wx1zhCoPyzyvx1vOJzabOabQCbUBgfL + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDtjCCAp6gAwIBAgIUcktKdAnNsIJgh+RTX5fz3/whdD0wDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowHTEbMBkGA1UEAxMS + a3ViZXJuZXRlcy1ldGNkLW4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEAslfIOQLgmiDoHzOIwO9gblUFQk6prnygYtbTus91TYvvLMOcWbtPp1A5F28F + S21XYRbZZ2x86n1B6QaAop5qoAkOPqXN6WXmhEGN6Pxrwf32Ywym0FHwlp2eNFz5 + uIV3qBWB7Z37U9zWl7bWIAxWFOt/cr/RMmPuhHoHjUvAWPPkYgCpEr6T7gaptq/j + jOhwjZSw0LBsIq7gB/QFXgFJvBaWY7hcvBTmIyE0yG+A+eCifStNWNrEcUK7iuNj + bgGh6f/pgf3Z75iNkl39xKckIwyUlMT4J/YVPj1pzs5WNy3otHERjrWLlqX1WTdr + Vr0fsxULUrr7F/uX4lhYFd52ewIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIFoDAd + BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV + HQ4EFgQUhiJW9kNOTqa9yQuX/y8tLMLawuwwHwYDVR0jBBgwFoAU43OY94PlLN3m + ex/BeMwsM4kbuzkwWQYDVR0RBFIwUIICbjKCCWxvY2FsaG9zdIIta3ViZXJuZXRl + cy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwSsGAEMhwR/AAAB + hwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBhD1IebSL7SbcCWZdurGzpR6yS4+2V + lTbyS65mYj2cpwowEm+Y4D5kg3WbS603JCS0EO4MKJubFmJeZTbWNRuiDrR3v83c + eFRCuoK0BOZBFRBDWqI03cpbPpeNouWP+5tGxQOquTcp6zRIDoofMmFnSBpdY4xE + Fth3LRy+SAqTapMJUDiQ7HtVt9B5ayNfyOkHSrkyPv7HLQFmcAW8kNI0NQDAPk9K + ihlKsMdmZ0TWkiG4UYG1SqPfmaVHXWPJtprccOEUzw4AGVYn1IR5vWR1LbfSbDQy + hGk4H2knfew8RJiGtbwp2NzM5mrA6nMOCbvQtKxUx7jvUd7opZQSP77b + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDtjCCAp6gAwIBAgIUe7Hg57Gg2s0rybiW987sxQS4i1QwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDUwMjIxMTYwMFoXDTIwMDUwMTIxMTYwMFowHTEbMBkGA1UEAxMS + a3ViZXJuZXRlcy1ldGNkLW4zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEA8aYO4BwvtSCSneWza+2Pr/jsY6ODu3KNHKq7679VyaUj+pNXlo1rb3NPmFeS + feIMp20ZSfbZAFWV+d5nGVH/YpHU4XZaNFfaalDpBSImDpdejQcR2xlj2fTMEGMW + 1+DclJbYNE9oJ6qTO43fCDuzaYbyzxofND1wMofz1J2mlq25r9zVgQZhM70HT6FD + BWg2dJBHcL0kax5XjAs5zqGEJEzgZBDUy+Fz+cahz9EqSYQ2ZGk31lJ6ikDZCIuM + hv4P+GEmWbL743cwz2qCSteV0UCsV0B5Lp5mcpeT0ZjqJZ1mMT2e6hPda8qN8zfp + C2i6AsZiGUvQrmI53XdATsR6BQIDAQABo4HbMIHYMA4GA1UdDwEB/wQEAwIFoDAd + BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV + HQ4EFgQUi4mtzlZ7O8aJHtd87BWw3bGiPEkwHwYDVR0jBBgwFoAU43OY94PlLN3m + ex/BeMwsM4kbuzkwWQYDVR0RBFIwUIICbjOCCWxvY2FsaG9zdIIta3ViZXJuZXRl + cy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwSsGAENhwR/AAAB + hwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQCy9KgsVACZITN7/HvZukBbTV/TNmmY + eideKy57K5uT9DHC6mZ+Fn5khrIQQZ4ATNKU+fAV8QiyYIS4pYriZ6jPFPF6FQa0 + WhBBGZdHrXbf0TOuSMy+PBRK8RcsiyW3K+xLuPql42tySAIewPL8xBkx18maB8Rg + jWzlPm6QFUEeFjxKzSe7lV06YylduqPKEAwM2WfJbb/opr+mEeuTPu6bWM1BYdoW + 1ClkAJXQXulhjneUg/pzezM+xYGizghTg0XHLLrRoiNmmoFSu/S2GSTyxGZfl0Qd + Eha8ue3DbcMdlRnPqiEzV4pmJZ0qJPl0UOgExvbSiHCQXVB/iHORuafv + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDxTCCAq2gAwIBAgIULbmQz5y/uAPWHxlPtqGtjfFihIMwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAnMSUwIwYD + VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAomtllliJXa6lN61GJCymGQT3+ouVAsT7Xnm4VYkZ + 4Kzdko8W95N6K0n5rkRyfWo/RgCHUuYNB0fJvk1G7Igm2EXGJvJcLA/4h36Sc/v6 + 3WzkkQYqrVrnWtzwptNDeX88RO76ibFXM7SNuWIbKoJvOTsz2PM4jhDmPSz3ezpT + Lzjgc4LSCkgqWoPpTqZAjtRXMseYfKwDNmVqDVhIAEEwYMTn95bg233veWQa4rh+ + HHQWpofBS3dZBja9l7gqW8ITTUCV9wJLX/zBIIEHDRhiduRKUafNpPS9k1dNjEEL + e1DHZfBdcD7HIw2y8fm3cOhnU4xw+njXfORv6+tZ9iidvQIDAQABo4HbMIHYMA4G + A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD + VR0TAQH/BAIwADAdBgNVHQ4EFgQUc1U8gqKrEgOu2KafDcfuPkfOu70wHwYDVR0j + BBgwFoAUfKZngqHJszJPl3TsYY9LswJWookwWQYDVR0RBFIwUIICbjCCCWxvY2Fs + aG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxv + Y2FshwSsGAEKhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQBcEshWGc02 + EZ6/Mv0kJLpDMpiDkyD3YFJZokzWlFFlL9pv1T1ZB/LlKhIBM5KAs7QJyRpPBEc8 + fE90+b4VxAtci11jhTu9mJZh6PmvE8fGNvjlgrsory28CTzc1e+ixcIK6ja4w5fp + m4OwQPc5zpkrPUot6eOQ0u510ySQkZnnymvO4IKkl0hAq8LnYwG+eEKw7GAnxnJP + Mjf23Wx2JKvYvGu0zSuQbR2O43uRj+c36MnYr92zRyKJASBMqxhzfq9nCpBZ1ytw + ziEzNYs0p2W/OC983ryavSdr1xdjq65gP58S7MeVPZr17oUMyrb8zG4LseyAEJZE + H+f8dNgF/Eiq + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDwDCCAqigAwIBAgIUSPGu8WY3RjswuInudNQ1gO639OUwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAiMSAwHgYD + VQQDExdrdWJlcm5ldGVzLWV0Y2QtbjAtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBAMAi8lLRq2ejjCSkEVtgjdTuyNMxGBmjmbdyvhDv0cpQybDn + u55xeXTIzjLZAezO5NrTwz9nUT6X9W9KLKs1JLFa4t8ltaLef4E/U87XHdtPT8z0 + vd/WijmRcJVwL7Ov7nKN251Rs2O8pSXt5feDzwNE0nBo6GTtl53ug2oRuRUlXdCm + T5kaEtiSnClhZK6EqtvlmaeNWOON8gnU/KOpMfYxU1uLkn4g5AEUtiKZIV6xWXk3 + D7VLraLUrCjYMRuePaZwhqEqH+e3dASfEbyBAD6V8FjCp86BTStKdTl8TWKy5PIN + qGzPC0FirqmRK4PuCU5cdtEdvtiPg/HdmxUqEiUCAwEAAaOB2zCB2DAOBgNVHQ8B + Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB + /wQCMAAwHQYDVR0OBBYEFMfEcOrXWCFCtv5xCDEXciqzmgxRMB8GA1UdIwQYMBaA + FHymZ4KhybMyT5d07GGPS7MCVqKJMFkGA1UdEQRSMFCCAm4wgglsb2NhbGhvc3SC + LWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcE + rBgBCocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAxusRMWlXZd5yMNgI + goe8XjmGSPMCzkDKJPfadkB8CWg1V72Tsh9mJfNpstWJgjqKH72ncwW0N68J8eVI + zDFb40yqRLCizu9CVjf5fVJFc27WLkIGogCSsFPNKXc06hqSjCNwyQXB89i0dhNt + JBUXeJcmJWY/Pno8+q9nPOt8v31I6SQUkmoGjhnHpnNF/N7sQnDZrU+hE8IA+XVS + IihEi4rzNOp8Llo3TIae2sbdQcqyueVTUWo4x1wxdV2wucoQUBEbUd/zpMzfk3Nh + 6hO2A6g7eKeEJR8jj+17xHA9roTSP61I/or7rCwVVDsiNwh+iN+5rB0M2OOggP8y + OihXhg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n0-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDwDCCAqigAwIBAgIUEH6SyMqmKgJwyLqJPB3mS1As6ycwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAiMSAwHgYD + VQQDExdrdWJlcm5ldGVzLWV0Y2QtbjEtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBAJ5QMaftq7Ezo7eTi+KFbmJGwWm+tdTLf4/Kg3rH7SmzIbSX + 63ZvS5SZx6FTd1Ev1exl5cqb37d1WdFu1NJta8Zti2E6JZPvlTioHArKXZt54NYX + EmB1RxtepsuPJHviIfzHexDF/TIUhe8CA10dyW/KW5wbNKYnfWjODa1d7E9P9/dV + RRcHn6Lf8jDMBLgvLqLAZFTBRflF8ttvRz+ngjEWDugu+zVGEDkwedxxFEEy7Aj8 + cBJ4pvv3ULJNylZpsTNYFYqE3NY61rj2iWWoKwVT4xr3z4dmedFzRyfSNYw+KKb6 + TpbDmOgF7ssVL9z6YGy9/htr9lbTBkXfnL6SWb8CAwEAAaOB2zCB2DAOBgNVHQ8B + Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB + /wQCMAAwHQYDVR0OBBYEFFm/KvwwPFSUhs1DYf1lvrwVExApMB8GA1UdIwQYMBaA + FHymZ4KhybMyT5d07GGPS7MCVqKJMFkGA1UdEQRSMFCCAm4xgglsb2NhbGhvc3SC + LWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcE + rBgBC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAg5bkGiAf+9ot6iD9 + bdulC45t6bpvJYEEL+RVWvKVmxVy7aKQLRZ5COD1iiV8bhMtutCje2rPZ/jSRBZ/ + 2DTszQrjnd4gbRZ2uP0J6u5rBCA+QL3X4AtfnX0QHpRVlcQ5l33n1KhXh65KHmXU + sCdb2LDctgSWXp/gkkz4KvmyjTF8RxVw9Jo/v9K21K5i3i17meg6VTJ44qr6sen6 + iJuClhoaDwKMQ4N0r+Omu8rvk7vzIpqIil7mYKyASRV/19jjH+Kszo3LaVAY10sw + Sd4+jpMgyKhXsb3z3j9tcPX5VuA1GFtDPVR7HQKWhRPbf72pU8i97fgAGRYNhBVW + ZZNG1Q== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDwDCCAqigAwIBAgIULajVtdTVIH1rz+eK0Xg1xIoIjkgwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAiMSAwHgYD + VQQDExdrdWJlcm5ldGVzLWV0Y2QtbjItcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBANAVPJx0lomjqWrWcJQSbKVY2WW0/JTFsU5dMkttGFbPVzB1 + f4Tu86iOaxbKwiMYVFBUHyAYyR8NVFb54Nnpm/N+ujnZ/pVbnSHAhll9mxXcdjir + p8G/tSks13MecN+ht2V9Z3ARis4ow+4lQVyAqDhU79E6Lnfzgi8wS/CZempE7qw1 + 6/aEh6e7iktyXHdAdWDduBIEbSGy8o+3VQ6UmsEf6hzaAiCfE9K0nnvKfmzRDwoP + VYpg251mel1P0o8xAp8xOCLA3YAtXraIy8vFwX4+PAjFYZvGoiRU5rJ9yUQO/PPm + Kh/ACfpvDtzPflj5pJrGeXs8MgTPMWAR4/QdJl0CAwEAAaOB2zCB2DAOBgNVHQ8B + Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB + /wQCMAAwHQYDVR0OBBYEFDx6quirvg4DJ/NnrA4mTqN1u4cbMB8GA1UdIwQYMBaA + FHymZ4KhybMyT5d07GGPS7MCVqKJMFkGA1UdEQRSMFCCAm4ygglsb2NhbGhvc3SC + LWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcE + rBgBDIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEAs5OmPgHccYUrnImr + xAbj4RJ7NMEqnOdkASCCk6iPoj4PjI0B5vTEZMNv/unBdQQv05uBJhM+kA78/QSR + C/kWXb1/9mqLpSXCr3JJwBSdA7QissCFcEOeAnHjBFQKmZckQKih2E5hcVcmBc3I + K492jwQg1A0zlql1qWH4NLM4o+B1nVJhuGJC31CUhuoc1AFJyZYJuvKb6vPa8XIY + 4Ze4nsTxRnzamSfOD2JlAEfHi7EzqExLAEzn0BNbcYWuAABV/imDVKsc6bO4jymv + wlJl0hiPZZVffYdcKBVhMBCqdFj9vg/JZ5GFt9SWwlV5O1xGnS6ASA0rS72ZGKEJ + BFEzLw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDwDCCAqigAwIBAgIUVrKDYghcqkQMBlOztAkhzdPK0+MwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAiMSAwHgYD + VQQDExdrdWJlcm5ldGVzLWV0Y2QtbjMtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBAN2Ex6XZ8JszyyaH+IiSZnlvHNu7k7Q+kuHkuPj3efXXE9K1 + 50Ogl8v4DMQy0l4DYmx53DZjaoFxjHG87OUkpmlAn/Pjb3XuOJDUsAUNMTIMiTqI + B4rP8lnK84SPak3IYd9MMSNoyYsKqM5ivrzYx84V9fJU6Y55rZXGxOnfkIcFMiiY + K0jXGXBvOeIjEYVsf1DBdAXRJWWoxm7KvUrzu0g3zNihu80TjkSzh4hkLGnMWvpn + /+jkNb1MwVzCBbpNlYpwT3TON5FpgMqjwp/wHi63hJXb7yGWRvfVVYs3fvi4Ol9R + iGL6bbxiovVtsggOHkAQzBzLFI4qudXvnH5EEIkCAwEAAaOB2zCB2DAOBgNVHQ8B + Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB + /wQCMAAwHQYDVR0OBBYEFASBv6hL/IoVwfuC6CplU+ngM0A2MB8GA1UdIwQYMBaA + FHymZ4KhybMyT5d07GGPS7MCVqKJMFkGA1UdEQRSMFCCAm4zgglsb2NhbGhvc3SC + LWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5sb2NhbIcE + rBgBDYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEADDH5PA34T0rbNRVK + +DQfu6OdkucVzGJ0iqCL+X1zNhgYEX4DzxQwxOGysH5y02Y3Ypo8CPMzBcelKZ2M + 17C4f9kTw8qDFMi5yshKZ2y8dtIA1/LFgWore/vgBMHQlH2ZLeuK46r0y1ALqYSX + JjkLzFw75yxazL+/RGPdQnkHrtolAYgjBqCAuw+agOGCmirmjRZJaYgRYOv4omp+ + 1elhMBZvPicd0+oQ1xDbLvI3760LEN6XkEeXgceeh8qvJawPWJYQgNHO3E0R18qA + n7v5DuDM3oNhfaH+NjpAFAGSng36oa/4wJ0cAqPDtwebIrSP8ztoS5rXmWqbwxI6 + eSxRGg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSTCCAjGgAwIBAgIUK3vtsOF4MoHwpB9/MdCi7GH7BhwwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjARMQ8wDQYDVQQDEwZhbmNo + b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcpdrK4OwL/QYH1D+/ + ShFt85ANoHJ/+bEmB+pqIO7Ww6rsDHQSnUkJeykCVX0kTmxMR34cA/rgy1v1+xP3 + 0zObkcD3YNXCNCNi98XMilDvfh3GImURxFDND6Ngje/cU/hGhjatBzJ17nQddbzM + dU681gyhmqKs2rp9aIxFgjIv+Bemyxilfh7j6qTTLPE10hZry03e74Ttn//XH2Ya + taKtu9l25LNkhuqh27KfBO9pGJqZyxhLtkPb5t9NIYU3yWam99tA9nSiIO1RDuiX + seYsS7pSXLAbcivAzlx+dxLVGGbXLQ80M129zc2uFD8VyyHF4xBxFnEpSp0cmxsF + qcmFAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUTtYGwpK2tBqS6Sbl + /vZN10wxM6AwHwYDVR0jBBgwFoAUoaeoYl+8uL68qbnPFUFxOhn0dNUwDQYJKoZI + hvcNAQELBQADggEBAAFy/hf2f0U8VV9SRKgR2h1Q7SbpWyBItA72LDs1sdyWqM+x + 73sn3NL63PQGSNTEjsEfRLkvkh0wCFZxF5euK7rkyWFiD489u0HfT7I86iI1MHg6 + PYKo8BdyMEoHAOjfD/Z7Oo4dpZVGVjHHEAImoU2nGckh/JiBzRlVKNhtGMhny+O5 + su/mzkKdLqEJzxcSDdDx9jymyP8UggeSg3bT6ulRODvY+uYYOef8jnwzROIjPfaL + iHeGocTTl1cLRhD9cy2A7+N+lUruMRWpCPpcpTecEsvXn6feZGrlRF/x4IG51ziA + HKxzALECV11Nv1oR/khqbSjsZZTUJt3lIGYAl3w= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDhDCCAmygAwIBAgIUafGGg7ugTjajdMfrXUf/ybtJCvcwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAeMRwwGgYDVQQDExNjYWxp + Y28tZXRjZC1nZW5lc2lzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA + yLkMThPcGpCAqM2ZFq3iOloNc9hrkfhCnDSEugyQWiuvQxlBACh6xsTY9AuVXswB + 3b7y31gpgeFKtafB24FQOUX04NdrrbeKp2+xmlivnAous0FmQGq8Kxka7zYadPYO + biROawebCKGGTGvhF9EfRymTjbGEO9rNnmWpWDAtWbVM3ib90BNd6PKAJFZ7fjo4 + up1eY391OXh577WtkgaTx87YhMmXM57LMf0heAJHFE9kRHOzi4e1ZDh+EXAqFvP8 + yLsL/Iu1frdeMv9ktf/8OP2By8oYbIehTW6cc5Ti4dk0QTyGhgZfqttI880gwjz1 + wak540H4mIffBKKTorhTMwIDAQABo4GsMIGpMA4GA1UdDwEB/wQEAwIFoDAdBgNV + HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E + FgQUR+egPjuUH9iLeH/DnYz4UeubWf0wHwYDVR0jBBgwFoAUoaeoYl+8uL68qbnP + FUFxOhn0dNUwKgYDVR0RBCMwIYICbjCCCWxvY2FsaG9zdIcErBgBCocEfwAAAYcE + CmDoiDANBgkqhkiG9w0BAQsFAAOCAQEAhORD7eU/nGJBaKBVCZX4lIV3nD6rhI4l + oy6d2aIP+dd3zzOGU4JMAzWysAmS0cEfr8+rrZnxd8CcfsPwBpoasURZgE/HwZqk + /KPfPZMAYHhNNllud4WvXdpLaCyfzEfWDjaTi5Ymevzrkyxr+PNTIYESx/2dBiRm + OUPIMFhmR8/GacDGI9xQl9z4+n3lGndcMoYG7XUVPK82sj9QQWsY6tNZiJ15I9SS + 1+sVaardZaJB0GoZVKxU9xSqFZsmjdmkBwYP1DBV1Ff8RB8y81gQPlSDyx/Q/2d7 + 4PRjxlqQTxeZvRX3XoqncFk9yCi8RdL3PmSzJerQYY2LiG09XoVxNA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDfzCCAmegAwIBAgIUWbXvhKUHkmqUYSj6Oy3L8kvN98EwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAZMRcwFQYDVQQDEw5jYWxp + Y28tZXRjZC1uMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMv0oE4F + qf0nPFXFrDZU5dt+QqryT5deqhpPYDqrMGvcpgpjVaoYSJlSBZf59buaEL0JwwJt + Mr+ua46R4gILKW2Hu2RZHLlnO/vr6u7WJh5WqK97ZrwgAXjmLcRM5yF7S2yAqBnq + 2AWlpmXoI5J9saoLnaCoTK5EcCg3DwGRP0WBNbatxY6k6DAOwPa3V7WnQvkuK+eT + /loP3v5em9fxW7W34M+qgoEfLsG8U6DoNhOMBkqegwE0hNZAuPEMvfKuUTGbbbHE + GgAiqkbIh0eGkw8qjGZyewYVsnuzkGf4wK0fEZAN628CChDUZZgYz3c3oyx7VqAk + oq6/WEt/scEYexMCAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw + FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7k + IdF+cHEHsoWZLP6H3xjC6RW+MB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ + 9HTVMCoGA1UdEQQjMCGCAm4wgglsb2NhbGhvc3SHBKwYAQqHBH8AAAGHBApg6Igw + DQYJKoZIhvcNAQELBQADggEBAKzOMvbQWpocM/h3nH+Bxtz2hQsjtdqA92COwNMt + E6/ACcK0YqrY7Ab0fnA3zLddRJi/UEyomkdhv4wk3naHjesedMg+cn/QoyW/oiRM + 8RybowuOX5qMG4bB2jOAcyV/c0VSVV4GllaNEoMLTklFFWru5EjNsZ2qGI+Pz/Nl + tWGO1W37fs+5j5Hg6TUDaXcKNlPHkrNPeeEyPGJEv5jZ3+gZQhMOv96b3qt9a3Ie + vCRWfgAth7zzTuJRyVtPuvsllxvht6Kcg9uNMQkfHwnZ214rxqNKsSwzomGzIy9Z + SR75o2V2/hMq9ZzJGf3vgFiIo2gddhsmH5BTmVH5Nr1csFU= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n0 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDfzCCAmegAwIBAgIUbnTO5ahDuISPUHjFkdOnjzRZE74wDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAZMRcwFQYDVQQDEw5jYWxp + Y28tZXRjZC1uMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOAUH3IY + TtnyAJf5e32rZnVEBUyduCLk6zta6f6nF19Jiqph2ABij+TBfvSmG1hlaGUn5nGn + yajNfnUD9ifE7OQVwL92achXRISelXDGgxrNZGIWLTN2v3p01KDj5WiEwkh4FPtW + ErKNBRJgHLffxx9q5fZJUSLyqj+hSIUNfFD0nHE3p1H8As/AiP4Eed0aPATiz3m3 + XbN50a09fiS8QJMPg0rBcrGR2TPm5jBkRCYyQbFS4AG1l510rUJm3wMSOnV1rHXy + Z5WxQlkNuvyxjVAYRFUjghw9IZTmewCXnSDg5JHTIpCD5gpEiHoYXGbn2387qBtY + 4S6LrSSTftVIV88CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw + FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFB1l + CsgS4KXBWR5F8iFAlU5kyQZvMB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ + 9HTVMCoGA1UdEQQjMCGCAm4xgglsb2NhbGhvc3SHBKwYAQuHBH8AAAGHBApg6Igw + DQYJKoZIhvcNAQELBQADggEBACII486ZBkTP8V3chlSMlAyqd2/xedUTbxTN0dHT + FC26hzCNxDqlBzTMYGyXAqvw1mgt+n9DffHYiiPx+2yYVxW7Sm7tuaHsPrnTaPxa + zXvYfb3m865UdnXrqW7OuXabn3bSlKLG6POK1T6sbMfDClg3FwibskXPKmuJe1aP + NiuLle7CJgw2TXG+CsagOIpKlMXWxFTn4RHd/KVDGNctpRKwnJoHnxSB8py6WQqD + qC129e8cSwvuifcDcUG/mxC2wH4MABY7a/k0JAISCQjvxxz6szr+jxrgsv9/S82v + Fjd3s5V2MgHw7L481LucmTsQs/I4wh6zfSsKHy7DI10vzeg= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDfzCCAmegAwIBAgIUPg5fHiCu2SFpQirveyOKhmBc3VAwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAZMRcwFQYDVQQDEw5jYWxp + Y28tZXRjZC1uMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJVwQcqr + IoKxcDmTLOH9YeNgCf849S+pZrCdtngqa+rGQ2AWKYYHbD7XetaCcZafhhysjHJl + rdeuuVuWs7eoaQml6nVNk6XyWWYchb4MhRTG1Ujil/cM6KPM1/e90yeu12nmiajP + VSvK7rAKG9Z7R1RfC8H0D8rxfUouOyyGHXR7YAhulRlEl8VMOtkAWU31UR2ucLFj + gzKi3XM5hVW/e5zDDrk2sccVJg19JYgsORk6M0QhOf4iANTsb8L7OI0eSU9Xgk2a + xj1us4AiClIszfj0mJkEM6wWdS66W/dDWAyfEIlUOf5ekuZN5D6XW8f5tVqRCoCo + yphwrwrL9QBMBGsCAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw + FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGnK + 4Z1CYXWKP8NRP0Xn8MHGN5tqMB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ + 9HTVMCoGA1UdEQQjMCGCAm4ygglsb2NhbGhvc3SHBKwYAQyHBH8AAAGHBApg6Igw + DQYJKoZIhvcNAQELBQADggEBAEtmsGNdmq0EpXoFrTBOf3B7s048HC/waDnxNRe2 + BSWPZoqBdUiMU8LfNZzua6IbcNUa07BUnQj13cq65D5SINlWvoY/gFd3aETZnpZ7 + Q91jzUWYsB87QeE6Pc5gvAQkRi0QhUWezzaoL3fMYVlVNbyZZM8Rh2tfCYUwgHtw + 80qPM0CJdcFJYc7TqndUYTKafhWsNIv04EWxSpSE3PynnxXUoy5m+sYWREutlV9L + YMcug8a5JMuPR0l54PX1j2pGo10JiKcFggFvQXXFApgrTYc2WgJTeTHmooIr225M + sGJEGW+81+KI6Bbq/RSC6Hk/OIsIkGmVWo/4w/Xv5SVzfKs= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDfzCCAmegAwIBAgIUEH/3nmXnsmA7llur/Mae0Ecm4cUwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAZMRcwFQYDVQQDEw5jYWxp + Y28tZXRjZC1uMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyvrFPq + sNvwQrVSexx8VMGzbDOM2SMFQHN1kn61yO089M8ImuZKXMXGQE+Dc129jp3w26TB + bY2zphXevOedfI2ehPzIVq70vF+pkrt4Vbk0qg85Ba6ppc8/Vfk0jR4C++PisY43 + t05FcYMQr0dHGCNJ0F9PTKrksShlJFFAKjnKz4g8L+fC8CXNbMicfrkHtaHJJXkg + 6IQXlMLbRTTIs9zzblqnVZvwam5J6xLIrUfpwQVpDs5hxZ/SY8lfGs03wK8FWbjG + nyuhr80fu4Z4iD+/JQVPiwsN0BGVpBrUMtPLkjn+Cxy68PmsllgoSRa+VciEqCz9 + eu4eB6d7s7WwY/0CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw + FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEgU + JSfZu4Ldehtlf7AJNPPbmNdOMB8GA1UdIwQYMBaAFKGnqGJfvLi+vKm5zxVBcToZ + 9HTVMCoGA1UdEQQjMCGCAm4zgglsb2NhbGhvc3SHBKwYAQ2HBH8AAAGHBApg6Igw + DQYJKoZIhvcNAQELBQADggEBAJW8URCVPW3Q6BMzvnArCn8I8nF3xiv1US2yXg6t + U72aK1wrYTPSbE8PNuKFHFk8PMJ5UETBYXdFcBtxhqdhqj7ve3RZSzjxEQNbXBZs + 2qsUmC+4hXcGg/FQe68KfPBPrAMl/cVi7qcNHvN09eE8qswIYb2qqScZZWPv/HFM + 3JqehUFwjuzYfNzQ+mRKSt+6nCwGLsGaWQGBQ0dRXbkCcsGY4NyCYUhCPmni00HS + Nwnobev15FkD7p82qkwn1hIzrPHvyaJ0I4L1qYJPNaFDXrE9CFhsQRA6DtWMzCFn + L5av/s+zsB0Uwn63UaAjrxTvYg8Se0Ov2AlG4fqyAuFbIQg= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTzCCAjegAwIBAgIUS4xv983JzzKNYmFStCikUemFhqowDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNTAyMjExNjAwWhcNMjAwNTAxMjExNjAwWjAXMRUwEwYDVQQDEwxjYWxj + aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl54T5x5Tb + 9M8qgrej/nKq382vIuLfIV0vImEEZN2WT/FPpLoBB1zL6+0zKWdgcL2A7ZQXWVeS + NTtgXjs6VlVJdyrOOce+Ku8zkcfRCTW5PgTW1SfbcvhvmUiu5oCDGESsBEVZhQjf + d8LIcpEAPrd4GwAPEvKv78vXgDpZsJH0vgtPPJSb6vDVyTTaQqhHtw+t+U31Hfu8 + 1fPVO+RT+LzusuaBr6KIf8PBZUzSNsKP7Xc7b8DUZggoenr4QcM8oum5CethLaMI + SazOK+l/d6DiNiL0RzxF47DSwyZPUkFiBrvZsqYrP+BERSP2jMl3oybnP8bx4V7A + dLOYynBNk1mPAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPAvLOhPj + 0fJuD8jtaZQI/aANk0QwHwYDVR0jBBgwFoAUoaeoYl+8uL68qbnPFUFxOhn0dNUw + DQYJKoZIhvcNAQELBQADggEBAKmrjWAC697jUTMn8LOTTx4a6QaJX6SwYFTFKhXq + 8wln+Ertu3ubU0T8dFzMI/ICc2mUuUM8+utZQ2wt4PXIpNeuMNs3WkELSA17GbNk + pDzysWvawjiBriAMc22xzZGFgNpkYSnyDM+/qbPwHWcZUkjfpTW4m4TgNiOBHC9z + 55r983xjNJswpjODA++9muVdBDnYI2UzLr2umWzyp/lxoVd2e4FO9EIDpeZKGEMl + oqipWgANDSanRLiR1P1YwvnJ1hcFDCen6/cZvVD0dJN0WDS3PRY42+s4Ez+J98PH + GgRtbQD5W8vyCTgwSLgeuPQSM0KVJWs/1kZ1LZJ0BXejLUw= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDjjCCAnagAwIBAgIUC8wKLpKjRiVFo+GatUnYVohC2tkwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMCMxITAfBgNVBAMT + GGNhbGljby1ldGNkLWdlbmVzaXMtcGVlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAJ+ptEBVWepk6REq1+BW9mNPMDssPpabQU4khPOwdLxCuoWgO7cj + bUFnrTICTMoh7iz+8AiROlaKVuFxbnuu5md0ur33pAhROGsTXWDIIDzYVAktV8tR + 4aINA/b7HRYp1LQjbC6oUWkMuGFf+R3DTxyN6eOqmmfBXYmlDzaLXg1cikDOtrMv + TjovVUerWr6ykSy3AGpwxARcUWLpyDKKSRlsj8YkEUkjPalv3S085y9RPbbLbZ/d + ERbfPqmhKT4lktO5zyyzjdoJdrqKqcfvvDrMn6LwAsOguxrJMhZY2c/f2UsLjpHR + Wcaxc2vexf4GicYPeUufMv34MePpaWf95V8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8E + BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC + MAAwHQYDVR0OBBYEFKrF1nkBZJVENcxMSN200u7dCyj2MB8GA1UdIwQYMBaAFGOI + oJnXS4O7x6eNJSwbIRqSFaZRMCoGA1UdEQQjMCGCAm4wgglsb2NhbGhvc3SHBKwY + AQqHBH8AAAGHBApg6IgwDQYJKoZIhvcNAQELBQADggEBAMBuiJTUyz9lAqmZn0Uo + /yYZedUeHvNbSQp+M80eiBqOKMGrPAcZ2O5/Hg5UTyYK8ruUFO3NSMRZmSVamfst + ogGEKEZGMA7Rug6rciuBirc7SiiTW7WgEa+BKe5x9JHikCu743rO4IXapxazE5kj + 3CbbzDwv1Rm5QO+V7la3gW4UyoJyEWgueim7Kf3h8ZjdpaLSulvSKppk2UBHRDLJ + lRjl1r6PzkwUJwTiA+tsay6Isuu/ddx4VeLjGiV1LIg2ASDnT5fc03uMefsLMtM/ + nNDgqzbFBHcnMYvOa7FXdbB1o/GcGcxYSjj4G1/z0VXuhTwME5AbZoKXqUYFZQfr + q6I= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDiTCCAnGgAwIBAgIUdLBP8Bev5L3B9IWXU4MNo6XudTYwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMB4xHDAaBgNVBAMT + E2NhbGljby1ldGNkLW4wLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK + AoIBAQC8PvCSqxs0QA8NVNdhBKcI+tJF6oR7jVKzapGdKh5xBGGekQH47SNbOCxa + ncnY27vU0xzAS8xIiur9gW9UMsF0Zsa5rz3Gi1FCi2hblQI4XxF1U9xH+S8bYsBC + RpKZzrEmf82VRg3KUxCLFx/r3LSqDH0yBCBllQe6g1ZaB4EEq7pvQU7tbcQlay4e + Ot4tyxRdE8CfnSjj20hvdVpOeDL6Dw2dcdbNnxj9Ozp8VS4tv2A0VnFFnqGA2NBc + u5MgEqr18+0MlMz/MrqHpDvNp3Yw4VKG9tjxZ8yhIJDwpXYv1Rg2R+5Aiy/vII7X + Z8NpSYB/6KfKddJ+83T4IiVzcy8ZAgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgWg + MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G + A1UdDgQWBBQv1SsglIBzVUOoTZHpXxPAJ/bxCjAfBgNVHSMEGDAWgBRjiKCZ10uD + u8enjSUsGyEakhWmUTAqBgNVHREEIzAhggJuMIIJbG9jYWxob3N0hwSsGAEKhwR/ + AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQDCcW2arQRD2YGTt+n14AYscFLI + bXXar3QmyKFDhR0Wus6T/zJgQO7fxB2G2w/cdBFU5U4y4P/3W2B1GpIgD9VUB6BD + rkpm8D1uMhsqI+hFPKuax5A+tFpLqMNoaGbTeH8vgiANdmBl3SJheUjD/w5Kh74I + DHYYvxDDp3gMyqfCO4xm1OxRB0T93xe+XyQU8lI8yAx5sTtWrp6+V3vkrhvgwPq+ + h+OlvhJFNiECPr9XcGqIdM7qT7EQ2ETR4fOgFANcD2zEfb680nu++JfVu+fiAEhd + JHaV3JIe+Vfwa3zhJjPxOIy8SVgtVxeR3idL7w16hlBHu0hX4603UFfbSg17 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n0-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDiTCCAnGgAwIBAgIUb2tlZjjFiRI81s5YBGohR3aVpoYwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMB4xHDAaBgNVBAMT + E2NhbGljby1ldGNkLW4xLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK + AoIBAQDCfkUI5emZa00zxhqM4tPiaTwpGAyIfu45/Et/CTv0FCLZ65II+Ei/al8z + GSmDnCsDzdtfq6zeoIwvFIu/5b8D83GU16M7Jw++KvLJY7EsqYKKbZsE9LqsfGkN + PY3XM1TZdHXIlrrCmqjSvGwYNfiJ05fTFMl0UOc9W1AuvDbXeeoUpY4tjDB0TPlQ + znQMdcrezu+oT4mzlfQFj4I1Tq2prpoZnAO+6NGKSEH3C6ChCyO8qks81QjnPUcl + xLkIsmLPF6tR9tOgZ3kglCexchwUNe8tsFsN/nHMlTOEmn/hWGZyeSzhF1WXN5S1 + 8dGuPXM7qf0DQaiqFr/SyI8smyYpAgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgWg + MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G + A1UdDgQWBBTlO+FD5UztWVnYeQEkFXSPITv0sjAfBgNVHSMEGDAWgBRjiKCZ10uD + u8enjSUsGyEakhWmUTAqBgNVHREEIzAhggJuMYIJbG9jYWxob3N0hwSsGAELhwR/ + AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQArqfZHTUHoqGKJHd9i/H29AyJi + hi05LVobnbkxPsZDJF221/9Lc2087wSmRm2UmpU5XqMCrA34wjf4n/XTlpitvRwy + vG5mhdiyhcYeqcpPfS6vdp0eDAgJhb/obzyKVmAwLZW5YfAKd4gXJ8GBNJb3F1f0 + PAo+aPt1hZmax7hTmwbXuqi7F0UdVWzdoAT2nNcPKKkP7QKv4fnSfizRgpfRSsay + mIFy3PtHFMMiFcdjO/prf8l4A4tMp2ZxQShrTY4VZMYUgoLoiJ7+uUUoUJ6TruT7 + c3lKu9reCtO303Xu1yddDgUqefieUarYHS9sMJc0ExTR+rXjk4gUW/17npqY + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDiTCCAnGgAwIBAgIUYlyJ7JME8Hc4VOuRU8bulGThdJ4wDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMB4xHDAaBgNVBAMT + E2NhbGljby1ldGNkLW4yLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK + AoIBAQCvxKIq3P6gx5FKmUr7O855lwL7ncmvMgg/RRR1NuXik/25Bmti/6dwutQV + x528j3Qv4CpcYSvopHOJp8sISvQKG113wv1aICKz7tHnfjxZxvLaUlZ8CbzkjKrK + EiWAHXNBTu/Mq1qzL7UrXa9ab0YJn5O3SgUjtOCcaDb+6J19A5vhQZLuNjUdpuiB + d3yVyt6y72G2eAAK6KQriR3+thpPBafhAKFInXM4u0aMj+l9TcA0vpHe4Hb5lpNk + c46TcoF2hQUnXUPZ/9F6pKtI7M8YNSdNLBB3U2tWs1GMkgfk4pGHIEQaXR2QqCBf + dcLthSiye2+dE0vEPgz9fs6yENZ1AgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgWg + MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G + A1UdDgQWBBRxRlWdcH2aEVj0ZHsGB40T3MUIQTAfBgNVHSMEGDAWgBRjiKCZ10uD + u8enjSUsGyEakhWmUTAqBgNVHREEIzAhggJuMoIJbG9jYWxob3N0hwSsGAEMhwR/ + AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCWokTVC3rh6K8gLHop4/erJSzL + uSr1/F6M81SvqCbdiGhzfpVllKMYSIKlfgDVIQhesndKsu8IG613ylts1xvQyGgt + mza9HU/TD65MRAt5BcM1mj+4UrSfxQyX3845x6XrxpHo2akwbrsbvSuE1k0CFdW3 + Hlw/UZRdYOyYZeM68K5psr1hczdTq4sgQzMjCoaQdWEHzVDwqFPWRDf9pd0MzGux + ks8BjeQpbSFf5hsvpLYkrlM6428bdgBTeGLA7EVzpRoZIbDF2W9w3JF3GmFIhP4q + HEqUo59o4r2f90wmcXXp169Aq4VukMzqkBnXad+ngdkcjWyiQZk/f1DM3Rw+ + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDiTCCAnGgAwIBAgIUYNYuv0Nuq7UhmYNjHGJ48eo0OVgwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMB4xHDAaBgNVBAMT + E2NhbGljby1ldGNkLW4zLXBlZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK + AoIBAQDCMAMI6PcFB9PJztSdWDwrIK+d9i8EHMRx6cDq5Z3wYwRNSu4cSMjt7XHK + APOE320dJBzR/AWutlfKIuvRkcvnWWlu+vDS7lQpw+vo5hTFRLnZSkwwNl8XoP+p + ARr8XVL80+BCiibH2NCWCUJqxNU1J2H0BCOIg6ZWc492wrclKo7BEWdRg65uoTfV + SOWX6LxplL8Sm5nhz7lBz2sdfO5rVIDXD9Ok3a2rRBbKaHs18ZKfAapXDLX1eaVt + zAr/M46Ke+eFGSAtj939PJpkJ81Jqh3vpDfCjvxEqw040FR5ZMVJKx/Enj9OqzPA + hhxl/vLSa3azecf4J9OZdw1lip1nAgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgWg + MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G + A1UdDgQWBBS9nHufHGpS/FioJ+aF5j+fXWHR+jAfBgNVHSMEGDAWgBRjiKCZ10uD + u8enjSUsGyEakhWmUTAqBgNVHREEIzAhggJuM4IJbG9jYWxob3N0hwSsGAENhwR/ + AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCJ7X4gkfxUPJdAoI7MDf5Rhd34 + RyPCOe/j+VnZZU6mYciXhJbL0Z1JCJydyakUy6SHUK2puWak+kj2jDimEaPVX943 + wukiACT0cVv51NVPifSQK9A7aqGnf43XEwNiEBlS0FRRnjeIsl5eKndAqRcsk6JC + QdfrxBoWJef2yWPpZKl1t5xHQG6EQ8s3hpKRyweQuicNtEm+sWORnfteZZlT1az1 + OkF+a09GVywdMbbJwpZqKcEzWHaBh8DeeozqRaEY8Hps9SwKIN83O20/g+KtYY9C + J1493TngAkxzV/tI0U4enO3XnmXRoylJwWIKydnROzustwfE9eQ292Dyk48g + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDWTCCAkGgAwIBAgIUbrjF3WPV2FePiFHBqvsRyX1NtJAwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA1MDIyMTE2MDBaFw0yMDA1MDEyMTE2MDBaMBwxGjAYBgNVBAMT + EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEAxKDvOf7gM/KYM2B8NhGNi8EW1pMNROiiCLmRFxiPMo0aoLMDjR9fD1K59qiT + Q2nuohh2Qm3jZywDcOSby2rrsuPwRC7XyQ8TdmQ7dD5KLv27b33oUKT7eWKL9KVG + 9EeKBAKT2MKT6GR27WBvdi2we0yJGeG17nG30RYI6X/tjiFPONnRyt89KhwcQHEI + 0caEtX8AKXTvzQqSHG2i9vwvVFRFtV00v0xz9heUOSBZ6zVOu/ynnwt1gJmiFJxM + C7VlruHPmMvhLu4Q8Q5mNagxC3GyZQPzazgU/ej230UcfwnKAJWDJDZe6Y4eR/n3 + tw7Fu20Mdu02/NjcJPxVm1af7QIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD + VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O + BBYEFE8TGjPhEwapcCh8swjLDNnfuYkIMB8GA1UdIwQYMBaAFGOIoJnXS4O7x6eN + JSwbIRqSFaZRMA0GCSqGSIb3DQEBCwUAA4IBAQC0zww6DzdLfbOUp+QC2YM8sjdV + g3Aa+O74EJSRP8gE1oMj+YwXSjkS3t22T0i6v2U2KV2BEqrmzf1TpuAg35CqQPGk + VJBzbg6LvCHkyy1wTm09ShDdj0lLkRMY5XwQIOHrk54EbCHJUwNnQJcUznV1P16Z + ji//MS+DHl9u5o8Qc5zC4LJrs0NQT3CO2+GxMjlD+P+pnvoBRtQzwo8lb19xNMf2 + GBSvr+Up2Lo3agw70oZb2IPy6Nm3EfykO1XjVY8p6W4FXCa3XQ2JYiqyQeO33eE6 + 1866bnKC5hnZRwCjKrOJAUxC3Z4T9N9OwU8LieMUGUDlLGI75uE1jLx8LlKV + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA1QXHsOKaG7NNYvkp4dw40IpUIHkZEhOy6usVTAVl5yFWZ2sj + Hufke0J4oV2UBeDF00ufScPhuCQK/ER1InVTSV5zsx2AdazDClMV9Nce64lSAy2p + QQ/5/K0olleRWtQ5bvxp1l4X0R1onFmfVFSV31Ck7FWNKaGaFa6nEpEnXPorLdyA + RjrVYl+YcYHhTiif4jZJXWBFcALuVihKTjQcAv3PU3euFGfmv7eRwI0e0wh6M+Op + 7Xlvx/Zd1WSXfXsgLzd14YkZjfl+7suW2dtuXc/Tu4GTURUcl8DI0+Zqp1MBJq0R + jkMKvy3VOyxbEj7Yz/fc+ISednkcmG59HBohCQIDAQABAoIBAQDHbr3hkISO4nLU + 8kiPt8lJE/hm3njmP6MF5Ejv/y3EEaX+9ILQ8HEsJLMi/6URS7ppcycRvF2aM8RF + ISI4vHbY/aB8VGZrxO5kwBySOMQt50Xsy9blnruAH+0bs6fVzVJn4dCEbVsG3+2M + Uyujm/0kMS/2QrICA9Vp7zVjYJnlpGssVf/RX2GJrv009iWiZPRnZd2RG47VUKVL + hAZ3HMHePbl4e5TSHOxv26CRTVfz+jS2o47vSYWKAa1i7V07rsA64CR4lVF0f9Vd + aPsbqEGkPKDJNJq7C5Zt8nXjTw/8w7cxXNZLneL6jni2pxuSZgreHBXouEbsrROz + OtMHWaABAoGBAPKbIX/gF6zuBhj5byUU6JdeWiPT0h/cG+IXYL9PPZxW3gMKkpot + sxlV97Fr+cUhUS91LaRJcWzNhX8d7jOVmxzVFWaOIIXj89JzqsyWHJDZOeql736M + JqybsVtfg+pJqA2LoVYvyW2lwQ1/mJ6T4smbjCBVWxwIf7VMe3JoDqoJAoGBAODI + iFCgwQ/Q/aB/a1QyIS3ucjsr0opg6xetRmh8Vmi6ftzMUfRZ2z6MPxTuhzH3vG3w + hysHrqtcRyYYVVxw8iNjnHJTJpP9h+1qIN8S4aQJio6vtXrTsSF80OBFWY8NqN2W + dMKgiAGAXA91nZLlqSjW1KFUepJheUsfoNYwaX8BAoGAbYO5y4/NIDMSbZOrqIGX + vTzKVAH6iIdDzvveoH2Uwk40Sgsrwo1+m6FC/sRPK72ueE3dHJxKp2LfMFLChGa0 + bn+B+ZmO9OHB3u5324KnwntMua/OPMHnc2OU3DpxwgEd639shQttUiHQ09cVfgAk + D/43cyEUz8LGY4Dy+OIgPIECgYEAnxkQcpD1VO6FNX46R0Ob/FiS/ZKM2Gi0vPNl + rDqlJkcp17m+IAchiOnXFEen5RQFiIMACNLNLHiJ20rJ0D4ZBDdS2hBEc+a0uLOv + RHSmxGYEbe2rs53190/Sv4oWU4xFg2Ekj0T0PqvNfRuwRfLLgh5cLTwP7V+UbDmc + qz1kzgECgYBnAmBqC5bbya9dhQ3SVTylqL6YQCl0VFL6/pRcOQDw1LGfdnsMKz9q + yH9YshLtGACMmyP61AwEEScXUz6o8/V01bpcoCfKH+jKdSs5wEdIVA8ZEiLY0jBB + IKkXbwXeFApV5FRLxXBtrvg+UeMW6oDEVG2xDc9dvwxf070KT0bfJA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAuEJmQLj3HUJw7wKSeRN7xX4h+2hNfOSV6lGQ43cuWiPN8YRs + FaRpTLAsLGS3eO95r2XzxG4vBBW19RB39ByG+l5UO+mCJCvalA7ypKwLrUAPcGCc + zaAbguqQQZn5r+aqgiaJ7SB56szFcbJB85TVQ5+hEsYwZXonOQav1DLDZlJfcY4P + 5T7ZWM+F/hOP490u7jA8UN49s5m2Pzdob2QbHEsID3kUOpyYAtj7q1fzyIut6kgr + tkgLxFhH3yzDRPm73QDQktAwZ/Mn0IYUEsK0P0u9NkaS+EHkjWrQY1BlORj/tVHm + mkUsjd8AW65sjT+FLGNBlKQV+dhYC6qpIdnOmQIDAQABAoIBAFXQ/wSn4NesySJY + JVXkoCG0BCmuQ2CmqbfPM1btfBYZVOJmVVyjDTPdXUVzxwu5JQhuyGC1HIqfffZc + LDHyU18qLbsVnzovfoa0i4fsZSfUjRw+sukF56pKitMy3lpxaPpi7pwVIxMbOd4h + Mpw6tjTflMpEqeepQ7lIhv2iguUVL4SOC3+9FZJOttFIu/ot6wa6LX59aSZDtX4Q + hwIXRtdGrWyPuGs4MDQc+ELjuxiI91aglnba/cNop7UWVMdQc/nfwjlU88tx3a+b + oKYIehDanFuZexFTAhcQI7kdxYV0BcXSSuCKb+z5r+VAMwIbWccJC1diJhEqfsW+ + 9rJpVw0CgYEAy0m0XWMV/2prFABxgOKO2H+abOg9xJbqb8bIrQSUTXNoVyodvSFY + XmF1XAZv8fpLB9Kg8KdnX9cVCFD2amx25PMyT/orF5Rvur0IvVHfOk5lRkhNucO6 + e37CNusz34PC3XNchdyrzM0l4gChIOvtqGbqC/1ReqoMIGNWMDd1mYMCgYEA6AmT + mOmrIlnHVA6hDMqoC2U5NMc3siOHnViab8+BTO35Z+R3b+73FdLDPfPDFCVk6El0 + 4c6cmLeKKQ4XIZ6av62hnRhNwseKF73awKB8840r94K+fmH6ZPBHTWVYZIB57ZrJ + MnQZpIg47C0SrYN9/xJK5qGVm4s9q6QWmvBhKLMCgYAvOq52y+B+eMDr4rZ8FSbO + 0caU6tf+5nkNAwf4eonh/KAPMC+8kxSuyMG1YaF8fIQWCy9s+deggp3WUskNLKnq + wz27Kwn77naO0gBHy8+rAi+xRncYY4rdyjNhAwAIO9p4DKdASmZ3rGnSuga1WVrb + tx1FL9NQRlWO6MVLancd9QKBgDtxQJt6uPma0EKLYNybCgOpUcdghbcf/PzlFuMv + 4Grpx+vCjophSHERxiyXxtDhZ4FOWCAEwv8ofb9YubpGHFSgUXeiI0GTxp+gZmrU + ck4eSzYkC1LrHK9BErMUFFniw9mHvqUrMuqAbzypq1BCEEQI1qFQobfwKsNOzO+y + RuGbAoGAMLU6AM9whKkrWq/gyyRS+7KEGw+RNFasOt3x3BUXTK6ueIyJIsqfrp0V + hvvk1Y9+GMUHY9v8FLF7FdeQbOOXkNHF+/yQt17zMK5hpWmQYh29ZKjnl222BAqm + xU3w6q119kcVeCPgo9m4hWjAYsn2Oa7JCqt8db24m2x0x13qOAs= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA3U7hNY1yaTXChsy0lXmJ41oqASy1xICw/qk6GFpQS83tFT5X + iiSsKXeH9SlbkbySiNabGzA+Wji0plwMjzj2sHmV0BWxyOCu1GqF6H6GULs121XM + rfV2HCClM3IjI8H6zdzs+IMTOy8MaX2finWTsIoX0V38kFndVoQDN3dLeeoDNCKU + rzq6ZAxDIlp21bof+UJ+6FmG/ZZcMpOKTeARK9DQ5bXWeMBOoar1SCtkCntc3Liw + vEI4ZleKYzMNhNr7cx8EZfb9PH8BpXcv6HyvweBpOt1fV8i4PxACk5ua8ABEnBBz + 849fKulIR66sWWnlRr3GFDwL7i6jAXdgc7lokQIDAQABAoIBAEvNqPZe7MF82JSz + qWdJqiFl0N12IwybyARykqOky7wrXPnZ0MJQrWfGuZsP/317yfV1DMvTSog8xCP3 + g5XLPTRVcStFQxA7Zab8lcF9FSSx+1CVovYzDbG0vOFSRxcIao/5DHJS81NiWi4I + CY2zmFLv+hiMyOXo4hewQCnPgtrO2g8Eo8/N0SvMAchDtsjMKg4UOI06c0+ptQOs + 0Y0rCyeMo+xe5phyD0fappsgq08EIrpLedsh7cGbicKajx6KdhoDdxsDC8vcUqUz + W2DVA885ksS8DRAUrJtDCmeahjSpIVtpwwXVIARx7wgoiP9gSrbU6SunAj2L2OA6 + 2QMMgAECgYEA87+GXgIz8dy5ttyxK7WdpzfG4pTq96M/wTuO+8JBBKX6n19LaHPM + OHqcRUNyqhyYejyMIlFHgrV7l1ADY2dXHOV808ZFdP8kQzNMi0jlnrZHTEkiJSUq + Iy2NrDUxAFWVCY1oJrupc6c+3KrT49ZutTyx9+sn9SQnGeE0no3ocIECgYEA6G6a + igMhxvWQbns+YQ+n1+Lk0Wgy4ywGob7605YPiR4bZlZlGrsjcIrvgOBT7nurNpP4 + JCWwtaaI+vEyvy12fxKK0k5hWhaUPOCsL/rRldUSEL0DGTcpS1pRMHoYVjAMdk6T + hLFT4V6aUt1cgOUKw8FtyiPI7983oisqkQVR8BECgYEAy5WCUu6gGDj1XIhD6nAM + t2fc087x2dgeHfTy3dBHoexHwelEAIAHaHzwHOHS2cZ8jEwZ92fPxJp0GdOYoOPl + XJtIgVEvHiMkVIR6QDOopcE1F8BVppS99xfLJrResxrIGmxjO0aup4xe8swzoi6t + 1O5W7u0YOKXziqgQ3QVFyQECgYBX40KiPw7tmXs0m3t53h6cPlpBaIIdbk9Pp9RW + X16efXjk2HRAiFSdQJvRgoGaIr8Z0xe4K1xHQ6J2KPAEZB9za0J8xVCAbRs+bcIO + HmxTmI7NL3tVdIszyAH9L522MVL1BT84pIjQJiJ6hONuhaztWl22WpOnSCNUObhN + v9I80QKBgQCX9EjMNkXnqW4HKuo5uENE2o+zGHzw4+0MmWNK9UQiAluIj9TQIBVS + Vt7p1km23qnnSyTCfGsIqZP3uksFNZw60KwdnZ2jnVqekvfBm1Ya8nBBuWeHako4 + hAx6AoVhiWZc7jzbQszptHPErCZuQ5C5GbhBTN0Pi+bbrFzYpwF1RQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-n0 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAzLhDjv6+KWq+cwzbPZDu8ured2vU3ubgG+EDdIkRRXtgkzfF + o6e60Vq8mVBiKqLFWS/Zr6dRYMcE9EZGOYiPBTdujZNh8n9feqfEbS7q4jQiVy6S + ld+tnmC+iI1PRtRXvX+MCaSP61fV8qQrr8p9n6zOPGkEqaBDHnPmGMYMs9kF2eU+ + +dqe97an8baeFowBZzJoswKmxj8Qb3V8sa+IgN+98Gzy/FeQGBiWICxYytxXOoEu + 6K9NiLMl7R8Pdct+PCYSMGHHmoJA2vyvCyZNtlXfrQrS0eCDAJBcfreYlHFtiRg6 + UVAdfCZxkkHwsEP73mG7FXmHNeP/AL+mCJ02uwIDAQABAoIBAFyovjNXy/x1CxSJ + 6iW4lt6uPdkxnlzxhNg5hVXWwFGBoVmg8by8K0uc1SZTgssnd0mB5faiNawnCHAD + 6r8Ztxo2V7yOy9N1oWKj0r1Ucg3GaRCqzMA3SJ8ZzMODqjE15SypMVof+OAdloHH + mtprPWbrUUF4ixq3pgl/jdMCuTchIRGB8pcHkIeS2/F7umzcEcFAgC3R/wUn+NPO + lxbgJuQmyj3zDPuyq5CTTGsy+6oQFUL6AY9E48lFQFD/0E2ue2OgiDc2X6nDbWk4 + J/G6TsXuPDEMq+sAFISfEkc5KgrQ1OV1pesDHmYSkCZie73UBbgiBUhaj5aXWBn3 + l9Naj2ECgYEA2iEk+rtPB+VLjaPg6rH0lN9dC4+ZxP5kyLjR/16mIMO5nfr8XaJT + 600gjvKr+pyeWQjEOrNiwlbn5sb77HiW6pgkYo5USbK1p1YvjHjheVmT6+dg5wyT + vHlvThdZMVIoas8oFDxJfxfUr0ejyX02rYzVmwlv6ztPk6Ik/qHgthECgYEA8EMe + xG4YxtSqVRT5Ag2ImbdKBjPmkOwZkyKm0CddjW7tQ+FWW0fXg8wTII4a9pmAX8+V + Z8YerpPIJLHruBKpf8gMHOCXXJL65BiXB8iyp3cu+Ah0ZXF3IxcV8zCht52acJiN + LGcFlpI5Ypc7YOPhPCi6d1kDKbii6YzZCQ2rJAsCgYEAu0/3B3DNvwQCS1FNFX1X + gHgG2KSp8WZbeZpsipTmqAArZyRejrGUytzidp6hXIYd3GsQxy/AQQ6L+bsqHri3 + MCESLaf3bYoPP/Fcx44OYTyxL8Tzi7VbMGA/WpnmN9pLZt0Zl7bljkQSmao1VhM2 + XvYvgAEsoJ3AChEVH6w24WECgYEAo+FEdTubjtO0M0CQ8IOGr0LELSLtm+BPOXsj + SUvwle4ZzHlBTBXevLlQOp5zac0eMTwIbrZGa1HF7LGnVPD1yIENMg1HcQ+YLklP + izGsGmpDEU/DBQa1+qtef3imdfX8R9zmPmku+JtYpRT+nYISOdSWC54deDHGfYNi + 7rfyCi0CgYBaTKDjmzkDjTefmuWU2/J5XPiBpQ3+P9wHGwysdhKWiEdpxqxkyvw0 + VDNXxlzrs7nKskqqaqHUiejwlxhx4WNBq6uZdzeOWbo8QBPcR4xdv4XhgKCRY7X6 + BciViDUQe6HNU8mjZS8iIaQqWmQ9iqlIJjxwTyMusAC9/fGpO75oqg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-n1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA01VQitt4RNHKOuVklY+EjpYDWIvRZYNcMg5Q1TtcCETks1Yp + 3HoVZS3p1lf8Lsl1TXo9GvndFzWoVQJX0prX8kFgttT/505MHes847OSp2zOtopH + g2Poi9HEVXQcEl9iHYkIjEF7HqH+deQPc2/DTMDKebuoPTnW3s8yBZJCVIzjmUI7 + ElQD0hRbOvmAm0qvZaKR5gEACCmgGMTFpK9l8iEhf3Yp+iatBWujfkHxke0A8ECT + IyiYIumarBN/Hg1sjlnhSgySC0GSpfdWYJ1Ijy8KV/ejKPnLRktPcaFVdWqVR7AP + gLPrhbTQCvz+YLre++By1xr+6j0DE7anv3AqMQIDAQABAoIBAHVuhefzFnyfWtGp + YGAfNNiKkWdlokDXYqbJ/67NYlGR/seMjIxgJn1nqvWZRJ+3AIDB+SyBRZK9FUHP + oH993ZtXKufNqjmc73z8l4Qr58UzGBak9iITpUf0kzWs5GBtMjcZS2+sfz7BY4Wc + 6d0KcKq4woosdcs31adP2Qrxf/w8nuXS76k3RvxoqaATPRED0fGGi+jYb0LcvFha + lG0TcZRZ9qwEKxzESqP1K7wE5gVxgBbvx4PvTzR1m0qnEWyjqMNbj4xJ/YhNq7Eq + sN8MiyhgZR+awFxluyV2FALJYGceunf24IZul1SEuZQXr7lZqWAnFpTdX7rkwiI5 + OrD6R0ECgYEA9adV6GbLnOOKTgJGFyUqglQLD2RreExO0CeUqlLgspNlrkKOp9sy + gb4AW48cQV+aV8asVebrpRIfsIsO1A/8yxpz9XeJweyzVjCQYpyGET8XPKRFAN2r + A5bXZzoDtj7mzG2moBLnhawZ01hYwud9BCCwSK8UToR8Qy6uLI199ekCgYEA3Dvu + zQ5He0VYIjT53paW7cVhLJ8tORc0m6XPJAu6u1Q/RUcpaSF+5aJXopvVgBjZxkwh + gSpHSgY+2uhrctrMAQrQ7mOikTrQQk0pW5w8is/f68n7lpiBz8vYFXRHdvxQquhM + MyPhZ3rqScz5DcQur9CTvCf7+LzyGQf7b0raPQkCgYEAl9c4Da/EeZRX/8H+Cv5p + GSfTsk7y8ufP63Abv2/8/cSIHD99qBmgTXvhArch0vLCFzFxgqN60oyyU9CQeNns + +qm+NWMPHnQtob/g72Mqp2xk85HiKRfbRhutx1ufwb19sayxSs6ElyZ6zB0WuFqX + 9r4x2KuHlMTlfi1Tcax/yEkCgYEAmoz4hTA7G5fLRJ4Wp4zYN93m1rCRxNmzEnNm + jO4qSaHSkORifCOEcNPfWf6v8if+U7lDXeh0hM8jNu4Z0U0YErcrbc+/2tkCIzUR + C/f1SJielFJ3WvSFTHTJnCywpiBk37sLFmxclwjb95R/RpjhBoKB2m3Y1nKKFuTS + HwTRaDkCgYEAsN2kmsc5xtMNyQ59imymOR9fvOS32spvxeYkY4s9Z+mQnOEUJzY6 + iIiCoheAc3URadIps12D+mkmP/uF49GIJrmNf/8/vt18muGshlpaOfjTp93QqtKh + 4SfkG/I5sHunuX6q1wWalgAeaTKxzjvb+bxTz9eQjPWQFK4Q8LpfyOI= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-n2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAwwR1tEReOUaQnNP56PU3hKg0jbNatK2R0RuplFh2JWTDCWWm + YBZR/MecOFcCRAxrU1KA5O6UY8Wz1+sXETHf4odwJ+y0KeH67ju4NWDzbemQGHD+ + zFpIKPeirPSwxrrXDXdFmZhRgFS16wnEZ71O7wjvLXzu1+wZrhIQ6Au25dSN8iyd + mQa7WzYn57bmfULMaaa+wDJRvNfkyK5dwUf7f8rwC+erCk1pXjBBJ+nY1XebQ/t2 + HMxRdUe5Ilcopa+B/dFjDVBuRPOjjYUBvHLRftTvknyr7GIQZshTeGWJ+OhjIYd6 + +JZEpu8EOlEE8E3swlO1AcNJJV7SyoP1JfHCSQIDAQABAoIBAFK4lpDjmzAiXX8Y + b15Afc84ZiphFK2lHkAbwr/ZEixkZFKdGoiRjy9xIDPJvH1O40uRqHjzNmBn4RRK + dRtnE3eMSae1wOovH/hjvoxt1nQd6XBkpb/a39b4y7kfhciWQlhE6nHvaUrNI+lR + 2EzEwTGlkYazAsD2NiJfKWq0ZV1xIT0HfYyyOfI0/IBjnyTLdRbkVtEP7miXvBXv + 9i6DLn7ziwOAN2rVOx/7EnexIgpS3ct+kNTDjXymuEZ+nCeV/AzGy5cJWcOYoc6f + 8bfJO/G1s50YMYIc4uu4Xr6oYl/pq6BHWMxqu8OsvcL3fMhJZMNIoKx6DvG3LUaF + f0DLFE0CgYEA3BNXxE+Ln8wkyteO/45kVp1fyqbNCMFPabGs7HmOcU+Yi2+eQFuf + BATGHzRaoQWXd0LPKKARZ3nNGgrlJUygfgdNdr9dMLNvqmN9+wUsnOD4EN7r+3zs + O6Q8S9BNXp4g4+dFphlpfJwUSue3esMCrR9gQKOWrtFEq1MU2bl3M18CgYEA4tn4 + uxR1LizmoJ3aYqR5Mw6wMjzTKYBhXTW1OAO0OeTitUoyKjNiuenKeQGDw7g39MvN + xQjzlWofb1mvvnaJB0VrTdtKNjhcIbDBwzBmcteWe5sLIp+svmwxHV8AbagKxdCT + SLtf8dtGtqLmTth8qdZXtoPQUOFBjNnOZ0/o01cCgYBmQWqPYXJ7vkv+H+hmn8/J + WvguXhB4l/GBJ7g0bEqeJaC4cRVzy9537Ivt5dKSbNmy5U0CEFXl4XdGOXe9O/x6 + coQwv7vaLBWfcvkPUJkpD3LTy/CT+rh9AdOuWkwIwaqAmm4HPlmAN7lKEJ51IPU2 + YZTEk/4onj2s6T6P55gWOwKBgARAKVT4ESoIVVn1Gz517n9yawLF+P7yFOD2PKsM + Brh+/XCAL2hzBgqNwul5icqFDSddGkHy5P2Lu4MOnyhmeDLWrigLT9ysOa237imG + IqVMPNmcEh1X+Jio1lLCkPN9DpaeTeQy/p09ipmpe79Gdy+HgKU+2wxo7B2Dh0aQ + TMCJAoGAb6B+R/QlhjT0pZmSB11EAsazZwoFX/+/R46vhAJqncalM3dZxPNokUzB + R1Z3HGf2mqoG8Sra7I5/kIOIz9SKY7QDFzoYEZK5G2wIu1Jk/yxKFTNRjpIx4m0A + ziPN09/PeCFX5t9vKsp97YADEQd3Sc7e4wcvPk4tRW18WM2DnmY= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-n3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEA9+itpRH6ISukftQktAstFreyPUfFNe8/nEU40pZ5B9dgOlWS + 5/EOhq0xJE2LD7W20leM/GsWXFFEvlduvK7tueImjVWaFASRo9tbGMElMhYqjrOz + blbKG+5TNMYZzbEJXx2wSPY/aWNbbY6t7RSoczPM09Q8mVyJQLCHqRDlX/8SVTc6 + GpA4oxs99+IPhHaLYZ41CiYBR5uY0cViIfm2vK7SGspegK353xUpPCZCjZGStD2q + KLcYkSUTDMZgvzFhtvmHl2DT1vEVV7ypMvzGkXEBIy/04jCLFtEmiyKplU16xU8G + IrMB7krWzEBuHMZdDKc+tlsOGWdzTwlOz0ZS+QIDAQABAoIBAAYCwTsQXYUyXrGo + iR9IahZz68FqnRB6tYsfbopElbin8zBW5NH02UpQprFfo/CEkmM1Njjki80/NzB6 + RDgU8bShFBg3LB4yIinb5rCJ9lHpkayWFNKnDg1xUNkluHhxQ23n9V8/gTgX7Z6R + aAwohREN/3hfW/zH7pf/77ocq8MRCvRWUPNqxlcEjEFZomcQLZz9J5uzuT0Bz2DA + W4YpBXCzFjrXGXE+lpjRHFePfUv8d8fa0Ye42374a88zRDHIpy/1zgOMza9IkgG9 + bx7jdreKHtAfHsKhLe4EN4Js0YiMbRygjHr1/RgYCV4bui2f/uU9QtfdUNd/aF3J + OfppZZECgYEA/SlxNbmn3w9m+5MispbY75vm6jTsUKL6YC7EsEcfxyXBY1R8nEi4 + IZCpIM/xvZz4OuLozYb8hagF2+ykZ9OHxkGV2eoIXTwsd8/9W9Gxf9M+mzyLXVHm + wMpcVpIutP9Y7tws/9/XMcWFrRydt4so0YRBBhYw1FMKtvcmgeUmfX0CgYEA+rAp + DUhNZ032bjszE/7CtyI6qPFdoGoj0Ua7DUfVVAEsb+oEP4FCZYhOhkz6OKjIbIxx + J57tcuDB+DGFJqrCvqRvHwosSDEKVAPj5WnmU08PDwZkVELOIW0jNQttb+9gYdpd + nfFDPD/JmXiuwAR1Be/OH0+/Iu14oRW8fqyulC0CgYBnsf3pH66fM1PfYBkqRZd+ + LcGb1SmmrdsYYo+2FKvziod4BDc2XKLvPK3J/uLp483ZcPAin1P3+ybLOlbtIDvQ + /TRAGhhq+CbOvKbuYSnvTburIlWDV/TIqxq/awkuohjvXcgg1rLydBGZIsuHTrzd + dOqdb6F4lrsgzoM7WX02kQKBgDRX2/p+Aktzp+TUT5H5O8bpSr5Dx3zbLKdh0WSw + fwaPSCwF/OUVpDt2/o5kPErgUxj3KhlPwdyeuWGNVXQBa7BKvTkJ8r0QIEvyk/8u + 4Xy7oTVN7Fz7pfasxxEoVa1tmf5Ujf+QhK1r1DhLTpGhXJ3kuHEpQYuVcf6Qf08j + 1z/xAoGABaQ44V+VN1033epY4KR4Nm55DzZMCznftyDXPyuHO5tvOJHh2QdibmBZ + t0Qni8i7K+hEpKSAClq+Xf2eLB/PbPETveDPNQMf9zuVcxLsV1ohmz9TN3K386hS + Dv+BZk8O8F2bRtpbBhnJz9R1R3qzhF5zndOUaPmAWu2sdOS1XsA= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEArcNkqMybHhX3ieYXr7SbnjsEUoZJdVyq+5zGr2DIsFRjW45n + 3znINUCGV1iHQsr9HqhrqCKe7NL8fBe/cttvLj++q1J2k6GV3FI23Rvl3XzrOAFE + W9N9zBBQ1s2UJ1UBe9itCrzvj3MPjPeXAqKbQ6cHlyFdJ9gcJuFdeVDiOtwbbZy7 + IWqol/J+o/mkoJrKqlQ3QS1aZWxUJQ53XANR4jIz+JklPF/t8BKry+3s6WS/H8Wk + vmfYGpJcwJh4NdRQDYuRFxVovpfOylAMQzSkCYTXorHs4o+01NdTjGbceqBZ39XX + DoDgiava49c2urYEpMZzM6DZnmzGZ13wwyM4KwIDAQABAoIBAADtkDYOka2BdIb6 + AZpgnowjyIwgR3gm/IrHdZAuNiQq7zTn98oLZvRR2eXRhTdoGh31zE1jkfG11r9a + 6RzV6ywWDxCfKh7zt/crQTvBEGM0bZUo/JJ4+K0EUUo0Ytwq6g0dRR9Pjv/3H1gj + Yl0TPT0JQVMfTH4P+2aBwZwKQIsL65+f/YkKCEj86mXjPPjzE1xtzf8PjaLoz14u + etBsAIfqCFlE/x5qg/5Ots0UEHdJEsM3RC//q0hRs5/7oho4Y8dcBsqzheLSRgbT + wE3zRqXMOmKmuwyipgzUTYuE6CbzQy9+PrkUN9/17NQDMvHITqo2bXs/vov/hpbE + Wezvo7ECgYEAxYBu5lLnRtcU+Q5EQdBk9hAz8qjrkp+m0ozCGslJAt9/vYSfCw1R + GZ9sm8QxOztKz4qOjoGWoAeQbD2ASxrG2ylr6zLfjke1VkcmSRKMwFAvyodDRKLv + INYsMR7Jj4cBBSNmLmeNitQ6W4LGiEhd0riJTUsKWjE2/mCcKK7odl0CgYEA4Tr+ + K9M3zrisO9q6m7o7dGp2Q/Y1kU70HWU1sMJnsRVNVVFY52nW8PhcG+KIXU9aRDeS + OGu7zUtW03xSoMdPSTBVqb9on7K+veymvY6V5d1DXOvN9j5iowFWA9acFAE3Xmxl + Qr8hctXFxC3YZJYAGKyJcMAxtb2dNv1KyJmq8CcCgYBH2BB/eGjpPBRFBQuPZV9U + o1BCVXBcRfdJYCq707zbbrHpHvU77/wwde3sO9Is2cS8+oohDMLeM+I1fanNqE/u + KYM4a6km+K7eU8N5kWXiD0lTQyEVNrAGIeKxe6GWtGWKmPXyq3ixp8ISx9+wc6Kt + pLNNip6ZcI2wuzQTGI03gQKBgQDSZc5r2BrI9ICIRVKPCNBjdtRVtljiDdRC5Xnb + Ti+ZH+Im8h/PxXIxloBM2Dg0ml0jXposNI+yPk+0re1uHeG15/4N3S16CXrfZoN4 + jgr/OMulsO2suyhfR283lLImieBUR4Psbylq4cGl+oGrrOgYJI0bk56cPK3xYXoL + nGkvfwKBgQCCPWv6C3+erUnvcZEWGA4rCyWi2gxV3iBdGTToLIO6t+n3FUtcL/uH + Xbto102J74HeK0faC0U3DKv2HQPIIDHvSO6E0Phvz9KmwrAYfj6X7IJbFa+m9oGs + MpoIJgFleUCNwE8ct8yZBwE79xaUJ5PBl1xMxujA5q3aMHhcLCpXWQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEApHSDtJgmMCQNpn/YTo3jBJTM26qD3nAogS/Nrpao9/YYOl/v + DqcNcljTSLk6D1Zs2xBSg9g71KEVcf9xYPGv5OP/0StmPJHVAgTQyjq2wIsRluy/ + UFgb3yIyD51KkEkBXfkUD0YKEXlDKeQR4FESrvU1yiIKbY65r76lTsIa1yNFh7ig + vTqkySyrCkyiqX1EQcP2AB96h91nVM4EcRtFxDHomOEA43p4lHZVAE8HRRPturVl + OT0kcH1G3FNZl2ZUut1w/xkMTFxpJ/eiZeeDetM25+oS968lf0/XZHIW+nBJ16qj + 7qwuwtXeYvpbWL1v+n5iXZGjA7S6xlskEumadQIDAQABAoIBAFswkGdvhp1jIH6W + nWbRnnRH3mBf6MdLAerAixioSgFU4JJd570EPJyPTHki3GLs1WeTYW3iVSrON4oC + zuemnJYbJxrhKcukQazg5rV8YSHa+2Ho3Ry7/ph36bJm0ZW4JZ3qI4lkmOifiPKN + mKv9yJJjPfRbc9TUM3qUCC3ny+JGtQPH06M6rzoidX4Vd56wL3QHklufB8h2stoC + pixjn/Qqq3Zalk3+vc9jqf1bnTsT2MAM/9M9cffewg/QvGay8H+/9th1sBKuKV3e + Ih2mc1j6d3toe2EnNsHi+unhIsAo9TZczh+3MNUyWMB/Dim7zCIey/LqFFMsad/H + PEo/NIECgYEAyBRSEmQfi3Tt1lK7I8jovWQaT2Hr5IlsjV5It+N7OqgnNfUgmdcm + E85BdWVcH7bZJQdCVKxQ15h5AmhkXYgoY3x1NqC+YvesCDos2MPhL5YmbY4Br25t + F7LFWQ8taAMGYSkvgIP6AFpM9OWW79k/GxKMfqv8enVymOzdtLBPuD0CgYEA0mtH + gfTNiPAIDg5daPtLasx7FV1MDIP1257Y7lTq8F6qPv0XL+YrOfwLf3tZgv8TgS9k + wD2Xlm+yB4qY7S90VQhNL8x4o7FLnNX08UgE6WlTX5zqgr8IO42FpCRvV0tqUmlR + NKFL3KkKbx6ZDX1WjxSr4UIfhPGNsvdviu7gVpkCgYBMNclJLhAB66kIQPz9VXKp + aS7IW/EhXOMXOfmS6bgvkItW9ybS0muzkZXHZLNhdSFjBE/UtsoYRQCa1S6dndZc + hrSS+UlroxFJFPeuHXZxzMyYYEXuD67IHxUipjBSdQyCB9ELL7oTVlIH2kfS1jo+ + UqNnQJVsA76B139fauUCtQKBgQDOgvtrUBdojitZoD+NCRS7fHRQQ4Cfx+ND6GJ/ + hlgOENqFd1+KYxuJjRS7yRPQvQcngpwfEFP2ESlovV3ZavmBeuRGRSchgJ/1DQeY + xlYLvpNVA2wlZddumzbOIfQkeJ+gwjwwqx0JM95JsH4F/z00r9UA/yRwFaI8Qxv1 + /vuuAQKBgAYVJ5C6DVab38SzLJtg1iMWlND61RTCP3wn1uAS8xVunzb1AU/ALFLY + ianXFlsIZwKYOiEUjZoHAnzoPW4++00YxTLujzI9KOrqNbDxI/ET8+cLwiMq7Ul4 + h6PO2m12UdyY+T4GDAzGnTbp3xF+tJZiGQzspS2s1XpIfy5EKrMx + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAs7NhS09jNNP1DDQYQ+t3n3FbbKlTdmFLVBRcyDYJCI8zmO2D + 0vQVO00Pl/0ZZ9W5C7QqgvnobNwQ9Ekp+pk7Ft5fMY5bkbXGc+4/crKMByDt1tkC + LMv11R1xbGAYNG08Y9Nsqaw0C7UIVN/1ojR6jlc6/4EFK5PT9a9KgWBNbb4fLD7u + g/qFD34M19XKWeUo0U5pjxTsmmLGzkz4v0ESgVCEzUh2j3x8zLzrdg9dFyVIJzup + xomTYoC+QBQjXT/j2rUSzSSjfDxP4y8XaGmZ73JurCoMYzJUYlVkx0Jo2Vteblxm + gRJXJ04YujXR/CQyZ1QouarI5bGPnHafCgIZXQIDAQABAoIBAFWAwYeC45JMU+mV + lAIlNMrhtf2S58qI6r273pXI2C2BbayTPskOKFgKB6Rq4j68u4ptFFkzrbq2Tz7c + 3SOG602rSyIaOUmwcxfQQdJCUExIB8LViKpl9beMhd5qLrorS7O38pkc/bqgTbGM + yqR+Ud4OdV0DN8GPWigpWssKVm0jX1kLUtGCuDEXMCkycXG08RscozlTv+vz/l1n + C2csuA2AKgIfiMbNqN/HC0LLT4KVOmh39Z7+OSz5vd7XOQ3usbh4xXkRUk6MrGPP + eRnYzsV3WKjpkByCgA6AIFSepKcmeHfcTGcW5bkdBl9zhs662dUanghBDIi1CTOM + JrpeB6UCgYEAw5LrapTnQApKtwjet+Sg4YyQEJG+X7w+7YRyLxgqr5Zh8aq79ydC + 3ZC14A4HqqpbTAMaaI0ORDO8LjBjM03OtPatsEGotfptsq2JXYgVuq8CcCYuTynj + +q65U4r6AhYTlb/D7qC9t2jX+cMB8vzxU++BgicGSjqN+NBZ4PgUwHcCgYEA6zj0 + 1+cuciI1y8b6/bP11Df/Awsnsi7M0PG81RyKjOZZZNayI7gzDpX/SUJC3ok4k5gn + Ntb78bTfUbAr84YD9Q+Z84+CLBTqQ7iPDUiAAHcrgCBQVsJcPp49ETRo93eJoMfX + jpB/eLDaGgk1BK9fEJzYLs3TLSQWHis5z3ZAHcsCgYEAly5qZzCF9p4+FXF44USO + DOzgrL5NIKpfJrI8piUTUjp4qhzmQm8KJEZqIbIWwRoBiyfW8T0g6x3m+PmUpaMf + CAqsR1TqOwpEZFv7lN7OlUoWI2WQZMeoIS+RuX/0NUqlhxv/NOby4OXeFodlaVWY + o97ACUFrflP3TYCaCesb948CgYBEFEAJHQf8UJpxWC3cr/E+ctaD8v6SO6lb8BtP + MuuGzESjQuBcJjvgxNkWQu9HqT+OuELhRGe3FTptUifmW6tZiiJss+RhDcyfvRLq + LUme2N7mPnQCKE66cOIL0LdwqFBVEIH66Sd7rvPxBSkrKfbBwCNxqHCuZ/tez/Pz + b64u8QKBgQCL+gfBrZOEpKNDFRX8XXkgOsRHWOlWZmcdFpgp+1NbAtIXu5D4FofM + nTZWJifE/glb2YPi/nZC0wbLh0GwB6iSsvt9Ic0TgnlWhRSL0RiP5lEjZWVnorJz + rO0HnwS4scZZmcMuYpFUWZLa5dcOybXv+M3W68MqDOlRA0dKipE0uw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAmBP+3MplJOoeBwx8CQqJrTTKxSRwlI1GceaBpMvqfjfJHjBT + vHEgfF44p1rwMuCHAWxwz5dKXzfFL3tp/iKIGRDbwV+ahY+xJZnEHKET0sY9z7rS + s6p6ymqoiZUdl32b37LIYGnPrirl2Fuy6X8i1WHUwdZAX2czqZpReL0Dcc5W0n46 + nVJa4PKLXHKENJdm1dMq+BZWmaYElny8ifAtJURQMnfiaoeGJwTpCNi2uvUWDjq0 + KiOy+PFzgTtZClPdqBcp6cF3jL30mdAlA2xNqrsm1b+rATH9loh3zCxk/wSr711T + oNHWTmr769n0EkPm5oChNJpV4lnW5h2/T3p6fQIDAQABAoIBAGVtKJSe0/hbwG0Z + EXyCL7J6PCZhmEgrNOlwP9TmP12w3QyqVJ6goHbx7D0JtJtqDgCQD2kUUQDSVEvH + trhM1ZJKIRaGKaucWxxlwlsJvwvbNYxe4Hn9YGmx2vfvoM3Rc20tcuCCkYVqjOLQ + vbFnHpdL6TbiKwq17MnX5zBsd2ilmxGYU4XFpAucaQ1RHDlFjvzk92bePAVAcF3G + VVsIMEjnoNMhaPCOXn1LYegcgd8vlW3zGOT0L5lNInQ5PCRLRxHU0eraYKOrUWOC + 80X+g2JOrSG4xRUgPMx2+MiFycb+FTK+OOrxb7FhuRHDPdUQ8Ti/i9cIl9OYKgk6 + GmMsAK0CgYEAwGonu00SP46ESZrh8J7LGVITtMWvA+6xsZ+bhLaUFpoKx3NV2drB + Eaok2pjsanVUwAqNx0Ysbr7gJVCGiAKmVAw5wPXhwnJQ3IQnB83SKuRdDTtfkMFb + emTzLP8qUHt1c61X7de45Wzdq4xdY4tWQkymPz7F1pWkqQzKGjb8aYcCgYEAylV1 + btBgGSjJDAI/Yn7/lB379kDlT80IeV9u7+gJjO9d6D68eV21XsE26E5HSoXGQwRq + jkEOJXCk17Vlh3/IgaqN/1w1DrI7WddaTH+bAZ0y7pTmVp+CQVuaH2jteUcQbZeN + lCpd9gNGEVmHPPzwzdRjcVrOgCdVtSi0aMePLNsCgYBkQevZ6FqtyzCauZ0op1Tk + KKQj+S0sO19TUfrSt9+Jt1IOgsYk8ZrP/XueezgUcHZsahNd1e6o9cQNLVwr2lWY + TZZ6OKQdkTsY67L6mf/8YWkqz9kHr/heWeNrerktnmagk53RTCoHQSZvkH/Isn2L + piypn6euG+LkQsm7xxLWWQKBgE6qOyYCTdp6SPAqT4pz5doobjWntX/5LzpBKFiN + 1mi9B72r5ospK8LTTA21oXIP4K1doi/8iwtzaCOVmwu7WrFPJjYKG3bDROABIlJr + qlBOVeb8bTFwgqv2eU2M9gcY4gI50gmxDyb+ztcf/7xuexELaj5AF9krcd8lHD9A + lyHRAoGAcFRfxqAWT0YsTgiEtq6VqnO2ZtB+o0z5rMmHL1wwDF8cT6mHvyTWqY+g + 1NkCWHQHh+F91p3oDSqLcwLtreRocTgANuVyZkxgq4ejudoX3yxKju/LN8xn7wqb + DGGPDHDvT0FVyymaFMJKScsAb3VU5TJmktl0/JsO12ctufnM5jY= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA4Ixzgthrvs/mCjWiPXf3OJ8SC/n347R0PP48RnjW6xlpAfWG + uoTKG1ARY6XQoSyGNmeS4Vk8BvzyQQWwYUXCBtqN2VBoYZkAHMsVP0If68CGlTj+ + uBOTPNmWhLZKq8aqK9ZgglhBvWJL4ef6h/L7rhhPkMvAiT980YtbH+IxNZewdOxm + J7pkxjewZTloDZaAqKaBfceM1J7F96fvZ8nlu3BBzcVW1+Coha1U0ZIL7my8WwN2 + pzbgqz9qT/06pBaKie3ZEg//bGIuduPT2jugZMFvIYrAs/XfcevPitltOwhd8rca + Xx2wqpTTIuUG8WUpndGu6lA+/QnM2c70FmcYBwIDAQABAoIBAE6WuYLM7gDNUGy4 + Ur0CtKK7gZxxcyHdsWT7cesUNdv4e7j0zp+PBBFFF6DxkrAmHh8CZvS5v3mOo9a/ + //g7auntKgIp0y59Vv280gXexb9EFZY6aWPRbhG48aYnCsFN+Zb4I7Ta4L9AnOBG + yXc1QoKu/YHm3c7rSmsoQ89H4gMoGQNe30jQG3ePur22nEwh7lc3v4iCpruHwbNJ + nIQL0bj4ZDuWpRLrE5qCGuH5OyW9CxsEjH16I+OqqppYGMIySfofDzVmdN4+qQYU + QgrnDWLtootGKMDKSV7ID7uJBKxmHLLuj/5Aunv5pGBfd9l6kI18LgSyum2+NOwd + 6LXSbkECgYEA7YANMfTkMRxVrVxDt390A4J6rtPEKUcuuxBIBd/OSc/yBoq0AJej + q3KkP/t8eNIzwxSyynstv5zM1ClGNJikMeymgMqQg9nUhCFj15Fv09FmaVNkISus + pQS10b4fFsLzc/KUEnd06Gmlmg8sj2YVvTYDHBhAmVI1f5gOvQX1a2ECgYEA8goi + h+u5v9DpI+7Fpw9gan9V4V8WXCDefUUoOJPGuxVyL7558Q8YOsQQPg2QenHb2/Q6 + 0yVdkbfA/VWpVs1vgmKr/bmUD4PTfFHvumYulPucOy2gHESxzhjcw7vG76vqcgIQ + lSNrHuClpUtCbPmtQ80bceWeN2cHvyEEek0XZGcCgYAZBtddHks1iaDVpdVU7s9Q + 110KMzKGjwOznqGYTN82E/2TBua08UXD+U6pl1ykdrIRqoq0n4pQmLtU2AyX2kXj + JObex3m3CytDySj2PFMmZPh/vNPeUvXcZcSrF3e7NEvnOfa0g3YET62tsE+nxMAh + siFdwoh8H5eXnHRhItGbwQKBgQDk0Hf8jvi3QcRl1+C7Imo/w8lomgAFcH1lZ++y + LOH/EzMzt5qILYD2bUv9nc0sNF9o/OZvni9rBpBH7qd8DBKS7L0zzDEQycsxCDTd + vqPi7EqyF1v53WdKM27hC6/x/FBTH2iV1Tn7otx1+0P8ybznEAwWDMEaFyjXo1sc + U6z9mQKBgAIsOY0FaDg8rU+wpHKafbE5IuljG8FrKR18aSSENEks00vqKN5ESA+u + vXOzM+Lq7UAPkUGvcelJawByE6IQVAD7GeO9ESpRO9jac+o3Szo1nUOrgjSrZIxN + ydiOBoPCwJFtL6BZDSXYZMEks26jv+KLt3lDzLRXH+5sEY2xJknq + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAwiVhLzkIV5Ztzio8boiIFM+qy7QQakqDZR0VVYRLWN0miLLV + ARvKatsNt4wxJgD95L8VRx2r45+hyYTh88LNedzmGxAT3lOVbLe75a732/Pmx/8V + CghSOTfh1trCgCcRC1PgOE5l0qESuRFtGokVeDn7ZwQzcXPrZufvf9ojxZD+g1qO + /N1104zDKjfxEywjH80uwjwRE2r7bm3pN5D2quy0nirllE1AyO44+no8gd9tEa9n + 4wKOO13aeFcvHYSky18ldo5fX/q/GKUVY7xxriIRdGlV/rOWxGj/YTxCYWKphcjY + RTgcXTpUByO6m29xW7zvWlNCbSlqBNqsxoUKrwIDAQABAoIBAG9PzSutEGpfdi95 + KdLZ9uOvuSY35B19AV7M0PmJ80VM7pX7qoKLM4AWfgPZnihC807ee82dZnsIgFMx + G/eNng+bplan3ixfUdHWeiWTLsruSUgrqR1qbfIeZx6vqEqfm3caLPk7gcfE0B5J + rntDU4rt+4Ux9Gi85J/IpRlxsYbIvdhuX6GWRJVHnvrtOsaLOg5XAZslcxB29c93 + c7bNiU4c6t/CUl7dDkicCIuH1EvdsUdYQmroXv/eEQJ9redPukI9BpALQskuTd3u + 7WWRLgjhUi0xF/rV82mtRlVAT7Jh1M2BlmrXk4pZi5QdHyHSGgTGh+awnkCl2Xxv + evQqNDECgYEA7pv+PeeyLWwOxEgK+H8R7hNPRmfkyWJ7ujwcRnmlDVycJS11TELG + hGmyBKKaj7CFjLiIhNkalNl+Ux4AqKDyTSUDRwoKkxv3awAHYYJX2dHwzN6V9jrZ + NAaqLVXWFxrNffv3zYuYnnYdG78HHMX7us5MTuyLM1h2pydV+40dQScCgYEA0EvI + iN4+NxFy6nYJo/8E94XvENd9QuU1/FyLWQXmS/KP3ECwkesRo5vgOjSX36Unq4pF + L6L2aV+anZt3SVwtm5G73a5IRgZ725CmSqnNKZc1PxAt4lgh7z/CwiOpqoufWPVm + DOi99sRCDvaB2Y6rc6D7me19BvwyqVd6kn/1zzkCgYAlqhgK240DoIAAOcMJkL1a + 0E9+NJ4nr9UKA70O3trP7iNztuZCIHRHqIuCMcymC9445VQfbEnG30ISirTd6XH1 + /Xaz+wDKUerPSBTiLnoBlyMko6oWURnCHZ81Qsxln0R6s5BdMMDpmoljvNa5kwL2 + bOQcvTgH5dns7seiypaolwKBgFFvL2mDKeOxqLHNkBtTmoeDD2IQPWKn5iFRtREK + 42yR2niLufxyYKUMTe+znCTNluLT3hSvq5Kq0/IGU+6UYShPI5mZh5wI8Od4d+r8 + 078M5L5Q/v9c4Xd+ABCSjMSmbZgD6O/nFk2hkQn0ifOaeaFtMLCPTrAqbUwTbVJV + QK7RAoGAL9FOD1xHIznBNOc0aWd3dUCGuuQhQt6R9k+rkTDJiM9uL1xXlLY8J2pa + pMzc6E5JHFdnJqb3lEwtZtbmc0C/mVDdNb3qMDVjD13HeL33qPJhben9ZtmhIsZ0 + OHE5pj845oE0OuVpj66vveWdDMNF8O0th4TcKklNkSZEHeoTGBI= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA2ztVAxDkW33oU364dwIBbbsiXC3dAkzSHiJUrGUA8058Mbk4 + N2SadL5UKkXcYS4g4SdYrIlhWMJHw/JVbLWkm9B5gyd+UZnQjD2w9edSMfrQUy8K + w25Clg9U4URWwJNB4Nl8mxElRrJiHNkaimGC/yzId+TZwiXpiu6/ANxehVnjeni4 + yQ0GIrPbh+exiSp2oLIITWQPq4WgLgq56p+2uz9RbISfAdX7EyvQ0rOnrHokyEfG + hXmOnbF/CfmoxMjM3sJfOp4h5QOCiRhqk/m+kCl9hEwBMVoIAkJLrQkhVlGIN0F/ + ooPrsNtzIPgwKnjff1BwbPz6gRtRbThOm6VIBwIDAQABAoIBAQC+VvEkTFI3rUU8 + 2NTHXpJm9waKCbfM+22ihCQH2VnN5OKnOSy5yzrfCTCB003XgflCAqtWgaBnM6aj + VY8dZ0eXkJUvbeaaanVKjXVKyp/ujNi6oCk0LFLbfkwvmOnJIREdazZoW6aFjvLo + IQaOBsN5USRsE+GMUuZFnatvz+Sw2RIosIsm2YNIXgKqJ4xvFV3YugZJLXPYeb6v + y75Vk+CBGgB5XqjJPVUY0/shFXWtvdjVL71L2IUP6cegFqXQW1t9sSrXn6hNWvgb + Ml8PleF1VH4ksdIuteBWomRuPQD86+v0JkuRYOsp8Ri4E2f3Of7iLDn0i6HP3qnG + 93ODbanBAoGBAN7kHoLa2bJ/Y827DDiv8ojZESCChB4SS3vyQ5wscXMmdIZeVW6i + KD+aJv0d3/jzx3hCwtbg7l1CoUhzOz5/OZyIypAgOnxFzre/CDfAzq65fK3g/oIF + zK8qbr6cFEpRYBc2pKHpYG7GEkmXO8fQ77StJj1tPz7qHrcm7EeGl7aJAoGBAPvM + D0rBUHQTv7n4y3YnuqITwRZsylNK9AfvpEiM80xStz3uB0yOg5Lz8q/Mb4UG93+2 + 8/syx57zzgGZSgFbT9LpTWE/vRuaMEAd3JxGhX1Qkw977TPe1TYW7YGU5nI69uiN + f0NeaokftlgNvVffAcUtEa/7KbN5wh/ovuf0D2YPAoGACAJkgklA92QSfwsQplzU + N0yti+CExNvdcIfFHDCQpxWjrExpf38+OQLeEcxoBvcjnNOxUq1kg19okkTpxRYn + SNO1i7ZMw7hydDHeJrq78pVhwJHMM3nn4AeDUUAkjoMcE9l30wWi3Hgrog9YK5b7 + dh+etyhc1HLvRZ+VcACLJRkCgYEAz93zFdynJVyUX9vjY6SCr4CtW2zuTnrHILIW + Joqt4+k5OxgA0JOqTSu0wqp7ug85TSblHhAaub895xX8AUi3ij9t0QXEgT/160h7 + skuJsh1Nem/tL3AbBe9BnUMmR1EkOnFtiVktjAwxBVo6YItKs9N0EZrAH1k6CAul + ZmmWOMMCgYEAnuwMKbFwmi+0lxF1dDgcg8dQ0h3mzvF+HMCSV62DMm/CZXTbBI1w + AtgbxiPJSpiZXMMGXgzZb0hjS2kH8/nthIqSTAiGC8F9wRGG5HUgs7UjBWiEG+nD + BSknWYHlAnNV+rqKsoFs/wtUJyMqSIU3FpjsPRE+XaDxyKvcoWyeFk8= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n0 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2Vo39YGxPvLX31o4bTQQtpmNfRUlykRGgFx4q9Miagv+PsMX + VWqRzGYvCJxN+FYJ4nzDOTyFc8FQlarf0cK6M66Kdw5q65IZXP8k72Kwz1kvr7FH + ndYkPYDGy2CSyIbIBQhZnypt3XQfvVDQOVz6tKYIQtL6V6NzbULCYrVdjgiu2ulP + tfvUxi6LLhyikxkJdG0riqiRMXH2/nr6IZa1f70yK9/nDQFXKbGr9pPYcKddsRuf + s0RJV1Cr8RF7p2bl4WDhM7CbwtGRQpQmHSxiiaInUFpaPK+7I0GAyNef06Uqdonx + NuodHTe7h7MFEBAKsX4KxqYLWH87UWLsuZsqcQIDAQABAoIBAQC2Y9m/gASPsVLr + T5c4NE+uGy66/wsGL8MFphNxBKzFVqkUW7vx5orQfhML47YeJX0H/PAJ0LqgB2Gr + JofJSuHbyqTRAV1Brwjvm/+Pjj6W0N2OTnKthWxF3BF1yuWBtnCUoIwsX3twMSkN + QYpqCJctDoKyKL8A2d1bm4DpOg52x1ATP1bLu0V3AAy2BpJyX/5T+30Urc88DlRG + ypC2Ecs1w21ebhit4yiAFPgnB27bT9Xy7WwahFQ5iQHmbM+K8y7An2+e/bdA41rF + vnJKGSMpepIcJ6UuOI9nxyZ7m/H9U37Hx2WmIvi2ZM66805cqUFCejwCWUAbM/aL + Zaev2wudAoGBAN91N3NKYPeT6qYDIf+J79IASWDlEfHmDz4OSIcpJYRMNUldflWn + 9pOm2irTB/iss+ysAYfKK20O4B9aLh2eAvJn7wbylxoh8mVjxmD+/JPVOSk7oSyJ + JhN2d4Ofd6EFNCxrr614JkTIYQw+MevWQeAHrVI7PD4kzsqHWCpQw9rTAoGBAPkB + Ygcxy2joyL1yWjSwo9uY59XWKwqqps8gwPfK2ov62os1mlblUdyllZWXwURhDYub + BdSGhrDmN/5yq0/2D0O9rSfdVmIF5ByjiSRCHwGmho2wIXBe0rnLkKlpGXl0Sn7J + yg3VYD9/bd0R4vVfljugljz9XG4tjIrqd7VkUVMrAoGAO9J8os/Rv9YIpqMGEgxS + eMz82ATbVgA6KmnWfuDEG3PvfBGchb/uoj6z/2z5oFhT3tN5oWm9UHgABkS1PdaU + gWLTue9uBl/6LayValg5NDaME/7TukGJQQKhIkqp0yC6g/3cTTtyO03NtWJdKP72 + KczEWNRk31opRk0PjFyM4mMCgYAO491Hztt6D4mJgqAQTIvP4uniKKd0QNYuxqej + abb97edJsc/j6Fyn1CMIygVdoGwd8Aw+NDkztOCeT58c7frlsx76pkq3G+ETMVhP + GcEe6SVcra6iOJljUN/6sXU7hQ+7WzfA8gSKZ4VbVel7gNbMBANX7FKtp/2ihPjZ + mQEf9wKBgQCS36/Nj6/WkcIT1rbpXZeiD79Znr+NMpV7VYaYFIYK+N3Sa4wovIep + RXRqo2zV/Xt+Qao1lVF1aXseLYZ8jnLF4sBZoEE+F8ifJHjVkvQsH4ljpxfbMB+V + nxu4kNRGQ2/lyEeazTz6xcDr6KsEhISCr9wK/2rxS6jge2co9Mvrxw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAslfIOQLgmiDoHzOIwO9gblUFQk6prnygYtbTus91TYvvLMOc + WbtPp1A5F28FS21XYRbZZ2x86n1B6QaAop5qoAkOPqXN6WXmhEGN6Pxrwf32Ywym + 0FHwlp2eNFz5uIV3qBWB7Z37U9zWl7bWIAxWFOt/cr/RMmPuhHoHjUvAWPPkYgCp + Er6T7gaptq/jjOhwjZSw0LBsIq7gB/QFXgFJvBaWY7hcvBTmIyE0yG+A+eCifStN + WNrEcUK7iuNjbgGh6f/pgf3Z75iNkl39xKckIwyUlMT4J/YVPj1pzs5WNy3otHER + jrWLlqX1WTdrVr0fsxULUrr7F/uX4lhYFd52ewIDAQABAoIBAEBWsNH4esS/2F3h + PpW0BgrnuzT3oflj1oyxycKcM0pdkFSK4S3yCENpCp+smrFiaeKJ1racCdiihZOm + l+OS2Q6RFcV+FXH9JBNUfvitj8Z1c1y6ZLfEx9HeXQOxAxoRdGB8Gdp6YwAXLIeh + G1CGgsubRehE0RinupWqXG0aBfNQtrzE0pb/F8InrScvq+FOIHL8Rq/Ny9ejnaAV + Q+6/69p2jYcZM4ETfybf/JJnrMXL6ITme3pA01w5shFOaVYfsZhgJbivkUb4lNd1 + VNCg7Qjx8Jm6mxsjxgLpwar8ISboqVMs564XD1dEKkKfwkz0mpJqHww2S8Al1Bum + jo2J5TECgYEA6HeMi5BgCm5zHP0XnBKJpp7Te5BLklZBspWFtSmdXla2D5CqpEnh + bh9J7yTQXbS08DO+kst7V4qx1mm81XWGmgf9NOsk3QNxxcKQquxj+jmNFc0K2EWf + Ba/SEaQFXJRaVMSdktsL7xhfLI6/N7vNJpVVxkxzAvrg1DyXW9VBmskCgYEAxGWX + XdEtS5UsSEYISpX4VuiQcYdU/fKW2cB9O9ZoPnvcolovxGWbv4n5KzcafD9TwW/X + a8tQngPBx3CZa0MPyQFnJzlms6Jy27Dl2HAPIRmHtSOTkZxL+3wwHEVbxqifD5SW + 1u0bQSWinpNr0MMQ5P+CNQG4DCPjI7HwTOKtZSMCgYEAkiBz7Fb4yBXdrl85tBXD + CUXVUlrF5lrqOUPcJKDgFykSkH4zhcobNoncg8L0Z7Lr+gHMzaGzCrhYSZt15AhY + cAKNm/Ij3foITnObVJX70pLSqN2W75Pz/jMjLYuZAzUOAzMEige/XLBJQ00HzhTz + REmi/V+Y/EqPgVoFGujWsGECgYBOcgmoxoFiHD5oy9hJ+mcMR65SOmz/ViNc7J7Z + BMX0l0LEcmN7/d3c/r5QvZzNnfnVXNfdzYLw6q0+/UG6bznh3raWGz5jZ/Kav6i+ + 79uLLAhhmMk7swNCexM4Z5fF3NpTvdUWGfT165Nt5ZJ9+zxHS6t1gq9B4h+6xTsn + aq85owKBgBXInNyOw80ublyTmFcPJtqgDtB/UiII9DZnfW2Y7TakqA+iIJpLgRBs + RNwMJG4+krvck6YXFg+eFLrbnGJSMv+PHLCcZAULPgtNsZlMQTCw9vcNezbamvfp + VGLJfDs+FOSkLJe6SiYOCTDMLLRRPGffDArPYV6UQqmo65hL0f+a + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA8aYO4BwvtSCSneWza+2Pr/jsY6ODu3KNHKq7679VyaUj+pNX + lo1rb3NPmFeSfeIMp20ZSfbZAFWV+d5nGVH/YpHU4XZaNFfaalDpBSImDpdejQcR + 2xlj2fTMEGMW1+DclJbYNE9oJ6qTO43fCDuzaYbyzxofND1wMofz1J2mlq25r9zV + gQZhM70HT6FDBWg2dJBHcL0kax5XjAs5zqGEJEzgZBDUy+Fz+cahz9EqSYQ2ZGk3 + 1lJ6ikDZCIuMhv4P+GEmWbL743cwz2qCSteV0UCsV0B5Lp5mcpeT0ZjqJZ1mMT2e + 6hPda8qN8zfpC2i6AsZiGUvQrmI53XdATsR6BQIDAQABAoIBADGJpEUHIjSUb9oU + q7p1Yd5mPjeS3r9/lTQKQCns+G40/3Iv4GXJqfuX/PozAaHyxDtSXzvNceDiqrMl + h6cmKx+O28A4nfdbBziCS7K0tG6LU2O/zkZHJzQYPfkiBx3MSAvh/IKEwMpY6oPr + 6ovqiTYZ5w7TwQ/ZhHWnbzHn+62pm4P0B1YvIpI63ejya0IoMNiLNx4Q2QIgxaGT + lkL6IuyVLnlJYU4ZhRhH0Iuf31BJG1IlMRVa/rzJLeBbWpLgcW69jBJgWgSUY02c + RTtCBJXmZDDvuFQUW5fudGzn4jO0TZEc9te3aGn3r/K5YzzgQ1fxlkEfI+XxMcYG + bRMIV4UCgYEA/xzoeu+TmRQSzxl4KNCOSVm8/nXQjBDmahFQqwkI9CL94+1ZrLU1 + IacBCjK102Z16RNTiDavKAyetXBVy7AmRPTIIOomtmtVMSiOBsvNVjOMz/HvybO7 + 8FADLLKve1V+k+ANSWoB1e5X0Lwxs/78TD7b9jZGgzVDlnYnX9O2JKsCgYEA8n0q + I8NEduLywhhQiqzoC7FReMh3zrJoaEymeiTXxNSCR8cvr3aPTCwmUTedC8Uwat2k + Ot1uT21X2eZZVGneZixMign1j2cg1qpHua5Fm12ywQbmmlVGz047rWM8c8GIrzD+ + yucEq19W/0Au48Zx81DYfLe4jMVzeato5NEA/A8CgYEAm+uYL2Lz6/B32nnvlcp5 + 3FzrhP6O2ryNhzBUBGT+QvCMCl2LnGIYOhwvJ4N829rYn/5+5Fa/0RN9gNlKprZf + fW+6TVuvE3kgVW469+5h7piNLJ7q9nVSnXrZpd0EIbZMKacbl84hlxYYN+x92Ew0 + +YjFuYLMr+7DA1ftksT7owcCgYAGv7UMicK+DFL1U/fp5CYRLT43Pl0XQ5/kRz3a + 6GuY7tExbjnFiGc0l4X5fLLCQRq33rNTcBZB36kyR1b1In0uGs2GigBrnVMsplCY + umD1kgYHmUmRwg3Wdzbx/HESR7CmL5bnzsYyftTNBdxIOp2xR+6+id55DIXKPRsO + Q0LjwQKBgBi2slOSs4r2q7VLrNUwubf066kxbe30WYn4nOZ8fbNPOs1QIZfMg1/J + iBCGwY6goAMtbrd9WRawgLVq050FZu8M50jvWTOMTKBXTXdBWN/H7MeRQ9ArvXQt + TcjfAhPW7f3v3Bzeb8thMAcXtI3ae4afpq1IgpCVsh4KTTtW/M6w + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAomtllliJXa6lN61GJCymGQT3+ouVAsT7Xnm4VYkZ4Kzdko8W + 95N6K0n5rkRyfWo/RgCHUuYNB0fJvk1G7Igm2EXGJvJcLA/4h36Sc/v63WzkkQYq + rVrnWtzwptNDeX88RO76ibFXM7SNuWIbKoJvOTsz2PM4jhDmPSz3ezpTLzjgc4LS + CkgqWoPpTqZAjtRXMseYfKwDNmVqDVhIAEEwYMTn95bg233veWQa4rh+HHQWpofB + S3dZBja9l7gqW8ITTUCV9wJLX/zBIIEHDRhiduRKUafNpPS9k1dNjEELe1DHZfBd + cD7HIw2y8fm3cOhnU4xw+njXfORv6+tZ9iidvQIDAQABAoIBAFH/IjQ60m6nQuXO + 5oBQwjITXhXw7fON+tGBZdxY8OWKn/njn1ax75V3LUQbbil+wB7ZGXhyh9VLGsCm + Rs4XFnVNFHKJHJtqHLBa6BkB925eES5eDKGkKPSoYh32vjPSVlz+wSFOlJWX64zR + yKE3ZGtiRhSbBcxDH9l2oCJoGaLWp+CK0cV7Zht4ZWfKapZ3Q0SRLk2amOwJVG+d + FSrl1lwo4VYaadFa0/zH6P0eptkQBTJpgt8rhjL//EgU15zAW54vEwk1H5PoGYmQ + 2+QRRNzKuZ8W2o6eda2MY6M2RrldxAYfnxv8rloBXhjv2NgvEro3QwAdcWOBjE9j + uFtHwIkCgYEAwa+wrM2mu6tVpTmterKRjSuW/7F/s4RojVUehhTAlS4aVGROrpJp + 5gDhW0NOnpTsea+q1EIoSUWiyalAThvTTmZGvMbQbWyWhkeGwmLJZIUxDhpU9EZR + qfyaWZw47phNCBytT9WtISlRs8HER7+NlN/nUWM7ODoEAQrS4uvEbc8CgYEA1qyG + oDp4dU0BKmB1lwLjIDli/dqIWfsqjkFGPVjmzsaIvKdDDzSxY9y5+t4qsJDG5zWL + yA/OIVPdqj1pfJJx1ooTQ5s/lktcWIPwvWxyXDde+LtZ5JPY2WdGu0WbrmY4zLQm + NskKnMc2E7CqaYSiF5FbVH0RwTySOYu4gfFOSrMCgYBjpjap0Wy1JWN9DH26oODN + 1t1rVDE1dSwtetundEnY9s1JGgp5Oo8NbOqE/84VPN2lhcHITvlXKWKlilSxWxOO + RISkX02g3rta/rXQkO64ruYcMWQAAaXGZVYsQHnyF52aTNbGOlNGunF0oH6Rw3Xe + YIwsjXdMaFzjBGSXp2F6dQKBgDBE+sBsZUl61xhAODCMZaWJQcjyqlYRM7Bo3PJO + WxeDbJt+wIVaw8hAiVDvQ4oQA6lZUOTbKO41fVIaHO31v8MNqOc6sUGKEGmWwTrW + d6BkkuY6uiu7UrcPkcfqDudX9M2SdEU9TzWRVYd34dl4CTpjZLXKqYNZq0dlM0eE + iqYhAoGAf4tZ0QoBbzcs7ybLUuTm0tclyxIP1S/6Sw6fHqH/Js8p347l+Lm8cZ9A + hDCYD5ConMOwy45HYghCGHqBSQGRLinO82eFt7tRUy0Xks72Q9MTqToHx1Rhoa6A + 497bl5RcrxE6+0wKMARxoLJCi7uuyTJeiwS7UWNxMFdyra3P/K8= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAwCLyUtGrZ6OMJKQRW2CN1O7I0zEYGaOZt3K+EO/RylDJsOe7 + nnF5dMjOMtkB7M7k2tPDP2dRPpf1b0osqzUksVri3yW1ot5/gT9Tztcd209PzPS9 + 39aKOZFwlXAvs6/uco3bnVGzY7ylJe3l94PPA0TScGjoZO2Xne6DahG5FSVd0KZP + mRoS2JKcKWFkroSq2+WZp41Y443yCdT8o6kx9jFTW4uSfiDkARS2IpkhXrFZeTcP + tUutotSsKNgxG549pnCGoSof57d0BJ8RvIEAPpXwWMKnzoFNK0p1OXxNYrLk8g2o + bM8LQWKuqZErg+4JTlx20R2+2I+D8d2bFSoSJQIDAQABAoIBAQCD7vtK12LFtc4j + 0u2AO5ro3lbUfl+4K1kAWTAeXS9Hp5X3fgidUfo+sSy2ScFCpQcNJGBsBzwIqTwF + gX+OyN07U9d5t2E0R2hyjdO0so5z69A2QtCnBaDAyxft5a07y9EGpFZrfpCaKg2V + L/i7r6zU58tBGSiLNYLpFcDzctwOofm/MfmfYgbxPX5w2oBTDgOrv7y+xEjTHgUm + Cvi375d7S9QvivzkaLUeLjTP2OLk66NosxUgXQMx+FKMZxmN1YpeNivj9Scg8twE + 4n1cZhdTTPVaQJdddxL5SktRbxCaRCvCdQneAOdLWneFhuvoGo209UpprUTM6kgU + KT+wPy8BAoGBAMfZ3cp07hl8sZ2IirP2WA5YEXAFnI0t5AxBBZJkcl/lYMxezltJ + ldS3CVUg/wJ+bss0uimaO63HEi5mi5Eh0Ci3q2umRItkKTSrhkB0QayIqzXSHaRQ + 1JK2YXayJRDpv0yO/I49nDcwxMn5q4PUQMFPyix4C61vofjcgo1JyrZFAoGBAPYe + N+7c0MWhb+I0tCRn84E1+jppQ7ocxWUba37Yk/g4UgPVaZ/VhcK3E6IYZ1+um0YZ + fYl2t44XbMWdG+hdM7a69GxCMTXGVx57BWUlxwCmC0OO7XR0nax40RNlaVwpdyxb + MG72PVJ82aFhEqTb3RQGnAhvE3b2XS7Mwtl++BphAoGBAJBd05fiq/UBXJT+A6RI + ugdymvYfN53MnsYzWkEMCos3eZtoiQzstS16I2W5dj1o88QbDLfs0FuSSJH4Ra3L + jUE8nLog27cN3a5MkaiR0rc96t/wLrV6JnTtBq7ltVzoXeaCC/L8kpJTynRUxQ9w + Dm8WomdJOLZKw+iv8ib6PVM5AoGAXFC9XiUJUffZxZlLMJSlK4QZlatCMh70k5YT + XgLSjbpiWPnFoqQuhfixro1EyQjvSP3qrpMPCocSz5S8kQ3UhefeInU5jBgXOWGf + hm8DE+U0OGT2AEZ1lenDUmkped47yzFxG03VdolKAFQu8BNf+1D3WdqADJEgJpu7 + QmVznkECgYAoPJvFMDVPtFVF7e8G91UPdjOzc2SLULdWPGeaneEK8Lc4D1TmiJSZ + 8Lx/SNI/MJ2uvrXAkMbW3x022FCZNOlEUKUWeJgVvifLi0CIwpkOSpXocf0NXWO1 + W12yHMOhlZw5ZTfzCzkscKFZi6q+3z3FEohwoIsT1QDE5OGQCCEo3g== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n0-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAnlAxp+2rsTOjt5OL4oVuYkbBab611Mt/j8qDesftKbMhtJfr + dm9LlJnHoVN3US/V7GXlypvft3VZ0W7U0m1rxm2LYTolk++VOKgcCspdm3ng1hcS + YHVHG16my48ke+Ih/Md7EMX9MhSF7wIDXR3Jb8pbnBs0pid9aM4NrV3sT0/391VF + Fwefot/yMMwEuC8uosBkVMFF+UXy229HP6eCMRYO6C77NUYQOTB53HEUQTLsCPxw + Enim+/dQsk3KVmmxM1gVioTc1jrWuPaJZagrBVPjGvfPh2Z50XNHJ9I1jD4opvpO + lsOY6AXuyxUv3PpgbL3+G2v2VtMGRd+cvpJZvwIDAQABAoIBADpxnINECHg4eh4R + SDjtzVxWhpyFHRdbsNHijztKh1E3oh/LXc+xMpO/WaVC7O95212UGIr9lE9j8S6R + 3dt5LappUmUoVCsS7WGnHgMVxgzZp5khl1UotoFyJd1MEMnzJ1zsP5BnpxtP3Enp + 0lgT4QN2Du/IU11rgq6oMwBnhg+Y/2kR5Q6ZpZC8y+91l6kYGDLPQ5cCK2u26cnU + gwGLF0ix1fvy+IIEpXkhLd/qTgHiz9jUcnY0ejVdYJ7P5JQFKeDkykpLvrMK9dp8 + QIjoAAqzkRDyIaGosvREWW13JczeW6r3WEpL9aWiCVKe/5Krq6qxycBZSIPIQhh8 + KZS+B1ECgYEAy8K6+U9lFKEbhbCJdhlqFM+UqsK3nv1GqP3HJEoco6jkSC2UlcbJ + MgRIL8rHvF4rtZS6emKZQHst+3fqSOkYbLwlJQOEG0Et1k+Wf7NV961qqLdKCVOZ + ozIzZQ72JCdbViQ7e1Fx0k/zem7IBfV+Z4fCHTvafPo0S3HHzDwUesMCgYEAxual + 9IBaW1MBYp2TIZW8eWJW2XAd/BQ+4uy4nPWFMGPTaBKFsdaNNe05Tx19Q1t/DrcV + wlyRab4ZEpCemNrFfeDVft/c6v0LuO5r1evgdug4gSEhx5ns/5/UCyH5eFkufi+s + O0QW4bp20Svbipkg3XbceAiyX0y9etjaD/HUnVUCgYEAleOvy0peXyiMqHHPDPNx + F9ID2QHYNbq3SgU1gzqJitLo6zesf+l1g7emqpGPEMBtguvfqbvyZH64uq3hyLS/ + 5O0anfnSKoJuB6MQYOw5pzMIrQf4DJhVArohGIxDASF6jQmmP/cPtdhekYgA2HFZ + BSvW3c5z0U/1PDJ8+X6QyiUCgYAETCd5yOwq3PhCsTTknN+dn8pQmGONdsKFFKhI + e+WMzhtbPEs3NHOInr+GPhTex7NPFhWaRXW+2ySfihBjLRbnSVxTiXK0gRMnw78A + uD/5Ubsmzxhzv5enTkS+mNVTDFo8z7rg7O+xoN3AVzo/HF/haRgKX+W6uWW+qcDM + Z2U4oQKBgQC8w0oCeJUgBn+jC+ebC7Jgw1Akho/OYX3PCM7braxltri4IIw/ZN0Q + dIW23BzmnqYSrYMpIzYtp0aWd2dq+gOw8r/s4zaGyITedtI3S6f4xixWNpQHKCnD + mc6qJGhywV2EWIPXNJOIZYvpcIFUXw7E95Iafrf6M9Bajsrw4JnOVQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA0BU8nHSWiaOpatZwlBJspVjZZbT8lMWxTl0yS20YVs9XMHV/ + hO7zqI5rFsrCIxhUUFQfIBjJHw1UVvng2emb8366Odn+lVudIcCGWX2bFdx2OKun + wb+1KSzXcx5w36G3ZX1ncBGKzijD7iVBXICoOFTv0Toud/OCLzBL8Jl6akTurDXr + 9oSHp7uKS3Jcd0B1YN24EgRtIbLyj7dVDpSawR/qHNoCIJ8T0rSee8p+bNEPCg9V + imDbnWZ6XU/SjzECnzE4IsDdgC1etojLy8XBfj48CMVhm8aiJFTmsn3JRA788+Yq + H8AJ+m8O3M9+WPmkmsZ5ezwyBM8xYBHj9B0mXQIDAQABAoIBACYxT6+z4pGe3ZDD + jWRQQWrT9Qsq/hVcd9/XUUzw2D/OzMUTO/WtWkG86kEDtEB2zbr0xcXBZuDxNGLG + eJPmwf4ea5YEwiqt5xhz2vUADgAkN/rM3vy78Ed/eIgjtToG17+kFeFHBwAyEUxb + wDR3VOkKBf6UPEU+B84bgkTGFub8LNl43VAJBdHxrkg8GTOmjY/PyXfpjwGXD3zg + V3G8pfuE6H7MmX18MlaL5ZuWz56XUcYVODbSUdv6Wk/qE+fXZLvG56BYO0QSGs41 + P3jcAj9DKvgjXvPH1Qc2fkojgsGy3B5QpByHcHbHBsj8Z24PuJ2socapRbVtjtxA + Yiyv/2ECgYEA/9prDf/LxcWv1kVH1yPu5V8+Ye3vsmV4xKsyKgFch6akVAzcd6k0 + 21qjmU0+LVCSvh7q+M+L4Os7QXRd4GugljOheX4P+hUSpMRl9lTjxgrq7cpobPgt + UME02hbHsHjvhpBHBHmlbOciwajLBSZqMme3MnScRmeX3dNiiQDpxEUCgYEA0DPN + O+IHT9ryvBd7QUrlbLaTMyjuw6Yy9oouoQ7ght+ZGpdR6t8mSuIhZ24WQv3rAs4t + cXqSDfMjUg85EuS7zhm4ELjpa98aqkaU3nxSF9BBMJdmO4wQ0eLpc1KR1a/pWLJ5 + 6ntF5q9TltwOK0u7ze/z21VNh76aDAZu/V85VzkCgYAkjnzFX0sqUviw0O1W3BeC + Rn2PWIPrJXx//UYJonAqIbFRIRVPM6oNvYGqodLEfsK4z4obSuxdkr7At3PCYR5s + 16u2xEBcJy6mxDkdXTu+TEkM+OK6zysKYtC+aIrXuC/hNjQve4IbcVsR+KApeDes + RA109BxwItUcKNvnX24HUQKBgA2JYK2lC36oqKGMEUp0eSgxUq6/2Y5E7wlSgKee + FQEP5p9w+TWBHrc9rphP8wiWA8Kh7xhytK5NgZ1jOf29e2xyBaKosxx9W/l4L1Or + 15aOxr5HCbGTcMCEtVL3Kl4vWseWixCwxSGzgobLdexgtywzjrJTAIBz5wYjIPI+ + T7cZAoGBAIh+cxGbuXhFDhlNIjy5t2VnVdSoJjWVdtTS5jgWe5NyRo8Syx17g/hF + El4tZGPmKmLgYXoeknbXrrBV126v65FhsUn0q9d0e3qgxhi0rSTobeFXFY0Ss830 + 7RzcpWqWDVh5wY45o7kwYxWQKi/DQK+X1uXRcbYmL7WOLBzCoxzz + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA3YTHpdnwmzPLJof4iJJmeW8c27uTtD6S4eS4+Pd59dcT0rXn + Q6CXy/gMxDLSXgNibHncNmNqgXGMcbzs5SSmaUCf8+Nvde44kNSwBQ0xMgyJOogH + is/yWcrzhI9qTchh30wxI2jJiwqozmK+vNjHzhX18lTpjnmtlcbE6d+QhwUyKJgr + SNcZcG854iMRhWx/UMF0BdElZajGbsq9SvO7SDfM2KG7zROORLOHiGQsacxa+mf/ + 6OQ1vUzBXMIFuk2VinBPdM43kWmAyqPCn/AeLreEldvvIZZG99VVizd++Lg6X1GI + YvptvGKi9W2yCA4eQBDMHMsUjiq51e+cfkQQiQIDAQABAoIBAQCio1tF3KZ3/OX5 + qzkBZKOSIs9IUQcX/h0vdxOLz38ezUODoARktaLdoYgWAM5NMiTwSeQxlnpbAXhB + BZnUfz0i58zIbsKmDjo/s7hsbQwil+ulKryG4TgpTwXN3NIKu8WIAdPOEKBw0mmv + 5fXuhybjm2IRAuDbt2CIKADpSTg+uGaE2yWpKY9is2fX2hCTttjdXdSIxgyGVSQB + jqrlEg49/sT8vKbG5FM7B1sEJrfVNFZDzD4IoDfc7Xn8r2ATR4aeq8r1tv7lIw0Q + hrZx97zvMFJZqFzStrZX3cR6FfTrnT/YmBrSiuia3msBIPUx/Axb1+jQfQApMGPC + pOLg5ZMRAoGBAN+iz1HM+7gd/Fp0xLGjaJNSVAU94as1dk8r/hXmxR0gY7s9RQ19 + hs5rLVx+RcPorJ9eaG/h4m7tW3WK9ZeX4wHkC7FiXXmq4zizzaOLqHzGpvaI0YjA + L9mM/BgEumf2sB6hyM0BbBRaIHvADcPXeF08UeMl3wZL9rHIaEMo9m5lAoGBAP2T + h2KREsnyFl64jRyWNWB7a6ExjV+dyE/oZcQo8gce7ArdAFUk06SDBGS/MCxJ9iV5 + KGhvFSPgFS63XXQ5B61R1vAoQQ60mpVCDg9TyxjkQwwvrtxI4C2nsRM39S5d2t3p + ygbN8Ep87Ih/xQQA6yTczJtAz/M4MVWUvgoelLVVAoGAemNFhoTh9V8jrfVdd8Hw + Bz/1D3FQQTxe5PE0epPyqAAD1IKxebKKxgjNqGLKl26MmiM2kJRUMVTgyrEjurS6 + 3VwKMiec9GrbMzrjfW9+49proVw7H9Xd2fdYN2TPBvpwZDMyC0+N8I1qXY87eURA + cPYD8oXVSkLkXWNJ/Ac85ikCgYEAoyMtv6Eb2GZyM+BBkLmmf3sHxH2vuWs2OwqF + pky9YQ1oyJhkJWL68mUEB5jk8ilnPbaT45RLongAyLxZWHN0V/JF+N289SwGI66K + gxvilxILfKSUt83+xACVsIqYp4rkS06klfoZ9KIoPq0M4EWDAoU28U8iOhTV0HxQ + Qwxnmb0CgYBED7VkqY2upePhx/cVcmf1E2BNH3nzdIPZcguDw3FZ1Hs0BARS7vqV + 0qcJlBoeTz0nuwl48HxxmjO0wKbVaEQ8dtzZpTckTvYUa2np/Mx7+KQd52tXcQNu + Fa/kax0QE2G1shbYvPEeSto2Drq+J/rrgZliiG6FcwqYJ61TYNf18w== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-n3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAnKXayuDsC/0GB9Q/v0oRbfOQDaByf/mxJgfqaiDu1sOq7Ax0 + Ep1JCXspAlV9JE5sTEd+HAP64Mtb9fsT99Mzm5HA92DVwjQjYvfFzIpQ734dxiJl + EcRQzQ+jYI3v3FP4RoY2rQcyde50HXW8zHVOvNYMoZqirNq6fWiMRYIyL/gXpssY + pX4e4+qk0yzxNdIWa8tN3u+E7Z//1x9mGrWirbvZduSzZIbqoduynwTvaRiamcsY + S7ZD2+bfTSGFN8lmpvfbQPZ0oiDtUQ7ol7HmLEu6UlywG3IrwM5cfncS1Rhm1y0P + NDNdvc3NrhQ/FcshxeMQcRZxKUqdHJsbBanJhQIDAQABAoIBAQCGhYeWogETan47 + SvJTe2/sVDVo/lhVvj96wWF1MkLo+69Udn1XXurR0YouDuwguZgXCW4q8OAJG5ol + azCCqkSvXEOyLN5koBGjc9PRCxbmFA/NjsvsrgIVl1BeIoXRV+rl5WweuweCbvwY + MHupuTOcxtSiEwGQH2X3PEj5iA1BUxxAr5hEXnfFJwkZtH0gT33a/4F3NyytvbMR + QuSmhczWeOTBWiCFdlzLiGSKDjKyLi4DyegFoW9zhF82R9PlTtL7PePKHVSYbt4V + FPb6/WxZeWiE3sP+IP1WGhNIm14sGui1TcjjBMpGsqtPBHGBf349y0F1OW7R3oUQ + txhd01cBAoGBAMUxH/pRtyiB/0lPZ/y1x/7hU9Ov5ezexQZD+1Q/6aKKNaB00Mp7 + b9OPCWpe4sMF5O+PHFHJb8sHPmCdDDt/Li9eXxnGOeUkmiyrpi/bKBIkbw49cJKl + Phc+4N6WucNdtxhOqoc6FRaeSdCfi3+mA9CJZqUAOvlW7372y8A6r7htAoGBAMtd + V77usWap+dkzXAytZWbJLYN4CCg19pdBT2tLKAz2/nBYp0dX1BY6Wmo6JzW85d3V + HiVzfpkMm5m/4WxN3RRgbYeMICoVQTgO9go2daKVGYrwUVjBG1HKovW5PWgtW+Y0 + ISlAZZ0PJ3oxSYlxqpIhjQ2XFuj6XC2LPrOY41Z5AoGBAJRJ8QZJVTd9KwFyWXzN + Ju0hfex/JqUOkZO4o9QjjArTbKiRsEHUua+arTX0zQpj8FnGgUFv/kXr2JjHAV/s + sEqm6VV0oC0VbWuSWZM7d9LM20cWJQXiheLtQiWhq2ijnQEGh27R2vH7bv8YO8tu + iQfVi/8hQTgojEoqReb1OxexAoGAUAPoFG3iSxyx+63jl/FZpnmdeM7vlrK01YqS + 7wphNcixEA8xsjZyclR/YrCC4Pf0EbZa6C1rMFjvmC0RSwXP6MaQEfcmaKh4QtBQ + KnCHFHNJ24r21s8UKrhqKfi6mpTOReNY8Nwvnv5pcACYiIW6sUiWMTSzhPOM9TaG + cy/CszECgYEAkaWqAeUnDZ/gk9NVicYNgWkevjn/PWKfmRpVX99QhZLizY7l9Qf5 + Rt2toqyp9vGIhOGInWcO9IfTAPcM1kKX71o36P/JgxsJKL9fvmsGapBrurUS3HoM + 1rPIMpBWpKTSsTk6KBLZ0+yV12ITZNHBjhrzuorgP5lYrlCEdtvZZq4= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAyLkMThPcGpCAqM2ZFq3iOloNc9hrkfhCnDSEugyQWiuvQxlB + ACh6xsTY9AuVXswB3b7y31gpgeFKtafB24FQOUX04NdrrbeKp2+xmlivnAous0Fm + QGq8Kxka7zYadPYObiROawebCKGGTGvhF9EfRymTjbGEO9rNnmWpWDAtWbVM3ib9 + 0BNd6PKAJFZ7fjo4up1eY391OXh577WtkgaTx87YhMmXM57LMf0heAJHFE9kRHOz + i4e1ZDh+EXAqFvP8yLsL/Iu1frdeMv9ktf/8OP2By8oYbIehTW6cc5Ti4dk0QTyG + hgZfqttI880gwjz1wak540H4mIffBKKTorhTMwIDAQABAoIBAHuWdJ0eXUd98bn9 + 3WS5a7HCAMZzWshls526OH7VfYwHmcIWqo8OXYpFac/Z0f6sXfnKuIAMKIJv1TBE + OniNBng9Oqm1+fbcK+MsQo5mTLonCtoUSoEfNvzSWGMxTNj3J6tpb183L54A1k/3 + nICtojSOxOtZgbHY5wHAVqSWBVZV0/iVaLZuKOKoqIKUJlAymFJm7N1WOAjDY178 + Q91th85eCXBmOucfFbX1qCxebjIdSahyEC/0qNinFCLc654GANm6iaC9UrNJ2d3j + Lw5/lFITk6Fr35l/2eGg2tlKC4wCMRkaXB/aAylLhf/q2aK8cQkj6UL/aLwfgdEx + 3N7krgECgYEA4yXo3z3ct8diRLfEnMLK4/FX03IIOZfGj5v4PJTDpRRJqFyOx+47 + L0dHi9Ijxfe1HeJ9+6gTyyH79iz6WbbHUqn+J6Ro9vqRZERp7WK5HiBQOyMD2zMe + UQtpdveolnA3/nBU9JY14y2lQqslqm7V7ci3r8Zgqz58lHL6YzBhbLkCgYEA4jfg + 7ZHdh8aAh3udLrEgTg4ZFmLuRComKkLkZuDupgxnMbCOLS58mYzYT8xmWtcZY2CQ + 3grOgTdgLhjut9fXM/fJ3RDVecrRpGoI5g74sIJlk3fZ7Mv9l+mKJIGTjRC0g82V + av6ya9IuNodHRlQTD6bLDZ8o5DgWrFDFVX3mwUsCgYEAnhF1elSsUd+YDMXtNkF/ + uxvpyCTkgF+UN7+MAWxssWXq1BSE77Bi00XBDhXP+yWjjgZdMVEHZSZjFi66kM/W + 6TmOubt5p9U6dBH/vMgklkhaTKzTNCjggfl1DOrPENFKxe8Zz5LwMQVEqZ47+dxj + VrOEz/c2sjQrsYpJn9i9E1ECgYASM37Efpz9ZKpIvFhsPlIkFZxNIc6b62xAsDsi + T+zDrXHMHLGDzx61WBC7cu21V2MyjL17MBFnciYp71Wdsx8cjk5OnCEg+IGfoexv + XjsCMKutjtIY7FzOETtNLqPJkNOFW1AvWKjQZgvT1VSVwwP5mWjzAqBOpHimiqUl + +MhNOwKBgHZiJh7OCwLtjILfVoN0F4jJnBWOEX/FOrIvvd+96mCtzJ37Np/wBciu + XEBn1YF/2Hfimd3zBHlvdHMXjEc2uCKUCeL42hgSmWXDmXo/BKw/Px/sHYs/kwpJ + 6ynT9djqAnyKxsURauVAscEjwvSZimpSxVSzdEuu3raJT4F6Bkig + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAy/SgTgWp/Sc8VcWsNlTl235CqvJPl16qGk9gOqswa9ymCmNV + qhhImVIFl/n1u5oQvQnDAm0yv65rjpHiAgspbYe7ZFkcuWc7++vq7tYmHlaor3tm + vCABeOYtxEznIXtLbICoGerYBaWmZegjkn2xqgudoKhMrkRwKDcPAZE/RYE1tq3F + jqToMA7A9rdXtadC+S4r55P+Wg/e/l6b1/Fbtbfgz6qCgR8uwbxToOg2E4wGSp6D + ATSE1kC48Qy98q5RMZttscQaACKqRsiHR4aTDyqMZnJ7BhWye7OQZ/jArR8RkA3r + bwIKENRlmBjPdzejLHtWoCSirr9YS3+xwRh7EwIDAQABAoIBAQCq0K6Rqdy80OeP + Tob02hXIxu4/DcHrHLWKY4BMoqNjMuE9QgS0+LGU90UIC6jq/hWWvV494gbm0sXy + GewXmhGQUmV3ncqY3QU38FZKwcAbGKkej1Nzq7qP7vfVuDK7r+9zaC1hx3Y1BI9g + OhPQ1MS/jgruSwYtzdPBWpuOzH8ZTadS9qL5+66npGQTNPQw4xIkPUAxTUVyPaOT + V1YV+iPMe4p8XfsPXQyZxYmis+43b3GoeoIUAeWqCY3PO9LpnvUZMq5rvnN1LQLo + fzDXH7vV0QbudrzroNtnk0kPYYfhjcUK8emFVE5HntYvY4YcTurd1oTKrM1AIKBG + Urepo1TBAoGBAOJ4bWWRlmthxqrr3etc38WvSZ4vDxD8jlo+Lxs7DIE0R4VIbkMY + ES7oove+sX5lWCzIAVRlR9EmC6M4//xh0ykE2kdRxJ+izHifbHFrqLOCpgTpyBN4 + hocmsrHK2YFwRUFoYQudaP8Il7DKcGYXXeQZ0Ai7AlbS03Bf3jiTCuBVAoGBAOaM + p3qDwqp16WhH2aZgp9WcNOdaDmRIL6pbZC5G7N4OhRumY5PcT9/gehgMdnFUvQrD + S06OLNWDI0AQlZuYAuaKq7Jz7/WzyYaps1pMLJam6YL5fH6Z2Gr8IaoHOe3FPQh+ + SDjZexoM/T+J9x1xz8mvTMejwVv0e6GXcK2e6LXHAoGBAMEzJXiBlAY1motTvrU8 + PPZjTHVzBfJi0nowFHWxkUBkPiN5H/+C953B/s1FVBxVDrzdPy0lXfgR8dmkFdXU + CpUyu5geLJRXCQJaVuQHiRri+Qi1++aIapO/srA0MgvXoG1lQ2zqM5lmVioO+YZO + pt2iG7Rm/V7ealyynFw9LQklAoGBAIojlOYPtMA2TlgxVPQfzfBr3DcS+rSTnBvT + Dr+7t4mF4bOjit65jxJxijaGoSFeyLZ+Nc0n2y1Dmgd06G+GMZa5WA9g8FKkGwgY + /mIIal8KO7hCjJm+zLGtyO37znXtTJieMd/+T4hYaBV+MRbvbrVF2Bd2wxC5+Knl + 95nQMVdZAoGAUYEtQxAW1RtK7Taad1HTYn2uiEKiHvtT/ylNjSfyCjjtC5CHNjT0 + pZZftXnjc8ONGln04ukgeOECytIsuHfcWi1+N8vkj29cSsOtsm70s4wO4qvtumLi + QFBf8WQ8fvsu8BUbMcl3SP26KLhihAu2KMrN/lAxZqelUZnCXkuVP+Y= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n0 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA4BQfchhO2fIAl/l7fatmdUQFTJ24IuTrO1rp/qcXX0mKqmHY + AGKP5MF+9KYbWGVoZSfmcafJqM1+dQP2J8Ts5BXAv3ZpyFdEhJ6VcMaDGs1kYhYt + M3a/enTUoOPlaITCSHgU+1YSso0FEmAct9/HH2rl9klRIvKqP6FIhQ18UPSccTen + UfwCz8CI/gR53Ro8BOLPebdds3nRrT1+JLxAkw+DSsFysZHZM+bmMGREJjJBsVLg + AbWXnXStQmbfAxI6dXWsdfJnlbFCWQ26/LGNUBhEVSOCHD0hlOZ7AJedIODkkdMi + kIPmCkSIehhcZufbfzuoG1jhLoutJJN+1UhXzwIDAQABAoIBAQDd7nA6o6KtL4ew + /ZJ2pCUFLcqF2IwAW3QzxFaPNdTrNj5VhDTYJMZZjd981WuuADoGPh96H/GV83k0 + 0iihuOPa/0R5HQGmP/CH3T0rhiFhkV3D3C0GlK0OztmtRCn5e8uk1PILAHPiTdNh + ILowzz07e7epV3I5x9ggz0+xH+spjVBvdIrbNBaeDYdeleAAjJAO4AbXEKuF4Yic + hqV/IqqwF8FM+7+jeA5dEGGT14eGmUx6TYoFQbmJkYrFp0X8I/IjkFbUD9ajmHXk + Zs6r10SrVNMtyKt7VEaZ6EdJ+8NM/kHLiB9MEc0L13N66PiV485sgl1BwNA6wNSB + jjvqbRzZAoGBAOEVill4N/6a/u2pfS5IaNYfR1Zt5nkeSu+fvG1J5LZsag1rne+Z + S5ciXMefzmxa0LvubJW/88AxMDGr9Nfj37lYzg8RDC/bPOXli6yC3sRzkkYcohkK + rJ+aK3tAB+Tzqu97wdM+HFOXz1X1pwCEa0plEsifCGmhvMaeH1mdeNAtAoGBAP7b + ObhzGqGF6z7kAnerQBTAbVNOSjEU/t31atBVB6QjiWbBYJIEm2TAXY/KrgWljg3A + XhJN6+Oc1FeXFYv6LOYaftkn3hISy6CyzF5o84WIBIad9gx5yQJvKUiq4pPUbvbr + xc2PZdwjTNNQ6bMhTwpIpO+Tm3I1KCnkD6upbslrAoGAPcBnIHy3AAcOAa4KRfRf + rr8OF0w3euswq+UrEODA+rtrrRrlTaLE9kXbJnlVbKzNr4GOENeEzCmyiy4eEkzW + SEdw4PlQWqDPaFM9qqqM62C5tLqOTkh7a54kZ7/9anbfYqyVVJspslVn8LFgi+fI + d7SbHqdi63gQDn27JB7r0lECgYEAi/yi4dvnvt0ucGcRq+XW1w8zfdS9D+S2cfjB + 6Rkrj08tw9FoWAxLxrWbLsZnfBaJxqfphChk76tPP6VvYmnSi7n1/xXU9xx32Rcd + BqajTK9/vOm7IvMqJDom9RFYT1cadGrhRZ4ElzyUkGYbWBdtsPpiDm6Hrd3g59Gr + geEZR20CgYBlIBuFD6++65x1knXHETtkwJwe5XQBFsCa8JagoWvmaP5weEVCW3E/ + g0hlJBmUCGemLtYStvAZwZj0ipvC9YokMHlL0SRHqFMb0WAz2vOlGBJCKZoivPIe + aJKCMO1nj4BP9VIIV9jEyy5/ronUnO97ZETWvKLie1k+S1DNc2XRwg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAlXBByqsigrFwOZMs4f1h42AJ/zj1L6lmsJ22eCpr6sZDYBYp + hgdsPtd61oJxlp+GHKyMcmWt1665W5azt6hpCaXqdU2TpfJZZhyFvgyFFMbVSOKX + 9wzoo8zX973TJ67XaeaJqM9VK8rusAob1ntHVF8LwfQPyvF9Si47LIYddHtgCG6V + GUSXxUw62QBZTfVRHa5wsWODMqLdczmFVb97nMMOuTaxxxUmDX0liCw5GTozRCE5 + /iIA1Oxvwvs4jR5JT1eCTZrGPW6zgCIKUizN+PSYmQQzrBZ1Lrpb90NYDJ8QiVQ5 + /l6S5k3kPpdbx/m1WpEKgKjKmHCvCsv1AEwEawIDAQABAoIBAC30BDdHYuhfmgwK + Zv3jhgt+h/R01mjepdZf2TGgkejzKNrOVdyCQdYdOwfluvo/eeUtZk7zV38Amr1A + XWl3nz05SRzjSyj3mmgdEz966B2YexPbojF1RcDBCBSFyf3k9Rb6rpA7mYxK7hUy + NpdA95FJXPs6ivS0R/vctZOedkZQBc9Z2TMaRyMUUrP9MScpM/rd15+zRWUQFY+7 + GGODXmggrlHz9tGMGl+SOqbmrXSCPAa++NeWe0rM7USSVguRdd28m1UlWeawB/g1 + w3owrk8dDzLX7z9yY19xeIXhJ68/NGDBZW1ZuecT1jGuU/wlGUFTG2R7BtC1VFly + d4N5dsECgYEAwm/rAuuDeCT1QHuMvHWNF825UUyJiS6eZ8NWHm/GtxSNWblf/EYh + LATUMmJr7i39EuiMgz7id6VSLrGYKfbZCIS2PBmiBKDhmZ2ca5STUhT5SCi4CDv4 + F6xYDkR7vbpJwC4o81DwBRolcRHIuOgjWhHzCtTujdQf2TkTtjWFQMsCgYEAxMD6 + DlL0c93uDjCwLY0p7Wy+jspzMmY3hGL237UH5dUjEPjzPhC2PfJ/oys4zMCJK+Ej + b3Bii+AXwdfCXwKBPjXZN3IKrevx1r9TaOgZ5zTk3UaucAQCbx4Y4bHLAACrEA4Q + 1tUTTmmzpNylTjQ73Bj9XMZpKgiXcxH/kndh9uECgYEApzUlzioIsj5eJmjZW4xf + nJPPBUojkLRlhugl3CDVq8Xh1MIk+Ea66ibw8K9RD8++rg8MHyXqDWg/Z2ZUa+ob + NEckjESi3wYXXEp9JMrtcg4VXeeec35W2MzeIM7l9wAHwlwv3SbCcjDM+BKKIfGH + zUJYVv1MdO1xwhVijTQzdscCgYEApS7SgKYafxBKZPVxY7zI/4C1dxH2ptB0OZwQ + YX4NtGI9P2mSZYAIUHe/utB1rkjSoNkyM8PpqD8qEt6+W5+xu/XfeJIw7xVQgxc7 + wq5h2N9qaW+G0Zo8JOfiwdDPeiAVfbQhZQucWs+ZN4ba7Y4i10TPqU0WS2jNJZlt + tJyvzWECgYBxJQcxm8+TPlkcHQ0KrQ25u1tyLBJh4a6CB4Rs/kMxGX1guW3+DQTo + 1KouYPCewi6kJ2HZ377bWoTtGsBwzLClInfQfXEFA2e22/CvwizvkTf9k5CkXea6 + dRL+p20jDgEGWcN7gC5iTBKRMkX3ovzsmDLGKb/xVDWV81tObWQ2yg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAnK+sU+qw2/BCtVJ7HHxUwbNsM4zZIwVAc3WSfrXI7Tz0zwia + 5kpcxcZAT4NzXb2OnfDbpMFtjbOmFd685518jZ6E/MhWrvS8X6mSu3hVuTSqDzkF + rqmlzz9V+TSNHgL74+Kxjje3TkVxgxCvR0cYI0nQX09MquSxKGUkUUAqOcrPiDwv + 58LwJc1syJx+uQe1ockleSDohBeUwttFNMiz3PNuWqdVm/BqbknrEsitR+nBBWkO + zmHFn9JjyV8azTfArwVZuMafK6GvzR+7hniIP78lBU+LCw3QEZWkGtQy08uSOf4L + HLrw+ayWWChJFr5VyISoLP167h4Hp3uztbBj/QIDAQABAoIBADlCgcmRBNz7aoV1 + BQSd8yNufGZCXL/NlYYcO1MO/8Si+BwI2wK5vjmQf8QPF8P0GABkGwCUp4KXWmS3 + p3VFOlVOzu7KD9OUIJsdD0Bvc3RhaJxzjD4ORUf9r1+I8uE62e6n05dTiSuTeS4a + lNOJiaqruPh7tFrnhE5s197RghzoDId+4n3nipc6osiCupgYkTUctv+mLUXjwbLO + Soi9euwvUO5OwXfXUKZh+ej1k4vt8M+njfrXjipBEQz4JP/0rInZBHJyI63i3fyK + YR0hVgioYlDC9CJsy9+1nxUHr4ALEJjKC4irgG5NWOGfutEhCVaQLq6sYsWtXzOB + C7AeEkECgYEAzpS/xaPkqIM9kkRcPINEPa6OMzWnHwW0HUvBUR+q7sPItlNEeXXD + p+Rc+KeLryqPqv1mkdSnW3+OJ79Ltz6AROowKi54n6TrIedCvUU1pCYgs2WN1PDl + gVar1eCyvwRFJzTqXEZT0lDVPbWbX2vTs2A2mPWkgGHUCuVd/tZfEzkCgYEAwitP + VE01xi8LT4bdRGyrvx7Xib5Hbq4HYAzq6GYuV2QCHECYwYb8ohGrGZgzj0EZ5trK + pzFLUwo78oU+BEZ2iD97eyNdLNNeSVLzW650Y8TO9hGv6lW/vsQh73ZzaNNIEsYG + 1Nb4DMor8nsqdoRqo92L2XwF8/aDnNkHzYerwuUCgYEAzLSd7A1iUpHqe3x+IgC5 + qJ3Gj3xFJPqT5svgvrCww3UC+Zk9q1ZFEaO7dTMhuexk/T2pXCzrwkF97mkjcGvg + 02l1XPc71Iap8aime8OPSh/2G48woqgr5KSsFn5Y4ewrUpSe/904xpoPFN1XH5FL + 8N4QfDY+UnGem0V6hUKMaBECgYBWmRRXZ9wc2Kx1upOCyejLY4kDsO6Q6WL2rqwy + HCh852idix3V6ktQSQsDbkNIl+Nid6A8cxrCHWVhI5XmODrzR0TeRYZv0JFTqIBL + GoJkYMlhK8BGhhnvjfAIqc6NKPYTEWjIklus8JorGk108FfTX6LYy5yoEwDd+lml + i+XKFQKBgCoz/VSasLIZZyjuYBccwRWq7+4EpjbbuQACbwegc5oZMcBdRcxcG0Js + +oOGf8km6U8KCawR238Spa+CqoxujkJ9zBZ3ptOa383yIrghWxH1L1JKQIw7E9sV + H1ax2jorimyN757UpRAkh/9K606WyCado9+Qi9HRLYg52QSQe/VF + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEApeeE+ceU2/TPKoK3o/5yqt/NryLi3yFdLyJhBGTdlk/xT6S6 + AQdcy+vtMylnYHC9gO2UF1lXkjU7YF47OlZVSXcqzjnHvirvM5HH0Qk1uT4E1tUn + 23L4b5lIruaAgxhErARFWYUI33fCyHKRAD63eBsADxLyr+/L14A6WbCR9L4LTzyU + m+rw1ck02kKoR7cPrflN9R37vNXz1TvkU/i87rLmga+iiH/DwWVM0jbCj+13O2/A + 1GYIKHp6+EHDPKLpuQnrYS2jCEmszivpf3eg4jYi9Ec8ReOw0sMmT1JBYga72bKm + Kz/gREUj9ozJd6Mm5z/G8eFewHSzmMpwTZNZjwIDAQABAoIBAD/XRoljrrmxi+K8 + 6HPX30I32wtw7kKUsSoJHbI2KjrESoSuS9FHhwMFp4JPhXNMDvBE+/68J4GgsFeW + C06YmDsr+zHedCmOlfuPNogO9jhxUCVnYu4EYOt43cpH8t3/gbV78z/OfKqZiD/g + LkIc4Db8lNo4HWFsclFcC5gl5RR7SlOHXgSUifzIwtnCSqYeGCMZAd/hYtbq+sIP + /x8+5eRGPZp2rex8W1hyRKw3b+yH7A0TjRgcgeeF3gyEQ4u9W9Rkfz1zB22WtEou + UieZ5o2bkACIMl1fIXOZ6eFt56glzBfktJDsH702dN3/pByqBNQnXd3nHwnu169Q + GLBYz9ECgYEA152fN3Hc7kO0VJFzdM+VfAlXFojVVeJYfWAjEzfyWHM693oqhTpV + 0EK5+y33IxpxiWwYBjtVm12UFQMg5RuWbFF3mmetr0+bazaPn+Y6pY9ufH3MfBdO + QLB7nM79R+Ebrk4H5boZNaQsyTdWD8YNCt/ODwPs01+Rx+Nf0Rm8TjcCgYEAxPpU + eUC6AQ4J9Q7yYWtFuN16bK/TjtuzLORivC+GZWyyhE3QNU0A+RRzx/pZTb46cD26 + wtV3lH49yxGJv3ujUaVTz0j1r3rHMEFe84dFLqb2KpvK9y9Uc99J7YljjPpXOwFX + H1u8RC/8EqEKJAXrkP+I16i3AlvSfXIywq+oY2kCgYBs8c2zHCs/kKIbYOrviLvF + UorYbgctQBLqNptCaLBhFMgkp2u4qYMWmcCTM+R9rizT/PQeofhdamkaPNxwJwJY + dMl0ERLnU9f50jW7236ijNiMupuJz9TQRtwOnV/I4+sypWbEIsX+Hpgqi3VGvxFz + /yWE3LzbCJ0GXNLbOp+0/QKBgC1j+h9O2Q3xLD46SYRFcfWdo95zze53lhxcLJxs + 3y10FNcED1yY+AZtvhhxCi8uDM1cjDLlef7P8HFhAzsKxKHF1UBI8cSUKF5oUfcQ + TtLnSoabC/RWBcIFzEVeiYAtF/jS4D6rpwCXhiDM10dhzdzF5cS8bh+vBRw/Oo8+ + ZzExAoGAeBb5IwsKVRQfq68CtZaT6HUq+v7SearRmQDNPJInkEdGSHhxjJsGY/Zp + j+zhwmLSZttE7M4wvbRpXqGPmFKnddKAfV5gQCgmsMlcV0fd9zj5SVF3qrPyMKYF + XgoRl4uZtb9uBZBd/EPLGkLF1O9qw/O6jG4D5fQMur5zJpVypYo= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAn6m0QFVZ6mTpESrX4Fb2Y08wOyw+lptBTiSE87B0vEK6haA7 + tyNtQWetMgJMyiHuLP7wCJE6VopW4XFue67mZ3S6vfekCFE4axNdYMggPNhUCS1X + y1Hhog0D9vsdFinUtCNsLqhRaQy4YV/5HcNPHI3p46qaZ8FdiaUPNoteDVyKQM62 + sy9OOi9VR6tavrKRLLcAanDEBFxRYunIMopJGWyPxiQRSSM9qW/dLTznL1E9tstt + n90RFt8+qaEpPiWS07nPLLON2gl2uoqpx++8OsyfovACw6C7GskyFljZz9/ZSwuO + kdFZxrFza97F/gaJxg95S58y/fgx4+lpZ/3lXwIDAQABAoIBABUAsOppj9tqjNIq + TZ2AMwcbSp/uEQmkwLFz0l1wD9sX+AtN6a0MpvmclsbmUI2iav9WReMKn570sbsU + PdFdT4e6bjpBEj3Z2U8UjAsIKF14o41VfqALVGAJ0ES0Ab6BoC5WHowArjzgZHzC + sDV/FLAP5v2A2rDdWd2abebh7GxbU8ZSoRqYY/xtSEtiunMhuL050WSfukVcG2P8 + 9ASsyA1xOECR9qnJAiwdb3FZSSZK6Kei19iSSb9OdRjvK45/G+bULfoy7sbOrius + ZiJ3+bcTjUz7ZqzmvQoPUjjf6nyn2RerQcCjDmZxVpxRocDyVYB9paWP9sd5tSoG + Sp+3r/ECgYEA0d4bbsDhtAR6xzgofj4iH9i7HTVXZmG5B/BtiLHVBz1MN3w5V1WA + tT1xC7luEL0OrvcD9j3e2Ci1r39IQyJCx7m5C64fmbT3IIQCeTKKnpUep+4rmr3p + ZhZVO7VKB9yhvKV6KHTV87AwUDE181t40/Miobbk2B1Yib9v4JzPW+cCgYEAwsJs + vi9e9OdNffnNsowj4cEvcwHAwlugQ/NpGDo33RkryVf0yTjsRESw4dIY8QGQ5PeP + p75XHppbb0qHU8CksH8r07nw1xTJBUion1HlJ6cgbixMVIiRxQ/2wp10ChYYMu6q + oIa7OhhLPV7wgRNVEZYinZSe6B+IYv2t/Gzru8kCgYB8No5cBfNQfdpBcV6eIZ5G + 5RsSVZDuOuat6UKbRk3EpCYpLPAvXZ75Jm1zOAQKCivXqMICi2oK3EV0oswdV/jY + h3cbj6qKag5eg2OHYj+jTrU/RXsvcjnjP1KhLVKsxow/wF1F9qjvO5fMzuOUrs4b + /GrB9iMKOow9sz2/XnBofwKBgEOfRCiIxByejx51dMFQvUiuTe5NpoMVU0Ekq9HY + rPrcuYJQQtL3K7nMa+oMi9Jqa8fEWSGyCge7KpIqu3AODGCn1yzNe90B/4YRI1Mm + GT26Xp1CTkJvpMVadKBAEUFLSJ2ulpnkDe/u7XjilPkMIFZZ3az/JGmOQUm1sQpb + O0JZAoGBAMBfO/n/qlSkm4HnSKHAwNFh/j/nBQY3ZMhDvXzOKSK7RT0N5vCOzfEl + NeZMnt2B5ftTH73B5JoD3/sEARdnCZrf9GCowkea2tHxjYcs9DqOkolbmHLuYrYI + q998ta+MLN6ftXLfCLTIKtI9MK+dBgexDtSoj0YvwYl/pK1RBBoF + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAvD7wkqsbNEAPDVTXYQSnCPrSReqEe41Ss2qRnSoecQRhnpEB + +O0jWzgsWp3J2Nu71NMcwEvMSIrq/YFvVDLBdGbGua89xotRQotoW5UCOF8RdVPc + R/kvG2LAQkaSmc6xJn/NlUYNylMQixcf69y0qgx9MgQgZZUHuoNWWgeBBKu6b0FO + 7W3EJWsuHjreLcsUXRPAn50o49tIb3VaTngy+g8NnXHWzZ8Y/Ts6fFUuLb9gNFZx + RZ6hgNjQXLuTIBKq9fPtDJTM/zK6h6Q7zad2MOFShvbY8WfMoSCQ8KV2L9UYNkfu + QIsv7yCO12fDaUmAf+inynXSfvN0+CIlc3MvGQIDAQABAoIBADxwsOlGituB3dNX + 9DcwOTlG3xCXtaW9wFne05X0mgWLdJRm1o1IBlwZcxQ9KTu5gVtZ1RdgvtxjzgNK + 9aXBDiADh7bCr0D6JkMJY55T/3x9+asEG+v388oFMNmWsyczF+nWivlsnqzhcqRV + 7mfaWx9mFyRh8szqxqp51NXfJuuKcebfy2KxT1O8eMO3Lt7E62Ty+kclDLvEqSv7 + a5DfPgtif8akEpfyH1F2UAdfTL7FaSqh17ZubEcLc1z+Wwz1a5Ht4j0qCSeCuVnr + Y/97pULCzq2oc1YGJbErYFzT0S//welNhkQqoppfC53QGBydK54G5eHLuPuo0f39 + pugmOSkCgYEA9PQfUBcThsMjDqw+SghWJ5WarYnehNEiTHbI1i+JU6JocS7lTJ2y + ahh4cHsCfBKeYdop5TJ9sNG2hBzdK+0ojuNoxgusYex61Qakzu80mJwe87g4urld + d2QrQRfwq+FZROSXudWYPEmNJAiNO0eW7nC3n80v+IbY682J6q4owLcCgYEAxLwn + ATdIq+/l6WBrW0IMu2kbmWwJAHoqoQJshxX4DxMf3nrpYHUFAAXCjUzJHppP1X9w + VS2A0zlkshlaquZPi2aLlppeR6zXLWXh73+U2UTy0p+lXCnDexVIm2VSAEDlEE6n + VCac7YC3elJTEyhfkf8BGQN1Q/4RRPo59JMOHq8CgYAJ6nv+BQEgWnPn2ycmXhIG + xjKdxdABNmoaCFD3ArOfdBqgQlK7+EJJszXk78XY+fP5aBh8E8As0UB/Np/pcE9N + AX2zTrOqvyT1zLANRHevmdpS6Wk6fdh/xclOeEag3p17gXl252OjRSL2i3YUKUC9 + 5Eg6qta/S84qNYbYvjYeHwKBgGlZ9G0zRKhGLFFgP707zoOhkpUDBIML6L4WBTYF + rrOr4xoJqeXsZEQR0ZBHOUA5FF1ZBDeoyV7TUjgJWcNA2AHnZQK+IZSyWvxFncra + AESlJn9h3HRRLQxBZoNIq7PVDJVB+VsX3ltU3WwUn8YXja4p51WUw3wolujgMp7l + DN+jAoGAEsaBCmGlcAO2tVNMw+p9Tk0kH940wltqIzVNZp4qvZNE9+3A75vGVPbB + BGWh0dsw8wu7b2i4S4lzx4PUktjJrXB81zh2wCl3B48jFEoWk6uYbHpkr2ggdEGJ + QIf0epqnVOCReKTweoHS1VyjlLLElRbHBwLA0cWS6EIqlWIq/LE= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n0-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAwn5FCOXpmWtNM8YajOLT4mk8KRgMiH7uOfxLfwk79BQi2euS + CPhIv2pfMxkpg5wrA83bX6us3qCMLxSLv+W/A/NxlNejOycPviryyWOxLKmCim2b + BPS6rHxpDT2N1zNU2XR1yJa6wpqo0rxsGDX4idOX0xTJdFDnPVtQLrw213nqFKWO + LYwwdEz5UM50DHXK3s7vqE+Js5X0BY+CNU6tqa6aGZwDvujRikhB9wugoQsjvKpL + PNUI5z1HJcS5CLJizxerUfbToGd5IJQnsXIcFDXvLbBbDf5xzJUzhJp/4Vhmcnks + 4RdVlzeUtfHRrj1zO6n9A0Goqha/0siPLJsmKQIDAQABAoIBAC2knGbeLdgHSnLg + BtMRWFBGCgxKzIYr45RQFReW/y7kmtkxY3AfdFMXj4faW9e7Co01/kmRbFxCqSNT + WwiJzi4LL5iSkogLPrKOObPxZV7p2OzLlBmxpS1ddPnafDMIpNzza8DLPsD0srHh + 7iwwXkdaFMNAmZZmdh38E/Ej0mr2lDLnOVI88Beo36k83tRlGtDQJk0hM9PpWfnZ + C3HpLRRYtvUYuQJ9N8p856bLgR+c7ItHSS+1Sa5w38izQjFABW929OxteMgseVCI + dLwfV41AqjZ20JRQ9k4uAdU2JCbSexdF8140ptPD+MbOfdNrGr8AHchoBqNfleNS + dxuL7pECgYEA9d9Yv/az3LEpbLYaVxvmp405fe2hwXLJWx7txQuq8l9RIhSj4bVa + PNNdIlnH8D9WYuRbgRumcxyy5mRQwdT9Pe5yaJJHquKzZ2gVlEci6iS/Tc6AHshK + wZ7ytM0umRV49Ny2cNGrPN/jv2/6788xkTnJ8ayU92+35qMPDCFQej8CgYEAyoEk + 655Fz/2UeuzrxdT/AWXGVCV7O2r9xLlOoCazIN2+SaZMQUbGAQuHrxliLxkZjYIn + 9ziTsmzR6hV+K7mhMSME7gCxZxlc9TUrVGvF2JM/HI8s7B/b2953SMy6PlVABPbA + GBI34XKjDeL43oKvO+v9QoZQ0+0ZyLFZmKYsNZcCgYEAsdvPJ44erha6EJnqk/jq + 8WmHnUC5MmcGoZPODCxUjN/GoRCtPCkkDbwYMzEfIPuwUfk++DY4Qi0QfPk0MgMQ + 7iv/NwYaMdOsU7FHauvKpfXPLUmkBKB+83E3wPJsMvEFfpvqndIOPQr4hRNMQw1u + nc9f9iMR36xBK+XojK3MuaECgYBMoVI3V01Tx8HIQp913YQiI0FJ1mUrtvEQ4I7A + S+S9Kyw28pconH+RJavStuhQqk7hHb/B7cb2XfeRfVChez1kOrxC1EBNo2tp3xTm + fWIA8rePNx7ou6WXLjg1dEOGEvyG5FkMwtgimB7bwmgqy4lEQ6ky42Dy0WZQa8xb + 14YjQQKBgB9PxtHPylWO3SYzLH9mUooTnBPcYWL5oBClZ+5UNSLlbEVxUqkQs3RF + vPLsOzYZJ80BAI9iNJKl8tsWDd2DJDqIlRt5UtRHhxcTB3HVZfhdHB7oquYWAoZG + Hg1FkJAAPTkw7Ni1Thcu1KgcWAORFDqfry40iPn84wrvrljq1N3j + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAr8SiKtz+oMeRSplK+zvOeZcC+53JrzIIP0UUdTbl4pP9uQZr + Yv+ncLrUFcedvI90L+AqXGEr6KRziafLCEr0Chtdd8L9WiAis+7R5348Wcby2lJW + fAm85IyqyhIlgB1zQU7vzKtasy+1K12vWm9GCZ+Tt0oFI7TgnGg2/uidfQOb4UGS + 7jY1HabogXd8lcresu9htngACuikK4kd/rYaTwWn4QChSJ1zOLtGjI/pfU3ANL6R + 3uB2+ZaTZHOOk3KBdoUFJ11D2f/ReqSrSOzPGDUnTSwQd1NrVrNRjJIH5OKRhyBE + Gl0dkKggX3XC7YUosntvnRNLxD4M/X7OshDWdQIDAQABAoIBAClgnNyCUd7/nBB3 + rdMe7ShqiGU7a/M2UAK0/G/rkIqaVCxuenE/xecf1DWcXGG7U5rBprdAmNmXfSt2 + uLEnE/QdJQ/Ac2v4DLNXEUrxyLtJvnnu0DU7BaC4DKytQO68ABnrvz/rRtrP7FJd + J56ee1pgmqGXZ0ZUmlu3nNq9X/XBs9sB5QwhkTvImkO9zde/A05FdzIBXSvwjWvm + 3+JpC1FlPbmbGj274gjLA3O3GbyOFnZoq5eVJ949OENIFjf2iffoWbgQIbngN1/f + HTb23N6TnHZ4URuO2+udNPQXUpL8wJhPLPS6FoZBm+R5K52fqST2OGpOfj+65Qlv + x7EzFTECgYEA1rseBAc3TjVjbVCNiyTjv52kuURZyoyh6/rQrFGwSzYQNwumNqY1 + w+R7C4Qe5ziMGh+9NENA6DPMrf862AQ9WH7Z1b0Jlq9LiqMpGaYQ289lOSJwF20G + waHHJvmFK6lBreVsoCR4WRcQei9oxum36nkypV/Q5NqnTe0/YLwQwvMCgYEA0YyF + 6/1i5zd7d0T1EUY1/PI75h1qwB/dj/X5wiovullDxnk2xuD1mAVh8aVN8J5+097+ + A4kowmuz4plzfps1ZLqRNNnebq06MkPDCM6p+W7m+kdT+T3OKjrYHL9Q+x/UVcZ5 + 4AeQjYM214jXBZexQRFFpcq3zmrMOujgCHXryvcCgYEAyt+Spj+jEvMB8x+t+w5p + Vno8TQW0x9dCjE81o/ix1P1JKJiK+wrhtShC0EiNYetdArmF6sC3rCp0cNe44qpu + wxNl/7hQPNt1RZCNnjv1pZc2jVpqCNfrEDomjD4mgW+yK/ecP1j1k0ZlPOtZ1MSw + DIlhPjlehTnH46oIvP4x390CgYBWWJ4ykPW5Ku6QRfTpylGiyjoOZ16+jiLhGE1z + SajjE7dOyFHe/4GTw9wJE8Ga/eRq738h+9m0y2aTYAHsUI5e1FXTPldeqbjKT4vF + TEtUAfPhe5TJpkMWuaqlpdv7rrDzK1a7DsLs3P2zMKrRniEnG7PkTjURNIa1W5I9 + SkIAHwKBgFSHaJytPaZ4wQrWO4/xjBmYbm1sL2ayXuDt20cojDVd4hdcN6ExGpaf + fL6JqTMlKUklVPPuEKm26DToV8SkqJ4OILlEp1eRIvKNAmJwBhhFYTC0NSAp6H6B + pL3XkRzFMTTnhCyNM41iLkdWogmvu76lEF1Lz8jZSOZ/x344EzJf + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAwjADCOj3BQfTyc7UnVg8KyCvnfYvBBzEcenA6uWd8GMETUru + HEjI7e1xygDzhN9tHSQc0fwFrrZXyiLr0ZHL51lpbvrw0u5UKcPr6OYUxUS52UpM + MDZfF6D/qQEa/F1S/NPgQoomx9jQlglCasTVNSdh9AQjiIOmVnOPdsK3JSqOwRFn + UYOubqE31Ujll+i8aZS/EpuZ4c+5Qc9rHXzua1SA1w/TpN2tq0QWymh7NfGSnwGq + Vwy19XmlbcwK/zOOinvnhRkgLY/d/TyaZCfNSaod76Q3wo78RKsNONBUeWTFSSsf + xJ4/TqszwIYcZf7y0mt2s3nH+CfTmXcNZYqdZwIDAQABAoIBAQCUQfvPLa6LFLLJ + /TOu/dLSSp5KR88VoLELF6DGtpCjG7YJHRA2YAuoPAUIaTmDVOIFwbCPUY81GNpl + 5cuNsXawJz+sD8MWCAgR6xeONTvecN5D28nXdWucqrsG2WU1EDtv9IPfyYJaSlrW + cjNXOPhfILZUi2Rlsb2pe4ko7vjNUh3vF6cXZcT+USmqdx8nTNyTEapjlhpEmt2m + V6DO1p+we3m0P4LK1sUOYHpZ2LVwDgCtuM+ZoNhx+DDsVypNHdoi3O66fgpD4g0+ + ZcvqIvxVhXK2TV5nsGWqIe/efoJPd3JmI0kpl7aMrYmQ4BKL00MnQ9jv8t0tO1qR + q4Cy1HTBAoGBAMZ1UHoQef8pBHQaHEeYUOG0NUdk1rg8H3tVzPS/oqKmzheM0A4s + Puk69MPxwtAz9m8i6nN/3DOGHegYj/IUJnlwe35NFkjYSl9p/zC+9+7KEwNASxV2 + XVKu7+8OEp2S904qtrNbGqq9gtmU4wXJivkTKAc3i+O5DKoWEU61shdJAoGBAPp9 + s4LHNCXom282JWJ5GGrysiPDyYR+9l1kLNRuzQWD1q9yRd/7bRlC6PkdWpWol3LU + ePhTwmAUcsoEyQxu0387FAdwTp7B28kbe2kdDsOf+kcYigrWyng67bfb4FEteViY + 3o9XhUH82GyD9O6PpyoX9wmhKBbLk7QeiLU4Up8vAoGBAKBKfr6ocjDCK2Ou9ypo + fuNdzy6j5r2VagQO7+S6p5xhx9HDnQPlfsaYJLvil+vcHG31MJIrMmq3J46f0BvB + ZLXvQP9pOdeKQr+/+CqiA9Tth9+3XS2vlX7D5u0ZW7XDz1VmMHy619YSDQ66L4cs + GsBEVa9GkQlUHEOAYWhGXtppAoGBAPiE0B3W/5EAx3297bdWR3iME1tSe1OeF1Wu + 9p9I0tY+6DenG1ZOf/5JGRVXHzFOU/vUe7R8fWOPxhdSShmwttsLRSLgNNBjq2hK + gNVXw/coeEojOYnpcnV4mbMJTfOcN0FEYcM7ZPWEI0D+ZnptQb+MiUcfgcOj9IYG + qUGKgMZ3AoGAUjN4cA6mfEbmANOcsc/k3XYZb1WUbcyQSrpOSznQaT+wbcCt/EPE + MH13DRFOdog/NJXZhEMwZq3UTumd1hXBFfu8JKAkmbGt0elVxUJ454cFFpHGxQVu + QoEBobEYqb7cAqYkkSWkOHFKKMVMDOaX9FwKwyRRP//8j67X1qhlaTQ= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-n3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpgIBAAKCAQEAxKDvOf7gM/KYM2B8NhGNi8EW1pMNROiiCLmRFxiPMo0aoLMD + jR9fD1K59qiTQ2nuohh2Qm3jZywDcOSby2rrsuPwRC7XyQ8TdmQ7dD5KLv27b33o + UKT7eWKL9KVG9EeKBAKT2MKT6GR27WBvdi2we0yJGeG17nG30RYI6X/tjiFPONnR + yt89KhwcQHEI0caEtX8AKXTvzQqSHG2i9vwvVFRFtV00v0xz9heUOSBZ6zVOu/yn + nwt1gJmiFJxMC7VlruHPmMvhLu4Q8Q5mNagxC3GyZQPzazgU/ej230UcfwnKAJWD + JDZe6Y4eR/n3tw7Fu20Mdu02/NjcJPxVm1af7QIDAQABAoIBAQCJ3xJ/BvEsW6FO + /Qt7Wgl3AfhCkq/OLpRXK87JdAYMexY9sef+jw23j9knVAKWVXPnIuHhKG44TItJ + IHMBSkJkmCFDndjeePy7mgJ6OqcHlhBUV+OKkHRoI6pg63b6GCN1Nl12stDFNZSS + U3k0U0sY2YyUokhQHlq2eA3dtD7c1dGC8PLScvWRLOFSgn8QHrYxUBQLwOpd6yde + WQYatv/Nvubjc6I+0Xsx9USlNSdmHgMTEQ9LqCblnTLVWUIapFGzQplpGHaWzXlc + aTb6A3jHH64PKXvybmgJyg5at+qpJ7QPxyB9DNy/vrYwSla5Qphl3KXJyHL3IB78 + czQVwFR9AoGBAOht4ucIc+EqykbDF7C5+1acOfZhCafwPqFvSf66hjOkKmRKhJjH + D/O+MIRNQeoCZ/pIpBvT+Bf86+v9xtG4LFOdUqp8KhmOtdgJs5tCMQkLVCSlCEKn + GlBDKSc7JlRZ1cxJn4KLfmaz6vfPZ64J096v5fDGNWfTvzRA6riroGCHAoGBANiR + oEvY1++xSn/2frjC8cSdCASenXwuCMi1NCa1VRKp+0VRikdEXUTUfLRgpb0WVh3u + 5v9uIjhGLkY0oGmTPIY9uUHe3jQhBMkAYxo33j9BdD9Ha4roGjYspV7qPWF2QJGo + nWPUhqVWv4uqol71tLIV3fudvf6MkBCcEyt/BtzrAoGBAMjvnraerxddF8v/Ay8M + ScYBf3aJQ4DFCFAl1vF5rWVdqixT47f0d8z/ghAOfkpg1CUiwYUxRgzu4cJ9/XD2 + 6JNMsdejSf4YSwq+sGAr5Bpuicq4RaDht7TlquE4mJVZqKRYjaadE6SULDEaRAbI + hjrBFGeH40mkXGs/J+yIqzhnAoGBAMuvOznaukz/S/hKFykigEzQ/CeMHsYabbyH + YIM/bMHfCSpK5GjezXHc/2SOuZK7nUcN2EhIhvqyVvdEq9Jf3j7Lcp+XQxl4LI33 + RT31aZvIrdKOE4FThsOI/gfk+tHdbCESmuS3j+OVURXE6G2zXb1Yf60U0QrFnQFi + KU1xbTz9AoGBAIxoC/5ekMjY8t4wUlNPHzdw0dFV+SwsJB3nwHtwMdidIWvO82kO + Xq1Jh9fYmOVUpePcguHXARhhEc3BIjgMib2amlNUR/jAlxL/rdo1Rz2MnQTsAKbG + Lb48jdUB7rDglRhRp57yHpWoCmYxLp0JApLC6m/lsjPUoR5urPuh7hxh + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA381tmbS3oaX/aYtOjYkh + sW8HqDGVHpCohYPgxV5lDDrcvCP1ce+bjt6ILHKxZcvu8NrkWBpAEP0gzDx8VvE7 + Kzq5WtUZvr7lmzYUpDwIQ+BjwNZJivL8j1/LfAKeYeGjYk8brtGswiRAPQsSB/Bv + by3T5++ZSD/AX1j0go2zeUFVaajV/rkUyskE5GiEdRwaHjE+XwNaUBbDHtMGC5dR + XMt3omckVjTN1RVlcUXEc4IY5N91yzeQOfIGqEdbyephDhTgX7aVMWRMJtJknPpX + 3WY4HBSplz/utEMrh9HM3qm2IlZ8bwvjhrBzD1U5BF6psOvI0hkB4/c8BszIv+Je + YQIDAQAB + -----END PUBLIC KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PublicKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA381tmbS3oaX/aYtOjYkhsW8HqDGVHpCohYPgxV5lDDrcvCP1 + ce+bjt6ILHKxZcvu8NrkWBpAEP0gzDx8VvE7Kzq5WtUZvr7lmzYUpDwIQ+BjwNZJ + ivL8j1/LfAKeYeGjYk8brtGswiRAPQsSB/Bvby3T5++ZSD/AX1j0go2zeUFVaajV + /rkUyskE5GiEdRwaHjE+XwNaUBbDHtMGC5dRXMt3omckVjTN1RVlcUXEc4IY5N91 + yzeQOfIGqEdbyephDhTgX7aVMWRMJtJknPpX3WY4HBSplz/utEMrh9HM3qm2IlZ8 + bwvjhrBzD1U5BF6psOvI0hkB4/c8BszIv+JeYQIDAQABAoIBAQC5u63qsvz2zWGT + wQX3Fkh9DY0IO+XqkNkavSCsC7PGm48XIKyQ2u55ehr+8ExjFAT/pFl++IIU104B + 0WzLZrXZIYo0ZMhR8fFxh0dIKX4efrmqjuxHwXJytmiUSUQSLYU/kDGEOwSpthYN + 0wMqzZJdbWYAhWrrd+T5/EQnmNvKky1qHJwhY57sX4amJH9amz54Ra2NbmNUtDGI + RmRqZupUAuAfy09AWt+PPiEJbKawmEtcvy29ICmTft5TKqlKoTFTzpHd549vzofa + Eq1UhZwPR4TPe5yKmEDgwiZjkpPpsh44bR7E6sOv0GiiOPs51/JfRurpC49+pzXh + UjdAWq+lAoGBAPj1e5QEGWFWJK5LSeLnKY07zepksiiEAo1YKbB/aqoBEmVGBVSi + 4wBX/j3ID/sKlE0cVWe+ZLMdooxbUgo48q3FXVzrvfL57fmedtHXL9220HUARGkB + 7JoMfzfIMY5WJ+kfsrvc5MqyLDGyjyqzGysTNNWlixmhHDs+Mkbx6qqjAoGBAOYh + zpyP4PNLYTWUzE+YCT3aqdPsVCf/Q2eFNWWagVOFQBiVuTBUIfVHmBLkTk3atQ9f + kJ5enpiBYNLBiFH/eOwFLdEMMpjCRruzBc2yUHf0AeHlYumTlb8g6h1NQTc45ArR + YYuD6q/HwYWmoC2MUJVSHxx7PHswTXJ9IjsKEccrAoGAOhRCzSgbp6qKCiNETGvz + NKCkDC+LpIoPclwD9cnz3086tGeebL1HSdg9Vrpqh/1S1Z5rijVPlr2uIyJWxE2+ + x61Id5oDiUCnNNm0DIYwA4BXp0P1sa2iPdn2f9PzQ6pzyx36+3qv4V2pk7p9Tc/U + 4bqsU7838TW1uVhsMELVpRMCgYA9yqQMe8F98iaG2Y5GbN9GYXkqMxGhr7OsjyL4 + RhUllOjR8RnJdT2s+21E3VJ9KxVkrFdLfsJ81nhl/psY0UzpqrZTpD/NrpSJf5c2 + VQOwQa9jtVDqwLr7l93kwkKZjkgE85WKfYA9dJhsx4HI2R0mCufZoOlrdlvFOv4+ + 9gQyAwKBgG4bxo60JxV36qziXCSeEvpFcZjOvlQXZb3VmxOzgDcrAo18MXGeqk4d + 9+V3oNnqMbjUSsZVkESSPQTlCsjXTR4Kx8dxevjBiJGBfBVjCyW5UajGzCboQvJI + qWkioSgoKbfXh359I0aZo+9euM/DkYgcHVVNZFcMRlEf8v1bhmzR + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PrivateKey/v1 diff --git a/site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml b/site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml new file mode 100644 index 000000000..150907ba0 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml @@ -0,0 +1,38 @@ +--- +schema: deckhand/CertificateKey/v1 +metadata: + schema: metadata/Document/v1 + name: airship_drydock_kvm_ssh_key + layeringDefinition: + layer: site + abstract: false + storagePolicy: cleartext +data: |- + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA6gVNOBV7zP2yeZF4P+pcei6VrRW5Qy0pzFNl4Xx6JGyM8LUP + yH11pPTokQ7G4JRowzn9tsq21b10gStFLyysOogXJlKCHeR0Bu1MfQYzxshyRgCM + dTc9H+4hhLnbPfazV+wUqgV02smsIy0x28DCiHUGXnledAsRPXFcT2d+ujPYoE7u + M6WDrRhGwMBM9s6iZ2aYcwDjN8SgliaeLEd6xrk/AHjsvEHQKVCqe24PxiwXbu9q + 8PMbUOHfd/OrK+ir+uzh06ZVywifPB6btP3BxBRNLVcSwGgUnPQWg/+q+vi6urlp + b66lxQ658gzltzFWHyOl/rQSMP1/rH3M1NhibwIDAQABAoIBAA1VW/70Cme1lLOk + fCt4GOjFOrXv5OxU6GrB3a4pP3RP0v/r8QhFTaymX5HUO7SUABwPc8s0ZZJsBvVN + F9YGP5HeKyN90/gMCihS4ObGsbCDvy8J3PbYvNzS3ooHZNx07+b0hoDharUEhJBE + hPC2XN8Ve9VqKN2Hu+W6Tb4gcXH+YlHEeULaeerZRmAflKxnspvYIkVzP5vV540h + qiP5LH5dTuHaJBiQcrCP9dbFzjPCqueFohHKOQI6wSbI9QbcuQvD7pxHoxPaf8B/ + V68fYaZoTGuVzhUuRsKTmseaFac4/bgmCQI8j2fDnWWA7EUANhH2ldIwEwBoPiF+ + nldqQbECgYEA/mcP2XQ98KIOLRRyWYMxPW/MjKRe1aefcll1Iitilt67mBwPUSvN + KB/JTLoN838Vdv/oPQiZrtTYiEsbcj3YHa+kjI62veSFXTeghMKgn4HqQ1FdHOIW + Ku+lXj6hSVUdyqC1r8vDDvoludFep+s+M0w/7tcSjlqlZHkpFgEL0uMCgYEA6316 + G8luptWeYOD2AOPjqqecXoSfPO6EG8rNO3IQUyQP8LgwtQUbK1PNZ/0u9IsKGnTA + CvtjhAmyLPlq87KSjOOw7br6VSih/9uxfx/zf+y+NOwkFBqgn2/9lwFvkoJvPELk + hRr39Ej9NuX42W5m7XkINCddJgPrVaGF0FQ87AUCgYEAuM03Fzi4se+Wqqqasml5 + wG5RQa05cqzUR6WyUAMCGCRuU322prlRy57jhMf20HX1qr8U/hkcQoM9VCxzIJbK + Qi5QMwaMuv6g3mlFQot7UMN34DTfldaqUcBJ+V83nGSnQoVh1fUHmf6enw/3WbWq + NmtiWeaEBULVuFnHPcO+yg8CgYEAqYha+VgpxgfyDlLGJ9voUjp6k30s2oPoLc3x + tIMoh4Jly2n+/sMfTTD2po+aV0kly+gTPZS/jxYf5MrnGWyMnsto260JfXdUMUur + XBbXiVgZkyYRzztgOYg5a5YICdTHWf3aYI0Kxx4o1XX4kiguB3Zj1pAkOjMGIE65 + dELA3TUCgYAoRt2+LINxTn2dqU9sHv+oAqN9WY3AGLc8MgAG2sEyD6u6a4ji6LJA + 5W48boUeUAieiyHdLqpnxZbgsndFXGoOGy3w7k511mGVT8R37uzqoW8en+l/B3aC + m6GnweW01V+kv0FiSLsMfNZmYQeCQRNYn/LdSBAjsrmg8c88z0Af6g== + -----END RSA PRIVATE KEY----- +... diff --git a/site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml b/site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml new file mode 100644 index 000000000..e80417d2a --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/PublicKey/v1 +metadata: + schema: metadata/Document/v1 + name: airship_ubuntu_ssh_public_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqBU04FXvM/bJ5kXg/6lx6LpWtFblDLSnMU2XhfHokbIzwtQ/IfXWk9OiRDsbglGjDOf22yrbVvXSBK0UvLKw6iBcmUoId5HQG7Ux9BjPGyHJGAIx1Nz0f7iGEuds99rNX7BSqBXTayawjLTHbwMKIdQZeeV50CxE9cVxPZ366M9igTu4zpYOtGEbAwEz2zqJnZphzAOM3xKCWJp4sR3rGuT8AeOy8QdApUKp7bg/GLBdu72rw8xtQ4d9386sr6Kv67OHTplXLCJ88Hpu0/cHEFE0tVxLAaBSc9BaD/6r6+Lq6uWlvrqXFDrnyDOW3MVYfI6X+tBIw/X+sfczU2GJv ubuntu@multinode +... diff --git a/site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml b/site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml new file mode 100644 index 000000000..e9cd1ddf1 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: apiserver-encryption-key-key1 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# head -c 32 /dev/urandom | base64 +data: ShMq3FztlkBMTDMKmKBv9Nq0Rk6h5hGWwZTyUnYjxlM= +... diff --git a/site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml b/site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml new file mode 100644 index 000000000..720150288 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: 7b7576f4-3358-4668-9112-100440079807 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml new file mode 100644 index 000000000..9a9af1f2c --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_swift_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml new file mode 100644 index 000000000..6ab430ed8 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml @@ -0,0 +1,13 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ipmi_admin_password + layeringDefinition: + abstract: false + layer: site + labels: + name: ipmi-admin-password-site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml b/site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml new file mode 100644 index 000000000..73d4a6970 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: maas-region-key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# openssl rand -hex 10 +data: 9026f6048d6a017dc913 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml new file mode 100644 index 000000000..c5f866c85 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml new file mode 100644 index 000000000..9bf0217bf --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml new file mode 100644 index 000000000..51221924c --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml new file mode 100644 index 000000000..b22f898b6 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml new file mode 100644 index 000000000..5d76ba793 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml new file mode 100644 index 000000000..26565dbe3 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml new file mode 100644 index 000000000..073906900 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml new file mode 100644 index 000000000..d103c2780 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml new file mode 100644 index 000000000..93ae0f24b --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml new file mode 100644 index 000000000..3352d4ce9 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml new file mode 100644 index 000000000..39f132713 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml new file mode 100644 index 000000000..5777ebbf8 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml new file mode 100644 index 000000000..36db28bc2 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_stack_user_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml new file mode 100644 index 000000000..58129ef5d --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_trustee_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml new file mode 100644 index 000000000..7c78d4572 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_horizon_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml new file mode 100644 index 000000000..78c265edc --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_elasticsearch_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml new file mode 100644 index 000000000..9232de761 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml new file mode 100644 index 000000000..6d5f49e5b --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml new file mode 100644 index 000000000..bd4e57399 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_session_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml new file mode 100644 index 000000000..52dbe16a0 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_nagios_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml new file mode 100644 index 000000000..64f78e1a4 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_openstack_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml new file mode 100644 index 000000000..9c68e9d5c --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml new file mode 100644 index 000000000..f134f46a9 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml new file mode 100644 index 000000000..b3df5f659 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_prometheus_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml new file mode 100644 index 000000000..9f64719a0 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_access_key +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml new file mode 100644 index 000000000..3e06f913a --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_secret_key +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml new file mode 100644 index 000000000..97c7d2312 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_access_key +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml new file mode 100644 index 000000000..60f0134e0 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_secret_key +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml new file mode 100644 index 000000000..6c3f44695 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml new file mode 100644 index 000000000..2edf0f22c --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_ldap_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml new file mode 100644 index 000000000..07b2206ab --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml new file mode 100644 index 000000000..be716f432 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml new file mode 100644 index 000000000..4d0b15749 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml new file mode 100644 index 000000000..6be02b9ce --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml new file mode 100644 index 000000000..dd0b2b68b --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml new file mode 100644 index 000000000..37d5c627c --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_metadata_proxy_shared_secret + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml new file mode 100644 index 000000000..2cd60f567 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml new file mode 100644 index 000000000..13569ba02 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml new file mode 100644 index 000000000..4c2223d36 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml new file mode 100644 index 000000000..11747a726 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_cache_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml new file mode 100644 index 000000000..48df9ee54 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml new file mode 100644 index 000000000..61b4144ad --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..e7d97e27c --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml new file mode 100644 index 000000000..c72b59ac0 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_placement_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml b/site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..a3b5a2b69 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml b/site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml new file mode 100644 index 000000000..af90ec05b --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_tempest_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml b/site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml new file mode 100644 index 000000000..18bd48556 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: tenant_ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml b/site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml new file mode 100644 index 000000000..4d6046803 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ubuntu_crypt_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# Pass: password123 +data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml new file mode 100644 index 000000000..33c4125ef --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml new file mode 100644 index 000000000..8a1d64884 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml new file mode 100644 index 000000000..866efcce2 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_armada_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml new file mode 100644 index 000000000..cb2da2244 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml new file mode 100644 index 000000000..95a76ed17 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml new file mode 100644 index 000000000..5ee27f2a8 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml new file mode 100644 index 000000000..e63319b71 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml new file mode 100644 index 000000000..b8083b519 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml new file mode 100644 index 000000000..2eff5255c --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml new file mode 100644 index 000000000..91f74fdc0 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml new file mode 100644 index 000000000..a9cb15317 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml new file mode 100644 index 000000000..402c1299b --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml new file mode 100644 index 000000000..96ec5745c --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml new file mode 100644 index 000000000..b513af431 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_openstack_exporter_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml new file mode 100644 index 000000000..b3c132542 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml new file mode 100644 index 000000000..95d6c0e3c --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml new file mode 100644 index 000000000..546de05ba --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml new file mode 100644 index 000000000..abdaa5bc4 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml new file mode 100644 index 000000000..2176e714f --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_replication_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml new file mode 100644 index 000000000..ac40d1ec5 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_promenade_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..6a2aef93e --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml new file mode 100644 index 000000000..181a52a84 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml new file mode 100644 index 000000000..de0eed714 --- /dev/null +++ b/site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/seaworthy-virt/site-definition.yaml b/site/seaworthy-virt/site-definition.yaml new file mode 100644 index 000000000..ba98fd8d4 --- /dev/null +++ b/site/seaworthy-virt/site-definition.yaml @@ -0,0 +1,12 @@ +--- +schema: pegleg/SiteDefinition/v1 +metadata: + schema: metadata/Document/v1 + layeringDefinition: + abstract: false + layer: site + name: seaworthy-virt + storagePolicy: cleartext +data: + site_type: foundry +... diff --git a/site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml b/site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml new file mode 100644 index 000000000..146d008e2 --- /dev/null +++ b/site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml @@ -0,0 +1,160 @@ +--- +# This is a copy-n-paste +# from globals as this document must layer from type +# so it can replace type, but really wants the content +# from global. Refactor after the gate emulates fabric +# BGP peering +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-global + actions: + - method: replace + path: . + storagePolicy: cleartext + substitutions: + # Chart source + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .charts.kubernetes.calico.calico + dest: + path: .source + # Image versions + - src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .images.calico.calico + dest: + path: .values.images.tags + # IP addresses + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .calico.etcd.service_ip + dest: + path: .values.endpoints.etcd.host_fqdn_override.default + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.pod_cidr + dest: + path: .values.networking.podSubnet + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.api_service_ip + dest: + path: .values.conf.controllers.K8S_API + pattern: SUB_KUBERNETES_IP + + # Other site-specific configuration + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .calico.ip_autodetection_method + dest: + path: .values.conf.node.IP_AUTODETECTION_METHOD + + # Certificates + - src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: . + dest: + path: .values.endpoints.etcd.auth.client.tls.ca + - src: + schema: deckhand/Certificate/v1 + name: calico-node + path: . + dest: + path: .values.endpoints.etcd.auth.client.tls.crt + - src: + schema: deckhand/CertificateKey/v1 + name: calico-node + path: . + dest: + path: .values.endpoints.etcd.auth.client.tls.key +data: + chart_name: calico + release: kubernetes-calico + namespace: kube-system + protected: + continue_processing: true + wait: + timeout: 1800 + labels: + release_group: airship-kubernetes-calico + upgrade: + no_hooks: false + pre: + delete: + - type: job + labels: + release_group: airship-kubernetes-calico + values: + conf: + cni_network_config: + name: k8s-pod-network + cniVersion: 0.3.0 + plugins: + - type: calico + etcd_endpoints: __ETCD_ENDPOINTS__ + etcd_ca_cert_file: /etc/calico/pki/ca + etcd_cert_file: /etc/calico/pki/crt + etcd_key_file: /etc/calico/pki/key + log_level: info + mtu: 1500 + ipam: + type: calico-ipam + policy: + type: k8s + kubernetes: + kubeconfig: __KUBECONFIG_FILEPATH__ + - type: portmap + snat: true + capabilities: + portMappings: true + + controllers: + K8S_API: "https://SUB_KUBERNETES_IP:443" + + node: + CALICO_STARTUP_LOGLEVEL: INFO + CLUSTER_TYPE: "k8s,bgp" + ETCD_CA_CERT_FILE: /etc/calico/pki/ca + ETCD_CERT_FILE: /etc/calico/pki/crt + ETCD_KEY_FILE: /etc/calico/pki/key + WAIT_FOR_STORAGE: "true" + + endpoints: + etcd: + hosts: + default: calico-etcd + scheme: + default: https + + networking: + settings: + mesh: "on" + ippool: + ipip: + enabled: "true" + mode: "Always" + nat_outgoing: "true" + disabled: "false" + + manifests: + daemonset_calico_etcd: false + job_image_repo_sync: false + pod_calicoctl: false + service_calico_etcd: false + dependencies: + - calico-htk +... diff --git a/site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml b/site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml new file mode 100644 index 000000000..cdaa83c9b --- /dev/null +++ b/site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml @@ -0,0 +1,153 @@ +--- +# The purpose of this file is to build the list of calico etcd nodes and the +# calico etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which calico etcd will run and will need certs. It is assumed + # that Airship sites will have 4 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[2].hostname + dest: + path: .values.nodes[3].name + + # Certificate substitutions for the node names assembled on the above list. + # Genesis hostname - n0 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n0 + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n0 + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n0-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n0-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - n1 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n1 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n1 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n1-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n1-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - n2 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n2 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n2 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n2-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n2-peer + path: . + dest: + path: .values.nodes[2].tls.peer.key + + # master node 3 hostname - n3 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n3 + path: . + dest: + path: .values.nodes[3].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n3 + path: . + dest: + path: .values.nodes[3].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n3-peer + path: . + dest: + path: .values.nodes[3].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n3-peer + path: $ + dest: + path: .values.nodes[3].tls.peer.key + +data: {} +... diff --git a/site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml b/site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml new file mode 100644 index 000000000..cb19b8345 --- /dev/null +++ b/site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml @@ -0,0 +1,163 @@ +--- +# The purpose of this file is to build the list of k8s etcd nodes and the +# k8s etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which k8s etcd will run and will need certs. It is assumed + # that Airship sites will have 4 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[2].hostname + dest: + path: .values.nodes[3].name + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis Exception* + # *NOTE: This is an exception in that `genesis` is not the hostname of the + # genesis node, but `genesis` is reference here in the certificate names + # because of certain Promenade assumptions that may be addressed in the + # future. Therefore `genesis` is used instead of `cab23-r720-11` here. + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - n1 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n1 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n1 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n1-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n1-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - n2 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n2 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n2 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n2-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n2-peer + path: $ + dest: + path: .values.nodes[2].tls.peer.key + + # master node 3 hostname - n3 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n3 + path: . + dest: + path: .values.nodes[3].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n3 + path: . + dest: + path: .values.nodes[3].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n3-peer + path: . + dest: + path: .values.nodes[3].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n3-peer + path: $ + dest: + path: .values.nodes[3].tls.peer.key + +data: {} +... diff --git a/site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml b/site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml new file mode 100644 index 000000000..be619535e --- /dev/null +++ b/site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml @@ -0,0 +1,31 @@ +--- +# The purpose of this file is to define the environment-specific public-facing +# VIP for the ingress controller +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ingress-kube-system + layeringDefinition: + abstract: false + layer: site + parentSelector: + ingress: kube-system + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .vip.ingress_vip + dest: + path: .values.network.vip.addr +data: + values: + network: + ingress: + disable-ipv6: "true" + vip: + manage: true +... diff --git a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml new file mode 100644 index 000000000..0679cd98e --- /dev/null +++ b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml @@ -0,0 +1,18 @@ +--- +# The purpose of this file is to define environment-specific parameters for ceph +# client update +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client-update + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-update-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client.yaml b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client.yaml new file mode 100644 index 000000000..642538960 --- /dev/null +++ b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-client.yaml @@ -0,0 +1,98 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-client-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + osd: 1 + spec: + # RBD pool + - name: rbd + application: rbd + replication: 1 + percent_total_data: 40 + # CephFS pools + - name: cephfs_metadata + application: cephfs + replication: 1 + percent_total_data: 5 + - name: cephfs_data + application: cephfs + replication: 1 + percent_total_data: 10 + # RadosGW pools + - name: .rgw.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.control + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.data.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.gc + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.intent-log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.meta + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.usage + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.keys + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.email + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.swift + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.uid + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.extra + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.index + application: rgw + replication: 1 + percent_total_data: 3 + - name: default.rgw.buckets.data + application: rgw + replication: 1 + percent_total_data: 34.8 +... + diff --git a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-osd.yaml b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-osd.yaml new file mode 100644 index 000000000..a3b09ae88 --- /dev/null +++ b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-osd.yaml @@ -0,0 +1,18 @@ +--- +# The purpose of this file is to define environment-specific parameters for +# ceph-osd +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-osd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-osd-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/site/seaworthy-virt/software/charts/ucp/ceph/ceph-provisioners.yaml b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-provisioners.yaml new file mode 100644 index 000000000..a373c6ecc --- /dev/null +++ b/site/seaworthy-virt/software/charts/ucp/ceph/ceph-provisioners.yaml @@ -0,0 +1,20 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-provisioners + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-ceph-provisioners + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + deployment: + cephfs_provisioner: false +... diff --git a/site/seaworthy-virt/software/charts/ucp/divingbell/divingbell.yaml b/site/seaworthy-virt/software/charts/ucp/divingbell/divingbell.yaml new file mode 100644 index 000000000..5f8fc9b39 --- /dev/null +++ b/site/seaworthy-virt/software/charts/ucp/divingbell/divingbell.yaml @@ -0,0 +1,53 @@ +--- +# The purpose of this file is to define site-specific parameters to the +# UAM-lite portion of the divingbell chart: +# 1. User accounts to create on bare metal +# 2. SSH public key for operationg system access to the bare metal +# 3. Passwords for operating system access via iDrac/iLo console. SSH password- +# based auth is disabled. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-divingbell-global + actions: + - method: merge + path: . + labels: + name: ucp-divingbell-site + storagePolicy: cleartext + substitutions: + - dest: + path: .values.conf.uamlite.users[0].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: airship_ubuntu_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[0].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: ubuntu_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[1].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: airship_ubuntu_ssh_public_key + path: . +data: + values: + conf: + uamlite: + users: + - user_name: ubuntu + user_sudo: true + user_sshkeys: [] + - user_name: airship + user_sudo: true + user_sshkeys: [] +... diff --git a/site/seaworthy-virt/software/charts/ucp/drydock/drydock.yaml b/site/seaworthy-virt/software/charts/ucp/drydock/drydock.yaml new file mode 100644 index 000000000..f73079349 --- /dev/null +++ b/site/seaworthy-virt/software/charts/ucp/drydock/drydock.yaml @@ -0,0 +1,44 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-drydock + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-drydock-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: deckhand/CertificateKey/v1 + name: airship_drydock_kvm_ssh_key + path: . + dest: + path: .values.conf.ssh.private_key +data: + values: + pod: + security_context: + drydock: + pod: + # NOTE: Drydock has a hardcoded path to SSH key that + # uses root home directory, default `nobody` user + # does not have have the access to keys in the root + # directory, consequently Drydock fails to connect to + # the Libvirt host using SSH. + # Remove this workaround when Drydock is fixed. + runAsUser: 0 + manifests: + secret_ssh_key: true + conf: + drydock: + plugins: + oob_driver: + - 'drydock_provisioner.drivers.oob.pyghmi_driver.driver.PyghmiDriver' + - 'drydock_provisioner.drivers.oob.libvirt_driver.driver.LibvirtDriver' +... diff --git a/site/seaworthy-virt/software/charts/ucp/drydock/maas.yaml b/site/seaworthy-virt/software/charts/ucp/drydock/maas.yaml new file mode 100644 index 000000000..1a44797b2 --- /dev/null +++ b/site/seaworthy-virt/software/charts/ucp/drydock/maas.yaml @@ -0,0 +1,38 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-maas-global + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-maas-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: deckhand/CertificateKey/v1 + name: airship_drydock_kvm_ssh_key + path: . + dest: + path: .values.conf.ssh.private_key + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .vip.maas_vip + dest: + path: .values.network.maas_ingress.addr +data: + values: + endpoints: + maas_ingress: + port: + ingress_default_server: + default: 8182 + manifests: + secret_ssh_key: true +... diff --git a/site/seaworthy-virt/software/charts/ucp/promenade/promenade.yaml b/site/seaworthy-virt/software/charts/ucp/promenade/promenade.yaml new file mode 100644 index 000000000..d184e147a --- /dev/null +++ b/site/seaworthy-virt/software/charts/ucp/promenade/promenade.yaml @@ -0,0 +1,16 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-promenade + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-promenade-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/site/seaworthy-virt/software/config/common-software-config.yaml b/site/seaworthy-virt/software/config/common-software-config.yaml new file mode 100644 index 000000000..b2ed066f1 --- /dev/null +++ b/site/seaworthy-virt/software/config/common-software-config.yaml @@ -0,0 +1,15 @@ +--- +# The purpose of this file is to define site-specific common software config +# paramters. +schema: pegleg/CommonSoftwareConfig/v1 +metadata: + schema: metadata/Document/v1 + name: common-software-config + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + osh: + region_name: seaworthy-virt +... diff --git a/site/seaworthy-virt/software/config/endpoints.yaml b/site/seaworthy-virt/software/config/endpoints.yaml new file mode 100644 index 000000000..1eaaea0d7 --- /dev/null +++ b/site/seaworthy-virt/software/config/endpoints.yaml @@ -0,0 +1,965 @@ +--- +# The purpose of this file is to define the site's endpoint catalog. This should +# not need to be modified for a new site. +# #GLOBAL-CANDIDATE# +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + identity: + namespace: ucp + name: keystone + host_fqdn_override: + default: null + public: + host: keystone.gate.local + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + armada: + name: armada + hosts: + default: armada-api + public: armada + port: + api: + default: 8000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + deckhand: + name: deckhand + hosts: + default: deckhand-int + public: deckhand-api + port: + api: + default: 9000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + postgresql: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + postgresql_airflow_celery: + name: postgresql_airflow_celery_db + hosts: + default: postgresql + path: /DB_NAME + scheme: db+postgresql + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + key_manager: + name: barbican + hosts: + default: barbican-api + public: barbican + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: "http" + port: + api: + default: 9311 + public: 80 + airflow_oslo_messaging: + namespace: null + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /airflow + scheme: amqp + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_messaging: + namespace: null + statefulset: + name: airship-ucp-rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + physicalprovisioner: + name: drydock + hosts: + default: drydock-api + public: drydock-api + port: + api: + default: 9000 + nodeport: 31900 + public: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "http" + host_fqdn_override: + default: null + public: + host: drydock.gate.local + maas_region: + name: maas-region + hosts: + default: maas-region + public: maas-region + path: + default: /MAAS + scheme: + default: "http" + port: + region_api: + default: 80 + nodeport: 31900 + podport: 80 + public: 80 + region_proxy: + default: 8000 + host_fqdn_override: + default: null + public: + host: maas.gate.local + maas_ingress: + hosts: + default: maas-ingress + error_pages: maas-ingress-error + host_fqdn_override: + public: null + port: + http: + default: 80 + https: + default: 443 + ingress_default_server: + default: 8383 + error_pages: + default: 8080 + podport: 8080 + healthz: + podport: 10259 + status: + podport: 18089 + kubernetesprovisioner: + name: promenade + hosts: + default: promenade-api + port: + api: + default: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + shipyard: + name: shipyard + hosts: + default: shipyard-int + public: shipyard-api + port: + api: + default: 9000 + public: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "http" + host_fqdn_override: + default: null + public: + host: shipyard.gate.local + prometheus_openstack_exporter: + namespace: ucp + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + ceph: + object_store: + name: swift + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: /swift/v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_mon: + namespace: ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6789 + ceph_mgr: + namespace: ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7000 + scheme: + default: "http" + tenant_ceph_mon: + namespace: tenant-ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6790 + tenant_ceph_mgr: + namespace: tenant-ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7001 + metrics: + default: 9284 + scheme: + default: http +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + osh: + object_store: + name: swift + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: /swift/v1/KEY_$(tenant_id)s + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + prometheus_mysql_exporter: + namespace: openstack + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + oslo_messaging: + statefulset: + name: airship-openstack-rabbitmq-rabbitmq + namespace: openstack + hosts: + default: openstack-rabbitmq + host_fqdn_override: + default: null + path: /VHOST_NAME + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + openstack_rabbitmq_exporter: + namespace: openstack + hosts: + default: openstack-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + oslo_cache: + namespace: openstack + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + identity: + namespace: openstack + name: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + image: + name: glance + hosts: + default: glance-api + public: glance + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9292 + public: 80 + image_registry: + name: glance-registry + hosts: + default: glance-registry + public: glance-reg + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9191 + public: 80 + volume: + name: cinder + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + path: + default: "/v1/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev2: + name: cinderv2 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev3: + name: cinderv3 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + path: + default: "/v3/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + orchestration: + name: heat + hosts: + default: heat-api + public: heat + host_fqdn_override: + default: null + path: + default: "/v1/%(project_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8004 + public: 80 + cloudformation: + name: heat-cfn + hosts: + default: heat-cfn + public: cloudformation + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8000 + public: 80 + cloudwatch: + name: heat-cloudwatch + hosts: + default: heat-cloudwatch + public: cloudwatch + host_fqdn_override: + default: null + path: + default: null + type: null + scheme: + default: "http" + port: + api: + default: 8003 + public: 80 + network: + name: neutron + hosts: + default: neutron-server + public: neutron + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9696 + public: 80 + compute: + name: nova + hosts: + default: nova-api + public: nova + host_fqdn_override: + default: null + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8774 + public: 80 + novncproxy: + default: 80 + compute_metadata: + name: nova + hosts: + default: nova-metadata + public: metadata + host_fqdn_override: + default: null + path: + default: / + scheme: + default: "http" + port: + metadata: + default: 8775 + public: 80 + compute_novnc_proxy: + name: nova + hosts: + default: nova-novncproxy + public: novncproxy + host_fqdn_override: + default: null + path: + default: /vnc_auto.html + scheme: + default: "http" + public: "http" + port: + novnc_proxy: + default: 6080 + public: 80 + compute_spice_proxy: + name: nova + hosts: + default: nova-spiceproxy + host_fqdn_override: + default: null + path: + default: /spice_auto.html + scheme: + default: "http" + port: + spice_proxy: + default: 6082 + placement: + name: placement + hosts: + default: placement-api + public: placement + host_fqdn_override: + default: null + path: + default: / + scheme: + default: "http" + public: "http" + port: + api: + default: 8778 + public: 80 + dashboard: + name: horizon + hosts: + default: horizon-int + public: horizon + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + web: + default: 80 + public: 80 +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.auth_path + dest: + path: .osh_infra.ldap.path.default + pattern: AUTH_PATH +data: + osh_infra: + ceph_object_store: + name: radosgw + namespace: osh-infra + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 8088 + public: 80 + elasticsearch: + name: elasticsearch + namespace: osh-infra + hosts: + data: elasticsearch-data + default: elasticsearch-logging + discovery: elasticsearch-discovery + public: elasticsearch + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + prometheus_elasticsearch_exporter: + namespace: null + hosts: + default: elasticsearch-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9108 + fluentd: + namespace: osh-infra + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + service: + default: 24224 + metrics: + default: 24220 + prometheus_fluentd_exporter: + namespace: osh-infra + hosts: + default: fluentd-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9309 + oslo_db: + namespace: osh-infra + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + prometheus_mysql_exporter: + namespace: osh-infra + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + grafana: + name: grafana + namespace: osh-infra + hosts: + default: grafana-dashboard + public: grafana + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + grafana: + default: 3000 + public: 80 + monitoring: + name: prometheus + namespace: osh-infra + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9090 + http: + default: 80 + kibana: + name: kibana + namespace: osh-infra + hosts: + default: kibana-dash + public: kibana + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + kibana: + default: 5601 + public: 80 + alerts: + name: alertmanager + namespace: osh-infra + hosts: + default: alerts-engine + public: alertmanager + discovery: alertmanager-discovery + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9093 + public: 80 + mesh: + default: 6783 + kube_state_metrics: + namespace: kube-system + hosts: + default: kube-state-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + http: + default: 8080 + kube_scheduler: + scheme: + default: "http" + path: + default: /metrics + kube_controller_manager: + scheme: + default: "http" + path: + default: /metrics + node_metrics: + namespace: kube-system + hosts: + default: node-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9100 + prometheus_port: + default: 9100 + process_exporter_metrics: + namespace: kube-system + hosts: + default: process-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9256 + prometheus_openstack_exporter: + namespace: openstack + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + nagios: + name: nagios + namespace: osh-infra + hosts: + default: nagios-metrics + public: nagios + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + http: + default: 80 + public: 80 + ldap: + hosts: + default: ldap + host_fqdn_override: + default: null + path: + default: /AUTH_PATH + scheme: + default: "ldap" + port: + ldap: + default: 389 +... diff --git a/site/seaworthy-virt/software/config/service_accounts.yaml b/site/seaworthy-virt/software/config/service_accounts.yaml new file mode 100644 index 000000000..9dad2920b --- /dev/null +++ b/site/seaworthy-virt/software/config/service_accounts.yaml @@ -0,0 +1,435 @@ +--- +# The purpose of this file is to define the account catalog for the site. This +# mostly contains service usernames, but also contain some information which +# should be changed like the region (site) name. +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + postgres: + admin: + username: postgres + replica: + username: standby + exporter: + username: psql_exporter + oslo_db: + admin: + username: root + oslo_messaging: + admin: + username: rabbitmq + keystone: + admin: + # NEWSITE-CHANGEME: Replace with the site name + region_name: seaworthy-virt + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + oslo_db: + username: keystone + database: keystone + promenade: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: seaworthy-virt + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: promenade + drydock: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: seaworthy-virt + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + postgres: + username: drydock + database: drydock + shipyard: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: seaworthy-virt + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + postgres: + username: shipyard + database: shipyard + airflow: + postgres: + username: airflow + database: airflow + oslo_messaging: + admin: + username: rabbitmq + user: + username: airflow + maas: + admin: + username: admin + email: none@none + postgres: + username: maas + database: maasdb + barbican: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: seaworthy-virt + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: barbican + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + armada: + keystone: + project_domain_name: default + user_domain_name: default + project_name: service + # NEWSITE-CHANGEME: Replace with the site name + region_name: seaworthy-virt + role: admin + username: armada + deckhand: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: seaworthy-virt + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: deckhand + postgres: + username: deckhand + database: deckhand + prometheus_openstack_exporter: + user: + region_name: seaworthy-virt + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + ceph: + swift: + keystone: + role: admin + # NEWSITE-CHANGEME: Replace with the site name + region_name: seaworthy-virt + username: swift + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.keystone.admin.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.cinder.cinder.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.glance.glance.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_trustee.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_stack_user.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.swift.keystone.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.neutron.neutron.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.nova.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.placement.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name +data: + osh: + keystone: + admin: + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_db: + username: keystone + database: keystone + oslo_messaging: + keystone: + username: keystone-rabbitmq-user + ldap: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + username: "test@ldap.example.com" + cinder: + cinder: + role: admin + username: cinder + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: cinder + database: cinder + oslo_messaging: + cinder: + username: cinder-rabbitmq-user + glance: + glance: + role: admin + username: glance + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: glance + database: glance + oslo_messaging: + glance: + username: glance-rabbitmq-user + ceph_object_store: + username: glance + heat: + heat: + role: admin + username: heat + project_name: service + user_domain_name: default + project_domain_name: default + heat_trustee: + role: admin + username: heat-trust + project_name: service + user_domain_name: default + project_domain_name: default + heat_stack_user: + role: admin + username: heat-domain + domain_name: heat + oslo_db: + username: heat + database: heat + oslo_messaging: + heat: + username: heat-rabbitmq-user + swift: + keystone: + role: admin + username: swift + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-oslodb-exporter + neutron: + neutron: + role: admin + username: neutron + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: neutron + database: neutron + oslo_messaging: + neutron: + username: neutron-rabbitmq-user + nova: + nova: + role: admin + username: nova + project_name: service + user_domain_name: default + project_domain_name: default + placement: + role: admin + username: placement + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: nova + database: nova + oslo_db_api: + username: nova + database: nova_api + oslo_db_cell0: + username: nova + database: "nova_cell0" + oslo_messaging: + nova: + username: nova-rabbitmq-user + horizon: + oslo_db: + username: horizon + database: horizon + barbican: + barbican: + role: admin + username: barbican + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: barbican + database: barbican + oslo_messaging: + barbican: + username: barbican-rabbitmq-user + oslo_messaging: + admin: + username: admin + tempest: + tempest: + role: admin + username: tempest + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh_infra.prometheus_openstack_exporter.user.region_name +data: + osh_infra: + ceph_object_store: + admin: + username: s3_admin + elasticsearch: + username: elasticsearch + grafana: + admin: + username: grafana + oslo_db: + username: grafana + database: grafana + oslo_db_session: + username: grafana_session + database: grafana_session + elasticsearch: + admin: + username: elasticsearch + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-infra-oslodb-exporter + prometheus_openstack_exporter: + user: + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + nagios: + admin: + username: nagios + prometheus: + admin: + username: prometheus + ldap: + admin: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + bind: "test@ldap.example.com" +... diff --git a/site/seaworthy-virt/software/manifests/bootstrap.yaml b/site/seaworthy-virt/software/manifests/bootstrap.yaml new file mode 100644 index 000000000..694d1286e --- /dev/null +++ b/site/seaworthy-virt/software/manifests/bootstrap.yaml @@ -0,0 +1,38 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-bootstrap + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: cluster-bootstrap-global + actions: + - method: merge + path: . + - method: replace + path: .chart_groups + storagePolicy: cleartext +data: + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - ucp-ceph + - ucp-ceph-config + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock + - ucp-promenade + - ucp-shipyard +... diff --git a/site/seaworthy-virt/software/manifests/full-site.yaml b/site/seaworthy-virt/software/manifests/full-site.yaml new file mode 100644 index 000000000..1b0cad972 --- /dev/null +++ b/site/seaworthy-virt/software/manifests/full-site.yaml @@ -0,0 +1,41 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: full-site + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: full-site-global + actions: + - method: merge + path: . + - method: replace + path: .chart_groups + labels: + name: full-site-global + storagePolicy: cleartext +data: + release_prefix: airship + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - ucp-ceph-update + - ucp-ceph-config + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock-scaled + - ucp-promenade + - ucp-shipyard +...