diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 0000000..38d8f59 --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,3 @@ +# Documentation +sphinx>=1.6.2 +sphinx_rtd_theme==0.2.4 diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100644 index 0000000..981fdc8 --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,129 @@ +# -*- coding: utf-8 -*- +# +# shipyard documentation build configuration file, created by +# sphinx-quickstart on Sat Sep 16 03:40:50 2017. +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# +import os +import sys +sys.path.insert(0, os.path.abspath('../../')) +import sphinx_rtd_theme + + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'sphinx.ext.todo', + 'sphinx.ext.viewcode', +] + +# Add any paths that contain templates here, relative to this directory. +# templates_path = [] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'tugboat' +copyright = u'2018 AT&T Intellectual Property.' +author = u'Tugboat Authors' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = u'0.1.0' +# The full version, including alpha/beta/rc tags. +release = u'0.1.0' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +# This patterns also effect to html_static_path and html_extra_path +exclude_patterns = [] + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# +html_theme = "sphinx_rtd_theme" +html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# +# html_theme_options = {} + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = [] + + +# -- Options for HTMLHelp output ------------------------------------------ + +# Output file base name for HTML help builder. +htmlhelp_basename = 'ucpintdoc' + + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # + # 'preamble': '', + + # Latex figure (float) alignment + # + # 'figure_align': 'htbp', +} diff --git a/doc/source/getting_started.rst b/doc/source/getting_started.rst new file mode 100644 index 0000000..1e502f4 --- /dev/null +++ b/doc/source/getting_started.rst @@ -0,0 +1,132 @@ +.. + Copyright 2018 AT&T Intellectual Property. + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + +=============== +Getting Started +=============== + +What is Spyglass? +---------------- + +Spyglass is a data extraction tool which can interface with +different input data sources to generate site manifest YAML files. +The data sources will provide all the configuration data needed +for a site deployment. These site manifest YAML files generated +by spyglass will be saved in a Git repository, from where Pegleg +can access and aggregate them. This aggregated file can then be +fed to Shipyard for site deployment / updates. + +Architecture +------------ + +:: + + +-----------+ +-------------+ + | | | +-------+ | + | | +------>| |Generic| | + +-----------+ | | | |Object | | + |Tugboat(Xl)| I | | | +-------+ | + |Plugin | N | | | | | + +-----------+ T | | | | | + | E | | | +------+ | + +------------+ R | | | |Parser| +------> Intermediary YAML + |Remote Data | F |---+ | +------+ | + |SourcePlugin| A | | | | + +------------+ C | | |(Intermediary YAML) + | E | | | | + | | | | | + | H | | v | + | A | | +---------+|(templates) +------------+ + | N | | |Site |+<--------------|Repository | + | D | | |Processor||-------------->|Adapter | + | L | | +---------+|(Generated +------------+ + | E | | ^ | Site Manifests) + | R | | +---|-----+| + | | | | J2 || + | | | |Templates|| + | | | +---------+| + +-----------+ +-------------+ + +-- + +Basic Usage +----------- + +Before using Spyglass you must: + + +1. Clone the Spyglass repository: + + .. code-block:: console + + git clone https://github.com/att-comdev/tugboat/tree/spyglass + +2. Install the required packages in spyglass: + + .. code-block:: console + + pip3 install -r tugboat/requirements.txt + + +CLI Options +----------- + +Usage: spyglass [OPTIONS] + +Options: + -s, --site TEXT Specify the site for which manifests to be + generated + -t, --type TEXT Specify the plugin type formation or tugboat + -f, --formation_url TEXT Specify the formation url + -u, --formation_user TEXT Specify the formation user id + -p, --formation_password TEXT Specify the formation user password + -i, --intermediary PATH Intermediary file path generate manifests, + use -m also with this option + -d, --additional_config PATH Site specific configuraton details + -g, --generate_intermediary Dump intermediary file from passed excel and + excel spec + -idir, --intermediary_dir PATH The path where intermediary file needs to be + generated + -e, --edit_intermediary / -nedit, --no_edit_intermediary + Flag to let user edit intermediary + -m, --generate_manifests Generate manifests from the generated + intermediary file + -mdir, --manifest_dir PATH The path where manifest files needs to be + generated + -x, --excel PATH Path to engineering excel file, to be passed + with generate_intermediary + -e, --excel_spec PATH Path to excel spec, to be passed with + generate_intermediary + -l, --loglevel INTEGER Loglevel NOTSET:0 ,DEBUG:10, INFO:20, + WARNING:30, ERROR:40, CRITICAL:50 [default: + 20] + --help Show this message and exit. + + +1. Running Spyglass with Remote Data Source Plugin + +spyglass -mg --type formation -f -u -p -d -s --template_dir= + +2. Running Spyglass with Excel Plugin + +spyglass -mg --type tugboat -x -e -d -s --template_dir= + +for example: +spyglass -mg -t tugboat -x SiteDesignSpec_v0.1.xlsx -e excel_spec_upstream.yaml -d site_config.yaml -s airship-seaworthy --template_dir= +Where sample 'excel_spec_upstream.yaml', 'SiteDesignSpec_v0.1.xlsx' +'site_config.yaml' and J2 templates can be found under 'spyglass/examples' +folder + diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 0000000..4c43fa2 --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,34 @@ +.. + Copyright 2018 AT&T Intellectual Property. + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + +===================== +Spyglass Documentation +===================== + +Overview +-------- +Spyglass is a data extraction tool which can interface with +different input data sources to generate site manifest YAML files. +The data sources will provide all the configuration data needed +for a site deployment. These site manifest YAML files generated +by spyglass will be saved in a Git repository, from where Pegleg +can access and aggregate them. This aggregated file can then be +fed to Shipyard for site deployment / updates. + +.. toctree:: + :maxdepth: 2 + + getting_started diff --git a/spyglass/__init__.py b/spyglass/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/spyglass/config/__init__.py b/spyglass/config/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/spyglass/config/rules.yaml b/spyglass/config/rules.yaml new file mode 100644 index 0000000..dfe4025 --- /dev/null +++ b/spyglass/config/rules.yaml @@ -0,0 +1,38 @@ +########################### +# Global Rules # +########################### +#Rule1: ip_alloc_offset +# Specifies the number of ip addresses to offset from +# the start of subnet allocation pool while allocating it to host. +# -for vlan it is set to 12 as default. +# -for oob it is 10 +# -for all gateway ip addresss it is set to 1. +# -for ingress vip it is 1 +# -for static end (non pxe) it is -1( means one but last ip of the pool) +# -for dhcp end (pxe only) it is -2( 3rd from the last ip of the pool) +#Rule2: host_profile_interfaces. +# Specifies the network interfaces type and +# and their names for a particular hw profile +#Rule3: hardware_profile +# This specifies the profile details bases on sitetype. +# It specifies the profile name and host type for compute, +# controller along with hw type +--- +rule_ip_alloc_offset: + name: ip_alloc_offset + ip_alloc_offset: + default: 12 + oob: 10 + gateway: 1 + ingress_vip: 1 + static_ip_end: -2 + dhcp_ip_end: -2 +rule_hardware_profile: + name: hardware_profile + hardware_profile: + foundry: + profile_name: + compute: dp-r720 + ctrl: cp-r720 + hw_type: dell_r720 +... diff --git a/spyglass/data_extractor/base.py b/spyglass/data_extractor/base.py index ce1513d..dd063a8 100644 --- a/spyglass/data_extractor/base.py +++ b/spyglass/data_extractor/base.py @@ -277,7 +277,6 @@ class BaseDataSourcePlugin(object): """ LOG.info("Extract baremetal information from plugin") baremetal = {} - is_genesis = False hosts = self.get_hosts(self.region) # For each host list fill host profile and network IPs @@ -301,30 +300,19 @@ class BaseDataSourcePlugin(object): # Fill network IP for this host temp_host['ip'] = {} - temp_host['ip']['oob'] = temp_host_ips[host_name].get('oob', "") + temp_host['ip']['oob'] = temp_host_ips[host_name].get( + 'oob', "#CHANGE_ME") temp_host['ip']['calico'] = temp_host_ips[host_name].get( - 'calico', "") - temp_host['ip']['oam'] = temp_host_ips[host_name].get('oam', "") + 'calico', "#CHANGE_ME") + temp_host['ip']['oam'] = temp_host_ips[host_name].get( + 'oam', "#CHANGE_ME") temp_host['ip']['storage'] = temp_host_ips[host_name].get( - 'storage', "") + 'storage', "#CHANGE_ME") temp_host['ip']['overlay'] = temp_host_ips[host_name].get( - 'overlay', "") + 'overlay', "#CHANGE_ME") temp_host['ip']['pxe'] = temp_host_ips[host_name].get( 'pxe', "#CHANGE_ME") - # Filling rack_type( compute/controller/genesis) - # "cp" host profile is controller - # "ns" host profile is compute - if (temp_host['host_profile'] == 'cp'): - # The controller node is designates as genesis" - if is_genesis is False: - is_genesis = True - temp_host['type'] = 'genesis' - else: - temp_host['type'] = 'controller' - else: - temp_host['type'] = 'compute' - baremetal[rack_name][host_name] = temp_host LOG.debug("Baremetal information:\n{}".format( pprint.pformat(baremetal))) @@ -412,8 +400,9 @@ class BaseDataSourcePlugin(object): for net in networks: tmp_net = {} if net['name'] in networks_to_scan: - tmp_net['subnet'] = net['subnet'] - tmp_net['vlan'] = net['vlan'] + tmp_net['subnet'] = net.get('subnet', '#CHANGE_ME') + if ((net['name'] != 'ingress') and (net['name'] != 'oob')): + tmp_net['vlan'] = net.get('vlan', '#CHANGE_ME') network_data['vlan_network_data'][net['name']] = tmp_net diff --git a/spyglass/data_extractor/plugins/formation.py b/spyglass/data_extractor/plugins/formation.py index 18a5854..c91a8fb 100644 --- a/spyglass/data_extractor/plugins/formation.py +++ b/spyglass/data_extractor/plugins/formation.py @@ -433,8 +433,8 @@ class FormationPlugin(BaseDataSourcePlugin): name_pattern = "(?i)({})".format(name) if re.search(name_pattern, vlan_name): return network_names[name] - - return ("") + # Return empty string is vlan_name is not matched with network_names + return "" def get_dns_servers(self, region): try: diff --git a/spyglass/data_extractor/plugins/tugboat/check_exceptions.py b/spyglass/data_extractor/plugins/tugboat/check_exceptions.py new file mode 100644 index 0000000..d11d58a --- /dev/null +++ b/spyglass/data_extractor/plugins/tugboat/check_exceptions.py @@ -0,0 +1,35 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +class BaseError(Exception): + pass + + +class NotEnoughIp(BaseError): + def __init__(self, cidr, total_nodes): + self.cidr = cidr + self.total_nodes = total_nodes + + def display_error(self): + print('{} can not handle {} nodes'.format(self.cidr, self.total_nodes)) + + +class NoSpecMatched(BaseError): + def __init__(self, excel_specs): + self.specs = excel_specs + + def display_error(self): + print('No spec matched. Following are the available specs:\n'.format( + self.specs)) diff --git a/spyglass/data_extractor/plugins/tugboat/tugboat.py b/spyglass/data_extractor/plugins/tugboat/tugboat.py new file mode 100644 index 0000000..71144a8 --- /dev/null +++ b/spyglass/data_extractor/plugins/tugboat/tugboat.py @@ -0,0 +1,350 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import itertools +import logging +import pprint +import re +from spyglass.data_extractor.base import BaseDataSourcePlugin +from spyglass.data_extractor.plugins.tugboat.excel_parser import ExcelParser + +LOG = logging.getLogger(__name__) + + +class TugboatPlugin(BaseDataSourcePlugin): + def __init__(self, region): + LOG.info("Tugboat Initializing") + self.source_type = 'excel' + self.source_name = 'tugboat' + + # Configuration parameters + self.excel_path = None + self.excel_spec = None + + # Site related data + self.region = region + + # Raw data from excel + self.parsed_xl_data = None + + LOG.info("Initiated data extractor plugin:{}".format(self.source_name)) + + def set_config_opts(self, conf): + """ + Placeholder to set confgiuration options + specific to each plugin. + + :param dict conf: Configuration options as dict + + Example: conf = { 'excel_spec': 'spec1.yaml', + 'excel_path': 'excel.xls' } + + Each plugin will have their own config opts. + """ + self.excel_path = conf['excel_path'] + self.excel_spec = conf['excel_spec'] + + # Extract raw data from excel sheets + self._get_excel_obj() + self._extract_raw_data_from_excel() + return + + def get_plugin_conf(self, kwargs): + """ Validates the plugin param from CLI and return if correct + + + Ideally the CLICK module shall report an error if excel file + and excel specs are not specified. The below code has been + written as an additional safeguard. + """ + try: + assert (len( + kwargs['excel'])), "Engineering Spec file not specified" + excel_file_info = kwargs['excel'] + assert (kwargs['excel_spec'] + ) is not None, "Excel Spec file not specified" + excel_spec_info = kwargs['excel_spec'] + except AssertionError as e: + LOG.error("{}:Spyglass exited!".format(e)) + exit() + plugin_conf = { + 'excel_path': excel_file_info, + 'excel_spec': excel_spec_info + } + return plugin_conf + + def get_hosts(self, region, rack=None): + """Return list of hosts in the region + :param string region: Region name + :param string rack: Rack name + :returns: list of hosts information + :rtype: list of dict + Example: [ + { + 'name': 'host01', + 'type': 'controller', + 'host_profile': 'hp_01' + }, + { + 'name': 'host02', + 'type': 'compute', + 'host_profile': 'hp_02'} + ] + """ + LOG.info("Get Host Information") + ipmi_data = self.parsed_xl_data['ipmi_data'][0] + rackwise_hosts = self._get_rackwise_hosts() + host_list = [] + for rack in rackwise_hosts.keys(): + for host in rackwise_hosts[rack]: + host_list.append({ + 'rack_name': + rack, + 'name': + host, + 'host_profile': + ipmi_data[host]['host_profile'] + }) + return host_list + + def get_networks(self, region): + """ Extracts vlan network info from raw network data from excel""" + vlan_list = [] + # Network data extracted from xl is formatted to have a predictable + # data type. For e.g VlAN 45 extracted from xl is formatted as 45 + vlan_pattern = r'\d+' + private_net = self.parsed_xl_data['network_data']['private'] + public_net = self.parsed_xl_data['network_data']['public'] + # Extract network information from private and public network data + for net_type, net_val in itertools.chain(private_net.items(), + public_net.items()): + tmp_vlan = {} + # Ingress is special network that has no vlan, only a subnet string + # So treatment for ingress is different + if net_type is not 'ingress': + # standardize the network name as net_type may ne different. + # For e.g insteas of pxe it may be PXE or instead of calico + # it may be ksn. Valid network names are pxe, calico, oob, oam, + # overlay, storage, ingress + tmp_vlan['name'] = self._get_network_name_from_vlan_name( + net_type) + + # extract vlan tag. It was extracted from xl file as 'VlAN 45' + # The code below extracts the numeric data fron net_val['vlan'] + if net_val.get('vlan', "") is not "": + value = re.findall(vlan_pattern, net_val['vlan']) + tmp_vlan['vlan'] = value[0] + else: + tmp_vlan['vlan'] = "#CHANGE_ME" + + tmp_vlan['subnet'] = net_val.get('subnet', "#CHANGE_ME") + tmp_vlan['gateway'] = net_val.get('gateway', "#CHANGE_ME") + else: + tmp_vlan['name'] = 'ingress' + tmp_vlan['subnet'] = net_val + vlan_list.append(tmp_vlan) + LOG.debug("vlan list extracted from tugboat:\n{}".format( + pprint.pformat(vlan_list))) + return vlan_list + + def get_ips(self, region, host=None): + """Return list of IPs on the host + :param string region: Region name + :param string host: Host name + :returns: Dict of IPs per network on the host + :rtype: dict + Example: {'oob': {'ipv4': '192.168.1.10'}, + 'pxe': {'ipv4': '192.168.2.10'}} + The network name from get_networks is expected to be the keys of this + dict. In case some networks are missed, they are expected to be either + DHCP or internally generated n the next steps by the design rules. + """ + + ip_ = {} + ipmi_data = self.parsed_xl_data['ipmi_data'][0] + ip_[host] = { + 'oob': ipmi_data[host].get('ipmi_address', '#CHANGE_ME'), + 'oam': ipmi_data[host].get('oam', '#CHANGE_ME'), + 'calico': ipmi_data[host].get('calico', '#CHANGE_ME'), + 'overlay': ipmi_data[host].get('overlay', '#CHANGE_ME'), + 'pxe': ipmi_data[host].get('pxe', '#CHANGE_ME'), + 'storage': ipmi_data[host].get('storage', '#CHANGE_ME') + } + return ip_ + + def get_ldap_information(self, region): + """ Extract ldap information from excel""" + + ldap_raw_data = self.parsed_xl_data['site_info']['ldap'] + ldap_info = {} + # raw url is 'url: ldap://example.com' so we are converting to + # 'ldap://example.com' + url = ldap_raw_data.get('url', '#CHANGE_ME') + try: + ldap_info['url'] = url.split(' ')[1] + ldap_info['domain'] = url.split('.')[1] + except IndexError as e: + LOG.error("url.split:{}".format(e)) + ldap_info['common_name'] = ldap_raw_data.get('common_name', + '#CHANGE_ME') + ldap_info['subdomain'] = ldap_raw_data.get('subdomain', '#CHANGE_ME') + + return ldap_info + + def get_ntp_servers(self, region): + """ Returns a comma separated list of ntp ip addresses""" + + ntp_server_list = self._get_formatted_server_list( + self.parsed_xl_data['site_info']['ntp']) + return ntp_server_list + + def get_dns_servers(self, region): + """ Returns a comma separated list of dns ip addresses""" + dns_server_list = self._get_formatted_server_list( + self.parsed_xl_data['site_info']['dns']) + return dns_server_list + + def get_domain_name(self, region): + """ Returns domain name extracted from excel file""" + + return self.parsed_xl_data['site_info']['domain'] + + def get_location_information(self, region): + """ + Prepare location data from information extracted + by ExcelParser(i.e raw data) + """ + location_data = self.parsed_xl_data['site_info']['location'] + + corridor_pattern = r'\d+' + corridor_number = re.findall(corridor_pattern, + location_data['corridor'])[0] + name = location_data.get('name', '#CHANGE_ME') + state = location_data.get('state', '#CHANGE_ME') + country = location_data.get('country', '#CHANGE_ME') + physical_location_id = location_data.get('physical_location', '') + + return { + 'name': name, + 'physical_location_id': physical_location_id, + 'state': state, + 'country': country, + 'corridor': 'c{}'.format(corridor_number), + } + + def get_racks(self, region): + # This function is not required since the excel plugin + # already provide rack information. + pass + + def _get_excel_obj(self): + """ Creation of an ExcelParser object to store site information. + + The information is obtained based on a excel spec yaml file. + This spec contains row, column and sheet information of + the excel file from where site specific data can be extracted. + """ + self.excel_obj = ExcelParser(self.excel_path, self.excel_spec) + + def _extract_raw_data_from_excel(self): + """ Extracts raw information from excel file based on excel spec""" + self.parsed_xl_data = self.excel_obj.get_data() + + def _get_network_name_from_vlan_name(self, vlan_name): + """ network names are ksn, oam, oob, overlay, storage, pxe + + + This is a utility function to determine the vlan acceptable + vlan from the name extracted from excel file + + The following mapping rules apply: + vlan_name contains "ksn or calico" the network name is "calico" + vlan_name contains "storage" the network name is "storage" + vlan_name contains "server" the network name is "oam" + vlan_name contains "ovs" the network name is "overlay" + vlan_name contains "oob" the network name is "oob" + vlan_name contains "pxe" the network name is "pxe" + """ + network_names = [ + 'ksn|calico', 'storage', 'oam|server', 'ovs|overlay', 'oob', 'pxe' + ] + for name in network_names: + # Make a pattern that would ignore case. + # if name is 'ksn' pattern name is '(?i)(ksn)' + name_pattern = "(?i)({})".format(name) + if re.search(name_pattern, vlan_name): + if name is 'ksn|calico': + return 'calico' + if name is 'storage': + return 'storage' + if name is 'oam|server': + return 'oam' + if name is 'ovs|overlay': + return 'overlay' + if name is 'oob': + return 'oob' + if name is 'pxe': + return 'pxe' + # if nothing matches + LOG.error( + "Unable to recognize VLAN name extracted from Plugin data source") + return ("") + + def _get_formatted_server_list(self, server_list): + """ Format dns and ntp server list as comma separated string """ + + # dns/ntp server info from excel is of the format + # 'xxx.xxx.xxx.xxx, (aaa.bbb.ccc.com)' + # The function returns a list of comma separated dns ip addresses + servers = [] + for data in server_list: + if '(' not in data: + servers.append(data) + formatted_server_list = ','.join(servers) + return formatted_server_list + + def _get_rack(self, host): + """ + Get rack id from the rack string extracted + from xl + """ + rack_pattern = r'\w.*(r\d+)\w.*' + rack = re.findall(rack_pattern, host)[0] + if not self.region: + self.region = host.split(rack)[0] + return rack + + def _get_rackwise_hosts(self): + """ Mapping hosts with rack ids """ + rackwise_hosts = {} + hostnames = self.parsed_xl_data['ipmi_data'][1] + racks = self._get_rack_data() + for rack in racks: + if rack not in rackwise_hosts: + rackwise_hosts[racks[rack]] = [] + for host in hostnames: + if rack in host: + rackwise_hosts[racks[rack]].append(host) + LOG.debug("rackwise hosts:\n%s", pprint.pformat(rackwise_hosts)) + return rackwise_hosts + + def _get_rack_data(self): + """ Format rack name """ + LOG.info("Getting rack data") + racks = {} + hostnames = self.parsed_xl_data['ipmi_data'][1] + for host in hostnames: + rack = self._get_rack(host) + racks[rack] = rack.replace('r', 'rack') + return racks diff --git a/spyglass/examples/SiteDesignSpec_v0.1.xlsx b/spyglass/examples/SiteDesignSpec_v0.1.xlsx new file mode 100644 index 0000000..cdf8278 Binary files /dev/null and b/spyglass/examples/SiteDesignSpec_v0.1.xlsx differ diff --git a/spyglass/examples/excel_spec.yaml b/spyglass/examples/excel_spec.yaml new file mode 100644 index 0000000..62831a0 --- /dev/null +++ b/spyglass/examples/excel_spec.yaml @@ -0,0 +1,63 @@ +# Copyright 2018 The Openstack-Helm Authors. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Important: Please modify the dictionary with appropriate +# design spec file. +--- +specs: + # Design Spec file name: SiteDesignSpec_v0.1.xlsx + xl_spec: + ipmi_sheet_name: 'Site-Information' + start_row: 4 + end_row: 15 + hostname_col: 2 + ipmi_address_col: 3 + host_profile_col: 5 + ipmi_gateway_col: 4 + private_ip_sheet: 'Site-Information' + net_type_col: 1 + vlan_col: 2 + vlan_start_row: 19 + vlan_end_row: 30 + net_start_row: 33 + net_end_row: 40 + net_col: 2 + net_vlan_col: 1 + public_ip_sheet: 'Site-Information' + oam_vlan_col: 1 + oam_ip_row: 43 + oam_ip_col: 2 + oob_net_row: 48 + oob_net_start_col: 2 + oob_net_end_col: 5 + ingress_ip_row: 45 + dns_ntp_ldap_sheet: 'Site-Information' + login_domain_row: 52 + ldap_col: 2 + global_group: 53 + ldap_search_url_row: 54 + ntp_row: 55 + ntp_col: 2 + dns_row: 56 + dns_col: 2 + domain_row: 51 + domain_col: 2 + location_sheet: 'Site-Information' + column: 2 + corridor_row: 59 + site_name_row: 58 + state_name_row: 60 + country_name_row: 61 + clli_name_row: 62 diff --git a/spyglass/examples/site_config.yaml b/spyglass/examples/site_config.yaml new file mode 100644 index 0000000..25fa990 --- /dev/null +++ b/spyglass/examples/site_config.yaml @@ -0,0 +1,33 @@ +################################## +# Site Specific Tugboat Settings # +################################## +--- +site_info: + ldap: + common_name: test + url: ldap://ldap.example.com + subdomain: test + ntp: + servers: 10.10.10.10,20.20.20.20,30.30.30.30 + sitetype: foundry + domain: atlantafoundry.com + dns: + servers: 8.8.8.8,8.8.4.4,208.67.222.222 +network: + vlan_network_data: + ingress: + subnet: + - 132.68.226.72/29 + bgp : + peers: + - '172.29.0.2' + - '172.29.0.3' + asnumber: 64671 + peer_asnumber: 64688 +storage: + ceph: + controller: + osd_count: 6 +... + + diff --git a/spyglass/examples/templates/baremetal/bootactions/promjoin.yaml.j2 b/spyglass/examples/templates/baremetal/bootactions/promjoin.yaml.j2 new file mode 100644 index 0000000..f7c37f2 --- /dev/null +++ b/spyglass/examples/templates/baremetal/bootactions/promjoin.yaml.j2 @@ -0,0 +1,26 @@ +--- +schema: 'drydock/BootAction/v1' +metadata: + schema: 'metadata/Document/v1' + name: promjoin + storagePolicy: 'cleartext' + layeringDefinition: + abstract: false + layer: site + labels: + application: 'drydock' +data: + signaling: false + assets: + - path: /opt/promjoin.sh + type: file + permissions: '555' +{% raw %} + location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% endif %}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %} + +{% endraw %} + location_pipeline: + - template + data_pipeline: + - utf8_decode +... diff --git a/spyglass/examples/templates/baremetal/nodes.yaml.j2 b/spyglass/examples/templates/baremetal/nodes.yaml.j2 new file mode 100644 index 0000000..f730378 --- /dev/null +++ b/spyglass/examples/templates/baremetal/nodes.yaml.j2 @@ -0,0 +1,51 @@ +{% set control_count = [1] %} +{% for rack in data['baremetal'].keys() %} +{% for host in data['baremetal'][rack].keys()%} +{% if data['baremetal'][rack][host]['type'] != 'genesis' %} +--- +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + name: {{ host }} + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + oob: + account: 'root' +{% if data['baremetal'][rack][host]['host_profile'] == 'cp' %} +{% if control_count.append(control_count.pop()+1) %} {% endif %} +{% if control_count[0] < 4 %} + host_profile: nc-{{data['baremetal'][rack][host]['host_profile']}}-primary +{% else %} + host_profile: nc-{{data['baremetal'][rack][host]['host_profile']}}-secondary +{% endif %} +{% else %} + host_profile: nc-{{data['baremetal'][rack][host]['host_profile']}} +{% endif %} + addressing: + - network: oob + address: {{ data['baremetal'][rack][host]['ip']['oob'] }} + - network: oam + address: {{ data['baremetal'][rack][host]['ip']['oam'] }} + - network: pxe + address: {{ data['baremetal'][rack][host]['ip']['pxe'] }} + - network: storage + address: {{ data['baremetal'][rack][host]['ip']['storage'] }} + - network: calico + address: {{ data['baremetal'][rack][host]['ip']['calico'] }} + - network: overlay + address: {{ data['baremetal'][rack][host]['ip']['overlay'] }} + metadata: + rack: RACK{{rack[-2:] }} + tags: +{% if data['baremetal'][rack][host]['type'] == 'compute' %} + - 'workers' +{% else %} + - 'masters' +{% endif %} +... +{% endif %} +{%endfor%} +{%endfor%} diff --git a/spyglass/examples/templates/deployment/deployment-strategy.yaml.j2 b/spyglass/examples/templates/deployment/deployment-strategy.yaml.j2 new file mode 100644 index 0000000..390ca95 --- /dev/null +++ b/spyglass/examples/templates/deployment/deployment-strategy.yaml.j2 @@ -0,0 +1,90 @@ +--- +# The purpose of this file is to provide Shipyard a strategy to aid in the site's +# deployment. This WILL require modification for each particular site. A successful +# strategy for large labs that has been used in the past has been to split the Control +# Plane hosts up from the computes, as well as the computes by rack. The below strategy +# differs slightly, as the size of the lab is smaller. As such, the Control Plane hosts +# deploy first, followed by half of the computes, followed by the second half of the +# computes. Shipyard deployment strategies can be very useful in getting around certain +# failures, like misbehaving nodes that may hold up the deployment. See more at: +# https://github.com/openstack/airship-shipyard/blob/master/doc/source/site-definition-documents.rst#deployment-strategy +schema: shipyard/DeploymentStrategy/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: deployment-strategy + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: deployment-strategy-global + actions: + - method: replace + path: . + storagePolicy: cleartext + replacement: true +data: + groups: + - name: masters + critical: true + depends_on: [] + selectors: + - node_names: [] + node_labels: [] + node_tags: + - masters + rack_names: [] + success_criteria: + percent_successful_nodes: 100 + # NEWSITE-CHANGEME: The number of "worker groups" should equal the number of site racks + - name: worker_group_0 + critical: false + depends_on: + - masters + selectors: + # NEWSITE-CHANGEME: The following should be a list of the computes in the site's first rack + - node_names: +{% for rack in data['baremetal'].keys() %} +{% for host in data['baremetal'][rack].keys()%} +{% if rack == 'rack03' or rack == 'rack04' %} + - {{ host }} +{% endif %} +{% endfor %} +{% endfor %} + node_labels: [] + node_tags: [] + rack_names: [] + - name: worker_group_1 + critical: false + depends_on: + - masters + selectors: + # NEWSITE-CHANGEME: The following should be a list of the computes in the site's second rack + - node_names: +{% for rack in data['baremetal'].keys() %} +{% for host in data['baremetal'][rack].keys()%} +{% if rack == 'rack05' or rack == 'rack06' %} + - {{ host }} +{% endif %} +{% endfor %} +{% endfor %} + node_labels: [] + node_tags: [] + rack_names: [] + - name: workers + critical: true + # NEWSITE-CHANGEME: Populate with each worker group (should equal the number of site racks). + # This group ensures a percent of success is achieved with the compute deployments. + depends_on: + - worker_group_0 + - worker_group_1 + selectors: + - node_names: [] + node_labels: [] + node_tags: + - workers + rack_names: [] + success_criteria: + percent_successful_nodes: 60 +... + diff --git a/spyglass/examples/templates/networks/common_addresses.yaml.j2 b/spyglass/examples/templates/networks/common_addresses.yaml.j2 new file mode 100644 index 0000000..e52ec20 --- /dev/null +++ b/spyglass/examples/templates/networks/common_addresses.yaml.j2 @@ -0,0 +1,107 @@ +--- +schema: pegleg/CommonAddresses/v1 +metadata: + schema: metadata/Document/v1 + name: common-addresses + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + calico: + ip_autodetection_method: interface=bond1.{{ data['network']['vlan_network_data']['calico']['vlan']}} + etcd: + service_ip: 10.96.232.136 + ip_rule: + gateway: {{ data['network']['vlan_network_data']['calico']['gateway']}} + overlap_cidr: 10.96.0.0/15 + bgp: + ipv4: + public_service_cidr: {{ data['network']['vlan_network_data']['ingress']['subnet'][0] }} + ingress_vip: {{ data['network']['bgp']['ingress_vip'] }} + peers: +{% for peer in data['network']['bgp']['peers'] %} + - {{ peer }} +{% endfor %} + dns: + cluster_domain: cluster.local + service_ip: 10.96.0.10 + upstream_servers: +{% for server in (data['site_info']['dns']['servers']).split(',') %} + - {{ server }} +{% endfor %} + upstream_servers_joined: {{ data['site_info']['dns']['servers']}} + ingress_domain: {{ data['site_info']['domain']|lower }} + + genesis: + hostname: {{ (data|get_role_wise_nodes)['genesis']['name'] }} +{% for rack in data['baremetal'] %} +{% for host in data['baremetal'][rack] %} +{% if data['baremetal'][rack][host]['type'] == 'genesis' %} + ip: {{ data['baremetal'][rack][host]['ip']['calico'] }} +{% endif %} +{% endfor %} +{% endfor %} + bootstrap: + ip: {{ (data|get_role_wise_nodes)['genesis']['pxe'] }} + + kubernetes: + api_service_ip: 10.96.0.1 + etcd_service_ip: 10.96.0.2 + pod_cidr: 10.97.0.0/16 + service_cidr: 10.96.0.0/16 + # misc k8s port settings + apiserver_port: 6443 + haproxy_port: 6553 + service_node_port_range: 30000-32767 + + # etcd port settings + etcd: + container_port: 2379 + haproxy_port: 2378 + + masters: +{% for host in (data|get_role_wise_nodes)['masters'] %} + - hostname: {{ host }} +{% endfor %} + # NEWSITE-CHANGEME: Environment proxy information. + # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section + # should be commented out. + # However if you are in a lab that requires proxy, ensure that these proxy + # settings are correct and reachable in your environment; otherwise update + # them with the correct values for your environment. + proxy: + http: "" + https: "" + no_proxy: [] + + node_ports: + drydock_api: 30000 + maas_api: 30001 + maas_proxy: 31800 # hardcoded in MAAS + shipyard_api: 30003 + airflow_web: 30004 + ntp: + servers_joined: {{ data['site_info']['ntp']['servers'] }} + + ldap: + base_url: {{ (data['site_info']['ldap']['url']|string).split('//')[1] }} + url: {{ data['site_info']['ldap']['url'] }} + auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN={{ data['site_info']['ldap']['common_name'] }},OU=Application,OU=Groups,DC=test,DC=test,DC=com + common_name: {{ data['site_info']['ldap']['common_name'] }} + subdomain: {{ data['site_info']['ldap']['subdomain'] }} + domain: {{ (data['site_info']['ldap']['url']|string).split('.')[1] }} + + storage: + ceph: + public_cidr: {{ data['network']['vlan_network_data']['storage']['subnet'] }} + cluster_cidr: {{ data['network']['vlan_network_data']['storage']['subnet'] }} + + neutron: + tunnel_device: 'bond1.{{ data['network']['vlan_network_data']['overlay']['vlan'] }}' + external_iface: 'bond1' + + openvswitch: + external_iface: 'bond1' +... + diff --git a/spyglass/examples/templates/networks/physical/networks.yaml.j2 b/spyglass/examples/templates/networks/physical/networks.yaml.j2 new file mode 100644 index 0000000..cb727f9 --- /dev/null +++ b/spyglass/examples/templates/networks/physical/networks.yaml.j2 @@ -0,0 +1,251 @@ +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # MaaS doesnt own this network like it does the others, so the noconfig label + # is specified. + labels: + noconfig: enabled + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: oob + allowed_networks: + - oob +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + cidr: {{ data['network']['vlan_network_data']['oob']['subnet'] }} + routes: + - subnet: '0.0.0.0/0' + gateway: {{ data['network']['vlan_network_data']['oob']['gateway'] }} + metric: 100 + ranges: + - type: static + start: {{ data['network']['vlan_network_data']['oob']['static_start'] }} + end: {{ data['network']['vlan_network_data']['oob']['static_end'] }} +... + +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: pxe + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: pxe + allowed_networks: + - pxe +... + +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: pxe + layeringDefinition: + abstract: false + layer: site + parentSelector: + network_role: pxe + topology: cruiser + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + cidr: {{ data['network']['vlan_network_data']['pxe']['subnet'] }} + routes: +{% for other_subnet in data['network']['vlan_network_data']['pxe']['routes'] %} + - subnet: {{ other_subnet }} + gateway: {{ data['network']['vlan_network_data']['pxe']['gateway'] }} + metric: 100 +{% endfor %} + ranges: + - type: reserved + start: {{ data['network']['vlan_network_data']['pxe']['reserved_start'] }} + end: {{ data['network']['vlan_network_data']['pxe']['reserved_end'] }} + - type: static + start: {{ data['network']['vlan_network_data']['pxe']['static_start'] }} + end: {{ data['network']['vlan_network_data']['pxe']['static_end'] }} + - type: dhcp + start: {{ data['network']['vlan_network_data']['pxe']['dhcp_start'] }} + end: {{ data['network']['vlan_network_data']['pxe']['dhcp_end'] }} +... + +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: data + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: 802.3ad + hash: layer3+4 + peer_rate: fast + mon_rate: 100 + up_delay: 1000 + down_delay: 3000 + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. Even if switches are configured for or + # can support a slightly higher MTU, there is no need (and negliable benefit) + # to squeeze every last byte into the MTU (e.g., 9216 vs 9100). Leave MTU at + # 9100 for maximum compatibility. + mtu: 9100 + linkspeed: auto + trunking: + mode: 802.1q + allowed_networks: + - oam + - storage + - overlay + - calico +... + +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: oam + layeringDefinition: + abstract: false + layer: 'site' + parentSelector: + network_role: oam + topology: cruiser + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + cidr: {{ data['network']['vlan_network_data']['oam']['subnet'] }} +{% set flag = [0] %} +{% for route in data['network']['vlan_network_data']['oam']['routes'] %} +{% if flag[0] == 0 %} + routes: +{% endif %} +{% if flag.append(flag.pop() + 1) %} {% endif %} + - subnet: {{ route }} + gateway: {{ data['network']['vlan_network_data']['oam']['gateway'] }} + metric: 100 +{% endfor %} +{% if flag[0] == 0 %} + routes:[] +{% endif %} + ranges: + - type: reserved + start: {{ data['network']['vlan_network_data']['oam']['reserved_start'] }} + end: {{ data['network']['vlan_network_data']['oam']['reserved_end'] }} + - type: static + start: {{ data['network']['vlan_network_data']['oam']['static_start'] }} + end: {{ data['network']['vlan_network_data']['oam']['static_end'] }} +... + +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: storage + layeringDefinition: + abstract: false + layer: site + parentSelector: + network_role: storage + topology: cruiser + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + cidr: {{ data['network']['vlan_network_data']['storage']['subnet'] }} + ranges: + - type: reserved + start: {{ data['network']['vlan_network_data']['storage']['reserved_start'] }} + end: {{ data['network']['vlan_network_data']['storage']['reserved_end'] }} + - type: static + start: {{ data['network']['vlan_network_data']['storage']['static_start'] }} + end: {{ data['network']['vlan_network_data']['storage']['static_end'] }} +... + +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: overlay + layeringDefinition: + abstract: false + layer: site + parentSelector: + network_role: os-overlay + topology: cruiser + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + cidr: {{ data['network']['vlan_network_data']['overlay']['subnet'] }} + ranges: + - type: reserved + start: {{ data['network']['vlan_network_data']['overlay']['reserved_start'] }} + end: {{ data['network']['vlan_network_data']['overlay']['reserved_end'] }} + - type: static + start: {{ data['network']['vlan_network_data']['overlay']['static_start'] }} + end: {{ data['network']['vlan_network_data']['overlay']['static_end'] }} +... + +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: calico + layeringDefinition: + abstract: false + layer: site + parentSelector: + network_role: calico + topology: cruiser + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + cidr: {{ data['network']['vlan_network_data']['calico']['subnet'] }} + ranges: + - type: reserved + start: {{ data['network']['vlan_network_data']['calico']['reserved_start'] }} + end: {{ data['network']['vlan_network_data']['calico']['reserved_end'] }} + - type: static + start: {{ data['network']['vlan_network_data']['calico']['static_start'] }} + end: {{ data['network']['vlan_network_data']['calico']['static_end'] }} +... + diff --git a/spyglass/examples/templates/pki/pki-catalogue.yaml.j2 b/spyglass/examples/templates/pki/pki-catalogue.yaml.j2 new file mode 100644 index 0000000..c8ccd03 --- /dev/null +++ b/spyglass/examples/templates/pki/pki-catalogue.yaml.j2 @@ -0,0 +1,187 @@ +--- +schema: promenade/PKICatalog/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-certificates + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + certificate_authorities: + kubernetes: + description: CA for Kubernetes components + certificates: + - document_name: apiserver + description: Service certificate for Kubernetes apiserver + common_name: apiserver + hosts: + - localhost + - 127.0.0.1 + - 10.96.0.1 + kubernetes_service_names: + - kubernetes.default.svc.cluster.local +{% for racks in data['baremetal'].keys()%} +{% for host in data['baremetal'][racks].keys()%} +{% if data['baremetal'][racks][host]['type'] == 'genesis' %} + + - document_name: kubelet-genesis + common_name: system:node:{{ host }} + hosts: + - {{ host }} + - {{ data['baremetal'][racks][host]['ip']['oam'] }} + - {{ data['baremetal'][racks][host]['ip']['ksn']}} + groups: + - system:nodes +{% endif %} +{%endfor%} +{%endfor%} +{% for racks in data['baremetal'].keys()%} +{% for host in data['baremetal'][racks].keys()%} + - document_name: kubelet-{{ host }} + common_name: system:node:{{ host }} + hosts: + - {{ host }} + - {{ data['baremetal'][racks][host]['ip']['oam'] }} + - {{ data['baremetal'][racks][host]['ip']['ksn']}} + groups: + - system:nodes +{%endfor%} +{%endfor%} + - document_name: scheduler + description: Service certificate for Kubernetes scheduler + common_name: system:kube-scheduler + - document_name: controller-manager + description: certificate for controller-manager + common_name: system:kube-controller-manager + - document_name: admin + common_name: admin + groups: + - system:masters + - document_name: armada + common_name: armada + groups: + - system:masters + kubernetes-etcd: + description: Certificates for Kubernetes's etcd servers + certificates: + - document_name: apiserver-etcd + description: etcd client certificate for use by Kubernetes apiserver + common_name: apiserver + # NOTE(mark-burnett): hosts not required for client certificates + - document_name: kubernetes-etcd-anchor + description: anchor + common_name: anchor +{% for racks in data['baremetal'].keys()%} +{% for host in data['baremetal'][racks].keys()%} +{% if data['baremetal'][racks][host]['type'] == 'genesis' %} + - document_name: kubernetes-etcd-genesis + common_name: kubernetes-etcd-genesis + hosts: + - {{ host }} + - {{ data['baremetal'][racks][host]['ip']['oam'] }} + - {{ data['baremetal'][racks][host]['ip']['ksn']}} + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 +{% endif %} +{%endfor%} +{%endfor%} +{% for racks in data['baremetal'].keys()%} +{% for host in data['baremetal'][racks].keys()%} +{% if data['baremetal'][racks][host]['type'] == 'controller' or data['baremetal'][racks][host]['type'] == 'genesis'%} + - document_name: kubernetes-etcd-{{ host }} + common_name: kubernetes-etcd-{{ host }} + hosts: + - {{ host }} + - {{ data['baremetal'][racks][host]['ip']['oam'] }} + - {{ data['baremetal'][racks][host]['ip']['ksn']}} + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 +{% endif %} +{%endfor%} +{%endfor%} +{% for racks in data['baremetal'].keys()%} +{% for host in data['baremetal'][racks].keys()%} +{% if data['baremetal'][racks][host]['type'] == 'genesis' %} + kubernetes-etcd-peer: + certificates: + - document_name: kubernetes-etcd-genesis-peer + common_name: kubernetes-etcd-genesis-peer + hosts: + - {{ host }} + - {{ data['baremetal'][racks][host]['ip']['oam'] }} + - {{ data['baremetal'][racks][host]['ip']['ksn']}} + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 +{% endif %} +{%endfor%} +{%endfor%} +{% for racks in data['baremetal'].keys()%} +{% for host in data['baremetal'][racks].keys()%} +{% if data['baremetal'][racks][host]['type'] == 'controller' or data['baremetal'][racks][host]['type'] == 'genesis' %} + - document_name: kubernetes-etcd-{{ host }}-peer + common_name: kubernetes-etcd-{{ host }}-peer + hosts: + - {{ host }} + - {{ data['baremetal'][racks][host]['ip']['oam'] }} + - {{ data['baremetal'][racks][host]['ip']['ksn']}} + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 +{% endif %} +{%endfor%} +{%endfor%} + ksn-etcd: + description: Certificates for Calico etcd client traffic + certificates: + - document_name: ksn-etcd-anchor + description: anchor + common_name: anchor +{% for racks in data['baremetal'].keys()%} +{% for host in data['baremetal'][racks].keys()%} +{% if data['baremetal'][racks][host]['type'] == 'controller' or data['baremetal'][racks][host]['type'] == 'genesis' %} + - document_name: ksn-etcd-{{ host }} + common_name: ksn-etcd-{{ host }} + hosts: + - {{ host }} + - {{ data['baremetal'][racks][host]['ip']['oam'] }} + - {{ data['baremetal'][racks][host]['ip']['ksn']}} + - 127.0.0.1 + - localhost + - 10.96.232.136 +{% endif %} +{%endfor%} +{%endfor%} + - document_name: ksn-node + common_name: calcico-node + ksn-etcd-peer: + description: Certificates for Calico etcd clients + certificates: +{% for racks in data['baremetal'].keys()%} +{% for host in data['baremetal'][racks].keys()%} +{% if data['baremetal'][racks][host]['type'] == 'controller' or data['baremetal'][racks][host]['type'] == 'genesis' %} + - document_name: ksn-etcd-{{ host }}-peer + common_name: ksn-etcd-{{ host }}-peer + hosts: + - {{ host }} + - {{ data['baremetal'][racks][host]['ip']['oam'] }} + - {{ data['baremetal'][racks][host]['ip']['ksn']}} + - 127.0.0.1 + - localhost + - 10.96.232.136 +{% endif %} +{%endfor%} +{%endfor%} + - document_name: ksn-node-peer + common_name: calico-node-peer + keypairs: + - name: service-account + description: Service account signing key for use by Kubernetes controller-manager. +... diff --git a/spyglass/examples/templates/profile/genesis.yaml.j2 b/spyglass/examples/templates/profile/genesis.yaml.j2 new file mode 100644 index 0000000..6cbb335 --- /dev/null +++ b/spyglass/examples/templates/profile/genesis.yaml.j2 @@ -0,0 +1,40 @@ +--- +schema: promenade/Genesis/v1 +metadata: + schema: metadata/Document/v1 + name: genesis-site + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: genesis-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + labels: + dynamic: + - beta.kubernetes.io/fluentd-ds-ready=true + - calico-etcd=enabled + - ceph-mds=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-rgw=enabled + - ceph-mgr=enabled + - ceph-bootstrap=enabled + - kube-dns=enabled + - kube-ingress=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - promenade-genesis=enabled + - ucp-control-plane=enabled + - maas-control-plane=enabled + - ceph-osd-bootstrap=enabled + - openstack-control-plane=enabled + - openvswitch=enabled + - openstack-l3-agent=enabled + - node-exporter=enabled +... diff --git a/spyglass/examples/templates/profile/hardware/dell_r720.yaml.j2 b/spyglass/examples/templates/profile/hardware/dell_r720.yaml.j2 new file mode 100644 index 0000000..9e07875 --- /dev/null +++ b/spyglass/examples/templates/profile/hardware/dell_r720.yaml.j2 @@ -0,0 +1,76 @@ +--- +schema: 'drydock/HardwareProfile/v1' +metadata: + schema: 'metadata/Document/v1' + name: dell_r720 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # Vendor of the server chassis + vendor: DELL + # Generation of the chassis model + generation: '8' + # Version of the chassis model within its generation - not version of the hardware definition + hw_version: '3' + # The certified version of the chassis BIOS + bios_version: '2.2.3' + # Mode of the default boot of hardware - bios, uefi + boot_mode: bios + # Protocol of boot of the hardware - pxe, usb, hdd + bootstrap_protocol: pxe + # Which interface to use for network booting within the OOB manager, not OS device + pxe_interface: 0 + # Map hardware addresses to aliases/roles to allow a mix of hardware configs + # in a site to result in a consistent configuration + device_aliases: + ## network + # eno1 + pxe_nic01: + address: '0000:01:00.0' + # type could identify expected hardware - used for hardware manifest validation + dev_type: 'I350 Gigabit Network Connection' + bus_type: 'pci' + # enp67s0f0 + data_nic01: + address: '0000:43:00.0' + dev_type: 'Ethernet 10G 2P X520 Adapter' + bus_type: 'pci' + # enp67s0f1 + data_nic02: + address: '0000:43:00.1' + dev_type: 'Ethernet 10G 2P X520 Adapter' + bus_type: 'pci' + # enp68s0f0 + data_nic03: + address: '0000:44:00.0' + dev_type: 'Ethernet 10G 2P X520 Adapter' + bus_type: 'pci' + # enp68s0f1 + data_nic04: + address: '0000:44:00.1' + dev_type: 'Ethernet 10G 2P X520 Adapter' + bus_type: 'pci' + ## storage + # /dev/sda + bootdisk: + address: '0:2.0.0' + dev_type: 'PERC H710P' + bus_type: 'scsi' + # /dev/sdb + cephjournal1: + address: '0:2.1.0' + dev_type: 'PERC H710P' + bus_type: 'scsi' + # /dev/sdc + cephjournal2: + address: '0:2.2.0' + dev_type: 'PERC H710P' + bus_type: 'scsi' + # /dev/sdc + ephemeral: + address: '0:2.3.0' + dev_type: 'PERC H710P' + bus_type: 'scsi' +... diff --git a/spyglass/examples/templates/profile/host/cp_r720.yaml.j2 b/spyglass/examples/templates/profile/host/cp_r720.yaml.j2 new file mode 100644 index 0000000..aa60287 --- /dev/null +++ b/spyglass/examples/templates/profile/host/cp_r720.yaml.j2 @@ -0,0 +1,270 @@ +--- +# The primary control plane host profile for Airship for DELL R720s, and +# should not need to be altered if you are using matching HW. The active +# participants in the Ceph cluster run on this profile. Other control plane +# services are not affected by primary vs secondary designation. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: cp_r720-primary + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: cp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: dell_r720 + + primary_network: oam + interfaces: + pxe: + device_link: pxe + slaves: + - pxe_nic01 + networks: + - pxe + bond0: + device_link: data + slaves: + - data_nic01 + - data_nic02 + - data_nic03 + - data_nic04 + networks: + - oam + - storage + - overlay + - calico + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var_log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + cephjournal1: + partitions: + - name: 'ceph-j1' + size: '10g' + - name: 'ceph-j2' + size: '10g' + - name: 'ceph-j3' + size: '10g' + - name: 'ceph-j4' + size: '10g' + cephjournal2: + partitions: + - name: 'ceph-j5' + size: '10g' + - name: 'ceph-j6' + size: '10g' + - name: 'ceph-j7' + size: '10g' + - name: 'ceph-j8' + size: '10g' + + platform: + kernel: 'hwe-16.04' + kernel_params: + console: 'ttyS1,115200n8' + + metadata: + owner_data: + openstack-l3-agent: enabled +... +--- +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: cp_r740-secondary + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: cp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: replace + path: .metadata.owner_data + - method: merge + path: . +data: + hardware_profile: dell_r720 + + primary_network: oam + interfaces: + pxe: + device_link: pxe + slaves: + - pxe_nic01 + networks: + - pxe + bond0: + device_link: data + slaves: + - data_nic01 + - data_nic02 + - data_nic03 + - data_nic04 + networks: + - oam + - storage + - overlay + - calico + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var_log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + cephjournal1: + partitions: + - name: 'ceph-j1' + size: '10g' + - name: 'ceph-j2' + size: '10g' + - name: 'ceph-j3' + size: '10g' + - name: 'ceph-j4' + size: '10g' + cephjournal2: + partitions: + - name: 'ceph-j5' + size: '10g' + - name: 'ceph-j6' + size: '10g' + - name: 'ceph-j7' + size: '10g' + - name: 'ceph-j8' + size: '10g' + + platform: + kernel: 'hwe-16.04' + kernel_params: + console: 'ttyS1,115200n8' + + metadata: + owner_data: + control-plane: enabled + ucp-control-plane: enabled + openstack-control-plane: enabled + openstack-heat: enabled + openstack-keystone: enabled + openstack-rabbitmq: enabled + openstack-dns-helper: enabled + openstack-mariadb: enabled + openstack-nova-control: enabled + # openstack-etcd: enabled + openstack-mistral: enabled + openstack-memcached: enabled + openstack-glance: enabled + openstack-horizon: enabled + openstack-cinder-control: enabled + openstack-cinder-volume: control + openstack-neutron: enabled + openvswitch: enabled + ucp-barbican: enabled + # ceph-mon: enabled + ceph-mgr: enabled + ceph-osd: enabled + ceph-mds: enabled + ceph-rgw: enabled + ucp-maas: enabled + kube-dns: enabled + tenant-ceph-control-plane: enabled + # tenant-ceph-mon: enabled + tenant-ceph-rgw: enabled + tenant-ceph-mgr: enabled + kubernetes-apiserver: enabled + kubernetes-controller-manager: enabled + # kubernetes-etcd: enabled + kubernetes-scheduler: enabled + tiller-helm: enabled + # kube-etcd: enabled + calico-policy: enabled + calico-node: enabled + # calico-etcd: enabled + ucp-armada: enabled + ucp-drydock: enabled + ucp-deckhand: enabled + ucp-shipyard: enabled + IAM: enabled + ucp-promenade: enabled + prometheus-server: enabled + prometheus-client: enabled + fluentd: enabled + influxdb: enabled + kibana: enabled + elasticsearch-client: enabled + elasticsearch-master: enabled + elasticsearch-data: enabled + postgresql: enabled + kube-ingress: enabled + beta.kubernetes.io/fluentd-ds-ready: 'true' + node-exporter: enabled +... diff --git a/spyglass/examples/templates/profile/host/dp_r720.yaml.j2 b/spyglass/examples/templates/profile/host/dp_r720.yaml.j2 new file mode 100644 index 0000000..d686571 --- /dev/null +++ b/spyglass/examples/templates/profile/host/dp_r720.yaml.j2 @@ -0,0 +1,103 @@ +--- +# The data plane host profile for Airship for DELL R720s, and should +# not need to be altered if you are using matching HW. The host profile is setup +# for cpu isolation (for nova pinning), hugepages, and sr-iov. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: dp_r720 + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: dp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: dell_r720 + + primary_network: oam + interfaces: + pxe: + device_link: pxe + slaves: + - pxe_nic01 + networks: + - pxe + bond0: + device_link: data + slaves: + - data_nic01 + - data_nic02 + - data_nic03 + - data_nic04 + networks: + - oam + - storage + - overlay + - calico + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var_log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + cephjournal1: + partitions: + - name: 'ceph-j1' + size: '10g' + - name: 'ceph-j2' + size: '10g' + cephjournal2: + partitions: + - name: 'ceph-j3' + size: '10g' + - name: 'ceph-j4' + size: '10g' + + ephemeral: + partitions: + - name: 'nova' + size: '99%' + filesystem: + mountpoint: '/var/lib/nova' + fstype: 'ext4' + mount_options: 'defaults' + platform: + kernel: 'hwe-16.04' + kernel_params: + console: 'ttyS1,115200n8' +... diff --git a/spyglass/examples/templates/profile/region.yaml.j2 b/spyglass/examples/templates/profile/region.yaml.j2 new file mode 100644 index 0000000..9f862ab --- /dev/null +++ b/spyglass/examples/templates/profile/region.yaml.j2 @@ -0,0 +1,35 @@ +--- +schema: 'drydock/Region/v1' +metadata: + schema: 'metadata/Document/v1' + name: {{ data['region_name'] }} + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - dest: + path: .authorized_keys[0] + src: + schema: deckhand/PublicKey/v1 + name: jenkins_ssh_public_key + path: . + - dest: + path: .authorized_keys[1] + src: + schema: deckhand/PublicKey/v1 + name: {{ data['region_name'] }}_ssh_public_key + path: . + - dest: + path: .repositories.main_archive + src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .packages.repositories.main_archive +data: + tag_definitions: [] + authorized_keys: [] + repositories: + remove_unlisted: true +... + diff --git a/spyglass/examples/templates/secrets/certificates/certificates.yaml.j2 b/spyglass/examples/templates/secrets/certificates/certificates.yaml.j2 new file mode 100644 index 0000000..5cb4018 --- /dev/null +++ b/spyglass/examples/templates/secrets/certificates/certificates.yaml.j2 @@ -0,0 +1,2806 @@ +--- +# Certs generated by Promenade, see docs at +# TODO: move to https://github.com/openstack/airship-treasuremap/blob/master/docs/source/authoring_and_deployment.rst +# https://github.com/att-comdev/treasuremap/blob/master/docs/source/deployment.rst#sitenew_sitepkipki-catalogyaml +data: | + -----BEGIN CERTIFICATE----- + MIIDSDCCAjCgAwIBAgIUegkh/antB1XyDVHdP5dv+0MZyBcwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMCoxEzARBgNVBAoTCkt1YmVy + bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQC1jUTdodnxFzC6OD/Rre2Qqw/BTycKvWW3Bkby5abZGRxgMkV5 + SxTSMazjPYjEA7+rhXqKgmn+OaV1trZvYbH0rZcRyGSC8D5Wj5SCtuGO6EUqx8SQ + 1tklnHbFKtMDjN8V201SV/ydUfXcFFlD8jUXUkb4iSZV+hkhOO3ZlTqBo4/vkYMK + N+7Dsv1Tfs3sHY4MDuiI/Fz8Uj5bMrKc/gVdPnrYPRsLQ/xlkfufsUuy0VlokrpQ + uYQjorvYbhpl6B7XT8mJsf3WQwB5A1E8bxFp0IR3tEaMIzXeSvrIS7ajxu0zVY/B + qS+uwRNtkCxs2cNsqPoQQBYTkhAoffWnBGYbAgMBAAGjZjBkMA4GA1UdDwEB/wQE + AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTIAmvhlCafX+fLJ7FY + /p5ZjYibADAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY/p5ZjYibADANBgkqhkiG + 9w0BAQsFAAOCAQEAm4qCucz52aD2AqP9m9r6ZRPlzAesImR7eXOD+ix4r9uMfM85 + YYAZcRhf4/RWwfIWvngeXWTUirAEbwNfXEkbMddTkrBZ7q7BaqYH/1BNXRahBd2G + CJDQa6HMEvSLOkH/vAf/BY3d6WprS69YWVC4ffj0+FqBOMD5KLxPfM1gdashV0XB + yIFo4HPYXn3J3H7HRc17ZizOaPghY/ldNWsmoj1YPlxA9exDPQ4jI91VcSCDZbD/ + YyIntJzMZZ28xFPQFhww2oRD5LpDvfq+P6gBz08FKE+lmRKirANVzBltS2I8xzMV + FSCBNl+qV3evUg57xzgjifVHxmfSuLszLtTkOA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUjCCAjqgAwIBAgIUV1YkAwvB59dO83zhqvvcdywidd4wDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTIzMDgxOTIzNDMwMFowLzETMBEGA1UEChMK + S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrN + mW+LBH1HuuiB6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S + 8ErcUsEGFllORBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xU + Mnc0ndlbrtVejWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu + 93SMMyFl9szFjP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUa + BR/7NuC6kxRI0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABo2YwZDAO + BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUnSYC + 0OZmL0av6dRaIZe3txRXx8cwHwYDVR0jBBgwFoAUnSYC0OZmL0av6dRaIZe3txRX + x8cwDQYJKoZIhvcNAQELBQADggEBACPw+ckz/nVMEOVPrJUmXQhaI/wCXHgOw/rY + sIqsRF9PGvWgU5I1CjhnHQLUy5YY/yf2g3EgQFFUh5u44PCuCMIQejun1SwFP4tI + d/CQQwDHMdGYlajApvKITcbpTdzU3yI9jVbf7szDaeYBDcF8uko7h+8FbE+vO/Ub + /jWGy58n4SfjEOQ2zKxa+kIhI8yAKrgl+nC9tkuWD3Veymc6yYD7umXw5uTP4gVp + zTRaZ13J2MmERXNYtfx7VRq6xvcpVhDH496uWuyxUSrOt9gmfrNfeixWxUoDUHBR + t7f+igcy4zwv75PAcKI0lOHjbcF6d6+1CdNVQt3XOR9UWl63lp8= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDXDCCAkSgAwIBAgIUb75pk6FxXqBl9NLZaUuFBJupnoYwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjA0MRMwEQYD + VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC + ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOtZKHMDL/H5Q0qYA+07HRpt + +4AsXRrL5DaiGp0qnq8fisX/mwODDJxWacCsrXnFZvcj+2brBzi8oQHpEw4BueYs + 8RYlT3tPMOQBfHl9m69ZG6150r0WsrI2MiPLrsMSDAIreaOLc1ptmGMWqyEy/UpA + fgtiMq810euhLfrHKPRXxYfndMN82NAnAT2VPqnFIj5r5npPG8gL/ALN2DgcBkiC + 3T+FiZxAq3thm2FKFJizYGtCN6t4grmhX8uZdBnFjLhP9t5umZFsPcpEzpiF9gIs + 1wd3UcDhc/mzJlmkVax8yrvvuhkPrbuQugNiCbkN2LS9iAapGYP8lNg1oR5k4N8C + AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD + VR0OBBYEFBK6v8RVwFvzEsP3RlVZSAZ1LJufMB8GA1UdIwQYMBaAFBK6v8RVwFvz + EsP3RlVZSAZ1LJufMA0GCSqGSIb3DQEBCwUAA4IBAQAG/FupcGdFBrWVw/pG2Tgh + 3z227ev4Z7pVazolPiGJpQOTZ2dIdnSs4HwovCxSewToXLd9k+wcIV1NEzyllw9I + +OgdLHHHJirZd4RJdwlCIfYh1uXS4g85Mat+jDoBkzCX2FIkEm9m6h291UrlOqy+ + im4hkJLF7AwJD6U0GPqoOVNx/jPlAzXolZ6YTjZ2LHGj6Liu7Tc2LO+S0c3wVAXL + hbl2FE8KT6qYAoMxNLJlAvnFNi/mPMpab6PLgE8DYTSByvj2F5WqdaTlbCZZV0bV + DnTxj0SG0H8p0Y8fpz76/E1Okr1H07XxzNxHudS2KClUHMNMnrtmDIGjbZAMWmt7 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSjCCAjKgAwIBAgIUCKu+Ga+ilp0+4UGjAakITGRCA3cwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjArMRMwEQYDVQQKEwpLdWJl + cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBAJ++NV1PWCvuWzpSHABlD1adP30RUSbgqaC38EeM4rhhZLmJ + 48Bbo7EuueponhuNcCKDOWXPJEh67Scw9Qh4SLovRz72fu9KP5qPxjRIOYSh4V+F + qiE+iGz/tSvlInlykmCb7H15cOXMZcE1hH0CIC78GRmZAZCUJXW76xS7c3lm0jGW + /egE4IZ1r29LJo6KZFM3m3HTKlHV9XSluPjhWGU/atpi+TQvDX/Hv6yrseOkv0XX + T5n+Z/e5xmtEwnbzDHpMy3EwSDoxYHQrlEfRMv9w+XsFp4rfJ7ZofgrJk63StzDr + OxKBWXID44Uk6aV6TrWkIgk3E3QcKZn/Plh0i/kCAwEAAaNmMGQwDgYDVR0PAQH/ + BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFPL7h/k7n+hgJLzZ + a1WNuQxLmDl7MB8GA1UdIwQYMBaAFPL7h/k7n+hgJLzZa1WNuQxLmDl7MA0GCSqG + SIb3DQEBCwUAA4IBAQAqAuDjjC1UVUplI0XHTOVhuoNSAirOihtncXTVEdcR4Pqt + YT6s+oh+wV7V4wPAsisRCeIOpFzvp22QaF6l0+Gn9B8AHt5zs3+GuoYmuX7UXreJ + SVrnh+wI20E1fzj1lDYzgdekZW12SbJQs6LCJ5JfX1bTCjBL7ysIPzE0EWnqGGTp + qWa7dlzHLcU/PWHWXyNta5IlUZ/GCjMpLSMYXPO0a6Z5d0QGJXe9Iz4mkljwC3un + XXKzuKtpxxQZJ1+w70wfLHujnhUr3v5IDLDlxl698YRRopHyfNP1TZ7xUOMtkVqg + KMiLE1Ki0t7Jr3OYPOCmtuvk4bFoG0TIgA7XDGPS + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVDCCAjygAwIBAgIUagTlPOZ8jX10HMhcsHgh9Ec//00wDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMDAxEzARBgNVBAoT + Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG + SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoMT11MMWnPgQ9lOjLzx51o2BW5NuJyD+B + NuzzAmT607Q6oo5wQ8oyDHeOH0h1heL71/iqcoAzalHFKNLAek9pcjW5RudpLuRt + FLRC6zKedn7n9Mg4H4K8cahatK8rSrYOrz0UF3p/XuoxXN1uQCwIX3+aOT0hlq3E + ONo9+LqSVh0RhSn3Qc1BaGsMDA8ATs0jiCWU8V5Lkw8IUb1wBCe4iwfi1XRn8eV8 + jTW8dwnRB8yH8/5oVsD7dzOTjaUQg6w0nnn7SPFPhFOpwbX4Wd9fj1mq9uY6GIFC + JNj/UpnFRVtDO+8gJJxWV83SGhcvuJoXH5LoPmFS47TrMoBbGvM7AgMBAAGjZjBk + MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRL + fKY8JuyVlmEm4a6VB65X0x5aYTAfBgNVHSMEGDAWgBRLfKY8JuyVlmEm4a6VB65X + 0x5aYTANBgkqhkiG9w0BAQsFAAOCAQEACQlBvcV8mZncmP+zTiq5190uBm3Nf6Lr + EkLcCxmlB4PADUjK082C7oBm9z5QViimUg7fqdQSwZ3ujMYTIKgDADbTlLLKAGK5 + 9C6KB3cSOiFSmZInhZs5HUMIPlybmYOv0yQfGCqOKYzPaCqp5arOjn4CDEqc8QG9 + cAX/86Lnq1g2SfDIvq49t8BRsbahIN/Z+HPu1FhdahSDw35hGqkZ7DR8YeQrOSM+ + O6jgMKGgM0LtNno/rVytkPv/kdA79T3ZaoMoTYtR9D803RQe8XaX7GNBKUqptE2O + nCEazqPjNiB3GiP/oKxQwc/6o0fVqV5G/0nwZWQEKkpwUVCWMbJu7w== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAtY1E3aHZ8Rcwujg/0a3tkKsPwU8nCr1ltwZG8uWm2RkcYDJF + eUsU0jGs4z2IxAO/q4V6ioJp/jmldba2b2Gx9K2XEchkgvA+Vo+UgrbhjuhFKsfE + kNbZJZx2xSrTA4zfFdtNUlf8nVH13BRZQ/I1F1JG+IkmVfoZITjt2ZU6gaOP75GD + Cjfuw7L9U37N7B2ODA7oiPxc/FI+WzKynP4FXT562D0bC0P8ZZH7n7FLstFZaJK6 + ULmEI6K72G4aZege10/JibH91kMAeQNRPG8RadCEd7RGjCM13kr6yEu2o8btM1WP + wakvrsETbZAsbNnDbKj6EEAWE5IQKH31pwRmGwIDAQABAoIBABTEsVENN8o9leRn + lN1eoSOAfg/mBxhSbDVQsYMNxFVnaviSJ6JldV9KMXXZTzDlIOL1JPx9SLS9UXEy + 0pHRQjM0PGjbXKwh4W+zgxCk7Q6VAXyQV6sd+L81s9yANp1cWxS7/o9h41L30kE3 + zrJYHbyqO9YokksZjhBf282dJZE4vFrrEjwYVq+qDcFlWbpN3hlVq0c4s/BlJL1G + 9IVA35DTlS9LAjIsPCKzAYg0wZY+9X01ym7iFG0UWbhKJctmBniOobc1adytLI4Y + MEEQnR3UBUOjs/ifYYeUqz/WEhSqpr5cOt1+cP+ReJyUBa4gpxMC9Me2M9L/liOE + vyw7MnECgYEAzorHV0UaK4Ftbu2N7FgEOQmwkR/GErBjZ0rhikyOI0PCGXq6Km94 + 79wDQDjXUqlCxlS4WcN2+N434rV+S1eOHkzLV7VCAAR5nm8upeYNaNyxGAz7PubL + ZbKcPaYqHkY6SxG2LhJ8/Mo4nPr0Vb5SSaTLEuxibSssCF65n5wO7fMCgYEA4QaQ + SV6n3FKaVDJF3molaAWwTrUNnZynVOpJpuyT6hmmyl8cG0k+wznah8xlD4GH5AjH + pIP0VjxGC2nDG4bUDESL8pqFDsmXE5f1kziTXsdWtE7TZ5Z6IC2oBIR2sTvAwwO1 + 8e47TyHG19VOWaoc5WOtsceZ7ZIPmYYgKvv0qTkCgYAMhWNCSiElBAqjT+lrq4ZO + AuVeVuPGHEVabLKxlKSFRMVOkB8bFXjqaZcU3J1JGJPAvEAUyQG8YpRWvRPz81Hd + SmCFZ6qhn6PT0/+q9QBZHA/sWlUc4hbwilxobFtfTHiaNm+p6VsEZCn8ckY/sHMC + nefltMjev2BC/aMZJvfMuwKBgQCbwABEWDjVPXNGTZmgjVWgvzc98wEek1waYSNj + XyIuCV0xe00n8bV4SOXh0m4solodUppkW1TWD1fn9Gcv+U1xxEwdOihYiN2BmU9H + fAQ8uLphiKG4dCXJefBuWAUTPSl5kWrwrhTs+5L2ttRJKX5go3KIt3/qOIuFlplT + RxsbuQKBgQCnymwu10mxY6ezSHJjZd3Al8Pj7KsNiURVP7A4c3QhQdCpyXDIfU43 + RAYTprsQ/dM5U7n4vXZnvnSYBVwrLirfEVsE6A6h55LkMEpEkKpwro3Jgs4mFMm0 + ksjM1xPJ0p0jLT+fL1f6sTAONmYb0ra5xl5mrgzHn1zkZ/IlmnpfaQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrNmW+LBH1HuuiB + 6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S8ErcUsEGFllO + RBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xUMnc0ndlbrtVe + jWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu93SMMyFl9szF + jP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUaBR/7NuC6kxRI + 0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABAoIBAQCLOG+OLh9kEAFw + qy2++38BOPOCTgWLCIfFybXnEZNItyGXKyk3vnNaNGB3zld4h1eQojQc4ixU9zDy + bWL+L/BSxm793XqKCrHutUqM9WfXo1nafDQszHNNfBa/TPqXzx3cheso+hl21HdK + y0IqvrGNE3k3M582yK1zZEEhfGAtj0tjsKoEmOJsP+nc3Qc+acOPRg99oVAFfcYn + hwKf3fxpxmhCEDcYCSTlisCcNHilRbOuvOmfzGrWoMgHjIN9swz5YmEtIFV6j4Mv + Nl4r2X955YVUc9WgGqT4lVktvNzy40nsWDGfAKLeX5g+ZBIMAS1XVg3b1Y4DLTTr + V8n+BXNlAoGBANC1/RjUpGudWI9THiskKGl68xTXHimcGas6esR5bB5zXBDlONJv + meRx/m8Fi47SqoVuG/aFXiUfxKmdUPhr5ZG61nXQx0r9x0zzK9fxSAgbQLa0TQDm + Qgt5nabr6YDdf1Z7CBkyXJOFv07xmVrcw/Mm67qixm0a0GryJXz1M45/AoGBAPvN + qY4lQf3Tcz7jDjQdhG9R/VRjoOnlMwwLV9suASPXcgkRpRJ3iy+fBdQFfNYhUPcq + /ZA8mKIQfvdIeULP4v333soofPu/o9Q1jXcnQR7mWRyVh8KgxI/jMwcvjLBGZ+aa + wE+KDXL4vOQeNY9dsAH9nJ2clVhay/yG8pJVruinAoGATbIB91Vpo/oeNrS9fVfn + h2TSywZN3zWSRLDvdOayvh85vbxnS8dp5aYeDpxk2JVKD4Pu+vWpF27dGjtLIj+g + ZYDFR3SiTCNvJxE7WBclNodWru0t4VDWc0khzDr0YRmTxtDkMeUSm4RltHCyIyYd + +A2cIY1pCsK5paZhGER7necCgYALevj8Dh7QH8/lUhzXq3DaUnamXlR71YNaTToY + OCS9KZl9aFyKVwD1jt6JKCbk7GfwnPkqllivKulfBOLidO/4fFCgDvCD2dzyU+67 + PALwEbiGYRrreMD9fnJZJYXYk50xGmUiOz0ZvNV/4RC4FKFttc5qMTVt7dXXEaAF + o/pxiQKBgDH+mUxrVCSF9U6Pe/nByClOf+mx7xQ05SaNh6o+NTIcsWh75qW0bU9Z + JRKoJH4veusTQn6y1BcVqC8flCEwSFnJOQbiGYdBiEZ3HzBc3twjMiRcoMzR0z+w + VFOORt0tImxhu8gTBcybBt5IVPsKzQ3aEnh2cxMEq4jl34YJEM+t + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA61kocwMv8flDSpgD7TsdGm37gCxdGsvkNqIanSqerx+Kxf+b + A4MMnFZpwKytecVm9yP7ZusHOLyhAekTDgG55izxFiVPe08w5AF8eX2br1kbrXnS + vRaysjYyI8uuwxIMAit5o4tzWm2YYxarITL9SkB+C2IyrzXR66Et+sco9FfFh+d0 + w3zY0CcBPZU+qcUiPmvmek8byAv8As3YOBwGSILdP4WJnECre2GbYUoUmLNga0I3 + q3iCuaFfy5l0GcWMuE/23m6ZkWw9ykTOmIX2AizXB3dRwOFz+bMmWaRVrHzKu++6 + GQ+tu5C6A2IJuQ3YtL2IBqkZg/yU2DWhHmTg3wIDAQABAoIBAENhHEaJVBG35n8V + tJIXyYZGlKmmieVhGG5XzLzQdev3YNi9DFleDJ850j8acPQbAxagk5pskX2563LL + kuwArINsvH01o2LPUlUE4+k4f/kczuLErQP72p9RCtvatacdpJh+b+3Vv+nU1LsR + w17W5VN70Vpa+93Tz8zhMXPJzzzc04wKRvuEHlGBqDg4gcjFXZ6fcmO9LGvo6VzM + NHObQP2AY0JrVwmwUm53oFHhKrxqolNoDnrPGq3LlHbolSOVcEfKb9TabCtnCDvT + cbSzAvbmV2dKanz2SDBdF2A9T7nAPaBHbq5EW44yUHY0AA4kj45hn4347AZwc/zX + GU8QwDECgYEA7SxDcOdCtFL3r8aXm0R0rcyn4EnUtAMZu95ZkqSVIiY18OR0vOPL + KWP5y9DPTpvVEENZGbznqsCXBopv6eO0fLYgF8BJoT95cSIjdLKszg0Jdh/IU1Hp + FdJq2bzAuo8GkxCAco2AGmINy3yMGKp6cQRNf4mPMR6lGQYfDZNEgPcCgYEA/gfQ + q9G00R3NBJHRgBFnBDlD+evGB/l7+1OggHc/R6tclvYbPqICixJsubouqNKmMwoQ + 9WXVI2JFp6++xqM8rxDRLLFfOqG4rnb9S/qothZGZfHSzGVvrnBXbxKgV5O6MyH/ + yEP8C/sxcQl0sr5Qau/vC3txnFOLKSz7hLzUjVkCgYBoljBXRWPg6QVYeha43YMm + cS1GdshZaVSbx/1v8Svilz8KL3RbJ4ibg/7PphEE9SsLtOdBtk/iuHLg64NWfJdG + t3mHf7/4X2lKPmesOm6BnrYhZPqN430JpnR/+AB1RET97TT3TvbCq6KxrQaKigLc + e61BJIQEgSME2fIvplV7GQKBgQCK3tTZiRuzEfqJG/oOa/UIHxIlJxosM9vuSgo9 + EHN8h5ZnRIUiWUjQpDLh2YE2c2m+Dyu0K4Y4ALoZcH73cjdzcNsY9qIbmFswrQXN + qmremBDGHEvjxzQlhW6W3vTey3iICXceEORR3HFr3QJ50IZ/30ir20EBd75ktR2O + s/fyiQKBgQCK1426+bt0A9wbb5+9P4EBt2qV5nb0pS7oJ0hVXmj6GjM/dKS+y4Rl + t9siJHwX+/0f3PI8/90ujWMw43a+ktN+Py/j9UYIMEOtVnchXsroUn0XGb6gRNXM + E1lUZAmGr33hbuV6AMgi+ycK3P53AVT8OKbo61BTdo8uS9dHL5uEtg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAn741XU9YK+5bOlIcAGUPVp0/fRFRJuCpoLfwR4ziuGFkuYnj + wFujsS656mieG41wIoM5Zc8kSHrtJzD1CHhIui9HPvZ+70o/mo/GNEg5hKHhX4Wq + IT6IbP+1K+UieXKSYJvsfXlw5cxlwTWEfQIgLvwZGZkBkJQldbvrFLtzeWbSMZb9 + 6ATghnWvb0smjopkUzebcdMqUdX1dKW4+OFYZT9q2mL5NC8Nf8e/rKux46S/RddP + mf5n97nGa0TCdvMMekzLcTBIOjFgdCuUR9Ey/3D5ewWnit8ntmh+CsmTrdK3MOs7 + EoFZcgPjhSTppXpOtaQiCTcTdBwpmf8+WHSL+QIDAQABAoIBADnKuMe/Uujh3QNm + fVbvOPNfBH8c6r0j/np00WsxXzzRj31Ik6sd/ES34O8bVkgljXIPA47/t+K5Bl9t + aNjdm4IwZJg02Yt80zH53f1AO/7uCfljBD/uvbChekwdI7HIb4igIJjsfJnGrvGN + iRco07fr4LDQGC7UShEkIVJo1sgOhom9oovsA3X5JM5w3FHRrPRr5YFf3HwWoIXO + QVNXSMEpsZK1Hd2KvuOIyU30T0w9iOU2pI60GFcU1B5caChuEqG6xTNkh82gkTzA + 2fTofrWd9zflzjwR3e8NBcAt0XkeZFifApmIbjSIwrbhF1QtWLgOxYYHaNsGvK7f + 8WT1gZkCgYEAw6Bf6EB9RwkfULlX2WoSJsKpkShdjEeKq0P/y+p/VBIzU7ckEmf8 + uIMgPv5JnvEHdSS5w9JZQx4UT8roefC1MNn7ORhpCLQHI9CnI1rCiKtQO+TjQ3IE + rFjDfcVdY1ek3TQN6l9mHBRCvGVGZlfz0qIZLtdv6XCoU8r2yJ6Bza8CgYEA0QrV + CySN7vAw1KnA08wFBtgARk4m+PllN8l75C9v5qYooUsfdEEqiCQGLzg5NEMAOOOZ + LPdtGHbGcktyN6v8ZOy5wQKevvjDAce1WC57p92cfP/e0jUkDbNBZlANOJNV5J9u + 3nXKBsl/3CGp4qvG6YtJ2Qj/eO+RjVIrEpPNktcCgYBTH2cBIb3ZnDexLj/0wsxZ + qecxJayyOYfjg+5B8C8QQveKP8xVAdhxck4WVihkH9hiXyuL2GpTSYmp6fbkMXJc + ApNrzEJ9DznlbvhF3n/AYMKj4Hrsopr3vHO8kks/NfN4hnDPQJ/7mGRO9t12CTMy + Mexvad1EnLj5eclor2lKQwKBgQC4QIj5klW8Jl+UAq/gvvIrTxYm4dm+F+ycWG5n + +Vvze79SM6ncyVeYuc/trOvW4bt/aTTpColRR9ewhEl/Qotr1bAArLOJdjBEEGgJ + +qaplk7JaqpWs9o8bSSW7rZIiKzrn4+Ua1QP2WlmeRGJpojj7w6/SwwK53Zujt9C + N5657wKBgQCcBYxHytlfr1q6+RUd79+Tl4yKfZ1dWsRlNIaI0SvKFnh8nowBpSsY + JnlXP9TdAN8E8xUalFHIJGVPkXxdqeteD73Xz+u3iTSCXZbe+JOI1YaQtlYFwCtf + SFO7zpmhfWmwBSwyl5BKJgXYEuuwlj1ObjOdoanQ2FvN8ra4Ya2AGg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA6DE9dTDFpz4EPZToy88edaNgVuTbicg/gTbs8wJk+tO0OqKO + cEPKMgx3jh9IdYXi+9f4qnKAM2pRxSjSwHpPaXI1uUbnaS7kbRS0QusynnZ+5/TI + OB+CvHGoWrSvK0q2Dq89FBd6f17qMVzdbkAsCF9/mjk9IZatxDjaPfi6klYdEYUp + 90HNQWhrDAwPAE7NI4gllPFeS5MPCFG9cAQnuIsH4tV0Z/HlfI01vHcJ0QfMh/P+ + aFbA+3czk42lEIOsNJ55+0jxT4RTqcG1+FnfX49ZqvbmOhiBQiTY/1KZxUVbQzvv + ICScVlfN0hoXL7iaFx+S6D5hUuO06zKAWxrzOwIDAQABAoIBAQDl2bipBfrjr/Sq + sXoyJ3pTocOAwVTCdETJOQIfHcOwuVm0oa63W6QRH15KhpVIIZ2tCQLUWDyoqRsB + PYRDndB25eRg4Nu7t/vQL6qyg/m7/DlsjViWljrpKOorwKmXBYJrzvV7qjJNXDwh + WXip50SvlTnQBdGKKoshr9X7evnWWR2Ll6ZPFl9xtr98FcYJDesM5MZiLF/9WXOj + SGnUI0Xtl8hUi/unN5mTjH69Ed9Rk+FeCe55SFQm0p6e4Ql3v8aRb+P7rJqQ4tP6 + v1yaw8E2uJqTh24lRuN8vX5WxfcuUHi1d8COc+xTEn/rviJm/kkjqMFJq6N3L7QR + +lclqV7BAoGBAOlcm0/HrFwNtK2pwQj80NZPr0tpvE4CNOmqhwWKMy6AVin5E35O + OVOuSAanSBp1YeotS/28OY19mPAOO9IOJLhJRTtO9i7w9w860Oca1OXNjLBgbDEV + FvFVHQlqIAbLxCqaClMUTEbUae4ErDu/DS80Is56GomYZIf87vXvZuSjAoGBAP63 + l5Ah7Y3VboGxkidGaoyrWJxEq/SkX1NrysLln19Gc+J1JQE/QheP9nngclzOXnM+ + R4t6wynuEMA9XKaTBqXxGZ00eS8xoAv71LMLq5kq/0M7SV8GRUnEhmbe+Hc1pJTh + oql8Sb8fOJFhAEK93cCF0q78bcElc8A4UAmDXIiJAoGAMaXRKTUK9362/OeLuRTI + fX/whHPXayVPCpOMLGKNpwwIyN9EBXAxBBulGT1HutFUZpUCgNYlzHN3MUNl+Len + mkmEYCzZdX0wot3ZigGMX+POVcv92Kdq/ScliVY5wBhkAMhLAAfmfn88ljYKSp/H + 9035RcJ2mOWCJehrEom/c08CgYEA8ds5Wm4cthP2fccx04EVIsR/usGp1P1OVlN/ + j1eg4EJxPpGktW5vPxg/HLJ1ZJG/NQXpwRKrxWB7H04kbzYjleU8QPzWJG2mXjqc + V/W41hLxldDxdfzqRYUJaRxGKEsTHxqv7OZKz+LBP6kvKjBGIsvupKCjRkZdhiLy + PFYywqECgYEAig+NFXDFLdRIPJVbxpMZSD3r+tCKdm/uvD8SzrZ2ItAs/E0MW57A + gmw/ZXED3MvRe4k1bJgH9zzWfyULxvgT6crELy/81R6Qkyb2YpTwmj/ER5i6eIQz + MuHcMVlYN7kQPbadwlp0gL0aRMMXo8fWByNJCGeXoy8s5cNCuCTFxGc= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID8jCCAtqgAwIBAgIUfwk40PP1/FbvZzRxj+dZhylRiK8wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBQxEjAQBgNVBAMTCWFwaXNl + cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9015DYOAP5x59E + 7JlLFpr6RNI8VGRXPkTAoqOYedulYW+ELpDukyKlWePcHzxLr/BlXWbSVflpGlJo + BQ9hvMImRiiFrNAmhG0qfbvMnJltltbXSTQ2yq2uLMqsgAFqaYVsWc+BqVYD7Duv + ATXh29Tm1fWssMKtLT2yjty8oZb95DQf3N5tL0k0qqQM6J7yuptu7f8FB+2iU7mW + nhkROejD7ERSvWuH7Z2ancorFHUkCWuPVc/y/LRtkh6ldrIXnBJxnXavtRq+saC3 + tK+KgHQCPGp0Td8zwyQmY31dJ5tsZc47YT4nUuU1OQiN0O2re19dipRSMHa9VfM6 + eF85Ey0CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUZwOKEvOK + o8cjGvfoVXcLc27vOsgwHwYDVR0jBBgwFoAUyAJr4ZQmn1/nyyexWP6eWY2ImwAw + gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz + LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm + YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy + LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQCYMZq6FBGdkN9b + aSY+SgVRt1dKkFE1dvpt76vhGV8PjOsQYssOZy20U7Ce+NxSjtEACDehIt05J3ci + DWSsjSoUFr+FDnGnxQfeR4TTqRn5b3HuW9R+c093i8TbZQ9iU5XQ4YiCUB0zFTt8 + f6AqjrbW4Lq7+Hnb6OTCMPljwcI4pFpKoPZlkSKaka8w/LikelyqMfv+yx/u9jh4 + xPaDXpXu63tdgK54Alkh+n1Qr14Q3HdNkuz7hvfh7hLq7v67fkfh9TIKl4WX93yR + nVSQ8Eoez9bzqRFivswR9g3Q5zJItj6drWv9HOFsJgwQ3YZW5FaVpy7HXFg2dYIE + hZ31xtrZ + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUFZ7/WwHQcySdJEd8ehvTfdP+WPowDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr0FloDalergjH5+Un5HRquPDZQ + d+QHiilZx4/hs9cXqB9FtmnMAx7yFe0JweEZL0aen7M+oren/z4XJz/Hs117sk/m + xQglJunuApXVZzDtCbR2jo/o+9KrRjw7G53MnjavT2Lif5C/W9sQLqHt8bN/ynEW + SkRkLiN/muy/kmWg6ztsdWt5ApDgI0BF7ysksMzlAB7Uoml4flseAIXFvzY7ZkH6 + vES7wlQJ3yhugzolNtinUWUNTT+Td2sOIn+2PyVLf3pI3HjOrzr4/+B0yYSJymEC + 87dTftCgTsAFhqYi4jAYPhgANYRl0U3bnq5LNLhgnKtVT92ssYQDR2VXRikCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEJ+3HcIaiiQ3QP8p2qF9I7P + 0iDJMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAIoM + 4ZGwKerGsnxHk8WUShVpxpjppkU1HQC7QFHT4LNUO3BleHwpa3MyUSNzKW6oVbHw + bdZKxCXJZh+FAdjFOFcvXovz4TyLC42ByL2wJcwueHQbsMD2txN3SZYyJmU8lZrS + TG6PlltSYLBeuduLCGMEsRda3+uTCfuu9e4XSRbKAJNAugtAfCGuMKpLDlRfexhC + 5SZu7Ml4JXLaXaGkIpw6pTKxuGFpOZsPPiQ4kMdP+DusVHqEoaFHVdRC2JCzKUAc + 2CYijoKO+C+zhihgY+nIfM/SwjEZG3uWJa5Jk3R19i/H/MAS0kn6mLd1Pv6dw1Ex + +dVrrs9WHz75bkI2WjM= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUdsY8tmOFFCStV+vOwBOoAsJ+7+kwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvXVz/pOngH1/8I+xMzlAgj65jH + 1v7dXW+TJx7R7vMA26llcSOouB91dUuBN4NT9OZYpIo5IbJFzcjybt7Lw8iao+39 + l8rf55lViWn1KD7OOuIKxCo4QqNYWK0/b1YgD6RLzcoWDKiIt7pQYwpXxVg/gP61 + Bnig25xF0Cdnpr8IAmLYmA/UC2JvRhY+Gh3600PLFx9/xZIdAass3R/WFFbz7sLZ + /Ejbeztg2tGp0dDvSC96pO/PVxCiYtPSH/tfWy5dsD+nflF+8uC3dGHeLpAXO9mX + cEcqYHEGUnfJ3TisQi1sopUfrUyUk6a/k9s7zwGzI2ar763QpPMTVIQBBTkCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEvlGIv1fujC6LjHFIfTkqpO + FoBGMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAKL1 + +Y6gYXkV+OOsM9dFzHUCbkMnukgYSE/4JNshy5MJP5OCafnsYmL6VQLYYuPvWVAE + sEpEa924lA8lUyPvvizFtB3nMlQDFFTn8VweWoGHS51mW9SKWcYdZI/yjRTSqI2P + SoYha49dVt9gNhRNT7FwRAZx7qJF2hF5ASEWuKOIbDPzx3UmJb0pt272cOBl2L5Q + LgeyDgLRYwK0kQkubib8ETBGXlAa+SdfIuMF1/jvycLQCNZrYYA27+HNJzZrXXw1 + xEgDk6lGbDyTccJbQw6NGWPwmFXNOEDeifuOo86ddfpX62ZRpZE4ePrb/0bYXpQK + QijkMKvqKTOlnfNKDfc= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUIP7kBTiKW97uLaPUu/8zaNAHYu4wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMjCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxcerRH3esJvCCSYaL+1PLtm5BL + 832F9RnAgP6ja2KflqiKAQkGbsr1WxnGAeDq2FxY6yvAczYmL1UIJ+VJ0uQtOIUp + Grdv3IJwx5Ne4hZcoD2C21NnFUdbJ+T0FQ/ssipTnZVIFHKr/4Q0VSDrTJxcWQ7N + Le/J45H+CNgQH4eRb2focNX7oga0y+PaAJEbZn/AdTXmU9K/u5XNLrFunEZyx1VH + ZOOlMah1maivb87MXG6DcBFpzSlZfG99hwMGkdN61hVsQEcGE0/5LTOVcnjTBn1n + z+0L+YMubU4RsLKMlxQCCSWZaSfyCtUnZFwCWtdynlTscpcjVp09D9sZAgMCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEzYsQviPaRIWTbKASzIutJf + zJ6PMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTKHBAoXFQyHBAoXFgwwDQYJKoZIhvcNAQELBQADggEBAEER + bomhscyxCjajsGMz8p1MWY9WSbk3VwQkPrmi67fClInxw/zE7Cq/QYkR/NF2ZvPs + /I/v8Vg4eyGSp6lmUEU+9PSSGPFt+Qeo9AUfej8BbN7ZOgDcVAEebhPLBMvZjVZp + z+v5liaJSHfo0zZmnpbd8H8dKo398rJXVhWJXtDNnT7KdEZczFOmldzKpI58AkdS + 79o5ZV8xy/XFtPgI37S/nXDlKgzjr3FMckPTDVMeJunkZztLmVYkOaFhaUGUQzT7 + ofO43ZLI/3bqBRi6XdwvkLCAX3M+AL4UR30JOGZ76QZ4ql1bOXZs9z9jrjwYy6qO + g4yoDBEEyyW9r5Eueog= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUFsP3NTLE5OCYkctH2VhqJs4jY7gwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMzCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSxbh25O48HCH4uUuTk4opcCR3i + lrgBhnL9qOBioQPbStuvfGV5x0fzm06csazl+6rhl7X7DRd9Z2Cj/be3MrczoE7B + Cmzh+1fn1ekIa/qhgxavn3KeNhzWKRpYupxPt25AmGJe8qlcejUOy5VZSr2gCtGH + 0PxDDC0UfPcgncQMU2FJ4rEUiZbcB6QaT/BGdy/8DlUgK5uYkrSqesiUjAgrrgZL + K+o4xq/Ep7+/RHYPrvqfRQ9Qd8AgqK3MfiLP7dyGzNe3f5yY6sP4Yo/RW7OteKC1 + S1jUsL75+2rZHuEGwPzBPmD9pYg+aZnZvnAsYCMzzp4i47T+XAMl9w9+ak8CAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCI6VoPpiAEtTnH4DY5Lo/pf + UYA3MB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTOHBAoXFQ2HBAoXFg0wDQYJKoZIhvcNAQELBQADggEBAHqH + hEQfU+hFhwiKzPvicOPyy6sZ54/vh6sx6K9ADWL7qtUYadNq42EYXXcJb8LQ+NzM + R9jZa24GG+8HJL18EWjmw8JsKZU0GEvAR4v7BgWpNXa7jKzJtnO/xbApOaxfCEfP + aOWjBLF9dRRFUzHikA6DbdIw1Lp6Q9GTzhg9oT1YLbcRMPGjn2Z0a+6HPXlANm3n + DbIwuM8eX2OjmphiuhwIia6X1FXx2+1NrSVKS6WBfwuH4kvjeEPJQRZ3yZcBHFSf + m814PsHJp+MLZdQI5UKVHt+d970IhQ6xU7xSY5j8z/dp7m11kpJ2+X/SlGiaw3rq + 1IDSL9AZgtvpDsmvRCs= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUd1pAgV6L5TswxZvwWMXaxcWJapIwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNDCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1OzyYw+R9jGON6nqWfTsQ2P9iJ + Q1E3mikABRGSntBs+jStND9oQ/KmaIWrMCll/O+iEqsXIxO1/b3nDFsJbHR6tg/g + CRMSwy8ioEGPr5QvxlXZ3aBw2BWY9rLz5hk3n9shcYURL7LOvr9cCxDCZkO5W1/X + Fp4Am3tSMVkClz0TzhM9IX/FaJLDkhrdaBSsN1DdCfM3igeOdbQD5wIxpzNj6vIF + lueB60R/bZiWZ62IFooSmPqBtZwGw6d21F73WnIEJn9p9rEN1HF8mtqC16izcp0i + V66D2zRcXcNzPsp1B7hp17rSrc/hbulcX32+FgeJAnHHpNyDbhCDWQXVencCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKH3+wBwfmqScP3eufksWwzJ + 2gOEMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTSHBAoXFQ6HBAoXFg4wDQYJKoZIhvcNAQELBQADggEBAAim + WgtLTvmWw8ZS7pmMSVL3qg35mOvOphA2dtvtA1vbPVhsnVpGGWWFeMG4SGffLks5 + AnyeHogAyKEVgaCvsxJWEw8G4iqCwWGYicb0cgc960mK65ZML4mWcx97XEpKfmdF + 242YAl3ZvVKUCuvJAXg7AbBBEQ27feH9UVjNKHdcuriTRiVmp/2z7IXVuB4idXb9 + iRlzSszLXltQw3WXJ3CENLiLhCCydMs65IfjwdGrAwAfuF4w/IFKtCanBSCIYKDn + W4NKWasso9wcyL4Y/gjwdLMDu29KgqgBETb+pGHAXe5L13niqjYUA7+GU2nWFxbd + nTuWAQKSi1NkrbMGPbM= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUBEdIVfkE+kwG9DV49f5QcIiJtw4wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNzCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhCzxVRvXOim5tZj3b3Wjvwovok + +TGB0Zl9m/ldBc2BGdf3yEW4Vblb625UYuVsATySILS2qyCruGMnO51O3boce6Qd + 7oHn+CaxymDp79lFFioiMcJG2bz9L69RooXRWguxT/O4TEM/M581EiVDOGhHSiU7 + KHEp1w6Q5CENEM0VqSK9HGIbECRWuYMCs+xjx+TFKvgYtKQDG8fWtUve68xTIEHr + o8Tgz920ktJN7BoXbEyl823Uh8EiQG00Ab4YGgVVF7mqXyx+44L6Sh78QL85+PKs + aY7VllotXsVt7sffYqCX+xZKi+01AvnYFgoXwSGzkU1lrIOZA+fLlLTpOqUCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCqifQdgZKoWVj/b+HEuZlwE + vdVOMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTeHBAoXFRGHBAoXFhEwDQYJKoZIhvcNAQELBQADggEBAG/c + +Mp66DkprxKe5VSZN0hNzEskIGUvR+QtL6nCxsbJAApnuLYZ8qvNdkRGktwhJipJ + nShpoo3ZlTV60mgsXNZl+xbDh9CLEeFINV7iBWoVVVfkfmJufV/cEXcp6qa4tSc7 + 5+X0cW8o7qoN2/5MOxa8ZJEQXe/BiZE+5OeS29AdMDNH5n39Fh6NYge6nhqkRn9K + 3ygEBL5bvJuu3JwNe3ACKCehGAac9ViR1h/1ig8PHXu6MblwcD/V4Ms3FUR+2BEh + HBK6+Gdli8ji7IVPGMpRWtZlNSJwQbODW5WuoRgRYPZT0j8ZZB8ZGav4dK4eXrHz + zr1W0czzU7eCi2O0qCU= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-17 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUWgYgSrjoLvT5fHPZ+dTxg4sf0w4wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xOTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3iTmhEz7PBOGSz7y37P6nQ5PGk + kR1amOHsGH9p1jqNdw8I3F/SOLtMQvbEoUcYCbAwZozUz5Dsozw6KH9cc/9cU+XK + vMJEiTYX1SK98AVqiHysExm99PZVteQfc6HK95CdFZC+dI1QiVNEkM9yFf4eK6KO + 35CHiIPnQMjzKG2mBGCH/sWx4yB2Hpgo/CCldQcLbW/LMKlYNUJDTsncCWkNKwXP + rex9bGQpuJPdst9TSDttHjanVenlCUGyY6Fyc75EG9juXDnSR+68mrNKY2gWATCK + mFFspdZ2ZsJkLanuUyC6VU4F7P+rv8yeNQ2vcnhC2LXdJ6OvoCisC7Hund0CAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN4M0o46D5uO2HAhhK14vfLl + HxhzMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTmHBAoXFROHBAoXFhMwDQYJKoZIhvcNAQELBQADggEBAD8g + CeBXeIAkzrL7G94Ku/F7Sk/KqIjvj2dZFgFgu5nyULEHs4TaIMvsFikjxCnF+fP2 + cBTv1zpwqH6m1XOPP63HHd0PAf4q/sM8++pUi65rm+1hoy1yJi71MWrDyuDh3gX9 + kpumTc6p/Woq1sNRXkCFYnQ+jwO3HJVxLgOv+6xCPNXPCLwj8a/NzLYAzDe1Uhk5 + ETKiwWXXCPNS4GbUFzly51NLSbyhBs0sSA76baZraUqx+rQECAFhaIQEnBVa7J01 + 5dq+BBPKwM+G49RjjzVcTskT51veohs+LIViJBxVWhlBCwmktdy1cqKdLixZm1Z9 + 84nzOVurqWynOCj0k3o= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-19 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIUXoAfBUxOtzyo04uE62Bt2EhPoIkwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl + bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + AK3QN4VTC2MEPJA0UWTDXQpLntn9NNeTZ5jzqk0muZv+TXHh6UxKI68zeDMcJboH + 64yklJreTaJFD9H2PXxQMCPOjFnfsU9XYNQ7oBAzkUu0/w5hR0BmeWYTSyfl8/4Q + EHfMaFHtZggumeBGIwd+4vjr9BJNvDzpPIQB+rAxFncD+qKfIg2cIRKoK3TIpD0n + hIpMZ2ebUHT5z09e5mAMmCKi2GMg2+7RZaJBnPwXwx1/onwy9vraZ7AyDZOADnVp + MlNVBuWYfGfZvK1aPQtzvEebyOU//Ja9WDBuk3xQrZzkJTnmnMLAOfKzG5j9IWUm + VvGdwNfOIOJweglZsF41R5kCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud + JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW + BBR6Md4CKivCxn2GgQrqGgR/+czf9TAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY + /p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAngDswIvSyZZ/0CLD284PjyZZMtMK + 5xsu+f+wEmKX3EFm6gMvLmbS3g9FFmf6b4DQDR8hJMMxXDXqhUrJurxF6BtswK1f + jTdkytbM1RxLkN+J7ZAGP4xAncJ9ENXIY97EmCQJWCkx6r85+7ZF1YsU4NOT/dDl + tgRk2X9DpLmOfGq3EfN+dcJn9/oKtxBMAmXS33pD1GgjuzZehYO/q5nl2FT9kkqY + nb/BG7ueU7f0DtD9qLb8gpLgXGLzkLeGpgkCwsUmy+jmPLy376fp31gRnBEzh/zR + n93uwNhH/oxLcF10smkashsLcPM/z/x8UX/KlYN6WKGyf8jcojiuWE1fTA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUM3+VbMiVd3EwPVMieGvkIIOWEAswDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMTHnN5c3Rl + bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAMJeOwz2VbBT+9BOeVal5z/El8yDcGKQObW3po95dTi2+MfjJBe5 + ZS2NvVSHEcLRjEpoi1Oc/EvXlHE8XueHhB0XpGEObNorkx1oQL1dMxXmK4GhRMZ5 + PXfR0pObBwEMO3rkMbZDvuRgsyRHIIAfYaUzurwwcrbKhUrmBmOErbHJ1LivwHbp + nVZrcEJHGaqQnq/S6gq0H/3rg4+dUweEN2RQoO8DfjPFbjVlKudBTJaA6lb5qdo7 + VhKiJdj2ymJrWTIPnqZik7prCjxCzFDGrwi0QL20XQtz56766NWssymFBN4/8k2V + xIzHGqzbUHT70Qcc7eKDRrgo/GzP1Ok0kz0CAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBTXNNswcepaYeuUnhGeGMn6QvceVDAfBgNVHSMEGDAWgBTIAmvh + lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAUU+YKH2Y9QKgBeIo + QAwdO2xtz9F582dD05xevHrn3SvHMpCG3OEmcmugD4Za5EyneqxaucPIQ77Dus4x + CuWGA1/I7d+EKnLU0Kg8nn061KvxIv/zKbh+jb5wFw+uPrQFPU1PboK6mhmZD8pv + yTO3ZFHJjF1tLPB5U2+KaWO8EAzVAoYEklEK/7TyQ8z0jzUGWkxXmZz78UTAIxy3 + OBw16kKAKGRgnxB2ybWQOO+grQSD77CDtXXJKV1jzpuk5eItqE87FAj+3EE9Qt9A + qH4MPV2zZVUTvCBocYVYs+5p2doEH1PuHr18VaI+AALvfu+p+BB32Jd1iUQ14WuG + IoGdwQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUClCdGiMCfJjYU1LSXTX45bQjkQYwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAM5Vla450p0zZwQzmpS/wRjVopyhHhLuS/ZMSDvZny0DZ6fIVTZ9 + lvBm1jS0UzTk0fWKK+s5MeXEnkGobefNpLwJik+PzP5Rab36W7NdKUG8/yxhH40F + u5yBJJ8s02LfuHos5lDGEuopd1TQHOKGBjp9+ImFk12J++vzOsVOEmREEZmwhVaP + bMGv5uSntf5G6Xgnf6ur9pIqduEzrdM+3tD5Bi4Q2P3x56sM0mfWwtuFvXTWmk6N + NhIb0doXhxf2Wgl9lvjxdkYCItUGMkU6osdD38K6f6rGLA7t9TfXTRl497VfAULb + xz5wtK1btifZEDtEBhrIC1SyyQoYpSNYx0MCAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBSY8qn47WRcBg6oSbpE9HbXxqGumzAfBgNVHSMEGDAWgBTIAmvh + lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAmLhkS+2id7BhvXRz + ykyWTqpHEZzTBtMM8zRpho+U5S2Ym+sh3ZRTe1Zl5qTQzegEzhyji9nZ5d9oBQ25 + xZss3QV3BwbK+lH5/2TMY/JEldexIIKr6TonkvtfF/8yYh0qTMOdH4wWNMwIjgWx + TYsYjMZ03nSgD++hlILe8qQMCwXWbQ3srQ5nvvtW1QO4Zn537vnzBBPchp8fowJJ + Gm9PrPOcCqDdkiuKoK5yoQLBEav5j18rkafEUt7kpSHX+/VYFpFznTiDd+h3obfp + H8OZy0XNdHPHMA9bQJ8hxQmZcOsl6SPqtQafso13jTAqQ8JY27Lz4eUWBocL/9Kn + 2BPjNA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYTCCAkmgAwIBAgIUTOcHSSy69x/FJI3zhlmGL+2aB/0wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQDPeeZcrj56FLvfXMbHep+khlt53VKllOfd4YpFXuBfPNKS7sWl + +RUSR836IuKlqoW86uq6LTYk7QPK/m+BFXOiDcohvKgUPa1RKU3uL1gZmE8mfA/R + VmCrv0r2m2OocTz6rS4Gj8qKqcfzuZVMQmRnqxivcpcFIcm3UVmiRSjEhg/s81/J + s45D60M7oBiJTU1FItxBzulA+peA64NwIw52cp5q3s705VZxAbI2RUPd3nCz0cMN + RSjOYeN7aYF1OASrJXxl4eK4Azx0SZVO37hrvFP22OF6WF8AiHBkZbfZaHNWgh0D + BDtz+lNEQ8/0DvN9cEW6l2VIjS+fChcsyxEbAgMBAAGjfzB9MA4GA1UdDwEB/wQE + AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw + ADAdBgNVHQ4EFgQUJA/9/fknEta55uPmIbP/eNHi9MowHwYDVR0jBBgwFoAUyAJr + 4ZQmn1/nyyexWP6eWY2ImwAwDQYJKoZIhvcNAQELBQADggEBAIxybsZRna3OMwp2 + 8J75jEZ3yVe3mczULhApmr761B1zSEkaB81w4lC55foAKH/tijz1yj1WT/0BjYVj + VBgHufk1Ih6IbndPbNsb+BX4R1ucDIhnw8jS32kQy2qWi+JhZ7s8tH/2OZlNRhiq + rq9DcATzwYqk6avUR3lSpCyVPUJLGqNP/HL5vDNR/dAJmgrCO86UhzFWTvfgDmrG + mP6ejsM3qyWtOCt80ZcVPqWUb9AIZXdmi0ekwKStxpuGec/e2oZxLK8q2vcmloA3 + ftVUl1FJWFn7rQ+Rmobx8lnb62PTSkDVx5+hogXOh2AR4jXgTAAdFmdhyoM8+utg + syTdZ3I= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUDCCAjigAwIBAgIUcGEOenCIFEyRPk3/zF97GUy8sJIwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowFDESMBAGA1UEAxMJ + YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RPKuABA + bQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4aKSftWM6U8+LMDHyT0p48BwCg + dlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+f/OtmgbLtVXX1bkLfcM85YPT + VTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4wo+pALsfes6Mm6ygM/n/+z1N + Uxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZkzYqGNAZr/BZS8mgEGapcp4tF + 64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceHlF2xYlK/tg0134IZMJ2CRl4X + P439p+yN3H/bNQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI + KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFB1oWx7W + VLfuzm86CWwEudYb/MNuMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fH + MA0GCSqGSIb3DQEBCwUAA4IBAQCqc2HY5GzQ1M00rvMXq+NBODUL7WydGALt909X + 5EOERm6BAw/fuGbzn/wh30JP48+rlXyJ0iXeCai9+MtacsX8Qjvx4EBCsOrrhO1x + yCD+P6RFYilH4P2lufszhLYUkKaI1y4LSXJK1dJk8QByPL3i0b12FkedGd1HMOfU + eP6NBp7rcp3+JCTdaCcaYin/RFqtjoPD3ebuTRipK6Jr8+QFtnzJ5bLQcpNYgA2D + UCqHX1nSQF91xpro/MDE2OEFtulkM3vAiXsBBVp7cb9U4hs2LU8GvRqgR89sL+/c + i5Chc3uBTahiMyv82tdi3JdU+wE/2g9pwRcp4V5PA37O98fD + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTTCCAjWgAwIBAgIUM2lv19qkb9xH2Zng3VEa0hYh6q0wDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowETEPMA0GA1UEAxMG + YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMEFupWKyrzQ + nR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoFz/WY9OI/oMvvsr4am56CN+m1sSPO + FrJji0+fkMuO94/QkLZEioBgzJb1icI58QIYW8jWvoUYoxJPVNWE2tEm4081Bs4r + G7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv07sVXLyIHelVEAlTu6Q6OH4rV0mzv + HY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZcMzjylQN2Svgt0TcgvzhTQOenfOkD + e7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4sJP/T0KZ7MHs0gm7jQBL5+O0AZoW + PZgjq03OJwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB + BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL3+S/D1v1L9 + kNWBBz3luXchfH6uMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fHMA0G + CSqGSIb3DQEBCwUAA4IBAQC5QRgOhlJkyX9IAoDE7zb70HcuZ6otRYjvawvtEhDU + 2Kkv/mHnk+BAC5smzMLe+mAYskmdzy5fHPxmkSE5xnaVYS0WWAroq+XXiHnuO5YN + hDurPDHIn0u6vhk28A8g7HgzT+2A0F679+vosBXH2Gws4vIl5PP+GNlbdQL8iX0M + yYIA0gjuOpGT1PJtXEDRfs5zttDpdQ6O3wLv6Gf9+i0/7Es1xbTKe73nqDcID4BO + 1RzNoRLRpQmFWnVUiezISsev/NsqhPASYouEHJF7LmQey2fNOclvwiQNDdrVIWvD + PsDrmM/NFey0l07xiYp9x//pHPo2aqBzV5kmEw7HJuN9 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDzDCCArSgAwIBAgIURsu9xur5ecCsUR7gnOb7r9S6TtAwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowIjEgMB4GA1UEAxMX + a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw + ggEKAoIBAQC494q93ST37RC381QWmZ1bPvO1AAcvJCLH1gOtydds1XwOJJpD8ZM6 + 92cotmBBdrXRFekD2zzh9LEk7qcE308/oSNLfychkynJuNvrCepbkO/9o4GzWuzA + yS/u8Uu2dBA0wZC75bi372JJ5ra+tf/j3PlA9mRhLQn7oYaaS18Fm3wnVcpliNgO + xIPU4hF8TJp9UlPWkBHNdqCcfdjBi5W+lqpykgKydIgGLRBavnMNeB9BDkLz1TU0 + kA+3wPBZXiELOOCTOrPYMQHC4VKik2MJkNdfluqDKklQ/dojn2djIQnc+8bjQqVA + gsg3TlSaSecwi3HBO7D4ipcdvu05NuFDAgMBAAGjgewwgekwDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBR0enaucC/qjURE2E8JfZdLqOkooDAfBgNVHSMEGDAWgBSdJgLQ + 5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTExgglsb2Nh + bGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5s + b2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEA + gBlVNEYN1T6toXQPv0Ju3ENiJdiAes8ZIuMkqQiItyJqmtP/S456pElAgn7EgMav + 7myu/w/5CWgTQlTt8ClTbx7TEkB/IC7vM9moUSRBDLWTZTrRBmodtmJG9ry3Sbdu + GlkzJiszhV2ffqdlcENb9YRuQK1lBl0Xc6TjTwn0vDlaNutXB0zVXK2PXsRsq9n2 + o7M4RO8KKkxiTXMlAWv4k0zOH2rWkVpQk5zYFqdsJMbZmDmFJh2qcRlR00uBO0af + mlch2LmAVrXwBp/ovc4PeZeJrKhdAizrTrHMvdlHxGh/rAuhS3vGLK95wmszLk4j + Tib+SzbWdTFqGbMPk9MEfA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIULvewF/oeP6iJw7D8A+A/vrJFKfMwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd + a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTEwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQCfoJnD3HCw3N253Y5VvwjGDB7k6JLSaAEpTdujduf+/Xpf + d3K8Gz3cCvsg96BbrhI5p4PMMb7JHv105svwcBzyNEIaCcmDJ9WqwAFqdlLLNleZ + Cai+fyUs9ZbXIAX3+ZZN24SzhicWxIMigPc+1z1bc5gvUF61KVRNhcgcjtjzBL/T + VwIY8VNln/EpjY32x2gWiGwpNm7JZa1sxvjKwAjHuiC0ScEJlHPkugvom603azCw + zYcGooXE+ib1jFaecWJc0bnrbdpvO+tZP2immzCqQR4Ts1gP4GI05hFvY5BiV7MS + X93RFQkZOkksU3Wg1a73nf62icBPPQaK4v0bZPB9AgMBAAGjgewwgekwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBRrlfApuX44D56dnWbOof3eczD1wjAfBgNVHSMEGDAW + gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEx + gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1 + c3Rlci5sb2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAQTyfl/Bi8iu3BZjf7Ii3xCtPqTW9bEGo6B6mzR0Dx7z/dUlHi9WR6/il + 655WMwNUEwX3PIewh1lfWTXMsc1eXsXvr4D2jQymw0ZaoPEbYw4r55iRT9rpsf68 + FAWvkUo+b2E0KaCZkQ4zScQeHhz53Y6aAPNDr14VHHIWBCDQLfdUzcpG9TmpLMau + rU3Nmbq30GnTO/N1/dTwZ2ABvWOWzsd05byKm7N1hEqb3hnRc7SuiTSJizR0/SpH + PC5RjJxmN0cco7KahaWLsmGzEW5kRGtgc65rgxR631LxRQ7/3hiemFCQB/kZJet5 + EQlDREoA0bLsv7s0L7v2Vwp5bFox7g== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUJq1hhapB1fc6nl6Ligd7r/AMDNAwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd + a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTIwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQC/7DqoSUn4rgkA5x93zqKBWXwA41TwEh5kYxarjsArewvE + YnHzuMySN4aDfEQYngG9DX86o6Oa/G9+k8xxFAVmoMQTczOv6Vn+mjn7mQ+o2XPQ + s3kBTvLHR/WB/+YtU7BKHe17b9wQpVV5q7R8Mq23wB1N74UsB+ySUg09AP3JzCyi + rrqolASF0U64kZGWA05OIeSoX7jHDv6AKE9ROz5Z9FNSScLedAdi3x08tEdj8Spv + oKuXDv7WIPbnaoYgoyUgeXz8WYUO00z8EGaaDnF5CwCq+71sZLkzis4HdiqjsWFR + 4PCsklxhxJsHpnVTuZ99PQXXblamaLZuyx/F2YwxAgMBAAGjgewwgekwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBSiLyWFOUf3xQ2CxWuUtZPbrjeL6DAfBgNVHSMEGDAW + gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEy + gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1 + c3Rlci5sb2NhbIcEChcVDIcEChcWDIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAYXsTBrJnqk3aDauPyeMyEr9B9ffR0yPpW25F6fgwXrHQ6AcKOOdYhOdz + UYuhzA32yQFjmWG5Tf1PCIqg9BSIHMO6tQWB1M00+f5atEHSJ/rIE1cWOw9wfYyN + ZoRY1w3GNqP7wvMaRGiYTabAC9X0rhI6pC8sMuzm0ZK61LydSqOnalkApBozKE8w + F9OrA3TfluZed+Eylr4S/HG7PLyW9IAhAltXHkWGt6f901/Clfrspe5POsisorfK + SyhA805WAP/ysTJz2iZlRb0u9Sg/NCXpmcJBo4V7YTlVNrs6EOOeBzBmonX9+Ttq + EWp+HehyXnaLegneQ+leO8NmE0fcNw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUIxasLvcs+hz33OfXx53XRnhtiZkwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd + a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTMwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQDA22gtcU9J2FicNu1peiReJfIwoyJNDKd2nQhQPn9WrKtC + hsBYyCgcxswOTSMkEhI9W+j1xDda92PF0T5R2R9wrUf30HvqPYs7t60t3Q5iOE1X + Ljh48Cg7uYwEGzSJrraOd425te05kxV3jAM0r5ZgYptUNquXAqJ9zk4wBAWGrkdh + 2IFQuLYjiy7MyRWBC34z/ve9RCiu5mPe54/BUR/UmdFeGr3qr8sAhqoKtmAl/Ckb + rkHHydANHKGO3ouBVdBwejPP0/5jwHpeI7szNsiwSt6kQFhOI0vlDj/FgjSJggIb + 3qDW8TSeDioF6j8A9QBy+Nr3NbO7o7Ow9HZVuJP7AgMBAAGjgewwgekwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBR0tj5yaf/3TCOk+wovW+z8lNdD/zAfBgNVHSMEGDAW + gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEz + gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1 + c3Rlci5sb2NhbIcEChcVDYcEChcWDYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAsJGpk/nu+RezwS8STPPpr5S/wV7ZoS/mAOfr6EeXXVv/eJS3YG625Yoa + 1I+0YfvqTdxMchXU3MqFFQo29kERxzin47AVajIotWuwcA1BbmpaeynjSXSi53y2 + MwoB55ASjPC2iNnF7GMu6KnCmXBL6Tt5OPIqni3o6GCFSKh3F/2A5IwP9HphIP9G + SpT9OUK3mxM8PDjk3sCz+4kdKUqs6pFJEtX+UIK4N7vvHrG72V2tau6QNf3asTWs + TxTiIXUVxkfExUoUleIdyeH8aMPWGuJULkzYZJqUfuw79NyxMO8l2eC3EzG2Thfu + fsTMq8JLnFRubGEsUhy4Ojh6nmVXJg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUFkV3DH97357zQoDothgJQi+e7NswDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd + a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTQwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQCkPYNTUMCtArg8o5AfN+v7/zWz6qiyz/T4YUsPWe8INJm/ + KNDZhwCrVQBJq0KppMFucieaayHAkRLZZiHr3QCkxLYJBLerS9BxofReoPi/WSbz + +UBcVPCv8Q7yhwbPniWHx7ppTKT5POdiCrUT3FbHOj9YKOzgYh/fWV55SJwbTaxt + To0APDdbrPnpjhOHZZy+PD1+q8nm0J4EPdw9u+/iBbXgT/zYM48WuPuDF4XwHOdD + 0gqrEvGdwzQK2cqyqCQllhqp1DbPoTXQPTK0LEt6cuCD8Yg2tfIN0AWktRfpNlAy + YjuT6s6Psg4UKBo8NpL2sbtE+idPJLb9swge3eT7AgMBAAGjgewwgekwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBRifGt/cuvvbbSOlGqchorLSuXa6TAfBgNVHSMEGDAW + gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTE0 + gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1 + c3Rlci5sb2NhbIcEChcVDocEChcWDocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAVP9tG37juV3OxHabhf76FLNYLLGdfGYMcatH1TC4JJcOtHI1eWTjbcJR + l0ZcdBh0lI2FSG+I4r+3ZaeK3ksL9mNacKyMWkIGXoIR1GHLX7SPw5Ec6Qxdm9mX + ofETmAfsMSEr7nxitpe+oypEydA/2wLEdWgRb9qnqCMDrn3LQtpfwQSN6gIAXx9U + JWOFBq1mL8xs2VFDT5oYAMvwNn0lLmgXiHJiBRiewXo5vNElcdJwzwXUggbjj8sV + ADOXjp8THs6SjnpppZdTm7mIY78qjs2wCSwcQZThHFIXS6j/d0Q1/mypisgQbKk4 + yP6ZKg6Y6SdQwkaAcQ6CBSKaW7HpXA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID1jCCAr6gAwIBAgIUT/Loq+gpUbt92wzGhCJtR8Q84UwwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAnMSUwIwYD + VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TD + LyjizuRyzyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0 + VWHfa9fvag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+ + J4OuLLChEt7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDi + Xiw2tk61yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8f + irAtDlkP3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABo4HsMIHpMA4G + A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD + VR0TAQH/BAIwADAdBgNVHQ4EFgQUYpM2Om/nMa6zbXUt5YjMS+cgJD0wHwYDVR0j + BBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2FiMjMtcjcy + MC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3Zj + LmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJKoZIhvcN + AQELBQADggEBALYrKeuZ9vdt04eAUaEIpC968n7jHWFwC/WhkIUwx7XfrrdT74PT + 7NtOWG9s18PkgDlq8x5d/y84Gr5AHtYODtjHgf26lVsCRjLH33HYvxZ0VrUWJGd4 + 5QXd+k3dMdTNb/z20LEC4AdiVmUbktRM6P9r+GjjhS/J9YhrZXWgb9ikm4wCdYdL + 4P/lLSMvQ+lk6hloeWzpXTN3OrhZOplz8bS5HrWg8JHkDNLqxGfXICiccfx+amAI + hM0mNm15P5nmTzzBbdf8tzAe9RSDfrDAV4fnphgjerd0kKb6SOBdnwTlhSH7YDMz + hx+NftSzDKiWmHLGbGgcZ16ijO3TgB2/vRo= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID3DCCAsSgAwIBAgIUXRYGpBn3//YVVVYqN5CQscCb68QwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD + VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMS1wZWVyMIIBIjANBgkq + hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5d + uX2fa5VM2nVn9xxt+0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXX + s0xhmkT9Cw41ca7kaK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/ + zHLUMeH2CS7jwxcDAQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5 + gLmtYKAn6KTrDb4tRVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS + 89/lCZM16e2A7e+usJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABo4Hs + MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH + AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjCXg652ObQBhsrx5nLKAkTYX1tAw + HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi + MjMtcjcyMC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJ + KoZIhvcNAQELBQADggEBAL7bUjb6b4yaVUK4BJUlCR3Pv6FH5psY+6TSAWS47I2M + sKRL8cIxj/qXs4PiJATNrSj5SBYkeSicN9MsDZaXsdwMih41diqXvwY8aRHaWhSN + 2xbw1um5gZEm1pekGP17+d4n4U23yVjCV6mtNT09vms2peM2xoEbmsVdlCknQM8Q + biv4fPU2KnHk8nnOeLoLz5Z721GPeUg6v4kzyUaYK2x3Sc/JZ2s/7mkKPbvH07NO + URnzPuUEYTOgDwv8srq5f+82CKcUagyDwmpbKJOO0Nbhugf4t664lelimJQLSDiC + NnJA4olBVOBowiUi0Rw8ZRvj+/bmhyAmDC25/7zv2CQ= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-11-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID3DCCAsSgAwIBAgIUewWNoZQzHqX3tSmS7sRX3rMLvE8wDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD + VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMi1wZWVyMIIBIjANBgkq + hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5E + RkxbMkn99HLAuBFcy9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMh + DCMkjWPbr2Qt8R9SgZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRj + UT3EipdpFj8SzC5Le7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV + 6d+s6TEyASordstT4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42e + WA8ubiiFcTv6DD24JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABo4Hs + MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH + AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJCjODJohoIyGHxgmhgl4Q6HtryYw + HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi + MjMtcjcyMC0xMoIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQyHBAoXFgyHBH8AAAGHBApgAAIwDQYJ + KoZIhvcNAQELBQADggEBAAYUf29T0fX8xaOEla+tu89ZOBHRn4yYwqsWBVBqGG1U + Td9uPq+x+74ip9ucudrY/WSJ1R3JyVSWMrc0N1VUkRL3Qb7kUp8+D4SqDSGYfGsk + tEGCpK30a505+p6dPL/pbGsfXVlpP7WgqGSPijv5cDWDbntVQsmoM0MpUY60Q4Nh + QCqJc1Mv1bvgB5BckQvSp8uGsAjphtCmlVfQjGFaooIdEKBTCZgZMYdP2IQm+N8u + x1MU6txZyeMNRHQEDiM3wauKvrxTxD9rLJewcc0py0+XbiFN9lCDDBAlkMnTAdvK + 1W/spAgk9oyZdo6izOxLu54NTPCQE4Fq+N++SuzxfiM= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-12-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID3DCCAsSgAwIBAgIUH/q9d5D6PAB9QaIusTP7feTD/7MwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD + VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMy1wZWVyMIIBIjANBgkq + hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1z + LIjpz0UmJcNKXFjO/2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZi + ceF7GcEIcT16vbHv6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oP + e8RoKniMrQz7Z2OY0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4 + cGTdS4rKCgdqxPZsVwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6ud + s3V0o4bdE9SMSQoGBRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABo4Hs + MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH + AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEutILRDuPYazSOg+uvQVMReIT70w + HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi + MjMtcjcyMC0xM4IJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ2HBAoXFg2HBH8AAAGHBApgAAIwDQYJ + KoZIhvcNAQELBQADggEBABvLtpXC6C6wgRKo+YWTgPZPoFl8fMiYashWNA96OHW8 + gClbebr/agJvtjgrDwu6C/yV5J7fFb6bMTp7LMj5QJZ/w0HAH/VOo/mholjtoNf7 + /hWdAys+WuuGThDsZzWla4z7j9bv0v0ZHE+XiR3IMvvFBVz2jbO+7CF1+JYH/tg1 + ajtqCvZgw3N6su1/bRJo5MLIMV/Vq6g+7vrRgsYGF22NOCLCBv3dr0sdKh2sw0+v + YsPHghURkHFrdNBmLLpUDgnrCGWBwNI46p4AL29XZIidoDmoCTenBSMwP5NbUFnv + N/wJQ2YNjXqdAXDhCZ8Zcy7HnZ386DfKDC/t7DNJUJs= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-13-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID3DCCAsSgAwIBAgIULjF89Q2rvVOW91ztH8Aboa2fzmUwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD + VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xNC1wZWVyMIIBIjANBgkq + hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o3 + 15a63jSqpl/ZtpMQVamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3 + chY3KtJVnhLwZeT9IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DC + jTymd2kaupM7HT2cdBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBW + bsNE3Ffxf4xlGNDHte2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3 + zMET2NbBOgMpGR1coNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABo4Hs + MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH + AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU1JvmLtbKUMhnxloRT+emNFWuMFcw + HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi + MjMtcjcyMC0xNIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ6HBAoXFg6HBH8AAAGHBApgAAIwDQYJ + KoZIhvcNAQELBQADggEBAGnznVgVw+q9BckCkuNmTBDa/xecQVpIwSqJd4XqUE5t + mNzQD8EUqlwUfS5/jlJWA9iKE5I9jU9qrzBaOhnx1AUOchdEm/fYsOnf0P9Ov2k5 + vNuRbaSbxZVYby1c8eKili0pbb7xMNsW5tVZ5Jmke6XeNWTNNehLd8u7PRE2PPaF + kEOLOO1KCqNFSznChQ90cxQHYNAa2T8QFAqoAJv9m1rUalUaAu+1lOWmCBoQ9xTB + MD/4GaSqIia7teWGnMCLm/G3RbRr9hBegAnzf3a5rUlIiU23uqr6SQunI3JgSww2 + 2yLXqQE1g5qgq6vb2uMfZt+CXry0sU3ai/pTp7tksKQ= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-14-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSTCCAjGgAwIBAgIUF4JBio3TfoajkfyZLtvnKS10Oi4wDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjARMQ8wDQYDVQQDEwZhbmNo + b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSlTthgprd1wekZkaD + XIrNge3wwRNFTbei85TcHLg3HlmCL4JvizZL7LmUEGzOgNieavEsK3SFXv/wC2qD + xxkIO3UpUYQAqQxOLztiNWzdsU2N6+I23YhOgKyelcB7lxWXs7VPMrP5ca26K4PB + 4+HlMlda/6fxxe69s86ZxTdrL4pnZdr04BTG/7+J0SZeyKk5MULJILaY4bHPwLxP + CUquaaNCSb1sN2OyALOo/7uikZd6Z49NkY28Bb2+lZxZ5tRWLmFysm21riJOkU3K + XozcfpXap4r3ZPuuNfWycOLWLX5U/kqguCGqlftrld0lxJ/w+sc1NwVeTYd0dK0b + 7kjTAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUbuvIOKn+nyosnOzZ + KA+PtBPtio4wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXswDQYJKoZI + hvcNAQELBQADggEBAEspxLuB2V5GbQyIy2JNbkvTCLpXjBiH1zO8g5WUcCsZ/BhU + KTBXnbivfRspFojR/z7lFsW7vnxUEjihU60B7azfVHwRl5k4dTMLwiAqETU+toGH + ss/h8xoN2E+VuxDBJXn9hsVqamPsdys4QQ3dMhOa2eS37NVphuHUgDJ1PMpsYevg + D/gVv2tmWyiUa75igmGQnTFv6Q0l9q8ccjDoAGvnMvIg+Oy6zzO+PGKuZ2Wnc20W + VH+LpJEFfC1+m1bB8mLx2SFPKM3SFeuN5NZH/ibw/jbzTXu9P2K0psDg7HrMEv5g + OfII0DI6yIDNHPMVpcPuvo49LttJYZBQnpd9Uqs= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUGIV+l61X/C4dmuy3OSuRtWMEkDcwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp + Y28tZXRjZC1jYWIyMy1yNzIwLTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9CrALCubl + UMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub12q3Xic5z + /Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDiowSiJ1FQT + 0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5ijb5xZpdR + Wjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrfVdlGJ2Qx + c3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF + oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd + BgNVHQ4EFgQU3Sr0OSP0HbhyZR9cIK+hiJDo+CUwHwYDVR0jBBgwFoAU8vuH+Tuf + 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMYIJbG9jYWxo + b3N0hwQKFxULhwQKFxYLhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAm + IxnWzM0ZaCjnfvP9tPISwltF2RNKBtrSA3SWKckS3Xt5SfhLabqwzc5xhpavBHCY + Sngar1L0ImAnSl8uQyo6pEZCk9y9Cx/aXI6H+T8nW6rDzCUIz72l2s5ggWpkXnRy + sxS5C43gyCPi6LD+BHaXS+fI9drI0avjJaP7GeM8vZ4UC1vM3y55vyWYiotI0m1U + EhX5/LNdDLctgGnYxl0ToGWYBFiwy4J542CUyF6ppF3anJRRTNyXfaAbKYEt1Gwo + okxxTHNvTbPFiSUESztKhhFVZc2HRwhTrOGM980N4th9SbNcJSmpdgNMD/dEA4CJ + gqaXdbwIVm/8DnV2w2Da + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUFb9OtcajcngNishv5LOV+QATwJswDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp + Y28tZXRjZC1jYWIyMy1yNzIwLTEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum/ne7a8qF + CThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWpukgTHgGy + PnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctPW4Hvviwq + II/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58vZLxNm3Y + ZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9J1vIeFvL + 2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF + oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd + BgNVHQ4EFgQU9EWom2dlaX7FPeivFbBUKAef0GkwHwYDVR0jBBgwFoAU8vuH+Tuf + 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMoIJbG9jYWxo + b3N0hwQKFxUMhwQKFxYMhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAS + W5+GtNrnYWY+o/YFB9hN50wUQJSarBHXxcH++eKrLMgqCWYoPQXLHnDzFmgl4TcK + J/6AEjofznb9Dnjek06Lvk4NvkaVk/cjQmAhOrZ1DuEzzPl//kV/Fi1a6R8tureM + SFsPZF7nLOqNNQ2ppvzwnxxMY4JKokcv1Q4XlK3w3cC1xrfizOlgaUJoZjfKXoal + 1yXLhfFB8RfOtBzNiKpU27tT7/v8rYQtnsCwd+ilAdcQg+WV2xzrvy8ndVfclSnK + FVL75ztSraPeIFJEPmBEP42MhodHkkr6QIVN8LhsqLJLAzJ08Xmn7WUYqvxHzMox + GPqg3xx+jfE63J0cOg/M + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUB3Gqls8WVWB8MTJQ7RV8De5J/sswDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp + Y28tZXRjZC1jYWIyMy1yNzIwLTEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U40OZNRDy + 6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGHnTGWId3w + ZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG2FZrv2MB + v+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqjcmwLakRE + 2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPkKHS62+rS + lA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF + oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd + BgNVHQ4EFgQUqkG3vzyHafavr43HYS2IuavXme0wHwYDVR0jBBgwFoAU8vuH+Tuf + 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xM4IJbG9jYWxo + b3N0hwQKFxUNhwQKFxYNhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCS + /fjOtyHhUKjt/bM7rjJDEHRCZbBa6Crm9gc0xiCMSFdmcNaykmBQbjAiMKNiXBGT + y7TBmRrgTQPwuistOjmLdcZRDTNt6nq99HXsCtuEgj4yYRoV5CvSCbavnIsTWBw3 + nD8rnhAwJ36fkd5WmDScfGJCEFbRzZt3fU8Jh4QRfxPo8zdw0zRYk+DrudAl+8te + mUIXSXhLpb+rce3dSySj2pQnbVewpX2njiq4PC+kkWf7/lIacqfsoKPEkvfDvlWC + Ycamy+Fn4ShIqDVOZI9t4ZbXfY/FhWDUpsJFpQfqygdhxNTGeciqICwwJ20JQxhV + gB1V+8wQ7jrTcffaY3S3 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIULb78kNXKxBQESfNKmX5f1Dkn7IAwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp + Y28tZXRjZC1jYWIyMy1yNzIwLTE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZhd0AnXF2J + WW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4YoeeV7SUxt8 + 9ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/CrhjwcccR7G + KQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ43rEQLHY + fq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEEtstsAAhS + H6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF + oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd + BgNVHQ4EFgQU9T+pH6iYmK3RQ1XZCA6pQQzQoWwwHwYDVR0jBBgwFoAU8vuH+Tuf + 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xNIIJbG9jYWxo + b3N0hwQKFxUOhwQKFxYOhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAF + 9dw0unYs+fXtnfMnoxDbHQOM9/PvryNQGbNYBj+lUkR4VmG6E5hO2PdnxW6g4SG3 + pT5ZGCzpsJYGEdWuGGy8J5OHUehDYqIE7o60pXU8Nq4BdYRvwJhzV09sF5/3TrI7 + gDpKYbkRHoJLSUFTkbn9MsvHEioYDf1Vg9553ViOFWOcZSZUxqTJKCpTbRWJlUf+ + +HoSfMfFN1vcFnNMHGelAdDJ7S754omqyjb9iMiwX+A7wXEfEeoBGsL5yx8ZggjU + ZQh0LD7xsJzK7AXA2eek3IstvQUq2x0S7+XhRBv5UyST491iry7cblvRbz/vR+5N + MHGzukAVu/e2/W+FKXfw + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTzCCAjegAwIBAgIUMhGorPD2GdueaYnEJTPT+UjVG7AwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAXMRUwEwYDVQQDEwxjYWxj + aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUFwU/K/O0 + X+4T9/R9tyol3mgT0Ovh909wyqP36L0ZHaVzOhTjYL3i4o6nJvJb6+jJdgjh50Fb + IxXnDWdZGdtZ20OJzvgjAIvpiEy8M9+QSxjAvkX0CkIJgwyZppjJlgHLpbnha1mW + V7tApu/rNDWtH3Bp13zorgBniMOxhh1gdjTUh1OEcK3BsH0KJvb/FoH/DxHX+gZE + ywBAojAh1k24Ii8ADPvc/6X10HtHYqP+svbu22bssK9CNMTRJV9kKg/K75XrMKh8 + +/3QcKXN6CO+sRLcAgRRE7FmHBxq2pp68aGHIiqYLp0FOPC39PXVrmIgdvkYuSej + ne+1F+zvkSmpAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU7wdpGoJq + uWefd5h5DGld/AeElB8wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXsw + DQYJKoZIhvcNAQELBQADggEBABLzGwaacGbF1EioZFTemH572oRQCDFVfxcvUsAQ + hH4wVS4LBWq/DRBEHRy0eahIvXcflDO7JXaVryISi4kBCErA5ckLc6lonrX4gG4N + 5z8NhwunpA3i6+kUY1GmuQM3Qqamye5c6VjiKN06GAAHjThcqk+18xTzeCP760o5 + 3FSfPJFudUmVNAe5sX8wml1vb5IkYSySUhQNrrzSStGxVkGVGag0ClzQX4AozLfS + v7NahVJ6cofbWP/UjXsp9LX86doCCLL4r45rTCUDoGJ3PcrCsFLkg1SoJclCZ4hO + eVITmfRdeHsRYfZwEoIEzi5bgpNLORkBsHA1gF1yHiSboJA= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDpTCCAo2gAwIBAgIUbfCuuzB4Pe1LTQ3Pskfs9Y8o8+QwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT + HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTEtcGVlcjCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBALq3J5Ng7EC0667Ta3R7DbDAfweUy1Pt+UD8pJy8qpfY + mTR7LvfBMPKyQOsGKp6tcmUeqRsL3pcX5EXFjK8PaxMmoWEFNrL9jWMYXa0BZV2t + RWauAyjFXH17wDGT1Yqqz4efdiyEoHpqdeGx29HmRdUQRsY2b5DWnFJpZKZ4WVnN + GhWp+DgOo38YrNqg4ksqOY4JNmEq0AH0sjYKQKeeDop69JiLbFkeJVcXrugsbWT9 + qElJKs/fSqXV/VVWBK+OIptEpduW39bBmpgnyRJLKeHN07Juzs9Kg3pq5VDVjya4 + +CvKmyfZnl8FfHM/7U47aXbxXu6Fcb/UF4t/zJD5GaMCAwEAAaOBvTCBujAOBgNV + HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud + EwEB/wQCMAAwHQYDVR0OBBYEFBV4PR9yIeXI73RNuQFPFtkFDwXNMB8GA1UdIwQY + MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt + MTGCCWxvY2FsaG9zdIcEChcVC4cEChcWC4cEfwAAAYcECmDoiDANBgkqhkiG9w0B + AQsFAAOCAQEAbulfprS3spW8OdeIjYTMV6+Hgop7xW2ZFHjjXkMoUAK/1mOhcbmS + vVUasb+v7Juj75kiCLPAZgdo2aIdg3FQRhpHyPp4ki99m6fIqoWPpSAzsKEFtxO6 + zFsgpnoUQRzUsWb8FPBwWznms7gfm/04Mv+8mcpZw0eDR3aJrYqoDlDSlrL1kKg3 + VGgrkobxxufBLT1PCR+ZsmbrzAtJl+3XgRNESiS7/XhIT4jeZezlOHKGxGbxSNxw + OL9XtWmrg1lpw7TfzODUZm45pjr+UZTKREIN4Ogw6DLNQz0p4M6OYOQFJAd7cc3R + 1d830c3UQu+7YyYfcfehmE9rpgHix52hcQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-11-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDpTCCAo2gAwIBAgIUGpWyiTwfzPI0ek24/GJQPcnaGBowDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT + HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTItcGVlcjCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBAMO5C7zxX11lixThzBLqK3gtMiHMIDEB/I36qqQ6jFtW + phAUAOQzBLZf1W7679/xAT0auJ00nkF2VIjoBfQafvKksQJ9Y/2Xw0H+/nbQ6+g3 + 9FTA5cG3mW7VKGR4ITHHFBWXmQGecL80+4rMxTYsplgXR54S2G104oJwHmXhdCsM + Yn+VMm24zxXLjNZO5Py+uHzMW7sVfGZoK8klllS0IGp03jS4KLo3sx5IF64O2GH9 + OG8e45KOQe6Z14YTBFisjTswSlNcyenlQX71mXL+dITX9ZQtnuYzaPNaT9ze/hPC + cufofK0fmCVX8btZuSinyZZegCiA+oOUrMouqfUPSsUCAwEAAaOBvTCBujAOBgNV + HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud + EwEB/wQCMAAwHQYDVR0OBBYEFPiJ7mhmVtYse4a1RNPKfKzbOTC2MB8GA1UdIwQY + MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt + MTKCCWxvY2FsaG9zdIcEChcVDIcEChcWDIcEfwAAAYcECmDoiDANBgkqhkiG9w0B + AQsFAAOCAQEAQPYErYGdJH30Ls4SEL6V3hnxKk09izMzBL1VmKtiWo2gnizPUzSi + ex+4VsSoHW1xOgU6I7Pshp6uIJSGh2dYpAinYkdmxcEREjDxGe3TOCnhRDltqD13 + LwESCNymvXNLgxJp0+dkrx6r97rTaaeS79fJpjr/ROXOnhp8pFVu5NJ4bCAPmIJh + RB7ZLqNexNSwwwRaJcnOYKWpq+nZcR6RRQdcFcAs+Jxmy/2fm+wwuen0iIccIuHC + EslQ8dUcaTdwRMubVcCc5OlEXcdkXP9k0jjITd/B6SCISvcT9SZmHouX3pKtjKBW + s1kP9qWNQ+EUpRVr3FojxAsPiDj4RxPb0w== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-12-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDpTCCAo2gAwIBAgIUd+FMs/P3piVhkMLoxxDYI7zB+ukwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT + HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTMtcGVlcjCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBAJzH9c5wHgQgzcUaYjAPEyTTRhf/jH0feZNdz3MY5xw6 + ylyLBthr7qfjEkIywgUjUUj5LA8gKFpqeqU4ejee7a/KopmqiMrf9DnjlU9sf6t6 + Ci5CgURnDbUdqm2ePbfGRUvvUD5g0CzJe849jeZIXXMjIpjT1XnStr2ufLGWr9Dh + 8oNlz887DNhuRiDsd6AaIv5zv6Gy3GlARzfJWXhTKZ0sfpEq8IyvQbAZ7KXubKUm + cns30UQ1gmzXJsavV/YqrIBBRSYxqDDMlmELDmrOg3Q9bQL1f3eYSFkkCE2ubuxO + cIrmLpGMO1YiwexUFjBQ/30+VA0JK0ypjIdbG1qXuu0CAwEAAaOBvTCBujAOBgNV + HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud + EwEB/wQCMAAwHQYDVR0OBBYEFCAuHTuZgMXSFEmPOTyCp76Hu6MaMB8GA1UdIwQY + MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt + MTOCCWxvY2FsaG9zdIcEChcVDYcEChcWDYcEfwAAAYcECmDoiDANBgkqhkiG9w0B + AQsFAAOCAQEAkxVOj5i21py4hoiCMbFJy+wZr2iMTHjwdeM55e49f/xDN/GSMU1C + d40kfAj3BG/WQD1S3wKI1z0WvPsxQnTns8KHKrStni+vy9M79yWcvgr62ae6GhfH + E/DgBxOFm+uGt5iPB3O4GcDncsry6AP1Awbi/XsAOHNkv2c3sl6uOH9B3U5wo8rb + 6iEg+thkIrKTNxd1ErT0KSFkAr1+oYhw41LPSjEGykI6NmPLpszgyALOZAIG8/MH + 4m5WlTdGszEvLGHyTR9UGIpXG3o7eu8+nN9Edzt4CugREmaStz8dNhvkmZBC4ROY + AIxRnNa+cTbN2Qlz+y9ah9/f8VqvuNiMEg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-13-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDpTCCAo2gAwIBAgIUQyouqBJjNbpLH4WSz+SG2Iel350wDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT + HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTQtcGVlcjCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBANKWus3FABiJCZNbXZ/zoxYwoSCqeYZ4K1XSbp4N10JY + yv4yweyI+sGh0M0fvX3YUjgXqDtFoIJteCe+nLnErhwuhX3yY+Yeci/ZUrn+F0NP + 5KJ0XlehTl7S8uiIl7nhfwYuvUgW1CFjeMBqI+I6ovj9zI9D5zk6tf/rQf6ZIfB5 + Bb7fmZXmWX4nx86UevofGGTKIGajITRMOugM3aRL038tAd7oHH5FNa8UOMhUB+lF + 0YYx6OOXNRriHIANYYYPnUtCcPXmsCUvDnLTN0Ka7iqETbga+9WurXxDEdSr83lu + htRWvgHCHRk1uUmxOWJGY+ASxqtqkWBZBHkNMHOHUskCAwEAAaOBvTCBujAOBgNV + HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud + EwEB/wQCMAAwHQYDVR0OBBYEFGxndUTeXVH/wHeR2LW0SXIcHCIfMB8GA1UdIwQY + MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt + MTSCCWxvY2FsaG9zdIcEChcVDocEChcWDocEfwAAAYcECmDoiDANBgkqhkiG9w0B + AQsFAAOCAQEAkXpwJIbr27QBTsPMcuGNRFFjejJmefxO6TP93PV/UusnXAlFMZVZ + lOPj6C6fzY4yLVB7i7ctJjYhGp6UUYULzmCeAjZsSRId3HSyOgUDol1BeblCL5OG + u0Th/SX5LELJK8N7L3DGVIYHuJBwkPVSAg4CNjT9kuhhnu1ld1fkgCb3suLg9m/f + Pc5u99E2LzfuVgJZB4whJWja7aJ1VgEk/bzsCIK1shxGBBPv21NQFKPdg0RGp4if + hRZo+BWonZhRLgfr76Mo+tqXUdeYmIjqa4gH2e2wpSJtUc6CnrJLqHVRg+18WGz7 + KqW2r2YUTk2R+4AdJP2m/mUGFMTrduRERQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-14-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDWTCCAkGgAwIBAgIUT1UJXPl56W5pfCKaC7hPjRXbkPowDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBwxGjAYBgNVBAMT + EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGytoPe9i3QSImqbF + rmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4VnuCl4w38XhH + wkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeagw2wREaRd1wdE + MweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+26mgdoqGQ1jZ + TYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8iifEKt100wOQH1 + 5hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD + VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O + BBYEFABa6Hqh29OxXGpp19Od2TiSyGrIMB8GA1UdIwQYMBaAFEt8pjwm7JWWYSbh + rpUHrlfTHlphMA0GCSqGSIb3DQEBCwUAA4IBAQCD4xsFhmigJ6KkkJ/ANREHFOcC + k0WusFQylK9c3/HWVhkVMW/UlvUBi1ZyJD8bk6H6qfBvi7ACuUWZHTrAWo89cv0t + z7VA39mD+yY048Yv5c80cnCogxhQtM4MXiggMAbrTgTzHExxRRDS2Mai4Uz7V2Jb + calUCe/YEeDDZUJu1Z16qSQ5lqXmVomkhMnqI0yTNoYbYkfI9c/gOqz5HLPOti5O + Cj3AKM/VqoLWHCSdck2CLqPT4ayDRQEuaYWLznOyRWmcJy72a4WZOHeyFI5O5t9h + lT8EGbgF7FS5++Te5Qpalti99sPkBfiwZB0FE/NCH+pWg16186czTuRwbZEF + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA73TXkNg4A/nHn0TsmUsWmvpE0jxUZFc+RMCio5h526Vhb4Qu + kO6TIqVZ49wfPEuv8GVdZtJV+WkaUmgFD2G8wiZGKIWs0CaEbSp9u8ycmW2W1tdJ + NDbKra4syqyAAWpphWxZz4GpVgPsO68BNeHb1ObV9aywwq0tPbKO3Lyhlv3kNB/c + 3m0vSTSqpAzonvK6m27t/wUH7aJTuZaeGRE56MPsRFK9a4ftnZqdyisUdSQJa49V + z/L8tG2SHqV2shecEnGddq+1Gr6xoLe0r4qAdAI8anRN3zPDJCZjfV0nm2xlzjth + PidS5TU5CI3Q7at7X12KlFIwdr1V8zp4XzkTLQIDAQABAoIBABgI0EI3kZfEkGbK + Ej1orgIsMJAxgf74SsW32Bs3iLOlK9x3lfzyFU6a7iTSyUfSCPzGD9PsNLjt9bhj + vG5IzxtloBEdKbVSyGP0qd4ZsXYs68DwpuZYwYshOlm1aru5pJHByFntl8OMbT+o + VyTDYL9D1CHujWdc3nec3n4FaOqwq2uqy1rXF3EtvJE3GmJ0wu/82WVn/tvu/dc9 + Kv4XBgmhG0LWTyyqKKUDb7/cE7+qomLQeEIHgLn7E/43qxYhiM1kT7C50sX4wXy/ + T1tPm8r0EzPR1rWK4EH/g0A1k0AKxagkCA4BdwLBrMbx1rSITi4xwUIFhhv2dpg4 + +fIdjgECgYEA+5Hx6voY/DsgVkYPcmMs8lPsTih6ZTaj7ei10aBheh8Yc6o5nd+Y + 7dnYEnwqQs+8S5inAQ6UjghSS5VHIzRYD7QrHQD39W4bPPGViMa5qwDZ25HWl/Ap + u+tkEKZvWOtWLsQGkn6FQh5ScwSdxU8K0VyRqcXF9e8+0FUq2Hgtm0ECgYEA86xK + KMerDXM4JMXVyA4xw2ylXOPMFa4gV7gCah3aKhXTcZlWJUS9hdRCAi+7Z7jtTf8B + vdA+pWkZGN/vNF1sJoYVbGpzWd+3ewITJTECXzI/kS+YZbWw1jq2wWBakG8/ymya + JDXOPIL8oggJ+mdTRKZolO0bSN71brUKA5EiWO0CgYAxT4Qp2Of42OYXwxfYBhST + U1voXgrPuAwd4BVzh4pT07CJS36LsX5acO7ngKsP+YQhFUT28hKwXHU1F4egIOx5 + 94jT4JK56uEv6vKyorFWEY6ieU2k7pBfo14z3UvKFCcKd6YKJP6d3S+wF+GNAVdP + fmOW8YtCD6kyUN9bGwNlgQKBgQDhTy+LIYSCfUUui1cvEiDlaDJG/8MXUNhLA7QH + 1u6A94l5gqTq9PKhKjCWwPfx4kZaVi6QClvCqrkwDO+rZa64uEZa5tseAQQw0yxM + uVJOH7IzVuT9NtD6ZXPSvns/Df7X9y9XyACYZy2dzP0c8ilGUvBktBEEglRCN1e5 + EJvHyQKBgAh6ITrOmsOmLYgdGrvEq6IAojdJ0ab6Fv76r8PoW8H2aSy/7u1XD2Iv + IViMkTwg2czlfMQ8nFIkzn5dZQwCPm0luCzX4C/bFv4MBGg2gW4sCKpXB1YmlSXm + XtlpL4MQsa7EbrBQvP6KI++j992WuM1Fb/LlyeSHNqqTy89Syfz8 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAuvQWWgNqV6uCMfn5SfkdGq48NlB35AeKKVnHj+Gz1xeoH0W2 + acwDHvIV7QnB4RkvRp6fsz6it6f/PhcnP8ezXXuyT+bFCCUm6e4CldVnMO0JtHaO + j+j70qtGPDsbncyeNq9PYuJ/kL9b2xAuoe3xs3/KcRZKRGQuI3+a7L+SZaDrO2x1 + a3kCkOAjQEXvKySwzOUAHtSiaXh+Wx4AhcW/NjtmQfq8RLvCVAnfKG6DOiU22KdR + ZQ1NP5N3aw4if7Y/JUt/ekjceM6vOvj/4HTJhInKYQLzt1N+0KBOwAWGpiLiMBg+ + GAA1hGXRTduerks0uGCcq1VP3ayxhANHZVdGKQIDAQABAoIBAGtTKu273jW8MP7t + yW3tBAdIFSr9IQaYSXmZn9X6tVp6qzpgs+qigvwl7+5nVpUZ9yjscTPedl1GpWII + urCDvXWiSGhUS7J0WZWb3IIVw6qzuYmPMiJtlvuG9cgoCp+ZUw6Dr+hNrPv0zw/A + h3TQe5wXdalcKYB/nnkkjVTyWWHbdxqITEPkKmXAyAe142CFfk+raKUfoRzRv3Vs + 1kjpKoRL7wRjovdiipVDSCkPovZKUxwvQCz8ld2IZMPkJzmXcAT4G3GtVa8EZDM1 + L+3cMYVyNO6IMcx6I+HCK/ny20aytEJ483AvW2OSqleinM8wnFzVXhKfbc4S2GzA + Nf5xzx0CgYEA0MvgGp05jKpTDVH+o+6hGqRse23eGvui3B1K+4mitRzuFzcPsKD8 + 9Pb6tcmL14VUNBIBdyhM5ti7STXkfggsutgvqM7xS/dZaAVdvw9oiSrUWKSNC7JG + qB/Tz+aMkQbg34EiM9R4uezTOH6nSNmsa5xoHe/zw2mihHrS2LfbLkMCgYEA5TgM + nHrdTkzCDVxaXaqkrV+YPq87muuiXi7oOwiXsnSnc1ywOC5Fh0zrlCtbhAtU8AiI + K2JlFHFLTtwbn+xiPOn9KyWR78AlZMUs8mxiLJDaYey1l8BFr8ABk/nnNXMt7l8K + 5yANgQ5zd7RF6+bcH36G1fo1gE3ZbRoBVZlkkSMCgYEAxr0H9s0odge5PbiKFCeT + GPTgfSu6eRyDi9gmAv6i7Jk41sgGGy1hGRns0ROiE+ZIm7d3xZ+Kc0BgI/M0JfJK + AR69XoR7kL9DToutC6ry6Xzm2ejmh/eM4YJJ7l2X9oMBkDwt/f+DWhVdhyymteTb + BSK+x6AZ+iqWEluGTdnSulkCgYBqe6A4LUeTsUrQhB+itbwsomUKccNB08co86eE + jRhTmaeUivF+F9jK4uvpeD7aV51MqNoBNYN5fKwcZVob7+cvHxAyNBDYjK2SY5re + v4TX6S7aIOm3JmX5IDxbbtN+3BPxUYuyFQzQ8FKpwEBfN2743oFq9AJYqVGhQlxu + VIUIewKBgQDPkVEdOw18HfwSM0BPZJYsSPn61ijoFGJruO2xHtDSTtrYezrvA386 + hAy9ezPVj6NiT9agbHdnNVlKflW4B7GbT6wgYp4Mi81j4WWmQvXuruU07IMExlYc + QnCkn4BoQUst+rBSR+xX+DJiVJW7CVPEto3YnHeX1EBapsPswyuQtQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAu9dXP+k6eAfX/wj7EzOUCCPrmMfW/t1db5MnHtHu8wDbqWVx + I6i4H3V1S4E3g1P05likijkhskXNyPJu3svDyJqj7f2Xyt/nmVWJafUoPs464grE + KjhCo1hYrT9vViAPpEvNyhYMqIi3ulBjClfFWD+A/rUGeKDbnEXQJ2emvwgCYtiY + D9QLYm9GFj4aHfrTQ8sXH3/Fkh0BqyzdH9YUVvPuwtn8SNt7O2Da0anR0O9IL3qk + 789XEKJi09If+19bLl2wP6d+UX7y4Ld0Yd4ukBc72ZdwRypgcQZSd8ndOKxCLWyi + lR+tTJSTpr+T2zvPAbMjZqvvrdCk8xNUhAEFOQIDAQABAoIBAGZMxOu9rWYpf20a + CwNOF9THG0w9qc1r6bMWRTv3wVb+pKMA6DkvbfdUFOlmGkGfu8SnihTtQHjCo2xI + /DDCcIIUFitK7RxEDPHpL8lRBvYNguwQSP1lXoVvW/wejBgvpdUoo47nq0UuEEGb + /hRn8MY675nIJRoVIQVe0BplzN5EIteAGElvn2es0vmt1keFIgc9Fzd4hh9ZsaEv + as6FRM8jPn7EncrwbuiNfWVX8Nt/PRFWQSrAiH0ilnj+vCkN7k8wkv1QXScDMh2f + wGCgjgXQ13OrSfBEcgoMYgPYh+D5+O8YpRsR1LeFv3LNKmpHGqW4Tug7QzDE/o8v + VyZfwDECgYEA7N3b6UVNnHPm2E618EK9ON9BFFYTZTzMKsRi22BL1JRaboMsHLEk + iRNg19PmfdjzeofJQJRgKLRvjcnvjgstzHadDNI0wLkYfixZTaMavAKpdxzAi6BU + ca70zHPwF0YWg0M5e+u33yUUnk5dEgUChPaLPZctMOvilwAHGdCgKvsCgYEAywOw + dIolSIVh/nkshzt4hWOZQZ0ZbCAu8xyalR1E977emm2eO79vJol08BB1kAVLh02j + 48pdr4nv2BUuIYhg5oA3g4LE+hP+aw8SZUlUOfV+xcROzjDRJ1ER+2mYcsPHR46j + ldZQFIyzPA/aMVZBhD/d341gxLI03bETeJno2lsCgYBtwAaLOV9SpKlLhHzsjB/c + 4CTpZVCrUdZP4prjhuTb5LlaB1FDIhkJon72wepEWWfHWG85iwZbFe+yROTIbgmU + eUkfja5/tcPRgn8GaBKVFq6q0BmvGGTIIAaxTO7r+b+opldWQcv6itXY2/pnxQZ7 + 0TiHGysHReTBjnO71FzCTQKBgQCWy96+Mf8Pp0Pq6ccRjDMxoZGtEyxXDHDTVGPe + bydTfwuKWfI3HzNIxMF/sDojCEvZ7OnXwfFk+miVcOYbMloH3SVfIjt+JmvMyh03 + 7wgJJTlNXUvMDKbPNYDN5tm+JX5YwLLyEYbaPMjFzGCeVRvFSEteSn2enWB3a5iy + 9F/qEQKBgEEh+k7wtEDVPeEo3syrq8tjavexVOsmz1zgLhUDIkNfSNWu4ZLXTLHC + slASf16VCVhPhZZHTzro2lIdyR+NIIaoq4aVggSYryIGLZJ9G4JomAn+54xErDUf + 1CfiuMFlITDCky8uL6MwdhVkU0ecJ5D94eIRaJnESWLz7BqdgPAE + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAzFx6tEfd6wm8IJJhov7U8u2bkEvzfYX1GcCA/qNrYp+WqIoB + CQZuyvVbGcYB4OrYXFjrK8BzNiYvVQgn5UnS5C04hSkat2/cgnDHk17iFlygPYLb + U2cVR1sn5PQVD+yyKlOdlUgUcqv/hDRVIOtMnFxZDs0t78njkf4I2BAfh5FvZ+hw + 1fuiBrTL49oAkRtmf8B1NeZT0r+7lc0usW6cRnLHVUdk46UxqHWZqK9vzsxcboNw + EWnNKVl8b32HAwaR03rWFWxARwYTT/ktM5VyeNMGfWfP7Qv5gy5tThGwsoyXFAIJ + JZlpJ/IK1SdkXAJa13KeVOxylyNWnT0P2xkCAwIDAQABAoIBAHNptxKhk77tnIV4 + phN7f6BCeJyhiD3XrXiBs1gbysXEAz3j0nnaXC/bKTwBC4aOmupsfUQUR/zIy+pl + 1MI1UxjyQP1THXeDgTFZqByedWjTntueT2dmzCmkXX98KXj44BXvawunzYSFhqSP + OZSBzp5vuQwW7F6D0jXdFfmQAX55reooHC+xpytDLkjjsXv98ST3Mxp37CR9JY8A + 6s5y4GdBHjR0bO/AbEvJ0S/ZLfd6PvWux0Qq6+mjcs9sGCPOg4Fg1C+DGhlnNaJS + oFj9W5MV+c42TH/UIKrxOkDv9J5q1VlxNm9PblNKaRmcPJ6Set65UhGVMHEmeUGB + yeUXzkECgYEA44m4LSKxerHnCWPTtEdOiupIdMaTcaV0Guh5c++pSJzAXYPVjOnA + oYgVlFHo/SUfqErPsBuRuZhgoi+IJpvhGNWBCO0HyxxbF7vAoRP5FEewb4trr050 + QrsVwTdEF+UvAuQtVybkvXSxnJ094jQ2aPgRPpPry+W60Llj+sd5FCsCgYEA5eyW + wN2pjmk7slCI7HsNCWE7TOv4EDYjzRTBeIb3qRU6FK1EIO6YbISY0FiAd1yQ6NE+ + TFIgAmGjhnudkMPW0imhrBDohwIZdmiWtNLoK7mMhO7UhIJeRkSAHBi5ePEBCQyQ + 1Gig7tsrbcaNaw/fBl2C9LgSQsW5IIwKXGGpJYkCgYAeK7rCMWF7NW+/LP97XiEq + BlrJMTOH1DqK/txr5RF7UV2oiLyeTLiAMr05x4qvVmbWN+VGIsG17GCT4N2a0PyO + AHF1r4hjBEWH5htqwG08pSzd/Yyv2CVOW+RMlHlw+bC8H2lrrvqRrJGIhMkZ33Z/ + gLU4qQCRLssQtiRtsll5tQKBgQDMqvffIvHmBSLQrgPUjgyixtyksoCU3byst8co + 5OvcpTqYYUv+DKW+I6JsA/wHRGzx8iEEiy5XMFcCRVOTI+E8Hzb9FegHFgVYc+2D + dSKamYbOZlLiybHl1uA7In8ne1Eynu7lRWXMeWiFRXNpVC1xWxhRgvEuYxdSM5ad + eYm6EQKBgGNUKKRlnR3wtbtVyrYhQHsgthXK1kH59B2IoMhbdd8RT0Oqv33Ykfom + vim0bsHLoxaTJVN0V8vj7OLv2FD7MoUfTb5R58fnRq8spPyAnHcFTvnqwE44UKRu + 4FYt3jp6TqdORkb6E/IITG7Yp6xyck4gkrWgW9jQK5Ibheg235nP + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAxLFuHbk7jwcIfi5S5OTiilwJHeKWuAGGcv2o4GKhA9tK2698 + ZXnHR/ObTpyxrOX7quGXtfsNF31nYKP9t7cytzOgTsEKbOH7V+fV6Qhr+qGDFq+f + cp42HNYpGli6nE+3bkCYYl7yqVx6NQ7LlVlKvaAK0YfQ/EMMLRR89yCdxAxTYUni + sRSJltwHpBpP8EZ3L/wOVSArm5iStKp6yJSMCCuuBksr6jjGr8Snv79Edg+u+p9F + D1B3wCCorcx+Is/t3IbM17d/nJjqw/hij9Fbs614oLVLWNSwvvn7atke4QbA/ME+ + YP2liD5pmdm+cCxgIzPOniLjtP5cAyX3D35qTwIDAQABAoIBAHiMXfatngkMwHHF + JlzOwuEVgyjjxIfFt4cmW6gaCqD4d6qopM70keRRMzA87NAQq+uRE5Ae62koHIGo + QEmmZ9jMNUXPHfqZjZfUqM+Hr9YNwu/WdxyiRnvp7YsOMmC2oq9Zu4sesg6GdQer + p65C6YHKYpcEbFsPJJlEY0p6nPaXm1f1IdWuoIwqPr+X34iU4uO3HB8vi38+EPjo + 1A+FwgrVvqLglCOIApMijLcTSxKrLKZHXv/rM2a16oVnCuTAru86lft0LAr9afkP + yAhXQjCTth/UxpG7sP+69+q6K5RcnB8FVitk4eH96n9nbepJUtBKKm6F6m5SJjJ3 + XAk54dECgYEAzw0a8mTjFlJAQPjAjOk94kLIYhqno5cS/tx48JZvBCYNyWceEdvO + 5r1Jk1rQP3USwfnOg7yQkduGavNS+xlBZHszqLdS0qNNthf9eymD5lKOPvnSa714 + MP8NZmTWm3RN13ejXACOLD8iwsNyRBB6rSeY0jeCQkhV1NnRNLdDkA0CgYEA8zFx + ySip/4TwJK4jZqi6UWN7cKJChHtQliH83NVFu5Tr9Aqz9amiUXpyaZ+vXA3V4sIM + cRJwb9r7mHq3aO69VU8PrP3sk2IKR1Sc8CSyoPz+f7nCShFB8TCYkXgOvGNaG+LZ + gFJER0kvjz85XQTgO1dNQySVIGjX3g30AWab8MsCgYBUq1dJqFf02M3Nw+t5tCfK + TuUCuUO0ciMidaY/PEVJvQYGRlTVmL2TPfTIfWqLiKSTDkSVOpckDlF5iud0J2/G + V1tYsx77ZCxzOnw90UxO85OXzTFvPZvY7XPdW38nMvhiFFqJVPDOx0K/wo0HqHWC + OZ8U1/48fLgcwrX6iLboQQKBgFgt3nc08mb++eAi8B0iIuSt8K1HeFz3JaI6Uqh0 + AGPivKdxVg1GY9+tSVz5FKmJLruY5s/9Ap3cRgvkuyomHqqXDzUHoUdTbiytBnag + p9Bty43eeg9HMKTWnQtp/9XZJGwmFf1MVwuOAtuq7g7HXNLHdfFZi2UD/vm6D3aO + kQ5/AoGATAcH1KOpUVPTcDU2NFcDAY4iQp/bb7UqEiL5jQNXRAzX/cBINQ+CE9MX + /tnj0oR1u+njTZPXe+FYgkjRQOeossC2nY8p6zPvccCyZp8g9HM2tK4UdlF0spbw + SNcmdx781iNauZdUwWUFPk+ieTiqzvQhDjwbvabImKhDPd4DrrM= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAvU7PJjD5H2MY43qepZ9OxDY/2IlDUTeaKQAFEZKe0Gz6NK00 + P2hD8qZohaswKWX876ISqxcjE7X9vecMWwlsdHq2D+AJExLDLyKgQY+vlC/GVdnd + oHDYFZj2svPmGTef2yFxhREvss6+v1wLEMJmQ7lbX9cWngCbe1IxWQKXPRPOEz0h + f8VoksOSGt1oFKw3UN0J8zeKB451tAPnAjGnM2Pq8gWW54HrRH9tmJZnrYgWihKY + +oG1nAbDp3bUXvdacgQmf2n2sQ3UcXya2oLXqLNynSJXroPbNFxdw3M+ynUHuGnX + utKtz+Fu6Vxffb4WB4kCccek3INuEINZBdV6dwIDAQABAoIBAQCcRvDvIEKoTJCB + Sfqp00ec5wPx5+6wn2weKKwGg7mjajNrRQj6x0JAkGt83YNWyaDy2iL7JpCIdxbP + rGsgxDjKN3sQw+v52OVUhgsx1EIn3QCoYsB48G8R9ULDHGF5s9e9eHBUX4m23MHP + C1b/MNxnUB9EkTVUnj+8oG+ogWEEw2WRVyQl1sUoYgQ0z5lgBGHVoY/iHLUHIyG8 + NJ1scRAKULxPYWxGp8kqWKDaHirvTZaqYNsNkujjdQx58wf5uQflmi2AtyP/LV/U + aqHntVhynIDpRQq/fSUNwLFXUdVUN7VlO5zotMYE2qmcN1/t571kZf7iv+aptWlm + anOtamqBAoGBAMfVSzB5wa6lhZUBCyt9iKfwXTSXBH5BRLw0yAtvJlbzfI0GRYCv + rhiGdH5m5WePVyzzxefDq0e/qwQ/wA/ZOFZUz7toM9oEcICyRrbWLFx1fr2Q86Az + lCj2DpOu2CpIi43Nuo8mqbR9LAZ1DuMtveiY2p7lQ2l97nrFUbMVeYuhAoGBAPKE + LjyOrwDcRx5GvvLv3IINWHK90E6KgXEyvOLif5JT1Jj7kyLjtIS5SJMZqJKnqCxG + /MPr9jSro9nocLMRZ8EDnWSTUtI7Z4f/GN1CIRY7pwLKzHS9iD88xZ8w/bTswE+2 + zOnT3txp3ONTWu7EzVU1DP2OW7O6vPKh0KVTC48XAoGBALG7mmleEY609y+EwxuG + RnIfzbZFjyCACpNeWoIY9L+nRiLj7hM7rZtwktIN0IGgMsfvdRjipkdlSMS5sqgl + 6f6W5j/nuR5yjmFYrp5VtRTzB6uw7Y6R8XfRCTv+6ZIJ/d08mm5R0+SM5AhGOtyB + xYPH18I1ZRTBhcc6EqU2N2mhAoGBAJBffkMQ0kAZ4sC0byKjBsvpc/lC5MqNDAg+ + o1IScs3C2DKGug4wLpxAzWK9CKzd4HEThZCBXZ33fGDSTp1bxD+UjlN8nPaI5NaC + V+QIZTgeJQu1fUgWOREkdaWSfccClm4eLhkZx3fCEfzG98BjKrYKEgS0hgUWKzvq + dxKkwKHbAoGAbYLffwmj6GKoChkyraObCK96GTYccMs6OO5RO6hctkbSD7TYHOl3 + Mvy0/3V9gVkPCo3mTDJzxI2wtm7W5Ib9pnW4FCJ5mfxJuQ4xJ65VVWPDkevngwFs + iSyvDY5lzMabXa36CoKufRx2kveKd8DPWGb/NCzxR2535A4ibFDb86o= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA2ELPFVG9c6Kbm1mPdvdaO/Ci+iT5MYHRmX2b+V0FzYEZ1/fI + RbhVuVvrblRi5WwBPJIgtLarIKu4Yyc7nU7duhx7pB3ugef4JrHKYOnv2UUWKiIx + wkbZvP0vr1GihdFaC7FP87hMQz8znzUSJUM4aEdKJTsocSnXDpDkIQ0QzRWpIr0c + YhsQJFa5gwKz7GPH5MUq+Bi0pAMbx9a1S97rzFMgQeujxODP3bSS0k3sGhdsTKXz + bdSHwSJAbTQBvhgaBVUXuapfLH7jgvpKHvxAvzn48qxpjtWWWi1exW3ux99ioJf7 + FkqL7TUC+dgWChfBIbORTWWsg5kD58uUtOk6pQIDAQABAoIBAQDA/m48AmRl67me + W8CyVHAMieWIArL4QXhB2Fz3ntJs4Uek+pWZ0rV949Ao99oCD+7SlT3myBXT5Ct7 + ISoMarNpQb39alDNUaydK5EGB/9qEEOFelqZnAz4oaKKfPnjHj+Tq7tELzav1JlG + /V+iLWkLdoNu0mp3AvXPI/LSpAxYV9XFxG23Ij+MZg2WGQC6g1ZCKnrLmPf6KvDR + h2jyL1Fplu3bH6gkqVABAlVkwUCDNoCBD/uE3AuykrpMiwEhNo4ZY7yyvV1abyUx + b5kGqnWwFSrjwjGTn8m5rgkXDbXkRQE9hYJKhq1Zy7f40jq6Q3UJXQAReZz1G2I4 + a4xybkjJAoGBAN+jW3EelZea39nTZ2ZHw70sx1Dz92hB4DklXhJeg8wjcdV8wGY4 + bLWjfUcC8fifDlbBYz/OPQrKljafAV/FaK307jGPPL3hOpKCQdu/7ea9VnUXh8DN + KwBxBMY3wHdMtWdvqBuq7QKer3pjtRl5LqdI6bGpHyNbKxwS+PzMVGZXAoGBAPeO + KqInC0R9f8JnA5SAfwR85bZFs0bsqwAiZVTOYd/8dsXjtK9g51Ke6hl8ZHsd3Bjv + DEPqbMGcbdmSpVLFXE2/l6RrW6y6WN0+OWV+TVqwFd+4CLN7MpOg1QiM4KGN1TUW + 31P7WcpC1H0tZnCeZmdBxOdX5XDRaSetQ2WJaTFjAoGBAJMcm59q9g63k39v4HnY + xXshBLBM/Df59azB1wMQZ3SW8F/2Y34aqfBGbreSyWe6Aa2yIz6qxV7e6zddG4NL + kdO05id1yQhDK8uKohYTSETb0g7Ofr+mdx4gOnrF2/beYAp92cDxjF2H03kYM95g + 5/6lKQ10agZRB6e9F0r8gpybAoGAcrPesS9iGyQDNHJCyGYZdFzimugEv1IdkXxe + c0MFOqFh7yMorzI5PKEBWzm13Q3i03K/viA6sCLpCyzViVqFAElL3BUabxgQ4MJa + GdrBwMlh+TzuWys0Lg8RZlrQIkrzhRvJ8sG9wufgSPfmRTw/uoxQzdh+KR3+mTHA + zqUypn0CgYEAoqClS/TJabzTnc7IsFfjjTBNgnUDOLgXSIo67erocVBtcFczaX8i + COR/YBImr2KOhb8jQ9ucaLBXucOBJyPrahAjeVh31Q/wM41XsoytgBERG5ppU2QV + 2l5I64XvRuecEEKPDsmFFSa871xJNebfu1spt5D6TWyXvL7fJYxGfnY= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-17 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAveJOaETPs8E4ZLPvLfs/qdDk8aSRHVqY4ewYf2nWOo13Dwjc + X9I4u0xC9sShRxgJsDBmjNTPkOyjPDoof1xz/1xT5cq8wkSJNhfVIr3wBWqIfKwT + Gb309lW15B9zocr3kJ0VkL50jVCJU0SQz3IV/h4roo7fkIeIg+dAyPMobaYEYIf+ + xbHjIHYemCj8IKV1Bwttb8swqVg1QkNOydwJaQ0rBc+t7H1sZCm4k92y31NIO20e + NqdV6eUJQbJjoXJzvkQb2O5cOdJH7ryas0pjaBYBMIqYUWyl1nZmwmQtqe5TILpV + TgXs/6u/zJ41Da9yeELYtd0no6+gKKwLse6d3QIDAQABAoIBAD2om+9N0Og86PQC + Xbtfp6eb9ovk9V5DyfsqsDXHh1ISF8QhC3ZuDA/9zozVAs3UJ2k3/kTi4dfcj5EC + DZ51xhD4ySGIOM0YdjnDeWlDpgoMMu/Q7I7iWQYYhOzjraevAb7K03Lh9XTh3wXT + 8PX7xNp0r5SkskH7UMAMOsRF+S3JOEtJ8f2jDGs8Clw6NmXxELbyEw5fE3U/kb+R + IwgR7Yk1rtsS8VRU7XeFha+RGiiY8HXpOO+Q+2EyEK628gDma+2TqKdiM+U9hFnd + 8lPIsJeDnwc83LoIwwGjPlQwdkj4rHH03sNXWmtPn6+CoJK0x7WqG0/uhTA12pDW + i7PtVWECgYEA8LOH2n+rleKklnGWknPx+Sfz6j6+aY0m4Q1sRF0g/un2u0LXU4J7 + zLc0R5pj7vBejuERu1IKUjKsrHgLtWzNTeM6J72i4SErqmTzSFZAHpsqOTh11JEm + YGFjWG+4+0PC4YZQfmTBA4M83ViXqJFGAphyJymCBbsAfknwsPGAmBkCgYEAyfPs + dULfVmR84pLCKZRcHiAW/sPwz6vWNJdZ3dEa+BPdsU0hqFysr4+qwnYammxWnpbP + H8JFI7xymUlosiEOUu4iepup2VeYp28Ty0mNVngolXJi7s5Rr9RYW71ZVJHZbv9K + A0YD62QJamvRVEe00il8c3/lOtNFZUZsxW+K/GUCgYAwdzXHnSVjjLsvP7fdzVLP + pGfMps2YWz+U2SsPqODX8ywnEJJi0kczNUBlmoS8u9GOW2tCmIZTfrieEZ3p7fp4 + 0GQJVHnTcuZj7Oe/jP5kK0IZO3EeWAuuJG3ohLZugXpgBrd2e7sRhf9fYlNHMdky + 9Jcno4f2t2ymASVhu371IQKBgQCTa1vQvWAK0I/ZVQgnEgWseABROPcwoV9cRJ91 + LI9jSB0ssAFBxWTJQzaDfXMuBqe0XKIVrNqLm6SMAOpMHZU3NF424iq6XRcyIgNx + AeAKnuwBK97MNA+tKnTVgwMSmOUAAZsliJaT3hKBfPLxcuasA1y1c0cCCfc+VopQ + FXx/gQKBgQCtsAaX+5MEe2KvELiVol+soyi57IdfW24yzQw3vAnhPYgw99q8lVH7 + QpqrwNPnvS62LZisI5ELqkRjKqinpMszuXRzBHPytoM3lWwML+Jtvfz41POIAK+z + PEI2NsZUVp10ZwZ/KuhcAeaJed43EPvyTyKJmtL8RFWJYtm6HbIkKw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-19 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEArdA3hVMLYwQ8kDRRZMNdCkue2f0015NnmPOqTSa5m/5NceHp + TEojrzN4MxwlugfrjKSUmt5NokUP0fY9fFAwI86MWd+xT1dg1DugEDORS7T/DmFH + QGZ5ZhNLJ+Xz/hAQd8xoUe1mCC6Z4EYjB37i+Ov0Ek28POk8hAH6sDEWdwP6op8i + DZwhEqgrdMikPSeEikxnZ5tQdPnPT17mYAyYIqLYYyDb7tFlokGc/BfDHX+ifDL2 + +tpnsDINk4AOdWkyU1UG5Zh8Z9m8rVo9C3O8R5vI5T/8lr1YMG6TfFCtnOQlOeac + wsA58rMbmP0hZSZW8Z3A184g4nB6CVmwXjVHmQIDAQABAoIBAGqW69VpDeyU5ocQ + bnG6lM4BfdL0wnkJPli/5MoXW2/cTaXvAmD0flms2KOPOVuSC9NeAnvOpBFFBOSf + eylHC56Jxew/j762OP0t64TD+vBQeLFa2pUVwpDkeAxpqm09cLvmsHq9ePq/iUHO + ASFRoONB35Vx8mPwLFpP1GpEUCB/XucIwwata2F5FLsrcC0dpUlkkAj3TlzgrSmq + qOAp2DEkvdG39Pt2jlwez/k78/tk5ZM63VCM0CQO0GMkcntLvL2tRa7TpRqJ1EMh + R5ZOJA+02+88BbYl6yZzzurEbKobkkqMWmYlLa+EjbWhxg/hV2kt8APFfWtcoj8b + ntfLUwECgYEA4UVzfuN/watxmCaG9GD/5dpust+h1HynLHfiOTx8SN8C6IckpqTS + 7Pp50i7yb9lvfNMKd7WdD/6to58LkNNyT9h4A2awFE3Q5y7Ly/GbnR1bz//NnipM + E6VxdKCtgs4EvWAE5I2+HtLUlfNsUq4NdJMSzF0FsK5dfvegbb6pG8kCgYEAxYXW + SEwcFExXuOX4Vk+DD7SBEToGnDZlTJfd/WR3gOqYY5g5q/YH8Bi1Yg6WycKPgqU+ + jvggbqg8n8EIfN60crHViibHxL35GHj0NocF+0dkWIStiakL6rblSfo6pLI1E4CP + ogzHlPKhOX0ox13i6Vwm5DaQ8AAiicQQie4MFVECgYEA1GirLXMPzKp+kquJRraL + s8zR4mHRcs0SyHBF5BgvTHrTgDOlkGgL5p2K7m+L84D/iaBo11Vswl8ulQBrZGSr + /bOr/fD+iDaTitjqGuQ3Cd9b6fVWiRNy5ndyUjkLQjJF79aw5lzsbp33C2kas58g + WtIuwHnZ2q2exRByueg0BlkCgYBFZG+TlqmGuAtZefF04Ro6Oj/dvXT1DGcqMXBb + xR/2unQvCRu5vgWr5AJVIKr41tF0JHmF4MYEGjayKS7CL7tVUASlNFqaU+NfJZ8m + SOlhDgPC1VniMvFs1DRZeP+BPNpIr7HGTJcRTOw3NjFNWT6OnUFMi57/sgxwOeFV + k7vLAQKBgQCzefkNjxN/NOBNeAVgPO9xbgNHiCsV8F3EpaII2jh3UYDaca2QlcQe + MDM2/Z+zO+luZWlemlYLk9Z6aSKpuTC9LOdarrzWrVn/WPs+SsUFffQolQMSTet4 + DFsv8tZ7J6u6p0QNVnp0Wio5INnOYLErTpsjo9ELAPh87gKJP7ePMA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAwl47DPZVsFP70E55VqXnP8SXzINwYpA5tbemj3l1OLb4x+Mk + F7llLY29VIcRwtGMSmiLU5z8S9eUcTxe54eEHRekYQ5s2iuTHWhAvV0zFeYrgaFE + xnk9d9HSk5sHAQw7euQxtkO+5GCzJEcggB9hpTO6vDBytsqFSuYGY4StscnUuK/A + dumdVmtwQkcZqpCer9LqCrQf/euDj51TB4Q3ZFCg7wN+M8VuNWUq50FMloDqVvmp + 2jtWEqIl2PbKYmtZMg+epmKTumsKPELMUMavCLRAvbRdC3Pnrvro1ayzKYUE3j/y + TZXEjMcarNtQdPvRBxzt4oNGuCj8bM/U6TSTPQIDAQABAoIBACtEiMao64hWGb9U + SMSWJ/VVESmwtMrsKjyehlB4DDU03gq5MKarWa+bVuNDMhv5Q86omSNi1fMYKW5P + rxzBWRKU2b3VVTv36Ubpl0fQQHgGhfbUbJf2E03iAotjPlroWzFPLRXS3OK/+AEC + aGS9F6KL8mzEKDUyvhtfO1raBUSHMqjeMwZXH0ZDtCVdeobF00/QpWl4JLpHiTd7 + YgmjIMCk1n6bZsPDCiDzTmpYsSBI3x/dxPwg0w9qG7yBIdJkIzjszJtl69TZYIVQ + MYltqlhMbnyqkn4Moq3iAkiDGs7M8UWkdWU89c8LVkyKTkQXDib8/NnNGUbK8g23 + AIq/Eq0CgYEAydSkgs2nSa9xF37Pq0ViWiZd7KoyyhCDoOT+NDm25DPGSoW8sxSG + LQmVmlGnKOV2QYUb5VAT4B3QvC64OW96uFuFNSKWv+9/j86z10Lwe0i4IvOZb4vu + WNQG5OXLkjL9dBRIS7/u83E1/b8bFW7PMMXdtRoQYd6QTP8PCK8/rScCgYEA9oja + KZhOP426PRcIvmPFUJkuJYqFiyixrm1nzTU01KQq9vH5HzBpdUmLzr5c7PGiR6oA + E11b2qyx6ZNG7j1cBorFNFMyr8EScdXLnxh8B5nkqL8DnzU9tLawI4xlYN9fDBWw + frVWd1Wy9L9GS+7UnwaZ0nwnPtXWXggv+VhogvsCgYEAiTnSDLllB32IqA/phKqt + P1wcuj/SPn7R8EAh8kJXbnshVCPv89Z9j/uXQxBHVlAFgnDNUbGLgfLjrD8btLlu + OBDJ1iHJW4CsO4uvzSlPNpNv1xvHdAcxLCYk9daj/ag7mYP8z7wU7GJJ8lfQQ1dO + +fteTbcF8nUPqbo1b5Mv+TsCgYEA6qHiqDW5OwlDF8MlYjYIY6X14mrMoF2xhWXA + pfAegMZh0bcHtyRXKfY+JhzMygFKxlPIUKXItv0nMjsmBbXGML+/4gXQtq7VRBwK + +DbQTFet5OAurUZ5nNVGG/8RuTm99v1phZ5GVbrtX7vvRnNeTp90pHveyhGwPLwk + FHaMuSMCgYEAwp8JVVI1wLceG8IaAPVOlRe+rImvByqcD4MKkAEO6CGZvOPzikTi + TZl5G6/VyhXem+KX+W39wk3gNWG8P8wJrRQVupM79SczYR/MDttkK+cfbYVqbVRI + I4VeyTFBygYABeY5kz8/mV344s8fqzsBid5Jjb6YI7SGwqRaISVlLN8= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAzlWVrjnSnTNnBDOalL/BGNWinKEeEu5L9kxIO9mfLQNnp8hV + Nn2W8GbWNLRTNOTR9Yor6zkx5cSeQaht582kvAmKT4/M/lFpvfpbs10pQbz/LGEf + jQW7nIEknyzTYt+4eizmUMYS6il3VNAc4oYGOn34iYWTXYn76/M6xU4SZEQRmbCF + Vo9swa/m5Ke1/kbpeCd/q6v2kip24TOt0z7e0PkGLhDY/fHnqwzSZ9bC24W9dNaa + To02EhvR2heHF/ZaCX2W+PF2RgIi1QYyRTqix0Pfwrp/qsYsDu31N9dNGXj3tV8B + QtvHPnC0rVu2J9kQO0QGGsgLVLLJChilI1jHQwIDAQABAoIBAAGJUZwCgjb5cwLs + /3GsG9v7e0J/UKIDdD1ZRBBuBmlnZRYyv6+wL7eKjH3H+fai3Y1eggU2X9C+Lg9/ + GZJoTZm42HbPM0+Re6AWhShIwU3kAmJqNrnuGP+JVqR4yPorgEwomW5wiyODO4g+ + JHjrVpCI75jWjcpchKu1G/LsKeblN24+px80EpuFesVaofIBTjt+MlMwuCcY+rXy + i8o6W00aRph4YYCWymSkfh4lQBL/EVidKLzo2MhZ3CwCMnL0TCxvb3UTfbfnbz4d + 4nB+OVfH3GJthpLLCn4Vybq+aJeHoTar62fSRBOoERF9nHdOhbzEVfVhmtUhTv5+ + CKxIkkECgYEA9VHl7fc8h/Ao+STekAbrUXwzPL02G1LdRRyxeHA2cCmOYgHJe/hY + Zx5MzYHG/FSaPlctwBXK/mvXQNeHq5gGH6IS8tGa1Pbc2CchSLh9GL7GA+KSK+tE + 2c910d//o7zcOauRSwQXrC5Y0TFzRQ3EJGtkbRnhq3U6TYkC7yxLvi0CgYEA11Ew + sa1iuxBupOsdc0Vj3M+p3XuNSHVD2jMP/FM35HIhW2NfgkiX8A9u1VnNj9cblEQ2 + 1PCVQ5x88qcW9iypV2WF+esJn4cyVFt3gXubAJaMdfQjmuzSe5/Ywoohc+LKhCzh + mxo3kakyyXyZxqcz2UywAQVTYIldI3pAHarbcS8CgYEA1GjSJmZhEe7++yJSVvC2 + xfo9PwUxmRz5m8LJY1f9usYwk2mqtF2G5dpVc8c/rPHwD7RaV6xG9F4Zpfo4bXoX + K0KhF4AniOgqtjnDVvzuzAM63thJ6h8uoU1BXbSO245GPOTxy7tCaAJFQvSHMy5F + O6eE7/Zt8JBzJ/lPAhofhw0CgYEAjzfp88UojtT3Q6tAA5R8QDvA+RldeHzHjTO5 + xlR0MPfZSDhpJveyWHNrfW4mVS73oT9eWXVNU5ObaKvLkiNS4FcfLoUv+XSr/YB5 + lR7qkxGQjETACiTMPH6uZ3gJmFOZ8SEJT2m43KJ2rZ67im9dBYUE7SjltKip0xdV + 3mXvYPECgYEAu9ZP2pvwe8wpE9J8948hD3HuaMoaZkQ2/eNWlo1Lr9faAVomCm7/ + EToupvUI9aAg9ZE9Oe5ZJq9IM0euUyAxcNgKAsjWxdYVxdnGmX6zO9oGlFYkuhEC + g1vMI1+pZUPg6u/KVxwjq0T2kUxlY5acYbg1pyrFVZ/26R4pElUF1ts= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAz3nmXK4+ehS731zGx3qfpIZbed1SpZTn3eGKRV7gXzzSku7F + pfkVEkfN+iLipaqFvOrqui02JO0Dyv5vgRVzog3KIbyoFD2tUSlN7i9YGZhPJnwP + 0VZgq79K9ptjqHE8+q0uBo/KiqnH87mVTEJkZ6sYr3KXBSHJt1FZokUoxIYP7PNf + ybOOQ+tDO6AYiU1NRSLcQc7pQPqXgOuDcCMOdnKeat7O9OVWcQGyNkVD3d5ws9HD + DUUozmHje2mBdTgEqyV8ZeHiuAM8dEmVTt+4a7xT9tjhelhfAIhwZGW32WhzVoId + AwQ7c/pTREPP9A7zfXBFupdlSI0vnwoXLMsRGwIDAQABAoIBAQCxt8AcOWDo36PC + A01+B0qB+liW/X7SuMcYJx5yp39X9NiG5aJFtiNXgkwsa/9qWrOuDCe+DAYqAR/T + nLhUgNSIxnkTBu+OTvqL3+6SDNnRKsb5tyExdmTeGMCUlqv51+2c6ATZuAeNWTse + SSRaqzAoIMXHW0eDLNsFfNhjiAwQsR4WVxro3Gt88u07jY9kyHJ9TQ2hfZDweUUS + JW0dDNaaWfRMsBWMLpMm3I9VOXm8/SROSAj2OdFg7dlCU2bkCToMUb8VGpNAijx/ + 4J5RLCIZgNmxeoPi/dy0eN84i51jcceZqae+WF5BbrtC71oGDqa7ZQarr3bKcDyG + GinTzuc5AoGBAN5qMQIXccU3Mxj1MVWoTRFaDEu6mS8zo0NT9ieAhrPPqCPxHEQB + sCxJXvm713y3PYJr40GNyLXbq5PM/Vb1fJ8UPZTGUnG/gqoSlVmNg6UOPujpKbKO + TUahko7JcmvR/xbgpZsB30CV530FkZPj8KyNqrYsQnYayt0SMLLe35GFAoGBAO7O + OxpF2UMnYs9IJfTtJB4auhGhrUI3k9F+m5tzA+WMJIlI0mgpvlA2fosIE4jtrQqh + WRG1+lLNy7Pf0P4dy4oxOfcNJlf4hKva1VznpnT+P7UqXhKXYOOUZ3vN7i9q43nX + GCUs8gL41Cly1xPGkS7oh/cBz5lQVuj0np6NiEofAoGBANnUcy8zOvAGQfs9mRXl + gaVu5f/9Py4lis7UGo9Rp5vP00NwT1ijtqGJMoWwXTn+VTW46Jg5fsvt2zskVzKl + t2ot7qoZGoHhKN3c2X0dxkMPkrmWMop4KGL2t4006uWChC0p08feq4Kbzl5557xK + UFsPXJSTAHyffPPLbvqgoaHpAoGANEvVhZtmSN6HNP2H0mtcTXts5A+T8bxaEra3 + PQOjBtH57laUPVtm4goNDEVogcQK8RkEeGxxtVB8G5gYHI5J1KmTGBc5Hmq+IyR5 + NS9FtLk5GmN81nVwMmZ9gw9F6fxudHA2SW3eUehMDgeoMhx6Dtu9aspqvBhr7/gi + BHbaMeECgYEAxC9bPwaZamG79d3zTPG8l51nQY7dW6Jn7WkLkiSMy29VGF29nSgh + kTTlQqWjjPBeIpUC4YTL2dB7PvkOFofGHwPox2xUTmi7U3SmsSRN1aBJRgQb+by3 + 9raGql1VFeUuHsZ5x2YA5b+an590U3OxDzkGDBOU2RdWy9ZLRC7Iox8= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA2RPKuABAbQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4a + KSftWM6U8+LMDHyT0p48BwCgdlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+ + f/OtmgbLtVXX1bkLfcM85YPTVTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4 + wo+pALsfes6Mm6ygM/n/+z1NUxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZk + zYqGNAZr/BZS8mgEGapcp4tF64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceH + lF2xYlK/tg0134IZMJ2CRl4XP439p+yN3H/bNQIDAQABAoIBAEcnj6lkm7mirkGC + XYx4sioaKx6zJeN9c9+xW1AH7aAvkEip4NVguxIDFRwkWVI2e5XsPCznbbGbVIM7 + zYzOE7aSP84JlT8gtwjNYo2IuA5oogwZ9somK99zHs7fxpHNyBB/MLTi0yD7fXoM + sxQ8XhcjFOrMg4EJNUsu27+/C5S+5SE5uffKE0H6VmeeyqteHZmPAimidQS2jwq/ + tHqDQ63QTMhZvac2b0szS4dDcr2/tmUSvlph6gaCmqy86QYwpuAPGmF6hADoQXAq + Y2aTIM+MiELXwrmQBaVRZ7JWyCIj2JEOltVoZMeNSDSWrJ2WYljxFC6iROFV9Vqj + PADko4ECgYEA7iF3LPLI0s7PeK2auhB5hH2azSJZ8qAtMgA/y6fjRt9+BPE3TcX6 + DxoaI0sbqpmkDDVXQgAIGxZAHIkM517PI4glxwxkZRnC8lBY4ijR5LP3cwYMIRym + mky2bV0DbnFNvzU+CXHonD1Psaw7zJYfadgFDaRVc9zQWDPXpd6avMUCgYEA6V3i + 7u5Cf5T6o3cfuhyyQCiHbv8QCPt97CIIUrubzVxgjFqr2G1CwzIOu9hQbSCHWqwL + rrHDeunC9aCQg34gboneE1KvpLGDjnOBCXBUGLTMnEbFHncw+TlGoBJUb56G0dHq + /5/PH/dABl2JOlSrvJT5QWrUO7aByogqqK/5a7ECgYAo/We3O/9nkiPSYQe+OXHB + ZaGM5/nVss60yagxlS+hFn1pul/LqmV1zgdrxdT4U8QSOehQOxMqHnVgtBKdjQtY + 0Wm3TqHFaV7OORhjraUbmgLhMMxLstPWwZexUY5yp1w7qp2IIKxqoH8kVUJh4AF+ + RanxBDWVYRAX7qyTJ7M5BQKBgF3T/+AtL9N4JOYAiWMdEpY1NW7tYpcZ9uEwNcR9 + 5gDFuZP1CM717zfoMoBYUs3tnD5amj/c/Um4H0j/C9uypHuNNxrxzekb7lciHamb + 3lQorXPQCIVdSvWJj9ngRM60IGTQT/oDWRXzJWzpwrkPPhWOmEEzIK35jWnPIce9 + KT2hAoGBAOgmzSvdvzdMcXeUGn0+AaT219vR1RBfpyk0/jkYVemWQosLSEQqbxgw + 1Th1Z0JO6277uIbi/BBqgWLhRjjQUIavKHnpoNzUa6pIRh9lNywX7vEbRnRTXpsV + t1XJYhUX/5XzT+6ANUCjYcNUeQi1OpUmg6UD724jcF+2naRBDLHF + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAtMEFupWKyrzQnR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoF + z/WY9OI/oMvvsr4am56CN+m1sSPOFrJji0+fkMuO94/QkLZEioBgzJb1icI58QIY + W8jWvoUYoxJPVNWE2tEm4081Bs4rG7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv0 + 7sVXLyIHelVEAlTu6Q6OH4rV0mzvHY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZc + MzjylQN2Svgt0TcgvzhTQOenfOkDe7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4 + sJP/T0KZ7MHs0gm7jQBL5+O0AZoWPZgjq03OJwIDAQABAoIBAQCGqsSU5bNZJuGa + HbplevFToB4hlMZs8rwaStMCU4WhyAPpDudDr+w8jo/vQeGc3wu945OLCsGGb3Gs + 8U0+zpzIaRBkGy69kj5wngMAinv3HdDDYdc6EuEDYvAfFpYqU0Y/LNJ3SlzsbBAr + /+nsyXukfMCR9JkWgDoq+68Ja/oCBxtw0rLxrLla5qaYCzNd9W07/je5nknaKkmU + h3UM6eUQBOUDEzX1bqYIUb2XMgdrmBGeZ2D0R/t6huc7qjfm1KXktQbrkWCUisXj + 00AtKHhIDOIemdb6rt4DBc6mZFcncTOq94+0IoYBm5T6bomngg+bgbwYxprrvVeF + 2SL9T6uZAoGBAMV+M2MV9Babhb43TsFSTfLe05xMAl/VkA0ODRJvAOayX0beWhyp + UQBbij+pDzIkt4ylPr4jTGv3yQLeORhZSKUnUc4pYfho2iaRP9/IoV5ChF99xJ2N + VUG8GSeYAsWWlBBzMBkpXy/CcX35HyytYhhq0XieyudlZC7XgVY5rKSLAoGBAOpN + V+JqB38F0EHoUT341SoeVbTV2FtEXGOQS4T3KzgVhNtJwiovHFfhTIwmC+R3ZP+K + d4bDm22o+dOwRMcEZ4eGSiY7fizWX08tvYrhsh+ZMPIhRB24m7RTBavBvSIKGOIX + w7xNUS9kNOrIY4ZWv3n/zCokxmGBHlyIG4GfWwRVAoGANEfNSKy2Ggn/pLQ1d/3W + vrV4JUcF1eLOKHaQxVF3Vprfl/4isrWryMFy3pldeXO411WjP2hOwcIth0HWsXhp + P7ch88aGteDj5xPKae5NsYtASZscomyYpjcqHY4jJbVP6u7jS7XlCdqaerOpKgWY + E0irvRekNQ9lLvVDutS3vDMCgYEAksBOw2lVuKGThzRTblVkbjUByXoHQWLX2ySN + qIKHd2FDDXZtPq6zOffLUhyiZj7B66x2oNnziAPGNmi5K03+6kuaNcgdh0fd+mHT + ziD+x/vTRFTBrTvrik5VxvZZ1/ArFbF8z3w91UkWO9e3PnUnCOrGnb7a4kdVFO/L + Cq0c/OECgYA3obLPD4vXhSmAUCUI0TD+CvA5gUUmk2k5Q3ZaDQsSBbfMPvpq7F5k + yPCPD68j8MPJ2vkr5j09gIvGpgMpRvpaH3QFH36wxcYiL2Q8IZEfy89kTDtrLNP7 + t4EfrgquO5hcsbfmxtu4xVyVrhRnejOUjoaVLB48bO9Fp9bQKFBUgw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAuPeKvd0k9+0Qt/NUFpmdWz7ztQAHLyQix9YDrcnXbNV8DiSa + Q/GTOvdnKLZgQXa10RXpA9s84fSxJO6nBN9PP6EjS38nIZMpybjb6wnqW5Dv/aOB + s1rswMkv7vFLtnQQNMGQu+W4t+9iSea2vrX/49z5QPZkYS0J+6GGmktfBZt8J1XK + ZYjYDsSD1OIRfEyafVJT1pARzXagnH3YwYuVvpaqcpICsnSIBi0QWr5zDXgfQQ5C + 89U1NJAPt8DwWV4hCzjgkzqz2DEBwuFSopNjCZDXX5bqgypJUP3aI59nYyEJ3PvG + 40KlQILIN05UmknnMItxwTuw+IqXHb7tOTbhQwIDAQABAoIBAEZ7ZW3179ldh4pg + +YDnJlQXx+wHx7UJ8wrtHVfC2wkIzI3jGrmbOzwz/CZCYKlxX9T9oV4r06ZShJIL + Mq+jnGIlt/pTyIh9uGW6wGpuy9P6hcjD3m+GzUKlJ1PItM4gqfBAdjNzVREZ8f0x + Ih/H4Gtmz8AWY6e37t7o7Q6se9f5giJIT37TMnct87AxAauIrOljP/WiuJCTFPZK + YwtXpP0ETNtrAdcJpgGPFsgsvgMpuLybVyjzXFaT1EBNjV0HdYLRSnikiyd3zlKr + lWyeOBw4IrF53ArZf7oRZtuMH6yjWQfNzdgXRvooPGy6lBhHJehpXgPZJuMp3ZN/ + zoy0ubECgYEAxhYrI+17haRa89tcnoLQk7qbqz3LBd9yS9Ep0E3eQPyx3kvuc2iK + 5e5CLDgNvaYDSTorUUuE+auDqJt4jyuPh5v/aRBECFVXrIPy2ey7dC4ynaPwH+8f + kYK3t0dsPBBk07RVfh//EmZ3Bh9LwnvT+xhXY/Mu8mQjp7vKbAMDTZkCgYEA7wtu + g79Hlgci/tFsFuI2BGw2m+BYkVWLzctInsF/A2sqrijAhC+0tNnLijXdWaCT/XWb + hvN6q0XMuZGZFvcpDzyocSV2oDwd8g/ULTLpA5xfamDaJNTqVDX2VRSnGKiOk8J/ + 02jZKBUXBKTj9n+7BdbpVFm9SoYqd3jcwKPdVzsCgYAHqLfGTdpm0nIJ18N/BYPX + EnIObvc4pOkgcVfyi/A6BwtBkyIHKFWmik3Ys9okKRUbcbpXDFp55N3UWR6SOpb0 + IV4Ay/Y1dEdNjlSHhJXC6j5exgX01iQcVjeQSJywvdmILgLYO5h7N6cGf5NIU81g + ehJ29OIt0R1n0OUExCEOkQKBgFr/Sw60Hhgql1PRfQgpDM8aMp+cA5svqYypufdV + SXiPryulL8QiNPQzhJwUbTLVQgDWaGIzBZt1cr2hg1mOtP6r5KNN056jw/KFvAuI + udM6D8h7Hg+vTZTJBgDVX9avM7dj7y0XWLM9dAm8i1smvJc4fJIzpy9ba4cXZ1Ge + D4BJAoGBALYT9u2Rk7bNEoJbInZhmtqd9kyO+PBPzLA/ZOzzafIMQM59xJwy4Cui + vqA7EHvYJSAXP0CiUxP+X0MITbGTyCzR48fiFi8sY1C+MQaOO06IFapxtQda9r7Z + 2NfJxVxgMFh9Y0a8nCGT92BlNs/Mn5Zo378Y80Rra0av/69w6HNF + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAn6CZw9xwsNzdud2OVb8Ixgwe5OiS0mgBKU3bo3bn/v16X3dy + vBs93Ar7IPegW64SOaeDzDG+yR79dObL8HAc8jRCGgnJgyfVqsABanZSyzZXmQmo + vn8lLPWW1yAF9/mWTduEs4YnFsSDIoD3Ptc9W3OYL1BetSlUTYXIHI7Y8wS/01cC + GPFTZZ/xKY2N9sdoFohsKTZuyWWtbMb4ysAIx7ogtEnBCZRz5LoL6JutN2swsM2H + BqKFxPom9YxWnnFiXNG5623abzvrWT9oppswqkEeE7NYD+BiNOYRb2OQYlezEl/d + 0RUJGTpJLFN1oNWu953+tonATz0GiuL9G2TwfQIDAQABAoIBADH5EEpd57Wm349B + ij7T2IZP4xgcq2JNhxeMNVeecRDGABqFBZlYGeyaT3ZJr50kCLad98fkRusl1YlU + e8IhBx7YN115dOmnfd+/znGq606NC61wdbB1k4jYtclRUC0KqQBk2c1uESyyhq81 + mrHEpoPL03f0fEHQ14CRgk1WdxrVAiwjfCiX90WI2GEdpIOsjvR9r6ZAzm0HSFY+ + qBSaF593Uo0wmthS1YO/gnRdHQv3XtCxbj0HuQ0/8Mjd9aeNvTBGfkZtL38J84qk + IAiKWcoqIEPMePFaYiZQDSG7EmbrWTwj48qqSSNav50xo5mrglmWb+j/BAsKfwAn + 87E1F00CgYEA0DkaqkU3/aOsL56KCWQ2f623gfisZ7EMSdinbA7cGtpPqbwmZxpi + 66n8TiugpQoetNHSDvkake5oUOT8DzCPfJZ3cCLLOnIHuWS3Ni74LK8/fYZvT6gs + eRHicj8YWfCps8VcZvsAme3LQPfQS+uE9M4M3GPElDmdUGF4Jt9/Y/cCgYEAxEED + gSn0QVaYPCWiVecjKSeDdykiZNpQnN5W2ITQDM1ZeF9zEcDOacooIkh75N1gHRdq + LqrMJAn25ARTjqTnMPOJm7yWuPDyCExNeEU5Gk8H1egHsfBAg0yvtJPmF/yYJbZ7 + 4o9IIX1P7Rei6HwXpIATZ64bKpYijLdMkYTEiisCgYAsmE5RsUlwlSFHgZjmsgPK + DJaEy5GBE7YiCriwt+4EAkWVgKpo4onVFy7mPwnEzwoMh/OJKWi7YGgPCzvAtRHG + CSPDbHBCMDHfTua+QAj+6PmcFLK6SLZdp6rr9P9uI9D0o4xKse9LCFbDr095MxPi + qk6u1N9BL6W1lWp6SNuruQKBgQC/dCU1FnagXxf4ZUZuwyP7+/42ezyAYrINtqHG + bBqCwrmrwoIBKbS0Y3CvsUKcTJJ9DuCZUioAZnAilU3mdFzN1mfCNEJdfUDAc5+H + 2xAP6FVeihMntZdZ/6/RXA82C0dqUxGcPedCNHuKcmqMnrJ52jAUDzeVXg2qdQ8P + TxRlLQKBgQCJ33OZGG0TgPcSW3gbYD9prbsJND/jiaaV12cXYLpeUT2uNMPEBFse + /ywgQZ5MObDclpYMih9sMRYU3PXtt/uWgSbWHFyzIZe4wzRDvr+pTNztI3+W5CWF + alT7i5sKrAnaD5xG6bNlX4soA5gHXlBVLbkpnVGTCWk3wqbK9HQN1A== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAv+w6qElJ+K4JAOcfd86igVl8AONU8BIeZGMWq47AK3sLxGJx + 87jMkjeGg3xEGJ4BvQ1/OqOjmvxvfpPMcRQFZqDEE3Mzr+lZ/po5+5kPqNlz0LN5 + AU7yx0f1gf/mLVOwSh3te2/cEKVVeau0fDKtt8AdTe+FLAfsklINPQD9ycwsoq66 + qJQEhdFOuJGRlgNOTiHkqF+4xw7+gChPUTs+WfRTUknC3nQHYt8dPLRHY/Eqb6Cr + lw7+1iD252qGIKMlIHl8/FmFDtNM/BBmmg5xeQsAqvu9bGS5M4rOB3Yqo7FhUeDw + rJJcYcSbB6Z1U7mffT0F125Wpmi2bssfxdmMMQIDAQABAoIBAQC6GdoDJxX4cuG+ + I19rME55uQi6X7YUGK2p0D/CWWjUgLs3UfKHT5Hm0rq3sv7hFA5BgN33QYg6mD+Q + 8MZUfAKEsq2O4q2jDVa7wFcrNg9uPnXEUNOsRh66yHcy+K39E+Kk7AJFKIGvDnMk + yS/5Irc6r6p60SBEQubON4wotFZjns3iVPOQaXbtPXHbDH0PVGi1/Rx2Zo/8VHap + 6FvhekXwy26J8xwdAN7AD+5VpwKTbS6Ef+QJpr6gCp+l7FEFLkAiGidUkGx87fba + 0hOSnuqSH3jE6b613OCztFbFGhfU/UL3wn9d1PQueHu2CPkWhq2ex+6MuScnWMnm + Qx4wPW4lAoGBAPEL9RSp5JqpOZykxI/40Mhtik2iXcQzGvH0M5vz4CrCp93CyQnA + EHEajAw9F9F7YX4cz9osDCUAdZNlY6F5IYUboEFkb+UAHidt+LCSl2CR/+Fx88TG + W9+6Wndyx5Z+ihM9ZWTxiBWv0gYkTQGJYFzt7gw8xdkDhXD2RvjiiDmTAoGBAMvU + I3yV6i+zdhMFxL9nehdUJaxiSjLs/KdXDAOGtegsOw4kaui96ckkJI2T+rUzYaYn + PjX00bIG6E+umN6+H+lHHEBXCVIDmoIB5Z7Y1aTL6oZR2yQQZ+KMCJBj8Wr/tIxq + Sha7m1q9GHGUygFE+D5mkTNLyqXgu1hT01oq+u2rAoGABqGolW/zHRoovpl92uQi + glEZK/eakspBJITuYoz8DtEaIyy3sS/6g9ISJkgL/rRhQ0HxqfPqRZ5UncB9VDTr + 6iiPaR0lQuyU58rLu7fcuEhr/LzQ0woN/wK2eHDM8uP6Unsu7e8DKm2S3p5jC/bG + kufs06NcYhMJucjcvP4md0cCgYA763crLt8TesxhNzbplb/cj84raRGq+uQjRYGw + n69mO2p489fB5+KMUOW2ASSYlCxGrg6pyfjDPyiYFBm4kWfMKi1x9KQ2yfxn76rT + EadstM2TAwlLBs+jV8tEtzzHWbh39t8k46399Mz0xurDiMT5gyl4TPWb4f7xLmNZ + hH0T1QKBgQCrH2f+Ezv13tOCKuVJcbAql9aKZiXy9dgyrNDZIjwEgbFAhND4gqg8 + EnA+/jC33ti87GI6QmXylvGCbANuE9Q/jA2unWutHcYewzoatC9PLWKfw2r1IhB+ + 9aEaz+5+vlfdV4eVo1wO8yR/WRQH96ZIhclirVUGn/OUTid0vq3YvA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAwNtoLXFPSdhYnDbtaXokXiXyMKMiTQyndp0IUD5/VqyrQobA + WMgoHMbMDk0jJBISPVvo9cQ3WvdjxdE+UdkfcK1H99B76j2LO7etLd0OYjhNVy44 + ePAoO7mMBBs0ia62jneNubXtOZMVd4wDNK+WYGKbVDarlwKifc5OMAQFhq5HYdiB + ULi2I4suzMkVgQt+M/73vUQoruZj3uePwVEf1JnRXhq96q/LAIaqCrZgJfwpG65B + x8nQDRyhjt6LgVXQcHozz9P+Y8B6XiO7MzbIsErepEBYTiNL5Q4/xYI0iYICG96g + 1vE0ng4qBeo/APUAcvja9zWzu6OzsPR2VbiT+wIDAQABAoIBAGEjoluRQTCeyjMU + 74w7O2o4jr60zKgmgYsbGX7hm94aZsDBgsy1NI8aCtoBPHwEpi9FxhdUV9V32kdf + V5Z+WHm2rhNCbcfUa/cOUypQt9f9J+eLnmI8BOfgU4gV8+aNm+Iyka5C1lQzo5Jt + cYfuET5HLJnEV7VeXF4ltfg1blshONFdol2jgxXDFoOuImIMfjKwfU6OYcWe0oD0 + 30DZMnHOj1Pn2Z8LGHEZwWtad16FZo1PDFZMoBMucpdgBM+TyiQS5LT61wkFlb2z + VLyUzu+kyfnJbR84lH7e5O6nEbCE1yTn3hNlPlXSfOEYX/n/VVcwXw39/MWxuHoj + 1gfAjfECgYEA79bw8yhVDhGuE98Z7brRjMBMgUByBRpUcLq306/LaT+0PDrO2Z45 + D96RhJIUDVjaZ9SU+5gKg+dYAgJa+3ZSnunOeI/iRYzrEROplsXFkRcfRntekttQ + o8Vk0RiCSuWSwzGRJdrqiBBA/vCpCMMfLyreNHcBMGYxqAqS7V1Y3WUCgYEAzdoN + A99KGu4oREX67GYd5fsFPf2LZK19pUfVlhXkjLIUZlrQkmWF63I5ACT8sn49Xuui + /oSNCmptxDeK/aCjG8AdD20NWJUYdQHBfKrKJHB9Duc7FsPKLLoOv4UPa6L7+4JA + Liq7usjECu7fRUSuQWcUqVYeAF2xd2bw2aydxd8CgYBjU0ukF87pra6+8gUl69l+ + heDpIkxWCqpvqRQaKdJ+uvAkhWJGw3z0MoNnOKvvPx3sJCCy9StdpwBOjLUrMLxU + rZVhXo0hqpNrFg6Er1D7nmzIXq0y+nqx6DyxT4oeBGc8SRnIaJn6UWjpa7dFNrGC + cill5ubqKVhlNEPW43K69QKBgFSzQeOz/rPyBpOBD+wxYF/+13tYVgDI+ggF9LZa + r73MkGRFPcjfCSmFyDps/aUcGHh0EI8VT0tX225/RCtz62lBtTNhtbobLwMGA+0e + ASrZNjvpnQCS8x9QNz1KrLunRnOIdowIfVIvxaqR+0BvMBwtI+1BR/ryklEFBFks + k4aVAoGBAJXtXsza1imjQrwn4bmBs9eadcdnFr1fuukzoRJi0PK6TQiek6Zf0SGN + XMZO+HMUuSnWAHapxOX73t+/qHrfisQta54zjsTQfjNJ22RLucBZ5VyUiWsullGf + vZIcMtRevKUaFccBzwjry+FzJPzPHPtDiH07qBqjkHdOgqW4YxEv + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEApD2DU1DArQK4PKOQHzfr+/81s+qoss/0+GFLD1nvCDSZvyjQ + 2YcAq1UASatCqaTBbnInmmshwJES2WYh690ApMS2CQS3q0vQcaH0XqD4v1km8/lA + XFTwr/EO8ocGz54lh8e6aUyk+TznYgq1E9xWxzo/WCjs4GIf31leeUicG02sbU6N + ADw3W6z56Y4Th2Wcvjw9fqvJ5tCeBD3cPbvv4gW14E/82DOPFrj7gxeF8BznQ9IK + qxLxncM0CtnKsqgkJZYaqdQ2z6E10D0ytCxLenLgg/GINrXyDdAFpLUX6TZQMmI7 + k+rOj7IOFCgaPDaS9rG7RPonTyS2/bMIHt3k+wIDAQABAoIBAH0n1uxla/4rRWQI + LCpt/elRKIZK+nUQnZes5Hr1SH6TPtn563ToOK1XH9oDpNALmc9lNCKrItRQePGr + r4vCJNxqfmFO8/uX0WbWSJbXydZexJ1EQjRaEfOxGXfdR2ZtGCJpI/dcDZdUPupq + SGSzEnnNPDodLa0reShFPQXlO/hdNtUDNqDyml5FL21AHbJB6FQav2T/g2FCDT/2 + h4ocpTxmZb7mB3DoxVJ5Nt6GtXFjpSExaCHUNkh/yxO6d2aeW2zcqr1RJEaGswsU + FncCr566P9FOsLuw+UyLRpl1n0ToCmbw0f+bhb+YuXhrjjvDG8t9P+peG1QakOgF + oODHV1ECgYEAzheOH+BLbbDguNJur2B4TwOSQtuYB0k0lMoIKXUfuQhAaLIDwaKv + 2SnuRru+tkkbrtrIvVg9W2lE6yj04s7oBPxtD2HXGUN9Ne0thykl8L3n8T+/GPrq + 01Pj6hGK8M3dkq5mYkaXesdVTH6ZhxlfTiylVblR6MqVGRxkd0MODWMCgYEAzANo + FfXqgblGr7VN+M45BHpU6OMGbji4trP67PdT/IgIWXYayJ8lWWIWpEYu0ubauJfV + m/tI5tl624fmAduXTtJYWBr6PeZNhdOdohsCdzWmwttI4ZqgeKpOLwTySQx+sSWB + Ivyfmd7aXqKmEweFvb2NBxRdGl96zg6L8heyyYkCgYAEHcpT7qnzBe5nIqTdUeL1 + SQ/5z+MIejjXo/VnxpQcoQKQVMXobzRt9P1yYjub7nfkFTCfP4zyL3cV71p80T8n + IleXUA/4zDVLB3K6WWMNnO1uDyTk/dYE5I8P1MvepW4AiQU4f0p1RFf60CiG30Xd + DN08ihgNu0YhG0UScL9uGwKBgQCKl3HZIVMqxxue99K9SBLx2Mzf3IIc1ImfDEtV + OXujnSHW7GWrjnmH7Bung0oB2fQR3IuvSBixQmK0yfBVqMB0Om7rg4AmFtLpK+X1 + HtYg96CO1PsAz9NdxYwRYxHY0BUs8GZ2xxkBJaRBD8s0ODMBv8gTXCEXbm91leo6 + DyFUyQKBgQDAW8r4Mp7x/i/nlgAGhBNIgvkvOA9NdVPIY86ZTrXGs9xif+puPFGH + mhFuolJyZI/Yvl54t4apy/Y319CV46L8oOedRD9H85rYtojXJXzUbu04MQeEDTfF + Sdxqg0YKbhU7SYHMQu9yRfynUkBJ6XC7mn6ZJ0yDwLUguDJhLPPuMQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TDLyjizuRy + zyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0VWHfa9fv + ag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+J4OuLLCh + Et7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDiXiw2tk61 + yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8firAtDlkP + 3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABAoIBAAR9fDRgiLXGH98I + R6ext5pRYFHA/iqgqXpJoYDXvmA2txfc16POF4MHIJfvdi/Lj5Uzhde3OhSKUykB + LILTJx73b8h95T7droIFdnpgmsUx46chmgfvVpAyOzmcmW0EUzUcmpEIoNRJd22U + pE0NY2rGzMk0tI0ZLj9AvUzf3VWXy3OWl9v0y0XrGUEcdMwWP2MuUWI0yTh+GbVX + G+dtrPdN4spR3+NgrSb5pcrgM5UsD/u2fDOfqd5u/piL5d6adb55csTnTXUj98LJ + rEUyH8X/lu+yEIQKdUgdyftvS42VQmMhhqCLT0bFjW91LDECjRgh8IjuMn8zjQJQ + U990mlkCgYEAwymfVcriPr0X7od0Rg8bhgvj4Qqo//S2nimf0A8UPbHeYePQHq6z + zSw70m1qh6HS80gLrf1IxYyo3kmlaTIh+CxMwAx23VaCRNSwIb4Eq7gjXd9aXB9B + +G5Ig4QaL1jzI5RW5/nYA5D79nfYelR2/Nw9RzGtSZlY1eCigOU3HwsCgYEA4mVo + KWpsQ4DWdhOmv97GzOSIX2kO/omG0ubuX0ASsWxp/82Lm5GmsrOGcbLdoiZBXePo + De7mtCQGq+kSbghvAJpSvxbuVrR7cwDOHt/lVkV/YfGe118xGzfg0OQo/nn8tCJ8 + aVcyCBRexPmUhMbbJ/4f8StIT9dCUmBvvFpVQd0CgYEAifXKZONeu+sAF+Y5E61q + T3/oPxVCEm3zCityhamjLVmnUpuwa4AkKk2ynDYssGR8su2jFAOQhdXBKiH1hD+k + M8NdHgWxoRWeUPno6HFi6+DnX1yci7Ks9+k96Xpg6EeA2Q3rwWCkiyDafIiLxy4e + TvGBf+pmDTkRy19YgLWIGbECgYBw6NxLE32NKPtMhj56oLOLSkrNMss8nQA1vOCT + dpQcEpLG9g8zdi+qHijmGau5i9S768c287fxjaoaILKFWAVsSosMLHaPnZGX6IXk + Fgv9u8ls4qEyjpIiHfssky3yxIoImM5thwQ3zVj6afLtSXPRfUcW81wsHZJBHUF8 + sZylrQKBgQCm/64/562C4cHumLeGA2QsXr18E9jWbRrTVtzrNNBU7RpSbZpBLdDr + bGl4S4c2VKCDj1HK7doFQ3Ko+jeJEiCwbW3Sj9CP8zDSPJb4BZV6cgw+1nzyXtjT + el0b75sbT4J2n5DZHR14Tos6vX4QDHCsrCRclh/9vdqouW8XyJ3I+g== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5duX2fa5VM2nVn9xxt + +0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXXs0xhmkT9Cw41ca7k + aK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/zHLUMeH2CS7jwxcD + AQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5gLmtYKAn6KTrDb4t + RVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS89/lCZM16e2A7e+u + sJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABAoIBAQCxt4/xF5lnUxgm + z0S4NkwsDfvlpZkNXxGNcPTQKhwzRkIhRGvfy+VxLhMl+jaRYVvg10WBAt0XT+ly + FyC5JIHUDD4bxfSgtapEHJhFc/rhDzLYxerAktjTsrywyN6jp3aKA1nH060eufkh + rscgLD48Lat6FoelkfkQtcnnQZBjulNelaHZ/poAcb4bONNpoISUeo3H6UUEhfO1 + ezl1TrCew4JkRupHA3b30MFA16Jrt04TfHjCCP5kPJOp9nPOzn9kbjqFo/Omol1j + ZgNpXxfX51GWsFPqj3szJWp3Y7u/7/dN75LeRKRSO7W6/lDjWHcJoiWOqReRdgOf + qONF8k41AoGBAOyugjyUMF+FXiFnPEze6/mzTGqoi1+czHdsFEgDw//R5AV8SVqj + smJSIEUpd+NsGZqaoQJo7vO7Whm3AykWArRVUnn2F+eTH+UJKBNh6HYM674KbADX + kKXrzS35HEWH+2qol8/+G47IXajBupYrdPLZ/BGztNxq6bsbSmyc9my/AoGBAP9J + stNS5AtwjkfzFAjp0T+S1xLfTS9ajeXwQvW1INNg5ZPDXlrrkw1B+MSbMXwblicN + b7QLDYye3wCquKlxfjv9jFsVHRz9ZPRmsIW+eBYUcJrkm8dklaGbLH67RTK3BBEF + eOa+iCwFvtq/bGXFywoOG2TekbsHg1T3BhI6DjXjAoGBALCCGFhrP4QNJz0MC3lc + imlm4OduGLrOaeHp9VobjNE8y6uXm/D/wan3i19o5KLzXEjjZo4wiXu1TiV9Sdsb + Mhsgwmh4Mi2emBur73o8+ysGycypYxBhsts6doMBk6b7GXHal5Ui8ZRTMx4GlEsn + z4jJLmZZOdlj1jmWybMkf9ZrAoGBAM5Y1sfDj3rDru3vSDlwLWeynE+v2Sa2jk3W + 53jNwEu7XbYTS7g4BDPKKHdabiQ/9B162dhwurH4VI6ob/zeNMfuyL1ykoa1Nx3p + xzND4rMOMHqy4EvKPLxUviFt45/7mLjdcH0qcs0Kk9sisU6OEvD8uB3PXYIMr5ZE + 2U5wSL47AoGAS70CpQdWI+Er76oDZY0UWEaSbbECf9WRsI2WxsWjL1cuqbSCUFNO + mw4iQ5swS2e6YyTCI6FdxNh3d/3g99v/txN1upaLP96I/GhsaMhycgqu6LDNI3ci + OJZb3lkvlQmxDYCoZa/5uMV+TWq01oy6syRRk7IEek77KeXjaidTu8o= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-11-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5ERkxbMkn99HLAuBFc + y9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMhDCMkjWPbr2Qt8R9S + gZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRjUT3EipdpFj8SzC5L + e7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV6d+s6TEyASordstT + 4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42eWA8ubiiFcTv6DD24 + JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABAoIBADMT6pcAa/DUYR2/ + DDFv2XvzOMjDBHaBe620ZCfwBq2uyXPtMCoyLynmtMNih5k5wjvdp9gj0tbKDVc6 + VWzExFBqmv90AL0H0ZA1a2jA1laUkZwpdpY6+v84zrXsHcLFDUAJtRufRKBeHAV/ + JQ/he1BZ4yhAbBkUAI2UFFegIppLuzI2IluRahVbg2GC37o4PoNiqDZJ97+XHD06 + 8UQSogwjHr17f5euAtUYSkfJGQzQvk7Vzyn4ypMNk7MjWrQfq0CdFdU2f83/PnsJ + 0TsxBEYtEqU7FpfX7JmEN6C60cnqATMH9UWMMPqQ3jlD4pgJ5wPxDB9v2B+MEvgf + +gukVZECgYEA0TDxYYaAYJ27rOEhk8KNikUfonrEuNm5fm6pf3m3/5h7489EZmrE + SoNieVt/rA91oJv4KpKBf68G9684cYeUGLMBuK5rdX+buX7HhWH/z0VDwfQ0WS4W + QR7w2iQPN/qRPECO3pO+M1J0q8L8JwsbyH41ac6pfMZtA4Frr93ycYMCgYEA87IP + rM11Y6oS7f04JB+em7gXkccT3LNvom1QtvPd1swx8AmuNl85VTTLfPTNrye9sXOZ + x0SxHt6yGhWwa17L9QC4R/xJ+CY1IKYQFY2k0253Pk2TRoMl+TUV58iNy/mjx63B + bLjsTazm9459jfdiJLIYT1SHbbp90g+snbjzktUCgYBn/M5gzn2OiZo7jAYm73Vw + oH/jQuf7g6+j29rCFX2TvvcG/Ydg6f39lGYlMYi7vUuZtS6d6woYsKbkBOQn+19x + D7rxVTLxy6dbhFwmP9rr6+CMz5oeIrzJTlon9fjiuNnte6IJnqPT209H+rthpTIA + bkya9jJmZjTWo0UmvUvBhQKBgFYJjaMyvrk7OIexmPqX90V/D0M2h/qpl0Y/Vfnh + y3akjRT0Nf+YSwOcKiOpwlyOqVhXOfmydN4zPaob8jdWNqf/YxB3MB5eTu+B8bfK + VGEZZRwoA1EnyGZdqag1lGppbrt2yw15lGQwITNRqV5P8uSFxDNt4oqJBxb81bKx + s70pAoGAWp9hgP3+dawp7WedJmu+j7WRQ2QsS/vm09Vq1Q46BaEBlFbDYCb1Av0R + CtKbPdTCeG0+uK8EvAVFEoxdrv0pYSJz1/o2zeFW8UVj6b1B1IbKLxzp4+gdQ9lJ + 65VAekhHfknCYBSqL44yFNSjGWVxG2FFUMUzgZgxL5xv4SNjxQ4= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-12-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1zLIjpz0UmJcNKXFjO + /2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZiceF7GcEIcT16vbHv + 6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oPe8RoKniMrQz7Z2OY + 0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4cGTdS4rKCgdqxPZs + VwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6uds3V0o4bdE9SMSQoG + BRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABAoIBAE123zenw3emRmeQ + 73cvder28hz+Mxx8dFve2zX9LP3wbpwQlgknwVqhWhY7P0T6SPoP1A+9It6tNEsH + /LgGih53U3Sd8geLVgxXB9Y9XAaAn2beDYKc/QMN+QADJ8/CJ10cgBjgkIlSuEPT + +NTotjp+55q/Qbo1R2elUJ0NztJuFwzQX6OSqz2PBmRRIdZGJwojHvfKNimgfl04 + dEwt5afFpLBa0SuNqjSSEhO1Z4u7OYMwfq4SqeDsp0/DC4d0kIFe7q3NTNT9Advo + mJLycCtkgGMGqAC6FUXBnpukLCXNsc2+SHNk36zCI84ammxPSZnK3oI+f+Fr9N8T + mygtZeUCgYEAyv3ZLf29z6tQD8URXYOtRI2c72iR4PeRTP1URG5/KDt3UBhGP+NZ + dtR0z9OqdLfUu6JzNOmM3vshlmxsk2R4NrSBMyxM4sOaxVGsT9DjhEfe5XqjQ7UZ + s7VtX4RiuYSVAblsk0+mepmCSGYvrFVpd7SGFcCjgtzH6EljKW3Cnm8CgYEA10LW + 9L3h4dK2f7ZqyUPu54WxJd+QtNZbeBlgxddTMpQ95cW0qBrg9S/mQI/MwAEn44XA + gjE+kD255xj9opxT4nRqaZ6llW+zAPhMIGiZLHXuGlNNwopRwcgOvcH2g8CaPL/U + wWOEjd+uvtvV3XxV8a6o3ft8wVRY3wswbqL6wsMCgYEAthv0ukD5B5Tud6dZg+a9 + DFJrp5DNxuDzdvmSnu3un/5xdObCJ1DkkynZPhXrx1igvlDoQGECo4zzPgs5gSXS + f2mCu5ETzSCk+j7icpy5cJQ10PQsAnM3grTSUa3oD/103J4oXSRI+5Y6fo9GV7os + q1rGLD+tsZo2shscni89OXsCgYBbvqUXEobfVItryzegKE/+ZUCnP63RJTs+6LIS + ID/ZYs0uzSC+NRaD6bJc+ezuOI/jrPHri0l6+JPvJvuS/sXR0oQ4F+HC2yST2T+4 + 4FvIU0rz9WVC8Oj/imCeB7klVkVmduwasGuifB9iQRfZmlCW/TYDxlfZnjVyerZd + sSDnOQKBgF2z6Loc+I01D5TjD2MH2BwR/e0P4cuse1o67CZhLXcRSR5cHb5LdpBr + 6VFODs9DAi6jjUoQqWAih3+kaTJwjpqHO6DdZJeNEzq1wxOSvM3TK9rg3a7ViUZP + sjLpQkKYtviHru/142X6p4SHsho1/S5DU/nj1pYyjgReez/fevCc + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-13-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o315a63jSqpl/ZtpMQ + VamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3chY3KtJVnhLwZeT9 + IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DCjTymd2kaupM7HT2c + dBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBWbsNE3Ffxf4xlGNDH + te2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3zMET2NbBOgMpGR1c + oNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABAoIBAF27bz4Wf3NHF3Cd + IVEqd4IpvBuPZS3CVAL3NYTKVbp4dtsMz7Dzl2xavXNfkA3UZHNemVMvBWiZtrk9 + 1G02f9dEMUkgJXljoBljtgfVKjFXjBcmfmE99LZqkwPImquF2Y8Ohw1LLrp8WotM + B0RN9zLJ5G+0QGEIf6v4jT2EPAam42AgWbGXZNX0hU8LA2C5m0kG2i6pbxWIYCG3 + JQDrqoc4wV/f7wsjXxEPVxi1GCK2nTUTThStDm27/N6IluR7E/S88wqZfuvUmAYk + j7sTNVA5PXPO0t8quOEh/wcrQZXh4GNlcqAubo53qXBoM4teKehDBEhpoCIXui+s + w5MeuYUCgYEAwsieNo/dQmZzNGt8Oje/Kqqay105791CPqpxkTsL349JkxzRnv5M + oOMqmOduvHjXLBDWcignRc6b+biIHtGZO89loWvkhJVG3mZhpy4vmSIWBfUWSyxp + Gdeiyq+QrCbvMATZxsGa1NAw9w7xvVVw1BT0vP2dpz/uiH+w76tYWtsCgYEA0Sy3 + Q3Epu3lVQLdziZQhMPfRtbFBlPnyPZ4kyW/pz4OEPVAbTy0UyHqHI/5vJc/siGtW + ikUoyWYs9Se8MK7nll0LpYOJlTMfOWx7zaExEKW0XtZ1YfM8dEVJsE+aFhoGpW0u + qMjAMU1kAfA7IrufljsiS9m1xEZmKd+DfJnmFwMCgYAeeR5vcNBvy/FoGQzFWuVY + enpfKIWg5h+wCCBeVTuFTTh4gIC2/Bfm78NBSqvDZrBbH4M9NtT2Ed3LEriRAb+U + YN0IhQWqTGRa9O+AJTSjI3cIlZBYUGlc9qRsS0058ZloDMo5Ux6y/qM6c6cUNOLC + +0hSrObWPKVHy5pV1JutEwKBgQCcUsC7RE0d8HWIIhHUlcGgaPRuxwPuJEWnSxLP + ADZKgU1IzR87ssM/eGKawcGrDpME+ML6Hul2akfbB1EbSPuGYg8cKQufV09UiQCV + EowqlswPvFKJW1CozEdf3n2XWufwpYIjXbRUpDPDRxfKw1Fm4takvRWck8gyLvqD + GjjcpQKBgQCVYXNaCfBbRTi+MoUoYHW7qWfSNnkdjghYXBvPRWc2dmusaK470FQC + qZ47j7WBcpbN5gsMJrYt4+/nS1Vae9HQg8YxB488hDmi3zae/g7jNI8vyIyt5BoB + lewcKaGmZ5saAYxSyBP1s/t8W7L/7f369ZL7Qr6XFGMocfc6eP36pw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-14-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA0pU7YYKa3dcHpGZGg1yKzYHt8METRU23ovOU3By4Nx5Zgi+C + b4s2S+y5lBBszoDYnmrxLCt0hV7/8Atqg8cZCDt1KVGEAKkMTi87YjVs3bFNjevi + Nt2IToCsnpXAe5cVl7O1TzKz+XGtuiuDwePh5TJXWv+n8cXuvbPOmcU3ay+KZ2Xa + 9OAUxv+/idEmXsipOTFCySC2mOGxz8C8TwlKrmmjQkm9bDdjsgCzqP+7opGXemeP + TZGNvAW9vpWcWebUVi5hcrJtta4iTpFNyl6M3H6V2qeK92T7rjX1snDi1i1+VP5K + oLghqpX7a5XdJcSf8PrHNTcFXk2HdHStG+5I0wIDAQABAoIBAGkSRPq2bAdcj1ec + IHrS5f78YXjLHY5q5MHNv+zD97ao0gh/JBn74C+qAj66o0+2Ql9pBMUBObaCXDmt + uIvf/8F3yVHAdpjNwHISZxLtjVBgc03o8IpnpudklLzcA5qnHAMBi+nkZqCD9Cb8 + J1XLGp99qtCg129vT1wgJ2naWXiE6+p435tSzPETJePYILCJJRAlmHiulrTZhU41 + 2QbAwL2rHOnHzc8jsEQS6drY4K8F93KnCBq16wy0/S4wHwYKNWono95cL2ShQwnl + /f+b3FN6w1HLhxI1Ph0fC9lGXE4dBoFT1i++RR5gI7qzmVT5MJu6DW4w0fiH5TkR + CzSN3iECgYEA2lqhYaxvb3xpBeTUtANU5+DQ+I5SScbrinGorWtVmMZrhjMdBE76 + rAPVrpXjQTXg/SOwzKXs+4iZJ+p/5gMeaNULgDcLRd4JpjkE57XXKVnuwnP1vixc + y/FjwGNsT69UqD6jBLqRSwcvQfMxhPpiW36V4X+TyEa78Mg5j+vcSwcCgYEA9uOd + CCv0suoTReGAj3mYGXSZ96JfUwVhA9PAQcWIG8Ni9XhbKpuk4DQr2aiGY6DG+Ufp + 8FRsUMttQmlqcO2WEdjHVIzqN/aTm8gRLNLoz2UyC/ujO1JHaK5YMozpCVyyyKKB + Cu+q+x19ESFHaLsJiiWWxeQ/f8hLvg87LK0aRNUCgYBrLftzPzn/xlii3P0PU2dU + 3oSUzP9VWX/6l+nNHheJAzR6ThKbL81ZrBQyOz6unqzOdLtu6K9XlGhhMHkRRUyi + 9phLmjk9VUz1O53NwvNXR96rslHYxFvUe6uUHvlmb9ClOQG5634wDtnCjIYtGN44 + vP0DECVRNG9CNHYU0Bh09wKBgQCG300325tv6gPhVxF+T7TRoytBZsigd/3Js3IB + /EEguZpj8v4KxsBJYvbZjwDriDdqkuivy87oTFlBwIjPbFthIIW0IM8LB38XyTHo + xMc+FVBDz5IapBYyj5vK8cOUw7k/ddb8/HTxfeiG5SE3i4XonCRDsy8lRWxrRbLT + 8zS4iQKBgAvYsplJ+g1Cn80rztTYPh1D1mxYIp4TNIIERDiP1b604UjJ2CrYTwYp + YWYpOe2MU+fzGpRUd83TALd/Yd2IerEFaW17HBM3J3hJoEqbRZnFE+46fTv9wFrh + PggsHOwQpGVkk4FSiadyIFeuzZVaTf756fFX702xyY2K7Ywhi1UA + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9 + CrALCublUMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub1 + 2q3Xic5z/Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDio + wSiJ1FQT0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5i + jb5xZpdRWjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrf + VdlGJ2Qxc3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABAoIBAFVOvB+eCfQ3Y3VI + dxihrpaAyTioj1lLAqz/EDYDOwO4Nr/45HSf0Y5dy0xxKxXA9AkFR9b7mArTELXI + h8LE9H8414TLpN67ksos7n1zYcg15QSK03ozg3aKodx9tjISwngNxUvupEnyU2p4 + 6zhpXFyNwMDiL0IRmeEh7qttV8hqcjaEBP/wtT6doGZJ8y86GMXI0siqd+b1EpAD + 8huErkwq4CPUy5JbEJQS1oefdC9yxJq26DIlsKy4XWCIIyY1Na5vONGXg3mdU12f + whsVm47HlFP05YLNh4New3G7oFITbHL7mXHXC6AW4cM0EYOS177hJIaDG5xuoQNn + I/898tECgYEA7Bk5F6IudxOkfnqdEG2fUMj+MIxoVoTALLudT6ndGlSy+9HdrXhy + kajrVAFdw6TA+X4rCP/uAQWnANWWqYPM4wbo7DOxVClh2K8eXkhj/mlQ1ZOWFBbf + yLiqHRHbAj0fa74hdr4FDfyufNcmw+dDHK2dB5sibFZYHhzpUTGBfE0CgYEA8L1f + ZnaVafTsECgTxg6S+YBXbp6TWRCSswhHeoha9qWq1+lhU0J3kObdzmGTqx8DiDOL + UrYgCJNafcpGv44p3zCs4ztZFKJFkA62j5prIUuT4OIU6lgRs835qbnTQEEIPTsu + 7S3CDB1OKYskL0AXbpRCNJP80jgtWLpxFEJH1y0CgYB3yKxAo1XzsBGK4eaCCTwF + HpRoSTQ+gQeHKoC7hDDbRRGx1V4kvrFR2WPbsP3DXvlRG4P2AvLbreR29eaEhowS + utS90dQsIPq1ltNPfmbNEt2iHkjMVHahPZ+BNCfrUNt6LHKJ7gpeeE6GpBnU1qYk + DKlYzIqAcKYwUPbG7NkHGQKBgQCXDSur3eIYTp5D8PGfRwu/U2EIvqUTsEtr3FkF + MENrGT3eJch0dnMRT1qDIUSHjXko37aemjn1R4fy/5VuoePx79e66EUXpk3heunf + pvNrO8G4zAJ1m/bXi/kIHtnHKkbiLJ1gImLsOQMPHAgDQcKyFoKH/QcYXDlPwAQt + wvzSrQKBgQDJpkuCxh+aeOlYLidbxWxmmBGeyYj3INTomLi9DX9Upy7pnVOiQp7s + DpQypBVsyGPI22qkHAKG7goOVlWm4IlJg3sgaie5ZBhac1k51oJnkm+nIXzhunIw + u2dRGdGRpIf6VtQn3ZCLa+SZMt9cRcmbx1hh6BiH6Ed80BdiPF+kMQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum + /ne7a8qFCThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWp + ukgTHgGyPnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctP + W4HvviwqII/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58 + vZLxNm3YZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9 + J1vIeFvL2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABAoIBAAhBgQc/YPHX/W4B + dP4mi9A1X5V5LHoflbcBedQGA7SHHGB23zFuUvG0mkzt7rsfYMXRiVe/A+p7HrZt + KpKi8fBUVFM6aOePss84t59N84GB/RaXGRn2cHSiEu9E+K9KE7q74R0JMIoJgnqV + /gGYeHcrdCauUyEOSP4BVBUv0itzg64CDsfQrwNNRr2wQ+eHC3kflqxRqiT9rf41 + xgIsWmNhpMfDKNGlKnWC5N5N4Rbr6HEE0gzTNK+A/PTP86HmlUDFjoT5SQCdYFId + 0Dlxah1cW2A6Nel3DNPqlLTaISHjRv1Sv/4BoSLpRFq7l1pWG3tBEis8NEeV0VF+ + Lu7o+JUCgYEA1r/O5M/T1mvRmgJVPdgamYSJaorifdu/LYzpjl339hifUVlNfm3x + nCl6/RKI1mRvvtYNjra7qnn0J7i1Yk5PvumUoyCDDHI/Hdf56rlHkkqUZHbpxEY9 + kXIceEvfB+nw7VSwodXpYO0SBNb/rhbVwFKLO3N+0fyzQ7DeJmBwQbsCgYEAxifo + YKVcjeEn/SCWd75GOrD7Hh6/NB8PP5S/7qXDWxf/ytV2Eok8GGMzYaQDrTN59sOA + UJnQeO/HmCWifVRI/g/3vc4KO1gwrOKtEuv/BHPURh8T1zcqFvF5tawtBylviA04 + z/P2whq1+fm9mvCEA4FBSj+pNHOgPqfMrnm7XL8CgYAh+uO/7Oq2KQVXezsFuCYt + WH1t8F/6TkUn7f4e2tubgzXiZ2ENulPaw+2EEeS5F9deuPwYMu3rAbUSe/WngoC3 + 0roEPea+l21JSZ1v+LVMfqSQaQiAWCTx2L6MgmTeGbRXuWjhkrmE7r5FKcf3QgG8 + ltMVKydMDtJGybu9EtFwdQKBgQCZuj4qND+Ahou6cbyp+wCK6eB3do0Jh4sR3Xml + UA4lrpGwLzhhmvv3Q4aKGm8LwKK/EN6MKTg1ingDDjdoGapjB8pAAwenEHz6swRo + aJO4RZAKMnP3BAHwOLgefAuWwcuX9gH8Op1V6tkArIIvIKaZ/X3Ed2zylz1bPlyp + gyEbCwKBgHdMPmQdJIdxrv1yqWRlHrXCS5nr+z98UEdlGqK4ALYsDxA1cGQMZrnR + bD3/3P8N9Wg3KUUNDhHRm5hpXvIpttnQ44zT3hk9JDylqKHJ3hn5evzum12SE3Z/ + jQhAm/W4+ikyKFU18Tq4dEZanAk9+3AabsKd67beTvZ0IpYHwFjj + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U + 40OZNRDy6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGH + nTGWId3wZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG + 2FZrv2MBv+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqj + cmwLakRE2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPk + KHS62+rSlA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABAoIBAQCb/+ekW0WiBHFA + bZt8D6MYyLfpgGfcyK03tcmXm7a3fXP/W90WU3gQBJ0S5vcZTTCkzd2+O1yJQ4sR + n6CkPRa7IuKzMsIPzoM6foZH1jmp0/HCcHCZIfFE/8GDYOMfFK1YDdEO4khhU1h9 + bfH5dH3icO7orYiSfKnFBJDLa2LGyClbC146r+GNA3cdh3A3YRyKLo4hbg2PqaZu + nAt0Za/VOti3fVyeC0pIJD0s7hes1MoT1bPj9Szw/JXBL+6MwxBm575Hi/NtN0Ad + akgZ/w9sWoLpF5xQu1wjE9UE9suo7jKDKmyHK5JyQrFKcdzrC+H/2+CeeSbVdegK + BtGCw7pJAoGBAPB1XhYbLTUSBpXvElBjhYUBlKOQi50pX4CyVTCxUo21uAbrefNj + Vqg3HqRvIkpvaBU2c2jonTJxi9UkUW/u1v8h07GEB/duq1dVxSrnEJCeOa/PsOkX + EDKJSO34MrVlxRJTNT/WOkSSzjpGfeET8Ko80XqNK/EbUbZzUqiVuSO9AoGBAP4X + jEJVFHBoSF7UZmGacaGBOa85vGDFLc8VmNa2ZiJNpYlWLK0eC9MU+mMDSSa7RWau + UB0kyXIab0ixu5CFrxYlSi7oD1Ji7wrI5Qjim2HeFo7cWGIfpRmg8yGTFMheg88S + bcBDGJ8XeRip6NypwMUrP5vYt5WjDmQ+XeRN9fBXAoGBAIuz5OH7EBzRSDo8F+vU + pnJMJMuS40qACxh+g7gyjb//X9fFX6jkgihhPdBTMR0F9Pa+F/dPjmUMSy2eWCIs + JYU9ZfywtOAw0COBlXgDn0AmbWWTyTjjSWnTESgRF4UEh6bJ6RoZoOjOUjrRUbk/ + GIgPpbUJ6AnA0YyrG88Oje4RAoGBALEH/QwWNQhgT9PqTm7AaV0qKOOh6VLO7qyy + kms+aAiMasI2DSiMn5Zwrkcf+e6HWcJBvsWfZM8gBdrzIgh+a8+VKYtm2Y4AKiYs + dA7tu27Dipn8gYPUInapwdvpmvhDibhTUa470UK+2vtJHlnn18xH5qiRpM8X7SYA + ofA4NRs/AoGAErCHYYRwxUr/F2PebRe7NyRfMBThpsI5AVrFUIkjEVl6KnKozCyi + q9csEDDtfpL4SmAeLk/GWUzrjsmlCR9AyHmI5pj1WPZXvl/NLu7DysU2c7RtT5a5 + ylKFPtH5XMLMoZ91o8HB1z2BHgmBHNVED1y/sW2hnOs809yXwiujMxY= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZh + d0AnXF2JWW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4Yoe + eV7SUxt89ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/Crh + jwcccR7GKQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ + 43rEQLHYfq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEE + tstsAAhSH6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABAoIBAHHZpmCsBhGEbDOS + LDBC2odhVK8X8nPsrHvgSfutbFVhDMYuEhCUjSf4ErBZbjeUI2pWKvnp02u41tt8 + PvgnhGNMP9M/QM1dk0wO+68BIWeFV6Eq3M1feSa1vBZiIJ12kKjWIRTBU6yQCKFs + xO1MalGXsZIg4CULcWTnNrQQPz1oCrjdKGGW/IbsLDQaWeiz9xWxsSVjrpIiGdgr + 0VE4k8b7BoGUcK5AWgeKQky1+CwwlYqh9r+YYwo77bjdWEqoBjn57kgfYjFUDzZi + maqIs6mbjUxmAEUBqU0u0jV0nPSYv0tGrcrIc+lSf3J4YGPdSmMzjGeXthj0RgHN + rKe5wuUCgYEA7cBDtYtUbzr02MtSBe+8k9AzF8kxfy4mYDNZSXY9SKKYW2j1UyOl + bYfQzf7oeuwCQmnBhwcbiV/lMVs1FF/eG1OAnywyRfDbKgwC/P3VbvGsr8uaZVxx + 8AGiJwQmIS+RjP4yvIa7v0ORgBgA0ANvhl9zqcTmOyy8ERlfVmxkxw8CgYEA959c + Y0+91SETUAwxft/Xnt+62J6XCGUtIYQXKtzziJKMAqJJbZHUiOreyWgHP6Z0vs28 + SCvHVlDLU+HMS0e+aRN36uQ/pjdPlvYler+0J/IOPaVCUXzyhId6opruIstadvDj + nYJxERwzltZY6x4UXUGKQFyhMUEb+X/ZHO3hoFcCgYEAuu0qjycvyJBbB8S8Baza + 4ICWW0I1Z2AajhJxRf/v6RbloSEhmS9ylm5tLjkYAeVjVWIe5ZIiBV1fLvIeBpnl + YCjD/OHb2P+o4SM2ikDsuWDMPB9hkgYgEurF2dU6QWdMEcWekHmCTbvLPyIgKWw6 + GDUeFEGaHrZqWytOuP1aMuMCgYAiNZPv7G5PaXhfkK+t1YLWYhZQIui+siuf+72v + oELM1WIeYwk95+2y1K/ep06JDpgGXCns1o99b0AH4KP2qny1y4i/nLTmY7HNK0hW + QvHCqwAoqBIXa+mdQZJBsKHBkNJ4qCLp+cFhGcJOzmIOaWNq1skgxytFwLb6qxz1 + kC+hlQKBgD9Q7W63LHvI5U/v+8rSQ+uCYvjV4AvmGEJ0ofjCvD97iUQKgKNlAiII + 1ZIQgWGXgJ2t0tA1Jm+dBmY19jiX6dYCr/7tgP8GJitReiWnoFGI6pyAQKpvoT+H + iQD58VsBZApM69KqjvuD670tjArBMeo5wnyA4miE5e3LuxO+b2C3 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA1BcFPyvztF/uE/f0fbcqJd5oE9Dr4fdPcMqj9+i9GR2lczoU + 42C94uKOpybyW+voyXYI4edBWyMV5w1nWRnbWdtDic74IwCL6YhMvDPfkEsYwL5F + 9ApCCYMMmaaYyZYBy6W54WtZlle7QKbv6zQ1rR9wadd86K4AZ4jDsYYdYHY01IdT + hHCtwbB9Cib2/xaB/w8R1/oGRMsAQKIwIdZNuCIvAAz73P+l9dB7R2Kj/rL27ttm + 7LCvQjTE0SVfZCoPyu+V6zCofPv90HClzegjvrES3AIEUROxZhwcatqaevGhhyIq + mC6dBTjwt/T11a5iIHb5GLkno53vtRfs75EpqQIDAQABAoIBAQDIURHgj5e3dp+7 + 9obSskw5xi2RAdO48kfy5UInJYhtD2Y0Rdhyxe2zPH61+4APN+r/VN+g1jYRaTsH + ps5FBrn5zbGlmHkfPiXnpZesbmYqt/MiINSbYZDrwP4GpaZLR8ZcXSQKd8T+zdAL + iWCzSvWjlT0sip3semPhZfhHVL+sWV/RWr5KwGXwaGs65uzFbVcIue7my5V0Gn/i + XxixBh/fLnORYZrdpI7ph0ESv+vzNQIgJblUNvjlBJ2zWOid2vPor2B3CHn4KSqm + Bu/HZzfXlqoTzMXKs1/GLeiIDcLsjIoyFvYWDodoi55psOu6ypj6/IHB+9udOehM + pUPLI7UtAoGBANjYXkwKUfAxsQ0hCs8MlJOBfsvT3wrdQp3x5/HuoSjLw6JmCrfm + 6PNlv1WLEdK1NnPfYEv88SLn6wvOA8MgxCOG+gf3EIB07zlIrxIuC2tvMfsdzQus + 1FhkGQ4V98CGplSOWLn9WuTNdQOGBbx19I0x+swGILJM1noMVsRsQEYrAoGBAPpi + 10EMjWtJSoxhQOIOM0A1eR1e7dSw1ubSf1IFs9Xv53G5Uv2T5kxmj0kv+gV4vvju + 8xT5FecVTzuTEfG63JMx5JnzJUsBSH9NBH11n6NEvtjWBXP0tDsYfsuWtKi4hac+ + qxdCevW9wYHdzaLDRtNCIQVHxlzonMwGMQ7WH9l7AoGAWLDemLFb5Cce6GTMW/Uk + S9SaPNnyjyoCVkGcAar9hYcaBDFCTweF3g+Om3lfF9SAahJB+7KAGivLSi/AAC5F + qtZJK7rUqAWr1r0wxfnJN+7p/XCp7g2JaIHAca9wfvFT1J/IEIJci9qw8nj9naCN + HrcDgjE7bFHbI14qmvo/q7MCgYBnXkbfY/8+O5O7QKs4qAQgjfLiXT5ygE84G87U + XeZQfCpgmNHaPiTlhbHB1Tyy5ZZxzrQsBGk2bWW4go717N8DJaXqqKbMwErdwz4H + TXgKP2dKvZCivnNpskMmaaFLxmHnGcgoYhnBOgWZR6iNeXDT5okbVPZfhOi2khfO + uDeN4QKBgB7g5yg8dJF0hx+npEZ3zEXtb5fWabUvM6o72udnmLtTD9Kl3LvyjGTH + grCF+HHIwhtA5HCCGScfBTFs7RvqQeeOvjlTJ5z2ZPTEJkxDDneraDSLFS2mgAKB + RezSPkJX/jx1uaP2u1Rm9OP0Ir43zr1pCxV0k4z4I8cAQiySPQKY + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAurcnk2DsQLTrrtNrdHsNsMB/B5TLU+35QPyknLyql9iZNHsu + 98Ew8rJA6wYqnq1yZR6pGwvelxfkRcWMrw9rEyahYQU2sv2NYxhdrQFlXa1FZq4D + KMVcfXvAMZPViqrPh592LISgemp14bHb0eZF1RBGxjZvkNacUmlkpnhZWc0aFan4 + OA6jfxis2qDiSyo5jgk2YSrQAfSyNgpAp54Oinr0mItsWR4lVxeu6CxtZP2oSUkq + z99KpdX9VVYEr44im0Sl25bf1sGamCfJEksp4c3Tsm7Oz0qDemrlUNWPJrj4K8qb + J9meXwV8cz/tTjtpdvFe7oVxv9QXi3/MkPkZowIDAQABAoIBAEGuWD+h4rnIavfu + 62foOaKptIXoM7ZsijfwJ7/zJleQHCS4CIei8CMPzYJfgvKatRkZNgeLn1urTeO1 + YI3ccKAmALLucJV6WBg55AoN6aiQYU+Dex0GgEisFanbBU1oVOSylZGHfiRR+vHP + 7THjPUF8HklvsMNUm1zqMjvVLilGQUpujwFMm3DJcW/uphMh54TauCnptGWna1ln + S3cBoTy6Ytk5K6m2pQH2WtePnqdChkl6kQRB5A6XVlVN73UBr1Atn+RQG2VXyj18 + VRDh1SrOxT/XlZAsCKrtI8s5bCaE5vbKQmzg/DhoJuZHXUdo9SMKU4yhEjHvFoWW + Lfcw0WECgYEA3DPde5B0ZAN9bE6fXj9axPGbvGIM4BZvjSVctRrONGM4aCVXY5q2 + Hp52n/aLTPElSNn49qrGs6jmfGWTisBzykv2Wc9XQ+c5MkJ+ePTQ7Epi2hZX9KtT + t/NQPfuaPnzDVMtzuj2Az7aw5TEnEQthNqwwf9L1qaK2OPccCT/gKAsCgYEA2RGp + Bp3sgDpenqym3BV+XT0xqDpkvDP3jZH9/2jdtSv+nekQlEV59oCJdrnnD0aBDZh6 + kouI6wU/k/wJwgNYNwU6tUuy5do4tH8TBTa9tczaTodytslyHFta5T8v6CDJZ3Xp + pH663mkIC4nOYJJ3zsOQURJ+XGPnYun5brsRm8kCgYA3Rz3eexD82nNt8P7I5haf + QhfaXrLkvj0arbpsLGJ/fDj4zAb4FiqJ3TXiSj4F/rNhana5VX20ND5IFCfJuS5Y + JmGdghNiFHWjTFX7f1nDN5lBLkK+RRQrJYWLSdIaxa8zZi+THUVs32vg3Un1WWn6 + E5fJPug0wYgFHOOI3uQiqQKBgQCTDnrTR8QEbwbROqhka49LPXzZuo2qTw6D84b/ + NJ0W8zIw6sdXm+XvkM8QBwu5dotRmZ5Yj313svuKlvJJZRirVbibQCh3vaoy5fAN + 1TMa6ihvkSWvHbRX77AZpQAgo62ukNxzm4Ofz8oqfva4yCGwix7HPd8rWmdUxKw+ + Ty+zuQKBgQDN1iFVSRcsXg9ygFBDOk/BaDq81WOUpIIfgW2i+Ho61Dy/AmzBcDEr + 5e9g4E3cJG/W68MT0ScgLdSEK2MjqbCHVg7k3zjDahcEyqjCCL9XMynzaqK93jRD + Z9mJGgHZHmijs3bh9Xrdx92A5zR3axTqVomWO9jwsPW0trd15+ZviA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-11-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAw7kLvPFfXWWLFOHMEuoreC0yIcwgMQH8jfqqpDqMW1amEBQA + 5DMEtl/Vbvrv3/EBPRq4nTSeQXZUiOgF9Bp+8qSxAn1j/ZfDQf7+dtDr6Df0VMDl + wbeZbtUoZHghMccUFZeZAZ5wvzT7iszFNiymWBdHnhLYbXTignAeZeF0Kwxif5Uy + bbjPFcuM1k7k/L64fMxbuxV8ZmgrySWWVLQganTeNLgoujezHkgXrg7YYf04bx7j + ko5B7pnXhhMEWKyNOzBKU1zJ6eVBfvWZcv50hNf1lC2e5jNo81pP3N7+E8Jy5+h8 + rR+YJVfxu1m5KKfJll6AKID6g5Ssyi6p9Q9KxQIDAQABAoIBABHo4+8VM0HLoe92 + PgNZFEM594VqNWPmp6KiVm0Swnc1NZrxCafYF01M9a3jHoIifpeF03DnOLgKyO+C + M9FDf2xar6vnp3e0JHTsjYJ32a51OFFtGVkhoNOog7q112vDqM3VAnZIdk643W+1 + DzLG4S3ca3xGgzF46aU/9zghakzp+yN7H1zAuY09CuwtwaMBcYQTRPCiOh/1c4fv + y7ZVU+reVAU/2saDhIucASEvT8DOrgapTu74QnpDv8SxJP3fQvcpPUhe4cH6fIBS + B+kZv+uUGCk+XLhLrF4FrU76ZqgKmhLff46ZjMvjUaH1LSoGnHyb+W2D1Ws7DRNI + rq0Zs6ECgYEA0HP3xWeM/CbYT1VUYyJ7BUWnIIAyaItdug3vSuIPHG40xzOSk2mI + RWVcfB5Uxa6cyScjgOW9jaNpfk/1Mm9PZpdk90LIspHZX+AE2h22pEaXkD7/QW65 + c3zX6p4ULgeJegItbPqp5wvazvEV7mh4IzLtPzgVSAbpQrRNZFm1v00CgYEA8F28 + S8aFB2YGOsMonkASanPxPJmls9ek0212mQyTatrmiP/fGrMRkNlh6EOCieFrKBAh + vJBrYvNetM0QpJOB6YkFJdUFjOmlEXCO+2O5PA8flHIk2ORxLfPBDCCfzHxaWW/5 + BqSfztWcJdoRSXCq/xWwFr4UkuUmV8INEk4cbVkCgYEAykUNUs71PiPPV8Pb+8oU + h3wb/OyIfWtmikhFP2t18Ed8DSOdAk+v/G6rvICOD7gsyP+icsv7D/pWPkwGCGd8 + K3eScF+scaIWxPKSorecZ3FcVorakzqG12p39WBpAnUr0GlWfN4KiXi2XIIRnuJe + WQFstyCLffW+2IwuYMawFi0CgYA1zAT0wL3NZhxG0p8orBZzFPgNJCZeFgmh+IHu + x03HQK8QQpRgmWt5C+5J2bJBwd4F3XZvibM/NlEgDjWHYCxXZH9udDsFytVTDeoy + gaNXudrLkrCEirx6GHBAkpyxW7OtCM6nmfjahhyorCHqWfkrlmMO9AQOzJLEWX4r + dqgOIQKBgGFFVxxbVK7QVnZoZ6j/W7Ede+qVM9tAkTvmQP8boeX6yD6GGZ4Y8Xtw + 532QYK2dkjrRcShyDbvp+1tZyhjxIRRkjMWqUUCExLiZCWteEUd7vEDfCuExf8fg + pwR0ZPHNQkio+mXqUyrESzXhqbla2t5QyTYyHGN2b6NEvxKQ/ok2 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-12-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAnMf1znAeBCDNxRpiMA8TJNNGF/+MfR95k13PcxjnHDrKXIsG + 2Gvup+MSQjLCBSNRSPksDyAoWmp6pTh6N57tr8qimaqIyt/0OeOVT2x/q3oKLkKB + RGcNtR2qbZ49t8ZFS+9QPmDQLMl7zj2N5khdcyMimNPVedK2va58sZav0OHyg2XP + zzsM2G5GIOx3oBoi/nO/obLcaUBHN8lZeFMpnSx+kSrwjK9BsBnspe5spSZyezfR + RDWCbNcmxq9X9iqsgEFFJjGoMMyWYQsOas6DdD1tAvV/d5hIWSQITa5u7E5wiuYu + kYw7ViLB7FQWMFD/fT5UDQkrTKmMh1sbWpe67QIDAQABAoIBAGQHmKdsFVqg62i0 + mqz7EUXPnss0+xfh+xmxIujWnK4APJirA2UWCCEJ2d5usCfDDtu2Twwfgl+dzD6a + ODBAsHoWmYPdsIVwOkytDdis6xAnP1OgjwVrku1ZziE+czZLxG7cc6A4+Nl6fAls + cJra1PTfF/XWQkAF1x5Ss7BC6k4ku3rag6eXReTggdSkZ3iKkdsrJNVydgVANeIb + aekK2lh4iu7lG0k5go0G52/kHcRCze5XH1msRJPML0TWOnpehcB5x1ibT5ZNfUAT + 0rcBTpLkVdVUlh6Xau07ahhHCnW3x4YjLDlso93xLH2mUYlmGmHssy1mZp6qHaal + l5+v6sECgYEAxID4T6fs/TJgyRcF0xmUnzQ3md76jzphzFXz6pcR4YtUzx+DInEE + 1Lbo1plotxRGSIOmy+RCcOXrg/eAB1QLJLhE5DfFKygqIf8tV3UAMhJufRIQWksj + +55eViiEXLwp+kpDrMtHtg3rv/Eku+Cg7Q7zk0Fo1mqQvyOy3RB4/YkCgYEAzEAU + cReHL5HVkALMLmH+zvMW4wkeeXx2WzpIEWOIskWrPZ7jHgoaGUcPJBa2btm3Q/Sf + Dilgjx7cPOPxUwFOrxrlycro/coFVVUWmUYhjDd16fFxi9zd1vsEo0UOCdUgR2R7 + pvuDu2yynYhpESnEpPmqtUXFEMisIO4jHgRT/UUCgYBuH7kJKxrtauZCy9w/yf44 + mpLucMAKtLVKRoFD3xXuSJ9m1EoxaxVCAJ/MZH0C3SHmUaGQcoOpsbCjbHkbokX8 + dihlnbupzACQvOk0MiXB6gJxpUX01Fd+E+rabip/rhP4aNY0aFfv9y0/jG0BvYly + UQbAZ8/RGje0ZtU+fpTPwQKBgCNatC8fM3c4dw8GbPFaZRDNYxjJa0z8DkCcRf08 + jVzOUmXIKuf4N6xIcIZ+p/VoGiDZJu78moorfVPM4OjNQSFuNnhHdyz22xV6NP8y + 9Hug3fgwosbi5ENiD9tzCIsLKRsyeXTd9F9s4T4DbqxZ3n/v92yJNyNAmQraLZn0 + hdVBAoGAUGklBpYg5ina4Br+ciWGEWrm2+yGsr0/m2T67oLkM6c/zcvMW3sUrggc + /G4IqCj2VtCKaH0ZuTqLTIPA4xcpj0ouMnNi0Nvgkug+eLCOY+lWa//aWFH9U66a + xXpYX8uKwQYx4y3CJCmtRyo4MhGol+1rR8OBh/LMzmli++6MJS8= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-13-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA0pa6zcUAGIkJk1tdn/OjFjChIKp5hngrVdJung3XQljK/jLB + 7Ij6waHQzR+9fdhSOBeoO0Wggm14J76cucSuHC6FffJj5h5yL9lSuf4XQ0/konRe + V6FOXtLy6IiXueF/Bi69SBbUIWN4wGoj4jqi+P3Mj0PnOTq1/+tB/pkh8HkFvt+Z + leZZfifHzpR6+h8YZMogZqMhNEw66AzdpEvTfy0B3ugcfkU1rxQ4yFQH6UXRhjHo + 45c1GuIcgA1hhg+dS0Jw9eawJS8OctM3QpruKoRNuBr71a6tfEMR1KvzeW6G1Fa+ + AcIdGTW5SbE5YkZj4BLGq2qRYFkEeQ0wc4dSyQIDAQABAoIBAQDNMmg1ptbwEV/O + QUHaYPmx3pKylMozmBaJ2rFEuzHcCU9LIERL6jGEydr+dQYcgNOkqpCXqMG9NVPW + TmrCrP4GoeIbljt3eIVFUJrGdutOAKRFE+T1uEz4Is7kfGxziGFQsexoOS5clmOM + AiCTCRXSTuOrWbwNzMKY6zD0F1y1xkIEb+mjseUYioWlka8RMlssp0U8AAeG2qSC + aQbvnylHs/mjirB5O9hN/x/SxGjhUMjv95koAhG+su2ms1JwhMh6eY9Vt0KJ6NIx + 1rE2HkAHHELu9y4pDJQr5iQy2DziBOJ4zFWCrKOCCVCExScL+5Rjd/Q1lOayODTt + WES9R6v9AoGBAPUvVGLW/9S3rzNCJEBrSUYe1cCEsST0obASfH9uEsImnddGHbRI + Sg/0qsRcqhxctvZ5inP3z5xS9bsvG8HNh8SLd2fE4rZOz5kGkjNt6vszPf8hrJ9Q + 7NONKeKpg4Qpi5pu9PY+nKi1WUHlP0u07H4L7g8Ha+BkxqPbMYpFkfFnAoGBANvg + vCY8Il0DkTCSbBjbLob+0Oq4KgXPaw+eWiaz8pCYRkvmb7gehSQoR7/Nlihxvooq + Cm0gGyZdpYK3GuLhpPNoKfUxviUi2As/DgnYRfqiJFT7FZr4pD7FLUCH6JZVP0Xd + zM6PrSMIOmADNEDW/xSICM0W974v85pfqQJdSwxPAoGBAN97fJd7EUV7CB7YsuJk + 6C0Z/gu05yKgOKCcuQ4N7ts5B7YpGvowyhExGlZRgFzJxZtzvVdnEb2TgJhVoB9O + j+n+lZ/oPh2eSGtbKffmwMCnPGNI9mdhA/zwNrV7fX0BwVXKvU2WVIUSh4EgzEjd + aJKbnSnlwdaPBOBl8wntz9ERAoGBAJnsxuphWJES6TY+msv/zJ+WjTxz9n8gyEsj + yOqlOJ7+6t9Bj14uh3hbdncQfhkMH55rdecU/cyq7C4I7xp7alU3y3+p9fnbXbDp + 0HMV409k6NhQ+bwGajzDHj25pxpuzR+k+TZ1oHgQz4TdWVw25lVCMh8ZABA1U2zz + oMZV9y7DAoGAaPzOfLlPeseRARCz0mso4Y5elTgVlTv5bOHjtk7ozS66tyjVlyMN + zq1fKj07TG4zIX8aWAID8Nt3dw+03ucGyHV0euvav71H+6CXzdmDb7Oh81f+aSbA + X7SEof3XfLWlt9iigJD6AZEuRlB9/D9tn5phhrDfzTmX3Z8abiVUgxE= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-14-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGyto + Pe9i3QSImqbFrmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4 + VnuCl4w38XhHwkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeag + w2wREaRd1wdEMweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+ + 26mgdoqGQ1jZTYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8ii + fEKt100wOQH15hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABAoIBAB3jpG+D45sUCDPz + 4oWPEyApNSGO11KHSg2g/BeFYZsUW35+BsqgVqZpHuOPhuQqHQm7HL6lE4O+TUhf + g6uhPC+exy4AM5NN0lynqDJaUEc1n4hsRJSCyW3LjaFIgzVOS3oxrQQ6v1w6ZaCG + oEZcrzQBi6Qc1+PQzQkLUBJoIo2jhHhRJ5ygNLUnhZPQuYtjmTz6OLmc70uCQGpr + q85cyJIvGLPFJJG84AfZfYGE+5rGAmH0DJNJUa6NPLEw8RR7a5fZyIBDhb+yji22 + rj1+udMy60ZV8ROJW7wywqR+726ELAaDHFEU/OeSwUtszWBIZpIfLobYHFpZdpDF + Mc8moNkCgYEA0N8Y30SKLhzbq3Ig7VPS4msEGNUjJvMlct8YniFuHcN4zaWIFtEf + aDRoWnqa8CtVWl8FiuL+umpQ0eVkzH0R/vTVUq1wu06Y7XwYyLRNMnssw1PSyBED + 2QZF/j4Hk8JRAvva2RKXLwne+Lljeb9PmZuzxpdXjYNGmD9OiTdME98CgYEA69Cr + z+JPTwUSdBoPnkFeO1IZC+rflBFJzj3R50xjSiAp/Q+KvNogEvYzb5mbZW5RcyyV + uAYY+9OTdzQyZwxr8SDGK7ilwsQwnl/+uuLLn6HWOjqPAeLpbmB04mljl5Ft2ADN + 6Eks0NYJ5F1x25lmj7QXRtGYo+2WU7w2pp662kUCgYBnwIowTXF+GmObtCNbACpe + wd3VH/pIHLtbZipqUhzKuBBHxpPlEZfSQUYcu44/AqdxLoYoST1TCACBYrtBQFcy + GBfm67R1tkMMpHoDKFy4WKsRk4++RYVtxkn6UoGdCgcHvmclMLDccsDJN/2LulYl + 7UvNt9uLtcvZUIkIa+lkbQKBgQCj+iK/F9uWUyyV11ls7n+cOGZ6RwTZbXwpEgvY + DuIsNVl9Q0VyNSuAg/sYa3QHgELbF/G0WWkeE+3DQmSaC6Uzs1qaJHf/i3VTa+Uy + B2sYwey56OZwpV01B5W/qxE54ELFpSmJkPi871lJl0EJNw5+dviIok7GDvwtlf9a + tZ2xEQKBgFWMUupdVMl9DZJTN2RNP/4q6/FUTFfGRRoKUoVgN8e2X+nHikUvDTHd + 08mJqSHTFmQn/7bv4MH5mVbBAhgitcVXCvYooR6BNIL0SXbjgr2VNz/ZqVIsWGvW + fW8SM6qMR4CyZkEcW161Zvz4XzGnaIQ3MbkFtfJy/i+wfspdUFZr + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8Ndu2d3Wp0Th24IOVyt + wmhCWSTyCsY/+PZ6CO1JwhvxA/LLR+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEK + O0erydvCT/MKkk/+oKoLTum7TEoWredGPHlri6xMqktFjlW4O2487JvBx5q1wObV + nb1vpv9pnW8isSBRWiQAlsol3Bai3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQ + KPSl1qnQ7h3rNzj7J7Aw5soo7cJKWl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ + 2FzisZs3Jz4izLgi8r6hB/NbIOOc5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcM + PQIDAQAB + -----END PUBLIC KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PublicKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAz8Ndu2d3Wp0Th24IOVytwmhCWSTyCsY/+PZ6CO1JwhvxA/LL + R+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEKO0erydvCT/MKkk/+oKoLTum7TEoW + redGPHlri6xMqktFjlW4O2487JvBx5q1wObVnb1vpv9pnW8isSBRWiQAlsol3Bai + 3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQKPSl1qnQ7h3rNzj7J7Aw5soo7cJK + Wl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ2FzisZs3Jz4izLgi8r6hB/NbIOOc + 5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcMPQIDAQABAoIBABhHwa2EEvvA/aZH + IqjpftkIbDCU08CUmKdUzsA6UvNfZpRKjJ0z/Afoo9EPYlu0xKuGZTcVrCWJ9uI3 + sP5/960j3By0FQpY4fRlauGF3dp0EFKDGhFqxNeObRYepbsFHvTaabRwVqhkL4pP + N0x67Z4IpILEuKgQc+J1X2yEZpk4gq5j7AWvpVIjt1TdznLgpsmcUWT/MAh2uTiu + Fcre+xC3C9a8M2/Df3I5CRff1g4rIRIdOWG+5cqBu8tPEDBllyKZe+9KouhoxJIx + cd+ooLHhKKtR4nV8X7w6UiRLd6MYfcAEQKpkc8InP4oE93moSdyPGGUZf09kimfC + d5v+U/UCgYEA8IX/Y0DYaIy7XXtyDxAusDhYUewFIW7LVqmphSUVolgcSbILWki1 + OtfLMZJ/Ft+p7f+PSVFFi7Cm9E0nc8t/As4MhPNMMQxgzs0qaFfXVfEY1gY4KBwr + 8RpZn3/dHZSlZVjD5hp2ZagHEOmN3b7ZdqTYr2k1uAJe++YVHHcQKzcCgYEA3SG6 + P0RKGNpeJajIiUh7ehdA17FRw9vB8ui6tzh+2PxTtkv988GOBHH/NTaitvTvyi5D + u7ayyYcuQANQaKlWRB8zLq3Rwl7uXRF0fqKgK3yDGoZVdljBd0zjzIcuyzHJq4/W + KCVGDSFmmeAo+8r/zJkzsFX3kpLFEWRZlxIHhisCgYEAnEy3dWxCNU6ew1Tg/eDq + NiGnYzUY8GzrPlnqi1daA7F2UH2e2wC8pIxuwrwMUnTuHHciSebCZtBY7hDlPl5T + HyN/BzaDoKwGjNzOXhgXGwYduZc5DvefpoIVE40nx309LerNAs7XeaADV34ubpcD + AhKFrReVjQodZ1xRA7pri2kCgYAfWyH6yKctIQHKm0VcWh/QLy3tp+ItQKMe26tm + QaeTAyyno9ztzJtju/pxRD8MbGz4IVlPa9esRfPj9dRYEvL9k+MBEnq08hsgrVH0 + hwDpSa2ZfETwFCPS099VaDHVdEjhf/LhHG/zerH+zc9h7OYaz/qJXZdOfGtfTPh7 + OH5CowKBgQCeoKwc5o+WXZl+ebFpwX3eLE3mlGDGwLnJ3N8bue7IIHZOes3Zihbq + G1Bx31npUYt8Ylr7z7wbcLMuEGxWzdLJr6C+J6XwmI+l2j1q1knn0N7scptv54HH + BM1Yk/elAaeuAdKDrdud9daBhGuoBVgyAbpQiq0iXgomcPjvU2jvrg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PrivateKey/v1 diff --git a/spyglass/examples/templates/secrets/certificates/ingress.yaml.j2 b/spyglass/examples/templates/secrets/certificates/ingress.yaml.j2 new file mode 100644 index 0000000..ce475d4 --- /dev/null +++ b/spyglass/examples/templates/secrets/certificates/ingress.yaml.j2 @@ -0,0 +1,135 @@ +--- +# Example manifest for ingress cert. +# Shall be replaced with proper/valid set. +# Self-signed certs are not supported. +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-crt + schema: metadata/Document/v1 + labels: + name: ingress-crt-site + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +data: | + -----BEGIN CERTIFICATE----- + MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO + BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ + MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu + ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP + ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC + r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs + F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV + bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1 + eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO + k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG + YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9 + EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC + gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF + MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv + bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t + gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y + aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH + BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV + HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE + BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw + WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/ + X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX + vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk + JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm + ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF + DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N + w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc + VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg== + -----END CERTIFICATE----- +... +--- +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-ca + schema: metadata/Document/v1 + labels: + name: ingress-ca-site + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +data: | + -----BEGIN CERTIFICATE----- + MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO + BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS + MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC + AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE + OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V + o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0 + YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT + fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI + GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+ + T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB + d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j + mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd + BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB + AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx + 2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM + EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+ + zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9 + XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+ + d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO + TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI + XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40 + +g== + -----END CERTIFICATE----- +... +--- +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-key + schema: metadata/Document/v1 + labels: + name: ingress-key-site + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD + OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv + 5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4 + 8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1 + U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9 + Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl + MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R + g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC + DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w + qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif + qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft + 3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6 + ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf + Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8 + uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH + g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc + PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz + +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS + HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk + X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC + wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA + GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE + mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6 + mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM + ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx + E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE + 7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC + 1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8 + 6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+ + TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5 + QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C + pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB + /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ + pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a + dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5 + 2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS + gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3 + -----END RSA PRIVATE KEY----- +... diff --git a/spyglass/examples/templates/site-definition.yaml.j2 b/spyglass/examples/templates/site-definition.yaml.j2 new file mode 100644 index 0000000..02affa9 --- /dev/null +++ b/spyglass/examples/templates/site-definition.yaml.j2 @@ -0,0 +1,17 @@ +--- +# High-level pegleg site definition file +schema: pegleg/SiteDefinition/v1 +metadata: + schema: metadata/Document/v1 + layeringDefinition: + abstract: false + layer: site + # NEWSITE-CHANGEME: Replace with the site name + name: {{ data['region_name'] }} + storagePolicy: cleartext +data: + # The type layer this site will delpoy with. Type layer is found in the + # aic-clcp-manifests repo. + site_type: {{ data['site_info']['sitetype'] }} +... + diff --git a/spyglass/examples/templates/software/charts/kubernetes/etcd.yaml.j2 b/spyglass/examples/templates/software/charts/kubernetes/etcd.yaml.j2 new file mode 100644 index 0000000..40e7f8c --- /dev/null +++ b/spyglass/examples/templates/software/charts/kubernetes/etcd.yaml.j2 @@ -0,0 +1,96 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: +{% set count = [0] %} +{% for rack in data.baremetal.keys() %} +{% for host in data["baremetal"][rack] %} +{% if data["baremetal"][rack][host]["type"] == 'controller' %} + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[{{ count[0] }}].hostname + dest: + path: .values.nodes[{{ count[0] }}].name + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.key + + {% if count.append(count.pop() + 1) %}{% endif %} {# increment count by 1 #} + +{% endif %} +{% endfor %} +{% endfor %} + +{% for rack in data.baremetal.keys() %} +{% for host in data["baremetal"][rack] %} +{% if data["baremetal"][rack][host]["type"] == 'genesis' %} + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[{{ count[0] }}].name + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.key + +{% endif %} +{% endfor %} +{% endfor %} + +data: {} +... diff --git a/spyglass/examples/templates/software/charts/kubernetes/etcd/etcd.yaml.j2 b/spyglass/examples/templates/software/charts/kubernetes/etcd/etcd.yaml.j2 new file mode 100644 index 0000000..d5b85fa --- /dev/null +++ b/spyglass/examples/templates/software/charts/kubernetes/etcd/etcd.yaml.j2 @@ -0,0 +1,92 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: +{% set count = [0] %} +{% for rack in data.baremetal.keys() %} +{% for host in data["baremetal"][rack] %} +{% if data["baremetal"][rack][host]["type"] == 'controller' %} + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[{{ count[0] }}].hostname + dest: + path: .values.nodes[{{ count[0] }}].name + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.key + {% if count.append(count.pop() + 1) %}{% endif %} {# increment count by 1 #} +{% endif %} +{% endfor %} +{% endfor %} +{% for rack in data.baremetal.keys() %} +{% for host in data["baremetal"][rack] %} +{% if data["baremetal"][rack][host]["type"] == 'genesis' %} + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[{{ count[0] }}].name + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: $ + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.key +{% endif %} +{% endfor %} +{% endfor %} + +data: {} +... diff --git a/spyglass/examples/templates/software/charts/kubernetes/ingress/ingress.yaml.j2 b/spyglass/examples/templates/software/charts/kubernetes/ingress/ingress.yaml.j2 new file mode 100644 index 0000000..628ad0a --- /dev/null +++ b/spyglass/examples/templates/software/charts/kubernetes/ingress/ingress.yaml.j2 @@ -0,0 +1,28 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ingress-kube-system + layeringDefinition: + abstract: false + layer: site + parentSelector: + ingress: kube-system + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ksn.bgp.ipv4.ingress_vip + dest: + path: .values.network.vip.addr +data: + values: + network: + vip: + manage: true + interface: ingress0 +... diff --git a/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml.j2 b/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml.j2 new file mode 100644 index 0000000..6d379e8 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml.j2 @@ -0,0 +1,16 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: elasticsearch + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: elasticsearch-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml b/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml new file mode 100644 index 0000000..71e330a --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml @@ -0,0 +1,16 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluent-logging + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: fluent-logging-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/neutron.yaml.j2 b/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/neutron.yaml.j2 new file mode 100644 index 0000000..2547360 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/neutron.yaml.j2 @@ -0,0 +1,23 @@ +--- +# This file defines hardware-specific settings for neutron. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. logical network interface names +# 2. physical device mappigns +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: neutron-fixme + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: neutron-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/nova.yaml.j2 b/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/nova.yaml.j2 new file mode 100644 index 0000000..32f94b8 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/nova.yaml.j2 @@ -0,0 +1,25 @@ +--- +# This file defines hardware-specific settings for nova. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware +# changes. +# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC +# slotting changes. +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: nova + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: nova-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml.j2 b/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml.j2 new file mode 100644 index 0000000..f4e4257 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml.j2 @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-client + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: tenant-ceph-client-nc + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + osd: {{ data['storage']['ceph']['controller']['osd_count'] }} +... diff --git a/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml.j2 b/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml.j2 new file mode 100644 index 0000000..051dd17 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml.j2 @@ -0,0 +1,55 @@ +--- +# The purpose of this file is to define environment-specific parameters for +# ceph-osd +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-osd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: tenant-ceph-osd-global + actions: + - method: replace + path: .values.conf.storage.osd + - method: merge + path: . + storagePolicy: cleartext +data: + values: + labels: + osd: + node_selector_key: tenant-ceph-osd + node_selector_value: enabled + conf: + storage: + # NEWSITE-CHANGEME: The OSD count and configuration here should not need + # to change if your HW matches the HW used in this environment. + # Otherwise you may need to add or subtract disks to this list. + osd: + - data: + type: block-logical + location: /dev/sde + journal: + type: block-logical + location: /dev/sdb1 + - data: + type: block-logical + location: /dev/sdf + journal: + type: block-logical + location: /dev/sdb2 + - data: + type: block-logical + location: /dev/sdg + journal: + type: block-logical + location: /dev/sdc1 + - data: + type: block-logical + location: /dev/sdh + journal: + type: block-logical + location: /dev/sdc2 +... diff --git a/spyglass/examples/templates/software/charts/ucp/divingbell/divingbell.yaml.j2 b/spyglass/examples/templates/software/charts/ucp/divingbell/divingbell.yaml.j2 new file mode 100644 index 0000000..bdb883e --- /dev/null +++ b/spyglass/examples/templates/software/charts/ucp/divingbell/divingbell.yaml.j2 @@ -0,0 +1,603 @@ +--- +# The purpose of this file is to define site-specific parameters to the +# UAM-lite portion of the divingbell chart: +# 1. User accounts to create on bare metal +# 2. SSH public key for operationg system access to the bare metal +# 3. Passwords for operating system access via iDrac/iLo console. SSH password- +# based auth is disabled. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-divingbell-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - dest: + path: .values.conf.uamlite.users[0].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: jenkins_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[0].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: ubuntu_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[1].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: am240k_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[1].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: am240k_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[2].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: dd118r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[2].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: dd118r_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[3].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ks3019_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[3].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: ks3019_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[4].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: pb269f_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[4].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: pb269f_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[5].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sf5715_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[5].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: sf5715_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[6].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ds6901_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[7].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: jenkins_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[8].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: kr336r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[9].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ol7435_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[10].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: mm9745_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[11].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sm108f_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[12].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: bp4242_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[13].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sm028h_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[14].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: go4243_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[15].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: vg763v_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[16].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: jb654e_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[17].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: dy270k_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[18].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: dn5242_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[19].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: aw4825_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[20].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ak2685_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[21].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sd592v_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[22].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: dl2017_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[23].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: kv289f_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[24].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: kp648d_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[25].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: mw145n_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[26].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: mm4762_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[27].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: mk721p_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[28].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ns707e_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[29].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: pk5294_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[30].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: rg9968_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[31].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: rk646r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[32].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sy825r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[33].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: bj2343_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[34].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: bd006h_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[35].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: nw288p_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[36].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ja5277_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[37].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ds9665_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[38].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: vp8178_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[39].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ag073n_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[40].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ab4543_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[41].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ar074s_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[42].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: bg809e_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[43].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sq074s_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[44].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: rg4437_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[45].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: gb458m_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[46].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ss254n_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[47].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sd069y_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[48].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sk559p_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[49].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sp781b_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[50].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sc842d_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[51].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ml844w_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[52].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: as487m_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[53].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ms8227_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[54].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ag073n_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[55].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: vv8334_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[56].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ar074s_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[57].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sy336r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[58].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sk562s_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[59].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ag878f_ssh_public_key + path: . +data: + values: + conf: + uamlite: + users: + - user_name: ubuntu + user_sudo: true + user_sshkeys: [] + - user_name: am240k + user_sudo: true + user_sshkeys: [] + - user_name: dd118r + user_sudo: true + user_sshkeys: [] + - user_name: ks3019 + user_sudo: true + user_sshkeys: [] + - user_name: pb269f + user_sudo: true + user_sshkeys: [] + - user_name: sf5715 + user_sudo: true + user_sshkeys: [] + - user_name: ds6901 + user_sudo: true + user_sshkeys: [] + - user_name: jenkins + user_sudo: true + user_sshkeys: [] + - user_name: kr336r + user_sudo: true + user_sshkeys: [] + - user_name: ol7435 + user_sudo: true + user_sshkeys: [] + - user_name: mm9745 + user_sudo: true + user_sshkeys: [] + - user_name: sm108f + user_sudo: true + user_sshkeys: [] + - user_name: bp4242 + user_sudo: true + user_sshkeys: [] + - user_name: sm028h + user_sudo: true + user_sshkeys: [] + - user_name: go4243 + user_sudo: true + user_sshkeys: [] + - user_name: vg763v + user_sudo: true + user_sshkeys: [] + - user_name: jb654e + user_sudo: true + user_sshkeys: [] + - user_name: dy270k + user_sudo: true + user_sshkeys: [] + - user_name: dn5242 + user_sudo: true + user_sshkeys: [] + - user_name: aw4825 + user_sudo: true + user_sshkeys: [] + - user_name: ak2685 + user_sudo: true + user_sshkeys: [] + - user_name: sd592v + user_sudo: true + user_sshkeys: [] + - user_name: dl2017 + user_sudo: true + user_sshkeys: [] + - user_name: kv289f + user_sudo: true + user_sshkeys: [] + - user_name: kp648d + user_sudo: true + user_sshkeys: [] + - user_name: mw145n + user_sudo: true + user_sshkeys: [] + - user_name: mm4762 + user_sudo: true + user_sshkeys: [] + - user_name: mk721p + user_sudo: true + user_sshkeys: [] + - user_name: ns707e + user_sudo: true + user_sshkeys: [] + - user_name: pk5294 + user_sudo: true + user_sshkeys: [] + - user_name: rg9968 + user_sudo: true + user_sshkeys: [] + - user_name: rk646r + user_sudo: true + user_sshkeys: [] + - user_name: sy825r + user_sudo: true + user_sshkeys: [] + - user_name: bj2343 + user_sudo: true + user_sshkeys: [] + - user_name: bd006h + user_sudo: true + user_sshkeys: [] + - user_name: nw288p + user_sudo: true + user_sshkeys: [] + - user_name: ja5277 + user_sudo: true + user_sshkeys: [] + - user_name: ds9665 + user_sudo: true + user_sshkeys: [] + - user_name: vp8178 + user_sudo: true + user_sshkeys: [] + - user_name: ag073n + user_sudo: true + user_sshkeys: [] + - user_name: ab4543 + user_sudo: true + user_sshkeys: [] + - user_name: ar074s + user_sudo: true + user_sshkeys: [] + - user_name: bg809e + user_sudo: true + user_sshkeys: [] + - user_name: sq074s + user_sudo: true + user_sshkeys: [] + - user_name: rg4437 + user_sudo: true + user_sshkeys: [] + - user_name: gb458m + user_sudo: true + user_sshkeys: [] + - user_name: ss254n + user_sudo: true + user_sshkeys: [] + - user_name: sd069n + user_sudo: true + user_sshkeys: [] + - user_name: sk559p + user_sudo: true + user_sshkeys: [] + - user_name: sp781b + user_sudo: true + user_sshkeys: [] + - user_name: sc842d + user_sudo: true + user_sshkeys: [] + - user_name: ml844w + user_sudo: true + user_sshkeys: [] + - user_name: as487m + user_sudo: true + user_sshkeys: [] + - user_name: ms8227 + user_sudo: true + user_sshkeys: [] + - user_name: ag073n + user_sudo: true + user_sshkeys: [] + - user_name: vv8334 + user_sudo: true + user_sshkeys: [] + - user_name: ar074s + user_sudo: true + user_sshkeys: [] + - user_name: sy336r + user_sudo: true + user_sshkeys: [] + - user_name: sk562s + user_sudo: true + user_sshkeys: [] + - user_name: ag878f + user_sudo: true + user_sshkeys: [] +... diff --git a/spyglass/examples/templates/software/config/common-software-config.yaml.j2 b/spyglass/examples/templates/software/config/common-software-config.yaml.j2 new file mode 100644 index 0000000..d1bb309 --- /dev/null +++ b/spyglass/examples/templates/software/config/common-software-config.yaml.j2 @@ -0,0 +1,16 @@ +--- +# The purpose of this file is to define site-specific common software config +# paramters. +# #SITE-PROMOTION-CANDIDATE# would require subsitutions out of common-addresses +schema: pegleg/CommonSoftwareConfig/v1 +metadata: + schema: metadata/Document/v1 + name: common-software-config + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + osh: + # NEWSITE-CHANGEME: Replace with the site name + region_name: {{ data['region_name'] }} diff --git a/spyglass/examples/templates/software/config/endpoints.yaml.j2 b/spyglass/examples/templates/software/config/endpoints.yaml.j2 new file mode 100644 index 0000000..c267129 --- /dev/null +++ b/spyglass/examples/templates/software/config/endpoints.yaml.j2 @@ -0,0 +1,1312 @@ +--- +# The purpose of this file is to define the site's endpoint catalog. This should +# not need to be modified for a new site. +# #GLOBAL-CANDIDATE# +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .ucp.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .ucp.shipyard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: deckhand/Certificate/v1 + name: ingress-crt + path: . + dest: + - path: .ucp.identity.host_fqdn_override.public.tls.crt + - path: .ucp.shipyard.host_fqdn_override.public.tls.crt + - path: .ceph.object_store.host_fqdn_override.public.tls.crt + - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt + - src: + schema: deckhand/CertificateAuthority/v1 + name: ingress-ca + path: . + dest: + - path: .ucp.identity.host_fqdn_override.public.tls.ca + - path: .ucp.shipyard.host_fqdn_override.public.tls.ca + - path: .ceph.object_store.host_fqdn_override.public.tls.ca + - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca + - src: + schema: deckhand/CertificateKey/v1 + name: ingress-key + path: . + dest: + - path: .ucp.identity.host_fqdn_override.public.tls.key + - path: .ucp.shipyard.host_fqdn_override.public.tls.key + - path: .ceph.object_store.host_fqdn_override.public.tls.key + - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key +data: + ucp: + identity: + namespace: ucp + name: keystone + hosts: + default: keystone-api + public: keystone + host_fqdn_override: + default: null + public: + host: iam.DOMAIN + admin: + host: iam.DOMAIN + path: + default: /v3 + scheme: + default: "https" + internal: "http" + port: + api: + default: 443 + internal: 5000 + armada: + name: armada + hosts: + default: armada-api + public: armada + port: + api: + default: 8000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + deckhand: + name: deckhand + hosts: + default: deckhand-int + public: deckhand-api + port: + api: + default: 9000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + postgresql: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + postgresql_airflow_celery: + name: postgresql_airflow_celery_db + hosts: + default: postgresql + path: /DB_NAME + scheme: db+postgresql + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + key_manager: + name: barbican + hosts: + default: barbican-api + public: barbican + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: "http" + port: + api: + default: 9311 + public: 80 + oslo_messaging: + namespace: null + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + physicalprovisioner: + name: drydock + hosts: + default: drydock-api + port: + api: + default: 9000 + nodeport: 31900 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + maas_region_ui: + name: maas-region-ui + hosts: + default: maas-region-ui + public: maas + path: + default: /MAAS + scheme: + default: "http" + port: + region_ui: + default: 80 + public: 80 + host_fqdn_override: + default: null + kubernetesprovisioner: + name: promenade + hosts: + default: promenade-api + port: + api: + default: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + shipyard: + name: shipyard + hosts: + default: shipyard-int + public: shipyard-api + port: + api: + default: 9000 + public: 443 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "https" + host_fqdn_override: + default: null + public: + host: shipyard.DOMAIN + airflow_web: + name: airflow-web + hosts: + default: airflow-web-int + public: airflow-web + port: + airflow_web: + default: 8080 + path: + default: / + scheme: + default: "http" + host_fqdn_override: + default: null + airflow_flower: + name: airflow-flower + hosts: + default: airflow-flower + port: + airflow_flower: + default: 5555 + path: + default: / + scheme: + default: "http" + host_fqdn_override: + default: null + prometheus_openstack_exporter: + namespace: ucp + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + ceph: + object_store: + name: swift + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store.DOMAIN + path: + default: /swift/v1 + scheme: + default: "http" + public: "https" + port: + api: + default: 8088 + public: 443 + ceph_object_store: + name: radosgw + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "https" + port: + api: + default: 8088 + public: 443 + ceph_mon: + namespace: ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6789 + ceph_mgr: + namespace: ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7000 + scheme: + default: "http" + tenant_ceph_mon: + namespace: tenant-ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6790 + tenant_ceph_mgr: + namespace: tenant-ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7001 + metrics: + default: 9284 + scheme: + default: http +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.image.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.cloudformation.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.orchestration.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.placement.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.network.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .osh.dashboard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volume.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev2.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev3.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: deckhand/Certificate/v1 + name: ingress-crt + path: . + dest: + - path: .osh.object_store.host_fqdn_override.public.tls.crt + - path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt + - path: .osh.identity.host_fqdn_override.public.tls.crt + - path: .osh.orchestration.host_fqdn_override.public.tls.crt + - path: .osh.cloudformation.host_fqdn_override.public.tls.crt + - path: .osh.dashboard.host_fqdn_override.public.tls.crt + - path: .osh.image.host_fqdn_override.public.tls.crt + - path: .osh.volume.host_fqdn_override.public.tls.crt + - path: .osh.volumev2.host_fqdn_override.public.tls.crt + - path: .osh.volumev3.host_fqdn_override.public.tls.crt + - path: .osh.compute.host_fqdn_override.public.tls.crt + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt + - path: .osh.placement.host_fqdn_override.public.tls.crt + - path: .osh.network.host_fqdn_override.public.tls.crt + - src: + schema: deckhand/CertificateAuthority/v1 + name: ingress-ca + path: . + dest: + - path: .osh.object_store.host_fqdn_override.public.tls.ca + - path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca + - path: .osh.identity.host_fqdn_override.public.tls.ca + - path: .osh.orchestration.host_fqdn_override.public.tls.ca + - path: .osh.cloudformation.host_fqdn_override.public.tls.ca + - path: .osh.dashboard.host_fqdn_override.public.tls.ca + - path: .osh.image.host_fqdn_override.public.tls.ca + - path: .osh.volume.host_fqdn_override.public.tls.ca + - path: .osh.volumev2.host_fqdn_override.public.tls.ca + - path: .osh.volumev3.host_fqdn_override.public.tls.ca + - path: .osh.compute.host_fqdn_override.public.tls.ca + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca + - path: .osh.placement.host_fqdn_override.public.tls.ca + - path: .osh.network.host_fqdn_override.public.tls.ca + - src: + schema: deckhand/CertificateKey/v1 + name: ingress-key + path: . + dest: + - path: .osh.object_store.host_fqdn_override.public.tls.key + - path: .osh.ceph_object_store.host_fqdn_override.public.tls.key + - path: .osh.identity.host_fqdn_override.public.tls.key + - path: .osh.orchestration.host_fqdn_override.public.tls.key + - path: .osh.cloudformation.host_fqdn_override.public.tls.key + - path: .osh.dashboard.host_fqdn_override.public.tls.key + - path: .osh.image.host_fqdn_override.public.tls.key + - path: .osh.volume.host_fqdn_override.public.tls.key + - path: .osh.volumev2.host_fqdn_override.public.tls.key + - path: .osh.volumev3.host_fqdn_override.public.tls.key + - path: .osh.compute.host_fqdn_override.public.tls.key + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key + - path: .osh.placement.host_fqdn_override.public.tls.key + - path: .osh.network.host_fqdn_override.public.tls.key +data: + osh: + object_store: + name: swift + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store.DOMAIN + path: + default: /swift/v1/KEY_$(tenant_id)s + scheme: + default: "http" + public: "https" + port: + api: + default: 8088 + public: 443 + ceph_object_store: + name: radosgw + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "https" + port: + api: + default: 8088 + public: 443 + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + prometheus_mysql_exporter: + namespace: openstack + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + keystone_oslo_messaging: + namespace: openstack + hosts: + default: keystone-rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + keystone_rabbitmq_exporter: + namespace: openstack + hosts: + default: keystone-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + oslo_cache: + namespace: openstack + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + identity: + namespace: openstack + name: keystone + hosts: + default: keystone-api + public: keystone + admin: keystone-api + internal: keystone-api + host_fqdn_override: + default: null + public: + host: identity.DOMAIN + admin: + host: identity.DOMAIN + path: + default: /v3 + scheme: + default: "https" + internal: "http" + port: + api: + default: 443 + internal: 5000 + glance_oslo_messaging: + namespace: openstack + hosts: + default: glance-rabbitmq + host_fqdn_override: + default: null + path: /glance + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + glance_rabbitmq_exporter: + namespace: openstack + hosts: + default: glance-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + image: + name: glance + hosts: + default: glance-api + public: glance + host_fqdn_override: + default: null + public: + host: image.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + api: + default: 9292 + public: 443 + image_registry: + name: glance-registry + hosts: + default: glance-registry + public: glance-reg + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9191 + public: 80 + cinder_oslo_messaging: + namespace: openstack + hosts: + default: cinder-rabbitmq + host_fqdn_override: + default: null + path: /cinder + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + cinder_rabbitmq_exporter: + namespace: openstack + hosts: + default: cinder-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + volume: + name: cinder + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume.DOMAIN + path: + default: "/v1/%(tenant_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8776 + public: 443 + volumev2: + name: cinderv2 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8776 + public: 443 + volumev3: + name: cinderv3 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume.DOMAIN + path: + default: "/v3/%(tenant_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8776 + public: 443 + heat_oslo_messaging: + namespace: openstack + hosts: + default: heat-rabbitmq + host_fqdn_override: + default: null + path: /heat + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + heat_rabbitmq_exporter: + namespace: openstack + hosts: + default: heat-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + orchestration: + name: heat + hosts: + default: heat-api + public: heat + host_fqdn_override: + default: null + public: + host: orchestration.DOMAIN + path: + default: "/v1/%(project_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8004 + public: 443 + cloudformation: + name: heat-cfn + hosts: + default: heat-cfn + public: cloudformation + host_fqdn_override: + default: null + public: + host: cloudformation.DOMAIN + path: + default: /v1 + scheme: + default: "http" + public: "https" + port: + api: + default: 8000 + public: 443 + cloudwatch: + name: heat-cloudwatch + hosts: + default: heat-cloudwatch + public: cloudwatch + host_fqdn_override: + default: null + path: + default: null + type: null + scheme: + default: "http" + port: + api: + default: 8003 + public: 80 + neutron_oslo_messaging: + namespace: openstack + hosts: + default: neutron-rabbitmq + host_fqdn_override: + default: null + path: /neutron + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + neutron_rabbitmq_exporter: + namespace: openstack + hosts: + default: neutron-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + network: + name: neutron + hosts: + default: neutron-server + public: neutron + host_fqdn_override: + default: null + public: + host: network.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + api: + default: 9696 + public: 443 + nova_oslo_messaging: + namespace: openstack + hosts: + default: nova-rabbitmq + host_fqdn_override: + default: null + path: /nova + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + nova_rabbitmq_exporter: + namespace: openstack + hosts: + default: nova-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + compute: + name: nova + hosts: + default: nova-api + public: nova + host_fqdn_override: + default: null + public: + host: compute.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8774 + public: 443 + novncproxy: + default: 443 + compute_metadata: + name: nova + hosts: + default: nova-metadata + public: metadata + host_fqdn_override: + default: null + path: + default: / + scheme: + default: "http" + port: + metadata: + default: 8775 + public: 80 + compute_novnc_proxy: + name: nova + hosts: + default: nova-novncproxy + public: novncproxy + host_fqdn_override: + default: null + public: + host: nova-novncproxy.DOMAIN + path: + default: /vnc_auto.html + scheme: + default: "http" + public: "https" + port: + novnc_proxy: + default: 6080 + public: 443 + compute_spice_proxy: + name: nova + hosts: + default: nova-spiceproxy + host_fqdn_override: + default: null + path: + default: /spice_auto.html + scheme: + default: "http" + port: + spice_proxy: + default: 6082 + placement: + name: placement + hosts: + default: placement-api + public: placement + host_fqdn_override: + default: null + public: + host: placement.DOMAIN + path: + default: / + scheme: + default: "http" + public: "https" + port: + api: + default: 8778 + public: 443 + dashboard: + name: horizon + hosts: + default: horizon-int + public: horizon + host_fqdn_override: + default: null + public: + host: dashboard.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + web: + default: 80 + public: 443 +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.grafana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.nagios.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: deckhand/Certificate/v1 + name: ingress-crt + path: . + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.tls.crt + - path: .osh_infra.grafana.host_fqdn_override.public.tls.crt + - path: .osh_infra.nagios.host_fqdn_override.public.tls.crt + - src: + schema: deckhand/CertificateAuthority/v1 + name: ingress-ca + path: . + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.tls.ca + - path: .osh_infra.grafana.host_fqdn_override.public.tls.ca + - path: .osh_infra.nagios.host_fqdn_override.public.tls.ca + - src: + schema: deckhand/CertificateKey/v1 + name: ingress-key + path: . + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.tls.key + - path: .osh_infra.grafana.host_fqdn_override.public.tls.key + - path: .osh_infra.nagios.host_fqdn_override.public.tls.key + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.base_url + dest: + path: .osh_infra.ldap.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.auth_path + dest: + path: .osh_infra.ldap.path.default + pattern: AUTH_PATH +data: + osh_infra: + ceph_object_store: + name: radosgw + namespace: osh-infra + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 8088 + public: 80 + elasticsearch: + name: elasticsearch + namespace: osh-infra + hosts: + data: elasticsearch-data + default: elasticsearch-logging + discovery: elasticsearch-discovery + public: elasticsearch + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + client: + default: 9200 + http: + default: 80 + discovery: + default: 9300 + prometheus_elasticsearch_exporter: + namespace: null + hosts: + default: elasticsearch-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9108 + fluentd: + namespace: osh-infra + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + service: + default: 24224 + metrics: + default: 24220 + prometheus_fluentd_exporter: + namespace: osh-infra + hosts: + default: fluentd-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9309 + oslo_db: + namespace: osh-infra + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + prometheus_mysql_exporter: + namespace: osh-infra + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + grafana: + name: grafana + namespace: osh-infra + hosts: + default: grafana-dashboard + public: grafana + host_fqdn_override: + default: null + public: + host: grafana.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + grafana: + default: 3000 + public: 443 + monitoring: + name: prometheus + namespace: osh-infra + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9090 + http: + default: 80 + kibana: + name: kibana + namespace: osh-infra + hosts: + default: kibana-dash + public: kibana + host_fqdn_override: + default: null + public: + host: kibana.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + kibana: + default: 5601 + public: 443 + alerts: + name: alertmanager + namespace: osh-infra + hosts: + default: alerts-engine + public: alertmanager + discovery: alertmanager-discovery + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9093 + public: 80 + mesh: + default: 6783 + kube_state_metrics: + namespace: kube-system + hosts: + default: kube-state-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + http: + default: 8080 + kube_scheduler: + scheme: + default: "http" + path: + default: /metrics + kube_controller_manager: + scheme: + default: "http" + path: + default: /metrics + node_metrics: + namespace: kube-system + hosts: + default: node-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9100 + prometheus_port: + default: 9100 + process_exporter_metrics: + namespace: kube-system + hosts: + default: process-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9256 + prometheus_openstack_exporter: + namespace: openstack + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + nagios: + name: nagios + namespace: osh-infra + hosts: + default: nagios-metrics + public: nagios + host_fqdn_override: + default: null + public: + host: nagios.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + http: + default: 80 + public: 443 + ldap: + hosts: + default: ldap + host_fqdn_override: + default: null + public: + host: DOMAIN + path: + default: /AUTH_PATH + scheme: + default: "ldap" + port: + ldap: + default: 389 +... + diff --git a/spyglass/examples/templates/software/config/service_accounts.yaml.j2 b/spyglass/examples/templates/software/config/service_accounts.yaml.j2 new file mode 100644 index 0000000..50ecfb6 --- /dev/null +++ b/spyglass/examples/templates/software/config/service_accounts.yaml.j2 @@ -0,0 +1,443 @@ +--- +# The purpose of this file is to define the account catalog for the site. This +# mostly contains service usernames, but also contain some information which +# should be changed like the region (site) name. +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + postgres: + admin: + username: postgres + oslo_db: + admin: + username: root + oslo_messaging: + admin: + username: rabbitmq + keystone: + admin: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + oslo_db: + username: keystone + database: keystone + promenade: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: promenade + drydock: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + postgres: + username: drydock + database: drydock + shipyard: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + postgres: + username: shipyard + database: shipyard + airflow: + postgres: + username: airflow + database: airflow + oslo_messaging: + username: rabbitmq + maas: + admin: + username: admin + email: none@none + postgres: + username: maas + database: maasdb + barbican: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: barbican + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + armada: + keystone: + project_domain_name: default + user_domain_name: default + project_name: service + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + user_domain_name: default + username: armada + deckhand: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: deckhand + postgres: + username: deckhand + database: deckhand + prometheus_openstack_exporter: + user: + region_name: RegionOne + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + ceph: + swift: + keystone: + role: admin + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: swift + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.keystone.admin.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.cinder.cinder.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.glance.glance.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_trustee.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_stack_user.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.swift.keystone.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.neutron.neutron.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.nova.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.placement.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name +data: + osh: + keystone: + admin: + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_db: + username: keystone + database: keystone + oslo_messaging: + admin: + username: keystone-rabbitmq-admin + keystone: + username: keystone-rabbitmq-user + ldap: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + username: "test@ldap.example.com" + cinder: + cinder: + role: admin + username: cinder + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: cinder + database: cinder + oslo_messaging: + admin: + username: cinder-rabbitmq-admin + cinder: + username: cinder-rabbitmq-user + glance: + glance: + role: admin + username: glance + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: glance + database: glance + oslo_messaging: + admin: + username: glance-rabbitmq-admin + glance: + username: glance-rabbitmq-user + ceph_object_store: + username: glance + heat: + heat: + role: admin + username: heat + project_name: service + user_domain_name: default + project_domain_name: default + heat_trustee: + role: admin + username: heat-trust + project_name: service + user_domain_name: default + project_domain_name: default + heat_stack_user: + role: admin + username: heat-domain + domain_name: heat + oslo_db: + username: heat + database: heat + oslo_messaging: + admin: + username: heat-rabbitmq-admin + heat: + username: heat-rabbitmq-user + swift: + keystone: + role: admin + username: swift + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-oslodb-exporter + neutron: + neutron: + role: admin + username: neutron + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: neutron + database: neutron + oslo_messaging: + admin: + username: neutron-rabbitmq-admin + neutron: + username: neutron-rabbitmq-user + nova: + nova: + role: admin + username: nova + project_name: service + user_domain_name: default + project_domain_name: default + placement: + role: admin + username: placement + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: nova + database: nova + oslo_db_api: + username: nova + database: nova_api + oslo_db_cell0: + username: nova + database: "nova_cell0" + oslo_messaging: + admin: + username: nova-rabbitmq-admin + nova: + username: nova-rabbitmq-user + horizon: + oslo_db: + username: horizon + database: horizon + barbican: + barbican: + role: admin + username: barbican + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: barbican-rabbitmq-admin + barbican: + username: barbican-rabbitmq-user +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh_infra.prometheus_openstack_exporter.user.region_name +data: + osh_infra: + ceph_object_store: + admin: + username: s3_admin + elasticsearch: + username: elasticsearch + grafana: + admin: + username: grafana + oslo_db: + username: grafana + database: grafana + oslo_db_session: + username: grafana_session + database: grafana_session + elasticsearch: + admin: + username: elasticsearch + kibana: + admin: + username: kibana + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-infra-oslodb-exporter + prometheus_openstack_exporter: + user: + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + nagios: + admin: + username: nagios + prometheus: + admin: + username: prometheus + ldap: + admin: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + bind: "test@ldap.example.com" +... + diff --git a/spyglass/parser/engine.py b/spyglass/parser/engine.py index 9a8d23f..a330d5f 100644 --- a/spyglass/parser/engine.py +++ b/spyglass/parser/engine.py @@ -18,7 +18,6 @@ import logging import pkg_resources import pprint import sys - import jsonschema import netaddr import yaml @@ -50,9 +49,14 @@ class ProcessDataSource(): self.sitetype = None self.genesis_node = None self.region_name = None + self.network_subnets = None def _get_network_subnets(self): - # Extract subnet information for networks + """ Extract subnet information for networks. + + + In some networks, there are multiple subnets, in that case + we assign only the first subnet """ LOG.info("Extracting network subnets") network_subnets = {} for net_type in self.data['network']['vlan_network_data']: @@ -60,37 +64,35 @@ class ProcessDataSource(): if (net_type != 'ingress'): network_subnets[net_type] = netaddr.IPNetwork( self.data['network']['vlan_network_data'][net_type] - ['subnet']) + ['subnet'][0]) LOG.debug("Network subnets:\n{}".format( pprint.pformat(network_subnets))) return network_subnets def _get_genesis_node_details(self): - # Returns the genesis node details - LOG.info("Getting Genesis Node Details") + # Get genesis host node details from the hosts based on host type for racks in self.data['baremetal'].keys(): rack_hosts = self.data['baremetal'][racks] for host in rack_hosts: if rack_hosts[host]['type'] == 'genesis': self.genesis_node = rack_hosts[host] self.genesis_node['name'] = host - - LOG.debug("Genesis Node Details:{}".format( + LOG.debug("Genesis Node Details:\n{}".format( pprint.pformat(self.genesis_node))) - def _validate_extracted_data(self, data): - """ Validates the extracted data from input source. + def _validate_intermediary_data(self, data): + """ Validates the intermediary data before generating manifests. It checks wether the data types and data format are as expected. The method validates this with regex pattern defined for each data type. """ - LOG.info('Validating data read from extracted data') + LOG.info('Validating Intermediary data') temp_data = {} + # Peforming a deep copy temp_data = copy.deepcopy(data) - # Converting baremetal dict to list. baremetal_list = [] for rack in temp_data['baremetal'].keys(): @@ -103,7 +105,6 @@ class ProcessDataSource(): json_data = json.loads(json.dumps(temp_data)) with open(schema_file, 'r') as f: json_schema = json.load(f) - try: # Suppressing writing of data2.json. Can use it for debugging with open('data2.json', 'w') as outfile: @@ -143,7 +144,6 @@ class ProcessDataSource(): rules_yaml = yaml.safe_load(rules_data_raw) rules_data = {} rules_data.update(rules_yaml) - for rule in rules_data.keys(): rule_name = rules_data[rule]['name'] function_str = "_apply_rule_" + rule_name @@ -153,12 +153,75 @@ class ProcessDataSource(): LOG.info("Applying rule:{}".format(rule_name)) def _apply_rule_host_profile_interfaces(self, rule_data): + # TODO(pg710r)Nothing to do as of now since host profile + # information is already present in plugin data. + # This function shall be defined if plugin data source + # doesn't provide host profile information. pass def _apply_rule_hardware_profile(self, rule_data): - pass + """ Apply rules to define host type from hardware profile info. + + + Host profile will define host types as "controller, compute or + genesis". The rule_data has pre-defined information to define + compute or controller based on host_profile. For defining 'genesis' + the first controller host is defined as genesis.""" + is_genesis = False + hardware_profile = rule_data[self.data['site_info']['sitetype']] + # Getting individual racks. The racks are sorted to ensure that the + # first controller of the first rack is assigned as 'genesis' node. + for rack in sorted(self.data['baremetal'].keys()): + # Getting individual hosts in each rack. Sorting of the hosts are + # done to determine the genesis node. + for host in sorted(self.data['baremetal'][rack].keys()): + host_info = self.data['baremetal'][rack][host] + if (host_info['host_profile'] == hardware_profile[ + 'profile_name']['ctrl']): + if not is_genesis: + host_info['type'] = 'genesis' + is_genesis = True + else: + host_info['type'] = 'controller' + else: + host_info['type'] = 'compute' def _apply_rule_ip_alloc_offset(self, rule_data): + """ Apply offset rules to update baremetal host ip's and vlan network + data """ + + # Get network subnets + self.network_subnets = self._get_network_subnets() + + self._update_vlan_net_data(rule_data) + self._update_baremetal_host_ip_data(rule_data) + + def _update_baremetal_host_ip_data(self, rule_data): + """ Update baremetal host ip's for applicable networks. + + + The applicable networks are oob, oam, ksn, storage and overlay. + These IPs are assigned based on network subnets ranges. + If a particular ip exists it is overridden.""" + + # Ger defult ip offset + default_ip_offset = rule_data['default'] + + host_idx = 0 + LOG.info("Update baremetal host ip's") + for racks in self.data['baremetal'].keys(): + rack_hosts = self.data['baremetal'][racks] + for host in rack_hosts: + host_networks = rack_hosts[host]['ip'] + for net in host_networks: + ips = list(self.network_subnets[net]) + host_networks[net] = str(ips[host_idx + default_ip_offset]) + host_idx = host_idx + 1 + + LOG.debug("Updated baremetal host:\n{}".format( + pprint.pformat(self.data['baremetal']))) + + def _update_vlan_net_data(self, rule_data): """ Offset allocation rules to determine ip address range(s) @@ -166,7 +229,6 @@ class ProcessDataSource(): network address, gateway ip and other address ranges """ LOG.info("Apply network design rules") - vlan_network_data = {} # Collect Rules default_ip_offset = rule_data['default'] @@ -179,7 +241,7 @@ class ProcessDataSource(): dhcp_ip_end_offset = rule_data['dhcp_ip_end'] # Set ingress vip and CIDR for bgp - LOG.info("Applying rule to network bgp data") + LOG.info("Apply network design rules:bgp") subnet = netaddr.IPNetwork( self.data['network']['vlan_network_data']['ingress']['subnet'][0]) ips = list(subnet) @@ -190,27 +252,24 @@ class ProcessDataSource(): LOG.debug("Updated network bgp data:\n{}".format( pprint.pformat(self.data['network']['bgp']))) - LOG.info("Applying rule to vlan network data") - # Get network subnets - network_subnets = self._get_network_subnets() + LOG.info("Apply network design rules:vlan") # Apply rules to vlan networks - for net_type in network_subnets: + for net_type in self.network_subnets: if net_type == 'oob': ip_offset = oob_ip_offset else: ip_offset = default_ip_offset - vlan_network_data[net_type] = {} - subnet = network_subnets[net_type] + + subnet = self.network_subnets[net_type] ips = list(subnet) - vlan_network_data[net_type]['network'] = str( - network_subnets[net_type]) + self.data['network']['vlan_network_data'][net_type][ + 'gateway'] = str(ips[gateway_ip_offset]) - vlan_network_data[net_type]['gateway'] = str( - ips[gateway_ip_offset]) - - vlan_network_data[net_type]['reserved_start'] = str(ips[1]) - vlan_network_data[net_type]['reserved_end'] = str(ips[ip_offset]) + self.data['network']['vlan_network_data'][net_type][ + 'reserved_start'] = str(ips[1]) + self.data['network']['vlan_network_data'][net_type][ + 'reserved_end'] = str(ips[ip_offset]) static_start = str(ips[ip_offset + 1]) static_end = str(ips[static_ip_end_offset]) @@ -221,69 +280,78 @@ class ProcessDataSource(): dhcp_start = str(ips[mid]) dhcp_end = str(ips[dhcp_ip_end_offset]) - vlan_network_data[net_type]['dhcp_start'] = dhcp_start - vlan_network_data[net_type]['dhcp_end'] = dhcp_end + self.data['network']['vlan_network_data'][net_type][ + 'dhcp_start'] = dhcp_start + self.data['network']['vlan_network_data'][net_type][ + 'dhcp_end'] = dhcp_end - vlan_network_data[net_type]['static_start'] = static_start - vlan_network_data[net_type]['static_end'] = static_end + self.data['network']['vlan_network_data'][net_type][ + 'static_start'] = static_start + self.data['network']['vlan_network_data'][net_type][ + 'static_end'] = static_end # There is no vlan for oob network if (net_type != 'oob'): - vlan_network_data[net_type]['vlan'] = self.data['network'][ - 'vlan_network_data'][net_type]['vlan'] + self.data['network']['vlan_network_data'][net_type][ + 'vlan'] = self.data['network']['vlan_network_data'][ + net_type]['vlan'] # OAM have default routes. Only for cruiser. TBD if (net_type == 'oam'): routes = ["0.0.0.0/0"] else: routes = [] - vlan_network_data[net_type]['routes'] = routes - - # Update network data to self.data - self.data['network']['vlan_network_data'][ - net_type] = vlan_network_data[net_type] + self.data['network']['vlan_network_data'][net_type][ + 'routes'] = routes LOG.debug("Updated vlan network data:\n{}".format( - pprint.pformat(vlan_network_data))) + pprint.pformat(self.data['network']['vlan_network_data']))) def load_extracted_data_from_data_source(self, extracted_data): """ Function called from spyglass.py to pass extracted data from input data source """ - LOG.info("Load extracted data from data source") - self._validate_extracted_data(extracted_data) + # TBR(pg710r): for internal testing + """ + raw_data = self._read_file('extracted_data.yaml') + extracted_data = yaml.safe_load(raw_data) + """ + + LOG.info("Loading plugin data source") self.data = extracted_data - LOG.debug("Extracted data from plugin data source:\n{}".format( + LOG.debug("Extracted data from plugin:\n{}".format( pprint.pformat(extracted_data))) extracted_file = "extracted_file.yaml" yaml_file = yaml.dump(extracted_data, default_flow_style=False) with open(extracted_file, 'w') as f: f.write(yaml_file) + f.close() # Append region_data supplied from CLI to self.data self.data['region_name'] = self.region_name def dump_intermediary_file(self, intermediary_dir): - """ Dumping intermediary yaml """ - LOG.info("Dumping intermediary yaml") + """ Writing intermediary yaml """ + LOG.info("Writing intermediary yaml") intermediary_file = "{}_intermediary.yaml".format( self.data['region_name']) - # Check of if output dir = intermediary_dir exists if intermediary_dir is not None: outfile = "{}/{}".format(intermediary_dir, intermediary_file) else: outfile = intermediary_file - LOG.info("Intermediary file dir:{}".format(outfile)) + LOG.info("Intermediary file:{}".format(outfile)) yaml_file = yaml.dump(self.data, default_flow_style=False) with open(outfile, 'w') as f: f.write(yaml_file) + f.close() def generate_intermediary_yaml(self): """ Generating intermediary yaml """ - LOG.info("Generating intermediary yaml") + LOG.info("Start: Generate Intermediary") self._apply_design_rules() self._get_genesis_node_details() + self._validate_intermediary_data(self.data) self.intermediary_yaml = self.data return self.intermediary_yaml diff --git a/spyglass/site_processors/site_processor.py b/spyglass/site_processors/site_processor.py index 57e51f0..9f65e2d 100644 --- a/spyglass/site_processors/site_processor.py +++ b/spyglass/site_processors/site_processor.py @@ -13,7 +13,6 @@ # limitations under the License. import logging -import pkg_resources import os from jinja2 import Environment from jinja2 import FileSystemLoader @@ -27,7 +26,7 @@ class SiteProcessor(BaseProcessor): self.yaml_data = intermediary_yaml self.manifest_dir = manifest_dir - def render_template(self): + def render_template(self, template_dir): """ The method renders network config yaml from j2 templates. @@ -42,8 +41,7 @@ class SiteProcessor(BaseProcessor): site_manifest_dir = 'pegleg_manifests/site/' LOG.info("Site manifest output dir:{}".format(site_manifest_dir)) - template_software_dir = pkg_resources.resource_filename( - 'spyglass', 'templates/') + template_software_dir = template_dir + '/' template_dir_abspath = os.path.dirname(template_software_dir) LOG.debug("Template Path:%s", template_dir_abspath) diff --git a/spyglass/spyglass.py b/spyglass/spyglass.py index 4b0a03e..0ff92b3 100644 --- a/spyglass/spyglass.py +++ b/spyglass/spyglass.py @@ -67,6 +67,23 @@ LOG = logging.getLogger('spyglass') '-mdir', type=click.Path(exists=True), help='The path where manifest files needs to be generated') +@click.option( + '--template_dir', + '-tdir', + type=click.Path(exists=True), + help='The path where J2 templates are available') +@click.option( + '--excel', + '-x', + multiple=True, + type=click.Path(exists=True), + help= + 'Path to engineering excel file, to be passed with generate_intermediary') +@click.option( + '--excel_spec', + '-e', + type=click.Path(exists=True), + help='Path to excel spec, to be passed with generate_intermediary') @click.option( '--loglevel', '-l', @@ -83,6 +100,7 @@ def main(*args, **kwargs): manifest_dir = kwargs['manifest_dir'] intermediary = kwargs['intermediary'] site = kwargs['site'] + template_dir = kwargs['template_dir'] loglevel = kwargs['loglevel'] # Set Logging format @@ -94,7 +112,7 @@ def main(*args, **kwargs): LOG.addHandler(stream_handle) LOG.info("Spyglass start") - LOG.debug("CLI Parameters passed:\n{}".format(kwargs)) + LOG.info("CLI Parameters passed:\n{}".format(kwargs)) if not (generate_intermediary or generate_manifests): LOG.error("Invalid CLI parameters passed!! Spyglass exited") @@ -102,6 +120,14 @@ def main(*args, **kwargs): LOG.info("CLI Parameters:\n{}".format(kwargs)) exit() + if generate_manifests: + if template_dir is None: + LOG.error("Template directory not specified!! Spyglass exited") + LOG.error( + "It is mandatory to provide it when generate_manifests is true" + ) + exit() + # Generate Intermediary yaml and manifests extracting data # from data source specified by plugin type intermediary_yaml = {} @@ -163,7 +189,7 @@ def main(*args, **kwargs): if generate_manifests: LOG.info("Generating site Manifests") processor_engine = SiteProcessor(intermediary_yaml, manifest_dir) - processor_engine.render_template() + processor_engine.render_template(template_dir) LOG.info("Spyglass Execution Completed")