From 4a8e2720e189aaba7978e738d18736741e8b559d Mon Sep 17 00:00:00 2001 From: Purnendu Ghosh Date: Thu, 29 Nov 2018 02:20:31 +0530 Subject: [PATCH] Base Code for Tugboat Plugin and Addition of config files, templates --- doc/requirements.txt | 3 + doc/source/conf.py | 129 + doc/source/getting_started.rst | 132 + doc/source/index.rst | 34 + spyglass/__init__.py | 0 spyglass/config/__init__.py | 0 spyglass/config/rules.yaml | 38 + spyglass/data_extractor/base.py | 31 +- spyglass/data_extractor/plugins/formation.py | 4 +- .../plugins/tugboat/check_exceptions.py | 35 + .../data_extractor/plugins/tugboat/tugboat.py | 350 ++ spyglass/examples/SiteDesignSpec_v0.1.xlsx | Bin 0 -> 17291 bytes spyglass/examples/excel_spec.yaml | 63 + spyglass/examples/site_config.yaml | 33 + .../baremetal/bootactions/promjoin.yaml.j2 | 26 + .../templates/baremetal/nodes.yaml.j2 | 51 + .../deployment/deployment-strategy.yaml.j2 | 90 + .../networks/common_addresses.yaml.j2 | 107 + .../networks/physical/networks.yaml.j2 | 251 ++ .../templates/pki/pki-catalogue.yaml.j2 | 187 ++ .../templates/profile/genesis.yaml.j2 | 40 + .../profile/hardware/dell_r720.yaml.j2 | 76 + .../templates/profile/host/cp_r720.yaml.j2 | 270 ++ .../templates/profile/host/dp_r720.yaml.j2 | 103 + .../examples/templates/profile/region.yaml.j2 | 35 + .../secrets/certificates/certificates.yaml.j2 | 2806 +++++++++++++++++ .../secrets/certificates/ingress.yaml.j2 | 135 + .../templates/site-definition.yaml.j2 | 17 + .../software/charts/kubernetes/etcd.yaml.j2 | 96 + .../charts/kubernetes/etcd/etcd.yaml.j2 | 92 + .../charts/kubernetes/ingress/ingress.yaml.j2 | 28 + .../osh-infra-logging/elasticsearch.yaml.j2 | 16 + .../osh-infra-logging/fluent-logging.yaml | 16 + .../osh/openstack-compute-kit/neutron.yaml.j2 | 23 + .../osh/openstack-compute-kit/nova.yaml.j2 | 25 + .../openstack-tenant-ceph/ceph-client.yaml.j2 | 22 + .../openstack-tenant-ceph/ceph-osd.yaml.j2 | 55 + .../charts/ucp/divingbell/divingbell.yaml.j2 | 603 ++++ .../config/common-software-config.yaml.j2 | 16 + .../software/config/endpoints.yaml.j2 | 1312 ++++++++ .../software/config/service_accounts.yaml.j2 | 443 +++ spyglass/parser/engine.py | 166 +- spyglass/site_processors/site_processor.py | 6 +- spyglass/spyglass.py | 30 +- 44 files changed, 7917 insertions(+), 78 deletions(-) create mode 100644 doc/requirements.txt create mode 100644 doc/source/conf.py create mode 100644 doc/source/getting_started.rst create mode 100644 doc/source/index.rst create mode 100644 spyglass/__init__.py create mode 100644 spyglass/config/__init__.py create mode 100644 spyglass/config/rules.yaml create mode 100644 spyglass/data_extractor/plugins/tugboat/check_exceptions.py create mode 100644 spyglass/data_extractor/plugins/tugboat/tugboat.py create mode 100644 spyglass/examples/SiteDesignSpec_v0.1.xlsx create mode 100644 spyglass/examples/excel_spec.yaml create mode 100644 spyglass/examples/site_config.yaml create mode 100644 spyglass/examples/templates/baremetal/bootactions/promjoin.yaml.j2 create mode 100644 spyglass/examples/templates/baremetal/nodes.yaml.j2 create mode 100644 spyglass/examples/templates/deployment/deployment-strategy.yaml.j2 create mode 100644 spyglass/examples/templates/networks/common_addresses.yaml.j2 create mode 100644 spyglass/examples/templates/networks/physical/networks.yaml.j2 create mode 100644 spyglass/examples/templates/pki/pki-catalogue.yaml.j2 create mode 100644 spyglass/examples/templates/profile/genesis.yaml.j2 create mode 100644 spyglass/examples/templates/profile/hardware/dell_r720.yaml.j2 create mode 100644 spyglass/examples/templates/profile/host/cp_r720.yaml.j2 create mode 100644 spyglass/examples/templates/profile/host/dp_r720.yaml.j2 create mode 100644 spyglass/examples/templates/profile/region.yaml.j2 create mode 100644 spyglass/examples/templates/secrets/certificates/certificates.yaml.j2 create mode 100644 spyglass/examples/templates/secrets/certificates/ingress.yaml.j2 create mode 100644 spyglass/examples/templates/site-definition.yaml.j2 create mode 100644 spyglass/examples/templates/software/charts/kubernetes/etcd.yaml.j2 create mode 100644 spyglass/examples/templates/software/charts/kubernetes/etcd/etcd.yaml.j2 create mode 100644 spyglass/examples/templates/software/charts/kubernetes/ingress/ingress.yaml.j2 create mode 100644 spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml.j2 create mode 100644 spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml create mode 100644 spyglass/examples/templates/software/charts/osh/openstack-compute-kit/neutron.yaml.j2 create mode 100644 spyglass/examples/templates/software/charts/osh/openstack-compute-kit/nova.yaml.j2 create mode 100644 spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml.j2 create mode 100644 spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml.j2 create mode 100644 spyglass/examples/templates/software/charts/ucp/divingbell/divingbell.yaml.j2 create mode 100644 spyglass/examples/templates/software/config/common-software-config.yaml.j2 create mode 100644 spyglass/examples/templates/software/config/endpoints.yaml.j2 create mode 100644 spyglass/examples/templates/software/config/service_accounts.yaml.j2 diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 0000000..38d8f59 --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,3 @@ +# Documentation +sphinx>=1.6.2 +sphinx_rtd_theme==0.2.4 diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100644 index 0000000..981fdc8 --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,129 @@ +# -*- coding: utf-8 -*- +# +# shipyard documentation build configuration file, created by +# sphinx-quickstart on Sat Sep 16 03:40:50 2017. +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# +import os +import sys +sys.path.insert(0, os.path.abspath('../../')) +import sphinx_rtd_theme + + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'sphinx.ext.todo', + 'sphinx.ext.viewcode', +] + +# Add any paths that contain templates here, relative to this directory. +# templates_path = [] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'tugboat' +copyright = u'2018 AT&T Intellectual Property.' +author = u'Tugboat Authors' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = u'0.1.0' +# The full version, including alpha/beta/rc tags. +release = u'0.1.0' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +# This patterns also effect to html_static_path and html_extra_path +exclude_patterns = [] + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# +html_theme = "sphinx_rtd_theme" +html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# +# html_theme_options = {} + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = [] + + +# -- Options for HTMLHelp output ------------------------------------------ + +# Output file base name for HTML help builder. +htmlhelp_basename = 'ucpintdoc' + + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # + # 'preamble': '', + + # Latex figure (float) alignment + # + # 'figure_align': 'htbp', +} diff --git a/doc/source/getting_started.rst b/doc/source/getting_started.rst new file mode 100644 index 0000000..1e502f4 --- /dev/null +++ b/doc/source/getting_started.rst @@ -0,0 +1,132 @@ +.. + Copyright 2018 AT&T Intellectual Property. + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + +=============== +Getting Started +=============== + +What is Spyglass? +---------------- + +Spyglass is a data extraction tool which can interface with +different input data sources to generate site manifest YAML files. +The data sources will provide all the configuration data needed +for a site deployment. These site manifest YAML files generated +by spyglass will be saved in a Git repository, from where Pegleg +can access and aggregate them. This aggregated file can then be +fed to Shipyard for site deployment / updates. + +Architecture +------------ + +:: + + +-----------+ +-------------+ + | | | +-------+ | + | | +------>| |Generic| | + +-----------+ | | | |Object | | + |Tugboat(Xl)| I | | | +-------+ | + |Plugin | N | | | | | + +-----------+ T | | | | | + | E | | | +------+ | + +------------+ R | | | |Parser| +------> Intermediary YAML + |Remote Data | F |---+ | +------+ | + |SourcePlugin| A | | | | + +------------+ C | | |(Intermediary YAML) + | E | | | | + | | | | | + | H | | v | + | A | | +---------+|(templates) +------------+ + | N | | |Site |+<--------------|Repository | + | D | | |Processor||-------------->|Adapter | + | L | | +---------+|(Generated +------------+ + | E | | ^ | Site Manifests) + | R | | +---|-----+| + | | | | J2 || + | | | |Templates|| + | | | +---------+| + +-----------+ +-------------+ + +-- + +Basic Usage +----------- + +Before using Spyglass you must: + + +1. Clone the Spyglass repository: + + .. code-block:: console + + git clone https://github.com/att-comdev/tugboat/tree/spyglass + +2. Install the required packages in spyglass: + + .. code-block:: console + + pip3 install -r tugboat/requirements.txt + + +CLI Options +----------- + +Usage: spyglass [OPTIONS] + +Options: + -s, --site TEXT Specify the site for which manifests to be + generated + -t, --type TEXT Specify the plugin type formation or tugboat + -f, --formation_url TEXT Specify the formation url + -u, --formation_user TEXT Specify the formation user id + -p, --formation_password TEXT Specify the formation user password + -i, --intermediary PATH Intermediary file path generate manifests, + use -m also with this option + -d, --additional_config PATH Site specific configuraton details + -g, --generate_intermediary Dump intermediary file from passed excel and + excel spec + -idir, --intermediary_dir PATH The path where intermediary file needs to be + generated + -e, --edit_intermediary / -nedit, --no_edit_intermediary + Flag to let user edit intermediary + -m, --generate_manifests Generate manifests from the generated + intermediary file + -mdir, --manifest_dir PATH The path where manifest files needs to be + generated + -x, --excel PATH Path to engineering excel file, to be passed + with generate_intermediary + -e, --excel_spec PATH Path to excel spec, to be passed with + generate_intermediary + -l, --loglevel INTEGER Loglevel NOTSET:0 ,DEBUG:10, INFO:20, + WARNING:30, ERROR:40, CRITICAL:50 [default: + 20] + --help Show this message and exit. + + +1. Running Spyglass with Remote Data Source Plugin + +spyglass -mg --type formation -f -u -p -d -s --template_dir= + +2. Running Spyglass with Excel Plugin + +spyglass -mg --type tugboat -x -e -d -s --template_dir= + +for example: +spyglass -mg -t tugboat -x SiteDesignSpec_v0.1.xlsx -e excel_spec_upstream.yaml -d site_config.yaml -s airship-seaworthy --template_dir= +Where sample 'excel_spec_upstream.yaml', 'SiteDesignSpec_v0.1.xlsx' +'site_config.yaml' and J2 templates can be found under 'spyglass/examples' +folder + diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 0000000..4c43fa2 --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,34 @@ +.. + Copyright 2018 AT&T Intellectual Property. + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + +===================== +Spyglass Documentation +===================== + +Overview +-------- +Spyglass is a data extraction tool which can interface with +different input data sources to generate site manifest YAML files. +The data sources will provide all the configuration data needed +for a site deployment. These site manifest YAML files generated +by spyglass will be saved in a Git repository, from where Pegleg +can access and aggregate them. This aggregated file can then be +fed to Shipyard for site deployment / updates. + +.. toctree:: + :maxdepth: 2 + + getting_started diff --git a/spyglass/__init__.py b/spyglass/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/spyglass/config/__init__.py b/spyglass/config/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/spyglass/config/rules.yaml b/spyglass/config/rules.yaml new file mode 100644 index 0000000..dfe4025 --- /dev/null +++ b/spyglass/config/rules.yaml @@ -0,0 +1,38 @@ +########################### +# Global Rules # +########################### +#Rule1: ip_alloc_offset +# Specifies the number of ip addresses to offset from +# the start of subnet allocation pool while allocating it to host. +# -for vlan it is set to 12 as default. +# -for oob it is 10 +# -for all gateway ip addresss it is set to 1. +# -for ingress vip it is 1 +# -for static end (non pxe) it is -1( means one but last ip of the pool) +# -for dhcp end (pxe only) it is -2( 3rd from the last ip of the pool) +#Rule2: host_profile_interfaces. +# Specifies the network interfaces type and +# and their names for a particular hw profile +#Rule3: hardware_profile +# This specifies the profile details bases on sitetype. +# It specifies the profile name and host type for compute, +# controller along with hw type +--- +rule_ip_alloc_offset: + name: ip_alloc_offset + ip_alloc_offset: + default: 12 + oob: 10 + gateway: 1 + ingress_vip: 1 + static_ip_end: -2 + dhcp_ip_end: -2 +rule_hardware_profile: + name: hardware_profile + hardware_profile: + foundry: + profile_name: + compute: dp-r720 + ctrl: cp-r720 + hw_type: dell_r720 +... diff --git a/spyglass/data_extractor/base.py b/spyglass/data_extractor/base.py index ce1513d..dd063a8 100644 --- a/spyglass/data_extractor/base.py +++ b/spyglass/data_extractor/base.py @@ -277,7 +277,6 @@ class BaseDataSourcePlugin(object): """ LOG.info("Extract baremetal information from plugin") baremetal = {} - is_genesis = False hosts = self.get_hosts(self.region) # For each host list fill host profile and network IPs @@ -301,30 +300,19 @@ class BaseDataSourcePlugin(object): # Fill network IP for this host temp_host['ip'] = {} - temp_host['ip']['oob'] = temp_host_ips[host_name].get('oob', "") + temp_host['ip']['oob'] = temp_host_ips[host_name].get( + 'oob', "#CHANGE_ME") temp_host['ip']['calico'] = temp_host_ips[host_name].get( - 'calico', "") - temp_host['ip']['oam'] = temp_host_ips[host_name].get('oam', "") + 'calico', "#CHANGE_ME") + temp_host['ip']['oam'] = temp_host_ips[host_name].get( + 'oam', "#CHANGE_ME") temp_host['ip']['storage'] = temp_host_ips[host_name].get( - 'storage', "") + 'storage', "#CHANGE_ME") temp_host['ip']['overlay'] = temp_host_ips[host_name].get( - 'overlay', "") + 'overlay', "#CHANGE_ME") temp_host['ip']['pxe'] = temp_host_ips[host_name].get( 'pxe', "#CHANGE_ME") - # Filling rack_type( compute/controller/genesis) - # "cp" host profile is controller - # "ns" host profile is compute - if (temp_host['host_profile'] == 'cp'): - # The controller node is designates as genesis" - if is_genesis is False: - is_genesis = True - temp_host['type'] = 'genesis' - else: - temp_host['type'] = 'controller' - else: - temp_host['type'] = 'compute' - baremetal[rack_name][host_name] = temp_host LOG.debug("Baremetal information:\n{}".format( pprint.pformat(baremetal))) @@ -412,8 +400,9 @@ class BaseDataSourcePlugin(object): for net in networks: tmp_net = {} if net['name'] in networks_to_scan: - tmp_net['subnet'] = net['subnet'] - tmp_net['vlan'] = net['vlan'] + tmp_net['subnet'] = net.get('subnet', '#CHANGE_ME') + if ((net['name'] != 'ingress') and (net['name'] != 'oob')): + tmp_net['vlan'] = net.get('vlan', '#CHANGE_ME') network_data['vlan_network_data'][net['name']] = tmp_net diff --git a/spyglass/data_extractor/plugins/formation.py b/spyglass/data_extractor/plugins/formation.py index 18a5854..c91a8fb 100644 --- a/spyglass/data_extractor/plugins/formation.py +++ b/spyglass/data_extractor/plugins/formation.py @@ -433,8 +433,8 @@ class FormationPlugin(BaseDataSourcePlugin): name_pattern = "(?i)({})".format(name) if re.search(name_pattern, vlan_name): return network_names[name] - - return ("") + # Return empty string is vlan_name is not matched with network_names + return "" def get_dns_servers(self, region): try: diff --git a/spyglass/data_extractor/plugins/tugboat/check_exceptions.py b/spyglass/data_extractor/plugins/tugboat/check_exceptions.py new file mode 100644 index 0000000..d11d58a --- /dev/null +++ b/spyglass/data_extractor/plugins/tugboat/check_exceptions.py @@ -0,0 +1,35 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +class BaseError(Exception): + pass + + +class NotEnoughIp(BaseError): + def __init__(self, cidr, total_nodes): + self.cidr = cidr + self.total_nodes = total_nodes + + def display_error(self): + print('{} can not handle {} nodes'.format(self.cidr, self.total_nodes)) + + +class NoSpecMatched(BaseError): + def __init__(self, excel_specs): + self.specs = excel_specs + + def display_error(self): + print('No spec matched. Following are the available specs:\n'.format( + self.specs)) diff --git a/spyglass/data_extractor/plugins/tugboat/tugboat.py b/spyglass/data_extractor/plugins/tugboat/tugboat.py new file mode 100644 index 0000000..71144a8 --- /dev/null +++ b/spyglass/data_extractor/plugins/tugboat/tugboat.py @@ -0,0 +1,350 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import itertools +import logging +import pprint +import re +from spyglass.data_extractor.base import BaseDataSourcePlugin +from spyglass.data_extractor.plugins.tugboat.excel_parser import ExcelParser + +LOG = logging.getLogger(__name__) + + +class TugboatPlugin(BaseDataSourcePlugin): + def __init__(self, region): + LOG.info("Tugboat Initializing") + self.source_type = 'excel' + self.source_name = 'tugboat' + + # Configuration parameters + self.excel_path = None + self.excel_spec = None + + # Site related data + self.region = region + + # Raw data from excel + self.parsed_xl_data = None + + LOG.info("Initiated data extractor plugin:{}".format(self.source_name)) + + def set_config_opts(self, conf): + """ + Placeholder to set confgiuration options + specific to each plugin. + + :param dict conf: Configuration options as dict + + Example: conf = { 'excel_spec': 'spec1.yaml', + 'excel_path': 'excel.xls' } + + Each plugin will have their own config opts. + """ + self.excel_path = conf['excel_path'] + self.excel_spec = conf['excel_spec'] + + # Extract raw data from excel sheets + self._get_excel_obj() + self._extract_raw_data_from_excel() + return + + def get_plugin_conf(self, kwargs): + """ Validates the plugin param from CLI and return if correct + + + Ideally the CLICK module shall report an error if excel file + and excel specs are not specified. The below code has been + written as an additional safeguard. + """ + try: + assert (len( + kwargs['excel'])), "Engineering Spec file not specified" + excel_file_info = kwargs['excel'] + assert (kwargs['excel_spec'] + ) is not None, "Excel Spec file not specified" + excel_spec_info = kwargs['excel_spec'] + except AssertionError as e: + LOG.error("{}:Spyglass exited!".format(e)) + exit() + plugin_conf = { + 'excel_path': excel_file_info, + 'excel_spec': excel_spec_info + } + return plugin_conf + + def get_hosts(self, region, rack=None): + """Return list of hosts in the region + :param string region: Region name + :param string rack: Rack name + :returns: list of hosts information + :rtype: list of dict + Example: [ + { + 'name': 'host01', + 'type': 'controller', + 'host_profile': 'hp_01' + }, + { + 'name': 'host02', + 'type': 'compute', + 'host_profile': 'hp_02'} + ] + """ + LOG.info("Get Host Information") + ipmi_data = self.parsed_xl_data['ipmi_data'][0] + rackwise_hosts = self._get_rackwise_hosts() + host_list = [] + for rack in rackwise_hosts.keys(): + for host in rackwise_hosts[rack]: + host_list.append({ + 'rack_name': + rack, + 'name': + host, + 'host_profile': + ipmi_data[host]['host_profile'] + }) + return host_list + + def get_networks(self, region): + """ Extracts vlan network info from raw network data from excel""" + vlan_list = [] + # Network data extracted from xl is formatted to have a predictable + # data type. For e.g VlAN 45 extracted from xl is formatted as 45 + vlan_pattern = r'\d+' + private_net = self.parsed_xl_data['network_data']['private'] + public_net = self.parsed_xl_data['network_data']['public'] + # Extract network information from private and public network data + for net_type, net_val in itertools.chain(private_net.items(), + public_net.items()): + tmp_vlan = {} + # Ingress is special network that has no vlan, only a subnet string + # So treatment for ingress is different + if net_type is not 'ingress': + # standardize the network name as net_type may ne different. + # For e.g insteas of pxe it may be PXE or instead of calico + # it may be ksn. Valid network names are pxe, calico, oob, oam, + # overlay, storage, ingress + tmp_vlan['name'] = self._get_network_name_from_vlan_name( + net_type) + + # extract vlan tag. It was extracted from xl file as 'VlAN 45' + # The code below extracts the numeric data fron net_val['vlan'] + if net_val.get('vlan', "") is not "": + value = re.findall(vlan_pattern, net_val['vlan']) + tmp_vlan['vlan'] = value[0] + else: + tmp_vlan['vlan'] = "#CHANGE_ME" + + tmp_vlan['subnet'] = net_val.get('subnet', "#CHANGE_ME") + tmp_vlan['gateway'] = net_val.get('gateway', "#CHANGE_ME") + else: + tmp_vlan['name'] = 'ingress' + tmp_vlan['subnet'] = net_val + vlan_list.append(tmp_vlan) + LOG.debug("vlan list extracted from tugboat:\n{}".format( + pprint.pformat(vlan_list))) + return vlan_list + + def get_ips(self, region, host=None): + """Return list of IPs on the host + :param string region: Region name + :param string host: Host name + :returns: Dict of IPs per network on the host + :rtype: dict + Example: {'oob': {'ipv4': '192.168.1.10'}, + 'pxe': {'ipv4': '192.168.2.10'}} + The network name from get_networks is expected to be the keys of this + dict. In case some networks are missed, they are expected to be either + DHCP or internally generated n the next steps by the design rules. + """ + + ip_ = {} + ipmi_data = self.parsed_xl_data['ipmi_data'][0] + ip_[host] = { + 'oob': ipmi_data[host].get('ipmi_address', '#CHANGE_ME'), + 'oam': ipmi_data[host].get('oam', '#CHANGE_ME'), + 'calico': ipmi_data[host].get('calico', '#CHANGE_ME'), + 'overlay': ipmi_data[host].get('overlay', '#CHANGE_ME'), + 'pxe': ipmi_data[host].get('pxe', '#CHANGE_ME'), + 'storage': ipmi_data[host].get('storage', '#CHANGE_ME') + } + return ip_ + + def get_ldap_information(self, region): + """ Extract ldap information from excel""" + + ldap_raw_data = self.parsed_xl_data['site_info']['ldap'] + ldap_info = {} + # raw url is 'url: ldap://example.com' so we are converting to + # 'ldap://example.com' + url = ldap_raw_data.get('url', '#CHANGE_ME') + try: + ldap_info['url'] = url.split(' ')[1] + ldap_info['domain'] = url.split('.')[1] + except IndexError as e: + LOG.error("url.split:{}".format(e)) + ldap_info['common_name'] = ldap_raw_data.get('common_name', + '#CHANGE_ME') + ldap_info['subdomain'] = ldap_raw_data.get('subdomain', '#CHANGE_ME') + + return ldap_info + + def get_ntp_servers(self, region): + """ Returns a comma separated list of ntp ip addresses""" + + ntp_server_list = self._get_formatted_server_list( + self.parsed_xl_data['site_info']['ntp']) + return ntp_server_list + + def get_dns_servers(self, region): + """ Returns a comma separated list of dns ip addresses""" + dns_server_list = self._get_formatted_server_list( + self.parsed_xl_data['site_info']['dns']) + return dns_server_list + + def get_domain_name(self, region): + """ Returns domain name extracted from excel file""" + + return self.parsed_xl_data['site_info']['domain'] + + def get_location_information(self, region): + """ + Prepare location data from information extracted + by ExcelParser(i.e raw data) + """ + location_data = self.parsed_xl_data['site_info']['location'] + + corridor_pattern = r'\d+' + corridor_number = re.findall(corridor_pattern, + location_data['corridor'])[0] + name = location_data.get('name', '#CHANGE_ME') + state = location_data.get('state', '#CHANGE_ME') + country = location_data.get('country', '#CHANGE_ME') + physical_location_id = location_data.get('physical_location', '') + + return { + 'name': name, + 'physical_location_id': physical_location_id, + 'state': state, + 'country': country, + 'corridor': 'c{}'.format(corridor_number), + } + + def get_racks(self, region): + # This function is not required since the excel plugin + # already provide rack information. + pass + + def _get_excel_obj(self): + """ Creation of an ExcelParser object to store site information. + + The information is obtained based on a excel spec yaml file. + This spec contains row, column and sheet information of + the excel file from where site specific data can be extracted. + """ + self.excel_obj = ExcelParser(self.excel_path, self.excel_spec) + + def _extract_raw_data_from_excel(self): + """ Extracts raw information from excel file based on excel spec""" + self.parsed_xl_data = self.excel_obj.get_data() + + def _get_network_name_from_vlan_name(self, vlan_name): + """ network names are ksn, oam, oob, overlay, storage, pxe + + + This is a utility function to determine the vlan acceptable + vlan from the name extracted from excel file + + The following mapping rules apply: + vlan_name contains "ksn or calico" the network name is "calico" + vlan_name contains "storage" the network name is "storage" + vlan_name contains "server" the network name is "oam" + vlan_name contains "ovs" the network name is "overlay" + vlan_name contains "oob" the network name is "oob" + vlan_name contains "pxe" the network name is "pxe" + """ + network_names = [ + 'ksn|calico', 'storage', 'oam|server', 'ovs|overlay', 'oob', 'pxe' + ] + for name in network_names: + # Make a pattern that would ignore case. + # if name is 'ksn' pattern name is '(?i)(ksn)' + name_pattern = "(?i)({})".format(name) + if re.search(name_pattern, vlan_name): + if name is 'ksn|calico': + return 'calico' + if name is 'storage': + return 'storage' + if name is 'oam|server': + return 'oam' + if name is 'ovs|overlay': + return 'overlay' + if name is 'oob': + return 'oob' + if name is 'pxe': + return 'pxe' + # if nothing matches + LOG.error( + "Unable to recognize VLAN name extracted from Plugin data source") + return ("") + + def _get_formatted_server_list(self, server_list): + """ Format dns and ntp server list as comma separated string """ + + # dns/ntp server info from excel is of the format + # 'xxx.xxx.xxx.xxx, (aaa.bbb.ccc.com)' + # The function returns a list of comma separated dns ip addresses + servers = [] + for data in server_list: + if '(' not in data: + servers.append(data) + formatted_server_list = ','.join(servers) + return formatted_server_list + + def _get_rack(self, host): + """ + Get rack id from the rack string extracted + from xl + """ + rack_pattern = r'\w.*(r\d+)\w.*' + rack = re.findall(rack_pattern, host)[0] + if not self.region: + self.region = host.split(rack)[0] + return rack + + def _get_rackwise_hosts(self): + """ Mapping hosts with rack ids """ + rackwise_hosts = {} + hostnames = self.parsed_xl_data['ipmi_data'][1] + racks = self._get_rack_data() + for rack in racks: + if rack not in rackwise_hosts: + rackwise_hosts[racks[rack]] = [] + for host in hostnames: + if rack in host: + rackwise_hosts[racks[rack]].append(host) + LOG.debug("rackwise hosts:\n%s", pprint.pformat(rackwise_hosts)) + return rackwise_hosts + + def _get_rack_data(self): + """ Format rack name """ + LOG.info("Getting rack data") + racks = {} + hostnames = self.parsed_xl_data['ipmi_data'][1] + for host in hostnames: + rack = self._get_rack(host) + racks[rack] = rack.replace('r', 'rack') + return racks diff --git a/spyglass/examples/SiteDesignSpec_v0.1.xlsx b/spyglass/examples/SiteDesignSpec_v0.1.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..cdf827808bc2f887f635c8985579449e8234fb03 GIT binary patch literal 17291 zcmeHvbyQtT(k}#ecXtc!5Zv9}-6goYySqEVHMj=}?hxGFIXL8zJ9pll$=vU)_y0G0 zoppM3?XF+NRrp>wmbCM*E`K$!>h;l2HTum8m}FrYkQ+sA;|sdmgK+@%`sFQlRZ3a=AG zi+l?r{fP)Y+{PUo+IJ&dLs{jcAR!=uvhKjg!WlF-q} z_|Qm$4ku)G2tpZ+2E^*TA80Vh08Y#nB8a~WE5Bn>q@{+XCTgIL6^mf~3Mtg?usYv- zo)}Al2{$4R_9PGInOdRg)6S5~#Xcz;sEsWXMQN2($Gt}Juw$BZHQ!kmx1a~wB`x8)B9CzjJjf%7%^|{Cy&h2C;Ht!&f28};9yxrWz5xBcf?r3uXAM7B$RLpNwX{pIl zE87D+fFJyB+~aWO0?YkY8;`rOK_-y5hj!;9-pl(k`}q?DNdDhswMm769SG|H|n9V!`~EN3Tqfk?UuG4Y?412_3$lUyDN&lyVgiZzodr@sn6Z zXo@Z*#aZj7z(rKX4g?YN?euy1zOwcy`goY=Zkwet5*d}7q}jD9B=zaDGXyocLyG9< z%B=w;mwCYaUAma0JEco!EOkXoS-#ZB28rnGm2e&6B%K;I6iP8}2s%%?zviHf#=7A{ zHSoNk(pgnV?N|1^-uVHH z7qPpZv31XlaAr5ks~4?o*03Tm3-SZgq}UKy9>7<#k>zSM+kJo?s=s3RawH&GDEgmVN5Z(} z00V5$MQ~T(bm!-UH~H^eo>ak|%_|TLb;zMI)<)%g?#~%X=WMk_sZ)idEH{i}rq7(W z+ju0->r|BWxS(x6GAEj#b?@cW?g_)1nA`5*(W1m_tLW(2CYP*a<&4|;iOV?@_0#(U zla#e^Sxk8Iq*4cm1RSxAXacJd+C((=AG4#nS@SY1BC-__UH7pEd|*c&?QAw!bfROs zd~l|&uwX{QVG{FVXzK$kUUbnlK7hIBSxm=T_%@B6D2_uUjicwZ9l zE9YO=Or`Ru?Fs{82gV^E;-}k^LnKaF?NNU{5jaqrIIa;9j0{bUAQ45f@+E;O-wVkI z&96s9BA!Tk+o$JaABR#QG!h^fRLzs8E=lu1Q5VzYSAy27`P>eY)Q6M@C94SYWA%^r zcF!`ebTijPPw)hQOi(mA)S|sMu0N1AP_%srrf6kL;MC5jvZDd{*Z}62SWE!cn@*oD z-zbEczNmlr2?G~BV-Y#&gda9(%;2dRG5Kto)E6$x*i=mof3aRLESfUd(^`Nk-mCEk zwarq=Ks~}%p4i|Kj5$@ywCce*X#NY`2nHa;pCCkMB=IwyWXp*;MdcS>#${nDDynqn zQE850WUhhY^?rJsl4{c?$}1M!kmkfiNormGPs)B)8M1)q1qx1&Ftc_~YX~b>52Th0_ReifwT0(F8 zBJ-rt+ZP5wh_8X&TQwgcZFc1J8Z&bI%GEiOm8@o+$Q7reskV@xZtOt{?OFbyH{9pe z9~%qmEaG&tF_IC5Gr9q_w36G%F6GdIK|T8%WC+58KYo99*Ey^mKSdcvf7!9}3~8vv zf$DA_;TgqU=`+qosg^mSkk@R&pwEpwuerC(O*8L|`GerO(V|La2Uc=Sd~=|(9{ucL zALBOV{=jp3y0dJ&03mwUu~Ch=5je!aZ=FP&Mi(cLEn`PQ=~DtEgsX`Tcfk^IzMKKB zbZD>0DcI<&KSr*e@VdJfw)>465-mjko*^fW*K_x4a1IVYPC3!7H%bd<(Dk8qji1*D z{kh5r`$nYcx$^aGVVC=TCI07Ij%JSSUK|1l=z$ps2<{(i)zQh_+QjkK+igxuD>jn@ z)kn|bC&+g87V>b9b%L!~$+YTm47IcBkI*heLaYiu68j%T^KbV&&8-|zpb0>;F{m>3 zUXK&64@=VP)`jv<*rZf_SIP@^EE>>;2+x$dGJC!`2NASVRG*DD;6CF@@9D&Sw=?bj z$tE#E2g}b<``Qeb|awVwYTx&FWkK^bay~e?egvYdVdHj`sTsOp0@2&@!zxCmxH6SQHXH ze^xwNWFq=rD%}K}H05ujWY+;kl`+R<)oK%=G}j_q;4IG8)@nUOl{MA6~pw3l1B$pM77bDjLEw#+free*P%U4&IRj=c;G;LYp(Y z@j%?TVx8cV+SNwXc<6+T5Xun`8HTW+Pg{or)-e=_Qy>yx{Zo zGM8wZ2DW`7pa3h3ybV2IQdD~uKPQ&*F3<+ZvTwnbg0V@Ff*U-7;@zwJ*ANaQAth7ef48iyxKE%!KFpXF;CLf&286B_kNyHuQIyCu}P7J#Yf`_Rw z+mx`plGsavk^tFTX*3sehd|}}4?ttNP6Vn65~?pwDGobLFygbGSZ5o7!^v9vqYyN+ zxGSFd{oIskkih&1r7jboN`K4OYh@{vhB*9UhCP04Qa zau2_RcHPkSQkh1`1WuY|M*LdUjN4SX`;RRtlXgOl5ruwaJ50IzMgbC=NUDm)0@`TH zlfgvax0nRPS4;|p2@}iX#o4eQhAlu_l`tl9K{F1~AuaW?gpa@|4!NC*MVOC|OfWtPq6kZh8bp$saP-hH#4 z@((YWx0XK~1LH|3p3(JRewHp~ol>0AZgSk$85om39f~0ImRbck)|!k?M_m`G&LQ#B zv`9}*PDd<~Ny(=#D8EV@jvSwTLR?*NixaGKV8t8LB;u&o9F%bW5~x$AbWt07R)F4; z$58e8f<{^_MGA>6vkC~~?l}2sFKis-(3ShLD#??BmJ_zX#;J(cfLbwtxzA1P?HK@f zj;wlTV{78#)NC;wMI}{2L`F&C!B;YmSrJ;B*>5c|hV401g97zqzU?!|JwD7yR7>$m zxg4}e37}a#GJ6||Xi>m6-7YKB1LV6>$u}1touZ-SM>|#wfeSjnIor}YvGZx!!uG~T zSO@#H?=A;utMWI2jiDL}6 z;GFNaAEY)Tw6=fBAb+`$f^t?AGsfp- zUp_?QFpNQwt?(4Yh&Vb6S809mlz`$Am?WhBSir0R)r(Q2S`EsUj&W7-{n9&yF_Wp0 zYxtJ#v&;Eq1wXi=kLobq(A&)@uZ$(3a5P;);yExhE+_`$ux|BUx|*{&_n8IVmmN0T zfx3P%4qH@s|N9uf$Oehs^e(Ed)OY2lbZ11`U5%ihsrV=gxO8qm)W6!e?~nH&J_Ues!_i{` z8(sw#w?mCMUhOE;b^jc<{RF&PxhQsvhQjvko#30d_~n+7C&$mR27zidAmHZ=xq#B+ zQ2Vpi!PVNTy!F|->X?E)RgCk`GWGrb*PWf!Y1p$ZzAc$(n)O+IyW}3EO562fqK@%+ z;{nr6zGNFE4Y$q94LHp3Vlt-2u+sdTNjD-O1c4Gl-B9$TFU z)3B0bk2lj{)vxD}5g(=ov{hS!22>G|Kjjb#j+5o5)SQmJy(`xLRJqKvr=5UzRU7qg zB9i=N9y*$vm^eB9xySgU!t{T47-I>&vLHl=As6IbAnEP3S|~=+%esvc2)d2DKz*ll zRIs3B?cSc8=8ZDZ7zp?j%w9LI#wiuc+;<^VEBwfs>p(&?z3SMc9oCC#Uwa%BjFVu3 zkm1t|=5=&G=1!F>66{S6j!_5K2h}CHQ3x-PcqF@ri8sxL?y8iVU<)gIl!Bv1mb4-r zaf7sxkgs4uSr}FO+aT20zGdS*ty^{=cwEGPPe&srmjat*PEiEek5IMfA@;wSUAI`f zR+A!}kfM82bg2BC*wFYq^E}KegEFM?co=uG`R$;`hyf6YzmFZA^ej>TYL~Em7}DnY zw}wi1*N^LycUNNy1rQMCf6Urn^OdD(W4FQq`{vX03emrjI$$S(!-99r)epDix7EDj z?Sj|Dcr47TW%0w;cP`Q>zFEyvFGJLQEVO_!A;JCT3LwuxU-`w+XSHSBdW-8c?MlbT z>qpDamxtS}@6ML-_^uYcvDQ0Xbw6I+o(~Av&2)JdJqLq8kYfOYYcLAc2RB?R4MLie zZX+?5qa-!(<$g8uvmJCaDd%%Sp@!%5=%bHB?c zK(8m>x(m^bLTsX|L{&L*d!bPTl89Gv7_Dwff;tCrReXGS?#aBU3>Rwj(hZ``Pculq z!wnIOFA8J)tJ*X_vTpz{9`Fgab}pP_{26QIOFM&|H;XI97ZY}NN&Y_jr`lRSxrx0W zCZJQGngg93@Onq-PZd@h3j9Jldz^P8KH0y0BzT3*1B;tGMv_P{CH6JI?g9Yo{w#Id z`^nGMUHjuFJGPf%#Y2^Y%PAud+P0m~TjZXcC-4_xeKd^IcB~DMP^+; z$cGbLha+A6`CAq5oSW<=J8fT9m{)V>J>YeB{icT`sr2f^Y|CDRpO#5x#uijv@gH(U zB{#>b3n;a9s|KZjVJLO_B2noxsyeB1*c4PMSR~dsPU%>n+S;ZWuomPYqWfDP# znWUvDO(X4ON7&4yhM927U(IN|0&<0pF}9im#1Nh92igzXgN>miQl)J&;TZ_rpvOSN z1r{C7KfbUlJfUhN7*>K2^)>8?0@!$mf~eOC8D9fDP#}>|RF(ytoXEBOwx|jptCWeO z*DaYW?aL`jGTfl*W5g26G^Umb50mWPJnAnxE@Cnqc)7GH@tJy}b>-vqJPrqGA%jlB zNQf&I24Vwep4IIZ$4)UOTyP{^mPiv1B*;u;m4q4B31n(sw64UYdz$WKI&?(_xCIZo zwe?ngR5j!mw@Z{01GCj|lBxYVVkK^Od@f1a#4gbg4ouY9bQyn_lf>4U)6q&=(qYFx zyw36&8*!$cT>%~xL&H+G)>ZC{_DqCGc+p)+>x^IAdgro(xE=R>&-F>YJNb!p-DJZ- z+DXRO(kS@6g4y64GbV^Hx8T&!lM}dUwcX0yacSyy^o3%Eij_q|;}&WGy6p>P{5PjT zKp7oEb_G0MjV35i)pf|NpFuiAv{1M2&oWp+>^G zmBy_Qx9l*WCO6=#E^bZ^Lq!r1(MCUDUxRPiv7_&Q7217%;feq=ee+mxcZEhCKg@&q0sNf#@w;v;pW(ZIk95bmyQLPBpfMK+Y#j~z8l=h zlGCQ6*EP)iC>L1%CdDDo_TA8@qk+;XG#8y7Jowd&&^^SZ($C_R%ZQp~0Qy<85{2f8 zpSQE?7;M@qLKiXptQmu4vq$j?YJu&5)?V`@AU4HPl01ppE6(a^wLlB|fG77h;bsPkC+ zDg%0Sp`E$WMwkk9!BbH^xs=qxu3Zx_LdC*HSm|n}m6kF7kNbc_9xB1mRLC{17CEI{ zV1v%1dH!F>!TDztcZkjRNmf(sQ>bAsn0FQ_Z^7EJ-<)UU&6n`*R0R18%|YrZT5%~E3MBwl zf*_qbZQv{>?1bE55JI%vaLa?J6_5*tXct4+eUez55p_+{$~{h;PW;4&X2S;PZ3XSy(ODKiVo zDGu+P(BqA+xHB^4Ls?48MZ!tJJMcNOg%b^91yL^GEJ7FvZ)aF>?Q{2v+PQ*DGDBx@ z5Pc4~5eZTgiBkoYJTlB+A*b~avKI30jr!JA%q_hXj|RYl%;Y*%*?kVdgFq^Blq1E@ zj9*A`IIB0`9+|%2sBGIetqUqbd_8+X?x8=HUVJ1A(wkd@dL)BdynL&sfzgevLTPck zFt`eIhJ9{}<@=DbZq`TkQm@SJdPbTL0r5oVQz8PNTkku(yw_xX|EMa!7Z(SIITcm_ zw>1)j7vwTiuzAoT9y%XTu4I`tKw0})PS*JbI; zA*r^j;88A{ZNalOu6eFQ#BF{`fb2JTP2)RzI&p*LDj5gG!`v6W?RSSZ?J!PoY!s@e{mnWP_A@pSRAlZyS4lRK^3R~x=5J+&YP@{i?42f^)G3D^zAdean?<2`YAHu~8Tu(!% zDORk)BuRMC4KS4V^kyO=IfYA>^z|(7klSL67lezV+)(>cN0wi=)Bo|_2&_IiNvl^%Usm0WlaTtmnH>O@tk(mpz0O^71u znssT4345F@?H&_gt}c?AVc3VJ}i1_)SN61eju-E?pGS zjX8+{xW8D^LjFsiF97P6-3F;KIG(7=4H%`4t?0qca9~8b`GqELo}G|BhsX2n^5`bC zo5%O|@UdU7zO{*3$`*o5N$Gq(R`2KQE5^EB_uJ+175mW~#Z})x_sipGYWL48E|7meB=yq=7&D+k;=OtRW_mp+p{}6Swlc zi7{{uEu!-l*Am;74ZOx6SjVSstIun(58B8>V`_y{Z51)ZIAbO3p_f zR|nRF4~JP@G00K^pKq{=)V39uqiaQOz(vA^m9q4Y$~TsX24m*ehz9CU@UcFVFA00N zhAj#VSR@c})_$PE_(8<@V6sIFS>0^i;JR|caIEQ!K(H*ngdWBlz=WO?r>vWxV|)7*JZ8##F;MDA;0L?WkU}bz2cY6bXg7)${yJ< z@G_gMANB|aB4;TV!44S$+PfuAq9HZRQa#Ym-E{0neeD{C^!3(x&bmOcyezTAPwi|n zi3%1#-Fsk>P%*2WV2D$m9g&=?E$dp9Yz^&xtis7-Y5-)V6WG!DD8A=hZcuryf{kIJ zezN^`p>%95NySY8oh8%qQ(t3N=w=r@B+;11EL)BBKqdNTca0_6+1`!jen$#tjfu9M z9zjvc$S6jc^)+4W`QreN7B7n6QJ1!S2aVIBSP#y)8&F^yUa@CF1^VX4fEta!kvR;c@h_$v0me~6xjx(o}(JvM08S;eb zv8jFY98TrN5!LfI=WCLk=b^IBsm>DoBRL^KjOj83$Ak)c@BtXQVuCfN(&{XDAF(B0 zXH=xAX6eIzqSq%NorvdT-@u@WiD&2=CpQQ(0HyEKaLS;)Z@6`4b}bi?OE+xAali%)hF&&F5>q&U z$c#w~pj@=#>7F>%iGJnUI1XD^rt!hlG2+32-*;r}fAzQOECHxo+!!pQ(07 zD>kCU6LUh(KNV(7bcbG)a1s&YtFqSrWMTy#Se<#P{{?>Op4WN9OPOXAOM;n?xvH{2 zR>qa-)jqVNmzqzQR@LHo;bM+>(s|sZI*{Kv2icCpd1ITOp=>WvV-9r(z*6bp!e*(& z-5=0XD{K?ErfL>6i+tg69k@DDrUEfgUp?nvQ!_TMW#eLxksyX}j&Pt1eI|K$<^U?9 z=K+#l0=GnbZ>&nv$8I+vG1{#My&~`x*#)Lpbcr5xK2O;^=*%)7FJ#_;!4T+V%AQE0s{KR`#(A;{!qeMS~`w}Ey&*8 zD))RXFT8Ah4}r>ARoN0{*`ZoZP0oBdSc1rlOM{DXBV*kgs#0m_ibKa810y5(-a+sX z0{v%pdX=d&Rc<#K&OzXjgvC%bS<&;Ccmr@KwpgWPWjwuj4vY$JzGBetD)qYb(-mENAY4 zW0{ldb4wu7;TkXJqTI^S#c_#z1;EM2HPZ92yZxz(tXu9D{^tVA27s@N*R~XD&iuq% z=O|xJ^5H?jxBUM3>{ftQf95UL1aKkm;8QN)dvSunA>o@t5erayY`b`~Tz@NboutR( zFoX(RFzR-Han}2acIxzStkE{7Qelcfwt28yJA3Y*t@<`F`E||czTh>fcoZNC?5)_@ ztmF8Q`x?5oYMu52ZmVHKetdy?1monMJ?Qf`d!LzpfAe#3DIJ*3g_pajRZnSEJbA+& zmqy-k7r3}*DR`MM-lc_=b$$Bxgk*d-?eJt;;N0c`F1)+mcGi7UeEW!t(dv$N9(Fqv zjx7Dnv+_9zGY=4FfLF=m$M)0NQBpaIwbAOQx7KN9{H#l`mZ}+6zLSC#3-DH;UGz-? z*O9Xqh=(urN%ScRJESMk=RCW;LePO9QEq9XHkn|T?$;U6e*{D^dlq|e<4%f{VMDP- zIZasreKNLhL@>%@;NK6Q3tctWqbHQ^ACj$+w`tk)6K=N=={Is{~lSU5Tq74`GnVUzf+utj~v z;5$Ji3>$%pa=Q$8aj;_ASnXFm5|I^OQGP(75FyTubJzuNi-@3N-AmD>4b;p$Ro_Efj+-0AkuBXpGaAo zETef$0iz(}V|tGR&$MOP8%3XI5oS}2;iLAld%)&4deagdaV08&mpApL=R`ma+ECk;s|5q2P=&9|@$sEZ!B;lFPcbh^GH=<0IDahgEkLk(K>^)YzGB?`OY&gz zyd}|>`M?OUVC|~Hj-Pp|p7?p1N9DbLHCCPGG%=W@da$v@n|^XKn8fqvDq!6U7~hs| zgcoKruCAd#salJ}t0vL3GqLV6E?`Bj@AnY4DvIKv1FYG5Otd>lCGwauO=CkXZ+#Ab z$*S{NU_S)gF?`K}^O3dFSFJfESeUfe^KIdCZi255d^Y2J;1oot?{^008=5nC?I^mp zt&WY%S;)@ z48Mr<=>DymQSBG0Qf&7C?d0GO`pGZ)lRMcp^RLnRgoJc;T_JJM*9iNFy0pX$PtvgE zF8< zcNqCe(Oom+(37y24uczal0SP|e;+T>pD=byUh83ha!v^B@jYVHcZso>L&@1>=?=pl_3@#D*4(6!3vt;7Q3^9 z79eRIK;uOzC?9^$!Fx$qHc-;iH-rkB>=v5{flh2YM){m1uomg=*>o`E|Id+ zTu4w!I{Mk1lxguff(1}`hjQ`Rt4zB#*DbcR9#_nRBezzAe(Jq%t)pLk)=ksC4=5#y;wbW8<@O(H^EsxL$=m4x^8g*P=pvvr!WH`p%Lhs`)mLtY)mj`=cf9 z8!3~$)8tX3V(vLC_(d(YdFZSJsEa};73;~1w%g+*7eZK^L=&y6>USNr7b29!%~(dN zIqO_UloNCu4et}mNwq5Uf4&#(`vdUgN)j&P;XKkM38xu}7gE$3Ml)0W8MVupxnN#) ziX$0`Ars~aRYQ+&MG35waM{zOHyj&<%Jt;M??0R|KEf^4I8Fb)_l%IY&tPigio|@! zv6>&+Cs9vv<(s`W}l3YI64H5(N znjINLtzx{*^F^~cwH&i>;@oPNB2+;TW=Ol)0f2Ytu|w95M>`RB^4*F}pbGoxE5I_+ zbT96#ORvEFW*5O3DqV`h1&T!NP=V#bVnXyB&#?kycQxsg|2Ka)2Eb+KUX$V;t+DtZ z=yb&{HVSG4Ig2r++-B;y^%<)au5yK~l8T)M`*5O9ehUVj|?x0WT^Y^~<9Zs>rjbBtm844w$9XKP=-aU}g)->D2^; z+OX*Z<-luA5;=9V8pYlFIer%%BBoT0(!a{(>mk>A%atWq?+P#bd2NBZM7W_V6g}C7 z%Gvw$EL~W;LDzS3$)t&$5Acb`AUf_eZ18vc^ONruc1qDo*p?e*n`fq!WVVV6#i&hQ zZKf1?w~9aBUhYn)13lV+%Qq9`E&qgYyiha21aBp{55twJNJ)Hc~lI`$gXEB5(42uD}oR$_IVjr4jgLM{Sf zGdF0@_itsi8hqwR`aR^<=KT~M={-Ex*v?4a!Oq^1-pJ0u^b!<1bD)1f4T7L>E zsa87qy{r;UEnRdbE=&3=g-U4zKDC}WJPAVNGy(@0bgL37-* zut2?xEQA7_krKj}v5Wrkca#1C>6|8K@IPF+2D2N$2)>PUegznxw$UBW5QR+2T|U1D zFO^|0eAz&QP~Hzvvh{0SNSfp>a&xHJ+QVl=6!y7n*aR) zD6A*6&?q_aI%S=&GPO+FFd_KLMm)heYdUG__P7w?(y9xATX)zf>StI`(8zd(F$+=B z0P{AK{QkpfVA96lF2R9i1tXaEkOX}qAfWfCgkN#K_V4<^$;3g)#L4NGqWHbeNM~qa zd#dJXk2a6R2OPn|1(FPu5^hrq28)(}=;%)cvO2Ubw!ePr;7Z>ssKe$tDbu{%Zq|U1 zFjZcFC?rOVcO^g~>CZbb0&AJgP*r3B6I~@=mWF;5X2J!M5W-J|3Aa$Pu`FYVFWu-| z@_Mk&y?pbe`~2Ls;p(th2q=SepJHl+9Q53h8X{IcjQVE(od~D=ay&5IAGL@G#`|R? zgXQz}in&!zx9<(D1|`fZZKkwD9|u}hc3d!dk0Wtq0c2nbn4D4Cxi9xPwtUeJ=tDaS z`RgT?4Lu^2)M~J*$wk-M_HA`6IRVzBp5cH2ddB%u$pS@>>r5I28bOrN!)ZeYK7j3s z8PI?^cK9X+>6JApr>d14jYxnZS-#7noQ4PPvYQWDDr+p)@HQSoN{>3=u>9cGZw1Z13yaya)zOP;zXae-*7l&ZWv*2 zEu*0u9X^tq)?&E9R#7`vk~B?>jIwh62_(626K$~hu#$S(9NGX@glSbXnM&QU5O|&Q zK$VN=XGUmDKtRGEA~L;3GZCjp@NlW5gR^kOzB7oFMA87&h$?N^pq#SdrNu~X++wph zHtH_YN&!jl@mw4g(}?6LMTQ9?S~8L^7iWyMx}p;L^yN4xn6_EC$x<_{1RR!P=aJ~J zrRA%5WXvXoW<;o$Y#O^G*gk+-gpDt`ooMSy8y+h9AffQwbmJJF`rdhJM5ve5jLCHkd>hBiyK+^cv_Kw z2=Ghw2a2Pm&14x&5i9}yZCO>8Sy`igyG(h?7(cCQ#w=yheBGhpOhk3ibopLR!%_b7 zj|SU*36fxF{f!(@UrHk=nM4IY^-fXhhn6SSY3T}xe49fW`bbBO<%m7~(YlCKe!oKe zOnjWNPeF0iypc=nd+Ul-E#p3D-+EYdn5kj^7A&EK7F~WQ3Eu5fI*^ub2!~c;1!@(t zB)nwSS5h53&EVEvR+tVp{{_0TC~1}ia*0p1CEw0i@oeEw-BjGf;HDxCVN4AqRn;)8 z6;ndapv_s9kRQeQwNI(gy%|za*JwhrouRg01PaJQ1@nW@AiX292*5fOas-6v_vP`g zwis~=b?H9!70vc>1RgdrFNZ{dB#`A(>r^We*+d$bf9Q!mhK^PF$gR$WnCu`OHeCcQ z&UnT`*e`C{DW#pZ6HFHIkkRi0 zR&lSrf0@!6!-p^hgf;4DrVMG^EEGX|D(mC~=$elxT8`E|836ZJ9|5O9CIQ%Q%b;re z(bM(!NJ2)eJ<%EWb-p{y}UsDid=PgKsR@f7o zS5S}j0UyGlJBb5@S1&1l#~KY|y#q>s4#rjtw*YY8U-gjkdX2id*vI{Bl6&nBw@eRdP!4Y>pDqi2XL~R zuzH=e9;F(#ZNC@+z_9JfU3D>l41KD@$dpn&u(tbD{I=|R1R!9a>ufd2e5kb_gnJ-~II zW~br7RXJV9^Bab|5qFbio+o|nj;iB1%bo=_52+9o#c%E)l%mXxuotwyR|4s(MHFA~44Xv>KNgW|Z}Nl$hpPr45G8Obu-i8?S{ zzaC#q?XDMcU-(+(J9=gX@8nuUKL0q0K2THXSrGbsIVBe}=!*B_s_EJGlW+5`{t9P1 zZO3+?Dv8>o=Zd>S@#fLc2KU=*^89_)&Di?NU6+H)_TGW+aqja(@$H`S&f{^v-Po6O zpC{NOYve2L<%90qvx)YNNs3gLx4l(}#96U1lndL3)vB3vlW~~RVEpyPnfbc=>x_f@ zB?QtGc0KkO+tPd?W-WP)!?O9L2TuP_L#-L}yCm@rN|d9NvmM4&8Rw`fE@D&{2TZLu-NWwSr@ zm5Q-e^+M@-0(+YZfMMo1uq1!AW!_7}X-8eM;_v-EMz&4aA?HgrD?XcbCC&~~k{4AO zH$(qS^PtJxmr`eh6hpeH*UhFX;j1-5SdQdF85eRyBe;4-&LLhRlULe(F>7GRWaD1- zPoa)ypIqz!#~(L06*(}Y2v=K#SGlkK^fIePZt1s~`-i!=KSdGTP(>Z=HBD$x9A}fL zzlb>b-{FjryNm>(Fw0GwVc=i!p6yf-xvl>+Q8?2~%->Ixxle~aj#0~f)vvdZ;oyI* zd~9I!8m$2a%meDZl&(p}EG4@>b-%rzcKsu~8TbS3yQAdq{|exrzuG^`zxiVTd8vN~ z`1kzee=`0mE8j)qU$T{dXZ-h^&3|Q_2LHo8{~t0qf5-VfgYPdSnD=M?EuZgq=HFAQ z{$l?6o-X*#{8xh2@2tOvhX2J%{T|ZuXTSfiK=I!Je~+5}3sC>vvGwnOf5lM$j`DkG z(O)S3cz>Y$9%%GC!0%_He*plK{p~RRI4S)d<#)H-UnpaAf1vz_lkRtfe|H-E#Sa8z z&jbYYA1;L7*?-^g{RMEt^2Y%Ff3|100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + cephjournal1: + partitions: + - name: 'ceph-j1' + size: '10g' + - name: 'ceph-j2' + size: '10g' + - name: 'ceph-j3' + size: '10g' + - name: 'ceph-j4' + size: '10g' + cephjournal2: + partitions: + - name: 'ceph-j5' + size: '10g' + - name: 'ceph-j6' + size: '10g' + - name: 'ceph-j7' + size: '10g' + - name: 'ceph-j8' + size: '10g' + + platform: + kernel: 'hwe-16.04' + kernel_params: + console: 'ttyS1,115200n8' + + metadata: + owner_data: + openstack-l3-agent: enabled +... +--- +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: cp_r740-secondary + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: cp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: replace + path: .metadata.owner_data + - method: merge + path: . +data: + hardware_profile: dell_r720 + + primary_network: oam + interfaces: + pxe: + device_link: pxe + slaves: + - pxe_nic01 + networks: + - pxe + bond0: + device_link: data + slaves: + - data_nic01 + - data_nic02 + - data_nic03 + - data_nic04 + networks: + - oam + - storage + - overlay + - calico + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var_log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + cephjournal1: + partitions: + - name: 'ceph-j1' + size: '10g' + - name: 'ceph-j2' + size: '10g' + - name: 'ceph-j3' + size: '10g' + - name: 'ceph-j4' + size: '10g' + cephjournal2: + partitions: + - name: 'ceph-j5' + size: '10g' + - name: 'ceph-j6' + size: '10g' + - name: 'ceph-j7' + size: '10g' + - name: 'ceph-j8' + size: '10g' + + platform: + kernel: 'hwe-16.04' + kernel_params: + console: 'ttyS1,115200n8' + + metadata: + owner_data: + control-plane: enabled + ucp-control-plane: enabled + openstack-control-plane: enabled + openstack-heat: enabled + openstack-keystone: enabled + openstack-rabbitmq: enabled + openstack-dns-helper: enabled + openstack-mariadb: enabled + openstack-nova-control: enabled + # openstack-etcd: enabled + openstack-mistral: enabled + openstack-memcached: enabled + openstack-glance: enabled + openstack-horizon: enabled + openstack-cinder-control: enabled + openstack-cinder-volume: control + openstack-neutron: enabled + openvswitch: enabled + ucp-barbican: enabled + # ceph-mon: enabled + ceph-mgr: enabled + ceph-osd: enabled + ceph-mds: enabled + ceph-rgw: enabled + ucp-maas: enabled + kube-dns: enabled + tenant-ceph-control-plane: enabled + # tenant-ceph-mon: enabled + tenant-ceph-rgw: enabled + tenant-ceph-mgr: enabled + kubernetes-apiserver: enabled + kubernetes-controller-manager: enabled + # kubernetes-etcd: enabled + kubernetes-scheduler: enabled + tiller-helm: enabled + # kube-etcd: enabled + calico-policy: enabled + calico-node: enabled + # calico-etcd: enabled + ucp-armada: enabled + ucp-drydock: enabled + ucp-deckhand: enabled + ucp-shipyard: enabled + IAM: enabled + ucp-promenade: enabled + prometheus-server: enabled + prometheus-client: enabled + fluentd: enabled + influxdb: enabled + kibana: enabled + elasticsearch-client: enabled + elasticsearch-master: enabled + elasticsearch-data: enabled + postgresql: enabled + kube-ingress: enabled + beta.kubernetes.io/fluentd-ds-ready: 'true' + node-exporter: enabled +... diff --git a/spyglass/examples/templates/profile/host/dp_r720.yaml.j2 b/spyglass/examples/templates/profile/host/dp_r720.yaml.j2 new file mode 100644 index 0000000..d686571 --- /dev/null +++ b/spyglass/examples/templates/profile/host/dp_r720.yaml.j2 @@ -0,0 +1,103 @@ +--- +# The data plane host profile for Airship for DELL R720s, and should +# not need to be altered if you are using matching HW. The host profile is setup +# for cpu isolation (for nova pinning), hugepages, and sr-iov. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: dp_r720 + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: dp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: dell_r720 + + primary_network: oam + interfaces: + pxe: + device_link: pxe + slaves: + - pxe_nic01 + networks: + - pxe + bond0: + device_link: data + slaves: + - data_nic01 + - data_nic02 + - data_nic03 + - data_nic04 + networks: + - oam + - storage + - overlay + - calico + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var_log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + cephjournal1: + partitions: + - name: 'ceph-j1' + size: '10g' + - name: 'ceph-j2' + size: '10g' + cephjournal2: + partitions: + - name: 'ceph-j3' + size: '10g' + - name: 'ceph-j4' + size: '10g' + + ephemeral: + partitions: + - name: 'nova' + size: '99%' + filesystem: + mountpoint: '/var/lib/nova' + fstype: 'ext4' + mount_options: 'defaults' + platform: + kernel: 'hwe-16.04' + kernel_params: + console: 'ttyS1,115200n8' +... diff --git a/spyglass/examples/templates/profile/region.yaml.j2 b/spyglass/examples/templates/profile/region.yaml.j2 new file mode 100644 index 0000000..9f862ab --- /dev/null +++ b/spyglass/examples/templates/profile/region.yaml.j2 @@ -0,0 +1,35 @@ +--- +schema: 'drydock/Region/v1' +metadata: + schema: 'metadata/Document/v1' + name: {{ data['region_name'] }} + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - dest: + path: .authorized_keys[0] + src: + schema: deckhand/PublicKey/v1 + name: jenkins_ssh_public_key + path: . + - dest: + path: .authorized_keys[1] + src: + schema: deckhand/PublicKey/v1 + name: {{ data['region_name'] }}_ssh_public_key + path: . + - dest: + path: .repositories.main_archive + src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .packages.repositories.main_archive +data: + tag_definitions: [] + authorized_keys: [] + repositories: + remove_unlisted: true +... + diff --git a/spyglass/examples/templates/secrets/certificates/certificates.yaml.j2 b/spyglass/examples/templates/secrets/certificates/certificates.yaml.j2 new file mode 100644 index 0000000..5cb4018 --- /dev/null +++ b/spyglass/examples/templates/secrets/certificates/certificates.yaml.j2 @@ -0,0 +1,2806 @@ +--- +# Certs generated by Promenade, see docs at +# TODO: move to https://github.com/openstack/airship-treasuremap/blob/master/docs/source/authoring_and_deployment.rst +# https://github.com/att-comdev/treasuremap/blob/master/docs/source/deployment.rst#sitenew_sitepkipki-catalogyaml +data: | + -----BEGIN CERTIFICATE----- + MIIDSDCCAjCgAwIBAgIUegkh/antB1XyDVHdP5dv+0MZyBcwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMCoxEzARBgNVBAoTCkt1YmVy + bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQC1jUTdodnxFzC6OD/Rre2Qqw/BTycKvWW3Bkby5abZGRxgMkV5 + SxTSMazjPYjEA7+rhXqKgmn+OaV1trZvYbH0rZcRyGSC8D5Wj5SCtuGO6EUqx8SQ + 1tklnHbFKtMDjN8V201SV/ydUfXcFFlD8jUXUkb4iSZV+hkhOO3ZlTqBo4/vkYMK + N+7Dsv1Tfs3sHY4MDuiI/Fz8Uj5bMrKc/gVdPnrYPRsLQ/xlkfufsUuy0VlokrpQ + uYQjorvYbhpl6B7XT8mJsf3WQwB5A1E8bxFp0IR3tEaMIzXeSvrIS7ajxu0zVY/B + qS+uwRNtkCxs2cNsqPoQQBYTkhAoffWnBGYbAgMBAAGjZjBkMA4GA1UdDwEB/wQE + AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTIAmvhlCafX+fLJ7FY + /p5ZjYibADAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY/p5ZjYibADANBgkqhkiG + 9w0BAQsFAAOCAQEAm4qCucz52aD2AqP9m9r6ZRPlzAesImR7eXOD+ix4r9uMfM85 + YYAZcRhf4/RWwfIWvngeXWTUirAEbwNfXEkbMddTkrBZ7q7BaqYH/1BNXRahBd2G + CJDQa6HMEvSLOkH/vAf/BY3d6WprS69YWVC4ffj0+FqBOMD5KLxPfM1gdashV0XB + yIFo4HPYXn3J3H7HRc17ZizOaPghY/ldNWsmoj1YPlxA9exDPQ4jI91VcSCDZbD/ + YyIntJzMZZ28xFPQFhww2oRD5LpDvfq+P6gBz08FKE+lmRKirANVzBltS2I8xzMV + FSCBNl+qV3evUg57xzgjifVHxmfSuLszLtTkOA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUjCCAjqgAwIBAgIUV1YkAwvB59dO83zhqvvcdywidd4wDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTIzMDgxOTIzNDMwMFowLzETMBEGA1UEChMK + S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrN + mW+LBH1HuuiB6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S + 8ErcUsEGFllORBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xU + Mnc0ndlbrtVejWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu + 93SMMyFl9szFjP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUa + BR/7NuC6kxRI0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABo2YwZDAO + BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUnSYC + 0OZmL0av6dRaIZe3txRXx8cwHwYDVR0jBBgwFoAUnSYC0OZmL0av6dRaIZe3txRX + x8cwDQYJKoZIhvcNAQELBQADggEBACPw+ckz/nVMEOVPrJUmXQhaI/wCXHgOw/rY + sIqsRF9PGvWgU5I1CjhnHQLUy5YY/yf2g3EgQFFUh5u44PCuCMIQejun1SwFP4tI + d/CQQwDHMdGYlajApvKITcbpTdzU3yI9jVbf7szDaeYBDcF8uko7h+8FbE+vO/Ub + /jWGy58n4SfjEOQ2zKxa+kIhI8yAKrgl+nC9tkuWD3Veymc6yYD7umXw5uTP4gVp + zTRaZ13J2MmERXNYtfx7VRq6xvcpVhDH496uWuyxUSrOt9gmfrNfeixWxUoDUHBR + t7f+igcy4zwv75PAcKI0lOHjbcF6d6+1CdNVQt3XOR9UWl63lp8= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDXDCCAkSgAwIBAgIUb75pk6FxXqBl9NLZaUuFBJupnoYwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjA0MRMwEQYD + VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC + ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOtZKHMDL/H5Q0qYA+07HRpt + +4AsXRrL5DaiGp0qnq8fisX/mwODDJxWacCsrXnFZvcj+2brBzi8oQHpEw4BueYs + 8RYlT3tPMOQBfHl9m69ZG6150r0WsrI2MiPLrsMSDAIreaOLc1ptmGMWqyEy/UpA + fgtiMq810euhLfrHKPRXxYfndMN82NAnAT2VPqnFIj5r5npPG8gL/ALN2DgcBkiC + 3T+FiZxAq3thm2FKFJizYGtCN6t4grmhX8uZdBnFjLhP9t5umZFsPcpEzpiF9gIs + 1wd3UcDhc/mzJlmkVax8yrvvuhkPrbuQugNiCbkN2LS9iAapGYP8lNg1oR5k4N8C + AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD + VR0OBBYEFBK6v8RVwFvzEsP3RlVZSAZ1LJufMB8GA1UdIwQYMBaAFBK6v8RVwFvz + EsP3RlVZSAZ1LJufMA0GCSqGSIb3DQEBCwUAA4IBAQAG/FupcGdFBrWVw/pG2Tgh + 3z227ev4Z7pVazolPiGJpQOTZ2dIdnSs4HwovCxSewToXLd9k+wcIV1NEzyllw9I + +OgdLHHHJirZd4RJdwlCIfYh1uXS4g85Mat+jDoBkzCX2FIkEm9m6h291UrlOqy+ + im4hkJLF7AwJD6U0GPqoOVNx/jPlAzXolZ6YTjZ2LHGj6Liu7Tc2LO+S0c3wVAXL + hbl2FE8KT6qYAoMxNLJlAvnFNi/mPMpab6PLgE8DYTSByvj2F5WqdaTlbCZZV0bV + DnTxj0SG0H8p0Y8fpz76/E1Okr1H07XxzNxHudS2KClUHMNMnrtmDIGjbZAMWmt7 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSjCCAjKgAwIBAgIUCKu+Ga+ilp0+4UGjAakITGRCA3cwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMjMwODE5MjM0MzAwWjArMRMwEQYDVQQKEwpLdWJl + cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBAJ++NV1PWCvuWzpSHABlD1adP30RUSbgqaC38EeM4rhhZLmJ + 48Bbo7EuueponhuNcCKDOWXPJEh67Scw9Qh4SLovRz72fu9KP5qPxjRIOYSh4V+F + qiE+iGz/tSvlInlykmCb7H15cOXMZcE1hH0CIC78GRmZAZCUJXW76xS7c3lm0jGW + /egE4IZ1r29LJo6KZFM3m3HTKlHV9XSluPjhWGU/atpi+TQvDX/Hv6yrseOkv0XX + T5n+Z/e5xmtEwnbzDHpMy3EwSDoxYHQrlEfRMv9w+XsFp4rfJ7ZofgrJk63StzDr + OxKBWXID44Uk6aV6TrWkIgk3E3QcKZn/Plh0i/kCAwEAAaNmMGQwDgYDVR0PAQH/ + BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFPL7h/k7n+hgJLzZ + a1WNuQxLmDl7MB8GA1UdIwQYMBaAFPL7h/k7n+hgJLzZa1WNuQxLmDl7MA0GCSqG + SIb3DQEBCwUAA4IBAQAqAuDjjC1UVUplI0XHTOVhuoNSAirOihtncXTVEdcR4Pqt + YT6s+oh+wV7V4wPAsisRCeIOpFzvp22QaF6l0+Gn9B8AHt5zs3+GuoYmuX7UXreJ + SVrnh+wI20E1fzj1lDYzgdekZW12SbJQs6LCJ5JfX1bTCjBL7ysIPzE0EWnqGGTp + qWa7dlzHLcU/PWHWXyNta5IlUZ/GCjMpLSMYXPO0a6Z5d0QGJXe9Iz4mkljwC3un + XXKzuKtpxxQZJ1+w70wfLHujnhUr3v5IDLDlxl698YRRopHyfNP1TZ7xUOMtkVqg + KMiLE1Ki0t7Jr3OYPOCmtuvk4bFoG0TIgA7XDGPS + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVDCCAjygAwIBAgIUagTlPOZ8jX10HMhcsHgh9Ec//00wDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0yMzA4MTkyMzQzMDBaMDAxEzARBgNVBAoT + Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG + SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoMT11MMWnPgQ9lOjLzx51o2BW5NuJyD+B + NuzzAmT607Q6oo5wQ8oyDHeOH0h1heL71/iqcoAzalHFKNLAek9pcjW5RudpLuRt + FLRC6zKedn7n9Mg4H4K8cahatK8rSrYOrz0UF3p/XuoxXN1uQCwIX3+aOT0hlq3E + ONo9+LqSVh0RhSn3Qc1BaGsMDA8ATs0jiCWU8V5Lkw8IUb1wBCe4iwfi1XRn8eV8 + jTW8dwnRB8yH8/5oVsD7dzOTjaUQg6w0nnn7SPFPhFOpwbX4Wd9fj1mq9uY6GIFC + JNj/UpnFRVtDO+8gJJxWV83SGhcvuJoXH5LoPmFS47TrMoBbGvM7AgMBAAGjZjBk + MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRL + fKY8JuyVlmEm4a6VB65X0x5aYTAfBgNVHSMEGDAWgBRLfKY8JuyVlmEm4a6VB65X + 0x5aYTANBgkqhkiG9w0BAQsFAAOCAQEACQlBvcV8mZncmP+zTiq5190uBm3Nf6Lr + EkLcCxmlB4PADUjK082C7oBm9z5QViimUg7fqdQSwZ3ujMYTIKgDADbTlLLKAGK5 + 9C6KB3cSOiFSmZInhZs5HUMIPlybmYOv0yQfGCqOKYzPaCqp5arOjn4CDEqc8QG9 + cAX/86Lnq1g2SfDIvq49t8BRsbahIN/Z+HPu1FhdahSDw35hGqkZ7DR8YeQrOSM+ + O6jgMKGgM0LtNno/rVytkPv/kdA79T3ZaoMoTYtR9D803RQe8XaX7GNBKUqptE2O + nCEazqPjNiB3GiP/oKxQwc/6o0fVqV5G/0nwZWQEKkpwUVCWMbJu7w== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAtY1E3aHZ8Rcwujg/0a3tkKsPwU8nCr1ltwZG8uWm2RkcYDJF + eUsU0jGs4z2IxAO/q4V6ioJp/jmldba2b2Gx9K2XEchkgvA+Vo+UgrbhjuhFKsfE + kNbZJZx2xSrTA4zfFdtNUlf8nVH13BRZQ/I1F1JG+IkmVfoZITjt2ZU6gaOP75GD + Cjfuw7L9U37N7B2ODA7oiPxc/FI+WzKynP4FXT562D0bC0P8ZZH7n7FLstFZaJK6 + ULmEI6K72G4aZege10/JibH91kMAeQNRPG8RadCEd7RGjCM13kr6yEu2o8btM1WP + wakvrsETbZAsbNnDbKj6EEAWE5IQKH31pwRmGwIDAQABAoIBABTEsVENN8o9leRn + lN1eoSOAfg/mBxhSbDVQsYMNxFVnaviSJ6JldV9KMXXZTzDlIOL1JPx9SLS9UXEy + 0pHRQjM0PGjbXKwh4W+zgxCk7Q6VAXyQV6sd+L81s9yANp1cWxS7/o9h41L30kE3 + zrJYHbyqO9YokksZjhBf282dJZE4vFrrEjwYVq+qDcFlWbpN3hlVq0c4s/BlJL1G + 9IVA35DTlS9LAjIsPCKzAYg0wZY+9X01ym7iFG0UWbhKJctmBniOobc1adytLI4Y + MEEQnR3UBUOjs/ifYYeUqz/WEhSqpr5cOt1+cP+ReJyUBa4gpxMC9Me2M9L/liOE + vyw7MnECgYEAzorHV0UaK4Ftbu2N7FgEOQmwkR/GErBjZ0rhikyOI0PCGXq6Km94 + 79wDQDjXUqlCxlS4WcN2+N434rV+S1eOHkzLV7VCAAR5nm8upeYNaNyxGAz7PubL + ZbKcPaYqHkY6SxG2LhJ8/Mo4nPr0Vb5SSaTLEuxibSssCF65n5wO7fMCgYEA4QaQ + SV6n3FKaVDJF3molaAWwTrUNnZynVOpJpuyT6hmmyl8cG0k+wznah8xlD4GH5AjH + pIP0VjxGC2nDG4bUDESL8pqFDsmXE5f1kziTXsdWtE7TZ5Z6IC2oBIR2sTvAwwO1 + 8e47TyHG19VOWaoc5WOtsceZ7ZIPmYYgKvv0qTkCgYAMhWNCSiElBAqjT+lrq4ZO + AuVeVuPGHEVabLKxlKSFRMVOkB8bFXjqaZcU3J1JGJPAvEAUyQG8YpRWvRPz81Hd + SmCFZ6qhn6PT0/+q9QBZHA/sWlUc4hbwilxobFtfTHiaNm+p6VsEZCn8ckY/sHMC + nefltMjev2BC/aMZJvfMuwKBgQCbwABEWDjVPXNGTZmgjVWgvzc98wEek1waYSNj + XyIuCV0xe00n8bV4SOXh0m4solodUppkW1TWD1fn9Gcv+U1xxEwdOihYiN2BmU9H + fAQ8uLphiKG4dCXJefBuWAUTPSl5kWrwrhTs+5L2ttRJKX5go3KIt3/qOIuFlplT + RxsbuQKBgQCnymwu10mxY6ezSHJjZd3Al8Pj7KsNiURVP7A4c3QhQdCpyXDIfU43 + RAYTprsQ/dM5U7n4vXZnvnSYBVwrLirfEVsE6A6h55LkMEpEkKpwro3Jgs4mFMm0 + ksjM1xPJ0p0jLT+fL1f6sTAONmYb0ra5xl5mrgzHn1zkZ/IlmnpfaQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAzUobHwzHYA4KMu7PGtqreil8uhm++fs2XqrNmW+LBH1HuuiB + 6iUZqgx9zEHpll4bMr/YLp9cdYu9uVy21zglHAyostBcqbe2dx9S8ErcUsEGFllO + RBMN7tIFE6VB6ldLqoV6jyQ3F+LSJwhOOzqBWuozSlBLuOv/Q1xUMnc0ndlbrtVe + jWZUFt5ItOt/pyXbZ3zAFmCH3bMCm8vftxjphNFrWVvHPaAySvKu93SMMyFl9szF + jP17BP5PwmjsYxkbNL8Fn26akEQvaFV8YbPEJSaxAst8J+QAbXUaBR/7NuC6kxRI + 0kTQw/nAjeaRV3AuWm+wBbuXtO5c3cyDsxcM2QIDAQABAoIBAQCLOG+OLh9kEAFw + qy2++38BOPOCTgWLCIfFybXnEZNItyGXKyk3vnNaNGB3zld4h1eQojQc4ixU9zDy + bWL+L/BSxm793XqKCrHutUqM9WfXo1nafDQszHNNfBa/TPqXzx3cheso+hl21HdK + y0IqvrGNE3k3M582yK1zZEEhfGAtj0tjsKoEmOJsP+nc3Qc+acOPRg99oVAFfcYn + hwKf3fxpxmhCEDcYCSTlisCcNHilRbOuvOmfzGrWoMgHjIN9swz5YmEtIFV6j4Mv + Nl4r2X955YVUc9WgGqT4lVktvNzy40nsWDGfAKLeX5g+ZBIMAS1XVg3b1Y4DLTTr + V8n+BXNlAoGBANC1/RjUpGudWI9THiskKGl68xTXHimcGas6esR5bB5zXBDlONJv + meRx/m8Fi47SqoVuG/aFXiUfxKmdUPhr5ZG61nXQx0r9x0zzK9fxSAgbQLa0TQDm + Qgt5nabr6YDdf1Z7CBkyXJOFv07xmVrcw/Mm67qixm0a0GryJXz1M45/AoGBAPvN + qY4lQf3Tcz7jDjQdhG9R/VRjoOnlMwwLV9suASPXcgkRpRJ3iy+fBdQFfNYhUPcq + /ZA8mKIQfvdIeULP4v333soofPu/o9Q1jXcnQR7mWRyVh8KgxI/jMwcvjLBGZ+aa + wE+KDXL4vOQeNY9dsAH9nJ2clVhay/yG8pJVruinAoGATbIB91Vpo/oeNrS9fVfn + h2TSywZN3zWSRLDvdOayvh85vbxnS8dp5aYeDpxk2JVKD4Pu+vWpF27dGjtLIj+g + ZYDFR3SiTCNvJxE7WBclNodWru0t4VDWc0khzDr0YRmTxtDkMeUSm4RltHCyIyYd + +A2cIY1pCsK5paZhGER7necCgYALevj8Dh7QH8/lUhzXq3DaUnamXlR71YNaTToY + OCS9KZl9aFyKVwD1jt6JKCbk7GfwnPkqllivKulfBOLidO/4fFCgDvCD2dzyU+67 + PALwEbiGYRrreMD9fnJZJYXYk50xGmUiOz0ZvNV/4RC4FKFttc5qMTVt7dXXEaAF + o/pxiQKBgDH+mUxrVCSF9U6Pe/nByClOf+mx7xQ05SaNh6o+NTIcsWh75qW0bU9Z + JRKoJH4veusTQn6y1BcVqC8flCEwSFnJOQbiGYdBiEZ3HzBc3twjMiRcoMzR0z+w + VFOORt0tImxhu8gTBcybBt5IVPsKzQ3aEnh2cxMEq4jl34YJEM+t + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA61kocwMv8flDSpgD7TsdGm37gCxdGsvkNqIanSqerx+Kxf+b + A4MMnFZpwKytecVm9yP7ZusHOLyhAekTDgG55izxFiVPe08w5AF8eX2br1kbrXnS + vRaysjYyI8uuwxIMAit5o4tzWm2YYxarITL9SkB+C2IyrzXR66Et+sco9FfFh+d0 + w3zY0CcBPZU+qcUiPmvmek8byAv8As3YOBwGSILdP4WJnECre2GbYUoUmLNga0I3 + q3iCuaFfy5l0GcWMuE/23m6ZkWw9ykTOmIX2AizXB3dRwOFz+bMmWaRVrHzKu++6 + GQ+tu5C6A2IJuQ3YtL2IBqkZg/yU2DWhHmTg3wIDAQABAoIBAENhHEaJVBG35n8V + tJIXyYZGlKmmieVhGG5XzLzQdev3YNi9DFleDJ850j8acPQbAxagk5pskX2563LL + kuwArINsvH01o2LPUlUE4+k4f/kczuLErQP72p9RCtvatacdpJh+b+3Vv+nU1LsR + w17W5VN70Vpa+93Tz8zhMXPJzzzc04wKRvuEHlGBqDg4gcjFXZ6fcmO9LGvo6VzM + NHObQP2AY0JrVwmwUm53oFHhKrxqolNoDnrPGq3LlHbolSOVcEfKb9TabCtnCDvT + cbSzAvbmV2dKanz2SDBdF2A9T7nAPaBHbq5EW44yUHY0AA4kj45hn4347AZwc/zX + GU8QwDECgYEA7SxDcOdCtFL3r8aXm0R0rcyn4EnUtAMZu95ZkqSVIiY18OR0vOPL + KWP5y9DPTpvVEENZGbznqsCXBopv6eO0fLYgF8BJoT95cSIjdLKszg0Jdh/IU1Hp + FdJq2bzAuo8GkxCAco2AGmINy3yMGKp6cQRNf4mPMR6lGQYfDZNEgPcCgYEA/gfQ + q9G00R3NBJHRgBFnBDlD+evGB/l7+1OggHc/R6tclvYbPqICixJsubouqNKmMwoQ + 9WXVI2JFp6++xqM8rxDRLLFfOqG4rnb9S/qothZGZfHSzGVvrnBXbxKgV5O6MyH/ + yEP8C/sxcQl0sr5Qau/vC3txnFOLKSz7hLzUjVkCgYBoljBXRWPg6QVYeha43YMm + cS1GdshZaVSbx/1v8Svilz8KL3RbJ4ibg/7PphEE9SsLtOdBtk/iuHLg64NWfJdG + t3mHf7/4X2lKPmesOm6BnrYhZPqN430JpnR/+AB1RET97TT3TvbCq6KxrQaKigLc + e61BJIQEgSME2fIvplV7GQKBgQCK3tTZiRuzEfqJG/oOa/UIHxIlJxosM9vuSgo9 + EHN8h5ZnRIUiWUjQpDLh2YE2c2m+Dyu0K4Y4ALoZcH73cjdzcNsY9qIbmFswrQXN + qmremBDGHEvjxzQlhW6W3vTey3iICXceEORR3HFr3QJ50IZ/30ir20EBd75ktR2O + s/fyiQKBgQCK1426+bt0A9wbb5+9P4EBt2qV5nb0pS7oJ0hVXmj6GjM/dKS+y4Rl + t9siJHwX+/0f3PI8/90ujWMw43a+ktN+Py/j9UYIMEOtVnchXsroUn0XGb6gRNXM + E1lUZAmGr33hbuV6AMgi+ycK3P53AVT8OKbo61BTdo8uS9dHL5uEtg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAn741XU9YK+5bOlIcAGUPVp0/fRFRJuCpoLfwR4ziuGFkuYnj + wFujsS656mieG41wIoM5Zc8kSHrtJzD1CHhIui9HPvZ+70o/mo/GNEg5hKHhX4Wq + IT6IbP+1K+UieXKSYJvsfXlw5cxlwTWEfQIgLvwZGZkBkJQldbvrFLtzeWbSMZb9 + 6ATghnWvb0smjopkUzebcdMqUdX1dKW4+OFYZT9q2mL5NC8Nf8e/rKux46S/RddP + mf5n97nGa0TCdvMMekzLcTBIOjFgdCuUR9Ey/3D5ewWnit8ntmh+CsmTrdK3MOs7 + EoFZcgPjhSTppXpOtaQiCTcTdBwpmf8+WHSL+QIDAQABAoIBADnKuMe/Uujh3QNm + fVbvOPNfBH8c6r0j/np00WsxXzzRj31Ik6sd/ES34O8bVkgljXIPA47/t+K5Bl9t + aNjdm4IwZJg02Yt80zH53f1AO/7uCfljBD/uvbChekwdI7HIb4igIJjsfJnGrvGN + iRco07fr4LDQGC7UShEkIVJo1sgOhom9oovsA3X5JM5w3FHRrPRr5YFf3HwWoIXO + QVNXSMEpsZK1Hd2KvuOIyU30T0w9iOU2pI60GFcU1B5caChuEqG6xTNkh82gkTzA + 2fTofrWd9zflzjwR3e8NBcAt0XkeZFifApmIbjSIwrbhF1QtWLgOxYYHaNsGvK7f + 8WT1gZkCgYEAw6Bf6EB9RwkfULlX2WoSJsKpkShdjEeKq0P/y+p/VBIzU7ckEmf8 + uIMgPv5JnvEHdSS5w9JZQx4UT8roefC1MNn7ORhpCLQHI9CnI1rCiKtQO+TjQ3IE + rFjDfcVdY1ek3TQN6l9mHBRCvGVGZlfz0qIZLtdv6XCoU8r2yJ6Bza8CgYEA0QrV + CySN7vAw1KnA08wFBtgARk4m+PllN8l75C9v5qYooUsfdEEqiCQGLzg5NEMAOOOZ + LPdtGHbGcktyN6v8ZOy5wQKevvjDAce1WC57p92cfP/e0jUkDbNBZlANOJNV5J9u + 3nXKBsl/3CGp4qvG6YtJ2Qj/eO+RjVIrEpPNktcCgYBTH2cBIb3ZnDexLj/0wsxZ + qecxJayyOYfjg+5B8C8QQveKP8xVAdhxck4WVihkH9hiXyuL2GpTSYmp6fbkMXJc + ApNrzEJ9DznlbvhF3n/AYMKj4Hrsopr3vHO8kks/NfN4hnDPQJ/7mGRO9t12CTMy + Mexvad1EnLj5eclor2lKQwKBgQC4QIj5klW8Jl+UAq/gvvIrTxYm4dm+F+ycWG5n + +Vvze79SM6ncyVeYuc/trOvW4bt/aTTpColRR9ewhEl/Qotr1bAArLOJdjBEEGgJ + +qaplk7JaqpWs9o8bSSW7rZIiKzrn4+Ua1QP2WlmeRGJpojj7w6/SwwK53Zujt9C + N5657wKBgQCcBYxHytlfr1q6+RUd79+Tl4yKfZ1dWsRlNIaI0SvKFnh8nowBpSsY + JnlXP9TdAN8E8xUalFHIJGVPkXxdqeteD73Xz+u3iTSCXZbe+JOI1YaQtlYFwCtf + SFO7zpmhfWmwBSwyl5BKJgXYEuuwlj1ObjOdoanQ2FvN8ra4Ya2AGg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA6DE9dTDFpz4EPZToy88edaNgVuTbicg/gTbs8wJk+tO0OqKO + cEPKMgx3jh9IdYXi+9f4qnKAM2pRxSjSwHpPaXI1uUbnaS7kbRS0QusynnZ+5/TI + OB+CvHGoWrSvK0q2Dq89FBd6f17qMVzdbkAsCF9/mjk9IZatxDjaPfi6klYdEYUp + 90HNQWhrDAwPAE7NI4gllPFeS5MPCFG9cAQnuIsH4tV0Z/HlfI01vHcJ0QfMh/P+ + aFbA+3czk42lEIOsNJ55+0jxT4RTqcG1+FnfX49ZqvbmOhiBQiTY/1KZxUVbQzvv + ICScVlfN0hoXL7iaFx+S6D5hUuO06zKAWxrzOwIDAQABAoIBAQDl2bipBfrjr/Sq + sXoyJ3pTocOAwVTCdETJOQIfHcOwuVm0oa63W6QRH15KhpVIIZ2tCQLUWDyoqRsB + PYRDndB25eRg4Nu7t/vQL6qyg/m7/DlsjViWljrpKOorwKmXBYJrzvV7qjJNXDwh + WXip50SvlTnQBdGKKoshr9X7evnWWR2Ll6ZPFl9xtr98FcYJDesM5MZiLF/9WXOj + SGnUI0Xtl8hUi/unN5mTjH69Ed9Rk+FeCe55SFQm0p6e4Ql3v8aRb+P7rJqQ4tP6 + v1yaw8E2uJqTh24lRuN8vX5WxfcuUHi1d8COc+xTEn/rviJm/kkjqMFJq6N3L7QR + +lclqV7BAoGBAOlcm0/HrFwNtK2pwQj80NZPr0tpvE4CNOmqhwWKMy6AVin5E35O + OVOuSAanSBp1YeotS/28OY19mPAOO9IOJLhJRTtO9i7w9w860Oca1OXNjLBgbDEV + FvFVHQlqIAbLxCqaClMUTEbUae4ErDu/DS80Is56GomYZIf87vXvZuSjAoGBAP63 + l5Ah7Y3VboGxkidGaoyrWJxEq/SkX1NrysLln19Gc+J1JQE/QheP9nngclzOXnM+ + R4t6wynuEMA9XKaTBqXxGZ00eS8xoAv71LMLq5kq/0M7SV8GRUnEhmbe+Hc1pJTh + oql8Sb8fOJFhAEK93cCF0q78bcElc8A4UAmDXIiJAoGAMaXRKTUK9362/OeLuRTI + fX/whHPXayVPCpOMLGKNpwwIyN9EBXAxBBulGT1HutFUZpUCgNYlzHN3MUNl+Len + mkmEYCzZdX0wot3ZigGMX+POVcv92Kdq/ScliVY5wBhkAMhLAAfmfn88ljYKSp/H + 9035RcJ2mOWCJehrEom/c08CgYEA8ds5Wm4cthP2fccx04EVIsR/usGp1P1OVlN/ + j1eg4EJxPpGktW5vPxg/HLJ1ZJG/NQXpwRKrxWB7H04kbzYjleU8QPzWJG2mXjqc + V/W41hLxldDxdfzqRYUJaRxGKEsTHxqv7OZKz+LBP6kvKjBGIsvupKCjRkZdhiLy + PFYywqECgYEAig+NFXDFLdRIPJVbxpMZSD3r+tCKdm/uvD8SzrZ2ItAs/E0MW57A + gmw/ZXED3MvRe4k1bJgH9zzWfyULxvgT6crELy/81R6Qkyb2YpTwmj/ER5i6eIQz + MuHcMVlYN7kQPbadwlp0gL0aRMMXo8fWByNJCGeXoy8s5cNCuCTFxGc= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID8jCCAtqgAwIBAgIUfwk40PP1/FbvZzRxj+dZhylRiK8wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBQxEjAQBgNVBAMTCWFwaXNl + cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9015DYOAP5x59E + 7JlLFpr6RNI8VGRXPkTAoqOYedulYW+ELpDukyKlWePcHzxLr/BlXWbSVflpGlJo + BQ9hvMImRiiFrNAmhG0qfbvMnJltltbXSTQ2yq2uLMqsgAFqaYVsWc+BqVYD7Duv + ATXh29Tm1fWssMKtLT2yjty8oZb95DQf3N5tL0k0qqQM6J7yuptu7f8FB+2iU7mW + nhkROejD7ERSvWuH7Z2ancorFHUkCWuPVc/y/LRtkh6ldrIXnBJxnXavtRq+saC3 + tK+KgHQCPGp0Td8zwyQmY31dJ5tsZc47YT4nUuU1OQiN0O2re19dipRSMHa9VfM6 + eF85Ey0CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUZwOKEvOK + o8cjGvfoVXcLc27vOsgwHwYDVR0jBBgwFoAUyAJr4ZQmn1/nyyexWP6eWY2ImwAw + gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz + LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm + YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy + LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQCYMZq6FBGdkN9b + aSY+SgVRt1dKkFE1dvpt76vhGV8PjOsQYssOZy20U7Ce+NxSjtEACDehIt05J3ci + DWSsjSoUFr+FDnGnxQfeR4TTqRn5b3HuW9R+c093i8TbZQ9iU5XQ4YiCUB0zFTt8 + f6AqjrbW4Lq7+Hnb6OTCMPljwcI4pFpKoPZlkSKaka8w/LikelyqMfv+yx/u9jh4 + xPaDXpXu63tdgK54Alkh+n1Qr14Q3HdNkuz7hvfh7hLq7v67fkfh9TIKl4WX93yR + nVSQ8Eoez9bzqRFivswR9g3Q5zJItj6drWv9HOFsJgwQ3YZW5FaVpy7HXFg2dYIE + hZ31xtrZ + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUFZ7/WwHQcySdJEd8ehvTfdP+WPowDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr0FloDalergjH5+Un5HRquPDZQ + d+QHiilZx4/hs9cXqB9FtmnMAx7yFe0JweEZL0aen7M+oren/z4XJz/Hs117sk/m + xQglJunuApXVZzDtCbR2jo/o+9KrRjw7G53MnjavT2Lif5C/W9sQLqHt8bN/ynEW + SkRkLiN/muy/kmWg6ztsdWt5ApDgI0BF7ysksMzlAB7Uoml4flseAIXFvzY7ZkH6 + vES7wlQJ3yhugzolNtinUWUNTT+Td2sOIn+2PyVLf3pI3HjOrzr4/+B0yYSJymEC + 87dTftCgTsAFhqYi4jAYPhgANYRl0U3bnq5LNLhgnKtVT92ssYQDR2VXRikCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEJ+3HcIaiiQ3QP8p2qF9I7P + 0iDJMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAIoM + 4ZGwKerGsnxHk8WUShVpxpjppkU1HQC7QFHT4LNUO3BleHwpa3MyUSNzKW6oVbHw + bdZKxCXJZh+FAdjFOFcvXovz4TyLC42ByL2wJcwueHQbsMD2txN3SZYyJmU8lZrS + TG6PlltSYLBeuduLCGMEsRda3+uTCfuu9e4XSRbKAJNAugtAfCGuMKpLDlRfexhC + 5SZu7Ml4JXLaXaGkIpw6pTKxuGFpOZsPPiQ4kMdP+DusVHqEoaFHVdRC2JCzKUAc + 2CYijoKO+C+zhihgY+nIfM/SwjEZG3uWJa5Jk3R19i/H/MAS0kn6mLd1Pv6dw1Ex + +dVrrs9WHz75bkI2WjM= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUdsY8tmOFFCStV+vOwBOoAsJ+7+kwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvXVz/pOngH1/8I+xMzlAgj65jH + 1v7dXW+TJx7R7vMA26llcSOouB91dUuBN4NT9OZYpIo5IbJFzcjybt7Lw8iao+39 + l8rf55lViWn1KD7OOuIKxCo4QqNYWK0/b1YgD6RLzcoWDKiIt7pQYwpXxVg/gP61 + Bnig25xF0Cdnpr8IAmLYmA/UC2JvRhY+Gh3600PLFx9/xZIdAass3R/WFFbz7sLZ + /Ejbeztg2tGp0dDvSC96pO/PVxCiYtPSH/tfWy5dsD+nflF+8uC3dGHeLpAXO9mX + cEcqYHEGUnfJ3TisQi1sopUfrUyUk6a/k9s7zwGzI2ar763QpPMTVIQBBTkCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEvlGIv1fujC6LjHFIfTkqpO + FoBGMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTGHBAoXFQuHBAoXFgswDQYJKoZIhvcNAQELBQADggEBAKL1 + +Y6gYXkV+OOsM9dFzHUCbkMnukgYSE/4JNshy5MJP5OCafnsYmL6VQLYYuPvWVAE + sEpEa924lA8lUyPvvizFtB3nMlQDFFTn8VweWoGHS51mW9SKWcYdZI/yjRTSqI2P + SoYha49dVt9gNhRNT7FwRAZx7qJF2hF5ASEWuKOIbDPzx3UmJb0pt272cOBl2L5Q + LgeyDgLRYwK0kQkubib8ETBGXlAa+SdfIuMF1/jvycLQCNZrYYA27+HNJzZrXXw1 + xEgDk6lGbDyTccJbQw6NGWPwmFXNOEDeifuOo86ddfpX62ZRpZE4ePrb/0bYXpQK + QijkMKvqKTOlnfNKDfc= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUIP7kBTiKW97uLaPUu/8zaNAHYu4wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMjCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxcerRH3esJvCCSYaL+1PLtm5BL + 832F9RnAgP6ja2KflqiKAQkGbsr1WxnGAeDq2FxY6yvAczYmL1UIJ+VJ0uQtOIUp + Grdv3IJwx5Ne4hZcoD2C21NnFUdbJ+T0FQ/ssipTnZVIFHKr/4Q0VSDrTJxcWQ7N + Le/J45H+CNgQH4eRb2focNX7oga0y+PaAJEbZn/AdTXmU9K/u5XNLrFunEZyx1VH + ZOOlMah1maivb87MXG6DcBFpzSlZfG99hwMGkdN61hVsQEcGE0/5LTOVcnjTBn1n + z+0L+YMubU4RsLKMlxQCCSWZaSfyCtUnZFwCWtdynlTscpcjVp09D9sZAgMCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEzYsQviPaRIWTbKASzIutJf + zJ6PMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTKHBAoXFQyHBAoXFgwwDQYJKoZIhvcNAQELBQADggEBAEER + bomhscyxCjajsGMz8p1MWY9WSbk3VwQkPrmi67fClInxw/zE7Cq/QYkR/NF2ZvPs + /I/v8Vg4eyGSp6lmUEU+9PSSGPFt+Qeo9AUfej8BbN7ZOgDcVAEebhPLBMvZjVZp + z+v5liaJSHfo0zZmnpbd8H8dKo398rJXVhWJXtDNnT7KdEZczFOmldzKpI58AkdS + 79o5ZV8xy/XFtPgI37S/nXDlKgzjr3FMckPTDVMeJunkZztLmVYkOaFhaUGUQzT7 + ofO43ZLI/3bqBRi6XdwvkLCAX3M+AL4UR30JOGZ76QZ4ql1bOXZs9z9jrjwYy6qO + g4yoDBEEyyW9r5Eueog= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUFsP3NTLE5OCYkctH2VhqJs4jY7gwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xMzCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSxbh25O48HCH4uUuTk4opcCR3i + lrgBhnL9qOBioQPbStuvfGV5x0fzm06csazl+6rhl7X7DRd9Z2Cj/be3MrczoE7B + Cmzh+1fn1ekIa/qhgxavn3KeNhzWKRpYupxPt25AmGJe8qlcejUOy5VZSr2gCtGH + 0PxDDC0UfPcgncQMU2FJ4rEUiZbcB6QaT/BGdy/8DlUgK5uYkrSqesiUjAgrrgZL + K+o4xq/Ep7+/RHYPrvqfRQ9Qd8AgqK3MfiLP7dyGzNe3f5yY6sP4Yo/RW7OteKC1 + S1jUsL75+2rZHuEGwPzBPmD9pYg+aZnZvnAsYCMzzp4i47T+XAMl9w9+ak8CAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCI6VoPpiAEtTnH4DY5Lo/pf + UYA3MB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTOHBAoXFQ2HBAoXFg0wDQYJKoZIhvcNAQELBQADggEBAHqH + hEQfU+hFhwiKzPvicOPyy6sZ54/vh6sx6K9ADWL7qtUYadNq42EYXXcJb8LQ+NzM + R9jZa24GG+8HJL18EWjmw8JsKZU0GEvAR4v7BgWpNXa7jKzJtnO/xbApOaxfCEfP + aOWjBLF9dRRFUzHikA6DbdIw1Lp6Q9GTzhg9oT1YLbcRMPGjn2Z0a+6HPXlANm3n + DbIwuM8eX2OjmphiuhwIia6X1FXx2+1NrSVKS6WBfwuH4kvjeEPJQRZ3yZcBHFSf + m814PsHJp+MLZdQI5UKVHt+d970IhQ6xU7xSY5j8z/dp7m11kpJ2+X/SlGiaw3rq + 1IDSL9AZgtvpDsmvRCs= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUd1pAgV6L5TswxZvwWMXaxcWJapIwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNDCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1OzyYw+R9jGON6nqWfTsQ2P9iJ + Q1E3mikABRGSntBs+jStND9oQ/KmaIWrMCll/O+iEqsXIxO1/b3nDFsJbHR6tg/g + CRMSwy8ioEGPr5QvxlXZ3aBw2BWY9rLz5hk3n9shcYURL7LOvr9cCxDCZkO5W1/X + Fp4Am3tSMVkClz0TzhM9IX/FaJLDkhrdaBSsN1DdCfM3igeOdbQD5wIxpzNj6vIF + lueB60R/bZiWZ62IFooSmPqBtZwGw6d21F73WnIEJn9p9rEN1HF8mtqC16izcp0i + V66D2zRcXcNzPsp1B7hp17rSrc/hbulcX32+FgeJAnHHpNyDbhCDWQXVencCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKH3+wBwfmqScP3eufksWwzJ + 2gOEMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTSHBAoXFQ6HBAoXFg4wDQYJKoZIhvcNAQELBQADggEBAAim + WgtLTvmWw8ZS7pmMSVL3qg35mOvOphA2dtvtA1vbPVhsnVpGGWWFeMG4SGffLks5 + AnyeHogAyKEVgaCvsxJWEw8G4iqCwWGYicb0cgc960mK65ZML4mWcx97XEpKfmdF + 242YAl3ZvVKUCuvJAXg7AbBBEQ27feH9UVjNKHdcuriTRiVmp/2z7IXVuB4idXb9 + iRlzSszLXltQw3WXJ3CENLiLhCCydMs65IfjwdGrAwAfuF4w/IFKtCanBSCIYKDn + W4NKWasso9wcyL4Y/gjwdLMDu29KgqgBETb+pGHAXe5L13niqjYUA7+GU2nWFxbd + nTuWAQKSi1NkrbMGPbM= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUBEdIVfkE+kwG9DV49f5QcIiJtw4wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xNzCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhCzxVRvXOim5tZj3b3Wjvwovok + +TGB0Zl9m/ldBc2BGdf3yEW4Vblb625UYuVsATySILS2qyCruGMnO51O3boce6Qd + 7oHn+CaxymDp79lFFioiMcJG2bz9L69RooXRWguxT/O4TEM/M581EiVDOGhHSiU7 + KHEp1w6Q5CENEM0VqSK9HGIbECRWuYMCs+xjx+TFKvgYtKQDG8fWtUve68xTIEHr + o8Tgz920ktJN7BoXbEyl823Uh8EiQG00Ab4YGgVVF7mqXyx+44L6Sh78QL85+PKs + aY7VllotXsVt7sffYqCX+xZKi+01AvnYFgoXwSGzkU1lrIOZA+fLlLTpOqUCAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCqifQdgZKoWVj/b+HEuZlwE + vdVOMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTeHBAoXFRGHBAoXFhEwDQYJKoZIhvcNAQELBQADggEBAG/c + +Mp66DkprxKe5VSZN0hNzEskIGUvR+QtL6nCxsbJAApnuLYZ8qvNdkRGktwhJipJ + nShpoo3ZlTV60mgsXNZl+xbDh9CLEeFINV7iBWoVVVfkfmJufV/cEXcp6qa4tSc7 + 5+X0cW8o7qoN2/5MOxa8ZJEQXe/BiZE+5OeS29AdMDNH5n39Fh6NYge6nhqkRn9K + 3ygEBL5bvJuu3JwNe3ACKCehGAac9ViR1h/1ig8PHXu6MblwcD/V4Ms3FUR+2BEh + HBK6+Gdli8ji7IVPGMpRWtZlNSJwQbODW5WuoRgRYPZT0j8ZZB8ZGav4dK4eXrHz + zr1W0czzU7eCi2O0qCU= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-17 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmjCCAoKgAwIBAgIUWgYgSrjoLvT5fHPZ+dTxg4sf0w4wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMDsxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEiMCAGA1UEAxMZc3lzdGVtOm5vZGU6Y2FiMjMtcjcyMC0xOTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3iTmhEz7PBOGSz7y37P6nQ5PGk + kR1amOHsGH9p1jqNdw8I3F/SOLtMQvbEoUcYCbAwZozUz5Dsozw6KH9cc/9cU+XK + vMJEiTYX1SK98AVqiHysExm99PZVteQfc6HK95CdFZC+dI1QiVNEkM9yFf4eK6KO + 35CHiIPnQMjzKG2mBGCH/sWx4yB2Hpgo/CCldQcLbW/LMKlYNUJDTsncCWkNKwXP + rex9bGQpuJPdst9TSDttHjanVenlCUGyY6Fyc75EG9juXDnSR+68mrNKY2gWATCK + mFFspdZ2ZsJkLanuUyC6VU4F7P+rv8yeNQ2vcnhC2LXdJ6OvoCisC7Hund0CAwEA + AaOBpjCBozAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN4M0o46D5uO2HAhhK14vfLl + HxhzMB8GA1UdIwQYMBaAFMgCa+GUJp9f58snsVj+nlmNiJsAMCQGA1UdEQQdMBuC + DWNhYjIzLXI3MjAtMTmHBAoXFROHBAoXFhMwDQYJKoZIhvcNAQELBQADggEBAD8g + CeBXeIAkzrL7G94Ku/F7Sk/KqIjvj2dZFgFgu5nyULEHs4TaIMvsFikjxCnF+fP2 + cBTv1zpwqH6m1XOPP63HHd0PAf4q/sM8++pUi65rm+1hoy1yJi71MWrDyuDh3gX9 + kpumTc6p/Woq1sNRXkCFYnQ+jwO3HJVxLgOv+6xCPNXPCLwj8a/NzLYAzDe1Uhk5 + ETKiwWXXCPNS4GbUFzly51NLSbyhBs0sSA76baZraUqx+rQECAFhaIQEnBVa7J01 + 5dq+BBPKwM+G49RjjzVcTskT51veohs+LIViJBxVWhlBCwmktdy1cqKdLixZm1Z9 + 84nzOVurqWynOCj0k3o= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-19 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIUXoAfBUxOtzyo04uE62Bt2EhPoIkwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCAxHjAcBgNVBAMTFXN5c3Rl + bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + AK3QN4VTC2MEPJA0UWTDXQpLntn9NNeTZ5jzqk0muZv+TXHh6UxKI68zeDMcJboH + 64yklJreTaJFD9H2PXxQMCPOjFnfsU9XYNQ7oBAzkUu0/w5hR0BmeWYTSyfl8/4Q + EHfMaFHtZggumeBGIwd+4vjr9BJNvDzpPIQB+rAxFncD+qKfIg2cIRKoK3TIpD0n + hIpMZ2ebUHT5z09e5mAMmCKi2GMg2+7RZaJBnPwXwx1/onwy9vraZ7AyDZOADnVp + MlNVBuWYfGfZvK1aPQtzvEebyOU//Ja9WDBuk3xQrZzkJTnmnMLAOfKzG5j9IWUm + VvGdwNfOIOJweglZsF41R5kCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud + JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW + BBR6Md4CKivCxn2GgQrqGgR/+czf9TAfBgNVHSMEGDAWgBTIAmvhlCafX+fLJ7FY + /p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAngDswIvSyZZ/0CLD284PjyZZMtMK + 5xsu+f+wEmKX3EFm6gMvLmbS3g9FFmf6b4DQDR8hJMMxXDXqhUrJurxF6BtswK1f + jTdkytbM1RxLkN+J7ZAGP4xAncJ9ENXIY97EmCQJWCkx6r85+7ZF1YsU4NOT/dDl + tgRk2X9DpLmOfGq3EfN+dcJn9/oKtxBMAmXS33pD1GgjuzZehYO/q5nl2FT9kkqY + nb/BG7ueU7f0DtD9qLb8gpLgXGLzkLeGpgkCwsUmy+jmPLy376fp31gRnBEzh/zR + n93uwNhH/oxLcF10smkashsLcPM/z/x8UX/KlYN6WKGyf8jcojiuWE1fTA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUM3+VbMiVd3EwPVMieGvkIIOWEAswDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMTHnN5c3Rl + bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAMJeOwz2VbBT+9BOeVal5z/El8yDcGKQObW3po95dTi2+MfjJBe5 + ZS2NvVSHEcLRjEpoi1Oc/EvXlHE8XueHhB0XpGEObNorkx1oQL1dMxXmK4GhRMZ5 + PXfR0pObBwEMO3rkMbZDvuRgsyRHIIAfYaUzurwwcrbKhUrmBmOErbHJ1LivwHbp + nVZrcEJHGaqQnq/S6gq0H/3rg4+dUweEN2RQoO8DfjPFbjVlKudBTJaA6lb5qdo7 + VhKiJdj2ymJrWTIPnqZik7prCjxCzFDGrwi0QL20XQtz56766NWssymFBN4/8k2V + xIzHGqzbUHT70Qcc7eKDRrgo/GzP1Ok0kz0CAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBTXNNswcepaYeuUnhGeGMn6QvceVDAfBgNVHSMEGDAWgBTIAmvh + lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAUU+YKH2Y9QKgBeIo + QAwdO2xtz9F582dD05xevHrn3SvHMpCG3OEmcmugD4Za5EyneqxaucPIQ77Dus4x + CuWGA1/I7d+EKnLU0Kg8nn061KvxIv/zKbh+jb5wFw+uPrQFPU1PboK6mhmZD8pv + yTO3ZFHJjF1tLPB5U2+KaWO8EAzVAoYEklEK/7TyQ8z0jzUGWkxXmZz78UTAIxy3 + OBw16kKAKGRgnxB2ybWQOO+grQSD77CDtXXJKV1jzpuk5eItqE87FAj+3EE9Qt9A + qH4MPV2zZVUTvCBocYVYs+5p2doEH1PuHr18VaI+AALvfu+p+BB32Jd1iUQ14WuG + IoGdwQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUClCdGiMCfJjYU1LSXTX45bQjkQYwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAM5Vla450p0zZwQzmpS/wRjVopyhHhLuS/ZMSDvZny0DZ6fIVTZ9 + lvBm1jS0UzTk0fWKK+s5MeXEnkGobefNpLwJik+PzP5Rab36W7NdKUG8/yxhH40F + u5yBJJ8s02LfuHos5lDGEuopd1TQHOKGBjp9+ImFk12J++vzOsVOEmREEZmwhVaP + bMGv5uSntf5G6Xgnf6ur9pIqduEzrdM+3tD5Bi4Q2P3x56sM0mfWwtuFvXTWmk6N + NhIb0doXhxf2Wgl9lvjxdkYCItUGMkU6osdD38K6f6rGLA7t9TfXTRl497VfAULb + xz5wtK1btifZEDtEBhrIC1SyyQoYpSNYx0MCAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBSY8qn47WRcBg6oSbpE9HbXxqGumzAfBgNVHSMEGDAWgBTIAmvh + lCafX+fLJ7FY/p5ZjYibADANBgkqhkiG9w0BAQsFAAOCAQEAmLhkS+2id7BhvXRz + ykyWTqpHEZzTBtMM8zRpho+U5S2Ym+sh3ZRTe1Zl5qTQzegEzhyji9nZ5d9oBQ25 + xZss3QV3BwbK+lH5/2TMY/JEldexIIKr6TonkvtfF/8yYh0qTMOdH4wWNMwIjgWx + TYsYjMZ03nSgD++hlILe8qQMCwXWbQ3srQ5nvvtW1QO4Zn537vnzBBPchp8fowJJ + Gm9PrPOcCqDdkiuKoK5yoQLBEav5j18rkafEUt7kpSHX+/VYFpFznTiDd+h3obfp + H8OZy0XNdHPHMA9bQJ8hxQmZcOsl6SPqtQafso13jTAqQ8JY27Lz4eUWBocL/9Kn + 2BPjNA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYTCCAkmgAwIBAgIUTOcHSSy69x/FJI3zhlmGL+2aB/0wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCoxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQDPeeZcrj56FLvfXMbHep+khlt53VKllOfd4YpFXuBfPNKS7sWl + +RUSR836IuKlqoW86uq6LTYk7QPK/m+BFXOiDcohvKgUPa1RKU3uL1gZmE8mfA/R + VmCrv0r2m2OocTz6rS4Gj8qKqcfzuZVMQmRnqxivcpcFIcm3UVmiRSjEhg/s81/J + s45D60M7oBiJTU1FItxBzulA+peA64NwIw52cp5q3s705VZxAbI2RUPd3nCz0cMN + RSjOYeN7aYF1OASrJXxl4eK4Azx0SZVO37hrvFP22OF6WF8AiHBkZbfZaHNWgh0D + BDtz+lNEQ8/0DvN9cEW6l2VIjS+fChcsyxEbAgMBAAGjfzB9MA4GA1UdDwEB/wQE + AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw + ADAdBgNVHQ4EFgQUJA/9/fknEta55uPmIbP/eNHi9MowHwYDVR0jBBgwFoAUyAJr + 4ZQmn1/nyyexWP6eWY2ImwAwDQYJKoZIhvcNAQELBQADggEBAIxybsZRna3OMwp2 + 8J75jEZ3yVe3mczULhApmr761B1zSEkaB81w4lC55foAKH/tijz1yj1WT/0BjYVj + VBgHufk1Ih6IbndPbNsb+BX4R1ucDIhnw8jS32kQy2qWi+JhZ7s8tH/2OZlNRhiq + rq9DcATzwYqk6avUR3lSpCyVPUJLGqNP/HL5vDNR/dAJmgrCO86UhzFWTvfgDmrG + mP6ejsM3qyWtOCt80ZcVPqWUb9AIZXdmi0ekwKStxpuGec/e2oZxLK8q2vcmloA3 + ftVUl1FJWFn7rQ+Rmobx8lnb62PTSkDVx5+hogXOh2AR4jXgTAAdFmdhyoM8+utg + syTdZ3I= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUDCCAjigAwIBAgIUcGEOenCIFEyRPk3/zF97GUy8sJIwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowFDESMBAGA1UEAxMJ + YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RPKuABA + bQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4aKSftWM6U8+LMDHyT0p48BwCg + dlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+f/OtmgbLtVXX1bkLfcM85YPT + VTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4wo+pALsfes6Mm6ygM/n/+z1N + Uxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZkzYqGNAZr/BZS8mgEGapcp4tF + 64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceHlF2xYlK/tg0134IZMJ2CRl4X + P439p+yN3H/bNQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI + KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFB1oWx7W + VLfuzm86CWwEudYb/MNuMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fH + MA0GCSqGSIb3DQEBCwUAA4IBAQCqc2HY5GzQ1M00rvMXq+NBODUL7WydGALt909X + 5EOERm6BAw/fuGbzn/wh30JP48+rlXyJ0iXeCai9+MtacsX8Qjvx4EBCsOrrhO1x + yCD+P6RFYilH4P2lufszhLYUkKaI1y4LSXJK1dJk8QByPL3i0b12FkedGd1HMOfU + eP6NBp7rcp3+JCTdaCcaYin/RFqtjoPD3ebuTRipK6Jr8+QFtnzJ5bLQcpNYgA2D + UCqHX1nSQF91xpro/MDE2OEFtulkM3vAiXsBBVp7cb9U4hs2LU8GvRqgR89sL+/c + i5Chc3uBTahiMyv82tdi3JdU+wE/2g9pwRcp4V5PA37O98fD + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTTCCAjWgAwIBAgIUM2lv19qkb9xH2Zng3VEa0hYh6q0wDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowETEPMA0GA1UEAxMG + YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMEFupWKyrzQ + nR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoFz/WY9OI/oMvvsr4am56CN+m1sSPO + FrJji0+fkMuO94/QkLZEioBgzJb1icI58QIYW8jWvoUYoxJPVNWE2tEm4081Bs4r + G7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv07sVXLyIHelVEAlTu6Q6OH4rV0mzv + HY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZcMzjylQN2Svgt0TcgvzhTQOenfOkD + e7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4sJP/T0KZ7MHs0gm7jQBL5+O0AZoW + PZgjq03OJwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB + BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL3+S/D1v1L9 + kNWBBz3luXchfH6uMB8GA1UdIwQYMBaAFJ0mAtDmZi9Gr+nUWiGXt7cUV8fHMA0G + CSqGSIb3DQEBCwUAA4IBAQC5QRgOhlJkyX9IAoDE7zb70HcuZ6otRYjvawvtEhDU + 2Kkv/mHnk+BAC5smzMLe+mAYskmdzy5fHPxmkSE5xnaVYS0WWAroq+XXiHnuO5YN + hDurPDHIn0u6vhk28A8g7HgzT+2A0F679+vosBXH2Gws4vIl5PP+GNlbdQL8iX0M + yYIA0gjuOpGT1PJtXEDRfs5zttDpdQ6O3wLv6Gf9+i0/7Es1xbTKe73nqDcID4BO + 1RzNoRLRpQmFWnVUiezISsev/NsqhPASYouEHJF7LmQey2fNOclvwiQNDdrVIWvD + PsDrmM/NFey0l07xiYp9x//pHPo2aqBzV5kmEw7HJuN9 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDzDCCArSgAwIBAgIURsu9xur5ecCsUR7gnOb7r9S6TtAwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowIjEgMB4GA1UEAxMX + a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw + ggEKAoIBAQC494q93ST37RC381QWmZ1bPvO1AAcvJCLH1gOtydds1XwOJJpD8ZM6 + 92cotmBBdrXRFekD2zzh9LEk7qcE308/oSNLfychkynJuNvrCepbkO/9o4GzWuzA + yS/u8Uu2dBA0wZC75bi372JJ5ra+tf/j3PlA9mRhLQn7oYaaS18Fm3wnVcpliNgO + xIPU4hF8TJp9UlPWkBHNdqCcfdjBi5W+lqpykgKydIgGLRBavnMNeB9BDkLz1TU0 + kA+3wPBZXiELOOCTOrPYMQHC4VKik2MJkNdfluqDKklQ/dojn2djIQnc+8bjQqVA + gsg3TlSaSecwi3HBO7D4ipcdvu05NuFDAgMBAAGjgewwgekwDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBR0enaucC/qjURE2E8JfZdLqOkooDAfBgNVHSMEGDAWgBSdJgLQ + 5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTExgglsb2Nh + bGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1c3Rlci5s + b2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsFAAOCAQEA + gBlVNEYN1T6toXQPv0Ju3ENiJdiAes8ZIuMkqQiItyJqmtP/S456pElAgn7EgMav + 7myu/w/5CWgTQlTt8ClTbx7TEkB/IC7vM9moUSRBDLWTZTrRBmodtmJG9ry3Sbdu + GlkzJiszhV2ffqdlcENb9YRuQK1lBl0Xc6TjTwn0vDlaNutXB0zVXK2PXsRsq9n2 + o7M4RO8KKkxiTXMlAWv4k0zOH2rWkVpQk5zYFqdsJMbZmDmFJh2qcRlR00uBO0af + mlch2LmAVrXwBp/ovc4PeZeJrKhdAizrTrHMvdlHxGh/rAuhS3vGLK95wmszLk4j + Tib+SzbWdTFqGbMPk9MEfA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIULvewF/oeP6iJw7D8A+A/vrJFKfMwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd + a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTEwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQCfoJnD3HCw3N253Y5VvwjGDB7k6JLSaAEpTdujduf+/Xpf + d3K8Gz3cCvsg96BbrhI5p4PMMb7JHv105svwcBzyNEIaCcmDJ9WqwAFqdlLLNleZ + Cai+fyUs9ZbXIAX3+ZZN24SzhicWxIMigPc+1z1bc5gvUF61KVRNhcgcjtjzBL/T + VwIY8VNln/EpjY32x2gWiGwpNm7JZa1sxvjKwAjHuiC0ScEJlHPkugvom603azCw + zYcGooXE+ib1jFaecWJc0bnrbdpvO+tZP2immzCqQR4Ts1gP4GI05hFvY5BiV7MS + X93RFQkZOkksU3Wg1a73nf62icBPPQaK4v0bZPB9AgMBAAGjgewwgekwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBRrlfApuX44D56dnWbOof3eczD1wjAfBgNVHSMEGDAW + gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEx + gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1 + c3Rlci5sb2NhbIcEChcVC4cEChcWC4cEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAQTyfl/Bi8iu3BZjf7Ii3xCtPqTW9bEGo6B6mzR0Dx7z/dUlHi9WR6/il + 655WMwNUEwX3PIewh1lfWTXMsc1eXsXvr4D2jQymw0ZaoPEbYw4r55iRT9rpsf68 + FAWvkUo+b2E0KaCZkQ4zScQeHhz53Y6aAPNDr14VHHIWBCDQLfdUzcpG9TmpLMau + rU3Nmbq30GnTO/N1/dTwZ2ABvWOWzsd05byKm7N1hEqb3hnRc7SuiTSJizR0/SpH + PC5RjJxmN0cco7KahaWLsmGzEW5kRGtgc65rgxR631LxRQ7/3hiemFCQB/kZJet5 + EQlDREoA0bLsv7s0L7v2Vwp5bFox7g== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUJq1hhapB1fc6nl6Ligd7r/AMDNAwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd + a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTIwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQC/7DqoSUn4rgkA5x93zqKBWXwA41TwEh5kYxarjsArewvE + YnHzuMySN4aDfEQYngG9DX86o6Oa/G9+k8xxFAVmoMQTczOv6Vn+mjn7mQ+o2XPQ + s3kBTvLHR/WB/+YtU7BKHe17b9wQpVV5q7R8Mq23wB1N74UsB+ySUg09AP3JzCyi + rrqolASF0U64kZGWA05OIeSoX7jHDv6AKE9ROz5Z9FNSScLedAdi3x08tEdj8Spv + oKuXDv7WIPbnaoYgoyUgeXz8WYUO00z8EGaaDnF5CwCq+71sZLkzis4HdiqjsWFR + 4PCsklxhxJsHpnVTuZ99PQXXblamaLZuyx/F2YwxAgMBAAGjgewwgekwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBSiLyWFOUf3xQ2CxWuUtZPbrjeL6DAfBgNVHSMEGDAW + gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEy + gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1 + c3Rlci5sb2NhbIcEChcVDIcEChcWDIcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAYXsTBrJnqk3aDauPyeMyEr9B9ffR0yPpW25F6fgwXrHQ6AcKOOdYhOdz + UYuhzA32yQFjmWG5Tf1PCIqg9BSIHMO6tQWB1M00+f5atEHSJ/rIE1cWOw9wfYyN + ZoRY1w3GNqP7wvMaRGiYTabAC9X0rhI6pC8sMuzm0ZK61LydSqOnalkApBozKE8w + F9OrA3TfluZed+Eylr4S/HG7PLyW9IAhAltXHkWGt6f901/Clfrspe5POsisorfK + SyhA805WAP/ysTJz2iZlRb0u9Sg/NCXpmcJBo4V7YTlVNrs6EOOeBzBmonX9+Ttq + EWp+HehyXnaLegneQ+leO8NmE0fcNw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUIxasLvcs+hz33OfXx53XRnhtiZkwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd + a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTMwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQDA22gtcU9J2FicNu1peiReJfIwoyJNDKd2nQhQPn9WrKtC + hsBYyCgcxswOTSMkEhI9W+j1xDda92PF0T5R2R9wrUf30HvqPYs7t60t3Q5iOE1X + Ljh48Cg7uYwEGzSJrraOd425te05kxV3jAM0r5ZgYptUNquXAqJ9zk4wBAWGrkdh + 2IFQuLYjiy7MyRWBC34z/ve9RCiu5mPe54/BUR/UmdFeGr3qr8sAhqoKtmAl/Ckb + rkHHydANHKGO3ouBVdBwejPP0/5jwHpeI7szNsiwSt6kQFhOI0vlDj/FgjSJggIb + 3qDW8TSeDioF6j8A9QBy+Nr3NbO7o7Ow9HZVuJP7AgMBAAGjgewwgekwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBR0tj5yaf/3TCOk+wovW+z8lNdD/zAfBgNVHSMEGDAW + gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTEz + gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1 + c3Rlci5sb2NhbIcEChcVDYcEChcWDYcEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAsJGpk/nu+RezwS8STPPpr5S/wV7ZoS/mAOfr6EeXXVv/eJS3YG625Yoa + 1I+0YfvqTdxMchXU3MqFFQo29kERxzin47AVajIotWuwcA1BbmpaeynjSXSi53y2 + MwoB55ASjPC2iNnF7GMu6KnCmXBL6Tt5OPIqni3o6GCFSKh3F/2A5IwP9HphIP9G + SpT9OUK3mxM8PDjk3sCz+4kdKUqs6pFJEtX+UIK4N7vvHrG72V2tau6QNf3asTWs + TxTiIXUVxkfExUoUleIdyeH8aMPWGuJULkzYZJqUfuw79NyxMO8l2eC3EzG2Thfu + fsTMq8JLnFRubGEsUhy4Ojh6nmVXJg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID0jCCArqgAwIBAgIUFkV3DH97357zQoDothgJQi+e7NswDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE4MDgyMDIzNDMwMFoXDTE5MDgyMDIzNDMwMFowKDEmMCQGA1UEAxMd + a3ViZXJuZXRlcy1ldGNkLWNhYjIzLXI3MjAtMTQwggEiMA0GCSqGSIb3DQEBAQUA + A4IBDwAwggEKAoIBAQCkPYNTUMCtArg8o5AfN+v7/zWz6qiyz/T4YUsPWe8INJm/ + KNDZhwCrVQBJq0KppMFucieaayHAkRLZZiHr3QCkxLYJBLerS9BxofReoPi/WSbz + +UBcVPCv8Q7yhwbPniWHx7ppTKT5POdiCrUT3FbHOj9YKOzgYh/fWV55SJwbTaxt + To0APDdbrPnpjhOHZZy+PD1+q8nm0J4EPdw9u+/iBbXgT/zYM48WuPuDF4XwHOdD + 0gqrEvGdwzQK2cqyqCQllhqp1DbPoTXQPTK0LEt6cuCD8Yg2tfIN0AWktRfpNlAy + YjuT6s6Psg4UKBo8NpL2sbtE+idPJLb9swge3eT7AgMBAAGjgewwgekwDgYDVR0P + AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB + Af8EAjAAMB0GA1UdDgQWBBRifGt/cuvvbbSOlGqchorLSuXa6TAfBgNVHSMEGDAW + gBSdJgLQ5mYvRq/p1Fohl7e3FFfHxzBqBgNVHREEYzBhgg1jYWIyMy1yNzIwLTE0 + gglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3RlbS5zdmMuY2x1 + c3Rlci5sb2NhbIcEChcVDocEChcWDocEfwAAAYcECmAAAjANBgkqhkiG9w0BAQsF + AAOCAQEAVP9tG37juV3OxHabhf76FLNYLLGdfGYMcatH1TC4JJcOtHI1eWTjbcJR + l0ZcdBh0lI2FSG+I4r+3ZaeK3ksL9mNacKyMWkIGXoIR1GHLX7SPw5Ec6Qxdm9mX + ofETmAfsMSEr7nxitpe+oypEydA/2wLEdWgRb9qnqCMDrn3LQtpfwQSN6gIAXx9U + JWOFBq1mL8xs2VFDT5oYAMvwNn0lLmgXiHJiBRiewXo5vNElcdJwzwXUggbjj8sV + ADOXjp8THs6SjnpppZdTm7mIY78qjs2wCSwcQZThHFIXS6j/d0Q1/mypisgQbKk4 + yP6ZKg6Y6SdQwkaAcQ6CBSKaW7HpXA== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID1jCCAr6gAwIBAgIUT/Loq+gpUbt92wzGhCJtR8Q84UwwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAnMSUwIwYD + VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TD + LyjizuRyzyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0 + VWHfa9fvag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+ + J4OuLLChEt7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDi + Xiw2tk61yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8f + irAtDlkP3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABo4HsMIHpMA4G + A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD + VR0TAQH/BAIwADAdBgNVHQ4EFgQUYpM2Om/nMa6zbXUt5YjMS+cgJD0wHwYDVR0j + BBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2FiMjMtcjcy + MC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0ZW0uc3Zj + LmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJKoZIhvcN + AQELBQADggEBALYrKeuZ9vdt04eAUaEIpC968n7jHWFwC/WhkIUwx7XfrrdT74PT + 7NtOWG9s18PkgDlq8x5d/y84Gr5AHtYODtjHgf26lVsCRjLH33HYvxZ0VrUWJGd4 + 5QXd+k3dMdTNb/z20LEC4AdiVmUbktRM6P9r+GjjhS/J9YhrZXWgb9ikm4wCdYdL + 4P/lLSMvQ+lk6hloeWzpXTN3OrhZOplz8bS5HrWg8JHkDNLqxGfXICiccfx+amAI + hM0mNm15P5nmTzzBbdf8tzAe9RSDfrDAV4fnphgjerd0kKb6SOBdnwTlhSH7YDMz + hx+NftSzDKiWmHLGbGgcZ16ijO3TgB2/vRo= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID3DCCAsSgAwIBAgIUXRYGpBn3//YVVVYqN5CQscCb68QwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD + VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMS1wZWVyMIIBIjANBgkq + hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5d + uX2fa5VM2nVn9xxt+0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXX + s0xhmkT9Cw41ca7kaK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/ + zHLUMeH2CS7jwxcDAQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5 + gLmtYKAn6KTrDb4tRVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS + 89/lCZM16e2A7e+usJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABo4Hs + MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH + AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjCXg652ObQBhsrx5nLKAkTYX1tAw + HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi + MjMtcjcyMC0xMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQuHBAoXFguHBH8AAAGHBApgAAIwDQYJ + KoZIhvcNAQELBQADggEBAL7bUjb6b4yaVUK4BJUlCR3Pv6FH5psY+6TSAWS47I2M + sKRL8cIxj/qXs4PiJATNrSj5SBYkeSicN9MsDZaXsdwMih41diqXvwY8aRHaWhSN + 2xbw1um5gZEm1pekGP17+d4n4U23yVjCV6mtNT09vms2peM2xoEbmsVdlCknQM8Q + biv4fPU2KnHk8nnOeLoLz5Z721GPeUg6v4kzyUaYK2x3Sc/JZ2s/7mkKPbvH07NO + URnzPuUEYTOgDwv8srq5f+82CKcUagyDwmpbKJOO0Nbhugf4t664lelimJQLSDiC + NnJA4olBVOBowiUi0Rw8ZRvj+/bmhyAmDC25/7zv2CQ= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-11-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID3DCCAsSgAwIBAgIUewWNoZQzHqX3tSmS7sRX3rMLvE8wDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD + VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMi1wZWVyMIIBIjANBgkq + hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5E + RkxbMkn99HLAuBFcy9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMh + DCMkjWPbr2Qt8R9SgZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRj + UT3EipdpFj8SzC5Le7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV + 6d+s6TEyASordstT4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42e + WA8ubiiFcTv6DD24JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABo4Hs + MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH + AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUJCjODJohoIyGHxgmhgl4Q6HtryYw + HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi + MjMtcjcyMC0xMoIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQyHBAoXFgyHBH8AAAGHBApgAAIwDQYJ + KoZIhvcNAQELBQADggEBAAYUf29T0fX8xaOEla+tu89ZOBHRn4yYwqsWBVBqGG1U + Td9uPq+x+74ip9ucudrY/WSJ1R3JyVSWMrc0N1VUkRL3Qb7kUp8+D4SqDSGYfGsk + tEGCpK30a505+p6dPL/pbGsfXVlpP7WgqGSPijv5cDWDbntVQsmoM0MpUY60Q4Nh + QCqJc1Mv1bvgB5BckQvSp8uGsAjphtCmlVfQjGFaooIdEKBTCZgZMYdP2IQm+N8u + x1MU6txZyeMNRHQEDiM3wauKvrxTxD9rLJewcc0py0+XbiFN9lCDDBAlkMnTAdvK + 1W/spAgk9oyZdo6izOxLu54NTPCQE4Fq+N++SuzxfiM= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-12-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID3DCCAsSgAwIBAgIUH/q9d5D6PAB9QaIusTP7feTD/7MwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD + VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xMy1wZWVyMIIBIjANBgkq + hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1z + LIjpz0UmJcNKXFjO/2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZi + ceF7GcEIcT16vbHv6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oP + e8RoKniMrQz7Z2OY0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4 + cGTdS4rKCgdqxPZsVwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6ud + s3V0o4bdE9SMSQoGBRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABo4Hs + MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH + AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEutILRDuPYazSOg+uvQVMReIT70w + HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi + MjMtcjcyMC0xM4IJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ2HBAoXFg2HBH8AAAGHBApgAAIwDQYJ + KoZIhvcNAQELBQADggEBABvLtpXC6C6wgRKo+YWTgPZPoFl8fMiYashWNA96OHW8 + gClbebr/agJvtjgrDwu6C/yV5J7fFb6bMTp7LMj5QJZ/w0HAH/VOo/mholjtoNf7 + /hWdAys+WuuGThDsZzWla4z7j9bv0v0ZHE+XiR3IMvvFBVz2jbO+7CF1+JYH/tg1 + ajtqCvZgw3N6su1/bRJo5MLIMV/Vq6g+7vrRgsYGF22NOCLCBv3dr0sdKh2sw0+v + YsPHghURkHFrdNBmLLpUDgnrCGWBwNI46p4AL29XZIidoDmoCTenBSMwP5NbUFnv + N/wJQ2YNjXqdAXDhCZ8Zcy7HnZ386DfKDC/t7DNJUJs= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-13-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID3DCCAsSgAwIBAgIULjF89Q2rvVOW91ztH8Aboa2fzmUwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAtMSswKQYD + VQQDEyJrdWJlcm5ldGVzLWV0Y2QtY2FiMjMtcjcyMC0xNC1wZWVyMIIBIjANBgkq + hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o3 + 15a63jSqpl/ZtpMQVamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3 + chY3KtJVnhLwZeT9IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DC + jTymd2kaupM7HT2cdBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBW + bsNE3Ffxf4xlGNDHte2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3 + zMET2NbBOgMpGR1coNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABo4Hs + MIHpMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH + AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU1JvmLtbKUMhnxloRT+emNFWuMFcw + HwYDVR0jBBgwFoAUErq/xFXAW/MSw/dGVVlIBnUsm58wagYDVR0RBGMwYYINY2Fi + MjMtcjcyMC0xNIIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFQ6HBAoXFg6HBH8AAAGHBApgAAIwDQYJ + KoZIhvcNAQELBQADggEBAGnznVgVw+q9BckCkuNmTBDa/xecQVpIwSqJd4XqUE5t + mNzQD8EUqlwUfS5/jlJWA9iKE5I9jU9qrzBaOhnx1AUOchdEm/fYsOnf0P9Ov2k5 + vNuRbaSbxZVYby1c8eKili0pbb7xMNsW5tVZ5Jmke6XeNWTNNehLd8u7PRE2PPaF + kEOLOO1KCqNFSznChQ90cxQHYNAa2T8QFAqoAJv9m1rUalUaAu+1lOWmCBoQ9xTB + MD/4GaSqIia7teWGnMCLm/G3RbRr9hBegAnzf3a5rUlIiU23uqr6SQunI3JgSww2 + 2yLXqQE1g5qgq6vb2uMfZt+CXry0sU3ai/pTp7tksKQ= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-14-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSTCCAjGgAwIBAgIUF4JBio3TfoajkfyZLtvnKS10Oi4wDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjARMQ8wDQYDVQQDEwZhbmNo + b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSlTthgprd1wekZkaD + XIrNge3wwRNFTbei85TcHLg3HlmCL4JvizZL7LmUEGzOgNieavEsK3SFXv/wC2qD + xxkIO3UpUYQAqQxOLztiNWzdsU2N6+I23YhOgKyelcB7lxWXs7VPMrP5ca26K4PB + 4+HlMlda/6fxxe69s86ZxTdrL4pnZdr04BTG/7+J0SZeyKk5MULJILaY4bHPwLxP + CUquaaNCSb1sN2OyALOo/7uikZd6Z49NkY28Bb2+lZxZ5tRWLmFysm21riJOkU3K + XozcfpXap4r3ZPuuNfWycOLWLX5U/kqguCGqlftrld0lxJ/w+sc1NwVeTYd0dK0b + 7kjTAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUbuvIOKn+nyosnOzZ + KA+PtBPtio4wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXswDQYJKoZI + hvcNAQELBQADggEBAEspxLuB2V5GbQyIy2JNbkvTCLpXjBiH1zO8g5WUcCsZ/BhU + KTBXnbivfRspFojR/z7lFsW7vnxUEjihU60B7azfVHwRl5k4dTMLwiAqETU+toGH + ss/h8xoN2E+VuxDBJXn9hsVqamPsdys4QQ3dMhOa2eS37NVphuHUgDJ1PMpsYevg + D/gVv2tmWyiUa75igmGQnTFv6Q0l9q8ccjDoAGvnMvIg+Oy6zzO+PGKuZ2Wnc20W + VH+LpJEFfC1+m1bB8mLx2SFPKM3SFeuN5NZH/ibw/jbzTXu9P2K0psDg7HrMEv5g + OfII0DI6yIDNHPMVpcPuvo49LttJYZBQnpd9Uqs= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUGIV+l61X/C4dmuy3OSuRtWMEkDcwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp + Y28tZXRjZC1jYWIyMy1yNzIwLTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9CrALCubl + UMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub12q3Xic5z + /Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDiowSiJ1FQT + 0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5ijb5xZpdR + Wjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrfVdlGJ2Qx + c3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF + oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd + BgNVHQ4EFgQU3Sr0OSP0HbhyZR9cIK+hiJDo+CUwHwYDVR0jBBgwFoAU8vuH+Tuf + 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMYIJbG9jYWxo + b3N0hwQKFxULhwQKFxYLhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAm + IxnWzM0ZaCjnfvP9tPISwltF2RNKBtrSA3SWKckS3Xt5SfhLabqwzc5xhpavBHCY + Sngar1L0ImAnSl8uQyo6pEZCk9y9Cx/aXI6H+T8nW6rDzCUIz72l2s5ggWpkXnRy + sxS5C43gyCPi6LD+BHaXS+fI9drI0avjJaP7GeM8vZ4UC1vM3y55vyWYiotI0m1U + EhX5/LNdDLctgGnYxl0ToGWYBFiwy4J542CUyF6ppF3anJRRTNyXfaAbKYEt1Gwo + okxxTHNvTbPFiSUESztKhhFVZc2HRwhTrOGM980N4th9SbNcJSmpdgNMD/dEA4CJ + gqaXdbwIVm/8DnV2w2Da + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUFb9OtcajcngNishv5LOV+QATwJswDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp + Y28tZXRjZC1jYWIyMy1yNzIwLTEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum/ne7a8qF + CThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWpukgTHgGy + PnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctPW4Hvviwq + II/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58vZLxNm3Y + ZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9J1vIeFvL + 2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF + oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd + BgNVHQ4EFgQU9EWom2dlaX7FPeivFbBUKAef0GkwHwYDVR0jBBgwFoAU8vuH+Tuf + 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xMoIJbG9jYWxo + b3N0hwQKFxUMhwQKFxYMhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAS + W5+GtNrnYWY+o/YFB9hN50wUQJSarBHXxcH++eKrLMgqCWYoPQXLHnDzFmgl4TcK + J/6AEjofznb9Dnjek06Lvk4NvkaVk/cjQmAhOrZ1DuEzzPl//kV/Fi1a6R8tureM + SFsPZF7nLOqNNQ2ppvzwnxxMY4JKokcv1Q4XlK3w3cC1xrfizOlgaUJoZjfKXoal + 1yXLhfFB8RfOtBzNiKpU27tT7/v8rYQtnsCwd+ilAdcQg+WV2xzrvy8ndVfclSnK + FVL75ztSraPeIFJEPmBEP42MhodHkkr6QIVN8LhsqLJLAzJ08Xmn7WUYqvxHzMox + GPqg3xx+jfE63J0cOg/M + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIUB3Gqls8WVWB8MTJQ7RV8De5J/sswDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp + Y28tZXRjZC1jYWIyMy1yNzIwLTEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U40OZNRDy + 6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGHnTGWId3w + ZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG2FZrv2MB + v+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqjcmwLakRE + 2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPkKHS62+rS + lA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF + oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd + BgNVHQ4EFgQUqkG3vzyHafavr43HYS2IuavXme0wHwYDVR0jBBgwFoAU8vuH+Tuf + 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xM4IJbG9jYWxo + b3N0hwQKFxUNhwQKFxYNhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQCS + /fjOtyHhUKjt/bM7rjJDEHRCZbBa6Crm9gc0xiCMSFdmcNaykmBQbjAiMKNiXBGT + y7TBmRrgTQPwuistOjmLdcZRDTNt6nq99HXsCtuEgj4yYRoV5CvSCbavnIsTWBw3 + nD8rnhAwJ36fkd5WmDScfGJCEFbRzZt3fU8Jh4QRfxPo8zdw0zRYk+DrudAl+8te + mUIXSXhLpb+rce3dSySj2pQnbVewpX2njiq4PC+kkWf7/lIacqfsoKPEkvfDvlWC + Ycamy+Fn4ShIqDVOZI9t4ZbXfY/FhWDUpsJFpQfqygdhxNTGeciqICwwJ20JQxhV + gB1V+8wQ7jrTcffaY3S3 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIULb78kNXKxBQESfNKmX5f1Dkn7IAwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAkMSIwIAYDVQQDExljYWxp + Y28tZXRjZC1jYWIyMy1yNzIwLTE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZhd0AnXF2J + WW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4YoeeV7SUxt8 + 9ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/CrhjwcccR7G + KQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ43rEQLHY + fq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEEtstsAAhS + H6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIF + oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd + BgNVHQ4EFgQU9T+pH6iYmK3RQ1XZCA6pQQzQoWwwHwYDVR0jBBgwFoAU8vuH+Tuf + 6GAkvNlrVY25DEuYOXswOwYDVR0RBDQwMoINY2FiMjMtcjcyMC0xNIIJbG9jYWxo + b3N0hwQKFxUOhwQKFxYOhwR/AAABhwQKYOiIMA0GCSqGSIb3DQEBCwUAA4IBAQAF + 9dw0unYs+fXtnfMnoxDbHQOM9/PvryNQGbNYBj+lUkR4VmG6E5hO2PdnxW6g4SG3 + pT5ZGCzpsJYGEdWuGGy8J5OHUehDYqIE7o60pXU8Nq4BdYRvwJhzV09sF5/3TrI7 + gDpKYbkRHoJLSUFTkbn9MsvHEioYDf1Vg9553ViOFWOcZSZUxqTJKCpTbRWJlUf+ + +HoSfMfFN1vcFnNMHGelAdDJ7S754omqyjb9iMiwX+A7wXEfEeoBGsL5yx8ZggjU + ZQh0LD7xsJzK7AXA2eek3IstvQUq2x0S7+XhRBv5UyST491iry7cblvRbz/vR+5N + MHGzukAVu/e2/W+FKXfw + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTzCCAjegAwIBAgIUMhGorPD2GdueaYnEJTPT+UjVG7AwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTgwODIwMjM0MzAwWhcNMTkwODIwMjM0MzAwWjAXMRUwEwYDVQQDEwxjYWxj + aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUFwU/K/O0 + X+4T9/R9tyol3mgT0Ovh909wyqP36L0ZHaVzOhTjYL3i4o6nJvJb6+jJdgjh50Fb + IxXnDWdZGdtZ20OJzvgjAIvpiEy8M9+QSxjAvkX0CkIJgwyZppjJlgHLpbnha1mW + V7tApu/rNDWtH3Bp13zorgBniMOxhh1gdjTUh1OEcK3BsH0KJvb/FoH/DxHX+gZE + ywBAojAh1k24Ii8ADPvc/6X10HtHYqP+svbu22bssK9CNMTRJV9kKg/K75XrMKh8 + +/3QcKXN6CO+sRLcAgRRE7FmHBxq2pp68aGHIiqYLp0FOPC39PXVrmIgdvkYuSej + ne+1F+zvkSmpAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU7wdpGoJq + uWefd5h5DGld/AeElB8wHwYDVR0jBBgwFoAU8vuH+Tuf6GAkvNlrVY25DEuYOXsw + DQYJKoZIhvcNAQELBQADggEBABLzGwaacGbF1EioZFTemH572oRQCDFVfxcvUsAQ + hH4wVS4LBWq/DRBEHRy0eahIvXcflDO7JXaVryISi4kBCErA5ckLc6lonrX4gG4N + 5z8NhwunpA3i6+kUY1GmuQM3Qqamye5c6VjiKN06GAAHjThcqk+18xTzeCP760o5 + 3FSfPJFudUmVNAe5sX8wml1vb5IkYSySUhQNrrzSStGxVkGVGag0ClzQX4AozLfS + v7NahVJ6cofbWP/UjXsp9LX86doCCLL4r45rTCUDoGJ3PcrCsFLkg1SoJclCZ4hO + eVITmfRdeHsRYfZwEoIEzi5bgpNLORkBsHA1gF1yHiSboJA= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDpTCCAo2gAwIBAgIUbfCuuzB4Pe1LTQ3Pskfs9Y8o8+QwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT + HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTEtcGVlcjCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBALq3J5Ng7EC0667Ta3R7DbDAfweUy1Pt+UD8pJy8qpfY + mTR7LvfBMPKyQOsGKp6tcmUeqRsL3pcX5EXFjK8PaxMmoWEFNrL9jWMYXa0BZV2t + RWauAyjFXH17wDGT1Yqqz4efdiyEoHpqdeGx29HmRdUQRsY2b5DWnFJpZKZ4WVnN + GhWp+DgOo38YrNqg4ksqOY4JNmEq0AH0sjYKQKeeDop69JiLbFkeJVcXrugsbWT9 + qElJKs/fSqXV/VVWBK+OIptEpduW39bBmpgnyRJLKeHN07Juzs9Kg3pq5VDVjya4 + +CvKmyfZnl8FfHM/7U47aXbxXu6Fcb/UF4t/zJD5GaMCAwEAAaOBvTCBujAOBgNV + HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud + EwEB/wQCMAAwHQYDVR0OBBYEFBV4PR9yIeXI73RNuQFPFtkFDwXNMB8GA1UdIwQY + MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt + MTGCCWxvY2FsaG9zdIcEChcVC4cEChcWC4cEfwAAAYcECmDoiDANBgkqhkiG9w0B + AQsFAAOCAQEAbulfprS3spW8OdeIjYTMV6+Hgop7xW2ZFHjjXkMoUAK/1mOhcbmS + vVUasb+v7Juj75kiCLPAZgdo2aIdg3FQRhpHyPp4ki99m6fIqoWPpSAzsKEFtxO6 + zFsgpnoUQRzUsWb8FPBwWznms7gfm/04Mv+8mcpZw0eDR3aJrYqoDlDSlrL1kKg3 + VGgrkobxxufBLT1PCR+ZsmbrzAtJl+3XgRNESiS7/XhIT4jeZezlOHKGxGbxSNxw + OL9XtWmrg1lpw7TfzODUZm45pjr+UZTKREIN4Ogw6DLNQz0p4M6OYOQFJAd7cc3R + 1d830c3UQu+7YyYfcfehmE9rpgHix52hcQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-11-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDpTCCAo2gAwIBAgIUGpWyiTwfzPI0ek24/GJQPcnaGBowDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT + HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTItcGVlcjCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBAMO5C7zxX11lixThzBLqK3gtMiHMIDEB/I36qqQ6jFtW + phAUAOQzBLZf1W7679/xAT0auJ00nkF2VIjoBfQafvKksQJ9Y/2Xw0H+/nbQ6+g3 + 9FTA5cG3mW7VKGR4ITHHFBWXmQGecL80+4rMxTYsplgXR54S2G104oJwHmXhdCsM + Yn+VMm24zxXLjNZO5Py+uHzMW7sVfGZoK8klllS0IGp03jS4KLo3sx5IF64O2GH9 + OG8e45KOQe6Z14YTBFisjTswSlNcyenlQX71mXL+dITX9ZQtnuYzaPNaT9ze/hPC + cufofK0fmCVX8btZuSinyZZegCiA+oOUrMouqfUPSsUCAwEAAaOBvTCBujAOBgNV + HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud + EwEB/wQCMAAwHQYDVR0OBBYEFPiJ7mhmVtYse4a1RNPKfKzbOTC2MB8GA1UdIwQY + MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt + MTKCCWxvY2FsaG9zdIcEChcVDIcEChcWDIcEfwAAAYcECmDoiDANBgkqhkiG9w0B + AQsFAAOCAQEAQPYErYGdJH30Ls4SEL6V3hnxKk09izMzBL1VmKtiWo2gnizPUzSi + ex+4VsSoHW1xOgU6I7Pshp6uIJSGh2dYpAinYkdmxcEREjDxGe3TOCnhRDltqD13 + LwESCNymvXNLgxJp0+dkrx6r97rTaaeS79fJpjr/ROXOnhp8pFVu5NJ4bCAPmIJh + RB7ZLqNexNSwwwRaJcnOYKWpq+nZcR6RRQdcFcAs+Jxmy/2fm+wwuen0iIccIuHC + EslQ8dUcaTdwRMubVcCc5OlEXcdkXP9k0jjITd/B6SCISvcT9SZmHouX3pKtjKBW + s1kP9qWNQ+EUpRVr3FojxAsPiDj4RxPb0w== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-12-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDpTCCAo2gAwIBAgIUd+FMs/P3piVhkMLoxxDYI7zB+ukwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT + HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTMtcGVlcjCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBAJzH9c5wHgQgzcUaYjAPEyTTRhf/jH0feZNdz3MY5xw6 + ylyLBthr7qfjEkIywgUjUUj5LA8gKFpqeqU4ejee7a/KopmqiMrf9DnjlU9sf6t6 + Ci5CgURnDbUdqm2ePbfGRUvvUD5g0CzJe849jeZIXXMjIpjT1XnStr2ufLGWr9Dh + 8oNlz887DNhuRiDsd6AaIv5zv6Gy3GlARzfJWXhTKZ0sfpEq8IyvQbAZ7KXubKUm + cns30UQ1gmzXJsavV/YqrIBBRSYxqDDMlmELDmrOg3Q9bQL1f3eYSFkkCE2ubuxO + cIrmLpGMO1YiwexUFjBQ/30+VA0JK0ypjIdbG1qXuu0CAwEAAaOBvTCBujAOBgNV + HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud + EwEB/wQCMAAwHQYDVR0OBBYEFCAuHTuZgMXSFEmPOTyCp76Hu6MaMB8GA1UdIwQY + MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt + MTOCCWxvY2FsaG9zdIcEChcVDYcEChcWDYcEfwAAAYcECmDoiDANBgkqhkiG9w0B + AQsFAAOCAQEAkxVOj5i21py4hoiCMbFJy+wZr2iMTHjwdeM55e49f/xDN/GSMU1C + d40kfAj3BG/WQD1S3wKI1z0WvPsxQnTns8KHKrStni+vy9M79yWcvgr62ae6GhfH + E/DgBxOFm+uGt5iPB3O4GcDncsry6AP1Awbi/XsAOHNkv2c3sl6uOH9B3U5wo8rb + 6iEg+thkIrKTNxd1ErT0KSFkAr1+oYhw41LPSjEGykI6NmPLpszgyALOZAIG8/MH + 4m5WlTdGszEvLGHyTR9UGIpXG3o7eu8+nN9Edzt4CugREmaStz8dNhvkmZBC4ROY + AIxRnNa+cTbN2Qlz+y9ah9/f8VqvuNiMEg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-13-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDpTCCAo2gAwIBAgIUQyouqBJjNbpLH4WSz+SG2Iel350wDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMCkxJzAlBgNVBAMT + HmNhbGljby1ldGNkLWNhYjIzLXI3MjAtMTQtcGVlcjCCASIwDQYJKoZIhvcNAQEB + BQADggEPADCCAQoCggEBANKWus3FABiJCZNbXZ/zoxYwoSCqeYZ4K1XSbp4N10JY + yv4yweyI+sGh0M0fvX3YUjgXqDtFoIJteCe+nLnErhwuhX3yY+Yeci/ZUrn+F0NP + 5KJ0XlehTl7S8uiIl7nhfwYuvUgW1CFjeMBqI+I6ovj9zI9D5zk6tf/rQf6ZIfB5 + Bb7fmZXmWX4nx86UevofGGTKIGajITRMOugM3aRL038tAd7oHH5FNa8UOMhUB+lF + 0YYx6OOXNRriHIANYYYPnUtCcPXmsCUvDnLTN0Ka7iqETbga+9WurXxDEdSr83lu + htRWvgHCHRk1uUmxOWJGY+ASxqtqkWBZBHkNMHOHUskCAwEAAaOBvTCBujAOBgNV + HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud + EwEB/wQCMAAwHQYDVR0OBBYEFGxndUTeXVH/wHeR2LW0SXIcHCIfMB8GA1UdIwQY + MBaAFEt8pjwm7JWWYSbhrpUHrlfTHlphMDsGA1UdEQQ0MDKCDWNhYjIzLXI3MjAt + MTSCCWxvY2FsaG9zdIcEChcVDocEChcWDocEfwAAAYcECmDoiDANBgkqhkiG9w0B + AQsFAAOCAQEAkXpwJIbr27QBTsPMcuGNRFFjejJmefxO6TP93PV/UusnXAlFMZVZ + lOPj6C6fzY4yLVB7i7ctJjYhGp6UUYULzmCeAjZsSRId3HSyOgUDol1BeblCL5OG + u0Th/SX5LELJK8N7L3DGVIYHuJBwkPVSAg4CNjT9kuhhnu1ld1fkgCb3suLg9m/f + Pc5u99E2LzfuVgJZB4whJWja7aJ1VgEk/bzsCIK1shxGBBPv21NQFKPdg0RGp4if + hRZo+BWonZhRLgfr76Mo+tqXUdeYmIjqa4gH2e2wpSJtUc6CnrJLqHVRg+18WGz7 + KqW2r2YUTk2R+4AdJP2m/mUGFMTrduRERQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-14-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDWTCCAkGgAwIBAgIUT1UJXPl56W5pfCKaC7hPjRXbkPowDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xODA4MjAyMzQzMDBaFw0xOTA4MjAyMzQzMDBaMBwxGjAYBgNVBAMT + EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGytoPe9i3QSImqbF + rmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4VnuCl4w38XhH + wkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeagw2wREaRd1wdE + MweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+26mgdoqGQ1jZ + TYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8iifEKt100wOQH1 + 5hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD + VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O + BBYEFABa6Hqh29OxXGpp19Od2TiSyGrIMB8GA1UdIwQYMBaAFEt8pjwm7JWWYSbh + rpUHrlfTHlphMA0GCSqGSIb3DQEBCwUAA4IBAQCD4xsFhmigJ6KkkJ/ANREHFOcC + k0WusFQylK9c3/HWVhkVMW/UlvUBi1ZyJD8bk6H6qfBvi7ACuUWZHTrAWo89cv0t + z7VA39mD+yY048Yv5c80cnCogxhQtM4MXiggMAbrTgTzHExxRRDS2Mai4Uz7V2Jb + calUCe/YEeDDZUJu1Z16qSQ5lqXmVomkhMnqI0yTNoYbYkfI9c/gOqz5HLPOti5O + Cj3AKM/VqoLWHCSdck2CLqPT4ayDRQEuaYWLznOyRWmcJy72a4WZOHeyFI5O5t9h + lT8EGbgF7FS5++Te5Qpalti99sPkBfiwZB0FE/NCH+pWg16186czTuRwbZEF + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA73TXkNg4A/nHn0TsmUsWmvpE0jxUZFc+RMCio5h526Vhb4Qu + kO6TIqVZ49wfPEuv8GVdZtJV+WkaUmgFD2G8wiZGKIWs0CaEbSp9u8ycmW2W1tdJ + NDbKra4syqyAAWpphWxZz4GpVgPsO68BNeHb1ObV9aywwq0tPbKO3Lyhlv3kNB/c + 3m0vSTSqpAzonvK6m27t/wUH7aJTuZaeGRE56MPsRFK9a4ftnZqdyisUdSQJa49V + z/L8tG2SHqV2shecEnGddq+1Gr6xoLe0r4qAdAI8anRN3zPDJCZjfV0nm2xlzjth + PidS5TU5CI3Q7at7X12KlFIwdr1V8zp4XzkTLQIDAQABAoIBABgI0EI3kZfEkGbK + Ej1orgIsMJAxgf74SsW32Bs3iLOlK9x3lfzyFU6a7iTSyUfSCPzGD9PsNLjt9bhj + vG5IzxtloBEdKbVSyGP0qd4ZsXYs68DwpuZYwYshOlm1aru5pJHByFntl8OMbT+o + VyTDYL9D1CHujWdc3nec3n4FaOqwq2uqy1rXF3EtvJE3GmJ0wu/82WVn/tvu/dc9 + Kv4XBgmhG0LWTyyqKKUDb7/cE7+qomLQeEIHgLn7E/43qxYhiM1kT7C50sX4wXy/ + T1tPm8r0EzPR1rWK4EH/g0A1k0AKxagkCA4BdwLBrMbx1rSITi4xwUIFhhv2dpg4 + +fIdjgECgYEA+5Hx6voY/DsgVkYPcmMs8lPsTih6ZTaj7ei10aBheh8Yc6o5nd+Y + 7dnYEnwqQs+8S5inAQ6UjghSS5VHIzRYD7QrHQD39W4bPPGViMa5qwDZ25HWl/Ap + u+tkEKZvWOtWLsQGkn6FQh5ScwSdxU8K0VyRqcXF9e8+0FUq2Hgtm0ECgYEA86xK + KMerDXM4JMXVyA4xw2ylXOPMFa4gV7gCah3aKhXTcZlWJUS9hdRCAi+7Z7jtTf8B + vdA+pWkZGN/vNF1sJoYVbGpzWd+3ewITJTECXzI/kS+YZbWw1jq2wWBakG8/ymya + JDXOPIL8oggJ+mdTRKZolO0bSN71brUKA5EiWO0CgYAxT4Qp2Of42OYXwxfYBhST + U1voXgrPuAwd4BVzh4pT07CJS36LsX5acO7ngKsP+YQhFUT28hKwXHU1F4egIOx5 + 94jT4JK56uEv6vKyorFWEY6ieU2k7pBfo14z3UvKFCcKd6YKJP6d3S+wF+GNAVdP + fmOW8YtCD6kyUN9bGwNlgQKBgQDhTy+LIYSCfUUui1cvEiDlaDJG/8MXUNhLA7QH + 1u6A94l5gqTq9PKhKjCWwPfx4kZaVi6QClvCqrkwDO+rZa64uEZa5tseAQQw0yxM + uVJOH7IzVuT9NtD6ZXPSvns/Df7X9y9XyACYZy2dzP0c8ilGUvBktBEEglRCN1e5 + EJvHyQKBgAh6ITrOmsOmLYgdGrvEq6IAojdJ0ab6Fv76r8PoW8H2aSy/7u1XD2Iv + IViMkTwg2czlfMQ8nFIkzn5dZQwCPm0luCzX4C/bFv4MBGg2gW4sCKpXB1YmlSXm + XtlpL4MQsa7EbrBQvP6KI++j992WuM1Fb/LlyeSHNqqTy89Syfz8 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAuvQWWgNqV6uCMfn5SfkdGq48NlB35AeKKVnHj+Gz1xeoH0W2 + acwDHvIV7QnB4RkvRp6fsz6it6f/PhcnP8ezXXuyT+bFCCUm6e4CldVnMO0JtHaO + j+j70qtGPDsbncyeNq9PYuJ/kL9b2xAuoe3xs3/KcRZKRGQuI3+a7L+SZaDrO2x1 + a3kCkOAjQEXvKySwzOUAHtSiaXh+Wx4AhcW/NjtmQfq8RLvCVAnfKG6DOiU22KdR + ZQ1NP5N3aw4if7Y/JUt/ekjceM6vOvj/4HTJhInKYQLzt1N+0KBOwAWGpiLiMBg+ + GAA1hGXRTduerks0uGCcq1VP3ayxhANHZVdGKQIDAQABAoIBAGtTKu273jW8MP7t + yW3tBAdIFSr9IQaYSXmZn9X6tVp6qzpgs+qigvwl7+5nVpUZ9yjscTPedl1GpWII + urCDvXWiSGhUS7J0WZWb3IIVw6qzuYmPMiJtlvuG9cgoCp+ZUw6Dr+hNrPv0zw/A + h3TQe5wXdalcKYB/nnkkjVTyWWHbdxqITEPkKmXAyAe142CFfk+raKUfoRzRv3Vs + 1kjpKoRL7wRjovdiipVDSCkPovZKUxwvQCz8ld2IZMPkJzmXcAT4G3GtVa8EZDM1 + L+3cMYVyNO6IMcx6I+HCK/ny20aytEJ483AvW2OSqleinM8wnFzVXhKfbc4S2GzA + Nf5xzx0CgYEA0MvgGp05jKpTDVH+o+6hGqRse23eGvui3B1K+4mitRzuFzcPsKD8 + 9Pb6tcmL14VUNBIBdyhM5ti7STXkfggsutgvqM7xS/dZaAVdvw9oiSrUWKSNC7JG + qB/Tz+aMkQbg34EiM9R4uezTOH6nSNmsa5xoHe/zw2mihHrS2LfbLkMCgYEA5TgM + nHrdTkzCDVxaXaqkrV+YPq87muuiXi7oOwiXsnSnc1ywOC5Fh0zrlCtbhAtU8AiI + K2JlFHFLTtwbn+xiPOn9KyWR78AlZMUs8mxiLJDaYey1l8BFr8ABk/nnNXMt7l8K + 5yANgQ5zd7RF6+bcH36G1fo1gE3ZbRoBVZlkkSMCgYEAxr0H9s0odge5PbiKFCeT + GPTgfSu6eRyDi9gmAv6i7Jk41sgGGy1hGRns0ROiE+ZIm7d3xZ+Kc0BgI/M0JfJK + AR69XoR7kL9DToutC6ry6Xzm2ejmh/eM4YJJ7l2X9oMBkDwt/f+DWhVdhyymteTb + BSK+x6AZ+iqWEluGTdnSulkCgYBqe6A4LUeTsUrQhB+itbwsomUKccNB08co86eE + jRhTmaeUivF+F9jK4uvpeD7aV51MqNoBNYN5fKwcZVob7+cvHxAyNBDYjK2SY5re + v4TX6S7aIOm3JmX5IDxbbtN+3BPxUYuyFQzQ8FKpwEBfN2743oFq9AJYqVGhQlxu + VIUIewKBgQDPkVEdOw18HfwSM0BPZJYsSPn61ijoFGJruO2xHtDSTtrYezrvA386 + hAy9ezPVj6NiT9agbHdnNVlKflW4B7GbT6wgYp4Mi81j4WWmQvXuruU07IMExlYc + QnCkn4BoQUst+rBSR+xX+DJiVJW7CVPEto3YnHeX1EBapsPswyuQtQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAu9dXP+k6eAfX/wj7EzOUCCPrmMfW/t1db5MnHtHu8wDbqWVx + I6i4H3V1S4E3g1P05likijkhskXNyPJu3svDyJqj7f2Xyt/nmVWJafUoPs464grE + KjhCo1hYrT9vViAPpEvNyhYMqIi3ulBjClfFWD+A/rUGeKDbnEXQJ2emvwgCYtiY + D9QLYm9GFj4aHfrTQ8sXH3/Fkh0BqyzdH9YUVvPuwtn8SNt7O2Da0anR0O9IL3qk + 789XEKJi09If+19bLl2wP6d+UX7y4Ld0Yd4ukBc72ZdwRypgcQZSd8ndOKxCLWyi + lR+tTJSTpr+T2zvPAbMjZqvvrdCk8xNUhAEFOQIDAQABAoIBAGZMxOu9rWYpf20a + CwNOF9THG0w9qc1r6bMWRTv3wVb+pKMA6DkvbfdUFOlmGkGfu8SnihTtQHjCo2xI + /DDCcIIUFitK7RxEDPHpL8lRBvYNguwQSP1lXoVvW/wejBgvpdUoo47nq0UuEEGb + /hRn8MY675nIJRoVIQVe0BplzN5EIteAGElvn2es0vmt1keFIgc9Fzd4hh9ZsaEv + as6FRM8jPn7EncrwbuiNfWVX8Nt/PRFWQSrAiH0ilnj+vCkN7k8wkv1QXScDMh2f + wGCgjgXQ13OrSfBEcgoMYgPYh+D5+O8YpRsR1LeFv3LNKmpHGqW4Tug7QzDE/o8v + VyZfwDECgYEA7N3b6UVNnHPm2E618EK9ON9BFFYTZTzMKsRi22BL1JRaboMsHLEk + iRNg19PmfdjzeofJQJRgKLRvjcnvjgstzHadDNI0wLkYfixZTaMavAKpdxzAi6BU + ca70zHPwF0YWg0M5e+u33yUUnk5dEgUChPaLPZctMOvilwAHGdCgKvsCgYEAywOw + dIolSIVh/nkshzt4hWOZQZ0ZbCAu8xyalR1E977emm2eO79vJol08BB1kAVLh02j + 48pdr4nv2BUuIYhg5oA3g4LE+hP+aw8SZUlUOfV+xcROzjDRJ1ER+2mYcsPHR46j + ldZQFIyzPA/aMVZBhD/d341gxLI03bETeJno2lsCgYBtwAaLOV9SpKlLhHzsjB/c + 4CTpZVCrUdZP4prjhuTb5LlaB1FDIhkJon72wepEWWfHWG85iwZbFe+yROTIbgmU + eUkfja5/tcPRgn8GaBKVFq6q0BmvGGTIIAaxTO7r+b+opldWQcv6itXY2/pnxQZ7 + 0TiHGysHReTBjnO71FzCTQKBgQCWy96+Mf8Pp0Pq6ccRjDMxoZGtEyxXDHDTVGPe + bydTfwuKWfI3HzNIxMF/sDojCEvZ7OnXwfFk+miVcOYbMloH3SVfIjt+JmvMyh03 + 7wgJJTlNXUvMDKbPNYDN5tm+JX5YwLLyEYbaPMjFzGCeVRvFSEteSn2enWB3a5iy + 9F/qEQKBgEEh+k7wtEDVPeEo3syrq8tjavexVOsmz1zgLhUDIkNfSNWu4ZLXTLHC + slASf16VCVhPhZZHTzro2lIdyR+NIIaoq4aVggSYryIGLZJ9G4JomAn+54xErDUf + 1CfiuMFlITDCky8uL6MwdhVkU0ecJ5D94eIRaJnESWLz7BqdgPAE + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAzFx6tEfd6wm8IJJhov7U8u2bkEvzfYX1GcCA/qNrYp+WqIoB + CQZuyvVbGcYB4OrYXFjrK8BzNiYvVQgn5UnS5C04hSkat2/cgnDHk17iFlygPYLb + U2cVR1sn5PQVD+yyKlOdlUgUcqv/hDRVIOtMnFxZDs0t78njkf4I2BAfh5FvZ+hw + 1fuiBrTL49oAkRtmf8B1NeZT0r+7lc0usW6cRnLHVUdk46UxqHWZqK9vzsxcboNw + EWnNKVl8b32HAwaR03rWFWxARwYTT/ktM5VyeNMGfWfP7Qv5gy5tThGwsoyXFAIJ + JZlpJ/IK1SdkXAJa13KeVOxylyNWnT0P2xkCAwIDAQABAoIBAHNptxKhk77tnIV4 + phN7f6BCeJyhiD3XrXiBs1gbysXEAz3j0nnaXC/bKTwBC4aOmupsfUQUR/zIy+pl + 1MI1UxjyQP1THXeDgTFZqByedWjTntueT2dmzCmkXX98KXj44BXvawunzYSFhqSP + OZSBzp5vuQwW7F6D0jXdFfmQAX55reooHC+xpytDLkjjsXv98ST3Mxp37CR9JY8A + 6s5y4GdBHjR0bO/AbEvJ0S/ZLfd6PvWux0Qq6+mjcs9sGCPOg4Fg1C+DGhlnNaJS + oFj9W5MV+c42TH/UIKrxOkDv9J5q1VlxNm9PblNKaRmcPJ6Set65UhGVMHEmeUGB + yeUXzkECgYEA44m4LSKxerHnCWPTtEdOiupIdMaTcaV0Guh5c++pSJzAXYPVjOnA + oYgVlFHo/SUfqErPsBuRuZhgoi+IJpvhGNWBCO0HyxxbF7vAoRP5FEewb4trr050 + QrsVwTdEF+UvAuQtVybkvXSxnJ094jQ2aPgRPpPry+W60Llj+sd5FCsCgYEA5eyW + wN2pjmk7slCI7HsNCWE7TOv4EDYjzRTBeIb3qRU6FK1EIO6YbISY0FiAd1yQ6NE+ + TFIgAmGjhnudkMPW0imhrBDohwIZdmiWtNLoK7mMhO7UhIJeRkSAHBi5ePEBCQyQ + 1Gig7tsrbcaNaw/fBl2C9LgSQsW5IIwKXGGpJYkCgYAeK7rCMWF7NW+/LP97XiEq + BlrJMTOH1DqK/txr5RF7UV2oiLyeTLiAMr05x4qvVmbWN+VGIsG17GCT4N2a0PyO + AHF1r4hjBEWH5htqwG08pSzd/Yyv2CVOW+RMlHlw+bC8H2lrrvqRrJGIhMkZ33Z/ + gLU4qQCRLssQtiRtsll5tQKBgQDMqvffIvHmBSLQrgPUjgyixtyksoCU3byst8co + 5OvcpTqYYUv+DKW+I6JsA/wHRGzx8iEEiy5XMFcCRVOTI+E8Hzb9FegHFgVYc+2D + dSKamYbOZlLiybHl1uA7In8ne1Eynu7lRWXMeWiFRXNpVC1xWxhRgvEuYxdSM5ad + eYm6EQKBgGNUKKRlnR3wtbtVyrYhQHsgthXK1kH59B2IoMhbdd8RT0Oqv33Ykfom + vim0bsHLoxaTJVN0V8vj7OLv2FD7MoUfTb5R58fnRq8spPyAnHcFTvnqwE44UKRu + 4FYt3jp6TqdORkb6E/IITG7Yp6xyck4gkrWgW9jQK5Ibheg235nP + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAxLFuHbk7jwcIfi5S5OTiilwJHeKWuAGGcv2o4GKhA9tK2698 + ZXnHR/ObTpyxrOX7quGXtfsNF31nYKP9t7cytzOgTsEKbOH7V+fV6Qhr+qGDFq+f + cp42HNYpGli6nE+3bkCYYl7yqVx6NQ7LlVlKvaAK0YfQ/EMMLRR89yCdxAxTYUni + sRSJltwHpBpP8EZ3L/wOVSArm5iStKp6yJSMCCuuBksr6jjGr8Snv79Edg+u+p9F + D1B3wCCorcx+Is/t3IbM17d/nJjqw/hij9Fbs614oLVLWNSwvvn7atke4QbA/ME+ + YP2liD5pmdm+cCxgIzPOniLjtP5cAyX3D35qTwIDAQABAoIBAHiMXfatngkMwHHF + JlzOwuEVgyjjxIfFt4cmW6gaCqD4d6qopM70keRRMzA87NAQq+uRE5Ae62koHIGo + QEmmZ9jMNUXPHfqZjZfUqM+Hr9YNwu/WdxyiRnvp7YsOMmC2oq9Zu4sesg6GdQer + p65C6YHKYpcEbFsPJJlEY0p6nPaXm1f1IdWuoIwqPr+X34iU4uO3HB8vi38+EPjo + 1A+FwgrVvqLglCOIApMijLcTSxKrLKZHXv/rM2a16oVnCuTAru86lft0LAr9afkP + yAhXQjCTth/UxpG7sP+69+q6K5RcnB8FVitk4eH96n9nbepJUtBKKm6F6m5SJjJ3 + XAk54dECgYEAzw0a8mTjFlJAQPjAjOk94kLIYhqno5cS/tx48JZvBCYNyWceEdvO + 5r1Jk1rQP3USwfnOg7yQkduGavNS+xlBZHszqLdS0qNNthf9eymD5lKOPvnSa714 + MP8NZmTWm3RN13ejXACOLD8iwsNyRBB6rSeY0jeCQkhV1NnRNLdDkA0CgYEA8zFx + ySip/4TwJK4jZqi6UWN7cKJChHtQliH83NVFu5Tr9Aqz9amiUXpyaZ+vXA3V4sIM + cRJwb9r7mHq3aO69VU8PrP3sk2IKR1Sc8CSyoPz+f7nCShFB8TCYkXgOvGNaG+LZ + gFJER0kvjz85XQTgO1dNQySVIGjX3g30AWab8MsCgYBUq1dJqFf02M3Nw+t5tCfK + TuUCuUO0ciMidaY/PEVJvQYGRlTVmL2TPfTIfWqLiKSTDkSVOpckDlF5iud0J2/G + V1tYsx77ZCxzOnw90UxO85OXzTFvPZvY7XPdW38nMvhiFFqJVPDOx0K/wo0HqHWC + OZ8U1/48fLgcwrX6iLboQQKBgFgt3nc08mb++eAi8B0iIuSt8K1HeFz3JaI6Uqh0 + AGPivKdxVg1GY9+tSVz5FKmJLruY5s/9Ap3cRgvkuyomHqqXDzUHoUdTbiytBnag + p9Bty43eeg9HMKTWnQtp/9XZJGwmFf1MVwuOAtuq7g7HXNLHdfFZi2UD/vm6D3aO + kQ5/AoGATAcH1KOpUVPTcDU2NFcDAY4iQp/bb7UqEiL5jQNXRAzX/cBINQ+CE9MX + /tnj0oR1u+njTZPXe+FYgkjRQOeossC2nY8p6zPvccCyZp8g9HM2tK4UdlF0spbw + SNcmdx781iNauZdUwWUFPk+ieTiqzvQhDjwbvabImKhDPd4DrrM= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAvU7PJjD5H2MY43qepZ9OxDY/2IlDUTeaKQAFEZKe0Gz6NK00 + P2hD8qZohaswKWX876ISqxcjE7X9vecMWwlsdHq2D+AJExLDLyKgQY+vlC/GVdnd + oHDYFZj2svPmGTef2yFxhREvss6+v1wLEMJmQ7lbX9cWngCbe1IxWQKXPRPOEz0h + f8VoksOSGt1oFKw3UN0J8zeKB451tAPnAjGnM2Pq8gWW54HrRH9tmJZnrYgWihKY + +oG1nAbDp3bUXvdacgQmf2n2sQ3UcXya2oLXqLNynSJXroPbNFxdw3M+ynUHuGnX + utKtz+Fu6Vxffb4WB4kCccek3INuEINZBdV6dwIDAQABAoIBAQCcRvDvIEKoTJCB + Sfqp00ec5wPx5+6wn2weKKwGg7mjajNrRQj6x0JAkGt83YNWyaDy2iL7JpCIdxbP + rGsgxDjKN3sQw+v52OVUhgsx1EIn3QCoYsB48G8R9ULDHGF5s9e9eHBUX4m23MHP + C1b/MNxnUB9EkTVUnj+8oG+ogWEEw2WRVyQl1sUoYgQ0z5lgBGHVoY/iHLUHIyG8 + NJ1scRAKULxPYWxGp8kqWKDaHirvTZaqYNsNkujjdQx58wf5uQflmi2AtyP/LV/U + aqHntVhynIDpRQq/fSUNwLFXUdVUN7VlO5zotMYE2qmcN1/t571kZf7iv+aptWlm + anOtamqBAoGBAMfVSzB5wa6lhZUBCyt9iKfwXTSXBH5BRLw0yAtvJlbzfI0GRYCv + rhiGdH5m5WePVyzzxefDq0e/qwQ/wA/ZOFZUz7toM9oEcICyRrbWLFx1fr2Q86Az + lCj2DpOu2CpIi43Nuo8mqbR9LAZ1DuMtveiY2p7lQ2l97nrFUbMVeYuhAoGBAPKE + LjyOrwDcRx5GvvLv3IINWHK90E6KgXEyvOLif5JT1Jj7kyLjtIS5SJMZqJKnqCxG + /MPr9jSro9nocLMRZ8EDnWSTUtI7Z4f/GN1CIRY7pwLKzHS9iD88xZ8w/bTswE+2 + zOnT3txp3ONTWu7EzVU1DP2OW7O6vPKh0KVTC48XAoGBALG7mmleEY609y+EwxuG + RnIfzbZFjyCACpNeWoIY9L+nRiLj7hM7rZtwktIN0IGgMsfvdRjipkdlSMS5sqgl + 6f6W5j/nuR5yjmFYrp5VtRTzB6uw7Y6R8XfRCTv+6ZIJ/d08mm5R0+SM5AhGOtyB + xYPH18I1ZRTBhcc6EqU2N2mhAoGBAJBffkMQ0kAZ4sC0byKjBsvpc/lC5MqNDAg+ + o1IScs3C2DKGug4wLpxAzWK9CKzd4HEThZCBXZ33fGDSTp1bxD+UjlN8nPaI5NaC + V+QIZTgeJQu1fUgWOREkdaWSfccClm4eLhkZx3fCEfzG98BjKrYKEgS0hgUWKzvq + dxKkwKHbAoGAbYLffwmj6GKoChkyraObCK96GTYccMs6OO5RO6hctkbSD7TYHOl3 + Mvy0/3V9gVkPCo3mTDJzxI2wtm7W5Ib9pnW4FCJ5mfxJuQ4xJ65VVWPDkevngwFs + iSyvDY5lzMabXa36CoKufRx2kveKd8DPWGb/NCzxR2535A4ibFDb86o= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA2ELPFVG9c6Kbm1mPdvdaO/Ci+iT5MYHRmX2b+V0FzYEZ1/fI + RbhVuVvrblRi5WwBPJIgtLarIKu4Yyc7nU7duhx7pB3ugef4JrHKYOnv2UUWKiIx + wkbZvP0vr1GihdFaC7FP87hMQz8znzUSJUM4aEdKJTsocSnXDpDkIQ0QzRWpIr0c + YhsQJFa5gwKz7GPH5MUq+Bi0pAMbx9a1S97rzFMgQeujxODP3bSS0k3sGhdsTKXz + bdSHwSJAbTQBvhgaBVUXuapfLH7jgvpKHvxAvzn48qxpjtWWWi1exW3ux99ioJf7 + FkqL7TUC+dgWChfBIbORTWWsg5kD58uUtOk6pQIDAQABAoIBAQDA/m48AmRl67me + W8CyVHAMieWIArL4QXhB2Fz3ntJs4Uek+pWZ0rV949Ao99oCD+7SlT3myBXT5Ct7 + ISoMarNpQb39alDNUaydK5EGB/9qEEOFelqZnAz4oaKKfPnjHj+Tq7tELzav1JlG + /V+iLWkLdoNu0mp3AvXPI/LSpAxYV9XFxG23Ij+MZg2WGQC6g1ZCKnrLmPf6KvDR + h2jyL1Fplu3bH6gkqVABAlVkwUCDNoCBD/uE3AuykrpMiwEhNo4ZY7yyvV1abyUx + b5kGqnWwFSrjwjGTn8m5rgkXDbXkRQE9hYJKhq1Zy7f40jq6Q3UJXQAReZz1G2I4 + a4xybkjJAoGBAN+jW3EelZea39nTZ2ZHw70sx1Dz92hB4DklXhJeg8wjcdV8wGY4 + bLWjfUcC8fifDlbBYz/OPQrKljafAV/FaK307jGPPL3hOpKCQdu/7ea9VnUXh8DN + KwBxBMY3wHdMtWdvqBuq7QKer3pjtRl5LqdI6bGpHyNbKxwS+PzMVGZXAoGBAPeO + KqInC0R9f8JnA5SAfwR85bZFs0bsqwAiZVTOYd/8dsXjtK9g51Ke6hl8ZHsd3Bjv + DEPqbMGcbdmSpVLFXE2/l6RrW6y6WN0+OWV+TVqwFd+4CLN7MpOg1QiM4KGN1TUW + 31P7WcpC1H0tZnCeZmdBxOdX5XDRaSetQ2WJaTFjAoGBAJMcm59q9g63k39v4HnY + xXshBLBM/Df59azB1wMQZ3SW8F/2Y34aqfBGbreSyWe6Aa2yIz6qxV7e6zddG4NL + kdO05id1yQhDK8uKohYTSETb0g7Ofr+mdx4gOnrF2/beYAp92cDxjF2H03kYM95g + 5/6lKQ10agZRB6e9F0r8gpybAoGAcrPesS9iGyQDNHJCyGYZdFzimugEv1IdkXxe + c0MFOqFh7yMorzI5PKEBWzm13Q3i03K/viA6sCLpCyzViVqFAElL3BUabxgQ4MJa + GdrBwMlh+TzuWys0Lg8RZlrQIkrzhRvJ8sG9wufgSPfmRTw/uoxQzdh+KR3+mTHA + zqUypn0CgYEAoqClS/TJabzTnc7IsFfjjTBNgnUDOLgXSIo67erocVBtcFczaX8i + COR/YBImr2KOhb8jQ9ucaLBXucOBJyPrahAjeVh31Q/wM41XsoytgBERG5ppU2QV + 2l5I64XvRuecEEKPDsmFFSa871xJNebfu1spt5D6TWyXvL7fJYxGfnY= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-17 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAveJOaETPs8E4ZLPvLfs/qdDk8aSRHVqY4ewYf2nWOo13Dwjc + X9I4u0xC9sShRxgJsDBmjNTPkOyjPDoof1xz/1xT5cq8wkSJNhfVIr3wBWqIfKwT + Gb309lW15B9zocr3kJ0VkL50jVCJU0SQz3IV/h4roo7fkIeIg+dAyPMobaYEYIf+ + xbHjIHYemCj8IKV1Bwttb8swqVg1QkNOydwJaQ0rBc+t7H1sZCm4k92y31NIO20e + NqdV6eUJQbJjoXJzvkQb2O5cOdJH7ryas0pjaBYBMIqYUWyl1nZmwmQtqe5TILpV + TgXs/6u/zJ41Da9yeELYtd0no6+gKKwLse6d3QIDAQABAoIBAD2om+9N0Og86PQC + Xbtfp6eb9ovk9V5DyfsqsDXHh1ISF8QhC3ZuDA/9zozVAs3UJ2k3/kTi4dfcj5EC + DZ51xhD4ySGIOM0YdjnDeWlDpgoMMu/Q7I7iWQYYhOzjraevAb7K03Lh9XTh3wXT + 8PX7xNp0r5SkskH7UMAMOsRF+S3JOEtJ8f2jDGs8Clw6NmXxELbyEw5fE3U/kb+R + IwgR7Yk1rtsS8VRU7XeFha+RGiiY8HXpOO+Q+2EyEK628gDma+2TqKdiM+U9hFnd + 8lPIsJeDnwc83LoIwwGjPlQwdkj4rHH03sNXWmtPn6+CoJK0x7WqG0/uhTA12pDW + i7PtVWECgYEA8LOH2n+rleKklnGWknPx+Sfz6j6+aY0m4Q1sRF0g/un2u0LXU4J7 + zLc0R5pj7vBejuERu1IKUjKsrHgLtWzNTeM6J72i4SErqmTzSFZAHpsqOTh11JEm + YGFjWG+4+0PC4YZQfmTBA4M83ViXqJFGAphyJymCBbsAfknwsPGAmBkCgYEAyfPs + dULfVmR84pLCKZRcHiAW/sPwz6vWNJdZ3dEa+BPdsU0hqFysr4+qwnYammxWnpbP + H8JFI7xymUlosiEOUu4iepup2VeYp28Ty0mNVngolXJi7s5Rr9RYW71ZVJHZbv9K + A0YD62QJamvRVEe00il8c3/lOtNFZUZsxW+K/GUCgYAwdzXHnSVjjLsvP7fdzVLP + pGfMps2YWz+U2SsPqODX8ywnEJJi0kczNUBlmoS8u9GOW2tCmIZTfrieEZ3p7fp4 + 0GQJVHnTcuZj7Oe/jP5kK0IZO3EeWAuuJG3ohLZugXpgBrd2e7sRhf9fYlNHMdky + 9Jcno4f2t2ymASVhu371IQKBgQCTa1vQvWAK0I/ZVQgnEgWseABROPcwoV9cRJ91 + LI9jSB0ssAFBxWTJQzaDfXMuBqe0XKIVrNqLm6SMAOpMHZU3NF424iq6XRcyIgNx + AeAKnuwBK97MNA+tKnTVgwMSmOUAAZsliJaT3hKBfPLxcuasA1y1c0cCCfc+VopQ + FXx/gQKBgQCtsAaX+5MEe2KvELiVol+soyi57IdfW24yzQw3vAnhPYgw99q8lVH7 + QpqrwNPnvS62LZisI5ELqkRjKqinpMszuXRzBHPytoM3lWwML+Jtvfz41POIAK+z + PEI2NsZUVp10ZwZ/KuhcAeaJed43EPvyTyKJmtL8RFWJYtm6HbIkKw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-cab23-r720-19 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEArdA3hVMLYwQ8kDRRZMNdCkue2f0015NnmPOqTSa5m/5NceHp + TEojrzN4MxwlugfrjKSUmt5NokUP0fY9fFAwI86MWd+xT1dg1DugEDORS7T/DmFH + QGZ5ZhNLJ+Xz/hAQd8xoUe1mCC6Z4EYjB37i+Ov0Ek28POk8hAH6sDEWdwP6op8i + DZwhEqgrdMikPSeEikxnZ5tQdPnPT17mYAyYIqLYYyDb7tFlokGc/BfDHX+ifDL2 + +tpnsDINk4AOdWkyU1UG5Zh8Z9m8rVo9C3O8R5vI5T/8lr1YMG6TfFCtnOQlOeac + wsA58rMbmP0hZSZW8Z3A184g4nB6CVmwXjVHmQIDAQABAoIBAGqW69VpDeyU5ocQ + bnG6lM4BfdL0wnkJPli/5MoXW2/cTaXvAmD0flms2KOPOVuSC9NeAnvOpBFFBOSf + eylHC56Jxew/j762OP0t64TD+vBQeLFa2pUVwpDkeAxpqm09cLvmsHq9ePq/iUHO + ASFRoONB35Vx8mPwLFpP1GpEUCB/XucIwwata2F5FLsrcC0dpUlkkAj3TlzgrSmq + qOAp2DEkvdG39Pt2jlwez/k78/tk5ZM63VCM0CQO0GMkcntLvL2tRa7TpRqJ1EMh + R5ZOJA+02+88BbYl6yZzzurEbKobkkqMWmYlLa+EjbWhxg/hV2kt8APFfWtcoj8b + ntfLUwECgYEA4UVzfuN/watxmCaG9GD/5dpust+h1HynLHfiOTx8SN8C6IckpqTS + 7Pp50i7yb9lvfNMKd7WdD/6to58LkNNyT9h4A2awFE3Q5y7Ly/GbnR1bz//NnipM + E6VxdKCtgs4EvWAE5I2+HtLUlfNsUq4NdJMSzF0FsK5dfvegbb6pG8kCgYEAxYXW + SEwcFExXuOX4Vk+DD7SBEToGnDZlTJfd/WR3gOqYY5g5q/YH8Bi1Yg6WycKPgqU+ + jvggbqg8n8EIfN60crHViibHxL35GHj0NocF+0dkWIStiakL6rblSfo6pLI1E4CP + ogzHlPKhOX0ox13i6Vwm5DaQ8AAiicQQie4MFVECgYEA1GirLXMPzKp+kquJRraL + s8zR4mHRcs0SyHBF5BgvTHrTgDOlkGgL5p2K7m+L84D/iaBo11Vswl8ulQBrZGSr + /bOr/fD+iDaTitjqGuQ3Cd9b6fVWiRNy5ndyUjkLQjJF79aw5lzsbp33C2kas58g + WtIuwHnZ2q2exRByueg0BlkCgYBFZG+TlqmGuAtZefF04Ro6Oj/dvXT1DGcqMXBb + xR/2unQvCRu5vgWr5AJVIKr41tF0JHmF4MYEGjayKS7CL7tVUASlNFqaU+NfJZ8m + SOlhDgPC1VniMvFs1DRZeP+BPNpIr7HGTJcRTOw3NjFNWT6OnUFMi57/sgxwOeFV + k7vLAQKBgQCzefkNjxN/NOBNeAVgPO9xbgNHiCsV8F3EpaII2jh3UYDaca2QlcQe + MDM2/Z+zO+luZWlemlYLk9Z6aSKpuTC9LOdarrzWrVn/WPs+SsUFffQolQMSTet4 + DFsv8tZ7J6u6p0QNVnp0Wio5INnOYLErTpsjo9ELAPh87gKJP7ePMA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAwl47DPZVsFP70E55VqXnP8SXzINwYpA5tbemj3l1OLb4x+Mk + F7llLY29VIcRwtGMSmiLU5z8S9eUcTxe54eEHRekYQ5s2iuTHWhAvV0zFeYrgaFE + xnk9d9HSk5sHAQw7euQxtkO+5GCzJEcggB9hpTO6vDBytsqFSuYGY4StscnUuK/A + dumdVmtwQkcZqpCer9LqCrQf/euDj51TB4Q3ZFCg7wN+M8VuNWUq50FMloDqVvmp + 2jtWEqIl2PbKYmtZMg+epmKTumsKPELMUMavCLRAvbRdC3Pnrvro1ayzKYUE3j/y + TZXEjMcarNtQdPvRBxzt4oNGuCj8bM/U6TSTPQIDAQABAoIBACtEiMao64hWGb9U + SMSWJ/VVESmwtMrsKjyehlB4DDU03gq5MKarWa+bVuNDMhv5Q86omSNi1fMYKW5P + rxzBWRKU2b3VVTv36Ubpl0fQQHgGhfbUbJf2E03iAotjPlroWzFPLRXS3OK/+AEC + aGS9F6KL8mzEKDUyvhtfO1raBUSHMqjeMwZXH0ZDtCVdeobF00/QpWl4JLpHiTd7 + YgmjIMCk1n6bZsPDCiDzTmpYsSBI3x/dxPwg0w9qG7yBIdJkIzjszJtl69TZYIVQ + MYltqlhMbnyqkn4Moq3iAkiDGs7M8UWkdWU89c8LVkyKTkQXDib8/NnNGUbK8g23 + AIq/Eq0CgYEAydSkgs2nSa9xF37Pq0ViWiZd7KoyyhCDoOT+NDm25DPGSoW8sxSG + LQmVmlGnKOV2QYUb5VAT4B3QvC64OW96uFuFNSKWv+9/j86z10Lwe0i4IvOZb4vu + WNQG5OXLkjL9dBRIS7/u83E1/b8bFW7PMMXdtRoQYd6QTP8PCK8/rScCgYEA9oja + KZhOP426PRcIvmPFUJkuJYqFiyixrm1nzTU01KQq9vH5HzBpdUmLzr5c7PGiR6oA + E11b2qyx6ZNG7j1cBorFNFMyr8EScdXLnxh8B5nkqL8DnzU9tLawI4xlYN9fDBWw + frVWd1Wy9L9GS+7UnwaZ0nwnPtXWXggv+VhogvsCgYEAiTnSDLllB32IqA/phKqt + P1wcuj/SPn7R8EAh8kJXbnshVCPv89Z9j/uXQxBHVlAFgnDNUbGLgfLjrD8btLlu + OBDJ1iHJW4CsO4uvzSlPNpNv1xvHdAcxLCYk9daj/ag7mYP8z7wU7GJJ8lfQQ1dO + +fteTbcF8nUPqbo1b5Mv+TsCgYEA6qHiqDW5OwlDF8MlYjYIY6X14mrMoF2xhWXA + pfAegMZh0bcHtyRXKfY+JhzMygFKxlPIUKXItv0nMjsmBbXGML+/4gXQtq7VRBwK + +DbQTFet5OAurUZ5nNVGG/8RuTm99v1phZ5GVbrtX7vvRnNeTp90pHveyhGwPLwk + FHaMuSMCgYEAwp8JVVI1wLceG8IaAPVOlRe+rImvByqcD4MKkAEO6CGZvOPzikTi + TZl5G6/VyhXem+KX+W39wk3gNWG8P8wJrRQVupM79SczYR/MDttkK+cfbYVqbVRI + I4VeyTFBygYABeY5kz8/mV344s8fqzsBid5Jjb6YI7SGwqRaISVlLN8= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAzlWVrjnSnTNnBDOalL/BGNWinKEeEu5L9kxIO9mfLQNnp8hV + Nn2W8GbWNLRTNOTR9Yor6zkx5cSeQaht582kvAmKT4/M/lFpvfpbs10pQbz/LGEf + jQW7nIEknyzTYt+4eizmUMYS6il3VNAc4oYGOn34iYWTXYn76/M6xU4SZEQRmbCF + Vo9swa/m5Ke1/kbpeCd/q6v2kip24TOt0z7e0PkGLhDY/fHnqwzSZ9bC24W9dNaa + To02EhvR2heHF/ZaCX2W+PF2RgIi1QYyRTqix0Pfwrp/qsYsDu31N9dNGXj3tV8B + QtvHPnC0rVu2J9kQO0QGGsgLVLLJChilI1jHQwIDAQABAoIBAAGJUZwCgjb5cwLs + /3GsG9v7e0J/UKIDdD1ZRBBuBmlnZRYyv6+wL7eKjH3H+fai3Y1eggU2X9C+Lg9/ + GZJoTZm42HbPM0+Re6AWhShIwU3kAmJqNrnuGP+JVqR4yPorgEwomW5wiyODO4g+ + JHjrVpCI75jWjcpchKu1G/LsKeblN24+px80EpuFesVaofIBTjt+MlMwuCcY+rXy + i8o6W00aRph4YYCWymSkfh4lQBL/EVidKLzo2MhZ3CwCMnL0TCxvb3UTfbfnbz4d + 4nB+OVfH3GJthpLLCn4Vybq+aJeHoTar62fSRBOoERF9nHdOhbzEVfVhmtUhTv5+ + CKxIkkECgYEA9VHl7fc8h/Ao+STekAbrUXwzPL02G1LdRRyxeHA2cCmOYgHJe/hY + Zx5MzYHG/FSaPlctwBXK/mvXQNeHq5gGH6IS8tGa1Pbc2CchSLh9GL7GA+KSK+tE + 2c910d//o7zcOauRSwQXrC5Y0TFzRQ3EJGtkbRnhq3U6TYkC7yxLvi0CgYEA11Ew + sa1iuxBupOsdc0Vj3M+p3XuNSHVD2jMP/FM35HIhW2NfgkiX8A9u1VnNj9cblEQ2 + 1PCVQ5x88qcW9iypV2WF+esJn4cyVFt3gXubAJaMdfQjmuzSe5/Ywoohc+LKhCzh + mxo3kakyyXyZxqcz2UywAQVTYIldI3pAHarbcS8CgYEA1GjSJmZhEe7++yJSVvC2 + xfo9PwUxmRz5m8LJY1f9usYwk2mqtF2G5dpVc8c/rPHwD7RaV6xG9F4Zpfo4bXoX + K0KhF4AniOgqtjnDVvzuzAM63thJ6h8uoU1BXbSO245GPOTxy7tCaAJFQvSHMy5F + O6eE7/Zt8JBzJ/lPAhofhw0CgYEAjzfp88UojtT3Q6tAA5R8QDvA+RldeHzHjTO5 + xlR0MPfZSDhpJveyWHNrfW4mVS73oT9eWXVNU5ObaKvLkiNS4FcfLoUv+XSr/YB5 + lR7qkxGQjETACiTMPH6uZ3gJmFOZ8SEJT2m43KJ2rZ67im9dBYUE7SjltKip0xdV + 3mXvYPECgYEAu9ZP2pvwe8wpE9J8948hD3HuaMoaZkQ2/eNWlo1Lr9faAVomCm7/ + EToupvUI9aAg9ZE9Oe5ZJq9IM0euUyAxcNgKAsjWxdYVxdnGmX6zO9oGlFYkuhEC + g1vMI1+pZUPg6u/KVxwjq0T2kUxlY5acYbg1pyrFVZ/26R4pElUF1ts= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAz3nmXK4+ehS731zGx3qfpIZbed1SpZTn3eGKRV7gXzzSku7F + pfkVEkfN+iLipaqFvOrqui02JO0Dyv5vgRVzog3KIbyoFD2tUSlN7i9YGZhPJnwP + 0VZgq79K9ptjqHE8+q0uBo/KiqnH87mVTEJkZ6sYr3KXBSHJt1FZokUoxIYP7PNf + ybOOQ+tDO6AYiU1NRSLcQc7pQPqXgOuDcCMOdnKeat7O9OVWcQGyNkVD3d5ws9HD + DUUozmHje2mBdTgEqyV8ZeHiuAM8dEmVTt+4a7xT9tjhelhfAIhwZGW32WhzVoId + AwQ7c/pTREPP9A7zfXBFupdlSI0vnwoXLMsRGwIDAQABAoIBAQCxt8AcOWDo36PC + A01+B0qB+liW/X7SuMcYJx5yp39X9NiG5aJFtiNXgkwsa/9qWrOuDCe+DAYqAR/T + nLhUgNSIxnkTBu+OTvqL3+6SDNnRKsb5tyExdmTeGMCUlqv51+2c6ATZuAeNWTse + SSRaqzAoIMXHW0eDLNsFfNhjiAwQsR4WVxro3Gt88u07jY9kyHJ9TQ2hfZDweUUS + JW0dDNaaWfRMsBWMLpMm3I9VOXm8/SROSAj2OdFg7dlCU2bkCToMUb8VGpNAijx/ + 4J5RLCIZgNmxeoPi/dy0eN84i51jcceZqae+WF5BbrtC71oGDqa7ZQarr3bKcDyG + GinTzuc5AoGBAN5qMQIXccU3Mxj1MVWoTRFaDEu6mS8zo0NT9ieAhrPPqCPxHEQB + sCxJXvm713y3PYJr40GNyLXbq5PM/Vb1fJ8UPZTGUnG/gqoSlVmNg6UOPujpKbKO + TUahko7JcmvR/xbgpZsB30CV530FkZPj8KyNqrYsQnYayt0SMLLe35GFAoGBAO7O + OxpF2UMnYs9IJfTtJB4auhGhrUI3k9F+m5tzA+WMJIlI0mgpvlA2fosIE4jtrQqh + WRG1+lLNy7Pf0P4dy4oxOfcNJlf4hKva1VznpnT+P7UqXhKXYOOUZ3vN7i9q43nX + GCUs8gL41Cly1xPGkS7oh/cBz5lQVuj0np6NiEofAoGBANnUcy8zOvAGQfs9mRXl + gaVu5f/9Py4lis7UGo9Rp5vP00NwT1ijtqGJMoWwXTn+VTW46Jg5fsvt2zskVzKl + t2ot7qoZGoHhKN3c2X0dxkMPkrmWMop4KGL2t4006uWChC0p08feq4Kbzl5557xK + UFsPXJSTAHyffPPLbvqgoaHpAoGANEvVhZtmSN6HNP2H0mtcTXts5A+T8bxaEra3 + PQOjBtH57laUPVtm4goNDEVogcQK8RkEeGxxtVB8G5gYHI5J1KmTGBc5Hmq+IyR5 + NS9FtLk5GmN81nVwMmZ9gw9F6fxudHA2SW3eUehMDgeoMhx6Dtu9aspqvBhr7/gi + BHbaMeECgYEAxC9bPwaZamG79d3zTPG8l51nQY7dW6Jn7WkLkiSMy29VGF29nSgh + kTTlQqWjjPBeIpUC4YTL2dB7PvkOFofGHwPox2xUTmi7U3SmsSRN1aBJRgQb+by3 + 9raGql1VFeUuHsZ5x2YA5b+an590U3OxDzkGDBOU2RdWy9ZLRC7Iox8= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA2RPKuABAbQuCrv72wy3EyEGnNIh63xPYl6VfIz3F/VhDNt4a + KSftWM6U8+LMDHyT0p48BwCgdlLfNhU4tUa4rD9Ik+HRV3hQxHGuGAQSGna+90z+ + f/OtmgbLtVXX1bkLfcM85YPTVTzILO3UA4VUrQxSoXfK9tUaV1RJrYUzHwtr6aM4 + wo+pALsfes6Mm6ygM/n/+z1NUxzr9I2oJreFH8TbnkmQRbvWoYQRoA+2Z2A+TPZk + zYqGNAZr/BZS8mgEGapcp4tF64yyraLPpwzEKxNspmjHeGsNEYZS9JSaEx6B+ceH + lF2xYlK/tg0134IZMJ2CRl4XP439p+yN3H/bNQIDAQABAoIBAEcnj6lkm7mirkGC + XYx4sioaKx6zJeN9c9+xW1AH7aAvkEip4NVguxIDFRwkWVI2e5XsPCznbbGbVIM7 + zYzOE7aSP84JlT8gtwjNYo2IuA5oogwZ9somK99zHs7fxpHNyBB/MLTi0yD7fXoM + sxQ8XhcjFOrMg4EJNUsu27+/C5S+5SE5uffKE0H6VmeeyqteHZmPAimidQS2jwq/ + tHqDQ63QTMhZvac2b0szS4dDcr2/tmUSvlph6gaCmqy86QYwpuAPGmF6hADoQXAq + Y2aTIM+MiELXwrmQBaVRZ7JWyCIj2JEOltVoZMeNSDSWrJ2WYljxFC6iROFV9Vqj + PADko4ECgYEA7iF3LPLI0s7PeK2auhB5hH2azSJZ8qAtMgA/y6fjRt9+BPE3TcX6 + DxoaI0sbqpmkDDVXQgAIGxZAHIkM517PI4glxwxkZRnC8lBY4ijR5LP3cwYMIRym + mky2bV0DbnFNvzU+CXHonD1Psaw7zJYfadgFDaRVc9zQWDPXpd6avMUCgYEA6V3i + 7u5Cf5T6o3cfuhyyQCiHbv8QCPt97CIIUrubzVxgjFqr2G1CwzIOu9hQbSCHWqwL + rrHDeunC9aCQg34gboneE1KvpLGDjnOBCXBUGLTMnEbFHncw+TlGoBJUb56G0dHq + /5/PH/dABl2JOlSrvJT5QWrUO7aByogqqK/5a7ECgYAo/We3O/9nkiPSYQe+OXHB + ZaGM5/nVss60yagxlS+hFn1pul/LqmV1zgdrxdT4U8QSOehQOxMqHnVgtBKdjQtY + 0Wm3TqHFaV7OORhjraUbmgLhMMxLstPWwZexUY5yp1w7qp2IIKxqoH8kVUJh4AF+ + RanxBDWVYRAX7qyTJ7M5BQKBgF3T/+AtL9N4JOYAiWMdEpY1NW7tYpcZ9uEwNcR9 + 5gDFuZP1CM717zfoMoBYUs3tnD5amj/c/Um4H0j/C9uypHuNNxrxzekb7lciHamb + 3lQorXPQCIVdSvWJj9ngRM60IGTQT/oDWRXzJWzpwrkPPhWOmEEzIK35jWnPIce9 + KT2hAoGBAOgmzSvdvzdMcXeUGn0+AaT219vR1RBfpyk0/jkYVemWQosLSEQqbxgw + 1Th1Z0JO6277uIbi/BBqgWLhRjjQUIavKHnpoNzUa6pIRh9lNywX7vEbRnRTXpsV + t1XJYhUX/5XzT+6ANUCjYcNUeQi1OpUmg6UD724jcF+2naRBDLHF + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAtMEFupWKyrzQnR5leAj4QlIwIREubOHaXwIOjNRs2f3b9xoF + z/WY9OI/oMvvsr4am56CN+m1sSPOFrJji0+fkMuO94/QkLZEioBgzJb1icI58QIY + W8jWvoUYoxJPVNWE2tEm4081Bs4rG7hepnuvRKNgoIE+1SflwofAe0oLPbTyhbv0 + 7sVXLyIHelVEAlTu6Q6OH4rV0mzvHY6jqMC/qsbLM4vujoEGKzX80ftzNa/TGbZc + MzjylQN2Svgt0TcgvzhTQOenfOkDe7UMKuoD500pioCW7nSrQwfJP5TuR6VjOer4 + sJP/T0KZ7MHs0gm7jQBL5+O0AZoWPZgjq03OJwIDAQABAoIBAQCGqsSU5bNZJuGa + HbplevFToB4hlMZs8rwaStMCU4WhyAPpDudDr+w8jo/vQeGc3wu945OLCsGGb3Gs + 8U0+zpzIaRBkGy69kj5wngMAinv3HdDDYdc6EuEDYvAfFpYqU0Y/LNJ3SlzsbBAr + /+nsyXukfMCR9JkWgDoq+68Ja/oCBxtw0rLxrLla5qaYCzNd9W07/je5nknaKkmU + h3UM6eUQBOUDEzX1bqYIUb2XMgdrmBGeZ2D0R/t6huc7qjfm1KXktQbrkWCUisXj + 00AtKHhIDOIemdb6rt4DBc6mZFcncTOq94+0IoYBm5T6bomngg+bgbwYxprrvVeF + 2SL9T6uZAoGBAMV+M2MV9Babhb43TsFSTfLe05xMAl/VkA0ODRJvAOayX0beWhyp + UQBbij+pDzIkt4ylPr4jTGv3yQLeORhZSKUnUc4pYfho2iaRP9/IoV5ChF99xJ2N + VUG8GSeYAsWWlBBzMBkpXy/CcX35HyytYhhq0XieyudlZC7XgVY5rKSLAoGBAOpN + V+JqB38F0EHoUT341SoeVbTV2FtEXGOQS4T3KzgVhNtJwiovHFfhTIwmC+R3ZP+K + d4bDm22o+dOwRMcEZ4eGSiY7fizWX08tvYrhsh+ZMPIhRB24m7RTBavBvSIKGOIX + w7xNUS9kNOrIY4ZWv3n/zCokxmGBHlyIG4GfWwRVAoGANEfNSKy2Ggn/pLQ1d/3W + vrV4JUcF1eLOKHaQxVF3Vprfl/4isrWryMFy3pldeXO411WjP2hOwcIth0HWsXhp + P7ch88aGteDj5xPKae5NsYtASZscomyYpjcqHY4jJbVP6u7jS7XlCdqaerOpKgWY + E0irvRekNQ9lLvVDutS3vDMCgYEAksBOw2lVuKGThzRTblVkbjUByXoHQWLX2ySN + qIKHd2FDDXZtPq6zOffLUhyiZj7B66x2oNnziAPGNmi5K03+6kuaNcgdh0fd+mHT + ziD+x/vTRFTBrTvrik5VxvZZ1/ArFbF8z3w91UkWO9e3PnUnCOrGnb7a4kdVFO/L + Cq0c/OECgYA3obLPD4vXhSmAUCUI0TD+CvA5gUUmk2k5Q3ZaDQsSBbfMPvpq7F5k + yPCPD68j8MPJ2vkr5j09gIvGpgMpRvpaH3QFH36wxcYiL2Q8IZEfy89kTDtrLNP7 + t4EfrgquO5hcsbfmxtu4xVyVrhRnejOUjoaVLB48bO9Fp9bQKFBUgw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAuPeKvd0k9+0Qt/NUFpmdWz7ztQAHLyQix9YDrcnXbNV8DiSa + Q/GTOvdnKLZgQXa10RXpA9s84fSxJO6nBN9PP6EjS38nIZMpybjb6wnqW5Dv/aOB + s1rswMkv7vFLtnQQNMGQu+W4t+9iSea2vrX/49z5QPZkYS0J+6GGmktfBZt8J1XK + ZYjYDsSD1OIRfEyafVJT1pARzXagnH3YwYuVvpaqcpICsnSIBi0QWr5zDXgfQQ5C + 89U1NJAPt8DwWV4hCzjgkzqz2DEBwuFSopNjCZDXX5bqgypJUP3aI59nYyEJ3PvG + 40KlQILIN05UmknnMItxwTuw+IqXHb7tOTbhQwIDAQABAoIBAEZ7ZW3179ldh4pg + +YDnJlQXx+wHx7UJ8wrtHVfC2wkIzI3jGrmbOzwz/CZCYKlxX9T9oV4r06ZShJIL + Mq+jnGIlt/pTyIh9uGW6wGpuy9P6hcjD3m+GzUKlJ1PItM4gqfBAdjNzVREZ8f0x + Ih/H4Gtmz8AWY6e37t7o7Q6se9f5giJIT37TMnct87AxAauIrOljP/WiuJCTFPZK + YwtXpP0ETNtrAdcJpgGPFsgsvgMpuLybVyjzXFaT1EBNjV0HdYLRSnikiyd3zlKr + lWyeOBw4IrF53ArZf7oRZtuMH6yjWQfNzdgXRvooPGy6lBhHJehpXgPZJuMp3ZN/ + zoy0ubECgYEAxhYrI+17haRa89tcnoLQk7qbqz3LBd9yS9Ep0E3eQPyx3kvuc2iK + 5e5CLDgNvaYDSTorUUuE+auDqJt4jyuPh5v/aRBECFVXrIPy2ey7dC4ynaPwH+8f + kYK3t0dsPBBk07RVfh//EmZ3Bh9LwnvT+xhXY/Mu8mQjp7vKbAMDTZkCgYEA7wtu + g79Hlgci/tFsFuI2BGw2m+BYkVWLzctInsF/A2sqrijAhC+0tNnLijXdWaCT/XWb + hvN6q0XMuZGZFvcpDzyocSV2oDwd8g/ULTLpA5xfamDaJNTqVDX2VRSnGKiOk8J/ + 02jZKBUXBKTj9n+7BdbpVFm9SoYqd3jcwKPdVzsCgYAHqLfGTdpm0nIJ18N/BYPX + EnIObvc4pOkgcVfyi/A6BwtBkyIHKFWmik3Ys9okKRUbcbpXDFp55N3UWR6SOpb0 + IV4Ay/Y1dEdNjlSHhJXC6j5exgX01iQcVjeQSJywvdmILgLYO5h7N6cGf5NIU81g + ehJ29OIt0R1n0OUExCEOkQKBgFr/Sw60Hhgql1PRfQgpDM8aMp+cA5svqYypufdV + SXiPryulL8QiNPQzhJwUbTLVQgDWaGIzBZt1cr2hg1mOtP6r5KNN056jw/KFvAuI + udM6D8h7Hg+vTZTJBgDVX9avM7dj7y0XWLM9dAm8i1smvJc4fJIzpy9ba4cXZ1Ge + D4BJAoGBALYT9u2Rk7bNEoJbInZhmtqd9kyO+PBPzLA/ZOzzafIMQM59xJwy4Cui + vqA7EHvYJSAXP0CiUxP+X0MITbGTyCzR48fiFi8sY1C+MQaOO06IFapxtQda9r7Z + 2NfJxVxgMFh9Y0a8nCGT92BlNs/Mn5Zo378Y80Rra0av/69w6HNF + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAn6CZw9xwsNzdud2OVb8Ixgwe5OiS0mgBKU3bo3bn/v16X3dy + vBs93Ar7IPegW64SOaeDzDG+yR79dObL8HAc8jRCGgnJgyfVqsABanZSyzZXmQmo + vn8lLPWW1yAF9/mWTduEs4YnFsSDIoD3Ptc9W3OYL1BetSlUTYXIHI7Y8wS/01cC + GPFTZZ/xKY2N9sdoFohsKTZuyWWtbMb4ysAIx7ogtEnBCZRz5LoL6JutN2swsM2H + BqKFxPom9YxWnnFiXNG5623abzvrWT9oppswqkEeE7NYD+BiNOYRb2OQYlezEl/d + 0RUJGTpJLFN1oNWu953+tonATz0GiuL9G2TwfQIDAQABAoIBADH5EEpd57Wm349B + ij7T2IZP4xgcq2JNhxeMNVeecRDGABqFBZlYGeyaT3ZJr50kCLad98fkRusl1YlU + e8IhBx7YN115dOmnfd+/znGq606NC61wdbB1k4jYtclRUC0KqQBk2c1uESyyhq81 + mrHEpoPL03f0fEHQ14CRgk1WdxrVAiwjfCiX90WI2GEdpIOsjvR9r6ZAzm0HSFY+ + qBSaF593Uo0wmthS1YO/gnRdHQv3XtCxbj0HuQ0/8Mjd9aeNvTBGfkZtL38J84qk + IAiKWcoqIEPMePFaYiZQDSG7EmbrWTwj48qqSSNav50xo5mrglmWb+j/BAsKfwAn + 87E1F00CgYEA0DkaqkU3/aOsL56KCWQ2f623gfisZ7EMSdinbA7cGtpPqbwmZxpi + 66n8TiugpQoetNHSDvkake5oUOT8DzCPfJZ3cCLLOnIHuWS3Ni74LK8/fYZvT6gs + eRHicj8YWfCps8VcZvsAme3LQPfQS+uE9M4M3GPElDmdUGF4Jt9/Y/cCgYEAxEED + gSn0QVaYPCWiVecjKSeDdykiZNpQnN5W2ITQDM1ZeF9zEcDOacooIkh75N1gHRdq + LqrMJAn25ARTjqTnMPOJm7yWuPDyCExNeEU5Gk8H1egHsfBAg0yvtJPmF/yYJbZ7 + 4o9IIX1P7Rei6HwXpIATZ64bKpYijLdMkYTEiisCgYAsmE5RsUlwlSFHgZjmsgPK + DJaEy5GBE7YiCriwt+4EAkWVgKpo4onVFy7mPwnEzwoMh/OJKWi7YGgPCzvAtRHG + CSPDbHBCMDHfTua+QAj+6PmcFLK6SLZdp6rr9P9uI9D0o4xKse9LCFbDr095MxPi + qk6u1N9BL6W1lWp6SNuruQKBgQC/dCU1FnagXxf4ZUZuwyP7+/42ezyAYrINtqHG + bBqCwrmrwoIBKbS0Y3CvsUKcTJJ9DuCZUioAZnAilU3mdFzN1mfCNEJdfUDAc5+H + 2xAP6FVeihMntZdZ/6/RXA82C0dqUxGcPedCNHuKcmqMnrJ52jAUDzeVXg2qdQ8P + TxRlLQKBgQCJ33OZGG0TgPcSW3gbYD9prbsJND/jiaaV12cXYLpeUT2uNMPEBFse + /ywgQZ5MObDclpYMih9sMRYU3PXtt/uWgSbWHFyzIZe4wzRDvr+pTNztI3+W5CWF + alT7i5sKrAnaD5xG6bNlX4soA5gHXlBVLbkpnVGTCWk3wqbK9HQN1A== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAv+w6qElJ+K4JAOcfd86igVl8AONU8BIeZGMWq47AK3sLxGJx + 87jMkjeGg3xEGJ4BvQ1/OqOjmvxvfpPMcRQFZqDEE3Mzr+lZ/po5+5kPqNlz0LN5 + AU7yx0f1gf/mLVOwSh3te2/cEKVVeau0fDKtt8AdTe+FLAfsklINPQD9ycwsoq66 + qJQEhdFOuJGRlgNOTiHkqF+4xw7+gChPUTs+WfRTUknC3nQHYt8dPLRHY/Eqb6Cr + lw7+1iD252qGIKMlIHl8/FmFDtNM/BBmmg5xeQsAqvu9bGS5M4rOB3Yqo7FhUeDw + rJJcYcSbB6Z1U7mffT0F125Wpmi2bssfxdmMMQIDAQABAoIBAQC6GdoDJxX4cuG+ + I19rME55uQi6X7YUGK2p0D/CWWjUgLs3UfKHT5Hm0rq3sv7hFA5BgN33QYg6mD+Q + 8MZUfAKEsq2O4q2jDVa7wFcrNg9uPnXEUNOsRh66yHcy+K39E+Kk7AJFKIGvDnMk + yS/5Irc6r6p60SBEQubON4wotFZjns3iVPOQaXbtPXHbDH0PVGi1/Rx2Zo/8VHap + 6FvhekXwy26J8xwdAN7AD+5VpwKTbS6Ef+QJpr6gCp+l7FEFLkAiGidUkGx87fba + 0hOSnuqSH3jE6b613OCztFbFGhfU/UL3wn9d1PQueHu2CPkWhq2ex+6MuScnWMnm + Qx4wPW4lAoGBAPEL9RSp5JqpOZykxI/40Mhtik2iXcQzGvH0M5vz4CrCp93CyQnA + EHEajAw9F9F7YX4cz9osDCUAdZNlY6F5IYUboEFkb+UAHidt+LCSl2CR/+Fx88TG + W9+6Wndyx5Z+ihM9ZWTxiBWv0gYkTQGJYFzt7gw8xdkDhXD2RvjiiDmTAoGBAMvU + I3yV6i+zdhMFxL9nehdUJaxiSjLs/KdXDAOGtegsOw4kaui96ckkJI2T+rUzYaYn + PjX00bIG6E+umN6+H+lHHEBXCVIDmoIB5Z7Y1aTL6oZR2yQQZ+KMCJBj8Wr/tIxq + Sha7m1q9GHGUygFE+D5mkTNLyqXgu1hT01oq+u2rAoGABqGolW/zHRoovpl92uQi + glEZK/eakspBJITuYoz8DtEaIyy3sS/6g9ISJkgL/rRhQ0HxqfPqRZ5UncB9VDTr + 6iiPaR0lQuyU58rLu7fcuEhr/LzQ0woN/wK2eHDM8uP6Unsu7e8DKm2S3p5jC/bG + kufs06NcYhMJucjcvP4md0cCgYA763crLt8TesxhNzbplb/cj84raRGq+uQjRYGw + n69mO2p489fB5+KMUOW2ASSYlCxGrg6pyfjDPyiYFBm4kWfMKi1x9KQ2yfxn76rT + EadstM2TAwlLBs+jV8tEtzzHWbh39t8k46399Mz0xurDiMT5gyl4TPWb4f7xLmNZ + hH0T1QKBgQCrH2f+Ezv13tOCKuVJcbAql9aKZiXy9dgyrNDZIjwEgbFAhND4gqg8 + EnA+/jC33ti87GI6QmXylvGCbANuE9Q/jA2unWutHcYewzoatC9PLWKfw2r1IhB+ + 9aEaz+5+vlfdV4eVo1wO8yR/WRQH96ZIhclirVUGn/OUTid0vq3YvA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAwNtoLXFPSdhYnDbtaXokXiXyMKMiTQyndp0IUD5/VqyrQobA + WMgoHMbMDk0jJBISPVvo9cQ3WvdjxdE+UdkfcK1H99B76j2LO7etLd0OYjhNVy44 + ePAoO7mMBBs0ia62jneNubXtOZMVd4wDNK+WYGKbVDarlwKifc5OMAQFhq5HYdiB + ULi2I4suzMkVgQt+M/73vUQoruZj3uePwVEf1JnRXhq96q/LAIaqCrZgJfwpG65B + x8nQDRyhjt6LgVXQcHozz9P+Y8B6XiO7MzbIsErepEBYTiNL5Q4/xYI0iYICG96g + 1vE0ng4qBeo/APUAcvja9zWzu6OzsPR2VbiT+wIDAQABAoIBAGEjoluRQTCeyjMU + 74w7O2o4jr60zKgmgYsbGX7hm94aZsDBgsy1NI8aCtoBPHwEpi9FxhdUV9V32kdf + V5Z+WHm2rhNCbcfUa/cOUypQt9f9J+eLnmI8BOfgU4gV8+aNm+Iyka5C1lQzo5Jt + cYfuET5HLJnEV7VeXF4ltfg1blshONFdol2jgxXDFoOuImIMfjKwfU6OYcWe0oD0 + 30DZMnHOj1Pn2Z8LGHEZwWtad16FZo1PDFZMoBMucpdgBM+TyiQS5LT61wkFlb2z + VLyUzu+kyfnJbR84lH7e5O6nEbCE1yTn3hNlPlXSfOEYX/n/VVcwXw39/MWxuHoj + 1gfAjfECgYEA79bw8yhVDhGuE98Z7brRjMBMgUByBRpUcLq306/LaT+0PDrO2Z45 + D96RhJIUDVjaZ9SU+5gKg+dYAgJa+3ZSnunOeI/iRYzrEROplsXFkRcfRntekttQ + o8Vk0RiCSuWSwzGRJdrqiBBA/vCpCMMfLyreNHcBMGYxqAqS7V1Y3WUCgYEAzdoN + A99KGu4oREX67GYd5fsFPf2LZK19pUfVlhXkjLIUZlrQkmWF63I5ACT8sn49Xuui + /oSNCmptxDeK/aCjG8AdD20NWJUYdQHBfKrKJHB9Duc7FsPKLLoOv4UPa6L7+4JA + Liq7usjECu7fRUSuQWcUqVYeAF2xd2bw2aydxd8CgYBjU0ukF87pra6+8gUl69l+ + heDpIkxWCqpvqRQaKdJ+uvAkhWJGw3z0MoNnOKvvPx3sJCCy9StdpwBOjLUrMLxU + rZVhXo0hqpNrFg6Er1D7nmzIXq0y+nqx6DyxT4oeBGc8SRnIaJn6UWjpa7dFNrGC + cill5ubqKVhlNEPW43K69QKBgFSzQeOz/rPyBpOBD+wxYF/+13tYVgDI+ggF9LZa + r73MkGRFPcjfCSmFyDps/aUcGHh0EI8VT0tX225/RCtz62lBtTNhtbobLwMGA+0e + ASrZNjvpnQCS8x9QNz1KrLunRnOIdowIfVIvxaqR+0BvMBwtI+1BR/ryklEFBFks + k4aVAoGBAJXtXsza1imjQrwn4bmBs9eadcdnFr1fuukzoRJi0PK6TQiek6Zf0SGN + XMZO+HMUuSnWAHapxOX73t+/qHrfisQta54zjsTQfjNJ22RLucBZ5VyUiWsullGf + vZIcMtRevKUaFccBzwjry+FzJPzPHPtDiH07qBqjkHdOgqW4YxEv + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEApD2DU1DArQK4PKOQHzfr+/81s+qoss/0+GFLD1nvCDSZvyjQ + 2YcAq1UASatCqaTBbnInmmshwJES2WYh690ApMS2CQS3q0vQcaH0XqD4v1km8/lA + XFTwr/EO8ocGz54lh8e6aUyk+TznYgq1E9xWxzo/WCjs4GIf31leeUicG02sbU6N + ADw3W6z56Y4Th2Wcvjw9fqvJ5tCeBD3cPbvv4gW14E/82DOPFrj7gxeF8BznQ9IK + qxLxncM0CtnKsqgkJZYaqdQ2z6E10D0ytCxLenLgg/GINrXyDdAFpLUX6TZQMmI7 + k+rOj7IOFCgaPDaS9rG7RPonTyS2/bMIHt3k+wIDAQABAoIBAH0n1uxla/4rRWQI + LCpt/elRKIZK+nUQnZes5Hr1SH6TPtn563ToOK1XH9oDpNALmc9lNCKrItRQePGr + r4vCJNxqfmFO8/uX0WbWSJbXydZexJ1EQjRaEfOxGXfdR2ZtGCJpI/dcDZdUPupq + SGSzEnnNPDodLa0reShFPQXlO/hdNtUDNqDyml5FL21AHbJB6FQav2T/g2FCDT/2 + h4ocpTxmZb7mB3DoxVJ5Nt6GtXFjpSExaCHUNkh/yxO6d2aeW2zcqr1RJEaGswsU + FncCr566P9FOsLuw+UyLRpl1n0ToCmbw0f+bhb+YuXhrjjvDG8t9P+peG1QakOgF + oODHV1ECgYEAzheOH+BLbbDguNJur2B4TwOSQtuYB0k0lMoIKXUfuQhAaLIDwaKv + 2SnuRru+tkkbrtrIvVg9W2lE6yj04s7oBPxtD2HXGUN9Ne0thykl8L3n8T+/GPrq + 01Pj6hGK8M3dkq5mYkaXesdVTH6ZhxlfTiylVblR6MqVGRxkd0MODWMCgYEAzANo + FfXqgblGr7VN+M45BHpU6OMGbji4trP67PdT/IgIWXYayJ8lWWIWpEYu0ubauJfV + m/tI5tl624fmAduXTtJYWBr6PeZNhdOdohsCdzWmwttI4ZqgeKpOLwTySQx+sSWB + Ivyfmd7aXqKmEweFvb2NBxRdGl96zg6L8heyyYkCgYAEHcpT7qnzBe5nIqTdUeL1 + SQ/5z+MIejjXo/VnxpQcoQKQVMXobzRt9P1yYjub7nfkFTCfP4zyL3cV71p80T8n + IleXUA/4zDVLB3K6WWMNnO1uDyTk/dYE5I8P1MvepW4AiQU4f0p1RFf60CiG30Xd + DN08ihgNu0YhG0UScL9uGwKBgQCKl3HZIVMqxxue99K9SBLx2Mzf3IIc1ImfDEtV + OXujnSHW7GWrjnmH7Bung0oB2fQR3IuvSBixQmK0yfBVqMB0Om7rg4AmFtLpK+X1 + HtYg96CO1PsAz9NdxYwRYxHY0BUs8GZ2xxkBJaRBD8s0ODMBv8gTXCEXbm91leo6 + DyFUyQKBgQDAW8r4Mp7x/i/nlgAGhBNIgvkvOA9NdVPIY86ZTrXGs9xif+puPFGH + mhFuolJyZI/Yvl54t4apy/Y319CV46L8oOedRD9H85rYtojXJXzUbu04MQeEDTfF + Sdxqg0YKbhU7SYHMQu9yRfynUkBJ6XC7mn6ZJ0yDwLUguDJhLPPuMQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEArJgNfhV76s3yqRZ5nWjY0Sau8Lte/F7okc8FU4TDLyjizuRy + zyl88KGAPBEikoFVP2CzdgaTaLaIiGIfh9UMx8dbbbV84txSPFrDd4d0VWHfa9fv + ag8W5wt5ce9W4JT6qQlpMsdfx+O6yhub9NeuWFGdNFMlDoYh/4wrfAu+J4OuLLCh + Et7797fqawPjBtCtirq2i8SFN2tEPKvM5MkAYdOU7Hc8UPRUR3rpXbDiXiw2tk61 + yG4pE3YwMP2SPJFTAQ8XlwTdBkARb073Bnmxh9M8oYb4pvw1hLB5+j8firAtDlkP + 3PdmfzEFxGXjDoUPLzO60i8FATRWoRDEDB6XfwIDAQABAoIBAAR9fDRgiLXGH98I + R6ext5pRYFHA/iqgqXpJoYDXvmA2txfc16POF4MHIJfvdi/Lj5Uzhde3OhSKUykB + LILTJx73b8h95T7droIFdnpgmsUx46chmgfvVpAyOzmcmW0EUzUcmpEIoNRJd22U + pE0NY2rGzMk0tI0ZLj9AvUzf3VWXy3OWl9v0y0XrGUEcdMwWP2MuUWI0yTh+GbVX + G+dtrPdN4spR3+NgrSb5pcrgM5UsD/u2fDOfqd5u/piL5d6adb55csTnTXUj98LJ + rEUyH8X/lu+yEIQKdUgdyftvS42VQmMhhqCLT0bFjW91LDECjRgh8IjuMn8zjQJQ + U990mlkCgYEAwymfVcriPr0X7od0Rg8bhgvj4Qqo//S2nimf0A8UPbHeYePQHq6z + zSw70m1qh6HS80gLrf1IxYyo3kmlaTIh+CxMwAx23VaCRNSwIb4Eq7gjXd9aXB9B + +G5Ig4QaL1jzI5RW5/nYA5D79nfYelR2/Nw9RzGtSZlY1eCigOU3HwsCgYEA4mVo + KWpsQ4DWdhOmv97GzOSIX2kO/omG0ubuX0ASsWxp/82Lm5GmsrOGcbLdoiZBXePo + De7mtCQGq+kSbghvAJpSvxbuVrR7cwDOHt/lVkV/YfGe118xGzfg0OQo/nn8tCJ8 + aVcyCBRexPmUhMbbJ/4f8StIT9dCUmBvvFpVQd0CgYEAifXKZONeu+sAF+Y5E61q + T3/oPxVCEm3zCityhamjLVmnUpuwa4AkKk2ynDYssGR8su2jFAOQhdXBKiH1hD+k + M8NdHgWxoRWeUPno6HFi6+DnX1yci7Ks9+k96Xpg6EeA2Q3rwWCkiyDafIiLxy4e + TvGBf+pmDTkRy19YgLWIGbECgYBw6NxLE32NKPtMhj56oLOLSkrNMss8nQA1vOCT + dpQcEpLG9g8zdi+qHijmGau5i9S768c287fxjaoaILKFWAVsSosMLHaPnZGX6IXk + Fgv9u8ls4qEyjpIiHfssky3yxIoImM5thwQ3zVj6afLtSXPRfUcW81wsHZJBHUF8 + sZylrQKBgQCm/64/562C4cHumLeGA2QsXr18E9jWbRrTVtzrNNBU7RpSbZpBLdDr + bGl4S4c2VKCDj1HK7doFQ3Ko+jeJEiCwbW3Sj9CP8zDSPJb4BZV6cgw+1nzyXtjT + el0b75sbT4J2n5DZHR14Tos6vX4QDHCsrCRclh/9vdqouW8XyJ3I+g== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA7AX20jHoo5/Q/POn6MZHIuNw8M1toJ5duX2fa5VM2nVn9xxt + +0HYHJz2WzKGvpumQ2e9w6XJF/+hYsMgPke4dBI1ts0YPEXXs0xhmkT9Cw41ca7k + aK0nV2/y0hS3hk5l972TMBUb0vHiJdwYNgL4MdKa+kcnYXh/zHLUMeH2CS7jwxcD + AQQDnZxt/Dp3gcKNeJ8QX1RxDXU1EyrNcPi8Nrxtf82icpY5gLmtYKAn6KTrDb4t + RVI7L3HXSpd7IfHTRZ0ftzGkYacipS2iggdgUIX/ShXcE9kS89/lCZM16e2A7e+u + sJn4K57rA6EyVDqZjnVovrpPjtelRQRZa3f4XQIDAQABAoIBAQCxt4/xF5lnUxgm + z0S4NkwsDfvlpZkNXxGNcPTQKhwzRkIhRGvfy+VxLhMl+jaRYVvg10WBAt0XT+ly + FyC5JIHUDD4bxfSgtapEHJhFc/rhDzLYxerAktjTsrywyN6jp3aKA1nH060eufkh + rscgLD48Lat6FoelkfkQtcnnQZBjulNelaHZ/poAcb4bONNpoISUeo3H6UUEhfO1 + ezl1TrCew4JkRupHA3b30MFA16Jrt04TfHjCCP5kPJOp9nPOzn9kbjqFo/Omol1j + ZgNpXxfX51GWsFPqj3szJWp3Y7u/7/dN75LeRKRSO7W6/lDjWHcJoiWOqReRdgOf + qONF8k41AoGBAOyugjyUMF+FXiFnPEze6/mzTGqoi1+czHdsFEgDw//R5AV8SVqj + smJSIEUpd+NsGZqaoQJo7vO7Whm3AykWArRVUnn2F+eTH+UJKBNh6HYM674KbADX + kKXrzS35HEWH+2qol8/+G47IXajBupYrdPLZ/BGztNxq6bsbSmyc9my/AoGBAP9J + stNS5AtwjkfzFAjp0T+S1xLfTS9ajeXwQvW1INNg5ZPDXlrrkw1B+MSbMXwblicN + b7QLDYye3wCquKlxfjv9jFsVHRz9ZPRmsIW+eBYUcJrkm8dklaGbLH67RTK3BBEF + eOa+iCwFvtq/bGXFywoOG2TekbsHg1T3BhI6DjXjAoGBALCCGFhrP4QNJz0MC3lc + imlm4OduGLrOaeHp9VobjNE8y6uXm/D/wan3i19o5KLzXEjjZo4wiXu1TiV9Sdsb + Mhsgwmh4Mi2emBur73o8+ysGycypYxBhsts6doMBk6b7GXHal5Ui8ZRTMx4GlEsn + z4jJLmZZOdlj1jmWybMkf9ZrAoGBAM5Y1sfDj3rDru3vSDlwLWeynE+v2Sa2jk3W + 53jNwEu7XbYTS7g4BDPKKHdabiQ/9B162dhwurH4VI6ob/zeNMfuyL1ykoa1Nx3p + xzND4rMOMHqy4EvKPLxUviFt45/7mLjdcH0qcs0Kk9sisU6OEvD8uB3PXYIMr5ZE + 2U5wSL47AoGAS70CpQdWI+Er76oDZY0UWEaSbbECf9WRsI2WxsWjL1cuqbSCUFNO + mw4iQ5swS2e6YyTCI6FdxNh3d/3g99v/txN1upaLP96I/GhsaMhycgqu6LDNI3ci + OJZb3lkvlQmxDYCoZa/5uMV+TWq01oy6syRRk7IEek77KeXjaidTu8o= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-11-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAxyL19ntmY3scU/HloXV11tTaI+//af5ERkxbMkn99HLAuBFc + y9xyGOHbTKb0oqqtwey+/9e4CXSgOpiqbfyqhbHGWAIyJlMhDCMkjWPbr2Qt8R9S + gZerXDGN4n+s5LjR32TdNOlQAf2w7MStG9jRlFGPJ64x6cRjUT3EipdpFj8SzC5L + e7ROmjChV109ZdebpJm61dgwVSGC4OYtw1K9fYUmH7SV9DMV6d+s6TEyASordstT + 4bxMUIEo7Z4dzE8MZYu+XTp8D9s3E2TvSjLd1t5/RY1yO42eWA8ubiiFcTv6DD24 + JiirULWIHwnc6Jwv+xgmAH+0TzZ4L3X21s4n/wIDAQABAoIBADMT6pcAa/DUYR2/ + DDFv2XvzOMjDBHaBe620ZCfwBq2uyXPtMCoyLynmtMNih5k5wjvdp9gj0tbKDVc6 + VWzExFBqmv90AL0H0ZA1a2jA1laUkZwpdpY6+v84zrXsHcLFDUAJtRufRKBeHAV/ + JQ/he1BZ4yhAbBkUAI2UFFegIppLuzI2IluRahVbg2GC37o4PoNiqDZJ97+XHD06 + 8UQSogwjHr17f5euAtUYSkfJGQzQvk7Vzyn4ypMNk7MjWrQfq0CdFdU2f83/PnsJ + 0TsxBEYtEqU7FpfX7JmEN6C60cnqATMH9UWMMPqQ3jlD4pgJ5wPxDB9v2B+MEvgf + +gukVZECgYEA0TDxYYaAYJ27rOEhk8KNikUfonrEuNm5fm6pf3m3/5h7489EZmrE + SoNieVt/rA91oJv4KpKBf68G9684cYeUGLMBuK5rdX+buX7HhWH/z0VDwfQ0WS4W + QR7w2iQPN/qRPECO3pO+M1J0q8L8JwsbyH41ac6pfMZtA4Frr93ycYMCgYEA87IP + rM11Y6oS7f04JB+em7gXkccT3LNvom1QtvPd1swx8AmuNl85VTTLfPTNrye9sXOZ + x0SxHt6yGhWwa17L9QC4R/xJ+CY1IKYQFY2k0253Pk2TRoMl+TUV58iNy/mjx63B + bLjsTazm9459jfdiJLIYT1SHbbp90g+snbjzktUCgYBn/M5gzn2OiZo7jAYm73Vw + oH/jQuf7g6+j29rCFX2TvvcG/Ydg6f39lGYlMYi7vUuZtS6d6woYsKbkBOQn+19x + D7rxVTLxy6dbhFwmP9rr6+CMz5oeIrzJTlon9fjiuNnte6IJnqPT209H+rthpTIA + bkya9jJmZjTWo0UmvUvBhQKBgFYJjaMyvrk7OIexmPqX90V/D0M2h/qpl0Y/Vfnh + y3akjRT0Nf+YSwOcKiOpwlyOqVhXOfmydN4zPaob8jdWNqf/YxB3MB5eTu+B8bfK + VGEZZRwoA1EnyGZdqag1lGppbrt2yw15lGQwITNRqV5P8uSFxDNt4oqJBxb81bKx + s70pAoGAWp9hgP3+dawp7WedJmu+j7WRQ2QsS/vm09Vq1Q46BaEBlFbDYCb1Av0R + CtKbPdTCeG0+uK8EvAVFEoxdrv0pYSJz1/o2zeFW8UVj6b1B1IbKLxzp4+gdQ9lJ + 65VAekhHfknCYBSqL44yFNSjGWVxG2FFUMUzgZgxL5xv4SNjxQ4= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-12-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAqrAxSeIFy831f32lb/6ZEl3GUJ3R8N1zLIjpz0UmJcNKXFjO + /2vpQ3FEPenbu1Q4Qj82G+FHK5QGKijqdOUR2eIUxud3gTZiceF7GcEIcT16vbHv + 6RefiEi/VcDon1nXdFLGpVAipq2VcwBFwl6VkRldqu9mq0oPe8RoKniMrQz7Z2OY + 0BOsBSire+2uFhkJn7I+lhl2FgGQgXNSLn+LcnG5835XNUt4cGTdS4rKCgdqxPZs + VwemKoOUa2YXNhoEiWjLSS2fbOAGSCHpUD6H+hTz0cE6x6uds3V0o4bdE9SMSQoG + BRfMAW5iZnV4HSSjfF8psYxLdKHCECm/DbTMjQIDAQABAoIBAE123zenw3emRmeQ + 73cvder28hz+Mxx8dFve2zX9LP3wbpwQlgknwVqhWhY7P0T6SPoP1A+9It6tNEsH + /LgGih53U3Sd8geLVgxXB9Y9XAaAn2beDYKc/QMN+QADJ8/CJ10cgBjgkIlSuEPT + +NTotjp+55q/Qbo1R2elUJ0NztJuFwzQX6OSqz2PBmRRIdZGJwojHvfKNimgfl04 + dEwt5afFpLBa0SuNqjSSEhO1Z4u7OYMwfq4SqeDsp0/DC4d0kIFe7q3NTNT9Advo + mJLycCtkgGMGqAC6FUXBnpukLCXNsc2+SHNk36zCI84ammxPSZnK3oI+f+Fr9N8T + mygtZeUCgYEAyv3ZLf29z6tQD8URXYOtRI2c72iR4PeRTP1URG5/KDt3UBhGP+NZ + dtR0z9OqdLfUu6JzNOmM3vshlmxsk2R4NrSBMyxM4sOaxVGsT9DjhEfe5XqjQ7UZ + s7VtX4RiuYSVAblsk0+mepmCSGYvrFVpd7SGFcCjgtzH6EljKW3Cnm8CgYEA10LW + 9L3h4dK2f7ZqyUPu54WxJd+QtNZbeBlgxddTMpQ95cW0qBrg9S/mQI/MwAEn44XA + gjE+kD255xj9opxT4nRqaZ6llW+zAPhMIGiZLHXuGlNNwopRwcgOvcH2g8CaPL/U + wWOEjd+uvtvV3XxV8a6o3ft8wVRY3wswbqL6wsMCgYEAthv0ukD5B5Tud6dZg+a9 + DFJrp5DNxuDzdvmSnu3un/5xdObCJ1DkkynZPhXrx1igvlDoQGECo4zzPgs5gSXS + f2mCu5ETzSCk+j7icpy5cJQ10PQsAnM3grTSUa3oD/103J4oXSRI+5Y6fo9GV7os + q1rGLD+tsZo2shscni89OXsCgYBbvqUXEobfVItryzegKE/+ZUCnP63RJTs+6LIS + ID/ZYs0uzSC+NRaD6bJc+ezuOI/jrPHri0l6+JPvJvuS/sXR0oQ4F+HC2yST2T+4 + 4FvIU0rz9WVC8Oj/imCeB7klVkVmduwasGuifB9iQRfZmlCW/TYDxlfZnjVyerZd + sSDnOQKBgF2z6Loc+I01D5TjD2MH2BwR/e0P4cuse1o67CZhLXcRSR5cHb5LdpBr + 6VFODs9DAi6jjUoQqWAih3+kaTJwjpqHO6DdZJeNEzq1wxOSvM3TK9rg3a7ViUZP + sjLpQkKYtviHru/142X6p4SHsho1/S5DU/nj1pYyjgReez/fevCc + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-13-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAnyfPFnaJFPgoiWfR/BXW0MOSYmKh23o315a63jSqpl/ZtpMQ + VamURbXK8IvJJN+xu7ehFeIkzwMbMYr4tFIy24b/boQStte3chY3KtJVnhLwZeT9 + IFYayPo+6AU+J8JuA9WQqc92ZaVP5q4tRs/FUcSNmqvMl6DCjTymd2kaupM7HT2c + dBxfHGhg/zO5xB9r0NA9kqe6+4/C+0Comg0Io88BXzYUyQBWbsNE3Ffxf4xlGNDH + te2DKBfAta6D5MZ3c32edOOU3Dh1pACx1abTapeolLw9AxV3zMET2NbBOgMpGR1c + oNqWdFM1mzZfdPg6VczYbqzq+BK0L232dfS9kQIDAQABAoIBAF27bz4Wf3NHF3Cd + IVEqd4IpvBuPZS3CVAL3NYTKVbp4dtsMz7Dzl2xavXNfkA3UZHNemVMvBWiZtrk9 + 1G02f9dEMUkgJXljoBljtgfVKjFXjBcmfmE99LZqkwPImquF2Y8Ohw1LLrp8WotM + B0RN9zLJ5G+0QGEIf6v4jT2EPAam42AgWbGXZNX0hU8LA2C5m0kG2i6pbxWIYCG3 + JQDrqoc4wV/f7wsjXxEPVxi1GCK2nTUTThStDm27/N6IluR7E/S88wqZfuvUmAYk + j7sTNVA5PXPO0t8quOEh/wcrQZXh4GNlcqAubo53qXBoM4teKehDBEhpoCIXui+s + w5MeuYUCgYEAwsieNo/dQmZzNGt8Oje/Kqqay105791CPqpxkTsL349JkxzRnv5M + oOMqmOduvHjXLBDWcignRc6b+biIHtGZO89loWvkhJVG3mZhpy4vmSIWBfUWSyxp + Gdeiyq+QrCbvMATZxsGa1NAw9w7xvVVw1BT0vP2dpz/uiH+w76tYWtsCgYEA0Sy3 + Q3Epu3lVQLdziZQhMPfRtbFBlPnyPZ4kyW/pz4OEPVAbTy0UyHqHI/5vJc/siGtW + ikUoyWYs9Se8MK7nll0LpYOJlTMfOWx7zaExEKW0XtZ1YfM8dEVJsE+aFhoGpW0u + qMjAMU1kAfA7IrufljsiS9m1xEZmKd+DfJnmFwMCgYAeeR5vcNBvy/FoGQzFWuVY + enpfKIWg5h+wCCBeVTuFTTh4gIC2/Bfm78NBSqvDZrBbH4M9NtT2Ed3LEriRAb+U + YN0IhQWqTGRa9O+AJTSjI3cIlZBYUGlc9qRsS0058ZloDMo5Ux6y/qM6c6cUNOLC + +0hSrObWPKVHy5pV1JutEwKBgQCcUsC7RE0d8HWIIhHUlcGgaPRuxwPuJEWnSxLP + ADZKgU1IzR87ssM/eGKawcGrDpME+ML6Hul2akfbB1EbSPuGYg8cKQufV09UiQCV + EowqlswPvFKJW1CozEdf3n2XWufwpYIjXbRUpDPDRxfKw1Fm4takvRWck8gyLvqD + GjjcpQKBgQCVYXNaCfBbRTi+MoUoYHW7qWfSNnkdjghYXBvPRWc2dmusaK470FQC + qZ47j7WBcpbN5gsMJrYt4+/nS1Vae9HQg8YxB488hDmi3zae/g7jNI8vyIyt5BoB + lewcKaGmZ5saAYxSyBP1s/t8W7L/7f369ZL7Qr6XFGMocfc6eP36pw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-cab23-r720-14-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA0pU7YYKa3dcHpGZGg1yKzYHt8METRU23ovOU3By4Nx5Zgi+C + b4s2S+y5lBBszoDYnmrxLCt0hV7/8Atqg8cZCDt1KVGEAKkMTi87YjVs3bFNjevi + Nt2IToCsnpXAe5cVl7O1TzKz+XGtuiuDwePh5TJXWv+n8cXuvbPOmcU3ay+KZ2Xa + 9OAUxv+/idEmXsipOTFCySC2mOGxz8C8TwlKrmmjQkm9bDdjsgCzqP+7opGXemeP + TZGNvAW9vpWcWebUVi5hcrJtta4iTpFNyl6M3H6V2qeK92T7rjX1snDi1i1+VP5K + oLghqpX7a5XdJcSf8PrHNTcFXk2HdHStG+5I0wIDAQABAoIBAGkSRPq2bAdcj1ec + IHrS5f78YXjLHY5q5MHNv+zD97ao0gh/JBn74C+qAj66o0+2Ql9pBMUBObaCXDmt + uIvf/8F3yVHAdpjNwHISZxLtjVBgc03o8IpnpudklLzcA5qnHAMBi+nkZqCD9Cb8 + J1XLGp99qtCg129vT1wgJ2naWXiE6+p435tSzPETJePYILCJJRAlmHiulrTZhU41 + 2QbAwL2rHOnHzc8jsEQS6drY4K8F93KnCBq16wy0/S4wHwYKNWono95cL2ShQwnl + /f+b3FN6w1HLhxI1Ph0fC9lGXE4dBoFT1i++RR5gI7qzmVT5MJu6DW4w0fiH5TkR + CzSN3iECgYEA2lqhYaxvb3xpBeTUtANU5+DQ+I5SScbrinGorWtVmMZrhjMdBE76 + rAPVrpXjQTXg/SOwzKXs+4iZJ+p/5gMeaNULgDcLRd4JpjkE57XXKVnuwnP1vixc + y/FjwGNsT69UqD6jBLqRSwcvQfMxhPpiW36V4X+TyEa78Mg5j+vcSwcCgYEA9uOd + CCv0suoTReGAj3mYGXSZ96JfUwVhA9PAQcWIG8Ni9XhbKpuk4DQr2aiGY6DG+Ufp + 8FRsUMttQmlqcO2WEdjHVIzqN/aTm8gRLNLoz2UyC/ujO1JHaK5YMozpCVyyyKKB + Cu+q+x19ESFHaLsJiiWWxeQ/f8hLvg87LK0aRNUCgYBrLftzPzn/xlii3P0PU2dU + 3oSUzP9VWX/6l+nNHheJAzR6ThKbL81ZrBQyOz6unqzOdLtu6K9XlGhhMHkRRUyi + 9phLmjk9VUz1O53NwvNXR96rslHYxFvUe6uUHvlmb9ClOQG5634wDtnCjIYtGN44 + vP0DECVRNG9CNHYU0Bh09wKBgQCG300325tv6gPhVxF+T7TRoytBZsigd/3Js3IB + /EEguZpj8v4KxsBJYvbZjwDriDdqkuivy87oTFlBwIjPbFthIIW0IM8LB38XyTHo + xMc+FVBDz5IapBYyj5vK8cOUw7k/ddb8/HTxfeiG5SE3i4XonCRDsy8lRWxrRbLT + 8zS4iQKBgAvYsplJ+g1Cn80rztTYPh1D1mxYIp4TNIIERDiP1b604UjJ2CrYTwYp + YWYpOe2MU+fzGpRUd83TALd/Yd2IerEFaW17HBM3J3hJoEqbRZnFE+46fTv9wFrh + PggsHOwQpGVkk4FSiadyIFeuzZVaTf756fFX702xyY2K7Ywhi1UA + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA3gZMISoYPUGKGNNXxxN7Jb3QX/0nSqfOY1fmmE6oXXt5w8p9 + CrALCublUMwOGZlwc0J3asrPRtctXGUHbK0GS3f1+OU1STFAVy8l+bIOfj414ub1 + 2q3Xic5z/Vo2ocw3x/cbo7BBzYpOrPl1uu93liDZyn5eptbbJ36ZoMgbd5jPPDio + wSiJ1FQT0xi2c99+u9MFFLDYvb68EmdeRkE8CpLRRKeJruTrQgRZe53kuXK/vp5i + jb5xZpdRWjr1VuVNRPvIJH5tzxFc9UprZhCCri9bAhlA0R7fV598BER/0D73fjrf + VdlGJ2Qxc3EXXN+LQ8BsxAkiOn0FPgPSxoKEiQIDAQABAoIBAFVOvB+eCfQ3Y3VI + dxihrpaAyTioj1lLAqz/EDYDOwO4Nr/45HSf0Y5dy0xxKxXA9AkFR9b7mArTELXI + h8LE9H8414TLpN67ksos7n1zYcg15QSK03ozg3aKodx9tjISwngNxUvupEnyU2p4 + 6zhpXFyNwMDiL0IRmeEh7qttV8hqcjaEBP/wtT6doGZJ8y86GMXI0siqd+b1EpAD + 8huErkwq4CPUy5JbEJQS1oefdC9yxJq26DIlsKy4XWCIIyY1Na5vONGXg3mdU12f + whsVm47HlFP05YLNh4New3G7oFITbHL7mXHXC6AW4cM0EYOS177hJIaDG5xuoQNn + I/898tECgYEA7Bk5F6IudxOkfnqdEG2fUMj+MIxoVoTALLudT6ndGlSy+9HdrXhy + kajrVAFdw6TA+X4rCP/uAQWnANWWqYPM4wbo7DOxVClh2K8eXkhj/mlQ1ZOWFBbf + yLiqHRHbAj0fa74hdr4FDfyufNcmw+dDHK2dB5sibFZYHhzpUTGBfE0CgYEA8L1f + ZnaVafTsECgTxg6S+YBXbp6TWRCSswhHeoha9qWq1+lhU0J3kObdzmGTqx8DiDOL + UrYgCJNafcpGv44p3zCs4ztZFKJFkA62j5prIUuT4OIU6lgRs835qbnTQEEIPTsu + 7S3CDB1OKYskL0AXbpRCNJP80jgtWLpxFEJH1y0CgYB3yKxAo1XzsBGK4eaCCTwF + HpRoSTQ+gQeHKoC7hDDbRRGx1V4kvrFR2WPbsP3DXvlRG4P2AvLbreR29eaEhowS + utS90dQsIPq1ltNPfmbNEt2iHkjMVHahPZ+BNCfrUNt6LHKJ7gpeeE6GpBnU1qYk + DKlYzIqAcKYwUPbG7NkHGQKBgQCXDSur3eIYTp5D8PGfRwu/U2EIvqUTsEtr3FkF + MENrGT3eJch0dnMRT1qDIUSHjXko37aemjn1R4fy/5VuoePx79e66EUXpk3heunf + pvNrO8G4zAJ1m/bXi/kIHtnHKkbiLJ1gImLsOQMPHAgDQcKyFoKH/QcYXDlPwAQt + wvzSrQKBgQDJpkuCxh+aeOlYLidbxWxmmBGeyYj3INTomLi9DX9Upy7pnVOiQp7s + DpQypBVsyGPI22qkHAKG7goOVlWm4IlJg3sgaie5ZBhac1k51oJnkm+nIXzhunIw + u2dRGdGRpIf6VtQn3ZCLa+SZMt9cRcmbx1hh6BiH6Ed80BdiPF+kMQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-11 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEApjnULGO9t49RjtD33k1jE9WDfN/UN1+LfWFafBgzyw4mMIum + /ne7a8qFCThdM9Z3KuM6OM/rWsNMfTLOg8bKEaNnYzu0Vo97yTk+XqivgBQGBdWp + ukgTHgGyPnB2nz5yu5+4+Va3MIehUKbH5DIusFKvPSWoVk9H/GhLYrIqkfPcGctP + W4HvviwqII/Q8NHYtIoaE3CnunVRC59IAGDWUgyuB0ccoSLcKbDWgorktVPBeE58 + vZLxNm3YZB3dvGkCw4CGkUJ77Tqe4dRly8jz7JzKF1WgLuk25Z/S2YTIX033b2s9 + J1vIeFvL2e/c4bbewONdEBG6wzqmE7t1sfk+hQIDAQABAoIBAAhBgQc/YPHX/W4B + dP4mi9A1X5V5LHoflbcBedQGA7SHHGB23zFuUvG0mkzt7rsfYMXRiVe/A+p7HrZt + KpKi8fBUVFM6aOePss84t59N84GB/RaXGRn2cHSiEu9E+K9KE7q74R0JMIoJgnqV + /gGYeHcrdCauUyEOSP4BVBUv0itzg64CDsfQrwNNRr2wQ+eHC3kflqxRqiT9rf41 + xgIsWmNhpMfDKNGlKnWC5N5N4Rbr6HEE0gzTNK+A/PTP86HmlUDFjoT5SQCdYFId + 0Dlxah1cW2A6Nel3DNPqlLTaISHjRv1Sv/4BoSLpRFq7l1pWG3tBEis8NEeV0VF+ + Lu7o+JUCgYEA1r/O5M/T1mvRmgJVPdgamYSJaorifdu/LYzpjl339hifUVlNfm3x + nCl6/RKI1mRvvtYNjra7qnn0J7i1Yk5PvumUoyCDDHI/Hdf56rlHkkqUZHbpxEY9 + kXIceEvfB+nw7VSwodXpYO0SBNb/rhbVwFKLO3N+0fyzQ7DeJmBwQbsCgYEAxifo + YKVcjeEn/SCWd75GOrD7Hh6/NB8PP5S/7qXDWxf/ytV2Eok8GGMzYaQDrTN59sOA + UJnQeO/HmCWifVRI/g/3vc4KO1gwrOKtEuv/BHPURh8T1zcqFvF5tawtBylviA04 + z/P2whq1+fm9mvCEA4FBSj+pNHOgPqfMrnm7XL8CgYAh+uO/7Oq2KQVXezsFuCYt + WH1t8F/6TkUn7f4e2tubgzXiZ2ENulPaw+2EEeS5F9deuPwYMu3rAbUSe/WngoC3 + 0roEPea+l21JSZ1v+LVMfqSQaQiAWCTx2L6MgmTeGbRXuWjhkrmE7r5FKcf3QgG8 + ltMVKydMDtJGybu9EtFwdQKBgQCZuj4qND+Ahou6cbyp+wCK6eB3do0Jh4sR3Xml + UA4lrpGwLzhhmvv3Q4aKGm8LwKK/EN6MKTg1ingDDjdoGapjB8pAAwenEHz6swRo + aJO4RZAKMnP3BAHwOLgefAuWwcuX9gH8Op1V6tkArIIvIKaZ/X3Ed2zylz1bPlyp + gyEbCwKBgHdMPmQdJIdxrv1yqWRlHrXCS5nr+z98UEdlGqK4ALYsDxA1cGQMZrnR + bD3/3P8N9Wg3KUUNDhHRm5hpXvIpttnQ44zT3hk9JDylqKHJ3hn5evzum12SE3Z/ + jQhAm/W4+ikyKFU18Tq4dEZanAk9+3AabsKd67beTvZ0IpYHwFjj + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-12 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA7qqRo+CTz0VfZwECaxljOXKSocasTJ4LiUiyEs8KFsUmXZ8U + 40OZNRDy6lMj3UrTsuYb0ETo1ZBbDzmzhDuEJtrGDMMFYDy8WaDyt5ogsJe4RtGH + nTGWId3wZagU/O7bY3fGRk+0lCisKlNdFjdSu7o7Cr3ktorsRVZTAi6v0bKzcphG + 2FZrv2MBv+tBo7Wv8jCaWTCW3BAl3CHLbmXLOl4z348X8/b3gIL7ZOKlU3YuITqj + cmwLakRE2l6iYgTyFYiU7u8ayBM9o7Cu+0xrzDtlSBCFeicqiKtfd7+FFHQrFcPk + KHS62+rSlA2MpwS4DpLCu+6Q7LgFtJrrgE1VOwIDAQABAoIBAQCb/+ekW0WiBHFA + bZt8D6MYyLfpgGfcyK03tcmXm7a3fXP/W90WU3gQBJ0S5vcZTTCkzd2+O1yJQ4sR + n6CkPRa7IuKzMsIPzoM6foZH1jmp0/HCcHCZIfFE/8GDYOMfFK1YDdEO4khhU1h9 + bfH5dH3icO7orYiSfKnFBJDLa2LGyClbC146r+GNA3cdh3A3YRyKLo4hbg2PqaZu + nAt0Za/VOti3fVyeC0pIJD0s7hes1MoT1bPj9Szw/JXBL+6MwxBm575Hi/NtN0Ad + akgZ/w9sWoLpF5xQu1wjE9UE9suo7jKDKmyHK5JyQrFKcdzrC+H/2+CeeSbVdegK + BtGCw7pJAoGBAPB1XhYbLTUSBpXvElBjhYUBlKOQi50pX4CyVTCxUo21uAbrefNj + Vqg3HqRvIkpvaBU2c2jonTJxi9UkUW/u1v8h07GEB/duq1dVxSrnEJCeOa/PsOkX + EDKJSO34MrVlxRJTNT/WOkSSzjpGfeET8Ko80XqNK/EbUbZzUqiVuSO9AoGBAP4X + jEJVFHBoSF7UZmGacaGBOa85vGDFLc8VmNa2ZiJNpYlWLK0eC9MU+mMDSSa7RWau + UB0kyXIab0ixu5CFrxYlSi7oD1Ji7wrI5Qjim2HeFo7cWGIfpRmg8yGTFMheg88S + bcBDGJ8XeRip6NypwMUrP5vYt5WjDmQ+XeRN9fBXAoGBAIuz5OH7EBzRSDo8F+vU + pnJMJMuS40qACxh+g7gyjb//X9fFX6jkgihhPdBTMR0F9Pa+F/dPjmUMSy2eWCIs + JYU9ZfywtOAw0COBlXgDn0AmbWWTyTjjSWnTESgRF4UEh6bJ6RoZoOjOUjrRUbk/ + GIgPpbUJ6AnA0YyrG88Oje4RAoGBALEH/QwWNQhgT9PqTm7AaV0qKOOh6VLO7qyy + kms+aAiMasI2DSiMn5Zwrkcf+e6HWcJBvsWfZM8gBdrzIgh+a8+VKYtm2Y4AKiYs + dA7tu27Dipn8gYPUInapwdvpmvhDibhTUa470UK+2vtJHlnn18xH5qiRpM8X7SYA + ofA4NRs/AoGAErCHYYRwxUr/F2PebRe7NyRfMBThpsI5AVrFUIkjEVl6KnKozCyi + q9csEDDtfpL4SmAeLk/GWUzrjsmlCR9AyHmI5pj1WPZXvl/NLu7DysU2c7RtT5a5 + ylKFPtH5XMLMoZ91o8HB1z2BHgmBHNVED1y/sW2hnOs809yXwiujMxY= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-13 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA5fiBi4ruD9DkkMIJJ/jzy6urUy0nCD0K2nzi3Gb75T9B7tZh + d0AnXF2JWW/tk4b8nmrscM5DKJDixOMJ05js+6RGyZ7vKL2Pq9AeqVj3UWTi4Yoe + eV7SUxt89ZAXmr7Z2IX14DifvuMbekFNfa3T4Kz61JlfkwQpYRxEi4X6se1t/Crh + jwcccR7GKQxgL0NmX6z6KI6jaTKKfBwQWPs384ZkYG+eiqPu63j3PLW17xQ5abuZ + 43rEQLHYfq8+uIHItVab9bXKC4LypEs7kfhi3xWiJMFC6NdM9O0YDYyspXXDUBEE + tstsAAhSH6fL2CwsypjGHvEgi7AXtnedqdgGGQIDAQABAoIBAHHZpmCsBhGEbDOS + LDBC2odhVK8X8nPsrHvgSfutbFVhDMYuEhCUjSf4ErBZbjeUI2pWKvnp02u41tt8 + PvgnhGNMP9M/QM1dk0wO+68BIWeFV6Eq3M1feSa1vBZiIJ12kKjWIRTBU6yQCKFs + xO1MalGXsZIg4CULcWTnNrQQPz1oCrjdKGGW/IbsLDQaWeiz9xWxsSVjrpIiGdgr + 0VE4k8b7BoGUcK5AWgeKQky1+CwwlYqh9r+YYwo77bjdWEqoBjn57kgfYjFUDzZi + maqIs6mbjUxmAEUBqU0u0jV0nPSYv0tGrcrIc+lSf3J4YGPdSmMzjGeXthj0RgHN + rKe5wuUCgYEA7cBDtYtUbzr02MtSBe+8k9AzF8kxfy4mYDNZSXY9SKKYW2j1UyOl + bYfQzf7oeuwCQmnBhwcbiV/lMVs1FF/eG1OAnywyRfDbKgwC/P3VbvGsr8uaZVxx + 8AGiJwQmIS+RjP4yvIa7v0ORgBgA0ANvhl9zqcTmOyy8ERlfVmxkxw8CgYEA959c + Y0+91SETUAwxft/Xnt+62J6XCGUtIYQXKtzziJKMAqJJbZHUiOreyWgHP6Z0vs28 + SCvHVlDLU+HMS0e+aRN36uQ/pjdPlvYler+0J/IOPaVCUXzyhId6opruIstadvDj + nYJxERwzltZY6x4UXUGKQFyhMUEb+X/ZHO3hoFcCgYEAuu0qjycvyJBbB8S8Baza + 4ICWW0I1Z2AajhJxRf/v6RbloSEhmS9ylm5tLjkYAeVjVWIe5ZIiBV1fLvIeBpnl + YCjD/OHb2P+o4SM2ikDsuWDMPB9hkgYgEurF2dU6QWdMEcWekHmCTbvLPyIgKWw6 + GDUeFEGaHrZqWytOuP1aMuMCgYAiNZPv7G5PaXhfkK+t1YLWYhZQIui+siuf+72v + oELM1WIeYwk95+2y1K/ep06JDpgGXCns1o99b0AH4KP2qny1y4i/nLTmY7HNK0hW + QvHCqwAoqBIXa+mdQZJBsKHBkNJ4qCLp+cFhGcJOzmIOaWNq1skgxytFwLb6qxz1 + kC+hlQKBgD9Q7W63LHvI5U/v+8rSQ+uCYvjV4AvmGEJ0ofjCvD97iUQKgKNlAiII + 1ZIQgWGXgJ2t0tA1Jm+dBmY19jiX6dYCr/7tgP8GJitReiWnoFGI6pyAQKpvoT+H + iQD58VsBZApM69KqjvuD670tjArBMeo5wnyA4miE5e3LuxO+b2C3 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-14 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA1BcFPyvztF/uE/f0fbcqJd5oE9Dr4fdPcMqj9+i9GR2lczoU + 42C94uKOpybyW+voyXYI4edBWyMV5w1nWRnbWdtDic74IwCL6YhMvDPfkEsYwL5F + 9ApCCYMMmaaYyZYBy6W54WtZlle7QKbv6zQ1rR9wadd86K4AZ4jDsYYdYHY01IdT + hHCtwbB9Cib2/xaB/w8R1/oGRMsAQKIwIdZNuCIvAAz73P+l9dB7R2Kj/rL27ttm + 7LCvQjTE0SVfZCoPyu+V6zCofPv90HClzegjvrES3AIEUROxZhwcatqaevGhhyIq + mC6dBTjwt/T11a5iIHb5GLkno53vtRfs75EpqQIDAQABAoIBAQDIURHgj5e3dp+7 + 9obSskw5xi2RAdO48kfy5UInJYhtD2Y0Rdhyxe2zPH61+4APN+r/VN+g1jYRaTsH + ps5FBrn5zbGlmHkfPiXnpZesbmYqt/MiINSbYZDrwP4GpaZLR8ZcXSQKd8T+zdAL + iWCzSvWjlT0sip3semPhZfhHVL+sWV/RWr5KwGXwaGs65uzFbVcIue7my5V0Gn/i + XxixBh/fLnORYZrdpI7ph0ESv+vzNQIgJblUNvjlBJ2zWOid2vPor2B3CHn4KSqm + Bu/HZzfXlqoTzMXKs1/GLeiIDcLsjIoyFvYWDodoi55psOu6ypj6/IHB+9udOehM + pUPLI7UtAoGBANjYXkwKUfAxsQ0hCs8MlJOBfsvT3wrdQp3x5/HuoSjLw6JmCrfm + 6PNlv1WLEdK1NnPfYEv88SLn6wvOA8MgxCOG+gf3EIB07zlIrxIuC2tvMfsdzQus + 1FhkGQ4V98CGplSOWLn9WuTNdQOGBbx19I0x+swGILJM1noMVsRsQEYrAoGBAPpi + 10EMjWtJSoxhQOIOM0A1eR1e7dSw1ubSf1IFs9Xv53G5Uv2T5kxmj0kv+gV4vvju + 8xT5FecVTzuTEfG63JMx5JnzJUsBSH9NBH11n6NEvtjWBXP0tDsYfsuWtKi4hac+ + qxdCevW9wYHdzaLDRtNCIQVHxlzonMwGMQ7WH9l7AoGAWLDemLFb5Cce6GTMW/Uk + S9SaPNnyjyoCVkGcAar9hYcaBDFCTweF3g+Om3lfF9SAahJB+7KAGivLSi/AAC5F + qtZJK7rUqAWr1r0wxfnJN+7p/XCp7g2JaIHAca9wfvFT1J/IEIJci9qw8nj9naCN + HrcDgjE7bFHbI14qmvo/q7MCgYBnXkbfY/8+O5O7QKs4qAQgjfLiXT5ygE84G87U + XeZQfCpgmNHaPiTlhbHB1Tyy5ZZxzrQsBGk2bWW4go717N8DJaXqqKbMwErdwz4H + TXgKP2dKvZCivnNpskMmaaFLxmHnGcgoYhnBOgWZR6iNeXDT5okbVPZfhOi2khfO + uDeN4QKBgB7g5yg8dJF0hx+npEZ3zEXtb5fWabUvM6o72udnmLtTD9Kl3LvyjGTH + grCF+HHIwhtA5HCCGScfBTFs7RvqQeeOvjlTJ5z2ZPTEJkxDDneraDSLFS2mgAKB + RezSPkJX/jx1uaP2u1Rm9OP0Ir43zr1pCxV0k4z4I8cAQiySPQKY + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAurcnk2DsQLTrrtNrdHsNsMB/B5TLU+35QPyknLyql9iZNHsu + 98Ew8rJA6wYqnq1yZR6pGwvelxfkRcWMrw9rEyahYQU2sv2NYxhdrQFlXa1FZq4D + KMVcfXvAMZPViqrPh592LISgemp14bHb0eZF1RBGxjZvkNacUmlkpnhZWc0aFan4 + OA6jfxis2qDiSyo5jgk2YSrQAfSyNgpAp54Oinr0mItsWR4lVxeu6CxtZP2oSUkq + z99KpdX9VVYEr44im0Sl25bf1sGamCfJEksp4c3Tsm7Oz0qDemrlUNWPJrj4K8qb + J9meXwV8cz/tTjtpdvFe7oVxv9QXi3/MkPkZowIDAQABAoIBAEGuWD+h4rnIavfu + 62foOaKptIXoM7ZsijfwJ7/zJleQHCS4CIei8CMPzYJfgvKatRkZNgeLn1urTeO1 + YI3ccKAmALLucJV6WBg55AoN6aiQYU+Dex0GgEisFanbBU1oVOSylZGHfiRR+vHP + 7THjPUF8HklvsMNUm1zqMjvVLilGQUpujwFMm3DJcW/uphMh54TauCnptGWna1ln + S3cBoTy6Ytk5K6m2pQH2WtePnqdChkl6kQRB5A6XVlVN73UBr1Atn+RQG2VXyj18 + VRDh1SrOxT/XlZAsCKrtI8s5bCaE5vbKQmzg/DhoJuZHXUdo9SMKU4yhEjHvFoWW + Lfcw0WECgYEA3DPde5B0ZAN9bE6fXj9axPGbvGIM4BZvjSVctRrONGM4aCVXY5q2 + Hp52n/aLTPElSNn49qrGs6jmfGWTisBzykv2Wc9XQ+c5MkJ+ePTQ7Epi2hZX9KtT + t/NQPfuaPnzDVMtzuj2Az7aw5TEnEQthNqwwf9L1qaK2OPccCT/gKAsCgYEA2RGp + Bp3sgDpenqym3BV+XT0xqDpkvDP3jZH9/2jdtSv+nekQlEV59oCJdrnnD0aBDZh6 + kouI6wU/k/wJwgNYNwU6tUuy5do4tH8TBTa9tczaTodytslyHFta5T8v6CDJZ3Xp + pH663mkIC4nOYJJ3zsOQURJ+XGPnYun5brsRm8kCgYA3Rz3eexD82nNt8P7I5haf + QhfaXrLkvj0arbpsLGJ/fDj4zAb4FiqJ3TXiSj4F/rNhana5VX20ND5IFCfJuS5Y + JmGdghNiFHWjTFX7f1nDN5lBLkK+RRQrJYWLSdIaxa8zZi+THUVs32vg3Un1WWn6 + E5fJPug0wYgFHOOI3uQiqQKBgQCTDnrTR8QEbwbROqhka49LPXzZuo2qTw6D84b/ + NJ0W8zIw6sdXm+XvkM8QBwu5dotRmZ5Yj313svuKlvJJZRirVbibQCh3vaoy5fAN + 1TMa6ihvkSWvHbRX77AZpQAgo62ukNxzm4Ofz8oqfva4yCGwix7HPd8rWmdUxKw+ + Ty+zuQKBgQDN1iFVSRcsXg9ygFBDOk/BaDq81WOUpIIfgW2i+Ho61Dy/AmzBcDEr + 5e9g4E3cJG/W68MT0ScgLdSEK2MjqbCHVg7k3zjDahcEyqjCCL9XMynzaqK93jRD + Z9mJGgHZHmijs3bh9Xrdx92A5zR3axTqVomWO9jwsPW0trd15+ZviA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-11-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAw7kLvPFfXWWLFOHMEuoreC0yIcwgMQH8jfqqpDqMW1amEBQA + 5DMEtl/Vbvrv3/EBPRq4nTSeQXZUiOgF9Bp+8qSxAn1j/ZfDQf7+dtDr6Df0VMDl + wbeZbtUoZHghMccUFZeZAZ5wvzT7iszFNiymWBdHnhLYbXTignAeZeF0Kwxif5Uy + bbjPFcuM1k7k/L64fMxbuxV8ZmgrySWWVLQganTeNLgoujezHkgXrg7YYf04bx7j + ko5B7pnXhhMEWKyNOzBKU1zJ6eVBfvWZcv50hNf1lC2e5jNo81pP3N7+E8Jy5+h8 + rR+YJVfxu1m5KKfJll6AKID6g5Ssyi6p9Q9KxQIDAQABAoIBABHo4+8VM0HLoe92 + PgNZFEM594VqNWPmp6KiVm0Swnc1NZrxCafYF01M9a3jHoIifpeF03DnOLgKyO+C + M9FDf2xar6vnp3e0JHTsjYJ32a51OFFtGVkhoNOog7q112vDqM3VAnZIdk643W+1 + DzLG4S3ca3xGgzF46aU/9zghakzp+yN7H1zAuY09CuwtwaMBcYQTRPCiOh/1c4fv + y7ZVU+reVAU/2saDhIucASEvT8DOrgapTu74QnpDv8SxJP3fQvcpPUhe4cH6fIBS + B+kZv+uUGCk+XLhLrF4FrU76ZqgKmhLff46ZjMvjUaH1LSoGnHyb+W2D1Ws7DRNI + rq0Zs6ECgYEA0HP3xWeM/CbYT1VUYyJ7BUWnIIAyaItdug3vSuIPHG40xzOSk2mI + RWVcfB5Uxa6cyScjgOW9jaNpfk/1Mm9PZpdk90LIspHZX+AE2h22pEaXkD7/QW65 + c3zX6p4ULgeJegItbPqp5wvazvEV7mh4IzLtPzgVSAbpQrRNZFm1v00CgYEA8F28 + S8aFB2YGOsMonkASanPxPJmls9ek0212mQyTatrmiP/fGrMRkNlh6EOCieFrKBAh + vJBrYvNetM0QpJOB6YkFJdUFjOmlEXCO+2O5PA8flHIk2ORxLfPBDCCfzHxaWW/5 + BqSfztWcJdoRSXCq/xWwFr4UkuUmV8INEk4cbVkCgYEAykUNUs71PiPPV8Pb+8oU + h3wb/OyIfWtmikhFP2t18Ed8DSOdAk+v/G6rvICOD7gsyP+icsv7D/pWPkwGCGd8 + K3eScF+scaIWxPKSorecZ3FcVorakzqG12p39WBpAnUr0GlWfN4KiXi2XIIRnuJe + WQFstyCLffW+2IwuYMawFi0CgYA1zAT0wL3NZhxG0p8orBZzFPgNJCZeFgmh+IHu + x03HQK8QQpRgmWt5C+5J2bJBwd4F3XZvibM/NlEgDjWHYCxXZH9udDsFytVTDeoy + gaNXudrLkrCEirx6GHBAkpyxW7OtCM6nmfjahhyorCHqWfkrlmMO9AQOzJLEWX4r + dqgOIQKBgGFFVxxbVK7QVnZoZ6j/W7Ede+qVM9tAkTvmQP8boeX6yD6GGZ4Y8Xtw + 532QYK2dkjrRcShyDbvp+1tZyhjxIRRkjMWqUUCExLiZCWteEUd7vEDfCuExf8fg + pwR0ZPHNQkio+mXqUyrESzXhqbla2t5QyTYyHGN2b6NEvxKQ/ok2 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-12-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAnMf1znAeBCDNxRpiMA8TJNNGF/+MfR95k13PcxjnHDrKXIsG + 2Gvup+MSQjLCBSNRSPksDyAoWmp6pTh6N57tr8qimaqIyt/0OeOVT2x/q3oKLkKB + RGcNtR2qbZ49t8ZFS+9QPmDQLMl7zj2N5khdcyMimNPVedK2va58sZav0OHyg2XP + zzsM2G5GIOx3oBoi/nO/obLcaUBHN8lZeFMpnSx+kSrwjK9BsBnspe5spSZyezfR + RDWCbNcmxq9X9iqsgEFFJjGoMMyWYQsOas6DdD1tAvV/d5hIWSQITa5u7E5wiuYu + kYw7ViLB7FQWMFD/fT5UDQkrTKmMh1sbWpe67QIDAQABAoIBAGQHmKdsFVqg62i0 + mqz7EUXPnss0+xfh+xmxIujWnK4APJirA2UWCCEJ2d5usCfDDtu2Twwfgl+dzD6a + ODBAsHoWmYPdsIVwOkytDdis6xAnP1OgjwVrku1ZziE+czZLxG7cc6A4+Nl6fAls + cJra1PTfF/XWQkAF1x5Ss7BC6k4ku3rag6eXReTggdSkZ3iKkdsrJNVydgVANeIb + aekK2lh4iu7lG0k5go0G52/kHcRCze5XH1msRJPML0TWOnpehcB5x1ibT5ZNfUAT + 0rcBTpLkVdVUlh6Xau07ahhHCnW3x4YjLDlso93xLH2mUYlmGmHssy1mZp6qHaal + l5+v6sECgYEAxID4T6fs/TJgyRcF0xmUnzQ3md76jzphzFXz6pcR4YtUzx+DInEE + 1Lbo1plotxRGSIOmy+RCcOXrg/eAB1QLJLhE5DfFKygqIf8tV3UAMhJufRIQWksj + +55eViiEXLwp+kpDrMtHtg3rv/Eku+Cg7Q7zk0Fo1mqQvyOy3RB4/YkCgYEAzEAU + cReHL5HVkALMLmH+zvMW4wkeeXx2WzpIEWOIskWrPZ7jHgoaGUcPJBa2btm3Q/Sf + Dilgjx7cPOPxUwFOrxrlycro/coFVVUWmUYhjDd16fFxi9zd1vsEo0UOCdUgR2R7 + pvuDu2yynYhpESnEpPmqtUXFEMisIO4jHgRT/UUCgYBuH7kJKxrtauZCy9w/yf44 + mpLucMAKtLVKRoFD3xXuSJ9m1EoxaxVCAJ/MZH0C3SHmUaGQcoOpsbCjbHkbokX8 + dihlnbupzACQvOk0MiXB6gJxpUX01Fd+E+rabip/rhP4aNY0aFfv9y0/jG0BvYly + UQbAZ8/RGje0ZtU+fpTPwQKBgCNatC8fM3c4dw8GbPFaZRDNYxjJa0z8DkCcRf08 + jVzOUmXIKuf4N6xIcIZ+p/VoGiDZJu78moorfVPM4OjNQSFuNnhHdyz22xV6NP8y + 9Hug3fgwosbi5ENiD9tzCIsLKRsyeXTd9F9s4T4DbqxZ3n/v92yJNyNAmQraLZn0 + hdVBAoGAUGklBpYg5ina4Br+ciWGEWrm2+yGsr0/m2T67oLkM6c/zcvMW3sUrggc + /G4IqCj2VtCKaH0ZuTqLTIPA4xcpj0ouMnNi0Nvgkug+eLCOY+lWa//aWFH9U66a + xXpYX8uKwQYx4y3CJCmtRyo4MhGol+1rR8OBh/LMzmli++6MJS8= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-13-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA0pa6zcUAGIkJk1tdn/OjFjChIKp5hngrVdJung3XQljK/jLB + 7Ij6waHQzR+9fdhSOBeoO0Wggm14J76cucSuHC6FffJj5h5yL9lSuf4XQ0/konRe + V6FOXtLy6IiXueF/Bi69SBbUIWN4wGoj4jqi+P3Mj0PnOTq1/+tB/pkh8HkFvt+Z + leZZfifHzpR6+h8YZMogZqMhNEw66AzdpEvTfy0B3ugcfkU1rxQ4yFQH6UXRhjHo + 45c1GuIcgA1hhg+dS0Jw9eawJS8OctM3QpruKoRNuBr71a6tfEMR1KvzeW6G1Fa+ + AcIdGTW5SbE5YkZj4BLGq2qRYFkEeQ0wc4dSyQIDAQABAoIBAQDNMmg1ptbwEV/O + QUHaYPmx3pKylMozmBaJ2rFEuzHcCU9LIERL6jGEydr+dQYcgNOkqpCXqMG9NVPW + TmrCrP4GoeIbljt3eIVFUJrGdutOAKRFE+T1uEz4Is7kfGxziGFQsexoOS5clmOM + AiCTCRXSTuOrWbwNzMKY6zD0F1y1xkIEb+mjseUYioWlka8RMlssp0U8AAeG2qSC + aQbvnylHs/mjirB5O9hN/x/SxGjhUMjv95koAhG+su2ms1JwhMh6eY9Vt0KJ6NIx + 1rE2HkAHHELu9y4pDJQr5iQy2DziBOJ4zFWCrKOCCVCExScL+5Rjd/Q1lOayODTt + WES9R6v9AoGBAPUvVGLW/9S3rzNCJEBrSUYe1cCEsST0obASfH9uEsImnddGHbRI + Sg/0qsRcqhxctvZ5inP3z5xS9bsvG8HNh8SLd2fE4rZOz5kGkjNt6vszPf8hrJ9Q + 7NONKeKpg4Qpi5pu9PY+nKi1WUHlP0u07H4L7g8Ha+BkxqPbMYpFkfFnAoGBANvg + vCY8Il0DkTCSbBjbLob+0Oq4KgXPaw+eWiaz8pCYRkvmb7gehSQoR7/Nlihxvooq + Cm0gGyZdpYK3GuLhpPNoKfUxviUi2As/DgnYRfqiJFT7FZr4pD7FLUCH6JZVP0Xd + zM6PrSMIOmADNEDW/xSICM0W974v85pfqQJdSwxPAoGBAN97fJd7EUV7CB7YsuJk + 6C0Z/gu05yKgOKCcuQ4N7ts5B7YpGvowyhExGlZRgFzJxZtzvVdnEb2TgJhVoB9O + j+n+lZ/oPh2eSGtbKffmwMCnPGNI9mdhA/zwNrV7fX0BwVXKvU2WVIUSh4EgzEjd + aJKbnSnlwdaPBOBl8wntz9ERAoGBAJnsxuphWJES6TY+msv/zJ+WjTxz9n8gyEsj + yOqlOJ7+6t9Bj14uh3hbdncQfhkMH55rdecU/cyq7C4I7xp7alU3y3+p9fnbXbDp + 0HMV409k6NhQ+bwGajzDHj25pxpuzR+k+TZ1oHgQz4TdWVw25lVCMh8ZABA1U2zz + oMZV9y7DAoGAaPzOfLlPeseRARCz0mso4Y5elTgVlTv5bOHjtk7ozS66tyjVlyMN + zq1fKj07TG4zIX8aWAID8Nt3dw+03ucGyHV0euvav71H+6CXzdmDb7Oh81f+aSbA + X7SEof3XfLWlt9iigJD6AZEuRlB9/D9tn5phhrDfzTmX3Z8abiVUgxE= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-cab23-r720-14-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAwGcNR8v6cTFxIF0ZJ/HvovjqnvcYgBp3j9RkSl2EWV0tGyto + Pe9i3QSImqbFrmeta5lFHf5LTetbUWn8m+vHZS6dExHESysDtVH39DHaXwuPZwN4 + VnuCl4w38XhHwkgvfF7Tne3Vx/iakEmk8zmyUdcbBat2hj2gWFFL2uQwUqJ3Qeag + w2wREaRd1wdEMweklH3EkRTu4JEMEvxuGGppJUfj5i12uv/1lwVuk7WFMX3laCm+ + 26mgdoqGQ1jZTYJDv4vDC6RvhSDyYdV7f3wtHFn6frJwWTiriszaJdySIXiQX8ii + fEKt100wOQH15hIJfc1U7C92bMJ+DhI2wnNBGwIDAQABAoIBAB3jpG+D45sUCDPz + 4oWPEyApNSGO11KHSg2g/BeFYZsUW35+BsqgVqZpHuOPhuQqHQm7HL6lE4O+TUhf + g6uhPC+exy4AM5NN0lynqDJaUEc1n4hsRJSCyW3LjaFIgzVOS3oxrQQ6v1w6ZaCG + oEZcrzQBi6Qc1+PQzQkLUBJoIo2jhHhRJ5ygNLUnhZPQuYtjmTz6OLmc70uCQGpr + q85cyJIvGLPFJJG84AfZfYGE+5rGAmH0DJNJUa6NPLEw8RR7a5fZyIBDhb+yji22 + rj1+udMy60ZV8ROJW7wywqR+726ELAaDHFEU/OeSwUtszWBIZpIfLobYHFpZdpDF + Mc8moNkCgYEA0N8Y30SKLhzbq3Ig7VPS4msEGNUjJvMlct8YniFuHcN4zaWIFtEf + aDRoWnqa8CtVWl8FiuL+umpQ0eVkzH0R/vTVUq1wu06Y7XwYyLRNMnssw1PSyBED + 2QZF/j4Hk8JRAvva2RKXLwne+Lljeb9PmZuzxpdXjYNGmD9OiTdME98CgYEA69Cr + z+JPTwUSdBoPnkFeO1IZC+rflBFJzj3R50xjSiAp/Q+KvNogEvYzb5mbZW5RcyyV + uAYY+9OTdzQyZwxr8SDGK7ilwsQwnl/+uuLLn6HWOjqPAeLpbmB04mljl5Ft2ADN + 6Eks0NYJ5F1x25lmj7QXRtGYo+2WU7w2pp662kUCgYBnwIowTXF+GmObtCNbACpe + wd3VH/pIHLtbZipqUhzKuBBHxpPlEZfSQUYcu44/AqdxLoYoST1TCACBYrtBQFcy + GBfm67R1tkMMpHoDKFy4WKsRk4++RYVtxkn6UoGdCgcHvmclMLDccsDJN/2LulYl + 7UvNt9uLtcvZUIkIa+lkbQKBgQCj+iK/F9uWUyyV11ls7n+cOGZ6RwTZbXwpEgvY + DuIsNVl9Q0VyNSuAg/sYa3QHgELbF/G0WWkeE+3DQmSaC6Uzs1qaJHf/i3VTa+Uy + B2sYwey56OZwpV01B5W/qxE54ELFpSmJkPi871lJl0EJNw5+dviIok7GDvwtlf9a + tZ2xEQKBgFWMUupdVMl9DZJTN2RNP/4q6/FUTFfGRRoKUoVgN8e2X+nHikUvDTHd + 08mJqSHTFmQn/7bv4MH5mVbBAhgitcVXCvYooR6BNIL0SXbjgr2VNz/ZqVIsWGvW + fW8SM6qMR4CyZkEcW161Zvz4XzGnaIQ3MbkFtfJy/i+wfspdUFZr + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8Ndu2d3Wp0Th24IOVyt + wmhCWSTyCsY/+PZ6CO1JwhvxA/LLR+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEK + O0erydvCT/MKkk/+oKoLTum7TEoWredGPHlri6xMqktFjlW4O2487JvBx5q1wObV + nb1vpv9pnW8isSBRWiQAlsol3Bai3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQ + KPSl1qnQ7h3rNzj7J7Aw5soo7cJKWl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ + 2FzisZs3Jz4izLgi8r6hB/NbIOOc5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcM + PQIDAQAB + -----END PUBLIC KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PublicKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAz8Ndu2d3Wp0Th24IOVytwmhCWSTyCsY/+PZ6CO1JwhvxA/LL + R+qmQEPGszJaBAxyUocgo3oCC8TrUPDD8TEKO0erydvCT/MKkk/+oKoLTum7TEoW + redGPHlri6xMqktFjlW4O2487JvBx5q1wObVnb1vpv9pnW8isSBRWiQAlsol3Bai + 3+e+utz+7smQLh5OFYsGKVd3AuohecSMWXYQKPSl1qnQ7h3rNzj7J7Aw5soo7cJK + Wl8QpOG/qddWvUphtNCuveouv+V7UaK/kveZ2FzisZs3Jz4izLgi8r6hB/NbIOOc + 5NMmGOmhEf7UaXPE5E0u2lj9vEa05HMGgtcMPQIDAQABAoIBABhHwa2EEvvA/aZH + IqjpftkIbDCU08CUmKdUzsA6UvNfZpRKjJ0z/Afoo9EPYlu0xKuGZTcVrCWJ9uI3 + sP5/960j3By0FQpY4fRlauGF3dp0EFKDGhFqxNeObRYepbsFHvTaabRwVqhkL4pP + N0x67Z4IpILEuKgQc+J1X2yEZpk4gq5j7AWvpVIjt1TdznLgpsmcUWT/MAh2uTiu + Fcre+xC3C9a8M2/Df3I5CRff1g4rIRIdOWG+5cqBu8tPEDBllyKZe+9KouhoxJIx + cd+ooLHhKKtR4nV8X7w6UiRLd6MYfcAEQKpkc8InP4oE93moSdyPGGUZf09kimfC + d5v+U/UCgYEA8IX/Y0DYaIy7XXtyDxAusDhYUewFIW7LVqmphSUVolgcSbILWki1 + OtfLMZJ/Ft+p7f+PSVFFi7Cm9E0nc8t/As4MhPNMMQxgzs0qaFfXVfEY1gY4KBwr + 8RpZn3/dHZSlZVjD5hp2ZagHEOmN3b7ZdqTYr2k1uAJe++YVHHcQKzcCgYEA3SG6 + P0RKGNpeJajIiUh7ehdA17FRw9vB8ui6tzh+2PxTtkv988GOBHH/NTaitvTvyi5D + u7ayyYcuQANQaKlWRB8zLq3Rwl7uXRF0fqKgK3yDGoZVdljBd0zjzIcuyzHJq4/W + KCVGDSFmmeAo+8r/zJkzsFX3kpLFEWRZlxIHhisCgYEAnEy3dWxCNU6ew1Tg/eDq + NiGnYzUY8GzrPlnqi1daA7F2UH2e2wC8pIxuwrwMUnTuHHciSebCZtBY7hDlPl5T + HyN/BzaDoKwGjNzOXhgXGwYduZc5DvefpoIVE40nx309LerNAs7XeaADV34ubpcD + AhKFrReVjQodZ1xRA7pri2kCgYAfWyH6yKctIQHKm0VcWh/QLy3tp+ItQKMe26tm + QaeTAyyno9ztzJtju/pxRD8MbGz4IVlPa9esRfPj9dRYEvL9k+MBEnq08hsgrVH0 + hwDpSa2ZfETwFCPS099VaDHVdEjhf/LhHG/zerH+zc9h7OYaz/qJXZdOfGtfTPh7 + OH5CowKBgQCeoKwc5o+WXZl+ebFpwX3eLE3mlGDGwLnJ3N8bue7IIHZOes3Zihbq + G1Bx31npUYt8Ylr7z7wbcLMuEGxWzdLJr6C+J6XwmI+l2j1q1knn0N7scptv54HH + BM1Yk/elAaeuAdKDrdud9daBhGuoBVgyAbpQiq0iXgomcPjvU2jvrg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PrivateKey/v1 diff --git a/spyglass/examples/templates/secrets/certificates/ingress.yaml.j2 b/spyglass/examples/templates/secrets/certificates/ingress.yaml.j2 new file mode 100644 index 0000000..ce475d4 --- /dev/null +++ b/spyglass/examples/templates/secrets/certificates/ingress.yaml.j2 @@ -0,0 +1,135 @@ +--- +# Example manifest for ingress cert. +# Shall be replaced with proper/valid set. +# Self-signed certs are not supported. +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-crt + schema: metadata/Document/v1 + labels: + name: ingress-crt-site + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +data: | + -----BEGIN CERTIFICATE----- + MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO + BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ + MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu + ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP + ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC + r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs + F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV + bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1 + eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO + k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG + YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9 + EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC + gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF + MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv + bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t + gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y + aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH + BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV + HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE + BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw + WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/ + X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX + vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk + JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm + ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF + DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N + w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc + VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg== + -----END CERTIFICATE----- +... +--- +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-ca + schema: metadata/Document/v1 + labels: + name: ingress-ca-site + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +data: | + -----BEGIN CERTIFICATE----- + MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO + BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS + MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC + AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE + OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V + o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0 + YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT + fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI + GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+ + T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB + d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j + mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd + BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB + AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx + 2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM + EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+ + zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9 + XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+ + d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO + TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI + XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40 + +g== + -----END CERTIFICATE----- +... +--- +metadata: + layeringDefinition: + abstract: false + layer: site + name: ingress-key + schema: metadata/Document/v1 + labels: + name: ingress-key-site + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD + OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv + 5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4 + 8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1 + U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9 + Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl + MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R + g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC + DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w + qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif + qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft + 3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6 + ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf + Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8 + uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH + g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc + PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz + +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS + HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk + X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC + wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA + GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE + mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6 + mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM + ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx + E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE + 7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC + 1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8 + 6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+ + TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5 + QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C + pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB + /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ + pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a + dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5 + 2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS + gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3 + -----END RSA PRIVATE KEY----- +... diff --git a/spyglass/examples/templates/site-definition.yaml.j2 b/spyglass/examples/templates/site-definition.yaml.j2 new file mode 100644 index 0000000..02affa9 --- /dev/null +++ b/spyglass/examples/templates/site-definition.yaml.j2 @@ -0,0 +1,17 @@ +--- +# High-level pegleg site definition file +schema: pegleg/SiteDefinition/v1 +metadata: + schema: metadata/Document/v1 + layeringDefinition: + abstract: false + layer: site + # NEWSITE-CHANGEME: Replace with the site name + name: {{ data['region_name'] }} + storagePolicy: cleartext +data: + # The type layer this site will delpoy with. Type layer is found in the + # aic-clcp-manifests repo. + site_type: {{ data['site_info']['sitetype'] }} +... + diff --git a/spyglass/examples/templates/software/charts/kubernetes/etcd.yaml.j2 b/spyglass/examples/templates/software/charts/kubernetes/etcd.yaml.j2 new file mode 100644 index 0000000..40e7f8c --- /dev/null +++ b/spyglass/examples/templates/software/charts/kubernetes/etcd.yaml.j2 @@ -0,0 +1,96 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: +{% set count = [0] %} +{% for rack in data.baremetal.keys() %} +{% for host in data["baremetal"][rack] %} +{% if data["baremetal"][rack][host]["type"] == 'controller' %} + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[{{ count[0] }}].hostname + dest: + path: .values.nodes[{{ count[0] }}].name + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.key + + {% if count.append(count.pop() + 1) %}{% endif %} {# increment count by 1 #} + +{% endif %} +{% endfor %} +{% endfor %} + +{% for rack in data.baremetal.keys() %} +{% for host in data["baremetal"][rack] %} +{% if data["baremetal"][rack][host]["type"] == 'genesis' %} + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[{{ count[0] }}].name + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.key + +{% endif %} +{% endfor %} +{% endfor %} + +data: {} +... diff --git a/spyglass/examples/templates/software/charts/kubernetes/etcd/etcd.yaml.j2 b/spyglass/examples/templates/software/charts/kubernetes/etcd/etcd.yaml.j2 new file mode 100644 index 0000000..d5b85fa --- /dev/null +++ b/spyglass/examples/templates/software/charts/kubernetes/etcd/etcd.yaml.j2 @@ -0,0 +1,92 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: +{% set count = [0] %} +{% for rack in data.baremetal.keys() %} +{% for host in data["baremetal"][rack] %} +{% if data["baremetal"][rack][host]["type"] == 'controller' %} + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[{{ count[0] }}].hostname + dest: + path: .values.nodes[{{ count[0] }}].name + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-{{ host }} + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-{{ host }}-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.key + {% if count.append(count.pop() + 1) %}{% endif %} {# increment count by 1 #} +{% endif %} +{% endfor %} +{% endfor %} +{% for rack in data.baremetal.keys() %} +{% for host in data["baremetal"][rack] %} +{% if data["baremetal"][rack][host]["type"] == 'genesis' %} + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[{{ count[0] }}].name + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: $ + dest: + path: .values.nodes[{{ count[0] }}].tls.peer.key +{% endif %} +{% endfor %} +{% endfor %} + +data: {} +... diff --git a/spyglass/examples/templates/software/charts/kubernetes/ingress/ingress.yaml.j2 b/spyglass/examples/templates/software/charts/kubernetes/ingress/ingress.yaml.j2 new file mode 100644 index 0000000..628ad0a --- /dev/null +++ b/spyglass/examples/templates/software/charts/kubernetes/ingress/ingress.yaml.j2 @@ -0,0 +1,28 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ingress-kube-system + layeringDefinition: + abstract: false + layer: site + parentSelector: + ingress: kube-system + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ksn.bgp.ipv4.ingress_vip + dest: + path: .values.network.vip.addr +data: + values: + network: + vip: + manage: true + interface: ingress0 +... diff --git a/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml.j2 b/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml.j2 new file mode 100644 index 0000000..6d379e8 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml.j2 @@ -0,0 +1,16 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: elasticsearch + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: elasticsearch-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml b/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml new file mode 100644 index 0000000..71e330a --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml @@ -0,0 +1,16 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluent-logging + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: fluent-logging-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/neutron.yaml.j2 b/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/neutron.yaml.j2 new file mode 100644 index 0000000..2547360 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/neutron.yaml.j2 @@ -0,0 +1,23 @@ +--- +# This file defines hardware-specific settings for neutron. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. logical network interface names +# 2. physical device mappigns +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: neutron-fixme + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: neutron-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/nova.yaml.j2 b/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/nova.yaml.j2 new file mode 100644 index 0000000..32f94b8 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh/openstack-compute-kit/nova.yaml.j2 @@ -0,0 +1,25 @@ +--- +# This file defines hardware-specific settings for nova. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware +# changes. +# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC +# slotting changes. +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: nova + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: nova-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml.j2 b/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml.j2 new file mode 100644 index 0000000..f4e4257 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml.j2 @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-client + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: tenant-ceph-client-nc + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + osd: {{ data['storage']['ceph']['controller']['osd_count'] }} +... diff --git a/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml.j2 b/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml.j2 new file mode 100644 index 0000000..051dd17 --- /dev/null +++ b/spyglass/examples/templates/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml.j2 @@ -0,0 +1,55 @@ +--- +# The purpose of this file is to define environment-specific parameters for +# ceph-osd +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-osd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: tenant-ceph-osd-global + actions: + - method: replace + path: .values.conf.storage.osd + - method: merge + path: . + storagePolicy: cleartext +data: + values: + labels: + osd: + node_selector_key: tenant-ceph-osd + node_selector_value: enabled + conf: + storage: + # NEWSITE-CHANGEME: The OSD count and configuration here should not need + # to change if your HW matches the HW used in this environment. + # Otherwise you may need to add or subtract disks to this list. + osd: + - data: + type: block-logical + location: /dev/sde + journal: + type: block-logical + location: /dev/sdb1 + - data: + type: block-logical + location: /dev/sdf + journal: + type: block-logical + location: /dev/sdb2 + - data: + type: block-logical + location: /dev/sdg + journal: + type: block-logical + location: /dev/sdc1 + - data: + type: block-logical + location: /dev/sdh + journal: + type: block-logical + location: /dev/sdc2 +... diff --git a/spyglass/examples/templates/software/charts/ucp/divingbell/divingbell.yaml.j2 b/spyglass/examples/templates/software/charts/ucp/divingbell/divingbell.yaml.j2 new file mode 100644 index 0000000..bdb883e --- /dev/null +++ b/spyglass/examples/templates/software/charts/ucp/divingbell/divingbell.yaml.j2 @@ -0,0 +1,603 @@ +--- +# The purpose of this file is to define site-specific parameters to the +# UAM-lite portion of the divingbell chart: +# 1. User accounts to create on bare metal +# 2. SSH public key for operationg system access to the bare metal +# 3. Passwords for operating system access via iDrac/iLo console. SSH password- +# based auth is disabled. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-divingbell-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - dest: + path: .values.conf.uamlite.users[0].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: jenkins_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[0].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: ubuntu_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[1].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: am240k_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[1].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: am240k_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[2].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: dd118r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[2].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: dd118r_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[3].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ks3019_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[3].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: ks3019_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[4].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: pb269f_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[4].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: pb269f_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[5].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sf5715_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[5].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: sf5715_crypt_password + path: . + - dest: + path: .values.conf.uamlite.users[6].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ds6901_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[7].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: jenkins_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[8].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: kr336r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[9].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ol7435_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[10].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: mm9745_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[11].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sm108f_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[12].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: bp4242_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[13].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sm028h_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[14].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: go4243_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[15].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: vg763v_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[16].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: jb654e_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[17].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: dy270k_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[18].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: dn5242_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[19].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: aw4825_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[20].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ak2685_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[21].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sd592v_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[22].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: dl2017_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[23].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: kv289f_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[24].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: kp648d_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[25].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: mw145n_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[26].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: mm4762_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[27].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: mk721p_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[28].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ns707e_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[29].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: pk5294_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[30].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: rg9968_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[31].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: rk646r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[32].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sy825r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[33].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: bj2343_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[34].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: bd006h_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[35].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: nw288p_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[36].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ja5277_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[37].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ds9665_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[38].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: vp8178_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[39].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ag073n_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[40].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ab4543_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[41].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ar074s_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[42].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: bg809e_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[43].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sq074s_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[44].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: rg4437_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[45].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: gb458m_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[46].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ss254n_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[47].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sd069y_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[48].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sk559p_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[49].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sp781b_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[50].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sc842d_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[51].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ml844w_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[52].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: as487m_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[53].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ms8227_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[54].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ag073n_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[55].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: vv8334_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[56].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ar074s_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[57].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sy336r_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[58].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: sk562s_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[59].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: ag878f_ssh_public_key + path: . +data: + values: + conf: + uamlite: + users: + - user_name: ubuntu + user_sudo: true + user_sshkeys: [] + - user_name: am240k + user_sudo: true + user_sshkeys: [] + - user_name: dd118r + user_sudo: true + user_sshkeys: [] + - user_name: ks3019 + user_sudo: true + user_sshkeys: [] + - user_name: pb269f + user_sudo: true + user_sshkeys: [] + - user_name: sf5715 + user_sudo: true + user_sshkeys: [] + - user_name: ds6901 + user_sudo: true + user_sshkeys: [] + - user_name: jenkins + user_sudo: true + user_sshkeys: [] + - user_name: kr336r + user_sudo: true + user_sshkeys: [] + - user_name: ol7435 + user_sudo: true + user_sshkeys: [] + - user_name: mm9745 + user_sudo: true + user_sshkeys: [] + - user_name: sm108f + user_sudo: true + user_sshkeys: [] + - user_name: bp4242 + user_sudo: true + user_sshkeys: [] + - user_name: sm028h + user_sudo: true + user_sshkeys: [] + - user_name: go4243 + user_sudo: true + user_sshkeys: [] + - user_name: vg763v + user_sudo: true + user_sshkeys: [] + - user_name: jb654e + user_sudo: true + user_sshkeys: [] + - user_name: dy270k + user_sudo: true + user_sshkeys: [] + - user_name: dn5242 + user_sudo: true + user_sshkeys: [] + - user_name: aw4825 + user_sudo: true + user_sshkeys: [] + - user_name: ak2685 + user_sudo: true + user_sshkeys: [] + - user_name: sd592v + user_sudo: true + user_sshkeys: [] + - user_name: dl2017 + user_sudo: true + user_sshkeys: [] + - user_name: kv289f + user_sudo: true + user_sshkeys: [] + - user_name: kp648d + user_sudo: true + user_sshkeys: [] + - user_name: mw145n + user_sudo: true + user_sshkeys: [] + - user_name: mm4762 + user_sudo: true + user_sshkeys: [] + - user_name: mk721p + user_sudo: true + user_sshkeys: [] + - user_name: ns707e + user_sudo: true + user_sshkeys: [] + - user_name: pk5294 + user_sudo: true + user_sshkeys: [] + - user_name: rg9968 + user_sudo: true + user_sshkeys: [] + - user_name: rk646r + user_sudo: true + user_sshkeys: [] + - user_name: sy825r + user_sudo: true + user_sshkeys: [] + - user_name: bj2343 + user_sudo: true + user_sshkeys: [] + - user_name: bd006h + user_sudo: true + user_sshkeys: [] + - user_name: nw288p + user_sudo: true + user_sshkeys: [] + - user_name: ja5277 + user_sudo: true + user_sshkeys: [] + - user_name: ds9665 + user_sudo: true + user_sshkeys: [] + - user_name: vp8178 + user_sudo: true + user_sshkeys: [] + - user_name: ag073n + user_sudo: true + user_sshkeys: [] + - user_name: ab4543 + user_sudo: true + user_sshkeys: [] + - user_name: ar074s + user_sudo: true + user_sshkeys: [] + - user_name: bg809e + user_sudo: true + user_sshkeys: [] + - user_name: sq074s + user_sudo: true + user_sshkeys: [] + - user_name: rg4437 + user_sudo: true + user_sshkeys: [] + - user_name: gb458m + user_sudo: true + user_sshkeys: [] + - user_name: ss254n + user_sudo: true + user_sshkeys: [] + - user_name: sd069n + user_sudo: true + user_sshkeys: [] + - user_name: sk559p + user_sudo: true + user_sshkeys: [] + - user_name: sp781b + user_sudo: true + user_sshkeys: [] + - user_name: sc842d + user_sudo: true + user_sshkeys: [] + - user_name: ml844w + user_sudo: true + user_sshkeys: [] + - user_name: as487m + user_sudo: true + user_sshkeys: [] + - user_name: ms8227 + user_sudo: true + user_sshkeys: [] + - user_name: ag073n + user_sudo: true + user_sshkeys: [] + - user_name: vv8334 + user_sudo: true + user_sshkeys: [] + - user_name: ar074s + user_sudo: true + user_sshkeys: [] + - user_name: sy336r + user_sudo: true + user_sshkeys: [] + - user_name: sk562s + user_sudo: true + user_sshkeys: [] + - user_name: ag878f + user_sudo: true + user_sshkeys: [] +... diff --git a/spyglass/examples/templates/software/config/common-software-config.yaml.j2 b/spyglass/examples/templates/software/config/common-software-config.yaml.j2 new file mode 100644 index 0000000..d1bb309 --- /dev/null +++ b/spyglass/examples/templates/software/config/common-software-config.yaml.j2 @@ -0,0 +1,16 @@ +--- +# The purpose of this file is to define site-specific common software config +# paramters. +# #SITE-PROMOTION-CANDIDATE# would require subsitutions out of common-addresses +schema: pegleg/CommonSoftwareConfig/v1 +metadata: + schema: metadata/Document/v1 + name: common-software-config + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + osh: + # NEWSITE-CHANGEME: Replace with the site name + region_name: {{ data['region_name'] }} diff --git a/spyglass/examples/templates/software/config/endpoints.yaml.j2 b/spyglass/examples/templates/software/config/endpoints.yaml.j2 new file mode 100644 index 0000000..c267129 --- /dev/null +++ b/spyglass/examples/templates/software/config/endpoints.yaml.j2 @@ -0,0 +1,1312 @@ +--- +# The purpose of this file is to define the site's endpoint catalog. This should +# not need to be modified for a new site. +# #GLOBAL-CANDIDATE# +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .ucp.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .ucp.shipyard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: deckhand/Certificate/v1 + name: ingress-crt + path: . + dest: + - path: .ucp.identity.host_fqdn_override.public.tls.crt + - path: .ucp.shipyard.host_fqdn_override.public.tls.crt + - path: .ceph.object_store.host_fqdn_override.public.tls.crt + - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt + - src: + schema: deckhand/CertificateAuthority/v1 + name: ingress-ca + path: . + dest: + - path: .ucp.identity.host_fqdn_override.public.tls.ca + - path: .ucp.shipyard.host_fqdn_override.public.tls.ca + - path: .ceph.object_store.host_fqdn_override.public.tls.ca + - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca + - src: + schema: deckhand/CertificateKey/v1 + name: ingress-key + path: . + dest: + - path: .ucp.identity.host_fqdn_override.public.tls.key + - path: .ucp.shipyard.host_fqdn_override.public.tls.key + - path: .ceph.object_store.host_fqdn_override.public.tls.key + - path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key +data: + ucp: + identity: + namespace: ucp + name: keystone + hosts: + default: keystone-api + public: keystone + host_fqdn_override: + default: null + public: + host: iam.DOMAIN + admin: + host: iam.DOMAIN + path: + default: /v3 + scheme: + default: "https" + internal: "http" + port: + api: + default: 443 + internal: 5000 + armada: + name: armada + hosts: + default: armada-api + public: armada + port: + api: + default: 8000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + deckhand: + name: deckhand + hosts: + default: deckhand-int + public: deckhand-api + port: + api: + default: 9000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + postgresql: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + postgresql_airflow_celery: + name: postgresql_airflow_celery_db + hosts: + default: postgresql + path: /DB_NAME + scheme: db+postgresql + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + key_manager: + name: barbican + hosts: + default: barbican-api + public: barbican + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: "http" + port: + api: + default: 9311 + public: 80 + oslo_messaging: + namespace: null + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + physicalprovisioner: + name: drydock + hosts: + default: drydock-api + port: + api: + default: 9000 + nodeport: 31900 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + maas_region_ui: + name: maas-region-ui + hosts: + default: maas-region-ui + public: maas + path: + default: /MAAS + scheme: + default: "http" + port: + region_ui: + default: 80 + public: 80 + host_fqdn_override: + default: null + kubernetesprovisioner: + name: promenade + hosts: + default: promenade-api + port: + api: + default: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + shipyard: + name: shipyard + hosts: + default: shipyard-int + public: shipyard-api + port: + api: + default: 9000 + public: 443 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "https" + host_fqdn_override: + default: null + public: + host: shipyard.DOMAIN + airflow_web: + name: airflow-web + hosts: + default: airflow-web-int + public: airflow-web + port: + airflow_web: + default: 8080 + path: + default: / + scheme: + default: "http" + host_fqdn_override: + default: null + airflow_flower: + name: airflow-flower + hosts: + default: airflow-flower + port: + airflow_flower: + default: 5555 + path: + default: / + scheme: + default: "http" + host_fqdn_override: + default: null + prometheus_openstack_exporter: + namespace: ucp + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + ceph: + object_store: + name: swift + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store.DOMAIN + path: + default: /swift/v1 + scheme: + default: "http" + public: "https" + port: + api: + default: 8088 + public: 443 + ceph_object_store: + name: radosgw + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "https" + port: + api: + default: 8088 + public: 443 + ceph_mon: + namespace: ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6789 + ceph_mgr: + namespace: ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7000 + scheme: + default: "http" + tenant_ceph_mon: + namespace: tenant-ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6790 + tenant_ceph_mgr: + namespace: tenant-ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7001 + metrics: + default: 9284 + scheme: + default: http +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.image.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.cloudformation.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.orchestration.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.placement.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.network.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .osh.dashboard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volume.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev2.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev3.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: deckhand/Certificate/v1 + name: ingress-crt + path: . + dest: + - path: .osh.object_store.host_fqdn_override.public.tls.crt + - path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt + - path: .osh.identity.host_fqdn_override.public.tls.crt + - path: .osh.orchestration.host_fqdn_override.public.tls.crt + - path: .osh.cloudformation.host_fqdn_override.public.tls.crt + - path: .osh.dashboard.host_fqdn_override.public.tls.crt + - path: .osh.image.host_fqdn_override.public.tls.crt + - path: .osh.volume.host_fqdn_override.public.tls.crt + - path: .osh.volumev2.host_fqdn_override.public.tls.crt + - path: .osh.volumev3.host_fqdn_override.public.tls.crt + - path: .osh.compute.host_fqdn_override.public.tls.crt + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt + - path: .osh.placement.host_fqdn_override.public.tls.crt + - path: .osh.network.host_fqdn_override.public.tls.crt + - src: + schema: deckhand/CertificateAuthority/v1 + name: ingress-ca + path: . + dest: + - path: .osh.object_store.host_fqdn_override.public.tls.ca + - path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca + - path: .osh.identity.host_fqdn_override.public.tls.ca + - path: .osh.orchestration.host_fqdn_override.public.tls.ca + - path: .osh.cloudformation.host_fqdn_override.public.tls.ca + - path: .osh.dashboard.host_fqdn_override.public.tls.ca + - path: .osh.image.host_fqdn_override.public.tls.ca + - path: .osh.volume.host_fqdn_override.public.tls.ca + - path: .osh.volumev2.host_fqdn_override.public.tls.ca + - path: .osh.volumev3.host_fqdn_override.public.tls.ca + - path: .osh.compute.host_fqdn_override.public.tls.ca + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca + - path: .osh.placement.host_fqdn_override.public.tls.ca + - path: .osh.network.host_fqdn_override.public.tls.ca + - src: + schema: deckhand/CertificateKey/v1 + name: ingress-key + path: . + dest: + - path: .osh.object_store.host_fqdn_override.public.tls.key + - path: .osh.ceph_object_store.host_fqdn_override.public.tls.key + - path: .osh.identity.host_fqdn_override.public.tls.key + - path: .osh.orchestration.host_fqdn_override.public.tls.key + - path: .osh.cloudformation.host_fqdn_override.public.tls.key + - path: .osh.dashboard.host_fqdn_override.public.tls.key + - path: .osh.image.host_fqdn_override.public.tls.key + - path: .osh.volume.host_fqdn_override.public.tls.key + - path: .osh.volumev2.host_fqdn_override.public.tls.key + - path: .osh.volumev3.host_fqdn_override.public.tls.key + - path: .osh.compute.host_fqdn_override.public.tls.key + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key + - path: .osh.placement.host_fqdn_override.public.tls.key + - path: .osh.network.host_fqdn_override.public.tls.key +data: + osh: + object_store: + name: swift + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store.DOMAIN + path: + default: /swift/v1/KEY_$(tenant_id)s + scheme: + default: "http" + public: "https" + port: + api: + default: 8088 + public: 443 + ceph_object_store: + name: radosgw + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "https" + port: + api: + default: 8088 + public: 443 + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + prometheus_mysql_exporter: + namespace: openstack + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + keystone_oslo_messaging: + namespace: openstack + hosts: + default: keystone-rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + keystone_rabbitmq_exporter: + namespace: openstack + hosts: + default: keystone-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + oslo_cache: + namespace: openstack + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + identity: + namespace: openstack + name: keystone + hosts: + default: keystone-api + public: keystone + admin: keystone-api + internal: keystone-api + host_fqdn_override: + default: null + public: + host: identity.DOMAIN + admin: + host: identity.DOMAIN + path: + default: /v3 + scheme: + default: "https" + internal: "http" + port: + api: + default: 443 + internal: 5000 + glance_oslo_messaging: + namespace: openstack + hosts: + default: glance-rabbitmq + host_fqdn_override: + default: null + path: /glance + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + glance_rabbitmq_exporter: + namespace: openstack + hosts: + default: glance-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + image: + name: glance + hosts: + default: glance-api + public: glance + host_fqdn_override: + default: null + public: + host: image.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + api: + default: 9292 + public: 443 + image_registry: + name: glance-registry + hosts: + default: glance-registry + public: glance-reg + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9191 + public: 80 + cinder_oslo_messaging: + namespace: openstack + hosts: + default: cinder-rabbitmq + host_fqdn_override: + default: null + path: /cinder + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + cinder_rabbitmq_exporter: + namespace: openstack + hosts: + default: cinder-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + volume: + name: cinder + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume.DOMAIN + path: + default: "/v1/%(tenant_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8776 + public: 443 + volumev2: + name: cinderv2 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8776 + public: 443 + volumev3: + name: cinderv3 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume.DOMAIN + path: + default: "/v3/%(tenant_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8776 + public: 443 + heat_oslo_messaging: + namespace: openstack + hosts: + default: heat-rabbitmq + host_fqdn_override: + default: null + path: /heat + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + heat_rabbitmq_exporter: + namespace: openstack + hosts: + default: heat-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + orchestration: + name: heat + hosts: + default: heat-api + public: heat + host_fqdn_override: + default: null + public: + host: orchestration.DOMAIN + path: + default: "/v1/%(project_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8004 + public: 443 + cloudformation: + name: heat-cfn + hosts: + default: heat-cfn + public: cloudformation + host_fqdn_override: + default: null + public: + host: cloudformation.DOMAIN + path: + default: /v1 + scheme: + default: "http" + public: "https" + port: + api: + default: 8000 + public: 443 + cloudwatch: + name: heat-cloudwatch + hosts: + default: heat-cloudwatch + public: cloudwatch + host_fqdn_override: + default: null + path: + default: null + type: null + scheme: + default: "http" + port: + api: + default: 8003 + public: 80 + neutron_oslo_messaging: + namespace: openstack + hosts: + default: neutron-rabbitmq + host_fqdn_override: + default: null + path: /neutron + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + neutron_rabbitmq_exporter: + namespace: openstack + hosts: + default: neutron-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + network: + name: neutron + hosts: + default: neutron-server + public: neutron + host_fqdn_override: + default: null + public: + host: network.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + api: + default: 9696 + public: 443 + nova_oslo_messaging: + namespace: openstack + hosts: + default: nova-rabbitmq + host_fqdn_override: + default: null + path: /nova + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + nova_rabbitmq_exporter: + namespace: openstack + hosts: + default: nova-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + compute: + name: nova + hosts: + default: nova-api + public: nova + host_fqdn_override: + default: null + public: + host: compute.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "https" + port: + api: + default: 8774 + public: 443 + novncproxy: + default: 443 + compute_metadata: + name: nova + hosts: + default: nova-metadata + public: metadata + host_fqdn_override: + default: null + path: + default: / + scheme: + default: "http" + port: + metadata: + default: 8775 + public: 80 + compute_novnc_proxy: + name: nova + hosts: + default: nova-novncproxy + public: novncproxy + host_fqdn_override: + default: null + public: + host: nova-novncproxy.DOMAIN + path: + default: /vnc_auto.html + scheme: + default: "http" + public: "https" + port: + novnc_proxy: + default: 6080 + public: 443 + compute_spice_proxy: + name: nova + hosts: + default: nova-spiceproxy + host_fqdn_override: + default: null + path: + default: /spice_auto.html + scheme: + default: "http" + port: + spice_proxy: + default: 6082 + placement: + name: placement + hosts: + default: placement-api + public: placement + host_fqdn_override: + default: null + public: + host: placement.DOMAIN + path: + default: / + scheme: + default: "http" + public: "https" + port: + api: + default: 8778 + public: 443 + dashboard: + name: horizon + hosts: + default: horizon-int + public: horizon + host_fqdn_override: + default: null + public: + host: dashboard.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + web: + default: 80 + public: 443 +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.grafana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.nagios.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: deckhand/Certificate/v1 + name: ingress-crt + path: . + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.tls.crt + - path: .osh_infra.grafana.host_fqdn_override.public.tls.crt + - path: .osh_infra.nagios.host_fqdn_override.public.tls.crt + - src: + schema: deckhand/CertificateAuthority/v1 + name: ingress-ca + path: . + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.tls.ca + - path: .osh_infra.grafana.host_fqdn_override.public.tls.ca + - path: .osh_infra.nagios.host_fqdn_override.public.tls.ca + - src: + schema: deckhand/CertificateKey/v1 + name: ingress-key + path: . + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.tls.key + - path: .osh_infra.grafana.host_fqdn_override.public.tls.key + - path: .osh_infra.nagios.host_fqdn_override.public.tls.key + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.base_url + dest: + path: .osh_infra.ldap.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.auth_path + dest: + path: .osh_infra.ldap.path.default + pattern: AUTH_PATH +data: + osh_infra: + ceph_object_store: + name: radosgw + namespace: osh-infra + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 8088 + public: 80 + elasticsearch: + name: elasticsearch + namespace: osh-infra + hosts: + data: elasticsearch-data + default: elasticsearch-logging + discovery: elasticsearch-discovery + public: elasticsearch + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + client: + default: 9200 + http: + default: 80 + discovery: + default: 9300 + prometheus_elasticsearch_exporter: + namespace: null + hosts: + default: elasticsearch-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9108 + fluentd: + namespace: osh-infra + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + service: + default: 24224 + metrics: + default: 24220 + prometheus_fluentd_exporter: + namespace: osh-infra + hosts: + default: fluentd-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9309 + oslo_db: + namespace: osh-infra + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + prometheus_mysql_exporter: + namespace: osh-infra + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + grafana: + name: grafana + namespace: osh-infra + hosts: + default: grafana-dashboard + public: grafana + host_fqdn_override: + default: null + public: + host: grafana.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + grafana: + default: 3000 + public: 443 + monitoring: + name: prometheus + namespace: osh-infra + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9090 + http: + default: 80 + kibana: + name: kibana + namespace: osh-infra + hosts: + default: kibana-dash + public: kibana + host_fqdn_override: + default: null + public: + host: kibana.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + kibana: + default: 5601 + public: 443 + alerts: + name: alertmanager + namespace: osh-infra + hosts: + default: alerts-engine + public: alertmanager + discovery: alertmanager-discovery + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9093 + public: 80 + mesh: + default: 6783 + kube_state_metrics: + namespace: kube-system + hosts: + default: kube-state-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + http: + default: 8080 + kube_scheduler: + scheme: + default: "http" + path: + default: /metrics + kube_controller_manager: + scheme: + default: "http" + path: + default: /metrics + node_metrics: + namespace: kube-system + hosts: + default: node-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9100 + prometheus_port: + default: 9100 + process_exporter_metrics: + namespace: kube-system + hosts: + default: process-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9256 + prometheus_openstack_exporter: + namespace: openstack + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + nagios: + name: nagios + namespace: osh-infra + hosts: + default: nagios-metrics + public: nagios + host_fqdn_override: + default: null + public: + host: nagios.DOMAIN + path: + default: null + scheme: + default: "http" + public: "https" + port: + http: + default: 80 + public: 443 + ldap: + hosts: + default: ldap + host_fqdn_override: + default: null + public: + host: DOMAIN + path: + default: /AUTH_PATH + scheme: + default: "ldap" + port: + ldap: + default: 389 +... + diff --git a/spyglass/examples/templates/software/config/service_accounts.yaml.j2 b/spyglass/examples/templates/software/config/service_accounts.yaml.j2 new file mode 100644 index 0000000..50ecfb6 --- /dev/null +++ b/spyglass/examples/templates/software/config/service_accounts.yaml.j2 @@ -0,0 +1,443 @@ +--- +# The purpose of this file is to define the account catalog for the site. This +# mostly contains service usernames, but also contain some information which +# should be changed like the region (site) name. +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + postgres: + admin: + username: postgres + oslo_db: + admin: + username: root + oslo_messaging: + admin: + username: rabbitmq + keystone: + admin: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + oslo_db: + username: keystone + database: keystone + promenade: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: promenade + drydock: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + postgres: + username: drydock + database: drydock + shipyard: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + postgres: + username: shipyard + database: shipyard + airflow: + postgres: + username: airflow + database: airflow + oslo_messaging: + username: rabbitmq + maas: + admin: + username: admin + email: none@none + postgres: + username: maas + database: maasdb + barbican: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: barbican + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + armada: + keystone: + project_domain_name: default + user_domain_name: default + project_name: service + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + user_domain_name: default + username: armada + deckhand: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: deckhand + postgres: + username: deckhand + database: deckhand + prometheus_openstack_exporter: + user: + region_name: RegionOne + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + ceph: + swift: + keystone: + role: admin + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: swift + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.keystone.admin.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.cinder.cinder.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.glance.glance.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_trustee.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_stack_user.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.swift.keystone.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.neutron.neutron.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.nova.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.placement.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name +data: + osh: + keystone: + admin: + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_db: + username: keystone + database: keystone + oslo_messaging: + admin: + username: keystone-rabbitmq-admin + keystone: + username: keystone-rabbitmq-user + ldap: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + username: "test@ldap.example.com" + cinder: + cinder: + role: admin + username: cinder + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: cinder + database: cinder + oslo_messaging: + admin: + username: cinder-rabbitmq-admin + cinder: + username: cinder-rabbitmq-user + glance: + glance: + role: admin + username: glance + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: glance + database: glance + oslo_messaging: + admin: + username: glance-rabbitmq-admin + glance: + username: glance-rabbitmq-user + ceph_object_store: + username: glance + heat: + heat: + role: admin + username: heat + project_name: service + user_domain_name: default + project_domain_name: default + heat_trustee: + role: admin + username: heat-trust + project_name: service + user_domain_name: default + project_domain_name: default + heat_stack_user: + role: admin + username: heat-domain + domain_name: heat + oslo_db: + username: heat + database: heat + oslo_messaging: + admin: + username: heat-rabbitmq-admin + heat: + username: heat-rabbitmq-user + swift: + keystone: + role: admin + username: swift + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-oslodb-exporter + neutron: + neutron: + role: admin + username: neutron + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: neutron + database: neutron + oslo_messaging: + admin: + username: neutron-rabbitmq-admin + neutron: + username: neutron-rabbitmq-user + nova: + nova: + role: admin + username: nova + project_name: service + user_domain_name: default + project_domain_name: default + placement: + role: admin + username: placement + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: nova + database: nova + oslo_db_api: + username: nova + database: nova_api + oslo_db_cell0: + username: nova + database: "nova_cell0" + oslo_messaging: + admin: + username: nova-rabbitmq-admin + nova: + username: nova-rabbitmq-user + horizon: + oslo_db: + username: horizon + database: horizon + barbican: + barbican: + role: admin + username: barbican + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: barbican-rabbitmq-admin + barbican: + username: barbican-rabbitmq-user +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh_infra.prometheus_openstack_exporter.user.region_name +data: + osh_infra: + ceph_object_store: + admin: + username: s3_admin + elasticsearch: + username: elasticsearch + grafana: + admin: + username: grafana + oslo_db: + username: grafana + database: grafana + oslo_db_session: + username: grafana_session + database: grafana_session + elasticsearch: + admin: + username: elasticsearch + kibana: + admin: + username: kibana + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-infra-oslodb-exporter + prometheus_openstack_exporter: + user: + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + nagios: + admin: + username: nagios + prometheus: + admin: + username: prometheus + ldap: + admin: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + bind: "test@ldap.example.com" +... + diff --git a/spyglass/parser/engine.py b/spyglass/parser/engine.py index 9a8d23f..a330d5f 100644 --- a/spyglass/parser/engine.py +++ b/spyglass/parser/engine.py @@ -18,7 +18,6 @@ import logging import pkg_resources import pprint import sys - import jsonschema import netaddr import yaml @@ -50,9 +49,14 @@ class ProcessDataSource(): self.sitetype = None self.genesis_node = None self.region_name = None + self.network_subnets = None def _get_network_subnets(self): - # Extract subnet information for networks + """ Extract subnet information for networks. + + + In some networks, there are multiple subnets, in that case + we assign only the first subnet """ LOG.info("Extracting network subnets") network_subnets = {} for net_type in self.data['network']['vlan_network_data']: @@ -60,37 +64,35 @@ class ProcessDataSource(): if (net_type != 'ingress'): network_subnets[net_type] = netaddr.IPNetwork( self.data['network']['vlan_network_data'][net_type] - ['subnet']) + ['subnet'][0]) LOG.debug("Network subnets:\n{}".format( pprint.pformat(network_subnets))) return network_subnets def _get_genesis_node_details(self): - # Returns the genesis node details - LOG.info("Getting Genesis Node Details") + # Get genesis host node details from the hosts based on host type for racks in self.data['baremetal'].keys(): rack_hosts = self.data['baremetal'][racks] for host in rack_hosts: if rack_hosts[host]['type'] == 'genesis': self.genesis_node = rack_hosts[host] self.genesis_node['name'] = host - - LOG.debug("Genesis Node Details:{}".format( + LOG.debug("Genesis Node Details:\n{}".format( pprint.pformat(self.genesis_node))) - def _validate_extracted_data(self, data): - """ Validates the extracted data from input source. + def _validate_intermediary_data(self, data): + """ Validates the intermediary data before generating manifests. It checks wether the data types and data format are as expected. The method validates this with regex pattern defined for each data type. """ - LOG.info('Validating data read from extracted data') + LOG.info('Validating Intermediary data') temp_data = {} + # Peforming a deep copy temp_data = copy.deepcopy(data) - # Converting baremetal dict to list. baremetal_list = [] for rack in temp_data['baremetal'].keys(): @@ -103,7 +105,6 @@ class ProcessDataSource(): json_data = json.loads(json.dumps(temp_data)) with open(schema_file, 'r') as f: json_schema = json.load(f) - try: # Suppressing writing of data2.json. Can use it for debugging with open('data2.json', 'w') as outfile: @@ -143,7 +144,6 @@ class ProcessDataSource(): rules_yaml = yaml.safe_load(rules_data_raw) rules_data = {} rules_data.update(rules_yaml) - for rule in rules_data.keys(): rule_name = rules_data[rule]['name'] function_str = "_apply_rule_" + rule_name @@ -153,12 +153,75 @@ class ProcessDataSource(): LOG.info("Applying rule:{}".format(rule_name)) def _apply_rule_host_profile_interfaces(self, rule_data): + # TODO(pg710r)Nothing to do as of now since host profile + # information is already present in plugin data. + # This function shall be defined if plugin data source + # doesn't provide host profile information. pass def _apply_rule_hardware_profile(self, rule_data): - pass + """ Apply rules to define host type from hardware profile info. + + + Host profile will define host types as "controller, compute or + genesis". The rule_data has pre-defined information to define + compute or controller based on host_profile. For defining 'genesis' + the first controller host is defined as genesis.""" + is_genesis = False + hardware_profile = rule_data[self.data['site_info']['sitetype']] + # Getting individual racks. The racks are sorted to ensure that the + # first controller of the first rack is assigned as 'genesis' node. + for rack in sorted(self.data['baremetal'].keys()): + # Getting individual hosts in each rack. Sorting of the hosts are + # done to determine the genesis node. + for host in sorted(self.data['baremetal'][rack].keys()): + host_info = self.data['baremetal'][rack][host] + if (host_info['host_profile'] == hardware_profile[ + 'profile_name']['ctrl']): + if not is_genesis: + host_info['type'] = 'genesis' + is_genesis = True + else: + host_info['type'] = 'controller' + else: + host_info['type'] = 'compute' def _apply_rule_ip_alloc_offset(self, rule_data): + """ Apply offset rules to update baremetal host ip's and vlan network + data """ + + # Get network subnets + self.network_subnets = self._get_network_subnets() + + self._update_vlan_net_data(rule_data) + self._update_baremetal_host_ip_data(rule_data) + + def _update_baremetal_host_ip_data(self, rule_data): + """ Update baremetal host ip's for applicable networks. + + + The applicable networks are oob, oam, ksn, storage and overlay. + These IPs are assigned based on network subnets ranges. + If a particular ip exists it is overridden.""" + + # Ger defult ip offset + default_ip_offset = rule_data['default'] + + host_idx = 0 + LOG.info("Update baremetal host ip's") + for racks in self.data['baremetal'].keys(): + rack_hosts = self.data['baremetal'][racks] + for host in rack_hosts: + host_networks = rack_hosts[host]['ip'] + for net in host_networks: + ips = list(self.network_subnets[net]) + host_networks[net] = str(ips[host_idx + default_ip_offset]) + host_idx = host_idx + 1 + + LOG.debug("Updated baremetal host:\n{}".format( + pprint.pformat(self.data['baremetal']))) + + def _update_vlan_net_data(self, rule_data): """ Offset allocation rules to determine ip address range(s) @@ -166,7 +229,6 @@ class ProcessDataSource(): network address, gateway ip and other address ranges """ LOG.info("Apply network design rules") - vlan_network_data = {} # Collect Rules default_ip_offset = rule_data['default'] @@ -179,7 +241,7 @@ class ProcessDataSource(): dhcp_ip_end_offset = rule_data['dhcp_ip_end'] # Set ingress vip and CIDR for bgp - LOG.info("Applying rule to network bgp data") + LOG.info("Apply network design rules:bgp") subnet = netaddr.IPNetwork( self.data['network']['vlan_network_data']['ingress']['subnet'][0]) ips = list(subnet) @@ -190,27 +252,24 @@ class ProcessDataSource(): LOG.debug("Updated network bgp data:\n{}".format( pprint.pformat(self.data['network']['bgp']))) - LOG.info("Applying rule to vlan network data") - # Get network subnets - network_subnets = self._get_network_subnets() + LOG.info("Apply network design rules:vlan") # Apply rules to vlan networks - for net_type in network_subnets: + for net_type in self.network_subnets: if net_type == 'oob': ip_offset = oob_ip_offset else: ip_offset = default_ip_offset - vlan_network_data[net_type] = {} - subnet = network_subnets[net_type] + + subnet = self.network_subnets[net_type] ips = list(subnet) - vlan_network_data[net_type]['network'] = str( - network_subnets[net_type]) + self.data['network']['vlan_network_data'][net_type][ + 'gateway'] = str(ips[gateway_ip_offset]) - vlan_network_data[net_type]['gateway'] = str( - ips[gateway_ip_offset]) - - vlan_network_data[net_type]['reserved_start'] = str(ips[1]) - vlan_network_data[net_type]['reserved_end'] = str(ips[ip_offset]) + self.data['network']['vlan_network_data'][net_type][ + 'reserved_start'] = str(ips[1]) + self.data['network']['vlan_network_data'][net_type][ + 'reserved_end'] = str(ips[ip_offset]) static_start = str(ips[ip_offset + 1]) static_end = str(ips[static_ip_end_offset]) @@ -221,69 +280,78 @@ class ProcessDataSource(): dhcp_start = str(ips[mid]) dhcp_end = str(ips[dhcp_ip_end_offset]) - vlan_network_data[net_type]['dhcp_start'] = dhcp_start - vlan_network_data[net_type]['dhcp_end'] = dhcp_end + self.data['network']['vlan_network_data'][net_type][ + 'dhcp_start'] = dhcp_start + self.data['network']['vlan_network_data'][net_type][ + 'dhcp_end'] = dhcp_end - vlan_network_data[net_type]['static_start'] = static_start - vlan_network_data[net_type]['static_end'] = static_end + self.data['network']['vlan_network_data'][net_type][ + 'static_start'] = static_start + self.data['network']['vlan_network_data'][net_type][ + 'static_end'] = static_end # There is no vlan for oob network if (net_type != 'oob'): - vlan_network_data[net_type]['vlan'] = self.data['network'][ - 'vlan_network_data'][net_type]['vlan'] + self.data['network']['vlan_network_data'][net_type][ + 'vlan'] = self.data['network']['vlan_network_data'][ + net_type]['vlan'] # OAM have default routes. Only for cruiser. TBD if (net_type == 'oam'): routes = ["0.0.0.0/0"] else: routes = [] - vlan_network_data[net_type]['routes'] = routes - - # Update network data to self.data - self.data['network']['vlan_network_data'][ - net_type] = vlan_network_data[net_type] + self.data['network']['vlan_network_data'][net_type][ + 'routes'] = routes LOG.debug("Updated vlan network data:\n{}".format( - pprint.pformat(vlan_network_data))) + pprint.pformat(self.data['network']['vlan_network_data']))) def load_extracted_data_from_data_source(self, extracted_data): """ Function called from spyglass.py to pass extracted data from input data source """ - LOG.info("Load extracted data from data source") - self._validate_extracted_data(extracted_data) + # TBR(pg710r): for internal testing + """ + raw_data = self._read_file('extracted_data.yaml') + extracted_data = yaml.safe_load(raw_data) + """ + + LOG.info("Loading plugin data source") self.data = extracted_data - LOG.debug("Extracted data from plugin data source:\n{}".format( + LOG.debug("Extracted data from plugin:\n{}".format( pprint.pformat(extracted_data))) extracted_file = "extracted_file.yaml" yaml_file = yaml.dump(extracted_data, default_flow_style=False) with open(extracted_file, 'w') as f: f.write(yaml_file) + f.close() # Append region_data supplied from CLI to self.data self.data['region_name'] = self.region_name def dump_intermediary_file(self, intermediary_dir): - """ Dumping intermediary yaml """ - LOG.info("Dumping intermediary yaml") + """ Writing intermediary yaml """ + LOG.info("Writing intermediary yaml") intermediary_file = "{}_intermediary.yaml".format( self.data['region_name']) - # Check of if output dir = intermediary_dir exists if intermediary_dir is not None: outfile = "{}/{}".format(intermediary_dir, intermediary_file) else: outfile = intermediary_file - LOG.info("Intermediary file dir:{}".format(outfile)) + LOG.info("Intermediary file:{}".format(outfile)) yaml_file = yaml.dump(self.data, default_flow_style=False) with open(outfile, 'w') as f: f.write(yaml_file) + f.close() def generate_intermediary_yaml(self): """ Generating intermediary yaml """ - LOG.info("Generating intermediary yaml") + LOG.info("Start: Generate Intermediary") self._apply_design_rules() self._get_genesis_node_details() + self._validate_intermediary_data(self.data) self.intermediary_yaml = self.data return self.intermediary_yaml diff --git a/spyglass/site_processors/site_processor.py b/spyglass/site_processors/site_processor.py index 57e51f0..9f65e2d 100644 --- a/spyglass/site_processors/site_processor.py +++ b/spyglass/site_processors/site_processor.py @@ -13,7 +13,6 @@ # limitations under the License. import logging -import pkg_resources import os from jinja2 import Environment from jinja2 import FileSystemLoader @@ -27,7 +26,7 @@ class SiteProcessor(BaseProcessor): self.yaml_data = intermediary_yaml self.manifest_dir = manifest_dir - def render_template(self): + def render_template(self, template_dir): """ The method renders network config yaml from j2 templates. @@ -42,8 +41,7 @@ class SiteProcessor(BaseProcessor): site_manifest_dir = 'pegleg_manifests/site/' LOG.info("Site manifest output dir:{}".format(site_manifest_dir)) - template_software_dir = pkg_resources.resource_filename( - 'spyglass', 'templates/') + template_software_dir = template_dir + '/' template_dir_abspath = os.path.dirname(template_software_dir) LOG.debug("Template Path:%s", template_dir_abspath) diff --git a/spyglass/spyglass.py b/spyglass/spyglass.py index 4b0a03e..0ff92b3 100644 --- a/spyglass/spyglass.py +++ b/spyglass/spyglass.py @@ -67,6 +67,23 @@ LOG = logging.getLogger('spyglass') '-mdir', type=click.Path(exists=True), help='The path where manifest files needs to be generated') +@click.option( + '--template_dir', + '-tdir', + type=click.Path(exists=True), + help='The path where J2 templates are available') +@click.option( + '--excel', + '-x', + multiple=True, + type=click.Path(exists=True), + help= + 'Path to engineering excel file, to be passed with generate_intermediary') +@click.option( + '--excel_spec', + '-e', + type=click.Path(exists=True), + help='Path to excel spec, to be passed with generate_intermediary') @click.option( '--loglevel', '-l', @@ -83,6 +100,7 @@ def main(*args, **kwargs): manifest_dir = kwargs['manifest_dir'] intermediary = kwargs['intermediary'] site = kwargs['site'] + template_dir = kwargs['template_dir'] loglevel = kwargs['loglevel'] # Set Logging format @@ -94,7 +112,7 @@ def main(*args, **kwargs): LOG.addHandler(stream_handle) LOG.info("Spyglass start") - LOG.debug("CLI Parameters passed:\n{}".format(kwargs)) + LOG.info("CLI Parameters passed:\n{}".format(kwargs)) if not (generate_intermediary or generate_manifests): LOG.error("Invalid CLI parameters passed!! Spyglass exited") @@ -102,6 +120,14 @@ def main(*args, **kwargs): LOG.info("CLI Parameters:\n{}".format(kwargs)) exit() + if generate_manifests: + if template_dir is None: + LOG.error("Template directory not specified!! Spyglass exited") + LOG.error( + "It is mandatory to provide it when generate_manifests is true" + ) + exit() + # Generate Intermediary yaml and manifests extracting data # from data source specified by plugin type intermediary_yaml = {} @@ -163,7 +189,7 @@ def main(*args, **kwargs): if generate_manifests: LOG.info("Generating site Manifests") processor_engine = SiteProcessor(intermediary_yaml, manifest_dir) - processor_engine.render_template() + processor_engine.render_template(template_dir) LOG.info("Spyglass Execution Completed")