From 06ffeec6b1fb75d6dafc219f309ea70c80cbd77b Mon Sep 17 00:00:00 2001 From: Kaspars Skels Date: Mon, 1 Apr 2019 16:38:52 -0500 Subject: [PATCH] Sloop type and Airsloop site Sloop type/site is a minimalistic approach to Airship with reduced requirements towards hardware and external dependencies while keeping all the functional features. Major differences compared to reference site airship-seaworthy - Two bare-metal server setup with 1 control, and 1 compute. Most components are scaled to a single replica and doesn't carry any HA as there is only a single control plane host. - No requirements for DNS/certificates. HTTP and internal cluster DNS is used. - Ceph set to use the single (root) disk. This generally provides minimalistic no-touch ceph deployment. No replication of ceph data (single copy). - Simplified networking (no bonding). Two network interfaces are used by default (flat PXE, and DATA network with VLANs for OAM, Calico, Storage, and OpenStack Overlay) - Generic hostnames used (airsloop-control-1, airsloop-compute-1) that simplifies generation of k8s certificates - Usage of standard Ubuntu 16.04 GA kernel (as oppose to HWE) Change-Id: I4944fcae7d29ed8799d810c93efb0120b6b3a105 --- .../osh-infra-dashboards/grafana.yaml | 2 + .../osh-infra-ingress-controller/ingress.yaml | 2 + .../osh-infra/osh-infra-mariadb/mariadb.yaml | 2 + .../osh-infra-monitoring/prometheus.yaml | 2 + .../openstack-tenant-ceph/ceph-ingress.yaml | 2 + .../charts/ucp/ceph/ceph-ingress.yaml | 2 + global/software/manifests/bootstrap.yaml | 3 + .../baremetal/bootactions/promjoin.yaml | 32 + site/airsloop/baremetal/nodes.yaml | 65 + .../deployment/deployment-configuration.yaml | 41 + site/airsloop/networks/common-addresses.yaml | 154 ++ site/airsloop/networks/physical/networks.yaml | 290 ++ site/airsloop/pki/pki-catalog.yaml | 285 ++ site/airsloop/profiles/genesis.yaml | 49 + .../profiles/hardware/dell_r720xd.yaml | 49 + site/airsloop/profiles/host/compute.yaml | 80 + site/airsloop/profiles/region.yaml | 53 + .../secrets/certificates/certificates.yaml | 2387 +++++++++++++++++ .../passphrases/airsloop_crypt_password.yaml | 12 + .../secrets/passphrases/ceph_fsid.yaml | 12 + .../ceph_swift_keystone_password.yaml | 11 + .../passphrases/ipmi_admin_password.yaml | 13 + .../secrets/passphrases/maas-region-key.yaml | 12 + .../osh_barbican_oslo_db_password.yaml | 11 + ...arbican_oslo_messaging_admin_password.yaml | 11 + .../osh_barbican_oslo_messaging_password.yaml | 11 + .../passphrases/osh_barbican_password.yaml | 11 + .../osh_barbican_rabbitmq_erlang_cookie.yaml | 11 + .../osh_cinder_oslo_db_password.yaml | 11 + ..._cinder_oslo_messaging_admin_password.yaml | 11 + .../osh_cinder_oslo_messaging_password.yaml | 11 + .../passphrases/osh_cinder_password.yaml | 11 + .../osh_cinder_rabbitmq_erlang_cookie.yaml | 11 + .../osh_glance_oslo_db_password.yaml | 11 + ..._glance_oslo_messaging_admin_password.yaml | 11 + .../osh_glance_oslo_messaging_password.yaml | 11 + .../passphrases/osh_glance_password.yaml | 11 + .../osh_glance_rabbitmq_erlang_cookie.yaml | 11 + .../osh_heat_oslo_db_password.yaml | 11 + ...sh_heat_oslo_messaging_admin_password.yaml | 11 + .../osh_heat_oslo_messaging_password.yaml | 11 + .../passphrases/osh_heat_password.yaml | 11 + .../osh_heat_rabbitmq_erlang_cookie.yaml | 11 + .../osh_heat_stack_user_password.yaml | 11 + .../osh_heat_trustee_password.yaml | 11 + .../osh_horizon_oslo_db_password.yaml | 11 + ...sh_infra_elasticsearch_admin_password.yaml | 11 + .../osh_infra_grafana_admin_password.yaml | 11 + .../osh_infra_grafana_oslo_db_password.yaml | 11 + ...nfra_grafana_oslo_db_session_password.yaml | 11 + .../osh_infra_nagios_admin_password.yaml | 11 + ...osh_infra_openstack_exporter_password.yaml | 11 + .../osh_infra_oslo_db_admin_password.yaml | 11 + .../osh_infra_oslo_db_exporter_password.yaml | 11 + .../osh_infra_prometheus_admin_password.yaml | 11 + .../osh_infra_rgw_s3_admin_access_key.yaml | 11 + .../osh_infra_rgw_s3_admin_secret_key.yaml | 11 + ...infra_rgw_s3_elasticsearch_access_key.yaml | 11 + ...infra_rgw_s3_elasticsearch_secret_key.yaml | 11 + .../osh_keystone_admin_password.yaml | 11 + .../osh_keystone_ldap_password.yaml | 11 + .../osh_keystone_oslo_db_password.yaml | 11 + ...eystone_oslo_messaging_admin_password.yaml | 11 + .../osh_keystone_oslo_messaging_password.yaml | 11 + .../osh_keystone_rabbitmq_erlang_cookie.yaml | 11 + .../osh_neutron_oslo_db_password.yaml | 11 + ...neutron_oslo_messaging_admin_password.yaml | 11 + .../osh_neutron_oslo_messaging_password.yaml | 11 + .../passphrases/osh_neutron_password.yaml | 11 + .../osh_neutron_rabbitmq_erlang_cookie.yaml | 11 + .../osh_nova_oslo_db_password.yaml | 11 + ...sh_nova_oslo_messaging_admin_password.yaml | 11 + .../osh_nova_oslo_messaging_password.yaml | 11 + .../passphrases/osh_nova_password.yaml | 11 + .../osh_nova_rabbitmq_erlang_cookie.yaml | 11 + .../osh_oslo_cache_secret_key.yaml | 11 + .../osh_oslo_db_admin_password.yaml | 11 + .../osh_oslo_db_exporter_password.yaml | 11 + .../passphrases/osh_placement_password.yaml | 11 + .../secrets/passphrases/tenant_ceph_fsid.yaml | 12 + .../ucp_airflow_oslo_messaging_password.yaml | 11 + .../ucp_airflow_postgres_password.yaml | 11 + .../ucp_armada_keystone_password.yaml | 11 + .../ucp_barbican_keystone_password.yaml | 11 + .../ucp_barbican_oslo_db_password.yaml | 11 + .../ucp_deckhand_keystone_password.yaml | 11 + .../ucp_deckhand_postgres_password.yaml | 11 + .../ucp_drydock_keystone_password.yaml | 11 + .../ucp_drydock_postgres_password.yaml | 11 + .../ucp_keystone_admin_password.yaml | 11 + .../ucp_keystone_oslo_db_password.yaml | 11 + .../passphrases/ucp_maas_admin_password.yaml | 11 + .../ucp_maas_postgres_password.yaml | 11 + ..._openstack_exporter_keystone_password.yaml | 11 + .../ucp_oslo_db_admin_password.yaml | 11 + .../ucp_oslo_messaging_password.yaml | 11 + .../ucp_postgres_admin_password.yaml | 11 + .../ucp_promenade_keystone_password.yaml | 11 + .../ucp_rabbitmq_erlang_cookie.yaml | 11 + .../ucp_shipyard_keystone_password.yaml | 11 + .../ucp_shipyard_postgres_password.yaml | 11 + .../publickey/airsloop_ssh_public_key.yaml | 11 + site/airsloop/site-definition.yaml | 16 + .../kubernetes/container-networking/etcd.yaml | 127 + .../software/charts/kubernetes/etcd/etcd.yaml | 131 + .../software/charts/osh/ceph/ceph-client.yaml | 22 + .../software/charts/ucp/divingbell.yaml | 48 + tools/openstack | 9 +- tools/tests.sh | 5 +- .../charts/kubernetes/ingress/ingress.yaml | 16 + .../sloop/charts/osh-infra/elasticsearch.yaml | 29 + .../charts/osh-infra/fluent-logging.yaml | 20 + type/sloop/charts/osh-infra/grafana.yaml | 21 + type/sloop/charts/osh-infra/ingress.yaml | 22 + type/sloop/charts/osh-infra/mariadb.yaml | 22 + type/sloop/charts/osh-infra/prometheus.yaml | 33 + type/sloop/charts/osh/ceph/ceph-client.yaml | 102 + type/sloop/charts/osh/ceph/ceph-ingress.yaml | 22 + type/sloop/charts/osh/ceph/ceph-osd.yaml | 16 + .../charts/osh/comps/cinder-rabbitmq.yaml | 21 + type/sloop/charts/osh/comps/cinder.yaml | 24 + .../charts/osh/comps/glance-rabbitmq.yaml | 21 + type/sloop/charts/osh/comps/glance.yaml | 22 + .../sloop/charts/osh/comps/heat-rabbitmq.yaml | 21 + type/sloop/charts/osh/comps/heat.yaml | 24 + type/sloop/charts/osh/comps/horizon.yaml | 21 + type/sloop/charts/osh/comps/ingress.yaml | 22 + .../charts/osh/comps/keystone-rabbitmq.yaml | 21 + type/sloop/charts/osh/comps/keystone.yaml | 21 + type/sloop/charts/osh/comps/mariadb.yaml | 22 + .../charts/osh/comps/neutron-rabbitmq.yaml | 21 + type/sloop/charts/osh/comps/neutron.yaml | 20 + .../sloop/charts/osh/comps/nova-rabbitmq.yaml | 21 + type/sloop/charts/osh/comps/nova.yaml | 28 + type/sloop/charts/ucp/ceph/ceph-client.yaml | 96 + type/sloop/charts/ucp/ceph/ceph-ingress.yaml | 22 + type/sloop/charts/ucp/ceph/ceph-osd.yaml | 16 + .../charts/ucp/ceph/ceph-provisioners.yaml | 22 + type/sloop/charts/ucp/comps/armada.yaml | 21 + type/sloop/charts/ucp/comps/barbican.yaml | 21 + type/sloop/charts/ucp/comps/deckhand.yaml | 21 + type/sloop/charts/ucp/comps/drydock.yaml | 20 + type/sloop/charts/ucp/comps/keystone.yaml | 21 + type/sloop/charts/ucp/comps/maas.yaml | 24 + type/sloop/charts/ucp/comps/promenade.yaml | 52 + type/sloop/charts/ucp/comps/shipyard.yaml | 25 + type/sloop/charts/ucp/core/ingress.yaml | 22 + type/sloop/charts/ucp/core/mariadb.yaml | 22 + type/sloop/charts/ucp/core/rabbitmq.yaml | 21 + type/sloop/config/common-software-config.yaml | 16 + type/sloop/config/endpoints.yaml | 1057 ++++++++ type/sloop/config/service_accounts.yaml | 436 +++ type/sloop/manifests/bootstrap.yaml | 37 + type/sloop/manifests/full-site.yaml | 58 + type/sloop/network/KubernetesNetwork.yaml | 97 + 155 files changed, 7543 insertions(+), 5 deletions(-) create mode 100644 site/airsloop/baremetal/bootactions/promjoin.yaml create mode 100644 site/airsloop/baremetal/nodes.yaml create mode 100644 site/airsloop/deployment/deployment-configuration.yaml create mode 100644 site/airsloop/networks/common-addresses.yaml create mode 100644 site/airsloop/networks/physical/networks.yaml create mode 100644 site/airsloop/pki/pki-catalog.yaml create mode 100644 site/airsloop/profiles/genesis.yaml create mode 100644 site/airsloop/profiles/hardware/dell_r720xd.yaml create mode 100644 site/airsloop/profiles/host/compute.yaml create mode 100644 site/airsloop/profiles/region.yaml create mode 100644 site/airsloop/secrets/certificates/certificates.yaml create mode 100644 site/airsloop/secrets/passphrases/airsloop_crypt_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ceph_fsid.yaml create mode 100644 site/airsloop/secrets/passphrases/ceph_swift_keystone_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ipmi_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/maas-region-key.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_barbican_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_barbican_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_cinder_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_cinder_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_glance_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_glance_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_heat_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_heat_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_heat_stack_user_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_heat_trustee_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_horizon_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_grafana_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_nagios_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_openstack_exporter_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_prometheus_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_keystone_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_keystone_ldap_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_keystone_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_neutron_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_neutron_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_nova_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_nova_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_oslo_cache_secret_key.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_oslo_db_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_oslo_db_exporter_password.yaml create mode 100644 site/airsloop/secrets/passphrases/osh_placement_password.yaml create mode 100644 site/airsloop/secrets/passphrases/tenant_ceph_fsid.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_airflow_postgres_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_armada_keystone_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_barbican_keystone_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_barbican_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_deckhand_keystone_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_deckhand_postgres_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_drydock_keystone_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_drydock_postgres_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_keystone_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_keystone_oslo_db_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_maas_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_maas_postgres_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_oslo_db_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_oslo_messaging_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_postgres_admin_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_promenade_keystone_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_shipyard_keystone_password.yaml create mode 100644 site/airsloop/secrets/passphrases/ucp_shipyard_postgres_password.yaml create mode 100644 site/airsloop/secrets/publickey/airsloop_ssh_public_key.yaml create mode 100644 site/airsloop/site-definition.yaml create mode 100644 site/airsloop/software/charts/kubernetes/container-networking/etcd.yaml create mode 100644 site/airsloop/software/charts/kubernetes/etcd/etcd.yaml create mode 100644 site/airsloop/software/charts/osh/ceph/ceph-client.yaml create mode 100644 site/airsloop/software/charts/ucp/divingbell.yaml create mode 100644 type/sloop/charts/kubernetes/ingress/ingress.yaml create mode 100644 type/sloop/charts/osh-infra/elasticsearch.yaml create mode 100644 type/sloop/charts/osh-infra/fluent-logging.yaml create mode 100644 type/sloop/charts/osh-infra/grafana.yaml create mode 100644 type/sloop/charts/osh-infra/ingress.yaml create mode 100644 type/sloop/charts/osh-infra/mariadb.yaml create mode 100644 type/sloop/charts/osh-infra/prometheus.yaml create mode 100644 type/sloop/charts/osh/ceph/ceph-client.yaml create mode 100644 type/sloop/charts/osh/ceph/ceph-ingress.yaml create mode 100644 type/sloop/charts/osh/ceph/ceph-osd.yaml create mode 100644 type/sloop/charts/osh/comps/cinder-rabbitmq.yaml create mode 100644 type/sloop/charts/osh/comps/cinder.yaml create mode 100644 type/sloop/charts/osh/comps/glance-rabbitmq.yaml create mode 100644 type/sloop/charts/osh/comps/glance.yaml create mode 100644 type/sloop/charts/osh/comps/heat-rabbitmq.yaml create mode 100644 type/sloop/charts/osh/comps/heat.yaml create mode 100644 type/sloop/charts/osh/comps/horizon.yaml create mode 100644 type/sloop/charts/osh/comps/ingress.yaml create mode 100644 type/sloop/charts/osh/comps/keystone-rabbitmq.yaml create mode 100644 type/sloop/charts/osh/comps/keystone.yaml create mode 100644 type/sloop/charts/osh/comps/mariadb.yaml create mode 100644 type/sloop/charts/osh/comps/neutron-rabbitmq.yaml create mode 100644 type/sloop/charts/osh/comps/neutron.yaml create mode 100644 type/sloop/charts/osh/comps/nova-rabbitmq.yaml create mode 100644 type/sloop/charts/osh/comps/nova.yaml create mode 100644 type/sloop/charts/ucp/ceph/ceph-client.yaml create mode 100644 type/sloop/charts/ucp/ceph/ceph-ingress.yaml create mode 100644 type/sloop/charts/ucp/ceph/ceph-osd.yaml create mode 100644 type/sloop/charts/ucp/ceph/ceph-provisioners.yaml create mode 100644 type/sloop/charts/ucp/comps/armada.yaml create mode 100644 type/sloop/charts/ucp/comps/barbican.yaml create mode 100644 type/sloop/charts/ucp/comps/deckhand.yaml create mode 100644 type/sloop/charts/ucp/comps/drydock.yaml create mode 100644 type/sloop/charts/ucp/comps/keystone.yaml create mode 100644 type/sloop/charts/ucp/comps/maas.yaml create mode 100644 type/sloop/charts/ucp/comps/promenade.yaml create mode 100644 type/sloop/charts/ucp/comps/shipyard.yaml create mode 100644 type/sloop/charts/ucp/core/ingress.yaml create mode 100644 type/sloop/charts/ucp/core/mariadb.yaml create mode 100644 type/sloop/charts/ucp/core/rabbitmq.yaml create mode 100644 type/sloop/config/common-software-config.yaml create mode 100644 type/sloop/config/endpoints.yaml create mode 100644 type/sloop/config/service_accounts.yaml create mode 100644 type/sloop/manifests/bootstrap.yaml create mode 100644 type/sloop/manifests/full-site.yaml create mode 100644 type/sloop/network/KubernetesNetwork.yaml diff --git a/global/software/charts/osh-infra/osh-infra-dashboards/grafana.yaml b/global/software/charts/osh-infra/osh-infra-dashboards/grafana.yaml index 968b05b52..4c6d68645 100644 --- a/global/software/charts/osh-infra/osh-infra-dashboards/grafana.yaml +++ b/global/software/charts/osh-infra/osh-infra-dashboards/grafana.yaml @@ -6,6 +6,8 @@ metadata: layeringDefinition: abstract: false layer: global + labels: + name: grafana-global storagePolicy: cleartext substitutions: # Chart source diff --git a/global/software/charts/osh-infra/osh-infra-ingress-controller/ingress.yaml b/global/software/charts/osh-infra/osh-infra-ingress-controller/ingress.yaml index 38ed35712..c66d9ce3c 100644 --- a/global/software/charts/osh-infra/osh-infra-ingress-controller/ingress.yaml +++ b/global/software/charts/osh-infra/osh-infra-ingress-controller/ingress.yaml @@ -3,6 +3,8 @@ schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: osh-infra-ingress-controller + labels: + name: osh-infra-ingress-controller-global layeringDefinition: abstract: false layer: global diff --git a/global/software/charts/osh-infra/osh-infra-mariadb/mariadb.yaml b/global/software/charts/osh-infra/osh-infra-mariadb/mariadb.yaml index 5ef0ded12..dff8f531b 100644 --- a/global/software/charts/osh-infra/osh-infra-mariadb/mariadb.yaml +++ b/global/software/charts/osh-infra/osh-infra-mariadb/mariadb.yaml @@ -3,6 +3,8 @@ schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: osh-infra-mariadb + labels: + name: osh-infra-mariadb-global layeringDefinition: abstract: false layer: global diff --git a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus.yaml b/global/software/charts/osh-infra/osh-infra-monitoring/prometheus.yaml index 2be75f150..6c3cd97e6 100644 --- a/global/software/charts/osh-infra/osh-infra-monitoring/prometheus.yaml +++ b/global/software/charts/osh-infra/osh-infra-monitoring/prometheus.yaml @@ -3,6 +3,8 @@ schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: prometheus + labels: + name: prometheus-global layeringDefinition: abstract: false layer: global diff --git a/global/software/charts/osh/openstack-tenant-ceph/ceph-ingress.yaml b/global/software/charts/osh/openstack-tenant-ceph/ceph-ingress.yaml index 0fcc51622..7fd8ddaf0 100644 --- a/global/software/charts/osh/openstack-tenant-ceph/ceph-ingress.yaml +++ b/global/software/charts/osh/openstack-tenant-ceph/ceph-ingress.yaml @@ -3,6 +3,8 @@ schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: tenant-ceph-ingress + labels: + name: tenant-ceph-ingress-global layeringDefinition: abstract: false layer: global diff --git a/global/software/charts/ucp/ceph/ceph-ingress.yaml b/global/software/charts/ucp/ceph/ceph-ingress.yaml index 2e832b4cb..96025f590 100644 --- a/global/software/charts/ucp/ceph/ceph-ingress.yaml +++ b/global/software/charts/ucp/ceph/ceph-ingress.yaml @@ -6,6 +6,8 @@ metadata: layeringDefinition: abstract: false layer: global + labels: + name: ucp-ceph-ingress-global storagePolicy: cleartext substitutions: # Chart source diff --git a/global/software/manifests/bootstrap.yaml b/global/software/manifests/bootstrap.yaml index 5b0ee3259..3db2fa542 100644 --- a/global/software/manifests/bootstrap.yaml +++ b/global/software/manifests/bootstrap.yaml @@ -6,6 +6,8 @@ metadata: layeringDefinition: abstract: false layer: global + labels: + name: cluster-bootstrap-global storagePolicy: cleartext data: release_prefix: airship @@ -28,3 +30,4 @@ data: - ucp-drydock - ucp-promenade - ucp-shipyard +... diff --git a/site/airsloop/baremetal/bootactions/promjoin.yaml b/site/airsloop/baremetal/bootactions/promjoin.yaml new file mode 100644 index 000000000..1042934a5 --- /dev/null +++ b/site/airsloop/baremetal/bootactions/promjoin.yaml @@ -0,0 +1,32 @@ +--- +# This file defines a boot action which is responsible for fetching the node's +# promjoin script from the promenade API. This is the script responsible for +# installing kubernetes on the node and joining the kubernetes cluster. +# #GLOBAL-CANDIDATE# +schema: 'drydock/BootAction/v1' +metadata: + schema: 'metadata/Document/v1' + name: promjoin + storagePolicy: 'cleartext' + layeringDefinition: + abstract: false + layer: site + labels: + application: 'drydock' +data: + signaling: false + # TODO(alanmeadows) move what is global about this document + assets: + - path: /opt/promjoin.sh + type: file + permissions: '555' + # The ip= parameter must match the MaaS network name of the network used + # to contact kubernetes. With a standard, reference Airship deployment where + # L2 networks are shared between all racks, the network name (i.e. calico) + # should be correct. + location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %} + location_pipeline: + - template + data_pipeline: + - utf8_decode +... diff --git a/site/airsloop/baremetal/nodes.yaml b/site/airsloop/baremetal/nodes.yaml new file mode 100644 index 000000000..b360b6a6a --- /dev/null +++ b/site/airsloop/baremetal/nodes.yaml @@ -0,0 +1,65 @@ +--- +# Drydock BaremetalNode resources for a specific rack are stored in this file. +# +# NOTE: For new sites, you should complete the networks/physical/networks.yaml +# file before working on this file. +# +# In this file, you should make the number of `drydock/BaremetalNode/v1` +# resources equal the number of bare metal nodes you have, either by deleting +# excess BaremetalNode definitions (if there are too many), or by copying and +# pasting the last BaremetalNode in the file until you have the correct number +# of baremetal nodes (if there are too few). +# +# Then in each file, address all additional NEWSITE-CHANGEME markers to update +# the data in these files with the right values for your new site. +# +# *NOTE: The Genesis node is counted as one of the control plane nodes. Note +# that the Genesis node does not appear on this bare metal list, because the +# procedure to reprovision the Genesis host with MaaS has not yet been +# implemented. Therefore there will be only three bare metal nodes in this file +# with the 'masters' tag, as the genesis roles are assigned in a difference +# place (profiles/genesis.yaml). +# NOTE: The host profiles for the control plane are further divided into two +# variants: primary and secondary. The only significance this has is that the +# "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph +# standby nodes. For Ceph quorum, this means that the control plane split will +# be 3 primary + 1 standby host profile, and the Genesis node counts toward one +# of the 3 primary profiles. Other control plane services are not affected by +# primary vs secondary designation. +# +# TODO: Include the hostname naming convention +# +schema: 'drydock/BaremetalNode/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: The next node's hostname + name: airsloop-compute-1 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: The next node's IPv4 addressing + addressing: + - network: oob + address: 10.22.104.22 + - network: pxe + address: 10.22.70.22 + - network: oam + address: 10.22.71.22 + - network: calico + address: 10.22.72.22 + - network: storage + address: 10.22.73.22 + - network: overlay + address: 10.22.74.22 + # NEWSITE-CHANGEME: The next node's host profile + # This is the third "primary" control plane profile after genesis + host_profile: compute_r720xd + metadata: + # NEWSITE-CHANGEME: The next node's rack designation + rack: cab22 + # NEWSITE-CHANGEME: The next node's role desigatnion + tags: + - 'workers' +... diff --git a/site/airsloop/deployment/deployment-configuration.yaml b/site/airsloop/deployment/deployment-configuration.yaml new file mode 100644 index 000000000..3f82996c3 --- /dev/null +++ b/site/airsloop/deployment/deployment-configuration.yaml @@ -0,0 +1,41 @@ +--- +# The purpose of this file is to provide shipyard related deployment config +# parameters. This should not require modification for a new site. However, +# shipyard deployment strategies can be very useful in getting around certain +# failures, like misbehaving nodes that hold up the deployment. See more at +# https://github.com/openstack/airship-shipyard/blob/master/docs/source/site-definition-documents.rst#using-a-deployment-strategy +schema: shipyard/DeploymentConfiguration/v1 +metadata: + schema: metadata/Document/v1 + name: deployment-configuration + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + physical_provisioner: + deployment_strategy: deployment-strategy + deploy_interval: 30 + deploy_timeout: 3600 + destroy_interval: 30 + destroy_timeout: 900 + join_wait: 0 + prepare_node_interval: 30 + prepare_node_timeout: 1800 + prepare_site_interval: 10 + prepare_site_timeout: 300 + verify_interval: 10 + verify_timeout: 60 + kubernetes_provisioner: + drain_timeout: 3600 + drain_grace_period: 1800 + clear_labels_timeout: 1800 + remove_etcd_timeout: 1800 + etcd_ready_timeout: 600 + armada: + get_releases_timeout: 300 + get_status_timeout: 300 + manifest: 'full-site' + post_apply_timeout: 7200 + validate_design_timeout: 600 +... diff --git a/site/airsloop/networks/common-addresses.yaml b/site/airsloop/networks/common-addresses.yaml new file mode 100644 index 000000000..516c10168 --- /dev/null +++ b/site/airsloop/networks/common-addresses.yaml @@ -0,0 +1,154 @@ +--- +# The purpose of this file is to define network related paramters that are +# referenced elsewhere in the manifests for this site. +# +# TODO: Include bare metal host FQDN naming standards +# TODO: Include ingress FQDN naming standards +schema: pegleg/CommonAddresses/v1 +metadata: + schema: metadata/Document/v1 + name: common-addresses + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + calico: + # NEWSITE-CHANGEME: The interface that calico will use. Update if your + # logical bond interface name or calico VLAN have changed from the reference + # site design. + # This should be whichever + # bond and VLAN number specified in networks/physical/networks.yaml for the Calico + # network. E.g. VLAN 22 for the calico network as a member of bond0, you + # would set "interface=bond0.22" as shown here. + ip_autodetection_method: interface=enp67s0f0.72 + etcd: + # etcd service IP address + service_ip: 10.96.232.136 + + dns: + # Kubernetes cluster domain. Do not change. This is internal to the cluster. + cluster_domain: cluster.local + # DNS service ip + service_ip: 10.96.0.10 + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 + - 208.67.222.222 + # Repeat the same values as above, but formatted as a common separated + # string + upstream_servers_joined: 8.8.8.8,8.8.4.4,208.67.222.222 + # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point) + # Choose FQDN according to the ingress/public FQDN naming conventions at + # the top of this document. + ingress_domain: atlantafoundry.com + + genesis: + # NEWSITE-CHANGEME: Update with the hostname for the node which will take on + # the Genesis role. Refer to the hostname naming stardards in + # networks/physical/networks.yaml + # NOTE: Ensure that the genesis node is manually configured with this + # hostname before running `genesis.sh` on the node. + hostname: airsloop-control-1 + # NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for + # the calico network defined in networks/physical/networks.yaml for this IP. + ip: 10.22.72.21 + + bootstrap: + # NEWSITE-CHANGEME: Update with the "start" value/IP of the static range + # defined for the pxe network in networks/physical/networks.yaml + ip: 10.22.70.21 + + kubernetes: + # K8s API service IP + api_service_ip: 10.96.0.1 + # etcd service IP + etcd_service_ip: 10.96.0.2 + # k8s pod CIDR (network which pod traffic will traverse) + pod_cidr: 10.97.0.0/16 + # k8s service CIDR (network which k8s API traffic will traverse) + service_cidr: 10.96.0.0/16 + # misc k8s port settings + apiserver_port: 6443 + haproxy_port: 6553 + service_node_port_range: 30000-32767 + + # etcd port settings + etcd: + container_port: 2379 + haproxy_port: 2378 + + # NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the + # control plane servers. Ensure that this matches the nodes with the 'masters' + # tags applied in baremetal/nodes.yaml + masters: + - hostname: airsloop-control-2 + - hostname: airsloop-control-3 + + # NEWSITE-CHANGEME: Environment proxy information. + # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section + # should be commented out. + # However if you are in a lab that requires proxy, ensure that these proxy + # settings are correct and reachable in your environment; otherwise update + # them with the correct values for your environment. + proxy: + http: "" + https: "" + no_proxy: [] + + node_ports: + drydock_api: 30000 + maas_api: 30001 + maas_proxy: 31800 # hardcoded in MAAS + + ntp: + # comma separated NTP server list. Verify that these upstream NTP servers are + # reachable in your environment; otherwise update them with the correct + # values for your environment. + servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org' + + # NOTE: This will be updated soon + ldap: + # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is + # relevant for your type of deployment (test vs prod values, etc). + base_url: 'ldap.example.com' + # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI + url: 'ldap://ldap.example.com' + # NEWSITE-CHANGEME: Update to the correct expression relevant for this + # deployment (test vs prod values, etc) + auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com + # NEWSITE-CHANGEME: Update to the correct AD group that contains the users + # relevant for this deployment (test users vs prod users/values, etc) + common_name: test + # NEWSITE-CHANGEME: Update to the correct subdomain for your type of + # deployment (test vs prod values, etc) + subdomain: test + # NEWSITE-CHANGEME: Update to the correct domain for your type of + # deployment (test vs prod values, etc) + domain: example + + storage: + ceph: + # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR + # used for the `storage` network in networks/physical/networks.yaml + public_cidr: '10.22.73.0/24' + cluster_cidr: '10.22.73.0/24' + + neutron: + # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and + # VLAN number are consistent with what's defined for the bond and the overlay + # network in networks/physical/networks.yaml + tunnel_device: 'enp67s0f0.74' + # bond which the overlay is a member of. Ensure the bond name is consistent + # with the bond assigned to the overlay network in + # networks/physical/networks.yaml + external_iface: 'enp67s0f0' + + openvswitch: + # bond which the overlay is a member of. Ensure the bond name is consistent + # with the bond assigned to the overlay network in + # networks/physical/networks.yaml + external_iface: 'enp67s0f0' +... diff --git a/site/airsloop/networks/physical/networks.yaml b/site/airsloop/networks/physical/networks.yaml new file mode 100644 index 000000000..822bdbaa2 --- /dev/null +++ b/site/airsloop/networks/physical/networks.yaml @@ -0,0 +1,290 @@ +--- +# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1 +# devices) and Networks (i.e. layer 3 configurations). The following is standard +# for the logical networks in Airship: +# +# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+ +# | Network | | Per-rack or | | | VLAN tagged | +# | Name | Purpose | per-site CIDR? | Has gateway? | Bond | or untagged? | +# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+ +# | oob | Out of Band devices (iDrac/iLo) | per-site CIDR | Has gateway | No bond, N/A | Untagged/Native | +# | pxe | PXE boot network | per-site CIDR | No gateway | No bond, no LACP fallback. Dedicated PXE interface | Untagged/Native | +# | oam | management network | per-site CIDR | Has gateway | member of bond0 | tagged | +# | storage | storage network | per-site CIDR | No gateway | member of bond0 | tagged | +# | calico | underlay calico net; k8s traffic | per-site CIDR | No gateway | member of bond0 | tagged | +# | overlay | overlay network for openstack SDN | per-site CIDR | No gateway | member of bond0 | tagged | +# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+ +# +# For standard Airship deployments, you should not need to modify the number of +# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should +# need editing. +# +# TODO: Given that we expect all network broadcast domains to span all racks in +# Airship, we should choose network names that do not include the rack number. +# +# TODO: FQDN naming standards for hosts +# +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # MaaS doesnt own this network like it does the others, so the noconfig label + # is specified. + labels: + noconfig: enabled + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: oob + allowed_networks: + - oob +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR + cidr: 10.22.104.0/24 + routes: + # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP + - subnet: '0.0.0.0/0' + gateway: 10.22.104.1 + metric: 100 + # NEWSITE-CHANGEME: Update with the site's out-of-band IP allocation range + # FIXME: Is this IP range actually used/allocated for anything? The HW already + # has its OOB IPs assigned. None of the Ubuntu OS's should need IPs on OOB + # network either, as they should be routable via the default gw on OAM network + ranges: + - type: static + start: 10.22.104.21 + end: 10.22.104.22 +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: pxe + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: pxe + allowed_networks: + - pxe +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: pxe + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's PXE network CIDR + # NOTE: The CIDR minimum size = (number of nodes * 2) + 10 + cidr: 10.22.70.0/24 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Set the OAM network gateway IP address + gateway: 10.22.70.1 + metric: 100 + # NOTE: The first 10 IPs in the subnet are reserved for network infrastructure. + # The remainder of the range is divided between two subnets of equal size: + # one static, and one DHCP. + # The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets + # assigned), and when a node is commissioning in MaaS (also uses DHCP to get + # its IP address). However, when MaaS installs the operating system + # ("Deploying/Deployed" states), it will write a static IP assignment to + # /etc/network/interfaces[.d] with IPs from the "static" subnet defined here. + ranges: + # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR + - type: reserved + start: 10.22.70.1 + end: 10.22.70.10 + # NEWSITE-CHANGEME: Update to the first half of the remaining range after + # excluding the 10 reserved IPs. + - type: static + start: 10.22.70.21 + end: 10.22.70.31 + # NEWSITE-CHANGEME: Update to the second half of the remaining range after + # excluding the 10 reserved IPs. + - type: dhcp + start: 10.22.70.40 + end: 10.22.70.80 + dns: + # NEWSITE-CHANGEME: FQDN for bare metal nodes. + # Choose FQDN according to the node FQDN naming conventions at the top of + # this document. + domain: atlantafoundry.com + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + # TODO: This should be populated via substitution from common-addresses + servers: '8.8.8.8,8.8.4.4,208.67.222.222' +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: data + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: 802.1q + allowed_networks: + - oam + - storage + - overlay + - calico +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: oam + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the OAM network is on + vlan: '71' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the OAM network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.22.71.0/24 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Set the OAM network gateway IP address + gateway: 10.22.71.1 + metric: 100 + ranges: + # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR + - type: reserved + start: 10.22.71.1 + end: 10.22.71.10 + # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10 + # 10 reserved IPs. + - type: static + start: 10.22.71.21 + end: 10.22.71.31 + dns: + # NEWSITE-CHANGEME: FQDN for bare metal nodes. + # Choose FQDN according to the node FQDN naming conventions at the top of + # this document. + domain: atlantafoundry.com + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + # TODO: This should be populated via substitution from common-addresses + servers: '8.8.8.8,8.8.4.4' +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: calico + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the calico network is on + vlan: '72' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the calico network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.22.72.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR + - type: reserved + start: 10.22.72.1 + end: 10.22.72.10 + # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10 + # 10 reserved IPs. + - type: static + start: 10.22.72.21 + end: 10.22.72.31 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: storage + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on + vlan: '73' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the storage network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.22.73.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR + - type: reserved + start: 10.22.73.1 + end: 10.22.73.10 + # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10 + # 10 reserved IPs. + - type: static + start: 10.22.73.21 + end: 10.22.73.31 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: overlay + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the overlay network is on + vlan: '74' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the overlay network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.22.74.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR + - type: reserved + start: 10.22.74.1 + end: 10.22.74.10 + # NEWSITE-CHANGEME: Update to the remaining range after excluding the 10 + # 10 reserved IPs. + - type: static + start: 10.22.74.21 + end: 10.22.74.31 +... diff --git a/site/airsloop/pki/pki-catalog.yaml b/site/airsloop/pki/pki-catalog.yaml new file mode 100644 index 000000000..ae96bacf0 --- /dev/null +++ b/site/airsloop/pki/pki-catalog.yaml @@ -0,0 +1,285 @@ +--- +# The purpose of this file is to define the PKI certificates for the environment +# +# NOTE: When deploying a new site, this file should not be configured until +# baremetal/nodes.yaml is complete. +# +schema: promenade/PKICatalog/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-certificates + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + certificate_authorities: + kubernetes: + description: CA for Kubernetes components + certificates: + - document_name: apiserver + description: Service certificate for Kubernetes apiserver + common_name: apiserver + hosts: + - localhost + - 127.0.0.1 + # FIXME: Repetition of api_service_ip in common-addresses; use + # substitution + - 10.96.0.1 + kubernetes_service_names: + - kubernetes.default.svc.cluster.local + + # NEWSITE-CHANGEME: The following should be a list of all the nodes in + # the environment (genesis, control plane, data plane, everything). + # Add/delete from this list as necessary until all nodes are listed. + # For each node, the `hosts` list should be comprised of: + # 1. The node's hostname, as already defined in baremetal/nodes.yaml + # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml + # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml + # NOTE: This list also needs to include the Genesis node, which is not + # listed in baremetal/nodes.yaml, but by convention should be allocated + # the first non-reserved IP in each logical network allocation range + # defined in networks/physical/networks.yaml + # NOTE: The genesis node needs to be defined twice (the first two entries + # on this list) with all of the same paramters except the document_name. + # In the first case the document_name is `kubelet-genesis`, and in the + # second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`. + - document_name: kubelet-genesis + common_name: system:node:airsloop-control-1 + hosts: + - airsloop-control-1 + - 10.22.72.21 + groups: + - system:nodes + - document_name: kubelet-airsloop-control-1 + common_name: system:node:airsloop-control-1 + hosts: + - airsloop-control-1 + - 10.22.72.21 + groups: + - system:nodes + - document_name: kubelet-airsloop-control-2 + common_name: system:node:airsloop-control-2 + hosts: + - airsloop-control-2 + - 10.23.22.12 + groups: + - system:nodes + - document_name: kubelet-airsloop-control-3 + common_name: system:node:airsloop-control-3 + hosts: + - airsloop-control-3 + - 10.23.22.13 + groups: + - system:nodes + - document_name: kubelet-airsloop-compute-1 + common_name: system:node:airsloop-compute-1 + hosts: + - airsloop-compute-1 + - 10.23.22.14 + groups: + - system:nodes + # End node list + - document_name: scheduler + description: Service certificate for Kubernetes scheduler + common_name: system:kube-scheduler + - document_name: controller-manager + description: certificate for controller-manager + common_name: system:kube-controller-manager + - document_name: admin + common_name: admin + groups: + - system:masters + - document_name: armada + common_name: armada + groups: + - system:masters + kubernetes-etcd: + description: Certificates for Kubernetes's etcd servers + certificates: + - document_name: apiserver-etcd + description: etcd client certificate for use by Kubernetes apiserver + common_name: apiserver + # NOTE(mark-burnett): hosts not required for client certificates + - document_name: kubernetes-etcd-anchor + description: anchor + common_name: anchor + # NEWSITE-CHANGEME: The following should be a list of the control plane + # nodes in the environment, including genesis. + # For each node, the `hosts` list should be comprised of: + # 1. The node's hostname, as already defined in baremetal/nodes.yaml + # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml + # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml + # 4. 127.0.0.1 + # 5. localhost + # 6. kubernetes-etcd.kube-system.svc.cluster.local + # NOTE: This list also needs to include the Genesis node, which is not + # listed in baremetal/nodes.yaml, but by convention should be allocated + # the first non-reserved IP in each logical network allocation range + # defined in networks/physical/networks.yaml, except for the kubernetes + # service_cidr where it should start with the second IP in the range. + # NOTE: The genesis node is defined twice with the same `hosts` data: + # Once with its hostname in the common/document name, and once with + # `genesis` defined instead of the host. For now, this duplicated + # genesis definition is required. FIXME: Remove duplicate definition + # after Promenade addresses this issue. + - document_name: kubernetes-etcd-genesis + common_name: kubernetes-etcd-genesis + hosts: + - airsloop-control-1 + - 10.22.72.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-airsloop-control-1 + common_name: kubernetes-etcd-airsloop-control-1 + hosts: + - airsloop-control-1 + - 10.22.72.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-airsloop-control-2 + common_name: kubernetes-etcd-airsloop-control-2 + hosts: + - airsloop-control-2 + - 10.23.22.12 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-airsloop-control-3 + common_name: kubernetes-etcd-airsloop-control-3 + hosts: + - airsloop-control-3 + - 10.23.22.13 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + # End node list + kubernetes-etcd-peer: + certificates: + # NEWSITE-CHANGEME: This list should be identical to the previous list, + # except that `-peer` has been appended to the document/common names. + - document_name: kubernetes-etcd-genesis-peer + common_name: kubernetes-etcd-genesis-peer + hosts: + - airsloop-control-1 + - 10.22.72.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-airsloop-control-1-peer + common_name: kubernetes-etcd-airsloop-control-1-peer + hosts: + - airsloop-control-1 + - 10.22.72.21 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-airsloop-control-2-peer + common_name: kubernetes-etcd-airsloop-control-2-peer + hosts: + - airsloop-control-2 + - 10.23.22.12 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-airsloop-control-3-peer + common_name: kubernetes-etcd-airsloop-control-3-peer + hosts: + - airsloop-control-3 + - 10.23.22.13 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + # End node list + calico-etcd: + description: Certificates for Calico etcd client traffic + certificates: + - document_name: calico-etcd-anchor + description: anchor + common_name: anchor + # NEWSITE-CHANGEME: The following should be a list of the control plane + # nodes in the environment, including genesis. + # For each node, the `hosts` list should be comprised of: + # 1. The node's hostname, as already defined in baremetal/nodes.yaml + # 2. The node's oam IP address, as already defined in baremetal/nodes.yaml + # 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml + # 4. 127.0.0.1 + # 5. localhost + # 6. The calico/etcd/service_ip defined in networks/common-addresses.yaml + # NOTE: This list also needs to include the Genesis node, which is not + # listed in baremetal/nodes.yaml, but by convention should be allocated + # the first non-reserved IP in each logical network allocation range + # defined in networks/physical/networks.yaml + - document_name: calico-etcd-airsloop-control-1 + common_name: calico-etcd-airsloop-control-1 + hosts: + - airsloop-control-1 + - 10.22.72.21 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-airsloop-control-2 + common_name: calico-etcd-airsloop-control-2 + hosts: + - airsloop-control-2 + - 10.23.22.12 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-airsloop-control-3 + common_name: calico-etcd-airsloop-control-3 + hosts: + - airsloop-control-3 + - 10.23.22.13 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node + common_name: calcico-node + # End node list + calico-etcd-peer: + description: Certificates for Calico etcd clients + certificates: + # NEWSITE-CHANGEME: This list should be identical to the previous list, + # except that `-peer` has been appended to the document/common names. + - document_name: calico-etcd-airsloop-control-1-peer + common_name: calico-etcd-airsloop-control-1-peer + hosts: + - airsloop-control-1 + - 10.22.72.21 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-airsloop-control-2-peer + common_name: calico-etcd-airsloop-control-2-peer + hosts: + - airsloop-control-2 + - 10.23.22.12 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-airsloop-control-3-peer + common_name: calico-etcd-airsloop-control-3-peer + hosts: + - airsloop-control-3 + - 10.23.22.13 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node-peer + common_name: calcico-node-peer + # End node list + keypairs: + - name: service-account + description: Service account signing key for use by Kubernetes controller-manager. +... diff --git a/site/airsloop/profiles/genesis.yaml b/site/airsloop/profiles/genesis.yaml new file mode 100644 index 000000000..3e4663e29 --- /dev/null +++ b/site/airsloop/profiles/genesis.yaml @@ -0,0 +1,49 @@ +--- +# The purpose of this file is to apply proper labels to Genesis node so the +# proper services are installed and proper configuration applied. This should +# not need to be changed for a new site. +# #GLOBAL-CANDIDATE# +schema: promenade/Genesis/v1 +metadata: + schema: metadata/Document/v1 + name: genesis-site + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: genesis-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + labels: + dynamic: + - beta.kubernetes.io/fluentd-ds-ready=true + - calico-etcd=enabled + - ceph-mds=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-rgw=enabled + - ceph-mgr=enabled + - ceph-bootstrap=enabled + - tenant-ceph-control-plane=enabled + - tenant-ceph-mon=enabled + - tenant-ceph-rgw=enabled + - tenant-ceph-mgr=enabled + - kube-dns=enabled + - kube-ingress=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - promenade-genesis=enabled + - ucp-control-plane=enabled + - maas-control-plane=enabled + - ceph-osd-bootstrap=enabled + - openstack-control-plane=enabled + - openvswitch=enabled + - openstack-l3-agent=enabled + - node-exporter=enabled + - fluentd=enabled +... diff --git a/site/airsloop/profiles/hardware/dell_r720xd.yaml b/site/airsloop/profiles/hardware/dell_r720xd.yaml new file mode 100644 index 000000000..6455d99eb --- /dev/null +++ b/site/airsloop/profiles/hardware/dell_r720xd.yaml @@ -0,0 +1,49 @@ +--- +schema: 'drydock/HardwareProfile/v1' +metadata: + schema: 'metadata/Document/v1' + name: dell_r720xd + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # Vendor of the server chassis + vendor: DELL + # Generation of the chassis model + generation: '8' + # Version of the chassis model within its generation - not version of the hardware definition + hw_version: '3' + # The certified version of the chassis BIOS + bios_version: '2.2.3' + # Mode of the default boot of hardware - bios, uefi + boot_mode: bios + # Protocol of boot of the hardware - pxe, usb, hdd + bootstrap_protocol: pxe + # Which interface to use for network booting within the OOB manager, not OS device + pxe_interface: 0 + # Map hardware addresses to aliases/roles to allow a mix of hardware configs + # in a site to result in a consistent configuration + device_aliases: + + ## network + # eno1 + pxe_nic01: + address: '0000:01:00.0' + # type could identify expected hardware - used for hardware manifest validation + dev_type: 'I350 Gigabit Network Connection' + bus_type: 'pci' + # enp67s0f0 + data_nic01: + address: '0000:43:00.0' + dev_type: 'Ethernet 10G 2P X520 Adapter' + bus_type: 'pci' + # enp67s0f1 + + ## storage + # /dev/sda + bootdisk: + address: '0:2.0.0' + dev_type: 'PERC H710P' + bus_type: 'scsi' +... diff --git a/site/airsloop/profiles/host/compute.yaml b/site/airsloop/profiles/host/compute.yaml new file mode 100644 index 000000000..9943b9af9 --- /dev/null +++ b/site/airsloop/profiles/host/compute.yaml @@ -0,0 +1,80 @@ +--- +# The data plane host profile for Airship for DELL R720s, and should +# not need to be altered if you are using matching HW. The host profile is setup +# for cpu isolation (for nova pinning), hugepages, and sr-iov. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: compute_r720xd + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: dp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: dell_r720xd + + primary_network: oam + interfaces: + pxe: + device_link: pxe + slaves: + - pxe_nic01 + networks: + - pxe + data: + device_link: data + slaves: + - data_nic01 + networks: + - oam + - storage + - overlay + - calico + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var_log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + platform: + image: 'xenial' + kernel: 'ga-16.04' + kernel_params: + kernel_package: 'linux-image-4.4.0-137-generic' +... diff --git a/site/airsloop/profiles/region.yaml b/site/airsloop/profiles/region.yaml new file mode 100644 index 000000000..cff4734c4 --- /dev/null +++ b/site/airsloop/profiles/region.yaml @@ -0,0 +1,53 @@ +--- +# The purpose of this file is to define the drydock Region, which in turn drives +# the MaaS region. +schema: 'drydock/Region/v1' +metadata: + schema: 'metadata/Document/v1' + # NEWSITE-CHANGEME: Replace with the site name + name: airsloop + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the + # list of authorized keys which MaaS will register for the build-in "ubuntu" + # account during the PXE process. Create a substitution rule for each SSH + # key that should have access to the "ubuntu" account (useful for trouble- + # shooting problems before UAM or UAM-lite is operational). SSH keys are + # stored as secrets in site/airsloop/secrets. + - dest: + # Add/replace the first item in the list + path: .authorized_keys[0] + src: + schema: deckhand/PublicKey/v1 + # This should match the "name" metadata of the SSH key which will be + # substituted, located in site/airsloop/secrets folder. + name: airsloop_ssh_public_key + path: . + - dest: + path: .repositories.main_archive + src: + schema: pegleg/SoftwareVersions/v1 + name: software-versions + path: .packages.repositories.main_archive + # Second key example + #- dest: + # # Increment the list index + # path: .authorized_keys[1] + # src: + # schema: deckhand/PublicKey/v1 + # # your ssh key + # name: MY_USER_ssh_public_key + # path: . +data: + tag_definitions: [] + # This is the list of SSH keys which MaaS will register for the built-in + # "ubuntu" account during the PXE process. This list is populated by + # substitution, so the same SSH keys do not need to be repeated in multiple + # manifests. + authorized_keys: [] + repositories: + remove_unlisted: true +... diff --git a/site/airsloop/secrets/certificates/certificates.yaml b/site/airsloop/secrets/certificates/certificates.yaml new file mode 100644 index 000000000..cda26cfef --- /dev/null +++ b/site/airsloop/secrets/certificates/certificates.yaml @@ -0,0 +1,2387 @@ +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSDCCAjCgAwIBAgIUPpb5ExrCoa1ZJKC6WZS+LgwCJnMwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yNDA0MTAxNTE5MDBaMCoxEzARBgNVBAoTCkt1YmVy + bmV0ZXMxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQC36DZiGO27VQ8M2YWRD5nUW7f4tBSv3xoBmIqvwJCLgfiZ4wn3 + 3ll12fpR1AMzg599ZiUMnA1JAriRy83aFr3neVLotwos6x+jAEEHXcIUKbdm7C7t + KcaP+LRsoqk5PmLoelfgDoR+cKu63ZHhXGOsP1+hoLmazJVy/yUZhWDJZlZfLmMA + WovQJa1vtTwmmbF/Xrsn5rvdziySs6PO+lpSyYYmHbJMrQ9M01oOCCm6adoN7jbV + HGlS6u2OkFPLMRjNpSFa0ZqnBw8Q+uYkVMq5pSnTe/7itE0Ir6Spv5YzDWku534q + YVfoZR4A352FGd5CzKFS6AcdPs7vt8WF4HlDAgMBAAGjZjBkMA4GA1UdDwEB/wQE + AwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTmP0cncsa93OpenmJX + 2nH5gC/lDzAfBgNVHSMEGDAWgBTmP0cncsa93OpenmJX2nH5gC/lDzANBgkqhkiG + 9w0BAQsFAAOCAQEAl/6QL2grTmxksxsrPro0x9Kd5Cnm62Cj+BUV/W80fgvSlKXp + O9PWct02TG77T7hE/H96/edt3rUROu2auUI1JwzJUFQeIdwjo14Cpttdc+e8IkN5 + v/vv245WPOP5I580nMbNwqMreG5mBr74vcuXeh7wgIAbomjl54p4JTofmAeddPW+ + 6uPtG9WOpTb/XFPvMzsqkWHUprOAJqEqmOYxB8X6FqQ5O/JvWAGzZU865HOAQ7kn + ZUQId03SwsrCKLzur8SQMN2XulRJzKGnGt4lGiWAHWa3KkJHpH3nMSplregAHtqp + S6qQc6MZtBH5I6goaU2whtcaLVCujSYRBe8MVg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUjCCAjqgAwIBAgIUHX9RM/CQw+uyaw564CkVwWBZw7owDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDQxMjE1MTkwMFoXDTI0MDQxMDE1MTkwMFowLzETMBEGA1UEChMK + S3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1ldGNkMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHZ4cAqdt5yfV70m+Ct/amaR4BzgUQhZJn/d + KEVgJ0/8td9177CuAvavwGKpVlOVeHiOPoOZ95V7tTNwLY1G7bGVno8ZGv5ZrjOf + 2SEoBKY4UmcHLBoGlkbGc6yogNE6ckrY37kLJ+/lLUHpXCRWxhjLo21EytSEEOuV + hHmdOEJ6a0WYaxQyjZQFdyyYbawW7jxzTXTuH1WArDuIdOH1YeTUHzdDh2ADAjUP + zMR/w6RgXvd7c6TYTmkyxwIFZb+C6huTrRXztepb8N1PFGN6o5ZodBqVVpHKtHFF + HjPvK1rweh20hvd0ArlCzFVKCKU+XODQYH00w6pUirLtIo5l1wIDAQABo2YwZDAO + BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUOv1V + duFvmhpmtKUlPNJr7M6bVBEwHwYDVR0jBBgwFoAUOv1VduFvmhpmtKUlPNJr7M6b + VBEwDQYJKoZIhvcNAQELBQADggEBADwHeX90fHprbehjCHggKGEBLe7LtFBJjffw + PhDAqmkHXt/hzJ97uzJH75nJpj900E6nPjM00XJi8PUNsCpAzun3C5QycY0UH6bV + c7nCYQvpemzYIKWRENRps3EVUlOoVYBpOcbsp8qF51R40woKDunSi81pg8TKE2cj + z2AqUSJHs4WMvN7GLOgDvCttvq52eJHp1t5x7SO8UE5dX9nJgPZdPZHLyJixMLIK + DYG8Lwlmk4tDBBBjMBjzB6+oI0IlMWFLuC5+u6pT6m5MHMQUrkHHiN1cG6Qbg3eI + f2y50NhyzyWR73zZMfMyQYABNbBqvy8pQ/i+/y0uFn2qVXQLgLw= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDXDCCAkSgAwIBAgIULxkj28Vji1jbPvUjZxQOGiI4CEcwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNDEyMTUxOTAwWhcNMjQwNDEwMTUxOTAwWjA0MRMwEQYD + VQQKEwpLdWJlcm5ldGVzMR0wGwYDVQQDExRrdWJlcm5ldGVzLWV0Y2QtcGVlcjCC + ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdp4FyXHjKx2g2DjJFov/Zc + o0uV9xP0fT3xYXyzgXMMqqUHf4u/lZyZ8GIJIQloM4rw/wt1Y27uV4uKwz1PW4Y8 + 96/O2uypv6feFeW/iwTIa+vglJ+qMgKYbDKLC0New6sRYsKvWg3gIjdvSYutK30i + z1zMEtQAjCDFLEr5VxLurYrBGRHXib1ijTNInmF0vj3lSHvh0iW9zVY5u5NJXazP + aPO4OeIz6N3rfOTqopGqbjjDRD+OMNApJTJWa7YVTP6iszwarBEI2bBsSarmMo42 + 3Y94LjUCYRZKEFOKMgm2nbAPCM0Zi3zBeY6zV8pQZB0ymfC5R9GNpOyCVmaZ5KcC + AwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYD + VR0OBBYEFLpMPQ7+dUDc1IobypR0r3fM5Ps2MB8GA1UdIwQYMBaAFLpMPQ7+dUDc + 1IobypR0r3fM5Ps2MA0GCSqGSIb3DQEBCwUAA4IBAQCJLzqDiV6b/8LQ8+KvalPd + UWpZIbDq5WvgBdNnQKuhtXWRjdjxMvblXCed10KImsSGo7VmuEHaRYDK+9soZBlh + iEas74WKJID9M+dwiTt7HiQovPqQpQqLBepXmm0lClpdK6eBhhQZqrmaE9vu5tPu + AhYKUhW90F0EvTcAdFbsWOw6ObGmDVJWNZRshvvgMfXaJgGboAuhUa3j2qfIOQN4 + lFPNXXgLlHl5/u904ah8w40gFQ+9brE0sHD1AB7cGZkush75TS9kuuC7s6sh57qY + eRpsRnGY1NtPESlLfGNm7SM0x+qs9L0HP4OK//A1uXXb1rLkb4izq4Kc7uP8x56n + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSjCCAjKgAwIBAgIUC4DRnxMvF6eINDCAsL0prM82stYwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNDEyMTUxOTAwWhcNMjQwNDEwMTUxOTAwWjArMRMwEQYDVQQKEwpLdWJl + cm5ldGVzMRQwEgYDVQQDEwtjYWxpY28tZXRjZDCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBAMzqr9QzzP6f0CgSXHL1klaVFmTWeMrUvN1sd6d723SciClL + 36PZRZtLwgrcn+KezdLvr+dKnPFqbmtRCyxWeSgnjrIZzbTL5PK15byT/O8khkP/ + KZzcqOjnzQVRDvY8H+TMYHfUEBsO4qjC9hjNRUjWCLTltNI2gH91pNiRnnf09W/L + OeM3+W8uKJNP0dQWMgkULApxx7cFR0dxMZzE6qXbAFnbJPKsgMGDljGJEbeuv4V7 + iGv2vUIWFtVhY1VbZuMawjkDweINghy1scl7UgHI0s3uN6naTDOfUWtCzQP0CdME + cD1QiMFyraGEipxdeDWx//8mBg02J5t6MRJ18wcCAwEAAaNmMGQwDgYDVR0PAQH/ + BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFPaKGF9tFiakDmPl + 9rrS7A+4Pc/SMB8GA1UdIwQYMBaAFPaKGF9tFiakDmPl9rrS7A+4Pc/SMA0GCSqG + SIb3DQEBCwUAA4IBAQCQlUAh3rDjlZv6FEFfaTSItMnlghClV22QO6D+KMxnNkSM + mp2NNz8WVnX3LE2yZh+JBbLm42DEQ8tayoFKTSuaF+z4Mocc/K+sb5U8vQrOayEj + pmE25R+nQVbBTO3+p0drN2y1wT33u4RuxiIi4KRzIDymRgW3l+YFlW8YOhMAKK/X + wb2nHKqfYWl7WSaJKduhdr/WT+Vjw56NnzKbpMrHp+kZYb+1xn1gmMnUUSBbQlU1 + JmLrCjTpuooC6yUnj/KJRobtiIJb/T6xDmwl1EmZjgpQlphvC03aKzckmxpElx+j + s00hhpv+VNcsz0X5+fMGkd4cajVqdF/0K9mP7yPZ + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVDCCAjygAwIBAgIUUNx/pecqR7xKnIP9fQArzA3FErYwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA0MTIxNTE5MDBaFw0yNDA0MTAxNTE5MDBaMDAxEzARBgNVBAoT + Ckt1YmVybmV0ZXMxGTAXBgNVBAMTEGNhbGljby1ldGNkLXBlZXIwggEiMA0GCSqG + SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy80TS4kotzONx7qhtr3r2Qka8BTZ0V8LV + eETOxy/nN6WI8eXIH0lNz4ItPycuY9x1TXd7uNUjNOgkkEjGH+eyS7ENUtSOXhFy + nh+pYdV6waTc14khspL1ZKId8brOL/1mmgMaXSLdS70lBLWNJmgLCnGIxXqku/8m + 6V0ELGRg6axpTFwe4Fla3LJ+neZvgT3G41u1hqTQZ1Ij1SoglyQnfbdSttqurVlX + SrzfpbjopSwfGbTvJgjrVGLjV/tLJ/Ac/OFFPlUj7tW37ahvAUl34zrb+jq7/0kn + c6W+URyamRdwGHXGBw1j5kKrKjadrtcQFXE+SLHMq2J9xQxpufvZAgMBAAGjZjBk + MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTP + NJMK2wjU3Fxtj3TjWbe9gytLbTAfBgNVHSMEGDAWgBTPNJMK2wjU3Fxtj3TjWbe9 + gytLbTANBgkqhkiG9w0BAQsFAAOCAQEAEyPgGZbJ95cIEUbubkvK0tUxVNlpHofT + 8DhPcJEqcIlM+8EA9yshCr2WGuMzc4we6ub+UMWgfHhhUwUeZroPaJhiVvXX381m + nNhZZm3kSTKL76SK1Qt6BnB0f1MbfK3ZnVkixWGys/fMFxIcUiazQifle+FqSsME + g3qDCwhmxGZbEpgZuzlF8Gw4gTD/iv6n/XZy9Q4QbsmbBGze4ij9zIr/gR2RbI92 + ZPb+sp/MZmjMuBnXASktsNhWSr5iYzDUBqQSZm+kFXJS3GM6WiMJ8HvlhePkPVR8 + lvJTn3M2TBr875W7dWKroUrNLENnriT+B923f1gb7g/YS+wsgftHOQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthority/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAt+g2Yhjtu1UPDNmFkQ+Z1Fu3+LQUr98aAZiKr8CQi4H4meMJ + 995Zddn6UdQDM4OffWYlDJwNSQK4kcvN2ha953lS6LcKLOsfowBBB13CFCm3Zuwu + 7SnGj/i0bKKpOT5i6HpX4A6EfnCrut2R4VxjrD9foaC5msyVcv8lGYVgyWZWXy5j + AFqL0CWtb7U8Jpmxf167J+a73c4skrOjzvpaUsmGJh2yTK0PTNNaDggpumnaDe42 + 1RxpUurtjpBTyzEYzaUhWtGapwcPEPrmJFTKuaUp03v+4rRNCK+kqb+WMw1pLud+ + KmFX6GUeAN+dhRneQsyhUugHHT7O77fFheB5QwIDAQABAoIBAGGtO/UuOFXe/3db + sM0y9AkODdBSFQqz/CQM2Nwv8pWmGlvhclHsDqfBdmovqOObbQI1Vkg0OfolL9J/ + 5H2IxqRCk/51+TmSR+NTJza6XXJIFdjcaLAeGBAvj+SDIE3/DJldIX8nNsfRH+TH + +cswPuAlaK13qBzHvDivuwyrApT0lcZtuIhTPjM8UhkvWLjM7ZB0WA0g9VkbX4xu + WasHNcdxQDlpe+V3O7lo6grPNPQRGP+K32E2zsttCwuQPfL9YgsZcDiTJVe8CItx + ays2TdnJ+/J5aMFoooqzBi7Onv5n6K7s7zTmivsl10fbbOykL/dtA4Ox0Dz1qGu5 + wCrpdQECgYEAwdSR+iNBvXx5GHTgC0ighi2YwiFUW0Z8fmVm+wGccHJZkPBTTGTx + U9OzATpzLPpDSW2OhxyTMefgpf/qJ5GenpmFXIHpwLBnmIJTqEk5BDm84jH2IxEZ + 3Cvo+Gx+NQV6rjpaehKfUijSgaAomtE+JcYz7PArPBfNpc9I9rAnF7MCgYEA8uTX + XzqPqusLGAc8nMXtHqE/hsDXq0yIKJ5IM6XDV7xCerEZuu62QHCttP8rydUcaGCQ + 4dHoeT2H6GnK/l33wfsz/AWJyUqSwJP+Noaqn7mvwQmvFGY3J1m0fFUbn1TxdvK+ + kg2Ye/+U1CwYO6gGG7feHFh17KBRDg0tWj6PUDECgYA5S0hLFBjeleiFniaLr1Aj + 2V6KI6f3wwIRqo+iKnu/kU2AVkmJD112VeFXv5tD9EXncobq0TuBSPVSnC7uu1CT + uPV+vrgFyR8WKY/o8pvz780xX2tOOkPWnPQkWo2DxrbYwU71PoPxmTeAMYNPIAKq + z8eRhfyBqteS5469vJwRmQKBgQDcET6ZR0O3xfFtOdFO8X0fTVVzT/GXgGW094PP + V5afPTC2XRNE7Ncvl2erH66a1X1BjIx4LWkFwBwNFR0YTicWF/VHl/T47Zn85Zlj + 6atZwDFfItkAEIRUINCH/cxjFeEYtmK3jZ3kavJ7MeBa3Kd8IaEZ6YQeejo2EvZO + V3QdYQKBgQChpTVC17hUx6Nf9ec1TCbIuB2O5JXnK3HhMiisMFMNpNRg8O17yFGk + ua85OWnmcuvFJB9DwVmU6GWb37MEnopgkaMhxw5whcEsJyjiamV6O16KFt1OIl2F + ZUu/kpUFM+s4kE14h7cusJXKwlbfincZtTN8tbl5gk6V6CiMloclyw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAwHZ4cAqdt5yfV70m+Ct/amaR4BzgUQhZJn/dKEVgJ0/8td91 + 77CuAvavwGKpVlOVeHiOPoOZ95V7tTNwLY1G7bGVno8ZGv5ZrjOf2SEoBKY4UmcH + LBoGlkbGc6yogNE6ckrY37kLJ+/lLUHpXCRWxhjLo21EytSEEOuVhHmdOEJ6a0WY + axQyjZQFdyyYbawW7jxzTXTuH1WArDuIdOH1YeTUHzdDh2ADAjUPzMR/w6RgXvd7 + c6TYTmkyxwIFZb+C6huTrRXztepb8N1PFGN6o5ZodBqVVpHKtHFFHjPvK1rweh20 + hvd0ArlCzFVKCKU+XODQYH00w6pUirLtIo5l1wIDAQABAoIBAQC8qyZTh0Sm+wWF + KCrsew+TyWrVDNmk9g8W2598W83vm8y6qY1eY4+h3hvZ953Sv2s2RtACXlXvy/0S + W5NrRCQ03LI0VkkhGhfl2junyYYGUL/Dn7X7OKQeatEeEjK43OJzqgXCAw75noTG + Aef2aLUbyrDNy071mrDAOYE/9Uv3GhdDIsQC5TF7Gc38zsI/mmNNQ1yzuFEOjSMs + we41ZGVAPXJbBO8iznsE+RpbD6enlVVt8t4oOlx+jJ9XvTXmdzj/3+NryVPo1SnC + d1+P4WuHtMRATxyJrdKWym4eg+zNTD0Xum5Qe/l2xfT3mxZ17C+/BaoL7elzPlqc + dYaoIdKhAoGBAMupHwWdF6suo3lBT3T/lvidFx8Uhorv8+IGySHyGhjD7IP6lgVP + mbYU/C1HNvioSHJm34A+vTWF+qOh2UO4tnwlB0KjcRg/TcdrNsq8UtDzc3jAx8L3 + V1ZkkbZ6rorNOeFKML19foN6OqCYoqak2/coLygcjBj7MBzTwLONgKixAoGBAPHs + o9FCR8qKYVTjQtQyJTieIOLaIET2GIldOheVbk9eBBj59cVVay2SpwWcV3Cgwq4f + 2CUtd5wd53oJWPMSdmXchqtrxPOeQ3iN+2ZgsS/LTaQaAUdOINv3/2I6nlPMWNge + P0onuC+IdADadY5JWlQFG0PFj9HHHYuDu9MguJkHAoGBAIssIh/i7xayw1GMOPEZ + 7CAusWsyypJNUVrnCjFhUUYVNR4ncrdkYwUTqBSE8uLPlNpgxGDN/tyBlvqVEnR9 + 2G5Tm3eFWzaXo94fvQyjzvAtPX6KNrhb79oA1bZedcIyZlg3K8GB7Z+JOmEejR/V + zt9CHZ+Kio5TsNgyOCA7FW2xAoGAIJhfogwqHBH09zj/ghOXjD9R8v6spl36BFf5 + QcAycqMaLjtPb90IacV+l3TvGw+t60QDHU849GHbFEg6IdX0+dhylJoamTBTquSG + YM7aULQ1q8yNK4xNRRXu5M89EdFQjx3ULSuY116tMog8moUrlHJzr/foXr1TL776 + CYI5HPUCgYAtu4zC3pvUvP2F93tHnlfWRRuropjQDzZFqKxqtYM1XMEF6kLVs44r + Go0UomFEYSKTA8XGb/2XfzSaADhr7xaE52ZP0kocG+SEhdGLTvBNNluU1GgSF9d7 + DdztIU+qvrbRwPWuOd2T8YtF8fRt8qkdHm8p89hpMrHx9VXZbytYDQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAx2ngXJceMrHaDYOMkWi/9lyjS5X3E/R9PfFhfLOBcwyqpQd/ + i7+VnJnwYgkhCWgzivD/C3Vjbu5Xi4rDPU9bhjz3r87a7Km/p94V5b+LBMhr6+CU + n6oyAphsMosLQ17DqxFiwq9aDeAiN29Ji60rfSLPXMwS1ACMIMUsSvlXEu6tisEZ + EdeJvWKNM0ieYXS+PeVIe+HSJb3NVjm7k0ldrM9o87g54jPo3et85OqikapuOMNE + P44w0CklMlZrthVM/qKzPBqsEQjZsGxJquYyjjbdj3guNQJhFkoQU4oyCbadsA8I + zRmLfMF5jrNXylBkHTKZ8LlH0Y2k7IJWZpnkpwIDAQABAoIBADM/z6ycHeOzd7Hf + bCH2xNcBCeqkGQLk48cmoQJWc99okvakza/RxhagLXpUlEwBnrWHqFR+j9ZzpMY1 + HGZGXeRLCPEC/ZqzKZFv7zrDlmvdQnc1mZzLNd0a5Tu8JmHjGfB+IF6eiEtmngSX + MlSWZcXcS2SzAefAWEMXyYFfQXSYtHSkiHrD0vh7d2g0r2HcmJwI0ijCJOEpi9DN + dB+9bmg3D0ekg+0yKwCEIj5l0WkSQ99y7XhH9BhUr1bSecW6kKuzUF1FXmD4aIsc + UDoH/Y+NmhNhoSaflQSUJjDXr0eOVMKguKfG1eHN+iZ8kYHnVEyWI+QVjnmdGYw4 + wC+WCeECgYEA1yP/ryYSyZH4jMFogD+jraJ/i+ljpZkuqON6ZOcO8kpPZ0m4k6xZ + L/bAqJ8+4LNLsMwi51+FeqviGU7BLvFoy9rVtS+EudTWI+feZoFe6jDJjgklNvKV + TlgVR/OkFXz8bCObyvhwWEsZ8oiRwns7zZkxY5YFCt+63In1ykpPopcCgYEA7Uk9 + JgWKsZqmeyM/pqCzKTCSKTEq9sUIasUEPNTJUe52WPUhoEG1VEoFUjwnwVadpnZy + uInNdZYfcT6k5hGnEoA6LrFhImVvzZPUlsAqEn2hsVTuYnxmXFHhBgHosYsyt+UZ + iBYdzFTP8Vm3P/Fs7C34exEC9h0h4Hxp20cp4HECgYBCO4LrmP0PsTCjpKdXVEA/ + pFc/64oR4SbMN7vmdHvVe6sWUUvRqq2KZpzJTL0+z/PtaesU8ANX0LK6t9Qhb5Cj + sas5LHff/fYu96MwS4O89WgXohki4Wu1wshKbmeFdgUABbZgtjtf8z75u7Gj/exb + T141GmpS/q24V4Cj1lzN4QKBgQCvsRPKrD3GRTjRYgcGDGS7sc/3GgWy067ox1nc + 5Lzvoj4UneQ48Y4ei/QmsI3LFKQEFh3ZT4dGclJzmiukghuPkkwCOKowOqUutS+q + Mzyzljv7vmQHng54etO/i/hMRUHXcZWW8rE7kuyoyoHpoYvB0EP0c2Ma8fUcb2I9 + zxJNsQKBgFmY4GvEBDLfqyVF3WQpwK2QehEmlHay2k6YmWEaITkkwPsvomZtl/21 + iyv0TUPc1wreohDfTIRefNqL/najN8aDKXMWmLAwCz+Sq6jszbzEalGgieJpvIis + 6/p+3YqvAaU/5cJ94heLdqm+PBK8Ug+DfHXMQw1V6980kWfgQbWt + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAzOqv1DPM/p/QKBJccvWSVpUWZNZ4ytS83Wx3p3vbdJyIKUvf + o9lFm0vCCtyf4p7N0u+v50qc8Wpua1ELLFZ5KCeOshnNtMvk8rXlvJP87ySGQ/8p + nNyo6OfNBVEO9jwf5Mxgd9QQGw7iqML2GM1FSNYItOW00jaAf3Wk2JGed/T1b8s5 + 4zf5by4ok0/R1BYyCRQsCnHHtwVHR3ExnMTqpdsAWdsk8qyAwYOWMYkRt66/hXuI + a/a9QhYW1WFjVVtm4xrCOQPB4g2CHLWxyXtSAcjSze43qdpMM59Ra0LNA/QJ0wRw + PVCIwXKtoYSKnF14NbH//yYGDTYnm3oxEnXzBwIDAQABAoIBAQCVK5LryvnDsdr6 + EMOz/AiXdthid65fGRaTqc5A4e0Tqo+EYHNg912weym6dnj9o9T5ZPqMSMiPBYd0 + H/8eO6TfEkzSYe5ZWsRD2x5udNx/yfrjrPBB/HAJfBTHdgaKQaKGEDF5iapfyCo/ + 6Az2aReyufyEk2NaU8qe/qkN7pOJhj2AhBP3XoXCHFk7ibF9VVVQmF3eQhTGiQvc + CzyqGDookju8f9W8YwXfzDH6zIzQWzo2z4oA0nsuw+pK8dhUNSWBb1RRd0PH+Znq + Bf4tWdwDx/BbilzVFcuNLYeeVN/vPtzi7BX5APffrhlG7tapTbOjTLk2bcb7ACDw + hv/G18QhAoGBAM4OeWu2EweGta+x+yU0B5Q/tsFftGqqKmQTHwuyeDx/Q5v/m7jH + V9VcGM2vcULm5zsqQtL5K1IUkcK8JGmqd+KkBjyJ8cTSFCWQ8llgbU10+KqialGC + SkMY8iViR1f4yemAQuHnOOHYRsPMkd475OfqyjejlUk7USoVwcaY/Lk9AoGBAP6V + fWVe/dpm1rlFxCGAXHkjKS6IT9aeU93gH3JR0K6TY8qHC5NA+9b5Zk8oGky9Sjfp + lQrJdpfhY6ee6iZjJgCoqBk+c46HAWZ8WjxL0hrMoCQzsykaeh4Ud7N+mhA0nijQ + OpYOtYkoizq+xm18oTCUZVf/qZBSMGSyISh8DTmTAoGAe8jCNGyanejU+IkJAF5z + NyHXXe9qaLF06c161wINrPoe2XYCTEykfS3oUJfWiIRB4I8QucCpv5NPxRZVIY0g + m+xBOtj7fmtdYvviOsLspp1gTNFo4TJN/mTcAo05oqV4VmeQxjirOTE9wZ4A+uos + Jw4rEKWapvWVWpzbXbzGBVkCgYEAoTrJZIbJXCTe/g0KDnF9nxY+gYLAlVpGIPFM + 2RipgbZEb8Ig+YwhMl9WhPEP3uPOeiSLSH6Yhc2vUDvbbJ5ENgyaEQq1ImGr6Fz+ + xMr78A8BqIu5fmGPTzeFK38VUQgR1iUxxVDhdVDhBD5H6pUQfHSuzhFTMNxsW4lY + aIxPz9MCgYEAjAHTrFanDW32WZMkbQbaUKUm8RTc5pEaalAfDe59jhgQIItoqwAk + BbA3vvEpeV9K6vao82Uf7JBYFVQBy/y+UXepPyoH7N9t+4j8xz5DeoreqgExRSFr + VxX3xrURndtXQZ+GZLmqRKsfOfG0i4XYrQli7p+Ub1/7qS75K1cyfX4= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAsvNE0uJKLczjce6oba969kJGvAU2dFfC1XhEzscv5zeliPHl + yB9JTc+CLT8nLmPcdU13e7jVIzToJJBIxh/nskuxDVLUjl4Rcp4fqWHVesGk3NeJ + IbKS9WSiHfG6zi/9ZpoDGl0i3Uu9JQS1jSZoCwpxiMV6pLv/JuldBCxkYOmsaUxc + HuBZWtyyfp3mb4E9xuNbtYak0GdSI9UqIJckJ323Urbarq1ZV0q836W46KUsHxm0 + 7yYI61Ri41f7SyfwHPzhRT5VI+7Vt+2obwFJd+M62/o6u/9JJ3OlvlEcmpkXcBh1 + xgcNY+ZCqyo2na7XEBVxPkixzKtifcUMabn72QIDAQABAoIBAA1oKGncRk50IT4x + 8TB2izHT+VSw10mUIaa4of8T8UTTaHWAGgUKQwWvXENjjd3t4WBwc1kzmdRPbG0A + 2lLtpQA4p4UmBYK9DXWW3yxjhgjyZRWemEmMBXKZHYQ8zhAQjF2ZgE4DWE9YE02o + sqlmjTj2iVcD5JJe+1jA9xUO9l5EQ2LtaNVPODYUF8/H3+TEpRhzKHIJLuj8S2Lx + hn+9ulm6eY4a9/oD7S0PiXyoZKbY6GV56Mt44NqZJIMVbVJ2WvmPKZxxLfEMQeBX + HgIIGdeP3jQJW04BCfeUPSa3q0DDCdi7n+xpRgrQVUHwiv7Qi2oFm5G6zp8S0IHn + Poy1evkCgYEA44Vg8CNeQISJ7Rvk+lYxQDQZiwmI9weW6ypcDbNwOx7LfDdFU5Kd + XrWuNAEKxgQT9LvRKIPP8qLJ0a+AblaQcxaIYo+TerbGkj5XdfG/5rt4g9wLO7xk + tLUBsGAoqRHpN1sZbqqSxgmRtZEIF35FIG6G2tT4KgUa2jo9TmEz9iMCgYEAyVmA + p5dmR7G0zBDhm3WRy+FmZHlvmrFkqisqaTZlDfnzO5ksmK5eOpsb7rzuF/NlxbS1 + MOV2L/Z5uIDNNL4tDQlDbHtV2PRk55NlRe3ebvQ4XH4HA562bF9aCnx1uNsM9oNz + /giEhbS4BxeJaUwRRkuUWBaacciIUPWl9YLWv9MCgYEAoukIBips/GlqkRqeFBnP + XhdwCrwjFC6dA3nrO+w1+j8MmL7CpxqeEAiq2ZW9bxfQajZph0cKiMPDGp89qMPW + 3nFN6rS/duiUunZlDZCyRbYKju/qIzW8LiBFO1M/CgBHK1nRlgoQ2jhT2twkHR5O + xPAfI2XG49+P4J4+83ZqTF0CgYAXHCC6G5RvsiPQMDfUwf/D6ND5wz5eAPJO3bl2 + bfnXStLyCjimJY1HKLpiAmlJcnRB5uXNAOk5xA5gcNgcr584GdIVR2qpBhP2yGId + TpnzHjDB3O0tKzBA7AjHn1VbrDimqpvLkmqzdfSRS9BHt6Vb7hzOp3l+icerkyZD + MYs4ZQKBgQCjZ8xReZUwt6SAvtrQ0MiO1EF7cxyxu3dgHk7eYOuZcvw7s8dfvGcr + 7tQMQ36uR4a7eVmbWx4W3bl0xaDRO6ir/4vwvP2brio4iolpHMsd68HyQAJAEV4d + E5TYD2tou7+WunUA51t+LRTbaPyBGTFAJq/vElNNd+WGIL5PCOSKHw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateAuthorityKey/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID8jCCAtqgAwIBAgIUTWJYgA63hnvsQ0/X4/V1n2bUtw8wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMBQxEjAQBgNVBAMTCWFwaXNl + cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6mQ64xAoiBapw6 + CO9f9Dyom3kyZVYigtai4P/F/gGsC/u9ex4p9nWflylxefeaprBLBoCCup5oyaf4 + MtI3QEmofy6SS4v1nCl0Bnbiw5GMl5mnG0ruBJXtvyiJmykuvwR3ArmheBTTd07o + 5QVWhUH4IMobtBiNLJ2kEHaWeDkXnSgbzAxTIoLZzjQ/eRJJBPFdYwgeqwIgQ9ga + wNdYHfZRdPf38lWJm3g8CaIkXxjJhqnDI00qSE15akLuHI6wr9Cnlx80Db43+ASn + 7c522YT9+vjKGNaW3uOm4vqTCCTtO3CqP3AMV57a7U3+8EiiZnEYuYZVK3GES2JR + NSzX3S0CAwEAAaOCASQwggEgMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU0xukcBJX + FlZc5z0ZZK4Z+phtdCkwHwYDVR0jBBgwFoAU5j9HJ3LGvdzqXp5iV9px+YAv5Q8w + gaAGA1UdEQSBmDCBlYIJbG9jYWxob3N0ggprdWJlcm5ldGVzghJrdWJlcm5ldGVz + LmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVm + YXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVy + LmxvY2FshwR/AAABhwQKYAABMA0GCSqGSIb3DQEBCwUAA4IBAQAnnDkSQyusZwSL + NSBjxG78j2vPf51ydE+/qO5UMh7ksXV3J24cUGu6QEi/9FoxWANjCp5VYhAgAMC7 + umXBpfmtE/diK1ZWePgaUbnCH72YZI77IsrTJLdXatE/aq3yuuY11p3r1J0yFI18 + ZwpuwRb+bwbwyCiLi5veqHu1jSTfrAHkLFlV/3AXIoDgrSYus6Q5CTcCRF3QWr8d + XKn/7bWETqJApXMdH4+rxFSljwha0kuJRbBKb6DvT0pTGDGVSTlf63mpUCYz1h6k + ymDBdnKTtgZpF8KyrXyiQWjwJzLkk6XXW2M7EZaYefDGTQHe0wB7++yHhq+XKY/8 + 5QDRDy+n + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDnjCCAoagAwIBAgIUVqwxD8SvrDAPKy3f/Ph947Gxo6wwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMEAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29udHJvbC0x + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57O0RA9EcBqsUkENh7ut + 3zUHQbGLuW7RsLsleKkUruBQ9jnBJj6UGMONH+p1KTvKRIWbCy+UryQmCugTRWVY + GrosuFNEgGZKwi6KTnYLeHk8pJHFAzi1/H+QLjdCGu8JYWn3ACmv2pQHg0nn5MDO + +1Nbp4wHIjHC1ly/Rp7zDZqx1hjT7wPui+MobardF+V3kYovFvVh8Iej+ny+5Vhp + cowWg9K3QIx2WGSm/ovaNHyJS5zJ2vnzmbl8KOYPagesRmFprxWtS3qaMWoE9qRK + 0iN1UkGfXY6A3ehODHQOKJoZ2tRQ3+7874pnujlN56NVqdHyxPeAsW1fxy5Uualz + CQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2aSy/fcd/bM84wsv + a0hBctGoR+swHwYDVR0jBBgwFoAU5j9HJ3LGvdzqXp5iV9px+YAv5Q8wIwYDVR0R + BBwwGoISYWlyc2xvb3AtY29udHJvbC0xhwQKFkgVMA0GCSqGSIb3DQEBCwUAA4IB + AQAKZIBXTUQ1AIOFTLzmiVmAntU90bR5cJ7KWSEc9oertzixN+I8OjTwMDICUSm+ + Ff8YxBZEBTCA0FqWlLWbKnbbS4TWFIhlyV2Pcpccej6YnT9bsv5qvtNmfJKDc2Z1 + jX24W7OJgqATyvVA4mFqa/QQCQJUL/ddSiEtuaGvkq3ipflcYMdK5DVjFkjcbEJa + nb3vTkMnFyS+HArGNNvogFs1QRSohTipH0qa1qKBSCw9FRx70P8HxOezePmncm88 + VbXYCL9Vg18Z9sg1Yx2it4AXt/1jKzgc1w1oCLyh7LfgaA4glA+2VkxXYOClCA10 + f3hmxaOSeT5Tx+nAWodazYOq + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDnjCCAoagAwIBAgIUK0M7I89jOMfrHySFF6/Vwf2iwhowDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMEAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29udHJvbC0x + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukrF7lsVJeqLbJ2YwwIr + fZssLlSUh7S4KXiAU6+inK62ZjGI8hUngzPxWU1kUul8U2gsoWPs8yQYxVtdk735 + 0DdYWIhiwS8OwQJ+UHzQTV5ZvrHP7U+QhbP+Vyi53ohClRpgln4RqRE0Spf3vKq0 + SG/EanEroqY6sJbHDs0rCxAhbKc84KwNxTr64Uud/ohXF1kqc6oR878CZZRuWCbc + EIWIqQa7ARw5D43X39UPlEWIqv5CdyLCOogZ5hnxkzeKpQx7JVUXgvz2ouxPTngS + ynN0UQ8dnCakntZqSmROQDMCi0cF9pWlIcAvNp0J5K9WOd9pnWQlvuxHjyjiW0lJ + GQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUBLerf/PIcujVXoEy + zgSoErW1E3IwHwYDVR0jBBgwFoAU5j9HJ3LGvdzqXp5iV9px+YAv5Q8wIwYDVR0R + BBwwGoISYWlyc2xvb3AtY29udHJvbC0xhwQKFkgVMA0GCSqGSIb3DQEBCwUAA4IB + AQANvRvhWNk/JtHowHhkpoWCxhUQypVimm1SQTQIztrMES0kG4J0w/wnVNDZMRgg + Meb/6a+SvQ+yAd1IrufLUWfAIS4OIlr5CAfaSIhp5cMI9tUOTJgBPSxNztYX5qu9 + QmybeKXfiv/4H8X/2/K48/satZfb10XHeXwRsCKSedXtZ66ZApwV2O2KEqeBmgFK + 2Q1nN4tSX2o03cdb1yz8JPGfYaB8Wm64MbBqFv4IGEFaTnT9Dzca+xrECLw7zhfs + 5gnq4op7aUqdQlJik3gmRtnlPCtXanzmnUMe2BNvXetgq/T/xI7hsRFLOZqNaQ+n + OpH+oafVcCOxAUht00UrfRT0 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-airsloop-control-1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDnjCCAoagAwIBAgIUWWyxrV9ZSDjeEqVfO+i667dQvcwwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMEAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29udHJvbC0y + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtA7y0pt1s58brEmKVtzM + tsLX9GhUUh6DmD+v+8LZuECCapk3oY9SGa73qSVwiPcSODsiZe+h8b+RaHHGTJ9y + EC1fy0upJbqwvi0iYsA+UbCFioAMklmHFnPAcmKqhV6DrK02p6XjWVebEkTQphsk + GCwFMyEgjrY9Z+tJmZAnD/VD3zeUfdrBAKlVa6cshMCXG6ElmuUOgfOGrWKEkDrc + /DTDemk/eNHyjbZ4wKMJtiUVVk5nxFlcd1Z5hBVuw723b/hWPvSy5YpJvH+V18b0 + sVuV5D53Wr3lDBosHPPutt65eXBC53/xouWyO85PrQ1itCXbUeDcHNIgityMcify + FQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUQWuZtaijvmperpnt + DMujhsb81k0wHwYDVR0jBBgwFoAU5j9HJ3LGvdzqXp5iV9px+YAv5Q8wIwYDVR0R + BBwwGoISYWlyc2xvb3AtY29udHJvbC0yhwQKFxYMMA0GCSqGSIb3DQEBCwUAA4IB + AQBsj2rcF8TkzLGDWMAmtMYJOv95EzbjU55aRJiJQcwVlPo3Fc0idi35lqVxHalK + gqMX1NCRfYKM2KbxaHQIcttebGY+JGgRuDHjkqY1DN+TEhpk/wReUqmxXJfBRavj + UnNveKwV2Q+igBPapuQCZN3O4RDqMUuFCvlVG33R/iFmdU9dl52ax3zOh7V7CvDE + mQ7uJGHKNAGoAyyRLEfsQMk92okOVkQJYvZZNlzoeiIO93KpbVhkh4U1YF0uD5of + KNkRUbLqmyFmcm3raZyEGQqqtZWRzP9P44qoUlaJqH2YD3ts+kitBEVQRyw9dDuf + 64rTPZ6+64t1tk0N47cVbD63 + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-airsloop-control-2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDnjCCAoagAwIBAgIUG6ttOJbLyDAGPG+g6KrQpBda1EUwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMEAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29udHJvbC0z + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq65p49nDw/LMcqzwun85 + 20kwqxaXnKpqIYUzqrfIHFkxikFipu5enbUwUSt8tubwNsgNnyJo8H847QZPmlKK + XJ3Mr73DyCLghY0xnQVs8X91fBEQHOrbFjkDrOb2YZHggtTHCg+VAIbdC1CjtlwS + yGcTCo5SdKTcG/WbsCAhu4HgiAGdy4bIremzr6OrfBB8/UoE1GsQHNv6BXMtM8A9 + dK+eklJeeUErRyXwT15SqDCV2WEqienkWUSFj231b4iI8/kw4b3qOIwwoP8Hfvu6 + HK4jbvAAy33o4g1zssdi8p2Bb2DiTlZZQxejiZU2du7c1D09Kmh/iLQsQGbgrKxL + FwIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjOBNCP877h2v61iH + Yp62Fb0/gDIwHwYDVR0jBBgwFoAU5j9HJ3LGvdzqXp5iV9px+YAv5Q8wIwYDVR0R + BBwwGoISYWlyc2xvb3AtY29udHJvbC0zhwQKFxYNMA0GCSqGSIb3DQEBCwUAA4IB + AQAXqUGzpwEkBVCEFdtrAtVJiHYJJt/zlojQvbiQC/LO4f0LKlm+lcatl+RS+SVN + sIRgI5Fq5hYmiazNA/O+68SAWIMlF6e6ZvG6GvzGRAtMaa8dAtMNOO09BbRXI+Yz + amH/HwbW2n+dOKCvEPG4FSpfO2hY9g5aH4v47P2/Vc6HeSaYfBcQ7BNl3qLGEHrB + Xt4zs0JqV3wjmCN8XDdHvpsdpCnLUwQKVqfO/MXqFQSA+2uuczLqyrVdh7V6yi0P + itHBCVsNj6gWkq8XWg35a/VIftpL2vyRnJMJvrV+NgOqSUGKLT+XWhtA+sryMlXH + L1zhZT0JZv55pkcb5MpwPRUJ + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-airsloop-control-3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDnjCCAoagAwIBAgIURCap83b/DcJ0cO/AbUP0yLg27lEwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMEAxFTATBgNVBAoTDHN5c3Rl + bTpub2RlczEnMCUGA1UEAxMec3lzdGVtOm5vZGU6YWlyc2xvb3AtY29tcHV0ZS0x + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUqcY1VdB0EgrYfrUvho + ydhQARtsuHylhg+NMSAbcV5LM05L8x6LJcF3KsIGs6r6VuiiJB0pYtz4QBM3to/2 + CsskIwh3uMtA/dbva7mGDd/zeJIXf8B8xqmnEwY2+mDdeUtifW6fNtra1zgmEA12 + lAeCaojigHCE+SzP9EDSLKmaTFfBbsp13Gr7jjYdAjO2bc1TLwSxFVjG/I9RZV3/ + hwLszgqVDp0aBkUfYafRhJVXzgmjqQ9Y+ClWvHd2oNaXuYxO0WxbxeZnnRHFzVRt + UfxTCGTYzBtJl3CWYfkWiObW7P64c0o3gBlmViEHwB1AiM6Zp1iGo9JnuwI2n53R + dwIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUfLNmoDbD18chwvDH + QvveEXheWDMwHwYDVR0jBBgwFoAU5j9HJ3LGvdzqXp5iV9px+YAv5Q8wIwYDVR0R + BBwwGoISYWlyc2xvb3AtY29tcHV0ZS0xhwQKFxYOMA0GCSqGSIb3DQEBCwUAA4IB + AQASt8bklcev+7MkqEW0R7Yq/o+tBlZPdlwVteYnf7X5QWGI5uya++ADCf++gF0W + IKJI/srxO926Z4VUZpWDtC6SKdIi552x1VtGYS1XCNXiwgSvmCQs7ISAbZPDF5Ex + sDAQEi+W+ayQToRA6uUfOSczHS7cvpXbIoyzpFwuqpZCAd1SlRN6oZlSkplUWj25 + Arb1wSrSZcua9yONSX8yrcTEuwTK+WHRDYXOYGWZd46ScQtdAgiR9pcB4/2WAKj4 + QIdXuMwLXdv5viv3oL7lqr7gVqXg7uOylSRnzWe51jDxuo0qwCjNB2vX3eOqHCMA + Fi+qfTuK04K8Xzc5tsRPOPJD + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-airsloop-compute-1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIUKmH59/sx5vbphv+HsXBO1ehlhZwwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMCAxHjAcBgNVBAMTFXN5c3Rl + bTprdWJlLXNjaGVkdWxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB + ALNq6X53fb+gcGmYIES73AQXY7kzqtw593XL6aWC2St2fulE4hciViRiPHdsn5zJ + ADnlnlLJvbCRZY2VgOhqM1mEXJsfY8St5A2eNMhpb2GumPgWxay8tEaJMhGxHfAq + fJmxiojGh77iwAAN7qJjtJkp9bcLQLfZTOkrtmGPpEE3QC0FPKOGus7ex+mI/wpV + ozMOXFRMV1CzK2VwuBPsxx/7O1sJIytwZxGIvkbS/VKbubdu0cq6ZIbMvcoqLl+R + /MvGKgccnnh0AMv3fLvHuJZu+lXd3LJvkg+a/Ds4a8qjTFkSUhk3Znd4wv04CwRw + MfQPYDXZJ8XOCNgHlY32xy0CAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud + JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW + BBS+Kk5+U00Dxct9nKyuaOtEt4ZiCzAfBgNVHSMEGDAWgBTmP0cncsa93OpenmJX + 2nH5gC/lDzANBgkqhkiG9w0BAQsFAAOCAQEAQ46Y6cK9QbcqdLp29uJD62KoTGaC + FipGXPzsdiB/77L/KOR8iyUoISmRSSH9bMy5oe8WQi8Be7u3sWTEQX9/xSs7mbfr + aLkmxJ5XWe14IQi7NFBxVVcUQTw4IaMrzY7KzyEnIhvC+3ugxb5U2SDE/dnkLyT8 + HHwYrTef/uT783WZFTFi0yy2zzTxYae0wryTFgU3R9tLtF/cJ8T6fOERgd2IrAAi + WuH2zlW6MIniMNalnIBjUj+UL7K0uFIHXiJZ+Pp/SlWHyIX/Lu8l5PE+urCR7ftv + OEBW2RGi/0+cfL3SMQ8EfiWQNHZKGDBYI4j/jyz+WZGr+B3gwBmWJps5Zw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUfiWTVzOEfq5CN7JJAkIgcM7iuwUwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMCkxJzAlBgNVBAMTHnN5c3Rl + bTprdWJlLWNvbnRyb2xsZXItbWFuYWdlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBANTM2OqjDAIWHhC5A7cd02GZcYhh7e3u/sHcERlk8kWb05F8SuBE + chbrIu3gHmkVddsC6O2D7S3eWYk3SWNSkFrChUcAjN+lRyz8iUQeEe1ym3O4bL0h + INlp95gv55/BO8HKx0miv8WP3pAdRyvckdOFZLL6DQLnQBcPNhTXWGQ9mZ3QhwvY + Scjbr2pAIsI16JYOI1oxtP0UcKyVFWAzJ1efAkxQxgRh+KoUWajIT74t6Bxv/Q3A + tJYtWFULd1QelnSsGURsc5VvxeYXPOIbpUKFzFjFcJxtfEuhO0A1C+dOXPH3Hplk + zpANLWrLabTq65dhiDOMoR5lyF+zuqY7C0sCAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBTQQDreDKDsFLIrnrVRCiUku77GKDAfBgNVHSMEGDAWgBTmP0cn + csa93OpenmJX2nH5gC/lDzANBgkqhkiG9w0BAQsFAAOCAQEALfUiDDZ3dqdtJQFS + dyvsArlm8FDOrrNCDkGEwMvyfiJMzetDxzydunS+Obg686Y3RSPFysX4YYkJsFfS + XaRSW6jZDEqV8BRmStPSGgB3xX2HgzcIN5iUqa282SXPfU4kvC6ug+3D2OcOJwyz + P0cgCpzSd409vFXEdIMKwbnOIvg8dMhbwORYjF/ks9fXF1aXxBpMqxYsCjSyAbha + 1h16gkb5TPYuinztXCLZLZujg6bECwp8xvxzbadAKBF32/G/YdmxGQUJOdQ2SQsz + JURm2wi1Eb/PoElRn3xX8kT5RKws7YUY+qzgcZ0g1TqnEKxGAmqCu71KeQF1PcNF + gD7Qcg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYDCCAkigAwIBAgIUbXyYBCQokjf4ID97Oz0CySoFC6AwDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMCkxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ4wDAYDVQQDEwVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBALEZ4zFM3JLE3i/73lFs/37fjSphG/TP+FMGr2JpsNxJoqaCUxcO + xBKqtXB3ofnb5CbgeddFijx/3FunDmGz8whhaNA7iTt/z7BXHYvuYlTBHophb/9/ + YIJxZLLHUgwdi2H6NHH6Fr1yE1tHV/0m2LD51pY984X4QOHiTPZXi+Lfe19rxoOC + +7kNht3sgwNi8nH8jijIAJeB8vB2kGRUeDZQGO/kL3/Q0H1ovRY5flVnOpo3lLrf + Z1GWhh5OJntHdwUJEXP48mCa6zkOBpD6gcuigXsdI8rvz8XTJltybKM7GofPALnB + MoHImh3og8GormrpX/VFVFkZvTp5xWqjMacCAwEAAaN/MH0wDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBQL74T3ogTaECRzoQqVWds52u2PyjAfBgNVHSMEGDAWgBTmP0cn + csa93OpenmJX2nH5gC/lDzANBgkqhkiG9w0BAQsFAAOCAQEAAq4WRWsXqgqtLKI+ + Jqj8ApVmtlZ/lIi0gbIT10muLdop33cQkywReD7AxUrMKSbrRi8TPlYlHk332g5y + lyrBAe89dCjCZRIff6rxsp3pQlkdGFt4iEF4BQaeAVLiyYxoJQkQy81cBn3iQH6E + Dm7r45IH0wVDYZer9tn8qja6EaEkVJG8g7g/WIjsu0VgqmWhLuuwys52xmUiCUEE + 3H78nFpLHh75cDBVltEHnMU0Z7XjgpUQLOF6oMnqc/SbFGKLrWHuOGsFmRsRMnYq + 9b1NdsDusqp4/+Wr3IwC6KR+d9OTS4EAi6wdFCBGy+aoqovyTt0qU1yXNoxx04th + mk8tpw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDYTCCAkmgAwIBAgIUFo7UqH+G3NBRGLn/xT0KTicy/e4wDQYJKoZIhvcNAQEL + BQAwKjETMBEGA1UEChMKS3ViZXJuZXRlczETMBEGA1UEAxMKa3ViZXJuZXRlczAe + Fw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMCoxFzAVBgNVBAoTDnN5c3Rl + bTptYXN0ZXJzMQ8wDQYDVQQDEwZhcm1hZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQC5ZkKQk2NO7Z0q4hQJZndiCN1Kw/K70C1knsbqu/jhMvqX++Vj + 6f4wenuNF+r5CNGiDx4EhQAzc+duwPhwlrKSNP++EoFBRyj3Yh4NFZ2qMESfJN6l + PlRXSeir7wW11rPWOr3vPT9ULyowSAuUk5qoF9ZKTsvejFIBKAp4O/wXGcOrhw3F + J3v8l7CGmPJfpsWbrAkYFpAXq7zX+cF80Hrxa4s+JZT4sgbk4KxFbwHISsZ1Hubk + N0qOpyQh0M0Lew8fPzQOq4bvyUwzeyRA6GBS1nkTNlBZAE6U/My/FKI2I3VF+7ZD + xR47EKaVXZP/kBIjmbgoqokP4aYoNaiox1ttAgMBAAGjfzB9MA4GA1UdDwEB/wQE + AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw + ADAdBgNVHQ4EFgQUtB/vxMZz5TsS9gGpTz3Zy9z/JC8wHwYDVR0jBBgwFoAU5j9H + J3LGvdzqXp5iV9px+YAv5Q8wDQYJKoZIhvcNAQELBQADggEBAH7rPgaCcL+VWC87 + KAnUb8voXzBq5XRUt3B6Ki2MkvjDozrDQGV2tvTteNboaRAjDXdRdZbQSbMk62XS + 9WUywBboEWho5p7jr4wlWP47PGgUPOrSWMzuKwcwu1vgE7pqeHTIzhh5WatNlZdT + qvsBhQJJTP3bvcLYxubANCaGTH9GF4vStcaYxAFEuSuxYMxgbI+p9iJdSUSmvl2p + wvdLy4WrjhP0PMONso/o+A3h+Si5/s+I3udn+Xkqxqg5Mphmzr8YAR1WKh5RAlTz + zGypzuRc/lwQLIeoATZQdCD30sW9oulzNasR6S2yLWPKBhl/hz7JHxp+Y1uYYpga + ZYv86Wc= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDUDCCAjigAwIBAgIUDQ2dIj6LKiys6ZnFsQhktO0vNkYwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDQxMjE1MTkwMFoXDTIwMDQxMTE1MTkwMFowFDESMBAGA1UEAxMJ + YXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN0uQe5O + CNcpnJx+bQxfiBzf3Pkz6iFAEaX7TwBQOXASU167T0WPgxVItmir6gLy0MBadiDt + 6NeB8Rn6dQWqEFnK8HT+cbOw+h84mLJdxMwQfdrwvNxNyqaFdDE6eu6nPWe8ck6H + BI8xJC7tO+po+DK/X3WFuFvLZ33PA8uaioAZpnWoWpsmNdBAZUnq0MJVqIJ8wgEb + 9hVuk+Ns1tmQSa1Pirb0kxzHVLEkqwlkFVO8GN4N4DDYUz/XOiX5qVXoj7CLLlti + /FbugzXnNYzbewI3jwA1I31BwACYNKOMd2DzsBXnoKzJRR5Sv3WsqysLzMzoEztd + /jUCF98MqSFw2wIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI + KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHRZ+FrF + LQ/MuPW8tcJYleXGcJgVMB8GA1UdIwQYMBaAFDr9VXbhb5oaZrSlJTzSa+zOm1QR + MA0GCSqGSIb3DQEBCwUAA4IBAQAzLUwko652Pci+JxmQ2mOJdQ1moNRVDxpTBWju + rVkqs7Ct0tg5YYV+igP1he5LmZXTCb6YT30XXa4FQCok8OjrKV6xr3Ms6lED027o + Wc1QkpO0xpyi2ESxbF55dhsdTDSuPTP2Obmulf4rVDh67nSxEhZCcsWKwfRaz/FY + KDQH5m4gCS5QWvshqubasO4cuWC+cRVZppcy34M7k4nWcH5GRkYyhKfekKbshZI6 + Jw7mhZcM2IDerDIvE7nLAXT1MfbI9OCEQYt7KRHfqM55k0zc4vW5kJXBcHau6i+w + 2yqMDgCvx5YnaxwzmQOpMQn8eA+DQGSOyEZBrTTOd4/OkXmj + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTTCCAjWgAwIBAgIUM0K8ZCEtAgyGL2BE3Gm2yigt5lAwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDQxMjE1MTkwMFoXDTIwMDQxMTE1MTkwMFowETEPMA0GA1UEAxMG + YW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTpUpP/VgYf0 + V95v1RRWrUe3OVswzTqNaZdU4W1EbXQWtarHgdoLK9wiUcQjkOMHAmUQHPxg9D59 + ZGZpIWt8l0xTgUcYpl8POF4OTO1oARrlBIVeC7B7RyG2TOs32yYwpaYMzJbwtvXi + ZGxVOmD+Cd835aJTAzHOuHFXS9UcYFY2BTS70NsbDd7tAj90AxL4arRky5wQevX1 + rqhV7SBBZRuwt/9cbq7pZP4X8TFQJ7BXcahupsrbAnwY3L8yaeiDtWPafw0XwZTC + W8B4ziRtfVDrgY+DhBK4MUkwzg5yFnk29EXFwS2yarUp1bgFSJcEw+x+ZzjUEWo7 + MFGt3RV9hQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB + BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ9I4jM3OOgL + FKz/DHM0ku8GeEKzMB8GA1UdIwQYMBaAFDr9VXbhb5oaZrSlJTzSa+zOm1QRMA0G + CSqGSIb3DQEBCwUAA4IBAQCmFLsepoWptdZ0oFh0MHaHdp5lvbReTLl8krN8qQi9 + qE8B7tCdvzbdI6XvLRn+biYlDrxySwIRWzTta+PTLUM8ck938gefFvoX9csbzZ9j + /cVr2Qa7nG+SpZclJnwEQGOBvMzj6bxJE1QdVST+Y8sVhIEYcy3N5xe4ISJmP7YO + xIdRdWTFrW1NU87sBJ44yJ+R2ACkHFOLwD6LjWZ16miv7SbUQjv+GDeXsb63W6W4 + HZjiD8RZDfE8F4yOkCD6YPwht8A34rRsl62lEppLQeogJjIdWW7xLV8VBFKjeo/l + OSDjerCUtw7ZbJbLI5UZPHDiYBloBLBTwyByhKjJkAhA + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDyzCCArOgAwIBAgIUaOMS2OUltsNvXHQVzNJGescKWRQwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDQxMjE1MTkwMFoXDTIwMDQxMTE1MTkwMFowIjEgMB4GA1UEAxMX + a3ViZXJuZXRlcy1ldGNkLWdlbmVzaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw + ggEKAoIBAQDMtskxWTqt7tfxWGkt+4dKOJs+uUmHbIzKB3S+pt8WjI5jDmSSWRpL + Zy6a/NZz3yyrlHO7X1WPEWb4JxBWhi66CABAGUBlyVqOp4rqvlfxH40TFZLRTmOv + 9427A9SpBo3nzYMcVYiazhdl5mFR+2bqOkLuok7ECHpzqX00nofWpnS/dPK9ku0z + zv6CdXslwQvr9udZQiV1LgWqSrCyVQlWM64HONUOWiKRzvWNA3isQ6beG2peMzs5 + 208ChP3l9Kew56gj/k6IPVCy21e8W1HK8wxWrAh9VzTg3dakVDrgQJNRCDp45562 + mHUC2UGegv3mk0TXBPHUF8xVJlLe+/ypAgMBAAGjgeswgegwDgYDVR0PAQH/BAQD + AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA + MB0GA1UdDgQWBBRE+GnNy7981DyR0G7xZ97S1duU8TAfBgNVHSMEGDAWgBQ6/VV2 + 4W+aGma0pSU80mvszptUETBpBgNVHREEYjBgghJhaXJzbG9vcC1jb250cm9sLTGC + CWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVz + dGVyLmxvY2FshwQKFkgVhwR/AAABhwQKYAACMA0GCSqGSIb3DQEBCwUAA4IBAQB4 + hNjvs7m//ha3tXmE+HEhDfCi2vz2VsZ74NsPJeiSQH1MkNrsTeqUUhbdswERISvS + XT7xswsbWLwST+2/hHXq6uFL6YStMqZXb7fROtwEsriV9KQ8MUnBljQwCtM2WRQC + BXL4yoVJOQHuiBBDAaa8qbiTfS8N0tam38H/HDuyeJnkQPjEdqUmspselsVEccsl + XS2DP10p/3wrXL+cqn95EzEB+Hp2129B6Lh36ogmOzY/hycdLXm2B23UBG0qQz1c + 9gghbra6KwkObdklGuqA9PqK33zhDI+/J2CByGf2nNcKU8AnpBtLlAEMRUjy/vpA + srNG+9iQ2uI+p/cjmYpO + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID1jCCAr6gAwIBAgIUSfpj2UUatynd14V0W7X50UmJyfIwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDQxMjE1MTkwMFoXDTIwMDQxMTE1MTkwMFowLTErMCkGA1UEAxMi + a3ViZXJuZXRlcy1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMTCCASIwDQYJKoZIhvcN + AQEBBQADggEPADCCAQoCggEBAKQY+G4fMDo/Rj2wRpzKRA2mJ1VMQQFeL1YaD4rY + 6Jx7auZZPZmGGGw8LvL7BudfeIApbh8u6JzDXkOyLYNqBMQ2iD0v24saeea2jfaU + Yh5My9gqQKH9DGEmSp8mL2pxos+XYZR89dW1BDX1FmffrnAsV9gDFyYn2DlpU6SE + vwY00YHuV92D/78i8qQehmECS8BSD1yljujF/TIfHzs4cEFyzQIBeA3zgtFo3S1K + rPBVc7Vq1vfBK+gC1HBpRWzdXi8DSsO8Ijf3/gV/Til3k6YOPcYUHdAe74Ml/AlT + +oe6oLLfHxV1U/Fxyy8ELylscGDmo4Yh1wAHjk+6s33CnwMCAwEAAaOB6zCB6DAO + BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG + A1UdEwEB/wQCMAAwHQYDVR0OBBYEFDUkDS0QSmxNUurxSXPvXfuGpj2TMB8GA1Ud + IwQYMBaAFDr9VXbhb5oaZrSlJTzSa+zOm1QRMGkGA1UdEQRiMGCCEmFpcnNsb29w + LWNvbnRyb2wtMYIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoWSBWHBH8AAAGHBApgAAIwDQYJKoZIhvcN + AQELBQADggEBAKMBg6U/KerDdnq5FmrnBoSpEkuOy15OSJ5211EzFudSdcD0AW8X + GKRjIHxAkWO4ignifw4CE/NSEnnHMiFNP1UsSYdpQsU89eyTeHbqxreYWCmo1pcl + 0+DpT7KG67AvJCaCKg7dNiBdPvZd+8NfZ90fCupNk9L+dLJcRrUkByxkQRZsmc1t + ZieDg5qDDJGAIoyL87YtZN7gnJEPUyPjruLm+9yocvd+y01+CTwPYuUNk8GF18MN + yrQHiJPrmIJ9k1TF9/NhpJwJ7ccOTi2T0ealufK3kjjYkQ5ZjVLiUunQhkUjNgk1 + mJ9orGDIG950BPRwktPrXPsF/jb1Gr8BI+Y= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID1jCCAr6gAwIBAgIUP69Ziu1DE7YAsgtRwZS0U7xdcIcwDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDQxMjE1MTkwMFoXDTIwMDQxMTE1MTkwMFowLTErMCkGA1UEAxMi + a3ViZXJuZXRlcy1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMjCCASIwDQYJKoZIhvcN + AQEBBQADggEPADCCAQoCggEBAMxbtJxQFfDqpD7jWcmU99xEqzGabfv4UQz2DjZG + m0n3ajnmdK2aiW2KBdN/9wZ1GEcCsTloU/3JnDGfKUTVQA4uNR5y3M8YtgNtae0f + cPtFvVX/7RRLXhUoNW4No5Tzl9DLacLbGH4mJLvMunUl4u6gU21stFWgnalI4Z2A + mFmdKcMrhliNhbKOFLotssm1CFlYNPcuS8e99kLt2aTiWZfz7oQNbJu+2oqvxquo + VpfGOArHnvr5WO32efkyfrqdHFoGsXhcUp/rqj+ao4ZGK//7QR6rrYWf2+IzRxTk + xOhL2cSzavtss5PrAiU2FeYPgJraGDGH/STz9OawZJp+hK0CAwEAAaOB6zCB6DAO + BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG + A1UdEwEB/wQCMAAwHQYDVR0OBBYEFJdaxKc1vVVOcj+xHN5gLYjWwaJvMB8GA1Ud + IwQYMBaAFDr9VXbhb5oaZrSlJTzSa+zOm1QRMGkGA1UdEQRiMGCCEmFpcnNsb29w + LWNvbnRyb2wtMoIJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFgyHBH8AAAGHBApgAAIwDQYJKoZIhvcN + AQELBQADggEBAIBZtwEguFiGx97n6twArubaL0ip+fH24O0HUF5OO5MGWxWONtVj + hgz3TR4pF4Au6dqzbkWMjATQuOJFDUsCI+4k0XfxGNMy9ya8//TwShO2/FdG1JKx + Q0k6abRvES/2BY5eRtfQscqeX8G1q3ZkoL1C20oUZgGspQWtTlSG/nZss9bklFMn + YC8+vsEz3c4kCTB0pcZGTEeuiitLdb+RQGwC5R6Qq2OGPUeyKuCI262q7J8u7Zy6 + Ye5Ffv1ig9gRzymbqYivL33FlImyFKtfLAM4cyWb+u2DmEvYbh5oOmY24nm9V4aN + +C2Ao9/C+/a5OdtcHi/IYvqoDXro/XvcGfk= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID1jCCAr6gAwIBAgIUBX9eAH3Fo1FtOb0iNMIMlN+O5eowDQYJKoZIhvcNAQEL + BQAwLzETMBEGA1UEChMKS3ViZXJuZXRlczEYMBYGA1UEAxMPa3ViZXJuZXRlcy1l + dGNkMB4XDTE5MDQxMjE1MTkwMFoXDTIwMDQxMTE1MTkwMFowLTErMCkGA1UEAxMi + a3ViZXJuZXRlcy1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMzCCASIwDQYJKoZIhvcN + AQEBBQADggEPADCCAQoCggEBAMFl7widTY4l7QGsCHHEbG1HPZzT6+MIBQbymtxJ + sr71dOB4uM2JiEL3kGcFEu7yi3FHLbvTFpKjDdz/Gy7X82O0cPtuoLdnz4WSoaUI + Oltpdq9rPL7mO8KNiVs8rTmKmCDF8hzmmoSm5AMRoS3ctHHBpL+U5RbOmMZkfSBO + K8q+TEeEEep82Yf26wyeAfhUDDn9Zdm0W4GDca6fSo11Vudkc/yhgTrcrA9s1zEM + CEl9+54eI0GQAiX1tEl5rw6BvYRxZB4szvK6invB9RmxAnG2OM9MZfR4QJuxOy7+ + IQxpjQhVoYVvKCoQcvozwqoC2RUdyp6pcsNZ3NGr00DImDUCAwEAAaOB6zCB6DAO + BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG + A1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ6QS7sC7UGDHJg6Lhs/b25ANOyPMB8GA1Ud + IwQYMBaAFDr9VXbhb5oaZrSlJTzSa+zOm1QRMGkGA1UdEQRiMGCCEmFpcnNsb29w + LWNvbnRyb2wtM4IJbG9jYWxob3N0gi1rdWJlcm5ldGVzLWV0Y2Qua3ViZS1zeXN0 + ZW0uc3ZjLmNsdXN0ZXIubG9jYWyHBAoXFg2HBH8AAAGHBApgAAIwDQYJKoZIhvcN + AQELBQADggEBAJ4LHDI0ofYHbIN85ooboHdOpDKFCDA8jQcDBvMSHwLQ2VISD5fe + +nYzWsiyCGGM/r08F6blEgBs+oeyAkkqhh4VmImNRpfvcHQfHjWkghbQazh8LM2p + 0f6uLaOo7u41Ocm9dlYxVA5GZQatLJ5xMCCFZuo+Bepru3TO5/af/TrZPoQLPqXp + aCoOUjGDJzgTx4/aoQ/PUh9YijxiQ3pTPVoEpn8LloaomCJ/99zjkOZZO7SMqBRu + zMInYSLsFrdwsJxJH3y8e6caD9hPUxKAhZO49dTOvSUthNFzycUuSUANnCHjtSgP + zzk5LwQ3/+NSzaR4lpLk0tQeg5SEwtyluzE= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID1TCCAr2gAwIBAgIUPqo8TpMb0KIwq3Bujx8RAxwATRcwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNDEyMTUxOTAwWhcNMjAwNDExMTUxOTAwWjAnMSUwIwYD + VQQDExxrdWJlcm5ldGVzLWV0Y2QtZ2VuZXNpcy1wZWVyMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAtQAdNKei/N6U3iYuzNQHK8/94nTkMhliofuKrf3q + eJLP08UeiWe6inKo9PETNJOXw6WcIjmBxV7zDSZGHDJgiVErL2uYG9sdCxxuMc/F + loATgS7xjFcwa3ikyBhOe4E7OUUqPaqSl2XoIK7qF7Wc+ILc9smS8pds64OKhcKF + 8j+4/Z5D8pl0zTH5zXDfDBsuM/1m9OlI0ZfNO3OjeveuSgCIfLPnX44WHff4n5gT + Kp6xY1bIIMluarETtvWZ3RDcK9l/os0GB3cU7mZ53qkXnubz18DqrrunXIHgc5jB + oj506zciDwYYI2ufobPvt3xlaCkQWDhNugILU7snot3EmQIDAQABo4HrMIHoMA4G + A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD + VR0TAQH/BAIwADAdBgNVHQ4EFgQUSOvwFFb3KQiMqMrPLR/6ZUCYy2UwHwYDVR0j + BBgwFoAUukw9Dv51QNzUihvKlHSvd8zk+zYwaQYDVR0RBGIwYIISYWlyc2xvb3At + Y29udHJvbC0xgglsb2NhbGhvc3SCLWt1YmVybmV0ZXMtZXRjZC5rdWJlLXN5c3Rl + bS5zdmMuY2x1c3Rlci5sb2NhbIcEChZIFYcEfwAAAYcECmAAAjANBgkqhkiG9w0B + AQsFAAOCAQEAKp1rjmTy1QI0lonLfGpc3hPVa8O+uAUNmzB+E+dfYLzxIxmyy2df + o9fLfirVDnzlizjCEXZ0uqJtFOYDwX3bBmyE64U2fpnTG2xbJ+JrcztjkRxj1ctU + QmIAhhbU/PXomvoxvwn1Ma33MAAC4VtLTL43C/sSbSYtl8QVnoRgA9ywFMoPLFEx + 51uw9GkRZ94xM8HMzpUduzEbvlZujaAs/0geK3h3IBqZAljDlc2Nhuo8S2KAFT5n + bjzsJu07dvy3PFh+tT1m+GdA1jmMqD894MtreR/ebWJ2jRNZPD22TDHS/rJZskAn + OAzZjC5tX907ZKdISzvnZ3QxyrZArFoqzw== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID4DCCAsigAwIBAgIUQ9uuMpoFtxr7EpiqzF+UA1TweZMwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNDEyMTUxOTAwWhcNMjAwNDExMTUxOTAwWjAyMTAwLgYD + VQQDEydrdWJlcm5ldGVzLWV0Y2QtYWlyc2xvb3AtY29udHJvbC0xLXBlZXIwggEi + MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhV49SxjSKuVOqQA6Jbn80X6kW + LmXJPR5HpPupOm8d1Jfh9JykU68wC4U7QZHRJj4dsq2wnJ5GUeiUxckoDRKapxFk + gQUb1V5F/i+bZQ+F/9NB3nzFDgwqgPBx2/bAJyEhAjN2L0DLYvY2XGIOXTC4qoUo + mBxob0cKu9or5ze3n/WywpqUaPHHZXjGx63skuzgd+CIcJOB8O9tvOpHdfovqMJZ + CnsPYG9RK6gTAgOBWCz2xIpr+YrnW+6IszZF6iAt+1+GAF08rzn0XNQWgq8IP0kX + ysW5m1Aulezfn2PQ8Gd6qtmgPFF4rKCjkg3VGpb1h7r6LTVUB2xFic5+f+LxAgMB + AAGjgeswgegwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr + BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSogVOMihufwt+NTSnmkETc + VKK4cTAfBgNVHSMEGDAWgBS6TD0O/nVA3NSKG8qUdK93zOT7NjBpBgNVHREEYjBg + ghJhaXJzbG9vcC1jb250cm9sLTGCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNk + Lmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwQKFkgVhwR/AAABhwQKYAAC + MA0GCSqGSIb3DQEBCwUAA4IBAQBc9ezE9MfUv0vApFd+lr54sMisMgbSLvoUa0Uc + YRSbPV5Oi47NkF2lx37T0hYTn/WuTaUt0EtuRyrHg1hiHF5kVZK4VYJkWCj2rxCc + tVH+et6JrvRuFz0WbHm5pMCwzVQhftAzy+lImwvHLn+DOaqgDvK2/sOPIPM88reD + 6YI+t/Z4W/UYHzdDSHYXkQ6ZT7qM2JwmcfwFWP8em1kdL9a58qmqOyZsbmRZrkRT + jhD+AC+Wh6S8Qz/5AdnVdp0DooUSaYCHDG/BsFDTt2QUVSrsO4apXunhyQsJ1AOB + qgXo1J+/ShI8NUrRavwv+ypiAG1JVfRMRiwyX8DnXzQXxLPi + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID4DCCAsigAwIBAgIUYdaJZxcSnbL8GvxTXrDx1QARAxYwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNDEyMTUxOTAwWhcNMjAwNDExMTUxOTAwWjAyMTAwLgYD + VQQDEydrdWJlcm5ldGVzLWV0Y2QtYWlyc2xvb3AtY29udHJvbC0yLXBlZXIwggEi + MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvlFAg7IDI06L204x4Gw2obfTD + RVdKbrlMkxDKwHiTIaFxD1A1u8PuPF2pRND7kqPfA3m7xOs1Daaxzo1I/KLIky6V + w9wCFka+sllWRgEoblq6JeSvEgIo9U8tB4wDrQD0LCnpeXrMTxtW2m/Ry9+ae8mH + CAX5owPpeoantzAOKjWdkQfafZ/9xgdgA6EXiJyvJuJwHZp/zcjKr5HznnVg90z/ + pXHf1c3C6G2bK5d9BWW2njvi6HJM6vfEhtNdmIoj5VqtmKsF3PdCYg9YEIhmjREX + c54MKu0RanLFHcrDRYkCN3aDbTILOk3BCxn9Vi4O6R08WM+JP8fAJljSkIHFAgMB + AAGjgeswgegwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr + BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQRzyMnlJLnjlcfnz/AMQaC + y4fCgDAfBgNVHSMEGDAWgBS6TD0O/nVA3NSKG8qUdK93zOT7NjBpBgNVHREEYjBg + ghJhaXJzbG9vcC1jb250cm9sLTKCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNk + Lmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwQKFxYMhwR/AAABhwQKYAAC + MA0GCSqGSIb3DQEBCwUAA4IBAQC+nfsWmGUHqtx6lC6GltiWX59d2CyUmcI8/dKy + 6iwClej1cTgyk+bNkFxW85AukkKocdxQS2jUAxRcR9wb6Mrx6hwqJjoEk7fXmu/d + mAuuUrSjX4sLgQ1qf2Yg+fyX8rbK8klbAB0GqHckA+sOcQ8pbHxWaO+jRn+3fWIR + ZP6WcZvCRtSOUi4eMHQ66J3q/yVIRTBo9pxevwEDil07xQMZJxTkj/i4fv2bSQb1 + 42kHtbe+2JPqnjB9nfmk1qKnxnr/fCDbKXW+jeiNq6tcIRTLN/S7lV9Kw48AizEa + 76A14n20Qs924mCvShW0pq3fgoteL8DxkbIZ+EoF1/0Zp1vw + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIID4DCCAsigAwIBAgIUe6Et6GzItsU4L5ZMvod6A361m8UwDQYJKoZIhvcNAQEL + BQAwNDETMBEGA1UEChMKS3ViZXJuZXRlczEdMBsGA1UEAxMUa3ViZXJuZXRlcy1l + dGNkLXBlZXIwHhcNMTkwNDEyMTUxOTAwWhcNMjAwNDExMTUxOTAwWjAyMTAwLgYD + VQQDEydrdWJlcm5ldGVzLWV0Y2QtYWlyc2xvb3AtY29udHJvbC0zLXBlZXIwggEi + MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZE0XCElxx0vO0uhUynH+SPGh5 + b26SKLsXcwqzutU+0gRH5r75fwghzDQtgPBV/tVbdygNL0bmTubXdy8B/g377i+Z + OhQCLjNKIHxVAbwB+VlT/ETwEATX1uWWYbQN9pOavShfpcRKyAATPFJcuOi6K8eE + ENt7gI2G9wYDZ5dl4lNYrx6cV8EFZ9ygR4xEDgdG+K8Ho+EkyYJMqQITVefRUzSU + DcROvQQeDojqiixhtP0BA0MYq/e23NihGFpVoyHxsLkkW2uw2knxPqIY6d2oeDGz + fwYhFvGBFmdd+gHaZh/NlbpSGfK6S12R6L+RwNvwoCX25GQ2rxr/iXIjT9wZAgMB + AAGjgeswgegwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr + BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSVM63jYwrUXom5R045vuJm + SabpNjAfBgNVHSMEGDAWgBS6TD0O/nVA3NSKG8qUdK93zOT7NjBpBgNVHREEYjBg + ghJhaXJzbG9vcC1jb250cm9sLTOCCWxvY2FsaG9zdIIta3ViZXJuZXRlcy1ldGNk + Lmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FshwQKFxYNhwR/AAABhwQKYAAC + MA0GCSqGSIb3DQEBCwUAA4IBAQATSaXa5pAXV7jogRqgK/F7humZBvmJPoPNgTOw + +eBODU3qFnVee6bJmEsxUqm5UthGFrTXg7hskos13cKYxMIpH0rJoZTOFZGdE9yX + eHb6UJqJLCZFQuOMH/DlAao9oYRsnDtTl85y31gKvsXa9Qer278CDIr+pY0qnwpS + fZYW8DVYx4eT5oswvNXG6kkRkkLgem8K6gfnCHFaKqqqnz6X7sx6J/oMLhTPiS6d + 96YDQiJIBcNGDjzCx6pLROK8wkO2WywGcaTOgK9SlkzH+Vu5xgIjuSNE0kOhVdpA + RrwiMo5UtqoiYwW+t3zhWMdIsXj7eemlxMEKNtrEC/o/PWhS + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDSTCCAjGgAwIBAgIUWd7UZmQeqksYonthsQ4psX7bue8wDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNDEyMTUxOTAwWhcNMjAwNDExMTUxOTAwWjARMQ8wDQYDVQQDEwZhbmNo + b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDARVy6+8e4rCnm7TZS + A8/LhFwYHMF45ukoZCG4xRyH1rLfq3vg6iSVb0ZLjtfi9UUxVMyaDT0y9W5WkdEw + bmYvCbNykqRrROcG9zmUS3UttCoG7WcXPPCK9fi7N9jpFNOEOZJFFXs3sHLdDJYN + 1Hbv1tCG39bhYCj4vt06wfdfj2auliBsAT9BAEyztu+w2lWBE2xRV/jaULqSEZ4Z + 0X9JTaxfwsfabQe52ONM4YwUDvXAJrgmkQDF2yAo9zbqxIlI+gWrQiLc/nyBBn0A + vFvNdNDNAiyYcP4fEezpeHckqbY9G2R57Ew0PcY8Ql+CmxoFH77PJHg/CnnlOlD1 + tmVZAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD + AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUWALj0TVWSxynyMmc + bP6lZ9UejM0wHwYDVR0jBBgwFoAU9ooYX20WJqQOY+X2utLsD7g9z9IwDQYJKoZI + hvcNAQELBQADggEBAAXGY7EsJ24C7jGnpuvPlB+2+LaajOHwJCMADg03q0en3LYn + c4FfM1TVPrXcSVhIqNT/c6U5eAYY3QALDVAhqOnkKuxua4AD3ZbKUo3BKOuqn0YE + hkbkKgCP9BdeR4Q9b3vHXGFNWrUS10gneMcRnfGS2B8FcVVkUHUD1qraXOf07LOY + h4bWV786hGOxEb7af0XCfsWQYREwJBeRclWV4muOj1y7H4i6STY92WW/BamQmWik + yPOlKv6lp7tj/acFzcD80iU4YD0wrWoSkpofJNn0Kgzddhz9nAunhen5pYtbicgT + +GcvTjIrPfqxv683UhzxoLEpfvjp84XRSuhHwx0= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDnzCCAoegAwIBAgIUeaeO5DCwMMRx8xJzTMRaIc8wQU0wDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNDEyMTUxOTAwWhcNMjAwNDExMTUxOTAwWjApMScwJQYDVQQDEx5jYWxp + Y28tZXRjZC1haXJzbG9vcC1jb250cm9sLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQC/u0kMsB0RuwBE0vjSFx9opezx8PxUY7lwxOIOICHjpkMakpWF + 46HG6UNtYvvir5DkvzJi36yI8ZrYLsXEiSV+ttNGoWIQRfDLKRYQeqMD+pvRl+3G + uK0WHRVwO8a6rwjHxZtnoQ+Eql3hRizZ5hq5aH5LNhPNOoDBbVX+oescS7Sl0ZsM + txzAL4aA14jE0qlmuY11VH4EUk5FCMXFDZiOhf36MZ9ksz5BoB4T7T16NXf17z16 + m88Z0cYRDbIRPHgw0G1hla88OJb2uFctRaUe7g3zXa46Qw99qvYBu3LHUle4evTF + 1dsItnpI/9GvQzff0GEBInd7qOCygB2TJGJ3AgMBAAGjgbwwgbkwDgYDVR0PAQH/ + BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E + AjAAMB0GA1UdDgQWBBQ5W2tomASPHFCUPwAxEGfdpmPIlDAfBgNVHSMEGDAWgBT2 + ihhfbRYmpA5j5fa60uwPuD3P0jA6BgNVHREEMzAxghJhaXJzbG9vcC1jb250cm9s + LTGCCWxvY2FsaG9zdIcEChZIFYcEfwAAAYcECmDoiDANBgkqhkiG9w0BAQsFAAOC + AQEATfGXLf7shtCNXq5T99RSJ45+Foor+ZHtD+k8JL9OfprTdIom9SVSAAHWziHT + s84O5fAjQRN9c48MOkOnH9tBHJHy2Z+fWlcLkZBzvsTK97JGwRfnejz7+NYkVtCH + Rrmls11Vl6T7/s5RMCIhPrSflpfzi9m50ADwwpOfA3/LSvkB7NSXu3DnG3yOQr4n + wMVrp0juNIQwsci6OWqjmayEWqcpT4iQUNcTXVlqCqIQ1UZglXYamcqFEcktf+o6 + PMfNDtU6RFASGz1Pomn9ufhVoGuM5dSr2CoKwtjVlsBfGqFui11vefy+jminpLB1 + ftuO8ZFJjaeAo9FmUDEwve0kHg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDnzCCAoegAwIBAgIUH9oX7EOw+dcTewk0cZuTV7cwpjYwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNDEyMTUxOTAwWhcNMjAwNDExMTUxOTAwWjApMScwJQYDVQQDEx5jYWxp + Y28tZXRjZC1haXJzbG9vcC1jb250cm9sLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQDWRqUK+FWoqTsbbMabSem0Wmo02FaXiZTe9HmxLiWhG9dZ767z + eqNexZfAwMdSvI/n/3sfaaUIONNTnQxxq8EBI+ZxpRzB2dPKBzQgoqzWJ1k17F6N + jUbvnEEmmC6pi6jtLlIS1TWXqhuZlmtqVbYXzv7HK+XZ0IkhBTDW0GE3xuF9X1lO + JkpW4Lp0Sffp+fnDx9A0IhCbzPw6GhloDcguNfgSgjg9VVrpkpEci4q5fAHKhaeH + PzNzCLwGmZ98BGY0VshpXC/gzrc/Ndqaj5ozDuqXO1q/p0l2I+N/B8fCkpTJ9MtA + 46RjgMlaA4k0rCNpEjA1mN0djGFJ74PCBsORAgMBAAGjgbwwgbkwDgYDVR0PAQH/ + BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E + AjAAMB0GA1UdDgQWBBQhaBFR0udiYujyeHk2uYeYV65jSDAfBgNVHSMEGDAWgBT2 + ihhfbRYmpA5j5fa60uwPuD3P0jA6BgNVHREEMzAxghJhaXJzbG9vcC1jb250cm9s + LTKCCWxvY2FsaG9zdIcEChcWDIcEfwAAAYcECmDoiDANBgkqhkiG9w0BAQsFAAOC + AQEAsv15NTAmB8nphcrPeGXsQeWV4AR23oAQ4L1QUIhSJ9dgybHlmUPdAqmvfPt4 + iLr281o298SH5QtxH/GbJeYBwMKz3ptU63EvdJeBPjcM2NrrEms+ZuKTDtx52TYt + JOaRom+sWNPrtIPhYo5Dp0PpVVkI42FX8kF3y6q03bYO0ExmZKxI87PBWQfqy3sa + HXQeOmP864C5OW+BIj4vuPtViL2INCl7F1SYlb9eX7KxfYcqlvSiYwXvygM1Aoqq + i5lfXC4B3koAnYL6VX39OLWn4nFwlOihZ1QuBUteAPQaXFovndipnc/Nx/ZnjKVL + xzRC9ZYR73gBZpt2maPA74dNTQ== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDnzCCAoegAwIBAgIUKCtl8SZSz1JYZEp5YbF4YS+C3N4wDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNDEyMTUxOTAwWhcNMjAwNDExMTUxOTAwWjApMScwJQYDVQQDEx5jYWxp + Y28tZXRjZC1haXJzbG9vcC1jb250cm9sLTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQDsjyQ5NpTTsvwS5WK1nwDkm4GDbV3+Ofgzl7VKFZgAMMxOSM/B + KbS1lwh1lJA9l7TE9yTMy7hw+qIhHGRzpl6rOUCJ0kWIA0SZhxB5R3mRNOb7GbjL + ACu2SgnXK9Uu2xnO6DFYcxWB1c9bQL6i0Lh913W8GCZYH+kF0JiNn4V1i8PScAmz + 5DT2Gb2ASP8Byga8eWq0ROvq47Nj2T1Hd5pF5VIrfijpD6vylmSYt5TPXZvntlAS + dAXU7EExl7csCaqQIK8D/ZSbnGU3lI1TsCCt9uo5PHm+drc4qCzoGMQaPVOM4WEK + 10Oo4D1DPouTjJKew8DpK5yjbtCHfVQzRIB1AgMBAAGjgbwwgbkwDgYDVR0PAQH/ + BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E + AjAAMB0GA1UdDgQWBBTguKzT3Vz9tsGmHZYbLy7lb7NvJDAfBgNVHSMEGDAWgBT2 + ihhfbRYmpA5j5fa60uwPuD3P0jA6BgNVHREEMzAxghJhaXJzbG9vcC1jb250cm9s + LTOCCWxvY2FsaG9zdIcEChcWDYcEfwAAAYcECmDoiDANBgkqhkiG9w0BAQsFAAOC + AQEAmJaF1ouQ8BwK/fWnjgWCaC1IWPjRRuI2KbbNIkosW6i0/RjPxuGWLG78OfLa + Np+davz95nhIuPeBEKDWZwk6tgzXJz5PAnj6znZmlKk/7esn6DZfVJYaOu3wl8K8 + 8mFv6qNkwFohKSJT07DJNd7Qu+LWkeJOZkRXlQ8zImAJu+ycaMIngV9Bc56zc27B + eDLOXF7AriY6qk+lRZXsr0MlprSVUCYyRjMVsC0N67mbTe/31C5DNH5x3Gm9Evao + siXkeEL3c09sAXAraxwsOO3FmpHVAIoHRaptpim63565LcIlxB32WrPQzlsB/HtJ + ODViaOtizjQ9GnAiCYUwhC63Vg== + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDTzCCAjegAwIBAgIUQM3lWI0xKS0IrjakmQ9+CKwotHEwDQYJKoZIhvcNAQEL + BQAwKzETMBEGA1UEChMKS3ViZXJuZXRlczEUMBIGA1UEAxMLY2FsaWNvLWV0Y2Qw + HhcNMTkwNDEyMTUxOTAwWhcNMjAwNDExMTUxOTAwWjAXMRUwEwYDVQQDEwxjYWxj + aWNvLW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8MpiYXCPX + 3Wi+9XG7AdTrybvy3CwnHAOu+DXJaUuzi9oZvjPYUdn0/Mx/ZW/AB1mdt/uAV5pc + j17JkFY65vFp16nCLG/O4vC9tXRghLcMeoxxqR6M7ec26NhdLC7aHP4VXLwsGcFV + kySNabJHF922ATQX1PmQtmy1A8w2NW1J7tJCNVlsBcLbRG+EQpZJu08Gp9l86PbA + qxb7lUnujly7kRgzN6sIjZJcgCi5ODyGH8SIt7CUrrNM1XcW7ZttzW4bsFBLNdg9 + CIRTo5FKw8E3El1RInol5nDsaMqe6yyMoEepVVc2yF5TVeIWbAfWhmlwj5mXmygg + ThqXuvKKhTgTAgMBAAGjfzB9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr + BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUGOhz2F0S + SXbB+70dJrnGb2OMWqgwHwYDVR0jBBgwFoAU9ooYX20WJqQOY+X2utLsD7g9z9Iw + DQYJKoZIhvcNAQELBQADggEBAK2UacfqtHImpX9b6o/RU2l0RXuoW5JWhjaLbDF0 + sXiSDET8bZWAPVWPMaIv2R1c5ikZ4AqFy+QXdZPdfxW4FmQxNBxBFxJoJq+rrpF+ + VM6eyTL0dPDeTb8dQBuyIxszfmSzuwp+aeVTeLJ8VzDyJMdmW0aWUyOAYxIFbO5g + 0P7BHqLBGvNHwlGHd3X4FUEwquQXFMjtPevL+z/nYd1RMZdRfMb+nVE2RVuE9Rsv + x78HSauIk5+WyVS8aIcws4nAgi9uJH6Z1KBoqx5ISnkM+dy9GGL9iLNyRo7C8XVJ + 5gA9eyCLXIyS+sT9OZ+YPlL5PAHqYaih7RZqR8Q6B1w8tzA= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDqTCCApGgAwIBAgIUFyagkSGlnNZTF9yW0S1s06GFKSEwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMC4xLDAqBgNVBAMT + I2NhbGljby1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMS1wZWVyMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/Fsk28bvLuh8bUSRnDufz1CCE4YwYFSXYB/ + i+ivbdhjaoOZDhMqc8THgLnoHKlOQux+WDWgpUCMkUbxm5A8jr1wzBLPNfmuvqaR + T/7/fkQX/IjTLnTA316eZjGyCpVJxUu/Y97wwnTJLgQbSjEHD5KqixsUM3+dlPEG + KwsdDn6FRWF8lXGw3IhvyJKuTvoWXxwNN4GuxdyTvsHOeTbLoksQBiE2snzjEZ3T + r07NRf/X/4W/9K/3Ehuwclx9vNYeXMH9JpP3O3yrhexUiojCw2BGdnL3elqIjTfs + IUA3UkY5Kpr8nne7TSX5v17EACbXAUOvTyAnoT9QUGXTB04LgQIDAQABo4G8MIG5 + MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw + DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU1StueZqhmS7gDQKGtoYGMExCGdAwHwYD + VR0jBBgwFoAUzzSTCtsI1NxcbY9041m3vYMrS20wOgYDVR0RBDMwMYISYWlyc2xv + b3AtY29udHJvbC0xgglsb2NhbGhvc3SHBAoWSBWHBH8AAAGHBApg6IgwDQYJKoZI + hvcNAQELBQADggEBAK/WQHI4QWpvisQIKaxrV3Co+xnFTCqoc6h9QyXdK6RtDdkz + pr5q2GiCSYcna9VNol9qVwgnbgfwtS+AJTLP9adZW9Gwt7YWV7gpktyI5YKWDLyf + xqMtLhbkEmIOI25O9sPJFZ+vyCAISXtyl3/nG9p86w7KKrvIG9ozpKJjaVfaHotj + mGqP+RnsdRrB24CAPT0XvVEtaI8yYgGE452wMqOprhZuY61JCRvd4dUQpE6Ye3Q/ + YNK7r8Kl6MWX4NDhwaomZbYESwHH3OuFzEh8cHNScPD/2Z0k2vbPUKmzAwMI0o09 + zdwHZT+yGTmrCWkCrb+fP+B64L/8xbNC/DJ1sa8= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDqTCCApGgAwIBAgIUNtK2RGE/O6cu2HabPyph4klc+qowDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMC4xLDAqBgNVBAMT + I2NhbGljby1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMi1wZWVyMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTfScUMfvpPsVr1R3m6uzOa7C0lWo5rQ1nQW + yllrzTOYPdPnlfz5C5tFKDXzU+K9iEpV4+vUg+2BrlwlPiHuyC0MGxGxIk/TAEv1 + red+Ozq4WSOY6Ns9bJK5WaXQdDWiBGBoCTK6lrYIp4UdpA7L60DNP50BSLkj3mXZ + xMQUtQXh04AJDMPhmed9NA/rTElJSUBpYncszSJ35vVOI2Af1Fpg4LkAkh6Opazj + czgycYv9ni0b31dzN17co1HDmcrzjlukumr5ZPx36OpA21wU8w85Q+5+FmPqvc+f + xdQufVmi1bu2kaX8abhDylud/tFHWVQEWVR92ZKc2XgLbMkBbQIDAQABo4G8MIG5 + MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw + DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUkvDy1wcp7DMbZZrItsxuUJG9kV0wHwYD + VR0jBBgwFoAUzzSTCtsI1NxcbY9041m3vYMrS20wOgYDVR0RBDMwMYISYWlyc2xv + b3AtY29udHJvbC0ygglsb2NhbGhvc3SHBAoXFgyHBH8AAAGHBApg6IgwDQYJKoZI + hvcNAQELBQADggEBAJWM5PMtYe/SGGo+lpubKuM/cJCtse4LSm3SvSIhSmoJUQoy + /HsRF8hzVXFNATtWlQVM3VEbe1k+4RY1DZ6UIjVzm3oc+P2fbULlbJ9GWhZSLgHH + vM0Ffj8zNOZz1+M4My7xlTrD65hCGcyCLLzyeJWbge8YEcQCYVQUx843kbIwxwIR + yidmWmUOyBwDdq7Dcof+ILBZfCg9bvVQtn2MCKLs1e4zIPmIyvDGS8LlIx9Tirb9 + 0sd68LUeMSXrLxJQIB43rDJh16jGMemGtR+TnWtW7mIT+r0FZozYzNFwMXMQ7/D/ + yJVPJHNvMASrxr6m8BSpTVSd0//pkdfyhU1Tvs8= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDqTCCApGgAwIBAgIUDAJHTCuXvIf5MVfxv9B+88qwea0wDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMC4xLDAqBgNVBAMT + I2NhbGljby1ldGNkLWFpcnNsb29wLWNvbnRyb2wtMy1wZWVyMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1p1Rf0dl0D83sVDcJFi2gZlm2LAt5e+UYRp + JPbYVbLVO1+o9P89jrIEE3Cl1yQTcglYk7zjnlGUvhA7HGnjtdwMX+zWAX0U5heA + xgg1/RCol058H0pKNn+dWqFkcO+c4AiO3/W2kzexQKU63W+3dQEgUharAcgGEGtt + D775mc0oac6TQXC2z+EqFdNDBPmIIUqSzVQ45x5AH0XnULq6xvpe7S1VS8RpK4Em + E4ecqA8YPQanjdflgkiTSmKzs/xxUgvLeGOuBrBMZALgd2/tOssQrnJOgnanWvt6 + W4yZdFjbGC7nkSYM/j3u1k5aDbvXaMSSHJ9nqHkYdzCUDTcBRQIDAQABo4G8MIG5 + MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw + DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU9rdOQ4WMLuAZ0Hm1yvtZ4fKJNJswHwYD + VR0jBBgwFoAUzzSTCtsI1NxcbY9041m3vYMrS20wOgYDVR0RBDMwMYISYWlyc2xv + b3AtY29udHJvbC0zgglsb2NhbGhvc3SHBAoXFg2HBH8AAAGHBApg6IgwDQYJKoZI + hvcNAQELBQADggEBACT1RWdojOkrA796ImPiJk9o0gGzNq4z8qDBMmlE9lPexKkY + ZlLsgm9PmdZtGlr6JlSl7KTsgc5EdgemOxdCKYWJRUXM8zM/wHFyTn/o3PULZO7e + NJPuOLJ+YfiaWc/dfTJw9S1SHKfoVx1nCfYM8YhVtVuVuU8Sla6BmvnqlBxpFx0z + ye0lo8YWQkD95pmTwK4clO/n9NC7zqc9OdQI0pzYtrp+7eUJkBvG92ptDSjoepEr + DCwOGfIvtWeX8Qmx1Ce4jNeGl2ojcAQkXOyAqK3dYVGkD2w282Z286C9Pd54aND2 + ikQVmfJeYwPKVZidBeRdJVC9fx32gwnN6gudVWE= + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN CERTIFICATE----- + MIIDWTCCAkGgAwIBAgIUSNIYPI/G1gAAPjotJ6p3qFD3VWIwDQYJKoZIhvcNAQEL + BQAwMDETMBEGA1UEChMKS3ViZXJuZXRlczEZMBcGA1UEAxMQY2FsaWNvLWV0Y2Qt + cGVlcjAeFw0xOTA0MTIxNTE5MDBaFw0yMDA0MTExNTE5MDBaMBwxGjAYBgNVBAMT + EWNhbGNpY28tbm9kZS1wZWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC + AQEAzyigp3xcuC/SdF38v75Wp+1lNFKE0RWpNOrj8kbMmrPj3V59bp/8ZdCGS4s8 + KJJWYGmz4uASpWCy36HVfcKLA1xhvPqixBsOI4A2KFa1eN/LG6Qvvo+iSvLeMFUZ + d1aLDHQ2jo4v4we+ATzDJmcTrOvblp+8zLdhmef9bCTNi25k7HVcC0KPLaBkbCph + /B4uGFcgJgK/KzEiCNyfWO8lkyBTioy/3FfIFW0goEup99r/TX+RTEHkE89kU2nz + mli+O6dWvHSaJmtMJbruYaTV/ZkJLyOMPrm04Us1ZfSMZkd2Jk7PSPXprTtcwNmd + 4EcFzd7lF8UB4tnDuDeMHlFmKwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYD + VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O + BBYEFFXonjGUDcu2zB50Leom8OHNZK0FMB8GA1UdIwQYMBaAFM80kwrbCNTcXG2P + dONZt72DK0ttMA0GCSqGSIb3DQEBCwUAA4IBAQAiNaM74IN/WtfXPXJVi0iq8/zO + UaQLb1CHQCrOGGAt2fUqKvMDDIrMcRhlSpNCLuFwgkt+0bm/4QUPqvujRW6OlWK9 + ja5iXa8Tr5a6emm7rVzX3Ui8zLEujUblrjdz2cVPpdu0Ms6z9Ze/mjz4ZCqqvj3/ + QcomWaG/bB8n1GAzxkIwmXHXANyNiv68Uav+ixxryGG0NxMkVq9Sw8B5EjzVzEDl + 5bl5PR564B+B/FTW5Vo88ojR2Vh4anglk5+811qb9dJKKmhscYvi5o8rP17H+d+9 + PkoHxOiHaSOJ1B+IKvrBO3XPaP97DDWLSwaw6qPmkHGVbWKtwjvy09XRwFDx + -----END CERTIFICATE----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/Certificate/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAvqZDrjECiIFqnDoI71/0PKibeTJlViKC1qLg/8X+AawL+717 + Hin2dZ+XKXF595qmsEsGgIK6nmjJp/gy0jdASah/LpJLi/WcKXQGduLDkYyXmacb + Su4Ele2/KImbKS6/BHcCuaF4FNN3TujlBVaFQfggyhu0GI0snaQQdpZ4ORedKBvM + DFMigtnOND95EkkE8V1jCB6rAiBD2BrA11gd9lF09/fyVYmbeDwJoiRfGMmGqcMj + TSpITXlqQu4cjrCv0KeXHzQNvjf4BKftznbZhP36+MoY1pbe46bi+pMIJO07cKo/ + cAxXntrtTf7wSKJmcRi5hlUrcYRLYlE1LNfdLQIDAQABAoIBAQCC0z0mT2NZoNUz + l2+CM+o5pcnqhPadANmfx+12FruTEii2+vN9Y3ZIiNcGDWSQ0IMJ/rHbhdnh0i5v + IRZewqNO6F097A4DYOtkVsYI1ts1CbEOM2m7JVHoQFkozCS5Qea6faBVGcR5JhN9 + BrwByblv54E4r4IKRvYSxv61IdQl+CjddrT5Py7qTGiIONdT8ZDr/nUn4Hz5/znI + hOU3uLrnPwt5VLlWzDRUYa6+fUWy1VevvItJh8bbs/XeeJAGURWRnITmf8roM6jE + 4yW+ZQX04o64IXo3WF5di4Zbm1lxn/7D49wlxqst5P8nJGFpdq6rosjRpFdRmH9R + lHwf9n6BAoGBAMOIzYXpIzZU3uyXhfS6eIetQJBwNjnppOJgVc1zRN1DV0qoIUz8 + uW60uzQw50gIdOL+z3Y0SCbRoRP0tcelW6rMZGRvqanfE05quiridgWFiIElKBj3 + xWHMKS+E/IyBzjus8GoephxlBC82Z9lkQTfkwxGPWo59P/io2Qb5BTuZAoGBAPma + wRZ7Df6pAjhFKtJY/kwNQ4whbYDQu8CCl6y1zrNvlyt4kobFGOIwg2OR6cB4TXms + nNxa92U/2oOafBpappTWcBu9SiA+4BMXHf7X0EIfyfoBQyChnxEVhaXwZeLqRK5F + ueDr1JFn+CPH6+0fN067O2CUSdLQ+ZCfoH72zsq1AoGAQeqDRkpSqYUw5VcrPFYE + PdDE/Cwny5wdDodlRW4/X8vMyIknOLnVlSFuHmkB/sGDDebSb0murQ9sGrsa8KOo + 5Eok6crOyko+SuglvEE9gh0C6G5rNweHzbEyjSdqr78uk+V34n5UhyvynivcFGf8 + qGgA7pGB+Jj2kM/y4ave/LkCgYEAyymSJlksr+4il2h9DU9QVNiq9UE0HxhG6c+h + 4vrsbpLSqZhvM3Dz6w9vsjjO2VFSRkogNx93pJrPojS49L56PkU4ZOuyjQKAYil7 + ybUhluDHBk3GtKW4kjBBYyqD06m5E1w/inqJv3yvtXgBaTTyUIwHLXoliIl9yKCV + AyKieM0CgYEAr91aJNIqJG9Ki92WBXv5rJqoHjwWhW1ukoflaJ1kk3eHT/1lCQLf + cnBQVWr2cfoKO0tZjAURmAMEF5v5YRLuFB0mHFEAFuUCh6JPw3XXUtsFdx8BKgV1 + nsctGygRzQ2fDse8Ct500cqoLd3UCPo7atY2Ejol0sQAs6UVx39npGg= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA57O0RA9EcBqsUkENh7ut3zUHQbGLuW7RsLsleKkUruBQ9jnB + Jj6UGMONH+p1KTvKRIWbCy+UryQmCugTRWVYGrosuFNEgGZKwi6KTnYLeHk8pJHF + Azi1/H+QLjdCGu8JYWn3ACmv2pQHg0nn5MDO+1Nbp4wHIjHC1ly/Rp7zDZqx1hjT + 7wPui+MobardF+V3kYovFvVh8Iej+ny+5VhpcowWg9K3QIx2WGSm/ovaNHyJS5zJ + 2vnzmbl8KOYPagesRmFprxWtS3qaMWoE9qRK0iN1UkGfXY6A3ehODHQOKJoZ2tRQ + 3+7874pnujlN56NVqdHyxPeAsW1fxy5UualzCQIDAQABAoIBABo2NDB24bEk81Wi + 0lsGmlbj8tw1r67coJAzu7t4tURLUB1qzzT6Y1qh1LdFmNd/UhSKYM3VJibiGgOl + 2XhCTMNJSIHZuagk6lQpW7Agno+Ud43Oh9Eje0MDU1ZHHg1Z+V+x0yWLkb9Se78Y + f0lbno7EEVxU9QGjS31gpKrilHB3VoemyPQGEVAKvK0AIx7dOT8Bknylfx05JmX8 + m6Sw0cWgScEJt/lUxqCTu19+NXCx/HDlKgMXqNxW41FeMfkfSjV24rLuQtHx2UJQ + k0F8bmLowh8ItXlN2HaROmpQXYNaBEvxpWWy909JMvITkrRYzFauVap7NGl+I+Sl + pqjqLQECgYEA9bXhzDbCL1Bp48s2btJK/1YHCo/42M+VnjDVT813Bp/fJlZsyGhN + TRypw1iHgBHQlCSJts7L2C3gxJAd0JN+iCB5o0DSz3YJ3Mtp+wgGRXJap6CGoVcG + XsjPd0Mv7HmLD/MD0TcgBFk6/ePGCFe0xuHib9iGfuVSxWDDV4W65PkCgYEA8Wel + KFtEzvlQXFSqtOJauY3NQo9phK8guCBtBfD8BtJUAx9lwoq8tf847D0P/aKE1M2E + 66zkAki0Vc0TisHGR/ahrND7VJt6KMdg36qJTs5ga6NoGsDgDX0cHrEjRAQEWMWQ + OljlLE2kn6jI4Jn2aCBOqX/IRCNxo1m6FcSmUpECgYBiM9RP+x63LEt1+JUDy9af + oHFl/k610Jl6xQesQnEs256jQu1tV4p1pFwRMAPP4s7bNpM31gTQnN11kifoYdqz + a09SOSlIM2QTs9TiuL1Q6jhjQJwuRYrNPTL19otj1twGftjquD56nnMeX/eZA/zD + dCo9C2wNsXfYXSkVhORCeQKBgDQw/VMZUGoTGt2rbHDJE2ZUkxEV4nFOT5ufXxLO + xB5RcNpv+lcyGZSbhloE5aUncuJzQI6XhYA86cg3G0d/l3fNiazMTdo/9wxD9tzE + iQUht1TuMj6+fnJMHz0/fOlimPH8XK9QstN+Qd5G5o8wmkZu3bLlro2UwCfZ6VJ1 + fqQRAoGBALzsMN5HhwSocH9nAnvTvPiESg/NaDUv8C8N7NuFfYRbRDLrKxJioE6f + Z6CIaFQltdRzLUL0aV3ba3golzf3qOQP4+RQYjSrehkwqTr4sRxQfFl/rEAaCM+h + g4g/dk/NtFSdEJQaYqR93Y3a9BYoqTfXB6olpcs/DnV4F2CCGjbC + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAukrF7lsVJeqLbJ2YwwIrfZssLlSUh7S4KXiAU6+inK62ZjGI + 8hUngzPxWU1kUul8U2gsoWPs8yQYxVtdk7350DdYWIhiwS8OwQJ+UHzQTV5ZvrHP + 7U+QhbP+Vyi53ohClRpgln4RqRE0Spf3vKq0SG/EanEroqY6sJbHDs0rCxAhbKc8 + 4KwNxTr64Uud/ohXF1kqc6oR878CZZRuWCbcEIWIqQa7ARw5D43X39UPlEWIqv5C + dyLCOogZ5hnxkzeKpQx7JVUXgvz2ouxPTngSynN0UQ8dnCakntZqSmROQDMCi0cF + 9pWlIcAvNp0J5K9WOd9pnWQlvuxHjyjiW0lJGQIDAQABAoIBAHPkvpwZV9+9uT06 + EeYHfIzosySjg7+lAwjxqUvmsRAudNTArkSEOo+aCeSXi/k0vh6ZaWKB6tAcPbjR + rTaTck1BkRmKx30NTG1woqpp66CmOMi0j/k/jVZQcsNAV9mEBYAC5+HXzh7S0Cgz + wHBD9mI1/giGHTJTnaFsO6wOoV+AedjItqfZ7/qXTBx2czEyS32kxeejwkDAcS4Z + +YiKaXOsMxW1ZqpnENmXayptwnDnoBhDoV9OUZBzoxBF/OMo9W7W3iUZRqHdo6J9 + nUFsRy4pqWKjp67zwGBZUTjN5z8lKSuxtLFi4+fF51SGpNlwmkk/83TRTsyd0PW3 + AG9SlDECgYEA7QzN709Ce5bgn73iQg0CB5vpGmWdGLTCDl9buO+N3D3YWebeTl1Q + h+lmVbJgehGbY2LbtPdiXV+qlooPo0BIkj+tPx4nf2uxCOQnPrOphH3N/iBVfKqg + FiB3QcHCcXkjpUO4U9Dd4BYK6WpvbOZFw0M6U0KPB1iHjaWK81U3RGUCgYEAyS82 + 9Rf/mhOiWkLCSliAxj447g05VdHsnAcBYwtHp79NQQfjnfZfQ92clndD5DNawRn5 + Q7V9KnMKjIie4l/7bippGum26rvkUo8/u4MIBGkPRxvUFHkF6tAQJXzW7pWd6Fp4 + bztTj8710eD2NIrlMjsD3smQTB4eXeDaCpYcJKUCgYANruqIQNP+nFP1BJn15BhU + 5hwLiQgLcAuvlrONtk5DA1LkxZ3Zeit23PMqSTSmdzO4BfHWvVzxNN989xU2ADTw + NDrE5PG0ujuq3rihNu+3FSf53lXw70x0WoVnx055DFwRYxpVxD26fKs+lAVAjP5D + 6jKIsdPdwa95bq/ZofahvQKBgQCDiYQ0MVGkCoxO2XEwrLbdZtdQBYNkMhGyXf4x + JLHf4nr/NspCgE//DkkQM8BG1rDSqknIVEQW2gqeocDIH5tDhyUbPI2k4d5BgHlZ + /yzhvVMI2hAKpqoQwaKc8AeTDG2m+mfdyfszfkxIwf4XkmySL/Wy1zSqH9MY7CeD + XmveJQKBgE5urfJqUSB+rHfCU3CzNJ0pr1WayqCuA5jMfFPZ4jZXzcyj1ubIj7o1 + OEztswL6ih8v2vd5zWUtC1Z4vV9eItQyrENGXvFKUbGhjID9tY3AAFRM+mG7SVEy + G0qduTSq4uNG/gySdU2m8KyGKqOGeFc71bDuZ2GNIEF2U6t9UKwa + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-airsloop-control-1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAtA7y0pt1s58brEmKVtzMtsLX9GhUUh6DmD+v+8LZuECCapk3 + oY9SGa73qSVwiPcSODsiZe+h8b+RaHHGTJ9yEC1fy0upJbqwvi0iYsA+UbCFioAM + klmHFnPAcmKqhV6DrK02p6XjWVebEkTQphskGCwFMyEgjrY9Z+tJmZAnD/VD3zeU + fdrBAKlVa6cshMCXG6ElmuUOgfOGrWKEkDrc/DTDemk/eNHyjbZ4wKMJtiUVVk5n + xFlcd1Z5hBVuw723b/hWPvSy5YpJvH+V18b0sVuV5D53Wr3lDBosHPPutt65eXBC + 53/xouWyO85PrQ1itCXbUeDcHNIgityMcifyFQIDAQABAoIBAC6aF9rOhZ4htgXX + Wsi0iP9cWoxVXE2MvD5xbVjZy4PWnmp8kVttPrCLCmpq2D96wupu065SYTWygS3p + FIvMULdDJyH0ySiMsyXlhJrOatK1vzpjfd168m2rM8nnI381QRs2EYk+dCMxe181 + FFOJfsQK0KW1EzocjLQSv4/RMWr9fpq+eyDezOYKqh3Jk97lp6EdvufV1eu3haPL + DH9FrKfGfP4PfVyuxaAtiAxciWWehqZC8fA3C2+giYvKjL8aRFS1E6JckoY4f5WN + DFGFblO2ZB0GxXjDB4al/XNBs+dvi+/eGiAOYvdw1DOUxBkFY6OrBX6dgFhIgRij + P36biYECgYEA1kYy1kIyWZNZtepLMY4TecCymBb/rC1kygg4abSeUVACBGcXbaMO + UunjGd7WPhOe8OmZlltsIckQmFqG4kJl+UYsURahEEmtgVpgp4pakAeOhMR8/nDs + uNGVjwL7+flHFzq2BRCjYuILiTsXdCNZMkSi1BP9kX2JBN2S/Fsw27ECgYEA1x8N + 5CAKHeIiUBTZMYA8qsqBZy+6jhsAwXwxYAmM+J56F6kXRO2jeMcBCYzhYqYOi3b5 + sosNHCdJF3XdBaS0VEJYrXptVuw632nt4cwVfheSz+7XrlkaIDhC7esal0zraC19 + wC0fdm0+FAxSKjQbSqaHgiF/skBAAGcKmD3rKaUCgYEA1Rm3kXMAVCnBfLRo1/3u + zJWiiLPGztvOc0c9o5MoKMIjX3GP0U/q/PbzD1WZSN+GoR4Ry4FcxzUKNhtCLl/O + vtzVUkfpIyPDVPQnUDi+3KNHUC+CCCMSqrR1w2c6Zl9OHoIbaGoltEAPLQoBx1Uo + bl/oeHbxJfLthFNAzY17x+ECgYEAre4R0SyGgXrgu1bf9MH2SzDIR6GzeEok5kt/ + sGKIdEvN82tnwPdSgMiF8i7R3GzevaxIXy9GPkkVM768IV/13Vp3UGv4E5uUTibb + iwDzL6vnq+80u2aXVQ2oL60zJrmua+C8F7FkCuBwnM0Jcc4HcugKEBD9qiWAmdK2 + IjmN9XECgYAY/NpIYXhn29+fIzFotBXb3XDb4EFTKe+F+k49gnjnHcbcXFqNm2iv + thwzaN5qXkBpNTTFIuFS3WpQDCP+JIuwroEa1ldR/yAmJavdJ8C1oyrPmxuVOvwc + eQmNK/CvDNsRVzhdJHxZ0py8pIyni4Of5pXqyw0jeJniaQjYtXkpeA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-airsloop-control-2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAq65p49nDw/LMcqzwun8520kwqxaXnKpqIYUzqrfIHFkxikFi + pu5enbUwUSt8tubwNsgNnyJo8H847QZPmlKKXJ3Mr73DyCLghY0xnQVs8X91fBEQ + HOrbFjkDrOb2YZHggtTHCg+VAIbdC1CjtlwSyGcTCo5SdKTcG/WbsCAhu4HgiAGd + y4bIremzr6OrfBB8/UoE1GsQHNv6BXMtM8A9dK+eklJeeUErRyXwT15SqDCV2WEq + ienkWUSFj231b4iI8/kw4b3qOIwwoP8Hfvu6HK4jbvAAy33o4g1zssdi8p2Bb2Di + TlZZQxejiZU2du7c1D09Kmh/iLQsQGbgrKxLFwIDAQABAoIBAEOoxQqK89/xfCll + hqm5IjANtCR5Dt8rOhBj0mzhaPfjHucBxcNMBfXZRmV24fujH+A3D0c75GeDfAfN + iOmkxeqiNdy8yL/DHwEDGB5t2PWD6eUvRE5hMF6dsZkenNLvDrAA80A/y9UdUVf4 + O8zOlIhuNs7eMBjQL/7E2Mqcny6p5w/2U2OTlgKeVrKzPotW0DiklfHiQ2nwv4So + hhJwNxLFJvL842DMoE6DQN/uDb6FviuZV2lvo0zJgkdMN9fdLoxtqz9vm7ZzgS7R + 56rSreZCy+VLmS1M2KOEaggxMdCXKHzBtqkEgvaI3hGpGmYLluCyErmQ/8ZA0IW7 + j54BEyECgYEA4POew5UwUPMRsJD/ZMuZhVF9xyx/Q75ojMD3d3hpyUFUIJMRJK1/ + YrvoOoEmrzPDJvCk7h3AwtQ6gcmKy5vN9kdIGTLUgR5D1uAaqDE9TVcXmQtHT4xm + N/YKKfJind1WmXnEufb7KcxNRlZsex6QUpbsx9wHZGDFuaGqLHbER1UCgYEAw2CN + y+GA6e5DKild4/uK3+NqFtExAkllk1qvYeOOf+gQ0e2dEG1v3KdGmN8T8I/yj4Z0 + mpiTGYvj2BL5z25ruyNaTwT09MxD6e0bfxfhTpdaVdEMvJOZg/VwOO9sKfd+FXmS + m8QTgQbywh2jmNI5Ybex4Fs6R0pWz3zMbi27cLsCgYEAqhgsfXFKpnsVbjBFnV7C + R+e1tqwz0vKgNYYX2ROI0e/+/96UgOpbvzmcwNg1exclwkUGQTLoNamqT8colwrJ + syZ1IvCndLaAz3KHVZRd6SQoqMW5dzIPfNMjHlK0NPBPch98HK3fftyHtd7Vikcz + E/AhPIJoaIMwH0xZ0+M+ST0CgYAVbDbgDh/mhpuSuepznxdBKVxumA15pLagi6cD + YsIzQCzn99fq/zTuyuCwznUPQZllJ2cNtIEcofwfqyT9G6xwXpX+aBq75NHlinwj + WWj5Bxt+oWd2HfENSRI/C/GeQGbwz93FeqBw22Qu6LURgquMDWpRoW8odfxCz/pS + cm1FFQKBgQDaE+Ydv9mbtlamDzX3+CAOE1qDTtgHumE1JUuorhTAR6C1Kg5/kvZc + Jd+uZilgV+5iVphWciNyzTr5HXJYJeCrXJRYWL4kVn4gv+1wlebRt6m8xfI+dYiz + iyBPah5QDyWCmYjQ3WvSEwopQboBH3DW8mSZk6x1CH7THBWPbw7OEA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-airsloop-control-3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAoUqcY1VdB0EgrYfrUvhoydhQARtsuHylhg+NMSAbcV5LM05L + 8x6LJcF3KsIGs6r6VuiiJB0pYtz4QBM3to/2CsskIwh3uMtA/dbva7mGDd/zeJIX + f8B8xqmnEwY2+mDdeUtifW6fNtra1zgmEA12lAeCaojigHCE+SzP9EDSLKmaTFfB + bsp13Gr7jjYdAjO2bc1TLwSxFVjG/I9RZV3/hwLszgqVDp0aBkUfYafRhJVXzgmj + qQ9Y+ClWvHd2oNaXuYxO0WxbxeZnnRHFzVRtUfxTCGTYzBtJl3CWYfkWiObW7P64 + c0o3gBlmViEHwB1AiM6Zp1iGo9JnuwI2n53RdwIDAQABAoIBAE5nB0gd6Z+qH+la + haCKUd20AYfYPewb4xYcnyR/F/fuvx1MdQzUDw2mUnf9YuaZOSFf6dkmN8Tv5ti2 + vsFGj3JFtuY0qoWwf4IkpbM2tpwt/ZrhYPzfo4eqViWgQr9IsL/STijsygYPMoul + ppLtCHQChnmk2n1WtLyu9NMlY0UD0v7BFEQe3S/NYlKsLAIkpRz6LWeCy+OmzCIW + CGMxJHf59pZOaCiKBQGNMaNzI85gJpQ5deWtIYaZotSQ/Cu7kjVJa2T9L4eatVAq + ayobL4v105YshHJOsuf8PIGstbjE1HlNEG40m1gkaUcSpUYSGGQqtZMe+hsQhWTC + dDsJZRECgYEAz1ehq/gzzs3y5K9v3UndMKmlYj/9gd6prcAVGabd0FA7RNqB/Wy+ + ewNmO50qtEt1k4kEV+fqTIofe8ZNChcGw6awuQO7g1ZqrxdbqAEAVTqW5n+vkmW5 + wTDbuvF6hMQyYWOVPanEwtjC7FyFqfuXPLGyEU6pfVgqeMcsI0bSQS8CgYEAxyRp + bdtNL5CxyUJJgpF6pmEFzz/qehi+pEpi4K5ol/5GpJ0+dyCiedtKzWwq9gMExkBg + KC+6BlERV2FFErsz3jEn+BRSYRBP5MLRkH2Q0wN20TtkznMFMtARVmfYlaE637TH + Cz0Rwh0jX2ulJrdHAHBhK11AcbzouShoi9NIEjkCgYBY0NffG1XN62h1TzUi3GYU + V0cRvAlynRef5tzi/RidCBErYFI4ZWF+vikHtj45tu0pgpLKuPwjRzNPSNVtUgnC + u1+OESw8iULvt5i6cZtb5toG6IEju9GDENO+03vA7W4LS6X9IQC42jM9HjDfbHcP + N6roQQLXP3IKBH9CqS6dXwKBgQCYJmHG5X8bkFnFgzfW4n/rDsX5isQDdVRzAcJ6 + F8ciGcyviNRpAC4jHEESokpQnA3Ryu2sxopCuT2enVrA7Pa8FKKNEDnAn03rYk3r + L4SvND5brh1e/tJB+GbGtaDs8bqhoOVS2N3wiYK1LPGJmw5Mb5BOKXlLbSICFbWK + 32p5QQKBgA2OsGo8VTSSg2+eeakYTPXBefH975iUN+yYk4LpqH9XIVj5HoChVObt + Ar3wUKbGStXElBUkld5fERjz9+Zlbqr41nkampUdoRdEfst1o2BEmtuw1UcloQuA + WknqBWZv/DT0L8CCH3sj4ke/u0E3OofmjPJNxoQJu8ZP4tNupAcC + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubelet-airsloop-compute-1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAs2rpfnd9v6BwaZggRLvcBBdjuTOq3Dn3dcvppYLZK3Z+6UTi + FyJWJGI8d2yfnMkAOeWeUsm9sJFljZWA6GozWYRcmx9jxK3kDZ40yGlvYa6Y+BbF + rLy0RokyEbEd8Cp8mbGKiMaHvuLAAA3uomO0mSn1twtAt9lM6Su2YY+kQTdALQU8 + o4a6zt7H6Yj/ClWjMw5cVExXULMrZXC4E+zHH/s7WwkjK3BnEYi+RtL9Upu5t27R + yrpkhsy9yiouX5H8y8YqBxyeeHQAy/d8u8e4lm76Vd3csm+SD5r8OzhryqNMWRJS + GTdmd3jC/TgLBHAx9A9gNdknxc4I2AeVjfbHLQIDAQABAoIBAH9qd7PWjDkgaXS0 + EoZ9mzxUl/+Yj8iiafj//UgLassQ9gQXZTDks6RXF3YAcEHaBQ0Y4p0MpGfWefZY + rBliAmGaPGH1ota0X3bEWdvR9MW8Ruo40d1gje5h1Gr4C7jZk29axHVp+FE5mvzu + 5//vKvxy7gs2NJnb+mDFKFqUtiORNgpH+++ROC0+eGzNiFovNM2UaraCrXSUEg+3 + MCmDh0Po49Q7jh8gN4dbwfu+RoCsxys6e4piyI5Hs4j1x+Zw+mqUdMxk4EEg53vG + Nq1GnszPcpyqsiltscvOcUoAJRrXGuoOWeEQU3mklFfyLJORg78qRIlOiIn2IHeW + L0Eu/ckCgYEAxxyl309KITUYzXtAQNr0HMGflmxXIai3r37MUIr4z9ggJYiTtAhf + 6Y1Pg7ouSpmhE7NaZR6I4o2f5dyVWq2akkQH2wsgys99uVXvhMpbmu2+gj3/YtRs + FDfYeIOwCKxM5+dF0RYziW3DLSqPeVjVXQstWeZDU1lJ1Exp7YJeO8sCgYEA5q3L + SAiwEOQXYAb/aoaCha4B6xsSLMhZcD3DBTeBMKzPN4AcKRoeb4w8bv424ClmgFle + +9q/P4AkjMRPX8GgdgGr8MpnoZhjb9dhB1YEhU/P97aMcwvJ8IdxCVSVYlIu48iZ + bXHNnY1pKaNRsVUEUoCVhtBSaumPHZ8KKfJIGecCgYBRrlHpgvhxGPwcx3P7Zxb/ + ePrD1ZwE5da8urKMVAZwFURSwW1+THU0NVEqQ8VbuxxWHZx2oQkcj2bKACyQ72ja + mefzFuST7nyv/C3u9qiPrPobKd3LqELSJHq8LaGYXT6LX9fHR2lK9mk77RrAeA3H + Rp+LIqf52EYuPk6yLWoE8wKBgGTy2WsEokhCCRi090Ge66+knqJMjn+ajclYveei + ip7KgURAhBJYo8kdDbVk+o7Oj1TLx41gBSG86kHQBwxYp+f8g0o0yXUmQx3Gm2ei + dQgCDXjSIlSWbCEepJD4uwb0ACEewEXs75ZrNAJMvotkMSgJrWX59Jdk7oR//Oqu + ZG8xAoGBAKOPxRwC7wIr3jXFM6NUO0aN3tTaEfdoBdR1TS/Rl2mtHfoOpmlbWJq5 + 6c4rGczvbuZsg+6NUJo3x5F/08nqnYTGyhdlEXrSgrcFEYz2it0JwS3RTFTL6z7I + tibIXZqyR/1dqzdESkh+ZQCHn9rf3o+opKnqdMAOD88n08RUO7dn + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: scheduler + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA1MzY6qMMAhYeELkDtx3TYZlxiGHt7e7+wdwRGWTyRZvTkXxK + 4ERyFusi7eAeaRV12wLo7YPtLd5ZiTdJY1KQWsKFRwCM36VHLPyJRB4R7XKbc7hs + vSEg2Wn3mC/nn8E7wcrHSaK/xY/ekB1HK9yR04VksvoNAudAFw82FNdYZD2ZndCH + C9hJyNuvakAiwjXolg4jWjG0/RRwrJUVYDMnV58CTFDGBGH4qhRZqMhPvi3oHG/9 + DcC0li1YVQt3VB6WdKwZRGxzlW/F5hc84hulQoXMWMVwnG18S6E7QDUL505c8fce + mWTOkA0tastptOrrl2GIM4yhHmXIX7O6pjsLSwIDAQABAoIBAGQR7NPyVrxIcF0G + 1ENxiCz2fphXDQ99+1loxrW9bdzkGYrp+0AZj9lNPADHCyX5jJGwfZ7sEkYmsM5B + LIbDldTIcupfzN+DFsSGAXsB9QZHhejWSnRqNstm9KMhq/fJY/OPC0aKfUpHjK8S + xZxPvlfM+/zab/H0k4QEiDcmyY9hOOXLCZduC7vnlMYMDT9MkCzMd/ye/mSQcBNj + iHiBbphZ9KMNyaeCb+57P2p/oQErodVjxFlPHxMdaqkDutiwHyy3WL36u/3TnJVH + kqIyZdWURh7Z1PfrwS5PFW2oGvGg67RTGm8zoMHfS9tt/auQ5MP8wtHxUQeW7OGH + xbFHS6ECgYEA5XQk0hVBDMVXmx2hMfVnn5CpYSUru7oV9yKNWHy0BoILXiafSi0f + TD00XWZLJIKbEzS7SuGP91ia08gAmWYRJ2V9zkunpoRI0CCMumQ3SmodNVOy4QRk + GefiwDjwi0+Zi/JMgXgVGAG815ThKQc63xAAzBwAaoeKjKu4h2Nw5LECgYEA7Wt3 + skBdSDYd7YcAN2Lj779Wx8v0Kg7hS/qnZCQY+Sn3gtic+A4EPNxKFgMeJ3rUwKUs + b/GZrEBq2xXMaTgdM2lE/asMb+Va32cpG5EpuQRdsbdQrcxx8C6hM75dYB/cPrFx + 9OtvOoKEnnqRq63TAA2oTCFZK20RAYllePo7XrsCgYEAlEB+qd5hsUawW+DBDe5p + jYeCaOoDX7/UAWGpwcqQ5sOPZL2/ncWZu0CwXMiDNIvOdpJTkQY8ZqwxHTTUbkis + PLAuoOPw5n4CLbdaNfQaZVI6nQH/SbP0mWhh8aDYiqpbozhihiR4PJKi2QewkznA + p+9HFJnjCvGYa1toVtHBV4ECgYBNyyLjU1e9a44O4GdfvpV1XzquKNQOW+XSoYTr + uTA9pFSnmRaF6QHWd1AHOmpNAWBo5zZST9XMrSbWNqRN7ccTq3ChtcRTfdFy1jiQ + Adar+xRAQRK8f/rtejnz3HJ4JrhiCn6Og/5kK5QM4ZiNql0y7Uax+1NeeVRTLpQD + OeruNQKBgQCeEdZUD6EKYQ/4oajh0q8KNcKYOVXqGELQx9+tdRxmbNEgZUbuvTAS + zE5H1VY/3JXOLbISZtDDPe4kghkqAKe/77qfTXsLUHc9BphGEbrzQYYNLdb6wX69 + 96m2ed6UflroJSvEAE34361Hgz0PEEkQH8pQTJi6h6zLJ2aYisYKYQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: controller-manager + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAsRnjMUzcksTeL/veUWz/ft+NKmEb9M/4UwavYmmw3EmipoJT + Fw7EEqq1cHeh+dvkJuB510WKPH/cW6cOYbPzCGFo0DuJO3/PsFcdi+5iVMEeimFv + /39ggnFkssdSDB2LYfo0cfoWvXITW0dX/SbYsPnWlj3zhfhA4eJM9leL4t97X2vG + g4L7uQ2G3eyDA2LycfyOKMgAl4Hy8HaQZFR4NlAY7+Qvf9DQfWi9Fjl+VWc6mjeU + ut9nUZaGHk4me0d3BQkRc/jyYJrrOQ4GkPqBy6KBex0jyu/PxdMmW3Jsozsah88A + ucEygciaHeiDwaiuaulf9UVUWRm9OnnFaqMxpwIDAQABAoIBAQCknG5K3alLlkb7 + DL3Yq1pToBBDKt3kUAX9jgIolBp6tsrCv/HhRa1DuH5K2jeo2RUYeZ9mU1Go6CN2 + 4TEB6VPlHz1gB2aH8kWmH2LsNJgbNSFg+C40qj2XITS6439EmZV7bSegJRdL4SNS + vV5wg9H3tVEadtzKUjRkgIaOllMEfK7XyXQVrV96kbM7tMuBrJilLuh9YmAxpm3e + Js+mn084JowuPaALDhMy3DsTK7RYsY43xlN3w1K6l6P/+clAC9CDhSqkYROTQHD1 + Gsgy3Dn66gVuB7XuMBeTITI5npgI+Zlqt603u4Qdkr8FO6BXJvnymStq8Qp4BJ/Y + 3gxaJt1pAoGBANutqDCboPoBi0QqX5SuVgM6owuieSRk8ZU9lL9hmmPSdQC0Q8Ht + BWcLSUJGFesy2tX7rKkTRL0oqXebqJAhKiB81827NIUbLC+f7PKax6bbAImKRnr7 + WJYp0ryzuXJZR5dkOfcHnEcKLvPHp1gOAlygbf+MujzA8S5hRXe2EXqdAoGBAM5i + D5Xkg8AqT1SRq1GlQ8KKHwyXNzBVP9eq77YEA1XfaIw943MUg9luoPptRA75jo/b + tXmM1r0L7k1nTTKgJFICNQvSKzntTNvxb1MRsb+fZIVsrfHsbtOf34arqC1ffa/p + c6T7zLmjCM9EE2GXo1+BeFaLYXn9M1rgl8cSG/gTAoGBAIoGNUu9LMqIF9GPchh/ + 5QkIWZMg1U6ZofRsCb6pe5DGlb8IhB4fZyqUO8ZJNNJfVIHoLFbbBXB4UOoWwjU0 + sTxSVGEuA1SyevO9Xuobd+ANb+v7FkeFDubihkcMATOohsPHNGhSvs0fx9phknJP + 8wnxvss2x3kOnTrP4Q7TNW49AoGAMTBmDo+8Zxyuc7WUY41ELSXGaLXRzY9D/B8d + qwAh22G4BVTq1Q7argQUEhvg0MDiHZ98DVBoDf69+WzZlWtdvL4R7pNVAiVw4CsX + IXFiMA3JY5OXkcWMVJwSJoLbPpU326mEipoJHWWiP+Q1yljd83FkQRxPS0fx6YMG + KchDKkkCgYEAhF7u1yIFLP7HnARLdok0S4+DnIc/62JTUPJ/+TO/hAGAmE4Qxk5I + WAVPJCZHsmsZk1A7keoanwp4Ti8F/GWRAjcvM+b0wcIhNqPbr9Dq7356x2dOZRfo + tIx8DWpeWIIion6apQq61Azg0lh+WUEbxO+Y6uwd6Ih3iyXRZs1fCt8= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: admin + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAuWZCkJNjTu2dKuIUCWZ3YgjdSsPyu9AtZJ7G6rv44TL6l/vl + Y+n+MHp7jRfq+QjRog8eBIUAM3PnbsD4cJaykjT/vhKBQUco92IeDRWdqjBEnyTe + pT5UV0noq+8Ftdaz1jq97z0/VC8qMEgLlJOaqBfWSk7L3oxSASgKeDv8FxnDq4cN + xSd7/JewhpjyX6bFm6wJGBaQF6u81/nBfNB68WuLPiWU+LIG5OCsRW8ByErGdR7m + 5DdKjqckIdDNC3sPHz80DquG78lMM3skQOhgUtZ5EzZQWQBOlPzMvxSiNiN1Rfu2 + Q8UeOxCmlV2T/5ASI5m4KKqJD+GmKDWoqMdbbQIDAQABAoIBAEKYhe6S0shGN/9w + aAwcX2O6lWrGyglGtReApSkqTjLuce9oDzT9l03ooTrETaYY0dxpm7m54KGaz5YM + APHIX+p+2SJ4WS+OlRuPhgXjLtg0MGIOB1/J7NfR957S4/U2YzDfttwZ3wapTnk7 + V9WN067vqQzWEwsk0kwSCvi3a00MWkKGWz4alAd4yxq6zNX2ZXVqYZBvZL4SeESX + 3hTAwoYEFVqUedN46Y2Ze+ihgES+ag2lO06eGt1qRLG6jXY6T0ka9bmAWDtG/iG+ + tODAITJnKOXP8ctMWWpg4RdsTJv38RxrvKQzfTiv+mWOYvPmm27fOHykJt8PY8qe + AEE9dQECgYEAyv191eWAH96kWVvvsiPtYqeDv0F8iud5oc9W2+y/CdlRqU02+LEt + 98ryxHOhM7f2vB9P5cynwM/upCvdgS5Uj+j3dPW7AS8sfnWHCOyq+YQNB2DR1OFj + ePAmdr8QhX9e6fxUlUc5DG0PmjkKtF39SMqjvZaMuXc3MRY54sc28MECgYEA6dDG + F3OKPHBIzxYnEHw9rAiMkFGgf+dPwc589WlHrnZSw4oPTlzz3y6aA1TGEDNhdj5e + 4x+G/wiDvCFTnzLbHoKbUek1wNw1vX+GIrU92Rgv1iVv5OImZBrNW/eKW/rN7ZRl + W7tlTsbj0PqxiuzoJhpew1F1sbitjuW/aMJH6a0CgYEAxUQtqtWaet46J2ESArOp + eUtD3HS+nJqw+I/vYFClouOf2YDhYDOHcZy36jRYv1MTI+TmF3OYvucTilXasDSf + Fy+WdAJuFouKmOaMMR8WVN+AbeAoatISgjAXoSSy4JlUWt3OMTgC99Fw7TZr8ba5 + c6kCETeiUIbLixeHb5ycBsECgYEA5zQ3vZbVud/6TzSDmmyQe13UyRy+TdvIZUev + Dul1JVIBkzQg4IdP64BkcSjR1dFI7ajNIV/amLOtuEloLAMY47mYps2qBrR6O5Ev + bYC00Mh2/RX16GmsNs6+BNPpr/x4xxY3iBbtHZHUUqCjEVIkWRE4ZYFWlU+d57DN + rmR2wd0CgYEAuMezP4ZIXUhZJeHTWxBBXB9mvgJ11UVxTMEKDU2iOoUuBfY8THhk + j9Em2F4jBF8GTrkN0Ug1YIKpqsPXHn3DA9l8yhr7H+C6Uk8pGefMwn87D/H00SZ5 + xUbavqpy7YjFWocYzIdxTR5kNdnxX8hXcC5dW/fhv3uAYou7DHhKmgk= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: armada + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAyN0uQe5OCNcpnJx+bQxfiBzf3Pkz6iFAEaX7TwBQOXASU167 + T0WPgxVItmir6gLy0MBadiDt6NeB8Rn6dQWqEFnK8HT+cbOw+h84mLJdxMwQfdrw + vNxNyqaFdDE6eu6nPWe8ck6HBI8xJC7tO+po+DK/X3WFuFvLZ33PA8uaioAZpnWo + WpsmNdBAZUnq0MJVqIJ8wgEb9hVuk+Ns1tmQSa1Pirb0kxzHVLEkqwlkFVO8GN4N + 4DDYUz/XOiX5qVXoj7CLLlti/FbugzXnNYzbewI3jwA1I31BwACYNKOMd2DzsBXn + oKzJRR5Sv3WsqysLzMzoEztd/jUCF98MqSFw2wIDAQABAoIBAAlrHZ0n0G7nr+LR + D7iLSPt35yNUaBPFZVyufL8yk5Bt6d4Q5hWMfHM4D0XGWLFLXBlfu54oYx9043nr + ruvHzTahDzwBMGEifNztk9jNHEp7Cxbrqjgg2GD1N/K/0C8te5gMgjCV8AzNrg81 + SBh0IGHq90BBoXiIjVwX8RoLdP6jd62f8AYEwGmEPyxe3HfAOGzFNWOroF+CKdwf + dbyFerXiwYJHTkjjJJtj9eFmkvr2RhGCCrw52fEZmlza7M4RRhQD91hbUrFi8XMR + DwM09HoXR9euy0X6jEw+7x+b0XtH8ViU0aG8BPsAv7nUJ/pexuuGPTzjKlTIFqDQ + DcNayokCgYEAy+kSF3LRUwCmI8QWYdidhsEPTuaXNuQ1HJNgsQOht599pmShqyfZ + 0F19NoIc0A8zrVhsavrr9GK+Z2ZzGpo2ITycHQV+a0Bt9rvvz4lcPVmPu2RD9ZB2 + wQ3YalGSJhyez4v5lv9ki+IMknWmy5eFeambTN0sxcofViyAzzKUwCcCgYEA/Czi + eIAXQ5C/FtSD2w7pkBeMUwWQtj2RO2bzYBtCktLiUddKePiDZw0l/t/To06/QNZC + zEbFlaK8S7eZvby6TKx2s5wvxRuowKD+cUm5hCKiOZu6lftW9BeaxyANj2qNGy8C + jjsC3pUortRF20jmW+FJCP+KiTZ3MGJwb6mnRi0CgYBw0MOMq566YHqLATss6W7G + FlxE1/lDimEELVnqtcqsUBZxj+2OR18QFBlppfUQ+8gomOprCeav8E3N4XW/eyCF + pQXuXJLD/gKY5wPX+/RHkRyfneqnm0TIrMNWl0jXwy/uPlBZxXU4m1k/Us50h6F2 + XWspzJiv2ZMa10Zw3FhGMwKBgQC++rs1KUT1HY0qnB2T7DJEtyDFy2QyMGRqCWjt + 8xczHNTbyGGVRhg2FkYdRaQBfOTpFJuYG00OKyXRbiXYBTNOWBq5oeKns2/VGtg4 + Me52vMgBOwhPB/9tcub8QTEj2T0uRib4Uoa0zV/3L7oL/aTAFtj6IJXpnr8bfKHM + Xz7YrQKBgGtxXqNUreYoY5tkBX+YBkZ/BBrU3RM4g2gT8eg/a1NnDN0cc6+MSO6C + WPRriGQ1sNDbfQ1S/WjHEYpbpFlfKD+dmj7Zl4o2BCJ82ptdtFlHS7cjIvo2CWEE + 7XrRDbfLRA66ZnQ2hLKf/0wbCoDHKGrZFecnIDEWSDfr6uuyYkdL + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: apiserver-etcd + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAzTpUpP/VgYf0V95v1RRWrUe3OVswzTqNaZdU4W1EbXQWtarH + gdoLK9wiUcQjkOMHAmUQHPxg9D59ZGZpIWt8l0xTgUcYpl8POF4OTO1oARrlBIVe + C7B7RyG2TOs32yYwpaYMzJbwtvXiZGxVOmD+Cd835aJTAzHOuHFXS9UcYFY2BTS7 + 0NsbDd7tAj90AxL4arRky5wQevX1rqhV7SBBZRuwt/9cbq7pZP4X8TFQJ7BXcahu + psrbAnwY3L8yaeiDtWPafw0XwZTCW8B4ziRtfVDrgY+DhBK4MUkwzg5yFnk29EXF + wS2yarUp1bgFSJcEw+x+ZzjUEWo7MFGt3RV9hQIDAQABAoIBAQCEoxJZoU7n7Goq + 8APu/roWO6dbVmhv+0ux1rBxESGMa97RgpJ2hel6a0dy+QTTeybokVCcqzAuKsT3 + wohnpQRc9GNzxfNUc1Nu5rrvVPBG5o7lIRzrCSBjlJIxnEP5SvFd3bef8l2Yocmz + haB/nngRAUcrDoIAKoyj//yfchho2aazHUMI6DzgbOgvJ3WndgUjbsx/tlwQf5vW + 0xdAs86qStyESR56l5XO1+OQPZoVICdTTBMjrV+t/MhUgnRKXH3L9s+VwZSJPZhN + +Gd/sP+ZfPZnZcysiSJmCrJoFpBBv6RwFFVxwodgsl0oxadJ0zWmoBgdLu9mEKgB + rXMg4WOBAoGBAOD332htjkfGVuc2rUuobbCLpRttlI7GKPsTYWJT38kljtZ7sGkJ + TgXksts5YxjVDtq1flyuSZy2RVf+q6a4BCPSIWqJwyWmVve8mwLvKRJZnQm194zc + yjVSvXMjVuTYqmh7l5XMaCmnc8SpXMQjKypViumpDk5o78xi+MR0D2LpAoGBAOmJ + YXkpc4U2BGFl1yCA3rH4nTl37cKyxZprakKbbvCbptMiCxiay4bYCuoVYke++Wmp + 17APLcqkuDO4UhvBQ2jaspGJBYOCGPZJRM7QZpS8ZSQuNNdhNc4uwVxRPFMMP2GP + YIZTDu0AUEbD2cRs2Kw4PZD84mz35WxlBNjJiAw9AoGANlmL/rWhDxQKwLdD7KhX + P7StAdBaeJfFJMtM1q1+viC1vnmJaAbYc7IJx864czJd8VaxnYB5xkN+w0CChbel + QGYurodzvu/NyPIm3PGckZNWzhbJJJ3euD0yCdP61TTHDpD1UTpd29pZrKRiBfyd + HBAojETMcQMHE/DBOuzzHqkCgYA1jDWYZYPCcJ9Sgdpw7nuhjSLn0XLn6Lvca3LC + 8QbgDqCS2sR2kM/IDHN8NwkA8G4Z50K4cNKMG3bNDR9uk8LUIQk+y49DFyqIFka7 + sRdEVWpPgHTHSdfffeMCOvI9DJrf0NNOGW9bsm21vCSLoHWSD5c2TnXQjIrDbupM + lvEl9QKBgQC3UXpnFPgm6yWQYsZQpjEUeYM0TnIsf5G2ehoRGq8eDXJBsA8HI0VE + hHht1XFSb5aOZ52GgzfFe72dFGLDt0sZRvJjie6mhmQnuKpM7zFSWRn5G3s5hv0I + qIfbYLdJjhUydMnnfh9InKRPaU20Z9nPu5DjWCSbYPbFpHvfBuWHUQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAzLbJMVk6re7X8VhpLfuHSjibPrlJh2yMygd0vqbfFoyOYw5k + klkaS2cumvzWc98sq5Rzu19VjxFm+CcQVoYuuggAQBlAZclajqeK6r5X8R+NExWS + 0U5jr/eNuwPUqQaN582DHFWIms4XZeZhUftm6jpC7qJOxAh6c6l9NJ6H1qZ0v3Ty + vZLtM87+gnV7JcEL6/bnWUIldS4FqkqwslUJVjOuBzjVDloikc71jQN4rEOm3htq + XjM7OdtPAoT95fSnsOeoI/5OiD1QsttXvFtRyvMMVqwIfVc04N3WpFQ64ECTUQg6 + eOeetph1AtlBnoL95pNE1wTx1BfMVSZS3vv8qQIDAQABAoIBAG1MnokhmgnpvxQV + 3zp01FwVcxX/Obn7hAQODRAJ6oyQiSlsMthMiJR/x8tqeVmua5xEi7IcCYN0iCSw + PrHjvKkIwpF2qgJuilImNC53aF7OOLVazGPCVclLBDo4pl+Ep1l/SaRkKqZ0qNt4 + MLfj4aPnbXsZ37Ic0LxWXwosJly81+rtRlxUQSkM93MGhwvE7r0ykkAhBtQ+ZK9X + dtVEX81fbNAdcE9/e3HsS75bfexBOGB435BX3sIC8fYA2NFsaXuD2Amw0FFmCd32 + QlZNy4PB3hdzW4otYpdZn7tpAEzKXmGYJ0/JmbLfQm0731kDDXV5mCltV86KuFBk + z1JuKf0CgYEA9ulpCXv+28y7PoKnfpEzEDeoIG2kawCgzDm3KpNR/RLpjOIe8caZ + VSY/dLE2oS664LNRM7ZOIhCeQMtJRij5kDCakLhbKAnvkleZFi4pNVqE5sAiCIb7 + /NOg+Z3ZbCw4PRtnOQM9IZSzhTQFhZVbqa99111lUwakM7VJ4Zus2xMCgYEA1D/B + pIQwBevdWcNfjk8Q2eF32MJm8ffnjOAQ9VQvLbMX9C7hiRvmy7KpNR3qJfVG5Qsq + 51jVTyt+ehXwVU/USZwx/uSLnTuztuEdTqeTFpULfUq7o96sqCqlrJePrr2NppPu + L0Q+88SVjdzfN3XY1JLOXG2izRfALPG8RJxQZNMCgYEAnn7kSw9KYSPBynWqOQfR + 5IYlqXNYSMulbJNb7buVtMNwIlyAiqj2gn9D2o9rRvotQdI5vN04uIs8WtFjnuLs + mE9q2J1O/puqKqGKhn9pOnN5vnn1Hs4vcXMT8UgPam3UR/2QPDvFAQpoVog3RzHC + HmGlgRrV0P8BZqPn4ifBRPsCgYEAqA4PUicEKzwVWISUfYZnDk0y6qMKhd5HLckg + RE+yx1l9xu7zzu8TsAe3aIJWKlXqG2LbRrCUvQnwK9SBJdt+eAY/o9XsIcPqyQu3 + e9a9ZO0AWuU4a0jdpo2V/nFG6BHYPaP1vOEpgzQNQnU3HJ+n3rCayp5YgFGk7TE+ + Y4jtMtcCgYAoQDeCES/bOwHsnMTqVBq91AcvIzxwYAERSz4B+BG7a/dVHIPD5tQL + YdcPG0pdE+q0pKwX20vlYZEGId3i7cWT4Uc3BztaeigcSL4fEWXUqcgne4h7dWZE + KXZTb6pYrmy+Eg9TT68K6Jiss2YOKkSGkzlcAh2QShWYrzmFVeXVjg== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEApBj4bh8wOj9GPbBGnMpEDaYnVUxBAV4vVhoPitjonHtq5lk9 + mYYYbDwu8vsG5194gCluHy7onMNeQ7Itg2oExDaIPS/bixp55raN9pRiHkzL2CpA + of0MYSZKnyYvanGiz5dhlHz11bUENfUWZ9+ucCxX2AMXJifYOWlTpIS/BjTRge5X + 3YP/vyLypB6GYQJLwFIPXKWO6MX9Mh8fOzhwQXLNAgF4DfOC0WjdLUqs8FVztWrW + 98Er6ALUcGlFbN1eLwNKw7wiN/f+BX9OKXeTpg49xhQd0B7vgyX8CVP6h7qgst8f + FXVT8XHLLwQvKWxwYOajhiHXAAeOT7qzfcKfAwIDAQABAoIBAQCDXoI0Fr/TQaiH + 5kEBcGP+0U+X184KvE4FDiP3MiM2cw9njXXlHBcdPykO2Kv0OtgLMh+40yLhrP4g + D9qj5BIgys9SvKdzuyRv8SHBj5TlUPG4Aktv41cvxyniMv2up36B1l0GNOvRxHK0 + h5sCWW4a20UP55l2sFtHyuxtPuB2pDX3KvrcBFQnMVn1LBUQPXRd8UZwImGBkBKQ + w2xQCuNll1/lykH85OIgBM1a0RXYJiSOfOLHPLODL+Wcljfz3KtIQyejQSi9H7xV + ExBx/QVSFWfalCyiyySjdRA8c5PsGZNXlYKeEcmrTKntdg/+wrz46in3jrW8ZSxi + 46tju+hRAoGBANIwlL4pjQJZV9QusBuVBqcGtcD7Ke8cPEdo1LX+V9m67hVq9kOU + wn04ZH1pv5lJ+exzvpsqMrpxDl/YsiV9R/V9oxnIruXfaHEm0gsoFkO/UeQGDPCW + oaLR9vaQZiutIQkl/wn42jM8vMYsoP6MMPzi7Xiu+YONmGVr3UkI+6kvAoGBAMfc + sxtpKJes3lQIC7xtQLPsGpT35kdgK2vAsXyrg/2LtM9+PwPXFeDBFPAJ0ENBqtV4 + LYe8HENEfFxogOmb2ddVHWc8r1Fp4U+yxn2F72b0qul+7/bsJKACTKj41k6nyfL2 + 0kXeRnFqMCOcrC2JQyls3Fr4w2AqvguVnA96jEptAoGAS0xoHO/ZujuzgSnwoRD0 + PyXiOu4/iY998L8XZNNnOXMEE9wruO4z9pQbO+qEXy/nPtQANqoZXj1ePuvsdg25 + l7KYmYYRUfyE9/RGTwTfZQnHFn8sZ4wu/5tkc9QrJf5x1UstYK8rzCs4HW6jhk1G + x3GsTQ2yCXTSYZMQxTdYoLUCgYB/+UWGS7N+S2ahD/XT1XEUxB3RPVrqYR3shRog + 5gJCG27PXdsjrlmH7JpniSEdr7KftbARtdWzDOtEkHXbH7xBMXL+Y9EupEltKuAG + B/jfR9MYZ/tndJWPD2ne2FcBTlb1iC3kJwucG45vfyaQkc+7esUuSxNvRG8kI8wl + 7SZfkQKBgD2f6q2xPkAAUF25aLZz99dhfj72DjzcHJ8cXHpuM0ceak2DoPPg8eRr + e4Pp4hScRMSYpUcdnm4XKK78oqWUm8Y+vKSA4vVBr70gAMb5dR9znSc+jOso59EN + oqKgQ8AO9hbP6PSVals4V2PhlvYHW7Lj2pZmxJXG1H+EeEG6v7q1 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAzFu0nFAV8OqkPuNZyZT33ESrMZpt+/hRDPYONkabSfdqOeZ0 + rZqJbYoF03/3BnUYRwKxOWhT/cmcMZ8pRNVADi41HnLczxi2A21p7R9w+0W9Vf/t + FEteFSg1bg2jlPOX0MtpwtsYfiYku8y6dSXi7qBTbWy0VaCdqUjhnYCYWZ0pwyuG + WI2Fso4Uui2yybUIWVg09y5Lx732Qu3ZpOJZl/PuhA1sm77aiq/Gq6hWl8Y4Csee + +vlY7fZ5+TJ+up0cWgaxeFxSn+uqP5qjhkYr//tBHquthZ/b4jNHFOTE6EvZxLNq + +2yzk+sCJTYV5g+AmtoYMYf9JPP05rBkmn6ErQIDAQABAoIBADK3u85jjd55zYOS + FzGRWCaBoF8yLYOwcCUgWAyeX2HvFp0CFgkT5nGaJLIF+z/OBdVx1JwjyVyeEba7 + ApoDtt8OFr7U0PpQ7rNRD037VKX3+/KBDszPm6zyirgiiGuqPQ5jvX7Ps3dzbgBx + 4gC7A2QnxCzPIr5xm09tOBlH1ge/KPbwh3ncX5tHp3YBexNkbrVBulLk1ULfg2YL + +hTtDCEZQisFqbAwKB/oU7F6A3CbJ2Fpf1Zu2b0yRWes0M+jJ9BMKnYNd7avJbvU + 98uzmXNsQcFMDMapk5hGjUFomL2a0zl0shVtm7WFU+UKwxsYe4SPIVMCua81FJSI + 5RgKKOECgYEA2aCsZMlZA5F9SmMR43r7+tWLElZAFDekbkz3T3WKhpPFwy0dmrdF + f8ELUXmQ8c0BviHOndWweveN2Pfm5hHnXHnzWrKcxJQNIdWEwXqPTC4XS7V95F3Z + 5rULO4HWsIzYXZ5uKzRvX4Qb8AQqQNU70RZtxhg6wpy7DlizN14UevUCgYEA8GQT + FwIGmuiGnnbjIZg7tAquLsD9MsxqlZUM1yLQAkNyQN3XVYXR+lIEONquCToI/Vsd + um4TdfjdJ0MlJzv/v6neobxCMePoyc/EI4rRoPTqQGZlZEFQCOJkccE0eynM5xf/ + Bw0ExVnwwxylBU8ZHin9lKh/SNMRATkddsFgP9kCgYAuxLzHnA2pGqcWSVwayt9D + 9IhClI6Iybxoh9nOFbCDY1Zor1VhXmltHwtToxBnJmttdM52VOnsQy8UpZHVd5uE + 4CBQKXpPNJHt53j0K2aINI+FEafQX+roDZgwXaLJpjsJQ3bhig81M6rdVcfOzwRf + 1rYYkDRwhkYcuysohutX0QKBgQDsyQZswVgUOjpv2Jc9viAA5gxQjVRaNzQ9hwWQ + 2/+cWyctcdbrrNb6BNOX1P9co0e7l4ae3lJY//uG8wKjtNvjxMVA9pkVX3MrZnXC + tLhsHRKowLPanuLg/W8HBdJWBwSIFQDlxxMN+dvHtG1v30vUhHP9fEN0TkMPu1yk + XzIZcQKBgETM5dgC8M/4BHR0wBPZ+t2b4CXdBphJ7hCLwblSGAkKWvr1YV87Ef6A + ZSgnmNPRqmZAiOrSFG+IxqTapm6bWCzmi19G2IjpYT7MyDmQxM9KLt9RT3TTCeB0 + NZCWWvn4xCEjprSx7XmMNG1NE7YbaLTvz/Z0C6WWUOw0bdcZ6VyH + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAwWXvCJ1NjiXtAawIccRsbUc9nNPr4wgFBvKa3EmyvvV04Hi4 + zYmIQveQZwUS7vKLcUctu9MWkqMN3P8bLtfzY7Rw+26gt2fPhZKhpQg6W2l2r2s8 + vuY7wo2JWzytOYqYIMXyHOaahKbkAxGhLdy0ccGkv5TlFs6YxmR9IE4ryr5MR4QR + 6nzZh/brDJ4B+FQMOf1l2bRbgYNxrp9KjXVW52Rz/KGBOtysD2zXMQwISX37nh4j + QZACJfW0SXmvDoG9hHFkHizO8rqKe8H1GbECcbY4z0xl9HhAm7E7Lv4hDGmNCFWh + hW8oKhBy+jPCqgLZFR3Knqlyw1nc0avTQMiYNQIDAQABAoIBABXodiuDpkV0BmUq + F8rLdXzrlQ8u8onFXsxqryBFOPpo09SZ2FVwPv9XDASfjoWC9Ejgx01/nA8AaZGf + VHT6AZhJ2IKjBZHBMMDw217Wj8XLLKayfy8g5aQkZGrxdK4QBSuxQLwFY3ujbDDs + zlVjqw034nHRbCIpRSU0PPhr4ooU0grT3YFk1ZKTJmG7mCjW/QEAWUI2QyL2B8lL + sqXWTk3X0gXPD2L7mA7wUMmzF/YGWRwBG7YulQyUxT1xo52w6n8uJJ9q4IApUYWv + coXjknucm0dM5oxZQn1jcVxQwBIMLCeY554RY04XWOXe/I/OzLhdjDGqs+dzdIrK + xmGpIAECgYEA0JRuGg0k97ROYMveGQuQQ7rwZdyTpzvloNvK0rWqWnDvcWdmyDMO + d3k8O58edobQEntg63RPOiZ+T5eCeYJwJqWsTJ4GaWFi+QRSkY4OPYfThKwP9+2v + OrDSm1eVnntVKj9AdcDFwlbrOuy9vQVxeE0mSYvyHNyK3AZaWQPieD0CgYEA7V3q + pXnzx6PoyG3sQia5ppDMGC0k7v0GRc/zgStYovC6iC6SRIvXNDk2ImWn/q/6oVSX + /IQSDJQX4dw2EbVKr7HIRWC4DgPDGKxeAJpSewK+mp+kx6N7RSLw39mK12+N08JJ + nKGXsfsNzjesAdKFXB7JAIxozHKxWSFpKUHhp1kCgYA55fnqIVvxpotbMzwjl6Ik + KvAwVlpmQaosTNawRt1S3aaZxCozyHhrkau2oSTDogiAGN9+fHrBmY3Waig9soeP + Ms3xNqxw9CeVGC4TWWt6iQmd+mU0XTYXBJ5xoI5Xv8SURZqPFUPP/nCtmqnQnoIw + 8rl+EOrUOCQTj2/k5b8nwQKBgEFXnjWJWcN2aqlqISSgtnCU4aoyGz2y55wmP7kq + Lo9ER4UflOJLwKU+rplPdKyW0x7AQ8qerL1LsztYvIWpa3LsNN5sXp51CKrtID94 + PAZi3geAtQLEDTYeBUMKBr+BlQBbNpponXLAUq+XAcHKqy2Nx/VfsaW+WPXZTbKu + 0SiZAoGBAJYczFXoTCs0PrJ3p8yH27QlhBmbpg1IIyr10fXZj1e4BewAq+DRUTYH + 50WDIYxEtCRBN00gHKIFXCTpv/hQAKg3GdWc4TRxmV7+RbJ4GlUx3PKAsM3C25fj + 1yAhdVZ/YR8iGgeXqtTEmlJ4iUUTsSvf4T7lZg7hHZ8wyc8Ryw6C + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAtQAdNKei/N6U3iYuzNQHK8/94nTkMhliofuKrf3qeJLP08Ue + iWe6inKo9PETNJOXw6WcIjmBxV7zDSZGHDJgiVErL2uYG9sdCxxuMc/FloATgS7x + jFcwa3ikyBhOe4E7OUUqPaqSl2XoIK7qF7Wc+ILc9smS8pds64OKhcKF8j+4/Z5D + 8pl0zTH5zXDfDBsuM/1m9OlI0ZfNO3OjeveuSgCIfLPnX44WHff4n5gTKp6xY1bI + IMluarETtvWZ3RDcK9l/os0GB3cU7mZ53qkXnubz18DqrrunXIHgc5jBoj506zci + DwYYI2ufobPvt3xlaCkQWDhNugILU7snot3EmQIDAQABAoIBAF6OUbOZQ9dwfDrV + natZtOlZfhuYz0Gw60sN+rPMq3oT0EikeMB1lQkQv10+t7bGyAjocnmaq0WtxbF/ + 5i6CztXNto7OWadrv293icWx8loeTJI3MO8M+XmbjBIQSKfSqlrP3DJc8rnu/eZd + GmQKd5eH3eF7Cq57FuauUGZyacFUURuElG0JUaxQEWAIXgWrHHSLebwiOrm2Bq8M + ZEXxnclKLFjjPtYWnGc1uir1yhrhchsrzwbdS5aCFfEt1deToKM7IQlozBGhp2cE + GfHu5SE95EAtuuQ4fu8hFj7kBwLRyX8Se7schtHP7CHgKa6nlGgDbaYjUjd/5/GL + qUfaC5ECgYEA6kzQoNAE7QxiWKEtE4QVvYfiYUT1Vb1ixyDAf5TR/c0fQGmdLUwX + a68mZeQavyW1grtEpU/jXqI7DC1o8nEwFNSuoGOxdHaf6QUlIS8pCmQFVNu5Kv3I + vlI89XwlZmxfxQy/t6mgnHHDVo0Ig9JdZjUVW8gFaSQBzRrdQfPt1u0CgYEAxcOU + wgbRpPRp7QHAOWcCDU8kEztK4a4CZk56vJNG+QxTHG3dusLuBaZSVEyhrqs5YFS+ + mw+OU8Sewym43fcUScKtfagHwA5uYIYaRTjOkBENnwdhhUdrQZL0NIVYWVtx3DII + Ztju/6DT8h8RfWLAp8sESig+BDdaPIV7aFpG4t0CgYAMGDEAzBwk/GmrN46zHjNd + GEGYUc30QhVyP/+P1mfMmSUO1yTU7MOcvGrYAaFb0p9/Axm1Ct2qyecQZtuvACbC + PIRTJTJI18LDbY+QGfYdYjJgQgNZ88XEBUy+Q01O7zM2YcUXvvraeIjj093nqBlI + KF9U4Ite9QvewY9AU04otQKBgHK5DJip3//zEWe99kbWbKhP2ruVT9EvYpD6wdSX + EzryXVxGl7P51J5OZ8AjXD+5cGVjg9br5ULO8tKAZ4/L/2bymjYkvao6NOmloaO6 + WonUerRgUcBBOAUoPKYjHKdpltmH5LvU6IA+SfVQ9JJqMRyldu2V/rPvcFdfj8Fv + bWO5AoGACvhyk0+IGk/OItXndGqUr3iu6PFnMYw9z8GZxcoiJ0wZshHWq2DYj90f + bOazxgV/E9OI5veKpBxdjwTnGIwAnuPtzaWg9R2fQF8kGbRhJH3L71xaQZVLtB2J + /wLd8xDt6vCSOgJjQH4nzir27wOD3HR9s3b+XnaCsiomoqBU73g= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-genesis-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA4VePUsY0irlTqkAOiW5/NF+pFi5lyT0eR6T7qTpvHdSX4fSc + pFOvMAuFO0GR0SY+HbKtsJyeRlHolMXJKA0SmqcRZIEFG9VeRf4vm2UPhf/TQd58 + xQ4MKoDwcdv2wCchIQIzdi9Ay2L2NlxiDl0wuKqFKJgcaG9HCrvaK+c3t5/1ssKa + lGjxx2V4xset7JLs4HfgiHCTgfDvbbzqR3X6L6jCWQp7D2BvUSuoEwIDgVgs9sSK + a/mK51vuiLM2ReogLftfhgBdPK859FzUFoKvCD9JF8rFuZtQLpXs359j0PBneqrZ + oDxReKygo5IN1RqW9Ye6+i01VAdsRYnOfn/i8QIDAQABAoIBADdQPe8slgMjYMUe + ujLD+9eIT8IRG40dQoyFk/zDSjlBURL272hq3krl2QtlmfyD7aVukbITj8plGrlC + H5GEO/fYYK2R+gYOBvkZXug/E2NqG5pEmc3pF9VrFxpryxL5x+kJWEZ/bOE/5n4L + iUpLV8VMnikLxZVhE0gwOmqidAvPcwLcw//nbIw+KQV6Ztqhb3TesSaN9Y4JHzaO + Ctu+cs8N3cEBFPolZzZQflC4dsxEL9bkBNidn5A7h3ZMK1hhMaVuwggjfcMKjeD9 + CvRtU+not07usvjdv6HkKgFlVA11c75B43n6ycTvgZh3ukGFSItMcp0GXcg4MF0h + Z/fe/RECgYEA5gHHAEV26rf9n6tBSEzXvWLADCio3DaV83q3Z9pWoEkghCWaDink + HQhz1x1TlmKlz7/Ax+PPQ53V52oa5MDG9sZS5yBJ6QsBa+BmVPPov5p3MK7cY3Hc + oZNMkoyIZhmOqBMkG+E/3RyWmKSsoKJ0ucRchmUjuC91nD4XszmiuQ0CgYEA+s7S + +lXkktFMzpAJZDDz8o21cTagS+0e+HQXdAs72/wyExfpVhKobYhMCkritax4V4hV + s9l9zjAfyeMh2Sx1e1FG/i76W7XuRZBHuEnzaUpZJKcnGd1ucDtElJc97JjJwUFG + taoCC02qAIxw/fmCjQ74ic6k5yIWaQgyg8SykHUCgYBsW6v/8bnbTID85vZjdGgy + /cHSOJmM3V55jXe4QoGLE8hw2TIhuBSSpPfGATfu4lyRahoNUcLEbShn1HIFENjr + S3WlE24ejyPFSbuMDDi7g67hTY/gfbTengF2DST5TNMLVbEuPUkUBzLfiL0XFFH/ + boXUfvN8A0faKtqJgf6qRQKBgAE5gU43nSYaX4WirmkO1CIbDwe+fIniXoRYDMVE + SMaKNLRjKYCCFtByGezy8KhybyP+RmzaYwLeuUkDEuc8kFZJz07ua8qG2OL+EVuV + ANtCwaysJES8EA38PBl9o4/ELzgCWZYJfnkPqATYqrSSw1BtAkmp+KQoRnO81oJO + M5EBAoGBAMlu62KXx676BNZ6Of9GJxqYVVYEXqH8OJIxodFOGyampm3Oh9GaqKs9 + qBSyjq5H3/cM93dDw1PJ1rzxBYx3Cm+1REo1Ry8x1vVUJ5dBdf7KDc5g59WccM4b + F+vjeJ45ZQHC5e6kGlHl0pogYIgYlXbwiIMOvaEw5n48P7faybGy + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA75RQIOyAyNOi9tOMeBsNqG30w0VXSm65TJMQysB4kyGhcQ9Q + NbvD7jxdqUTQ+5Kj3wN5u8TrNQ2msc6NSPyiyJMulcPcAhZGvrJZVkYBKG5auiXk + rxICKPVPLQeMA60A9Cwp6Xl6zE8bVtpv0cvfmnvJhwgF+aMD6XqGp7cwDio1nZEH + 2n2f/cYHYAOhF4icrybicB2af83Iyq+R8551YPdM/6Vx39XNwuhtmyuXfQVltp47 + 4uhyTOr3xIbTXZiKI+VarZirBdz3QmIPWBCIZo0RF3OeDCrtEWpyxR3Kw0WJAjd2 + g20yCzpNwQsZ/VYuDukdPFjPiT/HwCZY0pCBxQIDAQABAoIBAQDMvqtb98J33qY+ + 2rwJSNV7Q70RxIi9C7NARc7r92EUHIGj5bpesYDYcK56ol0XIlL5nDbEyZ1ZUblL + 64HDBmT3lRES3LeA8Ri0kCbZHCqRKv5OZ2PwWiuOZVas3O5Dle5ivftzlGXlhRWQ + PE2jtd/6Xh/0Tl8M4MvPFO9PFbbz4mc95S4awYD24aINnx35g5Ao5+itqtJDn67N + Uj1G0hV3aKNAquYtx0mg4pqrXsSRq/DwGdHifxOQd6045rFvfWiJrM+LPTJLyoDf + 7T4QXHRX3zoFonHrE0OMHkGeT0heSuf3HRXya2aPwx32rE3APdHIydzkbTZuW5f2 + ONJ6DmYBAoGBAP+Vb1z8kN6ZUAPCOTWVW2kJSA+adIeajz+KtEFaChe/WsLCTgIe + PPad4ZoZzgTghjCKdFRUx00BzoxnIri+9gZG3DJB6WLdqP39kzfmVIX6PqGMa/NI + AHZD29b/BBM60z5rt4MsNR2WQhuTwWpGpOEVJC7FOiayK1VW+SIpgWLxAoGBAO/4 + NHsTPXoDcGDvzahsxz9dgW0eVotQqrl1N6Mf//Xi2rC85JZd9zhyTusi6I+lvu5A + jhY7ApXPSHSmZVYoYo+IQDiVKmlayekPEHNWQv2KPOASV09vaxU16KUTzK2PvqZJ + ZSk0eZog5WlPgOGRtTQ6CTYR27r17rfg2q4uoaQVAoGANJ7ap8VkOkBMZgm1559R + i6WajYPaXBTpS0bOZ+oWy97c295PW0ZIfOnyidyoOv7TAelvm/E8e1FU6jlNv8Wp + N4+dREenunAym+B6T/b/DfqArJgRnawEVFUSTQiCGUdyOJbK2Jngca/++liIaM4U + ojbNFUgL+e2S2GYosuzis7ECgYEA63RuihRmzcFyEqs473lMRzBIPfj2kdukqDQL + U1OionDkg2XUJHYujIQcSzsFVW0b2kodIFLmRngMb+iUpeUaUBswaFR0OMuMMdFG + IuUQ9hUdhf55DMgWGcm7a73xpprURfTd/YAvkLuWXa5Ulv+Q/J21TAhZwShuAp3t + 89ptX8ECgYEA44vzlrYjdb0mWjFIMp0vJPUi/M/n12jizIMCjGadb26SL7e20JaR + 42ABc4y8k0MKJAyLxOFlwNwRUr1nW4vFEEAIn/J4lpJwr6xT9EGVNj6wB5M87OYH + euSzHoypcwqO6CrGG9S5lkgbGP6DDipykUKxkRSv2BrrjF+8glNez1Y= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAmRNFwhJccdLztLoVMpx/kjxoeW9ukii7F3MKs7rVPtIER+a+ + +X8IIcw0LYDwVf7VW3coDS9G5k7m13cvAf4N++4vmToUAi4zSiB8VQG8AflZU/xE + 8BAE19bllmG0DfaTmr0oX6XESsgAEzxSXLjouivHhBDbe4CNhvcGA2eXZeJTWK8e + nFfBBWfcoEeMRA4HRvivB6PhJMmCTKkCE1Xn0VM0lA3ETr0EHg6I6oosYbT9AQND + GKv3ttzYoRhaVaMh8bC5JFtrsNpJ8T6iGOndqHgxs38GIRbxgRZnXfoB2mYfzZW6 + Uhnyuktdkei/kcDb8KAl9uRkNq8a/4lyI0/cGQIDAQABAoIBAEzTe2NXy8Xk1iOS + cSkhmnVOlDC+WIRKpPuz5V8nGfeZeESN7rNRqkcsMdPUrsq6R2LMfvF/FNpqJzlk + u9cIJwSWGpWQrJIblepSO5R+dlmXR9n69q51m7ioRjofdzq60oILBcRbchUGI+OD + luKqe0NUzaHexAlMD7v5Jq92wmmDUv1um1ZjWa6tQapRXrm4mpAoY39S3hIYkyDK + hgA2bSBtpQOFM3ETyLXIBPviHR0zRZLRcJUAJ1ZruzspU2PwLjUcMnbKS1vNigO0 + SX7G+rdwmj1DfcloGBGKPsM866HSqqES5TWYZMkOyRwqOHsx5gWCtDjG/1AubfjL + 2CxUSTECgYEAzAAzqgDhNAjYrIZPOmx/Ywc/gbkY0zr9RbvD3jDlBK0qcz9VUgom + bB2WfxYYCimk0MGi6TB6cKJa4DllSBtBXe8g8sCkxyc0bSdFUEc0br6duSF1oFF4 + AWnv3kc76Rud8WygXNEBbG0pxQt66nVvGQFBu0GrMskhk9VwmlUbEn8CgYEAwBf+ + u+RqgISViURxGr7AA9mWN9zkbIwxn+XvdE8Oz3mAiWiQysJOWmkBT1FS9mvdOA/A + dgAY5kMmpZIo0w0OiFnGej+ANPmHrmRvFVYsKOjU0q8B3wBr5pUX5qkg60VZOPc4 + v6kGot6Nk5VQv/3ybNvvymmMEPalO+SQkeGZFWcCgYARYbMFOS33EQnlKUx23ee8 + uFFg7DSBSvVpi6YUuHXLADYtu6e5ZcQAUkUQbwF9XC7+2oDW/ZpxHmQ/1qQakLfx + GP7lsCRaE60T39S4ElkVVoh5zbAICOkAtdYKSmeAZSn/+BFx1x0X7/UvJNtEPt1I + dCL1oZLEsP57aiQ+AiJcYQKBgQCSQTK4CB92nnvkOXIMNPOper8+5TYd11fpMH5y + hcb2/MF63VxwpCRX/d77byXFbTbPel7E+Sn8F2CTa4cdubE463GMnlCVBO/jPaC+ + FBAnTa7MgmbgTUfaFeZOvrLLrs9R6hkRBDaDRwNwPJ1wsH8llwcpi9cTC1efFFVm + XOfbPQKBgCEy8LhhiMbBBUGV7oCk2YprBvbDmqDQTkrMjDEgcNPeBJbwpkWgpTf8 + Sf3FHe8A+Blp6lmVLfxzKNBF7zxQ8k+Izb5OKQv4vgrw9vavlKB3fOUnEnsxQ/LY + vUXRkyo6lQfU9r+/KnrfKbNUHtpCiHN8OYQOO/t/yyT7BB40Ok+r + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: kubernetes-etcd-airsloop-control-3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAwEVcuvvHuKwp5u02UgPPy4RcGBzBeObpKGQhuMUch9ay36t7 + 4OoklW9GS47X4vVFMVTMmg09MvVuVpHRMG5mLwmzcpKka0TnBvc5lEt1LbQqBu1n + FzzwivX4uzfY6RTThDmSRRV7N7By3QyWDdR279bQht/W4WAo+L7dOsH3X49mrpYg + bAE/QQBMs7bvsNpVgRNsUVf42lC6khGeGdF/SU2sX8LH2m0HudjjTOGMFA71wCa4 + JpEAxdsgKPc26sSJSPoFq0Ii3P58gQZ9ALxbzXTQzQIsmHD+HxHs6Xh3JKm2PRtk + eexMND3GPEJfgpsaBR++zyR4Pwp55TpQ9bZlWQIDAQABAoIBAASkJ/7jgQi2LzTB + 2SPVr7hr84UpfIocmNg+womhSHUG+75md1EQld19mCbOxetWnFr6fw3g7+9A+W7h + ijkvEQxloY1MeOeV/DWw1hT8VVHLHZCZPnnTIMNZ+K0cRgIqXIi+kwdT42uOuNcZ + LK4cyNo1R0daM+ew2IxYnyKB+CS4WL3nmzXZHl7BCTHsAbNZ81xeH8EM6H4Ov41d + y+WjHHa9Tvvw+Y3udVtkeYUMp9Z5pWDOxVWMfzE58rYqwiY5KMsr3EpIQJ9h8Qth + yRYI/PInHjHsPHEVccJbO0YJ479Krhf1AdAxGDpkuO+2l9vUgkooj6LL7+Gzrg9H + sGmME1kCgYEA4OZa2UijtsyjWqgh3ca/qETLv6STL0HLs1qb1Q16FsOF5s4WXS/3 + PGWdMHr+z8bhBYXDnlyrWMK4e2Ltdlsh8Lil55IefaNvsqAO4RP2IfIKDiNhJ76m + 94ZtLolBERcsBO1YbBDYuEmSHxCdkkmcN/gK58M5sBUCWz6CIxrvD08CgYEA2tvq + 1aDig57bLHghl1vCNRz4XN6Akr6CLbYb7q6lY7EvYa90giUeM+OiJSRiwPkdx7MU + wbTjRVi3NHOYbTn7bsK18bx9eJ8W+OqKyjwN6mFk4OqcbdIKSz2KQ9WChJuADr2f + FVgZqLZpF2dFEryoc5TfePiRWOPfYSp7Ymh0VtcCgYBqg88dP7EB/7OSWTUI83uM + N2EEV+65oADY5h4N7r8XDu1ZHdwrsG749OtYrbgHMhsa4Xp/g0ZH2JlFHtp2hrzx + ZJJ2tZapTIG3aOUDJtAYzaiDf7AhAcPUUZ9ePfVKId5gSwTo0aXCyl1hRx5JzYEm + ZNzNXYHx6lFeY6GA/N2iMwKBgQDXMTtDGDEAx9arb+dfgsp/HOAbuG9lWkp3lcL7 + Od/HGTYEb9c4DDUZQi5xJMixA4FDlRLIsApzahqhSTPL2iIeMvdhHDumuY6F61/S + H6BzH5ZoDGcJGGgkuPrVXf86Ugdk9w+PlhOMrubAKztgg/2BwBTHRmjrpQtD59hv + 11Lk+wKBgGftdGW/rZrNQ62RzlGoX6pf36RmYUHuuSMvcYY+tQXQFiiKITOS8Boe + DV2XkIQYJV55GfGrji1/DzCLEpc2p+j4oQidHgz0RBlVZhvnlYOk0b/rL+pSESF+ + 7+4+3ikPebpCHFgK+/idy/fF9Ktv2lt/BOiUj+TkQNPtaC4F6XcK + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-anchor + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAv7tJDLAdEbsARNL40hcfaKXs8fD8VGO5cMTiDiAh46ZDGpKV + heOhxulDbWL74q+Q5L8yYt+siPGa2C7FxIklfrbTRqFiEEXwyykWEHqjA/qb0Zft + xritFh0VcDvGuq8Ix8WbZ6EPhKpd4UYs2eYauWh+SzYTzTqAwW1V/qHrHEu0pdGb + DLccwC+GgNeIxNKpZrmNdVR+BFJORQjFxQ2YjoX9+jGfZLM+QaAeE+09ejV39e89 + epvPGdHGEQ2yETx4MNBtYZWvPDiW9rhXLUWlHu4N812uOkMPfar2Abtyx1JXuHr0 + xdXbCLZ6SP/Rr0M339BhASJ3e6jgsoAdkyRidwIDAQABAoIBAQC+fPxetrqq2vex + aUn8sSxrdC6tUZfg4BNljrZpAlOpMY6J4AjeNQKN9UMgcq9+0J9MJQmSYlew1xnY + nt+uG/Q8qLfP/JbJRDOwJOnfBXjggyQ8YI3EWcbdqZebIkiXQT+f+xwjIUmhrQII + xwfYlV0HyGFxqBCUXgN+KXq+uXA1cufvsPcXMUswzYqAouGRBdQQLrKTY93Gz5F9 + ORTPHSxEn+c548KeKSjcso6EIbCHfFHyUQ3ECbdZu5xTd2i1vN8Id8kNrNApjIzP + bI9ql9cnjkU4mJA8sTf2+K4OVHIDtxIbHKNBO7doQhDyPkHVZASQ9/N363OYyGL9 + FsnGVyfBAoGBAMsx9ETzTLcn8WsXQiEIOAyjCddMOjMLwPbeSdLZcqd5xYoSfI4c + ANRVpVDx73J8XD5DVG60WoyxXFjjxhjXOuUHS+lSISsS424R/EvemupFlGVnUTEC + 1s8Lag22fc/ty0CYEp0Kl6qhHNfYr/9yaBozMNaC+ZpFPQi8PFQwReDrAoGBAPGO + sN2pySAbDgh8Dp5LDyi1dWLM8zkYSIZ/9iRNMpjg3lmSTJ/KziDNBBlRfD/GGAhK + IsflxfrWeKx/E1Z+VSjUECnUjRcGNkdjRD4LjE622xopWz7S1C/utmXcMzlCe9ar + d+spjevSCHDBt3HJdiR66K8zFZnKhSYaNYruTIGlAoGAG5ApLHk8fNPkQbyj8csl + n0E2gogKlQYRJOu+Y+WvUdyI2VPspXJTAnqjtDk9W/BWqvODLok0h0U/26b6JkB7 + 8rlsqLfFXAxx4Wp7KOeHaCQMHz1GnDlgXjGUL0wEAQKmwZpfXAIl1LWKLhVsumAQ + kw1CoLafmTevMdIm9NyffgUCgYEAzL1g88CBFJFZ558e1NRR2PNUt5V3YiFO95Fm + E4bLKAEQ9WKnR5kh9XNP0hXa9kL1A7GyoTQEBoPabHqY7WrOy3hS6uGZZLaDMybU + JLKtDdq3AwmiqTERYD84okVttU7AoEddsRjbjdHMDaZj0jIrzOfQaQ8nc97P1GfK + kiNA/XECgYEAv3tehU/z2W0nJfNbu0uiI1TLAekp80tPsA7kWaPrFHU8+bLGlgL+ + hpZ2E3Iv5z+vA3aaSdtB6fGoT34DTk+DeZhs3ffjRMZVmp6TsiVk4jn8hN+Fsu0b + 965lIJr0L98Ek3q93MaK5xBhA64dWvHKV3gZsGSMtCBa/xKlHAvdrYk= + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-1 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA1kalCvhVqKk7G2zGm0nptFpqNNhWl4mU3vR5sS4loRvXWe+u + 83qjXsWXwMDHUryP5/97H2mlCDjTU50McavBASPmcaUcwdnTygc0IKKs1idZNexe + jY1G75xBJpguqYuo7S5SEtU1l6obmZZralW2F87+xyvl2dCJIQUw1tBhN8bhfV9Z + TiZKVuC6dEn36fn5w8fQNCIQm8z8OhoZaA3ILjX4EoI4PVVa6ZKRHIuKuXwByoWn + hz8zcwi8BpmffARmNFbIaVwv4M63PzXamo+aMw7qlztav6dJdiPjfwfHwpKUyfTL + QOOkY4DJWgOJNKwjaRIwNZjdHYxhSe+DwgbDkQIDAQABAoIBAQCF91kMiMKVVmjb + 9qAdSpLQ7Y5lR7SrvZrT4imLOvzPw2Zall3dYBlwET2Vh3GXKskWFUbXFufVQiHt + rsyu7OEYY2eaOc7G6/db4jEXDl3c7nD6I7Ph8CgfeqPJC3BxFB4jW8h4edCt5+6l + kcPKkZftPr9PqwRjr9tsR6CHTXTat1nq8tO2IXehMsTZoMVseOBG3RP35AUanOqI + Rpj4tfFVLEbxqO2QoY640DUQv6PBBZFhFdMvTwnOFWooStSNiRZZV0tfI+24IuF3 + BOLQ8vNhvMmHu+BhuuYeWQeCqUntyq/WpynGSikxux1abGc3PVFSCDP0aDxylxkf + boM5NfMhAoGBAN+uCsDJTByKb7HEPthHBj2vdDgiGpIesazIiTyYDMhk93wOFSzK + kxo89XBf1yzG3I1e7nagoE+T+XpyO/5Hirr/Q4GpRHR1yoDFPH1wQR7vjnCL5R5E + 5C75xy118spruq8i85jckwbw8qbUqlQBulOwJJCUfxzRZAn5YYgxLvDtAoGBAPU8 + wDrYUP1i0Anls9WXcQ/qNRybSE2gXpe5VZM0WfS7oEzfDVHdTYi46pCOMOilbbG7 + lKpKL2vXxFe/sduuxfGEo0kCZj/46glnrZp1NRnBVTIz/Tp7kPvp17HmvR2vFZc+ + 6+bFaDkB6rJJggianklVukQk7ekqdZ3P8DhSXpy1AoGAJR3hROpiSd4i+LGi6Aqp + G3VQ6LuoAxU60HwaYcatYFd4xcokc2FOFa2F4NbWguSg1oipM2AmGe5pGIt6LxC6 + EZuoHQz0ggrFxqZ0CjClbbe8wCpGo8Y0wyLJjV6kIjjMKqG3IGeBskYrTcm+VeBP + hfGVr7Qkf6izXABY0duveWUCgYEAn5OBbokV4lurDdWneIQL8RQwrUWp/cEt7EKQ + GbKGGocAnyTBURTU//N7xsaPssL6px1tdoXBZ8ZGH+c//7gxW6A4dCiYimYZPDd3 + srsz62dvXbSQwb5oMFQQo9WGF8u3G+y4qjioQfgqVQsaDyk1eHjNNMxm90NGt4L4 + SF3o7MUCgYABJf3pog/g9UhyvmQxvCVYa1P2iAbRCGB39eXj9Wg09SGhz3gUZ7BD + Ssfww82QItafhnvIjxxspl9n6VKutpiAmRLxsfqqJuWlICGHdNmXXVMrS4bIbsAG + E4aRWbuc8pceMuvyHXAlHYY1w+4xPQY65JiUHBpimU9gBnn42pqO0g== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-2 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA7I8kOTaU07L8EuVitZ8A5JuBg21d/jn4M5e1ShWYADDMTkjP + wSm0tZcIdZSQPZe0xPckzMu4cPqiIRxkc6ZeqzlAidJFiANEmYcQeUd5kTTm+xm4 + ywArtkoJ1yvVLtsZzugxWHMVgdXPW0C+otC4fdd1vBgmWB/pBdCYjZ+FdYvD0nAJ + s+Q09hm9gEj/AcoGvHlqtETr6uOzY9k9R3eaReVSK34o6Q+r8pZkmLeUz12b57ZQ + EnQF1OxBMZe3LAmqkCCvA/2Um5xlN5SNU7AgrfbqOTx5vna3OKgs6BjEGj1TjOFh + CtdDqOA9Qz6Lk4ySnsPA6Suco27Qh31UM0SAdQIDAQABAoIBAQDBxJZVTwIlTizw + hXiPcIjYuRAjSYh+X5mRGSlkX7+8GDyhuz6B6NmfDPHe7iwgZ42o8Q/xuMWBtars + GEen+5T8B893lQdjW9nrMBksXoGTkZPKBs25apBjps3ctIjQ8qN3OfaBjvMFAM/y + 3VvKHdGhMsW7psRx1uGW48Cx8QLuvlP0kKV25kJFn4mttZ6QRR8eS6zlzxYWlUU+ + YOJommUt5ZulDGNX/2X9qVdJ6bgsG77I0RAmL90fVo7nkILYSNNFgpWNgM84PBEf + ErjyXsjiXqc5f067CQ6maBFPBfTaC76GYJiaXtRuxg0m58uO7QGiOGqk7Zf8edbX + KIWg+qfBAoGBAO509/Zt2T5LAtQKGi3PUiQk8iHtIVNUvhXl0JKYCr0axs9VGCG+ + +7FZdfOt/2/VcrOH9neyDumVvrds0zjFQ2qb6fi3IajhRlf+uNBhuLOX3H/SsTsl + G6zTIW8d2RE6jzm0z0WsdOVn88H9374I6m7cJfM7vhXgVPGtPJm+B/upAoGBAP32 + blPiQHHxZuXjfNfnEx9vco2kZLqoFK1a5/VZMQkKS9/TkNJQff1qjr1MQ/wqXBYz + Igy95ulWsJCxPyywSsvvuOB5rLwQMovKcRaG77HUBN88bFKH9cCWWJvvi2ZONYOF + ROFzlGE4wdk9qM2knHi+jZq4jqCSFoHJ+aGHZ33tAoGANuIdIE7wLXI+WGdq1xhc + o40NXdmiTfe3OHsIonT0I8pB7/5562p1q8AXcdqebDMIj2G/zJTi8chReQ5HH03n + 0mXIWEJuMNyIwEAUcYHMbSmKyrDHsgE8eW6ux1BrYZfE11dSTYr/7L0cUY4JLUgI + DTQGWBFsEsTrSCTDSe9/DuECgYEAs+bSxtdaYZzpEGay9Fp7gGQ5WL8gn90bMKZZ + 9MJm6wmBMCA10dY1OcQ3Mz+IVWRIcW1tbGtF3PuM/iKhJu4HPiol49Ytl9c9hys0 + KwoRV/5iKSUrctdfLjsSr/vj2ugCHpXUcoSmkqxbHaIBJxO5yArsUrL0TijOishh + 7pv1ow0CgYBSiSynsF3GoM2mSkRDMxPLV/Y4/MiYB5hMCSPVc+7hXXA1mR5APOUG + pq6DOwfSCSww5ETFWU8/6ucxbzpT0bDSf12NyCTIEe4fzOxryZkh9T/iefE4wbtW + jQmCOY5KvyXZLuChvAnmUDtGPWW8HfbU9gFS4UxsR2XdkJ8kQnBOkA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-3 + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAvDKYmFwj191ovvVxuwHU68m78twsJxwDrvg1yWlLs4vaGb4z + 2FHZ9PzMf2VvwAdZnbf7gFeaXI9eyZBWOubxadepwixvzuLwvbV0YIS3DHqMcake + jO3nNujYXSwu2hz+FVy8LBnBVZMkjWmyRxfdtgE0F9T5kLZstQPMNjVtSe7SQjVZ + bAXC20RvhEKWSbtPBqfZfOj2wKsW+5VJ7o5cu5EYMzerCI2SXIAouTg8hh/EiLew + lK6zTNV3Fu2bbc1uG7BQSzXYPQiEU6ORSsPBNxJdUSJ6JeZw7GjKnussjKBHqVVX + NsheU1XiFmwH1oZpcI+Zl5soIE4al7ryioU4EwIDAQABAoIBAQCTErdN2jPoro79 + LLMEghnzamQHFykqJyp5wl/GVxNh7Rk0pP+/PbgnTKhDpvH+D8BpES7qzYtEaoaY + 3sOEpJZlMLTpmfCGrbOVjgi0pQKoLd0ztga5+/GFZ9IufijfK2klKKOlkzsTtToL + iV5ZUL1jTu128mlWPjoV/DHK61XNQA5A1xiMCuAL5mNtqISrXYtLcq+CO5qiMHXT + +zXakHP7PQpq9eyySCbn2bhCGmzX9yTUezxy01Hu7AaRIRqck3GKUF9oMCfyG8o8 + 3IfI1R4Xn6LM+aSkAm1CSqmd209/Bw+m02Lja9GjGi1kieyb+BtT1xb+8+LO2GkC + xB0rt9OBAoGBAM63qdTctTFStI+kIH0XRI7aJ3jZZlpjpUQZo+JTFmQAwgtSgGKv + 2XyIYl7rCGFUcbw3xT8ej1lD/gnW/caQpZ/vE3293nnOIOZ29JtJu+nNFLWy6cp1 + pBWD+z4P3mWNHVFC8kW+8DsvWfzCibwZX3CbipTjrurdcruPBY8azUTnAoGBAOkQ + oudQMoR2sgb2i+TLSPjATi2riDmGeW1zu3PQil+E5ojhCL0mIpCXF6Ey8Sk82zwA + feo7vesZFi4A9UqEyva7mSzNFWOKUUgqYqQ+JaM05hcKSRK1lQt9QwXWmlipL44f + g5HLQ8Ii4p8JOw/31I+va1UMKSvklxz/r4zxu6H1AoGAZCyu2V+HUvqgU4eW0ufG + qm9fd3nq1ty5BvJh79iR3i5b2n7Fho1vGKFDAnplWj1AzJQ+OuNFVl3TqtMLsgEA + sit6R5IOUPqqCOUWjnZB4QAoDBFCqIEv3dlSlHW+MXob/fgyTchExHmi4xEnDAdD + r99AXfykFF7yLaAWco3rcXsCgYApZBn6SKTgH5BYajrIBE5OVyDLPZZw2PABvzcA + R337nseucYCyzu3+jcbViw2HTFaHHnM+QSPmd8sXmnX1qQW+sexvJ3Dv/6WV0mk4 + UA0xIfjnCJ2XpAX3R2S6ybUZn9phPDmKj/XVqYpjwijqGhJ2/ilqrkE1mWA49zO/ + LUMsbQKBgG1dTv5Xvd/4LoXHHq79pCzbJQ/4G8oNWCxIC3VnqdJ/LJ26t9nYiHMA + Fp0nNXwaU20Yp9sAJj+nQImHLmWtShDFccjJg1eEyoWQ6I4NAfZoyaqavkRngoqB + XJtcv3nluX04Wo4QoM86hlQG+/UvNbOJHf89SxBtqti0Di1RKZ1W + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2/Fsk28bvLuh8bUSRnDufz1CCE4YwYFSXYB/i+ivbdhjaoOZ + DhMqc8THgLnoHKlOQux+WDWgpUCMkUbxm5A8jr1wzBLPNfmuvqaRT/7/fkQX/IjT + LnTA316eZjGyCpVJxUu/Y97wwnTJLgQbSjEHD5KqixsUM3+dlPEGKwsdDn6FRWF8 + lXGw3IhvyJKuTvoWXxwNN4GuxdyTvsHOeTbLoksQBiE2snzjEZ3Tr07NRf/X/4W/ + 9K/3Ehuwclx9vNYeXMH9JpP3O3yrhexUiojCw2BGdnL3elqIjTfsIUA3UkY5Kpr8 + nne7TSX5v17EACbXAUOvTyAnoT9QUGXTB04LgQIDAQABAoIBAEkaoqMSgB6oIviq + 3asqKCuEmekWxCW1LUJEzqAbNAwHq2ug2AOUnTyjgEgqAptcLtYRsyDwmjezD8XN + 1cqGE4rCLra13cer+MgHpy72q8c1LN/UPpUnW2AjG/UNuYbI/h8kwTWZyV5o4OF5 + nfR3/UfQ0PyxgHJpjWAPCKTP6dWB2+5aLU+kXPGulNh32ydpox3S76UtX9a3MuH5 + uvktJgLOgNef2iBupC5TgctjlX9RHpoeIzMhz205IiDD1iYnRiFm7edDxJnJdLMj + f8++CzgdsESjcEaZsUbjjCMn59Q2ls9iVNHVRn7duiXC7f/QMxbd436VgkUIu98f + BbUj0A0CgYEA/6c3Nqbuxl8etNnQjt7FSDvMTcagABj5gJxl8nrRU1bk/c+HY+xa + i4v0hDeuv7glVnM0y64/fGdlzXUCcItuNE3kUyRwzL+0b5urFwc75fD9QsoBl9Rg + jmKOkSbdpg/yHdoCLWCh/dkSHPQf0jBsILUaXZLldc5XJow6cwb8hTsCgYEA3D3O + j/MfQu/ixcSGKsaumYR9k4JzdRyRisg8MAMMgL60wb5v9vGz3Ps/I4zbbUQQwWtC + ltRfIFCcZFAfnsTGSyXCNQkcPtT7OLMfXuv6wvcFDOIwg4cRfra9NGYYHeu4lqTD + 3hUuwn5Vr9Xwhj7tV5LE9lgNgkGH9cagfRAPdnMCgYEAxex9cJBYt7eYnEctkg6i + CcRR7bziznCHaayruMihGrZhXqa2mQO5LeRSj7JUVhWIwp86tp3WhMfAJwp5swwf + a9sJ89x4f+vDE80e7hspomGqkXS3OwavIkznNzUx0Ijz12ya1urDPzY5MbVGlYHr + lH7hRKSfhU8UZcGW1ssH4VUCgYActnIXkjqhH2URI23aZcyddwhoErm6qt7OmQw/ + tiYLItGt8IXoS9qHFLpGiDaTKCyHCtTDlSxRqjC5Yzi8Gis/4MxQ3b8w8dNOsQuF + 9H3crRebdmGcxB8jxe8kxaqfO/v0p8ZhTaGq+Y1yPxH8bnfC0v+aniAkuyZehGan + 51AcwQKBgQC+o+liLMyJ+iuYXL9higcpom7wMrmk/930JhU8ru5gjuUdnYwnMKFX + Sj2YZyotshndf8weqymXjy49Au4VI15eyfs4RpVWkiPbza8OAvACdWqyq43MSpJB + 0R5O7o11nIDxF/+lAp2JWhD3dUlHuIwOzBDqdMKiYuv33nu9RoMjeQ== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-1-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEArTfScUMfvpPsVr1R3m6uzOa7C0lWo5rQ1nQWyllrzTOYPdPn + lfz5C5tFKDXzU+K9iEpV4+vUg+2BrlwlPiHuyC0MGxGxIk/TAEv1red+Ozq4WSOY + 6Ns9bJK5WaXQdDWiBGBoCTK6lrYIp4UdpA7L60DNP50BSLkj3mXZxMQUtQXh04AJ + DMPhmed9NA/rTElJSUBpYncszSJ35vVOI2Af1Fpg4LkAkh6OpazjczgycYv9ni0b + 31dzN17co1HDmcrzjlukumr5ZPx36OpA21wU8w85Q+5+FmPqvc+fxdQufVmi1bu2 + kaX8abhDylud/tFHWVQEWVR92ZKc2XgLbMkBbQIDAQABAoIBAQCMwDBS8m0oCcDg + VqPgr2WAf/f62tP4ywLpT5l5QSIUstkBXF/xA4dGxBt06inXvwWtamHSez3LGcHn + cV6d1yrVI62TjVO3As/8jLyMW++5pyRG4mMMy6FkyPCthMwWscH99mxzFPKDJlVv + 8f284n0WoyhkiWqSskYQIAjNF1uQH2o+fRs8lluqNpqkJkDzdlb0F75fgkEa6r0a + a8ok27k8vwbDKL+Y18x0P8X0xJHaijJbU61hVn+j6j/Dd44tKAn3imTUvnXXNSLL + uIMyIPGsqEhSLHtF+HzGjR2X6Jt/xnLybMNeBo53jT1/MnWG/3sUxK9PIzR4UTsL + yfTCBfDBAoGBANP+CE5I6/21a0+fMyqX/oggmwjMss3+J1ZNaEu59uZZVYmA09Ys + rfbjQw6UzYGJvCeshXuwxYlCN5FGH4x32sNhVAxus7eZWY1ZEjQ2HMfO1mIaHoWJ + WLkaJCPNeEOdw16lN0XLxdi3pJ9bgFY5VQJQPB1RxgcAYFjbQhgNw1udAoGBANEt + MrpM2Mm232eu2JCuaU6ujta1FBOFgMg1WWVrKB1juzr6z5UPr7SlWkARU+WckFoP + ELkXzHTiiRver/DbXe1i2FGXF4xMtzoRzSlRTq95u8LP5NZEsiaNvCU84C1YmFgs + f/iFVXodZ5OWG58t5g6z8GQxEvzC33p1fihY2dwRAoGAcErg5W71Krgdtthyhv5q + QntbBCdCE6Gr/qgUNgC0y0HI8IRAMfQK1nt9eszRqutlsnJNZr61dEaSHq7RaVvX + kqUMm2VMZ1WgvSHQZb3AMwraPq7tOfkN+Ubim+Br8w0vfwPvKlaNX4WvewZCDepi + oE4V+cXmKrFFV+wUr58iu3UCgYB0ZwiRr+374m5UDnKpoMUtaepHBSGU83gE8ds7 + mvQJ1tP8MFKQCtimWFXuzTW40vVpiHSv69R1PxM5lSSnjguo7JagYMpT4uUbxYg7 + 8+krsTyRXotjyXqyBbGrr0K5OVIdzzWvoNM+T1qyQJhCbpJVoECoIL8GNZOTXArG + fRtPYQKBgQChsio7Ut4mBA6wzxngPrYhV3acl6N6wQxpZPmw7BGTVPGFhhluWz6a + yzkrTthbef41Ff0lgnewZfumRAyp9qdFLB2A2SmnD1vYe48UO/hfmf2T96QOrcqe + LjzZE3dsvT+nJ/m42wUn1e6ngdwUHrB4FbUrMgXr/E59h4zaK5NEnw== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-2-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAz1p1Rf0dl0D83sVDcJFi2gZlm2LAt5e+UYRpJPbYVbLVO1+o + 9P89jrIEE3Cl1yQTcglYk7zjnlGUvhA7HGnjtdwMX+zWAX0U5heAxgg1/RCol058 + H0pKNn+dWqFkcO+c4AiO3/W2kzexQKU63W+3dQEgUharAcgGEGttD775mc0oac6T + QXC2z+EqFdNDBPmIIUqSzVQ45x5AH0XnULq6xvpe7S1VS8RpK4EmE4ecqA8YPQan + jdflgkiTSmKzs/xxUgvLeGOuBrBMZALgd2/tOssQrnJOgnanWvt6W4yZdFjbGC7n + kSYM/j3u1k5aDbvXaMSSHJ9nqHkYdzCUDTcBRQIDAQABAoIBAFGBbDGrshL/b6ad + gcngzCuJci0nHzvLgPsIAlCOWzEsj5a8HmzXW7oYjXOaxwWPX7lmpRPFnu9fgAlJ + 1gJwORsGOTMHpIOHSEy9llfBaH9mKe734eBm0k8j0JWMdS/TcCW8F3U/X5n0vU78 + 4+ug+0sZuzupP2T+3CteHsuetPxYLAoyzUfrHIsUXfzc47PCCSH8hqquUid7FKYw + C8LjqxrgTN7uPWNdmHsG8T0SlH4RRw2S8hxua5evA1+c4//4OJp9K33EKgqTFUjO + zZVbph6DAUvXV3MvISkh9ca+NSGVhbU0keCHhXAI/wediVyIpZn5wEH5a5VTzsdz + +d9lZA0CgYEA2Y0amgijBITO8Kn9DASWfrQa53zaRd/oYtzfCYBKFNB+fl99rm+6 + LYdH3uYsJdjVk8FmlUPJyyCJDKrI0ky4PRroK/zEQ4S0JUfDl1kZKPhDKIno+HT3 + 4DDzWSN2RoCPKwWtCqIWMrsSbq/7VJRV+qHBpLOrBltw/hJfGXSghjsCgYEA8//2 + fYriJKwIRClQ/LEWlCnsMm656y30Uz6jd0KErq67KWSfj0/DKVciY6r4F+jqWB+V + inMmvOYR5bMBpEyP6X+JPnvLilwr6e+oId+rtSnJB3eeGkX+fch20xLSXNokgPOM + mD6tX0zVtaCUa5npz6xvX37H0yCoJUC/YSR0nn8CgYEAz9rZR8JovrCFZ7uCYjEf + +P7rlbDce1ZrGcod7137adeqg+OImVl2cHmIWZdhJuf9Z6ao9IRIESOMzeV+6i8S + +I70tNJUUo4/8D6Yycn/F/3bbKgXRwu6qSEb4FbZcpLyNxC9PCORQfcqrUbGwxDW + 9RgHg+2FwhUr6BR1eETN+nECgYAK+cSYuRqbE7H7fvBJrZ2aZJhfXGO4lISdCgBI + aRGW2f1JS2FyDOB2h5jgatxmFvATrrgHVk6zyJWdg4PbZCZFFpuR1/e77ZF8IG+r + tmf+6jZEw7i07dkYx1+w9vPHgXiK5Gm6n3clBkvGs8Z5YJ8H3HXWEdnjQWDO7C6v + q/gi+QKBgCpak8Y3ZvyuaZ3RxGORYw0khiAIA/wjLlxlTUS3KafA/m+D9PiLdjNF + sRCMw4Ehek0ad39LK2MR2wphPxp/cHdVCKDvnOwy8RcRT7PlBtoz8q39L4nVSuBa + zF1re7EKQjLY9xU/cd6u1QR2JhuU6yb2ihX3c4pEog16FYojzKf6 + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-etcd-airsloop-control-3-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAzyigp3xcuC/SdF38v75Wp+1lNFKE0RWpNOrj8kbMmrPj3V59 + bp/8ZdCGS4s8KJJWYGmz4uASpWCy36HVfcKLA1xhvPqixBsOI4A2KFa1eN/LG6Qv + vo+iSvLeMFUZd1aLDHQ2jo4v4we+ATzDJmcTrOvblp+8zLdhmef9bCTNi25k7HVc + C0KPLaBkbCph/B4uGFcgJgK/KzEiCNyfWO8lkyBTioy/3FfIFW0goEup99r/TX+R + TEHkE89kU2nzmli+O6dWvHSaJmtMJbruYaTV/ZkJLyOMPrm04Us1ZfSMZkd2Jk7P + SPXprTtcwNmd4EcFzd7lF8UB4tnDuDeMHlFmKwIDAQABAoIBAAyOJc6A1w3CuDqd + R6hHXPEoji2xoqMZcPvoEJCqgdQOewz7oRaHU8DH9pu1gJvk4p9NSL3DXt3vEmhD + YrEQjWRSwQm3Fw5TpXO5XY7sUmtVBPZT6SDfi7KHLbg4MCbvc9X5ZSUWsQhNe9KP + YDR/os2kLdbfL44ovx2Y1d8sC9kbZ8s4esYjweQ7sWZf+iMlWXAeKcQ9Hkf0ONEk + rdgvUIWn6Xnc1RaQaJVpPrL4UcVXTaDZXbFckV5dEEW39bK74sKZ6NsStE4GLS/v + hLuu4Vlw2qpcY5J1KZX2ITvom/LDpZllYjXgqYBk/I9N0CJsQ7g4RQPPbuwbz6Pi + X9h3nSECgYEA7zBPWWANMhRKsA4lA+V4M5dL8zmhNQkfXe7pDCcElBOPsyzENw2U + 1AWZ9m1j7sogo1KgGIXQEKVVwwqoZ1fA0H+iuGf30ucpDs8vhOiIFzFmFWNzw3St + Epz5vL+KY+tyHyJthfzz6Che/n47s7TxMLm84EsJWv7PNO0PuPVhyK0CgYEA3bgB + iAry2RqFjQw1SUNIGZqXjrv8UVjSCeDhVgojwWMtr3ZiQOtICRWi8sHKzy4sohfP + 1vS0Kd1uoeDYh7Qu5+cHO0UMKGR7AegooTXZpkkXnkFOd6e2yDh6QZs11T/Sewpk + BMS7qlAbugUbPnTIrNR0scgQSyRQ9GNjZSbojTcCgYBDuD7PBCXYRux6eha6yq5E + lRJ405kzxdhupOSwfx+JuRwXU5ZeK+c2PDvCDGidw/aHpy4So1gsTlNAvHS/hZXe + sjRk13LP8IisW7aNf7SANIk9hwHQlekmevEuImDRN2kBLaMqq1p3IW77yMuobpNX + A09ZhYUpkTkjN/cam8bKpQKBgQCKcY0zP3LoMXFW41qahpKMukUMcUFaIhX06SCL + MwWkiaNLPqaXVtLCKWp4Hp3exDxGcovq8x1UTtn35ogOJGptj4qqbbDrv+I3DJni + H9fpxxYiUTEH8gdl+i4MrTfuEk4BWjmd6KIt9Jt7ihi65P0xPfAn2n6iDOkn0K+N + x7/J/QKBgCbJa3AFPqC1dz51/XWuhWTs3wy1GzN726kTDx98lWeRDn17RGxilNpg + Dtk27qFX4HJqQhRlPS5gFHqK6WBbxRj/mjLxFvI1N+QAQQaEd9QvrSLN4FtGF0gy + 7CcJBbrALCLtRUx2RXqh1gahbGhQB5LDc+n9UvSMQzcYOqm3RHXd + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: calico-node-peer + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/CertificateKey/v1 +--- +data: | + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Lq5y0EVx9gcQNTCV/aY + dOxt4j5ZtyZnbpaV8bG1eoDOn0AwIh422RK0CHM8WHoK8vceU3xngMwXPHgViu13 + PoKpozsqf/fbsN45jJBylr1Vi6tGwdLbnww3Xqy5syGXTqyijeIs/xFHC3AUKtja + zbukQBDP20DCa4JmfaN3MzZWK+W7QrUStDe2jAXFpkeaU6KTk1tiuhRgordi0pF6 + mRj9oeSJwsTacqA7Y1Faoa18t6jfsfe/sVLS0TPdly/Czn1G6oXFZhjA3y2Y5Eli + hT4vIKwqSp9VeXqYvknE/HjXqYdySe/L2MNKlMHls1kmfjpTcOlGG49HYyo8WbSP + LwIDAQAB + -----END PUBLIC KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PublicKey/v1 +--- +data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA6Lq5y0EVx9gcQNTCV/aYdOxt4j5ZtyZnbpaV8bG1eoDOn0Aw + Ih422RK0CHM8WHoK8vceU3xngMwXPHgViu13PoKpozsqf/fbsN45jJBylr1Vi6tG + wdLbnww3Xqy5syGXTqyijeIs/xFHC3AUKtjazbukQBDP20DCa4JmfaN3MzZWK+W7 + QrUStDe2jAXFpkeaU6KTk1tiuhRgordi0pF6mRj9oeSJwsTacqA7Y1Faoa18t6jf + sfe/sVLS0TPdly/Czn1G6oXFZhjA3y2Y5ElihT4vIKwqSp9VeXqYvknE/HjXqYdy + Se/L2MNKlMHls1kmfjpTcOlGG49HYyo8WbSPLwIDAQABAoIBACYNwit17PXMZHJF + V7HCZJNZxW3k/A5yfR8cCFCI2j+5qA9qE3TAs/8yi7WGAiwFaJzpw0+rW9E3jeUZ + TYx137Wc79f86KocARQeghJ13AbB1qcLznoK3FZZTQRyAbtEltUKbVn9zZW3YYKB + RQrsgnp5YBYJqbMUF7Y0kEWi4O7Cd9MvhcM12vHARFPN1rTkOboinorgF0/UEXlO + 3bTyRBWZcAzV9HQ0b//8gQ+xvKBEK4/jZt+rnBJ6Nl8+L9j1AJNSJNIB2appfnfH + 50sRABmSiECa1y9IXGBB4Komvnt+7h5DPdT0RMz4/VMilxVk6CpXt+NiuP39vNPY + 6TE/RgECgYEA/9/Du5PAzlyeqrcPmH9JIkPW3us+G4RT8+gWIqdAhJ8AnsogcHcF + YIcvqHR1Qo7u77BzDv2+YzBJI0YNFPtQ5Y2OJkH27zc3JyUHw5epsGM80Df2rLii + fLVtrK8imXQ08OAGsi1ac3t3cubnijyBHF5UOv56vsWM1ehBeFg17MECgYEA6NgL + nZNY1o4uKaTwkvO0cctFt5VSc6V5TGXEJyMxyMf8hhAY7G11afOM1YhCVV+mSIL7 + je5cDhi6vAbixJ2qdjv+5Cqk6xqknQqNDtmQnhmIirH50c0+mUzuasS6N/8zhcRn + 5zCyKWpwxMFxw4b+UjF7+QehjDFAAsk5rbBzR+8CgYEAmhH84+fWAuxWRekwpNyQ + BufebCAuJ5eIjadEHN2kxbaQQwzmd5HTVQpRshddvBQg34bZ4T788vDSOUEnA2lI + jtCrtXGm5OfUd+eeQzIBZUp8BcyM5ffPL1R3k7FpHgmRDzF2FrekbUD87d0Hsn84 + JwLNqTAubMy7Pto5AePrpIECgYEAk6DnPHE/0kkzW5QINCPwNHX9Lfiu3kP8NEQR + qf7WgcbKhPWP19dOqm6QzJIn/Jk4hKEHfWWzV/y16KE1BhQxD+XaJjAjgCzUUf1u + kgu/dX4a5FUTX8IR/oCYaXlx2C8mK5nrhtmJHFkwRo+f4aildteJEsuT0Z8oRpvu + xgEqFmECgYBaN/aL6z8yOybcYQSLR7OdCiWsZU2qSTiF9HnWW4X+m7lSdB6J7KXg + zu5/oYOfablGWIxuEH5Ri4aWDzlZlycm+1BYMEY7ke+JBiSmA4PzYLrbI8bahGzt + QNt8w/Ni/ek14kGLRSE0D4wCQHWqx7loQxTEz+hR1Z6ZDZWmLWOidA== + -----END RSA PRIVATE KEY----- +metadata: + layeringDefinition: + abstract: false + layer: site + name: service-account + schema: metadata/Document/v1 + storagePolicy: cleartext +schema: deckhand/PrivateKey/v1 diff --git a/site/airsloop/secrets/passphrases/airsloop_crypt_password.yaml b/site/airsloop/secrets/passphrases/airsloop_crypt_password.yaml new file mode 100644 index 000000000..0e18709fa --- /dev/null +++ b/site/airsloop/secrets/passphrases/airsloop_crypt_password.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: airsloop_crypt_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# Pass: airsloop123 +data: $6$AVL7yH1sLYlKqvcK$ngUiLKYZQhhj07Lb3ngWa4qVwDgUP9pCGfGFG7JIpF.6iStnfEMeySf8XusA0/3i9O5gMHE9hbg1/4GrFb5rR0 +... diff --git a/site/airsloop/secrets/passphrases/ceph_fsid.yaml b/site/airsloop/secrets/passphrases/ceph_fsid.yaml new file mode 100644 index 000000000..d3722c607 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: d52a9d00-64b9-45f0-b564-08dffe95f847 +... diff --git a/site/airsloop/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/airsloop/secrets/passphrases/ceph_swift_keystone_password.yaml new file mode 100644 index 000000000..58f477fce --- /dev/null +++ b/site/airsloop/secrets/passphrases/ceph_swift_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_swift_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ipmi_admin_password.yaml b/site/airsloop/secrets/passphrases/ipmi_admin_password.yaml new file mode 100644 index 000000000..c720b8a59 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ipmi_admin_password.yaml @@ -0,0 +1,13 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ipmi_admin_password + layeringDefinition: + abstract: false + layer: site + labels: + name: ipmi-admin-password-site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/maas-region-key.yaml b/site/airsloop/secrets/passphrases/maas-region-key.yaml new file mode 100644 index 000000000..b60aba3c9 --- /dev/null +++ b/site/airsloop/secrets/passphrases/maas-region-key.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: maas-region-key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# openssl rand -hex 10 +data: e12330cfe038735aee32 +... diff --git a/site/airsloop/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_barbican_oslo_db_password.yaml new file mode 100644 index 000000000..c4744d86b --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..670007e5b --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml new file mode 100644 index 000000000..a8e9170a7 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_barbican_password.yaml b/site/airsloop/secrets/passphrases/osh_barbican_password.yaml new file mode 100644 index 000000000..752af118b --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_barbican_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..d88a5fecc --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_cinder_oslo_db_password.yaml new file mode 100644 index 000000000..c7b383da3 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_cinder_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..0b7fdba72 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml new file mode 100644 index 000000000..b8e3fc8df --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_cinder_password.yaml b/site/airsloop/secrets/passphrases/osh_cinder_password.yaml new file mode 100644 index 000000000..2f2dfc57c --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_cinder_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..336ade114 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_glance_oslo_db_password.yaml new file mode 100644 index 000000000..bd3637013 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_glance_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..555b8ed17 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_password.yaml new file mode 100644 index 000000000..680166b62 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_glance_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_glance_password.yaml b/site/airsloop/secrets/passphrases/osh_glance_password.yaml new file mode 100644 index 000000000..37fe978c2 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_glance_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..5d8e2c93f --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_oslo_db_password.yaml new file mode 100644 index 000000000..d57fd59ac --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_heat_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..e4ddea6ae --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_password.yaml new file mode 100644 index 000000000..398d5b110 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_heat_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_heat_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_password.yaml new file mode 100644 index 000000000..823762226 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_heat_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..672c49600 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_stack_user_password.yaml new file mode 100644 index 000000000..f3aa29b08 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_heat_stack_user_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_stack_user_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_heat_trustee_password.yaml b/site/airsloop/secrets/passphrases/osh_heat_trustee_password.yaml new file mode 100644 index 000000000..10f0edbf5 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_heat_trustee_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_trustee_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_horizon_oslo_db_password.yaml new file mode 100644 index 000000000..684b6ca03 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_horizon_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_horizon_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml new file mode 100644 index 000000000..3a4afaaf2 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_elasticsearch_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_grafana_admin_password.yaml new file mode 100644 index 000000000..65a7ff0d1 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_grafana_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml new file mode 100644 index 000000000..1d110224f --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml new file mode 100644 index 000000000..c756fddbf --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_session_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_nagios_admin_password.yaml new file mode 100644 index 000000000..ab3a31095 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_nagios_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_nagios_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_openstack_exporter_password.yaml new file mode 100644 index 000000000..fb8b570bf --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_openstack_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_openstack_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml new file mode 100644 index 000000000..afa5fb979 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml new file mode 100644 index 000000000..a0879738b --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_infra_prometheus_admin_password.yaml new file mode 100644 index 000000000..35297f03b --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_prometheus_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_prometheus_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml new file mode 100644 index 000000000..9f64719a0 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_access_key +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml new file mode 100644 index 000000000..3e06f913a --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_secret_key +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml new file mode 100644 index 000000000..97c7d2312 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_access_key +... diff --git a/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml new file mode 100644 index 000000000..60f0134e0 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_secret_key +... diff --git a/site/airsloop/secrets/passphrases/osh_keystone_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_admin_password.yaml new file mode 100644 index 000000000..47fd23016 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_ldap_password.yaml new file mode 100644 index 000000000..6d9729244 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_keystone_ldap_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_ldap_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_oslo_db_password.yaml new file mode 100644 index 000000000..7b38466fa --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..803e42dab --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml new file mode 100644 index 000000000..eab9ee70d --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..04fa2d674 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_neutron_oslo_db_password.yaml new file mode 100644 index 000000000..e05dc7856 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_neutron_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..9a8d2dde0 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml new file mode 100644 index 000000000..c0f63b1c0 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_neutron_password.yaml b/site/airsloop/secrets/passphrases/osh_neutron_password.yaml new file mode 100644 index 000000000..7b264bf7e --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_neutron_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..3d68cdf13 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/osh_nova_oslo_db_password.yaml new file mode 100644 index 000000000..888cdeb27 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_nova_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..319c6fb54 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_password.yaml new file mode 100644 index 000000000..ed27e00a5 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_nova_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_nova_password.yaml b/site/airsloop/secrets/passphrases/osh_nova_password.yaml new file mode 100644 index 000000000..4ffee0d6b --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_nova_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..5546e6884 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/airsloop/secrets/passphrases/osh_oslo_cache_secret_key.yaml new file mode 100644 index 000000000..f187b4548 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_oslo_cache_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_cache_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/airsloop/secrets/passphrases/osh_oslo_db_admin_password.yaml new file mode 100644 index 000000000..cc04ebdb6 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/airsloop/secrets/passphrases/osh_oslo_db_exporter_password.yaml new file mode 100644 index 000000000..42be33deb --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/osh_placement_password.yaml b/site/airsloop/secrets/passphrases/osh_placement_password.yaml new file mode 100644 index 000000000..194c62fd3 --- /dev/null +++ b/site/airsloop/secrets/passphrases/osh_placement_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_placement_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/tenant_ceph_fsid.yaml b/site/airsloop/secrets/passphrases/tenant_ceph_fsid.yaml new file mode 100644 index 000000000..138e2e7c5 --- /dev/null +++ b/site/airsloop/secrets/passphrases/tenant_ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: tenant_ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: 9e45aa5f-9d75-4fa7-bde5-c99e4a7db7a1 +... diff --git a/site/airsloop/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml new file mode 100644 index 000000000..98dc10d5b --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_airflow_postgres_password.yaml new file mode 100644 index 000000000..8c01bbf42 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_airflow_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_armada_keystone_password.yaml new file mode 100644 index 000000000..e264efbe5 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_armada_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_armada_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_barbican_keystone_password.yaml new file mode 100644 index 000000000..86be06b50 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_barbican_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/ucp_barbican_oslo_db_password.yaml new file mode 100644 index 000000000..4ce2c0dd7 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_deckhand_keystone_password.yaml new file mode 100644 index 000000000..c8967699a --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_deckhand_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_deckhand_postgres_password.yaml new file mode 100644 index 000000000..52f9e24dc --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_deckhand_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_drydock_keystone_password.yaml new file mode 100644 index 000000000..a501401dc --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_drydock_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_drydock_postgres_password.yaml new file mode 100644 index 000000000..45a0d2da9 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_drydock_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/airsloop/secrets/passphrases/ucp_keystone_admin_password.yaml new file mode 100644 index 000000000..76c4bf7c1 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/airsloop/secrets/passphrases/ucp_keystone_oslo_db_password.yaml new file mode 100644 index 000000000..57004eb9b --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_maas_admin_password.yaml b/site/airsloop/secrets/passphrases/ucp_maas_admin_password.yaml new file mode 100644 index 000000000..f9af87bd8 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_maas_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_maas_postgres_password.yaml new file mode 100644 index 000000000..b0a1c51fe --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_maas_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml new file mode 100644 index 000000000..b1e792513 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_openstack_exporter_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/airsloop/secrets/passphrases/ucp_oslo_db_admin_password.yaml new file mode 100644 index 000000000..ef9c4a2f3 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/airsloop/secrets/passphrases/ucp_oslo_messaging_password.yaml new file mode 100644 index 000000000..00d02bb68 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/airsloop/secrets/passphrases/ucp_postgres_admin_password.yaml new file mode 100644 index 000000000..14184ef31 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_postgres_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_promenade_keystone_password.yaml new file mode 100644 index 000000000..6e9a80675 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_promenade_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_promenade_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/airsloop/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..92241b944 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/airsloop/secrets/passphrases/ucp_shipyard_keystone_password.yaml new file mode 100644 index 000000000..bd73c90ba --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_shipyard_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/airsloop/secrets/passphrases/ucp_shipyard_postgres_password.yaml new file mode 100644 index 000000000..ccc328a33 --- /dev/null +++ b/site/airsloop/secrets/passphrases/ucp_shipyard_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: airsloop123 +... diff --git a/site/airsloop/secrets/publickey/airsloop_ssh_public_key.yaml b/site/airsloop/secrets/publickey/airsloop_ssh_public_key.yaml new file mode 100644 index 000000000..deeee7611 --- /dev/null +++ b/site/airsloop/secrets/publickey/airsloop_ssh_public_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/PublicKey/v1 +metadata: + schema: metadata/Document/v1 + name: airsloop_ssh_public_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCycUyxcb+AJIOyU2fzJ0C0tj7UnWZkIAstdPOpeuHQejhezFFT46w3CA9tvr/XlrLu6Rwk7E8qLJvBCGUuZnE0dkRgwgjv6irjy90jA3sY9pdW5h+MxrlbLVNXOEsZbHzEK3sU7WfCpAuIEcxmL+F5+0h73BCqKNG5IiJKApmzPvwYoOxc1BuWguVrFjHqEhYUjMkJwyNRXy6Sfm0MiOVcdF7uvgK7tf25mGUaoyGWJYKTSJCOJ4M535BN5n3G8amTP3fcna1Ig8Rn9yDkGF5obe5TPB7zKuLNMp2bZW5YkSIQFRpm1RDHypXqNa0Lmr4pQyKNL+Auoq852D++XH43 airsloop@airship +... diff --git a/site/airsloop/site-definition.yaml b/site/airsloop/site-definition.yaml new file mode 100644 index 000000000..5ca82f786 --- /dev/null +++ b/site/airsloop/site-definition.yaml @@ -0,0 +1,16 @@ +--- +# High-level pegleg site definition file +schema: pegleg/SiteDefinition/v1 +metadata: + schema: metadata/Document/v1 + layeringDefinition: + abstract: false + layer: site + # NEWSITE-CHANGEME: Replace with the site name + name: airsloop + storagePolicy: cleartext +data: + # The type layer this site will delpoy with. Type layer is found in the + # type folder. + site_type: sloop +... diff --git a/site/airsloop/software/charts/kubernetes/container-networking/etcd.yaml b/site/airsloop/software/charts/kubernetes/container-networking/etcd.yaml new file mode 100644 index 000000000..0aae163ae --- /dev/null +++ b/site/airsloop/software/charts/kubernetes/container-networking/etcd.yaml @@ -0,0 +1,127 @@ +--- +# The purpose of this file is to build the list of calico etcd nodes and the +# calico etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which calico etcd will run and will need certs. It is assumed + # that Airship sites will have 4 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis hostname - airsloop-control-1 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-airsloop-control-1 + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-airsloop-control-1 + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-airsloop-control-1-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-airsloop-control-1-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - airsloop-control-2 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-airsloop-control-2 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-airsloop-control-2 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-airsloop-control-2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-airsloop-control-2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - airsloop-control-3 + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-airsloop-control-3 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-airsloop-control-3 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-airsloop-control-3-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-airsloop-control-3-peer + path: . + dest: + path: .values.nodes[2].tls.peer.key + +data: {} +... diff --git a/site/airsloop/software/charts/kubernetes/etcd/etcd.yaml b/site/airsloop/software/charts/kubernetes/etcd/etcd.yaml new file mode 100644 index 000000000..92adb0048 --- /dev/null +++ b/site/airsloop/software/charts/kubernetes/etcd/etcd.yaml @@ -0,0 +1,131 @@ +--- +# The purpose of this file is to build the list of k8s etcd nodes and the +# k8s etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + # Generate a list of control plane nodes (i.e. genesis node + master node + # list) on which k8s etcd will run and will need certs. It is assumed + # that Airship sites will have 4 control plane nodes, so this should not need to + # change for a new site. + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[0].hostname + dest: + path: .values.nodes[1].name + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .masters[1].hostname + dest: + path: .values.nodes[2].name + + # Certificate substitutions for the node names assembled on the above list. + # NEWSITE-CHANGEME: Per above, the number of substitutions should not need + # to change with a standard Airship deployment. However, the names of each + # deckhand certficiate should be updated with the correct hostnames for your + # environment. The ordering is important (Genesis is index 0, then master + # nodes in the order they are specified in common-addresses). + + # Genesis Exception* + # *NOTE: This is an exception in that `genesis` is not the hostname of the + # genesis node, but `genesis` is reference here in the certificate names + # because of certain Promenade assumptions that may be addressed in the + # future. Therefore `genesis` is used instead of `airsloop-control-1` here. + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + + # master node 1 hostname - airsloop-control-2 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-airsloop-control-2 + path: . + dest: + path: .values.nodes[1].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-airsloop-control-2 + path: . + dest: + path: .values.nodes[1].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-airsloop-control-2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-airsloop-control-2-peer + path: . + dest: + path: .values.nodes[1].tls.peer.key + + # master node 2 hostname - airsloop-control-3 + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-airsloop-control-3 + path: . + dest: + path: .values.nodes[2].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-airsloop-control-3 + path: . + dest: + path: .values.nodes[2].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-airsloop-control-3-peer + path: . + dest: + path: .values.nodes[2].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-airsloop-control-3-peer + path: $ + dest: + path: .values.nodes[2].tls.peer.key + +data: {} +... diff --git a/site/airsloop/software/charts/osh/ceph/ceph-client.yaml b/site/airsloop/software/charts/osh/ceph/ceph-client.yaml new file mode 100644 index 000000000..f0f3db0b0 --- /dev/null +++ b/site/airsloop/software/charts/osh/ceph/ceph-client.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: tenant-ceph-client + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: tenant-ceph-client-type + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + osd: 1 +... diff --git a/site/airsloop/software/charts/ucp/divingbell.yaml b/site/airsloop/software/charts/ucp/divingbell.yaml new file mode 100644 index 000000000..f7fa6c7d9 --- /dev/null +++ b/site/airsloop/software/charts/ucp/divingbell.yaml @@ -0,0 +1,48 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-divingbell-global + actions: + - method: merge + path: . + labels: + name: ucp-divingbell-site + storagePolicy: cleartext + substitutions: + - dest: + path: .values.conf.uamlite.users[0].user_sshkeys[0] + src: + schema: deckhand/PublicKey/v1 + name: airsloop_ssh_public_key + path: . + - dest: + path: .values.conf.uamlite.users[0].user_crypt_passwd + src: + schema: deckhand/Passphrase/v1 + name: airsloop_crypt_password + path: . +data: + values: + manifests: + daemonset_ethtool: false + daemonset_mounts: false + daemonset_uamlite: true + daemonset_sysctl: false + daemonset_limits: false + daemonset_apt: true + daemonset_perm: false + daemonset_exec: true + daemonset_apparmor: false + conf: + uamlite: + users: + - user_name: ubuntu + user_sudo: true + user_sshkeys: [] +... diff --git a/tools/openstack b/tools/openstack index c8ed1563f..5d6eee3c6 100755 --- a/tools/openstack +++ b/tools/openstack @@ -11,6 +11,9 @@ OS_CLOUD_CFG=${HOME}/.openstack/clouds.yaml : ${TERM_OPTS:=-it} +: ${OSH_KEYSTONE_URL:='https://identity.atlantafoundry.com/v3'} +: ${OSH_REGION_NAME:='airship-seaworthy'} +: ${OSH_ADMIN_PASSWD:='password123'} if [ ! -f $OS_CLOUD_CFG ]; then echo " => Creating OpenStack client config" @@ -18,15 +21,15 @@ if [ ! -f $OS_CLOUD_CFG ]; then tee $OS_CLOUD_CFG << EOF clouds: openstack_helm: - region_name: 'airship-seaworthy' + region_name: '${OSH_REGION_NAME}' identity_api_version: 3 auth: username: 'admin' - password: 'password123' + password: '${OSH_ADMIN_PASSWD}' project_name: 'admin' project_domain_name: 'default' user_domain_name: 'default' - auth_url: 'https://identity.atlantafoundry.com/v3' + auth_url: '${OSH_KEYSTONE_URL}' EOF fi diff --git a/tools/tests.sh b/tools/tests.sh index f8300da9c..ff8a46318 100755 --- a/tools/tests.sh +++ b/tools/tests.sh @@ -18,6 +18,7 @@ set -xe export OS_CLOUD=openstack_helm : ${OSH_EXT_NET_NAME:="public"} +: ${OSH_EXT_NET_VLAN:="27"} : ${OSH_EXT_SUBNET_NAME:="public-subnet"} : ${OSH_EXT_SUBNET:="10.23.27.0/24"} : ${OSH_EXT_GATEWAY:="10.23.27.1"} @@ -25,7 +26,8 @@ export OS_CLOUD=openstack_helm : ${OSH_EXT_SUBNET_POOL_END:="10.23.27.99"} tools/openstack stack create --wait \ --parameter network_name=${OSH_EXT_NET_NAME} \ - --parameter physical_network_name=public \ + --parameter physical_network_name=${OSH_EXT_NET_NAME} \ + --parameter physical_network_vlan=${OSH_EXT_NET_VLAN} \ --parameter subnet_name=${OSH_EXT_SUBNET_NAME} \ --parameter subnet_cidr=${OSH_EXT_SUBNET} \ --parameter subnet_gateway=${OSH_EXT_GATEWAY} \ @@ -34,7 +36,6 @@ tools/openstack stack create --wait \ -t /target/tools/files/heat-public-net-deployment.yaml \ heat-public-net-deployment -: ${OSH_EXT_NET_NAME:="public"} : ${OSH_VM_KEY_STACK:="heat-vm-key"} : ${OSH_PRIVATE_SUBNET:="10.0.0.0/24"} # NOTE(portdirect): We do this fancy, and seemingly pointless, footwork to get diff --git a/type/sloop/charts/kubernetes/ingress/ingress.yaml b/type/sloop/charts/kubernetes/ingress/ingress.yaml new file mode 100644 index 000000000..a46485b8a --- /dev/null +++ b/type/sloop/charts/kubernetes/ingress/ingress.yaml @@ -0,0 +1,16 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ingress-kube-system + layeringDefinition: + abstract: false + layer: type + parentSelector: + ingress: kube-system + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/type/sloop/charts/osh-infra/elasticsearch.yaml b/type/sloop/charts/osh-infra/elasticsearch.yaml new file mode 100644 index 000000000..23f66ea19 --- /dev/null +++ b/type/sloop/charts/osh-infra/elasticsearch.yaml @@ -0,0 +1,29 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: elasticsearch + layeringDefinition: + abstract: false + layer: type + parentSelector: + hosttype: elasticsearch-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + master: 2 + data: 1 + client: 2 + storage: + requests: + storage: 50Gi + conf: + elasticsearch: + env: + java_opts: "-Xms768m -Xmx768m" +... diff --git a/type/sloop/charts/osh-infra/fluent-logging.yaml b/type/sloop/charts/osh-infra/fluent-logging.yaml new file mode 100644 index 000000000..eb4c11256 --- /dev/null +++ b/type/sloop/charts/osh-infra/fluent-logging.yaml @@ -0,0 +1,20 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluent-logging + layeringDefinition: + abstract: false + layer: type + parentSelector: + hosttype: fluent-logging-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + fluentd: 1 +... diff --git a/type/sloop/charts/osh-infra/grafana.yaml b/type/sloop/charts/osh-infra/grafana.yaml new file mode 100644 index 000000000..736a04836 --- /dev/null +++ b/type/sloop/charts/osh-infra/grafana.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: grafana + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: grafana-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + grafana: 1 +... diff --git a/type/sloop/charts/osh-infra/ingress.yaml b/type/sloop/charts/osh-infra/ingress.yaml new file mode 100644 index 000000000..0d97c94b0 --- /dev/null +++ b/type/sloop/charts/osh-infra/ingress.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: osh-infra-ingress-controller + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: osh-infra-ingress-controller-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + ingress: 1 + error_page: 1 +... diff --git a/type/sloop/charts/osh-infra/mariadb.yaml b/type/sloop/charts/osh-infra/mariadb.yaml new file mode 100644 index 000000000..e039c73f3 --- /dev/null +++ b/type/sloop/charts/osh-infra/mariadb.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: osh-infra-mariadb + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: osh-infra-mariadb-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 + ingress: 1 +... diff --git a/type/sloop/charts/osh-infra/prometheus.yaml b/type/sloop/charts/osh-infra/prometheus.yaml new file mode 100644 index 000000000..65c02fb14 --- /dev/null +++ b/type/sloop/charts/osh-infra/prometheus.yaml @@ -0,0 +1,33 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: prometheus + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: prometheus-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + prometheus: 1 + resources: + enabled: true + prometheus: + limits: + memory: "4Gi" + cpu: "2000m" + requests: + memory: "2Gi" + cpu: "1000m" + storage: + requests: + storage: 50Gi +... diff --git a/type/sloop/charts/osh/ceph/ceph-client.yaml b/type/sloop/charts/osh/ceph/ceph-client.yaml new file mode 100644 index 000000000..0f431e69b --- /dev/null +++ b/type/sloop/charts/osh/ceph/ceph-client.yaml @@ -0,0 +1,102 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-client + labels: + name: tenant-ceph-client-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: tenant-ceph-client-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + mds: 1 + mgr: 1 + conf: + ceph: + global: + osd_pool_default_size: 1 + pool: + default: + crush_rule: same_host + spec: + # RBD pool + - name: rbd + application: rbd + replication: 1 + percent_total_data: 10 + # Cinder volumes pool + - name: cinder.volumes + application: cinder-volume + replication: 1 + percent_total_data: 40 + # RadosGW pools + - name: .rgw.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.control + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.data.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.gc + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.intent-log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.meta + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.usage + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.keys + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.email + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.swift + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.uid + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.extra + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.index + application: rgw + replication: 1 + percent_total_data: 3 + - name: default.rgw.buckets.data + application: rgw + replication: 1 + percent_total_data: 30 +... diff --git a/type/sloop/charts/osh/ceph/ceph-ingress.yaml b/type/sloop/charts/osh/ceph/ceph-ingress.yaml new file mode 100644 index 000000000..b2c7b599f --- /dev/null +++ b/type/sloop/charts/osh/ceph/ceph-ingress.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: tenant-ceph-ingress + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: tenant-ceph-ingress-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + ingress: 1 + error_page: 1 +... diff --git a/type/sloop/charts/osh/ceph/ceph-osd.yaml b/type/sloop/charts/osh/ceph/ceph-osd.yaml new file mode 100644 index 000000000..066524b86 --- /dev/null +++ b/type/sloop/charts/osh/ceph/ceph-osd.yaml @@ -0,0 +1,16 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-osd + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: tenant-ceph-osd-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/type/sloop/charts/osh/comps/cinder-rabbitmq.yaml b/type/sloop/charts/osh/comps/cinder-rabbitmq.yaml new file mode 100644 index 000000000..c6884650a --- /dev/null +++ b/type/sloop/charts/osh/comps/cinder-rabbitmq.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: cinder-rabbitmq + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: cinder-rabbitmq-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 +... diff --git a/type/sloop/charts/osh/comps/cinder.yaml b/type/sloop/charts/osh/comps/cinder.yaml new file mode 100644 index 000000000..f21996cdc --- /dev/null +++ b/type/sloop/charts/osh/comps/cinder.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: cinder + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: cinder-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + api: 1 + volume: 1 + scheduler: 1 + backup: 1 +... diff --git a/type/sloop/charts/osh/comps/glance-rabbitmq.yaml b/type/sloop/charts/osh/comps/glance-rabbitmq.yaml new file mode 100644 index 000000000..c305add4a --- /dev/null +++ b/type/sloop/charts/osh/comps/glance-rabbitmq.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: glance-rabbitmq + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: glance-rabbitmq-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 +... diff --git a/type/sloop/charts/osh/comps/glance.yaml b/type/sloop/charts/osh/comps/glance.yaml new file mode 100644 index 000000000..44f939c01 --- /dev/null +++ b/type/sloop/charts/osh/comps/glance.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: glance + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: glance-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + api: 1 + registry: 1 +... diff --git a/type/sloop/charts/osh/comps/heat-rabbitmq.yaml b/type/sloop/charts/osh/comps/heat-rabbitmq.yaml new file mode 100644 index 000000000..f6e30cb1b --- /dev/null +++ b/type/sloop/charts/osh/comps/heat-rabbitmq.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: heat-rabbitmq + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: heat-rabbitmq-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 +... diff --git a/type/sloop/charts/osh/comps/heat.yaml b/type/sloop/charts/osh/comps/heat.yaml new file mode 100644 index 000000000..97fdf7d80 --- /dev/null +++ b/type/sloop/charts/osh/comps/heat.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: heat + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: heat-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + api: 1 + cfn: 1 + cloudwatch: 1 + engine: 1 +... diff --git a/type/sloop/charts/osh/comps/horizon.yaml b/type/sloop/charts/osh/comps/horizon.yaml new file mode 100644 index 000000000..cbb086dff --- /dev/null +++ b/type/sloop/charts/osh/comps/horizon.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: horizon + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: horizon-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 +... diff --git a/type/sloop/charts/osh/comps/ingress.yaml b/type/sloop/charts/osh/comps/ingress.yaml new file mode 100644 index 000000000..33b0e780f --- /dev/null +++ b/type/sloop/charts/osh/comps/ingress.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: openstack-ingress-controller + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: openstack-ingress-controller-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + ingress: 1 + error_page: 1 +... diff --git a/type/sloop/charts/osh/comps/keystone-rabbitmq.yaml b/type/sloop/charts/osh/comps/keystone-rabbitmq.yaml new file mode 100644 index 000000000..ae67b8a91 --- /dev/null +++ b/type/sloop/charts/osh/comps/keystone-rabbitmq.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: keystone-rabbitmq + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: keystone-rabbitmq-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 +... diff --git a/type/sloop/charts/osh/comps/keystone.yaml b/type/sloop/charts/osh/comps/keystone.yaml new file mode 100644 index 000000000..5aa397c21 --- /dev/null +++ b/type/sloop/charts/osh/comps/keystone.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: keystone + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: keystone-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + api: 1 +... diff --git a/type/sloop/charts/osh/comps/mariadb.yaml b/type/sloop/charts/osh/comps/mariadb.yaml new file mode 100644 index 000000000..b2690b218 --- /dev/null +++ b/type/sloop/charts/osh/comps/mariadb.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: openstack-mariadb + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: openstack-mariadb-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 + ingress: 1 +... diff --git a/type/sloop/charts/osh/comps/neutron-rabbitmq.yaml b/type/sloop/charts/osh/comps/neutron-rabbitmq.yaml new file mode 100644 index 000000000..6c8436b81 --- /dev/null +++ b/type/sloop/charts/osh/comps/neutron-rabbitmq.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: neutron-rabbitmq + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: neutron-rabbitmq-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 +... diff --git a/type/sloop/charts/osh/comps/neutron.yaml b/type/sloop/charts/osh/comps/neutron.yaml new file mode 100644 index 000000000..3ecb1b01b --- /dev/null +++ b/type/sloop/charts/osh/comps/neutron.yaml @@ -0,0 +1,20 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: neutron-fixme + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: neutron-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 +... diff --git a/type/sloop/charts/osh/comps/nova-rabbitmq.yaml b/type/sloop/charts/osh/comps/nova-rabbitmq.yaml new file mode 100644 index 000000000..a2400b953 --- /dev/null +++ b/type/sloop/charts/osh/comps/nova-rabbitmq.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: nova-rabbitmq + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: nova-rabbitmq-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 +... diff --git a/type/sloop/charts/osh/comps/nova.yaml b/type/sloop/charts/osh/comps/nova.yaml new file mode 100644 index 000000000..4636c1aa9 --- /dev/null +++ b/type/sloop/charts/osh/comps/nova.yaml @@ -0,0 +1,28 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: nova + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: nova-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + api_metadata: 1 + compute_ironic: 1 + placement: 1 + osapi: 1 + conductor: 1 + consoleauth: 1 + scheduler: 1 + novncproxy: 1 + spiceproxy: 1 +... diff --git a/type/sloop/charts/ucp/ceph/ceph-client.yaml b/type/sloop/charts/ucp/ceph/ceph-client.yaml new file mode 100644 index 000000000..903d529b2 --- /dev/null +++ b/type/sloop/charts/ucp/ceph/ceph-client.yaml @@ -0,0 +1,96 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-client + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-ceph-client-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + osd: 1 + spec: + # RBD pool + - name: rbd + application: rbd + replication: 1 + percent_total_data: 40 + - name: cephfs_metadata + application: cephfs + replication: 1 + percent_total_data: 5 + - name: cephfs_data + application: cephfs + replication: 1 + percent_total_data: 10 + # RadosGW pools + - name: .rgw.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.control + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.data.root + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.gc + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.intent-log + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.meta + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.usage + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.keys + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.email + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.swift + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.users.uid + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.extra + application: rgw + replication: 1 + percent_total_data: 0.1 + - name: default.rgw.buckets.index + application: rgw + replication: 1 + percent_total_data: 3 + - name: default.rgw.buckets.data + application: rgw + replication: 1 + percent_total_data: 34.8 +... diff --git a/type/sloop/charts/ucp/ceph/ceph-ingress.yaml b/type/sloop/charts/ucp/ceph/ceph-ingress.yaml new file mode 100644 index 000000000..138d71959 --- /dev/null +++ b/type/sloop/charts/ucp/ceph/ceph-ingress.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-ceph-ingress + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-ceph-ingress-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + ingress: 1 + error_page: 1 +... diff --git a/type/sloop/charts/ucp/ceph/ceph-osd.yaml b/type/sloop/charts/ucp/ceph/ceph-osd.yaml new file mode 100644 index 000000000..6a86cb283 --- /dev/null +++ b/type/sloop/charts/ucp/ceph/ceph-osd.yaml @@ -0,0 +1,16 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-osd + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-ceph-osd-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/type/sloop/charts/ucp/ceph/ceph-provisioners.yaml b/type/sloop/charts/ucp/ceph/ceph-provisioners.yaml new file mode 100644 index 000000000..168bffc11 --- /dev/null +++ b/type/sloop/charts/ucp/ceph/ceph-provisioners.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-ceph-provisioners + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-ceph-provisioners + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + cephfs_provisioner: 1 + rbd_provisioner: 1 +... diff --git a/type/sloop/charts/ucp/comps/armada.yaml b/type/sloop/charts/ucp/comps/armada.yaml new file mode 100644 index 000000000..0209921db --- /dev/null +++ b/type/sloop/charts/ucp/comps/armada.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-armada + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-armada-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + api: 1 +... diff --git a/type/sloop/charts/ucp/comps/barbican.yaml b/type/sloop/charts/ucp/comps/barbican.yaml new file mode 100644 index 000000000..965482379 --- /dev/null +++ b/type/sloop/charts/ucp/comps/barbican.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-barbican + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-barbican-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + api: 1 +... diff --git a/type/sloop/charts/ucp/comps/deckhand.yaml b/type/sloop/charts/ucp/comps/deckhand.yaml new file mode 100644 index 000000000..6384351aa --- /dev/null +++ b/type/sloop/charts/ucp/comps/deckhand.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-deckhand + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-deckhand-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + deckhand: 1 +... diff --git a/type/sloop/charts/ucp/comps/drydock.yaml b/type/sloop/charts/ucp/comps/drydock.yaml new file mode 100644 index 000000000..987a05628 --- /dev/null +++ b/type/sloop/charts/ucp/comps/drydock.yaml @@ -0,0 +1,20 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-drydock + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-drydock-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + replicas: + drydock: 1 +... diff --git a/type/sloop/charts/ucp/comps/keystone.yaml b/type/sloop/charts/ucp/comps/keystone.yaml new file mode 100644 index 000000000..9c16420ce --- /dev/null +++ b/type/sloop/charts/ucp/comps/keystone.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-keystone + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-keystone-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + api: 1 +... diff --git a/type/sloop/charts/ucp/comps/maas.yaml b/type/sloop/charts/ucp/comps/maas.yaml new file mode 100644 index 000000000..f9fd1d6aa --- /dev/null +++ b/type/sloop/charts/ucp/comps/maas.yaml @@ -0,0 +1,24 @@ +--- +# This file defines site-specific deviations for MaaS. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-maas + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-maas-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + maas: + images: + default_os: 'ubuntu' + default_image: 'xenial' + default_kernel: 'ga-16.04' +... diff --git a/type/sloop/charts/ucp/comps/promenade.yaml b/type/sloop/charts/ucp/comps/promenade.yaml new file mode 100644 index 000000000..dcaa029ae --- /dev/null +++ b/type/sloop/charts/ucp/comps/promenade.yaml @@ -0,0 +1,52 @@ +--- +# The purpose of this file is to provide site-specific parameters for the ucp- +# promenade chart. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-promenade + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-promenade-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + api: 1 + env: + promenade_api: [] + # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here. + # Otherwise comment out these lines. + # - name: http_proxy + # value: http://proxy.example.com:8080 + # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here. + # Otherwise comment out these lines. + # - name: https_proxy + # value: http://proxy.example.com:8080 + # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the + # IPs / domain names which the proxy should not be used for (i.e. the + # cluster domain and kubernetes service_cidr defined in common-addresses) + # Otherwise comment out these lines. + # - name: no_proxy + # value: 10.36.0.1,.cluster.local + # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here. + # Otherwise comment out these lines. + # - name: HTTP_PROXY + # value: http://proxy.example.com:8080 + # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here. + # Otherwise comment out these lines. + # - name: HTTPS_PROXY + # value: http://proxy.example.com:8080 + # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the + # IPs / domain names which the proxy should not be used for (i.e. the + # cluster domain and kubernetes service_cidr defined in common-addresses) + # Otherwise comment out these lines. + # - name: NO_PROXY + # value: 10.36.0.1,.cluster.local +... diff --git a/type/sloop/charts/ucp/comps/shipyard.yaml b/type/sloop/charts/ucp/comps/shipyard.yaml new file mode 100644 index 000000000..f176c96a4 --- /dev/null +++ b/type/sloop/charts/ucp/comps/shipyard.yaml @@ -0,0 +1,25 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-shipyard + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-shipyard-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + shipyard: + api: 1 + airflow: + worker: 1 + scheduler: 1 +... diff --git a/type/sloop/charts/ucp/core/ingress.yaml b/type/sloop/charts/ucp/core/ingress.yaml new file mode 100644 index 000000000..864ab087e --- /dev/null +++ b/type/sloop/charts/ucp/core/ingress.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-ingress + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-ingress-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + ingress: 1 + error_page: 1 +... diff --git a/type/sloop/charts/ucp/core/mariadb.yaml b/type/sloop/charts/ucp/core/mariadb.yaml new file mode 100644 index 000000000..b1ee911a3 --- /dev/null +++ b/type/sloop/charts/ucp/core/mariadb.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-mariadb + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-mariadb-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 + ingress: 1 +... diff --git a/type/sloop/charts/ucp/core/rabbitmq.yaml b/type/sloop/charts/ucp/core/rabbitmq.yaml new file mode 100644 index 000000000..b620b25ba --- /dev/null +++ b/type/sloop/charts/ucp/core/rabbitmq.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-rabbitmq + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-rabbitmq-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 +... diff --git a/type/sloop/config/common-software-config.yaml b/type/sloop/config/common-software-config.yaml new file mode 100644 index 000000000..3fa659c1c --- /dev/null +++ b/type/sloop/config/common-software-config.yaml @@ -0,0 +1,16 @@ +--- +# The purpose of this file is to define site-specific common software config +# paramters. +schema: pegleg/CommonSoftwareConfig/v1 +metadata: + schema: metadata/Document/v1 + name: common-software-config + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext +data: + osh: + # NEWSITE-CHANGEME: Replace with the site name + region_name: airsloop +... diff --git a/type/sloop/config/endpoints.yaml b/type/sloop/config/endpoints.yaml new file mode 100644 index 000000000..72fab335c --- /dev/null +++ b/type/sloop/config/endpoints.yaml @@ -0,0 +1,1057 @@ +--- +# The purpose of this file is to define the site's endpoint catalog. This should +# not need to be modified for a new site. +# #GLOBAL-CANDIDATE# +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_endpoints + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext +data: + ucp: + identity: + namespace: ucp + name: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + armada: + name: armada + hosts: + default: armada-api + public: armada + port: + api: + default: 8000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + deckhand: + name: deckhand + hosts: + default: deckhand-int + public: deckhand-api + port: + api: + default: 9000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + postgresql: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + postgresql_airflow_celery: + name: postgresql_airflow_celery_db + hosts: + default: postgresql + path: /DB_NAME + scheme: db+postgresql + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + key_manager: + name: barbican + hosts: + default: barbican-api + public: barbican + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: "http" + port: + api: + default: 9311 + public: 80 + airflow_oslo_messaging: + namespace: null + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /airflow + scheme: amqp + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_messaging: + namespace: null + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + physicalprovisioner: + name: drydock + hosts: + default: drydock-api + public: drydock-api + port: + api: + default: 9000 + nodeport: 31900 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + maas_region_ui: + name: maas-region-ui + hosts: + default: maas-region-ui + public: maas + path: + default: /MAAS + scheme: + default: "http" + port: + region_ui: + default: 80 + public: 80 + host_fqdn_override: + default: null + kubernetesprovisioner: + name: promenade + hosts: + default: promenade-api + port: + api: + default: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + shipyard: + name: shipyard + hosts: + default: shipyard-int + public: shipyard-api + port: + api: + default: 9000 + public: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "http" + host_fqdn_override: + default: null + prometheus_openstack_exporter: + namespace: ucp + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + ceph: + object_store: + name: swift + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: /swift/v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_mon: + namespace: ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6789 + ceph_mgr: + namespace: ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7000 + scheme: + default: "http" + tenant_ceph_mon: + namespace: tenant-ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6790 + tenant_ceph_mgr: + namespace: tenant-ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7001 + metrics: + default: 9284 + scheme: + default: http +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_endpoints + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext +data: + osh: + object_store: + name: swift + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: /swift/v1/KEY_$(tenant_id)s + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + prometheus_mysql_exporter: + namespace: openstack + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + keystone_oslo_messaging: + namespace: openstack + hosts: + default: keystone-rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + keystone_rabbitmq_exporter: + namespace: openstack + hosts: + default: keystone-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + oslo_cache: + namespace: openstack + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + identity: + namespace: openstack + name: keystone + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + glance_oslo_messaging: + namespace: openstack + hosts: + default: glance-rabbitmq + host_fqdn_override: + default: null + path: /glance + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + glance_rabbitmq_exporter: + namespace: openstack + hosts: + default: glance-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + image: + name: glance + hosts: + default: glance-api + public: glance + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9292 + public: 80 + image_registry: + name: glance-registry + hosts: + default: glance-registry + public: glance-reg + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9191 + public: 80 + cinder_oslo_messaging: + namespace: openstack + hosts: + default: cinder-rabbitmq + host_fqdn_override: + default: null + path: /cinder + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + cinder_rabbitmq_exporter: + namespace: openstack + hosts: + default: cinder-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + volume: + name: cinder + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + path: + default: "/v1/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev2: + name: cinderv2 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev3: + name: cinderv3 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + path: + default: "/v3/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + heat_oslo_messaging: + namespace: openstack + hosts: + default: heat-rabbitmq + host_fqdn_override: + default: null + path: /heat + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + heat_rabbitmq_exporter: + namespace: openstack + hosts: + default: heat-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + orchestration: + name: heat + hosts: + default: heat-api + public: heat + host_fqdn_override: + default: null + path: + default: "/v1/%(project_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8004 + public: 80 + cloudformation: + name: heat-cfn + hosts: + default: heat-cfn + public: cloudformation + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8000 + public: 80 + cloudwatch: + name: heat-cloudwatch + hosts: + default: heat-cloudwatch + public: cloudwatch + host_fqdn_override: + default: null + path: + default: null + type: null + scheme: + default: "http" + port: + api: + default: 8003 + public: 80 + neutron_oslo_messaging: + namespace: openstack + hosts: + default: neutron-rabbitmq + host_fqdn_override: + default: null + path: /neutron + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + neutron_rabbitmq_exporter: + namespace: openstack + hosts: + default: neutron-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + network: + name: neutron + hosts: + default: neutron-server + public: neutron + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9696 + public: 80 + nova_oslo_messaging: + namespace: openstack + hosts: + default: nova-rabbitmq + host_fqdn_override: + default: null + path: /nova + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + nova_rabbitmq_exporter: + namespace: openstack + hosts: + default: nova-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + compute: + name: nova + hosts: + default: nova-api + public: nova + host_fqdn_override: + default: null + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8774 + public: 80 + novncproxy: + default: 80 + compute_metadata: + name: nova + hosts: + default: nova-metadata + public: metadata + host_fqdn_override: + default: null + path: + default: / + scheme: + default: "http" + port: + metadata: + default: 8775 + public: 80 + compute_novnc_proxy: + name: nova + hosts: + default: nova-novncproxy + public: novncproxy + host_fqdn_override: + default: null + path: + default: /vnc_auto.html + scheme: + default: "http" + public: "http" + port: + novnc_proxy: + default: 6080 + public: 80 + compute_spice_proxy: + name: nova + hosts: + default: nova-spiceproxy + host_fqdn_override: + default: null + path: + default: /spice_auto.html + scheme: + default: "http" + port: + spice_proxy: + default: 6082 + placement: + name: placement + hosts: + default: placement-api + public: placement + host_fqdn_override: + default: null + path: + default: / + scheme: + default: "http" + public: "http" + port: + api: + default: 8778 + public: 80 + dashboard: + name: horizon + hosts: + default: horizon-int + public: horizon + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + web: + default: 80 + public: 80 +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_endpoints + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.auth_path + dest: + path: .osh_infra.ldap.path.default + pattern: AUTH_PATH +data: + osh_infra: + ceph_object_store: + name: radosgw + namespace: osh-infra + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 8088 + public: 80 + elasticsearch: + name: elasticsearch + namespace: osh-infra + hosts: + data: elasticsearch-data + default: elasticsearch-logging + discovery: elasticsearch-discovery + public: elasticsearch + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + prometheus_elasticsearch_exporter: + namespace: null + hosts: + default: elasticsearch-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9108 + fluentd: + namespace: osh-infra + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + service: + default: 24224 + metrics: + default: 24220 + prometheus_fluentd_exporter: + namespace: osh-infra + hosts: + default: fluentd-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9309 + oslo_db: + namespace: osh-infra + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + prometheus_mysql_exporter: + namespace: osh-infra + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + grafana: + name: grafana + namespace: osh-infra + hosts: + default: grafana-dashboard + public: grafana + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + grafana: + default: 3000 + public: 80 + monitoring: + name: prometheus + namespace: osh-infra + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9090 + http: + default: 80 + kibana: + name: kibana + namespace: osh-infra + hosts: + default: kibana-dash + public: kibana + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + kibana: + default: 5601 + public: 80 + alerts: + name: alertmanager + namespace: osh-infra + hosts: + default: alerts-engine + public: alertmanager + discovery: alertmanager-discovery + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9093 + public: 80 + mesh: + default: 6783 + kube_state_metrics: + namespace: kube-system + hosts: + default: kube-state-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + http: + default: 8080 + kube_scheduler: + scheme: + default: "http" + path: + default: /metrics + kube_controller_manager: + scheme: + default: "http" + path: + default: /metrics + node_metrics: + namespace: kube-system + hosts: + default: node-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9100 + prometheus_port: + default: 9100 + process_exporter_metrics: + namespace: kube-system + hosts: + default: process-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9256 + prometheus_openstack_exporter: + namespace: openstack + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + nagios: + name: nagios + namespace: osh-infra + hosts: + default: nagios-metrics + public: nagios + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + public: "http" + port: + http: + default: 80 + public: 80 + ldap: + hosts: + default: ldap + host_fqdn_override: + default: null + path: + default: /AUTH_PATH + scheme: + default: "ldap" + port: + ldap: + default: 389 +... diff --git a/type/sloop/config/service_accounts.yaml b/type/sloop/config/service_accounts.yaml new file mode 100644 index 000000000..ca6e94720 --- /dev/null +++ b/type/sloop/config/service_accounts.yaml @@ -0,0 +1,436 @@ +--- +# The purpose of this file is to define the account catalog for the site. This +# mostly contains service usernames, but also contain some information which +# should be changed like the region (site) name. +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_service_accounts + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext +data: + ucp: + postgres: + admin: + username: postgres + oslo_db: + admin: + username: root + oslo_messaging: + admin: + username: rabbitmq + keystone: + admin: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + oslo_db: + username: keystone + database: keystone + promenade: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: promenade + drydock: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + postgres: + username: drydock + database: drydock + shipyard: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + postgres: + username: shipyard + database: shipyard + airflow: + postgres: + username: airflow + database: airflow + oslo_messaging: + admin: + username: rabbitmq + user: + username: airflow + maas: + admin: + username: admin + email: none@none + postgres: + username: maas + database: maasdb + barbican: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: barbican + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + armada: + keystone: + project_domain_name: default + user_domain_name: default + project_name: service + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + user_domain_name: default + username: armada + deckhand: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: deckhand + postgres: + username: deckhand + database: deckhand + prometheus_openstack_exporter: + user: + region_name: RegionOne + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + ceph: + swift: + keystone: + role: admin + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: swift + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_service_accounts + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.keystone.admin.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.cinder.cinder.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.glance.glance.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_trustee.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_stack_user.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.swift.keystone.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.neutron.neutron.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.nova.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.placement.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name +data: + osh: + keystone: + admin: + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_db: + username: keystone + database: keystone + oslo_messaging: + admin: + username: keystone-rabbitmq-admin + keystone: + username: keystone-rabbitmq-user + ldap: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + username: "test@ldap.example.com" + cinder: + cinder: + role: admin + username: cinder + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: cinder + database: cinder + oslo_messaging: + admin: + username: cinder-rabbitmq-admin + cinder: + username: cinder-rabbitmq-user + glance: + glance: + role: admin + username: glance + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: glance + database: glance + oslo_messaging: + admin: + username: glance-rabbitmq-admin + glance: + username: glance-rabbitmq-user + ceph_object_store: + username: glance + heat: + heat: + role: admin + username: heat + project_name: service + user_domain_name: default + project_domain_name: default + heat_trustee: + role: admin + username: heat-trust + project_name: service + user_domain_name: default + project_domain_name: default + heat_stack_user: + role: admin + username: heat-domain + domain_name: heat + oslo_db: + username: heat + database: heat + oslo_messaging: + admin: + username: heat-rabbitmq-admin + heat: + username: heat-rabbitmq-user + swift: + keystone: + role: admin + username: swift + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-oslodb-exporter + neutron: + neutron: + role: admin + username: neutron + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: neutron + database: neutron + oslo_messaging: + admin: + username: neutron-rabbitmq-admin + neutron: + username: neutron-rabbitmq-user + nova: + nova: + role: admin + username: nova + project_name: service + user_domain_name: default + project_domain_name: default + placement: + role: admin + username: placement + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: nova + database: nova + oslo_db_api: + username: nova + database: nova_api + oslo_db_cell0: + username: nova + database: "nova_cell0" + oslo_messaging: + admin: + username: nova-rabbitmq-admin + nova: + username: nova-rabbitmq-user + horizon: + oslo_db: + username: horizon + database: horizon + barbican: + barbican: + role: admin + username: barbican + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: barbican-rabbitmq-admin + barbican: + username: barbican-rabbitmq-user +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_service_accounts + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh_infra.prometheus_openstack_exporter.user.region_name +data: + osh_infra: + ceph_object_store: + admin: + username: s3_admin + elasticsearch: + username: elasticsearch + grafana: + admin: + username: grafana + oslo_db: + username: grafana + database: grafana + oslo_db_session: + username: grafana_session + database: grafana_session + elasticsearch: + admin: + username: elasticsearch + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-infra-oslodb-exporter + prometheus_openstack_exporter: + user: + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + nagios: + admin: + username: nagios + prometheus: + admin: + username: prometheus + ldap: + admin: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + bind: "test@ldap.example.com" +... diff --git a/type/sloop/manifests/bootstrap.yaml b/type/sloop/manifests/bootstrap.yaml new file mode 100644 index 000000000..9aa422e0f --- /dev/null +++ b/type/sloop/manifests/bootstrap.yaml @@ -0,0 +1,37 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: cluster-bootstrap + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: cluster-bootstrap-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + release_prefix: airship + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - ucp-ceph + - ucp-ceph-config + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock + - ucp-promenade + - ucp-shipyard +... diff --git a/type/sloop/manifests/full-site.yaml b/type/sloop/manifests/full-site.yaml new file mode 100644 index 000000000..e2aa1da4f --- /dev/null +++ b/type/sloop/manifests/full-site.yaml @@ -0,0 +1,58 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: full-site + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: full-site-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + release_prefix: airship + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - ucp-ceph + - ucp-ceph-config + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock + - ucp-promenade + - ucp-shipyard + - ucp-prometheus-openstack-exporter + - osh-infra-ingress-controller + - osh-infra-ceph-config + - osh-infra-radosgw + - osh-infra-logging + - osh-infra-monitoring + - osh-infra-mariadb + - osh-infra-dashboards + - openstack-ingress-controller + - openstack-ceph-config + - openstack-tenant-ceph + - openstack-mariadb + - openstack-memcached + - openstack-keystone + - openstack-radosgw + - openstack-glance + - openstack-cinder + - openstack-compute-kit + - openstack-heat + - osh-infra-prometheus-openstack-exporter + - openstack-horizon +... diff --git a/type/sloop/network/KubernetesNetwork.yaml b/type/sloop/network/KubernetesNetwork.yaml new file mode 100644 index 000000000..1124d63d8 --- /dev/null +++ b/type/sloop/network/KubernetesNetwork.yaml @@ -0,0 +1,97 @@ +--- +schema: promenade/KubernetesNetwork/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-network + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext + substitutions: + # DNS + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.cluster_domain + dest: + path: .dns.cluster_domain + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.service_ip + dest: + path: .dns.service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.upstream_servers + dest: + path: .dns.upstream_servers + + # Kubernetes IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.api_service_ip + dest: + path: .kubernetes.service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.pod_cidr + dest: + path: .kubernetes.pod_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.service_cidr + dest: + path: .kubernetes.service_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.apiserver_port + dest: + path: .kubernetes.apiserver_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.haproxy_port + dest: + path: .kubernetes.haproxy_port + + # etcd IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .etcd.container_port + dest: + path: .etcd.container_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .etcd.haproxy_port + dest: + path: .etcd.haproxy_port + + # proxy + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .proxy.http + dest: + path: .proxy.url + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .proxy.no_proxy + dest: + path: .proxy.additional_no_proxy + +data: + dns: + bootstrap_validation_checks: + - calico-etcd.kube-system.svc.cluster.local + - kubernetes-etcd.kube-system.svc.cluster.local + - kubernetes.default.svc.cluster.local +...